1592 files changed, 0 insertions, 515730 deletions
diff --git a/crypto/heimdal/ChangeLog b/crypto/heimdal/ChangeLog
deleted file mode 100644
index e167b09a8957..000000000000
--- a/crypto/heimdal/ChangeLog
+++ /dev/null
@@ -1,1356 +0,0 @@
-2008-01-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Release 1.1
-
-2008-01-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/get_for_creds.c: Use on variable less.
-
-	* lib/krb5/get_for_creds.c: Try to handle ticket full and
-	ticketless tickets better. Add doxygen comments while here.
-
-	* lib/krb5/test_forward.c: Used for testing
-	krb5_get_forwarded_creds().
-	
-	* lib/krb5/Makefile.am: noinst_PROGRAMS += test_forward
-
-	* lib/krb5/Makefile.am: drop CHECK_SYMBOLS
-
-	* lib/hdb/Makefile.am: drop CHECK_SYMBOLS
-
-	* kdc/Makefile.am: drop CHECK_SYMBOLS
-
-2008-01-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/version-script.map: Add krb5_digest_probe.
-	
-2008-01-13  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* lib/krb5/pkinit.c: Replace hx509_name_to_der_name with
-	hx509_name_binary.
-
-2008-01-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/Makefile.am: add missing files
-
-2007-12-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/digest.c: Log probe message, add NTLM_TARGET_DOMAIN to the
-	type2 message.
-
-2007-12-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/dbinfo.c: Add hdb_default_db().
-
-	* Makefile.am: Add some extra cf/*.
-
-2007-12-12  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kuser/kgetcred.c: Fix type of name-type. From Andy Polyakov.
-
-2007-12-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/log.c: Use hdb_db_dir().
-
-	* kpasswd/kpasswdd.c: Use hdb_db_dir().
-
-2007-12-08  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kdc/config.c: Use hdb_db_dir().
-
-	* kdc/kdc_locl.h: add KDC_LOG_FILE
-
-	* kdc/hpropd.c: Use hdb_default_db().
-
-	* kdc/kstash.c: Use hdb_db_dir().
-
-	* kdc/pkinit.c: Adapt to hx509 changes, use hdb_db_dir().
-
-	* lib/krb5/rd_req.c: Document krb5_rd_req_in_set_pac_check.
-
-	* lib/krb5/verify_krb5_conf.c: Check check_pac.
-
-	* lib/krb5/rd_req.c: use KRB5_CTX_F_CHECK_PAC to init check_pac
-	field in the krb5_rd_req_in_ctx
-
-	* lib/krb5/expand_hostname.c: Adapt to changing
-	dns_canonicalize_hostname into flags field.
-
-	* lib/krb5/context.c: Adapt to changing dns_canonicalize_hostname
-	into flags field, add check-pac as an libdefaults option.
-
-	* lib/krb5/pkinit.c: Adapt to changes in hx509 interface.
-
-	* doc: add doxygen documentation to hcrypto
-
-	* doc/doxytmpl.dxy: generate links
-	
-2007-12-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/Makefile.am: build_HEADERZ += heim_threads.h
-
-	* lib/hdb/dbinfo.c (hdb_db_dir): Return the directory where the
-	hdb database resides.
-
-	* configure.in: Add --with-hdbdir to specify where the database is
-	stored.
-
-	* lib/krb5/crypto.c: revert previous patch, the problem is located
-	in the RAND_file_name() function that will cause recursive nss
-	lookups, can't fix that here.
-
-2007-12-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/crypto.c (krb5_generate_random_block): try to avoid the
-	dead-lock in by not holding the lock while running
-	RAND_file_name. Prompted by Hai Zaar.
-
-	* lib/krb5/n-fold.c: spelling
-	
-2007-12-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kuser/kdigest.c (digest-probe): implement command.
-
-	* kuser/kdigest-commands.in (digest-probe): new command
-	
-	* kdc/digest.c: Implement supportedMechs request.
-
-	* lib/krb5/error_string.c: Make krb5_get_error_string return an
-	allocated string to make the function indempotent. From
-	Zeqing (Fred) Xia.
-
-2007-12-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5_locl.h (krb5_context_data): Flag if
-	default_cc_name was set by the user.
-
-	* lib/krb5/fcache.c (fcc_move): make sure ->version is uptodate.
-
-	* kcm/acquire.c: use krb5_free_cred_contents
-
-	* kuser/kimpersonate.c: use krb5_free_cred_contents
-	
-	* kuser/kinit.c: Use krb5_cc_move to make an atomic switch of the
-	cred cache.
-
-	* lib/krb5/cache.c: Put back code that was needed, move gen_new
-	into new_unique.
-
-	* lib/krb5/mcache.c (mcc_default_name): Remove const
-
-	* lib/krb5/krb5_locl.h: Add KRB5_DEFAULT_CCNAME_KCM, redefine
-	KRB5_DEFAULT_CCNAME to KRB5_DEFAULT_CCTYPE
-
-	* lib/krb5/cache.c: Use krb5_cc_ops->default_name to get the
-	default name.
-
-	* lib/krb5/kcm.c: Implement krb5_cc_ops->default_name.
-
-	* lib/krb5/mcache.c: Implement krb5_cc_ops->default_name.
-
-	* lib/krb5/fcache.c: Implement krb5_cc_ops->default_name.
-
-	* lib/krb5/krb5.h: Add krb5_cc_ops->default_name.
-
-	* lib/krb5/acache.c: Free context when done, implement
-	krb5_cc_ops->default_name.
-
-	* lib/krb5/kcm.c: implement dummy kcm_move
-
-	* lib/krb5/mcache.c: Implement the move operation.
-
-	* lib/krb5/version-script.map: export krb5_cc_move
-
-	* lib/krb5/cache.c: New function krb5_cc_move().
-
-	* lib/krb5/fcache.c: Implement the move operation.
-
-	* lib/krb5/krb5.h: Add move to the krb5_cc_ops, causes major
-	version bump.
-
-	* lib/krb5/acache.c: Implement the move operation. Avoid using
-	cc_set_principal() since it broken on Mac OS X 10.5.0.
-	
-2007-12-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5_ccapi.h: Drop variable names to avoid -Wshadow.
-	
-2007-11-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/krb5tgs.c: Should pass different key usage constants
-	depending on whether or not optional sub-session key was passed by
-	the client for the check of authorization data. The constant is
-	used to derive "specific key" and its values are specified in
-	7.5.1 of RFC4120.
-	
-	Patch from Andy Polyakov.
-
-	* kdc/krb5tgs.c: Don't send auth data in referrals, microsoft
-	clients have started to not like that. Thanks to Andy Polyakov for
-	excellent research.
-
-2007-11-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/creds.c: use krb5_data_cmp
-
-	* lib/krb5/acache.c: use krb5_free_cred_contents
-
-	* lib/krb5/test_renew.c: use krb5_free_cred_contents
-	
-2007-11-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/acl.c: doxygen documentation
-
-	* lib/krb5/addr_families.c: doxygen documentation
-
-	* doc: add doxygen
-
-	* lib/krb5/plugin.c: doxygen documentation
-
-	* lib/krb5/kcm.c: doxygen documentation
-
-	* lib/krb5/fcache.c: doxygen documentation
-
-	* lib/krb5/cache.c: doxygen documentations
-	
-	* lib/krb5/doxygen.c: doxygen introduction
-
-	* lib/krb5/error_string.c: Doxygen documentation.
-
-2007-11-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/test_plugin.c: expose krb5_plugin_register
-
-	* lib/krb5/plugin.c: expose krb5_plugin_register
-
-	* lib/krb5/version-script.map: sort, expose krb5_plugin_register
-
-2007-10-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/kerberos5.c: Adding same enctype is enough one time. From
-	Andy Polyakov and Bjorn Sandell.
-	
-2007-10-18  Love  <lha@stacken.kth.se>
-
-	* lib/krb5/cache.c (krb5_cc_retrieve_cred): check return value
-	from krb5_cc_start_seq_get. From Zeqing (Fred) Xia
-	
-	* lib/krb5/fcache.c (init_fcc): provide better error codes
-
-	* kdc/kerberos5.c (get_pa_etype_info2): more paranoia, avoid
-	sending warning about pruned etypes.
-
-	* kdc/kerberos5.c (older_enctype): old windows enctypes (arcfour
-	based) "old", this to support windows 2000 clients (unjoined to a
-	domain). From Andy Polyakov.
-
-2007-10-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/setup.texi: Spelling, from Mark Peoples via Bjorn Sandell.
-	
-2007-10-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/krb5tgs.c: More prettier printing of enctype, from KAMADA
-	Ken'ichi.
-
-	* lib/krb5/crypto.c (krb5_enctype_to_string): make sure string is
-	NULL on failure.
-
-2007-10-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/kdc-replay.c: Catch KRB5_PROG_ATYPE_NOSUPP from
-	krb5_addr2sockaddr and igore thte test is that case.
-	
-2007-09-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/context.c (krb5_free_context): free
-	default_cc_name_env, from Gunther Deschner.
-
-2007-08-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/{krb5.h,pac.c,test_pac.c,send_to_kdc.c,rd_req.c}: Make
-	work with c++, reported by Hai Zaar
-
-	* lib/krb5/{digest.c,krb5.h}: Make work with c++, reported by Hai Zaar
-
-2007-08-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/Makefile.am: EXTRA_DIST += hdb.schema
-
-2007-07-31  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check return value of alloc functions, from Charles Longeau
-
-	* lib/krb5/principal.c: spelling.
-
-	* kadmin/kadmin.8: spelling
-
-	* lib/krb5/crypto.c: Check return values from alloc
-	functions. Prompted by patch of Charles Longeau.
-
-	* lib/krb5/n-fold.c: Make _krb5_n_fold return a error
-	code. Prompted by patch of Charles Longeau.
-
-2007-07-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/init_creds.c: Always set the ticket options, use
-	KRB5_ADDRESSLESS_DEFAULT as the default value, this make the unset
-	tri-state not so useful.
-
-2007-07-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* tools/heimdal-gssapi.pc.in: Add LIB_pkinit to the list of
-	libraries.
-
-	* tools/heimdal-gssapi.pc.in: pkg-config file for libgssapi in
-	heimdal.
-
-	* tools/Makefile.am: Add heimdal-gssapi.pc and install it into
-	$(libdir)/pkgconfig
-
-2007-07-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/pkinit.c: Add RFC3526 modp group14 as a default.
-
-2007-07-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/dbinfo.c (get_dbinfo): use dbname instead of realm as
-	key if the entry is a correct entry.
-
-	* lib/krb5/get_cred.c: Make krb5_get_renewed_creds work, from
-	Gunther Deschner.
-
-	* lib/krb5/Makefile.am: Add test_renew to noinst_PROGRAMS.
-
-	* lib/krb5/test_renew.c: Test for krb5_get_renewed_creds.
-
-2007-07-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/keys.c: Make parse_key_set handle key set string "v5",
-	from Peter Meinecke.
-
-	* kdc/kaserver.c: Don't ovewrite the error code, from Peter
-	Meinecke.
-
-2007-07-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* TODO-1.0: remove 
-
-	* Makefile.am: remove TODO-1.0
-
-2007-07-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Heimdal 1.0 release branch cut here
-	
-	* doc/hx509.texi: use version.texi
-	
-	* doc/heimdal.texi: use version.texi
-	
-	* doc/version.texi: version.texi
-
-	* lib/hdb/db3.c: avoid type-punned pointer warning.
-
-	* kdc/kx509.c: Use unsigned char * as argument to HMAC_Update to
-	please OpenSSL and gcc.
-
-	* kdc/digest.c: Use unsigned char * as argument to MD5_Update to
-	please OpenSSL and gcc.
-
-2007-07-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* include/Makefile.am: Add krb_err.h.
-
-	* kdc/set_dbinfo.c: Print acl file too.
-
-	* kdc/kerberos4.c: Error codes are just fine, remove XXX now.
-
-	* lib/krb5/krb5-v4compat.h: Drop duplicate error codes.
-
-	* kdc/kerberos4.c: switch to ET errors.
-
-	* lib/krb5/Makefile.am: Add krb_err.h to build_HEADERZ.
-
-	* lib/krb5/v4_glue.c: If its a Kerberos 4 error-code, remove the
-	et BASE.
-
-2007-07-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5-v4compat.h: Include "krb_err.h".
-
-	* lib/krb5/v4_glue.c: return more interesting error codes.
-
-	* lib/krb5/plugin.c: Prefix enum plugin_type.
-
-	* lib/krb5/krb5_locl.h: Expose plugin structures.
-	
-	* lib/krb5/krb5.h: Add plugin structures.
-
-	* lib/krb5/krb_err.et: V4 errors.
-
-	* lib/krb5/version-script.map: First version of version script.
-
-2007-07-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/kerberos5.c: Java 1.6 expects the name to be the same type,
-	lets allow that for uncomplicated name-types.
-
-2007-07-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/v4_glue.c (_krb5_krb_rd_req): if ticket contains
-	address 0, its ticket less and don't really care about
-	from_addr. return better error codes.
-
-	* kpasswd/kpasswdd.c: Fix pointer vs strict alias rules.
-
-2007-07-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/hdb-ldap.c: When using sambaNTPassword, avoid adding
-	more then one enctype 23 to krb5EncryptionType.
-
-	* lib/krb5/cache.c: Spelling.
-
-	* kdc/kerberos5.c: Don't send newer enctypes in ETYPE-INFO.
-	(get_pa_etype_info2): return the enctypes as sorted in the
-	database
-
-2007-07-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kuser/kinit.c: krb5-v4compat.h defines prototypes for
-	v4 (semiprivate functions) in libkrb5, don't include
-	krb5-private.h any longer.
-
-	* lib/krb5/krbhst.c: Set error string when there is no KDC for a
-	realm.
-
-	* lib/krb5/Makefile.am: New library version.
-
-	* kdc/Makefile.am: New library version.
-
-	* lib/krb5/krb5_locl.h: Add default_cc_name_env.
-
-	* lib/krb5/cache.c (enviroment_changed): return non-zero if
-	enviroment that will determine default krb5cc name has changed.
-	(krb5_cc_default_name): also check if cached value is uptodate.
-
-	* lib/krb5/krb5_locl.h: Drop pkinit_flags.
-
-2007-07-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* configure.in: add tests/java/Makefile
-
-	* lib/hdb/dbinfo.c: Add hdb_dbinfo_get_log_file.
-
-2007-07-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/kerberos5.c: Improve the default salt detection to avoid
-	returning v4 password salting to java that doesn't look at the
-	returning padata for salting.
-
-	* kdc: Split out krb5_kdc_set_dbinfo, From Andrew Bartlett
-
-2007-07-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/digest.c: Try harder to provide better error message for
-	digest messages.
-
-	* lib/krb5/Makefile.am: verify_krb5_conf_OBJECTS depends on
-	krb5-pr*.h, make -j finds this.
-	
-2007-06-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/digest.c: On success, print username, not ip-adress.
-
-2007-06-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/get_cred.c: Add krb5_get_renewed_creds.
-
-	* lib/krb5/krb5_get_credentials.3: add krb5_get_renewed_creds
-
-	* lib/krb5/pkinit.c: Use hx509_cms_unwrap_ContentInfo.
-	
-2007-06-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/setup.texi: Add example for pkinit_win2k_require_binding
-	in [kdc] section.
-
-	* kdc/default_config.c: Rename require_binding to
-	win2k_require_binding to match client configuration.
-
-	* kdc/default_config.c: Add [kdc]pkinit_require_binding option.
-
-	* kdc/pkinit.c (pk_mk_pa_reply_enckey): only allow non-bound reply
-	if its not required.
-
-	* kdc/default_config.c: rename pkinit_princ_in_cert and add
-	pkinit_require_binding
-
-	* kdc/kdc.h: rename pkinit_princ_in_cert and add
-	pkinit_require_binding
-
-	* kdc/pkinit.c: rename pkinit_princ_in_cert
-
-2007-06-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/pkinit.c: Adapt to hx509_verify_hostname change.
-
-2007-06-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/krb5tgs.c: Drop unused variable.
-
-	* kdc/krb5tgs.c: disable anonyous tgs requests
-
-	* kdc/krb5tgs.c: Don't check PAC on cross realm for now.
-
-	* kuser/kgetcred.c: Set KRB5_GC_CONSTRAINED_DELEGATION and parse
-	nametypes.
-
-	* lib/krb5/krb5_principal.3: Document krb5_parse_nametype.
-
-	* lib/krb5/principal.c (krb5_parse_nametype): parse nametype and
-	return their integer values.
-
-	* lib/krb5/krb5.h (krb5_get_creds): Add
-	KRB5_GC_CONSTRAINED_DELEGATION.
-
-	* lib/krb5/get_cred.c (krb5_get_creds): if
-	KRB5_GC_CONSTRAINED_DELEGATION is set, set both request_anonymous
-	and constrained_delegation.
-
-2007-06-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/digest.c: Return an error message instead of dropping the
-	packet for more failure cases.
-
-	* lib/krb5/krb5_principal.3: Add KRB5_PRINCIPAL_UNPARSE_DISPLAY.
-
-	* appl/gssmask/gssmask.c (AcquirePKInitCreds): fail more
-	gracefully
-	
-2007-06-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/pac.c: make compile.
-	
-	* lib/krb5/pac.c (verify_checksum): memset cksum to avoid using
-	pointer from stack.
-
-	* lib/krb5/plugin.c: Don't expose free pointer.
-
-	* lib/krb5/pkinit.c (_krb5_pk_load_id): fail directoy for first
-	calloc.
-	
-	* lib/krb5/pkinit.c (get_reply_key*): don't expose freed memory
-
-	* lib/krb5/krbhst.c: Host is static memory, don't free.
-
-	* lib/krb5/crypto.c (decrypt_internal_derived): make sure length
-	is longer then confounder + checksum.
-
-	* kdc: export get_dbinfo as krb5_kdc_set_dbinfo and call from
-	users. This to allows libkdc users to to specify their own
-	databases
-
-	* lib/krb5/pkinit.c (pk_rd_pa_reply_enckey): simplify handling of
-	content data (and avoid leaking memory).
-
-	* kdc/misc.c (_kdc_db_fetch): set error string for failures.
-	
-2007-06-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/pkinit.c: Use KRB5_AUTHDATA_INITIAL_VERIFIED_CAS.
-
-2007-06-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/pkinit.c: tell user when they got a pk-init request with
-	pkinit disabled.
-
-2007-06-12  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* lib/krb5/principal.c: Rename UNPARSE_NO_QUOTE to
-	UNPARSE_DISPLAY.
-
-	* lib/krb5/krb5.h: Rename UNPARSE_NO_QUOTE to UNPARSE_DISPLAY.
-
-	* lib/krb5/principal.c: Make no-quote mean replace strange chars
-	with space.
-
-	* lib/krb5/principal.c: Support KRB5_PRINCIPAL_UNPARSE_NO_QUOTE.
-
-	* lib/krb5/krb5.h: Add KRB5_PRINCIPAL_UNPARSE_NO_QUOTE.
-
-	* lib/krb5/test_princ.c: Test quoteing.
-
-	* lib/krb5/pkinit.c: update (c)
-	
-	* lib/krb5/get_cred.c: use krb5_sendto_context to talk to the KDC.
-
-	* lib/krb5/send_to_kdc.c (_krb5_kdc_retry): check if the whole
-	process needs to restart or just skip this KDC.
-
-	* lib/krb5/init_creds_pw.c: Use krb5_sendto_context to talk to
-	KDC.
-
-	* lib/krb5/krb5.h: Add sendto hooks and opaque structure.
-
-	* lib/krb5/krb5_rd_error.3: Update prototype.
-
-	* lib/krb5/send_to_kdc.c: Add hooks for processing the reply from
-	the server.
-	
-2007-06-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5_err.et: Some new error codes from RFC 4120.
-	
-2007-06-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/krb5tgs.c: Constify.
-
-	* kdc/kerberos5.c: Constify.
-
-	* kdc/pkinit.c: Check for KRB5-PADATA-PK-AS-09-BINDING. Constify.
-
-2007-06-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* include/Makefile.am: Make krb5-types.h nodist_include_HEADERS.
-
-	* kdc/Makefile.am: EXTRA_DIST += version-script.map.
-	
-2007-06-07  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am (print-distdir): print name of dist
-
-	* kdc/pkinit.c: Break out loading of mappings file to a separate
-	function and remove warning that it can't open the mapping file,
-	there are now mappings in the db, maybe the users uses that
-	instead...
-
-	* lib/krb5/crypto.c: Require the raw key have the correct size and
-	do away with the minsize.  Minsize was a thing that originated
-	from RC2, but since RC2 is done in the x509/cms subsystem now
-	there is no need to keep that around.
-
-	* lib/hdb/dbinfo.c: If there is no default dbname, also check for
-	unset mkey_file and set it default mkey name, make backward compat
-	stuff work.
-
-	* kdc/version-script.map: add new symbols
-
-	* kdc/kdc-replay.c: Also update krb5_context view of what the time
-	is.
-
-	* configure.in: add tests/can/Makefile
-
-	* kdc/kdc-replay.c: Add --[version|help].
-
-	* kdc/pkinit.c: Push down the kdc time into the x509 library.
-
-	* kdc/connect.c: Move up krb5_kdc_save_request so we can catch the
-	reply data too.
-
-	* kdc/kdc-replay.c: verify reply by checking asn1 class, type and
-	tag of the reply if there is one.
-
-	* kdc/process.c: Save asn1 class, type and tag of the reply if
-	there is one. Used to verify the reply in kdc-replay.
-
-2007-06-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/kdc_locl.h: extern for request_log.
-
-	* kdc/Makefile.am: Add kdc-replay.
-
-	* kdc/kdc-replay.c: Replay kdc messages to the KDC library.
-
-	* kdc/config.c: Pick up request_log from [kdc]kdc-request-log.
-
-	* kdc/connect.c: Option to save the request to disk.
-
-	* kdc/process.c (krb5_kdc_save_request): save request to file.
-
-	* kdc/process.c (krb5_kdc_process*): dont update _kdc_time
-	automagicly.
-	(krb5_kdc_update_time): set or get current kdc-time.
-
-	* kdc/pkinit.c (_kdc_pk_rd_padata): accept both pkcs-7 and
-	pkauthdata as the signeddata oid
-	
-	* kdc/pkinit.c (_kdc_pk_rd_padata): Try to log what went wrong.
-
-2007-06-05  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kdc/pkinit.c: Use oid_id_pkcs7_data for pkinit-9 encKey reply to
-	match windows DC behavior better.
-	
-2007-06-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* configure.in: use test for -framework Security
-
-	* appl/test/uu_server.c: Print status to stdout.
-
-	* kdc/digest.c (digest ntlm): provide log entires by setting ret
-	to an error.
-	
-2007-06-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/hx509.texi: Indent crl-sign.
-
-	* doc/hx509.texi: One more crl-sign example.
-
-	* lib/krb5/test_princ.c: plug memory leaks.
-
-	* lib/krb5/pac.c: plug memory leaks.
-
-	* lib/krb5/test_pac.c: plug memory leaks.
-
-	* lib/krb5/test_prf.c: plug memory leak.
-
-	* lib/krb5/test_cc.c: plug memory leaks.
-
-	* doc/hx509.texi: Simple blob about publishing CRLs.
-
-	* doc/win2k.texi: drop text about enctypes.
-	
-2007-06-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/pkinit.c: In case of OCSP verification failure, referash
-	every 5 min. In case of success, refreash 2 min before expiring or
-	faster.
-	
-2007-05-31  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* lib/krb5/krb5_err.et: add error 68, WRONG_REALM
-
-	* kdc/pkinit.c: Handle the ms san in a propper way, still cheat
-	with the realm name.
-
-	* kdc/kerberos5.c: If _kdc_pk_check_client failes, bail out
-	directly and hand the error back to the client.
-
-	* lib/krb5/krb5_err.et: Add missing REVOCATION_STATUS_UNAVAILABLE
-	and fix error message for CLIENT_NAME_MISMATCH.
-
-	* kdc/pkinit.c: More logging for pk-init client mismatch.
-
-	* kdc/kerberos5.c: Also add a KRB5_PADATA_PK_AS_REQ_WIN for
-	windows pk-init (-9) to make MIT clients happy.
-	
-2007-05-30  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kdc/pkinit.c: Force des3 for win2k.
-
-	* kdc/pkinit.c: Add wrapping to ContentInfo wrapping to
-	COMPAT_WIN2K.
-
-	* lib/krb5/keytab_keyfile.c: Spelling.
-
-	* kdc/pkinit.c: Allow matching by MS UPN SAN, note that this delta
-	doesn't deal with case of realm.
-	
-2007-05-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/crypto.c (krb5_crypto_overhead): return static overhead
-	of encryption.
-	
-2007-05-10  Dave Love  <fx@gnu.org>
-	
-	* doc/win2k.texi: Update some URLs.
-
-2007-05-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kuser/kimpersonate.c: Fix version number of ticket, it should be
-	5 not the kvno.
-	
-2007-05-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/setup.texi: Salting is really Encryption types and salting.
-	
-2007-05-07  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* doc/setup.texi: spelling, from Ronny Blomme
-
-	* doc/win2k.texi: Fix ksetup /SetComputerPassword, from Ronny
-	Blomme
-	
-2007-05-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/dbinfo.c (hdb_get_dbinfo) If there are no database
-	specified, create one and let it use the defaults.
-	
-2007-04-27  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* lib/hdb/test_dbinfo.c: test acl file
-
-	* lib/hdb/test_dbinfo.c: test acl file
-
-	* lib/hdb/dbinfo.c: add acl file
-
-	* etc: ignore Makefile.in
-
-	* Makefile.am: SUBDIRS += etc
-
-	* configure.in: Add etc/Makefile.
-
-	* etc/Makefile.am: make sure services.append is distributed
-
-2007-04-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc: rename windc_init to krb5_kdc_windc_init
-
-	* kdc/version-script.map: version script for libkdc
-	
-	* kdc/Makefile.am: version script for libkdc
-	
-2007-04-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/init_creds.c (krb5_get_init_creds_opt_get_error):
-	correct the order of the arguments.
-
-	* lib/hdb/Makefile.am: Add and test dbinfo.
-
-	* lib/hdb/hdb.h: Forward declaration for struct hdb_dbinfo;
-
-	* kdc/config.c: Use krb5_kdc_get_config and just fill in what the
-	users wanted differently.
-
-	* kdc/default_config.c: Make the default configuration fetch info
-	from the krb5.conf.
-	
-2007-04-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/store.c (krb5_store_creds_tag): use session.keytype to
-	determine if to send the session-key, for the second place in the
-	function.
-
-	* tools/krb5-config.in: rename des to hcrypto
-
-	* kuser/Makefile.am: depend on libheimntlm
-
-	* kuser/kinit.c: Add --ntlm-domain that store the ntlm cred for
-	this domain if the Kerberos password auth worked.
-
-	* kuser/klist.c: add new option --hidden that doesn't display
-	principal that starts with @
-
-	* tools/krb5-config.in: Add heimntlm when we use gssapi.
-
-	* lib/krb5/krb5_ccache.3 (krb5_cc_retrieve_cred): document what to
-	free 'cred' with.
-
-	* lib/krb5/cache.c (krb5_cc_retrieve_cred): document what to free
-	'cred' with.
-	
-2007-04-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/store.c (krb5_store_creds_tag): use session.keytype to
-	determine if to send the session-key.
-
-	* kcm/client.c (kcm_ccache_new_client): make root be able to pass
-	the name constraints, not the opposite. From Bryan Jacobs.
-	
-2007-04-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kcm/acl.c: make compile again.
-
-	* kcm/client.c: fix warning.
-	
-	* kcm: First, it allows root to ignore the naming conventions.
-	Second, it allows root to always perform any operation on any
-	ccache.  Note that root could do this anyway with FILE ccaches.
-	From Bryan Jacobs.
-
-	* Rename libdes to libhcrypto.
-
-2007-04-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kinit: remove code that depend on kerberos 4 library
-	
-	* kdc: remove code that depend on kerberos 4 library
-	
-	* configure.in: Drop kerberos 4 support.
-
-	* kdc/hpropd.c (main): free the message when done with it.
-
-	* lib/krb5/pkinit.c (_krb5_get_init_creds_opt_free_pkinit):
-	remember to free memory too.
-
-	* lib/krb5/pkinit.c (pk_rd_pa_reply_dh): free content-type when
-	done.
-
-	* configure.in: test rk_VERSIONSCRIPT
-	
-2007-04-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* fix-export: remove, all done by make dist now
-
-2007-04-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5_get_credentials.3: spelling, from Jason McIntyre
-
-2007-04-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/kstash.8: Spelling, from raga <raga@comcast.net> 
-	via Bjorn Sandell.
-
-	* lib/krb5/store_mem.c: indent.
-
-	* lib/krb5/recvauth.c: Set error string.
-
-	* lib/krb5/rd_req.c: clear error strings.
-
-	* lib/krb5/rd_cred.c: clear error string.
-
-	* lib/krb5/pkinit.c: Set error strings.
-
-	* lib/krb5/get_cred.c: Tell what principal we are not finding for
-	all KRB5_CC_NOTFOUND.
-	
-2007-02-22  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kdc/kerberos5.c: Return the same error codes as a windows KDC.
-
-	* kuser/kinit.c: KRB5KDC_ERR_PREAUTH_FAILED is also a password
-	failed.
-	
-	* kdc/kerberos5.c: Make handling of replying e_data more generic,
-	from metze.
-
-	* kdc/kerberos5.c: Fix (string const and shadow) warnings, from
-	metze.
-
-	* lib/krb5/pac.c: Create the PAC element in the same order as
-	w2k3, maybe there's some broken code in windows which relies on
-	this... From metze.
-
-	* kdc/kerberos5.c: Select a session enctype from the list of the
-	crypto systems supported enctype, is supported by the client and
-	is one of the enctype of the enctype of the krbtgt.
-	
-	The later is used as a hint what enctype all KDC are supporting to
-	make sure a newer version of KDC wont generate a session enctype
-	that and older version of a KDC in the same realm can't decrypt.
-	
-	But if the KDC admin is paranoid and doesn't want to have "no the
-	best" enctypes on the krbtgt, lets save the best pick from the
-	client list and hope that that will work for any other KDCs.
-	
-	Reported by metze.
-
-	* kdc/hprop.c (propagate_database): on any failure, drop the
-	connection to the peer and try next one.
-	
-2007-02-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5_get_init_creds.3: document new options.
-
-	* kdc/krb5tgs.c: Only check service key for cross realm PACs.
-
-	* lib/krb5/init_creds.c: use the new merged flags field.
-	(krb5_get_init_creds_opt_set_win2k): new function, turn on all w2k
-	compat flags.
-
-	* lib/krb5/init_creds_pw.c: use the new merged flags field.
-
-	* lib/krb5/krb5_locl.h: merge all flags into one entity
-	
-2007-02-11  Dave Love  <fx@gnu.org>
-	
-	* lib/krb5/krb5_aname_to_localname.3: Small fixes
-	
-	* lib/krb5/krb5_digest.3: Small fixes
-	
-	* kuser/kimpersonate.1: Small fixes
-
-2007-02-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/init_creds_pw.c (find_pa_data): if there is no list,
-	there is no entry.
-
-	* kdc/krb5tgs.c: Don't check PACs on cross realm requests.
-
-	* lib/krb5/krb5.h: add KRB5_KU_CANONICALIZED_NAMES.
-
-	* lib/krb5/init_creds_pw.c: Verify client referral data.
-
-	* kdc/kerberos5.c: switch some "return ret" to "goto out".
-	
-	* kdc/kerberos5.c: Pass down canonicalize request to hdb layer,
-	sign client referrals.
-	
-	* lib/hdb/hdb.h: Add HDB_F_CANON.
-
-	* lib/hdb: add simple alias support to the database backends
-
-2007-02-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kuser/kinit.c: Add canonicalize flag.
-
-	* lib/krb5/init_creds_pw.c: Use EXTRACT_TICKET_* flags, support
-	canonicalize.
-
-	* lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_canonicalize):
-	new function.
-	
-	* lib/krb5/get_cred.c: Use EXTRACT_TICKET_* flags.
-
-	* lib/krb5/get_in_tkt.c: Use EXTRACT_TICKET_* flags.
-
-	* lib/krb5/krb5_locl.h: Add EXTRACT_TICKET_* flags.
-	
-2007-02-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/test_princ.c: test parsing enterprise-names.
-
-	* lib/krb5/principal.c: Add support for parsing enterprise-names.
-
-	* lib/krb5/krb5.h: Add KRB5_PRINCIPAL_PARSE_ENTERPRISE.
-
-	* lib/hdb/hdb-ldap.c: Make work again.
-	
-2007-02-11  Dave Love  <fx@gnu.org>
-
-	* kcm/client.c (kcm_ccache_new_client): Cast snprintf'ed value.
-	
-2007-02-10  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* doc/setup.texi: prune trailing space
-
-	* lib/hdb/db.c: Be better at setting and clearing error string.
-
-	* lib/hdb/hdb.c: Be better at setting and clearing error string.
-
-2007-02-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/keytab.c (krb5_kt_get_entry): Use krb5_kt_get_full_name
-	to print out the keytab name.
-
-	* doc/setup.texi: Spelling, from Guido Guenther
-	
-2007-02-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/rd_cred.c: Plug memory leak, from Michael B Allen.
-
-2007-02-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/test_store.c (test_uint16): unsigned ints can't be
-	negative
-	
-2007-02-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/pkinit.c: pass extra flags for detached signatures.
-
-	* lib/krb5/pkinit.c: pass extra flags for detached signatures.
-
-	* kdc/digest.c: Remove debug output.
-
-	* kuser/kdigest.c: Add support for ms-chap-v2 client.
-	
-2007-02-02  Love H�rnquist �strand  <lha@it.su.se>
-		
-	* kdc/digest.c: Fix ms-chap-v2 get_masterkey
-
-	* kdc/digest.c: Fix ms-chap-v2 mutual response auth code.
-
-	* kuser/kdigest.c: Print session key if there is one.
-
-	* lib/krb5/digest.c: rename hash-a1 to session key
-
-	* kdc/digest.c: Add get_master from RFC 3079 3.4 for MS-CHAP-V2
-
-	* kuser/kdigest.c: print rsp if there is one, from Klas.
-
-	* kdc/digest.c: Use right size, from Klas Lindfors.
-
-	* kuser/kdigest.c: Set client nonce if avaible, from Klas.
-
-	* kdc/digest.c: First version from kllin.
-
-	* kuser/kdigest.c: Don't restrict the type.
-	
-2007-02-01  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kuser/kdigest-commands.in: add --client-response
-
-	* kuser/kdigest.c: Print status instead of response.
-
-	* kdc/digest.c: Better logging and return status = FALSE when
-	checksum doesn't match.
-
-	* kdc/digest.c: Check the digest response in the KDC.
-
-	* lib/krb5/digest.c: New functions to send in requestResponse to
-	KDC and get status of the request.
-
-	* kdc/digest.c: Add support for MS-CHAP v2.
-
-	* lib/hdb/hdb-ldap.c: Set hdb->hdb_db for ldap.
-	
-2007-01-31  Love H�rnquist �strand  <lha@it.su.se>
-
-	* fix-export: Make hx509.info too
-
-	* kdc/digest.c: don't verify identifier in CHAP, its the client
-	that chooses it.
-	
-2007-01-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/Makefile.am: Basic test of prf.
-
-	* lib/krb5/test_prf.c: Basic test of prf.
-
-	* lib/krb5/mit_glue.c: Add MIT glue for Kerberos RFC 3961 PRF
-	functions.
-
-	* lib/krb5/crypto.c: Add Kerberos RFC 3961 PRF functions.
-
-	* lib/krb5/krb5_data.3: Document krb5_data_cmp.
-
-	* lib/krb5/data.c: Add krb5_data_cmp.
-	
-2007-01-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/kx509.c: Don't use C99 syntax.
-	
-2007-01-17  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* configure.in: its LIBADD_roken (and shouldn't really exist, our
-	libtool usage it broken)
-
-	* configure.in: Add an extra variable for roken, LIBADD, that
-	should be used for library depencies.
-
-	* lib/krb5/send_to_kdc.c (krb5_sendto): zero out receive buffer.
-
-	* lib/krb5/krb5_init_context.3: fix mdoc errors
-
-	* Heimdal 0.8 branch cut today
-
-	* doc/hx509.texi: Spelling and more about proxy certificates.
-
-	* configure.in: check for arc4random
-	
-2007-01-16  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* lib/krb5/send_to_kdc.c (krb5_sendto): zero receive krb5_data
-	before starting
-
-	* tools/heimdal-build.sh: make cvs keep quiet
-
-	* kuser/kverify.c: Use argument as principal if passed an
-	argument. Bug report from Douglas E. Engert
-	
-2007-01-15  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* lib/krb5/rd_req.c (krb5_rd_req_ctx): The code failed to consider
-	the enc_tkt_in_skey case, from Douglas E. Engert.
-
-	* kdc/kx509.c: Issue certificates.
-
-	* kdc/config.c: Parse kx509/kca configuration.
-
-	* kdc/kdc.h: add kx509 config
-	
-2007-01-14  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kdc/kerberos5.c (_kdc_find_padata): if there is not padata,
-	there is nothing find.
-
-	* doc/hx509.texi: Examples for pk-init.
-
-	* doc/hx509.texi: About extending ca lifetime and sub cas.
-	
-2007-01-13  Love H�rnquist �strand <lha@it.su.se>
-	
-	* doc/hx509.texi: More about certificates.
-	
-2007-01-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/hx509.texi: add Application requirements and write about
-	xmpp/jabber.
-	
-2007-01-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/hx509.texi: More about issuing certificates.
-
-	* doc/hx509.texi: Start of a x.509 manual.
-
-	* include/Makefile.am: remove install headerfiles
-
-	* lib/krb5/test_pac.c: Use more interesting data to cause more
-	errors.
-
-	* include/Makefile.am: remove install headerfiles
-
-	* lib/krb5/mcache.c: MCC_CURSOR not used, remove.
-
-	* lib/krb5/crypto.c: macro kcrypto_oid_enc now longer used
-
-	* lib/krb5/rd_safe.c (krb5_rd_safe): set length before trying to
-	allocate data
-	
-2007-01-10  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* doc/setup.texi: Hint about hxtool validate.
-
-	* appl/test/uu_server.c: print both "server" and "client"
-
-	* kdc/krb5tgs.c: Rename keys to be more obvious what they do.
-
-	* kdc/kerberos5.c: Use other keys to sign PAC with. From Andrew
-	Bartlett
-	
-	* kdc/windc.c: ident, spelling.
-
-	* kdc/windc_plugin.h: indent.
-
-	* kdc/krb5tgs.c: Pass down server entry to verify_pac function.
-	from Andrew Bartlett
-
-	* kdc/windc.c: pass down server entry to verify_pac function, from
-	Andrew Bartlett
-
-	* kdc/windc_plugin.h: pass down server entry to verify_pac
-	function, from Andrew Bartlett
-
-	* configure.in: Provide a automake symbol ENABLE_SHARED if shared
-	libraries are built.
-
-	* lib/krb5/rd_req.c (krb5_rd_req_ctx): Use the correct keyblock
-	when verifying the PAC.  From Andrew Bartlett.
-	
-2007-01-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/test_pac.c: move around to code test on real PAC.
-
-	* lib/krb5/pac.c: A tiny 2 char diffrence that make the code work
-	for real.
-
-	* lib/krb5/test_pac.c: Test more PAC (note that the values used in
-	this test is wrong, they have to be fixed when the pac code is
-	fixed).
-
-	* doc/setup.texi: Update to new hxtool issue-certificate usage
-
-	* lib/krb5/init_creds_pw.c: Make sure we don't sent both ENC-TS
-	and PK-INIT pa data, no need to expose our password protecting our
-	PKCS12 key.
-
-	* kuser/klist.c (print_cred_verbose): include ticket length in the
-	verbose output
-	
-2007-01-08  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* lib/krb5/acache.c (loadlib): pass RTLD_LAZY to dlopen, without
-	it linux is unhappy.
-
-	* lib/krb5/plugin.c (loadlib): pass RTLD_LAZY to dlopen, without
-	it linux is unhappy.
-
-	* lib/krb5/name-45-test.c: One of the hosts I sometimes uses is
-	named "bar.domain", this make one of the tests pass when it
-	shouldn't.
-
-2007-01-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/setup.texi: Change --key argument to --out-key.
-
-	* kuser/kimpersonate.1: mangle my name
-	
-2007-01-04  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* doc/setup.texi: describe how to use hx509 to create
-	certificates.
-
-	* tools/heimdal-build.sh: Add --distcheck.
-
-	* kdc/kerberos5.c: Check for KRB5_PADATA_PA_PAC_REQUEST to check
-	if we should include the PAC in the krbtgt.
-
-	* kdc/pkinit.c (_kdc_as_rep): check if
-	krb5_generate_random_keyblock failes.
-
-	* kdc/kerberos5.c (_kdc_as_rep): check if
-	krb5_generate_random_keyblock failes.
-
-	* kdc/krb5tgs.c (tgs_build_reply): check if
-	krb5_generate_random_keyblock failes.
-
-	* kdc/krb5tgs.c: Scope etype.
-
-	* lib/krb5/rd_req.c: Make it possible to turn off PAC check, its
-	default on.
-
-	* lib/krb5/rd_req.c (krb5_rd_req_ctx): If there is a PAC, verify
-	its server signature.
-
-	* kdc/kerberos5.c (_kdc_as_rep): call windc client access hook.
-	(_kdc_tkt_add_if_relevant_ad): constify in data argument.
-
-	* kdc/windc_plugin.h: More comments add a client_access hook.
-
-	* kdc/windc.c: Add _kdc_windc_client_access.
-
-	* kdc/krb5tgs.c: rename functions after export some more pac
-	functions.
-
-	* lib/krb5/test_pac.c: export some more pac functions.
-
-	* lib/krb5/pac.c: export some more pac functions.
-
-	* kdc/krb5tgs.c: Resign the PAC in tgsreq if we have a PAC.
-
-	* configure.in: add tests/plugin/Makefile
-	
-2007-01-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/krb5tgs.c: Get right key for PAC krbtgt verification.
-
-	* kdc/config.c: spelling
-
-	* lib/krb5/krb5.h: typedef for krb5_pac.
-
-	* kdc/headers.h: Include <windc_plugin.h>.
-
-	* kdc/Makefile.am: Include windc.c and use windc_plugin.h
-
-	* kdc/krb5tgs.c: Call callbacks for emulating a Windows Domain
-	Controller.
-
-	* kdc/kerberos5.c: Call callbacks for emulating a Windows Domain
-	Controller.  Move the some of the log related stuff to its own
-	function.
-
-	* kdc/config.c: Init callbacks for emulating a Windows Domain
-	Controller.
-
-	* kdc/windc.c: Rename the init function to windc instead of pac.
-
-	* kdc/windc.c: Callbacks specific to emulating a Windows Domain
-	Controller.
-
-	* kdc/windc_plugin.h: Callbacks specific to emulating a Windows
-	Domain Controller.
-
-	* lib/krb5/Makefile.am: add krb5_HEADERS to build_HEADERZ
-
-	* lib/krb5/pac.c: Support all keyed checksum types.
-	
-2007-01-02  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* lib/krb5/pac.c (krb5_pac_get_types): Return list of types.
-	
-	* lib/krb5/test_pac.c: test krb5_pac_get_types
-
-	* lib/krb5/krbhst.c: Add KRB5_KRBHST_KCA.
-
-	* lib/krb5/krbhst.c: Add KRB5_KRBHST_KCA.
-
-	* lib/krb5/krb5.h: Add KRB5_KRBHST_KCA.
-
-	* lib/krb5/test_pac.c: test Add/remove pac buffer functions.
-
-	* lib/krb5/pac.c: Add/remove pac buffer functions.
-
-	* lib/krb5/pac.c: sprinkle const
-
-	* lib/krb5/pac.c: rename DCHECK to CHECK
-	
-	* Happy New Year.
diff --git a/crypto/heimdal/ChangeLog.1998 b/crypto/heimdal/ChangeLog.1998
deleted file mode 100644
index f26dba777ed2..000000000000
--- a/crypto/heimdal/ChangeLog.1998
+++ /dev/null
@@ -1,3201 +0,0 @@
-Sat Dec  5 19:49:34 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* lib/krb5/context.c: remove ktype_is_etype
-
-	* lib/krb5/crypto.c, lib/krb5/krb5.h, acconfig.h: NEW_DES3_CODE
-
-	* configure.in: fix for AIX install; better tests for AIX dynamic
- 	AFS libs; `--enable-new-des3-code'
-
-Tue Dec  1 14:44:44 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* appl/afsutil/Makefile.am: link with extra libs for aix
-
-	* kuser/Makefile.am: link with extra libs for aix
-
-Sun Nov 29 01:56:21 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_addrs.c (krb5_get_all_server_addrs): add.  almost
- 	the same as krb5_get_all_client_addrs except that it includes
- 	loopback addresses
-
-	* kdc/connect.c (init_socket): bind to a particular address
-	(init_sockets): get all local addresses and bind to them all
-
-	* lib/krb5/addr_families.c (addr2sockaddr, print_addr): new
- 	methods
-	(find_af, find_atype): new functions.  use them.
-
-	* configure.in: add hesiod
-
-Wed Nov 25 11:37:48 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* lib/krb5/krb5_err.et: add some codes from kerberos-revisions-03
-
-Mon Nov 23 12:53:48 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/kadm5/log.c: rename delete -> remove
-
-	* lib/kadm5/delete_s.c: rename delete -> remove
-
-	* lib/hdb/common.c: rename delete -> remove
-
-Sun Nov 22 12:26:26 1998  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: check for environ and `struct spwd'
-
-Sun Nov 22 11:42:45 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* kdc/kerberos5.c (as_rep): set keytype to sess_ktype if
- 	ktype_is_etype
-
-	* lib/krb5/encrypt.c (krb5_keytype_to_etypes): zero terminate
- 	etypes
-	(em): sort entries
-
-Sun Nov 22 06:54:48 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/init_creds_pw.c: more type correctness
-
-	* lib/krb5/get_cred.c: re-structure code.  remove limits on ASN1
- 	generated bits.
-
-Sun Nov 22 01:49:50 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* kdc/hprop.c (v4_prop): fix bogus indexing
-
-Sat Nov 21 21:39:20 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/verify_init.c (fail_verify_is_ok): new function
-	(krb5_verify_init_creds): if we cannot get a ticket for
-	host/`hostname` and fail_verify_is_ok just return.  use
- 	krb5_rd_req
-
-Sat Nov 21 23:12:27 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/free.c (krb5_xfree): new function
-
-	* lib/krb5/creds.c (krb5_free_creds_contents): new function
-
-	* lib/krb5/context.c: more type correctness
-
-	* lib/krb5/checksum.c: more type correctness
-
-	* lib/krb5/auth_context.c (krb5_auth_con_init): more type
- 	correctness
-
-	* lib/asn1/der_get.c (der_get_length): fix test of len
-	(der_get_tag): more type correctness
-
-	* kuser/klist.c (usage): void-ize
-
-	* admin/ktutil.c (kt_remove): some more type correctness.
-
-Sat Nov 21 16:49:20 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* kuser/klist.c: try to list enctypes as keytypes
-
-	* kuser/kinit.c: remove extra `--cache' option, add `--enctypes'
- 	to set list of enctypes to use
-
-	* kadmin/load.c: load strings as hex
-
-	* kadmin/dump.c: dump hex as string is possible
-
-	* admin/ktutil.c: use print_version()
-
-	* configure.in, acconfig.h: test for hesiod
-
-Sun Nov 15 17:28:19 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* lib/krb5/crypto.c: add some crypto debug code
-
-	* lib/krb5/get_in_tkt.c (_krb5_extract_ticket): don't use fixed
- 	buffer when encoding ticket
-
-	* lib/krb5/auth_context.c (re-)implement `krb5_auth_setenctype'
-
-	* kdc/kerberos5.c: allow mis-match of tgt session key, and service
- 	session key
-
-	* admin/ktutil.c: keytype -> enctype
-
-Fri Nov 13 05:35:48 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/krb5.h (KRB5_TGS_NAME, KRB5_TGS_NAME_SIZE): added
-	
-Sat Nov  7 19:56:31 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_cred.c (add_cred): add termination NULL pointer
-
-Mon Nov  2 01:15:06 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/rd_req.c: adapt to new crypto api
-
-	* lib/krb5/rd_rep.c: adapt to new crypto api
-
-	* lib/krb5/rd_priv.c: adopt to new crypto api
-
-	* lib/krb5/rd_cred.c: adopt to new crypto api
-
-	* lib/krb5/principal.c: ENOMEM -> ERANGE
-
-	* lib/krb5/mk_safe.c: cleanup and adopt to new crypto api
-
-	* lib/krb5/mk_req_ext.c: adopt to new crypto api
-
-	* lib/krb5/mk_req.c: get enctype from auth_context keyblock
-
-	* lib/krb5/mk_rep.c: cleanup and adopt to new crypto api
-
-	* lib/krb5/mk_priv.c: adopt to new crypto api
-
-	* lib/krb5/keytab.c: adopt to new crypto api
-
-	* lib/krb5/get_in_tkt_with_skey.c: adopt to new crypto api
-
-	* lib/krb5/get_in_tkt_with_keytab.c: adopt to new crypto api
-
-	* lib/krb5/get_in_tkt_pw.c: adopt to new crypto api
-
-	* lib/krb5/get_in_tkt.c: adopt to new crypto api
-
-	* lib/krb5/get_cred.c: adopt to new crypto api
-
-	* lib/krb5/generate_subkey.c: use new crypto api
-
-	* lib/krb5/context.c: rename etype functions to enctype ditto
-
-	* lib/krb5/build_auth.c: use new crypto api
-
-	* lib/krb5/auth_context.c: remove enctype and cksumtype from
- 	auth_context
-
-Mon Nov  2 01:15:06 1998  Assar Westerlund  <assar@sics.se>
-
-	* kdc/connect.c (handle_udp, handle_tcp): correct type of `n'
-
-Tue Sep 15 18:41:38 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* admin/ktutil.c: fix printing of unrecognized keytypes
-
-Tue Sep 15 17:02:33 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* lib/kadm5/set_keys.c: add KEYTYPE_USE_AFS3_SALT to keytype if
- 	using AFS3 salt
-
-Tue Aug 25 23:30:52 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/send_to_kdc.c (krb5_sendto_kdc): care about
- 	`use_admin_kdc'
-
-	* lib/krb5/changepw.c (get_kdc_address): use
- 	krb5_get_krb_admin_hst
-
-	* lib/krb5/krbhst.c (krb5_get_krb_admin_hst): new function
-
-	* lib/krb5/krb5.h (krb5_context_data): add `use_admin_kdc'
-
-	* lib/krb5/context.c (krb5_get_use_admin_kdc,
- 	krb5_set_use_admin_kdc): new functions
-
-Tue Aug 18 22:24:12 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/crypto.c: remove all calls to abort(); check return
- 	value from _key_schedule;
-	(RSA_MD[45]_DES_verify): zero tmp and res;
-	(RSA_MD5_DES3_{verify,checksum}): implement
-
-Mon Aug 17 20:18:46 1998  Assar Westerlund  <assar@sics.se>
-
-	* kdc/kerberos4.c (swap32): conditionalize
-
-	* lib/krb5/mk_req_ext.c (krb5_mk_req_internal): new function
-
-	* lib/krb5/get_host_realm.c (krb5_get_host_realm): if the hostname
- 	returned from gethostby*() isn't a FQDN, try with the original
- 	hostname
-
-	* lib/krb5/get_cred.c (make_pa_tgs_req): use krb5_mk_req_internal
- 	and correct key usage
-
-	* lib/krb5/crypto.c (verify_checksum): make static
-
-	* admin/ktutil.c (kt_list): use krb5_enctype_to_string
-
-Sun Aug 16 20:57:56 1998  Assar Westerlund  <assar@sics.se>
-
-	* kadmin/cpw.c (do_cpw_entry): use asprintf for the prompt
-
-	* kadmin/ank.c (ank): print principal name in prompt
-
-	* lib/krb5/crypto.c (hmac): always allocate space for checksum.
-  	never trust c.checksum.length
-	(_get_derived_key): try to return the derived key
-
-Sun Aug 16 19:48:42 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/crypto.c (hmac): fix some peculiarities and bugs
-	(get_checksum_key): assume usage is `formatted'
-	(create_checksum,verify_checksum): moved the guts of the krb5_*
-	functions here, both take `formatted' key-usages
-	(encrypt_internal_derived): fix various bogosities
-	(derive_key): drop key_type parameter (already given by the
-	encryption_type)
-
-	* kdc/kerberos5.c (check_flags): handle case where client is NULL
-
-	* kdc/connect.c (process_request): return zero after processing
- 	kerberos 4 request
-
-Sun Aug 16 18:38:15 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/crypto.c: merge x-*.[ch] into one file
-
-	* lib/krb5/cache.c: remove residual from krb5_ccache_data
-
-Fri Aug 14 16:28:23 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/x-crypto.c (derive_key): move DES3 specific code to
- 	separate function (will eventually end up someplace else)
-
-	* lib/krb5/x-crypto.c (krb5_string_to_key_derived): allocate key
-
-	* configure.in, acconfig.h: test for four valued krb_put_int
-
-Thu Aug 13 23:46:29 1998  Assar Westerlund  <assar@emma.pdc.kth.se>
-
-	* Release 0.0t
-
-Thu Aug 13 22:40:17 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/config_file.c (parse_binding): remove trailing
- 	whitespace
-
-Wed Aug 12 20:15:11 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/x-checksum.c (krb5_verify_checksum): pass checksum type
- 	to krb5_create_checksum
-
-	* lib/krb5/x-key.c: implement DES3_string_to_key_derived; fix a
- 	few typos
-
-Wed Aug  5 12:39:54 1998  Assar Westerlund  <assar@emma.pdc.kth.se>
-
-	* Release 0.0s
-
-Thu Jul 30 23:12:17 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/mk_error.c (krb5_mk_error): realloc until you die
-
-Thu Jul 23 19:49:03 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc/kdc_locl.h: proto for `get_des_key'
-
-	* configure.in: test for four valued el_init
-
-	* kuser/klist.c: keytype -> enctype
-
-	* kpasswd/kpasswdd.c (change): use new `krb5_string_to_key*'
-
-	* kdc/hprop.c (v4_prop, ka_convert): convert to a set of keys
-
-	* kdc/kaserver.c: use `get_des_key'
-
-	* kdc/524.c: use new crypto api
-
-	* kdc/kerberos4.c: use new crypto api
-
-	* kdc/kerberos5.c: always treat keytypes as enctypes; use new
- 	crypto api
-
-	* kdc/kstash.c: adapt to new crypto api
-
-	* kdc/string2key.c: adapt to new crypto api
-
-	* admin/srvconvert.c: add keys for all possible enctypes
-
-	* admin/ktutil.c: keytype -> enctype
-
-	* lib/gssapi/init_sec_context.c: get enctype from auth_context
- 	keyblock
-
-	* lib/hdb/hdb.c: remove hdb_*_keytype2key
-
-	* lib/kadm5/set_keys.c: adapt to new crypto api
-
-	* lib/kadm5/rename_s.c: adapt to new crypto api
-
-	* lib/kadm5/get_s.c: adapt to new crypto api
-
-	* lib/kadm5/create_s.c: add keys for des-cbc-crc, des-cbc-md4,
- 	des-cbc-md5, and des3-cbc-sha1
-
-	* lib/krb5/heim_err.et: error message for unsupported salt
-
-	* lib/krb5/codec.c: short-circuit these functions, since they are
- 	not needed any more
-
-	* lib/krb5/rd_safe.c: cleanup and adapt to new crypto api
-
-Mon Jul 13 23:00:59 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/send_to_kdc.c (krb5_sendto_kdc): don't advance
- 	hostent->h_addr_list, use a copy instead
-
-Mon Jul 13 15:00:31 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/config_file.c (parse_binding, parse_section): make sure
- 	everything is ok before adding to linked list
-
-	* lib/krb5/config_file.c: skip ws before checking for comment
-
-Wed Jul  8 10:45:45 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/asn1/k5.asn1: hmac-sha1-des3 = 12
-
-Tue Jun 30 18:08:05 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/send_to_kdc.c (krb5_sendto_kdc): do not close the
- 	unopened file
-
-	* lib/krb5/mk_priv.c: realloc correctly
-
-	* lib/krb5/get_addrs.c (find_all_addresses): init j
-
-	* lib/krb5/context.c (krb5_init_context): print error if parsing
- 	of config file produced an error.
-
-	* lib/krb5/config_file.c (parse_list, krb5_config_parse_file):
- 	ignore more spaces
-
-	* lib/krb5/codec.c (krb5_encode_EncKrbCredPart,
- 	krb5_encode_ETYPE_INFO): initialize `ret'
-
-	* lib/krb5/build_auth.c (krb5_build_authenticator): realloc
- 	correctly
-
-	* lib/kadm5/set_keys.c (_kadm5_set_keys): initialize `ret'
-
-	* lib/kadm5/init_c.c (get_cred_cache): try to do the right thing
- 	with default_client
-
-	* kuser/kinit.c (main): initialize `ticket_life'
-
-	* kdc/kerberos5.c (get_pa_etype_info): initialize `ret'
-	(tgs_rep2): initialize `krbtgt'
-
-	* kdc/connect.c (do_request): check for errors from `sendto'
-
-	* kdc/524.c (do_524): initialize `ret'
-
-	* kadmin/util.c (foreach_principal): don't clobber `ret'
-
-	* kadmin/del.c (del_entry): don't apply on zeroth argument
-
-	* kadmin/cpw.c (do_cpw_entry): initialize `ret'
-
-Sat Jun 13 04:14:01 1998  Assar Westerlund  <assar@juguete.sics.se>
-
-	* Release 0.0r
-
-Sun Jun  7 04:13:14 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/addr_families.c: fall-back definition of
- 	IN6_ADDR_V6_TO_V4
-
-	* configure.in: only set CFLAGS if it wasn't set look for
- 	dn_expand and res_search
-
-Mon Jun  1 21:28:07 1998  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: remove duplicate seteuid
-
-Sat May 30 00:19:51 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/convert_creds.c: import _krb_time_to_life, to avoid
- 	runtime dependencies on libkrb with some shared library
- 	implementations
-
-Fri May 29 00:09:02 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kuser/kinit_options.c: Default options for kinit.
-
-	* kuser/kauth_options.c: Default options for kauth.
-
-	* kuser/kinit.c: Implement lots a new options.
-
-	* kdc/kerberos5.c (check_tgs_flags): make sure kdc-req-body->rtime
- 	is not NULL; set endtime to min of new starttime + old_life, and
- 	requested endtime
-
-	* lib/krb5/init_creds_pw.c (get_init_creds_common): if the
- 	forwardable or proxiable flags are set in options, set the
- 	kdc-flags to the value specified, and not always to one
-
-Thu May 28 21:28:06 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc/kerberos5.c: Optionally compare client address to addresses
- 	in ticket.
-
-	* kdc/connect.c: Pass client address to as_rep() and tgs_rep().
-
-	* kdc/config.c: Add check_ticket_addresses, and
- 	allow_null_ticket_addresses variables.
-
-Tue May 26 14:03:42 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/kadm5/create_s.c: possibly make DES keys version 4 salted
-
-	* lib/kadm5/set_keys.c: check config file for kadmin/use_v4_salt
- 	before zapping version 4 salts
-
-Sun May 24 05:22:17 1998  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.0q
-
-	* lib/krb5/aname_to_localname.c: new file
-
-	* lib/gssapi/init_sec_context.c (repl_mutual): no output token
-
-	* lib/gssapi/display_name.c (gss_display_name): zero terminate
- 	output.
-
-Sat May 23 19:11:07 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/gssapi/display_status.c: new file
-
-	* Makefile.am: send -I to aclocal
-
-	* configure.in: remove duplicate setenv
-
-Sat May 23 04:55:19 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kadmin/util.c (foreach_principal): Check for expression before
- 	wading through the whole database.
-
-	* kadmin/kadmin.c: Pass NULL password to
- 	kadm5_*_init_with_password.
-
-	* lib/kadm5/init_c.c: Implement init_with_{skey,creds}*. Make use
- 	of `password' parameter to init_with_password.
-
-	* lib/kadm5/init_s.c: implement init_with_{skey,creds}*
-
-	* lib/kadm5/server.c: Better arguments for
- 	kadm5_init_with_password.
-
-Sat May 16 07:10:36 1998  Assar Westerlund  <assar@sics.se>
-
-	* kdc/hprop.c: conditionalize ka-server reading support on
- 	KASERVER_DB
-
-	* configure.in: new option `--enable-kaserver-db'
-
-Fri May 15 19:39:18 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/get_cred.c: Better error if local tgt couldn't be
- 	found.
-
-Tue May 12 21:11:02 1998  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.0p
-
-	* lib/krb5/mk_req_ext.c (krb5_mk_req_extended): only set
- 	encryption type in auth_context if it's compatible with the type
- 	of the session key
-
-Mon May 11 21:11:14 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc/hprop.c: add support for ka-server databases
-
-	* appl/ftp/ftpd: link with -lcrypt, if needed
-
-Fri May  1 07:29:52 1998  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: don't test for winsock.h
-
-Sat Apr 18 21:43:11 1998  Johan Danielsson  <joda@puffer.pdc.kth.se>
-
-	* Release 0.0o
-
-Sat Apr 18 00:31:11 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/sock_principal.c: Save hostname.
-
-Sun Apr  5 11:29:45 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/mk_req_ext.c: Use same enctype as in ticket.
-
-	* kdc/hprop.c (v4_prop): Check for null key.
-
-Fri Apr  3 03:54:54 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/str2key.c: Fix DES3 string-to-key.
-
-	* lib/krb5/keytab.c: Get default keytab name from context.
-
-	* lib/krb5/context.c: Get `default_keytab_name' value.
-
-	* kadmin/util.c (foreach_principal): Print error message if
- 	`kadm5_get_principals' fails.
-
-	* kadmin/kadmind.c: Use `kadmind_loop'.
-
-	* lib/kadm5/server.c: Replace several other functions with
- 	`kadmind_loop'.
-
-Sat Mar 28 09:49:18 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/keytab.c (fkt_add_entry): use an explicit seek instead
- 	of O_APPEND
-
-	* configure.in: generate ftp Makefiles
-
-	* kuser/klist.c (print_cred_verbose): print IPv4-address in a
- 	portable way.
-
-	* admin/srvconvert.c (srvconv): return 0 if successful
-
-Tue Mar 24 00:40:33 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/keytab.c: MIT compatible changes: add and use sizes to
- 	keytab entries, and change default keytab to `/etc/krb5.keytab'.
-
-Mon Mar 23 23:43:59 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/gssapi/wrap.c: Use `gss_krb5_getsomekey'.
-
-	* lib/gssapi/unwrap.c: Implement and use `gss_krb5_getsomekey'.
-  	Fix bug in checking of pad.
-
-	* lib/gssapi/{un,}wrap.c: Add support for just integrity
- 	protecting data.
- 	
-	* lib/gssapi/accept_sec_context.c: Use
- 	`gssapi_krb5_verify_8003_checksum'.
-
-	* lib/gssapi/8003.c: Implement `gssapi_krb5_verify_8003_checksum'.
-
-	* lib/gssapi/init_sec_context.c: Zero cred, and store session key
- 	properly in auth-context.
-
-Sun Mar 22 00:47:22 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/kadm5/delete_s.c: Check immutable bit.
-
-	* kadmin/kadmin.c: Pass client name to kadm5_init.
-
-	* lib/kadm5/init_c.c: Get creds for client name passed in.
-
-	* kdc/hprop.c (v4_prop): Check for `changepw.kerberos'.
-
-Sat Mar 21 22:57:13 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/mk_error.c: Verify that error_code is in the range
- 	[0,127].
-
-	* kdc/kerberos5.c: Move checking of principal flags to new
- 	function `check_flags'.
-
-Sat Mar 21 14:38:51 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/kadm5/get_s.c (kadm5_s_get_principal): handle an empty salt
-
-	* configure.in: define SunOS if running solaris
-
-Sat Mar 21 00:26:34 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/kadm5/server.c: Unifdef test for same principal when
- 	changing password.
-
-	* kadmin/util.c: If kadm5_get_principals failes, we might still be
- 	able to perform the requested opreration (for instance someone if
- 	trying to change his own password).
-
-	* lib/kadm5/init_c.c: Try to get ticket via initial request, if
- 	not possible via tgt.
-
-	* lib/kadm5/server.c: Check for principals changing their own
- 	passwords.
-
-	* kdc/kerberos5.c (tgs_rep2): check for interesting flags on
- 	involved principals.
-
-	* kadmin/util.c: Fix order of flags.
-
-Thu Mar 19 16:54:10 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc/kerberos4.c: Return sane error code if krb_rd_req fails.
-
-Wed Mar 18 17:11:47 1998  Assar Westerlund  <assar@sics.se>
-
-	* acconfig.h: rename HAVE_STRUCT_SOCKADDR_IN6 to HAVE_IPV6
-
-Wed Mar 18 09:58:18 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/get_in_tkt_with_keytab.c (krb5_keytab_key_proc): don't
- 	free keyseed; use correct keytab
-
-Tue Mar 10 09:56:16 1998  Assar Westerlund  <assar@sics.se>
-
-	* acinclude.m4 (AC_KRB_IPV6): rewrote to avoid false positives
-
-Mon Mar 16 23:58:23 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* Release 0.0n
-
-Fri Mar  6 00:41:30 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/gssapi/{accept_sec_context,release_cred}.c: Use
-	krb5_kt_close/krb5_kt_resolve.
-	
-	* lib/krb5/principal.c (krb5_425_conv_principal_ext): Use resolver
- 	to lookup hosts, so CNAMEs can be ignored.
-
-	* lib/krb5/send_to_kdc.c (krb5_sendto_kdc, send_and_recv_http):
- 	Add support for using proxy.
-
-	* lib/krb5/context.c: Initialize `http_proxy' from
- 	`libdefaults/http_proxy'.
-
-	* lib/krb5/krb5.h: Add `http_proxy' to context.
-
-	* lib/krb5/send_to_kdc.c: Recognize `http/' and `udp/' as protocol
- 	specifications.
-
-Wed Mar  4 01:47:29 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* admin/ktutil.c: Implement `add' and `remove' functions. Make
- 	`--keytab' a global option.
-
-	* lib/krb5/keytab.c: Implement remove with files. Add memory
- 	operations.
-
-Tue Mar  3 20:09:59 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/keytab.c: Use function pointers.
-
-	* admin: Remove kdb_edit.
-
-Sun Mar  1 03:28:42 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/kadm5/dump_log.c: print operation names
-
-Sun Mar  1 03:04:12 1998  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: add X-tests, and {bin,...}dir appl/{kx,kauth}
-	
-	* lib/krb5/build_auth.c,mk_priv.c,rd_safe.c,mk_safe.c,mk_rep.c:
- 	remove arbitrary limit
-
-	* kdc/hprop-common.c: use krb5_{read,write}_message
-
-	* lib/kadm5/ipropd_master.c (send_diffs): more careful use
- 	krb5_{write,read}_message
-
-	* lib/kadm5/ipropd_slave.c (get_creds): get credentials for
- 	`iprop/master' directly.
-	(main): use `krb5_read_message'
-
-Sun Mar  1 02:05:11 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kadmin/kadmin.c: Cleanup commands list, and add help strings.
-
-	* kadmin/get.c: Add long, short, and terse (equivalent to `list')
- 	output formats. Short is the default.
-
-	* kadmin/util.c: Add `include_time' flag to timeval2str.
-
-	* kadmin/init.c: Max-life and max-renew can, infact, be zero.
-
-	* kadmin/{cpw,del,ext,get}.c: Use `foreach_principal'.
-
-	* kadmin/util.c: Add function `foreach_principal', that loops over
- 	all principals matching an expression.
-
-	* kadmin/kadmin.c: Add usage string to `privileges'.
-
-	* lib/kadm5/get_princs_s.c: Also try to match aganist the
- 	expression appended with `@default-realm'.
-
-	* lib/krb5/principal.c: Add `krb5_unparse_name_fixed_short', that
- 	excludes the realm if it's the same as the default realm.
-
-Fri Feb 27 05:02:21 1998  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: more WFLAGS and WFLAGS_NOUNUSED added missing
- 	headers and functions error -> com_err
-
- 	(krb5_get_init_creds_keytab): use krb5_keytab_key_proc
-
-	* lib/krb5/get_in_tkt_with_keytab.c: make `krb5_keytab_key_proc'
- 	global
-
-	* lib/kadm5/marshall.c (ret_principal_ent): set `n_tl_data'
-
-	* lib/hdb/ndbm.c: use `struct ndbm_db' everywhere.
-
-Fri Feb 27 04:49:24 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/mk_priv.c (krb5_mk_priv): bump static limit to 10240.
-  	This should be fixed the correct way.
-
-	* lib/kadm5/ipropd_master.c (check_acl:) truncate buf correctly
-	(send_diffs): compare versions correctly
-	(main): reorder handling of events
-
-	* lib/kadm5/log.c (kadm5_log_previous): avoid bad type conversion
-
-Thu Feb 26 02:22:35 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/kadm5/ipropd_{slave,master}.c: new files
-
-	* lib/kadm5/log.c (kadm5_log_get_version): take an `fd' as
- 	argument
-
-	* lib/krb5/krb5.h (krb5_context_data): `et_list' should be `struct
- 	et_list *'
-
-	* aux/make-proto.pl: Should work with perl4
-
-Mon Feb 16 17:20:22 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/krb5_locl.h: Remove <error.h> (it gets included via
- 	{asn1,krb5}_err.h).
-
-Thu Feb 12 03:28:40 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_in_tkt.c (_krb5_extract_ticket): if time difference
- 	is larger than max_skew, return KRB5KRB_AP_ERR_SKEW
-
-	* lib/kadm5/log.c (get_version): globalize
-
-	* lib/kadm5/kadm5_locl.h: include <sys/file.h>
-
-	* lib/asn1/Makefile.am: add PA_KEY_INFO and PA_KEY_INFO_ENTRY
-
-	* kdc/kerberos5.c (get_pa_etype_info): remove gcc-ism of
- 	initializing local struct in declaration.
-
-Sat Jan 31 17:28:58 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc/524.c: Use krb5_decode_EncTicketPart.
-
-	* kdc/kerberos5.c: Check at runtime whether to use enctypes
- 	instead of keytypes. If so use the same value to encrypt ticket,
- 	and kdc-rep as well as `keytype' for session key. Fix some obvious
- 	bugs with the handling of additional tickets.
-
-	* lib/krb5/rd_req.c: Use krb5_decode_EncTicketPart, and
- 	krb5_decode_Authenticator.
-
-	* lib/krb5/rd_rep.c: Use krb5_decode_EncAPRepPart.
-
-	* lib/krb5/rd_cred.c: Use krb5_decode_EncKrbCredPart.
-
-	* lib/krb5/mk_rep.c: Make sure enc_part.etype is an encryption
- 	type, and not a key type.  Use krb5_encode_EncAPRepPart.
-
-	* lib/krb5/init_creds_pw.c: Use krb5_decode_PA_KEY_INFO.
-
-	* lib/krb5/get_in_tkt.c: Use krb5_decode_Enc{AS,TGS}RepPart.
-
-	* lib/krb5/get_for_creds.c: Use krb5_encode_EncKrbCredPart.
-
-	* lib/krb5/get_cred.c: Use krb5_decode_Enc{AS,TGS}RepPart.
-
-	* lib/krb5/build_auth.c: Use krb5_encode_Authenticator.
-
-	* lib/krb5/codec.c: Enctype conversion stuff.
-
-	* lib/krb5/context.c: Ignore KRB5_CONFIG if *not* running
- 	setuid. Get configuration for libdefaults ktype_is_etype, and
- 	default_etypes.
-
-	* lib/krb5/encrypt.c: Add krb5_string_to_etype, rename
- 	krb5_convert_etype to krb5_decode_keytype, and add
- 	krb5_decode_keyblock.
-
-Fri Jan 23 00:32:09 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/{get_in_tkt,rd_req}.c: Use krb5_convert_etype.
-
-	* lib/krb5/encrypt.c: Add krb5_convert_etype function - converts
- 	from protocol keytypes (that really are enctypes) to internal
- 	representation.
-
-Thu Jan 22 21:24:36 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/asn1/k5.asn1: Add PA-KEY-INFO structure to hold information
- 	on keys in the database; and also a new `pa-key-info' padata-type.
-
-	* kdc/kerberos5.c: If pre-authentication fails, return a list of
- 	keytypes, salttypes, and salts.
-
-	* lib/krb5/init_creds_pw.c: Add better support for
- 	pre-authentication, by looking at hints from the KDC.
-
-	* lib/krb5/get_in_tkt.c: Add better support for specifying what
- 	pre-authentication to use.
-
-	* lib/krb5/str2key.c: Merge entries for KEYTYPE_DES and
- 	KEYTYPE_DES_AFS3.
-
-	* lib/krb5/krb5.h: Add pre-authentication structures.
-
-	* kdc/connect.c: Don't fail if realloc(X, 0) returns NULL.
-
-Wed Jan 21 06:20:40 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/kadm5/init_s.c (kadm5_s_init_with_password_ctx): initialize
- 	`log_context.socket_name' and `log_context.socket_fd'
-
-	* lib/kadm5/log.c (kadm5_log_flush): send a unix domain datagram
- 	to inform the possible running ipropd of an update.
-
-Wed Jan 21 01:34:09 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/get_in_tkt.c: Return error-packet to caller.
-
-	* lib/krb5/free.c (krb5_free_kdc_rep): Free krb5_kdc_rep->error.
-
-	* kdc/kerberos5.c: Add some support for using enctypes instead of
- 	keytypes.
-
-	* lib/krb5/get_cred.c: Fixes to send authorization-data to the
- 	KDC.
-
-	* lib/krb5/build_auth.c: Only generate local subkey if there is
- 	none.
-
-	* lib/krb5/krb5.h: Add krb5_authdata type.
-
-	* lib/krb5/auth_context.c: Add
- 	krb5_auth_con_set{,localsub,remotesub}key.
-
-	* lib/krb5/init_creds_pw.c: Return some error if prompter
- 	functions return failure.
-
-Wed Jan 21 01:16:13 1998  Assar Westerlund  <assar@sics.se>
-
-	* kpasswd/kpasswd.c: detect bad password.  use krb5_err.
-
-	* kadmin/util.c (edit_entry): remove unused variables
-
-Tue Jan 20 22:58:31 1998  Assar Westerlund  <assar@sics.se>
-
-	* kuser/kinit.c: rename `-s' to `-S' to be MIT-compatible.
-
-	* lib/kadm5/kadm5_locl.h: add kadm5_log_context and
- 	kadm5_log*-functions
-
-	* lib/kadm5/create_s.c (kadm5_s_create_principal): add change to
- 	log
-
-	* lib/kadm5/rename_s.c (kadm5_s_rename_principal): add change to
- 	log
-
-	* lib/kadm5/init_s.c (kadm5_s_init_with_password_ctx): initialize
- 	log_context
-
-	* lib/kadm5/delete_s.c (kadm5_s_delete_principal): add change to
- 	log
-
-	* lib/kadm5/modify_s.c (kadm5_s_modify_principal): add change to
- 	log
-
-	* lib/kadm5/randkey_s.c (kadm5_s_randkey_principal): add change to
- 	log
-
-	* lib/kadm5/chpass_s.c (kadm5_s_chpass_principal): add change to
- 	log
-
-	* lib/kadm5/Makefile.am: add log.c, dump_log and replay_log
-
-	* lib/kadm5/replay_log.c: new file
-
-	* lib/kadm5/dump_log.c: new file
-
-	* lib/kadm5/log.c: new file
-
-	* lib/krb5/str2key.c (get_str): initialize pad space to zero
-
-	* lib/krb5/config_file.c (krb5_config_vget_next): handle c == NULL
-
-	* kpasswd/kpasswdd.c: rewritten to use the kadm5 API
-
-	* kpasswd/Makefile.am: link with kadm5srv
-
-	* kdc/kerberos5.c (tgs_rep): initialize `i'
-
-	* kadmin/kadmind.c (main): use kadm5_server_{send,recv}_sp
-
-	* include/Makefile.am: added admin.h
-
-Sun Jan 18 01:41:34 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/asn1/gen_copy.c: Don't return ENOMEM if allocating 0 bytes.
-
-	* lib/krb5/mcache.c (mcc_store_cred): restore linked list if
- 	copy_creds fails.
-
-Tue Jan  6 04:17:56 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/kadm5/server.c: add kadm5_server_{send,recv}{,_sp}
-
-	* lib/kadm5/marshall.c: add kadm5_{store,ret}_principal_ent_mask.
-
-	* lib/kadm5/init_c.c (kadm5_c_init_with_password_ctx): use
- 	krb5_getportbyname
-
-	* kadmin/kadmind.c (main): htons correctly.
-	moved kadm5_server_{recv,send}
-
-	* kadmin/kadmin.c (main): only set admin_server if explicitly
- 	given
-
-Mon Jan  5 23:34:44 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/hdb/ndbm.c: Implement locking of database.
-
-	* kdc/kerberos5.c: Process AuthorizationData.
-
-Sat Jan  3 22:07:07 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* kdc/string2key.c: Use AFS string-to-key from libkrb5.
-
-	* lib/krb5/get_in_tkt.c: Handle pa-afs3-salt case.
-
-	* lib/krb5/krb5.h: Add value for AFS salts.
-
-	* lib/krb5/str2key.c: Add support for AFS string-to-key.
-
-	* lib/kadm5/rename_s.c: Use correct salt.
-
-	* lib/kadm5/ent_setup.c: Always enable client. Only set max-life
- 	and max-renew if != 0.
-
-	* lib/krb5/config_file.c: Add context to all krb5_config_*get_*.
-
-Thu Dec 25 17:03:25 1997  Assar Westerlund  <assar@sics.se>
-
-	* kadmin/ank.c (ank): don't zero password if --random-key was
- 	given.
-
-Tue Dec 23 01:56:45 1997  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.0m
-
-	* lib/kadm5/ent_setup.c (attr_to_flags): try to set `client'
-
-	* kadmin/util.c (edit_time): only set mask if != 0
-	(edit_attributes): only set mask if != 0
-
-	* kadmin/init.c (init): create `default'
-
-Sun Dec 21 09:44:05 1997  Assar Westerlund  <assar@sics.se>
-
-	* kadmin/util.c (str2deltat, str2attr, get_deltat): return value
- 	as pointer and have return value indicate success.
-	
-	(get_response): check NULL from fgets
-	
-	(edit_time, edit_attributes): new functions for reading values and
-	offering list of answers on '?'
-	
-	(edit_entry): use edit_time and edit_attributes
-
-	* kadmin/ank.c (add_new_key): test the return value of
- 	`krb5_parse_name'
-
-	* kdc/kerberos5.c (tgs_check_authenticator): RFC1510 doesn't say
- 	that the checksum has to be keyed, even though later drafts do.
-  	Accept unkeyed checksums to be compatible with MIT.
-
-	* kadmin/kadmin_locl.h: add some prototypes.
-
-	* kadmin/util.c (edit_entry): return a value
-
-	* appl/afsutil/afslog.c (main): return a exit code.
-
-	* lib/krb5/get_cred.c (init_tgs_req): use krb5_keytype_to_enctypes
-
-	* lib/krb5/encrypt.c (krb5_keytype_to_enctypes): new function.
-
-	* lib/krb5/build_auth.c (krb5_build_authenticator): use
- 	krb5_{free,copy}_keyblock instead of the _contents versions
-
-Fri Dec 12 14:20:58 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/{mk,rd}_priv.c: fix check for local/remote subkey
-
-Mon Dec  8 08:48:09 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/context.c: don't look at KRB5_CONFIG if running setuid
-
-Sat Dec  6 10:09:40 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/keyblock.c (krb5_free_keyblock): check for NULL
-	keyblock
-
-Sat Dec  6 08:26:10 1997  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.0l
-
-Thu Dec  4 03:38:12 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/send_to_kdc.c: Add TCP client support.
-
-	* lib/krb5/store.c: Add k_{put,get}_int.
-
-	* kadmin/ank.c: Set initial kvno to 1.
-
-	* kdc/connect.c: Send version 5 TCP-reply as length+data.
-
-Sat Nov 29 07:10:11 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/rd_req.c (krb5_rd_req): fixed obvious bug
-
-	* kdc/kaserver.c (create_reply_ticket): use a random nonce in the
- 	reply packet.
-
-	* kdc/connect.c (init_sockets): less reallocing.
-
-	* **/*.c: changed `struct fd_set' to `fd_set'
-
-Sat Nov 29 05:12:01 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/get_default_principal.c: More guessing.
-
-Thu Nov 20 02:55:09 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/rd_req.c: Use principal from ticket if no server is
- 	given.
-
-Tue Nov 18 02:58:02 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kuser/klist.c: Use krb5_err*().
-
-Sun Nov 16 11:57:43 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kadmin/kadmin.c: Add local `init', `load', `dump', and `merge'
- 	commands.
-
-Sun Nov 16 02:52:20 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/mk_req_ext.c (krb5_mk_req_ext): figure out the correct
- 	`enctype'
-
-	* lib/krb5/mk_req.c (krb5_mk_req): use `(*auth_context)->enctype'
- 	if set.
-
-	* lib/krb5/get_cred.c: handle the case of a specific keytype
-
-	* lib/krb5/build_auth.c (krb5_build_authenticator): enctype as a
- 	parameter instead of guessing it.
-
-	* lib/krb5/build_ap_req.c (krb5_build_ap_req): new parameter
- 	`enctype'
-
-	* appl/test/common.c (common_setup): don't use `optarg'
-
-	* lib/krb5/keytab.c (krb5_kt_copy_entry_contents): new function
-	(krb5_kt_get_entry): retrieve the latest version if kvno == 0
-
-	* lib/krb5/krb5.h: define KRB5_TC_MATCH_KEYTYPE
-
-	* lib/krb5/creds.c (krb5_compare_creds): check for
- 	KRB5_TC_MATCH_KEYTYPE
-
-	* lib/gssapi/8003.c (gssapi_krb5_create_8003_checksum): remove
- 	unused variable
-
-	* lib/krb5/creds.c (krb5_copy_creds_contents): only free the
- 	contents if we fail.
-
-Sun Nov 16 00:32:48 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kpasswd/kpasswdd.c: Get password expiration time from config
- 	file.
-
-	* lib/asn1/{der_get,gen_decode}.c: Allow passing NULL size.
-
-Wed Nov 12 02:35:57 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds):
- 	restructured and fixed.
-
-	* lib/krb5/addr_families.c (krb5_h_addr2addr): new function.
-
-Wed Nov 12 01:36:01 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/get_addrs.c: Fall back to hostname's addresses if other
- 	methods fail.
-
-Tue Nov 11 22:22:12 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kadmin/kadmin.c: Add `-l' flag to use local database.
-
-	* lib/kadm5/acl.c: Use KADM5_PRIV_ALL.
-
-	* lib/kadm5: Use function pointer trampoline for easier dual use
- 	(without radiation-hardening capability).
-
-Tue Nov 11 05:15:22 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/encrypt.c (krb5_etype_valid): new function
-
-	* lib/krb5/creds.c (krb5_copy_creds_contents): zero target
-
-	* lib/krb5/context.c (valid_etype): remove
-
-	* lib/krb5/checksum.c: remove dead code
-
-	* lib/krb5/changepw.c (send_request): free memory on error.
-
-	* lib/krb5/build_ap_req.c (krb5_build_ap_req): check return value
- 	from malloc.
-
-	* lib/krb5/auth_context.c (krb5_auth_con_init): free memory on
- 	failure correctly.
-	(krb5_auth_con_setaddrs_from_fd): return error correctly.
-
-	* lib/krb5/get_in_tkt_with_{keytab,skey}.c: new files
-
-Tue Nov 11 02:53:19 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/auth_context.c: Implement auth_con_setuserkey.
-
-	* lib/gssapi/init_sec_context.c: Use krb5_auth_con_getkey.
-
-	* lib/krb5/keyblock.c: Rename krb5_free_keyblock to
- 	krb5_free_keyblock_contents, and reimplement krb5_free_keyblock.
-
-	* lib/krb5/rd_req.c: Use auth_context->keyblock if
- 	ap_options.use_session_key.
-
-Tue Nov 11 02:35:17 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/net_{read,write}.c: change `int fd' to `void *p_fd'.
-	fix callers.
-
-	* lib/krb5/krb5_locl.h: include <asn1.h> and <der.h>
-
-	* include/Makefile.am: add xdbm.h
-
-Tue Nov 11 01:58:22 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/get_cred.c: Implement krb5_get_cred_from_kdc.
-
-Mon Nov 10 22:41:53 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/ticket.c: Implement copy_ticket.
-
-	* lib/krb5/get_in_tkt.c: Make `options' parameter MIT-compatible.
-
-	* lib/krb5/data.c: Implement free_data and copy_data.
-
-Sun Nov  9 02:17:27 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/kadm5: Implement kadm5_get_privs, and kadm5_get_principals.
-
-	* kadmin/kadmin.c: Add get_privileges function.
-
-	* lib/kadm5: Rename KADM5_ACL_* -> KADM5_PRIV_* to conform with
- 	specification.
-
-	* kdc/connect.c: Exit if no sockets could be bound.
-
-	* kadmin/kadmind.c: Check return value from krb5_net_read().
-
-	* lib/kadm5,kadmin: Fix memory leaks.
-
-Fri Nov  7 02:45:26 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/kadm5/create_s.c: Get some default values from `default'
- 	principal.
-
-	* lib/kadm5/ent_setup.c: Add optional default entry to get some
- 	values from.
-
-Thu Nov  6 00:20:41 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/error/compile_et.awk: Remove generated destroy_*_error_table
- 	prototype
-
-	* kadmin/kadmind.c: Crude admin server.
-
-	* kadmin/kadmin.c: Update to use remote protocol.
-
-	* kadmin/get.c: Fix principal formatting.
-
-	* lib/kadm5: Add client support.
-
-	* lib/kadm5/error.c: Error code mapping.
-
-	* lib/kadm5/server.c: Kadmind support function.
-
-	* lib/kadm5/marshall.c: Kadm5 marshalling.
-
-	* lib/kadm5/acl.c: Simple acl system.
-
-	* lib/kadm5/kadm5_locl.h: Add client stuff.
-
-	* lib/kadm5/init_s.c: Initialize acl.
-
-	* lib/kadm5/*:  Return values.
-
-	* lib/kadm5/create_s.c: Correct kvno.
-
-Wed Nov  5 22:06:50 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/log.c: Fix parsing of log destinations.
-
-Mon Nov  3 20:33:55 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/principal.c: Reduce number of reallocs in unparse_name.
-
-Sat Nov  1 01:40:53 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kadmin: Simple kadmin utility.
-
-	* admin/ktutil.c: Print keytype.
-
-	* lib/kadm5/get_s.c: Set correct n_key_data.
-
-	* lib/kadm5/init_s.c: Add kadm5_s_init_with_password_ctx. Use
- 	master key.
-
-	* lib/kadm5/destroy_s.c: Check for allocated context.
-
-	* lib/kadm5/{create,chpass}_s.c: Use _kadm5_set_keys().
-
-Sat Nov  1 00:21:00 1997  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: test for readv, writev
-
-Wed Oct 29 23:41:26 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/warn.c (_warnerr): handle the case of an illegal error
- 	code
-
-	* kdc/kerberos5.c (encode_reply): return success
-
-Wed Oct 29 18:01:59 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc/kerberos5.c (find_etype) Return correct index of selected
- 	etype.
-
-Wed Oct 29 04:07:06 1997  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.0k
-
-	* lib/krb5/context.c (krb5_init_context): support `KRB5_CONFIG'
- 	environment variable
-
-	* *: use the roken_get*-macros from roken.h for the benefit of
- 	Crays.
-
-	* configure.in: add --{enable,disable}-otp.  check for compatible
- 	prototypes for gethostbyname, gethostbyaddr, getservbyname, and
- 	openlog (they have strange prototypes on Crays)
-
-	* acinclude.m4: new macro `AC_PROTO_COMPAT'
-
-Tue Oct 28 00:11:22 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc/connect.c: Log bad requests.
-
-	* kdc/kerberos5.c: Move stuff that's in common between as_rep and
- 	tgs_rep to separate functions.
-
-	* kdc/kerberos5.c: Fix user-to-user authentication.
-
-	* lib/krb5/get_cred.c: Some restructuring of krb5_get_credentials:
- 	  - add a kdc-options argument to krb5_get_credentials, and rename
-	    it to krb5_get_credentials_with_flags
-	  - honour the KRB5_GC_CACHED, and KRB5_GC_USER_USER options
-	  - add some more user-to-user glue
-
-	* lib/krb5/rd_req.c: Move parts of krb5_verify_ap_req into a new
- 	function, krb5_decrypt_ticket, so it is easier to decrypt and
- 	check a ticket without having an ap-req.
-
-	* lib/krb5/krb5.h: Add KRB5_GC_CACHED, and KRB5_GC_USER_USER
- 	flags.
-
-	* lib/krb5/crc.c (crc_init_table): Check if table is already
- 	inited.
-
-Sun Oct 26 04:51:02 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/asn1/der_get.c (der_get_length, fix_dce): Special-case
- 	indefinite encoding.
-
-	* lib/asn1/gen_glue.c (generate_units): Check for empty
- 	member-list.
-
-Sat Oct 25 07:24:57 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/error/compile_et.awk: Allow specifying table-base.
-
-Tue Oct 21 20:21:40 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc/kerberos5.c: Check version number of krbtgt.
-
-Mon Oct 20 01:14:53 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/prompter_posix.c (krb5_prompter_posix): implement the
- 	case of unhidden prompts.
-
-	* lib/krb5/str2key.c (string_to_key_internal): return error
- 	instead of aborting.  always free memory
-
-	* admin/ktutil.c: add `help' command
-
-	* admin/kdb_edit.c: implement new commands: add_random_key(ark),
- 	change_password(cpw), change_random_key(crk)
-
-Thu Oct 16 05:16:36 1997  Assar Westerlund  <assar@sics.se>
-
-	* kpasswd/kpasswdd.c: change all the keys in the database
-
-	* kdc: removed all unsealing, now done by the hdb layer
-
-	* lib/hdb/hdb.c: new functions `hdb_create', `hdb_set_master_key'
- 	and `hdb_clear_master_key'
-
-	* admin/misc.c: removed
-
-Wed Oct 15 22:47:31 1997  Assar Westerlund  <assar@sics.se>
-
-	* kuser/klist.c: print year as YYYY iff verbose
-
-Wed Oct 15 20:02:13 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kuser/klist.c: print etype from ticket
-
-Mon Oct 13 17:18:57 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* Release 0.0j
-
-	* lib/krb5/get_cred.c: Get the subkey from mk_req so it can be
- 	used to decrypt the reply from DCE secds.
-
-	* lib/krb5/auth_context.c: Add {get,set}enctype.
-
-	* lib/krb5/get_cred.c: Fix for DCE secd.
-
-	* lib/krb5/store.c: Store keytype twice, as MIT does.
-
-	* lib/krb5/get_in_tkt.c: Use etype from reply.
-
-Fri Oct 10 00:39:48 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc/connect.c: check for leading '/' in http request
-
-Tue Sep 30 21:50:18 1997  Assar Westerlund  <assar@assaris.pdc.kth.se>
-
-	* Release 0.0i
-
-Mon Sep 29 15:58:43 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/rd_req.c (krb5_rd_req): redone because we don't know
- 	the kvno or keytype before receiving the AP-REQ
-
-	* lib/krb5/mk_safe.c (krb5_mk_safe): figure out what cksumtype to
- 	use from the keytype.
-
-	* lib/krb5/mk_req_ext.c (krb5_mk_req_extended): figure out what
- 	cksumtype to use from the keytype.
-
-	* lib/krb5/mk_priv.c (krb5_mk_priv): figure out what etype to use
- 	from the keytype.
-
-	* lib/krb5/keytab.c (krb5_kt_get_entry): check the keytype
-
-	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): figure out
- 	what etype to use from the keytype.
-
-	* lib/krb5/generate_seq_number.c (krb5_generate_seq_number):
- 	handle other key types than DES
-
-	* lib/krb5/encrypt.c (key_type): add `best_cksumtype'
-	(krb5_keytype_to_cksumtype): new function
-
-	* lib/krb5/build_auth.c (krb5_build_authenticator): figure out
- 	what etype to use from the keytype.
-
-	* lib/krb5/auth_context.c (krb5_auth_con_init): set `cksumtype'
- 	and `enctype' to 0
-
-	* admin/extkeytab.c (ext_keytab): extract all keys
-
-	* appl/telnet/telnet/commands.c: INET6_ADDRSTRLEN kludge
-
-	* configure.in: check for <netinet6/in6.h>. check for -linet6
-	
-Tue Sep 23 03:00:53 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/encrypt.c: fix checksumtype for des3-cbc-sha1
-
-	* lib/krb5/rd_safe.c: fix check for keyed and collision-proof
- 	checksum
-
-	* lib/krb5/context.c (valid_etype): remove hard-coded constants
-	(default_etypes): include DES3
-
-	* kdc/kerberos5.c: fix check for keyed and collision-proof
- 	checksum
-
-	* admin/util.c (init_des_key, set_password): DES3 keys also
-
- 	* lib/krb/send_to_kdc.c (krb5_sendto_kdc): no data returned means
- 	no contact?
-
-	* lib/krb5/addr_families.c: fix typo in `ipv6_anyaddr'
-
-Mon Sep 22 11:44:27 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* kdc/kerberos5.c: Somewhat fix the etype usage. The list sent by
- 	the client is used to select wich key to encrypt the kdc rep with
- 	(in case of as-req), and with the server info to select the
- 	session key type. The server key the ticket is encrypted is based
- 	purely on the keys in the database.
-
-	* kdc/string2key.c: Add keytype support. Default to version 5
- 	keys.
-
-	* lib/krb5/get_in_tkt.c: Fix a lot of etype/keytype misuse.
-
-	* lib/krb5/encrypt.c: Add des3-cbc-md5, and des3-cbc-sha1. Add
- 	many *_to_* functions.
-
-	* lib/krb5/str2key.c: Add des3 string-to-key. Add ktype argument
- 	to krb5_string_to_key().
-
-	* lib/krb5/checksum.c: Some cleanup, and added: 
-	  - rsa-md5-des3 
-	  - hmac-sha1-des3 
-	  - keyed and collision proof flags to each checksum method
-	  - checksum<->string functions.
-
-	* lib/krb5/generate_subkey.c: Use krb5_generate_random_keyblock.
-
-Sun Sep 21 15:19:23 1997  Assar Westerlund  <assar@sics.se>
-
-	* kdc/connect.c: use new addr_families functions
-
-	* kpasswd/kpasswdd.c: use new addr_families functions.  Now works
- 	over IPv6
-
-	* kuser/klist.c: use correct symbols for address families
-
-	* lib/krb5/sock_principal.c: use new addr_families functions
-
-	* lib/krb5/send_to_kdc.c: use new addr_families functions
-
-	* lib/krb5/krb5.h: add KRB5_ADDRESS_INET6
-
-	* lib/krb5/get_addrs.c: use new addr_families functions
-
-	* lib/krb5/changepw.c: use new addr_families functions.  Now works
- 	over IPv6
-
-	* lib/krb5/auth_context.c: use new addr_families functions
-
-	* lib/krb5/addr_families.c: new file
-
-	* acconfig.h: AC_SOCKADDR_IN6 -> AC_STRUCT_SOCKADDR_IN6.  Updated
- 	uses.
-
-	* acinclude.m4: new macro `AC_KRB_IPV6'.  Use it.
-
-Sat Sep 13 23:04:23 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc/hprop.c: Don't encrypt twice. Complain on non-convertable
- 	principals.
-
-Sat Sep 13 00:59:36 1997  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.0h
-	
-	* appl/telnet/telnet/commands.c: AF_INET6 support
-
-	* admin/misc.c: new file
-
-	* lib/krb5/context.c: new configuration variable `max_retries'
-
-	* lib/krb5/get_addrs.c: fixes and better #ifdef's
-
-	* lib/krb5/config_file.c: implement krb5_config_get_int
-
-	* lib/krb5/auth_context.c, send_to_kdc.c, sock_principal.c:
- 	AF_INET6 support
-
-	* kuser/klist.c: support for printing IPv6-addresses
-
-	* kdc/connect.c: support AF_INET6
-
-	* configure.in: test for gethostbyname2 and struct sockaddr_in6
-
-Thu Sep 11 07:25:28 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1/k5.asn1: Use `METHOD-DATA' instead of `SEQUENCE OF
- 	PA-DATA'
-
-Wed Sep 10 21:20:17 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc/kerberos5.c: Fixes for cross-realm, including (but not
- 	limited to):
-	  - allow client to be non-existant (should probably check for
-	    "local realm")
-	  - if server isn't found and it is a request for a krbtgt, try to
- 	    find a realm on the way to the requested realm
-	  - update the transited encoding iff 
-	    client-realm != server-realm != tgt-realm
-
-	* lib/krb5/get_cred.c: Several fixes for cross-realm.
-
-Tue Sep  9 15:59:20 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc/string2key.c: Fix password handling.
-
-	* lib/krb5/encrypt.c: krb5_key_to_string
-
-Tue Sep  9 07:46:05 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_addrs.c: rewrote.  Now should be able to handle
- 	aliases and IPv6 addresses
-
-	* kuser/klist.c: try printing IPv6 addresses
-
-	* kdc/kerberos5.c: increase the arbitrary limit from 1024 to 8192
-
-	* configure.in: check for <netinet/in6_var.h>
-
-Mon Sep  8 02:57:14 1997  Assar Westerlund  <assar@sics.se>
-
-	* doc: fixes
-
-	* admin/util.c (init_des_key): increase kvno
-	(set_password): return -1 if `des_read_pw_string' failed
-
-	* admin/mod.c (doit2): check the return value from `set_password'
-
-	* admin/ank.c (doit): don't add a new entry if `set_password'
- 	failed
-
-Mon Sep  8 02:20:16 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/verify_init.c: fix ap_req_nofail semantics
-
-	* lib/krb5/transited.c: something that might resemble
- 	domain-x500-compress
-
-Mon Sep  8 01:24:42 1997  Assar Westerlund  <assar@sics.se>
-
-	* kdc/hpropd.c (main): check number of arguments
-
-	* appl/popper/pop_init.c (pop_init): check number of arguments
-
-	* kpasswd/kpasswd.c (main): check number of arguments
-
-	* kdc/string2key.c (main): check number of arguments
-
-	* kuser/kdestroy.c (main): check number of arguments
-
-	* kuser/kinit.c (main): check number of arguments
-
-	* kpasswd/kpasswdd.c (main): use sigaction without SA_RESTART to
- 	break out of select when a signal arrives
-
-	* kdc/main.c (main): use sigaction without SA_RESTART to break out
- 	of select when a signal arrives
-
-	* kdc/kstash.c: default to HDB_DB_DIR "/m-key"
-
-	* kdc/config.c (configure): add `--version'.  Check the number of
- 	arguments. Handle the case of there being no specification of port
- 	numbers.
-
-	* admin/util.c: seal and unseal key at appropriate places
-
-	* admin/kdb_edit.c (main): parse arguments, config file and read
- 	master key iff there's one.
-
-	* admin/extkeytab.c (ext_keytab): unseal key while extracting
-
-Sun Sep  7 20:41:01 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/roken/roken.h: include <fcntl.h>
-
-	* kdc/kerberos5.c (set_salt_padata): new function
-
-	* appl/telnet/telnetd/telnetd.c: Rename some variables that
- 	conflict with cpp symbols on HP-UX 10.20
-
-	* change all calls of `gethostbyaddr' to cast argument 1 to `const
- 	char *'
-
-	* acconfig.h: only use SGTTY on nextstep
-
-Sun Sep  7 14:33:50 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc/kerberos5.c: Check invalid flag.
-
-Fri Sep  5 14:19:38 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/verify_user.c: Use get_init_creds/verify_init_creds.
-
-	* lib/kafs: Move functions common to krb/krb5 modules to new file,
- 	and make things more modular.
-
-	* lib/krb5/krb5.h: rename STRING -> krb5_config_string, and LIST
- 	-> krb5_config_list
-
-Thu Sep  4 23:39:43 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/get_addrs.c: Fix loopback test.
-
-Thu Sep  4 04:45:49 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/roken/roken.h: fallback definition of `O_ACCMODE'
-
-	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): be more careful when
- 	checking for a v4 reply
-
-Wed Sep  3 18:20:14 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc/hprop.c: Add `--decrypt' and `--encrypt' flags.
-
-	* lib/hdb/hdb.c: new {seal,unseal}_keys functions
-
-	* kdc/{hprop,hpropd}.c: Add support to dump database to stdout.
-
-	* kdc/hprop.c: Don't use same master key as version 4.
-
-	* admin/util.c: Don't dump core if no `default' is found.
-
-Wed Sep  3 16:01:07 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* kdc/connect.c: Allow run time port specification.
-
-	* kdc/config.c: Add flags for http support, and port
- 	specifications.
-
-Tue Sep  2 02:00:03 1997  Assar Westerlund  <assar@sics.se>
-
-	* include/bits.c: Don't generate ifndef's in bits.h.  Instead, use
- 	them when building the program.  This makes it possible to include
- 	bits.h without having defined all HAVE_INT17_T symbols.
-	
-	* configure.in: test for sigaction
-
-	* doc: updated documentation.
-	
-Tue Sep  2 00:20:31 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* Release 0.0g
-
-Mon Sep  1 17:42:14 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/data.c: don't return ENOMEM if len == 0
-
-Sun Aug 31 17:15:49 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/hdb/hdb.asn1: Include salt type in salt.
-
-	* kdc/hprop.h: Change port to 754.
-
-	* kdc/hpropd.c: Verify who tries to transmit a database.
-
-	* appl/popper: Use getarg and krb5_log.
-
-	* lib/krb5/get_port.c: Add context parameter. Now takes port in
- 	host byte order.
-
-Sat Aug 30 18:48:19 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc/connect.c: Add timeout to select, and log about expired tcp
- 	connections.
-
-	* kdc/config.c: Add `database' option.
-
-	* kdc/hpropd.c: Log about duplicate entries.
-
-	* lib/hdb/{db,ndbm}.c: Use common routines.
-
-	* lib/hdb/common.c: Implement more generic fetch/store/delete
- 	functions.
-
-	* lib/hdb/hdb.h: Add `replace' parameter to store.
-	
-	* kdc/connect.c: Set filedecriptor to -1 on allocated decriptor
- 	entries.
-
-Fri Aug 29 03:13:23 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_in_tkt.c: extract_ticket -> _krb5_extract_ticket
-
-	* aux/make-proto.pl: fix __P for stone age mode
-
-Fri Aug 29 02:45:46 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/45/mk_req.c: implementation of krb_mk_req that uses 524
- 	protocol
-
-	* lib/krb5/init_creds_pw.c: make change_password and
- 	get_init_creds_common static
-
-	* lib/krb5/krb5.h: Merge stuff from removed headerfiles.
-
-	* lib/krb5/fcache.c: fcc_ops -> krb5_fcc_ops
-
-	* lib/krb5/mcache.c: mcc_ops -> krb5_mcc_ops
-
-Fri Aug 29 01:45:25 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/krb5.h: Remove all prototypes.
-
-	* lib/krb5/convert_creds.c: Use `struct credentials' instead of
- 	`CREDENTIALS'.
-
-Fri Aug 29 00:08:18 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1/gen_glue.c: new file. generates 2int and int2 functions
-	and units for bit strings.
-
-	* admin/util.c: flags2int, int2flags, and flag_units are now
- 	generated by asn1_compile
-
-	* lib/roken/parse_units.c: generalised `parse_units' and
- 	`unparse_units' and added new functions `parse_flags' and
- 	`unparse_flags' that use these
-
-	* lib/krb5/krb5_locl.h: moved krb5_data* functions to krb5.h
-
-	* admin/util.c: Use {un,}parse_flags for printing and parsing
- 	hdbflags.
-
-Thu Aug 28 03:26:12 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_addrs.c: restructured
-
-	* lib/krb5/warn.c (_warnerr): leak less memory
-
-	* lib/hdb/hdb.c (hdb_free_entry): zero keys
-	(hdb_check_db_format): leak less memory
-
-	* lib/hdb/ndbm.c (NDBM_seq): check for valid hdb_entries implement
- 	NDBM__get, NDBM__put
-
-	* lib/hdb/db.c (DB_seq): check for valid hdb_entries
-
-Thu Aug 28 02:06:58 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/send_to_kdc.c: Don't use sendto on connected sockets.
-
-Thu Aug 28 01:13:17 1997  Assar Westerlund  <assar@sics.se>
-
-	* kuser/kinit.1, klist.1, kdestroy.1: new man pages
-
-	* kpasswd/kpasswd.1, kpasswdd.8: new man pages
-
-	* kdc/kstash.8, hprop.8, hpropd.8: new man pages
-
-	* admin/ktutil.8, admin/kdb_edit.8: new man pages
-
-	* admin/mod.c: new file
-
-	* admin/life.c: renamed gettime and puttime to getlife and putlife
-	and moved them to life.c
-
-	* admin/util.c: add print_flags, parse_flags, init_entry,
- 	set_created_by, set_modified_by, edit_entry, set_password.  Use
- 	them.
-
-	* admin/get.c: use print_flags
-
-	* admin: removed unused stuff.  use krb5_{warn,err}*
-
-	* admin/ank.c: re-organized and abstracted.
-
-	* admin/gettime.c: removed
-
-Thu Aug 28 00:37:39 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/{get_cred,get_in_tkt}.c: Check for v4 reply.
-
-	* lib/roken/base64.c: Add base64 functions.
-
-	* kdc/connect.c lib/krb5/send_to_kdc.c: Add http support.
-
-Wed Aug 27 00:29:20 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* include/Makefile.am: Don't make links to built files.
-
-	* admin/kdb_edit.c: Add command to set the database path.
-
-	* lib/hdb: Include version number in database.
-
-Tue Aug 26 20:14:54 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* admin/ktutil: Merged v4 srvtab conversion.
-
-Mon Aug 25 23:02:18 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/roken/roken.h: add F_OK
-
-	* lib/gssapi/acquire_creds.c: fix typo
-
-	* configure.in: call AC_TYPE_MODE_T
-
-	* acinclude.m4: Add AC_TYPE_MODE_T
-
-Sun Aug 24 16:46:53 1997  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.0f
-
-Sun Aug 24 08:06:54 1997  Assar Westerlund  <assar@sics.se>
-
-	* appl/popper/pop_pass.c: log poppers
-
-	* kdc/kaserver.c: some more checks
-
-	* kpasswd/kpasswd.c: removed `-p'
-
-	* kuser/kinit.c: removed `-p'
-
-	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): If
- 	KDC_ERR_PREUATH_REQUIRED, add preauthentication and try again.
-
-	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): don't print out
- 	krb-error text
-
-	* lib/gssapi/import_name.c (input_name): more names types.
-
-	* admin/load.c (parse_keys): handle the case of an empty salt
-
-	* kdc/kaserver.c: fix up memory deallocation
-
-	* kdc/kaserver.c: quick hack at talking kaserver protocol
-
-	* kdc/kerberos4.c: Make `db-fetch4' global
-
-	* configure.in: add --enable-kaserver
-
-	* kdc/rx.h, kdc/kerberos4.h: new header files
-
-	* lib/krb5/principal.c: fix krb5_build_principal_ext & c:o
-
-Sun Aug 24 03:52:44 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/{get_in_tkt,mk_safe,mk_priv}.c: Fix some Cray specific
- 	type conflicts.
-
-	* lib/krb5/{get_cred,get_in_tkt}.c: Mask nonce to 32 bits.
-
-	* lib/des/{md4,md5,sha}.c: Now works on Crays.
-
-Sat Aug 23 18:15:01 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* appl/afsutil/afslog.c: If no cells or files specified, get
- 	tokens for all local cells. Better test for files.
-
-Thu Aug 21 23:33:38 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/gssapi/v1.c: new file with v1 compatibility functions.
-
-Thu Aug 21 20:36:13 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/kafs/afskrb5.c: Don't check ticket file for afs ticket.
-
-	* kdc/kerberos4.c: Check database when converting v4 principals.
-
-	* kdc/kerberos5.c: Include kvno in Ticket.
-
-	* lib/krb5/encrypt.c: Add kvno parameter to encrypt_EncryptedData.
-
-	* kuser/klist.c: Print version number of ticket, include more
- 	flags.
-
-Wed Aug 20 21:26:58 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/kafs/afskrb5.c (get_cred): Check cached afs tickets for
- 	expiration.
-
-Wed Aug 20 17:40:31 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/recvauth.c (krb5_recvauth): Send a KRB-ERROR iff
- 	there's an error.
-
-	* lib/krb5/sendauth.c (krb5_sendauth): correct the protocol
- 	documentation and process KRB-ERROR's
-
-Tue Aug 19 20:41:30 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc/kerberos4.c: Fix memory leak in v4 protocol handler.
-
-Mon Aug 18 05:15:09 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/gssapi/accept_sec_context.c: Added
- 	`gsskrb5_register_acceptor_identity'
-
-Sun Aug 17 01:40:20 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/gssapi/accept_sec_context.c (gss_accept_sec_context): don't
- 	always pass server == NULL to krb5_rd_req.
-
-	* lib/gssapi: new files: canonicalize_name.c export_name.c
- 	context_time.c compare_name.c release_cred.c acquire_cred.c
- 	inquire_cred.c, from Luke Howard <lukeh@xedoc.com.au>
-
-	* lib/krb5/config_file.c: Add netinfo support from Luke Howard
- 	<lukeh@xedoc.com.au>
-
-	* lib/editline/sysunix.c: sgtty-support from Luke Howard
- 	<lukeh@xedoc.com.au>
-
-	* lib/krb5/principal.c: krb5_sname_to_principal fix from Luke
- 	Howard <lukeh@xedoc.com.au>
-
-Sat Aug 16 00:44:47 1997  Assar Westerlund  <assar@koi.pdc.kth.se>
-
-	* Release 0.0e
-
-Sat Aug 16 00:23:46 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* appl/afsutil/afslog.c: Use new libkafs.
-
-	* lib/kafs/afskrb5.c: Get AFS tokens via 524 protocol.
-
-	* lib/krb5/warn.c: Fix format string for *x type.
-
-Fri Aug 15 22:15:01 1997  Assar Westerlund  <assar@sics.se>
-
-	* admin/get.c (get_entry): print more information about the entry
-
-	* lib/des/Makefile.am: build destest, mdtest, des, rpw, speed
-
-	* lib/krb5/config_file.c: new functions `krb5_config_get_time' and
- 	`krb5_config_vget_time'.  Use them.
-
-Fri Aug 15 00:09:37 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* admin/ktutil.c: Keytab manipulation program.
-
-	* lib/krb5/keytab.c: Return sane values from resolve and
- 	start_seq_get.
-
-	* kdc/kerberos5.c: Fix for old clients passing 0 for `no endtime'.
-
-	* lib/45/get_ad_tkt.c: Kerberos 4 get_ad_tkt using
- 	krb524_convert_creds_kdc.
-
-	* lib/krb5/convert_creds.c: Implementation of
- 	krb524_convert_creds_kdc.
-
-	* lib/asn1/k5.asn1: Make kdc-req-body.till OPTIONAL
-
-	* kdc/524.c: A somewhat working 524-protocol module.
-
-	* kdc/kerberos4.c: Add version 4 ticket encoding and encryption
- 	functions.
-
-	* lib/krb5/context.c: Fix kdc_timeout.
-
-	* lib/hdb/{ndbm,db}.c: Free name in close.
-
-	* kdc/kerberos5.c (tgs_check_autenticator): Return error code
-
-Thu Aug 14 21:29:03 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc/kerberos5.c (tgs_make_reply): Fix endtime in reply.
-
-	* lib/krb5/store_emem.c: Fix reallocation bug.
-
-Tue Aug 12 01:29:46 1997  Assar Westerlund  <assar@sics.se>
-
-	* appl/telnet/libtelnet/kerberos5.c, appl/popper/pop_init.c: Use
- 	`krb5_sock_to_principal'.  Send server parameter to
- 	krb5_rd_req/krb5_recvauth.  Set addresses in auth_context.
-
-	* lib/krb5/recvauth.c: Set addresses in auth_context if there
- 	aren't any
-
-	* lib/krb5/auth_context.c: New function
- 	`krb5_auth_con_setaddrs_from_fd'
-
-	* lib/krb5/sock_principal.c: new function
-	`krb5_sock_to_principal'
-	
-	* lib/krb5/time.c: new file with `krb5_timeofday' and
- 	`krb5_us_timeofday'.  Use these functions.
-
-	* kuser/klist.c: print KDC offset iff verbose
-
-	* lib/krb5/get_in_tkt.c: implement KDC time offset and use it if
- 	[libdefaults]kdc_timesync is set.
-	
-	* lib/krb5/fcache.c: Implement version 4 of the ccache format.
-
-Mon Aug 11 05:34:43 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/rd_rep.c (krb5_free_ap_rep_enc_part): free all memory
-
-	* lib/krb5/principal.c (krb5_unparse_name): allocate memory
- 	properly
-
-	* kpasswd/kpasswd.c: Use `krb5_change_password'
-
-	* lib/krb5/init_creds_pw.c (init_cred): set realm of server
- 	correctly.
-
-	* lib/krb5/init_creds_pw.c: support changing of password when it
- 	has expired
-
-	* lib/krb5/changepw.c: new file
-
-	* kuser/klist.c: use getarg
-
-	* admin/init.c (init): add `kadmin/changepw'
-
-Mon Aug 11 04:30:47 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/get_cred.c: Make get_credentials handle cross-realm.
-
-Mon Aug 11 00:03:24 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/config_file.c: implement support for #-comments
-
-Sat Aug  9 02:21:46 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc/hprop*.c: Add database propagation programs.
-
-	* kdc/connect.c: Max request size.
-
-Sat Aug  9 00:47:28 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/otp: resurrected from krb4
-
-	* appl/push: new program for fetching mail with POP.
-
-	* appl/popper/popper.h: new include files.  new fields in `POP'
-
-	* appl/popper/pop_pass.c: Implement both v4 and v5.
-
-	* appl/popper/pop_init.c: Implement both v4 and v5.
-
-	* appl/popper/pop_debug.c: use getarg.  Talk both v4 and v5
-
-	* appl/popper: Popper from krb4.
-
-	* configure.in: check for inline and <netinet/tcp.h> generate
- 	files in appl/popper, appl/push, and lib/otp
-
-Fri Aug  8 05:51:02 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_cred.c: clean-up and try to free memory even when
- 	there're errors
-
-	* lib/krb5/get_cred.c: adapt to new `extract_ticket'
-
-	* lib/krb5/get_in_tkt.c: reorganize.  check everything and try to
- 	return memory even if there are errors.
-
-	* kuser/kverify.c: new file
-
-	* lib/krb5/free_host_realm.c: new file
-
-	* lib/krb5/principal.c (krb5_sname_to_principal): implement
- 	different nametypes.  Also free memory.
-
-	* lib/krb5/verify_init.c: more functionality
-
-	* lib/krb5/mk_req_ext.c (krb5_mk_req_extended): free the checksum
-
-	* lib/krb5/get_in_tkt.c (extract_ticket): don't copy over the
- 	principals in creds.  Should also compare them with that received
- 	from the KDC
-
-	* lib/krb5/cache.c (krb5_cc_gen_new): copy the newly allocated
- 	krb5_ccache
-	(krb5_cc_destroy): call krb5_cc_close
-	(krb5_cc_retrieve_cred): delete the unused creds
-
-Fri Aug  8 02:30:40 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/log.c: Allow better control of destinations of logging
- 	(like passing explicit destinations, and log-functions).
-
-Fri Aug  8 01:20:39 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_default_principal.c: new file
-
-	* kpasswd/kpasswdd.c: use krb5_log*
-
-Fri Aug  8 00:37:47 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/init_creds_pw.c: Implement krb5_get_init_creds_keytab.
-
-Fri Aug  8 00:37:17 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/init_creds_pw.c: Use `krb5_get_default_principal'.
-  	Print password expire information.
-
-	* kdc/config.c: new variable `kdc_warn_pwexpire'
-
-	* kpasswd/kpasswd.c: converted to getarg and get_init_creds
-
-Thu Aug  7 22:17:09 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/mcache.c: new file
-
-	* admin/gettime.c: new function puttime.  Use it.
-
-	* lib/krb5/keyblock.c: Added krb5_free_keyblock and
- 	krb5_copy_keyblock
-
-	* lib/krb5/init_creds_pw.c: more functionality
-
-	* lib/krb5/creds.c: Added krb5_free_creds_contents and
- 	krb5_copy_creds.  Changed callers.
-
-	* lib/krb5/config_file.c: new functions krb5_config_get and
- 	krb5_config_vget
-
-	* lib/krb5/cache.c: cleanup added mcache
-	
-	* kdc/kerberos5.c: include last-req's of type 6 and 7, if
- 	applicable
-
-Wed Aug  6 20:38:23 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/log.c: New parameter `log-level'. Default to `SYSLOG'.
-
-Tue Aug  5 22:53:54 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/verify_init.c, init_creds_pw.c, init_creds.c,
-	prompter_posix.c: the beginning of an implementation of the cygnus
-	initial-ticket API.
-
-	* lib/krb5/get_in_tkt_pw.c: make `krb5_password_key_proc' global
-
-	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): new function that is
- 	almost krb5_get_in_tkt but doesn't write the creds to the ccache.
-  	Small fixes in krb5_get_in_tkt
-
-	* lib/krb5/get_addrs.c (krb5_get_all_client_addrs): don't include
- 	loopback.
-
-Mon Aug  4 20:20:48 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc: Make context global.
-
-Fri Aug  1 17:23:56 1997  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.0d
-
-	* lib/roken/flock.c: new file
-
-	* kuser/kinit.c: check for and print expiry information in the
- 	`kdc_rep'
-
-	* lib/krb5/get_in_tkt.c: Set `ret_as_reply' if != NULL
-
-	* kdc/kerberos5.c: Check the valid times on client and server.
-  	Check the password expiration.
-	Check the require_preauth flag.
-  	Send an lr_type == 6 with pw_end.
-	Set key.expiration to min(valid_end, pw_end)
-	
-	* lib/hdb/hdb.asn1: new flags `require_preauth' and `change_pw'
-
-	* admin/util.c, admin/load.c: handle the new flags.
-
-Fri Aug  1 16:56:12 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/hdb: Add some simple locking.
-
-Sun Jul 27 04:44:31 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/log.c: Add some general logging functions.
-
-	* kdc/kerberos4.c: Add version 4 protocol handler. The requrement
- 	for this to work is that all involved principals has a des key in
- 	the database, and that the client has a version 4 (un-)salted
- 	key. Furthermore krb5_425_conv_principal has to do it's job, as
- 	present it's not very clever.
-
-	* lib/krb5/principal.c: Quick patch to make 425_conv work
- 	somewhat.
-
-	* lib/hdb/hdb.c: Add keytype->key and next key functions.
-
-Fri Jul 25 17:32:12 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/build_auth.c (krb5_build_authenticator): don't free
- 	`cksum'.  It's allocated and freed by the caller
-
-	* lib/krb5/get_cred.c (krb5_get_kdc_cred): Don't free `addresses'.
-
-	* kdc/kerberos5.c (tgs_rep2): make sure we also have an defined
- 	`client' to return as part of the KRB-ERROR
-
-Thu Jul 24 08:13:59 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc/kerberos5.c: Unseal keys from database before use.
-
-	* kdc/misc.c: New functions set_master_key, unseal_key and
- 	free_key.
-
-	* lib/roken/getarg.c: Handle `-f arg' correctly.
-
-Thu Jul 24 01:54:43 1997  Assar Westerlund  <assar@sics.se>
-
-	* kuser/kinit.c: implement `-l' aka `--lifetime'
-
-	* lib/roken/parse_units.c, parse_time.c: new files
-
-	* admin/gettime.c (gettime): use `parse_time'
-
-	* kdc/kerberos5.c (as_rep): Use `METHOD-DATA' when sending
- 	KRB5KDC_ERR_PREAUTH_REQUIRED, not PA-DATA.
-
-	* kpasswd/kpasswdd.c: fix freeing bug use sequence numbers set
- 	addresses in auth_context bind one socket per interface.
-	
-	* kpasswd/kpasswd.c: use sequence numbers
-
-	* lib/krb5/rd_req.c (krb5_verify_ap_req): do abs when verifying
- 	the timestamps
-
-	* lib/krb5/rd_priv.c (krb5_rd_priv): Fetch the correct session key
- 	from auth_context
-
-	* lib/krb5/mk_priv.c (krb5_mk_priv): Fetch the correct session key
- 	from auth_context
-
-	* lib/krb5/mk_error.c (krb5_mk_error): return an error number and
- 	not a comerr'd number.
-
-	* lib/krb5/get_in_tkt.c (krb5_get_in_tkt): interpret the error
- 	number in KRB-ERROR correctly.
-
-	* lib/krb5/get_cred.c (krb5_get_kdc_cred): interpret the error
- 	number in KRB-ERROR correctly.
-
-	* lib/asn1/k5.asn1: Add `METHOD-DATA'
-
-	* removed some memory leaks.
-
-Wed Jul 23 07:53:18 1997  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.0c
-
-	* lib/krb5/rd_cred.c, get_for_creds.c: new files
-
-	* lib/krb5/get_host_realm.c: try default realm as last chance
-
-	* kpasswd/kpasswdd.c: updated to hdb changes
-
-	* appl/telnet/libtelnet/kerberos5.c: Implement forwarding
-
-	* appl/telnet/libtelnet: removed totally unused files
-
-	* admin/ank.c: fix prompts and generation of random keys
-
-Wed Jul 23 04:02:32 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* admin/dump.c: Include salt in dump.
-
-	* admin: Mostly updated for new db-format.
-
-	* kdc/kerberos5.c: Update to use new db format. Better checking of
- 	flags and such. More logging.
-
-	* lib/hdb/hdb.c: Use generated encode and decode functions.
-
-	* lib/hdb/hdb.h: Get hdb_entry from ASN.1 generated code.
-
-	* lib/krb5/get_cred.c: Get addresses from krbtgt if there are none
- 	in the reply.
-
-Sun Jul 20 16:22:30 1997  Assar Westerlund  <assar@sics.se>
-
-	* kuser/kinit.c: break if des_read_pw_string() != 0
-
-	* kpasswd/kpasswdd.c: send a reply
-
-	* kpasswd/kpasswd.c: restructured code.  better report on
- 	krb-error break if des_read_pw_string() != 0
-
-	* kdc/kerberos5.c: Check `require_enc_timestamp' malloc space for
- 	starttime and renew_till
-
-	* appl/telnet/libtelnet/kerberos5.c (kerberos5_is): Send a
- 	keyblock to krb5_verify_chekcsum
-
-Sun Jul 20 06:35:46 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* Release 0.0b
-
-	* kpasswd/kpasswd.c: Avoid using non-standard struct names.
-
-Sat Jul 19 19:26:23 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/keytab.c (krb5_kt_get_entry): check return from
- 	`krb5_kt_start_seq_get'.  From <map@stacken.kth.se>
-
-Sat Jul 19 04:07:39 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/asn1/k5.asn1: Update with more pa-data types from
- 	draft-ietf-cat-kerberos-revisions-00.txt
-
-	* admin/load.c: Update to match current db-format.
-
-	* kdc/kerberos5.c (as_rep): Try all valid pa-datas before giving
- 	up. Send back an empty pa-data if the client has the v4 flag set.
-
-	* lib/krb5/get_in_tkt.c: Pass both version5 and version4 salted
- 	pa-data. DTRT if there is any pa-data in the reply.
-
-	* lib/krb5/str2key.c: XOR with some sane value.
-
-	* lib/hdb/hdb.h: Add `version 4 salted key' flag.
-
-	* kuser/kinit.c: Ask for password before calling get_in_tkt. This
- 	makes it possible to call key_proc more than once.
-
-	* kdc/string2key.c: Add flags to output version 5 (DES only),
- 	version 4, and AFS string-to-key of a password.
-
-	* lib/asn1/gen_copy.c: copy_* functions now returns an int (0 or
- 	ENOMEM).
-
-Fri Jul 18 02:54:58 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_host_realm.c (krb5_get_host_realm): do the
- 	name2name thing
-
-	* kdc/misc.c: check result of hdb_open
-
-	* admin/kdb_edit: updated to new sl
-
-	* lib/sl: sl_func now returns an int. != 0 means to exit.
-
-	* kpasswd/kpasswdd: A crude (but somewhat working) implementation
- 	of `draft-ietf-cat-kerb-chg-password-00.txt'
-
-Fri Jul 18 00:55:39 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* kuser/krenew.c: Crude ticket renewing program.
-
-	* kdc/kerberos5.c: Rewritten flags parsing, it now might work to
- 	get forwarded and renewed tickets.
-
-	* kuser/kinit.c: Add `-r' flag.
-
-	* lib/krb5/get_cred.c: Move most of contents of get_creds to new
- 	function get_kdc_cred, that always contacts the kdc and doesn't
- 	save in the cache. This is a hack.
-
-	* lib/krb5/get_in_tkt.c: Pass starttime and renew_till in request
- 	(a bit kludgy).
-
-	* lib/krb5/mk_req_ext.c: Make an auth_context if none passed in.
-
-	* lib/krb5/send_to_kdc.c: Get timeout from context.
-
-	* lib/krb5/context.c: Add kdc_timeout to context struct.
-
-Thu Jul 17 20:35:45 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* kuser/klist.c: Print start time of ticket if available.
-
-	* lib/krb5/get_host_realm.c: Return error if no realm was found.
-
-Thu Jul 17 20:28:21 1997  Assar Westerlund  <assar@sics.se>
-
-	* kpasswd: non-working kpasswd added
-
-Thu Jul 17 00:21:22 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* Release 0.0a
-
-	* kdc/main.c: Add -p flag to disable pa-enc-timestamp requirement.
-
-Wed Jul 16 03:37:41 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc/kerberos5.c (tgs_rep2): Free ticket and ap_req.
-
-	* lib/krb5/auth_context.c (krb5_auth_con_free): Free remote
- 	subkey.
-
-	* lib/krb5/principal.c (krb5_free_principal): Check for NULL.
-
-	* lib/krb5/send_to_kdc.c: Check for NULL return from
- 	gethostbyname.
-
-	* lib/krb5/set_default_realm.c: Try to get realm of local host if
- 	no default realm is available.
-
-	* Remove non ASN.1 principal code.
-
-Wed Jul 16 03:17:30 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* kdc/kerberos5.c: Split tgs_rep in smaller functions. Add better
- 	error handing. Do some logging.
-
-	* kdc/log.c: Some simple logging facilities.
-
-	* kdc/misc.c (db_fetch): Take a krb5_principal.
-
-	* kdc/connect.c: Pass address of request to as_rep and
- 	tgs_rep. Send KRB-ERROR.
-
-	* lib/krb5/mk_error.c: Add more fields.
-
-	* lib/krb5/get_cred.c: Print normal error code if no e_text is
- 	available.
-
-Wed Jul 16 03:07:50 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_in_tkt.c: implement `krb5_init_etype'.
- 	Change encryption type of pa_enc_timestamp to DES-CBC-MD5
-
-	* lib/krb5/context.c: recognize all encryption types actually
- 	implemented
-
-	* lib/krb5/auth_context.c (krb5_auth_con_init): Change default
- 	encryption type to `DES_CBC_MD5'
-
-	*  lib/krb5/read_message.c, write_message.c: new files
-
-Tue Jul 15 17:14:21 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1: replaced asn1_locl.h by `der_locl.h' and `gen_locl.h'.
-
-	* lib/error/compile_et.awk: generate a prototype for the
- 	`destroy_foo_error_table' function.
-
-Mon Jul 14 12:24:40 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/krbhst.c (krb5_get_krbhst): Get all kdc's and try also
- 	with `kerberos.REALM'
-
-	* kdc/kerberos5.c, lib/krb5/rd_priv.c, lib/krb5/rd_safe.c: use
- 	`max_skew'
-
-	* lib/krb5/rd_req.c (krb5_verify_ap_req): record authenticator
- 	subkey
-
-	* lib/krb5/build_auth.c (krb5_build_authenticator): always
- 	generate a subkey.
-
-	* lib/krb5/address.c: implement `krb5_address_order'
-
-	* lib/gssapi/import_name.c: Implement `gss_import_name'
-
-	* lib/gssapi/external.c: Use new OID
-
-	* lib/gssapi/encapsulate.c: New functions
- 	`gssapi_krb5_encap_length' and `gssapi_krb5_make_header'.  Changed
-	callers.
-
-	* lib/gssapi/decapsulate.c: New function
- 	`gssaspi_krb5_verify_header'.  Changed callers.
-
-	* lib/asn1/gen*.c: Give tags to generated structs.
-	Use `err' and `asprintf'
-
-	* appl/test/gss_common.c: new file
-
-	* appl/test/gssapi_server.c: removed all krb5 calls
-
-	* appl/telnet/libtelnet/kerberos5.c: Add support for genering and
- 	verifying checksums.  Also start using session subkeys.
-
-Mon Jul 14 12:08:25 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/rd_req.c (krb5_rd_req_with_keyblock): Split up.
-
-Sun Jul 13 03:07:44 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/rd_safe.c, mk_safe.c: made bug-compatible with MIT
-
-	* lib/krb5/encrypt.c: new functions `DES_encrypt_null_ivec' and
- 	`DES_encrypt_key_ivec'
-
-	* lib/krb5/checksum.c: implement rsa-md4-des and rsa-md5-des
-
-	* kdc/kerberos5.c (tgs_rep): support keyed checksums
-
-	* lib/krb5/creds.c: new file
-
-	* lib/krb5/get_in_tkt.c: better freeing
-
-	* lib/krb5/context.c (krb5_free_context): more freeing
-
-	* lib/krb5/config_file.c: New function `krb5_config_file_free'
-
-	* lib/error/compile_et.awk: Generate a `destroy_' function.
-
-	* kuser/kinit.c, klist.c: Don't leak memory.
-
-Sun Jul 13 02:46:27 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc/connect.c: Check filedescriptor in select.
-
-	* kdc/kerberos5.c: Remove most of the most common memory leaks.
-
-	* lib/krb5/rd_req.c: Free allocated data.
-
-	* lib/krb5/auth_context.c (krb5_auth_con_free): Free a lot of
- 	fields.
-
-Sun Jul 13 00:32:16 1997  Assar Westerlund  <assar@sics.se>
-
-	* appl/telnet: Conditionalize the krb4-support.
-
-	* configure.in: Test for krb4
-
-Sat Jul 12 17:14:12 1997  Assar Westerlund  <assar@sics.se>
-
-	* kdc/kerberos5.c: check if the pre-auth was decrypted properly.
-  	set the `pre_authent' flag
-
-	* lib/krb5/get_cred.c, lib/krb5/get_in_tkt.c: generate a random nonce.
-
-	* lib/krb5/encrypt.c: Made `generate_random_block' global.
-
-	* appl/test: Added gssapi_client and gssapi_server.
-
-	* lib/krb5/data.c: Add `krb5_data_zero'
-
-	* appl/test/tcp_client.c: try `mk_safe' and `mk_priv'
-
-	* appl/test/tcp_server.c: try `rd_safe' and `rd_priv'
-
-Sat Jul 12 16:45:58 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/get_addrs.c: Fix for systems that has sa_len, but
- 	returns zero length from SIOCGIFCONF.
-
-Sat Jul 12 16:38:34 1997  Assar Westerlund  <assar@sics.se>
-
-	* appl/test: new programs
-	
-	* lib/krb5/rd_req.c: add address compare
-
-	* lib/krb5/mk_req_ext.c: allow no checksum
-
-	* lib/krb5/keytab.c (krb5_kt_ret_string): 0-terminate string
-
-	* lib/krb5/address.c: fix `krb5_address_compare'
-
-Sat Jul 12 15:03:16 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/get_addrs.c: Fix ip4 address extraction.
-
-	* kuser/klist.c: Add verbose flag, and split main into smaller
- 	pieces.
-
-	* lib/krb5/fcache.c: Save ticket flags.
-
-	* lib/krb5/get_in_tkt.c (extract_ticket): Extract addresses and
- 	flags.
-
-	* lib/krb5/krb5.h: Add ticket_flags to krb5_creds.
-
-Sat Jul 12 13:12:48 1997  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: Call `AC_KRB_PROG_LN_S'
-
-	* acinclude.m4: Add `AC_KRB_PROG_LN_S' from krb4
-
-Sat Jul 12 00:57:01 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/get_in_tkt.c: Use union of krb5_flags and KDCOptions to
- 	pass options.
-
-Fri Jul 11 15:04:22 1997  Assar Westerlund  <assar@sics.se>
-
-	* appl/telnet: telnet & telnetd seems to be working.
-	
-	* lib/krb5/config_file.c: Added krb5_config_v?get_list Fixed
- 	krb5_config_vget_next
-
-	* appl/telnet/libtelnet/kerberos5.c: update to current API
-
-Thu Jul 10 14:54:39 1997  Assar Westerlund  <assar@sics.se>
-
-	* appl/telnet/libtelnet/kerberos5.c (kerberos5_status): call
- 	`krb5_kuserok'
-
-	* appl/telnet: Added.
-
-Thu Jul 10 05:09:25 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/error/compile_et.awk: Remove usage of sub, gsub, and
- 	functions for compatibility with awk.
-
-	* include/bits.c: Must use signed char.
-
-	* lib/krb5/context.c: Move krb5_get_err_text, and krb5_init_ets
- 	here.
-
-	* lib/error/error.c: Replace krb5_get_err_text with new function
- 	com_right.
-
-	* lib/error/compile_et.awk: Avoid using static variables.
-
-	* lib/error/error.c: Don't use krb5_locl.h
-
-	* lib/error/error.h: Move definitions of error_table and
- 	error_list from krb5.h.
-
-	* lib/error: Moved from lib/krb5.
-
-Wed Jul  9 07:42:04 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/encrypt.c: Temporary hack to avoid des_rand_data.
-
-Wed Jul  9 06:58:00 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/{rd,mk}_{*}.c: more checking for addresses and stuff
-	according to pseudocode from 1510
-
-Wed Jul  9 06:06:06 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/hdb/hdb.c: Add hdb_etype2key.
-
-	* kdc/kerberos5.c: Check authenticator. Use more general etype
- 	functions.
-	
-Wed Jul  9 03:51:12 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1/k5.asn1: Made all `s_address' OPTIONAL according to
- 	draft-ietf-cat-kerberos-r-00.txt
-
-	* lib/krb5/principal.c (krb5_parse_name): default to local realm
- 	if none given
-	
-	* kuser/kinit.c: New option `-p' and prompt
-
-Wed Jul  9 02:30:06 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/keyblock.c: Keyblock generation functions.
-
-	* lib/krb5/encrypt.c: Use functions from checksum.c.
-
-	* lib/krb5/checksum.c: Move checksum functions here. Add
- 	krb5_cksumsize function.
-
-Wed Jul  9 01:15:38 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_host_realm.c: implemented
-
-	* lib/krb5/config_file.c: Redid part.  New functions:
- 	krb5_config_v?get_next
-
-	* kuser/kdestroy.c: new program
-
-	* kuser/kinit.c: new flag `-f'
-
-	* lib/asn1/k5.asn1: Made HostAddresses = SEQUENCE OF HostAddress
-
-	* acinclude.m4: Added AC_KRB_STRUCT_SOCKADDR_SA_LEN
-
-	* lib/krb5/krb5.h: krb5_addresses == HostAddresses.  Changed all
- 	users.
-
-	* lib/krb5/get_addrs.c: figure out all local addresses, possibly
- 	even IPv6!
-
-	* lib/krb5/checksum.c: table-driven checksum
-
-Mon Jul  7 21:13:28 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/encrypt.c: Make krb5_decrypt use the same struct as
- 	krb5_encrypt.
-
-Mon Jul  7 11:15:51 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/roken/vsyslog.c: new file
-
-	* lib/krb5/encrypt.c: add des-cbc-md4.
-	adjust krb5_encrypt and krb5_decrypt to reality
-
-Mon Jul  7 02:46:31 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/encrypt.c: Implement as a vector of function pointers.
-
-	* lib/krb5/{decrypt,encrypt}.c: Implement des-cbc-crc, and
- 	des-cbc-md5 in separate functions.
-
-	* lib/krb5/krb5.h: Add more checksum and encryption types.
-
-	* lib/krb5/krb5_locl.h: Add etype to krb5_decrypt.
-
-Sun Jul  6 23:02:59 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/[gs]et_default_realm.c, kuserok.c: new files
-
-	* lib/krb5/config_file.[ch]: new c-based configuration reading
- 	stuff
-
-Wed Jul  2 23:12:56 1997  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: Set WFLAGS if using gcc
-
-Wed Jul  2 17:47:03 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/asn1/der_put.c (der_put_int): Return size correctly.
-
-	* admin/ank.c: Be compatible with the asn1 principal format.
-
-Wed Jul  1 23:52:20 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/asn1: Now all decode_* and encode_* functions now take a
- 	final size_t* argument, that they return the size in. Return
- 	values are zero for success, and anything else (such as some
- 	ASN1_* constant) for error.
-
-Mon Jun 30 06:08:14 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/keytab.c (krb5_kt_add_entry): change open mode to
- 	O_WRONLY | O_APPEND
-
-	* lib/krb5/get_cred.c: removed stale prototype for
- 	`extract_ticket' and corrected call.
-
-	* lib/asn1/gen_length.c (length_type): Make the length functions
- 	for SequenceOf non-destructive
-
-	* admin/ank.c (doit): Fix reading of `y/n'.
-
-Mon Jun 16 05:41:43 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/gssapi/wrap.c, unwrap.c: do encrypt and add sequence number
-
-	* lib/gssapi/get_mic.c, verify_mic.c: Add sequence number.
-
-	* lib/gssapi/accept_sec_context.c (gss_accept_sec_context): Set
- 	KRB5_AUTH_CONTEXT_DO_SEQUENCE.  Verify 8003 checksum.
-
-	* lib/gssapi/8003.c: New file.
-
-	* lib/krb/krb5.h: Define a `krb_authenticator' as an ASN.1
- 	Authenticator.
-
-	* lib/krb5/auth_context.c: New functions
- 	`krb5_auth_setlocalseqnumber' and `krb5_auth_setremoteseqnumber'
-
-Tue Jun 10 00:35:54 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5: Preapre for use of some asn1-types.
-
-	* lib/asn1/*.c (copy_*): Constness.
-
-	* lib/krb5/krb5.h: Include asn1.h; krb5_data is now an
- 	octet_string.
-
-	* lib/asn1/der*,gen.c: krb5_data -> octet_string, char * ->
- 	general_string
-
-	* lib/asn1/libasn1.h: Moved stuff from asn1_locl.h that doesn't
- 	have anything to do with asn1_compile.
-
-	* lib/asn1/asn1_locl.h: Remove der.h. Add some prototypes.
-
-Sun Jun  8 03:51:55 1997  Assar Westerlund  <assar@sics.se>
-
-	* kdc/kerberos5.c: Fix PA-ENC-TS-ENC
-
- 	* kdc/connect.c(process_request): Set `new'
-	
-	* lib/krb5/get_in_tkt.c: Do PA-ENC-TS-ENC the correct way.
-
-	* lib: Added editline,sl,roken.
-
-Mon Jun  2 00:37:48 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/fcache.c: Move file cache from cache.c.
-
-	* lib/krb5/cache.c: Allow more than one cache type.
-
-Sun Jun  1 23:45:33 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* admin/extkeytab.c: Merged with kdb_edit.
-
-Sun Jun  1 23:23:08 1997  Assar Westerlund  <assar@sics.se>
-
-	* kdc/kdc.c: more support for ENC-TS-ENC
-
-	* lib/krb5/get_in_tkt.c: redone to enable pre-authentication
-
-Sun Jun  1 22:45:11 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/hdb/db.c: Merge fetch and store.
-
-	* admin: Merge to one program.
-
-	* lib/krb5/str2key.c: Fill in keytype and length.
-
-Sun Jun  1 16:31:23 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/rd_safe.c, lib/krb5/rd_priv.c, lib/krb5/mk_rep.c,
- 	lib/krb5/mk_priv.c, lib/krb5/build_auth.c: Some support for
- 	KRB5_AUTH_CONTEXT_DO_SEQUENCE
-
-	* lib/krb5/get_in_tkt.c (get_in_tkt): be prepared to parse an
- 	KRB_ERROR.  Some support for PA_ENC_TS_ENC.
-
-	* lib/krb5/auth_context.c: implemented seq_number functions
-
-	* lib/krb5/generate_subkey.c, generate_seq_number.c: new files
-
-	* lib/gssapi/gssapi.h: avoid including <krb5.h>
-
-	* lib/asn1/Makefile.am: SUFFIXES as a variable to make automake
- 	happy
-
-	* kdc/kdc.c: preliminary PREAUTH_ENC_TIMESTAMP
-
-	* configure.in: adapted to automake 1.1p
-
-Mon May 26 22:26:21 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/principal.c: Add contexts to many functions.
-
-Thu May 15 20:25:37 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/verify_user.c: First stab at a verify user.
-
-	* lib/auth/sia/sia5.c: SIA module for Kerberos 5.
-
-Mon Apr 14 00:09:03 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/gssapi: Enough of a gssapi-over-krb5 implementation to be
-	able to (mostly) run gss-client and gss-server.
-	
-	* lib/krb5/keytab.c: implemented krb5_kt_add_entry,
- 	krb5_kt_store_principal, krb5_kt_store_keyblock
-
-	* lib/des/md5.[ch], sha.[ch]: new files
-
-	* lib/asn1/der_get.c (generalizedtime2time): use `timegm'
-
-	* lib/asn1/timegm.c: new file
-
-	* admin/extkeytab.c: new program
-
-	* admin/admin_locl.h: new file
-
-	* admin/Makefile.am: Added extkeytab
-
-	* configure.in: moved config to include
-	removed timezone garbage
-	added lib/gssapi and admin
-
-	* Makefile.am: Added admin
-
-Mon Mar 17 11:34:05 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* kdc/kdc.c: Use new copying functions, and free some data.
-
-	* lib/asn1/Makefile.am: Try to not always rebuild generated files.
-
-	* lib/asn1/der_put.c: Add fix_dce().
-
-	* lib/asn1/der_{get,length,put}.c: Fix include files.
-
-	* lib/asn1/der_free.c: Remove unused functions.
-	
-	* lib/asn1/gen.c: Split into gen_encode, gen_decode, gen_free,
- 	gen_length, and gen_copy.
-
-Sun Mar 16 18:13:52 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/sendauth.c: implemented functionality
-
-	* lib/krb5/rd_rep.c: Use `krb5_decrypt'
-
-	* lib/krb5/cache.c (krb5_cc_get_name): return default if `id' ==
- 	NULL
-
-	* lib/krb5/principal.c (krb5_free_principal): added `context'
- 	argument.  Changed all callers.
-	
-	(krb5_sname_to_principal): new function
-
-	* lib/krb5/auth_context.c (krb5_free_authenticator): add `context'
- 	argument.  Changed all callers
-
-	* lib/krb5/{net_write.c,net_read.c,recvauth.c}: new files
-
-	* lib/asn1/gen.c: Fix encoding and decoding of BitStrings
-
-Fri Mar 14 11:29:00 1997  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: look for *dbm?
-
-	* lib/asn1/gen.c: Fix filename in generated files. Check fopens.
-  	Put trailing newline in asn1_files.
-
-Fri Mar 14 05:06:44 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/get_in_tkt.c: Fix some memory leaks.
-
-	* lib/krb5/krbhst.c: Properly free hostlist.
-
-	* lib/krb5/decrypt.c: CRCs are 32 bits.
-
-Fri Mar 14 04:39:15 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/asn1/gen.c: Generate one file for each type.
-
-Fri Mar 14 04:13:47 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1/gen.c: Generate `length_FOO' functions
-
-	* lib/asn1/der_length.c: new file
-
-	* kuser/klist.c: renamed stime -> printable_time to avoid conflict
- 	on HP/UX
-
-Fri Mar 14 03:37:23 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/hdb/ndbm.c: Return NOENTRY if fetch fails. Don't free
- 	datums. Don't add .db to filename.
-
-Fri Mar 14 02:49:51 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* kdc/dump.c: Database dump program.
-
-	* kdc/ank.c: Trivial database editing program.
-
-	* kdc/{kdc.c, load.c}: Use libhdb.
-
-	* lib/hdb: New database routine library.
-
-	* lib/krb5/error/Makefile.am: Add hdb_err.
-
-Wed Mar 12 17:41:14 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* kdc/kdc.c: Rewritten AS, and somewhat more working TGS support.
-
-	* lib/asn1/gen.c: Generate free functions.
-
-	* Some specific free functions.
-
-Wed Mar 12 12:30:13 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/krb5_mk_req_ext.c: new file
-
-	* lib/asn1/gen.c: optimize the case with a simple type
-
-	* lib/krb5/get_cred.c (krb5_get_credentials): Use
- 	`mk_req_extended' and remove old code.
-
-	* lib/krb5/get_in_tkt.c (decrypt_tkt): First try with an
- 	EncASRepPart, then with an EncTGSRepPart.
-
-Wed Mar 12 08:26:04 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/store_emem.c: New resizable memory storage.
-
-	* lib/krb5/{store.c, store_fd.c, store_mem.c}: Split of store.c
-
-	* lib/krb5/krb5.h: Add free entry to krb5_storage.
-
-	* lib/krb5/decrypt.c: Make keyblock const.
-
-Tue Mar 11 20:22:17 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/krb5.h: Add EncTicketPart to krb5_ticket.
-
-	* lib/krb5/rd_req.c: Return whole asn.1 ticket in
- 	krb5_ticket->tkt.
-
-	* lib/krb5/get_in_tkt.c: TGS -> AS
-
-	* kuser/kfoo.c: Print error string rather than number.
-
-	* kdc/kdc.c: Some kind of non-working TGS support.
-
-Mon Mar 10 01:43:22 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1/gen.c: reduced generated code by 1/5
-
- 	* lib/asn1/der_put.c: (der_put_length_and_tag): new function
-
-	* lib/asn1/der_get.c (der_match_tag_and_length): new function
-
-	* lib/asn1/der.h: added prototypes
-
-Mon Mar 10 01:15:43 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/krb5.h: Include <asn1_err.h>. Add prototype for
- 	krb5_rd_req_with_keyblock.
-
-	* lib/krb5/rd_req.c: Add function krb5_rd_req_with_keyblock that
- 	takes a precomputed keyblock.
-
-	* lib/krb5/get_cred.c: Use krb5_mk_req rather than inlined code.
-
-	* lib/krb5/mk_req.c: Calculate checksum of in_data.
-
-Sun Mar  9 21:17:58 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/error/compile_et.awk: Add a declaration of struct
- 	error_list, and multiple inclusion block to header files.
-
-Sun Mar  9 21:01:12 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/rd_req.c: do some checks on times
-
-	* lib/krb/{mk_priv.c, rd_priv.c, sendauth.c, decrypt.c,
-	address.c}: new files
-
-	* lib/krb5/auth_context.c: more code
-
-	* configure.in: try to figure out timezone
-
-Sat Mar  8 11:41:07 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/error/error.c: Try strerror if error code wasn't found.
-
-	* lib/krb5/get_in_tkt.c: Remove realm parameter from
- 	krb5_get_salt.
-
-	* lib/krb5/context.c: Initialize error table.
-
-	* kdc: The beginnings of a kdc.
-
-Sat Mar  8 08:16:28 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/rd_safe.c: new file
-
-	* lib/krb5/checksum.c (krb5_verify_checksum): New function
-
-	* lib/krb5/get_cred.c: use krb5_create_checksum
-
-	* lib/krb5/checksum.c: new file
-
-	* lib/krb5/store.c: no more arithmetic with void*
-
-	* lib/krb5/cache.c: now seems to work again
-
-Sat Mar  8 06:58:09 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/Makefile.am: Add asn1_glue.c and error/*.c to libkrb5.
-
-	* lib/krb5/get_in_tkt.c: Moved some functions to asn1_glue.c.
-
-	* lib/krb5/asn1_glue.c: Moved some asn1-stuff here.
-	
-	* lib/krb5/{cache,keytab}.c: Use new storage functions.
-
-	* lib/krb5/krb5.h: Protypes for new storage functions.
-
-	* lib/krb5/krb5.h: Make krb5_{ret,store}_* functions able to write
- 	data to more than file descriptors.
-
-Sat Mar  8 01:01:17 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/encrypt.c: New file.
-
-	* lib/krb5/Makefile.am: More -I
-
-	* configure.in: Test for big endian, random, rand, setitimer
-
-	* lib/asn1/gen.c: perhaps even decodes bitstrings
-
-Thu Mar  6 19:05:29 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/config_file.y: Better return values on error.
-
-Sat Feb  8 15:59:56 1997  Assar Westerlund  <assar@pdc.kth.se>
-
-	* lib/asn1/parse.y: ifdef HAVE_STRDUP
-
-	* lib/asn1/lex.l: ifdef strdup
-	brange-dead version of list of special characters to make stupid
- 	lex accept it.
-
-	* lib/asn1/gen.c: A DER integer should really be a `unsigned'
-
-	* lib/asn1/der_put.c: A DER integer should really be a `unsigned'
-
-	* lib/asn1/der_get.c: A DER integer should really be a `unsigned'
-
-	* lib/krb5/error/Makefile.am: It seems "$(SHELL) ./compile_et" is
- 	needed.
-
-	* lib/krb/mk_rep.c, lib/krb/rd_req.c, lib/krb/store.c,
- 	lib/krb/store.h: new files.
-
-	* lib/krb5/keytab.c: now even with some functionality.
-
-	* lib/asn1/gen.c: changed paramater from void * to Foo *
-
-	* lib/asn1/der_get.c (der_get_octet_string): Fixed bug with empty
- 	string.
-
-Sun Jan 19 06:17:39 1997  Assar Westerlund  <assar@pdc.kth.se>
-
-	* lib/krb5/get_cred.c (krb5_get_credentials): Check for creds in
- 	cc before getting new ones.
-
-	* lib/krb5/krb5.h (krb5_free_keyblock): Fix prototype.
-
-	* lib/krb5/build_auth.c (krb5_build_authenticator): It seems the
- 	CRC should be stored LSW first. (?)
-
-	* lib/krb5/auth_context.c: Implement `krb5_auth_con_getkey' and
- 	`krb5_free_keyblock'
-
-	* lib/**/Makefile.am: Rename foo libfoo.a
-
-	* include/Makefile.in: Use test instead of [
-	-e does not work with /bin/sh on psoriasis
-
-	* configure.in: Search for awk
-	create lib/krb/error/compile_et
-	
-Tue Jan 14 03:46:26 1997  Assar Westerlund  <assar@pdc.kth.se>
-
-	* lib/krb5/Makefile.am: replaced mit-crc.c by crc.c
-
-Wed Dec 18 00:53:55 1996  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kuser/kinit.c: Guess principal.
-
-	* lib/krb5/error/compile_et.awk: Don't include krb5.h. Fix some
- 	warnings.
-
-	* lib/krb5/error/asn1_err.et: Add ASN.1 error messages.
-
-	* lib/krb5/mk_req.c: Get client from cache.
-
-	* lib/krb5/cache.c: Add better error checking some useful return
- 	values.
-
-	* lib/krb5/krb5.h: Fix krb5_auth_context.
-
-	* lib/asn1/der.h: Make krb5_data compatible with krb5.h
-
-Tue Dec 17 01:32:36 1996  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/error: Add primitive error library.
-
-Mon Dec 16 16:30:20 1996  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/cache.c: Get correct address type from cache.
-
-	* lib/krb5/krb5.h: Change int16 to int to be compatible with asn1.
-
diff --git a/crypto/heimdal/ChangeLog.1999 b/crypto/heimdal/ChangeLog.1999
deleted file mode 100644
index e022b9682465..000000000000
--- a/crypto/heimdal/ChangeLog.1999
+++ /dev/null
@@ -1,2194 +0,0 @@
-1999-12-30  Assar Westerlund  <assar@sics.se>
-
-	* configure.in (krb4): use `-ldes' in tests
-
-1999-12-26  Assar Westerlund  <assar@sics.se>
-
-	* lib/hdb/print.c (event2string): handle events without principal.
-  	From Luke Howard <lukeh@PADL.COM>
-
-1999-12-25  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.2j
-
-Tue Dec 21 18:03:17 1999  Assar Westerlund  <assar@sics.se>
-
-	* lib/hdb/Makefile.am (asn1_files): add $(EXEEXT) for cygwin and
- 	related systems
-
-	* lib/asn1/Makefile.am (asn1_files): add $(EXEEXT) for cygwin and
- 	related systems
-
-	* include/Makefile.am (krb5-types.h): add $(EXEEXT) for cygwin and
- 	related systems
-
-1999-12-20  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.2i
-
-1999-12-20  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to 6:3:1
-
-	* lib/krb5/send_to_kdc.c (send_via_proxy): free data
-	* lib/krb5/send_to_kdc.c (send_via_proxy): new function use
-	getaddrinfo instead of gethostbyname{,2}
-	* lib/krb5/get_for_creds.c: use getaddrinfo instead of
-	getnodebyname{,2}
-
-1999-12-17  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.2h
-
-1999-12-17  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.2g
-
-1999-12-16  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am: bump version to 6:2:1
-
-	* lib/krb5/principal.c (krb5_sname_to_principal): handle
-	ai_canonname not being set
-	* lib/krb5/expand_hostname.c (krb5_expand_hostname): handle
-	ai_canonname not being set
-
-	* appl/test/uu_server.c: print messages to stderr
-	* appl/test/tcp_server.c: print messages to stderr
-	* appl/test/nt_gss_server.c: print messages to stderr
-	* appl/test/gssapi_server.c: print messages to stderr
-
-	* appl/test/tcp_client.c (proto): remove shadowing `context'
-	* appl/test/common.c (client_doit): add forgotten ntohs
-
-1999-12-13  Assar Westerlund  <assar@sics.se>
-
-	* configure.in (VERISON): bump to 0.2g-pre
-
-1999-12-12  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/principal.c (krb5_425_conv_principal_ext): be more
- 	robust and handle extra dot at the beginning of default_domain
-
-1999-12-12  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.2f
-
-1999-12-12  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am: bump version to 6:1:1
-	
-	* lib/krb5/changepw.c (get_kdc_address): use
- 	`krb5_get_krb_changepw_hst'
-
-	* lib/krb5/krbhst.c (krb5_get_krb_changepw_hst): add
-
-	* lib/krb5/get_host_realm.c: add support for _kerberos.domain
- 	(according to draft-ietf-cat-krb-dns-locate-01.txt)
-
-1999-12-06  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.2e
-
-1999-12-06  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/changepw.c (krb5_change_password): use the correct
- 	address
-
-	* lib/krb5/Makefile.am: bump version to 6:0:1
-
-	* lib/asn1/Makefile.am: bump version to 1:4:0
-
-1999-12-04  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: move AC_KRB_IPv6 to make sure it's performed
- 	before AC_BROKEN
-	(el_init): use new feature of AC_FIND_FUNC_NO_LIBS
-
-	* appl/test/uu_client.c: use client_doit
-	* appl/test/test_locl.h (client_doit): add prototype
-	* appl/test/tcp_client.c: use client_doit
-	* appl/test/nt_gss_client.c: use client_doit
-	* appl/test/gssapi_client.c: use client_doit
-	* appl/test/common.c (client_doit): move identical code here and
-	start using getaddrinfo
-
-	* appl/kf/kf.c (doit): rewrite to use getaddrinfo
-	* kdc/hprop.c: re-write to use getaddrinfo
-	* lib/krb5/principal.c (krb5_sname_to_principal): use getaddrinfo
-	* lib/krb5/expand_hostname.c (krb5_expand_hostname): use
-	getaddrinfo
-	* lib/krb5/changepw.c: re-write to use getaddrinfo
-	* lib/krb5/addr_families.c (krb5_parse_address): use getaddrinfo
-
-1999-12-03  Assar Westerlund  <assar@sics.se>
-
-	* configure.in (BROKEN): check for freeaddrinfo, getaddrinfo,
-	getnameinfo, gai_strerror
-	(socklen_t): check for
-
-1999-12-02  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/crypto.c: ARCFOUR_set_key -> RC4_set_key
-
-1999-11-23  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/crypto.c (ARCFOUR_string_to_key): change order of bytes
- 	within unicode characters.  this should probably be done in some
- 	arbitrarly complex way to do it properly and you would have to
- 	know what character encoding was used for the password and salt
- 	string.
-
-	* lib/krb5/addr_families.c (ipv4_uninteresting): ignore 0.0.0.0
-	(INADDR_ANY)
-	(ipv6_uninteresting): remove unused macro
-
-1999-11-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/krb5.h: rc4->arcfour
-
-	* lib/krb5/crypto.c: rc4->arcfour
-
-1999-11-17  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/krb5_locl.h: add <rc4.h>
-	* lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_RC4
-	* lib/krb5/crypto.c: some code for doing RC4/MD5/HMAC which might
-	not be totally different from some small company up in the
-	north-west corner of the US
-
-	* lib/krb5/get_addrs.c (find_all_addresses): change code to
- 	actually increment buf_size
-
-1999-11-14  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/krb5.h (krb5_context_data): add `scan_interfaces'
-	* lib/krb5/get_addrs.c (krb5_get_all_client_addrs): make interaces
- 	scanning optional
-	* lib/krb5/context.c (init_context_from_config_file): set
- 	`scan_interfaces'
-
-	* lib/krb5/Makefile.am (libkrb5_la_SOURCES): add add_et_list.c
-	* lib/krb5/add_et_list.c (krb5_add_et_list): new function
-
-1999-11-12  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_default_realm.c (krb5_get_default_realm,
-	krb5_get_default_realms): set realms if they were unset
-	* lib/krb5/context.c (init_context_from_config_file): don't
-	initialize default realms here.  it's done lazily instead.
-	
-	* lib/krb5/krb5.h (KRB5_TC_*): make constants unsigned
-	* lib/asn1/gen_glue.c (generate_2int, generate_units): make sure
-	bit constants are unsigned
-	* lib/asn1/gen.c (define_type): make length in sequences be
-	unsigned.
-
-	* configure.in: remove duplicate test for setsockopt test for
-	struct tm.tm_isdst
-
-	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): generate
-	preauthentication information if we get back ERR_PREAUTH_REQUIRED
-	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): remove
-	preauthentication generation code.  it's now in krb5_get_in_cred
-	
-	* configure.in (AC_BROKEN_SNPRINTF): add strptime check for struct
-	tm.tm_gmtoff and timezone
-	
-1999-11-11  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/main.c: make this work with multi-db
-
-	* kdc/kdc_locl.h: make this work with multi-db
-
-	* kdc/config.c: make this work with multi-db
-
-1999-11-09  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/misc.c: update for multi-database code
-
-	* kdc/main.c: update for multi-database code
-
-	* kdc/kdc_locl.h: update
-
-	* kdc/config.c: allow us to have more than one database
-
-1999-11-04  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.2d
-
-	* lib/krb5/Makefile.am: bump version to 5:0:0 to be safe
- 	(krb5_context_data has changed and some code do (might) access
- 	fields directly)
-
-	* lib/krb5/krb5.h (krb5_context_data): add `etypes_des'
-
-	* lib/krb5/get_cred.c (init_tgs_req): use
- 	krb5_keytype_to_enctypes_default
-
-	* lib/krb5/crypto.c (krb5_keytype_to_enctypes_default): new
- 	function
-
-	* lib/krb5/context.c (set_etypes): new function
-	(init_context_from_config_file): set both `etypes' and `etypes_des'
-
-1999-11-02  Assar Westerlund  <assar@sics.se>
-
-	* configure.in (VERSION): bump to 0.2d-pre
-
-1999-10-29  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/principal.c (krb5_parse_name): check memory allocations
-
-1999-10-28  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.2c
-
-	* lib/krb5/dump_config.c (print_tree): check for empty tree
-
-	* lib/krb5/string-to-key-test.c (tests): update the test cases
- 	with empty principals so that they actually use an empty realm and
- 	not the default.  use the correct etype for 3DES
-
-	* lib/krb5/Makefile.am: bump version to 4:1:0
-
-	* kdc/config.c (configure): more careful with the port string
-
-1999-10-26  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.2b
-
-1999-10-20  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am: bump version to 4:0:0
- 	(krb524_convert_creds_kdc and potentially some other functions
- 	have changed prototypes)
-
-	* lib/hdb/Makefile.am: bump version to 4:0:1
-
-	* lib/asn1/Makefile.am: bump version to 1:3:0
-
-	* configure.in (LIB_roken): add dbopen.  getcap in roken
- 	references dbopen and with shared libraries we need to add this
- 	dependency.
-
-	* lib/krb5/verify_krb5_conf.c (main): support speicifying the
- 	configuration file to test on the command line
-
-	* lib/krb5/config_file.c (parse_binding): handle line with no
- 	whitespace before =
-	(krb5_config_parse_file_debug): set lineno earlier so that we don't
-	use it unitialized
-
-	* configure.in (AM_INIT_AUTOMAKE): bump to 0.2b-pre opt*: need
- 	more include files for these tests
-
-	* lib/krb5/set_default_realm.c (krb5_set_default_realm): use
- 	krb5_config_get_strings, which means that your configuration file
- 	should look like:
-	
-	[libdefaults]
-	  default_realm = realm1 realm2 realm3
-
-	* lib/krb5/set_default_realm.c (config_binding_to_list): fix
- 	copy-o.  From Michal Vocu <michal@karlin.mff.cuni.cz>
-
-	* kdc/config.c (configure): add a missing strdup.  From Michal
- 	Vocu <michal@karlin.mff.cuni.cz>
-
-1999-10-17  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.2a
-
-	* configure.in: only test for db.h with using berkeley_db. remember
- 	to link with LIB_tgetent when checking for el_init. add xnlock
-
-	* appl/Makefile.am: add xnlock
-
-	* kdc/kerberos5.c (find_etype): support null keys
-
-	* kdc/kerberos4.c (get_des_key): support null keys
-
-	* lib/krb5/crypto.c (krb5_get_wrapped_length): more correct
- 	calculation
-
-1999-10-16  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kuser/kinit.c (main): pass ccache to krb524_convert_creds_kdc
-
-1999-10-12  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/crypto.c (krb5_enctype_to_keytype): remove warning
-
-1999-10-10  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/mk_req.c (krb5_mk_req): use krb5_free_host_realm
-
-	* lib/krb5/krb5.h (krb5_ccache_data): make `ops' const
-
-	* lib/krb5/crypto.c (krb5_string_to_salttype): new function
-
-	* **/*.[ch]: const-ize
-
-1999-10-06  Assar Westerlund  <assar@sics.se>
-	
-	* lib/krb5/creds.c (krb5_compare_creds): const-ify
-	
-	* lib/krb5/cache.c: clean-up and comment-up
-
-	* lib/krb5/copy_host_realm.c (krb5_copy_host_realm): copy all the
- 	strings
-
-	* lib/krb5/verify_user.c (krb5_verify_user_lrealm): free the
- 	correct realm part
-
-	* kdc/connect.c (handle_tcp): things work much better when ret is
- 	initialized
-
-1999-10-03  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/convert_creds.c (krb524_convert_creds_kdc): look at the
- 	type of the session key
-
-	* lib/krb5/crypto.c (krb5_enctypes_compatible_keys): spell
- 	correctly
-
-	* lib/krb5/creds.c (krb5_compare_creds): fix spelling of
- 	krb5_enctypes_compatible_keys
-
-	* lib/krb5/convert_creds.c (krb524_convert_creds_kdc): get new
- 	credentials from the KDC if the existing one doesn't have a DES
- 	session key.
-
-	* lib/45/get_ad_tkt.c (get_ad_tkt): update to new
- 	krb524_convert_creds_kdc
-
-1999-10-03  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/keytab_keyfile.c: make krb5_akf_ops const
-
-	* lib/krb5/keytab_memory.c: make krb5_mkt_ops const
-
-	* lib/krb5/keytab_file.c: make krb5_fkt_ops const
-
-1999-10-01  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/config_file.c: rewritten to allow error messages
-
-	* lib/krb5/Makefile.am (bin_PROGRAMS): add verify_krb5_conf
-	(libkrb5_la_SOURCES): add config_file_netinfo.c
-
-	* lib/krb5/verify_krb5_conf.c: new program for verifying that
-	krb5.conf is corret
-
-	* lib/krb5/config_file_netinfo.c: moved netinfo code here from
- 	config_file.c
-
-1999-09-28  Assar Westerlund  <assar@sics.se>
-
-	* kdc/hpropd.c (dump_krb4): kludge default_realm
-
-	* lib/asn1/check-der.c: add test cases for Generalized time and
- 	make sure we return the correct value
-
-	* lib/asn1/der_put.c: simplify by using der_put_length_and_tag
-
-	* lib/krb5/verify_user.c (krb5_verify_user_lrealm): ariant of
- 	krb5_verify_user that tries in all the local realms
-
-	* lib/krb5/set_default_realm.c: add support for having several
- 	default realms
-
-	* lib/krb5/kuserok.c (krb5_kuserok): use `krb5_get_default_realms'
-
-	* lib/krb5/get_default_realm.c (krb5_get_default_realms): add
-
-	* lib/krb5/krb5.h (krb5_context_data): change `default_realm' to
- 	`default_realms'
-
-	* lib/krb5/context.c: change from `default_realm' to
- 	`default_realms'
-
-	* lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use
- 	krb5_get_default_realms
-
-	* lib/krb5/Makefile.am (libkrb5_la_SOURCES): add copy_host_realm.c
-
-	* lib/krb5/copy_host_realm.c: new file
-
-1999-09-27  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/asn1/der_put.c (encode_generalized_time): encode length
-
-	* lib/krb5/recvauth.c: new function `krb5_recvauth_match_version'
-	that allows more intelligent matching of the application version
-
-1999-09-26  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1/asn1_print.c: add err.h
-
-	* kdc/config.c (configure): use parse_bytes
-
-	* appl/test/nt_gss_common.c: use the correct header file
-
-1999-09-24  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kuser/klist.c: add a `--cache' flag
-
-	* kuser/kinit.c (main): only get default value for `get_v4_tgt' if
-	it's explicitly set in krb5.conf
-
-1999-09-23  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1/asn1_print.c (tag_names); add another univeral tag
-
-	* lib/asn1/der.h: update universal tags
-
-1999-09-22  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1/asn1_print.c (loop): print length of octet string
-
-1999-09-21  Johan Danielsson  <joda@pdc.kth.se>
-
-	* admin/ktutil.c (kt_get): add `--help'
-
-1999-09-21  Assar Westerlund  <assar@sics.se>
-
-	* kuser/Makefile.am: add kdecode_ticket
-
-	* kuser/kdecode_ticket.c: new debug program
-
-	* appl/test/nt_gss_server.c: new program to test against `Sample *
- 	SSPI Code' in Windows 2000 RC1 SDK.
-
-	* appl/test/Makefile.am: add nt_gss_client and nt_gss_server
-
-	* lib/asn1/der_get.c (decode_general_string): remember to advance
- 	ret over the length-len
-
-	* lib/asn1/Makefile.am: add asn1_print
-
-	* lib/asn1/asn1_print.c: new program for printing DER-structures
-
-	* lib/asn1/der_put.c: make functions more consistent
-
-	* lib/asn1/der_get.c: make functions more consistent
-
-1999-09-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/kerberos5.c: be more informative in pa-data error messages
-
-1999-09-16  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: test for strlcpy, strlcat
-
-1999-09-14  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): return
- 	KRB5_LIBOS_PWDINTR when interrupted
-
-	* lib/krb5/get_in_tkt_pw.c (krb5_password_key_proc): check return
- 	value from des_read_pw_string
-
-	* kuser/kinit.c (main): don't print any error if reading the
- 	password was interrupted
-
-	* kpasswd/kpasswd.c (main): don't print any error if reading the
- 	password was interrupted
-
-	* kdc/string2key.c (main): check the return value from fgets
-
-	* kdc/kstash.c (main): check return value from des_read_pw_string
-
-	* admin/ktutil.c (kt_add): check the return-value from fgets and
- 	overwrite the password for paranoid reasons
-
-	* lib/krb5/keytab_keyfile.c (get_cell_and_realm): only remove the
- 	newline if it's there
-
-1999-09-13  Assar Westerlund  <assar@sics.se>
-
-	* kdc/hpropd.c (main): remove bogus error with `--print'.  remove
- 	sysloging of number of principals transferred
-
-	* kdc/hprop.c (ka_convert): set flags correctly for krbtgt/CELL
- 	principals
-	(main): get rid of bogus opening of hdb database when propagating
-	ka-server database
-
-1999-09-12  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/krb5_locl.h (O_BINARY): add fallback definition
-
-	* lib/krb5/krb5.h (krb5_context_data): add keytab types
-
-	* configure.in: revert back awk test, not worked around in
- 	roken.awk
-
-	* lib/krb5/keytab_krb4.c: remove O_BINARY
-
-	* lib/krb5/keytab_keyfile.c: some support for AFS KeyFile's.  From
-	Love <lha@e.kth.se>
-
-	* lib/krb5/keytab_file.c: remove O_BINARY
-
-	* lib/krb5/keytab.c: move the list of keytab types to the context
-
-	* lib/krb5/fcache.c: remove O_BINARY
-
-	* lib/krb5/context.c (init_context_from_config_file): register all
- 	standard cache and keytab types
-	(krb5_free_context): free `kt_types'
-
-	* lib/krb5/cache.c (krb5_cc_resolve): move the registration of the
- 	standard types of credential caches to context
-
-	* lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_keyfile.c
-
-1999-09-10  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/keytab.c: add comments and clean-up
-
-	* admin/ktutil.c: add `ktutil copy'
-
-	* lib/krb5/keytab_krb4.c: new file
-
-	* lib/krb5/krb5.h (krb5_kt_cursor): add a `data' field
-
-	* lib/krb5/Makefile.am: add keytab_krb4.c
-
-	* lib/krb5/keytab.c: add krb4 and correct some if's
-
-	* admin/srvconvert.c (srvconv): move common code
-
-	* lib/krb5/krb5.h (krb5_fkt_ops, krb5_mkt_ops): new variables
-
-	* lib/krb5/keytab.c: move out file and memory functions
-
-	* lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_file.c,
- 	keytab_memory.c
-
-	* lib/krb5/keytab_memory.c: new file
-
-	* lib/krb5/keytab_file.c: new file
-
-	* kpasswd/kpasswdd.c: move out password quality functions
-
-1999-09-07  Assar Westerlund  <assar@sics.se>
-
-	* lib/hdb/Makefile.am (libhdb_la_SOURCES): add keytab.c.  From
- 	Love <lha@e.kth.se>
-
-	* lib/krb5/convert_creds.c (krb524_convert_creds_kdc): check
- 	return value from `krb5_sendto_kdc'
-
-1999-09-06  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/send_to_kdc.c (send_and_recv): rename to recv_loop and
- 	remove the sending of data.  add a parameter `limit'.  let callers
- 	send the date themselves (and preferably with net_write on tcp
- 	sockets)
-	(send_and_recv_tcp): read first the length field and then only that
-	many bytes
-
-1999-09-05  Assar Westerlund  <assar@sics.se>
-
-	* kdc/connect.c (handle_tcp): try to print warning `TCP data of
- 	strange type' less often
-
-	* lib/krb5/send_to_kdc.c (send_and_recv): handle EINTR properly.
-  	return on EOF.  always free data.  check return value from
- 	realloc.
-	(send_and_recv_tcp, send_and_recv_http): check advertised length
-	against actual length
-
-1999-09-01  Johan Danielsson  <joda@pdc.kth.se>
-
-	* configure.in: check for sgi capabilities
-
-1999-08-27  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/get_addrs.c: krb5_get_all_server_addrs shouldn't return
-	extra addresses
-
-	* kpasswd/kpasswdd.c: use HDB keytabs; change some error messages;
-	add --realm flag
-
-	* lib/krb5/address.c (krb5_append_addresses): remove duplicates
-
-1999-08-26  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/hdb/keytab.c: HDB keytab backend
-
-1999-08-25  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/keytab.c
-	(krb5_kt_{start_seq_get,next_entry,end_seq_get}): check for NULL
-	pointer
-
-1999-08-24  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kpasswd/kpasswdd.c: add `--keytab' flag
-
-1999-08-23  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/addr_families.c (IN6_ADDR_V6_TO_V4): use `s6_addr'
- 	instead of the non-standard `s6_addr32'.  From Yoshinobu Inoue
- 	<shin@kame.net> by way of the KAME repository
-
-1999-08-18  Assar Westerlund  <assar@sics.se>
-
-	* configure.in (--enable-new-des3-code): remove check for `struct
- 	addrinfo'
-
-	* lib/krb5/crypto.c (etypes): remove NEW_DES3_CODE, enable
- 	des3-cbc-sha1 and keep old-des3-cbc-sha1 for backwards
- 	compatability
-
-	* lib/krb5/krb5.h (krb5_enctype): des3-cbc-sha1 (with key
- 	derivation) just got assigned etype 16 by <bcn@isi.edu>.  keep the
- 	old etype at 7.
-
-1999-08-16  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/sendauth.c (krb5_sendauth): only look at errno if
- 	krb5_net_read actually returns -1
-
-	* lib/krb5/recvauth.c (krb5_recvauth): only look at errno if
- 	krb5_net_read actually returns -1
-
-	* appl/kf/kf.c (proto): don't trust errno if krb5_net_read hasn't
- 	returned -1
-
-	* appl/test/tcp_server.c (proto): only trust errno if
- 	krb5_net_read actually returns -1
-
-	* appl/kf/kfd.c (proto): be more careful with the return value
- 	from krb5_net_read
-
-1999-08-13  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_addrs.c (get_addrs_int): try the different ways
- 	sequentially instead of just one.  this helps if your heimdal was
- 	built with v6-support but your kernel doesn't have it, for
- 	example.
-
-1999-08-12  Assar Westerlund  <assar@sics.se>
-
-	* kdc/hpropd.c: add inetd flag.  default means try to figure out
- 	if stdin is a socket or not.
-
-	* Makefile.am (ACLOCAL): just use `cf', this variable is only used
- 	when the current directory is $(top_srcdir) anyways and having
- 	$(top_srcdir) there breaks if it's a relative path
-
-1999-08-09  Johan Danielsson  <joda@pdc.kth.se>
-
-	* configure.in: check for setproctitle
-
-1999-08-05  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/principal.c (krb5_sname_to_principal): remember to call
- 	freehostent
-
-	* appl/test/tcp_client.c: call freehostent
-
-	* appl/kf/kf.c (doit): call freehostent
-
-	* appl/kf/kf.c: make v6 friendly and simplify
-
-	* appl/kf/kfd.c: make v6 friendly and simplify
-
-	* appl/test/tcp_server.c: simplify by using krb5_err instead of
- 	errx
-	
-	* appl/test/tcp_client.c: simplify by using krb5_err instead of
- 	errx
-
-	* appl/test/tcp_server.c: make v6 friendly and simplify
-
-	* appl/test/tcp_client.c: make v6 friendly and simplify
-
-1999-08-04  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.1m
-
-1999-08-04  Assar Westerlund  <assar@sics.se>
-
-	* kuser/kinit.c (main): some more KRB4-conditionalizing
-
-	* lib/krb5/get_in_tkt.c: type correctness
-
-	* lib/krb5/get_for_creds.c (krb5_fwd_tgs_creds): set forwarded in
- 	flags.  From Miroslav Ruda <ruda@ics.muni.cz>
-
-	* kuser/kinit.c (main): add config file support for forwardable
- 	and krb4 support.  From Miroslav Ruda <ruda@ics.muni.cz>
-
-	* kdc/kerberos5.c (as_rep): add an empty X500-compress string as
- 	transited.
-	(fix_transited_encoding): check length.
-	From Miroslav Ruda <ruda@ics.muni.cz>
-
-	* kdc/hpropd.c (dump_krb4): check the realm so that we don't dump
- 	principals in some other realm. From Miroslav Ruda
- 	<ruda@ics.muni.cz>
-	(main): rename sa_len -> sin_len, sa_lan is a define on some
-	platforms.
-
-	* appl/kf/kfd.c: add regpag support. From Miroslav Ruda
- 	<ruda@ics.muni.cz>
-
-	* appl/kf/kf.c: add `-G' and forwardable option in krb5.conf.
-  	From Miroslav Ruda <ruda@ics.muni.cz>
-
-	* lib/krb5/config_file.c (parse_list): don't run past end of line
-
-	* appl/test/gss_common.h: new prototypes
-
-	* appl/test/gssapi_client.c: use gss_err instead of abort
-
-	* appl/test/gss_common.c (gss_verr, gss_err): add
-
-1999-08-03  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am (n_fold_test_LDADD): need to set this
- 	otherwise it doesn't build with shared libraries
-
-	* kdc/hpropd.c: v6-ify
-
-	* kdc/hprop.c: v6-ify
-
-1999-08-01  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/mk_req.c (krb5_mk_req): use krb5_expand_hostname
-
-1999-07-31  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_host_realm.c (krb5_get_host_realm_int): new
- 	function that takes a FQDN
-
-	* lib/krb5/Makefile.am (libkrb5_la_SOURCES): add exapnd_hostname.c
-
-	* lib/krb5/expand_hostname.c: new file
-
-1999-07-28  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.1l
-
-1999-07-28  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1/Makefile.am: bump version to 1:2:0
-
-	* lib/krb5/Makefile.am: bump version to 3:1:0
-
-	* configure.in: more inet_pton to roken
-
-	* lib/krb5/principal.c (krb5_sname_to_principal): use
- 	getipnodebyname
-
-1999-07-26  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.1k
-
-1999-07-26  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/Makefile.am: bump version number (changed function
-	signatures)
-
-	* lib/hdb/Makefile.am: bump version number (changes to some
-	function signatures)
-
-1999-07-26  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am: bump version to 3:0:2
-
-	* lib/hdb/Makefile.am: bump version to 2:1:0
-
-	* lib/asn1/Makefile.am: bump version to 1:1:0
-
-1999-07-26  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.1j
-
-1999-07-26  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: rokenize inet_ntop
-
-	* lib/krb5/store_fd.c: lots of changes from size_t to ssize_t
-	
-	* lib/krb5/store_mem.c: lots of changes from size_t to ssize_t
-	
-	* lib/krb5/store_emem.c: lots of changes from size_t to ssize_t
-	
-	* lib/krb5/store.c: lots of changes from size_t to ssize_t
-	(krb5_ret_stringz): check return value from realloc
-
-	* lib/krb5/mk_safe.c: some type correctness
-	
-	* lib/krb5/mk_priv.c: some type correctness
-	
-	* lib/krb5/krb5.h (krb5_storage): change return values of
-	functions from size_t to ssize_t
-	
-1999-07-24  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.1i
-
-	* configure.in (AC_PROG_AWK): disable. mawk seems to mishandle \#
- 	in lib/roken/roken.awk
-
-	* lib/krb5/get_addrs.c (find_all_addresses): try to use SA_LEN to
- 	step over addresses if there's no `sa_lan' field
-
-	* lib/krb5/sock_principal.c (krb5_sock_to_principal): simplify by
- 	using `struct sockaddr_storage'
-
-	* lib/krb5/send_to_kdc.c (krb5_sendto_kdc): simplify by using
- 	`struct sockaddr_storage'
-
-	* lib/krb5/changepw.c (krb5_change_password): simplify by using
- 	`struct sockaddr_storage'
-
-	* lib/krb5/auth_context.c (krb5_auth_con_setaddrs_from_fd):
- 	simplify by using `struct sockaddr_storage'
-
-	* kpasswd/kpasswdd.c (*): simplify by using `struct
- 	sockaddr_storage'
-
-	* kdc/connect.c (*): simplify by using `struct sockaddr_storage'
-
-	* configure.in (sa_family_t): just test for existence
-	(sockaddr_storage): also specify include file
-
-	* configure.in (AM_INIT_AUTOMAKE): bump version to 0.1i
-	(sa_family_t): test for
-	(struct	sockaddr_storage): test for
-
-	* kdc/hprop.c (propagate_database): typo, NULL should be
- 	auth_context
-
-	* lib/krb5/get_addrs.c: conditionalize on HAVE_IPV6 instead of
- 	AF_INET6
-
-	* appl/kf/kf.c (main): use warnx
-
-	* appl/kf/kf.c (proto): remove shadowing context
-
-	* lib/krb5/get_addrs.c (find_all_addresses): try to handle the
- 	case of getting back an `sockaddr_in6' address when sizeof(struct
- 	sockaddr_in6) > sizeof(struct sockaddr) and we have no sa_len to
- 	tell us how large the address is.  This obviously doesn't work
- 	with unknown protocol types.
-
-1999-07-24  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.1h
-
-1999-07-23  Assar Westerlund  <assar@sics.se>
-
-	* appl/kf/kfd.c: clean-up and more paranoia
-
-	* etc/services.append: add kf
-
-	* appl/kf/kf.c: rename tk_file to ccache for consistency.  clean-up
-
-1999-07-22  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/n-fold-test.c (main): print the correct data
-
-	* appl/Makefile.am (SUBDIRS): add kf
-
-	* appl/kf: new program.  From Miroslav Ruda <ruda@ics.muni.cz>
-
-	* kdc/hprop.c: declare some variables unconditionally to simplify
- 	things
-
-	* kpasswd/kpasswdd.c: initialize kadm5 connection for every change
- 	(otherwise the modifier in the database doesn't get set)
-
-	* kdc/hpropd.c: clean-up and re-organize
-
-	* kdc/hprop.c: clean-up and re-organize
-
- 	* configure.in (SunOS): define to xy for SunOS x.y
-
-1999-07-19  Assar Westerlund  <assar@sics.se>
-
-	* configure.in (AC_BROKEN): test for copyhostent, freehostent,
- 	getipnodebyaddr, getipnodebyname
-
-1999-07-15  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1/check-der.c: more test cases for integers
-
-	* lib/asn1/der_length.c (length_int): handle the case of the
- 	largest negative integer by not calling abs
-
-1999-07-14  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1/check-der.c (generic_test): check malloc return value
- 	properly
-
-	* lib/krb5/Makefile.am: add string_to_key_test
-
-	* lib/krb5/prog_setup.c (krb5_program_setup): always initialize
- 	the context
-
-	* lib/krb5/n-fold-test.c (main): return a relevant return value
-
-	* lib/krb5/krbhst.c: do SRV lookups for admin server as well.
-  	some clean-up.
-
-1999-07-12  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: handle not building X programs
-
-1999-07-06  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/addr_families.c (ipv6_parse_addr): remove duplicate
- 	variable
-	(ipv6_sockaddr2port): fix typo
-
-	* etc/services.append: beginning of a file with services
-
-	* lib/krb5/cache.c (krb5_cc_resolve): fall-back to files if
- 	there's no prefix.  also clean-up a little bit.
-
-	* kdc/hprop.c (--kaspecials): new flag for handling special KA
- 	server entries.  From "Brandon S. Allbery KF8NH"
- 	<allbery@kf8nh.apk.net>
-
-1999-07-05  Assar Westerlund  <assar@sics.se>
-
-	* kdc/connect.c (handle_tcp): make sure we have data before
- 	starting to look for HTTP
-
-	* kdc/connect.c (handle_tcp): always do getpeername, we can't
- 	trust recvfrom to return anything sensible
-
-1999-07-04  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_in_tkt.c (add_padat): encrypt pre-auth data with
- 	all enctypes
-
-	* kpasswd/kpasswdd.c (change): fetch the salt-type from the entry
-
-	* admin/srvconvert.c (srvconv): better error messages
-
-1999-07-03  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/principal.c (unparse_name): error check malloc properly
-
-	* lib/krb5/get_in_tkt.c (krb5_init_etype): error check malloc
- 	properly
-
-	* lib/krb5/crypto.c (*): do some malloc return-value checks
- 	properly
-
-	* lib/hdb/hdb.c (hdb_process_master_key): simplify by using
- 	krb5_data_alloc
-
-	* lib/hdb/hdb.c (hdb_process_master_key): check return value from
- 	malloc
-
-	* lib/asn1/gen_decode.c (decode_type): fix generation of decoding
- 	information for TSequenceOf.
-
-	* kdc/kerberos5.c (get_pa_etype_info): check return value from
- 	malloc
-
-1999-07-02  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1/der_copy.c (copy_octet_string): don't fail if length ==
- 	0 and malloc returns NULL
-
-1999-06-29  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/addr_families.c (ipv6_parse_addr): implement
-
-1999-06-24  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/rd_cred.c (krb5_rd_cred): compare the sender's address
- 	as an addrport one
-
-	* lib/krb5/krb5.h (KRB5_ADDRESS_ADDRPORT, KRB5_ADDRESS_IPPORT):
- 	add
-	(krb5_auth_context): add local and remote port
-
-	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): get the
- 	local and remote address and add them to the krb-cred packet
-
-	* lib/krb5/auth_context.c: save the local and remove ports in the
- 	auth_context
-
-	* lib/krb5/address.c (krb5_make_addrport): create an address of
- 	type KRB5_ADDRESS_ADDRPORT from (addr, port)
-
-	* lib/krb5/addr_families.c (krb5_sockaddr2port): new function for
- 	grabbing the port number out of the sockaddr
-
-1999-06-23  Assar Westerlund  <assar@sics.se>
-
-	* admin/srvcreate.c (srvcreate): always take the DES-CBC-MD5 key.
-  	increase possible verbosity.
-
-	* lib/krb5/config_file.c (parse_list): handle blank lines at
- 	another place
-	
-	* kdc/connect.c (add_port_string): don't return a value
-
- 	* lib/kadm5/init_c.c (get_cred_cache): you cannot reuse the cred
- 	cache if the principals are different.  close and NULL the old one
- 	so that we create a new one.
-
-	* configure.in: move around cgywin et al
-	(LIB_kdb): set at the end of krb4-block
-	(krb4): test for krb_enable_debug and krb_disable_debug
-
-1999-06-16  Assar Westerlund  <assar@sics.se>
-
-	* kuser/kdestroy.c (main): try to destroy v4 ticket even if the
- 	destruction of the v5 one fails
-
-	* lib/krb5/crypto.c (DES3_postproc): new version that does the
- 	right thing
-	(*): don't put and recover length in 3DES encoding
-	other small fixes
-
-1999-06-15  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_default_principal.c: rewrite to use
- 	get_default_username
-
-	* lib/krb5/Makefile.am: add n-fold-test
-
-	* kdc/connect.c: add fallbacks for all lookups by service name
-	(handle_tcp): break-up and clean-up
-
-1999-06-09  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/addr_families.c (ipv6_uninteresting): don't consider
- 	the loopback address as uninteresting
-
-	* lib/krb5/get_addrs.c: new magic flag to get loopback address if
- 	there are no other addresses.
-	(krb5_get_all_client_addrs): use that flag
-
-1999-06-04  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/crypto.c (HMAC_SHA1_DES3_checksum): don't include the
- 	length
-	(checksum_sha1, checksum_hmac_sha1_des3): blocksize should be 64
-	(encrypt_internal_derived): don't include the length and don't
-	decrease by the checksum size twice
-	(_get_derived_key): the constant should be 5 bytes
-
-1999-06-02  Johan Danielsson  <joda@pdc.kth.se>
-
-	* configure.in: use KRB_CHECK_X
-	
-	* configure.in: check for netinet/ip.h
-	
-1999-05-31  Assar Westerlund  <assar@sics.se>
-
-	* kpasswd/kpasswdd.c (setup_passwd_quality_check): conditionalize
- 	on RTLD_NOW
-
-1999-05-23  Assar Westerlund  <assar@sics.se>
-
-	* appl/test/uu_server.c: removed unused stuff
-
-	* appl/test/uu_client.c: removed unused stuff
-
-1999-05-21  Assar Westerlund  <assar@sics.se>
-
-	* kuser/kgetcred.c (main): correct error message
-
-	* lib/krb5/crypto.c (verify_checksum): call (*ct->checksum)
- 	directly, avoiding redundant lookups and memory leaks
-
-	* lib/krb5/auth_context.c (krb5_auth_con_setaddrs_from_fd): free
- 	local and remote addresses
-
-	* lib/krb5/get_default_principal.c (get_logname): also try
- 	$USERNAME
-	
-	* lib/asn1/Makefile.am (asn1_files): add $(EXEEXT)
-
-	* lib/krb5/principal.c (USE_RESOLVER): try to define only if we
-	have a libresolv (currently by checking for res_search)
-
-1999-05-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/connect.c (handle_tcp): remove %-escapes in request
-
-1999-05-14  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.1g
-
-	* admin/ktutil.c (kt_remove): -t should be -e
-
-	* configure.in (CHECK_NETINET_IP_AND_TCP): use
-
-	* kdc/hpropd.c: support for dumping to krb4.  From Miroslav Ruda
- 	<ruda@ics.muni.cz>
-
-	* admin/ktutil.c (kt_add): new option `--no-salt'.  From Miroslav
- 	Ruda <ruda@ics.muni.cz>
-
-	* configure.in: add cygwin and DOS tests replace sendmsg, recvmsg,
- 	and innetgr with roken versions
-
-	* kuser/kgetcred.c: new program
-
-Tue May 11 14:09:33 1999  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/mcache.c: fix paste-o
-	
-1999-05-10  Johan Danielsson  <joda@pdc.kth.se>
-
-	* configure.in: don't use uname
-
-1999-05-10  Assar Westerlund  <assar@sics.se>
-
-	* acconfig.h (KRB_PUT_INT): if we don't have KRB4 use four
-	arguments :-)
-
-	* appl/test/uu_server.c (setsockopt): cast to get rid of a warning
-	
-	* appl/test/tcp_server.c (setsockopt): cast to get rid of a
-	warning
-
-	* appl/test/tcp_client.c (proto): call krb5_sendauth with ccache
-	== NULL
-
-	* appl/test/gssapi_server.c (setsockopt): cast to get rid of a
-	warning
-
-	* lib/krb5/sendauth.c (krb5_sendauth): handle ccache == NULL by
-	setting the default ccache.
-
-	* configure.in (getsockopt, setsockopt): test for
-	(AM_INIT_AUTOMAKE): bump version to 0.1g
-
-	* appl/Makefile.am (SUBDIRS): add kx
-	
-	* lib/hdb/convert_db.c (main): handle the case of no master key
-	
-1999-05-09  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.1f
-
-	* kuser/kinit.c: add --noaddresses
-	
-	* lib/krb5/get_in_tkt.c (init_as_req): interpret `addrs' being an
-	empty sit of list as to not ask for any addresses.
-	
-1999-05-08  Assar Westerlund  <assar@sics.se>
-
-	* acconfig.h (_GNU_SOURCE): define this to enable (used)
- 	extensions on glibc-based systems such as linux
-
-1999-05-03  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_cred.c (get_cred_from_kdc_flags): allocate and free
-	`*out_creds' properly
-
-	* lib/krb5/creds.c (krb5_compare_creds): just verify that the
-	keytypes/enctypes are compatible, not that they are the same
-
-	* kuser/kdestroy.c (cache): const-correctness
-
-1999-05-03  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/hdb/hdb.c (hdb_set_master_key): initialise master key
-	version
-
-	* lib/hdb/convert_db.c: add support for upgrading database
-	versions
-
-	* kdc/misc.c: add flags to fetch
-
-	* kdc/kstash.c: unlink keyfile on failure, chmod to 400
-
-	* kdc/hpropd.c: add --print option
-
-	* kdc/hprop.c: pass flags to hdb_foreach
-
-	* lib/hdb/convert_db.c: add some flags
-
-	* lib/hdb/Makefile.am: remove extra LDFLAGS, update version to 2;
-	build prototype headers
-	
-	* lib/hdb/hdb_locl.h: update prototypes
-
-	* lib/hdb/print.c: move printable version of entry from kadmin
-
-	* lib/hdb/hdb.c: change hdb_{seal,unseal}_* to check if the key is
-	sealed or not; add flags to hdb_foreach
-
-	* lib/hdb/ndbm.c: add flags to NDBM_seq, NDBM_firstkey, and
-	NDBM_nextkey
-
-	* lib/hdb/db.c: add flags to DB_seq, DB_firstkey, and DB_nextkey
-
-	* lib/hdb/common.c: add flags to _hdb_{fetch,store}
-
-	* lib/hdb/hdb.h: add master_key_version to struct hdb, update
-	prototypes
-
-	* lib/hdb/hdb.asn1: make mkvno optional, update version to 2
-
-	* configure.in: --enable-netinfo
-
-	* lib/krb5/config_file.c: HAVE_NETINFO_NI_H -> HAVE_NETINFO
-
-	* config.sub: fix for crays
-
-	* config.guess: new version from automake 1.4
-	
-	* config.sub: new version from automake 1.4
-
-Wed Apr 28 00:21:17 1999  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.1e
-
-	* lib/krb5/mcache.c (mcc_get_next): get the current cursor
- 	correctly
-
-	* acconfig.h: correct definition of KRB_PUT_INT for old krb4 code.
-  	From Ake Sandgren <ake@cs.umu.se>
-
-1999-04-27  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/kerberos5.c: fix arguments to decrypt_ticket
-	
-1999-04-25  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/mk_req_ext.c (krb5_mk_req_internal): try to handle old
-	DCE secd's that are not able to handle MD5 checksums by defaulting
-	to MD4 if the keytype was DES-CBC-CRC
-	
-	* lib/krb5/mk_req.c (krb5_mk_req): use auth_context->keytype
-	
-	* lib/krb5/krb5.h (krb5_auth_context_data): add `keytype' and
-	`cksumtype'
-
-	* lib/krb5/get_cred.c (make_pa_tgs_req): remove old kludge for
-	secd
-	(init_tgs_req): add all supported enctypes for the keytype in
-	`in_creds->session.keytype' if it's set
-
-	* lib/krb5/crypto.c (F_PSEUDO): new flag for non-protocol
-	encryption types
-	(do_checksum): new function
-	(verify_checksum): take the checksum to use from the checksum message
-	and not from the crypto struct
-	(etypes): add F_PSEUDO flags
-	(krb5_keytype_to_enctypes): new function
-
-	* lib/krb5/auth_context.c (krb5_auth_con_init): initalize keytype
-	and cksumtype
-	(krb5_auth_setcksumtype, krb5_auth_getcksumtype): implement
-	(krb5_auth_setkeytype, krb5_auth_getkeytype): implement
-	(krb5_auth_setenctype): comment out, it's rather bogus anyway
-
-Sun Apr 25 16:55:50 1999  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/krb5_locl.h: fix for stupid aix warnings
-
-	* lib/krb5/fcache.c (erase_file): don't malloc
-	
-Sat Apr 24 18:35:21 1999  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/config.c: pass context to krb5_config_file_free
-
-	* kuser/kinit.c: add `--fcache-version' to set cache version to
-	create
-
-	* kuser/klist.c: print cache version if verbose
-
-	* lib/krb5/transited.c (krb5_domain_x500_decode): don't abort
-
-	* lib/krb5/principal.c: abort -> krb5_abortx
-
-	* lib/krb5/mk_rep.c: abort -> krb5_abortx
-
-	* lib/krb5/config_file.c: abort -> krb5_abortx
-
-	* lib/krb5/context.c (init_context_from_config_file): init
-	fcache_version; add krb5_{get,set}_fcache_version
-
-	* lib/krb5/keytab.c: add support for reading (and writing?) old
-	version keytabs
-
-	* lib/krb5/cache.c: add krb5_cc_get_version
-
-	* lib/krb5/fcache.c: add support for reading and writing old
-	version cache files
-
-	* lib/krb5/store_mem.c (krb5_storage_from_mem): zero flags
-
-	* lib/krb5/store_emem.c (krb5_storage_emem): zero flags
-
-	* lib/krb5/store_fd.c (krb5_storage_from_fd): zero flags
-
-	* lib/krb5/store.c: add flags to change how various fields are
-	stored, used for old cache version support
-	
-	* lib/krb5/krb5.h: add support for reading and writing old version
-	cache files, and keytabs
-	
-Wed Apr 21 00:09:26 1999  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: fix test for readline.h remember to link with
- 	$LIB_tgetent when trying linking with readline
-
-	* lib/krb5/init_creds_pw.c (get_init_creds_common): if start_time
- 	is given, request a postdated ticket.
-
-	* lib/krb5/data.c (krb5_data_free): free data as long as it's not
- 	NULL
-
-Tue Apr 20 20:18:14 1999  Assar Westerlund  <assar@sics.se>
-
-	* kpasswd/Makefile.am (kpasswdd_LDADD): add LIB_dlopen
-
-	* lib/krb5/krb5.h (KRB5_VERIFY_AP_REQ_IGNORE_INVALID): add
-
-	* lib/krb5/rd_req.c (krb5_decrypt_ticket): add `flags` and
- 	KRB5_VERIFY_AP_REQ_IGNORE_INVALID for ignoring that the ticket is
- 	invalid
-
-Tue Apr 20 12:42:08 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* kpasswd/kpasswdd.c: don't try to load library by default; get
- 	library and function name from krb5.conf
-
-	* kpasswd/sample_passwd_check.c: sample password checking
- 	functions
-
-Mon Apr 19 22:22:19 1999  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/store.c (krb5_storage_to_data, krb5_ret_data): use
- 	krb5_data_alloc and be careful with checking allocation and sizes.
-
-	* kuser/klist.c (--tokens): conditionalize on KRB4
-
-	* kuser/kinit.c (renew_validate): set all flags
-	(main): fix cut-n-paste error when setting start-time
-
-	* kdc/kerberos5.c (check_tgs_flags): starttime of a validate
- 	ticket should be > than current time
-	(*): send flags to krb5_verify_ap_req and krb5_decrypt_ticket
-
-	* kuser/kinit.c (renew_validate): use the client realm instead of
- 	the local realm when renewing tickets.
-
-	* lib/krb5/get_for_creds.c (krb5_fwd_tgs_creds): compat function
-	(krb5_get_forwarded_creds): correct freeing of out_creds
-
-	* kuser/kinit.c (renew_validate): hopefully fix up freeing of
- 	memory
-
-	* configure.in: do all the krb4 tests with "$krb4" != "no"
-
-	* lib/krb5/keyblock.c (krb5_free_keyblock_contents): don't zero
- 	keyvalue if it's NULL.  noticed by Ake Sandgren <ake@cs.umu.se>
-
-	* lib/krb5/get_in_tkt.c (add_padata): loop over all enctypes
- 	instead of just taking the first one.  fix all callers.  From
- 	"Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net>
-
-	* kdc/kdc_locl.h (enable_kaserver): declaration
-	
-	* kdc/hprop.c (ka_convert): print the failing principal.  AFS 3.4a
- 	creates krbtgt.REALMOFCELL as NOTGS+NOSEAL, work around.  From
- 	"Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net>
-
-	* kdc/hpropd.c (open_socket): stupid cast to get rid of a warning
-
-	* kdc/connect.c (add_standard_ports, process_request): look at
- 	enable_kaserver.  From "Brandon S. Allbery KF8NH"
- 	<allbery@kf8nh.apk.net>
-
-	* kdc/config.c: new flag --kaserver and config file option
- 	enable-kaserver.  From "Brandon S. Allbery KF8NH"
- 	<allbery@kf8nh.apk.net>
-
-Mon Apr 19 12:32:04 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* configure.in: check for dlopen, and dlfcn.h
-
-	* kpasswd/kpasswdd.c: add support for dlopen:ing password quality
- 	check library
-
-	* configure.in: add appl/su
-
-Sun Apr 18 15:46:53 1999  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/cache.c: add krb5_cc_get_type that returns type of a
- 	cache
-
-Fri Apr 16 17:58:51 1999  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: LIB_kdb: -L should be before -lkdb
-	test for prototype of strsep
-	
-Thu Apr 15 11:34:38 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* lib/krb5/Makefile.am: update version
-
-	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): use
- 	ALLOC_SEQ
-
-	* lib/krb5/fcache.c: add some support for reading and writing old
- 	cache formats;
-	(fcc_store_cred): use krb5_store_creds; (fcc_read_cred): use
-	krb5_ret_creds
-
-	* lib/krb5/store_mem.c (krb5_storage_from_mem): check malloc,
- 	initialize host_byteorder
-
-	* lib/krb5/store_fd.c (krb5_storage_from_fd): initialize
- 	host_byteorder
-
-	* lib/krb5/store_emem.c (krb5_storage_emem): initialize
- 	host_byteorder
-
-	* lib/krb5/store.c (krb5_storage_set_host_byteorder): add;
-	(krb5_store_int32,krb5_ret_int32,krb5_store_int16,krb5_ret_int16):
- 	check host_byteorder flag; (krb5_store_creds): add;
- 	(krb5_ret_creds): add
-
-	* lib/krb5/krb5.h (krb5_storage): add `host_byteorder' flag for
- 	storage of numbers
-
-	* lib/krb5/heim_err.et: add `host not found' error
-
-	* kdc/connect.c: don't use data after clearing decriptor
-
-	* lib/krb5/auth_context.c: abort -> krb5_abortx
-
-	* lib/krb5/warn.c: add __attribute__; add *abort functions
-
-	* configure.in: check for __attribute__
-
-	* kdc/connect.c: log bogus requests
-
-Tue Apr 13 18:38:05 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* lib/kadm5/create_s.c (kadm5_s_create_principal): create v4 salts
- 	for all DES keys
-
-1999-04-12  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_cred.c (init_tgs_req): re-structure a little bit
-
-	* lib/krb5/get_cred.c (init_tgs_req): some more error checking
-
-	* lib/krb5/generate_subkey.c (krb5_generate_subkey): check return
-	value from malloc
-
-Sun Apr 11 03:47:23 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* lib/krb5/krb5.conf.5: update to reality
-
-	* lib/krb5/krb5_425_conv_principal.3: update to reality
-
-1999-04-11  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_host_realm.c: handle more than one realm for a host
-
-	* kpasswd/kpasswd.c (main): use krb5_program_setup and
-	print_version
-
-	* kdc/string2key.c (main): use krb5_program_setup and
-	print_version
-
-Sun Apr 11 02:35:58 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* lib/krb5/principal.c (krb5_524_conv_principal): make it actually
- 	work, and check built-in list of host-type first-components
-
-	* lib/krb5/krbhst.c: lookup SRV-records to find a kdc for a realm
-
-	* lib/krb5/context.c: add srv_* flags to context
-
-	* lib/krb5/principal.c: add default v4_name_convert entries
-
-	* lib/krb5/krb5.h: add srv_* flags to context
-
-Sat Apr 10 22:52:28 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* kadmin/kadmin.c: complain about un-recognised commands
-
-	* admin/ktutil.c: complain about un-recognised commands
-
-Sat Apr 10 15:41:49 1999  Assar Westerlund  <assar@sics.se>
-
-	* kadmin/load.c (doit): fix error message
-
-	* lib/krb5/crypto.c (encrypt_internal): free checksum if lengths
- 	fail to match.
-	(krb5_get_wrapped_length): new function
-
-	* configure.in: security/pam_modules.h: check for
-
-	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): kludge
- 	around `ret_as_reply' semantics by only freeing it when ret == 0
-
-Fri Apr  9 20:24:04 1999  Assar Westerlund  <assar@sics.se>
-
-	* kuser/klist.c (print_cred_verbose): handle the case of a bad
- 	enctype
-
-	* configure.in: test for more header files
-	(LIB_roken): set
-
-Thu Apr  8 15:01:59 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* configure.in: fixes for building w/o krb4
-
-	* ltmain.sh: update to libtool 1.2d
-
-	* ltconfig: update to libtool 1.2d
-
-Wed Apr  7 23:37:26 1999  Assar Westerlund  <assar@sics.se>
-
-	* kdc/hpropd.c: fix some error messages to be more understandable.
-
-	* kdc/hprop.c (ka_dump): remove unused variables
-
-	* appl/test/tcp_server.c: remove unused variables
-
-	* appl/test/gssapi_server.c: remove unused variables
-
-	* appl/test/gssapi_client.c: remove unused variables
-
-Wed Apr  7 14:05:15 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* lib/krb5/context.c (krb5_get_err_text): long -> krb5_error_code
-
-	* kuser/klist.c: make it compile w/o krb4
-
-	* kuser/kdestroy.c: make it compile w/o krb4
-
-	* admin/ktutil.c: fix {srv,key}2{srv,key}tab confusion; add help
- 	strings
-
-Mon Apr  5 16:13:46 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* configure.in: test for MIPS ABI; new test_package
-
-Thu Apr  1 11:00:40 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* include/Makefile.am: clean krb5-private.h
-
-	* Release 0.1d
-
-	* kpasswd/kpasswdd.c (doit): pass context to
- 	krb5_get_all_client_addrs
-
-	* kdc/connect.c (init_sockets): pass context to
- 	krb5_get_all_server_addrs
-
-	* lib/krb5/get_in_tkt.c (init_as_req): pass context to
- 	krb5_get_all_client_addrs
-
-	* lib/krb5/get_cred.c (get_cred_kdc_la): pass context to
- 	krb5_get_all_client_addrs
-
-	* lib/krb5/get_addrs.c (get_addrs_int): add extra host addresses
-
-	* lib/krb5/krb5.h: add support for adding an extra set of
- 	addresses
-
-	* lib/krb5/context.c: add support for adding an extra set of
- 	addresses
-
-	* lib/krb5/addr_families.c: add krb5_parse_address
-
-	* lib/krb5/address.c: krb5_append_addresses
-
-	* lib/krb5/config_file.c (parse_binding): don't zap everything
- 	after first whitespace
-
-	* kuser/kinit.c (renew_validate): don't allocate out
-
-	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): don't
- 	allocate out_creds
-
-	* lib/krb5/get_cred.c (get_cred_kdc, get_cred_kdc_la): make
- 	out_creds pointer;
-	(krb5_get_kdc_cred): allocate out_creds; (get_cred_from_kdc_flags):
-	free more memory
-
-	* lib/krb5/crypto.c (encrypt_internal): free checksum
-
-	* lib/krb5/convert_creds.c (krb524_convert_creds_kdc): free reply,
- 	and ticket
-
-	* kuser/Makefile.am: remove kfoo
-
-	* lib/Makefile.am: add auth
-
-	* lib/kadm5/iprop.h: getarg.h
-
-	* lib/kadm5/replay_log.c: use getarg
-
-	* lib/kadm5/ipropd_slave.c: use getarg
-
-	* lib/kadm5/ipropd_master.c: use getarg
-
-	* lib/kadm5/dump_log.c: use getarg
-
-	* kpasswd/kpasswdd.c: use getarg
-
-	* Makefile.am.common: make a more working check-local target
-
-	* lib/asn1/main.c: use getargs
-
-Mon Mar 29 20:19:57 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* kuser/klist.c (print_cred_verbose): use krb5_print_address
-
-	* lib/kadm5/server.c: k_{put,get}_int -> _krb5_{put,get}_int
-
-	* lib/krb5/addr_families.c (krb5_print_address): handle unknown
- 	address types; (ipv6_print_addr): print in 16-bit groups (as it
- 	should)
-
-	* lib/krb5/crc.c: crc_{init_table,update} ->
- 	_krb5_crc_{init_table,update}
-
-	* lib/krb5/crypto.c: k_{put,get}_int -> _krb5_{put,get}_int
- 	crc_{init_table,update} -> _krb5_crc_{init_table,update}
-
-	* lib/krb5/send_to_kdc.c: k_{put,get}_int -> _krb5_{put,get}_int
-
-	* lib/krb5/store.c: k_{put,get}_int -> _krb5_{put,get}_int
-
-	* lib/krb5/krb5_locl.h: include krb5-private.h
-
-	* kdc/connect.c (addr_to_string): use krb5_print_address
-
-	* lib/krb5/addr_families.c (krb5_print_address): int -> size_t
-
-	* lib/krb5/addr_families.c: add support for printing ipv6
- 	addresses, either with inet_ntop, or ugly for-loop
-
-	* kdc/524.c: check that the ticket came from a valid address; use
- 	the address of the connection as the address to put in the v4
- 	ticket (if this address is AF_INET)
-
-	* kdc/connect.c: pass addr to do_524
-
-	* kdc/kdc_locl.h: prototype for do_524
-
-Sat Mar 27 17:48:31 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* configure.in: check for OSF C2; bind/bitypes.h, getudbnam,
- 	setlim; check for auth modules; siad.h, getpwnam_r;
- 	lib/auth/Makefile, lib/auth/sia/Makefile
-
-	* lib/krb5/crypto.c: n_fold -> _krb5_n_fold
-
-	* lib/krb5/n-fold.c: n_fold -> _krb5_n_fold
-
-Thu Mar 25 04:35:21 1999  Assar Westerlund  <assar@sics.se>
-
-	* lib/kadm5/set_keys.c (_kadm5_set_keys): free salt when zapping
- 	it
-
-	* lib/kadm5/free.c (kadm5_free_principal_ent): free `key_data'
-
-	* lib/hdb/ndbm.c (NDBM_destroy): clear master key
-
-	* lib/hdb/db.c (DB_destroy): clear master key
-	(DB_open): check malloc
-
-	* kdc/connect.c (init_sockets): free addresses
-
-	* kadmin/kadmin.c (main): make code more consistent.  always free
- 	configuration information.
-
-	* kadmin/init.c (create_random_entry): free the entry
-
-Wed Mar 24 04:02:03 1999  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password):
- 	re-organize the code to always free `kdc_reply'
-
-	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): be more careful about
- 	freeing memory
-
-	* lib/krb5/fcache.c (fcc_destroy): don't call fcc_close
-
-	* lib/krb5/crypto.c (krb5_crypto_destroy): free `crypto'
-
-	* lib/hdb/hdb_locl.h: try db_185.h first in case db.h is a DB 2.0
- 	header
-
-	* configure.in (db_185.h): check for
-
-	* admin/srvcreate.c: new file. contributed by Daniel Kouril
- 	<kouril@informatics.muni.cz>
-
-	* admin/ktutil.c: srvcreate: new command
-
-	* kuser/klist.c: add support for printing AFS tokens
-
-	* kuser/kdestroy.c: add support for destroying v4 tickets and AFS
- 	tokens.  based on code by Love <lha@stacken.kth.se>
-
-	* kuser/Makefile.am (kdestroy_LDADD, klist_LDADD): more libraries
-
-	* configure.in: sys/ioccom.h: test for
-
-	* kuser/klist.c (main): don't print `no ticket file' with --test.
-  	From: Love <lha@e.kth.se>
-
-	* kpasswd/kpasswdd.c (doit): more braces to make gcc happy
-
-	* kdc/connect.c (init_socket): get rid of a stupid warning
-
-	* include/bits.c (my_strupr): cast away some stupid warnings
-
-Tue Mar 23 14:34:44 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* lib/krb5/get_host_realm.c (krb5_get_host_realm): no infinite
- 	loops, please
-
-Tue Mar 23 00:00:45 1999  Assar Westerlund  <assar@sics.se>
-
-	* lib/kadm5/Makefile.am (install_build_headers): recover from make
- 	rewriting the names of the headers kludge to help solaris make
-
-	* lib/krb5/Makefile.am: kludge to help solaris make
-
-	* lib/hdb/Makefile.am: kludge to help solaris make
-
-	* configure.in (LIB_kdb): make sure there's a -L option in here by
- 	adding $(LIB_krb4)
-
-	* lib/asn1/gen_glue.c (generate_2int, generate_int2): int ->
- 	unsigned
-
-	* configure.in (SunOS): set to a number KRB4, KRB5 conditionals:
- 	remove the `dnl' to work around an automake flaw
-
-Sun Mar 21 15:08:49 1999  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/get_default_realm.c: char* -> krb5_realm
-
-Sun Mar 21 14:08:30 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* include/bits.c: <bind/bitypes.h>
-
-	* lib/krb5/Makefile.am: create krb5-private.h
-
-Sat Mar 20 00:08:59 1999  Assar Westerlund  <assar@sics.se>
-
-	* configure.in (gethostname): remove duplicate
-
-Fri Mar 19 14:48:03 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* lib/hdb/Makefile.am: add version-info
-
-	* lib/gssapi/Makefile.am: add version-info
-
-	* lib/asn1/Makefile.am: use $(x:y=z) make syntax; move check-der
- 	to check_PROGRAMS
-
-	* lib/Makefile.am: add 45
-
-	* lib/kadm5/Makefile.am: split in client and server libraries
- 	(breaks shared libraries otherwise)
-
-Thu Mar 18 11:33:30 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* include/kadm5/Makefile.am: clean a lot of header files (since
- 	automake lacks a clean-hook)
-
-	* include/Makefile.am: clean a lot of header files (since automake
- 	lacks a clean-hook)
-
-	* lib/kadm5/Makefile.am: fix build-installation of headers
-
-	* lib/krb5/Makefile.am: remove include_dir hack
-
-	* lib/hdb/Makefile.am: remove include_dir hack
-
-	* lib/asn1/Makefile.am: remove include_dir hack
-
-	* include/Makefile.am: remove include_dir hack
-
-	* doc/whatis.texi: define sub for html
-
-	* configure.in: LIB_kdb, have_err_h, have_fnmatch_h, have_glob_h
-
-	* lib/asn1/Makefile.am: der.h
-
-	* kpasswd/kpasswdd.c: admin.h -> kadm5/admin.h
-
-	* kdc/Makefile.am: remove junk
-
-	* kadmin/Makefile.am: sl.a -> sl.la
-
-	* appl/afsutil/Makefile.am: remove EXTRA_bin_PROGRAMS
-
-	* admin/Makefile.am: sl.a -> sl.la
-
-	* configure.in: condition KRB5; AC_CHECK_XAU
-
-	* Makefile.am: include Makefile.am.common
-
-	* include/kadm5/Makefile.am: include Makefile.am.common; don't
- 	install headers from here
-
-	* include/Makefile.am: include Makefile.am.common; don't install
- 	headers from here
-
-	* doc/Makefile.am: include Makefile.am.common
-
-	* lib/krb5/Makefile.am: include Makefile.am.common
-
-	* lib/kadm5/Makefile.am: include Makefile.am.common
-
-	* lib/hdb/Makefile.am: include Makefile.am.common
-
-	* lib/gssapi/Makefile.am: include Makefile.am.common
-
-	* lib/asn1/Makefile.am: include Makefile.am.common
-
-	* lib/Makefile.am: include Makefile.am.common
-
-	* lib/45/Makefile.am: include Makefile.am.common
-
-	* kuser/Makefile.am: include Makefile.am.common
-
-	* kpasswd/Makefile.am: include Makefile.am.common
-
-	* kdc/Makefile.am: include Makefile.am.common
-
-	* kadmin/Makefile.am: include Makefile.am.common
-
-	* appl/test/Makefile.am: include Makefile.am.common
-
-	* appl/afsutil/Makefile.am: include Makefile.am.common
-
-	* appl/Makefile.am: include Makefile.am.common
-
-	* admin/Makefile.am: include Makefile.am.common
-
-Wed Mar 17 03:04:38 1999  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/store.c (krb5_store_stringz): braces fix
-
-	* lib/kadm5/get_s.c (kadm5_s_get_principal): braces fix
-
-	* lib/kadm5/ent_setup.c (_kadm5_setup_entry): braces fix
-
-	* kdc/connect.c (loop): braces fix
-
-	* lib/krb5/config_file.c: cast to unsigned char to make is* happy
-
-	* lib/krb5/log.c (krb5_addlog_dest): more braces to make gcc happy
-
-	* lib/krb5/crypto.c (krb5_verify_checksum): rename C -> cksum to
- 	be consistent
-
-	* kadmin/util.c (timeval2str): more braces to make gcc happy
-
-	* kadmin/load.c: cast in is* to get rid of stupid warning
-
-	* kadmin/dump.c (append_hex): cast in isalnum to get rid of stupid
- 	warning
-
-	* kdc/kaserver.c: malloc checks and fixes
-
-	* lib/krb5/get_host_realm.c (krb5_get_host_realm): include leading
- 	dot (if any) when looking up realms.
-
-Fri Mar 12 13:57:56 1999  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/get_host_realm.c: add dns support
-
-	* lib/krb5/set_default_realm.c: use krb5_free_host_realm
-
-	* lib/krb5/free_host_realm.c: check for NULL realmlist
-
-	* lib/krb5/context.c: don't print warning if there is no krb5.conf
-
-Wed Mar 10 19:29:46 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* configure.in: use AC_WFLAGS
-
-Mon Mar  8 11:49:43 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Release 0.1c
-
-	* kuser/klist.c: use print_version
-
-	* kuser/kdestroy.c: use print_version
-
-	* kdc/hpropd.c: use print_version
-
-	* kdc/hprop.c: use print_version
-
-	* kdc/config.c: use print_version
-
-	* kadmin/kadmind.c: use print_version
-
-	* kadmin/kadmin.c: use print_version
-
-	* appl/test/common.c: use print_version
-
-	* appl/afsutil/afslog.c: use print_version
-
-Mon Mar  1 10:49:14 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* lib/krb5/get_addrs.c: SOCKADDR_HAS_SA_LEN ->
- 	HAVE_STRUCT_SOCKADDR_SA_LEN
-
-	* configure.in, acconfig.h, cf/*: update to automake 1.4/autoconf 2.13
-
-Sun Feb 28 18:19:20 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* lib/asn1/gen.c: make `BIT STRING's unsigned
-
-	* lib/asn1/{symbol.h,gen.c}: add TUInteger type
-
-	* lib/krb5/verify_user.c (krb5_verify_user): pass prompter to
- 	krb5_get_init_creds_password
-
-	* lib/krb5/fcache.c (fcc_gen_new): implement
-
-Sat Feb 27 22:41:23 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* doc/install.texi: krb4 is now automatically detected
-
-	* doc/misc.texi: update procedure to set supported encryption
- 	types
-
-	* doc/setup.texi: change some silly wordings
-
-Sat Feb 27 22:17:30 1999  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/keytab.c (fkt_remove_entry): make this work
-
-	* admin/ktutil.c: add minimally working `get' command
-
-Sat Feb 27 19:44:49 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* lib/hdb/convert_db.c: more typos
-
-	* include/Makefile.am: remove EXTRA_DATA (as of autoconf
- 	2.13/automake 1.4)
-
-	* appl/Makefile.am: OTP_dir
-
-Fri Feb 26 17:37:00 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* doc/setup.texi: add kadmin section
-
-	* lib/asn1/check-der.c: fix printf warnings
-
-Thu Feb 25 11:16:49 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* configure.in: -O does not belong in WFLAGS
-
-Thu Feb 25 11:05:57 1999  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/asn1/der_put.c: fix der_put_int
-
-Tue Feb 23 20:35:12 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* configure.in: use AC_BROKEN_GLOB
-
-Mon Feb 22 15:12:44 1999  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* configure.in: check for glob
-
-Mon Feb 22 11:32:42 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Release 0.1b
-
-Sat Feb 20 15:48:06 1999  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/hdb/convert_db.c: convert DES3 keys to des3-cbc-sha1, and
- 	des3-cbc-md5
-
-	* lib/krb5/crypto.c (DES3_string_to_key): make this actually do
- 	what the draft said it should
-
-	* lib/hdb/convert_db.c: little program for database conversion
-
-	* lib/hdb/db.c (DB_open): try to open database w/o .db extension
-
-	* lib/hdb/ndbm.c (NDBM_open): add test for database format
-
-	* lib/hdb/db.c (DB_open): add test for database format
-
-	* lib/asn1/gen_glue.c (generate_2int): don't depend on flags being
- 	unsigned
-
-	* lib/hdb/hdb.c: change `hdb_set_master_key' to take an
- 	EncryptionKey, and add a new function `hdb_set_master_keyfile' to
- 	do what `hdb_set_master_key' used to do
-
-	* kdc/kstash.c: add `--convert-file' option to change keytype of
- 	existing master key file
-
-Fri Feb 19 07:04:14 1999  Assar Westerlund  <assar@squid.pdc.kth.se>
-
-	* Release 0.1a
-
-Sat Feb 13 17:12:53 1999  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/mk_safe.c (krb5_mk_safe): sizeof(buf) -> buf_size, buf
- 	is now a `u_char *'
-
-	* lib/krb5/get_in_tkt.c (krb5_init_etype): etypes are now `int'
-
-	* lib/krb5/get_host_realm.c (krb5_get_host_realm): constize
- 	orig_host
-
- 	(krb5_salttype_to_string): new function (RSA_MD5_DES_verify,
- 	RSA_MD5_DES3_verify): initialize ret
-
-	* lib/gssapi/init_sec_context.c (init_auth): remove unnecessary
- 	gssapi_krb5_init.  ask for KEYTYPE_DES credentials
-
-	* kadmin/get.c (print_entry_long): print the keytypes and salts
- 	available for the principal
-
-	* configure.in (WFLAGS): add `-O' to catch unitialized variables
- 	and such
-	(gethostname, mkstemp, getusershell, inet_aton): more tests
-
-	* lib/hdb/hdb.h: update prototypes
-
-	* configure.in: homogenize broken detection with krb4
-
-	* lib/kadm5/init_c.c (kadm5_c_init_with_context): remove unused
- 	`error'
-
-	* lib/asn1/Makefile.am (check-der): add
-
-	* lib/asn1/gen.c (define_type): map ASN1 Integer to `int' instead
- 	of `unsigned'
-
-	* lib/asn1/der_length.c (length_unsigned): new function
-	(length_int): handle signed integers
-
-	* lib/asn1/der_put.c (der_put_unsigned): new function
-	(der_put_int): handle signed integers
-
- 	* lib/asn1/der_get.c (der_get_unsigned): new function
- 	(der_get_int): handle signed integers
-
-	* lib/asn1/der.h: all integer functions take `int' instead of
- 	`unsigned'
-
-	* lib/asn1/lex.l (filename): unused. remove.
-
-	* lib/asn1/check-der.c: new test program for der encoding and
- 	decoding.
-
-Mon Feb  1 04:09:06 1999  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/send_to_kdc.c (krb5_sendto_kdc): only call
- 	gethostbyname2 with AF_INET6 if we actually have IPv6.  From
- 	"Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net>
-
- 	* lib/krb5/changepw.c (get_kdc_address): dito
-
-Sun Jan 31 06:26:36 1999  Assar Westerlund  <assar@sics.se>
-
-	* kdc/connect.c (parse_prots): always bind to AF_INET, there are
- 	v6-implementations without support for `mapped V4 addresses'.
-  	From Jun-ichiro itojun Hagino <itojun@kame.net>
-
-Sat Jan 30 22:38:27 1999  Assar Westerlund  <assar@juguete.sics.se>
-
-	* Release 0.0u
-
-Sat Jan 30 13:43:02 1999  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am: explicit rules for *.et files
-
- 	* lib/kadm5/init_c.c (get_kadm_ticket): only remove creds if
- 	krb5_get_credentials was succesful.
- 	(get_new_cache): return better error codes and return earlier.
- 	(get_cred_cache): only delete default_client if it's different
- 	from client
- 	(kadm5_c_init_with_context): return a more descriptive error.
-
-	* kdc/kerberos5.c (check_flags): handle NULL client or server
-
-	* lib/krb5/sendauth.c (krb5_sendauth): return the error in
- 	`ret_error' iff != NULL
-
-	* lib/krb5/rd_error.c (krb5_free_error, krb5_free_error_contents):
- 	new functions
-
-	* lib/krb5/mk_req_ext.c (krb5_mk_req_extended): more
- 	type-correctness
-
-	* lib/krb5/krb5.h (krb5_error): typedef to KRB_ERROR
-
-	* lib/krb5/init_creds_pw.c: KRB5_TGS_NAME: use
-
-	* lib/krb5/get_cred.c: KRB5_TGS_NAME: use
-
- 	* lib/kafs/afskrb5.c (afslog_uid_int): update to changes
-
-	* lib/kadm5/rename_s.c (kadm5_s_rename_principal): call remove
- 	instead of rename, but shouldn't this just call rename?
-
- 	* lib/kadm5/get_s.c (kadm5_s_get_principal): always return an
- 	error if the principal wasn't found.
-
-	* lib/hdb/ndbm.c (NDBM_seq): unseal key
-
-	* lib/hdb/db.c (DB_seq): unseal key
-
-	* lib/asn1/Makefile.am: added explicit rules for asn1_err.[ch]
-
-	* kdc/hprop.c (v4_prop): add krbtgt/THISREALM@OTHERREALM when
- 	finding cross-realm tgts in the v4 database
-
-	* kadmin/mod.c (mod_entry): check the number of arguments.  check
- 	that kadm5_get_principal worked.
-
-	* lib/krb5/keytab.c (fkt_remove_entry): remove KRB5_KT_NOTFOUND if
- 	we weren't able to remove it.
-
-	* admin/ktutil.c: less drive-by-deleting.  From Love
- 	<lha@e.kth.se>
-
-	* kdc/connect.c (parse_ports): copy the string before mishandling
- 	it with strtok_r
-
-	* kdc/kerberos5.c (tgs_rep2): print the principal with mismatching
- 	kvnos
-
-	* kadmin/kadmind.c (main): convert `debug_port' to network byte
- 	order
-
-	* kadmin/kadmin.c: allow specification of port number.
-
-	* lib/kadm5/kadm5_locl.h (kadm5_client_context): add
- 	`kadmind_port'.
-
-	* lib/kadm5/init_c.c (_kadm5_c_init_context): move up
- 	initalize_kadm5_error_table_r.
-	allow specification of port number.
-	
-  	From Love <lha@stacken.kth.se>
-
-	* kuser/klist.c: add option -t | --test
-
diff --git a/crypto/heimdal/ChangeLog.2000 b/crypto/heimdal/ChangeLog.2000
deleted file mode 100644
index a1cb687f550e..000000000000
--- a/crypto/heimdal/ChangeLog.2000
+++ /dev/null
@@ -1,1320 +0,0 @@
-2000-12-31  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/test_get_addrs.c (main): handle krb5_init_context
-	failure consistently
-	* lib/krb5/string-to-key-test.c (main): handle krb5_init_context
-	failure consistently
-	* lib/krb5/prog_setup.c (krb5_program_setup): handle
-	krb5_init_context failure consistently
-	* lib/hdb/convert_db.c (main): handle krb5_init_context failure
-	consistently
-	* kuser/kverify.c (main): handle krb5_init_context failure
-	consistently
-	* kuser/klist.c (main): handle krb5_init_context failure
-	consistently
-	* kuser/kinit.c (main): handle krb5_init_context failure
-	consistently
-	* kuser/kgetcred.c (main): handle krb5_init_context failure
-	consistently
-	* kuser/kdestroy.c (main): handle krb5_init_context failure
-	consistently
-	* kuser/kdecode_ticket.c (main): handle krb5_init_context failure
-	consistently
-	* kuser/generate-requests.c (generate_requests): handle
-	krb5_init_context failure consistently
-	* kpasswd/kpasswd.c (main): handle krb5_init_context failure
-	consistently
-	* kpasswd/kpasswd-generator.c (generate_requests): handle
-	krb5_init_context failure consistently
-	* kdc/main.c (main): handle krb5_init_context failure consistently
-	* appl/test/uu_client.c (proto): handle krb5_init_context failure
-	consistently
-	* appl/kf/kf.c (main): handle krb5_init_context failure
-	consistently
-	* admin/ktutil.c (main): handle krb5_init_context failure
-	consistently
-
-	* admin/get.c (kt_get): more error checking
-
-2000-12-29  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1/asn1_print.c (loop): check for length longer than data.
-	inspired by lha@stacken.kth.se
-
-2000-12-16  Johan Danielsson  <joda@pdc.kth.se>
-
-	* admin/ktutil.8: reflect recent changes
-
-	* admin/copy.c: don't copy an entry that already exists in the
-	keytab, and warn if the keyblock differs
-
-2000-12-15  Johan Danielsson  <joda@pdc.kth.se>
-
-	* admin/Makefile.am: merge srvconvert and srvcreate with copy
-
-	* admin/copy.c: merge srvconvert and srvcreate with copy
-
-	* lib/krb5/Makefile.am: always build keytab_krb4.c
-
-	* lib/krb5/context.c: always register the krb4 keytab functions
-
-	* lib/krb5/krb5.h: declare krb4_ftk_ops
-
-	* lib/krb5/keytab_krb4.c: We don't really need to include krb.h
-	here, since we only use the principal size macros, so define these
-	here. Theoretically someone could have a krb4 system where these
-	values are != 40, but this is unlikely, and
-	krb5_524_conv_principal also assume they are 40.
-
-2000-12-13  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/krb5.h: s/krb5_donot_reply/krb5_donot_replay/
-
-	* lib/krb5/replay.c: fix query-replace-o from MD5 API change, and
-	the struct is called krb5_donot_replay
-
-2000-12-12  Assar Westerlund  <assar@sics.se>
-
-	* admin/srvconvert.c (srvconvert): do not use data after free:ing
-	it
-
-2000-12-11  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.3d
-
-2000-12-11  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set version to 14:0:0
-	* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): update to 6:3:0
-	* lib/krb5/Makefile.am (libkrb5_la_LIBADD): add library
-	dependencies
-
-2000-12-10  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/auth_context.c: implement krb5_auth_con_{get,set}rcache
-
-2000-12-08  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/krb5.h (krb5_enctype): add ETYPE_DES3_CBC_NONE_IVEC as
-	a new pseudo-type
-
-	* lib/krb5/crypto.c (DES_AFS3_CMU_string_to_key): always treat
-	cell names as lower case
-	(krb5_encrypt_ivec, krb5_decrypt_ivec): new functions that allow an
-	explicit ivec to be specified.  fix all sub-functions.
-	(DES3_CBC_encrypt_ivec): new function that takes an explicit ivec
-
-2000-12-06  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/Makefile.am: actually build replay cache code
-
-	* lib/krb5/replay.c: implement krb5_get_server_rcache
-
-	* kpasswd/kpasswdd.c: de-pointerise auth_context parameter to
-	krb5_mk_rep
-
-	* lib/krb5/recvauth.c: de-pointerise auth_context parameter to
-	krb5_mk_rep
-
-	* lib/krb5/mk_rep.c: auth_context should not be a pointer
-
-	* lib/krb5/auth_context.c: implement krb5_auth_con_genaddrs, and
-	make setaddrs_from_fd use that
-
-	* lib/krb5/krb5.h: add some more KRB5_AUTH_CONTEXT_* flags
-
-2000-12-05  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/Makefile.am: add kerberos.8 manpage
-
-	* lib/krb5/cache.c: check for NULL remove_cred function
-
-	* lib/krb5/fcache.c: pretend that empty files are non-existant
-
-	* lib/krb5/get_addrs.c (find_all_addresses): use getifaddrs, from
-	Jason Thorpe <thorpej@netbsd.org>
-
-2000-12-01  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: remove configure-time generation of krb5-config
-	* tools/Makefile.am: add generation of krb5-config at make-time
-	instead of configure-time
-
-	* tools/krb5-config.in: add --prefix and --exec-prefix
-
-2000-11-30  Assar Westerlund  <assar@sics.se>
-
-	* tools/Makefile.am: add krb5-config.1
-	* tools/krb5-config.in: add kadm-client and kadm5-server as
-	libraries
-
-2000-11-29  Assar Westerlund  <assar@sics.se>
-
-	* tools/krb5-config.in: add --prefix, --exec-prefix and gssapi
-
-2000-11-29  Johan Danielsson  <joda@pdc.kth.se>
-
-	* configure.in: add roken/Makefile here, since it can't live in
-	rk_ROKEN
-
-2000-11-16  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: use the libtool -rpath, do not rely on ld
-	understanding -rpath
-
-	* configure.in: fix the -Wl stuff for krb4 linking add some
-	gratuitous extra options when linking with an existing libdes
-
-2000-11-15  Assar Westerlund  <assar@sics.se>
-
-	* lib/hdb/hdb.c (hdb_next_enctype2key): const-ize a little bit
-	* lib/Makefile.am (SUBDIRS): try to only build des when needed
-	* kuser/klist.c: print key versions numbers of v4 tickets in
-	verbose mode
-
-	* kdc/kerberos5.c (tgs_rep2): adapt to new krb5_verify_ap_req2
-	* appl/test/gss_common.c (read_token): remove unused variable
-
-	* configure.in (krb4): add -Wl
-	(MD4Init et al): look for these in more libraries
-	(getmsg): only run test if we have the function
-	(AC_OUTPUT): create tools/krb5-config
-
-	* tools/krb5-config.in: new script for storing flags to use
-	* Makefile.am (SUBDIRS): add tools
-
-	* lib/krb5/get_cred.c (make_pa_tgs_req): update to new
-	krb5_mk_req_internal
-	* lib/krb5/mk_req_ext.c (krb5_mk_req_internal): allow different
-	usages for the encryption.  change callers
-	* lib/krb5/rd_req.c (decrypt_authenticator): add an encryption
-	`usage'.  also try the old
-	(and wrong) usage of KRB5_KU_AP_REQ_AUTH for backwards compatibility
-	(krb5_verify_ap_req2): new function for specifying the usage different
-	from the default (KRB5_KU_AP_REQ_AUTH)
-	* lib/krb5/build_auth.c (krb5_build_authenticator): add a `usage'
-	parameter to permit the generation of authenticators with
-	different crypto usage
-
-	* lib/krb5/mk_req.c (krb5_mk_req_exact): new function that takes a
-	krb5_principal
-	(krb5_mk_req): use krb5_mk_req_exact
-
-	* lib/krb5/mcache.c (mcc_close): free data
-	(mcc_destroy): don't free data
-
-2000-11-13  Assar Westerlund  <assar@sics.se>
-
-	* lib/hdb/ndbm.c: handle both ndbm.h and gdbm/ndbm.h
-	* lib/hdb/hdb.c: handle both ndbm.h and gdbm/ndbm.h
-
-2000-11-12  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/hpropd.8: remove extra .Xc
-
-2000-10-27  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kuser/kinit.c: fix v4 fallback lifetime calculation
-
-2000-10-10  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/524.c: fix log messge
-
-2000-10-08  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/changepw.c (krb5_change_password): check for fd's being
-	too large to select on
-	* kpasswd/kpasswdd.c (add_new_tcp): check for the socket fd being
-	too large to select on
-	* kdc/connect.c (add_new_tcp): check for the socket fd being too
-	large to selct on
-	* kdc/connect.c (loop): check that the socket fd is not too large
-	to select on
-	* lib/krb5/send_to_kdc.c (recv_loop): check `fd' for being too
-	large to be able to select on
-
-	* kdc/kaserver.c (do_authenticate): check for time skew
-
-2000-10-01  Assar Westerlund  <assar@sics.se>
-
-	* kdc/524.c (set_address): allocate memory for storing addresses
-	in if the original request had an empty set of addresses
-	* kdc/524.c (set_address): fix bad return of pointer to automatic
-	data
-
-	* config.sub: update to version 2000-09-11 (aka 1.181) from
-	subversions.gnu.org
-
-	* config.guess: update to version 2000-09-05 (aka 1.156) from
-	subversions.gnu.org plus some minor tweaks
-
-2000-09-20  Assar Westerlund  <assar@juguete.sics.se>
-
-	* Release 0.3c
-
-2000-09-19  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to
-	13:1:0
-
-	* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 6:2:0
-
-2000-09-17  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/rd_req.c (krb5_decrypt_ticket): plug some memory leak
-	(krb5_rd_req): try not to return an allocated auth_context on error
-
-	* lib/krb5/log.c (krb5_vlog_msg): fix const-ness
-
-2000-09-10  Assar Westerlund  <assar@sics.se>
-
-	* kdc/524.c: re-organize
-	* kdc/kerberos5.c (tgs_rep2): try to avoid leaking auth_context
-	* kdc/kerberos4.c (valid_princ): check return value of functions
-	(encode_v4_ticket): add some const
-	* kdc/misc.c (db_fetch): check malloc
-	(free_ent): new function
-
-	* lib/krb5/log.c (krb5_vlog_msg): log just the format string it we
-	fail to allocate the actual string to log, should at least provide
-	some hint as to where things went wrong
-
-2000-09-10  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/log.c: use DEFAULT_LOG_DEST
-
-	* kdc/config.c: use _PATH_KDC_CONF
-
-	* kdc/kdc_locl.h: add macro constants for kdc.conf, and kdc.log
-
-2000-09-09  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/crypto.c (_key_schedule): re-use an existing schedule
-
-2000-09-06  Johan Danielsson  <joda@pdc.kth.se>
-
-	* configure.in: fix dpagaix test
-
-2000-09-05  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: with_dce -> enable_dce.  noticed by Ake Sandgren
- 	<ake@cs.umu.se>
-
-2000-09-01  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/kstash.8: update manual page
-
-	* kdc/kstash.c: fix typo, and remove unused option
-
-	* lib/krb5/kerberos.7: short kerberos intro page
-
-2000-08-27  Assar Westerlund  <assar@sics.se>
-
-	* include/bits.c: add __attribute__ for gcc's pleasure
-	* lib/hdb/keytab.c: re-write to delay the opening of the database
-	till it's known which principal is being sought, thereby allowing
-	the usage of multiple databases, however they need to be specified
-	in /etc/krb5.conf since all the programs using this keytab do not
-	read kdc.conf
-
-	* appl/test/test_locl.h (keytab): add
-	* appl/test/common.c: add --keytab
-	* lib/krb5/crypto.c: remove trailing commas
-	(KRB5_KU_USAGE_SEQ): renamed from KRB5_KU_USAGE_MIC
-
-2000-08-26  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/send_to_kdc.c (send_via_proxy): handle `http://' at the
-	beginning of the proxy specification.  use getaddrinfo correctly
-	(krb5_sendto): always return a return code
-
-	* lib/krb5/krb5.h (KRB5_KU_USAGE_MIC): rename to KRB5_KU_USAGE_SEQ
-	* lib/krb5/auth_context.c (krb5_auth_con_free): handle
-	auth_context == NULL
-
-2000-08-23  Assar Westerlund  <assar@sics.se>
-
-	* kdc/kerberos5.c (find_type): make sure of always setting
-	`ret_etype' correctly.  clean-up structure some
-
-2000-08-23  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/mcache.c: implement resolve
-
-2000-08-18  Assar Westerlund  <assar@sics.se>
-
-	* kuser/kdecode_ticket.c: check return value from krb5_crypto_init
-	* kdc/kerberos5.c, kdc/524.c: check return value from krb5_crypto_init
-	* lib/krb5/*.c: check return value from krb5_crypto_init
-
-2000-08-16  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.3b
-
-2000-08-16  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am: bump version to 13:0:0
-
-	* lib/hdb/Makefile.am: set version to 6:1:0
-
-	* configure.in: do getmsg testing the same way as in krb4
-
-	* lib/krb5/config_file.c (krb5_config_parse_file_debug): make sure
- 	of closing the file on error
-
-	* lib/krb5/crypto.c (encrypt_internal_derived): free the checksum
- 	after use
-
-	* lib/krb5/warn.c (_warnerr): initialize args to make third,
- 	purify et al happy
-
-2000-08-13  Assar Westerlund  <assar@sics.se>
-
-	* kdc/kerberos5.c: re-write search for keys code.  loop over all
-	supported enctypes in order, looping over all keys of each type,
-	and picking the one with the v5 default salt preferably
-
-2000-08-10  Assar Westerlund  <assar@sics.se>
-
-	* appl/test/gss_common.c (enet_read): add and use
-	* lib/krb5/krb5.h (heimdal_version, heimdal_long_version): make
-	const
-
-	* lib/krb5/mk_req_ext.c (krb5_mk_req_internal): add comment on
-	checksum type selection
-
-	* lib/krb5/context.c (krb5_init_context): do not leak memory on
-	failure
-	(default_etypes): prefer arcfour-hmac-md5 to des-cbc-md5
-
-	* lib/krb5/principal.c: add fnmatch.h
-
-2000-08-09  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: call AC_PROG_CC and AC_PROG_CPP to make sure later
-	checks that should require them don't fail
-	* acconfig.h: add HAVE_UINT17_T
-
-2000-08-09  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/mit_dump.c: handle all sorts of weird MIT salt types
-
-2000-08-08  Johan Danielsson  <joda@pdc.kth.se>
-
-	* doc/setup.texi: port 212 -> 2121
-
-	* lib/krb5/principal.c: krb5_principal_match
-
-2000-08-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/asn1/der_get.c: add comment on *why* DCE sometimes used BER
-	encoding
-
-	* kpasswd/Makefile.am: link with pidfile library
-
-	* kpasswd/kpasswdd.c: write a pid file
-
-	* kpasswd/kpasswd_locl.h: util.h
-
-	* kdc/Makefile.am: link with pidfile library
-
-	* kdc/main.c: write a pid file
-
-	* kdc/headers.h: util.h
-
-2000-08-04  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/principal.c (krb5_425_conv_principal_ext): always put
-	hostnames in lower case
-	(default_v4_name_convert): add imap
-
-2000-08-03  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/crc.c (_krb5_crc_update): const-ize (finally)
-
-2000-07-31  Johan Danielsson  <joda@pdc.kth.se>
-
-	* configure.in: check for uint*_t
-	* include/bits.c: define uint*_t
-	
-2000-07-29  Assar Westerlund  <assar@sics.se>
-
-	* kdc/kerberos5.c (check_tgs_flags): set endtime correctly when
-	renewing, From Derrick J Brashear <shadow@dementia.org>
-
-2000-07-28  Assar Westerlund  <assar@juguete.sics.se>
-
-	* Release 0.3a
-
-2000-07-27  Assar Westerlund  <assar@sics.se>
-
-	* kdc/hprop.c (dump_database): write an empty message to signal
-	end of dump
-
-2000-07-26  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/changepw.c (krb5_change_password): try to be more
-	careful when not to resend
-
-	* lib/hdb/db3.c: always create a cursor with db3.  From Derrick J
-	Brashear <shadow@dementia.org>
-
-2000-07-25  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/hdb/Makefile.am: bump version to 6:0:0
-
-	* lib/asn1/Makefile.am: bump version to 3:0:1
-
-	* lib/krb5/Makefile.am: bump version to 12:0:1
-
-	* lib/krb5/krb5_config.3: manpage
-
-	* lib/krb5/krb5_appdefault.3: manpage
-
-	* lib/krb5/appdefault.c: implementation of the krb5_appdefault set
-	of functions
-
-2000-07-23  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/init_creds_pw.c (change_password): reset forwardable
-	and proxiable.  copy preauthentication list correctly from
-	supplied options
-
-	* kdc/hpropd.c (main): check that the ticket was for `hprop/' for
-	paranoid reasons
-
-	* lib/krb5/sock_principal.c (krb5_sock_to_principal): look in
-	aliases for the real name
-
-2000-07-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* doc/setup.texi: say something about starting kadmind from the
-	command line
-
-2000-07-22  Assar Westerlund  <assar@sics.se>
-
-	* kpasswd/kpasswdd.c: use kadm5_s_chpass_principal_cond instead of
-	mis-doing it here
-
-	* lib/krb5/changepw.c (krb5_change_password): make timeout 1 +
-	2^{0,1,...}.  also keep track if we got an old packet back and
-	then just wait without sending a new packet
-	* lib/krb5/changepw.c: use a datagram socket and remove the
-	sequence numbers
-	* lib/krb5/changepw.c (krb5_change_password): clarify an
-	expression, avoiding a warning
-
-2000-07-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kuser/klist.c: make -a and -n aliases for -v
-
-	* lib/krb5/write_message.c: ws
-
-	* kdc/hprop-common.c: nuke extra definitions of
-	krb5_read_priv_message et.al
-
-	* lib/krb5/read_message.c (krb5_read_message): return error if EOF
-
-2000-07-20  Assar Westerlund  <assar@sics.se>
-
-	* kpasswd/kpasswd.c: print usage consistently
-	* kdc/hprop.h (HPROP_KEYTAB): use HDB for the keytab
-	* kdc/hpropd.c: add --keytab
-	* kdc/hpropd.c: don't care what principal we recvauth as
-
-	* lib/krb5/get_cred.c: be more careful of not returning creds at
-	all when an error is returned
-	* lib/krb5/fcache.c (fcc_gen_new): do mkstemp correctly
-
-2000-07-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* fix-export: use autoreconf
-
-	* configure.in: remove stuff that belong in roken, and remove some
-	obsolete constructs
-
-2000-07-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* configure.in: fix some typos
-
-	* appl/Makefile.am: dceutil*s*
-
-	* missing: update to missing from automake 1.4a
-
-2000-07-17  Johan Danielsson  <joda@pdc.kth.se>
-
-	* configure.in: try to get xlc flags from ibmcxx.cfg use
-	conditional for X use readline cf macro
-
-	* configure.in: subst AIX compiler flags
-
-2000-07-15  Johan Danielsson  <joda@pdc.kth.se>
-
-	* configure.in: pass sixth parameter to test-package; use some
-	newer autoconf constructs
-
-	* ltmain.sh: update to libtool 1.3c
-
-	* ltconfig: update to libtool 1.3c
-
-	* configure.in: update this to newer auto*/libtool
-
-	* appl/Makefile.am: use conditional for dce
-	
-	* lib/Makefile.am: use conditional for dce
-	
-2000-07-11  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/write_message.c: krb5_write_{priv,save}_message
-	* lib/krb5/read_message.c: krb5_read_{priv,save}_message
-	* lib/krb5/convert_creds.c: try port kerberos/88 if no response on
-	krb524/4444
-
-	* lib/krb5/convert_creds.c: use krb5_sendto
-
-	* lib/krb5/send_to_kdc.c: add more generic krb5_sendto that send
-	to a port at arbitrary list of hosts
-
-2000-07-10  Johan Danielsson  <joda@pdc.kth.se>
-
-	* doc/misc.texi: language; say something about kadmin del_enctype
-
-2000-07-10  Assar Westerlund  <assar@sics.se>
-
-	* appl/kf/Makefile.am: actually install
-
-2000-07-08  Assar Westerlund  <assar@sics.se>
-
-	* configure.in (AM_INIT_AUTOMAKE): bump to 0.3a-pre
-	(AC_ROKEN): roken is now at 10
-
-	* lib/krb5/string-to-key-test.c: add a arcfour-hmac-md5 test case
-	* kdc/Makefile.am (INCLUDES): add ../lib/krb5
-	* configure.in: update for standalone roken
-	* lib/Makefile.am (SUBDIRS): make roken conditional
-	* kdc/hprop.c: update to new hdb_seal_keys_mkey
-	* lib/hdb/mkey.c (_hdb_unseal_keys_int, _hdb_seal_keys_int):
-	rename and export them
-
-	* kdc/headers.h: add krb5_locl.h (since we just use some stuff
-	from there)
-
-2000-07-08  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kuser/klist.1: update for -f and add some more text for -v
-
-	* kuser/klist.c: use rtbl to format cred listing, add -f and -s
-
-	* lib/krb5/crypto.c: fix type in des3-cbc-none
-
-	* lib/hdb/mkey.c: add key usage
-
-	* kdc/kstash.c: remove writing of old keyfile, and treat
-	--convert-file as just reading and writing the keyfile without
-	asking for a new key
-	
-	* lib/hdb/mkey.c (read_master_encryptionkey): handle old keytype
-	based files, and convert the key to cfb64
-
-	* lib/hdb/mkey.c (hdb_read_master_key): set mkey to NULL before
-	doing anything else
-
-	* lib/krb5/send_to_kdc.c: use krb5_eai_to_heim_errno
-
-	* lib/krb5/get_for_creds.c: use krb5_eai_to_heim_errno
-
-	* lib/krb5/changepw.c: use krb5_eai_to_heim_errno
-
-	* lib/krb5/addr_families.c: use krb5_eai_to_heim_errno
-
-	* lib/krb5/eai_to_heim_errno.c: convert getaddrinfo error codes to
-	something that can be passed to get_err_text
-
-2000-07-07  Assar Westerlund  <assar@sics.se>
-
-	* lib/hdb/hdb.c (hdb_next_enctype2key): make sure of skipping
-	`*key'
-
-	* kdc/kerberos4.c (get_des_key): rewrite some, be more careful
-
-2000-07-06  Assar Westerlund  <assar@sics.se>
-
-	* kdc/kerberos5.c (as_rep): be careful as to now overflowing when
-	calculating the end of lifetime of a ticket.
-
-	* lib/krb5/context.c (default_etypes): add ETYPE_ARCFOUR_HMAC_MD5
-
-	* lib/hdb/db3.c: only use a cursor when needed, from Derrick J
-	Brashear <shadow@dementia.org>
-
-	* lib/krb5/crypto.c: introduce the `special' encryption methods
-	that are not like all other encryption methods and implement
-	arcfour-hmac-md5
-
-2000-07-05  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/mit_dump.c: set initial master key version number to 0
-	instead of 1; if we lated bump the mkvno we don't risk using the
-	wrong key to decrypt
-
-	* kdc/hprop.c: only get master key if we're actually going to use
-	it; enable reading of MIT krb5 dump files
-	
-	* kdc/mit_dump.c: read MIT krb5 dump files
-	
-	* lib/hdb/mkey.c (read_master_mit): fix this
-	
-	* kdc/kstash.c: make this work with the new mkey code
-	
-	* lib/hdb/Makefile.am: add mkey.c, and bump version number
-	
-	* lib/hdb/hdb.h: rewrite master key handling
-	
-	* lib/hdb/mkey.c: rewrite master key handling
-	
-	* lib/krb5/crypto.c: add some more pseudo crypto types
-	
-	* lib/krb5/krb5.h: change some funny etypes to use negative
-	numbers, and add some more
-
-2000-07-04  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/krbhst.c (get_krbhst): only try SRV lookup if there are
-	none in the configuration file
-
-2000-07-02  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/keytab_keyfile.c (akf_add_entry): remove unused
-	variable
-
-	* kpasswd/kpasswd-generator.c: new test program
-	* kpasswd/Makefile.am: add kpasswd-generator
-
-	* include/Makefile.am (CLEANFILES): add rc4.h
-
-	* kuser/generate-requests.c: new test program
-	* kuser/Makefile.am (noinst_PROGRAMS): add generate-requests
-
-2000-07-01  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: add --enable-dce and related stuff
-	* appl/Makefile.am (SUBDIRS): add $(APPL_dce)
-
-2000-06-29  Assar Westerlund  <assar@sics.se>
-
-	* kdc/kerberos4.c (get_des_key): fix thinkos/typos
-
-2000-06-29  Johan Danielsson  <joda@pdc.kth.se>
-
-	* admin/purge.c: use parse_time to parse age
-
-	* lib/krb5/log.c (krb5_vlog_msg): use krb5_format_time
-
-	* admin/list.c: add printing of timestamp and key data; some
-	cleanup
-
-	* lib/krb5/time.c (krb5_format_time): new function to format time
-
-	* lib/krb5/context.c (init_context_from_config_file): init
-	date_fmt, also do some cleanup
-
-	* lib/krb5/krb5.h: add date_fmt to context
-
-2000-06-28  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/{kerberos4,kaserver,524}.c (get_des_key): change to return
-	v4 or afs keys if possible
-
-2000-06-25  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/hprop.c (ka_convert): allow using null salt, and treat 0
-	pw_expire as never (from Derrick Brashear)
-
-2000-06-24  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/connect.c (add_standard_ports): only listen to port 750 if
-	serving v4 requests
-
-2000-06-22  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1/lex.l: fix includes, and lex stuff
-	* lib/asn1/lex.h (error_message): update prototype
-	(yylex): add
-	* lib/asn1/gen_length.c (length_type): fail on malloc error
-	* lib/asn1/gen_decode.c (decode_type): fail on malloc error
-
-2000-06-21  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_for_creds.c: be more compatible with MIT code.
-	From Daniel Kouril <kouril@ics.muni.cz>
-	* lib/krb5/rd_cred.c: be more compatible with MIT code.  From
-	Daniel Kouril <kouril@ics.muni.cz>
-	* kdc/kerberos5.c (get_pa_etype_info): do not set salttype if it's
-	vanilla pw-salt, that keeps win2k happy.  also do the malloc check
-	correctly.  From Daniel Kouril <kouril@ics.muni.cz>
-
-2000-06-21  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/hprop.c: add hdb keytabs
-
-2000-06-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/principal.c: back out rev. 1.64
-
-2000-06-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/kerberos5.c: pa_* -> KRB5_PADATA_*
-
-	* kdc/hpropd.c: add realm override flag
-	
-	* kdc/v4_dump.c: code for reading krb4 dump files
-	
-	* kdc/hprop.c: generalize source database handing, add support for
-	non-standard local realms (from by Daniel Kouril
-	<kouril@ics.muni.cz> and Miroslav Ruda <ruda@ics.muni.cz>), and
-	support for using different ports (requested by the Czechs, but
-	implemented differently)
-
-	* lib/krb5/get_cred.c: pa_* -> KRB5_PADATA_*
-	
-	* lib/krb5/get_in_tkt.c: pa_* -> KRB5_PADATA_*
-	
-	* lib/krb5/krb5.h: use some definitions from asn1.h
-
-	* lib/hdb/hdb.asn1: use new import syntax
-	
-	* lib/asn1/k5.asn1: use distinguished value integers
-	
-	* lib/asn1/gen_length.c: support for distinguished value integers
-	
-	* lib/asn1/gen_encode.c: support for distinguished value integers
-	
-	* lib/asn1/gen_decode.c: support for distinguished value integers
-	
-	* lib/asn1/gen.c: support for distinguished value integers
-
-	* lib/asn1/lex.l: add support for more standards like import
-	statements
-
-	* lib/asn1/parse.y: add support for more standards like import
-	statements, and distinguished value integers
-	
-2000-06-11  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_for_creds.c (add_addrs): ignore addresses of
-	unknown type
-	* lib/krb5/get_for_creds.c (add_addrs): zero memory before
-	starting to copy memory
-
-2000-06-10  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/test_get_addrs.c: test program for get_addrs
-	* lib/krb5/get_addrs.c (find_all_addresses): remember to add in
- 	the size of ifr->ifr_name when using SA_LEN.  noticed by Ken
- 	Raeburn <raeburn@MIT.EDU>
-
-2000-06-07  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: add db3 detection stuff do not use streamsptys on
-	HP-UX 11
-	* lib/hdb/hdb.h (HDB): add dbc for db3
-	* kdc/connect.c (add_standard_ports): also listen on krb524 aka
-	4444
-	* etc/services.append (krb524): add
-	* lib/hdb/db3.c: add berkeley db3 interface.  contributed by
-	Derrick J Brashear <shadow@dementia.org>
-	* lib/hdb/hdb.h (struct HDB): add
-
-2000-06-07  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/524.c: if 524 is not enabled, just generate error reply and
-	exit
-
-	* kdc/kerberos4.c: if v4 is not enabled, just generate error reply
-	and exit
-
-	* kdc/connect.c: only listen to port 4444 if 524 is enabled
-	
-	* kdc/config.c: add options to enable/disable v4 and 524 requests
-	
-2000-06-06  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/524.c: handle non-existant server principals (from Daniel
-	Kouril)
-
-2000-06-03  Assar Westerlund  <assar@sics.se>
-
-	* admin/ktutil.c: print name when failing to open keytab
-
-	* kuser/kinit.c: try also to fallback to v4 when no KDC is found
-
-2000-05-28  Assar Westerlund  <assar@sics.se>
-
-	* kuser/klist.c: continue even we have no v5 ccache.  make showing
-	your krb4 tickets the default (if build with krb4 support)
-	* kuser/kinit.c: add a fallback that tries to get a v4 ticket if
-	built with krb4 support and we got back a version error from the
-	KDC
-
-2000-05-23  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/keytab_keyfile.c: make this actually work
-
-2000-05-19  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/store_emem.c (emem_store): make it write-compatible
-	* lib/krb5/store_fd.c (fd_store): make it write-compatible
-	* lib/krb5/store_mem.c (mem_store): make it write-compatible
-	* lib/krb5/krb5.h (krb5_storage): make store write-compatible
-
-2000-05-18  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: add stdio.h in dbopen test
-
-2000-05-16  Assar Westerlund  <assar@assaris.sics.se>
-
-	* Release 0.2t
-
-2000-05-16  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set version to 11:1:0
-	* lib/krb5/fcache.c: fix second lseek
-	* lib/krb5/principal.c (krb5_524_conv_principal): fix typo
-
-2000-05-15  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.2s
-
-2000-05-15  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set version to 11:0:0
-	* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): set version to 4:2:1
-	* lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump to 2:0:0
-	* lib/krb5/principal.c (krb5_524_conv_principal): comment-ize, and
-	simplify string copying
-
-2000-05-12  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/fcache.c (scrub_file): new function
-	(erase_file): re-write, use scrub_file
-	* lib/krb5/krb5.h (KRB5_DEFAULT_CCFILE_ROOT): add
-
-	* configure.in (dbopen): add header files
-
-	* lib/krb5/krb5.h (krb5_key_usage): add some more
-	* lib/krb5/fcache.c (erase_file): try to detect symlink games.
-	also call revoke.
-	* lib/krb5/changepw.c (krb5_change_password): remember to close
-	the socket on error
-
-	* kdc/main.c (main): also call sigterm on SIGTERM
-
-2000-05-06  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/config_file.c (krb5_config_vget_string_default,
- 	krb5_config_get_string_default): add
-
-2000-04-25  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/fcache.c (fcc_initialize): just forget about
-	over-writing the old cred cache.  it's too much of a hazzle trying
-	to do this safely.
-
-2000-04-11  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/crypto.c (krb5_get_wrapped_length): rewrite into
-	different parts for the derived and non-derived cases
-	* lib/krb5/crypto.c (krb5_get_wrapped_length): the padding should
-	be done after having added confounder and checksum
-
-2000-04-09  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_addrs.c (find_all_addresses): apperently solaris
-	can return EINVAL when the buffer is too small.  cope.
-	* lib/asn1/Makefile.am (gen_files): add asn1_UNSIGNED.x
-	* lib/asn1/gen_locl.h (filename): add prototype
-	(init_generate): const-ize
-	* lib/asn1/gen.c (filename): new function clean-up a little bit.
-	* lib/asn1/parse.y: be more tolerant in ranges
-	* lib/asn1/lex.l: count lines correctly.
-	(error_message): print filename in messages
-
-2000-04-08  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/rd_safe.c (krb5_rd_safe): increment sequence number
-	after comparing
-	* lib/krb5/rd_priv.c (krb5_rd_priv): increment sequence number
-	after comparing
-	* lib/krb5/mk_safe.c (krb5_mk_safe): make `tmp_seq' unsigned
-	* lib/krb5/mk_priv.c (krb5_mk_priv): make `tmp_seq' unsigned
-	* lib/krb5/generate_seq_number.c (krb5_generate_seq_number): make
-	`seqno' be unsigned
-	* lib/krb5/mk_safe.c (krb5_mk_safe): increment local sequence
-	number after the fact and only increment it if we were successful
-	* lib/krb5/mk_priv.c (krb5_mk_priv): increment local sequence
-	number after the fact and only increment it if we were successful
-	* lib/krb5/krb5.h (krb5_auth_context_data): make sequence number
-	unsigned
-
-	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password):
-	`in_tkt_service' can be NULL
-
-2000-04-06  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1/parse.y: regonize INTEGER (0..UNIT_MAX).
-	(DOTDOT): add
-	* lib/asn1/lex.l (DOTDOT): add
-	* lib/asn1/k5.asn1 (UNSIGNED): add.  use UNSIGNED for all sequence
-	numbers.
-	* lib/asn1/gen_length.c (length_type): add TUInteger
-	* lib/asn1/gen_free.c (free_type): add TUInteger
-	* lib/asn1/gen_encode.c (encode_type, generate_type_encode): add
-	TUInteger
-	* lib/asn1/gen_decode.c (decode_type, generate_type_decode): add
-	TUInteger
-	* lib/asn1/gen_copy.c (copy_type): add TUInteger
-	* lib/asn1/gen.c (define_asn1): add TUInteger
-	* lib/asn1/der_put.c (encode_unsigned): add
-	* lib/asn1/der_length.c (length_unsigned): add
-	* lib/asn1/der_get.c (decode_unsigned): add
-	* lib/asn1/der.h (decode_unsigned, encode_unsigned,
-	length_unsigned): add prototypes
-
-	* lib/asn1/k5.asn1: update pre-authentication types
-	* lib/krb5/krb5_err.et: add some error codes from pkinit
-
-2000-04-05  Assar Westerlund  <assar@sics.se>
-
-	* lib/hdb/hdb.c: add support for hdb methods (aka back-ends).
-	include ldap.
-	* lib/hdb/hdb-ldap.c: tweak the ifdef to OPENLDAP
-	* lib/hdb/Makefile.am: add hdb-ldap.c and openldap
-	* kdc/Makefile.am, kpasswd/Makefile.am, kadmin/Makefile.am: add
-	* configure.in: bump version to 0.2s-pre add options and testing
-	for (open)ldap
-
-2000-04-04  Assar Westerlund  <assar@sics.se>
-
-	* configure.in (krb4): fix the krb_mk_req test
-
-2000-04-03  Assar Westerlund  <assar@sics.se>
-
-	* configure.in (krb4): add test for const arguments to krb_mk_req
-	* lib/45/mk_req.c (krb_mk_req): conditionalize const-ness of
-	arguments
-
-2000-04-03  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.2r
-
-2000-04-03  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am: set version to 10:0:0
-	* lib/45/mk_req.c (krb_mk_req): const-ize the arguments
-	
-2000-03-30  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/principal.c (krb5_425_conv_principal_ext): add some
-	comments.  add fall-back on adding the realm name in lower case.
-
-2000-03-29  Assar Westerlund  <assar@sics.se>
-
-	* kdc/connect.c: remember to repoint all descr->sa to _ss after
-	realloc as this might have moved the memory around.  problem
-	discovered and diagnosed by Brandon S. Allbery
-
-2000-03-27  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: recognize solaris 2.8
-	* config.guess, config.sub: update to current version from
-	:pserver:anoncvs@subversions.gnu.org:/home/cvs
-
-	* lib/krb5/init_creds_pw.c (print_expire): do not assume anything
-	about the size of time_t, i.e. make it 64-bit happy
-
-2000-03-13  Assar Westerlund  <assar@sics.se>
-
-	* kuser/klist.c: add support for display v4 tickets
-
-2000-03-11  Assar Westerlund  <assar@sics.se>
-
-	* kdc/kaserver.c (do_authenticate, do_getticket): call check_flags
-	* kdc/kerberos4.c (do_version4): call check_flags.
-	* kdc/kerberos5.c (check_flags): make global
-
-2000-03-10  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): evil
-	hack to avoid recursion
-
-2000-03-04  Assar Westerlund  <assar@sics.se>
-
-	* kuser/kinit.c: add `krb4_get_tickets' per realm. add --anonymous
-	* lib/krb5/krb5.h (krb5_get_init_creds_opt): add `anonymous' and
-	KRB5_GET_INIT_CREDS_OPT_ANONYMOUS
-	* lib/krb5/init_creds_pw.c (get_init_creds_common): set
-	request_anonymous flag appropriatly
-	* lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_anonymous):
-	add
-
-	* lib/krb5/get_in_tkt.c (_krb5_extract_ticket): new parameter to
-	determine whetever to ignore client name of not.  always copy
-	client name from kdc.  fix callers.
-
-	* kdc: add support for anonymous tickets
-
-	* kdc/string2key.8: add man-page for string2key
-
-2000-03-03  Assar Westerlund  <assar@sics.se>
-
-	* kdc/hpropd.c (dump_krb4): get expiration date from `valid_end'
-	and not `pw_end'
-
-	* kdc/kadb.h (ka_entry): fix name pw_end -> valid_end.  add some
-	more fields
-
-	* kdc/hprop.c (v4_prop): set the `valid_end' from the v4
-	expiration date instead of the `pw_expire'
-	(ka_convert): set `valid_end' from ka expiration data and `pw_expire'
-	from pw_change + pw_expire
-	(main): add a default database for ka dumping
-
-2000-02-28  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/context.c (init_context_from_config_file): change
-	rfc2052 default to no.  2782 says that underscore should be used.
-
-2000-02-24  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/fcache.c (fcc_initialize, fcc_store_cred): verify that
-	stores and close succeed
-	* lib/krb5/store.c (krb5_store_creds): check to see that the
-	stores are succesful.
-
-2000-02-23  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.2q
-
-2000-02-22  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am: set version to 9:2:0
-	
-	* lib/krb5/expand_hostname.c (krb5_expand_hostname_realms): copy
-	the correct hostname
-
-	* kdc/connect.c (add_new_tcp): use the correct entries in the
-	descriptor table
-	* kdc/connect.c: initialize `descr' uniformly and correctly
-
-2000-02-20  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.2p
-
-2000-02-19  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am: set version to 9:1:0
-	
-	* lib/krb5/expand_hostname.c (krb5_expand_hostname): make sure
-	that realms is filled in even when getaddrinfo fails or does not
-	return any canonical name
-
-	* kdc/connect.c (descr): add sockaddr and string representation
-	(*): re-write to use the above mentioned
-
-2000-02-16  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/addr_families.c (krb5_parse_address): use
-	krb5_sockaddr2address to copy the result from getaddrinfo.
-
-2000-02-14  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.2o
-
-2000-02-13  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am: set version to 9:0:0
-
-	* kdc/kaserver.c (do_authenticate): return the kvno of the server
-	and not the client.  Thanks to Brandon S. Allbery KF8NH
-	<allbery@kf8nh.apk.net> and Chaskiel M Grundman
-	<cg2v@andrew.cmu.edu> for debugging.
-
-	* kdc/kerberos4.c (do_version4): if an tgs-req is received with an
-	old kvno, return an error reply and write a message in the log.
-	
-2000-02-12  Assar Westerlund  <assar@sics.se>
-
-	* appl/test/gssapi_server.c (proto): with `--fork', create a child
-	and send over/receive creds with export/import_sec_context
-	* appl/test/gssapi_client.c (proto): with `--fork', create a child
-	and send over/receive creds with export/import_sec_context
-	* appl/test/common.c: add `--fork' / `-f' (only used by gssapi)
-
-2000-02-11  Assar Westerlund  <assar@sics.se>
-
-	* kdc/kdc_locl.h: remove keyfile add explicit_addresses
-	* kdc/connect.c (init_sockets): pay attention to
-	explicit_addresses some more comments.  better error messages.
-	* kdc/config.c: add some comments.
-	remove --key-file.
-	add --addresses.
-
-	* lib/krb5/context.c (krb5_set_extra_addresses): const-ize and use
-	proper abstraction
-
-2000-02-07  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/changepw.c: use roken_getaddrinfo_hostspec
-
-2000-02-07  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.2n
-
-2000-02-07  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am: set version to 8:0:0
-	* lib/krb5/keytab.c (krb5_kt_default_name): use strlcpy
-	(krb5_kt_add_entry): set timestamp
-
-2000-02-06  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/krb5.h: add macros for accessing krb5_realm
-	* lib/krb5/time.c (krb5_timeofday): use `krb5_timestamp' instead
-	of `int32_t'
-
-	* lib/krb5/replay.c (checksum_authenticator): update to new API
-	for md5
-
-	* lib/krb5/krb5.h: remove des.h, it's not needed and applications
-	should not have to make sure to find it.
-
-2000-02-03  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/rd_req.c (get_key_from_keytab): rename parameter to
-	`out_key' to avoid conflicting with label.  reported by Sean Doran
-	<smd@ebone.net>
-
-2000-02-02  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/expand_hostname.c: remember to lower-case host names.
-	bug reported by <amu@mit.edu>
-
-	* kdc/kerberos4.c (do_version4): look at check_ticket_addresses
-	and emulate that by setting krb_ignore_ip_address (not a great
-	interface but it doesn't seem like the time to go around fixing
-	libkrb stuff now)
-
-2000-02-01  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kuser/kinit.c: change --noaddresses into --no-addresses
-
-2000-01-28  Assar Westerlund  <assar@sics.se>
-
-	* kpasswd/kpasswd.c (main): make sure the ticket is not
-	forwardable and not proxiable
-
-2000-01-26  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/crypto.c: update to pseudo-standard APIs for
-	md4,md5,sha.  some changes to libdes calls to make them more
-	portable.
-
-2000-01-21  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/verify_init.c (krb5_verify_init_creds): make sure to
- 	clean up the correct creds.
-
-2000-01-16  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/principal.c (append_component): change parameter to
-	`const char *'.  check malloc
-	* lib/krb5/principal.c (append_component, va_ext_princ, va_princ):
-	const-ize
-	* lib/krb5/mk_req.c (krb5_mk_req): make `service' and `hostname'
-	const
-	* lib/krb5/principal.c (replace_chars): also add space here
-	* lib/krb5/principal.c: (quotable_chars): add space
-
-2000-01-12  Assar Westerlund  <assar@sics.se>
-
-	* kdc/kerberos4.c (do_version4): check if preauth was required and
-	bail-out if so since there's no way that could be done in v4.
-	Return NULL_KEY as an error to the client (which is non-obvious,
-	but what can you do?)
-
-2000-01-09  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/principal.c (krb5_sname_to_principal): use
-	krb5_expand_hostname_realms
-	* lib/krb5/mk_req.c (krb5_km_req): use krb5_expand_hostname_realms
-	* lib/krb5/expand_hostname.c (krb5_expand_hostname_realms): new
-	variant of krb5_expand_hostname that tries until it expands into
-	something that's digestable by krb5_get_host_realm, returning also
-	the result from that function.
-
-2000-01-08  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.2m
-
-2000-01-08  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: replace AC_C_BIGENDIAN with KRB_C_BIGENDIAN
-
-	* lib/krb5/Makefile.am: bump version to 7:1:0
-
-	* lib/krb5/principal.c (krb5_sname_to_principal): use
-	krb5_expand_hostname
-	* lib/krb5/expand_hostname.c (krb5_expand_hostname): handle
-	ai_canonname being set in any of the addresses returnedby
-	getaddrinfo.  glibc apparently returns the reverse lookup of every
-	address in ai_canonname.
-
-2000-01-06  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.2l
-
-2000-01-06  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am: set version to 7:0:0
-	* lib/krb5/principal.c (krb5_sname_to_principal): remove `hp'
-
-	* lib/hdb/Makefile.am: set version to 4:1:1
-
-	* kdc/hpropd.c (dump_krb4): use `krb5_get_default_realms'
-	* lib/krb5/get_in_tkt.c (add_padata): change types to make
-	everything work out
-	(krb5_get_in_cred): remove const to make types match
-	* lib/krb5/crypto.c (ARCFOUR_string_to_key): correct signature
-	* lib/krb5/principal.c (krb5_sname_to_principal): handle not
-	getting back a canonname
-
-2000-01-06  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.2k
-
-2000-01-06  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/send_to_kdc.c (krb5_sendto_kdc): advance colon so that
-	we actually parse the port number.  based on a patch from Leif
-	Johansson <leifj@it.su.se>
-
-2000-01-02  Assar Westerlund  <assar@sics.se>
-
-	* admin/purge.c: remove all non-current and old entries from a
-	keytab
-
-	* admin: break up ktutil.c into files
-
-	* admin/ktutil.c (list): support --verbose (also listning time
-	stamps)
-	(kt_add, kt_get): set timestamp in newly created entries
-	(kt_change): add `change' command
-
-	* admin/srvconvert.c (srvconv): set timestamp in newly created
-	entries
-	* lib/krb5/keytab_keyfile.c (akf_next_entry): set timetsamp,
-	always go the a predicatble position on error
-	* lib/krb5/keytab.c (krb5_kt_copy_entry_contents): copy timestamp
-	* lib/krb5/keytab_file.c (fkt_add_entry): store timestamp
-	(fkt_next_entry_int): return timestamp
-	* lib/krb5/krb5.h (krb5_keytab_entry): add timestamp
diff --git a/crypto/heimdal/ChangeLog.2001 b/crypto/heimdal/ChangeLog.2001
deleted file mode 100644
index b048488f8d4b..000000000000
--- a/crypto/heimdal/ChangeLog.2001
+++ /dev/null
@@ -1,1122 +0,0 @@
-2001-12-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/crypto.c: use our own des string-to-key function, since
-	the one from openssl sometimes generates wrong output
-
-2001-12-05  Jacques Vidrine <n@nectar.cc>
-
-        * lib/hdb/mkey.c: fix a bug in which kstash would crash if
-        there were no /etc/krb5.conf
-
-2001-11-09  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/krb5_verify_user.3: sort references (from Thomas
-	Klausner)
-
-	* lib/krb5/krb5_principal_get_realm.3: add section to reference
-	(from Thomas Klausner)
-
-	* lib/krb5/krb5_krbhst_init.3: sort references (from Thomas
-	Klausner)
-
-	* lib/krb5/krb5_keytab.3: white space fixes (from Thomas Klausner)
-
-	* lib/krb5/krb5_get_krbhst.3: remove extra white space (from
-	Thomas Klausner)
-
-	* lib/krb5/krb5_get_all_client_addrs.3: add section to reference
-	(from Thomas Klausner)
-
-2001-10-29  Jacques Vidrine <n@nectar.com>
-
-	* admin/get.c: fix a bug in which a reference to a data
-	structure on the stack was being kept after the containing
-	function's lifetime, resulting in a segfault during `ktutil
-	get'.
-
-2001-10-22  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/crypto.c: make all high-level encrypting and decrypting
-	functions check the return value of the underlying function and
-	handle errors more consistently.  noted by Sam Hartman
-	<hartmans@mit.edu>
-
-2001-10-21  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/crypto.c (enctype_arcfour_hmac_md5): actually use a
-	non-keyed checksum when it should be non-keyed
-
-2001-09-29  Assar Westerlund  <assar@sics.se>
-
-	* kuser/kinit.1: add the kauth alias
-	* kuser/kinit.c: allow specification of afslog in krb5.conf, noted
-	by jhutz@cs.cmu.edu
-
-2001-09-27  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1/gen.c: remove the need for libasn1.h, also make
-	generated files include all files from IMPORTed modules
-
-	* lib/krb5/krb5.h (KRB5_KPASSWD_*): set correct values
-	* kpasswd/kpasswd.c: improve error message printing
-	* lib/krb5/changepw.c (krb5_passwd_result_to_string): add change
-	to use sequence numbers connect the udp socket so that we can
-	figure out the local address
-
-2001-09-25  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1: implement OBJECT IDENTIFIER and ENUMERATED
-
-2001-09-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/principal.c (krb5_425_conv_principal_ext): try using
-	lower case realm as domain, but only when given a verification
-	function
-
-2001-09-20  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1/der_put.c (der_put_length): do not even try writing
-	anything when len == 0
-
-2001-09-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/hpropd.c: add realm override option
-
-	* lib/krb5/set_default_realm.c (krb5_set_default_realm): make
-	realm parameter const
-
-	* kdc/hprop.c: more free's
-
-	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_keytab): free key
-	proc data
-
-	* lib/krb5/expand_hostname.c (krb5_expand_hostname_realms): free
-	addrinfo
-
-	* lib/hdb/mkey.c (hdb_set_master_keyfile): clear error string when
-	not returning error
-
-2001-09-16  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/appdefault.c (krb5_appdefault_{boolean,string,time):
-	make realm const
-
-	* lib/krb5/crypto.c: use des functions to avoid generating
-	warnings with openssl's prototypes
-
-2001-09-05  Johan Danielsson  <joda@pdc.kth.se>
-
-	* configure.in: check for termcap.h
-
-	* lib/asn1/lex.l: add another undef ECHO to keep AIX lex happy
-
-2001-09-03  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/addr_families.c (krb5_print_address): handle snprintf
-	returning < 0.  noticed by hin@stacken.kth.se
-
-2001-09-03  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.4e
-
-2001-09-02  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kuser/Makefile.am: install kauth as a symlink to kinit
-
-	* kuser/kinit.c: get v4_tickets by default
-
-	* lib/asn1/Makefile.am: fix for broken automake
-
-2001-08-31  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/hdb/hdb-ldap.c: some pretty much untested changes from Luke
-	Howard
-
-	* kuser/kinit.1: remove references to kauth
-
-	* kuser/Makefile.am: kauth is no more
-
-	* kuser/kinit.c: use appdefaults for everything. defaults are now
-	as in kauth.
-
-	* lib/krb5/appdefault.c: also check libdefaults, and realms/realm
-
-	* lib/krb5/context.c (krb5_free_context): free more stuff
-
-2001-08-30  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/verify_krb5_conf.c: do some checks of the values in the
-	file
-
-	* lib/krb5/krb5.conf.5: remove srv_try_txt, fix spelling
-
-	* lib/krb5/context.c: don't init srv_try_txt, since it isn't used
-	anymore
-
-2001-08-29  Jacques Vidrine  <n@nectar.com>
-
-	* configure.in: Check for already-installed com_err.
-
-2001-08-28  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set versoin to 18:2:1
-
-2001-08-24  Assar Westerlund  <assar@sics.se>
-
-	* kuser/Makefile.am: remove CHECK_LOCAL - non bin programs require
-	no special treatment now
-
-	* kuser/generate-requests.c: parse arguments in a useful way
-	* kuser/kverify.c: add --help/--verify
-
-2001-08-22  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: bump prereq to 2.52 remove unused test_LIB_KRB4
-
-	* configure.in: re-write the handling of crypto libraries.  try to
-	use the one of openssl's libcrypto or krb4's libdes that has all
-	the required functionality (md4, md5, sha1, des, rc4).  if there
-	is no such library, the included lib/des is built.
-
-	* kdc/headers.h: include libutil.h if it exists
-	* kpasswd/kpasswd_locl.h: include libutil.h if it exists
-	* kdc/kerberos4.c (get_des_key): check for null keys even if
-	is_server
-
-2001-08-21  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1/asn1_print.c: print some size_t correctly
-	* configure.in: remove extra space after -L check for libutil.h
-
-2001-08-17  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/kdc_locl.h: fix prototype for get_des_key
-
-	* kdc/kaserver.c: fix call to get_des_key
-
-	* kdc/524.c: fix call to get_des_key
-
-	* kdc/kerberos4.c (get_des_key): if getting a key for a server,
-	return any des-key not just keys that can be string-to-keyed by
-	the client
-
-2001-08-10  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.4d
-
-2001-08-10  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: check for openpty
-	* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): update to 7:4:0
-
-2001-08-08  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: just add -L (if required) from krb4 when testing
-	for libdes/libcrypto
-
-2001-08-04  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am (man_MANS): add some missing man pages
-	* fix-export: fix the sed expression for finding the man pages
-
-2001-07-31  Assar Westerlund  <assar@sics.se>
-
-	* kpasswd/kpasswd-generator.c (main): implement --version and
-	--help
-
-	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): update version to
-	18:1:1
-
-2001-07-27  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/context.c (init_context_from_config_file): check
-	parsing of addresses
-
-2001-07-26  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/sock_principal.c (krb5_sock_to_principal): rename
-	sa_len -> salen to avoid the macro that's defined on irix.  noted
-	by "Jacques A. Vidrine" <n@nectar.com>
-
-2001-07-24  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/addr_families.c: add support for type
-	KRB5_ADDRESS_ADDRPORT
-
-	* lib/krb5/addr_families.c (krb5_address_order): complain about
-	unsuppored address types
-
-2001-07-23  Johan Danielsson  <joda@pdc.kth.se>
-
-	* admin/get.c: don't open connection to server until we loop over
-	the principals, at that time we know the realm of the (first)
-	principal and we can default to that admin server
-
-	* admin: add a rename command
-
-2001-07-19  Assar Westerlund  <assar@sics.se>
-
-	* kdc/hprop.c (usage): clarify a tiny bit
-
-2001-07-19  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.4c
-
-2001-07-19  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to
-	18:0:1
-
-	* lib/krb5/get_for_creds.c (krb5_fwd_tgt_creds): make it behave
-	the same way as the MIT function
-
-	* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): update to 7:3:0
-	* lib/krb5/sock_principal.c (krb5_sock_to_principal): use
-	getnameinfo
-
-	* lib/krb5/krbhst.c (srv_find_realm): handle port numbers
-	consistenly in local byte order
-
-	* lib/krb5/get_default_realm.c (krb5_get_default_realm): set an
-	error string
-
-	* kuser/kinit.c (renew_validate): invert condition correctly.  get
-	v4 tickets if we succeed renewing
-	* lib/krb5/principal.c (krb5_principal_get_type): add
-	(default_v4_name_convert): add "smtp"
-
-2001-07-13  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: remove make-print-version from LIBOBJS, it's no
-	longer in lib/roken but always built in lib/vers
-
-2001-07-12  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/hdb/mkey.c: more set_error_string
-
-2001-07-12  Assar Westerlund  <assar@sics.se>
-
-	* lib/hdb/Makefile.am (libhdb_la_LIBADD): add required library
-	dependencies
-
-	* lib/asn1/Makefile.am (libasn1_la_LIBADD): add required library
-	dependencies
-
-2001-07-11  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/hprop.c: remove v4 master key handling; remove old v4-db and
-	ka-db flags; add defaults for v4_realm and afs_cell
-
-2001-07-09  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/sock_principal.c (krb5_sock_to_principal): copy hname
-	before calling krb5_sname_to_principal.  from "Jacques A. Vidrine"
-	<n@nectar.com>
-
-2001-07-08  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/context.c: use krb5_copy_addresses instead of
-	copy_HostAddresses
-
-2001-07-06  Assar Westerlund  <assar@sics.se>
-
-	* configure.in (LIB_des_a, LIB_des_so): add these so that they can
-	be used by lib/auth/sia
-
-	* kuser/kinit.c: re-do some of the v4 fallbacks: look at
-	get-tokens flag do not print extra errors do not try to do 524 if
-	we got tickets from a v4 server
-
-2001-07-03  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/replay.c (krb5_get_server_rcache): cast argument to
-	printf
-
-	* lib/krb5/get_addrs.c (find_all_addresses): call free_addresses
-	on ignore_addresses correctly
-	* lib/krb5/init_creds.c
-	(krb5_get_init_creds_opt_set_default_flags): change to take a
-	const realm
-
-	* lib/krb5/principal.c (krb5_425_conv_principal_ext): if the
-	instance is the first component of the local hostname, the
-	converted host should be the long hostname.  from
-	<shadow@dementia.org>
-
-2001-07-02  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/Makefile.am: address.c is no more; add a couple of
-	manpages
-
-	* lib/krb5/krb5_timeofday.3: new manpage
-
-	* lib/krb5/krb5_get_all_client_addrs.3: new manpage
-
-	* lib/krb5/get_in_tkt.c (init_as_req): treat no addresses as
-	wildcard
-
-	* lib/krb5/get_cred.c (get_cred_kdc_la): treat no addresses as
-	wildcard
-
-	* lib/krb5/get_addrs.c: don't include client addresses that match
-	ignore_addresses
-
-	* lib/krb5/context.c: initialise ignore_addresses
-
-	* lib/krb5/addr_families.c: add new `arange' fake address type,
-	that matches more than one address; this required some internal
-	changes to many functions, so all of address.c got moved here
-	(wasn't much left there)
-
-	* lib/krb5/krb5.h: add list of ignored addresses to context
-
-2001-07-03  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.4b
-
-2001-07-03  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set version to 17:0:0
-	* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): set version to 7:2:0
-
-2001-07-03  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.4a
-
-2001-07-02  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kuser/kinit.c: make this compile without krb4 support
-
-	* lib/krb5/write_message.c: remove priv parameter from
-	write_safe_message; don't know why it was there in the first place
-
-	* doc/install.texi: remove kaserver switches, it's always compiled
-	in now
-
-	* kdc/hprop.c: always include kadb support
-
-	* kdc/kaserver.c: always include kaserver support
-
-2001-07-02  Assar Westerlund  <assar@sics.se>
-
-	* kpasswd/kpasswdd.c (doit): make failing to bind a socket a
-	non-fatal error, and abort if no sockets were bound
-
-2001-07-01  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/krbhst.c: remember the real port number when falling
-	back from kpasswd -> kadmin, and krb524 -> kdc
-
-2001-06-29  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): if
-	no_addresses is set, do not add any local addresses to KRB_CRED
-
-	* kuser/kinit.c: remove extra clearing of password and some
-	redundant code
-
-2001-06-29  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kuser/kinit.c: move ticket conversion code to separate function,
-	and call that from a couple of places, like when renewing a
-	ticket; also add a flag for just converting a ticket
-
-	* lib/krb5/init_creds_pw.c: set renew-life to some sane value
-
-	* kdc/524.c: don't send more data than required
-
-2001-06-24  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/store_fd.c (krb5_storage_from_fd): check malloc returns
-
-	* lib/krb5/keytab_any.c (any_resolve); improving parsing of ANY:
-	(any_start_seq_get): remove a double free
-	(any_next_entry): iterate over all (sub) keytabs and avoid leave data
-	around to be freed again
-
-	* kdc/kdc_locl.h: add a define for des_new_random_key when using
-	openssl's libcrypto
-
-	* configure.in: move v6 tests down
-
-	* lib/krb5/krb5.h (krb5_context_data): remove srv_try_rfc2052
-
-	* update to libtool 1.4 and autoconf 2.50
-
-2001-06-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/hdb/hdb.c: use krb5_add_et_list
-
-2001-06-21  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/hdb/Makefile.am: add generation number
-	* lib/hdb/common.c: add generation number code
-	* lib/hdb/hdb.asn1: add generation number
-	* lib/hdb/print.c: use krb5_storage to make it more dynamic
-
-2001-06-21  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/krb5.conf.5: update to changed names used by
-	krb5_get_init_creds_opt_set_default_flags
-	* lib/krb5/init_creds.c
-	(krb5_get_init_creds_opt_set_default_flags): make the appdefault
-	keywords have the same names
-
-	* configure.in: only add -L and -R to the krb4 libdir if we are
-	actually using it
-
-	* lib/krb5/krbhst.c (fallback_get_hosts): do not copy trailing
-	dot of hostname add some comments
-	* lib/krb5/krbhst.c: use getaddrinfo instead of dns_lookup when
-	testing for kerberos.REALM.  this allows reusing that information
-	when actually contacting the server and thus avoids one DNS lookup
-
-2001-06-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/krb5.h: include k524_err.h
-
-	* lib/krb5/convert_creds.c (krb524_convert_creds_kdc): don't test
-	for keytype, the server will do this for us if it has anything to
-	complain about
-
-	* lib/krb5/context.c: add protocol compatible krb524 error codes
-
-	* lib/krb5/Makefile.am: add protocol compatible krb524 error codes
-
-	* lib/krb5/k524_err.et: add protocol compatible krb524 error codes
-
-	* lib/krb5/krb5_principal_get_realm.3: manpage
-
-	* lib/krb5/principal.c: add functions `krb5_principal_get_realm'
-	and `krb5_principal_get_comp_string' that returns parts of a
-	principal; this is a replacement for the internal
-	`krb5_princ_realm' and `krb5_princ_component' macros that everyone
-	seem to use
-
-2001-06-19  Assar Westerlund  <assar@sics.se>
-
-	* kuser/kinit.c (main): dereference result from krb5_princ_realm.
-	from Thomas Nystrom <thn@saeab.se>
-
-2001-06-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/mk_req.c (krb5_mk_req_exact): free creds when done
-	* lib/krb5/crypto.c (krb5_string_to_key_derived): fix memory leak
-	* lib/krb5/krbhst.c (config_get_hosts): free hostlist
-	* kuser/kinit.c: free principal
-
-2001-06-18  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/send_to_kdc.c (krb5_sendto): remove an extra
-	freeaddrinfo
-
-	* lib/krb5/convert_creds.c (krb524_convert_creds_kdc_ccache):
-	remove some unused variables
-
-	* lib/krb5/krbhst.c (admin_get_next): spell kerberos correctly
-	* kdc/kerberos5.c: update to new krb5_auth_con* names
-	* kdc/hpropd.c: update to new krb5_auth_con* names
-	* lib/krb5/rd_req.c (krb5_rd_req): use krb5_auth_con* functions
-	and remove some comments
-	* lib/krb5/rd_safe.c (krb5_rd_safe): pick the keys in the right
-	order: remote - local - session
-	* lib/krb5/rd_rep.c (krb5_rd_rep): save the remote sub key in the
-	auth_context
-	* lib/krb5/rd_priv.c (krb5_rd_priv): pick keys in the correct
-	order: remote - local - session
-	* lib/krb5/mk_safe.c (krb5_mk_safe): pick keys in the right order,
-	local - remote - session
-
-2001-06-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/convert_creds.c: use starttime instead of authtime,
-	from Chris Chiappa
-
-	* lib/krb5/convert_creds.c: make krb524_convert_creds_kdc match
-	the MIT function by the same name; add
-	krb524_convert_creds_kdc_ccache that does what the old version did
-
-	* admin/list.c (do_list): make sure list of keys is NULL
-	terminated; similar to patch sent by Chris Chiappa
-
-2001-06-18  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/mcache.c (mcc_remove_cred): use
-	krb5_free_creds_contents
-
-	* lib/krb5/auth_context.c: name function krb5_auth_con more
-	consistenly
-	* lib/krb5/rd_req.c (krb5_verify_authenticator_checksum): use
-	renamed krb5_auth_con_getauthenticator
-
-	* lib/krb5/convert_creds.c (krb524_convert_creds_kdc): update to
-	use krb5_krbhst API
-	* lib/krb5/changepw.c (krb5_change_password): update to use
-	krb5_krbhst API
-	* lib/krb5/send_to_kdc.c: update to use krb5_krbhst API
-	* lib/krb5/krbhst.c (krb5_krbhst_get_addrinfo): add set def_port
-	in krb5_krbhst_info
-	(krb5_krbhst_free): free everything
-
-	* lib/krb5/krb5.h (KRB5_VERIFY_NO_ADDRESSES): add
-	(krb5_krbhst_info): add def_port (default port for this service)
-
-	* lib/krb5/krbhst-test.c: make it more verbose and useful
-	* lib/krb5/krbhst.c: remove some more memory leaks do not try any
-	dns operations if there is local configuration admin: fallback to
-	kerberos.REALM 524: fallback to kdcs kpasswd: fallback to admin
-	add some comments
-
-	* configure.in: remove initstate and setstate, they should be in
-	cf/roken-frag.m4
-
-	* lib/krb5/Makefile.am (noinst_PROGRAMS): add krbhst-test
-	* lib/krb5/krbhst-test.c: new program for testing krbhst
-	* lib/krb5/krbhst.c (common_init): remove memory leak
-	(main): move test program into krbhst-test
-
-2001-06-17  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/krb5_krbhst_init.3: manpage
-
-	* lib/krb5/krb5_get_krbhst.3: manpage
-
-2001-06-16  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/krb5.h: add opaque krb5_krbhst_handle type
-
-	* lib/krb5/krbhst.c: change void* to krb5_krbhst_handle
-
-	* lib/krb5/krb5.h: types for new krbhst api
-
-	* lib/krb5/krbhst.c: implement a new api that looks up one host at
-	a time, instead of making a list of hosts
-
-2001-06-09  Johan Danielsson  <joda@pdc.kth.se>
-
-	* configure.in: test for initstate and setstate
-
-	* lib/krb5/krbhst.c: remove rfc2052 support
-
-2001-06-08  Johan Danielsson  <joda@pdc.kth.se>
-
-	* fix some manpages for broken mdoc.old grog test
-
-2001-05-28  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/krb5.conf.5: add [appdefaults]
-	* lib/krb5/init_creds_pw.c: remove configuration reading that is
-	now done in krb5_get_init_creds_opt_set_default_flags
-	* lib/krb5/init_creds.c
-	(krb5_get_init_creds_opt_set_default_flags): add reading of
-	libdefaults versions of these and add no_addresses
-
-	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): clear error string
-	when preauth was required and we retry
-
-2001-05-25  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/convert_creds.c (krb524_convert_creds_kdc): call
-	krb5_get_krb524hst
-	* lib/krb5/krbhst.c (krb5_get_krb524hst): add and restructure the
-	support functions
-
-2001-05-22  Assar Westerlund  <assar@sics.se>
-
-	* kdc/kerberos5.c (tgs_rep2): alloc and free csec and cusec
-	properly
-
-2001-05-17  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.3f
-
-2001-05-17  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am: bump version to 16:0:0
-	* lib/hdb/Makefile.am: bump version to 7:1:0
-	* lib/asn1/Makefile.am: bump version to 5:0:0
-	* lib/krb5/keytab_krb4.c: add SRVTAB as an alias for krb4
-	* lib/krb5/codec.c: remove dead code
-
-2001-05-17  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/config.c: actually check the ticket addresses
-
-2001-05-15  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/rd_error.c (krb5_error_from_rd_error): use correct
-	parenthesis
-
-	* lib/krb5/eai_to_heim_errno.c (krb5_eai_to_heim_errno): add
-	`errno' (called system_error) to allow callers to make sure they
-	pass the current and relevant value.  update callers
-
-2001-05-14  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/verify_user.c: krb5_verify_user_opt
-
-	* lib/krb5/krb5.h: verify_opt
-
-	* kdc/kerberos5.c: pass context to krb5_domain_x500_decode
-
-2001-05-14  Assar Westerlund  <assar@sics.se>
-
-	* kpasswd/kpasswdd.c: adapt to new address functions
-	* kdc/kerberos5.c: adapt to changing address functions use LR_TYPE
-	* kdc/connect.c: adapt to changing address functions
-	* kdc/config.c: new krb5_config_parse_file
-	* kdc/524.c: new krb5_sockaddr2address
-	* lib/krb5/*: add some krb5_{set,clear}_error_string
-
-	* lib/asn1/k5.asn1 (LR_TYPE): add
-	* lib/asn1/Makefile.am (gen_files): add asn1_LR_TYPE.x
-
-2001-05-11  Assar Westerlund  <assar@sics.se>
-
-	* kdc/kerberos5.c (tsg_rep): fix typo in variable name
-
-	* kpasswd/kpasswd-generator.c (nop_prompter): update prototype
-	* lib/krb5/init_creds_pw.c: update to new prompter, use prompter
-	types and send two prompts at once when changning password
-	* lib/krb5/prompter_posix.c (krb5_prompter_posix): add name
-	* lib/krb5/krb5.h (krb5_prompt): add type
-	(krb5_prompter_fct): add anem
-
-	* lib/krb5/cache.c (krb5_cc_next_cred): transpose last two
-	paramaters to krb5_cc_next_cred (as MIT does, and not as they
-	document).  From "Jacques A. Vidrine" <n@nectar.com>
-
-2001-05-11  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/Makefile.am: store-test
-
-	* lib/krb5/store-test.c: simple bit storage test
-
-	* lib/krb5/store.c: add more byteorder storage flags
-	
-	* lib/krb5/krb5.h: add more byteorder storage flags
-	
-	* kdc/kerberos5.c: don't use NULL where we mean 0
-
-	* kdc/kerberos5.c: put referral test code in separate function,
-	and test for KRB5_NT_SRV_INST
-
-2001-05-10  Assar Westerlund  <assar@sics.se>
-
-	* admin/list.c (do_list): do not close the keytab if opening it
-	failed
-	* admin/list.c (do_list): always print complete names.  print
-	everything to stdout.
-	* admin/list.c: print both v5 and v4 list by default
-	* admin/remove.c (kt_remove): reorganize some.  open the keytab
-	(defaulting to the modify one).
-	* admin/purge.c (kt_purge): reorganize some.  open the keytab
-	(defaulting to the modify one). correct usage strings
-	* admin/list.c (kt_list): reorganize some.  open the keytab
-	* admin/get.c (kt_get): reorganize some.  open the keytab
-	(defaulting to the modify one)
-	* admin/copy.c (kt_copy): default to modify key name.  re-organise
-	* admin/change.c (kt_change): reorganize some.  open the keytab
-	(defaulting to the modify one)
-	* admin/add.c (kt_add): reorganize some.  open the keytab
-	(defaulting to the modify one)
-	* admin/ktutil.c (main): do not open the keytab, let every
-	sub-function handle it
-
-	* kdc/config.c (configure): call free_getarg_strings
-
-	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): set error strings for
-	a few more errors
-
-	* lib/krb5/get_host_realm.c (krb5_get_host_realm_int): make
-	`use_dns' parameter boolean
-
-	* lib/krb5/krb5.h (krb5_context_data): add default_keytab_modify
-	* lib/krb5/context.c (init_context_from_config_file): set
-	default_keytab_modify
-	* lib/krb5/krb5_locl.h (KEYTAB_DEFAULT): change to
-	ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab
-	(KEYTAB_DEFAULT_MODIFY): add
-	* lib/krb5/keytab.c (krb5_kt_default_modify_name): add
-	(krb5_kt_resolve): set error string for failed keytab type
-
-2001-05-08  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/crypto.c (encryption_type): make field names more
-	consistent
-	(create_checksum): separate usage and type
-	(krb5_create_checksum): add a separate type parameter
-	(encrypt_internal): only free once on mismatched checksum length
-
-	* lib/krb5/send_to_kdc.c (krb5_sendto_kdc2): try to tell what
-	realm we didn't manage to reach any KDC for in the error string
-
-	* lib/krb5/generate_seq_number.c (krb5_generate_seq_number): free
-	the entire subkey.  from <tmartin@mirapoint.com>
-
-2001-05-07  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/keytab_keyfile.c (akf_start_seq_get): return
-	KT_NOTFOUND if the file is empty
-
-2001-05-07  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/fcache.c: call krb5_set_error_string when open fails
-	fatally
-	* lib/krb5/keytab_file.c: call krb5_set_error_string when open
-	fails fatally
-
-	* lib/krb5/warn.c (_warnerr): print error_string in context in
-	preference to error string derived from error code
-	* kuser/kinit.c (main): try to print the error string
-	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): set some sensible
-	error strings for errors
-
-	* lib/krb5/krb5.h (krb5_context_data): add error_string and
-	error_buf
-	* lib/krb5/Makefile.am (libkrb5_la_SOURCES): add error_string.c
-	* lib/krb5/error_string.c: new file
-
-2001-05-02  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/time.c: krb5_string_to_deltat
-
-	* lib/krb5/sock_principal.c: one less data copy
-
-	* lib/krb5/eai_to_heim_errno.c: conversion function for h_errno's
-
-	* lib/krb5/get_default_principal.c: change this slightly
-
-	* lib/krb5/crypto.c: make checksum_types into an array of pointers
-
-	* lib/krb5/convert_creds.c: make sure we always use a des-cbc-crc
-	ticket
-
-2001-04-29  Assar Westerlund  <assar@sics.se>
-
-	* kdc/kerberos5.c (tgs_rep2): return a reference to a krbtgt for
-	the right realm if we fail to find a non-krbtgt service in the
-	database and the second component does a succesful non-dns lookup
-	to get the real realm (which has to be different from the
-	originally-supplied realm).  this should help windows 2000 clients
-	that always start their lookups in `their' realm and do not have
-	any idea of how to map hostnames into realms
-	* kdc/kerberos5.c (is_krbtgt): rename to get_krbtgt_realm
-
-2001-04-27  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/get_host_realm.c (krb5_get_host_realm_int): add extra
-	parameter to request use of dns or not
-
-2001-04-25  Assar Westerlund  <assar@sics.se>
-
-	* admin/get.c (kt_get): allow specification of encryption types
-	* lib/krb5/verify_init.c (krb5_verify_init_creds): do not try to
-	close an unopened ccache, noted by <marc@mit.edu>
-
-	* lib/krb5/krb5.h (krb5_any_ops): add declaration
-	* lib/krb5/context.c (init_context_from_config_file): register
-	krb5_any_ops
-
-	* lib/krb5/keytab_any.c: new file, implementing union of keytabs
-	* lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_any.c
-	
-	* lib/krb5/init_creds_pw.c (get_init_creds_common): handle options
-	== NULL.  noted by <marc@mit.edu>
-
-2001-04-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/rd_cred.c: set ret_creds to NULL before doing anything
-	else, from Jacques Vidrine
-
-2001-04-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/hdb/libasn1.h: asn1.h -> krb5_asn1.h
-
-	* lib/asn1/Makefile.am: add asn1_ENCTYPE.x
-
-	* lib/krb5/krb5.h: adapt to asn1 changes
-
-	* lib/asn1/k5.asn1: move enctypes here
-
-	* lib/asn1/libasn1.h: rename asn1.h to krb5_asn1.h to avoid
-	conflicts
-
-	* lib/asn1/Makefile.am: rename asn1.h to krb5_asn1.h to avoid
-	conflicts
-
-	* lib/asn1/lex.l: use strtol to parse constants
-
-2001-04-06  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kuser/kinit.c: add simple support for running commands
-
-2001-03-26  Assar Westerlund  <assar@sics.se>
-
-	* lib/hdb/hdb-ldap.c: change order of includes to allow it to work
-	with more versions of openldap
-
-	* kdc/kerberos5.c (tgs_rep2): try to set sec and usec in error
-	replies
-	(*): update callers of krb5_km_error
-	(check_tgs_flags): handle renews requesting non-renewable tickets
-
-	* lib/krb5/mk_error.c (krb5_mk_error): allow specifying both ctime
-	and cusec
-
-	* lib/krb5/krb5.h (krb5_checksum, krb5_keyusage): add
-	compatibility names
-
-	* lib/krb5/crypto.c (create_checksum): change so that `type == 0'
-	means pick from the `crypto' (context) and otherwise use that
-	type.  this is not a large change in practice and allows callers
-	to specify the exact checksum algorithm to use
-
-2001-03-13  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_cred.c (get_cred_kdc): add support for falling back
-	to KRB5_KU_AP_REQ_AUTH when KRB5_KU_TGS_REQ_AUTH gives `bad
-	integrity'.  this helps for talking to old (pre 0.3d) KDCs
-
-2001-03-12  Assar Westerlund  <assar@pdc.kth.se>
-
-	* lib/krb5/crypto.c (krb5_derive_key): new function, used by
-	derived-key-test.c
-	* lib/krb5/string-to-key-test.c: add new test vectors posted by
-	Ken Raeburn <raeburn@mit.edu> in <tx1bsra8919.fsf@raeburn.org> to
-	ietf-krb-wg@anl.gov
-	* lib/krb5/n-fold-test.c: more test vectors from same source
-	* lib/krb5/derived-key-test.c: more tests from same source
-
-2001-03-06  Assar Westerlund  <assar@sics.se>
-
-	* acconfig.h: include roken_rename.h when appropriate
-
-2001-03-06  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/krb5.h (krb5_enctype): remove trailing comma
-
-2001-03-04  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/krb5.h (krb5_enctype): add ENCTYPE_* aliases for
-	compatibility with MIT krb5
-
-2001-03-02  Assar Westerlund  <assar@sics.se>
-
-	* kuser/kinit.c (main): only request a renewable ticket when
-	explicitly requested.  it still gets a renewable one if the renew
-	life is specified
-	* kuser/kinit.c (renew_validate): treat -1 as flags not being set
-
-2001-02-28  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/context.c (krb5_init_ets): use krb5_add_et_list
-
-2001-02-27  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/get_cred.c: implement krb5_get_cred_from_kdc_opt
-
-2001-02-25  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: do not use -R when testing for des functions
-
-2001-02-14  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: test for lber.h when trying to link against
- 	openldap to handle openldap v1, from Sumit Bose
- 	<sumit.bose@suse.de>
-
-2001-02-19  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1/libasn1.h: add string.h (for memset)
-
-2001-02-15  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/warn.c (_warnerr): add printf attributes
-	* lib/krb5/send_to_kdc.c (krb5_sendto): loop over all address
-	returned by getaddrinfo before trying the next kdc.  from
-	thorpej@netbsd.org
-
-	* lib/krb5/krb5.conf.5: fix default_realm in example
-
-	* kdc/connect.c: fix a few kdc_log format types
-
-	* configure.in: try to handle libdes/libcrypto ont requiring -L
-
-2001-02-10  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1/gen_decode.c (generate_type_decode): zero the data at
-	the beginning of the generated function, and add a label `fail'
-	that the code jumps to in case of errors that frees all allocated
-	data
-
-2001-02-07  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: aix dce: fix misquotes, from Ake Sandgren
-	<ake@cs.umu.se>
-
-	* configure.in (dpagaix_LDFLAGS): try to add export file
-
-2001-02-05  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/krb5_keytab.3: new man page, contributed by
-	<lha@stacken.kth.se>
-
-	* kdc/kaserver.c: update to new db_fetch4
-
-2001-02-05  Assar Westerlund  <assar@assaris.sics.se>
-
-	* Release 0.3e
-
-2001-01-30  Assar Westerlund  <assar@sics.se>
-
-	* kdc/hprop.c (v4_get_masterkey): check kdb_verify_master_key
-	properly
-	(kdb_prop): decrypt key properly
-	* kdc/hprop.c: handle building with KRB4 always try to decrypt v4
-	data with the master key leave it up to the v5 how to encrypt with
-	that master key
-
-	* kdc/kstash.c: include file name in error messages
-	* kdc/hprop.c: fix a typo and check some more return values
-	* lib/hdb/hdb-ldap.c (LDAP__lookup_princ): call ldap_search_s
-	correctly.  From Jacques Vidrine <n@nectar.com>
-	* kdc/misc.c (db_fetch): HDB_ERR_NOENTRY makes more sense than
-	ENOENT
-
-	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to
-	15:0:0
-	* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:0:0
-	* lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 4:0:2
-	* kdc/misc.c (db_fetch): return an error code.  change callers to
-	look at this and try to print it in log messages
-
-	* lib/krb5/crypto.c (decrypt_internal_derived): check that there's
-	enough data
-
-2001-01-29  Assar Westerlund  <assar@sics.se>
-
-	* kdc/hprop.c (realm_buf): move it so it becomes properly
-	conditional on KRB4
-
-	* lib/hdb/mkey.c (hdb_unseal_keys_mkey, hdb_seal_keys_mkey,
-	hdb_unseal_keys, hdb_seal_keys): check that we have the correct
-	master key and that we manage to decrypt the key properly,
-	returning an error code.  fix all callers to check return value.
-
-	* tools/krb5-config.in: use @LIB_des_appl@
-	* tools/Makefile.am (krb5-config): add LIB_des_appl
-	* configure.in (LIB_des): set correctly
-	(LIB_des_appl): add for the use by krb5-config.in
-
-	* lib/krb5/store_fd.c (fd_fetch, fd_store): use net_{read,write}
-	to make sure of not dropping data when doing it over a socket.
-	(this might break when used with ordinary files on win32)
-
-	* lib/hdb/hdb_err.et (NO_MKEY): add
-
-	* kdc/kerberos5.c (as_rep): be paranoid and check
-	krb5_enctype_to_string for failure, noted by <lha@stacken.kth.se>
-
-	* lib/krb5/krb5_init_context.3, lib/krb5/krb5_context.3,
-	lib/krb5/krb5_auth_context.3: add new man pages, contributed by
-	<lha@stacken.kth.se>
-
-	* use the openssl api for md4/md5/sha and handle openssl/*.h
-
-	* kdc/kaserver.c (do_getticket): check length of ticket.  noted by
- 	<lha@stacken.kth.se>
-
-2001-01-28  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: send -R instead of -rpath to libtool to set
-	runtime library paths
-
-	* lib/krb5/Makefile.am: remove all dependencies on libkrb
-
-2001-01-27  Assar Westerlund  <assar@sics.se>
-
-	* appl/rcp: add port of bsd rcp changed to use existing rsh,
-	contributed by Richard Nyberg <rnyberg@it.su.se>
-
-2001-01-27  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/get_port.c: don't warn if the port name can't be found,
-	nobody cares anyway
-
-2001-01-26  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/hprop.c: make it possible to convert a v4 dump file without
-	having any v4 libraries; the kdb backend still require them
-
-	* kdc/v4_dump.c: include shadow definition of kdb Principal, so we
-	don't have to depend on any v4 libraries
-
-	* kdc/hprop.h: include shadow definition of kdb Principal, so we
-	don't have to depend on any v4 libraries
-
-	* lib/hdb/print.c: reduce number of memory allocations
-
-	* lib/hdb/mkey.c: add support for reading krb4 /.k files
-
-2001-01-19  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/krb5.conf.5: document admin_server and kpasswd_server
-	for realms document capath better
-
-	* lib/krb5/krbhst.c (krb5_get_krb_changepw_hst): preferably look
-	at kpasswd_server before admin_server
-
-	* lib/krb5/get_cred.c (get_cred_from_kdc_flags): look in
-	[libdefaults]capath for better hint of realm to send request to.
-	this allows the client to specify `realm routing information' in
-	case it cannot be done at the server (which is preferred)
-
-	* lib/krb5/rd_priv.c (krb5_rd_priv): handle no sequence number as
-	zero when we were expecting a sequence number.  MIT krb5 cannot
-	generate a sequence number of zero, instead generating no sequence
-	number
-	* lib/krb5/rd_safe.c (krb5_rd_safe): dito
-
-2001-01-11  Assar Westerlund  <assar@sics.se>
-
-	* kpasswd/kpasswdd.c: add --port option
-
-2001-01-10  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/appdefault.c (krb5_appdefault_string): fix condition
-	just before returning
-
-2001-01-09  Assar Westerlund  <assar@sics.se>
-
-	* appl/kf/kfd.c (proto): use krb5_rd_cred2 instead of krb5_rd_cred
-
-2001-01-05  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kuser/kinit.c: call a time `time', and not `seconds'
-
-	* lib/krb5/init_creds.c: not much point in setting the anonymous
-	flag here
-
-	* lib/krb5/krb5_appdefault.3: document appdefault_time
-
-2001-01-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/verify_user.c: use
-	krb5_get_init_creds_opt_set_default_flags
-
-	* kuser/kinit.c: use krb5_get_init_creds_opt_set_default_flags
-
-	* lib/krb5/init_creds.c: new function
-	krb5_get_init_creds_opt_set_default_flags to set options from
-	krb5.conf
-
-	* lib/krb5/rd_cred.c: make this match the MIT function
-	
-	* lib/krb5/appdefault.c (krb5_appdefault_string): handle NULL
-	def_val
-	(krb5_appdefault_time): new function
-
-2001-01-03  Assar Westerlund  <assar@sics.se>
-
-	* kdc/hpropd.c (main): handle EOF when reading from stdin
diff --git a/crypto/heimdal/ChangeLog.2002 b/crypto/heimdal/ChangeLog.2002
deleted file mode 100644
index 37fda2e4940a..000000000000
--- a/crypto/heimdal/ChangeLog.2002
+++ /dev/null
@@ -1,726 +0,0 @@
-2002-12-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/mk_rep.c: free allocated storage; reported by Howard
-	Chu
-
-2002-12-08  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/kdc_locl.h: remove old encrypt_v4_ticket prototype
-
-2002-12-02  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kpasswd/kpasswdd.c (doit): initialise sa_size to size of
-	sockaddr_storage
-
-	* kdc/connect.c (init_socket): initialise sa_size to size of
-	sockaddr_storage
-
-2002-11-15  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/krb5.h: remove trailing comma in enum
-
-2002-11-07  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/524.c: implement crude b2 style (non-)conversion for use
-	with afs
-
-	* kdc/kerberos4.c: move encrypt_v4_ticket to 524.c, since that's
-	where it's used
-
-2002-10-21  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/keytab_keyfile.c: more strcspn
-
-	* lib/krb5/store_emem.c (emem_store): limit how much we allocate
-	(from Olaf Kirch)
-
-	* lib/krb5/principal.c: don't allow trailing backslashes in
-	components
-
-	* kdc/connect.c: check that %-quotes are followed by two hex
-	digits
-
-	* lib/krb5/keytab_any.c: properly close the open keytabs (from
-	Larry Greenfield)
-
-	* kdc/kaserver.c: make sure life is positive (from John Godehn)
-
-2002-10-17  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kuser/klist.c (display_tokens): allow tokens up to size of
-	buffer (from Magnus Holmberg)
-
-2002-09-29  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/changepw.c (process_reply): fix reply length check
-	calculation (reported by various people)
-
-2002-09-24  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/keytab_file.c (fkt_remove_entry): check return value
-	from start_seq_get (from Wynn Wilkes)
-
-2002-09-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/context.c (krb5_set_config_files): return ENXIO instead
-	of ENOENT when "unconfigured"
-
-2002-09-16  Jacques Vidrine  <nectar@kth.se>
-
-	* lib/krb5/kuserok.c, lib/krb5/prompter_posix.c: use strcspn
-	to convert the newline to NUL in fgets results.
-
-2002-09-13  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kuser/kinit.1: remove unneeded Ns
-
-	* lib/krb5/krb5_appdefault.3: remove extra "application"
-
-	* fix-export: remove autom4ate.cache
-
-2002-09-10  Johan Danielsson  <joda@pdc.kth.se>
-
-	* include/make_crypto.c: don't use function macros if possible
-
-	* lib/krb5/krb5_locl.h: get limits.h for UINT_MAX
-
-	* include/Makefile.am: use make_crypto to create crypto-headers.h
-
-	* include/make_crypto.c: crypto header generation tool
-
-	* configure.in: move crypto test to just after testing for krb4,
-	and move roken tests to after both, this speeds up various failure
-	cases with krb4
-
-	* lib/krb5/config_file.c: don't use NULL when we mean 0
-
-	* configure.in: we don't set package_libdir anymore, so no point
-	in testing for it
-
-	* tools/Makefile.am: subst INCLUDE_des
-
-	* tools/krb5-config.in: add INCLUDE_des to cflags
-
-	* configure.in: use AC_CONFIG_SRCDIR
-
-	* fix-export: remove some unneeded stuff
-
-	* kuser/kinit.c (do_524init): free principals
-
-2002-09-09  Jacques Vidrine  <nectar@kth.se>
-
-	* kdc/kerberos5.c (get_pa_etype_info, fix_transited_encoding),
-	kdc/kaserver.c (krb5_ret_xdr_data),
-	lib/krb5/transited.c (krb5_domain_x500_decode): Validate some
-	counts: Check that they are non-negative, and that they are small
-	enough to avoid integer overflow when used in memory allocation
-	calculations.  Potential problem areas pointed out by 
-	Sebastian Krahmer <krahmer@suse.de>.
-
-	* lib/krb5/keytab_keyfile.c (akf_add_entry): Use O_EXCL when
-	creating a new keyfile.
-
-2002-09-09  Johan Danielsson  <joda@pdc.kth.se>
-
-	* configure.in: don't try to build pam module
-
-2002-09-05  Johan Danielsson  <joda@pdc.kth.se>
-
-	* appl/kf/kf.c: fix warning string
-
-	* lib/krb5/log.c (krb5_vlog_msg): delay message formating till we
-	know we need it
-
-2002-09-04  Assar Westerlund  <assar@kth.se>
-
-	* kdc/kerberos5.c (encode_reply): correct error logging
-
-2002-09-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/sendauth.c: close ccache if we opened it
-
-	* appl/kf/kf.c: handle new protocol
-
-	* appl/kf/kfd.c: use krb5_err instead of sysloging directly,
-	handle the new protocol, and bail out if an old client tries to
-	connect
-
-	* appl/kf/kf_locl.h: we need a protocol version string
-
-	* lib/hdb/hdb-ldap.c: use ASN1_MALLOC_ENCODE
-
-	* kdc/kerberos5.c: use ASN1_MALLOC_ENCODE
-
-	* kdc/hprop.c: set AP_OPTS_USE_SUBKEY
-
-	* lib/hdb/common.c: use ASN1_MALLOC_ENCODE
-
-	* lib/asn1/gen.c: add convenience macro that allocates a buffer
-	and encoded into that
-
-	* lib/krb5/get_cred.c (init_tgs_req): use
-	in_creds->session.keytype literally instead of trying to convert
-	to a list of enctypes (it should already be an enctype)
-	
-	* lib/krb5/get_cred.c (init_tgs_req): init ret
-
-2002-09-03  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/asn1/k5.asn1: remove ETYPE_DES3_CBC_NONE_IVEC
-
-	* lib/krb5/krb5.h: remove ENCTYPE_DES3_CBC_NONE_IVEC
-
-	* lib/krb5/crypto.c: get rid of DES3_CBC_encrypt_ivec, just use
-	zero ivec in DES3_CBC_encrypt if passed ivec is NULL
-
-	* lib/krb5/Makefile.am: back out 1.144, since it will re-create
-	krb5-protos.h at build-time, which requires perl, which is bad
-
-	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): don't
-	blindly use the local subkey
-
-	* lib/krb5/crypto.c: add function krb5_crypto_getblocksize that
-	extracts the required blocksize from a crypto context
-
-	* lib/krb5/build_auth.c: just get the length of the encoded
-	authenticator instead of trying to grow a buffer
-
-2002-09-03  Assar Westerlund  <assar@kth.se>
-
-	* configure.in: add --disable-mmap option, and tests for
-	sys/mman.h and mmap
-
-2002-09-03  Jacques Vidrine  <nectar@kth.se>
-
-	* lib/krb5/changepw.c: verify lengths in response
-
-	* lib/asn1/der_get.c (decode_integer, decode_unsigned): check for
-	truncated integers
-
-2002-09-02  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/mk_req_ext.c: generate a local subkey if
-	AP_OPTS_USE_SUBKEY is set
-
-	* lib/krb5/build_auth.c: we don't have enough information about
-	whether to generate a local subkey here, so don't try to
-
-	* lib/krb5/auth_context.c: new function
-	krb5_auth_con_generatelocalsubkey
-
-	* lib/krb5/get_in_tkt.c: only set kdc_sec_offset if looking at an
-	initial ticket
-
-	* lib/krb5/context.c (init_context_from_config_file): simplify
-	initialisation of srv_lookup
-
-	* lib/krb5/changepw.c (send_request): set AP_OPTS_USE_SUBKEY
-
-	* lib/krb5/krb5.h: add AP_OPTS_USE_SUBKEY
-
-2002-08-30  Assar Westerlund  <assar@kth.se>
-
-	* lib/krb5/name-45-test.c: also test krb5_524_conv_principal
-	* lib/krb5/Makefile.am (TESTS): add name-45-test
-	* lib/krb5/name-45-test.c: add testcases for
-	krb5_425_conv_principal
-
-2002-08-29  Assar Westerlund  <assar@kth.se>
-
-	* lib/krb5/parse-name-test.c: also test unparse_short functions
-	* lib/asn1/asn1_print.c: use com_err/error_message API
-	* lib/krb5/Makefile.am: add parse-name-test
-	* lib/krb5/parse-name-test.c: add a program for testing parsing
-	and unparsing principal names
-
-2002-08-28  Assar Westerlund  <assar@kth.se>
-
-	* kdc/config.c: add missing ifdef DAEMON
-
-2002-08-28  Johan Danielsson  <joda@pdc.kth.se>
-
-	* configure.in: use rk_SUNOS
-
-	* kdc/config.c: add detach options
-
-	* kdc/main.c: maybe detach from console?
-
-	* kdc/kdc.8: markup changes
-
-	* configure.in: AC_TEST_PACKAGE_NEW -> rk_TEST_PACKAGE
-
-	* configure.in: use rk_TELNET, rename some other macros, and don't
-	add -ldes to krb4 link command
-
-	* kuser/kinit.1: whitespace fix (from NetBSD)
-
-	* include/bits.c: we may need unistd.h for ssize_t
-
-2002-08-26  Assar Westerlund  <assar@kth.se>
-
-	* lib/krb5/principal.c (krb5_425_conv_principal_ext): lookup AAAA
-	rrs before A ones when using the resolver to verify a mapping,
-	also use getaddrinfo when resolver is not available
-
-	* lib/hdb/keytab.c (find_db): const-correctness in parameters to
-	krb5_config_get_next
-
-	* lib/asn1/gen.c: include <string.h> in the generated files (for
-	memset)
-
-2002-08-22  Assar Westerlund  <assar@kth.se>
-
-	* lib/krb5/test_get_addrs.c, lib/krb5/krbhst-test.c: make it use
-	getarg so that it can handle --help and --version (and thus make
-	check can pass)
-
-	* lib/asn1/check-der.c: make this build again
-
-2002-08-22  Assar Westerlund <assar@kth.se>
-
-	* lib/asn1/der_get.c (der_get_int): handle len == 0.  based on a
-	patch from Love <lha@stacken.kth.se>
-
-2002-08-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/krb5.h: we seem to call KRB5KDC_ERR_KEY_EXP
-	KRB5KDC_ERR_KEY_EXPIRED, so define the former to the latter
-	
-	* kdc/kdc.8: add blurb about adding and removing addresses; update
-	kdc.conf section to match reality
-
-	* configure.in: KRB_SENDAUTH_VLEN seems to always have existed, so
-	don't define it
-	
-2002-08-21  Assar Westerlund  <assar@kth.se>
-	
-	* lib/asn1/asn1_print.c: print OIDs too, based on a patch from
-	Love <lha@stacken.kth.se>
-
-2002-08-21  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kuser/kinit.c (do_v4_fallback): don't use krb_get_pw_in_tkt2
-	since it might not exist, and we don't actually care about the key
-	
-2002-08-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/krb5.conf.5: correct documentation for
-	verify_ap_req_nofail
-
-	* lib/krb5/log.c: rename syslog_data to avoid name conflicts (from
-	Mattias Amnefelt)
-
-	* kuser/klist.c (display_tokens): increase token buffer size, and
-	add more checks of the kernel data (from Love)
-
-2002-08-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* fix-export: use make to parse Makefile.am instead of perl
-
-	* configure.in: use argument-less AM_INIT_AUTOMAKE, now that it
-	groks AC_INIT with package name etc.
-
-	* kpasswd/kpasswdd.c: include <kadm5/private.h>
-
-	* lib/asn1/asn1_print.c: include com_right.h
-
-	* lib/krb5/addr_families.c: socklen_t -> krb5_socklen_t
-
-	* include/bits.c: define krb5_socklen_t type; this should really
-	go someplace else, but this was easy
-
-	* lib/krb5/verify_krb5_conf.c: don't bail out if parsing of a file
-	fails, just warn about it
-
-	* kdc/log.c (kdc_openlog): no need for a config_file parameter
-
-	* kdc/config.c: just treat kdc.conf like any other config file
-
-	* lib/krb5/context.c (krb5_get_default_config_files): ignore
-	duplicate files
-
-2002-08-16  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/krb5.h: turn strings into pointers, so we can assign to
-	them
-
-	* lib/krb5/constants.c: turn strings into pointers, so we can
-	assign to them
-
-	* lib/krb5/get_addrs.c (get_addrs_int): initialise res if
-	SCAN_INTERFACES is not set
-
-	* lib/krb5/context.c: fix various borked stuff in previous commits
-
-2002-08-16  Jacques Vidrine <n@nectar.com>
-
-	* lib/krb5/krbhst.c (kpasswd_get_next): if we fall back to using
-	the `admin_server' entry for kpasswd, override the `proto' result
-	to be UDP.
-
-2002-08-15  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/auth_context.c: check return value of
-	krb5_sockaddr2address
-
-	* lib/krb5/addr_families.c: check return value of
-	krb5_sockaddr2address
-
-	* lib/krb5/context.c: get the default keytab from KRB5_KTNAME
-
-2002-08-14  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/verify_krb5_conf.c: allow parsing of more than one file
-
-	* lib/krb5/context.c: allow changing config files with the
-	function krb5_set_config_files, there are also related functions
-	krb5_get_default_config_files and krb5_free_config_files; these
-	should work similar to their MIT counterparts
-
-	* lib/krb5/config_file.c: allow the use of more than one config
-	file by using the new function krb5_config_parse_file_multi
-
-2002-08-12  Johan Danielsson  <joda@pdc.kth.se>
-
-	* use sysconfdir instead of /etc
-
-	* configure.in: require autoconf 2.53; rename dpagaix_LDFLAGS etc
-	to appease automake; force sysconfdir and localstatedir to /etc
-	and /var/heimdal for now
-
-	* kdc/connect.c (addr_to_string): check return value of
-	sockaddr2address
-
-2002-08-09  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/rd_cred.c: if the remote address isn't an addrport,
-	don't try comparing to one; this should make old clients work with
-	new servers
-
-	* lib/asn1/gen_decode.c: remove unused variable
-
-2002-07-31  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/{kerberos5,524}.c: ENOENT -> HDB_ERR_NOENTRY (from Derrick
-	Brashear)
-
-	* lib/krb5/principal.c: actually lower case the lower case
-	instance name (spotted by Derrick Brashear)
-
-2002-07-24  Johan Danielsson  <joda@pdc.kth.se>
-
-	* fix-export: if DATEDVERSION is set, change the version to
-	current date
-
-	* configure.in: don't use AC_PROG_RANLIB, and use magic foo to set
-	LTLIBOBJS
-
-2002-07-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/connect.c: add some cache-control-foo to the http responses
-	(from Gombas Gabor)
-
-	* lib/krb5/addr_families.c (krb5_print_address): don't copy size
-	if ret_len == NULL
-
-2002-06-28  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kuser/klist.c (display_tokens): don't bail out before we get
-	EDOM (signaling the end of the tokens), the kernel can also return
-	ENOTCONN, meaning that the index does not exist anymore (for
-	example if the token has expired)
-
-2002-06-06  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/changepw.c: make sure we return an error if there are
-	no changepw hosts found; from Wynn Wilkes
-
-2002-05-29  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/cache.c (krb5_cc_register): break out of loop when the
-	same type is found; spotted by Wynn Wilkes
-
-2002-05-28  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/keytab_file.c: check size of entry before trying to
-	read 32-bit kvno; also fix typo in previous
-
-2002-05-24  Johan Danielsson  <joda@pdc.kth.se>
-
-	* include/Makefile.am: only add to INCLUDES
-
-	* lib/45/mk_req.c: fix for storage change
-
-	* lib/hdb/print.c: fix for storage change
-
-2002-05-15  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/kerberos5.c: don't free encrypted padata until we're really
-	done with it
-
-2002-05-07  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/kerberos5.c: when decrypting pa-data, try all keys matching
-	enctype
-
-	* kuser/kinit.1: document -a
-
-	* kuser/kinit.c: add command line switch for extra addresses
-
-2002-04-30  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* configure.in: remove some duplicate tests
-
-	* configure.in: use AC_HELP_STRING
-
-2002-04-29  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/crypto.c (usage2arcfour): don't abort if the usage is
-	unknown
-
-2002-04-25  Johan Danielsson  <joda@pdc.kth.se>
-
-	* configure.in: use rk_DESTDIRS
-
-2002-04-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/krb5_verify_user.3: make it clear that _lrealm modifies
-	the principal
-
-2002-04-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/verify_init.c: fix typo in error string
-
-2002-04-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* acconfig.h: remove some stuff that is defined elsewhere
-
-	* lib/krb5/krb5_locl.h: include <sys/file.h>
-
-	* lib/krb5/acl.c: rename acl_string parameter
-
-	* lib/krb5/Makefile.am: remove __P from protos, and put parameter
-	names in comments
-
-	* kuser/klist.c: better align some headers
-
-	* kdc/kerberos4.c: storage tweaks
-
-	* kdc/kaserver.c: storage tweaks
-
-	* kdc/524.c: storage tweaks
-
-	* lib/krb5/keytab_krb4.c: storage tweaks
-
-	* lib/krb5/keytab_keyfile.c: storage tweaks
-
-	* lib/krb5/keytab_file.c: storage tweaks; also try to handle zero
-	sized keytab files
-
-	* lib/krb5/keytab_any.c: use KRB5_KT_END instead of KRB5_CC_END
-
-	* lib/krb5/fcache.c: storage tweaks
-
-	* lib/krb5/store_mem.c: make the krb5_storage opaque, and add
-	function wrappers for store/fetch/seek, and also make the eof-code
-	configurable
-
-	* lib/krb5/store_fd.c: make the krb5_storage opaque, and add
-	function wrappers for store/fetch/seek, and also make the eof-code
-	configurable
-
-	* lib/krb5/store_emem.c: make the krb5_storage opaque, and add
-	function wrappers for store/fetch/seek, and also make the eof-code
-	configurable
-
-	* lib/krb5/store.c: make the krb5_storage opaque, and add function
-	wrappers for store/fetch/seek, and also make the eof-code
-	configurable
-
-	* lib/krb5/store-int.h: make the krb5_storage opaque, and add
-	function wrappers for store/fetch/seek, and also make the eof-code
-	configurable
-
-	* lib/krb5/krb5.h: make the krb5_storage opaque, and add function
-	wrappers for store/fetch/seek, and also make the eof-code
-	configurable
-
-	* include/bits.c: include <sys/socket.h> to get socklen_t
-
-	* kdc/kerberos5.c (get_pa_etype_info): sort ETYPE-INFOs by
-	requested KDC-REQ etypes
-
-	* kdc/hpropd.c: constify
-
-	* kdc/hprop.c: constify
-
-	* kdc/string2key.c: constify
-
-	* kdc/kdc_locl.h: make port_str const
-
-	* kdc/config.c: constify
-
-	* lib/krb5/config_file.c: constify
-
-	* kdc/kstash.c: constify
-
-	* lib/krb5/verify_user.c: remove unnecessary cast
-
-	* lib/krb5/recvauth.c: constify
-
-	* lib/krb5/principal.c (krb5_parse_name): const qualify
-
-	* lib/krb5/mcache.c (mcc_get_name): constify return type
-
-	* lib/krb5/context.c (krb5_free_context): don't try to free the
-	ccache prefix
-
-	* lib/krb5/cache.c (krb5_cc_register): don't make a copy of the
-	prefix
-
-	* lib/krb5/krb5.h: constify some struct members
-
-	* lib/krb5/log.c: constify
-
-	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): const
-	qualify
-
-	* lib/krb5/get_in_tkt.c (krb5_init_etype): constify
-
-	* lib/krb5/crypto.c: constify some
-
-	* lib/krb5/config_file.c: constify
-
-	* lib/krb5/aname_to_localname.c (krb5_aname_to_localname):
-	constify local variable
-
-	* lib/krb5/addr_families.c (ipv4_sockaddr2port): constify
-
-2002-04-17  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/verify_krb5_conf.c: add some log checking
-	
-	* lib/krb5/log.c (krb5_addlog_dest): reorganise syslog parsing
-
-2002-04-16  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/crypto.c (krb5_crypto_init): check that the key size
-	matches the expected length
-
-2002-03-27  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/send_to_kdc.c: rename send parameter to send_data
-
-	* lib/krb5/mk_error.c: rename ctime parameter to client_time
-
-2002-03-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/kerberos5.c (find_etype): unsigned -> krb5_enctype (from
-	Reinoud Zandijk)
-
-2002-03-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/asn1/k5.asn1: add the GSS-API checksum type here
-
-2002-03-11  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to
-	18:3:1
-	* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:5:0
-	* lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 6:0:0
-	
-2002-03-10  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/rd_cred.c: handle addresses with port numbers
-
-	* lib/krb5/keytab_file.c, lib/krb5/keytab.c:
-	store the kvno % 256 as the byte and the complete 32 bit kvno after
-	the end of the current keytab entry
-
-	* lib/krb5/init_creds_pw.c:
-	handle LR_PW_EXPTIME and LR_ACCT_EXPTIME in the same way
-
-	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds):
-	handle ports giving for the remote address
-
-	* lib/krb5/get_cred.c:
-	get a ticket with no addresses if no-addresses is set
-
-	* lib/krb5/crypto.c:
-	rename functions DES_* to krb5_* to avoid colliding with modern
-	openssl
-
-	* lib/krb5/addr_families.c:
-	make all functions taking 'struct sockaddr' actually take a socklen_t
-	instead of int and that acts as an in-out parameter (indicating the
-	maximum length of the sockaddr to be written)
-
-	* kdc/kerberos4.c:
-	make the kvno's in the krb4 universe by the real one % 256, since they
-	cannot only be 8 bit, and the v5 ones are actually 32 bits
-
-2002-02-15  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/keytab_keyfile.c (akf_add_entry): don't create the file
-	before we need to write to it
-	(from �ke Sandgren)
-
-2002-02-14  Johan Danielsson  <joda@pdc.kth.se>
-
-	* configure.in: rk_RETSIGTYPE and rk_BROKEN_REALLOC are called via
-	rk_ROKEN (from Gombas Gabor); find inttypes by CHECK_TYPES
-	directly
-
-	* lib/krb5/rd_safe.c: actually use the correct key (from Daniel
-	Kouril)
-
-2002-02-12  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/context.c (krb5_get_err_text): protect against NULL
-	context
-
-2002-02-11  Johan Danielsson  <joda@pdc.kth.se>
-
-	* admin/ktutil.c: no need to use the "modify" keytab anymore
-
-	* lib/krb5/keytab_any.c: implement add and remove
-
-	* lib/krb5/keytab_krb4.c: implement add and remove
-
-	* lib/krb5/store_emem.c (emem_free): clear memory before freeing
-	(this should perhaps be selectable with a flag)
-
-2002-02-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/config.c (get_dbinfo): if there are database specifications
-	in the config file, don't automatically try to use the default
-	values (from Gombas Gabor)
-
-	* lib/krb5/log.c (krb5_closelog): don't pass pointer to pointer
-	(from Gombas Gabor)
-
-2002-01-30  Johan Danielsson  <joda@pdc.kth.se>
-
-	* admin/list.c: get the default keytab from krb5.conf, and list
-	all parts of an ANY type keytab
-
-	* lib/krb5/context.c: default default_keytab_modify to NULL
-
-	* lib/krb5/keytab.c (krb5_kt_default_modify_name): if no modify
-	name is specified take it from the first component of the default
-	keytab name
-
-2002-01-29  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/keytab.c: compare keytab types case insensitively
-
-2002-01-07  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/crypto.c (create_checksum): make usage `unsigned' (it's
-	not really a krb5_key_usage).  From Ben Harris <bjh21@netbsd.org>
-	* lib/krb5/get_in_tkt.c: use krb5_enctype consistently.  From Ben
-	Harris <bjh21@netbsd.org>
-	* lib/krb5/crypto.c: use krb5_enctype consistently.  From Ben
-	Harris <bjh21@netbsd.org>
-	* kdc/kerberos5.c: use krb5_enctype consistently.  From Ben Harris
-	<bjh21@netbsd.org>
diff --git a/crypto/heimdal/ChangeLog.2003 b/crypto/heimdal/ChangeLog.2003
deleted file mode 100644
index 82233515246e..000000000000
--- a/crypto/heimdal/ChangeLog.2003
+++ /dev/null
@@ -1,1795 +0,0 @@
-2003-12-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/error_string.c: protect error_string with mutex
-	
-	* lib/krb5/context.c: allocate and destroy mutex in krb5_context
-	
-	* lib/krb5/krb5.h (krb5_context_data): add mutex for error_string
-	
-2003-12-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kuser/kinit.c: make -9 work again
-	
-2003-12-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/init_creds_pw.c: try handle ts preauth better, still
-	not good, but at least it work with older heimdal releases that
-	doesn't send back KRB5KDC_ERR_PREAUTH_REQUIRED when preauth was
-	sent
-
-2003-12-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/hdb.asn1: remove enforce-transited-policy, its no longer
-	used
-
-2003-12-11  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* lib/krb5/pkinit.c (_krb5_pk_create_sign): fill in NULL as
-	parameters, required by CMS
-
-2003-12-07  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* lib/krb5/get_in_tkt_with_keytab.c (krb5_get_in_tkt_with_keytab):
-	avoid memory leak that snuck in when krb5_keytab_key_proc was
-	exported, pointed out by Panases Inc
-	
-	* lib/krb5/keytab_file.c: do locking, found to be a problem for
-	Panasas Inc
-
-	* lib/krb5/fcache.c: internally export x{,un}lock and thus prefix
-	them with _krb5_
-
-	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): use
-	KRB5_AUTH_CONTEXT_DO_TIME if we want timestamp in forwarded
-	krb-cred
-
-	* lib/krb5/krb5_auth_context.3: some text about
-	krb5_auth_con_{add,remove}flags
-
-	* lib/krb5/auth_context.c: add krb5_auth_con_addflags and
-	krb5_auth_con_removeflags
-
-2003-12-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/crypto.c (decrypt_internal_derived): move up padsize to
-	avoid memory leak
-
-2003-12-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/crypto.c: require cipher-text to be padded to padsize
-	
-	* lib/krb5/eai_to_heim_errno.c: EAI_ADDRFAMILY and EAI_NODATA is
-	deprecated in RFC3493
-
-	* lib/krb5/verify_krb5_conf.c (check_host): don't check for
-	EAI_NODATA, because its depricated in RFC3493 Pointed out by
-	Hajimu UMEMOTO <ume@mahoroba.org> on heimdal-discuss
-
-2003-12-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/Makefile.am: move test_crypto to noinst_PROGRAMS
-	
-	* lib/krb5/test_crypto.c: add --version,--help
-	
-	* kuser/kinit.c (main): return the return value from simple_execvp
-	
-2003-11-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kuser/kinit.c: don't use PKINIT DH per default since its too
-	slow
-
-	* lib/krb5/pkinit.c: tweek to make pkinit work with the fact the
-	asn1_compile can't generate code for context tagless optionals
-	
-	* kdc/pkinit.c: add support for KDC side of DH PKINIT
-	
-	* lib/krb5/pkinit.c: clean up error handling, make enc-type work
-	again
-
-2003-11-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kuser/kinit.c: add flag to make it work with pkinit dh
-	
-	* lib/krb5/pkinit.c: make PKINIT DH support work
-	
-2003-11-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/Makefile.am (LDADD): link with LIB_dlopen
-	
-	* kdc/pkinit.c: clean up
-	
-	* lib/krb5/krb5.h: make pkinit_win2k_compatible into a flag field
-	
-	* lib/krb5/pkinit.c: remove most compile depencies clean up
-	
-	* kdc/pkinit.c: print an error and turn of pkinit if openssl
-	failed to load
-
-	* kdc/config.c: read pkinit (pki-mumble) configuration options
-	
-	* kdc/kerberos5.c: add pkinit support
-	
-	* kdc/kdc_locl.h: add prototypes for pkinit
-	
-	* kdc/pkinit.c: PKINIT patch from Daniel Kouril and Petr Holub, I
-	removed the dependency on valicert asn1 parser, remove smartcard
-	and globus support (for now). Work to be done on this: DH support,
-	Globus support, Smartcard support, windows support (MS implements
-	-09 of the draft), make it conform to the new draft
-	
-	* lib/krb5/pkinit.c: fix bugs, improve error reporting
-
-2003-11-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kuser/kinit.c: add some "struct foo;" glue for pkinit
-	structures that isn't used
-
-	* lib/krb5/pkinit.c: clean up, make remove depenency on openssl's
-	api
-
-	* lib/krb5/krb5_locl.h: add some glue for pkinit add reference
-	counter to _krb5_get_init_creds_opt_private
-	
-	* lib/krb5/init_creds.c: reference count krb5_get_init_creds_opt
-	private component to avoid copy all the data in it
-	
-	* lib/krb5/crypto.c (AES_string_to_key): fix memory leak
-
-	* lib/krb5/init_creds_pw.c (init_cred_loop): fix memory leak
-	
-	* lib/krb5/heim_threads.h: include pthread.h in the pthread case
-	
-2003-11-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kpasswd/kpasswdd.c (main): parse kdc.conf
-	From: Jeffrey Hutzelman <jhutz@cmu.edu>
-	
-2003-11-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/Makefile.am (TESTS): add test_crypto
-	
-	* lib/krb5/test_crypto.c: time crypto operations
-	
-2003-11-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/init-creds: spelling, Bruno Rohee <bruno@rohee.com>
-	
-2003-11-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/rd_req.c (krb5_verify_ap_req2): krb5_free_ticket free
-	the ticket now, rewrite error handling to handle that
-	
-	* kpasswd/kpasswdd.c (process): don't free ticket,
-	krb5_free_ticket does that now
-
-	* kdc/kerberos5.c (tgs_rep2): don't free ticket, krb5_free_ticket
-	does that now
-
-	* lib/krb5/ticket.c (krb5_free_ticket): free the ticket itself to
-	match mit behavior, pointed out by Derrick Brashear
-	
-	* lib/krb5/krb5_ticket.3: krb5_free_ticket free the whole ticket
-	
-2003-11-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/padata.c: add krb5_padata_add
-	
-	* lib/krb5/krb5.h: krb5_context_data.pkinit_win2k_compatible
-	
-	* lib/krb5/Makefile.am: add pkinit.c
-	
-	* kuser/kinit.c: add pkinit support
-	
-	* lib/krb5/init_creds_pw.c: add support for pkinit
-	
-	* lib/krb5/krb5_locl.h: add the opaque krb5_pk_init_ctx to
-	_krb5_get_init_creds_opt_private
-
-	* lib/krb5/pkinit.c: rename krb5_pk_init_openssl_ctx to
-	krb5_pk_init_ctx fix win2k error handling
-	
-	* lib/krb5/pkinit.c: PKINIT patch from Daniel Kouril and Petr
-	Holub, I removed the dependency on valicert asn1 parser, remove
-	smartcard and globus support (for now). Work to be done on this:
-	DH support, Globus support, Smartcard support, windows support (MS
-	implements -09 of the draft), verify that it conforms the new
-	draft
-
-2003-11-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/asn1/der_copy.c (copy_oid): copy all components
-	
-2003-10-27  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/krb5.conf.5: document capaths section
-
-2003-10-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/kerberos5.c: make sure that the server realm and the krbtgt
-	second component are identical; get rpath from the capaths section
-
-	* kdc/kerberos5.c: change logic for when to check transited policy
-	to a tri-state model involving per principal flags (to be
-	implemented)
-
-	* kdc/kdc_locl.h: change enforce_transited_policy to a tri-state
-	variable
-
-	* kdc/config.c: change enforce_transited_policy to a tri-state
-	variable
-
-2003-10-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/transited.c (krb5_domain_x500_encode): always zero out
-	encoding to make sure it have a defined value on failure
-
-	* lib/krb5/transited.c (krb5_domain_x500_encode): 
-	if num_realms ==0, set encoding and return (avoids malloc(0)),
-	check return value for malloc
-
-2003-10-21  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/kerberos5.c (fix_transited_encoding): always print
-	cross-realm information
-	
-2003-10-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/setup.texi: spelling, From: Tracy Di Marco White
-	
-	* kdc/kerberos5.c (fix_transited_encoding): set transited type
-	
-2003-10-21  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/kdc.8: document enforce-transited-policy
-
-	* kdc/kerberos5.c: always check transited policy if flag set
-	either globally or on principal
-
-	* kdc/config.c: add flag to always check transited policy
-
-	* lib/hdb/hdb.asn1: add flag to enforce transited policy
-
-2003-10-21  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* lib/krb5/transited.c (krb5_domain_x500_decode): set *num_realms
-	to zero not num_realms
-
-	* kuser/kgetcred.1: add --no-transit-check
-	
-	* kuser/kgetcred.c: add --no-transit-check
-
-	* doc/setup.texi: describe Transit policy
-	
-2003-10-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/kerberos5.c (fix_transited_encoding): also verify with
-	policy, unless asked not to
-
-	* lib/krb5/rd_req.c (krb5_decrypt_ticket): try to verify transited
-	realms, unless the transited-policy-checked flag is set
-
-	* lib/krb5/transited.c (krb5_domain_x500_decode): handle zero
-	length tr data;
-	(krb5_check_transited): new function that does more useful stuff
-
-	* lib/krb5/get_cred.c: get capath info from [capaths] section
-
-2003-10-16  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/fcache.c: Sleep forever waiting for lock. Previous
-	method doesn't work well with a large number of clients accessing
-	the cache at the same time, and there is no simple way to add a
-	timeout to the lock.
-
-2003-10-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/verify_krb5_conf.c: print the error value
-	krb5_init_context failed with
-
-	* lib/krb5/config_file.c (krb5_config_parse_file_debug): punt if
-	there is binding before a section declaration. Bug found by
-	Arkadiusz Miskiewicz <arekm@pld-linux.org>
-
-2003-10-13  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/fcache.c (erase_file): revert a change in previous; if
-	the ccache is a symlink, kdestroy should remove it
-
-	* lib/krb5/fcache.c: implement locking
-
-2003-10-12  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kuser/klist.c (print_tickets): bail out if krb5_cc_next_cred
-	returns error other than KRB5_CC_END
-
-2003-10-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/init_creds_pw.c: add some help function that is common
-	between ENC_TS and SAM2, free the etype{,2}-infos on failure, move
-	the pa counter into krb5_get_init_creds_ctx
-	
-2003-10-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/kaserver.c (do_getticket): if times data is shorter then 8
-	byte, request is malformed.
-
-	* kdc/kaserver.c (do_authenticate): if request length is less then
-	8 byte, its a bad request and fail. Pointed out by Marco Foglia
-	<marco@foglia.org>
-
-	* lib/krb5/verify_krb5_conf.c: add flag --warn-mit-syntax that
-	warns for mit syntax is used and just ignore the mit syntax when
-	its used
-
-	* lib/krb5/verify_krb5_conf.c: parse [kdc]use_2b and [gssapi]
-	
-2003-10-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/asn1/lex.l: add BOOLEAN
-	
-	* lib/asn1/parse.y: add BOOLEAN
-	
-2003-10-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kuser/kinit.c: When running kinit in "fork mode" do pagsh
-	independent of krb4, also always do krb4 setup of cc. Always try
-	to destroy the v4 cc.
-	- add boolean --{,no-}request-pac that will request pac or not
-
-	* kuser/klist.c (check_for_tgt): set client as part of the
-	pattern/match cred
-
-	* lib/krb5/convert_creds.c (_krb5_krb_dest_tkt): unlink v4 token
-	(get_krb4_cc_name): move out from _krb5_krb_tf_setup
-	(_krb5_krb_tf_setup): adapt to allocated filename instead of
-	static filename
-
-	* lib/krb5/krb5-v4compat.h: add _krb5_krb_dest_tkt and TKT_ROOT
-	
-	* lib/krb5/init_creds_pw.c (*) send PA_PAC_REQUEST when the user
-	have requested either use PAC or not use PAC, if the option not
-	set from the user, leave it up to the kdc to decide.
-	(init_creds_loop): clear error string on success
-
-	* lib/krb5/init_creds.c: add
-	krb5_get_init_creds_opt_set_paq_request break out common part of
-	extended opt functions to require_ext_opt
-
-	* lib/krb5/krb5_locl.h: add enum krb5_get_init_creds_req_pac and
-	use it in struct _krb5_get_init_creds_opt_private
-	
-	* tools/kdc-log-analyze.pl: handle some more failure lines
-	
-	* doc/programming.texi: some diffrences between Heimdal and MIT
-	Kerberos in the API
-
-	* doc/setup.texi: add Setting up DNS
-	
-	* lib/krb5/rd_req.c (krb5_rd_req): always free keyblock since its
-	alway used
-
-	* lib/asn1/Makefile.am: add SAM types and PAC_REQUEST
-	
-	* lib/asn1/k5.asn1: add more preauth types, add PA-PAC-REQUEST
-	
-	* lib/asn1: add boolean support
-
-2003-10-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/changepw.c (setpw_send_request): free ap_req_data on
-	failure
-
-2003-09-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* appl/test/http_client.c (do_connect): use ai_protocol 0
-	
-	* lib/krb5/init_creds_pw.c (init_cred_loop): handle
-	KRB5KRB_ERR_RESPONSE_TOO_BIG and loop again, this time requesting
-	LARGE_MSG from send to kdc, and if this is the second time bail
-	out; try to free memory
-
-	* lib/krb5/send_to_kdc.c (krb5_sendto_kdc_flags): new function,
-	and then implement the order krb5_sendto_kdc* function with this
-	function.
-
-	* lib/krb5/krbhst.c (krb5_krbhst_init_flags): new function, use it
-	and adapt callers
-	(krbhst_get_default_proto): new function, returns udp, or in case
-	large_msg was requested for the krb5_krbhst_data, use tcp.
-	(*): if the flag KD_LARGE_MSG was set on the krb5_krbhst_data, avoid
-	using udp, use krbhst_get_default_proto
-	
-	* lib/krb5/krb5.h: flags for krb5_krbhst_init_flags (and
-	krb5_send_to_kdc_flags)
-
-2003-09-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/rd_req.c (krb5_rd_req): if we have a keyblock in auth
-	context, use that
-
-	* appl/test/uu_client.c: print authorization data if there are any
-	
-	* lib/asn1/asn1_print.c: decode IA5Stringa and UTF8String
-	
-2003-09-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/init_creds_pw.c: use _krb5_get_init_creds_opt_copy
-	* lib/krb5/init_creds.c: don't export krb5_get_init_creds_opt_copy
-	
-	* lib/hdb/Makefile.am: libhdb might depend on LIB_dlopen
-	
-	* kuser/kinit.c: don't get v4 tickets by default
-	
-2003-09-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kpasswd/kpasswdd.c (process): remove a abort()
-	
-	* doc/win2k.texi: add some text about netdom.exe and trusts
-	
-	* TODO-1.0: gssapi rc4 done
-	
-	* kpasswd/kpasswdd.c: add support for Set password protocol as
-	defined by RFC3244 -- Microsoft Windows 2000 Kerberos Change
-	Password and Set Password Protocols
-
-2003-09-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/db3.c: improve readability of ->open ifdef, check if
-	version >= 4.1
-
-	* lib/krb5/init_creds.c (krb5_get_init_creds_opt_copy): add
-	
-	* lib/krb5/rd_req.c (krb5_rd_req): allow caller to pass in a key
-	in the auth_context, they way processes that doesn't use the
-	keytab can still pass in the key of the service (matches behavior
-	of MIT Kerberos).
-	
-2003-09-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/init_creds_pw.c: collect all init_creds context into a
-	structure so it can easier be passed around, also, while here,
-	change nonce for every request
-
-	* lib/krb5/get_in_tkt.c (init_as_req): don't realloc data before
-	the loop, add_padata() will handle that itself
-
-	* lib/krb5/get_for_creds.c (add_addrs): don't increase addr->len
-	until in contains interesting data, use right iteration counter
-	when clearing the addresses
-
-	* lib/krb5/log.c (log_realloc): increase len after realloc returns
-	sucessfully
-
-2003-09-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/config_file.c: fix prototypes
-	From: Fredrik Ljungberg <flag@pobox.se>
-	
-2003-09-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* appl/test/http_client.c: close socket when we are done, don't
-	allow the server to restart gssapi negotiation
-	
-	* lib/hdb/hdb_locl.h: include <limits.h> for ULONG_MAX noted by
-	Wissler Magnus <M.Wissler@abalon.se> on heimdal-discuss
-	
-	* appl/test/gssapi_client.c (proto): use select_mech
-	
-	* appl/test/http_client.c: use getarg
-	
-	* appl/test/gss_common.h: prototype for select_mech
-	
-	* appl/test/gss_common.c (select_mech): return the gss_OID from a
-	mech name
-
-	* appl/test/http_client.c: print both source and target
-	
-	* appl/test/Makefile.am: build http_client
-	
-2003-09-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/asn1/asn1_print.c: add support for printing Enumerated
-	
-	* appl/test/gssapi_client.c: allow user to select mech; krb5,
-	spnego, and no-oid
-
-	* appl/test/test_locl.h: add mech
-	
-	* appl/test/common.c: add --mech,-m argument
-	
-	* appl/test/gssapi_server.c: print the mech that was used
-	
-	* kdc/kerberos5.c (only_older_enctype_p): check request if the
-	client only supports old enctypes, before it used the database
-	
-2003-09-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* **/*.c: add context argument to krb5_get_init_creds_opt_alloc
-
-	* lib/krb5/init_creds.c (krb5_get_init_creds_opt_alloc): add
-	context argument
-
-	* lib/krb5/krb5_get_init_creds.3: spelling
-	
-2003-09-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/context.c (add_file): make len argument an pointer to
-	an integer
-
-	* lib/asn1/k5.asn1: add SAM types
-
-	* lib/krb5/init_creds_pw.c: break out the encrypt timestamp
-	preauth to its function break out the pa_data_to_key_plain to its
-	own function make more variables const
-	
-2003-09-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/krb5.conf.5: document appdefaults/{forward,encrypt}
-
-2003-09-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5.h: Add key usage for encryption of the
-	SAM-NONCE-OR-SAD field.
-
-	* include/make_crypto.c: include <openssl/ui.h> in the openssl
-	case
-
-	* kdc/hprop.h: use new DES_ api
-	
-	* lib/krb5/krb5-v4compat.h: assume session key is a char array of
-	length 8
-
-	* lib/krb5/prompter_posix.c:
-	s/des_read_pw_string/UI_UTIL_read_pw_string/
-
-	* kuser/kinit.c: s/des_read_pw_string/UI_UTIL_read_pw_string/
-	
-	* kdc/string2key.c: s/des_read_pw_string/UI_UTIL_read_pw_string/
-	
-	* kdc/kstash.c: s/des_read_pw_string/UI_UTIL_read_pw_string/
-	
-	* admin/add.c: s/des_read_pw_string/UI_UTIL_read_pw_string/
-	
-	* lib/krb5/crypto.c: switch from the des_ to the DES_ api
-	
-	* kdc/hprop.c: use DES_KEY_SZ instead of sizeof(des_block)
-	
-	* kuser/kverify.c: use
-	krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free
-
-	* kpasswd/kpasswd-generator.c: use
-	krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free
-
-	* kdc/hprop.c: use
-	krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free compare
-	a uint32_t with 0xffffffff instead of -1
-
-	* lib/krb5/krb5_425_conv_principal.3: fix [Gt]
-	
-	* kuser/kinit.c: use
-	krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free
-
-	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): handle
-	password passed in though context
-
-	* lib/krb5/Makefile.am (TESTS): += test_config
-
-	* lib/krb5/aes-test.c: move variable thats used within a #ifdef to
-	be defined within that #ifdef
-
-	* lib/krb5/data.c (krb5_data_free): reset whole krb5_data when
-	freeing it
-
-	* lib/krb5/keyblock.c (krb5_keyblock_zero): new function, zeros
-	out a keyblock
-
-	* lib/krb5/init_creds_pw.c: rewrite/implement
-	krb5_get_init_creds_password with new preauth handing, still it
-	can only work with krb5-pa-enc-timestamp for preauth, but now it
-	can handle etype-info2
-
-	* lib/krb5/init_creds.c (krb5_get_init_creds_opt_alloc): allocate
-	a opt structure
-	(krb5_get_init_creds_opt_free): free a opt structure
-	(krb5_get_init_creds_opt_set_pa_password): set preauth info for
-	enc-timestamp
-
-	* lib/krb5/krb5_locl.h: add struct
-	_krb5_get_init_creds_opt_private
-
-2003-09-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5.h: add SAM keyusage numbers, add s2k proc typedef,
-	add a pointer to a private part of krb5_get_init_creds_opt
-	
-	* kdc/string2key.c (main): avoid const warning by using a extra
-	variable
-
-2003-08-31  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/ticket.c (krb5_ticket_get_authorization_data_type):
-	reindent
-
-	* lib/krb5/ticket.c (krb5_copy_ticket): free all data when
-	failing, copy data to right memory, the later pointed out by Luke
-	Howard.
-
-2003-08-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5.h: cfx-01 use diffrent usage numbers
-	
-2003-08-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/db3.c: try to include more db headers
-
-	* lib/hdb/db3.c: patch for working with DB4 on heimdal-discuss
-	From: Luke Howard <lukeh@PADL.COM>
-	
-2003-08-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5.h: add KEYTYPE_ARCFOUR_56
-	
-	* appl/test/gssapi_client.c: send both INT and CONF wrapped token
-	
-	* appl/test/gssapi_server.c: recv both INT and CONF wrapped token
-	
-	* lib/asn1/k5.asn1: add KRB5_NT_SMTP_NAME and KRB5_NT_ENTERPRISE
-	
-2003-08-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* appl/test/uu_client.c (proto): fill in client in the match cred
-	
-2003-08-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5.h: CFX uses slightly diffrent usage numbers
-	
-	* lib/krb5/crypto.c (usage2arcfour): simplify, only include
-	special cases From: Luke Howard <lukeh@PADL.COM>
-	
-2003-08-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/hdb-ldap.c: code rewrite from Luke Howard
-	<lukeh@PADL.COM>
-
-	* lib/krb5/crypto.c (arcfour_checksum_p): return true when is
-	arcfour, not when its not pointed out by Luke Howard
-	
-	* doc/ack.texi: update Luke Howard email address
-	
-2003-08-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5_encrypt.3: document:
-	krb5_crypto_getconfoundersize, krb5_crypto_getblocksize
-	krb5_crypto_getenctype, krb5_crypto_getpadsize
-
-	* lib/krb5/crypto.c (krb5_crypto_getpadsize,
-	krb5_crypto_getconfoundersize): added From: Luke Howard
-	<lukeh@PADL.COM>
-
-2003-08-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/connect.c (handle_tcp): handle recvfrom returning 0
-	(connection closed)
-
-	* kdc/connect.c (grow_descr): increment the size after we succeed
-	to allocate the space
-
-	* lib/krb5/krb5_create_checksum.3: text about when
-	krb5_crypto_get_checksum_type is useful
-
-	* lib/krb5/crypto.c (krb5_crypto_get_checksum_type): fix format
-	string
-
-	* lib/krb5/krb5_create_checksum.3: document
-	krb5_crypto_get_checksum_type
-
-	* lib/krb5/crypto.c: add krb5_crypto_get_checksum_type
-	From: Luke Howard <lukeh@PADL.COM>
-	
-	* lib/asn1/gen.c: s/UTF8String/heim_utf8_string/ in generated code
-	From: Luke Howard <lukeh@PADL.COM>
-	
-2003-08-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* include/make_crypto.c: include aes.h inc in the local libdes
-	case too
-
-2003-08-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/asn1/der_free.c: set free'd poiners to NULL
-	
-	* lib/asn1/gen_free.c: set free'd poiners to NULL
-	
-2003-08-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/heim_threads.h: XXX don't use "plain" pthread support
-	on netbsd
-
-	* lib/krb5/crypto.c: Do the arcfour checksum mapping for
-	krb5_create_checksum and krb5_verify_checksum, From: Luke Howard
-	<lukeh@PADL.COM>
-
-2003-08-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/test_config.c: check krb5_prepend_config_files_default
-	and krb5_prepend_config_files
-
-	* lib/krb5/context.c: add krb5_prepend_config_files and
-	krb5_prepend_config_files_default
-
-2003-08-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/mkey.c (read_master_mit): krb5_ret_int16 takes a int16_t
-	as argument
-
-	* lib/krb5/parse-name-test.c: please lint (and me)
-	
-	* kdc/config.c (configure): remove only set variable 'e'
-	
-	* kdc/connect.c (init_socket): sockaddr size argument to
-	krb5_addr2sockaddr is a krb5_addr2sockaddr *
-	
-	* kdc/kerberos5.c (as_rep): remove usused variable
-	(tgs_rep2): don't use a temporary ret-variable, ret is reset later
-
-	* lib/krb5/krb5_get_in_cred.3: these function will be deprecated
-	
-	* lib/krb5/Makefile.am: man_MANS += krb5_get_init_creds.3
-	
-	* lib/krb5/krb5_get_init_creds.3: begining of documentation of
-	krb5_get_init_creds
-
-	* lib/krb5/get_in_tkt.c (krb5_get_in_tkt): for compatibility with
-	with the mit implemtation, don't free `creds' argument when done,
-	its up the the caller to do that, also allow a NULL ccache.
-	
-2003-08-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5.conf.5: document tgs_require_subkey
-	
-	* lib/asn1/Makefile.am: remove trance of generate tests files, its
-	not really for consumption yet
-
-	* lib/hdb/Makefile.am: split generated source from non generated
-	source we make-proto.pl can generate prototypes for non
-	generate-source only (make-proto.pl dies on asn1compile's .c
-	files)
-
-	* lib/krb5/get_cred.c (init_tgs_req): make generation of subkey
-	optional on configuration parameter
-	[realms]realm={tgs_require_subkey=bool}
-	defaults to off. The RFC1510 weakly defines the correct behavior,
-	so old DCE secd apparently required the subkey to be there, and MS
-	will use it when its there. But the request isn't encrypted in the
-	subkey, so you get to choose if you want to talk to a MS mdc or a
-	old DCE secd.
-
-	* kdc/kerberos5.c (*): handle krb5_unparse_name returning non-zero
-	
-2003-08-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/principal.c (unparse_name): len can't be zero, so,
-	don't check for that
-
-2003-08-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/principal.c (unparse_name): make sure there are space
-	for a NUL, set *name to NULL when there is a failure (so caller
-	can't get hold of a freed pointer)
-
-2003-07-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/kerberos.8: remove duplicate manual, from
-	cjep@netbsd.org
-
-2003-07-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/cache.c: indent
-	
-	* lib/krb5/cache.c (krb5_cc_set_default_name): only read
-	KRB5CCNAME when not suid
-
-2003-07-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/keytab_krb4.c (read_v4_entry): the des key is 8 bytes,
-	use a char array instead of des_cblock
-
-2003-07-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/kerberos5.c: add support for KRB5_PADATA_ETYPE_INFO2
-	
-	* lib/krb5/crypto.c (hmac): make it return an error when out of
-	memory, update callsites to either return error or use krb5_abortx
-	(krb5_hmac): expose hmac
-
-2003-07-22  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* lib/krb5/keyblock.c (krb5_keyblock_get_enctype): return enctype
-	of keyblock
-
-	* lib/krb5/Makefile.am (man_MANS): += krb5_keyblock.3
-
-	* lib/krb5/krb5_keyblock.3: some information about krb5_keyblock
-	and related functions
-
-	* lib/krb5/heim_threads.h: make the non-debug version of the mutex
-	macros "use" the "mutex" integer so the compile wont complain
-	about defined unused variables
-
-	* lib/krb5/heim_threads.h: make thread local storage macros take a
-	"return" argument so no functions need to be created for the
-	no-pthread case
-
-	* lib/krb5/heim_threads.h: adding RWLOCKS and [sg]etspecific
-	
-	* configure.in: use KRB_PTHREADS
-	
-	* lib/asn1/Makefile.am (gen_files): add asn1_KerberosString and
-	sort
-
-	* lib/asn1/k5.asn1 (ETYPE-INFO2-ENTRY): salt is a KerberosString
-	
-	* lib/krb5/krb5.3: add ticket access functions
-	* lib/krb5/krb5_ticket.3: ditto
-	* lib/krb5/ticket.c: ditto
-	* lib/krb5/Makefile.am: ditto
-	
-	* lib/krb5/mit_glue.c: add some more krb5_c functions
-	
-	* lib/krb5/krb5_c_make_checksum.3: add some more krb5_c functions
-	
-	* lib/krb5/crypto.c (krb5_cksumtype_valid): check is checksum type
-	is a valid one
-
-	* lib/krb5/crypto.c (krb5_checksum_is_keyed): only set extented
-	error string when there is a context
-	(krb5_checksum_is_collision_proof): ditto
-
-2003-07-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/mit_glue.c (krb5_c_get_checksum): make type and data
-	argument optional
-	(krb5_c_{encrypt,decrypt}): return "better" error codes for
-	invalid ivec length
-
-	* lib/krb5/krb5_c_make_checksum.3: update krb5_c_get_checksum
-	usage
-
-	* lib/krb5/crypto.c (krb5_crypto_getenctype): new function
-	
-	* include/make_crypto.c: avoid redefining
-	OPENSSL_DES_LIBDES_COMPATIBILITY
-
-	* lib/krb5/krb5.h: add krb5_enc_data
-	
-2003-07-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5.3: add krb5_c_ functions
-	
-	* lib/krb5/mit_glue.c: support passing in NULL as the
-	cipher_state/ivec
-
-	* lib/krb5/aes-test.c: add test for krb5_c_encrypt_length and
-	krb5_c_decrypt
-
-	* lib/krb5/krb5_c_make_checksum.3: krb5_c encryption glue
-	
-	* lib/krb5/crypto.c (wrapped_length/wrapped_length_derived): when
-	calculating the length of the encrypted data, use the keyed
-	checksum length if the enctype supports a keyed checksum. This
-	only matter for aes, for all other enctypes the key and unkeyed
-	checksum have the same length.
-
-2003-07-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/mit_glue.c: first version of krb5_c encryption glue
-
-	* doc/install.texi: update pointer to luke ldap documentation
-	
-	* lib/hdb/hdb.c (hdb_create): check for dynamic backend after
-	static to avoid warning from dynamic backend when using a known
-	static backend
-
-2003-07-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/cache.c: don't return value in void function
-	
-2003-07-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/creds.c (krb5_compare_creds): if client is specified in
-	the mcreds, check that too
-
-	* lib/krb5/{keytab_file.c,principal.c,mk_error.c,krb5.h,get_cred.c}:
-	prefix libasn1 types with heim_
-	
-	* lib/asn1: prefix typedefs and structs with heim_
-
-2003-07-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/hdb.c: avoid unnecessary setting of variable
-	
-2003-07-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kuser/klist.c (check_for_tgt): use krb5_cc_clear_mcred
-	
-	* appl/test/uu_client.c (proto): use krb5_cc_clear_mcred
-	
-	* lib/krb5/get_cred.c (init_tgs_req): in case of error, don't free
-	in the req_body addresses since they where pass in by caller
-	(find_cred): use krb5_cc_clear_mcred
-
-	* lib/krb5/krb5_ccache.3: document krb5_cc_clear_mcred
-	
-	* lib/krb5/cache.c (krb5_cc_clear_mcred): new function, clear a
-	krb5_creds to use with krb5_cc_retrieve_cred
-	
-2003-06-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/hdb.c (find_dynamic_method): if there isn't a prefix,
-	don't load anything
-
-2003-06-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/hdb.c: Dynamic backend loading, based on patch from Luke
-	Howard <lukeh@PADL.COM>
-
-	* lib/hdb/hdb.h: add struct hdb_so_method and
-	HDB_INTERFACE_VERSION
-
-2003-06-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/mk_req_ext.c (krb5_mk_req_internal): when using
-	arcfour-hmac-md5, use an unkeyed checksum (rsa-md5), since
-	Microsoft calculates the keyed checksum with the subkey of the
-	authenticator.
-
-	* kuser/kinit.c: write out v4 credential caches with
-	_krb5_krb_tf_setup
-
-	* lib/krb5/krb5-v4compat.h: add _krb5_krb_tf_setup
-
-	* lib/krb5/convert_creds.c (_krb5_krb_tf_setup): create/append v4
-	credential to a new krb4 ticket file
-	
-2003-06-27  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/krb5_kuserok.3: put Nd argument in double quotes since
-	it contains more than 9 words; from wiz
-
-2003-06-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/verify_krb5_conf.c: add missing " within #if 0, from
-	stefan sokoll <stefansokoll@yahoo.de>
-
-2003-06-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5_timeofday.3: improve krb5_set_real_time text
-	
-	* lib/krb5/time.c: improve comment for krb5_set_real_time
-	
-2003-06-23  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kuser/kinit.1: document -A
-
-	* kuser/kinit.c: add -A as an alias for --no-addresses
-
-2003-06-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): pass in a
-	krb5_timestamp to krb5_us_timeofday
-
-	* lib/krb5/mk_error.c (krb5_mk_error): pass in a krb5_timestamp to
-	krb5_us_timeofday
-
-	* lib/krb5/time.c (krb5_set_real_time): fix comment and make it
-	work
-
-	* lib/krb5/time.c, lib/krb5/krb5_timeofday.3, 
-	lib/krb5/Makefile.am lib/krb5/test_time.c:
-	
-	implement krb5_set_real_time, used by SAMBA, requested by Luke
-	Howard <lukeh@PADL.COM>
-
-	* lib/asn1/k5.asn1: make the aes and sha1 checksum types match
-	draft-ietf-krb-wg-crypto-05
-
-2003-06-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/aes-test.c: add a test for aes kcrypto encrypted data
-	
-	* lib/krb5/crypto.c: clean up AES code to use a structure instead
-	of a key array
-	(_krb5_AES_string_to_default_iterator): set to 4096 as described in
-	aes draft -04
-	(derive_key): always remove the key->schedule since its
-	will contain the wrong (parent key) info
-
-2003-06-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/aes-test.c: add aes256 test vectors from Ken Raeburn
-	* doc/setup.texi: add more kdc's to the example
-	
-2003-06-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/hdb-ldap.c: use int2HDBFlags/HDBFlags2int From: Alberto
-	Patino <jalbertop@aranea.com.mx>, Luke Howard <lukeh@PADL.COM>
-	Pointed out by Andrew Bartlett of Samba
-	
-	* lib/krb5/heim_threads.h: remove freebsd comment, don't use debug
-	pthread stubs by default
-
-	* lib/krb5/Makefile.am (man_MANS): drop krb5_free_addresses.3
-	
-	* lib/krb5/krb5_free_addresses.3: removed file, functions are
-	documented in krb5_address.3
-	
-	* lib/krb5/codec.c: add krb5_{de,en}code_ETYPE_INFO2
-	
-	* lib/krb5/crypto.c: add _krb5_AES_string_to_default_iterator add
-	krb5_string_to_key_salt_opaque() fix keylengh for keytype_aes256
-	
-2003-06-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/setup.texi: Point out that slave needs /var/heimdal
-	directory and masterkey From: Mans Nilsson <mansaxel@sunet.se>,
-	Fix spelling while here
-	
-2003-06-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/Makefile.am, krb5_get_in_cred.3, krb5.3:
-	add manpage for: krb5_get_in_cred, krb5_get_in_tkt,
-	krb5_get_in_tkt_with_keytab, krb5_get_in_tkt_with_password,
-	krb5_get_in_tkt_with_skey
-
-2003-05-28  Assar Westerlund  <assar@kth.se>
-
-	* lib/krb5/heim_threads.h: Fix unlock/destroy macros for the
-	non-threaded cases to work.  Fix typo.
-
-2003-05-27  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/asn1/{der_put.c,der_length.c,check-der.c}: Fix encoding of
-	"unsigned" integers. If MSB is set, we need to pad with a zero
-	byte.
-
-2003-05-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5_c_make_checksum.3: some more mdoc fixes
-	
-	* lib/hdb/hdb-ldap.c (LDAP__connect): bind sasl "EXTERNAL" to ldap
-	connection
-	(LDAP_store): remove superfluous argument to asprintf
-	
-	From Alberto Patino <jalbertop@aranea.com.mx>
-
-2003-05-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/*.[0-9]: pacify mdoclink
-
-	* lib/krb5/krb5_ccache.3: document diffrences between mit and
-	heimdal krb5_cc_gen_new ccache -> credential cache s/[\t ]+$//
-	
-2003-05-21  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* appl/test/gssapi_server.c (proto): start to use
-	gss_krb5_copy_ccache
-
-	* appl/test/nt_gss_server.c (proto): comment out gss_ctx_id_t
-	groveling for now
-
-2003-05-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/asn1:
-	- add parser/generate glue for UTF8String and NULL
-	  (DER primitive encode/decode functions missing)
-	- handle parsing of DEFAULT and, ...
-
-2003-05-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/heim_threads.h: add missing argument to mutex_init
-	
-	* lib/krb5/crypto.c: protect the random initiator with a mutex
-	
-	* lib/krb5/mcache.c: protect the mcc_head with a mutex
-	
-	* lib/krb5/krb5_locl.h: include heim_threads.h
-	
-	* lib/krb5/heim_threads.h: wrapper macros for thread
-	synchronization primitives
-
-2003-05-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5_principal.3
-	lib/krb5/Makefile.am:
-	Add all Kerberos principal function to one manpage, add a few more
-	principal function to it, remove old now dup manpages
-	
-	* lib/krb5/krb5_build_principal.3: remove file
-	* lib/krb5/krb5_free_principal.3: remove file
-	* lib/krb5/krb5_sname_to_principal.3: remove file
-	* lib/krb5/krb5_principal_get_realm.3: remove file
-
-2003-05-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/verify_krb5_conf.8: sort sections, from netbsd
-	
-	* lib/krb5/krb5_verify_user.3: .Sh EXAMPLE -> .Sh EXAMPLES, from
-	netbsd
-
-	* lib/krb5/krb5_openlog.3: .Sh EXAMPLE -> .Sh EXAMPLES, sort
-	sections, from netbsd
-
-	* lib/krb5/krb5_keytab.3: .Sh EXAMPLE -> .Sh EXAMPLES, mdoc fixes,
-	from netbsd
-
-	* lib/krb5/krb5_get_krbhst.3: .Sh EXAMPLE -> .Sh EXAMPLES, from
-	netbsd
-	
-	* lib/krb5/krb5_get_all_client_addrs.3: add .Os, from NetBSD
-
-	* lib/krb5/krb5_build_principal.3: sort sections, from NetBSD
-	
-	* lib/krb5/krb5.conf.5: .Sh EXAMPLE -> .Sh EXAMPLES, from netbsd
-	
-	* lib/krb5/get_default_realm.c: compatability -> compatibility,
-	from netbsd
-
-	* lib/krb5/krb5_warn.3: add copyright/license
-	
-	* lib/krb5/krb5_context.3: add SYNOPSIS and LIBRARY
-	
-	* lib/krb5/krb5.3: add RCSID
-	
-	* kdc/hprop.8: fix mdoc problem, from netbsd
-	
-	* lib/krb5/krb5_krbhst_init.3: uppercase url, from Thomas Klausner
-	<wiz@netbsd.org>
-
-	* kuser/kinit.1: setup -> set up, new sentence, new line from
-	Thomas Klausner <wiz@netbsd.org>
-	
-2003-05-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kpasswd/kpasswd.1: handle setting passwords for multiple
-	principals at the same time
-
-	* kpasswd/kpasswd.c: handle setting passwords for multiple
-	principals at the same time
-
-	* lib/krb5/changepw.c: draft-ietf-cat-kerb-chg-password-02 and
-	rfc3244 share the response packet sure more constants now that
-	they exists
-
-2003-05-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5.h: some define for rfc3244
-	
-	* lib/krb5/krb5.3: add krb5_change_password and krb5_set_password
-	
-	* kpasswd/kpasswd.1: document --admin-principal
-	
-	* kpasswd/kpasswd.c: use krb5_set_password
-	
-	* lib/krb5/krb5_set_password.3: document krb5_change_password and
-	krb5_set_password
-
-	* lib/krb5/changepw.c: implement rfc3244, partly from
-	shadow@dementia.org
-
-	* lib/asn1/Makefile.am (gen_files): asn1_ChangePasswdDataMS.x for
-	RFC3244
-
-	* lib/asn1/k5.asn1: add ChangePasswdDataMS, for
-	RFC3244
-
-2003-05-08  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kuser/kdestroy.c: destroy tokens even if there isn't v4 support
-
-	* kuser/kinit.c: get token even if there isn't v4 support
-	
-	* kuser/klist.c: print tokens even if there isn't v4 support
-	
-2003-05-06  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/name-45-test.c: need to use empty krb5.conf for some
-	tests
-
-	* lib/asn1/check-gen.c: there is no \e escape sequence; replace
-	everything with hex-codes, and cast to unsigned char* to make some
-	compilers happy
-
-2003-05-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/get_in_tkt.c (make_pa_enc_timestamp): make sure first
-	argument to krb5_us_timeofday have correct type
-	
-2003-05-05  Assar Westerlund  <assar@kth.se>
-
-	* include/make_crypto.c (main): include aes.h if ENABLE_AES
-
-2003-05-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* make-release: when fixing a valid cvs tag from release name
-	replace all number. to number- for all non-overlapping matches
-	
-2003-05-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/asn1/Makefile.am: gen_files += asn1_ETYPE_INFO2.x and
-	asn1_ETYPE_INFO2_ENTRY.x
-	(libasn1_la_LDFLAGS): set version to 6:1:1
-
-	* doc/Makefile.am: add apps.texi
-	
-	* doc/setup.texi: add move forward link to applications
-	
-	* doc/heimdal.texi: add applications
-	
-	* doc/misc.texi: move afs stuff to applications add link to
-	applications
-	
-	* doc/apps.texi: text about applications using kerberos
-	move afs text here
-	
-2003-05-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/setup.texi: add cross realm text
-	
-2003-04-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5_crypto_init.3: document krb5_enctype_to_string and
-	krb5_string_to_enctype
-
-2003-04-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/v4_dump.c (v4_prop_dump): limit strings length, from openbsd
-	
-2003-04-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/aes-test.c: use _krb5_PKCS5_PBKDF2
-	* lib/krb5/crypto.c: unexport krb5_PKCS5_PBKDF2
-	
-2003-04-25  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/build_auth.c (krb5_build_authenticator): if the local
-	sequence number is non-zero, don't generate a new one
-
-	* lib/krb5/mk_rep.c (krb5_mk_rep): if the local sequence number is
-	non-zero, don't generate a new one
-	
-	* lib/krb5/time.c (krb5_us_timeofday): make the sec parameter a
-	krb5_timestamp
-
-	* lib/krb5/mk_priv.c lib/krb5/mk_safe.c lib/krb5/rd_priv.c
-	lib/krb5/rd_safe.c lib/krb5/rd_cred.c: implement RET_SEQUENCE and
-	RET_TIME
-
-	* lib/krb5/krb5.h (krb5_replay_data): make usec signed (matching
-	asn1)
-
-2003-04-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/programming.texi: s/managment/management/, from jmc
-	<jmc@prioris.mini.pw.edu.pl>
-
-2003-04-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/context.c (default_etypes): also advertise that we
-	handle aes encryption types
-
-	* lib/krb5/Makefile.am: add krb5_c_ checksum related functions
-
-	* lib/krb5/krb5_c_make_checksum.3: document krb5_c_ checksum
-	related functions
-
-	* lib/krb5/mit_glue.c: add compat mit krb5_c checksum related
-	functions
-
-	* lib/asn1/k5.asn1: add ETYPE-INFO2 and ETYPE-INFO2-ENTRY
-	
-2003-04-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krbhst.c: copy NUL too, from janj@wenf.org via openbsd
-	
-2003-04-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/asn1/der_copy.c (copy_general_string): use strdup
-	* lib/asn1/der_put.c: remove sprintf
-	* lib/asn1/gen.c: remove strcpy/sprintf
-	
-	* lib/krb5/name-45-test.c: use a more unique name then ratatosk so
-	that other (me) have such hosts in the local domain and the tests
-	fails, to take hokkigai.pdc.kth.se instead
-	
-	* lib/krb5/test_alname.c: add --version and --help
-	
-2003-04-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5_warn.3: add krb5_get_err_text
-	
-	* lib/krb5/transited.c: use strlcat/strlcpy, from openbsd
-	* lib/krb5/krbhst.c (srv_find_realm): use strlcpy, from openbsd
-	* lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use
-	strlcpy, from openbsd
-	* kdc/hpropd.c: s/strcat/strlcat/, inspired from openbsd
-	* appl/kf/kfd.c: use strlcpy, from openbsd
-	
-2003-04-16  Johan Danielsson  <joda@pdc.kth.se>
-
-	* configure.in: fix for large file support in AIX, _LARGE_FILES
-	needs to be defined on the command line, since lex likes to
-	include stdio.h before we get to config.h
-
-2003-04-16  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* lib/krb5/*.3: Change .Fd #include <header.h> to .In header.h,
-	from Thomas Klausner <wiz@netbsd.org>
-	
-	* lib/krb5/krb5.conf.5: spelling, from Thomas Klausner
-	<wiz@netbsd.org>
-
-2003-04-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/kerberos5.c: fix some more memory leaks
-	
-2003-04-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* appl/kf/kf.1: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
-	
-2003-04-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* admin/ktutil.8: typos, from jmc <jmc@acn.waw.pl>
-	
-2003-04-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5.3: s/kerberos/Kerberos/
-	* lib/krb5/krb5_data.3: s/kerberos/Kerberos/
-	* lib/krb5/krb5_address.3: s/kerberos/Kerberos/
-	* lib/krb5/krb5_ccache.3: s/kerberos/Kerberos/
-	* lib/krb5/krb5.conf.5: s/kerberos/Kerberos/
-	* kuser/kinit.1: s/kerberos/Kerberos/
-	* kdc/kdc.8: s/kerberos/Kerberos/
-	
-2003-04-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/test_alname.c: more krb5_aname_to_localname tests
-	
-	* lib/krb5/aname_to_localname.c (krb5_aname_to_localname): when
-	converting too root, make sure user is ok according to
-	krb5_kuserok before allowing it.
-
-	* lib/krb5/Makefile.am (noinst_PROGRAMS): += test_alname
-	
-	* lib/krb5/test_alname.c: add test for krb5_aname_to_localname
-	
-	* lib/krb5/crypto.c (krb5_DES_AFS3_CMU_string_to_key): used p1
-	instead of the "illegal" salt #~, same change as kth-krb did
-	1999. Problems occur with crypt() that behaves like AT&T crypt
-	(openssl does this). Pointed out by Marcus Watts.
-
-	* admin/change.c (kt_change): collect all principals we are going
-	to change, and pick the highest kvno and use that to guess what
-	kvno the resulting kvno is going to be. Now two ktutil change in a
-	row works. XXX fix the protocol to pass the kvno back.
-	
-2003-03-31  Love H�rnquist �strand  <lha@it.su.se>
-
-	* appl/kf/kf.1: afs->AFS, from jmc <jmc@acn.waw.pl>
-	
-2003-03-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/setup.texi: add description on how to turn on v4, 524 and
-	kaserver support
-
-2003-03-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/verify_krb5_conf.c (appdefaults_entries): add afslog
-	and afs-use-524
-
-2003-03-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/kerberos5.c (as_rep): when the second enctype_to_string
-	failes, remember to free memory from the first enctype_to_string
-
-	* lib/krb5/crypto.c (usage2arcfour): map KRB5_KU_TICKET to 2,
-	from Harald Joerg <harald.joerg@fujitsu-siemens.com>
-	(enctype_arcfour_hmac_md5): disable checksum_hmac_md5_enc
-
-	* lib/hdb/mkey.c (hdb_unseal_keys_mkey): truncate key to the key
-	length when key is longer then expected length, its probably
-	longer since the encrypted data was padded, reported by Aidan
-	Cully <aidan@kublai.com>
-
-	* lib/krb5/crypto.c (krb5_enctype_keysize): return key size of
-	encyption type, inspired by Aidan Cully <aidan@kublai.com>
-	
-2003-03-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/keytab.c (krb5_kt_get_entry): avoid printing 0
-	(wildcard kvno) after principal when the keytab entry isn't found,
-	reported by Chris Chiappa <chris@chiappa.net>
-	
-2003-03-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/misc.texi: update 2b example to match reality (from
-	mattiasa@e.kth.se)
-
-	* doc/misc.texi: spelling and add `Configuring AFS clients'
-	subsection
-
-2003-03-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5.3: add krb5_free_data_contents.3
-	
-	* lib/krb5/data.c: add krb5_free_data_contents for compat with MIT
-	API
-
-	* lib/krb5/krb5_data.3: add krb5_free_data_contents for compat
-	with MIT API
-	
-	* lib/krb5/krb5_verify_user.3: write more about how the ccache
-	argument should be inited when used
-	
-2003-03-25  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/addr_families.c (krb5_print_address): make sure
-	print_addr is defined for the given address type; make addrports
-	printable
-
-	* kdc/string2key.c: print the used enctype for kerberos 5 keys
-
-2003-03-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/aes-test.c: add another arcfour test
-	
-2003-03-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/aes-test.c: sneek in a test for arcfour-hmac-md5
-	
-2003-03-20  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* lib/krb5/krb5_ccache.3: update .Dd
-
-	* lib/krb5/krb5.3: sort in krb5_data functions
-
-	* lib/krb5/Makefile.am (man_MANS): += krb5_data.3
-
-	* lib/krb5/krb5_data.3: document krb5_data
-
-	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): if
-	prompter is NULL, don't try to ask for a password to
-	change. reported by Iain Moffat @ ufl.edu via Howard Chu
-	<hyc@highlandsun.com>
-
-2003-03-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5_keytab.3: spelling, from
-	<jmc@prioris.mini.pw.edu.pl>
-
-	* lib/krb5/krb5.conf.5: . means new line
-	
-	* lib/krb5/krb5.conf.5: spelling, from
-	<jmc@prioris.mini.pw.edu.pl>
-
-	* lib/krb5/krb5_auth_context.3: spelling, from
-	<jmc@prioris.mini.pw.edu.pl>
-
-2003-03-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kuser/Makefile.am: INCLUDES: -I$(srcdir)/../lib/krb5
-	
-	* lib/krb5/convert_creds.c: add _krb5_krb_life_to_time
-	
-	* lib/krb5/krb5-v4compat.h: add _krb5_krb_life_to_time
-
-	* kdc/kdc_locl.h: 524 is independent of kerberos 4, so move out
-	#ifdef KRB4 from enable_v4_cross_realm since 524 needs it
-	
-	* kdc/config.c: 524 is independent of kerberos 4, so move out
-	enable_v4_cross_realm from #ifdef KRB4 since 524 needs it
-	
-2003-03-17  Assar Westerlund  <assar@kth.se>
-
-	* kdc/kdc.8: document --kerberos4-cross-realm
-	* kdc/kerberos4.c: pay attention to enable_v4_cross_realm
-	* kdc/kdc_locl.h (enable_v4_cross_realm): add
-	* kdc/524.c (encode_524_response): check the enable_v4_cross_realm
-	flag before giving out v4 tickets for foreign v5 principals
-	* kdc/config.c: add --enable-kerberos4-cross-realm option (default
-	to off)
-
-2003-03-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/Makefile.am (man_MANS) += krb5_aname_to_localname.3
-	
-	* lib/krb5/krb5_aname_to_localname.3: manpage for
-	krb5_aname_to_localname
-
-	* lib/krb5/krb5_kuserok.3: s/KRB5_USEROK/KRB5_KUSEROK/
-	
-2003-03-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/Makefile.am (man_MANS): add krb5_set_default_realm.3
-
-	* lib/krb5/krb5.3: add manpages from krb5_set_default_realm.3
-
-	* lib/krb5/krb5_set_default_realm.3: Manpage for
-	krb5_free_host_realm, krb5_get_default_realm,
-	krb5_get_default_realms, krb5_get_host_realm, and
-	krb5_set_default_realm.
-
-	* admin/ktutil.8: s/entype/enctype/, from Igor Sobrado
-	<sobrado@acm.org> via NetBSD
-
-	* lib/krb5/krb5_keytab.3: add documention for krb5_kt_get_type
-	
-	* lib/krb5/keytab.c (krb5_kt_get_type): get prefix/type of keytab
-	
-	* lib/krb5/krb5.h (KRB5_KT_PREFIX_MAX_LEN): max length of prefix
-	
-	* lib/krb5/krb5_ccache.3: document krb5_cc_get_ops, add more
-	types, add krb5_fcc_ops and krb5_mcc_ops
-	
-	* lib/krb5/cache.c (krb5_cc_get_ops): new function, return ops for
-	a id
-
-2003-03-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/intro.texi: add reference to source code, binaries and the
-	manual
-
-	* lib/krb5/krb5.3: krb5.h isn't in krb5 directory in heimdal
-	
-2003-03-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/kdc.8: better/difrent english
-
-	* kdc/kdc.8: . -> .\n, copyright/license
-	
-	* kdc/kdc.8: changed configuration file -> restart kdc
-
-	* kdc/kerberos4.c: add krb4 into the most error messages written
-	to the logfile
-
-	* lib/krb5/krb5_ccache.3: add missing name of argument
-	(krb5_context) to most functions
-
-2003-03-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/kuserok.c (krb5_kuserok): preserve old behviour of
-	function and return FALSE when there isn't a local account for
-	`luser'.
-
-	* lib/krb5/krb5_kuserok.3: fix prototype, spelling and more text
-	describing the function
-
-2003-03-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/cache.c (krb5_cc_default): if krb5_cc_default_name
-	returned memory, don't return ENOMEM
-
-2003-03-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5.3: add krb5_address stuff and sort
-	
-	* lib/krb5/krb5_address.3: fix krb5_addr2sockaddr description
-	
-	* lib/krb5/Makefile.am (man_MANS): += krb5_address.3
-	
-	* lib/krb5/krb5_address.3: document types krb5_address and
-	krb5_addresses and their helper functions
-
-2003-03-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/Makefile.am (man_MANS): += krb5_kuserok.3
-
-	* lib/krb5/krb5_kuserok.3: spelling, from cizzi@it.su.se
-
-	* lib/krb5/Makefile.am (man_MANS): += krb5_ccache.3
-
-	* lib/krb5/krb5_ccache.3: spelling, from cizzi@it.su.se
-	
-	* lib/krb5/krb5.3: add more functions
-	
-	* lib/krb5/krb5_ccache.3: document krb5_ccache and krb5_cc
-	functions
-
-	* lib/krb5/krb5_kuserok.3: document krb5_kuserok
-	
-	* lib/krb5/krb5_verify_user.3: document
-	krb5_verify_opt_set_flags(opt, KRB5_VERIFY_LREALMS) behavior
-
-	* lib/krb5/krb5_verify_user.3: document krb5_verify_opt* and
-	krb5_verify_user_opt
-
-	* lib/krb5/*.[0-9]: add copyright/licenses on more manpages
-
-	* kuser/kdestroy.c (main): handle that krb5_cc_default_name can
-	return NULL
-
-	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump minor
-	(TESTS): add test_cc
-
-	* lib/krb5/test_cc.c: test some
-	krb5_cc_default_name/krb5_cc_set_default_name combinations
-	
-	* lib/krb5/context.c (init_context_from_config_file): set
-	default_cc_name to NULL
-	(krb5_free_context): free default_cc_name if set
-
-	* lib/krb5/cache.c (krb5_cc_set_default_name): new function
-	(krb5_cc_default_name): use krb5_cc_set_default_name
-
-	* lib/krb5/krb5.h (krb5_context_data): add default_cc_name
-	
-2003-02-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* appl/kf/kf.1: s/securly/securely/ from NetBSD
-	
-2003-02-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/connect.c: s/intialize/initialize, from
-	<jmc@prioris.mini.pw.edu.pl>
-
-2003-02-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* configure.in: add AM_MAINTAINER_MODE
-	
-2003-02-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* **/*.[0-9]: add copyright/licenses on all manpages
-
-2003-14-16  Jacques Vidrine  <nectar@kth.se>
-
-	* lib/krb5/get_in_tkt.c (init_as_req): Send only a single
-	PA-ENC-TIMESTAMP in the AS-REQ, using the first encryption
-	type specified by the KDC.
-
-2003-02-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* fix-export: some autoconf put their version number in
-	autom4te.cache, so remove autom4te*.cache
-	
-	* fix-export: make sure $1 is a directory
-	
-2003-02-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kpasswd/kpasswdd.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
-
-	* kdc/kdc.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
-	
-2003-01-31  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/hpropd.8: s/databases/a database/ s/Not/not/
-
-	* kdc/hprop.8: add missing .
-	
-2003-01-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5.conf.5: documentation for of boolean, etypes,
-	address, write out encryption type in sentences, s/Host/host
-	
-2003-01-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/asn1/check-gen.c: add checks for Authenticator too
-	
-2003-01-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/setup.texi: in the hprop example, use hprop and the first
-	component, not host
-
-	* lib/krb5/get_addrs.c (find_all_addresses): address-less
-	point-to-point might not have an address, just ignore
-	those. Reported by Harald Barth.
-
-2003-01-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/verify_krb5_conf.c (check_section): when key isn't
-	found, don't print out all known keys
-
-	* lib/krb5/verify_krb5_conf.c (syslogvals): mark up where severity
-	and facility start resp
-	(check_log): find_value() returns -1 when key isn't found
-
-	* lib/krb5/crypto.c (_krb5_aes_cts_encrypt): make key argument a
-	'const void *' to avoid AES_KEY being exposed in krb5-private.h
-	
-	* lib/krb5/krb5.conf.5: add [kdc]use_2b
-
-	* kdc/524.c (encode_524_response): its 2b not b2
-	
-	* doc/misc.texi: quote @ where missing
-	
-	* lib/asn1/Makefile.am: add check-gen
-	
-	* lib/asn1/check-gen.c: add Principal check
-	
-	* lib/asn1/check-common.h: move generic asn1/der functions from
-	check-der.c to here
-
-	* lib/asn1/check-common.c: move generic asn1/der functions from
-	check-der.c to here
-
-	* lib/asn1/check-der.c: move out the generic asn1/der functions to
-	a common file
-
-2003-01-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/misc.texi: more text about afs, how to get get your KeyFile,
-	and how to start use 2b tokens
-
-	* lib/krb5/krb5.conf.5: spelling, from Jason McIntyre
-	<jmc@cvs.openbsd.org>
-	
-2003-01-21  Jacques Vidrine  <nectar@kth.se>
-
-	* kuser/kuser_locl.h: include crypto-headers.h for
-	des_read_pw_string prototype
-
-2003-01-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* admin/ktutil.8: document -v, --verbose
-
-	* admin/get.c (kt_get): make getarg usage consistent with other
-	other parts of ktutil
-
-	* admin/copy.c (kt_copy): remove adding verbose_flag to args
-	struct, since it will overrun the args array (from Sumit Bose)
-	
-2003-01-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5.conf.5: write more about [realms] REALM = { kdc =
-	... }
-
-	* lib/krb5/aes-test.c: test vectors in aes-draft
-	
-	* lib/krb5/Makefile.am: add aes-test.c
-
-	* lib/krb5/crypto.c: Add support for AES
-	(draft-raeburn-krb-rijndael-krb-02), not enabled by default.
-	(HMAC_SHA1_DES3_checksum): rename to SP_HMAC_SHA1_checksum and modify
-	to support checksumtype that are have a shorter wireformat then
-	their output block size.
-	
-	* lib/krb5/crypto.c (struct encryption_type): split the blocksize
-	into blocksize and padsize, padsize is the minimum padding
-	size. they are the same for now
-	(enctype_*): add padsize
-	(encrypt_internal): use padsize
-	(encrypt_internal_derived): use padsize
-	(wrapped_length): use padsize
-	(wrapped_length_dervied): use padsize
-
-	* lib/krb5/crypto.c: add extra `opaque' argument to string_to_key
-	function for each enctype in preparation enctypes that uses
-	`Encryption and Checksum Specifications for Kerberos 5' draft
-	
-	* lib/asn1/k5.asn1: add checksum and enctype for AES from
-	draft-raeburn-krb-rijndael-krb-02.txt
-
-	* lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_AES128,
-	KEYTYPE_AES256
-
-2003-01-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/common.c (_hdb_fetch): handle error code from
-	hdb_value2entry
-
-	* kdc/Makefile.am: always include kerberos4.c and 524.c in
-	kdc_SOURCES to support 524
-
-	* kdc/524.c: always compile in support for 524
-	
-	* kdc/kdc_locl.h: move out krb/524 protos from under #ifdef KRB4
-	
-	* kdc/config.c: always compile in support for 524
-	
-	* kdc/connect.c: always compile in support for 524
-	
-	* kdc/kerberos4.c: export encode_v4_ticket() and get_des_key()
-	even when we build without kerberos 4, 524 needs them
-	
-	* lib/krb5/convert_creds.c, lib/krb5/krb5-v4compat.h: Split out
-	Kerberos 4 help functions/structures so other parts of the source
-	tree can use it (like the KDC)
-
diff --git a/crypto/heimdal/ChangeLog.2004 b/crypto/heimdal/ChangeLog.2004
deleted file mode 100644
index 5e3934256828..000000000000
--- a/crypto/heimdal/ChangeLog.2004
+++ /dev/null
@@ -1,1485 +0,0 @@
-2004-12-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/Makefile.am (CHECK_SYMBOLS): add heim_ and pkcs7_ for
-	now (used in pkinit)
-
-2004-12-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/Makefile.am: add CHECK_SYMBOLS
-
-	* lib/hdb/keys.c: make all_etypes static
-
-	* lib/krb5/Makefile.am: add CHECK_SYMBOLS, approve of: -com_err
-	-version krb5_ _krb5_ __heimdal krb524_ krb4_fkt_ops
-
-	* kdc/kerberos5.c: use private version of principalname
-
-	* kdc/kerberos4.c: use private version of principalname
-
-	* kdc/hpropd.c: use private version of principalname
-
-	* kdc/524.c: use private version of principalname
-
-	* lib/krb5/rd_req.c: use private version of principalname
-
-	* lib/krb5/rd_cred.c: use private version of principalname
-
-	* lib/krb5/init_creds_pw.c: use private version of principalname
-
-	* lib/krb5/get_in_tkt.c: use private version of principalname
-
-	* lib/krb5/asn1_glue.c: make principalname functions private
-
-	* lib/krb5/krb5.h: add key usage for server referrals
-	
-2004-12-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/principal.c: make default_v4_name_convert static
-	
-	* lib/krb5/crypto.c: make lots of crypto related variables static
-	
-	* lib/krb5/acache.c: make default_acc_name static
-	
-2004-12-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/setup.texi: add some text about samba, use example.com
-	
-	* lib/hdb/hdb-ldap.c: Add account expiration for samba from James
-	F.  Hranicky <jfh@cise.ufl.edu>.
-	Add LDAP_addmod_integer and use it.
-
-2004-12-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/{Makefile.am,setup.texi,win2k.texi}: spelling and text
-	fixes, from Dave Love
-
-2004-12-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/heim_threads.h: NetBSD 2.99.11 (any maybe 2.1) just
-	needs pthread.h, threadlib is dead
-
-2004-12-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/config.c (configure): check for deprecated
-	enforce-transited-policy is set and fail if it is
-	
-	* lib/asn1/asn1_print.c: don't print garabage for octet strings
-	
-2004-12-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/main.c (main): catch sigpipe, we don't bother select()ing
-	for errors
-
-	* kdc/connect.c (handle_http_tcp): handle error from write(2)
-	
-	* doc/setup.texi: clarify credentials refreshing stuff
-	
-	* doc/setup.texi: add new node: Providing Kerberos credentials to
-	servers and programs
-
-	* doc/whatis.texi: fix spurious cross-reference makeinfo warning
-	
-	* lib/hdb/hdb-ldap.c (pos): uppercase in character
-
-2004-12-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/hdb-ldap.c (LDAP__bytes2hex,LDAP__hex2bytes): encode
-	nibbels in the other order
-
-	* lib/hdb/hdb-ldap.c: s/objectclass/objectClass/ check if
-	attribute exists before we try to delete it LDAP__bytes2hex
-	encodes in strange byte order, is this really right ?
-	
-2004-12-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/hdb-ldap.c (LDAP_firstkey): When iterating over all
-	entries, search for samba accounts too, From: "James F. Hranicky"
-	<jfh@cise.ufl.edu>
-
-	* lib/hdb/hdb-ldap.c (krb5kdcentry_attrs): ask for attribute uid
-	too
-
-	* lib/hdb/hdb-ldap.c (LDAP_message2entry): if the entry is missing
-	both krb5PrincipalName and uid, it must be broken, ignore it and
-	return it doesn't exists.
-
-2004-12-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/hpropd.8: spelling, from OpenBSD
-	
-	* kdc/kdc.8: use keeps for options, From OpenBSD k
-	
-2004-12-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/setup.texi: document --random-key and the need to do backup
-	of the master key
-
-	* kdc/kstash.8: add --random-key
-	
-	* kdc/kstash.c: add --random-key
-	
-2004-12-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/verify_krb5_conf.8: spelling, from openbsd
-	
-	* lib/krb5/krb5_init_context.3: spelling, from openbsd
-	
-	* lib/krb5/krb5.conf.5: spelling, from openbsd
-	
-	* kuser/kdestroy.1: use keeps around options, spelling, from
-	openbsd
-
-	* kpasswd/kpasswdd.8: use ., use keeps around options, from OpenBSD
-	
-	* kdc/hpropd.8: use keeps around options, from OpenBSD
-	
-	* kdc/hprop.8: use keeps around options, from OpenBSD
-	
-2004-11-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/context.c (krb5_free_context): clear error string
-	before destroying mutex
-	(krb5_init_context): don't call krb5_free_context before there is a
-	mutex initialized
-
-2004-11-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kuser/kinit.c (get_new_tickets): only complain about ticket
-	renewable lifetime when the user asked for a specific renewable
-	lifetime
-
-2004-11-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/kerberos5.c (find_keys): log what principal is missing
-	enctypes
-
-2004-11-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): clear pointer after
-	freeing data
-
-	* lib/krb5/init_creds_pw.c (change_password): handle old_options
-	being NULL From Guenther Deschner on samba-technical.
-	
-2004-11-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5_get_init_creds.3: add more text describing the
-	krb5_get_init_creds functions
-
-2004-11-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/init_creds_pw.c: make krb5_get_init_creds_keytab work
-	again
-
-2004-11-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/hdb.asn1: use constrained integers
-	
-2004-11-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5_get_init_creds.3: add description for opt_init,
-	opt_alloc, opt_free
-
-	* lib/krb5/pkinit.c: unexport krb5_get_init_creds_opt_free_pkinit
-	
-	* lib/krb5/init_creds.c: unexport
-	krb5_get_init_creds_opt_free_pkinit
-
-	* lib/krb5/init_creds_pw.c: fold init_init_creds_ctx into
-	get_init_creds_common
-
-	* lib/krb5/init_creds.c (_krb5_get_init_creds_opt_copy): if the in
-	options NULL, just make a clean copy
-
-2004-11-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/sendauth.c (krb5_rd_rep): free ap_rep message earlier
-	so we don't leak it on error
-
-2004-10-31  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5.conf.5: unbreak 2b entry
-	
-	* lib/krb5/acache.c (make_cred_from_ccred): the address isn't a
-	sockaddr but rather a kerberos address, deal with that.  Based on
-	bug report from Jakob Schlyter <jakob@rfc.se>.
-
-2004-10-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/connect.c: Make sure argument passed to ctype isn't signed
-	char
-
-2004-10-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/pkinit.c: match new error names
-	
-	* lib/krb5/krb5_err.et: make error messages sane again
-	
-2004-10-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/keytab.c: use KRB5_KT_BADNAME
-
-	* lib/krb5/krb5_err.et: sync with mit krb5_err.et (require major
-	version bump) add KRB5_DELTAT_BADFORMAT
-	
-	* lib/krb5/krb5.conf.5: time defaults to "s"
-	
-	* lib/krb5/time.c (krb5_string_to_deltat): default to "s" again,
-	MIT's behavior was actually that it failed to parse the number
-	(and thus used the default). Even better, ticket_lifetime (that
-	was a consumer supposed a of the interface) was documented but
-	never implemented, when it was implemented, people configuraiton
-	files started to fail.  Also, use KRB5_DELTAT_BADFORMAT as a
-	failure code.
-
-	* lib/asn1/k5.asn1: sync enctypes with pkinit branch
-	
-	* lib/asn1/parse.y (readd) support negative numbers
-	
-	* lib/asn1/lex.l: support hex numbers
-	
-2004-10-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/pkinit.c: use ETYPE_DES3_CBC_NONE_CMS
-	
-	* lib/krb5/crypto.c: add enctype_des3_cbc_none_cms add cms padding
-	for rc2 don't to padding for blocksize 1
-	
-	* lib/hdb/{keys.c,Makefile.am},lib/kadm5/{keys,set_keys}.c:
-	Move keyset parsing and password based keyset generation into hdb.
-	Requested by Andrew Bartlett <abartlet@samba.org> for hdb-ldb
-	backend.
-
-2004-10-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kuser/kinit.c: adapt to new signature of
-	krb5_get_init_creds_opt_set_pkinit
-	
-	* lib/krb5/pkinit.c: free openssl engine deal with
-	RecipientIdentifier -> CMSIdentifier and heim_any -> name change
-	improve error messages
-	
-	* kdc/pkinit.c: free openssl engine deal with RecipientIdentifier
-	-> CMSIdentifier and heim_any -> name change
-	
-2004-10-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kuser/klist.c: use rtbl_set_separator
-	
-2004-10-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/pkinit.c: filter out dup openssl engine keys, parse
-	user options first
-
-	* lib/krb5/pkinit.c: stop using AlgorithmIdentifierNonOpt, add
-	openssl engine support for private key
-
-	* lib/krb5/crypto.c: support padding as its done in CMS
-	
-	* kdc/pkinit.c: improve error logging
-	
-	* kdc/pkinit.c: stop using AlgorithmIdentifierNonOpt
-	
-2004-09-30  Love H�rnquist �strand <lha@it.su.se>
-
-	* lib/krb5/krb5.conf.5: assume minutes for time
-
-	* lib/krb5/config_file.c (krb5_config_vget_time_default): use
-	krb5_string_to_deltat
-
-	* lib/krb5/appdefault.c (krb5_appdefault_time): use
-	krb5_string_to_deltat
-
-	* lib/krb5/time.c (krb5_string_to_deltat): set default unit to
-	minute for compatibility with MIT Kerberos.
-	
-
-2004-09-28  Love H�rnquist �strand <lha@it.su.se>
-
-	* lib/krb5/get_cred.c (get_cred_kdc_usage): retry using "large
-	message safe" transport if we get back
-	KRB5KRB_ERR_RESPONSE_TOO_BIG error. Idea from Guenther Deschner
-	<gd@sernet.de>
-
-2004-09-23 Johan Danielsson <joda@pdc.kth.se>
-
-	* admin/list.c: use rtbl
-	
-	* admin/ktutil-commands.in: slc source file
-	
-	* lib/krb5/constants.c: check
-	/Library/Preferences/edu.mit.Kerberos on OSX
-
-2004-09-21  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/time.c (krb5_format_time): check return value from
-	localtime and strftime
-
-2004-09-14  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kuser/kinit.c: make sure we don't always get renewable creds
-	
-2004-09-11   Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/acache.c: use krb5_ccapi.h
-	
-	* lib/krb5/krb5_ccapi.h: break out krb5 api definitions to
-	separate (not installed) file
-
-	* lib/krb5/Makefile.am: add AM_CPPFLAGS to libkrb5_la_CPPFLAGS
-	since AM_CPPFLAGS overridden by target specific _CPPFLAGS
-	
-2004-09-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/pkinit.c: make variable shorter, make error messages
-	from pkinit, make freeing easier
-	
-2004-09-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/Makefile.am: link libkrb5 with LIB_dlopen
-	
-	* lib/krb5/crypto.c (seed_something): avoid poking at memory that
-	is uninitialized, make valgrind unhappy. Pointd out by
-	abartlet@samba.org. While where, plug the fd leak.
-	
-2004-09-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/asn1/der_get.c (decode_*): name all tag-length variables the
-	same
-	(decode_enumerated): check that the tag-length is not longer the length
-
-	* lib/asn1/der_get.c (decode_boolean): fail if length of tag is
-	larger then len
-
-2004-08-31  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/init_creds_pw.c (krb5_get_init_creds): kdc_reply can be
-	set in case of failure too, free unconditionally on exit to avoid
-	memory leak
-
-2004-08-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/get_cred.c (set_auth_data): set pointer to NULL after
-	free
-
-2004-08-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/context.c (krb5_get_err_text): if neither of com_right
-	nor strerror finds the error-code, return Unknown error.
-	
-2004-08-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/krb5_kuserok.3: update to reality
-
-	* lib/krb5/kuserok.c: if a .k5login file exist, don't give
-	implicit rights to anyone; also check owner/mode of .k5login
-
-2004-08-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/Makefile.am: man_MANS = krb5_getportbyname.3
-	
-	* lib/krb5/krb5_getportbyname.3: manpage for krb5_getportbyname
-	
-	* lib/krb5/krb5.3: add krb5_getportbyname
-	
-	* lib/krb5/krb5.3: krb5_free_salt and krb5_enctype_valid
-
-	* lib/krb5/krb5_encrypt.3: document krb5_enctype_valid
-	
-2004-08-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/kerberos5.c (get_pa_etype_info{,2}): check for dup enctypes
-	from the client and filter them out.
-	
-	* lib/krb5/krb5_string_to_key.3: document krb5_free_salt
-	
-2004-08-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5_ticket.3: data needs to be freed when using
-	krb5_ticket_get_authorization_data_type
-
-2004-08-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/test_cc.c: test variables in default_cc_name
-	
-	* lib/krb5/krb5.conf.5: explain support for varibles in
-	[libdefaults]default_cc_name
-	
-	* lib/krb5/cache.c: drop ${time}, its not very useful
-	
-	* lib/krb5/cache.c: Add _krb5_expand_default_cc_name that expand
-	variables in the default cc name. Supported variables now are:
-	${time},${uid} and ${null}
-
-	* lib/krb5/krb5.conf.5: document default_cc_name
-	
-	* lib/krb5/cache.c (krb5_cc_set_default_name):
-	s/libdefault/libdefaults/
-
-2004-08-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/acache.c: replace magic 3 with ccapi_version_3
-	
-	* lib/krb5/Makefile.am: libkrb5_la_SOURCES += acache.c
-	
-	* lib/krb5/krb5.h: add krb5_acc_ops
-	
-	* lib/krb5/acache.c: CCAPI v3 implementation, the read only
-	support was from Magnus Ahltorp and then extended by me to support
-	all other operations.  Tested with MIT kerberos cc cache
-	implementation on MacOS 10.3.3
-
-	* lib/krb5/cache.c (krb5_cc_set_default_name): allow setting the
-	default cc name, this is not very useful for general purpose glue
-	since its not possible to glue in user information (like uid), but
-	for CCAPI it works just fine
-
-2004-08-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kuser/kgetcred.1: document --cache/-c
-	
-	* kuser/kgetcred.c: allow to specify what credential cache to use
-	
-2004-08-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/Makefile.am: add krb5_eai_to_heim_errno.3
-	
-	* lib/krb5/krb5_eai_to_heim_errno.3: document
-	krb5_eai_to_heim_errno, krb5_h_errno_to_heim_errno
-	
-	* lib/krb5/krb5.3: add krb5_eai_to_heim_errno,
-	krb5_h_errno_to_heim_errno
-
-2004-07-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5_expand_hostname.3: krb5_expand_hostname_realms
-	result should be free with krb5_free_host_realm drop
-	krb5_get_host_realm text
-
-	* lib/krb5/krb5_set_default_realm.3: krb5_get_host_realm result
-	should be free with krb5_free_host_realm
-	
-	* lib/krb5/krb5_get_in_cred.3: document krb5_free_kdc_rep
-	
-	* lib/krb5/krb5_get_init_creds.3: remove dup krb5_get_init_creds
-	
-	* lib/krb5/krb5_auth_context.3: sort, add krb5_free_authenticator
-	
-	* lib/krb5/Makefile.am: man_MANS += krb5_rd_error
-	
-	* lib/krb5/krb5_rd_error.3: krb5_rd_error and friends
-	
-	* lib/krb5/krb5_warn.3: clarify on what string
-	krb5_free_error_string should operate on
-
-	* lib/krb5/krb5_get_credentials.3: add krb5_get_kdc_cred
-	
-	* lib/krb5/Makefile.am: krb5_get_credentials,
-	krb5_get_forwarded_creds and friends
-
-	* lib/krb5/krb5_get_forwarded_creds.3: krb5_get_forwarded_creds
-	and friends
-
-	* lib/krb5/krb5_get_credentials.3: krb5_get_credentials and
-	friends
-
-2004-07-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kuser/klist.c (print_cred_verbose): keytypes are no longer, use
-	enctype
-
-2004-07-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/hdb-ldap.c (LDAP_entry2mods): allow for pre-c99
-	compilers, From metze at samba.org
-
-2004-07-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/test_cc.c: more cc tests
-	
-	* lib/krb5/krb5_check_transited.3: document krb5_check_transited
-	
-2004-07-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/pkinit.c (pk_principal_from_X509): reverse test, makes
-	principal in cert work From: Mayur Patel <patelm4@rpi.edu>
-	
-2004-07-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/Makefile.am: add krb5_verify_init_creds.3
-
-	* lib/krb5/krb5_verify_init_creds.3: add krb5_verify_init_creds
-	
-2004-07-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5_set_password.3: spelling from wiz@netbsd.org
-	description for krb5_passwd_result_to_string
-	
-2004-07-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5_set_password.3: Remove superfluous comma; grammar
-	fixes; split sentence in two for better understanding.  From
-	wiz@NetBSD.org. Describe krb5_set_password_using_ccache while here.
-
-	* lib/krb5/krb5_set_password.3: nroff and spelling, from Jonathan
-	Stone <jonathan@dsg.stanford.edu>
-
-	* lib/krb5/changepw.c (process_reply): cast ssize_t to long and
-	print that From NetBSD via Havard Eidnes.
-	
-2004-07-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* configure.in: fix helpstring for hdb-openldap-module
-	
-	* lib/krb5/test_cc.c: don't use krb5_err on error code 0
-	
-2004-07-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/hdb-ldap.c (LDAP_seq): try handling errors better
-	
-2004-07-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/get_in_tkt.c (set_ptypes): make ptypes const
-	
-2004-07-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/hdb-ldap.c (LDAP__connect): call ldap_initialize with
-	right argument
-
-2004-06-27  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): if the
-	krbtgt is without addresses, default to not sending our own
-	addrport
-
-	* lib/asn1/lex.l: add support for /* */ and partial line --
-	comments
-
-	* kuser/Makefile.am: don't install copy_cred_cache manpage
-	
-2004-06-24  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/init_creds.c (_krb5_get_init_creds_opt_copy): if
-	copying a static opt, make sure to allocate the "private" field
-
-2004-06-24  Love  <lha@stacken.kth.se>
-
-	* kdc/config.c: add enable_pkinit_princ_in_cert
-	
-	* kdc/kdc_locl.h: enable_pkinit_princ_in_cert
-	
-	* kdc/pkinit.c: Check certificate for Kerberos Principal in
-	OtherName of subjectAltName Based on patch from Mayur Patel
-	<patelm4@rpi.edu>
-
-2004-06-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/get_cred.c (init_tgs_req): if subkey not avaible, use
-	session key for authorization-data
-
-2004-06-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/connect.c (handle_tcp): note who is what that closed the
-	connection on us
-
-2004-06-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* admin/get.c (kt_get): catch errors from krb5_parse_name
-	
-2004-06-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/hdb-ldap.c: if its the entry just contains the
-	structural object (no samba nor heimdal object), add an aux
-	heimdal object on to it.
-	
-2004-06-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kpasswd/kpasswd.c: use krb5_set_password_using_ccache
-	
-	* lib/krb5/krb5_set_password.3: add krb5_set_password_using_ccache
-	
-	* lib/krb5/changepw.c: implement krb5_set_password_using_ccache
-	
-	* lib/hdb/hdb-ldap.c: Allow the objectClass to be
-	"sambaSamAccount" or structural_object when searching for uid
-	entries.
-
-	* lib/krb5/krb5.conf.5: document [kdc]hdb-ldap-create-base
-	
-	* lib/hdb/hdb-ldap.c: add creation base that defaults to the
-	search base
-
-	* lib/hdb/hdb-ldap.c: indent like the rest of the code
-	
-2004-06-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/hdb-ldap.c: check return values from ldap operations and
-	close it we get back LDAP_SERVER_DOWN. stupid ldap client lib, you
-	should retry by yourself.
-
-	* lib/hdb/hdb-ldap.c: require search base to be configured, create
-	local context structure
-	
-2004-05-31  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/setup.texi: more ldap text, partly from Tarjei Huse
-	<tarjei@nu.no>
-
-2004-05-28  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* lib/hdb/hdb-ldap.c: clean, indent
-	
-	* lib/hdb/hdb-ldap.c (LDAP_entry2mods): make sure
-	krb5KeyVersionNumber is added on new entires
-
-2004-05-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/setup.texi: minor fixes, partly from Tarjei Huse
-	<tarjei@nu.no>
-
-	* lib/krb5/krb5.conf.5: some text about dbname and realm
-	
-	* lib/krb5/krb5.conf.5: default value for
-	hdb-ldap-structural-object is account
-
-2004-05-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* tools/Makefile.am: use ! instead of , as sed delimiter
-	
-2004-05-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/*.c: add KRB5_LIB_FUNCTION to all exported functions
-
-2004-05-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/hdb-ldap.c: make samba_forwardable a krb5_boolean
-	
-	* lib/hdb/hdb-ldap.c: make samba forwarding a runtime configure
-	option
-
-	* lib/hdb/hdb-ldap.c (LDAP_message2entry): fix [] test From:
-	Andrew Bartlett <abartlet@samba.org>
-	
-	* lib/hdb/hdb-ldap.c (LDAP_message2entry): remove bogus length
-	check From: Andrew Bartlett <abartlet@samba.org>
-	
-	* lib/hdb/hdb-ldap.c (LDAP_message2entry): in the sambaNTPassword
-	case, make sure ent->etypes are allocated, From: Andrew Bartlett
-	<abartlet@samba.org>
-
-2004-05-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kuser/kinit.c: move "setpag if (argc < 1)" to common path
-	
-2004-05-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/verify_krb5_conf.c: pacify pre c99 compilers
-	
-	* fix-export: use right argument for -E
-
-2004-05-06  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kuser/kinit.c: print some diagnostics if the exec fails
-	
-2004-04-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/pkinit.c (pk_rd_pa_reply_dh): use krb5_random_to_key
-	From: Luke Howard <lukeh@padl.com>
-	
-	* lib/krb5/rd_req.c (krb5_verify_ap_req2): clear the whole ticket,
-	not just a pointer size of it From: Luke Howard <lukeh@padl.com>
-	
-2004-04-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* fix-export: add -E flag where needed to make-proto
-	
-2004-04-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/crypto.c: add set_param for RC2
-	
-	* lib/krb5/pkinit.c: use krb5_oid_to_enctype and remove all oids
-	that are no longer needed
-
-	* kdc/pkinit.c: use krb5_enctype_to_oid
-	
-	* lib/krb5/crypto.c (krb5_oid_to_enctype): make sure oid exists
-	before we compare with it
-
-	* lib/krb5/crypto.c (krb5_crypto_get_params): check ivec length
-	before returning it add aes-oids
-	
-	* lib/krb5/crypto.c: add krb5_enctype_to_oid and
-	krb5_oid_to_enctype
-
-	* kdc/pkinit.c: use krb5_crypto_set_params
-	
-	* lib/krb5/crypto.c: add krb5_crypto_set_params, add aes-NNN-cbc-none
-
-	* lib/krb5/krb5.h: add KEYTYPE_AES192
-	
-	* lib/krb5/pkinit.c: use krb5_crypto_get_params to implement
-	kcrypto RC2 support
-
-	* lib/asn1/k5.asn1: add CMS symmetrical parameters here, enctype
-	rc2-cbc XXX RC2CBCParameter is wrong because the compiler is
-	broken
-
-	* lib/krb5/krb5.h: add KEYTYPE_RC2
-	
-	* lib/krb5/crypto.c: add partial CMS parameter handling, this is
-	needed for RC2
-	
-	* lib/asn1/der_cmp.c: add heim_oid_cmp and heim_octet_string_cmp
-	
-	* lib/asn1/Makefile.am (libasn1_la_SOURCES) += der_cmp.c
-	
-	* lib/asn1/der.h: add heim_oid_cmp and heim_octet_string_cmp
-	
-	* lib/asn1/k5.asn1: add ETYPE_AESNNN_CBC_NONE
-	
-	* lib/asn1/k5.asn1: add CMS symmetrical parameters here, enctype
-	rc2-cbc, XXX RC2CBCParameter is wrong because the compiler is broken
-
-2004-04-26  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/config_file.c: allow parsing directly from strings with
-	krb5_config_parse_string_multi
-	
-	* lib/krb5/verify_krb5_conf.c: try to resolve hostnames
-	
-2004-04-25  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/store_fd.c (krb5_storage_from_fd): dup the file
-	descriptor so we don't have to keep track of it in two places
-	
-	* kuser/copy_cred_cache.c: krb5_cc_copy_cache_match now lives in
-	libkrb5
-
-	* lib/krb5/krb5_{,compare_}creds.3: move krb5_compare_creds to its
-	own manpage
-	
-	* replace krb5_free_creds_contents by krb5_free_cred_contents
-	
-	* lib/krb5/cache.c: add krb5_cc_next_cred_match() and
-	krb5_cc_copy_cred_match()
-	
-	* lib/krb5/creds.c (krb5_compare_creds): add more matching options
-	
-	* lib/krb5/krb5.h: add more creds match flags
-	
-	* kuser/copy_cred_cache: add --valid-for option
-	
-	* lib/krb5/store.c (krb5_store_creds): set is_skey flag if length
-	of second ticket is > 0
-
-2004-04-25  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* lib/krb5/pkinit.c: use the right oid for pkauthdata
-	
-	* lib/krb5/pkinit.c: always send both win2k compat version and the
-	ietf draft one, this is possible since microsoft use
-	wrong/diffrent PA number.  Make the configuration flag boolean
-	configuring if NOT to send the win2k compat glue.
-	
-	* lib/krb5/krb5_encrypt.3: document krb5_{de,en}crypt_ivec
-
-	* kuser/copy_cred_cache.1: pacify mdoclint
-	
-	* kdc/pkinit.c: use IV for envelopeddata encryption, patch
-	originally from Luke Howard <lukeh@padl.com>, tweeked by me.
-	
-	* lib/krb5/krb5_storage.3: document
-	KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER
-
-	* lib/krb5/krb5_data.3: document that krb5_data_free cleans the
-	structure too
-
-	* lib/krb5/pkinit.c: use IV for envelopeddata encryption, patch
-	originally from Luke Howard <lukeh@padl.com>, tweeked by me.
-	
-2004-04-24  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kuser/copy_cred_cache.{c,1}: add cred cache copy tool
-	
-	* configure.in: use rk_SYS_LARGEFILE
-	
-	* lib/krb5/{krb5.h,store.c,fcache.c}: Fix the cache flags bitorder
-	issue with a storage flag instead of a separate function.
-	
-2004-04-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/pkinit.c: move out the oid check from get_reply_key
-
-	* lib/krb5/pkinit.c: uniquify error messages
-	
-	* lib/krb5/init_creds_pw.c: make the pkinit nonce same os the
-	plain nonce for now
-
-	* lib/krb5/pkinit.c: more w2k compat from Luke Howard
-	<lukeh@padl.com> add RC2 support, clean up error messages
-	
-	* lib/krb5/pkinit.c: remove more dependency on
-	krb5_config->pkinit_flags
-
-	* lib/krb5/pkinit.c (_krb5_pk_convert_rep): convert microsoft
-	style answer to IETF, From Luke Howard <lukeh@padl.com>
-	(_krb5_pk_create_sign): ms handles NULL in param, so always send it
-	(_krb5_pk_mk_padata): look for [realms]REALM = { win2k_pkinit = bool }
-
-	* lib/krb5/pkinit.c (_krb5_pk_create_sign): always set the
-	digestAlgorithm to sha1 (both for SignerInfo and SignedData, add
-	new function _set_digest_alg to set it
-
-2004-04-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* include/make_crypto.c: include rc2.h, and when I'm here, make
-	aes mandatory
-
-	* lib/krb5/krb5.h: add ENCTYPE_ARCFOUR_HMAC as compat glue for MIT
-	kerberos
-
-	* lib/krb5/crypto.c (krb5_crypto_init): clear return pointer on
-	failure
-
-	* lib/krb5/crypto.c (DES3_random_to_key): make it produce the
-	right result
-	(DES3_postproc): use DES3_random_to_key
-	(krb5_random_to_key): check the required number of bits (not the size
-	of the key)
-
-	* lib/krb5/aes-test.c: test random to key function
-
-	* lib/krb5/string-to-key-test.c: comment out the "@"/"" test for
-	now
-
-2004-04-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5_string_to_key.3: document that
-	krb5_string_to_key_derived is broken for non 3des enctypes and
-	thus deprecated
-
-	* kdc/pkinit.c (generate_dh_keyblock): use the new function
-	krb5_random_to_key
-
-	* lib/krb5/crypto.c: add des and DES3 random_to_key hooks, they
-	need special processing
-
-	* lib/krb5/crypto.c (krb5_random_to_key): new function
-	
-	* lib/krb5/krb5_keyblock.3: document krb5_random_to_key
-	
-2004-04-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/pkinit.c: use the first proposed enable enctype
-	
-	* lib/krb5/context.c (krb5_set_default_in_tkt_etypes): use the
-	return from krb5_enctype_valid
-
-	* kdc/pkinit.c: at least try to handle diffrent enveloped enctypes
-	
-2004-04-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/asn1/der_get.c: 1.28.2.16: (der_get_oid): handle all oid
-	components being smaller then 127 and allocate one extra element
-	since first byte is split to to elements.
-	
-2004-04-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/asn1/k5.asn1: ETYPE_DIGEST_MD5_NONE, ETYPE_CRAM_MD5_NONE:
-	private use, lukeh@padl.com
-
-2004-04-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/pkinit.c (build_auth_pack): use heim_integer to encode
-	DH public key
-
-2004-04-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5_init_context.3: add krb5_context to so its added
-	as manpage-link too
-
-2004-04-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/fcache.c (fcc_remove_cred): simplistic implementation,
-	XXX add locking
-
-	* kuser/kdestroy.c: add --credential argument that just remove one
-	credential entry out of the cache specified
-	
-	* kdc/pkinit.c: replace the krb5.conf configuration option that
-	describes the mapping between principals and subject names with a
-	file, default /var/heimdal/pki-mapping. XXX this should be pushed
-	into HDB. XXX should add issuer too
-	
-	* kdc/config.c: merge certificate/private_key to a user_id
-	
-2004-04-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/kdc_locl.h: update prototype for pk_initialize
-	
-	* kuser/kinit.c: merge certificate/private_key to a user_id
-	
-	* kdc/pkinit.c: adapt to heim_integer changes
-	
-	* lib/krb5/pkinit.c: merge certificate/private_key to a user_id
-	
-	* kdc/pkinit.c: adapt to heim_integer changes,
-	merge certificate/private_key to a user_id
-	
-2004-04-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/pkinit.c: use KRB5_PADATA_PK_AS_REQ_WIN free X509_STORE
-	
-2004-04-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/Makefile.am: define BUILD_KRB5_LIB when building
-	libkrb5.la, add KRB5_LIB_FUNCTION proto
-
-	* lib/krb5/add_et_list.c: add KRB5_LIB_FUNCTION
-	
-	* configure.in: export KRB5_LIB_FUNCTION when building with
-	BUILD_KRB5_LIB
-
-	* lib/krb5/ticket.c (krb5_ticket_get_authorization_data_type): add
-	error strings
-
-	* lib/krb5/prompter_posix.c (krb5_prompter_posix): if some thing
-	is printed on stderr, fflush it
-
-	* lib/krb5/krb5_keyblock.3: free functions also zeros out the key
-	
-	* lib/krb5/krb5_get_init_creds.3: some text about
-	krb5_prompter_posix
-
-	* lib/krb5/krb5.conf.5: document hdb-ldap-structural-object
-	
-	* lib/krb5/cache.c: add krb5_cc_get_prefix_ops
-	
-	* lib/krb5/krb5_ccache.3: add krb5_cc_get_prefix_ops
-	
-2004-04-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* appl/test/http_client.c: support GSS_C_DELEG_FLAG and
-	GSS_C_MUTUAL_FLAG
-
-	* appl/test/http_client.c: verbose logging
-	
-2004-04-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/connect.c: case size_t to unsigned long for LP64 platforms
-	
-2004-04-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/hdb-ldap.c (hdb_ldap_create): allow configuration of
-	default structural object
-
-	* tools/Makefile.am: handle sed expression breaking
-	
-2004-03-31  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krbhst.c: also lookup _kpasswd._tcp SRV-rr
-	
-	* lib/krb5/changepw.c: add tcp support to the set protocol, should
-	be cleaned up to enable sharing code with krb5_sendto
-	
-	* kpasswd/kpasswd.c (change_password): remove extra free
-	
-	* lib/krb5/krb5_acl_match_file.3: try to pacify mdoc macros on
-	osf/1
-
-2004-03-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/init_creds_pw.c (pa_data_add_pac_request): don't
-	increase md->len, krb5_padata_add already does that
-	
-	* lib/krb5/init_creds.c: its PAC not PAQ
-	
-	* kuser/kinit.c: its PAC not PAQ
-	
-	* kdc/kerberos4.c: stop the client from renewing tickets into the
-	future From: Jeffrey Hutzelman <jhutz@cmu.edu>
-
-2004-03-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* configure.in: try to handle sys/strtty.h needing sys/stream.h
-	
-2004-03-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/send_to_kdc.c: remove function krb5_sendto_kdc2, its no
-	longer used
-	
-	* kdc/kerberos5.c: s/krb5_get_host_realm_int/_&/
-	
-	* lib/krb5/get_host_realm.c: unexport krb5_get_host_realm_int to
-	external users by prefixing it with _
-
-	* lib/krb5/get_cred.c: s/krb5_mk_req_internal/_&/
-	
-	* lib/krb5/mk_req_ext.c: unexport krb5_mk_req_internal to external
-	users by prefixing it with _
-
-2004-03-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/pkinit.c: add missing }
-	
-2004-03-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/pkinit.c: adapt to change of signature of
-	_krb5_pk_load_openssl_id
-
-	* lib/krb5/pkinit.c: (krb5_get_init_creds_opt_set_pkinit): add
-	prompter argument and use it
-
-	* kuser/kinit.c: adapt to signature change of
-	krb5_get_init_creds_opt_set_pkinit
-	
-	* lib/krb5/krb5.3: add more stuff, 105 functions to go
-
-	* lib/krb5/krb5_rcache.3: add krb5_get_server_rcache
-	
-	* lib/krb5/krb5_rcache.3: framework for replay cache manpage
-	
-	* lib/krb5/krb5_string_to_key.3: document string to key functions
-	
-	* lib/krb5/Makefile.am: man_MANS += krb5_expand_hostname.3
-	krb5_find_padata.3 krb5_generate_random_block.3
-
-	* lib/krb5/krb5_encrypt.3: document krb5_get_wrapped_length
-	
-	* lib/krb5/krb5.3: add some more, 137 to go
-	
-	* lib/krb5/krb5_principal.3: document krb5_get_default_principal
-	
-	* lib/krb5/krb5_keyblock.3: document krb5_generate_subkey
-	
-	* lib/krb5/krb5_generate_random_block.3: document
-	krb5_generate_random_block
-	
-	* lib/krb5/krb5_find_padata.3: document padata functions
-	
-	* lib/krb5/krb5.3: add some more, 142 to go
-	
-	* lib/krb5/krb5_creds.3: drop .Pp before .Sh
-	
-	* lib/krb5/krb5_set_default_realm.3: document krb5_copy_host_realm
-	
-	* lib/krb5/krb5_expand_hostname.3: document krb5_expand_hostname
-	and krb5_expand_hostname_realms
-
-	* lib/krb5/krb5.3: add more functions, 147 to go
-	
-	* lib/krb5/krb5_creds.3: document krb5_creds
-	
-	* lib/krb5/krb5_get_init_creds.3: add more functions, some more
-	text
-
-	* lib/krb5/krb5_ticket.3: document
-	krb5_ticket_get_authorization_data_type
-
-2004-03-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/aes-test.c: remove #if 0'ed code
-	
-	* lib/krb5/krb5.3: add keyblock functions, 177 functions to go
-	
-	* lib/krb5/krb5_verify_user.3: add krb5_verify_opt_set_ccache
-	
-	* lib/krb5/krb5_encrypt.3: document krb5_decrypt_ticket
-	
-	* lib/krb5/krb5_config.3: document krb5_config_free_strings and
-	krb5_config_file_free
-
-	* lib/krb5/krb5_create_checksum.3: add krb5_hmac
-	
-	* lib/krb5/krb5.3: add keyblock functions, 190 functions to go
-
-	* lib/krb5/krb5_keyblock.3: update .Dd
-	
-	* lib/krb5/krb5_keyblock.3: document krb5_copy_keyblock and
-	krb5_generate_random_keyblock
-
-	* lib/krb5/krb5_init_context.3: add krb5_init_ets
-	
-	* lib/krb5/krb5_config.3: add more krb5_config_ functions and
-	prototypes
-
-	* lib/krb5/krb5_init_context.3: document context modifcation
-	functions: address list, config file, use admin kdc, fcc version
-	
-	* lib/krb5/krb5_storage.3: document krb5_storage and related
-	functions
-
-	* lib/krb5/Makefile.am: add acl and krb524_convert_creds_kdc
-	manpages and test_acl test program
-
-	* lib/krb5/krb5.3: add error string functions and sort
-	
-	* lib/krb5/krb5_warn.3: document krb5_abort and error string
-	functions
-
-	* lib/krb5/krb5.3: add missing functions, only 285 left to
-	document
-
-	* lib/krb5/krb5_crypto_init.3: remove various enctype related
-	function
-
-	* lib/krb5/krb5_encrypt.3: add various enctype related function
-	here
-
-	* lib/krb5/krb5_create_checksum.3: add krb5_cksumtype_valid
-	krb5_cksumtype_valid
-
-	* lib/krb5/crypto.c: real return values for
-	krb5_{enctype,cksumtype}_valid
-
-	* lib/krb5/krb5_create_checksum.3: add some functions and
-	descriptions
-
-	* lib/krb5/krb5_c_make_checksum.3: move out non krb5_c functions
-	
-	* lib/krb5/krb5_auth_context.3: document
-	krb5_auth_con_generatelocalsubkey
-
-	* lib/krb5/krb5_krbhst_init.3: document krb5_krbhst_init_flags
-	
-	* lib/krb5/krb5_keytab.3: document krb5_kt_default_modify_name
-	
-	* lib/krb5/krb5_init_context.3: document krb5_add_et_list
-	
-	* lib/krb5/krb524_convert_creds_kdc.3: document
-	krb524_convert_creds_kdc, krb524_convert_creds_kdc_ccache
-
-	* lib/krb5/krb5_acl_match_file.3: document krb5_acl_match_*
-	
-	* lib/krb5/test_acl.c: test for generic acl code
-
-	* lib/krb5/acl.c: plug memory leak on file matching, 
-	make it not fall over when no non matching acl,
-	make fnmatch matching useful by switching arguments
-	
-2004-03-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/config.c: add --builtin-hdb command
-	
-	* lib/hdb/hdb.c (hdb_list_builtin): return a list of builtin
-	backends
-
-	* doc/setup.texi: include Luke Howard of PADL.COM ldap hdb
-	documentation
-
-	* doc/win2k.texi: fix bugs in examples, add more restrictions, use
-	example.com as an example. From: Pavel Ferdan
-	<xferdan@informatics.muni.cz>
-
-2004-03-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/krb5.conf.5: add a bunch of Li and document [kadmin]
-	password_lifetime; from Henry B. Hotz
-
-2004-03-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/mk_rep.c (krb5_mk_rep): if KRB5_AUTH_CONTEXT_USE_SUBKEY
-	is set send subkey
-	(generate if needed)
-
-	* lib/krb5/krb5.h: add KRB5_AUTH_CONTEXT_USE_SUBKEY
-	
-2004-03-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/hdb-ldap.c: clean up error handling, plug memory leaks,
-	and free memory in error path, assume realloc(NULL, ...) works,
-	factor out common code, indent
-
-2004-03-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/verify_krb5_conf.c: understand [password_quality]
-	spelling
-	
-	* kuser/kgetcred.1: document --canonicalize
-	
-	* kuser/kgetcred.c: add --canonicalize
-	
-2004-03-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/fcache.c (fcc_store_cred): NULL terminate
-	krb5_config_get_bool_default' arglist
-	
-2004-03-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/kerberos5.c: add missing req argument to pk_mk_pa_reply
-	
-	* kdc/pkinit.c (pk_mk_pa_reply): add hdb_entry
-	
-	* kdc/pkinit.c: pass client hdb_entry to pk_check_client
-	
-	* kdc/kdc_locl.h: pass client hdb_entry to pk_check_client
-	
-	* kuser/kinit.c: rename ca_dir to pkinit/x509_anchors since its
-	more like that language in RFC3280
-	
-	* lib/krb5/pkinit.c: rename ca_dir to pkinit/x509_anchors since
-	its more like that language in RFC3280
-	
-	* lib/krb5/krb5.conf.5: document
-	[libdefaults]fcc-mit-ticketflags=boolean
-
-	* lib/krb5/fcache.c (fcc_store_cred): use
-	[libdefaults]fcc-mit-ticketflags=boolean to decide what format to
-	write the fcc in. Default to mit version (aka heimdal 0.7)
-	
-	* lib/krb5/store.c: add _krb5_store_creds_heimdal_0_7 and
-	_krb5_store_creds_heimdal_pre_0_7 that store the creds in just
-	that format make krb5_store_creds default to mit format
-	
-	* lib/krb5/store.c (krb5_ret_creds): Runtime detect the what is
-	the higher bits of the bitfield
-	
-2004-03-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/store.c (krb5_store_creds): add disabled code that
-	store the ticket flags in reverse order
-	(bitswap32): new function
-
-	* lib/krb5/store.c (krb5_ret_creds): if the higher ticket flags
-	are set, its a mit cache, reverse the bits, bug pointed out by
-	Sergio Gelato <Sergio.Gelato@astro.su.se>
-
-2004-03-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/hdb-ldap.c: use macro for HDB * -> LDAP *
-	
-	* kuser/kinit.c: when running kinit with a subprocess, fetch new
-	tickets after half the tickets lifetime
-	
-	* lib/hdb/hdb.c: spelling
-	
-	* lib/hdb/hdb-ldap.c: Intergrate Heimdal's hdb-ldap and the Samba
-	password database.  From: Andrew Bartlett <abartlet@samba.org>
-
-	* kdc/config.c: add --disable-DES
-	
-	* kdc/kdc.8: document --detach and --disable-DES
-	
-	* kdc/kerberos5.c: check if enctype is disabled before using it
-	
-	* lib/krb5/crypto.c: add support for disabling checksum/encryption
-	types
-
-	* tools/kdc-log-analyze.pl: add more cases
-	
-	* kdc/connect.c: on strange tcp error; log local port number and
-	socket type
-	
-	* lib/asn1/der.h: fix prototype of encode_utf8string
-	
-	* lib/asn1/gen.c: catch CHOICE and generate dummy placeholder
-	
-	* lib/asn1/lex.l: added dummy parsing of CHOICE
-	
-	* lib/asn1/parse.y: added dummy parsing of CHOICE
-	
-	* lib/asn1/k5.asn1: drop SMTP_NAME
-	
-2004-03-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/Makefile.am: support building ldap backend as module
-	sort asn1 hdb files
-	
-	* lib/hdb/hdb.c: when building ldap as a shared module, don't
-	include it in the list
-
-	* configure.in: add --enable-hdb-openldap-module
-	
-	* lib/hdb/hdb-ldap.c: make ldap possible to build as a shared
-	module
-
-	* lib/hdb/mkey.c: add hdb_{,un}seal_key{,_mkey} from Andrew
-	Bartlett <abartlet@samba.org>
-
-	* lib/krb5/crypto.c (decrypt_internal_special): do not not modify
-	the original data test case from Ronnie Sahlberg
-	<ronnie_sahlberg@ozemail.com.au>
-
-2004-03-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/test_cc.c: more cc tests, mostly related to mcc
-	behavior
-
-	* lib/krb5/mcache.c (mcc_get_principal): also check for
-	primary_principal == NULL now that that isn't used as dead flag
-	
-	* lib/krb5/mcache.c: don't overload the primary_principal == NULL
-	as dead since that doesn't always work. Based on patch from
-	Jeffrey Hutzelman <jhutz@cmu.edu>, tweeked by me
-	
-2004-02-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/pkinit.c: adapt to rename of oid_cmp to heim_oid_cmp
-	
-	* lib/krb5/pkinit.c: adapt to rename of oid_cmp to heim_oid_cmp
-	
-	* lib/hdb/db3.c: fix all db >= 4.1 cases
-	
-	* doc/setup.texi: add text about hostname to realm mapping using
-	DNS
-
-2004-02-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/pkinit.c: update error codes
-	
-	* lib/krb5/krb5_err.et: prefix pkinit error codes with KRB5_
-
-	* lib/krb5/pkinit.c: update error codes
-	
-2004-02-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/pkinit.c: indent, use krb5_abortx() instead of abort()
-	
-	* lib/krb5/init_creds_pw.c (process_pa_data_to_key): spelling
-	
-	* lib/krb5/store.c: handle memory allocate errors
-
-	* lib/krb5/fcache.c (_krb5_xlock): handle that everything was ok,
-	and don't put an error in the error strings then
-	
-2004-02-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/pkinit.c: s/heim_big_integer/heim_integer/
-	
-	* lib/krb5/pkinit.c: s/heim_big_integer/heim_integer/
-	
-	* kdc/pkinit.c: adapt to asn1 bignum code, use HEIM_PKINIT errors
-	
-	* lib/krb5/pkinit.c: adapt to asn1 bignum code, use HEIM_PKINIT
-	errors
-	
-	* lib/krb5/heim_err.et: add HEIM_PKINIT specific errors
-	
-2004-02-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* configure.in: rename AC_WFLAGS to rk_WFLAGS
-	
-	* acinclude.m4: use m4_define, over-quote string
-	
-2004-02-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/init_creds_pw.c (change_password): handle that
-	printf("%.*s", 0, (void*)NULL); doesn't work on solaris
-	
-2004-02-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kpasswd/kpasswd.c (change_password): handle that printf("%.*s",
-	0, (void*)NULL); doesn't work on solaris
-	
-	* lib/krb5/krb5.conf.5: don't use path's in first .Nm, it confuses
-	some locate.updatedb, use FILES section to describe where the file
-	is instead.
-
-2004-02-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/asn1/check-der.c: test for "der_length.c: Fix len_unsigned
-	for certain negative integers, it got the length wrong" , from
-	Panasas, Inc.
-
-	* lib/asn1/der_length.c: Fix len_unsigned for certain negative
-	integers, it got the length wrong, fix from Panasas, Inc.
-	
-	rename len_int and len_unsigned to _heim_\&
-	
-	* lib/asn1/der_locl.h: add _heim_len_unsigned, _heim_len_int
-	
-2004-02-06  Dave Love  <d.love@dl.ac.uk>
-
-	* configure.in: Check for sys/socket.h, net/if.h.  Modify term.h,
-	security/pam_appl.h tests.
-	
-2004-02-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/asn1/check-gen.c: test for: (length_type): TSequenceOf: add
-	up the size of all the elements, don't use just the size of the
-	last element.
-
-	* lib/krb5/aes-test.c: add "next iv" test for aes128, check
-	decryption case too
-
-	* lib/krb5/crypto.c (_krb5_aes_cts_encrypt): out iv is the iv of
-	the next to last block, fix decryption case too
-	
-	* lib/krb5/aes-test.c: add "next iv" test for aes128
-	
-	* lib/krb5/crypto.c (_krb5_aes_cts_encrypt): out iv is the iv of
-	the next to last block
-
-	* lib/krb5/mk_rep.c (krb5_mk_rep): abort on internal asn1 encode
-	error
-	
-	* lib/krb5/mk_rep.c (krb5_mk_rep): abort on internal asn1 encode
-	error
-
-	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): abort on internal asn1
-	encode error
-
-	* lib/krb5/mk_priv.c (krb5_mk_priv): abort on internal asn1 encode
-	error
-
-	* lib/krb5/get_cred.c (make_pa_tgs_req): abort on internal asn1
-	encode error
-
-	* lib/krb5/build_auth.c (krb5_build_authenticator): abort on
-	internal asn1 encode error
-
-	* lib/krb5/build_ap_req.c (krb5_build_ap_req): abort on internal
-	asn1 encode error
-
-2004-01-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/setup.texi: some text about order of [capaths] realms
-	
-2004-01-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/context.c: register WRFILE ops
-	
-	* lib/krb5/keytab_file.c: add krb5_wrfkt_ops/WRFILE (same as FILE)
-	
-	* lib/krb5/krb5.h: add krb5_wrfkt_ops
-	
-	* kpasswd/kpasswdd.c (change): use the right password when
-	changing the password
-
-2004-01-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/fcache.c (_krb5_xlock): catch EINVAL and assume that it
-	means that the filesystem doesn't support locking
-	
-	* lib/krb5/keytab.c: remove #if 0 out file locking code
-	
-2004-01-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/asn1/gen_length.c (length_type): TSequenceOf: add up the
-	size of all the elements, don't use just the size of the last
-	element.
-
-2004-01-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kuser/kinit.c (renew_validate): if renewable_flag and not time
-	specifed, use "1 month"
-
-2004-01-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5_keyblock.3: add prototypes, describe
-	krb5_keyblock_zero
-
-2004-01-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/get_for_creds.c (add_addrs): don't add same address
-	multiple times
-
-	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): try to
-	handle errors better for previous commit
-
-	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): If tickets
-	are address-less, forward address-less tickets.
-	
-	* lib/krb5/get_cred.c: rename get_krbtgt to _krb5_get_krbtgt and
-	export it
-
diff --git a/crypto/heimdal/ChangeLog.2005 b/crypto/heimdal/ChangeLog.2005
deleted file mode 100644
index 8c84b1c5c385..000000000000
--- a/crypto/heimdal/ChangeLog.2005
+++ /dev/null
@@ -1,2004 +0,0 @@
-2005-12-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/kerberos5.c (tgs_make_reply): less const on hdb_entry_ex to
-	make samba happy
-
-	* fix-export: Build kdc-private.h.
-	
-2005-12-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/kerberos5.c (tgs_rep2): also print the principal for which
-	the enctype was missing
-	
-2005-12-13  Love H�rnquist �strand <lha@it.su.se>
-
-	* kdc/kaserver.c: Finish up transition from hdb_entry to
-	hdb_entry_ex.
-
-	* kdc/kerberos4.c: Finish up transition from hdb_entry to
-	hdb_entry_ex.
-
-	* kdc/524.c: Finish up transition from hdb_entry to hdb_entry_ex.
-
-	* kdc/kerberos5.c: Finish up transition from hdb_entry with
-	hdb_entry_ex.
-
-	* lib/krb5/cache.c (krb5_cc_set_default_name): use
-	KRB5_DEFAULT_CCNAME.
-
-	* lib/krb5/krb5_locl.h: Add KRB5_DEFAULT_CCNAME, pointer to
-	default credential cache.
-
-	* lib/hdb/ndbm.c: memset hdb_entry_ex before use
-
-	* lib/hdb/db3.c: memset hdb_entry_ex before use
-	
-	* lib/hdb/db.c: memset hdb_entry_ex before use
-	
-2005-12-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5.3: Add some more entrypoints.
-
-	* lib/krb5/changepw.c: If there is a target principal, use the
-	realm of the realm to change the password with,
-
-	* kuser/kinit.c: Default to use DH when fetching keys.
-
-	* lib/hdb, kdc, kadmin/load.c: Wrap hdb_entry with hdb_entry_ex, patch
-	originally from Andrew Bartlet
-
-	* lib/hdb/hdb-ldap.c: Wrap hdb_entry with hdb_entry_ex, add url
-	support, add ldapi support.
-
-	* kdc/kerberos5.c (tgs_make_reply): there are no such things a
-	keytypes any more, just use enctypes.
-
-	* kdc/kdc_locl.h: Remove private prototypes and instead include
-	<kdc-private.h>.
-
-	* kdc/Makefile.am: Build kdc-private.h and depend on it.
-
-	* kdc/config.c (configure): wrap line
-
-	* doc/kerberos4.texi: KDC 4 support is always compiled in.
-	
-	* TODO: Remove some stuff that have been done.
-
-	* Makefile.am: Split long line
-
-	* doc/apps.texi: Spelling, From M�ns Nilsson.
-
-	* doc/install.texi: spelling, From M�ns Nilsson
-	
-2005-12-11  Love H�rnquist �strand <lha@it.su.se>
-
-	* lib/krb5/krb5_principal.3: Constify principal argument to on
-	krb5_principal_get_ functions.
-
-	* lib/krb5/principal.c: Constify principal argument to on
-	krb5_principal_get_ functions.
-	
-2005-12-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb: drop convert_db, 0.0 to 0.1 transition was a long long
-	time ago
-
-2005-12-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/test_keytab.c: more tests, From Andrew Bartlet
-
-	* lib/krb5/keytab_memory.c (mkt_remove_entry): realloc can return
-	NULL on success in the case 0 entries are allocated, From Andrew
-	Bartlet
-	
-2005-12-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/acl.c (acl_parse_format): tmp needs to be freed too on
-	failure to parse format specifier.
-	
-	* lib/krb5/store-test.c: Free more of the allocated memory.
-
-	* lib/krb5/crypto.c (krb5_derive_key): Free more of the allocated
-	memory, this function is only used by the test program.
-	
-	* lib/krb5/parse-name-test.c: Free more of the allocated memory.
-
-	* lib/krb5/derived-key-test.c: Free more of the allocated memory.
-	
-2005-12-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/setup.texi: spelling, From M�ns Nilsson
-
-	* lib/krb5/krb5_keytab.3: Memory keytab are now named and
-	refcounted.
-
-	* lib/krb5/test_keytab.c: Test that memory keytab are refcounted.
-
-	* lib/krb5/keytab_memory.c: Index by name and start reference
-	counting on entries.
-	
-2005-11-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5.h (krb5_address_type): add
-	KRB5_ADDRESS_NETBIOS (20)
-
-	* lib/hdb/hdb.c (find_method): accept relative paths as old db
-	format too.
-
-	* lib/krb5/aes-test.c: Remove usage of krb5_enctype_to_keytype.
-	
-2005-11-29  Dave Love  <fx@gnu.org>
-
-	* kcm/connect.c (kcm_loop): Use HAVE_DOOR_CREATE, not HAVE_DOORS.
-	
-2005-11-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/verify_krb5_conf.c (libdefaults_entries): add
-	default_cc_name
-
-	* lib/hdb/hdb.c: Only match db databases on filename starting with
-	'/'.
-
-	* lib/krb5/rd_req.c (krb5_verify_ap_re2): check timestamp in
-	authenticator
-
-	* lib/krb5/rd_req.c (check_transited): explain the TR-type 0
-	better and why it matters.
-
-	* lib/krb5/test_cc.c: test krb5_cc_get_prefix_ops
-
-	* lib/krb5/cache.c (krb5_cc_get_prefix_ops): change the behavior
-	to return NULL when its not found, and fcc when the name starts
-	with a '/'. Almost matches behavior in other parts of the code,
-	but can't really do that since the name passed in to this function
-	may only contain the prefix itself without the colon.
-
-	* lib/krb5/cache.c (krb5_cc_get_prefix_ops): if there are not
-	colon (:) in the name, its a file credential cache
-
-	* lib/hdb/db3.c (hdb_db_create): use calloc to callocate memory
-
-	* lib/hdb/ndbm.c (hdb_ndbm_create): use calloc to allocate memory
-
-	* lib/hdb/db.c (hdb_db_create): use calloc to allocate memory
-
-2005-11-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): use session
-	key for delegated credentials
-
-	* kdc/kerberos5.c (_kdc_as_rep): add comment when we send
-	ETYPE-INFO and ETYPE-INFO2, from Andrew Bartlett
-	
-2005-11-25  Love H�rnquist �strand <lha@it.su.se>
-
-	* lib/krb5/keytab.c (krb5_kt_get_full_name): new function
-	
-2005-11-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/test_crypto.c: Split encryption and s2k iterations to
-	diffrent counters, 38seconds of aes256 s2k is way too long.
-
-	* lib/krb5/test_crypto.c: Add timing code for s2k function.
-
-2005-11-07  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kdc/kerberos5.c: Print the time the principal expired, based on
-	patch from Andrew Bartlett.
-	
-2005-11-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/cache.c (krb5_cc_get_full_name): Add
-	
-2005-11-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* configure.in: Spelling, From Michael Banck <mbanck@debian.org>
-	
-2005-10-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kcm/headers.h: Maybe include <sys/param.h>.
-
-2005-10-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/ticket.c (krb5_ticket_get_authorization_data_type):
-	understand KRB5_AUTHDATA_IF_RELEVANT and KRB5_AUTHDATA_AND_OR (but
-	have KRB5_AUTHDATA_KDC_ISSUED commented out for now)
-	
-2005-10-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kuser/klist.c: In the list caches view, rename the Status field
-	to Expires.
-
-	* lib/krb5/krb5_encrypt.3: Fix mdoc for
-	krb5_encrypt_EncryptedData, Johnny Lam <jlam@pkgsrc.org>
-	
-2005-10-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* appl/test/gssapi_client.c: Check return value from asprintf
-	instead of string != NULL since it undefined behavior on
-	Linux. From Bj�rn Sandell
-	
-2005-10-21  Love H�rnquist �strand <lha@it.su.se>
-
-	* lib/krb5/pkinit.c (_krb5_dh_group_ok): if not enough bits are
-	generated from the DH groups, fail.
-
-	* kdc/pkinit.c (get_dh_param): Pass down config so this function
-	can check pkinit_dh_min_bits
-
-	* kdc/config.c: Fill in pkinit_dh_min_bits from configuration
-	file.
-
-	* kdc/kdc.h: Add pkinit_dh_min_bits to krb5_kdc_configuration.
-	
-2005-10-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/pkinit.c: Add option to require binding between reply
-	and response for the win2k version of the protocol.
-	
-2005-10-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/programming.texi: Text about Kerberos errors.
-	
-	* lib/krb5/pkinit.c: Try both ReplyKey and ReplyKey-Win2k for the
-	Windows case to support the updated -09 protocol (using
-	asChecksum). Tell KDC we support this by sending
-	KRB5-PADATA-PK-AS-09-BINDING in the pa-data.
-	
-	* lib/krb5/test_cc.c: Test copy FILE -> FILE, and MEMORY -> MEMORY
-	too.
-
-	* lib/krb5/test_cc.c: Test krb5_cc_copy_cache and
-	krb5_cc_cache_match.
-
-	* lib/krb5/cache.c (krb5_cc_cache_match): add function that
-	iterates over all credential caches for a user and returns a
-	match.
-	
-	* lib/krb5/krb5_ccache.3: Add krb5_cc_start_seq_get and an
-	example.
-
-2005-10-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/programming.texi: Try to explain krb5_ccache, krb5_principal
-	and errors.
-	
-2005-10-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5_get_credentials.3: Add example how to use
-	krb5_get_credentials.
-	
-2005-10-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/init_creds.c: Rename private to opt_private.
-
-	* lib/krb5/init_creds_pw.c: Rename private to opt_private.
-
-	* lib/krb5/pkinit.c: rename element private to opt_private to make
-	c++ picky compilers less upset.
-
-	* lib/krb5/krb5.h (krb5_get_init_creds_opt): rename element
-	private to opt_private to make c++ picky compilers less upset.
-	
-2005-10-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krbhst.c (_krb5_krbhost_info_move): new function
-	(_krb5_free_krbhst_info): expose to internal use
-	
-	* lib/krb5/init_creds_pw.c: Prepare to pass down a
-	krb5_krbhst_info into the pre-auth mechs
-
-	* lib/krb5/pkinit.c: Inline short functions, share more code,
-	rename COMPAT_27 to COMPAT_IETF, pass down a krb5_krbhst_info for
-	verification of KDC info, and general cleaning up.
-	
-2005-10-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/Makefile.am: Install krb5.moduli in sysconfdir.
-
-	* lib/krb5/krb5_locl.h: rename moduli file to SYSCONFDIR
-	"/krb5.moduli"
-
-	* lib/krb5/krb5_locl.h: Add forward declaration for
-	krb5_dh_moduli.  Add define for MODULI_FILE.
-
-	* kdc/pkinit.c: Removing PK-INIT-19 support.
-
-	* lib/krb5/pkinit.c: Removing PK-INIT-19 support.
-
-	* lib/krb5/pkinit.c (_krb5_dh_group_ok): return DH group name on
-	success.
-	(krb5_get_init_creds_opt_set_pkinit): use moduli file if it exists
-
-	* kdc/pkinit.c: Save DH group name and print it on success.
-
-	* lib/krb5/pkinit.c (_krb5_dh_group_ok): if q is zero, ignore it.
-
-	* kdc/pkinit.c: Check dh group parameters from client.
-
-	* lib/krb5/krb5_err.et: Match error code with pk-init-27.
-
-	* lib/krb5/pkinit.c: Update error codes. Add name to group. Change
-	return value of _krb5_dh_group_ok.
-
-	* lib/krb5/pkinit.c: Add support for reading a moduli-file for DH
-	parameters.
-	
-2005-10-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kuser/klist.1: Document --list-caches
-
-	* kuser/klist.c: Change short flag of --list-caches to -l (-v is
-	already used).
-
-2005-10-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/kerberos.8: RFC 1510 was obsoleted by 4120.
-	
-	* lib/krb5/acache.c (init_ccapi): return kerberos errors, callers
-	expect it
-	(acc_get_cache_first): don't leak memory or abort on malloc
-	failure
-	
-2005-10-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/kerberos.8: Update text about Kerberos RFC's.
-	
-2005-10-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kuser/klist.c: Add option --list-caches that lists the avaible
-	caches and their status.
-
-	$ klist --list-caches
-	  Principal        Cache name               Status
-	lha@E.KTH.SE     2                        Valid
-	lha@SU.SE        1                        Expired
-	lha/root@SU.SE   0                        Expired
-	lha@N.L.NXS.SE   Initial default ccache   Expired
-	
-2005-09-30  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* lib/krb5/keytab_keyfile.c: Use all DES keys, not just
-	des-cbc-md5, verify that they all are the same.
-
-	* lib/krb5/mcache.c Implement the cache iteration functions.
-
-	* lib/krb5/acache.c: Implement the cache iteration functions.
-
-	* lib/krb5/test_cc.c: Test the new cache iteration functions.
-
-	* lib/krb5/cache.c: Add cache iteration funcations. Add internal
-	allocation function for the memory of a krb5_ccache, and use it.
-
-	* lib/krb5/krb5.h (krb5_cc_ops): add cache iteration functions
-	
-2005-09-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5_mk_req.3: Remove leftovers, remove extra space.
-
-	* kdc/kerberos5.c: More verbose PK-INIT logging.
-
-	* kdc/pkinit.c: The public DH key is encoded as an INTEGER in
-	subjectPublicKey.  Don't verify OID's for now.
-	
-	* lib/krb5/pkinit.c: Support cached DH variable (still need to
-	store it though), don't check the oid of the DH signedData for
-	now.
-	
-2005-09-22 Love H�rnquist �strand <lha@it.su.se>
-
-	* lib/krb5/rd_cred.c (krb5_rd_cred): try both the session key and
-	the sender subkey. Both RFC1510 and RFC4120 say that you have to
-	use the session key, Heimdal uses subkey.
-	
-2005-09-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/pkinit.c: Don't check oid's too closely, they change in
-	Windows Vista.
-	
-2005-09-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/pkinit.c: Disable sending -19, fix parsing -27 of the
-	protocol.
-
-	* kdc/pkinit.c: Support PK-INIT-27 DH (and remove -19)
-
-	* lib/krb5/pkinit.c (pk_verify_chain_standard): set cert to NULL
-	to make sure its not freed.
-	
-2005-09-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/crypto.c (krb5_DES_string_to_key): If the opaque length
-	it set to 1, and content is 0x01, use the afs3 string-to-key.
-
-	* kdc/kerberos5.c (make_etype_info2_entry): When its a afs3-salted
-	key, use send the opaque, length 1 (with content set to 0x01) in
-	ETYPE-INFO2-ENTRY.
-
-	* lib/krb5/kcm.c: Remove signedness warnings.
-	
-2005-09-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* configure.in: Use libtool's default values for building
-	shared/static libaries, ie remove AC_ENABLE_SHARED(no), solves
-	building problems users have on Mac OS X.
-	
-2005-09-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/changepw.c: Constify password.
-	
-2005-09-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5_mk_req.3: Document krb5_rd_req.
-	
-	* lib/krb5/Makefile.am: MAN_mans+= krb5_mk_req.3
-	
-	* lib/krb5/krb5_mk_req.3: Document krb5_mk_req, krb5_mk_req_exact,
-	krb5_mk_req_extended, krb5_rd_req, krb5_rd_req_with_keyblock,
-	krb5_mk_rep, krb5_mk_rep_exact, krb5_mk_rep_extended, krb5_rd_rep,
-	krb5_build_ap_req, krb5_verify_ap_req.
-	
-2005-09-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/kerberos5.c (make_etype_info_entry): Dont send salttype at
-	all, use KRB5-PADATA-AFS3-SALT
-	
-2005-08-31  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/kerberos5.c (log_timestamp): endtime, not endtype
-	
-2005-08-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* configure.in: Check for <sys/ucred.h>.
-
-	* kcm/connect.c (update_client_creds): in case there is no
-	UCRED_VERSION, skip LOCAL_PEERCRED
-	
-	* kcm/headers.h: include <sys/ucred.h>
-	
-2005-08-27 Love H�rnquist �strand <lha@it.su.se>
-
-	* lib/krb5/rd_req.c (check_transited): Allow empty content of type
-	0 because that is was Microsoft generates in their TGT.
-
-	* kdc/kerberos5.c (fix_transited_encoding): Allow empty content of
-	type 0 because that is was Microsoft enerates in their TGT.
-
-2005-08-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/intro.texi: RFC 4120 replaces RFC 1510
-	
-2005-08-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* configure.in: Add --disable-afs-support.
-
-2005-08-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/Makefile.am: Add test_hostname to check_PROGRAMS but
-	not TESTS, I have no same dns to use.
-
-	* lib/krb5/test_hostname.c: Testprogram for krb5_expand_hostname()
-	and krb5_expand_hostname_realms().
-	
-	* configure.in: Build KCM if we have doors or unix sockets.
-
-	* lib/krb5/principal.c (krb5_425_conv_principal_ex2): Remove
-	shadowing variable.
-
-	* lib/krb5/get_host_realm.c (dns_find_realm): Fix const warnings,
-	plug memory leak. From: Stefan Metzmacher <metze@samba.org>
-	
-	* lib/krb5/krb5_config.3: Document what happens with NULL to
-	krb5_config_free_strings
-	(nothing). Mdoc nit.
-	
-2005-08-22 Love H�rnquist �strand  <lha@it.su.se>
-
-	* kuser/klist.c (check_for_tgt): Re-order code so it only free the
-	credential if one was returned.
-	
-	* lib/krb5/test_crypto_wrapping.c: Fix printing of size_t.
-
-2005-08-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/dbinfo.c: provide interface to find databases
-
-	* lib/hdb/mkey.c: hdb_seal_key_mkey): dont double encrypt keys
-
-2005-08-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/kdc_locl.h: Update prototype for _kdc_pk_mk_pa_reply.
-
-2005-08-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/init_creds_pw.c: Save the request buffer so that
-	pre-auth mechanism that needs it can verify the reply.
-
-2005-08-12  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* lib/krb5/test_mem.c: Rename logf to avoid shadowing.
-	
-	* lib/krb5/krb5_keytab.3: Fix the version number for
-	fcc-mit-ticketflags.
-
-	* lib/krb5/fcache.c: Revert previous, I was confused.
-	
-	* lib/krb5/krb5_keytab.3: Document fcc-mit-ticketflags in
-	COMPATIBILITY section.
-	
-	* lib/krb5/fcache.c (fcc_store_cred): default to MIT style ticket
-	flags.
-
-	* kdc/pkinit.c (pk_mk_pa_reply_enckey): add missing break;
-
-	* lib/krb5/krb5_create_checksum.3: Update prototype for
-	krb5_create_checksum.
-	
-	* kdc/pkinit.c: Make compile.
-	
-	* lib/krb5/pkinit.c: Implement verification of asChecksum, now
-	client side code is using -27 of the pk-init draft.
-	
-	* kdc/kdc_locl.h: update prototype for _kdc_as_rep
-
-	* kdc/pkinit.c: Fill in asChecksum, we now implements -27 in the KDC.
-	
-	* kdc/process.c: Pass down the request buffer to _kdc_as_rep().
-
-	* kdc/kerberos5.c (_kdc_as_rep): Pass down the request buffer to
-	_kdc_pk_mk_pa_reply.
-
-2005-08-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/ext.c: HDB extensions access glue.
-
-	* kcm/acquire.c: Use krb5_set_password instead of
-	krb5_change_password.
-
-	* configure.in: Add tests/Makefile and tests/db/Makefile.
-
-	* NEWS: New ASN.1 compiler
-
-	* lib/hdb/Makefile.am: Build extensions.
-
-	* lib/hdb/print.c: Print extensions.
-
-	* lib/hdb/hdb_err.et: Add error "Entry contains unknown mandatory
-	extension".
-
-	* lib/hdb/hdb.h: Update interface version (and indent).
-	
-	* lib/hdb/hdb.asn1: Add support for HDB-extension.
-
-2005-08-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/test_pkinit_dh2key.c: add tests vectors from
-	"Liqiang(Larry) Zhu" <lzhu@windows.microsoft.com>
-
-	* lib/hdb/mkey.c: Expose the crypto operations on the master key.
-
-	* lib/krb5/test_pkinit_dh2key.c: even more bits, not done yet
-	
-2005-08-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/kerberos5.c (_kdc_as_rep): preserve the error code in the
-	ENC-TS case.  From: Andrew Bartlett <abartlet@samba.org>
-
-	* kdc/kerberos5.c (tgs_rep2): only needs to log "Failed to verify
-	authenticator" once, its already done by
-	tgs_check_authenticator().
-	
-	* kdc/kerberos5.c: Indent strings.
-
-	* kdc/kerberos5.c (log_timestamp): avoid shadow warnings From:
-	Andrew Bartlett <abartlet@samba.org>
-	
-	* lib/krb5/verify_user.c: Add krb5_verify_opt_alloc and
-	krb5_verify_opt_free.
-	
-	* lib/krb5/krb5_verify_user.3: Document krb5_verify_opt_alloc and
-	krb5_verify_opt_free.
-
-	* lib/hdb/db3.c (DB_open): catch errors from the d->open calls
-	instead of letting them slip though to d->cursor. Bug repport from
-	Andrew Bartlett <abartlet@samba.org>
-
-2005-07-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/Makefile.am (kdc_LDADD): add LDADD
-	
-2005-07-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/kerberos5.c (_kdc_as_rep): log what enctypes was using in
-	ENC-TS preauth, both for failure and success.
-
-	* kdc/hprop.c: Use the _krb5_krb_life_to_time function from
-	libkrb5 instead of including our own here too.
-
-	* kdc/kerberos5.c: indent printf strings
-
-	* lib/hdb/mkey.c (hdb_unseal_key_mkey): try to unseal key with
-	keyusage 0 in case the key was encrypted with MIT Kerberos (old
-	patch from Johan)
-
-2005-07-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/pkinit.c: update to pkinit-27
-
-2005-07-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/pkinit.c: Adapt to IMPLICIT changes in CMS module.
-
-2005-07-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/test_pkinit_dh2key.c: framework for testing
-	_krb5_pk_octetstring2key
-
-	* kpasswd/kpasswdd.c (doit): krb5_addr2sockaddr takes a
-	krb5_socklen_t
-
-	* kdc/connect.c (de_http): sscanf takes a char *, not unsigned
-	ditto, cast approriately
-
-	* lib/krb5/crypto.c (_krb5_pk_octetstring2key): make sha1 output
-	unsigned char to match openssl
-
-2005-07-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/common.c: Check encoder lengths from ASN1_MALLOC_ENCODE.
-
-2005-07-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/rd_cred.c (krb5_rd_cred): don't leak memory
-
-	* lib/krb5/get_cred.c (krb5_get_credentials_with_flags): only call
-	krb5_cc_retrieve_cred once, and plug memory leak.
-
-2005-07-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/Makefile.am: the new asn.1 compiler includes the modules
-	name in the depend file
-
-	* lib/krb5/keytab_file.c (fkt_start_seq_get_int): check return
-	value from krb5_storage_from_fd
-
-	* lib/krb5/pkinit.c (pk_rd_pa_reply_dh): client do not contribute
-	to the DH when the server doesn't support the cached DH request.
-
-	* lib/krb5/crypto.c (_krb5_pk_octetstring2key): fix arguments
-
-2005-07-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/pkinit.c: clean up pk-init DH support, not finished
-	yet; improve error reporting
-
-	* lib/krb5/crypto.c (_krb5_pk_octetstring2key): string2key
-	function used in pk-init-25
-
-	* configure.in: Use a configure switch to turn on PK-INIT, not by
-	detecting existence of the new ASN.1 library.
-
-	* lib/asn1: Much improved ASN.1 compiler from joda-choice-branch.
-
-	Highlighs for the compiler is support for CHOICE and in general better
-	support for tags. This compiler support most of what is needed for
-	PK-INIT, LDAP, X.509, PKCS-12 and many other protocols.
-
-2005-07-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/asn1: make scope variables unique to avoid shadow warnings
-
-2005-07-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5.h: comment out paramenter name in typedef
-	functions to avoid shadow warnings
-
-	* lib/krb5/crypto.c: make input data to krb5_encrypt{,_ivec} const
-
-	* kuser/klist.c: If there are no addresses, print addressless
-	instead of nothing.
-
-	* lib/krb5/Makefile.am (TESTS): add test_crypto_wrapping
-
-	* lib/krb5/crypto.c (wrapped_length): the underived encrypted
-	types checksum are all unkeyed (matches the code in
-	encrypt_internal() and encrypt_internal_special())
-
-	* lib/krb5/test_crypto_wrapping.c: ETYPE_ARCFOUR_HMAC_MD5_56 isn't
-	not supported
-
-	* lib/krb5/test_crypto_wrapping.c: test encryption wrapping
-
-	* lib/krb5/test_crypto.c (time_encryption): free cleartext buffer
-
-2005-07-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* configure.in: run AM_INIT_AUTOMAKE before AM_PROG_CC_C_O
-	otherwise am_aux_dir will be expanded using ac_aux_dir before the
-	later is set.
-
-	* configure.in: check for strings.h explicitly instead of
-	depending on AC_HEADER_STDC to check it for us
-
-2005-07-07  Assar Westerlund  <assar@kth.se>
-
-	* configure.in: add AM_PROG_CC_C_O for automake 1.9
-
-2005-07-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/keytab.c (krb5_kt_get_entry): clear error string when
-	returning a new error
-	
-	* lib/krb5/keytab.c: krb5_kt_close frees all resources, even on
-	error.
-
-	* lib/krb5/verify_init.c (krb5_verify_init_creds): `entry' unused,
-	remove From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
-
-2005-07-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/win2k.texi: arcfour-hmac-md5 support for windows cross was
-	added in w2k3-sp1 From David Love
-	
-	* doc/setup.texi: document kadmin command password-quality instead
-	of the not installed test_pw_quality
-	
-	* lib/krb5/krb5_get_init_creds.3: Spelling, from David Love
-	
-	* fix-export: build kdc-protos.h
-
-2005-07-01  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kdc: prefix pkinit symbols with _kdc
-
-	* kuser/kinit.c: avoid shadowing variables
-	
-	* kuser: s/optind/optidx/
-
-	* kdc: adapt pkinit code to libkdc split
-
-2005-06-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* tools/Makefile.am: add depency on LIB_dlopen and LIB_door_create
-	
-	* tools/krb5-config.in: add depency on LIB_dlopen and LIB_door_create
-	
-	* kdc/kdc_locl.h: indent, remove dup prototypes
-	
-	* kdc/libkdc: don't pollute namespace, generate public headerfile
-
-	* lib/krb5/principal.c: add krb5_425_conv_principal_ext2 that work
-	just like krb5_425_conv_principal_ext but takes a context variable
-	for the verification function
-	
-	* kdc/Makefile.am: there is no export script, not pretend there is
-
-	* kdc: Merge in the libkdc/kdc configuration split from Andrew
-	Bartlet <abartlet@samba.org>
-
-	* lib/krb5/crypto.c: optionally compile in support for afs string2key
-	
-	* configure.in: add --disable-afs-string-to-key to allow removal
-	of support for afs string2key (and dependency on crypt)
-
-2005-06-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/kerberos5.c: Add logging of all timestamps in AS-REQ and
-	TGS-REQ, for auditing
-
-	* kdc/kerberos5.c (as_req): print the supported encryption types
-	so its possible to know what clients to update.
-	(find_rpath): return const char * and update callers.
-
-2005-06-28  Luke Howard  <lukeh@padl.com>
-
-	* kcm/connect.c: fix arguments to kcm_log() when reporting
-	  sendmsg() error
-
-	* kcm/connect.c: don't send socket address in msghdr, it
-	  returns an already connected error on Linux
-
-2005-06-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/524.c: Always include <krb5-v4compat.h>.
-
-2005-06-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/intro.texi: no more libdes, gssapi lib is complete
-	
-	* lib/krb5/krb5.conf.5: Documentation for password quality
-	control. From: "James F. Hranicky" <jfh@cise.ufl.edu>
-
-	* lib/krb5/verify_krb5_conf.c (password_quality_entries): add
-	min_length and min_classes
-
-	* kdc/kaserver.c: log the kaserver requests, avoid shadowing
-	variables
-
-	* lib/hdb/db3.c (DB_open): in case of error, close database
-
-	* lib/hdb/ndbm.c (NDBM_open): in case of error, close database
-
-	* lib/hdb/db.c (DB_open): in case of error, close database
-
-2005-06-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kcm/kcm.8: fix example
-
-2005-06-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/rd_rep.c: indent
-
-	* lib/krb5/rd_rep.c (krb5_rd_rep): check if
-	KRB5_AUTH_CONTEXT_DO_TIME set and use that as a que that timestamp
-	should be checked, DCE-STYLE gssapi needs to be able to tweek this
-
-	* kdc/string2key.c: rename optind to optidx
-
-	* lib/hdb/convert_db.c: rename optind to optidx
-
-	* lib/hdb/keytab.c: const poison, add a unconst where needed
-
-	* lib/krb5/crypto.c (krb5_string_to_key): unconst password
-
-	* lib/asn1/k5.asn1: rename pvno to krb5-pvno
-
-	* lib/krb5/get_in_tkt_with_keytab.c (krb5_keytab_key_proc):
-	unconst argument
-
-	* lib/krb5/verify_krb5_conf.c: rename optind to optidx
-
-	* lib/krb5/transited.c: rename the temporary string variable to
-	`str'
-
-	* lib/krb5/test_crypto.c: rename optind to optidx
-
-	* lib/krb5/test_alname.c: rename optind to optidx
-
-	* lib/krb5/store.c: unconst argument to krb5_store (XXX this
-	should be fixed, krb5_store doesn't need to modify its argument)
-
-	* lib/krb5/send_to_kdc.c (krb5_sendto): remove shadowing
-	unnessecery variable ret
-
-	* lib/krb5/rd_cred.c (krb5_rd_cred): remove shadowing unnessecery
-	variable len
-
-	* lib/krb5/prog_setup.c: rename optind to optidx
-
-	* lib/krb5/padata.c: rename variable index to idx
-
-	* lib/krb5/log.c: rename variable time to timestr to avoid
-	shadowing
-
-	* lib/krb5/krbhst.c (krb5_krbhst_init_flags): rename variable to
-	avoid shadowing
-
-	* lib/krb5/krbhst-test.c: rename optind to optidx
-
-	* lib/krb5/kcm.c: unconst argumen to connect, unconst argument to
-	krb5_store (XXX this should be fixed, krb5_store doesn't need to
-	modify its argument)
-
-	* lib/krb5/init_creds_pw.c (default_s2k_func): unconst password
-
-	* lib/krb5/crypto.c: rename `encrypt' to avoid shadow warning
-	
-2005-06-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/principal.c: rename index to idx
-	
-	* lib/krb5/mk_error.c: use rk_UNCONST
-	
-	* lib/krb5/fcache.c: rename to avoid shadowing
-
-	* lib/krb5/config_file.c: rename to avoid shadowing
-	
-	* lib/krb5/cache.c (_krb5_expand_default_cc_name): just copy the
-	string instead of losing const
-
-	* lib/krb5/addr_families.c: use rk_UNCONST to silence const
-	warning
-
-	* lib/krb5/addr_families.c: rename sin to sin4
-
-	* lib/asn1/asn1_print.c: rename optind to optidx, remove shadowed
-	variables
-
-	* lib/asn1/main.c: rename optind to optidx
-
-	* lib/asn1/gen_copy.c: rename to avoid shadowing
-
-	* lib/asn1/gen_locl.h: rename function filename to get_filename
-
-	* lib/asn1/lex.l: use get_filename
-
-	* lib/asn1/gen.c: rename function filename to get_filename
-
-	* lib/krb5/acache.c: use HAVE_DLOPEN around cc_handle
-	
-	* configure.in: add headers and prototypes to logwtmp, logout and
-	openpty checks
-
-	* configure.in: include headerfiles and set prototype for tgetent
-	
-	* kdc/kerberos5.c (make_etype_info2_entry): NUL terminate the
-	string
-
-	* kdc/kerberos5.c: replace strndup with inline copy, free data on
-	failure
-
-	* lib/krb5/cache.c (_krb5_expand_default_cc_name): replace strndup
-	with inline copy
-
-	* lib/krb5/log.c: rename close and log to avoid shadow warnings
-	
-	* lib/krb5/get_in_tkt.c: rename index to i to avoid shadowing
-
-	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): rename two
-	of the local `realm' to srealm to avoid shadowing
-	
-	* kdc/kerberos5.c (tgs_rep2): rename one of the tkey to uukey to
-	avoid shadow warning
-
-	* kdc/kerberos5.c (tgs_rep2): rename loop to nloop to avoid shadow
-	warning
-
-2005-06-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Release 0.7, see branch
-	
-2005-06-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/Makefile.am: TESTS += test_mem libkrb5_la_SOURCES +=
-	kcm.h
-	
-	* kuser/kinit.c (main): catch KRB5_CONFIG_BADFORMAT from
-	krb5_init_context
-
-	* kdc/main.c (main): catch KRB5_CONFIG_BADFORMAT from
-	krb5_init_context
-
-	* lib/krb5/verify_krb5_conf.c (main): catch KRB5_CONFIG_BADFORMAT
-	from krb5_init_context From: Mathias Feiler
-	<feiler@uni-hohenheim.de>
-
-	* lib/krb5/verify_krb5_conf.c: Add more missig entires, from
-	Mathias Feiler <feiler@uni-hohenheim.de>
-
-2005-06-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/pkinit.c (pk_principal_from_X509): remember to free
-	KRB5PrincipalName
-
-	* lib/krb5/log.c (krb5_closelog): free all content in
-	krb5_log_facility
-
-2005-06-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/524.c: init kvno to please gcc
-
-	* kdc/kaserver.c (do_authenticate): check return value from
-	unparse_auth_args
-
-2005-06-07  Dave Love  <fx@gnu.org>
-
-	* doc/setup.texi: Spelling.
-	
-	* doc/programming.texi: Spelling.
-
-2005-06-02  Dave Love  <fx@gnu.org>
-
-	* kcm/connect.c (kcm_door_server): Make static.
-
-	* kcm/kcm_locl.h (disallow_getting_krbtgt): Declare.
-
-2005-06-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/mit_dump.c (mit_prop_dump): cast argument to
-	krb5_parse_principal to avoid warning
-
-	* kdc/mit_dump.c: rename KRB5_TL_MOD_PRINC to
-	mit_KRB5_TL_MOD_PRINC to hint its a constant originating from mit
-	codebase
-
-2005-06-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/store.c: If we are allocating 0 entires, avoid failing
-	if ALLOC returns NULL
-
-	* lib/krb5/verify_krb5_conf.c: Check for [kdc]v4-realm
-	
-	* lib/krb5/cache.c: When returning a new error code, set error
-	string.
-
-2005-05-31  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/keytab_file.c: Adapt to changed signature of
-	_krb5_xunlock, clear more error string where needed.
-
-	* lib/krb5/fcache.c (_krb5_xunlock): catch the error and turn it
-	into something sensable
-
-2005-05-30  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kdc/kerberos5.c (tgs_make_reply): copy ok-as-delegate flag from
-	server entry to encrypted ticket flags
-
-2005-05-30  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/connect.c: rename sendlength to prependlength (which
-	hopefully better represents its purpose), and change type to
-	krb5_boolean
-
-	* kdc/connect.c: log signal causing exit
-	
-	* kdc/main.c (sigterm): set exit_flag to signal causing exit;
-	(main): trap SIGXCPU
-
-2005-05-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kcm/kcm.8: document --disallow-getting-krbtgt and --door-path
-
-	* kcm/protocol.c (kcm_op_retrieve): check server for krbtgt, not
-	client
-
-	* kcm/main.c: ignore SIGPIPE
-
-	* kcm/protocol.c: Add option to disallow getting krbtgt out from
-	from KCM. KCM will do the fetching part itself.
-	
-	* kcm/config.c: Add option to disallow getting krbtgt out from
-	from KCM. KCM will do the fetching part itself.
-
-2005-05-30  Luke Howard <lukeh@padl.com>
-
-	* kcm/events.c: if credentials have expired when attempting
-	to renew, attempt to reacquire them using initial creds
-
-2005-05-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5_principal.3: Spelling, from Bj�rn Sandell
-	
-	* doc/setup.texi: spelling, from Bj�rn Sandell
-
-	* lib/krb5/name-45-test.c: XXX don't run the test unless the
-	machine is in kth.se or su.se because it depends on local resolver
-	configuration.
-
-	* lib/hdb/hdb.c: provde RTLD_NOW and RTLD_GLOBAL if they don't
-	exists
-
-	* kcm/connect.c: fix doors support, fix signedness warnings
-
-	* kcm/config.c: add --door-path=
-	
-	* configure.in: comment what the "detect doors on solaris"
-	fragment tries to do
-
-	* kcm/acquire.c (generate_random_pw): fix signed-ness warnings
-
-	* kcm/connect.c (update_client_creds): fix compile error in the
-	getpeerucred case
-
-	* lib/krb5/test_cc.c: change format for expantion variables in
-	default_cc_name to %{variable} to not confuse them with shell
-	ditto
-
-	* kcm/headers.h: Maybe include <door.h>.
-
-	* kcm/kcm_locl.h: add extern door_path;
-
-	* configure.in: detect doors using door_create
-	
-	* kcm/Makefile.am: add dependcy on kcm_protos.h add lib depency on
-	LIB_door_create
-
-	* lib/krb5/kcm.h: add _PATH_KCM_DOOR, default path to kcm door
-
-	* lib/krb5/kcm.c: use [libdefaults]kcm_door to find the door to
-	kcm
-
-	* lib/krb5/Makefile.am: libkrb5_la_LIBADD += LIB_door_create
-	
-	* lib/krb5/krb5_locl.h: Maybe include <sys/mman.h>, maybe include
-	<door.h>.
-
-	* lib/krb5/kcm.c (kcm_send_request): add support for doing a door
-	call to kcm
-
-	* lib/asn1: prefix Der_class with ASN1_C_ to avoid problems with
-	system headerfiles that pollute the name space
-
-	* kcm/kcm.8: change format for expantion variables in
-	default_cc_name to %{variable} to not confuse them with shell
-	ditto
-
-	* lib/krb5/krb5.conf.5: change format for expantion variables in
-	default_cc_name to %{variable} to not confuse them with shell
-	ditto
-
-	* lib/krb5/cache.c (_krb5_expand_default_cc_name): change format
-	for expantion variables to %{variable} to not confuse them with
-	shell ditto
-	
-	* kcm/connect.c: add LOCAL_PEERCRED and experimental doors support
-
-2005-05-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* appl/kf/kfd.c: case uid_t to unsigned long in printf format
-
-2005-05-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5_auth_context.3: remove trailing space
-
-2005-05-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kcm/connect.c (do_request): use sendmsg to send the reply
-	
-	* fix-export: add make_proto for kcm/kcm_protos.h
-	
-	* kcm/kcm_locl.h: remove prototypes and add <kcm_protos.h>
-
-	* kcm/Makefile.am (kcm_SOURCES): add headerfiles
-	(kcm_protos.h): generate prototypes
-
-	* kcm/protocol.c: fix error in last commit, use right function
-
-	* kcm/headers.h: include <ucred.h> if we have getpeerucred
-
-	* configure.in: check for functions getpeerucred and getpeereid
-
-	* kcm/connect.c (update_client_creds): add support for
-	getpeerucred and getpeereid
-
-	* lib/krb5/kcm.c (kcm_alloc): allow kcm socket to be configured by
-	[libdefaults]kcm_socket=/path
-
-2005-05-24  David Love  <fx@gnu.org>
-
-	* kcm/kcm.8: KRB5CCNAME needs an literal uid, not ${uid}, spelling
-
-2005-05-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kcm/protocol.c: Merge the description and function jumptables
-	into one structure.  Use the length of the array when checking if
-	opcode is value, not a constant.
-
-	* kcm/kcm_locl.h: struct kcm_op: jumptable structure
-
-	* kcm/main.c: move declaration of detach_from_console away from
-	here to kcm_locl.h, Don't test HAVE_DAEMON since roken supplies it.
-	
-	* kcm/kcm_locl.h: move declaration of detach_from_console here
-	
-	* kdc/config.c: Don't test HAVE_DAEMON since roken supplies it.
-	
-2005-05-23  Dave Love  <fx@gnu.org>
-
-	* kcm/config.c: Don't test HAVE_DAEMON since roken supplies it.
-
-	* kdc/main.c: Don't test HAVE_DAEMON since roken supplies it.
-
-2005-05-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5_keytab.3: document WRFILE and JAVA14
-
-2005-05-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krbhst.c (srv_get_hosts): if srv_get_hosts failes,
-	return and ignore the error
-
-	* lib/krb5/krbhst.c (srv_find_realm): make sure `res' and `count'
-	have good values
-	
-	* lib/krb5/test_keytab.c: tests all keytab format
-	
-2005-05-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/pkinit.c (_krb5_pk_rd_pa_reply): non non asn1 decoding
-	errors, fail. Make sure we free memory on error.
-	(pk_verify_chain_standard): make sure we provide good errors.
-
-	* lib/krb5/verify_krb5_conf.c: add missing options, prompted by
-	James F. Hranicky mail to heimdal-discuss
-
-	* lib/krb5/verify_krb5_conf.c: add pkinit and password quailty
-	check options
-
-	* lib/krb5/pkinit.c (pk_verify_chain_standard): store better error
-	message in the context for certificate errors.
-	
-	* lib/krb5/keytab.c (krb5_kt_free_entry): zero out content of all
-	krb5_free_x_content like functions to make sure data doesnt get
-	reused, idea from Wynn Wilkes <wwilkes@vintela.com>
-
-	* configure.in: depend on automake 1.8, we don't test anything
-	older
-
-	* lib/krb5/init_creds_pw.c (process_pa_data_to_md): add comment
-	that the caller always free out_md; remove comment about memory,
-	it doesn't happen.
-	(init_cred_loop): free ctx->as_req.padata when its reset (From Wynn
-	Wilkes <wwilkes@vintela.com>), move a comment close the the code
-
-	* lib/krb5/keytab_krb4.c (fkt_remove_entry): need to call
-	krb5_kt_free_entry after each krb5_kt_next_entry.
-
-	* lib/krb5/keytab_file.c (fkt_remove_entry): need to call
-	krb5_kt_free_entry after each fkt_next_entry_int. From: Wynn
-	Wilkes <wwilkes@vintela.com>
-
-2005-05-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/Makefile.am: TESTS += test_keytab
-
-	* lib/krb5/keytab_krb4.c (krb4_kt_remove_entry): plug memory leaks,
-	avoid crashing on empty keytab
-
-	* lib/krb5/krb5_keytab.3: document behavior of
-	krb5_kt_remove_entry
-
-	* lib/krb5/keytab_memory.c (mkt_remove_entry): check if there
-	isn't any entries in the keytab before removing any since that
-	leads to bad pointer arithmetic and crashing. From: Wynn Wilkes
-	<wwilkes@vintela.com>.  Make the function return KRB5_KT_NOTFOUND
-	if the entry wasn't in the keytab (just like the filebased
-	keytab).
-
-	* lib/krb5/test_keytab.c: test memory corruption in MEMORY keytab
-
-	* lib/krb5{addr_families,context,creds,free,keyblock,
-	mit_glue,rd_error}.c:zero out content of all krb5_free_x_content
-	like functions to make sure data doesnt get reused, idea from
-	Wynn Wilkes <wwilkes@vintela.com>
-
-	* lib/krb5/krb5_get_credentials.3: document KRB5_GC_EXPIRED_OK
-	
-	* lib/krb5/krb5.3: add krb5_cc_new_unique
-
-2005-05-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/fcache.c (fcc_get_first): check return value from
-	malloc, memset the structure, make sure cursor doesn't point to
-	freed memory on failure.  From: Wynn Wilkes <wwilkes@vintela.com>
-
-	* lib/krb5/krb5_auth_context.3: document
-	KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED
-
-	* lib/krb5/get_cred.c: Remove expired credentials, based on
-	patches and comments from Anders Magnusson <ragge@ltu.se> and Wynn
-	Wilkes <wwilkes@vintela.com>
-
-	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): honor
-	KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED and create unencrypted
-	(ENCTYPE_NULL) credentials. for use with old mit server and java based
-	ones as they can't handle encrypted KRB-CRED. Note that the option
-	needs to turned on because if the consumer sends the KRB-CRED in
-	clear bad things will happen.
-
-	* lib/krb5/context.c (krb5_init_context): register krb5_javakt_ops
-
-	* lib/krb5/krb5.h: KRB5_GC_EXPIRED_OK: expired credentials is ok
-	to return from krb5_get_credentials.
-	KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED: make forward credentials
-	be unencrypted, for compatibility with mit kerberos and java
-	kerberos. krb5_javakt_ops: export
-
-2005-05-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/keytab_file.c: Add new keytab file format JAVA14 that
-	doesn't the use extended kvnos, as hinted, this is needed for
-	Java's Kerberos implementation.
-
-2005-05-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/pkinit.c: handle pkinit-9, pkinit-19, and pkinit-25
-	enckey, still no DH
-	
-	* kdc/pkinit.c: handle pkinit-9, pkinit-19, and pkinit-25 enckey,
-	still no DH
-
-	* kdc/kerberos5.c (as_rep): search for pkinit-9, pkinit-19, and
-	pkinit-25 pa-data, return empty pkinit pa-data in the
-	PREAUTH_REQUIRED krb-error
-
-	* doc/ack.texi: add pkinit people
-
-	* lib/krb5/krb5_storage.3: document krb5_storage_is_flags
-
-	* lib/krb5/{krb5_compare_creds.3,krb5_get_init_creds.3,
-	krb5_krbhst_init.3,krb5_storage.3}:
-	make more pretty, from Bj�rn Sandell
-
-2005-05-09  Dave Love  <fx@gnu.org>
-
-	* doc/setup.texi: Fix and clarify password quality check examples.
-	
-2005-05-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/kuserok.c (krb5_kuserok): use POSIX_GETPWNAM_R instead
-	of HAVE_GETPWNAM_R From: Dave Love <d.love@dl.ac.uk>
-
-2005-05-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/addr_families.c (krb5_print_address): catch when the
-	unknown adress don't fit. From Bj�rn Sandell <biorn@dce.chalmers.se>
-
-2005-05-05  Dave Love  <d.love@dl.ac.uk>
-
-	* configure.in: fix type right test, include <termios.h> for
-	sys/strtty.h, not sys/ptyvar.h
-	
-2005-05-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5.conf.5: spelling
-
-2005-05-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5.conf.5: expand on what "trailing component" means
-	
-2005-05-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/rd_cred.c: put address comparison in separate function
-	
-	* lib/krb5/krb5_kuserok.3: check the user's ~/.k5login.d directory
-	for access files, all of which is handled like the regular
-	~/.k5login
-
-	* lib/krb5/kuserok.c: check the user's ~/.k5login.d directory for
-	access files, all of which is handled like the regular ~/.k5login
-	
-2005-05-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/ack.texi: Clearify what version of libdes we are using and
-	who's code in it we are using.
-	
-	* kcm/kcm.8: more text about usage
-	
-	* kcm/Makefile.am: man_MANS += kcm.8
-
-	* kcm/kcm.8: initial manpage
-
-	* configure.in: if we have a $srcdir/lib/asn1/pkcs12.asn1, define
-	PKINIT
-	
-2005-05-02  Dave Love  <fx@gnu.org>
-
-	* configure.in: sys/tty.h (for sys/ptyvar.h) might need termios.h.
-
-2005-05-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* tools/krb5-config.in: add com_err to required libs
-	
-	* lib/krb5/pkinit.c (krb5_ui_method_read_string): use the fill in
-	length
-
-	* lib/krb5/init_creds_pw.c: Now that we fixed the signed-ness of
-	nonce for windows, remove the code that removed the signed
-	bit. Instead add comment that they still need to be the same
-	(Kerberos protocol nonce and pk-init nonce) for Windows.
-	
-2005-05-02  David Love  <fx@gnu.org>
-
-	* lib/krb5/crypto.c: Don't declare des_salt &c as static with
-	incomplete type (invalid in c89, at least).
-	
-2005-05-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5_locl.h: include <crypt.h>
-
-2005-05-02  David Love  <fx@gnu.org>
-
-	* kcm/connect.c (init_socket): rename variable sun to un to avoid
-	namespace collision.
-	(handle_stream): Cast arg of krb5_warnx.
-
-2005-04-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/init_creds_pw.c: if we are using PKINIT, strip of the
-	highest bit to make windows PK-INIT happy. Also make the nonces
-	the same, again for windows, they are using pk-init-9.
-	
-	XXX check if it isn't the that nonce is an unsigned variable so
-	its just a asn1 mismatch.
-
-	* kdc/pkinit.c: pass a NULL prompter data to _krb5_pk_load_openssl_id
-	
-	* kuser/kinit.c: krb5_get_init_creds_opt_set_pkinit
-	
-	* lib/krb5/pkinit.c: Pass prompter data to the prompter function,
-	implement a UI prompter function wrapping the kerberos prompter
-	function so that the the OpenSSL ENGINE can ask for a password
-	when loading the private key. From: Douglas E. Engert
-
-	* lib/krb5: add <err.h> in test programs
-	
-	* configure.in: sys/ptyvar.h might need <sys/tty.h>
-	
-	* lib/krb5/Makefile.am: use LIB_com_err for libkrb5.la
-
-2005-04-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/asn1/Makefile.am: use $(LIB_com_err)
-	
-2005-04-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/context.c (krb5_set_config_files): ignore permission
-	denied on configuration files, user might not be allowed to read
-	/var/heimdal/kdc.conf
-
-2005-04-26  Dave Love  <fx@gnu.org>
-
-	* lib/krb5/krb5_locl.h: define _POSIX_PTHREAD_SEMANTICS so we get
-	posix getpwnam_r
-
-2005-04-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/asn1/gen_glue.c: switch the units variable to a
-	function. gcc-4.1 needs the size of the structure if its defined
-	as extern struct units foo_units[] an we don't want to include
-	<parse_units.h> in the generate headerfile
-
-2005-04-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/hdb.schema: add EQUALITY rule for krb5ValidStart,
-	krb5ValidEnd, krb5PasswordEnd From Howard Chu
-
-2005-04-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/whatis.texi: comment out docbook stuff for now
-	
-	* kuser/klist.c: use strlcpy
-	
-	* doc/ack.texi: we no longer use eay libdes, make acknowledgment
-	still be there, but claim that we no longer use it. Mark editline
-	to be a modified version as required by the license.
-	
-	* lib/krb5/pkinit.c: use the unexported oid_to_enctype function
-	
-	* lib/krb5/crypto.c: unexport the oid_to_enctype function, not for
-	external consumers
-
-	* kdc/Makefile.am: always add kaserver
-	
-	* lib/krb5/krb5_ccache.3: document krb5_cc_new_unique
-
-	* lib/krb5/cache.c (krb5_cc_new_unique): new function to create a
-	new credential cache
-
-	* kdc/headers.h: don't include kerberos 4 headers here
-
-	* kdc/hpropd.c: include kerberos 4 headers here
-
-	* kdc/connect.c: add kaserver support independ of having krb4
-	support
-	
-	* kdc/config.c: add kaserver support unconditionally, make kdc
-	only fail to start when there are no v4 realm configured and
-	krb4/kaserver is turned on
-
-	* kdc/kaserver.c: Use the new Kerberos 4 functions in libkrb5 and
-	so kaserver support is always compiled in (still default disabled)
-	
-	* lib/krb5/v4_glue.c: simplify error handling
-
-	* doc/whatis.texi: add docbook version macro of @sub
-	
-	* doc/heimdal.texi: change the wrapping around the Top node to
-	ifnottex, make html generation work
-
-	* lib/krb5/krb5_krbhst_init.3: spelling, from Bj�rn Sandell
-	<biorn@dce.chalmers.se>
-
-	* lib/krb5/krb5_get_krbhst.3: spelling, from Bj�rn Sandell
-	<biorn@dce.chalmers.se>
-
-	* lib/krb5/krb5_data.3: spelling, from Bj�rn Sandell
-	<biorn@dce.chalmers.se>
-
-	* lib/krb5/krb5_aname_to_localname.3: spelling, from Bj�rn Sandell
-	<biorn@dce.chalmers.se>
-
-	* lib/krb5/krb5_address.3: spelling, from Bj�rn Sandell
-	<biorn@dce.chalmers.se>
-
-2005-04-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/config.c: Use the new Kerberos 4 functions in libkrb5 and so
-	kerberos 4 is always compiled in (still default disabled)
-
-	* kdc/kerberos4.c: Use the new Kerberos 4 functions in libkrb5 and
-	so kerberos 4 is always compiled in (still default disabled)
-
-	* lib/krb5/krb5_locl.h: forward declaration of _krb5_krb_auth_data
-	
-	* lib/krb5/convert_creds.c: Move the kerberos v4 replacement
-	functions to v4_glue.c
-
-	* lib/krb5/v4_glue.c: Implement enough of kerberos 4 protocol to
-	be a KDC, move the v4 bits over here
-	
-	* lib/krb5/krb5-v4compat.h: add more v4 defines
-	
-2005-04-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kpasswd/kpasswdd.c: Support multi-realms databases, requires
-	that all the realms are configured on the KDC in krb5.conf with
-	[libdefaults]default_realm stanzas.
-
-2005-04-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/kerberos5.c: spell succeeded correctly, From Sean Chittenden
-
-	* lib/krb5/addr_families.c: catch two more snprintf problems
-	
-2005-04-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/Makefile.am: this lib include com_err, add -com_err to
-	CHECK_SYMBOLS
-
-	* appl/test/http_client.c: cast ssize_t to unsigned long, fix
-	printf format
-
-2005-04-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/kuserok.c: use asprintf to avoid truncating pathnames
-	
-	* lib/krb5/get_host_realm.c: check return value of snprintf
-	
-	* lib/krb5/test_addr.c: check address truncation
-	
-	* lib/krb5/addr_families.c: check return values from snprintf and
-	clean up semantics of ret_len
-
-	* lib/krb5/krb5_address.3: clarify what ret_len is in
-	krb5_print_address
-
-	* lib/krb5/test_kuserok.c: add --version and --help
-	
-	* lib/krb5/kuserok.c: use getpwnamn_r if it exists
-
-	* lib/krb5/Makefile.am: noinst_PROGRAMS += test_kuserok
-
-	* lib/krb5/test_kuserok.c: test program for krb5_kuserok
-
-2005-04-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/acache.c (acc_resolve): if open_default_ccache failed
-	with ccErrCCacheNotFound try again with create_default_ccache,
-	this fixes the problem where the security server apperenly haven't
-	started yet on Mac OS X
-	
-	* lib/krb5/get_default_principal.c
-	(_krb5_get_default_principal_local): add, for use of functions
-	that in ccache layer to avoid recursive calls.
-	
-	* lib/hdb/hdb-ldap.c: drop <ctype.h>, no longer use any of the is*
-	macros in this file
-
-	* include/make_crypto.c: cast to unsigned char to make sure its
-	not negative when passing it to is* functions
-
-2005-04-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/programming.texi: remove manpage macro, add some more
-	references to manpages
-
-	* doc/heimdal.texi: define manpage macro
-	
-	* doc/setup.texi: document new password policy code
-	
-	* kpasswd/kpasswdd.c: add verifier libraries with
-	kadm5_add_passwd_quality_verifier
-
-	* lib/krb5/krb5_keyblock.3: document krb5_keyblock_init
-	
-2005-04-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/kaserver.c: AUTHENTICATE and AUTHENTICATE_V2 is almost the
-	same, and clients
-	(klog) can deal with that the kaserver returns the same thing for
-	both
-
-	* lib/krb5/keyblock.c: Add krb5_keyblock_init to allocate an fill
-	in a keyblock from key data.
-	
-2005-04-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* configure.in: rk_WIN32_EXPORT for roken
-
-2005-04-10  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* appl/test/gssapi_server.c: print out client principla of
-	delegated credential
-
-2005-04-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/init_creds_pw.c (process_pa_data_to_key): also check
-	for KRB5_PADATA_PK_AS_REP_19, From: Douglas Engert
-
-2005-04-07  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* .cvsignore: ignore more generate files
-	
-2005-04-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/asn1/check-der.c: use size_t, print size_t by casting to
-	unsigned long
-	
-	* lib/krb5/test_crypto.c: print size_t by casting to unsigned long
-	
-	* lib/krb5/acache.c: Argument to create_new_ccache is a principal,
-	not a credential cache name.  Clean up lossage related to this
-	problem.
-
-	* lib/hdb/Makefile.am: CHECK_SYMBOLS += HDBFlags2int
-	
-	* lib/krb5/addr_families.c
-	(krb5_address_prefixlen_boundary,krb5_free_address):
-	use find_atype when we are dealing with a kerberos address type
-
-	* lib/krb5/aes-test.c: size_t vs int + fix printf
-	
-	* lib/krb5/pkinit.c: Since the decode can't make out the diffrence
-	between PA-PK-AS-REP-19 and PA-PK-AS-REQ-Win2k, try harder to
-	verify both cases
-
-2005-04-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* appl/test/uu_client.c: print size_t by casting to unsigned long
-	
-2005-04-01 Johan Danielsson <joda@pdc.kth.se>
-
-	* kdc/kerberos4.c (do_version4): check client and server max_life
-	
-	* kdc/kaserver.c (do_getticket): check client max_life
-	
-2005-03-31  Love  <lha@kth.se>
-
-	* lib/krb5/verify_krb5_conf.c: const poison
-
-	* lib/krb5/test_alname.c: const poison
-
-	* lib/asn1/main.c: const poison
-
-	* lib/krb5/test_addr.c: test parse IPv6 RANGE addresses
-
-	* lib/krb5/addr_families.c: implement mask boundary for IPv6
-
-	* lib/asn1/gen.c: avoid const string warnings steming from
-	writeable-string
-
-2005-03-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/Makefile.am: TESTS += test_addr
-
-	* lib/krb5/test_addr.c: simple test for addresses
-	
-	* lib/krb5/addr_families.c: make RANGE parse prefixlen style
-	addresses too, fix printing of RANGE addresses, add
-	krb5_address_prefixlen_boundary
-
-	* lib/krb5/krb5_keytab.3: stop memory leak in example, expand on
-	wildcards
-
-2005-03-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5_principal.3: spelling, from Tomas Olsson
-
-	* lib/krb5/krb5_warn.3: spelling, from Tomas Olsson
-
-2005-03-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/acache.c: add mutex for global variables, clean up
-	returned error codes, implement storing addresses into the ccapi
-
-	* appl/test/gssapi_server.c: free memory, make error strings match
-	
-	* appl/test/gssapi_server.c: use print_gss_name, print server name
-	too
-
-	* appl/test/gss_common.h (print_gss_name): common code for
-	printing gss name
-
-	* appl/test/gss_common.c (print_gss_name): common code for
-	printing gss name
-
-	* appl/test/http_client.c: Make constent with rest of the gssapi
-	test programs
-
-2005-03-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/keys.c: AES is enabled by default, remove ifdefs
-	
-	* lib/krb5/crypto.c: AES is enabled by default, remove ifdefs
-	
-	* lib/krb5/aes-test.c: use hex encoder from roken AES is enabled
-	by default, remove ifdefs
-
-	* kdc/kerberos5.c: AES is enabled by default, remove ifdefs
-
-2005-03-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/setup.texi: Add some text about modifying the database
-	
-2005-03-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kuser/kinit.c: widen lifetime/renewal warning text field, also
-	make use of unparse_time_approx, no need to be specific to the
-	second when ticket needs to be renewed or their lifetime.
-
-	* doc/heimdal.texi: copyright maintenance, drop eay, use updated
-	UCB license
-
-	* lib/krb5/crypto.c: more static and unsigned issues
-
-	* lib/krb5/crypto.c: fix signedness issues, prompted by report of
-	Magnus Ahltorp
-
-2005-03-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5_keytab.3: more text about how to free returned
-	resources
-
-2005-03-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/pkinit.c: handle the -25 generation path
-
-	* lib/krb5/pkinit.c: use KRB5_PADATA_PK_AS_REQ_19
-	
-	* lib/krb5/pkinit.c: fold in pk-init-25 asn1 changes
-	
-2005-03-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/pkinit.c: use generated oid's
-	
-	* lib/krb5/pkinit.c: use generated oid's
-	
-2005-03-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/pkinit.c: update to the asn1 structures used in -25's
-
-	* lib/krb5/pkinit.c: update to the asn1 structures used in -25's
-
-2005-03-04  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* lib/hdb/hdb-ldap.c: use the newly written hex function from
-	roken and remove the old implementation
-
-2005-03-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* appl/test/http_client.c: allow specifing port to connect to
-
-2005-02-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/Makefile.am: bump version to 21:0:4
-
-	* lib/hdb/Makefile.am: bump version to 8:0:1
-	
-	* lib/asn1/Makefile.am: bump version to 7:0:1
-
-2005-02-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/crypto.c (DES_string_to_key_int): must check for weak
-	keys after doing the DES_cbc_cksum
-
-2005-02-19  Luke Howard  <lukeh@padl.com>
-
-	* lib/krb5/krbhst.c: set KD_CONFIG after calling
-	  config_get_hosts() in kpasswd_get_next()
-	  From: Wynn Wilkes <wynnw@vintela.com>
-
-2005-02-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/db3.c (DB_open): correct the check for O_RDONLY
-	From: Chaskiel M Grundman <cg2v@andrew.cmu.edu>
-
-2005-02-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/crypto.c (krb5_random_to_key): cast size_t to int to
-	make %d work
-
-2005-02-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/keytab.c (krb5_kt_get_entry): tell what enctype the
-	caller requested to provide the user with a glue what the caller
-	was asking for.
-
-2005-02-05  Luke Howard  <lukeh@padl.com>
-
-	* lib/krb5/kcm.c: add _krb5_kcm_is_running, _krb5_kcm_noop
-
-	* kcm/acquire.c: don't leak salt if keyproc called multiple
-	  times
-
-	* kcm/config.c: allow KCM system ccache to be configured from
-	  krb5.conf, in the system_ccache stanza of [kcm]
-
-2005-02-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kcm/protocol.c: use -1 as the invalid pid number
-
-	* kcm/connect.c: support SCM_CREDS (for NetBSD)
-
-	* kcm/Makefile.am: LDADD += LIB_pidfile
-	
-	* kcm/connect.c: make it possible to build on systems without
-	SO_PEERCRED (still doesn't work)
-
-	* kcm/config.c: cast argument to isdigit to unsigned char
-	
-	* lib/krb5/krb5.conf.5: document large_msg_size
-
-	* lib/krb5/context.c (init_context_from_config_file): init
-	large_msg_size to 6000
-
-	* lib/krb5/krb5.h (krb5_context_data): add large_msg_size,
-	threshold where we start to use transport protocols without tiny
-	max data transport sizes.
-
-	* lib/krb5/kcm.h: drop prototypes, they all live in krb5-private.h
-	by now
-
-2005-02-02  Luke Howard  <lukeh@padl.com>
-
-	* configure.in: generate kcm/Makefile
-
-	* Makefile.am: recurse into kcm/ if KCM defined
-
-	* kcm: add KCM daemon
-
-2005-02-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/send_to_kdc.c (send_and_recv_udp): make private again
-
-	* lib/krb5/kcm.c: use AF_UNIX like the rest of the codebase, add
-	some more error strings
-
-2005-02-02  Luke Howard  <lukeh@padl.com>
-
-	* configure.in: add --enable-kcm option for Kerberos
-	  Credentials Manager (KCM)
-
-	* lib/krb5/Makefile.am: add kcm.c
-
-	* lib/krb5/cache.c: use cc_retrieve_cred if present rather
-	  than enumerating ccache
-
-	* lib/krb5/context.c: register KCM cc_ops
-
-	* lib/krb5/get_cred.c: pass all options to cc_retrieve_cred
-
-	* lib/krb5/init_creds_pw.c: add krb5_get_init_creds_keyblock
-
-	* lib/krb5/kcm.[ch]: add initial implementation of KCM
-	  client library
-
-	* lib/krb5/krb5.h: fix cc_retrieve prototype, add KCM cc_ops
-
-	* lib/krb5/send_to_kdc.c: add _krb5_send_and_recv_tcp
-
-	* lib/krb5/store.c: add krb5_store_creds_tag, krb5_ret_creds_tag
-
-2005-01-24  Luke Howard  <lukeh@padl.com>
-
-	* lib/krb5/init_creds_pw.c: allow NULL in_options to be passed
-	  krb5_get_init_creds_password()
-
-	* kdc/kerberos5.c: don't crash when logging no server etype
-	  support if client == NULL
-
-2005-01-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/kstash.c: s/random_key/random_key_flag/, From Dave Love
-	<d.love@dl.ac.uk>
-
-2005-01-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/apps.texi: Texinfo fixes. Text about irix 6.5 using
-	PAM. From: Dave Love <d.love@dl.ac.uk>
-
-2005-01-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/verify_krb5_conf.c: cast argument to isdigit to
-	unsigned char
-
-	* lib/krb5/keytab_keyfile.c: cast argument to toupper to unsigned
-	char
-
-	* lib/asn1/hash.c (hashcaseadd): cast argument to toupper to
-	unsigned char
-
-	* appl/kf/kfd.c (kfd_match_version): cast argument to islower to
-	unsigned char
-
-	* lib/krb5/krb5.3: drop krb5_{checksum,enctype}_is_disabled
-
-	* lib/krb5/krb5_encrypt.3: drop krb5_enctype_is_disabled, more
-	text about krb5_enctype_valid
-
-	* lib/krb5/krb5_create_checksum.3: drop
-	krb5_checksum_is_disabled
-
-	* lib/krb5/crypto.c: drop krb5_{checksum,enctype}_isdisabled
-	
-	* lib/krb5/context.c: krb5_enctype_is_disabled is the same thing
-	as krb5_enctype_valid, so use the later since its older and the
-	api doesn't really need another entry point
-
-	* lib/krb5/rd_req.c: krb5_enctype_is_disabled is the same thing as
-	krb5_enctype_valid, so use the later since its older and the api
-	doesn't really need another entry point
-
-	* kdc/kerberos5.c: krb5_enctype_is_disabled is the same thing as
-	krb5_enctype_valid, so use the later since its older and the api
-	doesn't really need another entry point
-
-2005-01-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kpasswd/kpasswdd.8: document --addresses, controls what
-	addresses kpasswd should listen too
-
-	* kpasswd/kpasswdd.c: add --addresses, controls what addresses
-	kpasswd should listen too
-
-	* lib/krb5/addr_families.c (krb5_parse_address): filter out dup
-	addresses from getaddrinfo
-
-	* kpasswd/kpasswd.1: document -c
-
-	* kpasswd/kpasswd.c: allow specifying a credential cache to use
-	for the admin principal
-
-	* include/bits.c: constify to avoid warning with -Wwrite-string
-	
-	* NEWS: add 0.6.2 and 0.6.3 items
-	
-	* lib/krb5/krb5_keyblock.3: document krb5_generate_subkey_extended
-
-	* lib/krb5/krb5_is_thread_safe.3: document function
-
-	* lib/krb5/Makefile.am (man_MANS) += krb5_is_thread_safe.3
-	
-	* lib/krb5/context.c (krb5_is_thread_safe): return TRUE is the
-	library was compiled with multithreading support. If not,
-	application must global lock the library, it it uses threads that
-	call kerberos functions at the same time.
-	
-2005-01-05  Luke Howard  <lukeh@padl.com>
-
-	* lib/krb5/auth_context.c: use krb5_generate_subkey_extended()
-
-	* lib/krb5/appdefault.c: remove redundant KRB5_LIB_FUNCTION
-
-	* lib/krb5/build_auth.c: support for enctype negotiation
-	  (client sends EtypeList in Authenticator authz data)
-
-	* lib/krb5/context.c: mutex should be destroyed last in
-	  krb5_free_context()
-
-	* lib/krb5/generate_subkey.c: add krb5_generate_subkey_extended(),
-	  set *subkey to NULL if key geneartion fails
-
-	* lib/krb5/krb5.h: add KRB5_KU_PA_SERVER_REFERRAL_DATA
-
-	* lib/krb5/mk_req_ext.c: support ETYPE_ARCFOUR_HMAC_MD5_56
-
-	* lib/krb5/rd_req.c: support for enctype negotiation
-	  (client sends EtypeList in Authenticator authz data)
-
-2005-01-04  Luke Howard  <lukeh@padl.com>
-
-	* lib/asn1/k5.asn1: add authorization data types for enctype
-	negotiation implementation
-
-2005-01-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/changepw.c (change_password_loop): on failing to find a
-	kdc, set result_code to KRB5_KPASSWD_HARDERROR
-	
-2005-01-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/heimdal.texi: Happy New Year
-	
diff --git a/crypto/heimdal/ChangeLog.2006 b/crypto/heimdal/ChangeLog.2006
deleted file mode 100644
index f0e1ce9e966e..000000000000
--- a/crypto/heimdal/ChangeLog.2006
+++ /dev/null
@@ -1,2047 +0,0 @@
-2006-12-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/process.c: Handle kx509 requests.
-
-	* kdc/connect.c: Listen to 9878 if kca is turned on.
-
-	* kdc/headers.h: Include <kx509_asn1.h>.
-
-	* kdc/config.c: code to parse [kdc]enable-kx509
-
-	* kdc/kdc.h: add enable_kx509
-
-	* kdc/Makefile.am: add kx509.c
-
-	* kdc/kx509.c: Kx509server (external certificate genration).
-
-	* lib/krb5/ticket.c: add krb5_ticket_get_endtime
-
-	* lib/krb5/krb5_ticket.3: Document krb5_ticket_get_endtime
-
-	* kdc/digest.c: Remove <digest_asn.h>, its already included in
-	headers.h
-
-	* kdc/digest.c: Return session key for the NTLMv2 case too
-
-	* lib/krb5/digest.c (krb5_ntlm_rep_get_sessionkey): return value
-	is krb5_error_code
-	
-2006-12-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/mk_req_ext.c (_krb5_mk_req_internal): use md5 for
-	des-cbc-md4 and des-cbc-md5.  This is for (older) windows that
-	will be unhappy anything else.  From Inna Bort-Shatsky
-	
-2006-12-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/digest.c: Prefix internal symbol with _kdc_.
-
-	* kdc/kdc.h: add digests_allowed
-
-	* kdc/digest.c: return NTLM2 targetinfo structure.
-
-	* lib/krb5/digest.c: Add krb5_ntlm_init_get_targetinfo.
-
-	* kdc/config.c: Parse digest acl's
-
-	* kdc/kdc_locl.h: forward decl;
-
-	* kdc/digest.c: Add digest acl's
-	
-2006-12-22  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* fix-export: build ntlm-private.h
-	
-2006-12-20  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* include/make_crypto.c: Include <.../hmac.h>.
-
-	* kdc/digest.c: reorder to show slot here ntlmv2 code will be
-	placed.
-
-	* kdc/digest.c: Announce that we support key exchange and add bits
-	to detect when it wasn't used.
-
-	* kdc/digest.c: Add support for generating NTLM2 session security
-	answer.
-	
-2006-12-19  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* lib/krb5/digest.c: Add sessionkey accessor functions.
-	
-2006-12-18  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kdc/digest.c: Unwrap the NTLM session key and return it to the
-	server.
-	
-2006-12-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/store.c (krb5_ret_principal): Fix a bug in the malloc
-	failure part, noticed by Arnaud Lacombe in NetBSD coverity scan.
-	
-2006-12-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/fcache.c (fcc_get_cache_next): avoid const warning.
-
-	* kdc/digest.c: Support NTLM verification, note that the KDC does
-	no NTLM packet parsing, its all done by the client side, the KDC
-	just calculate and verify the digest and return the result to the
-	service.
-
-	* kuser/kdigest.c: add ntlm-server-init
-
-	* kuser/Makefile.am: kdigest depends on libheimntlm.la
-
-	* kdc/headers.h: Include <heimntlm.h>.
-
-	* kdc/Makefile.am: libkdc needs libheimntlm.la
-
-	* autogen.sh: just run autoreconf -i -f
-
-	* lib/Makefile.am: hook in ntlm
-
-	* configure.in (AC_CONFIG_FILES): add lib/ntlm/Makefile
-
-	* lib/krb5/digest.c: API to authenticate ntlm requests.
-
-	* lib/krb5/fcache.c: Support "iteration" of file credential caches
-	by giving the user back the default file credential cache and only
-	that.
-
-	* lib/krb5/krb5_locl.h: Expand the default root for some of the cc
-	type names.
-	
-2006-12-14  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* lib/krb5/init_creds_pw.c (free_paid): free the krb5_data
-	structure too.  Bug report from Stefan Metzmacher.
-	
-2006-12-12  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kuser/kinit.c: Read the appdefault configration before we try to
-	use the flags.  Bug reported by Ingemar Nilsson.
-
-	* kuser/kdigest.c: prefix digest commands with digest_
-
-	* kuser/kdigest-commands.in: prefix digest commands with digest-
-	
-2006-12-10  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kdc/hprop.c: Return error codes on failure, improve error
-	reporting.
-	
-2006-12-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/pkinit.c: sprinkle more _krb5_pk_copy_error
-
-	* lib/krb5/pkinit.c: Copy more hx509 error strings to krb5 error
-	strings
-	
-2006-12-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* include/Makefile.am: CLEANFILES += vis.h
-	
-2006-12-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/kerberos5.c (_kdc_as_rep): add AD-INITAL-VERIFIED-CAS to the
-	encrypted ticket
-
-	* kdc/pkinit.c (_kdc_add_inital_verified_cas): new function, adds
-	an empty (for now) AD_INITIAL_VERIFIED_CAS to tell the clients
-	that we vouches for the CA.
-
-	* kdc/kerberos5.c (_kdc_tkt_add_if_relevant_ad): new function.
-
-	* lib/Makefile.am: Make the directories test automake conditional
-	so automake can include directories in make dist step.
-
-	* kdc/pkinit.c (_kdc_pk_rd_padata): leak less memory for
-	ExternalPrincipalIdentifiers
-
-	* kdc/pkinit.c: Parse and use PA-PK-AS-REQ.trustedCertifiers
-
-	* kdc/pkinit.c: Add comment that the anchors in the signed data
-	really should be the trust anchors of the client.
-
-	* kuser/generate-requests.c: Use strcspn to remove \n from
-	string returned by fgets.  From Bj�rn Sandell
-	
-	* kpasswd/kpasswd-generator.c: Use strcspn to remove \n from
-	string returned by fgets.  From Bj�rn Sandell
-	
-2006-12-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/hdb-ldap.c: Clear errno before calling the strtol
-	functions. From Paul Stoeber to OpenBSD by Ray Lai and Bj�rn
-	Sandell.
-
-	* lib/krb5/config_file.c: Use strcspn to remove \n from fgets
-	result. Prompted by change by Ray Lai of OpenBSD via Bj�rn
-	Sandell.
-
-	* kdc/string2key.c: Use strcspn to remove \n from fgets
-	result. Prompted by change by Ray Lai of OpenBSD via Bj�rn
-	Sandell.
-	
-2006-11-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krbhst.c (plugin_get_hosts): be more paranoid and pass
-	in a NULLed plugin list
-	
-2006-11-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/verify_krb5_conf.c: add more pkinit options.
-
-	* lib/krb5/pkinit.c: Store what PK-INIT type we used to know reply
-	to expect, this avoids overwriting the real PK-INIT error from
-	just a failed requeat with a Windows PK-INIT error (that always
-	failes).
-
-	* kdc/Makefile.am: Add LIB_pkinit to pacify AIX
-
-	* lib/hdb/Makefile.am: Add LIB_com_err to pacify AIX
-	
-2006-11-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/hdb-ldap.c: Make build again from the hdb_entry
-	wrapping. Patch from Andreas Hasenack.
-
-	* kdc/pkinit.c: Need better code in the DH parameter rejection
-	case, add comment to that effect.
-	
-2006-11-27  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kdc/krb5tgs.c: Reply KRB5KRB_ERR_RESPONSE_TOO_BIG for too large
-	packets when using datagram based transports.
-
-	* kdc/process.c: Pass down datagram_reply to _kdc_tgs_rep.
-
-	* lib/krb5/pkinit.c (build_auth_pack): set supportedCMSTypes.
-	
-2006-11-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/pkinit.c: Pass down hx509_peer_info.
-
-	* kdc/pkinit.c (_kdc_pk_rd_padata): Pick up supportedCMSTypes and
-	pass in into hx509_cms_create_signed_1 via hx509_peer_info blob.
-
-	* kdc/pkinit.c (_kdc_pk_rd_padata): Pick up supportedCMSTypes and
-	pass in into hx509_cms_create_signed_1 via hx509_peer_info blob.
-	
-2006-11-24  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* lib/krb5/send_to_kdc.c: Set the large_msg_size to 1400, lets not
-	fragment packets and avoid stupid linklayers that doesn't allow
-	fragmented packets (unix dgram sockets on Mac OS X)
-	
-2006-11-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/pkinit.c (_krb5_pk_create_sign): stuff down the users
-	certs in the pool to make sure a path is returned, without this
-	proxy certificates wont work.
-	
-2006-11-21  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kdc/config.c: Make all pkinit options prefixed with pkinit_
-
-	* lib/krb5/log.c (krb5_get_warn_dest): return warn_dest from
-	krb5_context
-
-	* lib/krb5/krb5_warn.3: document krb5_[gs]et_warn_dest
-
-	* lib/krb5/krb5.h: Drop KRB5_KU_TGS_IMPERSONATE.
-
-	* kdc/krb5tgs.c: Use KRB5_KU_OTHER_CKSUM for the impersonate
-	checksum.
-
-	* lib/krb5/get_cred.c: Use KRB5_KU_OTHER_CKSUM for the impersonate
-	checksum.
-	
-2006-11-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/verify_user.c: Make krb5_get_init_creds_opt_free take a
-	context argument.
-
-	* lib/krb5/krb5_get_init_creds.3: Make
-	krb5_get_init_creds_opt_free take a context argument.
-
-	* lib/krb5/init_creds_pw.c: Make krb5_get_init_creds_opt_free take
-	a context argument.
-
-	* kuser/kinit.c: Make krb5_get_init_creds_opt_free take a context
-	argument.
-
-	* kpasswd/kpasswd.c: Make krb5_get_init_creds_opt_free take a
-	context argument.
-
-	* kpasswd/kpasswd-generator.c: Make krb5_get_init_creds_opt_free
-	take a context argument.
-
-	* kdc/hprop.c: Make krb5_get_init_creds_opt_free take a context
-	argument.
-
-	* lib/krb5/init_creds.c: Make krb5_get_init_creds_opt_free take a
-	context argument.
-
-	* appl/gssmask/gssmask.c: Make krb5_get_init_creds_opt_free take a
-	context argument.
-	
-2006-11-19  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* doc/setup.texi: fix pkinit option (s/-/_/)
-
-	* kdc/config.c: revert the enable-pkinit change, and make it
-	consistant with all other other enable- options
-	
-2006-11-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/setup.texi: Make all pkinit options prefixed with pkinit_
-
-	* kdc/config.c: Make all pkinit options prefixed with pkinit_
-
-	* kdc/pkinit.c: Make app pkinit options prefixed with pkinit_
-
-	* lib/krb5/pkinit.c: Make app pkinit options prefixed with pkinit_
-
-	* lib/krb5/mit_glue.c (krb5_c_keylengths): make compile again.
-
-	* lib/krb5/mit_glue.c (krb5_c_keylengths): rename.
-
-	* lib/krb5/mit_glue.c (krb5_c_keylength): mit changed the api,
-	deal.
-	
-2006-11-13  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* lib/krb5/pac.c (fill_zeros): stop using MIN.
-
-	* kuser/kinit.c: Forward decl
-	
-	* lib/krb5/test_plugin.c: Use NOTHERE.H5L.SE.
-
-	* lib/krb5/krbhst.c: Fill in hints for picky getaddrinfo()s.
-
-	* lib/krb5/test_plugin.c: Set sin_len if it exists.
-
-	* lib/krb5/krbhst.c: Use plugin for the other realm locate types
-	too.
-	
-2006-11-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5_locl.h: Add plugin api
-
-	* lib/krb5/Makefile.am: Add plugin api.
-
-	* lib/krb5/krbhst.c: Use the resolve plugin interface.
-
-	* lib/krb5/locate_plugin.h: Add plugin interface for resolving
-	that is API compatible with MITs version.
-
-	* lib/krb5/plugin.c: Add first version of the plugin interface.
-
-	* lib/krb5/test_pac.c: Test signing.
-
-	* lib/krb5/pac.c: Add code to sign PACs, only arcfour for now.
-
-	* lib/krb5/krb5.h: Add struct krb5_pac.
-	
-2006-11-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/test_pac.c: PAC testing.
-
-	* lib/krb5/pac.c: Sprinkle error strings.
-
-	* lib/krb5/pac.c: Verify LOGON_NAME.
-
-	* kdc/pkinit.c (_kdc_pk_check_client): drop client_princ as an
-	argument
-
-	* kdc/kerberos5.c (_kdc_as_rep): drop client_princ from
-	_kdc_pk_check_client since its not valid in canonicalize case
-
-	* lib/krb5/krb5_c_make_checksum.3: Document krb5_c_keylength.
-
-	* lib/krb5/mit_glue.c: Add krb5_c_keylength.
-	
-2006-11-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/pac.c: Almost enough code to do PAC parsing and
-	verification, missing in the unix2NTTIME and ucs2 corner. The
-	later will be adressed by finally adding libwind.
-
-	* lib/krb5/krb5_init_context.3: document krb5_[gs]et_max_time_skew
-
-	* kdc/hpropd.c: Remove support dumping to a kerberos 4 database.
-	
-2006-11-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/context.c: rename krb5_[gs]et_time_wrap to
-	krb5_[gs]et_max_time_skew
-
-	* kdc/pkinit.c: Catch error string from hx509_cms_verify_signed.
-	Check for id-pKKdcEkuOID and warn if its not there.
-
-	* lib/krb5/rd_req.c: Add more krb5_rd_req_out_get functions.
-
-2006-11-06  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* lib/krb5/krb5.h: krb5_rd_req{,_in,_out}_ctx.
-
-	* lib/krb5/rd_req.c (krb5_rd_req_ctx): Add context all singing-all
-	dancing version of the krb5_rd_req and implement krb5_rd_req and
-	krb5_rd_req_with_keyblock using it.
-
-2006-11-04 Love H�rnquist �strand <lha@it.su.se>
-	
-	* kdc/kerberos5.c (_kdc_as_rep): More verbose time skew logging.
-	
-2006-11-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/expand_hostname.c: Rename various routines and
-	constants from canonize to canonicalize.  From Andrew Bartlett
-
-	* lib/krb5/context.c: Add krb5_[gs]et_time_wrap
-
-	* lib/krb5/krb5_locl.h: Rename various routines and constants from
-	canonize to canonicalize.  From Andrew Bartlett
-
-	* appl/gssmask/common.c (add_list): fix alloc statement.
-	From Alex Deiter
-	
-2006-10-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* include/Makefile.am: Move version.h and version.h.in to
-	DISTCLEANFILES.
-	
-2006-10-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* appl/gssmask/gssmask.c: Only log when there are resources left.
-
-	* appl/gssmask/gssmask.c: make compile
-
-	* appl/gssmask/gssmask.c (AcquireCreds): free
-	krb5_get_init_creds_opt
-	
-2006-10-23  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* configure.in: heimdal 0.8-RC1
-
-2006-10-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/digest.c: Try to not leak memory.
-
-	* kdc/digest.c: Try to not leak memory.
-
-	* Makefile.am: remove valgrind target, it doesn't belong here.
-
-	* kuser/kinit.c: Try to not leak memory.
-
-	* kuser/kgetcred.c: Try to not leak memory.
-
-	* kdc/krb5tgs.c (check_KRB5SignedPath): free KRB5SignedPath on
-	successful completion too, not just the error cases.
-
-	* fix-export: Make make fix-export less verbose.
-
-	* kuser/kgetcred.c: Try to not leak memory.
-
-	* lib/hdb/keys.c (hdb_generate_key_set): free list of enctype when
-	done.
-
-	* lib/krb5/crypto.c: Allocate the memory we later use.
-
-	* lib/krb5/test_princ.c: Try to not leak memory.
-
-	* lib/krb5/test_crypto_wrapping.c: Try to not leak memory.
-
-	* lib/krb5/test_cc.c: Try to not leak memory.
-
-	* lib/krb5/addr_families.c (arange_free): Try to not leak memory.
-
-	* lib/krb5/crypto.c (AES_string_to_key): Try to not leak memory.
-
-2006-10-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* tools/heimdal-build.sh: Add --test-environment
-
-	* tools/heimdal-build.sh: Add --ccache-dir
-
-	* lib/hdb/Makefile.am: remove dependency on et files covert_db
-	that now is removed
-	
-2006-10-20  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* include/Makefile.am: add gssapi to subdirs
-
-	* lib/hdb/hdb-ldap.c: Make compile.
-
-	* configure.in: add include/gssapi/Makefile.
-
-	* include/Makefile.am: clean more files
-
-	* include/make_crypto.c: Avoid creating a file called --version.
-
-	* include/bits.c: Avoid creating a file called --version.
-
-	* appl/test/Makefile.am: add nt_gss_common.h
-
-	* doc/Makefile.am: Disable TEXI2DVI for now.
-
-	* tools/Makefile.am: more files
-
-	* lib/krb5/context.c (krb5_free_context): free send_to_kdc context
-
-	* doc/heimdal.texi: Put Heimdal in the dircategory Security.
-
-	* lib/krb5/send_to_kdc.c: Add sent_to_kdc hook, from Andrew
-	Bartlet.
-
-	* lib/krb5/krb5_locl.h: Add send_to_kdc hook.
-
-	* lib/krb5/krb5.h: Add krb5_send_to_kdc_func prototype.
-
-	* kcm/Makefile.am: more files
-
-	* kdc/Makefile.am: more files
-
-	* lib/hdb/Makefile.am: more files
-
-	* lib/krb5/Makefile.am: add more files
-	
-2006-10-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* tools/Makefile.am: Add heimdal-build.sh to EXTRA_DIST.
-
-	* configure.in: Don't check for timegm, libroken provides it for
-	us.
-
-	* lib/krb5/acache.c: Does function typecasts instead of void *
-	type-casts.
-
-	* lib/krb5/krb5.h: Remove bonus , that Love sneeked in.
-
-	* configure.in: make --disable-pk-init help text also negative
-	
-2006-10-18  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kuser/kgetcred.c: Avoid memory leak.
-
-	* tools/heimdal-build.sh: Add more verbose logging, add version of
-	script and heimdal to the mail.
-
-	* lib/hdb/db3.c: Wrap function call pointer calls in (*func) to
-	avoid macros rewriting open and close.
-
-	* lib/krb5/Makefile.am: Add test_princ.
-
-	* lib/krb5/principal.c: More error strings, handle realm-less
-	printing.
-
-	* lib/krb5/test_princ.c: Test principal parsing and unparsing.
-	
-2006-10-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/get_host_realm.c (krb5_get_host_realm): make sure we
-	don't recurse
-
-	* lib/krb5/get_host_realm.c (krb5_get_host_realm): no components
-	-> no dns. no mapping, try local realm and hope KDC knows better.
-
-	* lib/krb5/krb5.h: Add flags for krb5_unparse_name_flags
-
-	* lib/krb5/krb5_principal.3: Document
-	krb5_unparse_name{_fixed,}_flags.
-
-	* lib/krb5/principal.c: Add krb5_unparse_name_flags and
-	krb5_unparse_name_fixed_flags.
-
-	* lib/krb5/krb5_principal.3: Document krb5_parse_name_flags.
-
-	* lib/krb5/principal.c: Add krb5_parse_name_flags.
-
-	* lib/krb5/principal.c: Add krb5_parse_name_flags.
-
-	* lib/krb5/krb5.h: Add krb5_parse_name_flags flags.
-
-	* lib/krb5/krb5_locl.h: Hide krb5_context_data from public
-	exposure.
-
-	* lib/krb5/krb5.h: Hide krb5_context_data from public exposure.
-
-	* kuser/klist.c: Use krb5_get_kdc_sec_offset.
-
-	* lib/krb5/context.c: Document krb5_get_kdc_sec_offset()
-	
-	* lib/krb5/krb5_init_context.3: Add krb5_get_kdc_sec_offset()
-	
-	* lib/krb5/krb5_init_context.3: Add krb5_set_dns_canonize_hostname
-	and krb5_get_dns_canonize_hostname
-
-	* lib/krb5/verify_krb5_conf.c:
-	add [libdefaults]dns_canonize_hostname
-
-	* lib/krb5/expand_hostname.c: use dns_canonize_hostname to
-	determin if we should talk to dns to find the canonical name of
-	the host.
-
-	* lib/krb5/krb5.h (krb5_context): add dns_canonize_hostname.
-
-	* tools/heimdal-build.sh: Set status.
-
-	* appl/gssmask/gssmask.c: handle more bits
-
-	* kdc/kerberos5.c: Prefix asn1 primitives with der_.
-	
-2006-10-16  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* fix-export: Build lib/asn1/der-protos.h.
-	
-2006-10-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* appl/gssmask/Makefile.am: Add explit depenency on libroken.
-
-	* kdc/krb5tgs.c: Prefix der primitives with der_.
-
-	* kdc/pkinit.c: Prefix der primitives with der_.
-
-	* lib/hdb/ext.c: Prefix der primitives with der_.
-	
-	* lib/hdb/ext.c: Prefix der primitives with der_.
-
-	* lib/krb5/crypto.c: Remove workaround from when there wasn't
-	always aes.
-
-	* lib/krb5/ticket.c: Prefix der primitives with der_.
-	
-	* lib/krb5/digest.c: Prefix der primitives with der_.
-
-	* lib/krb5/crypto.c: Prefix der primitives with der_.
-
-	* lib/krb5/data.c: Prefix der primitives with der_.
-	
-2006-10-12  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kdc/pkinit.c (pk_mk_pa_reply_enckey): add missing break. From
-	Olga Kornievskaia.
-
-	* kdc/kdc.8: document max-kdc-datagram-reply-length
-
-	* include/bits.c: Include Xint64 types.
-	
-2006-10-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* tools/heimdal-build.sh: Add socketwrapper and cputime limit.
-
-	* kdc/connect.c (loop): Log that the kdc have started.
-	
-2006-10-09  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kdc/connect.c (do_request): tell krb5_kdc_process_request if its
-	a datagram reply or not
-
-	* kdc/kerberos5.c: Reply KRB5KRB_ERR_RESPONSE_TOO_BIG error if its
-	a datagram reply and the datagram reply length limit is reached.
-
-	* kdc/process.c: Rename krb5_kdc_process_generic_request to
-	krb5_kdc_process_request Add datagram_reply argument.
-
-	* kdc/config.c: check for [kdc]max-kdc-datagram-reply-length
-
-	* kdc/kdc.h (krb5_kdc_config): Add max_datagram_reply_length.
-
-	* lib/hdb/keytab.c: Change || to |, From metze.
-
-	* lib/hdb/keytab.c: Add back :file to sample format.
-
-	* lib/hdb/keytab.c: Add more HDB_F flags to hdb_fetch. Pointed out
-	by Andrew Bartlet.
-
-	* kdc/krb5tgs.c (tgs_parse_request): set cusec, not csec from
-	auth->cusec.
-	
-2006-10-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* fix-export: dist_-ify libkadm5clnt_la_SOURCES too
-
-	* doc/heimdal.texi: Update (c) years.
-
-	* appl/gssmask/protocol.h: Clarify protocol.
-
-	* kdc/hpropd.c: Adapt to signature change of
-	_krb5_principalname2krb5_principal.
-
-	* kdc/kerberos4.c: Adapt to signature change of
-	_krb5_principalname2krb5_principal.
-
-	* kdc/connect.c (handle_vanilla_tcp): shorten length when we
-	shorten the buffer, this matter im the PK-INIT encKey case where a
-	checksum is done over the whole packet. Reported by Olga
-	Kornievskaia
-	
-2006-10-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* include/Makefile.am: crypto-headers.h is a nodist header
-
-	* lib/krb5/aes-test.c: Make argument to PKCS5_PBKDF2_HMAC_SHA1
-	unsigned char to make OpenSSL happy.
-
-	* appl/kf/Makefile.am: Add man_MANS to EXTRA_DIST
-
-	* kuser/Makefile.am: split build files into dist_ and noinst_
-	SOURCES
-
-	* lib/hdb/Makefile.am: split build files into dist_ and noinst_
-	SOURCES
-
-	* lib/krb5/Makefile.am: split build files into dist_ and noinst_
-	SOURCES
-
-	* kdc/kerberos5.c: Adapt to signature change of
-	_krb5_principalname2krb5_principal.
-	
-2006-10-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krbhst.c (common_init): don't try DNS when there is
-	realm w/o a dot.
-
-	* kdc/524.c: Adapt to signature change of
-	_krb5_principalname2krb5_principal.
-
-	* kdc/krb5tgs.c: Adapt to signature change of
-	_krb5_principalname2krb5_principal.
-
-	* lib/krb5/get_in_tkt.c: Adapt to signature change of
-	_krb5_principalname2krb5_principal.
-
-	* lib/krb5/rd_cred.c: Adapt to signature change of
-	_krb5_principalname2krb5_principal.
-
-	* lib/krb5/rd_req.c: Adapt to signature change of
-	_krb5_principalname2krb5_principal.
-
-	* lib/krb5/asn1_glue.c (_krb5_principalname2krb5_principal): add
-	krb5_context to signature.
-
-	* kdc/524.c (_krb5_principalname2krb5_principal): adapt to
-	signature change
-
-	* lib/hdb/keytab.c (hdb_get_entry): close and destroy the database
-	later, the hdb_entry_ex might still contain links to the database
-	that it expects to use.
-
-	* kdc/digest.c: Make digest argument o MD5_final unsigned char to
-	help OpenSSL.
-
-	* kuser/kdigest.c: Make digest argument o MD5_final unsigned char
-	to help OpenSSL.
-
-	* appl/gssmask/common.h: Maybe include <sys/wait.h>.
-	
-2006-10-05  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* appl/gssmask/common.h: disable ENABLE_PTHREAD_SUPPORT and
-	explain why
-
-	* tools/heimdal-build.sh: Another mail header.
-
-	* tools/heimdal-build.sh: small fixes
-
-	* fix-export: More liberal parsing of AC_INIT
-
-	* tools/heimdal-build.sh: first cut
-	
-2006-10-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* configure.in: Call AB_INIT.
-
-	* kuser/kinit.c: Add flag --pk-use-enckey.
-
-	* kdc/pkinit.c: Sign the request in the encKey case.  Bug reported
-	by Olga Kornievskaia of Umich.
-
-	* lib/krb5/Makefile.am: man_MANS += krb5_digest.3
-
-	* lib/krb5/krb5_digest.3: Add all protos
-	
-2006-10-03  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* lib/krb5/krb5_digest.3: Basic krb5_digest manpage.
-	
-2006-10-02  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* fix-export: build gssapi mech private files
-	
-	* lib/krb5/init_creds_pw.c: minimize layering and remove
-	krb5_kdc_flags
-
-	* lib/krb5/get_in_tkt.c: Always use the kdc_flags in the right bit
-	order.
-
-	* lib/krb5/init_creds_pw.c: Always use the kdc_flags in the right
-	bit order.
-
-	* kuser/kdigest.c: Don't require --kerberos-realm.
-
-	* lib/krb5/digest.c (digest_request): if NULL is passed in as
-	realm, use default realm.
-
-	* fix-export: build gssapi mech private files
-	
-2006-09-26  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* appl/gssmask/gssmaestro.c: Handle FIRST_CALL in the context
-	building, better error handling.
-
-	* appl/gssmask/gssmaestro.c: switch from wrap/unwrap to
-	encrypt/decrypt
-	
-	* appl/gssmask/gssmask.c: Don't announce spn if there is none.
-
-	* appl/gssmask/gssmaestro.c: Check that the pre-wrapped data is
-	the same as afterward.
-	
-2006-09-25  Love H�rnquist �strand <lha@it.su.se>
-	
-	* appl/gssmask/gssmaestro.c: Remove stray GSS_C_DCE_STYLE.
-
-	* appl/gssmask/gssmaestro.c: Add logsocket support.
-	
-2006-09-22  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* appl/gssmask/gssmaestro.c (build_context): print the step the
-	context exchange.
-	
-2006-09-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* appl/gssmask/gssmaestro.c: Add GSS_C_INTEG_FLAG|GSS_C_CONF_FLAG
-	to all context flags
-	
-	* appl/gssmask/gssmaestro.c: Add wrap and mic tests for all
-	elements
-
-	* appl/gssmask/gssmask.c: Add mic tests
-
-	* appl/gssmask/gssmaestro.c: dont exit early then when context
-	is half built.
-	
-	* lib/krb5/rd_req.c: disable ETypeList parsing usage for now, cfx
-	seems broken and its not good to upgrade to a broken enctype.
-	
-2006-09-20  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* appl/gssmask/gssmask.c: Add wrap/unwrap ops
-
-	* appl/gssmask/protocol.h: Add eGetVersionAndCapabilities flags
-
-	* appl/gssmask/common.c: Add permutate_all (and support
-	functions).
-
-	* appl/gssmask/common.h: Add permutate_all
-
-	* appl/gssmask/gssmask.c: use new flags, return moniker
-
-	* appl/gssmask/gssmaestro.c: test self context building and all
-	permutation of clients
-	
-2006-09-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* appl/gssmask/gssmask.c: add --logfile option, use htons() on
-	port number
-
-	* appl/gssmask/gssmaestro.c: Log port in connection message.
-
-	* configure.in: Make pk-init turned on by default.
-	
-2006-09-18  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* fix-export: Build lib/hx509/{hx509-protos.h,hx509-private.h}.
-
-	* kuser/Makefile.am: Add tool for printing tickets.
-
-	* kuser/kimpersonate.1: Add tool for printing tickets.
-	
-	* kuser/kimpersonate.c: Add tool for printing tickets.
-
-	* kdc/krb5tgs.c: Check the adtkt in the constrained delegation
-	case too.
-	
-2006-09-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/main.c (sigterm): don't _exit, let loop() catch the signal
-	instead.
-
-	* lib/krb5/krb5_timeofday.3: Fixes from Bj�rn Sandell.
-
-	* lib/krb5/krb5_get_init_creds.3: Fixes from Bj�rn Sandell.
-	
-2006-09-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* tools/krb5-config.in: Add "kafs" option.
-	
-2006-09-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/db.c: By using full function calling conversion (*func)
-	we avoid problem when close(fd) is overridden using a macro.
-
-	* lib/krb5/cache.c: By using full function calling
-	conversion (*func) we avoid problem when close(fd) is overridden
-	using a macro.
-	
-2006-09-11  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kdc/kerberos5.c: Signing outgoing tickets.
-
-	* kdc/krb5tgs.c: Add signing and checking of tickets to s4u2self
-	works securely.
-
-	* lib/krb5/pkinit.c: Adapt to new signature of
-	hx509_cms_unenvelope.
-	
-2006-09-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/pkinit.c (pk_verify_host): set errorstrings in a
-	sensable way
-	
-2006-09-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5_init_context.3: Prevent a font generation warning,
-	from Jason McIntyre.
-	
-2006-09-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/context.c (krb5_init_ets): Add the hx errortable
-
-	* lib/krb5/krb5_locl.h: Include hx509_err.h.
-
-	* lib/krb5/pkinit.c (_krb5_pk_verify_sign): catch the error string
-	from the hx509 lib
-	
-2006-09-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_default_flags):
-	fix argument to krb5_get_init_creds_opt_set_addressless.
-
-	* lib/krb5/init_creds_pw.c (init_cred_loop): try to catch the
-	error when we actually have an error to catch.
-
-	* lib/krb5/init_creds_pw.c: Remove debug printfs.
-
-	* kuser/kinit.c: Remove debug printf
-
-	* lib/krb5/krb5_get_init_creds.3: Document
-	krb5_get_init_creds_opt_set_addressless.
-
-	* kuser/kinit.c: Use new function
-	krb5_get_init_creds_opt_set_addressless.
-
-	* lib/krb5/krb5_locl.h: use new addressless, convert pa-pac option
-	to use the same tri-state option as the new addressless option.
-
-	* lib/krb5/init_creds_pw.c: use new addressless, convert pa-pac
-	option to use the same tri-state option as the new addressless
-	option.
-
-	* lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_addressless):
-	used to control the address-lessness of the initial tickets
-	instead of passing in the empty set of address into
-	krb5_get_init_creds_opt_set_addresses.
-	
-2006-09-01  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kuser/kinit.c (renew_validate): inherit the proxiable and
-	forwardable from the orignal ticket, pointed out by Bernard
-	Antoine of CERN.
-	
-	* doc/setup.texi: More text about the acl_file entry and
-	hdb-ldap-structural-object.  From R�diger Ranft.
-
-	* lib/krb5/krbhst.c (fallback_get_hosts): limit the fallback
-	lookups to 5.  Patch from Wesley Craig, umich.edu
-
-	* configure.in: Add special tests for <sys/ucred.h>, include test
-	for sys/param.h and sys/types.h
-
-	* appl/test/tcp_server.c (proto): use keytab for krb5_recvauth
-	Patch from Ingemar Nilsson <init@pdc.kth.se>
-	
-2006-08-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kuser/kdigest.c (help): use sl_slc_help().
-
-	* kdc/digest.c: Catch more error, add SASL DIGEST MD5.
-
-	* lib/krb5/digest.c: Catch more error.
-
-2006-08-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/setup.texi: language.
-
-	* doc/heimdal.texi: Add last updated text.
-	
-	* doc/heimdal.css: make box around heimdal title
-	
-	* doc/heimdal.css: Inital Heimdal css for the info manual
-	
-	* lib/krb5/digest.c: In the case where we get a DigestError back,
-	save the error string and code.
-	
-2006-08-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/kerberos5.c: Remove _kdc_find_etype(), its no longer used.
-
-	* kdc/digest.c: Remove local error label and have just one exit
-	label, set error strings properly.
-
-	* kdc/digest.c: Simply the disabled-service case.  Check the
-	allow-digest flag in the HDB entry for the client.
-
-	* kdc/process.c (krb5_kdc_process_generic_request): check if we
-	got a digest request and process it.
-
-	* kdc/main.c: Register hdb keytab operations.
-
-	* kdc/kdc.8: document [kdc]enable-digest=boolean
-
-	* kdc/Makefile.am: add digest to libkdc
-
-	* kdc/digest.c: Make a return a goto to avoid freeing un-inited
-	memory in cleanup code.
-
-	* kdc/default_config.c (krb5_kdc_default_config): default to all
-	bits set to zero.
-
-	* kdc/kdc.h (krb5_kdc_configuration): Add enable_digest
-
-	* kdc/headers.h: Include <digest_asn1.h>.
-
-	* lib/krb5/context.c (krb5_kerberos_enctypes): new function,
-	returns the list of Kerberos encryption types sorted in order of
-	most preferred to least preferred encryption type.
-
-	* kdc/misc.c (_kdc_get_preferred_key): new function, Use the order
-	list of preferred encryption types and sort the available keys and
-	return the most preferred key.
-
-	* kdc/krb5tgs.c: Adapt to the new sigature of _kdc_find_keys().
-
-	* kdc/kerberos5.c: Handle session key etype separately from the
-	tgt etype, now the krbtgt can be a aes-only key without the need
-	to support not-as-good etypes for the krbtgt.
-	
-2006-08-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/misc.c: Change _kdc_db_fetch() to return the database
-	pointer to if needed by the consumer.
-
-	* kdc/krb5tgs.c: Change _kdc_db_fetch() to return the database
-	pointer to if needed by the consumer.
-
-	* kdc/kerberos5.c: Change _kdc_db_fetch() to return the database
-	pointer to if needed by the consumer.
-	
-	* kdc/kerberos4.c: Change _kdc_db_fetch() to return the database
-	pointer to if needed by the consumer.
-	
-	* kdc/kaserver.c: Change _kdc_db_fetch() to return the database
-	pointer to if needed by the consumer.
-
-	* kdc/524.c: Change _kdc_db_fetch() to return the database pointer
-	to if needed by the consumer.
-
-	* kuser/kdigest-commands.in: Add --kerberos-realm, add client
-	request command.
-
-	* lib/krb5/Makefile.am: digest.c
-	
-	* lib/krb5/krb5.h: Add digest glue.
-
-	* lib/krb5/digest.c (krb5_digest_set_authentication_user): use
-	krb5_principal
-	
-	* lib/krb5/digest.c: Add digest support to the client side.
-	
-2006-08-21  Love H�rnquist �strand  <lha@it.kth.se>
-
-	* lib/krb5/rd_rep.c (krb5_rd_rep): free krb5_ap_rep_enc_part on
-	error and set return pointer to NULL
-	(krb5_free_ap_rep_enc_part): permit freeing of NULL
-	
-2006-08-18  Love H�rnquist �strand  <lha@it.kth.se>
-
-	* kdc/{Makefile.am,kdigest.c,kdigest-commands.in}:
-	Frontend for remote digest service in KDC
-
-	* lib/krb5/krb5_storage.3: Document krb5_{ret,store}_stringnl
-	functions.
-
-	* lib/krb5/store.c: Add krb5_{ret,store}_stringnl functions,
-	stores/retrieves a \n terminated string.
-
-	* lib/krb5/krb5_locl.h: Default to address-less tickets.
-
-	* lib/krb5/init_creds.c (krb5_get_init_creds_opt_get_error): clear
-	error string on error.
-	
-2006-07-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/crypto.c: remove aes-192 (CMS)
-
-	* lib/krb5/crypto.c: Remove more CMS bits.
-	
-	* lib/krb5/crypto.c: Remove CMS symmetric encryption support.
-	
-2006-07-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/pkinit.c (_kdc_pk_check_client): make it not crash when
-	there are no acl
-
-	* kdc/pkinit.c (_kdc_pk_check_client): use the acl in the kerberos
-	database
-
-	* lib/hdb/hdb.asn1: Rename HDB-Ext-PKINIT-certificate to
-	HDB-Ext-PKINIT-hash.  Add trust anchor to HDB-Ext-PKINIT-acl.
-
-	* lib/hdb/Makefile.am: rename asn1_HDB_Ext_PKINIT_certificate to
-	asn1_HDB_Ext_PKINIT_hash
-
-	* lib/hdb/ext.c: Add hdb_entry_get_pkinit_hash().
-	
-2006-07-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kuser/kinit.c: If --password-file gets STDIN, read the password
-	from the standard input.
-
-	* kuser/kinit.1: Document --password-file=STDIN.
-
-	* lib/krb5/krb5_string_to_key.3: Remove duplicate to.
-	
-2006-07-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/krb5tgs.c: (tgs_build_reply): when checking for removed
-	principals, check the second component of the krbtgt, otherwise
-	cross realm wont work.  Prompted by report from Mattias Amnefelt.
-
-2006-07-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/connect.c (handle_vanilla_tcp): use unsigned integer for for
-	length
-	(handle_tcp): if the high bit it set in the unknown case, send
-	back a KRB_ERR_FIELD_TOOLONG
-	
-2006-07-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* appl/gssmask/gssmaestro.c: Add get_version_capa, cache
-	target_name.
-
-	* appl/gssmask/gssmask.c: use utname() to find the local hostname
-	and version of operatingsystem
-
-	* appl/gssmask/common.h: include <sys/utsname.h>
-
-	* appl/gssmask/gssmask.c: break out creation of a client and make
-	handleServer pthread_create compatible
-
-	* appl/gssmask/gssmaestro.c: break out out the build context
-	function
-	
-2006-07-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* appl/gssmask/gssmaestro.c: externalize slave handling, add
-	GetTargetName glue
-
-	* appl/gssmask/gssmaestro.c: externalize principal/password handling
-
-	* lib/krb5/principal.c (krb5_parse_name): set *principal to NULL
-	the first thing we do, so that on failure its set to a known value
-
-	* appl/gssmask/gssmask.c: AcquireCreds: set principal to NULL to
-	avoid memory corruption GetTargetName: always send a string, even
-	though we don't have a targetname
-
-	* appl/gssmask: break out common function; add gssmaestro (that
-	only tests one context for now)
-
-2006-06-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/store_fd.c (krb5_storage_from_fd): don't leak fd on
-	malloc failure
-
-	* appl/gssmask/gssmask.c: split out fetching of credentials for
-	easier reuse for pk-init testing
-
-	* appl/gssmask: maggot replacement, handles context testing
-
-	* lib/krb5/cache.c (krb5_cc_new_unique): use KRB5_DEFAULT_CCNAME
-	as the default prefix
-	
-2006-06-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/heimdal.texi: Add Doug Rabson's license
-	
-2006-06-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/init_creds.c: Add storing and getting KRB-ERROR in the
-	krb5_get_init_creds_opt structure.
-
-	* lib/krb5/init_creds_pw.c: Save KRB-ERROR on error.
-
-	* lib/krb5/krb5_locl.h (_krb5_get_init_creds_opt_private): add
-	KRB-ERROR
-	
-2006-06-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/setup.texi: section about verify_krb5_conf and kadmin check
-	
-2006-06-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/init_creds_pw.c (get_init_creds_common): drop cred
-	argument, its unused
-
-	* lib/krb5/Makefile.am: install krb5_get_creds.3
-	
-	* lib/krb5/krb5_get_creds.3: new file
-	
-2006-06-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/hdb-ldap.c: don't use the sambaNTPassword if there is
-	ARCFOUR key already.  Idea from Andreas Hasenack.  While here, set
-	pw change time using sambaPwdLastSet
-
-	* kdc/kerberos4.c: Use enable_v4_per_principal and check the new
-	hdb flag.
-
-	* kdc/kdc.h: Add enable_v4_per_principal
-	
-2006-06-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/kerberos5.c (_kdc_as_rep): if kdc_time +
-	config->kdc_warn_pwexpire is past pw_end, add expiration
-	message. From Bernard Antoine.
-	
-	* kdc/default_config.c (krb5_kdc_default_config): set
-	kdc_warn_pwexpire to 0
-
-	* kdc/kerberos5.c: indent.
-	
-2006-06-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/kerberos5.c: constify
-	
-2006-06-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/get_cred.c: Allow setting additional tickets in the
-	tgs-req
-
-	* kuser/kgetcred.c: add --delegation-credential-cache
-
-	* kdc/krb5tgs.c (tgs_build_reply): add constrained delegation.
-
-	* kdc/krb5tgs.c: Add impersonation.
-
-	* kuser/kgetcred.c: use new krb5_get_creds interface, add
-	impersonation.
-
-	* lib/krb5/get_cred.c (krb5_get_creds): add
-	KRB5_GC_NO_TRANSIT_CHECK
-
-	* lib/krb5/misc.c: Add impersonate support functions.
-
-	* lib/krb5/get_cred.c: Add impersonate and new krb5_get_creds interface.
-
-	* lib/hdb/hdb.asn1 (HDBFlags): add trusted-for-delegation
-
-	* lib/krb5/krb5.h: Add krb5_get_creds_opt_data and some more
-	KRB5_GC flags.
-	
-2006-06-01  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* lib/hdb/ext.c (hdb_entry_get_ConstrainedDelegACL): new function.
-
-	* lib/krb5/pkinit.c: Avoid more shadowing.
-
-	* kdc/connect.c (do_request): clean reply with krb5_data_zero
-
-	* kdc/krb5tgs.c: Split up the reverse cross krbtgt check and local
-	clien must exists test.
-
-	* kdc/krb5tgs.c: Plug old memory leaks, unify all goto's.
-
-	* kdc/krb5tgs.c: Split tgs_rep2 into tgs_parse_request and
-	tgs_build_reply.
-
-	* kdc/kerberos5.c: split out krb5 tgs req to make it easier to
- 	reorganize the code.
-	
-2006-05-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5_get_init_creds.3: spelling Bj�rn Sandell
-
-	* lib/krb5/krb5_get_in_cred.3: spelling Bj�rn Sandell
-	
-2006-05-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kpasswd/kpasswdd.c (change): select the realm based on the
-	target principal From Gabor Gombas
-
-	* lib/krb5/krb5_get_init_creds.3: Add KRB5_PROMPT_TYPE_INFO
-	
-	* lib/krb5/krb5.h: Add KRB5_PROMPT_TYPE_INFO
-	
-2006-05-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/pkinit.c: Hidden field of hx509 prompter is removed.
-	Fix a warning.
-
-	* doc/setup.texi: Point to more examples, hint that you have to
-	use openssl 0.9.8a or later.
-
-	* doc/setup.texi: DIR now handles both PEM and DER.
-
-	* kuser/kinit.c: Pass down prompter and password to
-	krb5_get_init_creds_opt_set_pkinit.
-
-	* lib/krb5/pkinit.c (_krb5_pk_load_id): only use password if its
-	longer then 0
-	
-	* doc/ack.texi: Add Jason McIntyre.
-	
-	* lib/krb5/krb5_acl_match_file.3: Various tweaks, from Jason
-	McIntyre.
-	
-2006-05-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kuser/kinit.c: Move parsing of the PK-INIT configuration file to
-	the library so application doesn't need to deal with it.
-
-	* lib/krb5/pkinit.c (krb5_get_init_creds_opt_set_pkinit): move
-	parsing of the configuration file to the library so application
-	doesn't need to deal with it.
-
-	* lib/krb5/pkinit.c (_krb5_pk_load_id): pass the hx509_lock to
-	when trying to read the user certificate.
-
-	* lib/krb5/pkinit.c (hx_pass_prompter): return 0 on success and 1
-	on failure. Pointed out by Douglas E. Engert.
-	
-2006-05-08  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* lib/krb5/crypto.c: Catches both keyed checkout w/o crypto
-	context cases and doesn't reset the string, and corrects the
-	grammar.
-
-	* lib/krb5/crypto.c: Drop aes-cbc, rc2 and CMS padding support,
-	its all containted in libhcrypto and libhx509 now.
-	
-2006-05-07  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* lib/krb5/pkinit.c (_krb5_pk_verify_sign): Use
-	hx509_get_one_cert.
-
-	* lib/krb5/crypto.c (create_checksum): provide a error message
-	that a key checksum needs a key.  From Andew Bartlett.
-	
-2006-05-06  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* lib/krb5/pkinit.c: Now that hcrypto supports DH, remove check
-	for hx509 null DH.
-
-	* kdc/pkinit.c: Don't call DH_check_pubkey, it doesn't exists in
-	older OpenSSL.
-
-	* doc/heimdal.texi: Add blob about imath.
-
-	* doc/ack.texi: Add blob about imath.
-
-	* include/make_crypto.c: Move up evp.h to please OpenSSL, from
-	Douglas E. Engert.
-
-	* kcm/acl.c: Multicache kcm interation isn't done yet, let wait
-	with this enum.
-	
-2006-05-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5_set_default_realm.3: Spelling/mdoc from Bj�rn
-	Sandell
-
-	* lib/krb5/krb5_rcache.3: Spelling/mdoc from Bj�rn Sandell
-
-	* lib/krb5/krb5_keytab.3: Spelling/mdoc from Bj�rn Sandell
-
-	* lib/krb5/krb5_get_in_cred.3: Spelling/mdoc from Bj�rn Sandell
-
-	* lib/krb5/krb5_expand_hostname.3: Spelling/mdoc from Bj�rn
-	Sandell
-
-	* lib/krb5/krb5_c_make_checksum.3: Spelling/mdoc from Bj�rn
-	Sandell
-
-	* lib/krb5/keytab_file.c (fkt_next_entry_int): read the 32 bit
-	kvno if the reset of the data is longer then 4 bytes in hope to be
-	forward compatible. Pointed out by Michael B Allen.
-
-	* doc/programming.texi: Add fileformats.
-
-	* appl/test: Rename u_intXX_t to uintXX_t
-
-	* kuser: Rename u_intXX_t to uintXX_t
-
-	* kdc: Rename u_intXX_t to uintXX_t
-
-	* lib/hdb: Rename u_intXX_t to uintXX_t
-	
-	* lib/45]: Rename u_intXX_t to uintXX_t
-
-	* lib/krb5: Rename u_intXX_t to uintXX_t
-
-	* lib/krb5/Makefile.am: Add test_store to TESTS
-
-	* lib/krb5/pkinit.c: Catch using hx509 null DH and print a more
-	useful error message.
-
-	* lib/krb5/store.c: Rewrite the krb5_ret_u as proposed by Johan.
-	
-2006-05-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/kerberos4.c: Use the new unsigned integer storage types.
-
-	* kdc/kaserver.c: Use the new unsigned integer storage
-	types. Sprinkle some error handling.
-
-	* lib/krb5/krb5_storage.3: Document ret and store function for the
-	unsigned fixed size integer types.
-
-	* lib/krb5/v4_glue.c: Use the new unsigned integer storage
-	types. Fail that the address doesn't match, not the reverse.
-
-	* lib/krb5/store.c: Add ret and store function for the unsigned
-	fixed size integer types.
-
-	* lib/krb5/test_store.c: Test the integer storage types.
-	
-2006-05-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/store.c (krb5_store_principal): make it take a
-	krb5_const_principal, indent
-
-	* lib/krb5/krb5_storage.3: krb5_store_principal takes a
-	krb5_const_principal
-
-	* lib/krb5/pkinit.c: Deal with that hx509_prompt.reply is no
-	longer a pointer.
-
-	* kdc/kdc.h (krb5_kdc_configuration): add pkinit_kdc_ocsp_file
-
-	* kdc/config.c: read [kdc]pki-kdc-ocsp
-	
-2006-05-02  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kdc/pkinit.c (_kdc_pk_mk_pa_reply): send back ocsp response if
-	it seems to be valid, simplfy the pkinit-windows DH case (it
-	doesn't exists).
-	
-2006-05-01  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* lib/krb5/krb5_warn.3: Spelling/mdoc changes, from Bj�rn Sandell.
-
-	* lib/krb5/krb5_verify_user.3: Spelling/mdoc changes, from Bj�rn
-	Sandell.
-
-	* lib/krb5/krb5_verify_init_creds.3: Spelling/mdoc changes, from
-	Bj�rn Sandell.
-
-	* lib/krb5/krb5_timeofday.3: Spelling/mdoc changes, from Bj�rn
-	Sandell.
-
-	* lib/krb5/krb5_ticket.3: Spelling/mdoc changes, from Bj�rn
-	Sandell.
-
-	* lib/krb5/krb5_rd_safe.3: Spelling/mdoc changes, from Bj�rn
-	Sandell.
-
-	* lib/krb5/krb5_rcache.3: Spelling/mdoc changes, from Bj�rn
-	Sandell.
-
-	* lib/krb5/krb5_principal.3: Spelling/mdoc changes, from Bj�rn
-	Sandell.
-
-	* lib/krb5/krb5_parse_name.3: Spelling/mdoc changes, from Bj�rn
-	Sandell.
-
-	* lib/krb5/krb5_mk_safe.3: Spelling/mdoc changes, from Bj�rn
-	Sandell.
-
-	* lib/krb5/krb5_keyblock.3: Spelling/mdoc changes, from Bj�rn
-	Sandell.
-
-	* lib/krb5/krb5_is_thread_safe.3: Spelling/mdoc changes, from
-	Bj�rn Sandell.
-
-	* lib/krb5/krb5_generate_random_block.3: Spelling/mdoc changes,
-	from Bj�rn Sandell.
-
-	* lib/krb5/krb5_generate_random_block.3: Spelling/mdoc changes,
-	from Bj�rn Sandell.
-
-	* lib/krb5/krb5_expand_hostname.3: Spelling/mdoc changes, from
-	Bj�rn Sandell.
-
-	* lib/krb5/krb5_check_transited.3: Spelling/mdoc changes, from
-	Bj�rn Sandell.
-
-	* lib/krb5/krb5_c_make_checksum.3: Spelling/mdoc changes, from
-	Bj�rn Sandell.
-
-	* lib/krb5/krb5_address.3: Spelling/mdoc changes, from
-	Bj�rn Sandell.
-
-	* lib/krb5/krb5_acl_match_file.3: Spelling/mdoc changes, from
-	Bj�rn Sandell.
-
-	* lib/krb5/krb5.3: Spelling, from Bj�rn Sandell.
-	
-	* doc/ack.texi: add Bj�rn
-
-2006-04-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/pkinit.c (cert2epi): don't include subject if its null
-	
-2006-04-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/pkinit.c: Send over what trust anchors the client have
-	configured.
-
-	* lib/krb5/pkinit.c (pk_verify_host): set better error string,
-	only check kdc name/address when we got a hostname/address passed
-	in the the function.
-
-	* kdc/pkinit.c (_kdc_pk_check_client): reorganize and make log
-	when a SAN matches.
-	
-2006-04-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/setup.texi: More options and some text about windows
-	clients, certificate and KDCs.
-
-	* doc/setup.texi: notice about pki-mappings file space sensitive
-
-	* doc/setup.texi: Example pki-mapping file.
-
-	* lib/krb5/pkinit.c (pk_verify_host): verify hostname/address
-
-	* lib/hdb/hdb.h: Bump hdb interface version to 4.
-	
-2006-04-27  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kuser/kdestroy.1: Document --credential=principal.
-
-	* kdc/kerberos5.c (tgs_rep2): check that the client exists in the
-	kerberos database if its local request.
-
-	* kdc/{misc.c,524.c,kaserver.c,kerberos5.c}: pass down HDB_F_GET_
-	flags as appropriate
-
-	* kdc/kerberos4.c (_kdc_db_fetch4): pass down flags though
-	krb5_425_conv_principal_ext2
-
-	* kdc/misc.c (_kdc_db_fetch): Break out the that we request from
-	principal from the entry and pass it in as a seprate argument.
-
-	* lib/hdb/keytab.c (hdb_get_entry): Break out the that we request
-	from principal from the entry and pass it in as a seprate
-	argument.
-
-	* lib/hdb/common.c: Break out the that we request from principal
-	from the entry and pass it in as a seprate argument.
-
-	* lib/hdb/hdb.h: Break out the that we request from principal from
-	the entry and pass it in as a seprate argument. Add more flags to
-	->hdb_get(). Re-indent.
-	
-2006-04-26  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* doc/setup.texi: document pki-allow-proxy-certificate
-
-	* kdc/pkinit.c: Add option [kdc]pki-allow-proxy-certificate=bool
-	to allow using proxy certificate.
-
-	* lib/krb5/pkinit.c (_krb5_pk_allow_proxy_certificates): expose
-	hx509_verify_set_proxy_certificate
-
-	* kdc/pkinit.c (_kdc_pk_check_client): Use
-	hx509_cert_get_base_subject to get subject name of the
-	certificate, needed for proxy certificates.
-
-	* kdc/kerberos5.c: Now that find_keys speaks for it self, remove
-	extra logging.
-
-	* kdc/kerberos5.c (find_keys): add client_name and server_name
-	argument and use them, and adapt callers.
-	
-2006-04-25  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kuser/kinit.1: document option password-file
-
-	* kuser/kinit.c: Add option password-file, read password from the
-	first line of a file.
-
-	* configure.in: make tests/kdc/Makefile
-
-	* kdc/kerberos5.c: Catch the case where the client sends no
-	encryption types or no pa-types.
-
-	* lib/hdb/ext.c (hdb_replace_extension): set error message on
-	failure, not success.
-
-	* lib/hdb/keys.c (parse_key_set): handle error case better
-	(hdb_generate_key_set): return better error
-	
-2006-04-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/hdb.c (hdb_create): print out what we don't support
-
-	* lib/krb5/principal.c: Remove a double free introduced in 1.93
-
-	* lib/krb5/log.c (log_file): reset pointer to freed memory
-
-	* lib/krb5/keytab_keyfile.c (get_cell_and_realm): reset d->cell to
-	make sure its not refereced
-
-	* tools/krb5-config.in: libhcrypto might depend on libasn1, switch
-	order
-
-	* lib/krb5/recvauth.c: indent
-
-	* doc/heimdal.texi: Add Setting up PK-INIT to Detailed Node
-	Listing.
-
-	* lib/krb5/pkinit.c: Pass down realm to pk_verify_host so the
-	function can verify the certificate is from the right realm.
-
-	* lib/krb5/init_creds_pw.c: Pass down realm to
-	_krb5_pk_rd_pa_reply
-	
-2006-04-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/pkinit.c (pk_verify_host): Add begining of finding
-	subjectAltName_otherName pk-init-san and verifing it.
-
-	* lib/krb5/sendauth.c: reindent
-
-	* doc/Makefile.am: use --no-split to make one large file, mostly
-	for html
-
-	* doc/setup.texi: "document" pkinit_require_eku and
-	pkinit_require_krbtgt_otherName
-
-	* lib/krb5/pkinit.c: Add pkinit_require_eku and
-	pkinit_require_krbtgt_otherName
-
-	* doc/setup.texi: Add text about pk-init
-
-	* tools/kdc-log-analyze.pl: count v5 cross realms too
-	
-2006-04-22  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kdc/pkinit.c: Adapt to change in hx509_cms_create_signed_1.
-
-	* lib/krb5/pkinit.c: Adapt to change in hx509_cms_create_signed_1.
-	
-2006-04-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/pkinit.c (_kdc_pk_rd_padata): use
-	hx509_cms_unwrap_ContentInfo.
-
-	* kdc/config.c: unbreak
-
-	* lib/krb5/pkinit.c: Handle diffrences between libhcrypto and
-	libcrypto.
-
-	* kdc/config.c: Rename pki-chain to pki-pool to match rest of
-	code.
-	
-2006-04-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/rd_priv.c: Fix argument to krb5_data_zero.
-
-	* kdc/config.c: Added certificate revoke information from
-	configuration file.
-	
-	* kdc/pkinit.c: Added certificate revoke information.
-
-	* kuser/kinit.c: Added certificate revoke information from
-	configuration file.
-
-	* lib/krb5/pkinit.c (_krb5_pk_load_id): Added certificate revoke
-	information, ie CRL's
-	
-2006-04-10 Love H�rnquist �strand <lha@it.su.se>
-
-	* lib/krb5/replay.c (krb5_rc_resolve_full): make compile again.
-
-	* lib/krb5/keytab_krb4.c (krb4_kt_start_seq_get_int): make compile
-	again.
-
-	* lib/krb5/transited.c (make_path): make sure we return allocated
-	memory Coverity, NetBSD CID#1892
-
-	* lib/krb5/transited.c (make_path): make sure we return allocated
-	memory Coverity, NetBSD CID#1892
-
-	* lib/krb5/rd_req.c (krb5_verify_authenticator_checksum): on
-	protocol failure, avoid leaking memory Coverity, NetBSD CID#1900
-
-	* lib/krb5/principal.c (krb5_parse_name): remember to free realm
-	in case of error Coverity, NetBSD CID#1883
-
-	* lib/krb5/principal.c (krb5_425_conv_principal_ext2): remove
-	memory leak in case of weird formated dns replys.
-	Coverity, NetBSD CID#1885
-	
-	* lib/krb5/replay.c (krb5_rc_resolve_full): don't return pointer
-	to a allocated krb5_rcache in case of error.
-
-	* lib/krb5/log.c (krb5_addlog_dest): free fn in case of error
-	Coverity, NetBSD CID#1882
-	
-	* lib/krb5/keytab_krb4.c: Fix deref before NULL check, fix error
-	handling.  Coverity, NetBSD CID#2369
-
-	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds):
-	in_creds->client should always be set, assume so.
-
-	* lib/krb5/keytab_any.c (any_next_entry): restructure to make it
-	easier to read Fixes Coverity, NetBSD CID#625
-
-	* lib/krb5/crypto.c (krb5_string_to_key_derived): deref after NULL
-	check.  Coverity NetBSD CID#2367
-
-	* lib/krb5/build_auth.c (krb5_build_authenticator): use
-	calloc. removed check that was never really used. Coverity NetBSD
-	CID#2370
-	
-2006-04-09  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* lib/krb5/rd_req.c (krb5_verify_ap_req2): make sure `ticket�
-	points to NULL in case of error, add error handling, use calloc.
-
-	* kpasswd/kpasswdd.c (doit): when done, close all fd in the
-	sockets array and free it.  Coverity NetBSD CID#1916
-	
-2006-04-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/store.c (krb5_ret_principal): fix memory leak Coverity,
-	NetBSD CID#1695
-
-	* kdc/524.c (_kdc_do_524): Handle memory allocation failure
-	Coverity, NetBSD CID#2752
-	
-2006-04-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/keytab_file.c (krb5_kt_ret_principal): plug a memory
-	leak Coverity NetBSD CID#1890
-
-	* kdc/hprop.c (main): make sure type doesn't need to be set
-
-	* kdc/mit_dump.c (mit_prop_dump): close fd when done processing
-	Coverity NetBSD CID#1955
-
-	* kdc/string2key.c (tokey): catch warnings, free memory after use.
-	Based on Coverity NetBSD CID#1894
-
-	* kdc/hprop.c (main): remove dead code.  Coverity NetBSD CID#633
-	
-2006-04-04  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kpasswd/kpasswd-generator.c (read_words): catch empty file case,
-	will cause PBE (division by zero) later. From Tobias Stoeckmann.
-	
-2006-04-02  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* lib/hdb/keytab.c: Remove a delta from last revision that should
-	have gone in later.
-	
-	* lib/krb5/krbhst.c: fix spelling
-
-	* lib/krb5/send_to_kdc.c (send_and_recv_http): don't expose freed
-	pointer, found by IBM checker.
-
-	* lib/krb5/rd_cred.c (krb5_rd_cred): don't expose freed pointer,
-	found by IBM checker.
-
-	* lib/krb5/addr_families.c (krb5_make_addrport): clear return
-	value on error, found by IBM checker.
-
-	* kdc/kerberos5.c (check_addresses): treat netbios as no addresses
-	
-	* kdc/{kerberos4,kaserver}.c: _kdc_check_flags takes hdb_entry_ex
-
-	* kdc/kerberos5.c (_kdc_check_flags): make it take hdb_entry_ex to
-	avoid ?:'s at callers
-
-	* lib/krb5/v4_glue.c: Avoid using free memory, found by IBM
-	checker.
-
-	* lib/krb5/transited.c (expand_realm): avoid passing NULL to
-	strlen, found by IBM checker.
-
-	* lib/krb5/rd_cred.c (krb5_rd_cred): avoid a memory leak on malloc
-	failure, found by IBM checker.
-
-	* lib/krb5/krbhst.c (_krb5_krbhost_info_move): replace a strcpy
-	with a memcpy
-
-	* lib/krb5/keytab_keyfile.c (get_cell_and_realm): plug a memory
-	leak, found by IBM checker.
-
-	* lib/krb5/keytab_file.c (fkt_next_entry_int): remove a
-	dereferencing NULL pointer, found by IBM checker.
-
-	* lib/krb5/init_creds_pw.c (init_creds_init_as_req): in AS-REQ the
-	cname must always be given, don't avoid that fact and remove a
-	cname == NULL case. Plugs a memory leak found by IBM checker.
-
-	* lib/krb5/init_creds_pw.c (default_s2k_func): avoid exposing
-	free-ed memory on error. Found by IBM checker.
-
-	* lib/krb5/init_creds.c (_krb5_get_init_creds_opt_copy): use
-	calloc to avoid uninitialized memory problem.
-
-	* lib/krb5/data.c (krb5_copy_data): avoid exposing free-ed memory
-	on error. Found by IBM checker.
-
-	* lib/krb5/fcache.c (fcc_gen_new): fix a use after free, found by
-	IBM checker.
-
-	* lib/krb5/config_file.c (krb5_config_vget_strings): IBM checker
-	thought it found a memory leak, it didn't, but there was another
-	error in the code, lets fix that instead.
-
-	* lib/krb5/cache.c (_krb5_expand_default_cc_name): plug memory
-	leak. Found by IBM checker.
-
-	* lib/krb5/cache.c (_krb5_expand_default_cc_name): avoid return
-	pointer to freed memory in the error case. Found by IBM checker.
-
-	* lib/hdb/keytab.c (hdb_resolve): off by one, found by IBM
-	checker.
-
-	* lib/hdb/keys.c (hdb_generate_key_set): set ret_key_set before
-	going into the error clause and freeing key_set. Found by IBM
-	checker.  Make sure ret == 0 after of parse error, we catch the
-	"no entries parsed" case later.
-
-	* lib/krb5/log.c (krb5_addlog_dest): make string length match
-	strings in strcasecmp.  Found by IBM checker.
-	
-2006-03-30  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* lib/hdb/hdb-ldap.c (LDAP_message2entry): in declaration set
-	variable_name as "hdb_entry_ex"
-	(hdb_ldap_common): change "arg" in condition (if) to "search_base"
-	(hdb_ldapi_create): change "serach_base" to "search_base" From
-	Alex V. Labuta.
-
-	* lib/krb5/pkinit.c (krb5_get_init_creds_opt_set_pkinit); fix
-	prototype
-
-	* kuser/kinit.c: Add pool of certificates to help certificate path
-	building for clients sending incomplete path in the signedData.
-	
-2006-03-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/pkinit.c: Add pool of certificates to help certificate path
-	building for clients sending incomplete path in the signedData.
-
-	* lib/krb5/pkinit.c: Add pool of certificates to help certificate
-	path building for clients sending incomplete path in the
-	signedData.
-	
-2006-03-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/config.c: Allow passing in related certificates used to
-	build the chain.
-
-	* kdc/pkinit.c: Allow passing in related certificates used to
-	build the chain.
-
-	* kdc/kerberos5.c (log_patype): Add case for
-	KRB5_PADATA_PA_PK_OCSP_RESPONSE.
-
-	* tools/Makefile.am: Spelling
-
-	* tools/krb5-config.in: Add hx509 when using PK-INIT.
-
-	* tools/Makefile.am: Add hx509 when using PK-INIT.
-	
-2006-03-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/acache.c: Use ticket flags definition, might fix Mac OS
-	X Kerberos.app problems.
-
-	* lib/krb5/krb5_ccapi.h: Add ticket flags definitions
-
-	* lib/krb5/pkinit.c: Use less openssl, spell chelling.
-
-	* kdc/pkinit.c (pk_mk_pa_reply_dh): encode the DH public key with
-	asn1 wrapping
-
-	* configure.in (AC_CONFIG_FILES): add lib/hx509/Makefile
-
-	* lib/Makefile.am: Add hx509.
-
-	* lib/krb5/Makefile.am: Add libhx509.la when PKINIT is used.
-
-	* configure.in: define automake PKINIT variable
-
-	* kdc/pkinit.c: Switch to hx509.
-
-	* lib/krb5/pkinit.c: Switch to hx509.
-	
-2006-03-24  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kdc/kerberos5.c (log_patypes): log the patypes requested by the
-	client
-	
-2006-03-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/pkinit.c (_krb5_pk_rd_pa_reply): pass down the
-	req_buffer in the w2k case too. From Douglas E. Engert.
-	
-2006-03-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/mk_req_ext.c (_krb5_mk_req_internal): on failure, goto
-	error handling.  Fixes Coverity NetBSD CID 2591 by catching a
-	failing krb5_copy_keyblock()
-	
-2006-03-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/addr_families.c (krb5_free_addresses): reset val,len in
-	address when free-ing.  Fixes Coverity NetBSD bug #2605
-	(krb5_parse_address): reset val,len before possibly return errors
-	Fixes Coverity NetBSD bug #2605
-	
-2006-03-07  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* lib/krb5/send_to_kdc.c (recv_loop): it should never happen, but
-	make sure nbytes > 0
-
-	* lib/krb5/get_for_creds.c (add_addrs): handle the case where
-	addr->len == 0 and n == 0, then realloc might return NULL.
-
-	* lib/krb5/crypto.c (decrypt_*): handle the case where the
-	plaintext is 0 bytes long, realloc might then return NULL.
-	
-2006-02-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5_string_to_key.3: Drop krb5_string_to_key_derived.
-
-	* lib/krb5/krb5.3: Remove krb5_string_to_key_derived.
-
-	* lib/krb5/crypto.c (AES_string_to_key): drop _krb5_PKCS5_PBKDF2
-	and use PKCS5_PBKDF2_HMAC_SHA1 instead.
-
-	* lib/krb5/aes-test.c: reformat, avoid free-ing un-init'd memory
-
-	* lib/krb5/aes-test.c: Only use PKCS5_PBKDF2_HMAC_SHA1.
-	
-2006-02-27  Johan Danielsson  <joda@pdc.kth.se>
-
-	* doc/setup.texi: remove cartouches - we don't use them anywhere
-	else, they should be around the example, not inside it, and
-	probably shouldn't be used in html at all
-
-2006-02-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5_warn.3: Document that applications want to use
-	krb5_get_error_message, add example.
-
-2006-02-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/crypto.c (krb5_generate_random_block): check return
-	value from RAND_bytes
-
-	* lib/krb5/error_string.c: Change indentation, update (c)
-
-2006-02-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/pkinit.c: Make struct krb5_dh_moduli available when
-	compiling w/o pkinit.
-	
-2006-02-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/pkinit.c: update to new paChecksum definition, update
-	the dhgroup handling
-
-	* kdc/pkinit.c: update to new paChecksum definition, use
-	hdb_entry_ex
-	
-2006-02-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5_locl.h: Move Configurable options to last in the
-	file.
-	
-	* lib/krb5/krb5_locl.h: Wrap KRB5_ADDRESSLESS_DEFAULT with #ifndef
-	
-2006-02-03  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kpasswd/kpasswdd.c: Send back a better error-message to the
-	client in case the password change was rejected.
-
-	* lib/krb5/krb5_warn.3: Document krb5_get_error_message.
-
-	* lib/krb5/error_string.c (krb5_get_error_message): new function,
-	and combination of krb5_get_error_string and krb5_get_err_text
-
-	* lib/krb5/krb5.3: sort, and krb5_get_error_message
-
-	* lib/hdb/hdb-ldap.c: Log the filter string to the error message
-	when doing searches.
-
-	* lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_default_flags):
-	Use KRB5_ADDRESSLESS_DEFAULT when
-	checking [appdefault]no-addresses.
-
-	* lib/krb5/get_cred.c (get_cred_from_kdc_flags): Use
-	KRB5_ADDRESSLESS_DEFAULT when checking
-	[appdefault]no-addresses.
-
-	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds):
-	Use [appdefault]no-addresses before checking if the krbtgt is
-	address-less, use KRB5_ADDRESSLESS_DEFAULT.
-
-	* lib/krb5/krb5_locl.h: Introduce KRB5_ADDRESSLESS_DEFAULT that
-	controlls all address-less behavior.  Defaults to false.
-	
-2006-02-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/n-fold-test.c: main is not a KRB5_LIB_FUNCTION
-
-	* lib/krb5/mk_priv.c (krb5_mk_priv): abort if ASN1_MALLOC_ENCODE
-	failes to produce the matching lenghts.
-	
-2006-01-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kcm/protocol.c (kcm_op_retrieve): remove unused variable
-	
-2006-01-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* tools/krb5-config.in: Move depenency on @LIB_dbopen@ to
-	kadm-server, kerberos library doesn't depend on db-library.
-	
-2006-01-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* include/Makefile.am: Don't clean crypto headers, they now live
-	in hcrypto/.  Add hcrypto to SUBDIRS.
-
-	* include/hcrypto/Makefile.am: clean installed headers
-
-	* include/make_crypto.c: include crypto headers from hcrypto/
-
-	* include/make_crypto.c: Include more crypto headerfiles. Remove
-	support for old hash names.
-	
-2006-01-02  Love H�rnquist �strand <lha@it.su.se>
-	
-	* kdc/misc.c (_kdc_db_fetch): use calloc to allocate the entry,
-	from Andrew Bartlet.
-	
-	* Happy New Year.
diff --git a/crypto/heimdal/LICENSE b/crypto/heimdal/LICENSE
deleted file mode 100644
index d61e65fecdb9..000000000000
--- a/crypto/heimdal/LICENSE
+++ /dev/null
@@ -1,30 +0,0 @@
-Copyright (c) 1995 - 2007 Kungliga Tekniska H�gskolan
-(Royal Institute of Technology, Stockholm, Sweden). 
-All rights reserved. 
-
-Redistribution and use in source and binary forms, with or without 
-modification, are permitted provided that the following conditions 
-are met: 
-
-1. Redistributions of source code must retain the above copyright 
-   notice, this list of conditions and the following disclaimer. 
-
-2. Redistributions in binary form must reproduce the above copyright 
-   notice, this list of conditions and the following disclaimer in the 
-   documentation and/or other materials provided with the distribution. 
-
-3. Neither the name of the Institute nor the names of its contributors 
-   may be used to endorse or promote products derived from this software 
-   without specific prior written permission. 
-
-THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-SUCH DAMAGE. 
diff --git a/crypto/heimdal/Makefile.am b/crypto/heimdal/Makefile.am
deleted file mode 100644
index 693c23fe10da..000000000000
--- a/crypto/heimdal/Makefile.am
+++ /dev/null
@@ -1,50 +0,0 @@
-# $Id: Makefile.am 22497 2008-01-21 12:12:23Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-if KCM
-kcm_dir = kcm
-endif
-
-SUBDIRS=  include lib kuser kdc admin kadmin kpasswd 
-SUBDIRS+= $(kcm_dir) appl doc tools tests packages etc
-
-## ACLOCAL = @ACLOCAL@ -I cf
-ACLOCAL_AMFLAGS = -I cf
-
-EXTRA_DIST = \
-	TODO \
-	LICENSE \
-	README \
-	ChangeLog \
-	ChangeLog.1998 \
-	ChangeLog.1999 \
-	ChangeLog.2000 \
-	ChangeLog.2001 \
-	ChangeLog.2002 \
-	ChangeLog.2003 \
-	ChangeLog.2004 \
-	ChangeLog.2005 \
-	ChangeLog.2006 \
-	Makefile.am.common \
-	autogen.sh \
-	krb5.conf \
-	cf/make-proto.pl \
-	cf/install-catman.sh \
-	cf/ChangeLog \
-	cf/c-function.m4 \
-	cf/ChangeLog \
-	cf/have-pragma-weak.m4 \
-	cf/have-types.m4 \
-	cf/krb-func-getcwd-broken.m4 \
-	cf/krb-prog-ranlib.m4 \
-	cf/krb-prog-yacc.m4 \
-	cf/krb-sys-aix.m4 \
-	cf/krb-sys-nextstep.m4 \
-	cf/krb-version.m4 \
-	cf/roken.m4 \
-	cf/valgrind-suppressions \
-	cf/vararray.m4
-
-print-distdir:
-	@echo $(distdir)
diff --git a/crypto/heimdal/Makefile.am.common b/crypto/heimdal/Makefile.am.common
deleted file mode 100644
index b3bbf45088e4..000000000000
--- a/crypto/heimdal/Makefile.am.common
+++ /dev/null
@@ -1,4 +0,0 @@
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-include $(top_srcdir)/cf/Makefile.am.common
-
diff --git a/crypto/heimdal/Makefile.in b/crypto/heimdal/Makefile.in
deleted file mode 100644
index 68a2ddf55e1b..000000000000
--- a/crypto/heimdal/Makefile.in
+++ /dev/null
@@ -1,982 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 22497 2008-01-21 12:12:23Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \
-	$(srcdir)/Makefile.in $(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure \
-	ChangeLog NEWS TODO compile config.guess config.sub install-sh \
-	ltmain.sh missing ylwrap
-subdir = .
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
- configure.lineno config.status.lineno
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-SOURCES =
-DIST_SOURCES =
-RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
-	html-recursive info-recursive install-data-recursive \
-	install-dvi-recursive install-exec-recursive \
-	install-html-recursive install-info-recursive \
-	install-pdf-recursive install-ps-recursive install-recursive \
-	installcheck-recursive installdirs-recursive pdf-recursive \
-	ps-recursive uninstall-recursive
-RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive	\
-  distclean-recursive maintainer-clean-recursive
-ETAGS = etags
-CTAGS = ctags
-DIST_SUBDIRS = include lib kuser kdc admin kadmin kpasswd kcm appl doc \
-	tools tests packages etc
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-distdir = $(PACKAGE)-$(VERSION)
-top_distdir = $(distdir)
-am__remove_distdir = \
-  { test ! -d $(distdir) \
-    || { find $(distdir) -type d ! -perm -200 -exec chmod u+w {} ';' \
-         && rm -fr $(distdir); }; }
-DIST_ARCHIVES = $(distdir).tar.gz
-GZIP_ENV = --best
-distuninstallcheck_listfiles = find . -type f -print
-distcleancheck_listfiles = find . -type f -print
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-@KCM_TRUE@kcm_dir = kcm
-SUBDIRS = include lib kuser kdc admin kadmin kpasswd $(kcm_dir) appl \
-	doc tools tests packages etc
-ACLOCAL_AMFLAGS = -I cf
-EXTRA_DIST = \
-	TODO \
-	LICENSE \
-	README \
-	ChangeLog \
-	ChangeLog.1998 \
-	ChangeLog.1999 \
-	ChangeLog.2000 \
-	ChangeLog.2001 \
-	ChangeLog.2002 \
-	ChangeLog.2003 \
-	ChangeLog.2004 \
-	ChangeLog.2005 \
-	ChangeLog.2006 \
-	Makefile.am.common \
-	autogen.sh \
-	krb5.conf \
-	cf/make-proto.pl \
-	cf/install-catman.sh \
-	cf/ChangeLog \
-	cf/c-function.m4 \
-	cf/ChangeLog \
-	cf/have-pragma-weak.m4 \
-	cf/have-types.m4 \
-	cf/krb-func-getcwd-broken.m4 \
-	cf/krb-prog-ranlib.m4 \
-	cf/krb-prog-yacc.m4 \
-	cf/krb-sys-aix.m4 \
-	cf/krb-sys-nextstep.m4 \
-	cf/krb-version.m4 \
-	cf/roken.m4 \
-	cf/valgrind-suppressions \
-	cf/vararray.m4
-
-all: all-recursive
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
-am--refresh:
-	@:
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      echo ' cd $(srcdir) && $(AUTOMAKE) --foreign  --ignore-deps'; \
-	      cd $(srcdir) && $(AUTOMAKE) --foreign  --ignore-deps \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    echo ' $(SHELL) ./config.status'; \
-	    $(SHELL) ./config.status;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	$(SHELL) ./config.status --recheck
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(srcdir) && $(AUTOCONF)
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-
-# This directory's subdirectories are mostly independent; you can cd
-# into them and run `make' without going through this Makefile.
-# To change the values of `make' variables: instead of editing Makefiles,
-# (1) if the variable is set in `config.status', edit `config.status'
-#     (which will cause the Makefiles to be regenerated when you run `make');
-# (2) otherwise, pass the desired values on the `make' command line.
-$(RECURSIVE_TARGETS):
-	@failcom='exit 1'; \
-	for f in x $$MAKEFLAGS; do \
-	  case $$f in \
-	    *=* | --[!k]*);; \
-	    *k*) failcom='fail=yes';; \
-	  esac; \
-	done; \
-	dot_seen=no; \
-	target=`echo $@ | sed s/-recursive//`; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    dot_seen=yes; \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	  || eval $$failcom; \
-	done; \
-	if test "$$dot_seen" = "no"; then \
-	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
-	fi; test -z "$$fail"
-
-$(RECURSIVE_CLEAN_TARGETS):
-	@failcom='exit 1'; \
-	for f in x $$MAKEFLAGS; do \
-	  case $$f in \
-	    *=* | --[!k]*);; \
-	    *k*) failcom='fail=yes';; \
-	  esac; \
-	done; \
-	dot_seen=no; \
-	case "$@" in \
-	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
-	  *) list='$(SUBDIRS)' ;; \
-	esac; \
-	rev=''; for subdir in $$list; do \
-	  if test "$$subdir" = "."; then :; else \
-	    rev="$$subdir $$rev"; \
-	  fi; \
-	done; \
-	rev="$$rev ."; \
-	target=`echo $@ | sed s/-recursive//`; \
-	for subdir in $$rev; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	  || eval $$failcom; \
-	done && test -z "$$fail"
-tags-recursive:
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
-	done
-ctags-recursive:
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
-	  include_option=--etags-include; \
-	  empty_fix=.; \
-	else \
-	  include_option=--include; \
-	  empty_fix=; \
-	fi; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test ! -f $$subdir/TAGS || \
-	      tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \
-	  fi; \
-	done; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS: ctags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	$(am__remove_distdir)
-	test -d $(distdir) || mkdir $(distdir)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test -d "$(distdir)/$$subdir" \
-	    || $(MKDIR_P) "$(distdir)/$$subdir" \
-	    || exit 1; \
-	    distdir=`$(am__cd) $(distdir) && pwd`; \
-	    top_distdir=`$(am__cd) $(top_distdir) && pwd`; \
-	    (cd $$subdir && \
-	      $(MAKE) $(AM_MAKEFLAGS) \
-	        top_distdir="$$top_distdir" \
-	        distdir="$$distdir/$$subdir" \
-		am__remove_distdir=: \
-		am__skip_length_check=: \
-	        distdir) \
-	      || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-	-find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
-	  ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
-	  ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
-	  ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
-	|| chmod -R a+r $(distdir)
-dist-gzip: distdir
-	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
-	$(am__remove_distdir)
-
-dist-bzip2: distdir
-	tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2
-	$(am__remove_distdir)
-
-dist-tarZ: distdir
-	tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
-	$(am__remove_distdir)
-
-dist-shar: distdir
-	shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
-	$(am__remove_distdir)
-
-dist-zip: distdir
-	-rm -f $(distdir).zip
-	zip -rq $(distdir).zip $(distdir)
-	$(am__remove_distdir)
-
-dist dist-all: distdir
-	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
-	$(am__remove_distdir)
-
-# This target untars the dist file and tries a VPATH configuration.  Then
-# it guarantees that the distribution is self-contained by making another
-# tarfile.
-distcheck: dist
-	case '$(DIST_ARCHIVES)' in \
-	*.tar.gz*) \
-	  GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(am__untar) ;;\
-	*.tar.bz2*) \
-	  bunzip2 -c $(distdir).tar.bz2 | $(am__untar) ;;\
-	*.tar.Z*) \
-	  uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
-	*.shar.gz*) \
-	  GZIP=$(GZIP_ENV) gunzip -c $(distdir).shar.gz | unshar ;;\
-	*.zip*) \
-	  unzip $(distdir).zip ;;\
-	esac
-	chmod -R a-w $(distdir); chmod a+w $(distdir)
-	mkdir $(distdir)/_build
-	mkdir $(distdir)/_inst
-	chmod a-w $(distdir)
-	dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
-	  && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
-	  && cd $(distdir)/_build \
-	  && ../configure --srcdir=.. --prefix="$$dc_install_base" \
-	    $(DISTCHECK_CONFIGURE_FLAGS) \
-	  && $(MAKE) $(AM_MAKEFLAGS) \
-	  && $(MAKE) $(AM_MAKEFLAGS) dvi \
-	  && $(MAKE) $(AM_MAKEFLAGS) check \
-	  && $(MAKE) $(AM_MAKEFLAGS) install \
-	  && $(MAKE) $(AM_MAKEFLAGS) installcheck \
-	  && $(MAKE) $(AM_MAKEFLAGS) uninstall \
-	  && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \
-	        distuninstallcheck \
-	  && chmod -R a-w "$$dc_install_base" \
-	  && ({ \
-	       (cd ../.. && umask 077 && mkdir "$$dc_destdir") \
-	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \
-	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \
-	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \
-	            distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \
-	      } || { rm -rf "$$dc_destdir"; exit 1; }) \
-	  && rm -rf "$$dc_destdir" \
-	  && $(MAKE) $(AM_MAKEFLAGS) dist \
-	  && rm -rf $(DIST_ARCHIVES) \
-	  && $(MAKE) $(AM_MAKEFLAGS) distcleancheck
-	$(am__remove_distdir)
-	@(echo "$(distdir) archives ready for distribution: "; \
-	  list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \
-	  sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x'
-distuninstallcheck:
-	@cd $(distuninstallcheck_dir) \
-	&& test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \
-	   || { echo "ERROR: files left after uninstall:" ; \
-	        if test -n "$(DESTDIR)"; then \
-	          echo "  (check DESTDIR support)"; \
-	        fi ; \
-	        $(distuninstallcheck_listfiles) ; \
-	        exit 1; } >&2
-distcleancheck: distclean
-	@if test '$(srcdir)' = . ; then \
-	  echo "ERROR: distcleancheck can only run from a VPATH build" ; \
-	  exit 1 ; \
-	fi
-	@test `$(distcleancheck_listfiles) | wc -l` -eq 0 \
-	  || { echo "ERROR: files left in build directory after distclean:" ; \
-	       $(distcleancheck_listfiles) ; \
-	       exit 1; } >&2
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-recursive
-all-am: Makefile all-local
-installdirs: installdirs-recursive
-installdirs-am:
-install: install-recursive
-install-exec: install-exec-recursive
-install-data: install-data-recursive
-uninstall: uninstall-recursive
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-recursive
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-recursive
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-recursive
-	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
-	-rm -f Makefile
-distclean-am: clean-am distclean-generic distclean-libtool \
-	distclean-tags
-
-dvi: dvi-recursive
-
-dvi-am:
-
-html: html-recursive
-
-info: info-recursive
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-recursive
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-recursive
-
-install-info: install-info-recursive
-
-install-man:
-
-install-pdf: install-pdf-recursive
-
-install-ps: install-ps-recursive
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-recursive
-	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
-	-rm -rf $(top_srcdir)/autom4te.cache
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-recursive
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-pdf: pdf-recursive
-
-pdf-am:
-
-ps: ps-recursive
-
-ps-am:
-
-uninstall-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \
-	install-data-am install-exec-am install-strip uninstall-am
-
-.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
-	all all-am all-local am--refresh check check-am check-local \
-	clean clean-generic clean-libtool ctags ctags-recursive dist \
-	dist-all dist-bzip2 dist-gzip dist-hook dist-shar dist-tarZ \
-	dist-zip distcheck distclean distclean-generic \
-	distclean-libtool distclean-tags distcleancheck distdir \
-	distuninstallcheck dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am \
-	install-data-hook install-dvi install-dvi-am install-exec \
-	install-exec-am install-exec-hook install-html install-html-am \
-	install-info install-info-am install-man install-pdf \
-	install-pdf-am install-ps install-ps-am install-strip \
-	installcheck installcheck-am installdirs installdirs-am \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags tags-recursive uninstall uninstall-am uninstall-hook
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-print-distdir:
-	@echo $(distdir)
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/NEWS b/crypto/heimdal/NEWS
deleted file mode 100644
index f0504274042f..000000000000
--- a/crypto/heimdal/NEWS
+++ /dev/null
@@ -1,802 +0,0 @@
-Changes in release 1.1
-
- * Read-only PKCS11 provider built-in to hx509.
-
- * Documentation for hx509, hcrypto and ntlm libraries improved.
-
- * Better compatibilty with Windows 2008 Server pre-releases and Vista.
-
- * Mac OS X 10.5 support for native credential cache.
-
- * Provide pkg-config file for Heimdal (heimdal-gssapi.pc).
-
- * Bug fixes.
-
-Changes in release 1.0.2
-
-* Ubuntu packages.
-
-* Bug fixes.
-
-Changes in release 1.0.1
-
- * Serveral bug fixes to iprop.
-
- * Make work on platforms without dlopen.
-
- * Add RFC3526 modp group14 as default.
-
- * Handle [kdc] database = { } entries without realm = stanzas.
-
- * Make krb5_get_renewed_creds work.
-
- * Make kaserver preauth work again.
-
- * Bug fixes.
-
-Changes in release 1.0
-
- * Add gss_pseudo_random() for mechglue and krb5.
-
- * Make session key for the krbtgt be selected by the best encryption
-   type of the client.
-
- * Better interoperability with other PK-INIT implementations.
-
- * Inital support for Mac OS X Keychain for hx509.
-
- * Alias support for inital ticket requests.
-
- * Add symbol versioning to selected libraries on platforms that uses
-   GNU link editor: gssapi, hcrypto, heimntlm, hx509, krb5, and libkdc.
-
- * New version of imath included in hcrypto.
-
- * Fix memory leaks.
-
- * Bugs fixes.
-
-Changes in release 0.8.1
-
- * Make ASN.1 library less paranoid to with regard to NUL in string to
-   make it inter-operate with MIT Kerberos again.
-
- * Make GSS-API library work again when using gss_acquire_cred
-
- * Add symbol versioning to libgssapi when using GNU ld.
-
- * Fix memory leaks 
-
- * Bugs fixes
-
-Changes in release 0.8
-
- * PK-INIT support.
-
- * HDB extensions support, used by PK-INIT.
-
- * New ASN.1 compiler.
-
- * GSS-API mechglue from FreeBSD.
-
- * Updated SPNEGO to support RFC4178.
-
- * Support for Cryptosystem Negotiation Extension (RFC 4537).
-
- * A new X.509 library (hx509) and related crypto functions.
-
- * A new ntlm library (heimntlm) and related crypto functions.
-
- * Updated the built-in crypto library with bignum support using
-   imath, support for RSA and DH and renamed it to libhcrypto.
-
- * Subsystem in the KDC, digest, that will perform the digest
-   operation in the KDC, currently supports: CHAP, MS-CHAP-V2, SASL
-   DIGEST-MD5 NTLMv1 and NTLMv2.
-
- * KDC will return the "response too big" error to force TCP retries
-   for large (default 1400 bytes) UDP replies.  This is common for
-   PK-INIT requests.
-
- * Libkafs defaults to use 2b tokens.
-
- * Default to use the API cache on Mac OS X.
-
- * krb5_kuserok() also checks ~/.k5login.d directory for acl files,
-   see manpage for krb5_kuserok for description.
-
- * Many, many, other updates to code and info manual and manual pages.
-
- * Bug fixes
-
-Changes in release 0.7.2
-
-* Fix security problem in rshd that enable an attacker to overwrite
-  and change ownership of any file that root could write.
-
-* Fix a DOS in telnetd. The attacker could force the server to crash
-  in a NULL de-reference before the user logged in, resulting in inetd
-  turning telnetd off because it forked too fast.
-
-* Make gss_acquire_cred(GSS_C_ACCEPT) check that the requested name
-  exists in the keytab before returning success. This allows servers
-  to check if its even possible to use GSSAPI.
-
-* Fix receiving end of token delegation for GSS-API. It still wrongly
-  uses subkey for sending for compatibility reasons, this will change
-  in 0.8.
-
-* telnetd, login and rshd are now more verbose in logging failed and
-  successful logins.
-
-* Bug fixes
-
-Changes in release 0.7.1
-
-* Bug fixes
-
-Changes in release 0.7
-
- * Support for KCM, a process based credential cache
-
- * Support CCAPI credential cache
-
- * SPNEGO support
-
- * AES (and the gssapi conterpart, CFX) support
-
- * Adding new and improve old documentation
-
- * Bug fixes
-
-Changes in release 0.6.6
-
-* Fix security problem in rshd that enable an attacker to overwrite
-  and change ownership of any file that root could write.
-
-* Fix a DOS in telnetd. The attacker could force the server to crash
-  in a NULL de-reference before the user logged in, resulting in inetd
-  turning telnetd off because it forked too fast.
-
-Changes in release 0.6.5
-
- * fix vulnerabilities in telnetd
-
- * unbreak Kerberos 4 and kaserver
-
-Changes in release 0.6.4
-
- * fix vulnerabilities in telnet
-
- * rshd: encryption without a separate error socket should now work
-
- * telnet now uses appdefaults for the encrypt and forward/forwardable
-   settings
-
- * bug fixes
-
-Changes in release 0.6.3
-
- * fix vulnerabilities in ftpd
-
- * support for linux AFS /proc "syscalls"
-
- * support for RFC3244 (Windows 2000 Kerberos Change/Set Password) in
-   kpasswdd
-
- * fix possible KDC denial of service
-
- * bug fixes
-
-Changes in release 0.6.2
-
- * Fix possible buffer overrun in v4 kadmin (which now defaults to off)
-
-Changes in release 0.6.1
-
- * Fixed ARCFOUR suppport
-
- * Cross realm vulnerability
-
- * kdc: fix denial of service attack
-
- * kdc: stop clients from renewing tickets into the future
-
- * bug fixes
-	
-Changes in release 0.6
-
-* The DES3 GSS-API mechanism has been changed to inter-operate with
-  other GSSAPI implementations. See man page for gssapi(3) how to turn
-  on generation of correct MIC messages. Next major release of heimdal 
-  will generate correct MIC by default.
-
-* More complete GSS-API support
-
-* Better AFS support: kdc (524) supports 2b; 524 in kdc and AFS
-  support in applications no longer requires Kerberos 4 libs
-
-* Kerberos 4 support in kdc defaults to turned off (includes ka and 524)
-
-* other bug fixes
-
-Changes in release 0.5.2
-
- * kdc: add option for disabling v4 cross-realm (defaults to off)
-
- * bug fixes
-
-Changes in release 0.5.1
-
- * kadmind: fix remote exploit
-
- * kadmind: add option to disable kerberos 4
-
- * kdc: make sure kaserver token life is positive
-
- * telnet: use the session key if there is no subkey
-
- * fix EPSV parsing in ftp
-
- * other bug fixes
-
-Changes in release 0.5
-
- * add --detach option to kdc
-
- * allow setting forward and forwardable option in telnet from
-   .telnetrc, with override from command line
-
- * accept addresses with or without ports in krb5_rd_cred
-
- * make it work with modern openssl
-
- * use our own string2key function even with openssl (that handles weak
-   keys incorrectly)
-
- * more system-specific requirements in login
-
- * do not use getlogin() to determine root in su
-
- * telnet: abort if telnetd does not support encryption
-
- * update autoconf to 2.53
-
- * update config.guess, config.sub
-
- * other bug fixes
-
-Changes in release 0.4e
-
- * improve libcrypto and database autoconf tests
-
- * do not care about salting of server principals when serving v4 requests
-
- * some improvements to gssapi library
-
- * test for existing compile_et/libcom_err
-
- * portability fixes
-
- * bug fixes
-
-Changes in release 0.4d
-
- * fix some problems when using libcrypto from openssl
-
- * handle /dev/ptmx `unix98' ptys on Linux
-
- * add some forgotten man pages
-
- * rsh: clean-up and add man page
-
- * fix -A and -a in builtin-ls in tpd
-
- * fix building problem on Irix
-
- * make `ktutil get' more efficient
-
- * bug fixes
-
-Changes in release 0.4c
-
- * fix buffer overrun in telnetd
-
- * repair some of the v4 fallback code in kinit
-
- * add more shared library dependencies
-
- * simplify and fix hprop handling of v4 databases
-
- * fix some building problems (osf's sia and osfc2 login)
-
- * bug fixes
-
-Changes in release 0.4b
-
- * update the shared library version numbers correctly
-
-Changes in release 0.4a
-
- * corrected key used for checksum in mk_safe, unfortunately this
-   makes it backwards incompatible
-
- * update to autoconf 2.50, libtool 1.4
-
- * re-write dns/config lookups (krb5_krbhst API)
-
- * make order of using subkeys consistent
-
- * add man page links
-
- * add more man pages
-
- * remove rfc2052 support, now only rfc2782 is supported
-
- * always build with kaserver protocol support in the KDC (assuming
-   KRB4 is enabled) and support for reading kaserver databases in
-   hprop
-
-Changes in release 0.3f
-
- * change default keytab to ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab,
-   the new keytab type that tries both of these in order (SRVTAB is
-   also an alias for krb4:)
-
- * improve error reporting and error handling (error messages should
-   be more detailed and more useful)
-
- * improve building with openssl
-
- * add kadmin -K, rcp -F 
-
- * fix two incorrect weak DES keys
-
- * fix building of kaserver compat in KDC
-
- * the API is closer to what MIT krb5 is using
-
- * more compatible with windows 2000
-
- * removed some memory leaks
-
- * bug fixes
-
-Changes in release 0.3e
-
- * rcp program included
-
- * fix buffer overrun in ftpd
-
- * handle omitted sequence numbers as zeroes to handle MIT krb5 that
-   cannot generate zero sequence numbers
-
- * handle v4 /.k files better
-
- * configure/portability fixes
-
- * fixes in parsing of options to kadmin (sub-)commands
-
- * handle errors in kadmin load better
-
- * bug fixes
-
-Changes in release 0.3d
-
- * add krb5-config
-
- * fix a bug in 3des gss-api mechanism, making it compatible with the
-   specification and the MIT implementation
-
- * make telnetd only allow a specific list of environment variables to
-   stop it from setting `sensitive' variables
-
- * try to use an existing libdes
-
- * lib/krb5, kdc: use correct usage type for ap-req messages.  This
-   should improve compatability with MIT krb5 when using 3DES
-   encryption types
-
- * kdc: fix memory allocation problem
-
- * update config.guess and config.sub
-
- * lib/roken: more stuff implemented
-
- * bug fixes and portability enhancements
-
-Changes in release 0.3c
-
- * lib/krb5: memory caches now support the resolve operation
-
- * appl/login: set PATH to some sane default
-
- * kadmind: handle several realms
-
- * bug fixes (including memory leaks)
-
-Changes in release 0.3b
-
- * kdc: prefer default-salted keys on v5 requests
-
- * kdc: lowercase hostnames in v4 mode
-
- * hprop: handle more types of MIT salts
-
- * lib/krb5: fix memory leak
-
- * bug fixes
-
-Changes in release 0.3a:
-
- * implement arcfour-hmac-md5 to interoperate with W2K
-
- * modularise the handling of the master key, and allow for other
-   encryption types. This makes it easier to import a database from
-   some other source without having to re-encrypt all keys.
-
- * allow for better control over which encryption types are created
-
- * make kinit fallback to v4 if given a v4 KDC
-
- * make klist work better with v4 and v5, and add some more MIT
-   compatibility options
-
- * make the kdc listen on the krb524 (4444) port for compatibility
-   with MIT krb5 clients
-
- * implement more DCE/DFS support, enabled with --enable-dce, see
-   lib/kdfs and appl/dceutils
-
- * make the sequence numbers work correctly
-
- * bug fixes
-
-Changes in release 0.2t:
-
- * bug fixes
-
-Changes in release 0.2s:
-
- * add OpenLDAP support in hdb
-
- * login will get v4 tickets when it receives forwarded tickets
-
- * xnlock supports both v5 and v4
-
- * repair source routing for telnet
-
- * fix building problems with krb4 (krb_mk_req)
-
- * bug fixes
-
-Changes in release 0.2r:
-
- * fix realloc memory corruption bug in kdc
-
- * `add --key' and `cpw --key' in kadmin
-
- * klist supports listing v4 tickets
-
- * update config.guess and config.sub
-
- * make v4 -> v5 principal name conversion more robust
-
- * support for anonymous tickets
-
- * new man-pages
-
- * telnetd: do not negotiate KERBEROS5 authentication if there's no keytab.
-
- * use and set expiration and not password expiration when dumping
-   to/from ka server databases / krb4 databases
-
- * make the code happier with 64-bit time_t
-
- * follow RFC2782 and by default do not look for non-underscore SRV names
-
-Changes in release 0.2q:
-
- * bug fix in tcp-handling in kdc
-
- * bug fix in expand_hostname
-
-Changes in release 0.2p:
-
- * bug fix in `kadmin load/merge'
-
- * bug fix in krb5_parse_address
-
-Changes in release 0.2o:
-
- * gss_{import,export}_sec_context added to libgssapi
-
- * new option --addresses to kdc (for listening on an explicit set of
-   addresses)
-
- * bug fixes in the krb4 and kaserver emulation part of the kdc
-
- * other bug fixes
-
-Changes in release 0.2n:
-
- * more robust parsing of dump files in kadmin
- * changed default timestamp format for log messages to extended ISO
-   8601 format (Y-M-DTH:M:S)
- * changed md4/md5/sha1 APIes to be de-facto `standard'
- * always make hostname into lower-case before creating principal
- * small bits of more MIT-compatability
- * bug fixes
-
-Changes in release 0.2m:
-
- * handle glibc's getaddrinfo() that returns several ai_canonname
-
- * new endian test
-
- * man pages fixes
-
-Changes in release 0.2l:
-
- * bug fixes
-
-Changes in release 0.2k:
-
- * better IPv6 test
-
- * make struct sockaddr_storage in roken work better on alphas
-
- * some missing [hn]to[hn]s fixed.
-
- * allow users to change their own passwords with kadmin (with initial
-   tickets)
-
- * fix stupid bug in parsing KDC specification
-
- * add `ktutil change' and `ktutil purge'
-
-Changes in release 0.2j:
-
- * builds on Irix
-
- * ftpd works in passive mode
-
- * should build on cygwin
-
- * work around broken IPv6-code on OpenBSD 2.6, also add configure
-   option --disable-ipv6
-
-Changes in release 0.2i:
-
- * use getaddrinfo in the missing places.
-
- * fix SRV lookup for admin server
-
- * use get{addr,name}info everywhere.  and implement it in terms of
-   getipnodeby{name,addr} (which uses gethostbyname{,2} and
-   gethostbyaddr)
-
-Changes in release 0.2h:
-
- * fix typo in kx (now compiles)
-
-Changes in release 0.2g:
-
- * lots of bug fixes:
-   * push works
-   * repair appl/test programs
-   * sockaddr_storage works on solaris (alignment issues)
-   * works better with non-roken getaddrinfo
-   * rsh works
-   * some non standard C constructs removed
-
-Changes in release 0.2f:
-
- * support SRV records for kpasswd
- * look for both _kerberos and krb5-realm when doing host -> realm mapping
-
-Changes in release 0.2e:
-
- * changed copyright notices to remove `advertising'-clause.
- * get{addr,name}info added to roken and used in the other code
-   (this makes things work much better with hosts with both v4 and v6
-    addresses, among other things)
- * do pre-auth for both password and key-based get_in_tkt
- * support for having several databases
- * new command `del_enctype' in kadmin
- * strptime (and new strftime) add to roken
- * more paranoia about finding libdb
- * bug fixes
-
-Changes in release 0.2d:
-
- * new configuration option [libdefaults]default_etypes_des
- * internal ls in ftpd builds without KRB4
- * kx/rsh/push/pop_debug tries v5 and v4 consistenly
- * build bug fixes
- * other bug fixes
-
-Changes in release 0.2c:
-
- * bug fixes (see ChangeLog's for details)
-
-Changes in release 0.2b:
-
- * bug fixes
- * actually bump shared library versions
-
-Changes in release 0.2a:
-
- * a new program verify_krb5_conf for checking your /etc/krb5.conf
- * add 3DES keys when changing password
- * support null keys in database
- * support multiple local realms
- * implement a keytab backend for AFS KeyFile's
- * implement a keytab backend for v4 srvtabs
- * implement `ktutil copy'
- * support password quality control in v4 kadmind
- * improvements in v4 compat kadmind
- * handle the case of having the correct cred in the ccache but with
-   the wrong encryption type better
- * v6-ify the remaining programs.
- * internal ls in ftpd
- * rename strcpy_truncate/strcat_truncate to strlcpy/strlcat
- * add `ank --random-password' and `cpw --random-password' in kadmin
- * some programs and documentation for trying to talk to a W2K KDC
- * bug fixes
-
-Changes in release 0.1m:
-
- * support for getting default from krb5.conf for kinit/kf/rsh/telnet.
-   From Miroslav Ruda <ruda@ics.muni.cz>
- * v6-ify hprop and hpropd
- * support numeric addresses in krb5_mk_req
- * shadow support in login and su. From Miroslav Ruda <ruda@ics.muni.cz>
- * make rsh/rshd IPv6-aware
- * make the gssapi sample applications better at reporting errors
- * lots of bug fixes
- * handle systems with v6-aware libc and non-v6 kernels (like Linux
-   with glibc 2.1) better
- * hide failure of ERPT in ftp
- * lots of bug fixes
-
-Changes in release 0.1l:
-
- * make ftp and ftpd IPv6-aware
- * add inet_pton to roken
- * more IPv6-awareness
- * make mini_inetd v6 aware
-
-Changes in release 0.1k:
-
- * bump shared libraries versions
- * add roken version of inet_ntop
- * merge more changes to rshd
-
-Changes in release 0.1j:
-
- * restore back to the `old' 3DES code.  This was supposed to be done
-   in 0.1h and 0.1i but I did a CVS screw-up.
- * make telnetd handle v6 connections
-
-Changes in release 0.1i:
-
- * start using `struct sockaddr_storage' which simplifies the code
-   (with a fallback definition if it's not defined)
- * bug fixes (including in hprop and kf)
- * don't use mawk which seems to mishandle roken.awk
- * get_addrs should be able to handle v6 addresses on Linux (with the
-   required patch to the Linux kernel -- ask within)
- * rshd builds with shadow passwords
-
-Changes in release 0.1h:
-
- * kf: new program for forwarding credentials
- * portability fixes
- * make forwarding credentials work with MIT code
- * better conversion of ka database
- * add etc/services.append
- * correct `modified by' from kpasswdd
- * lots of bug fixes
-
-Changes in release 0.1g:
-
- * kgetcred: new program for explicitly obtaining tickets
- * configure fixes
- * krb5-aware kx
- * bug fixes
-
-Changes in release 0.1f;
-
- * experimental support for v4 kadmin protokoll in kadmind
- * bug fixes
-
-Changes in release 0.1e:
-
- * try to handle old DCE and MIT kdcs
- * support for older versions of credential cache files and keytabs
- * postdated tickets work
- * support for password quality checks in kpasswdd
- * new flag --enable-kaserver for kdc
- * renew fixes
- * prototype su program
- * updated (some) manpages
- * support for KDC resource records
- * should build with --without-krb4
- * bug fixes
-
-Changes in release 0.1d:
-
- * Support building with DB2 (uses 1.85-compat API)
- * Support krb5-realm.DOMAIN in DNS
- * new `ktutil srvcreate'
- * v4/kafs support in klist/kdestroy
- * bug fixes
-
-Changes in release 0.1c:
-
- * fix ASN.1 encoding of signed integers
- * somewhat working `ktutil get'
- * some documentation updates
- * update to Autoconf 2.13 and Automake 1.4
- * the usual bug fixes
-
-Changes in release 0.1b:
-
- * some old -> new crypto conversion utils
- * bug fixes
-
-Changes in release 0.1a:
-
- * new crypto code
- * more bug fixes
- * make sure we ask for DES keys in gssapi
- * support signed ints in ASN1
- * IPv6-bug fixes
-
-Changes in release 0.0u:
-
- * lots of bug fixes
-
-Changes in release 0.0t:
-
- * more robust parsing of krb5.conf
- * include net{read,write} in lib/roken
- * bug fixes
-
-Changes in release 0.0s:
-
- * kludges for parsing options to rsh
- * more robust parsing of krb5.conf
- * removed some arbitrary limits
- * bug fixes
-
-Changes in release 0.0r:
-
- * default options for some programs
- * bug fixes
-
-Changes in release 0.0q:
-
- * support for building shared libraries with libtool
- * bug fixes
-
-Changes in release 0.0p:
-
- * keytab moved to /etc/krb5.keytab
- * avoid false detection of IPv6 on Linux
- * Lots of more functionality in the gssapi-library
- * hprop can now read ka-server databases
- * bug fixes
-
-Changes in release 0.0o:
-
- * FTP with GSSAPI support.
- * Bug fixes.
-
-Changes in release 0.0n:
-
- * Incremental database propagation.
- * Somewhat improved kadmin ui; the stuff in admin is now removed.
- * Some support for using enctypes instead of keytypes.
- * Lots of other improvement and bug fixes, see ChangeLog for details.
diff --git a/crypto/heimdal/README b/crypto/heimdal/README
deleted file mode 100644
index 88ab7fd12135..000000000000
--- a/crypto/heimdal/README
+++ /dev/null
@@ -1,19 +0,0 @@
-$Id: README 8839 2000-07-27 02:33:54Z assar $
-
-Heimdal is a Kerberos 5 implementation.
-
-Please see the manual in doc, by default installed in
-/usr/heimdal/info/heimdal.info for information on how to install.
-There are also briefer man pages for most of the commands.
-
-Bug reports and bugs are appreciated, see more under Bug reports in
-the manual on how we prefer them.
-
-For more information see the web-page at
-<http://www.pdc.kth.se/heimdal/> or the mailing lists:
-
-heimdal-announce@sics.se	low-volume announcement
-heimdal-discuss@sics.se		high-volume discussion
-
-send a mail to heimdal-announce-request@sics.se and
-heimdal-discuss-request@sics.se respectively to subscribe.
diff --git a/crypto/heimdal/acinclude.m4 b/crypto/heimdal/acinclude.m4
deleted file mode 100644
index eecf7cfb8bb1..000000000000
--- a/crypto/heimdal/acinclude.m4
+++ /dev/null
@@ -1,9 +0,0 @@
-dnl $Id: acinclude.m4 13337 2004-02-12 14:19:16Z lha $
-dnl
-dnl Only put things that for some reason can't live in the `cf'
-dnl directory in this file.
-dnl
-
-dnl $xId: misc.m4,v 1.1 1997/12/14 15:59:04 joda Exp $
-dnl
-m4_define([upcase],`echo $1 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`)dnl
diff --git a/crypto/heimdal/aclocal.m4 b/crypto/heimdal/aclocal.m4
deleted file mode 100644
index e9dcb29715e2..000000000000
--- a/crypto/heimdal/aclocal.m4
+++ /dev/null
@@ -1,7102 +0,0 @@
-# generated automatically by aclocal 1.10 -*- Autoconf -*-
-
-# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
-# 2005, 2006  Free Software Foundation, Inc.
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-m4_if(m4_PACKAGE_VERSION, [2.61],,
-[m4_fatal([this file was generated for autoconf 2.61.
-You have another version of autoconf.  If you want to use that,
-you should regenerate the build system entirely.], [63])])
-
-# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*-
-
-# serial 48 AC_PROG_LIBTOOL
-
-
-# AC_PROVIDE_IFELSE(MACRO-NAME, IF-PROVIDED, IF-NOT-PROVIDED)
-# -----------------------------------------------------------
-# If this macro is not defined by Autoconf, define it here.
-m4_ifdef([AC_PROVIDE_IFELSE],
-         [],
-         [m4_define([AC_PROVIDE_IFELSE],
-	         [m4_ifdef([AC_PROVIDE_$1],
-		           [$2], [$3])])])
-
-
-# AC_PROG_LIBTOOL
-# ---------------
-AC_DEFUN([AC_PROG_LIBTOOL],
-[AC_REQUIRE([_AC_PROG_LIBTOOL])dnl
-dnl If AC_PROG_CXX has already been expanded, run AC_LIBTOOL_CXX
-dnl immediately, otherwise, hook it in at the end of AC_PROG_CXX.
-  AC_PROVIDE_IFELSE([AC_PROG_CXX],
-    [AC_LIBTOOL_CXX],
-    [define([AC_PROG_CXX], defn([AC_PROG_CXX])[AC_LIBTOOL_CXX
-  ])])
-dnl And a similar setup for Fortran 77 support
-  AC_PROVIDE_IFELSE([AC_PROG_F77],
-    [AC_LIBTOOL_F77],
-    [define([AC_PROG_F77], defn([AC_PROG_F77])[AC_LIBTOOL_F77
-])])
-
-dnl Quote A][M_PROG_GCJ so that aclocal doesn't bring it in needlessly.
-dnl If either AC_PROG_GCJ or A][M_PROG_GCJ have already been expanded, run
-dnl AC_LIBTOOL_GCJ immediately, otherwise, hook it in at the end of both.
-  AC_PROVIDE_IFELSE([AC_PROG_GCJ],
-    [AC_LIBTOOL_GCJ],
-    [AC_PROVIDE_IFELSE([A][M_PROG_GCJ],
-      [AC_LIBTOOL_GCJ],
-      [AC_PROVIDE_IFELSE([LT_AC_PROG_GCJ],
-	[AC_LIBTOOL_GCJ],
-      [ifdef([AC_PROG_GCJ],
-	     [define([AC_PROG_GCJ], defn([AC_PROG_GCJ])[AC_LIBTOOL_GCJ])])
-       ifdef([A][M_PROG_GCJ],
-	     [define([A][M_PROG_GCJ], defn([A][M_PROG_GCJ])[AC_LIBTOOL_GCJ])])
-       ifdef([LT_AC_PROG_GCJ],
-	     [define([LT_AC_PROG_GCJ],
-		defn([LT_AC_PROG_GCJ])[AC_LIBTOOL_GCJ])])])])
-])])# AC_PROG_LIBTOOL
-
-
-# _AC_PROG_LIBTOOL
-# ----------------
-AC_DEFUN([_AC_PROG_LIBTOOL],
-[AC_REQUIRE([AC_LIBTOOL_SETUP])dnl
-AC_BEFORE([$0],[AC_LIBTOOL_CXX])dnl
-AC_BEFORE([$0],[AC_LIBTOOL_F77])dnl
-AC_BEFORE([$0],[AC_LIBTOOL_GCJ])dnl
-
-# This can be used to rebuild libtool when needed
-LIBTOOL_DEPS="$ac_aux_dir/ltmain.sh"
-
-# Always use our own libtool.
-LIBTOOL='$(SHELL) $(top_builddir)/libtool'
-AC_SUBST(LIBTOOL)dnl
-
-# Prevent multiple expansion
-define([AC_PROG_LIBTOOL], [])
-])# _AC_PROG_LIBTOOL
-
-
-# AC_LIBTOOL_SETUP
-# ----------------
-AC_DEFUN([AC_LIBTOOL_SETUP],
-[AC_PREREQ(2.50)dnl
-AC_REQUIRE([AC_ENABLE_SHARED])dnl
-AC_REQUIRE([AC_ENABLE_STATIC])dnl
-AC_REQUIRE([AC_ENABLE_FAST_INSTALL])dnl
-AC_REQUIRE([AC_CANONICAL_HOST])dnl
-AC_REQUIRE([AC_CANONICAL_BUILD])dnl
-AC_REQUIRE([AC_PROG_CC])dnl
-AC_REQUIRE([AC_PROG_LD])dnl
-AC_REQUIRE([AC_PROG_LD_RELOAD_FLAG])dnl
-AC_REQUIRE([AC_PROG_NM])dnl
-
-AC_REQUIRE([AC_PROG_LN_S])dnl
-AC_REQUIRE([AC_DEPLIBS_CHECK_METHOD])dnl
-# Autoconf 2.13's AC_OBJEXT and AC_EXEEXT macros only works for C compilers!
-AC_REQUIRE([AC_OBJEXT])dnl
-AC_REQUIRE([AC_EXEEXT])dnl
-dnl
-
-AC_LIBTOOL_SYS_MAX_CMD_LEN
-AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE
-AC_LIBTOOL_OBJDIR
-
-AC_REQUIRE([_LT_AC_SYS_COMPILER])dnl
-_LT_AC_PROG_ECHO_BACKSLASH
-
-case $host_os in
-aix3*)
-  # AIX sometimes has problems with the GCC collect2 program.  For some
-  # reason, if we set the COLLECT_NAMES environment variable, the problems
-  # vanish in a puff of smoke.
-  if test "X${COLLECT_NAMES+set}" != Xset; then
-    COLLECT_NAMES=
-    export COLLECT_NAMES
-  fi
-  ;;
-esac
-
-# Sed substitution that helps us do robust quoting.  It backslashifies
-# metacharacters that are still active within double-quoted strings.
-Xsed='sed -e 1s/^X//'
-[sed_quote_subst='s/\([\\"\\`$\\\\]\)/\\\1/g']
-
-# Same as above, but do not quote variable references.
-[double_quote_subst='s/\([\\"\\`\\\\]\)/\\\1/g']
-
-# Sed substitution to delay expansion of an escaped shell variable in a
-# double_quote_subst'ed string.
-delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
-
-# Sed substitution to avoid accidental globbing in evaled expressions
-no_glob_subst='s/\*/\\\*/g'
-
-# Constants:
-rm="rm -f"
-
-# Global variables:
-default_ofile=libtool
-can_build_shared=yes
-
-# All known linkers require a `.a' archive for static linking (except MSVC,
-# which needs '.lib').
-libext=a
-ltmain="$ac_aux_dir/ltmain.sh"
-ofile="$default_ofile"
-with_gnu_ld="$lt_cv_prog_gnu_ld"
-
-AC_CHECK_TOOL(AR, ar, false)
-AC_CHECK_TOOL(RANLIB, ranlib, :)
-AC_CHECK_TOOL(STRIP, strip, :)
-
-old_CC="$CC"
-old_CFLAGS="$CFLAGS"
-
-# Set sane defaults for various variables
-test -z "$AR" && AR=ar
-test -z "$AR_FLAGS" && AR_FLAGS=cru
-test -z "$AS" && AS=as
-test -z "$CC" && CC=cc
-test -z "$LTCC" && LTCC=$CC
-test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS
-test -z "$DLLTOOL" && DLLTOOL=dlltool
-test -z "$LD" && LD=ld
-test -z "$LN_S" && LN_S="ln -s"
-test -z "$MAGIC_CMD" && MAGIC_CMD=file
-test -z "$NM" && NM=nm
-test -z "$SED" && SED=sed
-test -z "$OBJDUMP" && OBJDUMP=objdump
-test -z "$RANLIB" && RANLIB=:
-test -z "$STRIP" && STRIP=:
-test -z "$ac_objext" && ac_objext=o
-
-# Determine commands to create old-style static archives.
-old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs$old_deplibs'
-old_postinstall_cmds='chmod 644 $oldlib'
-old_postuninstall_cmds=
-
-if test -n "$RANLIB"; then
-  case $host_os in
-  openbsd*)
-    old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib"
-    ;;
-  *)
-    old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib"
-    ;;
-  esac
-  old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib"
-fi
-
-_LT_CC_BASENAME([$compiler])
-
-# Only perform the check for file, if the check method requires it
-case $deplibs_check_method in
-file_magic*)
-  if test "$file_magic_cmd" = '$MAGIC_CMD'; then
-    AC_PATH_MAGIC
-  fi
-  ;;
-esac
-
-AC_PROVIDE_IFELSE([AC_LIBTOOL_DLOPEN], enable_dlopen=yes, enable_dlopen=no)
-AC_PROVIDE_IFELSE([AC_LIBTOOL_WIN32_DLL],
-enable_win32_dll=yes, enable_win32_dll=no)
-
-AC_ARG_ENABLE([libtool-lock],
-    [AC_HELP_STRING([--disable-libtool-lock],
-	[avoid locking (might break parallel builds)])])
-test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes
-
-AC_ARG_WITH([pic],
-    [AC_HELP_STRING([--with-pic],
-	[try to use only PIC/non-PIC objects @<:@default=use both@:>@])],
-    [pic_mode="$withval"],
-    [pic_mode=default])
-test -z "$pic_mode" && pic_mode=default
-
-# Use C for the default configuration in the libtool script
-tagname=
-AC_LIBTOOL_LANG_C_CONFIG
-_LT_AC_TAGCONFIG
-])# AC_LIBTOOL_SETUP
-
-
-# _LT_AC_SYS_COMPILER
-# -------------------
-AC_DEFUN([_LT_AC_SYS_COMPILER],
-[AC_REQUIRE([AC_PROG_CC])dnl
-
-# If no C compiler was specified, use CC.
-LTCC=${LTCC-"$CC"}
-
-# If no C compiler flags were specified, use CFLAGS.
-LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
-
-# Allow CC to be a program name with arguments.
-compiler=$CC
-])# _LT_AC_SYS_COMPILER
-
-
-# _LT_CC_BASENAME(CC)
-# -------------------
-# Calculate cc_basename.  Skip known compiler wrappers and cross-prefix.
-AC_DEFUN([_LT_CC_BASENAME],
-[for cc_temp in $1""; do
-  case $cc_temp in
-    compile | *[[\\/]]compile | ccache | *[[\\/]]ccache ) ;;
-    distcc | *[[\\/]]distcc | purify | *[[\\/]]purify ) ;;
-    \-*) ;;
-    *) break;;
-  esac
-done
-cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
-])
-
-
-# _LT_COMPILER_BOILERPLATE
-# ------------------------
-# Check for compiler boilerplate output or warnings with
-# the simple compiler test code.
-AC_DEFUN([_LT_COMPILER_BOILERPLATE],
-[ac_outfile=conftest.$ac_objext
-printf "$lt_simple_compile_test_code" >conftest.$ac_ext
-eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_compiler_boilerplate=`cat conftest.err`
-$rm conftest*
-])# _LT_COMPILER_BOILERPLATE
-
-
-# _LT_LINKER_BOILERPLATE
-# ----------------------
-# Check for linker boilerplate output or warnings with
-# the simple link test code.
-AC_DEFUN([_LT_LINKER_BOILERPLATE],
-[ac_outfile=conftest.$ac_objext
-printf "$lt_simple_link_test_code" >conftest.$ac_ext
-eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_linker_boilerplate=`cat conftest.err`
-$rm conftest*
-])# _LT_LINKER_BOILERPLATE
-
-
-# _LT_AC_SYS_LIBPATH_AIX
-# ----------------------
-# Links a minimal program and checks the executable
-# for the system default hardcoded library path. In most cases,
-# this is /usr/lib:/lib, but when the MPI compilers are used
-# the location of the communication and MPI libs are included too.
-# If we don't find anything, use the default library path according
-# to the aix ld manual.
-AC_DEFUN([_LT_AC_SYS_LIBPATH_AIX],
-[AC_LINK_IFELSE(AC_LANG_PROGRAM,[
-aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
-}'`
-# Check for a 64-bit object if we didn't find anything.
-if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
-}'`; fi],[])
-if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
-])# _LT_AC_SYS_LIBPATH_AIX
-
-
-# _LT_AC_SHELL_INIT(ARG)
-# ----------------------
-AC_DEFUN([_LT_AC_SHELL_INIT],
-[ifdef([AC_DIVERSION_NOTICE],
-	     [AC_DIVERT_PUSH(AC_DIVERSION_NOTICE)],
-	 [AC_DIVERT_PUSH(NOTICE)])
-$1
-AC_DIVERT_POP
-])# _LT_AC_SHELL_INIT
-
-
-# _LT_AC_PROG_ECHO_BACKSLASH
-# --------------------------
-# Add some code to the start of the generated configure script which
-# will find an echo command which doesn't interpret backslashes.
-AC_DEFUN([_LT_AC_PROG_ECHO_BACKSLASH],
-[_LT_AC_SHELL_INIT([
-# Check that we are running under the correct shell.
-SHELL=${CONFIG_SHELL-/bin/sh}
-
-case X$ECHO in
-X*--fallback-echo)
-  # Remove one level of quotation (which was required for Make).
-  ECHO=`echo "$ECHO" | sed 's,\\\\\[$]\\[$]0,'[$]0','`
-  ;;
-esac
-
-echo=${ECHO-echo}
-if test "X[$]1" = X--no-reexec; then
-  # Discard the --no-reexec flag, and continue.
-  shift
-elif test "X[$]1" = X--fallback-echo; then
-  # Avoid inline document here, it may be left over
-  :
-elif test "X`($echo '\t') 2>/dev/null`" = 'X\t' ; then
-  # Yippee, $echo works!
-  :
-else
-  # Restart under the correct shell.
-  exec $SHELL "[$]0" --no-reexec ${1+"[$]@"}
-fi
-
-if test "X[$]1" = X--fallback-echo; then
-  # used as fallback echo
-  shift
-  cat <<EOF
-[$]*
-EOF
-  exit 0
-fi
-
-# The HP-UX ksh and POSIX shell print the target directory to stdout
-# if CDPATH is set.
-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
-
-if test -z "$ECHO"; then
-if test "X${echo_test_string+set}" != Xset; then
-# find a string as large as possible, as long as the shell can cope with it
-  for cmd in 'sed 50q "[$]0"' 'sed 20q "[$]0"' 'sed 10q "[$]0"' 'sed 2q "[$]0"' 'echo test'; do
-    # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ...
-    if (echo_test_string=`eval $cmd`) 2>/dev/null &&
-       echo_test_string=`eval $cmd` &&
-       (test "X$echo_test_string" = "X$echo_test_string") 2>/dev/null
-    then
-      break
-    fi
-  done
-fi
-
-if test "X`($echo '\t') 2>/dev/null`" = 'X\t' &&
-   echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` &&
-   test "X$echo_testing_string" = "X$echo_test_string"; then
-  :
-else
-  # The Solaris, AIX, and Digital Unix default echo programs unquote
-  # backslashes.  This makes it impossible to quote backslashes using
-  #   echo "$something" | sed 's/\\/\\\\/g'
-  #
-  # So, first we look for a working echo in the user's PATH.
-
-  lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
-  for dir in $PATH /usr/ucb; do
-    IFS="$lt_save_ifs"
-    if (test -f $dir/echo || test -f $dir/echo$ac_exeext) &&
-       test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' &&
-       echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` &&
-       test "X$echo_testing_string" = "X$echo_test_string"; then
-      echo="$dir/echo"
-      break
-    fi
-  done
-  IFS="$lt_save_ifs"
-
-  if test "X$echo" = Xecho; then
-    # We didn't find a better echo, so look for alternatives.
-    if test "X`(print -r '\t') 2>/dev/null`" = 'X\t' &&
-       echo_testing_string=`(print -r "$echo_test_string") 2>/dev/null` &&
-       test "X$echo_testing_string" = "X$echo_test_string"; then
-      # This shell has a builtin print -r that does the trick.
-      echo='print -r'
-    elif (test -f /bin/ksh || test -f /bin/ksh$ac_exeext) &&
-	 test "X$CONFIG_SHELL" != X/bin/ksh; then
-      # If we have ksh, try running configure again with it.
-      ORIGINAL_CONFIG_SHELL=${CONFIG_SHELL-/bin/sh}
-      export ORIGINAL_CONFIG_SHELL
-      CONFIG_SHELL=/bin/ksh
-      export CONFIG_SHELL
-      exec $CONFIG_SHELL "[$]0" --no-reexec ${1+"[$]@"}
-    else
-      # Try using printf.
-      echo='printf %s\n'
-      if test "X`($echo '\t') 2>/dev/null`" = 'X\t' &&
-	 echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` &&
-	 test "X$echo_testing_string" = "X$echo_test_string"; then
-	# Cool, printf works
-	:
-      elif echo_testing_string=`($ORIGINAL_CONFIG_SHELL "[$]0" --fallback-echo '\t') 2>/dev/null` &&
-	   test "X$echo_testing_string" = 'X\t' &&
-	   echo_testing_string=`($ORIGINAL_CONFIG_SHELL "[$]0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
-	   test "X$echo_testing_string" = "X$echo_test_string"; then
-	CONFIG_SHELL=$ORIGINAL_CONFIG_SHELL
-	export CONFIG_SHELL
-	SHELL="$CONFIG_SHELL"
-	export SHELL
-	echo="$CONFIG_SHELL [$]0 --fallback-echo"
-      elif echo_testing_string=`($CONFIG_SHELL "[$]0" --fallback-echo '\t') 2>/dev/null` &&
-	   test "X$echo_testing_string" = 'X\t' &&
-	   echo_testing_string=`($CONFIG_SHELL "[$]0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
-	   test "X$echo_testing_string" = "X$echo_test_string"; then
-	echo="$CONFIG_SHELL [$]0 --fallback-echo"
-      else
-	# maybe with a smaller string...
-	prev=:
-
-	for cmd in 'echo test' 'sed 2q "[$]0"' 'sed 10q "[$]0"' 'sed 20q "[$]0"' 'sed 50q "[$]0"'; do
-	  if (test "X$echo_test_string" = "X`eval $cmd`") 2>/dev/null
-	  then
-	    break
-	  fi
-	  prev="$cmd"
-	done
-
-	if test "$prev" != 'sed 50q "[$]0"'; then
-	  echo_test_string=`eval $prev`
-	  export echo_test_string
-	  exec ${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}} "[$]0" ${1+"[$]@"}
-	else
-	  # Oops.  We lost completely, so just stick with echo.
-	  echo=echo
-	fi
-      fi
-    fi
-  fi
-fi
-fi
-
-# Copy echo and quote the copy suitably for passing to libtool from
-# the Makefile, instead of quoting the original, which is used later.
-ECHO=$echo
-if test "X$ECHO" = "X$CONFIG_SHELL [$]0 --fallback-echo"; then
-   ECHO="$CONFIG_SHELL \\\$\[$]0 --fallback-echo"
-fi
-
-AC_SUBST(ECHO)
-])])# _LT_AC_PROG_ECHO_BACKSLASH
-
-
-# _LT_AC_LOCK
-# -----------
-AC_DEFUN([_LT_AC_LOCK],
-[AC_ARG_ENABLE([libtool-lock],
-    [AC_HELP_STRING([--disable-libtool-lock],
-	[avoid locking (might break parallel builds)])])
-test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes
-
-# Some flags need to be propagated to the compiler or linker for good
-# libtool support.
-case $host in
-ia64-*-hpux*)
-  # Find out which ABI we are using.
-  echo 'int i;' > conftest.$ac_ext
-  if AC_TRY_EVAL(ac_compile); then
-    case `/usr/bin/file conftest.$ac_objext` in
-    *ELF-32*)
-      HPUX_IA64_MODE="32"
-      ;;
-    *ELF-64*)
-      HPUX_IA64_MODE="64"
-      ;;
-    esac
-  fi
-  rm -rf conftest*
-  ;;
-*-*-irix6*)
-  # Find out which ABI we are using.
-  echo '[#]line __oline__ "configure"' > conftest.$ac_ext
-  if AC_TRY_EVAL(ac_compile); then
-   if test "$lt_cv_prog_gnu_ld" = yes; then
-    case `/usr/bin/file conftest.$ac_objext` in
-    *32-bit*)
-      LD="${LD-ld} -melf32bsmip"
-      ;;
-    *N32*)
-      LD="${LD-ld} -melf32bmipn32"
-      ;;
-    *64-bit*)
-      LD="${LD-ld} -melf64bmip"
-      ;;
-    esac
-   else
-    case `/usr/bin/file conftest.$ac_objext` in
-    *32-bit*)
-      LD="${LD-ld} -32"
-      ;;
-    *N32*)
-      LD="${LD-ld} -n32"
-      ;;
-    *64-bit*)
-      LD="${LD-ld} -64"
-      ;;
-    esac
-   fi
-  fi
-  rm -rf conftest*
-  ;;
-
-x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*|s390*-*linux*|sparc*-*linux*)
-  # Find out which ABI we are using.
-  echo 'int i;' > conftest.$ac_ext
-  if AC_TRY_EVAL(ac_compile); then
-    case `/usr/bin/file conftest.o` in
-    *32-bit*)
-      case $host in
-        x86_64-*linux*)
-          LD="${LD-ld} -m elf_i386"
-          ;;
-        ppc64-*linux*|powerpc64-*linux*)
-          LD="${LD-ld} -m elf32ppclinux"
-          ;;
-        s390x-*linux*)
-          LD="${LD-ld} -m elf_s390"
-          ;;
-        sparc64-*linux*)
-          LD="${LD-ld} -m elf32_sparc"
-          ;;
-      esac
-      ;;
-    *64-bit*)
-      case $host in
-        x86_64-*linux*)
-          LD="${LD-ld} -m elf_x86_64"
-          ;;
-        ppc*-*linux*|powerpc*-*linux*)
-          LD="${LD-ld} -m elf64ppc"
-          ;;
-        s390*-*linux*)
-          LD="${LD-ld} -m elf64_s390"
-          ;;
-        sparc*-*linux*)
-          LD="${LD-ld} -m elf64_sparc"
-          ;;
-      esac
-      ;;
-    esac
-  fi
-  rm -rf conftest*
-  ;;
-
-*-*-sco3.2v5*)
-  # On SCO OpenServer 5, we need -belf to get full-featured binaries.
-  SAVE_CFLAGS="$CFLAGS"
-  CFLAGS="$CFLAGS -belf"
-  AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf,
-    [AC_LANG_PUSH(C)
-     AC_TRY_LINK([],[],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no])
-     AC_LANG_POP])
-  if test x"$lt_cv_cc_needs_belf" != x"yes"; then
-    # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
-    CFLAGS="$SAVE_CFLAGS"
-  fi
-  ;;
-sparc*-*solaris*)
-  # Find out which ABI we are using.
-  echo 'int i;' > conftest.$ac_ext
-  if AC_TRY_EVAL(ac_compile); then
-    case `/usr/bin/file conftest.o` in
-    *64-bit*)
-      case $lt_cv_prog_gnu_ld in
-      yes*) LD="${LD-ld} -m elf64_sparc" ;;
-      *)    LD="${LD-ld} -64" ;;
-      esac
-      ;;
-    esac
-  fi
-  rm -rf conftest*
-  ;;
-
-AC_PROVIDE_IFELSE([AC_LIBTOOL_WIN32_DLL],
-[*-*-cygwin* | *-*-mingw* | *-*-pw32*)
-  AC_CHECK_TOOL(DLLTOOL, dlltool, false)
-  AC_CHECK_TOOL(AS, as, false)
-  AC_CHECK_TOOL(OBJDUMP, objdump, false)
-  ;;
-  ])
-esac
-
-need_locks="$enable_libtool_lock"
-
-])# _LT_AC_LOCK
-
-
-# AC_LIBTOOL_COMPILER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS,
-#		[OUTPUT-FILE], [ACTION-SUCCESS], [ACTION-FAILURE])
-# ----------------------------------------------------------------
-# Check whether the given compiler option works
-AC_DEFUN([AC_LIBTOOL_COMPILER_OPTION],
-[AC_REQUIRE([LT_AC_PROG_SED])
-AC_CACHE_CHECK([$1], [$2],
-  [$2=no
-  ifelse([$4], , [ac_outfile=conftest.$ac_objext], [ac_outfile=$4])
-   printf "$lt_simple_compile_test_code" > conftest.$ac_ext
-   lt_compiler_flag="$3"
-   # Insert the option either (1) after the last *FLAGS variable, or
-   # (2) before a word containing "conftest.", or (3) at the end.
-   # Note that $ac_compile itself does not contain backslashes and begins
-   # with a dollar sign (not a hyphen), so the echo should work correctly.
-   # The option is referenced via a variable to avoid confusing sed.
-   lt_compile=`echo "$ac_compile" | $SED \
-   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-   -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \
-   -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:__oline__: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
-   (eval "$lt_compile" 2>conftest.err)
-   ac_status=$?
-   cat conftest.err >&AS_MESSAGE_LOG_FD
-   echo "$as_me:__oline__: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
-   if (exit $ac_status) && test -s "$ac_outfile"; then
-     # The compiler can only warn and ignore the option if not recognized
-     # So say no if there are warnings other than the usual output.
-     $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
-     $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
-     if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
-       $2=yes
-     fi
-   fi
-   $rm conftest*
-])
-
-if test x"[$]$2" = xyes; then
-    ifelse([$5], , :, [$5])
-else
-    ifelse([$6], , :, [$6])
-fi
-])# AC_LIBTOOL_COMPILER_OPTION
-
-
-# AC_LIBTOOL_LINKER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS,
-#                          [ACTION-SUCCESS], [ACTION-FAILURE])
-# ------------------------------------------------------------
-# Check whether the given compiler option works
-AC_DEFUN([AC_LIBTOOL_LINKER_OPTION],
-[AC_CACHE_CHECK([$1], [$2],
-  [$2=no
-   save_LDFLAGS="$LDFLAGS"
-   LDFLAGS="$LDFLAGS $3"
-   printf "$lt_simple_link_test_code" > conftest.$ac_ext
-   if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
-     # The linker can only warn and ignore the option if not recognized
-     # So say no if there are warnings
-     if test -s conftest.err; then
-       # Append any errors to the config.log.
-       cat conftest.err 1>&AS_MESSAGE_LOG_FD
-       $echo "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp
-       $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
-       if diff conftest.exp conftest.er2 >/dev/null; then
-         $2=yes
-       fi
-     else
-       $2=yes
-     fi
-   fi
-   $rm conftest*
-   LDFLAGS="$save_LDFLAGS"
-])
-
-if test x"[$]$2" = xyes; then
-    ifelse([$4], , :, [$4])
-else
-    ifelse([$5], , :, [$5])
-fi
-])# AC_LIBTOOL_LINKER_OPTION
-
-
-# AC_LIBTOOL_SYS_MAX_CMD_LEN
-# --------------------------
-AC_DEFUN([AC_LIBTOOL_SYS_MAX_CMD_LEN],
-[# find the maximum length of command line arguments
-AC_MSG_CHECKING([the maximum length of command line arguments])
-AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
-  i=0
-  teststring="ABCD"
-
-  case $build_os in
-  msdosdjgpp*)
-    # On DJGPP, this test can blow up pretty badly due to problems in libc
-    # (any single argument exceeding 2000 bytes causes a buffer overrun
-    # during glob expansion).  Even if it were fixed, the result of this
-    # check would be larger than it should be.
-    lt_cv_sys_max_cmd_len=12288;    # 12K is about right
-    ;;
-
-  gnu*)
-    # Under GNU Hurd, this test is not required because there is
-    # no limit to the length of command line arguments.
-    # Libtool will interpret -1 as no limit whatsoever
-    lt_cv_sys_max_cmd_len=-1;
-    ;;
-
-  cygwin* | mingw*)
-    # On Win9x/ME, this test blows up -- it succeeds, but takes
-    # about 5 minutes as the teststring grows exponentially.
-    # Worse, since 9x/ME are not pre-emptively multitasking,
-    # you end up with a "frozen" computer, even though with patience
-    # the test eventually succeeds (with a max line length of 256k).
-    # Instead, let's just punt: use the minimum linelength reported by
-    # all of the supported platforms: 8192 (on NT/2K/XP).
-    lt_cv_sys_max_cmd_len=8192;
-    ;;
-
-  amigaos*)
-    # On AmigaOS with pdksh, this test takes hours, literally.
-    # So we just punt and use a minimum line length of 8192.
-    lt_cv_sys_max_cmd_len=8192;
-    ;;
-
-  netbsd* | freebsd* | openbsd* | darwin* | dragonfly*)
-    # This has been around since 386BSD, at least.  Likely further.
-    if test -x /sbin/sysctl; then
-      lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
-    elif test -x /usr/sbin/sysctl; then
-      lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax`
-    else
-      lt_cv_sys_max_cmd_len=65536	# usable default for all BSDs
-    fi
-    # And add a safety zone
-    lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
-    lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
-    ;;
-
-  interix*)
-    # We know the value 262144 and hardcode it with a safety zone (like BSD)
-    lt_cv_sys_max_cmd_len=196608
-    ;;
-
-  osf*)
-    # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
-    # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
-    # nice to cause kernel panics so lets avoid the loop below.
-    # First set a reasonable default.
-    lt_cv_sys_max_cmd_len=16384
-    #
-    if test -x /sbin/sysconfig; then
-      case `/sbin/sysconfig -q proc exec_disable_arg_limit` in
-        *1*) lt_cv_sys_max_cmd_len=-1 ;;
-      esac
-    fi
-    ;;
-  sco3.2v5*)
-    lt_cv_sys_max_cmd_len=102400
-    ;;
-  sysv5* | sco5v6* | sysv4.2uw2*)
-    kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null`
-    if test -n "$kargmax"; then
-      lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[[ 	]]//'`
-    else
-      lt_cv_sys_max_cmd_len=32768
-    fi
-    ;;
-  *)
-    # If test is not a shell built-in, we'll probably end up computing a
-    # maximum length that is only half of the actual maximum length, but
-    # we can't tell.
-    SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}}
-    while (test "X"`$SHELL [$]0 --fallback-echo "X$teststring" 2>/dev/null` \
-	       = "XX$teststring") >/dev/null 2>&1 &&
-	    new_result=`expr "X$teststring" : ".*" 2>&1` &&
-	    lt_cv_sys_max_cmd_len=$new_result &&
-	    test $i != 17 # 1/2 MB should be enough
-    do
-      i=`expr $i + 1`
-      teststring=$teststring$teststring
-    done
-    teststring=
-    # Add a significant safety factor because C++ compilers can tack on massive
-    # amounts of additional arguments before passing them to the linker.
-    # It appears as though 1/2 is a usable value.
-    lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2`
-    ;;
-  esac
-])
-if test -n $lt_cv_sys_max_cmd_len ; then
-  AC_MSG_RESULT($lt_cv_sys_max_cmd_len)
-else
-  AC_MSG_RESULT(none)
-fi
-])# AC_LIBTOOL_SYS_MAX_CMD_LEN
-
-
-# _LT_AC_CHECK_DLFCN
-# ------------------
-AC_DEFUN([_LT_AC_CHECK_DLFCN],
-[AC_CHECK_HEADERS(dlfcn.h)dnl
-])# _LT_AC_CHECK_DLFCN
-
-
-# _LT_AC_TRY_DLOPEN_SELF (ACTION-IF-TRUE, ACTION-IF-TRUE-W-USCORE,
-#                           ACTION-IF-FALSE, ACTION-IF-CROSS-COMPILING)
-# ---------------------------------------------------------------------
-AC_DEFUN([_LT_AC_TRY_DLOPEN_SELF],
-[AC_REQUIRE([_LT_AC_CHECK_DLFCN])dnl
-if test "$cross_compiling" = yes; then :
-  [$4]
-else
-  lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
-  lt_status=$lt_dlunknown
-  cat > conftest.$ac_ext <<EOF
-[#line __oline__ "configure"
-#include "confdefs.h"
-
-#if HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-#include <stdio.h>
-
-#ifdef RTLD_GLOBAL
-#  define LT_DLGLOBAL		RTLD_GLOBAL
-#else
-#  ifdef DL_GLOBAL
-#    define LT_DLGLOBAL		DL_GLOBAL
-#  else
-#    define LT_DLGLOBAL		0
-#  endif
-#endif
-
-/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
-   find out it does not work in some platform. */
-#ifndef LT_DLLAZY_OR_NOW
-#  ifdef RTLD_LAZY
-#    define LT_DLLAZY_OR_NOW		RTLD_LAZY
-#  else
-#    ifdef DL_LAZY
-#      define LT_DLLAZY_OR_NOW		DL_LAZY
-#    else
-#      ifdef RTLD_NOW
-#        define LT_DLLAZY_OR_NOW	RTLD_NOW
-#      else
-#        ifdef DL_NOW
-#          define LT_DLLAZY_OR_NOW	DL_NOW
-#        else
-#          define LT_DLLAZY_OR_NOW	0
-#        endif
-#      endif
-#    endif
-#  endif
-#endif
-
-#ifdef __cplusplus
-extern "C" void exit (int);
-#endif
-
-void fnord() { int i=42;}
-int main ()
-{
-  void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
-  int status = $lt_dlunknown;
-
-  if (self)
-    {
-      if (dlsym (self,"fnord"))       status = $lt_dlno_uscore;
-      else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
-      /* dlclose (self); */
-    }
-  else
-    puts (dlerror ());
-
-    exit (status);
-}]
-EOF
-  if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext} 2>/dev/null; then
-    (./conftest; exit; ) >&AS_MESSAGE_LOG_FD 2>/dev/null
-    lt_status=$?
-    case x$lt_status in
-      x$lt_dlno_uscore) $1 ;;
-      x$lt_dlneed_uscore) $2 ;;
-      x$lt_dlunknown|x*) $3 ;;
-    esac
-  else :
-    # compilation failed
-    $3
-  fi
-fi
-rm -fr conftest*
-])# _LT_AC_TRY_DLOPEN_SELF
-
-
-# AC_LIBTOOL_DLOPEN_SELF
-# ----------------------
-AC_DEFUN([AC_LIBTOOL_DLOPEN_SELF],
-[AC_REQUIRE([_LT_AC_CHECK_DLFCN])dnl
-if test "x$enable_dlopen" != xyes; then
-  enable_dlopen=unknown
-  enable_dlopen_self=unknown
-  enable_dlopen_self_static=unknown
-else
-  lt_cv_dlopen=no
-  lt_cv_dlopen_libs=
-
-  case $host_os in
-  beos*)
-    lt_cv_dlopen="load_add_on"
-    lt_cv_dlopen_libs=
-    lt_cv_dlopen_self=yes
-    ;;
-
-  mingw* | pw32*)
-    lt_cv_dlopen="LoadLibrary"
-    lt_cv_dlopen_libs=
-   ;;
-
-  cygwin*)
-    lt_cv_dlopen="dlopen"
-    lt_cv_dlopen_libs=
-   ;;
-
-  darwin*)
-  # if libdl is installed we need to link against it
-    AC_CHECK_LIB([dl], [dlopen],
-		[lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"],[
-    lt_cv_dlopen="dyld"
-    lt_cv_dlopen_libs=
-    lt_cv_dlopen_self=yes
-    ])
-   ;;
-
-  *)
-    AC_CHECK_FUNC([shl_load],
-	  [lt_cv_dlopen="shl_load"],
-      [AC_CHECK_LIB([dld], [shl_load],
-	    [lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-dld"],
-	[AC_CHECK_FUNC([dlopen],
-	      [lt_cv_dlopen="dlopen"],
-	  [AC_CHECK_LIB([dl], [dlopen],
-		[lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"],
-	    [AC_CHECK_LIB([svld], [dlopen],
-		  [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"],
-	      [AC_CHECK_LIB([dld], [dld_link],
-		    [lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-dld"])
-	      ])
-	    ])
-	  ])
-	])
-      ])
-    ;;
-  esac
-
-  if test "x$lt_cv_dlopen" != xno; then
-    enable_dlopen=yes
-  else
-    enable_dlopen=no
-  fi
-
-  case $lt_cv_dlopen in
-  dlopen)
-    save_CPPFLAGS="$CPPFLAGS"
-    test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
-
-    save_LDFLAGS="$LDFLAGS"
-    wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
-
-    save_LIBS="$LIBS"
-    LIBS="$lt_cv_dlopen_libs $LIBS"
-
-    AC_CACHE_CHECK([whether a program can dlopen itself],
-	  lt_cv_dlopen_self, [dnl
-	  _LT_AC_TRY_DLOPEN_SELF(
-	    lt_cv_dlopen_self=yes, lt_cv_dlopen_self=yes,
-	    lt_cv_dlopen_self=no, lt_cv_dlopen_self=cross)
-    ])
-
-    if test "x$lt_cv_dlopen_self" = xyes; then
-      wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\"
-      AC_CACHE_CHECK([whether a statically linked program can dlopen itself],
-    	  lt_cv_dlopen_self_static, [dnl
-	  _LT_AC_TRY_DLOPEN_SELF(
-	    lt_cv_dlopen_self_static=yes, lt_cv_dlopen_self_static=yes,
-	    lt_cv_dlopen_self_static=no,  lt_cv_dlopen_self_static=cross)
-      ])
-    fi
-
-    CPPFLAGS="$save_CPPFLAGS"
-    LDFLAGS="$save_LDFLAGS"
-    LIBS="$save_LIBS"
-    ;;
-  esac
-
-  case $lt_cv_dlopen_self in
-  yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
-  *) enable_dlopen_self=unknown ;;
-  esac
-
-  case $lt_cv_dlopen_self_static in
-  yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
-  *) enable_dlopen_self_static=unknown ;;
-  esac
-fi
-])# AC_LIBTOOL_DLOPEN_SELF
-
-
-# AC_LIBTOOL_PROG_CC_C_O([TAGNAME])
-# ---------------------------------
-# Check to see if options -c and -o are simultaneously supported by compiler
-AC_DEFUN([AC_LIBTOOL_PROG_CC_C_O],
-[AC_REQUIRE([_LT_AC_SYS_COMPILER])dnl
-AC_CACHE_CHECK([if $compiler supports -c -o file.$ac_objext],
-  [_LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)],
-  [_LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)=no
-   $rm -r conftest 2>/dev/null
-   mkdir conftest
-   cd conftest
-   mkdir out
-   printf "$lt_simple_compile_test_code" > conftest.$ac_ext
-
-   lt_compiler_flag="-o out/conftest2.$ac_objext"
-   # Insert the option either (1) after the last *FLAGS variable, or
-   # (2) before a word containing "conftest.", or (3) at the end.
-   # Note that $ac_compile itself does not contain backslashes and begins
-   # with a dollar sign (not a hyphen), so the echo should work correctly.
-   lt_compile=`echo "$ac_compile" | $SED \
-   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-   -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \
-   -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:__oline__: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
-   (eval "$lt_compile" 2>out/conftest.err)
-   ac_status=$?
-   cat out/conftest.err >&AS_MESSAGE_LOG_FD
-   echo "$as_me:__oline__: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
-   if (exit $ac_status) && test -s out/conftest2.$ac_objext
-   then
-     # The compiler can only warn and ignore the option if not recognized
-     # So say no if there are warnings
-     $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
-     $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
-     if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
-       _LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes
-     fi
-   fi
-   chmod u+w . 2>&AS_MESSAGE_LOG_FD
-   $rm conftest*
-   # SGI C++ compiler will create directory out/ii_files/ for
-   # template instantiation
-   test -d out/ii_files && $rm out/ii_files/* && rmdir out/ii_files
-   $rm out/* && rmdir out
-   cd ..
-   rmdir conftest
-   $rm conftest*
-])
-])# AC_LIBTOOL_PROG_CC_C_O
-
-
-# AC_LIBTOOL_SYS_HARD_LINK_LOCKS([TAGNAME])
-# -----------------------------------------
-# Check to see if we can do hard links to lock some files if needed
-AC_DEFUN([AC_LIBTOOL_SYS_HARD_LINK_LOCKS],
-[AC_REQUIRE([_LT_AC_LOCK])dnl
-
-hard_links="nottested"
-if test "$_LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)" = no && test "$need_locks" != no; then
-  # do not overwrite the value of need_locks provided by the user
-  AC_MSG_CHECKING([if we can lock with hard links])
-  hard_links=yes
-  $rm conftest*
-  ln conftest.a conftest.b 2>/dev/null && hard_links=no
-  touch conftest.a
-  ln conftest.a conftest.b 2>&5 || hard_links=no
-  ln conftest.a conftest.b 2>/dev/null && hard_links=no
-  AC_MSG_RESULT([$hard_links])
-  if test "$hard_links" = no; then
-    AC_MSG_WARN([`$CC' does not support `-c -o', so `make -j' may be unsafe])
-    need_locks=warn
-  fi
-else
-  need_locks=no
-fi
-])# AC_LIBTOOL_SYS_HARD_LINK_LOCKS
-
-
-# AC_LIBTOOL_OBJDIR
-# -----------------
-AC_DEFUN([AC_LIBTOOL_OBJDIR],
-[AC_CACHE_CHECK([for objdir], [lt_cv_objdir],
-[rm -f .libs 2>/dev/null
-mkdir .libs 2>/dev/null
-if test -d .libs; then
-  lt_cv_objdir=.libs
-else
-  # MS-DOS does not allow filenames that begin with a dot.
-  lt_cv_objdir=_libs
-fi
-rmdir .libs 2>/dev/null])
-objdir=$lt_cv_objdir
-])# AC_LIBTOOL_OBJDIR
-
-
-# AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH([TAGNAME])
-# ----------------------------------------------
-# Check hardcoding attributes.
-AC_DEFUN([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH],
-[AC_MSG_CHECKING([how to hardcode library paths into programs])
-_LT_AC_TAGVAR(hardcode_action, $1)=
-if test -n "$_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)" || \
-   test -n "$_LT_AC_TAGVAR(runpath_var, $1)" || \
-   test "X$_LT_AC_TAGVAR(hardcode_automatic, $1)" = "Xyes" ; then
-
-  # We can hardcode non-existant directories.
-  if test "$_LT_AC_TAGVAR(hardcode_direct, $1)" != no &&
-     # If the only mechanism to avoid hardcoding is shlibpath_var, we
-     # have to relink, otherwise we might link with an installed library
-     # when we should be linking with a yet-to-be-installed one
-     ## test "$_LT_AC_TAGVAR(hardcode_shlibpath_var, $1)" != no &&
-     test "$_LT_AC_TAGVAR(hardcode_minus_L, $1)" != no; then
-    # Linking always hardcodes the temporary library directory.
-    _LT_AC_TAGVAR(hardcode_action, $1)=relink
-  else
-    # We can link without hardcoding, and we can hardcode nonexisting dirs.
-    _LT_AC_TAGVAR(hardcode_action, $1)=immediate
-  fi
-else
-  # We cannot hardcode anything, or else we can only hardcode existing
-  # directories.
-  _LT_AC_TAGVAR(hardcode_action, $1)=unsupported
-fi
-AC_MSG_RESULT([$_LT_AC_TAGVAR(hardcode_action, $1)])
-
-if test "$_LT_AC_TAGVAR(hardcode_action, $1)" = relink; then
-  # Fast installation is not supported
-  enable_fast_install=no
-elif test "$shlibpath_overrides_runpath" = yes ||
-     test "$enable_shared" = no; then
-  # Fast installation is not necessary
-  enable_fast_install=needless
-fi
-])# AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH
-
-
-# AC_LIBTOOL_SYS_LIB_STRIP
-# ------------------------
-AC_DEFUN([AC_LIBTOOL_SYS_LIB_STRIP],
-[striplib=
-old_striplib=
-AC_MSG_CHECKING([whether stripping libraries is possible])
-if test -n "$STRIP" && $STRIP -V 2>&1 | grep "GNU strip" >/dev/null; then
-  test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
-  test -z "$striplib" && striplib="$STRIP --strip-unneeded"
-  AC_MSG_RESULT([yes])
-else
-# FIXME - insert some real tests, host_os isn't really good enough
-  case $host_os in
-   darwin*)
-       if test -n "$STRIP" ; then
-         striplib="$STRIP -x"
-         AC_MSG_RESULT([yes])
-       else
-  AC_MSG_RESULT([no])
-fi
-       ;;
-   *)
-  AC_MSG_RESULT([no])
-    ;;
-  esac
-fi
-])# AC_LIBTOOL_SYS_LIB_STRIP
-
-
-# AC_LIBTOOL_SYS_DYNAMIC_LINKER
-# -----------------------------
-# PORTME Fill in your ld.so characteristics
-AC_DEFUN([AC_LIBTOOL_SYS_DYNAMIC_LINKER],
-[AC_MSG_CHECKING([dynamic linker characteristics])
-library_names_spec=
-libname_spec='lib$name'
-soname_spec=
-shrext_cmds=".so"
-postinstall_cmds=
-postuninstall_cmds=
-finish_cmds=
-finish_eval=
-shlibpath_var=
-shlibpath_overrides_runpath=unknown
-version_type=none
-dynamic_linker="$host_os ld.so"
-sys_lib_dlsearch_path_spec="/lib /usr/lib"
-if test "$GCC" = yes; then
-  sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
-  if echo "$sys_lib_search_path_spec" | grep ';' >/dev/null ; then
-    # if the path contains ";" then we assume it to be the separator
-    # otherwise default to the standard path separator (i.e. ":") - it is
-    # assumed that no part of a normal pathname contains ";" but that should
-    # okay in the real world where ";" in dirpaths is itself problematic.
-    sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
-  else
-    sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED  -e "s/$PATH_SEPARATOR/ /g"`
-  fi
-else
-  sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
-fi
-need_lib_prefix=unknown
-hardcode_into_libs=no
-
-# when you set need_version to no, make sure it does not cause -set_version
-# flags to be left without arguments
-need_version=unknown
-
-case $host_os in
-aix3*)
-  version_type=linux
-  library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
-  shlibpath_var=LIBPATH
-
-  # AIX 3 has no versioning support, so we append a major version to the name.
-  soname_spec='${libname}${release}${shared_ext}$major'
-  ;;
-
-aix4* | aix5*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  hardcode_into_libs=yes
-  if test "$host_cpu" = ia64; then
-    # AIX 5 supports IA64
-    library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}'
-    shlibpath_var=LD_LIBRARY_PATH
-  else
-    # With GCC up to 2.95.x, collect2 would create an import file
-    # for dependence libraries.  The import file would start with
-    # the line `#! .'.  This would cause the generated library to
-    # depend on `.', always an invalid library.  This was fixed in
-    # development snapshots of GCC prior to 3.0.
-    case $host_os in
-      aix4 | aix4.[[01]] | aix4.[[01]].*)
-      if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
-	   echo ' yes '
-	   echo '#endif'; } | ${CC} -E - | grep yes > /dev/null; then
-	:
-      else
-	can_build_shared=no
-      fi
-      ;;
-    esac
-    # AIX (on Power*) has no versioning support, so currently we can not hardcode correct
-    # soname into executable. Probably we can add versioning support to
-    # collect2, so additional links can be useful in future.
-    if test "$aix_use_runtimelinking" = yes; then
-      # If using run time linking (on AIX 4.2 or later) use lib<name>.so
-      # instead of lib<name>.a to let people know that these are not
-      # typical AIX shared libraries.
-      library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-    else
-      # We preserve .a as extension for shared libraries through AIX4.2
-      # and later when we are not doing run time linking.
-      library_names_spec='${libname}${release}.a $libname.a'
-      soname_spec='${libname}${release}${shared_ext}$major'
-    fi
-    shlibpath_var=LIBPATH
-  fi
-  ;;
-
-amigaos*)
-  library_names_spec='$libname.ixlibrary $libname.a'
-  # Create ${libname}_ixlibrary.a entries in /sys/libs.
-  finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
-  ;;
-
-beos*)
-  library_names_spec='${libname}${shared_ext}'
-  dynamic_linker="$host_os ld.so"
-  shlibpath_var=LIBRARY_PATH
-  ;;
-
-bsdi[[45]]*)
-  version_type=linux
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
-  sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
-  # the default ld.so.conf also contains /usr/contrib/lib and
-  # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
-  # libtool to hard-code these into programs
-  ;;
-
-cygwin* | mingw* | pw32*)
-  version_type=windows
-  shrext_cmds=".dll"
-  need_version=no
-  need_lib_prefix=no
-
-  case $GCC,$host_os in
-  yes,cygwin* | yes,mingw* | yes,pw32*)
-    library_names_spec='$libname.dll.a'
-    # DLL is installed to $(libdir)/../bin by postinstall_cmds
-    postinstall_cmds='base_file=`basename \${file}`~
-      dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i;echo \$dlname'\''`~
-      dldir=$destdir/`dirname \$dlpath`~
-      test -d \$dldir || mkdir -p \$dldir~
-      $install_prog $dir/$dlname \$dldir/$dlname~
-      chmod a+x \$dldir/$dlname'
-    postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
-      dlpath=$dir/\$dldll~
-       $rm \$dlpath'
-    shlibpath_overrides_runpath=yes
-
-    case $host_os in
-    cygwin*)
-      # Cygwin DLLs use 'cyg' prefix rather than 'lib'
-      soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}'
-      sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib"
-      ;;
-    mingw*)
-      # MinGW DLLs use traditional 'lib' prefix
-      soname_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}'
-      sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
-      if echo "$sys_lib_search_path_spec" | [grep ';[c-zC-Z]:/' >/dev/null]; then
-        # It is most probably a Windows format PATH printed by
-        # mingw gcc, but we are running on Cygwin. Gcc prints its search
-        # path with ; separators, and with drive letters. We can handle the
-        # drive letters (cygwin fileutils understands them), so leave them,
-        # especially as we might pass files found there to a mingw objdump,
-        # which wouldn't understand a cygwinified path. Ahh.
-        sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
-      else
-        sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED  -e "s/$PATH_SEPARATOR/ /g"`
-      fi
-      ;;
-    pw32*)
-      # pw32 DLLs use 'pw' prefix rather than 'lib'
-      library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}'
-      ;;
-    esac
-    ;;
-
-  *)
-    library_names_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext} $libname.lib'
-    ;;
-  esac
-  dynamic_linker='Win32 ld.exe'
-  # FIXME: first we should search . and the directory the executable is in
-  shlibpath_var=PATH
-  ;;
-
-darwin* | rhapsody*)
-  dynamic_linker="$host_os dyld"
-  version_type=darwin
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext ${libname}${release}${versuffix}$shared_ext'
-  soname_spec='${libname}${release}${major}$shared_ext'
-  shlibpath_overrides_runpath=yes
-  shlibpath_var=DYLD_LIBRARY_PATH
-  shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
-  # Apple's gcc prints 'gcc -print-search-dirs' doesn't operate the same.
-  if test "$GCC" = yes; then
-    sys_lib_search_path_spec=`$CC -print-search-dirs | tr "\n" "$PATH_SEPARATOR" | sed -e 's/libraries:/@libraries:/' | tr "@" "\n" | grep "^libraries:" | sed -e "s/^libraries://" -e "s,=/,/,g" -e "s,$PATH_SEPARATOR, ,g" -e "s,.*,& /lib /usr/lib /usr/local/lib,g"`
-  else
-    sys_lib_search_path_spec='/lib /usr/lib /usr/local/lib'
-  fi
-  sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
-  ;;
-
-dgux*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-freebsd1*)
-  dynamic_linker=no
-  ;;
-
-kfreebsd*-gnu)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  hardcode_into_libs=yes
-  dynamic_linker='GNU ld.so'
-  ;;
-
-freebsd* | dragonfly*)
-  # DragonFly does not have aout.  When/if they implement a new
-  # versioning mechanism, adjust this.
-  if test -x /usr/bin/objformat; then
-    objformat=`/usr/bin/objformat`
-  else
-    case $host_os in
-    freebsd[[123]]*) objformat=aout ;;
-    *) objformat=elf ;;
-    esac
-  fi
-  version_type=freebsd-$objformat
-  case $version_type in
-    freebsd-elf*)
-      library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
-      need_version=no
-      need_lib_prefix=no
-      ;;
-    freebsd-*)
-      library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix'
-      need_version=yes
-      ;;
-  esac
-  shlibpath_var=LD_LIBRARY_PATH
-  case $host_os in
-  freebsd2*)
-    shlibpath_overrides_runpath=yes
-    ;;
-  freebsd3.[[01]]* | freebsdelf3.[[01]]*)
-    shlibpath_overrides_runpath=yes
-    hardcode_into_libs=yes
-    ;;
-  freebsd3.[[2-9]]* | freebsdelf3.[[2-9]]* | \
-  freebsd4.[[0-5]] | freebsdelf4.[[0-5]] | freebsd4.1.1 | freebsdelf4.1.1)
-    shlibpath_overrides_runpath=no
-    hardcode_into_libs=yes
-    ;;
-  freebsd*) # from 4.6 on
-    shlibpath_overrides_runpath=yes
-    hardcode_into_libs=yes
-    ;;
-  esac
-  ;;
-
-gnu*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  hardcode_into_libs=yes
-  ;;
-
-hpux9* | hpux10* | hpux11*)
-  # Give a soname corresponding to the major version so that dld.sl refuses to
-  # link against other versions.
-  version_type=sunos
-  need_lib_prefix=no
-  need_version=no
-  case $host_cpu in
-  ia64*)
-    shrext_cmds='.so'
-    hardcode_into_libs=yes
-    dynamic_linker="$host_os dld.so"
-    shlibpath_var=LD_LIBRARY_PATH
-    shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
-    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-    soname_spec='${libname}${release}${shared_ext}$major'
-    if test "X$HPUX_IA64_MODE" = X32; then
-      sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
-    else
-      sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
-    fi
-    sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
-    ;;
-   hppa*64*)
-     shrext_cmds='.sl'
-     hardcode_into_libs=yes
-     dynamic_linker="$host_os dld.sl"
-     shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
-     shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
-     library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-     soname_spec='${libname}${release}${shared_ext}$major'
-     sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
-     sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
-     ;;
-   *)
-    shrext_cmds='.sl'
-    dynamic_linker="$host_os dld.sl"
-    shlibpath_var=SHLIB_PATH
-    shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
-    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-    soname_spec='${libname}${release}${shared_ext}$major'
-    ;;
-  esac
-  # HP-UX runs *really* slowly unless shared libraries are mode 555.
-  postinstall_cmds='chmod 555 $lib'
-  ;;
-
-interix3*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  hardcode_into_libs=yes
-  ;;
-
-irix5* | irix6* | nonstopux*)
-  case $host_os in
-    nonstopux*) version_type=nonstopux ;;
-    *)
-	if test "$lt_cv_prog_gnu_ld" = yes; then
-		version_type=linux
-	else
-		version_type=irix
-	fi ;;
-  esac
-  need_lib_prefix=no
-  need_version=no
-  soname_spec='${libname}${release}${shared_ext}$major'
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}'
-  case $host_os in
-  irix5* | nonstopux*)
-    libsuff= shlibsuff=
-    ;;
-  *)
-    case $LD in # libtool.m4 will add one of these switches to LD
-    *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
-      libsuff= shlibsuff= libmagic=32-bit;;
-    *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
-      libsuff=32 shlibsuff=N32 libmagic=N32;;
-    *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
-      libsuff=64 shlibsuff=64 libmagic=64-bit;;
-    *) libsuff= shlibsuff= libmagic=never-match;;
-    esac
-    ;;
-  esac
-  shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
-  shlibpath_overrides_runpath=no
-  sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
-  sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
-  hardcode_into_libs=yes
-  ;;
-
-# No shared lib support for Linux oldld, aout, or coff.
-linux*oldld* | linux*aout* | linux*coff*)
-  dynamic_linker=no
-  ;;
-
-# This must be Linux ELF.
-linux*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  # This implies no fast_install, which is unacceptable.
-  # Some rework will be needed to allow for fast_install
-  # before this can be enabled.
-  hardcode_into_libs=yes
-
-  # Append ld.so.conf contents to the search path
-  if test -f /etc/ld.so.conf; then
-    lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
-    sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
-  fi
-
-  # We used to test for /lib/ld.so.1 and disable shared libraries on
-  # powerpc, because MkLinux only supported shared libraries with the
-  # GNU dynamic linker.  Since this was broken with cross compilers,
-  # most powerpc-linux boxes support dynamic linking these days and
-  # people can always --disable-shared, the test was removed, and we
-  # assume the GNU/Linux dynamic linker is in use.
-  dynamic_linker='GNU/Linux ld.so'
-  ;;
-
-knetbsd*-gnu)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  hardcode_into_libs=yes
-  dynamic_linker='GNU ld.so'
-  ;;
-
-netbsd*)
-  version_type=sunos
-  need_lib_prefix=no
-  need_version=no
-  if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
-    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
-    finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
-    dynamic_linker='NetBSD (a.out) ld.so'
-  else
-    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
-    soname_spec='${libname}${release}${shared_ext}$major'
-    dynamic_linker='NetBSD ld.elf_so'
-  fi
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  hardcode_into_libs=yes
-  ;;
-
-newsos6)
-  version_type=linux
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  ;;
-
-nto-qnx*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  ;;
-
-openbsd*)
-  version_type=sunos
-  sys_lib_dlsearch_path_spec="/usr/lib"
-  need_lib_prefix=no
-  # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs.
-  case $host_os in
-    openbsd3.3 | openbsd3.3.*) need_version=yes ;;
-    *)                         need_version=no  ;;
-  esac
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
-    case $host_os in
-      openbsd2.[[89]] | openbsd2.[[89]].*)
-	shlibpath_overrides_runpath=no
-	;;
-      *)
-	shlibpath_overrides_runpath=yes
-	;;
-      esac
-  else
-    shlibpath_overrides_runpath=yes
-  fi
-  ;;
-
-os2*)
-  libname_spec='$name'
-  shrext_cmds=".dll"
-  need_lib_prefix=no
-  library_names_spec='$libname${shared_ext} $libname.a'
-  dynamic_linker='OS/2 ld.exe'
-  shlibpath_var=LIBPATH
-  ;;
-
-osf3* | osf4* | osf5*)
-  version_type=osf
-  need_lib_prefix=no
-  need_version=no
-  soname_spec='${libname}${release}${shared_ext}$major'
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-  shlibpath_var=LD_LIBRARY_PATH
-  sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
-  sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
-  ;;
-
-solaris*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  hardcode_into_libs=yes
-  # ldd complains unless libraries are executable
-  postinstall_cmds='chmod +x $lib'
-  ;;
-
-sunos4*)
-  version_type=sunos
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
-  finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  if test "$with_gnu_ld" = yes; then
-    need_lib_prefix=no
-  fi
-  need_version=yes
-  ;;
-
-sysv4 | sysv4.3*)
-  version_type=linux
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  case $host_vendor in
-    sni)
-      shlibpath_overrides_runpath=no
-      need_lib_prefix=no
-      export_dynamic_flag_spec='${wl}-Blargedynsym'
-      runpath_var=LD_RUN_PATH
-      ;;
-    siemens)
-      need_lib_prefix=no
-      ;;
-    motorola)
-      need_lib_prefix=no
-      need_version=no
-      shlibpath_overrides_runpath=no
-      sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
-      ;;
-  esac
-  ;;
-
-sysv4*MP*)
-  if test -d /usr/nec ;then
-    version_type=linux
-    library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
-    soname_spec='$libname${shared_ext}.$major'
-    shlibpath_var=LD_LIBRARY_PATH
-  fi
-  ;;
-
-sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
-  version_type=freebsd-elf
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  hardcode_into_libs=yes
-  if test "$with_gnu_ld" = yes; then
-    sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
-    shlibpath_overrides_runpath=no
-  else
-    sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
-    shlibpath_overrides_runpath=yes
-    case $host_os in
-      sco3.2v5*)
-        sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
-	;;
-    esac
-  fi
-  sys_lib_dlsearch_path_spec='/usr/lib'
-  ;;
-
-uts4*)
-  version_type=linux
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-*)
-  dynamic_linker=no
-  ;;
-esac
-AC_MSG_RESULT([$dynamic_linker])
-test "$dynamic_linker" = no && can_build_shared=no
-
-variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
-if test "$GCC" = yes; then
-  variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
-fi
-])# AC_LIBTOOL_SYS_DYNAMIC_LINKER
-
-
-# _LT_AC_TAGCONFIG
-# ----------------
-AC_DEFUN([_LT_AC_TAGCONFIG],
-[AC_ARG_WITH([tags],
-    [AC_HELP_STRING([--with-tags@<:@=TAGS@:>@],
-        [include additional configurations @<:@automatic@:>@])],
-    [tagnames="$withval"])
-
-if test -f "$ltmain" && test -n "$tagnames"; then
-  if test ! -f "${ofile}"; then
-    AC_MSG_WARN([output file `$ofile' does not exist])
-  fi
-
-  if test -z "$LTCC"; then
-    eval "`$SHELL ${ofile} --config | grep '^LTCC='`"
-    if test -z "$LTCC"; then
-      AC_MSG_WARN([output file `$ofile' does not look like a libtool script])
-    else
-      AC_MSG_WARN([using `LTCC=$LTCC', extracted from `$ofile'])
-    fi
-  fi
-  if test -z "$LTCFLAGS"; then
-    eval "`$SHELL ${ofile} --config | grep '^LTCFLAGS='`"
-  fi
-
-  # Extract list of available tagged configurations in $ofile.
-  # Note that this assumes the entire list is on one line.
-  available_tags=`grep "^available_tags=" "${ofile}" | $SED -e 's/available_tags=\(.*$\)/\1/' -e 's/\"//g'`
-
-  lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
-  for tagname in $tagnames; do
-    IFS="$lt_save_ifs"
-    # Check whether tagname contains only valid characters
-    case `$echo "X$tagname" | $Xsed -e 's:[[-_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890,/]]::g'` in
-    "") ;;
-    *)  AC_MSG_ERROR([invalid tag name: $tagname])
-	;;
-    esac
-
-    if grep "^# ### BEGIN LIBTOOL TAG CONFIG: $tagname$" < "${ofile}" > /dev/null
-    then
-      AC_MSG_ERROR([tag name \"$tagname\" already exists])
-    fi
-
-    # Update the list of available tags.
-    if test -n "$tagname"; then
-      echo appending configuration tag \"$tagname\" to $ofile
-
-      case $tagname in
-      CXX)
-	if test -n "$CXX" && ( test "X$CXX" != "Xno" &&
-	    ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) ||
-	    (test "X$CXX" != "Xg++"))) ; then
-	  AC_LIBTOOL_LANG_CXX_CONFIG
-	else
-	  tagname=""
-	fi
-	;;
-
-      F77)
-	if test -n "$F77" && test "X$F77" != "Xno"; then
-	  AC_LIBTOOL_LANG_F77_CONFIG
-	else
-	  tagname=""
-	fi
-	;;
-
-      GCJ)
-	if test -n "$GCJ" && test "X$GCJ" != "Xno"; then
-	  AC_LIBTOOL_LANG_GCJ_CONFIG
-	else
-	  tagname=""
-	fi
-	;;
-
-      RC)
-	AC_LIBTOOL_LANG_RC_CONFIG
-	;;
-
-      *)
-	AC_MSG_ERROR([Unsupported tag name: $tagname])
-	;;
-      esac
-
-      # Append the new tag name to the list of available tags.
-      if test -n "$tagname" ; then
-      available_tags="$available_tags $tagname"
-    fi
-    fi
-  done
-  IFS="$lt_save_ifs"
-
-  # Now substitute the updated list of available tags.
-  if eval "sed -e 's/^available_tags=.*\$/available_tags=\"$available_tags\"/' \"$ofile\" > \"${ofile}T\""; then
-    mv "${ofile}T" "$ofile"
-    chmod +x "$ofile"
-  else
-    rm -f "${ofile}T"
-    AC_MSG_ERROR([unable to update list of available tagged configurations.])
-  fi
-fi
-])# _LT_AC_TAGCONFIG
-
-
-# AC_LIBTOOL_DLOPEN
-# -----------------
-# enable checks for dlopen support
-AC_DEFUN([AC_LIBTOOL_DLOPEN],
- [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])
-])# AC_LIBTOOL_DLOPEN
-
-
-# AC_LIBTOOL_WIN32_DLL
-# --------------------
-# declare package support for building win32 DLLs
-AC_DEFUN([AC_LIBTOOL_WIN32_DLL],
-[AC_BEFORE([$0], [AC_LIBTOOL_SETUP])
-])# AC_LIBTOOL_WIN32_DLL
-
-
-# AC_ENABLE_SHARED([DEFAULT])
-# ---------------------------
-# implement the --enable-shared flag
-# DEFAULT is either `yes' or `no'.  If omitted, it defaults to `yes'.
-AC_DEFUN([AC_ENABLE_SHARED],
-[define([AC_ENABLE_SHARED_DEFAULT], ifelse($1, no, no, yes))dnl
-AC_ARG_ENABLE([shared],
-    [AC_HELP_STRING([--enable-shared@<:@=PKGS@:>@],
-	[build shared libraries @<:@default=]AC_ENABLE_SHARED_DEFAULT[@:>@])],
-    [p=${PACKAGE-default}
-    case $enableval in
-    yes) enable_shared=yes ;;
-    no) enable_shared=no ;;
-    *)
-      enable_shared=no
-      # Look at the argument we got.  We use all the common list separators.
-      lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
-      for pkg in $enableval; do
-	IFS="$lt_save_ifs"
-	if test "X$pkg" = "X$p"; then
-	  enable_shared=yes
-	fi
-      done
-      IFS="$lt_save_ifs"
-      ;;
-    esac],
-    [enable_shared=]AC_ENABLE_SHARED_DEFAULT)
-])# AC_ENABLE_SHARED
-
-
-# AC_DISABLE_SHARED
-# -----------------
-# set the default shared flag to --disable-shared
-AC_DEFUN([AC_DISABLE_SHARED],
-[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
-AC_ENABLE_SHARED(no)
-])# AC_DISABLE_SHARED
-
-
-# AC_ENABLE_STATIC([DEFAULT])
-# ---------------------------
-# implement the --enable-static flag
-# DEFAULT is either `yes' or `no'.  If omitted, it defaults to `yes'.
-AC_DEFUN([AC_ENABLE_STATIC],
-[define([AC_ENABLE_STATIC_DEFAULT], ifelse($1, no, no, yes))dnl
-AC_ARG_ENABLE([static],
-    [AC_HELP_STRING([--enable-static@<:@=PKGS@:>@],
-	[build static libraries @<:@default=]AC_ENABLE_STATIC_DEFAULT[@:>@])],
-    [p=${PACKAGE-default}
-    case $enableval in
-    yes) enable_static=yes ;;
-    no) enable_static=no ;;
-    *)
-     enable_static=no
-      # Look at the argument we got.  We use all the common list separators.
-      lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
-      for pkg in $enableval; do
-	IFS="$lt_save_ifs"
-	if test "X$pkg" = "X$p"; then
-	  enable_static=yes
-	fi
-      done
-      IFS="$lt_save_ifs"
-      ;;
-    esac],
-    [enable_static=]AC_ENABLE_STATIC_DEFAULT)
-])# AC_ENABLE_STATIC
-
-
-# AC_DISABLE_STATIC
-# -----------------
-# set the default static flag to --disable-static
-AC_DEFUN([AC_DISABLE_STATIC],
-[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
-AC_ENABLE_STATIC(no)
-])# AC_DISABLE_STATIC
-
-
-# AC_ENABLE_FAST_INSTALL([DEFAULT])
-# ---------------------------------
-# implement the --enable-fast-install flag
-# DEFAULT is either `yes' or `no'.  If omitted, it defaults to `yes'.
-AC_DEFUN([AC_ENABLE_FAST_INSTALL],
-[define([AC_ENABLE_FAST_INSTALL_DEFAULT], ifelse($1, no, no, yes))dnl
-AC_ARG_ENABLE([fast-install],
-    [AC_HELP_STRING([--enable-fast-install@<:@=PKGS@:>@],
-    [optimize for fast installation @<:@default=]AC_ENABLE_FAST_INSTALL_DEFAULT[@:>@])],
-    [p=${PACKAGE-default}
-    case $enableval in
-    yes) enable_fast_install=yes ;;
-    no) enable_fast_install=no ;;
-    *)
-      enable_fast_install=no
-      # Look at the argument we got.  We use all the common list separators.
-      lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
-      for pkg in $enableval; do
-	IFS="$lt_save_ifs"
-	if test "X$pkg" = "X$p"; then
-	  enable_fast_install=yes
-	fi
-      done
-      IFS="$lt_save_ifs"
-      ;;
-    esac],
-    [enable_fast_install=]AC_ENABLE_FAST_INSTALL_DEFAULT)
-])# AC_ENABLE_FAST_INSTALL
-
-
-# AC_DISABLE_FAST_INSTALL
-# -----------------------
-# set the default to --disable-fast-install
-AC_DEFUN([AC_DISABLE_FAST_INSTALL],
-[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
-AC_ENABLE_FAST_INSTALL(no)
-])# AC_DISABLE_FAST_INSTALL
-
-
-# AC_LIBTOOL_PICMODE([MODE])
-# --------------------------
-# implement the --with-pic flag
-# MODE is either `yes' or `no'.  If omitted, it defaults to `both'.
-AC_DEFUN([AC_LIBTOOL_PICMODE],
-[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
-pic_mode=ifelse($#,1,$1,default)
-])# AC_LIBTOOL_PICMODE
-
-
-# AC_PROG_EGREP
-# -------------
-# This is predefined starting with Autoconf 2.54, so this conditional
-# definition can be removed once we require Autoconf 2.54 or later.
-m4_ifndef([AC_PROG_EGREP], [AC_DEFUN([AC_PROG_EGREP],
-[AC_CACHE_CHECK([for egrep], [ac_cv_prog_egrep],
-   [if echo a | (grep -E '(a|b)') >/dev/null 2>&1
-    then ac_cv_prog_egrep='grep -E'
-    else ac_cv_prog_egrep='egrep'
-    fi])
- EGREP=$ac_cv_prog_egrep
- AC_SUBST([EGREP])
-])])
-
-
-# AC_PATH_TOOL_PREFIX
-# -------------------
-# find a file program which can recognise shared library
-AC_DEFUN([AC_PATH_TOOL_PREFIX],
-[AC_REQUIRE([AC_PROG_EGREP])dnl
-AC_MSG_CHECKING([for $1])
-AC_CACHE_VAL(lt_cv_path_MAGIC_CMD,
-[case $MAGIC_CMD in
-[[\\/*] |  ?:[\\/]*])
-  lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path.
-  ;;
-*)
-  lt_save_MAGIC_CMD="$MAGIC_CMD"
-  lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
-dnl $ac_dummy forces splitting on constant user-supplied paths.
-dnl POSIX.2 word splitting is done only on the output of word expansions,
-dnl not every word.  This closes a longstanding sh security hole.
-  ac_dummy="ifelse([$2], , $PATH, [$2])"
-  for ac_dir in $ac_dummy; do
-    IFS="$lt_save_ifs"
-    test -z "$ac_dir" && ac_dir=.
-    if test -f $ac_dir/$1; then
-      lt_cv_path_MAGIC_CMD="$ac_dir/$1"
-      if test -n "$file_magic_test_file"; then
-	case $deplibs_check_method in
-	"file_magic "*)
-	  file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
-	  MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
-	  if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
-	    $EGREP "$file_magic_regex" > /dev/null; then
-	    :
-	  else
-	    cat <<EOF 1>&2
-
-*** Warning: the command libtool uses to detect shared libraries,
-*** $file_magic_cmd, produces output that libtool cannot recognize.
-*** The result is that libtool may fail to recognize shared libraries
-*** as such.  This will affect the creation of libtool libraries that
-*** depend on shared libraries, but programs linked with such libtool
-*** libraries will work regardless of this problem.  Nevertheless, you
-*** may want to report the problem to your system manager and/or to
-*** bug-libtool@gnu.org
-
-EOF
-	  fi ;;
-	esac
-      fi
-      break
-    fi
-  done
-  IFS="$lt_save_ifs"
-  MAGIC_CMD="$lt_save_MAGIC_CMD"
-  ;;
-esac])
-MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
-if test -n "$MAGIC_CMD"; then
-  AC_MSG_RESULT($MAGIC_CMD)
-else
-  AC_MSG_RESULT(no)
-fi
-])# AC_PATH_TOOL_PREFIX
-
-
-# AC_PATH_MAGIC
-# -------------
-# find a file program which can recognise a shared library
-AC_DEFUN([AC_PATH_MAGIC],
-[AC_PATH_TOOL_PREFIX(${ac_tool_prefix}file, /usr/bin$PATH_SEPARATOR$PATH)
-if test -z "$lt_cv_path_MAGIC_CMD"; then
-  if test -n "$ac_tool_prefix"; then
-    AC_PATH_TOOL_PREFIX(file, /usr/bin$PATH_SEPARATOR$PATH)
-  else
-    MAGIC_CMD=:
-  fi
-fi
-])# AC_PATH_MAGIC
-
-
-# AC_PROG_LD
-# ----------
-# find the pathname to the GNU or non-GNU linker
-AC_DEFUN([AC_PROG_LD],
-[AC_ARG_WITH([gnu-ld],
-    [AC_HELP_STRING([--with-gnu-ld],
-	[assume the C compiler uses GNU ld @<:@default=no@:>@])],
-    [test "$withval" = no || with_gnu_ld=yes],
-    [with_gnu_ld=no])
-AC_REQUIRE([LT_AC_PROG_SED])dnl
-AC_REQUIRE([AC_PROG_CC])dnl
-AC_REQUIRE([AC_CANONICAL_HOST])dnl
-AC_REQUIRE([AC_CANONICAL_BUILD])dnl
-ac_prog=ld
-if test "$GCC" = yes; then
-  # Check if gcc -print-prog-name=ld gives a path.
-  AC_MSG_CHECKING([for ld used by $CC])
-  case $host in
-  *-*-mingw*)
-    # gcc leaves a trailing carriage return which upsets mingw
-    ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
-  *)
-    ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
-  esac
-  case $ac_prog in
-    # Accept absolute paths.
-    [[\\/]]* | ?:[[\\/]]*)
-      re_direlt='/[[^/]][[^/]]*/\.\./'
-      # Canonicalize the pathname of ld
-      ac_prog=`echo $ac_prog| $SED 's%\\\\%/%g'`
-      while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do
-	ac_prog=`echo $ac_prog| $SED "s%$re_direlt%/%"`
-      done
-      test -z "$LD" && LD="$ac_prog"
-      ;;
-  "")
-    # If it fails, then pretend we aren't using GCC.
-    ac_prog=ld
-    ;;
-  *)
-    # If it is relative, then search for the first ld in PATH.
-    with_gnu_ld=unknown
-    ;;
-  esac
-elif test "$with_gnu_ld" = yes; then
-  AC_MSG_CHECKING([for GNU ld])
-else
-  AC_MSG_CHECKING([for non-GNU ld])
-fi
-AC_CACHE_VAL(lt_cv_path_LD,
-[if test -z "$LD"; then
-  lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
-  for ac_dir in $PATH; do
-    IFS="$lt_save_ifs"
-    test -z "$ac_dir" && ac_dir=.
-    if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
-      lt_cv_path_LD="$ac_dir/$ac_prog"
-      # Check to see if the program is GNU ld.  I'd rather use --version,
-      # but apparently some variants of GNU ld only accept -v.
-      # Break only if it was the GNU/non-GNU ld that we prefer.
-      case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
-      *GNU* | *'with BFD'*)
-	test "$with_gnu_ld" != no && break
-	;;
-      *)
-	test "$with_gnu_ld" != yes && break
-	;;
-      esac
-    fi
-  done
-  IFS="$lt_save_ifs"
-else
-  lt_cv_path_LD="$LD" # Let the user override the test with a path.
-fi])
-LD="$lt_cv_path_LD"
-if test -n "$LD"; then
-  AC_MSG_RESULT($LD)
-else
-  AC_MSG_RESULT(no)
-fi
-test -z "$LD" && AC_MSG_ERROR([no acceptable ld found in \$PATH])
-AC_PROG_LD_GNU
-])# AC_PROG_LD
-
-
-# AC_PROG_LD_GNU
-# --------------
-AC_DEFUN([AC_PROG_LD_GNU],
-[AC_REQUIRE([AC_PROG_EGREP])dnl
-AC_CACHE_CHECK([if the linker ($LD) is GNU ld], lt_cv_prog_gnu_ld,
-[# I'd rather use --version here, but apparently some GNU lds only accept -v.
-case `$LD -v 2>&1 </dev/null` in
-*GNU* | *'with BFD'*)
-  lt_cv_prog_gnu_ld=yes
-  ;;
-*)
-  lt_cv_prog_gnu_ld=no
-  ;;
-esac])
-with_gnu_ld=$lt_cv_prog_gnu_ld
-])# AC_PROG_LD_GNU
-
-
-# AC_PROG_LD_RELOAD_FLAG
-# ----------------------
-# find reload flag for linker
-#   -- PORTME Some linkers may need a different reload flag.
-AC_DEFUN([AC_PROG_LD_RELOAD_FLAG],
-[AC_CACHE_CHECK([for $LD option to reload object files],
-  lt_cv_ld_reload_flag,
-  [lt_cv_ld_reload_flag='-r'])
-reload_flag=$lt_cv_ld_reload_flag
-case $reload_flag in
-"" | " "*) ;;
-*) reload_flag=" $reload_flag" ;;
-esac
-reload_cmds='$LD$reload_flag -o $output$reload_objs'
-case $host_os in
-  darwin*)
-    if test "$GCC" = yes; then
-      reload_cmds='$LTCC $LTCFLAGS -nostdlib ${wl}-r -o $output$reload_objs'
-    else
-      reload_cmds='$LD$reload_flag -o $output$reload_objs'
-    fi
-    ;;
-esac
-])# AC_PROG_LD_RELOAD_FLAG
-
-
-# AC_DEPLIBS_CHECK_METHOD
-# -----------------------
-# how to check for library dependencies
-#  -- PORTME fill in with the dynamic library characteristics
-AC_DEFUN([AC_DEPLIBS_CHECK_METHOD],
-[AC_CACHE_CHECK([how to recognise dependent libraries],
-lt_cv_deplibs_check_method,
-[lt_cv_file_magic_cmd='$MAGIC_CMD'
-lt_cv_file_magic_test_file=
-lt_cv_deplibs_check_method='unknown'
-# Need to set the preceding variable on all platforms that support
-# interlibrary dependencies.
-# 'none' -- dependencies not supported.
-# `unknown' -- same as none, but documents that we really don't know.
-# 'pass_all' -- all dependencies passed with no checks.
-# 'test_compile' -- check by making test program.
-# 'file_magic [[regex]]' -- check by looking for files in library path
-# which responds to the $file_magic_cmd with a given extended regex.
-# If you have `file' or equivalent on your system and you're not sure
-# whether `pass_all' will *always* work, you probably want this one.
-
-case $host_os in
-aix4* | aix5*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-beos*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-bsdi[[45]]*)
-  lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib)'
-  lt_cv_file_magic_cmd='/usr/bin/file -L'
-  lt_cv_file_magic_test_file=/shlib/libc.so
-  ;;
-
-cygwin*)
-  # func_win32_libid is a shell function defined in ltmain.sh
-  lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
-  lt_cv_file_magic_cmd='func_win32_libid'
-  ;;
-
-mingw* | pw32*)
-  # Base MSYS/MinGW do not provide the 'file' command needed by
-  # func_win32_libid shell function, so use a weaker test based on 'objdump'.
-  lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?'
-  lt_cv_file_magic_cmd='$OBJDUMP -f'
-  ;;
-
-darwin* | rhapsody*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-freebsd* | kfreebsd*-gnu | dragonfly*)
-  if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then
-    case $host_cpu in
-    i*86 )
-      # Not sure whether the presence of OpenBSD here was a mistake.
-      # Let's accept both of them until this is cleared up.
-      lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[[3-9]]86 (compact )?demand paged shared library'
-      lt_cv_file_magic_cmd=/usr/bin/file
-      lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
-      ;;
-    esac
-  else
-    lt_cv_deplibs_check_method=pass_all
-  fi
-  ;;
-
-gnu*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-hpux10.20* | hpux11*)
-  lt_cv_file_magic_cmd=/usr/bin/file
-  case $host_cpu in
-  ia64*)
-    lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|ELF-[[0-9]][[0-9]]) shared object file - IA64'
-    lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so
-    ;;
-  hppa*64*)
-    [lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - PA-RISC [0-9].[0-9]']
-    lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl
-    ;;
-  *)
-    lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|PA-RISC[[0-9]].[[0-9]]) shared library'
-    lt_cv_file_magic_test_file=/usr/lib/libc.sl
-    ;;
-  esac
-  ;;
-
-interix3*)
-  # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here
-  lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|\.a)$'
-  ;;
-
-irix5* | irix6* | nonstopux*)
-  case $LD in
-  *-32|*"-32 ") libmagic=32-bit;;
-  *-n32|*"-n32 ") libmagic=N32;;
-  *-64|*"-64 ") libmagic=64-bit;;
-  *) libmagic=never-match;;
-  esac
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-# This must be Linux ELF.
-linux*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-netbsd*)
-  if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then
-    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
-  else
-    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|_pic\.a)$'
-  fi
-  ;;
-
-newos6*)
-  lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (executable|dynamic lib)'
-  lt_cv_file_magic_cmd=/usr/bin/file
-  lt_cv_file_magic_test_file=/usr/lib/libnls.so
-  ;;
-
-nto-qnx*)
-  lt_cv_deplibs_check_method=unknown
-  ;;
-
-openbsd*)
-  if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
-    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|\.so|_pic\.a)$'
-  else
-    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
-  fi
-  ;;
-
-osf3* | osf4* | osf5*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-solaris*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-sysv4 | sysv4.3*)
-  case $host_vendor in
-  motorola)
-    lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib) M[[0-9]][[0-9]]* Version [[0-9]]'
-    lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*`
-    ;;
-  ncr)
-    lt_cv_deplibs_check_method=pass_all
-    ;;
-  sequent)
-    lt_cv_file_magic_cmd='/bin/file'
-    lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB (shared object|dynamic lib )'
-    ;;
-  sni)
-    lt_cv_file_magic_cmd='/bin/file'
-    lt_cv_deplibs_check_method="file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB dynamic lib"
-    lt_cv_file_magic_test_file=/lib/libc.so
-    ;;
-  siemens)
-    lt_cv_deplibs_check_method=pass_all
-    ;;
-  pc)
-    lt_cv_deplibs_check_method=pass_all
-    ;;
-  esac
-  ;;
-
-sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-esac
-])
-file_magic_cmd=$lt_cv_file_magic_cmd
-deplibs_check_method=$lt_cv_deplibs_check_method
-test -z "$deplibs_check_method" && deplibs_check_method=unknown
-])# AC_DEPLIBS_CHECK_METHOD
-
-
-# AC_PROG_NM
-# ----------
-# find the pathname to a BSD-compatible name lister
-AC_DEFUN([AC_PROG_NM],
-[AC_CACHE_CHECK([for BSD-compatible nm], lt_cv_path_NM,
-[if test -n "$NM"; then
-  # Let the user override the test.
-  lt_cv_path_NM="$NM"
-else
-  lt_nm_to_check="${ac_tool_prefix}nm"
-  if test -n "$ac_tool_prefix" && test "$build" = "$host"; then 
-    lt_nm_to_check="$lt_nm_to_check nm"
-  fi
-  for lt_tmp_nm in $lt_nm_to_check; do
-    lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
-    for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do
-      IFS="$lt_save_ifs"
-      test -z "$ac_dir" && ac_dir=.
-      tmp_nm="$ac_dir/$lt_tmp_nm"
-      if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then
-	# Check to see if the nm accepts a BSD-compat flag.
-	# Adding the `sed 1q' prevents false positives on HP-UX, which says:
-	#   nm: unknown option "B" ignored
-	# Tru64's nm complains that /dev/null is an invalid object file
-	case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in
-	*/dev/null* | *'Invalid file or object type'*)
-	  lt_cv_path_NM="$tmp_nm -B"
-	  break
-	  ;;
-	*)
-	  case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
-	  */dev/null*)
-	    lt_cv_path_NM="$tmp_nm -p"
-	    break
-	    ;;
-	  *)
-	    lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
-	    continue # so that we can try to find one that supports BSD flags
-	    ;;
-	  esac
-	  ;;
-	esac
-      fi
-    done
-    IFS="$lt_save_ifs"
-  done
-  test -z "$lt_cv_path_NM" && lt_cv_path_NM=nm
-fi])
-NM="$lt_cv_path_NM"
-])# AC_PROG_NM
-
-
-# AC_CHECK_LIBM
-# -------------
-# check for math library
-AC_DEFUN([AC_CHECK_LIBM],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-LIBM=
-case $host in
-*-*-beos* | *-*-cygwin* | *-*-pw32* | *-*-darwin*)
-  # These system don't have libm, or don't need it
-  ;;
-*-ncr-sysv4.3*)
-  AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM="-lmw")
-  AC_CHECK_LIB(m, cos, LIBM="$LIBM -lm")
-  ;;
-*)
-  AC_CHECK_LIB(m, cos, LIBM="-lm")
-  ;;
-esac
-])# AC_CHECK_LIBM
-
-
-# AC_LIBLTDL_CONVENIENCE([DIRECTORY])
-# -----------------------------------
-# sets LIBLTDL to the link flags for the libltdl convenience library and
-# LTDLINCL to the include flags for the libltdl header and adds
-# --enable-ltdl-convenience to the configure arguments.  Note that
-# AC_CONFIG_SUBDIRS is not called here.  If DIRECTORY is not provided,
-# it is assumed to be `libltdl'.  LIBLTDL will be prefixed with
-# '${top_builddir}/' and LTDLINCL will be prefixed with '${top_srcdir}/'
-# (note the single quotes!).  If your package is not flat and you're not
-# using automake, define top_builddir and top_srcdir appropriately in
-# the Makefiles.
-AC_DEFUN([AC_LIBLTDL_CONVENIENCE],
-[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
-  case $enable_ltdl_convenience in
-  no) AC_MSG_ERROR([this package needs a convenience libltdl]) ;;
-  "") enable_ltdl_convenience=yes
-      ac_configure_args="$ac_configure_args --enable-ltdl-convenience" ;;
-  esac
-  LIBLTDL='${top_builddir}/'ifelse($#,1,[$1],['libltdl'])/libltdlc.la
-  LTDLINCL='-I${top_srcdir}/'ifelse($#,1,[$1],['libltdl'])
-  # For backwards non-gettext consistent compatibility...
-  INCLTDL="$LTDLINCL"
-])# AC_LIBLTDL_CONVENIENCE
-
-
-# AC_LIBLTDL_INSTALLABLE([DIRECTORY])
-# -----------------------------------
-# sets LIBLTDL to the link flags for the libltdl installable library and
-# LTDLINCL to the include flags for the libltdl header and adds
-# --enable-ltdl-install to the configure arguments.  Note that
-# AC_CONFIG_SUBDIRS is not called here.  If DIRECTORY is not provided,
-# and an installed libltdl is not found, it is assumed to be `libltdl'.
-# LIBLTDL will be prefixed with '${top_builddir}/'# and LTDLINCL with
-# '${top_srcdir}/' (note the single quotes!).  If your package is not
-# flat and you're not using automake, define top_builddir and top_srcdir
-# appropriately in the Makefiles.
-# In the future, this macro may have to be called after AC_PROG_LIBTOOL.
-AC_DEFUN([AC_LIBLTDL_INSTALLABLE],
-[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
-  AC_CHECK_LIB(ltdl, lt_dlinit,
-  [test x"$enable_ltdl_install" != xyes && enable_ltdl_install=no],
-  [if test x"$enable_ltdl_install" = xno; then
-     AC_MSG_WARN([libltdl not installed, but installation disabled])
-   else
-     enable_ltdl_install=yes
-   fi
-  ])
-  if test x"$enable_ltdl_install" = x"yes"; then
-    ac_configure_args="$ac_configure_args --enable-ltdl-install"
-    LIBLTDL='${top_builddir}/'ifelse($#,1,[$1],['libltdl'])/libltdl.la
-    LTDLINCL='-I${top_srcdir}/'ifelse($#,1,[$1],['libltdl'])
-  else
-    ac_configure_args="$ac_configure_args --enable-ltdl-install=no"
-    LIBLTDL="-lltdl"
-    LTDLINCL=
-  fi
-  # For backwards non-gettext consistent compatibility...
-  INCLTDL="$LTDLINCL"
-])# AC_LIBLTDL_INSTALLABLE
-
-
-# AC_LIBTOOL_CXX
-# --------------
-# enable support for C++ libraries
-AC_DEFUN([AC_LIBTOOL_CXX],
-[AC_REQUIRE([_LT_AC_LANG_CXX])
-])# AC_LIBTOOL_CXX
-
-
-# _LT_AC_LANG_CXX
-# ---------------
-AC_DEFUN([_LT_AC_LANG_CXX],
-[AC_REQUIRE([AC_PROG_CXX])
-AC_REQUIRE([_LT_AC_PROG_CXXCPP])
-_LT_AC_SHELL_INIT([tagnames=${tagnames+${tagnames},}CXX])
-])# _LT_AC_LANG_CXX
-
-# _LT_AC_PROG_CXXCPP
-# ------------------
-AC_DEFUN([_LT_AC_PROG_CXXCPP],
-[
-AC_REQUIRE([AC_PROG_CXX])
-if test -n "$CXX" && ( test "X$CXX" != "Xno" &&
-    ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) ||
-    (test "X$CXX" != "Xg++"))) ; then
-  AC_PROG_CXXCPP
-fi
-])# _LT_AC_PROG_CXXCPP
-
-# AC_LIBTOOL_F77
-# --------------
-# enable support for Fortran 77 libraries
-AC_DEFUN([AC_LIBTOOL_F77],
-[AC_REQUIRE([_LT_AC_LANG_F77])
-])# AC_LIBTOOL_F77
-
-
-# _LT_AC_LANG_F77
-# ---------------
-AC_DEFUN([_LT_AC_LANG_F77],
-[AC_REQUIRE([AC_PROG_F77])
-_LT_AC_SHELL_INIT([tagnames=${tagnames+${tagnames},}F77])
-])# _LT_AC_LANG_F77
-
-
-# AC_LIBTOOL_GCJ
-# --------------
-# enable support for GCJ libraries
-AC_DEFUN([AC_LIBTOOL_GCJ],
-[AC_REQUIRE([_LT_AC_LANG_GCJ])
-])# AC_LIBTOOL_GCJ
-
-
-# _LT_AC_LANG_GCJ
-# ---------------
-AC_DEFUN([_LT_AC_LANG_GCJ],
-[AC_PROVIDE_IFELSE([AC_PROG_GCJ],[],
-  [AC_PROVIDE_IFELSE([A][M_PROG_GCJ],[],
-    [AC_PROVIDE_IFELSE([LT_AC_PROG_GCJ],[],
-      [ifdef([AC_PROG_GCJ],[AC_REQUIRE([AC_PROG_GCJ])],
-	 [ifdef([A][M_PROG_GCJ],[AC_REQUIRE([A][M_PROG_GCJ])],
-	   [AC_REQUIRE([A][C_PROG_GCJ_OR_A][M_PROG_GCJ])])])])])])
-_LT_AC_SHELL_INIT([tagnames=${tagnames+${tagnames},}GCJ])
-])# _LT_AC_LANG_GCJ
-
-
-# AC_LIBTOOL_RC
-# -------------
-# enable support for Windows resource files
-AC_DEFUN([AC_LIBTOOL_RC],
-[AC_REQUIRE([LT_AC_PROG_RC])
-_LT_AC_SHELL_INIT([tagnames=${tagnames+${tagnames},}RC])
-])# AC_LIBTOOL_RC
-
-
-# AC_LIBTOOL_LANG_C_CONFIG
-# ------------------------
-# Ensure that the configuration vars for the C compiler are
-# suitably defined.  Those variables are subsequently used by
-# AC_LIBTOOL_CONFIG to write the compiler configuration to `libtool'.
-AC_DEFUN([AC_LIBTOOL_LANG_C_CONFIG], [_LT_AC_LANG_C_CONFIG])
-AC_DEFUN([_LT_AC_LANG_C_CONFIG],
-[lt_save_CC="$CC"
-AC_LANG_PUSH(C)
-
-# Source file extension for C test sources.
-ac_ext=c
-
-# Object file extension for compiled C test sources.
-objext=o
-_LT_AC_TAGVAR(objext, $1)=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code="int some_variable = 0;\n"
-
-# Code to be used in simple link tests
-lt_simple_link_test_code='int main(){return(0);}\n'
-
-_LT_AC_SYS_COMPILER
-
-# save warnings/boilerplate of simple test code
-_LT_COMPILER_BOILERPLATE
-_LT_LINKER_BOILERPLATE
-
-AC_LIBTOOL_PROG_COMPILER_NO_RTTI($1)
-AC_LIBTOOL_PROG_COMPILER_PIC($1)
-AC_LIBTOOL_PROG_CC_C_O($1)
-AC_LIBTOOL_SYS_HARD_LINK_LOCKS($1)
-AC_LIBTOOL_PROG_LD_SHLIBS($1)
-AC_LIBTOOL_SYS_DYNAMIC_LINKER($1)
-AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH($1)
-AC_LIBTOOL_SYS_LIB_STRIP
-AC_LIBTOOL_DLOPEN_SELF
-
-# Report which library types will actually be built
-AC_MSG_CHECKING([if libtool supports shared libraries])
-AC_MSG_RESULT([$can_build_shared])
-
-AC_MSG_CHECKING([whether to build shared libraries])
-test "$can_build_shared" = "no" && enable_shared=no
-
-# On AIX, shared libraries and static libraries use the same namespace, and
-# are all built from PIC.
-case $host_os in
-aix3*)
-  test "$enable_shared" = yes && enable_static=no
-  if test -n "$RANLIB"; then
-    archive_cmds="$archive_cmds~\$RANLIB \$lib"
-    postinstall_cmds='$RANLIB $lib'
-  fi
-  ;;
-
-aix4* | aix5*)
-  if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
-    test "$enable_shared" = yes && enable_static=no
-  fi
-    ;;
-esac
-AC_MSG_RESULT([$enable_shared])
-
-AC_MSG_CHECKING([whether to build static libraries])
-# Make sure either enable_shared or enable_static is yes.
-test "$enable_shared" = yes || enable_static=yes
-AC_MSG_RESULT([$enable_static])
-
-AC_LIBTOOL_CONFIG($1)
-
-AC_LANG_POP
-CC="$lt_save_CC"
-])# AC_LIBTOOL_LANG_C_CONFIG
-
-
-# AC_LIBTOOL_LANG_CXX_CONFIG
-# --------------------------
-# Ensure that the configuration vars for the C compiler are
-# suitably defined.  Those variables are subsequently used by
-# AC_LIBTOOL_CONFIG to write the compiler configuration to `libtool'.
-AC_DEFUN([AC_LIBTOOL_LANG_CXX_CONFIG], [_LT_AC_LANG_CXX_CONFIG(CXX)])
-AC_DEFUN([_LT_AC_LANG_CXX_CONFIG],
-[AC_LANG_PUSH(C++)
-AC_REQUIRE([AC_PROG_CXX])
-AC_REQUIRE([_LT_AC_PROG_CXXCPP])
-
-_LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
-_LT_AC_TAGVAR(allow_undefined_flag, $1)=
-_LT_AC_TAGVAR(always_export_symbols, $1)=no
-_LT_AC_TAGVAR(archive_expsym_cmds, $1)=
-_LT_AC_TAGVAR(export_dynamic_flag_spec, $1)=
-_LT_AC_TAGVAR(hardcode_direct, $1)=no
-_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)=
-_LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
-_LT_AC_TAGVAR(hardcode_libdir_separator, $1)=
-_LT_AC_TAGVAR(hardcode_minus_L, $1)=no
-_LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
-_LT_AC_TAGVAR(hardcode_automatic, $1)=no
-_LT_AC_TAGVAR(module_cmds, $1)=
-_LT_AC_TAGVAR(module_expsym_cmds, $1)=
-_LT_AC_TAGVAR(link_all_deplibs, $1)=unknown
-_LT_AC_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_AC_TAGVAR(no_undefined_flag, $1)=
-_LT_AC_TAGVAR(whole_archive_flag_spec, $1)=
-_LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=no
-
-# Dependencies to place before and after the object being linked:
-_LT_AC_TAGVAR(predep_objects, $1)=
-_LT_AC_TAGVAR(postdep_objects, $1)=
-_LT_AC_TAGVAR(predeps, $1)=
-_LT_AC_TAGVAR(postdeps, $1)=
-_LT_AC_TAGVAR(compiler_lib_search_path, $1)=
-
-# Source file extension for C++ test sources.
-ac_ext=cpp
-
-# Object file extension for compiled C++ test sources.
-objext=o
-_LT_AC_TAGVAR(objext, $1)=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code="int some_variable = 0;\n"
-
-# Code to be used in simple link tests
-lt_simple_link_test_code='int main(int, char *[[]]) { return(0); }\n'
-
-# ltmain only uses $CC for tagged configurations so make sure $CC is set.
-_LT_AC_SYS_COMPILER
-
-# save warnings/boilerplate of simple test code
-_LT_COMPILER_BOILERPLATE
-_LT_LINKER_BOILERPLATE
-
-# Allow CC to be a program name with arguments.
-lt_save_CC=$CC
-lt_save_LD=$LD
-lt_save_GCC=$GCC
-GCC=$GXX
-lt_save_with_gnu_ld=$with_gnu_ld
-lt_save_path_LD=$lt_cv_path_LD
-if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then
-  lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx
-else
-  $as_unset lt_cv_prog_gnu_ld
-fi
-if test -n "${lt_cv_path_LDCXX+set}"; then
-  lt_cv_path_LD=$lt_cv_path_LDCXX
-else
-  $as_unset lt_cv_path_LD
-fi
-test -z "${LDCXX+set}" || LD=$LDCXX
-CC=${CXX-"c++"}
-compiler=$CC
-_LT_AC_TAGVAR(compiler, $1)=$CC
-_LT_CC_BASENAME([$compiler])
-
-# We don't want -fno-exception wen compiling C++ code, so set the
-# no_builtin_flag separately
-if test "$GXX" = yes; then
-  _LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin'
-else
-  _LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
-fi
-
-if test "$GXX" = yes; then
-  # Set up default GNU C++ configuration
-
-  AC_PROG_LD
-
-  # Check if GNU C++ uses GNU ld as the underlying linker, since the
-  # archiving commands below assume that GNU ld is being used.
-  if test "$with_gnu_ld" = yes; then
-    _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
-    _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
-
-    _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir'
-    _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
-
-    # If archive_cmds runs LD, not CC, wlarc should be empty
-    # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to
-    #     investigate it a little bit more. (MM)
-    wlarc='${wl}'
-
-    # ancient GNU ld didn't support --whole-archive et. al.
-    if eval "`$CC -print-prog-name=ld` --help 2>&1" | \
-	grep 'no-whole-archive' > /dev/null; then
-      _LT_AC_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
-    else
-      _LT_AC_TAGVAR(whole_archive_flag_spec, $1)=
-    fi
-  else
-    with_gnu_ld=no
-    wlarc=
-
-    # A generic and very simple default shared library creation
-    # command for GNU C++ for the case where it uses the native
-    # linker, instead of GNU ld.  If possible, this setting should
-    # overridden to take advantage of the native linker features on
-    # the platform it is being used on.
-    _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
-  fi
-
-  # Commands to make compiler produce verbose output that lists
-  # what "hidden" libraries, object files and flags are used when
-  # linking a shared library.
-  output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"'
-
-else
-  GXX=no
-  with_gnu_ld=no
-  wlarc=
-fi
-
-# PORTME: fill in a description of your system's C++ link characteristics
-AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries])
-_LT_AC_TAGVAR(ld_shlibs, $1)=yes
-case $host_os in
-  aix3*)
-    # FIXME: insert proper C++ library support
-    _LT_AC_TAGVAR(ld_shlibs, $1)=no
-    ;;
-  aix4* | aix5*)
-    if test "$host_cpu" = ia64; then
-      # On IA64, the linker does run time linking by default, so we don't
-      # have to do anything special.
-      aix_use_runtimelinking=no
-      exp_sym_flag='-Bexport'
-      no_entry_flag=""
-    else
-      aix_use_runtimelinking=no
-
-      # Test if we are trying to use run time linking or normal
-      # AIX style linking. If -brtl is somewhere in LDFLAGS, we
-      # need to do runtime linking.
-      case $host_os in aix4.[[23]]|aix4.[[23]].*|aix5*)
-	for ld_flag in $LDFLAGS; do
-	  case $ld_flag in
-	  *-brtl*)
-	    aix_use_runtimelinking=yes
-	    break
-	    ;;
-	  esac
-	done
-	;;
-      esac
-
-      exp_sym_flag='-bexport'
-      no_entry_flag='-bnoentry'
-    fi
-
-    # When large executables or shared objects are built, AIX ld can
-    # have problems creating the table of contents.  If linking a library
-    # or program results in "error TOC overflow" add -mminimal-toc to
-    # CXXFLAGS/CFLAGS for g++/gcc.  In the cases where that is not
-    # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
-
-    _LT_AC_TAGVAR(archive_cmds, $1)=''
-    _LT_AC_TAGVAR(hardcode_direct, $1)=yes
-    _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=':'
-    _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
-
-    if test "$GXX" = yes; then
-      case $host_os in aix4.[[012]]|aix4.[[012]].*)
-      # We only want to do this on AIX 4.2 and lower, the check
-      # below for broken collect2 doesn't work under 4.3+
-	collect2name=`${CC} -print-prog-name=collect2`
-	if test -f "$collect2name" && \
-	   strings "$collect2name" | grep resolve_lib_name >/dev/null
-	then
-	  # We have reworked collect2
-	  _LT_AC_TAGVAR(hardcode_direct, $1)=yes
-	else
-	  # We have old collect2
-	  _LT_AC_TAGVAR(hardcode_direct, $1)=unsupported
-	  # It fails to find uninstalled libraries when the uninstalled
-	  # path is not listed in the libpath.  Setting hardcode_minus_L
-	  # to unsupported forces relinking
-	  _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
-	  _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-	  _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=
-	fi
-	;;
-      esac
-      shared_flag='-shared'
-      if test "$aix_use_runtimelinking" = yes; then
-	shared_flag="$shared_flag "'${wl}-G'
-      fi
-    else
-      # not using gcc
-      if test "$host_cpu" = ia64; then
-	# VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
-	# chokes on -Wl,-G. The following line is correct:
-	shared_flag='-G'
-      else
-	if test "$aix_use_runtimelinking" = yes; then
-	  shared_flag='${wl}-G'
-	else
-	  shared_flag='${wl}-bM:SRE'
-	fi
-      fi
-    fi
-
-    # It seems that -bexpall does not export symbols beginning with
-    # underscore (_), so it is better to generate a list of symbols to export.
-    _LT_AC_TAGVAR(always_export_symbols, $1)=yes
-    if test "$aix_use_runtimelinking" = yes; then
-      # Warning - without using the other runtime loading flags (-brtl),
-      # -berok will link without error, but may produce a broken library.
-      _LT_AC_TAGVAR(allow_undefined_flag, $1)='-berok'
-      # Determine the default libpath from the value encoded in an empty executable.
-      _LT_AC_SYS_LIBPATH_AIX
-      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
-
-      _LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
-     else
-      if test "$host_cpu" = ia64; then
-	_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib'
-	_LT_AC_TAGVAR(allow_undefined_flag, $1)="-z nodefs"
-	_LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols"
-      else
-	# Determine the default libpath from the value encoded in an empty executable.
-	_LT_AC_SYS_LIBPATH_AIX
-	_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
-	# Warning - without using the other run time loading flags,
-	# -berok will link without error, but may produce a broken library.
-	_LT_AC_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok'
-	_LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok'
-	# Exported symbols can be pulled into shared objects from archives
-	_LT_AC_TAGVAR(whole_archive_flag_spec, $1)='$convenience'
-	_LT_AC_TAGVAR(archive_cmds_need_lc, $1)=yes
-	# This is similar to how AIX traditionally builds its shared libraries.
-	_LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
-      fi
-    fi
-    ;;
-
-  beos*)
-    if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
-      _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported
-      # Joseph Beckenbach <jrb3@best.com> says some releases of gcc
-      # support --undefined.  This deserves some investigation.  FIXME
-      _LT_AC_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
-    else
-      _LT_AC_TAGVAR(ld_shlibs, $1)=no
-    fi
-    ;;
-
-  chorus*)
-    case $cc_basename in
-      *)
-	# FIXME: insert proper C++ library support
-	_LT_AC_TAGVAR(ld_shlibs, $1)=no
-	;;
-    esac
-    ;;
-
-  cygwin* | mingw* | pw32*)
-    # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
-    # as there is no search path for DLLs.
-    _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-    _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported
-    _LT_AC_TAGVAR(always_export_symbols, $1)=no
-    _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-
-    if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
-      _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
-      # If the export-symbols file already is a .def file (1st line
-      # is EXPORTS), use it as is; otherwise, prepend...
-      _LT_AC_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
-	cp $export_symbols $output_objdir/$soname.def;
-      else
-	echo EXPORTS > $output_objdir/$soname.def;
-	cat $export_symbols >> $output_objdir/$soname.def;
-      fi~
-      $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
-    else
-      _LT_AC_TAGVAR(ld_shlibs, $1)=no
-    fi
-  ;;
-      darwin* | rhapsody*)
-        case $host_os in
-        rhapsody* | darwin1.[[012]])
-         _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-undefined ${wl}suppress'
-         ;;
-       *) # Darwin 1.3 on
-         if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then
-           _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
-         else
-           case ${MACOSX_DEPLOYMENT_TARGET} in
-             10.[[012]])
-               _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
-               ;;
-             10.*)
-               _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-undefined ${wl}dynamic_lookup'
-               ;;
-           esac
-         fi
-         ;;
-        esac
-      _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
-      _LT_AC_TAGVAR(hardcode_direct, $1)=no
-      _LT_AC_TAGVAR(hardcode_automatic, $1)=yes
-      _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
-      _LT_AC_TAGVAR(whole_archive_flag_spec, $1)=''
-      _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
-
-    if test "$GXX" = yes ; then
-      lt_int_apple_cc_single_mod=no
-      output_verbose_link_cmd='echo'
-      if $CC -dumpspecs 2>&1 | $EGREP 'single_module' >/dev/null ; then
-       lt_int_apple_cc_single_mod=yes
-      fi
-      if test "X$lt_int_apple_cc_single_mod" = Xyes ; then
-       _LT_AC_TAGVAR(archive_cmds, $1)='$CC -dynamiclib -single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring'
-      else
-          _LT_AC_TAGVAR(archive_cmds, $1)='$CC -r -keep_private_externs -nostdlib -o ${lib}-master.o $libobjs~$CC -dynamiclib $allow_undefined_flag -o $lib ${lib}-master.o $deplibs $compiler_flags -install_name $rpath/$soname $verstring'
-        fi
-        _LT_AC_TAGVAR(module_cmds, $1)='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
-        # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
-          if test "X$lt_int_apple_cc_single_mod" = Xyes ; then
-            _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib -single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
-          else
-            _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -r -keep_private_externs -nostdlib -o ${lib}-master.o $libobjs~$CC -dynamiclib $allow_undefined_flag -o $lib ${lib}-master.o $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
-          fi
-            _LT_AC_TAGVAR(module_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag  -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
-      else
-      case $cc_basename in
-        xlc*)
-         output_verbose_link_cmd='echo'
-          _LT_AC_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring'
-          _LT_AC_TAGVAR(module_cmds, $1)='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
-          # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
-          _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
-          _LT_AC_TAGVAR(module_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag  -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
-          ;;
-       *)
-         _LT_AC_TAGVAR(ld_shlibs, $1)=no
-          ;;
-      esac
-      fi
-        ;;
-
-  dgux*)
-    case $cc_basename in
-      ec++*)
-	# FIXME: insert proper C++ library support
-	_LT_AC_TAGVAR(ld_shlibs, $1)=no
-	;;
-      ghcx*)
-	# Green Hills C++ Compiler
-	# FIXME: insert proper C++ library support
-	_LT_AC_TAGVAR(ld_shlibs, $1)=no
-	;;
-      *)
-	# FIXME: insert proper C++ library support
-	_LT_AC_TAGVAR(ld_shlibs, $1)=no
-	;;
-    esac
-    ;;
-  freebsd[[12]]*)
-    # C++ shared libraries reported to be fairly broken before switch to ELF
-    _LT_AC_TAGVAR(ld_shlibs, $1)=no
-    ;;
-  freebsd-elf*)
-    _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
-    ;;
-  freebsd* | kfreebsd*-gnu | dragonfly*)
-    # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF
-    # conventions
-    _LT_AC_TAGVAR(ld_shlibs, $1)=yes
-    ;;
-  gnu*)
-    ;;
-  hpux9*)
-    _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
-    _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
-    _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
-    _LT_AC_TAGVAR(hardcode_direct, $1)=yes
-    _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH,
-				# but as the default
-				# location of the library.
-
-    case $cc_basename in
-    CC*)
-      # FIXME: insert proper C++ library support
-      _LT_AC_TAGVAR(ld_shlibs, $1)=no
-      ;;
-    aCC*)
-      _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/$soname~$CC -b ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
-      # Commands to make compiler produce verbose output that lists
-      # what "hidden" libraries, object files and flags are used when
-      # linking a shared library.
-      #
-      # There doesn't appear to be a way to prevent this compiler from
-      # explicitly linking system object files so we need to strip them
-      # from the output so that they don't get included in the library
-      # dependencies.
-      output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | grep "[[-]]L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
-      ;;
-    *)
-      if test "$GXX" = yes; then
-        _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/$soname~$CC -shared -nostdlib -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
-      else
-        # FIXME: insert proper C++ library support
-        _LT_AC_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-    esac
-    ;;
-  hpux10*|hpux11*)
-    if test $with_gnu_ld = no; then
-      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
-      _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
-
-      case $host_cpu in
-      hppa*64*|ia64*)
-	_LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='+b $libdir'
-        ;;
-      *)
-	_LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
-        ;;
-      esac
-    fi
-    case $host_cpu in
-    hppa*64*|ia64*)
-      _LT_AC_TAGVAR(hardcode_direct, $1)=no
-      _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-    *)
-      _LT_AC_TAGVAR(hardcode_direct, $1)=yes
-      _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH,
-					      # but as the default
-					      # location of the library.
-      ;;
-    esac
-
-    case $cc_basename in
-      CC*)
-	# FIXME: insert proper C++ library support
-	_LT_AC_TAGVAR(ld_shlibs, $1)=no
-	;;
-      aCC*)
-	case $host_cpu in
-	hppa*64*)
-	  _LT_AC_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	  ;;
-	ia64*)
-	  _LT_AC_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	  ;;
-	*)
-	  _LT_AC_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	  ;;
-	esac
-	# Commands to make compiler produce verbose output that lists
-	# what "hidden" libraries, object files and flags are used when
-	# linking a shared library.
-	#
-	# There doesn't appear to be a way to prevent this compiler from
-	# explicitly linking system object files so we need to strip them
-	# from the output so that they don't get included in the library
-	# dependencies.
-	output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | grep "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
-	;;
-      *)
-	if test "$GXX" = yes; then
-	  if test $with_gnu_ld = no; then
-	    case $host_cpu in
-	    hppa*64*)
-	      _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	      ;;
-	    ia64*)
-	      _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	      ;;
-	    *)
-	      _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	      ;;
-	    esac
-	  fi
-	else
-	  # FIXME: insert proper C++ library support
-	  _LT_AC_TAGVAR(ld_shlibs, $1)=no
-	fi
-	;;
-    esac
-    ;;
-  interix3*)
-    _LT_AC_TAGVAR(hardcode_direct, $1)=no
-    _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
-    _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
-    _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
-    # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
-    # Instead, shared libraries are loaded at an image base (0x10000000 by
-    # default) and relocated if they conflict, which is a slow very memory
-    # consuming and fragmenting process.  To avoid this, we pick a random,
-    # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
-    # time.  Moving up from 0x10000000 also allows more sbrk(2) space.
-    _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-    _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-    ;;
-  irix5* | irix6*)
-    case $cc_basename in
-      CC*)
-	# SGI C++
-	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
-
-	# Archives containing C++ object files must be created using
-	# "CC -ar", where "CC" is the IRIX C++ compiler.  This is
-	# necessary to make sure instantiated templates are included
-	# in the archive.
-	_LT_AC_TAGVAR(old_archive_cmds, $1)='$CC -ar -WR,-u -o $oldlib $oldobjs'
-	;;
-      *)
-	if test "$GXX" = yes; then
-	  if test "$with_gnu_ld" = no; then
-	    _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
-	  else
-	    _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` -o $lib'
-	  fi
-	fi
-	_LT_AC_TAGVAR(link_all_deplibs, $1)=yes
-	;;
-    esac
-    _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
-    _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
-    ;;
-  linux*)
-    case $cc_basename in
-      KCC*)
-	# Kuck and Associates, Inc. (KAI) C++ Compiler
-
-	# KCC will only create a shared library if the output file
-	# ends with ".so" (or ".sl" for HP-UX), so rename the library
-	# to its proper name (with version) after linking.
-	_LT_AC_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
-	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib ${wl}-retain-symbols-file,$export_symbols; mv \$templib $lib'
-	# Commands to make compiler produce verbose output that lists
-	# what "hidden" libraries, object files and flags are used when
-	# linking a shared library.
-	#
-	# There doesn't appear to be a way to prevent this compiler from
-	# explicitly linking system object files so we need to strip them
-	# from the output so that they don't get included in the library
-	# dependencies.
-	output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | grep "ld"`; rm -f libconftest$shared_ext; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
-
-	_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath,$libdir'
-	_LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
-
-	# Archives containing C++ object files must be created using
-	# "CC -Bstatic", where "CC" is the KAI C++ compiler.
-	_LT_AC_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs'
-	;;
-      icpc*)
-	# Intel C++
-	with_gnu_ld=yes
-	# version 8.0 and above of icpc choke on multiply defined symbols
-	# if we add $predep_objects and $postdep_objects, however 7.1 and
-	# earlier do not add the objects themselves.
-	case `$CC -V 2>&1` in
-	*"Version 7."*)
-  	  _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
-  	  _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
-	  ;;
-	*)  # Version 8.0 or newer
-	  tmp_idyn=
-	  case $host_cpu in
-	    ia64*) tmp_idyn=' -i_dynamic';;
-	  esac
-  	  _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
-	  _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
-	  ;;
-	esac
-	_LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
-	_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
-	_LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
-	_LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive'
-	;;
-      pgCC*)
-        # Portland Group C++ compiler
-	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
-  	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
-
-	_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir'
-	_LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
-	_LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
-        ;;
-      cxx*)
-	# Compaq C++
-	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
-	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname  -o $lib ${wl}-retain-symbols-file $wl$export_symbols'
-
-	runpath_var=LD_RUN_PATH
-	_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
-	_LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	# Commands to make compiler produce verbose output that lists
-	# what "hidden" libraries, object files and flags are used when
-	# linking a shared library.
-	#
-	# There doesn't appear to be a way to prevent this compiler from
-	# explicitly linking system object files so we need to strip them
-	# from the output so that they don't get included in the library
-	# dependencies.
-	output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
-	;;
-    esac
-    ;;
-  lynxos*)
-    # FIXME: insert proper C++ library support
-    _LT_AC_TAGVAR(ld_shlibs, $1)=no
-    ;;
-  m88k*)
-    # FIXME: insert proper C++ library support
-    _LT_AC_TAGVAR(ld_shlibs, $1)=no
-    ;;
-  mvs*)
-    case $cc_basename in
-      cxx*)
-	# FIXME: insert proper C++ library support
-	_LT_AC_TAGVAR(ld_shlibs, $1)=no
-	;;
-      *)
-	# FIXME: insert proper C++ library support
-	_LT_AC_TAGVAR(ld_shlibs, $1)=no
-	;;
-    esac
-    ;;
-  netbsd*)
-    if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
-      _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable  -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags'
-      wlarc=
-      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-      _LT_AC_TAGVAR(hardcode_direct, $1)=yes
-      _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
-    fi
-    # Workaround some broken pre-1.5 toolchains
-    output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"'
-    ;;
-  openbsd2*)
-    # C++ shared libraries are fairly broken
-    _LT_AC_TAGVAR(ld_shlibs, $1)=no
-    ;;
-  openbsd*)
-    _LT_AC_TAGVAR(hardcode_direct, $1)=yes
-    _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
-    _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
-    _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
-    if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
-      _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file,$export_symbols -o $lib'
-      _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
-      _LT_AC_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
-    fi
-    output_verbose_link_cmd='echo'
-    ;;
-  osf3*)
-    case $cc_basename in
-      KCC*)
-	# Kuck and Associates, Inc. (KAI) C++ Compiler
-
-	# KCC will only create a shared library if the output file
-	# ends with ".so" (or ".sl" for HP-UX), so rename the library
-	# to its proper name (with version) after linking.
-	_LT_AC_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
-
-	_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
-	_LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	# Archives containing C++ object files must be created using
-	# "CC -Bstatic", where "CC" is the KAI C++ compiler.
-	_LT_AC_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs'
-
-	;;
-      RCC*)
-	# Rational C++ 2.4.1
-	# FIXME: insert proper C++ library support
-	_LT_AC_TAGVAR(ld_shlibs, $1)=no
-	;;
-      cxx*)
-	_LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
-	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $soname `test -n "$verstring" && echo ${wl}-set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
-
-	_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
-	_LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	# Commands to make compiler produce verbose output that lists
-	# what "hidden" libraries, object files and flags are used when
-	# linking a shared library.
-	#
-	# There doesn't appear to be a way to prevent this compiler from
-	# explicitly linking system object files so we need to strip them
-	# from the output so that they don't get included in the library
-	# dependencies.
-	output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld" | grep -v "ld:"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
-	;;
-      *)
-	if test "$GXX" = yes && test "$with_gnu_ld" = no; then
-	  _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
-	  _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
-
-	  _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
-	  _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	  # Commands to make compiler produce verbose output that lists
-	  # what "hidden" libraries, object files and flags are used when
-	  # linking a shared library.
-	  output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"'
-
-	else
-	  # FIXME: insert proper C++ library support
-	  _LT_AC_TAGVAR(ld_shlibs, $1)=no
-	fi
-	;;
-    esac
-    ;;
-  osf4* | osf5*)
-    case $cc_basename in
-      KCC*)
-	# Kuck and Associates, Inc. (KAI) C++ Compiler
-
-	# KCC will only create a shared library if the output file
-	# ends with ".so" (or ".sl" for HP-UX), so rename the library
-	# to its proper name (with version) after linking.
-	_LT_AC_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
-
-	_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
-	_LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	# Archives containing C++ object files must be created using
-	# the KAI C++ compiler.
-	_LT_AC_TAGVAR(old_archive_cmds, $1)='$CC -o $oldlib $oldobjs'
-	;;
-      RCC*)
-	# Rational C++ 2.4.1
-	# FIXME: insert proper C++ library support
-	_LT_AC_TAGVAR(ld_shlibs, $1)=no
-	;;
-      cxx*)
-	_LT_AC_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
-	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
-	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~
-	  echo "-hidden">> $lib.exp~
-	  $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname -Wl,-input -Wl,$lib.exp  `test -n "$verstring" && echo -set_version	$verstring` -update_registry ${output_objdir}/so_locations -o $lib~
-	  $rm $lib.exp'
-
-	_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
-	_LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	# Commands to make compiler produce verbose output that lists
-	# what "hidden" libraries, object files and flags are used when
-	# linking a shared library.
-	#
-	# There doesn't appear to be a way to prevent this compiler from
-	# explicitly linking system object files so we need to strip them
-	# from the output so that they don't get included in the library
-	# dependencies.
-	output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld" | grep -v "ld:"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
-	;;
-      *)
-	if test "$GXX" = yes && test "$with_gnu_ld" = no; then
-	  _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
-	 _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
-
-	  _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
-	  _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	  # Commands to make compiler produce verbose output that lists
-	  # what "hidden" libraries, object files and flags are used when
-	  # linking a shared library.
-	  output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"'
-
-	else
-	  # FIXME: insert proper C++ library support
-	  _LT_AC_TAGVAR(ld_shlibs, $1)=no
-	fi
-	;;
-    esac
-    ;;
-  psos*)
-    # FIXME: insert proper C++ library support
-    _LT_AC_TAGVAR(ld_shlibs, $1)=no
-    ;;
-  sunos4*)
-    case $cc_basename in
-      CC*)
-	# Sun C++ 4.x
-	# FIXME: insert proper C++ library support
-	_LT_AC_TAGVAR(ld_shlibs, $1)=no
-	;;
-      lcc*)
-	# Lucid
-	# FIXME: insert proper C++ library support
-	_LT_AC_TAGVAR(ld_shlibs, $1)=no
-	;;
-      *)
-	# FIXME: insert proper C++ library support
-	_LT_AC_TAGVAR(ld_shlibs, $1)=no
-	;;
-    esac
-    ;;
-  solaris*)
-    case $cc_basename in
-      CC*)
-	# Sun C++ 4.2, 5.x and Centerline C++
-        _LT_AC_TAGVAR(archive_cmds_need_lc,$1)=yes
-	_LT_AC_TAGVAR(no_undefined_flag, $1)=' -zdefs'
-	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag}  -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
-	$CC -G${allow_undefined_flag}  ${wl}-M ${wl}$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp'
-
-	_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-	_LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
-	case $host_os in
-	  solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
-	  *)
-	    # The C++ compiler is used as linker so we must use $wl
-	    # flag to pass the commands to the underlying system
-	    # linker. We must also pass each convience library through
-	    # to the system linker between allextract/defaultextract.
-	    # The C++ compiler will combine linker options so we
-	    # cannot just pass the convience library names through
-	    # without $wl.
-	    # Supported since Solaris 2.6 (maybe 2.5.1?)
-	    _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract'
-	    ;;
-	esac
-	_LT_AC_TAGVAR(link_all_deplibs, $1)=yes
-
-	output_verbose_link_cmd='echo'
-
-	# Archives containing C++ object files must be created using
-	# "CC -xar", where "CC" is the Sun C++ compiler.  This is
-	# necessary to make sure instantiated templates are included
-	# in the archive.
-	_LT_AC_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs'
-	;;
-      gcx*)
-	# Green Hills C++ Compiler
-	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
-
-	# The C++ compiler must be used to create the archive.
-	_LT_AC_TAGVAR(old_archive_cmds, $1)='$CC $LDFLAGS -archive -o $oldlib $oldobjs'
-	;;
-      *)
-	# GNU C++ compiler with Solaris linker
-	if test "$GXX" = yes && test "$with_gnu_ld" = no; then
-	  _LT_AC_TAGVAR(no_undefined_flag, $1)=' ${wl}-z ${wl}defs'
-	  if $CC --version | grep -v '^2\.7' > /dev/null; then
-	    _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
-	    _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
-		$CC -shared -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp'
-
-	    # Commands to make compiler produce verbose output that lists
-	    # what "hidden" libraries, object files and flags are used when
-	    # linking a shared library.
-	    output_verbose_link_cmd="$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep \"\-L\""
-	  else
-	    # g++ 2.7 appears to require `-G' NOT `-shared' on this
-	    # platform.
-	    _LT_AC_TAGVAR(archive_cmds, $1)='$CC -G -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
-	    _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
-		$CC -G -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp'
-
-	    # Commands to make compiler produce verbose output that lists
-	    # what "hidden" libraries, object files and flags are used when
-	    # linking a shared library.
-	    output_verbose_link_cmd="$CC -G $CFLAGS -v conftest.$objext 2>&1 | grep \"\-L\""
-	  fi
-
-	  _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $wl$libdir'
-	fi
-	;;
-    esac
-    ;;
-  sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*)
-    _LT_AC_TAGVAR(no_undefined_flag, $1)='${wl}-z,text'
-    _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
-    _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
-    runpath_var='LD_RUN_PATH'
-
-    case $cc_basename in
-      CC*)
-	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	;;
-      *)
-	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	;;
-    esac
-    ;;
-  sysv5* | sco3.2v5* | sco5v6*)
-    # Note: We can NOT use -z defs as we might desire, because we do not
-    # link with -lc, and that would cause any symbols used from libc to
-    # always be unresolved, which means just about no library would
-    # ever link correctly.  If we're not using GNU ld we use -z text
-    # though, which does catch some bad symbols but isn't as heavy-handed
-    # as -z defs.
-    # For security reasons, it is highly recommended that you always
-    # use absolute paths for naming shared libraries, and exclude the
-    # DT_RUNPATH tag from executables and libraries.  But doing so
-    # requires that you compile everything twice, which is a pain.
-    # So that behaviour is only enabled if SCOABSPATH is set to a
-    # non-empty value in the environment.  Most likely only useful for
-    # creating official distributions of packages.
-    # This is a hack until libtool officially supports absolute path
-    # names for shared libraries.
-    _LT_AC_TAGVAR(no_undefined_flag, $1)='${wl}-z,text'
-    _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs'
-    _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
-    _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
-    _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`'
-    _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=':'
-    _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
-    _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport'
-    runpath_var='LD_RUN_PATH'
-
-    case $cc_basename in
-      CC*)
-	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
-	;;
-      *)
-	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
-	;;
-    esac
-    ;;
-  tandem*)
-    case $cc_basename in
-      NCC*)
-	# NonStop-UX NCC 3.20
-	# FIXME: insert proper C++ library support
-	_LT_AC_TAGVAR(ld_shlibs, $1)=no
-	;;
-      *)
-	# FIXME: insert proper C++ library support
-	_LT_AC_TAGVAR(ld_shlibs, $1)=no
-	;;
-    esac
-    ;;
-  vxworks*)
-    # FIXME: insert proper C++ library support
-    _LT_AC_TAGVAR(ld_shlibs, $1)=no
-    ;;
-  *)
-    # FIXME: insert proper C++ library support
-    _LT_AC_TAGVAR(ld_shlibs, $1)=no
-    ;;
-esac
-AC_MSG_RESULT([$_LT_AC_TAGVAR(ld_shlibs, $1)])
-test "$_LT_AC_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no
-
-_LT_AC_TAGVAR(GCC, $1)="$GXX"
-_LT_AC_TAGVAR(LD, $1)="$LD"
-
-AC_LIBTOOL_POSTDEP_PREDEP($1)
-AC_LIBTOOL_PROG_COMPILER_PIC($1)
-AC_LIBTOOL_PROG_CC_C_O($1)
-AC_LIBTOOL_SYS_HARD_LINK_LOCKS($1)
-AC_LIBTOOL_PROG_LD_SHLIBS($1)
-AC_LIBTOOL_SYS_DYNAMIC_LINKER($1)
-AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH($1)
-
-AC_LIBTOOL_CONFIG($1)
-
-AC_LANG_POP
-CC=$lt_save_CC
-LDCXX=$LD
-LD=$lt_save_LD
-GCC=$lt_save_GCC
-with_gnu_ldcxx=$with_gnu_ld
-with_gnu_ld=$lt_save_with_gnu_ld
-lt_cv_path_LDCXX=$lt_cv_path_LD
-lt_cv_path_LD=$lt_save_path_LD
-lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld
-lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld
-])# AC_LIBTOOL_LANG_CXX_CONFIG
-
-# AC_LIBTOOL_POSTDEP_PREDEP([TAGNAME])
-# ------------------------------------
-# Figure out "hidden" library dependencies from verbose
-# compiler output when linking a shared library.
-# Parse the compiler output and extract the necessary
-# objects, libraries and library flags.
-AC_DEFUN([AC_LIBTOOL_POSTDEP_PREDEP],[
-dnl we can't use the lt_simple_compile_test_code here,
-dnl because it contains code intended for an executable,
-dnl not a library.  It's possible we should let each
-dnl tag define a new lt_????_link_test_code variable,
-dnl but it's only used here...
-ifelse([$1],[],[cat > conftest.$ac_ext <<EOF
-int a;
-void foo (void) { a = 0; }
-EOF
-],[$1],[CXX],[cat > conftest.$ac_ext <<EOF
-class Foo
-{
-public:
-  Foo (void) { a = 0; }
-private:
-  int a;
-};
-EOF
-],[$1],[F77],[cat > conftest.$ac_ext <<EOF
-      subroutine foo
-      implicit none
-      integer*4 a
-      a=0
-      return
-      end
-EOF
-],[$1],[GCJ],[cat > conftest.$ac_ext <<EOF
-public class foo {
-  private int a;
-  public void bar (void) {
-    a = 0;
-  }
-};
-EOF
-])
-dnl Parse the compiler output and extract the necessary
-dnl objects, libraries and library flags.
-if AC_TRY_EVAL(ac_compile); then
-  # Parse the compiler output and extract the necessary
-  # objects, libraries and library flags.
-
-  # Sentinel used to keep track of whether or not we are before
-  # the conftest object file.
-  pre_test_object_deps_done=no
-
-  # The `*' in the case matches for architectures that use `case' in
-  # $output_verbose_cmd can trigger glob expansion during the loop
-  # eval without this substitution.
-  output_verbose_link_cmd=`$echo "X$output_verbose_link_cmd" | $Xsed -e "$no_glob_subst"`
-
-  for p in `eval $output_verbose_link_cmd`; do
-    case $p in
-
-    -L* | -R* | -l*)
-       # Some compilers place space between "-{L,R}" and the path.
-       # Remove the space.
-       if test $p = "-L" \
-	  || test $p = "-R"; then
-	 prev=$p
-	 continue
-       else
-	 prev=
-       fi
-
-       if test "$pre_test_object_deps_done" = no; then
-	 case $p in
-	 -L* | -R*)
-	   # Internal compiler library paths should come after those
-	   # provided the user.  The postdeps already come after the
-	   # user supplied libs so there is no need to process them.
-	   if test -z "$_LT_AC_TAGVAR(compiler_lib_search_path, $1)"; then
-	     _LT_AC_TAGVAR(compiler_lib_search_path, $1)="${prev}${p}"
-	   else
-	     _LT_AC_TAGVAR(compiler_lib_search_path, $1)="${_LT_AC_TAGVAR(compiler_lib_search_path, $1)} ${prev}${p}"
-	   fi
-	   ;;
-	 # The "-l" case would never come before the object being
-	 # linked, so don't bother handling this case.
-	 esac
-       else
-	 if test -z "$_LT_AC_TAGVAR(postdeps, $1)"; then
-	   _LT_AC_TAGVAR(postdeps, $1)="${prev}${p}"
-	 else
-	   _LT_AC_TAGVAR(postdeps, $1)="${_LT_AC_TAGVAR(postdeps, $1)} ${prev}${p}"
-	 fi
-       fi
-       ;;
-
-    *.$objext)
-       # This assumes that the test object file only shows up
-       # once in the compiler output.
-       if test "$p" = "conftest.$objext"; then
-	 pre_test_object_deps_done=yes
-	 continue
-       fi
-
-       if test "$pre_test_object_deps_done" = no; then
-	 if test -z "$_LT_AC_TAGVAR(predep_objects, $1)"; then
-	   _LT_AC_TAGVAR(predep_objects, $1)="$p"
-	 else
-	   _LT_AC_TAGVAR(predep_objects, $1)="$_LT_AC_TAGVAR(predep_objects, $1) $p"
-	 fi
-       else
-	 if test -z "$_LT_AC_TAGVAR(postdep_objects, $1)"; then
-	   _LT_AC_TAGVAR(postdep_objects, $1)="$p"
-	 else
-	   _LT_AC_TAGVAR(postdep_objects, $1)="$_LT_AC_TAGVAR(postdep_objects, $1) $p"
-	 fi
-       fi
-       ;;
-
-    *) ;; # Ignore the rest.
-
-    esac
-  done
-
-  # Clean up.
-  rm -f a.out a.exe
-else
-  echo "libtool.m4: error: problem compiling $1 test program"
-fi
-
-$rm -f confest.$objext
-
-# PORTME: override above test on systems where it is broken
-ifelse([$1],[CXX],
-[case $host_os in
-interix3*)
-  # Interix 3.5 installs completely hosed .la files for C++, so rather than
-  # hack all around it, let's just trust "g++" to DTRT.
-  _LT_AC_TAGVAR(predep_objects,$1)=
-  _LT_AC_TAGVAR(postdep_objects,$1)=
-  _LT_AC_TAGVAR(postdeps,$1)=
-  ;;
-
-solaris*)
-  case $cc_basename in
-  CC*)
-    # Adding this requires a known-good setup of shared libraries for
-    # Sun compiler versions before 5.6, else PIC objects from an old
-    # archive will be linked into the output, leading to subtle bugs.
-    _LT_AC_TAGVAR(postdeps,$1)='-lCstd -lCrun'
-    ;;
-  esac
-  ;;
-esac
-])
-
-case " $_LT_AC_TAGVAR(postdeps, $1) " in
-*" -lc "*) _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no ;;
-esac
-])# AC_LIBTOOL_POSTDEP_PREDEP
-
-# AC_LIBTOOL_LANG_F77_CONFIG
-# --------------------------
-# Ensure that the configuration vars for the C compiler are
-# suitably defined.  Those variables are subsequently used by
-# AC_LIBTOOL_CONFIG to write the compiler configuration to `libtool'.
-AC_DEFUN([AC_LIBTOOL_LANG_F77_CONFIG], [_LT_AC_LANG_F77_CONFIG(F77)])
-AC_DEFUN([_LT_AC_LANG_F77_CONFIG],
-[AC_REQUIRE([AC_PROG_F77])
-AC_LANG_PUSH(Fortran 77)
-
-_LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
-_LT_AC_TAGVAR(allow_undefined_flag, $1)=
-_LT_AC_TAGVAR(always_export_symbols, $1)=no
-_LT_AC_TAGVAR(archive_expsym_cmds, $1)=
-_LT_AC_TAGVAR(export_dynamic_flag_spec, $1)=
-_LT_AC_TAGVAR(hardcode_direct, $1)=no
-_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)=
-_LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
-_LT_AC_TAGVAR(hardcode_libdir_separator, $1)=
-_LT_AC_TAGVAR(hardcode_minus_L, $1)=no
-_LT_AC_TAGVAR(hardcode_automatic, $1)=no
-_LT_AC_TAGVAR(module_cmds, $1)=
-_LT_AC_TAGVAR(module_expsym_cmds, $1)=
-_LT_AC_TAGVAR(link_all_deplibs, $1)=unknown
-_LT_AC_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_AC_TAGVAR(no_undefined_flag, $1)=
-_LT_AC_TAGVAR(whole_archive_flag_spec, $1)=
-_LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=no
-
-# Source file extension for f77 test sources.
-ac_ext=f
-
-# Object file extension for compiled f77 test sources.
-objext=o
-_LT_AC_TAGVAR(objext, $1)=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code="      subroutine t\n      return\n      end\n"
-
-# Code to be used in simple link tests
-lt_simple_link_test_code="      program t\n      end\n"
-
-# ltmain only uses $CC for tagged configurations so make sure $CC is set.
-_LT_AC_SYS_COMPILER
-
-# save warnings/boilerplate of simple test code
-_LT_COMPILER_BOILERPLATE
-_LT_LINKER_BOILERPLATE
-
-# Allow CC to be a program name with arguments.
-lt_save_CC="$CC"
-CC=${F77-"f77"}
-compiler=$CC
-_LT_AC_TAGVAR(compiler, $1)=$CC
-_LT_CC_BASENAME([$compiler])
-
-AC_MSG_CHECKING([if libtool supports shared libraries])
-AC_MSG_RESULT([$can_build_shared])
-
-AC_MSG_CHECKING([whether to build shared libraries])
-test "$can_build_shared" = "no" && enable_shared=no
-
-# On AIX, shared libraries and static libraries use the same namespace, and
-# are all built from PIC.
-case $host_os in
-aix3*)
-  test "$enable_shared" = yes && enable_static=no
-  if test -n "$RANLIB"; then
-    archive_cmds="$archive_cmds~\$RANLIB \$lib"
-    postinstall_cmds='$RANLIB $lib'
-  fi
-  ;;
-aix4* | aix5*)
-  if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
-    test "$enable_shared" = yes && enable_static=no
-  fi
-  ;;
-esac
-AC_MSG_RESULT([$enable_shared])
-
-AC_MSG_CHECKING([whether to build static libraries])
-# Make sure either enable_shared or enable_static is yes.
-test "$enable_shared" = yes || enable_static=yes
-AC_MSG_RESULT([$enable_static])
-
-_LT_AC_TAGVAR(GCC, $1)="$G77"
-_LT_AC_TAGVAR(LD, $1)="$LD"
-
-AC_LIBTOOL_PROG_COMPILER_PIC($1)
-AC_LIBTOOL_PROG_CC_C_O($1)
-AC_LIBTOOL_SYS_HARD_LINK_LOCKS($1)
-AC_LIBTOOL_PROG_LD_SHLIBS($1)
-AC_LIBTOOL_SYS_DYNAMIC_LINKER($1)
-AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH($1)
-
-AC_LIBTOOL_CONFIG($1)
-
-AC_LANG_POP
-CC="$lt_save_CC"
-])# AC_LIBTOOL_LANG_F77_CONFIG
-
-
-# AC_LIBTOOL_LANG_GCJ_CONFIG
-# --------------------------
-# Ensure that the configuration vars for the C compiler are
-# suitably defined.  Those variables are subsequently used by
-# AC_LIBTOOL_CONFIG to write the compiler configuration to `libtool'.
-AC_DEFUN([AC_LIBTOOL_LANG_GCJ_CONFIG], [_LT_AC_LANG_GCJ_CONFIG(GCJ)])
-AC_DEFUN([_LT_AC_LANG_GCJ_CONFIG],
-[AC_LANG_SAVE
-
-# Source file extension for Java test sources.
-ac_ext=java
-
-# Object file extension for compiled Java test sources.
-objext=o
-_LT_AC_TAGVAR(objext, $1)=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code="class foo {}\n"
-
-# Code to be used in simple link tests
-lt_simple_link_test_code='public class conftest { public static void main(String[[]] argv) {}; }\n'
-
-# ltmain only uses $CC for tagged configurations so make sure $CC is set.
-_LT_AC_SYS_COMPILER
-
-# save warnings/boilerplate of simple test code
-_LT_COMPILER_BOILERPLATE
-_LT_LINKER_BOILERPLATE
-
-# Allow CC to be a program name with arguments.
-lt_save_CC="$CC"
-CC=${GCJ-"gcj"}
-compiler=$CC
-_LT_AC_TAGVAR(compiler, $1)=$CC
-_LT_CC_BASENAME([$compiler])
-
-# GCJ did not exist at the time GCC didn't implicitly link libc in.
-_LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
-
-_LT_AC_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-
-AC_LIBTOOL_PROG_COMPILER_NO_RTTI($1)
-AC_LIBTOOL_PROG_COMPILER_PIC($1)
-AC_LIBTOOL_PROG_CC_C_O($1)
-AC_LIBTOOL_SYS_HARD_LINK_LOCKS($1)
-AC_LIBTOOL_PROG_LD_SHLIBS($1)
-AC_LIBTOOL_SYS_DYNAMIC_LINKER($1)
-AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH($1)
-
-AC_LIBTOOL_CONFIG($1)
-
-AC_LANG_RESTORE
-CC="$lt_save_CC"
-])# AC_LIBTOOL_LANG_GCJ_CONFIG
-
-
-# AC_LIBTOOL_LANG_RC_CONFIG
-# -------------------------
-# Ensure that the configuration vars for the Windows resource compiler are
-# suitably defined.  Those variables are subsequently used by
-# AC_LIBTOOL_CONFIG to write the compiler configuration to `libtool'.
-AC_DEFUN([AC_LIBTOOL_LANG_RC_CONFIG], [_LT_AC_LANG_RC_CONFIG(RC)])
-AC_DEFUN([_LT_AC_LANG_RC_CONFIG],
-[AC_LANG_SAVE
-
-# Source file extension for RC test sources.
-ac_ext=rc
-
-# Object file extension for compiled RC test sources.
-objext=o
-_LT_AC_TAGVAR(objext, $1)=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }\n'
-
-# Code to be used in simple link tests
-lt_simple_link_test_code="$lt_simple_compile_test_code"
-
-# ltmain only uses $CC for tagged configurations so make sure $CC is set.
-_LT_AC_SYS_COMPILER
-
-# save warnings/boilerplate of simple test code
-_LT_COMPILER_BOILERPLATE
-_LT_LINKER_BOILERPLATE
-
-# Allow CC to be a program name with arguments.
-lt_save_CC="$CC"
-CC=${RC-"windres"}
-compiler=$CC
-_LT_AC_TAGVAR(compiler, $1)=$CC
-_LT_CC_BASENAME([$compiler])
-_LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes
-
-AC_LIBTOOL_CONFIG($1)
-
-AC_LANG_RESTORE
-CC="$lt_save_CC"
-])# AC_LIBTOOL_LANG_RC_CONFIG
-
-
-# AC_LIBTOOL_CONFIG([TAGNAME])
-# ----------------------------
-# If TAGNAME is not passed, then create an initial libtool script
-# with a default configuration from the untagged config vars.  Otherwise
-# add code to config.status for appending the configuration named by
-# TAGNAME from the matching tagged config vars.
-AC_DEFUN([AC_LIBTOOL_CONFIG],
-[# The else clause should only fire when bootstrapping the
-# libtool distribution, otherwise you forgot to ship ltmain.sh
-# with your package, and you will get complaints that there are
-# no rules to generate ltmain.sh.
-if test -f "$ltmain"; then
-  # See if we are running on zsh, and set the options which allow our commands through
-  # without removal of \ escapes.
-  if test -n "${ZSH_VERSION+set}" ; then
-    setopt NO_GLOB_SUBST
-  fi
-  # Now quote all the things that may contain metacharacters while being
-  # careful not to overquote the AC_SUBSTed values.  We take copies of the
-  # variables and quote the copies for generation of the libtool script.
-  for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC LTCFLAGS NM \
-    SED SHELL STRIP \
-    libname_spec library_names_spec soname_spec extract_expsyms_cmds \
-    old_striplib striplib file_magic_cmd finish_cmds finish_eval \
-    deplibs_check_method reload_flag reload_cmds need_locks \
-    lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl \
-    lt_cv_sys_global_symbol_to_c_name_address \
-    sys_lib_search_path_spec sys_lib_dlsearch_path_spec \
-    old_postinstall_cmds old_postuninstall_cmds \
-    _LT_AC_TAGVAR(compiler, $1) \
-    _LT_AC_TAGVAR(CC, $1) \
-    _LT_AC_TAGVAR(LD, $1) \
-    _LT_AC_TAGVAR(lt_prog_compiler_wl, $1) \
-    _LT_AC_TAGVAR(lt_prog_compiler_pic, $1) \
-    _LT_AC_TAGVAR(lt_prog_compiler_static, $1) \
-    _LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) \
-    _LT_AC_TAGVAR(export_dynamic_flag_spec, $1) \
-    _LT_AC_TAGVAR(thread_safe_flag_spec, $1) \
-    _LT_AC_TAGVAR(whole_archive_flag_spec, $1) \
-    _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1) \
-    _LT_AC_TAGVAR(old_archive_cmds, $1) \
-    _LT_AC_TAGVAR(old_archive_from_new_cmds, $1) \
-    _LT_AC_TAGVAR(predep_objects, $1) \
-    _LT_AC_TAGVAR(postdep_objects, $1) \
-    _LT_AC_TAGVAR(predeps, $1) \
-    _LT_AC_TAGVAR(postdeps, $1) \
-    _LT_AC_TAGVAR(compiler_lib_search_path, $1) \
-    _LT_AC_TAGVAR(archive_cmds, $1) \
-    _LT_AC_TAGVAR(archive_expsym_cmds, $1) \
-    _LT_AC_TAGVAR(postinstall_cmds, $1) \
-    _LT_AC_TAGVAR(postuninstall_cmds, $1) \
-    _LT_AC_TAGVAR(old_archive_from_expsyms_cmds, $1) \
-    _LT_AC_TAGVAR(allow_undefined_flag, $1) \
-    _LT_AC_TAGVAR(no_undefined_flag, $1) \
-    _LT_AC_TAGVAR(export_symbols_cmds, $1) \
-    _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1) \
-    _LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1) \
-    _LT_AC_TAGVAR(hardcode_libdir_separator, $1) \
-    _LT_AC_TAGVAR(hardcode_automatic, $1) \
-    _LT_AC_TAGVAR(module_cmds, $1) \
-    _LT_AC_TAGVAR(module_expsym_cmds, $1) \
-    _LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1) \
-    _LT_AC_TAGVAR(exclude_expsyms, $1) \
-    _LT_AC_TAGVAR(include_expsyms, $1); do
-
-    case $var in
-    _LT_AC_TAGVAR(old_archive_cmds, $1) | \
-    _LT_AC_TAGVAR(old_archive_from_new_cmds, $1) | \
-    _LT_AC_TAGVAR(archive_cmds, $1) | \
-    _LT_AC_TAGVAR(archive_expsym_cmds, $1) | \
-    _LT_AC_TAGVAR(module_cmds, $1) | \
-    _LT_AC_TAGVAR(module_expsym_cmds, $1) | \
-    _LT_AC_TAGVAR(old_archive_from_expsyms_cmds, $1) | \
-    _LT_AC_TAGVAR(export_symbols_cmds, $1) | \
-    extract_expsyms_cmds | reload_cmds | finish_cmds | \
-    postinstall_cmds | postuninstall_cmds | \
-    old_postinstall_cmds | old_postuninstall_cmds | \
-    sys_lib_search_path_spec | sys_lib_dlsearch_path_spec)
-      # Double-quote double-evaled strings.
-      eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\""
-      ;;
-    *)
-      eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\""
-      ;;
-    esac
-  done
-
-  case $lt_echo in
-  *'\[$]0 --fallback-echo"')
-    lt_echo=`$echo "X$lt_echo" | $Xsed -e 's/\\\\\\\[$]0 --fallback-echo"[$]/[$]0 --fallback-echo"/'`
-    ;;
-  esac
-
-ifelse([$1], [],
-  [cfgfile="${ofile}T"
-  trap "$rm \"$cfgfile\"; exit 1" 1 2 15
-  $rm -f "$cfgfile"
-  AC_MSG_NOTICE([creating $ofile])],
-  [cfgfile="$ofile"])
-
-  cat <<__EOF__ >> "$cfgfile"
-ifelse([$1], [],
-[#! $SHELL
-
-# `$echo "$cfgfile" | sed 's%^.*/%%'` - Provide generalized library-building support services.
-# Generated automatically by $PROGRAM (GNU $PACKAGE $VERSION$TIMESTAMP)
-# NOTE: Changes made to this file will be lost: look at ltmain.sh.
-#
-# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001
-# Free Software Foundation, Inc.
-#
-# This file is part of GNU Libtool:
-# Originally by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-#
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-# A sed program that does not truncate output.
-SED=$lt_SED
-
-# Sed that helps us avoid accidentally triggering echo(1) options like -n.
-Xsed="$SED -e 1s/^X//"
-
-# The HP-UX ksh and POSIX shell print the target directory to stdout
-# if CDPATH is set.
-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
-
-# The names of the tagged configurations supported by this script.
-available_tags=
-
-# ### BEGIN LIBTOOL CONFIG],
-[# ### BEGIN LIBTOOL TAG CONFIG: $tagname])
-
-# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
-
-# Shell to use when invoking shell scripts.
-SHELL=$lt_SHELL
-
-# Whether or not to build shared libraries.
-build_libtool_libs=$enable_shared
-
-# Whether or not to build static libraries.
-build_old_libs=$enable_static
-
-# Whether or not to add -lc for building shared libraries.
-build_libtool_need_lc=$_LT_AC_TAGVAR(archive_cmds_need_lc, $1)
-
-# Whether or not to disallow shared libs when runtime libs are static
-allow_libtool_libs_with_static_runtimes=$_LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)
-
-# Whether or not to optimize for fast installation.
-fast_install=$enable_fast_install
-
-# The host system.
-host_alias=$host_alias
-host=$host
-host_os=$host_os
-
-# The build system.
-build_alias=$build_alias
-build=$build
-build_os=$build_os
-
-# An echo program that does not interpret backslashes.
-echo=$lt_echo
-
-# The archiver.
-AR=$lt_AR
-AR_FLAGS=$lt_AR_FLAGS
-
-# A C compiler.
-LTCC=$lt_LTCC
-
-# LTCC compiler flags.
-LTCFLAGS=$lt_LTCFLAGS
-
-# A language-specific compiler.
-CC=$lt_[]_LT_AC_TAGVAR(compiler, $1)
-
-# Is the compiler the GNU C compiler?
-with_gcc=$_LT_AC_TAGVAR(GCC, $1)
-
-# An ERE matcher.
-EGREP=$lt_EGREP
-
-# The linker used to build libraries.
-LD=$lt_[]_LT_AC_TAGVAR(LD, $1)
-
-# Whether we need hard or soft links.
-LN_S=$lt_LN_S
-
-# A BSD-compatible nm program.
-NM=$lt_NM
-
-# A symbol stripping program
-STRIP=$lt_STRIP
-
-# Used to examine libraries when file_magic_cmd begins "file"
-MAGIC_CMD=$MAGIC_CMD
-
-# Used on cygwin: DLL creation program.
-DLLTOOL="$DLLTOOL"
-
-# Used on cygwin: object dumper.
-OBJDUMP="$OBJDUMP"
-
-# Used on cygwin: assembler.
-AS="$AS"
-
-# The name of the directory that contains temporary libtool files.
-objdir=$objdir
-
-# How to create reloadable object files.
-reload_flag=$lt_reload_flag
-reload_cmds=$lt_reload_cmds
-
-# How to pass a linker flag through the compiler.
-wl=$lt_[]_LT_AC_TAGVAR(lt_prog_compiler_wl, $1)
-
-# Object file suffix (normally "o").
-objext="$ac_objext"
-
-# Old archive suffix (normally "a").
-libext="$libext"
-
-# Shared library suffix (normally ".so").
-shrext_cmds='$shrext_cmds'
-
-# Executable file suffix (normally "").
-exeext="$exeext"
-
-# Additional compiler flags for building library objects.
-pic_flag=$lt_[]_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)
-pic_mode=$pic_mode
-
-# What is the maximum length of a command?
-max_cmd_len=$lt_cv_sys_max_cmd_len
-
-# Does compiler simultaneously support -c and -o options?
-compiler_c_o=$lt_[]_LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)
-
-# Must we lock files when doing compilation?
-need_locks=$lt_need_locks
-
-# Do we need the lib prefix for modules?
-need_lib_prefix=$need_lib_prefix
-
-# Do we need a version for libraries?
-need_version=$need_version
-
-# Whether dlopen is supported.
-dlopen_support=$enable_dlopen
-
-# Whether dlopen of programs is supported.
-dlopen_self=$enable_dlopen_self
-
-# Whether dlopen of statically linked programs is supported.
-dlopen_self_static=$enable_dlopen_self_static
-
-# Compiler flag to prevent dynamic linking.
-link_static_flag=$lt_[]_LT_AC_TAGVAR(lt_prog_compiler_static, $1)
-
-# Compiler flag to turn off builtin functions.
-no_builtin_flag=$lt_[]_LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)
-
-# Compiler flag to allow reflexive dlopens.
-export_dynamic_flag_spec=$lt_[]_LT_AC_TAGVAR(export_dynamic_flag_spec, $1)
-
-# Compiler flag to generate shared objects directly from archives.
-whole_archive_flag_spec=$lt_[]_LT_AC_TAGVAR(whole_archive_flag_spec, $1)
-
-# Compiler flag to generate thread-safe objects.
-thread_safe_flag_spec=$lt_[]_LT_AC_TAGVAR(thread_safe_flag_spec, $1)
-
-# Library versioning type.
-version_type=$version_type
-
-# Format of library name prefix.
-libname_spec=$lt_libname_spec
-
-# List of archive names.  First name is the real one, the rest are links.
-# The last name is the one that the linker finds with -lNAME.
-library_names_spec=$lt_library_names_spec
-
-# The coded name of the library, if different from the real name.
-soname_spec=$lt_soname_spec
-
-# Commands used to build and install an old-style archive.
-RANLIB=$lt_RANLIB
-old_archive_cmds=$lt_[]_LT_AC_TAGVAR(old_archive_cmds, $1)
-old_postinstall_cmds=$lt_old_postinstall_cmds
-old_postuninstall_cmds=$lt_old_postuninstall_cmds
-
-# Create an old-style archive from a shared archive.
-old_archive_from_new_cmds=$lt_[]_LT_AC_TAGVAR(old_archive_from_new_cmds, $1)
-
-# Create a temporary old-style archive to link instead of a shared archive.
-old_archive_from_expsyms_cmds=$lt_[]_LT_AC_TAGVAR(old_archive_from_expsyms_cmds, $1)
-
-# Commands used to build and install a shared archive.
-archive_cmds=$lt_[]_LT_AC_TAGVAR(archive_cmds, $1)
-archive_expsym_cmds=$lt_[]_LT_AC_TAGVAR(archive_expsym_cmds, $1)
-postinstall_cmds=$lt_postinstall_cmds
-postuninstall_cmds=$lt_postuninstall_cmds
-
-# Commands used to build a loadable module (assumed same as above if empty)
-module_cmds=$lt_[]_LT_AC_TAGVAR(module_cmds, $1)
-module_expsym_cmds=$lt_[]_LT_AC_TAGVAR(module_expsym_cmds, $1)
-
-# Commands to strip libraries.
-old_striplib=$lt_old_striplib
-striplib=$lt_striplib
-
-# Dependencies to place before the objects being linked to create a
-# shared library.
-predep_objects=$lt_[]_LT_AC_TAGVAR(predep_objects, $1)
-
-# Dependencies to place after the objects being linked to create a
-# shared library.
-postdep_objects=$lt_[]_LT_AC_TAGVAR(postdep_objects, $1)
-
-# Dependencies to place before the objects being linked to create a
-# shared library.
-predeps=$lt_[]_LT_AC_TAGVAR(predeps, $1)
-
-# Dependencies to place after the objects being linked to create a
-# shared library.
-postdeps=$lt_[]_LT_AC_TAGVAR(postdeps, $1)
-
-# The library search path used internally by the compiler when linking
-# a shared library.
-compiler_lib_search_path=$lt_[]_LT_AC_TAGVAR(compiler_lib_search_path, $1)
-
-# Method to check whether dependent libraries are shared objects.
-deplibs_check_method=$lt_deplibs_check_method
-
-# Command to use when deplibs_check_method == file_magic.
-file_magic_cmd=$lt_file_magic_cmd
-
-# Flag that allows shared libraries with undefined symbols to be built.
-allow_undefined_flag=$lt_[]_LT_AC_TAGVAR(allow_undefined_flag, $1)
-
-# Flag that forces no undefined symbols.
-no_undefined_flag=$lt_[]_LT_AC_TAGVAR(no_undefined_flag, $1)
-
-# Commands used to finish a libtool library installation in a directory.
-finish_cmds=$lt_finish_cmds
-
-# Same as above, but a single script fragment to be evaled but not shown.
-finish_eval=$lt_finish_eval
-
-# Take the output of nm and produce a listing of raw symbols and C names.
-global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe
-
-# Transform the output of nm in a proper C declaration
-global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl
-
-# Transform the output of nm in a C name address pair
-global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address
-
-# This is the shared library runtime path variable.
-runpath_var=$runpath_var
-
-# This is the shared library path variable.
-shlibpath_var=$shlibpath_var
-
-# Is shlibpath searched before the hard-coded library search path?
-shlibpath_overrides_runpath=$shlibpath_overrides_runpath
-
-# How to hardcode a shared library path into an executable.
-hardcode_action=$_LT_AC_TAGVAR(hardcode_action, $1)
-
-# Whether we should hardcode library paths into libraries.
-hardcode_into_libs=$hardcode_into_libs
-
-# Flag to hardcode \$libdir into a binary during linking.
-# This must work even if \$libdir does not exist.
-hardcode_libdir_flag_spec=$lt_[]_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)
-
-# If ld is used when linking, flag to hardcode \$libdir into
-# a binary during linking. This must work even if \$libdir does
-# not exist.
-hardcode_libdir_flag_spec_ld=$lt_[]_LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)
-
-# Whether we need a single -rpath flag with a separated argument.
-hardcode_libdir_separator=$lt_[]_LT_AC_TAGVAR(hardcode_libdir_separator, $1)
-
-# Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the
-# resulting binary.
-hardcode_direct=$_LT_AC_TAGVAR(hardcode_direct, $1)
-
-# Set to yes if using the -LDIR flag during linking hardcodes DIR into the
-# resulting binary.
-hardcode_minus_L=$_LT_AC_TAGVAR(hardcode_minus_L, $1)
-
-# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into
-# the resulting binary.
-hardcode_shlibpath_var=$_LT_AC_TAGVAR(hardcode_shlibpath_var, $1)
-
-# Set to yes if building a shared library automatically hardcodes DIR into the library
-# and all subsequent libraries and executables linked against it.
-hardcode_automatic=$_LT_AC_TAGVAR(hardcode_automatic, $1)
-
-# Variables whose values should be saved in libtool wrapper scripts and
-# restored at relink time.
-variables_saved_for_relink="$variables_saved_for_relink"
-
-# Whether libtool must link a program against all its dependency libraries.
-link_all_deplibs=$_LT_AC_TAGVAR(link_all_deplibs, $1)
-
-# Compile-time system search path for libraries
-sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
-
-# Run-time system search path for libraries
-sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
-
-# Fix the shell variable \$srcfile for the compiler.
-fix_srcfile_path="$_LT_AC_TAGVAR(fix_srcfile_path, $1)"
-
-# Set to yes if exported symbols are required.
-always_export_symbols=$_LT_AC_TAGVAR(always_export_symbols, $1)
-
-# The commands to list exported symbols.
-export_symbols_cmds=$lt_[]_LT_AC_TAGVAR(export_symbols_cmds, $1)
-
-# The commands to extract the exported symbol list from a shared archive.
-extract_expsyms_cmds=$lt_extract_expsyms_cmds
-
-# Symbols that should not be listed in the preloaded symbols.
-exclude_expsyms=$lt_[]_LT_AC_TAGVAR(exclude_expsyms, $1)
-
-# Symbols that must always be exported.
-include_expsyms=$lt_[]_LT_AC_TAGVAR(include_expsyms, $1)
-
-ifelse([$1],[],
-[# ### END LIBTOOL CONFIG],
-[# ### END LIBTOOL TAG CONFIG: $tagname])
-
-__EOF__
-
-ifelse([$1],[], [
-  case $host_os in
-  aix3*)
-    cat <<\EOF >> "$cfgfile"
-
-# AIX sometimes has problems with the GCC collect2 program.  For some
-# reason, if we set the COLLECT_NAMES environment variable, the problems
-# vanish in a puff of smoke.
-if test "X${COLLECT_NAMES+set}" != Xset; then
-  COLLECT_NAMES=
-  export COLLECT_NAMES
-fi
-EOF
-    ;;
-  esac
-
-  # We use sed instead of cat because bash on DJGPP gets confused if
-  # if finds mixed CR/LF and LF-only lines.  Since sed operates in
-  # text mode, it properly converts lines to CR/LF.  This bash problem
-  # is reportedly fixed, but why not run on old versions too?
-  sed '$q' "$ltmain" >> "$cfgfile" || (rm -f "$cfgfile"; exit 1)
-
-  mv -f "$cfgfile" "$ofile" || \
-    (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile")
-  chmod +x "$ofile"
-])
-else
-  # If there is no Makefile yet, we rely on a make rule to execute
-  # `config.status --recheck' to rerun these tests and create the
-  # libtool script then.
-  ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'`
-  if test -f "$ltmain_in"; then
-    test -f Makefile && make "$ltmain"
-  fi
-fi
-])# AC_LIBTOOL_CONFIG
-
-
-# AC_LIBTOOL_PROG_COMPILER_NO_RTTI([TAGNAME])
-# -------------------------------------------
-AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_NO_RTTI],
-[AC_REQUIRE([_LT_AC_SYS_COMPILER])dnl
-
-_LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
-
-if test "$GCC" = yes; then
-  _LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin'
-
-  AC_LIBTOOL_COMPILER_OPTION([if $compiler supports -fno-rtti -fno-exceptions],
-    lt_cv_prog_compiler_rtti_exceptions,
-    [-fno-rtti -fno-exceptions], [],
-    [_LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)="$_LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) -fno-rtti -fno-exceptions"])
-fi
-])# AC_LIBTOOL_PROG_COMPILER_NO_RTTI
-
-
-# AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE
-# ---------------------------------
-AC_DEFUN([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE],
-[AC_REQUIRE([AC_CANONICAL_HOST])
-AC_REQUIRE([AC_PROG_NM])
-AC_REQUIRE([AC_OBJEXT])
-# Check for command to grab the raw symbol name followed by C symbol from nm.
-AC_MSG_CHECKING([command to parse $NM output from $compiler object])
-AC_CACHE_VAL([lt_cv_sys_global_symbol_pipe],
-[
-# These are sane defaults that work on at least a few old systems.
-# [They come from Ultrix.  What could be older than Ultrix?!! ;)]
-
-# Character class describing NM global symbol codes.
-symcode='[[BCDEGRST]]'
-
-# Regexp to match symbols that can be accessed directly from C.
-sympat='\([[_A-Za-z]][[_A-Za-z0-9]]*\)'
-
-# Transform an extracted symbol line into a proper C declaration
-lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^. .* \(.*\)$/extern int \1;/p'"
-
-# Transform an extracted symbol line into symbol name and symbol address
-lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\) $/  {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode \([[^ ]]*\) \([[^ ]]*\)$/  {\"\2\", (lt_ptr) \&\2},/p'"
-
-# Define system-specific variables.
-case $host_os in
-aix*)
-  symcode='[[BCDT]]'
-  ;;
-cygwin* | mingw* | pw32*)
-  symcode='[[ABCDGISTW]]'
-  ;;
-hpux*) # Its linker distinguishes data from code symbols
-  if test "$host_cpu" = ia64; then
-    symcode='[[ABCDEGRST]]'
-  fi
-  lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
-  lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\) $/  {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/  {\"\2\", (lt_ptr) \&\2},/p'"
-  ;;
-linux*)
-  if test "$host_cpu" = ia64; then
-    symcode='[[ABCDGIRSTW]]'
-    lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
-    lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\) $/  {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/  {\"\2\", (lt_ptr) \&\2},/p'"
-  fi
-  ;;
-irix* | nonstopux*)
-  symcode='[[BCDEGRST]]'
-  ;;
-osf*)
-  symcode='[[BCDEGQRST]]'
-  ;;
-solaris*)
-  symcode='[[BDRT]]'
-  ;;
-sco3.2v5*)
-  symcode='[[DT]]'
-  ;;
-sysv4.2uw2*)
-  symcode='[[DT]]'
-  ;;
-sysv5* | sco5v6* | unixware* | OpenUNIX*)
-  symcode='[[ABDT]]'
-  ;;
-sysv4)
-  symcode='[[DFNSTU]]'
-  ;;
-esac
-
-# Handle CRLF in mingw tool chain
-opt_cr=
-case $build_os in
-mingw*)
-  opt_cr=`echo 'x\{0,1\}' | tr x '\015'` # option cr in regexp
-  ;;
-esac
-
-# If we're using GNU nm, then use its standard symbol codes.
-case `$NM -V 2>&1` in
-*GNU* | *'with BFD'*)
-  symcode='[[ABCDGIRSTW]]' ;;
-esac
-
-# Try without a prefix undercore, then with it.
-for ac_symprfx in "" "_"; do
-
-  # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol.
-  symxfrm="\\1 $ac_symprfx\\2 \\2"
-
-  # Write the raw and C identifiers.
-  lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[ 	]]\($symcode$symcode*\)[[ 	]][[ 	]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
-
-  # Check to see that the pipe works correctly.
-  pipe_works=no
-
-  rm -f conftest*
-  cat > conftest.$ac_ext <<EOF
-#ifdef __cplusplus
-extern "C" {
-#endif
-char nm_test_var;
-void nm_test_func(){}
-#ifdef __cplusplus
-}
-#endif
-int main(){nm_test_var='a';nm_test_func();return(0);}
-EOF
-
-  if AC_TRY_EVAL(ac_compile); then
-    # Now try to grab the symbols.
-    nlist=conftest.nm
-    if AC_TRY_EVAL(NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist) && test -s "$nlist"; then
-      # Try sorting and uniquifying the output.
-      if sort "$nlist" | uniq > "$nlist"T; then
-	mv -f "$nlist"T "$nlist"
-      else
-	rm -f "$nlist"T
-      fi
-
-      # Make sure that we snagged all the symbols we need.
-      if grep ' nm_test_var$' "$nlist" >/dev/null; then
-	if grep ' nm_test_func$' "$nlist" >/dev/null; then
-	  cat <<EOF > conftest.$ac_ext
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-EOF
-	  # Now generate the symbol file.
-	  eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | grep -v main >> conftest.$ac_ext'
-
-	  cat <<EOF >> conftest.$ac_ext
-#if defined (__STDC__) && __STDC__
-# define lt_ptr_t void *
-#else
-# define lt_ptr_t char *
-# define const
-#endif
-
-/* The mapping between symbol names and symbols. */
-const struct {
-  const char *name;
-  lt_ptr_t address;
-}
-lt_preloaded_symbols[[]] =
-{
-EOF
-	  $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/  {\"\2\", (lt_ptr_t) \&\2},/" < "$nlist" | grep -v main >> conftest.$ac_ext
-	  cat <<\EOF >> conftest.$ac_ext
-  {0, (lt_ptr_t) 0}
-};
-
-#ifdef __cplusplus
-}
-#endif
-EOF
-	  # Now try linking the two files.
-	  mv conftest.$ac_objext conftstm.$ac_objext
-	  lt_save_LIBS="$LIBS"
-	  lt_save_CFLAGS="$CFLAGS"
-	  LIBS="conftstm.$ac_objext"
-	  CFLAGS="$CFLAGS$_LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)"
-	  if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext}; then
-	    pipe_works=yes
-	  fi
-	  LIBS="$lt_save_LIBS"
-	  CFLAGS="$lt_save_CFLAGS"
-	else
-	  echo "cannot find nm_test_func in $nlist" >&AS_MESSAGE_LOG_FD
-	fi
-      else
-	echo "cannot find nm_test_var in $nlist" >&AS_MESSAGE_LOG_FD
-      fi
-    else
-      echo "cannot run $lt_cv_sys_global_symbol_pipe" >&AS_MESSAGE_LOG_FD
-    fi
-  else
-    echo "$progname: failed program was:" >&AS_MESSAGE_LOG_FD
-    cat conftest.$ac_ext >&5
-  fi
-  rm -f conftest* conftst*
-
-  # Do not use the global_symbol_pipe unless it works.
-  if test "$pipe_works" = yes; then
-    break
-  else
-    lt_cv_sys_global_symbol_pipe=
-  fi
-done
-])
-if test -z "$lt_cv_sys_global_symbol_pipe"; then
-  lt_cv_sys_global_symbol_to_cdecl=
-fi
-if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then
-  AC_MSG_RESULT(failed)
-else
-  AC_MSG_RESULT(ok)
-fi
-]) # AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE
-
-
-# AC_LIBTOOL_PROG_COMPILER_PIC([TAGNAME])
-# ---------------------------------------
-AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_PIC],
-[_LT_AC_TAGVAR(lt_prog_compiler_wl, $1)=
-_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=
-_LT_AC_TAGVAR(lt_prog_compiler_static, $1)=
-
-AC_MSG_CHECKING([for $compiler option to produce PIC])
- ifelse([$1],[CXX],[
-  # C++ specific cases for pic, static, wl, etc.
-  if test "$GXX" = yes; then
-    _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-    _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-static'
-
-    case $host_os in
-    aix*)
-      # All AIX code is PIC.
-      if test "$host_cpu" = ia64; then
-	# AIX 5 now supports IA64 processor
-	_LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      fi
-      ;;
-    amigaos*)
-      # FIXME: we need at least 68020 code to build shared libraries, but
-      # adding the `-m68020' flag to GCC prevents building anything better,
-      # like `-m68040'.
-      _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4'
-      ;;
-    beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
-      # PIC is the default for these OSes.
-      ;;
-    mingw* | os2* | pw32*)
-      # This hack is so that the source file can tell whether it is being
-      # built for inclusion in a dll (and should export symbols for example).
-      _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'
-      ;;
-    darwin* | rhapsody*)
-      # PIC is the default on this platform
-      # Common symbols not allowed in MH_DYLIB files
-      _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
-      ;;
-    *djgpp*)
-      # DJGPP does not support shared libraries at all
-      _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=
-      ;;
-    interix3*)
-      # Interix 3.x gcc -fpic/-fPIC options generate broken code.
-      # Instead, we relocate shared libraries at runtime.
-      ;;
-    sysv4*MP*)
-      if test -d /usr/nec; then
-	_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic
-      fi
-      ;;
-    hpux*)
-      # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
-      # not for PA HP-UX.
-      case $host_cpu in
-      hppa*64*|ia64*)
-	;;
-      *)
-	_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	;;
-      esac
-      ;;
-    *)
-      _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-      ;;
-    esac
-  else
-    case $host_os in
-      aix4* | aix5*)
-	# All AIX code is PIC.
-	if test "$host_cpu" = ia64; then
-	  # AIX 5 now supports IA64 processor
-	  _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	else
-	  _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp'
-	fi
-	;;
-      chorus*)
-	case $cc_basename in
-	cxch68*)
-	  # Green Hills C++ Compiler
-	  # _LT_AC_TAGVAR(lt_prog_compiler_static, $1)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a"
-	  ;;
-	esac
-	;;
-       darwin*)
-         # PIC is the default on this platform
-         # Common symbols not allowed in MH_DYLIB files
-         case $cc_basename in
-           xlc*)
-           _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-qnocommon'
-           _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-           ;;
-         esac
-       ;;
-      dgux*)
-	case $cc_basename in
-	  ec++*)
-	    _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	    ;;
-	  ghcx*)
-	    # Green Hills C++ Compiler
-	    _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      freebsd* | kfreebsd*-gnu | dragonfly*)
-	# FreeBSD uses GNU C++
-	;;
-      hpux9* | hpux10* | hpux11*)
-	case $cc_basename in
-	  CC*)
-	    _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive'
-	    if test "$host_cpu" != ia64; then
-	      _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
-	    fi
-	    ;;
-	  aCC*)
-	    _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive'
-	    case $host_cpu in
-	    hppa*64*|ia64*)
-	      # +Z the default
-	      ;;
-	    *)
-	      _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
-	      ;;
-	    esac
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      interix*)
-	# This is c89, which is MS Visual C++ (no shared libs)
-	# Anyone wants to do a port?
-	;;
-      irix5* | irix6* | nonstopux*)
-	case $cc_basename in
-	  CC*)
-	    _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-	    # CC pic flag -KPIC is the default.
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      linux*)
-	case $cc_basename in
-	  KCC*)
-	    # KAI C++ Compiler
-	    _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,'
-	    _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	    ;;
-	  icpc* | ecpc*)
-	    # Intel C++
-	    _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	    _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-static'
-	    ;;
-	  pgCC*)
-	    # Portland Group C++ compiler.
-	    _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
-	    _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	    ;;
-	  cxx*)
-	    # Compaq C++
-	    # Make sure the PIC flag is empty.  It appears that all Alpha
-	    # Linux and Compaq Tru64 Unix objects are PIC.
-	    _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=
-	    _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      lynxos*)
-	;;
-      m88k*)
-	;;
-      mvs*)
-	case $cc_basename in
-	  cxx*)
-	    _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-W c,exportall'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      netbsd*)
-	;;
-      osf3* | osf4* | osf5*)
-	case $cc_basename in
-	  KCC*)
-	    _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,'
-	    ;;
-	  RCC*)
-	    # Rational C++ 2.4.1
-	    _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
-	    ;;
-	  cxx*)
-	    # Digital/Compaq C++
-	    _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    # Make sure the PIC flag is empty.  It appears that all Alpha
-	    # Linux and Compaq Tru64 Unix objects are PIC.
-	    _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=
-	    _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      psos*)
-	;;
-      solaris*)
-	case $cc_basename in
-	  CC*)
-	    # Sun C++ 4.2, 5.x and Centerline C++
-	    _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	    _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	    _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
-	    ;;
-	  gcx*)
-	    # Green Hills C++ Compiler
-	    _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      sunos4*)
-	case $cc_basename in
-	  CC*)
-	    # Sun C++ 4.x
-	    _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
-	    _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	    ;;
-	  lcc*)
-	    # Lucid
-	    _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      tandem*)
-	case $cc_basename in
-	  NCC*)
-	    # NonStop-UX NCC 3.20
-	    _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
-	case $cc_basename in
-	  CC*)
-	    _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	    _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	    ;;
-	esac
-	;;
-      vxworks*)
-	;;
-      *)
-	_LT_AC_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
-	;;
-    esac
-  fi
-],
-[
-  if test "$GCC" = yes; then
-    _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-    _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-static'
-
-    case $host_os in
-      aix*)
-      # All AIX code is PIC.
-      if test "$host_cpu" = ia64; then
-	# AIX 5 now supports IA64 processor
-	_LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      fi
-      ;;
-
-    amigaos*)
-      # FIXME: we need at least 68020 code to build shared libraries, but
-      # adding the `-m68020' flag to GCC prevents building anything better,
-      # like `-m68040'.
-      _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4'
-      ;;
-
-    beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
-      # PIC is the default for these OSes.
-      ;;
-
-    mingw* | pw32* | os2*)
-      # This hack is so that the source file can tell whether it is being
-      # built for inclusion in a dll (and should export symbols for example).
-      _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'
-      ;;
-
-    darwin* | rhapsody*)
-      # PIC is the default on this platform
-      # Common symbols not allowed in MH_DYLIB files
-      _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
-      ;;
-
-    interix3*)
-      # Interix 3.x gcc -fpic/-fPIC options generate broken code.
-      # Instead, we relocate shared libraries at runtime.
-      ;;
-
-    msdosdjgpp*)
-      # Just because we use GCC doesn't mean we suddenly get shared libraries
-      # on systems that don't support them.
-      _LT_AC_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
-      enable_shared=no
-      ;;
-
-    sysv4*MP*)
-      if test -d /usr/nec; then
-	_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic
-      fi
-      ;;
-
-    hpux*)
-      # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
-      # not for PA HP-UX.
-      case $host_cpu in
-      hppa*64*|ia64*)
-	# +Z the default
-	;;
-      *)
-	_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	;;
-      esac
-      ;;
-
-    *)
-      _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-      ;;
-    esac
-  else
-    # PORTME Check for flag to pass linker flags through the system compiler.
-    case $host_os in
-    aix*)
-      _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      if test "$host_cpu" = ia64; then
-	# AIX 5 now supports IA64 processor
-	_LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      else
-	_LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp'
-      fi
-      ;;
-      darwin*)
-        # PIC is the default on this platform
-        # Common symbols not allowed in MH_DYLIB files
-       case $cc_basename in
-         xlc*)
-         _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-qnocommon'
-         _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-         ;;
-       esac
-       ;;
-
-    mingw* | pw32* | os2*)
-      # This hack is so that the source file can tell whether it is being
-      # built for inclusion in a dll (and should export symbols for example).
-      _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'
-      ;;
-
-    hpux9* | hpux10* | hpux11*)
-      _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
-      # not for PA HP-UX.
-      case $host_cpu in
-      hppa*64*|ia64*)
-	# +Z the default
-	;;
-      *)
-	_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
-	;;
-      esac
-      # Is there a better lt_prog_compiler_static that works with the bundled CC?
-      _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive'
-      ;;
-
-    irix5* | irix6* | nonstopux*)
-      _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      # PIC (with -KPIC) is the default.
-      _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-      ;;
-
-    newsos6)
-      _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-      _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      ;;
-
-    linux*)
-      case $cc_basename in
-      icc* | ecc*)
-	_LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	_LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-static'
-        ;;
-      pgcc* | pgf77* | pgf90* | pgf95*)
-        # Portland Group compilers (*not* the Pentium gcc compiler,
-	# which looks to be a dead project)
-	_LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
-	_LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-        ;;
-      ccc*)
-        _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-        # All Alpha code is PIC.
-        _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-        ;;
-      esac
-      ;;
-
-    osf3* | osf4* | osf5*)
-      _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      # All OSF/1 code is PIC.
-      _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-      ;;
-
-    solaris*)
-      _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-      _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      case $cc_basename in
-      f77* | f90* | f95*)
-	_LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ';;
-      *)
-	_LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,';;
-      esac
-      ;;
-
-    sunos4*)
-      _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
-      _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
-      _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      ;;
-
-    sysv4 | sysv4.2uw2* | sysv4.3*)
-      _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-      _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      ;;
-
-    sysv4*MP*)
-      if test -d /usr/nec ;then
-	_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-Kconform_pic'
-	_LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      fi
-      ;;
-
-    sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
-      _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-      _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      ;;
-
-    unicos*)
-      _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      _LT_AC_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
-      ;;
-
-    uts4*)
-      _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
-      _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      ;;
-
-    *)
-      _LT_AC_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
-      ;;
-    esac
-  fi
-])
-AC_MSG_RESULT([$_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)])
-
-#
-# Check to make sure the PIC flag actually works.
-#
-if test -n "$_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)"; then
-  AC_LIBTOOL_COMPILER_OPTION([if $compiler PIC flag $_LT_AC_TAGVAR(lt_prog_compiler_pic, $1) works],
-    _LT_AC_TAGVAR(lt_prog_compiler_pic_works, $1),
-    [$_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)ifelse([$1],[],[ -DPIC],[ifelse([$1],[CXX],[ -DPIC],[])])], [],
-    [case $_LT_AC_TAGVAR(lt_prog_compiler_pic, $1) in
-     "" | " "*) ;;
-     *) _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=" $_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)" ;;
-     esac],
-    [_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=
-     _LT_AC_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no])
-fi
-case $host_os in
-  # For platforms which do not support PIC, -DPIC is meaningless:
-  *djgpp*)
-    _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=
-    ;;
-  *)
-    _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)="$_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)ifelse([$1],[],[ -DPIC],[ifelse([$1],[CXX],[ -DPIC],[])])"
-    ;;
-esac
-
-#
-# Check to make sure the static flag actually works.
-#
-wl=$_LT_AC_TAGVAR(lt_prog_compiler_wl, $1) eval lt_tmp_static_flag=\"$_LT_AC_TAGVAR(lt_prog_compiler_static, $1)\"
-AC_LIBTOOL_LINKER_OPTION([if $compiler static flag $lt_tmp_static_flag works],
-  _LT_AC_TAGVAR(lt_prog_compiler_static_works, $1),
-  $lt_tmp_static_flag,
-  [],
-  [_LT_AC_TAGVAR(lt_prog_compiler_static, $1)=])
-])
-
-
-# AC_LIBTOOL_PROG_LD_SHLIBS([TAGNAME])
-# ------------------------------------
-# See if the linker supports building shared libraries.
-AC_DEFUN([AC_LIBTOOL_PROG_LD_SHLIBS],
-[AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries])
-ifelse([$1],[CXX],[
-  _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
-  case $host_os in
-  aix4* | aix5*)
-    # If we're using GNU nm, then we don't want the "-C" option.
-    # -C means demangle to AIX nm, but means don't demangle with GNU nm
-    if $NM -V 2>&1 | grep 'GNU' > /dev/null; then
-      _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\[$]2 == "T") || (\[$]2 == "D") || (\[$]2 == "B")) && ([substr](\[$]3,1,1) != ".")) { print \[$]3 } }'\'' | sort -u > $export_symbols'
-    else
-      _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\[$]2 == "T") || (\[$]2 == "D") || (\[$]2 == "B")) && ([substr](\[$]3,1,1) != ".")) { print \[$]3 } }'\'' | sort -u > $export_symbols'
-    fi
-    ;;
-  pw32*)
-    _LT_AC_TAGVAR(export_symbols_cmds, $1)="$ltdll_cmds"
-  ;;
-  cygwin* | mingw*)
-    _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]] /s/.* \([[^ ]]*\)/\1 DATA/;/^.* __nm__/s/^.* __nm__\([[^ ]]*\) [[^ ]]*/\1 DATA/;/^I /d;/^[[AITW]] /s/.* //'\'' | sort | uniq > $export_symbols'
-  ;;
-  *)
-    _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
-  ;;
-  esac
-],[
-  runpath_var=
-  _LT_AC_TAGVAR(allow_undefined_flag, $1)=
-  _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=no
-  _LT_AC_TAGVAR(archive_cmds, $1)=
-  _LT_AC_TAGVAR(archive_expsym_cmds, $1)=
-  _LT_AC_TAGVAR(old_archive_From_new_cmds, $1)=
-  _LT_AC_TAGVAR(old_archive_from_expsyms_cmds, $1)=
-  _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)=
-  _LT_AC_TAGVAR(whole_archive_flag_spec, $1)=
-  _LT_AC_TAGVAR(thread_safe_flag_spec, $1)=
-  _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)=
-  _LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
-  _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=
-  _LT_AC_TAGVAR(hardcode_direct, $1)=no
-  _LT_AC_TAGVAR(hardcode_minus_L, $1)=no
-  _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
-  _LT_AC_TAGVAR(link_all_deplibs, $1)=unknown
-  _LT_AC_TAGVAR(hardcode_automatic, $1)=no
-  _LT_AC_TAGVAR(module_cmds, $1)=
-  _LT_AC_TAGVAR(module_expsym_cmds, $1)=
-  _LT_AC_TAGVAR(always_export_symbols, $1)=no
-  _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
-  # include_expsyms should be a list of space-separated symbols to be *always*
-  # included in the symbol list
-  _LT_AC_TAGVAR(include_expsyms, $1)=
-  # exclude_expsyms can be an extended regexp of symbols to exclude
-  # it will be wrapped by ` (' and `)$', so one must not match beginning or
-  # end of line.  Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc',
-  # as well as any symbol that contains `d'.
-  _LT_AC_TAGVAR(exclude_expsyms, $1)="_GLOBAL_OFFSET_TABLE_"
-  # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
-  # platforms (ab)use it in PIC code, but their linkers get confused if
-  # the symbol is explicitly referenced.  Since portable code cannot
-  # rely on this symbol name, it's probably fine to never include it in
-  # preloaded symbol tables.
-  extract_expsyms_cmds=
-  # Just being paranoid about ensuring that cc_basename is set.
-  _LT_CC_BASENAME([$compiler])
-  case $host_os in
-  cygwin* | mingw* | pw32*)
-    # FIXME: the MSVC++ port hasn't been tested in a loooong time
-    # When not using gcc, we currently assume that we are using
-    # Microsoft Visual C++.
-    if test "$GCC" != yes; then
-      with_gnu_ld=no
-    fi
-    ;;
-  interix*)
-    # we just hope/assume this is gcc and not c89 (= MSVC++)
-    with_gnu_ld=yes
-    ;;
-  openbsd*)
-    with_gnu_ld=no
-    ;;
-  esac
-
-  _LT_AC_TAGVAR(ld_shlibs, $1)=yes
-  if test "$with_gnu_ld" = yes; then
-    # If archive_cmds runs LD, not CC, wlarc should be empty
-    wlarc='${wl}'
-
-    # Set some defaults for GNU ld with shared library support. These
-    # are reset later if shared libraries are not supported. Putting them
-    # here allows them to be overridden if necessary.
-    runpath_var=LD_RUN_PATH
-    _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir'
-    _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
-    # ancient GNU ld didn't support --whole-archive et. al.
-    if $LD --help 2>&1 | grep 'no-whole-archive' > /dev/null; then
-	_LT_AC_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
-      else
-  	_LT_AC_TAGVAR(whole_archive_flag_spec, $1)=
-    fi
-    supports_anon_versioning=no
-    case `$LD -v 2>/dev/null` in
-      *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11
-      *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
-      *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
-      *\ 2.11.*) ;; # other 2.11 versions
-      *) supports_anon_versioning=yes ;;
-    esac
-
-    # See if GNU ld supports shared libraries.
-    case $host_os in
-    aix3* | aix4* | aix5*)
-      # On AIX/PPC, the GNU linker is very broken
-      if test "$host_cpu" != ia64; then
-	_LT_AC_TAGVAR(ld_shlibs, $1)=no
-	cat <<EOF 1>&2
-
-*** Warning: the GNU linker, at least up to release 2.9.1, is reported
-*** to be unable to reliably create shared libraries on AIX.
-*** Therefore, libtool is disabling shared libraries support.  If you
-*** really care for shared libraries, you may want to modify your PATH
-*** so that a non-GNU linker is found, and then restart.
-
-EOF
-      fi
-      ;;
-
-    amigaos*)
-      _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
-      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
-
-      # Samuel A. Falvo II <kc5tja@dolphin.openprojects.net> reports
-      # that the semantics of dynamic libraries on AmigaOS, at least up
-      # to version 4, is to share data among multiple programs linked
-      # with the same dynamic library.  Since this doesn't match the
-      # behavior of shared libraries on other platforms, we can't use
-      # them.
-      _LT_AC_TAGVAR(ld_shlibs, $1)=no
-      ;;
-
-    beos*)
-      if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
-	_LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported
-	# Joseph Beckenbach <jrb3@best.com> says some releases of gcc
-	# support --undefined.  This deserves some investigation.  FIXME
-	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
-      else
-	_LT_AC_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-
-    cygwin* | mingw* | pw32*)
-      # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
-      # as there is no search path for DLLs.
-      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported
-      _LT_AC_TAGVAR(always_export_symbols, $1)=no
-      _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-      _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]] /s/.* \([[^ ]]*\)/\1 DATA/'\'' | $SED -e '\''/^[[AITW]] /s/.* //'\'' | sort | uniq > $export_symbols'
-
-      if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
-        _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
-	# If the export-symbols file already is a .def file (1st line
-	# is EXPORTS), use it as is; otherwise, prepend...
-	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
-	  cp $export_symbols $output_objdir/$soname.def;
-	else
-	  echo EXPORTS > $output_objdir/$soname.def;
-	  cat $export_symbols >> $output_objdir/$soname.def;
-	fi~
-	$CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
-      else
-	_LT_AC_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-
-    interix3*)
-      _LT_AC_TAGVAR(hardcode_direct, $1)=no
-      _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
-      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
-      _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
-      # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
-      # Instead, shared libraries are loaded at an image base (0x10000000 by
-      # default) and relocated if they conflict, which is a slow very memory
-      # consuming and fragmenting process.  To avoid this, we pick a random,
-      # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
-      # time.  Moving up from 0x10000000 also allows more sbrk(2) space.
-      _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-      _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-      ;;
-
-    linux*)
-      if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
-	tmp_addflag=
-	case $cc_basename,$host_cpu in
-	pgcc*)				# Portland Group C compiler
-	  _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
-	  tmp_addflag=' $pic_flag'
-	  ;;
-	pgf77* | pgf90* | pgf95*)	# Portland Group f77 and f90 compilers
-	  _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
-	  tmp_addflag=' $pic_flag -Mnomain' ;;
-	ecc*,ia64* | icc*,ia64*)		# Intel C compiler on ia64
-	  tmp_addflag=' -i_dynamic' ;;
-	efc*,ia64* | ifort*,ia64*)	# Intel Fortran compiler on ia64
-	  tmp_addflag=' -i_dynamic -nofor_main' ;;
-	ifc* | ifort*)			# Intel Fortran compiler
-	  tmp_addflag=' -nofor_main' ;;
-	esac
-	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
-
-	if test $supports_anon_versioning = yes; then
-	  _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $output_objdir/$libname.ver~
-  cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
-  $echo "local: *; };" >> $output_objdir/$libname.ver~
-	  $CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
-	fi
-      else
-	_LT_AC_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-
-    netbsd*)
-      if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
-	_LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
-	wlarc=
-      else
-	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
-	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
-      fi
-      ;;
-
-    solaris*)
-      if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then
-	_LT_AC_TAGVAR(ld_shlibs, $1)=no
-	cat <<EOF 1>&2
-
-*** Warning: The releases 2.8.* of the GNU linker cannot reliably
-*** create shared libraries on Solaris systems.  Therefore, libtool
-*** is disabling shared libraries support.  We urge you to upgrade GNU
-*** binutils to release 2.9.1 or newer.  Another option is to modify
-*** your PATH or compiler configuration so that the native linker is
-*** used, and then restart.
-
-EOF
-      elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
-	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
-	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
-      else
-	_LT_AC_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-
-    sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
-      case `$LD -v 2>&1` in
-        *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*) 
-	_LT_AC_TAGVAR(ld_shlibs, $1)=no
-	cat <<_LT_EOF 1>&2
-
-*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not
-*** reliably create shared libraries on SCO systems.  Therefore, libtool
-*** is disabling shared libraries support.  We urge you to upgrade GNU
-*** binutils to release 2.16.91.0.3 or newer.  Another option is to modify
-*** your PATH or compiler configuration so that the native linker is
-*** used, and then restart.
-
-_LT_EOF
-	;;
-	*)
-	  if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
-	    _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='`test -z "$SCOABSPATH" && echo ${wl}-rpath,$libdir`'
-	    _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib'
-	    _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname,-retain-symbols-file,$export_symbols -o $lib'
-	  else
-	    _LT_AC_TAGVAR(ld_shlibs, $1)=no
-	  fi
-	;;
-      esac
-      ;;
-
-    sunos4*)
-      _LT_AC_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
-      wlarc=
-      _LT_AC_TAGVAR(hardcode_direct, $1)=yes
-      _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    *)
-      if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
-	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
-	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
-      else
-	_LT_AC_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-    esac
-
-    if test "$_LT_AC_TAGVAR(ld_shlibs, $1)" = no; then
-      runpath_var=
-      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)=
-      _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)=
-      _LT_AC_TAGVAR(whole_archive_flag_spec, $1)=
-    fi
-  else
-    # PORTME fill in a description of your system's linker (not GNU ld)
-    case $host_os in
-    aix3*)
-      _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported
-      _LT_AC_TAGVAR(always_export_symbols, $1)=yes
-      _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
-      # Note: this linker hardcodes the directories in LIBPATH if there
-      # are no directories specified by -L.
-      _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
-      if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then
-	# Neither direct hardcoding nor static linking is supported with a
-	# broken collect2.
-	_LT_AC_TAGVAR(hardcode_direct, $1)=unsupported
-      fi
-      ;;
-
-    aix4* | aix5*)
-      if test "$host_cpu" = ia64; then
-	# On IA64, the linker does run time linking by default, so we don't
-	# have to do anything special.
-	aix_use_runtimelinking=no
-	exp_sym_flag='-Bexport'
-	no_entry_flag=""
-      else
-	# If we're using GNU nm, then we don't want the "-C" option.
-	# -C means demangle to AIX nm, but means don't demangle with GNU nm
-	if $NM -V 2>&1 | grep 'GNU' > /dev/null; then
-	  _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\[$]2 == "T") || (\[$]2 == "D") || (\[$]2 == "B")) && ([substr](\[$]3,1,1) != ".")) { print \[$]3 } }'\'' | sort -u > $export_symbols'
-	else
-	  _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\[$]2 == "T") || (\[$]2 == "D") || (\[$]2 == "B")) && ([substr](\[$]3,1,1) != ".")) { print \[$]3 } }'\'' | sort -u > $export_symbols'
-	fi
-	aix_use_runtimelinking=no
-
-	# Test if we are trying to use run time linking or normal
-	# AIX style linking. If -brtl is somewhere in LDFLAGS, we
-	# need to do runtime linking.
-	case $host_os in aix4.[[23]]|aix4.[[23]].*|aix5*)
-	  for ld_flag in $LDFLAGS; do
-  	  if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
-  	    aix_use_runtimelinking=yes
-  	    break
-  	  fi
-	  done
-	  ;;
-	esac
-
-	exp_sym_flag='-bexport'
-	no_entry_flag='-bnoentry'
-      fi
-
-      # When large executables or shared objects are built, AIX ld can
-      # have problems creating the table of contents.  If linking a library
-      # or program results in "error TOC overflow" add -mminimal-toc to
-      # CXXFLAGS/CFLAGS for g++/gcc.  In the cases where that is not
-      # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
-
-      _LT_AC_TAGVAR(archive_cmds, $1)=''
-      _LT_AC_TAGVAR(hardcode_direct, $1)=yes
-      _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=':'
-      _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
-
-      if test "$GCC" = yes; then
-	case $host_os in aix4.[[012]]|aix4.[[012]].*)
-	# We only want to do this on AIX 4.2 and lower, the check
-	# below for broken collect2 doesn't work under 4.3+
-	  collect2name=`${CC} -print-prog-name=collect2`
-	  if test -f "$collect2name" && \
-  	   strings "$collect2name" | grep resolve_lib_name >/dev/null
-	  then
-  	  # We have reworked collect2
-  	  _LT_AC_TAGVAR(hardcode_direct, $1)=yes
-	  else
-  	  # We have old collect2
-  	  _LT_AC_TAGVAR(hardcode_direct, $1)=unsupported
-  	  # It fails to find uninstalled libraries when the uninstalled
-  	  # path is not listed in the libpath.  Setting hardcode_minus_L
-  	  # to unsupported forces relinking
-  	  _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
-  	  _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-  	  _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=
-	  fi
-	  ;;
-	esac
-	shared_flag='-shared'
-	if test "$aix_use_runtimelinking" = yes; then
-	  shared_flag="$shared_flag "'${wl}-G'
-	fi
-      else
-	# not using gcc
-	if test "$host_cpu" = ia64; then
-  	# VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
-  	# chokes on -Wl,-G. The following line is correct:
-	  shared_flag='-G'
-	else
-	  if test "$aix_use_runtimelinking" = yes; then
-	    shared_flag='${wl}-G'
-	  else
-	    shared_flag='${wl}-bM:SRE'
-	  fi
-	fi
-      fi
-
-      # It seems that -bexpall does not export symbols beginning with
-      # underscore (_), so it is better to generate a list of symbols to export.
-      _LT_AC_TAGVAR(always_export_symbols, $1)=yes
-      if test "$aix_use_runtimelinking" = yes; then
-	# Warning - without using the other runtime loading flags (-brtl),
-	# -berok will link without error, but may produce a broken library.
-	_LT_AC_TAGVAR(allow_undefined_flag, $1)='-berok'
-       # Determine the default libpath from the value encoded in an empty executable.
-       _LT_AC_SYS_LIBPATH_AIX
-       _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
-	_LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
-       else
-	if test "$host_cpu" = ia64; then
-	  _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib'
-	  _LT_AC_TAGVAR(allow_undefined_flag, $1)="-z nodefs"
-	  _LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols"
-	else
-	 # Determine the default libpath from the value encoded in an empty executable.
-	 _LT_AC_SYS_LIBPATH_AIX
-	 _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
-	  # Warning - without using the other run time loading flags,
-	  # -berok will link without error, but may produce a broken library.
-	  _LT_AC_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok'
-	  _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok'
-	  # Exported symbols can be pulled into shared objects from archives
-	  _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='$convenience'
-	  _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=yes
-	  # This is similar to how AIX traditionally builds its shared libraries.
-	  _LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
-	fi
-      fi
-      ;;
-
-    amigaos*)
-      _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
-      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
-      # see comment about different semantics on the GNU ld section
-      _LT_AC_TAGVAR(ld_shlibs, $1)=no
-      ;;
-
-    bsdi[[45]]*)
-      _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)=-rdynamic
-      ;;
-
-    cygwin* | mingw* | pw32*)
-      # When not using gcc, we currently assume that we are using
-      # Microsoft Visual C++.
-      # hardcode_libdir_flag_spec is actually meaningless, as there is
-      # no search path for DLLs.
-      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
-      _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported
-      # Tell ltmain to make .lib files, not .a files.
-      libext=lib
-      # Tell ltmain to make .dll files, not .so files.
-      shrext_cmds=".dll"
-      # FIXME: Setting linknames here is a bad hack.
-      _LT_AC_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `echo "$deplibs" | $SED -e '\''s/ -lc$//'\''` -link -dll~linknames='
-      # The linker will automatically build a .lib file if we build a DLL.
-      _LT_AC_TAGVAR(old_archive_From_new_cmds, $1)='true'
-      # FIXME: Should let the user specify the lib program.
-      _LT_AC_TAGVAR(old_archive_cmds, $1)='lib /OUT:$oldlib$oldobjs$old_deplibs'
-      _LT_AC_TAGVAR(fix_srcfile_path, $1)='`cygpath -w "$srcfile"`'
-      _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-      ;;
-
-    darwin* | rhapsody*)
-      case $host_os in
-        rhapsody* | darwin1.[[012]])
-         _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-undefined ${wl}suppress'
-         ;;
-       *) # Darwin 1.3 on
-         if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then
-           _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
-         else
-           case ${MACOSX_DEPLOYMENT_TARGET} in
-             10.[[012]])
-               _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
-               ;;
-             10.*)
-               _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-undefined ${wl}dynamic_lookup'
-               ;;
-           esac
-         fi
-         ;;
-      esac
-      _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
-      _LT_AC_TAGVAR(hardcode_direct, $1)=no
-      _LT_AC_TAGVAR(hardcode_automatic, $1)=yes
-      _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
-      _LT_AC_TAGVAR(whole_archive_flag_spec, $1)=''
-      _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
-    if test "$GCC" = yes ; then
-    	output_verbose_link_cmd='echo'
-        _LT_AC_TAGVAR(archive_cmds, $1)='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring'
-      _LT_AC_TAGVAR(module_cmds, $1)='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
-      # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
-      _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
-      _LT_AC_TAGVAR(module_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag  -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
-    else
-      case $cc_basename in
-        xlc*)
-         output_verbose_link_cmd='echo'
-         _LT_AC_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring'
-         _LT_AC_TAGVAR(module_cmds, $1)='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
-          # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
-         _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
-          _LT_AC_TAGVAR(module_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag  -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
-          ;;
-       *)
-         _LT_AC_TAGVAR(ld_shlibs, $1)=no
-          ;;
-      esac
-    fi
-      ;;
-
-    dgux*)
-      _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    freebsd1*)
-      _LT_AC_TAGVAR(ld_shlibs, $1)=no
-      ;;
-
-    # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
-    # support.  Future versions do this automatically, but an explicit c++rt0.o
-    # does not break anything, and helps significantly (at the cost of a little
-    # extra space).
-    freebsd2.2*)
-      _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
-      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-      _LT_AC_TAGVAR(hardcode_direct, $1)=yes
-      _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    # Unfortunately, older versions of FreeBSD 2 do not have this feature.
-    freebsd2*)
-      _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
-      _LT_AC_TAGVAR(hardcode_direct, $1)=yes
-      _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
-      _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
-    freebsd* | kfreebsd*-gnu | dragonfly*)
-      _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -o $lib $libobjs $deplibs $compiler_flags'
-      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-      _LT_AC_TAGVAR(hardcode_direct, $1)=yes
-      _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    hpux9*)
-      if test "$GCC" = yes; then
-	_LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
-      else
-	_LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
-      fi
-      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
-      _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
-      _LT_AC_TAGVAR(hardcode_direct, $1)=yes
-
-      # hardcode_minus_L: Not really in the search PATH,
-      # but as the default location of the library.
-      _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
-      _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
-      ;;
-
-    hpux10*)
-      if test "$GCC" = yes -a "$with_gnu_ld" = no; then
-	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	_LT_AC_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
-      fi
-      if test "$with_gnu_ld" = no; then
-	_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
-	_LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	_LT_AC_TAGVAR(hardcode_direct, $1)=yes
-	_LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
-
-	# hardcode_minus_L: Not really in the search PATH,
-	# but as the default location of the library.
-	_LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
-      fi
-      ;;
-
-    hpux11*)
-      if test "$GCC" = yes -a "$with_gnu_ld" = no; then
-	case $host_cpu in
-	hppa*64*)
-	  _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	ia64*)
-	  _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	*)
-	  _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	esac
-      else
-	case $host_cpu in
-	hppa*64*)
-	  _LT_AC_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	ia64*)
-	  _LT_AC_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	*)
-	  _LT_AC_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	esac
-      fi
-      if test "$with_gnu_ld" = no; then
-	_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
-	_LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	case $host_cpu in
-	hppa*64*|ia64*)
-	  _LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='+b $libdir'
-	  _LT_AC_TAGVAR(hardcode_direct, $1)=no
-	  _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
-	  ;;
-	*)
-	  _LT_AC_TAGVAR(hardcode_direct, $1)=yes
-	  _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
-
-	  # hardcode_minus_L: Not really in the search PATH,
-	  # but as the default location of the library.
-	  _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
-	  ;;
-	esac
-      fi
-      ;;
-
-    irix5* | irix6* | nonstopux*)
-      if test "$GCC" = yes; then
-	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
-      else
-	_LT_AC_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
-	_LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='-rpath $libdir'
-      fi
-      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
-      _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
-      _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
-      ;;
-
-    netbsd*)
-      if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
-	_LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'  # a.out
-      else
-	_LT_AC_TAGVAR(archive_cmds, $1)='$LD -shared -o $lib $libobjs $deplibs $linker_flags'      # ELF
-      fi
-      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-      _LT_AC_TAGVAR(hardcode_direct, $1)=yes
-      _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    newsos6)
-      _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      _LT_AC_TAGVAR(hardcode_direct, $1)=yes
-      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
-      _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
-      _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    openbsd*)
-      _LT_AC_TAGVAR(hardcode_direct, $1)=yes
-      _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
-      if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
-	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols'
-	_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
-	_LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
-      else
-       case $host_os in
-	 openbsd[[01]].* | openbsd2.[[0-7]] | openbsd2.[[0-7]].*)
-	   _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
-	   _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-	   ;;
-	 *)
-	   _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
-	   _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
-	   ;;
-       esac
-      fi
-      ;;
-
-    os2*)
-      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
-      _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported
-      _LT_AC_TAGVAR(archive_cmds, $1)='$echo "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$echo "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$echo DATA >> $output_objdir/$libname.def~$echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~$echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def'
-      _LT_AC_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def'
-      ;;
-
-    osf3*)
-      if test "$GCC" = yes; then
-	_LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
-	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
-      else
-	_LT_AC_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
-	_LT_AC_TAGVAR(archive_cmds, $1)='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
-      fi
-      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
-      _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
-      ;;
-
-    osf4* | osf5*)	# as osf3* with the addition of -msym flag
-      if test "$GCC" = yes; then
-	_LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
-	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
-	_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
-      else
-	_LT_AC_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
-	_LT_AC_TAGVAR(archive_cmds, $1)='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
-	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; echo "-hidden">> $lib.exp~
-	$LD -shared${allow_undefined_flag} -input $lib.exp $linker_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib~$rm $lib.exp'
-
-	# Both c and cxx compiler support -rpath directly
-	_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
-      fi
-      _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
-      ;;
-
-    solaris*)
-      _LT_AC_TAGVAR(no_undefined_flag, $1)=' -z text'
-      if test "$GCC" = yes; then
-	wlarc='${wl}'
-	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
-	  $CC -shared ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$rm $lib.exp'
-      else
-	wlarc=''
-	_LT_AC_TAGVAR(archive_cmds, $1)='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
-  	$LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp'
-      fi
-      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-      _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
-      case $host_os in
-      solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
-      *)
- 	# The compiler driver will combine linker options so we
- 	# cannot just pass the convience library names through
- 	# without $wl, iff we do not link with $LD.
- 	# Luckily, gcc supports the same syntax we need for Sun Studio.
- 	# Supported since Solaris 2.6 (maybe 2.5.1?)
- 	case $wlarc in
- 	'')
- 	  _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract' ;;
- 	*)
- 	  _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract' ;;
- 	esac ;;
-      esac
-      _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
-      ;;
-
-    sunos4*)
-      if test "x$host_vendor" = xsequent; then
-	# Use $CC to link under sequent, because it throws in some extra .o
-	# files that make .init and .fini sections work.
-	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	_LT_AC_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
-      fi
-      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_AC_TAGVAR(hardcode_direct, $1)=yes
-      _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
-      _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    sysv4)
-      case $host_vendor in
-	sni)
-	  _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	  _LT_AC_TAGVAR(hardcode_direct, $1)=yes # is this really true???
-	;;
-	siemens)
-	  ## LD is ld it makes a PLAMLIB
-	  ## CC just makes a GrossModule.
-	  _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -o $lib $libobjs $deplibs $linker_flags'
-	  _LT_AC_TAGVAR(reload_cmds, $1)='$CC -r -o $output$reload_objs'
-	  _LT_AC_TAGVAR(hardcode_direct, $1)=no
-        ;;
-	motorola)
-	  _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	  _LT_AC_TAGVAR(hardcode_direct, $1)=no #Motorola manual says yes, but my tests say they lie
-	;;
-      esac
-      runpath_var='LD_RUN_PATH'
-      _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    sysv4.3*)
-      _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
-      _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='-Bexport'
-      ;;
-
-    sysv4*MP*)
-      if test -d /usr/nec; then
-	_LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	_LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
-	runpath_var=LD_RUN_PATH
-	hardcode_runpath_var=yes
-	_LT_AC_TAGVAR(ld_shlibs, $1)=yes
-      fi
-      ;;
-
-    sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7*)
-      _LT_AC_TAGVAR(no_undefined_flag, $1)='${wl}-z,text'
-      _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
-      _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
-      runpath_var='LD_RUN_PATH'
-
-      if test "$GCC" = yes; then
-	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-      fi
-      ;;
-
-    sysv5* | sco3.2v5* | sco5v6*)
-      # Note: We can NOT use -z defs as we might desire, because we do not
-      # link with -lc, and that would cause any symbols used from libc to
-      # always be unresolved, which means just about no library would
-      # ever link correctly.  If we're not using GNU ld we use -z text
-      # though, which does catch some bad symbols but isn't as heavy-handed
-      # as -z defs.
-      _LT_AC_TAGVAR(no_undefined_flag, $1)='${wl}-z,text'
-      _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs'
-      _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
-      _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
-      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`'
-      _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=':'
-      _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
-      _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport'
-      runpath_var='LD_RUN_PATH'
-
-      if test "$GCC" = yes; then
-	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
-      fi
-      ;;
-
-    uts4*)
-      _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    *)
-      _LT_AC_TAGVAR(ld_shlibs, $1)=no
-      ;;
-    esac
-  fi
-])
-AC_MSG_RESULT([$_LT_AC_TAGVAR(ld_shlibs, $1)])
-test "$_LT_AC_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no
-
-#
-# Do we need to explicitly link libc?
-#
-case "x$_LT_AC_TAGVAR(archive_cmds_need_lc, $1)" in
-x|xyes)
-  # Assume -lc should be added
-  _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=yes
-
-  if test "$enable_shared" = yes && test "$GCC" = yes; then
-    case $_LT_AC_TAGVAR(archive_cmds, $1) in
-    *'~'*)
-      # FIXME: we may have to deal with multi-command sequences.
-      ;;
-    '$CC '*)
-      # Test whether the compiler implicitly links with -lc since on some
-      # systems, -lgcc has to come before -lc. If gcc already passes -lc
-      # to ld, don't add -lc before -lgcc.
-      AC_MSG_CHECKING([whether -lc should be explicitly linked in])
-      $rm conftest*
-      printf "$lt_simple_compile_test_code" > conftest.$ac_ext
-
-      if AC_TRY_EVAL(ac_compile) 2>conftest.err; then
-        soname=conftest
-        lib=conftest
-        libobjs=conftest.$ac_objext
-        deplibs=
-        wl=$_LT_AC_TAGVAR(lt_prog_compiler_wl, $1)
-	pic_flag=$_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)
-        compiler_flags=-v
-        linker_flags=-v
-        verstring=
-        output_objdir=.
-        libname=conftest
-        lt_save_allow_undefined_flag=$_LT_AC_TAGVAR(allow_undefined_flag, $1)
-        _LT_AC_TAGVAR(allow_undefined_flag, $1)=
-        if AC_TRY_EVAL(_LT_AC_TAGVAR(archive_cmds, $1) 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1)
-        then
-	  _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
-        else
-	  _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=yes
-        fi
-        _LT_AC_TAGVAR(allow_undefined_flag, $1)=$lt_save_allow_undefined_flag
-      else
-        cat conftest.err 1>&5
-      fi
-      $rm conftest*
-      AC_MSG_RESULT([$_LT_AC_TAGVAR(archive_cmds_need_lc, $1)])
-      ;;
-    esac
-  fi
-  ;;
-esac
-])# AC_LIBTOOL_PROG_LD_SHLIBS
-
-
-# _LT_AC_FILE_LTDLL_C
-# -------------------
-# Be careful that the start marker always follows a newline.
-AC_DEFUN([_LT_AC_FILE_LTDLL_C], [
-# /* ltdll.c starts here */
-# #define WIN32_LEAN_AND_MEAN
-# #include <windows.h>
-# #undef WIN32_LEAN_AND_MEAN
-# #include <stdio.h>
-#
-# #ifndef __CYGWIN__
-# #  ifdef __CYGWIN32__
-# #    define __CYGWIN__ __CYGWIN32__
-# #  endif
-# #endif
-#
-# #ifdef __cplusplus
-# extern "C" {
-# #endif
-# BOOL APIENTRY DllMain (HINSTANCE hInst, DWORD reason, LPVOID reserved);
-# #ifdef __cplusplus
-# }
-# #endif
-#
-# #ifdef __CYGWIN__
-# #include <cygwin/cygwin_dll.h>
-# DECLARE_CYGWIN_DLL( DllMain );
-# #endif
-# HINSTANCE __hDllInstance_base;
-#
-# BOOL APIENTRY
-# DllMain (HINSTANCE hInst, DWORD reason, LPVOID reserved)
-# {
-#   __hDllInstance_base = hInst;
-#   return TRUE;
-# }
-# /* ltdll.c ends here */
-])# _LT_AC_FILE_LTDLL_C
-
-
-# _LT_AC_TAGVAR(VARNAME, [TAGNAME])
-# ---------------------------------
-AC_DEFUN([_LT_AC_TAGVAR], [ifelse([$2], [], [$1], [$1_$2])])
-
-
-# old names
-AC_DEFUN([AM_PROG_LIBTOOL],   [AC_PROG_LIBTOOL])
-AC_DEFUN([AM_ENABLE_SHARED],  [AC_ENABLE_SHARED($@)])
-AC_DEFUN([AM_ENABLE_STATIC],  [AC_ENABLE_STATIC($@)])
-AC_DEFUN([AM_DISABLE_SHARED], [AC_DISABLE_SHARED($@)])
-AC_DEFUN([AM_DISABLE_STATIC], [AC_DISABLE_STATIC($@)])
-AC_DEFUN([AM_PROG_LD],        [AC_PROG_LD])
-AC_DEFUN([AM_PROG_NM],        [AC_PROG_NM])
-
-# This is just to silence aclocal about the macro not being used
-ifelse([AC_DISABLE_FAST_INSTALL])
-
-AC_DEFUN([LT_AC_PROG_GCJ],
-[AC_CHECK_TOOL(GCJ, gcj, no)
-  test "x${GCJFLAGS+set}" = xset || GCJFLAGS="-g -O2"
-  AC_SUBST(GCJFLAGS)
-])
-
-AC_DEFUN([LT_AC_PROG_RC],
-[AC_CHECK_TOOL(RC, windres, no)
-])
-
-# NOTE: This macro has been submitted for inclusion into   #
-#  GNU Autoconf as AC_PROG_SED.  When it is available in   #
-#  a released version of Autoconf we should remove this    #
-#  macro and use it instead.                               #
-# LT_AC_PROG_SED
-# --------------
-# Check for a fully-functional sed program, that truncates
-# as few characters as possible.  Prefer GNU sed if found.
-AC_DEFUN([LT_AC_PROG_SED],
-[AC_MSG_CHECKING([for a sed that does not truncate output])
-AC_CACHE_VAL(lt_cv_path_SED,
-[# Loop through the user's path and test for sed and gsed.
-# Then use that list of sed's as ones to test for truncation.
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for lt_ac_prog in sed gsed; do
-    for ac_exec_ext in '' $ac_executable_extensions; do
-      if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then
-        lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext"
-      fi
-    done
-  done
-done
-lt_ac_max=0
-lt_ac_count=0
-# Add /usr/xpg4/bin/sed as it is typically found on Solaris
-# along with /bin/sed that truncates output.
-for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do
-  test ! -f $lt_ac_sed && continue
-  cat /dev/null > conftest.in
-  lt_ac_count=0
-  echo $ECHO_N "0123456789$ECHO_C" >conftest.in
-  # Check for GNU sed and select it if it is found.
-  if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then
-    lt_cv_path_SED=$lt_ac_sed
-    break
-  fi
-  while true; do
-    cat conftest.in conftest.in >conftest.tmp
-    mv conftest.tmp conftest.in
-    cp conftest.in conftest.nl
-    echo >>conftest.nl
-    $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break
-    cmp -s conftest.out conftest.nl || break
-    # 10000 chars as input seems more than enough
-    test $lt_ac_count -gt 10 && break
-    lt_ac_count=`expr $lt_ac_count + 1`
-    if test $lt_ac_count -gt $lt_ac_max; then
-      lt_ac_max=$lt_ac_count
-      lt_cv_path_SED=$lt_ac_sed
-    fi
-  done
-done
-])
-SED=$lt_cv_path_SED
-AC_MSG_RESULT([$SED])
-])
-
-# Copyright (C) 2002, 2003, 2005, 2006  Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# AM_AUTOMAKE_VERSION(VERSION)
-# ----------------------------
-# Automake X.Y traces this macro to ensure aclocal.m4 has been
-# generated from the m4 files accompanying Automake X.Y.
-# (This private macro should not be called outside this file.)
-AC_DEFUN([AM_AUTOMAKE_VERSION],
-[am__api_version='1.10'
-dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
-dnl require some minimum version.  Point them to the right macro.
-m4_if([$1], [1.10], [],
-      [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
-])
-
-# _AM_AUTOCONF_VERSION(VERSION)
-# -----------------------------
-# aclocal traces this macro to find the Autoconf version.
-# This is a private macro too.  Using m4_define simplifies
-# the logic in aclocal, which can simply ignore this definition.
-m4_define([_AM_AUTOCONF_VERSION], [])
-
-# AM_SET_CURRENT_AUTOMAKE_VERSION
-# -------------------------------
-# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
-# This function is AC_REQUIREd by AC_INIT_AUTOMAKE.
-AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
-[AM_AUTOMAKE_VERSION([1.10])dnl
-_AM_AUTOCONF_VERSION(m4_PACKAGE_VERSION)])
-
-# AM_AUX_DIR_EXPAND                                         -*- Autoconf -*-
-
-# Copyright (C) 2001, 2003, 2005  Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets
-# $ac_aux_dir to `$srcdir/foo'.  In other projects, it is set to
-# `$srcdir', `$srcdir/..', or `$srcdir/../..'.
-#
-# Of course, Automake must honor this variable whenever it calls a
-# tool from the auxiliary directory.  The problem is that $srcdir (and
-# therefore $ac_aux_dir as well) can be either absolute or relative,
-# depending on how configure is run.  This is pretty annoying, since
-# it makes $ac_aux_dir quite unusable in subdirectories: in the top
-# source directory, any form will work fine, but in subdirectories a
-# relative path needs to be adjusted first.
-#
-# $ac_aux_dir/missing
-#    fails when called from a subdirectory if $ac_aux_dir is relative
-# $top_srcdir/$ac_aux_dir/missing
-#    fails if $ac_aux_dir is absolute,
-#    fails when called from a subdirectory in a VPATH build with
-#          a relative $ac_aux_dir
-#
-# The reason of the latter failure is that $top_srcdir and $ac_aux_dir
-# are both prefixed by $srcdir.  In an in-source build this is usually
-# harmless because $srcdir is `.', but things will broke when you
-# start a VPATH build or use an absolute $srcdir.
-#
-# So we could use something similar to $top_srcdir/$ac_aux_dir/missing,
-# iff we strip the leading $srcdir from $ac_aux_dir.  That would be:
-#   am_aux_dir='\$(top_srcdir)/'`expr "$ac_aux_dir" : "$srcdir//*\(.*\)"`
-# and then we would define $MISSING as
-#   MISSING="\${SHELL} $am_aux_dir/missing"
-# This will work as long as MISSING is not called from configure, because
-# unfortunately $(top_srcdir) has no meaning in configure.
-# However there are other variables, like CC, which are often used in
-# configure, and could therefore not use this "fixed" $ac_aux_dir.
-#
-# Another solution, used here, is to always expand $ac_aux_dir to an
-# absolute PATH.  The drawback is that using absolute paths prevent a
-# configured tree to be moved without reconfiguration.
-
-AC_DEFUN([AM_AUX_DIR_EXPAND],
-[dnl Rely on autoconf to set up CDPATH properly.
-AC_PREREQ([2.50])dnl
-# expand $ac_aux_dir to an absolute path
-am_aux_dir=`cd $ac_aux_dir && pwd`
-])
-
-# AM_CONDITIONAL                                            -*- Autoconf -*-
-
-# Copyright (C) 1997, 2000, 2001, 2003, 2004, 2005, 2006
-# Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# serial 8
-
-# AM_CONDITIONAL(NAME, SHELL-CONDITION)
-# -------------------------------------
-# Define a conditional.
-AC_DEFUN([AM_CONDITIONAL],
-[AC_PREREQ(2.52)dnl
- ifelse([$1], [TRUE],  [AC_FATAL([$0: invalid condition: $1])],
-	[$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl
-AC_SUBST([$1_TRUE])dnl
-AC_SUBST([$1_FALSE])dnl
-_AM_SUBST_NOTMAKE([$1_TRUE])dnl
-_AM_SUBST_NOTMAKE([$1_FALSE])dnl
-if $2; then
-  $1_TRUE=
-  $1_FALSE='#'
-else
-  $1_TRUE='#'
-  $1_FALSE=
-fi
-AC_CONFIG_COMMANDS_PRE(
-[if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then
-  AC_MSG_ERROR([[conditional "$1" was never defined.
-Usually this means the macro was only invoked conditionally.]])
-fi])])
-
-# Do all the work for Automake.                             -*- Autoconf -*-
-
-# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
-# 2005, 2006 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# serial 12
-
-# This macro actually does too much.  Some checks are only needed if
-# your package does certain things.  But this isn't really a big deal.
-
-# AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE])
-# AM_INIT_AUTOMAKE([OPTIONS])
-# -----------------------------------------------
-# The call with PACKAGE and VERSION arguments is the old style
-# call (pre autoconf-2.50), which is being phased out.  PACKAGE
-# and VERSION should now be passed to AC_INIT and removed from
-# the call to AM_INIT_AUTOMAKE.
-# We support both call styles for the transition.  After
-# the next Automake release, Autoconf can make the AC_INIT
-# arguments mandatory, and then we can depend on a new Autoconf
-# release and drop the old call support.
-AC_DEFUN([AM_INIT_AUTOMAKE],
-[AC_PREREQ([2.60])dnl
-dnl Autoconf wants to disallow AM_ names.  We explicitly allow
-dnl the ones we care about.
-m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl
-AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl
-AC_REQUIRE([AC_PROG_INSTALL])dnl
-if test "`cd $srcdir && pwd`" != "`pwd`"; then
-  # Use -I$(srcdir) only when $(srcdir) != ., so that make's output
-  # is not polluted with repeated "-I."
-  AC_SUBST([am__isrc], [' -I$(srcdir)'])_AM_SUBST_NOTMAKE([am__isrc])dnl
-  # test to see if srcdir already configured
-  if test -f $srcdir/config.status; then
-    AC_MSG_ERROR([source directory already configured; run "make distclean" there first])
-  fi
-fi
-
-# test whether we have cygpath
-if test -z "$CYGPATH_W"; then
-  if (cygpath --version) >/dev/null 2>/dev/null; then
-    CYGPATH_W='cygpath -w'
-  else
-    CYGPATH_W=echo
-  fi
-fi
-AC_SUBST([CYGPATH_W])
-
-# Define the identity of the package.
-dnl Distinguish between old-style and new-style calls.
-m4_ifval([$2],
-[m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl
- AC_SUBST([PACKAGE], [$1])dnl
- AC_SUBST([VERSION], [$2])],
-[_AM_SET_OPTIONS([$1])dnl
-dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT.
-m4_if(m4_ifdef([AC_PACKAGE_NAME], 1)m4_ifdef([AC_PACKAGE_VERSION], 1), 11,,
-  [m4_fatal([AC_INIT should be called with package and version arguments])])dnl
- AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl
- AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl
-
-_AM_IF_OPTION([no-define],,
-[AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package])
- AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])])dnl
-
-# Some tools Automake needs.
-AC_REQUIRE([AM_SANITY_CHECK])dnl
-AC_REQUIRE([AC_ARG_PROGRAM])dnl
-AM_MISSING_PROG(ACLOCAL, aclocal-${am__api_version})
-AM_MISSING_PROG(AUTOCONF, autoconf)
-AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version})
-AM_MISSING_PROG(AUTOHEADER, autoheader)
-AM_MISSING_PROG(MAKEINFO, makeinfo)
-AM_PROG_INSTALL_SH
-AM_PROG_INSTALL_STRIP
-AC_REQUIRE([AM_PROG_MKDIR_P])dnl
-# We need awk for the "check" target.  The system "awk" is bad on
-# some platforms.
-AC_REQUIRE([AC_PROG_AWK])dnl
-AC_REQUIRE([AC_PROG_MAKE_SET])dnl
-AC_REQUIRE([AM_SET_LEADING_DOT])dnl
-_AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])],
-              [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])],
-	      		     [_AM_PROG_TAR([v7])])])
-_AM_IF_OPTION([no-dependencies],,
-[AC_PROVIDE_IFELSE([AC_PROG_CC],
-                  [_AM_DEPENDENCIES(CC)],
-                  [define([AC_PROG_CC],
-                          defn([AC_PROG_CC])[_AM_DEPENDENCIES(CC)])])dnl
-AC_PROVIDE_IFELSE([AC_PROG_CXX],
-                  [_AM_DEPENDENCIES(CXX)],
-                  [define([AC_PROG_CXX],
-                          defn([AC_PROG_CXX])[_AM_DEPENDENCIES(CXX)])])dnl
-AC_PROVIDE_IFELSE([AC_PROG_OBJC],
-                  [_AM_DEPENDENCIES(OBJC)],
-                  [define([AC_PROG_OBJC],
-                          defn([AC_PROG_OBJC])[_AM_DEPENDENCIES(OBJC)])])dnl
-])
-])
-
-
-# When config.status generates a header, we must update the stamp-h file.
-# This file resides in the same directory as the config header
-# that is generated.  The stamp files are numbered to have different names.
-
-# Autoconf calls _AC_AM_CONFIG_HEADER_HOOK (when defined) in the
-# loop where config.status creates the headers, so we can generate
-# our stamp files there.
-AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK],
-[# Compute $1's index in $config_headers.
-_am_stamp_count=1
-for _am_header in $config_headers :; do
-  case $_am_header in
-    $1 | $1:* )
-      break ;;
-    * )
-      _am_stamp_count=`expr $_am_stamp_count + 1` ;;
-  esac
-done
-echo "timestamp for $1" >`AS_DIRNAME([$1])`/stamp-h[]$_am_stamp_count])
-
-# Copyright (C) 2001, 2003, 2005  Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# AM_PROG_INSTALL_SH
-# ------------------
-# Define $install_sh.
-AC_DEFUN([AM_PROG_INSTALL_SH],
-[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
-install_sh=${install_sh-"\$(SHELL) $am_aux_dir/install-sh"}
-AC_SUBST(install_sh)])
-
-# Copyright (C) 2003, 2005  Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# serial 2
-
-# Check whether the underlying file-system supports filenames
-# with a leading dot.  For instance MS-DOS doesn't.
-AC_DEFUN([AM_SET_LEADING_DOT],
-[rm -rf .tst 2>/dev/null
-mkdir .tst 2>/dev/null
-if test -d .tst; then
-  am__leading_dot=.
-else
-  am__leading_dot=_
-fi
-rmdir .tst 2>/dev/null
-AC_SUBST([am__leading_dot])])
-
-# Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2005
-# Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# serial 5
-
-# AM_PROG_LEX
-# -----------
-# Autoconf leaves LEX=: if lex or flex can't be found.  Change that to a
-# "missing" invocation, for better error output.
-AC_DEFUN([AM_PROG_LEX],
-[AC_PREREQ(2.50)dnl
-AC_REQUIRE([AM_MISSING_HAS_RUN])dnl
-AC_REQUIRE([AC_PROG_LEX])dnl
-if test "$LEX" = :; then
-  LEX=${am_missing_run}flex
-fi])
-
-# Add --enable-maintainer-mode option to configure.         -*- Autoconf -*-
-# From Jim Meyering
-
-# Copyright (C) 1996, 1998, 2000, 2001, 2002, 2003, 2004, 2005
-# Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# serial 4
-
-AC_DEFUN([AM_MAINTAINER_MODE],
-[AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles])
-  dnl maintainer-mode is disabled by default
-  AC_ARG_ENABLE(maintainer-mode,
-[  --enable-maintainer-mode  enable make rules and dependencies not useful
-			  (and sometimes confusing) to the casual installer],
-      USE_MAINTAINER_MODE=$enableval,
-      USE_MAINTAINER_MODE=no)
-  AC_MSG_RESULT([$USE_MAINTAINER_MODE])
-  AM_CONDITIONAL(MAINTAINER_MODE, [test $USE_MAINTAINER_MODE = yes])
-  MAINT=$MAINTAINER_MODE_TRUE
-  AC_SUBST(MAINT)dnl
-]
-)
-
-AU_DEFUN([jm_MAINTAINER_MODE], [AM_MAINTAINER_MODE])
-
-# Copyright (C) 1999, 2000, 2001, 2003, 2004, 2005
-# Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# serial 5
-
-# AM_PROG_CC_C_O
-# --------------
-# Like AC_PROG_CC_C_O, but changed for automake.
-AC_DEFUN([AM_PROG_CC_C_O],
-[AC_REQUIRE([AC_PROG_CC_C_O])dnl
-AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
-AC_REQUIRE_AUX_FILE([compile])dnl
-# FIXME: we rely on the cache variable name because
-# there is no other way.
-set dummy $CC
-ac_cc=`echo $[2] | sed ['s/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/']`
-if eval "test \"`echo '$ac_cv_prog_cc_'${ac_cc}_c_o`\" != yes"; then
-   # Losing compiler, so override with the script.
-   # FIXME: It is wrong to rewrite CC.
-   # But if we don't then we get into trouble of one sort or another.
-   # A longer-term fix would be to have automake use am__CC in this case,
-   # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)"
-   CC="$am_aux_dir/compile $CC"
-fi
-dnl Make sure AC_PROG_CC is never called again, or it will override our
-dnl setting of CC.
-m4_define([AC_PROG_CC],
-          [m4_fatal([AC_PROG_CC cannot be called after AM_PROG_CC_C_O])])
-])
-
-# Fake the existence of programs that GNU maintainers use.  -*- Autoconf -*-
-
-# Copyright (C) 1997, 1999, 2000, 2001, 2003, 2004, 2005
-# Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# serial 5
-
-# AM_MISSING_PROG(NAME, PROGRAM)
-# ------------------------------
-AC_DEFUN([AM_MISSING_PROG],
-[AC_REQUIRE([AM_MISSING_HAS_RUN])
-$1=${$1-"${am_missing_run}$2"}
-AC_SUBST($1)])
-
-
-# AM_MISSING_HAS_RUN
-# ------------------
-# Define MISSING if not defined so far and test if it supports --run.
-# If it does, set am_missing_run to use it, otherwise, to nothing.
-AC_DEFUN([AM_MISSING_HAS_RUN],
-[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
-AC_REQUIRE_AUX_FILE([missing])dnl
-test x"${MISSING+set}" = xset || MISSING="\${SHELL} $am_aux_dir/missing"
-# Use eval to expand $SHELL
-if eval "$MISSING --run true"; then
-  am_missing_run="$MISSING --run "
-else
-  am_missing_run=
-  AC_MSG_WARN([`missing' script is too old or missing])
-fi
-])
-
-# Copyright (C) 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# AM_PROG_MKDIR_P
-# ---------------
-# Check for `mkdir -p'.
-AC_DEFUN([AM_PROG_MKDIR_P],
-[AC_PREREQ([2.60])dnl
-AC_REQUIRE([AC_PROG_MKDIR_P])dnl
-dnl Automake 1.8 to 1.9.6 used to define mkdir_p.  We now use MKDIR_P,
-dnl while keeping a definition of mkdir_p for backward compatibility.
-dnl @MKDIR_P@ is magic: AC_OUTPUT adjusts its value for each Makefile.
-dnl However we cannot define mkdir_p as $(MKDIR_P) for the sake of
-dnl Makefile.ins that do not define MKDIR_P, so we do our own
-dnl adjustment using top_builddir (which is defined more often than
-dnl MKDIR_P).
-AC_SUBST([mkdir_p], ["$MKDIR_P"])dnl
-case $mkdir_p in
-  [[\\/$]]* | ?:[[\\/]]*) ;;
-  */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;;
-esac
-])
-
-# Helper functions for option handling.                     -*- Autoconf -*-
-
-# Copyright (C) 2001, 2002, 2003, 2005  Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# serial 3
-
-# _AM_MANGLE_OPTION(NAME)
-# -----------------------
-AC_DEFUN([_AM_MANGLE_OPTION],
-[[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])])
-
-# _AM_SET_OPTION(NAME)
-# ------------------------------
-# Set option NAME.  Presently that only means defining a flag for this option.
-AC_DEFUN([_AM_SET_OPTION],
-[m4_define(_AM_MANGLE_OPTION([$1]), 1)])
-
-# _AM_SET_OPTIONS(OPTIONS)
-# ----------------------------------
-# OPTIONS is a space-separated list of Automake options.
-AC_DEFUN([_AM_SET_OPTIONS],
-[AC_FOREACH([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])])
-
-# _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET])
-# -------------------------------------------
-# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise.
-AC_DEFUN([_AM_IF_OPTION],
-[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
-
-# Check to make sure that the build environment is sane.    -*- Autoconf -*-
-
-# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005
-# Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# serial 4
-
-# AM_SANITY_CHECK
-# ---------------
-AC_DEFUN([AM_SANITY_CHECK],
-[AC_MSG_CHECKING([whether build environment is sane])
-# Just in case
-sleep 1
-echo timestamp > conftest.file
-# Do `set' in a subshell so we don't clobber the current shell's
-# arguments.  Must try -L first in case configure is actually a
-# symlink; some systems play weird games with the mod time of symlinks
-# (eg FreeBSD returns the mod time of the symlink's containing
-# directory).
-if (
-   set X `ls -Lt $srcdir/configure conftest.file 2> /dev/null`
-   if test "$[*]" = "X"; then
-      # -L didn't work.
-      set X `ls -t $srcdir/configure conftest.file`
-   fi
-   rm -f conftest.file
-   if test "$[*]" != "X $srcdir/configure conftest.file" \
-      && test "$[*]" != "X conftest.file $srcdir/configure"; then
-
-      # If neither matched, then we have a broken ls.  This can happen
-      # if, for instance, CONFIG_SHELL is bash and it inherits a
-      # broken ls alias from the environment.  This has actually
-      # happened.  Such a system could not be considered "sane".
-      AC_MSG_ERROR([ls -t appears to fail.  Make sure there is not a broken
-alias in your environment])
-   fi
-
-   test "$[2]" = conftest.file
-   )
-then
-   # Ok.
-   :
-else
-   AC_MSG_ERROR([newly created file is older than distributed files!
-Check your system clock])
-fi
-AC_MSG_RESULT(yes)])
-
-# Copyright (C) 2001, 2003, 2005  Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# AM_PROG_INSTALL_STRIP
-# ---------------------
-# One issue with vendor `install' (even GNU) is that you can't
-# specify the program used to strip binaries.  This is especially
-# annoying in cross-compiling environments, where the build's strip
-# is unlikely to handle the host's binaries.
-# Fortunately install-sh will honor a STRIPPROG variable, so we
-# always use install-sh in `make install-strip', and initialize
-# STRIPPROG with the value of the STRIP variable (set by the user).
-AC_DEFUN([AM_PROG_INSTALL_STRIP],
-[AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
-# Installed binaries are usually stripped using `strip' when the user
-# run `make install-strip'.  However `strip' might not be the right
-# tool to use in cross-compilation environments, therefore Automake
-# will honor the `STRIP' environment variable to overrule this program.
-dnl Don't test for $cross_compiling = yes, because it might be `maybe'.
-if test "$cross_compiling" != no; then
-  AC_CHECK_TOOL([STRIP], [strip], :)
-fi
-INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
-AC_SUBST([INSTALL_STRIP_PROGRAM])])
-
-# Copyright (C) 2006  Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# _AM_SUBST_NOTMAKE(VARIABLE)
-# ---------------------------
-# Prevent Automake from outputing VARIABLE = @VARIABLE@ in Makefile.in.
-# This macro is traced by Automake.
-AC_DEFUN([_AM_SUBST_NOTMAKE])
-
-# Check how to create a tarball.                            -*- Autoconf -*-
-
-# Copyright (C) 2004, 2005  Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# serial 2
-
-# _AM_PROG_TAR(FORMAT)
-# --------------------
-# Check how to create a tarball in format FORMAT.
-# FORMAT should be one of `v7', `ustar', or `pax'.
-#
-# Substitute a variable $(am__tar) that is a command
-# writing to stdout a FORMAT-tarball containing the directory
-# $tardir.
-#     tardir=directory && $(am__tar) > result.tar
-#
-# Substitute a variable $(am__untar) that extract such
-# a tarball read from stdin.
-#     $(am__untar) < result.tar
-AC_DEFUN([_AM_PROG_TAR],
-[# Always define AMTAR for backward compatibility.
-AM_MISSING_PROG([AMTAR], [tar])
-m4_if([$1], [v7],
-     [am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'],
-     [m4_case([$1], [ustar],, [pax],,
-              [m4_fatal([Unknown tar format])])
-AC_MSG_CHECKING([how to create a $1 tar archive])
-# Loop over all known methods to create a tar archive until one works.
-_am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none'
-_am_tools=${am_cv_prog_tar_$1-$_am_tools}
-# Do not fold the above two line into one, because Tru64 sh and
-# Solaris sh will not grok spaces in the rhs of `-'.
-for _am_tool in $_am_tools
-do
-  case $_am_tool in
-  gnutar)
-    for _am_tar in tar gnutar gtar;
-    do
-      AM_RUN_LOG([$_am_tar --version]) && break
-    done
-    am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"'
-    am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"'
-    am__untar="$_am_tar -xf -"
-    ;;
-  plaintar)
-    # Must skip GNU tar: if it does not support --format= it doesn't create
-    # ustar tarball either.
-    (tar --version) >/dev/null 2>&1 && continue
-    am__tar='tar chf - "$$tardir"'
-    am__tar_='tar chf - "$tardir"'
-    am__untar='tar xf -'
-    ;;
-  pax)
-    am__tar='pax -L -x $1 -w "$$tardir"'
-    am__tar_='pax -L -x $1 -w "$tardir"'
-    am__untar='pax -r'
-    ;;
-  cpio)
-    am__tar='find "$$tardir" -print | cpio -o -H $1 -L'
-    am__tar_='find "$tardir" -print | cpio -o -H $1 -L'
-    am__untar='cpio -i -H $1 -d'
-    ;;
-  none)
-    am__tar=false
-    am__tar_=false
-    am__untar=false
-    ;;
-  esac
-
-  # If the value was cached, stop now.  We just wanted to have am__tar
-  # and am__untar set.
-  test -n "${am_cv_prog_tar_$1}" && break
-
-  # tar/untar a dummy directory, and stop if the command works
-  rm -rf conftest.dir
-  mkdir conftest.dir
-  echo GrepMe > conftest.dir/file
-  AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar])
-  rm -rf conftest.dir
-  if test -s conftest.tar; then
-    AM_RUN_LOG([$am__untar <conftest.tar])
-    grep GrepMe conftest.dir/file >/dev/null 2>&1 && break
-  fi
-done
-rm -rf conftest.dir
-
-AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool])
-AC_MSG_RESULT([$am_cv_prog_tar_$1])])
-AC_SUBST([am__tar])
-AC_SUBST([am__untar])
-]) # _AM_PROG_TAR
-
-m4_include([cf/aix.m4])
-m4_include([cf/auth-modules.m4])
-m4_include([cf/autobuild.m4])
-m4_include([cf/broken-getaddrinfo.m4])
-m4_include([cf/broken-glob.m4])
-m4_include([cf/broken-realloc.m4])
-m4_include([cf/broken-snprintf.m4])
-m4_include([cf/broken.m4])
-m4_include([cf/broken2.m4])
-m4_include([cf/c-attribute.m4])
-m4_include([cf/capabilities.m4])
-m4_include([cf/check-compile-et.m4])
-m4_include([cf/check-getpwnam_r-posix.m4])
-m4_include([cf/check-man.m4])
-m4_include([cf/check-netinet-ip-and-tcp.m4])
-m4_include([cf/check-type-extra.m4])
-m4_include([cf/check-var.m4])
-m4_include([cf/check-x.m4])
-m4_include([cf/check-xau.m4])
-m4_include([cf/crypto.m4])
-m4_include([cf/db.m4])
-m4_include([cf/destdirs.m4])
-m4_include([cf/dlopen.m4])
-m4_include([cf/find-func-no-libs.m4])
-m4_include([cf/find-func-no-libs2.m4])
-m4_include([cf/find-func.m4])
-m4_include([cf/find-if-not-broken.m4])
-m4_include([cf/framework-security.m4])
-m4_include([cf/have-struct-field.m4])
-m4_include([cf/have-type.m4])
-m4_include([cf/irix.m4])
-m4_include([cf/krb-bigendian.m4])
-m4_include([cf/krb-func-getlogin.m4])
-m4_include([cf/krb-ipv6.m4])
-m4_include([cf/krb-prog-ln-s.m4])
-m4_include([cf/krb-readline.m4])
-m4_include([cf/krb-struct-spwd.m4])
-m4_include([cf/krb-struct-winsize.m4])
-m4_include([cf/largefile.m4])
-m4_include([cf/mips-abi.m4])
-m4_include([cf/misc.m4])
-m4_include([cf/need-proto.m4])
-m4_include([cf/osfc2.m4])
-m4_include([cf/otp.m4])
-m4_include([cf/proto-compat.m4])
-m4_include([cf/pthreads.m4])
-m4_include([cf/resolv.m4])
-m4_include([cf/retsigtype.m4])
-m4_include([cf/roken-frag.m4])
-m4_include([cf/socket-wrapper.m4])
-m4_include([cf/sunos.m4])
-m4_include([cf/telnet.m4])
-m4_include([cf/test-package.m4])
-m4_include([cf/version-script.m4])
-m4_include([cf/wflags.m4])
-m4_include([cf/win32.m4])
-m4_include([cf/with-all.m4])
-m4_include([acinclude.m4])
diff --git a/crypto/heimdal/admin/ChangeLog b/crypto/heimdal/admin/ChangeLog
deleted file mode 100644
index 6587240f60cd..000000000000
--- a/crypto/heimdal/admin/ChangeLog
+++ /dev/null
@@ -1,70 +0,0 @@
-2006-10-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Add man_MANS to EXTRA_DIST
-
-	* Makefile.am: split build files into dist_ and noinst_ SOURCES
-	
-2005-07-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ktutil.c: rename optind to optidx
-
-	* list.c: make a copy of realm and admin_server to avoid
-	un-consting avoid shadowing
-
-	* get.c: make a copy of realm and admin_server to avoid
-	un-consting avoid shadowing
-	
-	* change.c (change_entry): just use global context to avoid
-	shadowing; make a copy of realm and admin_server to avoid
-	un-consting.
-
-2005-05-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* change.c (kt_change): plug memory leak from
-	krb5_kt_remove_entry, print principal on error.
-
-2005-05-02  Dave Love  <d.love@dl.ac.uk>
-
-	* ktutil.c (help): Don't use non-constant initializer for `fake'.
-
-2005-04-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ktutil_locl.h: include <hex.h>
-
-2005-04-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* add.c: add option -H --hex to the add command
-	
-	* ktutil-commands.in: add option -H --hex to the add command
-	
-	* ktutil.8: document option -H --hex to the add command
-
-2004-09-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* list.c: un c99'ify, from Anders.Magnusson@ltu.se
-
-2004-09-23 Johan Danielsson <joda@pdc.kth.se>
-
-	* purge.c: convert to slc; don't purge keys older that a certain
-	time, instead purge keys that have newer versions that are at
-	least a certain age
-
-	* rename.c: convert to slc
-	
-	* remove.c: convert to slc
-	
-	* get.c: convert to slc; warn if resetting disallow-all-tix
-	
-	* copy.c: convert to slc
-	
-	* change.c: convert to slc
-	
-	* add.c: convert to slc
-	
-	* list.c: convert to slc
-	
-	* ktutil_locl.h: convert to slc
-	
-	* ktutil.c: convert to slc
-	
-	* ktutil-commands.in: slc source file
diff --git a/crypto/heimdal/admin/Makefile.am b/crypto/heimdal/admin/Makefile.am
deleted file mode 100644
index 8c679e1d4635..000000000000
--- a/crypto/heimdal/admin/Makefile.am
+++ /dev/null
@@ -1,44 +0,0 @@
-# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-AM_CPPFLAGS += $(INCLUDE_readline) $(INCLUDE_hcrypto)
-
-SLC = $(top_builddir)/lib/sl/slc
-
-man_MANS = ktutil.8
-
-sbin_PROGRAMS = ktutil
-
-dist_ktutil_SOURCES =				\
-	add.c					\
-	change.c				\
-	copy.c					\
-	get.c					\
-	ktutil.c				\
-	ktutil_locl.h				\
-	list.c					\
-	purge.c					\
-	remove.c				\
-	rename.c
-
-nodist_ktutil_SOURCES =				\
-	ktutil-commands.c
-
-$(ktutil_OBJECTS): ktutil-commands.h
-
-CLEANFILES = ktutil-commands.h ktutil-commands.c
-
-ktutil-commands.c ktutil-commands.h: ktutil-commands.in
-	$(SLC) $(srcdir)/ktutil-commands.in
-
-LDADD = \
-	$(top_builddir)/lib/kadm5/libkadm5clnt.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(top_builddir)/lib/sl/libsl.la \
-	$(LIB_readline) \
-	$(LIB_roken)
-
-EXTRA_DIST = $(man_MANS) ktutil-commands.in
diff --git a/crypto/heimdal/admin/Makefile.in b/crypto/heimdal/admin/Makefile.in
deleted file mode 100644
index b8fc3fd728a7..000000000000
--- a/crypto/heimdal/admin/Makefile.in
+++ /dev/null
@@ -1,867 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common ChangeLog
-sbin_PROGRAMS = ktutil$(EXEEXT)
-subdir = admin
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)"
-sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-PROGRAMS = $(sbin_PROGRAMS)
-dist_ktutil_OBJECTS = add.$(OBJEXT) change.$(OBJEXT) copy.$(OBJEXT) \
-	get.$(OBJEXT) ktutil.$(OBJEXT) list.$(OBJEXT) purge.$(OBJEXT) \
-	remove.$(OBJEXT) rename.$(OBJEXT)
-nodist_ktutil_OBJECTS = ktutil-commands.$(OBJEXT)
-ktutil_OBJECTS = $(dist_ktutil_OBJECTS) $(nodist_ktutil_OBJECTS)
-ktutil_LDADD = $(LDADD)
-am__DEPENDENCIES_1 =
-ktutil_DEPENDENCIES = $(top_builddir)/lib/kadm5/libkadm5clnt.la \
-	$(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(top_builddir)/lib/sl/libsl.la $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-SOURCES = $(dist_ktutil_SOURCES) $(nodist_ktutil_SOURCES)
-DIST_SOURCES = $(dist_ktutil_SOURCES)
-man8dir = $(mandir)/man8
-MANS = $(man_MANS)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
-	$(INCLUDE_readline) $(INCLUDE_hcrypto)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-SLC = $(top_builddir)/lib/sl/slc
-man_MANS = ktutil.8
-dist_ktutil_SOURCES = \
-	add.c					\
-	change.c				\
-	copy.c					\
-	get.c					\
-	ktutil.c				\
-	ktutil_locl.h				\
-	list.c					\
-	purge.c					\
-	remove.c				\
-	rename.c
-
-nodist_ktutil_SOURCES = \
-	ktutil-commands.c
-
-CLEANFILES = ktutil-commands.h ktutil-commands.c
-LDADD = \
-	$(top_builddir)/lib/kadm5/libkadm5clnt.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(top_builddir)/lib/sl/libsl.la \
-	$(LIB_readline) \
-	$(LIB_roken)
-
-EXTRA_DIST = $(man_MANS) ktutil-commands.in
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps admin/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps admin/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-install-sbinPROGRAMS: $(sbin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)"
-	@list='$(sbin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(sbindir)/$$f'"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(sbindir)/$$f" || exit 1; \
-	  else :; fi; \
-	done
-
-uninstall-sbinPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(sbin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f '$(DESTDIR)$(sbindir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(sbindir)/$$f"; \
-	done
-
-clean-sbinPROGRAMS:
-	@list='$(sbin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-ktutil$(EXEEXT): $(ktutil_OBJECTS) $(ktutil_DEPENDENCIES) 
-	@rm -f ktutil$(EXEEXT)
-	$(LINK) $(ktutil_OBJECTS) $(ktutil_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-man8: $(man8_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    8*) ;; \
-	    *) ext='8' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
-	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
-	done
-uninstall-man8:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    8*) ;; \
-	    *) ext='8' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
-	  rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-installdirs:
-	for dir in "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool clean-sbinPROGRAMS \
-	mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am: install-sbinPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man: install-man8
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-man uninstall-sbinPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-uninstall-man: uninstall-man8
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
-	clean clean-generic clean-libtool clean-sbinPROGRAMS ctags \
-	dist-hook distclean distclean-compile distclean-generic \
-	distclean-libtool distclean-tags distdir dvi dvi-am html \
-	html-am info info-am install install-am install-data \
-	install-data-am install-data-hook install-dvi install-dvi-am \
-	install-exec install-exec-am install-exec-hook install-html \
-	install-html-am install-info install-info-am install-man \
-	install-man8 install-pdf install-pdf-am install-ps \
-	install-ps-am install-sbinPROGRAMS install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-hook uninstall-man \
-	uninstall-man8 uninstall-sbinPROGRAMS
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-$(ktutil_OBJECTS): ktutil-commands.h
-
-ktutil-commands.c ktutil-commands.h: ktutil-commands.in
-	$(SLC) $(srcdir)/ktutil-commands.in
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/admin/add.c b/crypto/heimdal/admin/add.c
deleted file mode 100644
index 1c2032095149..000000000000
--- a/crypto/heimdal/admin/add.c
+++ /dev/null
@@ -1,157 +0,0 @@
-/*
- * Copyright (c) 1997-2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ktutil_locl.h"
-
-RCSID("$Id: add.c 14793 2005-04-14 16:45:14Z lha $");
-
-static char *
-readstring(const char *prompt, char *buf, size_t len)
-{
-    printf("%s", prompt);
-    if (fgets(buf, len, stdin) == NULL)
-	return NULL;
-    buf[strcspn(buf, "\r\n")] = '\0';
-    return buf;
-}
-
-int
-kt_add(struct add_options *opt, int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_keytab keytab;
-    krb5_keytab_entry entry;
-    char buf[1024];
-    krb5_enctype enctype;
-
-    if((keytab = ktutil_open_keytab()) == NULL)
-	return 1;
-
-    memset(&entry, 0, sizeof(entry));
-    if(opt->principal_string == NULL) {
-	if(readstring("Principal: ", buf, sizeof(buf)) == NULL)
-	    return 1;
-	opt->principal_string = buf;
-    }
-    ret = krb5_parse_name(context, opt->principal_string, &entry.principal);
-    if(ret) {
-	krb5_warn(context, ret, "%s", opt->principal_string);
-	goto out;
-    }
-    if(opt->enctype_string == NULL) {
-	if(readstring("Encryption type: ", buf, sizeof(buf)) == NULL) {
-	    ret = 1;
-	    goto out;
-	}
-	opt->enctype_string = buf;
-    }
-    ret = krb5_string_to_enctype(context, opt->enctype_string, &enctype);
-    if(ret) {
-	int t;
-	if(sscanf(opt->enctype_string, "%d", &t) == 1)
-	    enctype = t;
-	else {
-	    krb5_warn(context, ret, "%s", opt->enctype_string);
-	    goto out;
-	}
-    }
-    if(opt->kvno_integer == -1) {
-	if(readstring("Key version: ", buf, sizeof(buf)) == NULL) {
-	    ret = 1;
-	    goto out;
-	}
-	if(sscanf(buf, "%u", &opt->kvno_integer) != 1)
-	    goto out;
-    }
-    if(opt->password_string == NULL && opt->random_flag == 0) {
-	if(UI_UTIL_read_pw_string(buf, sizeof(buf), "Password: ", 1)) {
-	    ret = 1;
-	    goto out;
-	}
-	opt->password_string = buf;
-    }
-    if(opt->password_string) {
-	if (opt->hex_flag) {
-	    size_t len;
-	    void *data;
-	    
-	    len = (strlen(opt->password_string) + 1) / 2;
-
-	    data = malloc(len);
-	    if (data == NULL) {
-		krb5_warn(context, ENOMEM, "malloc");
-		goto out;
-	    }
-
-	    if (hex_decode(opt->password_string, data, len) != len) {
-		free(data);
-		krb5_warn(context, ENOMEM, "hex decode failed");
-		goto out;
-	    }
-
-	    ret = krb5_keyblock_init(context, enctype, 
-				     data, len, &entry.keyblock);
-	    free(data);
-	} else if (!opt->salt_flag) {
-	    krb5_salt salt;
-	    krb5_data pw;
-
-	    salt.salttype         = KRB5_PW_SALT;
-	    salt.saltvalue.data   = NULL;
-	    salt.saltvalue.length = 0;
-	    pw.data = (void*)opt->password_string;
-	    pw.length = strlen(opt->password_string);
-	    ret = krb5_string_to_key_data_salt(context, enctype, pw, salt,
-					       &entry.keyblock);
-        } else {
-	    ret = krb5_string_to_key(context, enctype, opt->password_string, 
-				     entry.principal, &entry.keyblock);
-	}
-	memset (opt->password_string, 0, strlen(opt->password_string));
-    } else {
-	ret = krb5_generate_random_keyblock(context, enctype, &entry.keyblock);
-    }
-    if(ret) {
-	krb5_warn(context, ret, "add");
-	goto out;
-    }
-    entry.vno = opt->kvno_integer;
-    entry.timestamp = time (NULL);
-    ret = krb5_kt_add_entry(context, keytab, &entry);
-    if(ret)
-	krb5_warn(context, ret, "add");
- out:
-    krb5_kt_free_entry(context, &entry);
-    krb5_kt_close(context, keytab);
-    return ret != 0;
-}
diff --git a/crypto/heimdal/admin/change.c b/crypto/heimdal/admin/change.c
deleted file mode 100644
index 01f69c41574c..000000000000
--- a/crypto/heimdal/admin/change.c
+++ /dev/null
@@ -1,252 +0,0 @@
-/*
- * Copyright (c) 1997-2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ktutil_locl.h"
-
-RCSID("$Id: change.c 15578 2005-07-07 20:44:48Z lha $");
-
-static krb5_error_code
-change_entry (krb5_keytab keytab,
-	      krb5_principal principal, krb5_kvno kvno,
-	      const char *realm, const char *admin_server, int server_port)
-{
-    krb5_error_code ret;
-    kadm5_config_params conf;
-    void *kadm_handle;
-    char *client_name;
-    krb5_keyblock *keys;
-    int num_keys;
-    int i;
-
-    ret = krb5_unparse_name (context, principal, &client_name);
-    if (ret) {
-	krb5_warn (context, ret, "krb5_unparse_name");
-	return ret;
-    }
-
-    memset (&conf, 0, sizeof(conf));
-
-    if(realm == NULL)
-	realm = krb5_principal_get_realm(context, principal);
-    conf.realm = strdup(realm);
-    if (conf.realm == NULL) {
-	free (client_name);
-	krb5_set_error_string(context, "malloc failed");
-	return ENOMEM;
-    }
-    conf.mask |= KADM5_CONFIG_REALM;
-    
-    if (admin_server) {
-	conf.admin_server = strdup(admin_server);
-	if (conf.admin_server == NULL) {
-	    free(client_name);
-	    free(conf.realm);
-	    krb5_set_error_string(context, "malloc failed");
-	    return ENOMEM;
-	}	    
-	conf.mask |= KADM5_CONFIG_ADMIN_SERVER;
-    }
-
-    if (server_port) {
-	conf.kadmind_port = htons(server_port);
-	conf.mask |= KADM5_CONFIG_KADMIND_PORT;
-    }
-
-    ret = kadm5_init_with_skey_ctx (context,
-				    client_name,
-				    keytab_string,
-				    KADM5_ADMIN_SERVICE,
-				    &conf, 0, 0,
-				    &kadm_handle);
-    free(conf.admin_server);
-    free(conf.realm);
-    if (ret) {
-	krb5_warn (context, ret,
-		   "kadm5_c_init_with_skey_ctx: %s:", client_name);
-	free (client_name);
-	return ret;
-    }
-    ret = kadm5_randkey_principal (kadm_handle, principal, &keys, &num_keys);
-    kadm5_destroy (kadm_handle);
-    if (ret) {
-	krb5_warn(context, ret, "kadm5_randkey_principal: %s:", client_name);
-	free (client_name);
-	return ret;
-    }
-    free (client_name);
-    for (i = 0; i < num_keys; ++i) {
-	krb5_keytab_entry new_entry;
-
-	new_entry.principal = principal;
-	new_entry.timestamp = time (NULL);
-	new_entry.vno = kvno + 1;
-	new_entry.keyblock  = keys[i];
-
-	ret = krb5_kt_add_entry (context, keytab, &new_entry);
-	if (ret)
-	    krb5_warn (context, ret, "krb5_kt_add_entry");
-	krb5_free_keyblock_contents (context, &keys[i]);
-    }
-    return ret;
-}
-
-/*
- * loop over all the entries in the keytab (or those given) and change
- * their keys, writing the new keys
- */
-
-struct change_set {
-    krb5_principal principal;
-    krb5_kvno kvno;
-};
-
-int
-kt_change (struct change_options *opt, int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_keytab keytab;
-    krb5_kt_cursor cursor;
-    krb5_keytab_entry entry;
-    int i, j, max;
-    struct change_set *changeset;
-    int errors = 0;
-    
-    if((keytab = ktutil_open_keytab()) == NULL)
-	return 1;
-
-    j = 0;
-    max = 0;
-    changeset = NULL;
-
-    ret = krb5_kt_start_seq_get(context, keytab, &cursor);
-    if(ret){
-	krb5_warn(context, ret, "%s", keytab_string);
-	goto out;
-    }
-
-    while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0) {
-	int add = 0;
-
-	for (i = 0; i < j; ++i) {
-	    if (krb5_principal_compare (context, changeset[i].principal,
-					entry.principal)) {
-		if (changeset[i].kvno < entry.vno)
-		    changeset[i].kvno = entry.vno;
-		break;
-	    }
-	}
-	if (i < j) {
-	    krb5_kt_free_entry (context, &entry);
-	    continue;
-	}
-
-	if (argc == 0) {
-	    add = 1;
-	} else {
-	    for (i = 0; i < argc; ++i) {
-		krb5_principal princ;
-
-		ret = krb5_parse_name (context, argv[i], &princ);
-		if (ret) {
-		    krb5_warn (context, ret, "%s", argv[i]);
-		    continue;
-		}
-		if (krb5_principal_compare (context, princ, entry.principal))
-		    add = 1;
-
-		krb5_free_principal (context, princ);
-	    }
-	}
-
-	if (add) {
-	    if (j >= max) {
-		void *tmp;
-
-		max = max(max * 2, 1);
-		tmp = realloc (changeset, max * sizeof(*changeset));
-		if (tmp == NULL) {
-		    krb5_kt_free_entry (context, &entry);
-		    krb5_warnx (context, "realloc: out of memory");
-		    ret = ENOMEM;
-		    break;
-		}
-		changeset = tmp;
-	    }
-	    ret = krb5_copy_principal (context, entry.principal,
-				       &changeset[j].principal);
-	    if (ret) {
-		krb5_warn (context, ret, "krb5_copy_principal");
-		krb5_kt_free_entry (context, &entry);
-		break;
-	    }
-	    changeset[j].kvno = entry.vno;
-	    ++j;
-	}
-	krb5_kt_free_entry (context, &entry);
-    }
-    krb5_kt_end_seq_get(context, keytab, &cursor);
-
-    if (ret == KRB5_KT_END) {
-	ret = 0;
-	for (i = 0; i < j; i++) {
-	    if (verbose_flag) {
-		char *client_name;
-
-		ret = krb5_unparse_name (context, changeset[i].principal, 
-					 &client_name);
-		if (ret) {
-		    krb5_warn (context, ret, "krb5_unparse_name");
-		} else {
-		    printf("Changing %s kvno %d\n", 
-			   client_name, changeset[i].kvno);
-		    free(client_name);
-		}
-	    }
-	    ret = change_entry (keytab, 
-				changeset[i].principal, changeset[i].kvno,
-				opt->realm_string, 
-				opt->admin_server_string, 
-				opt->server_port_integer);
-	    if (ret != 0)
-		errors = 1;
-	}
-    } else
-	errors = 1;
-    for (i = 0; i < j; i++)
-	krb5_free_principal (context, changeset[i].principal);
-    free (changeset);
-
- out:
-    krb5_kt_close(context, keytab);
-    return errors;
-}
diff --git a/crypto/heimdal/admin/copy.c b/crypto/heimdal/admin/copy.c
deleted file mode 100644
index 83b65b61a0a3..000000000000
--- a/crypto/heimdal/admin/copy.c
+++ /dev/null
@@ -1,175 +0,0 @@
-/*
- * Copyright (c) 1997-2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ktutil_locl.h"
-
-RCSID("$Id: copy.c 14260 2004-09-23 14:45:29Z joda $");
-
-
-static krb5_boolean
-compare_keyblock(const krb5_keyblock *a, const krb5_keyblock *b)
-{
-    if(a->keytype != b->keytype ||
-       a->keyvalue.length != b->keyvalue.length ||
-       memcmp(a->keyvalue.data, b->keyvalue.data, a->keyvalue.length) != 0)
-	return FALSE;
-    return TRUE;
-}
-
-static int
-kt_copy_int (const char *from, const char *to)
-{
-    krb5_error_code ret;
-    krb5_keytab src_keytab, dst_keytab;
-    krb5_kt_cursor cursor;
-    krb5_keytab_entry entry, dummy;
-
-    ret = krb5_kt_resolve (context, from, &src_keytab);
-    if (ret) {
-	krb5_warn (context, ret, "resolving src keytab `%s'", from);
-	return 1;
-    }
-
-    ret = krb5_kt_resolve (context, to, &dst_keytab);
-    if (ret) {
-	krb5_kt_close (context, src_keytab);
-	krb5_warn (context, ret, "resolving dst keytab `%s'", to);
-	return 1;
-    }
-
-    ret = krb5_kt_start_seq_get (context, src_keytab, &cursor);
-    if (ret) {
-	krb5_warn (context, ret, "krb5_kt_start_seq_get %s", keytab_string);
-	goto out;
-    }
-
-    if (verbose_flag)
-	fprintf(stderr, "copying %s to %s\n", from, to);
-
-    while((ret = krb5_kt_next_entry(context, src_keytab,
-				    &entry, &cursor)) == 0) {
-	char *name_str;
-	char *etype_str;
-	ret = krb5_unparse_name (context, entry.principal, &name_str);
-	if(ret) {
-	    krb5_warn(context, ret, "krb5_unparse_name");
-	    name_str = NULL; /* XXX */
-	}
-	ret = krb5_enctype_to_string(context, entry.keyblock.keytype, &etype_str);
-	if(ret) {
-	    krb5_warn(context, ret, "krb5_enctype_to_string");
-	    etype_str = NULL; /* XXX */
-	}
-	ret = krb5_kt_get_entry(context, dst_keytab, 
-				entry.principal, 
-				entry.vno, 
-				entry.keyblock.keytype,
-				&dummy);
-	if(ret == 0) {
-	    /* this entry is already in the new keytab, so no need to
-               copy it; if the keyblocks are not the same, something
-               is weird, so complain about that */
-	    if(!compare_keyblock(&entry.keyblock, &dummy.keyblock)) {
-		krb5_warnx(context, "entry with different keyvalue "
-			   "already exists for %s, keytype %s, kvno %d", 
-			   name_str, etype_str, entry.vno);
-	    }
-	    krb5_kt_free_entry(context, &dummy);
-	    krb5_kt_free_entry (context, &entry);
-	    free(name_str);
-	    free(etype_str);
-	    continue;
-	} else if(ret != KRB5_KT_NOTFOUND) {
-	    krb5_warn (context, ret, "%s: fetching %s/%s/%u", 
-		       to, name_str, etype_str, entry.vno);
-	    krb5_kt_free_entry (context, &entry);
-	    free(name_str);
-	    free(etype_str);
-	    break;
-	}
-	if (verbose_flag)
-	    fprintf (stderr, "copying %s, keytype %s, kvno %d\n", name_str, 
-		     etype_str, entry.vno);
-	ret = krb5_kt_add_entry (context, dst_keytab, &entry);
-	krb5_kt_free_entry (context, &entry);
-	if (ret) {
-	    krb5_warn (context, ret, "%s: adding %s/%s/%u", 
-		       to, name_str, etype_str, entry.vno);
-	    free(name_str);
-	    free(etype_str);
-	    break;
-	}
-	free(name_str);
-	free(etype_str);
-    }
-    krb5_kt_end_seq_get (context, src_keytab, &cursor);
-
-  out:
-    krb5_kt_close (context, src_keytab);
-    krb5_kt_close (context, dst_keytab);
-    return ret != 0;
-}
-
-int
-kt_copy (void *opt, int argc, char **argv)
-{
-    return kt_copy_int(argv[0], argv[1]);
-}
-
-int
-srvconv(struct srvconvert_options *opt, int argc, char **argv)
-{
-    char kt4[1024], kt5[1024];
-
-    snprintf(kt4, sizeof(kt4), "krb4:%s", opt->srvtab_string);
-
-    if(keytab_string != NULL)
-	return kt_copy_int(kt4, keytab_string);
-
-    krb5_kt_default_modify_name(context, kt5, sizeof(kt5));
-    return kt_copy_int(kt4, kt5);
-}
-
-int
-srvcreate(struct srvcreate_options *opt, int argc, char **argv)
-{
-    char kt4[1024], kt5[1024];
-
-    snprintf(kt4, sizeof(kt4), "krb4:%s", opt->srvtab_string);
-
-    if(keytab_string != NULL)
-	return kt_copy_int(keytab_string, kt4);
-
-    krb5_kt_default_name(context, kt5, sizeof(kt5));
-    return kt_copy_int(kt5, kt4);
-}
diff --git a/crypto/heimdal/admin/get.c b/crypto/heimdal/admin/get.c
deleted file mode 100644
index 7ad1fc4bc13f..000000000000
--- a/crypto/heimdal/admin/get.c
+++ /dev/null
@@ -1,238 +0,0 @@
-/*
- * Copyright (c) 1997-2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ktutil_locl.h"
-
-RCSID("$Id: get.c 15583 2005-07-07 21:44:37Z lha $");
-
-static void*
-open_kadmin_connection(char *principal,
-		       const char *realm, 
-		       char *admin_server, 
-		       int server_port)
-{
-    static kadm5_config_params conf;
-    krb5_error_code ret;
-    void *kadm_handle;
-    memset(&conf, 0, sizeof(conf));
-
-    if(realm) {
-	conf.realm = strdup(realm);
-	if (conf.realm == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return NULL;
-	}
-	conf.mask |= KADM5_CONFIG_REALM;
-    }
-    
-    if (admin_server) {
-	conf.admin_server = admin_server;
-	conf.mask |= KADM5_CONFIG_ADMIN_SERVER;
-    }
-
-    if (server_port) {
-	conf.kadmind_port = htons(server_port);
-	conf.mask |= KADM5_CONFIG_KADMIND_PORT;
-    }
-
-    /* should get realm from each principal, instead of doing
-       everything with the same (local) realm */
-
-    ret = kadm5_init_with_password_ctx(context, 
-				       principal,
-				       NULL,
-				       KADM5_ADMIN_SERVICE,
-				       &conf, 0, 0, 
-				       &kadm_handle);
-    free(conf.realm);
-    if(ret) {
-	krb5_warn(context, ret, "kadm5_init_with_password");
-	return NULL;
-    }
-    return kadm_handle;
-}
-
-int
-kt_get(struct get_options *opt, int argc, char **argv)
-{
-    krb5_error_code ret = 0;
-    krb5_keytab keytab;
-    void *kadm_handle = NULL;
-    krb5_enctype *etypes = NULL;
-    size_t netypes = 0;
-    int i, j;
-    unsigned int failed = 0;
-    
-    if((keytab = ktutil_open_keytab()) == NULL)
-	return 1;
-
-    if(opt->realm_string)
-	krb5_set_default_realm(context, opt->realm_string);
-
-    if (opt->enctypes_strings.num_strings != 0) {
-
-	etypes = malloc (opt->enctypes_strings.num_strings * sizeof(*etypes));
-	if (etypes == NULL) {
-	    krb5_warnx(context, "malloc failed");
-	    goto out;
-	}
-	netypes = opt->enctypes_strings.num_strings;
-	for(i = 0; i < netypes; i++) {
-	    ret = krb5_string_to_enctype(context, 
-					 opt->enctypes_strings.strings[i], 
-					 &etypes[i]);
-	    if(ret) {
-		krb5_warnx(context, "unrecognized enctype: %s",
-			   opt->enctypes_strings.strings[i]);
-		goto out;
-	    }
-	}
-    }
-
-    
-    for(i = 0; i < argc; i++){
-	krb5_principal princ_ent;
-	kadm5_principal_ent_rec princ;
-	int mask = 0;
-	krb5_keyblock *keys;
-	int n_keys;
-	int created = 0;
-	krb5_keytab_entry entry;
-
-	ret = krb5_parse_name(context, argv[i], &princ_ent);
-	if (ret) {
-	    krb5_warn(context, ret, "can't parse principal %s", argv[i]);
-	    failed++;
-	    continue;
-	}
-	memset(&princ, 0, sizeof(princ));
-	princ.principal = princ_ent;
-	mask |= KADM5_PRINCIPAL;
-	princ.attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
-	mask |= KADM5_ATTRIBUTES;
-	princ.princ_expire_time = 0;
-	mask |= KADM5_PRINC_EXPIRE_TIME;
-
-	if(kadm_handle == NULL) {
-	    const char *r;
-	    if(opt->realm_string != NULL)
-		r = opt->realm_string;
-	    else
-		r = krb5_principal_get_realm(context, princ_ent);
-	    kadm_handle = open_kadmin_connection(opt->principal_string, 
-						 r, 
-						 opt->admin_server_string, 
-						 opt->server_port_integer);
-	    if(kadm_handle == NULL)
-		break;
-	}
-	
-	ret = kadm5_create_principal(kadm_handle, &princ, mask, "x");
-	if(ret == 0)
-	    created = 1;
-	else if(ret != KADM5_DUP) {
-	    krb5_warn(context, ret, "kadm5_create_principal(%s)", argv[i]);
-	    krb5_free_principal(context, princ_ent);
-	    failed++;
-	    continue;
-	}
-	ret = kadm5_randkey_principal(kadm_handle, princ_ent, &keys, &n_keys);
-	if (ret) {
-	    krb5_warn(context, ret, "kadm5_randkey_principal(%s)", argv[i]);
-	    krb5_free_principal(context, princ_ent);
-	    failed++;
-	    continue;
-	}
-	
-	ret = kadm5_get_principal(kadm_handle, princ_ent, &princ, 
-			      KADM5_PRINCIPAL | KADM5_KVNO | KADM5_ATTRIBUTES);
-	if (ret) {
-	    krb5_warn(context, ret, "kadm5_get_principal(%s)", argv[i]);
-	    for (j = 0; j < n_keys; j++)
-		krb5_free_keyblock_contents(context, &keys[j]);
-	    krb5_free_principal(context, princ_ent);
-	    failed++;
-	    continue;
-	}
-	if(!created && (princ.attributes & KRB5_KDB_DISALLOW_ALL_TIX))
-	    krb5_warnx(context, "%s: disallow-all-tix flag set - clearing", argv[i]);
-	princ.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX);
-	mask = KADM5_ATTRIBUTES;
-	if(created) {
-	    princ.kvno = 1;
-	    mask |= KADM5_KVNO;
-	}
-	ret = kadm5_modify_principal(kadm_handle, &princ, mask);
-	if (ret) {
-	    krb5_warn(context, ret, "kadm5_modify_principal(%s)", argv[i]);
-	    for (j = 0; j < n_keys; j++)
-		krb5_free_keyblock_contents(context, &keys[j]);
-	    krb5_free_principal(context, princ_ent);
-	    failed++;
-	    continue;
-	}
-	for(j = 0; j < n_keys; j++) {
-	    int do_add = TRUE;
-
-	    if (netypes) {
-		int k;
-
-		do_add = FALSE;
-		for (k = 0; k < netypes; ++k)
-		    if (keys[j].keytype == etypes[k]) {
-			do_add = TRUE;
-			break;
-		    }
-	    }
-	    if (do_add) {
-		entry.principal = princ_ent;
-		entry.vno = princ.kvno;
-		entry.keyblock = keys[j];
-		entry.timestamp = time (NULL);
-		ret = krb5_kt_add_entry(context, keytab, &entry);
-		if (ret)
-		    krb5_warn(context, ret, "krb5_kt_add_entry");
-	    }
-	    krb5_free_keyblock_contents(context, &keys[j]);
-	}
-	
-	kadm5_free_principal_ent(kadm_handle, &princ);
-	krb5_free_principal(context, princ_ent);
-    }
- out:
-    free(etypes);
-    if (kadm_handle)
-	kadm5_destroy(kadm_handle);
-    krb5_kt_close(context, keytab);
-    return ret != 0 || failed > 0;
-}
diff --git a/crypto/heimdal/admin/ktutil-commands.in b/crypto/heimdal/admin/ktutil-commands.in
deleted file mode 100644
index fc5d1bf2e159..000000000000
--- a/crypto/heimdal/admin/ktutil-commands.in
+++ /dev/null
@@ -1,266 +0,0 @@
-/*
- * Copyright (c) 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-/* $Id: ktutil-commands.in 14793 2005-04-14 16:45:14Z lha $ */
-
-command = {
-	name = "add"
-	option = {
-		long = "principal"
-		short = "p"
-		type = "string"
-		help = "principal to add"
-		argument = "principal"
-		default = ""
-	}
-	option = {
-		long = "kvno"
-		short = "V"
-		type = "integer"
-		help = "key version number"
-		default = "-1"
-	}
-	option = {
-		long = "enctype"
-		short = "e"
-		type = "string"
-		argument = "enctype"
-		help = "encryption type"
-	}
-	option = {
-		long = "password"
-		short = "w"
-		type = "string"
-		help = "password for key"
-	}
-	option = {
-		long = "salt"
-		short = "s"
-		type = "-flag"
-		help = "use unsalted keys"
-		default = "1"
-	}
-	option = {
-		long = "random"
-		short = "r"
-		type = "flag"
-		help = "generate random key"
-	}
-	option = {
-		long = "hex"
-		short = "H"
-		type = "flag"
-		help = "password is a hexadecimal string"
-	}
-	function = "kt_add"
-	help = "Adds a key to a keytab."
-	max_args = "0"
-}
-command = {
-	name = "change"
-	option = {
-		long = "realm"
-		short = "r"
-		type = "string"
-		argument = "realm"
-		help = "realm to use"
-	}
-	option = {
-		long = "admin-server"
-		short = "a"
-		type = "string"
-		argument = "host"
-		help = "server to contact"
-	}
-	option = {
-		long = "server-port"
-		short = "s"
-		type = "integer"
-		argument = "port number"
-		help = "port number on server"
-	}
-	function = "kt_change"
-	argument = "[principal...]"
-	help = "Change keys for specified principals (default all)."
-}
-command = {
-	name = "copy"
-	function = "kt_copy"
-	argument = "source destination"
-	min_args = "2"
-	max_args = "2"
-	help = "Copies one keytab to another."
-}
-command = {
-	name = "get"
-	option = {
-		long = "principal"
-		short = "p"
-		type = "string"
-		help = "admin principal"
-		argument = "principal"
-	}
-	option = {
-		long = "enctypes"
-		short = "e"
-		type = "strings"
-		help = "encryption types to use"
-		argument = "enctype"
-	}
-	option = {
-		long = "realm"
-		short = "r"
-		type = "string"
-		argument = "realm"
-		help = "realm to use"
-	}
-	option = {
-		long = "admin-server"
-		short = "a"
-		type = "string"
-		argument = "host"
-		help = "server to contact"
-	}
-	option = {
-		long = "server-port"
-		short = "s"
-		type = "integer"
-		argument = "port number"
-		help = "port number on server"
-	}
-	function = "kt_get"
-	min_args = "1"
-	argument = "principal..."
-	help = "Change keys for specified principals, and add them to the keytab."
-}
-command = {
-	name = "list"
-	option = {
-		long = "keys"
-		type = "flag"
-		help = "show key values"
-	}
-	option = {
-		long = "timestamp"
-		type = "flag"
-		help = "show timestamps"
-	}
-	max_args = "0"
-	function = "kt_list"
-	help = "Show contents of keytab."
-}
-command = {
-	name = "purge"
-	option = {
-		long = "age"
-		type = "string"
-		help = "age to retiere"
-		default = "1 week";
-		argument = "time"
-	}
-	max_args = "0"
-	function = "kt_purge"
-	help = "Remove superceded keys from keytab."
-}
-command = {
-	name = "remove"
-	name = "delete"
-	option = {
-		long = "principal"
-		short = "p"
-		type = "string"
-		help = "principal to remove"
-		argument = "principal"
-	}
-	option = {
-		long = "kvno"
-		short = "V"
-		type = "integer"
-		help = "key version to remove"
-		argument = "enctype"
-		default = "0"
-	}
-	option = {
-		long = "enctype"
-		short = "e"
-		type = "string"
-		help = "enctype to remove"
-		argument = "enctype"
-	}
-	max_args = "0"
-	function = "kt_remove"
-	help = "Remove keys from keytab."
-}
-command = {
-	name = "rename"
-	function = "kt_rename"
-	argument = "from to"
-	min_args = "2"
-	max_args = "2"
-	help = "Renames an entry in the keytab."
-}
-command = {
-	name = "srvconvert"
-	name = "srv2keytab"
-	option = {
-		long = "srvtab"
-		short = "s"
-		type = "string"
-		argument = "file"
-		help = "name of Kerberos 4 srvtab"
-		default = "/etc/srvtab"
-	}
-	max_args = "0"
-	function = "srvconv"
-	help = "Convert a Kerberos 4 srvtab to a keytab."
-}
-command = {
-	name = "srvcreate"
-	name = "key2srvtab"
-	option = {
-		long = "srvtab"
-		short = "s"
-		type = "string"
-		argument = "file"
-		help = "name of Kerberos 4 srvtab"
-		default = "/etc/srvtab"
-	}
-	max_args = "0"
-	function = "srvcreate"
-	help = "Convert a keytab to a Kerberos 4 srvtab."
-}
-command = {
-	name = "help"
-	argument = "command"
-	max_args = "1"
-	function = "help"
-}
diff --git a/crypto/heimdal/admin/ktutil.8 b/crypto/heimdal/admin/ktutil.8
deleted file mode 100644
index 15523b433721..000000000000
--- a/crypto/heimdal/admin/ktutil.8
+++ /dev/null
@@ -1,196 +0,0 @@
-.\" Copyright (c) 1997-2004 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: ktutil.8 14792 2005-04-14 16:43:57Z lha $
-.\"
-.Dd April 14, 2005
-.Dt KTUTIL 8
-.Os HEIMDAL
-.Sh NAME
-.Nm ktutil
-.Nd manage Kerberos keytabs
-.Sh SYNOPSIS
-.Nm
-.Oo Fl k Ar keytab \*(Ba Xo
-.Fl -keytab= Ns Ar keytab
-.Xc
-.Oc
-.Op Fl v | Fl -verbose
-.Op Fl -version
-.Op Fl h | Fl -help
-.Ar command
-.Op Ar args
-.Sh DESCRIPTION
-.Nm
-is a program for managing keytabs.
-Supported options:
-.Bl -tag -width Ds
-.It Xo
-.Fl v ,
-.Fl -verbose
-.Xc
-Verbose output.
-.El
-.Pp
-.Ar command
-can be one of the following:
-.Bl -tag -width srvconvert
-.It add Xo
-.Op Fl p Ar principal
-.Op Fl -principal= Ns Ar principal
-.Op Fl V Ar kvno
-.Op Fl -kvno= Ns Ar kvno
-.Op Fl e Ar enctype
-.Op Fl -enctype= Ns Ar enctype
-.Op Fl w Ar password
-.Op Fl -password= Ns Ar password
-.Op Fl r
-.Op Fl -random
-.Op Fl s
-.Op Fl -no-salt
-.Op Fl H
-.Op Fl -hex
-.Xc
-Adds a key to the keytab. Options that are not specified will be
-prompted for. This requires that you know the password or the hex key of the
-principal to add; if what you really want is to add a new principal to
-the keytab, you should consider the
-.Ar get
-command, which talks to the kadmin server.
-.It change Xo
-.Op Fl r Ar realm
-.Op Fl -realm= Ns Ar realm
-.Op Fl -a Ar host
-.Op Fl -admin-server= Ns Ar host
-.Op Fl -s Ar port
-.Op Fl -server-port= Ns Ar port
-.Xc
-Update one or several keys to new versions.  By default, use the admin
-server for the realm of a keytab entry.  Otherwise it will use the
-values specified by the options.
-.Pp
-If no principals are given, all the ones in the keytab are updated.
-.It copy Xo
-.Ar keytab-src
-.Ar keytab-dest
-.Xc
-Copies all the entries from
-.Ar keytab-src
-to
-.Ar keytab-dest .
-.It get Xo
-.Op Fl p Ar admin principal
-.Op Fl -principal= Ns Ar admin principal
-.Op Fl e Ar enctype
-.Op Fl -enctypes= Ns Ar enctype
-.Op Fl r Ar realm
-.Op Fl -realm= Ns Ar realm
-.Op Fl a Ar admin server
-.Op Fl -admin-server= Ns Ar admin server
-.Op Fl s Ar server port
-.Op Fl -server-port= Ns Ar server port
-.Ar principal ...
-.Xc
-For each
-.Ar principal ,
-generate a new key for it (creating it if it doesn't already exist),
-and put that key in the keytab.
-.Pp
-If no
-.Ar realm
-is specified, the realm to operate on is taken from the first
-principal.
-.It list Xo
-.Op Fl -keys
-.Op Fl -timestamp
-.Xc
-List the keys stored in the keytab.
-.It remove Xo
-.Op Fl p Ar principal
-.Op Fl -principal= Ns Ar principal
-.Op Fl V kvno
-.Op Fl -kvno= Ns Ar kvno
-.Op Fl e enctype
-.Op Fl -enctype= Ns Ar enctype
-.Xc
-Removes the specified key or keys. Not specifying a
-.Ar kvno
-removes keys with any version number. Not specifying an
-.Ar enctype
-removes keys of any type.
-.It rename Xo
-.Ar from-principal
-.Ar to-principal
-.Xc
-Renames all entries in the keytab that match the
-.Ar from-principal
-to
-.Ar to-principal .
-.It purge Xo
-.Op Fl -age= Ns Ar age
-.Xc
-Removes all old versions of a key for which there is a newer version
-that is at least
-.Ar age
-(default one week) old.
-.It srvconvert
-.It srv2keytab Xo
-.Op Fl s Ar srvtab
-.Op Fl -srvtab= Ns Ar srvtab
-.Xc
-Converts the version 4 srvtab in
-.Ar srvtab
-to a version 5 keytab and stores it in
-.Ar keytab .
-Identical to:
-.Bd -ragged -offset indent
-.Li ktutil copy
-.Li krb4: Ns Ar srvtab
-.Ar keytab
-.Ed
-.It srvcreate
-.It key2srvtab Xo
-.Op Fl s Ar srvtab
-.Op Fl -srvtab= Ns Ar srvtab
-.Xc
-Converts the version 5 keytab in
-.Ar keytab
-to a version 4 srvtab and stores it in
-.Ar srvtab .
-Identical to:
-.Bd -ragged -offset indent
-.Li ktutil copy
-.Ar keytab
-.Li krb4: Ns Ar srvtab
-.Ed
-.El
-.Sh SEE ALSO
-.Xr kadmin 8
diff --git a/crypto/heimdal/admin/ktutil.c b/crypto/heimdal/admin/ktutil.c
deleted file mode 100644
index dfcbbfd401fe..000000000000
--- a/crypto/heimdal/admin/ktutil.c
+++ /dev/null
@@ -1,174 +0,0 @@
-/*
- * Copyright (c) 1997-2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ktutil_locl.h"
-#include <err.h>
-
-RCSID("$Id: ktutil.c 15585 2005-07-07 21:52:04Z lha $");
-
-static int help_flag;
-static int version_flag;
-int verbose_flag;
-char *keytab_string; 
-static char keytab_buf[256];
-
-static struct getargs args[] = {
-    { 
-	"version",
-	0,
-	arg_flag,
-	&version_flag,
-	NULL,
-	NULL 
-    },
-    { 
-	"help",	    
-	'h',   
-	arg_flag, 
-	&help_flag, 
-	NULL, 
-	NULL
-    },
-    { 
-	"keytab",	    
-	'k',   
-	arg_string, 
-	&keytab_string, 
-	"keytab", 
-	"keytab to operate on" 
-    },
-    {
-	"verbose",
-	'v',
-	arg_flag,
-	&verbose_flag,
-	"verbose",
-	"run verbosely"
-    }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-krb5_context context;
-
-krb5_keytab
-ktutil_open_keytab(void)
-{
-    krb5_error_code ret;
-    krb5_keytab keytab;
-    if (keytab_string == NULL) {
-	ret = krb5_kt_default_name (context, keytab_buf, sizeof(keytab_buf));
-	if (ret) {
-	    krb5_warn(context, ret, "krb5_kt_default_name");
-	    return NULL;
-	}
-	keytab_string = keytab_buf;
-    }
-    ret = krb5_kt_resolve(context, keytab_string, &keytab);
-    if (ret) {
-	krb5_warn(context, ret, "resolving keytab %s", keytab_string);
-	return NULL;
-    }
-    if (verbose_flag)
-	fprintf (stderr, "Using keytab %s\n", keytab_string);
-	
-    return keytab;
-}
-
-int
-help(void *opt, int argc, char **argv)
-{
-    if(argc == 0) {
-	sl_help(commands, 1, argv - 1 /* XXX */);
-    } else {
-	SL_cmd *c = sl_match (commands, argv[0], 0);
- 	if(c == NULL) {
-	    fprintf (stderr, "No such command: %s. "
-		     "Try \"help\" for a list of commands\n",
-		     argv[0]);
-	} else {
-	    if(c->func) {
-		char *fake[] = { NULL, "--help", NULL };
-		fake[0] = argv[0];
-		(*c->func)(2, fake);
-		fprintf(stderr, "\n");
-	    }
-	    if(c->help && *c->help)
-		fprintf (stderr, "%s\n", c->help);
-	    if((++c)->name && c->func == NULL) {
-		int f = 0;
-		fprintf (stderr, "Synonyms:");
-		while (c->name && c->func == NULL) {
-		    fprintf (stderr, "%s%s", f ? ", " : " ", (c++)->name);
-		    f = 1;
-		}
-		fprintf (stderr, "\n");
-	    }
-	}
-    }
-    return 0;
-}
-
-static void
-usage(int status)
-{
-    arg_printusage(args, num_args, NULL, "command");
-    exit(status);
-}
-
-int
-main(int argc, char **argv)
-{
-    int optidx = 0;
-    krb5_error_code ret;
-    setprogname(argv[0]);
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-    if(getarg(args, num_args, argc, argv, &optidx))
-	usage(1);
-    if(help_flag)
-	usage(0);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-    argc -= optidx;
-    argv += optidx;
-    if(argc == 0)
-	usage(1);
-    ret = sl_command(commands, argc, argv);
-    if(ret == -1)
-	krb5_warnx (context, "unrecognized command: %s", argv[0]);
-    return ret;
-}
diff --git a/crypto/heimdal/admin/ktutil_locl.h b/crypto/heimdal/admin/ktutil_locl.h
deleted file mode 100644
index 676f27b5f377..000000000000
--- a/crypto/heimdal/admin/ktutil_locl.h
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Copyright (c) 1997-2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* 
- * $Id: ktutil_locl.h 14799 2005-04-15 05:02:39Z lha $
- */
-
-#ifndef __KTUTIL_LOCL_H__
-#define __KTUTIL_LOCL_H__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#include <parse_time.h>
-#include <roken.h>
-
-#include "crypto-headers.h"
-#include <krb5.h>
-#include <kadm5/admin.h>
-#include <kadm5/kadm5_err.h>
-
-#include <sl.h>
-#include <getarg.h>
-#include <hex.h>
-
-extern krb5_context context;
-
-extern int verbose_flag;
-extern char *keytab_string; 
-
-krb5_keytab ktutil_open_keytab(void);
-
-#include "ktutil-commands.h"
-
-#endif /* __KTUTIL_LOCL_H__ */
diff --git a/crypto/heimdal/admin/list.c b/crypto/heimdal/admin/list.c
deleted file mode 100644
index f305ab3a8036..000000000000
--- a/crypto/heimdal/admin/list.c
+++ /dev/null
@@ -1,157 +0,0 @@
-/*
- * Copyright (c) 1997-2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ktutil_locl.h"
-#include <rtbl.h>
-
-RCSID("$Id: list.c 21745 2007-07-31 16:11:25Z lha $");
-
-static int
-do_list(struct list_options *opt, const char *keytab_str)
-{
-    krb5_error_code ret;
-    krb5_keytab keytab;
-    krb5_keytab_entry entry;
-    krb5_kt_cursor cursor;
-    rtbl_t table;
-
-    /* XXX specialcase the ANY type */
-    if(strncasecmp(keytab_str, "ANY:", 4) == 0) {
-	int flag = 0;
-	char buf[1024];
-	keytab_str += 4;
-	ret = 0;
-	while (strsep_copy((const char**)&keytab_str, ",", 
-			   buf, sizeof(buf)) != -1) {
-	    if(flag)
-		printf("\n");
-	    if(do_list(opt, buf))
-		ret = 1;
-	    flag = 1;
-	}
-	return ret;
-    }
-
-    ret = krb5_kt_resolve(context, keytab_str, &keytab);
-    if (ret) {
-	krb5_warn(context, ret, "resolving keytab %s", keytab_str);
-	return ret;
-    }
-
-    ret = krb5_kt_start_seq_get(context, keytab, &cursor);
-    if(ret) {
-	krb5_warn(context, ret, "krb5_kt_start_seq_get %s", keytab_str);
-	krb5_kt_close(context, keytab);
-	return ret;
-    }
-
-    printf ("%s:\n\n", keytab_str);
-	
-    table = rtbl_create();
-    rtbl_add_column_by_id(table, 0, "Vno", RTBL_ALIGN_RIGHT);
-    rtbl_add_column_by_id(table, 1, "Type", 0);
-    rtbl_add_column_by_id(table, 2, "Principal", 0);
-    if (opt->timestamp_flag)
-	rtbl_add_column_by_id(table, 3, "Date", 0);
-    if(opt->keys_flag)
-	rtbl_add_column_by_id(table, 4, "Key", 0);
-    rtbl_set_separator(table, "  ");
-
-    while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0){
-	char buf[1024], *s;
-
-	snprintf(buf, sizeof(buf), "%d", entry.vno);
-	rtbl_add_column_entry_by_id(table, 0, buf);
-
-	ret = krb5_enctype_to_string(context, 
-				     entry.keyblock.keytype, &s);
-	if (ret != 0) {
-	    snprintf(buf, sizeof(buf), "unknown (%d)", entry.keyblock.keytype);
-	    rtbl_add_column_entry_by_id(table, 1, buf);
-	} else {
-	    rtbl_add_column_entry_by_id(table, 1, s);
-	    free(s);
-	}
-
-	krb5_unparse_name_fixed(context, entry.principal, buf, sizeof(buf));
-	rtbl_add_column_entry_by_id(table, 2, buf);
-
-	if (opt->timestamp_flag) {
-	    krb5_format_time(context, entry.timestamp, buf, 
-			     sizeof(buf), FALSE);
-	    rtbl_add_column_entry_by_id(table, 3, buf);
-	}
-	if(opt->keys_flag) {
-	    int i;
-	    s = malloc(2 * entry.keyblock.keyvalue.length + 1);
-	    if (s == NULL) {
-		krb5_warnx(context, "malloc failed");
-		ret = ENOMEM;
-		goto out;
-	    }
-	    for(i = 0; i < entry.keyblock.keyvalue.length; i++)
-		snprintf(s + 2 * i, 3, "%02x", 
-			 ((unsigned char*)entry.keyblock.keyvalue.data)[i]);
-	    rtbl_add_column_entry_by_id(table, 4, s);
-	    free(s);
-	}
-	krb5_kt_free_entry(context, &entry);
-    }
-    ret = krb5_kt_end_seq_get(context, keytab, &cursor);
-    rtbl_format(table, stdout);
-
-out:
-    rtbl_destroy(table);
-
-    krb5_kt_close(context, keytab);
-    return ret;
-}
-
-int
-kt_list(struct list_options *opt, int argc, char **argv)
-{
-    krb5_error_code ret;
-    char kt[1024];
-
-    if(verbose_flag)
-	opt->timestamp_flag = 1;
-
-    if (keytab_string == NULL) {
-	if((ret = krb5_kt_default_name(context, kt, sizeof(kt))) != 0) {
-	    krb5_warn(context, ret, "getting default keytab name");
-	    return 1;
-	}
-	keytab_string = kt;
-    }
-    return do_list(opt, keytab_string) != 0;
-}
diff --git a/crypto/heimdal/admin/purge.c b/crypto/heimdal/admin/purge.c
deleted file mode 100644
index e928c3e22d57..000000000000
--- a/crypto/heimdal/admin/purge.c
+++ /dev/null
@@ -1,172 +0,0 @@
-/*
- * Copyright (c) 1997-2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ktutil_locl.h"
-
-RCSID("$Id: purge.c 14261 2004-09-23 14:46:43Z joda $");
-
-/*
- * keep track of the highest version for every principal.
- */
-
-struct e {
-    krb5_principal principal;
-    int max_vno;
-    time_t timestamp;
-    struct e *next;
-};
-
-static struct e *
-get_entry (krb5_principal princ, struct e *head)
-{
-    struct e *e;
-
-    for (e = head; e != NULL; e = e->next)
-	if (krb5_principal_compare (context, princ, e->principal))
-	    return e;
-    return NULL;
-}
-
-static void
-add_entry (krb5_principal princ, int vno, time_t timestamp, struct e **head)
-{
-    krb5_error_code ret;
-    struct e *e;
-
-    e = get_entry (princ, *head);
-    if (e != NULL) {
-	if(e->max_vno < vno) {
-	    e->max_vno = vno;
-	    e->timestamp = timestamp;
-	}
-	return;
-    }
-    e = malloc (sizeof (*e));
-    if (e == NULL)
-	krb5_errx (context, 1, "malloc: out of memory");
-    ret = krb5_copy_principal (context, princ, &e->principal);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_copy_principal");
-    e->max_vno = vno;
-    e->timestamp = timestamp;
-    e->next    = *head;
-    *head      = e;
-}
-
-static void
-delete_list (struct e *head)
-{
-    while (head != NULL) {
-	struct e *next = head->next;
-	krb5_free_principal (context, head->principal);
-	free (head);
-	head = next;
-    }
-}
-
-/*
- * Remove all entries that have newer versions and that are older
- * than `age'
- */
-
-int
-kt_purge(struct purge_options *opt, int argc, char **argv)
-{
-    krb5_error_code ret = 0;
-    krb5_kt_cursor cursor;
-    krb5_keytab keytab;
-    krb5_keytab_entry entry;
-    int age;
-    struct e *head = NULL;
-    time_t judgement_day;
-
-    age = parse_time(opt->age_string, "s");
-    if(age < 0) {
-	krb5_warnx(context, "unparasable time `%s'", opt->age_string);
-	return 1;
-    }
-
-    if((keytab = ktutil_open_keytab()) == NULL)
-	return 1;
-
-    ret = krb5_kt_start_seq_get(context, keytab, &cursor);
-    if(ret){
-	krb5_warn(context, ret, "%s", keytab_string);
-	goto out;
-    }
-
-    while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0) {
-	add_entry (entry.principal, entry.vno, entry.timestamp, &head);
-	krb5_kt_free_entry(context, &entry);
-    }
-    ret = krb5_kt_end_seq_get(context, keytab, &cursor);
-
-    judgement_day = time (NULL);
-
-    ret = krb5_kt_start_seq_get(context, keytab, &cursor);
-    if(ret){
-	krb5_warn(context, ret, "%s", keytab_string);
-	goto out;
-    }
-
-    while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0) {
-	struct e *e = get_entry (entry.principal, head);
-
-	if (e == NULL) {
-	    krb5_warnx (context, "ignoring extra entry");
-	    continue;
-	}
-
-	if (entry.vno < e->max_vno
-	    && judgement_day - e->timestamp > age) {
-	    if (verbose_flag) {
-		char *name_str;
-
-		krb5_unparse_name (context, entry.principal, &name_str);
-		printf ("removing %s vno %d\n", name_str, entry.vno);
-		free (name_str);
-	    }
-	    ret = krb5_kt_remove_entry (context, keytab, &entry);
-	    if (ret)
-		krb5_warn (context, ret, "remove");
-	}
-	krb5_kt_free_entry(context, &entry);
-    }
-    ret = krb5_kt_end_seq_get(context, keytab, &cursor);
-
-    delete_list (head);
-
- out:
-    krb5_kt_close (context, keytab);
-    return ret != 0;
-}
diff --git a/crypto/heimdal/admin/remove.c b/crypto/heimdal/admin/remove.c
deleted file mode 100644
index 15f88cfee663..000000000000
--- a/crypto/heimdal/admin/remove.c
+++ /dev/null
@@ -1,93 +0,0 @@
-/*
- * Copyright (c) 1997-2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ktutil_locl.h"
-
-RCSID("$Id: remove.c 17004 2006-04-07 13:06:37Z lha $");
-
-int
-kt_remove(struct remove_options *opt, int argc, char **argv)
-{
-    krb5_error_code ret = 0;
-    krb5_keytab_entry entry;
-    krb5_keytab keytab;
-    krb5_principal principal = NULL;
-    krb5_enctype enctype = 0;
-
-    if(opt->principal_string) {
-	ret = krb5_parse_name(context, opt->principal_string, &principal);
-	if(ret) {
-	    krb5_warn(context, ret, "%s", opt->principal_string);
-	    return 1;
-	}
-    }
-    if(opt->enctype_string) {
-	ret = krb5_string_to_enctype(context, opt->enctype_string, &enctype);
-	if(ret) {
-	    int t;
-	    if(sscanf(opt->enctype_string, "%d", &t) == 1)
-		enctype = t;
-	    else {
-		krb5_warn(context, ret, "%s", opt->enctype_string);
-		if(principal)
-		    krb5_free_principal(context, principal);
-		return 1;
-	    }
-	}
-    }
-    if (!principal && !enctype && !opt->kvno_integer) {
-	krb5_warnx(context, 
-		   "You must give at least one of "
-		   "principal, enctype or kvno.");
-	ret = EINVAL;
-	goto out;
-    }
-
-    if((keytab = ktutil_open_keytab()) == NULL) {
-	ret = 1;
-	goto out;
-    }
-
-    entry.principal = principal;
-    entry.keyblock.keytype = enctype;
-    entry.vno = opt->kvno_integer;
-    ret = krb5_kt_remove_entry(context, keytab, &entry);
-    krb5_kt_close(context, keytab);
-    if(ret)
-	krb5_warn(context, ret, "remove");
- out:
-    if(principal)
-	krb5_free_principal(context, principal);
-    return ret != 0;
-}
-
diff --git a/crypto/heimdal/admin/rename.c b/crypto/heimdal/admin/rename.c
deleted file mode 100644
index aea02b07507a..000000000000
--- a/crypto/heimdal/admin/rename.c
+++ /dev/null
@@ -1,111 +0,0 @@
-/*
- * Copyright (c) 2001-2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ktutil_locl.h"
-
-RCSID("$Id: rename.c 14260 2004-09-23 14:45:29Z joda $");
-
-int
-kt_rename(void *opt, int argc, char **argv)
-{
-    krb5_error_code ret = 0;
-    krb5_keytab_entry entry;
-    krb5_keytab keytab;
-    krb5_kt_cursor cursor;
-    krb5_principal from_princ, to_princ;
-
-    ret = krb5_parse_name(context, argv[0], &from_princ);
-    if(ret != 0) {
-	krb5_warn(context, ret, "%s", argv[0]);
-	return 1;
-    }
-
-    ret = krb5_parse_name(context, argv[1], &to_princ);
-    if(ret != 0) {
-	krb5_free_principal(context, from_princ);
-	krb5_warn(context, ret, "%s", argv[1]);
-	return 1;
-    }
-
-    if((keytab = ktutil_open_keytab()) == NULL) {
-	krb5_free_principal(context, from_princ);
-	krb5_free_principal(context, to_princ);
-	return 1;
-    }
-
-    ret = krb5_kt_start_seq_get(context, keytab, &cursor);
-    if(ret) {
-	krb5_kt_close(context, keytab);
-	krb5_free_principal(context, from_princ);
-	krb5_free_principal(context, to_princ);
-	return 1;
-    }
-    while(1) {
-	ret = krb5_kt_next_entry(context, keytab, &entry, &cursor);
-	if(ret != 0) {
-	    if(ret != KRB5_CC_END && ret != KRB5_KT_END)
-		krb5_warn(context, ret, "getting entry from keytab");
-	    else
-		ret = 0;
-	    break;
-	}
-	if(krb5_principal_compare(context, entry.principal, from_princ)) {
-	    krb5_free_principal(context, entry.principal);
-	    entry.principal = to_princ;
-	    ret = krb5_kt_add_entry(context, keytab, &entry);
-	    if(ret) {
-		entry.principal = NULL;
-		krb5_kt_free_entry(context, &entry);
-		krb5_warn(context, ret, "adding entry");
-		break;
-	    }
-	    entry.principal = from_princ;
-	    ret = krb5_kt_remove_entry(context, keytab, &entry);
-	    if(ret) {
-		entry.principal = NULL;
-		krb5_kt_free_entry(context, &entry);
-		krb5_warn(context, ret, "removing entry");
-		break;
-	    }
-	    entry.principal = NULL;
-	}
-	krb5_kt_free_entry(context, &entry);
-    }
-    krb5_kt_end_seq_get(context, keytab, &cursor);
-
-    krb5_free_principal(context, from_princ);
-    krb5_free_principal(context, to_princ);
-
-    return ret != 0;
-}
-
diff --git a/crypto/heimdal/appl/Makefile.am b/crypto/heimdal/appl/Makefile.am
deleted file mode 100644
index 8f2670353e02..000000000000
--- a/crypto/heimdal/appl/Makefile.am
+++ /dev/null
@@ -1,27 +0,0 @@
-# $Id: Makefile.am 17775 2006-06-30 20:26:15Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-if OTP
-dir_otp = otp
-endif
-if DCE
-dir_dce = dceutils
-endif
-SUBDIRS = 					\
-	  afsutil				\
-	  ftp					\
-	  login					\
-	  $(dir_otp)				\
-	  gssmask				\
-	  popper				\
-	  push					\
-	  rsh					\
-	  rcp					\
-	  su					\
-	  xnlock				\
-	  telnet				\
-	  test					\
-	  kx					\
-	  kf					\
-	  $(dir_dce)
diff --git a/crypto/heimdal/appl/Makefile.in b/crypto/heimdal/appl/Makefile.in
deleted file mode 100644
index 52834fa12dd1..000000000000
--- a/crypto/heimdal/appl/Makefile.in
+++ /dev/null
@@ -1,835 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 17775 2006-06-30 20:26:15Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common
-subdir = appl
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-SOURCES =
-DIST_SOURCES =
-RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
-	html-recursive info-recursive install-data-recursive \
-	install-dvi-recursive install-exec-recursive \
-	install-html-recursive install-info-recursive \
-	install-pdf-recursive install-ps-recursive install-recursive \
-	installcheck-recursive installdirs-recursive pdf-recursive \
-	ps-recursive uninstall-recursive
-RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive	\
-  distclean-recursive maintainer-clean-recursive
-ETAGS = etags
-CTAGS = ctags
-DIST_SUBDIRS = afsutil ftp login otp gssmask popper push rsh rcp su \
-	xnlock telnet test kx kf dceutils
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-@OTP_TRUE@dir_otp = otp
-@DCE_TRUE@dir_dce = dceutils
-SUBDIRS = \
-	  afsutil				\
-	  ftp					\
-	  login					\
-	  $(dir_otp)				\
-	  gssmask				\
-	  popper				\
-	  push					\
-	  rsh					\
-	  rcp					\
-	  su					\
-	  xnlock				\
-	  telnet				\
-	  test					\
-	  kx					\
-	  kf					\
-	  $(dir_dce)
-
-all: all-recursive
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps appl/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps appl/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-# This directory's subdirectories are mostly independent; you can cd
-# into them and run `make' without going through this Makefile.
-# To change the values of `make' variables: instead of editing Makefiles,
-# (1) if the variable is set in `config.status', edit `config.status'
-#     (which will cause the Makefiles to be regenerated when you run `make');
-# (2) otherwise, pass the desired values on the `make' command line.
-$(RECURSIVE_TARGETS):
-	@failcom='exit 1'; \
-	for f in x $$MAKEFLAGS; do \
-	  case $$f in \
-	    *=* | --[!k]*);; \
-	    *k*) failcom='fail=yes';; \
-	  esac; \
-	done; \
-	dot_seen=no; \
-	target=`echo $@ | sed s/-recursive//`; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    dot_seen=yes; \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	  || eval $$failcom; \
-	done; \
-	if test "$$dot_seen" = "no"; then \
-	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
-	fi; test -z "$$fail"
-
-$(RECURSIVE_CLEAN_TARGETS):
-	@failcom='exit 1'; \
-	for f in x $$MAKEFLAGS; do \
-	  case $$f in \
-	    *=* | --[!k]*);; \
-	    *k*) failcom='fail=yes';; \
-	  esac; \
-	done; \
-	dot_seen=no; \
-	case "$@" in \
-	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
-	  *) list='$(SUBDIRS)' ;; \
-	esac; \
-	rev=''; for subdir in $$list; do \
-	  if test "$$subdir" = "."; then :; else \
-	    rev="$$subdir $$rev"; \
-	  fi; \
-	done; \
-	rev="$$rev ."; \
-	target=`echo $@ | sed s/-recursive//`; \
-	for subdir in $$rev; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	  || eval $$failcom; \
-	done && test -z "$$fail"
-tags-recursive:
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
-	done
-ctags-recursive:
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
-	  include_option=--etags-include; \
-	  empty_fix=.; \
-	else \
-	  include_option=--include; \
-	  empty_fix=; \
-	fi; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test ! -f $$subdir/TAGS || \
-	      tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \
-	  fi; \
-	done; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS: ctags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test -d "$(distdir)/$$subdir" \
-	    || $(MKDIR_P) "$(distdir)/$$subdir" \
-	    || exit 1; \
-	    distdir=`$(am__cd) $(distdir) && pwd`; \
-	    top_distdir=`$(am__cd) $(top_distdir) && pwd`; \
-	    (cd $$subdir && \
-	      $(MAKE) $(AM_MAKEFLAGS) \
-	        top_distdir="$$top_distdir" \
-	        distdir="$$distdir/$$subdir" \
-		am__remove_distdir=: \
-		am__skip_length_check=: \
-	        distdir) \
-	      || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-recursive
-all-am: Makefile all-local
-installdirs: installdirs-recursive
-installdirs-am:
-install: install-recursive
-install-exec: install-exec-recursive
-install-data: install-data-recursive
-uninstall: uninstall-recursive
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-recursive
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-recursive
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-recursive
-	-rm -f Makefile
-distclean-am: clean-am distclean-generic distclean-tags
-
-dvi: dvi-recursive
-
-dvi-am:
-
-html: html-recursive
-
-info: info-recursive
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-recursive
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-recursive
-
-install-info: install-info-recursive
-
-install-man:
-
-install-pdf: install-pdf-recursive
-
-install-ps: install-ps-recursive
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-recursive
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-recursive
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-pdf: pdf-recursive
-
-pdf-am:
-
-ps: ps-recursive
-
-ps-am:
-
-uninstall-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \
-	install-data-am install-exec-am install-strip uninstall-am
-
-.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
-	all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool ctags ctags-recursive dist-hook \
-	distclean distclean-generic distclean-libtool distclean-tags \
-	distdir dvi dvi-am html html-am info info-am install \
-	install-am install-data install-data-am install-data-hook \
-	install-dvi install-dvi-am install-exec install-exec-am \
-	install-exec-hook install-html install-html-am install-info \
-	install-info-am install-man install-pdf install-pdf-am \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs installdirs-am maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-generic \
-	mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \
-	uninstall uninstall-am uninstall-hook
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/afsutil/ChangeLog b/crypto/heimdal/appl/afsutil/ChangeLog
deleted file mode 100644
index c6cfd39c04db..000000000000
--- a/crypto/heimdal/appl/afsutil/ChangeLog
+++ /dev/null
@@ -1,125 +0,0 @@
-2007-04-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* pagsh.1,afslog.1: - options must be lexicographically ordered;
-	  again, options without arguments must be placed before options
-	  with arguments.  - manual page cross references are done using
-	  the macro `.Xr', not the macro `.Nm' (used for command names
-	  instead).
-	
-	From Igor Sobrado.
-	
-2006-10-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Add man_MANS to EXTRA_DIST
-	
-2006-01-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* afslog.1: Document options to allow select principal or
-	credential cache when doing afslog.
-
-	* afslog.c: Add options to allow select principal or credential
-	cache when doing afslog.
-	
-2005-02-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: man_MANS += pagsh.1
-
-	* pagsh.c: add --cache-type that allows the user to control the
-	resulting credential cache type, inherit the type from the
-	invoking process
-
-	* pagsh.1: manpage for pagsh
-
-2004-09-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* afslog.c: use negative string help string for arg_negative_flag
-	Pointed out by Harald Barth
-	
-2004-07-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* pagsh.c: use setprogname, if we stripped off -c, try use the
-	fallback code
-	
-2003-10-14  Johan Danielsson  <joda@pdc.kth.se>
-
-	* pagsh.c: mkstemp formats must end in exactly six X's
-
-2003-07-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* afslog.c (do_afslog): is cell is unset, set it "<default cell>"
-	for error printing
-
-	* pagsh.c: unconditionally set KRBTKFILE
-	
-2003-04-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* afslog.c (log_func): drop the error number
-	
-2003-04-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* afslog.c: set kafs log function if verbose is turned on
-	
-2003-03-18  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am (LDADD): use LIB_kafs
-	
-	* afslog.1: --no-v4, --no-v5
-	
-	* Makefile.am: always build afsutils now
-	
-	* afslog.c: make build without KRB4
-	
-2002-11-26  Johan Danielsson  <joda@pdc.kth.se>
-
-	* afslog.c: remove plural form in help string
-
-	* Makefile.am: add afslog manpage
-
-	* afslog.1: manpage
-
-	* afslog.c: try more files when trying to expand a cell name
-
-	* afslog.c: create a list of cells to get tokens for, before
-	actually doing anything, and try to get tokens via krb4 if krb5
-	fails, and give it a chance to work with krb4-only; also some bug
-	fixes, partially from Tomas Olsson.
-
-2002-08-23  Assar Westerlund  <assar@kth.se>
-
-	* pagsh.c: make it handle --version/--help
-
-2001-05-17  Assar Westerlund  <assar@sics.se>
-
-	* afslog.c (main): call free_getarg_strings
-
-2000-12-31  Assar Westerlund  <assar@sics.se>
-
-	* afslog.c (main): handle krb5_init_context failure consistently
-
-2000-12-25  Assar Westerlund  <assar@sics.se>
-
-	* afslog.c: clarify usage strings
-
-1999-08-04  Assar Westerlund  <assar@sics.se>
-
-	* pagsh.c (main): use mkstemp to generate temporary file names.
-  	From Miroslav Ruda <ruda@ics.muni.cz>
-
-1999-07-04  Assar Westerlund  <assar@sics.se>
-
-	* afslog.c (expand_cell_name): terminate on #.  From Miroslav Ruda
- 	<ruda@ics.muni.cz>
-
-1999-06-27  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (bin_PROGRAMS): only include pagsh if KRB4
-
-1999-06-26  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: add pagsh
-
-	* pagsh.c: new file.  contributed by Miroslav Ruda <ruda@ics.muni.cz>
-
-Sat Mar 27 12:49:43 1999  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* afslog.c: cleanup option parsing
diff --git a/crypto/heimdal/appl/afsutil/Makefile.am b/crypto/heimdal/appl/afsutil/Makefile.am
deleted file mode 100644
index 365897b84c04..000000000000
--- a/crypto/heimdal/appl/afsutil/Makefile.am
+++ /dev/null
@@ -1,22 +0,0 @@
-# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-AM_CPPFLAGS += $(INCLUDE_krb4)
-
-bin_PROGRAMS = afslog pagsh
-
-afslog_SOURCES = afslog.c
-
-pagsh_SOURCES  = pagsh.c
-
-man_MANS = afslog.1 pagsh.1
-
-LDADD = $(LIB_kafs) \
-	$(LIB_krb4) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_hcrypto) \
-	$(LIB_roken)
-
-EXTRA_DIST = $(man_MANS)
diff --git a/crypto/heimdal/appl/afsutil/Makefile.in b/crypto/heimdal/appl/afsutil/Makefile.in
deleted file mode 100644
index e50ac2ea319c..000000000000
--- a/crypto/heimdal/appl/afsutil/Makefile.in
+++ /dev/null
@@ -1,851 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common ChangeLog
-bin_PROGRAMS = afslog$(EXEEXT) pagsh$(EXEEXT)
-subdir = appl/afsutil
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)"
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-PROGRAMS = $(bin_PROGRAMS)
-am_afslog_OBJECTS = afslog.$(OBJEXT)
-afslog_OBJECTS = $(am_afslog_OBJECTS)
-afslog_LDADD = $(LDADD)
-am__DEPENDENCIES_1 =
-am__DEPENDENCIES_2 = $(top_builddir)/lib/kafs/libkafs.la \
-	$(am__DEPENDENCIES_1)
-afslog_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1)
-am_pagsh_OBJECTS = pagsh.$(OBJEXT)
-pagsh_OBJECTS = $(am_pagsh_OBJECTS)
-pagsh_LDADD = $(LDADD)
-pagsh_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-SOURCES = $(afslog_SOURCES) $(pagsh_SOURCES)
-DIST_SOURCES = $(afslog_SOURCES) $(pagsh_SOURCES)
-man1dir = $(mandir)/man1
-MANS = $(man_MANS)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
-	$(INCLUDE_krb4)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-afslog_SOURCES = afslog.c
-pagsh_SOURCES = pagsh.c
-man_MANS = afslog.1 pagsh.1
-LDADD = $(LIB_kafs) \
-	$(LIB_krb4) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_hcrypto) \
-	$(LIB_roken)
-
-EXTRA_DIST = $(man_MANS)
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps appl/afsutil/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps appl/afsutil/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(bindir)/$$f"; \
-	done
-
-clean-binPROGRAMS:
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-afslog$(EXEEXT): $(afslog_OBJECTS) $(afslog_DEPENDENCIES) 
-	@rm -f afslog$(EXEEXT)
-	$(LINK) $(afslog_OBJECTS) $(afslog_LDADD) $(LIBS)
-pagsh$(EXEEXT): $(pagsh_OBJECTS) $(pagsh_DEPENDENCIES) 
-	@rm -f pagsh$(EXEEXT)
-	$(LINK) $(pagsh_OBJECTS) $(pagsh_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-man1: $(man1_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)"
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    1*) ;; \
-	    *) ext='1' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \
-	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \
-	done
-uninstall-man1:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    1*) ;; \
-	    *) ext='1' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \
-	  rm -f "$(DESTDIR)$(man1dir)/$$inst"; \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-installdirs:
-	for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am: install-binPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man: install-man1
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-binPROGRAMS uninstall-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-uninstall-man: uninstall-man1
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
-	clean clean-binPROGRAMS clean-generic clean-libtool ctags \
-	dist-hook distclean distclean-compile distclean-generic \
-	distclean-libtool distclean-tags distdir dvi dvi-am html \
-	html-am info info-am install install-am install-binPROGRAMS \
-	install-data install-data-am install-data-hook install-dvi \
-	install-dvi-am install-exec install-exec-am install-exec-hook \
-	install-html install-html-am install-info install-info-am \
-	install-man install-man1 install-pdf install-pdf-am install-ps \
-	install-ps-am install-strip installcheck installcheck-am \
-	installdirs maintainer-clean maintainer-clean-generic \
-	mostlyclean mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \
-	uninstall-am uninstall-binPROGRAMS uninstall-hook \
-	uninstall-man uninstall-man1
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/afsutil/afslog.1 b/crypto/heimdal/appl/afsutil/afslog.1
deleted file mode 100644
index aa4b9d685d60..000000000000
--- a/crypto/heimdal/appl/afsutil/afslog.1
+++ /dev/null
@@ -1,153 +0,0 @@
-.\" Copyright (c) 2002 - 2007 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: afslog.1 20310 2007-04-11 11:22:23Z lha $
-.\"
-.Dd November 26, 2002
-.Dt AFSLOG 1
-.Os HEIMDAL
-.Sh NAME
-.Nm afslog
-.Nd
-obtain AFS tokens
-.Sh SYNOPSIS
-.Nm
-.Op Fl h | Fl -help
-.Op Fl -no-v4
-.Op Fl -no-v5
-.Op Fl u | Fl -unlog
-.Op Fl v | Fl -verbose
-.Op Fl -version
-.Oo Fl c Ar cell \*(Ba Xo
-.Fl -cell= Ns Ar cell
-.Xc
-.Oc
-.Oo Fl k Ar realm \*(Ba Xo
-.Fl -realm= Ns Ar realm
-.Xc
-.Oc
-.Oo Fl P Ar principal \*(Ba Xo
-.Fl -principal= Ns Ar principal
-.Xc
-.Oc
-.Bk -words
-.Oo Fl p Ar path \*(Ba Xo
-.Fl -file= Ns Ar path
-.Xc
-.Oc
-.Ek
-.Op Ar cell | path ...
-.Sh DESCRIPTION
-.Nm
-obtains AFS tokens for a number of cells. What cells to get tokens for
-can either be specified as an explicit list, as file paths to get
-tokens for, or be left unspecified, in which case
-.Nm
-will use whatever magic 
-.Xr krb_afslog 3
-decides upon.
-.Pp
-Supported options:
-.Bl -tag -width Ds
-.It Fl -no-v4
-This makes
-.Nm
-not try using Kerberos 4.
-.It Fl -no-v5
-This makes
-.Nm
-not try using Kerberos 5.
-.It Xo
-.Fl P Ar principal ,
-.Fl -principal Ar principal
-.Xc
-select what Kerberos 5 principal to use.
-.It Fl -cache Ar cache
-select what Kerberos 5 credential cache to use.
-.Fl -principal
-overrides this option.
-.It Xo
-.Fl u ,
-.Fl -unlog
-.Xc
-Destroy tokens instead of obtaining new. If this is specified, all
-other options are ignored (except for
-.Fl -help
-and
-.Fl -version ) .
-.It Xo
-.Fl v ,
-.Fl -verbose
-.Xc
-Adds more verbosity for what is actually going on.
-.It Xo
-.Fl c Ar cell,
-.Fl -cell= Ns Ar cell
-.Xc
-This specified one or more cell names to get tokens for.
-.It Xo
-.Fl k Ar realm ,
-.Fl -realm= Ns Ar realm
-.Xc
-This is the Kerberos realm the AFS servers live in, this should
-normally not be specified.
-.It Xo
-.Fl p Ar path ,
-.Fl -file= Ns Ar path
-.Xc
-This specified one or more file paths for which tokens should be
-obtained.
-.El
-.Pp
-Instead of using
-.Fl c
-and
-.Fl p ,
-you may also pass a list of cells and file paths after any other
-options. These arguments are considered files if they are either 
-the strings
-.Do . Dc
-or
-.Dq .. 
-or they contain a slash, or if there exists a file by that name.
-.Sh EXAMPLES
-Assuming that there is no file called 
-.Dq openafs.org
-in the current directory, and that 
-.Pa /afs/openafs.org
-points to that cell, the follwing should be identical:
-.Bd -literal -offset indent
-$ afslog -c openafs.org
-$ afslog openafs.org
-$ afslog /afs/openafs.org/some/file
-.Ed 
-.Sh SEE ALSO
-.Xr krb_afslog 3
diff --git a/crypto/heimdal/appl/afsutil/afslog.c b/crypto/heimdal/appl/afsutil/afslog.c
deleted file mode 100644
index 6ca5b2074991..000000000000
--- a/crypto/heimdal/appl/afsutil/afslog.c
+++ /dev/null
@@ -1,322 +0,0 @@
-/*
- * Copyright (c) 1997-2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: afslog.c 16438 2006-01-03 09:27:54Z lha $");
-#endif
-#include <ctype.h>
-#ifdef KRB5
-#include <krb5.h>
-#endif
-#ifdef KRB4
-#include <krb.h>
-#endif
-#include <kafs.h>
-#include <roken.h>
-#include <getarg.h>
-#include <err.h>
-
-static int help_flag;
-static int version_flag;
-static getarg_strings cells;
-static char *realm;
-static getarg_strings files;
-static int unlog_flag;
-static int verbose;
-#ifdef KRB4
-static int use_krb4 = 1;
-#endif
-#ifdef KRB5
-static char *client_string;
-static char *cache_string;
-static int use_krb5 = 1;
-#endif
-
-struct getargs args[] = {
-    { "cell",	'c', arg_strings, &cells, "cells to get tokens for", "cell" },
-    { "file",	'p', arg_strings, &files, "files to get tokens for", "path" },
-    { "realm",	'k', arg_string, &realm, "realm for afs cell", "realm" },
-    { "unlog",	'u', arg_flag, &unlog_flag, "remove tokens" },
-#ifdef KRB4
-    { "v4",	 0, arg_negative_flag, &use_krb4, "don't use Kerberos 4" },
-#endif
-#ifdef KRB5
-    { "principal",'P',arg_string,&client_string,"principal to use","principal"},
-    { "cache",   0,  arg_string, &cache_string, "ccache to use", "cache"},
-    { "v5",	 0,  arg_negative_flag, &use_krb5, "don't use Kerberos 5" },
-#endif
-    { "verbose",'v', arg_flag, &verbose },
-    { "version", 0,  arg_flag, &version_flag },
-    { "help",	'h', arg_flag, &help_flag },
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-#ifdef KRB5
-krb5_context context;
-krb5_ccache id;
-#endif
-
-static const char *
-expand_one_file(FILE *f, const char *cell)
-{
-    static char buf[1024];
-    char *p;
-
-    while (fgets (buf, sizeof(buf), f) != NULL) {
-	if(buf[0] == '>') {
-	    for(p = buf; *p && !isspace((unsigned char)*p) && *p != '#'; p++)
-		;
-	    *p = '\0';
-	    if(strncmp(buf + 1, cell, strlen(cell)) == 0)
-		return buf + 1;
-	}
-	buf[0] = '\0';
-    }
-    return NULL;
-}
-
-static const char *
-expand_cell_name(const char *cell)
-{
-    FILE *f;
-    const char *c;
-    const char **fn, *files[] = { _PATH_CELLSERVDB,
-				  _PATH_ARLA_CELLSERVDB,
-				  _PATH_OPENAFS_DEBIAN_CELLSERVDB,
-				  _PATH_ARLA_DEBIAN_CELLSERVDB,
-				  NULL };
-    for(fn = files; *fn; fn++) {
-	f = fopen(*fn, "r");
-	if(f == NULL)
-	    continue;
-	c = expand_one_file(f, cell);
-	fclose(f);
-	if(c)
-	    return c;
-    }
-    return cell;
-}
-
-static void
-usage(int ecode)
-{
-    arg_printusage(args, num_args, NULL, "[cell|path]...");
-    exit(ecode);
-}
-
-struct cell_list {
-    char *cell;
-    struct cell_list *next;
-} *cell_list;
-
-static int
-afslog_cell(const char *cell, int expand)
-{
-    struct cell_list *p, **q;
-    const char *c = cell;
-    if(expand){
-	c = expand_cell_name(cell);
-	if(c == NULL){
-	    warnx("No cell matching \"%s\" found.", cell);
-	    return -1;
-	}
-	if(verbose && strcmp(c, cell) != 0)
-	    warnx("Cell \"%s\" expanded to \"%s\"", cell, c);
-    }
-    /* add to list of cells to get tokens for, and also remove
-       duplicates; the actual afslog takes place later */
-    for(p = cell_list, q = &cell_list; p; q = &p->next, p = p->next)
-	if(strcmp(p->cell, c) == 0)
-	    return 0;
-    p = malloc(sizeof(*p));
-    if(p == NULL)
-	return -1;
-    p->cell = strdup(c);
-    if(p->cell == NULL) {
-	free(p);
-	return -1;
-    }
-    p->next = NULL;
-    *q = p;
-    return 0;
-}
-
-static int
-afslog_file(const char *path)
-{
-    char cell[64];
-    if(k_afs_cell_of_file(path, cell, sizeof(cell))){
-	warnx("No cell found for file \"%s\".", path);
-	return -1;
-    }
-    if(verbose)
-	warnx("File \"%s\" lives in cell \"%s\"", path, cell);
-    return afslog_cell(cell, 0);
-}
-
-static int
-do_afslog(const char *cell)
-{
-    int k5ret, k4ret;
-
-    k5ret = k4ret = 0;
-
-#ifdef KRB5
-    if(context != NULL && id != NULL && use_krb5) {
-	k5ret = krb5_afslog(context, id, cell, realm);
-	if(k5ret == 0)
-	    return 0;
-    }
-#endif
-#if KRB4
-    if (use_krb4) {
-	k4ret = krb_afslog(cell, realm);
-	if(k4ret == 0)
-	    return 0;
-    }
-#endif
-    if (cell == NULL)
-	cell = "<default cell>";
-#ifdef KRB5
-    if (k5ret)
-	warnx("krb5_afslog(%s): %s", cell, krb5_get_err_text(context, k5ret));
-#endif
-#ifdef KRB4
-    if (k4ret)
-	warnx("krb_afslog(%s): %s", cell, krb_get_err_text(k4ret));
-#endif
-    if (k5ret || k4ret)
-	return 1;
-    return 0;
-}
-
-static void
-log_func(void *ctx, const char *str)
-{
-    fprintf(stderr, "%s\n", str);
-}
-
-int
-main(int argc, char **argv)
-{
-    int optind = 0;
-    int i;
-    int num;
-    int ret = 0;
-    int failed = 0;
-    struct cell_list *p;
-    
-    setprogname(argv[0]);
-
-    if(getarg(args, num_args, argc, argv, &optind))
-	usage(1);
-    if(help_flag)
-	usage(0);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    if(!k_hasafs())
-	errx(1, "AFS does not seem to be present on this machine");
-
-    if(unlog_flag){
-	k_unlog();
-	exit(0);
-    }
-#ifdef KRB5
-    ret = krb5_init_context(&context);
-    if (ret) {
-	context = NULL;
-    } else {
-	if (client_string) {
-	    krb5_principal client;
-
-	    ret = krb5_parse_name(context, client_string, &client);
-	    if (ret == 0)
-		ret = krb5_cc_cache_match(context, client, NULL, &id);
-	    if (ret)
-		id = NULL;
-	}
-	if (id == NULL && cache_string) {
-	    if(krb5_cc_resolve(context, cache_string, &id) != 0) {
-		krb5_warnx(context, "failed to open kerberos 5 cache '%s'",
-			   cache_string);
-		id = NULL;
-	    }
-	}
-	if (id == NULL)
-	    if(krb5_cc_default(context, &id) != 0)
-		id = NULL;
-    }
-#endif
-
-    if (verbose)
-	kafs_set_verbose(log_func, NULL);
-
-    num = 0;
-    for(i = 0; i < files.num_strings; i++){
-	afslog_file(files.strings[i]);
-	num++;
-    }
-    free_getarg_strings (&files);
-    for(i = 0; i < cells.num_strings; i++){
-	afslog_cell(cells.strings[i], 1);
-	num++;
-    }
-    free_getarg_strings (&cells);
-    for(i = optind; i < argc; i++){
-	num++;
-	if(strcmp(argv[i], ".") == 0 ||
-	   strcmp(argv[i], "..") == 0 ||
-	   strchr(argv[i], '/') ||
-	   access(argv[i], F_OK) == 0)
-	    afslog_file(argv[i]);
-	else
-	    afslog_cell(argv[i], 1);
-    }    
-    if(num == 0) {
-	if(do_afslog(NULL))
-	    failed++;
-    } else
-	for(p = cell_list; p; p = p->next) {
-	    if(verbose)
-		warnx("Getting tokens for cell \"%s\"", p->cell);
-	    if(do_afslog(p->cell))
-		failed++;
-    }
-
-    return failed;
-}
diff --git a/crypto/heimdal/appl/afsutil/pagsh.1 b/crypto/heimdal/appl/afsutil/pagsh.1
deleted file mode 100644
index c3e93d440e7f..000000000000
--- a/crypto/heimdal/appl/afsutil/pagsh.1
+++ /dev/null
@@ -1,92 +0,0 @@
-.\" Copyright (c) 2005 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: pagsh.1 20311 2007-04-11 11:27:51Z lha $
-.\"
-.Dd February 12, 2005
-.Dt PAGSH 1
-.Os Heimdal
-.Sh NAME
-.Nm pagsh
-.Nd
-creates a new credential cache sandbox
-.Sh SYNOPSIS
-.Nm
-.Op Fl c
-.Op Fl h | Fl -help
-.Op Fl -version
-.Op Fl -cache-type= Ns Ar string
-.Ar command [args...]
-.Sh DESCRIPTION
-Supported options:
-.Bl -tag -width Ds
-.It Xo
-.Fl c
-.Xc
-.It Xo
-.Fl -cache-type= Ns Ar string
-.Xc
-.It Xo
-.Fl h ,
-.Fl -help
-.Xc
-.It Xo
-.Fl -version
-.Xc
-.El
-.Pp
-.Nm
-creates a new credential cache sandbox for the user to live in.
-If AFS is installed on the computer, the user is put in a newly
-created PAG.
-.Pp
-For Kerberos 5, the credential cache type that is used is the same as
-the credential cache type that was used at the time of
-.Nm
-invocation.
-The credential cache type can be controlled by the option
-.Fl -cache-type .
-.Sh EXAMPLES
-Create a new sandbox where new credentials can be used, while the old
-credentials can be used by other processes.
-.Bd -literal -offset indent
-$ klist
-Credentials cache: FILE:/tmp/krb5cc_913
-        Principal: lha@E.KTH.SE
-
-  Issued           Expires          Principal
-Feb 12 10:08:31  Feb 12 20:06:36  krbtgt/E.KTH.SE@E.KTH.SE
-$ pagsh
-$ klist
-klist: No ticket file: /tmp/krb5cc_03014a
-.Ed
-.Sh SEE ALSO
-.Xr afslog 1
diff --git a/crypto/heimdal/appl/afsutil/pagsh.c b/crypto/heimdal/appl/afsutil/pagsh.c
deleted file mode 100644
index d975fad11438..000000000000
--- a/crypto/heimdal/appl/afsutil/pagsh.c
+++ /dev/null
@@ -1,239 +0,0 @@
-/*
- * Copyright (c) 1995 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-RCSID("$Id: pagsh.c 14574 2005-02-12 14:23:28Z lha $");
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#include <time.h>
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#ifdef HAVE_PWD_H
-#include <pwd.h>
-#endif
-
-#ifdef KRB5
-#include <krb5.h>
-#endif
-#ifdef KRB4
-#include <krb.h>
-#endif
-#include <kafs.h>
-
-#include <err.h>
-#include <roken.h>
-#include <getarg.h>
-
-#ifndef TKT_ROOT
-#define TKT_ROOT "/tmp/tkt"
-#endif
-
-static int help_flag;
-static int version_flag;
-static int c_flag;
-#ifdef KRB5
-static char *typename_arg;
-#endif
-
-struct getargs getargs[] = {
-    { NULL,	'c', arg_flag, &c_flag },
-#ifdef KRB5
-    { "cache-type", 0,  arg_string, &typename_arg },
-#endif
-    { "version", 0,  arg_flag, &version_flag },
-    { "help",	'h', arg_flag, &help_flag },
-};
-
-static int num_args = sizeof(getargs) / sizeof(getargs[0]);
-
-static void
-usage(int ecode)
-{
-    arg_printusage(getargs, num_args, NULL, "command [args...]");
-    exit(ecode);
-}
-
-/*
- * Run command with a new ticket file / credentials cache / token
- */
-
-int
-main(int argc, char **argv)
-{
-    int f;
-    char tf[1024];
-    char *p;
-
-    char *path;
-    char **args;
-    int i;
-    int optind = 0;
-
-    setprogname(argv[0]);
-    if(getarg(getargs, num_args, argc, argv, &optind))
-	usage(1);
-    if(help_flag)
-	usage(0);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optind;
-    argv += optind;
-
-#ifdef KRB5
-    {
-	const krb5_cc_ops *type;
-	krb5_error_code ret;
-	krb5_context context;
-	krb5_ccache id;
-	const char *name;
-
-	ret = krb5_init_context(&context);
-	if (ret) /* XXX should this really call exit ? */
-	    errx(1, "no kerberos 5 support");
-
-	if (typename_arg == NULL) {
-	    char *s;
-
-	    name = krb5_cc_default_name(context);
-	    if (name == NULL)
-		krb5_errx(context, 1, "Failed getting default "
-			  "credential cache type");
-	    
-	    typename_arg = strdup(name);
-	    if (typename_arg == NULL)
-		errx(1, "strdup");
-	    
-	    s = strchr(typename_arg, ':');
-	    if (s)
-		*s = '\0';
-	}
-
-	type = krb5_cc_get_prefix_ops(context, typename_arg);
-	if (type == NULL)
-	    krb5_err(context, 1, ret, "Failed getting ops for %s "
-		     "credential cache", typename_arg);
-     
-	ret = krb5_cc_gen_new(context, type, &id);
-	if (ret)
-	    krb5_err(context, 1, ret, "Failed generating credential cache");
-
-	name = krb5_cc_get_name(context, id);
-	if (name == NULL)
-	    krb5_errx(context, 1, "Generated credential cache have no name");
-
-	snprintf(tf, sizeof(tf), "%s:%s", typename_arg, name);
-
-	ret = krb5_cc_close(context, id);
-	if (ret)
-	    krb5_err(context, 1, ret, "Failed closing credential cache");
-
-	krb5_free_context(context);
-
-	esetenv("KRB5CCNAME", tf, 1);
-    }
-#endif
-
-    snprintf (tf, sizeof(tf), "%s_XXXXXX", TKT_ROOT);
-    f = mkstemp (tf);
-    if (f < 0)
-	err(1, "mkstemp failed");
-    close (f);
-    unlink (tf);
-    esetenv("KRBTKFILE", tf, 1);
-
-    i = 0;
-
-    args = (char **) malloc((argc + 10)*sizeof(char *));
-    if (args == NULL)
-	errx (1, "Out of memory allocating %lu bytes",
-	      (unsigned long)((argc + 10)*sizeof(char *)));
-  
-    if(*argv == NULL) {
-	path = getenv("SHELL");
-	if(path == NULL){
-	    struct passwd *pw = k_getpwuid(geteuid());
-	    path = strdup(pw->pw_shell);
-	}
-    } else {
-	path = strdup(*argv++);
-    }
-    if (path == NULL)
-	errx (1, "Out of memory copying path");
-  
-    p=strrchr(path, '/');
-    if(p)
-	args[i] = strdup(p+1);
-    else
-	args[i] = strdup(path);
-
-    if (args[i++] == NULL)
-	errx (1, "Out of memory copying arguments");
-  
-    while(*argv)
-	args[i++] = *argv++;
-
-    args[i++] = NULL;
-
-    if(k_hasafs())
-	k_setpag();
-
-    unsetenv("PAGPID");
-    execvp(path, args);
-    if (errno == ENOENT || c_flag) {
-	char **sh_args = malloc ((i + 2) * sizeof(char *));
-	int j;
-
-	if (sh_args == NULL)
-	    errx (1, "Out of memory copying sh arguments");
-	for (j = 1; j < i; ++j)
-	    sh_args[j + 2] = args[j];
-	sh_args[0] = "sh";
-	sh_args[1] = "-c";
-	sh_args[2] = path;
-	execv ("/bin/sh", sh_args);
-    }
-    err (1, "execvp");
-}
diff --git a/crypto/heimdal/appl/ftp/ChangeLog b/crypto/heimdal/appl/ftp/ChangeLog
deleted file mode 100644
index 139e193d0541..000000000000
--- a/crypto/heimdal/appl/ftp/ChangeLog
+++ /dev/null
@@ -1,1022 +0,0 @@
-2007-07-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ftp/gssapi.c: Fix pointer vs strict alias rules.
-
-2007-06-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ftp/security.c: if no mech have no session, its ok, just don't
-	call it.
-
-	* ftp/security.h: provide prototype for sec_userok().
-
-	* move ksetpag after initgroups to make it work on Linux when its
-	without syscall hooks to change sys_setgroups preserve the
-	pag. From Alexsander Bostr�m.
-	
-2007-06-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ftpd/Makefile.am: don't clean yacc/lex files in CLEANFILES,
-	maintainers clean will do that for us.
-	
-2006-10-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ftpd/Makefile.am: Add man_MANS to EXTRA_DIST
-
-	* ftp/Makefile.am: Add man_MANS to EXTRA_DIST
-	
-2006-08-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ftpd/ftpd.c: Add comment by seteuid call isn't not needed.
-
-	* ftpd/ftpd.c: Check return values from seteuid, prompted by MIT
-	advisory.  Thanks to Tom Yu at MIT, and Michael Calmer and Marcus
-	Meissner at SUSE.  Either of CVE-2006-3083 or CVE-2006-3084.
-	
-2006-06-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ftpd/gss_userok.c (gss_userok): create a local krb5_context and
-	use that instead of the libgssapi context (that might not exist).
-	
-2006-05-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Rename u_intXX_t to uintXX_t
-
-2006-03-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ftp/ftp.1: Add undocument flags and spelling, from Ted Percival
-	<Ted.Percival@quest.com>
-	
-2006-02-27  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ftpd.8: fix grammar in --no-insecure-oob option (partly
-	from Thomas Klausner)
-	
-2006-01-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ftp/ftp.c: Indent.
-	
-2006-01-12  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ftpd.c (pass): remove unused variable in the !OTP case
-	
-2005-10-22  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ftpd/ls.c: Check return value from asprintf instead of string !=
-	NULL since it undefined behavior on Linux. From Bj�rn Sandell
-
-	* ftpd/gss_userok.c: Check return value from asprintf instead of
-	string != NULL since it undefined behavior on Linux. From Bj�rn
-	Sandell
-
-	* ftpd/ftpd.c: Check return value from asprintf instead of string
-	!= NULL since it undefined behavior on Linux. From Bj�rn Sandell
-
-	* ftp/gssapi.c: Check return value from asprintf instead of string
-	!= NULL since it undefined behavior on Linux. From Bj�rn Sandell
-	
-2005-10-12  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftp/ftp.1: document -x
-	
-	* ftp/security.h: implement cprotect (from MIT)
-	
-	* ftp/security.c: add -x (encrypt) option; implement cprotect
-	(from MIT); make sure we CCC if switching to clear-text command
-	channel
-
-	* ftp/cmdtab.c: implement cprotect (from MIT)
-	
-	* ftp/ruserpass.c: if doing command line encryption (-x), ignore
-	prot commands in .netrc
-
-	* ftp/ftp_var.h: add -x (encrypt) option
-	
-	* ftp/globals.c: add -x (encrypt) option
-	
-	* ftp/main.c: add -x (encrypt) option
-	
-2005-07-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ftpd/ftpcmd.y: Fix shadow warning.
-
-	* ftp/security.c: Fix shadow warning.
-	* ftp/security.c: Fix shadow warnings.
-	
-	* ftp/ruserpass.c: Fix shadow warnings.
-
-	* ftp/ftp.c: Fix shadow warnings.
-	
-	* ftp/cmds.c: fix shadow warnings
-
-	* Add Kerberos 5 klist, old patch from Tomas Nystr�m (remove krb4
-	support). Support klist in client for kerberos 5 clase.
-	Clean up delegation of gss tokens and do afslog.
-
-2005-07-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ftp/gssapi.c (gss_adat): avoid leaking memory
-	(gss_auth): always try next kname if there is one, independant of
-	min_stat
-
-	* ftp/gssapi.c: avoid const warning, use sin4 instead of sin to
-	avoid shadow warning, free target_name
-
-2005-07-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ftp/security.c: keep track of if CCC was passed
-
-	* ftpd/extern.h: variable to keep track of if CCC was passed
-
-	* ftpd/ftpcmd.y: sprinkel check_secure, check if CCC was passed in
-	check_secure
-
-2005-06-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ftpd/ftpd.c (filename_check): change signednes of p to avoid
-	warning, move typecasts
-
-2005-05-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ftpd/ftpd.c: avoid 'unused variable' warnings
-
-2005-05-10  David Love  <fx@gnu.org>
-
-	* ftpd/pathnames.h: #ifdef protect _PATH_ISSUE
-
-2005-04-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ftp/domacro.c: handle string trunctions
-
-2005-04-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ftp/security.c: use strlcat
-	
-	* ftp/domacro.c: use strlcpy
-	
-2005-04-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ftp/security.c: cast size_t to unsigned long
-
-2005-04-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ftpd/ftpd.c (statcmd): cast argument to isdigit to unsigned char
-
-	* ftp/cmds.c (mget): cast char to unsigned char to make sure its
-	not negative when passing it to tolower
-
-2005-04-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ftp/ftp.c: fix 3 'var' might be used uninitialized warnings
-
-2005-04-04 Love H�rnquist �strand  <lha@it.su.se>
-
-	* ftp/cmds.c: MacOS is also a unix that doesn't define
-	__unix__/unix While here, rewrite this part of the function to not
-	modify that string, but rather take a copy of it and them modify
-	is, all this just to pacify gcc
-	
-2005-01-09 Love H�rnquist �strand  <lha@it.su.se>
-
-	* ftp/domacro.c: cast argument to is* to unsigned char
-
-	* ftp/ftp.c: cast argument to tolower to unsigned char
-
-2004-08-20 Love H�rnquist �strand  <lha@it.su.se>
-
-	* ftp/ftp.c: send ABOR protect with security layer if its there
-
-	* ftpd/{ftpd_locl.h, extern.h, ftpcmd.y, ftpd.8, ftpd.c}:
-	Remove all traces of setjmp/longjmp.
-	Handle those command that is needed in oobhandler,
-	those are ABOR, STAT, ENC, CONF, MIC.
-	add options to turn off insecure OOB handling and document the option
-
-	Changes inspired by openbsd and netbsd changes but quite diffrent is
-	most places since the code no longer look and is structured the same
-	way.
-
-2004-08-16  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftp/main.c: reverse help strings for --no-gss-bindings and
-	--no-gss-delegate
-
-2004-06-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ftpd/ftpcmd.y: make cbuf 64k to handle lager tickets From:
-	MAAAAA MOOOR <huaraz@btinternet.com>
-	
-2004-03-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ftpd/ftpd.c (main): setpag if there is krb4 OR krb5 support
-	
-2003-12-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ftp/security.h: add ftp_do_gss_delegate
-	
-	* ftp/main.c (getargs): negative flag for delegating gss creds
-	
-	* ftp/gssapi.c (ftp_do_gss_delegate): delegate creds (default on)
-	
-2003-09-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ftp/ftp.c: s/des_read_pw_string/UI_UTIL_read_pw_string/
-	
-	* ftp/cmds.c: s/des_read_pw_string/UI_UTIL_read_pw_string/
-	
-2003-07-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ftp/security.h: add ftp_do_gss_bindings
-	
-	* ftp/ftp.1: fix mdoc bug
-	
-	* ftp/ftp.1: document --no-gss-bindings
-
-	* ftp/gssapi.c: Optionally support gss bindings, client does it by
-	default, server not.  This is to make it work for clients behind
-	NAT.
-
-	* ftp/main.c (args): add gss-bindings
-	(main): set ftp_do_gss_bindings to 1 to make client use them
-
-	* ftpd/ftpd.c (args): add gss-bindings
-	
-	* ftpd/ftpd.8: document --gss-bindings
-	
-2003-06-13  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftp/gssapi.c (gss_adat): fix name allocation bug
-
-2003-05-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ftpd/gss_userok.c (gss_userok): release delegated cred handle
-	
-	* ftp/gssapi.c (gss_adat): remove poking inside the delegated
-	handle, also fixes problem where to much memory was allocated
-	
-	* ftpd/gss_userok.c (gss_userok): remove poking inside the
-	delegated handle
-
-2003-05-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ftpd/ftpcmd.y: support afslog <cell> and afslog when compiled
-	with krb5
-
-2003-05-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ftp/cmdtab.c: include afslog in both the krb4 and krb5 case
-	
-	* ftp/kauth.c: include afslog in both the krb4 and krb5 case
-	
-	* ftp/Makefile.am: always include auth.c
-	
-2003-05-07  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ftpd/Makefile.am: always include auth.c
-
-	* ftpd/kauth.c: do afslog in the krb5 case too
-	
-2003-04-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ftp/ftp.1: replace > with \*[Gt]
-	
-2003-04-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ftpd/ftpd.c: make sure argument to is* functions are unsigned
-	
-2003-04-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ftpd/ftpd.8: s/kerberos/Kerberos/
-	
-2003-03-23  Assar Westerlund  <assar@kth.se>
-
-	* ftpd/pathnames.h (_PATH_FTPUSERS): conditionalize
-
-2003-03-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ftpd/ftpd.c (krb5_verify): always do krb5_afslog, remove setpag
-	(its done in main)
-
-	* ftpd/gss_userok.c: drop setpag
-	
-	* ftpd/ftpd.c (main): set afs PAG
-
-	* ftpd/gss_userok.c: always try krb5_afslog, and while here do a
-	setpag too
-
-	* ftpd/ftpd_locl.h: always include kafs
-	
-2003-03-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ftp/gssapi.c (gss_adat): now that gss_export_name exports a
-	principal, bandaid with gss_display_name, and check that oid is
-	GSS_KRB5_NT_PRINCIPAL_NAME, also free memory
-	
-2003-02-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ftp/gssapi.c (gss_auth): print out the name we authenticated too
-	
-2003-02-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ftpd/ls.c: use readlink with bufsize - 1, From NetBSD
-
-	* ftp/ftp.1: s/utilizes/uses/ from NetBSD
-	
-	* ftpd/ftpd.8: s/utilize/use/ from NetBSD
-	
-2003-02-10  Assar Westerlund  <assar@kth.se>
-
-	* ftpd/ftpd.c (accept_with_timeout): use socklen_t
-
-2002-10-29  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftp/main.c: reinstate -n flag (from Torbj�rn Granlund)
-
-2002-10-16  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftp/ftp.c: fix parsing of epsv ports (from Love)
-
-2002-09-05  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftp/security.c (sec_vfprintf): free encoded data
-
-	* ftp/gssapi.c (gss_decode): release buffer
-
-	* ftp/ftp.c (active_mode): no need to allocate buffer for EPRT
-
-2002-08-28  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftp/ftp.c (command): clean up va_{start,end}ing (from NetBSD)
-
-2002-08-23  Assar Westerlund  <assar@kth.se>
-
-	* ftp/main.c: start using getarg
-
-2002-08-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ls.c: uxp/v lacks _S_IFMT, but has S_IFMT
-
-2002-08-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftp/gssapi.c: remove unused variable
-
-2002-04-24  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftp/ftp.c: fix buffer overrun when receiving long replies
-
-2002-04-02  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/popen.c: make sure gl_pathc != 0 before referencing
-	gl_pathv
-
-2002-03-15  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftp/gssapi.c (gss_adat): if accept_sec_context fails, syslog a
-	reason and give a temporary error message
-
-2002-02-28  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ftpd.c: if builtin_ls failes, return error
-
-	* ftpd/ls.c (builtin_ls): return status; also don't print fatal
-	error messages to the output stream, instead use syslog
-
-2001-09-14  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ls.c: make sure we don't include . in recursive listings
-
-2001-09-13  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ftpd.c (dataconn): don't wait forever on accept
-
-2001-09-04  Assar Westerlund  <assar@sics.se>
-
-	* ftp/gssapi.c (gss_adat): leak less memory and check return value
-	from asprintf
-
-2001-08-28  Jacques Vidrine <n@nectar.com>
-
-	* ftpd/ftpd.c, ftpd/ftpd.8: On systems with IP_PORTRANGE, have
-	  ftpd use `high-numbered' ports by default.  Add a -U option
-	  to get the old behavior.
-
-2001-08-28  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftp/gssapi.c: try using "host" if there's no "ftp" principal
-
-2001-08-26  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ls.c: implement -R
-
-2001-08-08  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ls.c: make -a and -A do the same as in ls(1)
-
-2001-08-05  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ftpcmd.y: add some (unsigned char) casts to is*
-	* ftp/cmds.c: add some (unsigned char) casts to is*
-	* ftpd/gss_userok.c (gss_userok): make argument to printf type
-	correct
-
-2001-08-05  Assar Westerlund  <assar@sics.se>
-
-	* ftp/cmds.c (setpeer): __NetBSD__ is also a unix-like OS
-
-2001-06-19  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/popen.c, ftpd/ftpd.c: try to handle GLOB_MAXPATH (FreeBSD)
-
-2001-04-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ftpd.c (do_store): call closefunc before claiming that
-	everything went ok, if the close fails the file might not have
-	been stored properly
-
-2001-03-26  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ftpd.c, ftpd/popen.c: always use GLOB_LIMIT
-	* ftpd/popen.c (ftpd_popen): use GLOB_LIMIT if defined
-	* ftpd/ftpd.c (send_file_list): use GLOB_LIMIT if defined
-
-2001-02-15  Assar Westerlund  <assar@sics.se>
-
-	* ftp/cmds.c (setpeer): handle both service names and port numbers
-	for the second optional argument.  also make parsing more robust
-
-2001-02-07  Assar Westerlund  <assar@sics.se>
-
-	* ftp/security.c (sec_end): only clean app_data if there is any
-	(*): do realloc consistently
-
-2001-02-05  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/popen.c (ftpd_popen): avoid overwriting the bounds of argv
-	and gargv
-
-2001-01-30  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/gss_userok.c: use gss_krb5_copy_ccache
-
-2001-01-29  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/Makefile.am: move up LIB_otp so we do not end up picking
- 	one from /usr/athena
-
-2001-01-25  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ls.c: fix bug in previous; make it easier to build test
-	version
-
-2001-01-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ls.c (lstat_file): handle case where file lives in `/'
-
-2001-01-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ftpd.c (pasv): close already open passive port
-
-2000-12-14  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ls.c: reverse time and size sort order (pointed out by
-	tege)
-
-2000-12-11  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ftpd.c: make it possible to set list of good filename
-	characters from command line
-
-2000-12-10  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ftpd.c: some spec-violating mirror software assumes that
-	you can do things like `LIST -CF'; don't pass `--' to ls so this
-	actually works
-
-	* ftpd/ls.c: implement -1CFx flags
-
-2000-12-08  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/gss_userok.c (gss_userok): handle getpwnam failing
-	* ftp/gssapi.c (gss_auth): be more explicit in error message
-
-2000-11-29  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ftpd.8: close list
-
-2000-11-15  Assar Westerlund  <assar@sics.se>
-
-	* ftp/main.c: add `-l' for no line-editing
-	* ftp/globals.c (readline): add
-	* ftp/ftp_var.h (lineedit): add variable indicated if we should
-	use readline
-
-2000-11-09  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftp/security.c (sec_read): fix bug in previous (from Jacques A.
-	Vidrine <n@nectar.com>)
-
-2000-11-05  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ftpcmd.y: only allow pasv if logged in
-
-2000-10-23  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ftpd.c: change bad filename message slightly
-
-	* common/buffer.c: HAVE_ST_BLKSIZE -> HAVE_STRUCT_STAT_ST_BLKSIZE
-
-2000-10-08  Assar Westerlund  <assar@sics.se>
-
-	* ftp/ftp.c (*): check that fds are not too large to select on
-	* ftp/main.c (cmdscanner): print a newline upon EOF
-
-2000-09-19  Assar Westerlund  <assar@sics.se>
-
-	* ftp/security.h: add some attributes to prototypes of sec*
-	* ftp/extern.h (command): add attributes
-
-2000-08-31  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ftpd.c: change redundant password message to something
-	people can understand
-
-2000-07-27  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/gss_userok.c (gss_userok): only do AFS iff KRB4
-	* ftpd/ftpd.c (krb5_verify): only do AFS stuff if KRB4
-
-2000-07-07  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ftpd.c: do not call setproctitle with a variable as the
-	format string
-
-2000-07-01  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ftpd_locl.h: krb5.h before kafs.h
-	* ftpd/ftpd.c (krb5_verify): static-ize
-	* ftpd/ftpd.c (krb5_verify): conditionalize on KRB5
-
-2000-06-21  Assar Westerlund  <assar@sics.se>
-
-	* ftpd: support for authenticating passwords with krb5, by Daniel
-	Kouril <kouril@ics.muni.cz>
-
-2000-06-06  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ftpcmd.y: change unix test to be negative
-	
-2000-05-18  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ftpd.c (args): should use `debug'.  From Onno van der
-	Linden <onno@simplex.nl>.
-
-2000-04-25  Assar Westerlund  <assar@sics.se>
-
-	* ftp/ftp.c (login): re-structure code so that we prompt for
-	password for ftp/anonymous
-
-2000-04-11  Assar Westerlund  <assar@sics.se>
-
-	* ftp/ftp.c (login): initialize tmp before calling fgets
-
-2000-04-02  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ls.c: rename all st_mtime variables to avoid conflict with
-	#define.
-	* ftpd/ftpcmd.y: rename all st_mtime variables to avoid conflict
-	with #define.
-	* ftp/cmds.c: rename all st_mtime variables to avoid conflict with
-	#define.
-
-2000-03-26  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ls.c, ftpd/ftpcmd.y, ftp/cmds.c: make sure to always call
-	time, ctime, and gmtime with `time_t's.  there were some types
-	(like in lastlog) that we believed to always be time_t.  this has
-	proven wrong on Solaris 8 in 64-bit mode, where they are stored as
-	32-bit quantities but time_t has gone up to 64 bits
-
-2000-03-09  Johan Danielsson  <joda@pdc.kth.se>
-
-	* call list_file for broken usages of nlst too
-
-	* ftpd/ftpd.c: call list_file for broken usages of nlst too
-
-2000-02-07  Assar Westerlund  <assar@sics.se>
-
-	* ftp/security.c (sec_read): more paranoia with return value from
-	sec_get_data
-
-2000-01-08  Assar Westerlund  <assar@sics.se>
-
-	* ftp/ftp.c (hookup): handle ai_canonname being set in any of the
-	addresses returnedby getaddrinfo.  glibc apparently returns the
-	reverse lookup of every address in ai_canonname.
-	* ftp/ruserpass.c (guess_domain): dito
-
-1999-12-21  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ftpd.c: don't use sa_len as a parameter, it's defined on
- 	Irix
-
-1999-12-21  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ftpd.c (dataconn): make sure from points to actual data
-
-1999-12-16  Assar Westerlund  <assar@sics.se>
-
-	* ftp/ruserpass.c (guess_domain): handle ai_canonname not being
-	set
-	* ftp/ftp.c (hookup): handle ai_canonname not being set
-
-1999-12-06  Assar Westerlund  <assar@sics.se>
-
-	* ftp/krb4.c (krb4_auth): the nat-IP address might not be realm
-	bounded.
-
-1999-12-05  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ftpd.c (dolog): update prototype
-	* ftpd/ftpd.c (dolog): use getnameinfo_verified
-	* ftpd/ftpd.c: replace inaddr2str by getnameinfo
-
-1999-12-04  Assar Westerlund  <assar@sics.se>
-
-	* ftp/ruserpass.c (guess_domain): re-write to use getaddrinfo
-	* ftp/ftp.c (hookup): re-write to use getaddrinfo
-	
-1999-11-30  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ftpd.c (getdatasock): make sure to keep the port-number of
- 	the outgoing connections.  It has to be `ftp-data' or some people
- 	might get upset.
-
-	* ftpd/ftpd.c (args): set correct variable when `-l' so that
- 	logging actually works
-
-1999-11-29  Assar Westerlund  <assar@sics.se>
-
-	* ftp/security.c (sec_login): check return value from realloc
-	(sec_end): set app_data to NULL
-
-1999-11-25  Assar Westerlund  <assar@sics.se>
-
-	* ftp/krb4.c (krb4_auth): obtain the `local' address when doing
-	NAT.  also turn on passive mode.  From <thn@stacken.kth.se>
-
-1999-11-20  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ls.c (make_fileinfo): cast to allow for non-const
- 	prototypes of readlink
-
-1999-11-12  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ftpd.c (args): use arg_counter for `l'
-	
-1999-11-04  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ls.c (S_ISSOCK, S_ISLNK): fallback definitions for systems
- 	that don't have them (such as ultrix)
-
-1999-10-29  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ls.c (make_fileinfo): cast uid's and gid's to unsigned in
- 	printf, we don't know what types they might be.
-	(lstat_file): conditionalize the kafs part on KRB4
-
-	* ftpd/ftpd_locl.h: <sys/ioccom.h> is needed for kafs.h
-
-1999-10-28  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ls.c (lstat_file): don't set st_mode, it should already be
- 	correct
-
-	* ftpd/ls.c: don't use warnx to print errors
-
-	* ftpd/ls.c (builtin_ls): fix typo, 'd' shouldn't imply 'f'
-
-	* ftpd/ls.c (lstat_file): new function for avoiding stating AFS
- 	mount points.  From Love <lha@s3.kth.se>
-	(list_files): use `lstat_file'
-
-	* ftpd/ftpd.c: some const-poisoning
-
-	* ftpd/ftpd.c (args): add `-B' as an alias for `--builtin-ls' to
- 	allow for stupid inetds that only support two arguments.  From
- 	Love <lha@s3.kth.se>
-
-1999-10-26  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ftpcmd.y (help): it's unnecessary to interpret help strings
- 	as printf commands
-
-	* ftpd/ftpd.c (show_issue): don't interpret contents of
- 	/etc/issue* as printf commands.  From Brian A May
- 	<bmay@dgs.monash.edu.au>
-
-1999-10-21  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/kauth.c (kauth): complain if protection level isn't
-	`private'
-
-	* ftp/krb4.c (krb4_decode): syslog failure reason
-
-	* ftp/kauth.c (kauth): set private level earlier
-
-	* ftp/security.c: get_command_prot; (sec_prot): partially match
-	`command' and `data'
-
-1999-10-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ftpd.c: change `-l' flag to use arg_collect (this makes
-	`-ll' work again)
-
-	* ftpd/ftpd.c (list_file): pass filename to ls
-
-1999-10-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ftpcmd.y: FEAT
-
-1999-10-03  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ls.c: fall-back definitions for constans and casts for
- 	printfs
-
-1999-10-03  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ftpd.c (main): make this use getarg; add `list_file'
-
-	* ftpd/ftpcmd.y (LIST): call list_file
-
-	* ftpd/ls.c: add simple built-in ls
-
-	* ftp/security.c: add `sec_vfprintf2' and `sec_fprintf2' that
-	prints to the data stream
-
-	* ftp/kauth.c (kauth): make sure we're using private protection
-	level
-
-	* ftp/security.c (set_command_prot): set command protection level
-
-	* ftp/security.c: make it possible to set the command protection
-	level with `prot'
-
-1999-09-30  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ftpd_locl.h: add prototype for fclose to make sunos happy
-
-1999-08-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ftpd.c (do_login): show issue-file
-	(send_data): change handling of zero-byte files
-
-1999-08-18  Assar Westerlund  <assar@sics.se>
-
-	* ftp/cmds.c (getit): be more suspicious when parsing the result
- 	of MDTM.  Do the comparison of timestamps correctly.
-
-1999-08-13  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ftpd.c (send_data): avoid calling mmap with `len == 0'.
-  	Some mmap:s rather dislike that (Solaris) and some munmap (Linux)
- 	get grumpy later.
-
-	* ftp/ftp.c (copy_stream): avoid calling mmap with `len == 0'.
-  	Some mmap:s rather dislike that (Solaris) and some munmap (Linux)
- 	get grumpy later.
-
-1999-08-03  Assar Westerlund  <assar@sics.se>
-
-	* ftp/ftp.c (active_mode): hide failure of EPRT by setting verbose
-
-	* ftp/gssapi.c (gss_auth): initialize application_data in bindings
-
-1999-08-02  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ftpcmd.y: save file names when doing commands that might
- 	get aborted (and longjmp:ed out of) to avoid overwriting them also
- 	remove extra closing brace
-
-1999-08-01  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ftpcmd.y: change `site find' to `site locate' (to match
-	what it does, and other implementations) keep find as an alias
-
-1999-07-28  Assar Westerlund  <assar@sics.se>
-
-	* common/socket.c: moved to roken
-
-	* common/socket.c: new file with generic socket functions
-
-	* ftpd/ftpd.c: make it more AF-neutral and v6-capable
-
-	* ftpd/ftpcmd.y: add EPRT and EPSV
-
-	* ftpd/extern.h: update prototypes and variables
-
-	* ftp/krb4.c: update to new types of addresses
-
-	* ftp/gssapi.c: add support for both AF_INET and AF_INET6
- 	addresses
-
-	* ftp/ftp.c: make it more AF-neutral and v6-capable
-
-	* ftp/extern.h (hookup): change prototype
-
-	* common/common.h: add prototypes for functions in socket.c
-
-	* common/Makefile.am (libcommon_a_SOURCES): add socket.c
-
-	* ftp/gssapi.c (gss_auth): check return value from
- 	`gss_import_name' and print error messages if it fails
-
-1999-06-15  Assar Westerlund  <assar@sics.se>
-
-	* ftp/krb4.c (krb4_auth): type correctness
-
-1999-06-02  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftp/ftp.c (sendrequest): lmode != rmode
-	
-1999-05-21  Assar Westerlund  <assar@sics.se>
-
-	* ftp/extern.h (sendrequest): update prototype
-
-	* ftp/cmds.c: update calls to sendrequest and recvrequest to send
- 	"b" when appropriate
-
-	* ftp/ftp.c (sendrequest): add argument for mode to open file in.
-
-1999-05-08  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ftpcmd.y: rename getline -> ftpd_getline
-
-	* ftp/main.c (makeargv): fill in unused slots with NULL
-
-Thu Apr  8 15:06:40 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* ftpd/ftpd.c: remove definition of KRB_VERIFY_USER (moved to
- 	config.h)
-
-Wed Apr  7 16:15:21 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* ftp/gssapi.c (gss_auth): call gss_display_status to get a sane
- 	error message; return AUTH_{CONTINUE,ERROR}, where appropriate
-
-	* ftp/krb4.c: return AUTH_{CONTINUE,ERROR}, where appropriate
-
-	* ftp/security.c (sec_login): if mechanism returns AUTH_CONTINUE,
- 	just continue with the next mechanism, this fixes the case of
- 	having GSSAPI fail because of non-existant of expired tickets
-
-	* ftp/security.h: add AUTH_{OK,CONTINUE,ERROR}
-
-Thu Apr  1 16:59:04 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* ftpd/Makefile.am: don't run check-local
-
-	* ftp/Makefile.am: don't run check-local
-
-Mon Mar 22 22:15:18 1999  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ftpd.c (pass): fall-back for KRB_VERIFY_SECURE
-
-	* ftpd/ftpd.c (pass): 1 -> KRB_VERIFY_SECURE
-
-Thu Mar 18 12:07:09 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* ftpd/Makefile.am: clean ftpcmd.c
-
-	* ftpd/ftpd_locl.h: remove krb5.h (breaks in ftpcmd.y)
-
-	* ftpd/ftpd.c: move include of krb5.h here
-
-	* ftpd/Makefile.am: include Makefile.am.common
-
-	* Makefile.am: include Makefile.am.common
-
-	* ftp/Makefile.am: include Makefile.am.common
-
-	* common/Makefile.am: include Makefile.am.common
-
-Tue Mar 16 22:28:37 1999  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ftpd_locl.h: add krb5.h to get heimdal_version
-
-	* ftpd/ftpd.c: krb_verify_user_multiple -> krb_verify_user
-
-Thu Mar 11 14:54:59 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* ftp/Makefile.in: WFLAGS
-
-	* ftp/ruserpass.c: add some if-braces
-
-Wed Mar 10 20:02:55 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* ftpd/ftpd_locl.h: remove ifdef HAVE_FNMATCH
-
-Mon Mar  8 21:29:24 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* ftpd/ftpd.c: re-add version in greeting message
-
-Mon Mar  1 10:49:38 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* ftpd/logwtmp.c: HAVE_UT_* -> HAVE_STRUCT_UTMP*_UT_*
-
-Mon Feb 22 19:20:51 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* common/Makefile.in: remove glob
-
-Sat Feb 13 17:19:35 1999  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ftpd.c (match): remove #ifdef HAVE_FNMATCH.  We have a
- 	fnmatch implementation in roken and therefore always have it.
-
-	* ftp/ftp.c (copy_stream): initialize `werr'
-
-Wed Jan 13 23:52:57 1999  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ftpcmd.y: moved all check_login and check_login_no_guest to
- 	the end of the rules to ensure we don't generate several
- 	(independent) error messages.  once again, having a yacc-grammar
- 	for FTP with embedded actions doesn't strike me as the most
- 	optimal way of doing it.
-
-Tue Dec  1 14:44:29 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* ftpd/Makefile.am: link with extra libs for aix
-
-Sun Nov 22 10:28:20 1998  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ftpd.c (retrying): support on-the-fly decompression
-
-	* ftpd/Makefile.in (WFLAGS): set
-
-	* ftp/ruserpass.c (guess_domain): new function
-	(ruserpass): use it
-
-	* common/Makefile.in (WFLAGS): set
-
-	* Makefile.in (WFLAGS): set
-
-Sat Nov 21 23:13:03 1998  Assar Westerlund  <assar@sics.se>
-
-	* ftp/security.c: some more type correctness.
-
-	* ftp/gssapi.c (gss_adat): more braces to shut up warnings
-
-Wed Nov 18 21:47:55 1998  Assar Westerlund  <assar@sics.se>
-
-	* ftp/main.c (main): new option `-p' for enable passive mode.
-
-Mon Nov  2 01:57:49 1998  Assar Westerlund  <assar@sics.se>
-
-	* ftp/ftp.c (getreply): remove extra `break'
-
-	* ftp/gssapi.c (gss_auth): fixo typo(copyo?)
-
-	* ftp/security.c (sec_login): fix loop and return value
-
-Tue Sep  1 16:56:42 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* ftp/cmds.c (quote1): fix % quoting bug
-
-Fri Aug 14 17:10:06 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* ftp/krb4.c: krb_put_int -> KRB_PUT_INT
-
-Tue Jun 30 18:07:15 1998  Assar Westerlund  <assar@sics.se>
-
-	* ftp/security.c (auth): free `app_data'
-	(sec_end): only destroy if it was initialized
-
-Tue Jun  9 21:01:59 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* ftp/krb4.c: pass client address to krb_rd_req
-
-Sat May 16 00:02:07 1998  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/Makefile.am: link with DBLIB
-
-Tue May 12 14:15:32 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* ftp/gssapi.c: Save client name for userok().
-
-	* ftpd/gss_userok.c: Userok for gssapi.
-
-Fri May  1 07:15:01 1998  Assar Westerlund  <assar@sics.se>
-
-	* ftp/ftp.c: unifdef -DHAVE_H_ERRNO
-
-Fri Mar 27 00:46:07 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* Make compile w/o krb4.
-
-Thu Mar 26 03:49:12 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* ftp/*, ftpd/*: Changes for new framework.
-
-	* ftp/gssapi.c: GSS-API backend for the new security framework.
-
-	* ftp/krb4.c: Updated for new framework.
-
-	* ftp/security.{c,h}: New unified security framework.
diff --git a/crypto/heimdal/appl/ftp/Makefile.am b/crypto/heimdal/appl/ftp/Makefile.am
deleted file mode 100644
index 44116ee34a8d..000000000000
--- a/crypto/heimdal/appl/ftp/Makefile.am
+++ /dev/null
@@ -1,5 +0,0 @@
-# $Id: Makefile.am 5652 1999-03-20 13:58:20Z joda $
-
-include $(top_srcdir)/Makefile.am.common
-
-SUBDIRS = common ftp ftpd
diff --git a/crypto/heimdal/appl/ftp/Makefile.in b/crypto/heimdal/appl/ftp/Makefile.in
deleted file mode 100644
index 3bb9eda715aa..000000000000
--- a/crypto/heimdal/appl/ftp/Makefile.in
+++ /dev/null
@@ -1,815 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 5652 1999-03-20 13:58:20Z joda $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common ChangeLog
-subdir = appl/ftp
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-SOURCES =
-DIST_SOURCES =
-RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
-	html-recursive info-recursive install-data-recursive \
-	install-dvi-recursive install-exec-recursive \
-	install-html-recursive install-info-recursive \
-	install-pdf-recursive install-ps-recursive install-recursive \
-	installcheck-recursive installdirs-recursive pdf-recursive \
-	ps-recursive uninstall-recursive
-RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive	\
-  distclean-recursive maintainer-clean-recursive
-ETAGS = etags
-CTAGS = ctags
-DIST_SUBDIRS = $(SUBDIRS)
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-SUBDIRS = common ftp ftpd
-all: all-recursive
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps appl/ftp/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps appl/ftp/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-# This directory's subdirectories are mostly independent; you can cd
-# into them and run `make' without going through this Makefile.
-# To change the values of `make' variables: instead of editing Makefiles,
-# (1) if the variable is set in `config.status', edit `config.status'
-#     (which will cause the Makefiles to be regenerated when you run `make');
-# (2) otherwise, pass the desired values on the `make' command line.
-$(RECURSIVE_TARGETS):
-	@failcom='exit 1'; \
-	for f in x $$MAKEFLAGS; do \
-	  case $$f in \
-	    *=* | --[!k]*);; \
-	    *k*) failcom='fail=yes';; \
-	  esac; \
-	done; \
-	dot_seen=no; \
-	target=`echo $@ | sed s/-recursive//`; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    dot_seen=yes; \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	  || eval $$failcom; \
-	done; \
-	if test "$$dot_seen" = "no"; then \
-	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
-	fi; test -z "$$fail"
-
-$(RECURSIVE_CLEAN_TARGETS):
-	@failcom='exit 1'; \
-	for f in x $$MAKEFLAGS; do \
-	  case $$f in \
-	    *=* | --[!k]*);; \
-	    *k*) failcom='fail=yes';; \
-	  esac; \
-	done; \
-	dot_seen=no; \
-	case "$@" in \
-	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
-	  *) list='$(SUBDIRS)' ;; \
-	esac; \
-	rev=''; for subdir in $$list; do \
-	  if test "$$subdir" = "."; then :; else \
-	    rev="$$subdir $$rev"; \
-	  fi; \
-	done; \
-	rev="$$rev ."; \
-	target=`echo $@ | sed s/-recursive//`; \
-	for subdir in $$rev; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	  || eval $$failcom; \
-	done && test -z "$$fail"
-tags-recursive:
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
-	done
-ctags-recursive:
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
-	  include_option=--etags-include; \
-	  empty_fix=.; \
-	else \
-	  include_option=--include; \
-	  empty_fix=; \
-	fi; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test ! -f $$subdir/TAGS || \
-	      tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \
-	  fi; \
-	done; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS: ctags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test -d "$(distdir)/$$subdir" \
-	    || $(MKDIR_P) "$(distdir)/$$subdir" \
-	    || exit 1; \
-	    distdir=`$(am__cd) $(distdir) && pwd`; \
-	    top_distdir=`$(am__cd) $(top_distdir) && pwd`; \
-	    (cd $$subdir && \
-	      $(MAKE) $(AM_MAKEFLAGS) \
-	        top_distdir="$$top_distdir" \
-	        distdir="$$distdir/$$subdir" \
-		am__remove_distdir=: \
-		am__skip_length_check=: \
-	        distdir) \
-	      || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-recursive
-all-am: Makefile all-local
-installdirs: installdirs-recursive
-installdirs-am:
-install: install-recursive
-install-exec: install-exec-recursive
-install-data: install-data-recursive
-uninstall: uninstall-recursive
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-recursive
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-recursive
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-recursive
-	-rm -f Makefile
-distclean-am: clean-am distclean-generic distclean-tags
-
-dvi: dvi-recursive
-
-dvi-am:
-
-html: html-recursive
-
-info: info-recursive
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-recursive
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-recursive
-
-install-info: install-info-recursive
-
-install-man:
-
-install-pdf: install-pdf-recursive
-
-install-ps: install-ps-recursive
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-recursive
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-recursive
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-pdf: pdf-recursive
-
-pdf-am:
-
-ps: ps-recursive
-
-ps-am:
-
-uninstall-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \
-	install-data-am install-exec-am install-strip uninstall-am
-
-.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
-	all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool ctags ctags-recursive dist-hook \
-	distclean distclean-generic distclean-libtool distclean-tags \
-	distdir dvi dvi-am html html-am info info-am install \
-	install-am install-data install-data-am install-data-hook \
-	install-dvi install-dvi-am install-exec install-exec-am \
-	install-exec-hook install-html install-html-am install-info \
-	install-info-am install-man install-pdf install-pdf-am \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs installdirs-am maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-generic \
-	mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \
-	uninstall uninstall-am uninstall-hook
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/ftp/common/Makefile.am b/crypto/heimdal/appl/ftp/common/Makefile.am
deleted file mode 100644
index 304fcd15683b..000000000000
--- a/crypto/heimdal/appl/ftp/common/Makefile.am
+++ /dev/null
@@ -1,12 +0,0 @@
-# $Id: Makefile.am 14164 2004-08-26 11:55:29Z joda $
-
-include $(top_srcdir)/Makefile.am.common
-
-AM_CPPFLAGS += $(INCLUDE_krb4) 
-
-noinst_LIBRARIES = libcommon.a
-
-libcommon_a_SOURCES = \
-	sockbuf.c \
-	buffer.c \
-	common.h
diff --git a/crypto/heimdal/appl/ftp/common/Makefile.in b/crypto/heimdal/appl/ftp/common/Makefile.in
deleted file mode 100644
index 1c5338a7b8ce..000000000000
--- a/crypto/heimdal/appl/ftp/common/Makefile.in
+++ /dev/null
@@ -1,751 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 14164 2004-08-26 11:55:29Z joda $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common
-subdir = appl/ftp/common
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-LIBRARIES = $(noinst_LIBRARIES)
-ARFLAGS = cru
-libcommon_a_AR = $(AR) $(ARFLAGS)
-libcommon_a_LIBADD =
-am_libcommon_a_OBJECTS = sockbuf.$(OBJEXT) buffer.$(OBJEXT)
-libcommon_a_OBJECTS = $(am_libcommon_a_OBJECTS)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-SOURCES = $(libcommon_a_SOURCES)
-DIST_SOURCES = $(libcommon_a_SOURCES)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
-	$(INCLUDE_krb4)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-noinst_LIBRARIES = libcommon.a
-libcommon_a_SOURCES = \
-	sockbuf.c \
-	buffer.c \
-	common.h
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps appl/ftp/common/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps appl/ftp/common/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-clean-noinstLIBRARIES:
-	-test -z "$(noinst_LIBRARIES)" || rm -f $(noinst_LIBRARIES)
-libcommon.a: $(libcommon_a_OBJECTS) $(libcommon_a_DEPENDENCIES) 
-	-rm -f libcommon.a
-	$(libcommon_a_AR) libcommon.a $(libcommon_a_OBJECTS) $(libcommon_a_LIBADD)
-	$(RANLIB) libcommon.a
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(LIBRARIES) all-local
-installdirs:
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool clean-noinstLIBRARIES \
-	mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
-	clean clean-generic clean-libtool clean-noinstLIBRARIES ctags \
-	dist-hook distclean distclean-compile distclean-generic \
-	distclean-libtool distclean-tags distdir dvi dvi-am html \
-	html-am info info-am install install-am install-data \
-	install-data-am install-data-hook install-dvi install-dvi-am \
-	install-exec install-exec-am install-exec-hook install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-ps install-ps-am \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
-	pdf pdf-am ps ps-am tags uninstall uninstall-am uninstall-hook
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/ftp/common/buffer.c b/crypto/heimdal/appl/ftp/common/buffer.c
deleted file mode 100644
index 3bca113663ec..000000000000
--- a/crypto/heimdal/appl/ftp/common/buffer.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright (c) 1995-2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "common.h"
-#include <stdio.h>
-#include <err.h>
-#include "roken.h"
-
-RCSID("$Id: buffer.c 9129 2000-10-23 04:49:25Z joda $");
-
-/*
- * Allocate a buffer enough to handle st->st_blksize, if
- * there is such a field, otherwise BUFSIZ.
- */
-
-void *
-alloc_buffer (void *oldbuf, size_t *sz, struct stat *st)
-{
-    size_t new_sz;
-
-    new_sz = BUFSIZ;
-#ifdef HAVE_STRUCT_STAT_ST_BLKSIZE
-    if (st)
-	new_sz = max(BUFSIZ, st->st_blksize);
-#endif
-    if(new_sz > *sz) {
-	if (oldbuf)
-	    free (oldbuf);
-	oldbuf = malloc (new_sz);
-	if (oldbuf == NULL) {
-	    warn ("malloc");
-	    *sz = 0;
-	    return NULL;
-	}
-	*sz = new_sz;
-    }
-    return oldbuf;
-}
-
diff --git a/crypto/heimdal/appl/ftp/common/common.h b/crypto/heimdal/appl/ftp/common/common.h
deleted file mode 100644
index 76168596dce4..000000000000
--- a/crypto/heimdal/appl/ftp/common/common.h
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: common.h 7463 1999-12-02 16:58:55Z joda $ */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#ifndef __COMMON_H__
-#define __COMMON_H__
-
-#include "base64.h"
-
-void set_buffer_size(int, int);
-
-#include <stdlib.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-#include <sys/stat.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-
-void *alloc_buffer (void *oldbuf, size_t *sz, struct stat *st);
-
-#endif /* __COMMON_H__ */
diff --git a/crypto/heimdal/appl/ftp/common/sockbuf.c b/crypto/heimdal/appl/ftp/common/sockbuf.c
deleted file mode 100644
index bb9068afc0b7..000000000000
--- a/crypto/heimdal/appl/ftp/common/sockbuf.c
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "common.h"
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-
-RCSID("$Id: sockbuf.c 7463 1999-12-02 16:58:55Z joda $");
-
-void
-set_buffer_size(int fd, int read)
-{
-#if defined(SO_RCVBUF) && defined(SO_SNDBUF) && defined(HAVE_SETSOCKOPT)
-    size_t size = 4194304;
-    while(size >= 131072 && 
-	  setsockopt(fd, SOL_SOCKET, read ? SO_RCVBUF : SO_SNDBUF, 
-		     (void *)&size, sizeof(size)) < 0)
-	size /= 2;
-#endif
-}
-
-
diff --git a/crypto/heimdal/appl/ftp/ftp/Makefile.am b/crypto/heimdal/appl/ftp/ftp/Makefile.am
deleted file mode 100644
index 24679dc5599f..000000000000
--- a/crypto/heimdal/appl/ftp/ftp/Makefile.am
+++ /dev/null
@@ -1,49 +0,0 @@
-# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-AM_CPPFLAGS += -I$(srcdir)/../common $(INCLUDE_readline) $(INCLUDE_krb4) $(INCLUDE_hcrypto)
-
-bin_PROGRAMS = ftp
-
-CHECK_LOCAL = 
-
-if KRB4
-krb4_sources = krb4.c
-endif
-if KRB5
-krb5_sources = gssapi.c
-endif
-
-ftp_SOURCES = \
-	cmds.c \
-	cmdtab.c \
-	extern.h \
-	ftp.c \
-	ftp_locl.h \
-	ftp_var.h \
-	main.c \
-	pathnames.h \
-	ruserpass.c \
-	domacro.c \
-	globals.c \
-	security.c \
-	security.h \
-	kauth.c \
-	$(krb4_sources) \
-	$(krb5_sources)
-
-EXTRA_ftp_SOURCES = krb4.c gssapi.c
-
-man_MANS = ftp.1
-
-LDADD = \
-	../common/libcommon.a \
-	$(LIB_gssapi) \
-	$(LIB_krb5) \
-	$(LIB_krb4) \
-	$(LIB_hcrypto) \
-	$(LIB_roken) \
-	$(LIB_readline)
-
-EXTRA_DIST = $(man_MANS)
diff --git a/crypto/heimdal/appl/ftp/ftp/Makefile.in b/crypto/heimdal/appl/ftp/ftp/Makefile.in
deleted file mode 100644
index 431d087fec78..000000000000
--- a/crypto/heimdal/appl/ftp/ftp/Makefile.in
+++ /dev/null
@@ -1,869 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common
-bin_PROGRAMS = ftp$(EXEEXT)
-subdir = appl/ftp/ftp
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)"
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-PROGRAMS = $(bin_PROGRAMS)
-am__ftp_SOURCES_DIST = cmds.c cmdtab.c extern.h ftp.c ftp_locl.h \
-	ftp_var.h main.c pathnames.h ruserpass.c domacro.c globals.c \
-	security.c security.h kauth.c krb4.c gssapi.c
-@KRB4_TRUE@am__objects_1 = krb4.$(OBJEXT)
-@KRB5_TRUE@am__objects_2 = gssapi.$(OBJEXT)
-am_ftp_OBJECTS = cmds.$(OBJEXT) cmdtab.$(OBJEXT) ftp.$(OBJEXT) \
-	main.$(OBJEXT) ruserpass.$(OBJEXT) domacro.$(OBJEXT) \
-	globals.$(OBJEXT) security.$(OBJEXT) kauth.$(OBJEXT) \
-	$(am__objects_1) $(am__objects_2)
-ftp_OBJECTS = $(am_ftp_OBJECTS)
-ftp_LDADD = $(LDADD)
-am__DEPENDENCIES_1 =
-ftp_DEPENDENCIES = ../common/libcommon.a $(LIB_gssapi) $(LIB_krb5) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-SOURCES = $(ftp_SOURCES) $(EXTRA_ftp_SOURCES)
-DIST_SOURCES = $(am__ftp_SOURCES_DIST) $(EXTRA_ftp_SOURCES)
-man1dir = $(mandir)/man1
-MANS = $(man_MANS)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
-	-I$(srcdir)/../common $(INCLUDE_readline) $(INCLUDE_krb4) \
-	$(INCLUDE_hcrypto)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-CHECK_LOCAL = 
-@KRB4_TRUE@krb4_sources = krb4.c
-@KRB5_TRUE@krb5_sources = gssapi.c
-ftp_SOURCES = \
-	cmds.c \
-	cmdtab.c \
-	extern.h \
-	ftp.c \
-	ftp_locl.h \
-	ftp_var.h \
-	main.c \
-	pathnames.h \
-	ruserpass.c \
-	domacro.c \
-	globals.c \
-	security.c \
-	security.h \
-	kauth.c \
-	$(krb4_sources) \
-	$(krb5_sources)
-
-EXTRA_ftp_SOURCES = krb4.c gssapi.c
-man_MANS = ftp.1
-LDADD = \
-	../common/libcommon.a \
-	$(LIB_gssapi) \
-	$(LIB_krb5) \
-	$(LIB_krb4) \
-	$(LIB_hcrypto) \
-	$(LIB_roken) \
-	$(LIB_readline)
-
-EXTRA_DIST = $(man_MANS)
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps appl/ftp/ftp/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps appl/ftp/ftp/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(bindir)/$$f"; \
-	done
-
-clean-binPROGRAMS:
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-ftp$(EXEEXT): $(ftp_OBJECTS) $(ftp_DEPENDENCIES) 
-	@rm -f ftp$(EXEEXT)
-	$(LINK) $(ftp_OBJECTS) $(ftp_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-man1: $(man1_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)"
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    1*) ;; \
-	    *) ext='1' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \
-	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \
-	done
-uninstall-man1:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    1*) ;; \
-	    *) ext='1' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \
-	  rm -f "$(DESTDIR)$(man1dir)/$$inst"; \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-installdirs:
-	for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am: install-binPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man: install-man1
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-binPROGRAMS uninstall-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-uninstall-man: uninstall-man1
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
-	clean clean-binPROGRAMS clean-generic clean-libtool ctags \
-	dist-hook distclean distclean-compile distclean-generic \
-	distclean-libtool distclean-tags distdir dvi dvi-am html \
-	html-am info info-am install install-am install-binPROGRAMS \
-	install-data install-data-am install-data-hook install-dvi \
-	install-dvi-am install-exec install-exec-am install-exec-hook \
-	install-html install-html-am install-info install-info-am \
-	install-man install-man1 install-pdf install-pdf-am install-ps \
-	install-ps-am install-strip installcheck installcheck-am \
-	installdirs maintainer-clean maintainer-clean-generic \
-	mostlyclean mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \
-	uninstall-am uninstall-binPROGRAMS uninstall-hook \
-	uninstall-man uninstall-man1
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/ftp/ftp/cmds.c b/crypto/heimdal/appl/ftp/ftp/cmds.c
deleted file mode 100644
index 86f4ff45a66b..000000000000
--- a/crypto/heimdal/appl/ftp/ftp/cmds.c
+++ /dev/null
@@ -1,2143 +0,0 @@
-/*
- * Copyright (c) 1985, 1989, 1993, 1994
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/*
- * FTP User Program -- Command Routines.
- */
-
-#include "ftp_locl.h"
-RCSID("$Id: cmds.c 15673 2005-07-19 18:19:33Z lha $");
-
-typedef void (*sighand)(int);
-
-jmp_buf	jabort;
-char   *mname;
-char   *home = "/";
-
-/*
- * `Another' gets another argument, and stores the new argc and argv.
- * It reverts to the top level (via main.c's intr()) on EOF/error.
- *
- * Returns false if no new arguments have been added.
- */
-int
-another(int *pargc, char ***pargv, char *prompt)
-{
-	int len = strlen(line), ret;
-
-	if (len >= sizeof(line) - 3) {
-		printf("sorry, arguments too long\n");
-		intr(0);
-	}
-	printf("(%s) ", prompt);
-	line[len++] = ' ';
-	if (fgets(&line[len], sizeof(line) - len, stdin) == NULL)
-		intr(0);
-	len += strlen(&line[len]);
-	if (len > 0 && line[len - 1] == '\n')
-		line[len - 1] = '\0';
-	makeargv();
-	ret = margc > *pargc;
-	*pargc = margc;
-	*pargv = margv;
-	return (ret);
-}
-
-/*
- * Connect to peer server and
- * auto-login, if possible.
- */
-void
-setpeer(int argc, char **argv)
-{
-	char *host;
-	u_short port;
-	struct servent *sp;
-
-	if (connected) {
-		printf("Already connected to %s, use close first.\n",
-			hostname);
-		code = -1;
-		return;
-	}
-	if (argc < 2)
-		another(&argc, &argv, "to");
-	if (argc < 2 || argc > 3) {
-		printf("usage: %s host-name [port]\n", argv[0]);
-		code = -1;
-		return;
-	}
-	sp = getservbyname("ftp", "tcp");
-	if (sp == NULL)
-		errx(1, "You bastard. You removed ftp/tcp from services");
-	port = sp->s_port;
-	if (argc > 2) {
-		sp = getservbyname(argv[2], "tcp");
-		if (sp != NULL) {
-			port = sp->s_port;
-		} else {
-			char *ep;
-
-			port = strtol(argv[2], &ep, 0);
-			if (argv[2] == ep) {
-				printf("%s: bad port number-- %s\n",
-				       argv[1], argv[2]);
-				printf ("usage: %s host-name [port]\n",
-					argv[0]);
-				code = -1;
-				return;
-			}
-			port = htons(port);
-		}
-	}
-	host = hookup(argv[1], port);
-	if (host) {
-		int overbose;
-
-		connected = 1;
-		/*
-		 * Set up defaults for FTP.
-		 */
-		strlcpy(typename, "ascii", sizeof(typename));
-		type = TYPE_A;
-		curtype = TYPE_A;
-		strlcpy(formname, "non-print", sizeof(formname));
-		form = FORM_N;
-		strlcpy(modename, "stream", sizeof(modename));
-		mode = MODE_S;
-		strlcpy(structname, "file", sizeof(structname));
-		stru = STRU_F;
-		strlcpy(bytename, "8", sizeof(bytename));
-		bytesize = 8;
-		if (autologin)
-			login(argv[1]);
-
-#if (defined(unix) || defined(__unix__) || defined(__unix) || defined(_AIX) || defined(_CRAY) || defined(__NetBSD__) || defined(__APPLE__)) && NBBY == 8
-/*
- * this ifdef is to keep someone form "porting" this to an incompatible
- * system and not checking this out. This way they have to think about it.
- */
-		overbose = verbose;
-		if (debug == 0)
-			verbose = -1;
-		if (command("SYST") == COMPLETE && overbose && strlen(reply_string) > 4) {
-			char *cp, *p;
-
-			cp = strdup(reply_string + 4);
-			if (cp == NULL)
-			    errx(1, "strdup: out of memory");
-			p = strchr(cp, ' ');
-			if (p == NULL)
-				p = strchr(cp, '\r');
-			if (p) {
-				if (p[-1] == '.')
-					p--;
-				*p = '\0';
-			}
-
-			printf("Remote system type is %s.\n", cp);
-			free(cp);
-		}
-		if (!strncmp(reply_string, "215 UNIX Type: L8", 17)) {
-			if (proxy)
-				unix_proxy = 1;
-			else
-				unix_server = 1;
-			/*
-			 * Set type to 0 (not specified by user),
-			 * meaning binary by default, but don't bother
-			 * telling server.  We can use binary
-			 * for text files unless changed by the user.
-			 */
-			type = 0;
-			strlcpy(typename, "binary", sizeof(typename));
-			if (overbose)
-			    printf("Using %s mode to transfer files.\n",
-				typename);
-		} else {
-			if (proxy)
-				unix_proxy = 0;
-			else
-				unix_server = 0;
-			if (overbose && 
-			    !strncmp(reply_string, "215 TOPS20", 10))
-				printf(
-"Remember to set tenex mode when transfering binary files from this machine.\n");
-		}
-		verbose = overbose;
-#endif /* unix */
-	}
-}
-
-struct	types {
-	char	*t_name;
-	char	*t_mode;
-	int	t_type;
-	char	*t_arg;
-} types[] = {
-	{ "ascii",	"A",	TYPE_A,	0 },
-	{ "binary",	"I",	TYPE_I,	0 },
-	{ "image",	"I",	TYPE_I,	0 },
-	{ "ebcdic",	"E",	TYPE_E,	0 },
-	{ "tenex",	"L",	TYPE_L,	bytename },
-	{ NULL }
-};
-
-/*
- * Set transfer type.
- */
-void
-settype(int argc, char **argv)
-{
-	struct types *p;
-	int comret;
-
-	if (argc > 2) {
-		char *sep;
-
-		printf("usage: %s [", argv[0]);
-		sep = " ";
-		for (p = types; p->t_name; p++) {
-			printf("%s%s", sep, p->t_name);
-			sep = " | ";
-		}
-		printf(" ]\n");
-		code = -1;
-		return;
-	}
-	if (argc < 2) {
-		printf("Using %s mode to transfer files.\n", typename);
-		code = 0;
-		return;
-	}
-	for (p = types; p->t_name; p++)
-		if (strcmp(argv[1], p->t_name) == 0)
-			break;
-	if (p->t_name == 0) {
-		printf("%s: unknown mode\n", argv[1]);
-		code = -1;
-		return;
-	}
-	if ((p->t_arg != NULL) && (*(p->t_arg) != '\0'))
-		comret = command ("TYPE %s %s", p->t_mode, p->t_arg);
-	else
-		comret = command("TYPE %s", p->t_mode);
-	if (comret == COMPLETE) {
-		strlcpy(typename, p->t_name, sizeof(typename));
-		curtype = type = p->t_type;
-	}
-}
-
-/*
- * Internal form of settype; changes current type in use with server
- * without changing our notion of the type for data transfers.
- * Used to change to and from ascii for listings.
- */
-void
-changetype(int newtype, int show)
-{
-	struct types *p;
-	int comret, oldverbose = verbose;
-
-	if (newtype == 0)
-		newtype = TYPE_I;
-	if (newtype == curtype)
-		return;
-	if (debug == 0 && show == 0)
-		verbose = 0;
-	for (p = types; p->t_name; p++)
-		if (newtype == p->t_type)
-			break;
-	if (p->t_name == 0) {
-		printf("ftp: internal error: unknown type %d\n", newtype);
-		return;
-	}
-	if (newtype == TYPE_L && bytename[0] != '\0')
-		comret = command("TYPE %s %s", p->t_mode, bytename);
-	else
-		comret = command("TYPE %s", p->t_mode);
-	if (comret == COMPLETE)
-		curtype = newtype;
-	verbose = oldverbose;
-}
-
-char *stype[] = {
-	"type",
-	"",
-	0
-};
-
-/*
- * Set binary transfer type.
- */
-/*VARARGS*/
-void
-setbinary(int argc, char **argv)
-{
-
-	stype[1] = "binary";
-	settype(2, stype);
-}
-
-/*
- * Set ascii transfer type.
- */
-/*VARARGS*/
-void
-setascii(int argc, char **argv)
-{
-
-	stype[1] = "ascii";
-	settype(2, stype);
-}
-
-/*
- * Set tenex transfer type.
- */
-/*VARARGS*/
-void
-settenex(int argc, char **argv)
-{
-
-	stype[1] = "tenex";
-	settype(2, stype);
-}
-
-/*
- * Set file transfer mode.
- */
-/*ARGSUSED*/
-void
-setftmode(int argc, char **argv)
-{
-
-	printf("We only support %s mode, sorry.\n", modename);
-	code = -1;
-}
-
-/*
- * Set file transfer format.
- */
-/*ARGSUSED*/
-void
-setform(int argc, char **argv)
-{
-
-	printf("We only support %s format, sorry.\n", formname);
-	code = -1;
-}
-
-/*
- * Set file transfer structure.
- */
-/*ARGSUSED*/
-void
-setstruct(int argc, char **argv)
-{
-
-	printf("We only support %s structure, sorry.\n", structname);
-	code = -1;
-}
-
-/*
- * Send a single file.
- */
-void
-put(int argc, char **argv)
-{
-	char *cmd;
-	int loc = 0;
-	char *oldargv1, *oldargv2;
-
-	if (argc == 2) {
-		argc++;
-		argv[2] = argv[1];
-		loc++;
-	}
-	if (argc < 2 && !another(&argc, &argv, "local-file"))
-		goto usage;
-	if (argc < 3 && !another(&argc, &argv, "remote-file")) {
-usage:
-		printf("usage: %s local-file remote-file\n", argv[0]);
-		code = -1;
-		return;
-	}
-	oldargv1 = argv[1];
-	oldargv2 = argv[2];
-	if (!globulize(&argv[1])) {
-		code = -1;
-		return;
-	}
-	/*
-	 * If "globulize" modifies argv[1], and argv[2] is a copy of
-	 * the old argv[1], make it a copy of the new argv[1].
-	 */
-	if (argv[1] != oldargv1 && argv[2] == oldargv1) {
-		argv[2] = argv[1];
-	}
-	cmd = (argv[0][0] == 'a') ? "APPE" : ((sunique) ? "STOU" : "STOR");
-	if (loc && ntflag) {
-		argv[2] = dotrans(argv[2]);
-	}
-	if (loc && mapflag) {
-		argv[2] = domap(argv[2]);
-	}
-	sendrequest(cmd, argv[1], argv[2],
-		    curtype == TYPE_I ? "rb" : "r",
-		    argv[1] != oldargv1 || argv[2] != oldargv2);
-}
-
-/* ARGSUSED */
-static RETSIGTYPE
-mabort(int signo)
-{
-	int ointer;
-
-	printf("\n");
-	fflush(stdout);
-	if (mflag && fromatty) {
-		ointer = interactive;
-		interactive = 1;
-		if (confirm("Continue with", mname)) {
-			interactive = ointer;
-			longjmp(jabort,0);
-		}
-		interactive = ointer;
-	}
-	mflag = 0;
-	longjmp(jabort,0);
-}
-
-/*
- * Send multiple files.
- */
-void
-mput(int argc, char **argv)
-{
-    int i;
-    RETSIGTYPE (*oldintr)(int);
-    int ointer;
-    char *tp;
-
-    if (argc < 2 && !another(&argc, &argv, "local-files")) {
-	printf("usage: %s local-files\n", argv[0]);
-	code = -1;
-	return;
-    }
-    mname = argv[0];
-    mflag = 1;
-    oldintr = signal(SIGINT, mabort);
-    setjmp(jabort);
-    if (proxy) {
-	char *cp, *tp2, tmpbuf[MaxPathLen];
-
-	while ((cp = remglob(argv,0)) != NULL) {
-	    if (*cp == 0) {
-		mflag = 0;
-		continue;
-	    }
-	    if (mflag && confirm(argv[0], cp)) {
-		tp = cp;
-		if (mcase) {
-		    while (*tp && !islower((unsigned char)*tp)) {
-			tp++;
-		    }
-		    if (!*tp) {
-			tp = cp;
-			tp2 = tmpbuf;
-			while ((*tp2 = *tp) != '\0') {
-			    if (isupper((unsigned char)*tp2)) {
-				*tp2 = 'a' + *tp2 - 'A';
-			    }
-			    tp++;
-			    tp2++;
-			}
-		    }
-		    tp = tmpbuf;
-		}
-		if (ntflag) {
-		    tp = dotrans(tp);
-		}
-		if (mapflag) {
-		    tp = domap(tp);
-		}
-		sendrequest((sunique) ? "STOU" : "STOR",
-			    cp, tp,
-			    curtype == TYPE_I ? "rb" : "r",
-			    cp != tp || !interactive);
-		if (!mflag && fromatty) {
-		    ointer = interactive;
-		    interactive = 1;
-		    if (confirm("Continue with","mput")) {
-			mflag++;
-		    }
-		    interactive = ointer;
-		}
-	    }
-	}
-	signal(SIGINT, oldintr);
-	mflag = 0;
-	return;
-    }
-    for (i = 1; i < argc; i++) {
-	char **cpp;
-	glob_t gl;
-	int flags;
-
-	if (!doglob) {
-	    if (mflag && confirm(argv[0], argv[i])) {
-		tp = (ntflag) ? dotrans(argv[i]) : argv[i];
-		tp = (mapflag) ? domap(tp) : tp;
-		sendrequest((sunique) ? "STOU" : "STOR",
-			    argv[i],
-			    curtype == TYPE_I ? "rb" : "r",
-			    tp, tp != argv[i] || !interactive);
-		if (!mflag && fromatty) {
-		    ointer = interactive;
-		    interactive = 1;
-		    if (confirm("Continue with","mput")) {
-			mflag++;
-		    }
-		    interactive = ointer;
-		}
-	    }
-	    continue;
-	}
-
-	memset(&gl, 0, sizeof(gl));
-	flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
-	if (glob(argv[i], flags, NULL, &gl) || gl.gl_pathc == 0) {
-	    warnx("%s: not found", argv[i]);
-	    globfree(&gl);
-	    continue;
-	}
-	for (cpp = gl.gl_pathv; cpp && *cpp != NULL; cpp++) {
-	    if (mflag && confirm(argv[0], *cpp)) {
-		tp = (ntflag) ? dotrans(*cpp) : *cpp;
-		tp = (mapflag) ? domap(tp) : tp;
-		sendrequest((sunique) ? "STOU" : "STOR",
-			    *cpp, tp,
-			    curtype == TYPE_I ? "rb" : "r",
-			    *cpp != tp || !interactive);
-		if (!mflag && fromatty) {
-		    ointer = interactive;
-		    interactive = 1;
-		    if (confirm("Continue with","mput")) {
-			mflag++;
-		    }
-		    interactive = ointer;
-		}
-	    }
-	}
-	globfree(&gl);
-    }
-    signal(SIGINT, oldintr);
-    mflag = 0;
-}
-
-void
-reget(int argc, char **argv)
-{
-    getit(argc, argv, 1, curtype == TYPE_I ? "r+wb" : "r+w");
-}
-
-void
-get(int argc, char **argv)
-{
-    char *filemode;
-
-    if (restart_point) {
-	if (curtype == TYPE_I)
-	    filemode = "r+wb";
-	else
-	    filemode = "r+w";
-    } else {
-	if (curtype == TYPE_I)
-	    filemode = "wb";
-	else
-	    filemode = "w";
-    }
-
-    getit(argc, argv, 0, filemode);
-}
-
-/*
- * Receive one file.
- */
-int
-getit(int argc, char **argv, int restartit, char *filemode)
-{
-	int loc = 0;
-	int local_given = 1;
-	char *oldargv1, *oldargv2;
-
-	if (argc == 2) {
-		argc++;
-		local_given = 0;
-		argv[2] = argv[1];
-		loc++;
-	}
-	if ((argc < 2 && !another(&argc, &argv, "remote-file")) ||
-	    (argc < 3 && !another(&argc, &argv, "local-file"))) {
-		printf("usage: %s remote-file [ local-file ]\n", argv[0]);
-		code = -1;
-		return (0);
-	}
-	oldargv1 = argv[1];
-	oldargv2 = argv[2];
-	if (!globulize(&argv[2])) {
-		code = -1;
-		return (0);
-	}
-	if (loc && mcase) {
-		char *tp = argv[1], *tp2, tmpbuf[MaxPathLen];
-
-		while (*tp && !islower((unsigned char)*tp)) {
-			tp++;
-		}
-		if (!*tp) {
-			tp = argv[2];
-			tp2 = tmpbuf;
-			while ((*tp2 = *tp) != '\0') {
-				if (isupper((unsigned char)*tp2)) {
-					*tp2 = 'a' + *tp2 - 'A';
-				}
-				tp++;
-				tp2++;
-			}
-			argv[2] = tmpbuf;
-		}
-	}
-	if (loc && ntflag)
-		argv[2] = dotrans(argv[2]);
-	if (loc && mapflag)
-		argv[2] = domap(argv[2]);
-	if (restartit) {
-		struct stat stbuf;
-		int ret;
-
-		ret = stat(argv[2], &stbuf);
-		if (restartit == 1) {
-			if (ret < 0) {
-				warn("local: %s", argv[2]);
-				return (0);
-			}
-			restart_point = stbuf.st_size;
-		} else if (ret == 0) {
-			int overbose;
-			int cmdret;
-			int yy, mo, day, hour, min, sec;
-			struct tm *tm;
-			time_t mtime = stbuf.st_mtime;
-
-			overbose = verbose;
-			if (debug == 0)
-				verbose = -1;
-			cmdret = command("MDTM %s", argv[1]);
-			verbose = overbose;
-			if (cmdret != COMPLETE) {
-				printf("%s\n", reply_string);
-				return (0);
-			}
-			if (sscanf(reply_string,
-				   "%*s %04d%02d%02d%02d%02d%02d",
-				   &yy, &mo, &day, &hour, &min, &sec)
-			    != 6) {
-				printf ("bad MDTM result\n");
-				return (0);
-			}
-
-			tm = gmtime(&mtime);
-			tm->tm_mon++;
-			tm->tm_year += 1900;
-
-			if ((tm->tm_year > yy) ||
-			    (tm->tm_year == yy && 
-			     tm->tm_mon > mo) ||
-			    (tm->tm_mon == mo && 
-			     tm->tm_mday > day) ||
-			    (tm->tm_mday == day && 
-			     tm->tm_hour > hour) ||
-			    (tm->tm_hour == hour && 
-			     tm->tm_min > min) ||
-			    (tm->tm_min == min && 
-			     tm->tm_sec > sec))
-				return (1);
-		}
-	}
-
-	recvrequest("RETR", argv[2], argv[1], filemode,
-		    argv[1] != oldargv1 || argv[2] != oldargv2, local_given);
-	restart_point = 0;
-	return (0);
-}
-
-static int
-suspicious_filename(const char *fn)
-{
-    return strstr(fn, "../") != NULL || *fn == '/';
-}
-
-/*
- * Get multiple files.
- */
-void
-mget(int argc, char **argv)
-{
-	sighand oldintr;
-	int ch, ointer;
-	char *cp, *tp, *tp2, tmpbuf[MaxPathLen];
-
-	if (argc < 2 && !another(&argc, &argv, "remote-files")) {
-		printf("usage: %s remote-files\n", argv[0]);
-		code = -1;
-		return;
-	}
-	mname = argv[0];
-	mflag = 1;
-	oldintr = signal(SIGINT, mabort);
-	setjmp(jabort);
-	while ((cp = remglob(argv,proxy)) != NULL) {
-		if (*cp == '\0') {
-			mflag = 0;
-			continue;
-		}
-		if (mflag && suspicious_filename(cp))
-		    printf("*** Suspicious filename: %s\n", cp);
-		if (mflag && confirm(argv[0], cp)) {
-			tp = cp;
-			if (mcase) {
-				for (tp2 = tmpbuf;(ch = (unsigned char)*tp++);)
-					*tp2++ = tolower(ch);
-				*tp2 = '\0';
-				tp = tmpbuf;
-			}
-			if (ntflag) {
-				tp = dotrans(tp);
-			}
-			if (mapflag) {
-				tp = domap(tp);
-			}
-			recvrequest("RETR", tp, cp,
-				    curtype == TYPE_I ? "wb" : "w",
-				    tp != cp || !interactive, 0);
-			if (!mflag && fromatty) {
-				ointer = interactive;
-				interactive = 1;
-				if (confirm("Continue with","mget")) {
-					mflag++;
-				}
-				interactive = ointer;
-			}
-		}
-	}
-	signal(SIGINT,oldintr);
-	mflag = 0;
-}
-
-char *
-remglob(char **argv, int doswitch)
-{
-    char temp[16];
-    static char buf[MaxPathLen];
-    static FILE *ftemp = NULL;
-    static char **args;
-    int oldverbose, oldhash;
-    char *cp, *filemode;
-
-    if (!mflag) {
-	if (!doglob) {
-	    args = NULL;
-	}
-	else {
-	    if (ftemp) {
-		fclose(ftemp);
-		ftemp = NULL;
-	    }
-	}
-	return (NULL);
-    }
-    if (!doglob) {
-	if (args == NULL)
-	    args = argv;
-	if ((cp = *++args) == NULL)
-	    args = NULL;
-	return (cp);
-    }
-    if (ftemp == NULL) {
-	int fd;
-	strlcpy(temp, _PATH_TMP_XXX, sizeof(temp));
-	fd = mkstemp(temp);
-	if(fd < 0){
-	    warn("unable to create temporary file %s", temp);
-	    return NULL;
-	}
-	close(fd);
-	oldverbose = verbose, verbose = 0;
-	oldhash = hash, hash = 0;
-	if (doswitch) {
-	    pswitch(!proxy);
-	}
-	for (filemode = "w"; *++argv != NULL; filemode = "a")
-	    recvrequest ("NLST", temp, *argv, filemode, 0, 0);
-	if (doswitch) {
-	    pswitch(!proxy);
-	}
-	verbose = oldverbose; hash = oldhash;
-	ftemp = fopen(temp, "r");
-	unlink(temp);
-	if (ftemp == NULL) {
-	    printf("can't find list of remote files, oops\n");
-	    return (NULL);
-	}
-    }
-    while(fgets(buf, sizeof (buf), ftemp)) {
-	if ((cp = strchr(buf, '\n')) != NULL)
-	    *cp = '\0';
-	if(!interactive && suspicious_filename(buf)){
-	    printf("Ignoring remote globbed file `%s'\n", buf);
-	    continue;
-	}
-	return buf;
-    }
-    fclose(ftemp);
-    ftemp = NULL;
-    return (NULL);
-}
-
-char *
-onoff(int bool)
-{
-
-	return (bool ? "on" : "off");
-}
-
-/*
- * Show status.
- */
-/*ARGSUSED*/
-void
-status(int argc, char **argv)
-{
-	int i;
-
-	if (connected)
-		printf("Connected to %s.\n", hostname);
-	else
-		printf("Not connected.\n");
-	if (!proxy) {
-		pswitch(1);
-		if (connected) {
-			printf("Connected for proxy commands to %s.\n", hostname);
-		}
-		else {
-			printf("No proxy connection.\n");
-		}
-		pswitch(0);
-	}
-	sec_status();
-	printf("Mode: %s; Type: %s; Form: %s; Structure: %s\n",
-		modename, typename, formname, structname);
-	printf("Verbose: %s; Bell: %s; Prompting: %s; Globbing: %s\n", 
-		onoff(verbose), onoff(bell), onoff(interactive),
-		onoff(doglob));
-	printf("Store unique: %s; Receive unique: %s\n", onoff(sunique),
-		onoff(runique));
-	printf("Case: %s; CR stripping: %s\n",onoff(mcase),onoff(crflag));
-	if (ntflag) {
-		printf("Ntrans: (in) %s (out) %s\n", ntin,ntout);
-	}
-	else {
-		printf("Ntrans: off\n");
-	}
-	if (mapflag) {
-		printf("Nmap: (in) %s (out) %s\n", mapin, mapout);
-	}
-	else {
-		printf("Nmap: off\n");
-	}
-	printf("Hash mark printing: %s; Use of PORT cmds: %s\n",
-		onoff(hash), onoff(sendport));
-	if (macnum > 0) {
-		printf("Macros:\n");
-		for (i=0; i<macnum; i++) {
-			printf("\t%s\n",macros[i].mac_name);
-		}
-	}
-	code = 0;
-}
-
-/*
- * Set beep on cmd completed mode.
- */
-/*VARARGS*/
-void
-setbell(int argc, char **argv)
-{
-
-	bell = !bell;
-	printf("Bell mode %s.\n", onoff(bell));
-	code = bell;
-}
-
-/*
- * Turn on packet tracing.
- */
-/*VARARGS*/
-void
-settrace(int argc, char **argv)
-{
-
-	trace = !trace;
-	printf("Packet tracing %s.\n", onoff(trace));
-	code = trace;
-}
-
-/*
- * Toggle hash mark printing during transfers.
- */
-/*VARARGS*/
-void
-sethash(int argc, char **argv)
-{
-
-	hash = !hash;
-	printf("Hash mark printing %s", onoff(hash));
-	code = hash;
-	if (hash)
-		printf(" (%d bytes/hash mark)", 1024);
-	printf(".\n");
-}
-
-/*
- * Turn on printing of server echo's.
- */
-/*VARARGS*/
-void
-setverbose(int argc, char **argv)
-{
-
-	verbose = !verbose;
-	printf("Verbose mode %s.\n", onoff(verbose));
-	code = verbose;
-}
-
-/*
- * Toggle PORT cmd use before each data connection.
- */
-/*VARARGS*/
-void
-setport(int argc, char **argv)
-{
-
-	sendport = !sendport;
-	printf("Use of PORT cmds %s.\n", onoff(sendport));
-	code = sendport;
-}
-
-/*
- * Turn on interactive prompting
- * during mget, mput, and mdelete.
- */
-/*VARARGS*/
-void
-setprompt(int argc, char **argv)
-{
-
-	interactive = !interactive;
-	printf("Interactive mode %s.\n", onoff(interactive));
-	code = interactive;
-}
-
-/*
- * Toggle metacharacter interpretation
- * on local file names.
- */
-/*VARARGS*/
-void
-setglob(int argc, char **argv)
-{
-	
-	doglob = !doglob;
-	printf("Globbing %s.\n", onoff(doglob));
-	code = doglob;
-}
-
-/*
- * Set debugging mode on/off and/or
- * set level of debugging.
- */
-/*VARARGS*/
-void
-setdebug(int argc, char **argv)
-{
-	int val;
-
-	if (argc > 1) {
-		val = atoi(argv[1]);
-		if (val < 0) {
-			printf("%s: bad debugging value.\n", argv[1]);
-			code = -1;
-			return;
-		}
-	} else
-		val = !debug;
-	debug = val;
-	if (debug)
-		options |= SO_DEBUG;
-	else
-		options &= ~SO_DEBUG;
-	printf("Debugging %s (debug=%d).\n", onoff(debug), debug);
-	code = debug > 0;
-}
-
-/*
- * Set current working directory
- * on remote machine.
- */
-void
-cd(int argc, char **argv)
-{
-
-	if (argc < 2 && !another(&argc, &argv, "remote-directory")) {
-		printf("usage: %s remote-directory\n", argv[0]);
-		code = -1;
-		return;
-	}
-	if (command("CWD %s", argv[1]) == ERROR && code == 500) {
-		if (verbose)
-			printf("CWD command not recognized, trying XCWD\n");
-		command("XCWD %s", argv[1]);
-	}
-}
-
-/*
- * Set current working directory
- * on local machine.
- */
-void
-lcd(int argc, char **argv)
-{
-	char buf[MaxPathLen];
-
-	if (argc < 2)
-		argc++, argv[1] = home;
-	if (argc != 2) {
-		printf("usage: %s local-directory\n", argv[0]);
-		code = -1;
-		return;
-	}
-	if (!globulize(&argv[1])) {
-		code = -1;
-		return;
-	}
-	if (chdir(argv[1]) < 0) {
-		warn("local: %s", argv[1]);
-		code = -1;
-		return;
-	}
-	if (getcwd(buf, sizeof(buf)) != NULL)
-		printf("Local directory now %s\n", buf);
-	else
-		warnx("getwd: %s", buf);
-	code = 0;
-}
-
-/*
- * Delete a single file.
- */
-void
-delete(int argc, char **argv)
-{
-
-	if (argc < 2 && !another(&argc, &argv, "remote-file")) {
-		printf("usage: %s remote-file\n", argv[0]);
-		code = -1;
-		return;
-	}
-	command("DELE %s", argv[1]);
-}
-
-/*
- * Delete multiple files.
- */
-void
-mdelete(int argc, char **argv)
-{
-    sighand oldintr;
-    int ointer;
-    char *cp;
-
-    if (argc < 2 && !another(&argc, &argv, "remote-files")) {
-	printf("usage: %s remote-files\n", argv[0]);
-	code = -1;
-	return;
-    }
-    mname = argv[0];
-    mflag = 1;
-    oldintr = signal(SIGINT, mabort);
-    setjmp(jabort);
-    while ((cp = remglob(argv,0)) != NULL) {
-	if (*cp == '\0') {
-	    mflag = 0;
-	    continue;
-	}
-	if (mflag && confirm(argv[0], cp)) {
-	    command("DELE %s", cp);
-	    if (!mflag && fromatty) {
-		ointer = interactive;
-		interactive = 1;
-		if (confirm("Continue with", "mdelete")) {
-		    mflag++;
-		}
-		interactive = ointer;
-	    }
-	}
-    }
-    signal(SIGINT, oldintr);
-    mflag = 0;
-}
-
-/*
- * Rename a remote file.
- */
-void
-renamefile(int argc, char **argv)
-{
-
-	if (argc < 2 && !another(&argc, &argv, "from-name"))
-		goto usage;
-	if (argc < 3 && !another(&argc, &argv, "to-name")) {
-usage:
-		printf("%s from-name to-name\n", argv[0]);
-		code = -1;
-		return;
-	}
-	if (command("RNFR %s", argv[1]) == CONTINUE)
-		command("RNTO %s", argv[2]);
-}
-
-/*
- * Get a directory listing
- * of remote files.
- */
-void
-ls(int argc, char **argv)
-{
-	char *cmd;
-
-	if (argc < 2)
-		argc++, argv[1] = NULL;
-	if (argc < 3)
-		argc++, argv[2] = "-";
-	if (argc > 3) {
-		printf("usage: %s remote-directory local-file\n", argv[0]);
-		code = -1;
-		return;
-	}
-	cmd = argv[0][0] == 'n' ? "NLST" : "LIST";
-	if (strcmp(argv[2], "-") && !globulize(&argv[2])) {
-		code = -1;
-		return;
-	}
-	if (strcmp(argv[2], "-") && *argv[2] != '|')
-	    if (!globulize(&argv[2]) || !confirm("output to local-file:", 
-						 argv[2])) {
-		code = -1;
-		return;
-	    }
-	recvrequest(cmd, argv[2], argv[1], "w", 0, 1);
-}
-
-/*
- * Get a directory listing
- * of multiple remote files.
- */
-void
-mls(int argc, char **argv)
-{
-	sighand oldintr;
-	int ointer, i;
-	char *cmd, filemode[2], *dest;
-
-	if (argc < 2 && !another(&argc, &argv, "remote-files"))
-		goto usage;
-	if (argc < 3 && !another(&argc, &argv, "local-file")) {
-usage:
-		printf("usage: %s remote-files local-file\n", argv[0]);
-		code = -1;
-		return;
-	}
-	dest = argv[argc - 1];
-	argv[argc - 1] = NULL;
-	if (strcmp(dest, "-") && *dest != '|')
-		if (!globulize(&dest) ||
-		    !confirm("output to local-file:", dest)) {
-			code = -1;
-			return;
-	}
-	cmd = argv[0][1] == 'l' ? "NLST" : "LIST";
-	mname = argv[0];
-	mflag = 1;
-	oldintr = signal(SIGINT, mabort);
-	setjmp(jabort);
-	filemode[1] = '\0';
-	for (i = 1; mflag && i < argc-1; ++i) {
-		*filemode = (i == 1) ? 'w' : 'a';
-		recvrequest(cmd, dest, argv[i], filemode, 0, 1);
-		if (!mflag && fromatty) {
-			ointer = interactive;
-			interactive = 1;
-			if (confirm("Continue with", argv[0])) {
-				mflag ++;
-			}
-			interactive = ointer;
-		}
-	}
-	signal(SIGINT, oldintr);
-	mflag = 0;
-}
-
-/*
- * Do a shell escape
- */
-/*ARGSUSED*/
-void
-shell(int argc, char **argv)
-{
-	pid_t pid;
-	RETSIGTYPE (*old1)(int), (*old2)(int);
-	char shellnam[40], *shellpath, *namep; 
-	int waitstatus;
-
-	old1 = signal (SIGINT, SIG_IGN);
-	old2 = signal (SIGQUIT, SIG_IGN);
-	if ((pid = fork()) == 0) {
-		for (pid = 3; pid < 20; pid++)
-			close(pid);
-		signal(SIGINT, SIG_DFL);
-		signal(SIGQUIT, SIG_DFL);
-		shellpath = getenv("SHELL");
-		if (shellpath == NULL)
-			shellpath = _PATH_BSHELL;
-		namep = strrchr(shellpath, '/');
-		if (namep == NULL)
-			namep = shellpath;
-		snprintf (shellnam, sizeof(shellnam),
-			  "-%s", ++namep);
-		if (strcmp(namep, "sh") != 0)
-			shellnam[0] = '+';
-		if (debug) {
-			printf ("%s\n", shellpath);
-			fflush (stdout);
-		}
-		if (argc > 1) {
-			execl(shellpath,shellnam,"-c",altarg,(char *)0);
-		}
-		else {
-			execl(shellpath,shellnam,(char *)0);
-		}
-		warn("%s", shellpath);
-		code = -1;
-		exit(1);
-	}
-	if (pid > 0)
-		while (waitpid(-1, &waitstatus, 0) != pid)
-			;
-	signal(SIGINT, old1);
-	signal(SIGQUIT, old2);
-	if (pid == -1) {
-		warn("%s", "Try again later");
-		code = -1;
-	}
-	else {
-		code = 0;
-	}
-}
-
-/*
- * Send new user information (re-login)
- */
-void
-user(int argc, char **argv)
-{
-	char acctstr[80];
-	int n, aflag = 0;
-	char tmp[256];
-
-	if (argc < 2)
-		another(&argc, &argv, "username");
-	if (argc < 2 || argc > 4) {
-		printf("usage: %s username [password] [account]\n", argv[0]);
-		code = -1;
-		return;
-	}
-	n = command("USER %s", argv[1]);
-	if (n == CONTINUE) {
-	    if (argc < 3 ) {
-		UI_UTIL_read_pw_string (tmp,
-				    sizeof(tmp),
-				    "Password: ", 0);
-		argv[2] = tmp;
-		argc++;
-	    }
-	    n = command("PASS %s", argv[2]);
-	}
-	if (n == CONTINUE) {
-		if (argc < 4) {
-			printf("Account: "); fflush(stdout);
-			fgets(acctstr, sizeof(acctstr) - 1, stdin);
-			acctstr[strcspn(acctstr, "\r\n")] = '\0';
-			argv[3] = acctstr; argc++;
-		}
-		n = command("ACCT %s", argv[3]);
-		aflag++;
-	}
-	if (n != COMPLETE) {
-		fprintf(stdout, "Login failed.\n");
-		return;
-	}
-	if (!aflag && argc == 4) {
-		command("ACCT %s", argv[3]);
-	}
-}
-
-/*
- * Print working directory.
- */
-/*VARARGS*/
-void
-pwd(int argc, char **argv)
-{
-	int oldverbose = verbose;
-
-	/*
-	 * If we aren't verbose, this doesn't do anything!
-	 */
-	verbose = 1;
-	if (command("PWD") == ERROR && code == 500) {
-		printf("PWD command not recognized, trying XPWD\n");
-		command("XPWD");
-	}
-	verbose = oldverbose;
-}
-
-/*
- * Make a directory.
- */
-void
-makedir(int argc, char **argv)
-{
-
-	if (argc < 2 && !another(&argc, &argv, "directory-name")) {
-		printf("usage: %s directory-name\n", argv[0]);
-		code = -1;
-		return;
-	}
-	if (command("MKD %s", argv[1]) == ERROR && code == 500) {
-		if (verbose)
-			printf("MKD command not recognized, trying XMKD\n");
-		command("XMKD %s", argv[1]);
-	}
-}
-
-/*
- * Remove a directory.
- */
-void
-removedir(int argc, char **argv)
-{
-
-	if (argc < 2 && !another(&argc, &argv, "directory-name")) {
-		printf("usage: %s directory-name\n", argv[0]);
-		code = -1;
-		return;
-	}
-	if (command("RMD %s", argv[1]) == ERROR && code == 500) {
-		if (verbose)
-			printf("RMD command not recognized, trying XRMD\n");
-		command("XRMD %s", argv[1]);
-	}
-}
-
-/*
- * Send a line, verbatim, to the remote machine.
- */
-void
-quote(int argc, char **argv)
-{
-
-	if (argc < 2 && !another(&argc, &argv, "command line to send")) {
-		printf("usage: %s line-to-send\n", argv[0]);
-		code = -1;
-		return;
-	}
-	quote1("", argc, argv);
-}
-
-/*
- * Send a SITE command to the remote machine.  The line
- * is sent verbatim to the remote machine, except that the
- * word "SITE" is added at the front.
- */
-void
-site(int argc, char **argv)
-{
-
-	if (argc < 2 && !another(&argc, &argv, "arguments to SITE command")) {
-		printf("usage: %s line-to-send\n", argv[0]);
-		code = -1;
-		return;
-	}
-	quote1("SITE ", argc, argv);
-}
-
-/*
- * Turn argv[1..argc) into a space-separated string, then prepend initial text.
- * Send the result as a one-line command and get response.
- */
-void
-quote1(char *initial, int argc, char **argv)
-{
-    int i;
-    char buf[BUFSIZ];		/* must be >= sizeof(line) */
-
-    strlcpy(buf, initial, sizeof(buf));
-    for(i = 1; i < argc; i++) {
-	if(i > 1)
-	    strlcat(buf, " ", sizeof(buf));
-	strlcat(buf, argv[i], sizeof(buf));
-    }
-    if (command("%s", buf) == PRELIM) {
-	while (getreply(0) == PRELIM)
-	    continue;
-    }
-}
-
-void
-do_chmod(int argc, char **argv)
-{
-
-	if (argc < 2 && !another(&argc, &argv, "mode"))
-		goto usage;
-	if (argc < 3 && !another(&argc, &argv, "file-name")) {
-usage:
-		printf("usage: %s mode file-name\n", argv[0]);
-		code = -1;
-		return;
-	}
-	command("SITE CHMOD %s %s", argv[1], argv[2]);
-}
-
-void
-do_umask(int argc, char **argv)
-{
-	int oldverbose = verbose;
-
-	verbose = 1;
-	command(argc == 1 ? "SITE UMASK" : "SITE UMASK %s", argv[1]);
-	verbose = oldverbose;
-}
-
-void
-ftp_idle(int argc, char **argv)
-{
-	int oldverbose = verbose;
-
-	verbose = 1;
-	command(argc == 1 ? "SITE IDLE" : "SITE IDLE %s", argv[1]);
-	verbose = oldverbose;
-}
-
-/*
- * Ask the other side for help.
- */
-void
-rmthelp(int argc, char **argv)
-{
-	int oldverbose = verbose;
-
-	verbose = 1;
-	command(argc == 1 ? "HELP" : "HELP %s", argv[1]);
-	verbose = oldverbose;
-}
-
-/*
- * Terminate session and exit.
- */
-/*VARARGS*/
-void
-quit(int argc, char **argv)
-{
-
-	if (connected)
-		disconnect(0, 0);
-	pswitch(1);
-	if (connected) {
-		disconnect(0, 0);
-	}
-	exit(0);
-}
-
-/*
- * Terminate session, but don't exit.
- */
-void
-disconnect(int argc, char **argv)
-{
-
-	if (!connected)
-		return;
-	command("QUIT");
-	if (cout) {
-		fclose(cout);
-	}
-	cout = NULL;
-	connected = 0;
-	sec_end();
-	data = -1;
-	if (!proxy) {
-		macnum = 0;
-	}
-}
-
-int
-confirm(char *cmd, char *file)
-{
-	char buf[BUFSIZ];
-
-	if (!interactive)
-		return (1);
-	printf("%s %s? ", cmd, file);
-	fflush(stdout);
-	if (fgets(buf, sizeof buf, stdin) == NULL)
-		return (0);
-	return (*buf == 'y' || *buf == 'Y');
-}
-
-void
-fatal(char *msg)
-{
-
-	errx(1, "%s", msg);
-}
-
-/*
- * Glob a local file name specification with
- * the expectation of a single return value.
- * Can't control multiple values being expanded
- * from the expression, we return only the first.
- */
-int
-globulize(char **cpp)
-{
-	glob_t gl;
-	int flags;
-
-	if (!doglob)
-		return (1);
-
-	flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
-	memset(&gl, 0, sizeof(gl));
-	if (glob(*cpp, flags, NULL, &gl) ||
-	    gl.gl_pathc == 0) {
-		warnx("%s: not found", *cpp);
-		globfree(&gl);
-		return (0);
-	}
-	*cpp = strdup(gl.gl_pathv[0]);	/* XXX - wasted memory */
-	globfree(&gl);
-	return (1);
-}
-
-void
-account(int argc, char **argv)
-{
-	char acctstr[50];
-
-	if (argc > 1) {
-		++argv;
-		--argc;
-		strlcpy (acctstr, *argv, sizeof(acctstr));
-		while (argc > 1) {
-			--argc;
-			++argv;
-			strlcat(acctstr, *argv, sizeof(acctstr));
-		}
-	}
-	else {
-	    UI_UTIL_read_pw_string(acctstr, sizeof(acctstr), "Account:", 0);
-	}
-	command("ACCT %s", acctstr);
-}
-
-jmp_buf abortprox;
-
-static RETSIGTYPE
-proxabort(int sig)
-{
-
-	if (!proxy) {
-		pswitch(1);
-	}
-	if (connected) {
-		proxflag = 1;
-	}
-	else {
-		proxflag = 0;
-	}
-	pswitch(0);
-	longjmp(abortprox,1);
-}
-
-void
-doproxy(int argc, char **argv)
-{
-	struct cmd *c;
-	RETSIGTYPE (*oldintr)(int);
-
-	if (argc < 2 && !another(&argc, &argv, "command")) {
-		printf("usage: %s command\n", argv[0]);
-		code = -1;
-		return;
-	}
-	c = getcmd(argv[1]);
-	if (c == (struct cmd *) -1) {
-		printf("?Ambiguous command\n");
-		fflush(stdout);
-		code = -1;
-		return;
-	}
-	if (c == 0) {
-		printf("?Invalid command\n");
-		fflush(stdout);
-		code = -1;
-		return;
-	}
-	if (!c->c_proxy) {
-		printf("?Invalid proxy command\n");
-		fflush(stdout);
-		code = -1;
-		return;
-	}
-	if (setjmp(abortprox)) {
-		code = -1;
-		return;
-	}
-	oldintr = signal(SIGINT, proxabort);
-	pswitch(1);
-	if (c->c_conn && !connected) {
-		printf("Not connected\n");
-		fflush(stdout);
-		pswitch(0);
-		signal(SIGINT, oldintr);
-		code = -1;
-		return;
-	}
-	(*c->c_handler)(argc-1, argv+1);
-	if (connected) {
-		proxflag = 1;
-	}
-	else {
-		proxflag = 0;
-	}
-	pswitch(0);
-	signal(SIGINT, oldintr);
-}
-
-void
-setcase(int argc, char **argv)
-{
-
-	mcase = !mcase;
-	printf("Case mapping %s.\n", onoff(mcase));
-	code = mcase;
-}
-
-void
-setcr(int argc, char **argv)
-{
-
-	crflag = !crflag;
-	printf("Carriage Return stripping %s.\n", onoff(crflag));
-	code = crflag;
-}
-
-void
-setntrans(int argc, char **argv)
-{
-	if (argc == 1) {
-		ntflag = 0;
-		printf("Ntrans off.\n");
-		code = ntflag;
-		return;
-	}
-	ntflag++;
-	code = ntflag;
-	strlcpy (ntin, argv[1], 17);
-	if (argc == 2) {
-		ntout[0] = '\0';
-		return;
-	}
-	strlcpy (ntout, argv[2], 17);
-}
-
-char *
-dotrans(char *name)
-{
-	static char new[MaxPathLen];
-	char *cp1, *cp2 = new;
-	int i, ostop, found;
-
-	for (ostop = 0; *(ntout + ostop) && ostop < 16; ostop++)
-		continue;
-	for (cp1 = name; *cp1; cp1++) {
-		found = 0;
-		for (i = 0; *(ntin + i) && i < 16; i++) {
-			if (*cp1 == *(ntin + i)) {
-				found++;
-				if (i < ostop) {
-					*cp2++ = *(ntout + i);
-				}
-				break;
-			}
-		}
-		if (!found) {
-			*cp2++ = *cp1;
-		}
-	}
-	*cp2 = '\0';
-	return (new);
-}
-
-void
-setnmap(int argc, char **argv)
-{
-	char *cp;
-
-	if (argc == 1) {
-		mapflag = 0;
-		printf("Nmap off.\n");
-		code = mapflag;
-		return;
-	}
-	if (argc < 3 && !another(&argc, &argv, "mapout")) {
-		printf("Usage: %s [mapin mapout]\n",argv[0]);
-		code = -1;
-		return;
-	}
-	mapflag = 1;
-	code = 1;
-	cp = strchr(altarg, ' ');
-	if (proxy) {
-		while(*++cp == ' ')
-			continue;
-		altarg = cp;
-		cp = strchr(altarg, ' ');
-	}
-	*cp = '\0';
-	strlcpy(mapin, altarg, MaxPathLen);
-	while (*++cp == ' ')
-		continue;
-	strlcpy(mapout, cp, MaxPathLen);
-}
-
-char *
-domap(char *name)
-{
-	static char new[MaxPathLen];
-	char *cp1 = name, *cp2 = mapin;
-	char *tp[9], *te[9];
-	int i, toks[9], toknum = 0, match = 1;
-
-	for (i=0; i < 9; ++i) {
-		toks[i] = 0;
-	}
-	while (match && *cp1 && *cp2) {
-		switch (*cp2) {
-			case '\\':
-				if (*++cp2 != *cp1) {
-					match = 0;
-				}
-				break;
-			case '$':
-				if (*(cp2+1) >= '1' && (*cp2+1) <= '9') {
-					if (*cp1 != *(++cp2+1)) {
-						toks[toknum = *cp2 - '1']++;
-						tp[toknum] = cp1;
-						while (*++cp1 && *(cp2+1)
-							!= *cp1);
-						te[toknum] = cp1;
-					}
-					cp2++;
-					break;
-				}
-				/* FALLTHROUGH */
-			default:
-				if (*cp2 != *cp1) {
-					match = 0;
-				}
-				break;
-		}
-		if (match && *cp1) {
-			cp1++;
-		}
-		if (match && *cp2) {
-			cp2++;
-		}
-	}
-	if (!match && *cp1) /* last token mismatch */
-	{
-		toks[toknum] = 0;
-	}
-	cp1 = new;
-	*cp1 = '\0';
-	cp2 = mapout;
-	while (*cp2) {
-		match = 0;
-		switch (*cp2) {
-			case '\\':
-				if (*(cp2 + 1)) {
-					*cp1++ = *++cp2;
-				}
-				break;
-			case '[':
-LOOP:
-				if (*++cp2 == '$' && isdigit((unsigned char)*(cp2+1))) { 
-					if (*++cp2 == '0') {
-						char *cp3 = name;
-
-						while (*cp3) {
-							*cp1++ = *cp3++;
-						}
-						match = 1;
-					}
-					else if (toks[toknum = *cp2 - '1']) {
-						char *cp3 = tp[toknum];
-
-						while (cp3 != te[toknum]) {
-							*cp1++ = *cp3++;
-						}
-						match = 1;
-					}
-				}
-				else {
-					while (*cp2 && *cp2 != ',' && 
-					    *cp2 != ']') {
-						if (*cp2 == '\\') {
-							cp2++;
-						}
-						else if (*cp2 == '$' &&
-   						        isdigit((unsigned char)*(cp2+1))) {
-							if (*++cp2 == '0') {
-							   char *cp3 = name;
-
-							   while (*cp3) {
-								*cp1++ = *cp3++;
-							   }
-							}
-							else if (toks[toknum =
-							    *cp2 - '1']) {
-							   char *cp3=tp[toknum];
-
-							   while (cp3 !=
-								  te[toknum]) {
-								*cp1++ = *cp3++;
-							   }
-							}
-						}
-						else if (*cp2) {
-							*cp1++ = *cp2++;
-						}
-					}
-					if (!*cp2) {
-						printf("nmap: unbalanced brackets\n");
-						return (name);
-					}
-					match = 1;
-					cp2--;
-				}
-				if (match) {
-					while (*++cp2 && *cp2 != ']') {
-					      if (*cp2 == '\\' && *(cp2 + 1)) {
-							cp2++;
-					      }
-					}
-					if (!*cp2) {
-						printf("nmap: unbalanced brackets\n");
-						return (name);
-					}
-					break;
-				}
-				switch (*++cp2) {
-					case ',':
-						goto LOOP;
-					case ']':
-						break;
-					default:
-						cp2--;
-						goto LOOP;
-				}
-				break;
-			case '$':
-				if (isdigit((unsigned char)*(cp2 + 1))) {
-					if (*++cp2 == '0') {
-						char *cp3 = name;
-
-						while (*cp3) {
-							*cp1++ = *cp3++;
-						}
-					}
-					else if (toks[toknum = *cp2 - '1']) {
-						char *cp3 = tp[toknum];
-
-						while (cp3 != te[toknum]) {
-							*cp1++ = *cp3++;
-						}
-					}
-					break;
-				}
-				/* intentional drop through */
-			default:
-				*cp1++ = *cp2;
-				break;
-		}
-		cp2++;
-	}
-	*cp1 = '\0';
-	if (!*new) {
-		return (name);
-	}
-	return (new);
-}
-
-void
-setpassive(int argc, char **argv)
-{
-
-	passivemode = !passivemode;
-	printf("Passive mode %s.\n", onoff(passivemode));
-	code = passivemode;
-}
-
-void
-setsunique(int argc, char **argv)
-{
-
-	sunique = !sunique;
-	printf("Store unique %s.\n", onoff(sunique));
-	code = sunique;
-}
-
-void
-setrunique(int argc, char **argv)
-{
-
-	runique = !runique;
-	printf("Receive unique %s.\n", onoff(runique));
-	code = runique;
-}
-
-/* change directory to perent directory */
-void
-cdup(int argc, char **argv)
-{
-
-	if (command("CDUP") == ERROR && code == 500) {
-		if (verbose)
-			printf("CDUP command not recognized, trying XCUP\n");
-		command("XCUP");
-	}
-}
-
-/* restart transfer at specific point */
-void
-restart(int argc, char **argv)
-{
-
-    if (argc != 2)
-	printf("restart: offset not specified\n");
-    else {
-	restart_point = atol(argv[1]);
-	printf("restarting at %ld. %s\n", (long)restart_point,
-	       "execute get, put or append to initiate transfer");
-    }
-}
-
-/* show remote system type */
-void
-syst(int argc, char **argv)
-{
-
-	command("SYST");
-}
-
-void
-macdef(int argc, char **argv)
-{
-	char *tmp;
-	int c;
-
-	if (macnum == 16) {
-		printf("Limit of 16 macros have already been defined\n");
-		code = -1;
-		return;
-	}
-	if (argc < 2 && !another(&argc, &argv, "macro name")) {
-		printf("Usage: %s macro_name\n",argv[0]);
-		code = -1;
-		return;
-	}
-	if (interactive) {
-		printf("Enter macro line by line, terminating it with a null line\n");
-	}
-	strlcpy(macros[macnum].mac_name,
-			argv[1],
-			sizeof(macros[macnum].mac_name));
-	if (macnum == 0) {
-		macros[macnum].mac_start = macbuf;
-	}
-	else {
-		macros[macnum].mac_start = macros[macnum - 1].mac_end + 1;
-	}
-	tmp = macros[macnum].mac_start;
-	while (tmp != macbuf+4096) {
-		if ((c = getchar()) == EOF) {
-			printf("macdef:end of file encountered\n");
-			code = -1;
-			return;
-		}
-		if ((*tmp = c) == '\n') {
-			if (tmp == macros[macnum].mac_start) {
-				macros[macnum++].mac_end = tmp;
-				code = 0;
-				return;
-			}
-			if (*(tmp-1) == '\0') {
-				macros[macnum++].mac_end = tmp - 1;
-				code = 0;
-				return;
-			}
-			*tmp = '\0';
-		}
-		tmp++;
-	}
-	while (1) {
-		while ((c = getchar()) != '\n' && c != EOF)
-			/* LOOP */;
-		if (c == EOF || getchar() == '\n') {
-			printf("Macro not defined - 4k buffer exceeded\n");
-			code = -1;
-			return;
-		}
-	}
-}
-
-/*
- * get size of file on remote machine
- */
-void
-sizecmd(int argc, char **argv)
-{
-
-	if (argc < 2 && !another(&argc, &argv, "filename")) {
-		printf("usage: %s filename\n", argv[0]);
-		code = -1;
-		return;
-	}
-	command("SIZE %s", argv[1]);
-}
-
-/*
- * get last modification time of file on remote machine
- */
-void
-modtime(int argc, char **argv)
-{
-	int overbose;
-
-	if (argc < 2 && !another(&argc, &argv, "filename")) {
-		printf("usage: %s filename\n", argv[0]);
-		code = -1;
-		return;
-	}
-	overbose = verbose;
-	if (debug == 0)
-		verbose = -1;
-	if (command("MDTM %s", argv[1]) == COMPLETE) {
-		int yy, mo, day, hour, min, sec;
-		sscanf(reply_string, "%*s %04d%02d%02d%02d%02d%02d", &yy, &mo,
-			&day, &hour, &min, &sec);
-		/* might want to print this in local time */
-		printf("%s\t%02d/%02d/%04d %02d:%02d:%02d GMT\n", argv[1],
-			mo, day, yy, hour, min, sec);
-	} else
-		printf("%s\n", reply_string);
-	verbose = overbose;
-}
-
-/*
- * show status on reomte machine
- */
-void
-rmtstatus(int argc, char **argv)
-{
-
-	command(argc > 1 ? "STAT %s" : "STAT" , argv[1]);
-}
-
-/*
- * get file if modtime is more recent than current file
- */
-void
-newer(int argc, char **argv)
-{
-
-	if (getit(argc, argv, -1, curtype == TYPE_I ? "wb" : "w"))
-		printf("Local file \"%s\" is newer than remote file \"%s\"\n",
-			argv[2], argv[1]);
-}
-
-void
-klist(int argc, char **argv)
-{
-    int ret;
-    if(argc != 1){
-	printf("usage: %s\n", argv[0]);
-	code = -1;
-	return;
-    }
-    
-    ret = command("SITE KLIST");
-    code = (ret == COMPLETE);
-}
diff --git a/crypto/heimdal/appl/ftp/ftp/cmdtab.c b/crypto/heimdal/appl/ftp/ftp/cmdtab.c
deleted file mode 100644
index 1c65e715895d..000000000000
--- a/crypto/heimdal/appl/ftp/ftp/cmdtab.c
+++ /dev/null
@@ -1,217 +0,0 @@
-/*
- * Copyright (c) 1985, 1989, 1993, 1994
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "ftp_locl.h"
-
-/*
- * User FTP -- Command Tables.
- */
-
-char	accounthelp[] =	"send account command to remote server";
-char	appendhelp[] =	"append to a file";
-char	asciihelp[] =	"set ascii transfer type";
-char	beephelp[] =	"beep when command completed";
-char	binaryhelp[] =	"set binary transfer type";
-char	casehelp[] =	"toggle mget upper/lower case id mapping";
-char	cdhelp[] =	"change remote working directory";
-char	cduphelp[] = 	"change remote working directory to parent directory";
-char	chmodhelp[] =	"change file permissions of remote file";
-char	connecthelp[] =	"connect to remote tftp";
-char	crhelp[] =	"toggle carriage return stripping on ascii gets";
-char	deletehelp[] =	"delete remote file";
-char	debughelp[] =	"toggle/set debugging mode";
-char	dirhelp[] =	"list contents of remote directory";
-char	disconhelp[] =	"terminate ftp session";
-char	domachelp[] = 	"execute macro";
-char	formhelp[] =	"set file transfer format";
-char	globhelp[] =	"toggle metacharacter expansion of local file names";
-char	hashhelp[] =	"toggle printing `#' for each buffer transferred";
-char	helphelp[] =	"print local help information";
-char	idlehelp[] =	"get (set) idle timer on remote side";
-char	lcdhelp[] =	"change local working directory";
-char	lshelp[] =	"list contents of remote directory";
-char	macdefhelp[] =  "define a macro";
-char	mdeletehelp[] =	"delete multiple files";
-char	mdirhelp[] =	"list contents of multiple remote directories";
-char	mgethelp[] =	"get multiple files";
-char	mkdirhelp[] =	"make directory on the remote machine";
-char	mlshelp[] =	"list contents of multiple remote directories";
-char	modtimehelp[] = "show last modification time of remote file";
-char	modehelp[] =	"set file transfer mode";
-char	mputhelp[] =	"send multiple files";
-char	newerhelp[] =	"get file if remote file is newer than local file ";
-char	nlisthelp[] =	"nlist contents of remote directory";
-char	nmaphelp[] =	"set templates for default file name mapping";
-char	ntranshelp[] =	"set translation table for default file name mapping";
-char	porthelp[] =	"toggle use of PORT cmd for each data connection";
-char	prompthelp[] =	"force interactive prompting on multiple commands";
-char	proxyhelp[] =	"issue command on alternate connection";
-char	pwdhelp[] =	"print working directory on remote machine";
-char	quithelp[] =	"terminate ftp session and exit";
-char	quotehelp[] =	"send arbitrary ftp command";
-char	receivehelp[] =	"receive file";
-char	regethelp[] =	"get file restarting at end of local file";
-char	remotehelp[] =	"get help from remote server";
-char	renamehelp[] =	"rename file";
-char	restarthelp[]=	"restart file transfer at bytecount";
-char	rmdirhelp[] =	"remove directory on the remote machine";
-char	rmtstatushelp[]="show status of remote machine";
-char	runiquehelp[] = "toggle store unique for local files";
-char	resethelp[] =	"clear queued command replies";
-char	sendhelp[] =	"send one file";
-char	passivehelp[] =	"enter passive transfer mode";
-char	sitehelp[] =	"send site specific command to remote server\n\t\tTry \"rhelp site\" or \"site help\" for more information";
-char	shellhelp[] =	"escape to the shell";
-char	sizecmdhelp[] = "show size of remote file";
-char	statushelp[] =	"show current status";
-char	structhelp[] =	"set file transfer structure";
-char	suniquehelp[] = "toggle store unique on remote machine";
-char	systemhelp[] =  "show remote system type";
-char	tenexhelp[] =	"set tenex file transfer type";
-char	tracehelp[] =	"toggle packet tracing";
-char	typehelp[] =	"set file transfer type";
-char	umaskhelp[] =	"get (set) umask on remote side";
-char	userhelp[] =	"send new user information";
-char	verbosehelp[] =	"toggle verbose mode";
-
-char	prothelp[] = 	"set protection level";
-char	prothelp_c[] =	"set command protection level";
-#ifdef KRB4
-char	kauthhelp[] = 	"get remote tokens";
-#endif
-#if defined(KRB4) || defined(KRB5)
-char	klisthelp[] =	"show remote tickets";
-#endif
-#ifdef KRB4
-char	kdestroyhelp[] = "destroy remote tickets";
-char	krbtkfilehelp[] = "set filename of remote tickets";
-#endif
-#if defined(KRB4) || defined(KRB5)
-char	afsloghelp[] = 	"obtain remote AFS tokens";
-#endif
-
-struct cmd cmdtab[] = {
-	{ "!",		shellhelp,	0,	0,	0,	shell },
-	{ "$",		domachelp,	1,	0,	0,	domacro },
-	{ "account",	accounthelp,	0,	1,	1,	account},
-	{ "append",	appendhelp,	1,	1,	1,	put },
-	{ "ascii",	asciihelp,	0,	1,	1,	setascii },
-	{ "bell",	beephelp,	0,	0,	0,	setbell },
-	{ "binary",	binaryhelp,	0,	1,	1,	setbinary },
-	{ "bye",	quithelp,	0,	0,	0,	quit },
-	{ "case",	casehelp,	0,	0,	1,	setcase },
-	{ "cd",		cdhelp,		0,	1,	1,	cd },
-	{ "cdup",	cduphelp,	0,	1,	1,	cdup },
-	{ "chmod",	chmodhelp,	0,	1,	1,	do_chmod },
-	{ "close",	disconhelp,	0,	1,	1,	disconnect },
-	{ "cr",		crhelp,		0,	0,	0,	setcr },
-	{ "delete",	deletehelp,	0,	1,	1,	delete },
-	{ "debug",	debughelp,	0,	0,	0,	setdebug },
-	{ "dir",	dirhelp,	1,	1,	1,	ls },
-	{ "disconnect",	disconhelp,	0,	1,	1,	disconnect },
-	{ "form",	formhelp,	0,	1,	1,	setform },
-	{ "get",	receivehelp,	1,	1,	1,	get },
-	{ "glob",	globhelp,	0,	0,	0,	setglob },
-	{ "hash",	hashhelp,	0,	0,	0,	sethash },
-	{ "help",	helphelp,	0,	0,	1,	help },
-	{ "idle",	idlehelp,	0,	1,	1,	ftp_idle },
-	{ "image",	binaryhelp,	0,	1,	1,	setbinary },
-	{ "lcd",	lcdhelp,	0,	0,	0,	lcd },
-	{ "ls",		lshelp,		1,	1,	1,	ls },
-	{ "macdef",	macdefhelp,	0,	0,	0,	macdef },
-	{ "mdelete",	mdeletehelp,	1,	1,	1,	mdelete },
-	{ "mdir",	mdirhelp,	1,	1,	1,	mls },
-	{ "mget",	mgethelp,	1,	1,	1,	mget },
-	{ "mkdir",	mkdirhelp,	0,	1,	1,	makedir },
-	{ "mls",	mlshelp,	1,	1,	1,	mls },
-	{ "mode",	modehelp,	0,	1,	1,	setftmode },
-	{ "modtime",	modtimehelp,	0,	1,	1,	modtime },
-	{ "mput",	mputhelp,	1,	1,	1,	mput },
-	{ "newer",	newerhelp,	1,	1,	1,	newer },
-	{ "nmap",	nmaphelp,	0,	0,	1,	setnmap },
-	{ "nlist",	nlisthelp,	1,	1,	1,	ls },
-	{ "ntrans",	ntranshelp,	0,	0,	1,	setntrans },
-	{ "open",	connecthelp,	0,	0,	1,	setpeer },
-	{ "passive",	passivehelp,	0,	0,	0,	setpassive },
-	{ "prompt",	prompthelp,	0,	0,	0,	setprompt },
-	{ "proxy",	proxyhelp,	0,	0,	1,	doproxy },
-	{ "sendport",	porthelp,	0,	0,	0,	setport },
-	{ "put",	sendhelp,	1,	1,	1,	put },
-	{ "pwd",	pwdhelp,	0,	1,	1,	pwd },
-	{ "quit",	quithelp,	0,	0,	0,	quit },
-	{ "quote",	quotehelp,	1,	1,	1,	quote },
-	{ "recv",	receivehelp,	1,	1,	1,	get },
-	{ "reget",	regethelp,	1,	1,	1,	reget },
-	{ "rstatus",	rmtstatushelp,	0,	1,	1,	rmtstatus },
-	{ "rhelp",	remotehelp,	0,	1,	1,	rmthelp },
-	{ "rename",	renamehelp,	0,	1,	1,	renamefile },
-	{ "reset",	resethelp,	0,	1,	1,	reset },
-	{ "restart",	restarthelp,	1,	1,	1,	restart },
-	{ "rmdir",	rmdirhelp,	0,	1,	1,	removedir },
-	{ "runique",	runiquehelp,	0,	0,	1,	setrunique },
-	{ "send",	sendhelp,	1,	1,	1,	put },
-	{ "site",	sitehelp,	0,	1,	1,	site },
-	{ "size",	sizecmdhelp,	1,	1,	1,	sizecmd },
-	{ "status",	statushelp,	0,	0,	1,	status },
-	{ "struct",	structhelp,	0,	1,	1,	setstruct },
-	{ "system",	systemhelp,	0,	1,	1,	syst },
-	{ "sunique",	suniquehelp,	0,	0,	1,	setsunique },
-	{ "tenex",	tenexhelp,	0,	1,	1,	settenex },
-	{ "trace",	tracehelp,	0,	0,	0,	settrace },
-	{ "type",	typehelp,	0,	1,	1,	settype },
-	{ "user",	userhelp,	0,	1,	1,	user },
-	{ "umask",	umaskhelp,	0,	1,	1,	do_umask },
-	{ "verbose",	verbosehelp,	0,	0,	0,	setverbose },
-	{ "?",		helphelp,	0,	0,	1,	help },
-
-	{ "protect", 	prothelp, 	0, 	1, 	0,	sec_prot },
-	/* what MIT uses */
-	{ "cprotect",	prothelp_c,	0,	1,	1,	sec_prot_command },
-#ifdef KRB4
-	{ "kauth", 	kauthhelp, 	0, 	1, 	0,	kauth },
-#endif
-#if defined(KRB4) || defined(KRB5)
-	{ "klist", 	klisthelp, 	0, 	1, 	0,	klist },
-#endif
-#ifdef KRB4
-	{ "kdestroy",	kdestroyhelp,	0,	1,	0,	kdestroy },
-	{ "krbtkfile",	krbtkfilehelp,	0,	1,	0,	krbtkfile },
-#endif
-#if defined(KRB4) || defined(KRB5)
-	{ "afslog",	afsloghelp,	0,	1,	0,	afslog },
-#endif
-	
-	{ 0 },
-};
-
-int	NCMDS = (sizeof (cmdtab) / sizeof (cmdtab[0])) - 1;
diff --git a/crypto/heimdal/appl/ftp/ftp/domacro.c b/crypto/heimdal/appl/ftp/ftp/domacro.c
deleted file mode 100644
index f0be87a05311..000000000000
--- a/crypto/heimdal/appl/ftp/ftp/domacro.c
+++ /dev/null
@@ -1,148 +0,0 @@
-/*
- * Copyright (c) 1985, 1993, 1994
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "ftp_locl.h"
-RCSID("$Id: domacro.c 14951 2005-04-25 13:09:26Z lha $");
-
-void
-domacro(int argc, char **argv)
-{
-	int i, j, count = 2, loopflg = 0;
-	char *cp1, *cp2, line2[200];
-	struct cmd *c;
-
-	if (argc < 2 && !another(&argc, &argv, "macro name")) {
-		printf("Usage: %s macro_name.\n", argv[0]);
-		code = -1;
-		return;
-	}
-	for (i = 0; i < macnum; ++i) {
-		if (!strncmp(argv[1], macros[i].mac_name, 9)) {
-			break;
-		}
-	}
-	if (i == macnum) {
-		printf("'%s' macro not found.\n", argv[1]);
-		code = -1;
-		return;
-	}
-	strlcpy(line2, line, sizeof(line2));
-TOP:
-	cp1 = macros[i].mac_start;
-	while (cp1 != macros[i].mac_end) {
-		while (isspace((unsigned char)*cp1)) {
-			cp1++;
-		}
-		cp2 = line;
-		while (*cp1 != '\0') {
-		      size_t len;
-		      switch(*cp1) {
-		   	    case '\\':
-				if (line + sizeof(line) - 2 < cp2)
-				    goto out;
-				*cp2++ = *++cp1;
-				 break;
-			    case '$':
-				 if (isdigit((unsigned char)*(cp1+1))) {
-				    j = 0;
-				    while (isdigit((unsigned char)*++cp1)) {
-					  j = 10*j +  *cp1 - '0';
-				    }
-				    cp1--;
-				    if (argc - 2 >= j) {
-					len = sizeof(line) - (cp2 - line) - 1;
-					if (strlcpy(cp2, argv[j+1], len) >= len)
-					    goto out;
-					cp2 += strlen(argv[j+1]);
-				    }
-				    break;
-				 }
-				 if (*(cp1+1) == 'i') {
-					loopflg = 1;
-					cp1++;
-					if (count < argc) {
-					   len = sizeof(line) - (cp2 - line) - 1;
-					   if (strlcpy(cp2, argv[count], len) >= len)
-					       goto out;
-					   cp2 += strlen(argv[count]);
-					}
-					break;
-				}
-				/* intentional drop through */
-			    default:
-				if (line + sizeof(line) - 2 < cp2)
-				    goto out;
-				*cp2++ = *cp1;
-				break;
-		      }
-		      if (*cp1 != '\0') {
-			 cp1++;
-		      }
-		}
-	out:
-		*cp2 = '\0';
-		makeargv();
-		c = getcmd(margv[0]);
-		if (c == (struct cmd *)-1) {
-			printf("?Ambiguous command\n");
-			code = -1;
-		}
-		else if (c == 0) {
-			printf("?Invalid command\n");
-			code = -1;
-		}
-		else if (c->c_conn && !connected) {
-			printf("Not connected.\n");
-			code = -1;
-		}
-		else {
-			if (verbose) {
-				printf("%s\n",line);
-			}
-			(*c->c_handler)(margc, margv);
-			if (bell && c->c_bell) {
-				putchar('\007');
-			}
-			strlcpy(line, line2, sizeof(line));
-			makeargv();
-			argc = margc;
-			argv = margv;
-		}
-		if (cp1 != macros[i].mac_end) {
-			cp1++;
-		}
-	}
-	if (loopflg && ++count < argc) {
-		goto TOP;
-	}
-}
diff --git a/crypto/heimdal/appl/ftp/ftp/extern.h b/crypto/heimdal/appl/ftp/ftp/extern.h
deleted file mode 100644
index a38ccd9518d3..000000000000
--- a/crypto/heimdal/appl/ftp/ftp/extern.h
+++ /dev/null
@@ -1,174 +0,0 @@
-/*-
- * Copyright (c) 1994 The Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)extern.h	8.3 (Berkeley) 10/9/94
- */
-
-/* $Id: extern.h 9075 2000-09-19 13:15:12Z assar $ */
-
-#include <setjmp.h>
-#include <stdlib.h>
-#ifdef TIME_WITH_SYS_TIME
-#include <sys/time.h>
-#include <time.h>
-#elif defined(HAVE_SYS_TIME_H)
-#include <sys/time.h>
-#else
-#include <time.h>
-#endif
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-
-void    abort_remote (FILE *);
-void    abortpt (int);
-void    abortrecv (int);
-void	account (int, char **);
-int	another (int *, char ***, char *);
-void	blkfree (char **);
-void	cd (int, char **);
-void	cdup (int, char **);
-void	changetype (int, int);
-void	cmdabort (int);
-void	cmdscanner (int);
-int	command (char *fmt, ...)
-    __attribute__ ((format (printf, 1,2)));
-int	confirm (char *, char *);
-FILE   *dataconn (const char *);
-void	delete (int, char **);
-void	disconnect (int, char **);
-void	do_chmod (int, char **);
-void	do_umask (int, char **);
-void	domacro (int, char **);
-char   *domap (char *);
-void	doproxy (int, char **);
-char   *dotrans (char *);
-int     empty (fd_set *, int);
-void	fatal (char *);
-void	get (int, char **);
-struct cmd *getcmd (char *);
-int	getit (int, char **, int, char *);
-int	getreply (int);
-int	globulize (char **);
-char   *gunique (char *);
-void	help (int, char **);
-char   *hookup (const char *, int);
-void	ftp_idle (int, char **);
-int     initconn (void);
-void	intr (int);
-void	lcd (int, char **);
-int	login (char *);
-RETSIGTYPE	lostpeer (int);
-void	ls (int, char **);
-void	macdef (int, char **);
-void	makeargv (void);
-void	makedir (int, char **);
-void	mdelete (int, char **);
-void	mget (int, char **);
-void	mls (int, char **);
-void	modtime (int, char **);
-void	mput (int, char **);
-char   *onoff (int);
-void	newer (int, char **);
-void    proxtrans (char *, char *, char *);
-void    psabort (int);
-void    pswitch (int);
-void    ptransfer (char *, long, struct timeval *, struct timeval *);
-void	put (int, char **);
-void	pwd (int, char **);
-void	quit (int, char **);
-void	quote (int, char **);
-void	quote1 (char *, int, char **);
-void    recvrequest (char *, char *, char *, char *, int, int);
-void	reget (int, char **);
-char   *remglob (char **, int);
-void	removedir (int, char **);
-void	renamefile (int, char **);
-void    reset (int, char **);
-void	restart (int, char **);
-void	rmthelp (int, char **);
-void	rmtstatus (int, char **);
-int	ruserpass (char *, char **, char **, char **);
-void    sendrequest (char *, char *, char *, char *, int);
-void	setascii (int, char **);
-void	setbell (int, char **);
-void	setbinary (int, char **);
-void	setcase (int, char **);
-void	setcr (int, char **);
-void	setdebug (int, char **);
-void	setform (int, char **);
-void	setftmode (int, char **);
-void	setglob (int, char **);
-void	sethash (int, char **);
-void	setnmap (int, char **);
-void	setntrans (int, char **);
-void	setpassive (int, char **);
-void	setpeer (int, char **);
-void	setport (int, char **);
-void	setprompt (int, char **);
-void	setrunique (int, char **);
-void	setstruct (int, char **);
-void	setsunique (int, char **);
-void	settenex (int, char **);
-void	settrace (int, char **);
-void	settype (int, char **);
-void	setverbose (int, char **);
-void	shell (int, char **);
-void	site (int, char **);
-void	sizecmd (int, char **);
-char   *slurpstring (void);
-void	status (int, char **);
-void	syst (int, char **);
-void    tvsub (struct timeval *, struct timeval *, struct timeval *);
-void	user (int, char **);
-
-extern jmp_buf	abortprox;
-extern int	abrtflag;
-extern struct	cmd cmdtab[];
-extern FILE	*cout;
-extern int	data;
-extern char    *home;
-extern jmp_buf	jabort;
-extern int	proxy;
-extern char	reply_string[];
-extern off_t	restart_point;
-extern int	NCMDS;
-
-extern char 	username[32];
-extern char	myhostname[];
-extern char	*mydomain;
-
-void afslog (int, char **);
-void kauth (int, char **);
-void kdestroy (int, char **);
-void klist (int, char **);
-void krbtkfile (int, char **);
diff --git a/crypto/heimdal/appl/ftp/ftp/ftp.1 b/crypto/heimdal/appl/ftp/ftp/ftp.1
deleted file mode 100644
index 5b8b8f6427cd..000000000000
--- a/crypto/heimdal/appl/ftp/ftp/ftp.1
+++ /dev/null
@@ -1,1211 +0,0 @@
-.\" 	$NetBSD: ftp.1,v 1.11 1995/09/08 01:06:24 tls Exp $
-.\"
-.\" Copyright (c) 1985, 1989, 1990, 1993
-.\"	The Regents of the University of California.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\"    must display the following acknowledgement:
-.\"	This product includes software developed by the University of
-.\"	California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\"	@(#)ftp.1	8.3 (Berkeley) 10/9/94
-.\"
-.Dd March 23, 2006
-.Dt FTP 1
-.Os BSD 4.2
-.Sh NAME
-.Nm ftp
-.Nd
-.Tn ARPANET
-file transfer program
-.Sh SYNOPSIS
-.Nm ftp
-.Op Fl K
-.Op Fl d
-.Op Fl g
-.Op Fl i
-.Op Fl l
-.Op Fl n
-.Op Fl p
-.Op Fl t
-.Op Fl v
-.Op Fl x
-.Op Fl -no-gss-bindings
-.Op Fl -no-gss-delegate
-.Op Ar host
-.Sh DESCRIPTION
-.Nm
-is the user interface to the
-.Tn ARPANET
-standard File Transfer Protocol.
-The program allows a user to transfer files to and from a
-remote network site.
-.Pp
-Modifications have been made so that it almost follows the FTP
-Security Extensions, RFC 2228.
-.Pp
-Options may be specified at the command line, or to the
-command interpreter.
-.Bl -tag -width flag
-.It Fl K
-Disable Kerberos authentication.
-.It Fl t
-Enables packet tracing.
-.It Fl v
-Verbose option forces
-.Nm ftp
-to show all responses from the remote server, as well
-as report on data transfer statistics.
-.It Fl n
-Restrains
-.Nm ftp
-from attempting \*(Lqauto-login\*(Rq upon initial connection.
-If auto-login is enabled,
-.Nm ftp
-will check the
-.Pa .netrc
-(see below) file in the user's home directory for an entry describing
-an account on the remote machine.
-If no entry exists,
-.Nm ftp
-will prompt for the remote machine login name (default is the user
-identity on the local machine), and, if necessary, prompt for a password
-and an account with which to login.
-.It Fl i
-Turns off interactive prompting during
-multiple file transfers.
-.It Fl p
-Turn on passive mode.
-.It Fl d
-Enables debugging.
-.It Fl g
-Disables file name globbing.
- .It Fl -no-gss-bindings
-Don't use GSS-API bindings when talking to peer. IP addresses will not
-be checked to ensure they match.
-.It Fl -no-gss-delegate
-Disable delegation of GSSAPI credentials.
-.It Fl l
-Disables command line editing.
-.It Fl x
-Encrypt command and data channel.
-.El
-.Pp
-The client host with which
-.Nm ftp
-is to communicate may be specified on the command line.
-If this is done,
-.Nm ftp
-will immediately attempt to establish a connection to an
-.Tn FTP
-server on that host; otherwise,
-.Nm ftp
-will enter its command interpreter and await instructions
-from the user.
-When
-.Nm ftp
-is awaiting commands from the user the prompt
-.Ql ftp\*[Gt]
-is provided to the user.
-The following commands are recognized
-by
-.Nm ftp  :
-.Bl -tag -width Fl
-.It Ic \&! Op Ar command Op Ar args
-Invoke an interactive shell on the local machine.
-If there are arguments, the first is taken to be a command to execute
-directly, with the rest of the arguments as its arguments.
-.It Ic \&$ Ar macro-name Op Ar args
-Execute the macro
-.Ar macro-name
-that was defined with the
-.Ic macdef
-command.
-Arguments are passed to the macro unglobbed.
-.It Ic account Op Ar passwd
-Supply a supplemental password required by a remote system for access
-to resources once a login has been successfully completed.
-If no argument is included, the user will be prompted for an account
-password in a non-echoing input mode.
-.It Ic append Ar local-file Op Ar remote-file
-Append a local file to a file on the remote machine.
-If
-.Ar remote-file
-is left unspecified, the local file name is used in naming the
-remote file after being altered by any
-.Ic ntrans
-or
-.Ic nmap
-setting.
-File transfer uses the current settings for
-.Ic type  ,
-.Ic format ,
-.Ic mode  ,
-and
-.Ic structure .
-.It Ic ascii
-Set the file transfer
-.Ic type
-to network
-.Tn ASCII .
-This is the default type.
-.It Ic bell
-Arrange that a bell be sounded after each file transfer
-command is completed.
-.It Ic binary
-Set the file transfer
-.Ic type
-to support binary image transfer.
-.It Ic bye
-Terminate the
-.Tn FTP
-session with the remote server
-and exit
-.Nm ftp  .
-An end of file will also terminate the session and exit.
-.It Ic case
-Toggle remote computer file name case mapping during
-.Ic mget
-commands.
-When
-.Ic case
-is on (default is off), remote computer file names with all letters in
-upper case are written in the local directory with the letters mapped
-to lower case.
-.It Ic \&cd Ar remote-directory
-Change the working directory on the remote machine
-to
-.Ar remote-directory  .
-.It Ic cdup
-Change the remote machine working directory to the parent of the
-current remote machine working directory.
-.It Ic chmod Ar mode file-name
-Change the permission modes of the file
-.Ar file-name
-on the remote
-sytem to
-.Ar mode  .
-.It Ic close
-Terminate the
-.Tn FTP
-session with the remote server, and
-return to the command interpreter.
-Any defined macros are erased.
-.It Ic \&cr
-Toggle carriage return stripping during
-ascii type file retrieval.
-Records are denoted by a carriage return/linefeed sequence
-during ascii type file transfer.
-When
-.Ic \&cr
-is on (the default), carriage returns are stripped from this
-sequence to conform with the
-.Ux
-single linefeed record
-delimiter.
-Records on
-.Pf non\- Ns Ux
-remote systems may contain single linefeeds;
-when an ascii type transfer is made, these linefeeds may be
-distinguished from a record delimiter only when
-.Ic \&cr
-is off.
-.It Ic delete Ar remote-file
-Delete the file
-.Ar remote-file
-on the remote machine.
-.It Ic debug Op Ar debug-value
-Toggle debugging mode.
-If an optional
-.Ar debug-value
-is specified it is used to set the debugging level.
-When debugging is on,
-.Nm ftp
-prints each command sent to the remote machine, preceded
-by the string
-.Ql \-\-\*[Gt]
-.It Xo
-.Ic dir
-.Op Ar remote-directory
-.Op Ar local-file
-.Xc
-Print a listing of the directory contents in the
-directory,
-.Ar remote-directory  ,
-and, optionally, placing the output in
-.Ar local-file  .
-If interactive prompting is on,
-.Nm ftp
-will prompt the user to verify that the last argument is indeed the
-target local file for receiving
-.Ic dir
-output.
-If no directory is specified, the current working
-directory on the remote machine is used.
-If no local
-file is specified, or
-.Ar local-file
-is
-.Fl  ,
-output comes to the terminal.
-.It Ic disconnect
-A synonym for
-.Ar close  .
-.It Ic form Ar format
-Set the file transfer
-.Ic form
-to
-.Ar format  .
-The default format is \*(Lqfile\*(Rq.
-.It Ic get Ar remote-file Op Ar local-file
-Retrieve the
-.Ar remote-file
-and store it on the local machine.
-If the local
-file name is not specified, it is given the same
-name it has on the remote machine, subject to
-alteration by the current
-.Ic case  ,
-.Ic ntrans ,
-and
-.Ic nmap
-settings.
-The current settings for
-.Ic type  ,
-.Ic form ,
-.Ic mode  ,
-and
-.Ic structure
-are used while transferring the file.
-.It Ic glob
-Toggle filename expansion for
-.Ic mdelete  ,
-.Ic mget
-and
-.Ic mput  .
-If globbing is turned off with
-.Ic glob  ,
-the file name arguments
-are taken literally and not expanded.
-Globbing for
-.Ic mput
-is done as in
-.Xr csh 1 .
-For
-.Ic mdelete
-and
-.Ic mget  ,
-each remote file name is expanded
-separately on the remote machine and the lists are not merged.
-Expansion of a directory name is likely to be
-different from expansion of the name of an ordinary file:
-the exact result depends on the foreign operating system and ftp server,
-and can be previewed by doing
-.Ql mls remote-files \- .
-As a security measure, remotely globbed files that starts with
-.Sq /
-or contains
-.Sq ../ ,
-will not be automatically received. If you have interactive prompting
-turned off, these filenames will be ignored.  Note:
-.Ic mget
-and
-.Ic mput
-are not meant to transfer
-entire directory subtrees of files.
-That can be done by
-transferring a
-.Xr tar 1
-archive of the subtree (in binary mode).
-.It Ic hash
-Toggle hash-sign (``#'') printing for each data block
-transferred.
-The size of a data block is 1024 bytes.
-.It Ic help Op Ar command
-Print an informative message about the meaning of
-.Ar command  .
-If no argument is given,
-.Nm ftp
-prints a list of the known commands.
-.It Ic idle Op Ar seconds
-Set the inactivity timer on the remote server to
-.Ar seconds
-seconds.
-If
-.Ar seconds
-is omitted, the current inactivity timer is printed.
-.It Ic lcd Op Ar directory
-Change the working directory on the local machine.
-If
-no
-.Ar directory
-is specified, the user's home directory is used.
-.It Xo
-.Ic \&ls
-.Op Ar remote-directory
-.Op Ar local-file
-.Xc
-Print a listing of the contents of a
-directory on the remote machine.
-The listing includes any system-dependent information that the server
-chooses to include; for example, most
-.Ux
-systems will produce
-output from the command
-.Ql ls \-l .
-(See also
-.Ic nlist . )
-If
-.Ar remote-directory
-is left unspecified, the current working directory is used.
-If interactive prompting is on,
-.Nm ftp
-will prompt the user to verify that the last argument is indeed the
-target local file for receiving
-.Ic \&ls
-output.
-If no local file is specified, or if
-.Ar local-file
-is
-.Sq Fl ,
-the output is sent to the terminal.
-.It Ic macdef Ar macro-name
-Define a macro.
-Subsequent lines are stored as the macro
-.Ar macro-name  ;
-a null line (consecutive newline characters
-in a file or
-carriage returns from the terminal) terminates macro input mode.
-There is a limit of 16 macros and 4096 total characters in all
-defined macros.
-Macros remain defined until a
-.Ic close
-command is executed.
-The macro processor interprets `$' and `\e' as special characters.
-A `$' followed by a number (or numbers) is replaced by the
-corresponding argument on the macro invocation command line.
-A `$' followed by an `i' signals that macro processor that the
-executing macro is to be looped.
-On the first pass `$i' is
-replaced by the first argument on the macro invocation command line,
-on the second pass it is replaced by the second argument, and so on.
-A `\e' followed by any character is replaced by that character.
-Use the `\e' to prevent special treatment of the `$'.
-.It Ic mdelete Op Ar remote-files
-Delete the
-.Ar remote-files
-on the remote machine.
-.It Ic mdir Ar remote-files local-file
-Like
-.Ic dir  ,
-except multiple remote files may be specified.
-If interactive prompting is on,
-.Nm ftp
-will prompt the user to verify that the last argument is indeed the
-target local file for receiving
-.Ic mdir
-output.
-.It Ic mget Ar remote-files
-Expand the
-.Ar remote-files
-on the remote machine
-and do a
-.Ic get
-for each file name thus produced.
-See
-.Ic glob
-for details on the filename expansion.
-Resulting file names will then be processed according to
-.Ic case  ,
-.Ic ntrans ,
-and
-.Ic nmap
-settings.
-Files are transferred into the local working directory,
-which can be changed with
-.Ql lcd directory ;
-new local directories can be created with
-.Ql "\&! mkdir directory" .
-.It Ic mkdir Ar directory-name
-Make a directory on the remote machine.
-.It Ic mls Ar remote-files local-file
-Like
-.Ic nlist  ,
-except multiple remote files may be specified,
-and the
-.Ar local-file
-must be specified.
-If interactive prompting is on,
-.Nm ftp
-will prompt the user to verify that the last argument is indeed the
-target local file for receiving
-.Ic mls
-output.
-.It Ic mode Op Ar mode-name
-Set the file transfer
-.Ic mode
-to
-.Ar mode-name  .
-The default mode is \*(Lqstream\*(Rq mode.
-.It Ic modtime Ar file-name
-Show the last modification time of the file on the remote machine.
-.It Ic mput Ar local-files
-Expand wild cards in the list of local files given as arguments
-and do a
-.Ic put
-for each file in the resulting list.
-See
-.Ic glob
-for details of filename expansion.
-Resulting file names will then be processed according to
-.Ic ntrans
-and
-.Ic nmap
-settings.
-.It Ic newer Ar file-name
-Get the file only if the modification time of the remote file is more
-recent that the file on the current system.
-If the file does not
-exist on the current system, the remote file is considered
-.Ic newer  .
-Otherwise, this command is identical to
-.Ar get  .
-.It Xo
-.Ic nlist
-.Op Ar remote-directory
-.Op Ar local-file
-.Xc
-Print a  list of the files in a
-directory on the remote machine.
-If
-.Ar remote-directory
-is left unspecified, the current working directory is used.
-If interactive prompting is on,
-.Nm ftp
-will prompt the user to verify that the last argument is indeed the
-target local file for receiving
-.Ic nlist
-output.
-If no local file is specified, or if
-.Ar local-file
-is
-.Fl  ,
-the output is sent to the terminal.
-.It Ic nmap Op Ar inpattern outpattern
-Set or unset the filename mapping mechanism.
-If no arguments are specified, the filename mapping mechanism is unset.
-If arguments are specified, remote filenames are mapped during
-.Ic mput
-commands and
-.Ic put
-commands issued without a specified remote target filename.
-If arguments are specified, local filenames are mapped during
-.Ic mget
-commands and
-.Ic get
-commands issued without a specified local target filename.
-This command is useful when connecting to a
-.No non\- Ns Ux
-remote computer
-with different file naming conventions or practices.
-The mapping follows the pattern set by
-.Ar inpattern
-and
-.Ar outpattern  .
-.Op Ar Inpattern
-is a template for incoming filenames (which may have already been
-processed according to the
-.Ic ntrans
-and
-.Ic case
-settings).
-Variable templating is accomplished by including the
-sequences `$1', `$2', ..., `$9' in
-.Ar inpattern  .
-Use `\\' to prevent this special treatment of the `$' character.
-All other characters are treated literally, and are used to determine the
-.Ic nmap
-.Op Ar inpattern
-variable values.
-For example, given
-.Ar inpattern
-$1.$2 and the remote file name "mydata.data", $1 would have the value
-"mydata", and $2 would have the value "data".
-The
-.Ar outpattern
-determines the resulting mapped filename.
-The sequences `$1', `$2', ...., `$9' are replaced by any value resulting
-from the
-.Ar inpattern
-template.
-The sequence `$0' is replace by the original filename.
-Additionally, the sequence
-.Ql Op Ar seq1 , Ar seq2
-is replaced by
-.Op Ar seq1
-if
-.Ar seq1
-is not a null string; otherwise it is replaced by
-.Ar seq2 .
-For example, the command
-.Pp
-.Bd -literal -offset indent -compact
-nmap $1.$2.$3 [$1,$2].[$2,file]
-.Ed
-.Pp
-would yield
-the output filename "myfile.data" for input filenames "myfile.data" and
-"myfile.data.old", "myfile.file" for the input filename "myfile", and
-"myfile.myfile" for the input filename ".myfile".
-Spaces may be included in
-.Ar outpattern  ,
-as in the example: `nmap $1 sed "s/  *$//" \*[Gt] $1' .
-Use the `\e' character to prevent special treatment
-of the `$','[','[', and `,' characters.
-.It Ic ntrans Op Ar inchars Op Ar outchars
-Set or unset the filename character translation mechanism.
-If no arguments are specified, the filename character
-translation mechanism is unset.
-If arguments are specified, characters in
-remote filenames are translated during
-.Ic mput
-commands and
-.Ic put
-commands issued without a specified remote target filename.
-If arguments are specified, characters in
-local filenames are translated during
-.Ic mget
-commands and
-.Ic get
-commands issued without a specified local target filename.
-This command is useful when connecting to a
-.No non\- Ns Ux
-remote computer
-with different file naming conventions or practices.
-Characters in a filename matching a character in
-.Ar inchars
-are replaced with the corresponding character in
-.Ar outchars  .
-If the character's position in
-.Ar inchars
-is longer than the length of
-.Ar outchars  ,
-the character is deleted from the file name.
-.It Ic open Ar host Op Ar port
-Establish a connection to the specified
-.Ar host
-.Tn FTP
-server.
-An optional port number may be supplied,
-in which case,
-.Nm ftp
-will attempt to contact an
-.Tn FTP
-server at that port.
-If the
-.Ic auto-login
-option is on (default),
-.Nm ftp
-will also attempt to automatically log the user in to
-the
-.Tn FTP
-server (see below).
-.It Ic passive
-Toggle passive mode.  If passive mode is turned on
-(default is off), the ftp client will
-send a
-.Dv PASV
-command for all data connections instead of the usual
-.Dv PORT
-command.  The
-.Dv PASV
-command requests that the remote server open a port for the data connection
-and return the address of that port.  The remote server listens on that
-port and the client connects to it.  When using the more traditional
-.Dv PORT
-command, the client listens on a port and sends that address to the remote
-server, who connects back to it.  Passive mode is useful when using
-.Nm ftp
-through a gateway router or host that controls the directionality of
-traffic.
-(Note that though ftp servers are required to support the
-.Dv PASV
-command by RFC 1123, some do not.)
-.It Ic prompt
-Toggle interactive prompting.
-Interactive prompting
-occurs during multiple file transfers to allow the
-user to selectively retrieve or store files.
-If prompting is turned off (default is on), any
-.Ic mget
-or
-.Ic mput
-will transfer all files, and any
-.Ic mdelete
-will delete all files.
-.It Ic proxy Ar ftp-command
-Execute an ftp command on a secondary control connection.
-This command allows simultaneous connection to two remote ftp
-servers for transferring files between the two servers.
-The first
-.Ic proxy
-command should be an
-.Ic open  ,
-to establish the secondary control connection.
-Enter the command "proxy ?" to see other ftp commands executable on the
-secondary connection.
-The following commands behave differently when prefaced by
-.Ic proxy  :
-.Ic open
-will not define new macros during the auto-login process,
-.Ic close
-will not erase existing macro definitions,
-.Ic get
-and
-.Ic mget
-transfer files from the host on the primary control connection
-to the host on the secondary control connection, and
-.Ic put  ,
-.Ic mput ,
-and
-.Ic append
-transfer files from the host on the secondary control connection
-to the host on the primary control connection.
-Third party file transfers depend upon support of the ftp protocol
-.Dv PASV
-command by the server on the secondary control connection.
-.It Ic put Ar local-file Op Ar remote-file
-Store a local file on the remote machine.
-If
-.Ar remote-file
-is left unspecified, the local file name is used
-after processing according to any
-.Ic ntrans
-or
-.Ic nmap
-settings
-in naming the remote file.
-File transfer uses the
-current settings for
-.Ic type  ,
-.Ic format ,
-.Ic mode  ,
-and
-.Ic structure  .
-.It Ic pwd
-Print the name of the current working directory on the remote
-machine.
-.It Ic quit
-A synonym for
-.Ic bye  .
-.It Ic quote Ar arg1 arg2 ...
-The arguments specified are sent, verbatim, to the remote
-.Tn FTP
-server.
-.It Ic recv Ar remote-file Op Ar local-file
-A synonym for get.
-.It Ic reget Ar remote-file Op Ar local-file
-Reget acts like get, except that if
-.Ar local-file
-exists and is
-smaller than
-.Ar remote-file  ,
-.Ar local-file
-is presumed to be
-a partially transferred copy of
-.Ar remote-file
-and the transfer
-is continued from the apparent point of failure.
-This command
-is useful when transferring very large files over networks that
-are prone to dropping connections.
-.It Ic remotehelp Op Ar command-name
-Request help from the remote
-.Tn FTP
-server.
-If a
-.Ar command-name
-is specified it is supplied to the server as well.
-.It Ic remotestatus Op Ar file-name
-With no arguments, show status of remote machine.
-If
-.Ar file-name
-is specified, show status of
-.Ar file-name
-on remote machine.
-.It Xo
-.Ic rename
-.Op Ar from
-.Op Ar to
-.Xc
-Rename the file
-.Ar from
-on the remote machine, to the file
-.Ar to  .
-.It Ic reset
-Clear reply queue.
-This command re-synchronizes command/reply sequencing with the remote
-ftp server.
-Resynchronization may be necessary following a violation of the ftp protocol
-by the remote server.
-.It Ic restart Ar marker
-Restart the immediately following
-.Ic get
-or
-.Ic put
-at the
-indicated
-.Ar marker  .
-On
-.Ux
-systems, marker is usually a byte
-offset into the file.
-.It Ic rmdir Ar directory-name
-Delete a directory on the remote machine.
-.It Ic runique
-Toggle storing of files on the local system with unique filenames.
-If a file already exists with a name equal to the target
-local filename for a
-.Ic get
-or
-.Ic mget
-command, a ".1" is appended to the name.
-If the resulting name matches another existing file,
-a ".2" is appended to the original name.
-If this process continues up to ".99", an error
-message is printed, and the transfer does not take place.
-The generated unique filename will be reported.
-Note that
-.Ic runique
-will not affect local files generated from a shell command
-(see below).
-The default value is off.
-.It Ic send Ar local-file Op Ar remote-file
-A synonym for put.
-.It Ic sendport
-Toggle the use of
-.Dv PORT
-commands.
-By default,
-.Nm ftp
-will attempt to use a
-.Dv PORT
-command when establishing
-a connection for each data transfer.
-The use of
-.Dv PORT
-commands can prevent delays
-when performing multiple file transfers.
-If the
-.Dv PORT
-command fails,
-.Nm ftp
-will use the default data port.
-When the use of
-.Dv PORT
-commands is disabled, no attempt will be made to use
-.Dv PORT
-commands for each data transfer.
-This is useful
-for certain
-.Tn FTP
-implementations which do ignore
-.Dv PORT
-commands but, incorrectly, indicate they've been accepted.
-.It Ic site Ar arg1 arg2 ...
-The arguments specified are sent, verbatim, to the remote
-.Tn FTP
-server as a
-.Dv SITE
-command.
-.It Ic size Ar file-name
-Return size of
-.Ar file-name
-on remote machine.
-.It Ic status
-Show the current status of
-.Nm ftp  .
-.It Ic struct Op Ar struct-name
-Set the file transfer
-.Ar structure
-to
-.Ar struct-name .
-By default \*(Lqstream\*(Rq structure is used.
-.It Ic sunique
-Toggle storing of files on remote machine under unique file names.
-Remote ftp server must support ftp protocol
-.Dv STOU
-command for
-successful completion.
-The remote server will report unique name.
-Default value is off.
-.It Ic system
-Show the type of operating system running on the remote machine.
-.It Ic tenex
-Set the file transfer type to that needed to
-talk to
-.Tn TENEX
-machines.
-.It Ic trace
-Toggle packet tracing.
-.It Ic type Op Ar type-name
-Set the file transfer
-.Ic type
-to
-.Ar type-name  .
-If no type is specified, the current type
-is printed.
-The default type is network
-.Tn ASCII .
-.It Ic umask Op Ar newmask
-Set the default umask on the remote server to
-.Ar newmask  .
-If
-.Ar newmask
-is omitted, the current umask is printed.
-.It Xo
-.Ic user Ar user-name
-.Op Ar password
-.Op Ar account
-.Xc
-Identify yourself to the remote
-.Tn FTP
-server.
-If the
-.Ar password
-is not specified and the server requires it,
-.Nm ftp
-will prompt the user for it (after disabling local echo).
-If an
-.Ar account
-field is not specified, and the
-.Tn FTP
-server
-requires it, the user will be prompted for it.
-If an
-.Ar account
-field is specified, an account command will
-be relayed to the remote server after the login sequence
-is completed if the remote server did not require it
-for logging in.
-Unless
-.Nm ftp
-is invoked with \*(Lqauto-login\*(Rq disabled, this
-process is done automatically on initial connection to
-the
-.Tn FTP
-server.
-.It Ic verbose
-Toggle verbose mode.
-In verbose mode, all responses from
-the
-.Tn FTP
-server are displayed to the user.
-In addition,
-if verbose is on, when a file transfer completes, statistics
-regarding the efficiency of the transfer are reported.
-By default,
-verbose is on.
-.It Ic \&? Op Ar command
-A synonym for help.
-.El
-.Pp
-The following command can be used with ftpsec-aware servers.
-.Bl -tag -width Fl
-.It Xo
-.Ic prot
-.Ar clear |
-.Ar safe |
-.Ar confidential |
-.Ar private
-.Xc
-Set the data protection level to the requested level.
-.El
-.Pp
-The following command can be used with ftp servers that has
-implemented the KAUTH site command.
-.Bl -tag -width Fl
-.It Ic kauth Op Ar principal
-Obtain remote tickets.
-.El
-.Pp
-Command arguments which have embedded spaces may be quoted with
-quote `"' marks.
-.Sh ABORTING A FILE TRANSFER
-To abort a file transfer, use the terminal interrupt key
-(usually Ctrl-C).
-Sending transfers will be immediately halted.
-Receiving transfers will be halted by sending a ftp protocol
-.Dv ABOR
-command to the remote server, and discarding any further data received.
-The speed at which this is accomplished depends upon the remote
-server's support for
-.Dv ABOR
-processing.
-If the remote server does not support the
-.Dv ABOR
-command, an
-.Ql ftp\*[Gt]
-prompt will not appear until the remote server has completed
-sending the requested file.
-.Pp
-The terminal interrupt key sequence will be ignored when
-.Nm ftp
-has completed any local processing and is awaiting a reply
-from the remote server.
-A long delay in this mode may result from the ABOR processing described
-above, or from unexpected behavior by the remote server, including
-violations of the ftp protocol.
-If the delay results from unexpected remote server behavior, the local
-.Nm ftp
-program must be killed by hand.
-.Sh FILE NAMING CONVENTIONS
-Files specified as arguments to
-.Nm ftp
-commands are processed according to the following rules.
-.Bl -enum
-.It
-If the file name
-.Sq Fl
-is specified, the
-.Ar stdin
-(for reading) or
-.Ar stdout
-(for writing) is used.
-.It
-If the first character of the file name is
-.Sq \&| ,
-the
-remainder of the argument is interpreted as a shell command.
-.Nm Ftp
-then forks a shell, using
-.Xr popen 3
-with the argument supplied, and reads (writes) from the stdout
-(stdin).
-If the shell command includes spaces, the argument
-must be quoted; e.g.
-\*(Lq" ls -lt"\*(Rq.
-A particularly
-useful example of this mechanism is: \*(Lqdir more\*(Rq.
-.It
-Failing the above checks, if ``globbing'' is enabled,
-local file names are expanded
-according to the rules used in the
-.Xr csh  1  ;
-c.f. the
-.Ic glob
-command.
-If the
-.Nm ftp
-command expects a single local file (.e.g.
-.Ic put  ) ,
-only the first filename generated by the "globbing" operation is used.
-.It
-For
-.Ic mget
-commands and
-.Ic get
-commands with unspecified local file names, the local filename is
-the remote filename, which may be altered by a
-.Ic case  ,
-.Ic ntrans ,
-or
-.Ic nmap
-setting.
-The resulting filename may then be altered if
-.Ic runique
-is on.
-.It
-For
-.Ic mput
-commands and
-.Ic put
-commands with unspecified remote file names, the remote filename is
-the local filename, which may be altered by a
-.Ic ntrans
-or
-.Ic nmap
-setting.
-The resulting filename may then be altered by the remote server if
-.Ic sunique
-is on.
-.El
-.Sh FILE TRANSFER PARAMETERS
-The FTP specification specifies many parameters which may
-affect a file transfer.
-The
-.Ic type
-may be one of \*(Lqascii\*(Rq, \*(Lqimage\*(Rq (binary),
-\*(Lqebcdic\*(Rq, and \*(Lqlocal byte size\*(Rq (for
-.Tn PDP Ns -10's
-and
-.Tn PDP Ns -20's
-mostly).
-.Nm Ftp
-supports the ascii and image types of file transfer,
-plus local byte size 8 for
-.Ic tenex
-mode transfers.
-.Pp
-.Nm Ftp
-supports only the default values for the remaining
-file transfer parameters:
-.Ic mode  ,
-.Ic form ,
-and
-.Ic struct  .
-.Sh THE .netrc FILE
-The
-.Pa .netrc
-file contains login and initialization information
-used by the auto-login process.
-It resides in the user's home directory.
-The following tokens are recognized; they may be separated by spaces,
-tabs, or new-lines:
-.Bl -tag -width password
-.It Ic machine Ar name
-Identify a remote machine
-.Ar name .
-The auto-login process searches the
-.Pa .netrc
-file for a
-.Ic machine
-token that matches the remote machine specified on the
-.Nm ftp
-command line or as an
-.Ic open
-command argument.
-Once a match is made, the subsequent
-.Pa .netrc
-tokens are processed,
-stopping when the end of file is reached or another
-.Ic machine
-or a
-.Ic default
-token is encountered.
-.It Ic default
-This is the same as
-.Ic machine
-.Ar name
-except that
-.Ic default
-matches any name.
-There can be only one
-.Ic default
-token, and it must be after all
-.Ic machine
-tokens.
-This is normally used as:
-.Pp
-.Dl default login anonymous password user@site
-.Pp
-thereby giving the user
-.Ar automatic
-anonymous ftp login to
-machines not specified in
-.Pa .netrc .
-This can be overridden
-by using the
-.Fl n
-flag to disable auto-login.
-.It Ic login Ar name
-Identify a user on the remote machine.
-If this token is present, the auto-login process will initiate
-a login using the specified
-.Ar name .
-.It Ic password Ar string
-Supply a password.
-If this token is present, the auto-login process will supply the
-specified string if the remote server requires a password as part
-of the login process.
-Note that if this token is present in the
-.Pa .netrc
-file for any user other
-than
-.Ar anonymous  ,
-.Nm ftp
-will abort the auto-login process if the
-.Pa .netrc
-is readable by
-anyone besides the user.
-.It Ic account Ar string
-Supply an additional account password.
-If this token is present, the auto-login process will supply the
-specified string if the remote server requires an additional
-account password, or the auto-login process will initiate an
-.Dv ACCT
-command if it does not.
-.It Ic macdef Ar name
-Define a macro.
-This token functions like the
-.Nm ftp
-.Ic macdef
-command functions.
-A macro is defined with the specified name; its contents begin with the
-next
-.Pa .netrc
-line and continue until a null line (consecutive new-line
-characters) is encountered.
-If a macro named
-.Ic init
-is defined, it is automatically executed as the last step in the
-auto-login process.
-.El
-.Sh ENVIRONMENT
-.Nm Ftp
-uses the following environment variables.
-.Bl -tag -width Fl
-.It Ev HOME
-For default location of a
-.Pa .netrc
-file, if one exists.
-.It Ev SHELL
-For default shell.
-.El
-.Sh SEE ALSO
-.Xr ftpd 8
-.Rs
-.%T RFC2228
-.Re
-.Sh HISTORY
-The
-.Nm ftp
-command appeared in
-.Bx 4.2 .
-.Sh BUGS
-Correct execution of many commands depends upon proper behavior
-by the remote server.
-.Pp
-An error in the treatment of carriage returns
-in the
-.Bx 4.2
-ascii-mode transfer code
-has been corrected.
-This correction may result in incorrect transfers of binary files
-to and from
-.Bx 4.2
-servers using the ascii type.
-Avoid this problem by using the binary image type.
diff --git a/crypto/heimdal/appl/ftp/ftp/ftp.c b/crypto/heimdal/appl/ftp/ftp/ftp.c
deleted file mode 100644
index 0a00bd245667..000000000000
--- a/crypto/heimdal/appl/ftp/ftp/ftp.c
+++ /dev/null
@@ -1,1780 +0,0 @@
-/*
- * Copyright (c) 1985, 1989, 1993, 1994
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "ftp_locl.h"
-RCSID ("$Id: ftp.c 16650 2006-01-24 08:16:08Z lha $");
-
-struct sockaddr_storage hisctladdr_ss;
-struct sockaddr *hisctladdr = (struct sockaddr *)&hisctladdr_ss;
-struct sockaddr_storage data_addr_ss;
-struct sockaddr *data_addr  = (struct sockaddr *)&data_addr_ss;
-struct sockaddr_storage myctladdr_ss;
-struct sockaddr *myctladdr = (struct sockaddr *)&myctladdr_ss;
-int data = -1;
-int abrtflag = 0;
-jmp_buf ptabort;
-int ptabflg;
-int ptflag = 0;
-off_t restart_point = 0;
-
-
-FILE *cin, *cout;
-
-typedef void (*sighand) (int);
-
-char *
-hookup (const char *host, int port)
-{
-    static char hostnamebuf[MaxHostNameLen];
-    struct addrinfo *ai, *a;
-    struct addrinfo hints;
-    int error;
-    char portstr[NI_MAXSERV];
-    socklen_t len;
-    int s;
-
-    memset (&hints, 0, sizeof(hints));
-    hints.ai_socktype = SOCK_STREAM;
-    hints.ai_protocol = IPPROTO_TCP;
-    hints.ai_flags    = AI_CANONNAME;
-
-    snprintf (portstr, sizeof(portstr), "%u", ntohs(port));
-
-    error = getaddrinfo (host, portstr, &hints, &ai);
-    if (error) {
-	warnx ("%s: %s", host, gai_strerror(error));
-	code = -1;
-	return NULL;
-    }
-    strlcpy (hostnamebuf, host, sizeof(hostnamebuf));
-    hostname = hostnamebuf;
-
-    s = -1;
-    for (a = ai; a != NULL; a = a->ai_next) {
-	s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
-	if (s < 0)
-	    continue;
-
-	if (a->ai_canonname != NULL)
-	    strlcpy (hostnamebuf, a->ai_canonname, sizeof(hostnamebuf));
-
-	memcpy (hisctladdr, a->ai_addr, a->ai_addrlen);
-	
-	error = connect (s, a->ai_addr, a->ai_addrlen);
-	if (error < 0) {
-	    char addrstr[256];
-
-	    if (getnameinfo (a->ai_addr, a->ai_addrlen,
-			     addrstr, sizeof(addrstr),
-			     NULL, 0, NI_NUMERICHOST) != 0)
-		strlcpy (addrstr, "unknown address", sizeof(addrstr));
-			     
-	    warn ("connect %s", addrstr);
-	    close (s);
-	    s = -1;
-	    continue;
-	}
-	break;
-    }
-    freeaddrinfo (ai);
-    if (s < 0) {
-	warnx ("failed to contact %s", host);
-	code = -1;
-	return NULL;
-    }
-
-    len = sizeof(myctladdr_ss);
-    if (getsockname (s, myctladdr, &len) < 0) {
-	warn ("getsockname");
-	code = -1;
-	close (s);
-	return NULL;
-    }
-#ifdef IPTOS_LOWDELAY
-    socket_set_tos (s, IPTOS_LOWDELAY);
-#endif
-    cin = fdopen (s, "r");
-    cout = fdopen (s, "w");
-    if (cin == NULL || cout == NULL) {
-	warnx ("fdopen failed.");
-	if (cin)
-	    fclose (cin);
-	if (cout)
-	    fclose (cout);
-	code = -1;
-	goto bad;
-    }
-    if (verbose)
-	printf ("Connected to %s.\n", hostname);
-    if (getreply (0) > 2) {	/* read startup message from server */
-	if (cin)
-	    fclose (cin);
-	if (cout)
-	    fclose (cout);
-	code = -1;
-	goto bad;
-    }
-#if defined(SO_OOBINLINE) && defined(HAVE_SETSOCKOPT)
-    {
-	int on = 1;
-
-	if (setsockopt (s, SOL_SOCKET, SO_OOBINLINE, (char *) &on, sizeof (on))
-	    < 0 && debug) {
-	    warn ("setsockopt");
-	}
-    }
-#endif				/* SO_OOBINLINE */
-
-    return (hostname);
-bad:
-    close (s);
-    return NULL;
-}
-
-int
-login (char *host)
-{
-    char tmp[80];
-    char defaultpass[128];
-    char *userstr, *pass, *acctstr;
-    int n, aflag = 0;
-
-    char *myname = NULL;
-    struct passwd *pw = k_getpwuid(getuid());
-
-    if (pw != NULL)
-	myname = pw->pw_name;
-
-    userstr = pass = acctstr = 0;
-
-    if(sec_login(host))
-	printf("\n*** Using plaintext user and password ***\n\n");
-    else{
-	printf("Authentication successful.\n\n");
-    }
-
-    if (ruserpass (host, &userstr, &pass, &acctstr) < 0) {
-	code = -1;
-	return (0);
-    }
-    while (userstr == NULL) {
-	if (myname)
-	    printf ("Name (%s:%s): ", host, myname);
-	else
-	    printf ("Name (%s): ", host);
-	*tmp = '\0';
-	if (fgets (tmp, sizeof (tmp) - 1, stdin) != NULL)
-	    tmp[strlen (tmp) - 1] = '\0';
-	if (*tmp == '\0')
-	    userstr = myname;
-	else
-	    userstr = tmp;
-    }
-    strlcpy(username, userstr, sizeof(username));
-    n = command("USER %s", userstr);
-    if (n == COMPLETE) 
-       n = command("PASS dummy"); /* DK: Compatibility with gssftp daemon */
-    else if(n == CONTINUE) {
-	if (pass == NULL) {
-	    char prompt[128];
-	    if(myname && 
-	       (!strcmp(userstr, "ftp") || !strcmp(userstr, "anonymous"))) {
-		snprintf(defaultpass, sizeof(defaultpass), 
-			 "%s@%s", myname, mydomain);
-		snprintf(prompt, sizeof(prompt), 
-			 "Password (%s): ", defaultpass);
-	    } else if (sec_complete) {
-		pass = myname;
-	    } else {
-		*defaultpass = '\0';
-		snprintf(prompt, sizeof(prompt), "Password: ");
-	    }
-	    if (pass == NULL) {
-		pass = defaultpass;
-		UI_UTIL_read_pw_string (tmp, sizeof (tmp), prompt, 0);
-		if (tmp[0])
-		    pass = tmp;
-	    }
-	}
-	n = command ("PASS %s", pass);
-    }
-    if (n == CONTINUE) {
-	aflag++;
-	acctstr = tmp;
-	UI_UTIL_read_pw_string (acctstr, 128, "Account:", 0);
-	n = command ("ACCT %s", acctstr);
-    }
-    if (n != COMPLETE) {
-	warnx ("Login failed.");
-	return (0);
-    }
-    if (!aflag && acctstr != NULL)
-	command ("ACCT %s", acctstr);
-    if (proxy)
-	return (1);
-    for (n = 0; n < macnum; ++n) {
-	if (!strcmp("init", macros[n].mac_name)) {
-	    strlcpy (line, "$init", sizeof (line));
-	    makeargv();
-	    domacro(margc, margv);
-	    break;
-	}
-    }
-    sec_set_protection_level ();
-    return (1);
-}
-
-void
-cmdabort (int sig)
-{
-
-    printf ("\n");
-    fflush (stdout);
-    abrtflag++;
-    if (ptflag)
-	longjmp (ptabort, 1);
-}
-
-int
-command (char *fmt,...)
-{
-    va_list ap;
-    int r;
-    sighand oldintr;
-
-    abrtflag = 0;
-    if (cout == NULL) {
-	warn ("No control connection for command");
-	code = -1;
-	return (0);
-    }
-    oldintr = signal(SIGINT, cmdabort);
-    if(debug){
-	printf("---> ");
-	if (strncmp("PASS ", fmt, 5) == 0)
-	    printf("PASS XXXX");
-	else {
-	    va_start(ap, fmt);
-	    vfprintf(stdout, fmt, ap);
-	    va_end(ap);
-	}
-    }
-    va_start(ap, fmt);
-    sec_vfprintf(cout, fmt, ap);
-    va_end(ap);
-    if(debug){
-	printf("\n");
-	fflush(stdout);
-    }
-    fprintf (cout, "\r\n");
-    fflush (cout);
-    cpend = 1;
-    r = getreply (!strcmp (fmt, "QUIT"));
-    if (abrtflag && oldintr != SIG_IGN)
-	(*oldintr) (SIGINT);
-    signal (SIGINT, oldintr);
-    return (r);
-}
-
-char reply_string[BUFSIZ];	/* last line of previous reply */
-
-int
-getreply (int expecteof)
-{
-    char *p;
-    char *lead_string;
-    int c;
-    struct sigaction sa, osa;
-    char buf[8192];
-    int reply_code;
-    int long_warn = 0;
-
-    sigemptyset (&sa.sa_mask);
-    sa.sa_flags = 0;
-    sa.sa_handler = cmdabort;
-    sigaction (SIGINT, &sa, &osa);
-
-    p = buf;
-
-    reply_code = 0;
-    while (1) {
-	c = getc (cin);
-	switch (c) {
-	case EOF:
-	    if (expecteof) {
-		sigaction (SIGINT, &osa, NULL);
-		code = 221;
-		return 0;
-	    }
-	    lostpeer (0);
-	    if (verbose) {
-		printf ("421 Service not available, "
-			"remote server has closed connection\n");
-		fflush (stdout);
-	    }
-	    code = 421;
-	    return (4);
-	case IAC:
-	    c = getc (cin);
-	    if (c == WILL || c == WONT)
-		fprintf (cout, "%c%c%c", IAC, DONT, getc (cin));
-	    if (c == DO || c == DONT)
-		fprintf (cout, "%c%c%c", IAC, WONT, getc (cin));
-	    continue;
-	case '\n':
-	    *p++ = '\0';
-	    if(isdigit((unsigned char)buf[0])){
-		sscanf(buf, "%d", &code);
-		if(code == 631){
-		    code = 0;
-		    sec_read_msg(buf, prot_safe);
-		    sscanf(buf, "%d", &code);
-		    lead_string = "S:";
-		} else if(code == 632){
-		    code = 0;
-		    sec_read_msg(buf, prot_private);
-		    sscanf(buf, "%d", &code);
-		    lead_string = "P:";
-		}else if(code == 633){
-		    code = 0;
-		    sec_read_msg(buf, prot_confidential);
-		    sscanf(buf, "%d", &code);
-		    lead_string = "C:";
-		}else if(sec_complete)
-		    lead_string = "!!";
-		else
-		    lead_string = "";
-		if(code != 0 && reply_code == 0)
-		    reply_code = code;
-		if (verbose > 0 || (verbose > -1 && code > 499))
-		    fprintf (stdout, "%s%s\n", lead_string, buf);
-		if (code == reply_code && buf[3] == ' ') {
-		    strlcpy (reply_string, buf, sizeof(reply_string));
-		    if (code >= 200)
-			cpend = 0;
-		    sigaction (SIGINT, &osa, NULL);
-		    if (code == 421)
-			lostpeer (0);
-#if 1
-		    if (abrtflag &&
-			osa.sa_handler != cmdabort &&
-			osa.sa_handler != SIG_IGN)
-			osa.sa_handler (SIGINT);
-#endif
-		    if (code == 227 || code == 229) {
-			char *q;
-
-			q = strchr (reply_string, '(');
-			if (q) {
-			    q++;
-			    strlcpy(pasv, q, sizeof(pasv));
-			    q = strrchr(pasv, ')');
-			    if (q)
-				*q = '\0';
-			}
-		    }
-		    return code / 100;
-		}
-	    }else{
-		if(verbose > 0 || (verbose > -1 && code > 499)){
-		    if(sec_complete)
-			fprintf(stdout, "!!");
-		    fprintf(stdout, "%s\n", buf);
-		}
-	    }
-	    p = buf;
-	    long_warn = 0;
-	    continue;
-	default:
-	    if(p < buf + sizeof(buf) - 1)
-		*p++ = c; 
-	    else if(long_warn == 0) {
-		fprintf(stderr, "WARNING: incredibly long line received\n");
-		long_warn = 1;
-	    }
-	}
-    }
-
-}
-
-
-#if 0
-int
-getreply (int expecteof)
-{
-    int c, n;
-    int dig;
-    int originalcode = 0, continuation = 0;
-    sighand oldintr;
-    int pflag = 0;
-    char *cp, *pt = pasv;
-
-    oldintr = signal (SIGINT, cmdabort);
-    for (;;) {
-	dig = n = code = 0;
-	cp = reply_string;
-	while ((c = getc (cin)) != '\n') {
-	    if (c == IAC) {	/* handle telnet commands */
-		switch (c = getc (cin)) {
-		case WILL:
-		case WONT:
-		    c = getc (cin);
-		    fprintf (cout, "%c%c%c", IAC, DONT, c);
-		    fflush (cout);
-		    break;
-		case DO:
-		case DONT:
-		    c = getc (cin);
-		    fprintf (cout, "%c%c%c", IAC, WONT, c);
-		    fflush (cout);
-		    break;
-		default:
-		    break;
-		}
-		continue;
-	    }
-	    dig++;
-	    if (c == EOF) {
-		if (expecteof) {
-		    signal (SIGINT, oldintr);
-		    code = 221;
-		    return (0);
-		}
-		lostpeer (0);
-		if (verbose) {
-		    printf ("421 Service not available, remote server has closed connection\n");
-		    fflush (stdout);
-		}
-		code = 421;
-		return (4);
-	    }
-	    if (c != '\r' && (verbose > 0 ||
-			      (verbose > -1 && n == '5' && dig > 4))) {
-		if (proxflag &&
-		    (dig == 1 || dig == 5 && verbose == 0))
-		    printf ("%s:", hostname);
-		putchar (c);
-	    }
-	    if (dig < 4 && isdigit (c))
-		code = code * 10 + (c - '0');
-	    if (!pflag && code == 227)
-		pflag = 1;
-	    if (dig > 4 && pflag == 1 && isdigit (c))
-		pflag = 2;
-	    if (pflag == 2) {
-		if (c != '\r' && c != ')')
-		    *pt++ = c;
-		else {
-		    *pt = '\0';
-		    pflag = 3;
-		}
-	    }
-	    if (dig == 4 && c == '-') {
-		if (continuation)
-		    code = 0;
-		continuation++;
-	    }
-	    if (n == 0)
-		n = c;
-	    if (cp < &reply_string[sizeof (reply_string) - 1])
-		*cp++ = c;
-	}
-	if (verbose > 0 || verbose > -1 && n == '5') {
-	    putchar (c);
-	    fflush (stdout);
-	}
-	if (continuation && code != originalcode) {
-	    if (originalcode == 0)
-		originalcode = code;
-	    continue;
-	}
-	*cp = '\0';
-	if(sec_complete){
-	    if(code == 631)
-		sec_read_msg(reply_string, prot_safe);
-	    else if(code == 632)
-		sec_read_msg(reply_string, prot_private);
-	    else if(code == 633)
-		sec_read_msg(reply_string, prot_confidential);
-	    n = code / 100 + '0';
-	}
-	if (n != '1')
-	    cpend = 0;
-	signal (SIGINT, oldintr);
-	if (code == 421 || originalcode == 421)
-	    lostpeer (0);
-	if (abrtflag && oldintr != cmdabort && oldintr != SIG_IGN)
-	    (*oldintr) (SIGINT);
-	return (n - '0');
-    }
-}
-
-#endif
-
-int
-empty (fd_set * mask, int sec)
-{
-    struct timeval t;
-
-    t.tv_sec = sec;
-    t.tv_usec = 0;
-    return (select (FD_SETSIZE, mask, NULL, NULL, &t));
-}
-
-jmp_buf sendabort;
-
-static RETSIGTYPE
-abortsend (int sig)
-{
-
-    mflag = 0;
-    abrtflag = 0;
-    printf ("\nsend aborted\nwaiting for remote to finish abort\n");
-    fflush (stdout);
-    longjmp (sendabort, 1);
-}
-
-#define HASHBYTES 1024
-
-static int
-copy_stream (FILE * from, FILE * to)
-{
-    static size_t bufsize;
-    static char *buf;
-    int n;
-    int bytes = 0;
-    int werr = 0;
-    int hashbytes = HASHBYTES;
-    struct stat st;
-
-#if defined(HAVE_MMAP) && !defined(NO_MMAP)
-    void *chunk;
-
-#ifndef MAP_FAILED
-#define MAP_FAILED (-1)
-#endif
-
-    if (fstat (fileno (from), &st) == 0 && S_ISREG (st.st_mode)) {
-	/*
-	 * mmap zero bytes has potential of loosing, don't do it.
-	 */
-	if (st.st_size == 0)
-	    return 0;
-	chunk = mmap (0, st.st_size, PROT_READ, MAP_SHARED, fileno (from), 0);
-	if (chunk != (void *) MAP_FAILED) {
-	    int res;
-
-	    res = sec_write (fileno (to), chunk, st.st_size);
-	    if (munmap (chunk, st.st_size) < 0)
-		warn ("munmap");
-	    sec_fflush (to);
-	    return res;
-	}
-    }
-#endif
-
-    buf = alloc_buffer (buf, &bufsize,
-			fstat (fileno (from), &st) >= 0 ? &st : NULL);
-    if (buf == NULL)
-	return -1;
-
-    while ((n = read (fileno (from), buf, bufsize)) > 0) {
-	werr = sec_write (fileno (to), buf, n);
-	if (werr < 0)
-	    break;
-	bytes += werr;
-	while (hash && bytes > hashbytes) {
-	    putchar ('#');
-	    hashbytes += HASHBYTES;
-	}
-    }
-    sec_fflush (to);
-    if (n < 0)
-	warn ("local");
-
-    if (werr < 0) {
-	if (errno != EPIPE)
-	    warn ("netout");
-	bytes = -1;
-    }
-    return bytes;
-}
-
-void
-sendrequest (char *cmd, char *local, char *remote, char *lmode, int printnames)
-{
-    struct stat st;
-    struct timeval start, stop;
-    int c, d;
-    FILE *fin, *dout = 0;
-    int (*closefunc) (FILE *);
-    RETSIGTYPE (*oldintr)(int), (*oldintp)(int);
-    long bytes = 0, hashbytes = HASHBYTES;
-    char *rmode = "w";
-
-    if (verbose && printnames) {
-	if (local && strcmp (local, "-") != 0)
-	    printf ("local: %s ", local);
-	if (remote)
-	    printf ("remote: %s\n", remote);
-    }
-    if (proxy) {
-	proxtrans (cmd, local, remote);
-	return;
-    }
-    if (curtype != type)
-	changetype (type, 0);
-    closefunc = NULL;
-    oldintr = NULL;
-    oldintp = NULL;
-
-    if (setjmp (sendabort)) {
-	while (cpend) {
-	    getreply (0);
-	}
-	if (data >= 0) {
-	    close (data);
-	    data = -1;
-	}
-	if (oldintr)
-	    signal (SIGINT, oldintr);
-	if (oldintp)
-	    signal (SIGPIPE, oldintp);
-	code = -1;
-	return;
-    }
-    oldintr = signal (SIGINT, abortsend);
-    if (strcmp (local, "-") == 0)
-	fin = stdin;
-    else if (*local == '|') {
-	oldintp = signal (SIGPIPE, SIG_IGN);
-	fin = popen (local + 1, lmode);
-	if (fin == NULL) {
-	    warn ("%s", local + 1);
-	    signal (SIGINT, oldintr);
-	    signal (SIGPIPE, oldintp);
-	    code = -1;
-	    return;
-	}
-	closefunc = pclose;
-    } else {
-	fin = fopen (local, lmode);
-	if (fin == NULL) {
-	    warn ("local: %s", local);
-	    signal (SIGINT, oldintr);
-	    code = -1;
-	    return;
-	}
-	closefunc = fclose;
-	if (fstat (fileno (fin), &st) < 0 ||
-	    (st.st_mode & S_IFMT) != S_IFREG) {
-	    fprintf (stdout, "%s: not a plain file.\n", local);
-	    signal (SIGINT, oldintr);
-	    fclose (fin);
-	    code = -1;
-	    return;
-	}
-    }
-    if (initconn ()) {
-	signal (SIGINT, oldintr);
-	if (oldintp)
-	    signal (SIGPIPE, oldintp);
-	code = -1;
-	if (closefunc != NULL)
-	    (*closefunc) (fin);
-	return;
-    }
-    if (setjmp (sendabort))
-	goto abort;
-
-    if (restart_point &&
-	(strcmp (cmd, "STOR") == 0 || strcmp (cmd, "APPE") == 0)) {
-	int rc;
-
-	switch (curtype) {
-	case TYPE_A:
-	    rc = fseek (fin, (long) restart_point, SEEK_SET);
-	    break;
-	case TYPE_I:
-	case TYPE_L:
-	    rc = lseek (fileno (fin), restart_point, SEEK_SET);
-	    break;
-	default:
-	    abort();
-	}
-	if (rc < 0) {
-	    warn ("local: %s", local);
-	    restart_point = 0;
-	    if (closefunc != NULL)
-		(*closefunc) (fin);
-	    return;
-	}
-	if (command ("REST %ld", (long) restart_point)
-	    != CONTINUE) {
-	    restart_point = 0;
-	    if (closefunc != NULL)
-		(*closefunc) (fin);
-	    return;
-	}
-	restart_point = 0;
-	rmode = "r+w";
-    }
-    if (remote) {
-	if (command ("%s %s", cmd, remote) != PRELIM) {
-	    signal (SIGINT, oldintr);
-	    if (oldintp)
-		signal (SIGPIPE, oldintp);
-	    if (closefunc != NULL)
-		(*closefunc) (fin);
-	    return;
-	}
-    } else if (command ("%s", cmd) != PRELIM) {
-	    signal(SIGINT, oldintr);
-	    if (oldintp)
-		signal(SIGPIPE, oldintp);
-	    if (closefunc != NULL)
-		(*closefunc)(fin);
-	    return;
-	}
-    dout = dataconn(rmode);
-    if (dout == NULL)
-	goto abort;
-    set_buffer_size (fileno (dout), 0);
-    gettimeofday (&start, (struct timezone *) 0);
-    oldintp = signal (SIGPIPE, SIG_IGN);
-    switch (curtype) {
-
-    case TYPE_I:
-    case TYPE_L:
-	errno = d = c = 0;
-	bytes = copy_stream (fin, dout);
-	break;
-
-    case TYPE_A:
-	while ((c = getc (fin)) != EOF) {
-	    if (c == '\n') {
-		while (hash && (bytes >= hashbytes)) {
-		    putchar ('#');
-		    fflush (stdout);
-		    hashbytes += HASHBYTES;
-		}
-		if (ferror (dout))
-		    break;
-		sec_putc ('\r', dout);
-		bytes++;
-	    }
-	    sec_putc (c, dout);
-	    bytes++;
-	}
-	sec_fflush (dout);
-	if (hash) {
-	    if (bytes < hashbytes)
-		putchar ('#');
-	    putchar ('\n');
-	    fflush (stdout);
-	}
-	if (ferror (fin))
-	    warn ("local: %s", local);
-	if (ferror (dout)) {
-	    if (errno != EPIPE)
-		warn ("netout");
-	    bytes = -1;
-	}
-	break;
-    }
-    if (closefunc != NULL)
-	(*closefunc) (fin);
-    fclose (dout);
-    gettimeofday (&stop, (struct timezone *) 0);
-    getreply (0);
-    signal (SIGINT, oldintr);
-    if (oldintp)
-	signal (SIGPIPE, oldintp);
-    if (bytes > 0)
-	ptransfer ("sent", bytes, &start, &stop);
-    return;
-abort:
-    signal (SIGINT, oldintr);
-    if (oldintp)
-	signal (SIGPIPE, oldintp);
-    if (!cpend) {
-	code = -1;
-	return;
-    }
-    if (data >= 0) {
-	close (data);
-	data = -1;
-    }
-    if (dout)
-	fclose (dout);
-    getreply (0);
-    code = -1;
-    if (closefunc != NULL && fin != NULL)
-	(*closefunc) (fin);
-    gettimeofday (&stop, (struct timezone *) 0);
-    if (bytes > 0)
-	ptransfer ("sent", bytes, &start, &stop);
-}
-
-jmp_buf recvabort;
-
-void
-abortrecv (int sig)
-{
-
-    mflag = 0;
-    abrtflag = 0;
-    printf ("\nreceive aborted\nwaiting for remote to finish abort\n");
-    fflush (stdout);
-    longjmp (recvabort, 1);
-}
-
-void
-recvrequest (char *cmd, char *local, char *remote,
-	     char *lmode, int printnames, int local_given)
-{
-    FILE *fout = NULL, *din = NULL;
-    int (*closefunc) (FILE *);
-    sighand oldintr, oldintp;
-    int c, d, is_retr, tcrflag, bare_lfs = 0;
-    static size_t bufsize;
-    static char *buf;
-    long bytes = 0, hashbytes = HASHBYTES;
-    struct timeval start, stop;
-    struct stat st;
-
-    is_retr = strcmp (cmd, "RETR") == 0;
-    if (is_retr && verbose && printnames) {
-	if (local && strcmp (local, "-") != 0)
-	    printf ("local: %s ", local);
-	if (remote)
-	    printf ("remote: %s\n", remote);
-    }
-    if (proxy && is_retr) {
-	proxtrans (cmd, local, remote);
-	return;
-    }
-    closefunc = NULL;
-    oldintr = NULL;
-    oldintp = NULL;
-    tcrflag = !crflag && is_retr;
-    if (setjmp (recvabort)) {
-	while (cpend) {
-	    getreply (0);
-	}
-	if (data >= 0) {
-	    close (data);
-	    data = -1;
-	}
-	if (oldintr)
-	    signal (SIGINT, oldintr);
-	code = -1;
-	return;
-    }
-    oldintr = signal (SIGINT, abortrecv);
-    if (!local_given || (strcmp (local, "-") && *local != '|')) {
-	if (access (local, 2) < 0) {
-	    char *dir = strrchr (local, '/');
-
-	    if (errno != ENOENT && errno != EACCES) {
-		warn ("local: %s", local);
-		signal (SIGINT, oldintr);
-		code = -1;
-		return;
-	    }
-	    if (dir != NULL)
-		*dir = 0;
-	    d = access (dir ? local : ".", 2);
-	    if (dir != NULL)
-		*dir = '/';
-	    if (d < 0) {
-		warn ("local: %s", local);
-		signal (SIGINT, oldintr);
-		code = -1;
-		return;
-	    }
-	    if (!runique && errno == EACCES &&
-		chmod (local, 0600) < 0) {
-		warn ("local: %s", local);
-		signal (SIGINT, oldintr);
-		signal (SIGINT, oldintr);
-		code = -1;
-		return;
-	    }
-	    if (runique && errno == EACCES &&
-		(local = gunique (local)) == NULL) {
-		signal (SIGINT, oldintr);
-		code = -1;
-		return;
-	    }
-	} else if (runique && (local = gunique (local)) == NULL) {
-	    signal(SIGINT, oldintr);
-	    code = -1;
-	    return;
-	}
-    }
-    if (!is_retr) {
-	if (curtype != TYPE_A)
-	    changetype (TYPE_A, 0);
-    } else if (curtype != type)
-	changetype (type, 0);
-    if (initconn ()) {
-	signal (SIGINT, oldintr);
-	code = -1;
-	return;
-    }
-    if (setjmp (recvabort))
-	goto abort;
-    if (is_retr && restart_point &&
-	command ("REST %ld", (long) restart_point) != CONTINUE)
-	return;
-    if (remote) {
-	if (command ("%s %s", cmd, remote) != PRELIM) {
-	    signal (SIGINT, oldintr);
-	    return;
-	}
-    } else {
-	if (command ("%s", cmd) != PRELIM) {
-	    signal (SIGINT, oldintr);
-	    return;
-	}
-    }
-    din = dataconn ("r");
-    if (din == NULL)
-	goto abort;
-    set_buffer_size (fileno (din), 1);
-    if (local_given && strcmp (local, "-") == 0)
-	fout = stdout;
-    else if (local_given && *local == '|') {
-	oldintp = signal (SIGPIPE, SIG_IGN);
-	fout = popen (local + 1, "w");
-	if (fout == NULL) {
-	    warn ("%s", local + 1);
-	    goto abort;
-	}
-	closefunc = pclose;
-    } else {
-	fout = fopen (local, lmode);
-	if (fout == NULL) {
-	    warn ("local: %s", local);
-	    goto abort;
-	}
-	closefunc = fclose;
-    }
-    buf = alloc_buffer (buf, &bufsize,
-			fstat (fileno (fout), &st) >= 0 ? &st : NULL);
-    if (buf == NULL)
-	goto abort;
-
-    gettimeofday (&start, (struct timezone *) 0);
-    switch (curtype) {
-
-    case TYPE_I:
-    case TYPE_L:
-	if (restart_point &&
-	    lseek (fileno (fout), restart_point, SEEK_SET) < 0) {
-	    warn ("local: %s", local);
-	    if (closefunc != NULL)
-		(*closefunc) (fout);
-	    return;
-	}
-	errno = d = 0;
-	while ((c = sec_read (fileno (din), buf, bufsize)) > 0) {
-	    if ((d = write (fileno (fout), buf, c)) != c)
-		break;
-	    bytes += c;
-	    if (hash) {
-		while (bytes >= hashbytes) {
-		    putchar ('#');
-		    hashbytes += HASHBYTES;
-		}
-		fflush (stdout);
-	    }
-	}
-	if (hash && bytes > 0) {
-	    if (bytes < HASHBYTES)
-		putchar ('#');
-	    putchar ('\n');
-	    fflush (stdout);
-	}
-	if (c < 0) {
-	    if (errno != EPIPE)
-		warn ("netin");
-	    bytes = -1;
-	}
-	if (d < c) {
-	    if (d < 0)
-		warn ("local: %s", local);
-	    else
-		warnx ("%s: short write", local);
-	}
-	break;
-
-    case TYPE_A:
-	if (restart_point) {
-	    int i, n, ch;
-
-	    if (fseek (fout, 0L, SEEK_SET) < 0)
-		goto done;
-	    n = restart_point;
-	    for (i = 0; i++ < n;) {
-		if ((ch = sec_getc (fout)) == EOF)
-		    goto done;
-		if (ch == '\n')
-		    i++;
-	    }
-	    if (fseek (fout, 0L, SEEK_CUR) < 0) {
-	done:
-		warn ("local: %s", local);
-		if (closefunc != NULL)
-		    (*closefunc) (fout);
-		return;
-	    }
-	}
-	while ((c = sec_getc(din)) != EOF) {
-	    if (c == '\n')
-		bare_lfs++;
-	    while (c == '\r') {
-		while (hash && (bytes >= hashbytes)) {
-		    putchar ('#');
-		    fflush (stdout);
-		    hashbytes += HASHBYTES;
-		}
-		bytes++;
-		if ((c = sec_getc (din)) != '\n' || tcrflag) {
-		    if (ferror (fout))
-			goto break2;
-		    putc ('\r', fout);
-		    if (c == '\0') {
-			bytes++;
-			goto contin2;
-		    }
-		    if (c == EOF)
-			goto contin2;
-		}
-	    }
-	    putc (c, fout);
-	    bytes++;
-    contin2:;
-	}
-break2:
-	if (bare_lfs) {
-	    printf ("WARNING! %d bare linefeeds received in ASCII mode\n",
-		    bare_lfs);
-	    printf ("File may not have transferred correctly.\n");
-	}
-	if (hash) {
-	    if (bytes < hashbytes)
-		putchar ('#');
-	    putchar ('\n');
-	    fflush (stdout);
-	}
-	if (ferror (din)) {
-	    if (errno != EPIPE)
-		warn ("netin");
-	    bytes = -1;
-	}
-	if (ferror (fout))
-	    warn ("local: %s", local);
-	break;
-    }
-    if (closefunc != NULL)
-	(*closefunc) (fout);
-    signal (SIGINT, oldintr);
-    if (oldintp)
-	signal (SIGPIPE, oldintp);
-    fclose (din);
-    gettimeofday (&stop, (struct timezone *) 0);
-    getreply (0);
-    if (bytes > 0 && is_retr)
-	ptransfer ("received", bytes, &start, &stop);
-    return;
-abort:
-
-    /* abort using RFC959 recommended IP,SYNC sequence  */
-
-    if (oldintp)
-	signal (SIGPIPE, oldintr);
-    signal (SIGINT, SIG_IGN);
-    if (!cpend) {
-	code = -1;
-	signal (SIGINT, oldintr);
-	return;
-    }
-    abort_remote(din);
-    code = -1;
-    if (data >= 0) {
-	close (data);
-	data = -1;
-    }
-    if (closefunc != NULL && fout != NULL)
-	(*closefunc) (fout);
-    if (din)
-	fclose (din);
-    gettimeofday (&stop, (struct timezone *) 0);
-    if (bytes > 0)
-	ptransfer ("received", bytes, &start, &stop);
-    signal (SIGINT, oldintr);
-}
-
-static int
-parse_epsv (const char *str)
-{
-    char sep;
-    char *end;
-    int port;
-
-    if (*str == '\0')
-	return -1;
-    sep = *str++;
-    if (sep != *str++)
-	return -1;
-    if (sep != *str++)
-	return -1;
-    port = strtol (str, &end, 0);
-    if (str == end)
-	return -1;
-    if (end[0] != sep || end[1] != '\0')
-	return -1;
-    return htons(port);
-}
-
-static int
-parse_pasv (struct sockaddr_in *sin4, const char *str)
-{
-    int a0, a1, a2, a3, p0, p1;
-
-    /*
-     * What we've got at this point is a string of comma separated
-     * one-byte unsigned integer values. The first four are the an IP
-     * address. The fifth is the MSB of the port number, the sixth is the
-     * LSB. From that we'll prepare a sockaddr_in.
-     */
-
-    if (sscanf (str, "%d,%d,%d,%d,%d,%d",
-		&a0, &a1, &a2, &a3, &p0, &p1) != 6) {
-	printf ("Passive mode address scan failure. "
-		"Shouldn't happen!\n");
-	return -1;
-    }
-    if (a0 < 0 || a0 > 255 ||
-	a1 < 0 || a1 > 255 ||
-	a2 < 0 || a2 > 255 ||
-	a3 < 0 || a3 > 255 ||
-	p0 < 0 || p0 > 255 ||
-	p1 < 0 || p1 > 255) {
-	printf ("Can't parse passive mode string.\n");
-	return -1;
-    }
-    memset (sin4, 0, sizeof(*sin4));
-    sin4->sin_family      = AF_INET;
-    sin4->sin_addr.s_addr = htonl ((a0 << 24) | (a1 << 16) |
-				  (a2 << 8) | a3);
-    sin4->sin_port = htons ((p0 << 8) | p1);
-    return 0;
-}
-
-static int
-passive_mode (void)
-{
-    int port;
-
-    data = socket (myctladdr->sa_family, SOCK_STREAM, 0);
-    if (data < 0) {
-	warn ("socket");
-	return (1);
-    }
-    if (options & SO_DEBUG)
-	socket_set_debug (data);
-    if (command ("EPSV") != COMPLETE) {
-	if (command ("PASV") != COMPLETE) {
-	    printf ("Passive mode refused.\n");
-	    goto bad;
-	}
-    }
-
-    /*
-     * Parse the reply to EPSV or PASV
-     */
-
-    port = parse_epsv (pasv);
-    if (port > 0) {
-	data_addr->sa_family = myctladdr->sa_family;
-	socket_set_address_and_port (data_addr,
-				     socket_get_address (hisctladdr),
-				     port);
-    } else {
-	if (parse_pasv ((struct sockaddr_in *)data_addr, pasv) < 0)
-	    goto bad;
-    }
-
-    if (connect (data, data_addr, socket_sockaddr_size (data_addr)) < 0) {
-	warn ("connect");
-	goto bad;
-    }
-#ifdef IPTOS_THROUGHPUT
-    socket_set_tos (data, IPTOS_THROUGHPUT);
-#endif
-    return (0);
-bad:
-    close (data);
-    data = -1;
-    sendport = 1;
-    return (1);
-}
-
-
-static int
-active_mode (void)
-{
-    int tmpno = 0;
-    socklen_t len;
-    int result;
-
-noport:
-    data_addr->sa_family = myctladdr->sa_family;
-    socket_set_address_and_port (data_addr, socket_get_address (myctladdr),
-				 sendport ? 0 : socket_get_port (myctladdr));
-
-    if (data != -1)
-	close (data);
-    data = socket (data_addr->sa_family, SOCK_STREAM, 0);
-    if (data < 0) {
-	warn ("socket");
-	if (tmpno)
-	    sendport = 1;
-	return (1);
-    }
-    if (!sendport)
-	socket_set_reuseaddr (data, 1);
-    if (bind (data, data_addr, socket_sockaddr_size (data_addr)) < 0) {
-	warn ("bind");
-	goto bad;
-    }
-    if (options & SO_DEBUG)
-	socket_set_debug (data);
-    len = sizeof (data_addr_ss);
-    if (getsockname (data, data_addr, &len) < 0) {
-	warn ("getsockname");
-	goto bad;
-    }
-    if (listen (data, 1) < 0)
-	warn ("listen");
-    if (sendport) {
-	char addr_str[256];
-	int inet_af;
-	int overbose;
-
-	if (inet_ntop (data_addr->sa_family, socket_get_address (data_addr),
-		       addr_str, sizeof(addr_str)) == NULL)
-	    errx (1, "inet_ntop failed");
-	switch (data_addr->sa_family) {
-	case AF_INET :
-	    inet_af = 1;
-	    break;
-#ifdef HAVE_IPV6
-	case AF_INET6 :
-	    inet_af = 2;
-	    break;
-#endif
-	default :
-	    errx (1, "bad address family %d", data_addr->sa_family);
-	}
-
-
-	overbose = verbose;
-	if (debug == 0)
-	    verbose  = -1;
-
-	result = command ("EPRT |%d|%s|%d|",
-			  inet_af, addr_str, 
-			  ntohs(socket_get_port (data_addr)));
-	verbose = overbose;
-
-	if (result == ERROR) {
-	    struct sockaddr_in *sin4 = (struct sockaddr_in *)data_addr;
-
-	    unsigned int a = ntohl(sin4->sin_addr.s_addr);
-	    unsigned int p = ntohs(sin4->sin_port);
-
-	    if (data_addr->sa_family != AF_INET) {
-		warnx ("remote server doesn't support EPRT");
-		goto bad;
-	    }
-
-	    result = command("PORT %d,%d,%d,%d,%d,%d", 
-			     (a >> 24) & 0xff,
-			     (a >> 16) & 0xff,
-			     (a >> 8) & 0xff,
-			     a & 0xff,
-			     (p >> 8) & 0xff,
-			     p & 0xff);
-	    if (result == ERROR && sendport == -1) {
-		sendport = 0;
-		tmpno = 1;
-		goto noport;
-	    }
-	    return (result != COMPLETE);
-	}
-	return result != COMPLETE;
-    }
-    if (tmpno)
-	sendport = 1;
-
-
-#ifdef IPTOS_THROUGHPUT
-    socket_set_tos (data, IPTOS_THROUGHPUT);
-#endif
-    return (0);
-bad:
-    close (data);
-    data = -1;
-    if (tmpno)
-	sendport = 1;
-    return (1);
-}
-
-/*
- * Need to start a listen on the data channel before we send the command,
- * otherwise the server's connect may fail.
- */
-int
-initconn (void)
-{
-    if (passivemode) 
-	return passive_mode ();
-    else
-	return active_mode ();
-}
-
-FILE *
-dataconn (const char *lmode)
-{
-    struct sockaddr_storage from_ss;
-    struct sockaddr *from = (struct sockaddr *)&from_ss;
-    socklen_t fromlen = sizeof(from_ss);
-    int s;
-
-    if (passivemode)
-	return (fdopen (data, lmode));
-
-    s = accept (data, from, &fromlen);
-    if (s < 0) {
-	warn ("accept");
-	close (data), data = -1;
-	return (NULL);
-    }
-    close (data);
-    data = s;
-#ifdef IPTOS_THROUGHPUT
-    socket_set_tos (s, IPTOS_THROUGHPUT);
-#endif
-    return (fdopen (data, lmode));
-}
-
-void
-ptransfer (char *direction, long int bytes,
-	   struct timeval * t0, struct timeval * t1)
-{
-    struct timeval td;
-    float s;
-    float bs;
-    int prec;
-    char *unit;
-
-    if (verbose) {
-	td.tv_sec = t1->tv_sec - t0->tv_sec;
-	td.tv_usec = t1->tv_usec - t0->tv_usec;
-	if (td.tv_usec < 0) {
-	    td.tv_sec--;
-	    td.tv_usec += 1000000;
-	}
-	s = td.tv_sec + (td.tv_usec / 1000000.);
-	bs = bytes / (s ? s : 1);
-	if (bs >= 1048576) {
-	    bs /= 1048576;
-	    unit = "M";
-	    prec = 2;
-	} else if (bs >= 1024) {
-	    bs /= 1024;
-	    unit = "k";
-	    prec = 1;
-	} else {
-	    unit = "";
-	    prec = 0;
-	}
-
-	printf ("%ld bytes %s in %.3g seconds (%.*f %sbyte/s)\n",
-		bytes, direction, s, prec, bs, unit);
-    }
-}
-
-void
-psabort (int sig)
-{
-
-    abrtflag++;
-}
-
-void
-pswitch (int flag)
-{
-    sighand oldintr;
-    static struct comvars {
-	int connect;
-	char name[MaxHostNameLen];
-	struct sockaddr_storage mctl;
-	struct sockaddr_storage hctl;
-	FILE *in;
-	FILE *out;
-	int tpe;
-	int curtpe;
-	int cpnd;
-	int sunqe;
-	int runqe;
-	int mcse;
-	int ntflg;
-	char nti[17];
-	char nto[17];
-	int mapflg;
-	char mi[MaxPathLen];
-	char mo[MaxPathLen];
-    } proxstruct, tmpstruct;
-    struct comvars *ip, *op;
-
-    abrtflag = 0;
-    oldintr = signal (SIGINT, psabort);
-    if (flag) {
-	if (proxy)
-	    return;
-	ip = &tmpstruct;
-	op = &proxstruct;
-	proxy++;
-    } else {
-	if (!proxy)
-	    return;
-	ip = &proxstruct;
-	op = &tmpstruct;
-	proxy = 0;
-    }
-    ip->connect = connected;
-    connected = op->connect;
-    if (hostname) {
-	strlcpy (ip->name, hostname, sizeof (ip->name));
-    } else
-	ip->name[0] = 0;
-    hostname = op->name;
-    ip->hctl = hisctladdr_ss;
-    hisctladdr_ss = op->hctl;
-    ip->mctl = myctladdr_ss;
-    myctladdr_ss = op->mctl;
-    ip->in = cin;
-    cin = op->in;
-    ip->out = cout;
-    cout = op->out;
-    ip->tpe = type;
-    type = op->tpe;
-    ip->curtpe = curtype;
-    curtype = op->curtpe;
-    ip->cpnd = cpend;
-    cpend = op->cpnd;
-    ip->sunqe = sunique;
-    sunique = op->sunqe;
-    ip->runqe = runique;
-    runique = op->runqe;
-    ip->mcse = mcase;
-    mcase = op->mcse;
-    ip->ntflg = ntflag;
-    ntflag = op->ntflg;
-    strlcpy (ip->nti, ntin, sizeof (ip->nti));
-    strlcpy (ntin, op->nti, 17);
-    strlcpy (ip->nto, ntout, sizeof (ip->nto));
-    strlcpy (ntout, op->nto, 17);
-    ip->mapflg = mapflag;
-    mapflag = op->mapflg;
-    strlcpy (ip->mi, mapin, MaxPathLen);
-    strlcpy (mapin, op->mi, MaxPathLen);
-    strlcpy (ip->mo, mapout, MaxPathLen);
-    strlcpy (mapout, op->mo, MaxPathLen);
-    signal(SIGINT, oldintr);
-    if (abrtflag) {
-	abrtflag = 0;
-	(*oldintr) (SIGINT);
-    }
-}
-
-void
-abortpt (int sig)
-{
-
-    printf ("\n");
-    fflush (stdout);
-    ptabflg++;
-    mflag = 0;
-    abrtflag = 0;
-    longjmp (ptabort, 1);
-}
-
-void
-proxtrans (char *cmd, char *local, char *remote)
-{
-    sighand oldintr = NULL;
-    int secndflag = 0, prox_type, nfnd;
-    char *cmd2;
-    fd_set mask;
-
-    if (strcmp (cmd, "RETR"))
-	cmd2 = "RETR";
-    else
-	cmd2 = runique ? "STOU" : "STOR";
-    if ((prox_type = type) == 0) {
-	if (unix_server && unix_proxy)
-	    prox_type = TYPE_I;
-	else
-	    prox_type = TYPE_A;
-    }
-    if (curtype != prox_type)
-	changetype (prox_type, 1);
-    if (command ("PASV") != COMPLETE) {
-	printf ("proxy server does not support third party transfers.\n");
-	return;
-    }
-    pswitch (0);
-    if (!connected) {
-	printf ("No primary connection\n");
-	pswitch (1);
-	code = -1;
-	return;
-    }
-    if (curtype != prox_type)
-	changetype (prox_type, 1);
-    if (command ("PORT %s", pasv) != COMPLETE) {
-	pswitch (1);
-	return;
-    }
-    if (setjmp (ptabort))
-	goto abort;
-    oldintr = signal (SIGINT, abortpt);
-    if (command ("%s %s", cmd, remote) != PRELIM) {
-	signal (SIGINT, oldintr);
-	pswitch (1);
-	return;
-    }
-    sleep (2);
-    pswitch (1);
-    secndflag++;
-    if (command ("%s %s", cmd2, local) != PRELIM)
-	goto abort;
-    ptflag++;
-    getreply (0);
-    pswitch (0);
-    getreply (0);
-    signal (SIGINT, oldintr);
-    pswitch (1);
-    ptflag = 0;
-    printf ("local: %s remote: %s\n", local, remote);
-    return;
-abort:
-    signal (SIGINT, SIG_IGN);
-    ptflag = 0;
-    if (strcmp (cmd, "RETR") && !proxy)
-	pswitch (1);
-    else if (!strcmp (cmd, "RETR") && proxy)
-	pswitch (0);
-    if (!cpend && !secndflag) {	/* only here if cmd = "STOR" (proxy=1) */
-	if (command ("%s %s", cmd2, local) != PRELIM) {
-	    pswitch (0);
-	    if (cpend)
-		abort_remote ((FILE *) NULL);
-	}
-	pswitch (1);
-	if (ptabflg)
-	    code = -1;
-	if (oldintr)
-	    signal (SIGINT, oldintr);
-	return;
-    }
-    if (cpend)
-	abort_remote ((FILE *) NULL);
-    pswitch (!proxy);
-    if (!cpend && !secndflag) {	/* only if cmd = "RETR" (proxy=1) */
-	if (command ("%s %s", cmd2, local) != PRELIM) {
-	    pswitch (0);
-	    if (cpend)
-		abort_remote ((FILE *) NULL);
-	    pswitch (1);
-	    if (ptabflg)
-		code = -1;
-	    signal (SIGINT, oldintr);
-	    return;
-	}
-    }
-    if (cpend)
-	abort_remote ((FILE *) NULL);
-    pswitch (!proxy);
-    if (cpend) {
-	FD_ZERO (&mask);
-	if (fileno(cin) >= FD_SETSIZE)
-	    errx (1, "fd too large");
-	FD_SET (fileno (cin), &mask);
-	if ((nfnd = empty (&mask, 10)) <= 0) {
-	    if (nfnd < 0) {
-		warn ("abort");
-	    }
-	    if (ptabflg)
-		code = -1;
-	    lostpeer (0);
-	}
-	getreply (0);
-	getreply (0);
-    }
-    if (proxy)
-	pswitch (0);
-    pswitch (1);
-    if (ptabflg)
-	code = -1;
-    signal (SIGINT, oldintr);
-}
-
-void
-reset (int argc, char **argv)
-{
-    fd_set mask;
-    int nfnd = 1;
-
-    FD_ZERO (&mask);
-    while (nfnd > 0) {
-	if (fileno (cin) >= FD_SETSIZE)
-	    errx (1, "fd too large");
-	FD_SET (fileno (cin), &mask);
-	if ((nfnd = empty (&mask, 0)) < 0) {
-	    warn ("reset");
-	    code = -1;
-	    lostpeer(0);
-	} else if (nfnd) {
-	    getreply(0);
-	}
-    }
-}
-
-char *
-gunique (char *local)
-{
-    static char new[MaxPathLen];
-    char *cp = strrchr (local, '/');
-    int d, count = 0;
-    char ext = '1';
-
-    if (cp)
-	*cp = '\0';
-    d = access (cp ? local : ".", 2);
-    if (cp)
-	*cp = '/';
-    if (d < 0) {
-	warn ("local: %s", local);
-	return NULL;
-    }
-    strlcpy (new, local, sizeof(new));
-    cp = new + strlen(new);
-    *cp++ = '.';
-    while (!d) {
-	if (++count == 100) {
-	    printf ("runique: can't find unique file name.\n");
-	    return NULL;
-	}
-	*cp++ = ext;
-	*cp = '\0';
-	if (ext == '9')
-	    ext = '0';
-	else
-	    ext++;
-	if ((d = access (new, 0)) < 0)
-	    break;
-	if (ext != '0')
-	    cp--;
-	else if (*(cp - 2) == '.')
-	    *(cp - 1) = '1';
-	else {
-	    *(cp - 2) = *(cp - 2) + 1;
-	    cp--;
-	}
-    }
-    return (new);
-}
-
-void
-abort_remote (FILE * din)
-{
-    char buf[BUFSIZ];
-    int nfnd;
-    fd_set mask;
-
-    /*
-     * send IAC in urgent mode instead of DM because 4.3BSD places oob mark
-     * after urgent byte rather than before as is protocol now
-     */
-    snprintf (buf, sizeof (buf), "%c%c%c", IAC, IP, IAC);
-    if (send (fileno (cout), buf, 3, MSG_OOB) != 3)
-	warn ("abort");
-    fprintf (cout, "%c", DM);
-    sec_fprintf(cout, "ABOR");
-    sec_fflush (cout);
-    fprintf (cout, "\r\n");
-    fflush(cout);
-    FD_ZERO (&mask);
-    if (fileno (cin) >= FD_SETSIZE)
-	errx (1, "fd too large");
-    FD_SET (fileno (cin), &mask);
-    if (din) {
-	if (fileno (din) >= FD_SETSIZE)
-	    errx (1, "fd too large");
-	FD_SET (fileno (din), &mask);
-    }
-    if ((nfnd = empty (&mask, 10)) <= 0) {
-	if (nfnd < 0) {
-	    warn ("abort");
-	}
-	if (ptabflg)
-	    code = -1;
-	lostpeer (0);
-    }
-    if (din && FD_ISSET (fileno (din), &mask)) {
-	while (read (fileno (din), buf, BUFSIZ) > 0)
-	     /* LOOP */ ;
-    }
-    if (getreply (0) == ERROR && code == 552) {
-	/* 552 needed for nic style abort */
-	getreply (0);
-    }
-    getreply (0);
-}
diff --git a/crypto/heimdal/appl/ftp/ftp/ftp_locl.h b/crypto/heimdal/appl/ftp/ftp/ftp_locl.h
deleted file mode 100644
index 51808c14721b..000000000000
--- a/crypto/heimdal/appl/ftp/ftp/ftp_locl.h
+++ /dev/null
@@ -1,141 +0,0 @@
-/*
- * Copyright (c) 1995 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: ftp_locl.h 11444 2002-09-10 20:03:49Z joda $ */
-
-#ifndef __FTP_LOCL_H__
-#define __FTP_LOCL_H__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#ifdef HAVE_PWD_H
-#include <pwd.h>
-#endif
-#include <signal.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdarg.h>
-#include <string.h>
-#ifdef TIME_WITH_SYS_TIME
-#include <sys/time.h>
-#include <time.h>
-#elif defined(HAVE_SYS_TIME_H)
-#include <sys/time.h>
-#else
-#include <time.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-#ifdef HAVE_SYS_RESOURCE_H
-#include <sys/resource.h>
-#endif
-#ifdef HAVE_SYS_WAIT_H
-#include <sys/wait.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-#include <sys/stat.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN_SYSTM_H
-#include <netinet/in_systm.h>
-#endif
-#ifdef HAVE_NETINET_IP_H
-#include <netinet/ip.h>
-#endif
-
-#ifdef HAVE_ARPA_FTP_H
-#include <arpa/ftp.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_ARPA_TELNET_H
-#include <arpa/telnet.h>
-#endif
-
-#include <errno.h>
-#include <ctype.h>
-#include <glob.h>
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-
-#ifdef HAVE_SYS_MMAN_H
-#include <sys/mman.h>
-#endif
-
-#include <err.h>
-
-#ifdef SOCKS
-#include <socks.h>
-extern int LIBPREFIX(fclose)      (FILE *);
-
-/* This doesn't belong here. */
-struct tm *localtime(const time_t *);
-struct hostent  *gethostbyname(const char *);
-
-#endif
-
-#include "ftp_var.h"
-#include "extern.h"
-#include "common.h"
-#include "pathnames.h"
-
-#include "roken.h"
-#include "security.h"
-
-/* des_read_pw_string */
-#include "crypto-headers.h"
-
-#if defined(__sun__) && !defined(__svr4)
-int fclose(FILE*);
-int pclose(FILE*);
-#endif
-
-#endif /* __FTP_LOCL_H__ */
diff --git a/crypto/heimdal/appl/ftp/ftp/ftp_var.h b/crypto/heimdal/appl/ftp/ftp/ftp_var.h
deleted file mode 100644
index 75ec495b76eb..000000000000
--- a/crypto/heimdal/appl/ftp/ftp/ftp_var.h
+++ /dev/null
@@ -1,130 +0,0 @@
-/*
- * Copyright (c) 1985, 1989, 1993, 1994
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)ftp_var.h	8.4 (Berkeley) 10/9/94
- */
-
-/*
- * FTP global variables.
- */
-
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-#include <setjmp.h>
-
-/*
- * Options and other state info.
- */
-extern int	trace;			/* trace packets exchanged */
-extern int	hash;			/* print # for each buffer transferred */
-extern int	sendport;		/* use PORT cmd for each data connection */
-extern int	verbose;		/* print messages coming back from server */
-extern int	connected;		/* connected to server */
-extern int	fromatty;		/* input is from a terminal */
-extern int	interactive;		/* interactively prompt on m* cmds */
-extern int	lineedit;		/* use line-editing */
-extern int	debug;			/* debugging level */
-extern int	bell;			/* ring bell on cmd completion */
-extern int	doglob;			/* glob local file names */
-extern int	autologin;		/* establish user account on connection */
-extern int	doencrypt;
-extern int	proxy;			/* proxy server connection active */
-extern int	proxflag;		/* proxy connection exists */
-extern int	sunique;		/* store files on server with unique name */
-extern int	runique;		/* store local files with unique name */
-extern int	mcase;			/* map upper to lower case for mget names */
-extern int	ntflag;			/* use ntin ntout tables for name translation */
-extern int	mapflag;		/* use mapin mapout templates on file names */
-extern int	code;			/* return/reply code for ftp command */
-extern int	crflag;			/* if 1, strip car. rets. on ascii gets */
-extern char	pasv[64];		/* passive port for proxy data connection */
-extern int	passivemode;		/* passive mode enabled */
-extern char	*altarg;		/* argv[1] with no shell-like preprocessing  */
-extern char	ntin[17];		/* input translation table */
-extern char	ntout[17];		/* output translation table */
-extern char	mapin[MaxPathLen];	/* input map template */
-extern char	mapout[MaxPathLen];	/* output map template */
-extern char	typename[32];		/* name of file transfer type */
-extern int	type;			/* requested file transfer type */
-extern int	curtype;		/* current file transfer type */
-extern char	structname[32];		/* name of file transfer structure */
-extern int	stru;			/* file transfer structure */
-extern char	formname[32];		/* name of file transfer format */
-extern int	form;			/* file transfer format */
-extern char	modename[32];		/* name of file transfer mode */
-extern int	mode;			/* file transfer mode */
-extern char	bytename[32];		/* local byte size in ascii */
-extern int	bytesize;		/* local byte size in binary */
-
-extern char	*hostname;		/* name of host connected to */
-extern int	unix_server;		/* server is unix, can use binary for ascii */
-extern int	unix_proxy;		/* proxy is unix, can use binary for ascii */
-
-extern jmp_buf	toplevel;		/* non-local goto stuff for cmd scanner */
-
-extern char	line[200];		/* input line buffer */
-extern char	*stringbase;		/* current scan point in line buffer */
-extern char	argbuf[200];		/* argument storage buffer */
-extern char	*argbase;		/* current storage point in arg buffer */
-extern int	margc;			/* count of arguments on input line */
-extern char	**margv;		/* args parsed from input line */
-extern int	margvlen;		/* how large margv is currently */
-extern int     cpend;                  /* flag: if != 0, then pending server reply */
-extern int	mflag;			/* flag: if != 0, then active multi command */
-
-extern int	options;		/* used during socket creation */
-extern int      use_kerberos;           /* use Kerberos authentication */
-
-/*
- * Format of command table.
- */
-struct cmd {
-	char	*c_name;	/* name of command */
-	char	*c_help;	/* help string */
-	char	c_bell;		/* give bell when command completes */
-	char	c_conn;		/* must be connected to use command */
-	char	c_proxy;	/* proxy server may execute */
-	void	(*c_handler) (int, char **); /* function to call */
-};
-
-struct macel {
-	char mac_name[9];	/* macro name */
-	char *mac_start;	/* start of macro in macbuf */
-	char *mac_end;		/* end of macro in macbuf */
-};
-
-extern int macnum;			/* number of defined macros */
-extern struct macel macros[16];
-extern char macbuf[4096];
-
-
diff --git a/crypto/heimdal/appl/ftp/ftp/globals.c b/crypto/heimdal/appl/ftp/ftp/globals.c
deleted file mode 100644
index 52f80488240f..000000000000
--- a/crypto/heimdal/appl/ftp/ftp/globals.c
+++ /dev/null
@@ -1,79 +0,0 @@
-#include "ftp_locl.h"
-RCSID("$Id: globals.c 16160 2005-10-12 09:42:47Z joda $");
-
-/*
- * Options and other state info.
- */
-int	trace;			/* trace packets exchanged */
-int	hash;			/* print # for each buffer transferred */
-int	sendport;		/* use PORT cmd for each data connection */
-int	verbose;		/* print messages coming back from server */
-int	connected;		/* connected to server */
-int	fromatty;		/* input is from a terminal */
-int	interactive;		/* interactively prompt on m* cmds */
-int	lineedit;		/* use line-editing */
-int	debug;			/* debugging level */
-int	bell;			/* ring bell on cmd completion */
-int	doglob;			/* glob local file names */
-int	doencrypt;		/* try to use encryption */
-int	autologin;		/* establish user account on connection */
-int	proxy;			/* proxy server connection active */
-int	proxflag;		/* proxy connection exists */
-int	sunique;		/* store files on server with unique name */
-int	runique;		/* store local files with unique name */
-int	mcase;			/* map upper to lower case for mget names */
-int	ntflag;			/* use ntin ntout tables for name translation */
-int	mapflag;		/* use mapin mapout templates on file names */
-int	code;			/* return/reply code for ftp command */
-int	crflag;			/* if 1, strip car. rets. on ascii gets */
-char	pasv[64];		/* passive port for proxy data connection */
-int	passivemode;		/* passive mode enabled */
-char	*altarg;		/* argv[1] with no shell-like preprocessing  */
-char	ntin[17];		/* input translation table */
-char	ntout[17];		/* output translation table */
-char	mapin[MaxPathLen];	/* input map template */
-char	mapout[MaxPathLen];	/* output map template */
-char	typename[32];		/* name of file transfer type */
-int	type;			/* requested file transfer type */
-int	curtype;		/* current file transfer type */
-char	structname[32];		/* name of file transfer structure */
-int	stru;			/* file transfer structure */
-char	formname[32];		/* name of file transfer format */
-int	form;			/* file transfer format */
-char	modename[32];		/* name of file transfer mode */
-int	mode;			/* file transfer mode */
-char	bytename[32];		/* local byte size in ascii */
-int	bytesize;		/* local byte size in binary */
-
-char	*hostname;		/* name of host connected to */
-int	unix_server;		/* server is unix, can use binary for ascii */
-int	unix_proxy;		/* proxy is unix, can use binary for ascii */
-
-jmp_buf	toplevel;		/* non-local goto stuff for cmd scanner */
-
-char	line[200];		/* input line buffer */
-char	*stringbase;		/* current scan point in line buffer */
-char	argbuf[200];		/* argument storage buffer */
-char	*argbase;		/* current storage point in arg buffer */
-int	margc;			/* count of arguments on input line */
-char	**margv;		/* args parsed from input line */
-int	margvlen;		/* how large margv is currently */
-int     cpend;                  /* flag: if != 0, then pending server reply */
-int	mflag;			/* flag: if != 0, then active multi command */
-
-int	options;		/* used during socket creation */
-int     use_kerberos;           /* use Kerberos authentication */
-
-/*
- * Format of command table.
- */
-
-int macnum;			/* number of defined macros */
-struct macel macros[16];
-char macbuf[4096];
-
-char username[32];
-
-/* these are set in ruserpass */
-char myhostname[MaxHostNameLen];
-char *mydomain;
diff --git a/crypto/heimdal/appl/ftp/ftp/gssapi.c b/crypto/heimdal/appl/ftp/ftp/gssapi.c
deleted file mode 100644
index 9432feb8290e..000000000000
--- a/crypto/heimdal/appl/ftp/ftp/gssapi.c
+++ /dev/null
@@ -1,528 +0,0 @@
-/*
- * Copyright (c) 1998 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef FTP_SERVER
-#include "ftpd_locl.h"
-#else
-#include "ftp_locl.h"
-#endif
-#include <gssapi.h>
-#include <krb5_err.h>
-
-RCSID("$Id: gssapi.c 21513 2007-07-12 12:45:25Z lha $");
-
-int ftp_do_gss_bindings = 0;
-int ftp_do_gss_delegate = 1;
-
-struct gss_data {
-    gss_ctx_id_t context_hdl;
-    char *client_name;
-    gss_cred_id_t delegated_cred_handle;
-    void *mech_data;
-};
-
-static int
-gss_init(void *app_data)
-{
-    struct gss_data *d = app_data;
-    d->context_hdl = GSS_C_NO_CONTEXT;
-    d->delegated_cred_handle = GSS_C_NO_CREDENTIAL;
-#if defined(FTP_SERVER)
-    return 0;
-#else
-    /* XXX Check the gss mechanism; with  gss_indicate_mechs() ? */
-#ifdef KRB5
-    return !use_kerberos;
-#else
-    return 0;
-#endif /* KRB5 */
-#endif /* FTP_SERVER */
-}
-
-static int
-gss_check_prot(void *app_data, int level)
-{
-    if(level == prot_confidential)
-	return -1;
-    return 0;
-}
-
-static int
-gss_decode(void *app_data, void *buf, int len, int level)
-{
-    OM_uint32 maj_stat, min_stat;
-    gss_buffer_desc input, output;
-    gss_qop_t qop_state;
-    int conf_state;
-    struct gss_data *d = app_data;
-    size_t ret_len;
-
-    input.length = len;
-    input.value = buf;
-    maj_stat = gss_unwrap (&min_stat,
-			   d->context_hdl,
-			   &input,
-			   &output,
-			   &conf_state,
-			   &qop_state);
-    if(GSS_ERROR(maj_stat))
-	return -1;
-    memmove(buf, output.value, output.length);
-    ret_len = output.length;
-    gss_release_buffer(&min_stat, &output);
-    return ret_len;
-}
-
-static int
-gss_overhead(void *app_data, int level, int len)
-{
-    return 100; /* dunno? */
-}
-
-
-static int
-gss_encode(void *app_data, void *from, int length, int level, void **to)
-{
-    OM_uint32 maj_stat, min_stat;
-    gss_buffer_desc input, output;
-    int conf_state;
-    struct gss_data *d = app_data;
-
-    input.length = length;
-    input.value = from;
-    maj_stat = gss_wrap (&min_stat,
-			 d->context_hdl,
-			 level == prot_private,
-			 GSS_C_QOP_DEFAULT,
-			 &input,
-			 &conf_state,
-			 &output);
-    *to = output.value;
-    return output.length;
-}
-
-static void
-sockaddr_to_gss_address (struct sockaddr *sa,
-			 OM_uint32 *addr_type,
-			 gss_buffer_desc *gss_addr)
-{
-    switch (sa->sa_family) {
-#ifdef HAVE_IPV6
-    case AF_INET6 : {
-	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
-
-	gss_addr->length = 16;
-	gss_addr->value  = &sin6->sin6_addr;
-	*addr_type       = GSS_C_AF_INET6;
-	break;
-    }
-#endif
-    case AF_INET : {
-	struct sockaddr_in *sin4 = (struct sockaddr_in *)sa;
-
-	gss_addr->length = 4;
-	gss_addr->value  = &sin4->sin_addr;
-	*addr_type       = GSS_C_AF_INET;
-	break;
-    }
-    default :
-	errx (1, "unknown address family %d", sa->sa_family);
-	
-    }
-}
-
-/* end common stuff */
-
-#ifdef FTP_SERVER
-
-static int
-gss_adat(void *app_data, void *buf, size_t len)
-{
-    char *p = NULL;
-    gss_buffer_desc input_token, output_token;
-    OM_uint32 maj_stat, min_stat;
-    gss_name_t client_name;
-    struct gss_data *d = app_data;
-    gss_channel_bindings_t bindings;
-
-    if (ftp_do_gss_bindings) {
-	bindings = malloc(sizeof(*bindings));
-	if (bindings == NULL)
-	    errx(1, "out of memory");
-
-	sockaddr_to_gss_address (his_addr,
-				 &bindings->initiator_addrtype,
-				 &bindings->initiator_address);
-	sockaddr_to_gss_address (ctrl_addr,
-				 &bindings->acceptor_addrtype,
-				 &bindings->acceptor_address);
-	
-	bindings->application_data.length = 0;
-	bindings->application_data.value = NULL;
-    } else
-	bindings = GSS_C_NO_CHANNEL_BINDINGS;
-
-    input_token.value = buf;
-    input_token.length = len;
-
-    maj_stat = gss_accept_sec_context (&min_stat,
-				       &d->context_hdl,
-				       GSS_C_NO_CREDENTIAL,
-				       &input_token,
-				       bindings,
-				       &client_name,
-				       NULL,
-				       &output_token,
-				       NULL,
-				       NULL,
-				       &d->delegated_cred_handle);
-
-    if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
-	free(bindings);
-
-    if(output_token.length) {
-	if(base64_encode(output_token.value, output_token.length, &p) < 0) {
-	    reply(535, "Out of memory base64-encoding.");
-	    return -1;
-	}
-	gss_release_buffer(&min_stat, &output_token);
-    }
-    if(maj_stat == GSS_S_COMPLETE){
-	char *name;
-	gss_buffer_desc export_name;
-	gss_OID oid;
-
-	maj_stat = gss_display_name(&min_stat, client_name,
-				    &export_name, &oid);
-	if(maj_stat != 0) {
-	    reply(500, "Error displaying name");
-	    goto out;
-	}
-	/* XXX kerberos */
-	if(oid != GSS_KRB5_NT_PRINCIPAL_NAME) {
-	    reply(500, "OID not kerberos principal name");
-	    gss_release_buffer(&min_stat, &export_name);
-	    goto out;
-	}
-	name = malloc(export_name.length + 1);
-	if(name == NULL) {
-	    reply(500, "Out of memory");
-	    gss_release_buffer(&min_stat, &export_name);
-	    goto out;
-	}
-	memcpy(name, export_name.value, export_name.length);
-	name[export_name.length] = '\0';
-	gss_release_buffer(&min_stat, &export_name);
-	d->client_name = name;
-	if(p)
-	    reply(235, "ADAT=%s", p);
-	else
-	    reply(235, "ADAT Complete");
-	sec_complete = 1;
-
-    } else if(maj_stat == GSS_S_CONTINUE_NEEDED) {
-	if(p)
-	    reply(335, "ADAT=%s", p);
-	else
-	    reply(335, "OK, need more data");
-    } else {
-	OM_uint32 new_stat;
-	OM_uint32 msg_ctx = 0;
-	gss_buffer_desc status_string;
-	gss_display_status(&new_stat,
-			   min_stat,
-			   GSS_C_MECH_CODE,
-			   GSS_C_NO_OID,
-			   &msg_ctx,
-			   &status_string);
-	syslog(LOG_ERR, "gss_accept_sec_context: %s", 
-	       (char*)status_string.value);
-	gss_release_buffer(&new_stat, &status_string);
-	reply(431, "Security resource unavailable");
-    }
-  out:
-    if (client_name)
-	gss_release_name(&min_stat, &client_name);
-    free(p);
-    return 0;
-}
-
-int gss_userok(void*, char*);
-int gss_session(void*, char*);
-
-struct sec_server_mech gss_server_mech = {
-    "GSSAPI",
-    sizeof(struct gss_data),
-    gss_init, /* init */
-    NULL, /* end */
-    gss_check_prot,
-    gss_overhead,
-    gss_encode,
-    gss_decode,
-    /* */
-    NULL,
-    gss_adat,
-    NULL, /* pbsz */
-    NULL, /* ccc */
-    gss_userok,
-    gss_session
-};
-
-#else /* FTP_SERVER */
-
-extern struct sockaddr *hisctladdr, *myctladdr;
-
-static int
-import_name(const char *kname, const char *host, gss_name_t *target_name)
-{
-    OM_uint32 maj_stat, min_stat;
-    gss_buffer_desc name;
-    char *str;
-
-    name.length = asprintf(&str, "%s@%s", kname, host);
-    if (str == NULL) {
-	printf("Out of memory\n");
-	return AUTH_ERROR;
-    }
-    name.value = str;
-
-    maj_stat = gss_import_name(&min_stat,
-			       &name,
-			       GSS_C_NT_HOSTBASED_SERVICE,
-			       target_name);
-    if (GSS_ERROR(maj_stat)) {
-	OM_uint32 new_stat;
-	OM_uint32 msg_ctx = 0;
-	gss_buffer_desc status_string;
-	    
-	gss_display_status(&new_stat,
-			   min_stat,
-			   GSS_C_MECH_CODE,
-			   GSS_C_NO_OID,
-			   &msg_ctx,
-			   &status_string);
-	printf("Error importing name %s: %s\n", 
-	       (char *)name.value,
-	       (char *)status_string.value);
-	free(name.value);
-	gss_release_buffer(&new_stat, &status_string);
-	return AUTH_ERROR;
-    }
-    free(name.value);
-    return 0;
-}
-
-static int
-gss_auth(void *app_data, char *host)
-{
-    
-    OM_uint32 maj_stat, min_stat;
-    gss_name_t target_name;
-    gss_buffer_desc input, output_token;
-    int context_established = 0;
-    char *p;
-    int n;
-    gss_channel_bindings_t bindings;
-    struct gss_data *d = app_data;
-    OM_uint32 mech_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
-
-    const char *knames[] = { "ftp", "host", NULL }, **kname = knames;
-	    
-    
-    if(import_name(*kname++, host, &target_name))
-	return AUTH_ERROR;
-
-    input.length = 0;
-    input.value = NULL;
-
-    if (ftp_do_gss_bindings) {
-	bindings = malloc(sizeof(*bindings));
-	if (bindings == NULL)
-	    errx(1, "out of memory");
-	
-	sockaddr_to_gss_address (myctladdr,
-				 &bindings->initiator_addrtype,
-				 &bindings->initiator_address);
-	sockaddr_to_gss_address (hisctladdr,
-				 &bindings->acceptor_addrtype,
-				 &bindings->acceptor_address);
-	
-	bindings->application_data.length = 0;
-	bindings->application_data.value = NULL;
-    } else
-	bindings = GSS_C_NO_CHANNEL_BINDINGS;
-
-    if (ftp_do_gss_delegate)
-	mech_flags |= GSS_C_DELEG_FLAG;
-
-    while(!context_established) {
-	maj_stat = gss_init_sec_context(&min_stat,
-					GSS_C_NO_CREDENTIAL,
-					&d->context_hdl,
-					target_name,
-					GSS_C_NO_OID,
-                                        mech_flags,
-					0,
-					bindings,
-					&input,
-					NULL,
-					&output_token,
-					NULL,
-					NULL);
-	if (GSS_ERROR(maj_stat)) {
-	    OM_uint32 new_stat;
-	    OM_uint32 msg_ctx = 0;
-	    gss_buffer_desc status_string;
-
-	    d->context_hdl = GSS_C_NO_CONTEXT;
-
-	    gss_release_name(&min_stat, &target_name);
-
-	    if(*kname != NULL) {
-
-		if(import_name(*kname++, host, &target_name)) {
-		    if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
-			free(bindings);
-		    return AUTH_ERROR;
-		}
-		continue;
-	    }
-	    
-	    if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
-		free(bindings);
-
-	    gss_display_status(&new_stat,
-			       min_stat,
-			       GSS_C_MECH_CODE,
-			       GSS_C_NO_OID,
-			       &msg_ctx,
-			       &status_string);
-	    printf("Error initializing security context: %s\n", 
-		   (char*)status_string.value);
-	    gss_release_buffer(&new_stat, &status_string);
-	    return AUTH_CONTINUE;
-	}
-
-	if (input.value) {
-	    free(input.value);
-	    input.value = NULL;
-	    input.length = 0;
-	}
-	if (output_token.length != 0) {
-	    base64_encode(output_token.value, output_token.length, &p);
-	    gss_release_buffer(&min_stat, &output_token);
-	    n = command("ADAT %s", p);
-	    free(p);
-	}
-	if (GSS_ERROR(maj_stat)) {
-	    if (d->context_hdl != GSS_C_NO_CONTEXT)
-		gss_delete_sec_context (&min_stat,
-					&d->context_hdl,
-					GSS_C_NO_BUFFER);
-	    break;
-	}
-	if (maj_stat & GSS_S_CONTINUE_NEEDED) {
-	    p = strstr(reply_string, "ADAT=");
-	    if(p == NULL){
-		printf("Error: expected ADAT in reply. got: %s\n",
-		       reply_string);
-		if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
-		    free(bindings);
-		return AUTH_ERROR;
-	    } else {
-		p+=5;
-		input.value = malloc(strlen(p));
-		input.length = base64_decode(p, input.value);
-	    }
-	} else {
-	    if(code != 235) {
-		printf("Unrecognized response code: %d\n", code);
-		if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
-		    free(bindings);
-		return AUTH_ERROR;
-	    }
-	    context_established = 1;
-	}
-    }
-
-    gss_release_name(&min_stat, &target_name);
-
-    if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
-	free(bindings);
-    if (input.value)
-	free(input.value);
-
-    {
-	gss_name_t targ_name;
-
-	maj_stat = gss_inquire_context(&min_stat,
-				       d->context_hdl,
-				       NULL,
-				       &targ_name,
-				       NULL,
-				       NULL,
-				       NULL,
-				       NULL,
-				       NULL);
-	if (GSS_ERROR(maj_stat) == 0) {
-	    gss_buffer_desc name;
-	    maj_stat = gss_display_name (&min_stat,
-					 targ_name,
-					 &name,
-					 NULL);
-	    if (GSS_ERROR(maj_stat) == 0) {
-		printf("Authenticated to <%s>\n", (char *)name.value);
-		gss_release_buffer(&min_stat, &name);
-	    }
-	    gss_release_name(&min_stat, &targ_name);
-	} else
-	    printf("Failed to get gss name of peer.\n");
-    }	    
-
-
-    return AUTH_OK;
-}
-
-struct sec_client_mech gss_client_mech = {
-    "GSSAPI",
-    sizeof(struct gss_data),
-    gss_init,
-    gss_auth,
-    NULL, /* end */
-    gss_check_prot,
-    gss_overhead,
-    gss_encode,
-    gss_decode,
-};
-
-#endif /* FTP_SERVER */
diff --git a/crypto/heimdal/appl/ftp/ftp/kauth.c b/crypto/heimdal/appl/ftp/ftp/kauth.c
deleted file mode 100644
index 36305d2cd2e1..000000000000
--- a/crypto/heimdal/appl/ftp/ftp/kauth.c
+++ /dev/null
@@ -1,193 +0,0 @@
-/*
- * Copyright (c) 1995-1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "ftp_locl.h"
-RCSID("$Id: kauth.c 15666 2005-07-19 17:08:11Z lha $");
-
-#ifdef KRB4
-#include <krb.h>
-
-void
-kauth(int argc, char **argv)
-{
-    int ret;
-    char buf[1024];
-    des_cblock key;
-    des_key_schedule schedule;
-    KTEXT_ST tkt, tktcopy;
-    char *name;
-    char *p;
-    int overbose;
-    char passwd[100];
-    int tmp;
-	
-    int save;
-
-    if(argc > 2){
-	printf("usage: %s [principal]\n", argv[0]);
-	code = -1;
-	return;
-    }
-    if(argc == 2)
-	name = argv[1];
-    else
-	name = username;
-
-    overbose = verbose;
-    verbose = 0;
-
-    save = set_command_prot(prot_private);
-    ret = command("SITE KAUTH %s", name);
-    if(ret != CONTINUE){
-	verbose = overbose;
-	set_command_prot(save);
-	code = -1;
-	return;
-    }
-    verbose = overbose;
-    p = strstr(reply_string, "T=");
-    if(!p){
-	printf("Bad reply from server.\n");
-	set_command_prot(save);
-	code = -1;
-	return;
-    }
-    p += 2;
-    tmp = base64_decode(p, &tkt.dat);
-    if(tmp < 0){
-	printf("Failed to decode base64 in reply.\n");
-	set_command_prot(save);
-	code = -1;
-	return;
-    }
-    tkt.length = tmp;
-    tktcopy.length = tkt.length;
-    
-    p = strstr(reply_string, "P=");
-    if(!p){
-	printf("Bad reply from server.\n");
-	verbose = overbose;
-	set_command_prot(save);
-	code = -1;
-	return;
-    }
-    name = p + 2;
-    for(; *p && *p != ' ' && *p != '\r' && *p != '\n'; p++);
-    *p = 0;
-    
-    snprintf(buf, sizeof(buf), "Password for %s:", name);
-    if (des_read_pw_string (passwd, sizeof(passwd)-1, buf, 0))
-        *passwd = '\0';
-    des_string_to_key (passwd, &key);
-
-    des_key_sched(&key, schedule);
-    
-    des_pcbc_encrypt((des_cblock*)tkt.dat, (des_cblock*)tktcopy.dat,
-		     tkt.length,
-		     schedule, &key, DES_DECRYPT);
-    if (strcmp ((char*)tktcopy.dat + 8,
-		KRB_TICKET_GRANTING_TICKET) != 0) {
-        afs_string_to_key (passwd, krb_realmofhost(hostname), &key);
-	des_key_sched (&key, schedule);
-	des_pcbc_encrypt((des_cblock*)tkt.dat, (des_cblock*)tktcopy.dat,
-			 tkt.length,
-			 schedule, &key, DES_DECRYPT);
-    }
-    memset(key, 0, sizeof(key));
-    memset(schedule, 0, sizeof(schedule));
-    memset(passwd, 0, sizeof(passwd));
-    if(base64_encode(tktcopy.dat, tktcopy.length, &p) < 0) {
-	printf("Out of memory base64-encoding.\n");
-	set_command_prot(save);
-	code = -1;
-	return;
-    }
-    memset (tktcopy.dat, 0, tktcopy.length);
-    ret = command("SITE KAUTH %s %s", name, p);
-    free(p);
-    set_command_prot(save);
-    if(ret != COMPLETE){
-	code = -1;
-	return;
-    }
-    code = 0;
-}
-
-void
-kdestroy(int argc, char **argv)
-{
-    int ret;
-    if (argc != 1) {
-	printf("usage: %s\n", argv[0]);
-	code = -1;
-	return;
-    }
-    ret = command("SITE KDESTROY");
-    code = (ret == COMPLETE);
-}
-
-void
-krbtkfile(int argc, char **argv)
-{
-    int ret;
-    if(argc != 2) {
-	printf("usage: %s tktfile\n", argv[0]);
-	code = -1;
-	return;
-    }
-    ret = command("SITE KRBTKFILE %s", argv[1]);
-    code = (ret == COMPLETE);
-}
-#endif
-
-#if defined(KRB4) || defined(KRB5)
-
-void
-afslog(int argc, char **argv)
-{
-    int ret;
-    if(argc > 2) {
-	printf("usage: %s [cell]\n", argv[0]);
-	code = -1;
-	return;
-    }
-    if(argc == 2)
-	ret = command("SITE AFSLOG %s", argv[1]);
-    else
-	ret = command("SITE AFSLOG");
-    code = (ret == COMPLETE);
-}
-
-#else
-int ftp_afslog_placeholder;
-#endif
diff --git a/crypto/heimdal/appl/ftp/ftp/krb4.c b/crypto/heimdal/appl/ftp/ftp/krb4.c
deleted file mode 100644
index 408b7fa73579..000000000000
--- a/crypto/heimdal/appl/ftp/ftp/krb4.c
+++ /dev/null
@@ -1,340 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef FTP_SERVER
-#include "ftpd_locl.h"
-#else
-#include "ftp_locl.h"
-#endif
-#include <krb.h>
-
-RCSID("$Id: krb4.c 17450 2006-05-05 11:11:43Z lha $");
-
-#ifdef FTP_SERVER
-#define LOCAL_ADDR ctrl_addr
-#define REMOTE_ADDR his_addr
-#else
-#define LOCAL_ADDR myctladdr
-#define REMOTE_ADDR hisctladdr
-#endif
-
-extern struct sockaddr *LOCAL_ADDR, *REMOTE_ADDR;
-
-struct krb4_data {
-    des_cblock key;
-    des_key_schedule schedule;
-    char name[ANAME_SZ];
-    char instance[INST_SZ];
-    char realm[REALM_SZ];
-};
-
-static int
-krb4_check_prot(void *app_data, int level)
-{
-    if(level == prot_confidential)
-	return -1;
-    return 0;
-}
-
-static int
-krb4_decode(void *app_data, void *buf, int len, int level)
-{
-    MSG_DAT m;
-    int e;
-    struct krb4_data *d = app_data;
-    
-    if(level == prot_safe)
-	e = krb_rd_safe(buf, len, &d->key,
-			(struct sockaddr_in *)REMOTE_ADDR,
-			(struct sockaddr_in *)LOCAL_ADDR, &m);
-    else
-	e = krb_rd_priv(buf, len, d->schedule, &d->key, 
-			(struct sockaddr_in *)REMOTE_ADDR,
-			(struct sockaddr_in *)LOCAL_ADDR, &m);
-    if(e){
-	syslog(LOG_ERR, "krb4_decode: %s", krb_get_err_text(e));
-	return -1;
-    }
-    memmove(buf, m.app_data, m.app_length);
-    return m.app_length;
-}
-
-static int
-krb4_overhead(void *app_data, int level, int len)
-{
-    return 31;
-}
-
-static int
-krb4_encode(void *app_data, void *from, int length, int level, void **to)
-{
-    struct krb4_data *d = app_data;
-    *to = malloc(length + 31);
-    if(level == prot_safe)
-	return krb_mk_safe(from, *to, length, &d->key, 
-			   (struct sockaddr_in *)LOCAL_ADDR,
-			   (struct sockaddr_in *)REMOTE_ADDR);
-    else if(level == prot_private)
-	return krb_mk_priv(from, *to, length, d->schedule, &d->key, 
-			   (struct sockaddr_in *)LOCAL_ADDR,
-			   (struct sockaddr_in *)REMOTE_ADDR);
-    else
-	return -1;
-}
-
-#ifdef FTP_SERVER
-
-static int
-krb4_adat(void *app_data, void *buf, size_t len)
-{
-    KTEXT_ST tkt;
-    AUTH_DAT auth_dat;
-    char *p;
-    int kerror;
-    uint32_t cs;
-    char msg[35]; /* size of encrypted block */
-    int tmp_len;
-    struct krb4_data *d = app_data;
-    char inst[INST_SZ];
-    struct sockaddr_in *his_addr_sin = (struct sockaddr_in *)his_addr;
-
-    memcpy(tkt.dat, buf, len);
-    tkt.length = len;
-
-    k_getsockinst(0, inst, sizeof(inst));
-    kerror = krb_rd_req(&tkt, "ftp", inst, 
-			his_addr_sin->sin_addr.s_addr, &auth_dat, "");
-    if(kerror == RD_AP_UNDEC){
-	k_getsockinst(0, inst, sizeof(inst));
-	kerror = krb_rd_req(&tkt, "rcmd", inst, 
-			    his_addr_sin->sin_addr.s_addr, &auth_dat, "");
-    }
-
-    if(kerror){
-	reply(535, "Error reading request: %s.", krb_get_err_text(kerror));
-	return -1;
-    }
-    
-    memcpy(d->key, auth_dat.session, sizeof(d->key));
-    des_set_key(&d->key, d->schedule);
-
-    strlcpy(d->name, auth_dat.pname, sizeof(d->name));
-    strlcpy(d->instance, auth_dat.pinst, sizeof(d->instance));
-    strlcpy(d->realm, auth_dat.prealm, sizeof(d->instance));
-
-    cs = auth_dat.checksum + 1;
-    {
-	unsigned char tmp[4];
-	KRB_PUT_INT(cs, tmp, 4, sizeof(tmp));
-	tmp_len = krb_mk_safe(tmp, msg, 4, &d->key,
-			      (struct sockaddr_in *)LOCAL_ADDR,
-			      (struct sockaddr_in *)REMOTE_ADDR);
-    }
-    if(tmp_len < 0){
-	reply(535, "Error creating reply: %s.", strerror(errno));
-	return -1;
-    }
-    len = tmp_len;
-    if(base64_encode(msg, len, &p) < 0) {
-	reply(535, "Out of memory base64-encoding.");
-	return -1;
-    }
-    reply(235, "ADAT=%s", p);
-    sec_complete = 1;
-    free(p);
-    return 0;
-}
-
-static int
-krb4_userok(void *app_data, char *user)
-{
-    struct krb4_data *d = app_data;
-    return krb_kuserok(d->name, d->instance, d->realm, user);
-}
-
-struct sec_server_mech krb4_server_mech = {
-    "KERBEROS_V4",
-    sizeof(struct krb4_data),
-    NULL, /* init */
-    NULL, /* end */
-    krb4_check_prot,
-    krb4_overhead,
-    krb4_encode,
-    krb4_decode,
-    /* */
-    NULL,
-    krb4_adat,
-    NULL, /* pbsz */
-    NULL, /* ccc */
-    krb4_userok
-};
-
-#else /* FTP_SERVER */
-
-static int
-krb4_init(void *app_data)
-{
-   return !use_kerberos;
-}
-
-static int
-mk_auth(struct krb4_data *d, KTEXT adat, 
-	char *service, char *host, int checksum)
-{
-    int ret;
-    CREDENTIALS cred;
-    char sname[SNAME_SZ], inst[INST_SZ], realm[REALM_SZ];
-
-    strlcpy(sname, service, sizeof(sname));
-    strlcpy(inst, krb_get_phost(host), sizeof(inst));
-    strlcpy(realm, krb_realmofhost(host), sizeof(realm));
-    ret = krb_mk_req(adat, sname, inst, realm, checksum);
-    if(ret)
-	return ret;
-    strlcpy(sname, service, sizeof(sname));
-    strlcpy(inst, krb_get_phost(host), sizeof(inst));
-    strlcpy(realm, krb_realmofhost(host), sizeof(realm));
-    ret = krb_get_cred(sname, inst, realm, &cred);
-    memmove(&d->key, &cred.session, sizeof(des_cblock));
-    des_key_sched(&d->key, d->schedule);
-    memset(&cred, 0, sizeof(cred));
-    return ret;
-}
-
-static int
-krb4_auth(void *app_data, char *host)
-{
-    int ret;
-    char *p;
-    int len;
-    KTEXT_ST adat;
-    MSG_DAT msg_data;
-    int checksum;
-    uint32_t cs;
-    struct krb4_data *d = app_data;
-    struct sockaddr_in *localaddr  = (struct sockaddr_in *)LOCAL_ADDR;
-    struct sockaddr_in *remoteaddr = (struct sockaddr_in *)REMOTE_ADDR;
-
-    checksum = getpid();
-    ret = mk_auth(d, &adat, "ftp", host, checksum);
-    if(ret == KDC_PR_UNKNOWN)
-	ret = mk_auth(d, &adat, "rcmd", host, checksum);
-    if(ret){
-	printf("%s\n", krb_get_err_text(ret));
-	return AUTH_CONTINUE;
-    }
-
-#ifdef HAVE_KRB_GET_OUR_IP_FOR_REALM
-    if (krb_get_config_bool("nat_in_use")) {
-      struct in_addr natAddr;
-
-      if (krb_get_our_ip_for_realm(krb_realmofhost(host),
-				   &natAddr) != KSUCCESS
-	  && krb_get_our_ip_for_realm(NULL, &natAddr) != KSUCCESS)
-	printf("Can't get address for realm %s\n",
-	       krb_realmofhost(host));
-      else {
-	if (natAddr.s_addr != localaddr->sin_addr.s_addr) {
-	  printf("Using NAT IP address (%s) for kerberos 4\n",
-		 inet_ntoa(natAddr));
-	  localaddr->sin_addr = natAddr;
-	  
-	  /*
-	   * This not the best place to do this, but it
-	   * is here we know that (probably) NAT is in
-	   * use!
-	   */
-
-	  passivemode = 1;
-	  printf("Setting: Passive mode on.\n");
-	}
-      }
-    }
-#endif
-
-    printf("Local address is %s\n", inet_ntoa(localaddr->sin_addr));
-    printf("Remote address is %s\n", inet_ntoa(remoteaddr->sin_addr));
-
-   if(base64_encode(adat.dat, adat.length, &p) < 0) {
-	printf("Out of memory base64-encoding.\n");
-	return AUTH_CONTINUE;
-    }
-    ret = command("ADAT %s", p);
-    free(p);
-
-    if(ret != COMPLETE){
-	printf("Server didn't accept auth data.\n");
-	return AUTH_ERROR;
-    }
-
-    p = strstr(reply_string, "ADAT=");
-    if(!p){
-	printf("Remote host didn't send adat reply.\n");
-	return AUTH_ERROR;
-    }
-    p += 5;
-    len = base64_decode(p, adat.dat);
-    if(len < 0){
-	printf("Failed to decode base64 from server.\n");
-	return AUTH_ERROR;
-    }
-    adat.length = len;
-    ret = krb_rd_safe(adat.dat, adat.length, &d->key, 
-		      (struct sockaddr_in *)hisctladdr, 
-		      (struct sockaddr_in *)myctladdr, &msg_data);
-    if(ret){
-	printf("Error reading reply from server: %s.\n", 
-	       krb_get_err_text(ret));
-	return AUTH_ERROR;
-    }
-    krb_get_int(msg_data.app_data, &cs, 4, 0);
-    if(cs - checksum != 1){
-	printf("Bad checksum returned from server.\n");
-	return AUTH_ERROR;
-    }
-    return AUTH_OK;
-}
-
-struct sec_client_mech krb4_client_mech = {
-    "KERBEROS_V4",
-    sizeof(struct krb4_data),
-    krb4_init, /* init */
-    krb4_auth,
-    NULL, /* end */
-    krb4_check_prot,
-    krb4_overhead,
-    krb4_encode,
-    krb4_decode
-};
-
-#endif /* FTP_SERVER */
diff --git a/crypto/heimdal/appl/ftp/ftp/main.c b/crypto/heimdal/appl/ftp/ftp/main.c
deleted file mode 100644
index c78cd4a64258..000000000000
--- a/crypto/heimdal/appl/ftp/ftp/main.c
+++ /dev/null
@@ -1,591 +0,0 @@
-/*
- * Copyright (c) 1985, 1989, 1993, 1994
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/*
- * FTP User Program -- Command Interface.
- */
-
-#include "ftp_locl.h"
-#include <getarg.h>
-
-RCSID("$Id: main.c 16160 2005-10-12 09:42:47Z joda $");
-
-static int help_flag;
-static int version_flag;
-static int debug_flag;
-
-struct getargs getargs[] = {
-    { NULL,	'd', arg_flag, &debug_flag,
-      "debug", NULL },
-    { NULL,	'g', arg_negative_flag, &doglob,
-      "disables globbing", NULL},
-    { NULL,	'i', arg_negative_flag, &interactive,
-      "Turn off interactive prompting", NULL},
-    { NULL,	'l', arg_negative_flag, &lineedit,
-      "Turn off line editing", NULL},
-    { NULL,   'n', arg_negative_flag, &autologin,
-      "Turn off auto-login", NULL},
-    { NULL,	'p', arg_flag, &passivemode,
-      "passive mode", NULL},
-    { NULL,	't', arg_counter, &trace,
-      "Packet tracing", NULL},
-#ifdef KRB5
-    { "gss-bindings", 0,  arg_negative_flag, &ftp_do_gss_bindings,
-      "Don't use GSS-API bindings", NULL},
-    { "gss-delegate", 0,  arg_negative_flag, &ftp_do_gss_delegate,
-      "Disable delegation of GSS-API credentials", NULL},
-#endif
-    { NULL,	'v', arg_counter, &verbose,
-      "verbosity", NULL},
-    { NULL,	'K', arg_negative_flag, &use_kerberos,
-      "Disable kerberos authentication", NULL},
-    { "encrypt", 'x', arg_flag, &doencrypt,
-      "Encrypt command and data channel if possible" },
-    { "version", 0,  arg_flag, &version_flag },
-    { "help",	'h', arg_flag, &help_flag },
-};
-
-static int num_args = sizeof(getargs) / sizeof(getargs[0]);
-
-static void
-usage(int ecode)
-{
-    arg_printusage(getargs, num_args, NULL, "[host [port]]");
-    exit(ecode);
-}
-
-int
-main(int argc, char **argv)
-{
-	int top;
-	struct passwd *pw = NULL;
-	char homedir[MaxPathLen];
-	struct servent *sp;
-	int optind = 0;
-
-	setprogname(argv[0]);
-
-	sp = getservbyname("ftp", "tcp");
-	if (sp == 0)
-		errx(1, "ftp/tcp: unknown service");
-	doglob = 1;
-	interactive = 1;
-	autologin = 1;
-	lineedit = 1;
-	passivemode = 0; /* passive mode not active */
-        use_kerberos = 1;
-#ifdef KRB5
-	ftp_do_gss_bindings = 1;
-#endif
-
-	if(getarg(getargs, num_args, argc, argv, &optind))
-		usage(1);
-	if(help_flag)
-		usage(0);
-	if(version_flag) {
-		print_version(NULL);
-		exit(0);
-	}
-
-	if (debug_flag) {
-		options |= SO_DEBUG;
-		debug++;
-	}
-
-	argc -= optind;
-	argv += optind;
-
-	fromatty = isatty(fileno(stdin));
-	if (fromatty)
-		verbose++;
-	cpend = 0;	/* no pending replies */
-	proxy = 0;	/* proxy not active */
-	crflag = 1;	/* strip c.r. on ascii gets */
-	sendport = -1;	/* not using ports */
-	/*
-	 * Set up the home directory in case we're globbing.
-	 */
-	pw = k_getpwuid(getuid());
-	if (pw != NULL) {
-		strlcpy(homedir, pw->pw_dir, sizeof(homedir));
-		home = homedir;
-	}
-	if (argc > 0) {
-	    char *xargv[5];
-	    
-	    if (setjmp(toplevel))
-		exit(0);
-	    signal(SIGINT, intr);
-	    signal(SIGPIPE, lostpeer);
-	    xargv[0] = (char*)getprogname();
-	    xargv[1] = argv[0];
-	    xargv[2] = argv[1];
-	    xargv[3] = argv[2];
-	    xargv[4] = NULL;
-	    setpeer(argc+1, xargv);
-	}
-	if(setjmp(toplevel) == 0)
-	    top = 1;
-	else
-	    top = 0;
-	if (top) {
-	    signal(SIGINT, intr);
-	    signal(SIGPIPE, lostpeer);
-	}
-	for (;;) {
-	    cmdscanner(top);
-	    top = 1;
-	}
-}
-
-void
-intr(int sig)
-{
-
-	longjmp(toplevel, 1);
-}
-
-#ifndef SHUT_RDWR
-#define SHUT_RDWR 2
-#endif
-
-RETSIGTYPE
-lostpeer(int sig)
-{
-
-    if (connected) {
-	if (cout != NULL) {
-	    shutdown(fileno(cout), SHUT_RDWR);
-	    fclose(cout);
-	    cout = NULL;
-	}
-	if (data >= 0) {
-	    shutdown(data, SHUT_RDWR);
-	    close(data);
-	    data = -1;
-	}
-	connected = 0;
-    }
-    pswitch(1);
-    if (connected) {
-	if (cout != NULL) {
-	    shutdown(fileno(cout), SHUT_RDWR);
-	    fclose(cout);
-	    cout = NULL;
-	}
-	connected = 0;
-    }
-    proxflag = 0;
-    pswitch(0);
-    sec_end();
-    SIGRETURN(0);
-}
-
-/*
-char *
-tail(filename)
-	char *filename;
-{
-	char *s;
-	
-	while (*filename) {
-		s = strrchr(filename, '/');
-		if (s == NULL)
-			break;
-		if (s[1])
-			return (s + 1);
-		*s = '\0';
-	}
-	return (filename);
-}
-*/
-
-static char *
-simple_readline(char *prompt)
-{
-    char buf[BUFSIZ];
-    printf ("%s", prompt);
-    fflush (stdout);
-    if(fgets(buf, sizeof(buf), stdin) == NULL)
-	return NULL;
-    if (buf[strlen(buf) - 1] == '\n')
-	buf[strlen(buf) - 1] = '\0';
-    return strdup(buf);
-}
-
-#ifndef HAVE_READLINE
-
-static char *
-readline(char *prompt)
-{
-    return simple_readline (prompt);
-}
-
-static void
-add_history(char *p)
-{
-}
-
-#else
-
-/* These should not really be here */
-
-char *readline(char *);
-void add_history(char *);
-
-#endif
-
-/*
- * Command parser.
- */
-void
-cmdscanner(int top)
-{
-    struct cmd *c;
-    int l;
-
-    if (!top)
-	putchar('\n');
-    for (;;) {
-	if (fromatty) {
-	    char *p;
-	    if (lineedit)
-		p = readline("ftp> ");
-	    else
-		p = simple_readline("ftp> ");
-	    if(p == NULL) {
-		printf("\n");
-		quit(0, 0);
-	    }
-	    strlcpy(line, p, sizeof(line));
-	    if (lineedit)
-		add_history(p);
-	    free(p);
-	} else{
-	    if (fgets(line, sizeof line, stdin) == NULL)
-		quit(0, 0);
-	}
-	/* XXX will break on long lines */
-	l = strlen(line);
-	if (l == 0)
-	    break;
-	if (line[--l] == '\n') {
-	    if (l == 0)
-		break;
-	    line[l] = '\0';
-	} else if (l == sizeof(line) - 2) {
-	    printf("sorry, input line too long\n");
-	    while ((l = getchar()) != '\n' && l != EOF)
-		/* void */;
-	    break;
-	} /* else it was a line without a newline */
-	makeargv();
-	if (margc == 0) {
-	    continue;
-	}
-	c = getcmd(margv[0]);
-	if (c == (struct cmd *)-1) {
-	    printf("?Ambiguous command\n");
-	    continue;
-	}
-	if (c == 0) {
-	    printf("?Invalid command\n");
-	    continue;
-	}
-	if (c->c_conn && !connected) {
-	    printf("Not connected.\n");
-	    continue;
-	}
-	(*c->c_handler)(margc, margv);
-	if (bell && c->c_bell)
-	    putchar('\007');
-	if (c->c_handler != help)
-	    break;
-    }
-    signal(SIGINT, intr);
-    signal(SIGPIPE, lostpeer);
-}
-
-struct cmd *
-getcmd(char *name)
-{
-	char *p, *q;
-	struct cmd *c, *found;
-	int nmatches, longest;
-
-	longest = 0;
-	nmatches = 0;
-	found = 0;
-	for (c = cmdtab; (p = c->c_name); c++) {
-		for (q = name; *q == *p++; q++)
-			if (*q == 0)		/* exact match? */
-				return (c);
-		if (!*q) {			/* the name was a prefix */
-			if (q - name > longest) {
-				longest = q - name;
-				nmatches = 1;
-				found = c;
-			} else if (q - name == longest)
-				nmatches++;
-		}
-	}
-	if (nmatches > 1)
-		return ((struct cmd *)-1);
-	return (found);
-}
-
-/*
- * Slice a string up into argc/argv.
- */
-
-int slrflag;
-
-void
-makeargv(void)
-{
-	char **argp;
-
-	argp = margv;
-	stringbase = line;		/* scan from first of buffer */
-	argbase = argbuf;		/* store from first of buffer */
-	slrflag = 0;
-	for (margc = 0; ; margc++) {
-		/* Expand array if necessary */
-		if (margc == margvlen) {
-			int i;
-
-			margv = (margvlen == 0)
-				? (char **)malloc(20 * sizeof(char *))
-				: (char **)realloc(margv,
-					(margvlen + 20)*sizeof(char *));
-			if (margv == NULL)
-				errx(1, "cannot realloc argv array");
-			for(i = margvlen; i < margvlen + 20; ++i)
-				margv[i] = NULL;
-			margvlen += 20;
-			argp = margv + margc;
-		}
-
-		if ((*argp++ = slurpstring()) == NULL)
-			break;
-	}
-
-}
-
-/*
- * Parse string into argbuf;
- * implemented with FSM to
- * handle quoting and strings
- */
-char *
-slurpstring(void)
-{
-	int got_one = 0;
-	char *sb = stringbase;
-	char *ap = argbase;
-	char *tmp = argbase;		/* will return this if token found */
-
-	if (*sb == '!' || *sb == '$') {	/* recognize ! as a token for shell */
-		switch (slrflag) {	/* and $ as token for macro invoke */
-			case 0:
-				slrflag++;
-				stringbase++;
-				return ((*sb == '!') ? "!" : "$");
-				/* NOTREACHED */
-			case 1:
-				slrflag++;
-				altarg = stringbase;
-				break;
-			default:
-				break;
-		}
-	}
-
-S0:
-	switch (*sb) {
-
-	case '\0':
-		goto OUT;
-
-	case ' ':
-	case '\t':
-		sb++; goto S0;
-
-	default:
-		switch (slrflag) {
-			case 0:
-				slrflag++;
-				break;
-			case 1:
-				slrflag++;
-				altarg = sb;
-				break;
-			default:
-				break;
-		}
-		goto S1;
-	}
-
-S1:
-	switch (*sb) {
-
-	case ' ':
-	case '\t':
-	case '\0':
-		goto OUT;	/* end of token */
-
-	case '\\':
-		sb++; goto S2;	/* slurp next character */
-
-	case '"':
-		sb++; goto S3;	/* slurp quoted string */
-
-	default:
-		*ap++ = *sb++;	/* add character to token */
-		got_one = 1;
-		goto S1;
-	}
-
-S2:
-	switch (*sb) {
-
-	case '\0':
-		goto OUT;
-
-	default:
-		*ap++ = *sb++;
-		got_one = 1;
-		goto S1;
-	}
-
-S3:
-	switch (*sb) {
-
-	case '\0':
-		goto OUT;
-
-	case '"':
-		sb++; goto S1;
-
-	default:
-		*ap++ = *sb++;
-		got_one = 1;
-		goto S3;
-	}
-
-OUT:
-	if (got_one)
-		*ap++ = '\0';
-	argbase = ap;			/* update storage pointer */
-	stringbase = sb;		/* update scan pointer */
-	if (got_one) {
-		return (tmp);
-	}
-	switch (slrflag) {
-		case 0:
-			slrflag++;
-			break;
-		case 1:
-			slrflag++;
-			altarg = (char *) 0;
-			break;
-		default:
-			break;
-	}
-	return NULL;
-}
-
-#define HELPINDENT ((int) sizeof ("directory"))
-
-/*
- * Help command.
- * Call each command handler with argc == 0 and argv[0] == name.
- */
-void
-help(int argc, char **argv)
-{
-	struct cmd *c;
-
-	if (argc == 1) {
-		int i, j, w, k;
-		int columns, width = 0, lines;
-
-		printf("Commands may be abbreviated.  Commands are:\n\n");
-		for (c = cmdtab; c < &cmdtab[NCMDS]; c++) {
-			int len = strlen(c->c_name);
-
-			if (len > width)
-				width = len;
-		}
-		width = (width + 8) &~ 7;
-		columns = 80 / width;
-		if (columns == 0)
-			columns = 1;
-		lines = (NCMDS + columns - 1) / columns;
-		for (i = 0; i < lines; i++) {
-			for (j = 0; j < columns; j++) {
-				c = cmdtab + j * lines + i;
-				if (c->c_name && (!proxy || c->c_proxy)) {
-					printf("%s", c->c_name);
-				}
-				else if (c->c_name) {
-					for (k=0; k < strlen(c->c_name); k++) {
-						putchar(' ');
-					}
-				}
-				if (c + lines >= &cmdtab[NCMDS]) {
-					printf("\n");
-					break;
-				}
-				w = strlen(c->c_name);
-				while (w < width) {
-					w = (w + 8) &~ 7;
-					putchar('\t');
-				}
-			}
-		}
-		return;
-	}
-	while (--argc > 0) {
-		char *arg;
-		arg = *++argv;
-		c = getcmd(arg);
-		if (c == (struct cmd *)-1)
-			printf("?Ambiguous help command %s\n", arg);
-		else if (c == (struct cmd *)0)
-			printf("?Invalid help command %s\n", arg);
-		else
-			printf("%-*s\t%s\n", HELPINDENT,
-				c->c_name, c->c_help);
-	}
-}
diff --git a/crypto/heimdal/appl/ftp/ftp/pathnames.h b/crypto/heimdal/appl/ftp/ftp/pathnames.h
deleted file mode 100644
index f7c1fb391d69..000000000000
--- a/crypto/heimdal/appl/ftp/ftp/pathnames.h
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)pathnames.h	8.1 (Berkeley) 6/6/93
- */
-
-#ifdef HAVE_PATHS_H
-#include <paths.h>
-#endif
-
-#define	_PATH_TMP_XXX	"/tmp/ftpXXXXXX"
-
-#ifndef _PATH_BSHELL
-#define _PATH_BSHELL	"/bin/sh"
-#endif
diff --git a/crypto/heimdal/appl/ftp/ftp/ruserpass.c b/crypto/heimdal/appl/ftp/ftp/ruserpass.c
deleted file mode 100644
index 8c0cd8d6e90f..000000000000
--- a/crypto/heimdal/appl/ftp/ftp/ruserpass.c
+++ /dev/null
@@ -1,313 +0,0 @@
-/*
- * Copyright (c) 1985, 1993, 1994
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "ftp_locl.h"
-RCSID("$Id: ruserpass.c 16161 2005-10-12 09:44:24Z joda $");
-
-static	int token (void);
-static	FILE *cfile;
-
-#define	DEFAULT	1
-#define	LOGIN	2
-#define	PASSWD	3
-#define	ACCOUNT 4
-#define MACDEF  5
-#define PROT	6
-#define	ID	10
-#define	MACH	11
-
-static char tokval[100];
-
-static struct toktab {
-	char *tokstr;
-	int tval;
-} toktab[]= {
-	{ "default",	DEFAULT },
-	{ "login",	LOGIN },
-	{ "password",	PASSWD },
-	{ "passwd",	PASSWD },
-	{ "account",	ACCOUNT },
-	{ "machine",	MACH },
-	{ "macdef",	MACDEF },
-	{ "prot", 	PROT }, 
-	{ NULL,		0 }
-};
-
-/*
- * Write a copy of the hostname into `hostname, sz' and return a guess
- * as to the `domain' of that hostname.
- */
-
-static char *
-guess_domain (char *hostname_str, size_t sz)
-{
-    struct addrinfo *ai, *a;
-    struct addrinfo hints;
-    int error;
-    char *dot;
-
-    if (gethostname (hostname_str, sz) < 0) {
-	strlcpy (hostname_str, "", sz);
-	return "";
-    }
-    dot = strchr (hostname_str, '.');
-    if (dot != NULL)
-	return dot + 1;
-
-    memset (&hints, 0, sizeof(hints));
-    hints.ai_flags = AI_CANONNAME;
-
-    error = getaddrinfo (hostname_str, NULL, &hints, &ai);
-    if (error)
-	return hostname_str;
-
-    for (a = ai; a != NULL; a = a->ai_next)
-	if (a->ai_canonname != NULL) {
-	    strlcpy (hostname_str, ai->ai_canonname, sz);
-	    break;
-	}
-    freeaddrinfo (ai);
-    dot = strchr (hostname_str, '.');
-    if (dot != NULL)
-	return dot + 1;
-    else
-	return hostname_str;
-}
-
-int
-ruserpass(char *host, char **aname, char **apass, char **aacct)
-{
-    char *hdir, buf[BUFSIZ], *tmp;
-    int t, i, c, usedefault = 0;
-    struct stat stb;
-
-    mydomain = guess_domain (myhostname, MaxHostNameLen);
-
-    hdir = getenv("HOME");
-    if (hdir == NULL)
-	hdir = ".";
-    snprintf(buf, sizeof(buf), "%s/.netrc", hdir);
-    cfile = fopen(buf, "r");
-    if (cfile == NULL) {
-	if (errno != ENOENT)
-	    warn("%s", buf);
-	return (0);
-    }
-
-next:
-    while ((t = token())) switch(t) {
-
-    case DEFAULT:
-	usedefault = 1;
-	/* FALL THROUGH */
-
-    case MACH:
-	if (!usedefault) {
-	    if (token() != ID)
-		continue;
-	    /*
-	     * Allow match either for user's input host name
-	     * or official hostname.  Also allow match of 
-	     * incompletely-specified host in local domain.
-	     */
-	    if (strcasecmp(host, tokval) == 0)
-		goto match;
-	    if (strcasecmp(hostname, tokval) == 0)
-		goto match;
-	    if ((tmp = strchr(hostname, '.')) != NULL &&
-		tmp++ &&
-		strcasecmp(tmp, mydomain) == 0 &&
-		strncasecmp(hostname, tokval, tmp-hostname) == 0 &&
-		tokval[tmp - hostname] == '\0')
-		goto match;
-	    if ((tmp = strchr(host, '.')) != NULL &&
-		tmp++ &&
-		strcasecmp(tmp, mydomain) == 0 &&
-		strncasecmp(host, tokval, tmp - host) == 0 &&
-		tokval[tmp - host] == '\0')
-		goto match;
-	    continue;
-	}
-    match:
-	while ((t = token()) && t != MACH && t != DEFAULT) switch(t) {
-
-	case LOGIN:
-	    if (token()) {
-		if (*aname == 0) { 
-		    *aname = strdup(tokval);
-		} else {
-		    if (strcmp(*aname, tokval))
-			goto next;
-		}
-	    }
-	    break;
-	case PASSWD:
-	    if ((*aname == NULL || strcmp(*aname, "anonymous")) &&
-		fstat(fileno(cfile), &stb) >= 0 &&
-		(stb.st_mode & 077) != 0) {
-		warnx("Error: .netrc file is readable by others.");
-		warnx("Remove password or make file unreadable by others.");
-		goto bad;
-	    }
-	    if (token() && *apass == 0) {
-		*apass = strdup(tokval);
-	    }
-	    break;
-	case ACCOUNT:
-	    if (fstat(fileno(cfile), &stb) >= 0
-		&& (stb.st_mode & 077) != 0) {
-		warnx("Error: .netrc file is readable by others.");
-		warnx("Remove account or make file unreadable by others.");
-		goto bad;
-	    }
-	    if (token() && *aacct == 0) {
-		*aacct = strdup(tokval);
-	    }
-	    break;
-	case MACDEF:
-	    if (proxy) {
-		fclose(cfile);
-		return (0);
-	    }
-	    while ((c=getc(cfile)) != EOF && 
-		   (c == ' ' || c == '\t'));
-	    if (c == EOF || c == '\n') {
-		printf("Missing macdef name argument.\n");
-		goto bad;
-	    }
-	    if (macnum == 16) {
-		printf("Limit of 16 macros have already been defined\n");
-		goto bad;
-	    }
-	    tmp = macros[macnum].mac_name;
-	    *tmp++ = c;
-	    for (i=0; i < 8 && (c=getc(cfile)) != EOF &&
-		     !isspace(c); ++i) {
-		*tmp++ = c;
-	    }
-	    if (c == EOF) {
-		printf("Macro definition missing null line terminator.\n");
-		goto bad;
-	    }
-	    *tmp = '\0';
-	    if (c != '\n') {
-		while ((c=getc(cfile)) != EOF && c != '\n');
-	    }
-	    if (c == EOF) {
-		printf("Macro definition missing null line terminator.\n");
-		goto bad;
-	    }
-	    if (macnum == 0) {
-		macros[macnum].mac_start = macbuf;
-	    }
-	    else {
-		macros[macnum].mac_start = macros[macnum-1].mac_end + 1;
-	    }
-	    tmp = macros[macnum].mac_start;
-	    while (tmp != macbuf + 4096) {
-		if ((c=getc(cfile)) == EOF) {
-		    printf("Macro definition missing null line terminator.\n");
-		    goto bad;
-		}
-		*tmp = c;
-		if (*tmp == '\n') {
-		    if (*(tmp-1) == '\0') {
-			macros[macnum++].mac_end = tmp - 1;
-			break;
-		    }
-		    *tmp = '\0';
-		}
-		tmp++;
-	    }
-	    if (tmp == macbuf + 4096) {
-		printf("4K macro buffer exceeded\n");
-		goto bad;
-	    }
-	    break;
-	case PROT:
-	    token();
-	    if(doencrypt == 0 && sec_request_prot(tokval) < 0)
-		warnx("Unknown protection level \"%s\"", tokval);
-	    break;
-	default:
-	    warnx("Unknown .netrc keyword %s", tokval);
-	    break;
-	}
-	goto done;
-    }
-done:
-    fclose(cfile);
-    return (0);
-bad:
-    fclose(cfile);
-    return (-1);
-}
-
-static int
-token(void)
-{
-	char *cp;
-	int c;
-	struct toktab *t;
-
-	if (feof(cfile) || ferror(cfile))
-		return (0);
-	while ((c = getc(cfile)) != EOF &&
-	    (c == '\n' || c == '\t' || c == ' ' || c == ','))
-		continue;
-	if (c == EOF)
-		return (0);
-	cp = tokval;
-	if (c == '"') {
-		while ((c = getc(cfile)) != EOF && c != '"') {
-			if (c == '\\')
-				c = getc(cfile);
-			*cp++ = c;
-		}
-	} else {
-		*cp++ = c;
-		while ((c = getc(cfile)) != EOF
-		    && c != '\n' && c != '\t' && c != ' ' && c != ',') {
-			if (c == '\\')
-				c = getc(cfile);
-			*cp++ = c;
-		}
-	}
-	*cp = 0;
-	if (tokval[0] == 0)
-		return (0);
-	for (t = toktab; t->tokstr; t++)
-		if (!strcmp(t->tokstr, tokval))
-			return (t->tval);
-	return (ID);
-}
diff --git a/crypto/heimdal/appl/ftp/ftp/security.c b/crypto/heimdal/appl/ftp/ftp/security.c
deleted file mode 100644
index 2a4803f90b18..000000000000
--- a/crypto/heimdal/appl/ftp/ftp/security.c
+++ /dev/null
@@ -1,883 +0,0 @@
-/*
- * Copyright (c) 1998-2002, 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef FTP_SERVER
-#include "ftpd_locl.h"
-#else
-#include "ftp_locl.h"
-#endif
-
-RCSID("$Id: security.c 21225 2007-06-20 10:16:02Z lha $");
-
-static enum protection_level command_prot;
-static enum protection_level data_prot;
-static size_t buffer_size;
-
-struct buffer {
-    void *data;
-    size_t size;
-    size_t index;
-    int eof_flag;
-};
-
-static struct buffer in_buffer, out_buffer;
-int sec_complete;
-
-static struct {
-    enum protection_level level;
-    const char *name;
-} level_names[] = {
-    { prot_clear, "clear" },
-    { prot_safe, "safe" },
-    { prot_confidential, "confidential" },
-    { prot_private, "private" }
-};
-
-static const char *
-level_to_name(enum protection_level level)
-{
-    int i;
-    for(i = 0; i < sizeof(level_names) / sizeof(level_names[0]); i++)
-	if(level_names[i].level == level)
-	    return level_names[i].name;
-    return "unknown";
-}
-
-#ifndef FTP_SERVER /* not used in server */
-static enum protection_level 
-name_to_level(const char *name)
-{
-    int i;
-    for(i = 0; i < sizeof(level_names) / sizeof(level_names[0]); i++)
-	if(!strncasecmp(level_names[i].name, name, strlen(name)))
-	    return level_names[i].level;
-    return (enum protection_level)-1;
-}
-#endif
-
-#ifdef FTP_SERVER
-
-static struct sec_server_mech *mechs[] = {
-#ifdef KRB5
-    &gss_server_mech,
-#endif
-#ifdef KRB4
-    &krb4_server_mech,
-#endif
-    NULL
-};
-
-static struct sec_server_mech *mech;
-
-#else
-
-static struct sec_client_mech *mechs[] = {
-#ifdef KRB5
-    &gss_client_mech,
-#endif
-#ifdef KRB4
-    &krb4_client_mech,
-#endif
-    NULL
-};
-
-static struct sec_client_mech *mech;
-
-#endif
-
-static void *app_data;
-
-int
-sec_getc(FILE *F)
-{
-    if(sec_complete && data_prot) {
-	char c;
-	if(sec_read(fileno(F), &c, 1) <= 0)
-	    return EOF;
-	return c;
-    } else
-	return getc(F);
-}
-
-static int
-block_read(int fd, void *buf, size_t len)
-{
-    unsigned char *p = buf;
-    int b;
-    while(len) {
-	b = read(fd, p, len);
-	if (b == 0)
-	    return 0;
-	else if (b < 0)
-	    return -1;
-	len -= b;
-	p += b;
-    }
-    return p - (unsigned char*)buf;
-}
-
-static int
-block_write(int fd, void *buf, size_t len)
-{
-    unsigned char *p = buf;
-    int b;
-    while(len) {
-	b = write(fd, p, len);
-	if(b < 0)
-	    return -1;
-	len -= b;
-	p += b;
-    }
-    return p - (unsigned char*)buf;
-}
-
-static int
-sec_get_data(int fd, struct buffer *buf, int level)
-{
-    int len;
-    int b;
-    void *tmp;
-
-    b = block_read(fd, &len, sizeof(len));
-    if (b == 0)
-	return 0;
-    else if (b < 0)
-	return -1;
-    len = ntohl(len);
-    tmp = realloc(buf->data, len);
-    if (tmp == NULL)
-	return -1;
-    buf->data = tmp;
-    b = block_read(fd, buf->data, len);
-    if (b == 0)
-	return 0;
-    else if (b < 0)
-	return -1;
-    buf->size = (*mech->decode)(app_data, buf->data, len, data_prot);
-    buf->index = 0;
-    return 0;
-}
-
-static size_t
-buffer_read(struct buffer *buf, void *dataptr, size_t len)
-{
-    len = min(len, buf->size - buf->index);
-    memcpy(dataptr, (char*)buf->data + buf->index, len);
-    buf->index += len;
-    return len;
-}
-
-static size_t
-buffer_write(struct buffer *buf, void *dataptr, size_t len)
-{
-    if(buf->index + len > buf->size) {
-	void *tmp;
-	if(buf->data == NULL)
-	    tmp = malloc(1024);
-	else
-	    tmp = realloc(buf->data, buf->index + len);
-	if(tmp == NULL)
-	    return -1;
-	buf->data = tmp;
-	buf->size = buf->index + len;
-    }
-    memcpy((char*)buf->data + buf->index, dataptr, len);
-    buf->index += len;
-    return len;
-}
-
-int
-sec_read(int fd, void *dataptr, int length)
-{
-    size_t len;
-    int rx = 0;
-
-    if(sec_complete == 0 || data_prot == 0)
-	return read(fd, dataptr, length);
-
-    if(in_buffer.eof_flag){
-	in_buffer.eof_flag = 0;
-	return 0;
-    }
-    
-    len = buffer_read(&in_buffer, dataptr, length);
-    length -= len;
-    rx += len;
-    dataptr = (char*)dataptr + len;
-    
-    while(length){
-	int ret;
-
-	ret = sec_get_data(fd, &in_buffer, data_prot);
-	if (ret < 0)
-	    return -1;
-	if(ret == 0 && in_buffer.size == 0) {
-	    if(rx)
-		in_buffer.eof_flag = 1;
-	    return rx;
-	}
-	len = buffer_read(&in_buffer, dataptr, length);
-	length -= len;
-	rx += len;
-	dataptr = (char*)dataptr + len;
-    }
-    return rx;
-}
-
-static int
-sec_send(int fd, char *from, int length)
-{
-    int bytes;
-    void *buf;
-    bytes = (*mech->encode)(app_data, from, length, data_prot, &buf);
-    bytes = htonl(bytes);
-    block_write(fd, &bytes, sizeof(bytes));
-    block_write(fd, buf, ntohl(bytes));
-    free(buf);
-    return length;
-}
-
-int
-sec_fflush(FILE *F)
-{
-    if(data_prot != prot_clear) {
-	if(out_buffer.index > 0){
-	    sec_write(fileno(F), out_buffer.data, out_buffer.index);
-	    out_buffer.index = 0;
-	}
-	sec_send(fileno(F), NULL, 0);
-    }
-    fflush(F);
-    return 0;
-}
-
-int
-sec_write(int fd, char *dataptr, int length)
-{
-    int len = buffer_size;
-    int tx = 0;
-      
-    if(data_prot == prot_clear)
-	return write(fd, dataptr, length);
-
-    len -= (*mech->overhead)(app_data, data_prot, len);
-    while(length){
-	if(length < len)
-	    len = length;
-	sec_send(fd, dataptr, len);
-	length -= len;
-	dataptr += len;
-	tx += len;
-    }
-    return tx;
-}
-
-int
-sec_vfprintf2(FILE *f, const char *fmt, va_list ap)
-{
-    char *buf;
-    int ret;
-    if(data_prot == prot_clear)
-	return vfprintf(f, fmt, ap);
-    else {
-	int len;
-	len = vasprintf(&buf, fmt, ap);
-	if (len == -1)
-	    return len;
-	ret = buffer_write(&out_buffer, buf, len);
-	free(buf);
-	return ret;
-    }
-}
-
-int
-sec_fprintf2(FILE *f, const char *fmt, ...)
-{
-    int ret;
-    va_list ap;
-    va_start(ap, fmt);
-    ret = sec_vfprintf2(f, fmt, ap);
-    va_end(ap);
-    return ret;
-}
-
-int
-sec_putc(int c, FILE *F)
-{
-    char ch = c;
-    if(data_prot == prot_clear)
-	return putc(c, F);
-    
-    buffer_write(&out_buffer, &ch, 1);
-    if(c == '\n' || out_buffer.index >= 1024 /* XXX */) {
-	sec_write(fileno(F), out_buffer.data, out_buffer.index);
-	out_buffer.index = 0;
-    }
-    return c;
-}
-
-int
-sec_read_msg(char *s, int level)
-{
-    int len;
-    char *buf;
-    int return_code;
-    
-    buf = malloc(strlen(s));
-    len = base64_decode(s + 4, buf); /* XXX */
-    
-    len = (*mech->decode)(app_data, buf, len, level);
-    if(len < 0)
-	return -1;
-    
-    buf[len] = '\0';
-
-    if(buf[3] == '-')
-	return_code = 0;
-    else
-	sscanf(buf, "%d", &return_code);
-    if(buf[len-1] == '\n')
-	buf[len-1] = '\0';
-    strcpy(s, buf);
-    free(buf);
-    return return_code;
-}
-
-int
-sec_vfprintf(FILE *f, const char *fmt, va_list ap)
-{
-    char *buf;
-    void *enc;
-    int len;
-    if(!sec_complete)
-	return vfprintf(f, fmt, ap);
-    
-    if (vasprintf(&buf, fmt, ap) == -1) {
-	printf("Failed to allocate command.\n");
-	return -1;
-    }
-    len = (*mech->encode)(app_data, buf, strlen(buf), command_prot, &enc);
-    free(buf);
-    if(len < 0) {
-	printf("Failed to encode command.\n");
-	return -1;
-    }
-    if(base64_encode(enc, len, &buf) < 0){
-	free(enc);
-	printf("Out of memory base64-encoding.\n");
-	return -1;
-    }
-    free(enc);
-#ifdef FTP_SERVER
-    if(command_prot == prot_safe)
-	fprintf(f, "631 %s\r\n", buf);
-    else if(command_prot == prot_private)
-	fprintf(f, "632 %s\r\n", buf);
-    else if(command_prot == prot_confidential)
-	fprintf(f, "633 %s\r\n", buf);
-#else
-    if(command_prot == prot_safe)
-	fprintf(f, "MIC %s", buf);
-    else if(command_prot == prot_private)
-	fprintf(f, "ENC %s", buf);
-    else if(command_prot == prot_confidential)
-	fprintf(f, "CONF %s", buf);
-#endif
-    free(buf);
-    return 0;
-}
-
-int
-sec_fprintf(FILE *f, const char *fmt, ...)
-{
-    va_list ap;
-    int ret;
-    va_start(ap, fmt);
-    ret = sec_vfprintf(f, fmt, ap);
-    va_end(ap);
-    return ret;
-}
-
-/* end common stuff */
-
-#ifdef FTP_SERVER
-
-int ccc_passed;
-
-void
-auth(char *auth_name)
-{
-    int i;
-    void *tmp;
-
-    for(i = 0; (mech = mechs[i]) != NULL; i++){
-	if(!strcasecmp(auth_name, mech->name)){
-	    tmp = realloc(app_data, mech->size);
-	    if (tmp == NULL) {
-		reply(431, "Unable to accept %s at this time", mech->name);
-		return;
-	    }
-	    app_data = tmp;
-
-	    if(mech->init && (*mech->init)(app_data) != 0) {
-		reply(431, "Unable to accept %s at this time", mech->name);
-		return;
-	    }
-	    if(mech->auth) {
-		(*mech->auth)(app_data);
-		return;
-	    }
-	    if(mech->adat)
-		reply(334, "Send authorization data.");
-	    else
-		reply(234, "Authorization complete.");
-	    return;
-	}
-    }
-    free (app_data);
-    app_data = NULL;
-    reply(504, "%s is unknown to me", auth_name);
-}
-
-void
-adat(char *auth_data)
-{
-    if(mech && !sec_complete) {
-	void *buf = malloc(strlen(auth_data));
-	size_t len;
-	len = base64_decode(auth_data, buf);
-	(*mech->adat)(app_data, buf, len);
-	free(buf);
-    } else
-	reply(503, "You must %sissue an AUTH first.", mech ? "re-" : "");
-}
-
-void pbsz(int size)
-{
-    size_t new = size;
-    if(!sec_complete)
-	reply(503, "Incomplete security data exchange.");
-    if(mech->pbsz)
-	new = (*mech->pbsz)(app_data, size);
-    if(buffer_size != new){
-	buffer_size = size;
-    }
-    if(new != size)
-	reply(200, "PBSZ=%lu", (unsigned long)new);
-    else
-	reply(200, "OK");
-}
-
-void
-prot(char *pl)
-{
-    int p = -1;
-
-    if(buffer_size == 0){
-	reply(503, "No protection buffer size negotiated.");
-	return;
-    }
-
-    if(!strcasecmp(pl, "C"))
-	p = prot_clear;
-    else if(!strcasecmp(pl, "S"))
-	p = prot_safe;
-    else if(!strcasecmp(pl, "E"))
-	p = prot_confidential;
-    else if(!strcasecmp(pl, "P"))
-	p = prot_private;
-    else {
-	reply(504, "Unrecognized protection level.");
-	return;
-    }
-    
-    if(sec_complete){
-	if((*mech->check_prot)(app_data, p)){
-	    reply(536, "%s does not support %s protection.", 
-		  mech->name, level_to_name(p));
-	}else{
-	    data_prot = (enum protection_level)p;
-	    reply(200, "Data protection is %s.", level_to_name(p));
-	}
-    }else{
-	reply(503, "Incomplete security data exchange.");
-    }
-}
-
-void ccc(void)
-{
-    if(sec_complete){
-	if(mech->ccc && (*mech->ccc)(app_data) == 0) {
-	    command_prot = data_prot = prot_clear;
-	    ccc_passed = 1;
-	} else
-	    reply(534, "You must be joking.");
-    }else
-	reply(503, "Incomplete security data exchange.");
-}
-
-void mec(char *msg, enum protection_level level)
-{
-    void *buf;
-    size_t len, buf_size;
-    if(!sec_complete) {
-	reply(503, "Incomplete security data exchange.");
-	return;
-    }
-    buf_size = strlen(msg) + 2;
-    buf = malloc(buf_size);
-    len = base64_decode(msg, buf);
-    command_prot = level;
-    if(len == (size_t)-1) {
-	reply(501, "Failed to base64-decode command");
-	return;
-    }
-    len = (*mech->decode)(app_data, buf, len, level);
-    if(len == (size_t)-1) {
-	reply(535, "Failed to decode command");
-	return;
-    }
-    ((char*)buf)[len] = '\0';
-    if(strstr((char*)buf, "\r\n") == NULL)
-	strlcat((char*)buf, "\r\n", buf_size);
-    new_ftp_command(buf);
-}
-
-/* ------------------------------------------------------------ */
-
-int
-sec_userok(char *userstr)
-{
-    if(sec_complete)
-	return (*mech->userok)(app_data, userstr);
-    return 0;
-}
-
-int
-sec_session(char *user)
-{
-    if(sec_complete && mech->session)
-	return (*mech->session)(app_data, user);
-    return 0;
-}
-
-char *ftp_command;
-
-void
-new_ftp_command(char *command)
-{
-    ftp_command = command;
-}
-
-void
-delete_ftp_command(void)
-{
-    free(ftp_command);
-    ftp_command = NULL;
-}
-
-int
-secure_command(void)
-{
-    return ftp_command != NULL;
-}
-
-enum protection_level
-get_command_prot(void)
-{
-    return command_prot;
-}
-
-#else /* FTP_SERVER */
-
-void
-sec_status(void)
-{
-    if(sec_complete){
-	printf("Using %s for authentication.\n", mech->name);
-	printf("Using %s command channel.\n", level_to_name(command_prot));
-	printf("Using %s data channel.\n", level_to_name(data_prot));
-	if(buffer_size > 0)
-	    printf("Protection buffer size: %lu.\n", 
-		   (unsigned long)buffer_size);
-    }else{
-	printf("Not using any security mechanism.\n");
-    }
-}
-
-static int
-sec_prot_internal(int level)
-{
-    int ret;
-    char *p;
-    unsigned int s = 1048576;
-
-    int old_verbose = verbose;
-    verbose = 0;
-
-    if(!sec_complete){
-	printf("No security data exchange has taken place.\n");
-	return -1;
-    }
-
-    if(level){
-	ret = command("PBSZ %u", s);
-	if(ret != COMPLETE){
-	    printf("Failed to set protection buffer size.\n");
-	    return -1;
-	}
-	buffer_size = s;
-	p = strstr(reply_string, "PBSZ=");
-	if(p)
-	    sscanf(p, "PBSZ=%u", &s);
-	if(s < buffer_size)
-	    buffer_size = s;
-    }
-    verbose = old_verbose;
-    ret = command("PROT %c", level["CSEP"]); /* XXX :-) */
-    if(ret != COMPLETE){
-	printf("Failed to set protection level.\n");
-	return -1;
-    }
-    
-    data_prot = (enum protection_level)level;
-    return 0;
-}
-
-enum protection_level
-set_command_prot(enum protection_level level)
-{
-    int ret;
-    enum protection_level old = command_prot;
-    if(level != command_prot && level == prot_clear) {
-	ret = command("CCC");
-	if(ret != COMPLETE) {
-	    printf("Failed to clear command channel.\n");
-	    return -1;
-	}
-    }
-    command_prot = level;
-    return old;
-}
-
-void
-sec_prot(int argc, char **argv)
-{
-    int level = -1;
-
-    if(argc > 3)
-	goto usage;
-
-    if(argc == 1) {
-	sec_status();
-	return;
-    }
-    if(!sec_complete) {
-	printf("No security data exchange has taken place.\n");
-	code = -1;
-	return;
-    }
-    level = name_to_level(argv[argc - 1]);
-    
-    if(level == -1)
-	goto usage;
-    
-    if((*mech->check_prot)(app_data, level)) {
-	printf("%s does not implement %s protection.\n", 
-	       mech->name, level_to_name(level));
-	code = -1;
-	return;
-    }
-    
-    if(argc == 2 || strncasecmp(argv[1], "data", strlen(argv[1])) == 0) {
-	if(sec_prot_internal(level) < 0){
-	    code = -1;
-	    return;
-	}
-    } else if(strncasecmp(argv[1], "command", strlen(argv[1])) == 0) {
-	if(set_command_prot(level) < 0) {
-	    code = -1;
-	    return;
-	}
-    } else
-	goto usage;
-    code = 0;
-    return;
- usage:
-    printf("usage: %s [command|data] [clear|safe|confidential|private]\n",
-	   argv[0]);
-    code = -1;
-}
-
-void
-sec_prot_command(int argc, char **argv)
-{
-    int level;
-
-    if(argc > 2)
-	goto usage;
-
-    if(!sec_complete) {
-	printf("No security data exchange has taken place.\n");
-	code = -1;
-	return;
-    }
-
-    if(argc == 1) {
-	sec_status();
-    } else {
-	level = name_to_level(argv[1]);
-	if(level == -1)
-	    goto usage;
-    
-	if((*mech->check_prot)(app_data, level)) {
-	    printf("%s does not implement %s protection.\n", 
-		   mech->name, level_to_name(level));
-	    code = -1;
-	    return;
-	}
-	if(set_command_prot(level) < 0) {
-	    code = -1;
-	    return;
-	}
-    }
-    code = 0;
-    return;
- usage:
-    printf("usage: %s [clear|safe|confidential|private]\n",
-	   argv[0]);
-    code = -1;
-}
-
-static enum protection_level request_data_prot;
-
-void
-sec_set_protection_level(void)
-{
-    if(sec_complete && data_prot != request_data_prot)
-	sec_prot_internal(request_data_prot);
-}
-
-
-int
-sec_request_prot(char *level)
-{
-    int l = name_to_level(level);
-    if(l == -1)
-	return -1;
-    request_data_prot = (enum protection_level)l;
-    return 0;
-}
-
-int
-sec_login(char *host)
-{
-    int ret;
-    struct sec_client_mech **m;
-    int old_verbose = verbose;
-
-    verbose = -1; /* shut up all messages this will produce (they
-		     are usually not very user friendly) */
-    
-    for(m = mechs; *m && (*m)->name; m++) {
-	void *tmp;
-
-	tmp = realloc(app_data, (*m)->size);
-	if (tmp == NULL) {
-	    warnx ("realloc %lu failed", (unsigned long)(*m)->size);
-	    return -1;
-	}
-	app_data = tmp;
-	    
-	if((*m)->init && (*(*m)->init)(app_data) != 0) {
-	    printf("Skipping %s...\n", (*m)->name);
-	    continue;
-	}
-	printf("Trying %s...\n", (*m)->name);
-	ret = command("AUTH %s", (*m)->name);
-	if(ret != CONTINUE){
-	    if(code == 504){
-		printf("%s is not supported by the server.\n", (*m)->name);
-	    }else if(code == 534){
-		printf("%s rejected as security mechanism.\n", (*m)->name);
-	    }else if(ret == ERROR) {
-		printf("The server doesn't support the FTP "
-		       "security extensions.\n");
-		verbose = old_verbose;
-		return -1;
-	    }
-	    continue;
-	}
-
-	ret = (*(*m)->auth)(app_data, host);
-	
-	if(ret == AUTH_CONTINUE)
-	    continue;
-	else if(ret != AUTH_OK){
-	    /* mechanism is supposed to output error string */
-	    verbose = old_verbose;
-	    return -1;
-	}
-	mech = *m;
-	sec_complete = 1;
-	if(doencrypt) {
-	    command_prot = prot_private;
-	    request_data_prot = prot_private; 
-	} else {
-	    command_prot = prot_safe;
-	}
-	break;
-    }
-    
-    verbose = old_verbose;
-    return *m == NULL;
-}
-
-void
-sec_end(void)
-{
-    if (mech != NULL) {
-	if(mech->end)
-	    (*mech->end)(app_data);
-	if (app_data != NULL) {
-	    memset(app_data, 0, mech->size);
-	    free(app_data);
-	    app_data = NULL;
-	}
-    }
-    sec_complete = 0;
-    data_prot = (enum protection_level)0;
-}
-
-#endif /* FTP_SERVER */
-
diff --git a/crypto/heimdal/appl/ftp/ftp/security.h b/crypto/heimdal/appl/ftp/ftp/security.h
deleted file mode 100644
index 85ba23eee0ba..000000000000
--- a/crypto/heimdal/appl/ftp/ftp/security.h
+++ /dev/null
@@ -1,140 +0,0 @@
-/*
- * Copyright (c) 1998 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: security.h 21224 2007-06-20 10:15:13Z lha $ */
-
-#ifndef __security_h__
-#define __security_h__
-
-enum protection_level { 
-    prot_clear, 
-    prot_safe, 
-    prot_confidential, 
-    prot_private 
-};
-
-struct sec_client_mech {
-    char *name;
-    size_t size;
-    int (*init)(void *);
-    int (*auth)(void *, char*);
-    void (*end)(void *);
-    int (*check_prot)(void *, int);
-    int (*overhead)(void *, int, int);
-    int (*encode)(void *, void*, int, int, void**);
-    int (*decode)(void *, void*, int, int);
-};
-
-struct sec_server_mech {
-    char *name;
-    size_t size;
-    int (*init)(void *);
-    void (*end)(void *);
-    int (*check_prot)(void *, int);
-    int (*overhead)(void *, int, int);
-    int (*encode)(void *, void*, int, int, void**);
-    int (*decode)(void *, void*, int, int);
-
-    int (*auth)(void *);
-    int (*adat)(void *, void*, size_t);
-    size_t (*pbsz)(void *, size_t);
-    int (*ccc)(void*);
-    int (*userok)(void*, char*);
-    int (*session)(void*, char*);
-};
-
-#define AUTH_OK		0
-#define AUTH_CONTINUE	1
-#define AUTH_ERROR	2
-
-extern int ftp_do_gss_bindings;
-extern int ftp_do_gss_delegate;
-#ifdef FTP_SERVER
-extern struct sec_server_mech krb4_server_mech, gss_server_mech;
-#else
-extern struct sec_client_mech krb4_client_mech, gss_client_mech;
-#endif
-
-extern int sec_complete;
-
-#ifdef FTP_SERVER
-extern char *ftp_command;
-void new_ftp_command(char*);
-void delete_ftp_command(void);
-#endif
-
-/* ---- */
-
-
-int sec_fflush (FILE *);
-int sec_fprintf (FILE *, const char *, ...)
-    __attribute__ ((format (printf, 2,3)));
-int sec_getc (FILE *);
-int sec_putc (int, FILE *);
-int sec_read (int, void *, int);
-int sec_read_msg (char *, int);
-int sec_vfprintf (FILE *, const char *, va_list)
-    __attribute__ ((format (printf, 2,0)));
-int sec_fprintf2(FILE *f, const char *fmt, ...)
-    __attribute__ ((format (printf, 2,3)));
-int sec_vfprintf2(FILE *, const char *, va_list)
-    __attribute__ ((format (printf, 2,0)));
-int sec_write (int, char *, int);
-
-#ifdef FTP_SERVER
-void adat (char *);
-void auth (char *);
-void ccc (void);
-void mec (char *, enum protection_level);
-void pbsz (int);
-void prot (char *);
-void delete_ftp_command (void);
-void new_ftp_command (char *);
-int sec_userok (char *);
-int sec_session(char *);
-int secure_command (void);
-enum protection_level get_command_prot(void);
-#else
-void sec_end (void);
-int sec_login (char *);
-void sec_prot (int, char **);
-void sec_prot_command (int, char **);
-int sec_request_prot (char *);
-void sec_set_protection_level (void);
-void sec_status (void);
-
-enum protection_level set_command_prot(enum protection_level);
-
-#endif
-
-#endif /* __security_h__ */  
diff --git a/crypto/heimdal/appl/ftp/ftpd/Makefile.am b/crypto/heimdal/appl/ftp/ftpd/Makefile.am
deleted file mode 100644
index b40487630409..000000000000
--- a/crypto/heimdal/appl/ftp/ftpd/Makefile.am
+++ /dev/null
@@ -1,59 +0,0 @@
-# $Id: Makefile.am 21031 2007-06-09 05:00:27Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-AM_CPPFLAGS += -I$(srcdir)/../common $(INCLUDE_krb4) -DFTP_SERVER
-
-libexec_PROGRAMS = ftpd
-
-CHECK_LOCAL = 
-
-if KRB4
-krb4_sources = krb4.c
-endif
-if KRB5
-krb5_sources = gssapi.c gss_userok.c
-endif
-
-ftpd_SOURCES =		\
-	extern.h	\
-	ftpcmd.y	\
-	ftpd.c		\
-	ftpd_locl.h	\
-	logwtmp.c	\
-	ls.c		\
-	pathnames.h	\
-	popen.c		\
-	security.c	\
-	kauth.c		\
-	klist.c		\
-	$(krb4_sources) \
-	$(krb5_sources)
-
-EXTRA_ftpd_SOURCES = krb4.c kauth.c gssapi.c gss_userok.c
-
-$(ftpd_OBJECTS): security.h
-
-security.c:
-	@test -f security.c || $(LN_S) $(srcdir)/../ftp/security.c .
-security.h:
-	@test -f security.h || $(LN_S) $(srcdir)/../ftp/security.h .
-krb4.c:
-	@test -f krb4.c || $(LN_S) $(srcdir)/../ftp/krb4.c .
-gssapi.c:
-	@test -f gssapi.c || $(LN_S) $(srcdir)/../ftp/gssapi.c .
-
-CLEANFILES = security.c security.h krb4.c gssapi.c
-
-man_MANS = ftpd.8 ftpusers.5
-
-LDADD = ../common/libcommon.a \
-	$(LIB_otp) \
-	$(LIB_gssapi) \
-	$(LIB_krb5) \
-	$(LIB_kafs) \
-	$(LIB_krb4) \
-	$(LIB_hcrypto) \
-	$(LIB_roken)
-
-EXTRA_DIST = $(man_MANS)
diff --git a/crypto/heimdal/appl/ftp/ftpd/Makefile.in b/crypto/heimdal/appl/ftp/ftpd/Makefile.in
deleted file mode 100644
index c7a6a8fce070..000000000000
--- a/crypto/heimdal/appl/ftp/ftpd/Makefile.in
+++ /dev/null
@@ -1,939 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 21031 2007-06-09 05:00:27Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common ftpcmd.c
-libexec_PROGRAMS = ftpd$(EXEEXT)
-subdir = appl/ftp/ftpd
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-am__installdirs = "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man5dir)" \
-	"$(DESTDIR)$(man8dir)"
-libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-PROGRAMS = $(libexec_PROGRAMS)
-am__ftpd_SOURCES_DIST = extern.h ftpcmd.y ftpd.c ftpd_locl.h logwtmp.c \
-	ls.c pathnames.h popen.c security.c kauth.c klist.c krb4.c \
-	gssapi.c gss_userok.c
-@KRB4_TRUE@am__objects_1 = krb4.$(OBJEXT)
-@KRB5_TRUE@am__objects_2 = gssapi.$(OBJEXT) gss_userok.$(OBJEXT)
-am_ftpd_OBJECTS = ftpcmd.$(OBJEXT) ftpd.$(OBJEXT) logwtmp.$(OBJEXT) \
-	ls.$(OBJEXT) popen.$(OBJEXT) security.$(OBJEXT) \
-	kauth.$(OBJEXT) klist.$(OBJEXT) $(am__objects_1) \
-	$(am__objects_2)
-ftpd_OBJECTS = $(am_ftpd_OBJECTS)
-ftpd_LDADD = $(LDADD)
-am__DEPENDENCIES_1 =
-am__DEPENDENCIES_2 = $(top_builddir)/lib/kafs/libkafs.la \
-	$(am__DEPENDENCIES_1)
-ftpd_DEPENDENCIES = ../common/libcommon.a $(am__DEPENDENCIES_1) \
-	$(LIB_gssapi) $(LIB_krb5) $(am__DEPENDENCIES_2) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-@MAINTAINER_MODE_FALSE@am__skipyacc = test -f $@ ||
-YACCCOMPILE = $(YACC) $(YFLAGS) $(AM_YFLAGS)
-LTYACCCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(YACC) $(YFLAGS) $(AM_YFLAGS)
-YLWRAP = $(top_srcdir)/ylwrap
-SOURCES = $(ftpd_SOURCES) $(EXTRA_ftpd_SOURCES)
-DIST_SOURCES = $(am__ftpd_SOURCES_DIST) $(EXTRA_ftpd_SOURCES)
-man5dir = $(mandir)/man5
-man8dir = $(mandir)/man8
-MANS = $(man_MANS)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
-	-I$(srcdir)/../common $(INCLUDE_krb4) -DFTP_SERVER
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-CHECK_LOCAL = 
-@KRB4_TRUE@krb4_sources = krb4.c
-@KRB5_TRUE@krb5_sources = gssapi.c gss_userok.c
-ftpd_SOURCES = \
-	extern.h	\
-	ftpcmd.y	\
-	ftpd.c		\
-	ftpd_locl.h	\
-	logwtmp.c	\
-	ls.c		\
-	pathnames.h	\
-	popen.c		\
-	security.c	\
-	kauth.c		\
-	klist.c		\
-	$(krb4_sources) \
-	$(krb5_sources)
-
-EXTRA_ftpd_SOURCES = krb4.c kauth.c gssapi.c gss_userok.c
-CLEANFILES = security.c security.h krb4.c gssapi.c
-man_MANS = ftpd.8 ftpusers.5
-LDADD = ../common/libcommon.a \
-	$(LIB_otp) \
-	$(LIB_gssapi) \
-	$(LIB_krb5) \
-	$(LIB_kafs) \
-	$(LIB_krb4) \
-	$(LIB_hcrypto) \
-	$(LIB_roken)
-
-EXTRA_DIST = $(man_MANS)
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj .y
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps appl/ftp/ftpd/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps appl/ftp/ftpd/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-install-libexecPROGRAMS: $(libexec_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)"
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(libexecdir)/$$f'"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(libexecdir)/$$f" || exit 1; \
-	  else :; fi; \
-	done
-
-uninstall-libexecPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f '$(DESTDIR)$(libexecdir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(libexecdir)/$$f"; \
-	done
-
-clean-libexecPROGRAMS:
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-ftpd$(EXEEXT): $(ftpd_OBJECTS) $(ftpd_DEPENDENCIES) 
-	@rm -f ftpd$(EXEEXT)
-	$(LINK) $(ftpd_OBJECTS) $(ftpd_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-.y.c:
-	$(am__skipyacc) $(SHELL) $(YLWRAP) $< y.tab.c $@ y.tab.h $*.h y.output $*.output -- $(YACCCOMPILE)
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-man5: $(man5_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)"
-	@list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.5*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    5*) ;; \
-	    *) ext='5' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \
-	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst"; \
-	done
-uninstall-man5:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.5*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    5*) ;; \
-	    *) ext='5' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f '$(DESTDIR)$(man5dir)/$$inst'"; \
-	  rm -f "$(DESTDIR)$(man5dir)/$$inst"; \
-	done
-install-man8: $(man8_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    8*) ;; \
-	    *) ext='8' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
-	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
-	done
-uninstall-man8:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    8*) ;; \
-	    *) ext='8' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
-	  rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-installdirs:
-	for dir in "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-	-rm -f ftpcmd.c
-clean: clean-am
-
-clean-am: clean-generic clean-libexecPROGRAMS clean-libtool \
-	mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am: install-libexecPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man: install-man5 install-man8
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-libexecPROGRAMS uninstall-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-uninstall-man: uninstall-man5 uninstall-man8
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
-	clean clean-generic clean-libexecPROGRAMS clean-libtool ctags \
-	dist-hook distclean distclean-compile distclean-generic \
-	distclean-libtool distclean-tags distdir dvi dvi-am html \
-	html-am info info-am install install-am install-data \
-	install-data-am install-data-hook install-dvi install-dvi-am \
-	install-exec install-exec-am install-exec-hook install-html \
-	install-html-am install-info install-info-am \
-	install-libexecPROGRAMS install-man install-man5 install-man8 \
-	install-pdf install-pdf-am install-ps install-ps-am \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
-	pdf pdf-am ps ps-am tags uninstall uninstall-am uninstall-hook \
-	uninstall-libexecPROGRAMS uninstall-man uninstall-man5 \
-	uninstall-man8
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-$(ftpd_OBJECTS): security.h
-
-security.c:
-	@test -f security.c || $(LN_S) $(srcdir)/../ftp/security.c .
-security.h:
-	@test -f security.h || $(LN_S) $(srcdir)/../ftp/security.h .
-krb4.c:
-	@test -f krb4.c || $(LN_S) $(srcdir)/../ftp/krb4.c .
-gssapi.c:
-	@test -f gssapi.c || $(LN_S) $(srcdir)/../ftp/gssapi.c .
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/ftp/ftpd/extern.h b/crypto/heimdal/appl/ftp/ftpd/extern.h
deleted file mode 100644
index db40f2fdd21d..000000000000
--- a/crypto/heimdal/appl/ftp/ftpd/extern.h
+++ /dev/null
@@ -1,148 +0,0 @@
-/*-
- * Copyright (c) 1992, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)extern.h	8.2 (Berkeley) 4/4/94
- */
-
-#ifndef _EXTERN_H_
-#define _EXTERN_H_
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-
-#include <stdio.h>
-#include <stdarg.h>
-#ifdef HAVE_PWD_H
-#include <pwd.h>
-#endif
-
-#ifdef HAVE_LIMITS_H
-#include <limits.h>
-#endif
-
-#ifndef NBBY
-#define NBBY CHAR_BIT
-#endif
-
-void	abor(void);
-void	blkfree(char **);
-char  **copyblk(char **);
-void	cwd(char *);
-void	do_delete(char *);
-void	dologout(int);
-void	eprt(char *);
-void	epsv(char *);
-void	fatal(char *);
-int	filename_check(char *);
-int	ftpd_pclose(FILE *);
-FILE   *ftpd_popen(char *, char *, int, int);
-char   *ftpd_getline(char *, int);
-void	ftpd_logwtmp(char *, char *, char *);
-void	lreply(int, const char *, ...)
-    __attribute__ ((format (printf, 2, 3)));
-void	makedir(char *);
-void	nack(char *);
-void	nreply(const char *, ...)
-    __attribute__ ((format (printf, 1, 2)));
-void	pass(char *);
-void	pasv(void);
-void	perror_reply(int, const char *);
-void	pwd(void);
-void	removedir(char *);
-void	renamecmd(char *, char *);
-char   *renamefrom(char *);
-void	reply(int, const char *, ...)
-    __attribute__ ((format (printf, 2, 3)));
-void	retrieve(const char *, char *);
-void	send_file_list(char *);
-void	setproctitle(const char *, ...)
-    __attribute__ ((format (printf, 1, 2)));
-void	statcmd(void);
-void	statfilecmd(char *);
-void	do_store(char *, char *, int);
-void	upper(char *);
-void	user(char *);
-void	yyerror(char *);
-
-void	list_file(char*);
-
-void	kauth(char *, char*);
-void	klist(void);
-void	cond_kdestroy(void);
-void	kdestroy(void);
-void	krbtkfile(const char *tkfile);
-void	afslog(const char *, int);
-void	afsunlog(void);
-
-extern int do_destroy_tickets;
-extern char *k5ccname;
-
-int	find(char *);
-
-int	builtin_ls(FILE*, const char*);
-
-int	do_login(int code, char *passwd);
-int	klogin(char *name, char *password);
-
-const char *ftp_rooted(const char *path);
-
-extern struct sockaddr *ctrl_addr, *his_addr;
-extern char hostname[];
-
-extern	struct sockaddr *data_dest;
-extern	int logged_in;
-extern	struct passwd *pw;
-extern	int guest;
-extern	int logging;
-extern	int type;
-extern off_t file_size;
-extern off_t byte_count;
-extern	int ccc_passed;
-
-extern	int form;
-extern	int debug;
-extern	int ftpd_timeout;
-extern	int maxtimeout;
-extern  int pdata;
-extern	char hostname[], remotehost[];
-extern	char proctitle[];
-extern	int usedefault;
-extern  char tmpline[];
-
-#endif /* _EXTERN_H_ */
diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpcmd.c b/crypto/heimdal/appl/ftp/ftpd/ftpcmd.c
deleted file mode 100644
index 94eadeeec92e..000000000000
--- a/crypto/heimdal/appl/ftp/ftpd/ftpcmd.c
+++ /dev/null
@@ -1,3551 +0,0 @@
-/* A Bison parser, made by GNU Bison 2.3.  */
-
-/* Skeleton implementation for Bison's Yacc-like parsers in C
-
-   Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
-   Free Software Foundation, Inc.
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2, or (at your option)
-   any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 51 Franklin Street, Fifth Floor,
-   Boston, MA 02110-1301, USA.  */
-
-/* As a special exception, you may create a larger work that contains
-   part or all of the Bison parser skeleton and distribute that work
-   under terms of your choice, so long as that work isn't itself a
-   parser generator using the skeleton or a modified version thereof
-   as a parser skeleton.  Alternatively, if you modify or redistribute
-   the parser skeleton itself, you may (at your option) remove this
-   special exception, which will cause the skeleton and the resulting
-   Bison output files to be licensed under the GNU General Public
-   License without this special exception.
-
-   This special exception was added by the Free Software Foundation in
-   version 2.2 of Bison.  */
-
-/* C LALR(1) parser skeleton written by Richard Stallman, by
-   simplifying the original so-called "semantic" parser.  */
-
-/* All symbols defined below should begin with yy or YY, to avoid
-   infringing on user name space.  This should be done even for local
-   variables, as they might otherwise be expanded by user macros.
-   There are some unavoidable exceptions within include files to
-   define necessary library symbols; they are noted "INFRINGES ON
-   USER NAME SPACE" below.  */
-
-/* Identify Bison output.  */
-#define YYBISON 1
-
-/* Bison version.  */
-#define YYBISON_VERSION "2.3"
-
-/* Skeleton name.  */
-#define YYSKELETON_NAME "yacc.c"
-
-/* Pure parsers.  */
-#define YYPURE 0
-
-/* Using locations.  */
-#define YYLSP_NEEDED 0
-
-
-
-/* Tokens.  */
-#ifndef YYTOKENTYPE
-# define YYTOKENTYPE
-   /* Put the tokens into the symbol table, so that GDB and other debuggers
-      know about them.  */
-   enum yytokentype {
-     A = 258,
-     B = 259,
-     C = 260,
-     E = 261,
-     F = 262,
-     I = 263,
-     L = 264,
-     N = 265,
-     P = 266,
-     R = 267,
-     S = 268,
-     T = 269,
-     SP = 270,
-     CRLF = 271,
-     COMMA = 272,
-     USER = 273,
-     PASS = 274,
-     ACCT = 275,
-     REIN = 276,
-     QUIT = 277,
-     PORT = 278,
-     PASV = 279,
-     TYPE = 280,
-     STRU = 281,
-     MODE = 282,
-     RETR = 283,
-     STOR = 284,
-     APPE = 285,
-     MLFL = 286,
-     MAIL = 287,
-     MSND = 288,
-     MSOM = 289,
-     MSAM = 290,
-     MRSQ = 291,
-     MRCP = 292,
-     ALLO = 293,
-     REST = 294,
-     RNFR = 295,
-     RNTO = 296,
-     ABOR = 297,
-     DELE = 298,
-     CWD = 299,
-     LIST = 300,
-     NLST = 301,
-     SITE = 302,
-     sTAT = 303,
-     HELP = 304,
-     NOOP = 305,
-     MKD = 306,
-     RMD = 307,
-     PWD = 308,
-     CDUP = 309,
-     STOU = 310,
-     SMNT = 311,
-     SYST = 312,
-     SIZE = 313,
-     MDTM = 314,
-     EPRT = 315,
-     EPSV = 316,
-     UMASK = 317,
-     IDLE = 318,
-     CHMOD = 319,
-     AUTH = 320,
-     ADAT = 321,
-     PROT = 322,
-     PBSZ = 323,
-     CCC = 324,
-     MIC = 325,
-     CONF = 326,
-     ENC = 327,
-     KAUTH = 328,
-     KLIST = 329,
-     KDESTROY = 330,
-     KRBTKFILE = 331,
-     AFSLOG = 332,
-     LOCATE = 333,
-     URL = 334,
-     FEAT = 335,
-     OPTS = 336,
-     LEXERR = 337,
-     STRING = 338,
-     NUMBER = 339
-   };
-#endif
-/* Tokens.  */
-#define A 258
-#define B 259
-#define C 260
-#define E 261
-#define F 262
-#define I 263
-#define L 264
-#define N 265
-#define P 266
-#define R 267
-#define S 268
-#define T 269
-#define SP 270
-#define CRLF 271
-#define COMMA 272
-#define USER 273
-#define PASS 274
-#define ACCT 275
-#define REIN 276
-#define QUIT 277
-#define PORT 278
-#define PASV 279
-#define TYPE 280
-#define STRU 281
-#define MODE 282
-#define RETR 283
-#define STOR 284
-#define APPE 285
-#define MLFL 286
-#define MAIL 287
-#define MSND 288
-#define MSOM 289
-#define MSAM 290
-#define MRSQ 291
-#define MRCP 292
-#define ALLO 293
-#define REST 294
-#define RNFR 295
-#define RNTO 296
-#define ABOR 297
-#define DELE 298
-#define CWD 299
-#define LIST 300
-#define NLST 301
-#define SITE 302
-#define sTAT 303
-#define HELP 304
-#define NOOP 305
-#define MKD 306
-#define RMD 307
-#define PWD 308
-#define CDUP 309
-#define STOU 310
-#define SMNT 311
-#define SYST 312
-#define SIZE 313
-#define MDTM 314
-#define EPRT 315
-#define EPSV 316
-#define UMASK 317
-#define IDLE 318
-#define CHMOD 319
-#define AUTH 320
-#define ADAT 321
-#define PROT 322
-#define PBSZ 323
-#define CCC 324
-#define MIC 325
-#define CONF 326
-#define ENC 327
-#define KAUTH 328
-#define KLIST 329
-#define KDESTROY 330
-#define KRBTKFILE 331
-#define AFSLOG 332
-#define LOCATE 333
-#define URL 334
-#define FEAT 335
-#define OPTS 336
-#define LEXERR 337
-#define STRING 338
-#define NUMBER 339
-
-
-
-
-/* Copy the first part of user declarations.  */
-#line 43 "ftpcmd.y"
-
-
-#include "ftpd_locl.h"
-RCSID("$Id: ftpcmd.y 15677 2005-07-19 18:33:08Z lha $");
-
-off_t	restart_point;
-
-static	int hasyyerrored;
-
-
-static	int cmd_type;
-static	int cmd_form;
-static	int cmd_bytesz;
-char	cbuf[64*1024];
-char	*fromname;
-
-struct tab {
-	char	*name;
-	short	token;
-	short	state;
-	short	implemented;	/* 1 if command is implemented */
-	char	*help;
-};
-
-extern struct tab cmdtab[];
-extern struct tab sitetab[];
-
-static char		*copy (char *);
-static void		 help (struct tab *, char *);
-static struct tab *
-			 lookup (struct tab *, char *);
-static void		 sizecmd (char *);
-static RETSIGTYPE	 toolong (int);
-static int		 yylex (void);
-
-/* This is for bison */
-
-#if !defined(alloca) && !defined(HAVE_ALLOCA)
-#define alloca(x) malloc(x)
-#endif
-
-
-
-/* Enabling traces.  */
-#ifndef YYDEBUG
-# define YYDEBUG 0
-#endif
-
-/* Enabling verbose error messages.  */
-#ifdef YYERROR_VERBOSE
-# undef YYERROR_VERBOSE
-# define YYERROR_VERBOSE 1
-#else
-# define YYERROR_VERBOSE 0
-#endif
-
-/* Enabling the token table.  */
-#ifndef YYTOKEN_TABLE
-# define YYTOKEN_TABLE 0
-#endif
-
-#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
-typedef union YYSTYPE
-#line 86 "ftpcmd.y"
-{
-	int	i;
-	char   *s;
-}
-/* Line 193 of yacc.c.  */
-#line 312 "ftpcmd.c"
-	YYSTYPE;
-# define yystype YYSTYPE /* obsolescent; will be withdrawn */
-# define YYSTYPE_IS_DECLARED 1
-# define YYSTYPE_IS_TRIVIAL 1
-#endif
-
-
-
-/* Copy the second part of user declarations.  */
-
-
-/* Line 216 of yacc.c.  */
-#line 325 "ftpcmd.c"
-
-#ifdef short
-# undef short
-#endif
-
-#ifdef YYTYPE_UINT8
-typedef YYTYPE_UINT8 yytype_uint8;
-#else
-typedef unsigned char yytype_uint8;
-#endif
-
-#ifdef YYTYPE_INT8
-typedef YYTYPE_INT8 yytype_int8;
-#elif (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-typedef signed char yytype_int8;
-#else
-typedef short int yytype_int8;
-#endif
-
-#ifdef YYTYPE_UINT16
-typedef YYTYPE_UINT16 yytype_uint16;
-#else
-typedef unsigned short int yytype_uint16;
-#endif
-
-#ifdef YYTYPE_INT16
-typedef YYTYPE_INT16 yytype_int16;
-#else
-typedef short int yytype_int16;
-#endif
-
-#ifndef YYSIZE_T
-# ifdef __SIZE_TYPE__
-#  define YYSIZE_T __SIZE_TYPE__
-# elif defined size_t
-#  define YYSIZE_T size_t
-# elif ! defined YYSIZE_T && (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-#  include <stddef.h> /* INFRINGES ON USER NAME SPACE */
-#  define YYSIZE_T size_t
-# else
-#  define YYSIZE_T unsigned int
-# endif
-#endif
-
-#define YYSIZE_MAXIMUM ((YYSIZE_T) -1)
-
-#ifndef YY_
-# if defined YYENABLE_NLS && YYENABLE_NLS
-#  if ENABLE_NLS
-#   include <libintl.h> /* INFRINGES ON USER NAME SPACE */
-#   define YY_(msgid) dgettext ("bison-runtime", msgid)
-#  endif
-# endif
-# ifndef YY_
-#  define YY_(msgid) msgid
-# endif
-#endif
-
-/* Suppress unused-variable warnings by "using" E.  */
-#if ! defined lint || defined __GNUC__
-# define YYUSE(e) ((void) (e))
-#else
-# define YYUSE(e) /* empty */
-#endif
-
-/* Identity function, used to suppress warnings about constant conditions.  */
-#ifndef lint
-# define YYID(n) (n)
-#else
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static int
-YYID (int i)
-#else
-static int
-YYID (i)
-    int i;
-#endif
-{
-  return i;
-}
-#endif
-
-#if ! defined yyoverflow || YYERROR_VERBOSE
-
-/* The parser invokes alloca or malloc; define the necessary symbols.  */
-
-# ifdef YYSTACK_USE_ALLOCA
-#  if YYSTACK_USE_ALLOCA
-#   ifdef __GNUC__
-#    define YYSTACK_ALLOC __builtin_alloca
-#   elif defined __BUILTIN_VA_ARG_INCR
-#    include <alloca.h> /* INFRINGES ON USER NAME SPACE */
-#   elif defined _AIX
-#    define YYSTACK_ALLOC __alloca
-#   elif defined _MSC_VER
-#    include <malloc.h> /* INFRINGES ON USER NAME SPACE */
-#    define alloca _alloca
-#   else
-#    define YYSTACK_ALLOC alloca
-#    if ! defined _ALLOCA_H && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-#     include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
-#     ifndef _STDLIB_H
-#      define _STDLIB_H 1
-#     endif
-#    endif
-#   endif
-#  endif
-# endif
-
-# ifdef YYSTACK_ALLOC
-   /* Pacify GCC's `empty if-body' warning.  */
-#  define YYSTACK_FREE(Ptr) do { /* empty */; } while (YYID (0))
-#  ifndef YYSTACK_ALLOC_MAXIMUM
-    /* The OS might guarantee only one guard page at the bottom of the stack,
-       and a page size can be as small as 4096 bytes.  So we cannot safely
-       invoke alloca (N) if N exceeds 4096.  Use a slightly smaller number
-       to allow for a few compiler-allocated temporary stack slots.  */
-#   define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2006 */
-#  endif
-# else
-#  define YYSTACK_ALLOC YYMALLOC
-#  define YYSTACK_FREE YYFREE
-#  ifndef YYSTACK_ALLOC_MAXIMUM
-#   define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM
-#  endif
-#  if (defined __cplusplus && ! defined _STDLIB_H \
-       && ! ((defined YYMALLOC || defined malloc) \
-	     && (defined YYFREE || defined free)))
-#   include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
-#   ifndef _STDLIB_H
-#    define _STDLIB_H 1
-#   endif
-#  endif
-#  ifndef YYMALLOC
-#   define YYMALLOC malloc
-#   if ! defined malloc && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */
-#   endif
-#  endif
-#  ifndef YYFREE
-#   define YYFREE free
-#   if ! defined free && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-void free (void *); /* INFRINGES ON USER NAME SPACE */
-#   endif
-#  endif
-# endif
-#endif /* ! defined yyoverflow || YYERROR_VERBOSE */
-
-
-#if (! defined yyoverflow \
-     && (! defined __cplusplus \
-	 || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL)))
-
-/* A type that is properly aligned for any stack member.  */
-union yyalloc
-{
-  yytype_int16 yyss;
-  YYSTYPE yyvs;
-  };
-
-/* The size of the maximum gap between one aligned stack and the next.  */
-# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1)
-
-/* The size of an array large to enough to hold all stacks, each with
-   N elements.  */
-# define YYSTACK_BYTES(N) \
-     ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \
-      + YYSTACK_GAP_MAXIMUM)
-
-/* Copy COUNT objects from FROM to TO.  The source and destination do
-   not overlap.  */
-# ifndef YYCOPY
-#  if defined __GNUC__ && 1 < __GNUC__
-#   define YYCOPY(To, From, Count) \
-      __builtin_memcpy (To, From, (Count) * sizeof (*(From)))
-#  else
-#   define YYCOPY(To, From, Count)		\
-      do					\
-	{					\
-	  YYSIZE_T yyi;				\
-	  for (yyi = 0; yyi < (Count); yyi++)	\
-	    (To)[yyi] = (From)[yyi];		\
-	}					\
-      while (YYID (0))
-#  endif
-# endif
-
-/* Relocate STACK from its old location to the new one.  The
-   local variables YYSIZE and YYSTACKSIZE give the old and new number of
-   elements in the stack, and YYPTR gives the new location of the
-   stack.  Advance YYPTR to a properly aligned location for the next
-   stack.  */
-# define YYSTACK_RELOCATE(Stack)					\
-    do									\
-      {									\
-	YYSIZE_T yynewbytes;						\
-	YYCOPY (&yyptr->Stack, Stack, yysize);				\
-	Stack = &yyptr->Stack;						\
-	yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \
-	yyptr += yynewbytes / sizeof (*yyptr);				\
-      }									\
-    while (YYID (0))
-
-#endif
-
-/* YYFINAL -- State number of the termination state.  */
-#define YYFINAL  2
-/* YYLAST -- Last index in YYTABLE.  */
-#define YYLAST   327
-
-/* YYNTOKENS -- Number of terminals.  */
-#define YYNTOKENS  85
-/* YYNNTS -- Number of nonterminals.  */
-#define YYNNTS  18
-/* YYNRULES -- Number of rules.  */
-#define YYNRULES  98
-/* YYNRULES -- Number of states.  */
-#define YYNSTATES  317
-
-/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX.  */
-#define YYUNDEFTOK  2
-#define YYMAXUTOK   339
-
-#define YYTRANSLATE(YYX)						\
-  ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK)
-
-/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX.  */
-static const yytype_uint8 yytranslate[] =
-{
-       0,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     1,     2,     3,     4,
-       5,     6,     7,     8,     9,    10,    11,    12,    13,    14,
-      15,    16,    17,    18,    19,    20,    21,    22,    23,    24,
-      25,    26,    27,    28,    29,    30,    31,    32,    33,    34,
-      35,    36,    37,    38,    39,    40,    41,    42,    43,    44,
-      45,    46,    47,    48,    49,    50,    51,    52,    53,    54,
-      55,    56,    57,    58,    59,    60,    61,    62,    63,    64,
-      65,    66,    67,    68,    69,    70,    71,    72,    73,    74,
-      75,    76,    77,    78,    79,    80,    81,    82,    83,    84
-};
-
-#if YYDEBUG
-/* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in
-   YYRHS.  */
-static const yytype_uint16 yyprhs[] =
-{
-       0,     0,     3,     4,     7,    10,    16,    22,    28,    34,
-      38,    42,    48,    54,    60,    66,    72,    82,    88,    94,
-     100,   104,   110,   114,   120,   126,   130,   136,   142,   146,
-     150,   156,   160,   166,   170,   176,   182,   186,   190,   194,
-     200,   206,   214,   220,   228,   238,   244,   252,   260,   266,
-     272,   280,   286,   294,   302,   308,   314,   318,   324,   330,
-     334,   337,   343,   349,   354,   359,   365,   371,   375,   380,
-     385,   390,   392,   393,   395,   397,   409,   411,   413,   415,
-     417,   421,   423,   427,   429,   431,   435,   438,   440,   442,
-     444,   446,   448,   450,   452,   454,   456,   458,   460
-};
-
-/* YYRHS -- A `-1'-separated list of the rules' RHS.  */
-static const yytype_int8 yyrhs[] =
-{
-      86,     0,    -1,    -1,    86,    87,    -1,    86,    88,    -1,
-      18,    15,    89,    16,   102,    -1,    19,    15,    90,    16,
-     102,    -1,    23,    15,    92,    16,   102,    -1,    60,    15,
-      83,    16,   102,    -1,    24,    16,   101,    -1,    61,    16,
-     101,    -1,    61,    15,    83,    16,   101,    -1,    25,    15,
-      94,    16,   102,    -1,    26,    15,    95,    16,   102,    -1,
-      27,    15,    96,    16,   102,    -1,    38,    15,    84,    16,
-     102,    -1,    38,    15,    84,    15,    12,    15,    84,    16,
-     102,    -1,    28,    15,    97,    16,   101,    -1,    29,    15,
-      97,    16,   101,    -1,    30,    15,    97,    16,   101,    -1,
-      46,    16,   101,    -1,    46,    15,    83,    16,   101,    -1,
-      45,    16,   101,    -1,    45,    15,    97,    16,   101,    -1,
-      48,    15,    97,    16,   101,    -1,    48,    16,   102,    -1,
-      43,    15,    97,    16,   100,    -1,    41,    15,    97,    16,
-     100,    -1,    42,    16,   102,    -1,    44,    16,   101,    -1,
-      44,    15,    97,    16,   101,    -1,    49,    16,   102,    -1,
-      49,    15,    83,    16,   102,    -1,    50,    16,   102,    -1,
-      51,    15,    97,    16,   101,    -1,    52,    15,    97,    16,
-     100,    -1,    53,    16,   101,    -1,    54,    16,   101,    -1,
-      80,    16,   102,    -1,    81,    15,    83,    16,   102,    -1,
-      47,    15,    49,    16,   102,    -1,    47,    15,    49,    15,
-      83,    16,   102,    -1,    47,    15,    62,    16,   101,    -1,
-      47,    15,    62,    15,    99,    16,   100,    -1,    47,    15,
-      64,    15,    99,    15,    97,    16,   100,    -1,    47,    15,
-      63,    16,   102,    -1,    47,    15,    63,    15,    84,    16,
-     102,    -1,    47,    15,    73,    15,    83,    16,   101,    -1,
-      47,    15,    74,    16,   101,    -1,    47,    15,    75,    16,
-     101,    -1,    47,    15,    76,    15,    83,    16,   101,    -1,
-      47,    15,    77,    16,   101,    -1,    47,    15,    77,    15,
-      83,    16,   101,    -1,    47,    15,    78,    15,    83,    16,
-     101,    -1,    47,    15,    79,    16,   102,    -1,    55,    15,
-      97,    16,   101,    -1,    57,    16,   102,    -1,    58,    15,
-      97,    16,   101,    -1,    59,    15,    97,    16,   101,    -1,
-      22,    16,   102,    -1,     1,    16,    -1,    40,    15,    97,
-      16,   100,    -1,    39,    15,    91,    16,   102,    -1,    65,
-      15,    83,    16,    -1,    66,    15,    83,    16,    -1,    68,
-      15,    84,    16,   102,    -1,    67,    15,    83,    16,   102,
-      -1,    69,    16,   102,    -1,    70,    15,    83,    16,    -1,
-      71,    15,    83,    16,    -1,    72,    15,    83,    16,    -1,
-      83,    -1,    -1,    83,    -1,    84,    -1,    84,    17,    84,
-      17,    84,    17,    84,    17,    84,    17,    84,    -1,    10,
-      -1,    14,    -1,     5,    -1,     3,    -1,     3,    15,    93,
-      -1,     6,    -1,     6,    15,    93,    -1,     8,    -1,     9,
-      -1,     9,    15,    91,    -1,     9,    91,    -1,     7,    -1,
-      12,    -1,    11,    -1,    13,    -1,     4,    -1,     5,    -1,
-      98,    -1,    83,    -1,    84,    -1,   101,    -1,   102,    -1,
-      -1
-};
-
-/* YYRLINE[YYN] -- source line where rule number YYN was defined.  */
-static const yytype_uint16 yyrline[] =
-{
-       0,   129,   129,   131,   136,   140,   146,   153,   164,   170,
-     175,   180,   186,   223,   237,   251,   257,   263,   272,   281,
-     290,   295,   304,   309,   315,   322,   327,   334,   348,   353,
-     358,   365,   370,   387,   392,   399,   406,   411,   416,   426,
-     433,   438,   443,   451,   464,   478,   485,   502,   525,   530,
-     539,   552,   563,   576,   583,   588,   595,   613,   630,   658,
-     665,   671,   681,   691,   696,   701,   706,   711,   716,   721,
-     726,   734,   739,   742,   746,   750,   763,   767,   771,   778,
-     783,   788,   793,   798,   802,   807,   813,   821,   825,   829,
-     836,   840,   844,   851,   879,   883,   909,   917,   928
-};
-#endif
-
-#if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE
-/* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM.
-   First, the terminals, then, starting at YYNTOKENS, nonterminals.  */
-static const char *const yytname[] =
-{
-  "$end", "error", "$undefined", "A", "B", "C", "E", "F", "I", "L", "N",
-  "P", "R", "S", "T", "SP", "CRLF", "COMMA", "USER", "PASS", "ACCT",
-  "REIN", "QUIT", "PORT", "PASV", "TYPE", "STRU", "MODE", "RETR", "STOR",
-  "APPE", "MLFL", "MAIL", "MSND", "MSOM", "MSAM", "MRSQ", "MRCP", "ALLO",
-  "REST", "RNFR", "RNTO", "ABOR", "DELE", "CWD", "LIST", "NLST", "SITE",
-  "sTAT", "HELP", "NOOP", "MKD", "RMD", "PWD", "CDUP", "STOU", "SMNT",
-  "SYST", "SIZE", "MDTM", "EPRT", "EPSV", "UMASK", "IDLE", "CHMOD", "AUTH",
-  "ADAT", "PROT", "PBSZ", "CCC", "MIC", "CONF", "ENC", "KAUTH", "KLIST",
-  "KDESTROY", "KRBTKFILE", "AFSLOG", "LOCATE", "URL", "FEAT", "OPTS",
-  "LEXERR", "STRING", "NUMBER", "$accept", "cmd_list", "cmd", "rcmd",
-  "username", "password", "byte_size", "host_port", "form_code",
-  "type_code", "struct_code", "mode_code", "pathname", "pathstring",
-  "octal_number", "check_login_no_guest", "check_login", "check_secure", 0
-};
-#endif
-
-# ifdef YYPRINT
-/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to
-   token YYLEX-NUM.  */
-static const yytype_uint16 yytoknum[] =
-{
-       0,   256,   257,   258,   259,   260,   261,   262,   263,   264,
-     265,   266,   267,   268,   269,   270,   271,   272,   273,   274,
-     275,   276,   277,   278,   279,   280,   281,   282,   283,   284,
-     285,   286,   287,   288,   289,   290,   291,   292,   293,   294,
-     295,   296,   297,   298,   299,   300,   301,   302,   303,   304,
-     305,   306,   307,   308,   309,   310,   311,   312,   313,   314,
-     315,   316,   317,   318,   319,   320,   321,   322,   323,   324,
-     325,   326,   327,   328,   329,   330,   331,   332,   333,   334,
-     335,   336,   337,   338,   339
-};
-# endif
-
-/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives.  */
-static const yytype_uint8 yyr1[] =
-{
-       0,    85,    86,    86,    86,    87,    87,    87,    87,    87,
-      87,    87,    87,    87,    87,    87,    87,    87,    87,    87,
-      87,    87,    87,    87,    87,    87,    87,    87,    87,    87,
-      87,    87,    87,    87,    87,    87,    87,    87,    87,    87,
-      87,    87,    87,    87,    87,    87,    87,    87,    87,    87,
-      87,    87,    87,    87,    87,    87,    87,    87,    87,    87,
-      87,    88,    88,    88,    88,    88,    88,    88,    88,    88,
-      88,    89,    90,    90,    91,    92,    93,    93,    93,    94,
-      94,    94,    94,    94,    94,    94,    94,    95,    95,    95,
-      96,    96,    96,    97,    98,    99,   100,   101,   102
-};
-
-/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN.  */
-static const yytype_uint8 yyr2[] =
-{
-       0,     2,     0,     2,     2,     5,     5,     5,     5,     3,
-       3,     5,     5,     5,     5,     5,     9,     5,     5,     5,
-       3,     5,     3,     5,     5,     3,     5,     5,     3,     3,
-       5,     3,     5,     3,     5,     5,     3,     3,     3,     5,
-       5,     7,     5,     7,     9,     5,     7,     7,     5,     5,
-       7,     5,     7,     7,     5,     5,     3,     5,     5,     3,
-       2,     5,     5,     4,     4,     5,     5,     3,     4,     4,
-       4,     1,     0,     1,     1,    11,     1,     1,     1,     1,
-       3,     1,     3,     1,     1,     3,     2,     1,     1,     1,
-       1,     1,     1,     1,     1,     1,     1,     1,     0
-};
-
-/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state
-   STATE-NUM when YYTABLE doesn't specify something else to do.  Zero
-   means the default is an error.  */
-static const yytype_uint8 yydefact[] =
-{
-       2,     0,     1,     0,     0,     0,     0,     0,     0,     0,
-       0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
-       0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
-       0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
-       0,     0,     0,     0,     0,     0,     0,     0,     3,     4,
-      60,     0,    72,    98,     0,    98,     0,     0,     0,     0,
-       0,     0,     0,     0,     0,     0,    98,     0,     0,    98,
-       0,    98,     0,    98,     0,     0,    98,     0,    98,    98,
-       0,     0,    98,    98,     0,    98,     0,     0,     0,     0,
-      98,     0,     0,     0,     0,    98,     0,     0,     0,    98,
-       0,    71,     0,    73,     0,    59,     0,     0,     9,    97,
-      79,    81,    83,    84,     0,    87,    89,    88,     0,    91,
-      92,    90,     0,    94,     0,    93,     0,     0,     0,    74,
-       0,     0,     0,    28,     0,     0,    29,     0,    22,     0,
-      20,     0,     0,     0,     0,     0,     0,     0,     0,     0,
-       0,     0,     0,    25,     0,    31,    33,     0,     0,    36,
-      37,     0,    56,     0,     0,     0,     0,    10,     0,     0,
-       0,     0,    67,     0,     0,     0,    38,     0,    98,    98,
-       0,    98,     0,     0,     0,    86,    98,    98,    98,    98,
-      98,    98,     0,    98,    98,    98,    98,    98,    98,    98,
-      98,     0,    98,     0,    98,     0,    98,     0,     0,    98,
-      98,     0,     0,    98,     0,    98,    98,    98,    98,    98,
-      98,    98,    98,    98,    98,    63,    64,    98,    98,    68,
-      69,    70,    98,     5,     6,     0,     7,    78,    76,    77,
-      80,    82,    85,    12,    13,    14,    17,    18,    19,     0,
-      15,    62,    61,    96,    27,    26,    30,    23,    21,     0,
-      40,    95,     0,    42,     0,    45,     0,     0,    48,    49,
-       0,     0,    51,     0,    54,    24,    32,    34,    35,    55,
-      57,    58,     8,    11,    66,    65,    39,     0,     0,    98,
-      98,    98,     0,    98,    98,    98,    98,     0,     0,    41,
-      43,    46,     0,    47,    50,    52,    53,     0,    98,    98,
-       0,    16,    44,     0,     0,     0,    75
-};
-
-/* YYDEFGOTO[NTERM-NUM].  */
-static const yytype_int16 yydefgoto[] =
-{
-      -1,     1,    48,    49,   102,   104,   130,   107,   240,   114,
-     118,   122,   124,   125,   262,   252,   253,   109
-};
-
-/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing
-   STATE-NUM.  */
-#define YYPACT_NINF -196
-static const yytype_int16 yypact[] =
-{
-    -196,   246,  -196,     3,    13,    20,    11,    24,    21,    26,
-      30,    45,    66,    67,    68,    69,    70,    71,    72,    76,
-      73,    -7,    -5,    15,    78,    28,    32,    80,    79,    82,
-      83,    91,    93,    94,    96,    97,    98,    38,   100,   101,
-     102,   103,   104,   106,   107,   108,   111,   109,  -196,  -196,
-    -196,   -66,    36,  -196,    14,  -196,    12,    22,     1,    46,
-      46,    46,    25,    48,    46,    46,  -196,    46,    46,  -196,
-      46,  -196,    53,  -196,    27,    46,  -196,    55,  -196,  -196,
-      46,    46,  -196,  -196,    46,  -196,    46,    46,    56,    59,
-    -196,    60,    61,    62,    63,  -196,    65,    77,    85,  -196,
-      86,  -196,   114,  -196,   115,  -196,   120,   130,  -196,  -196,
-     135,   136,  -196,   -11,   138,  -196,  -196,  -196,   139,  -196,
-    -196,  -196,   143,  -196,   145,  -196,   147,   156,    47,  -196,
-     157,   162,   165,  -196,   166,   168,  -196,   170,  -196,   174,
-    -196,    49,    52,    54,   137,   177,   178,   179,   181,    64,
-     182,   183,   184,  -196,   185,  -196,  -196,   186,   187,  -196,
-    -196,   188,  -196,   189,   190,   191,   192,  -196,   193,   194,
-     195,   196,  -196,   197,   198,   199,  -196,   200,  -196,  -196,
-     133,  -196,     2,     2,    48,  -196,  -196,  -196,  -196,  -196,
-    -196,  -196,   206,  -196,  -196,  -196,  -196,  -196,  -196,  -196,
-    -196,   110,  -196,   140,  -196,   141,  -196,   140,   144,  -196,
-    -196,   146,   148,  -196,   149,  -196,  -196,  -196,  -196,  -196,
-    -196,  -196,  -196,  -196,  -196,  -196,  -196,  -196,  -196,  -196,
-    -196,  -196,  -196,  -196,  -196,   202,  -196,  -196,  -196,  -196,
-    -196,  -196,  -196,  -196,  -196,  -196,  -196,  -196,  -196,   205,
-    -196,  -196,  -196,  -196,  -196,  -196,  -196,  -196,  -196,   207,
-    -196,  -196,   210,  -196,   212,  -196,   215,   217,  -196,  -196,
-     218,   219,  -196,   221,  -196,  -196,  -196,  -196,  -196,  -196,
-    -196,  -196,  -196,  -196,  -196,  -196,  -196,   155,   158,  -196,
-    -196,  -196,    46,  -196,  -196,  -196,  -196,   204,   224,  -196,
-    -196,  -196,   225,  -196,  -196,  -196,  -196,   159,  -196,  -196,
-     227,  -196,  -196,   161,   231,   167,  -196
-};
-
-/* YYPGOTO[NTERM-NUM].  */
-static const yytype_int16 yypgoto[] =
-{
-    -196,  -196,  -196,  -196,  -196,  -196,  -110,  -196,    39,  -196,
-    -196,  -196,    -9,  -196,    42,  -195,   -33,   -53
-};
-
-/* YYTABLE[YYPACT[STATE-NUM]].  What to do in state STATE-NUM.  If
-   positive, shift that token.  If negative, reduce the rule which
-   number is the opposite.  If zero, do what YYDEFACT says.
-   If YYTABLE_NINF, syntax error.  */
-#define YYTABLE_NINF -1
-static const yytype_uint16 yytable[] =
-{
-     105,   254,   255,   185,   184,   119,   120,   237,    68,    69,
-      70,    71,   238,   133,   121,   110,   239,   101,   111,    50,
-     112,   113,   108,   153,   278,   155,   156,    53,    51,   115,
-      72,    73,   162,   116,   117,    52,   136,    55,   138,    54,
-     140,    56,   172,    75,    76,    57,   176,    77,    78,   159,
-     160,   126,   127,    89,    90,   131,   132,   167,   134,   135,
-      58,   137,   192,   193,   201,   202,   152,   203,   204,   205,
-     206,   157,   158,   129,   242,   161,   141,   163,   164,   212,
-     213,    59,    60,    61,    62,    63,    64,    65,    67,   142,
-     143,   144,    66,    74,    80,   300,    79,    81,   106,    82,
-     145,   146,   147,   148,   149,   150,   151,    83,    84,   128,
-      85,    86,    87,    88,   312,    91,    92,    93,    94,   103,
-      95,    96,    97,    98,   100,   233,   234,    99,   236,   123,
-     178,   179,   129,   243,   244,   245,   139,   180,   154,   165,
-     250,   251,   166,   168,   169,   170,   181,   171,   173,   260,
-     182,   183,   207,   265,   186,   187,   246,   247,   248,   188,
-     174,   189,   274,   190,   276,   256,   257,   258,   175,   177,
-     282,   263,   191,   194,   284,   285,   268,   269,   195,   286,
-     272,   196,   197,   275,   198,   277,   199,   279,   280,   281,
-     200,   283,   208,   259,   209,   210,   211,   214,     0,   215,
-     216,   217,   218,   219,   220,   221,   222,   223,   224,   225,
-     226,   227,   228,   229,   230,   231,   232,   235,   249,   287,
-     288,   307,   241,   289,   261,   264,   290,   267,   291,   270,
-     292,   271,   273,   293,   294,   295,   299,   296,   301,   297,
-     308,   309,   298,   310,   313,   314,     2,     3,   315,   266,
-       0,   316,     0,     0,     0,   311,     0,     0,     0,     0,
-     303,   304,   305,   306,     4,     5,     0,     0,     6,     7,
-       8,     9,    10,    11,    12,    13,    14,     0,     0,     0,
-       0,     0,     0,   302,    15,    16,    17,    18,    19,    20,
-      21,    22,    23,    24,    25,    26,    27,    28,    29,    30,
-      31,    32,     0,    33,    34,    35,    36,    37,     0,     0,
-       0,    38,    39,    40,    41,    42,    43,    44,    45,     0,
-       0,     0,     0,     0,     0,     0,    46,    47
-};
-
-static const yytype_int16 yycheck[] =
-{
-      53,   196,   197,   113,    15,     4,     5,     5,    15,    16,
-      15,    16,    10,    66,    13,     3,    14,    83,     6,    16,
-       8,     9,    55,    76,   219,    78,    79,    16,    15,     7,
-      15,    16,    85,    11,    12,    15,    69,    16,    71,    15,
-      73,    15,    95,    15,    16,    15,    99,    15,    16,    82,
-      83,    60,    61,    15,    16,    64,    65,    90,    67,    68,
-      15,    70,    15,    16,    15,    16,    75,    15,    16,    15,
-      16,    80,    81,    84,   184,    84,    49,    86,    87,    15,
-      16,    15,    15,    15,    15,    15,    15,    15,    15,    62,
-      63,    64,    16,    15,    15,   290,    16,    15,    84,    16,
-      73,    74,    75,    76,    77,    78,    79,    16,    15,    84,
-      16,    15,    15,    15,   309,    15,    15,    15,    15,    83,
-      16,    15,    15,    15,    15,   178,   179,    16,   181,    83,
-      16,    16,    84,   186,   187,   188,    83,    17,    83,    83,
-     193,   194,    83,    83,    83,    83,    16,    84,    83,   202,
-      15,    15,    15,   206,    16,    16,   189,   190,   191,    16,
-      83,    16,   215,    16,   217,   198,   199,   200,    83,    83,
-     223,   204,    16,    16,   227,   228,   209,   210,    16,   232,
-     213,    16,    16,   216,    16,   218,    16,   220,   221,   222,
-      16,   224,    15,    83,    16,    16,    15,    15,    -1,    16,
-      16,    16,    16,    16,    16,    16,    16,    16,    16,    16,
-      16,    16,    16,    16,    16,    16,    16,    84,    12,    17,
-      15,    17,   183,    16,    84,    84,    16,    83,    16,    83,
-      15,    83,    83,    16,    16,    16,   289,    16,   291,    84,
-      16,    16,    84,    84,    17,    84,     0,     1,    17,   207,
-      -1,    84,    -1,    -1,    -1,   308,    -1,    -1,    -1,    -1,
-     293,   294,   295,   296,    18,    19,    -1,    -1,    22,    23,
-      24,    25,    26,    27,    28,    29,    30,    -1,    -1,    -1,
-      -1,    -1,    -1,   292,    38,    39,    40,    41,    42,    43,
-      44,    45,    46,    47,    48,    49,    50,    51,    52,    53,
-      54,    55,    -1,    57,    58,    59,    60,    61,    -1,    -1,
-      -1,    65,    66,    67,    68,    69,    70,    71,    72,    -1,
-      -1,    -1,    -1,    -1,    -1,    -1,    80,    81
-};
-
-/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
-   symbol of state STATE-NUM.  */
-static const yytype_uint8 yystos[] =
-{
-       0,    86,     0,     1,    18,    19,    22,    23,    24,    25,
-      26,    27,    28,    29,    30,    38,    39,    40,    41,    42,
-      43,    44,    45,    46,    47,    48,    49,    50,    51,    52,
-      53,    54,    55,    57,    58,    59,    60,    61,    65,    66,
-      67,    68,    69,    70,    71,    72,    80,    81,    87,    88,
-      16,    15,    15,    16,    15,    16,    15,    15,    15,    15,
-      15,    15,    15,    15,    15,    15,    16,    15,    15,    16,
-      15,    16,    15,    16,    15,    15,    16,    15,    16,    16,
-      15,    15,    16,    16,    15,    16,    15,    15,    15,    15,
-      16,    15,    15,    15,    15,    16,    15,    15,    15,    16,
-      15,    83,    89,    83,    90,   102,    84,    92,   101,   102,
-       3,     6,     8,     9,    94,     7,    11,    12,    95,     4,
-       5,    13,    96,    83,    97,    98,    97,    97,    84,    84,
-      91,    97,    97,   102,    97,    97,   101,    97,   101,    83,
-     101,    49,    62,    63,    64,    73,    74,    75,    76,    77,
-      78,    79,    97,   102,    83,   102,   102,    97,    97,   101,
-     101,    97,   102,    97,    97,    83,    83,   101,    83,    83,
-      83,    84,   102,    83,    83,    83,   102,    83,    16,    16,
-      17,    16,    15,    15,    15,    91,    16,    16,    16,    16,
-      16,    16,    15,    16,    16,    16,    16,    16,    16,    16,
-      16,    15,    16,    15,    16,    15,    16,    15,    15,    16,
-      16,    15,    15,    16,    15,    16,    16,    16,    16,    16,
-      16,    16,    16,    16,    16,    16,    16,    16,    16,    16,
-      16,    16,    16,   102,   102,    84,   102,     5,    10,    14,
-      93,    93,    91,   102,   102,   102,   101,   101,   101,    12,
-     102,   102,   100,   101,   100,   100,   101,   101,   101,    83,
-     102,    84,    99,   101,    84,   102,    99,    83,   101,   101,
-      83,    83,   101,    83,   102,   101,   102,   101,   100,   101,
-     101,   101,   102,   101,   102,   102,   102,    17,    15,    16,
-      16,    16,    15,    16,    16,    16,    16,    84,    84,   102,
-     100,   102,    97,   101,   101,   101,   101,    17,    16,    16,
-      84,   102,   100,    17,    84,    17,    84
-};
-
-#define yyerrok		(yyerrstatus = 0)
-#define yyclearin	(yychar = YYEMPTY)
-#define YYEMPTY		(-2)
-#define YYEOF		0
-
-#define YYACCEPT	goto yyacceptlab
-#define YYABORT		goto yyabortlab
-#define YYERROR		goto yyerrorlab
-
-
-/* Like YYERROR except do call yyerror.  This remains here temporarily
-   to ease the transition to the new meaning of YYERROR, for GCC.
-   Once GCC version 2 has supplanted version 1, this can go.  */
-
-#define YYFAIL		goto yyerrlab
-
-#define YYRECOVERING()  (!!yyerrstatus)
-
-#define YYBACKUP(Token, Value)					\
-do								\
-  if (yychar == YYEMPTY && yylen == 1)				\
-    {								\
-      yychar = (Token);						\
-      yylval = (Value);						\
-      yytoken = YYTRANSLATE (yychar);				\
-      YYPOPSTACK (1);						\
-      goto yybackup;						\
-    }								\
-  else								\
-    {								\
-      yyerror (YY_("syntax error: cannot back up")); \
-      YYERROR;							\
-    }								\
-while (YYID (0))
-
-
-#define YYTERROR	1
-#define YYERRCODE	256
-
-
-/* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N].
-   If N is 0, then set CURRENT to the empty location which ends
-   the previous symbol: RHS[0] (always defined).  */
-
-#define YYRHSLOC(Rhs, K) ((Rhs)[K])
-#ifndef YYLLOC_DEFAULT
-# define YYLLOC_DEFAULT(Current, Rhs, N)				\
-    do									\
-      if (YYID (N))                                                    \
-	{								\
-	  (Current).first_line   = YYRHSLOC (Rhs, 1).first_line;	\
-	  (Current).first_column = YYRHSLOC (Rhs, 1).first_column;	\
-	  (Current).last_line    = YYRHSLOC (Rhs, N).last_line;		\
-	  (Current).last_column  = YYRHSLOC (Rhs, N).last_column;	\
-	}								\
-      else								\
-	{								\
-	  (Current).first_line   = (Current).last_line   =		\
-	    YYRHSLOC (Rhs, 0).last_line;				\
-	  (Current).first_column = (Current).last_column =		\
-	    YYRHSLOC (Rhs, 0).last_column;				\
-	}								\
-    while (YYID (0))
-#endif
-
-
-/* YY_LOCATION_PRINT -- Print the location on the stream.
-   This macro was not mandated originally: define only if we know
-   we won't break user code: when these are the locations we know.  */
-
-#ifndef YY_LOCATION_PRINT
-# if defined YYLTYPE_IS_TRIVIAL && YYLTYPE_IS_TRIVIAL
-#  define YY_LOCATION_PRINT(File, Loc)			\
-     fprintf (File, "%d.%d-%d.%d",			\
-	      (Loc).first_line, (Loc).first_column,	\
-	      (Loc).last_line,  (Loc).last_column)
-# else
-#  define YY_LOCATION_PRINT(File, Loc) ((void) 0)
-# endif
-#endif
-
-
-/* YYLEX -- calling `yylex' with the right arguments.  */
-
-#ifdef YYLEX_PARAM
-# define YYLEX yylex (YYLEX_PARAM)
-#else
-# define YYLEX yylex ()
-#endif
-
-/* Enable debugging if requested.  */
-#if YYDEBUG
-
-# ifndef YYFPRINTF
-#  include <stdio.h> /* INFRINGES ON USER NAME SPACE */
-#  define YYFPRINTF fprintf
-# endif
-
-# define YYDPRINTF(Args)			\
-do {						\
-  if (yydebug)					\
-    YYFPRINTF Args;				\
-} while (YYID (0))
-
-# define YY_SYMBOL_PRINT(Title, Type, Value, Location)			  \
-do {									  \
-  if (yydebug)								  \
-    {									  \
-      YYFPRINTF (stderr, "%s ", Title);					  \
-      yy_symbol_print (stderr,						  \
-		  Type, Value); \
-      YYFPRINTF (stderr, "\n");						  \
-    }									  \
-} while (YYID (0))
-
-
-/*--------------------------------.
-| Print this symbol on YYOUTPUT.  |
-`--------------------------------*/
-
-/*ARGSUSED*/
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yy_symbol_value_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
-#else
-static void
-yy_symbol_value_print (yyoutput, yytype, yyvaluep)
-    FILE *yyoutput;
-    int yytype;
-    YYSTYPE const * const yyvaluep;
-#endif
-{
-  if (!yyvaluep)
-    return;
-# ifdef YYPRINT
-  if (yytype < YYNTOKENS)
-    YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep);
-# else
-  YYUSE (yyoutput);
-# endif
-  switch (yytype)
-    {
-      default:
-	break;
-    }
-}
-
-
-/*--------------------------------.
-| Print this symbol on YYOUTPUT.  |
-`--------------------------------*/
-
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yy_symbol_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
-#else
-static void
-yy_symbol_print (yyoutput, yytype, yyvaluep)
-    FILE *yyoutput;
-    int yytype;
-    YYSTYPE const * const yyvaluep;
-#endif
-{
-  if (yytype < YYNTOKENS)
-    YYFPRINTF (yyoutput, "token %s (", yytname[yytype]);
-  else
-    YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]);
-
-  yy_symbol_value_print (yyoutput, yytype, yyvaluep);
-  YYFPRINTF (yyoutput, ")");
-}
-
-/*------------------------------------------------------------------.
-| yy_stack_print -- Print the state stack from its BOTTOM up to its |
-| TOP (included).                                                   |
-`------------------------------------------------------------------*/
-
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yy_stack_print (yytype_int16 *bottom, yytype_int16 *top)
-#else
-static void
-yy_stack_print (bottom, top)
-    yytype_int16 *bottom;
-    yytype_int16 *top;
-#endif
-{
-  YYFPRINTF (stderr, "Stack now");
-  for (; bottom <= top; ++bottom)
-    YYFPRINTF (stderr, " %d", *bottom);
-  YYFPRINTF (stderr, "\n");
-}
-
-# define YY_STACK_PRINT(Bottom, Top)				\
-do {								\
-  if (yydebug)							\
-    yy_stack_print ((Bottom), (Top));				\
-} while (YYID (0))
-
-
-/*------------------------------------------------.
-| Report that the YYRULE is going to be reduced.  |
-`------------------------------------------------*/
-
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yy_reduce_print (YYSTYPE *yyvsp, int yyrule)
-#else
-static void
-yy_reduce_print (yyvsp, yyrule)
-    YYSTYPE *yyvsp;
-    int yyrule;
-#endif
-{
-  int yynrhs = yyr2[yyrule];
-  int yyi;
-  unsigned long int yylno = yyrline[yyrule];
-  YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n",
-	     yyrule - 1, yylno);
-  /* The symbols being reduced.  */
-  for (yyi = 0; yyi < yynrhs; yyi++)
-    {
-      fprintf (stderr, "   $%d = ", yyi + 1);
-      yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi],
-		       &(yyvsp[(yyi + 1) - (yynrhs)])
-		       		       );
-      fprintf (stderr, "\n");
-    }
-}
-
-# define YY_REDUCE_PRINT(Rule)		\
-do {					\
-  if (yydebug)				\
-    yy_reduce_print (yyvsp, Rule); \
-} while (YYID (0))
-
-/* Nonzero means print parse trace.  It is left uninitialized so that
-   multiple parsers can coexist.  */
-int yydebug;
-#else /* !YYDEBUG */
-# define YYDPRINTF(Args)
-# define YY_SYMBOL_PRINT(Title, Type, Value, Location)
-# define YY_STACK_PRINT(Bottom, Top)
-# define YY_REDUCE_PRINT(Rule)
-#endif /* !YYDEBUG */
-
-
-/* YYINITDEPTH -- initial size of the parser's stacks.  */
-#ifndef	YYINITDEPTH
-# define YYINITDEPTH 200
-#endif
-
-/* YYMAXDEPTH -- maximum size the stacks can grow to (effective only
-   if the built-in stack extension method is used).
-
-   Do not make this value too large; the results are undefined if
-   YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH)
-   evaluated with infinite-precision integer arithmetic.  */
-
-#ifndef YYMAXDEPTH
-# define YYMAXDEPTH 10000
-#endif
-
-
-
-#if YYERROR_VERBOSE
-
-# ifndef yystrlen
-#  if defined __GLIBC__ && defined _STRING_H
-#   define yystrlen strlen
-#  else
-/* Return the length of YYSTR.  */
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static YYSIZE_T
-yystrlen (const char *yystr)
-#else
-static YYSIZE_T
-yystrlen (yystr)
-    const char *yystr;
-#endif
-{
-  YYSIZE_T yylen;
-  for (yylen = 0; yystr[yylen]; yylen++)
-    continue;
-  return yylen;
-}
-#  endif
-# endif
-
-# ifndef yystpcpy
-#  if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE
-#   define yystpcpy stpcpy
-#  else
-/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in
-   YYDEST.  */
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static char *
-yystpcpy (char *yydest, const char *yysrc)
-#else
-static char *
-yystpcpy (yydest, yysrc)
-    char *yydest;
-    const char *yysrc;
-#endif
-{
-  char *yyd = yydest;
-  const char *yys = yysrc;
-
-  while ((*yyd++ = *yys++) != '\0')
-    continue;
-
-  return yyd - 1;
-}
-#  endif
-# endif
-
-# ifndef yytnamerr
-/* Copy to YYRES the contents of YYSTR after stripping away unnecessary
-   quotes and backslashes, so that it's suitable for yyerror.  The
-   heuristic is that double-quoting is unnecessary unless the string
-   contains an apostrophe, a comma, or backslash (other than
-   backslash-backslash).  YYSTR is taken from yytname.  If YYRES is
-   null, do not copy; instead, return the length of what the result
-   would have been.  */
-static YYSIZE_T
-yytnamerr (char *yyres, const char *yystr)
-{
-  if (*yystr == '"')
-    {
-      YYSIZE_T yyn = 0;
-      char const *yyp = yystr;
-
-      for (;;)
-	switch (*++yyp)
-	  {
-	  case '\'':
-	  case ',':
-	    goto do_not_strip_quotes;
-
-	  case '\\':
-	    if (*++yyp != '\\')
-	      goto do_not_strip_quotes;
-	    /* Fall through.  */
-	  default:
-	    if (yyres)
-	      yyres[yyn] = *yyp;
-	    yyn++;
-	    break;
-
-	  case '"':
-	    if (yyres)
-	      yyres[yyn] = '\0';
-	    return yyn;
-	  }
-    do_not_strip_quotes: ;
-    }
-
-  if (! yyres)
-    return yystrlen (yystr);
-
-  return yystpcpy (yyres, yystr) - yyres;
-}
-# endif
-
-/* Copy into YYRESULT an error message about the unexpected token
-   YYCHAR while in state YYSTATE.  Return the number of bytes copied,
-   including the terminating null byte.  If YYRESULT is null, do not
-   copy anything; just return the number of bytes that would be
-   copied.  As a special case, return 0 if an ordinary "syntax error"
-   message will do.  Return YYSIZE_MAXIMUM if overflow occurs during
-   size calculation.  */
-static YYSIZE_T
-yysyntax_error (char *yyresult, int yystate, int yychar)
-{
-  int yyn = yypact[yystate];
-
-  if (! (YYPACT_NINF < yyn && yyn <= YYLAST))
-    return 0;
-  else
-    {
-      int yytype = YYTRANSLATE (yychar);
-      YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]);
-      YYSIZE_T yysize = yysize0;
-      YYSIZE_T yysize1;
-      int yysize_overflow = 0;
-      enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 };
-      char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
-      int yyx;
-
-# if 0
-      /* This is so xgettext sees the translatable formats that are
-	 constructed on the fly.  */
-      YY_("syntax error, unexpected %s");
-      YY_("syntax error, unexpected %s, expecting %s");
-      YY_("syntax error, unexpected %s, expecting %s or %s");
-      YY_("syntax error, unexpected %s, expecting %s or %s or %s");
-      YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s");
-# endif
-      char *yyfmt;
-      char const *yyf;
-      static char const yyunexpected[] = "syntax error, unexpected %s";
-      static char const yyexpecting[] = ", expecting %s";
-      static char const yyor[] = " or %s";
-      char yyformat[sizeof yyunexpected
-		    + sizeof yyexpecting - 1
-		    + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2)
-		       * (sizeof yyor - 1))];
-      char const *yyprefix = yyexpecting;
-
-      /* Start YYX at -YYN if negative to avoid negative indexes in
-	 YYCHECK.  */
-      int yyxbegin = yyn < 0 ? -yyn : 0;
-
-      /* Stay within bounds of both yycheck and yytname.  */
-      int yychecklim = YYLAST - yyn + 1;
-      int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS;
-      int yycount = 1;
-
-      yyarg[0] = yytname[yytype];
-      yyfmt = yystpcpy (yyformat, yyunexpected);
-
-      for (yyx = yyxbegin; yyx < yyxend; ++yyx)
-	if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR)
-	  {
-	    if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM)
-	      {
-		yycount = 1;
-		yysize = yysize0;
-		yyformat[sizeof yyunexpected - 1] = '\0';
-		break;
-	      }
-	    yyarg[yycount++] = yytname[yyx];
-	    yysize1 = yysize + yytnamerr (0, yytname[yyx]);
-	    yysize_overflow |= (yysize1 < yysize);
-	    yysize = yysize1;
-	    yyfmt = yystpcpy (yyfmt, yyprefix);
-	    yyprefix = yyor;
-	  }
-
-      yyf = YY_(yyformat);
-      yysize1 = yysize + yystrlen (yyf);
-      yysize_overflow |= (yysize1 < yysize);
-      yysize = yysize1;
-
-      if (yysize_overflow)
-	return YYSIZE_MAXIMUM;
-
-      if (yyresult)
-	{
-	  /* Avoid sprintf, as that infringes on the user's name space.
-	     Don't have undefined behavior even if the translation
-	     produced a string with the wrong number of "%s"s.  */
-	  char *yyp = yyresult;
-	  int yyi = 0;
-	  while ((*yyp = *yyf) != '\0')
-	    {
-	      if (*yyp == '%' && yyf[1] == 's' && yyi < yycount)
-		{
-		  yyp += yytnamerr (yyp, yyarg[yyi++]);
-		  yyf += 2;
-		}
-	      else
-		{
-		  yyp++;
-		  yyf++;
-		}
-	    }
-	}
-      return yysize;
-    }
-}
-#endif /* YYERROR_VERBOSE */
-
-
-/*-----------------------------------------------.
-| Release the memory associated to this symbol.  |
-`-----------------------------------------------*/
-
-/*ARGSUSED*/
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep)
-#else
-static void
-yydestruct (yymsg, yytype, yyvaluep)
-    const char *yymsg;
-    int yytype;
-    YYSTYPE *yyvaluep;
-#endif
-{
-  YYUSE (yyvaluep);
-
-  if (!yymsg)
-    yymsg = "Deleting";
-  YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp);
-
-  switch (yytype)
-    {
-
-      default:
-	break;
-    }
-}
-
-
-/* Prevent warnings from -Wmissing-prototypes.  */
-
-#ifdef YYPARSE_PARAM
-#if defined __STDC__ || defined __cplusplus
-int yyparse (void *YYPARSE_PARAM);
-#else
-int yyparse ();
-#endif
-#else /* ! YYPARSE_PARAM */
-#if defined __STDC__ || defined __cplusplus
-int yyparse (void);
-#else
-int yyparse ();
-#endif
-#endif /* ! YYPARSE_PARAM */
-
-
-
-/* The look-ahead symbol.  */
-int yychar;
-
-/* The semantic value of the look-ahead symbol.  */
-YYSTYPE yylval;
-
-/* Number of syntax errors so far.  */
-int yynerrs;
-
-
-
-/*----------.
-| yyparse.  |
-`----------*/
-
-#ifdef YYPARSE_PARAM
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-int
-yyparse (void *YYPARSE_PARAM)
-#else
-int
-yyparse (YYPARSE_PARAM)
-    void *YYPARSE_PARAM;
-#endif
-#else /* ! YYPARSE_PARAM */
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-int
-yyparse (void)
-#else
-int
-yyparse ()
-
-#endif
-#endif
-{
-  
-  int yystate;
-  int yyn;
-  int yyresult;
-  /* Number of tokens to shift before error messages enabled.  */
-  int yyerrstatus;
-  /* Look-ahead token as an internal (translated) token number.  */
-  int yytoken = 0;
-#if YYERROR_VERBOSE
-  /* Buffer for error messages, and its allocated size.  */
-  char yymsgbuf[128];
-  char *yymsg = yymsgbuf;
-  YYSIZE_T yymsg_alloc = sizeof yymsgbuf;
-#endif
-
-  /* Three stacks and their tools:
-     `yyss': related to states,
-     `yyvs': related to semantic values,
-     `yyls': related to locations.
-
-     Refer to the stacks thru separate pointers, to allow yyoverflow
-     to reallocate them elsewhere.  */
-
-  /* The state stack.  */
-  yytype_int16 yyssa[YYINITDEPTH];
-  yytype_int16 *yyss = yyssa;
-  yytype_int16 *yyssp;
-
-  /* The semantic value stack.  */
-  YYSTYPE yyvsa[YYINITDEPTH];
-  YYSTYPE *yyvs = yyvsa;
-  YYSTYPE *yyvsp;
-
-
-
-#define YYPOPSTACK(N)   (yyvsp -= (N), yyssp -= (N))
-
-  YYSIZE_T yystacksize = YYINITDEPTH;
-
-  /* The variables used to return semantic value and location from the
-     action routines.  */
-  YYSTYPE yyval;
-
-
-  /* The number of symbols on the RHS of the reduced rule.
-     Keep to zero when no symbol should be popped.  */
-  int yylen = 0;
-
-  YYDPRINTF ((stderr, "Starting parse\n"));
-
-  yystate = 0;
-  yyerrstatus = 0;
-  yynerrs = 0;
-  yychar = YYEMPTY;		/* Cause a token to be read.  */
-
-  /* Initialize stack pointers.
-     Waste one element of value and location stack
-     so that they stay on the same level as the state stack.
-     The wasted elements are never initialized.  */
-
-  yyssp = yyss;
-  yyvsp = yyvs;
-
-  goto yysetstate;
-
-/*------------------------------------------------------------.
-| yynewstate -- Push a new state, which is found in yystate.  |
-`------------------------------------------------------------*/
- yynewstate:
-  /* In all cases, when you get here, the value and location stacks
-     have just been pushed.  So pushing a state here evens the stacks.  */
-  yyssp++;
-
- yysetstate:
-  *yyssp = yystate;
-
-  if (yyss + yystacksize - 1 <= yyssp)
-    {
-      /* Get the current used size of the three stacks, in elements.  */
-      YYSIZE_T yysize = yyssp - yyss + 1;
-
-#ifdef yyoverflow
-      {
-	/* Give user a chance to reallocate the stack.  Use copies of
-	   these so that the &'s don't force the real ones into
-	   memory.  */
-	YYSTYPE *yyvs1 = yyvs;
-	yytype_int16 *yyss1 = yyss;
-
-
-	/* Each stack pointer address is followed by the size of the
-	   data in use in that stack, in bytes.  This used to be a
-	   conditional around just the two extra args, but that might
-	   be undefined if yyoverflow is a macro.  */
-	yyoverflow (YY_("memory exhausted"),
-		    &yyss1, yysize * sizeof (*yyssp),
-		    &yyvs1, yysize * sizeof (*yyvsp),
-
-		    &yystacksize);
-
-	yyss = yyss1;
-	yyvs = yyvs1;
-      }
-#else /* no yyoverflow */
-# ifndef YYSTACK_RELOCATE
-      goto yyexhaustedlab;
-# else
-      /* Extend the stack our own way.  */
-      if (YYMAXDEPTH <= yystacksize)
-	goto yyexhaustedlab;
-      yystacksize *= 2;
-      if (YYMAXDEPTH < yystacksize)
-	yystacksize = YYMAXDEPTH;
-
-      {
-	yytype_int16 *yyss1 = yyss;
-	union yyalloc *yyptr =
-	  (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize));
-	if (! yyptr)
-	  goto yyexhaustedlab;
-	YYSTACK_RELOCATE (yyss);
-	YYSTACK_RELOCATE (yyvs);
-
-#  undef YYSTACK_RELOCATE
-	if (yyss1 != yyssa)
-	  YYSTACK_FREE (yyss1);
-      }
-# endif
-#endif /* no yyoverflow */
-
-      yyssp = yyss + yysize - 1;
-      yyvsp = yyvs + yysize - 1;
-
-
-      YYDPRINTF ((stderr, "Stack size increased to %lu\n",
-		  (unsigned long int) yystacksize));
-
-      if (yyss + yystacksize - 1 <= yyssp)
-	YYABORT;
-    }
-
-  YYDPRINTF ((stderr, "Entering state %d\n", yystate));
-
-  goto yybackup;
-
-/*-----------.
-| yybackup.  |
-`-----------*/
-yybackup:
-
-  /* Do appropriate processing given the current state.  Read a
-     look-ahead token if we need one and don't already have one.  */
-
-  /* First try to decide what to do without reference to look-ahead token.  */
-  yyn = yypact[yystate];
-  if (yyn == YYPACT_NINF)
-    goto yydefault;
-
-  /* Not known => get a look-ahead token if don't already have one.  */
-
-  /* YYCHAR is either YYEMPTY or YYEOF or a valid look-ahead symbol.  */
-  if (yychar == YYEMPTY)
-    {
-      YYDPRINTF ((stderr, "Reading a token: "));
-      yychar = YYLEX;
-    }
-
-  if (yychar <= YYEOF)
-    {
-      yychar = yytoken = YYEOF;
-      YYDPRINTF ((stderr, "Now at end of input.\n"));
-    }
-  else
-    {
-      yytoken = YYTRANSLATE (yychar);
-      YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc);
-    }
-
-  /* If the proper action on seeing token YYTOKEN is to reduce or to
-     detect an error, take that action.  */
-  yyn += yytoken;
-  if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken)
-    goto yydefault;
-  yyn = yytable[yyn];
-  if (yyn <= 0)
-    {
-      if (yyn == 0 || yyn == YYTABLE_NINF)
-	goto yyerrlab;
-      yyn = -yyn;
-      goto yyreduce;
-    }
-
-  if (yyn == YYFINAL)
-    YYACCEPT;
-
-  /* Count tokens shifted since error; after three, turn off error
-     status.  */
-  if (yyerrstatus)
-    yyerrstatus--;
-
-  /* Shift the look-ahead token.  */
-  YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc);
-
-  /* Discard the shifted token unless it is eof.  */
-  if (yychar != YYEOF)
-    yychar = YYEMPTY;
-
-  yystate = yyn;
-  *++yyvsp = yylval;
-
-  goto yynewstate;
-
-
-/*-----------------------------------------------------------.
-| yydefault -- do the default action for the current state.  |
-`-----------------------------------------------------------*/
-yydefault:
-  yyn = yydefact[yystate];
-  if (yyn == 0)
-    goto yyerrlab;
-  goto yyreduce;
-
-
-/*-----------------------------.
-| yyreduce -- Do a reduction.  |
-`-----------------------------*/
-yyreduce:
-  /* yyn is the number of a rule to reduce with.  */
-  yylen = yyr2[yyn];
-
-  /* If YYLEN is nonzero, implement the default value of the action:
-     `$$ = $1'.
-
-     Otherwise, the following line sets YYVAL to garbage.
-     This behavior is undocumented and Bison
-     users should not rely upon it.  Assigning to YYVAL
-     unconditionally makes the parser a bit smaller, and it avoids a
-     GCC warning that YYVAL may be used uninitialized.  */
-  yyval = yyvsp[1-yylen];
-
-
-  YY_REDUCE_PRINT (yyn);
-  switch (yyn)
-    {
-        case 3:
-#line 132 "ftpcmd.y"
-    {
-			fromname = (char *) 0;
-			restart_point = (off_t) 0;
-		}
-    break;
-
-  case 5:
-#line 141 "ftpcmd.y"
-    {
-		    if ((yyvsp[(5) - (5)].i))
-			user((yyvsp[(3) - (5)].s));
-		    free((yyvsp[(3) - (5)].s));
-		}
-    break;
-
-  case 6:
-#line 147 "ftpcmd.y"
-    {
-		    if ((yyvsp[(5) - (5)].i))
-			pass((yyvsp[(3) - (5)].s));
-		    memset ((yyvsp[(3) - (5)].s), 0, strlen((yyvsp[(3) - (5)].s)));
-		    free((yyvsp[(3) - (5)].s));
-		}
-    break;
-
-  case 7:
-#line 154 "ftpcmd.y"
-    {
-		    if ((yyvsp[(5) - (5)].i)) {
-			usedefault = 0;
-			if (pdata >= 0) {
-				close(pdata);
-				pdata = -1;
-			}
-			reply(200, "PORT command successful.");
-		    }
-		}
-    break;
-
-  case 8:
-#line 165 "ftpcmd.y"
-    {
-		    if ((yyvsp[(5) - (5)].i))
-			eprt ((yyvsp[(3) - (5)].s));
-		    free ((yyvsp[(3) - (5)].s));
-		}
-    break;
-
-  case 9:
-#line 171 "ftpcmd.y"
-    {
-		    if((yyvsp[(3) - (3)].i))
-			pasv ();
-		}
-    break;
-
-  case 10:
-#line 176 "ftpcmd.y"
-    {
-		    if((yyvsp[(3) - (3)].i))
-			epsv (NULL);
-		}
-    break;
-
-  case 11:
-#line 181 "ftpcmd.y"
-    {
-		    if((yyvsp[(5) - (5)].i))
-			epsv ((yyvsp[(3) - (5)].s));
-		    free ((yyvsp[(3) - (5)].s));
-		}
-    break;
-
-  case 12:
-#line 187 "ftpcmd.y"
-    {
-		    if ((yyvsp[(5) - (5)].i)) {
-			switch (cmd_type) {
-
-			case TYPE_A:
-				if (cmd_form == FORM_N) {
-					reply(200, "Type set to A.");
-					type = cmd_type;
-					form = cmd_form;
-				} else
-					reply(504, "Form must be N.");
-				break;
-
-			case TYPE_E:
-				reply(504, "Type E not implemented.");
-				break;
-
-			case TYPE_I:
-				reply(200, "Type set to I.");
-				type = cmd_type;
-				break;
-
-			case TYPE_L:
-#if NBBY == 8
-				if (cmd_bytesz == 8) {
-					reply(200,
-					    "Type set to L (byte size 8).");
-					type = cmd_type;
-				} else
-					reply(504, "Byte size must be 8.");
-#else /* NBBY == 8 */
-				UNIMPLEMENTED for NBBY != 8
-#endif /* NBBY == 8 */
-			}
-		    }
-		}
-    break;
-
-  case 13:
-#line 224 "ftpcmd.y"
-    {
-		    if ((yyvsp[(5) - (5)].i)) {
-			switch ((yyvsp[(3) - (5)].i)) {
-
-			case STRU_F:
-				reply(200, "STRU F ok.");
-				break;
-
-			default:
-				reply(504, "Unimplemented STRU type.");
-			}
-		    }
-		}
-    break;
-
-  case 14:
-#line 238 "ftpcmd.y"
-    {
-		    if ((yyvsp[(5) - (5)].i)) {
-			switch ((yyvsp[(3) - (5)].i)) {
-
-			case MODE_S:
-				reply(200, "MODE S ok.");
-				break;
-
-			default:
-				reply(502, "Unimplemented MODE type.");
-			}
-		    }
-		}
-    break;
-
-  case 15:
-#line 252 "ftpcmd.y"
-    {
-		    if ((yyvsp[(5) - (5)].i)) {
-			reply(202, "ALLO command ignored.");
-		    }
-		}
-    break;
-
-  case 16:
-#line 258 "ftpcmd.y"
-    {
-		    if ((yyvsp[(9) - (9)].i)) {
-			reply(202, "ALLO command ignored.");
-		    }
-		}
-    break;
-
-  case 17:
-#line 264 "ftpcmd.y"
-    {
-			char *name = (yyvsp[(3) - (5)].s);
-
-			if ((yyvsp[(5) - (5)].i) && name != NULL)
-				retrieve(0, name);
-			if (name != NULL)
-				free(name);
-		}
-    break;
-
-  case 18:
-#line 273 "ftpcmd.y"
-    {
-			char *name = (yyvsp[(3) - (5)].s);
-
-			if ((yyvsp[(5) - (5)].i) && name != NULL)
-				do_store(name, "w", 0);
-			if (name != NULL)
-				free(name);
-		}
-    break;
-
-  case 19:
-#line 282 "ftpcmd.y"
-    {
-			char *name = (yyvsp[(3) - (5)].s);
-
-			if ((yyvsp[(5) - (5)].i) && name != NULL)
-				do_store(name, "a", 0);
-			if (name != NULL)
-				free(name);
-		}
-    break;
-
-  case 20:
-#line 291 "ftpcmd.y"
-    {
-			if ((yyvsp[(3) - (3)].i))
-				send_file_list(".");
-		}
-    break;
-
-  case 21:
-#line 296 "ftpcmd.y"
-    {
-			char *name = (yyvsp[(3) - (5)].s);
-
-			if ((yyvsp[(5) - (5)].i) && name != NULL)
-				send_file_list(name);
-			if (name != NULL)
-				free(name);
-		}
-    break;
-
-  case 22:
-#line 305 "ftpcmd.y"
-    {
-		    if((yyvsp[(3) - (3)].i))
-			list_file(".");
-		}
-    break;
-
-  case 23:
-#line 310 "ftpcmd.y"
-    {
-		    if((yyvsp[(5) - (5)].i))
-			list_file((yyvsp[(3) - (5)].s));
-		    free((yyvsp[(3) - (5)].s));
-		}
-    break;
-
-  case 24:
-#line 316 "ftpcmd.y"
-    {
-			if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s) != NULL)
-				statfilecmd((yyvsp[(3) - (5)].s));
-			if ((yyvsp[(3) - (5)].s) != NULL)
-				free((yyvsp[(3) - (5)].s));
-		}
-    break;
-
-  case 25:
-#line 323 "ftpcmd.y"
-    {
-		    if ((yyvsp[(3) - (3)].i))
-			statcmd();
-		}
-    break;
-
-  case 26:
-#line 328 "ftpcmd.y"
-    {
-			if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s) != NULL)
-				do_delete((yyvsp[(3) - (5)].s));
-			if ((yyvsp[(3) - (5)].s) != NULL)
-				free((yyvsp[(3) - (5)].s));
-		}
-    break;
-
-  case 27:
-#line 335 "ftpcmd.y"
-    {
-			if((yyvsp[(5) - (5)].i)){
-				if (fromname) {
-					renamecmd(fromname, (yyvsp[(3) - (5)].s));
-					free(fromname);
-					fromname = (char *) 0;
-				} else {
-					reply(503, "Bad sequence of commands.");
-				}
-			}
-			if ((yyvsp[(3) - (5)].s) != NULL)
-				free((yyvsp[(3) - (5)].s));
-		}
-    break;
-
-  case 28:
-#line 349 "ftpcmd.y"
-    {
-		    if ((yyvsp[(3) - (3)].i))
-			reply(225, "ABOR command successful.");
-		}
-    break;
-
-  case 29:
-#line 354 "ftpcmd.y"
-    {
-			if ((yyvsp[(3) - (3)].i))
-				cwd(pw->pw_dir);
-		}
-    break;
-
-  case 30:
-#line 359 "ftpcmd.y"
-    {
-			if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s) != NULL)
-				cwd((yyvsp[(3) - (5)].s));
-			if ((yyvsp[(3) - (5)].s) != NULL)
-				free((yyvsp[(3) - (5)].s));
-		}
-    break;
-
-  case 31:
-#line 366 "ftpcmd.y"
-    {
-		    if ((yyvsp[(3) - (3)].i))
-			help(cmdtab, (char *) 0);
-		}
-    break;
-
-  case 32:
-#line 371 "ftpcmd.y"
-    {
-		    if ((yyvsp[(5) - (5)].i)) {
-			char *cp = (yyvsp[(3) - (5)].s);
-
-			if (strncasecmp(cp, "SITE", 4) == 0) {
-				cp = (yyvsp[(3) - (5)].s) + 4;
-				if (*cp == ' ')
-					cp++;
-				if (*cp)
-					help(sitetab, cp);
-				else
-					help(sitetab, (char *) 0);
-			} else
-				help(cmdtab, (yyvsp[(3) - (5)].s));
-		    }
-		}
-    break;
-
-  case 33:
-#line 388 "ftpcmd.y"
-    {
-		    if ((yyvsp[(3) - (3)].i))
-			reply(200, "NOOP command successful.");
-		}
-    break;
-
-  case 34:
-#line 393 "ftpcmd.y"
-    {
-			if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s) != NULL)
-				makedir((yyvsp[(3) - (5)].s));
-			if ((yyvsp[(3) - (5)].s) != NULL)
-				free((yyvsp[(3) - (5)].s));
-		}
-    break;
-
-  case 35:
-#line 400 "ftpcmd.y"
-    {
-			if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s) != NULL)
-				removedir((yyvsp[(3) - (5)].s));
-			if ((yyvsp[(3) - (5)].s) != NULL)
-				free((yyvsp[(3) - (5)].s));
-		}
-    break;
-
-  case 36:
-#line 407 "ftpcmd.y"
-    {
-			if ((yyvsp[(3) - (3)].i))
-				pwd();
-		}
-    break;
-
-  case 37:
-#line 412 "ftpcmd.y"
-    {
-			if ((yyvsp[(3) - (3)].i))
-				cwd("..");
-		}
-    break;
-
-  case 38:
-#line 417 "ftpcmd.y"
-    {
-		    if ((yyvsp[(3) - (3)].i)) {
-			lreply(211, "Supported features:");
-			lreply(0, " MDTM");
-			lreply(0, " REST STREAM");
-			lreply(0, " SIZE");
-			reply(211, "End");
-		    }
-		}
-    break;
-
-  case 39:
-#line 427 "ftpcmd.y"
-    {
-		    if ((yyvsp[(5) - (5)].i))
-			reply(501, "Bad options");
-		    free ((yyvsp[(3) - (5)].s));
-		}
-    break;
-
-  case 40:
-#line 434 "ftpcmd.y"
-    {
-		    if ((yyvsp[(5) - (5)].i))
-			help(sitetab, (char *) 0);
-		}
-    break;
-
-  case 41:
-#line 439 "ftpcmd.y"
-    {
-		    if ((yyvsp[(7) - (7)].i))
-			help(sitetab, (yyvsp[(5) - (7)].s));
-		}
-    break;
-
-  case 42:
-#line 444 "ftpcmd.y"
-    {
-			if ((yyvsp[(5) - (5)].i)) {
-				int oldmask = umask(0);
-				umask(oldmask);
-				reply(200, "Current UMASK is %03o", oldmask);
-			}
-		}
-    break;
-
-  case 43:
-#line 452 "ftpcmd.y"
-    {
-			if ((yyvsp[(7) - (7)].i)) {
-				if (((yyvsp[(5) - (7)].i) == -1) || ((yyvsp[(5) - (7)].i) > 0777)) {
-					reply(501, "Bad UMASK value");
-				} else {
-					int oldmask = umask((yyvsp[(5) - (7)].i));
-					reply(200,
-					      "UMASK set to %03o (was %03o)",
-					      (yyvsp[(5) - (7)].i), oldmask);
-				}
-			}
-		}
-    break;
-
-  case 44:
-#line 465 "ftpcmd.y"
-    {
-			if ((yyvsp[(9) - (9)].i) && (yyvsp[(7) - (9)].s) != NULL) {
-				if ((yyvsp[(5) - (9)].i) > 0777)
-					reply(501,
-				"CHMOD: Mode value must be between 0 and 0777");
-				else if (chmod((yyvsp[(7) - (9)].s), (yyvsp[(5) - (9)].i)) < 0)
-					perror_reply(550, (yyvsp[(7) - (9)].s));
-				else
-					reply(200, "CHMOD command successful.");
-			}
-			if ((yyvsp[(7) - (9)].s) != NULL)
-				free((yyvsp[(7) - (9)].s));
-		}
-    break;
-
-  case 45:
-#line 479 "ftpcmd.y"
-    {
-		    if ((yyvsp[(5) - (5)].i))
-			reply(200,
-			    "Current IDLE time limit is %d seconds; max %d",
-				ftpd_timeout, maxtimeout);
-		}
-    break;
-
-  case 46:
-#line 486 "ftpcmd.y"
-    {
-		    if ((yyvsp[(7) - (7)].i)) {
-			if ((yyvsp[(5) - (7)].i) < 30 || (yyvsp[(5) - (7)].i) > maxtimeout) {
-				reply(501,
-			"Maximum IDLE time must be between 30 and %d seconds",
-				    maxtimeout);
-			} else {
-				ftpd_timeout = (yyvsp[(5) - (7)].i);
-				alarm((unsigned) ftpd_timeout);
-				reply(200,
-				    "Maximum IDLE time set to %d seconds",
-				    ftpd_timeout);
-			}
-		    }
-		}
-    break;
-
-  case 47:
-#line 503 "ftpcmd.y"
-    {
-#ifdef KRB4
-			char *p;
-			
-			if(guest)
-				reply(500, "Can't be done as guest.");
-			else{
-				if((yyvsp[(7) - (7)].i) && (yyvsp[(5) - (7)].s) != NULL){
-				    p = strpbrk((yyvsp[(5) - (7)].s), " \t");
-				    if(p){
-					*p++ = 0;
-					kauth((yyvsp[(5) - (7)].s), p + strspn(p, " \t"));
-				    }else
-					kauth((yyvsp[(5) - (7)].s), NULL);
-				}
-			}
-			if((yyvsp[(5) - (7)].s) != NULL)
-			    free((yyvsp[(5) - (7)].s));
-#else
-			reply(500, "Command not implemented.");
-#endif
-		}
-    break;
-
-  case 48:
-#line 526 "ftpcmd.y"
-    {
-		    if((yyvsp[(5) - (5)].i))
-			klist();
-		}
-    break;
-
-  case 49:
-#line 531 "ftpcmd.y"
-    {
-#ifdef KRB4
-		    if((yyvsp[(5) - (5)].i))
-			kdestroy();
-#else
-		    reply(500, "Command not implemented.");
-#endif
-		}
-    break;
-
-  case 50:
-#line 540 "ftpcmd.y"
-    {
-#ifdef KRB4
-		    if(guest)
-			reply(500, "Can't be done as guest.");
-		    else if((yyvsp[(7) - (7)].i) && (yyvsp[(5) - (7)].s))
-			krbtkfile((yyvsp[(5) - (7)].s));
-		    if((yyvsp[(5) - (7)].s))
-			free((yyvsp[(5) - (7)].s));
-#else
-		    reply(500, "Command not implemented.");
-#endif
-		}
-    break;
-
-  case 51:
-#line 553 "ftpcmd.y"
-    {
-#if defined(KRB4) || defined(KRB5)
-		    if(guest)
-			reply(500, "Can't be done as guest.");
-		    else if((yyvsp[(5) - (5)].i))
-			afslog(NULL, 0);
-#else
-		    reply(500, "Command not implemented.");
-#endif
-		}
-    break;
-
-  case 52:
-#line 564 "ftpcmd.y"
-    {
-#if defined(KRB4) || defined(KRB5)
-		    if(guest)
-			reply(500, "Can't be done as guest.");
-		    else if((yyvsp[(7) - (7)].i))
-			afslog((yyvsp[(5) - (7)].s), 0);
-		    if((yyvsp[(5) - (7)].s))
-			free((yyvsp[(5) - (7)].s));
-#else
-		    reply(500, "Command not implemented.");
-#endif
-		}
-    break;
-
-  case 53:
-#line 577 "ftpcmd.y"
-    {
-		    if((yyvsp[(7) - (7)].i) && (yyvsp[(5) - (7)].s) != NULL)
-			find((yyvsp[(5) - (7)].s));
-		    if((yyvsp[(5) - (7)].s) != NULL)
-			free((yyvsp[(5) - (7)].s));
-		}
-    break;
-
-  case 54:
-#line 584 "ftpcmd.y"
-    {
-		    if ((yyvsp[(5) - (5)].i))
-			reply(200, "http://www.pdc.kth.se/heimdal/");
-		}
-    break;
-
-  case 55:
-#line 589 "ftpcmd.y"
-    {
-			if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s) != NULL)
-				do_store((yyvsp[(3) - (5)].s), "w", 1);
-			if ((yyvsp[(3) - (5)].s) != NULL)
-				free((yyvsp[(3) - (5)].s));
-		}
-    break;
-
-  case 56:
-#line 596 "ftpcmd.y"
-    {
-		    if ((yyvsp[(3) - (3)].i)) {
-#if !defined(WIN32) && !defined(__EMX__) && !defined(__OS2__) && !defined(__CYGWIN32__)
-			reply(215, "UNIX Type: L%d", NBBY);
-#else
-			reply(215, "UNKNOWN Type: L%d", NBBY);
-#endif
-		    }
-		}
-    break;
-
-  case 57:
-#line 614 "ftpcmd.y"
-    {
-			if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s) != NULL)
-				sizecmd((yyvsp[(3) - (5)].s));
-			if ((yyvsp[(3) - (5)].s) != NULL)
-				free((yyvsp[(3) - (5)].s));
-		}
-    break;
-
-  case 58:
-#line 631 "ftpcmd.y"
-    {
-			if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s) != NULL) {
-				struct stat stbuf;
-				if (stat((yyvsp[(3) - (5)].s), &stbuf) < 0)
-					reply(550, "%s: %s",
-					    (yyvsp[(3) - (5)].s), strerror(errno));
-				else if (!S_ISREG(stbuf.st_mode)) {
-					reply(550,
-					      "%s: not a plain file.", (yyvsp[(3) - (5)].s));
-				} else {
-					struct tm *t;
-					time_t mtime = stbuf.st_mtime;
-
-					t = gmtime(&mtime);
-					reply(213,
-					      "%04d%02d%02d%02d%02d%02d",
-					      t->tm_year + 1900,
-					      t->tm_mon + 1,
-					      t->tm_mday,
-					      t->tm_hour,
-					      t->tm_min,
-					      t->tm_sec);
-				}
-			}
-			if ((yyvsp[(3) - (5)].s) != NULL)
-				free((yyvsp[(3) - (5)].s));
-		}
-    break;
-
-  case 59:
-#line 659 "ftpcmd.y"
-    {
-		    if ((yyvsp[(3) - (3)].i)) {
-			reply(221, "Goodbye.");
-			dologout(0);
-		    }
-		}
-    break;
-
-  case 60:
-#line 666 "ftpcmd.y"
-    {
-			yyerrok;
-		}
-    break;
-
-  case 61:
-#line 672 "ftpcmd.y"
-    {
-			restart_point = (off_t) 0;
-			if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s)) {
-				fromname = renamefrom((yyvsp[(3) - (5)].s));
-				if (fromname == (char *) 0 && (yyvsp[(3) - (5)].s)) {
-					free((yyvsp[(3) - (5)].s));
-				}
-			}
-		}
-    break;
-
-  case 62:
-#line 682 "ftpcmd.y"
-    {
-		    if ((yyvsp[(5) - (5)].i)) {
-			fromname = (char *) 0;
-			restart_point = (yyvsp[(3) - (5)].i);	/* XXX $3 is only "int" */
-			reply(350, "Restarting at %ld. %s",
-			      (long)restart_point,
-			      "Send STORE or RETRIEVE to initiate transfer.");
-		    }
-		}
-    break;
-
-  case 63:
-#line 692 "ftpcmd.y"
-    {
-			auth((yyvsp[(3) - (4)].s));
-			free((yyvsp[(3) - (4)].s));
-		}
-    break;
-
-  case 64:
-#line 697 "ftpcmd.y"
-    {
-			adat((yyvsp[(3) - (4)].s));
-			free((yyvsp[(3) - (4)].s));
-		}
-    break;
-
-  case 65:
-#line 702 "ftpcmd.y"
-    {
-		    if ((yyvsp[(5) - (5)].i))
-			pbsz((yyvsp[(3) - (5)].i));
-		}
-    break;
-
-  case 66:
-#line 707 "ftpcmd.y"
-    {
-		    if ((yyvsp[(5) - (5)].i))
-			prot((yyvsp[(3) - (5)].s));
-		}
-    break;
-
-  case 67:
-#line 712 "ftpcmd.y"
-    {
-		    if ((yyvsp[(3) - (3)].i))
-			ccc();
-		}
-    break;
-
-  case 68:
-#line 717 "ftpcmd.y"
-    {
-			mec((yyvsp[(3) - (4)].s), prot_safe);
-			free((yyvsp[(3) - (4)].s));
-		}
-    break;
-
-  case 69:
-#line 722 "ftpcmd.y"
-    {
-			mec((yyvsp[(3) - (4)].s), prot_confidential);
-			free((yyvsp[(3) - (4)].s));
-		}
-    break;
-
-  case 70:
-#line 727 "ftpcmd.y"
-    {
-			mec((yyvsp[(3) - (4)].s), prot_private);
-			free((yyvsp[(3) - (4)].s));
-		}
-    break;
-
-  case 72:
-#line 739 "ftpcmd.y"
-    {
-			(yyval.s) = (char *)calloc(1, sizeof(char));
-		}
-    break;
-
-  case 75:
-#line 752 "ftpcmd.y"
-    {
-			struct sockaddr_in *sin4 = (struct sockaddr_in *)data_dest;
-
-			sin4->sin_family = AF_INET;
-			sin4->sin_port = htons((yyvsp[(9) - (11)].i) * 256 + (yyvsp[(11) - (11)].i));
-			sin4->sin_addr.s_addr = 
-			    htonl(((yyvsp[(1) - (11)].i) << 24) | ((yyvsp[(3) - (11)].i) << 16) | ((yyvsp[(5) - (11)].i) << 8) | (yyvsp[(7) - (11)].i));
-		}
-    break;
-
-  case 76:
-#line 764 "ftpcmd.y"
-    {
-			(yyval.i) = FORM_N;
-		}
-    break;
-
-  case 77:
-#line 768 "ftpcmd.y"
-    {
-			(yyval.i) = FORM_T;
-		}
-    break;
-
-  case 78:
-#line 772 "ftpcmd.y"
-    {
-			(yyval.i) = FORM_C;
-		}
-    break;
-
-  case 79:
-#line 779 "ftpcmd.y"
-    {
-			cmd_type = TYPE_A;
-			cmd_form = FORM_N;
-		}
-    break;
-
-  case 80:
-#line 784 "ftpcmd.y"
-    {
-			cmd_type = TYPE_A;
-			cmd_form = (yyvsp[(3) - (3)].i);
-		}
-    break;
-
-  case 81:
-#line 789 "ftpcmd.y"
-    {
-			cmd_type = TYPE_E;
-			cmd_form = FORM_N;
-		}
-    break;
-
-  case 82:
-#line 794 "ftpcmd.y"
-    {
-			cmd_type = TYPE_E;
-			cmd_form = (yyvsp[(3) - (3)].i);
-		}
-    break;
-
-  case 83:
-#line 799 "ftpcmd.y"
-    {
-			cmd_type = TYPE_I;
-		}
-    break;
-
-  case 84:
-#line 803 "ftpcmd.y"
-    {
-			cmd_type = TYPE_L;
-			cmd_bytesz = NBBY;
-		}
-    break;
-
-  case 85:
-#line 808 "ftpcmd.y"
-    {
-			cmd_type = TYPE_L;
-			cmd_bytesz = (yyvsp[(3) - (3)].i);
-		}
-    break;
-
-  case 86:
-#line 814 "ftpcmd.y"
-    {
-			cmd_type = TYPE_L;
-			cmd_bytesz = (yyvsp[(2) - (2)].i);
-		}
-    break;
-
-  case 87:
-#line 822 "ftpcmd.y"
-    {
-			(yyval.i) = STRU_F;
-		}
-    break;
-
-  case 88:
-#line 826 "ftpcmd.y"
-    {
-			(yyval.i) = STRU_R;
-		}
-    break;
-
-  case 89:
-#line 830 "ftpcmd.y"
-    {
-			(yyval.i) = STRU_P;
-		}
-    break;
-
-  case 90:
-#line 837 "ftpcmd.y"
-    {
-			(yyval.i) = MODE_S;
-		}
-    break;
-
-  case 91:
-#line 841 "ftpcmd.y"
-    {
-			(yyval.i) = MODE_B;
-		}
-    break;
-
-  case 92:
-#line 845 "ftpcmd.y"
-    {
-			(yyval.i) = MODE_C;
-		}
-    break;
-
-  case 93:
-#line 852 "ftpcmd.y"
-    {
-			/*
-			 * Problem: this production is used for all pathname
-			 * processing, but only gives a 550 error reply.
-			 * This is a valid reply in some cases but not in others.
-			 */
-			if (logged_in && (yyvsp[(1) - (1)].s) && *(yyvsp[(1) - (1)].s) == '~') {
-				glob_t gl;
-				int flags =
-				 GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
-
-				memset(&gl, 0, sizeof(gl));
-				if (glob((yyvsp[(1) - (1)].s), flags, NULL, &gl) ||
-				    gl.gl_pathc == 0) {
-					reply(550, "not found");
-					(yyval.s) = NULL;
-				} else {
-					(yyval.s) = strdup(gl.gl_pathv[0]);
-				}
-				globfree(&gl);
-				free((yyvsp[(1) - (1)].s));
-			} else
-				(yyval.s) = (yyvsp[(1) - (1)].s);
-		}
-    break;
-
-  case 95:
-#line 884 "ftpcmd.y"
-    {
-			int ret, dec, multby, digit;
-
-			/*
-			 * Convert a number that was read as decimal number
-			 * to what it would be if it had been read as octal.
-			 */
-			dec = (yyvsp[(1) - (1)].i);
-			multby = 1;
-			ret = 0;
-			while (dec) {
-				digit = dec%10;
-				if (digit > 7) {
-					ret = -1;
-					break;
-				}
-				ret += digit * multby;
-				multby *= 8;
-				dec /= 10;
-			}
-			(yyval.i) = ret;
-		}
-    break;
-
-  case 96:
-#line 910 "ftpcmd.y"
-    {
-			(yyval.i) = (yyvsp[(1) - (1)].i) && !guest;
-			if((yyvsp[(1) - (1)].i) && !(yyval.i))
-				reply(550, "Permission denied");
-		}
-    break;
-
-  case 97:
-#line 918 "ftpcmd.y"
-    {
-		    if((yyvsp[(1) - (1)].i)) {
-			if(((yyval.i) = logged_in) == 0)
-			    reply(530, "Please login with USER and PASS.");
-		    } else
-			(yyval.i) = 0;
-		}
-    break;
-
-  case 98:
-#line 928 "ftpcmd.y"
-    {
-		    (yyval.i) = 1;
-		    if(sec_complete && !ccc_passed && !secure_command()) {
-			(yyval.i) = 0;
-			reply(533, "Command protection level denied "
-			      "for paranoid reasons.");
-		    }
-		}
-    break;
-
-
-/* Line 1267 of yacc.c.  */
-#line 2778 "ftpcmd.c"
-      default: break;
-    }
-  YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc);
-
-  YYPOPSTACK (yylen);
-  yylen = 0;
-  YY_STACK_PRINT (yyss, yyssp);
-
-  *++yyvsp = yyval;
-
-
-  /* Now `shift' the result of the reduction.  Determine what state
-     that goes to, based on the state we popped back to and the rule
-     number reduced by.  */
-
-  yyn = yyr1[yyn];
-
-  yystate = yypgoto[yyn - YYNTOKENS] + *yyssp;
-  if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp)
-    yystate = yytable[yystate];
-  else
-    yystate = yydefgoto[yyn - YYNTOKENS];
-
-  goto yynewstate;
-
-
-/*------------------------------------.
-| yyerrlab -- here on detecting error |
-`------------------------------------*/
-yyerrlab:
-  /* If not already recovering from an error, report this error.  */
-  if (!yyerrstatus)
-    {
-      ++yynerrs;
-#if ! YYERROR_VERBOSE
-      yyerror (YY_("syntax error"));
-#else
-      {
-	YYSIZE_T yysize = yysyntax_error (0, yystate, yychar);
-	if (yymsg_alloc < yysize && yymsg_alloc < YYSTACK_ALLOC_MAXIMUM)
-	  {
-	    YYSIZE_T yyalloc = 2 * yysize;
-	    if (! (yysize <= yyalloc && yyalloc <= YYSTACK_ALLOC_MAXIMUM))
-	      yyalloc = YYSTACK_ALLOC_MAXIMUM;
-	    if (yymsg != yymsgbuf)
-	      YYSTACK_FREE (yymsg);
-	    yymsg = (char *) YYSTACK_ALLOC (yyalloc);
-	    if (yymsg)
-	      yymsg_alloc = yyalloc;
-	    else
-	      {
-		yymsg = yymsgbuf;
-		yymsg_alloc = sizeof yymsgbuf;
-	      }
-	  }
-
-	if (0 < yysize && yysize <= yymsg_alloc)
-	  {
-	    (void) yysyntax_error (yymsg, yystate, yychar);
-	    yyerror (yymsg);
-	  }
-	else
-	  {
-	    yyerror (YY_("syntax error"));
-	    if (yysize != 0)
-	      goto yyexhaustedlab;
-	  }
-      }
-#endif
-    }
-
-
-
-  if (yyerrstatus == 3)
-    {
-      /* If just tried and failed to reuse look-ahead token after an
-	 error, discard it.  */
-
-      if (yychar <= YYEOF)
-	{
-	  /* Return failure if at end of input.  */
-	  if (yychar == YYEOF)
-	    YYABORT;
-	}
-      else
-	{
-	  yydestruct ("Error: discarding",
-		      yytoken, &yylval);
-	  yychar = YYEMPTY;
-	}
-    }
-
-  /* Else will try to reuse look-ahead token after shifting the error
-     token.  */
-  goto yyerrlab1;
-
-
-/*---------------------------------------------------.
-| yyerrorlab -- error raised explicitly by YYERROR.  |
-`---------------------------------------------------*/
-yyerrorlab:
-
-  /* Pacify compilers like GCC when the user code never invokes
-     YYERROR and the label yyerrorlab therefore never appears in user
-     code.  */
-  if (/*CONSTCOND*/ 0)
-     goto yyerrorlab;
-
-  /* Do not reclaim the symbols of the rule which action triggered
-     this YYERROR.  */
-  YYPOPSTACK (yylen);
-  yylen = 0;
-  YY_STACK_PRINT (yyss, yyssp);
-  yystate = *yyssp;
-  goto yyerrlab1;
-
-
-/*-------------------------------------------------------------.
-| yyerrlab1 -- common code for both syntax error and YYERROR.  |
-`-------------------------------------------------------------*/
-yyerrlab1:
-  yyerrstatus = 3;	/* Each real token shifted decrements this.  */
-
-  for (;;)
-    {
-      yyn = yypact[yystate];
-      if (yyn != YYPACT_NINF)
-	{
-	  yyn += YYTERROR;
-	  if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR)
-	    {
-	      yyn = yytable[yyn];
-	      if (0 < yyn)
-		break;
-	    }
-	}
-
-      /* Pop the current state because it cannot handle the error token.  */
-      if (yyssp == yyss)
-	YYABORT;
-
-
-      yydestruct ("Error: popping",
-		  yystos[yystate], yyvsp);
-      YYPOPSTACK (1);
-      yystate = *yyssp;
-      YY_STACK_PRINT (yyss, yyssp);
-    }
-
-  if (yyn == YYFINAL)
-    YYACCEPT;
-
-  *++yyvsp = yylval;
-
-
-  /* Shift the error token.  */
-  YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp);
-
-  yystate = yyn;
-  goto yynewstate;
-
-
-/*-------------------------------------.
-| yyacceptlab -- YYACCEPT comes here.  |
-`-------------------------------------*/
-yyacceptlab:
-  yyresult = 0;
-  goto yyreturn;
-
-/*-----------------------------------.
-| yyabortlab -- YYABORT comes here.  |
-`-----------------------------------*/
-yyabortlab:
-  yyresult = 1;
-  goto yyreturn;
-
-#ifndef yyoverflow
-/*-------------------------------------------------.
-| yyexhaustedlab -- memory exhaustion comes here.  |
-`-------------------------------------------------*/
-yyexhaustedlab:
-  yyerror (YY_("memory exhausted"));
-  yyresult = 2;
-  /* Fall through.  */
-#endif
-
-yyreturn:
-  if (yychar != YYEOF && yychar != YYEMPTY)
-     yydestruct ("Cleanup: discarding lookahead",
-		 yytoken, &yylval);
-  /* Do not reclaim the symbols of the rule which action triggered
-     this YYABORT or YYACCEPT.  */
-  YYPOPSTACK (yylen);
-  YY_STACK_PRINT (yyss, yyssp);
-  while (yyssp != yyss)
-    {
-      yydestruct ("Cleanup: popping",
-		  yystos[*yyssp], yyvsp);
-      YYPOPSTACK (1);
-    }
-#ifndef yyoverflow
-  if (yyss != yyssa)
-    YYSTACK_FREE (yyss);
-#endif
-#if YYERROR_VERBOSE
-  if (yymsg != yymsgbuf)
-    YYSTACK_FREE (yymsg);
-#endif
-  /* Make sure YYID is used.  */
-  return YYID (yyresult);
-}
-
-
-#line 938 "ftpcmd.y"
-
-
-#define	CMD	0	/* beginning of command */
-#define	ARGS	1	/* expect miscellaneous arguments */
-#define	STR1	2	/* expect SP followed by STRING */
-#define	STR2	3	/* expect STRING */
-#define	OSTR	4	/* optional SP then STRING */
-#define	ZSTR1	5	/* SP then optional STRING */
-#define	ZSTR2	6	/* optional STRING after SP */
-#define	SITECMD	7	/* SITE command */
-#define	NSTR	8	/* Number followed by a string */
-
-struct tab cmdtab[] = {		/* In order defined in RFC 765 */
-	{ "USER", USER, STR1, 1,	"<sp> username" },
-	{ "PASS", PASS, ZSTR1, 1,	"<sp> password" },
-	{ "ACCT", ACCT, STR1, 0,	"(specify account)" },
-	{ "SMNT", SMNT, ARGS, 0,	"(structure mount)" },
-	{ "REIN", REIN, ARGS, 0,	"(reinitialize server state)" },
-	{ "QUIT", QUIT, ARGS, 1,	"(terminate service)", },
-	{ "PORT", PORT, ARGS, 1,	"<sp> b0, b1, b2, b3, b4" },
-	{ "EPRT", EPRT, STR1, 1,	"<sp> string" },
-	{ "PASV", PASV, ARGS, 1,	"(set server in passive mode)" },
-	{ "EPSV", EPSV, OSTR, 1,	"[<sp> foo]" },
-	{ "TYPE", TYPE, ARGS, 1,	"<sp> [ A | E | I | L ]" },
-	{ "STRU", STRU, ARGS, 1,	"(specify file structure)" },
-	{ "MODE", MODE, ARGS, 1,	"(specify transfer mode)" },
-	{ "RETR", RETR, STR1, 1,	"<sp> file-name" },
-	{ "STOR", STOR, STR1, 1,	"<sp> file-name" },
-	{ "APPE", APPE, STR1, 1,	"<sp> file-name" },
-	{ "MLFL", MLFL, OSTR, 0,	"(mail file)" },
-	{ "MAIL", MAIL, OSTR, 0,	"(mail to user)" },
-	{ "MSND", MSND, OSTR, 0,	"(mail send to terminal)" },
-	{ "MSOM", MSOM, OSTR, 0,	"(mail send to terminal or mailbox)" },
-	{ "MSAM", MSAM, OSTR, 0,	"(mail send to terminal and mailbox)" },
-	{ "MRSQ", MRSQ, OSTR, 0,	"(mail recipient scheme question)" },
-	{ "MRCP", MRCP, STR1, 0,	"(mail recipient)" },
-	{ "ALLO", ALLO, ARGS, 1,	"allocate storage (vacuously)" },
-	{ "REST", REST, ARGS, 1,	"<sp> offset (restart command)" },
-	{ "RNFR", RNFR, STR1, 1,	"<sp> file-name" },
-	{ "RNTO", RNTO, STR1, 1,	"<sp> file-name" },
-	{ "ABOR", ABOR, ARGS, 1,	"(abort operation)" },
-	{ "DELE", DELE, STR1, 1,	"<sp> file-name" },
-	{ "CWD",  CWD,  OSTR, 1,	"[ <sp> directory-name ]" },
-	{ "XCWD", CWD,	OSTR, 1,	"[ <sp> directory-name ]" },
-	{ "LIST", LIST, OSTR, 1,	"[ <sp> path-name ]" },
-	{ "NLST", NLST, OSTR, 1,	"[ <sp> path-name ]" },
-	{ "SITE", SITE, SITECMD, 1,	"site-cmd [ <sp> arguments ]" },
-	{ "SYST", SYST, ARGS, 1,	"(get type of operating system)" },
-	{ "STAT", sTAT, OSTR, 1,	"[ <sp> path-name ]" },
-	{ "HELP", HELP, OSTR, 1,	"[ <sp> <string> ]" },
-	{ "NOOP", NOOP, ARGS, 1,	"" },
-	{ "MKD",  MKD,  STR1, 1,	"<sp> path-name" },
-	{ "XMKD", MKD,  STR1, 1,	"<sp> path-name" },
-	{ "RMD",  RMD,  STR1, 1,	"<sp> path-name" },
-	{ "XRMD", RMD,  STR1, 1,	"<sp> path-name" },
-	{ "PWD",  PWD,  ARGS, 1,	"(return current directory)" },
-	{ "XPWD", PWD,  ARGS, 1,	"(return current directory)" },
-	{ "CDUP", CDUP, ARGS, 1,	"(change to parent directory)" },
-	{ "XCUP", CDUP, ARGS, 1,	"(change to parent directory)" },
-	{ "STOU", STOU, STR1, 1,	"<sp> file-name" },
-	{ "SIZE", SIZE, OSTR, 1,	"<sp> path-name" },
-	{ "MDTM", MDTM, OSTR, 1,	"<sp> path-name" },
-
-	/* extensions from RFC2228 */
-	{ "AUTH", AUTH,	STR1, 1,	"<sp> auth-type" },
-	{ "ADAT", ADAT,	STR1, 1,	"<sp> auth-data" },
-	{ "PBSZ", PBSZ,	ARGS, 1,	"<sp> buffer-size" },
-	{ "PROT", PROT,	STR1, 1,	"<sp> prot-level" },
-	{ "CCC",  CCC,	ARGS, 1,	"" },
-	{ "MIC",  MIC,	STR1, 1,	"<sp> integrity command" },
-	{ "CONF", CONF,	STR1, 1,	"<sp> confidentiality command" },
-	{ "ENC",  ENC,	STR1, 1,	"<sp> privacy command" },
-
-	/* RFC2389 */
-	{ "FEAT", FEAT, ARGS, 1,	"" },
-	{ "OPTS", OPTS, ARGS, 1,	"<sp> command [<sp> options]" },
-
-	{ NULL,   0,    0,    0,	0 }
-};
-
-struct tab sitetab[] = {
-	{ "UMASK", UMASK, ARGS, 1,	"[ <sp> umask ]" },
-	{ "IDLE", IDLE, ARGS, 1,	"[ <sp> maximum-idle-time ]" },
-	{ "CHMOD", CHMOD, NSTR, 1,	"<sp> mode <sp> file-name" },
-	{ "HELP", HELP, OSTR, 1,	"[ <sp> <string> ]" },
-
-	{ "KAUTH", KAUTH, STR1, 1,	"<sp> principal [ <sp> ticket ]" },
-	{ "KLIST", KLIST, ARGS, 1,	"(show ticket file)" },
-	{ "KDESTROY", KDESTROY, ARGS, 1, "(destroy tickets)" },
-	{ "KRBTKFILE", KRBTKFILE, STR1, 1, "<sp> ticket-file" },
-	{ "AFSLOG", AFSLOG, OSTR, 1,	"[<sp> cell]" },
-
-	{ "LOCATE", LOCATE, STR1, 1,	"<sp> globexpr" },
-	{ "FIND", LOCATE, STR1, 1,	"<sp> globexpr" },
-
-	{ "URL",  URL,  ARGS, 1,	"?" },
-	
-	{ NULL,   0,    0,    0,	0 }
-};
-
-static struct tab *
-lookup(struct tab *p, char *cmd)
-{
-
-	for (; p->name != NULL; p++)
-		if (strcmp(cmd, p->name) == 0)
-			return (p);
-	return (0);
-}
-
-/*
- * ftpd_getline - a hacked up version of fgets to ignore TELNET escape codes.
- */
-char *
-ftpd_getline(char *s, int n)
-{
-	int c;
-	char *cs;
-
-	cs = s;
-
-	/* might still be data within the security MIC/CONF/ENC */
-	if(ftp_command){
-	    strlcpy(s, ftp_command, n);
-	    if (debug)
-		syslog(LOG_DEBUG, "command: %s", s);
-	    return s;
-	}
-	while ((c = getc(stdin)) != EOF) {
-		c &= 0377;
-		if (c == IAC) {
-		    if ((c = getc(stdin)) != EOF) {
-			c &= 0377;
-			switch (c) {
-			case WILL:
-			case WONT:
-				c = getc(stdin);
-				printf("%c%c%c", IAC, DONT, 0377&c);
-				fflush(stdout);
-				continue;
-			case DO:
-			case DONT:
-				c = getc(stdin);
-				printf("%c%c%c", IAC, WONT, 0377&c);
-				fflush(stdout);
-				continue;
-			case IAC:
-				break;
-			default:
-				continue;	/* ignore command */
-			}
-		    }
-		}
-		*cs++ = c;
-		if (--n <= 0 || c == '\n')
-			break;
-	}
-	if (c == EOF && cs == s)
-		return (NULL);
-	*cs++ = '\0';
-	if (debug) {
-		if (!guest && strncasecmp("pass ", s, 5) == 0) {
-			/* Don't syslog passwords */
-			syslog(LOG_DEBUG, "command: %.5s ???", s);
-		} else {
-			char *cp;
-			int len;
-
-			/* Don't syslog trailing CR-LF */
-			len = strlen(s);
-			cp = s + len - 1;
-			while (cp >= s && (*cp == '\n' || *cp == '\r')) {
-				--cp;
-				--len;
-			}
-			syslog(LOG_DEBUG, "command: %.*s", len, s);
-		}
-	}
-#ifdef XXX
-	fprintf(stderr, "%s\n", s);
-#endif
-	return (s);
-}
-
-static RETSIGTYPE
-toolong(int signo)
-{
-
-	reply(421,
-	    "Timeout (%d seconds): closing control connection.",
-	      ftpd_timeout);
-	if (logging)
-		syslog(LOG_INFO, "User %s timed out after %d seconds",
-		    (pw ? pw -> pw_name : "unknown"), ftpd_timeout);
-	dologout(1);
-	SIGRETURN(0);
-}
-
-static int
-yylex(void)
-{
-	static int cpos, state;
-	char *cp, *cp2;
-	struct tab *p;
-	int n;
-	char c;
-
-	for (;;) {
-		switch (state) {
-
-		case CMD:
-			hasyyerrored = 0;
-
-			signal(SIGALRM, toolong);
-			alarm((unsigned) ftpd_timeout);
-			if (ftpd_getline(cbuf, sizeof(cbuf)-1) == NULL) {
-				reply(221, "You could at least say goodbye.");
-				dologout(0);
-			}
-			alarm(0);
-#ifdef HAVE_SETPROCTITLE
-			if (strncasecmp(cbuf, "PASS", 4) != 0)
-				setproctitle("%s: %s", proctitle, cbuf);
-#endif /* HAVE_SETPROCTITLE */
-			if ((cp = strchr(cbuf, '\r'))) {
-				*cp++ = '\n';
-				*cp = '\0';
-			}
-			if ((cp = strpbrk(cbuf, " \n")))
-				cpos = cp - cbuf;
-			if (cpos == 0)
-				cpos = 4;
-			c = cbuf[cpos];
-			cbuf[cpos] = '\0';
-			strupr(cbuf);
-			p = lookup(cmdtab, cbuf);
-			cbuf[cpos] = c;
-			if (p != 0) {
-				if (p->implemented == 0) {
-					nack(p->name);
-					hasyyerrored = 1;
-					break;
-				}
-				state = p->state;
-				yylval.s = p->name;
-				return (p->token);
-			}
-			break;
-
-		case SITECMD:
-			if (cbuf[cpos] == ' ') {
-				cpos++;
-				return (SP);
-			}
-			cp = &cbuf[cpos];
-			if ((cp2 = strpbrk(cp, " \n")))
-				cpos = cp2 - cbuf;
-			c = cbuf[cpos];
-			cbuf[cpos] = '\0';
-			strupr(cp);
-			p = lookup(sitetab, cp);
-			cbuf[cpos] = c;
-			if (p != 0) {
-				if (p->implemented == 0) {
-					state = CMD;
-					nack(p->name);
-					hasyyerrored = 1;
-					break;
-				}
-				state = p->state;
-				yylval.s = p->name;
-				return (p->token);
-			}
-			state = CMD;
-			break;
-
-		case OSTR:
-			if (cbuf[cpos] == '\n') {
-				state = CMD;
-				return (CRLF);
-			}
-			/* FALLTHROUGH */
-
-		case STR1:
-		case ZSTR1:
-		dostr1:
-			if (cbuf[cpos] == ' ') {
-				cpos++;
-				if(state == OSTR)
-				    state = STR2;
-				else
-				    state++;
-				return (SP);
-			}
-			break;
-
-		case ZSTR2:
-			if (cbuf[cpos] == '\n') {
-				state = CMD;
-				return (CRLF);
-			}
-			/* FALLTHROUGH */
-
-		case STR2:
-			cp = &cbuf[cpos];
-			n = strlen(cp);
-			cpos += n - 1;
-			/*
-			 * Make sure the string is nonempty and \n terminated.
-			 */
-			if (n > 1 && cbuf[cpos] == '\n') {
-				cbuf[cpos] = '\0';
-				yylval.s = copy(cp);
-				cbuf[cpos] = '\n';
-				state = ARGS;
-				return (STRING);
-			}
-			break;
-
-		case NSTR:
-			if (cbuf[cpos] == ' ') {
-				cpos++;
-				return (SP);
-			}
-			if (isdigit((unsigned char)cbuf[cpos])) {
-				cp = &cbuf[cpos];
-				while (isdigit((unsigned char)cbuf[++cpos]))
-					;
-				c = cbuf[cpos];
-				cbuf[cpos] = '\0';
-				yylval.i = atoi(cp);
-				cbuf[cpos] = c;
-				state = STR1;
-				return (NUMBER);
-			}
-			state = STR1;
-			goto dostr1;
-
-		case ARGS:
-			if (isdigit((unsigned char)cbuf[cpos])) {
-				cp = &cbuf[cpos];
-				while (isdigit((unsigned char)cbuf[++cpos]))
-					;
-				c = cbuf[cpos];
-				cbuf[cpos] = '\0';
-				yylval.i = atoi(cp);
-				cbuf[cpos] = c;
-				return (NUMBER);
-			}
-			switch (cbuf[cpos++]) {
-
-			case '\n':
-				state = CMD;
-				return (CRLF);
-
-			case ' ':
-				return (SP);
-
-			case ',':
-				return (COMMA);
-
-			case 'A':
-			case 'a':
-				return (A);
-
-			case 'B':
-			case 'b':
-				return (B);
-
-			case 'C':
-			case 'c':
-				return (C);
-
-			case 'E':
-			case 'e':
-				return (E);
-
-			case 'F':
-			case 'f':
-				return (F);
-
-			case 'I':
-			case 'i':
-				return (I);
-
-			case 'L':
-			case 'l':
-				return (L);
-
-			case 'N':
-			case 'n':
-				return (N);
-
-			case 'P':
-			case 'p':
-				return (P);
-
-			case 'R':
-			case 'r':
-				return (R);
-
-			case 'S':
-			case 's':
-				return (S);
-
-			case 'T':
-			case 't':
-				return (T);
-
-			}
-			break;
-
-		default:
-			fatal("Unknown state in scanner.");
-		}
-		yyerror(NULL);
-		state = CMD;
-		return (0);
-	}
-}
-
-/* ARGSUSED */
-void
-yyerror(char *s)
-{
-	char *cp;
-
-	if (hasyyerrored)
-	    return;
-
-	if ((cp = strchr(cbuf,'\n')))
-		*cp = '\0';
-	reply(500, "'%s': command not understood.", cbuf);
-	hasyyerrored = 1;
-}
-
-static char *
-copy(char *s)
-{
-	char *p;
-
-	p = strdup(s);
-	if (p == NULL)
-		fatal("Ran out of memory.");
-	return p;
-}
-
-static void
-help(struct tab *ctab, char *s)
-{
-	struct tab *c;
-	int width, NCMDS;
-	char *t;
-	char buf[1024];
-
-	if (ctab == sitetab)
-		t = "SITE ";
-	else
-		t = "";
-	width = 0, NCMDS = 0;
-	for (c = ctab; c->name != NULL; c++) {
-		int len = strlen(c->name);
-
-		if (len > width)
-			width = len;
-		NCMDS++;
-	}
-	width = (width + 8) &~ 7;
-	if (s == 0) {
-		int i, j, w;
-		int columns, lines;
-
-		lreply(214, "The following %scommands are recognized %s.",
-		    t, "(* =>'s unimplemented)");
-		columns = 76 / width;
-		if (columns == 0)
-			columns = 1;
-		lines = (NCMDS + columns - 1) / columns;
-		for (i = 0; i < lines; i++) {
-		    strlcpy (buf, "   ", sizeof(buf));
-		    for (j = 0; j < columns; j++) {
-			c = ctab + j * lines + i;
-			snprintf (buf + strlen(buf),
-				  sizeof(buf) - strlen(buf),
-				  "%s%c",
-				  c->name,
-				  c->implemented ? ' ' : '*');
-			if (c + lines >= &ctab[NCMDS])
-			    break;
-			w = strlen(c->name) + 1;
-			while (w < width) {
-			    strlcat (buf,
-					     " ",
-					     sizeof(buf));
-			    w++;
-			}
-		    }
-		    lreply(214, "%s", buf);
-		}
-		reply(214, "Direct comments to kth-krb-bugs@pdc.kth.se");
-		return;
-	}
-	strupr(s);
-	c = lookup(ctab, s);
-	if (c == (struct tab *)0) {
-		reply(502, "Unknown command %s.", s);
-		return;
-	}
-	if (c->implemented)
-		reply(214, "Syntax: %s%s %s", t, c->name, c->help);
-	else
-		reply(214, "%s%-*s\t%s; unimplemented.", t, width,
-		    c->name, c->help);
-}
-
-static void
-sizecmd(char *filename)
-{
-	switch (type) {
-	case TYPE_L:
-	case TYPE_I: {
-		struct stat stbuf;
-		if (stat(filename, &stbuf) < 0 || !S_ISREG(stbuf.st_mode))
-			reply(550, "%s: not a plain file.", filename);
-		else
-			reply(213, "%lu", (unsigned long)stbuf.st_size);
-		break;
-	}
-	case TYPE_A: {
-		FILE *fin;
-		int c;
-		size_t count;
-		struct stat stbuf;
-		fin = fopen(filename, "r");
-		if (fin == NULL) {
-			perror_reply(550, filename);
-			return;
-		}
-		if (fstat(fileno(fin), &stbuf) < 0 || !S_ISREG(stbuf.st_mode)) {
-			reply(550, "%s: not a plain file.", filename);
-			fclose(fin);
-			return;
-		}
-
-		count = 0;
-		while((c=getc(fin)) != EOF) {
-			if (c == '\n')	/* will get expanded to \r\n */
-				count++;
-			count++;
-		}
-		fclose(fin);
-
-		reply(213, "%lu", (unsigned long)count);
-		break;
-	}
-	default:
-		reply(504, "SIZE not implemented for Type %c.", "?AEIL"[type]);
-	}
-}
-
diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpcmd.y b/crypto/heimdal/appl/ftp/ftpd/ftpcmd.y
deleted file mode 100644
index 963a6a0f4590..000000000000
--- a/crypto/heimdal/appl/ftp/ftpd/ftpcmd.y
+++ /dev/null
@@ -1,1496 +0,0 @@
-/*	$NetBSD: ftpcmd.y,v 1.6 1995/06/03 22:46:45 mycroft Exp $	*/
-
-/*
- * Copyright (c) 1985, 1988, 1993, 1994
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)ftpcmd.y	8.3 (Berkeley) 4/6/94
- */
-
-/*
- * Grammar for FTP commands.
- * See RFC 959.
- */
-
-%{
-
-#include "ftpd_locl.h"
-RCSID("$Id: ftpcmd.y 15677 2005-07-19 18:33:08Z lha $");
-
-off_t	restart_point;
-
-static	int hasyyerrored;
-
-
-static	int cmd_type;
-static	int cmd_form;
-static	int cmd_bytesz;
-char	cbuf[64*1024];
-char	*fromname;
-
-struct tab {
-	char	*name;
-	short	token;
-	short	state;
-	short	implemented;	/* 1 if command is implemented */
-	char	*help;
-};
-
-extern struct tab cmdtab[];
-extern struct tab sitetab[];
-
-static char		*copy (char *);
-static void		 help (struct tab *, char *);
-static struct tab *
-			 lookup (struct tab *, char *);
-static void		 sizecmd (char *);
-static RETSIGTYPE	 toolong (int);
-static int		 yylex (void);
-
-/* This is for bison */
-
-#if !defined(alloca) && !defined(HAVE_ALLOCA)
-#define alloca(x) malloc(x)
-#endif
-
-%}
-
-%union {
-	int	i;
-	char   *s;
-}
-
-%token
-	A	B	C	E	F	I
-	L	N	P	R	S	T
-
-	SP	CRLF	COMMA
-
-	USER	PASS	ACCT	REIN	QUIT	PORT
-	PASV	TYPE	STRU	MODE	RETR	STOR
-	APPE	MLFL	MAIL	MSND	MSOM	MSAM
-	MRSQ	MRCP	ALLO	REST	RNFR	RNTO
-	ABOR	DELE	CWD	LIST	NLST	SITE
-	sTAT	HELP	NOOP	MKD	RMD	PWD
-	CDUP	STOU	SMNT	SYST	SIZE	MDTM
-	EPRT	EPSV
-
-	UMASK	IDLE	CHMOD
-
-	AUTH	ADAT	PROT	PBSZ	CCC	MIC
-	CONF	ENC
-
-	KAUTH	KLIST	KDESTROY KRBTKFILE AFSLOG
-	LOCATE	URL
-
-	FEAT	OPTS
-
-	LEXERR
-
-%token	<s> STRING
-%token	<i> NUMBER
-
-%type	<i> check_login check_login_no_guest check_secure octal_number byte_size
-%type	<i> struct_code mode_code type_code form_code
-%type	<s> pathstring pathname password username
-
-%start	cmd_list
-
-%%
-
-cmd_list
-	: /* empty */
-	| cmd_list cmd
-		{
-			fromname = (char *) 0;
-			restart_point = (off_t) 0;
-		}
-	| cmd_list rcmd
-	;
-
-cmd
-	: USER SP username CRLF check_secure
-		{
-		    if ($5)
-			user($3);
-		    free($3);
-		}
-	| PASS SP password CRLF check_secure
-		{
-		    if ($5)
-			pass($3);
-		    memset ($3, 0, strlen($3));
-		    free($3);
-		}
-	| PORT SP host_port CRLF check_secure
-		{
-		    if ($5) {
-			usedefault = 0;
-			if (pdata >= 0) {
-				close(pdata);
-				pdata = -1;
-			}
-			reply(200, "PORT command successful.");
-		    }
-		}
-	| EPRT SP STRING CRLF check_secure
-		{
-		    if ($5)
-			eprt ($3);
-		    free ($3);
-		}
-	| PASV CRLF check_login
-		{
-		    if($3)
-			pasv ();
-		}
-	| EPSV CRLF check_login
-		{
-		    if($3)
-			epsv (NULL);
-		}
-	| EPSV SP STRING CRLF check_login
-		{
-		    if($5)
-			epsv ($3);
-		    free ($3);
-		}
-	| TYPE SP type_code CRLF check_secure
-		{
-		    if ($5) {
-			switch (cmd_type) {
-
-			case TYPE_A:
-				if (cmd_form == FORM_N) {
-					reply(200, "Type set to A.");
-					type = cmd_type;
-					form = cmd_form;
-				} else
-					reply(504, "Form must be N.");
-				break;
-
-			case TYPE_E:
-				reply(504, "Type E not implemented.");
-				break;
-
-			case TYPE_I:
-				reply(200, "Type set to I.");
-				type = cmd_type;
-				break;
-
-			case TYPE_L:
-#if NBBY == 8
-				if (cmd_bytesz == 8) {
-					reply(200,
-					    "Type set to L (byte size 8).");
-					type = cmd_type;
-				} else
-					reply(504, "Byte size must be 8.");
-#else /* NBBY == 8 */
-				UNIMPLEMENTED for NBBY != 8
-#endif /* NBBY == 8 */
-			}
-		    }
-		}
-	| STRU SP struct_code CRLF check_secure
-		{
-		    if ($5) {
-			switch ($3) {
-
-			case STRU_F:
-				reply(200, "STRU F ok.");
-				break;
-
-			default:
-				reply(504, "Unimplemented STRU type.");
-			}
-		    }
-		}
-	| MODE SP mode_code CRLF check_secure
-		{
-		    if ($5) {
-			switch ($3) {
-
-			case MODE_S:
-				reply(200, "MODE S ok.");
-				break;
-
-			default:
-				reply(502, "Unimplemented MODE type.");
-			}
-		    }
-		}
-	| ALLO SP NUMBER CRLF check_secure
-		{
-		    if ($5) {
-			reply(202, "ALLO command ignored.");
-		    }
-		}
-	| ALLO SP NUMBER SP R SP NUMBER CRLF check_secure
-		{
-		    if ($9) {
-			reply(202, "ALLO command ignored.");
-		    }
-		}
-	| RETR SP pathname CRLF check_login
-		{
-			char *name = $3;
-
-			if ($5 && name != NULL)
-				retrieve(0, name);
-			if (name != NULL)
-				free(name);
-		}
-	| STOR SP pathname CRLF check_login
-		{
-			char *name = $3;
-
-			if ($5 && name != NULL)
-				do_store(name, "w", 0);
-			if (name != NULL)
-				free(name);
-		}
-	| APPE SP pathname CRLF check_login
-		{
-			char *name = $3;
-
-			if ($5 && name != NULL)
-				do_store(name, "a", 0);
-			if (name != NULL)
-				free(name);
-		}
-	| NLST CRLF check_login
-		{
-			if ($3)
-				send_file_list(".");
-		}
-	| NLST SP STRING CRLF check_login
-		{
-			char *name = $3;
-
-			if ($5 && name != NULL)
-				send_file_list(name);
-			if (name != NULL)
-				free(name);
-		}
-	| LIST CRLF check_login
-		{
-		    if($3)
-			list_file(".");
-		}
-	| LIST SP pathname CRLF check_login
-		{
-		    if($5)
-			list_file($3);
-		    free($3);
-		}
-	| sTAT SP pathname CRLF check_login
-		{
-			if ($5 && $3 != NULL)
-				statfilecmd($3);
-			if ($3 != NULL)
-				free($3);
-		}
-	| sTAT CRLF check_secure
-		{
-		    if ($3)
-			statcmd();
-		}
-	| DELE SP pathname CRLF check_login_no_guest
-		{
-			if ($5 && $3 != NULL)
-				do_delete($3);
-			if ($3 != NULL)
-				free($3);
-		}
-	| RNTO SP pathname CRLF check_login_no_guest
-		{
-			if($5){
-				if (fromname) {
-					renamecmd(fromname, $3);
-					free(fromname);
-					fromname = (char *) 0;
-				} else {
-					reply(503, "Bad sequence of commands.");
-				}
-			}
-			if ($3 != NULL)
-				free($3);
-		}
-	| ABOR CRLF check_secure
-		{
-		    if ($3)
-			reply(225, "ABOR command successful.");
-		}
-	| CWD CRLF check_login
-		{
-			if ($3)
-				cwd(pw->pw_dir);
-		}
-	| CWD SP pathname CRLF check_login
-		{
-			if ($5 && $3 != NULL)
-				cwd($3);
-			if ($3 != NULL)
-				free($3);
-		}
-	| HELP CRLF check_secure
-		{
-		    if ($3)
-			help(cmdtab, (char *) 0);
-		}
-	| HELP SP STRING CRLF check_secure
-		{
-		    if ($5) {
-			char *cp = $3;
-
-			if (strncasecmp(cp, "SITE", 4) == 0) {
-				cp = $3 + 4;
-				if (*cp == ' ')
-					cp++;
-				if (*cp)
-					help(sitetab, cp);
-				else
-					help(sitetab, (char *) 0);
-			} else
-				help(cmdtab, $3);
-		    }
-		}
-	| NOOP CRLF check_secure
-		{
-		    if ($3)
-			reply(200, "NOOP command successful.");
-		}
-	| MKD SP pathname CRLF check_login
-		{
-			if ($5 && $3 != NULL)
-				makedir($3);
-			if ($3 != NULL)
-				free($3);
-		}
-	| RMD SP pathname CRLF check_login_no_guest
-		{
-			if ($5 && $3 != NULL)
-				removedir($3);
-			if ($3 != NULL)
-				free($3);
-		}
-	| PWD CRLF check_login
-		{
-			if ($3)
-				pwd();
-		}
-	| CDUP CRLF check_login
-		{
-			if ($3)
-				cwd("..");
-		}
-	| FEAT CRLF check_secure
-		{
-		    if ($3) {
-			lreply(211, "Supported features:");
-			lreply(0, " MDTM");
-			lreply(0, " REST STREAM");
-			lreply(0, " SIZE");
-			reply(211, "End");
-		    }
-		}
-	| OPTS SP STRING CRLF check_secure
-		{
-		    if ($5)
-			reply(501, "Bad options");
-		    free ($3);
-		}
-
-	| SITE SP HELP CRLF check_secure
-		{
-		    if ($5)
-			help(sitetab, (char *) 0);
-		}
-	| SITE SP HELP SP STRING CRLF check_secure
-		{
-		    if ($7)
-			help(sitetab, $5);
-		}
-	| SITE SP UMASK CRLF check_login
-		{
-			if ($5) {
-				int oldmask = umask(0);
-				umask(oldmask);
-				reply(200, "Current UMASK is %03o", oldmask);
-			}
-		}
-	| SITE SP UMASK SP octal_number CRLF check_login_no_guest
-		{
-			if ($7) {
-				if (($5 == -1) || ($5 > 0777)) {
-					reply(501, "Bad UMASK value");
-				} else {
-					int oldmask = umask($5);
-					reply(200,
-					      "UMASK set to %03o (was %03o)",
-					      $5, oldmask);
-				}
-			}
-		}
-	| SITE SP CHMOD SP octal_number SP pathname CRLF check_login_no_guest
-		{
-			if ($9 && $7 != NULL) {
-				if ($5 > 0777)
-					reply(501,
-				"CHMOD: Mode value must be between 0 and 0777");
-				else if (chmod($7, $5) < 0)
-					perror_reply(550, $7);
-				else
-					reply(200, "CHMOD command successful.");
-			}
-			if ($7 != NULL)
-				free($7);
-		}
-	| SITE SP IDLE CRLF check_secure
-		{
-		    if ($5)
-			reply(200,
-			    "Current IDLE time limit is %d seconds; max %d",
-				ftpd_timeout, maxtimeout);
-		}
-	| SITE SP IDLE SP NUMBER CRLF check_secure
-		{
-		    if ($7) {
-			if ($5 < 30 || $5 > maxtimeout) {
-				reply(501,
-			"Maximum IDLE time must be between 30 and %d seconds",
-				    maxtimeout);
-			} else {
-				ftpd_timeout = $5;
-				alarm((unsigned) ftpd_timeout);
-				reply(200,
-				    "Maximum IDLE time set to %d seconds",
-				    ftpd_timeout);
-			}
-		    }
-		}
-
-	| SITE SP KAUTH SP STRING CRLF check_login
-		{
-#ifdef KRB4
-			char *p;
-			
-			if(guest)
-				reply(500, "Can't be done as guest.");
-			else{
-				if($7 && $5 != NULL){
-				    p = strpbrk($5, " \t");
-				    if(p){
-					*p++ = 0;
-					kauth($5, p + strspn(p, " \t"));
-				    }else
-					kauth($5, NULL);
-				}
-			}
-			if($5 != NULL)
-			    free($5);
-#else
-			reply(500, "Command not implemented.");
-#endif
-		}
-	| SITE SP KLIST CRLF check_login
-		{
-		    if($5)
-			klist();
-		}
-	| SITE SP KDESTROY CRLF check_login
-		{
-#ifdef KRB4
-		    if($5)
-			kdestroy();
-#else
-		    reply(500, "Command not implemented.");
-#endif
-		}
-	| SITE SP KRBTKFILE SP STRING CRLF check_login
-		{
-#ifdef KRB4
-		    if(guest)
-			reply(500, "Can't be done as guest.");
-		    else if($7 && $5)
-			krbtkfile($5);
-		    if($5)
-			free($5);
-#else
-		    reply(500, "Command not implemented.");
-#endif
-		}
-	| SITE SP AFSLOG CRLF check_login
-		{
-#if defined(KRB4) || defined(KRB5)
-		    if(guest)
-			reply(500, "Can't be done as guest.");
-		    else if($5)
-			afslog(NULL, 0);
-#else
-		    reply(500, "Command not implemented.");
-#endif
-		}
-	| SITE SP AFSLOG SP STRING CRLF check_login
-		{
-#if defined(KRB4) || defined(KRB5)
-		    if(guest)
-			reply(500, "Can't be done as guest.");
-		    else if($7)
-			afslog($5, 0);
-		    if($5)
-			free($5);
-#else
-		    reply(500, "Command not implemented.");
-#endif
-		}
-	| SITE SP LOCATE SP STRING CRLF check_login
-		{
-		    if($7 && $5 != NULL)
-			find($5);
-		    if($5 != NULL)
-			free($5);
-		}
-	| SITE SP URL CRLF check_secure
-		{
-		    if ($5)
-			reply(200, "http://www.pdc.kth.se/heimdal/");
-		}
-	| STOU SP pathname CRLF check_login
-		{
-			if ($5 && $3 != NULL)
-				do_store($3, "w", 1);
-			if ($3 != NULL)
-				free($3);
-		}
-	| SYST CRLF check_secure
-		{
-		    if ($3) {
-#if !defined(WIN32) && !defined(__EMX__) && !defined(__OS2__) && !defined(__CYGWIN32__)
-			reply(215, "UNIX Type: L%d", NBBY);
-#else
-			reply(215, "UNKNOWN Type: L%d", NBBY);
-#endif
-		    }
-		}
-
-		/*
-		 * SIZE is not in RFC959, but Postel has blessed it and
-		 * it will be in the updated RFC.
-		 *
-		 * Return size of file in a format suitable for
-		 * using with RESTART (we just count bytes).
-		 */
-	| SIZE SP pathname CRLF check_login
-		{
-			if ($5 && $3 != NULL)
-				sizecmd($3);
-			if ($3 != NULL)
-				free($3);
-		}
-
-		/*
-		 * MDTM is not in RFC959, but Postel has blessed it and
-		 * it will be in the updated RFC.
-		 *
-		 * Return modification time of file as an ISO 3307
-		 * style time. E.g. YYYYMMDDHHMMSS or YYYYMMDDHHMMSS.xxx
-		 * where xxx is the fractional second (of any precision,
-		 * not necessarily 3 digits)
-		 */
-	| MDTM SP pathname CRLF check_login
-		{
-			if ($5 && $3 != NULL) {
-				struct stat stbuf;
-				if (stat($3, &stbuf) < 0)
-					reply(550, "%s: %s",
-					    $3, strerror(errno));
-				else if (!S_ISREG(stbuf.st_mode)) {
-					reply(550,
-					      "%s: not a plain file.", $3);
-				} else {
-					struct tm *t;
-					time_t mtime = stbuf.st_mtime;
-
-					t = gmtime(&mtime);
-					reply(213,
-					      "%04d%02d%02d%02d%02d%02d",
-					      t->tm_year + 1900,
-					      t->tm_mon + 1,
-					      t->tm_mday,
-					      t->tm_hour,
-					      t->tm_min,
-					      t->tm_sec);
-				}
-			}
-			if ($3 != NULL)
-				free($3);
-		}
-	| QUIT CRLF check_secure
-		{
-		    if ($3) {
-			reply(221, "Goodbye.");
-			dologout(0);
-		    }
-		}
-	| error CRLF
-		{
-			yyerrok;
-		}
-	;
-rcmd
-	: RNFR SP pathname CRLF check_login_no_guest
-		{
-			restart_point = (off_t) 0;
-			if ($5 && $3) {
-				fromname = renamefrom($3);
-				if (fromname == (char *) 0 && $3) {
-					free($3);
-				}
-			}
-		}
-	| REST SP byte_size CRLF check_secure
-		{
-		    if ($5) {
-			fromname = (char *) 0;
-			restart_point = $3;	/* XXX $3 is only "int" */
-			reply(350, "Restarting at %ld. %s",
-			      (long)restart_point,
-			      "Send STORE or RETRIEVE to initiate transfer.");
-		    }
-		}
-	| AUTH SP STRING CRLF
-		{
-			auth($3);
-			free($3);
-		}
-	| ADAT SP STRING CRLF
-		{
-			adat($3);
-			free($3);
-		}
-	| PBSZ SP NUMBER CRLF check_secure
-		{
-		    if ($5)
-			pbsz($3);
-		}
-	| PROT SP STRING CRLF check_secure
-		{
-		    if ($5)
-			prot($3);
-		}
-	| CCC CRLF check_secure
-		{
-		    if ($3)
-			ccc();
-		}
-	| MIC SP STRING CRLF
-		{
-			mec($3, prot_safe);
-			free($3);
-		}
-	| CONF SP STRING CRLF
-		{
-			mec($3, prot_confidential);
-			free($3);
-		}
-	| ENC SP STRING CRLF
-		{
-			mec($3, prot_private);
-			free($3);
-		}
-	;
-
-username
-	: STRING
-	;
-
-password
-	: /* empty */
-		{
-			$$ = (char *)calloc(1, sizeof(char));
-		}
-	| STRING
-	;
-
-byte_size
-	: NUMBER
-	;
-
-host_port
-	: NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA
-		NUMBER COMMA NUMBER
-		{
-			struct sockaddr_in *sin4 = (struct sockaddr_in *)data_dest;
-
-			sin4->sin_family = AF_INET;
-			sin4->sin_port = htons($9 * 256 + $11);
-			sin4->sin_addr.s_addr = 
-			    htonl(($1 << 24) | ($3 << 16) | ($5 << 8) | $7);
-		}
-	;
-
-form_code
-	: N
-		{
-			$$ = FORM_N;
-		}
-	| T
-		{
-			$$ = FORM_T;
-		}
-	| C
-		{
-			$$ = FORM_C;
-		}
-	;
-
-type_code
-	: A
-		{
-			cmd_type = TYPE_A;
-			cmd_form = FORM_N;
-		}
-	| A SP form_code
-		{
-			cmd_type = TYPE_A;
-			cmd_form = $3;
-		}
-	| E
-		{
-			cmd_type = TYPE_E;
-			cmd_form = FORM_N;
-		}
-	| E SP form_code
-		{
-			cmd_type = TYPE_E;
-			cmd_form = $3;
-		}
-	| I
-		{
-			cmd_type = TYPE_I;
-		}
-	| L
-		{
-			cmd_type = TYPE_L;
-			cmd_bytesz = NBBY;
-		}
-	| L SP byte_size
-		{
-			cmd_type = TYPE_L;
-			cmd_bytesz = $3;
-		}
-		/* this is for a bug in the BBN ftp */
-	| L byte_size
-		{
-			cmd_type = TYPE_L;
-			cmd_bytesz = $2;
-		}
-	;
-
-struct_code
-	: F
-		{
-			$$ = STRU_F;
-		}
-	| R
-		{
-			$$ = STRU_R;
-		}
-	| P
-		{
-			$$ = STRU_P;
-		}
-	;
-
-mode_code
-	: S
-		{
-			$$ = MODE_S;
-		}
-	| B
-		{
-			$$ = MODE_B;
-		}
-	| C
-		{
-			$$ = MODE_C;
-		}
-	;
-
-pathname
-	: pathstring
-		{
-			/*
-			 * Problem: this production is used for all pathname
-			 * processing, but only gives a 550 error reply.
-			 * This is a valid reply in some cases but not in others.
-			 */
-			if (logged_in && $1 && *$1 == '~') {
-				glob_t gl;
-				int flags =
-				 GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
-
-				memset(&gl, 0, sizeof(gl));
-				if (glob($1, flags, NULL, &gl) ||
-				    gl.gl_pathc == 0) {
-					reply(550, "not found");
-					$$ = NULL;
-				} else {
-					$$ = strdup(gl.gl_pathv[0]);
-				}
-				globfree(&gl);
-				free($1);
-			} else
-				$$ = $1;
-		}
-	;
-
-pathstring
-	: STRING
-	;
-
-octal_number
-	: NUMBER
-		{
-			int ret, dec, multby, digit;
-
-			/*
-			 * Convert a number that was read as decimal number
-			 * to what it would be if it had been read as octal.
-			 */
-			dec = $1;
-			multby = 1;
-			ret = 0;
-			while (dec) {
-				digit = dec%10;
-				if (digit > 7) {
-					ret = -1;
-					break;
-				}
-				ret += digit * multby;
-				multby *= 8;
-				dec /= 10;
-			}
-			$$ = ret;
-		}
-	;
-
-
-check_login_no_guest : check_login
-		{
-			$$ = $1 && !guest;
-			if($1 && !$$)
-				reply(550, "Permission denied");
-		}
-	;
-
-check_login : check_secure
-		{
-		    if($1) {
-			if(($$ = logged_in) == 0)
-			    reply(530, "Please login with USER and PASS.");
-		    } else
-			$$ = 0;
-		}
-	;
-
-check_secure : /* empty */
-		{
-		    $$ = 1;
-		    if(sec_complete && !ccc_passed && !secure_command()) {
-			$$ = 0;
-			reply(533, "Command protection level denied "
-			      "for paranoid reasons.");
-		    }
-		}
-	;
-
-%%
-
-#define	CMD	0	/* beginning of command */
-#define	ARGS	1	/* expect miscellaneous arguments */
-#define	STR1	2	/* expect SP followed by STRING */
-#define	STR2	3	/* expect STRING */
-#define	OSTR	4	/* optional SP then STRING */
-#define	ZSTR1	5	/* SP then optional STRING */
-#define	ZSTR2	6	/* optional STRING after SP */
-#define	SITECMD	7	/* SITE command */
-#define	NSTR	8	/* Number followed by a string */
-
-struct tab cmdtab[] = {		/* In order defined in RFC 765 */
-	{ "USER", USER, STR1, 1,	"<sp> username" },
-	{ "PASS", PASS, ZSTR1, 1,	"<sp> password" },
-	{ "ACCT", ACCT, STR1, 0,	"(specify account)" },
-	{ "SMNT", SMNT, ARGS, 0,	"(structure mount)" },
-	{ "REIN", REIN, ARGS, 0,	"(reinitialize server state)" },
-	{ "QUIT", QUIT, ARGS, 1,	"(terminate service)", },
-	{ "PORT", PORT, ARGS, 1,	"<sp> b0, b1, b2, b3, b4" },
-	{ "EPRT", EPRT, STR1, 1,	"<sp> string" },
-	{ "PASV", PASV, ARGS, 1,	"(set server in passive mode)" },
-	{ "EPSV", EPSV, OSTR, 1,	"[<sp> foo]" },
-	{ "TYPE", TYPE, ARGS, 1,	"<sp> [ A | E | I | L ]" },
-	{ "STRU", STRU, ARGS, 1,	"(specify file structure)" },
-	{ "MODE", MODE, ARGS, 1,	"(specify transfer mode)" },
-	{ "RETR", RETR, STR1, 1,	"<sp> file-name" },
-	{ "STOR", STOR, STR1, 1,	"<sp> file-name" },
-	{ "APPE", APPE, STR1, 1,	"<sp> file-name" },
-	{ "MLFL", MLFL, OSTR, 0,	"(mail file)" },
-	{ "MAIL", MAIL, OSTR, 0,	"(mail to user)" },
-	{ "MSND", MSND, OSTR, 0,	"(mail send to terminal)" },
-	{ "MSOM", MSOM, OSTR, 0,	"(mail send to terminal or mailbox)" },
-	{ "MSAM", MSAM, OSTR, 0,	"(mail send to terminal and mailbox)" },
-	{ "MRSQ", MRSQ, OSTR, 0,	"(mail recipient scheme question)" },
-	{ "MRCP", MRCP, STR1, 0,	"(mail recipient)" },
-	{ "ALLO", ALLO, ARGS, 1,	"allocate storage (vacuously)" },
-	{ "REST", REST, ARGS, 1,	"<sp> offset (restart command)" },
-	{ "RNFR", RNFR, STR1, 1,	"<sp> file-name" },
-	{ "RNTO", RNTO, STR1, 1,	"<sp> file-name" },
-	{ "ABOR", ABOR, ARGS, 1,	"(abort operation)" },
-	{ "DELE", DELE, STR1, 1,	"<sp> file-name" },
-	{ "CWD",  CWD,  OSTR, 1,	"[ <sp> directory-name ]" },
-	{ "XCWD", CWD,	OSTR, 1,	"[ <sp> directory-name ]" },
-	{ "LIST", LIST, OSTR, 1,	"[ <sp> path-name ]" },
-	{ "NLST", NLST, OSTR, 1,	"[ <sp> path-name ]" },
-	{ "SITE", SITE, SITECMD, 1,	"site-cmd [ <sp> arguments ]" },
-	{ "SYST", SYST, ARGS, 1,	"(get type of operating system)" },
-	{ "STAT", sTAT, OSTR, 1,	"[ <sp> path-name ]" },
-	{ "HELP", HELP, OSTR, 1,	"[ <sp> <string> ]" },
-	{ "NOOP", NOOP, ARGS, 1,	"" },
-	{ "MKD",  MKD,  STR1, 1,	"<sp> path-name" },
-	{ "XMKD", MKD,  STR1, 1,	"<sp> path-name" },
-	{ "RMD",  RMD,  STR1, 1,	"<sp> path-name" },
-	{ "XRMD", RMD,  STR1, 1,	"<sp> path-name" },
-	{ "PWD",  PWD,  ARGS, 1,	"(return current directory)" },
-	{ "XPWD", PWD,  ARGS, 1,	"(return current directory)" },
-	{ "CDUP", CDUP, ARGS, 1,	"(change to parent directory)" },
-	{ "XCUP", CDUP, ARGS, 1,	"(change to parent directory)" },
-	{ "STOU", STOU, STR1, 1,	"<sp> file-name" },
-	{ "SIZE", SIZE, OSTR, 1,	"<sp> path-name" },
-	{ "MDTM", MDTM, OSTR, 1,	"<sp> path-name" },
-
-	/* extensions from RFC2228 */
-	{ "AUTH", AUTH,	STR1, 1,	"<sp> auth-type" },
-	{ "ADAT", ADAT,	STR1, 1,	"<sp> auth-data" },
-	{ "PBSZ", PBSZ,	ARGS, 1,	"<sp> buffer-size" },
-	{ "PROT", PROT,	STR1, 1,	"<sp> prot-level" },
-	{ "CCC",  CCC,	ARGS, 1,	"" },
-	{ "MIC",  MIC,	STR1, 1,	"<sp> integrity command" },
-	{ "CONF", CONF,	STR1, 1,	"<sp> confidentiality command" },
-	{ "ENC",  ENC,	STR1, 1,	"<sp> privacy command" },
-
-	/* RFC2389 */
-	{ "FEAT", FEAT, ARGS, 1,	"" },
-	{ "OPTS", OPTS, ARGS, 1,	"<sp> command [<sp> options]" },
-
-	{ NULL,   0,    0,    0,	0 }
-};
-
-struct tab sitetab[] = {
-	{ "UMASK", UMASK, ARGS, 1,	"[ <sp> umask ]" },
-	{ "IDLE", IDLE, ARGS, 1,	"[ <sp> maximum-idle-time ]" },
-	{ "CHMOD", CHMOD, NSTR, 1,	"<sp> mode <sp> file-name" },
-	{ "HELP", HELP, OSTR, 1,	"[ <sp> <string> ]" },
-
-	{ "KAUTH", KAUTH, STR1, 1,	"<sp> principal [ <sp> ticket ]" },
-	{ "KLIST", KLIST, ARGS, 1,	"(show ticket file)" },
-	{ "KDESTROY", KDESTROY, ARGS, 1, "(destroy tickets)" },
-	{ "KRBTKFILE", KRBTKFILE, STR1, 1, "<sp> ticket-file" },
-	{ "AFSLOG", AFSLOG, OSTR, 1,	"[<sp> cell]" },
-
-	{ "LOCATE", LOCATE, STR1, 1,	"<sp> globexpr" },
-	{ "FIND", LOCATE, STR1, 1,	"<sp> globexpr" },
-
-	{ "URL",  URL,  ARGS, 1,	"?" },
-	
-	{ NULL,   0,    0,    0,	0 }
-};
-
-static struct tab *
-lookup(struct tab *p, char *cmd)
-{
-
-	for (; p->name != NULL; p++)
-		if (strcmp(cmd, p->name) == 0)
-			return (p);
-	return (0);
-}
-
-/*
- * ftpd_getline - a hacked up version of fgets to ignore TELNET escape codes.
- */
-char *
-ftpd_getline(char *s, int n)
-{
-	int c;
-	char *cs;
-
-	cs = s;
-
-	/* might still be data within the security MIC/CONF/ENC */
-	if(ftp_command){
-	    strlcpy(s, ftp_command, n);
-	    if (debug)
-		syslog(LOG_DEBUG, "command: %s", s);
-	    return s;
-	}
-	while ((c = getc(stdin)) != EOF) {
-		c &= 0377;
-		if (c == IAC) {
-		    if ((c = getc(stdin)) != EOF) {
-			c &= 0377;
-			switch (c) {
-			case WILL:
-			case WONT:
-				c = getc(stdin);
-				printf("%c%c%c", IAC, DONT, 0377&c);
-				fflush(stdout);
-				continue;
-			case DO:
-			case DONT:
-				c = getc(stdin);
-				printf("%c%c%c", IAC, WONT, 0377&c);
-				fflush(stdout);
-				continue;
-			case IAC:
-				break;
-			default:
-				continue;	/* ignore command */
-			}
-		    }
-		}
-		*cs++ = c;
-		if (--n <= 0 || c == '\n')
-			break;
-	}
-	if (c == EOF && cs == s)
-		return (NULL);
-	*cs++ = '\0';
-	if (debug) {
-		if (!guest && strncasecmp("pass ", s, 5) == 0) {
-			/* Don't syslog passwords */
-			syslog(LOG_DEBUG, "command: %.5s ???", s);
-		} else {
-			char *cp;
-			int len;
-
-			/* Don't syslog trailing CR-LF */
-			len = strlen(s);
-			cp = s + len - 1;
-			while (cp >= s && (*cp == '\n' || *cp == '\r')) {
-				--cp;
-				--len;
-			}
-			syslog(LOG_DEBUG, "command: %.*s", len, s);
-		}
-	}
-#ifdef XXX
-	fprintf(stderr, "%s\n", s);
-#endif
-	return (s);
-}
-
-static RETSIGTYPE
-toolong(int signo)
-{
-
-	reply(421,
-	    "Timeout (%d seconds): closing control connection.",
-	      ftpd_timeout);
-	if (logging)
-		syslog(LOG_INFO, "User %s timed out after %d seconds",
-		    (pw ? pw -> pw_name : "unknown"), ftpd_timeout);
-	dologout(1);
-	SIGRETURN(0);
-}
-
-static int
-yylex(void)
-{
-	static int cpos, state;
-	char *cp, *cp2;
-	struct tab *p;
-	int n;
-	char c;
-
-	for (;;) {
-		switch (state) {
-
-		case CMD:
-			hasyyerrored = 0;
-
-			signal(SIGALRM, toolong);
-			alarm((unsigned) ftpd_timeout);
-			if (ftpd_getline(cbuf, sizeof(cbuf)-1) == NULL) {
-				reply(221, "You could at least say goodbye.");
-				dologout(0);
-			}
-			alarm(0);
-#ifdef HAVE_SETPROCTITLE
-			if (strncasecmp(cbuf, "PASS", 4) != 0)
-				setproctitle("%s: %s", proctitle, cbuf);
-#endif /* HAVE_SETPROCTITLE */
-			if ((cp = strchr(cbuf, '\r'))) {
-				*cp++ = '\n';
-				*cp = '\0';
-			}
-			if ((cp = strpbrk(cbuf, " \n")))
-				cpos = cp - cbuf;
-			if (cpos == 0)
-				cpos = 4;
-			c = cbuf[cpos];
-			cbuf[cpos] = '\0';
-			strupr(cbuf);
-			p = lookup(cmdtab, cbuf);
-			cbuf[cpos] = c;
-			if (p != 0) {
-				if (p->implemented == 0) {
-					nack(p->name);
-					hasyyerrored = 1;
-					break;
-				}
-				state = p->state;
-				yylval.s = p->name;
-				return (p->token);
-			}
-			break;
-
-		case SITECMD:
-			if (cbuf[cpos] == ' ') {
-				cpos++;
-				return (SP);
-			}
-			cp = &cbuf[cpos];
-			if ((cp2 = strpbrk(cp, " \n")))
-				cpos = cp2 - cbuf;
-			c = cbuf[cpos];
-			cbuf[cpos] = '\0';
-			strupr(cp);
-			p = lookup(sitetab, cp);
-			cbuf[cpos] = c;
-			if (p != 0) {
-				if (p->implemented == 0) {
-					state = CMD;
-					nack(p->name);
-					hasyyerrored = 1;
-					break;
-				}
-				state = p->state;
-				yylval.s = p->name;
-				return (p->token);
-			}
-			state = CMD;
-			break;
-
-		case OSTR:
-			if (cbuf[cpos] == '\n') {
-				state = CMD;
-				return (CRLF);
-			}
-			/* FALLTHROUGH */
-
-		case STR1:
-		case ZSTR1:
-		dostr1:
-			if (cbuf[cpos] == ' ') {
-				cpos++;
-				if(state == OSTR)
-				    state = STR2;
-				else
-				    state++;
-				return (SP);
-			}
-			break;
-
-		case ZSTR2:
-			if (cbuf[cpos] == '\n') {
-				state = CMD;
-				return (CRLF);
-			}
-			/* FALLTHROUGH */
-
-		case STR2:
-			cp = &cbuf[cpos];
-			n = strlen(cp);
-			cpos += n - 1;
-			/*
-			 * Make sure the string is nonempty and \n terminated.
-			 */
-			if (n > 1 && cbuf[cpos] == '\n') {
-				cbuf[cpos] = '\0';
-				yylval.s = copy(cp);
-				cbuf[cpos] = '\n';
-				state = ARGS;
-				return (STRING);
-			}
-			break;
-
-		case NSTR:
-			if (cbuf[cpos] == ' ') {
-				cpos++;
-				return (SP);
-			}
-			if (isdigit((unsigned char)cbuf[cpos])) {
-				cp = &cbuf[cpos];
-				while (isdigit((unsigned char)cbuf[++cpos]))
-					;
-				c = cbuf[cpos];
-				cbuf[cpos] = '\0';
-				yylval.i = atoi(cp);
-				cbuf[cpos] = c;
-				state = STR1;
-				return (NUMBER);
-			}
-			state = STR1;
-			goto dostr1;
-
-		case ARGS:
-			if (isdigit((unsigned char)cbuf[cpos])) {
-				cp = &cbuf[cpos];
-				while (isdigit((unsigned char)cbuf[++cpos]))
-					;
-				c = cbuf[cpos];
-				cbuf[cpos] = '\0';
-				yylval.i = atoi(cp);
-				cbuf[cpos] = c;
-				return (NUMBER);
-			}
-			switch (cbuf[cpos++]) {
-
-			case '\n':
-				state = CMD;
-				return (CRLF);
-
-			case ' ':
-				return (SP);
-
-			case ',':
-				return (COMMA);
-
-			case 'A':
-			case 'a':
-				return (A);
-
-			case 'B':
-			case 'b':
-				return (B);
-
-			case 'C':
-			case 'c':
-				return (C);
-
-			case 'E':
-			case 'e':
-				return (E);
-
-			case 'F':
-			case 'f':
-				return (F);
-
-			case 'I':
-			case 'i':
-				return (I);
-
-			case 'L':
-			case 'l':
-				return (L);
-
-			case 'N':
-			case 'n':
-				return (N);
-
-			case 'P':
-			case 'p':
-				return (P);
-
-			case 'R':
-			case 'r':
-				return (R);
-
-			case 'S':
-			case 's':
-				return (S);
-
-			case 'T':
-			case 't':
-				return (T);
-
-			}
-			break;
-
-		default:
-			fatal("Unknown state in scanner.");
-		}
-		yyerror(NULL);
-		state = CMD;
-		return (0);
-	}
-}
-
-/* ARGSUSED */
-void
-yyerror(char *s)
-{
-	char *cp;
-
-	if (hasyyerrored)
-	    return;
-
-	if ((cp = strchr(cbuf,'\n')))
-		*cp = '\0';
-	reply(500, "'%s': command not understood.", cbuf);
-	hasyyerrored = 1;
-}
-
-static char *
-copy(char *s)
-{
-	char *p;
-
-	p = strdup(s);
-	if (p == NULL)
-		fatal("Ran out of memory.");
-	return p;
-}
-
-static void
-help(struct tab *ctab, char *s)
-{
-	struct tab *c;
-	int width, NCMDS;
-	char *t;
-	char buf[1024];
-
-	if (ctab == sitetab)
-		t = "SITE ";
-	else
-		t = "";
-	width = 0, NCMDS = 0;
-	for (c = ctab; c->name != NULL; c++) {
-		int len = strlen(c->name);
-
-		if (len > width)
-			width = len;
-		NCMDS++;
-	}
-	width = (width + 8) &~ 7;
-	if (s == 0) {
-		int i, j, w;
-		int columns, lines;
-
-		lreply(214, "The following %scommands are recognized %s.",
-		    t, "(* =>'s unimplemented)");
-		columns = 76 / width;
-		if (columns == 0)
-			columns = 1;
-		lines = (NCMDS + columns - 1) / columns;
-		for (i = 0; i < lines; i++) {
-		    strlcpy (buf, "   ", sizeof(buf));
-		    for (j = 0; j < columns; j++) {
-			c = ctab + j * lines + i;
-			snprintf (buf + strlen(buf),
-				  sizeof(buf) - strlen(buf),
-				  "%s%c",
-				  c->name,
-				  c->implemented ? ' ' : '*');
-			if (c + lines >= &ctab[NCMDS])
-			    break;
-			w = strlen(c->name) + 1;
-			while (w < width) {
-			    strlcat (buf,
-					     " ",
-					     sizeof(buf));
-			    w++;
-			}
-		    }
-		    lreply(214, "%s", buf);
-		}
-		reply(214, "Direct comments to kth-krb-bugs@pdc.kth.se");
-		return;
-	}
-	strupr(s);
-	c = lookup(ctab, s);
-	if (c == (struct tab *)0) {
-		reply(502, "Unknown command %s.", s);
-		return;
-	}
-	if (c->implemented)
-		reply(214, "Syntax: %s%s %s", t, c->name, c->help);
-	else
-		reply(214, "%s%-*s\t%s; unimplemented.", t, width,
-		    c->name, c->help);
-}
-
-static void
-sizecmd(char *filename)
-{
-	switch (type) {
-	case TYPE_L:
-	case TYPE_I: {
-		struct stat stbuf;
-		if (stat(filename, &stbuf) < 0 || !S_ISREG(stbuf.st_mode))
-			reply(550, "%s: not a plain file.", filename);
-		else
-			reply(213, "%lu", (unsigned long)stbuf.st_size);
-		break;
-	}
-	case TYPE_A: {
-		FILE *fin;
-		int c;
-		size_t count;
-		struct stat stbuf;
-		fin = fopen(filename, "r");
-		if (fin == NULL) {
-			perror_reply(550, filename);
-			return;
-		}
-		if (fstat(fileno(fin), &stbuf) < 0 || !S_ISREG(stbuf.st_mode)) {
-			reply(550, "%s: not a plain file.", filename);
-			fclose(fin);
-			return;
-		}
-
-		count = 0;
-		while((c=getc(fin)) != EOF) {
-			if (c == '\n')	/* will get expanded to \r\n */
-				count++;
-			count++;
-		}
-		fclose(fin);
-
-		reply(213, "%lu", (unsigned long)count);
-		break;
-	}
-	default:
-		reply(504, "SIZE not implemented for Type %c.", "?AEIL"[type]);
-	}
-}
diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpd.8 b/crypto/heimdal/appl/ftp/ftpd/ftpd.8
deleted file mode 100644
index 0dfed9f75430..000000000000
--- a/crypto/heimdal/appl/ftp/ftpd/ftpd.8
+++ /dev/null
@@ -1,503 +0,0 @@
-.\"	$NetBSD: ftpd.8,v 1.7 1995/04/11 02:44:53 cgd Exp $
-.\"
-.\" Copyright (c) 1985, 1988, 1991, 1993
-.\"	The Regents of the University of California.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\"    must display the following acknowledgement:
-.\"	This product includes software developed by the University of
-.\"	California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\"     @(#)ftpd.8	8.2 (Berkeley) 4/19/94
-.\"
-.Dd July 19, 2003
-.Dt FTPD 8
-.Os BSD 4.2
-.Sh NAME
-.Nm ftpd
-.Nd Internet File Transfer Protocol server
-.Sh SYNOPSIS
-.Nm
-.Op Fl a Ar authmode
-.Op Fl dilvU
-.Op Fl g Ar umask
-.Op Fl p Ar port
-.Op Fl T Ar maxtimeout
-.Op Fl t Ar timeout
-.Op Fl -gss-bindings
-.Op Fl I | Fl -no-insecure-oob
-.Op Fl u Ar default umask
-.Op Fl B | Fl -builtin-ls
-.Op Fl -good-chars= Ns Ar string
-.Sh DESCRIPTION
-.Nm Ftpd
-is the
-Internet File Transfer Protocol
-server process.  The server uses the
-.Tn TCP
-protocol
-and listens at the port specified in the
-.Dq ftp
-service specification; see
-.Xr services 5 .
-.Pp
-Available options:
-.Bl -tag -width Ds
-.It Fl a
-Select the level of authentication required.  Kerberised login can not
-be turned off. The default is to only allow kerberised login.  Other
-possibilities can be turned on by giving a string of comma separated
-flags as argument to
-.Fl a .
-Recognised flags are:
-.Bl -tag -width plain
-.It Ar plain
-Allow logging in with plaintext password. The password can be a(n) OTP
-or an ordinary password.
-.It Ar otp
-Same as
-.Ar plain ,
-but only OTP is allowed.
-.It Ar ftp
-Allow anonymous login.
-.El
-.Pp
-The following combination modes exists for backwards compatibility:
-.Bl -tag -width plain
-.It Ar none
-Same as
-.Ar plain,ftp .
-.It Ar safe
-Same as
-.Ar ftp .
-.It Ar user
-Ignored.
-.El
-.It Fl d
-Debugging information is written to the syslog using LOG_FTP.
-.It Fl g
-Anonymous users will get a umask of
-.Ar umask .
-.It Fl -gss-bindings
-require the peer to use GSS-API bindings (ie make sure IP addresses match).
-.It Fl i
-Open a socket and wait for a connection. This is mainly used for
-debugging when ftpd isn't started by inetd.
-.It Fl l
-Each successful and failed
-.Xr ftp 1
-session is logged using syslog with a facility of LOG_FTP.
-If this option is specified twice, the retrieve (get), store (put), append,
-delete, make directory, remove directory and rename operations and
-their filename arguments are also logged.
-.It Fl p
-Use
-.Ar port
-(a service name or number) instead of the default
-.Ar ftp/tcp .
-.It Fl T
-A client may also request a different timeout period;
-the maximum period allowed may be set to
-.Ar timeout
-seconds with the
-.Fl T
-option.
-The default limit is 2 hours.
-.It Fl t
-The inactivity timeout period is set to
-.Ar timeout
-seconds (the default is 15 minutes).
-.It Fl u
-Set the initial umask to something else than the default 027.
-.It Fl U
-In previous versions of
-.Nm ftpd ,
-when a passive mode client requested a data connection to the server, the
-server would use data ports in the range 1024..4999.  Now, by default,
-if the system supports the IP_PORTRANGE socket option, the server will
-use data ports in the range 49152..65535.  Specifying this option will
-revert to the old behavior.
-.It Fl v
-Verbose mode.
-.It Xo
-.Fl B ,
-.Fl -builtin-ls
-.Xc
-use built-in ls to list files
-.It Xo
-.Fl -good-chars= Ns Ar string
-.Xc
-allowed anonymous upload filename chars
-.It Xo
-.Fl I
-.Fl -no-insecure-oob
-.Xc
-don't allow insecure out of band.
-Heimdal ftp clients before 0.6.3 doesn't support secure oob, so turning
-on this option makes them no longer work.
-.El
-.Pp
-The file
-.Pa /etc/nologin
-can be used to disable ftp access.
-If the file exists,
-.Nm
-displays it and exits.
-If the file
-.Pa /etc/ftpwelcome
-exists,
-.Nm
-prints it before issuing the
-.Dq ready
-message.
-If the file
-.Pa /etc/motd
-exists,
-.Nm
-prints it after a successful login.
-.Pp
-The ftp server currently supports the following ftp requests.
-The case of the requests is ignored.
-.Bl -column "Request" -offset indent
-.It Request Ta "Description"
-.It ABOR Ta "abort previous command"
-.It ACCT Ta "specify account (ignored)"
-.It ALLO Ta "allocate storage (vacuously)"
-.It APPE Ta "append to a file"
-.It CDUP Ta "change to parent of current working directory"
-.It CWD Ta "change working directory"
-.It DELE Ta "delete a file"
-.It HELP Ta "give help information"
-.It LIST Ta "give list files in a directory" Pq Dq Li "ls -lgA"
-.It MKD Ta "make a directory"
-.It MDTM Ta "show last modification time of file"
-.It MODE Ta "specify data transfer" Em mode
-.It NLST Ta "give name list of files in directory"
-.It NOOP Ta "do nothing"
-.It PASS Ta "specify password"
-.It PASV Ta "prepare for server-to-server transfer"
-.It PORT Ta "specify data connection port"
-.It PWD Ta "print the current working directory"
-.It QUIT Ta "terminate session"
-.It REST Ta "restart incomplete transfer"
-.It RETR Ta "retrieve a file"
-.It RMD Ta "remove a directory"
-.It RNFR Ta "specify rename-from file name"
-.It RNTO Ta "specify rename-to file name"
-.It SITE Ta "non-standard commands (see next section)"
-.It SIZE Ta "return size of file"
-.It STAT Ta "return status of server"
-.It STOR Ta "store a file"
-.It STOU Ta "store a file with a unique name"
-.It STRU Ta "specify data transfer" Em structure
-.It SYST Ta "show operating system type of server system"
-.It TYPE Ta "specify data transfer" Em type
-.It USER Ta "specify user name"
-.It XCUP Ta "change to parent of current working directory (deprecated)"
-.It XCWD Ta "change working directory (deprecated)"
-.It XMKD Ta "make a directory (deprecated)"
-.It XPWD Ta "print the current working directory (deprecated)"
-.It XRMD Ta "remove a directory (deprecated)"
-.El
-.Pp
-The following commands are specified by RFC2228.
-.Bl -column Request -offset indent
-.It AUTH Ta "authentication/security mechanism"
-.It ADAT Ta "authentication/security data"
-.It PROT Ta "data channel protection level"
-.It PBSZ Ta "protection buffer size"
-.It MIC Ta "integrity protected command"
-.It CONF Ta "confidentiality protected command"
-.It ENC Ta "privacy protected command"
-.It CCC Ta "clear command channel"
-.El
-.Pp
-The following non-standard or
-.Tn UNIX
-specific commands are supported
-by the
-SITE request.
-.Pp
-.Bl -column Request -offset indent
-.It UMASK Ta change umask, (e.g.
-.Ic "SITE UMASK 002" )
-.It IDLE Ta set idle-timer, (e.g.
-.Ic "SITE IDLE 60" )
-.It CHMOD Ta change mode of a file (e.g.
-.Ic "SITE CHMOD 755 filename" )
-.It FIND Ta quickly find a specific file with GNU
-.Xr locate 1 .
-.It HELP Ta give help information.
-.El
-.Pp
-The following Kerberos related site commands are understood.
-.Bl -column Request -offset indent
-.It KAUTH Ta obtain remote tickets.
-.It KLIST Ta show remote tickets
-.El
-.Pp
-The remaining ftp requests specified in Internet RFC 959
-are
-recognized, but not implemented.
-MDTM and SIZE are not specified in RFC 959, but will appear in the
-next updated FTP RFC.
-.Pp
-The ftp server will abort an active file transfer only when the
-ABOR
-command is preceded by a Telnet "Interrupt Process" (IP)
-signal and a Telnet "Synch" signal in the command Telnet stream,
-as described in Internet RFC 959.
-If a
-STAT
-command is received during a data transfer, preceded by a Telnet IP
-and Synch, transfer status will be returned.
-.Pp
-.Nm Ftpd
-interprets file names according to the
-.Dq globbing
-conventions used by
-.Xr csh 1 .
-This allows users to use the metacharacters
-.Dq Li \&*?[]{}~ .
-.Pp
-.Nm Ftpd
-authenticates users according to these rules.
-.Pp
-.Bl -enum -offset indent
-.It
-If Kerberos authentication is used, the user must pass valid tickets
-and the principal must be allowed to login as the remote user.
-.It
-The login name must be in the password data base, and not have a null
-password (if Kerberos is used the password field is not checked).  In
-this case a password must be provided by the client before any file
-operations may be performed.  If the user has an OTP key, the response
-from a successful USER command will include an OTP challenge. The
-client may choose to respond with a PASS command giving either a
-standard password or an OTP one-time password. The server will
-automatically determine which type of password it has been given and
-attempt to authenticate accordingly. See
-.Xr otp 1
-for more information on OTP authentication.
-.It
-The login name must not appear in the file
-.Pa /etc/ftpusers .
-.It
-The user must have a standard shell returned by
-.Xr getusershell 3 .
-.It
-If the user name appears in the file
-.Pa /etc/ftpchroot
-the session's root will be changed to the user's login directory by
-.Xr chroot 2
-as for an
-.Dq anonymous
-or
-.Dq ftp
-account (see next item).  However, the user must still supply a password.
-This feature is intended as a compromise between a fully anonymous account
-and a fully privileged account.  The account should also be set up as for an
-anonymous account.
-.It
-If the user name is
-.Dq anonymous
-or
-.Dq ftp ,
-an
-anonymous ftp account must be present in the password
-file (user
-.Dq ftp ) .
-In this case the user is allowed
-to log in by specifying any password (by convention an email address for
-the user should be used as the password).
-.El
-.Pp
-In the last case,
-.Nm ftpd
-takes special measures to restrict the client's access privileges.
-The server performs a
-.Xr chroot 2
-to the home directory of the
-.Dq ftp
-user.
-In order that system security is not breached, it is recommended
-that the
-.Dq ftp
-subtree be constructed with care, consider following these guidelines
-for anonymous ftp.
-.Pp
-In general all files should be owned by
-.Dq root ,
-and have non-write permissions (644 or 755 depending on the kind of
-file). No files should be owned or writable by
-.Dq ftp
-(possibly with exception for the
-.Pa ~ftp/incoming ,
-as specified below).
-.Bl -tag -width "~ftp/pub" -offset indent
-.It Pa ~ftp
-The
-.Dq ftp
-homedirectory should be owned by root.
-.It Pa ~ftp/bin
-The directory for external programs (such as
-.Xr ls 1 ) .
-These programs must either be statically linked, or you must setup an
-environment for dynamic linking when running chrooted.
-These programs will be used if present:
-.Bl -tag -width "locate" -offset indent
-.It ls
-Used when listing files.
-.It compress
-When retrieving a filename that ends in
-.Pa .Z ,
-and that file isn't present,
-.Nm
-will try to find the filename without
-.Pa .Z
-and compress it on the fly.
-.It gzip
-Same as compress, just with files ending in
-.Pa .gz .
-.It gtar
-Enables retrieval of whole directories as files ending in
-.Pa .tar .
-Can also be combined with compression. You must use GNU Tar (or some
-other that supports the
-.Fl z
-and
-.Fl Z
-flags).
-.It locate
-Will enable ``fast find'' with the
-.Ic SITE FIND
-command. You must also create a
-.Pa locatedb
-file in
-.Pa ~ftp/etc .
-.El
-.It Pa ~ftp/etc
-If you put copies of the
-.Xr passwd 5
-and
-.Xr group 5
-files here, ls will be able to produce owner names rather than
-numbers. Remember to remove any passwords from these files.
-.Pp
-The file
-.Pa motd ,
-if present, will be printed after a successful login.
-.It Pa ~ftp/dev
-Put a copy of
-.Xr /dev/null 7
-here.
-.It Pa ~ftp/pub
-Traditional place to put whatever you want to make public.
-.El
-.Pp
-If you want guests to be able to upload files, create a
-.Pa ~ftp/incoming
-directory owned by
-.Dq root ,
-and group
-.Dq ftp
-with mode 730 (make sure
-.Dq ftp
-is member of group
-.Dq ftp ) .
-The following restrictions apply to anonymous users:
-.Bl -bullet
-.It
-Directories created will have mode 700.
-.It
-Uploaded files will be created with an umask of 777, if not changed
-with the
-.Fl g
-option.
-.It
-These command are not accessible:
-.Ic DELE , RMD , RNTO , RNFR ,
-.Ic SITE UMASK ,
-and
-.Ic SITE CHMOD .
-.It
-Filenames must start with an alpha-numeric character, and consist of
-alpha-numeric characters or any of the following:
-.Li \&+
-(plus),
-.Li \&-
-(minus),
-.Li \&=
-(equal),
-.Li \&_
-(underscore),
-.Li \&.
-(period), and
-.Li \&,
-(comma).
-.El
-.Sh FILES
-.Bl -tag -width /etc/ftpwelcome -compact
-.It Pa /etc/ftpusers
-Access list for users.
-.It Pa /etc/ftpchroot
-List of normal users who should be chroot'd.
-.It Pa /etc/ftpwelcome
-Welcome notice.
-.It Pa /etc/motd
-Welcome notice after login.
-.It Pa /etc/nologin
-Displayed and access refused.
-.It Pa ~/.klogin
-Login access for Kerberos.
-.El
-.Sh SEE ALSO
-.Xr ftp 1 ,
-.Xr otp 1 ,
-.Xr getusershell 3 ,
-.Xr ftpusers 5 ,
-.Xr syslogd 8
-.Sh STANDARDS
-.Bl -tag -compact -width "RFC 1938"
-.It Cm RFC 959
-FTP PROTOCOL SPECIFICATION
-.It Cm RFC 1938
-OTP Specification
-.It Cm RFC 2228
-FTP Security Extensions.
-.El
-.Sh BUGS
-The server must run as the super-user
-to create sockets with privileged port numbers.  It maintains
-an effective user id of the logged in user, reverting to
-the super-user only when binding addresses to sockets.  The
-possible security holes have been extensively
-scrutinized, but are possibly incomplete.
-.Sh HISTORY
-The
-.Nm
-command appeared in
-.Bx 4.2 .
diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpd.c b/crypto/heimdal/appl/ftp/ftpd/ftpd.c
deleted file mode 100644
index 2005a4fb3161..000000000000
--- a/crypto/heimdal/appl/ftp/ftpd/ftpd.c
+++ /dev/null
@@ -1,2393 +0,0 @@
-/*
- * Copyright (c) 1985, 1988, 1990, 1992, 1993, 1994
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#define	FTP_NAMES
-#include "ftpd_locl.h"
-#ifdef KRB5
-#include <krb5.h>
-#endif
-#include "getarg.h"
-
-RCSID("$Id: ftpd.c 21222 2007-06-20 10:11:14Z lha $");
-
-static char version[] = "Version 6.00";
-
-extern	off_t restart_point;
-extern	char cbuf[];
-
-struct  sockaddr_storage ctrl_addr_ss;
-struct  sockaddr *ctrl_addr = (struct sockaddr *)&ctrl_addr_ss;
-
-struct  sockaddr_storage data_source_ss;
-struct  sockaddr *data_source = (struct sockaddr *)&data_source_ss;
-
-struct  sockaddr_storage data_dest_ss;
-struct  sockaddr *data_dest = (struct sockaddr *)&data_dest_ss;
-
-struct  sockaddr_storage his_addr_ss;
-struct  sockaddr *his_addr = (struct sockaddr *)&his_addr_ss;
-
-struct  sockaddr_storage pasv_addr_ss;
-struct  sockaddr *pasv_addr = (struct sockaddr *)&pasv_addr_ss;
-
-int	data;
-int	logged_in;
-struct	passwd *pw;
-int	debug = 0;
-int	ftpd_timeout = 900;    /* timeout after 15 minutes of inactivity */
-int	maxtimeout = 7200;/* don't allow idle time to be set beyond 2 hours */
-int	restricted_data_ports = 1;
-int	logging;
-int	guest;
-int	dochroot;
-int	type;
-int	form;
-int	stru;			/* avoid C keyword */
-int	mode;
-int	usedefault = 1;		/* for data transfers */
-int	pdata = -1;		/* for passive mode */
-int	allow_insecure_oob = 1;
-static int transflag;
-static int urgflag;
-off_t	file_size;
-off_t	byte_count;
-#if !defined(CMASK) || CMASK == 0
-#undef CMASK
-#define CMASK 027
-#endif
-int	defumask = CMASK;		/* default umask value */
-int	guest_umask = 0777;	/* Paranoia for anonymous users */
-char	tmpline[10240];
-char	hostname[MaxHostNameLen];
-char	remotehost[MaxHostNameLen];
-static char ttyline[20];
-
-#define AUTH_PLAIN	(1 << 0) /* allow sending passwords */
-#define AUTH_OTP	(1 << 1) /* passwords are one-time */
-#define AUTH_FTP	(1 << 2) /* allow anonymous login */
-
-static int auth_level = 0; /* Only allow kerberos login by default */
-
-/*
- * Timeout intervals for retrying connections
- * to hosts that don't accept PORT cmds.  This
- * is a kludge, but given the problems with TCP...
- */
-#define	SWAITMAX	90	/* wait at most 90 seconds */
-#define	SWAITINT	5	/* interval between retries */
-
-int	swaitmax = SWAITMAX;
-int	swaitint = SWAITINT;
-
-#ifdef HAVE_SETPROCTITLE
-char	proctitle[BUFSIZ];	/* initial part of title */
-#endif /* HAVE_SETPROCTITLE */
-
-#define LOGCMD(cmd, file) \
-	if (logging > 1) \
-	    syslog(LOG_INFO,"%s %s%s", cmd, \
-		*(file) == '/' ? "" : curdir(), file);
-#define LOGCMD2(cmd, file1, file2) \
-	 if (logging > 1) \
-	    syslog(LOG_INFO,"%s %s%s %s%s", cmd, \
-		*(file1) == '/' ? "" : curdir(), file1, \
-		*(file2) == '/' ? "" : curdir(), file2);
-#define LOGBYTES(cmd, file, cnt) \
-	if (logging > 1) { \
-		if (cnt == (off_t)-1) \
-		    syslog(LOG_INFO,"%s %s%s", cmd, \
-			*(file) == '/' ? "" : curdir(), file); \
-		else \
-		    syslog(LOG_INFO, "%s %s%s = %ld bytes", \
-			cmd, (*(file) == '/') ? "" : curdir(), file, (long)cnt); \
-	}
-
-static void	 ack (char *);
-static void	 myoob (int);
-static int	 handleoobcmd(void);
-static int	 checkuser (char *, char *);
-static int	 checkaccess (char *);
-static FILE	*dataconn (const char *, off_t, const char *);
-static void	 dolog (struct sockaddr *, int);
-static void	 end_login (void);
-static FILE	*getdatasock (const char *, int);
-static char	*gunique (char *);
-static RETSIGTYPE	 lostconn (int);
-static int	 receive_data (FILE *, FILE *);
-static void	 send_data (FILE *, FILE *);
-static struct passwd * sgetpwnam (char *);
-
-static char *
-curdir(void)
-{
-	static char path[MaxPathLen+1];	/* path + '/' + '\0' */
-
-	if (getcwd(path, sizeof(path)-1) == NULL)
-		return ("");
-	if (path[1] != '\0')		/* special case for root dir. */
-		strlcat(path, "/", sizeof(path));
-	/* For guest account, skip / since it's chrooted */
-	return (guest ? path+1 : path);
-}
-
-#ifndef LINE_MAX
-#define LINE_MAX 1024
-#endif
-
-static int
-parse_auth_level(char *str)
-{
-    char *p;
-    int ret = 0;
-    char *foo = NULL;
-
-    for(p = strtok_r(str, ",", &foo);
-	p;
-	p = strtok_r(NULL, ",", &foo)) {
-	if(strcmp(p, "user") == 0)
-	    ;
-#ifdef OTP
-	else if(strcmp(p, "otp") == 0)
-	    ret |= AUTH_PLAIN|AUTH_OTP;
-#endif
-	else if(strcmp(p, "ftp") == 0 ||
-		strcmp(p, "safe") == 0)
-	    ret |= AUTH_FTP;
-	else if(strcmp(p, "plain") == 0)
-	    ret |= AUTH_PLAIN;
-	else if(strcmp(p, "none") == 0)
-	    ret |= AUTH_PLAIN|AUTH_FTP;
-	else
-	    warnx("bad value for -a: `%s'", p);
-    }
-    return ret;	    
-}
-
-/*
- * Print usage and die.
- */
-
-static int interactive_flag;
-static char *guest_umask_string;
-static char *port_string;
-static char *umask_string;
-static char *auth_string;
-
-int use_builtin_ls = -1;
-
-static int help_flag;
-static int version_flag;
-
-static const char *good_chars = "+-=_,.";
-
-struct getargs args[] = {
-    { NULL, 'a', arg_string, &auth_string, "required authentication" },
-    { NULL, 'i', arg_flag, &interactive_flag, "don't assume stdin is a socket" },
-    { NULL, 'p', arg_string, &port_string, "what port to listen to" },
-    { NULL, 'g', arg_string, &guest_umask_string, "umask for guest logins" },
-    { NULL, 'l', arg_counter, &logging, "log more stuff", "" },
-    { NULL, 't', arg_integer, &ftpd_timeout, "initial timeout" },
-    { NULL, 'T', arg_integer, &maxtimeout, "max timeout" },
-    { NULL, 'u', arg_string, &umask_string, "umask for user logins" },
-    { NULL, 'U', arg_negative_flag, &restricted_data_ports, "don't use high data ports" },
-    { NULL, 'd', arg_flag, &debug, "enable debugging" },
-    { NULL, 'v', arg_flag, &debug, "enable debugging" },
-    { "builtin-ls", 'B', arg_flag, &use_builtin_ls, "use built-in ls to list files" },
-    { "good-chars", 0, arg_string, &good_chars, "allowed anonymous upload filename chars" },
-    { "insecure-oob", 'I', arg_negative_flag, &allow_insecure_oob, "don't allow insecure OOB ABOR/STAT" },
-#ifdef KRB5    
-    { "gss-bindings", 0,  arg_flag, &ftp_do_gss_bindings, "Require GSS-API bindings", NULL},
-#endif
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 'h', arg_flag, &help_flag }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage (int code)
-{
-    arg_printusage(args, num_args, NULL, "");
-    exit (code);
-}
-
-/* output contents of a file */
-static int
-show_file(const char *file, int code)
-{
-    FILE *f;
-    char buf[128];
-
-    f = fopen(file, "r");
-    if(f == NULL)
-	return -1;
-    while(fgets(buf, sizeof(buf), f)){
-	buf[strcspn(buf, "\r\n")] = '\0';
-	lreply(code, "%s", buf);
-    }
-    fclose(f);
-    return 0;
-}
-
-int
-main(int argc, char **argv)
-{
-    socklen_t his_addr_len, ctrl_addr_len;
-    int on = 1;
-    int port;
-    struct servent *sp;
-
-    int optind = 0;
-
-    setprogname (argv[0]);
-
-    /* detach from any tickets and tokens */
-    {
-#ifdef KRB4
-	char tkfile[1024];
-	snprintf(tkfile, sizeof(tkfile),
-		 "/tmp/ftp_%u", (unsigned)getpid());
-	krb_set_tkt_string(tkfile);
-#endif
-    }
-
-    if(getarg(args, num_args, argc, argv, &optind))
-	usage(1);
-
-    if(help_flag)
-	usage(0);
-	
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    if(auth_string)
-	auth_level = parse_auth_level(auth_string);
-    {
-	char *p;
-	long val = 0;
-	    
-	if(guest_umask_string) {
-	    val = strtol(guest_umask_string, &p, 8);
-	    if (*p != '\0' || val < 0)
-		warnx("bad value for -g");
-	    else
-		guest_umask = val;
-	}
-	if(umask_string) {
-	    val = strtol(umask_string, &p, 8);
-	    if (*p != '\0' || val < 0)
-		warnx("bad value for -u");
-	    else
-		defumask = val;
-	}
-    }
-    sp = getservbyname("ftp", "tcp");
-    if(sp)
-	port = sp->s_port;
-    else
-	port = htons(21);
-    if(port_string) {
-	sp = getservbyname(port_string, "tcp");
-	if(sp)
-	    port = sp->s_port;
-	else
-	    if(isdigit((unsigned char)port_string[0]))
-		port = htons(atoi(port_string));
-	    else
-		warnx("bad value for -p");
-    }
-		    
-    if (maxtimeout < ftpd_timeout)
-	maxtimeout = ftpd_timeout;
-
-#if 0
-    if (ftpd_timeout > maxtimeout)
-	ftpd_timeout = maxtimeout;
-#endif
-
-    if(interactive_flag)
-	mini_inetd (port);
-
-    /*
-     * LOG_NDELAY sets up the logging connection immediately,
-     * necessary for anonymous ftp's that chroot and can't do it later.
-     */
-    openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_FTP);
-    his_addr_len = sizeof(his_addr_ss);
-    if (getpeername(STDIN_FILENO, his_addr, &his_addr_len) < 0) {
-	syslog(LOG_ERR, "getpeername (%s): %m",argv[0]);
-	exit(1);
-    }
-    ctrl_addr_len = sizeof(ctrl_addr_ss);
-    if (getsockname(STDIN_FILENO, ctrl_addr, &ctrl_addr_len) < 0) {
-	syslog(LOG_ERR, "getsockname (%s): %m",argv[0]);
-	exit(1);
-    }
-#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
-    {
-	int tos = IPTOS_LOWDELAY;
-
-	if (setsockopt(STDIN_FILENO, IPPROTO_IP, IP_TOS,
-		       (void *)&tos, sizeof(int)) < 0)
-	    syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
-    }
-#endif
-    data_source->sa_family = ctrl_addr->sa_family;
-    socket_set_port (data_source,
-		     htons(ntohs(socket_get_port(ctrl_addr)) - 1));
-
-    /* set this here so it can be put in wtmp */
-    snprintf(ttyline, sizeof(ttyline), "ftp%u", (unsigned)getpid());
-
-
-    /*	freopen(_PATH_DEVNULL, "w", stderr); */
-    signal(SIGPIPE, lostconn);
-    signal(SIGCHLD, SIG_IGN);
-#ifdef SIGURG
-    if (signal(SIGURG, myoob) == SIG_ERR)
-	syslog(LOG_ERR, "signal: %m");
-#endif
-
-    /* Try to handle urgent data inline */
-#if defined(SO_OOBINLINE) && defined(HAVE_SETSOCKOPT)
-    if (setsockopt(0, SOL_SOCKET, SO_OOBINLINE, (void *)&on,
-		   sizeof(on)) < 0)
-	syslog(LOG_ERR, "setsockopt: %m");
-#endif
-
-#ifdef	F_SETOWN
-    if (fcntl(fileno(stdin), F_SETOWN, getpid()) == -1)
-	syslog(LOG_ERR, "fcntl F_SETOWN: %m");
-#endif
-    dolog(his_addr, his_addr_len);
-    /*
-     * Set up default state
-     */
-    data = -1;
-    type = TYPE_A;
-    form = FORM_N;
-    stru = STRU_F;
-    mode = MODE_S;
-    tmpline[0] = '\0';
-
-    /* If logins are disabled, print out the message. */
-    if(show_file(_PATH_NOLOGIN, 530) == 0) {
-	reply(530, "System not available.");
-	exit(0);
-    }
-    show_file(_PATH_FTPWELCOME, 220);
-    /* reply(220,) must follow */
-    gethostname(hostname, sizeof(hostname));
-	
-    reply(220, "%s FTP server (%s"
-#ifdef KRB5
-	  "+%s"
-#endif
-#ifdef KRB4
-	  "+%s"
-#endif
-	  ") ready.", hostname, version
-#ifdef KRB5
-	  ,heimdal_version
-#endif
-#ifdef KRB4
-	  ,krb4_version
-#endif
-	  );
-
-    for (;;)
-	yyparse();
-    /* NOTREACHED */
-}
-
-static RETSIGTYPE
-lostconn(int signo)
-{
-
-	if (debug)
-		syslog(LOG_DEBUG, "lost connection");
-	dologout(-1);
-}
-
-/*
- * Helper function for sgetpwnam().
- */
-static char *
-sgetsave(char *s)
-{
-	char *new = strdup(s);
-
-	if (new == NULL) {
-		perror_reply(421, "Local resource failure: malloc");
-		dologout(1);
-		/* NOTREACHED */
-	}
-	return new;
-}
-
-/*
- * Save the result of a getpwnam.  Used for USER command, since
- * the data returned must not be clobbered by any other command
- * (e.g., globbing).
- */
-static struct passwd *
-sgetpwnam(char *name)
-{
-	static struct passwd save;
-	struct passwd *p;
-
-	if ((p = k_getpwnam(name)) == NULL)
-		return (p);
-	if (save.pw_name) {
-		free(save.pw_name);
-		free(save.pw_passwd);
-		free(save.pw_gecos);
-		free(save.pw_dir);
-		free(save.pw_shell);
-	}
-	save = *p;
-	save.pw_name = sgetsave(p->pw_name);
-	save.pw_passwd = sgetsave(p->pw_passwd);
-	save.pw_gecos = sgetsave(p->pw_gecos);
-	save.pw_dir = sgetsave(p->pw_dir);
-	save.pw_shell = sgetsave(p->pw_shell);
-	return (&save);
-}
-
-static int login_attempts;	/* number of failed login attempts */
-static int askpasswd;		/* had user command, ask for passwd */
-static char curname[10];	/* current USER name */
-#ifdef OTP
-OtpContext otp_ctx;
-#endif
-
-/*
- * USER command.
- * Sets global passwd pointer pw if named account exists and is acceptable;
- * sets askpasswd if a PASS command is expected.  If logged in previously,
- * need to reset state.  If name is "ftp" or "anonymous", the name is not in
- * _PATH_FTPUSERS, and ftp account exists, set guest and pw, then just return.
- * If account doesn't exist, ask for passwd anyway.  Otherwise, check user
- * requesting login privileges.  Disallow anyone who does not have a standard
- * shell as returned by getusershell().  Disallow anyone mentioned in the file
- * _PATH_FTPUSERS to allow people such as root and uucp to be avoided.
- */
-void
-user(char *name)
-{
-	char *cp, *shell;
-
-	if(auth_level == 0 && !sec_complete){
-	    reply(530, "No login allowed without authorization.");
-	    return;
-	}
-
-	if (logged_in) {
-		if (guest) {
-			reply(530, "Can't change user from guest login.");
-			return;
-		} else if (dochroot) {
-			reply(530, "Can't change user from chroot user.");
-			return;
-		}
-		end_login();
-	}
-
-	guest = 0;
-	if (strcmp(name, "ftp") == 0 || strcmp(name, "anonymous") == 0) {
-	    if ((auth_level & AUTH_FTP) == 0 ||
-		checkaccess("ftp") || 
-		checkaccess("anonymous"))
-		reply(530, "User %s access denied.", name);
-	    else if ((pw = sgetpwnam("ftp")) != NULL) {
-		guest = 1;
-		defumask = guest_umask;	/* paranoia for incoming */
-		askpasswd = 1;
-		reply(331, "Guest login ok, type your name as password.");
-	    } else
-		reply(530, "User %s unknown.", name);
-	    if (!askpasswd && logging) {
-		char data_addr[256];
-
-		if (inet_ntop (his_addr->sa_family,
-			       socket_get_address(his_addr),
-			       data_addr, sizeof(data_addr)) == NULL)
-			strlcpy (data_addr, "unknown address",
-					 sizeof(data_addr));
-
-		syslog(LOG_NOTICE,
-		       "ANONYMOUS FTP LOGIN REFUSED FROM %s(%s)",
-		       remotehost, data_addr);
-	    }
-	    return;
-	}
-	if((auth_level & AUTH_PLAIN) == 0 && !sec_complete){
-	    reply(530, "Only authorized and anonymous login allowed.");
-	    return;
-	}
-	if ((pw = sgetpwnam(name))) {
-		if ((shell = pw->pw_shell) == NULL || *shell == 0)
-			shell = _PATH_BSHELL;
-		while ((cp = getusershell()) != NULL)
-			if (strcmp(cp, shell) == 0)
-				break;
-		endusershell();
-
-		if (cp == NULL || checkaccess(name)) {
-			reply(530, "User %s access denied.", name);
-			if (logging) {
-				char data_addr[256];
-
-				if (inet_ntop (his_addr->sa_family,
-					       socket_get_address(his_addr),
-					       data_addr,
-					       sizeof(data_addr)) == NULL)
-					strlcpy (data_addr,
-							 "unknown address",
-							 sizeof(data_addr));
-
-				syslog(LOG_NOTICE,
-				       "FTP LOGIN REFUSED FROM %s(%s), %s",
-				       remotehost,
-				       data_addr,
-				       name);
-			}
-			pw = (struct passwd *) NULL;
-			return;
-		}
-	}
-	if (logging)
-	    strlcpy(curname, name, sizeof(curname));
-	if(sec_complete) {
-	    if(sec_userok(name) == 0) {
-		do_login(232, name);
-		sec_session(name);
-	    } else
-		reply(530, "User %s access denied.", name);
-	} else {
-#ifdef OTP
-		char ss[256];
-
-		if (otp_challenge(&otp_ctx, name, ss, sizeof(ss)) == 0) {
-			reply(331, "Password %s for %s required.",
-			      ss, name);
-			askpasswd = 1;
-		} else
-#endif
-		if ((auth_level & AUTH_OTP) == 0) {
-		    reply(331, "Password required for %s.", name);
-		    askpasswd = 1;
-		} else {
-#ifdef OTP
-		    char *s;
-
-		    if ((s = otp_error (&otp_ctx)) != NULL)
-			lreply(530, "OTP: %s", s);
-#endif
-		    reply(530,
-			  "Only authorized, anonymous"
-#ifdef OTP
-			  " and OTP "
-#endif
-			  "login allowed.");
-		}
-
-	}
-	/*
-	 * Delay before reading passwd after first failed
-	 * attempt to slow down passwd-guessing programs.
-	 */
-	if (login_attempts)
-		sleep(login_attempts);
-}
-
-/*
- * Check if a user is in the file "fname"
- */
-static int
-checkuser(char *fname, char *name)
-{
-	FILE *fd;
-	int found = 0;
-	char *p, line[BUFSIZ];
-
-	if ((fd = fopen(fname, "r")) != NULL) {
-		while (fgets(line, sizeof(line), fd) != NULL)
-			if ((p = strchr(line, '\n')) != NULL) {
-				*p = '\0';
-				if (line[0] == '#')
-					continue;
-				if (strcmp(line, name) == 0) {
-					found = 1;
-					break;
-				}
-			}
-		fclose(fd);
-	}
-	return (found);
-}
-
-
-/*
- * Determine whether a user has access, based on information in 
- * _PATH_FTPUSERS. The users are listed one per line, with `allow'
- * or `deny' after the username. If anything other than `allow', or
- * just nothing, is given after the username, `deny' is assumed.
- *
- * If the user is not found in the file, but the pseudo-user `*' is,
- * the permission is taken from that line.
- *
- * This preserves the old semantics where if a user was listed in the
- * file he was denied, otherwise he was allowed.
- *
- * Return 1 if the user is denied, or 0 if he is allowed.  */
-
-static int
-match(const char *pattern, const char *string)
-{
-    return fnmatch(pattern, string, FNM_NOESCAPE);
-}
-
-static int
-checkaccess(char *name)
-{
-#define ALLOWED		0
-#define	NOT_ALLOWED	1
-    FILE *fd;
-    int allowed = ALLOWED;
-    char *user, *perm, line[BUFSIZ];
-    char *foo;
-    
-    fd = fopen(_PATH_FTPUSERS, "r");
-    
-    if(fd == NULL)
-	return allowed;
-
-    while (fgets(line, sizeof(line), fd) != NULL)  {
-	foo = NULL;
-	user = strtok_r(line, " \t\n", &foo);
-	if (user == NULL || user[0] == '#')
-	    continue;
-	perm = strtok_r(NULL, " \t\n", &foo);
-	if (match(user, name) == 0){
-	    if(perm && strcmp(perm, "allow") == 0)
-		allowed = ALLOWED;
-	    else
-		allowed = NOT_ALLOWED;
-	    break;
-	}
-    }
-    fclose(fd);
-    return allowed;
-}
-#undef	ALLOWED
-#undef	NOT_ALLOWED
-
-
-int do_login(int code, char *passwd)
-{
-    login_attempts = 0;		/* this time successful */
-    if (setegid((gid_t)pw->pw_gid) < 0) {
-	reply(550, "Can't set gid.");
-	return -1;
-    }
-    initgroups(pw->pw_name, pw->pw_gid);
-#if defined(KRB4) || defined(KRB5)
-    if(k_hasafs())
-	k_setpag();
-#endif
-
-    /* open wtmp before chroot */
-    ftpd_logwtmp(ttyline, pw->pw_name, remotehost);
-    logged_in = 1;
-
-    dochroot = checkuser(_PATH_FTPCHROOT, pw->pw_name);
-    if (guest) {
-	/*
-	 * We MUST do a chdir() after the chroot. Otherwise
-	 * the old current directory will be accessible as "."
-	 * outside the new root!
-	 */
-	if (chroot(pw->pw_dir) < 0 || chdir("/") < 0) {
-	    reply(550, "Can't set guest privileges.");
-	    return -1;
-	}
-    } else if (dochroot) {
-	if (chroot(pw->pw_dir) < 0 || chdir("/") < 0) {
-	    reply(550, "Can't change root.");
-	    return -1;
-	}
-    } else if (chdir(pw->pw_dir) < 0) {
-	if (chdir("/") < 0) {
-	    reply(530, "User %s: can't change directory to %s.",
-		  pw->pw_name, pw->pw_dir);
-	    return -1;
-	} else
-	    lreply(code, "No directory! Logging in with home=/");
-    }
-    if (seteuid((uid_t)pw->pw_uid) < 0) {
-	reply(550, "Can't set uid.");
-	return -1;
-    }
-
-    if(use_builtin_ls == -1) {
-	struct stat st;
-	/* if /bin/ls exist and is a regular file, use it, otherwise
-           use built-in ls */
-	if(stat("/bin/ls", &st) == 0 &&
-	   S_ISREG(st.st_mode))
-	    use_builtin_ls = 0;
-	else
-	    use_builtin_ls = 1;
-    }
-
-    /*
-     * Display a login message, if it exists.
-     * N.B. reply(code,) must follow the message.
-     */
-    show_file(_PATH_FTPLOGINMESG, code);
-    if(show_file(_PATH_ISSUE_NET, code) != 0)
-	show_file(_PATH_ISSUE, code);
-    if (guest) {
-	reply(code, "Guest login ok, access restrictions apply.");
-#ifdef HAVE_SETPROCTITLE
-	snprintf (proctitle, sizeof(proctitle),
-		  "%s: anonymous/%s",
-		  remotehost,
-		  passwd);
-	setproctitle("%s", proctitle);
-#endif /* HAVE_SETPROCTITLE */
-	if (logging) {
-	    char data_addr[256];
-
-	    if (inet_ntop (his_addr->sa_family,
-			   socket_get_address(his_addr),
-			   data_addr, sizeof(data_addr)) == NULL)
-		strlcpy (data_addr, "unknown address",
-				 sizeof(data_addr));
-
-	    syslog(LOG_INFO, "ANONYMOUS FTP LOGIN FROM %s(%s), %s",
-		   remotehost, 
-		   data_addr,
-		   passwd);
-	}
-    } else {
-	reply(code, "User %s logged in.", pw->pw_name);
-#ifdef HAVE_SETPROCTITLE
-	snprintf(proctitle, sizeof(proctitle), "%s: %s", remotehost, pw->pw_name);
-	setproctitle("%s", proctitle);
-#endif /* HAVE_SETPROCTITLE */
-	if (logging) {
-	    char data_addr[256];
-
-	    if (inet_ntop (his_addr->sa_family,
-			   socket_get_address(his_addr),
-			   data_addr, sizeof(data_addr)) == NULL)
-		strlcpy (data_addr, "unknown address",
-				 sizeof(data_addr));
-
-	    syslog(LOG_INFO, "FTP LOGIN FROM %s(%s) as %s",
-		   remotehost,
-		   data_addr,
-		   pw->pw_name);
-	}
-    }
-    umask(defumask);
-    return 0;
-}
-
-/*
- * Terminate login as previous user, if any, resetting state;
- * used when USER command is given or login fails.
- */
-static void
-end_login(void)
-{
-
-	if (seteuid((uid_t)0) < 0)
-		fatal("Failed to seteuid");
-	if (logged_in)
-		ftpd_logwtmp(ttyline, "", "");
-	pw = NULL;
-	logged_in = 0;
-	guest = 0;
-	dochroot = 0;
-}
-
-#ifdef KRB5
-static int
-krb5_verify(struct passwd *pwd, char *passwd)
-{
-   krb5_context context;  
-   krb5_ccache  id;
-   krb5_principal princ;
-   krb5_error_code ret;
-  
-   ret = krb5_init_context(&context);
-   if(ret)
-        return ret;
-
-  ret = krb5_parse_name(context, pwd->pw_name, &princ);
-  if(ret){
-        krb5_free_context(context);
-        return ret;
-  }
-  ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &id);
-  if(ret){
-        krb5_free_principal(context, princ);
-        krb5_free_context(context);
-        return ret;
-  }
-  ret = krb5_verify_user(context,
-                         princ,
-                         id,
-                         passwd,
-                         1,
-                         NULL);
-  krb5_free_principal(context, princ);
-  if (k_hasafs()) {
-      krb5_afslog_uid_home(context, id,NULL, NULL,pwd->pw_uid, pwd->pw_dir);
-  }
-  krb5_cc_destroy(context, id);
-  krb5_free_context (context);
-  if(ret) 
-      return ret;
-  return 0;
-}
-#endif /* KRB5 */
-
-void
-pass(char *passwd)
-{
-	int rval;
-
-	/* some clients insists on sending a password */
-	if (logged_in && askpasswd == 0){
-	    reply(230, "Password not necessary");
-	    return;
-	}
-
-	if (logged_in || askpasswd == 0) {
-		reply(503, "Login with USER first.");
-		return;
-	}
-	askpasswd = 0;
-	rval = 1;
-	if (!guest) {		/* "ftp" is only account allowed no password */
-		if (pw == NULL)
-			rval = 1;	/* failure below */
-#ifdef OTP
-		else if (otp_verify_user (&otp_ctx, passwd) == 0) {
-		    rval = 0;
-		}
-#endif
-		else if((auth_level & AUTH_OTP) == 0) {
-#ifdef KRB5
-		    rval = krb5_verify(pw, passwd);
-#endif
-#ifdef KRB4
-		    if (rval) {
-			char realm[REALM_SZ];
-			if((rval = krb_get_lrealm(realm, 1)) == KSUCCESS)
-			    rval = krb_verify_user(pw->pw_name,
-						   "", realm, 
-						   passwd, 
-						   KRB_VERIFY_SECURE, NULL);
-			if (rval == KSUCCESS ) {
-			    chown (tkt_string(), pw->pw_uid, pw->pw_gid);
-			    if(k_hasafs())
-				krb_afslog(0, 0);
-			}
-		    }
-#endif
-		    if (rval)
-			rval = unix_verify_user(pw->pw_name, passwd);
-		} else {
-#ifdef OTP
-		    char *s;
-		    if ((s = otp_error(&otp_ctx)) != NULL)
-			lreply(530, "OTP: %s", s);
-#endif
-		}
-		memset (passwd, 0, strlen(passwd));
-
-		/*
-		 * If rval == 1, the user failed the authentication
-		 * check above.  If rval == 0, either Kerberos or
-		 * local authentication succeeded.
-		 */
-		if (rval) {
-			char data_addr[256];
-
-			if (inet_ntop (his_addr->sa_family,
-				       socket_get_address(his_addr),
-				       data_addr, sizeof(data_addr)) == NULL)
-				strlcpy (data_addr, "unknown address",
-						 sizeof(data_addr));
-
-			reply(530, "Login incorrect.");
-			if (logging)
-				syslog(LOG_NOTICE,
-				    "FTP LOGIN FAILED FROM %s(%s), %s",
-				       remotehost,
-				       data_addr,
-				       curname);
-			pw = NULL;
-			if (login_attempts++ >= 5) {
-				syslog(LOG_NOTICE,
-				       "repeated login failures from %s(%s)",
-				       remotehost,
-				       data_addr);
-				exit(0);
-			}
-			return;
-		}
-	}
-	if(!do_login(230, passwd))
-	  return;
-	
-	/* Forget all about it... */
-	end_login();
-}
-
-void
-retrieve(const char *cmd, char *name)
-{
-	FILE *fin = NULL, *dout;
-	struct stat st;
-	int (*closefunc) (FILE *);
-	char line[BUFSIZ];
-
-
-	if (cmd == 0) {
-		fin = fopen(name, "r");
-		closefunc = fclose;
-		st.st_size = 0;
-		if(fin == NULL){
-		    int save_errno = errno;
-		    struct cmds {
-			const char *ext;
-			const char *cmd;
-		        const char *rev_cmd;
-		    } cmds[] = {
-			{".tar", "/bin/gtar cPf - %s", NULL},
-			{".tar.gz", "/bin/gtar zcPf - %s", NULL},
-			{".tar.Z", "/bin/gtar ZcPf - %s", NULL},
-			{".gz", "/bin/gzip -c -- %s", "/bin/gzip -c -d -- %s"},
-			{".Z", "/bin/compress -c -- %s", "/bin/uncompress -c -- %s"},
-			{NULL, NULL}
-		    };
-		    struct cmds *p;
-		    for(p = cmds; p->ext; p++){
-			char *tail = name + strlen(name) - strlen(p->ext);
-			char c = *tail;
-			
-			if(strcmp(tail, p->ext) == 0 &&
-			   (*tail  = 0) == 0 &&
-			   access(name, R_OK) == 0){
-			    snprintf (line, sizeof(line), p->cmd, name);
-			    *tail  = c;
-			    break;
-			}
-			*tail = c;
-			if (p->rev_cmd != NULL) {
-			    char *ext;
-			    int ret;
-
-			    ret = asprintf(&ext, "%s%s", name, p->ext);
-			    if (ret != -1) {
-  			        if (access(ext, R_OK) == 0) {
-				    snprintf (line, sizeof(line),
-					      p->rev_cmd, ext);
-				    free(ext);
-				    break;
-				}
-			        free(ext);
-			    }
-			}
-			
-		    }
-		    if(p->ext){
-			fin = ftpd_popen(line, "r", 0, 0);
-			closefunc = ftpd_pclose;
-			st.st_size = -1;
-			cmd = line;
-		    } else
-			errno = save_errno;
-		}
-	} else {
-		snprintf(line, sizeof(line), cmd, name);
-		name = line;
-		fin = ftpd_popen(line, "r", 1, 0);
-		closefunc = ftpd_pclose;
-		st.st_size = -1;
-	}
-	if (fin == NULL) {
-		if (errno != 0) {
-			perror_reply(550, name);
-			if (cmd == 0) {
-				LOGCMD("get", name);
-			}
-		}
-		return;
-	}
-	byte_count = -1;
-	if (cmd == 0){
-	    if(fstat(fileno(fin), &st) < 0 || !S_ISREG(st.st_mode)) {
-		reply(550, "%s: not a plain file.", name);
-		goto done;
-	    }
-	}
-	if (restart_point) {
-		if (type == TYPE_A) {
-			off_t i, n;
-			int c;
-
-			n = restart_point;
-			i = 0;
-			while (i++ < n) {
-				if ((c=getc(fin)) == EOF) {
-					perror_reply(550, name);
-					goto done;
-				}
-				if (c == '\n')
-					i++;
-			}
-		} else if (lseek(fileno(fin), restart_point, SEEK_SET) < 0) {
-			perror_reply(550, name);
-			goto done;
-		}
-	}
-	dout = dataconn(name, st.st_size, "w");
-	if (dout == NULL)
-		goto done;
-	set_buffer_size(fileno(dout), 0);
-	send_data(fin, dout);
-	fclose(dout);
-	data = -1;
-	pdata = -1;
-done:
-	if (cmd == 0)
-		LOGBYTES("get", name, byte_count);
-	(*closefunc)(fin);
-}
-
-/* filename sanity check */
-
-int 
-filename_check(char *filename)
-{
-    char *p;
-
-    p = strrchr(filename, '/');
-    if(p)
-	filename = p + 1;
-
-    p = filename;
-
-    if(isalnum((unsigned char)*p)){
-	p++;
-	while(*p && (isalnum((unsigned char)*p) || strchr(good_chars, (unsigned char)*p)))
-	    p++;
-	if(*p == '\0')
-	    return 0;
-    }
-    lreply(553, "\"%s\" is not an acceptable filename.", filename);
-    lreply(553, "The filename must start with an alphanumeric "
-	   "character and must only");
-    reply(553, "consist of alphanumeric characters or any of the following: %s", 
-	  good_chars);
-    return 1;
-}
-
-void
-do_store(char *name, char *mode, int unique)
-{
-	FILE *fout, *din;
-	struct stat st;
-	int (*closefunc) (FILE *);
-
-	if(guest && filename_check(name))
-	    return;
-	if (unique && stat(name, &st) == 0 &&
-	    (name = gunique(name)) == NULL) {
-		LOGCMD(*mode == 'w' ? "put" : "append", name);
-		return;
-	}
-
-	if (restart_point)
-		mode = "r+";
-	fout = fopen(name, mode);
-	closefunc = fclose;
-	if (fout == NULL) {
-		perror_reply(553, name);
-		LOGCMD(*mode == 'w' ? "put" : "append", name);
-		return;
-	}
-	byte_count = -1;
-	if (restart_point) {
-		if (type == TYPE_A) {
-			off_t i, n;
-			int c;
-
-			n = restart_point;
-			i = 0;
-			while (i++ < n) {
-				if ((c=getc(fout)) == EOF) {
-					perror_reply(550, name);
-					goto done;
-				}
-				if (c == '\n')
-					i++;
-			}
-			/*
-			 * We must do this seek to "current" position
-			 * because we are changing from reading to
-			 * writing.
-			 */
-			if (fseek(fout, 0L, SEEK_CUR) < 0) {
-				perror_reply(550, name);
-				goto done;
-			}
-		} else if (lseek(fileno(fout), restart_point, SEEK_SET) < 0) {
-			perror_reply(550, name);
-			goto done;
-		}
-	}
-	din = dataconn(name, (off_t)-1, "r");
-	if (din == NULL)
-		goto done;
-	set_buffer_size(fileno(din), 1);
-	if (receive_data(din, fout) == 0) {
-	    if((*closefunc)(fout) < 0)
-		perror_reply(552, name);
-	    else {
-		if (unique)
-			reply(226, "Transfer complete (unique file name:%s).",
-			    name);
-		else
-			reply(226, "Transfer complete.");
-	    }
-	} else
-	    (*closefunc)(fout);
-	fclose(din);
-	data = -1;
-	pdata = -1;
-done:
-	LOGBYTES(*mode == 'w' ? "put" : "append", name, byte_count);
-}
-
-static FILE *
-getdatasock(const char *mode, int domain)
-{
-	int s, t, tries;
-
-	if (data >= 0)
-		return (fdopen(data, mode));
-	if (seteuid(0) < 0)
-		fatal("Failed to seteuid");
-	s = socket(domain, SOCK_STREAM, 0);
-	if (s < 0)
-		goto bad;
-	socket_set_reuseaddr (s, 1);
-	/* anchor socket to avoid multi-homing problems */
-	socket_set_address_and_port (data_source,
-				     socket_get_address (ctrl_addr),
-				     socket_get_port (data_source));
-
-	for (tries = 1; ; tries++) {
-		if (bind(s, data_source,
-			 socket_sockaddr_size (data_source)) >= 0)
-			break;
-		if (errno != EADDRINUSE || tries > 10)
-			goto bad;
-		sleep(tries);
-	}
-	if (seteuid(pw->pw_uid) < 0)
-		fatal("Failed to seteuid");
-#ifdef IPTOS_THROUGHPUT
-	socket_set_tos (s, IPTOS_THROUGHPUT);
-#endif
-	return (fdopen(s, mode));
-bad:
-	/* Return the real value of errno (close may change it) */
-	t = errno;
-	if (seteuid((uid_t)pw->pw_uid) < 0)
-		fatal("Failed to seteuid");
-	close(s);
-	errno = t;
-	return (NULL);
-}
-
-static int
-accept_with_timeout(int socket, 
-		    struct sockaddr *address,
-		    socklen_t *address_len,
-		    struct timeval *timeout)
-{
-    int ret;
-    fd_set rfd;
-    FD_ZERO(&rfd);
-    FD_SET(socket, &rfd);
-    ret = select(socket + 1, &rfd, NULL, NULL, timeout);
-    if(ret < 0)
-	return ret;
-    if(ret == 0) {
-	errno = ETIMEDOUT;
-	return -1;
-    }
-    return accept(socket, address, address_len);
-}
-
-static FILE *
-dataconn(const char *name, off_t size, const char *mode)
-{
-	char sizebuf[32];
-	FILE *file;
-	int domain, retry = 0;
-
-	file_size = size;
-	byte_count = 0;
-	if (size >= 0)
-	    snprintf(sizebuf, sizeof(sizebuf), " (%ld bytes)", (long)size);
-	else
-	    *sizebuf = '\0';
-	if (pdata >= 0) {
-		struct sockaddr_storage from_ss;
-		struct sockaddr *from = (struct sockaddr *)&from_ss;
-		struct timeval timeout;
-		int s;
-		socklen_t fromlen = sizeof(from_ss);
-
-		timeout.tv_sec = 15;
-		timeout.tv_usec = 0;
-		s = accept_with_timeout(pdata, from, &fromlen, &timeout);
-		if (s < 0) {
-			reply(425, "Can't open data connection.");
-			close(pdata);
-			pdata = -1;
-			return (NULL);
-		}
-		close(pdata);
-		pdata = s;
-#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
-		{
-		    int tos = IPTOS_THROUGHPUT;
-		    
-		    setsockopt(s, IPPROTO_IP, IP_TOS, (void *)&tos,
-			       sizeof(tos));
-		}
-#endif
-		reply(150, "Opening %s mode data connection for '%s'%s.",
-		     type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf);
-		return (fdopen(pdata, mode));
-	}
-	if (data >= 0) {
-		reply(125, "Using existing data connection for '%s'%s.",
-		    name, sizebuf);
-		usedefault = 1;
-		return (fdopen(data, mode));
-	}
-	if (usedefault)
-		data_dest = his_addr;
-	usedefault = 1;
-	/* 
-	 * Default to using the same socket type as the ctrl address,
-	 * unless we know the type of the data address.
-	 */
-	domain = data_dest->sa_family;
-	if (domain == PF_UNSPEC)
-	    domain = ctrl_addr->sa_family;
-
-	file = getdatasock(mode, domain);
-	if (file == NULL) {
-		char data_addr[256];
-
-		if (inet_ntop (data_source->sa_family,
-			       socket_get_address(data_source),
-			       data_addr, sizeof(data_addr)) == NULL)
-			strlcpy (data_addr, "unknown address",
-					 sizeof(data_addr));
-
-		reply(425, "Can't create data socket (%s,%d): %s.",
-		      data_addr,
-		      socket_get_port (data_source),
-		      strerror(errno));
-		return (NULL);
-	}
-	data = fileno(file);
-	while (connect(data, data_dest,
-		       socket_sockaddr_size(data_dest)) < 0) {
-		if (errno == EADDRINUSE && retry < swaitmax) {
-			sleep(swaitint);
-			retry += swaitint;
-			continue;
-		}
-		perror_reply(425, "Can't build data connection");
-		fclose(file);
-		data = -1;
-		return (NULL);
-	}
-	reply(150, "Opening %s mode data connection for '%s'%s.",
-	     type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf);
-	return (file);
-}
-
-/*
- * Tranfer the contents of "instr" to "outstr" peer using the appropriate
- * encapsulation of the data subject * to Mode, Structure, and Type.
- *
- * NB: Form isn't handled.
- */
-static void
-send_data(FILE *instr, FILE *outstr)
-{
-	int c, cnt, filefd, netfd;
-	static char *buf;
-	static size_t bufsize;
-
-	transflag = 1;
-	switch (type) {
-
-	case TYPE_A:
-	    while ((c = getc(instr)) != EOF) {
-		if (urgflag && handleoobcmd())
-		    return;
-		byte_count++;
-		if(c == '\n')
-		    sec_putc('\r', outstr);
-		sec_putc(c, outstr);
-	    }
-	    sec_fflush(outstr);
-	    transflag = 0;
-	    urgflag = 0;
-	    if (ferror(instr))
-		goto file_err;
-	    if (ferror(outstr))
-		goto data_err;
-	    reply(226, "Transfer complete.");
-	    return;
-		
-	case TYPE_I:
-	case TYPE_L:
-#if 0 /* XXX handle urg flag */
-#if defined(HAVE_MMAP) && !defined(NO_MMAP)
-#ifndef MAP_FAILED
-#define MAP_FAILED (-1)
-#endif
-	    {
-		struct stat st;
-		char *chunk;
-		int in = fileno(instr);
-		if(fstat(in, &st) == 0 && S_ISREG(st.st_mode) 
-		   && st.st_size > 0) {
-		    /*
-		     * mmap zero bytes has potential of loosing, don't do it.
-		     */
-		    chunk = mmap(0, st.st_size, PROT_READ,
-				 MAP_SHARED, in, 0);
-		    if((void *)chunk != (void *)MAP_FAILED) {
-			cnt = st.st_size - restart_point;
-			sec_write(fileno(outstr), chunk + restart_point, cnt);
-			if (munmap(chunk, st.st_size) < 0)
-			    warn ("munmap");
-			sec_fflush(outstr);
-			byte_count = cnt;
-			transflag = 0;
-			urgflag = 0;
-		    }
-		}
-	    }
-#endif
-#endif
-	if(transflag) {
-	    struct stat st;
-
-	    netfd = fileno(outstr);
-	    filefd = fileno(instr);
-	    buf = alloc_buffer (buf, &bufsize,
-				fstat(filefd, &st) >= 0 ? &st : NULL);
-	    if (buf == NULL) {
-		transflag = 0;
-		urgflag = 0;
-		perror_reply(451, "Local resource failure: malloc");
-		return;
-	    }
-	    while ((cnt = read(filefd, buf, bufsize)) > 0 &&
-		   sec_write(netfd, buf, cnt) == cnt) {
-		byte_count += cnt;
-		if (urgflag && handleoobcmd())
-		    return;
-	    }
-	    sec_fflush(outstr); /* to end an encrypted stream */
-	    transflag = 0;
-	    urgflag = 0;
-	    if (cnt != 0) {
-		if (cnt < 0)
-		    goto file_err;
-		goto data_err;
-	    }
-	}
-	reply(226, "Transfer complete.");
-	return;
-	default:
-	    transflag = 0;
-	    urgflag = 0;
-	    reply(550, "Unimplemented TYPE %d in send_data", type);
-	    return;
-	}
-
-data_err:
-	transflag = 0;
-	urgflag = 0;
-	perror_reply(426, "Data connection");
-	return;
-
-file_err:
-	transflag = 0;
-	urgflag = 0;
-	perror_reply(551, "Error on input file");
-}
-
-/*
- * Transfer data from peer to "outstr" using the appropriate encapulation of
- * the data subject to Mode, Structure, and Type.
- *
- * N.B.: Form isn't handled.
- */
-static int
-receive_data(FILE *instr, FILE *outstr)
-{
-    int cnt, bare_lfs = 0;
-    static char *buf;
-    static size_t bufsize;
-    struct stat st;
-
-    transflag = 1;
-
-    buf = alloc_buffer (buf, &bufsize,
-			fstat(fileno(outstr), &st) >= 0 ? &st : NULL);
-    if (buf == NULL) {
-	transflag = 0;
-	urgflag = 0;
-	perror_reply(451, "Local resource failure: malloc");
-	return -1;
-    }
-    
-    switch (type) {
-
-    case TYPE_I:
-    case TYPE_L:
-	while ((cnt = sec_read(fileno(instr), buf, bufsize)) > 0) {
-	    if (write(fileno(outstr), buf, cnt) != cnt)
-		goto file_err;
-	    byte_count += cnt;
-	    if (urgflag && handleoobcmd())
-		return (-1);
-	}
-	if (cnt < 0)
-	    goto data_err;
-	transflag = 0;
-	urgflag = 0;
-	return (0);
-
-    case TYPE_E:
-	reply(553, "TYPE E not implemented.");
-	transflag = 0;
-	urgflag = 0;
-	return (-1);
-
-    case TYPE_A:
-    {
-	char *p, *q;
-	int cr_flag = 0;
-	while ((cnt = sec_read(fileno(instr),
-				buf + cr_flag, 
-				bufsize - cr_flag)) > 0){
-	    if (urgflag && handleoobcmd())
-		return (-1);
-	    byte_count += cnt;
-	    cnt += cr_flag;
-	    cr_flag = 0;
-	    for(p = buf, q = buf; p < buf + cnt;) {
-		if(*p == '\n')
-		    bare_lfs++;
-		if(*p == '\r') {
-		    if(p == buf + cnt - 1){
-			cr_flag = 1;
-			p++;
-			continue;
-		    }else if(p[1] == '\n'){
-			*q++ = '\n';
-			p += 2;
-			continue;
-		    }
-		}
-		*q++ = *p++;
-	    }
-	    fwrite(buf, q - buf, 1, outstr);
-	    if(cr_flag)
-		buf[0] = '\r';
-	}
-	if(cr_flag)
-	    putc('\r', outstr);
-	fflush(outstr);
-	if (ferror(instr))
-	    goto data_err;
-	if (ferror(outstr))
-	    goto file_err;
-	transflag = 0;
-	urgflag = 0;
-	if (bare_lfs) {
-	    lreply(226, "WARNING! %d bare linefeeds received in ASCII mode\r\n"
-		   "    File may not have transferred correctly.\r\n",
-		   bare_lfs);
-	}
-	return (0);
-    }
-    default:
-	reply(550, "Unimplemented TYPE %d in receive_data", type);
-	transflag = 0;
-	urgflag = 0;
-	return (-1);
-    }
-	
-data_err:
-    transflag = 0;
-    urgflag = 0;
-    perror_reply(426, "Data Connection");
-    return (-1);
-	
-file_err:
-    transflag = 0;
-    urgflag = 0;
-    perror_reply(452, "Error writing file");
-    return (-1);
-}
-
-void
-statfilecmd(char *filename)
-{
-	FILE *fin;
-	int c;
-	char line[LINE_MAX];
-
-	snprintf(line, sizeof(line), "/bin/ls -la -- %s", filename);
-	fin = ftpd_popen(line, "r", 1, 0);
-	lreply(211, "status of %s:", filename);
-	while ((c = getc(fin)) != EOF) {
-		if (c == '\n') {
-			if (ferror(stdout)){
-				perror_reply(421, "control connection");
-				ftpd_pclose(fin);
-				dologout(1);
-				/* NOTREACHED */
-			}
-			if (ferror(fin)) {
-				perror_reply(551, filename);
-				ftpd_pclose(fin);
-				return;
-			}
-			putc('\r', stdout);
-		}
-		putc(c, stdout);
-	}
-	ftpd_pclose(fin);
-	reply(211, "End of Status");
-}
-
-void
-statcmd(void)
-{
-#if 0
-	struct sockaddr_in *sin;
-	u_char *a, *p;
-
-	lreply(211, "%s FTP server (%s) status:", hostname, version);
-	printf("     %s\r\n", version);
-	printf("     Connected to %s", remotehost);
-	if (!isdigit((unsigned char)remotehost[0]))
-		printf(" (%s)", inet_ntoa(his_addr.sin_addr));
-	printf("\r\n");
-	if (logged_in) {
-		if (guest)
-			printf("     Logged in anonymously\r\n");
-		else
-			printf("     Logged in as %s\r\n", pw->pw_name);
-	} else if (askpasswd)
-		printf("     Waiting for password\r\n");
-	else
-		printf("     Waiting for user name\r\n");
-	printf("     TYPE: %s", typenames[type]);
-	if (type == TYPE_A || type == TYPE_E)
-		printf(", FORM: %s", formnames[form]);
-	if (type == TYPE_L)
-#if NBBY == 8
-		printf(" %d", NBBY);
-#else
-		printf(" %d", bytesize);	/* need definition! */
-#endif
-	printf("; STRUcture: %s; transfer MODE: %s\r\n",
-	    strunames[stru], modenames[mode]);
-	if (data != -1)
-		printf("     Data connection open\r\n");
-	else if (pdata != -1) {
-		printf("     in Passive mode");
-		sin = &pasv_addr;
-		goto printaddr;
-	} else if (usedefault == 0) {
-		printf("     PORT");
-		sin = &data_dest;
-printaddr:
-		a = (u_char *) &sin->sin_addr;
-		p = (u_char *) &sin->sin_port;
-#define UC(b) (((int) b) & 0xff)
-		printf(" (%d,%d,%d,%d,%d,%d)\r\n", UC(a[0]),
-			UC(a[1]), UC(a[2]), UC(a[3]), UC(p[0]), UC(p[1]));
-#undef UC
-	} else
-		printf("     No data connection\r\n");
-#endif
-	reply(211, "End of status");
-}
-
-void
-fatal(char *s)
-{
-
-	reply(451, "Error in server: %s\n", s);
-	reply(221, "Closing connection due to server error.");
-	dologout(0);
-	/* NOTREACHED */
-}
-
-static void
-int_reply(int, char *, const char *, va_list)
-#ifdef __GNUC__
-__attribute__ ((format (printf, 3, 0)))
-#endif
-;
-
-static void
-int_reply(int n, char *c, const char *fmt, va_list ap)
-{
-    char buf[10240];
-    char *p;
-    p=buf;
-    if(n){
-	snprintf(p, sizeof(buf), "%d%s", n, c);
-	p+=strlen(p);
-    }
-    vsnprintf(p, sizeof(buf) - strlen(p), fmt, ap);
-    p+=strlen(p);
-    snprintf(p, sizeof(buf) - strlen(p), "\r\n");
-    p+=strlen(p);
-    sec_fprintf(stdout, "%s", buf);
-    fflush(stdout);
-    if (debug)
-	syslog(LOG_DEBUG, "<--- %s- ", buf);
-}
-
-void
-reply(int n, const char *fmt, ...)
-{
-  va_list ap;
-  va_start(ap, fmt);
-  int_reply(n, " ", fmt, ap);
-  delete_ftp_command();
-  va_end(ap);
-}
-
-void
-lreply(int n, const char *fmt, ...)
-{
-  va_list ap;
-  va_start(ap, fmt);
-  int_reply(n, "-", fmt, ap);
-  va_end(ap);
-}
-
-void
-nreply(const char *fmt, ...)
-{
-  va_list ap;
-  va_start(ap, fmt);
-  int_reply(0, NULL, fmt, ap);
-  va_end(ap);
-}
-
-static void
-ack(char *s)
-{
-
-	reply(250, "%s command successful.", s);
-}
-
-void
-nack(char *s)
-{
-
-	reply(502, "%s command not implemented.", s);
-}
-
-void
-do_delete(char *name)
-{
-	struct stat st;
-
-	LOGCMD("delete", name);
-	if (stat(name, &st) < 0) {
-		perror_reply(550, name);
-		return;
-	}
-	if ((st.st_mode&S_IFMT) == S_IFDIR) {
-		if (rmdir(name) < 0) {
-			perror_reply(550, name);
-			return;
-		}
-		goto done;
-	}
-	if (unlink(name) < 0) {
-		perror_reply(550, name);
-		return;
-	}
-done:
-	ack("DELE");
-}
-
-void
-cwd(char *path)
-{
-
-	if (chdir(path) < 0)
-		perror_reply(550, path);
-	else
-		ack("CWD");
-}
-
-void
-makedir(char *name)
-{
-
-	LOGCMD("mkdir", name);
-	if(guest && filename_check(name))
-	    return;
-	if (mkdir(name, 0777) < 0)
-		perror_reply(550, name);
-	else{
-	    if(guest)
-		chmod(name, 0700); /* guest has umask 777 */
-	    reply(257, "MKD command successful.");
-	}
-}
-
-void
-removedir(char *name)
-{
-
-	LOGCMD("rmdir", name);
-	if (rmdir(name) < 0)
-		perror_reply(550, name);
-	else
-		ack("RMD");
-}
-
-void
-pwd(void)
-{
-    char path[MaxPathLen];
-    char *ret;
-
-    /* SunOS has a broken getcwd that does popen(pwd) (!!!), this
-     * failes miserably when running chroot 
-     */
-    ret = getcwd(path, sizeof(path));
-    if (ret == NULL)
-	reply(550, "%s.", strerror(errno));
-    else
-	reply(257, "\"%s\" is current directory.", path);
-}
-
-char *
-renamefrom(char *name)
-{
-	struct stat st;
-
-	if (stat(name, &st) < 0) {
-		perror_reply(550, name);
-		return NULL;
-	}
-	reply(350, "File exists, ready for destination name");
-	return (name);
-}
-
-void
-renamecmd(char *from, char *to)
-{
-
-	LOGCMD2("rename", from, to);
-	if(guest && filename_check(to))
-	    return;
-	if (rename(from, to) < 0)
-		perror_reply(550, "rename");
-	else
-		ack("RNTO");
-}
-
-static void
-dolog(struct sockaddr *sa, int len)
-{
-	getnameinfo_verified (sa, len, remotehost, sizeof(remotehost),
-			      NULL, 0, 0);
-#ifdef HAVE_SETPROCTITLE
-	snprintf(proctitle, sizeof(proctitle), "%s: connected", remotehost);
-	setproctitle("%s", proctitle);
-#endif /* HAVE_SETPROCTITLE */
-
-	if (logging) {
-		char data_addr[256];
-
-		if (inet_ntop (his_addr->sa_family,
-			       socket_get_address(his_addr),
-			       data_addr, sizeof(data_addr)) == NULL)
-			strlcpy (data_addr, "unknown address",
-					 sizeof(data_addr));
-
-
-		syslog(LOG_INFO, "connection from %s(%s)",
-		       remotehost,
-		       data_addr);
-	}
-}
-
-/*
- * Record logout in wtmp file
- * and exit with supplied status.
- */
-void
-dologout(int status)
-{
-    transflag = 0;
-    urgflag = 0;
-    if (logged_in) {
-#if KRB4 || KRB5
-	cond_kdestroy();
-#endif
-	seteuid((uid_t)0); /* No need to check, we call exit() below */
-	ftpd_logwtmp(ttyline, "", "");
-    }
-    /* beware of flushing buffers after a SIGPIPE */
-#ifdef XXX
-    exit(status);
-#else
-    _exit(status);
-#endif	
-}
-
-void abor(void)
-{
-    if (!transflag)
-	return;
-    reply(426, "Transfer aborted. Data connection closed.");
-    reply(226, "Abort successful");
-    transflag = 0;
-}
-
-static void
-myoob(int signo)
-{
-    urgflag = 1;
-}
-
-static char *
-mec_space(char *p)
-{
-    while(isspace(*(unsigned char *)p))
-	  p++;
-    return p;
-}
-
-static int
-handleoobcmd(void)
-{
-	char *cp;
-
-	/* only process if transfer occurring */
-	if (!transflag)
-		return 0;
-
-	urgflag = 0;
-
-	cp = tmpline;
-	if (ftpd_getline(cp, sizeof(tmpline)) == NULL) {
-		reply(221, "You could at least say goodbye.");
-		dologout(0);
-	}
-
-	if (strncasecmp("MIC", cp, 3) == 0) {
-	    mec(mec_space(cp + 3), prot_safe);
-	} else if (strncasecmp("CONF", cp, 4) == 0) {
-	    mec(mec_space(cp + 4), prot_confidential);
-	} else if (strncasecmp("ENC", cp, 3) == 0) {
-	    mec(mec_space(cp + 3), prot_private);
-	} else if (!allow_insecure_oob) {
-	    reply(533, "Command protection level denied "
-		  "for paranoid reasons.");
-	    goto out;
-	}
-
-	if (secure_command())
-	    cp = ftp_command;
-
-	if (strcasecmp(cp, "ABOR\r\n") == 0) {
-		abor();
-	} else if (strcasecmp(cp, "STAT\r\n") == 0) {
-		if (file_size != (off_t) -1)
-			reply(213, "Status: %ld of %ld bytes transferred",
-			      (long)byte_count,
-			      (long)file_size);
-		else
-			reply(213, "Status: %ld bytes transferred",
-			      (long)byte_count);
-	}
-out:
-	return (transflag == 0);
-}
-
-/*
- * Note: a response of 425 is not mentioned as a possible response to
- *	the PASV command in RFC959. However, it has been blessed as
- *	a legitimate response by Jon Postel in a telephone conversation
- *	with Rick Adams on 25 Jan 89.
- */
-void
-pasv(void)
-{
-	socklen_t len;
-	char *p, *a;
-	struct sockaddr_in *sin;
-
-	if (ctrl_addr->sa_family != AF_INET) {
-		reply(425,
-		      "You cannot do PASV with something that's not IPv4");
-		return;
-	}
-
-	if(pdata != -1)
-	    close(pdata);
-
-	pdata = socket(ctrl_addr->sa_family, SOCK_STREAM, 0);
-	if (pdata < 0) {
-		perror_reply(425, "Can't open passive connection");
-		return;
-	}
-	pasv_addr->sa_family = ctrl_addr->sa_family;
-	socket_set_address_and_port (pasv_addr,
-				     socket_get_address (ctrl_addr),
-				     0);
-	socket_set_portrange(pdata, restricted_data_ports, 
-	    pasv_addr->sa_family); 
-	if (seteuid(0) < 0)
-		fatal("Failed to seteuid");
-	if (bind(pdata, pasv_addr, socket_sockaddr_size (pasv_addr)) < 0) {
-		if (seteuid(pw->pw_uid) < 0)
-			fatal("Failed to seteuid");
-		goto pasv_error;
-	}
-	if (seteuid(pw->pw_uid) < 0)
-		fatal("Failed to seteuid");
-	len = sizeof(pasv_addr_ss);
-	if (getsockname(pdata, pasv_addr, &len) < 0)
-		goto pasv_error;
-	if (listen(pdata, 1) < 0)
-		goto pasv_error;
-	sin = (struct sockaddr_in *)pasv_addr;
-	a = (char *) &sin->sin_addr;
-	p = (char *) &sin->sin_port;
-
-#define UC(b) (((int) b) & 0xff)
-
-	reply(227, "Entering Passive Mode (%d,%d,%d,%d,%d,%d)", UC(a[0]),
-		UC(a[1]), UC(a[2]), UC(a[3]), UC(p[0]), UC(p[1]));
-	return;
-
-pasv_error:
-	close(pdata);
-	pdata = -1;
-	perror_reply(425, "Can't open passive connection");
-	return;
-}
-
-void
-epsv(char *proto)
-{
-	socklen_t len;
-
-	pdata = socket(ctrl_addr->sa_family, SOCK_STREAM, 0);
-	if (pdata < 0) {
-		perror_reply(425, "Can't open passive connection");
-		return;
-	}
-	pasv_addr->sa_family = ctrl_addr->sa_family;
-	socket_set_address_and_port (pasv_addr,
-				     socket_get_address (ctrl_addr),
-				     0);
-	socket_set_portrange(pdata, restricted_data_ports, 
-	    pasv_addr->sa_family); 
-	if (seteuid(0) < 0)
-		fatal("Failed to seteuid");
-	if (bind(pdata, pasv_addr, socket_sockaddr_size (pasv_addr)) < 0) {
-		if (seteuid(pw->pw_uid))
-			fatal("Failed to seteuid");
-		goto pasv_error;
-	}
-	if (seteuid(pw->pw_uid) < 0)
-		fatal("Failed to seteuid");
-	len = sizeof(pasv_addr_ss);
-	if (getsockname(pdata, pasv_addr, &len) < 0)
-		goto pasv_error;
-	if (listen(pdata, 1) < 0)
-		goto pasv_error;
-
-	reply(229, "Entering Extended Passive Mode (|||%d|)",
-	      ntohs(socket_get_port (pasv_addr)));
-	return;
-
-pasv_error:
-	close(pdata);
-	pdata = -1;
-	perror_reply(425, "Can't open passive connection");
-	return;
-}
-
-void
-eprt(char *str)
-{
-	char *end;
-	char sep;
-	int af;
-	int ret;
-	int port;
-
-	usedefault = 0;
-	if (pdata >= 0) {
-	    close(pdata);
-	    pdata = -1;
-	}
-
-	sep = *str++;
-	if (sep == '\0') {
-		reply(500, "Bad syntax in EPRT");
-		return;
-	}
-	af = strtol (str, &end, 0);
-	if (af == 0 || *end != sep) {
-		reply(500, "Bad syntax in EPRT");
-		return;
-	}
-	str = end + 1;
-	switch (af) {
-#ifdef HAVE_IPV6
-	case 2 :
-	    data_dest->sa_family = AF_INET6;
-	    break;
-#endif		
-	case 1 :
-	    data_dest->sa_family = AF_INET;
-		break;
-	default :
-		reply(522, "Network protocol %d not supported, use (1"
-#ifdef HAVE_IPV6
-		      ",2"
-#endif
-		      ")", af);
-		return;
-	}
-	end = strchr (str, sep);
-	if (end == NULL) {
-		reply(500, "Bad syntax in EPRT");
-		return;
-	}
-	*end = '\0';
-	ret = inet_pton (data_dest->sa_family, str,
-			 socket_get_address (data_dest));
-
-	if (ret != 1) {
-		reply(500, "Bad address syntax in EPRT");
-		return;
-	}
-	str = end + 1;
-	port = strtol (str, &end, 0);
-	if (port == 0 || *end != sep) {
-		reply(500, "Bad port syntax in EPRT");
-		return;
-	}
-	socket_set_port (data_dest, htons(port));
-	reply(200, "EPRT command successful.");
-}
-
-/*
- * Generate unique name for file with basename "local".
- * The file named "local" is already known to exist.
- * Generates failure reply on error.
- */
-static char *
-gunique(char *local)
-{
-	static char new[MaxPathLen];
-	struct stat st;
-	int count;
-	char *cp;
-
-	cp = strrchr(local, '/');
-	if (cp)
-		*cp = '\0';
-	if (stat(cp ? local : ".", &st) < 0) {
-		perror_reply(553, cp ? local : ".");
-		return NULL;
-	}
-	if (cp)
-		*cp = '/';
-	for (count = 1; count < 100; count++) {
-		snprintf (new, sizeof(new), "%s.%d", local, count);
-		if (stat(new, &st) < 0)
-			return (new);
-	}
-	reply(452, "Unique file name cannot be created.");
-	return (NULL);
-}
-
-/*
- * Format and send reply containing system error number.
- */
-void
-perror_reply(int code, const char *string)
-{
-	reply(code, "%s: %s.", string, strerror(errno));
-}
-
-static char *onefile[] = {
-	"",
-	0
-};
-
-void
-list_file(char *file)
-{
-    if(use_builtin_ls) {
-	FILE *dout;
-	dout = dataconn(file, -1, "w");
-	if (dout == NULL)
-	    return;
-	set_buffer_size(fileno(dout), 0);
-	if(builtin_ls(dout, file) == 0)
-	    reply(226, "Transfer complete.");
-	else
-	    reply(451, "Requested action aborted. Local error in processing.");
-	fclose(dout);
-	data = -1;
-	pdata = -1;
-    } else {
-#ifdef HAVE_LS_A
-	const char *cmd = "/bin/ls -lA %s";
-#else
-	const char *cmd = "/bin/ls -la %s";
-#endif
-	retrieve(cmd, file);
-    }
-}
-
-void
-send_file_list(char *whichf)
-{
-    struct stat st;
-    DIR *dirp = NULL;
-    struct dirent *dir;
-    FILE *dout = NULL;
-    char **dirlist, *dirname;
-    int simple = 0;
-    int freeglob = 0;
-    glob_t gl;
-    char buf[MaxPathLen];
-
-    if (strpbrk(whichf, "~{[*?") != NULL) {
-	int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE|
-#ifdef GLOB_MAXPATH
-	    GLOB_MAXPATH
-#else
-	    GLOB_LIMIT
-#endif
-	    ;
-
-	memset(&gl, 0, sizeof(gl));
-	freeglob = 1;
-	if (glob(whichf, flags, 0, &gl)) {
-	    reply(550, "not found");
-	    goto out;
-	} else if (gl.gl_pathc == 0) {
-	    errno = ENOENT;
-	    perror_reply(550, whichf);
-	    goto out;
-	}
-	dirlist = gl.gl_pathv;
-    } else {
-	onefile[0] = whichf;
-	dirlist = onefile;
-	simple = 1;
-    }
-
-    while ((dirname = *dirlist++)) {
-
-	if (urgflag && handleoobcmd())
-	    goto out;
-
-	if (stat(dirname, &st) < 0) {
-	    /*
-	     * If user typed "ls -l", etc, and the client
-	     * used NLST, do what the user meant.
-	     */
-	    if (dirname[0] == '-' && *dirlist == NULL &&
-		transflag == 0) {
-		list_file(dirname);
-		goto out;
-	    }
-	    perror_reply(550, whichf);
-	    goto out;
-	}
-
-	if (S_ISREG(st.st_mode)) {
-	    if (dout == NULL) {
-		dout = dataconn("file list", (off_t)-1, "w");
-		if (dout == NULL)
-		    goto out;
-		transflag = 1;
-	    }
-	    snprintf(buf, sizeof(buf), "%s%s\n", dirname,
-		     type == TYPE_A ? "\r" : "");
-	    sec_write(fileno(dout), buf, strlen(buf));
-	    byte_count += strlen(dirname) + 1;
-	    continue;
-	} else if (!S_ISDIR(st.st_mode))
-	    continue;
-
-	if ((dirp = opendir(dirname)) == NULL)
-	    continue;
-
-	while ((dir = readdir(dirp)) != NULL) {
-	    char nbuf[MaxPathLen];
-
-	    if (urgflag && handleoobcmd())
-		goto out;
-
-	    if (!strcmp(dir->d_name, "."))
-		continue;
-	    if (!strcmp(dir->d_name, ".."))
-		continue;
-
-	    snprintf(nbuf, sizeof(nbuf), "%s/%s", dirname, dir->d_name);
-
-	    /*
-	     * We have to do a stat to insure it's
-	     * not a directory or special file.
-	     */
-	    if (simple || (stat(nbuf, &st) == 0 &&
-			   S_ISREG(st.st_mode))) {
-		if (dout == NULL) {
-		    dout = dataconn("file list", (off_t)-1, "w");
-		    if (dout == NULL)
-			goto out;
-		    transflag = 1;
-		}
-		if(strncmp(nbuf, "./", 2) == 0)
-		    snprintf(buf, sizeof(buf), "%s%s\n", nbuf +2,
-			     type == TYPE_A ? "\r" : "");
-		else
-		    snprintf(buf, sizeof(buf), "%s%s\n", nbuf,
-			     type == TYPE_A ? "\r" : "");
-		sec_write(fileno(dout), buf, strlen(buf));
-		byte_count += strlen(nbuf) + 1;
-	    }
-	}
-	closedir(dirp);
-    }
-    if (dout == NULL)
-	reply(550, "No files found.");
-    else if (ferror(dout) != 0)
-	perror_reply(550, "Data connection");
-    else
-	reply(226, "Transfer complete.");
-
-out:
-    transflag = 0;
-    if (dout != NULL){
-	sec_write(fileno(dout), buf, 0); /* XXX flush */
-	    
-	fclose(dout);
-    }
-    data = -1;
-    pdata = -1;
-    if (freeglob) {
-	freeglob = 0;
-	globfree(&gl);
-    }
-}
-
-
-int
-find(char *pattern)
-{
-    char line[1024];
-    FILE *f;
-
-    snprintf(line, sizeof(line),
-	     "/bin/locate -d %s -- %s",
-	     ftp_rooted("/etc/locatedb"),
-	     pattern);
-    f = ftpd_popen(line, "r", 1, 1);
-    if(f == NULL){
-	perror_reply(550, "/bin/locate");
-	return 1;
-    }
-    lreply(200, "Output from find.");
-    while(fgets(line, sizeof(line), f)){
-	if(line[strlen(line)-1] == '\n')
-	    line[strlen(line)-1] = 0;
-	nreply("%s", line);
-    }
-    reply(200, "Done");
-    ftpd_pclose(f);
-    return 0;
-}
-
diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpd_locl.h b/crypto/heimdal/appl/ftp/ftpd/ftpd_locl.h
deleted file mode 100644
index f5574e970543..000000000000
--- a/crypto/heimdal/appl/ftp/ftpd/ftpd_locl.h
+++ /dev/null
@@ -1,175 +0,0 @@
-/*
- * Copyright (c) 1998 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: ftpd_locl.h 14933 2005-04-24 19:58:14Z lha $ */
-
-#ifndef __ftpd_locl_h__
-#define __ftpd_locl_h__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-/*
- * FTP server.
- */
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-#include <sys/stat.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
-#include <sys/ioctl.h>
-#endif
-#ifdef HAVE_SYS_IOCCOM_H
-#include <sys/ioccom.h>
-#endif
-#ifdef TIME_WITH_SYS_TIME
-#include <sys/time.h>
-#include <time.h>
-#elif defined(HAVE_SYS_TIME_H)
-#include <sys/time.h>
-#else
-#include <time.h>
-#endif
-#ifdef HAVE_SYS_RESOURCE_H
-#include <sys/resource.h>
-#endif
-#ifdef HAVE_SYS_WAIT_H
-#include <sys/wait.h>
-#endif
-
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN_SYSTM_H
-#include <netinet/in_systm.h>
-#endif
-#ifdef HAVE_NETINET_IP_H
-#include <netinet/ip.h>
-#endif
-
-#ifdef HAVE_SYS_MMAN_H
-#include <sys/mman.h>
-#endif
-
-#include <arpa/ftp.h>
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_ARPA_TELNET_H
-#include <arpa/telnet.h>
-#endif
-
-#include <ctype.h>
-#ifdef HAVE_DIRENT_H
-#include <dirent.h>
-#endif
-#include <errno.h>
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#include <glob.h>
-#include <limits.h>
-#ifdef HAVE_PWD_H
-#include <pwd.h>
-#endif
-#include <signal.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdarg.h>
-#include <string.h>
-#ifdef HAVE_SYSLOG_H
-#include <syslog.h>
-#endif
-#include <time.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_GRP_H
-#include <grp.h>
-#endif
-#include <fnmatch.h>
-
-#ifdef HAVE_BSD_BSD_H
-#include <bsd/bsd.h>
-#endif
-
-#include <err.h>
-#include "roken.h"
-
-#include "pathnames.h"
-#include "extern.h"
-#include "common.h"
-
-#include "security.h"
-
-#ifdef KRB5
-#include <krb5.h>
-#endif /* KRB5 */
-
-#ifdef KRB4
-#include <krb.h>
-#endif
-
-#if defined(KRB4) || defined(KRB5)
-#include <kafs.h>
-#endif
- 
-#ifdef OTP
-#include <otp.h>
-#endif
-
-#ifdef SOCKS
-#include <socks.h>
-extern int LIBPREFIX(fclose)      (FILE *);
-#endif
-
-/* SunOS doesn't have any declaration of fclose */
-
-int fclose(FILE *stream);
-
-int yyparse(void);
-
-#ifndef LOG_FTP
-#define LOG_FTP LOG_DAEMON
-#endif
-
-#endif /* __ftpd_locl_h__ */
diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpusers.5 b/crypto/heimdal/appl/ftp/ftpd/ftpusers.5
deleted file mode 100644
index 85b5f62b8a46..000000000000
--- a/crypto/heimdal/appl/ftp/ftpd/ftpusers.5
+++ /dev/null
@@ -1,37 +0,0 @@
-.\"	$Id: ftpusers.5 11176 2002-08-20 17:07:29Z joda $
-.\"
-.Dd May 7, 1997
-.Dt FTPUSERS 5
-.Os KTH-KRB
-.Sh NAME
-.Pa /etc/ftpusers
-.Nd FTP access list file
-.Sh DESCRIPTION
-.Pa /etc/ftpusers
-contains a list of users that should be allowed or denied FTP
-access. Each line contains a user, optionally followed by
-.Dq allow
-(anything but
-.Dq allow
-is ignored).  The semi-user
-.Dq *
-matches any user.  Users that has an explicit
-.Dq allow ,
-or that does not match any line, are allowed access. Anyone else is
-denied access.
-.Pp
-Note that this is compatible with the old format, where this file
-contained a list of users that should be denied access.
-.Sh EXAMPLES
-This will deny anyone but
-.Dq foo
-and
-.Dq bar
-to use FTP:
-.Bd -literal
-foo allow
-bar allow
-*
-.Ed
-.Sh SEE ALSO
-.Xr ftpd 8
diff --git a/crypto/heimdal/appl/ftp/ftpd/gss_userok.c b/crypto/heimdal/appl/ftp/ftpd/gss_userok.c
deleted file mode 100644
index 6fa8f7e97571..000000000000
--- a/crypto/heimdal/appl/ftp/ftpd/gss_userok.c
+++ /dev/null
@@ -1,155 +0,0 @@
-/*
- * Copyright (c) 1998 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ftpd_locl.h"
-#include <gssapi.h>
-#include <krb5.h>
-
-RCSID("$Id: gss_userok.c 21222 2007-06-20 10:11:14Z lha $");
-
-/* XXX a bit too much of krb5 dependency here... 
-   What is the correct way to do this? 
-   */
-
-struct gss_krb5_data {
-    krb5_context context;
-};
-
-/* XXX sync with gssapi.c */
-struct gss_data {
-    gss_ctx_id_t context_hdl;
-    char *client_name;
-    gss_cred_id_t delegated_cred_handle;
-    void *mech_data;
-};
-
-int gss_userok(void*, char*); /* to keep gcc happy */
-int gss_session(void*, char*); /* to keep gcc happy */
-
-int
-gss_userok(void *app_data, char *username)
-{
-    struct gss_data *data = app_data;
-    krb5_error_code ret;
-    krb5_principal client;
-    struct gss_krb5_data *kdata;
-
-    kdata = calloc(1, sizeof(struct gss_krb5_data));
-    if (kdata == NULL)
-	return 1;
-    data->mech_data = kdata;
-
-    ret = krb5_init_context(&(kdata->context));
-    if (ret) {
-	free(kdata);
-	return 1;
-    }
-
-    ret = krb5_parse_name(kdata->context, data->client_name, &client);
-    if(ret) {
-	krb5_free_context(kdata->context);
-	free(kdata);
-	return 1;
-    }
-    ret = krb5_kuserok(kdata->context, client, username);
-    if (!ret) {
-	krb5_free_principal(kdata->context, client);
-	krb5_free_context(kdata->context);
-	free(kdata);
-	return 1;
-    }
-        
-    ret = 0;
-    krb5_free_principal(kdata->context, client);
-    return ret;
-}
-
-int
-gss_session(void *app_data, char *username)
-{
-    struct gss_data *data = app_data;
-    krb5_error_code ret;
-    OM_uint32 minor_status;
-    struct gss_krb5_data *kdata;
-
-    ret = 0;
-
-    kdata = (struct gss_krb5_data *)(data->mech_data);
-        
-    /* more of krb-depend stuff :-( */
-    /* gss_add_cred() ? */
-    if (data->delegated_cred_handle != GSS_C_NO_CREDENTIAL) {
-	krb5_ccache ccache = NULL; 
-	const char* ticketfile;
-	struct passwd *kpw;
-           
-	ret = krb5_cc_gen_new(kdata->context, &krb5_fcc_ops, &ccache);
-	if (ret)
-	    goto fail;
-	   
-	ticketfile = krb5_cc_get_name(kdata->context, ccache);
-        
-	ret = gss_krb5_copy_ccache(&minor_status,
-				   data->delegated_cred_handle,
-				   ccache);
-	if (ret) {
-	    ret = 0;
-	    goto fail;
-	}
-           
-	do_destroy_tickets = 1;
-
-	kpw = getpwnam(username);
-           
-	if (kpw == NULL) {
-	    unlink(ticketfile);
-	    ret = 1;
-	    goto fail;
-	}
-
-	chown (ticketfile, kpw->pw_uid, kpw->pw_gid);
-           
-	if (asprintf(&k5ccname, "FILE:%s", ticketfile) != -1) {
-	    esetenv ("KRB5CCNAME", k5ccname, 1);
-	}
-	afslog(NULL, 1);
-    fail:
-	if (ccache)
-	    krb5_cc_close(kdata->context, ccache); 
-    }
-           
-    gss_release_cred(&minor_status, &data->delegated_cred_handle);
-    krb5_free_context(kdata->context);
-    free(kdata);
-    return ret;
-}
diff --git a/crypto/heimdal/appl/ftp/ftpd/gssapi.c b/crypto/heimdal/appl/ftp/ftpd/gssapi.c
deleted file mode 100644
index 9432feb8290e..000000000000
--- a/crypto/heimdal/appl/ftp/ftpd/gssapi.c
+++ /dev/null
@@ -1,528 +0,0 @@
-/*
- * Copyright (c) 1998 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef FTP_SERVER
-#include "ftpd_locl.h"
-#else
-#include "ftp_locl.h"
-#endif
-#include <gssapi.h>
-#include <krb5_err.h>
-
-RCSID("$Id: gssapi.c 21513 2007-07-12 12:45:25Z lha $");
-
-int ftp_do_gss_bindings = 0;
-int ftp_do_gss_delegate = 1;
-
-struct gss_data {
-    gss_ctx_id_t context_hdl;
-    char *client_name;
-    gss_cred_id_t delegated_cred_handle;
-    void *mech_data;
-};
-
-static int
-gss_init(void *app_data)
-{
-    struct gss_data *d = app_data;
-    d->context_hdl = GSS_C_NO_CONTEXT;
-    d->delegated_cred_handle = GSS_C_NO_CREDENTIAL;
-#if defined(FTP_SERVER)
-    return 0;
-#else
-    /* XXX Check the gss mechanism; with  gss_indicate_mechs() ? */
-#ifdef KRB5
-    return !use_kerberos;
-#else
-    return 0;
-#endif /* KRB5 */
-#endif /* FTP_SERVER */
-}
-
-static int
-gss_check_prot(void *app_data, int level)
-{
-    if(level == prot_confidential)
-	return -1;
-    return 0;
-}
-
-static int
-gss_decode(void *app_data, void *buf, int len, int level)
-{
-    OM_uint32 maj_stat, min_stat;
-    gss_buffer_desc input, output;
-    gss_qop_t qop_state;
-    int conf_state;
-    struct gss_data *d = app_data;
-    size_t ret_len;
-
-    input.length = len;
-    input.value = buf;
-    maj_stat = gss_unwrap (&min_stat,
-			   d->context_hdl,
-			   &input,
-			   &output,
-			   &conf_state,
-			   &qop_state);
-    if(GSS_ERROR(maj_stat))
-	return -1;
-    memmove(buf, output.value, output.length);
-    ret_len = output.length;
-    gss_release_buffer(&min_stat, &output);
-    return ret_len;
-}
-
-static int
-gss_overhead(void *app_data, int level, int len)
-{
-    return 100; /* dunno? */
-}
-
-
-static int
-gss_encode(void *app_data, void *from, int length, int level, void **to)
-{
-    OM_uint32 maj_stat, min_stat;
-    gss_buffer_desc input, output;
-    int conf_state;
-    struct gss_data *d = app_data;
-
-    input.length = length;
-    input.value = from;
-    maj_stat = gss_wrap (&min_stat,
-			 d->context_hdl,
-			 level == prot_private,
-			 GSS_C_QOP_DEFAULT,
-			 &input,
-			 &conf_state,
-			 &output);
-    *to = output.value;
-    return output.length;
-}
-
-static void
-sockaddr_to_gss_address (struct sockaddr *sa,
-			 OM_uint32 *addr_type,
-			 gss_buffer_desc *gss_addr)
-{
-    switch (sa->sa_family) {
-#ifdef HAVE_IPV6
-    case AF_INET6 : {
-	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
-
-	gss_addr->length = 16;
-	gss_addr->value  = &sin6->sin6_addr;
-	*addr_type       = GSS_C_AF_INET6;
-	break;
-    }
-#endif
-    case AF_INET : {
-	struct sockaddr_in *sin4 = (struct sockaddr_in *)sa;
-
-	gss_addr->length = 4;
-	gss_addr->value  = &sin4->sin_addr;
-	*addr_type       = GSS_C_AF_INET;
-	break;
-    }
-    default :
-	errx (1, "unknown address family %d", sa->sa_family);
-	
-    }
-}
-
-/* end common stuff */
-
-#ifdef FTP_SERVER
-
-static int
-gss_adat(void *app_data, void *buf, size_t len)
-{
-    char *p = NULL;
-    gss_buffer_desc input_token, output_token;
-    OM_uint32 maj_stat, min_stat;
-    gss_name_t client_name;
-    struct gss_data *d = app_data;
-    gss_channel_bindings_t bindings;
-
-    if (ftp_do_gss_bindings) {
-	bindings = malloc(sizeof(*bindings));
-	if (bindings == NULL)
-	    errx(1, "out of memory");
-
-	sockaddr_to_gss_address (his_addr,
-				 &bindings->initiator_addrtype,
-				 &bindings->initiator_address);
-	sockaddr_to_gss_address (ctrl_addr,
-				 &bindings->acceptor_addrtype,
-				 &bindings->acceptor_address);
-	
-	bindings->application_data.length = 0;
-	bindings->application_data.value = NULL;
-    } else
-	bindings = GSS_C_NO_CHANNEL_BINDINGS;
-
-    input_token.value = buf;
-    input_token.length = len;
-
-    maj_stat = gss_accept_sec_context (&min_stat,
-				       &d->context_hdl,
-				       GSS_C_NO_CREDENTIAL,
-				       &input_token,
-				       bindings,
-				       &client_name,
-				       NULL,
-				       &output_token,
-				       NULL,
-				       NULL,
-				       &d->delegated_cred_handle);
-
-    if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
-	free(bindings);
-
-    if(output_token.length) {
-	if(base64_encode(output_token.value, output_token.length, &p) < 0) {
-	    reply(535, "Out of memory base64-encoding.");
-	    return -1;
-	}
-	gss_release_buffer(&min_stat, &output_token);
-    }
-    if(maj_stat == GSS_S_COMPLETE){
-	char *name;
-	gss_buffer_desc export_name;
-	gss_OID oid;
-
-	maj_stat = gss_display_name(&min_stat, client_name,
-				    &export_name, &oid);
-	if(maj_stat != 0) {
-	    reply(500, "Error displaying name");
-	    goto out;
-	}
-	/* XXX kerberos */
-	if(oid != GSS_KRB5_NT_PRINCIPAL_NAME) {
-	    reply(500, "OID not kerberos principal name");
-	    gss_release_buffer(&min_stat, &export_name);
-	    goto out;
-	}
-	name = malloc(export_name.length + 1);
-	if(name == NULL) {
-	    reply(500, "Out of memory");
-	    gss_release_buffer(&min_stat, &export_name);
-	    goto out;
-	}
-	memcpy(name, export_name.value, export_name.length);
-	name[export_name.length] = '\0';
-	gss_release_buffer(&min_stat, &export_name);
-	d->client_name = name;
-	if(p)
-	    reply(235, "ADAT=%s", p);
-	else
-	    reply(235, "ADAT Complete");
-	sec_complete = 1;
-
-    } else if(maj_stat == GSS_S_CONTINUE_NEEDED) {
-	if(p)
-	    reply(335, "ADAT=%s", p);
-	else
-	    reply(335, "OK, need more data");
-    } else {
-	OM_uint32 new_stat;
-	OM_uint32 msg_ctx = 0;
-	gss_buffer_desc status_string;
-	gss_display_status(&new_stat,
-			   min_stat,
-			   GSS_C_MECH_CODE,
-			   GSS_C_NO_OID,
-			   &msg_ctx,
-			   &status_string);
-	syslog(LOG_ERR, "gss_accept_sec_context: %s", 
-	       (char*)status_string.value);
-	gss_release_buffer(&new_stat, &status_string);
-	reply(431, "Security resource unavailable");
-    }
-  out:
-    if (client_name)
-	gss_release_name(&min_stat, &client_name);
-    free(p);
-    return 0;
-}
-
-int gss_userok(void*, char*);
-int gss_session(void*, char*);
-
-struct sec_server_mech gss_server_mech = {
-    "GSSAPI",
-    sizeof(struct gss_data),
-    gss_init, /* init */
-    NULL, /* end */
-    gss_check_prot,
-    gss_overhead,
-    gss_encode,
-    gss_decode,
-    /* */
-    NULL,
-    gss_adat,
-    NULL, /* pbsz */
-    NULL, /* ccc */
-    gss_userok,
-    gss_session
-};
-
-#else /* FTP_SERVER */
-
-extern struct sockaddr *hisctladdr, *myctladdr;
-
-static int
-import_name(const char *kname, const char *host, gss_name_t *target_name)
-{
-    OM_uint32 maj_stat, min_stat;
-    gss_buffer_desc name;
-    char *str;
-
-    name.length = asprintf(&str, "%s@%s", kname, host);
-    if (str == NULL) {
-	printf("Out of memory\n");
-	return AUTH_ERROR;
-    }
-    name.value = str;
-
-    maj_stat = gss_import_name(&min_stat,
-			       &name,
-			       GSS_C_NT_HOSTBASED_SERVICE,
-			       target_name);
-    if (GSS_ERROR(maj_stat)) {
-	OM_uint32 new_stat;
-	OM_uint32 msg_ctx = 0;
-	gss_buffer_desc status_string;
-	    
-	gss_display_status(&new_stat,
-			   min_stat,
-			   GSS_C_MECH_CODE,
-			   GSS_C_NO_OID,
-			   &msg_ctx,
-			   &status_string);
-	printf("Error importing name %s: %s\n", 
-	       (char *)name.value,
-	       (char *)status_string.value);
-	free(name.value);
-	gss_release_buffer(&new_stat, &status_string);
-	return AUTH_ERROR;
-    }
-    free(name.value);
-    return 0;
-}
-
-static int
-gss_auth(void *app_data, char *host)
-{
-    
-    OM_uint32 maj_stat, min_stat;
-    gss_name_t target_name;
-    gss_buffer_desc input, output_token;
-    int context_established = 0;
-    char *p;
-    int n;
-    gss_channel_bindings_t bindings;
-    struct gss_data *d = app_data;
-    OM_uint32 mech_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
-
-    const char *knames[] = { "ftp", "host", NULL }, **kname = knames;
-	    
-    
-    if(import_name(*kname++, host, &target_name))
-	return AUTH_ERROR;
-
-    input.length = 0;
-    input.value = NULL;
-
-    if (ftp_do_gss_bindings) {
-	bindings = malloc(sizeof(*bindings));
-	if (bindings == NULL)
-	    errx(1, "out of memory");
-	
-	sockaddr_to_gss_address (myctladdr,
-				 &bindings->initiator_addrtype,
-				 &bindings->initiator_address);
-	sockaddr_to_gss_address (hisctladdr,
-				 &bindings->acceptor_addrtype,
-				 &bindings->acceptor_address);
-	
-	bindings->application_data.length = 0;
-	bindings->application_data.value = NULL;
-    } else
-	bindings = GSS_C_NO_CHANNEL_BINDINGS;
-
-    if (ftp_do_gss_delegate)
-	mech_flags |= GSS_C_DELEG_FLAG;
-
-    while(!context_established) {
-	maj_stat = gss_init_sec_context(&min_stat,
-					GSS_C_NO_CREDENTIAL,
-					&d->context_hdl,
-					target_name,
-					GSS_C_NO_OID,
-                                        mech_flags,
-					0,
-					bindings,
-					&input,
-					NULL,
-					&output_token,
-					NULL,
-					NULL);
-	if (GSS_ERROR(maj_stat)) {
-	    OM_uint32 new_stat;
-	    OM_uint32 msg_ctx = 0;
-	    gss_buffer_desc status_string;
-
-	    d->context_hdl = GSS_C_NO_CONTEXT;
-
-	    gss_release_name(&min_stat, &target_name);
-
-	    if(*kname != NULL) {
-
-		if(import_name(*kname++, host, &target_name)) {
-		    if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
-			free(bindings);
-		    return AUTH_ERROR;
-		}
-		continue;
-	    }
-	    
-	    if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
-		free(bindings);
-
-	    gss_display_status(&new_stat,
-			       min_stat,
-			       GSS_C_MECH_CODE,
-			       GSS_C_NO_OID,
-			       &msg_ctx,
-			       &status_string);
-	    printf("Error initializing security context: %s\n", 
-		   (char*)status_string.value);
-	    gss_release_buffer(&new_stat, &status_string);
-	    return AUTH_CONTINUE;
-	}
-
-	if (input.value) {
-	    free(input.value);
-	    input.value = NULL;
-	    input.length = 0;
-	}
-	if (output_token.length != 0) {
-	    base64_encode(output_token.value, output_token.length, &p);
-	    gss_release_buffer(&min_stat, &output_token);
-	    n = command("ADAT %s", p);
-	    free(p);
-	}
-	if (GSS_ERROR(maj_stat)) {
-	    if (d->context_hdl != GSS_C_NO_CONTEXT)
-		gss_delete_sec_context (&min_stat,
-					&d->context_hdl,
-					GSS_C_NO_BUFFER);
-	    break;
-	}
-	if (maj_stat & GSS_S_CONTINUE_NEEDED) {
-	    p = strstr(reply_string, "ADAT=");
-	    if(p == NULL){
-		printf("Error: expected ADAT in reply. got: %s\n",
-		       reply_string);
-		if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
-		    free(bindings);
-		return AUTH_ERROR;
-	    } else {
-		p+=5;
-		input.value = malloc(strlen(p));
-		input.length = base64_decode(p, input.value);
-	    }
-	} else {
-	    if(code != 235) {
-		printf("Unrecognized response code: %d\n", code);
-		if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
-		    free(bindings);
-		return AUTH_ERROR;
-	    }
-	    context_established = 1;
-	}
-    }
-
-    gss_release_name(&min_stat, &target_name);
-
-    if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
-	free(bindings);
-    if (input.value)
-	free(input.value);
-
-    {
-	gss_name_t targ_name;
-
-	maj_stat = gss_inquire_context(&min_stat,
-				       d->context_hdl,
-				       NULL,
-				       &targ_name,
-				       NULL,
-				       NULL,
-				       NULL,
-				       NULL,
-				       NULL);
-	if (GSS_ERROR(maj_stat) == 0) {
-	    gss_buffer_desc name;
-	    maj_stat = gss_display_name (&min_stat,
-					 targ_name,
-					 &name,
-					 NULL);
-	    if (GSS_ERROR(maj_stat) == 0) {
-		printf("Authenticated to <%s>\n", (char *)name.value);
-		gss_release_buffer(&min_stat, &name);
-	    }
-	    gss_release_name(&min_stat, &targ_name);
-	} else
-	    printf("Failed to get gss name of peer.\n");
-    }	    
-
-
-    return AUTH_OK;
-}
-
-struct sec_client_mech gss_client_mech = {
-    "GSSAPI",
-    sizeof(struct gss_data),
-    gss_init,
-    gss_auth,
-    NULL, /* end */
-    gss_check_prot,
-    gss_overhead,
-    gss_encode,
-    gss_decode,
-};
-
-#endif /* FTP_SERVER */
diff --git a/crypto/heimdal/appl/ftp/ftpd/kauth.c b/crypto/heimdal/appl/ftp/ftpd/kauth.c
deleted file mode 100644
index 0f34092d1646..000000000000
--- a/crypto/heimdal/appl/ftp/ftpd/kauth.c
+++ /dev/null
@@ -1,360 +0,0 @@
-/*
- * Copyright (c) 1995 - 1999, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "ftpd_locl.h"
-
-RCSID("$Id: kauth.c 15666 2005-07-19 17:08:11Z lha $");
-
-#if defined(KRB4) || defined(KRB5)
-
-int do_destroy_tickets = 1;
-char *k5ccname;
-
-#endif
-
-#ifdef KRB4
-
-static KTEXT_ST cip;
-static unsigned int lifetime;
-static time_t local_time;
-
-static krb_principal pr;
-
-static int
-save_tkt(const char *user,
-	 const char *instance,
-	 const char *realm,
-	 const void *arg, 
-	 key_proc_t key_proc,
-	 KTEXT *cipp)
-{
-    local_time = time(0);
-    memmove(&cip, *cipp, sizeof(cip));
-    return -1;
-}
-
-static int
-store_ticket(KTEXT cip)
-{
-    char *ptr;
-    des_cblock session;
-    krb_principal sp;
-    unsigned char kvno;
-    KTEXT_ST tkt;
-    int left = cip->length;
-    int len;
-    int kerror;
-    
-    ptr = (char *) cip->dat;
-
-    /* extract session key */
-    memmove(session, ptr, 8);
-    ptr += 8;
-    left -= 8;
-
-    len = strnlen(ptr, left);
-    if (len == left)
-	return(INTK_BADPW);
-    
-    /* extract server's name */
-    strlcpy(sp.name, ptr, sizeof(sp.name));
-    ptr += len + 1;
-    left -= len + 1;
-
-    len = strnlen(ptr, left);
-    if (len == left)
-	return(INTK_BADPW);
-    
-    /* extract server's instance */
-    strlcpy(sp.instance, ptr, sizeof(sp.instance));
-    ptr += len + 1;
-    left -= len + 1;
-
-    len = strnlen(ptr, left);
-    if (len == left)
-	return(INTK_BADPW);
-    
-    /* extract server's realm */
-    strlcpy(sp.realm, ptr, sizeof(sp.realm));
-    ptr += len + 1;
-    left -= len + 1;
-
-    if(left < 3)
-	return INTK_BADPW;
-    /* extract ticket lifetime, server key version, ticket length */
-    /* be sure to avoid sign extension on lifetime! */
-    lifetime = (unsigned char) ptr[0];
-    kvno = (unsigned char) ptr[1];
-    tkt.length = (unsigned char) ptr[2];
-    ptr += 3;
-    left -= 3;
-    
-    if (tkt.length > left)
-	return(INTK_BADPW);
-
-    /* extract ticket itself */
-    memmove(tkt.dat, ptr, tkt.length);
-    ptr += tkt.length;
-    left -= tkt.length;
-
-    /* Here is where the time should be verified against the KDC.
-     * Unfortunately everything is sent in host byte order (receiver
-     * makes wrong) , and at this stage there is no way for us to know
-     * which byteorder the KDC has. So we simply ignore the time,
-     * there are no security risks with this, the only thing that can
-     * happen is that we might receive a replayed ticket, which could
-     * at most be useless.
-     */
-    
-#if 0
-    /* check KDC time stamp */
-    {
-	time_t kdc_time;
-
-	memmove(&kdc_time, ptr, sizeof(kdc_time));
-	if (swap_bytes) swap_u_long(kdc_time);
-
-	ptr += 4;
-    
-	if (abs((int)(local_time - kdc_time)) > CLOCK_SKEW) {
-	    return(RD_AP_TIME);		/* XXX should probably be better
-					   code */
-	}
-    }
-#endif
-
-    /* initialize ticket cache */
-
-    if (tf_create(TKT_FILE) != KSUCCESS)
-	return(INTK_ERR);
-
-    if (tf_put_pname(pr.name) != KSUCCESS ||
-	tf_put_pinst(pr.instance) != KSUCCESS) {
-	tf_close();
-	return(INTK_ERR);
-    }
-
-    
-    kerror = tf_save_cred(sp.name, sp.instance, sp.realm, session, 
-			  lifetime, kvno, &tkt, local_time);
-    tf_close();
-
-    return(kerror);
-}
-
-void
-kauth(char *principal, char *ticket)
-{
-    char *p;
-    int ret;
-  
-    if(get_command_prot() != prot_private) {
-	reply(500, "Request denied (bad protection level)");
-	return;
-    }
-    ret = krb_parse_name(principal, &pr);
-    if(ret){
-	reply(500, "Bad principal: %s.", krb_get_err_text(ret));
-	return;
-    }
-    if(pr.realm[0] == 0)
-	krb_get_lrealm(pr.realm, 1);
-
-    if(ticket){
-	cip.length = base64_decode(ticket, &cip.dat);
-	if(cip.length == -1){
-	    reply(500, "Failed to decode data.");
-	    return;
-	}
-	ret = store_ticket(&cip);
-	if(ret){
-	    reply(500, "Kerberos error: %s.", krb_get_err_text(ret));
-	    memset(&cip, 0, sizeof(cip));
-	    return;
-	}
-	do_destroy_tickets = 1;
-
-	if(k_hasafs())
-	    krb_afslog(0, 0);
-	reply(200, "Tickets will be destroyed on exit.");
-	return;
-    }
-    
-    ret = krb_get_in_tkt (pr.name,
-			  pr.instance,
-			  pr.realm,
-			  KRB_TICKET_GRANTING_TICKET,
-			  pr.realm,
-			  DEFAULT_TKT_LIFE,
-			  NULL, save_tkt, NULL);
-    if(ret != INTK_BADPW){
-	reply(500, "Kerberos error: %s.", krb_get_err_text(ret));
-	return;
-    }
-    if(base64_encode(cip.dat, cip.length, &p) < 0) {
-	reply(500, "Out of memory while base64-encoding.");
-	return;
-    }
-    reply(300, "P=%s T=%s", krb_unparse_name(&pr), p);
-    free(p);
-    memset(&cip, 0, sizeof(cip));
-}
-
-
-static char *
-short_date(int32_t dp)
-{
-    char *cp;
-    time_t t = (time_t)dp;
-
-    if (t == (time_t)(-1L)) return "***  Never  *** ";
-    cp = ctime(&t) + 4;
-    cp[15] = '\0';
-    return (cp);
-}
-
-void
-krbtkfile(const char *tkfile)
-{
-    do_destroy_tickets = 0;
-    krb_set_tkt_string(tkfile);
-    reply(200, "Using ticket file %s", tkfile);
-}
-
-#endif /* KRB4 */
-
-#ifdef KRB5
-
-static void
-dest_cc(void)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    krb5_ccache id;
-    
-    ret = krb5_init_context(&context);
-    if (ret == 0) {
-	if (k5ccname)
-	    ret = krb5_cc_resolve(context, k5ccname, &id);
-	else
-	    ret = krb5_cc_default (context, &id);
-	if (ret)
-	    krb5_free_context(context);
-    }
-    if (ret == 0) {
-	krb5_cc_destroy(context, id);
-	krb5_free_context (context);
-    }
-}
-#endif
-
-#if defined(KRB4) || defined(KRB5)
-
-/*
- * Only destroy if we created the tickets
- */
-
-void
-cond_kdestroy(void)
-{
-    if (do_destroy_tickets) {
-#if KRB4
-	dest_tkt();
-#endif
-#if KRB5
-	dest_cc();
-#endif
-	do_destroy_tickets = 0;
-    }
-    afsunlog();
-}
-
-void
-kdestroy(void)
-{
-#if KRB4
-    dest_tkt();
-#endif
-#if KRB5
-    dest_cc();
-#endif
-    afsunlog();
-    reply(200, "Tickets destroyed");
-}
-
-
-void
-afslog(const char *cell, int quiet)
-{
-    if(k_hasafs()) {
-#ifdef KRB5
-	krb5_context context;
-	krb5_error_code ret;
-	krb5_ccache id;
-
-	ret = krb5_init_context(&context);
-	if (ret == 0) {
-	    if (k5ccname)
-		ret = krb5_cc_resolve(context, k5ccname, &id);
-	    else
-		ret = krb5_cc_default(context, &id);
-	    if (ret)
-		krb5_free_context(context);
-	}
-	if (ret == 0) {
-	    krb5_afslog(context, id, cell, 0);
-	    krb5_cc_close (context, id);
-	    krb5_free_context (context);
-	}
-#endif
-#ifdef KRB4
-	krb_afslog(cell, 0);
-#endif
-	if (!quiet)
-	    reply(200, "afslog done");
-    } else {
-	if (!quiet)
-	    reply(200, "no AFS present");
-    }
-}
-
-void
-afsunlog(void)
-{
-    if(k_hasafs())
-	k_unlog();
-}
-
-#else
-int ftpd_afslog_placeholder;
-#endif /* KRB4 || KRB5 */
diff --git a/crypto/heimdal/appl/ftp/ftpd/klist.c b/crypto/heimdal/appl/ftp/ftpd/klist.c
deleted file mode 100644
index 4afa9b83ccc4..000000000000
--- a/crypto/heimdal/appl/ftp/ftpd/klist.c
+++ /dev/null
@@ -1,178 +0,0 @@
-/*
- * Copyright (c) 1995 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "ftpd_locl.h"
-
-#ifdef KRB5
-
-static int
-print_cred(krb5_context context, krb5_creds *cred)
-{
-    char t1[128], t2[128], *str;
-    krb5_error_code ret;
-    krb5_timestamp sec;
-
-    krb5_timeofday (context, &sec);
-
-    if(cred->times.starttime)
-	krb5_format_time(context, cred->times.starttime, t1, sizeof(t1), 1);
-    else
-	krb5_format_time(context, cred->times.authtime, t1, sizeof(t1), 1);
-    
-    if(cred->times.endtime > sec)
-	krb5_format_time(context, cred->times.endtime, t2, sizeof(t2), 1);
-    else
-	strlcpy(t2, ">>>Expired<<<", sizeof(t2));
-
-    ret = krb5_unparse_name (context, cred->server, &str);
-    if (ret) {
-	lreply(500, "krb5_unparse_name: %d", ret);
-	return 1;
-    }
-
-    lreply(200, "%-20s %-20s %s", t1, t2, str);
-    free(str);
-    return 0;
-}
-
-static int
-print_tickets (krb5_context context,
-	       krb5_ccache ccache,
-	       krb5_principal principal)
-{
-    krb5_error_code ret;
-    krb5_cc_cursor cursor;
-    krb5_creds cred;
-    char *str;
-
-    ret = krb5_unparse_name (context, principal, &str);
-    if (ret) {
-	lreply(500, "krb5_unparse_name: %d", ret);
-	return 500;
-    }
-
-    lreply(200, "%17s: %s:%s", 
-	   "Credentials cache",
-	   krb5_cc_get_type(context, ccache),
-	   krb5_cc_get_name(context, ccache));
-    lreply(200, "%17s: %s", "Principal", str);
-    free (str);
-
-    ret = krb5_cc_start_seq_get (context, ccache, &cursor);
-    if (ret) {
-	lreply(500, "krb5_cc_start_seq_get: %d", ret);
-	return 500;
-    }
-
-    lreply(200, "  Issued               Expires              Principal");
-
-    while ((ret = krb5_cc_next_cred (context,
-				     ccache,
-				     &cursor,
-				     &cred)) == 0) {
-	if (print_cred(context, &cred))
-	    return 500;		
-	krb5_free_cred_contents (context, &cred);
-    }
-    if (ret != KRB5_CC_END) {
-	lreply(500, "krb5_cc_get_next: %d", ret);
-	return 500;
-    }
-    ret = krb5_cc_end_seq_get (context, ccache, &cursor);
-    if (ret) {
-	lreply(500, "krb5_cc_end_seq_get: %d", ret);
-	return 500;
-    }
-
-    return 200;
-}
-
-static int
-klist5(void)
-{
-    krb5_error_code ret;
-    krb5_context context;
-    krb5_ccache ccache;
-    krb5_principal principal;
-    int exit_status = 200;
-
-    ret = krb5_init_context (&context);
-    if (ret) {
-	lreply(500, "krb5_init_context failed: %d", ret);
-	return 500;
-    }
-
-    if (k5ccname)
-	ret = krb5_cc_resolve(context, k5ccname, &ccache);
-    else
-	ret = krb5_cc_default (context, &ccache);
-    if (ret) {
-	lreply(500, "krb5_cc_default: %d", ret);	    
-	return 500;
-    }
-
-    ret = krb5_cc_get_principal (context, ccache, &principal);
-    if (ret) {
-	if(ret == ENOENT)
-	    lreply(500, "No ticket file: %s",
-		   krb5_cc_get_name(context, ccache));
-	else
-	    lreply(500, "krb5_cc_get_principal: %d", ret);
-
-	return 500;
-    }
-    exit_status = print_tickets (context, ccache, principal);
-
-    ret = krb5_cc_close (context, ccache);
-    if (ret) {
-	lreply(500, "krb5_cc_close: %d", ret);	    
-	exit_status = 500;
-    }
-
-    krb5_free_principal (context, principal);
-    krb5_free_context (context);
-    return exit_status;
-}
-#endif
-
-void
-klist(void)
-{
-#if KRB5
-    int res = klist5();
-    reply(res, " ");
-#else
-    reply(500, "Command not implemented.");
-#endif
-}
-
diff --git a/crypto/heimdal/appl/ftp/ftpd/krb4.c b/crypto/heimdal/appl/ftp/ftpd/krb4.c
deleted file mode 100644
index 408b7fa73579..000000000000
--- a/crypto/heimdal/appl/ftp/ftpd/krb4.c
+++ /dev/null
@@ -1,340 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef FTP_SERVER
-#include "ftpd_locl.h"
-#else
-#include "ftp_locl.h"
-#endif
-#include <krb.h>
-
-RCSID("$Id: krb4.c 17450 2006-05-05 11:11:43Z lha $");
-
-#ifdef FTP_SERVER
-#define LOCAL_ADDR ctrl_addr
-#define REMOTE_ADDR his_addr
-#else
-#define LOCAL_ADDR myctladdr
-#define REMOTE_ADDR hisctladdr
-#endif
-
-extern struct sockaddr *LOCAL_ADDR, *REMOTE_ADDR;
-
-struct krb4_data {
-    des_cblock key;
-    des_key_schedule schedule;
-    char name[ANAME_SZ];
-    char instance[INST_SZ];
-    char realm[REALM_SZ];
-};
-
-static int
-krb4_check_prot(void *app_data, int level)
-{
-    if(level == prot_confidential)
-	return -1;
-    return 0;
-}
-
-static int
-krb4_decode(void *app_data, void *buf, int len, int level)
-{
-    MSG_DAT m;
-    int e;
-    struct krb4_data *d = app_data;
-    
-    if(level == prot_safe)
-	e = krb_rd_safe(buf, len, &d->key,
-			(struct sockaddr_in *)REMOTE_ADDR,
-			(struct sockaddr_in *)LOCAL_ADDR, &m);
-    else
-	e = krb_rd_priv(buf, len, d->schedule, &d->key, 
-			(struct sockaddr_in *)REMOTE_ADDR,
-			(struct sockaddr_in *)LOCAL_ADDR, &m);
-    if(e){
-	syslog(LOG_ERR, "krb4_decode: %s", krb_get_err_text(e));
-	return -1;
-    }
-    memmove(buf, m.app_data, m.app_length);
-    return m.app_length;
-}
-
-static int
-krb4_overhead(void *app_data, int level, int len)
-{
-    return 31;
-}
-
-static int
-krb4_encode(void *app_data, void *from, int length, int level, void **to)
-{
-    struct krb4_data *d = app_data;
-    *to = malloc(length + 31);
-    if(level == prot_safe)
-	return krb_mk_safe(from, *to, length, &d->key, 
-			   (struct sockaddr_in *)LOCAL_ADDR,
-			   (struct sockaddr_in *)REMOTE_ADDR);
-    else if(level == prot_private)
-	return krb_mk_priv(from, *to, length, d->schedule, &d->key, 
-			   (struct sockaddr_in *)LOCAL_ADDR,
-			   (struct sockaddr_in *)REMOTE_ADDR);
-    else
-	return -1;
-}
-
-#ifdef FTP_SERVER
-
-static int
-krb4_adat(void *app_data, void *buf, size_t len)
-{
-    KTEXT_ST tkt;
-    AUTH_DAT auth_dat;
-    char *p;
-    int kerror;
-    uint32_t cs;
-    char msg[35]; /* size of encrypted block */
-    int tmp_len;
-    struct krb4_data *d = app_data;
-    char inst[INST_SZ];
-    struct sockaddr_in *his_addr_sin = (struct sockaddr_in *)his_addr;
-
-    memcpy(tkt.dat, buf, len);
-    tkt.length = len;
-
-    k_getsockinst(0, inst, sizeof(inst));
-    kerror = krb_rd_req(&tkt, "ftp", inst, 
-			his_addr_sin->sin_addr.s_addr, &auth_dat, "");
-    if(kerror == RD_AP_UNDEC){
-	k_getsockinst(0, inst, sizeof(inst));
-	kerror = krb_rd_req(&tkt, "rcmd", inst, 
-			    his_addr_sin->sin_addr.s_addr, &auth_dat, "");
-    }
-
-    if(kerror){
-	reply(535, "Error reading request: %s.", krb_get_err_text(kerror));
-	return -1;
-    }
-    
-    memcpy(d->key, auth_dat.session, sizeof(d->key));
-    des_set_key(&d->key, d->schedule);
-
-    strlcpy(d->name, auth_dat.pname, sizeof(d->name));
-    strlcpy(d->instance, auth_dat.pinst, sizeof(d->instance));
-    strlcpy(d->realm, auth_dat.prealm, sizeof(d->instance));
-
-    cs = auth_dat.checksum + 1;
-    {
-	unsigned char tmp[4];
-	KRB_PUT_INT(cs, tmp, 4, sizeof(tmp));
-	tmp_len = krb_mk_safe(tmp, msg, 4, &d->key,
-			      (struct sockaddr_in *)LOCAL_ADDR,
-			      (struct sockaddr_in *)REMOTE_ADDR);
-    }
-    if(tmp_len < 0){
-	reply(535, "Error creating reply: %s.", strerror(errno));
-	return -1;
-    }
-    len = tmp_len;
-    if(base64_encode(msg, len, &p) < 0) {
-	reply(535, "Out of memory base64-encoding.");
-	return -1;
-    }
-    reply(235, "ADAT=%s", p);
-    sec_complete = 1;
-    free(p);
-    return 0;
-}
-
-static int
-krb4_userok(void *app_data, char *user)
-{
-    struct krb4_data *d = app_data;
-    return krb_kuserok(d->name, d->instance, d->realm, user);
-}
-
-struct sec_server_mech krb4_server_mech = {
-    "KERBEROS_V4",
-    sizeof(struct krb4_data),
-    NULL, /* init */
-    NULL, /* end */
-    krb4_check_prot,
-    krb4_overhead,
-    krb4_encode,
-    krb4_decode,
-    /* */
-    NULL,
-    krb4_adat,
-    NULL, /* pbsz */
-    NULL, /* ccc */
-    krb4_userok
-};
-
-#else /* FTP_SERVER */
-
-static int
-krb4_init(void *app_data)
-{
-   return !use_kerberos;
-}
-
-static int
-mk_auth(struct krb4_data *d, KTEXT adat, 
-	char *service, char *host, int checksum)
-{
-    int ret;
-    CREDENTIALS cred;
-    char sname[SNAME_SZ], inst[INST_SZ], realm[REALM_SZ];
-
-    strlcpy(sname, service, sizeof(sname));
-    strlcpy(inst, krb_get_phost(host), sizeof(inst));
-    strlcpy(realm, krb_realmofhost(host), sizeof(realm));
-    ret = krb_mk_req(adat, sname, inst, realm, checksum);
-    if(ret)
-	return ret;
-    strlcpy(sname, service, sizeof(sname));
-    strlcpy(inst, krb_get_phost(host), sizeof(inst));
-    strlcpy(realm, krb_realmofhost(host), sizeof(realm));
-    ret = krb_get_cred(sname, inst, realm, &cred);
-    memmove(&d->key, &cred.session, sizeof(des_cblock));
-    des_key_sched(&d->key, d->schedule);
-    memset(&cred, 0, sizeof(cred));
-    return ret;
-}
-
-static int
-krb4_auth(void *app_data, char *host)
-{
-    int ret;
-    char *p;
-    int len;
-    KTEXT_ST adat;
-    MSG_DAT msg_data;
-    int checksum;
-    uint32_t cs;
-    struct krb4_data *d = app_data;
-    struct sockaddr_in *localaddr  = (struct sockaddr_in *)LOCAL_ADDR;
-    struct sockaddr_in *remoteaddr = (struct sockaddr_in *)REMOTE_ADDR;
-
-    checksum = getpid();
-    ret = mk_auth(d, &adat, "ftp", host, checksum);
-    if(ret == KDC_PR_UNKNOWN)
-	ret = mk_auth(d, &adat, "rcmd", host, checksum);
-    if(ret){
-	printf("%s\n", krb_get_err_text(ret));
-	return AUTH_CONTINUE;
-    }
-
-#ifdef HAVE_KRB_GET_OUR_IP_FOR_REALM
-    if (krb_get_config_bool("nat_in_use")) {
-      struct in_addr natAddr;
-
-      if (krb_get_our_ip_for_realm(krb_realmofhost(host),
-				   &natAddr) != KSUCCESS
-	  && krb_get_our_ip_for_realm(NULL, &natAddr) != KSUCCESS)
-	printf("Can't get address for realm %s\n",
-	       krb_realmofhost(host));
-      else {
-	if (natAddr.s_addr != localaddr->sin_addr.s_addr) {
-	  printf("Using NAT IP address (%s) for kerberos 4\n",
-		 inet_ntoa(natAddr));
-	  localaddr->sin_addr = natAddr;
-	  
-	  /*
-	   * This not the best place to do this, but it
-	   * is here we know that (probably) NAT is in
-	   * use!
-	   */
-
-	  passivemode = 1;
-	  printf("Setting: Passive mode on.\n");
-	}
-      }
-    }
-#endif
-
-    printf("Local address is %s\n", inet_ntoa(localaddr->sin_addr));
-    printf("Remote address is %s\n", inet_ntoa(remoteaddr->sin_addr));
-
-   if(base64_encode(adat.dat, adat.length, &p) < 0) {
-	printf("Out of memory base64-encoding.\n");
-	return AUTH_CONTINUE;
-    }
-    ret = command("ADAT %s", p);
-    free(p);
-
-    if(ret != COMPLETE){
-	printf("Server didn't accept auth data.\n");
-	return AUTH_ERROR;
-    }
-
-    p = strstr(reply_string, "ADAT=");
-    if(!p){
-	printf("Remote host didn't send adat reply.\n");
-	return AUTH_ERROR;
-    }
-    p += 5;
-    len = base64_decode(p, adat.dat);
-    if(len < 0){
-	printf("Failed to decode base64 from server.\n");
-	return AUTH_ERROR;
-    }
-    adat.length = len;
-    ret = krb_rd_safe(adat.dat, adat.length, &d->key, 
-		      (struct sockaddr_in *)hisctladdr, 
-		      (struct sockaddr_in *)myctladdr, &msg_data);
-    if(ret){
-	printf("Error reading reply from server: %s.\n", 
-	       krb_get_err_text(ret));
-	return AUTH_ERROR;
-    }
-    krb_get_int(msg_data.app_data, &cs, 4, 0);
-    if(cs - checksum != 1){
-	printf("Bad checksum returned from server.\n");
-	return AUTH_ERROR;
-    }
-    return AUTH_OK;
-}
-
-struct sec_client_mech krb4_client_mech = {
-    "KERBEROS_V4",
-    sizeof(struct krb4_data),
-    krb4_init, /* init */
-    krb4_auth,
-    NULL, /* end */
-    krb4_check_prot,
-    krb4_overhead,
-    krb4_encode,
-    krb4_decode
-};
-
-#endif /* FTP_SERVER */
diff --git a/crypto/heimdal/appl/ftp/ftpd/logwtmp.c b/crypto/heimdal/appl/ftp/ftpd/logwtmp.c
deleted file mode 100644
index ebf37e6b14f1..000000000000
--- a/crypto/heimdal/appl/ftp/ftpd/logwtmp.c
+++ /dev/null
@@ -1,138 +0,0 @@
-/*
- * Copyright (c) 1995 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: logwtmp.c 9079 2000-09-19 13:17:20Z assar $");
-#endif
-
-#include <stdio.h>
-#include <string.h>
-#ifdef TIME_WITH_SYS_TIME
-#include <sys/time.h>
-#include <time.h>
-#elif defined(HAVE_SYS_TIME_H)
-#include <sys/time.h>
-#else
-#include <time.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#ifdef HAVE_UTMP_H
-#include <utmp.h>
-#endif
-#ifdef HAVE_UTMPX_H
-#include <utmpx.h>
-#endif
-#include <roken.h>
-#include "extern.h"
-
-#ifndef WTMP_FILE
-#ifdef _PATH_WTMP
-#define WTMP_FILE _PATH_WTMP
-#else
-#define WTMP_FILE "/var/adm/wtmp"
-#endif
-#endif
-
-void
-ftpd_logwtmp(char *line, char *name, char *host)
-{
-    static int init = 0;
-    static int fd;
-#ifdef WTMPX_FILE
-    static int fdx;
-#endif
-    struct utmp ut;
-#ifdef WTMPX_FILE
-    struct utmpx utx;
-#endif
-
-    memset(&ut, 0, sizeof(struct utmp));
-#ifdef HAVE_STRUCT_UTMP_UT_TYPE
-    if(name[0])
-	ut.ut_type = USER_PROCESS;
-    else
-	ut.ut_type = DEAD_PROCESS;
-#endif
-    strncpy(ut.ut_line, line, sizeof(ut.ut_line));
-    strncpy(ut.ut_name, name, sizeof(ut.ut_name));
-#ifdef HAVE_STRUCT_UTMP_UT_PID
-    ut.ut_pid = getpid();
-#endif
-#ifdef HAVE_STRUCT_UTMP_UT_HOST
-    strncpy(ut.ut_host, host, sizeof(ut.ut_host));
-#endif
-    ut.ut_time = time(NULL);
-
-#ifdef WTMPX_FILE
-    strncpy(utx.ut_line, line, sizeof(utx.ut_line));
-    strncpy(utx.ut_user, name, sizeof(utx.ut_user));
-    strncpy(utx.ut_host, host, sizeof(utx.ut_host));
-#ifdef HAVE_STRUCT_UTMPX_UT_SYSLEN
-    utx.ut_syslen = strlen(host) + 1;
-    if (utx.ut_syslen > sizeof(utx.ut_host))
-        utx.ut_syslen = sizeof(utx.ut_host);
-#endif
-    {
-	struct timeval tv;
-
-	gettimeofday (&tv, 0);
-	utx.ut_tv.tv_sec = tv.tv_sec;
-	utx.ut_tv.tv_usec = tv.tv_usec;
-    }
-
-    if(name[0])
-	utx.ut_type = USER_PROCESS;
-    else
-	utx.ut_type = DEAD_PROCESS;
-#endif
-
-    if(!init){
-	fd = open(WTMP_FILE, O_WRONLY|O_APPEND, 0);
-#ifdef WTMPX_FILE
-	fdx = open(WTMPX_FILE, O_WRONLY|O_APPEND, 0);
-#endif
-	init = 1;
-    }
-    if(fd >= 0) {
-	write(fd, &ut, sizeof(struct utmp)); /* XXX */
-#ifdef WTMPX_FILE
-	write(fdx, &utx, sizeof(struct utmpx));
-#endif	
-    }
-}
diff --git a/crypto/heimdal/appl/ftp/ftpd/ls.c b/crypto/heimdal/appl/ftp/ftpd/ls.c
deleted file mode 100644
index 9dcd84812b5a..000000000000
--- a/crypto/heimdal/appl/ftp/ftpd/ls.c
+++ /dev/null
@@ -1,891 +0,0 @@
-/*
- * Copyright (c) 1999 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#ifndef TEST
-#include "ftpd_locl.h"
-
-RCSID("$Id: ls.c 16216 2005-10-22 13:15:43Z lha $");
-
-#else
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <time.h>
-#include <dirent.h>
-#include <sys/stat.h>
-#include <unistd.h>
-#include <pwd.h>
-#include <grp.h>
-#include <errno.h>
-
-#define sec_fprintf2 fprintf
-#define sec_fflush fflush
-static void list_files(FILE *out, const char **files, int n_files, int flags);
-static int parse_flags(const char *options);
-
-int
-main(int argc, char **argv)
-{
-    int i = 1;
-    int flags;
-    if(argc > 1 && argv[1][0] == '-') {
-	flags = parse_flags(argv[1]);
-	i = 2;
-    } else
-	flags = parse_flags(NULL);
-
-    list_files(stdout, (const char **)argv + i, argc - i, flags);
-    return 0;
-}
-#endif
-
-struct fileinfo {
-    struct stat st;
-    int inode;
-    int bsize;
-    char mode[11];
-    int n_link;
-    char *user;
-    char *group;
-    char *size;
-    char *major;
-    char *minor;
-    char *date;
-    char *filename;
-    char *link;
-};
-
-static void
-free_fileinfo(struct fileinfo *f)
-{
-    free(f->user);
-    free(f->group);
-    free(f->size);
-    free(f->major);
-    free(f->minor);
-    free(f->date);
-    free(f->filename);
-    free(f->link);
-}
-
-#define LS_DIRS		(1 << 0)
-#define LS_IGNORE_DOT	(1 << 1)
-#define LS_SORT_MODE	(3 << 2)
-#define SORT_MODE(f) ((f) & LS_SORT_MODE)
-#define LS_SORT_NAME	(1 << 2)
-#define LS_SORT_MTIME	(2 << 2)
-#define LS_SORT_SIZE	(3 << 2)
-#define LS_SORT_REVERSE	(1 << 4)
-
-#define LS_SIZE		(1 << 5)
-#define LS_INODE	(1 << 6)
-#define LS_TYPE		(1 << 7)
-#define LS_DISP_MODE	(3 << 8)
-#define DISP_MODE(f) ((f) & LS_DISP_MODE)
-#define LS_DISP_LONG	(1 << 8)
-#define LS_DISP_COLUMN	(2 << 8)
-#define LS_DISP_CROSS	(3 << 8)
-#define LS_SHOW_ALL	(1 << 10)
-#define LS_RECURSIVE	(1 << 11)
-#define LS_EXTRA_BLANK	(1 << 12)
-#define LS_SHOW_DIRNAME	(1 << 13)
-#define LS_DIR_FLAG	(1 << 14)	/* these files come via list_dir */
-
-#ifndef S_ISTXT
-#define S_ISTXT S_ISVTX
-#endif
-
-#if !defined(_S_IFMT) && defined(S_IFMT)
-#define _S_IFMT S_IFMT
-#endif
-
-#ifndef S_ISSOCK
-#define S_ISSOCK(mode)  (((mode) & _S_IFMT) == S_IFSOCK)
-#endif
-
-#ifndef S_ISLNK
-#define S_ISLNK(mode)   (((mode) & _S_IFMT) == S_IFLNK)
-#endif
-
-static size_t
-block_convert(size_t blocks)
-{
-#ifdef S_BLKSIZE
-    return blocks * S_BLKSIZE / 1024;
-#else
-    return blocks * 512 / 1024;
-#endif
-}
-
-static int
-make_fileinfo(FILE *out, const char *filename, struct fileinfo *file, int flags)
-{
-    char buf[128];
-    int file_type = 0;
-    struct stat *st = &file->st;
-    
-    file->inode = st->st_ino;
-    file->bsize = block_convert(st->st_blocks);
-    
-    if(S_ISDIR(st->st_mode)) {
-	file->mode[0] = 'd';
-	file_type = '/';
-    }
-    else if(S_ISCHR(st->st_mode))
-	file->mode[0] = 'c';
-    else if(S_ISBLK(st->st_mode))
-	file->mode[0] = 'b';
-    else if(S_ISREG(st->st_mode)) {
-	file->mode[0] = '-';
-	if(st->st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))
-	    file_type = '*';
-    }
-    else if(S_ISFIFO(st->st_mode)) {
-	file->mode[0] = 'p';
-	file_type = '|';
-    }
-    else if(S_ISLNK(st->st_mode)) {
-	file->mode[0] = 'l';
-	file_type = '@';
-    }
-    else if(S_ISSOCK(st->st_mode)) {
-	file->mode[0] = 's';
-	file_type = '=';
-    }
-#ifdef S_ISWHT
-    else if(S_ISWHT(st->st_mode)) {
-	file->mode[0] = 'w';
-	file_type = '%';
-    }
-#endif
-    else 
-	file->mode[0] = '?';
-    {
-	char *x[] = { "---", "--x", "-w-", "-wx", 
-		      "r--", "r-x", "rw-", "rwx" };
-	strcpy(file->mode + 1, x[(st->st_mode & S_IRWXU) >> 6]);
-	strcpy(file->mode + 4, x[(st->st_mode & S_IRWXG) >> 3]);
-	strcpy(file->mode + 7, x[(st->st_mode & S_IRWXO) >> 0]);
-	if((st->st_mode & S_ISUID)) {
-	    if((st->st_mode & S_IXUSR))
-		file->mode[3] = 's';
-	    else
-		file->mode[3] = 'S';
-	}
-	if((st->st_mode & S_ISGID)) {
-	    if((st->st_mode & S_IXGRP))
-		file->mode[6] = 's';
-	    else
-		file->mode[6] = 'S';
-	}
-	if((st->st_mode & S_ISTXT)) {
-	    if((st->st_mode & S_IXOTH))
-		file->mode[9] = 't';
-	    else
-		file->mode[9] = 'T';
-	}
-    }
-    file->n_link = st->st_nlink;
-    {
-	struct passwd *pwd;
-	pwd = getpwuid(st->st_uid);
-	if(pwd == NULL) {
-	    if (asprintf(&file->user, "%u", (unsigned)st->st_uid) == -1)
-		file->user = NULL;
-	} else
-	    file->user = strdup(pwd->pw_name);
-	if (file->user == NULL) {
-	    syslog(LOG_ERR, "out of memory");
-	    return -1;
-	}
-    }
-    {
-	struct group *grp;
-	grp = getgrgid(st->st_gid);
-	if(grp == NULL) {
-	    if (asprintf(&file->group, "%u", (unsigned)st->st_gid) == -1)
-		file->group = NULL;
-	} else
-	    file->group = strdup(grp->gr_name);
-	if (file->group == NULL) {
-	    syslog(LOG_ERR, "out of memory");
-	    return -1;
-	}
-    }
-    
-    if(S_ISCHR(st->st_mode) || S_ISBLK(st->st_mode)) {
-#if defined(major) && defined(minor)
-	if (asprintf(&file->major, "%u", (unsigned)major(st->st_rdev)) == -1)
-	    file->major = NULL;
-	if (asprintf(&file->minor, "%u", (unsigned)minor(st->st_rdev)) == -1)
-	    file->minor = NULL;
-#else
-	/* Don't want to use the DDI/DKI crap. */
-	if (asprintf(&file->major, "%u", (unsigned)st->st_rdev) == -1)
-	    file->major = NULL;
-	if (asprintf(&file->minor, "%u", 0) == -1)
-	    file->minor = NULL;
-#endif
-	if (file->major == NULL || file->minor == NULL) {
-	    syslog(LOG_ERR, "out of memory");
-	    return -1;
-	}
-    } else {
-	if (asprintf(&file->size, "%lu", (unsigned long)st->st_size) == -1)
-	    file->size = NULL;
-    }
-
-    {
-	time_t t = time(NULL);
-	time_t mtime = st->st_mtime;
-	struct tm *tm = localtime(&mtime);
-	if((t - mtime > 6*30*24*60*60) ||
-	   (mtime - t > 6*30*24*60*60))
-	    strftime(buf, sizeof(buf), "%b %e  %Y", tm);
-	else
-	    strftime(buf, sizeof(buf), "%b %e %H:%M", tm);
-	file->date = strdup(buf);
-	if (file->date == NULL) {
-	    syslog(LOG_ERR, "out of memory");
-	    return -1;
-	}
-    }
-    {
-	const char *p = strrchr(filename, '/');
-	if(p)
-	    p++;
-	else
-	    p = filename;
-	if((flags & LS_TYPE) && file_type != 0) {
-	    if (asprintf(&file->filename, "%s%c", p, file_type) == -1)
-		file->filename = NULL;
-	} else
-	    file->filename = strdup(p);
-	if (file->filename == NULL) {
-	    syslog(LOG_ERR, "out of memory");
-	    return -1;
-	}
-    }
-    if(S_ISLNK(st->st_mode)) {
-	int n;
-	n = readlink((char *)filename, buf, sizeof(buf) - 1);
-	if(n >= 0) {
-	    buf[n] = '\0';
-	    file->link = strdup(buf);
-	    if (file->link == NULL) {
-		syslog(LOG_ERR, "out of memory");
-		return -1;
-	    }
-	} else
-	    sec_fprintf2(out, "readlink(%s): %s", filename, strerror(errno));
-    }
-    return 0;
-}
-
-static void
-print_file(FILE *out,
-	   int flags,
-	   struct fileinfo *f,
-	   int max_inode,
-	   int max_bsize,
-	   int max_n_link,
-	   int max_user,
-	   int max_group,
-	   int max_size,
-	   int max_major,
-	   int max_minor,
-	   int max_date)
-{
-    if(f->filename == NULL)
-	return;
-
-    if(flags & LS_INODE) {
-	sec_fprintf2(out, "%*d", max_inode, f->inode);
-	sec_fprintf2(out, "  ");
-    }
-    if(flags & LS_SIZE) {
-	sec_fprintf2(out, "%*d", max_bsize, f->bsize);
-	sec_fprintf2(out, "  ");
-    }
-    sec_fprintf2(out, "%s", f->mode);
-    sec_fprintf2(out, "  ");
-    sec_fprintf2(out, "%*d", max_n_link, f->n_link);
-    sec_fprintf2(out, " ");
-    sec_fprintf2(out, "%-*s", max_user, f->user);
-    sec_fprintf2(out, "  ");
-    sec_fprintf2(out, "%-*s", max_group, f->group);
-    sec_fprintf2(out, "  ");
-    if(f->major != NULL && f->minor != NULL)
-	sec_fprintf2(out, "%*s, %*s", max_major, f->major, max_minor, f->minor);
-    else
-	sec_fprintf2(out, "%*s", max_size, f->size);
-    sec_fprintf2(out, " ");
-    sec_fprintf2(out, "%*s", max_date, f->date);
-    sec_fprintf2(out, " ");
-    sec_fprintf2(out, "%s", f->filename);
-    if(f->link)
-	sec_fprintf2(out, " -> %s", f->link);
-    sec_fprintf2(out, "\r\n");
-}
-
-static int
-compare_filename(struct fileinfo *a, struct fileinfo *b)
-{
-    if(a->filename == NULL)
-	return 1;
-    if(b->filename == NULL)
-	return -1;
-    return strcmp(a->filename, b->filename);
-}
-
-static int
-compare_mtime(struct fileinfo *a, struct fileinfo *b)
-{
-    if(a->filename == NULL)
-	return 1;
-    if(b->filename == NULL)
-	return -1;
-    return b->st.st_mtime - a->st.st_mtime;
-}
-
-static int
-compare_size(struct fileinfo *a, struct fileinfo *b)
-{
-    if(a->filename == NULL)
-	return 1;
-    if(b->filename == NULL)
-	return -1;
-    return b->st.st_size - a->st.st_size;
-}
-
-static int list_dir(FILE*, const char*, int);
-
-static int
-find_log10(int num)
-{
-    int i = 1;
-    while(num > 10) {
-	i++;
-	num /= 10;
-    }
-    return i;
-}
-
-/*
- * Operate as lstat but fake up entries for AFS mount points so we don't
- * have to fetch them.
- */
-
-#ifdef KRB4
-static int do_the_afs_dance = 1;
-#endif
-
-static int
-lstat_file (const char *file, struct stat *sb)
-{
-#ifdef KRB4
-    if (do_the_afs_dance &&
-	k_hasafs() 
-	&& strcmp(file, ".")
-	&& strcmp(file, "..")
-	&& strcmp(file, "/"))
-    {
-	struct ViceIoctl    a_params;
-	char               *dir, *last;
-	char               *path_bkp;
-	static ino_t	   ino_counter = 0, ino_last = 0;
-	int		   ret;
-	const int	   maxsize = 2048;
-	
-	path_bkp = strdup (file);
-	if (path_bkp == NULL)
-	    return -1;
-	
-	a_params.out = malloc (maxsize);
-	if (a_params.out == NULL) { 
-	    free (path_bkp);
-	    return -1;
-	}
-	
-	/* If path contains more than the filename alone - split it */
-	
-	last = strrchr (path_bkp, '/');
-	if (last != NULL) {
-	    if(last[1] == '\0')
-		/* if path ended in /, replace with `.' */
-		a_params.in = ".";
-	    else
-		a_params.in = last + 1;
-	    while(last > path_bkp && *--last == '/');
-	    if(*last != '/' || last != path_bkp) {
-		*++last = '\0';
-		dir = path_bkp;
-	    } else
-		/* we got to the start, so this must be the root dir */
-		dir = "/";
-	} else {
-	    /* file is relative to cdir */
-	    dir = ".";
-	    a_params.in = path_bkp;
-	}
-	
-	a_params.in_size  = strlen (a_params.in) + 1;
-	a_params.out_size = maxsize;
-	
-	ret = k_pioctl (dir, VIOC_AFS_STAT_MT_PT, &a_params, 0);
-	free (a_params.out);
-	if (ret < 0) {
-	    free (path_bkp);
-
-	    if (errno != EINVAL)
-		return ret;
-	    else
-		/* if we get EINVAL this is probably not a mountpoint */
-		return lstat (file, sb);
-	}
-
-	/* 
-	 * wow this was a mountpoint, lets cook the struct stat
-	 * use . as a prototype
-	 */
-
-	ret = lstat (dir, sb);
-	free (path_bkp);
-	if (ret < 0)
-	    return ret;
-
-	if (ino_last == sb->st_ino)
-	    ino_counter++;
-	else {
-	    ino_last    = sb->st_ino;
-	    ino_counter = 0;
-	}
-	sb->st_ino += ino_counter;
-	sb->st_nlink = 3;
-
-	return 0;
-    }
-#endif /* KRB4 */
-    return lstat (file, sb);
-}
-
-#define IS_DOT_DOTDOT(X) ((X)[0] == '.' && ((X)[1] == '\0' || \
-				((X)[1] == '.' && (X)[2] == '\0')))
-
-static int
-list_files(FILE *out, const char **files, int n_files, int flags)
-{
-    struct fileinfo *fi;
-    int i;
-    int *dirs = NULL;
-    size_t total_blocks = 0;
-    int n_print = 0;
-    int ret = 0;
-
-    if(n_files == 0)
-	return 0;
-
-    if(n_files > 1)
-	flags |= LS_SHOW_DIRNAME;
-
-    fi = calloc(n_files, sizeof(*fi));
-    if (fi == NULL) {
-	syslog(LOG_ERR, "out of memory");
-	return -1;
-    }
-    for(i = 0; i < n_files; i++) {
-	if(lstat_file(files[i], &fi[i].st) < 0) {
-	    sec_fprintf2(out, "%s: %s\r\n", files[i], strerror(errno));
-	    fi[i].filename = NULL;
-	} else {
-	    int include_in_list = 1;
-	    total_blocks += block_convert(fi[i].st.st_blocks);
-	    if(S_ISDIR(fi[i].st.st_mode)) {
-		if(dirs == NULL)
-		    dirs = calloc(n_files, sizeof(*dirs));
-		if(dirs == NULL) {
-		    syslog(LOG_ERR, "%s: %m", files[i]);
-		    ret = -1;
-		    goto out;
-		}
-		dirs[i] = 1;
-		if((flags & LS_DIRS) == 0)
-		    include_in_list = 0;
-	    }
-	    if(include_in_list) {
-		ret = make_fileinfo(out, files[i], &fi[i], flags);
-		if (ret)
-		    goto out;
-		n_print++;
-	    }
-	}
-    }
-    switch(SORT_MODE(flags)) {
-    case LS_SORT_NAME:
-	qsort(fi, n_files, sizeof(*fi), 
-	      (int (*)(const void*, const void*))compare_filename);
-	break;
-    case LS_SORT_MTIME:
-	qsort(fi, n_files, sizeof(*fi), 
-	      (int (*)(const void*, const void*))compare_mtime);
-	break;
-    case LS_SORT_SIZE:
-	qsort(fi, n_files, sizeof(*fi), 
-	      (int (*)(const void*, const void*))compare_size);
-	break;
-    }
-    if(DISP_MODE(flags) == LS_DISP_LONG) {
-	int max_inode = 0;
-	int max_bsize = 0;
-	int max_n_link = 0;
-	int max_user = 0;
-	int max_group = 0;
-	int max_size = 0;
-	int max_major = 0;
-	int max_minor = 0;
-	int max_date = 0;
-	for(i = 0; i < n_files; i++) {
-	    if(fi[i].filename == NULL)
-		continue;
-	    if(fi[i].inode > max_inode)
-		max_inode = fi[i].inode;
-	    if(fi[i].bsize > max_bsize)
-		max_bsize = fi[i].bsize;
-	    if(fi[i].n_link > max_n_link)
-		max_n_link = fi[i].n_link;
-	    if(strlen(fi[i].user) > max_user)
-		max_user = strlen(fi[i].user);
-	    if(strlen(fi[i].group) > max_group)
-		max_group = strlen(fi[i].group);
-	    if(fi[i].major != NULL && strlen(fi[i].major) > max_major)
-		max_major = strlen(fi[i].major);
-	    if(fi[i].minor != NULL && strlen(fi[i].minor) > max_minor)
-		max_minor = strlen(fi[i].minor);
-	    if(fi[i].size != NULL && strlen(fi[i].size) > max_size)
-		max_size = strlen(fi[i].size);
-	    if(strlen(fi[i].date) > max_date)
-		max_date = strlen(fi[i].date);
-	}
-	if(max_size < max_major + max_minor + 2)
-	    max_size = max_major + max_minor + 2;
-	else if(max_size - max_minor - 2 > max_major)
-	    max_major = max_size - max_minor - 2;
-	max_inode = find_log10(max_inode);
-	max_bsize = find_log10(max_bsize);
-	max_n_link = find_log10(max_n_link);
-	
-	if(n_print > 0)
-	    sec_fprintf2(out, "total %lu\r\n", (unsigned long)total_blocks);
-	if(flags & LS_SORT_REVERSE)
-	    for(i = n_files - 1; i >= 0; i--)
-		print_file(out,
-			   flags,
-			   &fi[i],
-			   max_inode,
-			   max_bsize,
-			   max_n_link,
-			   max_user,
-			   max_group,
-			   max_size,
-			   max_major,
-			   max_minor,
-			   max_date);
-	else
-	    for(i = 0; i < n_files; i++)
-		print_file(out,
-			   flags,
-			   &fi[i],
-			   max_inode,
-			   max_bsize,
-			   max_n_link,
-			   max_user,
-			   max_group,
-			   max_size,
-			   max_major,
-			   max_minor,
-			   max_date);
-    } else if(DISP_MODE(flags) == LS_DISP_COLUMN || 
-	      DISP_MODE(flags) == LS_DISP_CROSS) {
-	int max_len = 0;
-	int size_len = 0;
-	int num_files = n_files;
-	int columns;
-	int j;
-	for(i = 0; i < n_files; i++) {
-	    if(fi[i].filename == NULL) {
-		num_files--;
-		continue;
-	    }
-	    if(strlen(fi[i].filename) > max_len)
-		max_len = strlen(fi[i].filename);
-	    if(find_log10(fi[i].bsize) > size_len)
-		size_len = find_log10(fi[i].bsize);
-	}
-	if(num_files == 0)
-	    goto next;
-	if(flags & LS_SIZE) {
-	    columns = 80 / (size_len + 1 + max_len + 1);
-	    max_len = 80 / columns - size_len - 1;
-	} else {
-	    columns = 80 / (max_len + 1); /* get space between columns */
-	    max_len = 80 / columns;
-	}
-	if(flags & LS_SIZE)
-	    sec_fprintf2(out, "total %lu\r\n", 
-			 (unsigned long)total_blocks);
-	if(DISP_MODE(flags) == LS_DISP_CROSS) {
-	    for(i = 0, j = 0; i < n_files; i++) {
-		if(fi[i].filename == NULL)
-		    continue;
-		if(flags & LS_SIZE)
-		    sec_fprintf2(out, "%*u %-*s", size_len, fi[i].bsize, 
-				 max_len, fi[i].filename);
-		else
-		    sec_fprintf2(out, "%-*s", max_len, fi[i].filename);
-		j++;
-		if(j == columns) {
-		    sec_fprintf2(out, "\r\n");
-		    j = 0;
-		}
-	    }
-	    if(j > 0)
-		sec_fprintf2(out, "\r\n");
-	} else {
-	    int skip = (num_files + columns - 1) / columns;
-	    j = 0;
-	    for(i = 0; i < skip; i++) {
-		for(j = i; j < n_files;) {
-		    while(j < n_files && fi[j].filename == NULL)
-			j++;
-		    if(flags & LS_SIZE)
-			sec_fprintf2(out, "%*u %-*s", size_len, fi[j].bsize, 
-				     max_len, fi[j].filename);
-		    else
-			sec_fprintf2(out, "%-*s", max_len, fi[j].filename);
-		    j += skip;
-		}
-		sec_fprintf2(out, "\r\n");
-	    }
-	}
-    } else {
-	for(i = 0; i < n_files; i++) {
-	    if(fi[i].filename == NULL)
-		continue;
-	    sec_fprintf2(out, "%s\r\n", fi[i].filename);
-	}
-    }
- next:
-    if(((flags & LS_DIRS) == 0 || (flags & LS_RECURSIVE)) && dirs != NULL) {
-	for(i = 0; i < n_files; i++) {
-	    if(dirs[i]) {
-		const char *p = strrchr(files[i], '/');
-		if(p == NULL)
-		    p = files[i];
-		else 
-		    p++;
-		if(!(flags & LS_DIR_FLAG) || !IS_DOT_DOTDOT(p)) {
-		    if((flags & LS_SHOW_DIRNAME)) {
-			if ((flags & LS_EXTRA_BLANK))
-			    sec_fprintf2(out, "\r\n");
-			sec_fprintf2(out, "%s:\r\n", files[i]);
-		    }
-		    list_dir(out, files[i], flags | LS_DIRS | LS_EXTRA_BLANK);
-		}
-	    }
-	}
-    }
- out:
-    for(i = 0; i < n_files; i++)
-	free_fileinfo(&fi[i]);
-    free(fi);
-    if(dirs != NULL)
-	free(dirs);
-    return ret;
-}
-
-static void
-free_files (char **files, int n)
-{
-    int i;
-
-    for (i = 0; i < n; ++i)
-	free (files[i]);
-    free (files);
-}
-
-static int
-hide_file(const char *filename, int flags)
-{
-    if(filename[0] != '.')
-	return 0;
-    if((flags & LS_IGNORE_DOT))
-	return 1;
-    if(filename[1] == '\0' || (filename[1] == '.' && filename[2] == '\0')) {
-	if((flags & LS_SHOW_ALL))
-	    return 0;
-	else
-	    return 1;
-    }
-    return 0;
-}
-
-static int
-list_dir(FILE *out, const char *directory, int flags)
-{
-    DIR *d = opendir(directory);
-    struct dirent *ent;
-    char **files = NULL;
-    int n_files = 0;
-    int ret;
-
-    if(d == NULL) {
-	syslog(LOG_ERR, "%s: %m", directory);
-	return -1;
-    }
-    while((ent = readdir(d)) != NULL) {
-	void *tmp;
-
-	if(hide_file(ent->d_name, flags))
-	    continue;
-	tmp = realloc(files, (n_files + 1) * sizeof(*files));
-	if (tmp == NULL) {
-	    syslog(LOG_ERR, "%s: out of memory", directory);
-	    free_files (files, n_files);
-	    closedir (d);
-	    return -1;
-	}
-	files = tmp;
-	ret = asprintf(&files[n_files], "%s/%s", directory, ent->d_name);
-	if (ret == -1) {
-	    syslog(LOG_ERR, "%s: out of memory", directory);
-	    free_files (files, n_files);
-	    closedir (d);
-	    return -1;
-	}
-	++n_files;
-    }
-    closedir(d);
-    return list_files(out, (const char**)files, n_files, flags | LS_DIR_FLAG);
-}
-
-static int
-parse_flags(const char *options)
-{
-#ifdef TEST
-    int flags = LS_SORT_NAME | LS_IGNORE_DOT | LS_DISP_COLUMN;
-#else
-    int flags = LS_SORT_NAME | LS_IGNORE_DOT | LS_DISP_LONG;
-#endif
-
-    const char *p;
-    if(options == NULL || *options != '-')
-	return flags;
-    for(p = options + 1; *p; p++) {
-	switch(*p) {
-	case '1':
-	    flags = (flags & ~LS_DISP_MODE);
-	    break;
-	case 'a':
-	    flags |= LS_SHOW_ALL;
-	    /*FALLTHROUGH*/
-	case 'A':
-	    flags &= ~LS_IGNORE_DOT;
-	    break;
-	case 'C':
-	    flags = (flags & ~LS_DISP_MODE) | LS_DISP_COLUMN;
-	    break;
-	case 'd':
-	    flags |= LS_DIRS;
-	    break;
-	case 'f':
-	    flags = (flags & ~LS_SORT_MODE);
-	    break;
-	case 'F':
-	    flags |= LS_TYPE;
-	    break;
-	case 'i':
-	    flags |= LS_INODE;
-	    break;
-	case 'l':
-	    flags = (flags & ~LS_DISP_MODE) | LS_DISP_LONG;
-	    break;
-	case 'r':
-	    flags |= LS_SORT_REVERSE;
-	    break;
-	case 'R':
-	    flags |= LS_RECURSIVE;
-	    break;
-	case 's':
-	    flags |= LS_SIZE;
-	    break;
-	case 'S':
-	    flags = (flags & ~LS_SORT_MODE) | LS_SORT_SIZE;
-	    break;
-	case 't':
-	    flags = (flags & ~LS_SORT_MODE) | LS_SORT_MTIME;
-	    break;
-	case 'x':
-	    flags = (flags & ~LS_DISP_MODE) | LS_DISP_CROSS;
-	    break;
-	    /* these are a bunch of unimplemented flags from BSD ls */
-	case 'k': /* display sizes in kB */
-	case 'c': /* last change time */
-	case 'L': /* list symlink target */
-	case 'm': /* stream output */
-	case 'o': /* BSD file flags */
-	case 'p': /* display / after directories */
-	case 'q': /* print non-graphic characters */
-	case 'u': /* use last access time */
-	case 'T': /* display complete time */
-	case 'W': /* include whiteouts */
-	    break;
-	}
-    }
-    return flags;
-}
-
-int
-builtin_ls(FILE *out, const char *file)
-{
-    int flags;
-    int ret;
-
-    if(*file == '-') {
-	flags = parse_flags(file);
-	file = ".";
-    } else
-	flags = parse_flags("");
-
-    ret = list_files(out, &file, 1, flags);
-    sec_fflush(out);
-    return ret;
-}
diff --git a/crypto/heimdal/appl/ftp/ftpd/pathnames.h b/crypto/heimdal/appl/ftp/ftpd/pathnames.h
deleted file mode 100644
index 884902905e3e..000000000000
--- a/crypto/heimdal/appl/ftp/ftpd/pathnames.h
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)pathnames.h	8.1 (Berkeley) 6/4/93
- */
-
-#ifdef HAVE_PATHS_H
-#include <paths.h>
-#endif
-
-#ifndef _PATH_DEVNULL
-#define _PATH_DEVNULL "/dev/null"
-#endif
-
-#ifndef _PATH_NOLOGIN
-#define _PATH_NOLOGIN "/etc/nologin"
-#endif
-
-#ifndef _PATH_BSHELL
-#define _PATH_BSHELL "/bin/sh"
-#endif
-
-#ifndef _PATH_FTPUSERS
-#define	_PATH_FTPUSERS		SYSCONFDIR "/ftpusers"
-#endif
-
-#define	_PATH_FTPCHROOT		SYSCONFDIR "/ftpchroot"
-#define	_PATH_FTPWELCOME	SYSCONFDIR "/ftpwelcome"
-#define	_PATH_FTPLOGINMESG	SYSCONFDIR "/motd"
-
-#ifndef _PATH_ISSUE
-#define _PATH_ISSUE		SYSCONFDIR "/issue"
-#endif
-#define _PATH_ISSUE_NET		SYSCONFDIR "/issue.net"
diff --git a/crypto/heimdal/appl/ftp/ftpd/popen.c b/crypto/heimdal/appl/ftp/ftpd/popen.c
deleted file mode 100644
index dc75fb45419b..000000000000
--- a/crypto/heimdal/appl/ftp/ftpd/popen.c
+++ /dev/null
@@ -1,238 +0,0 @@
-/*
- * Copyright (c) 1988, 1993, 1994
- *	The Regents of the University of California.  All rights reserved.
- *
- * This code is derived from software written by Ken Arnold and
- * published in UNIX Review, Vol. 6, No. 8.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: popen.c 10900 2002-04-02 11:57:39Z joda $");
-#endif
-
-#include <sys/types.h>
-#ifdef TIME_WITH_SYS_TIME
-#include <sys/time.h>
-#include <time.h>
-#elif defined(HAVE_SYS_TIME_H)
-#include <sys/time.h>
-#else
-#include <time.h>
-#endif
-#ifdef HAVE_SYS_RESOURCE_H
-#include <sys/resource.h>
-#endif
-#include <sys/wait.h>
-
-#include <errno.h>
-#include <glob.h>
-#include <signal.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <roken.h>
-#include "extern.h"
-
-
-/* 
- * Special version of popen which avoids call to shell.  This ensures
- * no one may create a pipe to a hidden program as a side effect of a
- * list or dir command.
- */
-static int *pids;
-static int fds;
-
-extern int dochroot;
-
-/* return path prepended with ~ftp if that file exists, otherwise
- * return path unchanged
- */
-
-const char *
-ftp_rooted(const char *path)
-{
-    static char home[MaxPathLen] = "";
-    static char newpath[MaxPathLen];
-    struct passwd *pwd;
-
-    if(!home[0])
-	if((pwd = k_getpwnam("ftp")))
-	    strlcpy(home, pwd->pw_dir, sizeof(home));
-    snprintf(newpath, sizeof(newpath), "%s/%s", home, path);
-    if(access(newpath, X_OK))
-	strlcpy(newpath, path, sizeof(newpath));
-    return newpath;
-}
-
-
-#define MAXARGS	100
-#define MAXGLOBS 1000
-
-FILE *
-ftpd_popen(char *program, char *type, int do_stderr, int no_glob)
-{
-	char *cp;
-	FILE *iop;
-	int argc, gargc, pdes[2], pid;
-	char **pop, *argv[MAXARGS], *gargv[MAXGLOBS];
-	char *foo;
-
-	if (strcmp(type, "r") && strcmp(type, "w"))
-		return (NULL);
-
-	if (!pids) {
-
-	    /* This function is ugly and should be rewritten, in
-	     * modern unices there is no such thing as a maximum
-	     * filedescriptor.
-	     */
-
-	    fds = getdtablesize();
-	    pids = (int*)calloc(fds, sizeof(int));
-	    if(!pids)
-		return NULL;
-	}
-	if (pipe(pdes) < 0)
-		return (NULL);
-
-	/* break up string into pieces */
-	foo = NULL;
-	for (argc = 0, cp = program; argc < MAXARGS - 1; cp = NULL) {
-		if (!(argv[argc++] = strtok_r(cp, " \t\n", &foo)))
-			break;
-	}
-	argv[MAXARGS - 1] = NULL;
-
-	gargv[0] = (char*)ftp_rooted(argv[0]);
-	/* glob each piece */
-	for (gargc = argc = 1; argv[argc] && gargc < MAXGLOBS - 1; argc++) {
-		glob_t gl;
-		int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE
-		    |
-#ifdef GLOB_MAXPATH
-	GLOB_MAXPATH
-#else
-	GLOB_LIMIT
-#endif
-		    ;
-
-		memset(&gl, 0, sizeof(gl));
-		if (no_glob || 
-		    glob(argv[argc], flags, NULL, &gl) || 
-		    gl.gl_pathc == 0)
-			gargv[gargc++] = strdup(argv[argc]);
-		else
-			for (pop = gl.gl_pathv;
-			     *pop && gargc < MAXGLOBS - 1;
-			     pop++)
-				gargv[gargc++] = strdup(*pop);
-		globfree(&gl);
-	}
-	gargv[gargc] = NULL;
-
-	iop = NULL;
-	switch(pid = fork()) {
-	case -1:			/* error */
-		close(pdes[0]);
-		close(pdes[1]);
-		goto pfree;
-		/* NOTREACHED */
-	case 0:				/* child */
-		if (*type == 'r') {
-			if (pdes[1] != STDOUT_FILENO) {
-				dup2(pdes[1], STDOUT_FILENO);
-				close(pdes[1]);
-			}
-			if(do_stderr)
-			    dup2(STDOUT_FILENO, STDERR_FILENO);
-			close(pdes[0]);
-		} else {
-			if (pdes[0] != STDIN_FILENO) {
-				dup2(pdes[0], STDIN_FILENO);
-				close(pdes[0]);
-			}
-			close(pdes[1]);
-		}
-		execv(gargv[0], gargv);
-		gargv[0] = argv[0];
-		execv(gargv[0], gargv);
-		_exit(1);
-	}
-	/* parent; assume fdopen can't fail...  */
-	if (*type == 'r') {
-		iop = fdopen(pdes[0], type);
-		close(pdes[1]);
-	} else {
-		iop = fdopen(pdes[1], type);
-		close(pdes[0]);
-	}
-	pids[fileno(iop)] = pid;
-	
-pfree:	
-	for (argc = 1; gargv[argc] != NULL; argc++)
-	    free(gargv[argc]);
-
-
-	return (iop);
-}
-
-int
-ftpd_pclose(FILE *iop)
-{
-	int fdes, status;
-	pid_t pid;
-	sigset_t sigset, osigset;
-
-	/*
-	 * pclose returns -1 if stream is not associated with a
-	 * `popened' command, or, if already `pclosed'.
-	 */
-	if (pids == 0 || pids[fdes = fileno(iop)] == 0)
-		return (-1);
-	fclose(iop);
-	sigemptyset(&sigset);
-	sigaddset(&sigset, SIGINT);
-	sigaddset(&sigset, SIGQUIT);
-	sigaddset(&sigset, SIGHUP);
-	sigprocmask(SIG_BLOCK, &sigset, &osigset);
-	while ((pid = waitpid(pids[fdes], &status, 0)) < 0 && errno == EINTR)
-		continue;
-	sigprocmask(SIG_SETMASK, &osigset, NULL);
-	pids[fdes] = 0;
-	if (pid < 0)
-		return (pid);
-	if (WIFEXITED(status))
-		return (WEXITSTATUS(status));
-	return (1);
-}
diff --git a/crypto/heimdal/appl/ftp/ftpd/security.c b/crypto/heimdal/appl/ftp/ftpd/security.c
deleted file mode 100644
index 2a4803f90b18..000000000000
--- a/crypto/heimdal/appl/ftp/ftpd/security.c
+++ /dev/null
@@ -1,883 +0,0 @@
-/*
- * Copyright (c) 1998-2002, 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef FTP_SERVER
-#include "ftpd_locl.h"
-#else
-#include "ftp_locl.h"
-#endif
-
-RCSID("$Id: security.c 21225 2007-06-20 10:16:02Z lha $");
-
-static enum protection_level command_prot;
-static enum protection_level data_prot;
-static size_t buffer_size;
-
-struct buffer {
-    void *data;
-    size_t size;
-    size_t index;
-    int eof_flag;
-};
-
-static struct buffer in_buffer, out_buffer;
-int sec_complete;
-
-static struct {
-    enum protection_level level;
-    const char *name;
-} level_names[] = {
-    { prot_clear, "clear" },
-    { prot_safe, "safe" },
-    { prot_confidential, "confidential" },
-    { prot_private, "private" }
-};
-
-static const char *
-level_to_name(enum protection_level level)
-{
-    int i;
-    for(i = 0; i < sizeof(level_names) / sizeof(level_names[0]); i++)
-	if(level_names[i].level == level)
-	    return level_names[i].name;
-    return "unknown";
-}
-
-#ifndef FTP_SERVER /* not used in server */
-static enum protection_level 
-name_to_level(const char *name)
-{
-    int i;
-    for(i = 0; i < sizeof(level_names) / sizeof(level_names[0]); i++)
-	if(!strncasecmp(level_names[i].name, name, strlen(name)))
-	    return level_names[i].level;
-    return (enum protection_level)-1;
-}
-#endif
-
-#ifdef FTP_SERVER
-
-static struct sec_server_mech *mechs[] = {
-#ifdef KRB5
-    &gss_server_mech,
-#endif
-#ifdef KRB4
-    &krb4_server_mech,
-#endif
-    NULL
-};
-
-static struct sec_server_mech *mech;
-
-#else
-
-static struct sec_client_mech *mechs[] = {
-#ifdef KRB5
-    &gss_client_mech,
-#endif
-#ifdef KRB4
-    &krb4_client_mech,
-#endif
-    NULL
-};
-
-static struct sec_client_mech *mech;
-
-#endif
-
-static void *app_data;
-
-int
-sec_getc(FILE *F)
-{
-    if(sec_complete && data_prot) {
-	char c;
-	if(sec_read(fileno(F), &c, 1) <= 0)
-	    return EOF;
-	return c;
-    } else
-	return getc(F);
-}
-
-static int
-block_read(int fd, void *buf, size_t len)
-{
-    unsigned char *p = buf;
-    int b;
-    while(len) {
-	b = read(fd, p, len);
-	if (b == 0)
-	    return 0;
-	else if (b < 0)
-	    return -1;
-	len -= b;
-	p += b;
-    }
-    return p - (unsigned char*)buf;
-}
-
-static int
-block_write(int fd, void *buf, size_t len)
-{
-    unsigned char *p = buf;
-    int b;
-    while(len) {
-	b = write(fd, p, len);
-	if(b < 0)
-	    return -1;
-	len -= b;
-	p += b;
-    }
-    return p - (unsigned char*)buf;
-}
-
-static int
-sec_get_data(int fd, struct buffer *buf, int level)
-{
-    int len;
-    int b;
-    void *tmp;
-
-    b = block_read(fd, &len, sizeof(len));
-    if (b == 0)
-	return 0;
-    else if (b < 0)
-	return -1;
-    len = ntohl(len);
-    tmp = realloc(buf->data, len);
-    if (tmp == NULL)
-	return -1;
-    buf->data = tmp;
-    b = block_read(fd, buf->data, len);
-    if (b == 0)
-	return 0;
-    else if (b < 0)
-	return -1;
-    buf->size = (*mech->decode)(app_data, buf->data, len, data_prot);
-    buf->index = 0;
-    return 0;
-}
-
-static size_t
-buffer_read(struct buffer *buf, void *dataptr, size_t len)
-{
-    len = min(len, buf->size - buf->index);
-    memcpy(dataptr, (char*)buf->data + buf->index, len);
-    buf->index += len;
-    return len;
-}
-
-static size_t
-buffer_write(struct buffer *buf, void *dataptr, size_t len)
-{
-    if(buf->index + len > buf->size) {
-	void *tmp;
-	if(buf->data == NULL)
-	    tmp = malloc(1024);
-	else
-	    tmp = realloc(buf->data, buf->index + len);
-	if(tmp == NULL)
-	    return -1;
-	buf->data = tmp;
-	buf->size = buf->index + len;
-    }
-    memcpy((char*)buf->data + buf->index, dataptr, len);
-    buf->index += len;
-    return len;
-}
-
-int
-sec_read(int fd, void *dataptr, int length)
-{
-    size_t len;
-    int rx = 0;
-
-    if(sec_complete == 0 || data_prot == 0)
-	return read(fd, dataptr, length);
-
-    if(in_buffer.eof_flag){
-	in_buffer.eof_flag = 0;
-	return 0;
-    }
-    
-    len = buffer_read(&in_buffer, dataptr, length);
-    length -= len;
-    rx += len;
-    dataptr = (char*)dataptr + len;
-    
-    while(length){
-	int ret;
-
-	ret = sec_get_data(fd, &in_buffer, data_prot);
-	if (ret < 0)
-	    return -1;
-	if(ret == 0 && in_buffer.size == 0) {
-	    if(rx)
-		in_buffer.eof_flag = 1;
-	    return rx;
-	}
-	len = buffer_read(&in_buffer, dataptr, length);
-	length -= len;
-	rx += len;
-	dataptr = (char*)dataptr + len;
-    }
-    return rx;
-}
-
-static int
-sec_send(int fd, char *from, int length)
-{
-    int bytes;
-    void *buf;
-    bytes = (*mech->encode)(app_data, from, length, data_prot, &buf);
-    bytes = htonl(bytes);
-    block_write(fd, &bytes, sizeof(bytes));
-    block_write(fd, buf, ntohl(bytes));
-    free(buf);
-    return length;
-}
-
-int
-sec_fflush(FILE *F)
-{
-    if(data_prot != prot_clear) {
-	if(out_buffer.index > 0){
-	    sec_write(fileno(F), out_buffer.data, out_buffer.index);
-	    out_buffer.index = 0;
-	}
-	sec_send(fileno(F), NULL, 0);
-    }
-    fflush(F);
-    return 0;
-}
-
-int
-sec_write(int fd, char *dataptr, int length)
-{
-    int len = buffer_size;
-    int tx = 0;
-      
-    if(data_prot == prot_clear)
-	return write(fd, dataptr, length);
-
-    len -= (*mech->overhead)(app_data, data_prot, len);
-    while(length){
-	if(length < len)
-	    len = length;
-	sec_send(fd, dataptr, len);
-	length -= len;
-	dataptr += len;
-	tx += len;
-    }
-    return tx;
-}
-
-int
-sec_vfprintf2(FILE *f, const char *fmt, va_list ap)
-{
-    char *buf;
-    int ret;
-    if(data_prot == prot_clear)
-	return vfprintf(f, fmt, ap);
-    else {
-	int len;
-	len = vasprintf(&buf, fmt, ap);
-	if (len == -1)
-	    return len;
-	ret = buffer_write(&out_buffer, buf, len);
-	free(buf);
-	return ret;
-    }
-}
-
-int
-sec_fprintf2(FILE *f, const char *fmt, ...)
-{
-    int ret;
-    va_list ap;
-    va_start(ap, fmt);
-    ret = sec_vfprintf2(f, fmt, ap);
-    va_end(ap);
-    return ret;
-}
-
-int
-sec_putc(int c, FILE *F)
-{
-    char ch = c;
-    if(data_prot == prot_clear)
-	return putc(c, F);
-    
-    buffer_write(&out_buffer, &ch, 1);
-    if(c == '\n' || out_buffer.index >= 1024 /* XXX */) {
-	sec_write(fileno(F), out_buffer.data, out_buffer.index);
-	out_buffer.index = 0;
-    }
-    return c;
-}
-
-int
-sec_read_msg(char *s, int level)
-{
-    int len;
-    char *buf;
-    int return_code;
-    
-    buf = malloc(strlen(s));
-    len = base64_decode(s + 4, buf); /* XXX */
-    
-    len = (*mech->decode)(app_data, buf, len, level);
-    if(len < 0)
-	return -1;
-    
-    buf[len] = '\0';
-
-    if(buf[3] == '-')
-	return_code = 0;
-    else
-	sscanf(buf, "%d", &return_code);
-    if(buf[len-1] == '\n')
-	buf[len-1] = '\0';
-    strcpy(s, buf);
-    free(buf);
-    return return_code;
-}
-
-int
-sec_vfprintf(FILE *f, const char *fmt, va_list ap)
-{
-    char *buf;
-    void *enc;
-    int len;
-    if(!sec_complete)
-	return vfprintf(f, fmt, ap);
-    
-    if (vasprintf(&buf, fmt, ap) == -1) {
-	printf("Failed to allocate command.\n");
-	return -1;
-    }
-    len = (*mech->encode)(app_data, buf, strlen(buf), command_prot, &enc);
-    free(buf);
-    if(len < 0) {
-	printf("Failed to encode command.\n");
-	return -1;
-    }
-    if(base64_encode(enc, len, &buf) < 0){
-	free(enc);
-	printf("Out of memory base64-encoding.\n");
-	return -1;
-    }
-    free(enc);
-#ifdef FTP_SERVER
-    if(command_prot == prot_safe)
-	fprintf(f, "631 %s\r\n", buf);
-    else if(command_prot == prot_private)
-	fprintf(f, "632 %s\r\n", buf);
-    else if(command_prot == prot_confidential)
-	fprintf(f, "633 %s\r\n", buf);
-#else
-    if(command_prot == prot_safe)
-	fprintf(f, "MIC %s", buf);
-    else if(command_prot == prot_private)
-	fprintf(f, "ENC %s", buf);
-    else if(command_prot == prot_confidential)
-	fprintf(f, "CONF %s", buf);
-#endif
-    free(buf);
-    return 0;
-}
-
-int
-sec_fprintf(FILE *f, const char *fmt, ...)
-{
-    va_list ap;
-    int ret;
-    va_start(ap, fmt);
-    ret = sec_vfprintf(f, fmt, ap);
-    va_end(ap);
-    return ret;
-}
-
-/* end common stuff */
-
-#ifdef FTP_SERVER
-
-int ccc_passed;
-
-void
-auth(char *auth_name)
-{
-    int i;
-    void *tmp;
-
-    for(i = 0; (mech = mechs[i]) != NULL; i++){
-	if(!strcasecmp(auth_name, mech->name)){
-	    tmp = realloc(app_data, mech->size);
-	    if (tmp == NULL) {
-		reply(431, "Unable to accept %s at this time", mech->name);
-		return;
-	    }
-	    app_data = tmp;
-
-	    if(mech->init && (*mech->init)(app_data) != 0) {
-		reply(431, "Unable to accept %s at this time", mech->name);
-		return;
-	    }
-	    if(mech->auth) {
-		(*mech->auth)(app_data);
-		return;
-	    }
-	    if(mech->adat)
-		reply(334, "Send authorization data.");
-	    else
-		reply(234, "Authorization complete.");
-	    return;
-	}
-    }
-    free (app_data);
-    app_data = NULL;
-    reply(504, "%s is unknown to me", auth_name);
-}
-
-void
-adat(char *auth_data)
-{
-    if(mech && !sec_complete) {
-	void *buf = malloc(strlen(auth_data));
-	size_t len;
-	len = base64_decode(auth_data, buf);
-	(*mech->adat)(app_data, buf, len);
-	free(buf);
-    } else
-	reply(503, "You must %sissue an AUTH first.", mech ? "re-" : "");
-}
-
-void pbsz(int size)
-{
-    size_t new = size;
-    if(!sec_complete)
-	reply(503, "Incomplete security data exchange.");
-    if(mech->pbsz)
-	new = (*mech->pbsz)(app_data, size);
-    if(buffer_size != new){
-	buffer_size = size;
-    }
-    if(new != size)
-	reply(200, "PBSZ=%lu", (unsigned long)new);
-    else
-	reply(200, "OK");
-}
-
-void
-prot(char *pl)
-{
-    int p = -1;
-
-    if(buffer_size == 0){
-	reply(503, "No protection buffer size negotiated.");
-	return;
-    }
-
-    if(!strcasecmp(pl, "C"))
-	p = prot_clear;
-    else if(!strcasecmp(pl, "S"))
-	p = prot_safe;
-    else if(!strcasecmp(pl, "E"))
-	p = prot_confidential;
-    else if(!strcasecmp(pl, "P"))
-	p = prot_private;
-    else {
-	reply(504, "Unrecognized protection level.");
-	return;
-    }
-    
-    if(sec_complete){
-	if((*mech->check_prot)(app_data, p)){
-	    reply(536, "%s does not support %s protection.", 
-		  mech->name, level_to_name(p));
-	}else{
-	    data_prot = (enum protection_level)p;
-	    reply(200, "Data protection is %s.", level_to_name(p));
-	}
-    }else{
-	reply(503, "Incomplete security data exchange.");
-    }
-}
-
-void ccc(void)
-{
-    if(sec_complete){
-	if(mech->ccc && (*mech->ccc)(app_data) == 0) {
-	    command_prot = data_prot = prot_clear;
-	    ccc_passed = 1;
-	} else
-	    reply(534, "You must be joking.");
-    }else
-	reply(503, "Incomplete security data exchange.");
-}
-
-void mec(char *msg, enum protection_level level)
-{
-    void *buf;
-    size_t len, buf_size;
-    if(!sec_complete) {
-	reply(503, "Incomplete security data exchange.");
-	return;
-    }
-    buf_size = strlen(msg) + 2;
-    buf = malloc(buf_size);
-    len = base64_decode(msg, buf);
-    command_prot = level;
-    if(len == (size_t)-1) {
-	reply(501, "Failed to base64-decode command");
-	return;
-    }
-    len = (*mech->decode)(app_data, buf, len, level);
-    if(len == (size_t)-1) {
-	reply(535, "Failed to decode command");
-	return;
-    }
-    ((char*)buf)[len] = '\0';
-    if(strstr((char*)buf, "\r\n") == NULL)
-	strlcat((char*)buf, "\r\n", buf_size);
-    new_ftp_command(buf);
-}
-
-/* ------------------------------------------------------------ */
-
-int
-sec_userok(char *userstr)
-{
-    if(sec_complete)
-	return (*mech->userok)(app_data, userstr);
-    return 0;
-}
-
-int
-sec_session(char *user)
-{
-    if(sec_complete && mech->session)
-	return (*mech->session)(app_data, user);
-    return 0;
-}
-
-char *ftp_command;
-
-void
-new_ftp_command(char *command)
-{
-    ftp_command = command;
-}
-
-void
-delete_ftp_command(void)
-{
-    free(ftp_command);
-    ftp_command = NULL;
-}
-
-int
-secure_command(void)
-{
-    return ftp_command != NULL;
-}
-
-enum protection_level
-get_command_prot(void)
-{
-    return command_prot;
-}
-
-#else /* FTP_SERVER */
-
-void
-sec_status(void)
-{
-    if(sec_complete){
-	printf("Using %s for authentication.\n", mech->name);
-	printf("Using %s command channel.\n", level_to_name(command_prot));
-	printf("Using %s data channel.\n", level_to_name(data_prot));
-	if(buffer_size > 0)
-	    printf("Protection buffer size: %lu.\n", 
-		   (unsigned long)buffer_size);
-    }else{
-	printf("Not using any security mechanism.\n");
-    }
-}
-
-static int
-sec_prot_internal(int level)
-{
-    int ret;
-    char *p;
-    unsigned int s = 1048576;
-
-    int old_verbose = verbose;
-    verbose = 0;
-
-    if(!sec_complete){
-	printf("No security data exchange has taken place.\n");
-	return -1;
-    }
-
-    if(level){
-	ret = command("PBSZ %u", s);
-	if(ret != COMPLETE){
-	    printf("Failed to set protection buffer size.\n");
-	    return -1;
-	}
-	buffer_size = s;
-	p = strstr(reply_string, "PBSZ=");
-	if(p)
-	    sscanf(p, "PBSZ=%u", &s);
-	if(s < buffer_size)
-	    buffer_size = s;
-    }
-    verbose = old_verbose;
-    ret = command("PROT %c", level["CSEP"]); /* XXX :-) */
-    if(ret != COMPLETE){
-	printf("Failed to set protection level.\n");
-	return -1;
-    }
-    
-    data_prot = (enum protection_level)level;
-    return 0;
-}
-
-enum protection_level
-set_command_prot(enum protection_level level)
-{
-    int ret;
-    enum protection_level old = command_prot;
-    if(level != command_prot && level == prot_clear) {
-	ret = command("CCC");
-	if(ret != COMPLETE) {
-	    printf("Failed to clear command channel.\n");
-	    return -1;
-	}
-    }
-    command_prot = level;
-    return old;
-}
-
-void
-sec_prot(int argc, char **argv)
-{
-    int level = -1;
-
-    if(argc > 3)
-	goto usage;
-
-    if(argc == 1) {
-	sec_status();
-	return;
-    }
-    if(!sec_complete) {
-	printf("No security data exchange has taken place.\n");
-	code = -1;
-	return;
-    }
-    level = name_to_level(argv[argc - 1]);
-    
-    if(level == -1)
-	goto usage;
-    
-    if((*mech->check_prot)(app_data, level)) {
-	printf("%s does not implement %s protection.\n", 
-	       mech->name, level_to_name(level));
-	code = -1;
-	return;
-    }
-    
-    if(argc == 2 || strncasecmp(argv[1], "data", strlen(argv[1])) == 0) {
-	if(sec_prot_internal(level) < 0){
-	    code = -1;
-	    return;
-	}
-    } else if(strncasecmp(argv[1], "command", strlen(argv[1])) == 0) {
-	if(set_command_prot(level) < 0) {
-	    code = -1;
-	    return;
-	}
-    } else
-	goto usage;
-    code = 0;
-    return;
- usage:
-    printf("usage: %s [command|data] [clear|safe|confidential|private]\n",
-	   argv[0]);
-    code = -1;
-}
-
-void
-sec_prot_command(int argc, char **argv)
-{
-    int level;
-
-    if(argc > 2)
-	goto usage;
-
-    if(!sec_complete) {
-	printf("No security data exchange has taken place.\n");
-	code = -1;
-	return;
-    }
-
-    if(argc == 1) {
-	sec_status();
-    } else {
-	level = name_to_level(argv[1]);
-	if(level == -1)
-	    goto usage;
-    
-	if((*mech->check_prot)(app_data, level)) {
-	    printf("%s does not implement %s protection.\n", 
-		   mech->name, level_to_name(level));
-	    code = -1;
-	    return;
-	}
-	if(set_command_prot(level) < 0) {
-	    code = -1;
-	    return;
-	}
-    }
-    code = 0;
-    return;
- usage:
-    printf("usage: %s [clear|safe|confidential|private]\n",
-	   argv[0]);
-    code = -1;
-}
-
-static enum protection_level request_data_prot;
-
-void
-sec_set_protection_level(void)
-{
-    if(sec_complete && data_prot != request_data_prot)
-	sec_prot_internal(request_data_prot);
-}
-
-
-int
-sec_request_prot(char *level)
-{
-    int l = name_to_level(level);
-    if(l == -1)
-	return -1;
-    request_data_prot = (enum protection_level)l;
-    return 0;
-}
-
-int
-sec_login(char *host)
-{
-    int ret;
-    struct sec_client_mech **m;
-    int old_verbose = verbose;
-
-    verbose = -1; /* shut up all messages this will produce (they
-		     are usually not very user friendly) */
-    
-    for(m = mechs; *m && (*m)->name; m++) {
-	void *tmp;
-
-	tmp = realloc(app_data, (*m)->size);
-	if (tmp == NULL) {
-	    warnx ("realloc %lu failed", (unsigned long)(*m)->size);
-	    return -1;
-	}
-	app_data = tmp;
-	    
-	if((*m)->init && (*(*m)->init)(app_data) != 0) {
-	    printf("Skipping %s...\n", (*m)->name);
-	    continue;
-	}
-	printf("Trying %s...\n", (*m)->name);
-	ret = command("AUTH %s", (*m)->name);
-	if(ret != CONTINUE){
-	    if(code == 504){
-		printf("%s is not supported by the server.\n", (*m)->name);
-	    }else if(code == 534){
-		printf("%s rejected as security mechanism.\n", (*m)->name);
-	    }else if(ret == ERROR) {
-		printf("The server doesn't support the FTP "
-		       "security extensions.\n");
-		verbose = old_verbose;
-		return -1;
-	    }
-	    continue;
-	}
-
-	ret = (*(*m)->auth)(app_data, host);
-	
-	if(ret == AUTH_CONTINUE)
-	    continue;
-	else if(ret != AUTH_OK){
-	    /* mechanism is supposed to output error string */
-	    verbose = old_verbose;
-	    return -1;
-	}
-	mech = *m;
-	sec_complete = 1;
-	if(doencrypt) {
-	    command_prot = prot_private;
-	    request_data_prot = prot_private; 
-	} else {
-	    command_prot = prot_safe;
-	}
-	break;
-    }
-    
-    verbose = old_verbose;
-    return *m == NULL;
-}
-
-void
-sec_end(void)
-{
-    if (mech != NULL) {
-	if(mech->end)
-	    (*mech->end)(app_data);
-	if (app_data != NULL) {
-	    memset(app_data, 0, mech->size);
-	    free(app_data);
-	    app_data = NULL;
-	}
-    }
-    sec_complete = 0;
-    data_prot = (enum protection_level)0;
-}
-
-#endif /* FTP_SERVER */
-
diff --git a/crypto/heimdal/appl/gssmask/Makefile.am b/crypto/heimdal/appl/gssmask/Makefile.am
deleted file mode 100644
index 347a27ec9290..000000000000
--- a/crypto/heimdal/appl/gssmask/Makefile.am
+++ /dev/null
@@ -1,12 +0,0 @@
-# $Id: Makefile.am 18468 2006-10-14 13:50:51Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-noinst_PROGRAMS = gssmask gssmaestro
-
-gssmask_SOURCES = gssmask.c common.c common.h protocol.h
-
-gssmaestro_SOURCES = gssmaestro.c common.c common.h protocol.h
-
-LDADD = $(top_builddir)/lib/gssapi/libgssapi.la $(LIB_roken)
-
diff --git a/crypto/heimdal/appl/gssmask/Makefile.in b/crypto/heimdal/appl/gssmask/Makefile.in
deleted file mode 100644
index a51092274cfe..000000000000
--- a/crypto/heimdal/appl/gssmask/Makefile.in
+++ /dev/null
@@ -1,760 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 18468 2006-10-14 13:50:51Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common
-noinst_PROGRAMS = gssmask$(EXEEXT) gssmaestro$(EXEEXT)
-subdir = appl/gssmask
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-PROGRAMS = $(noinst_PROGRAMS)
-am_gssmaestro_OBJECTS = gssmaestro.$(OBJEXT) common.$(OBJEXT)
-gssmaestro_OBJECTS = $(am_gssmaestro_OBJECTS)
-gssmaestro_LDADD = $(LDADD)
-am__DEPENDENCIES_1 =
-gssmaestro_DEPENDENCIES = $(top_builddir)/lib/gssapi/libgssapi.la \
-	$(am__DEPENDENCIES_1)
-am_gssmask_OBJECTS = gssmask.$(OBJEXT) common.$(OBJEXT)
-gssmask_OBJECTS = $(am_gssmask_OBJECTS)
-gssmask_LDADD = $(LDADD)
-gssmask_DEPENDENCIES = $(top_builddir)/lib/gssapi/libgssapi.la \
-	$(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-SOURCES = $(gssmaestro_SOURCES) $(gssmask_SOURCES)
-DIST_SOURCES = $(gssmaestro_SOURCES) $(gssmask_SOURCES)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-gssmask_SOURCES = gssmask.c common.c common.h protocol.h
-gssmaestro_SOURCES = gssmaestro.c common.c common.h protocol.h
-LDADD = $(top_builddir)/lib/gssapi/libgssapi.la $(LIB_roken)
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps appl/gssmask/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps appl/gssmask/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-clean-noinstPROGRAMS:
-	@list='$(noinst_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-gssmaestro$(EXEEXT): $(gssmaestro_OBJECTS) $(gssmaestro_DEPENDENCIES) 
-	@rm -f gssmaestro$(EXEEXT)
-	$(LINK) $(gssmaestro_OBJECTS) $(gssmaestro_LDADD) $(LIBS)
-gssmask$(EXEEXT): $(gssmask_OBJECTS) $(gssmask_DEPENDENCIES) 
-	@rm -f gssmask$(EXEEXT)
-	$(LINK) $(gssmask_OBJECTS) $(gssmask_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) all-local
-installdirs:
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool clean-noinstPROGRAMS \
-	mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
-	clean clean-generic clean-libtool clean-noinstPROGRAMS ctags \
-	dist-hook distclean distclean-compile distclean-generic \
-	distclean-libtool distclean-tags distdir dvi dvi-am html \
-	html-am info info-am install install-am install-data \
-	install-data-am install-data-hook install-dvi install-dvi-am \
-	install-exec install-exec-am install-exec-hook install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-ps install-ps-am \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
-	pdf pdf-am ps ps-am tags uninstall uninstall-am uninstall-hook
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/gssmask/common.c b/crypto/heimdal/appl/gssmask/common.c
deleted file mode 100644
index a57b803abafb..000000000000
--- a/crypto/heimdal/appl/gssmask/common.c
+++ /dev/null
@@ -1,97 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include <common.h>
-RCSID("$Id: common.c 18900 2006-11-03 05:21:01Z lha $");
-
-krb5_error_code
-store_string(krb5_storage *sp, const char *str)
-{
-    size_t len = strlen(str) + 1;
-    krb5_error_code ret;
-
-    ret = krb5_store_int32(sp, len);
-    if (ret)
-	return ret;
-    ret = krb5_storage_write(sp, str, len);
-    if (ret != len)
-	return EINVAL;
-    return 0;
-}
-
-static void
-add_list(char ****list, size_t *listlen, char **str, size_t len)
-{
-    size_t i;
-    *list = erealloc(*list, sizeof(**list) * (*listlen + 1));
-
-    (*list)[*listlen] = ecalloc(len, sizeof(**list));
-    for (i = 0; i < len; i++)
-	(*list)[*listlen][i] = str[i];
-    (*listlen)++;
-}
-
-static void
-permute(char ****list, size_t *listlen, 
-	char **str, const int start, const int len) 
-{
-    int i, j;
-
-#define SWAP(s,i,j) { char *t = str[i]; str[i] = str[j]; str[j] = t; }
-
-    for (i = start; i < len - 1; i++) {
-	for (j = i+1; j < len; j++) {
-	    SWAP(str,i,j);
-	    permute(list, listlen, str, i+1, len);
-	    SWAP(str,i,j);
-	}
-    }
-    add_list(list, listlen, str, len);
-}
-
-char ***
-permutate_all(struct getarg_strings *strings, size_t *size)
-{
-    char **list, ***all = NULL;
-    int i;
-
-    *size = 0;
-
-    list = ecalloc(strings->num_strings, sizeof(*list));
-    for (i = 0; i < strings->num_strings; i++)
-	list[i] = strings->strings[i];
-
-    permute(&all, size, list, 0, strings->num_strings);
-    free(list);
-    return all;
-}
diff --git a/crypto/heimdal/appl/gssmask/common.h b/crypto/heimdal/appl/gssmask/common.h
deleted file mode 100644
index a44339e4596c..000000000000
--- a/crypto/heimdal/appl/gssmask/common.h
+++ /dev/null
@@ -1,112 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/* $Id: common.h 18250 2006-10-06 07:22:00Z lha $ */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-/* 
- * pthread support is disable because the pthread
- * test have no "application pthread libflags" variable,
- * when this is fixed pthread support can be enabled again.
- */
-#undef ENABLE_PTHREAD_SUPPORT
-
-#include <sys/param.h>
-#ifdef HAVE_SYS_UTSNAME_H
-#include <sys/utsname.h>
-#endif
-
-#ifdef HAVE_SYS_WAIT_H
-#include <sys/wait.h>
-#endif
-
-#include <assert.h>
-#include <krb5.h>
-#include <gssapi.h>
-#include <unistd.h>
-
-#include <roken.h>
-#include <getarg.h>
-
-#include "protocol.h"
-
-krb5_error_code store_string(krb5_storage *, const char *);
-
-
-#define ret16(_client, num)					\
-    do {							\
-        if (krb5_ret_int16((_client)->sock, &(num)) != 0)	\
-	    errx(1, "krb5_ret_int16 " #num);		\
-    } while(0)
-
-#define ret32(_client, num)					\
-    do {							\
-        if (krb5_ret_int32((_client)->sock, &(num)) != 0)	\
-	    errx(1, "krb5_ret_int32 " #num);		\
-    } while(0)
-
-#define retdata(_client, data)					\
-    do {							\
-        if (krb5_ret_data((_client)->sock, &(data)) != 0)	\
-	    errx(1, "krb5_ret_data " #data);		\
-    } while(0)
-
-#define retstring(_client, data)					\
-    do {							\
-        if (krb5_ret_string((_client)->sock, &(data)) != 0)	\
-	    errx(1, "krb5_ret_data " #data);		\
-    } while(0)
-
-
-#define put32(_client, num)					\
-    do {							\
-        if (krb5_store_int32((_client)->sock, num) != 0)	\
-	    errx(1, "krb5_store_int32 " #num);	\
-    } while(0)
-
-#define putdata(_client, data)					\
-    do {							\
-        if (krb5_store_data((_client)->sock, data) != 0)	\
-	    errx(1, "krb5_store_data " #data);	\
-    } while(0)
-
-#define putstring(_client, str)					\
-    do {							\
-        if (store_string((_client)->sock, str) != 0)		\
-	    errx(1, "krb5_store_str " #str);			\
-    } while(0)
-
-char *** permutate_all(struct getarg_strings *, size_t *);
diff --git a/crypto/heimdal/appl/gssmask/gssmaestro.c b/crypto/heimdal/appl/gssmask/gssmaestro.c
deleted file mode 100644
index 610c53f5f59b..000000000000
--- a/crypto/heimdal/appl/gssmask/gssmaestro.c
+++ /dev/null
@@ -1,851 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include <common.h>
-RCSID("$Id: gssmaestro.c 21605 2007-07-17 06:51:57Z lha $");
-
-static FILE *logfile;
-
-/*
- *
- */
-
-struct client {
-    char *name;
-    struct sockaddr *sa;
-    socklen_t salen;
-    krb5_storage *sock;
-    int32_t capabilities;
-    char *target_name;
-    char *moniker;
-    krb5_storage *logsock;
-    int have_log;
-#ifdef ENABLE_PTHREAD_SUPPORT
-    pthread_t thr;
-#else
-    pid_t child;
-#endif
-};
-
-static struct client **clients;
-static int num_clients;
-
-static int
-init_sec_context(struct client *client, 
-		 int32_t *hContext, int32_t *hCred,
-		 int32_t flags, 
-		 const char *targetname,
-		 const krb5_data *itoken, krb5_data *otoken)
-{
-    int32_t val;
-    krb5_data_zero(otoken);
-    put32(client, eInitContext);
-    put32(client, *hContext);
-    put32(client, *hCred);
-    put32(client, flags);
-    putstring(client, targetname);
-    putdata(client, *itoken);
-    ret32(client, *hContext);
-    ret32(client, val);
-    retdata(client, *otoken);
-    return val;
-}
-
-static int
-accept_sec_context(struct client *client, 
-		   int32_t *hContext,
-		   int32_t flags,
-		   const krb5_data *itoken,
-		   krb5_data *otoken,
-		   int32_t *hDelegCred)
-{
-    int32_t val;
-    krb5_data_zero(otoken);
-    put32(client, eAcceptContext);
-    put32(client, *hContext);
-    put32(client, flags);
-    putdata(client, *itoken);
-    ret32(client, *hContext);
-    ret32(client, val);
-    retdata(client, *otoken);
-    ret32(client, *hDelegCred);
-    return val;
-}
-
-static int
-acquire_cred(struct client *client, 
-	     const char *username,
-	     const char *password,
-	     int32_t flags,
-	     int32_t *hCred)
-{
-    int32_t val;
-    put32(client, eAcquireCreds);
-    putstring(client, username);
-    putstring(client, password);
-    put32(client, flags);
-    ret32(client, val);
-    ret32(client, *hCred);
-    return val;
-}
-
-static int
-toast_resource(struct client *client, 
-	       int32_t hCred)
-{
-    int32_t val;
-    put32(client, eToastResource);
-    put32(client, hCred);
-    ret32(client, val);
-    return val;
-}
-
-static int
-goodbye(struct client *client)
-{
-    put32(client, eGoodBye);
-    return GSMERR_OK;
-}
-
-static int
-get_targetname(struct client *client, 
-	       char **target)
-{
-    put32(client, eGetTargetName);
-    retstring(client, *target);
-    return GSMERR_OK;
-}
-
-static int32_t
-encrypt_token(struct client *client, int32_t hContext, int32_t flags,
-	   krb5_data *in, krb5_data *out)
-{
-    int32_t val;
-    put32(client, eEncrypt);
-    put32(client, hContext);
-    put32(client, flags);
-    put32(client, 0);
-    putdata(client, *in);
-    ret32(client, val);
-    retdata(client, *out);
-    return val;
-}
-
-static int32_t
-decrypt_token(struct client *client, int32_t hContext, int flags, 
-	     krb5_data *in, krb5_data *out)
-{
-    int32_t val;
-    put32(client, eDecrypt);
-    put32(client, hContext);
-    put32(client, flags);
-    put32(client, 0);
-    putdata(client, *in);
-    ret32(client, val);
-    retdata(client, *out);
-    return val;
-}
-
-static int32_t
-get_mic(struct client *client, int32_t hContext,
-	krb5_data *in, krb5_data *mic)
-{
-    int32_t val;
-    put32(client, eSign);
-    put32(client, hContext);
-    put32(client, 0);
-    put32(client, 0);
-    putdata(client, *in);
-    ret32(client, val);
-    retdata(client, *mic);
-    return val;
-}
-
-static int32_t
-verify_mic(struct client *client, int32_t hContext, 
-	   krb5_data *in, krb5_data *mic)
-{
-    int32_t val;
-    put32(client, eVerify);
-    put32(client, hContext);
-    put32(client, 0);
-    put32(client, 0);
-    putdata(client, *in);
-    putdata(client, *mic);
-    ret32(client, val);
-    return val;
-}
-
-
-static int32_t
-get_version_capa(struct client *client, 
-		 int32_t *version, int32_t *capa,
-		 char **version_str)
-{
-    put32(client, eGetVersionAndCapabilities);
-    ret32(client, *version);
-    ret32(client, *capa);
-    retstring(client, *version_str);
-    return GSMERR_OK;
-}
-
-static int32_t
-get_moniker(struct client *client, 
-	    char **moniker)
-{
-    put32(client, eGetMoniker);
-    retstring(client, *moniker);
-    return GSMERR_OK;
-}
-
-static int
-wait_log(struct client *c)
-{
-    int32_t port;
-    struct sockaddr_storage sast;
-    socklen_t salen = sizeof(sast);
-    int fd, fd2, ret;
-
-    memset(&sast, 0, sizeof(sast));
-
-    assert(sizeof(sast) >= c->salen);
-
-    fd = socket(c->sa->sa_family, SOCK_STREAM, 0);
-    if (fd < 0)
-	err(1, "failed to build socket for %s's logging port", c->moniker);
-
-    ((struct sockaddr *)&sast)->sa_family = c->sa->sa_family;
-    ret = bind(fd, (struct sockaddr *)&sast, c->salen);
-    if (ret < 0)
-	err(1, "failed to bind %s's logging port", c->moniker);
-
-    if (listen(fd, SOMAXCONN) < 0)
-	err(1, "failed to listen %s's logging port", c->moniker);
-
-    salen = sizeof(sast);
-    ret = getsockname(fd, (struct sockaddr *)&sast, &salen);
-    if (ret < 0)
-	err(1, "failed to get address of local socket for %s", c->moniker);
-
-    port = socket_get_port((struct sockaddr *)&sast);
-
-    put32(c, eSetLoggingSocket);
-    put32(c, ntohs(port));
-
-    salen = sizeof(sast);
-    fd2 = accept(fd, (struct sockaddr *)&sast, &salen);
-    if (fd2 < 0)
-	err(1, "failed to accept local socket for %s", c->moniker);
-    close(fd);
-
-    return fd2;
-}
-
-
-
-
-static int
-build_context(struct client *ipeer, struct client *apeer,
-	      int32_t flags, int32_t hCred,
-	      int32_t *iContext, int32_t *aContext, int32_t *hDelegCred)
-{
-    int32_t val = GSMERR_ERROR, ic = 0, ac = 0, deleg = 0;
-    krb5_data itoken, otoken;
-    int iDone = 0, aDone = 0;
-    int step = 0;
-    int first_call = 0x80;
-
-    if (apeer->target_name == NULL)
-	errx(1, "apeer %s have no target name", apeer->name);
-
-    krb5_data_zero(&itoken);
-
-    while (!iDone || !aDone) {
-	
-	if (iDone) {
-	    warnx("iPeer already done, aPeer want extra rtt");
-	    val = GSMERR_ERROR;
-	    goto out;
-	}
-
-	val = init_sec_context(ipeer, &ic, &hCred, flags|first_call,
-			       apeer->target_name, &itoken, &otoken);
-	step++;
-	switch(val) {
-	case GSMERR_OK:
-	    iDone = 1;
-	    if (aDone)
-		continue;
-	    break;
-	case GSMERR_CONTINUE_NEEDED:
-	    break;
-	default:
-	    warnx("iPeer %s failed with %d (step %d)", 
-		  ipeer->name, (int)val, step);
-	    goto out;
-	}
-
-	if (aDone) {
-	    warnx("aPeer already done, iPeer want extra rtt");
-	    val = GSMERR_ERROR;
-	    goto out;
-	}
-
-	val = accept_sec_context(apeer, &ac, flags|first_call,
-				 &otoken, &itoken, &deleg);
-	step++;
-	switch(val) {
-	case GSMERR_OK:
-	    aDone = 1;
-	    if (iDone)
-		continue;
-	    break;
-	case GSMERR_CONTINUE_NEEDED:
-	    break;
-	default:
-	    warnx("aPeer %s failed with %d (step %d)",
-		 apeer->name, (int)val, step);
-	    val = GSMERR_ERROR;
-	    goto out;
-	}
-	first_call = 0;
-	val = GSMERR_OK;
-    }
-
-    if (iContext == NULL || val != GSMERR_OK) {
-	if (ic)
-	    toast_resource(ipeer, ic);
-	if (iContext)
-	    *iContext = 0;
-    } else
-	*iContext = ic;
-
-    if (aContext == NULL || val != GSMERR_OK) {
-	if (ac)
-	    toast_resource(apeer, ac);
-	if (aContext)
-	    *aContext = 0;
-    } else
-	*aContext = ac;
-
-    if (hDelegCred == NULL || val != GSMERR_OK) {
-	if (deleg)
-	    toast_resource(apeer, deleg);
-	if (hDelegCred)
-	    *hDelegCred = 0;
-    } else
-	*hDelegCred = deleg;
-
-out:
-    return val;
-}
-			 
-static void
-test_mic(struct client *c1, int32_t hc1, struct client *c2, int32_t hc2)
-{
-    krb5_data msg, mic;
-    int32_t val;
-    
-    msg.data = "foo";
-    msg.length = 3;
-
-    krb5_data_zero(&mic);
-
-    val = get_mic(c1, hc1, &msg, &mic);
-    if (val)
-	errx(1, "get_mic failed to host: %s", c1->moniker);
-    val = verify_mic(c2, hc2, &msg, &mic);
-    if (val)
-	errx(1, "verify_mic failed to host: %s", c2->moniker);
-
-    krb5_data_free(&mic);
-}
-
-static int32_t
-test_wrap(struct client *c1, int32_t hc1, struct client *c2, int32_t hc2, 
-	  int conf)
-{
-    krb5_data msg, wrapped, out;
-    int32_t val;
-    
-    msg.data = "foo";
-    msg.length = 3;
-
-    krb5_data_zero(&wrapped);
-    krb5_data_zero(&out);
-
-    val = encrypt_token(c1, hc1, conf, &msg, &wrapped);
-    if (val) {
-	warnx("encrypt_token failed to host: %s", c1->moniker);
-	return val;
-    }
-    val = decrypt_token(c2, hc2, conf, &wrapped, &out);
-    if (val) {
-	krb5_data_free(&wrapped);
-	warnx("decrypt_token failed to host: %s", c2->moniker);
-	return val;
-    }
-
-    if (msg.length != out.length) {
-	warnx("decrypted'ed token have wrong length (%lu != %lu)",
-	      (unsigned long)msg.length, (unsigned long)out.length);
-	val = GSMERR_ERROR;
-    } else if (memcmp(msg.data, out.data, msg.length) != 0) {
-	warnx("decryptd'ed token have wrong data");
-	val = GSMERR_ERROR;
-    }
-
-    krb5_data_free(&wrapped);
-    krb5_data_free(&out);
-    return val;
-}
-
-static int32_t
-test_token(struct client *c1, int32_t hc1, struct client *c2, int32_t hc2)
-{
-    int32_t val;
-    int i;
-
-    for (i = 0; i < 10; i++) {
-	test_mic(c1, hc1, c2, hc2);
-	test_mic(c2, hc2, c1, hc1);
-	val = test_wrap(c1, hc1, c2, hc2, 0);
-	if (val) return val;
-	val = test_wrap(c2, hc2, c1, hc1, 0);
-	if (val) return val;
-	val = test_wrap(c1, hc1, c2, hc2, 1);
-	if (val) return val;
-	val = test_wrap(c2, hc2, c1, hc1, 1);
-	if (val) return val;
-    }
-    return GSMERR_OK;
-}
-
-static int
-log_function(void *ptr)
-{
-    struct client *c = ptr;
-    int32_t cmd, line;
-    char *file, *string;
-
-    while (1) {
-        if (krb5_ret_int32(c->logsock, &cmd))
-	    goto out;
-
-	switch (cmd) {
-	case eLogSetMoniker:
-	    if (krb5_ret_string(c->logsock, &file))
-		goto out;
-	    free(file);
-	    break;
-	case eLogInfo:
-	case eLogFailure:
-	    if (krb5_ret_string(c->logsock, &file))
-		goto out;
-	    if (krb5_ret_int32(c->logsock, &line))
-		goto out;
-	    if (krb5_ret_string(c->logsock, &string))
-		goto out;
-	    printf("%s:%lu: %s\n", 
-		   file, (unsigned long)line, string);
-	    fprintf(logfile, "%s:%lu: %s\n", 
-		    file, (unsigned long)line, string);
-	    fflush(logfile);
-	    free(file);
-	    free(string);
-	    if (krb5_store_int32(c->logsock, 0))
-		goto out;
-	    break;
-	default:
-	    errx(1, "client send bad log command: %d", (int)cmd);
-	}
-    }
-out:
-
-    return 0;
-}
-
-static void
-connect_client(const char *slave)
-{
-    char *name, *port;
-    struct client *c = ecalloc(1, sizeof(*c));
-    struct addrinfo hints, *res0, *res;
-    int ret, fd;
-
-    name = estrdup(slave);
-    port = strchr(name, ':');
-    if (port == NULL)
-	errx(1, "port missing from %s", name);
-    *port++ = 0;
-
-    c->name = estrdup(slave);
-    
-    memset(&hints, 0, sizeof(hints));
-    hints.ai_family = PF_UNSPEC;
-    hints.ai_socktype = SOCK_STREAM;
-
-    ret = getaddrinfo(name, port, &hints, &res0);
-    if (ret)
-	errx(1, "error resolving %s", name);
-
-    for (res = res0, fd = -1; res; res = res->ai_next) {
-	fd = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
-	if (fd < 0)
-	    continue;
-	if (connect(fd, res->ai_addr, res->ai_addrlen) < 0) {
-	    close(fd);
-	    fd = -1;
-	    continue;
-	}
-	c->sa = ecalloc(1, res->ai_addrlen);
-	memcpy(c->sa, res->ai_addr, res->ai_addrlen);
-	c->salen = res->ai_addrlen;
-	break;  /* okay we got one */
-    }
-    if (fd < 0)
-	err(1, "connect to host: %s", name);
-    freeaddrinfo(res);
-
-    c->sock = krb5_storage_from_fd(fd);
-    close(fd);
-    if (c->sock == NULL)
-	errx(1, "krb5_storage_from_fd");
-
-    {
-	int32_t version;
-	char *str = NULL;
-	get_version_capa(c, &version, &c->capabilities, &str);
-	if (str) {
-	    free(str);
-	}
-	if (c->capabilities & HAS_MONIKER)
-	    get_moniker(c, &c->moniker);
-	else
-	    c->moniker = c->name;
-	if (c->capabilities & ISSERVER)
-	    get_targetname(c, &c->target_name);
-    }
-
-    if (logfile) {
-	int fd;
-
-	printf("starting log socket to client %s\n", c->moniker);
-
-	fd = wait_log(c);
-
-	c->logsock = krb5_storage_from_fd(fd);
-	close(fd);
-	if (c->logsock == NULL)
-	    errx(1, "failed to create log krb5_storage");
-#ifdef ENABLE_PTHREAD_SUPPORT
-	pthread_create(&c->thr, NULL, log_function, c);
-#else
-	c->child = fork();
-	if (c->child == -1)
-	    errx(1, "failed to fork");
-	else if (c->child == 0) {
-	    log_function(c);
-	    fclose(logfile);
-	    exit(0);
-	}
-#endif
-   }
-
-
-    clients = erealloc(clients, (num_clients + 1) * sizeof(*clients));
-    
-    clients[num_clients] = c;
-    num_clients++;
-
-    free(name);
-}
-
-static struct client *
-get_client(const char *slave)
-{
-    size_t i;
-    for (i = 0; i < num_clients; i++)
-	if (strcmp(slave, clients[i]->name) == 0)
-	    return clients[i];
-    errx(1, "failed to find client %s", slave);
-}
-
-/*
- *
- */
-
-static int version_flag;
-static int help_flag;
-static char *logfile_str;
-static getarg_strings principals;
-static getarg_strings slaves;
-
-struct getargs args[] = {
-    { "principals", 0,  arg_strings,	&principals,	"Test principal",
-      NULL },
-    { "slaves", 0,  arg_strings,	&slaves,	"Slaves",
-      NULL },
-    { "log-file", 0, arg_string,	&logfile_str,	"Logfile",
-      NULL },
-    { "version", 0,  arg_flag,		&version_flag,	"Print version",
-      NULL },
-    { "help",	 0,  arg_flag,		&help_flag,	NULL,
-      NULL }
-};
-
-static void
-usage(int ret)
-{
-    arg_printusage (args,
-		    sizeof(args) / sizeof(args[0]),
-		    NULL,
-		    "");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    int optidx= 0;
-    char *user;
-    char *password;
-    char ***list, **p;
-    size_t num_list, i, j, k;
-    int failed = 0;
-
-    setprogname (argv[0]);
-
-    if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage (1);
-
-    if (help_flag)
-	usage (0);
-
-    if (version_flag) {
-	print_version (NULL);
-	return 0;
-    }
-
-    if (optidx != argc)
-	usage (1);
-
-    if (principals.num_strings == 0)
-	errx(1, "no principals");
-
-    user = estrdup(principals.strings[0]);
-    password = strchr(user, ':');
-    if (password == NULL)
-	errx(1, "password missing from %s", user);
-    *password++ = 0;
-	
-    if (slaves.num_strings == 0)
-	errx(1, "no principals");
-
-    if (logfile_str) {
-	printf("open logfile %s\n", logfile_str);
-	logfile = fopen(logfile_str, "w+");
-	if (logfile == NULL)
-	    err(1, "failed to open: %s", logfile_str);
-    }
-
-    /*
-     *
-     */
-
-    list = permutate_all(&slaves, &num_list);
-
-    /*
-     * Set up connection to all clients
-     */
-
-    printf("Connecting to slaves\n");
-    for (i = 0; i < slaves.num_strings; i++)
-	connect_client(slaves.strings[i]);
-
-    /*
-     * Test acquire credentials
-     */
-
-    printf("Test acquire credentials\n");
-    for (i = 0; i < slaves.num_strings; i++) {
-	int32_t hCred, val;
-
-	val = acquire_cred(clients[i], user, password, 1, &hCred);
-	if (val != GSMERR_OK) {
-	    warnx("Failed to acquire_cred on host %s: %d", 
-		 clients[i]->moniker, (int)val);
-	    failed = 1;
-	} else
-	    toast_resource(clients[i], hCred);
-    }
-
-    if (failed)
-	goto out;
-
-    /* 
-     * First test if all slaves can build context to them-self.
-     */
-
-    printf("Self context tests\n");
-    for (i = 0; i < num_clients; i++) {
-	int32_t hCred, val, delegCred;
-	int32_t clientC, serverC;
-	struct client *c = clients[i];
-	
-	if (c->target_name == NULL)
-	    continue;
-
-	printf("%s connects to self using %s\n",
-	       c->moniker, c->target_name);
-
-	val = acquire_cred(c, user, password, 1, &hCred);
-	if (val != GSMERR_OK)
-	    errx(1, "failed to acquire_cred: %d", (int)val);
-    
-	val = build_context(c, c, 
-			    GSS_C_REPLAY_FLAG|GSS_C_SEQUENCE_FLAG|
-			    GSS_C_INTEG_FLAG|GSS_C_CONF_FLAG|
-			    GSS_C_DELEG_FLAG|GSS_C_MUTUAL_FLAG,
-			    hCred, &clientC, &serverC, &delegCred);
-	if (val == GSMERR_OK) {
-	    test_token(c, clientC, c, serverC);
-	    toast_resource(c, clientC);
-	    toast_resource(c, serverC);
-	    if (delegCred)
-		toast_resource(c, delegCred);
-	} else {
-	    warnx("build_context failed: %d", (int)val);
-	}
-	/*
-	 *
-	 */
-
-	val = build_context(c, c,
-			    GSS_C_INTEG_FLAG|GSS_C_CONF_FLAG,
-			    hCred, &clientC, &serverC, &delegCred);
-	if (val == GSMERR_OK) {
-	    test_token(c, clientC, c, serverC);
-	    toast_resource(c, clientC);
-	    toast_resource(c, serverC);
-	    if (delegCred)
-		toast_resource(c, delegCred);
-	} else {
-	    warnx("build_context failed: %d", (int)val);
-	}
-
-	toast_resource(c, hCred);
-    }
-    /*
-     * Build contexts though all entries in each lists, including the
-     * step from the last entry to the first, ie treat the list as a
-     * circle.
-     *
-     * Only follow the delegated credential, but test "all"
-     * flags. (XXX only do deleg|mutual right now.
-     */
-
-    printf("\"All\" permutation tests\n");
-
-    for (i = 0; i < num_list; i++) {
-	int32_t hCred, val, delegCred = 0;
-	int32_t clientC = 0, serverC = 0;
-	struct client *client, *server;
-	
-	p = list[i];
-	
-	client = get_client(p[0]);
-	
-	val = acquire_cred(client, user, password, 1, &hCred);
-	if (val != GSMERR_OK)
-	    errx(1, "failed to acquire_cred: %d", (int)val);
-
-	for (j = 1; j < num_clients + 1; j++) {
-	    server = get_client(p[j % num_clients]);
-	    
-	    if (server->target_name == NULL)
-		break;
-
-	    for (k = 1; k < j; k++)
-		printf("\t");
-	    printf("%s -> %s\n", client->moniker, server->moniker);
-
-	    val = build_context(client, server,
-				GSS_C_REPLAY_FLAG|GSS_C_SEQUENCE_FLAG|
-				GSS_C_INTEG_FLAG|GSS_C_CONF_FLAG|
-				GSS_C_DELEG_FLAG|GSS_C_MUTUAL_FLAG,
-				hCred, &clientC, &serverC, &delegCred);
-	    if (val != GSMERR_OK) {
-		warnx("build_context failed: %d", (int)val);
-		break;
-	    }
-	    
-	    val = test_token(client, clientC, server, serverC);
-	    if (val)
-		break;
-	    
-	    toast_resource(client, clientC);
-	    toast_resource(server, serverC);
-	    if (!delegCred) {
-		warnx("no delegated cred on %s", server->moniker);
-		break;
-	    }
-	    toast_resource(client, hCred);
-	    hCred = delegCred;
-	    client = server;
-	}
-	if (hCred)
-	    toast_resource(client, hCred);
-    }
-    
-    /*
-     * Close all connections to clients
-     */
-    
-out:
-    printf("sending goodbye and waiting for log sockets\n");
-    for (i = 0; i < num_clients; i++) {
-	goodbye(clients[i]);
-	if (clients[i]->logsock) {
-#ifdef ENABLE_PTHREAD_SUPPORT
-	    pthread_join(&clients[i]->thr, NULL);
-#else
-	    waitpid(clients[i]->child, NULL, 0);
-#endif
-	}
-    }
-
-    printf("done\n");
-
-    return 0;
-}
diff --git a/crypto/heimdal/appl/gssmask/gssmask.c b/crypto/heimdal/appl/gssmask/gssmask.c
deleted file mode 100644
index 46b532b61f5a..000000000000
--- a/crypto/heimdal/appl/gssmask/gssmask.c
+++ /dev/null
@@ -1,1092 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "common.h"
-RCSID("$Id: gssmask.c 21229 2007-06-20 10:19:19Z lha $");
-
-/*
- *
- */
-
-enum handle_type { handle_context, handle_cred };
-
-struct handle {
-    int32_t idx;
-    enum handle_type type;
-    void *ptr;
-    struct handle *next;
-};
-
-struct client {
-    krb5_storage *sock;
-    krb5_storage *logging;
-    char *moniker;
-    int32_t nHandle;
-    struct handle *handles;
-    struct sockaddr_storage sa;
-    socklen_t salen;
-    char servername[MAXHOSTNAMELEN];
-};
-
-FILE *logfile;
-static char *targetname;
-krb5_context context;
-
-/*
- *
- */
-
-static void
-logmessage(struct client *c, const char *file, unsigned int lineno,
-	   int level, const char *fmt, ...)
-{
-    char *message;
-    va_list ap;
-    int32_t ackid;
-
-    va_start(ap, fmt);
-    vasprintf(&message, fmt, ap);
-    va_end(ap);
-
-    if (logfile)
-	fprintf(logfile, "%s:%u: %d %s\n", file, lineno, level, message);
-
-    if (c->logging) {
-	if (krb5_store_int32(c->logging, eLogInfo) != 0)
-	    errx(1, "krb5_store_int32: log level");
-	if (krb5_store_string(c->logging, file) != 0)
-	    errx(1, "krb5_store_string: filename");
-	if (krb5_store_int32(c->logging, lineno) != 0)
-	    errx(1, "krb5_store_string: filename");
-	if (krb5_store_string(c->logging, message) != 0)
-	    errx(1, "krb5_store_string: message");
-	if (krb5_ret_int32(c->logging, &ackid) != 0)
-	    errx(1, "krb5_ret_int32: ackid");
-    }
-    free(message);
-}
-
-/*
- *
- */
-
-static int32_t
-add_handle(struct client *c, enum handle_type type, void *data)
-{
-    struct handle *h;
-
-    h = ecalloc(1, sizeof(*h));
-
-    h->idx = ++c->nHandle;
-    h->type = type;
-    h->ptr = data;
-    h->next = c->handles;
-    c->handles = h;
-
-    return h->idx;
-}
-
-static void
-del_handle(struct handle **h, int32_t idx)
-{
-    OM_uint32 min_stat;
-
-    if (idx == 0)
-	return;
-
-    while (*h) {
-	if ((*h)->idx == idx) {
-	    struct handle *p = *h;
-	    *h = (*h)->next;
-	    switch(p->type) {
-	    case handle_context: {
-		gss_ctx_id_t c = p->ptr;
-		gss_delete_sec_context(&min_stat, &c, NULL);
-		break; }
-	    case handle_cred: {
-		gss_cred_id_t c = p->ptr;
-		gss_release_cred(&min_stat, &c);
-		break; }
-	    }
-	    free(p);
-	    return;
-	}
-	h = &((*h)->next);
-    }
-    errx(1, "tried to delete an unexisting handle");
-}
-
-static void *
-find_handle(struct handle *h, int32_t idx, enum handle_type type)
-{
-    if (idx == 0)
-	return NULL;
-    
-    while (h) {
-	if (h->idx == idx) {
-	    if (type == h->type)
-		return h->ptr;
-	    errx(1, "monger switched type on handle!");
-	}
-	h = h->next;
-    }
-    return NULL;    
-}
-
-
-static int32_t
-convert_gss_to_gsm(OM_uint32 maj_stat)
-{
-    switch(maj_stat) {
-    case 0:
-	return GSMERR_OK;
-    case GSS_S_CONTINUE_NEEDED:
-	return GSMERR_CONTINUE_NEEDED;
-    case GSS_S_DEFECTIVE_TOKEN:
-        return GSMERR_INVALID_TOKEN;
-    case GSS_S_BAD_MIC:
-	return GSMERR_AP_MODIFIED;
-    default:
-	return GSMERR_ERROR;
-    }
-}
-
-static int32_t
-convert_krb5_to_gsm(krb5_error_code ret)
-{
-    switch(ret) {
-    case 0:
-	return GSMERR_OK;
-    default:
-	return GSMERR_ERROR;
-    }
-}
-
-/*
- *
- */
-
-static int32_t
-acquire_cred(struct client *c,
-	     krb5_principal principal,
-	     krb5_get_init_creds_opt *opt,
-	     int32_t *handle)
-{
-    krb5_error_code ret;
-    krb5_creds cred;
-    krb5_ccache id;
-    gss_cred_id_t gcred;
-    OM_uint32 maj_stat, min_stat;
-
-    *handle = 0;
-
-    krb5_get_init_creds_opt_set_forwardable (opt, 1);
-    krb5_get_init_creds_opt_set_renew_life (opt, 3600 * 24 * 30);
-
-    memset(&cred, 0, sizeof(cred));
-
-    ret = krb5_get_init_creds_password (context,
-					&cred,
-					principal,
-					NULL,
-					NULL,
-					NULL,
-					0,
-					NULL,
-					opt);
-    if (ret) {
-	logmessage(c, __FILE__, __LINE__, 0,
-		   "krb5_get_init_creds failed: %d", ret);
-	return convert_krb5_to_gsm(ret);
-    }
-	
-    ret = krb5_cc_new_unique(context, "MEMORY", NULL, &id);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_cc_initialize");
-
-    ret = krb5_cc_initialize (context, id, cred.client);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_cc_initialize");
-    
-    ret = krb5_cc_store_cred (context, id, &cred);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_cc_store_cred");
-
-    krb5_free_cred_contents (context, &cred);
-
-    maj_stat = gss_krb5_import_cred(&min_stat,
-				    id,
-				    NULL,
-				    NULL,
-				    &gcred);
-    krb5_cc_close(context, id);
-    if (maj_stat) {
-	logmessage(c, __FILE__, __LINE__, 0,
-		   "krb5 import creds failed with: %d", maj_stat);
-	return convert_gss_to_gsm(maj_stat);
-    }
-
-    *handle = add_handle(c, handle_cred, gcred);
-
-    return 0;
-}
-
-
-/*
- *
- */
-
-#define HandleOP(h) \
-handle##h(enum gssMaggotOp op, struct client *c)
-
-/*
- *
- */
-
-static int
-HandleOP(GetVersionInfo)
-{
-    put32(c, GSSMAGGOTPROTOCOL);
-    errx(1, "GetVersionInfo");
-}
-
-static int
-HandleOP(GoodBye)
-{
-    struct handle *h = c->handles;
-    int i = 0;
-
-    while (h) {
-	h = h->next;
-	i++;
-    }
-
-    if (i != 0)
-	logmessage(c, __FILE__, __LINE__, 0,
-		   "Did not toast all resources: %d", i);
-    return 1;
-}
-
-static int
-HandleOP(InitContext)
-{
-    OM_uint32 maj_stat, min_stat, ret_flags;
-    int32_t hContext, hCred, flags;
-    krb5_data target_name, in_token;
-    int32_t new_context_id = 0, gsm_error = 0;
-    krb5_data out_token = { 0 , NULL };
-
-    gss_ctx_id_t ctx;
-    gss_cred_id_t creds;
-    gss_name_t gss_target_name;
-    gss_buffer_desc input_token, output_token;
-    gss_OID oid = GSS_C_NO_OID;
-    gss_buffer_t input_token_ptr = GSS_C_NO_BUFFER;
-
-    ret32(c, hContext);
-    ret32(c, hCred);
-    ret32(c, flags);
-    retdata(c, target_name);
-    retdata(c, in_token);
-
-    logmessage(c, __FILE__, __LINE__, 0,
-	       "targetname: <%.*s>", (int)target_name.length,
-	       (char *)target_name.data);
-
-    ctx = find_handle(c->handles, hContext, handle_context);
-    if (ctx == NULL)
-	hContext = 0;
-    creds = find_handle(c->handles, hCred, handle_cred);
-    if (creds == NULL)
-	abort();
-
-    input_token.length = target_name.length;
-    input_token.value = target_name.data;
-
-    maj_stat = gss_import_name(&min_stat,
-			       &input_token,
-			       GSS_KRB5_NT_PRINCIPAL_NAME,
-			       &gss_target_name);
-    if (GSS_ERROR(maj_stat)) {
-	logmessage(c, __FILE__, __LINE__, 0,
-		   "import name creds failed with: %d", maj_stat);
-	gsm_error = convert_gss_to_gsm(maj_stat);
-	goto out;
-    }
-
-    /* oid from flags */
-
-    if (in_token.length) {
-	input_token.length = in_token.length;
-	input_token.value = in_token.data;
-	input_token_ptr = &input_token;
-	if (ctx == NULL)
-	    krb5_errx(context, 1, "initcreds, context NULL, but not first req");
-    } else {
-	input_token.length = 0;
-	input_token.value = NULL;
-	if (ctx)
-	    krb5_errx(context, 1, "initcreds, context not NULL, but first req");
-    }
-	
-    if ((flags & GSS_C_DELEG_FLAG) != 0)
-	logmessage(c, __FILE__, __LINE__, 0, "init_sec_context delegating");
-    if ((flags & GSS_C_DCE_STYLE) != 0)
-	logmessage(c, __FILE__, __LINE__, 0, "init_sec_context dce-style");
-
-    maj_stat = gss_init_sec_context(&min_stat,
-				    creds,
-				    &ctx,
-				    gss_target_name,
-				    oid,
-				    flags & 0x7f,
-				    0, 
-				    NULL,
-				    input_token_ptr,
-				    NULL,
-				    &output_token,
-				    &ret_flags,
-				    NULL);
-    if (GSS_ERROR(maj_stat)) {
-	if (hContext != 0)
-	    del_handle(&c->handles, hContext);
-	new_context_id = 0;
-	logmessage(c, __FILE__, __LINE__, 0,
-		   "gss_init_sec_context returns code: %d/%d", 
-		   maj_stat, min_stat);
-    } else {
-	if (input_token.length == 0)
-	    new_context_id = add_handle(c, handle_context, ctx);
-	else
-	    new_context_id = hContext;
-    }
-
-    gsm_error = convert_gss_to_gsm(maj_stat);
-
-    if (output_token.length) {
-	out_token.data = output_token.value;
-	out_token.length = output_token.length;
-    }
-
-out:
-    logmessage(c, __FILE__, __LINE__, 0,
-	       "InitContext return code: %d", gsm_error);
-
-    put32(c, new_context_id);
-    put32(c, gsm_error);
-    putdata(c, out_token);
-
-    gss_release_name(&min_stat, &gss_target_name);
-    if (output_token.length)
-	gss_release_buffer(&min_stat, &output_token);
-    krb5_data_free(&in_token);
-    krb5_data_free(&target_name);
-
-    return 0;
-}
-
-static int
-HandleOP(AcceptContext)
-{
-    OM_uint32 maj_stat, min_stat, ret_flags;
-    int32_t hContext, deleg_hcred, flags;
-    krb5_data in_token;
-    int32_t new_context_id = 0, gsm_error = 0;
-    krb5_data out_token = { 0 , NULL };
-
-    gss_ctx_id_t ctx;
-    gss_cred_id_t deleg_cred = GSS_C_NO_CREDENTIAL;
-    gss_buffer_desc input_token, output_token;
-    gss_buffer_t input_token_ptr = GSS_C_NO_BUFFER;
-
-    ret32(c, hContext);
-    ret32(c, flags);
-    retdata(c, in_token);
-
-    ctx = find_handle(c->handles, hContext, handle_context);
-    if (ctx == NULL)
-	hContext = 0;
-
-    if (in_token.length) {
-	input_token.length = in_token.length;
-	input_token.value = in_token.data;
-	input_token_ptr = &input_token;
-    } else {
-	input_token.length = 0;
-	input_token.value = NULL;
-    }
-
-    maj_stat = gss_accept_sec_context(&min_stat,
-				      &ctx,
-				      GSS_C_NO_CREDENTIAL,
-				      &input_token,
-				      GSS_C_NO_CHANNEL_BINDINGS,
-				      NULL,
-				      NULL,
-				      &output_token,
-				      &ret_flags,
-				      NULL,
-				      &deleg_cred);
-    if (GSS_ERROR(maj_stat)) {
-	if (hContext != 0)
-	    del_handle(&c->handles, hContext);
-	logmessage(c, __FILE__, __LINE__, 0,
-		   "gss_accept_sec_context returns code: %d/%d", 
-		   maj_stat, min_stat);
-	new_context_id = 0;
-    } else {
-	if (hContext == 0)
-	    new_context_id = add_handle(c, handle_context, ctx);
-	else
-	    new_context_id = hContext;
-    }
-    if (output_token.length) {
-	out_token.data = output_token.value;
-	out_token.length = output_token.length;
-    }
-    if ((ret_flags & GSS_C_DCE_STYLE) != 0)
-	logmessage(c, __FILE__, __LINE__, 0, "accept_sec_context dce-style");
-    if ((ret_flags & GSS_C_DELEG_FLAG) != 0) {
-	deleg_hcred = add_handle(c, handle_cred, deleg_cred);
-	logmessage(c, __FILE__, __LINE__, 0,
-		   "accept_context delegated handle: %d", deleg_hcred);
-    } else {
-	gss_release_cred(&min_stat, &deleg_cred);
-	deleg_hcred = 0;
-    }
-	 
-    
-    gsm_error = convert_gss_to_gsm(maj_stat);
-
-    put32(c, new_context_id);
-    put32(c, gsm_error);
-    putdata(c, out_token);
-    put32(c, deleg_hcred);
-
-    if (output_token.length)
-	gss_release_buffer(&min_stat, &output_token);
-    krb5_data_free(&in_token);
-
-    return 0;
-}
-
-static int
-HandleOP(ToastResource)
-{
-    int32_t handle;
-
-    ret32(c, handle);
-    logmessage(c, __FILE__, __LINE__, 0, "toasting %d", handle);
-    del_handle(&c->handles, handle);
-    put32(c, GSMERR_OK);
-
-    return 0;
-}
-
-static int
-HandleOP(AcquireCreds)
-{
-    char *name, *password;
-    int32_t gsm_error, flags, handle = 0;
-    krb5_principal principal = NULL;
-    krb5_get_init_creds_opt *opt = NULL;
-    krb5_error_code ret;
-
-    retstring(c, name);
-    retstring(c, password);
-    ret32(c, flags);
-
-    logmessage(c, __FILE__, __LINE__, 0,
-	       "username: %s password: %s", name, password);
-
-    ret = krb5_parse_name(context, name, &principal);
-    if (ret) {
-	gsm_error = convert_krb5_to_gsm(ret);
-	goto out;
-    }
-    
-    ret = krb5_get_init_creds_opt_alloc (context, &opt);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_get_init_creds_opt_alloc");
-    
-    krb5_get_init_creds_opt_set_pa_password(context, opt, password, NULL);
-
-    gsm_error = acquire_cred(c, principal, opt, &handle);
-
-out:
-    logmessage(c, __FILE__, __LINE__, 0,
-	       "AcquireCreds handle: %d return code: %d", handle, gsm_error);
-
-    if (opt)
-	krb5_get_init_creds_opt_free (context, opt);
-    if (principal)
-	krb5_free_principal(context, principal);
-    free(name);
-    free(password);
-
-    put32(c, gsm_error);
-    put32(c, handle);
-
-    return 0;
-}
-
-static int
-HandleOP(Sign)
-{
-    OM_uint32 maj_stat, min_stat;
-    int32_t hContext, flags, seqno;
-    krb5_data token;
-    gss_ctx_id_t ctx;
-    gss_buffer_desc input_token, output_token;
-
-    ret32(c, hContext);
-    ret32(c, flags);
-    ret32(c, seqno);
-    retdata(c, token);
-
-    ctx = find_handle(c->handles, hContext, handle_context);
-    if (ctx == NULL)
-	errx(1, "sign: reference to unknown context");
-
-    input_token.length = token.length;
-    input_token.value = token.data;
-    
-    maj_stat = gss_get_mic(&min_stat, ctx, 0, &input_token,
-			   &output_token);
-    if (maj_stat != GSS_S_COMPLETE)
-	errx(1, "gss_get_mic failed");
-    
-    krb5_data_free(&token);
-    
-    token.data = output_token.value;
-    token.length = output_token.length;
-    
-    put32(c, 0); /* XXX fix gsm_error */
-    putdata(c, token);
-    
-    gss_release_buffer(&min_stat, &output_token);
-    
-    return 0;
-}
-
-static int
-HandleOP(Verify)
-{
-    OM_uint32 maj_stat, min_stat;
-    int32_t hContext, flags, seqno;
-    krb5_data msg, mic;
-    gss_ctx_id_t ctx;
-    gss_buffer_desc msg_token, mic_token;
-    gss_qop_t qop;
-
-    ret32(c, hContext);
-
-    ctx = find_handle(c->handles, hContext, handle_context);
-    if (ctx == NULL)
-	errx(1, "verify: reference to unknown context");
-
-    ret32(c, flags);
-    ret32(c, seqno);
-    retdata(c, msg);
-
-    msg_token.length = msg.length;
-    msg_token.value = msg.data;
-    
-    retdata(c, mic);
-
-    mic_token.length = mic.length;
-    mic_token.value = mic.data;
-
-    maj_stat = gss_verify_mic(&min_stat, ctx, &msg_token,
-			      &mic_token, &qop);
-    if (maj_stat != GSS_S_COMPLETE)
-	errx(1, "gss_verify_mic failed");
-    
-    krb5_data_free(&mic);
-    krb5_data_free(&msg);
-    
-    put32(c, 0); /* XXX fix gsm_error */
-    
-    return 0;
-}
-
-static int
-HandleOP(GetVersionAndCapabilities)
-{
-    int32_t cap = HAS_MONIKER;
-    char name[256] = "unknown", *str;
-
-    if (targetname)
-	cap |= ISSERVER; /* is server */
-
-#ifdef HAVE_UNAME
-    {
-	struct utsname ut;
-	if (uname(&ut) == 0) {
-	    snprintf(name, sizeof(name), "%s-%s-%s", 
-		     ut.sysname, ut.version, ut.machine);
-	}
-    }
-#endif
-
-    asprintf(&str, "gssmask %s %s", PACKAGE_STRING, name);
-
-    put32(c, GSSMAGGOTPROTOCOL);
-    put32(c, cap);
-    putstring(c, str); 
-    free(str);
-
-    return 0;
-}
-
-static int
-HandleOP(GetTargetName)
-{
-    if (targetname)
-	putstring(c, targetname);
-    else
-	putstring(c, "");
-    return 0;
-}
-
-static int
-HandleOP(SetLoggingSocket)
-{
-    int32_t portnum;
-    int fd, ret;
-
-    ret32(c, portnum);
-
-    logmessage(c, __FILE__, __LINE__, 0,
-	       "logging port on peer is: %d", (int)portnum);
-
-    socket_set_port((struct sockaddr *)(&c->sa), htons(portnum));
-
-    fd = socket(((struct sockaddr *)&c->sa)->sa_family, SOCK_STREAM, 0);
-    if (fd < 0)
-	return 0;
-
-    ret = connect(fd, (struct sockaddr *)&c->sa, c->salen);
-    if (ret < 0) {
-	logmessage(c, __FILE__, __LINE__, 0, "failed connect to log port: %s",
-		   strerror(errno));
-	close(fd);
-	return 0;
-    }
-
-    if (c->logging)
-	krb5_storage_free(c->logging);
-    c->logging = krb5_storage_from_fd(fd);
-    close(fd);
-
-    krb5_store_int32(c->logging, eLogSetMoniker);
-    store_string(c->logging, c->moniker);
-    
-    logmessage(c, __FILE__, __LINE__, 0, "logging turned on");
-
-    return 0;
-}
-    
-
-static int
-HandleOP(ChangePassword)
-{
-    errx(1, "ChangePassword");
-}
-
-static int
-HandleOP(SetPasswordSelf)
-{
-    errx(1, "SetPasswordSelf");
-}
-
-static int
-HandleOP(Wrap)
-{
-    OM_uint32 maj_stat, min_stat;
-    int32_t hContext, flags, seqno;
-    krb5_data token;
-    gss_ctx_id_t ctx;
-    gss_buffer_desc input_token, output_token;
-    int conf_state;
-
-    ret32(c, hContext);
-    ret32(c, flags);
-    ret32(c, seqno);
-    retdata(c, token);
-
-    ctx = find_handle(c->handles, hContext, handle_context);
-    if (ctx == NULL)
-	errx(1, "wrap: reference to unknown context");
-
-    input_token.length = token.length;
-    input_token.value = token.data;
-    
-    maj_stat = gss_wrap(&min_stat, ctx, flags, 0, &input_token,
-			&conf_state, &output_token);
-    if (maj_stat != GSS_S_COMPLETE)
-	errx(1, "gss_wrap failed");
-    
-    krb5_data_free(&token);
-    
-    token.data = output_token.value;
-    token.length = output_token.length;
-    
-    put32(c, 0); /* XXX fix gsm_error */
-    putdata(c, token);
-    
-    gss_release_buffer(&min_stat, &output_token);
-    
-    return 0;
-}
-
-
-static int
-HandleOP(Unwrap)
-{
-    OM_uint32 maj_stat, min_stat;
-    int32_t hContext, flags, seqno;
-    krb5_data token;
-    gss_ctx_id_t ctx;
-    gss_buffer_desc input_token, output_token;
-    int conf_state;
-    gss_qop_t qop_state;
-
-    ret32(c, hContext);
-    ret32(c, flags);
-    ret32(c, seqno);
-    retdata(c, token);
-
-    ctx = find_handle(c->handles, hContext, handle_context);
-    if (ctx == NULL)
-	errx(1, "unwrap: reference to unknown context");
-
-    input_token.length = token.length;
-    input_token.value = token.data;
-    
-    maj_stat = gss_unwrap(&min_stat, ctx, &input_token,
-			  &output_token, &conf_state, &qop_state);
-    
-    if (maj_stat != GSS_S_COMPLETE)
-	errx(1, "gss_unwrap failed: %d/%d", maj_stat, min_stat);
-	
-    krb5_data_free(&token);
-    if (maj_stat == GSS_S_COMPLETE) {
-	token.data = output_token.value;
-	token.length = output_token.length;
-    } else {
-	token.data = NULL;
-	token.length = 0;
-    }
-    put32(c, 0); /* XXX fix gsm_error */
-    putdata(c, token);
-
-    if (maj_stat == GSS_S_COMPLETE)
-	gss_release_buffer(&min_stat, &output_token);
-
-    return 0;
-}
-
-static int
-HandleOP(Encrypt)
-{
-    return handleWrap(op, c);
-}
-
-static int
-HandleOP(Decrypt)
-{
-    return handleUnwrap(op, c);
-}
-
-static int
-HandleOP(ConnectLoggingService2)
-{
-    errx(1, "ConnectLoggingService2");
-}
-
-static int
-HandleOP(GetMoniker)
-{
-    putstring(c, c->moniker);
-    return 0;
-}
-
-static int
-HandleOP(CallExtension)
-{
-    errx(1, "CallExtension");
-}
-
-static int
-HandleOP(AcquirePKInitCreds)
-{
-    int32_t flags;
-    krb5_data pfxdata;
-
-    ret32(c, flags);
-    retdata(c, pfxdata);
-
-    /* get credentials */
-
-    krb5_data_free(&pfxdata);
-
-    put32(c, -1); /* hResource */
-    put32(c, GSMERR_NOT_SUPPORTED);
-    return 0;
-}
-
-/*
- *
- */
-
-struct handler {
-    enum gssMaggotOp op;
-    const char *name;
-    int (*func)(enum gssMaggotOp, struct client *);
-};
-
-#define S(a) { e##a, #a, handle##a }
-
-struct handler handlers[] = {
-    S(GetVersionInfo),
-    S(GoodBye),
-    S(InitContext),
-    S(AcceptContext),
-    S(ToastResource),
-    S(AcquireCreds),
-    S(Encrypt),
-    S(Decrypt),
-    S(Sign),
-    S(Verify),
-    S(GetVersionAndCapabilities),
-    S(GetTargetName),
-    S(SetLoggingSocket),
-    S(ChangePassword),
-    S(SetPasswordSelf),
-    S(Wrap),
-    S(Unwrap),
-    S(ConnectLoggingService2),
-    S(GetMoniker),
-    S(CallExtension),
-    S(AcquirePKInitCreds)
-};
-
-#undef S
-
-/*
- *
- */
-
-static struct handler *
-find_op(int32_t op)
-{
-    int i;
-
-    for (i = 0; i < sizeof(handlers)/sizeof(handlers[0]); i++)
-	if (handlers[i].op == op)
-	    return &handlers[i];
-    return NULL;
-}
-
-static struct client *
-create_client(int fd, int port, const char *moniker)
-{
-    struct client *c;
-
-    c = ecalloc(1, sizeof(*c));
-
-    if (moniker) {
-	c->moniker = estrdup(moniker);
-    } else {
-	char hostname[MAXHOSTNAMELEN];
-	gethostname(hostname, sizeof(hostname));
-	asprintf(&c->moniker, "gssmask: %s:%d", hostname, port);
-    }
-
-    {
-	c->salen = sizeof(c->sa);
-	getpeername(fd, (struct sockaddr *)&c->sa, &c->salen);
-	
-	getnameinfo((struct sockaddr *)&c->sa, c->salen, 
-		    c->servername, sizeof(c->servername), 
-		    NULL, 0, NI_NUMERICHOST);
-    }
-
-    c->sock = krb5_storage_from_fd(fd);
-    if (c->sock == NULL)
-	errx(1, "krb5_storage_from_fd");
-    
-    close(fd);
-
-    return c;
-}
-
-static void
-free_client(struct client *c)
-{
-    while(c->handles)
-	del_handle(&c->handles, c->handles->idx);
-
-    free(c->moniker);
-    krb5_storage_free(c->sock);
-    if (c->logging)
-	krb5_storage_free(c->logging);
-    free(c);
-}
-
-
-static void *
-handleServer(void *ptr)
-{
-    struct handler *handler;
-    struct client *c;
-    int32_t op;
-
-    c = (struct client *)ptr;
-
-
-    while(1) {
-	ret32(c, op);
-
-	handler = find_op(op);
-	if (handler == NULL) {
-	    logmessage(c, __FILE__, __LINE__, 0,
-		       "op %d not supported", (int)op);
-	    exit(1);
-	}
-
-	logmessage(c, __FILE__, __LINE__, 0,
-		   "---> Got op %s from server %s", 
-		   handler->name, c->servername);
-
-	if ((handler->func)(handler->op, c))
-	    break;
-    }
-
-    return NULL;
-}
-
-
-static char *port_str;
-static int version_flag;
-static int help_flag;
-static char *logfile_str;
-static char *moniker_str;
-
-static int port = 4711;
-
-struct getargs args[] = {
-    { "spn",	0,   arg_string,	&targetname,	"This host's SPN",
-      "service/host@REALM" },
-    { "port",	'p', arg_string,	&port_str,	"Use this port",
-      "number-of-service" },
-    { "logfile", 0,  arg_string,	&logfile_str,	"logfile",
-      "number-of-service" },
-    { "moniker", 0,  arg_string,	&moniker_str,	"nickname",
-      "name" },
-    { "version", 0,  arg_flag,		&version_flag,	"Print version",
-      NULL },
-    { "help",	 0,  arg_flag,		&help_flag,	NULL,
-      NULL }
-};
-
-static void
-usage(int ret)
-{
-    arg_printusage (args,
-		    sizeof(args) / sizeof(args[0]),
-		    NULL,
-		    "");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    int optidx	= 0;
-
-    setprogname (argv[0]);
-
-    if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage (1);
-
-    if (help_flag)
-	usage (0);
-
-    if (version_flag) {
-	print_version (NULL);
-	return 0;
-    }
-
-    if (optidx != argc)
-	usage (1);
-
-    if (port_str) {
-	char *ptr;
-
-	port = strtol (port_str, &ptr, 10);
-	if (port == 0 && ptr == port_str)
-	    errx (1, "Bad port `%s'", port_str);
-    }
-
-    krb5_init_context(&context);
-
-    {
-	const char *lf = logfile_str;
-	if (lf == NULL)
-	    lf = "/dev/tty";
-
-	logfile = fopen(lf, "w");
-	if (logfile == NULL)
-	    err(1, "error opening %s", lf);
-    }
-
-    mini_inetd(htons(port));
-    fprintf(logfile, "connected\n");
-
-    {
-	struct client *c; 
-
-	c = create_client(0, port, moniker_str);
-	/* close(0); */
-
-	handleServer(c);
-
-	free_client(c);
-    }
-
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/appl/gssmask/protocol.h b/crypto/heimdal/appl/gssmask/protocol.h
deleted file mode 100644
index 3683fa6edb1d..000000000000
--- a/crypto/heimdal/appl/gssmask/protocol.h
+++ /dev/null
@@ -1,286 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
- * $Id: protocol.h 18352 2006-10-08 13:53:28Z lha $
- */
-
-/* missing from tests:
- * - export context
- * - import context
- */
-
-/*
- * wire encodings:
- *   int16: number, 2 bytes, in network order
- *   int32: number, 4 bytes, in network order
- *   length-encoded: [int32 length, data of length bytes]
- *   string: [int32 length, string of length + 1 bytes, includes trailing '\0' ]
- */
-
-enum gssMaggotErrorCodes {
-    GSMERR_OK		= 0,
-    GSMERR_ERROR,
-    GSMERR_CONTINUE_NEEDED,
-    GSMERR_INVALID_TOKEN,
-    GSMERR_AP_MODIFIED,
-    GSMERR_TEST_ISSUE,
-    GSMERR_NOT_SUPPORTED
-};
-
-/*
- * input:
- *   int32: message OP (enum gssMaggotProtocol)
- *   ...
- *
- * return:   -- on error 
- *    int32: not support (GSMERR_NOT_SUPPORTED)
- * 
- * return:   -- on existing message OP
- *    int32: support (GSMERR_OK) -- only sent for extensions
- *    ...
- */
-
-#define GSSMAGGOTPROTOCOL 14
-
-enum gssMaggotOp {
-    eGetVersionInfo	= 0,
-    /* 
-     * input:
-     *   none
-     * return:
-     *   int32: last version handled 
-     */
-    eGoodBye,
-    /* 
-     * input:
-     *   none
-     * return:
-     *   close socket
-     */
-    eInitContext,
-    /* 
-     * input:
-     *   int32: hContext
-     *   int32: hCred
-     *   int32: Flags
-     *      the lowest 0x7f flags maps directly to GSS-API flags
-     *      DELEGATE		0x001 
-     *      MUTUAL_AUTH		0x002 
-     *      REPLAY_DETECT	0x004
-     *      SEQUENCE_DETECT	0x008
-     *      CONFIDENTIALITY	0x010
-     *      INTEGRITY		0x020
-     *      ANONYMOUS		0x040
-     *
-     *      FIRST_CALL		0x080
-     *
-     *      NTLM		0x100
-     *      SPNEGO		0x200
-     *   length-encoded: targetname
-     *   length-encoded: token
-     * return:
-     *   int32: hNewContextId
-     *   int32: gssapi status val
-     *   length-encoded: output token
-     */
-    eAcceptContext,
-    /* 
-     * input:
-     *   int32: hContext
-     *   int32: Flags		-- unused ?
-     *      flags are same as flags for eInitContext
-     *   length-encoded: token
-     * return:
-     *   int32: hNewContextId
-     *   int32: gssapi status val
-     *   length-encoded: output token
-     *   int32: delegation cred id
-     */
-    eToastResource,
-    /*
-     * input:
-     *   int32: hResource
-     * return:
-     *   int32: gsm status val
-     */
-    eAcquireCreds,
-    /*
-     * input:
-     *   string: principal name
-     *   string: password
-     *   int32: flags
-     *      FORWARDABLE		0x001
-     *      DEFAULT_CREDS	0x002
-     *
-     *      NTLM		0x100
-     *      SPNEGO		0x200
-     * return:
-     *   int32: gsm status val
-     *   int32: hCred
-     */
-    eEncrypt,
-    /*
-     * input:
-     *   int32: hContext
-     *   int32: flags		-- unused
-     *   int32: seqno		-- unused
-     *   length-encode: plaintext
-     * return:
-     *   int32: gsm status val
-     *   length-encode: ciphertext
-     */
-    eDecrypt,
-    /*
-     * input:
-     *   int32: hContext
-     *   int32: flags		-- unused
-     *   int32: seqno		-- unused
-     *   length-encode: ciphertext
-     * return:
-     *   int32: gsm status val
-     *   length-encode: plaintext
-     */
-    eSign,
-    /* message same as eEncrypt */
-    eVerify,
-    /*
-     * input:
-     *   int32: hContext
-     *   int32: flags		-- unused
-     *   int32: seqno		-- unused
-     *   length-encode: message
-     *   length-encode: signature
-     * return:
-     *   int32: gsm status val
-     */
-    eGetVersionAndCapabilities,
-    /*
-     * return:
-     *   int32: protocol version
-     *   int32: capability flags */
-#define      ISSERVER		0x01
-#define      ISKDC		0x02
-#define      MS_KERBEROS	0x04
-#define      LOGSERVER		0x08
-#define      HAS_MONIKER	0x10
-    /*   string: version string
-     */
-    eGetTargetName,
-    /*
-     * return:
-     *   string: target principal name
-     */
-    eSetLoggingSocket,
-    /*
-     * input:
-     *   int32: hostPort
-     * return to the port on the host:
-     *   int32: opcode - for example eLogSetMoniker
-     */
-    eChangePassword,
-    /* here ended version 7 of the protocol */
-    /*
-     * input:
-     *   string: principal name
-     *   string: old password
-     *   string: new password
-     * return:
-     *   int32: gsm status val
-     */
-    eSetPasswordSelf,
-    /* same as eChangePassword */
-    eWrap,
-    /* message same as eEncrypt */
-    eUnwrap,
-    /* message same as eDecrypt */
-    eConnectLoggingService2,
-    /*
-     * return1:
-     *   int16: log port number
-     *   int32: master log prototocol version (0)
-     * 
-     * wait for master to connect on the master log socket
-     *
-     * return2:
-     *   int32: gsm connection status
-     *   int32: maggot log prototocol version (2)
-     */
-    eGetMoniker,
-    /*
-     * return:
-     *   string: moniker (Nickname the master can refer to maggot)
-     */
-    eCallExtension,
-    /*
-     * input:
-     *   string: extension name
-     *   int32: message id
-     * return:
-     *   int32: gsm status val
-     */
-    eAcquirePKInitCreds,
-    /*
-     * input:
-     *   int32: flags
-     *   length-encode: certificate (pkcs12 data)
-     * return:
-     *   int32: hResource
-     *   int32: gsm status val (GSMERR_NOT_SUPPORTED)
-     */
-    /* here ended version 7 of the protocol */
-    eLastProtocolMessage
-};
-
-enum gssMaggotLogOp{
-  eLogInfo = 0,
-	/*
-	string: File
-	int32: Line
-	string: message
-     reply:
-  	int32: ackid
-	*/
-  eLogFailure,
-	/*
-	string: File
-	int32: Line
-	string: message
-     reply:
-  	int32: ackid
-	*/
-  eLogSetMoniker
-	/*
-	string: moniker
-	*/
-};
diff --git a/crypto/heimdal/appl/kf/Makefile.am b/crypto/heimdal/appl/kf/Makefile.am
deleted file mode 100644
index 10d4be6ca65b..000000000000
--- a/crypto/heimdal/appl/kf/Makefile.am
+++ /dev/null
@@ -1,20 +0,0 @@
-# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-bin_PROGRAMS = kf
-
-libexec_PROGRAMS = kfd
-
-man_MANS = kf.1 kfd.8
-
-kf_SOURCES = kf.c kf_locl.h
-
-kfd_SOURCES = kfd.c kf_locl.h
-
-LDADD = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken)
-
-EXTRA_DIST = $(man_MANS)
diff --git a/crypto/heimdal/appl/kf/Makefile.in b/crypto/heimdal/appl/kf/Makefile.in
deleted file mode 100644
index 1dc0684ead24..000000000000
--- a/crypto/heimdal/appl/kf/Makefile.in
+++ /dev/null
@@ -1,925 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common
-bin_PROGRAMS = kf$(EXEEXT)
-libexec_PROGRAMS = kfd$(EXEEXT)
-subdir = appl/kf
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" \
-	"$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)"
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS)
-am_kf_OBJECTS = kf.$(OBJEXT)
-kf_OBJECTS = $(am_kf_OBJECTS)
-kf_LDADD = $(LDADD)
-am__DEPENDENCIES_1 =
-kf_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
-	$(am__DEPENDENCIES_1)
-am_kfd_OBJECTS = kfd.$(OBJEXT)
-kfd_OBJECTS = $(am_kfd_OBJECTS)
-kfd_LDADD = $(LDADD)
-kfd_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
-	$(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-SOURCES = $(kf_SOURCES) $(kfd_SOURCES)
-DIST_SOURCES = $(kf_SOURCES) $(kfd_SOURCES)
-man1dir = $(mandir)/man1
-man8dir = $(mandir)/man8
-MANS = $(man_MANS)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-man_MANS = kf.1 kfd.8
-kf_SOURCES = kf.c kf_locl.h
-kfd_SOURCES = kfd.c kf_locl.h
-LDADD = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken)
-
-EXTRA_DIST = $(man_MANS)
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps appl/kf/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps appl/kf/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(bindir)/$$f"; \
-	done
-
-clean-binPROGRAMS:
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-install-libexecPROGRAMS: $(libexec_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)"
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(libexecdir)/$$f'"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(libexecdir)/$$f" || exit 1; \
-	  else :; fi; \
-	done
-
-uninstall-libexecPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f '$(DESTDIR)$(libexecdir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(libexecdir)/$$f"; \
-	done
-
-clean-libexecPROGRAMS:
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-kf$(EXEEXT): $(kf_OBJECTS) $(kf_DEPENDENCIES) 
-	@rm -f kf$(EXEEXT)
-	$(LINK) $(kf_OBJECTS) $(kf_LDADD) $(LIBS)
-kfd$(EXEEXT): $(kfd_OBJECTS) $(kfd_DEPENDENCIES) 
-	@rm -f kfd$(EXEEXT)
-	$(LINK) $(kfd_OBJECTS) $(kfd_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-man1: $(man1_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)"
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    1*) ;; \
-	    *) ext='1' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \
-	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \
-	done
-uninstall-man1:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    1*) ;; \
-	    *) ext='1' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \
-	  rm -f "$(DESTDIR)$(man1dir)/$$inst"; \
-	done
-install-man8: $(man8_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    8*) ;; \
-	    *) ext='8' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
-	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
-	done
-uninstall-man8:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    8*) ;; \
-	    *) ext='8' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
-	  rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-installdirs:
-	for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
-	clean-libtool mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am: install-binPROGRAMS install-libexecPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man: install-man1 install-man8
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-binPROGRAMS uninstall-libexecPROGRAMS \
-	uninstall-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-uninstall-man: uninstall-man1 uninstall-man8
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
-	clean clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
-	clean-libtool ctags dist-hook distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-binPROGRAMS install-data install-data-am \
-	install-data-hook install-dvi install-dvi-am install-exec \
-	install-exec-am install-exec-hook install-html install-html-am \
-	install-info install-info-am install-libexecPROGRAMS \
-	install-man install-man1 install-man8 install-pdf \
-	install-pdf-am install-ps install-ps-am install-strip \
-	installcheck installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-binPROGRAMS \
-	uninstall-hook uninstall-libexecPROGRAMS uninstall-man \
-	uninstall-man1 uninstall-man8
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/kf/kf.1 b/crypto/heimdal/appl/kf/kf.1
deleted file mode 100644
index 97e408d0d927..000000000000
--- a/crypto/heimdal/appl/kf/kf.1
+++ /dev/null
@@ -1,112 +0,0 @@
-.\" Copyright (c) 2000 - 2001 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: kf.1 11986 2003-04-11 12:43:57Z lha $
-.\"
-.Dd July  2, 2000
-.Dt KF 1
-.Os Heimdal
-.Sh NAME
-.Nm kf
-.Nd securely forward tickets
-.Sh SYNOPSIS
-.Nm
-.Oo
-.Fl p Ar port |
-.Fl -port Ns = Ns Ar port
-.Oc
-.Oo
-.Fl l Ar login |
-.Fl -login Ns = Ns Ar login
-.Oc
-.Oo
-.Fl c Ar ccache |
-.Fl -ccache Ns = Ns Ar ccache
-.Oc
-.Op Fl F | -forwardable
-.Op Fl G | -no-forwardable
-.Op Fl h | -help
-.Op Fl -version
-.Ar host ...
-.Sh DESCRIPTION
-The
-.Nm
-program forwards tickets to a remote host through an authenticated
-and encrypted stream.
-Options supported are:
-.Bl -tag -width indent
-.It Xo
-.Fl p Ar port ,
-.Fl -port Ns = Ns Ar port
-.Xc
-port to connect to
-.It Xo
-.Fl l Ar login ,
-.Fl -login Ns = Ns Ar login
-.Xc
-remote login name
-.It Xo
-.Fl c Ar ccache ,
-.Fl -ccache Ns = Ns Ar ccache
-.Xc
-remote cred cache
-.It Fl F , -forwardable
-forward forwardable credentials
-.It Fl G , -no-forwardable
-do not forward forwardable credentials
-.It Fl h , -help
-.It Fl -version
-.El
-.Pp
-.Nm
-is useful when you do not want to enter your password on a remote host
-but want to have your tickets one for example AFS.
-.Pp
-In order for
-.Nm
-to work you will need to acquire your initial ticket with forwardable
-flag, i.e.
-.Nm kinit Fl -forwardable .
-.Pp
-.Nm telnet
-is able to forward tickets by itself.
-.\".Sh ENVIRONMENT
-.\".Sh FILES
-.\".Sh EXAMPLES
-.\".Sh DIAGNOSTICS
-.Sh SEE ALSO
-.Xr kinit 1 ,
-.Xr telnet 1 ,
-.Xr kfd 8
-.\".Sh STANDARDS
-.\".Sh HISTORY
-.\".Sh AUTHORS
-.\".Sh BUGS
diff --git a/crypto/heimdal/appl/kf/kf.c b/crypto/heimdal/appl/kf/kf.c
deleted file mode 100644
index 637796548fc0..000000000000
--- a/crypto/heimdal/appl/kf/kf.c
+++ /dev/null
@@ -1,335 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000, 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kf_locl.h"
-RCSID("$Id: kf.c 11400 2002-09-05 15:00:03Z joda $");
-
-krb5_context context;
-static int help_flag;
-static int version_flag;
-static char *port_str;
-const char *service     = KF_SERVICE;
-const char *remote_name = NULL;
-int forwardable   = 0;
-const char *ccache_name = NULL;
-
-static struct getargs args[] = {
-    { "port", 'p', arg_string, &port_str, "port to connect to", "port" },
-    { "login", 'l',arg_string, &remote_name,"remote login name","login"},
-    { "ccache", 'c',arg_string, &ccache_name, "remote cred cache","ccache"},
-    { "forwardable",'F',arg_flag,&forwardable,
-       "Forward forwardable credentials", NULL },
-    { "forwardable",'G',arg_negative_flag,&forwardable,
-       "Don't forward forwardable credentials", NULL },
-    { "help", 'h', arg_flag, &help_flag },
-    { "version", 0, arg_flag, &version_flag }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(int code, struct getargs *args, int num_args)
-{
-    arg_printusage(args, num_args, NULL, "hosts");
-    exit(code);
-}
-
-static int
-client_setup(krb5_context *context, int *argc, char **argv)
-{
-    int optind = 0;
-    int port = 0;
-    int status;
-
-    setprogname (argv[0]);
- 
-    status = krb5_init_context (context);
-    if (status)
-	errx(1, "krb5_init_context failed: %d", status);
- 
-    forwardable = krb5_config_get_bool (*context, NULL,
-					"libdefaults",
-					"forwardable",
-					NULL); 
- 
-    if (getarg (args, num_args, *argc, argv, &optind))
-	usage(1, args, num_args);
-
-    if(help_flag)
-	usage (0, args, num_args);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-    
-    if(port_str) {
-	struct servent *s = roken_getservbyname(port_str, "tcp");
-	if(s)
-	    port = s->s_port;
-	else {
-	    char *ptr;
-
-	    port = strtol (port_str, &ptr, 10);
-	    if (port == 0 && ptr == port_str)
-		errx (1, "Bad port `%s'", port_str);
-	    port = htons(port);
-	}
-    }
-
-    if (port == 0)
-	port = krb5_getportbyname (*context, KF_PORT_NAME, "tcp", KF_PORT_NUM);
-   
-    if(*argc - optind < 1)
-        usage(1, args, num_args);
-    *argc = optind;
-
-    return port;
-}
-
-/*
- * forward creds to `hostname'/`service' over `sock'
- * return 0 iff OK
- */
-
-static int
-proto (int sock, const char *hostname, const char *service,
-       char *message, size_t len)
-{
-    krb5_auth_context auth_context;
-    krb5_error_code status;
-    krb5_principal server;
-    krb5_data data;
-    krb5_data data_send;
-
-    krb5_ccache     ccache;
-    krb5_creds      creds;
-    krb5_kdc_flags  flags;
-    krb5_principal  principal;
-
-    status = krb5_auth_con_init (context, &auth_context);
-    if (status) {
-	krb5_warn (context, status, "krb5_auth_con_init");
-	return 1;
-    }
-
-    status = krb5_auth_con_setaddrs_from_fd (context,
-					     auth_context,
-					     &sock);
-    if (status) {
-	krb5_warn (context, status, "krb5_auth_con_setaddr");
-	return 1;
-    }
-
-    status = krb5_sname_to_principal (context,
-				      hostname,
-				      service,
-				      KRB5_NT_SRV_HST,
-				      &server);
-    if (status) {
-	krb5_warn (context, status, "krb5_sname_to_principal");
-	return 1;
-    }
-
-    status = krb5_sendauth (context,
-			    &auth_context,
-			    &sock,
-			    KF_VERSION_1,
-			    NULL,
-			    server,
-			    AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SUBKEY,
-			    NULL,
-			    NULL,
-			    NULL,
-			    NULL,
-			    NULL,
-			    NULL);
-    if (status) {
-	krb5_warn(context, status, "krb5_sendauth");
-	return 1;
-    }
-
-    if (ccache_name == NULL)
-	ccache_name = "";
-
-    data_send.data   = (void *)remote_name;
-    data_send.length = strlen(remote_name) + 1;
-    status = krb5_write_priv_message(context, auth_context, &sock, &data_send);
-    if (status) {
-	krb5_warn (context, status, "krb5_write_message");
-	return 1;
-    }
-    data_send.data   = (void *)ccache_name;
-    data_send.length = strlen(ccache_name)+1;
-    status = krb5_write_priv_message(context, auth_context, &sock, &data_send);
-    if (status) {
-	krb5_warn (context, status, "krb5_write_message");
-	return 1;
-    }
-
-    memset (&creds, 0, sizeof(creds));
-
-    status = krb5_cc_default (context, &ccache);
-    if (status) {
-	krb5_warn (context, status, "krb5_cc_default");
-	return 1;
-    }
-
-    status = krb5_cc_get_principal (context, ccache, &principal);
-    if (status) {
-	krb5_warn (context, status, "krb5_cc_get_principal");
-	return 1;
-    }
-
-    creds.client = principal;
-    
-    status = krb5_make_principal (context,
-				  &creds.server,
-				  principal->realm,
-				  KRB5_TGS_NAME,
-				  principal->realm,
-				  NULL);
-
-    if (status) {
-	krb5_warn (context, status, "krb5_make_principal");
-	return 1;
-    }
-
-    creds.times.endtime = 0;
-
-    flags.i = 0;
-    flags.b.forwarded   = 1;
-    flags.b.forwardable = forwardable;
-
-    status = krb5_get_forwarded_creds (context,
-				       auth_context,
-				       ccache,
-				       flags.i,
-				       hostname,
-				       &creds,
-				       &data);
-    if (status) {
-	krb5_warn (context, status, "krb5_get_forwarded_creds");
-	return 1;
-    }
-
-    status = krb5_write_priv_message(context, auth_context, &sock, &data);
-
-    if (status) {
-	krb5_warn (context, status, "krb5_mk_priv");
-	return 1;
-    }
-    
-    krb5_data_free (&data);
-
-    status = krb5_read_priv_message(context, auth_context, &sock, &data);
-    if (status) {
-	krb5_warn (context, status, "krb5_mk_priv");
-	return 1;
-    }
-    if(data.length >= len) {
-	krb5_warnx (context, "returned string is too long, truncating");
-	memcpy(message, data.data, len);
-	message[len - 1] = '\0';
-    } else {
-	memcpy(message, data.data, data.length);
-	message[data.length] = '\0';
-    }
-    krb5_data_free (&data);
-
-    return(strcmp(message, "ok"));
-}
-
-static int
-doit (const char *hostname, int port, const char *service, 
-      char *message, size_t len)
-{
-    struct addrinfo *ai, *a;
-    struct addrinfo hints;
-    int error;
-    char portstr[NI_MAXSERV];
-
-    memset (&hints, 0, sizeof(hints));
-    hints.ai_socktype = SOCK_STREAM;
-    hints.ai_protocol = IPPROTO_TCP;
-
-    snprintf (portstr, sizeof(portstr), "%u", ntohs(port));
-
-    error = getaddrinfo (hostname, portstr, &hints, &ai);
-    if (error) {
-	errx (1, "getaddrinfo(%s): %s", hostname, gai_strerror(error));
-    }
-
-    for (a = ai; a != NULL; a = a->ai_next) {
-	int s;
-
-	s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
-	if (s < 0)
-	    continue;
-	if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
-	    warn ("connect(%s)", hostname);
-	    close (s);
-	    continue;
-	}
-	freeaddrinfo (ai);
-	return proto (s, hostname, service, message, len);
-    }
-    warnx ("failed to contact %s", hostname);
-    freeaddrinfo (ai);
-    return 1;
-}
-
-int
-main(int argc, char **argv)
-{
-    int argcc,port,i;
-    int ret=0;
- 
-    argcc = argc;
-    port = client_setup(&context, &argcc, argv);
-
-    if (remote_name == NULL) {
-	remote_name = get_default_username ();
-	if (remote_name == NULL)
-	    errx (1, "who are you?");
-    }
-
-    for (i = argcc;i < argc; i++) {
-	char message[128];
-	ret = doit (argv[i], port, service, message, sizeof(message));
-	if(ret == 0)
-	    warnx ("%s: ok", argv[i]);
-	else
-	    warnx ("%s: failed: %s", argv[i], message);
-    }
-    return(ret);
-}
diff --git a/crypto/heimdal/appl/kf/kf_locl.h b/crypto/heimdal/appl/kf/kf_locl.h
deleted file mode 100644
index e4d9ee81d81d..000000000000
--- a/crypto/heimdal/appl/kf/kf_locl.h
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999, 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: kf_locl.h 11376 2002-09-04 20:29:04Z joda $ */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdarg.h>
-#include <ctype.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-#ifdef HAVE_NETINET6_IN6_H
-#include <netinet6/in6.h>
-#endif
-
-#ifdef HAVE_PWD_H
-#include <pwd.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-#include <errno.h>
-#include <roken.h>
-#include <getarg.h>
-#include <err.h>
-#include <krb5.h>
-
-#define KF_SERVICE		"host"
-
-#define KF_PORT_NAME		"kf"
-#define KF_PORT_NUM		2110
-#define KF_VERSION_1		"KFWDV0.1"
diff --git a/crypto/heimdal/appl/kf/kfd.8 b/crypto/heimdal/appl/kf/kfd.8
deleted file mode 100644
index f6767498fe7b..000000000000
--- a/crypto/heimdal/appl/kf/kfd.8
+++ /dev/null
@@ -1,85 +0,0 @@
-.\" Copyright (c) 2000 - 2002 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: kfd.8 11648 2003-02-16 21:10:32Z lha $
-.\"
-.Dd July  2, 2000
-.Dt KFD 8
-.Os Heimdal
-.Sh NAME
-.Nm kfd
-.Nd receive forwarded tickets
-.Sh SYNOPSIS
-.Nm
-.Oo
-.Fl p Ar port |
-.Fl -port Ns = Ns Ar port
-.Oc
-.Op Fl i | -inetd
-.Oo
-.Fl R Ar regpag |
-.Fl -regpag Ns = Ns Ar regpag
-.Oc
-.Op Fl h | -help
-.Op Fl -version
-.Sh DESCRIPTION
-This is the daemon for
-.Xr kf 1 .
-Supported options:
-.Bl -tag -width indent
-.It Xo
-.Fl p Ar port ,
-.Fl -port Ns = Ns Ar port
-.Xc
-port to listen to
-.It Fl i , -inetd
-not started from inetd
-.It Xo
-.Fl R Ar regpag ,
-.Fl -regpag= Ns Ar regpag
-.Xc
-path to regpag binary
-.El
-.\".Sh ENVIRONMENT
-.\".Sh FILES
-.Sh EXAMPLES
-Put the following in
-.Pa /etc/inetd.conf :
-.Bd -literal
-kf	stream	tcp	nowait	root	/usr/heimdal/libexec/kfd	kfd
-.Ed
-.\".Sh DIAGNOSTICS
-.Sh SEE ALSO
-.Xr kf 1
-.\".Sh STANDARDS
-.\".Sh HISTORY
-.\".Sh AUTHORS
-.\".Sh BUGS
diff --git a/crypto/heimdal/appl/kf/kfd.c b/crypto/heimdal/appl/kf/kfd.c
deleted file mode 100644
index 9d8c84c39026..000000000000
--- a/crypto/heimdal/appl/kf/kfd.c
+++ /dev/null
@@ -1,308 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kf_locl.h"
-RCSID("$Id: kfd.c 15246 2005-05-27 13:47:20Z lha $");
-
-krb5_context context;
-char krb5_tkfile[MAXPATHLEN];
-
-static int help_flag;
-static int version_flag;
-static char *port_str;
-char *service = KF_SERVICE;
-int do_inetd = 0;
-static char *regpag_str=NULL;
-
-static struct getargs args[] = {
-    { "port", 'p', arg_string, &port_str, "port to listen to", "port" },
-    { "inetd",'i',arg_flag, &do_inetd,
-       "Not started from inetd", NULL },
-    { "regpag",'R',arg_string,&regpag_str,"path to regpag binary","regpag"},
-    { "help", 'h', arg_flag, &help_flag },
-    { "version", 0, arg_flag, &version_flag }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(int code, struct getargs *args, int num_args)
-{
-    arg_printusage(args, num_args, NULL, "");
-    exit(code);
-}
-
-static int
-server_setup(krb5_context *context, int argc, char **argv)
-{
-    int port = 0;
-    int local_argc;
-
-    local_argc = krb5_program_setup(context, argc, argv, args, num_args, usage);
-
-    if(help_flag)
-	(*usage)(0, args, num_args);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-    
-    if(port_str){
-	struct servent *s = roken_getservbyname(port_str, "tcp");
-	if(s)
-	    port = s->s_port;
-	else {
-	    char *ptr;
-
-	    port = strtol (port_str, &ptr, 10);
-	    if (port == 0 && ptr == port_str)
-		errx (1, "Bad port `%s'", port_str);
-	    port = htons(port);
-	}
-    }
-
-    if (port == 0)
-	port = krb5_getportbyname (*context, KF_PORT_NAME, "tcp", KF_PORT_NUM);
-
-    if(argv[local_argc] != NULL)
-        usage(1, args, num_args);
-    
-    return port;
-}
-
-static int protocol_version;
-
-static krb5_boolean
-kfd_match_version(const void *arg, const char *version)
-{
-    if(strcmp(version, KF_VERSION_1) == 0) {
-	protocol_version = 1;
-	return TRUE;
-    } else if (strlen(version) == 4 &&
-	       version[0] == '0' &&
-	       version[1] == '.' &&
-	       (version[2] == '4' || version[2] == '3') &&
-	       islower((unsigned char)version[3])) {
-	protocol_version = 0;
-	return TRUE;
-    }
-    return FALSE;
-}
-
-static int
-proto (int sock, const char *service)
-{
-    krb5_auth_context auth_context;
-    krb5_error_code status;
-    krb5_principal server;
-    krb5_ticket *ticket;
-    char *name;
-    char ret_string[10];
-    char hostname[MAXHOSTNAMELEN];
-    krb5_data data;
-    krb5_data remotename;
-    krb5_data tk_file;
-    krb5_ccache ccache;
-    char ccname[MAXPATHLEN];
-    struct passwd *pwd;
-
-    status = krb5_auth_con_init (context, &auth_context);
-    if (status)
-	krb5_err(context, 1, status, "krb5_auth_con_init");
-
-    status = krb5_auth_con_setaddrs_from_fd (context,
-					     auth_context,
-					     &sock);
-    if (status)
-	krb5_err(context, 1, status, "krb5_auth_con_setaddr");
-
-    if(gethostname (hostname, sizeof(hostname)) < 0)
-	krb5_err(context, 1, errno, "gethostname");
-
-    status = krb5_sname_to_principal (context,
-				      hostname,
-				      service,
-				      KRB5_NT_SRV_HST,
-				      &server);
-    if (status)
-	krb5_err(context, 1, status, "krb5_sname_to_principal");
-
-    status = krb5_recvauth_match_version (context,
-					  &auth_context,
-					  &sock,
-					  kfd_match_version,
-					  NULL,
-					  server,
-					  0,
-					  NULL,
-					  &ticket);
-    if (status)
-	krb5_err(context, 1, status, "krb5_recvauth");
-
-    status = krb5_unparse_name (context,
-				ticket->client,
-				&name);
-    if (status)
-	krb5_err(context, 1, status, "krb5_unparse_name");
-
-    if(protocol_version == 0) {
-	data.data = "old clnt"; /* XXX old clients only had room for
-                                   10 bytes of message, and also
-                                   didn't show it to the user */
-	data.length = strlen(data.data) + 1;
-	krb5_write_message(context, &sock, &data);
-	sleep(2); /* XXX give client time to finish */
-	krb5_errx(context, 1, "old client; exiting");
-    }
-
-    status=krb5_read_priv_message (context, auth_context,
-				   &sock, &remotename);
-    if (status)
-	krb5_err(context, 1, status, "krb5_read_message");
-    status=krb5_read_priv_message (context, auth_context, 
-				   &sock, &tk_file);
-    if (status)
-	krb5_err(context, 1, status, "krb5_read_message");
-
-    krb5_data_zero (&data);
-
-    if(((char*)remotename.data)[remotename.length-1] != '\0')
-	krb5_errx(context, 1, "unterminated received");
-    if(((char*)tk_file.data)[tk_file.length-1] != '\0')
-	krb5_errx(context, 1, "unterminated received");
-
-    status = krb5_read_priv_message(context, auth_context, &sock, &data);
-
-    if (status) {
-	krb5_err(context, 1, errno, "krb5_read_priv_message");
-	goto out;
-    }
-
-    pwd = getpwnam ((char *)(remotename.data));
-    if (pwd == NULL) {
-	status=1;
-	krb5_warnx(context, "getpwnam: %s failed",(char *)(remotename.data));
-	goto out;
-    }
-
-    if(!krb5_kuserok (context,
-		      ticket->client,
-		      (char *)(remotename.data))) {
-	status=1;
-	krb5_warnx(context, "krb5_kuserok: permission denied");
-	goto out;
-    }
-
-    if (setgid(pwd->pw_gid) < 0) {
-	krb5_warn(context, errno, "setgid");
-	goto out;
-    }
-    if (setuid(pwd->pw_uid) < 0) {
-	krb5_warn(context, errno, "setuid");
-	goto out;
-    }
-
-    if (tk_file.length != 1)
-	snprintf (ccname, sizeof(ccname), "%s", (char *)(tk_file.data));
-    else
-	snprintf (ccname, sizeof(ccname), "FILE:/tmp/krb5cc_%lu",
-		  (unsigned long)pwd->pw_uid);
-
-    status = krb5_cc_resolve (context, ccname, &ccache);
-    if (status) {
-	krb5_warn(context, status, "krb5_cc_resolve");
-        goto out;
-    }
-    status = krb5_cc_initialize (context, ccache, ticket->client);
-    if (status) {
-	krb5_warn(context, status, "krb5_cc_initialize");
-        goto out;
-    }
-    status = krb5_rd_cred2 (context, auth_context, ccache, &data);
-    krb5_cc_close (context, ccache);
-    if (status) {
-	krb5_warn(context, status, "krb5_rd_cred");
-        goto out;
-
-    }
-    strlcpy(krb5_tkfile,ccname,sizeof(krb5_tkfile));
-    krb5_warnx(context, "%s forwarded ticket to %s,%s",
-	       name,
-	       (char *)(remotename.data),ccname);
-  out:
-    if (status) {
-	strlcpy(ret_string, "no", sizeof(ret_string));
-	krb5_warnx(context, "failed");
-    } else  {
-	strlcpy(ret_string, "ok", sizeof(ret_string));
-    }
-
-    krb5_data_free (&tk_file);
-    krb5_data_free (&remotename);
-    krb5_data_free (&data);
-    free(name);
-
-    data.data = ret_string;
-    data.length = strlen(ret_string) + 1;
-    return krb5_write_priv_message(context, auth_context, &sock, &data);
-}
-
-static int
-doit (int port, const char *service)
-{
-    if (do_inetd)
-	mini_inetd(port);
-    return proto (STDIN_FILENO, service);
-}
-
-int
-main(int argc, char **argv)
-{
-    int port;
-    int ret;
-    krb5_log_facility *fac;
-
-    setprogname (argv[0]);
-    roken_openlog (argv[0], LOG_ODELAY | LOG_PID,LOG_AUTH);
-    port = server_setup(&context, argc, argv);
-    ret = krb5_openlog(context, "kfd", &fac);
-    if(ret) krb5_err(context, 1, ret, "krb5_openlog");
-    ret = krb5_set_warn_dest(context, fac);
-    if(ret) krb5_err(context, 1, ret, "krb5_set_warn_dest");
-
-    ret = doit (port, service);
-    closelog();
-    if (ret == 0 && regpag_str != NULL)
-        ret = execl(regpag_str, "regpag", "-t", krb5_tkfile, "-r", NULL);
-    return ret;
-}
diff --git a/crypto/heimdal/appl/login/ChangeLog b/crypto/heimdal/appl/login/ChangeLog
deleted file mode 100644
index 2400808db410..000000000000
--- a/crypto/heimdal/appl/login/ChangeLog
+++ /dev/null
@@ -1,355 +0,0 @@
-2006-12-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* limits_conf.c: Clear errno before calling the strtol
-	functions. From Paul Stoeber to OpenBSD by Ray Lai and Bj�rn
-	Sandell.
-
-	* limits_conf.c: Report to syslog strings that start with NUL;
-	prevents negative index array access. Ray Lai of OpenBSD via Bj�rn
-	Sandell.
-	
-2006-10-07  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: Add man_MANS to EXTRA_DIST
-
-2006-09-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* read_string.c: try to not call signaction for signal 0 and use
-	NSIG if it exists to determin how many signals there exists, also,
-	only restore those signalhandlers that we got out.
-	
-2006-04-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* login_locl.h: Include "loginpaths.h"
-	
-	* loginpaths.h: Shared paths between login and rshd.
-	
-2006-01-09 Johan Danielsson <joda@blubb.pdc.kth.se>
-
-	* login.c: log successful logins
-	
-2005-08-08  Love H�rnquist �strand <lha@it.su.se>
-
-	* login.c (do_login): only do krb4_get_afs_tokens if we have done
-	v4 authentication or done a 5to4 conversion of tickets. This is to
-	avoid delays on a realm that only support Kerberos 5 and drop
-	Kerberos 4 requests.
-
-2005-05-10  Dave Love  <fx@gnu.org>
-
-	* login.c: Include <crypt.h>.
-
-2005-05-02  Dave Love  <fx@gnu.org>
-
-	* limits_conf.c: Check RLIMIT_MEMLOCK, not RLIMIT_LOCK.
-
-2005-04-28  Dave Love  <fx@gnu.org>
-
-	* limits_conf.c: Maybe include sys/resource.h.  Use various
-	RLIMIT_ macros conditionally.  For Solaris, Irix and Tru64.
-
-2005-04-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* login.1: document limits.conf
-	
-	* Makefile.am: limits_conf.c
-	
-	* login_locl.h: template for limits.conf
-	
-	* login.c: read limits.conf (from /etc/security by default,
-	overridable in login.conf)
-	
-	* limits_conf.c: implement a parser for limits.conf
-	
-2004-09-08  Johan Danielsson  <joda@pdc.kth.se>
-
-	* login.c: use krb5_appdefault_boolean instead of
-	krb5_config_get_bool
-
-2003-09-03  Love H�rnquist �strand <lha@it.su.se>
-
-	* login.c (krb5_to4): set client princ of the mcred
-	
-2003-07-07  Love H�rnquist �strand <lha@it.su.se>
-
-	* login.c (krb5_to4): use krb5_cc_clear_mcred
-	
-2003-03-24  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: install man pages
-
-	* login.1: manpage for login
-
-	* login.c: allow "welcome" as well as "motd" in login.conf
-
-	* login.access.5: login.access manual page
-
-2003-03-18  Love H�rnquist �strand <lha@it.su.se>
-	
-	* login.c: also need pag_set
-	* login.c: if there is kerberos 5, call krb5_afslog\*
-	
-2002-08-23  Johan Danielsson  <joda@pdc.kth.se>
-
-	* login.c: if motd is set in login.conf, output its contents
-	before starting the shell
-
-2002-02-27  Johan Danielsson  <joda@pdc.kth.se>
-
-	* login.c: reset signals to default, needed on solaris 8
-
-2002-02-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* login_locl.h: include netgroup.h and rpcsvc/ypclnt.h
-
-	* login.c: make this build without krb5
-
-2001-09-22  Assar Westerlund  <assar@sics.se>
-
-	* login_locl.h: kludge: use absolute path to find prot.h so we do
-	not get confused by athena's prot.h
-
-2001-09-17  Assar Westerlund  <assar@sics.se>
-
-	* login.c (do_login): add setpcred
-
-2001-07-06  Assar Westerlund  <assar@sics.se>
-
-	* login.c: move osf2c magic earlier.  from Mark Davies
-	<mark@MCS.VUW.AC.NZ>
-
-2001-06-19  Assar Westerlund  <assar@sics.se>
-
-	* login.c (krb5_to4): dereference result from krb5_princ_realm.
-	noted by Thomas Nystrom <thn@saeab.se>
-
-2001-06-04  Assar Westerlund  <assar@sics.se>
-
-	* update copyright messages on Wietse Venema's code.
-
-2001-05-31  Assar Westerlund  <assar@sics.se>
-
-	* login.c (krb5_to4): look for [realms]<realm>krb4_get_tickets to
-	decide whether to get kerberos 4 tickets
-
-2001-02-08  Assar Westerlund  <assar@sics.se>
-
-	* utmp_login.c, utmpx_login.c: try to write a useful string as
-	host in utmp, using the same algoritm as telnetd
-
-2001-01-29  Assar Westerlund  <assar@sics.se>
-
-	* login.c: remove some krb5_free_context that might happen at
-	unappropriate times
-
-2000-12-31  Assar Westerlund  <assar@sics.se>
-
-	* login.c (main): handle krb5_init_context failure consistently
-
-2000-12-11  Assar Westerlund  <assar@sics.se>
-
-	* login.c (do_login): set the group on the tty.
-	(r_flag): comment out
-	* login.c (krb5_to4): always return a value
-
-2000-10-15  Assar Westerlund  <assar@sics.se>
-
-	* login.c (krb5_to4): check another return code
-
-2000-08-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* login.c (do_login): set PATH to something sane;
-	(start_logout_process): avoid getting signals sent to the parent
-
-	* login_locl.h: _PATH_DEFPATH
-
-2000-07-01  Assar Westerlund  <assar@sics.se>
-
-	* login.c (login_timeout): add back
-
-2000-06-28  Johan Danielsson  <joda@pdc.kth.se>
-
-	* env.c: new file for environment related functions
-
-	* login.c: move environment stuff to separate file, allow
-	specifying list of environment files via login.conf
-
-2000-06-21  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (LDADD): add otp
-	* login.c: add reading of /etc/environment.  From Ake Sandgren
-	<ake@cs.umu.se>
-	add otp support. From Daniel Kouril <kouril@ics.muni.cz>
-
-2000-06-09  Assar Westerlund  <assar@sics.se>
-
-	* login.c (do_login): work-around for setuid and capabilities bug
-	fixed in Linux 2.2.16
-
-2000-04-09  Assar Westerlund  <assar@sics.se>
-
-	* login.c: allow conversion of v5 -> v4 tickets when logging in
-	with forwarded tickets
-
-1999-11-09  Johan Danielsson  <joda@pdc.kth.se>
-
-	* conf.c: remove case for not having cgetent, since it's in roken
-
-1999-11-05  Assar Westerlund  <assar@sics.se>
-
-	* login.c (do_login): conditionalize shadow stuff on getspnam
-
-1999-10-30  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (login_DEPENDENCIES): remove, it's not entirely
- 	correct and was causing problems with non-GNU make
-
-1999-10-28  Assar Westerlund  <assar@sics.se>
-
-	* login.c (start_logout_proceess): don't examine `prog' before
- 	setting it.
-
-1999-10-27  Assar Westerlund  <assar@sics.se>
-
-	* login.c (do_login): chown and chmod the tty.  some clean-up.
-
-1999-10-03  Assar Westerlund  <assar@sics.se>
-
-	* login.c (krb5_start_session): correct the ccache to
- 	krb524_convert_creds_kdc
-
-1999-09-28  Assar Westerlund  <assar@sics.se>
-
-	* login.c (krb5_verify): use krb5_verify_user_lrealm
-
-1999-09-01  Johan Danielsson  <joda@pdc.kth.se>
-
-	* login.c: SGI capability mumbo-jumbo
-
-1999-08-09  Johan Danielsson  <joda@pdc.kth.se>
-
-	* login.c (start_logout_process): call setproctitle
-
-	* login_locl.h: declare struct spwd
-
-	* login.c: add support for starting extra processes at login and
-	logout; always preserve TERM and TZ
-
-	* conf.c: add configuration file support
-
-1999-08-07  Assar Westerlund  <assar@sics.se>
-
-	* shadow.c (check_shadow): check for a NULL sp
-
-1999-08-05  Assar Westerlund  <assar@sics.se>
-
-	* login.c (main): move down login incorrect to disallow account
- 	guessing
-
-1999-08-04  Assar Westerlund  <assar@sics.se>
-
-	* utmpx_login.c (utmpx_login): fix for Solaris.  From Miroslav
- 	Ruda <ruda@ics.muni.cz>
-
-	* login_locl.h: add <shadow.h> and some prototypes
-
-	* login.c: fixes with v4 and shadow support.  From Miroslav Ruda
- 	<ruda@ics.muni.cz>
-
-	* shadow.c: new file with functions for handling shadow passwords
-
-	* Makefile.am: add shadow
-
-1999-07-22  Assar Westerlund  <assar@sics.se>
-
-	* login.c (main): generate a better tty name
-
-1999-05-25  Johan Danielsson  <joda@pdc.kth.se>
-
-	* login.c (do_login): set $SHELL
-
-1999-05-18  Assar Westerlund  <assar@sics.se>
-
-	* add login-access
-
-1999-05-11  Assar Westerlund  <assar@sics.se>
-
-	* login.c: copy the v5 ccache to a file after having done setuid
-
-1999-05-09  Assar Westerlund  <assar@sics.se>
-
-	* login.c (krb5_verify): check seteuid for errors
-	
-Mon Apr 19 22:30:55 1999  Assar Westerlund  <assar@sics.se>
-
-	* login.c: conditionalize the kafs calls on KRB4
-
-	* Makefile.am (LDADD): add kafs
-
-	* login.c: add support for getting afs tokens with v4 and v5
-
-Sun Apr 18 14:12:28 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* login.c: check _PATH_NOLOGIN
-
-	* login_locl.h: _PATH_NOLOGIN
-
-1999-04-11  Assar Westerlund  <assar@sics.se>
-
-	* login.c (main): use print_version
-
-Thu Apr  8 15:03:55 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* login.c: remove definition of KRB_VERIFY_USER et.al. (moved to
- 	config.h)
-
-	* login_locl.h: include udb.h, sys/resource.h, and sys/category.h
-
-Sat Mar 27 17:58:37 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: osfc2.c
-
-	* login.c: magic for OSF C2, and Crays
-
-	* login_locl.h: do_osfc2_magic proto
-
-	* osfc2.c: bsd_locl -> login_locl
-
-	* osfc2.c: OSF C2 magic
-
-Tue Mar 23 14:17:40 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* login_locl.h: _PATH_UTMP
-
-Sun Mar 21 15:02:31 1999  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* login.c: `-h' is host, not help
-
-Sat Mar 20 00:11:13 1999  Assar Westerlund  <assar@sics.se>
-
-	* login_locl.h: krb.h: add
-
-	* login.c: static-size
-	(krb4_verify): add
-
-Thu Mar 18 11:36:10 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: include Makefile.am.common
-
-Thu Mar 11 17:53:36 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* utmpx_login.c: add some consts
-
-	* utmp_login.c: add some consts
-
-	* login.c: staticize
-
-	* login_locl.h: add prototypes, and defaults for
- 	_PATH_*
-
-Mon Mar  1 10:49:14 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* utmpx_login.c: HAVE_UT_* -> HAVE_STRUCT_UTMP*_UT_*
-
-	* utmp_login.c: HAVE_UT_* -> HAVE_STRUCT_UTMP*_UT_*
-
diff --git a/crypto/heimdal/appl/login/Makefile.am b/crypto/heimdal/appl/login/Makefile.am
deleted file mode 100644
index b7c9f93010ab..000000000000
--- a/crypto/heimdal/appl/login/Makefile.am
+++ /dev/null
@@ -1,43 +0,0 @@
-# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-AM_CPPFLAGS += $(INCLUDE_krb4)
-
-man_MANS = login.1 login.access.5
-
-bin_PROGRAMS = login
-
-login_SOURCES =					\
-		conf.c				\
-		env.c				\
-		login.c				\
-		login_access.c			\
-		login_locl.h			\
-		login_protos.h			\
-		loginpaths.h			\
-		limits_conf.c			\
-		osfc2.c				\
-		read_string.c			\
-		shadow.c			\
-		stty_default.c			\
-		tty.c				\
-		utmp_login.c			\
-		utmpx_login.c
-
-LDADD = $(LIB_otp) \
-	$(LIB_kafs) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_krb4) \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken) \
-	$(LIB_security) \
-	$(DBLIB)
-
-$(srcdir)/login_protos.h:
-	cd $(srcdir); perl ../../cf/make-proto.pl -o login_protos.h -q -P comment $(login_SOURCES) || rm -f login_protos.h
-
-$(login_OBJECTS): $(srcdir)/login_protos.h
-
-EXTRA_DIST = $(man_MANS)
diff --git a/crypto/heimdal/appl/login/Makefile.in b/crypto/heimdal/appl/login/Makefile.in
deleted file mode 100644
index faa632ab8cf5..000000000000
--- a/crypto/heimdal/appl/login/Makefile.in
+++ /dev/null
@@ -1,915 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common ChangeLog
-bin_PROGRAMS = login$(EXEEXT)
-subdir = appl/login
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)" \
-	"$(DESTDIR)$(man5dir)"
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-PROGRAMS = $(bin_PROGRAMS)
-am_login_OBJECTS = conf.$(OBJEXT) env.$(OBJEXT) login.$(OBJEXT) \
-	login_access.$(OBJEXT) limits_conf.$(OBJEXT) osfc2.$(OBJEXT) \
-	read_string.$(OBJEXT) shadow.$(OBJEXT) stty_default.$(OBJEXT) \
-	tty.$(OBJEXT) utmp_login.$(OBJEXT) utmpx_login.$(OBJEXT)
-login_OBJECTS = $(am_login_OBJECTS)
-login_LDADD = $(LDADD)
-am__DEPENDENCIES_1 =
-am__DEPENDENCIES_2 = $(top_builddir)/lib/kafs/libkafs.la \
-	$(am__DEPENDENCIES_1)
-login_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \
-	$(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-SOURCES = $(login_SOURCES)
-DIST_SOURCES = $(login_SOURCES)
-man1dir = $(mandir)/man1
-man5dir = $(mandir)/man5
-MANS = $(man_MANS)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
-	$(INCLUDE_krb4)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-man_MANS = login.1 login.access.5
-login_SOURCES = \
-		conf.c				\
-		env.c				\
-		login.c				\
-		login_access.c			\
-		login_locl.h			\
-		login_protos.h			\
-		loginpaths.h			\
-		limits_conf.c			\
-		osfc2.c				\
-		read_string.c			\
-		shadow.c			\
-		stty_default.c			\
-		tty.c				\
-		utmp_login.c			\
-		utmpx_login.c
-
-LDADD = $(LIB_otp) \
-	$(LIB_kafs) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_krb4) \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken) \
-	$(LIB_security) \
-	$(DBLIB)
-
-EXTRA_DIST = $(man_MANS)
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps appl/login/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps appl/login/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(bindir)/$$f"; \
-	done
-
-clean-binPROGRAMS:
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-login$(EXEEXT): $(login_OBJECTS) $(login_DEPENDENCIES) 
-	@rm -f login$(EXEEXT)
-	$(LINK) $(login_OBJECTS) $(login_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-man1: $(man1_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)"
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    1*) ;; \
-	    *) ext='1' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \
-	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \
-	done
-uninstall-man1:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    1*) ;; \
-	    *) ext='1' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \
-	  rm -f "$(DESTDIR)$(man1dir)/$$inst"; \
-	done
-install-man5: $(man5_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)"
-	@list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.5*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    5*) ;; \
-	    *) ext='5' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \
-	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst"; \
-	done
-uninstall-man5:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.5*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    5*) ;; \
-	    *) ext='5' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f '$(DESTDIR)$(man5dir)/$$inst'"; \
-	  rm -f "$(DESTDIR)$(man5dir)/$$inst"; \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-installdirs:
-	for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man5dir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am: install-binPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man: install-man1 install-man5
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-binPROGRAMS uninstall-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-uninstall-man: uninstall-man1 uninstall-man5
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
-	clean clean-binPROGRAMS clean-generic clean-libtool ctags \
-	dist-hook distclean distclean-compile distclean-generic \
-	distclean-libtool distclean-tags distdir dvi dvi-am html \
-	html-am info info-am install install-am install-binPROGRAMS \
-	install-data install-data-am install-data-hook install-dvi \
-	install-dvi-am install-exec install-exec-am install-exec-hook \
-	install-html install-html-am install-info install-info-am \
-	install-man install-man1 install-man5 install-pdf \
-	install-pdf-am install-ps install-ps-am install-strip \
-	installcheck installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-binPROGRAMS \
-	uninstall-hook uninstall-man uninstall-man1 uninstall-man5
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-$(srcdir)/login_protos.h:
-	cd $(srcdir); perl ../../cf/make-proto.pl -o login_protos.h -q -P comment $(login_SOURCES) || rm -f login_protos.h
-
-$(login_OBJECTS): $(srcdir)/login_protos.h
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/login/conf.c b/crypto/heimdal/appl/login/conf.c
deleted file mode 100644
index 81a3c744023c..000000000000
--- a/crypto/heimdal/appl/login/conf.c
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (c) 1999 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "login_locl.h"
-
-RCSID("$Id: conf.c 8302 2000-05-29 16:52:24Z assar $");
-
-static char *confbuf;
-
-static int
-login_conf_init(void)
-{
-    char *files[] = { _PATH_LOGIN_CONF, NULL };
-    return cgetent(&confbuf, files, "default");
-}
-
-char *
-login_conf_get_string(const char *str)
-{
-    char *value;
-    if(login_conf_init() != 0)
-	return NULL;
-    if(cgetstr(confbuf, (char *)str, &value) < 0)
-	return NULL;
-    return value;
-}
diff --git a/crypto/heimdal/appl/login/env.c b/crypto/heimdal/appl/login/env.c
deleted file mode 100644
index e1b33ba23663..000000000000
--- a/crypto/heimdal/appl/login/env.c
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- * Copyright (c) 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "login_locl.h"
-RCSID("$Id: env.c 8476 2000-06-28 12:27:38Z joda $");
-
-/*
- * the environment we will send to execle and the shell.
- */
-
-char **env;
-int num_env;
-
-void
-extend_env(char *str)
-{
-    env = realloc(env, (num_env + 1) * sizeof(*env));
-    if(env == NULL)
-	errx(1, "Out of memory!");
-    env[num_env++] = str;
-}
-
-void
-add_env(const char *var, const char *value)
-{
-    int i;
-    char *str;
-    asprintf(&str, "%s=%s", var, value);
-    if(str == NULL)
-	errx(1, "Out of memory!");
-    for(i = 0; i < num_env; i++)
-	if(strncmp(env[i], var, strlen(var)) == 0 && 
-	   env[i][strlen(var)] == '='){
-	    free(env[i]);
-	    env[i] = str;
-	    return;
-	}
-    
-    extend_env(str);
-}
-
-void
-copy_env(void)
-{
-    char **p;
-    for(p = environ; *p; p++)
-	extend_env(*p);
-}
-
-int
-login_read_env(const char *file)
-{
-    char **newenv;
-    char *p;
-    int i, j;
-    
-    newenv = NULL;
-    i = read_environment(file, &newenv);
-    for (j = 0; j < i; j++) {
-	p = strchr(newenv[j], '=');
-	*p++ = 0;
-	add_env(newenv[j], p);
-	*--p = '=';
-	free(newenv[j]);
-    }
-    free(newenv);
-    return 0;
-}
diff --git a/crypto/heimdal/appl/login/limits_conf.c b/crypto/heimdal/appl/login/limits_conf.c
deleted file mode 100644
index ac9837f1406b..000000000000
--- a/crypto/heimdal/appl/login/limits_conf.c
+++ /dev/null
@@ -1,214 +0,0 @@
-/*
- * Copyright (c) 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "login_locl.h"
-
-RCSID("$Id: limits_conf.c 19215 2006-12-04 23:41:18Z lha $");
-
-#include <errno.h>
-#include <limits.h>
-#ifdef HAVE_SYS_RESOURCE_H
-#include <sys/resource.h>
-#endif
-
-struct limit {
-    const char *name;
-    int resource;
-    int scale;
-    int has_limit;
-    struct rlimit limit;
-} limits[] = {
-#define LIM(X, S) { #X, RLIMIT_##X, S, 0 }
-    LIM(CORE, 1024),
-    LIM(CPU, 60),
-    LIM(DATA, 1024),
-    LIM(FSIZE, 1024),
-#ifdef RLIMIT_MEMLOCK
-    LIM(MEMLOCK, 1024),
-#endif
-    LIM(NOFILE, 1),
-#ifdef RLIMIT_NPROC
-    LIM(NPROC, 1),
-#endif
-#ifdef RLIMIT_RSS
-    LIM(RSS, 1024),
-#endif
-    LIM(STACK, 1024),
-
-#ifdef RLIMIT_AS
-    LIM(AS, 1024),
-#endif
-#ifdef RLIMIT_LOCKS
-    LIM(LOCKS, 1),
-#endif
-    /*
-      maxlogins
-      priority
-    */
-    { NULL, 0 }
-};
-
-static struct limit *
-find_limit(const char *name)
-{
-    struct limit *l;
-    for(l = limits; l->name != NULL; l++)
-	if(strcasecmp(name, l->name) == 0)
-	    return l;
-    return NULL;
-}
-
-/* this function reads limits.conf files similar to pam_limits
-   unimplemented features include:
-   	% maxlogins
-	"-" no limits, 
-	priorities etc that are not set via setrlimit
-   XXX uses static storage, and clobbers getgr*
-*/
-
-int
-read_limits_conf(const char *file, const struct passwd *pwd)
-{
-    FILE *f;
-    char *args[4];
-    int lineno = 0;
-    char buf[1024];
-    struct limit *l;
-    rlim_t value;
-
-    f = fopen(file, "r");
-    if(f == NULL) {
-	if(errno != ENOENT && errno != ENOTDIR)
-	    syslog(LOG_ERR, "%s: %m", file);
-	return -1;
-    }
-
-    while(fgets(buf, sizeof(buf), f) != NULL) {
-	char *last = NULL;
-	char *end = NULL;
-	int level;
-
-	lineno++;
-
-	if(buf[0] == '\0') {
-	    syslog(LOG_ERR, "%s: line %d: NUL character", file, lineno);
-	    continue;
-	}
-	if(buf[strlen(buf) - 1] != '\n') {
-	    /* file did not end with a newline, figure out if we're at
-               the EOF, or if our buffer was too small */
-	    int eof = 1;
-	    int c;
-	    while((c = fgetc(f)) != EOF) {
-		eof = 0;
-		if(c == '\n') 
-		    break;
-	    }
-	    if(!eof) {
-		syslog(LOG_ERR, "%s: line %d: line too long", file, lineno);
-		continue;
-	    }
-	}
-	buf[strcspn(buf, "#\r\n")] = '\0';
-	if((args[0] = strtok_r(buf, " \t", &last)) == NULL ||
-	   (args[1] = strtok_r(NULL, " \t", &last)) == NULL ||
-	   (args[2] = strtok_r(NULL, " \t", &last)) == NULL ||
-	   (args[3] = strtok_r(NULL, " \t", &last)) == NULL) {
-	    if(args[0] != NULL) /* this would include comment lines */
-		syslog(LOG_ERR, "%s: line %d: malformed line", file, lineno);
-	    continue;
-	}
-
-	l = find_limit(args[2]);
-	if(l == NULL) {
-	    syslog(LOG_ERR, "%s: line %d: unknown limit %s", file, lineno, args[2]);
-	    continue;
-	}
-	if(strcmp(args[3], "-") == 0) {
-	    value = RLIM_INFINITY;
-	} else {
-	    errno = 0;
-	    value = strtol(args[3], &end, 10);
-	    if(*end != '\0') {
-		syslog(LOG_ERR, "%s: line %d: bad value %s", file, lineno, args[3]);
-		continue;
-	    }
-	    if((value == LONG_MIN || value == LONG_MAX) && errno == ERANGE) {
-		syslog(LOG_ERR, "%s: line %d: bad value %s", file, lineno, args[3]);
-		continue;
-	    }
-	    if(value * l->scale < value)
-		value = RLIM_INFINITY;
-	    else
-		value *= l->scale;
-	}
-	level = 0;
-	/* XXX unclear: if you set group hard and user soft limit,
-           should the hard limit still apply? this code doesn't. */
-	if(strcmp(args[0], pwd->pw_name) == 0)
-	    level = 3;
-	if(*args[0] == '@') {
-	    struct group *gr;
-	    gr = getgrnam(args[0] + 1);
-	    if(gr != NULL && gr->gr_gid == pwd->pw_gid)
-		level = 2;
-	}
-	if(strcmp(args[0], "*") == 0)
-	    level = 1;
-	if(level == 0 || level < l->has_limit) /* not for us */
-	    continue;
-	if(l->has_limit < level) {
-	    if(getrlimit(l->resource, &l->limit) < 0)
-		continue;
-	    l->has_limit = level;
-	}
-	
-	/* XXX unclear: if you soft to more than default hard, should
-           we set hard to soft? this code doesn't. */
-	if(strcasecmp(args[1], "soft") == 0 || strcmp(args[1], "-") == 0)
-	    l->limit.rlim_cur = value;
-	if(strcasecmp(args[1], "hard") == 0 || strcmp(args[1], "-") == 0) 
-	    l->limit.rlim_max = value;
-    }
-    fclose(f);
-    for(l = limits; l->name != NULL; l++) {
-	if(l->has_limit) {
-	    if(l->limit.rlim_cur > l->limit.rlim_max)
-		l->limit.rlim_cur = l->limit.rlim_max;
-	    if(setrlimit(l->resource, &l->limit) != 0)
-		syslog(LOG_ERR, "setrlimit RLIM_%s failed: %m", l->name);
-	}
-	l->has_limit = 0;
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/appl/login/login.1 b/crypto/heimdal/appl/login/login.1
deleted file mode 100644
index 1ae4f3e5a147..000000000000
--- a/crypto/heimdal/appl/login/login.1
+++ /dev/null
@@ -1,253 +0,0 @@
-.\" $Id: login.1 14891 2005-04-22 15:49:25Z joda $
-.\" 
-.Dd April 22, 2005
-.Dt LOGIN 1
-.Os HEIMDAL
-.Sh NAME
-.Nm login
-.Nd
-authenticate a user and start new session
-.Sh SYNOPSIS
-.Nm
-.Op Fl fp
-.Op Fl a Ar level
-.Op Fl h Ar hostname
-.Ar [username]
-.Sh DESCRIPTION
-This manual page documents  the 
-.Nm login 
-program distributed with the Heimdal Kerberos 5 implementation, it may
-differ in important ways from your system version.
-.Pp
-The
-.Nm login
-programs logs users into the system. It is intended to be run by
-system daemons like
-.Xr getty 8 
-or
-.Xr telnetd 8 .
-If you are already logged in, but want to change to another user, you
-should use
-.Xr su 1 .
-.Pp
-A username can be given on the command line, else one will be prompted
-for.
-.Pp
-A password is required to login, unless the 
-.Fl f
-option is given (indicating that the calling program has already done
-proper authentication). With
-.Fl f
-the user will be logged in without further questions. 
-.Pp
-For password authentication Kerberos 5, Kerberos 4 (if compiled in),
-OTP (if compiled in) and local
-.No ( Pa /etc/passwd ) 
-passwords are supported. OTP will be used if the the user is
-registered to use it, and
-.Nm login
-is given the option
-.Fl a Li otp .
-When using OTP, a challenge is shown to the user.
-.Pp
-Further options are:
-.Bl -tag -width Ds
-.It Fl a Ar string
-Which authentication mode to use, the only supported value is
-currently
-.Dq otp .
-.It Fl f
-Indicates that the user is already authenticated. This happens, for
-instance, when login is started by telnetd, and the user has proved
-authentic via Kerberos.
-.It Fl h Ar hostname
-Indicates which host the user is logging in from. This is passed from
-telnetd, and is entered into the login database.
-.It Fl p
-This tells
-.Nm login
-to preserve all environment variables. If not given, only the
-.Dv TERM
-and
-.Dv TZ
-variables are preserved. It could be a security risk to pass random
-variables to 
-.Nm login
-or the user shell, so the calling daemon should make sure it only
-passes
-.Dq safe
-variables.
-.El
-.Pp
-The process of logging user in proceeds as follows.
-.Pp
-First a check is made that logins are allowed at all. This usually
-means checking
-.Pa /etc/nologin .
-If it exists, and the user trying to login is not root, the contents
-is printed, and then login exits.
-.Pp
-Then various system parameters are set up, like changing the owner of
-the tty to the user, setting up signals, setting the group list, and
-user and group id. Also various machine specific tasks are performed.
-.Pp
-Next 
-.Nm login
-changes to the users home directory, or if that fails, to 
-.Pa / .
-The environment is setup, by adding some required variables (such as
-.Dv PATH ) , 
-and also authentication related ones (such as
-.Dv KRB5CCNAME ) .
-If an environment file exists
-.No ( Pa /etc/environment ) ,
-variables are set according to
-it.
-.Pp
-If one or more login message files are configured, their contents is
-printed to the terminal.
-.Pp
-If a login time command is configured, it is executed. A logout time
-command can also be configured, which makes 
-.Nm login
-fork, and wait for the user shell to exit, and then run the command.
-This can be used to clean up user credentials.
-.Pp
-Finally, the user's shell is executed. If the user logging in is root,
-and root's login shell does not exist, a default shell (usually 
-.Pa /bin/sh )
-is also tried before giving up.
-.Sh ENVIRONMENT
-These environment variables are set by login (not including ones set by 
-.Pa /etc/environment ) :
-.Pp
-.Bl -tag -compact -width USERXXLOGNAME
-.It Dv PATH
-the default system path
-.It Dv HOME
-the user's home directory (or possibly 
-.Pa / )
-.It Dv USER , Dv LOGNAME
-both set to the username
-.It Dv SHELL
-the user's shell
-.It Dv TERM , Dv TZ
-set to whatever is passed to 
-.Nm login
-.It Dv KRB5CCNAME
-if the password is verified via Kerberos 5, this will point to the
-credentials cache file
-.It Dv KRBTKFILE
-if the password is verified via Kerberos 4, this will point to the
-ticket file
-.El
-.Sh FILES
-.Bl -tag -compact -width Ds
-.It Pa /etc/environment
-Contains a set of environment variables that should be set in addition
-to the ones above. It should contain sh-style assignments like 
-.Dq VARIABLE=value .
-Note that they are not parsed the way a shell would. No variable
-expansion is performed, and all strings are literal, and quotation
-marks should not be used. Everything after a hash mark is considered a
-comment. The following are all different (the last will set the
-variable
-.Dv BAR ,
-not
-.Dv FOO ) .
-.Bd -literal -offset indent
-FOO=this is a string
-FOO="this is a string"
-BAR= FOO='this is a string'
-.Ed
-.It Pa /etc/login.access
-See 
-.Xr login.access 5 .
-.It Pa /etc/login.conf
-This is a termcap style configuration file, that contains various
-settings used by
-.Nm login .
-Currently only the
-.Dq default
-capability record is used. The possible capability strings include:
-.Pp
-.Bl -tag -compact -width Ds
-.It Li environment
-This is a comma separated list of environment files that are read in
-the order specified. If this is missing the default
-.Pa /etc/environment
-is used.
-.It Li login_program
-This program will be executed just before the user's shell is started.
-It will be called without arguments.
-.It Li logout_program
-This program will be executed just after the user's shell has
-terminated. It will be called without arguments. This program will be
-the parent process of the spawned shell.
-.It Li motd
-A comma separated list of text files that will be printed to the
-user's terminal before starting the shell. The string
-.Li welcome
-works similarly, but points to a single file.
-.It Li limits
-Points to a file containing ulimit settings for various users. Syntax
-is inspired by what pam_limits uses, and the default is
-.Pa /etc/security/limits.conf .
-.El
-.It Pa /etc/nologin
-If it exists, login is denied to all but root. The contents of this
-file is printed before login exits.
-.El
-.Pp
-Other
-.Nm login
-programs typically print all sorts of information by default, such as
-last time you logged in, if you have mail, and system message files.
-This version of
-.Nm login
-does not, so there is no reason for 
-.Pa .hushlogin
-files or similar. We feel that these tasks are best left to the user's
-shell, but the 
-.Li login_program
-facility allows for a shell independent solution, if that is desired.
-.Sh EXAMPLES
-A 
-.Pa login.conf
-file could look like:
-.Bd -literal -offset indent
-default:\\
-	:motd=/etc/motd,/etc/motd.local:\\
-	:limits=/etc/limits.conf:
-.Ed
-.Pp
-The
-.Pa limits.conf
-file consists of a table with four whitespace separated fields. First
-field is a username or a groupname (prefixed with
-.Sq @ ) , 
-or 
-.Sq * .
-Second field is
-.Sq soft ,
-.Sq hard ,
-or
-.Sq -
-(the last meaning both soft and hard).
-Third field is a limit name (such as
-.Sq cpu 
-or 
-.Sq core ) .
-Last field is the limit value (a number or
-.Sq - 
-for unlimited). In the case of data sizes, the value is in kilobytes,
-and cputime is in minutes.
-.Sh SEE ALSO
-.Xr su 1 ,
-.Xr login.access 5 ,
-.Xr getty 8 ,
-.Xr telnetd 8
-.Sh AUTHORS
-This login program was written for the Heimdal Kerberos 5
-implementation. The login.access code was written by Wietse Venema.
-.\".Sh BUGS
diff --git a/crypto/heimdal/appl/login/login.access.5 b/crypto/heimdal/appl/login/login.access.5
deleted file mode 100644
index 23290beb9cf6..000000000000
--- a/crypto/heimdal/appl/login/login.access.5
+++ /dev/null
@@ -1,56 +0,0 @@
-.\" $Id: login.access.5 11902 2003-03-24 15:49:30Z joda $
-.\" 
-.Dd March 21, 2003
-.Dt LOGIN.ACCESS 5
-.Os HEIMDAL
-.Sh NAME
-.Nm login.access
-.Nd
-login access control table
-.Sh DESCRIPTION
-The
-.Nm login.access
-file specifies on which ttys or from which hosts certain users are
-allowed to login.
-.Pp
-At login, the
-.Pa /etc/login.access 
-file is checked for the first entry that matches a specific user/host
-or user/tty combination. That entry can either allow or deny login
-access to that user.
-.Pp
-Each entry have three fields separated by colon:
-.Bl -bullet
-.It
-The first field indicates the permission given if the entry matches.
-It can be either
-.Dq +
-(allow access)
-or
-.Dq -
-(deny access) .
-.It
-The second field is a comma separated list of users or groups for
-which the current entry applies. NIS netgroups can used (if
-configured) if preceeded by @. The magic string ALL matches all users.
-A group will match if the user is a member of that group, or it is the
-user's primary group.
-.It
-The third field is a list of ttys, or network names. A network name
-can be either a hostname, a domain (indicated by a starting period),
-or a netgroup. As with the user list, ALL matches anything. LOCAL
-matches a string not containing a period.
-.El
-.Pp
-If the string EXCEPT is found in either the user or from list, the
-rest of the list are exceptions to the list before EXCEPT.
-.Sh BUGS
-If there's a user and a group with the same name, there is no way to
-make the group match if the user also matches.
-.Sh SEE ALSO
-.Xr login 1
-.Sh AUTHORS
-The
-.Fn login_access
-function was written by 
-Wietse Venema. This manual page was written for Heimdal.
diff --git a/crypto/heimdal/appl/login/login.c b/crypto/heimdal/appl/login/login.c
deleted file mode 100644
index cc41097133bd..000000000000
--- a/crypto/heimdal/appl/login/login.c
+++ /dev/null
@@ -1,887 +0,0 @@
-/*
- * Copyright (c) 1997 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "login_locl.h"
-#ifdef HAVE_CAPABILITY_H
-#include <capability.h>
-#endif
-#ifdef HAVE_SYS_CAPABILITY_H
-#include <sys/capability.h>
-#endif
-#ifdef HAVE_CRYPT_H
-#include <crypt.h>
-#endif
-
-RCSID("$Id: login.c 16498 2006-01-09 16:26:25Z joda $");
-
-static int login_timeout = 60;
-
-static int
-start_login_process(void)
-{
-    char *prog, *argv0;
-    prog = login_conf_get_string("login_program");
-    if(prog == NULL)
-	return 0;
-    argv0 = strrchr(prog, '/');
-
-    if(argv0)
-	argv0++;
-    else
-	argv0 = prog;
-
-    return simple_execle(prog, argv0, NULL, env);
-}
-
-static int
-start_logout_process(void)
-{
-    char *prog, *argv0;
-    pid_t pid;
-
-    prog = login_conf_get_string("logout_program");
-    if(prog == NULL)
-	return 0;
-    argv0 = strrchr(prog, '/');
-
-    if(argv0)
-	argv0++;
-    else
-	argv0 = prog;
-
-    pid = fork();
-    if(pid == 0) {
-	/* avoid getting signals sent to the shell */
-	setpgid(0, getpid());
-	return 0;
-    }
-    if(pid == -1)
-	err(1, "fork");
-    /* wait for the real login process to exit */
-#ifdef HAVE_SETPROCTITLE
-    setproctitle("waitpid %d", pid);
-#endif
-    while(1) {
-	int status;
-	int ret;
-	ret = waitpid(pid, &status, 0);
-	if(ret > 0) {
-	    if(WIFEXITED(status) || WIFSIGNALED(status)) {
-		execle(prog, argv0, NULL, env);
-		err(1, "exec %s", prog);
-	    }
-	} else if(ret < 0) 
-	    err(1, "waitpid");
-    }
-}
-
-static void
-exec_shell(const char *shell, int fallback)
-{
-    char *sh;
-    const char *p;
-    
-    extend_env(NULL);
-    if(start_login_process() < 0)
-	warn("login process");
-    start_logout_process();
-
-    p = strrchr(shell, '/');
-    if(p)
-	p++;
-    else
-	p = shell;
-    if (asprintf(&sh, "-%s", p) == -1)
-	errx(1, "Out of memory");
-    execle(shell, sh, NULL, env);
-    if(fallback){
-	warnx("Can't exec %s, trying %s", 
-	      shell, _PATH_BSHELL);
-	execle(_PATH_BSHELL, "-sh", NULL, env);
-	err(1, "%s", _PATH_BSHELL);
-    }
-    err(1, "%s", shell);
-}
-
-static enum { NONE = 0, AUTH_KRB4 = 1, AUTH_KRB5 = 2, AUTH_OTP = 3 } auth;
-
-#ifdef KRB4
-static krb5_boolean get_v4_tgt = FALSE;
-#endif
-
-#ifdef OTP
-static OtpContext otp_ctx;
-
-static int
-otp_verify(struct passwd *pwd, const char *password)
-{
-   return (otp_verify_user (&otp_ctx, password));
-}
-#endif /* OTP */
-
-
-static int pag_set = 0;
-
-#ifdef KRB5
-static krb5_context context;
-static krb5_ccache  id, id2;
-
-static int
-krb5_verify(struct passwd *pwd, const char *password)
-{
-    krb5_error_code ret;
-    krb5_principal princ;
-
-    ret = krb5_parse_name(context, pwd->pw_name, &princ);
-    if(ret)
-	return 1;
-    ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &id);
-    if(ret) {
-	krb5_free_principal(context, princ);
-	return 1;
-    }
-    ret = krb5_verify_user_lrealm(context,
-				  princ, 
-				  id,
-				  password, 
-				  1,
-				  NULL);
-    krb5_free_principal(context, princ);
-    return ret;
-}
-
-#ifdef KRB4
-static krb5_error_code
-krb5_to4 (krb5_ccache id)
-{
-    krb5_error_code ret;
-    krb5_principal princ;
-
-    ret = krb5_cc_get_principal(context, id, &princ);
-    if(ret == 0) {
-	krb5_appdefault_boolean(context, "login", 
-				krb5_principal_get_realm(context, princ), 
-				"krb4_get_tickets", FALSE, &get_v4_tgt);
-	krb5_free_principal(context, princ);
-    } else {
-	krb5_realm realm = NULL;
-	krb5_get_default_realm(context, &realm);
-	krb5_appdefault_boolean(context, "login", 
-				realm, 
-				"krb4_get_tickets", FALSE, &get_v4_tgt);
-	free(realm);
-    }
-
-    if (get_v4_tgt) {
-        CREDENTIALS c;
-        krb5_creds mcred, cred;
-        char krb4tkfile[MAXPATHLEN];
-	krb5_error_code ret;
-	krb5_principal princ;
-
-	krb5_cc_clear_mcred(&mcred);
-
-	ret = krb5_cc_get_principal (context, id, &princ);
-	if (ret)
-	    return ret;
-
-	ret = krb5_make_principal(context, &mcred.server,
-				  princ->realm,
-				  "krbtgt",
-				  princ->realm,
-				  NULL);
-	if (ret) {
-	    krb5_free_principal(context, princ);
-	    return ret;
-	}
-	mcred.client = princ;
-
-	ret = krb5_cc_retrieve_cred(context, id, 0, &mcred, &cred);
-	if(ret == 0) {
-	    ret = krb524_convert_creds_kdc_ccache(context, id, &cred, &c);
-	    if(ret == 0) {
-		snprintf(krb4tkfile,sizeof(krb4tkfile),"%s%d",TKT_ROOT,
-			 getuid());
-		krb_set_tkt_string(krb4tkfile);
-		tf_setup(&c, c.pname, c.pinst);
-	    }
-	    memset(&c, 0, sizeof(c));
-	    krb5_free_cred_contents(context, &cred);
-	}
-	if (ret != 0)
-	    get_v4_tgt = FALSE;
-	krb5_free_principal(context, mcred.server);
-	krb5_free_principal(context, mcred.client);
-    }
-    return 0;
-}
-#endif /* KRB4 */
-
-static int
-krb5_start_session (const struct passwd *pwd)
-{
-    krb5_error_code ret;
-    char residual[64];
-
-    /* copy credentials to file cache */
-    snprintf(residual, sizeof(residual), "FILE:/tmp/krb5cc_%u", 
-	     (unsigned)pwd->pw_uid);
-    krb5_cc_resolve(context, residual, &id2);
-    ret = krb5_cc_copy_cache(context, id, id2);
-    if (ret == 0)
-	add_env("KRB5CCNAME", residual);
-    else {
-	krb5_cc_destroy (context, id2);
-	return ret;
-    }
-#ifdef KRB4
-    krb5_to4 (id2);
-#endif
-    krb5_cc_close(context, id2);
-    krb5_cc_destroy(context, id);
-    return 0;
-}
-
-static void
-krb5_finish (void)
-{
-    krb5_free_context(context);
-}
-
-static void
-krb5_get_afs_tokens (const struct passwd *pwd)
-{
-    char cell[64];
-    char *pw_dir;
-    krb5_error_code ret;
-
-    if (!k_hasafs ())
-	return;
-
-    ret = krb5_cc_default(context, &id2);
- 
-    if (ret == 0) {
-	pw_dir = pwd->pw_dir;
-
-	if (!pag_set) {
-	    k_setpag();
-	    pag_set = 1;
-	}
-
-	if(k_afs_cell_of_file(pw_dir, cell, sizeof(cell)) == 0)
-	    krb5_afslog_uid_home (context, id2,
-				  cell, NULL, pwd->pw_uid, pwd->pw_dir);
-	krb5_afslog_uid_home (context, id2, NULL, NULL,
-			      pwd->pw_uid, pwd->pw_dir);
-	krb5_cc_close (context, id2);
-    }
-}
-
-#endif /* KRB5 */
-
-#ifdef KRB4
-
-static int
-krb4_verify(struct passwd *pwd, const char *password)
-{
-    char lrealm[REALM_SZ];
-    int ret;
-    char ticket_file[MaxPathLen];
-
-    ret = krb_get_lrealm (lrealm, 1);
-    if (ret)
-	return 1;
-
-    snprintf (ticket_file, sizeof(ticket_file),
-	      "%s%u_%u",
-	      TKT_ROOT, (unsigned)pwd->pw_uid, (unsigned)getpid());
-
-    krb_set_tkt_string (ticket_file);
-
-    ret = krb_verify_user (pwd->pw_name, "", lrealm, (char *)password,
-			   KRB_VERIFY_SECURE_FAIL, NULL);
-    if (ret)
-	return 1;
-
-    if (chown (ticket_file, pwd->pw_uid, pwd->pw_gid) < 0) {
-	dest_tkt();
-	return 1;
-    }
-	
-    add_env ("KRBTKFILE", ticket_file);
-    return 0;
-}
-
-static void
-krb4_get_afs_tokens (const struct passwd *pwd)
-{
-    char cell[64];
-    char *pw_dir;
-
-    if (!k_hasafs ())
-	return;
-
-    pw_dir = pwd->pw_dir;
-
-    if (!pag_set) {
-	k_setpag();
-	pag_set = 1;
-    }
-
-    if(k_afs_cell_of_file(pw_dir, cell, sizeof(cell)) == 0)
-	krb_afslog_uid_home (cell, NULL, pwd->pw_uid, pwd->pw_dir);
-
-    krb_afslog_uid_home (NULL, NULL, pwd->pw_uid, pwd->pw_dir);
-}
-
-#endif /* KRB4 */
-
-static int f_flag;
-static int p_flag;
-#if 0
-static int r_flag;
-#endif
-static int version_flag;
-static int help_flag;
-static char *remote_host;
-static char *auth_level = NULL;
-
-struct getargs args[] = {
-    { NULL, 'a', arg_string,    &auth_level,    "authentication mode" },
-#if 0
-    { NULL, 'd' },
-#endif
-    { NULL, 'f', arg_flag,	&f_flag,	"pre-authenticated" },
-    { NULL, 'h', arg_string,	&remote_host,	"remote host", "hostname" },
-    { NULL, 'p', arg_flag,	&p_flag,	"don't purge environment" },
-#if 0
-    { NULL, 'r', arg_flag,	&r_flag,	"rlogin protocol" },
-#endif
-    { "version", 0,  arg_flag,	&version_flag },
-    { "help",	 0,  arg_flag,&help_flag, }
-};
-
-int nargs = sizeof(args) / sizeof(args[0]);
-
-static void
-update_utmp(const char *username, const char *hostname,
-	    char *tty, char *ttyn)
-{
-    /*
-     * Update the utmp files, both BSD and SYSV style.
-     */
-    if (utmpx_login(tty, username, hostname) != 0 && !f_flag) {
-	printf("No utmpx entry.  You must exec \"login\" from the "
-	       "lowest level shell.\n");
-	exit(1);
-    }
-    utmp_login(ttyn, username, hostname);
-}
-
-static void
-checknologin(void)
-{
-    FILE *f;
-    char buf[1024];
-
-    f = fopen(_PATH_NOLOGIN, "r");
-    if(f == NULL)
-	return;
-    while(fgets(buf, sizeof(buf), f))
-	fputs(buf, stdout);
-    fclose(f);
-    exit(0);
-}
-
-/* print contents of a file */
-static void
-show_file(const char *file)
-{
-    FILE *f;
-    char buf[BUFSIZ];
-    if((f = fopen(file, "r")) == NULL)
-	return;
-    while (fgets(buf, sizeof(buf), f))
-	fputs(buf, stdout);
-    fclose(f);
-}
-
-/* 
- * Actually log in the user.  `pwd' contains all the relevant
- * information about the user.  `ttyn' is the complete name of the tty
- * and `tty' the short name.
- */
-
-static void
-do_login(const struct passwd *pwd, char *tty, char *ttyn)
-{
-#ifdef HAVE_GETSPNAM
-    struct spwd *sp;
-#endif
-    int rootlogin = (pwd->pw_uid == 0);
-    gid_t tty_gid;
-    struct group *gr;
-    const char *home_dir;
-    int i;
-
-    if(!rootlogin)
-	checknologin();
-    
-#ifdef HAVE_GETSPNAM
-    sp = getspnam(pwd->pw_name);
-#endif
-
-    update_utmp(pwd->pw_name, remote_host ? remote_host : "",
-		tty, ttyn);
-
-    gr = getgrnam ("tty");
-    if (gr != NULL)
-	tty_gid = gr->gr_gid;
-    else
-	tty_gid = pwd->pw_gid;
-
-    if (chown (ttyn, pwd->pw_uid, tty_gid) < 0) {
-	warn("chown %s", ttyn);
-	if (rootlogin == 0)
-	    exit (1);
-    }
-
-    if (chmod (ttyn, S_IRUSR | S_IWUSR | S_IWGRP) < 0) {
-	warn("chmod %s", ttyn);
-	if (rootlogin == 0)
-	    exit (1);
-    }
-
-#ifdef HAVE_SETLOGIN
-    if(setlogin(pwd->pw_name)){
-	warn("setlogin(%s)", pwd->pw_name);
-	if(rootlogin == 0)
-	    exit(1);
-    }
-#endif
-    if(rootlogin == 0) {
-	const char *file = login_conf_get_string("limits");
-	if(file == NULL)
-	    file = _PATH_LIMITS_CONF;
-
-	read_limits_conf(file, pwd);
-    }
-	    
-#ifdef HAVE_SETPCRED
-    if (setpcred (pwd->pw_name, NULL) == -1)
-	warn("setpcred(%s)", pwd->pw_name);
-#endif /* HAVE_SETPCRED */
-#ifdef HAVE_INITGROUPS
-    if(initgroups(pwd->pw_name, pwd->pw_gid)){
-	warn("initgroups(%s, %u)", pwd->pw_name, (unsigned)pwd->pw_gid);
-	if(rootlogin == 0)
-	    exit(1);
-    }
-#endif
-    if(do_osfc2_magic(pwd->pw_uid))
-	exit(1);
-    if(setgid(pwd->pw_gid)){
-	warn("setgid(%u)", (unsigned)pwd->pw_gid);
-	if(rootlogin == 0)
-	    exit(1);
-    }
-    if(setuid(pwd->pw_uid) || (pwd->pw_uid != 0 && setuid(0) == 0)) {
-	warn("setuid(%u)", (unsigned)pwd->pw_uid);
-	if(rootlogin == 0)
-	    exit(1);
-    }
-
-    /* make sure signals are set to default actions, apparently some
-       OS:es like to ignore SIGINT, which is not very convenient */
-    
-    for (i = 1; i < NSIG; ++i)
-	signal(i, SIG_DFL);
-
-    /* all kinds of different magic */
-
-#ifdef HAVE_GETSPNAM
-    check_shadow(pwd, sp);
-#endif
-
-#if defined(HAVE_GETUDBNAM) && defined(HAVE_SETLIM)
-    {
-	struct udb *udb;
-	long t;
-	const long maxcpu = 46116860184; /* some random constant */
-	udb = getudbnam(pwd->pw_name);
-	if(udb == UDB_NULL)
-	    errx(1, "Failed to get UDB entry.");
-	t = udb->ue_pcpulim[UDBRC_INTER];
-	if(t == 0 || t > maxcpu)
-	    t = CPUUNLIM;
-	else
-	    t *= 100 * CLOCKS_PER_SEC;
-
-	if(limit(C_PROC, 0, L_CPU, t) < 0)
-	    warn("limit C_PROC");
-
-	t = udb->ue_jcpulim[UDBRC_INTER];
-	if(t == 0 || t > maxcpu)
-	    t = CPUUNLIM;
-	else
-	    t *= 100 * CLOCKS_PER_SEC;
-
-	if(limit(C_JOBPROCS, 0, L_CPU, t) < 0)
-	    warn("limit C_JOBPROCS");
-
-	nice(udb->ue_nice[UDBRC_INTER]);
-    }
-#endif
-#if defined(HAVE_SGI_GETCAPABILITYBYNAME) && defined(HAVE_CAP_SET_PROC)
-	/* XXX SGI capability hack IRIX 6.x (x >= 0?) has something
-	   called capabilities, that allow you to give away
-	   permissions (such as chown) to specific processes. From 6.5
-	   this is default on, and the default capability set seems to
-	   not always be the empty set. The problem is that the
-	   runtime linker refuses to do just about anything if the
-	   process has *any* capabilities set, so we have to remove
-	   them here (unless otherwise instructed by /etc/capability).
-	   In IRIX < 6.5, these functions was called sgi_cap_setproc,
-	   etc, but we ignore this fact (it works anyway). */
-	{
-	    struct user_cap *ucap = sgi_getcapabilitybyname(pwd->pw_name);
-	    cap_t cap;
-	    if(ucap == NULL)
-		cap = cap_from_text("all=");
-	    else
-		cap = cap_from_text(ucap->ca_default);
-	    if(cap == NULL)
-		err(1, "cap_from_text");
-	    if(cap_set_proc(cap) < 0)
-		err(1, "cap_set_proc");
-	    cap_free(cap);
-	    free(ucap);
-	}
-#endif
-    home_dir = pwd->pw_dir;
-    if (chdir(home_dir) < 0) {
-	fprintf(stderr, "No home directory \"%s\"!\n", pwd->pw_dir);
-	if (chdir("/"))
-	    exit(0);
-	home_dir = "/";
-	fprintf(stderr, "Logging in with home = \"/\".\n");
-    }
-#ifdef KRB5
-    if (auth == AUTH_KRB5) {
-	krb5_start_session (pwd);
-    }
-#ifdef KRB4
-    else if (auth == 0) {
-	krb5_error_code ret;
-	krb5_ccache id;
-
-	ret = krb5_cc_default (context, &id);
-	if (ret == 0) {
-	    krb5_to4 (id);
-	    krb5_cc_close (context, id);
-	}
-    }
-#endif /* KRB4 */
-
-    krb5_get_afs_tokens (pwd);
-
-    krb5_finish ();
-#endif /* KRB5 */
-
-#ifdef KRB4
-    if (auth == AUTH_KRB4 || get_v4_tgt)
-	krb4_get_afs_tokens (pwd);
-#endif /* KRB4 */
-
-    add_env("PATH", _PATH_DEFPATH);
-
-    {
-	const char *str = login_conf_get_string("environment");
-	char buf[MAXPATHLEN];
-
-	if(str == NULL) {
-	    login_read_env(_PATH_ETC_ENVIRONMENT);
-	} else {
-	    while(strsep_copy(&str, ",", buf, sizeof(buf)) != -1) {
-		if(buf[0] == '\0')
-		    continue;
-		login_read_env(buf);
-	    }
-	}
-    }
-    {
-	const char *str = login_conf_get_string("motd");
-	char buf[MAXPATHLEN];
-
-	if(str != NULL) {
-	    while(strsep_copy(&str, ",", buf, sizeof(buf)) != -1) {
-		if(buf[0] == '\0')
-		    continue;
-		show_file(buf);
-	    }
-	} else {
-	    str = login_conf_get_string("welcome");
-	    if(str != NULL)
-		show_file(str);
-	}
-    }
-    add_env("HOME", home_dir);
-    add_env("USER", pwd->pw_name);
-    add_env("LOGNAME", pwd->pw_name);
-    add_env("SHELL", pwd->pw_shell);
-    exec_shell(pwd->pw_shell, rootlogin);
-}
-
-static int
-check_password(struct passwd *pwd, const char *password)
-{
-    if(pwd->pw_passwd == NULL)
-	return 1;
-    if(pwd->pw_passwd[0] == '\0'){
-#ifdef ALLOW_NULL_PASSWORD
-	return password[0] != '\0';
-#else
-	return 1;
-#endif
-    }
-    if(strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) == 0)
-	return 0;
-#ifdef KRB5
-    if(krb5_verify(pwd, password) == 0) {
-	auth = AUTH_KRB5;
-	return 0;
-    }
-#endif
-#ifdef KRB4
-    if (krb4_verify (pwd, password) == 0) {
-	auth = AUTH_KRB4;
-	return 0;
-    }
-#endif
-#ifdef OTP
-    if (otp_verify (pwd, password) == 0) {
-       auth = AUTH_OTP;
-       return 0;
-    }
-#endif
-    return 1;
-}
-
-static void
-usage(int status)
-{
-    arg_printusage(args, nargs, NULL, "[username]");
-    exit(status);
-}
-
-static RETSIGTYPE
-sig_handler(int sig)
-{
-    if (sig == SIGALRM)
-         fprintf(stderr, "Login timed out after %d seconds\n",
-                login_timeout);
-      else
-         fprintf(stderr, "Login received signal, exiting\n");
-    exit(0);
-}
-
-int
-main(int argc, char **argv)
-{
-    int max_tries = 5;
-    int try;
-
-    char username[32];
-    int optidx = 0;
-
-    int ask = 1;
-    struct sigaction sa;
-    
-    setprogname(argv[0]);
-
-#ifdef KRB5
-    {
-	krb5_error_code ret;
-
-	ret = krb5_init_context(&context);
-	if (ret)
-	    errx (1, "krb5_init_context failed: %d", ret);
-    }
-#endif
-
-    openlog("login", LOG_ODELAY | LOG_PID, LOG_AUTH);
-
-    if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
-		&optidx))
-	usage (1);
-    argc -= optidx;
-    argv += optidx;
-
-    if(help_flag)
-	usage(0);
-    if (version_flag) {
-	print_version (NULL);
-	return 0;
-    }
-	
-    if (geteuid() != 0)
-	errx(1, "only root may use login, use su");
-
-    /* Default tty settings. */
-    stty_default();
-
-    if(p_flag)
-	copy_env();
-    else {
-	/* this set of variables is always preserved by BSD login */
-	if(getenv("TERM"))
-	    add_env("TERM", getenv("TERM"));
-	if(getenv("TZ"))
-	    add_env("TZ", getenv("TZ"));
-    }
-
-    if(*argv){
-	if(strchr(*argv, '=') == NULL && strcmp(*argv, "-") != 0){
-	    strlcpy (username, *argv, sizeof(username));
-	    ask = 0;
-	}
-    }
-
-#if defined(DCE) && defined(AIX)
-    esetenv("AUTHSTATE", "DCE", 1);
-#endif
-
-    /* XXX should we care about environment on the command line? */
-
-    memset(&sa, 0, sizeof(sa));
-    sa.sa_handler = sig_handler;
-    sigemptyset(&sa.sa_mask);
-    sa.sa_flags = 0;
-    sigaction(SIGALRM, &sa, NULL);
-    alarm(login_timeout);
-
-    for(try = 0; try < max_tries; try++){
-	struct passwd *pwd;
-	char password[128];
-	int ret;
-	char ttname[32];
-	char *tty, *ttyn;
-        char prompt[128];
-#ifdef OTP
-        char otp_str[256];
-#endif
-
-	if(ask){
-	    f_flag = 0;
-#if 0
-	    r_flag = 0;
-#endif
-	    ret = read_string("login: ", username, sizeof(username), 1);
-	    if(ret == -3)
-		exit(0);
-	    if(ret == -2)
-		sig_handler(0); /* exit */
-	}
-        pwd = k_getpwnam(username);
-#ifdef ALLOW_NULL_PASSWORD
-        if (pwd != NULL && (pwd->pw_passwd[0] == '\0')) {
-            strcpy(password,"");
-        }
-        else
-#endif
-
-        {
-#ifdef OTP
-           if(auth_level && strcmp(auth_level, "otp") == 0 &&
-                 otp_challenge(&otp_ctx, username,
-                            otp_str, sizeof(otp_str)) == 0)
-                 snprintf (prompt, sizeof(prompt), "%s's %s Password: ",
-                            username, otp_str);
-            else
-#endif
-                 strncpy(prompt, "Password: ", sizeof(prompt));
-
-	    if (f_flag == 0) {
-	       ret = read_string(prompt, password, sizeof(password), 0);
-               if (ret == -3) {
-                  ask = 1;
-                  continue;
-               }
-               if (ret == -2)
-                  sig_handler(0);
-            }
-         }
-	
-	if(pwd == NULL){
-	    fprintf(stderr, "Login incorrect.\n");
-	    ask = 1;
-	    continue;
-	}
-
-	if(f_flag == 0 && check_password(pwd, password)){
-	    fprintf(stderr, "Login incorrect.\n");
-            ask = 1;
-	    continue;
-	}
-	ttyn = ttyname(STDIN_FILENO);
-	if(ttyn == NULL){
-	    snprintf(ttname, sizeof(ttname), "%s??", _PATH_TTY);
-	    ttyn = ttname;
-	}
-	if (strncmp (ttyn, _PATH_DEV, strlen(_PATH_DEV)) == 0)
-	    tty = ttyn + strlen(_PATH_DEV);
-	else
-	    tty = ttyn;
-    
-	if (login_access (pwd, remote_host ? remote_host : tty) == 0) {
-	    fprintf(stderr, "Permission denied\n");
-	    if (remote_host)
-		syslog(LOG_NOTICE, "%s LOGIN REFUSED FROM %s",
-		       pwd->pw_name, remote_host);
-	    else
-		syslog(LOG_NOTICE, "%s LOGIN REFUSED ON %s",
-		       pwd->pw_name, tty);
-	    exit (1);
-	} else {
-	    if (remote_host)
-		syslog(LOG_NOTICE, "%s LOGIN ACCEPTED FROM %s ppid=%d",
-		       pwd->pw_name, remote_host, (int) getppid());
-	    else
-		syslog(LOG_NOTICE, "%s LOGIN ACCEPTED ON %s ppid=%d",
-		       pwd->pw_name, tty, (int) getppid());
-	}
-        alarm(0);
-	do_login(pwd, tty, ttyn);
-    }
-    exit(1);
-}
diff --git a/crypto/heimdal/appl/login/login_access.c b/crypto/heimdal/appl/login/login_access.c
deleted file mode 100644
index e1bfe42ea1b8..000000000000
--- a/crypto/heimdal/appl/login/login_access.c
+++ /dev/null
@@ -1,277 +0,0 @@
-/************************************************************************
-* Copyright 1995 by Wietse Venema.  All rights reserved.  Some individual
-* files may be covered by other copyrights.
-*
-* This material was originally written and compiled by Wietse Venema at
-* Eindhoven University of Technology, The Netherlands, in 1990, 1991,
-* 1992, 1993, 1994 and 1995.
-*
-* Redistribution and use in source and binary forms, with or without
-* modification, are permitted provided that this entire copyright notice
-* is duplicated in all such copies.
-*
-* This software is provided "as is" and without any expressed or implied
-* warranties, including, without limitation, the implied warranties of
-* merchantibility and fitness for any particular purpose.
-************************************************************************/
- /*
-  * This module implements a simple but effective form of login access
-  * control based on login names and on host (or domain) names, internet
-  * addresses (or network numbers), or on terminal line names in case of
-  * non-networked logins. Diagnostics are reported through syslog(3).
-  *
-  * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
-  */
-
-#include "login_locl.h"
-
-RCSID("$Id: login_access.c 10020 2001-06-04 14:10:19Z assar $");
-
- /* Delimiters for fields and for lists of users, ttys or hosts. */
-
-static char fs[] = ":";			/* field separator */
-static char sep[] = ", \t";		/* list-element separator */
-
- /* Constants to be used in assignments only, not in comparisons... */
-
-#define YES             1
-#define NO              0
-
- /*
-  * A structure to bundle up all login-related information to keep the
-  * functional interfaces as generic as possible.
-  */
-struct login_info {
-    struct passwd *user;
-    char   *from;
-};
-
-static int list_match(char *list, struct login_info *item,
-		      int (*match_fn)(char *, struct login_info *));
-static int user_match(char *tok, struct login_info *item);
-static int from_match(char *tok, struct login_info *item);
-static int string_match(char *tok, char *string);
-
-/* login_access - match username/group and host/tty with access control file */
-
-int login_access(struct passwd *user, char *from)
-{
-    struct login_info item;
-    FILE   *fp;
-    char    line[BUFSIZ];
-    char   *perm;			/* becomes permission field */
-    char   *users;			/* becomes list of login names */
-    char   *froms;			/* becomes list of terminals or hosts */
-    int     match = NO;
-    int     end;
-    int     lineno = 0;			/* for diagnostics */
-    char   *foo;
-
-    /*
-     * Bundle up the arguments to avoid unnecessary clumsiness lateron.
-     */
-    item.user = user;
-    item.from = from;
-
-    /*
-     * Process the table one line at a time and stop at the first match.
-     * Blank lines and lines that begin with a '#' character are ignored.
-     * Non-comment lines are broken at the ':' character. All fields are
-     * mandatory. The first field should be a "+" or "-" character. A
-     * non-existing table means no access control.
-     */
-
-    if ((fp = fopen(_PATH_LOGACCESS, "r")) != 0) {
-	while (!match && fgets(line, sizeof(line), fp)) {
-	    lineno++;
-	    if (line[end = strlen(line) - 1] != '\n') {
-		syslog(LOG_ERR, "%s: line %d: missing newline or line too long",
-		       _PATH_LOGACCESS, lineno);
-		continue;
-	    }
-	    if (line[0] == '#')
-		continue;			/* comment line */
-	    while (end > 0 && isspace((unsigned char)line[end - 1]))
-		end--;
-	    line[end] = 0;			/* strip trailing whitespace */
-	    if (line[0] == 0)			/* skip blank lines */
-		continue;
-	    foo = NULL;
-	    if (!(perm = strtok_r(line, fs, &foo))
-		|| !(users = strtok_r(NULL, fs, &foo))
-		|| !(froms = strtok_r(NULL, fs, &foo))
-		|| strtok_r(NULL, fs, &foo)) {
-		syslog(LOG_ERR, "%s: line %d: bad field count", 
-		       _PATH_LOGACCESS,
-		       lineno);
-		continue;
-	    }
-	    if (perm[0] != '+' && perm[0] != '-') {
-		syslog(LOG_ERR, "%s: line %d: bad first field", 
-		       _PATH_LOGACCESS,
-		       lineno);
-		continue;
-	    }
-	    match = (list_match(froms, &item, from_match)
-		     && list_match(users, &item, user_match));
-	}
-	fclose(fp);
-    } else if (errno != ENOENT) {
-	syslog(LOG_ERR, "cannot open %s: %m", _PATH_LOGACCESS);
-    }
-    return (match == 0 || (line[0] == '+'));
-}
-
-/* list_match - match an item against a list of tokens with exceptions */
-
-static int
-list_match(char *list,
-	   struct login_info *item,
-	   int (*match_fn)(char *, struct login_info *))
-{
-    char   *tok;
-    int     match = NO;
-    char   *foo = NULL;
-
-    /*
-     * Process tokens one at a time. We have exhausted all possible matches
-     * when we reach an "EXCEPT" token or the end of the list. If we do find
-     * a match, look for an "EXCEPT" list and recurse to determine whether
-     * the match is affected by any exceptions.
-     */
-
-    for (tok = strtok_r(list, sep, &foo);
-	 tok != NULL;
-	 tok = strtok_r(NULL, sep, &foo)) {
-	if (strcasecmp(tok, "EXCEPT") == 0)	/* EXCEPT: give up */
-	    break;
-	if ((match = (*match_fn) (tok, item)) != 0)	/* YES */
-	    break;
-    }
-    /* Process exceptions to matches. */
-
-    if (match != NO) {
-	while ((tok = strtok_r(NULL, sep, &foo)) && strcasecmp(tok, "EXCEPT"))
-	     /* VOID */ ;
-	if (tok == 0 || list_match(NULL, item, match_fn) == NO)
-	    return (match);
-    }
-    return (NO);
-}
-
-/* myhostname - figure out local machine name */
-
-static char *myhostname(void)
-{
-    static char name[MAXHOSTNAMELEN + 1] = "";
-
-    if (name[0] == 0) {
-	gethostname(name, sizeof(name));
-	name[MAXHOSTNAMELEN] = 0;
-    }
-    return (name);
-}
-
-/* netgroup_match - match group against machine or user */
-
-static int netgroup_match(char *group, char *machine, char *user)
-{
-#ifdef HAVE_YP_GET_DEFAULT_DOMAIN
-    static char *mydomain = 0;
-
-    if (mydomain == 0)
-	yp_get_default_domain(&mydomain);
-    return (innetgr(group, machine, user, mydomain));
-#else
-    syslog(LOG_ERR, "NIS netgroup support not configured");
-    return 0;
-#endif
-}
-
-/* user_match - match a username against one token */
-
-static int user_match(char *tok, struct login_info *item)
-{
-    char   *string = item->user->pw_name;
-    struct login_info fake_item;
-    struct group *group;
-    int     i;
-    char   *at;
-
-    /*
-     * If a token has the magic value "ALL" the match always succeeds.
-     * Otherwise, return YES if the token fully matches the username, if the
-     * token is a group that contains the username, or if the token is the
-     * name of the user's primary group.
-     */
-
-    if ((at = strchr(tok + 1, '@')) != 0) {	/* split user@host pattern */
-	*at = 0;
-	fake_item.from = myhostname();
-	return (user_match(tok, item) && from_match(at + 1, &fake_item));
-    } else if (tok[0] == '@') {			/* netgroup */
-	return (netgroup_match(tok + 1, (char *) 0, string));
-    } else if (string_match(tok, string)) {	/* ALL or exact match */
-	return (YES);
-    } else if ((group = getgrnam(tok)) != 0) { /* try group membership */
-	if (item->user->pw_gid == group->gr_gid)
-	    return (YES);
-	for (i = 0; group->gr_mem[i]; i++)
-	    if (strcasecmp(string, group->gr_mem[i]) == 0)
-		return (YES);
-    }
-    return (NO);
-}
-
-/* from_match - match a host or tty against a list of tokens */
-
-static int from_match(char *tok, struct login_info *item)
-{
-    char   *string = item->from;
-    int     tok_len;
-    int     str_len;
-
-    /*
-     * If a token has the magic value "ALL" the match always succeeds. Return
-     * YES if the token fully matches the string. If the token is a domain
-     * name, return YES if it matches the last fields of the string. If the
-     * token has the magic value "LOCAL", return YES if the string does not
-     * contain a "." character. If the token is a network number, return YES
-     * if it matches the head of the string.
-     */
-
-    if (tok[0] == '@') {			/* netgroup */
-	return (netgroup_match(tok + 1, string, (char *) 0));
-    } else if (string_match(tok, string)) {	/* ALL or exact match */
-	return (YES);
-    } else if (tok[0] == '.') {			/* domain: match last fields */
-	if ((str_len = strlen(string)) > (tok_len = strlen(tok))
-	    && strcasecmp(tok, string + str_len - tok_len) == 0)
-	    return (YES);
-    } else if (strcasecmp(tok, "LOCAL") == 0) {	/* local: no dots */
-	if (strchr(string, '.') == 0)
-	    return (YES);
-    } else if (tok[(tok_len = strlen(tok)) - 1] == '.'	/* network */
-	       && strncmp(tok, string, tok_len) == 0) {
-	return (YES);
-    }
-    return (NO);
-}
-
-/* string_match - match a string against one token */
-
-static int string_match(char *tok, char *string)
-{
-
-    /*
-     * If the token has the magic value "ALL" the match always succeeds.
-     * Otherwise, return YES if the token fully matches the string.
-     */
-
-    if (strcasecmp(tok, "ALL") == 0) {		/* all: always matches */
-	return (YES);
-    } else if (strcasecmp(tok, string) == 0) {	/* try exact match */
-	return (YES);
-    }
-    return (NO);
-}
diff --git a/crypto/heimdal/appl/login/login_locl.h b/crypto/heimdal/appl/login/login_locl.h
deleted file mode 100644
index 08b960c9c719..000000000000
--- a/crypto/heimdal/appl/login/login_locl.h
+++ /dev/null
@@ -1,150 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: login_locl.h 17302 2006-04-27 09:17:01Z lha $ */
-
-#ifndef __LOGIN_LOCL_H__
-#define __LOGIN_LOCL_H__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#include <unistd.h>
-#include <syslog.h>
-#include <signal.h>
-#include <termios.h>
-#include <err.h>
-#include <pwd.h>
-#include <roken.h>
-#include <getarg.h>
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef HAVE_PATHS_H
-#include <paths.h>
-#endif
-#ifdef HAVE_UTMP_H
-#include <utmp.h>
-#endif
-#ifdef HAVE_UTMPX_H
-#include <utmpx.h>
-#endif
-#ifdef HAVE_UDB_H
-#include <udb.h>
-#endif
-#ifdef HAVE_SYS_RESOURCE_H
-#include <sys/resource.h>
-#endif
-#ifdef HAVE_SYS_CATEGORY_H
-#include <sys/category.h>
-#endif
-#ifdef HAVE_SYS_WAIT_H
-#include <sys/wait.h>
-#endif
-#ifdef HAVE_SHADOW_H
-#include <shadow.h>
-#endif
-#ifdef HAVE_NETGROUP_H
-#include <netgroup.h>
-#endif
-#ifdef HAVE_RPCSVC_YPCLNT_H
-#include <rpcsvc/ypclnt.h>
-#endif
-#ifdef KRB4
-#include <krb.h>
-#endif
-#ifdef KRB5
-#include <krb5.h>
-#endif
-#include <kafs.h>
-
-#ifdef OTP
-#include <otp.h>
-#endif
-
-#ifdef HAVE_OSFC2
-#define getargs OSFgetargs
-#include "/usr/include/prot.h"
-#undef getargs
-#endif
-
-#ifndef _PATH_BSHELL
-#define _PATH_BSHELL "/bin/sh"
-#endif
-#ifndef _PATH_TTY
-#define _PATH_TTY "/dev/tty"
-#endif
-#ifndef _PATH_DEV
-#define _PATH_DEV "/dev/"
-#endif
-#ifndef _PATH_WTMP
-#ifdef WTMP_FILE
-#define _PATH_WTMP WTMP_FILE
-#else
-#define _PATH_WTMP "/var/adm/wtmp"
-#endif
-#endif
-#ifndef _PATH_UTMP
-#ifdef UTMP_FILE
-#define _PATH_UTMP UTMP_FILE
-#else
-#define _PATH_UTMP "/var/adm/utmp"
-#endif
-#endif
-
-#ifndef _PATH_LOGACCESS
-#define _PATH_LOGACCESS SYSCONFDIR "/login.access"
-#endif /* _PATH_LOGACCESS */
-
-#ifndef _PATH_LOGIN_CONF
-#define _PATH_LOGIN_CONF SYSCONFDIR "/login.conf"
-#endif /* _PATH_LOGIN_CONF */
-
-#ifndef _PATH_DEFPATH
-#define _PATH_DEFPATH "/usr/bin:/bin"
-#endif
-
-#include "loginpaths.h"
-
-struct spwd;
-
-extern char **env;
-extern int num_env;
-
-#include "login_protos.h"
-
-#endif /* __LOGIN_LOCL_H__ */
diff --git a/crypto/heimdal/appl/login/login_protos.h b/crypto/heimdal/appl/login/login_protos.h
deleted file mode 100644
index 7fdbb35ca120..000000000000
--- a/crypto/heimdal/appl/login/login_protos.h
+++ /dev/null
@@ -1,91 +0,0 @@
-/* This is a generated file */
-#ifndef __login_protos_h__
-#define __login_protos_h__
-
-#include <stdarg.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-void
-add_env (
-	const char */*var*/,
-	const char */*value*/);
-
-void
-check_shadow (
-	const struct passwd */*pw*/,
-	const struct spwd */*sp*/);
-
-char *
-clean_ttyname (char */*tty*/);
-
-void
-copy_env (void);
-
-int
-do_osfc2_magic (uid_t /*uid*/);
-
-void
-extend_env (char */*str*/);
-
-int
-login_access (
-	struct passwd */*user*/,
-	char */*from*/);
-
-char *
-login_conf_get_string (const char */*str*/);
-
-int
-login_read_env (const char */*file*/);
-
-char *
-make_id (char */*tty*/);
-
-void
-prepare_utmp (
-	struct utmp */*utmp*/,
-	char */*tty*/,
-	const char */*username*/,
-	const char */*hostname*/);
-
-int
-read_limits_conf (
-	const char */*file*/,
-	const struct passwd */*pwd*/);
-
-int
-read_string (
-	const char */*prompt*/,
-	char */*buf*/,
-	size_t /*len*/,
-	int /*echo*/);
-
-void
-shrink_hostname (
-	const char */*hostname*/,
-	char */*dst*/,
-	size_t /*dst_sz*/);
-
-void
-stty_default (void);
-
-void
-utmp_login (
-	char */*tty*/,
-	const char */*username*/,
-	const char */*hostname*/);
-
-int
-utmpx_login (
-	char */*line*/,
-	const char */*user*/,
-	const char */*host*/);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __login_protos_h__ */
diff --git a/crypto/heimdal/appl/login/loginpaths.h b/crypto/heimdal/appl/login/loginpaths.h
deleted file mode 100644
index 141f81e2db5f..000000000000
--- a/crypto/heimdal/appl/login/loginpaths.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: loginpaths.h 17299 2006-04-27 09:14:20Z lha $ */
-
-#ifndef __LOGIN_PATH_H
-#define __LOGIN_PATH_H
-
-#ifndef _PATH_NOLOGIN
-#define _PATH_NOLOGIN "/etc/nologin"
-#endif
-
-#ifndef _PATH_ETC_ENVIRONMENT
-#define _PATH_ETC_ENVIRONMENT SYSCONFDIR "/environment"
-#endif
-
-#ifndef _PATH_LIMITS_CONF
-#define _PATH_LIMITS_CONF "/etc/security/limits.conf"
-#endif
-
-
-#endif /* __LOGIN_PATH_H */
diff --git a/crypto/heimdal/appl/login/osfc2.c b/crypto/heimdal/appl/login/osfc2.c
deleted file mode 100644
index e9c367937d4c..000000000000
--- a/crypto/heimdal/appl/login/osfc2.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * Copyright (c) 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "login_locl.h"
-RCSID("$Id: osfc2.c 9704 2001-02-20 01:44:56Z assar $");
-
-int
-do_osfc2_magic(uid_t uid)
-{
-#ifdef HAVE_OSFC2
-    struct es_passwd *epw;
-    char *argv[2];
-    
-    /* fake */
-    argv[0] = (char*)getprogname();
-    argv[1] = NULL;
-    set_auth_parameters(1, argv);
-    
-    epw = getespwuid(uid);
-    if(epw == NULL) {
-	syslog(LOG_AUTHPRIV|LOG_NOTICE, 
-	       "getespwuid failed for %d", uid);
-	printf("Sorry.\n");
-	return 1;
-    }
-    /* We don't check for auto-retired, foo-retired,
-       bar-retired, or any other kind of retired accounts
-       here; neither do we check for time-locked accounts, or
-       any other kind of serious C2 mumbo-jumbo. We do,
-       however, call setluid, since failing to do so is not
-       very good (take my word for it). */
-    
-    if(!epw->uflg->fg_uid) {
-	syslog(LOG_AUTHPRIV|LOG_NOTICE, 
-	       "attempted login by %s (has no uid)", epw->ufld->fd_name);
-	printf("Sorry.\n");
-	return 1;
-    }
-    setluid(epw->ufld->fd_uid);
-    if(getluid() != epw->ufld->fd_uid) {
-	syslog(LOG_AUTHPRIV|LOG_NOTICE, 
-	       "failed to set LUID for %s (%d)", 
-	       epw->ufld->fd_name, epw->ufld->fd_uid);
-	printf("Sorry.\n");
-	return 1;
-    }
-#endif /* HAVE_OSFC2 */
-    return 0;
-}
diff --git a/crypto/heimdal/appl/login/read_string.c b/crypto/heimdal/appl/login/read_string.c
deleted file mode 100644
index 925345e93098..000000000000
--- a/crypto/heimdal/appl/login/read_string.c
+++ /dev/null
@@ -1,137 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "login_locl.h"
-
-RCSID("$Id: read_string.c 18156 2006-09-22 15:42:39Z lha $");
-
-static sig_atomic_t intr_flag;
-
-static void
-intr(int sig)
-{
-    intr_flag++;
-}
-
-#ifndef NSIG
-#define NSIG 47
-#endif
-
-int
-read_string(const char *prompt, char *buf, size_t len, int echo)
-{
-    struct sigaction sigs[NSIG];
-    int oksigs[NSIG];
-    struct sigaction sa;
-    FILE *tty;
-    int ret = 0;
-    int of = 0;
-    int i;
-    int c;
-    char *p;
-
-    struct termios t_new, t_old;
-
-    memset(&oksigs, 0, sizeof(oksigs));
-
-    memset(&sa, 0, sizeof(sa));
-    sa.sa_handler = intr;
-    sigemptyset(&sa.sa_mask);
-    sa.sa_flags = 0;
-    for(i = 1; i < sizeof(sigs) / sizeof(sigs[0]); i++)
-	if (i != SIGALRM) 
-	    if (sigaction(i, &sa, &sigs[i]) == 0)
-		oksigs[i] = 1;
-
-    if((tty = fopen("/dev/tty", "r")) == NULL)
-	tty = stdin;
-       
-    fprintf(stderr, "%s", prompt);
-    fflush(stderr);
-
-    if(echo == 0){
-	tcgetattr(fileno(tty), &t_old);
-	memcpy(&t_new, &t_old, sizeof(t_new));
-	t_new.c_lflag &= ~ECHO;
-	tcsetattr(fileno(tty), TCSANOW, &t_new);
-    }
-    intr_flag = 0;
-    p = buf;
-    while(intr_flag == 0){
-	c = getc(tty);
-	if(c == EOF){
-	    if(!ferror(tty))
-		ret = 1;
-	    break;
-	}
-	if(c == '\n')
-	    break;
-	if(of == 0)
-	    *p++ = c;
-	of = (p == buf + len);
-    }
-    if(of)
-	p--;
-    *p = 0;
-    
-    if(echo == 0){
-	printf("\n");
-	tcsetattr(fileno(tty), TCSANOW, &t_old);
-    }
-    
-    if(tty != stdin)
-	fclose(tty);
-
-    for(i = 1; i < sizeof(sigs) / sizeof(sigs[0]); i++)
-	if (oksigs[i])
-	    sigaction(i, &sigs[i], NULL);
-    
-    if(ret)
-	return -3;
-    if(intr_flag)
-	return -2;
-    if(of)
-	return -1;
-    return 0;
-}
-
-
-#if 0
-int main()
-{
-    char s[128];
-    int ret;
-    ret = read_string("foo: ", s, sizeof(s), 0);
-    printf("%d ->%s<-\n", ret, s);
-}
-#endif
diff --git a/crypto/heimdal/appl/login/shadow.c b/crypto/heimdal/appl/login/shadow.c
deleted file mode 100644
index 081fe1cb7034..000000000000
--- a/crypto/heimdal/appl/login/shadow.c
+++ /dev/null
@@ -1,95 +0,0 @@
-/*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "login_locl.h"
-
-RCSID("$Id: shadow.c 7464 1999-12-02 17:05:13Z joda $");
-
-#ifdef HAVE_SHADOW_H
-
-#ifndef _PATH_CHPASS
-#define _PATH_CHPASS "/usr/bin/passwd"
-#endif
-
-static int
-change_passwd(const struct passwd *who)
-{
-    int status;
-    pid_t pid;
-
-    switch (pid = fork()) {
-    case -1:
-        printf("fork /bin/passwd");
-        exit(1);
-    case 0:
-        execlp(_PATH_CHPASS, "passwd", who->pw_name, (char *) 0);
-        exit(1);
-    default:
-        waitpid(pid, &status, 0);
-        return (status);
-    }
-}
-
-void 
-check_shadow(const struct passwd *pw, const struct spwd *sp)
-{
-  long today;
-
-  today = time(0)/(24L * 60 * 60);
-  
-  if (sp == NULL)
-      return;
-
-  if (sp->sp_expire > 0) {
-        if (today >= sp->sp_expire) {
-            printf("Your account has expired.\n");
-            sleep(1);
-            exit(0);
-        } else if (sp->sp_expire - today < 14) {
-            printf("Your account will expire in %d days.\n",
-                   (int)(sp->sp_expire - today));
-        }
-  }
-
-  if (sp->sp_max > 0) {
-        if (today >= (sp->sp_lstchg + sp->sp_max)) {
-            printf("Your password has expired. Choose a new one.\n");
-            change_passwd(pw);
-        } else if (sp->sp_warn > 0
-            && (today > (sp->sp_lstchg + sp->sp_max - sp->sp_warn))) {
-            printf("Your password will expire in %d days.\n",
-                   (int)(sp->sp_lstchg + sp->sp_max - today));
-        }
-  }
-}
-#endif /* HAVE_SHADOW_H */
diff --git a/crypto/heimdal/appl/login/stty_default.c b/crypto/heimdal/appl/login/stty_default.c
deleted file mode 100644
index df490489c974..000000000000
--- a/crypto/heimdal/appl/login/stty_default.c
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "login_locl.h"
-
-RCSID("$Id: stty_default.c 7464 1999-12-02 17:05:13Z joda $");
-
-#include <termios.h>
-
-/* HP-UX 9.0 termios doesn't define these */
-#ifndef FLUSHO
-#define	FLUSHO	0
-#endif
-
-#ifndef XTABS
-#define	XTABS	0
-#endif
-
-#ifndef OXTABS
-#define OXTABS	XTABS
-#endif
-
-/* Ultrix... */
-#ifndef ECHOPRT
-#define ECHOPRT	0
-#endif
-
-#ifndef ECHOCTL
-#define ECHOCTL	0
-#endif
-
-#ifndef ECHOKE
-#define ECHOKE	0
-#endif
-
-#ifndef IMAXBEL
-#define IMAXBEL	0
-#endif
-
-#define Ctl(x) ((x) ^ 0100)
-
-void
-stty_default(void)
-{
-    struct	termios termios;
-
-    /*
-     * Finalize the terminal settings. Some systems default to 8 bits,
-     * others to 7, so we should leave that alone.
-     */
-    tcgetattr(0, &termios);
-
-    termios.c_iflag |= (BRKINT|IGNPAR|ICRNL|IXON|IMAXBEL);
-    termios.c_iflag &= ~IXANY;
-
-    termios.c_lflag |= (ISIG|IEXTEN|ICANON|ECHO|ECHOE|ECHOK|ECHOCTL|ECHOKE);
-    termios.c_lflag &= ~(ECHOPRT|TOSTOP|FLUSHO);
-
-    termios.c_oflag |= (OPOST|ONLCR);
-    termios.c_oflag &= ~OXTABS;
-
-    termios.c_cc[VINTR] = Ctl('C');
-    termios.c_cc[VERASE] = Ctl('H');
-    termios.c_cc[VKILL] = Ctl('U');
-    termios.c_cc[VEOF] = Ctl('D');
-
-    termios.c_cc[VSUSP] = Ctl('Z');
-    
-    tcsetattr(0, TCSANOW, &termios);
-}
diff --git a/crypto/heimdal/appl/login/tty.c b/crypto/heimdal/appl/login/tty.c
deleted file mode 100644
index 8dd68eece738..000000000000
--- a/crypto/heimdal/appl/login/tty.c
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "login_locl.h"
-
-RCSID("$Id: tty.c 7464 1999-12-02 17:05:13Z joda $");
-
-/*
- * Clean the tty name.  Return a pointer to the cleaned version.
- */
-
-char *
-clean_ttyname (char *tty)
-{
-  char *res = tty;
-
-  if (strncmp (res, _PATH_DEV, strlen(_PATH_DEV)) == 0)
-    res += strlen(_PATH_DEV);
-  if (strncmp (res, "pty/", 4) == 0)
-    res += 4;
-  if (strncmp (res, "ptym/", 5) == 0)
-    res += 5;
-  return res;
-}
-
-/*
- * Generate a name usable as an `ut_id', typically without `tty'.
- */
-
-char *
-make_id (char *tty)
-{
-  char *res = tty;
-  
-  if (strncmp (res, "pts/", 4) == 0)
-    res += 4;
-  if (strncmp (res, "tty", 3) == 0)
-    res += 3;
-  return res;
-}
diff --git a/crypto/heimdal/appl/login/utmp_login.c b/crypto/heimdal/appl/login/utmp_login.c
deleted file mode 100644
index 5f6c79c13979..000000000000
--- a/crypto/heimdal/appl/login/utmp_login.c
+++ /dev/null
@@ -1,162 +0,0 @@
-/*
- * Copyright (c) 1995 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "login_locl.h"
-
-RCSID("$Id: utmp_login.c 9661 2001-02-08 16:08:47Z assar $");
-
-/* try to put something useful from hostname into dst, dst_sz:
- * full name, first component or address */
-
-void
-shrink_hostname (const char *hostname,
-		 char *dst, size_t dst_sz)
-{
-    char local_hostname[MaxHostNameLen];
-    char *ld, *hd;
-    int ret;
-    struct addrinfo *ai;
-
-    if (strlen(hostname) < dst_sz) {
-	strlcpy (dst, hostname, dst_sz);
-	return;
-    }
-    gethostname (local_hostname, sizeof(local_hostname));
-    hd = strchr (hostname, '.');
-    ld = strchr (local_hostname, '.');
-    if (hd != NULL && ld != NULL && strcmp(hd, ld) == 0
-	&& hd - hostname < dst_sz) {
-	strlcpy (dst, hostname, dst_sz);
-	dst[hd - hostname] = '\0';
-	return;
-    }
-
-    ret = getaddrinfo (hostname, NULL, NULL, &ai);
-    if (ret) {
-	strncpy (dst, hostname, dst_sz);
-	return;
-    }
-    ret = getnameinfo (ai->ai_addr, ai->ai_addrlen,
-		       dst, dst_sz,
-		       NULL, 0,
-		       NI_NUMERICHOST);
-    freeaddrinfo (ai);
-    if (ret) {
-	strncpy (dst, hostname, dst_sz);
-	return;
-    }
-}
-
-void
-prepare_utmp (struct utmp *utmp, char *tty, 
-	      const char *username, const char *hostname)
-{
-    char *ttyx = clean_ttyname (tty);
-
-    memset(utmp, 0, sizeof(*utmp));
-    utmp->ut_time = time(NULL);
-    strncpy(utmp->ut_line, ttyx, sizeof(utmp->ut_line));
-    strncpy(utmp->ut_name, username, sizeof(utmp->ut_name));
-
-# ifdef HAVE_STRUCT_UTMP_UT_USER
-    strncpy(utmp->ut_user, username, sizeof(utmp->ut_user));
-# endif
-
-# ifdef HAVE_STRUCT_UTMP_UT_ADDR
-    if (hostname[0]) {
-        struct hostent *he;
-	if ((he = gethostbyname(hostname)))
-	    memcpy(&utmp->ut_addr, he->h_addr_list[0],
-		   sizeof(utmp->ut_addr));
-    }
-# endif
-
-# ifdef HAVE_STRUCT_UTMP_UT_HOST
-    shrink_hostname (hostname, utmp->ut_host, sizeof(utmp->ut_host));
-# endif
-
-# ifdef HAVE_STRUCT_UTMP_UT_TYPE
-    utmp->ut_type = USER_PROCESS;
-# endif
-
-# ifdef HAVE_STRUCT_UTMP_UT_PID
-    utmp->ut_pid = getpid();
-# endif
-
-# ifdef HAVE_STRUCT_UTMP_UT_ID
-    strncpy(utmp->ut_id, make_id(ttyx), sizeof(utmp->ut_id));
-# endif
-}
-
-#ifdef HAVE_UTMPX_H
-void utmp_login(char *tty, const char *username, const char *hostname)
-{ 
-    return;
-}
-#else
-
-/* update utmp and wtmp - the BSD way */
-
-void utmp_login(char *tty, const char *username, const char *hostname)
-{
-    struct utmp utmp;
-    int fd;
-
-    prepare_utmp (&utmp, tty, username, hostname);
-
-#ifdef HAVE_SETUTENT
-    utmpname(_PATH_UTMP);
-    setutent();
-    pututline(&utmp);
-    endutent();
-#else
-
-#ifdef HAVE_TTYSLOT
-    {
-      int ttyno;
-      ttyno = ttyslot();
-      if (ttyno > 0 && (fd = open(_PATH_UTMP, O_WRONLY, 0)) >= 0) {
-	lseek(fd, (long)(ttyno * sizeof(struct utmp)), SEEK_SET);
-	write(fd, &utmp, sizeof(struct utmp));
-	close(fd);
-      }
-    }
-#endif /* HAVE_TTYSLOT */
-#endif /* HAVE_SETUTENT */
-
-    if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) >= 0) {
-	write(fd, &utmp, sizeof(struct utmp));
-	close(fd);
-    }
-}
-#endif /* !HAVE_UTMPX_H */
diff --git a/crypto/heimdal/appl/login/utmpx_login.c b/crypto/heimdal/appl/login/utmpx_login.c
deleted file mode 100644
index 5e25c09892dd..000000000000
--- a/crypto/heimdal/appl/login/utmpx_login.c
+++ /dev/null
@@ -1,105 +0,0 @@
-/************************************************************************
-* Copyright 1995 by Wietse Venema.  All rights reserved.  Some individual
-* files may be covered by other copyrights.
-*
-* This material was originally written and compiled by Wietse Venema at
-* Eindhoven University of Technology, The Netherlands, in 1990, 1991,
-* 1992, 1993, 1994 and 1995.
-*
-* Redistribution and use in source and binary forms, with or without
-* modification, are permitted provided that this entire copyright notice
-* is duplicated in all such copies.
-*
-* This software is provided "as is" and without any expressed or implied
-* warranties, including, without limitation, the implied warranties of
-* merchantibility and fitness for any particular purpose.
-************************************************************************/
-/* Author: Wietse Venema <wietse@wzv.win.tue.nl> */
-
-#include "login_locl.h"
-
-RCSID("$Id: utmpx_login.c 10020 2001-06-04 14:10:19Z assar $");
-
-/* utmpx_login - update utmp and wtmp after login */
-
-#ifndef HAVE_UTMPX_H
-int utmpx_login(char *line, const char *user, const char *host) { return 0; }
-#else
-
-static void
-utmpx_update(struct utmpx *ut, char *line, const char *user, const char *host)
-{
-    struct timeval tmp;
-    char *clean_tty = clean_ttyname(line);
-
-    strncpy(ut->ut_line, clean_tty, sizeof(ut->ut_line));
-#ifdef HAVE_STRUCT_UTMPX_UT_ID
-    strncpy(ut->ut_id, make_id(clean_tty), sizeof(ut->ut_id));
-#endif
-    strncpy(ut->ut_user, user, sizeof(ut->ut_user));
-    shrink_hostname (host, ut->ut_host, sizeof(ut->ut_host));
-#ifdef HAVE_STRUCT_UTMPX_UT_SYSLEN
-    ut->ut_syslen = strlen(host) + 1;
-    if (ut->ut_syslen > sizeof(ut->ut_host))
-        ut->ut_syslen = sizeof(ut->ut_host);
-#endif
-    ut->ut_type = USER_PROCESS;
-    gettimeofday (&tmp, 0);
-    ut->ut_tv.tv_sec = tmp.tv_sec;
-    ut->ut_tv.tv_usec = tmp.tv_usec;
-    pututxline(ut);
-#ifdef WTMPX_FILE
-    updwtmpx(WTMPX_FILE, ut);
-#elif defined(WTMP_FILE)
-    {
-	struct utmp utmp;
-	int fd;
-
-	prepare_utmp (&utmp, line, user, host);
-	if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) >= 0) {
-	    write(fd, &utmp, sizeof(struct utmp));
-	    close(fd);
-	}
-    }
-#endif
-}
-
-int
-utmpx_login(char *line, const char *user, const char *host)
-{
-    struct utmpx *ut, save_ut;
-    pid_t   mypid = getpid();
-    int     ret = (-1);
-
-    /*
-     * SYSV4 ttymon and login use tty port names with the "/dev/" prefix
-     * stripped off. Rlogind and telnetd, on the other hand, make utmpx
-     * entries with device names like /dev/pts/nnn. We therefore cannot use
-     * getutxline(). Return nonzero if no utmp entry was found with our own
-     * process ID for a login or user process.
-     */
-
-    while ((ut = getutxent())) {
-        /* Try to find a reusable entry */
-	if (ut->ut_pid == mypid
-	    && (   ut->ut_type == INIT_PROCESS
-		|| ut->ut_type == LOGIN_PROCESS
-		|| ut->ut_type == USER_PROCESS)) {
-	    save_ut = *ut;
-	    utmpx_update(&save_ut, line, user, host);
-	    ret = 0;
-	    break;
-	}
-    }
-    if (ret == -1) {
-        /* Grow utmpx file by one record. */
-        struct utmpx newut;
-	memset(&newut, 0, sizeof(newut));
-	newut.ut_pid = mypid;
-        utmpx_update(&newut, line, user, host);
-	ret = 0;
-    }
-    endutxent();
-    return (ret);
-}
-#endif /* HAVE_UTMPX_H */
diff --git a/crypto/heimdal/appl/push/ChangeLog b/crypto/heimdal/appl/push/ChangeLog
deleted file mode 100644
index d1ad46b8c832..000000000000
--- a/crypto/heimdal/appl/push/ChangeLog
+++ /dev/null
@@ -1,200 +0,0 @@
-2005-04-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* push.c: catch when snprint needs a larger buffer
-
-2004-06-17  Johan Danielsson  <joda@pdc.kth.se>
-
-	* push.c: alloc memory to handle very long lines
-	
-2003-04-03  Assar Westerlund  <assar@kth.se>
-
-	* push.c: fixed one incorrect fprintf to stderr
-
-2003-03-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* push.c: add names of pop states, add some more debugging and use
-	fprintf(stderr) for all dbg stmts.
-	
-2001-09-04  Assar Westerlund  <assar@sics.se>
-
-	* push.c (doit): check return values from snprintf being negative
-
-2000-12-31  Assar Westerlund  <assar@sics.se>
-
-	* push.c (main): handle krb5_init_context failure consistently
-
-2000-12-26  Assar Westerlund  <assar@sics.se>
-
-	* push.c: support several headers, from <mattiasa@e.kth.se> use
-	estrdup, emalloc, erealloc
-
-2000-11-29  Johan Danielsson  <joda@pdc.kth.se>
-
-	* pfrom.1: work around bug in grog that makes it think it needs
-	mdoc.old
-
-	* push.8: work around bug in grog that makes it think it needs
-	mdoc.old
-
-2000-11-27  Johan Danielsson  <joda@pdc.kth.se>
-
-	* push.c: add space to usage
-
-2000-10-08  Assar Westerlund  <assar@sics.se>
-
-	* push.c (doit): check that fds are not too large to select on
-
-2000-03-04  Assar Westerlund  <assar@sics.se>
-
-	* add man-page for pfrom
-
-1999-12-28  Assar Westerlund  <assar@sics.se>
-
-	* push.c (main): call k_getportbyname with port number in
- 	network-byte-order
-
-1999-12-14  Assar Westerlund  <assar@sics.se>
-
-	* push.c (do_connect): remove bogus local block variable
-
-1999-12-05  Assar Westerlund  <assar@sics.se>
-
-	* push.c (do_connect): use `getaddrinfo'
-	* push.c: add --count (print number of messages and bytes at
-	beginning)
-
-1999-11-13  Assar Westerlund  <assar@sics.se>
-
-	* push.c: make `-v' a arg_counter
-	
-1999-11-02  Assar Westerlund  <assar@sics.se>
-
-	* push.c (main): redo the v4/v5 selection for consistency.  -4 ->
- 	try only v4 -5 -> try only v5 none, -45 -> try v5, v4
-
-1999-08-19  Assar Westerlund  <assar@sics.se>
-
-	* push.c (doit): remember to step over the error message when we
- 	discover that XDELE is not supported
-
-1999-08-12  Johan Danielsson  <joda@pdc.kth.se>
-
-	* push.c: use XDELE
-
-1999-08-05  Assar Westerlund  <assar@sics.se>
-
-	* push.c (do_connect): v6-ify
-
-1999-06-15  Assar Westerlund  <assar@sics.se>
-
-	* push.c: get_default_username and the resulting const propagation
-
-1999-05-21  Assar Westerlund  <assar@sics.se>
-
-	* push.c (parse_pobox): try $USERNAME
-
-1999-05-11  Assar Westerlund  <assar@sics.se>
-
-	* push.c (do_v5): remove unused and non-working code
-
-1999-05-10  Assar Westerlund  <assar@sics.se>
-
-	* push.c (do_v5): call krb5_sendauth with ccache == NULL
-	
-Wed Apr  7 23:40:00 1999  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in: fix names of hesiod variables
-
-Wed Mar 24 04:37:04 1999  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (pfrom): fix typo
-
-	* push.c (get_pobox): try to handle old and new hesiod APIs
-
-Mon Mar 22 22:19:40 1999  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: hesoid -> hesiod
-
-Sun Mar 21 18:02:10 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: bindir -> libexecdir
-
-Sat Mar 20 00:12:26 1999  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: LDADD: add missing backslash
-
-Thu Mar 18 15:28:35 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: clean pfrom
-
-	* Makefile.am: include Makefile.am.common
-
-Mon Mar 15 18:26:16 1999  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* push.c: strncasecmp headers
-
-Mon Feb 15 22:22:09 1999  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (pfrom): use libexecdir
-
-	* Makefile.am: build and install pfrom
-
-	* push.c (do_connect): init `s'
-	(pop_state): spell-check enums
-
-Tue Nov 24 23:20:54 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in: build and install pfrom
-
-	* pfrom.in: bindir -> libexecdir
-
-Sun Nov 22 15:33:52 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* push.c: eliminate some warnings
-
-Sun Nov 22 10:34:54 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (WFLAGS): set
-
-Thu Nov 19 01:17:33 1998  Assar Westerlund  <assar@sics.se>
-
-	* push_locl.h: add <hesiod.h>
-
-	* Makefile.am, Makefile.in: link and include hesiod
-
-	* push.c (get_pobox): new function. add hesiod support.
-
-1998-11-07  Assar Westerlund  <assar@sics.se>
-
-	* push.8: updated
-
-	* push.c: --from implementation from <lha@stacken.kth.se>
-
-Fri Jul 10 01:14:45 1998  Assar Westerlund  <assar@sics.se>
-
-	* push.c (net_{read,write}): remove
-
-Wed Jun 24 14:41:41 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* push.c: allow `po:user@host' mailbox syntax
-
-Tue Jun  2 17:35:06 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* push.c: quote '^From ' properly
-
-Mon May 25 05:22:47 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (clean): PROGS -> PROGRAMS
-
-Sun Apr 26 11:42:13 1998  Assar Westerlund  <assar@sics.se>
-
-	* push.c (main): better default for v4 and v5
-
-	* push.c (main): init context correctly
-
-	* push.c: should work with krb4
-
-	* push_locl.h: krb4 compat
-
-	* Makefile.in: new file
-
diff --git a/crypto/heimdal/appl/push/Makefile.am b/crypto/heimdal/appl/push/Makefile.am
deleted file mode 100644
index eb67943371fc..000000000000
--- a/crypto/heimdal/appl/push/Makefile.am
+++ /dev/null
@@ -1,27 +0,0 @@
-# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-AM_CPPFLAGS += $(INCLUDE_krb4) $(INCLUDE_hesiod)
-
-bin_SCRIPTS		= pfrom
-
-libexec_PROGRAMS	= push
-
-push_SOURCES = push.c push_locl.h
-
-pfrom: pfrom.in
-	sed -e "s!%libexecdir%!$(libexecdir)!" $(srcdir)/pfrom.in > $@
-	chmod +x $@
-
-man_MANS = push.8 pfrom.1
-
-CLEANFILES = pfrom
-
-EXTRA_DIST = pfrom.in $(man_MANS)
-
-LDADD = $(LIB_krb5) \
-	$(LIB_krb4) \
-	$(LIB_hcrypto) \
-	$(LIB_roken) \
-	$(LIB_hesiod)
diff --git a/crypto/heimdal/appl/push/Makefile.in b/crypto/heimdal/appl/push/Makefile.in
deleted file mode 100644
index 9178f7ba79ff..000000000000
--- a/crypto/heimdal/appl/push/Makefile.in
+++ /dev/null
@@ -1,915 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common ChangeLog
-libexec_PROGRAMS = push$(EXEEXT)
-subdir = appl/push
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-am__installdirs = "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(bindir)" \
-	"$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)"
-libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-PROGRAMS = $(libexec_PROGRAMS)
-am_push_OBJECTS = push.$(OBJEXT)
-push_OBJECTS = $(am_push_OBJECTS)
-push_LDADD = $(LDADD)
-am__DEPENDENCIES_1 =
-push_DEPENDENCIES = $(LIB_krb5) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1)
-binSCRIPT_INSTALL = $(INSTALL_SCRIPT)
-SCRIPTS = $(bin_SCRIPTS)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-SOURCES = $(push_SOURCES)
-DIST_SOURCES = $(push_SOURCES)
-man1dir = $(mandir)/man1
-man8dir = $(mandir)/man8
-MANS = $(man_MANS)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
-	$(INCLUDE_krb4) $(INCLUDE_hesiod)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-bin_SCRIPTS = pfrom
-push_SOURCES = push.c push_locl.h
-man_MANS = push.8 pfrom.1
-CLEANFILES = pfrom
-EXTRA_DIST = pfrom.in $(man_MANS)
-LDADD = $(LIB_krb5) \
-	$(LIB_krb4) \
-	$(LIB_hcrypto) \
-	$(LIB_roken) \
-	$(LIB_hesiod)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps appl/push/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps appl/push/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-install-libexecPROGRAMS: $(libexec_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)"
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(libexecdir)/$$f'"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(libexecdir)/$$f" || exit 1; \
-	  else :; fi; \
-	done
-
-uninstall-libexecPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f '$(DESTDIR)$(libexecdir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(libexecdir)/$$f"; \
-	done
-
-clean-libexecPROGRAMS:
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-push$(EXEEXT): $(push_OBJECTS) $(push_DEPENDENCIES) 
-	@rm -f push$(EXEEXT)
-	$(LINK) $(push_OBJECTS) $(push_LDADD) $(LIBS)
-install-binSCRIPTS: $(bin_SCRIPTS)
-	@$(NORMAL_INSTALL)
-	test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
-	@list='$(bin_SCRIPTS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  if test -f $$d$$p; then \
-	    f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
-	    echo " $(binSCRIPT_INSTALL) '$$d$$p' '$(DESTDIR)$(bindir)/$$f'"; \
-	    $(binSCRIPT_INSTALL) "$$d$$p" "$(DESTDIR)$(bindir)/$$f"; \
-	  else :; fi; \
-	done
-
-uninstall-binSCRIPTS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_SCRIPTS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
-	  echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(bindir)/$$f"; \
-	done
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-man1: $(man1_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)"
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    1*) ;; \
-	    *) ext='1' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \
-	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \
-	done
-uninstall-man1:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    1*) ;; \
-	    *) ext='1' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \
-	  rm -f "$(DESTDIR)$(man1dir)/$$inst"; \
-	done
-install-man8: $(man8_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    8*) ;; \
-	    *) ext='8' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
-	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
-	done
-uninstall-man8:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    8*) ;; \
-	    *) ext='8' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
-	  rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(SCRIPTS) $(MANS) all-local
-installdirs:
-	for dir in "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libexecPROGRAMS clean-libtool \
-	mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am: install-binSCRIPTS install-libexecPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man: install-man1 install-man8
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-binSCRIPTS uninstall-libexecPROGRAMS \
-	uninstall-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-uninstall-man: uninstall-man1 uninstall-man8
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
-	clean clean-generic clean-libexecPROGRAMS clean-libtool ctags \
-	dist-hook distclean distclean-compile distclean-generic \
-	distclean-libtool distclean-tags distdir dvi dvi-am html \
-	html-am info info-am install install-am install-binSCRIPTS \
-	install-data install-data-am install-data-hook install-dvi \
-	install-dvi-am install-exec install-exec-am install-exec-hook \
-	install-html install-html-am install-info install-info-am \
-	install-libexecPROGRAMS install-man install-man1 install-man8 \
-	install-pdf install-pdf-am install-ps install-ps-am \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
-	pdf pdf-am ps ps-am tags uninstall uninstall-am \
-	uninstall-binSCRIPTS uninstall-hook uninstall-libexecPROGRAMS \
-	uninstall-man uninstall-man1 uninstall-man8
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-pfrom: pfrom.in
-	sed -e "s!%libexecdir%!$(libexecdir)!" $(srcdir)/pfrom.in > $@
-	chmod +x $@
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/push/pfrom.1 b/crypto/heimdal/appl/push/pfrom.1
deleted file mode 100644
index e8f15618edbc..000000000000
--- a/crypto/heimdal/appl/push/pfrom.1
+++ /dev/null
@@ -1,55 +0,0 @@
-.\" Copyright (c) 2000 - 2002 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: pfrom.1 11648 2003-02-16 21:10:32Z lha $
-.\"
-.Dd March 4, 2000
-.Dt PFROM 1
-.Os HEIMDAL
-.Sh NAME
-.Nm pfrom
-.Nd "fetch a list of the current mail via POP"
-.Sh SYNOPSIS
-.Nm
-.Op Fl 4 | Fl -krb4
-.Op Fl 5 | Fl -krb5
-.Op Fl v | Fl -verbose
-.Op Fl c | -count
-.Op Fl -header
-.Oo Fl p Ar port-spec  \*(Ba Xo
-.Fl -port= Ns Ar port-spec
-.Xc
-.Oc
-.Sh DESCRIPTION
-.Nm
-is a script that does push --from.
-.Sh SEE ALSO
-.Xr push 8
diff --git a/crypto/heimdal/appl/push/pfrom.in b/crypto/heimdal/appl/push/pfrom.in
deleted file mode 100644
index 8af97ef19a04..000000000000
--- a/crypto/heimdal/appl/push/pfrom.in
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/sh
-# $Id: pfrom.in 5248 1998-11-24 13:25:47Z assar $
-libexecdir=%libexecdir%
-PATH=$libexecdir:$PATH
-export PATH
-push --from $*
diff --git a/crypto/heimdal/appl/push/push.8 b/crypto/heimdal/appl/push/push.8
deleted file mode 100644
index 985545e547d1..000000000000
--- a/crypto/heimdal/appl/push/push.8
+++ /dev/null
@@ -1,138 +0,0 @@
-.\" $Id: push.8 11176 2002-08-20 17:07:29Z joda $
-.\"
-.Dd May 31, 1998
-.Dt PUSH 8
-.Os HEIMDAL
-.Sh NAME
-.Nm push
-.Nd fetch mail via POP
-.Sh SYNOPSIS
-.Nm
-.Op Fl 4 | Fl -krb4
-.Op Fl 5 | Fl -krb5
-.Op Fl v | Fl -verbose
-.Op Fl f | Fl -fork
-.Op Fl l | -leave
-.Op Fl -from
-.Op Fl c | -count
-.Op Fl -headers Ns = Ns Ar headers
-.Oo Fl p Ar port-spec  \*(Ba Xo
-.Fl -port Ns = Ns Ar port-spec
-.Xc
-.Oc
-.Ar po-box
-.Pa filename
-.Sh DESCRIPTION
-.Nm
-retrieves mail from the post office box
-.Ar po-box ,
-and stores the mail in mbox format in
-.Pa filename .
-The
-.Ar po-box
-can have any of the following formats:
-.Bl -hang -compact -offset indent
-.It Ql hostname:username
-.It Ql po:hostname:username
-.It Ql username@hostname
-.It Ql po:username@hostname
-.It Ql hostname
-.It Ql po:username
-.El
-.Pp
-If no username is specified,
-.Nm
-assumes that it's the same as on the local machine;
-.Ar hostname
-defaults to the value of the
-.Ev MAILHOST
-environment variable.
-.Pp
-Supported options:
-.Bl -tag -width Ds
-.It Xo
-.Fl 4 ,
-.Fl -krb4
-.Xc
-use Kerberos 4 (if compiled with support for Kerberos 4)
-.It Xo
-.Fl 5 ,
-.Fl -krb5
-.Xc
-use Kerberos 5 (if compiled with support for Kerberos 5)
-.It Xo
-.Fl f ,
-.Fl -fork
-.Xc
-fork before starting to delete messages
-.It Xo
-.Fl l ,
-.Fl -leave
-.Xc
-don't delete fetched mail
-.It Xo
-.Fl -from
-.Xc
-behave like from.
-.It Xo
-.Fl c ,
-.Fl -count
-.Xc
-first print how many messages and bytes there are.
-.It Xo
-.Fl -headers Ns = Ns Ar headers
-.Xc
-a list of comma-separated headers that should get printed.
-.It Xo
-.Fl p Ar port-spec ,
-.Fl -port Ns = Ns Ar port-spec
-.Xc
-use this port instead of the default
-.Ql kpop
-or
-.Ql 1109 .
-.El
-.Pp
-The default is to first try Kerberos 5 authentication and then, if
-that fails, Kerberos 4.
-.Sh ENVIRONMENT
-.Bl -tag -width Ds
-.It Ev MAILHOST
-points to the post office, if no other hostname is specified.
-.El
-.\".Sh FILES
-.Sh EXAMPLES
-.Bd -literal -offset indent
-$ push cornfield:roosta ~/.emacs-mail-crash-box
-.Ed
-.Pp
-tries to fetch mail for the user
-.Ar roosta
-from the post office at
-.Dq cornfield ,
-and stores the mail in
-.Pa ~/.emacs-mail-crash-box
-(you are using Gnus, aren't you?)
-.Bd -literal -offset indent
-$ push --from -5 havregryn
-.Ed
-.Pp
-tries to fetch
-.Sy From:
-lines for current user at post office
-.Dq havregryn
-using Kerberos 5.
-.\".Sh DIAGNOSTICS
-.Sh SEE ALSO
-.Xr from 1 ,
-.Xr pfrom 1 ,
-.Xr movemail 8 ,
-.Xr popper 8
-.\".Sh STANDARDS
-.Sh HISTORY
-.Nm
-was written while waiting for
-.Nm movemail
-to finish getting the mail.
-.\".Sh AUTHORS
-.\".Sh BUGS
diff --git a/crypto/heimdal/appl/push/push.c b/crypto/heimdal/appl/push/push.c
deleted file mode 100644
index 87a0be234722..000000000000
--- a/crypto/heimdal/appl/push/push.c
+++ /dev/null
@@ -1,844 +0,0 @@
-/*
- * Copyright (c) 1997-2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "push_locl.h"
-RCSID("$Id: push.c 14850 2005-04-19 18:00:17Z lha $");
-
-#ifdef KRB4
-static int use_v4 = -1;
-#endif
-
-#ifdef KRB5
-static int use_v5 = -1;
-static krb5_context context;
-#endif
-
-static char *port_str;
-static int verbose_level;
-static int do_fork;
-static int do_leave;
-static int do_version;
-static int do_help;
-static int do_from;
-static int do_count;
-static char *header_str;
-
-struct getargs args[] = {
-#ifdef KRB4
-    { "krb4",	'4', arg_flag,		&use_v4,	"Use Kerberos V4",
-      NULL },
-#endif    
-#ifdef KRB5
-    { "krb5",	'5', arg_flag,		&use_v5,	"Use Kerberos V5",
-      NULL },
-#endif
-    { "verbose",'v', arg_counter,	&verbose_level,	"Verbose",
-      NULL },
-    { "fork",	'f', arg_flag,		&do_fork,	"Fork deleting proc",
-      NULL },
-    { "leave",	'l', arg_flag,		&do_leave,	"Leave mail on server",
-      NULL },
-    { "port",	'p', arg_string,	&port_str,	"Use this port",
-      "number-or-service" },
-    { "from",	 0,  arg_flag,		&do_from,	"Behave like from",
-      NULL },
-    { "headers", 0,  arg_string,	&header_str,	"Headers to print", NULL },
-    { "count", 'c',  arg_flag,		&do_count,	"Print number of messages", NULL},
-    { "version", 0,  arg_flag,		&do_version,	"Print version",
-      NULL },
-    { "help",	 0,  arg_flag,		&do_help,	NULL,
-      NULL }
-
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args) / sizeof(args[0]),
-		    NULL,
-		    "[[{po:username[@hostname] | hostname[:username]}] ...] "
-		    "filename");
-    exit (ret);
-}
-
-static int
-do_connect (const char *hostname, int port, int nodelay)
-{
-    struct addrinfo *ai, *a;
-    struct addrinfo hints;
-    int error;
-    int s = -1;
-    char portstr[NI_MAXSERV];
-
-    memset (&hints, 0, sizeof(hints));
-    hints.ai_socktype = SOCK_STREAM;
-    hints.ai_protocol = IPPROTO_TCP;
-
-    snprintf (portstr, sizeof(portstr), "%u", ntohs(port));
-
-    error = getaddrinfo (hostname, portstr, &hints, &ai);
-    if (error)
-	errx (1, "getaddrinfo(%s): %s", hostname, gai_strerror(error));
-
-    for (a = ai; a != NULL; a = a->ai_next) {
-	s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
-	if (s < 0)
-	    continue;
-	if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
-	    warn ("connect(%s)", hostname);
- 	    close (s);
- 	    continue;
-	}
-	break;
-    }
-    freeaddrinfo (ai);
-    if (a == NULL) {
-	warnx ("failed to contact %s", hostname);
-	return -1;
-    }
-
-    if(setsockopt(s, IPPROTO_TCP, TCP_NODELAY,
-		  (void *)&nodelay, sizeof(nodelay)) < 0)
-	err (1, "setsockopt TCP_NODELAY");
-    return s;
-}
-
-typedef enum { INIT = 0, GREET, USER, PASS, STAT, RETR, TOP, 
-	       DELE, XDELE, QUIT} pop_state;
-
-static char *pop_state_string[] = {
-    "INIT", "GREET", "USER", "PASS", "STAT", "RETR", "TOP",
-    "DELE", "XDELE", "QUIT" 
-};
-
-#define PUSH_BUFSIZ 65536
-
-#define STEP 16
-
-struct write_state {
-    struct iovec *iovecs;
-    size_t niovecs, maxiovecs, allociovecs;
-    int fd;
-};
-
-static void
-write_state_init (struct write_state *w, int fd)
-{
-#ifdef UIO_MAXIOV
-    w->maxiovecs = UIO_MAXIOV;
-#else
-    w->maxiovecs = 16;
-#endif
-    w->allociovecs = min(STEP, w->maxiovecs);
-    w->niovecs = 0;
-    w->iovecs = emalloc(w->allociovecs * sizeof(*w->iovecs));
-    w->fd = fd;
-}
-
-static void
-write_state_add (struct write_state *w, void *v, size_t len)
-{
-    if(w->niovecs == w->allociovecs) {				
-	if(w->niovecs == w->maxiovecs) {				
-	    if(writev (w->fd, w->iovecs, w->niovecs) < 0)		
-		err(1, "writev");				
-	    w->niovecs = 0;					
-	} else {						
-	    w->allociovecs = min(w->allociovecs + STEP, w->maxiovecs);	
-	    w->iovecs = erealloc (w->iovecs,				
-				  w->allociovecs * sizeof(*w->iovecs));	
-	}							
-    }								
-    w->iovecs[w->niovecs].iov_base = v;				
-    w->iovecs[w->niovecs].iov_len  = len;				
-    ++w->niovecs;							
-}
-
-static void
-write_state_flush (struct write_state *w)
-{
-    if (w->niovecs) {
-	if (writev (w->fd, w->iovecs, w->niovecs) < 0)
-	    err (1, "writev");
-	w->niovecs = 0;
-    }
-}
-
-static void
-write_state_destroy (struct write_state *w)
-{
-    free (w->iovecs);
-}
-
-static int
-doit(int s,
-     const char *host,
-     const char *user,
-     const char *outfilename,
-     const char *header_str,
-     int leavep,
-     int verbose,
-     int forkp)
-{
-    int ret;
-    char out_buf[PUSH_BUFSIZ];
-    int out_len = 0;
-    char *in_buf;
-    size_t in_buf_size;
-    size_t in_len = 0;
-    char *in_ptr;
-    pop_state state = INIT;
-    unsigned count, bytes;
-    unsigned asked_for = 0, retrieved = 0, asked_deleted = 0, deleted = 0;
-    unsigned sent_xdele = 0;
-    int out_fd;
-    char from_line[128];
-    size_t from_line_length;
-    time_t now;
-    struct write_state write_state;
-    int numheaders = 1;
-    char **headers = NULL;
-    int i;
-    char *tmp = NULL;
-
-    in_buf = emalloc(PUSH_BUFSIZ + 1);
-    in_ptr = in_buf;
-    in_buf_size = PUSH_BUFSIZ;
-
-    if (do_from) {
-	char *tmp2;
-
-	tmp2 = tmp = estrdup(header_str);
-
-	out_fd = -1;
-	if (verbose)
-	    fprintf (stderr, "%s@%s\n", user, host);
-	while (*tmp != '\0') {
-	    tmp = strchr(tmp, ',');
-	    if (tmp == NULL)
-		break;
-	    tmp++;
-	    numheaders++;
-	}
-
-	headers = emalloc(sizeof(char *) * (numheaders + 1));
-	for (i = 0; i < numheaders; i++) {
-	    headers[i] = strtok_r(tmp2, ",", &tmp2);
-	}
-	headers[numheaders] = NULL;
-    } else {
-	out_fd = open(outfilename, O_WRONLY | O_APPEND | O_CREAT, 0666);
-	if (out_fd < 0)
-	    err (1, "open %s", outfilename);
-	if (verbose)
-	    fprintf (stderr, "%s@%s -> %s\n", user, host, outfilename);
-    }
-
-    now = time(NULL);
-    from_line_length = snprintf (from_line, sizeof(from_line),
-				 "From %s %s", "push", ctime(&now));
-    if (from_line_length < 0 || from_line_length > sizeof(from_line))
-	errx (1, "snprintf failed");
-
-    out_len = snprintf (out_buf, sizeof(out_buf),
-			"USER %s\r\nPASS hej\r\nSTAT\r\n",
-			user);
-    if (out_len < 0 || out_len > sizeof(out_buf))
-	errx (1, "snprintf failed");
-    if (net_write (s, out_buf, out_len) != out_len)
-	err (1, "write");
-    if (verbose > 1)
-	fprintf (stderr, "%s", out_buf);
-
-    if (!do_from)
-	write_state_init (&write_state, out_fd);
-
-    while(state != QUIT) {
-	fd_set readset, writeset;
-
-	FD_ZERO(&readset);
-	FD_ZERO(&writeset);
-	if (s >= FD_SETSIZE)
-	    errx (1, "fd too large");
-	FD_SET(s,&readset);
-
-	if (verbose > 1)
-	    fprintf (stderr, "state: %s count: %d asked_for: %d "
-		     "retrieved: %d asked_deleted: %d\n",
-		     pop_state_string[state], 
-		     count, asked_for, retrieved, asked_deleted);
-
-	if (((state == STAT || state == RETR || state == TOP)
-	     && asked_for < count)
-	    || (state == XDELE && !sent_xdele)
-	    || (state == DELE && asked_deleted < count))
-	    FD_SET(s,&writeset);
-	ret = select (s + 1, &readset, &writeset, NULL, NULL);
-	if (ret < 0) {
-	    if (errno == EAGAIN)
-		continue;
-	    else
-		err (1, "select");
-	}
-	
-	if (FD_ISSET(s, &readset)) {
-	    char *beg, *p;
-	    size_t rem;
-	    int blank_line = 0;
-	    
-	    if(in_len >= in_buf_size) {
-		char *tmp = erealloc(in_buf, in_buf_size + PUSH_BUFSIZ + 1);
-		in_ptr = tmp + (in_ptr - in_buf);
-		in_buf = tmp;
-		in_buf_size += PUSH_BUFSIZ;
-	    }
-
-	    ret = read (s, in_ptr, in_buf_size - in_len);
-	    if (ret < 0)
-		err (1, "read");
-	    else if (ret == 0)
-		errx (1, "EOF during read");
-	    
-	    in_len += ret;
-	    in_ptr += ret;
-	    *in_ptr = '\0';
-	    
-	    beg = in_buf;
-	    rem = in_len;
-	    while(rem > 1
-		  && (p = strstr(beg, "\r\n")) != NULL) {
-		if (state == TOP) {
-		    char *copy = beg;
-
-		    for (i = 0; i < numheaders; i++) {
-			size_t len;
-
-			len = min(p - copy + 1, strlen(headers[i]));
-			if (strncasecmp(copy, headers[i], len) == 0) {
-			    fprintf (stdout, "%.*s\n", (int)(p - copy), copy);
-			}
-		    }
-		    if (beg[0] == '.' && beg[1] == '\r' && beg[2] == '\n') {
-			if (numheaders > 1)
-			    fprintf (stdout, "\n");
-			state = STAT;
-			if (++retrieved == count) {
-			    state = QUIT;
-			    net_write (s, "QUIT\r\n", 6);
-			    if (verbose > 1)
-				fprintf (stderr, "QUIT\r\n");
-			}
-		    }
-		    rem -= p - beg + 2;
-		    beg = p + 2;
-		} else if (state == RETR) {
-		    char *copy = beg;
-		    if (beg[0] == '.') {
-			if (beg[1] == '\r' && beg[2] == '\n') {
-			    if(!blank_line)
-				write_state_add(&write_state, "\n", 1);
-			    state = STAT;
-			    rem -= p - beg + 2;
-			    beg = p + 2;
-			    if (++retrieved == count) {
-				write_state_flush (&write_state);
-				if (fsync (out_fd) < 0)
-				    err (1, "fsync");
-				close(out_fd);
-				if (leavep) {
-				    state = QUIT;
-				    net_write (s, "QUIT\r\n", 6);
-				    if (verbose > 1)
-					fprintf (stderr, "QUIT\r\n");
-				} else {
-				    if (forkp) {
-					pid_t pid;
-
-					pid = fork();
-					if (pid < 0)
-					    warn ("fork");
-					else if(pid != 0) {
-					    if(verbose)
-						fprintf (stderr,
-							 "(exiting)");
-					    return 0;
-					}
-				    }
-
-				    state = XDELE;
-				    if (verbose)
-					fprintf (stderr, "deleting... ");
-				}
-			    }
-			    continue;
-			} else
-			    ++copy;
-		    }
-		    *p = '\n';
-		    if(blank_line && 
-		       strncmp(copy, "From ", min(p - copy + 1, 5)) == 0)
-			write_state_add(&write_state, ">", 1);
-		    write_state_add(&write_state, copy, p - copy + 1);
-		    blank_line = (*copy == '\n');
-		    rem -= p - beg + 2;
-		    beg = p + 2;
-		} else if (rem >= 3 && strncmp (beg, "+OK", 3) == 0) {
-		    if (state == STAT) {
-			if (!do_from)
-			    write_state_add(&write_state,
-					    from_line, from_line_length);
-			blank_line = 0;
-			if (do_from) 
-			    state = TOP;
-			else
-			    state = RETR;
-		    } else if (state == XDELE) {
-			state = QUIT;
-			net_write (s, "QUIT\r\n", 6);
-			if (verbose > 1)
-			    fprintf (stderr, "QUIT\r\n");
-			break;
-		    } else if (state == DELE) {
-			if (++deleted == count) {
-			    state = QUIT;
-			    net_write (s, "QUIT\r\n", 6);
-			    if (verbose > 1)
-				fprintf (stderr, "QUIT\r\n");
-			    break;
-			}
-		    } else if (++state == STAT) {
-			if(sscanf (beg + 4, "%u %u", &count, &bytes) != 2)
-			    errx(1, "Bad STAT-line: %.*s", (int)(p - beg), beg);
-			if (verbose) {
-			    fprintf (stderr, "%u message(s) (%u bytes). "
-				     "fetching... ",
-				     count, bytes);
-			    if (do_from)
-				fprintf (stderr, "\n");
-			} else if (do_count) {
-			    fprintf (stderr, "%u message(s) (%u bytes).\n",
-				     count, bytes);
-			}
-			if (count == 0) {
-			    state = QUIT;
-			    net_write (s, "QUIT\r\n", 6);
-			    if (verbose > 1)
-				fprintf (stderr, "QUIT\r\n");
-			    break;
-			}
-		    }
-
-		    rem -= p - beg + 2;
-		    beg = p + 2;
-		} else {
-		    if(state == XDELE) {
-			state = DELE;
-			rem -= p - beg + 2;
-			beg = p + 2;
-		    } else
-			errx (1, "Bad response: %.*s", (int)(p - beg), beg);
-		}
-	    }
-	    if (!do_from)
-		write_state_flush (&write_state);
-
-	    memmove (in_buf, beg, rem);
-	    in_len = rem;
-	    in_ptr = in_buf + rem;
-	}
-	if (FD_ISSET(s, &writeset)) {
-	    if ((state == STAT && !do_from) || state == RETR)
-		out_len = snprintf (out_buf, sizeof(out_buf),
-				    "RETR %u\r\n", ++asked_for);
-	    else if ((state == STAT && do_from) || state == TOP)
-		out_len = snprintf (out_buf, sizeof(out_buf),
-				    "TOP %u 0\r\n", ++asked_for);
-	    else if(state == XDELE) {
-		out_len = snprintf(out_buf, sizeof(out_buf),
-				   "XDELE %u %u\r\n", 1, count);
-		sent_xdele++;
-	    }
-	    else if(state == DELE)
-		out_len = snprintf (out_buf, sizeof(out_buf),
-				    "DELE %u\r\n", ++asked_deleted);
-	    if (out_len < 0 || out_len > sizeof(out_buf))
-		errx (1, "snprintf failed");
-	    if (net_write (s, out_buf, out_len) != out_len)
-		err (1, "write");
-	    if (verbose > 1)
-		fprintf (stderr, "%s", out_buf);
-	}
-    }
-    if (verbose)
-	fprintf (stderr, "Done\n");
-    if (do_from) {
-	free (tmp);
-	free (headers);
-    } else {
-	write_state_destroy (&write_state);
-    }
-    return 0;
-}
-
-#ifdef KRB5
-static int
-do_v5 (const char *host,
-       int port,
-       const char *user,
-       const char *filename,
-       const char *header_str,
-       int leavep,
-       int verbose,
-       int forkp)
-{
-    krb5_error_code ret;
-    krb5_auth_context auth_context = NULL;
-    krb5_principal server;
-    int s;
-
-    s = do_connect (host, port, 1);
-    if (s < 0)
-	return 1;
-
-    ret = krb5_sname_to_principal (context,
-				   host,
-				   "pop",
-				   KRB5_NT_SRV_HST,
-				   &server);
-    if (ret) {
-	warnx ("krb5_sname_to_principal: %s",
-	       krb5_get_err_text (context, ret));
-	return 1;
-    }
-
-    ret = krb5_sendauth (context,
-			 &auth_context,
-			 &s,
-			 "KPOPV1.0",
-			 NULL,
-			 server,
-			 0,
-			 NULL,
-			 NULL,
-			 NULL,
-			 NULL,
-			 NULL,
-			 NULL);
-    krb5_free_principal (context, server);
-    if (ret) {
-	warnx ("krb5_sendauth: %s",
-	       krb5_get_err_text (context, ret));
-	return 1;
-    }
-    return doit (s, host, user, filename, header_str, leavep, verbose, forkp);
-}
-#endif
-
-#ifdef KRB4
-static int
-do_v4 (const char *host,
-       int port,
-       const char *user,
-       const char *filename,
-       const char *header_str,
-       int leavep,
-       int verbose,
-       int forkp)
-{
-    KTEXT_ST ticket;
-    MSG_DAT msg_data;
-    CREDENTIALS cred;
-    des_key_schedule sched;
-    int s;
-    int ret;
-
-    s = do_connect (host, port, 1);
-    if (s < 0)
-	return 1;
-    ret = krb_sendauth(0,
-		       s,
-		       &ticket, 
-		       "pop",
-		       (char *)host,
-		       krb_realmofhost(host),
-		       getpid(),
-		       &msg_data,
-		       &cred,
-		       sched,
-		       NULL,
-		       NULL,
-		       "KPOPV0.1");
-    if(ret) {
-	warnx("krb_sendauth: %s", krb_get_err_text(ret));
-	return 1;
-    }
-    return doit (s, host, user, filename, header_str, leavep, verbose, forkp);
-}
-#endif /* KRB4 */
-
-#ifdef HESIOD
-
-#ifdef HESIOD_INTERFACES
-
-static char *
-hesiod_get_pobox (const char **user)
-{
-    void *context;
-    struct hesiod_postoffice *hpo;
-    char *ret = NULL;
-
-    if(hesiod_init (&context) != 0)
-	err (1, "hesiod_init");
-
-    hpo = hesiod_getmailhost (context, *user);
-    if (hpo == NULL) {
-	warn ("hesiod_getmailhost %s", *user);
-    } else {
-	if (strcasecmp(hpo->hesiod_po_type, "pop") != 0)
-	    errx (1, "Unsupported po type %s", hpo->hesiod_po_type);
-
-	ret = estrdup(hpo->hesiod_po_host);
-	*user = estrdup(hpo->hesiod_po_name);
-	hesiod_free_postoffice (context, hpo);
-    }
-    hesiod_end (context);
-    return ret;
-}
-
-#else /* !HESIOD_INTERFACES */
-
-static char *
-hesiod_get_pobox (const char **user)
-{
-    char *ret = NULL;
-    struct hes_postoffice *hpo;
-
-    hpo = hes_getmailhost (*user);
-    if (hpo == NULL) {
-	warn ("hes_getmailhost %s", *user);
-    } else {
-	if (strcasecmp(hpo->po_type, "pop") != 0)
-	    errx (1, "Unsupported po type %s", hpo->po_type);
-
-	ret = estrdup(hpo->po_host);
-	*user = estrdup(hpo->po_name);
-    }
-    return ret;
-}
-
-#endif /* HESIOD_INTERFACES */
-
-#endif /* HESIOD */
-
-static char *
-get_pobox (const char **user)
-{
-    char *ret = NULL;
-
-#ifdef HESIOD
-    ret = hesiod_get_pobox (user);
-#endif
-
-    if (ret == NULL)
-	ret = getenv("MAILHOST");
-    if (ret == NULL)
-	errx (1, "MAILHOST not set");
-    return ret;
-}
-
-static void
-parse_pobox (char *a0, const char **host, const char **user)
-{
-    const char *h, *u;
-    char *p;
-    int po = 0;
-
-    if (a0 == NULL) {
-
-	*user = getenv ("USERNAME");
-	if (*user == NULL) {
-	    struct passwd *pwd = getpwuid (getuid ());
-
-	    if (pwd == NULL)
-		errx (1, "Who are you?");
-	    *user = estrdup (pwd->pw_name);
-	}
-	*host = get_pobox (user);
-	return;
-    }
-
-    /* if the specification starts with po:, remember this information */
-    if(strncmp(a0, "po:", 3) == 0) {
-	a0 += 3;
-	po++;
-    }
-    /* if there is an `@', the hostname is after it, otherwise at the
-       beginning of the string */
-    p = strchr(a0, '@');
-    if(p != NULL) {
-	*p++ = '\0';
-	h = p;
-    } else {
-	h = a0;
-    }
-    /* if there is a `:', the username comes before it, otherwise at
-       the beginning of the string */
-    p = strchr(a0, ':');
-    if(p != NULL) {
-	*p++ = '\0';
-	u = p;
-    } else {
-	u = a0;
-    }
-    if(h == u) {
-	/* some inconsistent compatibility with various mailers */
-	if(po) {
-	    h = get_pobox (&u);
-	} else {
-	    u = get_default_username ();
-	    if (u == NULL)
-		errx (1, "Who are you?");
-	}
-    }
-    *host = h;
-    *user = u;
-}
-
-int
-main(int argc, char **argv)
-{
-    int port = 0;
-    int optind = 0;
-    int ret = 1;
-    const char *host, *user, *filename = NULL;
-    char *pobox = NULL;
-
-    setprogname (argv[0]);
-
-#ifdef KRB5
-    {
-	krb5_error_code ret;
-
-	ret = krb5_init_context (&context);
-	if (ret)
-	    errx (1, "krb5_init_context failed: %d", ret);
-    }
-#endif
-
-    if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
-		&optind))
-	usage (1);
-
-    argc -= optind;
-    argv += optind;
-
-#if defined(KRB4) && defined(KRB5)
-    if(use_v4 == -1 && use_v5 == 1)
-	use_v4 = 0;
-    if(use_v5 == -1 && use_v4 == 1)
-	use_v5 = 0;
-#endif    
-
-    if (do_help)
-	usage (0);
-
-    if (do_version) {
-	print_version(NULL);
-	return 0;
-    }
-	
-    if (do_from && header_str == NULL)
-	header_str = "From:";
-    else if (header_str != NULL)
-	do_from = 1;
-
-    if (do_from) {
-	if (argc == 0)
-	    pobox = NULL;
-	else if (argc == 1)
-	    pobox = argv[0];
-	else
-	    usage (1);
-    } else {
-	if (argc == 1) {
-	    filename = argv[0];
-	    pobox    = NULL;
-	} else if (argc == 2) {
-	    filename = argv[1];
-	    pobox    = argv[0];
-	} else
-	    usage (1);
-    }
-
-    if (port_str) {
-	struct servent *s = roken_getservbyname (port_str, "tcp");
-
-	if (s)
-	    port = s->s_port;
-	else {
-	    char *ptr;
-
-	    port = strtol (port_str, &ptr, 10);
-	    if (port == 0 && ptr == port_str)
-		errx (1, "Bad port `%s'", port_str);
-	    port = htons(port);
-	}
-    }
-    if (port == 0) {
-#ifdef KRB5
-	port = krb5_getportbyname (context, "kpop", "tcp", 1109);
-#elif defined(KRB4)
-	port = k_getportbyname ("kpop", "tcp", htons(1109));
-#else
-#error must define KRB4 or KRB5
-#endif
-    }
-
-    parse_pobox (pobox, &host, &user);
-
-#ifdef KRB5
-    if (ret && use_v5) {
-	ret = do_v5 (host, port, user, filename, header_str,
-		     do_leave, verbose_level, do_fork);
-    }
-#endif
-
-#ifdef KRB4
-    if (ret && use_v4) {
-	ret = do_v4 (host, port, user, filename, header_str,
-		     do_leave, verbose_level, do_fork);
-    }
-#endif /* KRB4 */
-    return ret;
-}
diff --git a/crypto/heimdal/appl/push/push_locl.h b/crypto/heimdal/appl/push/push_locl.h
deleted file mode 100644
index 0bcac64d805d..000000000000
--- a/crypto/heimdal/appl/push/push_locl.h
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- * Copyright (c) 1997, 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: push_locl.h 7463 1999-12-02 16:58:55Z joda $ */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#ifdef HAVE_ERRNO_H
-#include <errno.h>
-#endif
-#include <ctype.h>
-#include <limits.h>
-#include <time.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_SYS_UIO_H
-#include <sys/uio.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-#ifdef HAVE_NETINET6_IN6_H
-#include <netinet6/in6.h>
-#endif
-#ifdef HAVE_NETINET_TCP_H
-#include <netinet/tcp.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef HAVE_PWD_H
-#include <pwd.h>
-#endif
-#ifdef HESIOD
-#include <hesiod.h>
-#endif
-
-#include <roken.h>
-#include <err.h>
-#include <getarg.h>
-#ifdef KRB5
-#include <krb5.h>
-#endif
-
-#ifdef KRB4
-#include <krb.h>
-#endif
diff --git a/crypto/heimdal/appl/rcp/ChangeLog b/crypto/heimdal/appl/rcp/ChangeLog
deleted file mode 100644
index 6ae6a1db0fbc..000000000000
--- a/crypto/heimdal/appl/rcp/ChangeLog
+++ /dev/null
@@ -1,125 +0,0 @@
-2007-12-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Add missing files, from Buchan Milne.
-
-2006-10-20  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: more files
-	
-2006-08-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* util.c: Check return values from setuid, prompted by MIT
-	advisory.  Thanks to Tom Yu at MIT, and Michael Calmer and Marcus
-	Meissner at SUSE.  Either of CVE-2006-3083 or CVE-2006-3084.
-
-	* rcp.c: Check return values from setuid, prompted by MIT
-	advisory.  Thanks to Tom Yu at MIT, and Michael Calmer and Marcus
-	Meissner at SUSE.  Either of CVE-2006-3083 or CVE-2006-3084.
-
-	* rcp.c: Check return values from seteuid, prompted by MIT
-	advisory.  Thanks to Tom Yu at MIT, and Michael Calmer and Marcus
-	Meissner at SUSE.  Either of CVE-2006-3083 or CVE-2006-3084.
-	
-2005-10-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* rcp.c: Check return value from asprintf instead of string !=
-	NULL since it undefined behavior on Linux. From Bj�rn Sandell
-	
-2005-08-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* util.c: Explicit typecast to avoid signess warning.
-	
-2005-05-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* rcp_locl.h: undef _PATH_RSH to make sure our version is used
-	
-2005-05-11  David Love  <fx@gnu.org>
-
-	* rcp.c: MODEMASK is defined in sys/vnode.h on Solaris, so undef
-	it before we define our own.
-
-2005-04-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* rcp_locl.h: use BINDIR instead of "/usr/bin/ with _PATH_RSH
-
-2005-04-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* util.c: use unsigned char * to make sure its not negative when
-	passing it to is* functions
-
-2004-05-14  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rcp.c: add -e (passed to rsh)
-	
-2003-04-16  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rcp.1: add a HISTORY section
-
-	* rcp.1: brief manpage
-
-	* rcp.c: add a -4 option
-
-2001-09-24  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rcp.c: more va_* fixing; from Thomas Klausner
-
-2001-09-08  Assar Westerlund  <assar@sics.se>
-
-	* rcp.c (run_err): always match va_start and va_end
-
-2001-09-04  Assar Westerlund  <assar@sics.se>
-
-	* util.c (allocbuf): do not leak memory on failure and zero
-	re-used memory, from Markus Friedl <markus@openbsd.org>
-
-2001-07-19  Assar Westerlund  <assar@sics.se>
-
-	* rcp.c (main): add missing setprogname
-
-2001-06-14  Assar Westerlund  <assar@sics.se>
-
-	* rcp.c: add some const replace a few malloc/snprintf with
-	asprintf
-	* rcp.c (sizestr): remove and use snprintf to do this correctly
-	instead
-
-2001-04-21  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rcp.c: convert to use getarg
-
-	* rcp.c: do a better job of supporting files larger than 2GB
-
-2001-02-07  Assar Westerlund  <assar@sics.se>
-
-	* rcp.c: add -F for forwarding ticket, from Ake Sandgren
-	<ake@cs.umu.se>
-
-2001-01-29  Assar Westerlund  <assar@sics.se>
-
-	* util.c (roundup): add fallback definition
-
-	* rcp.c: remove non-STDC code
-	* rcp_locl.h: add sys/types.h and sys/wait.h
-
-	* rcp.c: no calls to err with NULL
-
-2001-01-28  Assar Westerlund  <assar@sics.se>
-
-	* rcp_locl.h: add
-
-	* Makefile.am (LDADD): remove unused libraries
-
-2001-01-27  Assar Westerlund  <assar@sics.se>
-
-	* util.c: replace vfork by fork
-
-	* rcp.c: add RCSID S_ISTXT -> S_ISVTX printf sizes of files with
- 	%lu instead of %q (which is not portable)
-
-	* util.c: add RCSID do not use sig_t
-	* rcp.c: remove __P, use st_mtime et al from struct stat
-	* extern.h: remove __P
-
-	* initial import of port of bsd rcp changed to use existing rsh,
-	contributed by Richard Nyberg <rnyberg@it.su.se>
-
diff --git a/crypto/heimdal/appl/rcp/Makefile.am b/crypto/heimdal/appl/rcp/Makefile.am
deleted file mode 100644
index 6b2295a3f657..000000000000
--- a/crypto/heimdal/appl/rcp/Makefile.am
+++ /dev/null
@@ -1,15 +0,0 @@
-# $Id: Makefile.am 22281 2007-12-13 20:35:52Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-AM_CPPFLAGS += $(INCLUDE_krb4)
-
-bin_PROGRAMS = rcp
-
-rcp_SOURCES  = rcp.c util.c rcp_locl.h extern.h
-
-man_MANS = rcp.1
-
-EXTRA_DIST = $(man_MANS)
-
-LDADD = $(LIB_roken)
diff --git a/crypto/heimdal/appl/rcp/Makefile.in b/crypto/heimdal/appl/rcp/Makefile.in
deleted file mode 100644
index 2ee015181aa2..000000000000
--- a/crypto/heimdal/appl/rcp/Makefile.in
+++ /dev/null
@@ -1,829 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 22281 2007-12-13 20:35:52Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common ChangeLog
-bin_PROGRAMS = rcp$(EXEEXT)
-subdir = appl/rcp
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)"
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-PROGRAMS = $(bin_PROGRAMS)
-am_rcp_OBJECTS = rcp.$(OBJEXT) util.$(OBJEXT)
-rcp_OBJECTS = $(am_rcp_OBJECTS)
-rcp_LDADD = $(LDADD)
-am__DEPENDENCIES_1 =
-rcp_DEPENDENCIES = $(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-SOURCES = $(rcp_SOURCES)
-DIST_SOURCES = $(rcp_SOURCES)
-man1dir = $(mandir)/man1
-MANS = $(man_MANS)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
-	$(INCLUDE_krb4)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-rcp_SOURCES = rcp.c util.c rcp_locl.h extern.h
-man_MANS = rcp.1
-EXTRA_DIST = $(man_MANS)
-LDADD = $(LIB_roken)
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps appl/rcp/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps appl/rcp/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(bindir)/$$f"; \
-	done
-
-clean-binPROGRAMS:
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-rcp$(EXEEXT): $(rcp_OBJECTS) $(rcp_DEPENDENCIES) 
-	@rm -f rcp$(EXEEXT)
-	$(LINK) $(rcp_OBJECTS) $(rcp_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-man1: $(man1_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)"
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    1*) ;; \
-	    *) ext='1' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \
-	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \
-	done
-uninstall-man1:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    1*) ;; \
-	    *) ext='1' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \
-	  rm -f "$(DESTDIR)$(man1dir)/$$inst"; \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-installdirs:
-	for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am: install-binPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man: install-man1
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-binPROGRAMS uninstall-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-uninstall-man: uninstall-man1
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
-	clean clean-binPROGRAMS clean-generic clean-libtool ctags \
-	dist-hook distclean distclean-compile distclean-generic \
-	distclean-libtool distclean-tags distdir dvi dvi-am html \
-	html-am info info-am install install-am install-binPROGRAMS \
-	install-data install-data-am install-data-hook install-dvi \
-	install-dvi-am install-exec install-exec-am install-exec-hook \
-	install-html install-html-am install-info install-info-am \
-	install-man install-man1 install-pdf install-pdf-am install-ps \
-	install-ps-am install-strip installcheck installcheck-am \
-	installdirs maintainer-clean maintainer-clean-generic \
-	mostlyclean mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \
-	uninstall-am uninstall-binPROGRAMS uninstall-hook \
-	uninstall-man uninstall-man1
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/rcp/extern.h b/crypto/heimdal/appl/rcp/extern.h
deleted file mode 100644
index a98456d305e2..000000000000
--- a/crypto/heimdal/appl/rcp/extern.h
+++ /dev/null
@@ -1,51 +0,0 @@
-/*-
- * Copyright (c) 1992, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)extern.h	8.1 (Berkeley) 5/31/93
- * $FreeBSD$
- */
-
-typedef struct {
-	int cnt;
-	char *buf;
-} BUF;
-
-extern int iamremote;
-
-BUF	*allocbuf (BUF *, int, int);
-char	*colon (char *);
-void	 lostconn (int);
-void	 nospace (void);
-int	 okname (char *);
-void	 run_err (const char *, ...);
-int	 susystem (char *, int);
-void	 verifydir (char *);
diff --git a/crypto/heimdal/appl/rcp/rcp.1 b/crypto/heimdal/appl/rcp/rcp.1
deleted file mode 100644
index 920a4f7d134e..000000000000
--- a/crypto/heimdal/appl/rcp/rcp.1
+++ /dev/null
@@ -1,67 +0,0 @@
-.\" $Id: rcp.1 12025 2003-04-16 12:20:43Z joda $
-.\"
-.Dd April 16, 2003
-.Dt RCP 1
-.Os HEIMDAL
-.Sh NAME
-.Nm rcp
-.Nd
-copy file to and from remote machines
-.Sh SYNOPSIS
-.Nm rcp
-.Op Fl 45FKpxz
-.Op Fl P Ar port
-.Ar file1 file2
-.Nm rcp
-.Op Fl 45FKprxz
-.Op Fl P Ar port
-.Ar file... directory
-.Sh DESCRIPTION
-.Nm rcp
-copies files between machines. Each file argument is either a remote file name of the form 
-.Dq rname@rhost:path
-or a local file (containing no colon or with a slash before the first
-colon).
-.Pp
-Supported options:
-.Bl -tag -width Ds
-.It Xo
-.Fl 4 , 
-.Fl 5 , 
-.Fl K , 
-.Fl F , 
-.Fl x , 
-.Fl z
-.Xc
-These options are passed on to
-.Xr rsh 1 .
-.It Fl P Ar port
-This will pass the option
-.Fl p Ar port
-to 
-.Xr rsh 1 .
-.It Fl p
-Preserve file permissions.
-.It Fl r
-Copy source directories recursively.
-.El
-.\".Sh ENVIRONMENT
-.\".Sh FILES
-.\".Sh EXAMPLES
-.Sh DIAGNOSTICS
-.Nm rcp
-is implemented as a protocol on top of
-.Xr rsh 1 ,
-and thus requires a working rsh. If you intend to use Kerberos
-authentication, rsh needs to be Kerberos aware, else you may see more
-or less strange errors, such as "login incorrect", or "lost
-connection".
-.\".Sh SEE ALSO
-.\".Sh STANDARDS
-.Sh HISTORY
-The 
-.Nm rcp
-utility first appeared in 4.2BSD. This version is derived from
-4.3BSD-Reno.
-.\".Sh AUTHORS
-.\".Sh BUGS
diff --git a/crypto/heimdal/appl/rcp/rcp.c b/crypto/heimdal/appl/rcp/rcp.c
deleted file mode 100644
index 9a138c784604..000000000000
--- a/crypto/heimdal/appl/rcp/rcp.c
+++ /dev/null
@@ -1,802 +0,0 @@
-/*
- * Copyright (c) 1983, 1990, 1992, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "rcp_locl.h"
-#include <getarg.h>
-
-#define RSH_PROGRAM "rsh"
-
-struct  passwd *pwd;
-uid_t	userid;
-int     errs, remin, remout;
-int     pflag, iamremote, iamrecursive, targetshouldbedirectory;
-int     doencrypt, noencrypt;
-int     usebroken, usekrb4, usekrb5, forwardtkt;
-char    *port;
-int     eflag = 0;
-
-#define	CMDNEEDS	64
-char cmd[CMDNEEDS];		/* must hold "rcp -r -p -d\0" */
-
-int	 response (void);
-void	 rsource (char *, struct stat *);
-void	 sink (int, char *[]);
-void	 source (int, char *[]);
-void	 tolocal (int, char *[]);
-void	 toremote (char *, int, char *[]);
-
-int      do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout);
-
-static int fflag, tflag;
-
-static int version_flag, help_flag;
-
-struct getargs args[] = {
-    { NULL,	'4', arg_flag,		&usekrb4,	"use Kerberos 4 authentication" },
-    { NULL,	'5', arg_flag,		&usekrb5,	"use Kerberos 5 authentication" },
-    { NULL,	'F', arg_flag,		&forwardtkt,	"forward credentials" },
-    { NULL,	'K', arg_flag,		&usebroken,	"use BSD authentication" },
-    { NULL,	'P', arg_string,	&port,		"non-default port", "port" },
-    { NULL,	'p', arg_flag,		&pflag,	"preserve file permissions" },
-    { NULL,	'r', arg_flag,		&iamrecursive,	"recursive mode" },
-    { NULL,	'x', arg_flag,		&doencrypt,	"use encryption" },
-    { NULL,	'z', arg_flag,		&noencrypt,	"don't encrypt" },
-    { NULL,	'd', arg_flag,		&targetshouldbedirectory },
-    { NULL,	'e', arg_flag,		&eflag, 	"passed to rsh" },
-    { NULL,	'f', arg_flag,		&fflag },
-    { NULL,	't', arg_flag,		&tflag },
-    { "version", 0,  arg_flag,		&version_flag },
-    { "help",	 0,  arg_flag,		&help_flag }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args) / sizeof(args[0]),
-		    NULL,
-		    "file1 file2|file... directory");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-	char *targ;
-	int optind = 0;
-
-	setprogname(argv[0]);
-	if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
-		    &optind))
-	    usage (1);
-	if(help_flag)
-	    usage(0);
-	if (version_flag) {
-	    print_version (NULL);
-	    return 0;
-	}
-	    
-	iamremote = (fflag || tflag);
-
-	argc -= optind;
-	argv += optind;
-
-	if ((pwd = getpwuid(userid = getuid())) == NULL)
-		errx(1, "unknown user %d", (int)userid);
-
-	remin = STDIN_FILENO;		/* XXX */
-	remout = STDOUT_FILENO;
-
-	if (fflag) {			/* Follow "protocol", send data. */
-		response();
-		if (setuid(userid) < 0)
-			errx(1, "setuid failed");
-		source(argc, argv);
-		exit(errs);
-	}
-
-	if (tflag) {			/* Receive data. */
-		if (setuid(userid) < 0)
-			errx(1, "setuid failed");
-		sink(argc, argv);
-		exit(errs);
-	}
-
-	if (argc < 2)
-	    usage(1);
-	if (argc > 2)
-		targetshouldbedirectory = 1;
-
-	remin = remout = -1;
-	/* Command to be executed on remote system using "rsh". */
-	snprintf(cmd, sizeof(cmd),
-		 "rcp%s%s%s", iamrecursive ? " -r" : "", 
-		 pflag ? " -p" : "", targetshouldbedirectory ? " -d" : "");
-
-	signal(SIGPIPE, lostconn);
-
-	if ((targ = colon(argv[argc - 1])))	/* Dest is remote host. */
-		toremote(targ, argc, argv);
-	else {
-		tolocal(argc, argv);		/* Dest is local host. */
-		if (targetshouldbedirectory)
-			verifydir(argv[argc - 1]);
-	}
-	exit(errs);
-}
-
-void
-toremote(char *targ, int argc, char **argv)
-{
-	int i;
-	char *bp, *host, *src, *suser, *thost, *tuser;
-
-	*targ++ = 0;
-	if (*targ == 0)
-		targ = ".";
-
-	if ((thost = strchr(argv[argc - 1], '@'))) {
-		/* user@host */
-		*thost++ = 0;
-		tuser = argv[argc - 1];
-		if (*tuser == '\0')
-			tuser = NULL;
-		else if (!okname(tuser))
-			exit(1);
-	} else {
-		thost = argv[argc - 1];
-		tuser = NULL;
-	}
-
-	for (i = 0; i < argc - 1; i++) {
-		src = colon(argv[i]);
-		if (src) {			/* remote to remote */
-			int ret;
-			*src++ = 0;
-			if (*src == 0)
-				src = ".";
-			host = strchr(argv[i], '@');
-			if (host) {
-				*host++ = '\0';
-				suser = argv[i];
-				if (*suser == '\0')
-					suser = pwd->pw_name;
-				else if (!okname(suser))
-					continue;
-				ret = asprintf(&bp,
-				    "%s%s %s -l %s -n %s %s '%s%s%s:%s'",
-					 _PATH_RSH, eflag ? " -e" : "", 
-					 host, suser, cmd, src,
-				    tuser ? tuser : "", tuser ? "@" : "",
-				    thost, targ);
-			} else {
-				ret = asprintf(&bp,
-					 "exec %s%s %s -n %s %s '%s%s%s:%s'",
-					 _PATH_RSH, eflag ? " -e" : "", 
-					 argv[i], cmd, src,
-					 tuser ? tuser : "", tuser ? "@" : "",
-					 thost, targ);
-			}
-			if (ret == -1)
-				err (1, "malloc");
-			susystem(bp, userid);
-			free(bp);
-		} else {			/* local to remote */
-			if (remin == -1) {
-				if (asprintf(&bp, "%s -t %s", cmd, targ) == -1)
-					err (1, "malloc");
-				host = thost;
-
-				if (do_cmd(host, tuser, bp, &remin, &remout) < 0)
-					exit(1);
-
-				if (response() < 0)
-					exit(1);
-				free(bp);
-				if (setuid(userid) < 0)
-					errx(1, "setuid failed");
-			}
-			source(1, argv+i);
-		}
-	}
-}
-
-void
-tolocal(int argc, char **argv)
-{
-	int i;
-	char *bp, *host, *src, *suser;
-
-	for (i = 0; i < argc - 1; i++) {
-		int ret;
-
-		if (!(src = colon(argv[i]))) {		/* Local to local. */
-			ret = asprintf(&bp, "exec %s%s%s %s %s", _PATH_CP,
-			    iamrecursive ? " -PR" : "", pflag ? " -p" : "",
-			    argv[i], argv[argc - 1]);
-			if (ret == -1)
-				err (1, "malloc");
-			if (susystem(bp, userid))
-				++errs;
-			free(bp);
-			continue;
-		}
-		*src++ = 0;
-		if (*src == 0)
-			src = ".";
-		if ((host = strchr(argv[i], '@')) == NULL) {
-			host = argv[i];
-			suser = pwd->pw_name;
-		} else {
-			*host++ = 0;
-			suser = argv[i];
-			if (*suser == '\0')
-				suser = pwd->pw_name;
-			else if (!okname(suser))
-				continue;
-		}
-		ret = asprintf(&bp, "%s -f %s", cmd, src);
-		if (ret == -1)
-			err (1, "malloc");
-		if (do_cmd(host, suser, bp, &remin, &remout) < 0) {
-			free(bp);
-			++errs;
-			continue;
-		}
-		free(bp);
-		sink(1, argv + argc - 1);
-		if (seteuid(0) < 0)
-			exit(1);
-		close(remin);
-		remin = remout = -1;
-	}
-}
-
-void
-source(int argc, char **argv)
-{
-	struct stat stb;
-	static BUF buffer;
-	BUF *bp;
-	off_t i;
-	int amt, fd, haderr, indx, result;
-	char *last, *name, buf[BUFSIZ];
-
-	for (indx = 0; indx < argc; ++indx) {
-                name = argv[indx];
-		if ((fd = open(name, O_RDONLY, 0)) < 0)
-			goto syserr;
-		if (fstat(fd, &stb)) {
-syserr:			run_err("%s: %s", name, strerror(errno));
-			goto next;
-		}
-		switch (stb.st_mode & S_IFMT) {
-		case S_IFREG:
-			break;
-		case S_IFDIR:
-			if (iamrecursive) {
-				rsource(name, &stb);
-				goto next;
-			}
-			/* FALLTHROUGH */
-		default:
-			run_err("%s: not a regular file", name);
-			goto next;
-		}
-		if ((last = strrchr(name, '/')) == NULL)
-			last = name;
-		else
-			++last;
-		if (pflag) {
-			/*
-			 * Make it compatible with possible future
-			 * versions expecting microseconds.
-			 */
-			snprintf(buf, sizeof(buf), "T%ld 0 %ld 0\n",
-			    (long)stb.st_mtime,
-			    (long)stb.st_atime);
-			write(remout, buf, strlen(buf));
-			if (response() < 0)
-				goto next;
-		}
-#undef MODEMASK
-#define	MODEMASK	(S_ISUID|S_ISGID|S_ISVTX|S_IRWXU|S_IRWXG|S_IRWXO)
-		snprintf(buf, sizeof(buf), "C%04o %lu %s\n",
-			 stb.st_mode & MODEMASK,
-			 (unsigned long)stb.st_size,
-			 last);
-		write(remout, buf, strlen(buf));
-		if (response() < 0)
-			goto next;
-		if ((bp = allocbuf(&buffer, fd, BUFSIZ)) == NULL) {
-next:			close(fd);
-			continue;
-		}
-
-		/* Keep writing after an error so that we stay sync'd up. */
-		for (haderr = i = 0; i < stb.st_size; i += bp->cnt) {
-			amt = bp->cnt;
-			if (i + amt > stb.st_size)
-				amt = stb.st_size - i;
-			if (!haderr) {
-				result = read(fd, bp->buf, amt);
-				if (result != amt)
-					haderr = result >= 0 ? EIO : errno;
-			}
-			if (haderr)
-				write(remout, bp->buf, amt);
-			else {
-				result = write(remout, bp->buf, amt);
-				if (result != amt)
-					haderr = result >= 0 ? EIO : errno;
-			}
-		}
-		if (close(fd) && !haderr)
-			haderr = errno;
-		if (!haderr)
-			write(remout, "", 1);
-		else
-			run_err("%s: %s", name, strerror(haderr));
-		response();
-	}
-}
-
-void
-rsource(char *name, struct stat *statp)
-{
-	DIR *dirp;
-	struct dirent *dp;
-	char *last, *vect[1], path[MAXPATHLEN];
-
-	if (!(dirp = opendir(name))) {
-		run_err("%s: %s", name, strerror(errno));
-		return;
-	}
-	last = strrchr(name, '/');
-	if (last == 0)
-		last = name;
-	else
-		last++;
-	if (pflag) {
-		snprintf(path, sizeof(path), "T%ld 0 %ld 0\n",
-		    (long)statp->st_mtime,
-		    (long)statp->st_atime);
-		write(remout, path, strlen(path));
-		if (response() < 0) {
-			closedir(dirp);
-			return;
-		}
-	}
-	snprintf(path, sizeof(path),
-	    "D%04o %d %s\n", statp->st_mode & MODEMASK, 0, last);
-	write(remout, path, strlen(path));
-	if (response() < 0) {
-		closedir(dirp);
-		return;
-	}
-	while ((dp = readdir(dirp))) {
-		if (dp->d_ino == 0)
-			continue;
-		if (!strcmp(dp->d_name, ".") || !strcmp(dp->d_name, ".."))
-			continue;
-		if (strlen(name) + 1 + strlen(dp->d_name) >= MAXPATHLEN - 1) {
-			run_err("%s/%s: name too long", name, dp->d_name);
-			continue;
-		}
-		snprintf(path, sizeof(path), "%s/%s", name, dp->d_name);
-		vect[0] = path;
-		source(1, vect);
-	}
-	closedir(dirp);
-	write(remout, "E\n", 2);
-	response();
-}
-
-void
-sink(int argc, char **argv)
-{
-	static BUF buffer;
-	struct stat stb;
-	struct timeval tv[2];
-	enum { YES, NO, DISPLAYED } wrerr;
-	BUF *bp;
-	off_t i, j, size;
-	int amt, count, exists, first, mask, mode, ofd, omode;
-	int setimes, targisdir, wrerrno = 0;
-	char ch, *cp, *np, *targ, *why, *vect[1], buf[BUFSIZ];
-
-#define	atime	tv[0]
-#define	mtime	tv[1]
-#define	SCREWUP(str)	{ why = str; goto screwup; }
-
-	setimes = targisdir = 0;
-	mask = umask(0);
-	if (!pflag)
-		umask(mask);
-	if (argc != 1) {
-		run_err("ambiguous target");
-		exit(1);
-	}
-	targ = *argv;
-	if (targetshouldbedirectory)
-		verifydir(targ);
-	write(remout, "", 1);
-	if (stat(targ, &stb) == 0 && S_ISDIR(stb.st_mode))
-		targisdir = 1;
-	for (first = 1;; first = 0) {
-		cp = buf;
-		if (read(remin, cp, 1) <= 0)
-			return;
-		if (*cp++ == '\n')
-			SCREWUP("unexpected <newline>");
-		do {
-			if (read(remin, &ch, sizeof(ch)) != sizeof(ch))
-				SCREWUP("lost connection");
-			*cp++ = ch;
-		} while (cp < &buf[BUFSIZ - 1] && ch != '\n');
-		*cp = 0;
-
-		if (buf[0] == '\01' || buf[0] == '\02') {
-			if (iamremote == 0)
-				write(STDERR_FILENO,
-				    buf + 1, strlen(buf + 1));
-			if (buf[0] == '\02')
-				exit(1);
-			++errs;
-			continue;
-		}
-		if (buf[0] == 'E') {
-			write(remout, "", 1);
-			return;
-		}
-
-		if (ch == '\n')
-			*--cp = 0;
-
-		cp = buf;
-		if (*cp == 'T') {
-			setimes++;
-			cp++;
-			mtime.tv_sec = strtol(cp, &cp, 10);
-			if (!cp || *cp++ != ' ')
-				SCREWUP("mtime.sec not delimited");
-			mtime.tv_usec = strtol(cp, &cp, 10);
-			if (!cp || *cp++ != ' ')
-				SCREWUP("mtime.usec not delimited");
-			atime.tv_sec = strtol(cp, &cp, 10);
-			if (!cp || *cp++ != ' ')
-				SCREWUP("atime.sec not delimited");
-			atime.tv_usec = strtol(cp, &cp, 10);
-			if (!cp || *cp++ != '\0')
-				SCREWUP("atime.usec not delimited");
-			write(remout, "", 1);
-			continue;
-		}
-		if (*cp != 'C' && *cp != 'D') {
-			/*
-			 * Check for the case "rcp remote:foo\* local:bar".
-			 * In this case, the line "No match." can be returned
-			 * by the shell before the rcp command on the remote is
-			 * executed so the ^Aerror_message convention isn't
-			 * followed.
-			 */
-			if (first) {
-				run_err("%s", cp);
-				exit(1);
-			}
-			SCREWUP("expected control record");
-		}
-		mode = 0;
-		for (++cp; cp < buf + 5; cp++) {
-			if (*cp < '0' || *cp > '7')
-				SCREWUP("bad mode");
-			mode = (mode << 3) | (*cp - '0');
-		}
-		if (*cp++ != ' ')
-			SCREWUP("mode not delimited");
-
-		for (size = 0; isdigit((unsigned char)*cp);)
-			size = size * 10 + (*cp++ - '0');
-		if (*cp++ != ' ')
-			SCREWUP("size not delimited");
-		if (targisdir) {
-			static char *namebuf;
-			static int cursize;
-			size_t need;
-
-			need = strlen(targ) + strlen(cp) + 250;
-			if (need > cursize) {
-				if (!(namebuf = malloc(need)))
-					run_err("%s", strerror(errno));
-			}
-			snprintf(namebuf, need, "%s%s%s", targ,
-			    *targ ? "/" : "", cp);
-			np = namebuf;
-		} else
-			np = targ;
-		exists = stat(np, &stb) == 0;
-		if (buf[0] == 'D') {
-			int mod_flag = pflag;
-			if (exists) {
-				if (!S_ISDIR(stb.st_mode)) {
-					errno = ENOTDIR;
-					goto bad;
-				}
-				if (pflag)
-					chmod(np, mode);
-			} else {
-				/* Handle copying from a read-only directory */
-				mod_flag = 1;
-				if (mkdir(np, mode | S_IRWXU) < 0)
-					goto bad;
-			}
-			vect[0] = np;
-			sink(1, vect);
-			if (setimes) {
-				setimes = 0;
-				if (utimes(np, tv) < 0)
-				    run_err("%s: set times: %s",
-					np, strerror(errno));
-			}
-			if (mod_flag)
-				chmod(np, mode);
-			continue;
-		}
-		omode = mode;
-		mode |= S_IWRITE;
-		if ((ofd = open(np, O_WRONLY|O_CREAT, mode)) < 0) {
-bad:			run_err("%s: %s", np, strerror(errno));
-			continue;
-		}
-		write(remout, "", 1);
-		if ((bp = allocbuf(&buffer, ofd, BUFSIZ)) == NULL) {
-			close(ofd);
-			continue;
-		}
-		cp = bp->buf;
-		wrerr = NO;
-		for (count = i = 0; i < size; i += BUFSIZ) {
-			amt = BUFSIZ;
-			if (i + amt > size)
-				amt = size - i;
-			count += amt;
-			if((j = net_read(remin, cp, amt)) != amt) {
-			    run_err("%s", j ? strerror(errno) :
-				    "dropped connection");
-			    exit(1);
-			}
-			amt -= j;
-			cp += j;
-			if (count == bp->cnt) {
-				/* Keep reading so we stay sync'd up. */
-				if (wrerr == NO) {
-					j = write(ofd, bp->buf, count);
-					if (j != count) {
-						wrerr = YES;
-						wrerrno = j >= 0 ? EIO : errno;
-					}
-				}
-				count = 0;
-				cp = bp->buf;
-			}
-		}
-		if (count != 0 && wrerr == NO &&
-		    (j = write(ofd, bp->buf, count)) != count) {
-			wrerr = YES;
-			wrerrno = j >= 0 ? EIO : errno;
-		}
-		if (ftruncate(ofd, size)) {
-			run_err("%s: truncate: %s", np, strerror(errno));
-			wrerr = DISPLAYED;
-		}
-		if (pflag) {
-			if (exists || omode != mode)
-				if (fchmod(ofd, omode))
-					run_err("%s: set mode: %s",
-					    np, strerror(errno));
-		} else {
-			if (!exists && omode != mode)
-				if (fchmod(ofd, omode & ~mask))
-					run_err("%s: set mode: %s",
-					    np, strerror(errno));
-		}
-		close(ofd);
-		response();
-		if (setimes && wrerr == NO) {
-			setimes = 0;
-			if (utimes(np, tv) < 0) {
-				run_err("%s: set times: %s",
-				    np, strerror(errno));
-				wrerr = DISPLAYED;
-			}
-		}
-		switch(wrerr) {
-		case YES:
-			run_err("%s: %s", np, strerror(wrerrno));
-			break;
-		case NO:
-			write(remout, "", 1);
-			break;
-		case DISPLAYED:
-			break;
-		}
-	}
-screwup:
-	run_err("protocol error: %s", why);
-	exit(1);
-}
-
-int
-response(void)
-{
-	char ch, *cp, resp, rbuf[BUFSIZ];
-
-	if (read(remin, &resp, sizeof(resp)) != sizeof(resp))
-		lostconn(0);
-
-	cp = rbuf;
-	switch(resp) {
-	case 0:				/* ok */
-		return (0);
-	default:
-		*cp++ = resp;
-		/* FALLTHROUGH */
-	case 1:				/* error, followed by error msg */
-	case 2:				/* fatal error, "" */
-		do {
-			if (read(remin, &ch, sizeof(ch)) != sizeof(ch))
-				lostconn(0);
-			*cp++ = ch;
-		} while (cp < &rbuf[BUFSIZ] && ch != '\n');
-
-		if (!iamremote)
-			write(STDERR_FILENO, rbuf, cp - rbuf);
-		++errs;
-		if (resp == 1)
-			return (-1);
-		exit(1);
-	}
-	/* NOTREACHED */
-}
-
-#include <stdarg.h>
-
-void
-run_err(const char *fmt, ...)
-{
-	static FILE *fp;
-	va_list ap;
-
-	++errs;
-	if (fp == NULL && !(fp = fdopen(remout, "w")))
-		return;
-	va_start(ap, fmt);
-	fprintf(fp, "%c", 0x01);
-	fprintf(fp, "rcp: ");
-	vfprintf(fp, fmt, ap);
-	fprintf(fp, "\n");
-	fflush(fp);
-	va_end(ap);
-
-	if (!iamremote) {
-	    va_start(ap, fmt);
-	    vwarnx(fmt, ap);
-	    va_end(ap);
-	}
-}
-
-/*
- * This function executes the given command as the specified user on the
- * given host.  This returns < 0 if execution fails, and >= 0 otherwise. This
- * assigns the input and output file descriptors on success.
- *
- * If it cannot create necessary pipes it exits with error message.
- */
-
-int 
-do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout)
-{
-	int pin[2], pout[2], reserved[2];
-
-	/*
-	 * Reserve two descriptors so that the real pipes won't get
-	 * descriptors 0 and 1 because that will screw up dup2 below.
-	 */
-	pipe(reserved);
-
-	/* Create a socket pair for communicating with rsh. */
-	if (pipe(pin) < 0) {
-		perror("pipe");
-		exit(255);
-	}
-	if (pipe(pout) < 0) {
-		perror("pipe");
-		exit(255);
-	}
-
-	/* Free the reserved descriptors. */
-	close(reserved[0]);
-	close(reserved[1]);
-
-	/* For a child to execute the command on the remote host using rsh. */
-	if (fork() == 0) {
-		char *args[100];
-		unsigned int i;
-
-		/* Child. */
-		close(pin[1]);
-		close(pout[0]);
-		dup2(pin[0], 0);
-		dup2(pout[1], 1);
-		close(pin[0]);
-		close(pout[1]);
-
-		i = 0;
-		args[i++] = RSH_PROGRAM;
-		if (usekrb4)
-			args[i++] = "-4";
-		if (usekrb5)
-			args[i++] = "-5";
-		if (usebroken)
-			args[i++] = "-K";
-		if (doencrypt)
-			args[i++] = "-x";
-		if (forwardtkt)
-			args[i++] = "-F";
-		if (noencrypt)
-			args[i++] = "-z";
-		if (port != NULL) {
-			args[i++] = "-p";
-			args[i++] = port;
-		}
-		if (eflag)
-		    args[i++] = "-e";
-		if (remuser != NULL) {
-			args[i++] = "-l";
-			args[i++] = remuser;
-		}
-		args[i++] = host;
-		args[i++] = cmd;
-		args[i++] = NULL;
-
-		execvp(RSH_PROGRAM, args);
-		perror(RSH_PROGRAM);
-		exit(1);
-	}
-	/* Parent.  Close the other side, and return the local side. */
-	close(pin[0]);
-	*fdout = pin[1];
-	close(pout[1]);
-	*fdin = pout[0];
-	return 0;
-}
diff --git a/crypto/heimdal/appl/rcp/rcp_locl.h b/crypto/heimdal/appl/rcp/rcp_locl.h
deleted file mode 100644
index 4dc6d5f8eb74..000000000000
--- a/crypto/heimdal/appl/rcp/rcp_locl.h
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * Copyright (c) 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: rcp_locl.h 15285 2005-05-29 18:24:43Z lha $ */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <sys/param.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/time.h>
-#include <sys/wait.h>
-
-#include <ctype.h>
-#include <dirent.h>
-#include <err.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <pwd.h>
-#include <signal.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <string.h>
-#include <unistd.h>
-
-#include <roken.h>
-
-#include "extern.h"
-
-#ifndef _PATH_CP
-#define	_PATH_CP	"/bin/cp"
-#endif
-#undef _PATH_RSH
-#define	_PATH_RSH	BINDIR "/rsh"
diff --git a/crypto/heimdal/appl/rcp/util.c b/crypto/heimdal/appl/rcp/util.c
deleted file mode 100644
index fe9e899ffc89..000000000000
--- a/crypto/heimdal/appl/rcp/util.c
+++ /dev/null
@@ -1,172 +0,0 @@
-/*-
- * Copyright (c) 1992, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#if 0
-#ifndef lint
-#if 0
-static char sccsid[] = "@(#)util.c	8.2 (Berkeley) 4/2/94";
-#endif
-static const char rcsid[] =
-  "$FreeBSD$";
-#endif /* not lint */
-#endif
-
-#include "rcp_locl.h"
-
-RCSID("$Id: util.c 17878 2006-08-08 21:43:58Z lha $");
-
-char *
-colon(cp)
-	char *cp;
-{
-	if (*cp == ':')		/* Leading colon is part of file name. */
-		return (0);
-
-	for (; *cp; ++cp) {
-		if (*cp == ':')
-			return (cp);
-		if (*cp == '/')
-			return (0);
-	}
-	return (0);
-}
-
-void
-verifydir(cp)
-	char *cp;
-{
-	struct stat stb;
-
-	if (!stat(cp, &stb)) {
-		if (S_ISDIR(stb.st_mode))
-			return;
-		errno = ENOTDIR;
-	}
-	run_err("%s: %s", cp, strerror(errno));
-	exit(1);
-}
-
-int
-okname(cp0)
-	char *cp0;
-{
-	int c;
-	unsigned char *cp;
-
-	cp = (unsigned char *)cp0;
-	do {
-		c = *cp;
-		if (c & 0200)
-			goto bad;
-		if (!isalpha(c) && !isdigit(c) && c != '_' && c != '-')
-			goto bad;
-	} while (*++cp);
-	return (1);
-
-bad:	warnx("%s: invalid user name", cp0);
-	return (0);
-}
-
-int
-susystem(s, userid)
-	int userid;
-	char *s;
-{
-	void (*istat)(int), (*qstat)(int);
-	int status;
-	pid_t pid;
-
-	pid = fork();
-	switch (pid) {
-	case -1:
-		return (127);
-
-	case 0:
-		if (setuid(userid) < 0)
-			_exit(127);
-		execl(_PATH_BSHELL, "sh", "-c", s, NULL);
-		_exit(127);
-	}
-	istat = signal(SIGINT, SIG_IGN);
-	qstat = signal(SIGQUIT, SIG_IGN);
-	if (waitpid(pid, &status, 0) < 0)
-		status = -1;
-	(void)signal(SIGINT, istat);
-	(void)signal(SIGQUIT, qstat);
-	return (status);
-}
-
-#ifndef roundup
-#define	roundup(x, y)	((((x)+((y)-1))/(y))*(y))
-#endif
-
-BUF *
-allocbuf(bp, fd, blksize)
-	BUF *bp;
-	int fd, blksize;
-{
-	struct stat stb;
-	size_t size;
-	char *p;
-
-	if (fstat(fd, &stb) < 0) {
-		run_err("fstat: %s", strerror(errno));
-		return (0);
-	}
-	size = roundup(stb.st_blksize, blksize);
-	if (size == 0)
-		size = blksize;
-	if (bp->cnt >= size)
-		return (bp);
-	if ((p = realloc(bp->buf, size)) == NULL) {
-		if (bp->buf)
-			free(bp->buf);
-		bp->buf = NULL;
-		bp->cnt = 0;
-		run_err("%s", strerror(errno));
-		return (0);
-	}
-	memset(p, 0, size);
-	bp->buf = p;
-	bp->cnt = size;
-	return (bp);
-}
-
-void
-lostconn(signo)
-	int signo;
-{
-	if (!iamremote)
-		warnx("lost connection");
-	exit(1);
-}
diff --git a/crypto/heimdal/appl/rsh/ChangeLog b/crypto/heimdal/appl/rsh/ChangeLog
deleted file mode 100644
index e78ff25a8aeb..000000000000
--- a/crypto/heimdal/appl/rsh/ChangeLog
+++ /dev/null
@@ -1,549 +0,0 @@
-2007-07-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* rsh.c: Fix pointer vs strict alias rules.
-
-	* rshd.c: Fix pointer vs strict alias rules.
-
-2007-01-04  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* rshd.c: Declare iruserok if needed, based on bug report from
-	David Love.
-	
-2006-11-14  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* rsh_locl.h: Forward decl.
-	
-2006-10-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* rsh_locl.h: Include "crypto-headers.h".
-	
-2006-10-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Add man_MANS to EXTRA_DIST
-	
-2006-04-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: rshd_SOURCES += add limits_conf.c
-
-	* rsh_locl.h: Include "loginpaths.h"
-
-	* rshd.c: Read limits from limits.confon non-root login, patch
-	from Daniel Ahlin
-	
-2006-02-27 Johan Danielsson <joda@pdc.kth.se>
-
-	* rshd.8: grammar (from Thomas Klausner)
-	
-2006-01-31  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rshd.c (krb5_start_session): syslog failures to store cred cache
-	
-2005-12-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* rshd.c (doit): move creation of users ticket file to later to
-	avoid seteuid/setuid dance. this breaks DCE, so remove support for
-	it completely.
-	
-2005-10-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* rshd.c: Check return value from asprintf instead of string !=
-	NULL since it undefined behavior on Linux. From Bj�rn Sandell
-
-	* rsh.c: Check return value from asprintf instead of string !=
-	NULL since it undefined behavior on Linux. From Bj�rn Sandell
-
-2005-06-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* rshd.c: init some important variables and check that they are
-	set checking authentication, all to please gcc
-
-2005-05-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* rshd.c: case uid_t to unsigned long in printf format
-	
-2005-04-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* rsh_locl.h: Use larger buffer for recving data to be compatible
-	with older versions of heimdal (0.4 branch specificly)
-
-	* rshd.c: Use larger buffer for recving data to be compatible with
-	older versions of heimdal (0.4 branch specificly)
-
-2005-04-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* rshd.c: use snprintf to format tkfile
-	
-2005-04-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* rsh.c: use strlcat
-
-	* rsh.c: use strlcpy
-
-	* rsh_locl.h: forward declaration for private structures
-
-2005-04-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* rsh.c: cast size_t to unsigned long
-
-2004-09-21  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rshd.c: rename loop to rshd_loop
-	
-	* rshd.c: pass errsock status to init_ivecs
-	
-	* rsh.c: rename loop() to rsh_loop()
-	
-	* rsh.c (loop): pass errsock status to init_ivecs
-	
-	* common.c (init_ivecs): if we don't have an errsock the ivecs
-	should point to the same data
-	
-	* rshd.c: if we don't have an errsock, dup stdout to stderr (this
-	would normally be done by inetd, but not by mini_inetd).
-	
-	* rshd.c: move keepalive setting to after setting up sockets
-	
-2004-02-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rsh.1: reorder and document some options
-
-	* rsh_locl.h: include kafs.h if krb4 || krb5
-
-	* rsh.c: reorder some options
-
-2003-09-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rsh.1: document -d
-
-2003-08-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rshd.c: -P also with KRB5
-	
-2003-04-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* rsh.1: replace > with \*[Gt]
-	
-2003-04-16  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rsh.c: use krb5_appdefault to get defaults for forward and
-	encrypt
-
-	* rshd.c: use ARG_MAX + 1
-
-	* rshd.c (read_str): return allocated string
-
-	* rsh_locl.h: set NCARGS to 8k if undefined
-
-2003-03-23  Assar Westerlund  <assar@kth.se>
-
-	* rsh.c (loop): only check errsock if it's valid
-
-2003-03-18  Love  Love H�rnquist �strand <lha@it.su.se>
-
-	* rshd.c: do krb5_afslog when compling with afs support
-
-	* rsh_locl.h: always include kafs.h
-	
-2002-11-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rshd.8: clarify -x and kerberos 5
-
-2002-11-01  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rsh_locl.h: bump COMMAND_SZ to NCARGS+1
-
-2002-09-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rsh.c: free some memory
-
-2002-09-04  Assar Westerlund  <assar@kth.se>
-
-	* common.c: krb5_crypto_block_size -> krb5_crypto_getblocksize
-
-2002-09-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rsh.1: document -P
-
-2002-09-03  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rsh.c: revert to protocol v1 if not asked for specific protocol
-
-	* rshd.c: handle protocol version 2
-
-	* rsh.c: handle protocol version 2
-
-	* common.c: handle protocol version 2
-
-	* rsh_locl.h: handle protocol version 2
-
-2002-02-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rshd.c: don't show options that doesn't apply
-
-	* rsh.c: don't show options that doesn't apply
-
-	* rsh_locl.h: if we're not building with any kerberos support,
-	just call read/write directly
-
-	* common.c: if we're not building with any kerberos support, just
-	call read/write directly
-
-	* rshd.c: make this build without krb5; also use the addrinfo
-	interface to mini_inetd, and set the keepalive option if requested
-
-	* rsh.c: make this build without krb5
-
-	* rsh_locl.h: make this build without krb5
-
-	* common.c: make this build without krb5
-
-2001-11-30  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rshd.c: make the syslog messages somewhat more informative
-
-2001-08-15  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rsh.c: only complain about encryption flag when old
-	authentication is requested
-
-2001-08-07  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rsh.c: don't try broken auth if rresvport failed; try to give
-	some more informative error messages
-
-2001-07-31  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rshd.8: add an EXAMPLE
-	* rshd.8: manual page
-	* rshd.c: add some compat flags
-	* rsh.1: manual page
-	* rsh.c: iff -d, set the SO_DEBUG flags of the stdout and stderr
-	socket; implement parsing user@host
-
-2001-07-19  Assar Westerlund  <assar@sics.se>
-
-	* rshd.c (fatal): use vsnprintf correctly
-
-2001-02-07  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: add login_access
-	* rshd.c (login_access): add prototype
-	(syslog_and_die, fatal): add printf attributes
-	(*): AIX -> _AIX
-	(doit): use login_access
-	based on patches from Ake Sandgren <ake@cs.umu.se>
-
-2001-01-09  Assar Westerlund  <assar@sics.se>
-
-	* rshd.c (save_krb5_creds): use krb5_rd_cred2 instead of
-	krb5_rd_cred
-
-2000-12-31  Assar Westerlund  <assar@sics.se>
-
-	* rshd.c (main): handle krb5_init_context failure consistently
-	* rsh.c (main): handle krb5_init_context failure consistently
-
-2000-12-05  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rshd.c: require encryption if passed -x
-
-2000-11-15  Assar Westerlund  <assar@sics.se>
-
-	* rshd.c (loop): check that the fd's aren't too large to select on
-	* rsh.c (loop, proto): check that the fd's aren't too large to
-	select on
-
-2000-08-10  Assar Westerlund  <assar@sics.se>
-
-	* rsh.c: move code to do config/command parsing correctly.
-
-2000-08-09  Assar Westerlund  <assar@sics.se>
-
-	* rsh.c (main): only fetch stuff from krb5.conf when no option has
-	been given
-
-2000-08-01  Assar Westerlund  <assar@sics.se>
-
-	* rsh.c (doit): loop until we create an error socket of an
-	supported socket family
-
-2000-07-02  Assar Westerlund  <assar@sics.se>
-
-	* rshd.c: DCE stuff from Ake Sandgren <ake@cs.umu.se>
-	do not call syslog with a variable as format string
-
-	* rsh_locl.h (_PATH_ETC_ENVIRONMENT): add
-
-2000-06-09  Assar Westerlund  <assar@sics.se>
-
-	* rsh.c (main): work-around for setuid and capabilities bug fixed
-	in Linux 2.2.16
-
-2000-06-06  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rsh.c: nuke long option from -z
-	
-	* rsh.c: don't try to encrypt if auth is broken (Daniel Kouril)
-	
-2000-06-03  Assar Westerlund  <assar@sics.se>
-
-	* rshd.c (doit): check return value of getspnam.  From
-	<haba@pdc.kth.se>
-
-2000-05-23  Assar Westerlund  <assar@sics.se>
-
-	* rsh.c (proto): select on the normal socket when waiting for the
-	daemon to connect back to the stderr port, so that we discover
-	when data arrives there before.  when that happens, we assume that
-	the daemon did not manage to connect (because of NAT/whatever) and
-	continue as if `-e' was given
-	* rshd.c (doit): if we fail to connect back to the stderr port,
-	act as if `-e' was given on the client side, i.e. without the
-	special TCP-connection.  This tries to make things better when
-	running the head against a NAT wall, for example.
-
-2000-02-07  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (LDADD): make sure we use the heimdal libdes
-
-2000-02-06  Assar Westerlund  <assar@sics.se>
-
-	* *: conditionalize des stuff on KRB4
-
-1999-12-16  Assar Westerlund  <assar@sics.se>
-
-	* rsh.c (doit): addrinfo returned from getaddrinfo() is not usable
-	directly as hints.  copy it and set AI_PASSIVE.
-
-1999-11-20  Assar Westerlund  <assar@sics.se>
-
-	* rsh.c (main): remember to close the priviledged sockets before
- 	calling rlogin
-
-1999-11-02  Assar Westerlund  <assar@sics.se>
-
-	* rsh.c (main): redo the v4/v5 selection for consistency.  -4 ->
- 	try only v4 -5 -> try only v5 none, -45 -> try v5, v4
-
-1999-10-26  Assar Westerlund  <assar@sics.se>
-
-	* rshd.c (main): ignore SIGPIPE
-
-	* common.c (do_read): the encoded length can be longer than the
- 	buffer being used, allocate memory for it dynamically.  From Brian
- 	A May <bmay@dgs.monash.edu.au>
-
-1999-10-14  Assar Westerlund  <assar@sics.se>
-
-	* rsh.c (proto): be more careful and don't print errno when read()
- 	returns 0
-
-1999-09-20  Assar Westerlund  <assar@sics.se>
-
-	* rshd.c (recv_krb4_auth): set `iv'
-
-1999-08-16  Assar Westerlund  <assar@sics.se>
-
-	* common.c (do_read): be careful with the return value from
- 	krb5_net_read
-
-1999-08-05  Assar Westerlund  <assar@sics.se>
-
-	* rsh.c: call freehostent
-
-	* rsh.c: remove some dead code
-
-1999-08-04  Assar Westerlund  <assar@sics.se>
-
-	* rshd.c: re-write the handling of forwarded credentials and
- 	stuff.  From Miroslav Ruda <ruda@ics.muni.cz>
-
-	* rsh_locl.h: always include kafs.h
-
-	* rsh.c: add `-z' and `-G' options
-
-	* rsh.c (loop): shutdown one side of the TCP connection on EOF.
-  	From Brian A May <bmay@dgs.monash.edu.au>
-
-	* common.c (do_read): handle EOF.  From Brian A May
- 	<bmay@dgs.monash.edu.au>
-
-1999-08-01  Assar Westerlund  <assar@sics.se>
-
-	* rsh.c: const fixes
-
-1999-07-29  Assar Westerlund  <assar@sics.se>
-
-	* rshd.c: v6-ify
-
-	* rsh.c: v6-ify
-
-1999-07-28  Assar Westerlund  <assar@sics.se>
-
-	* rsh_locl.h: move around kafs.h
-
-1999-07-24  Assar Westerlund  <assar@sics.se>
-
-	* rsh_locl.h: <shadow.h>
-
-	* rsh.c, rshd.c: improve forwarding and implement unique ccache on
- 	server.  From Miroslav Ruda <ruda@ics.muni.cz>
-
-1999-07-03  Assar Westerlund  <assar@sics.se>
-
-	* rsh.c (construct_command): handle argc == 0 for generality
-
-1999-06-23  Assar Westerlund  <assar@sics.se>
-
-	* rsh.c: new option `-e' for not trying to open an stderr socket
-
-1999-06-17  Assar Westerlund  <assar@sics.se>
-
-	* rsh_locl.h (RSH_BUFSIZ): bump to 16 * 1024 to be sure that we
- 	don't leave any data inside des_enc_read.  (that constant should
- 	really be exported in some way...)
-
-1999-06-15  Assar Westerlund  <assar@sics.se>
-
-	* rsh.c: use get_default_username and resulting const pollution
-
-1999-05-21  Assar Westerlund  <assar@sics.se>
-
-	* rsh.c (main): try $USERNAME
-
-1999-05-14  Assar Westerlund  <assar@sics.se>
-
-	* rshd.c (doit): afslog correctly
-
-1999-05-11  Assar Westerlund  <assar@sics.se>
-
-	* rsh.c (main): add fallback to rlogin
-
-1999-05-10  Assar Westerlund  <assar@sics.se>
-
-	* rsh.c (send_krb5_auth): call krb5_sendauth with ccache == NULL.
-	check return value from krb5_crypto_init
-	
-	* common.c (do_write, do_read): always return -1 for failure
-	(net_write, net_read): remove.  they already exist in libroken
-
-1999-05-09  Assar Westerlund  <assar@sics.se>
-
-	* rsh.c: make sure it tries with all other authentication methods
-	after one has failed
-	* rsh.c (main): detect the case of no command given.
-	
-1999-04-11  Assar Westerlund  <assar@sics.se>
-
-	* rsh.c: new option --forwardable. use print_version
-	
-Sat Apr 10 17:10:55 1999  Assar Westerlund  <assar@sics.se>
-
-	* rshd.c (setup_copier): use `socketpair' instead of `pipe'.  Some
- 	shells don't think it's a rsh session if they find a pipe at the
- 	other end.
-	(setup_environment): add SSH_CLIENT just to make bash happy
-
-	* common.c (do_read): use krb5_get_wrapped_length
-
-Wed Mar 24 03:59:42 1999  Assar Westerlund  <assar@sics.se>
-
-	* rsh.c (loop): more braces to make gcc happy
-
-Tue Mar 23 17:08:32 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* rsh_locl.h: kafs.h
-
-	* rshd.c: add `-P', `-v', and `-L' flags
-
-Thu Mar 18 11:37:24 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: include Makefile.am.common
-
-Tue Dec  1 14:44:44 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* appl/rsh/rshd.c: update to new crypto framework
-
-	* appl/rsh/rsh_locl.h: update to new crypto framework
-
-	* appl/rsh/rsh.c: update to new crypto framework
-
-	* appl/rsh/common.c: update to new crypto framework
-
-Mon Nov  2 01:15:06 1998  Assar Westerlund  <assar@sics.se>
-
-	* appl/rsh/rsh.c (main): initialize host
-
-	* appl/rsh/rshd.c (recv_krb5_auth): disable `do_encrypt' if not
- 	encrypting.
-
-Thu Jul 30 23:12:17 1998  Assar Westerlund  <assar@sics.se>
-
-	* appl/rsh/rsh.c: kludges for parsing `rsh hostname -l user'
-
-Thu Jul 23 19:49:03 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* appl/rsh/rshd.c: use krb5_verify_authenticator_checksum
-
-Sat Apr 18 21:13:06 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* appl/rsh/rsh.c: Don't try v5 if (only) `-4' is specified.
-
-Sun Dec 21 09:44:05 1997  Assar Westerlund  <assar@sics.se>
-
-	* appl/rsh/rshd.c (recv_krb5_auth): swap the order of the
- 	`local_user' and the `remote_user'
-
-	* appl/rsh/rsh.c (send_krb5_auth): swap the order of the
- 	`local_user' and the `remote_user'
-
-Sat Nov 29 07:10:11 1997  Assar Westerlund  <assar@sics.se>
-
-	* appl/rsh/rshd.c: updated to use getarg.
-	changed `struct fd_set' to `fd_set'.
-	implemented broken/BSD authentication (requires iruserok)
-
-Wed Nov 12 02:35:57 1997  Assar Westerlund  <assar@sics.se>
-
-	* appl/rsh/rsh_locl.h: add AUTH_BROKEN and PATH_RSH
-
-	* appl/rsh/Makefile.am: set BINDIR
-
-	* appl/rsh/rsh.c: implemented BSD-style reserved port
- 	`authentication'
-
-Sun Aug 24 08:06:54 1997  Assar Westerlund  <assar@sics.se>
-
-	* appl/rsh/rshd.c: syslog remote shells
-
-Tue Aug 12 01:29:46 1997  Assar Westerlund  <assar@sics.se>
-
-	* appl/rshd/rshd.c: Use `krb5_sock_to_principal'.  Send server
- 	parameter to krb5_rd_req/krb5_recvauth.  Set addresses in
- 	auth_context.
-
-Fri Jul 25 17:32:12 1997  Assar Westerlund  <assar@sics.se>
-
-	* appl/rsh/rshd.c: implement forwarding
-
-	* appl/rsh/rsh.c: Use getarg.  Implement forwarding.
-
-Sun Jul 13 00:32:16 1997  Assar Westerlund  <assar@sics.se>
-
-	* appl/rsh: Conditionalize the krb4-support.
-
-Wed Jul  9 06:58:00 1997  Assar Westerlund  <assar@sics.se>
-
-	* appl/rsh/rsh.c: use the correct user for the checksum
-
-Mon Jul  7 11:15:51 1997  Assar Westerlund  <assar@sics.se>
-
-	* appl/rsh/rshd.c: Now works.  Also implementd encryption and
- 	`-p'.
-	
-	* appl/rsh/common.c: new file
-
-Mon Jun 30 06:08:14 1997  Assar Westerlund  <assar@sics.se>
-
-	* appl/rsh: New program.
-
diff --git a/crypto/heimdal/appl/rsh/Makefile.am b/crypto/heimdal/appl/rsh/Makefile.am
deleted file mode 100644
index 6377e02c7127..000000000000
--- a/crypto/heimdal/appl/rsh/Makefile.am
+++ /dev/null
@@ -1,29 +0,0 @@
-# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-AM_CPPFLAGS += $(INCLUDE_krb4) -I$(srcdir)/../login
-
-bin_PROGRAMS = rsh
-
-man_MANS = rsh.1 rshd.8
-
-libexec_PROGRAMS = rshd
-
-rsh_SOURCES  = rsh.c common.c rsh_locl.h
-
-rshd_SOURCES = rshd.c common.c login_access.c limits_conf.c rsh_locl.h
-
-login_access.c:
-	$(LN_S) $(srcdir)/../login/login_access.c .
-
-limits_conf.c:
-	$(LN_S) $(srcdir)/../login/limits_conf.c .
-
-LDADD = $(LIB_kafs) \
-	$(LIB_krb5) \
-	$(LIB_krb4) \
-	$(LIB_hcrypto) \
-	$(LIB_roken)
-
-EXTRA_DIST = $(man_MANS)
diff --git a/crypto/heimdal/appl/rsh/Makefile.in b/crypto/heimdal/appl/rsh/Makefile.in
deleted file mode 100644
index 6c7651c65fdf..000000000000
--- a/crypto/heimdal/appl/rsh/Makefile.in
+++ /dev/null
@@ -1,936 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common ChangeLog
-bin_PROGRAMS = rsh$(EXEEXT)
-libexec_PROGRAMS = rshd$(EXEEXT)
-subdir = appl/rsh
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" \
-	"$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)"
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS)
-am_rsh_OBJECTS = rsh.$(OBJEXT) common.$(OBJEXT)
-rsh_OBJECTS = $(am_rsh_OBJECTS)
-rsh_LDADD = $(LDADD)
-am__DEPENDENCIES_1 =
-am__DEPENDENCIES_2 = $(top_builddir)/lib/kafs/libkafs.la \
-	$(am__DEPENDENCIES_1)
-rsh_DEPENDENCIES = $(am__DEPENDENCIES_2) $(LIB_krb5) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1)
-am_rshd_OBJECTS = rshd.$(OBJEXT) common.$(OBJEXT) \
-	login_access.$(OBJEXT) limits_conf.$(OBJEXT)
-rshd_OBJECTS = $(am_rshd_OBJECTS)
-rshd_LDADD = $(LDADD)
-rshd_DEPENDENCIES = $(am__DEPENDENCIES_2) $(LIB_krb5) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-SOURCES = $(rsh_SOURCES) $(rshd_SOURCES)
-DIST_SOURCES = $(rsh_SOURCES) $(rshd_SOURCES)
-man1dir = $(mandir)/man1
-man8dir = $(mandir)/man8
-MANS = $(man_MANS)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
-	$(INCLUDE_krb4) -I$(srcdir)/../login
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-man_MANS = rsh.1 rshd.8
-rsh_SOURCES = rsh.c common.c rsh_locl.h
-rshd_SOURCES = rshd.c common.c login_access.c limits_conf.c rsh_locl.h
-LDADD = $(LIB_kafs) \
-	$(LIB_krb5) \
-	$(LIB_krb4) \
-	$(LIB_hcrypto) \
-	$(LIB_roken)
-
-EXTRA_DIST = $(man_MANS)
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps appl/rsh/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps appl/rsh/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(bindir)/$$f"; \
-	done
-
-clean-binPROGRAMS:
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-install-libexecPROGRAMS: $(libexec_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)"
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(libexecdir)/$$f'"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(libexecdir)/$$f" || exit 1; \
-	  else :; fi; \
-	done
-
-uninstall-libexecPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f '$(DESTDIR)$(libexecdir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(libexecdir)/$$f"; \
-	done
-
-clean-libexecPROGRAMS:
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-rsh$(EXEEXT): $(rsh_OBJECTS) $(rsh_DEPENDENCIES) 
-	@rm -f rsh$(EXEEXT)
-	$(LINK) $(rsh_OBJECTS) $(rsh_LDADD) $(LIBS)
-rshd$(EXEEXT): $(rshd_OBJECTS) $(rshd_DEPENDENCIES) 
-	@rm -f rshd$(EXEEXT)
-	$(LINK) $(rshd_OBJECTS) $(rshd_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-man1: $(man1_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)"
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    1*) ;; \
-	    *) ext='1' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \
-	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \
-	done
-uninstall-man1:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    1*) ;; \
-	    *) ext='1' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \
-	  rm -f "$(DESTDIR)$(man1dir)/$$inst"; \
-	done
-install-man8: $(man8_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    8*) ;; \
-	    *) ext='8' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
-	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
-	done
-uninstall-man8:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    8*) ;; \
-	    *) ext='8' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
-	  rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-installdirs:
-	for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
-	clean-libtool mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am: install-binPROGRAMS install-libexecPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man: install-man1 install-man8
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-binPROGRAMS uninstall-libexecPROGRAMS \
-	uninstall-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-uninstall-man: uninstall-man1 uninstall-man8
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
-	clean clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
-	clean-libtool ctags dist-hook distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-binPROGRAMS install-data install-data-am \
-	install-data-hook install-dvi install-dvi-am install-exec \
-	install-exec-am install-exec-hook install-html install-html-am \
-	install-info install-info-am install-libexecPROGRAMS \
-	install-man install-man1 install-man8 install-pdf \
-	install-pdf-am install-ps install-ps-am install-strip \
-	installcheck installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-binPROGRAMS \
-	uninstall-hook uninstall-libexecPROGRAMS uninstall-man \
-	uninstall-man1 uninstall-man8
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-login_access.c:
-	$(LN_S) $(srcdir)/../login/login_access.c .
-
-limits_conf.c:
-	$(LN_S) $(srcdir)/../login/limits_conf.c .
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/rsh/common.c b/crypto/heimdal/appl/rsh/common.c
deleted file mode 100644
index 84311b00e188..000000000000
--- a/crypto/heimdal/appl/rsh/common.c
+++ /dev/null
@@ -1,180 +0,0 @@
-/*
- * Copyright (c) 1997-2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "rsh_locl.h"
-RCSID("$Id: common.c 17450 2006-05-05 11:11:43Z lha $");
-
-#if defined(KRB4) || defined(KRB5)
-
-#ifdef KRB5
-int key_usage = 1026;
-
-void *ivec_in[2];
-void *ivec_out[2];
-
-void
-init_ivecs(int client, int have_errsock)
-{
-    size_t blocksize;
-
-    krb5_crypto_getblocksize(context, crypto, &blocksize);
-
-    ivec_in[0] = malloc(blocksize);
-    memset(ivec_in[0], client, blocksize);
-
-    if(have_errsock) {
-	ivec_in[1] = malloc(blocksize);
-	memset(ivec_in[1], 2 | client, blocksize);
-    } else
-	ivec_in[1] = ivec_in[0];
-
-    ivec_out[0] = malloc(blocksize);
-    memset(ivec_out[0], !client, blocksize);
-
-    if(have_errsock) {
-	ivec_out[1] = malloc(blocksize);
-	memset(ivec_out[1], 2 | !client, blocksize);
-    } else
-	ivec_out[1] = ivec_out[0];
-}
-#endif
-
-
-ssize_t
-do_read (int fd, void *buf, size_t sz, void *ivec)
-{
-    if (do_encrypt) {
-#ifdef KRB4
-	if (auth_method == AUTH_KRB4) {
-	    return des_enc_read (fd, buf, sz, schedule, &iv);
-	} else
-#endif /* KRB4 */
-#ifdef KRB5
-        if(auth_method == AUTH_KRB5) {
-	    krb5_error_code ret;
-	    uint32_t len, outer_len;
-	    int status;
-	    krb5_data data;
-	    void *edata;
-
-	    ret = krb5_net_read (context, &fd, &len, 4);
-	    if (ret <= 0)
-		return ret;
-	    len = ntohl(len);
-	    if (len > sz)
-		abort ();
-	    /* ivec will be non null for protocol version 2 */
-	    if(ivec != NULL)
-		outer_len = krb5_get_wrapped_length (context, crypto, len + 4);
-	    else
-		outer_len = krb5_get_wrapped_length (context, crypto, len);
-	    edata = malloc (outer_len);
-	    if (edata == NULL)
-		errx (1, "malloc: cannot allocate %u bytes", outer_len);
-	    ret = krb5_net_read (context, &fd, edata, outer_len);
-	    if (ret <= 0)
-		return ret;
-
-	    status = krb5_decrypt_ivec(context, crypto, key_usage, 
-				       edata, outer_len, &data, ivec);
-	    free (edata);
-	    
-	    if (status)
-		krb5_err (context, 1, status, "decrypting data");
-	    if(ivec != NULL) {
-		unsigned long l;
-		if(data.length < len + 4)
-		    errx (1, "data received is too short");
-		_krb5_get_int(data.data, &l, 4);
-		if(l != len)
-		    errx (1, "inconsistency in received data");
-		memcpy (buf, (unsigned char *)data.data+4, len);
-	    } else
-		memcpy (buf, data.data, len);
-	    krb5_data_free (&data);
-	    return len;
-	} else
-#endif /* KRB5 */
-	    abort ();
-    } else
-	return read (fd, buf, sz);
-}
-
-ssize_t
-do_write (int fd, void *buf, size_t sz, void *ivec)
-{
-    if (do_encrypt) {
-#ifdef KRB4
-	if(auth_method == AUTH_KRB4) {
-	    return des_enc_write (fd, buf, sz, schedule, &iv);
-	} else
-#endif /* KRB4 */
-#ifdef KRB5
-	if(auth_method == AUTH_KRB5) {
-	    krb5_error_code status;
-	    krb5_data data;
-	    unsigned char len[4];
-	    int ret;
-
-	    _krb5_put_int(len, sz, 4);
-	    if(ivec != NULL) {
-		unsigned char *tmp = malloc(sz + 4);
-		if(tmp == NULL)
-		    err(1, "malloc");
-		_krb5_put_int(tmp, sz, 4);
-		memcpy(tmp + 4, buf, sz);
-		status = krb5_encrypt_ivec(context, crypto, key_usage,
-					   tmp, sz + 4, &data, ivec);
-		free(tmp);
-	    } else
-		status = krb5_encrypt_ivec(context, crypto, key_usage,
-					   buf, sz, &data, ivec);
-
-	    if (status)
-		krb5_err(context, 1, status, "encrypting data");
-
-	    ret = krb5_net_write (context, &fd, len, 4);
-	    if (ret != 4)
-		return ret;
-	    ret = krb5_net_write (context, &fd, data.data, data.length);
-	    if (ret != data.length)
-		return ret;
-	    free (data.data);
-	    return sz;
-	} else
-#endif /* KRB5 */
-	    abort();
-    } else
-	return write (fd, buf, sz);
-}
-#endif /* KRB4 || KRB5 */
diff --git a/crypto/heimdal/appl/rsh/limits_conf.c b/crypto/heimdal/appl/rsh/limits_conf.c
deleted file mode 100644
index ac9837f1406b..000000000000
--- a/crypto/heimdal/appl/rsh/limits_conf.c
+++ /dev/null
@@ -1,214 +0,0 @@
-/*
- * Copyright (c) 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "login_locl.h"
-
-RCSID("$Id: limits_conf.c 19215 2006-12-04 23:41:18Z lha $");
-
-#include <errno.h>
-#include <limits.h>
-#ifdef HAVE_SYS_RESOURCE_H
-#include <sys/resource.h>
-#endif
-
-struct limit {
-    const char *name;
-    int resource;
-    int scale;
-    int has_limit;
-    struct rlimit limit;
-} limits[] = {
-#define LIM(X, S) { #X, RLIMIT_##X, S, 0 }
-    LIM(CORE, 1024),
-    LIM(CPU, 60),
-    LIM(DATA, 1024),
-    LIM(FSIZE, 1024),
-#ifdef RLIMIT_MEMLOCK
-    LIM(MEMLOCK, 1024),
-#endif
-    LIM(NOFILE, 1),
-#ifdef RLIMIT_NPROC
-    LIM(NPROC, 1),
-#endif
-#ifdef RLIMIT_RSS
-    LIM(RSS, 1024),
-#endif
-    LIM(STACK, 1024),
-
-#ifdef RLIMIT_AS
-    LIM(AS, 1024),
-#endif
-#ifdef RLIMIT_LOCKS
-    LIM(LOCKS, 1),
-#endif
-    /*
-      maxlogins
-      priority
-    */
-    { NULL, 0 }
-};
-
-static struct limit *
-find_limit(const char *name)
-{
-    struct limit *l;
-    for(l = limits; l->name != NULL; l++)
-	if(strcasecmp(name, l->name) == 0)
-	    return l;
-    return NULL;
-}
-
-/* this function reads limits.conf files similar to pam_limits
-   unimplemented features include:
-   	% maxlogins
-	"-" no limits, 
-	priorities etc that are not set via setrlimit
-   XXX uses static storage, and clobbers getgr*
-*/
-
-int
-read_limits_conf(const char *file, const struct passwd *pwd)
-{
-    FILE *f;
-    char *args[4];
-    int lineno = 0;
-    char buf[1024];
-    struct limit *l;
-    rlim_t value;
-
-    f = fopen(file, "r");
-    if(f == NULL) {
-	if(errno != ENOENT && errno != ENOTDIR)
-	    syslog(LOG_ERR, "%s: %m", file);
-	return -1;
-    }
-
-    while(fgets(buf, sizeof(buf), f) != NULL) {
-	char *last = NULL;
-	char *end = NULL;
-	int level;
-
-	lineno++;
-
-	if(buf[0] == '\0') {
-	    syslog(LOG_ERR, "%s: line %d: NUL character", file, lineno);
-	    continue;
-	}
-	if(buf[strlen(buf) - 1] != '\n') {
-	    /* file did not end with a newline, figure out if we're at
-               the EOF, or if our buffer was too small */
-	    int eof = 1;
-	    int c;
-	    while((c = fgetc(f)) != EOF) {
-		eof = 0;
-		if(c == '\n') 
-		    break;
-	    }
-	    if(!eof) {
-		syslog(LOG_ERR, "%s: line %d: line too long", file, lineno);
-		continue;
-	    }
-	}
-	buf[strcspn(buf, "#\r\n")] = '\0';
-	if((args[0] = strtok_r(buf, " \t", &last)) == NULL ||
-	   (args[1] = strtok_r(NULL, " \t", &last)) == NULL ||
-	   (args[2] = strtok_r(NULL, " \t", &last)) == NULL ||
-	   (args[3] = strtok_r(NULL, " \t", &last)) == NULL) {
-	    if(args[0] != NULL) /* this would include comment lines */
-		syslog(LOG_ERR, "%s: line %d: malformed line", file, lineno);
-	    continue;
-	}
-
-	l = find_limit(args[2]);
-	if(l == NULL) {
-	    syslog(LOG_ERR, "%s: line %d: unknown limit %s", file, lineno, args[2]);
-	    continue;
-	}
-	if(strcmp(args[3], "-") == 0) {
-	    value = RLIM_INFINITY;
-	} else {
-	    errno = 0;
-	    value = strtol(args[3], &end, 10);
-	    if(*end != '\0') {
-		syslog(LOG_ERR, "%s: line %d: bad value %s", file, lineno, args[3]);
-		continue;
-	    }
-	    if((value == LONG_MIN || value == LONG_MAX) && errno == ERANGE) {
-		syslog(LOG_ERR, "%s: line %d: bad value %s", file, lineno, args[3]);
-		continue;
-	    }
-	    if(value * l->scale < value)
-		value = RLIM_INFINITY;
-	    else
-		value *= l->scale;
-	}
-	level = 0;
-	/* XXX unclear: if you set group hard and user soft limit,
-           should the hard limit still apply? this code doesn't. */
-	if(strcmp(args[0], pwd->pw_name) == 0)
-	    level = 3;
-	if(*args[0] == '@') {
-	    struct group *gr;
-	    gr = getgrnam(args[0] + 1);
-	    if(gr != NULL && gr->gr_gid == pwd->pw_gid)
-		level = 2;
-	}
-	if(strcmp(args[0], "*") == 0)
-	    level = 1;
-	if(level == 0 || level < l->has_limit) /* not for us */
-	    continue;
-	if(l->has_limit < level) {
-	    if(getrlimit(l->resource, &l->limit) < 0)
-		continue;
-	    l->has_limit = level;
-	}
-	
-	/* XXX unclear: if you soft to more than default hard, should
-           we set hard to soft? this code doesn't. */
-	if(strcasecmp(args[1], "soft") == 0 || strcmp(args[1], "-") == 0)
-	    l->limit.rlim_cur = value;
-	if(strcasecmp(args[1], "hard") == 0 || strcmp(args[1], "-") == 0) 
-	    l->limit.rlim_max = value;
-    }
-    fclose(f);
-    for(l = limits; l->name != NULL; l++) {
-	if(l->has_limit) {
-	    if(l->limit.rlim_cur > l->limit.rlim_max)
-		l->limit.rlim_cur = l->limit.rlim_max;
-	    if(setrlimit(l->resource, &l->limit) != 0)
-		syslog(LOG_ERR, "setrlimit RLIM_%s failed: %m", l->name);
-	}
-	l->has_limit = 0;
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/appl/rsh/login_access.c b/crypto/heimdal/appl/rsh/login_access.c
deleted file mode 100644
index e1bfe42ea1b8..000000000000
--- a/crypto/heimdal/appl/rsh/login_access.c
+++ /dev/null
@@ -1,277 +0,0 @@
-/************************************************************************
-* Copyright 1995 by Wietse Venema.  All rights reserved.  Some individual
-* files may be covered by other copyrights.
-*
-* This material was originally written and compiled by Wietse Venema at
-* Eindhoven University of Technology, The Netherlands, in 1990, 1991,
-* 1992, 1993, 1994 and 1995.
-*
-* Redistribution and use in source and binary forms, with or without
-* modification, are permitted provided that this entire copyright notice
-* is duplicated in all such copies.
-*
-* This software is provided "as is" and without any expressed or implied
-* warranties, including, without limitation, the implied warranties of
-* merchantibility and fitness for any particular purpose.
-************************************************************************/
- /*
-  * This module implements a simple but effective form of login access
-  * control based on login names and on host (or domain) names, internet
-  * addresses (or network numbers), or on terminal line names in case of
-  * non-networked logins. Diagnostics are reported through syslog(3).
-  *
-  * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
-  */
-
-#include "login_locl.h"
-
-RCSID("$Id: login_access.c 10020 2001-06-04 14:10:19Z assar $");
-
- /* Delimiters for fields and for lists of users, ttys or hosts. */
-
-static char fs[] = ":";			/* field separator */
-static char sep[] = ", \t";		/* list-element separator */
-
- /* Constants to be used in assignments only, not in comparisons... */
-
-#define YES             1
-#define NO              0
-
- /*
-  * A structure to bundle up all login-related information to keep the
-  * functional interfaces as generic as possible.
-  */
-struct login_info {
-    struct passwd *user;
-    char   *from;
-};
-
-static int list_match(char *list, struct login_info *item,
-		      int (*match_fn)(char *, struct login_info *));
-static int user_match(char *tok, struct login_info *item);
-static int from_match(char *tok, struct login_info *item);
-static int string_match(char *tok, char *string);
-
-/* login_access - match username/group and host/tty with access control file */
-
-int login_access(struct passwd *user, char *from)
-{
-    struct login_info item;
-    FILE   *fp;
-    char    line[BUFSIZ];
-    char   *perm;			/* becomes permission field */
-    char   *users;			/* becomes list of login names */
-    char   *froms;			/* becomes list of terminals or hosts */
-    int     match = NO;
-    int     end;
-    int     lineno = 0;			/* for diagnostics */
-    char   *foo;
-
-    /*
-     * Bundle up the arguments to avoid unnecessary clumsiness lateron.
-     */
-    item.user = user;
-    item.from = from;
-
-    /*
-     * Process the table one line at a time and stop at the first match.
-     * Blank lines and lines that begin with a '#' character are ignored.
-     * Non-comment lines are broken at the ':' character. All fields are
-     * mandatory. The first field should be a "+" or "-" character. A
-     * non-existing table means no access control.
-     */
-
-    if ((fp = fopen(_PATH_LOGACCESS, "r")) != 0) {
-	while (!match && fgets(line, sizeof(line), fp)) {
-	    lineno++;
-	    if (line[end = strlen(line) - 1] != '\n') {
-		syslog(LOG_ERR, "%s: line %d: missing newline or line too long",
-		       _PATH_LOGACCESS, lineno);
-		continue;
-	    }
-	    if (line[0] == '#')
-		continue;			/* comment line */
-	    while (end > 0 && isspace((unsigned char)line[end - 1]))
-		end--;
-	    line[end] = 0;			/* strip trailing whitespace */
-	    if (line[0] == 0)			/* skip blank lines */
-		continue;
-	    foo = NULL;
-	    if (!(perm = strtok_r(line, fs, &foo))
-		|| !(users = strtok_r(NULL, fs, &foo))
-		|| !(froms = strtok_r(NULL, fs, &foo))
-		|| strtok_r(NULL, fs, &foo)) {
-		syslog(LOG_ERR, "%s: line %d: bad field count", 
-		       _PATH_LOGACCESS,
-		       lineno);
-		continue;
-	    }
-	    if (perm[0] != '+' && perm[0] != '-') {
-		syslog(LOG_ERR, "%s: line %d: bad first field", 
-		       _PATH_LOGACCESS,
-		       lineno);
-		continue;
-	    }
-	    match = (list_match(froms, &item, from_match)
-		     && list_match(users, &item, user_match));
-	}
-	fclose(fp);
-    } else if (errno != ENOENT) {
-	syslog(LOG_ERR, "cannot open %s: %m", _PATH_LOGACCESS);
-    }
-    return (match == 0 || (line[0] == '+'));
-}
-
-/* list_match - match an item against a list of tokens with exceptions */
-
-static int
-list_match(char *list,
-	   struct login_info *item,
-	   int (*match_fn)(char *, struct login_info *))
-{
-    char   *tok;
-    int     match = NO;
-    char   *foo = NULL;
-
-    /*
-     * Process tokens one at a time. We have exhausted all possible matches
-     * when we reach an "EXCEPT" token or the end of the list. If we do find
-     * a match, look for an "EXCEPT" list and recurse to determine whether
-     * the match is affected by any exceptions.
-     */
-
-    for (tok = strtok_r(list, sep, &foo);
-	 tok != NULL;
-	 tok = strtok_r(NULL, sep, &foo)) {
-	if (strcasecmp(tok, "EXCEPT") == 0)	/* EXCEPT: give up */
-	    break;
-	if ((match = (*match_fn) (tok, item)) != 0)	/* YES */
-	    break;
-    }
-    /* Process exceptions to matches. */
-
-    if (match != NO) {
-	while ((tok = strtok_r(NULL, sep, &foo)) && strcasecmp(tok, "EXCEPT"))
-	     /* VOID */ ;
-	if (tok == 0 || list_match(NULL, item, match_fn) == NO)
-	    return (match);
-    }
-    return (NO);
-}
-
-/* myhostname - figure out local machine name */
-
-static char *myhostname(void)
-{
-    static char name[MAXHOSTNAMELEN + 1] = "";
-
-    if (name[0] == 0) {
-	gethostname(name, sizeof(name));
-	name[MAXHOSTNAMELEN] = 0;
-    }
-    return (name);
-}
-
-/* netgroup_match - match group against machine or user */
-
-static int netgroup_match(char *group, char *machine, char *user)
-{
-#ifdef HAVE_YP_GET_DEFAULT_DOMAIN
-    static char *mydomain = 0;
-
-    if (mydomain == 0)
-	yp_get_default_domain(&mydomain);
-    return (innetgr(group, machine, user, mydomain));
-#else
-    syslog(LOG_ERR, "NIS netgroup support not configured");
-    return 0;
-#endif
-}
-
-/* user_match - match a username against one token */
-
-static int user_match(char *tok, struct login_info *item)
-{
-    char   *string = item->user->pw_name;
-    struct login_info fake_item;
-    struct group *group;
-    int     i;
-    char   *at;
-
-    /*
-     * If a token has the magic value "ALL" the match always succeeds.
-     * Otherwise, return YES if the token fully matches the username, if the
-     * token is a group that contains the username, or if the token is the
-     * name of the user's primary group.
-     */
-
-    if ((at = strchr(tok + 1, '@')) != 0) {	/* split user@host pattern */
-	*at = 0;
-	fake_item.from = myhostname();
-	return (user_match(tok, item) && from_match(at + 1, &fake_item));
-    } else if (tok[0] == '@') {			/* netgroup */
-	return (netgroup_match(tok + 1, (char *) 0, string));
-    } else if (string_match(tok, string)) {	/* ALL or exact match */
-	return (YES);
-    } else if ((group = getgrnam(tok)) != 0) { /* try group membership */
-	if (item->user->pw_gid == group->gr_gid)
-	    return (YES);
-	for (i = 0; group->gr_mem[i]; i++)
-	    if (strcasecmp(string, group->gr_mem[i]) == 0)
-		return (YES);
-    }
-    return (NO);
-}
-
-/* from_match - match a host or tty against a list of tokens */
-
-static int from_match(char *tok, struct login_info *item)
-{
-    char   *string = item->from;
-    int     tok_len;
-    int     str_len;
-
-    /*
-     * If a token has the magic value "ALL" the match always succeeds. Return
-     * YES if the token fully matches the string. If the token is a domain
-     * name, return YES if it matches the last fields of the string. If the
-     * token has the magic value "LOCAL", return YES if the string does not
-     * contain a "." character. If the token is a network number, return YES
-     * if it matches the head of the string.
-     */
-
-    if (tok[0] == '@') {			/* netgroup */
-	return (netgroup_match(tok + 1, string, (char *) 0));
-    } else if (string_match(tok, string)) {	/* ALL or exact match */
-	return (YES);
-    } else if (tok[0] == '.') {			/* domain: match last fields */
-	if ((str_len = strlen(string)) > (tok_len = strlen(tok))
-	    && strcasecmp(tok, string + str_len - tok_len) == 0)
-	    return (YES);
-    } else if (strcasecmp(tok, "LOCAL") == 0) {	/* local: no dots */
-	if (strchr(string, '.') == 0)
-	    return (YES);
-    } else if (tok[(tok_len = strlen(tok)) - 1] == '.'	/* network */
-	       && strncmp(tok, string, tok_len) == 0) {
-	return (YES);
-    }
-    return (NO);
-}
-
-/* string_match - match a string against one token */
-
-static int string_match(char *tok, char *string)
-{
-
-    /*
-     * If the token has the magic value "ALL" the match always succeeds.
-     * Otherwise, return YES if the token fully matches the string.
-     */
-
-    if (strcasecmp(tok, "ALL") == 0) {		/* all: always matches */
-	return (YES);
-    } else if (strcasecmp(tok, string) == 0) {	/* try exact match */
-	return (YES);
-    }
-    return (NO);
-}
diff --git a/crypto/heimdal/appl/rsh/rsh.1 b/crypto/heimdal/appl/rsh/rsh.1
deleted file mode 100644
index 2999dc06a29c..000000000000
--- a/crypto/heimdal/appl/rsh/rsh.1
+++ /dev/null
@@ -1,295 +0,0 @@
-.\" Copyright (c) 2002 - 2003 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\"	$Id: rsh.1 13394 2004-02-20 12:21:42Z joda $
-.\"
-.Dd February 20, 2004
-.Dt RSH 1
-.Os HEIMDAL
-.Sh NAME
-.Nm rsh
-.Nd
-remote shell
-.Sh SYNOPSIS
-.Nm
-.Op Fl 45FGKdefnuxz
-.Op Fl U Pa string
-.Op Fl p Ar port
-.Op Fl l Ar username
-.Op Fl P Ar N|O
-.Ar host [command]
-.Sh DESCRIPTION
-.Nm
-authenticates to the
-.Xr rshd 8
-daemon on the remote
-.Ar host ,
-and then executes the specified
-.Ar command .
-.Pp
-.Nm
-copies its standard input to the remote command, and the standard
-output and error of the remote command to its own.
-.Pp
-Valid options are:
-.Bl -tag -width Ds
-.It Xo
-.Fl 4 ,
-.Fl -krb4
-.Xc
-The
-.Fl 4
-option requests Kerberos 4 authentication. Normally all supported
-authentication mechanisms will be tried, but in some cases more
-explicit control is desired.
-.It Xo
-.Fl 5 ,
-.Fl -krb5
-.Xc
-The
-.Fl 5
-option requests Kerberos 5 authentication. This is analogous to the
-.Fl 4
-option.
-.It Xo
-.Fl K ,
-.Fl -broken
-.Xc
-The
-.Fl K
-option turns off all Kerberos authentication. The security in this
-mode relies on reserved ports. The long name is an indication of how
-good this is.
-.It Xo
-.Fl n ,
-.Fl -no-input
-.Xc
-The
-.Fl n
-option directs the input from the
-.Pa /dev/null
-device (see the
-.Sx BUGS
-section of this manual page).
-.It Fl d
-Enable
-.Xr setsockopt 2
-socket debugging.
-.It Xo
-.Fl e ,
-.Fl -no-stderr
-.Xc
-Don't use a separate socket for the stderr stream. This can be
-necessary if rsh-ing through a NAT bridge.
-.It Xo
-.Fl x ,
-.Fl -encrypt
-.Xc
-The
-.Fl x
-option enables encryption for all data exchange. This is only valid
-for Kerberos authenticated connections (see the
-.Sx BUGS
-section for limitations).
-.It Xo
-.Fl z
-.Xc
-The opposite of
-.Fl x .
-This is the default, and is mainly useful if encryption has been
-enabled by default, for instance in the
-.Li appdefaults
-section of 
-.Pa /etc/krb5.conf
-when using Kerberos 5.
-.It Xo
-.Fl f ,
-.Fl -forward
-.Xc
-Forward Kerberos 5 credentials to the remote host.
-Also settable via
-.Li appdefaults
-(see
-.Xr krb5.conf ) .
-.It Xo
-.Fl F ,
-.Fl -forwardable
-.Xc
-Make the forwarded credentials re-forwardable. 
-Also settable via
-.Li appdefaults
-(see
-.Xr krb5.conf ) .
-.It Xo
-.Fl l Ar string ,
-.Fl -user= Ns Ar string
-.Xc
-By default the remote username is the same as the local. The
-.Fl l
-option or the
-.Pa username@host
-format allow the remote name to be specified.
-.It Xo
-.Fl n ,
-.Fl -no-input
-.Xc
-Direct input from 
-.Pa /dev/null
-(see the
-.Sx BUGS
-section).
-.It Xo
-.Fl p Ar number-or-service ,
-.Fl -port= Ns Ar number-or-service
-.Xc
-Connect to this port instead of the default (which is 514 when using
-old port based authentication, 544 for Kerberos 5 and non-encrypted
-Kerberos 4, and 545 for encrytpted Kerberos 4; subject of course to
-the contents of
-.Pa /etc/services ) .
-.It Xo
-.Fl P Ar N|O|1|2 ,
-.Fl -protocol= Ns Ar N|O|1|2
-.Xc
-Specifies the protocol version to use with Kerberos 5.
-.Ar N
-and
-.Ar 2
-select protocol version 2, while 
-.Ar O
-and
-.Ar 1
-select version 1. Version 2 is believed to be more secure, and is the
-default. Unless asked for a specific version,
-.Nm
-will try both.  This behaviour may change in the future.
-.It Xo
-.Fl u ,
-.Fl -unique
-.Xc
-Make sure the remote credentials cache is unique, that is, don't reuse
-any existing cache. Mutually exclusive to
-.Fl U .
-.It Xo
-.Fl U Pa string ,
-.Fl -tkfile= Ns Pa string
-.Xc
-Name of the remote credentials cache. Mutually exclusive to
-.Fl u .
-.It Xo
-.Fl x ,
-.Fl -encrypt
-.Xc
-The
-.Fl x
-option enables encryption for all data exchange. This is only valid
-for Kerberos authenticated connections (see the
-.Sx BUGS
-section for limitations).
-.It Fl z
-The opposite of
-.Fl x .
-This is the default, but encryption can be enabled when using
-Kerberos 5, by setting the
-.Li libdefaults/encrypt
-option in
-.Xr krb5.conf 5 .
-.El
-.\".Pp
-.\"Without a
-.\".Ar command
-.\".Nm
-.\"will just exec
-.\".Xr rlogin 1
-.\"with the same arguments.
-.Sh EXAMPLES
-Care should be taken when issuing commands containing shell meta
-characters. Without quoting, these will be expanded on the local
-machine.
-.Pp
-The following command:
-.Pp
-.Dl rsh otherhost cat remotefile \*[Gt] localfile
-.Pp
-will write the contents of the remote
-.Pa remotefile
-to the local
-.Pa localfile ,
-but:
-.Pp
-.Dl rsh otherhost 'cat remotefile \*[Gt] remotefile2'
-.Pp
-will write it to the remote
-.Pa remotefile2 .
-.\".Sh ENVIRONMENT
-.Sh FILES
-.Bl -tag -width /etc/hosts -compact
-.It Pa /etc/hosts
-.El
-.\".Sh DIAGNOSTICS
-.Sh SEE ALSO
-.Xr rlogin 1 ,
-.Xr krb_realmofhost 3 ,
-.Xr krb_sendauth 3 ,
-.Xr hosts.equiv 5 ,
-.Xr krb5.conf 5 ,
-.Xr rhosts 5 ,
-.Xr kerberos 8
-.Xr rshd 8
-.\".Sh STANDARDS
-.Sh HISTORY
-The
-.Nm
-command appeared in
-.Bx 4.2 .
-.Sh AUTHORS
-This implementation of
-.Nm
-was written as part of the Heimdal Kerberos 5 implementation.
-.Sh BUGS
-Some shells (notably
-.Xr csh 1 )
-will cause
-.Nm
-to block if run in the background, unless the standard input is directed away from the terminal. This is what the
-.Fl n
-option is for.
-.Pp
-The
-.Fl x
-options enables encryption for the session, but for both Kerberos 4
-and 5 the actual command is sent unencrypted, so you should not send
-any secret information in the command line (which is probably a bad
-idea anyway, since the command line can usually be read with tools
-like
-.Xr ps 1 ) .
-Forthermore in Kerberos 4 the command is not even integrity
-protected, so anyone with the right tools can modify the command.
diff --git a/crypto/heimdal/appl/rsh/rsh.c b/crypto/heimdal/appl/rsh/rsh.c
deleted file mode 100644
index 2d64d21f49fa..000000000000
--- a/crypto/heimdal/appl/rsh/rsh.c
+++ /dev/null
@@ -1,1124 +0,0 @@
-/*
- * Copyright (c) 1997 - 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "rsh_locl.h"
-RCSID("$Id: rsh.c 21516 2007-07-12 12:47:23Z lha $");
-
-enum auth_method auth_method;
-#if defined(KRB4) || defined(KRB5)
-int do_encrypt       = -1;
-#endif
-#ifdef KRB5
-int do_unique_tkfile = 0;
-char *unique_tkfile  = NULL;
-char tkfile[MAXPATHLEN];
-int do_forward       = -1;
-int do_forwardable   = -1;
-krb5_context context;
-krb5_keyblock *keyblock;
-krb5_crypto crypto;
-#endif
-#ifdef KRB4
-des_key_schedule schedule;
-des_cblock iv;
-#endif
-int sock_debug	     = 0;
-
-#ifdef KRB4
-static int use_v4 = -1;
-#endif
-#ifdef KRB5
-static int use_v5 = -1;
-#endif
-#if defined(KRB4) || defined(KRB5)
-static int use_only_broken = 0;
-#else
-static int use_only_broken = 1;
-#endif
-static int use_broken = 1;
-static char *port_str;
-static const char *user;
-static int do_version;
-static int do_help;
-static int do_errsock = 1;
-#ifdef KRB5
-static char *protocol_version_str;
-static int protocol_version = 2;
-#endif
-
-/*
- *
- */
-
-static int input = 1;		/* Read from stdin */
-
-static int
-rsh_loop (int s, int errsock)
-{
-    fd_set real_readset;
-    int count = 1;
-
-#ifdef KRB5
-    if(auth_method == AUTH_KRB5 && protocol_version == 2)
-	init_ivecs(1, errsock != -1);
-#endif
-
-    if (s >= FD_SETSIZE || (errsock != -1 && errsock >= FD_SETSIZE))
-	errx (1, "fd too large");
-    
-    FD_ZERO(&real_readset);
-    FD_SET(s, &real_readset);
-    if (errsock != -1) {
-	FD_SET(errsock, &real_readset);
-	++count;
-    }
-    if(input)
-	FD_SET(STDIN_FILENO, &real_readset);
-
-    for (;;) {
-	int ret;
-	fd_set readset;
-	char buf[RSH_BUFSIZ];
-
-	readset = real_readset;
-	ret = select (max(s, errsock) + 1, &readset, NULL, NULL, NULL);
-	if (ret < 0) {
-	    if (errno == EINTR)
-		continue;
-	    else
-		err (1, "select");
-	}
-	if (FD_ISSET(s, &readset)) {
-	    ret = do_read (s, buf, sizeof(buf), ivec_in[0]);
-	    if (ret < 0)
-		err (1, "read");
-	    else if (ret == 0) {
-		close (s);
-		FD_CLR(s, &real_readset);
-		if (--count == 0)
-		    return 0;
-	    } else
-		net_write (STDOUT_FILENO, buf, ret);
-	}
-	if (errsock != -1 && FD_ISSET(errsock, &readset)) {
-	    ret = do_read (errsock, buf, sizeof(buf), ivec_in[1]);
-	    if (ret < 0)
-		err (1, "read");
-	    else if (ret == 0) {
-		close (errsock);
-		FD_CLR(errsock, &real_readset);
-		if (--count == 0)
-		    return 0;
-	    } else
-		net_write (STDERR_FILENO, buf, ret);
-	}
-	if (FD_ISSET(STDIN_FILENO, &readset)) {
-	    ret = read (STDIN_FILENO, buf, sizeof(buf));
-	    if (ret < 0)
-		err (1, "read");
-	    else if (ret == 0) {
-		close (STDIN_FILENO);
-		FD_CLR(STDIN_FILENO, &real_readset);
-		shutdown (s, SHUT_WR);
-	    } else
-		do_write (s, buf, ret, ivec_out[0]);
-	}
-    }
-}
-
-#ifdef KRB4
-static int
-send_krb4_auth(int s,
-	       struct sockaddr *thisaddr,
-	       struct sockaddr *thataddr,
-	       const char *hostname,
-	       const char *remote_user,
-	       const char *local_user,
-	       size_t cmd_len,
-	       const char *cmd)
-{
-    KTEXT_ST text;
-    CREDENTIALS cred;
-    MSG_DAT msg;
-    int status;
-    size_t len;
-
-    /* the normal default for krb4 should be to disable encryption */
-    status = krb_sendauth ((do_encrypt == 1) ? KOPT_DO_MUTUAL : 0,
-			   s, &text, "rcmd",
-			   (char *)hostname, krb_realmofhost (hostname),
-			   getpid(), &msg, &cred, schedule,
-			   (struct sockaddr_in *)thisaddr,
-			   (struct sockaddr_in *)thataddr,
-			   KCMD_OLD_VERSION);
-    if (status != KSUCCESS) {
-	warnx("%s: %s", hostname, krb_get_err_text(status));
-	return 1;
-    }
-    memcpy (iv, cred.session, sizeof(iv));
-
-    len = strlen(remote_user) + 1;
-    if (net_write (s, remote_user, len) != len) {
-	warn("write");
-	return 1;
-    }
-    if (net_write (s, cmd, cmd_len) != cmd_len) {
-	warn("write");
-	return 1;
-    }
-    return 0;
-}
-#endif /* KRB4 */
-
-#ifdef KRB5
-/*
- * Send forward information on `s' for host `hostname', them being
- * forwardable themselves if `forwardable'
- */
-
-static int
-krb5_forward_cred (krb5_auth_context auth_context,
-		   int s,
-		   const char *hostname,
-		   int forwardable)
-{
-    krb5_error_code ret;
-    krb5_ccache     ccache;
-    krb5_creds      creds;
-    krb5_kdc_flags  flags;
-    krb5_data       out_data;
-    krb5_principal  principal;
-
-    memset (&creds, 0, sizeof(creds));
-
-    ret = krb5_cc_default (context, &ccache);
-    if (ret) {
-	warnx ("could not forward creds: krb5_cc_default: %s",
-	       krb5_get_err_text (context, ret));
-	return 1;
-    }
-
-    ret = krb5_cc_get_principal (context, ccache, &principal);
-    if (ret) {
-	warnx ("could not forward creds: krb5_cc_get_principal: %s",
-	       krb5_get_err_text (context, ret));
-	return 1;
-    }
-
-    creds.client = principal;
-    
-    ret = krb5_build_principal (context,
-				&creds.server,
-				strlen(principal->realm),
-				principal->realm,
-				"krbtgt",
-				principal->realm,
-				NULL);
-
-    if (ret) {
-	warnx ("could not forward creds: krb5_build_principal: %s",
-	       krb5_get_err_text (context, ret));
-	return 1;
-    }
-
-    creds.times.endtime = 0;
-
-    flags.i = 0;
-    flags.b.forwarded   = 1;
-    flags.b.forwardable = forwardable;
-
-    ret = krb5_get_forwarded_creds (context,
-				    auth_context,
-				    ccache,
-				    flags.i,
-				    hostname,
-				    &creds,
-				    &out_data);
-    if (ret) {
-	warnx ("could not forward creds: krb5_get_forwarded_creds: %s",
-	       krb5_get_err_text (context, ret));
-	return 1;
-    }
-
-    ret = krb5_write_message (context,
-			      (void *)&s,
-			      &out_data);
-    krb5_data_free (&out_data);
-
-    if (ret)
-	warnx ("could not forward creds: krb5_write_message: %s",
-	       krb5_get_err_text (context, ret));
-    return 0;
-}
-
-static int sendauth_version_error;
-
-static int
-send_krb5_auth(int s,
-	       struct sockaddr *thisaddr,
-	       struct sockaddr *thataddr,
-	       const char *hostname,
-	       const char *remote_user,
-	       const char *local_user,
-	       size_t cmd_len,
-	       const char *cmd)
-{
-    krb5_principal server;
-    krb5_data cksum_data;
-    int status;
-    size_t len;
-    krb5_auth_context auth_context = NULL;
-    const char *protocol_string = NULL;
-    krb5_flags ap_opts;
-    char *str;
-
-    status = krb5_sname_to_principal(context,
-				     hostname,
-				     "host",
-				     KRB5_NT_SRV_HST,
-				     &server);
-    if (status) {
-	warnx ("%s: %s", hostname, krb5_get_err_text(context, status));
-	return 1;
-    }
-
-    if(do_encrypt == -1) {
-	krb5_appdefault_boolean(context, NULL, 
-				krb5_principal_get_realm(context, server), 
-				"encrypt", 
-				FALSE, 
-				&do_encrypt);
-    }
-
-    cksum_data.length = asprintf (&str,
-				  "%u:%s%s%s",
-				  ntohs(socket_get_port(thataddr)),
-				  do_encrypt ? "-x " : "",
-				  cmd,
-				  remote_user);
-    if (str == NULL) {
-	warnx ("%s: failed to allocate command", hostname);
-	return 1;
-    }
-    cksum_data.data = str;
-
-    ap_opts = 0;
-
-    if(do_encrypt)
-	ap_opts |= AP_OPTS_MUTUAL_REQUIRED;
-
-    switch(protocol_version) {
-    case 2:
-	ap_opts |= AP_OPTS_USE_SUBKEY;
-	protocol_string = KCMD_NEW_VERSION;
-	break;
-    case 1:
-	protocol_string = KCMD_OLD_VERSION;
-	key_usage = KRB5_KU_OTHER_ENCRYPTED;
-	break;
-    default:
-	abort();
-    }
-	
-    status = krb5_sendauth (context,
-			    &auth_context,
-			    &s,
-			    protocol_string,
-			    NULL,
-			    server,
-			    ap_opts,
-			    &cksum_data,
-			    NULL,
-			    NULL,
-			    NULL,
-			    NULL,
-			    NULL);
-
-    /* do this while we have a principal */
-    if(do_forward == -1 || do_forwardable == -1) {
-	krb5_const_realm realm = krb5_principal_get_realm(context, server);
-	if (do_forwardable == -1)
-	    krb5_appdefault_boolean(context, NULL, realm,
-				    "forwardable", FALSE, 
-				    &do_forwardable);
-	if (do_forward == -1)
-	    krb5_appdefault_boolean(context, NULL, realm,
-				    "forward", FALSE, 
-				    &do_forward);
-    }
-    
-    krb5_free_principal(context, server);
-    krb5_data_free(&cksum_data);
-
-    if (status) {
-	if(status == KRB5_SENDAUTH_REJECTED && 
-	   protocol_version == 2 && protocol_version_str == NULL)
-	    sendauth_version_error = 1;
-	else
-	    krb5_warn(context, status, "%s", hostname);
-	return 1;
-    }
-
-    status = krb5_auth_con_getlocalsubkey (context, auth_context, &keyblock);
-    if(keyblock == NULL)
-	status = krb5_auth_con_getkey (context, auth_context, &keyblock);
-    if (status) {
-	warnx ("krb5_auth_con_getkey: %s", krb5_get_err_text(context, status));
-	return 1;
-    }
-
-    status = krb5_auth_con_setaddrs_from_fd (context,
-					     auth_context,
-					     &s);
-    if (status) {
-        warnx("krb5_auth_con_setaddrs_from_fd: %s",
-	      krb5_get_err_text(context, status));
-        return(1);
-    }
-
-    status = krb5_crypto_init(context, keyblock, 0, &crypto);
-    if(status) {
-	warnx ("krb5_crypto_init: %s", krb5_get_err_text(context, status));
-	return 1;
-    }
-
-    len = strlen(remote_user) + 1;
-    if (net_write (s, remote_user, len) != len) {
-	warn ("write");
-	return 1;
-    }
-    if (do_encrypt && net_write (s, "-x ", 3) != 3) {
-	warn ("write");
-	return 1;
-    }
-    if (net_write (s, cmd, cmd_len) != cmd_len) {
-	warn ("write");
-	return 1;
-    }
-
-    if (do_unique_tkfile) {
-	if (net_write (s, tkfile, strlen(tkfile)) != strlen(tkfile)) {
-	    warn ("write");
-	    return 1;
-	}
-    }
-    len = strlen(local_user) + 1;
-    if (net_write (s, local_user, len) != len) {
-	warn ("write");
-	return 1;
-    }
-
-    if (!do_forward
-	|| krb5_forward_cred (auth_context, s, hostname, do_forwardable)) {
-	/* Empty forwarding info */
-
-	u_char zero[4] = {0, 0, 0, 0};
-	write (s, &zero, 4);
-    }
-    krb5_auth_con_free (context, auth_context);
-    return 0;
-}
-
-#endif /* KRB5 */
-
-static int
-send_broken_auth(int s,
-		 struct sockaddr *thisaddr,
-		 struct sockaddr *thataddr,
-		 const char *hostname,
-		 const char *remote_user,
-		 const char *local_user,
-		 size_t cmd_len,
-		 const char *cmd)
-{
-    size_t len;
-
-    len = strlen(local_user) + 1;
-    if (net_write (s, local_user, len) != len) {
-	warn ("write");
-	return 1;
-    }
-    len = strlen(remote_user) + 1;
-    if (net_write (s, remote_user, len) != len) {
-	warn ("write");
-	return 1;
-    }
-    if (net_write (s, cmd, cmd_len) != cmd_len) {
-	warn ("write");
-	return 1;
-    }
-    return 0;
-}
-
-static int
-proto (int s, int errsock,
-       const char *hostname, const char *local_user, const char *remote_user,
-       const char *cmd, size_t cmd_len,
-       int (*auth_func)(int s,
-			struct sockaddr *this, struct sockaddr *that,
-			const char *hostname, const char *remote_user,
-			const char *local_user, size_t cmd_len,
-			const char *cmd))
-{
-    int errsock2;
-    char buf[BUFSIZ];
-    char *p;
-    size_t len;
-    char reply;
-    struct sockaddr_storage thisaddr_ss;
-    struct sockaddr *thisaddr = (struct sockaddr *)&thisaddr_ss;
-    struct sockaddr_storage thataddr_ss;
-    struct sockaddr *thataddr = (struct sockaddr *)&thataddr_ss;
-    struct sockaddr_storage erraddr_ss;
-    struct sockaddr *erraddr = (struct sockaddr *)&erraddr_ss;
-    socklen_t addrlen;
-    int ret;
-
-    addrlen = sizeof(thisaddr_ss);
-    if (getsockname (s, thisaddr, &addrlen) < 0) {
-	warn ("getsockname(%s)", hostname);
-	return 1;
-    }
-    addrlen = sizeof(thataddr_ss);
-    if (getpeername (s, thataddr, &addrlen) < 0) {
-	warn ("getpeername(%s)", hostname);
-	return 1;
-    }
-
-    if (errsock != -1) {
-
-	addrlen = sizeof(erraddr_ss);
-	if (getsockname (errsock, erraddr, &addrlen) < 0) {
-	    warn ("getsockname");
-	    return 1;
-	}
-
-	if (listen (errsock, 1) < 0) {
-	    warn ("listen");
-	    return 1;
-	}
-
-	p = buf;
-	snprintf (p, sizeof(buf), "%u",
-		  ntohs(socket_get_port(erraddr)));
-	len = strlen(buf) + 1;
-	if(net_write (s, buf, len) != len) {
-	    warn ("write");
-	    close (errsock);
-	    return 1;
-	}
-
-
-	for (;;) {
-	    fd_set fdset;
-
-	    if (errsock >= FD_SETSIZE || s >= FD_SETSIZE)
-		errx (1, "fd too large");
-
-	    FD_ZERO(&fdset);
-	    FD_SET(errsock, &fdset);
-	    FD_SET(s, &fdset);
-
-	    ret = select (max(errsock, s) + 1, &fdset, NULL, NULL, NULL);
-	    if (ret < 0) {
-		if (errno == EINTR)
-		    continue;
-		warn ("select");
-		close (errsock);
-		return 1;
-	    }
-	    if (FD_ISSET(errsock, &fdset)) {
-		errsock2 = accept (errsock, NULL, NULL);
-		close (errsock);
-		if (errsock2 < 0) {
-		    warn ("accept");
-		    return 1;
-		}
-		break;
-	    }
-
-	    /*
-	     * there should not arrive any data on this fd so if it's
-	     * readable it probably indicates that the other side when
-	     * away.
-	     */
-
-	    if (FD_ISSET(s, &fdset)) {
-		warnx ("socket closed");
-		close (errsock);
-		errsock2 = -1;
-		break;
-	    }
-	}
-    } else {
-	if (net_write (s, "0", 2) != 2) {
-	    warn ("write");
-	    return 1;
-	}
-	errsock2 = -1;
-    }
-
-    if ((*auth_func)(s, thisaddr, thataddr, hostname,
-		     remote_user, local_user,
-		     cmd_len, cmd)) {
-	close (errsock2);
-	return 1;
-    } 
-
-    ret = net_read (s, &reply, 1);
-    if (ret < 0) {
-	warn ("read");
-	close (errsock2);
-	return 1;
-    } else if (ret == 0) {
-	warnx ("unexpected EOF from %s", hostname);
-	close (errsock2);
-	return 1;
-    }
-    if (reply != 0) {
-
-	warnx ("Error from rshd at %s:", hostname);
-
-	while ((ret = read (s, buf, sizeof(buf))) > 0)
-	    write (STDOUT_FILENO, buf, ret);
-        write (STDOUT_FILENO,"\n",1);
-	close (errsock2);
-	return 1;
-    }
-
-    if (sock_debug) {
-	int one = 1;
-	if (setsockopt(s, SOL_SOCKET, SO_DEBUG, (void *)&one, sizeof(one)) < 0)
-	    warn("setsockopt remote");
-	if (errsock2 != -1 &&
-	    setsockopt(errsock2, SOL_SOCKET, SO_DEBUG,
-		       (void *)&one, sizeof(one)) < 0)
-	    warn("setsockopt stderr");
-    }
-    
-    return rsh_loop (s, errsock2);
-}
-
-/*
- * Return in `res' a copy of the concatenation of `argc, argv' into
- * malloced space.  */
-
-static size_t
-construct_command (char **res, int argc, char **argv)
-{
-    int i;
-    size_t len = 0;
-    char *tmp;
-
-    for (i = 0; i < argc; ++i)
-	len += strlen(argv[i]) + 1;
-    len = max (1, len);
-    tmp = malloc (len);
-    if (tmp == NULL)
-	errx (1, "malloc %lu failed", (unsigned long)len);
-
-    *tmp = '\0';
-    for (i = 0; i < argc - 1; ++i) {
-	strlcat (tmp, argv[i], len);
-	strlcat (tmp, " ", len);
-    }
-    if (argc > 0)
-	strlcat (tmp, argv[argc-1], len);
-    *res = tmp;
-    return len;
-}
-
-static char *
-print_addr (const struct sockaddr *sa)
-{
-    char addr_str[256];
-    char *res;
-    const char *as = NULL;
-
-    if(sa->sa_family == AF_INET)
-	as = inet_ntop (sa->sa_family, &((struct sockaddr_in*)sa)->sin_addr, 
-			addr_str, sizeof(addr_str));
-#ifdef HAVE_INET6
-    else if(sa->sa_family == AF_INET6)
-	as = inet_ntop (sa->sa_family, &((struct sockaddr_in6*)sa)->sin6_addr, 
-			addr_str, sizeof(addr_str));
-#endif
-    if(as == NULL)
-	return NULL;
-    res = strdup(as);
-    if (res == NULL)
-	errx (1, "malloc: out of memory");
-    return res;
-}
-
-static int
-doit_broken (int argc,
-	     char **argv,
-	     int hostindex,
-	     struct addrinfo *ai,
-	     const char *remote_user,
-	     const char *local_user,
-	     int priv_socket1,
-	     int priv_socket2,
-	     const char *cmd,
-	     size_t cmd_len)
-{
-    struct addrinfo *a;
-
-    if (connect (priv_socket1, ai->ai_addr, ai->ai_addrlen) < 0) {
-	int save_errno = errno;
-	
-	close(priv_socket1);
-	close(priv_socket2);
-
-	for (a = ai->ai_next; a != NULL; a = a->ai_next) {
-	    pid_t pid;
-	    char *adr = print_addr(a->ai_addr);
-	    if(adr == NULL)
-		continue;
-
-	    pid = fork();
-	    if (pid < 0)
-		err (1, "fork");
-	    else if(pid == 0) {
-		char **new_argv;
-		int i = 0;
-
-		new_argv = malloc((argc + 2) * sizeof(*new_argv));
-		if (new_argv == NULL)
-		    errx (1, "malloc: out of memory");
-		new_argv[i] = argv[i];
-		++i;
-		if (hostindex == i)
-		    new_argv[i++] = adr;
-		new_argv[i++] = "-K";
-		for(; i <= argc; ++i)
-		    new_argv[i] = argv[i - 1];
-		if (hostindex > 1)
-		    new_argv[hostindex + 1] = adr;
-		new_argv[argc + 1] = NULL;
-		execv(PATH_RSH, new_argv);
-		err(1, "execv(%s)", PATH_RSH);
-	    } else {
-		int status;
-		free(adr);
-
-		while(waitpid(pid, &status, 0) < 0)
-		    ;
-		if(WIFEXITED(status) && WEXITSTATUS(status) == 0)
-		    return 0;
-	    }
-	}
-	errno = save_errno;
-	warn("%s", argv[hostindex]);
-	return 1;
-    } else {
-	int ret;
-
-	ret = proto (priv_socket1, priv_socket2,
-		     argv[hostindex],
-		     local_user, remote_user,
-		     cmd, cmd_len,
-		     send_broken_auth);
-	return ret;
-    }
-}
-
-#if defined(KRB4) || defined(KRB5)
-static int
-doit (const char *hostname,
-      struct addrinfo *ai,
-      const char *remote_user,
-      const char *local_user,
-      const char *cmd,
-      size_t cmd_len,
-      int (*auth_func)(int s,
-		       struct sockaddr *this, struct sockaddr *that,
-		       const char *hostname, const char *remote_user,
-		       const char *local_user, size_t cmd_len,
-		       const char *cmd))
-{
-    int error;
-    struct addrinfo *a;
-    int socketfailed = 1;
-    int ret;
-
-    for (a = ai; a != NULL; a = a->ai_next) {
-	int s;
-	int errsock;
-
-	s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
-	if (s < 0) 
-	    continue;
-	socketfailed = 0;
-	if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
-	    char addr[128];
-	    if(getnameinfo(a->ai_addr, a->ai_addrlen, 
-			   addr, sizeof(addr), NULL, 0, NI_NUMERICHOST) == 0)
-		warn ("connect(%s [%s])", hostname, addr);
-	    else
-		warn ("connect(%s)", hostname);
-	    close (s);
-	    continue;
-	}
-	if (do_errsock) {
-	    struct addrinfo *ea, *eai;
-	    struct addrinfo hints;
-
-	    memset (&hints, 0, sizeof(hints));
-	    hints.ai_socktype = a->ai_socktype;
-	    hints.ai_protocol = a->ai_protocol;
-	    hints.ai_family   = a->ai_family;
-	    hints.ai_flags    = AI_PASSIVE;
-
-	    errsock = -1;
-
-	    error = getaddrinfo (NULL, "0", &hints, &eai);
-	    if (error)
-		errx (1, "getaddrinfo: %s", gai_strerror(error));
-	    for (ea = eai; ea != NULL; ea = ea->ai_next) {
-		errsock = socket (ea->ai_family, ea->ai_socktype,
-				  ea->ai_protocol);
-		if (errsock < 0)
-		    continue;
-		if (bind (errsock, ea->ai_addr, ea->ai_addrlen) < 0)
-		    err (1, "bind");
-		break;
-	    }
-	    if (errsock < 0)
-		err (1, "socket");
-	    freeaddrinfo (eai);
-	} else
-	    errsock = -1;
-    
-	ret = proto (s, errsock,
-		     hostname,
-		     local_user, remote_user,
-		     cmd, cmd_len, auth_func);
-	close (s);
-	return ret;
-    }
-    if(socketfailed)
-	warnx ("failed to contact %s", hostname);
-    return -1;
-}
-#endif /* KRB4 || KRB5 */
-
-struct getargs args[] = {
-#ifdef KRB4
-    { "krb4",	'4', arg_flag,		&use_v4,	"Use Kerberos V4" },
-#endif
-#ifdef KRB5
-    { "krb5",	'5', arg_flag,		&use_v5,	"Use Kerberos V5" },
-    { "forward", 'f', arg_flag,		&do_forward,	"Forward credentials [krb5]"},
-    { "forwardable", 'F', arg_flag,	&do_forwardable,
-      "Forward forwardable credentials [krb5]" },
-    { NULL, 'G', arg_negative_flag,&do_forward,	"Don't forward credentials" },
-    { "unique", 'u', arg_flag,	&do_unique_tkfile,
-      "Use unique remote credentials cache [krb5]" },
-    { "tkfile", 'U', arg_string,  &unique_tkfile,
-      "Specifies remote credentials cache [krb5]" },
-    { "protocol", 'P', arg_string,      &protocol_version_str, 
-      "Protocol version [krb5]", "protocol" },
-#endif
-    { "broken", 'K', arg_flag,		&use_only_broken, "Use only priv port" },
-#if defined(KRB4) || defined(KRB5)
-    { "encrypt", 'x', arg_flag,		&do_encrypt,	"Encrypt connection" },
-    { NULL, 	'z', arg_negative_flag,      &do_encrypt,
-      "Don't encrypt connection", NULL },
-#endif
-    { NULL,	'd', arg_flag,		&sock_debug, "Enable socket debugging" },
-    { "input",	'n', arg_negative_flag,	&input,		"Close stdin" },
-    { "port",	'p', arg_string,	&port_str,	"Use this port",
-      "port" },
-    { "user",	'l', arg_string,	&user,		"Run as this user", "login" },
-    { "stderr", 'e', arg_negative_flag, &do_errsock,	"Don't open stderr"},
-#ifdef KRB5
-#endif
-    { "version", 0,  arg_flag,		&do_version,	NULL },
-    { "help",	 0,  arg_flag,		&do_help,	NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args) / sizeof(args[0]),
-		    NULL,
-		    "[login@]host [command]");
-    exit (ret);
-}
-
-/*
- *
- */
-
-int
-main(int argc, char **argv)
-{
-    int priv_port1, priv_port2;
-    int priv_socket1, priv_socket2;
-    int argindex = 0;
-    int error;
-    struct addrinfo hints, *ai;
-    int ret = 1;
-    char *cmd;
-    char *tmp;
-    size_t cmd_len;
-    const char *local_user;
-    char *host = NULL;
-    int host_index = -1;
-#ifdef KRB5
-    int status;
-#endif
-    uid_t uid;
-
-    priv_port1 = priv_port2 = IPPORT_RESERVED-1;
-    priv_socket1 = rresvport(&priv_port1);
-    priv_socket2 = rresvport(&priv_port2);
-    uid = getuid ();
-    if (setuid (uid) || (uid != 0 && setuid(0) == 0))
-	err (1, "setuid");
-    
-    setprogname (argv[0]);
-
-    if (argc >= 2 && argv[1][0] != '-') {
-	host = argv[host_index = 1];
-	argindex = 1;
-    }
-    
-    if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
-		&argindex))
-	usage (1);
-
-    if (do_help)
-	usage (0);
-
-    if (do_version) {
-	print_version (NULL);
-	return 0;
-    }
-
-#ifdef KRB5
-    if(protocol_version_str != NULL) {
-	if(strcasecmp(protocol_version_str, "N") == 0)
-	    protocol_version = 2;
-	else if(strcasecmp(protocol_version_str, "O") == 0)
-	    protocol_version = 1;
-	else {
-	    char *end;
-	    int v;
-	    v = strtol(protocol_version_str, &end, 0);
-	    if(*end != '\0' || (v != 1 && v != 2)) {
-		errx(1, "unknown protocol version \"%s\"", 
-		     protocol_version_str);
-	    }
-	    protocol_version = v;
-	}
-    }
-
-    status = krb5_init_context (&context);
-    if (status) {
-	if(use_v5 == 1)
-	    errx(1, "krb5_init_context failed: %d", status);
-	else
-	    use_v5 = 0;
-    }
-
-    /* request for forwardable on the command line means we should
-       also forward */
-    if (do_forwardable == 1)
-	do_forward = 1;
-
-#endif
-
-#if defined(KRB4) && defined(KRB5)
-    if(use_v4 == -1 && use_v5 == 1)
-	use_v4 = 0;
-    if(use_v5 == -1 && use_v4 == 1)
-	use_v5 = 0;
-#endif    
-
-    if (use_only_broken) {
-#ifdef KRB4
-	use_v4 = 0;
-#endif
-#ifdef KRB5
-	use_v5 = 0;
-#endif
-    }
-
-    if(priv_socket1 < 0) {
-	if (use_only_broken)
-	    errx (1, "unable to bind reserved port: is rsh setuid root?");
-	use_broken = 0;
-    }
-
-#if defined(KRB4) || defined(KRB5)
-    if (do_encrypt == 1 && use_only_broken)
-	errx (1, "encryption not supported with old style authentication");
-#endif
-
-
-
-#ifdef KRB5
-    if (do_unique_tkfile && unique_tkfile != NULL)
-	errx (1, "Only one of -u and -U allowed.");
-
-    if (do_unique_tkfile)
-	strlcpy(tkfile,"-u ", sizeof(tkfile));
-    else if (unique_tkfile != NULL) {
-	if (strchr(unique_tkfile,' ') != NULL) {
-	    warnx("Space is not allowed in tkfilename");
-	    usage(1);
-	}
-	do_unique_tkfile = 1;
-	snprintf (tkfile, sizeof(tkfile), "-U %s ", unique_tkfile);
-    }
-#endif
-
-    if (host == NULL) {
-	if (argc - argindex < 1)
-	    usage (1);
-	else
-	    host = argv[host_index = argindex++];
-    }
-    
-    if((tmp = strchr(host, '@')) != NULL) {
-	*tmp++ = '\0';
-	user = host;
-	host = tmp;
-    }
-
-    if (argindex == argc) {
-	close (priv_socket1);
-	close (priv_socket2);
-	argv[0] = "rlogin";
-	execvp ("rlogin", argv);
-	err (1, "execvp rlogin");
-    }
-
-    local_user = get_default_username ();
-    if (local_user == NULL)
-	errx (1, "who are you?");
-
-    if (user == NULL)
-	user = local_user;
-
-    cmd_len = construct_command(&cmd, argc - argindex, argv + argindex);
-    
-    /*
-     * Try all different authentication methods
-     */
-
-#ifdef KRB5
-    if (ret && use_v5) {
-	memset (&hints, 0, sizeof(hints));
-	hints.ai_socktype = SOCK_STREAM;
-	hints.ai_protocol = IPPROTO_TCP;
-
-	if(port_str == NULL) {
-	    error = getaddrinfo(host, "kshell", &hints, &ai);
-	    if(error == EAI_NONAME)
-		error = getaddrinfo(host, "544", &hints, &ai);
-	} else
-	    error = getaddrinfo(host, port_str, &hints, &ai);
-
-	if(error)
-	    errx (1, "getaddrinfo: %s", gai_strerror(error));
-
-	auth_method = AUTH_KRB5;
-      again:
-	ret = doit (host, ai, user, local_user, cmd, cmd_len,
-		    send_krb5_auth);
-	if(ret != 0 && sendauth_version_error && 
-	   protocol_version == 2) {
-	    protocol_version = 1;
-	    goto again;
-	}
-	freeaddrinfo(ai);
-    }
-#endif
-#ifdef KRB4
-    if (ret && use_v4) {
-	memset (&hints, 0, sizeof(hints));
-	hints.ai_socktype = SOCK_STREAM;
-	hints.ai_protocol = IPPROTO_TCP;
-
-	if(port_str == NULL) {
-	    if(do_encrypt) {
-		error = getaddrinfo(host, "ekshell", &hints, &ai);
-		if(error == EAI_NONAME)
-		    error = getaddrinfo(host, "545", &hints, &ai);
-	    } else {
-		error = getaddrinfo(host, "kshell", &hints, &ai);
-		if(error == EAI_NONAME)
-		    error = getaddrinfo(host, "544", &hints, &ai);
-	    }
-	} else
-	    error = getaddrinfo(host, port_str, &hints, &ai);
-
-	if(error)
-	    errx (1, "getaddrinfo: %s", gai_strerror(error));
-	auth_method = AUTH_KRB4;
-	ret = doit (host, ai, user, local_user, cmd, cmd_len,
-		    send_krb4_auth);
-	freeaddrinfo(ai);
-    }
-#endif
-    if (ret && use_broken) {
-	memset (&hints, 0, sizeof(hints));
-	hints.ai_socktype = SOCK_STREAM;
-	hints.ai_protocol = IPPROTO_TCP;
-
-	if(port_str == NULL) {
-	    error = getaddrinfo(host, "shell", &hints, &ai);
-	    if(error == EAI_NONAME)
-		error = getaddrinfo(host, "514", &hints, &ai);
-	} else
-	    error = getaddrinfo(host, port_str, &hints, &ai);
-
-	if(error)
-	    errx (1, "getaddrinfo: %s", gai_strerror(error));
-
-	auth_method = AUTH_BROKEN;
-	ret = doit_broken (argc, argv, host_index, ai,
-			   user, local_user,
-			   priv_socket1,
-			   do_errsock ? priv_socket2 : -1,
-			   cmd, cmd_len);
-	freeaddrinfo(ai);
-    }
-    free(cmd);
-    return ret;
-}
diff --git a/crypto/heimdal/appl/rsh/rsh_locl.h b/crypto/heimdal/appl/rsh/rsh_locl.h
deleted file mode 100644
index 0d65962bfd0e..000000000000
--- a/crypto/heimdal/appl/rsh/rsh_locl.h
+++ /dev/null
@@ -1,169 +0,0 @@
-/*
- * Copyright (c) 1997 - 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: rsh_locl.h 21553 2007-07-15 09:04:52Z lha $ */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <assert.h>
-#include <stdarg.h>
-#include <ctype.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_SYS_WAIT_H
-#include <sys/wait.h>
-#endif
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-#ifdef HAVE_NETINET6_IN6_H
-#include <netinet6/in6.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-
-#ifdef HAVE_PWD_H
-#include <pwd.h>
-#endif
-#ifdef HAVE_SHADOW_H
-#include <shadow.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef HAVE_LIMITS_H
-#include <limits.h>
-#endif
-#include <errno.h>
-
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-
-#ifdef HAVE_SYSLOG_H
-#include <syslog.h>
-#endif
-#ifdef HAVE_PATHS_H
-#include <paths.h>
-#endif
-#include <err.h>
-#include <roken.h>
-#include <getarg.h>
-#ifdef KRB4
-#include <krb.h>
-#include <prot.h>
-#endif
-#ifdef KRB5
-#include <krb5.h>
-/* XXX */
-struct krb5_pk_identity;
-struct krb5_pk_cert;
-struct ContentInfo;
-struct _krb5_krb_auth_data;
-struct krb5_dh_moduli;
-#include "crypto-headers.h"
-#include <krb5-private.h> /* for _krb5_{get,put}_int */
-#endif
-#if defined(KRB4) || defined(KRB5)
-#include <kafs.h>
-#endif
-
-#ifndef _PATH_BSHELL
-#define _PATH_BSHELL	"/bin/sh"
-#endif
-
-#ifndef _PATH_DEFPATH
-#define _PATH_DEFPATH	"/usr/bin:/bin"
-#endif
-
-#include "loginpaths.h"
-
-/*
- *
- */
-
-enum auth_method { AUTH_KRB4, AUTH_KRB5, AUTH_BROKEN };
-
-extern enum auth_method auth_method;
-extern int do_encrypt;
-#ifdef KRB5
-extern krb5_context context;
-extern krb5_keyblock *keyblock;
-extern krb5_crypto crypto;
-extern int key_usage;
-extern void *ivec_in[2];
-extern void *ivec_out[2];
-void init_ivecs(int, int);
-#endif
-#ifdef KRB4
-extern des_key_schedule schedule;
-extern des_cblock iv;
-#endif
-
-#define KCMD_OLD_VERSION "KCMDV0.1"
-#define KCMD_NEW_VERSION "KCMDV0.2"
-
-#define USERNAME_SZ 16
-#ifndef ARG_MAX
-#define ARG_MAX 8192
-#endif
-
-#define RSH_BUFSIZ (5 * 1024) /* MIT kcmd can't handle larger buffers */
-#define RSHD_BUFSIZ (16 * 1024) /* Old maxize for Heimdal 0.4 rsh */
-
-#define PATH_RSH BINDIR "/rsh"
-
-#if defined(KRB4) || defined(KRB5)
-ssize_t do_read (int, void*, size_t, void*);
-ssize_t do_write (int, void*, size_t, void*);
-#else
-#define do_write(F, B, L, I) write((F), (B), (L))
-#define do_read(F, B, L, I) read((F), (B), (L))
-#endif
diff --git a/crypto/heimdal/appl/rsh/rshd.8 b/crypto/heimdal/appl/rsh/rshd.8
deleted file mode 100644
index 95737a5082d3..000000000000
--- a/crypto/heimdal/appl/rsh/rshd.8
+++ /dev/null
@@ -1,162 +0,0 @@
-.\" Copyright (c) 2001 - 2006 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: rshd.8 16764 2006-02-27 10:07:04Z joda $
-.\"
-.Dd November 22, 2002
-.Dt RSHD 8
-.Os HEIMDAL
-.Sh NAME
-.Nm rshd
-.Nd
-remote shell server
-.Sh SYNOPSIS
-.Nm
-.Op Fl aiklnvxPL
-.Op Fl p Ar port
-.Sh DESCRIPTION
-.Nm
-is the server for
-the
-.Xr rsh 1
-program. It provides an authenticated remote command execution
-service.  Supported options are:
-.Bl -tag -width Ds
-.It Xo
-.Fl n ,
-.Fl -no-keepalive
-.Xc
-Disables keep-alive messages.
-Keep-alives are packets sent at certain intervals to make sure that the
-client is still there, even when it doesn't send any data.
-.It Xo
-.Fl k ,
-.Fl -kerberos
-.Xc
-Assume that clients connecting to this server will use some form of
-Kerberos authentication. See the
-.Sx EXAMPLES
-section for a sample
-.Xr inetd.conf 5
-configuration.
-.It Xo
-.Fl x ,
-.Fl -encrypt
-.Xc
-For Kerberos 4 this means that the connections are encrypted. Kerberos
-5 can negotiate encryption even without this option, but if it's
-present
-.Nm
-will deny unencrypted connections. This option implies
-.Fl k .
-.\".It Xo
-.\".Fl l ,
-.\".Fl -no-rhosts
-.\".Xc
-.\"When using old port-based authentication, the user's
-.\".Pa .rhosts
-.\"files are normally checked. This option disables this.
-.It Xo
-.Fl v ,
-.Fl -vacuous
-.Xc
-If the connecting client does not use any Kerberised authentication,
-print a message that complains about this fact, and exit. This is
-helpful if you want to move away from old port-based authentication.
-.It Xo
-.Fl P
-.Xc
-When using the AFS filesystem, users' authentication tokens are put in
-something called a PAG (Process Authentication Group). Multiple
-processes can share a PAG, but normally each login session has its own
-PAG. This option disables the
-.Fn setpag
-call, so all tokens will be put in the default (uid-based) PAG, making
-it possible to share tokens between sessions. This is only useful in
-peculiar environments, such as some batch systems.
-.It Xo
-.Fl i ,
-.Fl -no-inetd
-.Xc
-The
-.Fl i
-option will cause
-.Nm
-to create a socket, instead of assuming that its stdin came from
-.Xr inetd 8 .
-This is mostly useful for debugging.
-.It Xo
-.Fl p Ar port ,
-.Fl -port= Ns Ar port
-.Xc
-Port to use with
-.Fl i .
-.It Xo
-.Fl a
-.Xc
-This flag is for backwards compatibility only.
-.It Xo
-.Fl L
-.Xc
-This flag enables logging of connections to
-.Xr syslogd 8 .
-This option is always on in this implementation.
-.El
-.\".Sh ENVIRONMENT
-.Sh FILES
-.Bl -tag -width /etc/hosts.equiv -compact
-.It Pa /etc/hosts.equiv
-.It Pa ~/.rhosts
-.El
-.Sh EXAMPLES
-The following can be used to enable Kerberised rsh in
-.Xr inetd.cond 5 ,
-while disabling non-Kerberised connections:
-.Bd -literal
-shell   stream  tcp  nowait  root  /usr/libexec/rshd  rshd -v
-kshell  stream  tcp  nowait  root  /usr/libexec/rshd  rshd -k
-ekshell stream  tcp  nowait  root  /usr/libexec/rshd  rshd -kx
-.Ed
-.\".Sh DIAGNOSTICS
-.Sh SEE ALSO
-.Xr rsh 1 ,
-.Xr iruserok 3
-.\".Sh STANDARDS
-.Sh HISTORY
-The
-.Nm
-command appeared in
-.Bx 4.2 .
-.Sh AUTHORS
-This implementation of
-.Nm
-was written as part of the Heimdal Kerberos 5 implementation.
-.\".Sh BUGS
diff --git a/crypto/heimdal/appl/rsh/rshd.c b/crypto/heimdal/appl/rsh/rshd.c
deleted file mode 100644
index 852327ad6705..000000000000
--- a/crypto/heimdal/appl/rsh/rshd.c
+++ /dev/null
@@ -1,1063 +0,0 @@
-/*
- * Copyright (c) 1997-2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "rsh_locl.h"
-#include "login_locl.h"
-RCSID("$Id: rshd.c 21515 2007-07-12 12:47:07Z lha $");
-
-int
-login_access( struct passwd *user, char *from);
-int
-read_limits_conf(const char *file, const struct passwd *pwd);
-
-#ifdef NEED_IRUSEROK_PROTO
-int iruserok(uint32_t, int, const char *, const char *);
-#endif
-
-enum auth_method auth_method;
-
-#ifdef KRB5
-krb5_context context;
-krb5_keyblock *keyblock;
-krb5_crypto crypto;
-#endif
-
-#ifdef KRB4
-des_key_schedule schedule;
-des_cblock iv;
-#endif
-
-#ifdef KRB5
-krb5_ccache ccache, ccache2;
-int kerberos_status = 0;
-#endif
-
-int do_encrypt = 0;
-
-static int do_unique_tkfile           = 0;
-static char tkfile[MAXPATHLEN] = "";
-
-static int do_inetd = 1;
-static char *port_str;
-static int do_rhosts = 1;
-static int do_kerberos = 0;
-#define DO_KRB4 2
-#define DO_KRB5 4
-static int do_vacuous = 0;
-static int do_log = 1;
-static int do_newpag = 1;
-static int do_addr_verify = 0;
-static int do_keepalive = 1;
-static int do_version;
-static int do_help = 0;
-
-static void
-syslog_and_die (const char *m, ...)
-    __attribute__ ((format (printf, 1, 2)));
-
-static void
-syslog_and_die (const char *m, ...)
-{
-    va_list args;
-
-    va_start(args, m);
-    vsyslog (LOG_ERR, m, args);
-    va_end(args);
-    exit (1);
-}
-
-static void
-fatal (int, const char*, const char *, ...)
-    __attribute__ ((noreturn, format (printf, 3, 4)));
-
-static void
-fatal (int sock, const char *what, const char *m, ...)
-{
-    va_list args;
-    char buf[BUFSIZ];
-    size_t len;
-
-    *buf = 1;
-    va_start(args, m);
-    len = vsnprintf (buf + 1, sizeof(buf) - 1, m, args);
-    len = min(len, sizeof(buf) - 1);
-    va_end(args);
-    if(what != NULL)
-	syslog (LOG_ERR, "%s: %m: %s", what, buf + 1);
-    else
-	syslog (LOG_ERR, "%s", buf + 1);
-    net_write (sock, buf, len + 1);
-    exit (1);
-}
-
-static char *
-read_str (int s, size_t sz, char *expl)
-{
-    char *str = malloc(sz);
-    char *p = str;
-    if(str == NULL)
-	fatal(s, NULL, "%s too long", expl);
-    while(p < str + sz) {
-	if(net_read(s, p, 1) != 1)
-	    syslog_and_die("read: %m");
-	if(*p == '\0')
-	    return str;
-	p++;
-    }
-    fatal(s, NULL, "%s too long", expl);
-}
-
-static int
-recv_bsd_auth (int s, u_char *buf,
-	       struct sockaddr_in *thisaddr,
-	       struct sockaddr_in *thataddr,
-	       char **client_username,
-	       char **server_username,
-	       char **cmd)
-{
-    struct passwd *pwd;
-    
-    *client_username = read_str (s, USERNAME_SZ, "local username");
-    *server_username = read_str (s, USERNAME_SZ, "remote username");
-    *cmd = read_str (s, ARG_MAX + 1, "command");
-    pwd = getpwnam(*server_username);
-    if (pwd == NULL)
-	fatal(s, NULL, "Login incorrect.");
-    if (iruserok(thataddr->sin_addr.s_addr, pwd->pw_uid == 0,
-		 *client_username, *server_username))
-	fatal(s, NULL, "Login incorrect.");
-    return 0;
-}
-
-#ifdef KRB4
-static int
-recv_krb4_auth (int s, u_char *buf,
-		struct sockaddr *thisaddr,
-		struct sockaddr *thataddr,
-		char **client_username,
-		char **server_username,
-		char **cmd)
-{
-    int status;
-    int32_t options;
-    KTEXT_ST ticket;
-    AUTH_DAT auth;
-    char instance[INST_SZ + 1];
-    char version[KRB_SENDAUTH_VLEN + 1];
-
-    if (memcmp (buf, KRB_SENDAUTH_VERS, 4) != 0)
-	return -1;
-    if (net_read (s, buf + 4, KRB_SENDAUTH_VLEN - 4) !=
-	KRB_SENDAUTH_VLEN - 4)
-	syslog_and_die ("reading auth info: %m");
-    if (memcmp (buf, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN) != 0)
-	syslog_and_die("unrecognized auth protocol: %.8s", buf);
-
-    options = KOPT_IGNORE_PROTOCOL;
-    if (do_encrypt)
-	options |= KOPT_DO_MUTUAL;
-    k_getsockinst (s, instance, sizeof(instance));
-    status = krb_recvauth (options,
-			   s,
-			   &ticket,
-			   "rcmd",
-			   instance,
-			   (struct sockaddr_in *)thataddr,
-			   (struct sockaddr_in *)thisaddr,
-			   &auth,
-			   "",
-			   schedule,
-			   version);
-    if (status != KSUCCESS)
-	syslog_and_die ("recvauth: %s", krb_get_err_text(status));
-    if (strncmp (version, KCMD_OLD_VERSION, KRB_SENDAUTH_VLEN) != 0)
-	syslog_and_die ("bad version: %s", version);
-
-    *server_username = read_str (s, USERNAME_SZ, "remote username");
-    if (kuserok (&auth, *server_username) != 0)
-	fatal (s, NULL, "Permission denied.");
-    *cmd = read_str (s, ARG_MAX + 1, "command");
-
-    syslog(LOG_INFO|LOG_AUTH,
-	   "kerberos v4 shell from %s on %s as %s, cmd '%.80s'",
-	   krb_unparse_name_long(auth.pname, auth.pinst, auth.prealm),
-
-	   inet_ntoa(((struct sockaddr_in *)thataddr)->sin_addr),
-	   *server_username,
-	   *cmd);
-
-    memcpy (iv, auth.session, sizeof(iv));
-
-    return 0;
-}
-
-#endif /* KRB4 */
-
-#ifdef KRB5
-static int 
-save_krb5_creds (int s,
-                 krb5_auth_context auth_context,
-                 krb5_principal client)
-
-{
-    int ret;
-    krb5_data remote_cred;
- 
-    krb5_data_zero (&remote_cred);
-    ret= krb5_read_message (context, (void *)&s, &remote_cred);
-    if (ret) {
-	krb5_data_free(&remote_cred);
-	return 0;
-    }
-    if (remote_cred.length == 0)
-	return 0;
- 
-    ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &ccache);
-    if (ret) {
-	krb5_data_free(&remote_cred);
-	return 0;
-    }
-  
-    krb5_cc_initialize(context,ccache,client);
-    ret = krb5_rd_cred2(context, auth_context, ccache, &remote_cred);
-    if(ret != 0)
-	syslog(LOG_INFO|LOG_AUTH,
-	       "reading creds: %s", krb5_get_err_text(context, ret));
-    krb5_data_free (&remote_cred);
-    if (ret)
-	return 0;
-    return 1;
-}
-
-static void
-krb5_start_session (void)
-{
-    krb5_error_code ret;
-    char *estr;
-
-    ret = krb5_cc_resolve (context, tkfile, &ccache2);
-    if (ret) {
-	estr = krb5_get_error_string(context);
-	syslog(LOG_WARNING, "resolve cred cache %s: %s", 
-	       tkfile, 
-	       estr ? estr : krb5_get_err_text(context, ret));
-	free(estr);
-	krb5_cc_destroy(context, ccache);
-	return;
-    }
-
-    ret = krb5_cc_copy_cache (context, ccache, ccache2);
-    if (ret) {
-	estr = krb5_get_error_string(context);
-	syslog(LOG_WARNING, "storing credentials: %s", 
-	       estr ? estr : krb5_get_err_text(context, ret));
-	free(estr);
-	krb5_cc_destroy(context, ccache);
-	return ;
-    }
-
-    krb5_cc_close(context, ccache2);
-    krb5_cc_destroy(context, ccache);
-    return;
-}
-
-static int protocol_version;
-
-static krb5_boolean
-match_kcmd_version(const void *data, const char *version)
-{
-    if(strcmp(version, KCMD_NEW_VERSION) == 0) {
-	protocol_version = 2;
-	return TRUE;
-    }
-    if(strcmp(version, KCMD_OLD_VERSION) == 0) {
-	protocol_version = 1;
-	key_usage = KRB5_KU_OTHER_ENCRYPTED;
-	return TRUE;
-    }
-    return FALSE;
-}
-
-
-static int
-recv_krb5_auth (int s, u_char *buf,
-		struct sockaddr *thisaddr,
-		struct sockaddr *thataddr,
-		char **client_username,
-		char **server_username,
-		char **cmd)
-{
-    uint32_t len;
-    krb5_auth_context auth_context = NULL;
-    krb5_ticket *ticket;
-    krb5_error_code status;
-    krb5_data cksum_data;
-    krb5_principal server;
-    char *str;
-
-    if (memcmp (buf, "\x00\x00\x00\x13", 4) != 0)
-	return -1;
-    len = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | (buf[3]);
-	
-    if (net_read(s, buf, len) != len)
-	syslog_and_die ("reading auth info: %m");
-    if (len != sizeof(KRB5_SENDAUTH_VERSION)
-	|| memcmp (buf, KRB5_SENDAUTH_VERSION, len) != 0)
-	syslog_and_die ("bad sendauth version: %.8s", buf);
-    
-    status = krb5_sock_to_principal (context,
-				     s,
-				     "host",
-				     KRB5_NT_SRV_HST,
-				     &server);
-    if (status)
-	syslog_and_die ("krb5_sock_to_principal: %s",
-			krb5_get_err_text(context, status));
-
-    status = krb5_recvauth_match_version(context,
-					 &auth_context,
-					 &s,
-					 match_kcmd_version,
-					 NULL,
-					 server,
-					 KRB5_RECVAUTH_IGNORE_VERSION,
-					 NULL,
-					 &ticket);
-    krb5_free_principal (context, server);
-    if (status)
-	syslog_and_die ("krb5_recvauth: %s",
-			krb5_get_err_text(context, status));
-
-    *server_username = read_str (s, USERNAME_SZ, "remote username");
-    *cmd = read_str (s, ARG_MAX + 1, "command");
-    *client_username = read_str (s, ARG_MAX + 1, "local username");
-
-    if(protocol_version == 2) {
-	status = krb5_auth_con_getremotesubkey(context, auth_context, 
-					       &keyblock);
-	if(status != 0 || keyblock == NULL)
-	    syslog_and_die("failed to get remote subkey");
-    } else if(protocol_version == 1) {
-	status = krb5_auth_con_getkey (context, auth_context, &keyblock);
-	if(status != 0 || keyblock == NULL)
-	    syslog_and_die("failed to get key");
-    }
-    if (status != 0 || keyblock == NULL)
-       syslog_and_die ("krb5_auth_con_getkey: %s",
-                       krb5_get_err_text(context, status));
-
-    status = krb5_crypto_init(context, keyblock, 0, &crypto);
-    if(status)
-	syslog_and_die("krb5_crypto_init: %s", 
-		       krb5_get_err_text(context, status));
-
-    
-    cksum_data.length = asprintf (&str,
-				  "%u:%s%s",
-				  ntohs(socket_get_port (thisaddr)),
-				  *cmd,
-				  *server_username);
-    if (str == NULL)
-	syslog_and_die ("asprintf: out of memory");
-    cksum_data.data = str;
-
-    status = krb5_verify_authenticator_checksum(context, 
-						auth_context,
-						cksum_data.data, 
-						cksum_data.length);
-
-    if (status)
-	syslog_and_die ("krb5_verify_authenticator_checksum: %s",
-			krb5_get_err_text(context, status));
-
-    free (cksum_data.data);
-
-    if (strncmp (*client_username, "-u ", 3) == 0) {
-	do_unique_tkfile = 1;
-	memmove (*client_username, *client_username + 3,
-		 strlen(*client_username) - 2);
-    }
-
-    if (strncmp (*client_username, "-U ", 3) == 0) {
-	char *end, *temp_tkfile;
-
-	do_unique_tkfile = 1;
-	if (strncmp (*client_username + 3, "FILE:", 5) == 0) {
-	    temp_tkfile = tkfile;
-	} else {
-	    strlcpy (tkfile, "FILE:", sizeof(tkfile));
-	    temp_tkfile = tkfile + 5;
-	}
-	end = strchr(*client_username + 3,' ');
-	if (end == NULL)
-	    syslog_and_die("missing argument after -U");
-	snprintf(temp_tkfile, sizeof(tkfile) - (temp_tkfile - tkfile),
-		 "%.*s",
-		 (int)(end - *client_username - 3),
-		 *client_username + 3);
-	memmove (*client_username, end + 1, strlen(end+1)+1);
-    }
-
-    kerberos_status = save_krb5_creds (s, auth_context, ticket->client);
-
-    if(!krb5_kuserok (context,
-		      ticket->client,
-		      *server_username))
-	fatal (s, NULL, "Permission denied.");
-
-    if (strncmp (*cmd, "-x ", 3) == 0) {
-	do_encrypt = 1;
-	memmove (*cmd, *cmd + 3, strlen(*cmd) - 2);
-    } else {
-	if(do_encrypt)
-	    fatal (s, NULL, "Encryption is required.");
-	do_encrypt = 0;
-    }
-
-    {
-	char *name;
-
-	if (krb5_unparse_name (context, ticket->client, &name) == 0) {
-	    char addr_str[256];
-
-	    if (inet_ntop (thataddr->sa_family,
-			   socket_get_address (thataddr),
-			   addr_str, sizeof(addr_str)) == NULL)
-		strlcpy (addr_str, "unknown address",
-				 sizeof(addr_str));
-
-	    syslog(LOG_INFO|LOG_AUTH,
-		   "kerberos v5 shell from %s on %s as %s, cmd '%.80s'",
-		   name,
-		   addr_str,
-		   *server_username,
-		   *cmd);
-	    free (name);
-	}
-    }	   
-
-    return 0;
-}
-#endif /* KRB5 */
-
-static void
-rshd_loop (int from0, int to0,
-	   int to1,   int from1,
-	   int to2,   int from2,
-	   int have_errsock)
-{
-    fd_set real_readset;
-    int max_fd;
-    int count = 2;
-    char *buf;
-
-    if(from0 >= FD_SETSIZE || from1 >= FD_SETSIZE || from2 >= FD_SETSIZE)
-	errx (1, "fd too large");
-
-#ifdef KRB5
-    if(auth_method == AUTH_KRB5 && protocol_version == 2)
-	init_ivecs(0, have_errsock);
-#endif
-
-    FD_ZERO(&real_readset);
-    FD_SET(from0, &real_readset);
-    FD_SET(from1, &real_readset);
-    FD_SET(from2, &real_readset);
-    max_fd = max(from0, max(from1, from2)) + 1;
-
-    buf = malloc(max(RSHD_BUFSIZ, RSH_BUFSIZ));
-    if (buf == NULL)
-	syslog_and_die("out of memory");
-
-    for (;;) {
-	int ret;
-	fd_set readset = real_readset;
-
-	ret = select (max_fd, &readset, NULL, NULL, NULL);
-	if (ret < 0) {
-	    if (errno == EINTR)
-		continue;
-	    else
-		syslog_and_die ("select: %m");
-	}
-	if (FD_ISSET(from0, &readset)) {
-	    ret = do_read (from0, buf, RSHD_BUFSIZ, ivec_in[0]);
-	    if (ret < 0)
-		syslog_and_die ("read: %m");
-	    else if (ret == 0) {
-		close (from0);
-		close (to0);
-		FD_CLR(from0, &real_readset);
-	    } else
-		net_write (to0, buf, ret);
-	}
-	if (FD_ISSET(from1, &readset)) {
-	    ret = read (from1, buf, RSH_BUFSIZ);
-	    if (ret < 0)
-		syslog_and_die ("read: %m");
-	    else if (ret == 0) {
-		close (from1);
-		close (to1);
-		FD_CLR(from1, &real_readset);
-		if (--count == 0)
-		    exit (0);
-	    } else
-		do_write (to1, buf, ret, ivec_out[0]);
-	}
-	if (FD_ISSET(from2, &readset)) {
-	    ret = read (from2, buf, RSH_BUFSIZ);
-	    if (ret < 0)
-		syslog_and_die ("read: %m");
-	    else if (ret == 0) {
-		close (from2);
-		close (to2);
-		FD_CLR(from2, &real_readset);
-		if (--count == 0)
-		    exit (0);
-	    } else
-		do_write (to2, buf, ret, ivec_out[1]);
-	}
-   }
-}
-
-/*
- * Used by `setup_copier' to create some pipe-like means of
- * communcation.  Real pipes would probably be the best thing, but
- * then the shell doesn't understand it's talking to rshd.  If
- * socketpair doesn't work everywhere, some autoconf magic would have
- * to be added here.
- *
- * If it fails creating the `pipe', it aborts by calling fatal.
- */
-
-static void
-pipe_a_like (int fd[2])
-{
-    if (socketpair (AF_UNIX, SOCK_STREAM, 0, fd) < 0)
-	fatal (STDOUT_FILENO, "socketpair", "Pipe creation failed.");
-}
-
-/*
- * Start a child process and leave the parent copying data to and from it.  */
-
-static void
-setup_copier (int have_errsock)
-{
-    int p0[2], p1[2], p2[2];
-    pid_t pid;
-
-    pipe_a_like(p0);
-    pipe_a_like(p1);
-    pipe_a_like(p2);
-    pid = fork ();
-    if (pid < 0)
-	fatal (STDOUT_FILENO, "fork", "Could not create child process.");
-    if (pid == 0) { /* child */
-	close (p0[1]);
-	close (p1[0]);
-	close (p2[0]);
-	dup2 (p0[0], STDIN_FILENO);
-	dup2 (p1[1], STDOUT_FILENO);
-	dup2 (p2[1], STDERR_FILENO);
-	close (p0[0]);
-	close (p1[1]);
-	close (p2[1]);
-    } else { /* parent */
-	close (p0[0]);
-	close (p1[1]);
-	close (p2[1]);
-
-	if (net_write (STDOUT_FILENO, "", 1) != 1)
-	    fatal (STDOUT_FILENO, "net_write", "Write failure.");
-
-	rshd_loop (STDIN_FILENO, p0[1],
-	      STDOUT_FILENO, p1[0],
-	      STDERR_FILENO, p2[0],
-	      have_errsock);
-    }
-}
-
-/*
- * Is `port' a ``reserverd'' port?
- */
-
-static int
-is_reserved(u_short port)
-{
-    return ntohs(port) < IPPORT_RESERVED;
-}
-
-/*
- * Set the necessary part of the environment in `env'.
- */
-
-static void
-setup_environment (char ***env, const struct passwd *pwd)
-{
-    int i, j, path;
-    char **e;
-
-    i = 0;
-    path = 0;
-    *env = NULL;
-
-    i = read_environment(_PATH_ETC_ENVIRONMENT, env);
-    e = *env;
-    for (j = 0; j < i; j++) {
-	if (!strncmp(e[j], "PATH=", 5)) {
-	    path = 1;
-	}
-    }
-
-    e = *env;
-    e = realloc(e, (i + 7) * sizeof(char *));
-
-    if (asprintf (&e[i++], "USER=%s",  pwd->pw_name) == -1)
-	syslog_and_die ("asprintf: out of memory");
-    if (asprintf (&e[i++], "HOME=%s",  pwd->pw_dir) == -1)
-	syslog_and_die ("asprintf: out of memory");
-    if (asprintf (&e[i++], "SHELL=%s", pwd->pw_shell) == -1)
-	syslog_and_die ("asprintf: out of memory");
-    if (! path) {
-	if (asprintf (&e[i++], "PATH=%s",  _PATH_DEFPATH) == -1)
-	    syslog_and_die ("asprintf: out of memory");
-    }
-    asprintf (&e[i++], "SSH_CLIENT=only_to_make_bash_happy");
-    if (do_unique_tkfile)
-	if (asprintf (&e[i++], "KRB5CCNAME=%s", tkfile) == -1)
-	    syslog_and_die ("asprintf: out of memory");
-    e[i++] = NULL;
-    *env = e;
-}
-
-static void
-doit (void)
-{
-    u_char buf[BUFSIZ];
-    u_char *p;
-    struct sockaddr_storage thisaddr_ss;
-    struct sockaddr *thisaddr = (struct sockaddr *)&thisaddr_ss;
-    struct sockaddr_storage thataddr_ss;
-    struct sockaddr *thataddr = (struct sockaddr *)&thataddr_ss;
-    struct sockaddr_storage erraddr_ss;
-    struct sockaddr *erraddr = (struct sockaddr *)&erraddr_ss;
-    socklen_t thisaddr_len, thataddr_len;
-    int port;
-    int errsock = -1;
-    char *client_user = NULL, *server_user = NULL, *cmd = NULL;
-    struct passwd *pwd;
-    int s = STDIN_FILENO;
-    char **env;
-    int ret;
-    char that_host[NI_MAXHOST];
-
-    thisaddr_len = sizeof(thisaddr_ss);
-    if (getsockname (s, thisaddr, &thisaddr_len) < 0)
-	syslog_and_die("getsockname: %m");
-    thataddr_len = sizeof(thataddr_ss);
-    if (getpeername (s, thataddr, &thataddr_len) < 0)
-	syslog_and_die ("getpeername: %m");
-
-    /* check for V4MAPPED addresses? */
-
-    if (do_kerberos == 0 && !is_reserved(socket_get_port(thataddr)))
-	fatal(s, NULL, "Permission denied.");
-
-    p = buf;
-    port = 0;
-    for(;;) {
-	if (net_read (s, p, 1) != 1)
-	    syslog_and_die ("reading port number: %m");
-	if (*p == '\0')
-	    break;
-	else if (isdigit(*p))
-	    port = port * 10 + *p - '0';
-	else
-	    syslog_and_die ("non-digit in port number: %c", *p);
-    }
-
-    if (do_kerberos  == 0 && !is_reserved(htons(port)))
-	fatal(s, NULL, "Permission denied.");
-
-    if (port) {
-	int priv_port = IPPORT_RESERVED - 1;
-
-	/* 
-	 * There's no reason to require a ``privileged'' port number
-	 * here, but for some reason the brain dead rsh clients
-	 * do... :-(
-	 */
-
-	erraddr->sa_family = thataddr->sa_family;
-	socket_set_address_and_port (erraddr,
-				     socket_get_address (thataddr),
-				     htons(port));
-
-	/*
-	 * we only do reserved port for IPv4
-	 */
-
-	if (erraddr->sa_family == AF_INET)
-	    errsock = rresvport (&priv_port);
-	else
-	    errsock = socket (erraddr->sa_family, SOCK_STREAM, 0);
-	if (errsock < 0)
-	    syslog_and_die ("socket: %m");
-	if (connect (errsock,
-		     erraddr,
-		     socket_sockaddr_size (erraddr)) < 0) {
-	    syslog (LOG_WARNING, "connect: %m");
-	    close (errsock);
-	}
-    }
-    
-    if(do_kerberos) {
-	if (net_read (s, buf, 4) != 4)
-	    syslog_and_die ("reading auth info: %m");
-    
-#ifdef KRB4
-	if ((do_kerberos & DO_KRB4) && 
-	    recv_krb4_auth (s, buf, thisaddr, thataddr,
-			    &client_user,
-			    &server_user,
-			    &cmd) == 0)
-	    auth_method = AUTH_KRB4;
-	else
-#endif /* KRB4 */
-#ifdef KRB5
-	    if((do_kerberos & DO_KRB5) &&
-	       recv_krb5_auth (s, buf, thisaddr, thataddr,
-			       &client_user,
-			       &server_user,
-			       &cmd) == 0)
-		auth_method = AUTH_KRB5;
-	    else
-#endif /* KRB5 */
-		syslog_and_die ("unrecognized auth protocol: %x %x %x %x",
-				buf[0], buf[1], buf[2], buf[3]);
-    } else {
-	if(recv_bsd_auth (s, buf,
-			  (struct sockaddr_in *)thisaddr,
-			  (struct sockaddr_in *)thataddr,
-			  &client_user,
-			  &server_user,
-			  &cmd) == 0) {
-	    auth_method = AUTH_BROKEN;
-	    if(do_vacuous) {
-		printf("Remote host requires Kerberos authentication\n");
-		exit(0);
-	    }
-	} else
-	    syslog_and_die("recv_bsd_auth failed");
-    }
-
-    if (client_user == NULL || server_user == NULL || cmd == NULL)
-	syslog_and_die("mising client/server/cmd");
-
-    pwd = getpwnam (server_user);
-    if (pwd == NULL)
-	fatal (s, NULL, "Login incorrect.");
-
-    if (*pwd->pw_shell == '\0')
-	pwd->pw_shell = _PATH_BSHELL;
-
-    if (pwd->pw_uid != 0 && access (_PATH_NOLOGIN, F_OK) == 0)
-	fatal (s, NULL, "Login disabled.");
-
-
-    ret = getnameinfo_verified (thataddr, thataddr_len,
-				that_host, sizeof(that_host),
-				NULL, 0, 0);
-    if (ret)
-	fatal (s, NULL, "getnameinfo: %s", gai_strerror(ret));
-
-    if (login_access(pwd, that_host) == 0) {
-	syslog(LOG_NOTICE, "Kerberos rsh denied to %s from %s",
-	       server_user, that_host);
-	fatal(s, NULL, "Permission denied.");
-    }
-
-#ifdef HAVE_GETSPNAM
-    {
-	struct spwd *sp;
-	long    today;
-    
-	sp = getspnam(server_user);
-	if (sp != NULL) {
-	    today = time(0)/(24L * 60 * 60);
-	    if (sp->sp_expire > 0) 
-		if (today > sp->sp_expire) 
-		    fatal(s, NULL, "Account has expired.");
-	}
-    }
-#endif
-    
-
-#ifdef HAVE_SETLOGIN
-    if (setlogin(pwd->pw_name) < 0)
-	syslog(LOG_ERR, "setlogin() failed: %m");
-#endif
-
-#ifdef HAVE_SETPCRED
-    if (setpcred (pwd->pw_name, NULL) == -1)
-	syslog(LOG_ERR, "setpcred() failure: %m");
-#endif /* HAVE_SETPCRED */
-
-    /* Apply limits if not root */
-    if(pwd->pw_uid != 0) {
-	 const char *file = _PATH_LIMITS_CONF;
-	 read_limits_conf(file, pwd);
-    }
-
-    if (initgroups (pwd->pw_name, pwd->pw_gid) < 0)
-	fatal (s, "initgroups", "Login incorrect.");
-
-    if (setgid(pwd->pw_gid) < 0)
-	fatal (s, "setgid", "Login incorrect.");
-
-    if (setuid (pwd->pw_uid) < 0)
-	fatal (s, "setuid", "Login incorrect.");
-
-    if (chdir (pwd->pw_dir) < 0)
-	fatal (s, "chdir", "Remote directory.");
-
-    if (errsock >= 0) {
-	if (dup2 (errsock, STDERR_FILENO) < 0)
-	    fatal (s, "dup2", "Cannot dup stderr.");
-	close (errsock);
-    } else {
-	if (dup2 (STDOUT_FILENO, STDERR_FILENO) < 0)
-	    fatal (s, "dup2", "Cannot dup stderr.");
-    }
-
-#ifdef KRB5
-    {
-	int fd;
- 
-	if (!do_unique_tkfile)
-	    snprintf(tkfile,sizeof(tkfile),"FILE:/tmp/krb5cc_%lu",
-		     (unsigned long)pwd->pw_uid);
-	else if (*tkfile=='\0') {
-	    snprintf(tkfile,sizeof(tkfile),"FILE:/tmp/krb5cc_XXXXXX");
-	    fd = mkstemp(tkfile+5);
-	    close(fd);
-	    unlink(tkfile+5);
-	}
- 
-	if (kerberos_status)
-	    krb5_start_session();
-    }
-#endif
-
-    setup_environment (&env, pwd);
-
-    if (do_encrypt) {
-	setup_copier (errsock >= 0);
-    } else {
-	if (net_write (s, "", 1) != 1)
-	    fatal (s, "net_write", "write failed");
-    }
-
-#if defined(KRB4) || defined(KRB5)
-    if(k_hasafs()) {
-	char cell[64];
-
-	if(do_newpag)
-	    k_setpag();
-#ifdef KRB4
-	if (k_afs_cell_of_file (pwd->pw_dir, cell, sizeof(cell)) == 0)
-	    krb_afslog_uid_home (cell, NULL, pwd->pw_uid, pwd->pw_dir);
-	krb_afslog_uid_home(NULL, NULL, pwd->pw_uid, pwd->pw_dir);
-#endif
-
-#ifdef KRB5
-	/* XXX */
-       if (kerberos_status) {
-	   krb5_ccache ccache;
-	   krb5_error_code status;
-
-	   status = krb5_cc_resolve (context, tkfile, &ccache);
-	   if (!status) {
-	       if (k_afs_cell_of_file (pwd->pw_dir, cell, sizeof(cell)) == 0)
-		   krb5_afslog_uid_home(context, ccache, cell, NULL,
-					pwd->pw_uid, pwd->pw_dir);
-	       krb5_afslog_uid_home(context, ccache, NULL, NULL,
-				    pwd->pw_uid, pwd->pw_dir);
-	       krb5_cc_close (context, ccache);
-	   }
-       }
-#endif /* KRB5 */
-    }
-#endif /* KRB5 || KRB4 */
-    execle (pwd->pw_shell, pwd->pw_shell, "-c", cmd, NULL, env);
-    err(1, "exec %s", pwd->pw_shell);
-}
-
-struct getargs args[] = {
-    { NULL,		'a',	arg_flag,	&do_addr_verify },
-    { "keepalive",	'n',	arg_negative_flag,	&do_keepalive },
-    { "inetd",		'i',	arg_negative_flag,	&do_inetd,
-      "Not started from inetd" },
-#if defined(KRB4) || defined(KRB5)
-    { "kerberos",	'k',	arg_flag,	&do_kerberos,
-      "Implement kerberised services" },
-    { "encrypt",	'x',	arg_flag,		&do_encrypt,
-      "Implement encrypted service" },
-#endif
-    { "rhosts",		'l',	arg_negative_flag, &do_rhosts,
-      "Don't check users .rhosts" },
-    { "port",		'p',	arg_string,	&port_str,	"Use this port",
-      "port" },
-    { "vacuous",	'v',	arg_flag, &do_vacuous,
-      "Don't accept non-kerberised connections" },
-#if defined(KRB4) || defined(KRB5)
-    { NULL,		'P',	arg_negative_flag, &do_newpag,
-      "Don't put process in new PAG" },
-#endif
-    /* compatibility flag: */
-    { NULL,		'L',	arg_flag, &do_log },
-    { "version",	0, 	arg_flag,		&do_version },
-    { "help",		0, 	arg_flag,		&do_help }
-};
-
-static void
-usage (int ret)
-{
-    if(isatty(STDIN_FILENO))
-	arg_printusage (args,
-			sizeof(args) / sizeof(args[0]),
-			NULL,
-			"");
-    else
-	syslog (LOG_ERR, "Usage: %s [-ikxlvPL] [-p port]", getprogname());
-    exit (ret);
-}
-
-
-int
-main(int argc, char **argv)
-{
-    int optind = 0;
-    int on = 1;
-
-    setprogname (argv[0]);
-    roken_openlog ("rshd", LOG_ODELAY | LOG_PID, LOG_AUTH);
-
-    if (getarg(args, sizeof(args) / sizeof(args[0]), argc, argv,
-	       &optind))
-	usage(1);
-
-    if(do_help)
-	usage (0);
-
-    if (do_version) {
-	print_version(NULL);
-	exit(0);
-    }
-
-#if defined(KRB4) || defined(KRB5)
-    if (do_encrypt)
-	do_kerberos = 1;
-
-    if(do_kerberos)
-	do_kerberos = DO_KRB4 | DO_KRB5;
-#endif
-
-#ifdef KRB5
-    if((do_kerberos & DO_KRB5) && krb5_init_context (&context) != 0)
-	do_kerberos &= ~DO_KRB5;
-#endif
-
-    if (!do_inetd) {
-	int error;
-	struct addrinfo *ai = NULL, hints;
-	char portstr[NI_MAXSERV];
-	
-	memset (&hints, 0, sizeof(hints));
-	hints.ai_flags    = AI_PASSIVE;
-	hints.ai_socktype = SOCK_STREAM;
-	hints.ai_family   = PF_UNSPEC;
-	
-	if(port_str != NULL) {
-	    error = getaddrinfo (NULL, port_str, &hints, &ai);
-	    if (error)
-		errx (1, "getaddrinfo: %s", gai_strerror (error));
-	}
-	if (ai == NULL) {
-#if defined(KRB4) || defined(KRB5)
-	    if (do_kerberos) {
-		if (do_encrypt) {
-		    error = getaddrinfo(NULL, "ekshell", &hints, &ai);
-		    if(error == EAI_NONAME) {
-			snprintf(portstr, sizeof(portstr), "%d", 545);
-			error = getaddrinfo(NULL, portstr, &hints, &ai);
-		    }
-		    if(error) 
-			errx (1, "getaddrinfo: %s", gai_strerror (error));
-		} else {
-		    error = getaddrinfo(NULL, "kshell", &hints, &ai);
-		    if(error == EAI_NONAME) {
-			snprintf(portstr, sizeof(portstr), "%d", 544);
-			error = getaddrinfo(NULL, portstr, &hints, &ai);
-		    }
-		    if(error) 
-			errx (1, "getaddrinfo: %s", gai_strerror (error));
-		}
-	    } else
-#endif
-		{
-		    error = getaddrinfo(NULL, "shell", &hints, &ai);
-		    if(error == EAI_NONAME) {
-			snprintf(portstr, sizeof(portstr), "%d", 514);
-			error = getaddrinfo(NULL, portstr, &hints, &ai);
-		    }
-		    if(error) 
-			errx (1, "getaddrinfo: %s", gai_strerror (error));
-		}
-	}
-	mini_inetd_addrinfo (ai);
-	freeaddrinfo(ai);
-    }
-
-    if (do_keepalive &&
-	setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (char *)&on,
-		   sizeof(on)) < 0)
-	syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
-
-    /* set SO_LINGER? */
-
-    signal (SIGPIPE, SIG_IGN);
-
-    doit ();
-    return 0;
-}
diff --git a/crypto/heimdal/appl/su/ChangeLog b/crypto/heimdal/appl/su/ChangeLog
deleted file mode 100644
index 591eadac47ca..000000000000
--- a/crypto/heimdal/appl/su/ChangeLog
+++ /dev/null
@@ -1,123 +0,0 @@
-2007-10-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* su.c: read environment from _PATH_ETC_ENVIRONMENT
-
-	* supaths.c: paths
-
-2007-08-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* su.c: Check all local realms when su-ing, from Magnus Holmberg.
-
-2007-06-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* su.c: If not root and not setuid, print warning.
-
-2006-01-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* su.c (group_member_p): rename from group_member to avoid name
-	pollution from glibc headers. Fixed based on report from David Love.
-
-2006-01-12  Johan Danielsson  <joda@pdc.kth.se>
-
-	* su.c: fix reversed logic when deciding to print tty or not
-	
-2005-10-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* su.c: Check return value from asprintf instead of string != NULL
-	since it undefined behavior on Linux. From Bj�rn Sandell
-	
-2005-05-10  Dave Love  <fx@gnu.org>
-
-	* su.c: Include <crypt.h>.
-
-2003-09-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* su.c: s/des_read_pw_string/UI_UTIL_read_pw_string/
-	
-2003-05-06  Johan Danielsson  <joda@pdc.kth.se>
-
-	* su.c: remove accidentally committed code that prints the command
-	being executed
-
-2003-03-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* su.c (krb5_start_session): krb5_afslog doesn't depend on KRB4
-	any more
-
-2002-02-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* su.c: make this build without krb5
-
-2002-01-09  Jacques Vidrine <n@nectar.cc>
-	
-	* su.c: Don't use getlogin() to determine whether we are root.
-	Patch by joda.
-
-2001-06-12  Assar Westerlund  <assar@sics.se>
-
-	* su.c: check memory allocations.  add some const
-
-2000-12-31  Assar Westerlund  <assar@sics.se>
-
-	* su.c (krb5_verify): handle krb5_init_context failure
-	consistently
-
-2000-08-28  Johan Danielsson  <joda@pdc.kth.se>
-
-	* su.c: set KRBTKFILE
-
-2000-07-10  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: actually install su
-	* su.c (krb5_verify): try harder freeing.  do not get upset on
-	interrupted password read
-
-2000-06-09  Assar Westerlund  <assar@sics.se>
-
-	* su.c (main): work-around for setuid and capabilities bug fixed
-	in Linux 2.2.16
-
-2000-06-03  Assar Westerlund  <assar@sics.se>
-
-	* su.c (main): just ignore shadow information if getspnam returns
-	NULL
-
-1999-10-20  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: use LIB_roken
-
-1999-09-28  Assar Westerlund  <assar@sics.se>
-
-	* su.c (krb5_verify): use krb5_verify_user_lrealm
-
-1999-08-04  Assar Westerlund  <assar@sics.se>
-
-	* su.c: add support for shadow passwords and rewrite some logic.
-  	From Miroslav Ruda <ruda@ics.muni.cz>
-
-	* Makefile.am: add libkafs
-
-1999-06-15  Assar Westerlund  <assar@sics.se>
-
-	* su.c (main): conditionalize `getlogin'
-
-1999-05-11  Assar Westerlund  <assar@sics.se>
-
-	* su.c (verfiy_krb5): get the name out of the ccache before
- 	closing it
-
-1999-05-05  Assar Westerlund  <assar@sics.se>
-
-	* su.c: some more error checking
-
-Wed Apr 21 21:04:36 1999  Assar Westerlund  <assar@sics.se>
-
-	* su.c (-f): implement
-
-	* su.c: implement -i
-	(verify_krb5): correct the ownership on the credential cache
-
-Tue Apr 20 13:26:13 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* su.c: don't depend on paths.h
-
diff --git a/crypto/heimdal/appl/su/Makefile.am b/crypto/heimdal/appl/su/Makefile.am
deleted file mode 100644
index 91e0ee3d48ee..000000000000
--- a/crypto/heimdal/appl/su/Makefile.am
+++ /dev/null
@@ -1,19 +0,0 @@
-# $Id: Makefile.am 21986 2007-10-19 05:22:57Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-AM_CPPFLAGS += $(INCLUDE_krb4) $(INCLUDE_hcrypto)
-
-bin_PROGRAMS = su
-bin_SUIDS = su
-su_SOURCES = su.c supaths.h
-man_MANS = su.1
-
-LDADD = $(LIB_kafs) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_krb4) \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken)
-
-EXTRA_DIST = $(man_MANS)
diff --git a/crypto/heimdal/appl/su/Makefile.in b/crypto/heimdal/appl/su/Makefile.in
deleted file mode 100644
index 0159272bc721..000000000000
--- a/crypto/heimdal/appl/su/Makefile.in
+++ /dev/null
@@ -1,841 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 21986 2007-10-19 05:22:57Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common ChangeLog
-bin_PROGRAMS = su$(EXEEXT)
-subdir = appl/su
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)"
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-PROGRAMS = $(bin_PROGRAMS)
-am_su_OBJECTS = su.$(OBJEXT)
-su_OBJECTS = $(am_su_OBJECTS)
-su_LDADD = $(LDADD)
-am__DEPENDENCIES_1 =
-am__DEPENDENCIES_2 = $(top_builddir)/lib/kafs/libkafs.la \
-	$(am__DEPENDENCIES_1)
-su_DEPENDENCIES = $(am__DEPENDENCIES_2) \
-	$(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
-	$(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-SOURCES = $(su_SOURCES)
-DIST_SOURCES = $(su_SOURCES)
-man1dir = $(mandir)/man1
-MANS = $(man_MANS)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
-	$(INCLUDE_krb4) $(INCLUDE_hcrypto)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-bin_SUIDS = su
-su_SOURCES = su.c supaths.h
-man_MANS = su.1
-LDADD = $(LIB_kafs) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_krb4) \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken)
-
-EXTRA_DIST = $(man_MANS)
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps appl/su/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps appl/su/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(bindir)/$$f"; \
-	done
-
-clean-binPROGRAMS:
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-su$(EXEEXT): $(su_OBJECTS) $(su_DEPENDENCIES) 
-	@rm -f su$(EXEEXT)
-	$(LINK) $(su_OBJECTS) $(su_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-man1: $(man1_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)"
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    1*) ;; \
-	    *) ext='1' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \
-	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \
-	done
-uninstall-man1:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    1*) ;; \
-	    *) ext='1' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \
-	  rm -f "$(DESTDIR)$(man1dir)/$$inst"; \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-installdirs:
-	for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am: install-binPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man: install-man1
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-binPROGRAMS uninstall-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-uninstall-man: uninstall-man1
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
-	clean clean-binPROGRAMS clean-generic clean-libtool ctags \
-	dist-hook distclean distclean-compile distclean-generic \
-	distclean-libtool distclean-tags distdir dvi dvi-am html \
-	html-am info info-am install install-am install-binPROGRAMS \
-	install-data install-data-am install-data-hook install-dvi \
-	install-dvi-am install-exec install-exec-am install-exec-hook \
-	install-html install-html-am install-info install-info-am \
-	install-man install-man1 install-pdf install-pdf-am install-ps \
-	install-ps-am install-strip installcheck installcheck-am \
-	installdirs maintainer-clean maintainer-clean-generic \
-	mostlyclean mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \
-	uninstall-am uninstall-binPROGRAMS uninstall-hook \
-	uninstall-man uninstall-man1
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/su/su.1 b/crypto/heimdal/appl/su/su.1
deleted file mode 100644
index 76f4dc5d4552..000000000000
--- a/crypto/heimdal/appl/su/su.1
+++ /dev/null
@@ -1,123 +0,0 @@
-.\" Copyright (c) 2003 - 2006 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: su.1 16528 2006-01-12 16:25:01Z joda $
-.\"
-.Dd January 12, 2006
-.Dt SU 1
-.Os HEIMDAL
-.Sh NAME
-.Nm su
-.Nd substitute user identity
-.Sh SYNOPSIS
-.Nm su
-.Op Fl K | Fl -no-kerberos
-.Op Fl f
-.Op Fl l | Fl -full
-.Op Fl m
-.Oo Fl i Ar instance \*(Ba Xo
-.Fl -instance= Ns Ar instance
-.Xc
-.Oc
-.Oo Fl c Ar command \*(Ba Xo
-.Fl -command= Ns Ar command
-.Xc
-.Oc
-.Op Ar login Op Ar "shell arguments"
-.Sh DESCRIPTION
-.Nm su
-will use Kerberos authentication provided that an instance for the
-user wanting to change effective UID is present in a file named
-.Pa .k5login
-in the target user id's home directory
-.Pp
-A special case exists where 
-.Ql root Ap s
-.Pa ~/.k5login
-needs to contain an entry for:
-.Ql user Ns / Ns Ao instance Ac Ns @ Ns REALM
-for
-.Nm su
-to succed (where 
-.Aq instance
-is
-.Ql root
-unless changed with 
-.Fl i ) .
-.Pp
-In the absence of either an entry for current user in said file or
-other problems like missing 
-.Ql host/hostname@REALM
-keys in the system's
-keytab, or user typing the wrong password, 
-.Nm su
-will fall back to traditional
-.Pa /etc/passwd
-authentication.
-.Pp
-When using
-.Pa /etc/passwd
-authentication,
-.Nm su 
-allows
-.Ql root
-access only to members of the group
-.Ql wheel ,
-or to any user (with knowledge of the
-.Ql root
-password) if that group
-does not exist, or has no members.
-.Pp
-The options are as follows:
-.Bl -item -width Ds
-.It
-.Fl K ,
-.Fl -no-kerberos
-don't use Kerberos.
-.It
-.Fl f
-don't read .cshrc.
-.It
-.Fl l ,
-.Fl -full
-simulate full login.
-.It
-.Fl m
-leave environment unmodified.
-.It
-.Fl i Ar instance ,
-.Fl -instance= Ns Ar instance
-root instance to use.
-.It
-.Fl c Ar command ,
-.Fl -command= Ns Ar command
-command to execute.
-.El
diff --git a/crypto/heimdal/appl/su/su.c b/crypto/heimdal/appl/su/su.c
deleted file mode 100644
index fc21595216b6..000000000000
--- a/crypto/heimdal/appl/su/su.c
+++ /dev/null
@@ -1,622 +0,0 @@
-/*
- * Copyright (c) 1999 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include <config.h>
-
-RCSID("$Id: su.c 21988 2007-10-19 05:36:54Z lha $");
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <syslog.h>
-
-#ifdef HAVE_PATHS_H
-#include <paths.h>
-#endif
-
-#ifdef HAVE_SHADOW_H
-#include <shadow.h>
-#endif
-
-#include <pwd.h>
-#ifdef HAVE_CRYPT_H
-#include <crypt.h>
-#endif
-
-#include "crypto-headers.h"
-#ifdef KRB5
-#include <krb5.h>
-#endif
-#ifdef KRB4
-#include <krb.h>
-#endif
-#include <kafs.h>
-#include <err.h>
-#include <roken.h>
-#include <getarg.h>
-
-#include "supaths.h"
-
-int kerberos_flag = 1;
-int csh_f_flag;
-int full_login;
-int env_flag;
-char *kerberos_instance = "root";
-int help_flag;
-int version_flag;
-char *cmd;
-char tkfile[256];
-
-struct getargs args[] = {
-    { "kerberos", 'K', arg_negative_flag, &kerberos_flag,
-      "don't use kerberos" },
-    { NULL,	  'f', arg_flag,	  &csh_f_flag,
-      "don't read .cshrc" },
-    { "full",	  'l', arg_flag,          &full_login,
-      "simulate full login" },
-    { NULL,	  'm', arg_flag,          &env_flag,
-      "leave environment unmodified" },
-    { "instance", 'i', arg_string,        &kerberos_instance,
-      "root instance to use" },
-    { "command",  'c', arg_string,        &cmd,
-      "command to execute" },
-    { "help", 	  'h', arg_flag,          &help_flag },
-    { "version",  0,   arg_flag,          &version_flag },
-};
-
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "[login [shell arguments]]");
-    exit (ret);
-}
-
-static void
-free_info(struct passwd *p)
-{
-    free (p->pw_name);
-    free (p->pw_passwd);
-    free (p->pw_dir);
-    free (p->pw_shell);
-    free (p);
-}
-
-static struct passwd*
-dup_info(const struct passwd *pwd)
-{
-    struct passwd *info;
-
-    info = malloc(sizeof(*info));
-    if(info == NULL)
-	return NULL;
-    info->pw_name = strdup(pwd->pw_name);
-    info->pw_passwd = strdup(pwd->pw_passwd);
-    info->pw_uid = pwd->pw_uid;
-    info->pw_gid = pwd->pw_gid;
-    info->pw_dir = strdup(pwd->pw_dir);
-    info->pw_shell = strdup(pwd->pw_shell);
-    if(info->pw_name == NULL || info->pw_passwd == NULL ||
-       info->pw_dir == NULL || info->pw_shell == NULL) {
-	free_info (info);
-	return NULL;
-    }
-    return info;
-}
-
-#if defined(KRB4) || defined(KRB5)
-static void
-set_tkfile()
-{
-#ifndef TKT_ROOT
-#define TKT_ROOT "/tmp/tkt"
-#endif
-    int fd;
-    if(*tkfile != '\0')
-	return;
-    snprintf(tkfile, sizeof(tkfile), "%s_XXXXXX", TKT_ROOT);
-    fd = mkstemp(tkfile);
-    if(fd >= 0)
-	close(fd);
-#ifdef KRB4
-    krb_set_tkt_string(tkfile);
-#endif
-}
-#endif
-
-#ifdef KRB5
-static krb5_context context;
-static krb5_ccache ccache;
-
-static int
-krb5_verify(const struct passwd *login_info,
-	    const struct passwd *su_info,
-	    const char *kerberos_instance)
-{
-    krb5_error_code ret;
-    krb5_principal p;
-    krb5_realm *realms, *r;
-    char *login_name = NULL;
-    int user_ok = 0;
-	
-#if defined(HAVE_GETLOGIN) && !defined(POSIX_GETLOGIN)
-    login_name = getlogin();
-#endif
-    ret = krb5_init_context (&context);
-    if (ret) {
-#if 0
-	warnx("krb5_init_context failed: %d", ret);
-#endif
-	return 1;
-    }
-	
-    ret = krb5_get_default_realms(context, &realms);
-    if (ret) 
-	return 1;
-
-    /* Check all local realms */
-    for (r = realms; *r != NULL && !user_ok; r++) {
-       
-	if (login_name == NULL || strcmp (login_name, "root") == 0) 
-	    login_name = login_info->pw_name;
-	if (strcmp (su_info->pw_name, "root") == 0)
-	    ret = krb5_make_principal(context, &p, *r, 
-				      login_name,
-				      kerberos_instance,
-				      NULL);
-	else
-	    ret = krb5_make_principal(context, &p, *r, 
-				      su_info->pw_name,
-				      NULL);
-	if (ret) {
-	    krb5_free_host_realm(context, realms);
-	    return 1;
-	}
-	
-	/* if we are su-ing too root, check with krb5_kuserok */
-	if (su_info->pw_uid == 0 && !krb5_kuserok(context, p, su_info->pw_name))
-	    continue;
-       
-	ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &ccache);
-	if(ret) {
-	    krb5_free_host_realm(context, realms);
-	    krb5_free_principal (context, p);
-	    return 1;
-	}
-  	ret = krb5_verify_user(context, p, ccache, NULL, TRUE, NULL);
-	krb5_free_principal (context, p);
-	switch (ret) {
-	case 0:
-	    user_ok = 1;
-	    break;
-	case KRB5_LIBOS_PWDINTR :
-	    krb5_cc_destroy(context, ccache);
-	    break;
-	case KRB5KRB_AP_ERR_BAD_INTEGRITY:
-	case KRB5KRB_AP_ERR_MODIFIED:
-	    krb5_cc_destroy(context, ccache);
-	    krb5_warnx(context, "Password incorrect");
-	    break;
-	default :
-	    krb5_cc_destroy(context, ccache);
-	    krb5_warn(context, ret, "krb5_verify_user");
-	    break;
-	}
-    }
-    krb5_free_host_realm(context, realms);
-    if (!user_ok)
-	return 1;
-    return 0;
-}
-
-static int
-krb5_start_session(void)
-{
-    krb5_ccache ccache2;
-    char *cc_name;
-    int ret;
-
-    ret = krb5_cc_gen_new(context, &krb5_fcc_ops, &ccache2);
-    if (ret) {
-	krb5_cc_destroy(context, ccache);
-	return 1;
-    }
-
-    ret = krb5_cc_copy_cache(context, ccache, ccache2);
-
-    ret = asprintf(&cc_name, "%s:%s", krb5_cc_get_type(context, ccache2),
-		   krb5_cc_get_name(context, ccache2));
-    if (ret == -1)
-	errx(1, "malloc - out of memory");
-    esetenv("KRB5CCNAME", cc_name, 1);
-
-    /* we want to export this even if we don't directly support KRB4 */
-    set_tkfile();
-    esetenv("KRBTKFILE", tkfile, 1);
-            
-    /* convert creds? */
-    if(k_hasafs()) {
-	if (k_setpag() == 0)
-	    krb5_afslog(context, ccache2, NULL, NULL);
-    }
-            
-    krb5_cc_close(context, ccache2);
-    krb5_cc_destroy(context, ccache);
-    return 0;
-}
-#endif
-
-#ifdef KRB4
-
-static int
-krb_verify(const struct passwd *login_info,
-	   const struct passwd *su_info,
-	   const char *kerberos_instance)
-{
-    int ret;
-    char *login_name = NULL;
-    char *name, *instance, realm[REALM_SZ];
-	
-#if defined(HAVE_GETLOGIN) && !defined(POSIX_GETLOGIN)
-    login_name = getlogin();
-#endif
-
-    ret = krb_get_lrealm(realm, 1);
-	
-    if (login_name == NULL || strcmp (login_name, "root") == 0) 
-	login_name = login_info->pw_name;
-    if (strcmp (su_info->pw_name, "root") == 0) {
-	name = login_name;
-	instance = (char*)kerberos_instance;
-    } else {
-	name = su_info->pw_name;
-	instance = "";
-    }
-
-    if(su_info->pw_uid != 0 || 
-       krb_kuserok(name, instance, realm, su_info->pw_name) == 0) {
-	char password[128];
-	char *prompt;
-	ret = asprintf (&prompt, 
-		  "%s's Password: ",
-		  krb_unparse_name_long (name, instance, realm));
-	if (ret == -1)
-	    return (1);
-	if (UI_UTIL_read_pw_string (password, sizeof (password), prompt, 0)) {
-	    memset (password, 0, sizeof (password));
-	    free(prompt);
-	    return (1);
-	}
-	free(prompt);
-	if (strlen(password) == 0)
-	    return (1);		/* Empty passwords are not allowed */
-	set_tkfile();
-	setuid(geteuid()); /* need to run as root here */
-	ret = krb_verify_user(name, instance, realm, password, 
-			      KRB_VERIFY_SECURE, NULL);
-	memset(password, 0, sizeof(password));
-	
-	if(ret) {
-	    warnx("%s", krb_get_err_text(ret));
-	    return 1;
-	}
-	chown (tkt_string(), su_info->pw_uid, su_info->pw_gid);
-	return 0;
-    }
-    return 1;
-}
-
-
-static int
-krb_start_session(void)
-{
-    esetenv("KRBTKFILE", tkfile, 1);
-            
-    /* convert creds? */
-    if(k_hasafs() && k_setpag() == 0)
-	krb_afslog(NULL, NULL);
-            
-    return 0;
-}
-#endif
-
-#define GROUP_MEMBER		0
-#define GROUP_MISSING		1
-#define GROUP_EMPTY		2
-#define GROUP_NOT_MEMBER	3
-
-static int
-group_member_p(const char *group, const char *user)
-{
-    struct group *g;
-    int i;
-    g = getgrnam(group);
-    if(g == NULL)
-	return GROUP_MISSING;
-    if(g->gr_mem[0] == NULL)
-	return GROUP_EMPTY;
-    for(i = 0; g->gr_mem[i] != NULL; i++)
-	if(strcmp(user, g->gr_mem[i]) == 0)
-	    return GROUP_MEMBER;
-    return GROUP_NOT_MEMBER;
-}
-
-static int
-verify_unix(struct passwd *login, struct passwd *su)
-{
-    char prompt[128];
-    char pw_buf[1024];
-    char *pw;
-    int r;
-    if(su->pw_passwd != NULL && *su->pw_passwd != '\0') {
-	snprintf(prompt, sizeof(prompt), "%s's password: ", su->pw_name);
-	r = UI_UTIL_read_pw_string(pw_buf, sizeof(pw_buf), prompt, 0);
-	if(r != 0)
-	    exit(0);
-	pw = crypt(pw_buf, su->pw_passwd);
-	memset(pw_buf, 0, sizeof(pw_buf));
-	if(strcmp(pw, su->pw_passwd) != 0) {
-	    syslog (LOG_ERR | LOG_AUTH, "%s to %s: incorrect password",
-		    login->pw_name, su->pw_name);
-	    return 1;
-	}
-    }
-    /* if su:ing to root, check membership of group wheel or root; if
-       that group doesn't exist, or is empty, allow anyone to su
-       root */
-    if(su->pw_uid == 0) {
-#ifndef ROOT_GROUP
-#define ROOT_GROUP "wheel"
-#endif
-	int gs = group_member_p(ROOT_GROUP, login->pw_name);
-	if(gs == GROUP_NOT_MEMBER) {
-	    syslog (LOG_ERR | LOG_AUTH, "%s to %s: not in group %s",
-		    login->pw_name, su->pw_name, ROOT_GROUP);
-	    return 1;
-	}
-	return 0;
-    }
-    return 0;
-}
-
-int
-main(int argc, char **argv)
-{
-    int i, optind = 0;
-    char *su_user;
-    struct passwd *su_info;
-    struct passwd *login_info;
-
-    struct passwd *pwd;
-
-    char *shell;
-
-    int ok = 0;
-    int kerberos_error=1;
-
-    setprogname (argv[0]);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
-	usage(1);
-
-    for (i=0; i < optind; i++)
-      if (strcmp(argv[i], "-") == 0) {
-	 full_login = 1;
-	 break;
-      }
-	
-    if(help_flag)
-	usage(0);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-    if(optind >= argc)
-	su_user = "root";
-    else
-	su_user = argv[optind++];
-
-    if (!issuid() && getuid() != 0)
-	warnx("Not setuid and you are root, expect this to fail");
-
-    pwd = k_getpwnam(su_user);
-    if(pwd == NULL)
-	errx (1, "unknown login %s", su_user);
-    if (pwd->pw_uid == 0 && strcmp ("root", su_user) != 0) {
-	syslog (LOG_ALERT, "NIS attack, user %s has uid 0", su_user);
-	errx (1, "unknown login %s", su_user);
-    }
-    su_info = dup_info(pwd);
-    if (su_info == NULL)
-	errx (1, "malloc: out of memory");
-    
-	pwd = getpwuid(getuid());
-    if(pwd == NULL)
-	errx(1, "who are you?");
-    login_info = dup_info(pwd);
-    if (login_info == NULL)
-	errx (1, "malloc: out of memory");
-    if(env_flag)
-	shell = login_info->pw_shell;
-    else
-	shell = su_info->pw_shell;
-    if(shell == NULL || *shell == '\0')
-	shell = _PATH_BSHELL;
-    
-
-#ifdef KRB5
-    if(kerberos_flag && ok == 0 &&
-      (kerberos_error=krb5_verify(login_info, su_info, kerberos_instance)) == 0)
-	ok = 5;
-#endif
-#ifdef KRB4
-    if(kerberos_flag && ok == 0 &&
-       (kerberos_error = krb_verify(login_info, su_info, kerberos_instance)) == 0)
-	ok = 4;
-#endif
-
-    if(ok == 0 && login_info->pw_uid && verify_unix(login_info, su_info) != 0) {
-	printf("Sorry!\n");
-	exit(1);
-    }
-
-#ifdef HAVE_GETSPNAM
-   {  struct spwd *sp;
-      long    today;
-    
-    sp = getspnam(su_info->pw_name);
-    if (sp != NULL) {
-	today = time(0)/(24L * 60 * 60);
-	if (sp->sp_expire > 0) {
-	    if (today >= sp->sp_expire) {
-		if (login_info->pw_uid) 
-		    errx(1,"Your account has expired.");
-		else
-		    printf("Your account has expired.");
-            }
-            else if (sp->sp_expire - today < 14) 
-                printf("Your account will expire in %d days.\n",
-		       (int)(sp->sp_expire - today));
-	} 
-	if (sp->sp_max > 0) {
-	    if (today >= sp->sp_lstchg + sp->sp_max) {
-		if (login_info->pw_uid)    
-		    errx(1,"Your password has expired. Choose a new one.");
-		else
-		    printf("Your password has expired. Choose a new one.");
-	    }
-	    else if (today >= sp->sp_lstchg + sp->sp_max - sp->sp_warn)
-		printf("Your account will expire in %d days.\n",
-		       (int)(sp->sp_lstchg + sp->sp_max -today));
-	}
-    }
-    }
-#endif
-    {
-	char *tty = ttyname (STDERR_FILENO);
-	syslog (LOG_NOTICE | LOG_AUTH, tty ? "%s to %s on %s" : "%s to %s",
-		login_info->pw_name, su_info->pw_name, tty);
-    }
-
-
-    if(!env_flag) {
-	if(full_login) {
-	    char *t = getenv ("TERM");
-	    char **newenv = NULL;
-	    int i, j;
-
-	    i = read_environment(_PATH_ETC_ENVIRONMENT, &newenv);
-
-	    environ = malloc ((10 + i) * sizeof (char *));
-	    if (environ == NULL)
-		err (1, "malloc");
-	    environ[0] = NULL;
-
-	    for (j = 0; j < i; j++) {
-		char *p = strchr(newenv[j], '=');
-		*p++ = 0;
-		esetenv (newenv[j], p, 1);
-	    }
-	    free(newenv);
-
-	    esetenv ("PATH", _PATH_DEFPATH, 1);
-	    if (t)
-		esetenv ("TERM", t, 1);
-	    if (chdir (su_info->pw_dir) < 0)
-		errx (1, "no directory");
-	}
-	if (full_login || su_info->pw_uid)
-	    esetenv ("USER", su_info->pw_name, 1);
-	esetenv("HOME", su_info->pw_dir, 1);
-	esetenv("SHELL", shell, 1);
-    }
-
-    {
-	int i;
-	char **args;
-	char *p;
-
-	p = strrchr(shell, '/');
-	if(p)
-	    p++;
-	else
-	    p = shell;
-
-	if (strcmp(p, "csh") != 0)
-	    csh_f_flag = 0;
-
-        args = malloc(((cmd ? 2 : 0) + 1 + argc - optind + 1 + csh_f_flag) * sizeof(*args));
-	if (args == NULL)
-	    err (1, "malloc");
-	i = 0;
-	if(full_login) {
-	    if (asprintf(&args[i++], "-%s", p) == -1)
-		errx (1, "malloc");
-	} else
-	    args[i++] = p;
-	if (cmd) {
-	   args[i++] = "-c";
-	   args[i++] = cmd;
-	}  
-	   
-	if (csh_f_flag)
-	    args[i++] = "-f";
-
-	for (argv += optind; *argv; ++argv)
-	   args[i++] = *argv;
-	args[i] = NULL;
-	
-	if(setgid(su_info->pw_gid) < 0)
-	    err(1, "setgid");
-	if (initgroups (su_info->pw_name, su_info->pw_gid) < 0)
-	    err (1, "initgroups");
-	if(setuid(su_info->pw_uid) < 0
-	   || (su_info->pw_uid != 0 && setuid(0) == 0))
-	    err(1, "setuid");
-
-#ifdef KRB5
-        if (ok == 5)
-           krb5_start_session();
-#endif
-#ifdef KRB4
-	if (ok == 4)
-	    krb_start_session();
-#endif
-	execv(shell, args);
-    }
-    
-    exit(1);
-}
diff --git a/crypto/heimdal/appl/su/supaths.h b/crypto/heimdal/appl/su/supaths.h
deleted file mode 100644
index c12a0c7b748d..000000000000
--- a/crypto/heimdal/appl/su/supaths.h
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * Copyright (c) 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id$ */
-
-#ifndef __SU_PATH_H
-#define __SU_PATH_H
-
-#ifndef _PATH_DEFPATH
-#define _PATH_DEFPATH "/usr/bin:/bin"
-#endif
-
-#ifndef _PATH_BSHELL
-#define _PATH_BSHELL "/bin/sh"
-#endif
-
-#ifndef _PATH_ETC_ENVIRONMENT
-#define _PATH_ETC_ENVIRONMENT SYSCONFDIR "/environment"
-#endif
-
-#endif /* __SU_PATH_H */
diff --git a/crypto/heimdal/appl/telnet/ChangeLog b/crypto/heimdal/appl/telnet/ChangeLog
deleted file mode 100644
index 473ab6b05738..000000000000
--- a/crypto/heimdal/appl/telnet/ChangeLog
+++ /dev/null
@@ -1,804 +0,0 @@
-2007-12-31  Love H�rnquist �strand  <lha@it.su.se>
-
-	* telnetd/sys_term.c: Use strlcpy instead of strncpy, thanks to
-	Antoine Brodin.
-	
-2007-07-31  Love H�rnquist �strand  <lha@it.su.se>
-
-	* telnetd/telnetd.c (usage): use exit_code, add --version and
-	--help.
-
-	* telnetd/telnetd.c: Add --help, reported by David Love.
-
-2007-07-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* telnet/main.c: Catch --help, reported by David Love.
-	
-2007-07-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* telnetd/sys_term.c: GLIBC made the choice that ut_tv should be
-	shared between 32 and 64 bit platforms so now we can no longer use
-	struct timeval functions to compare or set/get data that uses
-	pointer (gettimeofday for example) since ut_tv is now not a struct
-	timeval but rather a struct { int32_t tv_sec; int32_t tv_usec; };
-
-2006-10-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* telnet/telnet_locl.h: Include roken.h before the local
-	headerfiles.
-
-	* telnetd/telnetd.h: HP/UX defines SE in sys/uio.h, #undef it.
-
-	* telnetd/sys_term.c: Dont't include some streamspty headers here.
-
-	* telnetd/telnetd.c: Dont't include some streamspty headers here.
-
-	* telnetd/telnetd.h: includes some STREAMSPTY header here to avoid
-	ioctl vs socket_wrapper horror.
-	
-2006-10-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* telnet/Makefile.am: more files
-	
-	* telnetd/Makefile.am: more files
-	
-2006-09-19  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* telnetd/telnetd.8: Add documentation for -e, require encryption.
-
-	* telnetd/telnetd.h: Add require_encryption.
-
-	* telnetd/telnetd.c: Allow encryption to be required, wait to the
-	client to turn it on, if failes, refuse the connection.
-
-	* telnetd/state.c: If encryption is required, don't allow it to be
-	turned off.
-	
-2006-09-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* libtelnet/kerberos5.c (kerberos5_forward): use KDCOptions2int on
-	flags before passing them to krb5_get_forwarded_creds.
-	
-2006-05-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Rename u_intXX_t to uintXX_t
-
-2006-03-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* libtelnet/encrypt.c: Spelling.
-
-2005-12-01  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* telnetd/telnetd.c: Initialize the slc mapping table before its
-	used.  Based on bug report from Russell Sanford
-	<rrs@clyde.dcccd.edu>
-	
-2005-11-03  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* telnet/telnet.c: Spelling in comments, from Dave Love
-	<fx@gnu.org>
-	
-2005-10-31  Love H�rnquist �strand  <lha@it.su.se>
-
-	* libtelnet/kerberos5.c (Data): Use right variable. From Tomas
-	Olsson
-	
-2005-10-22  Love H�rnquist �strand <lha@it.su.se>
-
-	* telnet/commands.c: Check return value from asprintf instead of
-	string != NULL since it undefined behavior on Linux. From Bj�rn
-	Sandell
-
-	* libtelnet/kerberos5.c: Check return value from asprintf instead
-	of string != NULL since it undefined behavior on Linux. From Bj�rn
-	Sandell
-
-	* libtelnet/kerberos.c: Check return value from asprintf instead
-	of string != NULL since it undefined behavior on Linux. From Bj�rn
-	Sandell
-	
-2005-08-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* telnetd/telnetd.c: Fix printing of /etc/issue{,.net}.
-	
-	* telnetd/utility.c: make writenet take const void * and size_t,
-	abort if size it too large
-
-	* telnetd/state.c: Fix ansi c warning.
-
-	* telnetd/sys_term.c: no need to typecast argument to writenet
-
-	* telnetd/ext.h: make writenet take const void * and size_t
-
-2005-07-07  Assar Westerlund  <assar@kth.se>
-
-	* libtelnet/kerberos.c: Do not assume that des_key_schedule is an
-	array.
-
-2005-05-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* libtelnet/kerberos5.c: case uid_t to unsigned long in printf
-	format
-
-	* telnetd/sys_term.c (set_termbuf): use {} around if to make else
-	unambiguous
-
-2005-05-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* telnetd/sys_term.c (start_login): put utmpx code into a new
-	scope to avoid pre c99 problems.
-
-2005-05-19  Dave Love  <fx@gnu.org>
-
-	* telnet/telnet.c,telnet_locl.h: Make solaris find tgetent
-
-2005-05-13  Johan Danielsson  <joda@pdc.kth.se>
-
-	* telnetd/sys_term.c (start_login): set encryption pointers to
-	NULL, so we don't try to do either
-	
-2005-05-11  Dave Love  <fx@gnu.org>
-
-	* telnet/telnet.c: undef ISASCII before we define our own (problem
-	on Irix)
-
-2005-04-28  Johan Danielsson  <joda@pdc.kth.se>
-
-	* telnetd/utility.c (putf): %t: the regular and streamspty case
-	are functionally equivalent, so merge them, this also makes it
-	work better on machines that puts their devices in a subdirectory
-	to /dev
-
-2005-04-27  Dave Love  <fx@gnu.org>
-
-	* telnetd/sys_term.c (getpty): Declare p.
-
-2005-04-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* telnetd/telnetd.c: use strlcpy
-	
-2005-04-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* telnetd/global.c, telnetd/state.c, telnetd/telnetd.c,
-	telentd/ext.h: remove another strcpy
-
-2005-04-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* telnetd/sys_term.c: rewrite getpty to make use openpty when its
-	found, save the slave fd so that cleanopen can use it if its
-	available
-
-2005-04-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* telnetd/sys_term.c: clean_ttyname might be unused, mark it so
-	with __attribute__
-	
-2005-04-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* telnetd/sys_term.c: use NULL as last argument to execl, not 0
-
-	* telnet/commands.c: use NULL as last argument to execl, not 0
-	
-2005-03-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* telnet/telnet.c: From FreeBSD:
-	
-	Correct a pair of buffer overflows in the telnet(1) command:
-	
-	 (CAN-2005-0468) A heap buffer overflow in env_opt_add() and related
-	 functions.
-	
-	 (CAN-2005-0469) A global uninitialized data section buffer overflow in
-	 slc_add_reply() and related functions.
-	
-	As a result of these vulnerabilities, it may be possible for a
-	malicious telnet server or active network attacker to cause
-	telnet(1) to execute arbitrary code with the privileges of the
-	user running it.
-	
-	Security: CAN-2005-0468, CAN-2005-0469 Security:
-	FreeBSD-SA-05:01.telnet Security:
-	http://www.idefense.com/application/poi/display?id=220&type=vulnerabilities
-	Security:
-	http://www.idefense.com/application/poi/display?id=221&type=vulnerabilities
-	
-	These fixes are based in part on patches Submitted by: Solar
-	Designer <solar@openwall.com>
-
-2005-03-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* telnetd/telnetd.c: remove setting of DES_check_key, all code
-	uses DES_set_key_checked
-
-	* libtelnet/enc_des.c: use DES_set_key_checked
-	
-2005-01-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* telnet/telnet.c: cast argument to toupper to unsigned char
-
-	* telnet/commands.c: cast argument to is* to unsigned char
-
-2004-06-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* telnet/network.c: make network rings larger From: MAAAAA MOOOR
-	<huaraz@btinternet.com>
-	
-	* telnetd/state.c: make subbuffer larger XXX resize dynamicly
-	From: MAAAAA MOOOR <huaraz@btinternet.com>
-	
-	* libtelnet/kerberos5.c (Data): allocate the data needed to be
-	send From: MAAAAA MOOOR <huaraz@btinternet.com>
-	
-2004-04-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* telnet/main.c: make encrypt, forwardable, forward use appdefault
-	(that also searches libdefaults), prompted by Thomas Nystrom
-	<thn@saeab.se>
-	
-2004-03-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* telnetd/telnetd.c: call setprogname to make libvers happy
-
-	* telnet/main.c: call setprogname to make libvers happy
-
-2003-09-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* telnet/externs.h: export Scheduler and scheduler_lockout_tty
-	
-	* telnet/telnet.c (my_telnet): if telnet_spin returns failure,
-	complain that the server disconnected and exit
-	
-	* telnet/authenc.c (telnet_spin): if Scheduler() returns failure
-	(-1) propagate to higher level
-
-2003-09-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* telnetd/telnetd.c: use new DES_ api
-	
-	* libtelnet/enc_des.c: use new DES_ api
-	
-2003-04-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* telnet/telnet.1: replace <,> with \*[Lt],\*[Gt]
-	
-2002-09-02  Johan Danielsson  <joda@pdc.kth.se>
-
-	* libtelnet/kerberos5.c: set AP_OPTS_USE_SUBKEY
-
-2002-08-28  Johan Danielsson  <joda@pdc.kth.se>
-
-	* telnet/commands.c: remove extra "Toggle"'s
-
-	* telnet/commands.c: IRIX == 4 -> IRIX4
-
-	* telnet/main.c: rename functions to what they're really called
-
-	* telnet/commands.c: kill some might be uninitialized warnings
-
-	* telnet/commands.c: add forward and forwardable toggle options,
-	and call set_forward_options() after parsing .telnetrc
-
-	* telnet/externs.h: proto for set_forward_options
-
-	* telnet/main.c: only register what forwarding options are asked
-	for when parsing command line, we have to set the actual flags
-	later after we have read .telnetrc
-
-	* libtelnet/auth-proto.h: kerberos5_set_forward{,able} protos
-
-	* libtelnet/kerberos5.c: add kerberos5_set_forward{,able}
-	functions suitable for the command parser
-
-2002-08-23  Assar Westerlund  <assar@kth.se>
-
-	* telnetd/telnetd.c: add --version as a special case
-	* telnet/main.c: add --version as a special case
-
-2002-05-03  Johan Danielsson  <joda@pdc.kth.se>
-
-	* telnet/telnet.c: only try to negotiate encryption if we're
-	talking to a real telnet
-
-2002-03-31  Johan Danielsson  <joda@pdc.kth.se>
-
-	* telnet/commands.c: fix an old cut-n-paste typo (via debian)
-
-2002-02-07  Johan Danielsson  <joda@pdc.kth.se>
-
-	* telnet/telnet.c: print a more informative message than "done"
-	after negotiating encryption
-
-2001-09-17  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/telnetd.c: add a kludge to make it build on aix (that
-	defines NOERROR in both sys/stream.h and arpa/nameser.h and
-	considers that a fatal error)
-
-	* telnet/telnet.c: undef PUTSHORT to avoid conflict
-
-2001-08-26  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/Makefile.am: also link with the library for logout
-
-2001-08-22  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/sys_term.c: include libutil.h if it exists
-
-2001-08-10  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/sys_term.c (getpty): call openpty if it exists
-
-2001-07-19  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/global.c (output_data): make sure of not forwarding
-	`nfrontp' too far, thereby allowing writes after the end of
-	`netobuf'
-
-2001-06-18  Assar Westerlund  <assar@sics.se>
-
-	* libtelnet/kerberos5.c: update to new krb5_auth_con* names
-
-2001-04-25  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/sys_term.c (start_login): give the correct error if exec
-	fails
-	* telnetd/utility.c (fatalperror_errno): add a new function with
-	explicit errno parameter
-
-2001-03-07  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/sys_term.c: some minimal more amount of
- 	const-correctness
-
-2001-02-24  Assar Westerlund  <assar@sics.se>
-
-	* libtelnet/enc_des.c: learn to live with libcrypto (from openssl)
-
-2001-02-20  Assar Westerlund  <assar@sics.se>
-
-	* telnet/commands.c (tn): copy the hostname so it doesn't get
-	overwritten while reading ~/.telnetrc
-	(*): removed some unneeded externs
-
-2001-02-08  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/sys_term.c (startslave, start_login): re-write code to
-	keep track both of remote hostname and utmp string to be used
-	* telnetd/telnetd.c (doit, my_telnet): re-write code to keep track
-	both of remote hostname and utmp string to be used
-
-2001-02-07  Assar Westerlund  <assar@sics.se>
-
-	* telnet/Makefile.am, telnetd/Makefile.am: add LIB_kdfs
-
-2001-01-09  Assar Westerlund  <assar@sics.se>
-
-	* libtelnet/kerberos5.c (kerberos5_is): use krb5_rd_cred2 instead
-	of krb5_rd_cred
-
-2000-12-31  Assar Westerlund  <assar@sics.se>
-
-	* telnet/main.c (krb5_init): check krb5_init_context for success
-	* libtelnet/kerberos5.c (kerberos5_init): check krb5_init_context
-	for success
-
-2000-12-11  Assar Westerlund  <assar@sics.se>
-
-	* telnet/commands.c (sourceroute): make it not break if the
-	rfc2292 api does not exist
-
-2000-12-09  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/sys_term.c (scrub_env): add supporting non-file TERMCAP
-	variables
-
-2000-12-07  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/telnetd.h: move include files around to avoid getting SE
-	from sys/*.h on HP to override SE from telnet.h
-
-	* telnetd/sys_term.c (scrub_env): remove some const-ness
-	* telnetd/sys_term.c (scrub_env): add LOGNAME and POSIXLY_CORRECT
-	to the list of authorized environment variables to be compatible
-	with linux-telnetd
-
-	* telnetd/sys_term.c (scrub_env): change filtering algoritm from
-	allowing everything except a few bad cases to not allowing
-	anything except a few non-dangerous cases
-
-2000-12-06  Johan Danielsson  <joda@pdc.kth.se>
-
-	* libtelnet/kerberos5.c: de-pointerise auth_context parameter to
-	krb5_mk_rep
-
-2000-11-23  Johan Danielsson  <joda@pdc.kth.se>
-
-	* libtelnet/kerberos5.c: print the principal we're trying to use
-
-	* libtelnet/kerberos.c: print the principal we're trying to use
-
-2000-11-16  Assar Westerlund  <assar@sics.se>
-
-	* libtelnet/misc-proto.h (telnet_getenv): const-ize some
-
-2000-11-08  Johan Danielsson  <joda@pdc.kth.se>
-
-	* telnet/telnet.c: fake entry if no tgetent
-
-2000-10-08  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/utility.c (stilloob): check that fds are not too large
-	to select on
-	(ttloop): remove confusing output of errno
-	* telnetd/telnetd.c (my_telnet): check that fds are not too large
-	to select on
-	* telnet/utilities.c (EmptyTerminal): check that fds are not too
-	large to select on
-	* telnet/sys_bsd.c (process_rings): check that fds are not too
-	large to select on
-	* telnet/network.c (stilloob): check that fds are not too large to
-	select on
-
-2000-06-09  Assar Westerlund  <assar@sics.se>
-
-	* telnet/commands.c: remove all setuid(getuid()).  we do not
-	support telnet being setuid root
-
-2000-05-05  Assar Westerlund  <assar@sics.se>
-
-	* telnet/externs.h (sourceroute): update prototype
-	* telnet/commands.c (tn): re-enable source routing
-	(sourceroute): make it work again based on the code from
-	itojun@kame.net
-
-2000-03-28  Assar Westerlund  <assar@sics.se>
-
-	* telnet/commands.c (tn): clean-up a tiny little bit.  give-up if
-	we do not manage to connect to any address
-
-2000-03-26  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/sys_term.c (*): make sure to always call time, ctime,
-	and gmtime with `time_t's.  there were some types (like in
-	lastlog) that we believed to always be time_t.  this has proven
-	wrong on Solaris 8 in 64-bit mode, where they are stored as 32-bit
-	quantities but time_t has gone up to 64 bits
-
-2000-03-03  Assar Westerlund  <assar@sics.se>
-
-	* libtelnet/kerberos5.c (kerberos5_init): check that we do have a
-	keytab before saying that we will support KERBEROS5
-
-2000-02-12  Assar Westerlund  <assar@sics.se>
-
-	* telnet/commands.c (tn): only set tos for AF_INET.  From
-	itojun@iijlab.net
-
-2000-02-07  Assar Westerlund  <assar@sics.se>
-
-	* libtelnet/kerberos.c (kerberos4_is): send a reject back to the
-	client when we're not authorized
-
-2000-02-06  Assar Westerlund  <assar@sics.se>
-
-	* telnet/ring.h (ring_encrypt): better proto
-	* telnet/ring.c (ring_encrypt): better proto
-
-2000-02-04  Assar Westerlund  <assar@sics.se>
-
-	* telnet/telnet_locl.h: klduge-around KLUDGELINEMODE
-
-2000-01-18  Assar Westerlund  <assar@sics.se>
-
-	* libtelnet/misc.c (auth_encrypt_user): const-ify
-	* libtelnet/misc.h (RemoteHostName, LocalHostName): const-ify
-	* libtelnet/misc.c (auth_encrypt_init, RemoteHostName,
-	LocalHostName): const-ify
-	* libtelnet/misc-proto.h (auth_encrypt_init, auth_encrypt_user):
-	const-ify
-	* libtelnet/encrypt.c (encrypt_init, Name): const-ify
-	* libtelnet/enc-proto.h (encrypt_init): const-ify
-	* libtelnet/auth.c (auth_init, Name): const-ify
-	* libtelnet/auth-proto.h (auth_init): const-ify
-
-2000-01-08  Assar Westerlund  <assar@sics.se>
-
-	* telnet/commands.c (tn): handle ai_canonname being set in any of
-	the addresses returnedby getaddrinfo.  glibc apparently returns
-	the reverse lookup of every address in ai_canonname.  remove some
-	unused variables.
-
-2000-01-01  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/sys_term.c (addarg): make void (return value isn't check
-	anyway).  fatal error when malloc fails
-
-1999-12-16  Assar Westerlund  <assar@sics.se>
-
-	* telnet/commands.c (*): handle ai_canonname not being set
-
-1999-12-04  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/telnetd.c (doit): use getnameinfo_verified
-	* telnetd/telnetd.c: use getnameinfo
-	* telnet/commands.c: re-write to using getaddrinfo.  disable
-	source-routing for the moment, it doesn't seem to be used anyways.
-	
-1999-09-16  Assar Westerlund  <assar@sics.se>
-
-	* telnet/commands.c: revert 1.54, get_default_username should DTRT
- 	now
-
-1999-09-05  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/utility.c (ttloop): make it return 1 if interrupted by a
- 	signal, which must have been what was meant from the beginning
-
-	* telnetd/ext.h (ttloop): update prototype
-
-	* telnetd/authenc.c (telnet_spin): actually return the value from
- 	ttloop (otherwise it's kind of bogus)
-
-1999-08-05  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/sys_term.c (rmut): free utxp
-
-1999-08-04  Assar Westerlund  <assar@sics.se>
-
-	* telnet/main.c: add -G and config file support.  From Miroslav
- 	Ruda <ruda@ics.muni.cz>
-
-	* telnetd/sys_term.c (rmut): work around utmpx strangness.  From
- 	Miroslav Ruda <ruda@ics.muni.cz>
-
-1999-08-02  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/telnetd.c (doit): only free hp if != NULL.  From: Jonas
- 	Oberg <jonas@coyote.org>
-
-1999-07-29  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/telnetd.c (doit): remove unused variable mapped_sin
-
-1999-07-26  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/ext.h: update prototypes
-	
-	* telnetd/telnetd.c: make it handle v4 and v6 sockets.  (it
-	doesn't handle being given a v6 socket that's really talking to an
-	v4 adress (mapped) because the rest of the code in telnetd is not
-	able to handle it anyway).  please run two telnetd from your
-	inetd, one for v4 and one for v6.
-
-1999-07-07  Assar Westerlund  <assar@sics.se>
-
-	* telnet/commands.c (tn): extra bogus const-cast
-
-1999-07-06  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/sys_term.c (start_login): print a different warning with
- 	`-a otp'
-
-1999-06-24  Assar Westerlund  <assar@sics.se>
-
-	* libtelnet/kerberos5.c (kerberos5_send): set the addresses in the
- 	auth_context
-
-1999-06-23  Assar Westerlund  <assar@sics.se>
-
-	* telnet/Makefile.am (INCLUDES): add $(INCLUDE_krb4)
-
-	* telnet/commands.c (togkrbdebug): conditionalize on
- 	krb_disable_debug
-
-1999-06-16  Johan Danielsson  <joda@pdc.kth.se>
-
-	* telnet/commands.c: add kerberos debugging option
-
-1999-06-15  Assar Westerlund  <assar@sics.se>
-
-	* telnet/commands.c (tn): use get_default_username
-
-1999-05-14  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/state.c (telrcv): magic patch to make it work against
- 	DOS Clarkson Telnet.  From Miroslav Ruda <ruda@ics.muni.cz>
-
-1999-04-25  Assar Westerlund  <assar@sics.se>
-
-	* libtelnet/kerberos5.c (kerberos5_send): use
-	`krb5_auth_setkeytype' instead of `krb5_auth_setenctype' to make
-	sure we get a DES session key.
-
-Thu Apr  1 16:59:27 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* telnetd/Makefile.am: don't run check-local
-
-	* telnet/Makefile.am: don't run check-local
-
-Mon Mar 29 16:11:33 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* telnetd/sys_term.c: _CRAY -> HAVE_STRUCT_UTMP_UT_ID
-
-Sat Mar 20 00:12:54 1999  Assar Westerlund  <assar@sics.se>
-
-	* telnet/authenc.c (telnet_gets): remove old extern declarations
-
-Thu Mar 18 11:20:16 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* telnetd/Makefile.am: include Makefile.am.common
-
-	* telnet/Makefile.am: include Makefile.am.common
-
-	* libtelnet/Makefile.am: include Makefile.am.common
-
-	* Makefile.am: include Makefile.am.common
-
-Mon Mar 15 17:40:53 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* telnetd/telnetd.c: replace perror/exit with fatalperror
-
-Sat Mar 13 22:18:57 1999  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/telnetd.c (main): 0 -> STDIN_FILENO.  remove abs
-
-	* libtelnet/kerberos.c (kerberos4_is): syslog root logins
-
-Thu Mar 11 14:48:54 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* telnetd/Makefile.in: add WFLAGS
-
-	* telnet/Makefile.in: add WFLAGS
-
-	* libtelnet/Makefile.in: add WFLAGS
-
-	* telnetd/sys_term.c: remove unused variables
-
-	* telnet/telnet.c: fix some warnings
-
-	* telnet/main.c: fix some warnings
-
-	* telnet/commands.c: fix types in format string
-
-	* libtelnet/auth.c: fix types in format string
-
-Mon Mar  1 10:50:30 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* telnetd/sys_term.c: HAVE_UT_* -> HAVE_STRUCT_UTMP*_UT_*
-
-Mon Feb  1 04:08:36 1999  Assar Westerlund  <assar@sics.se>
-
-	* telnet/commands.c (tn): only call gethostbyname2 with AF_INET6
- 	if we actually have IPv6.  From "Brandon S. Allbery KF8NH"
- 	<allbery@kf8nh.apk.net>
-
-Sat Nov 21 16:51:00 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* telnetd/sys_term.c (cleanup): don't call vhangup() on sgi:s
-
-Fri Aug 14 16:29:18 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* libtelnet/kerberos.c: krb_put_int -> KRB_PUT_INT
-
-Thu Jul 23 20:29:05 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* libtelnet/kerberos5.c: use krb5_verify_authenticator_checksum
-
-Mon Jul 13 22:00:09 1998  Assar Westerlund  <assar@sics.se>
-
-	* telnet/commands.c (tn): don't advance hostent->h_addr_list, use
- 	a copy instead
-
-Wed May 27 04:19:17 1998  Assar Westerlund  <assar@sics.se>
-
-	* telnet/sys_bsd.c (process_rings): correct call to `stilloob'
-
-Fri May 15 19:38:19 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* libtelnet/kerberos5.c: Always print errors from mk_req.
-
-Fri May  1 07:16:59 1998  Assar Westerlund  <assar@sics.se>
-
-	* telnet/commands.c: unifdef -DHAVE_H_ERRNO
-
-Sat Apr  4 15:00:29 1998  Assar Westerlund  <assar@sics.se>
-
-	* telnet/commands.c (tn): moved the printing of `trying...' to the
- 	loop
-
-Thu Mar 12 02:33:48 1998  Assar Westerlund  <assar@sics.se>
-
-	* telnet/telnet_locl.h: include <term.h>. From Gregory S. Stark
- 	<gsstark@mit.edu>
-
-Sat Feb 21 15:12:38 1998  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/ext.h: add prototype for login_tty
-
-	* telnet/utilities.c (printsub): `direction' is now an int.
-
-	* libtelnet/misc-proto.h: add prototype for `printsub'
-
-Tue Feb 17 02:45:01 1998  Assar Westerlund  <assar@sics.se>
-
-	* libtelnet/kerberos.c (kerberos4_is): cred.pname should be
- 	cred.pinst.  From <art@stacken.kth.se>
-
-Sun Feb 15 02:46:39 1998  Assar Westerlund  <assar@sics.se>
-
-	* telnet/*/*.c: renamed `telnet' to `my_telnet' to avoid
- 	conflicts with system header files on mklinux.
-
-Tue Feb 10 02:09:03 1998  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/telnetd.c: new signature for `getterminaltype' and
- 	`auth_wait'
-
-	* libtelnet: changed the signature of the authentication method
- 	`status'
-
-Sat Feb  7 07:21:29 1998  Assar Westerlund  <assar@sics.se>
-
-	* */*.c: replace HAS_GETTOS by HAVE_PARSETOS and HAVE_GETTOSBYNAME
-
-Fri Dec 26 16:17:10 1997  Assar Westerlund  <assar@sics.se>
-
-	* telnet/commands.c (tn): repair support for numeric addresses
-
-Sun Dec 21 09:40:31 1997  Assar Westerlund  <assar@sics.se>
-
-	* libtelnet/kerberos.c: fix up lots of stuff related to the
- 	forwarding of v4 tickets.
-
-	* libtelnet/kerberos5.c (kerberos5_forward): zero out `creds'.
-
-Mon Dec 15 20:53:13 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* telnet/sys_bsd.c: Don't turn off OPOST in 8bit-mode.
-
-Tue Dec  9 19:26:50 1997  Assar Westerlund  <assar@sics.se>
-
-	* telnet/main.c (main): add 'b' to getopt
-
-Sat Nov 29 03:28:54 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* telnet/telnet.c: Change binary mode to do just that, and add a
- 	eight-bit mode for just passing all characters.
-
-Sun Nov 16 04:37:02 1997  Assar Westerlund  <assar@sics.se>
-
-	* libtelnet/kerberos5.c (kerberos5_send): always ask for a session
- 	key of type DES
-
-	* libtelnet/kerberos5.c: remove old garbage and fix call to
- 	krb5_auth_con_setaddrs_from_fd
-
-Fri Nov 14 20:35:18 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* telnetd/telnetd.c: Output contents of /etc/issue.
-
-Mon Nov  3 07:09:16 1997  Assar Westerlund  <assar@sics.se>
-
-	* telnet/telnet_locl.h: only include <sys/termio.h> iff
- 	!defined(HAVE_TERMIOS_H)
-
-	* libtelnet/kerberos.c (kerberos4_is): send the peer address to
- 	krb_rd_req
-
-	* telnetd/telnetd.c (terminaltypeok): always return OK.  It used
- 	to call `tgetent' to figure if it was a defined terminal type.
-  	It's possible to overflow tgetent so that's a bad idea.  The worst
- 	that could happen by saying yes to all terminals is that the user
- 	ends up with a terminal that has no definition on the local
- 	system.  And besides, most telnet client has no support for
- 	falling back to a different terminal type.
-
-Mon Oct 20 05:47:19 1997  Assar Westerlund  <assar@sics.se>
-
-	* libtelnet/kerberos5.c: remove lots of old junk.  clean-up.
-  	better error checking and reporting.  tell the user permission
- 	denied much earlier.
-
-	* libtelnet/kerberos.c (kerberos4_is): only print
- 	UserNameRequested if != NULL
-
diff --git a/crypto/heimdal/appl/telnet/Makefile.am b/crypto/heimdal/appl/telnet/Makefile.am
deleted file mode 100644
index 61f0e86aecb9..000000000000
--- a/crypto/heimdal/appl/telnet/Makefile.am
+++ /dev/null
@@ -1,11 +0,0 @@
-# $Id: Makefile.am 5652 1999-03-20 13:58:20Z joda $
-
-include $(top_srcdir)/Makefile.am.common
-
-SUBDIRS = libtelnet telnet telnetd
-
-dist-hook:
-	$(mkinstalldirs) $(distdir)/arpa
-	$(INSTALL_DATA) $(srcdir)/arpa/telnet.h $(distdir)/arpa
-
-EXTRA_DIST = README.ORIG telnet.state
diff --git a/crypto/heimdal/appl/telnet/Makefile.in b/crypto/heimdal/appl/telnet/Makefile.in
deleted file mode 100644
index 83dc3744649e..000000000000
--- a/crypto/heimdal/appl/telnet/Makefile.in
+++ /dev/null
@@ -1,820 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 5652 1999-03-20 13:58:20Z joda $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common ChangeLog
-subdir = appl/telnet
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-SOURCES =
-DIST_SOURCES =
-RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
-	html-recursive info-recursive install-data-recursive \
-	install-dvi-recursive install-exec-recursive \
-	install-html-recursive install-info-recursive \
-	install-pdf-recursive install-ps-recursive install-recursive \
-	installcheck-recursive installdirs-recursive pdf-recursive \
-	ps-recursive uninstall-recursive
-RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive	\
-  distclean-recursive maintainer-clean-recursive
-ETAGS = etags
-CTAGS = ctags
-DIST_SUBDIRS = $(SUBDIRS)
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-SUBDIRS = libtelnet telnet telnetd
-EXTRA_DIST = README.ORIG telnet.state
-all: all-recursive
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps appl/telnet/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps appl/telnet/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-# This directory's subdirectories are mostly independent; you can cd
-# into them and run `make' without going through this Makefile.
-# To change the values of `make' variables: instead of editing Makefiles,
-# (1) if the variable is set in `config.status', edit `config.status'
-#     (which will cause the Makefiles to be regenerated when you run `make');
-# (2) otherwise, pass the desired values on the `make' command line.
-$(RECURSIVE_TARGETS):
-	@failcom='exit 1'; \
-	for f in x $$MAKEFLAGS; do \
-	  case $$f in \
-	    *=* | --[!k]*);; \
-	    *k*) failcom='fail=yes';; \
-	  esac; \
-	done; \
-	dot_seen=no; \
-	target=`echo $@ | sed s/-recursive//`; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    dot_seen=yes; \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	  || eval $$failcom; \
-	done; \
-	if test "$$dot_seen" = "no"; then \
-	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
-	fi; test -z "$$fail"
-
-$(RECURSIVE_CLEAN_TARGETS):
-	@failcom='exit 1'; \
-	for f in x $$MAKEFLAGS; do \
-	  case $$f in \
-	    *=* | --[!k]*);; \
-	    *k*) failcom='fail=yes';; \
-	  esac; \
-	done; \
-	dot_seen=no; \
-	case "$@" in \
-	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
-	  *) list='$(SUBDIRS)' ;; \
-	esac; \
-	rev=''; for subdir in $$list; do \
-	  if test "$$subdir" = "."; then :; else \
-	    rev="$$subdir $$rev"; \
-	  fi; \
-	done; \
-	rev="$$rev ."; \
-	target=`echo $@ | sed s/-recursive//`; \
-	for subdir in $$rev; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	  || eval $$failcom; \
-	done && test -z "$$fail"
-tags-recursive:
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
-	done
-ctags-recursive:
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
-	  include_option=--etags-include; \
-	  empty_fix=.; \
-	else \
-	  include_option=--include; \
-	  empty_fix=; \
-	fi; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test ! -f $$subdir/TAGS || \
-	      tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \
-	  fi; \
-	done; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS: ctags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test -d "$(distdir)/$$subdir" \
-	    || $(MKDIR_P) "$(distdir)/$$subdir" \
-	    || exit 1; \
-	    distdir=`$(am__cd) $(distdir) && pwd`; \
-	    top_distdir=`$(am__cd) $(top_distdir) && pwd`; \
-	    (cd $$subdir && \
-	      $(MAKE) $(AM_MAKEFLAGS) \
-	        top_distdir="$$top_distdir" \
-	        distdir="$$distdir/$$subdir" \
-		am__remove_distdir=: \
-		am__skip_length_check=: \
-	        distdir) \
-	      || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-recursive
-all-am: Makefile all-local
-installdirs: installdirs-recursive
-installdirs-am:
-install: install-recursive
-install-exec: install-exec-recursive
-install-data: install-data-recursive
-uninstall: uninstall-recursive
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-recursive
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-recursive
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-recursive
-	-rm -f Makefile
-distclean-am: clean-am distclean-generic distclean-tags
-
-dvi: dvi-recursive
-
-dvi-am:
-
-html: html-recursive
-
-info: info-recursive
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-recursive
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-recursive
-
-install-info: install-info-recursive
-
-install-man:
-
-install-pdf: install-pdf-recursive
-
-install-ps: install-ps-recursive
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-recursive
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-recursive
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-pdf: pdf-recursive
-
-pdf-am:
-
-ps: ps-recursive
-
-ps-am:
-
-uninstall-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \
-	install-data-am install-exec-am install-strip uninstall-am
-
-.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
-	all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool ctags ctags-recursive dist-hook \
-	distclean distclean-generic distclean-libtool distclean-tags \
-	distdir dvi dvi-am html html-am info info-am install \
-	install-am install-data install-data-am install-data-hook \
-	install-dvi install-dvi-am install-exec install-exec-am \
-	install-exec-hook install-html install-html-am install-info \
-	install-info-am install-man install-pdf install-pdf-am \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs installdirs-am maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-generic \
-	mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \
-	uninstall uninstall-am uninstall-hook
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-dist-hook:
-	$(mkinstalldirs) $(distdir)/arpa
-	$(INSTALL_DATA) $(srcdir)/arpa/telnet.h $(distdir)/arpa
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/telnet/README.ORIG b/crypto/heimdal/appl/telnet/README.ORIG
deleted file mode 100644
index 37b588fafd6f..000000000000
--- a/crypto/heimdal/appl/telnet/README.ORIG
+++ /dev/null
@@ -1,743 +0,0 @@
-
-This is a distribution of both client and server telnet.  These programs
-have been compiled on:
-			telnet	telnetd
-	4.4 BSD-Lite	  x	  x
-	4.3 BSD Reno	  X	  X
-	UNICOS 9.1	  X	  X
-	UNICOS 9.0	  X	  X
-	UNICOS 8.0	  X	  X
-	BSDI 2.0	  X	  X
-	Solaris 2.4       x       x (no linemode in server)
-	SunOs 4.1.4	  X	  X (no linemode in server)
-	Ultrix 4.3	  X	  X (no linemode in server)
-	Ultrix 4.1	  X	  X (no linemode in server)
-
-In addition, previous versions have been compiled on the following
-machines, but were not available for testing this version.
-			telnet	telnetd
-	Next1.0		  X	  X
-	UNICOS 8.3	  X	  X
-	UNICOS 7.C	  X	  X
-	UNICOS 7.0	  X	  X
-	SunOs 4.0.3c	  X	  X (no linemode in server)
-	4.3 BSD		  X  	  X (no linemode in server)
-	DYNIX V3.0.12	  X	  X (no linemode in server)
-	Ultrix 3.1	  X	  X (no linemode in server)
-	Ultrix 4.0	  X	  X (no linemode in server)
-	SunOs 3.5	  X	  X (no linemode in server)
-	SunOs 4.1.3	  X	  X (no linemode in server)
-	Solaris 2.2       x       x (no linemode in server)
-	Solaris 2.3       x       x (no linemode in server)
-	BSDI 1.0	  X	  X
-	BSDI 1.1	  X	  X
-	DYNIX V3.0.17.9	  X	  X (no linemode in server)
-	HP-UX 8.0	  x       x (no linemode in server)
-
-This code should work, but there are no guarantees.
-
-May 30, 1995
-
-This release represents what is on the 4.4BSD-Lite2 release, which
-should be the final BSD release.  I will continue to support of
-telnet, The code (without encryption) is available via anonymous ftp
-from ftp.cray.com, in src/telnet/telnet.YY.MM.DD.NE.tar.Z, where
-YY.MM.DD is replaced with the year, month and day of the release.
-If you can't find it at one of these places, at some point in the
-near future information about the latest releases should be available
-from ftp.borman.com.
-
-In addition, the version with the encryption code is available via
-ftp from net-dist.mit.edu, in the directory /pub/telnet.  There
-is a README file there that gives further information on how
-to get the distribution.
-
-Questions, comments, bug reports and bug fixes can be sent to
-one of these addresses:
-		dab@borman.com
-		dab@cray.com
-		dab@bsdi.com
-
-This release is mainly bug fixes and code cleanup.
-
-	Replace all calls to bcopy()/bzero() with calls to
-	memmove()/memset() and all calls to index()/rindex()
-	with calls to strchr()/strrchr().
-
-	Add some missing diagnostics for option tracing
-	to telnetd.
-
-	Add support for BSDI 2.0 and Solaris 2.4.
-
-	Add support for UNICOS 8.0
-
-	Get rid of expanded tabs and trailing white spaces.
-
-	From Paul Vixie:
-		Fix for telnet going into an endless spin
-		when the session dies abnormally.
-
-	From Jef Poskanzer:
-		Changes to allow telnet to compile
-		under SunOS 3.5.
-
-	From Philip Guenther:
-		makeutx() doesn't expand utmpx,
-		use pututxline() instead.
-
-	From Chris Torek:
-		Add a sleep(1) before execing login
-		to avoid race condition that can eat
-		up the login prompt.
-		Use terminal speed directly if it is
-		not an encoded value.
-
-	From Steve Parker:
-		Fix to realloc() call.  Fix for execing
-		login on solaris with no user name.
-
-January 19, 1994
-
-This is a list of some of the changes since the last tar release
-of telnet/telnetd.  There are probably other changes that aren't
-listed here, but this should hit a lot of the main ones.
-
-   General:
-	Changed #define for AUTHENTICATE to AUTHENTICATION
-	Changed #define for ENCRYPT to ENCRYPTION
-	Changed #define for DES_ENCRYPT to DES_ENCRYPTION
-
-	Added support for SPX authentication: -DSPX
-
-	Added support for Kerberos Version 5 authentication: -DKRB5
-
-	Added support for ANSI C function prototypes
-
-	Added support for the NEW-ENVIRON option (RFC-1572)
-	including support for USERVAR.
-
-	Made support for the old Environment Option (RFC-1408)
-	conditional on -DOLD_ENVIRON
-
-	Added #define ENV_HACK - support for RFC 1571
-
-	The encryption code is removed from the public distributions.
-	Domestic 4.4 BSD distributions contain the encryption code.
-
-	ENV_HACK: Code to deal with systems that only implement
-		the old ENVIRON option, and have reversed definitions
-		of ENV_VAR and ENV_VAL.  Also fixes ENV processing in
-		client to handle things besides just the default set...
-
-	NO_BSD_SETJMP: UNICOS configuration for
-		UNICOS 6.1/6.0/5.1/5.0 systems.
-
-	STREAMSPTY: Use /dev/ptmx to get a clean pty.  This
-		is for SVr4 derivatives (Like Solaris)
-
-	UTMPX: For systems that have /etc/utmpx. This is for
-		SVr4 derivatives (Like Solaris)
-
-	Definitions for BSDI 1.0
-
-	Definitions for 4.3 Reno and 4.4 BSD.
-
-	Definitions for UNICOS 8.0 and UNICOS 7.C
-
-	Definitions for Solaris 2.0
-
-	Definitions for HP-UX 8.0
-
-	Latest Copyright notices from Berkeley.
-
-	FLOW-CONTROL: support for RFC-XXXx
-
-
-   Client Specific:
-
-	Fix the "send" command to not send garbage...
-
-	Fix status message for "skiprc"
-
-	Make sure to send NAWS after telnet has been suspended
-	or an external command has been run, if the window size
-	has changed.
-
-	sysV88 support.
-
-   Server Specific:
-
-	Support flowcontrol option in non-linemode servers.
-
-	-k Server supports Kludge Linemode, but will default to
-	   either single character mode or real Linemode support.
-	   The user will have to explicitly ask to switch into
-	   kludge linemode. ("stty extproc", or escape back to
-	   to telnet and say "mode line".)
-
-	-u Specify the length of the hostname field in the utmp
-	   file.  Hostname longer than this length will be put
-	   into the utmp file in dotted decimal notation, rather
-	   than putting in a truncated hostname.
-	
-	-U Registered hosts only.  If a reverse hostname lookup
-	   fails, the connection will be refused.
-
-	-f/-F
-	   Allows forwarding of credentials for KRB5.
-
-Februrary 22, 1991:
-
-    Features:
-
-	This version of telnet/telnetd has support for both
-	the AUTHENTICATION and ENCRYPTION options.  The
-	AUTHENTICATION option is fairly well defined, and
-	an option number has been assigned to it.  The
-	ENCRYPTION option is still in a state of flux; an
-	option number has been assigned to, but it is still
-	subject to change.  The code is provided in this release
-	for experimental and testing purposes.
-
-	The telnet "send" command can now be used to send
-	do/dont/will/wont commands, with any telnet option
-	name.  The rules for when do/dont/will/wont are sent
-	are still followed, so just because the user requests
-	that one of these be sent doesn't mean that it will
-	be sent...
-
-	The telnet "getstatus" command no longer requires
-	that option printing be enabled to see the response
-	to the "DO STATUS" command.
-
-	A -n flag has been added to telnetd to disable
-	keepalives.
-
-	A new telnet command, "auth" has been added (if
-	AUTHENTICATE is defined).  It has four sub-commands,
-	"status", "disable", "enable" and "help".
-
-	A new telnet command, "encrypt" has been added (if
-	ENCRYPT is defined).  It has many sub-commands:
-	"enable", "type", "start", "stop", "input",
-	"-input", "output", "-output", "status", and "help".
-
-	The LOGOUT option is now supported by both telnet
-	and telnetd, a new command, "logout", was added
-	to support this.
-
-	Several new toggle options were added:
-	    "autoencrypt", "autodecrypt", "autologin", "authdebug",
-	    "encdebug", "skiprc", "verbose_encrypt"
-
-	An "rlogin" interface has been added.  If the program
-	is named "rlogin", or the "-r" flag is given, then
-	an rlogin type of interface will be used.
-		~.	Terminates the session
-		~<susp> Suspend the session
-		~^]	Escape to telnet command mode
-		~~	Pass through the ~.
-	    BUG: If you type the rlogin escape character
-		 in the middle of a line while in rlogin
-		 mode, you cannot erase it or any characters
-		 before it.  Hopefully this can be fixed
-		 in a future release...
-
-    General changes:
-
-	A "libtelnet.a" has now been created.  This libraray
-	contains code that is common to both telnet and
-	telnetd.  This is also where library routines that
-	are needed, but are not in the standard C library,
-	are placed.
-
-	The makefiles have been re-done.  All of the site
-	specific configuration information has now been put
-	into a single "Config.generic" file, in the top level
-	directory.  Changing this one file will take care of
-	all three subdirectories.  Also, to add a new/local
-	definition, a "Config.local" file may be created
-	at the top level; if that file exists, the subdirectories
-	will use that file instead of "Config.generic".
-
-	Many 1-2 line functions in commands.c have been
-	removed, and just inserted in-line, or replaced
-	with a macro.
-
-    Bug Fixes:
-
-	The non-termio code in both telnet and telnetd was
-	setting/clearing CTLECH in the sg_flags word.  This
-	was incorrect, and has been changed to set/clear the
-	LCTLECH bit in the local mode word.
-
-	The SRCRT #define has been removed.  If IP_OPTIONS
-	and IPPROTO_IP are defined on the system, then the
-	source route code is automatically enabled.
-
-	The NO_GETTYTAB #define has been removed; there
-	is a compatability routine that can be built into
-	libtelnet to achive the same results.
-
-	The server, telnetd, has been switched to use getopt()
-	for parsing the argument list.
-
-	The code for getting the input/output speeds via
-	cfgetispeed()/cfgetospeed() was still not quite
-	right in telnet.  Posix says if the ispeed is 0,
-	then it is really equal to the ospeed.
-
-	The suboption processing code in telnet now has
-	explicit checks to make sure that we received
-	the entire suboption (telnetd was already doing this).
-
-	The telnet code for processing the terminal type
-	could cause a core dump if an existing connection
-	was closed, and a new connection opened without
-	exiting telnet.
-
-	Telnetd was doing a TCSADRAIN when setting the new
-	terminal settings;  This is not good, because it means
-	that the tcsetattr() will hang waiting for output to
-	drain, and telnetd is the only one that will drain
-	the output...  The fix is to use TCSANOW which does
-	not wait.
-
-	Telnetd was improperly setting/clearing the ISTRIP
-	flag in the c_lflag field, it should be using the
-	c_iflag field. 
-
-	When the child process of telnetd was opening the
-	slave side of the pty, it was re-setting the EXTPROC
-	bit too early, and some of the other initialization
-	code was wiping it out.  This would cause telnetd
-	to go out of linemode and into single character mode.
-
-	One instance of leaving linemode in telnetd forgot
-	to send a WILL ECHO to the client, the net result
-	would be that the user would see double character
-	echo.
-
-	If the MODE was being changed several times very
-	quickly, telnetd could get out of sync with the
-	state changes and the returning acks; and wind up
-	being left in the wrong state.
-
-September 14, 1990:
-
-	Switch the client to use getopt() for parsing the
-	argument list.  The 4.3Reno getopt.c is included for
-	systems that don't have getopt().
-
-	Use the posix _POSIX_VDISABLE value for what value
-	to use when disabling special characters.  If this
-	is undefined, it defaults to 0x3ff.
-
-	For non-termio systems, TIOCSETP was being used to
-	change the state of the terminal.  This causes the
-	input queue to be flushed, which we don't want.  This
-	is now changed to TIOCSETN.
-
-	Take out the "#ifdef notdef" around the code in the
-	server that generates a "sync" when the pty oputput
-	is flushed.  The potential problem is that some older
-	telnet clients may go into an infinate loop when they
-	receive a "sync", if so, the server can be compiled
-	with "NO_URGENT" defined.
-
-	Fix the client where it was setting/clearing the OPOST
-	bit in the c_lflag field, not the c_oflag field.
-
-	Fix the client where it was setting/clearing the ISTRIP
-	bit in the c_lflag field, not the c_iflag field.  (On
-	4.3Reno, this is the ECHOPRT bit in the c_lflag field.)
-	The client also had its interpretation of WILL BINARY
-	and DO BINARY reversed.
-
-	Fix a bug in client that would cause a core dump when
-	attempting to remove the last environment variable.
-
-	In the client, there were a few places were switch()
-	was being passed a character, and if it was a negative
-	value, it could get sign extended, and not match
-	the 8 bit case statements.  The fix is to and the
-	switch value with 0xff.
-
-	Add a couple more printoption() calls in the client, I
-	don't think there are any more places were a telnet
-	command can be received and not printed out when
-	"options" is on.
-
-	A new flag has been added to the client, "-a".  Currently,
-	this just causes the USER name to be sent across, in
-	the future this may be used to signify that automatic
-	authentication is requested.
-
-	The USER variable is now only sent by the client if
-	the "-a" or "-l user" options are explicity used, or
-	if the user explicitly asks for the "USER" environment
-	variable to be exported.  In the server, if it receives
-	the "USER" environment variable, it won't print out the
-	banner message, so that only "Password:" will be printed.
-	This makes the symantics more like rlogin, and should be
-	more familiar to the user.  (People are not used to
-	getting a banner message, and then getting just a
-	"Password:" prompt.)
-
-	Re-vamp the code for starting up the child login
-	process.  The code was getting ugly, and it was
-	hard to tell what was really going on.  What we
-	do now is after the fork(), in the child:
-		1) make sure we have no controlling tty
-		2) open and initialize the tty
-		3) do a setsid()/setpgrp()
-		4) makes the tty our controlling tty.
-	On some systems, #2 makes the tty our controlling
-	tty, and #4 is a no-op.  The parent process does
-	a gets rid of any controlling tty after the child
-	is fork()ed.
-
-	Use the strdup() library routine in telnet, instead
-	of the local savestr() routine.  If you don't have
-	strdup(), you need to define NO_STRDUP.
-
-	Add support for ^T (SIGINFO/VSTATUS), found in the
-	4.3Reno distribution.  This maps to the AYT character.
-	You need a 4-line bugfix in the kernel to get this
-	to work properly:
-
-	> *** tty_pty.c.ORG	Tue Sep 11 09:41:53 1990
-	> --- tty_pty.c	Tue Sep 11 17:48:03 1990
-	> ***************
-	> *** 609,613 ****
-	> 			if ((tp->t_lflag&NOFLSH) == 0)
-	> 				ttyflush(tp, FREAD|FWRITE);
-	> ! 			pgsignal(tp->t_pgrp, *(unsigned int *)data);
-	> 			return(0);
-	> 		}
-	> --- 609,616 ----
-	> 			if ((tp->t_lflag&NOFLSH) == 0)
-	> 				ttyflush(tp, FREAD|FWRITE);
-	> ! 			pgsignal(tp->t_pgrp, *(unsigned int *)data, 1);
-	> ! 			if ((*(unsigned int *)data == SIGINFO) &&
-	> ! 			    ((tp->t_lflag&NOKERNINFO) == 0))
-	> ! 				ttyinfo(tp);
-	> 			return(0);
-	> 		}
-
-	The client is now smarter when setting the telnet escape
-	character; it only sets it to one of VEOL and VEOL2 if
-	one of them is undefined, and the other one is not already
-	defined to the telnet escape character.
-
-	Handle TERMIOS systems that have seperate input and output
-	line speed settings imbedded in the flags.
-
-	Many other minor bug fixes.
-
-June 20, 1990:
-	Re-organize makefiles and source tree.  The telnet/Source
-	directory is now gone, and all the source that was in
-	telnet/Source is now just in the telnet directory.
-
-	Seperate makefile for each system are now gone.  There
-	are two makefiles, Makefile and Makefile.generic.
-	The "Makefile" has the definitions for the various
-	system, and "Makefile.generic" does all the work.
-	There is a variable called "WHAT" that is used to
-	specify what to make.  For example, in the telnet
-	directory, you might say:
-		make 4.4bsd WHAT=clean
-	to clean out the directory.
-
-	Add support for the ENVIRON and XDISPLOC options.
-	In order for the server to work, login has to have
-	the "-p" option to preserve environment variables.
-
-	Add the SOFT_TAB and LIT_ECHO modes in the LINEMODE support.
-
-	Add the "-l user" option to command line and open command
-	(This is passed through the ENVIRON option).
-
-	Add the "-e" command line option, for setting the escape
-	character.
-
-	Add the "-D", diagnostic, option to the server.  This allows
-	the server to print out debug information, which is very
-	useful when trying to debug a telnet that doesn't have any
-	debugging ability.
-
-	Turn off the literal next character when not in LINEMODE.
-
-	Don't recognize ^Y locally, just pass it through.
-
-	Make minor modifications for Sun4.0 and Sun4.1
-
-	Add support for both FORW1 and FORW2 characters.  The
-	telnet escpape character is set to whichever of the
-	two is not being used.  If both are in use, the escape
-	character is not set, so when in linemode the user will
-	have to follow the escape character with a <CR> or <EOF)
-	to get it passed through.
-
-	Commands can now be put in single and double quotes, and
-	a backslash is now an escape character.  This is needed
-	for allowing arbitrary strings to be assigned to environment
-	variables.
-
-	Switch telnetd to use macros like telnet for keeping
-	track of the state of all the options.
-
-	Fix telnetd's processing of options so that we always do
-	the right processing of the LINEMODE option, regardless
-	of who initiates the request to turn it on.  Also, make
-	sure that if the other side went "WILL ECHO" in response
-	to our "DO ECHO", that we send a "DONT ECHO" to get the
-	option turned back off!
-
-	Fix the TERMIOS setting of the terminal speed to handle both
-	BSD's seperate fields, and the SYSV method of CBAUD bits.
-
-	Change how we deal with the other side refusing to enable
-	an option.  The sequence used to be: send DO option; receive
-	WONT option; send DONT option.  Now, the sequence is: send
-	DO option; receive WONT option.  Both should be valid
-	according to the spec, but there has been at least one
-	client implementation of telnet identified that can get
-	really confused by this.  (The exact sequence, from a trace
-	on the server side, is (numbers are number of responses that
-	we expect to get after that line...):
-
-		send WILL ECHO	1 (initial request)
-		send WONT ECHO	2 (server is changing state)
-		recv DO ECHO	1 (first reply, ok.  expect DONT ECHO next)
-		send WILL ECHO	2 (server changes state again)
-		recv DONT ECHO	1 (second reply, ok.  expect DO ECHO next)
-		recv DONT ECHO	0 (third reply, wrong answer. got DONT!!!)
-	***	send WONT ECHO	  (send WONT to acknowledge the DONT)
-		send WILL ECHO	1 (ask again to enable option)
-		recv DO ECHO	0
-
-		recv DONT ECHO	0
-		send WONT ECHO	1
-		recv DONT ECHO	0
-		recv DO ECHO	1
-		send WILL ECHO	0
-		(and the last 5 lines loop forever)
-
-	The line with the "***" is last of the WILL/DONT/WONT sequence.
-	The change to the server to not generate that makes this same
-	example become:
-
-		send will ECHO	1
-		send wont ECHO	2
-		recv do ECHO	1
-		send will ECHO	2
-		recv dont ECHO	1
-		recv dont ECHO	0
-		recv do ECHO	1
-		send will ECHO	0
-
-	There is other option negotiation going on, and not sending
-	the third part changes some of the timings, but this specific
-	example no longer gets stuck in a loop.  The "telnet.state"
-	file has been modified to reflect this change to the algorithm.
-
-	A bunch of miscellaneous bug fixes and changes to make
-	lint happier.
-
-	This version of telnet also has some KERBEROS stuff in
-	it. This has not been tested, it uses an un-authorized
-	telnet option number, and uses an out-of-date version
-	of the (still being defined) AUTHENTICATION option.
-	There is no support for this code, do not enable it.
-
-
-March 1, 1990:
-CHANGES/BUGFIXES SINCE LAST RELEASE:
-	Some support for IP TOS has been added.  Requires that the
-	kernel support the IP_TOS socket option (currently this
-	is only in UNICOS 6.0).
-
-	Both telnet and telnetd now use the cc_t typedef.  typedefs are
-	included for systems that don't have it (in termios.h).
-
-	SLC_SUSP was not supported properly before.  It is now.
-
-	IAC EOF was not translated  properly in telnetd for SYSV_TERMIO
-	when not in linemode.  It now saves a copy of the VEOF character,
-	so that when ICANON is turned off and we can't trust it anymore
-	(because it is now the VMIN character) we use the saved value.
-
-	There were two missing "break" commands in the linemode
-	processing code in telnetd.
-
-	Telnetd wasn't setting the kernel window size information
-	properly.  It was using the rows for both rows and columns...
-
-Questions/comments go to
-		David Borman
-		Cray Research, Inc.
-		655F Lone Oak Drive
-		Eagan, MN 55123
-		dab@cray.com.
-
-README:	You are reading it.
-
-Config.generic:
-	This file contains all the OS specific definitions.  It
-	has pre-definitions for many common system types, and is
-	in standard makefile fromat.  See the comments at the top
-	of the file for more information.
-
-Config.local:
-	This is not part of the distribution, but if this file exists,
-	it is used instead of "Config.generic".  This allows site
-	specific configuration without having to modify the distributed
-	"Config.generic" file.
-
-kern.diff:
-	This file contains the diffs for the changes needed for the
-	kernel to support LINEMODE is the server.  These changes are
-	for a 4.3BSD system.  You may need to make some changes for
-	your particular system.
-
-	There is a new bit in the terminal state word, TS_EXTPROC.
-	When this bit is set, several aspects of the terminal driver
-	are disabled.  Input line editing, character echo, and
-	mapping of signals are all disabled.  This allows the telnetd
-	to turn of these functions when in linemode, but still keep
-	track of what state the user wants the terminal to be in.
-
-	New ioctl()s:
-
-		TIOCEXT		Turn on/off the TS_EXTPROC bit
-		TIOCGSTATE	Get t_state of tty to look at TS_EXTPROC bit
-		TIOCSIG		Generate a signal to processes in the
-				current process group of the pty.
-
-	There is a new mode for packet driver, the TIOCPKT_IOCTL bit.
-	When packet mode is turned on in the pty, and the TS_EXTPROC
-	bit is set, then whenever the state of the pty is changed, the
-	next read on the master side of the pty will have the TIOCPKT_IOCTL
-	bit set, and the data will contain the following:
-		struct xx {
-			struct sgttyb a;
-			struct tchars b;
-			struct ltchars c;
-			int t_state;
-			int t_flags;
-		}
-	This allows the process on the server side of the pty to know
-	when the state of the terminal has changed, and what the new
-	state is.
-
-	However, if you define USE_TERMIO or SYSV_TERMIO, the code will
-	expect that the structure returned in the TIOCPKT_IOCTL is
-	the termio/termios structure.
-
-stty.diff:
-	This file contains the changes needed for the stty(1) program
-	to report on the current status of the TS_EXTPROC bit.  It also
-	allows the user to turn on/off the TS_EXTPROC bit.  This is useful
-	because it allows the user to say "stty -extproc", and the
-	LINEMODE option will be automatically disabled, and saying "stty
-	extproc" will re-enable the LINEMODE option.
-
-telnet.state:
-	Both the client and server have code in them to deal
-	with option negotiation loops.  The algorithm that is
-	used is described in this file.
-
-telnet:
-	This directory contains the client code.  No kernel changes are
-	needed to use this code.
-
-telnetd:
-	This directory contains the server code.  If LINEMODE or KLUDGELINEMODE
-	are defined, then the kernel modifications listed above are needed.
-
-libtelnet:
-	This directory contains code that is common to both the client
-	and the server.
-
-arpa:
-	This directory has a new <arpa/telnet.h>
-
-libtelnet/Makefile.4.4:
-telnet/Makefile.4.4:
-telnetd/Makefile.4.4:
-	These are the makefiles that can be used on a 4.3Reno
-	system when this software is installed in /usr/src/lib/libtelnet,
-	/usr/src/libexec/telnetd, and /usr/src/usr.bin/telnet.
-
-
-The following TELNET options are supported:
-	
-	LINEMODE:
-		The LINEMODE option is supported as per RFC1116.  The
-		FORWARDMASK option is not currently supported.
-
-	BINARY: The client has the ability to turn on/off the BINARY
-		option in each direction.  Turning on BINARY from
-		server to client causes the LITOUT bit to get set in
-		the terminal driver on both ends,  turning on BINARY
-		from the client to the server causes the PASS8 bit
-		to get set in the terminal driver on both ends.
-
-	TERMINAL-TYPE:
-		This is supported as per RFC1091.  On the server side,
-		when a terminal type is received, termcap/terminfo
-		is consulted to determine if it is a known terminal
-		type.  It keeps requesting terminal types until it
-		gets one that it recongnizes, or hits the end of the
-		list.  The server side looks up the entry in the
-		termcap/terminfo data base, and generates a list of
-		names which it then passes one at a time to each
-		request for a terminal type, duplicating the last
-		entry in the list before cycling back to the beginning.
-
-	NAWS:	The Negotiate about Window Size, as per RFC 1073.
-
-	TERMINAL-SPEED:
-		Implemented as per RFC 1079
-
-	TOGGLE-FLOW-CONTROL:
-		Implemented as per RFC 1080
-
-	TIMING-MARK:
-		As per RFC 860
-
-	SGA:	As per RFC 858
-
-	ECHO:	As per RFC 857
-
-	LOGOUT: As per RFC 727
-
-	STATUS:
-		The server will send its current status upon
-		request.  It does not ask for the clients status.
-		The client will request the servers current status
-		from the "send getstatus" command.
-
-	ENVIRON:
-		This option is currently being defined by the IETF
-		Telnet Working Group, and an RFC has not yet been
-		issued, but should be in the near future...
-
-	X-DISPLAY-LOCATION:
-		This functionality can be done through the ENVIRON
-		option, it is added here for completeness.
-
-	AUTHENTICATION:
-		This option is currently being defined by the IETF
-		Telnet Working Group, and an RFC has not yet been
-		issued.  The basic framework is pretty much decided,
-		but the definitions for the specific authentication
-		schemes is still in a state of flux.
-
-	ENCRYPTION:
-		This option is currently being defined by the IETF
-		Telnet Working Group, and an RFC has not yet been
-		issued.  The draft RFC is still in a state of flux,
-		so this code may change in the future.
diff --git a/crypto/heimdal/appl/telnet/arpa/telnet.h b/crypto/heimdal/appl/telnet/arpa/telnet.h
deleted file mode 100644
index 5d9ef6001621..000000000000
--- a/crypto/heimdal/appl/telnet/arpa/telnet.h
+++ /dev/null
@@ -1,323 +0,0 @@
-/*
- * Copyright (c) 1983, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)telnet.h	8.2 (Berkeley) 12/15/93
- */
-
-#ifndef _TELNET_H_
-#define	_TELNET_H_
-
-/*
- * Definitions for the TELNET protocol.
- */
-#define	IAC	255		/* interpret as command: */
-#define	DONT	254		/* you are not to use option */
-#define	DO	253		/* please, you use option */
-#define	WONT	252		/* I won't use option */
-#define	WILL	251		/* I will use option */
-#define	SB	250		/* interpret as subnegotiation */
-#define	GA	249		/* you may reverse the line */
-#define	EL	248		/* erase the current line */
-#define	EC	247		/* erase the current character */
-#define	AYT	246		/* are you there */
-#define	AO	245		/* abort output--but let prog finish */
-#define	IP	244		/* interrupt process--permanently */
-#define	BREAK	243		/* break */
-#define	DM	242		/* data mark--for connect. cleaning */
-#define	NOP	241		/* nop */
-#define	SE	240		/* end sub negotiation */
-#define EOR     239             /* end of record (transparent mode) */
-#define	ABORT	238		/* Abort process */
-#define	SUSP	237		/* Suspend process */
-#define	xEOF	236		/* End of file: EOF is already used... */
-
-#define SYNCH	242		/* for telfunc calls */
-
-#ifdef TELCMDS
-char *telcmds[] = {
-	"EOF", "SUSP", "ABORT", "EOR",
-	"SE", "NOP", "DMARK", "BRK", "IP", "AO", "AYT", "EC",
-	"EL", "GA", "SB", "WILL", "WONT", "DO", "DONT", "IAC", 0,
-};
-#else
-extern char *telcmds[];
-#endif
-
-#define	TELCMD_FIRST	xEOF
-#define	TELCMD_LAST	IAC
-#define	TELCMD_OK(x)	((unsigned int)(x) <= TELCMD_LAST && \
-			 (unsigned int)(x) >= TELCMD_FIRST)
-#define	TELCMD(x)	telcmds[(x)-TELCMD_FIRST]
-
-/* telnet options */
-#define TELOPT_BINARY	0	/* 8-bit data path */
-#define TELOPT_ECHO	1	/* echo */
-#define	TELOPT_RCP	2	/* prepare to reconnect */
-#define	TELOPT_SGA	3	/* suppress go ahead */
-#define	TELOPT_NAMS	4	/* approximate message size */
-#define	TELOPT_STATUS	5	/* give status */
-#define	TELOPT_TM	6	/* timing mark */
-#define	TELOPT_RCTE	7	/* remote controlled transmission and echo */
-#define TELOPT_NAOL 	8	/* negotiate about output line width */
-#define TELOPT_NAOP 	9	/* negotiate about output page size */
-#define TELOPT_NAOCRD	10	/* negotiate about CR disposition */
-#define TELOPT_NAOHTS	11	/* negotiate about horizontal tabstops */
-#define TELOPT_NAOHTD	12	/* negotiate about horizontal tab disposition */
-#define TELOPT_NAOFFD	13	/* negotiate about formfeed disposition */
-#define TELOPT_NAOVTS	14	/* negotiate about vertical tab stops */
-#define TELOPT_NAOVTD	15	/* negotiate about vertical tab disposition */
-#define TELOPT_NAOLFD	16	/* negotiate about output LF disposition */
-#define TELOPT_XASCII	17	/* extended ascic character set */
-#define	TELOPT_LOGOUT	18	/* force logout */
-#define	TELOPT_BM	19	/* byte macro */
-#define	TELOPT_DET	20	/* data entry terminal */
-#define	TELOPT_SUPDUP	21	/* supdup protocol */
-#define	TELOPT_SUPDUPOUTPUT 22	/* supdup output */
-#define	TELOPT_SNDLOC	23	/* send location */
-#define	TELOPT_TTYPE	24	/* terminal type */
-#define	TELOPT_EOR	25	/* end or record */
-#define	TELOPT_TUID	26	/* TACACS user identification */
-#define	TELOPT_OUTMRK	27	/* output marking */
-#define	TELOPT_TTYLOC	28	/* terminal location number */
-#define	TELOPT_3270REGIME 29	/* 3270 regime */
-#define	TELOPT_X3PAD	30	/* X.3 PAD */
-#define	TELOPT_NAWS	31	/* window size */
-#define	TELOPT_TSPEED	32	/* terminal speed */
-#define	TELOPT_LFLOW	33	/* remote flow control */
-#define TELOPT_LINEMODE	34	/* Linemode option */
-#define TELOPT_XDISPLOC	35	/* X Display Location */
-#define TELOPT_OLD_ENVIRON 36	/* Old - Environment variables */
-#define	TELOPT_AUTHENTICATION 37/* Authenticate */
-#define	TELOPT_ENCRYPT	38	/* Encryption option */
-#define TELOPT_NEW_ENVIRON 39	/* New - Environment variables */
-#define	TELOPT_EXOPL	255	/* extended-options-list */
-
-
-#define	NTELOPTS	(1+TELOPT_NEW_ENVIRON)
-#ifdef TELOPTS
-char *telopts[NTELOPTS+1] = {
-	"BINARY", "ECHO", "RCP", "SUPPRESS GO AHEAD", "NAME",
-	"STATUS", "TIMING MARK", "RCTE", "NAOL", "NAOP",
-	"NAOCRD", "NAOHTS", "NAOHTD", "NAOFFD", "NAOVTS",
-	"NAOVTD", "NAOLFD", "EXTEND ASCII", "LOGOUT", "BYTE MACRO",
-	"DATA ENTRY TERMINAL", "SUPDUP", "SUPDUP OUTPUT",
-	"SEND LOCATION", "TERMINAL TYPE", "END OF RECORD",
-	"TACACS UID", "OUTPUT MARKING", "TTYLOC",
-	"3270 REGIME", "X.3 PAD", "NAWS", "TSPEED", "LFLOW",
-	"LINEMODE", "XDISPLOC", "OLD-ENVIRON", "AUTHENTICATION",
-	"ENCRYPT", "NEW-ENVIRON",
-	0,
-};
-#define	TELOPT_FIRST	TELOPT_BINARY
-#define	TELOPT_LAST	TELOPT_NEW_ENVIRON
-#define	TELOPT_OK(x)	((unsigned int)(x) <= TELOPT_LAST)
-#define	TELOPT(x)	telopts[(x)-TELOPT_FIRST]
-#endif
-
-/* sub-option qualifiers */
-#define	TELQUAL_IS	0	/* option is... */
-#define	TELQUAL_SEND	1	/* send option */
-#define	TELQUAL_INFO	2	/* ENVIRON: informational version of IS */
-#define	TELQUAL_REPLY	2	/* AUTHENTICATION: client version of IS */
-#define	TELQUAL_NAME	3	/* AUTHENTICATION: client version of IS */
-
-#define	LFLOW_OFF		0	/* Disable remote flow control */
-#define	LFLOW_ON		1	/* Enable remote flow control */
-#define	LFLOW_RESTART_ANY	2	/* Restart output on any char */
-#define	LFLOW_RESTART_XON	3	/* Restart output only on XON */
-
-/*
- * LINEMODE suboptions
- */
-
-#define	LM_MODE		1
-#define	LM_FORWARDMASK	2
-#define	LM_SLC		3
-
-#define	MODE_EDIT	0x01
-#define	MODE_TRAPSIG	0x02
-#define	MODE_ACK	0x04
-#define MODE_SOFT_TAB	0x08
-#define MODE_LIT_ECHO	0x10
-
-#define	MODE_MASK	0x1f
-
-/* Not part of protocol, but needed to simplify things... */
-#define MODE_FLOW		0x0100
-#define MODE_ECHO		0x0200
-#define MODE_INBIN		0x0400
-#define MODE_OUTBIN		0x0800
-#define MODE_FORCE		0x1000
-
-#define	SLC_SYNCH	1
-#define	SLC_BRK		2
-#define	SLC_IP		3
-#define	SLC_AO		4
-#define	SLC_AYT		5
-#define	SLC_EOR		6
-#define	SLC_ABORT	7
-#define	SLC_EOF		8
-#define	SLC_SUSP	9
-#define	SLC_EC		10
-#define	SLC_EL		11
-#define	SLC_EW		12
-#define	SLC_RP		13
-#define	SLC_LNEXT	14
-#define	SLC_XON		15
-#define	SLC_XOFF	16
-#define	SLC_FORW1	17
-#define	SLC_FORW2	18
-
-#define	NSLC		18
-
-/*
- * For backwards compatability, we define SLC_NAMES to be the
- * list of names if SLC_NAMES is not defined.
- */
-#define	SLC_NAMELIST	"0", "SYNCH", "BRK", "IP", "AO", "AYT", "EOR", \
-			"ABORT", "EOF", "SUSP", "EC", "EL", "EW", "RP", \
-			"LNEXT", "XON", "XOFF", "FORW1", "FORW2", 0,
-#ifdef	SLC_NAMES
-char *slc_names[] = {
-	SLC_NAMELIST
-};
-#else
-extern char *slc_names[];
-#define	SLC_NAMES SLC_NAMELIST
-#endif
-
-#define	SLC_NAME_OK(x)	((unsigned int)(x) <= NSLC)
-#define SLC_NAME(x)	slc_names[x]
-
-#define	SLC_NOSUPPORT	0
-#define	SLC_CANTCHANGE	1
-#define	SLC_VARIABLE	2
-#define	SLC_DEFAULT	3
-#define	SLC_LEVELBITS	0x03
-
-#define	SLC_FUNC	0
-#define	SLC_FLAGS	1
-#define	SLC_VALUE	2
-
-#define	SLC_ACK		0x80
-#define	SLC_FLUSHIN	0x40
-#define	SLC_FLUSHOUT	0x20
-
-#define	OLD_ENV_VAR	1
-#define	OLD_ENV_VALUE	0
-#define	NEW_ENV_VAR	0
-#define	NEW_ENV_VALUE	1
-#define	ENV_ESC		2
-#define ENV_USERVAR	3
-
-/*
- * AUTHENTICATION suboptions
- */
-
-/*
- * Who is authenticating who ...
- */
-#define	AUTH_WHO_CLIENT		0	/* Client authenticating server */
-#define	AUTH_WHO_SERVER		1	/* Server authenticating client */
-#define	AUTH_WHO_MASK		1
-
-/*
- * amount of authentication done
- */
-#define	AUTH_HOW_ONE_WAY	0
-#define	AUTH_HOW_MUTUAL		2
-#define	AUTH_HOW_MASK		2
-
-#define	AUTHTYPE_NULL		0
-#define	AUTHTYPE_KERBEROS_V4	1
-#define	AUTHTYPE_KERBEROS_V5	2
-#define	AUTHTYPE_SPX		3
-#define	AUTHTYPE_MINK		4
-#define	AUTHTYPE_SRA		5
-#define	AUTHTYPE_CNT		6
-/* #define	AUTHTYPE_UNSECURE 6 */
-
-#define	AUTHTYPE_TEST		99
-
-#ifdef	AUTH_NAMES
-char *authtype_names[] = {
-	"NULL", "KERBEROS_V4", "KERBEROS_V5", "SPX", "MINK",
-	"SRA", 0,
-};
-#else
-extern char *authtype_names[];
-#endif
-
-#define	AUTHTYPE_NAME_OK(x)	((unsigned int)(x) < AUTHTYPE_CNT)
-#define	AUTHTYPE_NAME(x)	authtype_names[x]
-
-/*
- * ENCRYPTion suboptions
- */
-#define	ENCRYPT_IS		0	/* I pick encryption type ... */
-#define	ENCRYPT_SUPPORT		1	/* I support encryption types ... */
-#define	ENCRYPT_REPLY		2	/* Initial setup response */
-#define	ENCRYPT_START		3	/* Am starting to send encrypted */
-#define	ENCRYPT_END		4	/* Am ending encrypted */
-#define	ENCRYPT_REQSTART	5	/* Request you start encrypting */
-#define	ENCRYPT_REQEND		6	/* Request you send encrypting */
-#define	ENCRYPT_ENC_KEYID	7
-#define	ENCRYPT_DEC_KEYID	8
-#define	ENCRYPT_CNT		9
-
-#define	ENCTYPE_ANY		0
-#define	ENCTYPE_DES_CFB64	1
-#define	ENCTYPE_DES_OFB64	2
-#define	ENCTYPE_CNT		3
-
-#ifdef	ENCRYPT_NAMES
-char *encrypt_names[] = {
-	"IS", "SUPPORT", "REPLY", "START", "END",
-	"REQUEST-START", "REQUEST-END", "ENC-KEYID", "DEC-KEYID",
-	0,
-};
-char *enctype_names[] = {
-	"ANY", "DES_CFB64",  "DES_OFB64",  0,
-};
-#else
-extern char *encrypt_names[];
-extern char *enctype_names[];
-#endif
-
-
-#define	ENCRYPT_NAME_OK(x)	((unsigned int)(x) < ENCRYPT_CNT)
-#define	ENCRYPT_NAME(x)		encrypt_names[x]
-
-#define	ENCTYPE_NAME_OK(x)	((unsigned int)(x) < ENCTYPE_CNT)
-#define	ENCTYPE_NAME(x)		enctype_names[x]
-
-#endif /* !_TELNET_H_ */
diff --git a/crypto/heimdal/appl/telnet/libtelnet/Makefile.am b/crypto/heimdal/appl/telnet/libtelnet/Makefile.am
deleted file mode 100644
index 60786baa62dc..000000000000
--- a/crypto/heimdal/appl/telnet/libtelnet/Makefile.am
+++ /dev/null
@@ -1,24 +0,0 @@
-# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-AM_CPPFLAGS += -I$(srcdir)/.. $(INCLUDE_krb4) $(INCLUDE_hcrypto)
-
-noinst_LIBRARIES = libtelnet.a
-
-libtelnet_a_SOURCES = \
-	auth-proto.h	\
-	auth.c		\
-	auth.h		\
-	enc-proto.h	\
-	enc_des.c	\
-	encrypt.c	\
-	encrypt.h	\
-	genget.c	\
-	kerberos.c	\
-	kerberos5.c	\
-	misc-proto.h	\
-	misc.c		\
-	misc.h
-
-EXTRA_DIST = krb4encpwd.c rsaencpwd.c spx.c
diff --git a/crypto/heimdal/appl/telnet/libtelnet/Makefile.in b/crypto/heimdal/appl/telnet/libtelnet/Makefile.in
deleted file mode 100644
index cb00e59e5ff5..000000000000
--- a/crypto/heimdal/appl/telnet/libtelnet/Makefile.in
+++ /dev/null
@@ -1,764 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common
-subdir = appl/telnet/libtelnet
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-LIBRARIES = $(noinst_LIBRARIES)
-ARFLAGS = cru
-libtelnet_a_AR = $(AR) $(ARFLAGS)
-libtelnet_a_LIBADD =
-am_libtelnet_a_OBJECTS = auth.$(OBJEXT) enc_des.$(OBJEXT) \
-	encrypt.$(OBJEXT) genget.$(OBJEXT) kerberos.$(OBJEXT) \
-	kerberos5.$(OBJEXT) misc.$(OBJEXT)
-libtelnet_a_OBJECTS = $(am_libtelnet_a_OBJECTS)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-SOURCES = $(libtelnet_a_SOURCES)
-DIST_SOURCES = $(libtelnet_a_SOURCES)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
-	-I$(srcdir)/.. $(INCLUDE_krb4) $(INCLUDE_hcrypto)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-noinst_LIBRARIES = libtelnet.a
-libtelnet_a_SOURCES = \
-	auth-proto.h	\
-	auth.c		\
-	auth.h		\
-	enc-proto.h	\
-	enc_des.c	\
-	encrypt.c	\
-	encrypt.h	\
-	genget.c	\
-	kerberos.c	\
-	kerberos5.c	\
-	misc-proto.h	\
-	misc.c		\
-	misc.h
-
-EXTRA_DIST = krb4encpwd.c rsaencpwd.c spx.c
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps appl/telnet/libtelnet/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps appl/telnet/libtelnet/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-clean-noinstLIBRARIES:
-	-test -z "$(noinst_LIBRARIES)" || rm -f $(noinst_LIBRARIES)
-libtelnet.a: $(libtelnet_a_OBJECTS) $(libtelnet_a_DEPENDENCIES) 
-	-rm -f libtelnet.a
-	$(libtelnet_a_AR) libtelnet.a $(libtelnet_a_OBJECTS) $(libtelnet_a_LIBADD)
-	$(RANLIB) libtelnet.a
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(LIBRARIES) all-local
-installdirs:
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool clean-noinstLIBRARIES \
-	mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
-	clean clean-generic clean-libtool clean-noinstLIBRARIES ctags \
-	dist-hook distclean distclean-compile distclean-generic \
-	distclean-libtool distclean-tags distdir dvi dvi-am html \
-	html-am info info-am install install-am install-data \
-	install-data-am install-data-hook install-dvi install-dvi-am \
-	install-exec install-exec-am install-exec-hook install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-ps install-ps-am \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
-	pdf pdf-am ps ps-am tags uninstall uninstall-am uninstall-hook
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/telnet/libtelnet/auth-proto.h b/crypto/heimdal/appl/telnet/libtelnet/auth-proto.h
deleted file mode 100644
index 4f2e2457bb03..000000000000
--- a/crypto/heimdal/appl/telnet/libtelnet/auth-proto.h
+++ /dev/null
@@ -1,124 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)auth-proto.h	8.1 (Berkeley) 6/4/93
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-/* $Id: auth-proto.h 11288 2002-08-28 20:56:14Z joda $ */
-
-#ifdef AUTHENTICATION
-Authenticator *findauthenticator (int, int);
-
-int auth_wait (char *, size_t);
-void auth_disable_name (char *);
-void auth_finished (Authenticator *, int);
-void auth_gen_printsub (unsigned char *, int, unsigned char *, int);
-void auth_init (const char *, int);
-void auth_is (unsigned char *, int);
-void auth_name(unsigned char*, int);
-void auth_reply (unsigned char *, int);
-void auth_request (void);
-void auth_send (unsigned char *, int);
-void auth_send_retry (void);
-void auth_printsub(unsigned char*, int, unsigned char*, int);
-int getauthmask(char *type, int *maskp);
-int auth_enable(char *type);
-int auth_disable(char *type);
-int auth_onoff(char *type, int on);
-int auth_togdebug(int on);
-int auth_status(void);
-int auth_sendname(unsigned char *cp, int len);
-void auth_debug(int mode);
-void auth_gen_printsub(unsigned char *data, int cnt,
-		       unsigned char *buf, int buflen);
-
-#ifdef UNSAFE
-int unsafe_init (Authenticator *, int);
-int unsafe_send (Authenticator *);
-void unsafe_is (Authenticator *, unsigned char *, int);
-void unsafe_reply (Authenticator *, unsigned char *, int);
-int unsafe_status (Authenticator *, char *, int);
-void unsafe_printsub (unsigned char *, int, unsigned char *, int);
-#endif
-
-#ifdef SRA
-int sra_init (Authenticator *, int);
-int sra_send (Authenticator *);
-void sra_is (Authenticator *, unsigned char *, int);
-void sra_reply (Authenticator *, unsigned char *, int);
-int sra_status (Authenticator *, char *, int);
-void sra_printsub (unsigned char *, int, unsigned char *, int);
-#endif
-
-#ifdef	KRB4
-int kerberos4_init (Authenticator *, int);
-int kerberos4_send_mutual (Authenticator *);
-int kerberos4_send_oneway (Authenticator *);
-void kerberos4_is (Authenticator *, unsigned char *, int);
-void kerberos4_reply (Authenticator *, unsigned char *, int);
-int kerberos4_status (Authenticator *, char *, size_t, int);
-void kerberos4_printsub (unsigned char *, int, unsigned char *, int);
-int kerberos4_forward(Authenticator *ap, void *);
-#endif
-
-#ifdef	KRB5
-int kerberos5_init (Authenticator *, int);
-int kerberos5_send_mutual (Authenticator *);
-int kerberos5_send_oneway (Authenticator *);
-void kerberos5_is (Authenticator *, unsigned char *, int);
-void kerberos5_reply (Authenticator *, unsigned char *, int);
-int kerberos5_status (Authenticator *, char *, size_t, int);
-void kerberos5_printsub (unsigned char *, int, unsigned char *, int);
-int kerberos5_set_forward(int);
-int kerberos5_set_forwardable(int);
-#endif
-#endif
diff --git a/crypto/heimdal/appl/telnet/libtelnet/auth.c b/crypto/heimdal/appl/telnet/libtelnet/auth.c
deleted file mode 100644
index 13253034d176..000000000000
--- a/crypto/heimdal/appl/telnet/libtelnet/auth.c
+++ /dev/null
@@ -1,660 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-#include <config.h>
-
-RCSID("$Id: auth.c 10809 2002-01-18 12:58:49Z joda $");
-
-#if	defined(AUTHENTICATION)
-#include <stdio.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#include <signal.h>
-#define	AUTH_NAMES
-#ifdef HAVE_ARPA_TELNET_H
-#include <arpa/telnet.h>
-#endif
-#include <stdlib.h>
-#include <string.h>
-
-#include <roken.h>
-
-#ifdef SOCKS
-#include <socks.h>
-#endif
-
-#include "encrypt.h"
-#include "auth.h"
-#include "misc-proto.h"
-#include "auth-proto.h"
-
-#define	typemask(x)		(1<<((x)-1))
-
-#ifdef	KRB4_ENCPWD
-extern krb4encpwd_init();
-extern krb4encpwd_send();
-extern krb4encpwd_is();
-extern krb4encpwd_reply();
-extern krb4encpwd_status();
-extern krb4encpwd_printsub();
-#endif
-
-#ifdef	RSA_ENCPWD
-extern rsaencpwd_init();
-extern rsaencpwd_send();
-extern rsaencpwd_is();
-extern rsaencpwd_reply();
-extern rsaencpwd_status();
-extern rsaencpwd_printsub();
-#endif
-
-int auth_debug_mode = 0;
-int auth_has_failed  = 0;
-int auth_enable_encrypt = 0;
-static 	const	char	*Name = "Noname";
-static	int	Server = 0;
-static	Authenticator	*authenticated = 0;
-static	int	authenticating = 0;
-static	int	validuser = 0;
-static	unsigned char	_auth_send_data[256];
-static	unsigned char	*auth_send_data;
-static	int	auth_send_cnt = 0;
-
-/*
- * Authentication types supported.  Plese note that these are stored
- * in priority order, i.e. try the first one first.
- */
-Authenticator authenticators[] = {
-#ifdef UNSAFE
-    { AUTHTYPE_UNSAFE, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
-      unsafe_init,
-      unsafe_send,
-      unsafe_is,
-      unsafe_reply,
-      unsafe_status,
-      unsafe_printsub },
-#endif
-#ifdef SRA
-    { AUTHTYPE_SRA, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
-      sra_init,
-      sra_send,
-      sra_is,
-      sra_reply,
-      sra_status,
-      sra_printsub },
-#endif
-#ifdef	SPX
-    { AUTHTYPE_SPX, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
-      spx_init,
-      spx_send,
-      spx_is,
-      spx_reply,
-      spx_status,
-      spx_printsub },
-    { AUTHTYPE_SPX, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
-      spx_init,
-      spx_send,
-      spx_is,
-      spx_reply,
-      spx_status,
-      spx_printsub },
-#endif
-#ifdef	KRB5
-    { AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
-      kerberos5_init,
-      kerberos5_send_mutual,
-      kerberos5_is,
-      kerberos5_reply,
-      kerberos5_status,
-      kerberos5_printsub },
-    { AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
-      kerberos5_init,
-      kerberos5_send_oneway,
-      kerberos5_is,
-      kerberos5_reply,
-      kerberos5_status,
-      kerberos5_printsub },
-#endif
-#ifdef	KRB4
-    { AUTHTYPE_KERBEROS_V4, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
-      kerberos4_init,
-      kerberos4_send_mutual,
-      kerberos4_is,
-      kerberos4_reply,
-      kerberos4_status,
-      kerberos4_printsub },
-    { AUTHTYPE_KERBEROS_V4, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
-      kerberos4_init,
-      kerberos4_send_oneway,
-      kerberos4_is,
-      kerberos4_reply,
-      kerberos4_status,
-      kerberos4_printsub },
-#endif
-#ifdef	KRB4_ENCPWD
-    { AUTHTYPE_KRB4_ENCPWD, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
-      krb4encpwd_init,
-      krb4encpwd_send,
-      krb4encpwd_is,
-      krb4encpwd_reply,
-      krb4encpwd_status,
-      krb4encpwd_printsub },
-#endif
-#ifdef	RSA_ENCPWD
-    { AUTHTYPE_RSA_ENCPWD, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
-      rsaencpwd_init,
-      rsaencpwd_send,
-      rsaencpwd_is,
-      rsaencpwd_reply,
-      rsaencpwd_status,
-      rsaencpwd_printsub },
-#endif
-    { 0, },
-};
-
-static Authenticator NoAuth = { 0 };
-
-static int	i_support = 0;
-static int	i_wont_support = 0;
-
-Authenticator *
-findauthenticator(int type, int way)
-{
-    Authenticator *ap = authenticators;
-
-    while (ap->type && (ap->type != type || ap->way != way))
-	++ap;
-    return(ap->type ? ap : 0);
-}
-
-void
-auth_init(const char *name, int server)
-{
-    Authenticator *ap = authenticators;
-
-    Server = server;
-    Name = name;
-
-    i_support = 0;
-    authenticated = 0;
-    authenticating = 0;
-    while (ap->type) {
-	if (!ap->init || (*ap->init)(ap, server)) {
-	    i_support |= typemask(ap->type);
-	    if (auth_debug_mode)
-		printf(">>>%s: I support auth type %d %d\r\n",
-		       Name,
-		       ap->type, ap->way);
-	}
-	else if (auth_debug_mode)
-	    printf(">>>%s: Init failed: auth type %d %d\r\n",
-		   Name, ap->type, ap->way);
-	++ap;
-    }
-}
-
-void
-auth_disable_name(char *name)
-{
-    int x;
-    for (x = 0; x < AUTHTYPE_CNT; ++x) {
-	if (!strcasecmp(name, AUTHTYPE_NAME(x))) {
-	    i_wont_support |= typemask(x);
-	    break;
-	}
-    }
-}
-
-int
-getauthmask(char *type, int *maskp)
-{
-    int x;
-
-    if (!strcasecmp(type, AUTHTYPE_NAME(0))) {
-	*maskp = -1;
-	return(1);
-    }
-
-    for (x = 1; x < AUTHTYPE_CNT; ++x) {
-	if (!strcasecmp(type, AUTHTYPE_NAME(x))) {
-	    *maskp = typemask(x);
-	    return(1);
-	}
-    }
-    return(0);
-}
-
-int
-auth_enable(char *type)
-{
-    return(auth_onoff(type, 1));
-}
-
-int
-auth_disable(char *type)
-{
-    return(auth_onoff(type, 0));
-}
-
-int
-auth_onoff(char *type, int on)
-{
-    int i, mask = -1;
-    Authenticator *ap;
-
-    if (!strcasecmp(type, "?") || !strcasecmp(type, "help")) {
-	printf("auth %s 'type'\n", on ? "enable" : "disable");
-	printf("Where 'type' is one of:\n");
-	printf("\t%s\n", AUTHTYPE_NAME(0));
-	mask = 0;
-	for (ap = authenticators; ap->type; ap++) {
-	    if ((mask & (i = typemask(ap->type))) != 0)
-		continue;
-	    mask |= i;
-	    printf("\t%s\n", AUTHTYPE_NAME(ap->type));
-	}
-	return(0);
-    }
-
-    if (!getauthmask(type, &mask)) {
-	printf("%s: invalid authentication type\n", type);
-	return(0);
-    }
-    if (on)
-	i_wont_support &= ~mask;
-    else
-	i_wont_support |= mask;
-    return(1);
-}
-
-int
-auth_togdebug(int on)
-{
-    if (on < 0)
-	auth_debug_mode ^= 1;
-    else
-	auth_debug_mode = on;
-    printf("auth debugging %s\n", auth_debug_mode ? "enabled" : "disabled");
-    return(1);
-}
-
-int
-auth_status(void)
-{
-    Authenticator *ap;
-    int i, mask;
-
-    if (i_wont_support == -1)
-	printf("Authentication disabled\n");
-    else
-	printf("Authentication enabled\n");
-
-    mask = 0;
-    for (ap = authenticators; ap->type; ap++) {
-	if ((mask & (i = typemask(ap->type))) != 0)
-	    continue;
-	mask |= i;
-	printf("%s: %s\n", AUTHTYPE_NAME(ap->type),
-	       (i_wont_support & typemask(ap->type)) ?
-	       "disabled" : "enabled");
-    }
-    return(1);
-}
-
-/*
- * This routine is called by the server to start authentication
- * negotiation.
- */
-void
-auth_request(void)
-{
-    static unsigned char str_request[64] = { IAC, SB,
-					     TELOPT_AUTHENTICATION,
-					     TELQUAL_SEND, };
-    Authenticator *ap = authenticators;
-    unsigned char *e = str_request + 4;
-
-    if (!authenticating) {
-	authenticating = 1;
-	while (ap->type) {
-	    if (i_support & ~i_wont_support & typemask(ap->type)) {
-		if (auth_debug_mode) {
-		    printf(">>>%s: Sending type %d %d\r\n",
-			   Name, ap->type, ap->way);
-		}
-		*e++ = ap->type;
-		*e++ = ap->way;
-	    }
-	    ++ap;
-	}
-	*e++ = IAC;
-	*e++ = SE;
-	telnet_net_write(str_request, e - str_request);
-	printsub('>', &str_request[2], e - str_request - 2);
-    }
-}
-
-/*
- * This is called when an AUTH SEND is received.
- * It should never arrive on the server side (as only the server can
- * send an AUTH SEND).
- * You should probably respond to it if you can...
- *
- * If you want to respond to the types out of order (i.e. even
- * if he sends  LOGIN KERBEROS and you support both, you respond
- * with KERBEROS instead of LOGIN (which is against what the
- * protocol says)) you will have to hack this code...
- */
-void
-auth_send(unsigned char *data, int cnt)
-{
-    Authenticator *ap;
-    static unsigned char str_none[] = { IAC, SB, TELOPT_AUTHENTICATION,
-					TELQUAL_IS, AUTHTYPE_NULL, 0,
-					IAC, SE };
-    if (Server) {
-	if (auth_debug_mode) {
-	    printf(">>>%s: auth_send called!\r\n", Name);
-	}
-	return;
-    }
-
-    if (auth_debug_mode) {
-	printf(">>>%s: auth_send got:", Name);
-	printd(data, cnt); printf("\r\n");
-    }
-
-    /*
-     * Save the data, if it is new, so that we can continue looking
-     * at it if the authorization we try doesn't work
-     */
-    if (data < _auth_send_data ||
-	data > _auth_send_data + sizeof(_auth_send_data)) {
-	auth_send_cnt = cnt > sizeof(_auth_send_data)
-	    ? sizeof(_auth_send_data)
-	    : cnt;
-	memmove(_auth_send_data, data, auth_send_cnt);
-	auth_send_data = _auth_send_data;
-    } else {
-	/*
-	 * This is probably a no-op, but we just make sure
-	 */
-	auth_send_data = data;
-	auth_send_cnt = cnt;
-    }
-    while ((auth_send_cnt -= 2) >= 0) {
-	if (auth_debug_mode)
-	    printf(">>>%s: He supports %d\r\n",
-		   Name, *auth_send_data);
-	if ((i_support & ~i_wont_support) & typemask(*auth_send_data)) {
-	    ap = findauthenticator(auth_send_data[0],
-				   auth_send_data[1]);
-	    if (ap && ap->send) {
-		if (auth_debug_mode)
-		    printf(">>>%s: Trying %d %d\r\n",
-			   Name, auth_send_data[0],
-			   auth_send_data[1]);
-		if ((*ap->send)(ap)) {
-		    /*
-		     * Okay, we found one we like
-		     * and did it.
-		     * we can go home now.
-		     */
-		    if (auth_debug_mode)
-			printf(">>>%s: Using type %d\r\n",
-			       Name, *auth_send_data);
-		    auth_send_data += 2;
-		    return;
-		}
-	    }
-	    /* else
-	     *	just continue on and look for the
-	     *	next one if we didn't do anything.
-	     */
-	}
-	auth_send_data += 2;
-    }
-    telnet_net_write(str_none, sizeof(str_none));
-    printsub('>', &str_none[2], sizeof(str_none) - 2);
-    if (auth_debug_mode)
-	printf(">>>%s: Sent failure message\r\n", Name);
-    auth_finished(0, AUTH_REJECT);
-    auth_has_failed = 1;
-#ifdef KANNAN
-    /*
-     *  We requested strong authentication, however no mechanisms worked.
-     *  Therefore, exit on client end.
-     */
-    printf("Unable to securely authenticate user ... exit\n");
-    exit(0);
-#endif /* KANNAN */
-}
-
-void
-auth_send_retry(void)
-{
-    /*
-     * if auth_send_cnt <= 0 then auth_send will end up rejecting
-     * the authentication and informing the other side of this.
-	 */
-    auth_send(auth_send_data, auth_send_cnt);
-}
-
-void
-auth_is(unsigned char *data, int cnt)
-{
-    Authenticator *ap;
-
-    if (cnt < 2)
-	return;
-
-    if (data[0] == AUTHTYPE_NULL) {
-	auth_finished(0, AUTH_REJECT);
-	return;
-    }
-
-    if ((ap = findauthenticator(data[0], data[1]))) {
-	if (ap->is)
-	    (*ap->is)(ap, data+2, cnt-2);
-    } else if (auth_debug_mode)
-	printf(">>>%s: Invalid authentication in IS: %d\r\n",
-	       Name, *data);
-}
-
-void
-auth_reply(unsigned char *data, int cnt)
-{
-    Authenticator *ap;
-
-    if (cnt < 2)
-	return;
-
-    if ((ap = findauthenticator(data[0], data[1]))) {
-	if (ap->reply)
-	    (*ap->reply)(ap, data+2, cnt-2);
-    } else if (auth_debug_mode)
-	printf(">>>%s: Invalid authentication in SEND: %d\r\n",
-	       Name, *data);
-}
-
-void
-auth_name(unsigned char *data, int cnt)
-{
-    char savename[256];
-
-    if (cnt < 1) {
-	if (auth_debug_mode)
-	    printf(">>>%s: Empty name in NAME\r\n", Name);
-	return;
-    }
-    if (cnt > sizeof(savename) - 1) {
-	if (auth_debug_mode)
-	    printf(">>>%s: Name in NAME (%d) exceeds %lu length\r\n",
-		   Name, cnt, (unsigned long)(sizeof(savename)-1));
-	return;
-    }
-    memmove(savename, data, cnt);
-    savename[cnt] = '\0';	/* Null terminate */
-    if (auth_debug_mode)
-	printf(">>>%s: Got NAME [%s]\r\n", Name, savename);
-    auth_encrypt_user(savename);
-}
-
-int
-auth_sendname(unsigned char *cp, int len)
-{
-    static unsigned char str_request[256+6]
-	= { IAC, SB, TELOPT_AUTHENTICATION, TELQUAL_NAME, };
-    unsigned char *e = str_request + 4;
-    unsigned char *ee = &str_request[sizeof(str_request)-2];
-
-    while (--len >= 0) {
-	if ((*e++ = *cp++) == IAC)
-	    *e++ = IAC;
-	if (e >= ee)
-	    return(0);
-    }
-    *e++ = IAC;
-    *e++ = SE;
-    telnet_net_write(str_request, e - str_request);
-    printsub('>', &str_request[2], e - &str_request[2]);
-    return(1);
-}
-
-void
-auth_finished(Authenticator *ap, int result)
-{
-    if (!(authenticated = ap))
-	authenticated = &NoAuth;
-    validuser = result;
-}
-
-/* ARGSUSED */
-static void
-auth_intr(int sig)
-{
-    auth_finished(0, AUTH_REJECT);
-}
-
-int
-auth_wait(char *name, size_t name_sz)
-{
-    if (auth_debug_mode)
-	printf(">>>%s: in auth_wait.\r\n", Name);
-
-    if (Server && !authenticating)
-	return(0);
-
-    signal(SIGALRM, auth_intr);
-    alarm(30);
-    while (!authenticated)
-	if (telnet_spin())
-	    break;
-    alarm(0);
-    signal(SIGALRM, SIG_DFL);
-
-    /*
-     * Now check to see if the user is valid or not
-     */
-    if (!authenticated || authenticated == &NoAuth)
-	return(AUTH_REJECT);
-
-    if (validuser == AUTH_VALID)
-	validuser = AUTH_USER;
-
-    if (authenticated->status)
-	validuser = (*authenticated->status)(authenticated,
-					     name, name_sz,
-					     validuser);
-    return(validuser);
-}
-
-void
-auth_debug(int mode)
-{
-    auth_debug_mode = mode;
-}
-
-void
-auth_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
-{
-    Authenticator *ap;
-
-    if ((ap = findauthenticator(data[1], data[2])) && ap->printsub)
-	(*ap->printsub)(data, cnt, buf, buflen);
-    else
-	auth_gen_printsub(data, cnt, buf, buflen);
-}
-
-void
-auth_gen_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
-{
-    unsigned char *cp;
-    unsigned char tbuf[16];
-
-    cnt -= 3;
-    data += 3;
-    buf[buflen-1] = '\0';
-    buf[buflen-2] = '*';
-    buflen -= 2;
-    for (; cnt > 0; cnt--, data++) {
-	snprintf((char*)tbuf, sizeof(tbuf), " %d", *data);
-	for (cp = tbuf; *cp && buflen > 0; --buflen)
-	    *buf++ = *cp++;
-	if (buflen <= 0)
-	    return;
-    }
-    *buf = '\0';
-}
-#endif
diff --git a/crypto/heimdal/appl/telnet/libtelnet/auth.h b/crypto/heimdal/appl/telnet/libtelnet/auth.h
deleted file mode 100644
index 924881588af3..000000000000
--- a/crypto/heimdal/appl/telnet/libtelnet/auth.h
+++ /dev/null
@@ -1,81 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)auth.h	8.1 (Berkeley) 6/4/93
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-/* $Id: auth.h 5027 1998-06-09 19:25:40Z joda $ */
-
-#ifndef	__AUTH__
-#define	__AUTH__
-
-#define	AUTH_REJECT	0	/* Rejected */
-#define	AUTH_UNKNOWN	1	/* We don't know who he is, but he's okay */
-#define	AUTH_OTHER	2	/* We know him, but not his name */
-#define	AUTH_USER	3	/* We know he name */
-#define	AUTH_VALID	4	/* We know him, and he needs no password */
-
-typedef struct XauthP {
-	int	type;
-	int	way;
-	int	(*init) (struct XauthP *, int);
-	int	(*send) (struct XauthP *);
-	void	(*is) (struct XauthP *, unsigned char *, int);
-	void	(*reply) (struct XauthP *, unsigned char *, int);
-	int	(*status) (struct XauthP *, char *, size_t, int);
-	void	(*printsub) (unsigned char *, int, unsigned char *, int);
-} Authenticator;
-
-#include "auth-proto.h"
-
-extern int auth_debug_mode;
-#endif
diff --git a/crypto/heimdal/appl/telnet/libtelnet/enc-proto.h b/crypto/heimdal/appl/telnet/libtelnet/enc-proto.h
deleted file mode 100644
index a40893bb8d36..000000000000
--- a/crypto/heimdal/appl/telnet/libtelnet/enc-proto.h
+++ /dev/null
@@ -1,133 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)enc-proto.h	8.1 (Berkeley) 6/4/93
- *
- *	@(#)enc-proto.h	5.2 (Berkeley) 3/22/91
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-/* $Id: enc-proto.h 10809 2002-01-18 12:58:49Z joda $ */
-
-#if	defined(ENCRYPTION)
-Encryptions *findencryption (int);
-Encryptions *finddecryption(int);
-int EncryptAutoDec(int);
-int EncryptAutoEnc(int);
-int EncryptDebug(int);
-int EncryptDisable(char*, char*);
-int EncryptEnable(char*, char*);
-int EncryptStart(char*);
-int EncryptStartInput(void);
-int EncryptStartOutput(void);
-int EncryptStatus(void);
-int EncryptStop(char*);
-int EncryptStopInput(void);
-int EncryptStopOutput(void);
-int EncryptType(char*, char*);
-int EncryptVerbose(int);
-void decrypt_auto(int);
-void encrypt_auto(int);
-void encrypt_debug(int);
-void encrypt_dec_keyid(unsigned char*, int);
-void encrypt_display(void);
-void encrypt_enc_keyid(unsigned char*, int);
-void encrypt_end(void);
-void encrypt_gen_printsub(unsigned char*, int, unsigned char*, int);
-void encrypt_init(const char*, int);
-void encrypt_is(unsigned char*, int);
-void encrypt_list_types(void);
-void encrypt_not(void);
-void encrypt_printsub(unsigned char*, int, unsigned char*, int);
-void encrypt_reply(unsigned char*, int);
-void encrypt_request_end(void);
-void encrypt_request_start(unsigned char*, int);
-void encrypt_send_end(void);
-void encrypt_send_keyid(int, unsigned char*, int, int);
-void encrypt_send_request_end(void);
-int encrypt_is_encrypting(void);
-void encrypt_send_request_start(void);
-void encrypt_send_support(void);
-void encrypt_session_key(Session_Key*, int);
-void encrypt_start(unsigned char*, int);
-void encrypt_start_output(int);
-void encrypt_support(unsigned char*, int);
-void encrypt_verbose_quiet(int);
-void encrypt_wait(void);
-int encrypt_delay(void);
-
-#ifdef	TELENTD
-void encrypt_wait (void);
-#else
-void encrypt_display (void);
-#endif
-
-void cfb64_encrypt (unsigned char *, int);
-int cfb64_decrypt (int);
-void cfb64_init (int);
-int cfb64_start (int, int);
-int cfb64_is (unsigned char *, int);
-int cfb64_reply (unsigned char *, int);
-void cfb64_session (Session_Key *, int);
-int cfb64_keyid (int, unsigned char *, int *);
-void cfb64_printsub (unsigned char *, int, unsigned char *, int);
-
-void ofb64_encrypt (unsigned char *, int);
-int ofb64_decrypt (int);
-void ofb64_init (int);
-int ofb64_start (int, int);
-int ofb64_is (unsigned char *, int);
-int ofb64_reply (unsigned char *, int);
-void ofb64_session (Session_Key *, int);
-int ofb64_keyid (int, unsigned char *, int *);
-void ofb64_printsub (unsigned char *, int, unsigned char *, int);
-
-#endif
diff --git a/crypto/heimdal/appl/telnet/libtelnet/enc_des.c b/crypto/heimdal/appl/telnet/libtelnet/enc_des.c
deleted file mode 100644
index 13dd9daf38e0..000000000000
--- a/crypto/heimdal/appl/telnet/libtelnet/enc_des.c
+++ /dev/null
@@ -1,674 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <config.h>
-
-RCSID("$Id: enc_des.c 14681 2005-03-23 16:19:31Z lha $");
-
-#if	defined(AUTHENTICATION) && defined(ENCRYPTION) && defined(DES_ENCRYPTION)
-#include <arpa/telnet.h>
-#include <stdio.h>
-#ifdef	__STDC__
-#include <stdlib.h>
-#include <string.h>
-#endif
-#include <roken.h>
-#ifdef SOCKS
-#include <socks.h>
-#endif
-
-#include "encrypt.h"
-#include "misc-proto.h"
-
-#include "crypto-headers.h"
-
-extern int encrypt_debug_mode;
-
-#define	CFB	0
-#define	OFB	1
-
-#define	NO_SEND_IV	1
-#define	NO_RECV_IV	2
-#define	NO_KEYID	4
-#define	IN_PROGRESS	(NO_SEND_IV|NO_RECV_IV|NO_KEYID)
-#define	SUCCESS		0
-#define	FAILED		-1
-
-
-struct stinfo {
-  DES_cblock	str_output;
-  DES_cblock	str_feed;
-  DES_cblock	str_iv;
-  DES_cblock	str_ikey;
-  DES_key_schedule str_sched;
-  int		str_index;
-  int		str_flagshift;
-};
-
-struct fb {
-	DES_cblock krbdes_key;
-	DES_key_schedule krbdes_sched;
-	DES_cblock temp_feed;
-	unsigned char fb_feed[64];
-	int need_start;
-	int state[2];
-	int keyid[2];
-	int once;
-	struct stinfo streams[2];
-};
-
-static struct fb fb[2];
-
-struct keyidlist {
-	char	*keyid;
-	int	keyidlen;
-	char	*key;
-	int	keylen;
-	int	flags;
-} keyidlist [] = {
-	{ "\0", 1, 0, 0, 0 },		/* default key of zero */
-	{ 0, 0, 0, 0, 0 }
-};
-
-#define	KEYFLAG_MASK	03
-
-#define	KEYFLAG_NOINIT	00
-#define	KEYFLAG_INIT	01
-#define	KEYFLAG_OK	02
-#define	KEYFLAG_BAD	03
-
-#define	KEYFLAG_SHIFT	2
-
-#define	SHIFT_VAL(a,b)	(KEYFLAG_SHIFT*((a)+((b)*2)))
-
-#define	FB64_IV		1
-#define	FB64_IV_OK	2
-#define	FB64_IV_BAD	3
-
-
-void fb64_stream_iv (DES_cblock, struct stinfo *);
-void fb64_init (struct fb *);
-static int fb64_start (struct fb *, int, int);
-int fb64_is (unsigned char *, int, struct fb *);
-int fb64_reply (unsigned char *, int, struct fb *);
-static void fb64_session (Session_Key *, int, struct fb *);
-void fb64_stream_key (DES_cblock, struct stinfo *);
-int fb64_keyid (int, unsigned char *, int *, struct fb *);
-void fb64_printsub(unsigned char *, int ,
-		   unsigned char *, int , char *);
-
-void cfb64_init(int server)
-{
-	fb64_init(&fb[CFB]);
-	fb[CFB].fb_feed[4] = ENCTYPE_DES_CFB64;
-	fb[CFB].streams[0].str_flagshift = SHIFT_VAL(0, CFB);
-	fb[CFB].streams[1].str_flagshift = SHIFT_VAL(1, CFB);
-}
-
-
-void ofb64_init(int server)
-{
-	fb64_init(&fb[OFB]);
-	fb[OFB].fb_feed[4] = ENCTYPE_DES_OFB64;
-	fb[CFB].streams[0].str_flagshift = SHIFT_VAL(0, OFB);
-	fb[CFB].streams[1].str_flagshift = SHIFT_VAL(1, OFB);
-}
-
-void fb64_init(struct fb *fbp)
-{
-	memset(fbp,0, sizeof(*fbp));
-	fbp->state[0] = fbp->state[1] = FAILED;
-	fbp->fb_feed[0] = IAC;
-	fbp->fb_feed[1] = SB;
-	fbp->fb_feed[2] = TELOPT_ENCRYPT;
-	fbp->fb_feed[3] = ENCRYPT_IS;
-}
-
-/*
- * Returns:
- *	-1: some error.  Negotiation is done, encryption not ready.
- *	 0: Successful, initial negotiation all done.
- *	 1: successful, negotiation not done yet.
- *	 2: Not yet.  Other things (like getting the key from
- *	    Kerberos) have to happen before we can continue.
- */
-int cfb64_start(int dir, int server)
-{
-	return(fb64_start(&fb[CFB], dir, server));
-}
-
-int ofb64_start(int dir, int server)
-{
-	return(fb64_start(&fb[OFB], dir, server));
-}
-
-static int fb64_start(struct fb *fbp, int dir, int server)
-{
-	int x;
-	unsigned char *p;
-	int state;
-
-	switch (dir) {
-	case DIR_DECRYPT:
-		/*
-		 * This is simply a request to have the other side
-		 * start output (our input).  He will negotiate an
-		 * IV so we need not look for it.
-		 */
-		state = fbp->state[dir-1];
-		if (state == FAILED)
-			state = IN_PROGRESS;
-		break;
-
-	case DIR_ENCRYPT:
-		state = fbp->state[dir-1];
-		if (state == FAILED)
-			state = IN_PROGRESS;
-		else if ((state & NO_SEND_IV) == 0) {
-			break;
-		}
-
-		if (!VALIDKEY(fbp->krbdes_key)) {
-		        fbp->need_start = 1;
-			break;
-		}
-
-		state &= ~NO_SEND_IV;
-		state |= NO_RECV_IV;
-		if (encrypt_debug_mode)
-			printf("Creating new feed\r\n");
-		/*
-		 * Create a random feed and send it over.
-		 */
-#ifndef OLD_DES_RANDOM_KEY
-		DES_random_key(&fbp->temp_feed);
-#else
-		/*
-		 * From des_cryp.man "If the des_check_key flag is non-zero,
-		 *  des_set_key will check that the key passed is
-		 *  of odd parity and is not a week or semi-weak key."
-		 */
-		do {
-			DES_random_key(fbp->temp_feed);
-			DES_set_odd_parity(fbp->temp_feed);
-		} while (DES_is_weak_key(fbp->temp_feed));
-#endif
-		DES_ecb_encrypt(&fbp->temp_feed,
-				&fbp->temp_feed,
-				&fbp->krbdes_sched, 1);
-		p = fbp->fb_feed + 3;
-		*p++ = ENCRYPT_IS;
-		p++;
-		*p++ = FB64_IV;
-		for (x = 0; x < sizeof(DES_cblock); ++x) {
-			if ((*p++ = fbp->temp_feed[x]) == IAC)
-				*p++ = IAC;
-		}
-		*p++ = IAC;
-		*p++ = SE;
-		printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
-		telnet_net_write(fbp->fb_feed, p - fbp->fb_feed);
-		break;
-	default:
-		return(FAILED);
-	}
-	return(fbp->state[dir-1] = state);
-}
-
-/*
- * Returns:
- *	-1: some error.  Negotiation is done, encryption not ready.
- *	 0: Successful, initial negotiation all done.
- *	 1: successful, negotiation not done yet.
- */
-
-int cfb64_is(unsigned char *data, int cnt)
-{
-	return(fb64_is(data, cnt, &fb[CFB]));
-}
-
-int ofb64_is(unsigned char *data, int cnt)
-{
-	return(fb64_is(data, cnt, &fb[OFB]));
-}
-
-
-int fb64_is(unsigned char *data, int cnt, struct fb *fbp)
-{
-	unsigned char *p;
-	int state = fbp->state[DIR_DECRYPT-1];
-
-	if (cnt-- < 1)
-		goto failure;
-
-	switch (*data++) {
-	case FB64_IV:
-		if (cnt != sizeof(DES_cblock)) {
-			if (encrypt_debug_mode)
-				printf("CFB64: initial vector failed on size\r\n");
-			state = FAILED;
-			goto failure;
-		}
-
-		if (encrypt_debug_mode)
-			printf("CFB64: initial vector received\r\n");
-
-		if (encrypt_debug_mode)
-			printf("Initializing Decrypt stream\r\n");
-
-		fb64_stream_iv(data, &fbp->streams[DIR_DECRYPT-1]);
-
-		p = fbp->fb_feed + 3;
-		*p++ = ENCRYPT_REPLY;
-		p++;
-		*p++ = FB64_IV_OK;
-		*p++ = IAC;
-		*p++ = SE;
-		printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
-		telnet_net_write(fbp->fb_feed, p - fbp->fb_feed);
-
-		state = fbp->state[DIR_DECRYPT-1] = IN_PROGRESS;
-		break;
-
-	default:
-		if (encrypt_debug_mode) {
-			printf("Unknown option type: %d\r\n", *(data-1));
-			printd(data, cnt);
-			printf("\r\n");
-		}
-		/* FALL THROUGH */
-	failure:
-		/*
-		 * We failed.  Send an FB64_IV_BAD option
-		 * to the other side so it will know that
-		 * things failed.
-		 */
-		p = fbp->fb_feed + 3;
-		*p++ = ENCRYPT_REPLY;
-		p++;
-		*p++ = FB64_IV_BAD;
-		*p++ = IAC;
-		*p++ = SE;
-		printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
-		telnet_net_write(fbp->fb_feed, p - fbp->fb_feed);
-
-		break;
-	}
-	return(fbp->state[DIR_DECRYPT-1] = state);
-}
-
-/*
- * Returns:
- *	-1: some error.  Negotiation is done, encryption not ready.
- *	 0: Successful, initial negotiation all done.
- *	 1: successful, negotiation not done yet.
- */
-
-int cfb64_reply(unsigned char *data, int cnt)
-{
-	return(fb64_reply(data, cnt, &fb[CFB]));
-}
-
-int ofb64_reply(unsigned char *data, int cnt)
-{
-	return(fb64_reply(data, cnt, &fb[OFB]));
-}
-
-
-int fb64_reply(unsigned char *data, int cnt, struct fb *fbp)
-{
-	int state = fbp->state[DIR_ENCRYPT-1];
-
-	if (cnt-- < 1)
-		goto failure;
-
-	switch (*data++) {
-	case FB64_IV_OK:
-		fb64_stream_iv(fbp->temp_feed, &fbp->streams[DIR_ENCRYPT-1]);
-		if (state == FAILED)
-			state = IN_PROGRESS;
-		state &= ~NO_RECV_IV;
-		encrypt_send_keyid(DIR_ENCRYPT, (unsigned char *)"\0", 1, 1);
-		break;
-
-	case FB64_IV_BAD:
-		memset(fbp->temp_feed, 0, sizeof(DES_cblock));
-		fb64_stream_iv(fbp->temp_feed, &fbp->streams[DIR_ENCRYPT-1]);
-		state = FAILED;
-		break;
-
-	default:
-		if (encrypt_debug_mode) {
-			printf("Unknown option type: %d\r\n", data[-1]);
-			printd(data, cnt);
-			printf("\r\n");
-		}
-		/* FALL THROUGH */
-	failure:
-		state = FAILED;
-		break;
-	}
-	return(fbp->state[DIR_ENCRYPT-1] = state);
-}
-
-void cfb64_session(Session_Key *key, int server)
-{
-	fb64_session(key, server, &fb[CFB]);
-}
-
-void ofb64_session(Session_Key *key, int server)
-{
-	fb64_session(key, server, &fb[OFB]);
-}
-
-static void fb64_session(Session_Key *key, int server, struct fb *fbp)
-{
-
-	if (!key || key->type != SK_DES) {
-		if (encrypt_debug_mode)
-			printf("Can't set krbdes's session key (%d != %d)\r\n",
-				key ? key->type : -1, SK_DES);
-		return;
-	}
-	memcpy(fbp->krbdes_key, key->data, sizeof(DES_cblock));
-
-	fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_ENCRYPT-1]);
-	fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_DECRYPT-1]);
-
-	if (fbp->once == 0) {
-#if !defined(OLD_DES_RANDOM_KEY) && !defined(HAVE_OPENSSL)
-		DES_init_random_number_generator(&fbp->krbdes_key);
-#endif
-		fbp->once = 1;
-	}
-	DES_set_key_checked((DES_cblock *)&fbp->krbdes_key,
-			    &fbp->krbdes_sched);
-	/*
-	 * Now look to see if krbdes_start() was was waiting for
-	 * the key to show up.  If so, go ahead an call it now
-	 * that we have the key.
-	 */
-	if (fbp->need_start) {
-		fbp->need_start = 0;
-		fb64_start(fbp, DIR_ENCRYPT, server);
-	}
-}
-
-/*
- * We only accept a keyid of 0.  If we get a keyid of
- * 0, then mark the state as SUCCESS.
- */
-
-int cfb64_keyid(int dir, unsigned char *kp, int *lenp)
-{
-	return(fb64_keyid(dir, kp, lenp, &fb[CFB]));
-}
-
-int ofb64_keyid(int dir, unsigned char *kp, int *lenp)
-{
-	return(fb64_keyid(dir, kp, lenp, &fb[OFB]));
-}
-
-int fb64_keyid(int dir, unsigned char *kp, int *lenp, struct fb *fbp)
-{
-	int state = fbp->state[dir-1];
-
-	if (*lenp != 1 || (*kp != '\0')) {
-		*lenp = 0;
-		return(state);
-	}
-
-	if (state == FAILED)
-		state = IN_PROGRESS;
-
-	state &= ~NO_KEYID;
-
-	return(fbp->state[dir-1] = state);
-}
-
-void fb64_printsub(unsigned char *data, int cnt, 
-		   unsigned char *buf, int buflen, char *type)
-{
-	char lbuf[32];
-	int i;
-	char *cp;
-
-	buf[buflen-1] = '\0';		/* make sure it's NULL terminated */
-	buflen -= 1;
-
-	switch(data[2]) {
-	case FB64_IV:
-		snprintf(lbuf, sizeof(lbuf), "%s_IV", type);
-		cp = lbuf;
-		goto common;
-
-	case FB64_IV_OK:
-		snprintf(lbuf, sizeof(lbuf), "%s_IV_OK", type);
-		cp = lbuf;
-		goto common;
-
-	case FB64_IV_BAD:
-		snprintf(lbuf, sizeof(lbuf), "%s_IV_BAD", type);
-		cp = lbuf;
-		goto common;
-
-	default:
-		snprintf(lbuf, sizeof(lbuf), " %d (unknown)", data[2]);
-		cp = lbuf;
-	common:
-		for (; (buflen > 0) && (*buf = *cp++); buf++)
-			buflen--;
-		for (i = 3; i < cnt; i++) {
-			snprintf(lbuf, sizeof(lbuf), " %d", data[i]);
-			for (cp = lbuf; (buflen > 0) && (*buf = *cp++); buf++)
-				buflen--;
-		}
-		break;
-	}
-}
-
-void cfb64_printsub(unsigned char *data, int cnt, 
-		    unsigned char *buf, int buflen)
-{
-	fb64_printsub(data, cnt, buf, buflen, "CFB64");
-}
-
-void ofb64_printsub(unsigned char *data, int cnt,
-		    unsigned char *buf, int buflen)
-{
-	fb64_printsub(data, cnt, buf, buflen, "OFB64");
-}
-
-void fb64_stream_iv(DES_cblock seed, struct stinfo *stp)
-{
-
-	memcpy(stp->str_iv, seed,sizeof(DES_cblock));
-	memcpy(stp->str_output, seed, sizeof(DES_cblock));
-
-	DES_set_key_checked(&stp->str_ikey, &stp->str_sched);
-
-	stp->str_index = sizeof(DES_cblock);
-}
-
-void fb64_stream_key(DES_cblock key, struct stinfo *stp)
-{
-	memcpy(stp->str_ikey, key, sizeof(DES_cblock));
-	DES_set_key_checked((DES_cblock*)key, &stp->str_sched);
-
-	memcpy(stp->str_output, stp->str_iv, sizeof(DES_cblock));
-
-	stp->str_index = sizeof(DES_cblock);
-}
-
-/*
- * DES 64 bit Cipher Feedback
- *
- *     key --->+-----+
- *          +->| DES |--+
- *          |  +-----+  |
- *	    |           v
- *  INPUT --(--------->(+)+---> DATA
- *          |             |
- *	    +-------------+
- *         
- *
- * Given:
- *	iV: Initial vector, 64 bits (8 bytes) long.
- *	Dn: the nth chunk of 64 bits (8 bytes) of data to encrypt (decrypt).
- *	On: the nth chunk of 64 bits (8 bytes) of encrypted (decrypted) output.
- *
- *	V0 = DES(iV, key)
- *	On = Dn ^ Vn
- *	V(n+1) = DES(On, key)
- */
-
-void cfb64_encrypt(unsigned char *s, int c)
-{
-	struct stinfo *stp = &fb[CFB].streams[DIR_ENCRYPT-1];
-	int index;
-
-	index = stp->str_index;
-	while (c-- > 0) {
-		if (index == sizeof(DES_cblock)) {
-			DES_cblock b;
-			DES_ecb_encrypt(&stp->str_output, &b,&stp->str_sched, 1);
-			memcpy(stp->str_feed, b, sizeof(DES_cblock));
-			index = 0;
-		}
-
-		/* On encryption, we store (feed ^ data) which is cypher */
-		*s = stp->str_output[index] = (stp->str_feed[index] ^ *s);
-		s++;
-		index++;
-	}
-	stp->str_index = index;
-}
-
-int cfb64_decrypt(int data)
-{
-	struct stinfo *stp = &fb[CFB].streams[DIR_DECRYPT-1];
-	int index;
-
-	if (data == -1) {
-		/*
-		 * Back up one byte.  It is assumed that we will
-		 * never back up more than one byte.  If we do, this
-		 * may or may not work.
-		 */
-		if (stp->str_index)
-			--stp->str_index;
-		return(0);
-	}
-
-	index = stp->str_index++;
-	if (index == sizeof(DES_cblock)) {
-		DES_cblock b;
-		DES_ecb_encrypt(&stp->str_output,&b, &stp->str_sched, 1);
-		memcpy(stp->str_feed, b, sizeof(DES_cblock));
-		stp->str_index = 1;	/* Next time will be 1 */
-		index = 0;		/* But now use 0 */ 
-	}
-
-	/* On decryption we store (data) which is cypher. */
-	stp->str_output[index] = data;
-	return(data ^ stp->str_feed[index]);
-}
-
-/*
- * DES 64 bit Output Feedback
- *
- * key --->+-----+
- *	+->| DES |--+
- *	|  +-----+  |
- *	+-----------+
- *	            v
- *  INPUT -------->(+) ----> DATA
- *
- * Given:
- *	iV: Initial vector, 64 bits (8 bytes) long.
- *	Dn: the nth chunk of 64 bits (8 bytes) of data to encrypt (decrypt).
- *	On: the nth chunk of 64 bits (8 bytes) of encrypted (decrypted) output.
- *
- *	V0 = DES(iV, key)
- *	V(n+1) = DES(Vn, key)
- *	On = Dn ^ Vn
- */
-
-void ofb64_encrypt(unsigned char *s, int c)
-{
-	struct stinfo *stp = &fb[OFB].streams[DIR_ENCRYPT-1];
-	int index;
-
-	index = stp->str_index;
-	while (c-- > 0) {
-		if (index == sizeof(DES_cblock)) {
-			DES_cblock b;
-			DES_ecb_encrypt(&stp->str_feed,&b, &stp->str_sched, 1);
-			memcpy(stp->str_feed, b, sizeof(DES_cblock));
-			index = 0;
-		}
-		*s++ ^= stp->str_feed[index];
-		index++;
-	}
-	stp->str_index = index;
-}
-
-int ofb64_decrypt(int data)
-{
-	struct stinfo *stp = &fb[OFB].streams[DIR_DECRYPT-1];
-	int index;
-
-	if (data == -1) {
-		/*
-		 * Back up one byte.  It is assumed that we will
-		 * never back up more than one byte.  If we do, this
-		 * may or may not work.
-		 */
-		if (stp->str_index)
-			--stp->str_index;
-		return(0);
-	}
-
-	index = stp->str_index++;
-	if (index == sizeof(DES_cblock)) {
-		DES_cblock b;
-		DES_ecb_encrypt(&stp->str_feed,&b,&stp->str_sched, 1);
-		memcpy(stp->str_feed, b, sizeof(DES_cblock));
-		stp->str_index = 1;	/* Next time will be 1 */
-		index = 0;		/* But now use 0 */ 
-	}
-
-	return(data ^ stp->str_feed[index]);
-}
-#endif
-
diff --git a/crypto/heimdal/appl/telnet/libtelnet/encrypt.c b/crypto/heimdal/appl/telnet/libtelnet/encrypt.c
deleted file mode 100644
index 04dbe83d5c5e..000000000000
--- a/crypto/heimdal/appl/telnet/libtelnet/encrypt.c
+++ /dev/null
@@ -1,1002 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-
-#include <config.h>
-
-RCSID("$Id: encrypt.c 16802 2006-03-23 19:36:31Z lha $");
-
-#if	defined(ENCRYPTION)
-
-#define	ENCRYPT_NAMES
-#include <arpa/telnet.h>
-
-#include "encrypt.h"
-#include "misc.h"
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <roken.h>
-#ifdef SOCKS
-#include <socks.h>
-#endif
-
-
-/*
- * These functions pointers point to the current routines
- * for encrypting and decrypting data.
- */
-void	(*encrypt_output) (unsigned char *, int);
-int	(*decrypt_input) (int);
-char	*nclearto;
-
-int encrypt_debug_mode = 0;
-static int decrypt_mode = 0;
-static int encrypt_mode = 0;
-static int encrypt_verbose = 0;
-static int autoencrypt = 0;
-static int autodecrypt = 0;
-static int havesessionkey = 0;
-static int Server = 0;
-static const char *Name = "Noname";
-
-#define	typemask(x)	((x) > 0 ? 1 << ((x)-1) : 0)
-
-static long i_support_encrypt = typemask(ENCTYPE_DES_CFB64)
-     | typemask(ENCTYPE_DES_OFB64);
-     static long i_support_decrypt = typemask(ENCTYPE_DES_CFB64)
-     | typemask(ENCTYPE_DES_OFB64);
-     static long i_wont_support_encrypt = 0;
-     static long i_wont_support_decrypt = 0;
-#define	I_SUPPORT_ENCRYPT	(i_support_encrypt & ~i_wont_support_encrypt)
-#define	I_SUPPORT_DECRYPT	(i_support_decrypt & ~i_wont_support_decrypt)
-
-     static long remote_supports_encrypt = 0;
-     static long remote_supports_decrypt = 0;
-
-     static Encryptions encryptions[] = {
-#if	defined(DES_ENCRYPTION)
-	 { "DES_CFB64",	ENCTYPE_DES_CFB64,
-	   cfb64_encrypt,	
-	   cfb64_decrypt,
-	   cfb64_init,
-	   cfb64_start,
-	   cfb64_is,
-	   cfb64_reply,
-	   cfb64_session,
-	   cfb64_keyid,
-	   cfb64_printsub },
-	 { "DES_OFB64",	ENCTYPE_DES_OFB64,
-	   ofb64_encrypt,	
-	   ofb64_decrypt,
-	   ofb64_init,
-	   ofb64_start,
-	   ofb64_is,
-	   ofb64_reply,
-	   ofb64_session,
-	   ofb64_keyid,
-	   ofb64_printsub },
-#endif
-	 { 0, },
-     };
-
-static unsigned char str_send[64] = { IAC, SB, TELOPT_ENCRYPT,
-				      ENCRYPT_SUPPORT };
-static unsigned char str_suplen = 0;
-static unsigned char str_start[72] = { IAC, SB, TELOPT_ENCRYPT };
-static unsigned char str_end[] = { IAC, SB, TELOPT_ENCRYPT, 0, IAC, SE };
-
-Encryptions *
-findencryption(int type)
-{
-    Encryptions *ep = encryptions;
-
-    if (!(I_SUPPORT_ENCRYPT & remote_supports_decrypt & typemask(type)))
-	return(0);
-    while (ep->type && ep->type != type)
-	++ep;
-    return(ep->type ? ep : 0);
-}
-
-Encryptions *
-finddecryption(int type)
-{
-    Encryptions *ep = encryptions;
-
-    if (!(I_SUPPORT_DECRYPT & remote_supports_encrypt & typemask(type)))
-	return(0);
-    while (ep->type && ep->type != type)
-	++ep;
-    return(ep->type ? ep : 0);
-}
-
-#define	MAXKEYLEN 64
-
-static struct key_info {
-    unsigned char keyid[MAXKEYLEN];
-    int keylen;
-    int dir;
-    int *modep;
-    Encryptions *(*getcrypt)();
-} ki[2] = {
-    { { 0 }, 0, DIR_ENCRYPT, &encrypt_mode, findencryption },
-    { { 0 }, 0, DIR_DECRYPT, &decrypt_mode, finddecryption },
-};
-
-void
-encrypt_init(const char *name, int server)
-{
-    Encryptions *ep = encryptions;
-
-    Name = name;
-    Server = server;
-    i_support_encrypt = i_support_decrypt = 0;
-    remote_supports_encrypt = remote_supports_decrypt = 0;
-    encrypt_mode = 0;
-    decrypt_mode = 0;
-    encrypt_output = 0;
-    decrypt_input = 0;
-#ifdef notdef
-    encrypt_verbose = !server;
-#endif
-
-    str_suplen = 4;
-
-    while (ep->type) {
-	if (encrypt_debug_mode)
-	    printf(">>>%s: I will support %s\r\n",
-		   Name, ENCTYPE_NAME(ep->type));
-	i_support_encrypt |= typemask(ep->type);
-	i_support_decrypt |= typemask(ep->type);
-	if ((i_wont_support_decrypt & typemask(ep->type)) == 0)
-	    if ((str_send[str_suplen++] = ep->type) == IAC)
-		str_send[str_suplen++] = IAC;
-	if (ep->init)
-	    (*ep->init)(Server);
-	++ep;
-    }
-    str_send[str_suplen++] = IAC;
-    str_send[str_suplen++] = SE;
-}
-
-void
-encrypt_list_types(void)
-{
-    Encryptions *ep = encryptions;
-
-    printf("Valid encryption types:\n");
-    while (ep->type) {
-	printf("\t%s (%d)\r\n", ENCTYPE_NAME(ep->type), ep->type);
-	++ep;
-    }
-}
-
-int
-EncryptEnable(char *type, char *mode)
-{
-    if (isprefix(type, "help") || isprefix(type, "?")) {
-	printf("Usage: encrypt enable <type> [input|output]\n");
-	encrypt_list_types();
-	return(0);
-    }
-    if (EncryptType(type, mode))
-	return(EncryptStart(mode));
-    return(0);
-}
-
-int
-EncryptDisable(char *type, char *mode)
-{
-    Encryptions *ep;
-    int ret = 0;
-
-    if (isprefix(type, "help") || isprefix(type, "?")) {
-	printf("Usage: encrypt disable <type> [input|output]\n");
-	encrypt_list_types();
-    } else if ((ep = (Encryptions *)genget(type, (char**)encryptions,
-					   sizeof(Encryptions))) == 0) {
-	printf("%s: invalid encryption type\n", type);
-    } else if (Ambiguous(ep)) {
-	printf("Ambiguous type '%s'\n", type);
-    } else {
-	if ((mode == 0) || (isprefix(mode, "input") ? 1 : 0)) {
-	    if (decrypt_mode == ep->type)
-		EncryptStopInput();
-	    i_wont_support_decrypt |= typemask(ep->type);
-	    ret = 1;
-	}
-	if ((mode == 0) || (isprefix(mode, "output"))) {
-	    if (encrypt_mode == ep->type)
-		EncryptStopOutput();
-	    i_wont_support_encrypt |= typemask(ep->type);
-	    ret = 1;
-	}
-	if (ret == 0)
-	    printf("%s: invalid encryption mode\n", mode);
-    }
-    return(ret);
-}
-
-int
-EncryptType(char *type, char *mode)
-{
-    Encryptions *ep;
-    int ret = 0;
-
-    if (isprefix(type, "help") || isprefix(type, "?")) {
-	printf("Usage: encrypt type <type> [input|output]\n");
-	encrypt_list_types();
-    } else if ((ep = (Encryptions *)genget(type, (char**)encryptions,
-					   sizeof(Encryptions))) == 0) {
-	printf("%s: invalid encryption type\n", type);
-    } else if (Ambiguous(ep)) {
-	printf("Ambiguous type '%s'\n", type);
-    } else {
-	if ((mode == 0) || isprefix(mode, "input")) {
-	    decrypt_mode = ep->type;
-	    i_wont_support_decrypt &= ~typemask(ep->type);
-	    ret = 1;
-	}
-	if ((mode == 0) || isprefix(mode, "output")) {
-	    encrypt_mode = ep->type;
-	    i_wont_support_encrypt &= ~typemask(ep->type);
-	    ret = 1;
-	}
-	if (ret == 0)
-	    printf("%s: invalid encryption mode\n", mode);
-    }
-    return(ret);
-}
-
-int
-EncryptStart(char *mode)
-{
-    int ret = 0;
-    if (mode) {
-	if (isprefix(mode, "input"))
-	    return(EncryptStartInput());
-	if (isprefix(mode, "output"))
-	    return(EncryptStartOutput());
-	if (isprefix(mode, "help") || isprefix(mode, "?")) {
-	    printf("Usage: encrypt start [input|output]\n");
-	    return(0);
-	}
-	printf("%s: invalid encryption mode 'encrypt start ?' for help\n", mode);
-	return(0);
-    }
-    ret += EncryptStartInput();
-    ret += EncryptStartOutput();
-    return(ret);
-}
-
-int
-EncryptStartInput(void)
-{
-    if (decrypt_mode) {
-	encrypt_send_request_start();
-	return(1);
-    }
-    printf("No previous decryption mode, decryption not enabled\r\n");
-    return(0);
-}
-
-int
-EncryptStartOutput(void)
-{
-    if (encrypt_mode) {
-	encrypt_start_output(encrypt_mode);
-	return(1);
-    }
-    printf("No previous encryption mode, encryption not enabled\r\n");
-    return(0);
-}
-
-int
-EncryptStop(char *mode)
-{
-    int ret = 0;
-    if (mode) {
-	if (isprefix(mode, "input"))
-	    return(EncryptStopInput());
-	if (isprefix(mode, "output"))
-	    return(EncryptStopOutput());
-	if (isprefix(mode, "help") || isprefix(mode, "?")) {
-	    printf("Usage: encrypt stop [input|output]\n");
-	    return(0);
-	}
-	printf("%s: invalid encryption mode 'encrypt stop ?' for help\n", mode);
-	return(0);
-    }
-    ret += EncryptStopInput();
-    ret += EncryptStopOutput();
-    return(ret);
-}
-
-int
-EncryptStopInput(void)
-{
-    encrypt_send_request_end();
-    return(1);
-}
-
-int
-EncryptStopOutput(void)
-{
-    encrypt_send_end();
-    return(1);
-}
-
-void
-encrypt_display(void)
-{
-    printf("Autoencrypt for output is %s. Autodecrypt for input is %s.\r\n",
-	   autoencrypt?"on":"off", autodecrypt?"on":"off");
-
-    if (encrypt_output)
-	printf("Currently encrypting output with %s\r\n",
-	       ENCTYPE_NAME(encrypt_mode));
-    else
-	printf("Currently not encrypting output\r\n");
-	
-    if (decrypt_input)
-	printf("Currently decrypting input with %s\r\n",
-	       ENCTYPE_NAME(decrypt_mode));
-    else
-	printf("Currently not decrypting input\r\n");
-}
-
-int
-EncryptStatus(void)
-{
-    printf("Autoencrypt for output is %s. Autodecrypt for input is %s.\r\n",
-	   autoencrypt?"on":"off", autodecrypt?"on":"off");
-
-    if (encrypt_output)
-	printf("Currently encrypting output with %s\r\n",
-	       ENCTYPE_NAME(encrypt_mode));
-    else if (encrypt_mode) {
-	printf("Currently output is clear text.\r\n");
-	printf("Last encryption mode was %s\r\n",
-	       ENCTYPE_NAME(encrypt_mode));
-    } else
-	printf("Currently not encrypting output\r\n");
-	
-    if (decrypt_input) {
-	printf("Currently decrypting input with %s\r\n",
-	       ENCTYPE_NAME(decrypt_mode));
-    } else if (decrypt_mode) {
-	printf("Currently input is clear text.\r\n");
-	printf("Last decryption mode was %s\r\n",
-	       ENCTYPE_NAME(decrypt_mode));
-    } else
-	printf("Currently not decrypting input\r\n");
-
-    return 1;
-}
-
-void
-encrypt_send_support(void)
-{
-    if (str_suplen) {
-	/*
-	 * If the user has requested that decryption start
-	 * immediatly, then send a "REQUEST START" before
-	 * we negotiate the type.
-	 */
-	if (!Server && autodecrypt)
-	    encrypt_send_request_start();
-	telnet_net_write(str_send, str_suplen);
-	printsub('>', &str_send[2], str_suplen - 2);
-	str_suplen = 0;
-    }
-}
-
-int
-EncryptDebug(int on)
-{
-    if (on < 0)
-	encrypt_debug_mode ^= 1;
-    else
-	encrypt_debug_mode = on;
-    printf("Encryption debugging %s\r\n",
-	   encrypt_debug_mode ? "enabled" : "disabled");
-    return(1);
-}
-
-/* turn on verbose encryption, but dont keep telling the whole world
- */
-void encrypt_verbose_quiet(int on)
-{
-    if(on < 0)
-	encrypt_verbose ^= 1;
-    else
-	encrypt_verbose = on ? 1 : 0;
-}
-
-int
-EncryptVerbose(int on)
-{
-    encrypt_verbose_quiet(on);
-    printf("Encryption %s verbose\r\n",
-	   encrypt_verbose ? "is" : "is not");
-    return(1);
-}
-
-int
-EncryptAutoEnc(int on)
-{
-    encrypt_auto(on);
-    printf("Automatic encryption of output is %s\r\n",
-	   autoencrypt ? "enabled" : "disabled");
-    return(1);
-}
-
-int
-EncryptAutoDec(int on)
-{
-    decrypt_auto(on);
-    printf("Automatic decryption of input is %s\r\n",
-	   autodecrypt ? "enabled" : "disabled");
-    return(1);
-}
-
-/* Called when we receive a WONT or a DONT ENCRYPT after we sent a DO
-   encrypt */
-void
-encrypt_not(void)
-{
-    if (encrypt_verbose)
-  	printf("[ Connection is NOT encrypted ]\r\n");
-    else
-  	printf("\r\n*** Connection not encrypted! "
-	       "Communication may be eavesdropped. ***\r\n");
-}
-
-/*
- * Called when ENCRYPT SUPPORT is received.
- */
-void
-encrypt_support(unsigned char *typelist, int cnt)
-{
-    int type, use_type = 0;
-    Encryptions *ep;
-
-    /*
-     * Forget anything the other side has previously told us.
-     */
-    remote_supports_decrypt = 0;
-
-    while (cnt-- > 0) {
-	type = *typelist++;
-	if (encrypt_debug_mode)
-	    printf(">>>%s: He is supporting %s (%d)\r\n",
-		   Name,
-		   ENCTYPE_NAME(type), type);
-	if ((type < ENCTYPE_CNT) &&
-	    (I_SUPPORT_ENCRYPT & typemask(type))) {
-	    remote_supports_decrypt |= typemask(type);
-	    if (use_type == 0)
-		use_type = type;
-	}
-    }
-    if (use_type) {
-	ep = findencryption(use_type);
-	if (!ep)
-	    return;
-	type = ep->start ? (*ep->start)(DIR_ENCRYPT, Server) : 0;
-	if (encrypt_debug_mode)
-	    printf(">>>%s: (*ep->start)() returned %d\r\n",
-		   Name, type);
-	if (type < 0)
-	    return;
-	encrypt_mode = use_type;
-	if (type == 0)
-	    encrypt_start_output(use_type);
-    }
-}
-
-void
-encrypt_is(unsigned char *data, int cnt)
-{
-    Encryptions *ep;
-    int type, ret;
-
-    if (--cnt < 0)
-	return;
-    type = *data++;
-    if (type < ENCTYPE_CNT)
-	remote_supports_encrypt |= typemask(type);
-    if (!(ep = finddecryption(type))) {
-	if (encrypt_debug_mode)
-	    printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n",
-		   Name,
-		   ENCTYPE_NAME_OK(type)
-		   ? ENCTYPE_NAME(type) : "(unknown)",
-		   type);
-	return;
-    }
-    if (!ep->is) {
-	if (encrypt_debug_mode)
-	    printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n",
-		   Name,
-		   ENCTYPE_NAME_OK(type)
-		   ? ENCTYPE_NAME(type) : "(unknown)",
-		   type);
-	ret = 0;
-    } else {
-	ret = (*ep->is)(data, cnt);
-	if (encrypt_debug_mode)
-	    printf("(*ep->is)(%p, %d) returned %s(%d)\n", data, cnt,
-		   (ret < 0) ? "FAIL " :
-		   (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret);
-    }
-    if (ret < 0) {
-	autodecrypt = 0;
-    } else {
-	decrypt_mode = type;
-	if (ret == 0 && autodecrypt)
-	    encrypt_send_request_start();
-    }
-}
-
-void
-encrypt_reply(unsigned char *data, int cnt)
-{
-    Encryptions *ep;
-    int ret, type;
-
-    if (--cnt < 0)
-	return;
-    type = *data++;
-    if (!(ep = findencryption(type))) {
-	if (encrypt_debug_mode)
-	    printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n",
-		   Name,
-		   ENCTYPE_NAME_OK(type)
-		   ? ENCTYPE_NAME(type) : "(unknown)",
-		   type);
-	return;
-    }
-    if (!ep->reply) {
-	if (encrypt_debug_mode)
-	    printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n",
-		   Name,
-		   ENCTYPE_NAME_OK(type)
-		   ? ENCTYPE_NAME(type) : "(unknown)",
-		   type);
-	ret = 0;
-    } else {
-	ret = (*ep->reply)(data, cnt);
-	if (encrypt_debug_mode)
-	    printf("(*ep->reply)(%p, %d) returned %s(%d)\n",
-		   data, cnt,
-		   (ret < 0) ? "FAIL " :
-		   (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret);
-    }
-    if (encrypt_debug_mode)
-	printf(">>>%s: encrypt_reply returned %d\n", Name, ret);
-    if (ret < 0) {
-	autoencrypt = 0;
-    } else {
-	encrypt_mode = type;
-	if (ret == 0 && autoencrypt)
-	    encrypt_start_output(type);
-    }
-}
-
-/*
- * Called when ENCRYPT START is received.
- */
-void
-encrypt_start(unsigned char *data, int cnt)
-{
-    Encryptions *ep;
-
-    if (!decrypt_mode) {
-	/*
-	 * Something is wrong.  We should not get a START
-	 * command without having already picked our
-	 * decryption scheme.  Send a REQUEST-END to
-	 * attempt to clear the channel...
-	 */
-	printf("%s: Warning, Cannot decrypt input stream!!!\r\n", Name);
-	encrypt_send_request_end();
-	return;
-    }
-
-    if ((ep = finddecryption(decrypt_mode))) {
-	decrypt_input = ep->input;
-	if (encrypt_verbose)
-	    printf("[ Input is now decrypted with type %s ]\r\n",
-		   ENCTYPE_NAME(decrypt_mode));
-	if (encrypt_debug_mode)
-	    printf(">>>%s: Start to decrypt input with type %s\r\n",
-		   Name, ENCTYPE_NAME(decrypt_mode));
-    } else {
-	printf("%s: Warning, Cannot decrypt type %s (%d)!!!\r\n",
-	       Name,
-	       ENCTYPE_NAME_OK(decrypt_mode)
-	       ? ENCTYPE_NAME(decrypt_mode)
-	       : "(unknown)",
-	       decrypt_mode);
-	encrypt_send_request_end();
-    }
-}
-
-void
-encrypt_session_key(Session_Key *key, int server)
-{
-    Encryptions *ep = encryptions;
-
-    havesessionkey = 1;
-
-    while (ep->type) {
-	if (ep->session)
-	    (*ep->session)(key, server);
-	++ep;
-    }
-}
-
-/*
- * Called when ENCRYPT END is received.
- */
-void
-encrypt_end(void)
-{
-    decrypt_input = 0;
-    if (encrypt_debug_mode)
-	printf(">>>%s: Input is back to clear text\r\n", Name);
-    if (encrypt_verbose)
-	printf("[ Input is now clear text ]\r\n");
-}
-
-/*
- * Called when ENCRYPT REQUEST-END is received.
- */
-void
-encrypt_request_end(void)
-{
-    encrypt_send_end();
-}
-
-/*
- * Called when ENCRYPT REQUEST-START is received.  If we receive
- * this before a type is picked, then that indicates that the
- * other side wants us to start encrypting data as soon as we
- * can. 
- */
-void
-encrypt_request_start(unsigned char *data, int cnt)
-{
-    if (encrypt_mode == 0)  {
-	if (Server)
-	    autoencrypt = 1;
-	return;
-    }
-    encrypt_start_output(encrypt_mode);
-}
-
-static unsigned char str_keyid[(MAXKEYLEN*2)+5] = { IAC, SB, TELOPT_ENCRYPT };
-
-static void
-encrypt_keyid(struct key_info *kp, unsigned char *keyid, int len)
-{
-    Encryptions *ep;
-    int dir = kp->dir;
-    int ret = 0;
-
-    if (!(ep = (*kp->getcrypt)(*kp->modep))) {
-	if (len == 0)
-	    return;
-	kp->keylen = 0;
-    } else if (len == 0) {
-	/*
-	 * Empty option, indicates a failure.
-	 */
-	if (kp->keylen == 0)
-	    return;
-	kp->keylen = 0;
-	if (ep->keyid)
-	    (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen);
-
-    } else if ((len != kp->keylen) || (memcmp(keyid,kp->keyid,len) != 0)) {
-	/*
-	 * Length or contents are different
-	 */
-	kp->keylen = len;
-	memcpy(kp->keyid,keyid, len);
-	if (ep->keyid)
-	    (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen);
-    } else {
-	if (ep->keyid)
-	    ret = (*ep->keyid)(dir, kp->keyid, &kp->keylen);
-	if ((ret == 0) && (dir == DIR_ENCRYPT) && autoencrypt)
-	    encrypt_start_output(*kp->modep);
-	return;
-    }
-
-    encrypt_send_keyid(dir, kp->keyid, kp->keylen, 0);
-}
-
-void encrypt_enc_keyid(unsigned char *keyid, int len)
-{
-    encrypt_keyid(&ki[1], keyid, len);
-}
-
-void encrypt_dec_keyid(unsigned char *keyid, int len)
-{
-    encrypt_keyid(&ki[0], keyid, len);
-}
-
-
-void encrypt_send_keyid(int dir, unsigned char *keyid, int keylen, int saveit)
-{
-    unsigned char *strp;
-
-    str_keyid[3] = (dir == DIR_ENCRYPT)
-	? ENCRYPT_ENC_KEYID : ENCRYPT_DEC_KEYID;
-    if (saveit) {
-	struct key_info *kp = &ki[(dir == DIR_ENCRYPT) ? 0 : 1];
-	memcpy(kp->keyid,keyid, keylen);
-	kp->keylen = keylen;
-    }
-
-    for (strp = &str_keyid[4]; keylen > 0; --keylen) {
-	if ((*strp++ = *keyid++) == IAC)
-	    *strp++ = IAC;
-    }
-    *strp++ = IAC;
-    *strp++ = SE;
-    telnet_net_write(str_keyid, strp - str_keyid);
-    printsub('>', &str_keyid[2], strp - str_keyid - 2);
-}
-
-void
-encrypt_auto(int on)
-{
-    if (on < 0)
-	autoencrypt ^= 1;
-    else
-	autoencrypt = on ? 1 : 0;
-}
-
-void
-decrypt_auto(int on)
-{
-    if (on < 0)
-	autodecrypt ^= 1;
-    else
-	autodecrypt = on ? 1 : 0;
-}
-
-void
-encrypt_start_output(int type)
-{
-    Encryptions *ep;
-    unsigned char *p;
-    int i;
-
-    if (!(ep = findencryption(type))) {
-	if (encrypt_debug_mode) {
-	    printf(">>>%s: Can't encrypt with type %s (%d)\r\n",
-		   Name,
-		   ENCTYPE_NAME_OK(type)
-		   ? ENCTYPE_NAME(type) : "(unknown)",
-		   type);
-	}
-	return;
-    }
-    if (ep->start) {
-	i = (*ep->start)(DIR_ENCRYPT, Server);
-	if (encrypt_debug_mode) {
-	    printf(">>>%s: Encrypt start: %s (%d) %s\r\n",
-		   Name, 
-		   (i < 0) ? "failed" :
-		   "initial negotiation in progress",
-		   i, ENCTYPE_NAME(type));
-	}
-	if (i)
-	    return;
-    }
-    p = str_start + 3;
-    *p++ = ENCRYPT_START;
-    for (i = 0; i < ki[0].keylen; ++i) {
-	if ((*p++ = ki[0].keyid[i]) == IAC)
-	    *p++ = IAC;
-    }
-    *p++ = IAC;
-    *p++ = SE;
-    telnet_net_write(str_start, p - str_start);
-    net_encrypt();
-    printsub('>', &str_start[2], p - &str_start[2]);
-    /*
-     * If we are already encrypting in some mode, then
-     * encrypt the ring (which includes our request) in
-     * the old mode, mark it all as "clear text" and then
-     * switch to the new mode.
-     */
-    encrypt_output = ep->output;
-    encrypt_mode = type;
-    if (encrypt_debug_mode)
-	printf(">>>%s: Started to encrypt output with type %s\r\n",
-	       Name, ENCTYPE_NAME(type));
-    if (encrypt_verbose)
-	printf("[ Output is now encrypted with type %s ]\r\n",
-	       ENCTYPE_NAME(type));
-}
-
-void
-encrypt_send_end(void)
-{
-    if (!encrypt_output)
-	return;
-
-    str_end[3] = ENCRYPT_END;
-    telnet_net_write(str_end, sizeof(str_end));
-    net_encrypt();
-    printsub('>', &str_end[2], sizeof(str_end) - 2);
-    /*
-     * Encrypt the output buffer now because it will not be done by
-     * netflush...
-     */
-    encrypt_output = 0;
-    if (encrypt_debug_mode)
-	printf(">>>%s: Output is back to clear text\r\n", Name);
-    if (encrypt_verbose)
-	printf("[ Output is now clear text ]\r\n");
-}
-
-void
-encrypt_send_request_start(void)
-{
-    unsigned char *p;
-    int i;
-
-    p = &str_start[3];
-    *p++ = ENCRYPT_REQSTART;
-    for (i = 0; i < ki[1].keylen; ++i) {
-	if ((*p++ = ki[1].keyid[i]) == IAC)
-	    *p++ = IAC;
-    }
-    *p++ = IAC;
-    *p++ = SE;
-    telnet_net_write(str_start, p - str_start);
-    printsub('>', &str_start[2], p - &str_start[2]);
-    if (encrypt_debug_mode)
-	printf(">>>%s: Request input to be encrypted\r\n", Name);
-}
-
-void
-encrypt_send_request_end(void)
-{
-    str_end[3] = ENCRYPT_REQEND;
-    telnet_net_write(str_end, sizeof(str_end));
-    printsub('>', &str_end[2], sizeof(str_end) - 2);
-
-    if (encrypt_debug_mode)
-	printf(">>>%s: Request input to be clear text\r\n", Name);
-}
-
-
-void encrypt_wait(void)
-{
-    if (encrypt_debug_mode)
-	printf(">>>%s: in encrypt_wait\r\n", Name);
-    if (!havesessionkey || !(I_SUPPORT_ENCRYPT & remote_supports_decrypt))
-	return;
-    while (autoencrypt && !encrypt_output)
-	if (telnet_spin())
-	    return;
-}
-
-int
-encrypt_delay(void)
-{
-    if(!havesessionkey ||
-       (I_SUPPORT_ENCRYPT & remote_supports_decrypt) == 0 ||
-       (I_SUPPORT_DECRYPT & remote_supports_encrypt) == 0)
-	return 0;
-    if(!(encrypt_output && decrypt_input))
-	return 1;
-    return 0;
-}
-
-int encrypt_is_encrypting()
-{
-    if (encrypt_output && decrypt_input)
-	return 1;
-    return 0;
-}
-
-void
-encrypt_debug(int mode)
-{
-    encrypt_debug_mode = mode;
-}
-
-void encrypt_gen_printsub(unsigned char *data, int cnt, 
-			  unsigned char *buf, int buflen)
-{
-    char tbuf[16], *cp;
-
-    cnt -= 2;
-    data += 2;
-    buf[buflen-1] = '\0';
-    buf[buflen-2] = '*';
-    buflen -= 2;;
-    for (; cnt > 0; cnt--, data++) {
-	snprintf(tbuf, sizeof(tbuf), " %d", *data);
-	for (cp = tbuf; *cp && buflen > 0; --buflen)
-	    *buf++ = *cp++;
-	if (buflen <= 0)
-	    return;
-    }
-    *buf = '\0';
-}
-
-void
-encrypt_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
-{
-    Encryptions *ep;
-    int type = data[1];
-
-    for (ep = encryptions; ep->type && ep->type != type; ep++)
-	;
-
-    if (ep->printsub)
-	(*ep->printsub)(data, cnt, buf, buflen);
-    else
-	encrypt_gen_printsub(data, cnt, buf, buflen);
-}
-#endif
diff --git a/crypto/heimdal/appl/telnet/libtelnet/encrypt.h b/crypto/heimdal/appl/telnet/libtelnet/encrypt.h
deleted file mode 100644
index 814491cb423f..000000000000
--- a/crypto/heimdal/appl/telnet/libtelnet/encrypt.h
+++ /dev/null
@@ -1,103 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)encrypt.h	8.1 (Berkeley) 6/4/93
- *
- *	@(#)encrypt.h	5.2 (Berkeley) 3/22/91
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-/* $Id: encrypt.h 11444 2002-09-10 20:03:49Z joda $ */
-
-#ifndef	__ENCRYPT__
-#define	__ENCRYPT__
-
-#define	DIR_DECRYPT		1
-#define	DIR_ENCRYPT		2
-
-#define	VALIDKEY(key)	( key[0] | key[1] | key[2] | key[3] | \
-			  key[4] | key[5] | key[6] | key[7])
-
-#define	SAMEKEY(k1, k2)	(!memcmp(k1, k2, sizeof(des_cblock)))
-
-typedef	struct {
-	short		type;
-	int		length;
-	unsigned char	*data;
-} Session_Key;
-
-typedef struct {
-	char	*name;
-	int	type;
-	void	(*output) (unsigned char *, int);
-	int	(*input) (int);
-	void	(*init) (int);
-	int	(*start) (int, int);
-	int	(*is) (unsigned char *, int);
-	int	(*reply) (unsigned char *, int);
-	void	(*session) (Session_Key *, int);
-	int	(*keyid) (int, unsigned char *, int *);
-	void	(*printsub) (unsigned char *, int, unsigned char *, int);
-} Encryptions;
-
-#define	SK_DES		1	/* Matched Kerberos v5 KEYTYPE_DES */
-
-#include "crypto-headers.h"
-#ifdef HAVE_OPENSSL
-#define des_new_random_key des_random_key
-#endif
-
-#include "enc-proto.h"
-
-extern int encrypt_debug_mode;
-extern int (*decrypt_input) (int);
-extern void (*encrypt_output) (unsigned char *, int);
-#endif
diff --git a/crypto/heimdal/appl/telnet/libtelnet/genget.c b/crypto/heimdal/appl/telnet/libtelnet/genget.c
deleted file mode 100644
index 5785314f41b5..000000000000
--- a/crypto/heimdal/appl/telnet/libtelnet/genget.c
+++ /dev/null
@@ -1,103 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <config.h>
-#include "misc-proto.h"
-
-RCSID("$Id: genget.c 10646 2001-09-03 05:54:18Z assar $");
-
-#include <ctype.h>
-
-#define	LOWER(x) (isupper(x) ? tolower(x) : (x))
-/*
- * The prefix function returns 0 if *s1 is not a prefix
- * of *s2.  If *s1 exactly matches *s2, the negative of
- * the length is returned.  If *s1 is a prefix of *s2,
- * the length of *s1 is returned.
- */
-
-int
-isprefix(char *s1, char *s2)
-{
-    char *os1;
-    char c1, c2;
-
-    if (*s1 == '\0')
-	return(-1);
-    os1 = s1;
-    c1 = *s1;
-    c2 = *s2;
-    while (tolower((unsigned char)c1) == tolower((unsigned char)c2)) {
-	if (c1 == '\0')
-	    break;
-	c1 = *++s1;
-	c2 = *++s2;
-    }
-    return(*s1 ? 0 : (*s2 ? (s1 - os1) : (os1 - s1)));
-}
-
-static char *ambiguous;		/* special return value for command routines */
-
-char **
-genget(char *name, char **table, int stlen)
-     /* name to match */
-     /* name entry in table */
-	   	      
-{
-    char **c, **found;
-    int n;
-
-    if (name == 0)
-	return 0;
-
-    found = 0;
-    for (c = table; *c != 0; c = (char **)((char *)c + stlen)) {
-	if ((n = isprefix(name, *c)) == 0)
-	    continue;
-	if (n < 0)		/* exact match */
-	    return(c);
-	if (found)
-	    return(&ambiguous);
-	found = c;
-    }
-    return(found);
-}
-
-/*
- * Function call version of Ambiguous()
- */
-int
-Ambiguous(void *s)
-{
-    return((char **)s == &ambiguous);
-}
diff --git a/crypto/heimdal/appl/telnet/libtelnet/kerberos.c b/crypto/heimdal/appl/telnet/libtelnet/kerberos.c
deleted file mode 100644
index 1c86fe298514..000000000000
--- a/crypto/heimdal/appl/telnet/libtelnet/kerberos.c
+++ /dev/null
@@ -1,723 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-RCSID("$Id: kerberos.c 22071 2007-11-14 20:04:50Z lha $");
-
-#ifdef	KRB4
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_ARPA_TELNET_H
-#include <arpa/telnet.h>
-#endif
-#include <stdio.h>
-#include <krb.h>
-#include <pwd.h>
-#include <stdlib.h>
-#include <string.h>
-#include <roken.h>
-#ifdef SOCKS
-#include <socks.h>
-#endif
-
-
-#include "encrypt.h"
-#include "auth.h"
-#include "misc.h"
-
-int kerberos4_cksum (unsigned char *, int);
-extern int auth_debug_mode;
-
-static unsigned char str_data[2048] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
-			  		AUTHTYPE_KERBEROS_V4, };
-
-#define	KRB_AUTH	0		/* Authentication data follows */
-#define	KRB_REJECT	1		/* Rejected (reason might follow) */
-#define	KRB_ACCEPT	2		/* Accepted */
-#define	KRB_CHALLENGE	3		/* Challenge for mutual auth. */
-#define	KRB_RESPONSE	4		/* Response for mutual auth. */
-
-#define KRB_FORWARD		5	/* */
-#define KRB_FORWARD_ACCEPT	6	/* */
-#define KRB_FORWARD_REJECT	7	/* */
-
-#define KRB_SERVICE_NAME   "rcmd"
-
-static	KTEXT_ST auth;
-static	char name[ANAME_SZ];
-static	AUTH_DAT adat;
-static des_cblock session_key;
-static des_cblock cred_session;
-static des_key_schedule sched;
-static des_cblock challenge;
-static int auth_done; /* XXX */
-
-static int pack_cred(CREDENTIALS *cred, unsigned char *buf);
-static int unpack_cred(unsigned char *buf, int len, CREDENTIALS *cred);
-
-
-static int
-Data(Authenticator *ap, int type, const void *d, int c)
-{
-    unsigned char *p = str_data + 4;
-    const unsigned char *cd = (const unsigned char *)d;
-
-    if (c == -1)
-	c = strlen((const char *)cd);
-
-    if (auth_debug_mode) {
-	printf("%s:%d: [%d] (%d)",
-	       str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
-	       str_data[3],
-	       type, c);
-	printd(d, c);
-	printf("\r\n");
-    }
-    *p++ = ap->type;
-    *p++ = ap->way;
-    *p++ = type;
-    while (c-- > 0) {
-	if ((*p++ = *cd++) == IAC)
-	    *p++ = IAC;
-    }
-    *p++ = IAC;
-    *p++ = SE;
-    if (str_data[3] == TELQUAL_IS)
-	printsub('>', &str_data[2], p - (&str_data[2]));
-    return(telnet_net_write(str_data, p - str_data));
-}
-
-int
-kerberos4_init(Authenticator *ap, int server)
-{
-    FILE *fp;
-
-    if (server) {
-	str_data[3] = TELQUAL_REPLY;
-	if ((fp = fopen(KEYFILE, "r")) == NULL)
-	    return(0);
-	fclose(fp);
-    } else {
-	str_data[3] = TELQUAL_IS;
-    }
-    return(1);
-}
-
-char dst_realm_buf[REALM_SZ], *dest_realm = NULL;
-int dst_realm_sz = REALM_SZ;
-
-static int
-kerberos4_send(char *name, Authenticator *ap)
-{
-    KTEXT_ST auth;
-    char instance[INST_SZ];
-    char *realm;
-    CREDENTIALS cred;
-    int r;
-
-    if (!UserNameRequested) {
-	if (auth_debug_mode) {
-	    printf("Kerberos V4: no user name supplied\r\n");
-	}
-	return(0);
-    }
-
-    memset(instance, 0, sizeof(instance));
-
-    strlcpy (instance,
-		     krb_get_phost(RemoteHostName),
-		     INST_SZ);
-
-    realm = dest_realm ? dest_realm : krb_realmofhost(RemoteHostName);
-
-    if (!realm) {
-	printf("Kerberos V4: no realm for %s\r\n", RemoteHostName);
-	return(0);
-    }
-    printf("[ Trying %s (%s.%s@%s) ... ]\r\n", name, 
-	   KRB_SERVICE_NAME, instance, realm);
-    r = krb_mk_req(&auth, KRB_SERVICE_NAME, instance, realm, 0L);
-    if (r) {
-	printf("mk_req failed: %s\r\n", krb_get_err_text(r));
-	return(0);
-    }
-    r = krb_get_cred(KRB_SERVICE_NAME, instance, realm, &cred);
-    if (r) {
-	printf("get_cred failed: %s\r\n", krb_get_err_text(r));
-	return(0);
-    }
-    if (!auth_sendname((unsigned char*)UserNameRequested, 
-		       strlen(UserNameRequested))) {
-	if (auth_debug_mode)
-	    printf("Not enough room for user name\r\n");
-	return(0);
-    }
-    if (auth_debug_mode)
-	printf("Sent %d bytes of authentication data\r\n", auth.length);
-    if (!Data(ap, KRB_AUTH, (void *)auth.dat, auth.length)) {
-	if (auth_debug_mode)
-	    printf("Not enough room for authentication data\r\n");
-	return(0);
-    }
-#ifdef ENCRYPTION
-    /* create challenge */
-    if ((ap->way & AUTH_HOW_MASK)==AUTH_HOW_MUTUAL) {
-	int i;
-
-	des_key_sched(&cred.session, sched);
-	memcpy (&cred_session, &cred.session, sizeof(cred_session));
-#ifndef HAVE_OPENSSL
-	des_init_random_number_generator(&cred.session);
-#endif
-	des_new_random_key(&session_key);
-	des_ecb_encrypt(&session_key, &session_key, sched, 0);
-	des_ecb_encrypt(&session_key, &challenge, sched, 0);
-
-	/*
-	  old code
-	  Some CERT Advisory thinks this is a bad thing...
-	    
-	  des_init_random_number_generator(&cred.session);
-	  des_new_random_key(&challenge);
-	  des_ecb_encrypt(&challenge, &session_key, sched, 1);
-	  */
-	  
-	/*
-	 * Increment the challenge by 1, and encrypt it for
-	 * later comparison.
-	 */
-	for (i = 7; i >= 0; --i) 
-	    if(++challenge[i] != 0) /* No carry! */
-		break;
-	des_ecb_encrypt(&challenge, &challenge, sched, 1);
-    }
-
-#endif
-
-    if (auth_debug_mode) {
-	printf("CK: %d:", kerberos4_cksum(auth.dat, auth.length));
-	printd(auth.dat, auth.length);
-	printf("\r\n");
-	printf("Sent Kerberos V4 credentials to server\r\n");
-    }
-    return(1);
-}
-int
-kerberos4_send_mutual(Authenticator *ap)
-{
-    return kerberos4_send("mutual KERBEROS4", ap);
-}
-
-int
-kerberos4_send_oneway(Authenticator *ap)
-{
-    return kerberos4_send("KERBEROS4", ap);
-}
-
-void
-kerberos4_is(Authenticator *ap, unsigned char *data, int cnt)
-{
-    struct sockaddr_in addr;
-    char realm[REALM_SZ];
-    char instance[INST_SZ];
-    int r;
-    socklen_t addr_len;
-
-    if (cnt-- < 1)
-	return;
-    switch (*data++) {
-    case KRB_AUTH:
-	if (krb_get_lrealm(realm, 1) != KSUCCESS) {
-	    Data(ap, KRB_REJECT, (void *)"No local V4 Realm.", -1);
-	    auth_finished(ap, AUTH_REJECT);
-	    if (auth_debug_mode)
-		printf("No local realm\r\n");
-	    return;
-	}
-	memmove(auth.dat, data, auth.length = cnt);
-	if (auth_debug_mode) {
-	    printf("Got %d bytes of authentication data\r\n", cnt);
-	    printf("CK: %d:", kerberos4_cksum(auth.dat, auth.length));
-	    printd(auth.dat, auth.length);
-	    printf("\r\n");
-	}
-	k_getsockinst(0, instance, sizeof(instance));
-	addr_len = sizeof(addr);
-	if(getpeername(0, (struct sockaddr *)&addr, &addr_len) < 0) {
-	    if(auth_debug_mode)
-		printf("getpeername failed\r\n");
-	    Data(ap, KRB_REJECT, "getpeername failed", -1);
-	    auth_finished(ap, AUTH_REJECT);
-	    return;
-	}
-	if (addr.sin_family != AF_INET) {
-	    if (auth_debug_mode)
-		printf("unknown address family: %d\r\n", addr.sin_family);
-	    Data(ap, KRB_REJECT, "bad address family", -1);
-	    auth_finished(ap, AUTH_REJECT);
-	    return;
-	}
-
-	r = krb_rd_req(&auth, KRB_SERVICE_NAME,
-		       instance, addr.sin_addr.s_addr, &adat, "");
-	if (r) {
-	    if (auth_debug_mode)
-		printf("Kerberos failed him as %s\r\n", name);
-	    Data(ap, KRB_REJECT, (void *)krb_get_err_text(r), -1);
-	    auth_finished(ap, AUTH_REJECT);
-	    return;
-	}
-	/* save the session key */
-	memmove(session_key, adat.session, sizeof(adat.session));
-	krb_kntoln(&adat, name);
-
-	if (UserNameRequested && !kuserok(&adat, UserNameRequested)){
-	    char ts[MaxPathLen];
-	    struct passwd *pw = getpwnam(UserNameRequested);
-
-	    if(pw){
-		snprintf(ts, sizeof(ts),
-			 "%s%u",
-			 TKT_ROOT,
-			 (unsigned)pw->pw_uid);
-		esetenv("KRBTKFILE", ts, 1);
-
-		if (pw->pw_uid == 0)
-		    syslog(LOG_INFO|LOG_AUTH,
-			   "ROOT Kerberos login from %s on %s\n",
-			   krb_unparse_name_long(adat.pname,
-						 adat.pinst,
-						 adat.prealm),
-			   RemoteHostName);
-	    }
-	    Data(ap, KRB_ACCEPT, NULL, 0);
-	} else {
-	    char *msg;
-	    int ret;
-
-	    ret = asprintf (&msg, "user `%s' is not authorized to "
-			    "login as `%s'", 
-			    krb_unparse_name_long(adat.pname, 
-						  adat.pinst, 
-						  adat.prealm), 
-			    UserNameRequested ? UserNameRequested : "<nobody>");
-	    if (ret == -1)
-		Data(ap, KRB_REJECT, NULL, 0);
-	    else {
-		Data(ap, KRB_REJECT, (void *)msg, -1);
-		free(msg);
-	    }
-	    auth_finished(ap, AUTH_REJECT);
-	    break;
-	}
-	auth_finished(ap, AUTH_USER);
-	break;
-	
-    case KRB_CHALLENGE:
-#ifndef ENCRYPTION
-	Data(ap, KRB_RESPONSE, NULL, 0);
-#else
-	if(!VALIDKEY(session_key)){
-	    Data(ap, KRB_RESPONSE, NULL, 0);
-	    break;
-	}
-	des_key_sched(&session_key, sched);
-	{
-	    des_cblock d_block;
-	    int i;
-	    Session_Key skey;
-
-	    memmove(d_block, data, sizeof(d_block));
-
-	    /* make a session key for encryption */
-	    des_ecb_encrypt(&d_block, &session_key, sched, 1);
-	    skey.type=SK_DES;
-	    skey.length=8;
-	    skey.data=session_key;
-	    encrypt_session_key(&skey, 1);
-
-	    /* decrypt challenge, add one and encrypt it */
-	    des_ecb_encrypt(&d_block, &challenge, sched, 0);
-	    for (i = 7; i >= 0; i--)
-		if(++challenge[i] != 0)
-		    break;
-	    des_ecb_encrypt(&challenge, &challenge, sched, 1);
-	    Data(ap, KRB_RESPONSE, (void *)challenge, sizeof(challenge));
-	}
-#endif
-	break;
-
-    case KRB_FORWARD:
-	{
-	    des_key_schedule ks;
-	    unsigned char netcred[sizeof(CREDENTIALS)];
-	    CREDENTIALS cred;
-	    int ret;
-	    if(cnt > sizeof(cred))
-		abort();
-
-	    memcpy (session_key, adat.session, sizeof(session_key));
-	    des_set_key(&session_key, ks);
-	    des_pcbc_encrypt((void*)data, (void*)netcred, cnt, 
-			     ks, &session_key, DES_DECRYPT);
-	    unpack_cred(netcred, cnt, &cred);
-	    {
-		if(strcmp(cred.service, KRB_TICKET_GRANTING_TICKET) ||
-		   strncmp(cred.instance, cred.realm, sizeof(cred.instance)) ||
-		   cred.lifetime < 0 || cred.lifetime > 255 ||
-		   cred.kvno < 0 || cred.kvno > 255 ||
-		   cred.issue_date < 0 || 
-		   cred.issue_date > time(0) + CLOCK_SKEW ||
-		   strncmp(cred.pname, adat.pname, sizeof(cred.pname)) ||
-		   strncmp(cred.pinst, adat.pinst, sizeof(cred.pinst))){
-		    Data(ap, KRB_FORWARD_REJECT, "Bad credentials", -1);
-		}else{
-		    if((ret = tf_setup(&cred,
-				       cred.pname,
-				       cred.pinst)) == KSUCCESS){
-		        struct passwd *pw = getpwnam(UserNameRequested);
-
-			if (pw)
-			  chown(tkt_string(), pw->pw_uid, pw->pw_gid);
-			Data(ap, KRB_FORWARD_ACCEPT, 0, 0);
-		    } else{
-			Data(ap, KRB_FORWARD_REJECT, 
-			     krb_get_err_text(ret), -1);
-		    }
-		}
-	    }
-	    memset(data, 0, cnt);
-	    memset(&ks, 0, sizeof(ks));
-	    memset(&cred, 0, sizeof(cred));
-	}
-	
-	break;
-
-    default:
-	if (auth_debug_mode)
-	    printf("Unknown Kerberos option %d\r\n", data[-1]);
-	Data(ap, KRB_REJECT, 0, 0);
-	break;
-    }
-}
-
-void
-kerberos4_reply(Authenticator *ap, unsigned char *data, int cnt)
-{
-    Session_Key skey;
-
-    if (cnt-- < 1)
-	return;
-    switch (*data++) {
-    case KRB_REJECT:
-	if(auth_done){ /* XXX Ick! */
-	    printf("[ Kerberos V4 received unknown opcode ]\r\n");
-	}else{
-	    printf("[ Kerberos V4 refuses authentication ");
-	    if (cnt > 0) 
-		printf("because %.*s ", cnt, data);
-	    printf("]\r\n");
-	    auth_send_retry();
-	}
-	return;
-    case KRB_ACCEPT:
-	printf("[ Kerberos V4 accepts you ]\r\n");
-	auth_done = 1;
-	if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
-	    /*
-	     * Send over the encrypted challenge.
-	     */
-	    Data(ap, KRB_CHALLENGE, session_key, 
-		 sizeof(session_key));
-	    des_ecb_encrypt(&session_key, &session_key, sched, 1);
-	    skey.type = SK_DES;
-	    skey.length = 8;
-	    skey.data = session_key;
-	    encrypt_session_key(&skey, 0);
-#if 0
-	    kerberos4_forward(ap, &cred_session);
-#endif
-	    return;
-	}
-	auth_finished(ap, AUTH_USER);
-	return;
-    case KRB_RESPONSE:
-	/* make sure the response is correct */
-	if ((cnt != sizeof(des_cblock)) ||
-	    (memcmp(data, challenge, sizeof(challenge)))){
-	    printf("[ Kerberos V4 challenge failed!!! ]\r\n");
-	    auth_send_retry();
-	    return;
-	}
-	printf("[ Kerberos V4 challenge successful ]\r\n");
-	auth_finished(ap, AUTH_USER);
-	break;
-    case KRB_FORWARD_ACCEPT:
-	printf("[ Kerberos V4 accepted forwarded credentials ]\r\n");
-	break;
-    case KRB_FORWARD_REJECT:
-	printf("[ Kerberos V4 rejected forwarded credentials: `%.*s']\r\n",
-	       cnt, data);
-	break;
-    default:
-	if (auth_debug_mode)
-	    printf("Unknown Kerberos option %d\r\n", data[-1]);
-	return;
-    }
-}
-
-int
-kerberos4_status(Authenticator *ap, char *name, size_t name_sz, int level)
-{
-    if (level < AUTH_USER)
-	return(level);
-
-    if (UserNameRequested && !kuserok(&adat, UserNameRequested)) {
-	strlcpy(name, UserNameRequested, name_sz);
-	return(AUTH_VALID);
-    } else
-	return(AUTH_USER);
-}
-
-#define	BUMP(buf, len)		while (*(buf)) {++(buf), --(len);}
-#define	ADDC(buf, len, c)	if ((len) > 0) {*(buf)++ = (c); --(len);}
-
-void
-kerberos4_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
-{
-    int i;
-
-    buf[buflen-1] = '\0';		/* make sure it's NULL terminated */
-    buflen -= 1;
-
-    switch(data[3]) {
-    case KRB_REJECT:		/* Rejected (reason might follow) */
-	strlcpy((char *)buf, " REJECT ", buflen);
-	goto common;
-
-    case KRB_ACCEPT:		/* Accepted (name might follow) */
-	strlcpy((char *)buf, " ACCEPT ", buflen);
-    common:
-	BUMP(buf, buflen);
-	if (cnt <= 4)
-	    break;
-	ADDC(buf, buflen, '"');
-	for (i = 4; i < cnt; i++)
-	    ADDC(buf, buflen, data[i]);
-	ADDC(buf, buflen, '"');
-	ADDC(buf, buflen, '\0');
-	break;
-
-    case KRB_AUTH:			/* Authentication data follows */
-	strlcpy((char *)buf, " AUTH", buflen);
-	goto common2;
-
-    case KRB_CHALLENGE:
-	strlcpy((char *)buf, " CHALLENGE", buflen);
-	goto common2;
-
-    case KRB_RESPONSE:
-	strlcpy((char *)buf, " RESPONSE", buflen);
-	goto common2;
-
-    default:
-	snprintf((char*)buf, buflen, " %d (unknown)", data[3]);
-    common2:
-	BUMP(buf, buflen);
-	for (i = 4; i < cnt; i++) {
-	    snprintf((char*)buf, buflen, " %d", data[i]);
-	    BUMP(buf, buflen);
-	}
-	break;
-    }
-}
-
-int
-kerberos4_cksum(unsigned char *d, int n)
-{
-    int ck = 0;
-
-    /*
-     * A comment is probably needed here for those not
-     * well versed in the "C" language.  Yes, this is
-     * supposed to be a "switch" with the body of the
-     * "switch" being a "while" statement.  The whole
-     * purpose of the switch is to allow us to jump into
-     * the middle of the while() loop, and then not have
-     * to do any more switch()s.
-     *
-     * Some compilers will spit out a warning message
-     * about the loop not being entered at the top.
-     */
-    switch (n&03)
-	while (n > 0) {
-	case 0:
-	    ck ^= (int)*d++ << 24;
-	    --n;
-	case 3:
-	    ck ^= (int)*d++ << 16;
-	    --n;
-	case 2:
-	    ck ^= (int)*d++ << 8;
-	    --n;
-	case 1:
-	    ck ^= (int)*d++;
-	    --n;
-	}
-    return(ck);
-}
-
-static int
-pack_cred(CREDENTIALS *cred, unsigned char *buf)
-{
-    unsigned char *p = buf;
-    
-    memcpy (p, cred->service, ANAME_SZ);
-    p += ANAME_SZ;
-    memcpy (p, cred->instance, INST_SZ);
-    p += INST_SZ;
-    memcpy (p, cred->realm, REALM_SZ);
-    p += REALM_SZ;
-    memcpy(p, cred->session, 8);
-    p += 8;
-    p += KRB_PUT_INT(cred->lifetime, p, 4, 4);
-    p += KRB_PUT_INT(cred->kvno, p, 4, 4);
-    p += KRB_PUT_INT(cred->ticket_st.length, p, 4, 4);
-    memcpy(p, cred->ticket_st.dat, cred->ticket_st.length);
-    p += cred->ticket_st.length;
-    p += KRB_PUT_INT(0, p, 4, 4);
-    p += KRB_PUT_INT(cred->issue_date, p, 4, 4);
-    memcpy (p, cred->pname, ANAME_SZ);
-    p += ANAME_SZ;
-    memcpy (p, cred->pinst, INST_SZ);
-    p += INST_SZ;
-    return p - buf;
-}
-
-static int
-unpack_cred(unsigned char *buf, int len, CREDENTIALS *cred)
-{
-    char *p = (char*)buf;
-    uint32_t tmp;
-
-    strncpy (cred->service, p, ANAME_SZ);
-    cred->service[ANAME_SZ - 1] = '\0';
-    p += ANAME_SZ;
-    strncpy (cred->instance, p, INST_SZ);
-    cred->instance[INST_SZ - 1] = '\0';
-    p += INST_SZ;
-    strncpy (cred->realm, p, REALM_SZ);
-    cred->realm[REALM_SZ - 1] = '\0';
-    p += REALM_SZ;
-
-    memcpy(cred->session, p, 8);
-    p += 8;
-    p += krb_get_int(p, &tmp, 4, 0);
-    cred->lifetime = tmp;
-    p += krb_get_int(p, &tmp, 4, 0);
-    cred->kvno = tmp;
-
-    p += krb_get_int(p, &cred->ticket_st.length, 4, 0);
-    memcpy(cred->ticket_st.dat, p, cred->ticket_st.length);
-    p += cred->ticket_st.length;
-    p += krb_get_int(p, &tmp, 4, 0);
-    cred->ticket_st.mbz = 0;
-    p += krb_get_int(p, (uint32_t *)&cred->issue_date, 4, 0);
-
-    strncpy (cred->pname, p, ANAME_SZ);
-    cred->pname[ANAME_SZ - 1] = '\0';
-    p += ANAME_SZ;
-    strncpy (cred->pinst, p, INST_SZ);
-    cred->pinst[INST_SZ - 1] = '\0';
-    p += INST_SZ;
-    return 0;
-}
-
-
-int
-kerberos4_forward(Authenticator *ap, void *v)
-{
-    des_cblock *key = (des_cblock *)v;
-    CREDENTIALS cred;
-    char *realm;
-    des_key_schedule ks;
-    int len;
-    unsigned char netcred[sizeof(CREDENTIALS)];
-    int ret;
-
-    realm = krb_realmofhost(RemoteHostName);
-    if(realm == NULL)
-	return -1;
-    memset(&cred, 0, sizeof(cred));
-    ret = krb_get_cred(KRB_TICKET_GRANTING_TICKET,
-		       realm,
-		       realm, 
-		       &cred);
-    if(ret)
-	return ret;
-    des_set_key(key, ks);
-    len = pack_cred(&cred, netcred);
-    des_pcbc_encrypt((void*)netcred, (void*)netcred, len,
-		     ks, key, DES_ENCRYPT);
-    memset(&ks, 0, sizeof(ks));
-    Data(ap, KRB_FORWARD, netcred, len);
-    memset(netcred, 0, sizeof(netcred));
-    return 0;
-}
-
-#endif /* KRB4 */
-
diff --git a/crypto/heimdal/appl/telnet/libtelnet/kerberos5.c b/crypto/heimdal/appl/telnet/libtelnet/kerberos5.c
deleted file mode 100644
index cac80d059abf..000000000000
--- a/crypto/heimdal/appl/telnet/libtelnet/kerberos5.c
+++ /dev/null
@@ -1,895 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-#include <config.h>
-
-RCSID("$Id: kerberos5.c 22071 2007-11-14 20:04:50Z lha $");
-
-#ifdef	KRB5
-
-#include <arpa/telnet.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <netdb.h>
-#include <ctype.h>
-#include <pwd.h>
-#define Authenticator k5_Authenticator
-#include <krb5.h>
-#undef Authenticator
-#include <roken.h>
-#ifdef SOCKS
-#include <socks.h>
-#endif
-
-
-#include "encrypt.h"
-#include "auth.h"
-#include "misc.h"
-
-#if defined(DCE)
-int dfsk5ok = 0;
-int dfspag = 0;
-int dfsfwd = 0;
-#endif
-
-int forward_flags = 0;  /* Flags get set in telnet/main.c on -f and -F */
-
-int forward(int);
-int forwardable(int);
-
-/* These values need to be the same as those defined in telnet/main.c. */
-/* Either define them in both places, or put in some common header file. */
-#define OPTS_FORWARD_CREDS	0x00000002
-#define OPTS_FORWARDABLE_CREDS	0x00000001
-
-
-void kerberos5_forward (Authenticator *);
-
-static unsigned char str_data[4] = { IAC, SB, TELOPT_AUTHENTICATION, 0 };
-
-#define	KRB_AUTH		0	/* Authentication data follows */
-#define	KRB_REJECT		1	/* Rejected (reason might follow) */
-#define	KRB_ACCEPT		2	/* Accepted */
-#define	KRB_RESPONSE		3	/* Response for mutual auth. */
-
-#define KRB_FORWARD     	4       /* Forwarded credentials follow */
-#define KRB_FORWARD_ACCEPT     	5       /* Forwarded credentials accepted */
-#define KRB_FORWARD_REJECT     	6       /* Forwarded credentials rejected */
-
-static	krb5_data auth;
-static  krb5_ticket *ticket;
-
-static krb5_context context;
-static krb5_auth_context auth_context;
-
-static int
-Data(Authenticator *ap, int type, const void *d, int c)
-{
-    const unsigned char *cp, *cd = d;
-    unsigned char *p0, *p;
-    size_t len = sizeof(str_data) + 3 + 2;
-    int ret;
-
-    if (c == -1)
-	c = strlen((const char*)cd);
-
-    for (cp = cd; cp - cd < c; cp++, len++)
-	if (*cp == IAC)
-	    len++;
-
-    p0 = malloc(len);
-    if (p0 == NULL)
-	return 0;
-    
-    memcpy(p0, str_data, sizeof(str_data));
-    p = p0 + sizeof(str_data);
-	
-    if (auth_debug_mode) {
-	printf("%s:%d: [%d] (%d)",
-	       str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
-	       str_data[3],
-	       type, c);
-	printd(d, c);
-	printf("\r\n");
-    }
-    *p++ = ap->type;
-    *p++ = ap->way;
-    *p++ = type;
-    while (c-- > 0) {
-	if ((*p++ = *cd++) == IAC)
-	    *p++ = IAC;
-    }
-    *p++ = IAC;
-    *p++ = SE;
-    if (str_data[3] == TELQUAL_IS)
-	printsub('>', &p0[2], len - 2);
-    ret = telnet_net_write(p0, len);
-    free(p0);
-    return ret;
-}
-
-int
-kerberos5_init(Authenticator *ap, int server)
-{
-    krb5_error_code ret;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	return 0;
-    if (server) {
-	krb5_keytab kt;
-	krb5_kt_cursor cursor;
-
-	ret = krb5_kt_default(context, &kt);
-	if (ret)
-	    return 0;
-
-	ret = krb5_kt_start_seq_get (context, kt, &cursor);
-	if (ret) {
-	    krb5_kt_close (context, kt);
-	    return 0;
-	}
-	krb5_kt_end_seq_get (context, kt, &cursor);
-	krb5_kt_close (context, kt);
-
-	str_data[3] = TELQUAL_REPLY;
-    } else
-	str_data[3] = TELQUAL_IS;
-    return(1);
-}
-
-extern int net;
-static int
-kerberos5_send(char *name, Authenticator *ap)
-{
-    krb5_error_code ret;
-    krb5_ccache ccache;
-    int ap_opts;
-    krb5_data cksum_data;
-    char ap_msg[2];
-    
-    if (!UserNameRequested) {
-	if (auth_debug_mode) {
-	    printf("Kerberos V5: no user name supplied\r\n");
-	}
-	return(0);
-    }
-    
-    ret = krb5_cc_default(context, &ccache);
-    if (ret) {
-	if (auth_debug_mode) {
-	    printf("Kerberos V5: could not get default ccache: %s\r\n",
-		   krb5_get_err_text (context, ret));
-	}
-	return 0;
-    }
-	
-    if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL)
-	ap_opts = AP_OPTS_MUTUAL_REQUIRED;
-    else
-	ap_opts = 0;
-
-    ap_opts |= AP_OPTS_USE_SUBKEY;
-    
-    ret = krb5_auth_con_init (context, &auth_context);
-    if (ret) {
-	if (auth_debug_mode) {
-	    printf("Kerberos V5: krb5_auth_con_init failed (%s)\r\n",
-		   krb5_get_err_text(context, ret));
-	}
-	return(0);
-    }
-
-    ret = krb5_auth_con_setaddrs_from_fd (context,
-					  auth_context,
-					  &net);
-    if (ret) {
-	if (auth_debug_mode) {
-	    printf ("Kerberos V5:"
-		    " krb5_auth_con_setaddrs_from_fd failed (%s)\r\n",
-		    krb5_get_err_text(context, ret));
-	}
-	return(0);
-    }
-
-    krb5_auth_con_setkeytype (context, auth_context, KEYTYPE_DES);
-
-    ap_msg[0] = ap->type;
-    ap_msg[1] = ap->way;
-
-    cksum_data.length = sizeof(ap_msg);
-    cksum_data.data   = ap_msg;
-
-
-    {
-	krb5_principal service;
-	char sname[128];
-
-
-	ret = krb5_sname_to_principal (context,
-				       RemoteHostName,
-				       NULL,
-				       KRB5_NT_SRV_HST,
-				       &service);
-	if(ret) {
-	    if (auth_debug_mode) {
-		printf ("Kerberos V5:"
-			" krb5_sname_to_principal(%s) failed (%s)\r\n",
-			RemoteHostName, krb5_get_err_text(context, ret));
-	    }
-	    return 0;
-	}
-	ret = krb5_unparse_name_fixed(context, service, sname, sizeof(sname));
-	if(ret) {
-	    if (auth_debug_mode) {
-		printf ("Kerberos V5:"
-			" krb5_unparse_name_fixed failed (%s)\r\n",
-			krb5_get_err_text(context, ret));
-	    }
-	    return 0;
-	}
-	printf("[ Trying %s (%s)... ]\r\n", name, sname);
-	ret = krb5_mk_req_exact(context, &auth_context, ap_opts,
-				service, 
-				&cksum_data, ccache, &auth);
-	krb5_free_principal (context, service);
-
-    }
-    if (ret) {
-	if (1 || auth_debug_mode) {
-	    printf("Kerberos V5: mk_req failed (%s)\r\n",
-		   krb5_get_err_text(context, ret));
-	}
-	return(0);
-    }
-
-    if (!auth_sendname((unsigned char *)UserNameRequested,
-		       strlen(UserNameRequested))) {
-	if (auth_debug_mode)
-	    printf("Not enough room for user name\r\n");
-	return(0);
-    }
-    if (!Data(ap, KRB_AUTH, auth.data, auth.length)) {
-	if (auth_debug_mode)
-	    printf("Not enough room for authentication data\r\n");
-	return(0);
-    }
-    if (auth_debug_mode) {
-	printf("Sent Kerberos V5 credentials to server\r\n");
-    }
-    return(1);
-}
-
-int
-kerberos5_send_mutual(Authenticator *ap)
-{
-    return kerberos5_send("mutual KERBEROS5", ap);
-}
-
-int
-kerberos5_send_oneway(Authenticator *ap)
-{
-    return kerberos5_send("KERBEROS5", ap);
-}
-
-static void log_message(const char *fmt, ...)
-{
-    va_list ap;
-    va_start(ap, fmt);
-    if (auth_debug_mode) {
-	va_start(ap, fmt);
-	vfprintf(stdout, fmt, ap);
-	va_end(ap);
-	fprintf(stdout, "\r\n");
-    }
-    va_start(ap, fmt);
-    vsyslog(LOG_NOTICE, fmt, ap);
-    va_end(ap);
-}
-
-void
-kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
-{
-    krb5_error_code ret;
-    krb5_data outbuf;
-    krb5_keyblock *key_block;
-    char *name;
-    krb5_principal server;
-    int zero = 0;
-
-    if (cnt-- < 1)
-	return;
-    switch (*data++) {
-    case KRB_AUTH:
-	auth.data = (char *)data;
-	auth.length = cnt;
-
-	auth_context = NULL;
-
-	ret = krb5_auth_con_init (context, &auth_context);
-	if (ret) {
-	    Data(ap, KRB_REJECT, "krb5_auth_con_init failed", -1);
-	    auth_finished(ap, AUTH_REJECT);
-	    log_message("Kerberos V5: krb5_auth_con_init failed (%s)",
-			krb5_get_err_text(context, ret));
-	    return;
-	}
-
-	ret = krb5_auth_con_setaddrs_from_fd (context,
-					      auth_context,
-					      &zero);
-	if (ret) {
-	    Data(ap, KRB_REJECT, "krb5_auth_con_setaddrs_from_fd failed", -1);
-	    auth_finished(ap, AUTH_REJECT);
-	    log_message("Kerberos V5: "
-			"krb5_auth_con_setaddrs_from_fd failed (%s)",
-			krb5_get_err_text(context, ret));
-	    return;
-	}
-
-	ret = krb5_sock_to_principal (context,
-				      0,
-				      "host",
-				      KRB5_NT_SRV_HST,
-				      &server);
-	if (ret) {
-	    Data(ap, KRB_REJECT, "krb5_sock_to_principal failed", -1);
-	    auth_finished(ap, AUTH_REJECT);
-	    log_message("Kerberos V5: "
-			"krb5_sock_to_principal failed (%s)",
-			krb5_get_err_text(context, ret));
-	    return;
-	}
-
-	ret = krb5_rd_req(context,
-			  &auth_context,
-			  &auth, 
-			  server,
-			  NULL,
-			  NULL,
-			  &ticket);
-
-	krb5_free_principal (context, server);
-	if (ret) {
-	    const char *errbuf2 = "Read req failed";
-	    char *errbuf;
-	    int ret2;
-
-	    ret2 = asprintf(&errbuf,
-			    "Read req failed: %s",
-			    krb5_get_err_text(context, ret));
-	    if (ret2 != -1)
-		errbuf2 = errbuf;
-	    Data(ap, KRB_REJECT, errbuf2, -1);
-	    log_message("%s", errbuf2);
-	    if (ret2 != -1)
-		free (errbuf);
-	    return;
-	}
-	
-	{
-	    char ap_msg[2];
-	    
-	    ap_msg[0] = ap->type;
-	    ap_msg[1] = ap->way;
-	    
-	    ret = krb5_verify_authenticator_checksum(context,
-						     auth_context,
-						     ap_msg, 
-						     sizeof(ap_msg));
-
-	    if (ret) {
-		const char *errbuf2 = "Bad checksum";
-		char *errbuf;
-		int ret2;
-
-		ret2 = asprintf(&errbuf, "Bad checksum: %s", 
-				krb5_get_err_text(context, ret));
-		if (ret2 != -1)
-		    errbuf2 = errbuf;
-		Data(ap, KRB_REJECT, errbuf2, -1);
-		log_message("%s", errbuf2);
-		if (ret2 != -1)
-		    free(errbuf);
-		return;
-	    }
-	}
-	ret = krb5_auth_con_getremotesubkey (context,
-					     auth_context,
-					     &key_block);
-
-	if (ret) {
-	    Data(ap, KRB_REJECT, "krb5_auth_con_getremotesubkey failed", -1);
-	    auth_finished(ap, AUTH_REJECT);
-	    log_message("Kerberos V5: "
-			"krb5_auth_con_getremotesubkey failed (%s)",
-			krb5_get_err_text(context, ret));
-	    return;
-	}
-
-	if (key_block == NULL) {
-	    ret = krb5_auth_con_getkey(context,
-				       auth_context,
-				       &key_block);
-	}
-	if (ret) {
-	    Data(ap, KRB_REJECT, "krb5_auth_con_getkey failed", -1);
-	    auth_finished(ap, AUTH_REJECT);
-	    log_message("Kerberos V5: "
-			"krb5_auth_con_getkey failed (%s)",
-			krb5_get_err_text(context, ret));
-	    return;
-	}
-	if (key_block == NULL) {
-	    Data(ap, KRB_REJECT, "no subkey received", -1);
-	    auth_finished(ap, AUTH_REJECT);
-	    log_message("Kerberos V5: "
-			"krb5_auth_con_getremotesubkey returned NULL key");
-	    return;
-	}
-
-	if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
-	    ret = krb5_mk_rep(context, auth_context, &outbuf);
-	    if (ret) {
-		Data(ap, KRB_REJECT,
-		     "krb5_mk_rep failed", -1);
-		auth_finished(ap, AUTH_REJECT);
-		log_message("Kerberos V5: "
-			    "krb5_mk_rep failed (%s)",
-			    krb5_get_err_text(context, ret));
-		return;
-	    }
-	    Data(ap, KRB_RESPONSE, outbuf.data, outbuf.length);
-	}
-	if (krb5_unparse_name(context, ticket->client, &name))
-	    name = 0;
-
-	if(UserNameRequested && krb5_kuserok(context,
-					     ticket->client,
-					     UserNameRequested)) {
-	    Data(ap, KRB_ACCEPT, name, name ? -1 : 0);
-	    log_message("%s accepted as user %s from %s",
-			name ? name : "<unknown>", 
-			UserNameRequested ? UserNameRequested : "<unknown>",
-			RemoteHostName ? RemoteHostName : "<unknown>");
-
-	    if(key_block->keytype == ETYPE_DES_CBC_MD5 ||
-	       key_block->keytype == ETYPE_DES_CBC_MD4 ||
-	       key_block->keytype == ETYPE_DES_CBC_CRC) {
-		Session_Key skey;
-
-		skey.type = SK_DES;
-		skey.length = 8;
-		skey.data = key_block->keyvalue.data;
-		encrypt_session_key(&skey, 0);
-	    }
-
-	} else {
-	    const char *msg2 = "user is not authorized to login";
-	    char *msg;
-
-	    ret = asprintf (&msg, "user `%s' is not authorized to "
-			    "login as `%s'", 
-			    name ? name : "<unknown>",
-			    UserNameRequested ? UserNameRequested : "<nobody>");
-	    if (ret != -1)
-		msg2 = msg;
-	    Data(ap, KRB_REJECT, (void *)msg2, -1);
-	    if (ret != -1)
-		free(msg);
-	    auth_finished (ap, AUTH_REJECT);
-	    krb5_free_keyblock_contents(context, key_block);
-	    break;
-	}
-	auth_finished(ap, AUTH_USER);
-	krb5_free_keyblock_contents(context, key_block);
-	
-	break;
-    case KRB_FORWARD: {
-	struct passwd *pwd;
-	char ccname[1024];	/* XXX */
-	krb5_data inbuf;
-	krb5_ccache ccache;
-	inbuf.data = (char *)data;
-	inbuf.length = cnt;
-
-	pwd = getpwnam (UserNameRequested);
-	if (pwd == NULL)
-	    break;
-
-	snprintf (ccname, sizeof(ccname),
-		  "FILE:/tmp/krb5cc_%lu", (unsigned long)pwd->pw_uid);
-
-	ret = krb5_cc_resolve (context, ccname, &ccache);
-	if (ret) {
-	    log_message("Kerberos V5: could not get ccache: %s",
-			krb5_get_err_text(context, ret));
-	    break;
-	}
-
-	ret = krb5_cc_initialize (context,
-				  ccache,
-				  ticket->client);
-	if (ret) {
-	    log_message("Kerberos V5: could not init ccache: %s",
-			krb5_get_err_text(context, ret));
-	    break;
-	}
-
-#if defined(DCE)
-	esetenv("KRB5CCNAME", ccname, 1);
-#endif
-	ret = krb5_rd_cred2 (context,
-			     auth_context,
-			     ccache,
-			     &inbuf);
-	if(ret) {
-	    const char *errbuf2 = "Read forwarded creds failed";
-	    char *errbuf;
-	    int ret2;
-
-	    ret2 = asprintf (&errbuf,
-			     "Read forwarded creds failed: %s",
-			     krb5_get_err_text (context, ret));
-	    if (ret2 != -1)
-		errbuf2 = errbuf;
-	    Data(ap, KRB_FORWARD_REJECT, errbuf, -1);
-	    log_message("Could not read forwarded credentials: %s", errbuf);
-
-	    if (ret2 != -1)
-		free (errbuf);
-	} else {
-	    Data(ap, KRB_FORWARD_ACCEPT, 0, 0);
-#if defined(DCE)
-	    dfsfwd = 1;
-#endif
-	}
-	chown (ccname + 5, pwd->pw_uid, -1);
-	log_message("Forwarded credentials obtained");
-	break;
-    }
-    default:
-	log_message("Unknown Kerberos option %d", data[-1]);
-	Data(ap, KRB_REJECT, 0, 0);
-	break;
-    }
-}
-
-void
-kerberos5_reply(Authenticator *ap, unsigned char *data, int cnt)
-{
-    static int mutual_complete = 0;
-
-    if (cnt-- < 1)
-	return;
-    switch (*data++) {
-    case KRB_REJECT:
-	if (cnt > 0) {
-	    printf("[ Kerberos V5 refuses authentication because %.*s ]\r\n",
-		   cnt, data);
-	} else
-	    printf("[ Kerberos V5 refuses authentication ]\r\n");
-	auth_send_retry();
-	return;
-    case KRB_ACCEPT: {
-	krb5_error_code ret;
-	Session_Key skey;
-	krb5_keyblock *keyblock;
-	
-	if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL &&
-	    !mutual_complete) {
-	    printf("[ Kerberos V5 accepted you, but didn't provide mutual authentication! ]\r\n");
-	    auth_send_retry();
-	    return;
-	}
-	if (cnt)
-	    printf("[ Kerberos V5 accepts you as ``%.*s'' ]\r\n", cnt, data);
-	else
-	    printf("[ Kerberos V5 accepts you ]\r\n");
-	      
-	ret = krb5_auth_con_getlocalsubkey (context,
-					    auth_context,
-					    &keyblock);
-	if (ret)
-	    ret = krb5_auth_con_getkey (context,
-					auth_context,
-					&keyblock);
-	if(ret) {
-	    printf("[ krb5_auth_con_getkey: %s ]\r\n",
-		   krb5_get_err_text(context, ret));
-	    auth_send_retry();
-	    return;
-	}
-	      
-	skey.type = SK_DES;
-	skey.length = 8;
-	skey.data = keyblock->keyvalue.data;
-	encrypt_session_key(&skey, 0);
-	krb5_free_keyblock_contents (context, keyblock);
-	auth_finished(ap, AUTH_USER);
-	if (forward_flags & OPTS_FORWARD_CREDS)
-	    kerberos5_forward(ap);
-	break;
-    }
-    case KRB_RESPONSE:
-	if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
-	    /* the rest of the reply should contain a krb_ap_rep */
-	  krb5_ap_rep_enc_part *reply;
-	  krb5_data inbuf;
-	  krb5_error_code ret;
-	    
-	  inbuf.length = cnt;
-	  inbuf.data = (char *)data;
-
-	  ret = krb5_rd_rep(context, auth_context, &inbuf, &reply);
-	  if (ret) {
-	      printf("[ Mutual authentication failed: %s ]\r\n",
-		     krb5_get_err_text (context, ret));
-	      auth_send_retry();
-	      return;
-	  }
-	  krb5_free_ap_rep_enc_part(context, reply);
-	  mutual_complete = 1;
-	}
-	return;
-    case KRB_FORWARD_ACCEPT:
-	printf("[ Kerberos V5 accepted forwarded credentials ]\r\n");
-	return;
-    case KRB_FORWARD_REJECT:
-	printf("[ Kerberos V5 refuses forwarded credentials because %.*s ]\r\n",
-	       cnt, data);
-	return;
-    default:
-	if (auth_debug_mode)
-	    printf("Unknown Kerberos option %d\r\n", data[-1]);
-	return;
-    }
-}
-
-int
-kerberos5_status(Authenticator *ap, char *name, size_t name_sz, int level)
-{
-    if (level < AUTH_USER)
-	return(level);
-
-    if (UserNameRequested &&
-	krb5_kuserok(context,
-		     ticket->client,
-		     UserNameRequested))
-	{
-	    strlcpy(name, UserNameRequested, name_sz);
-#if defined(DCE)
-	    dfsk5ok = 1;
-#endif
-	    return(AUTH_VALID);
-	} else
-	    return(AUTH_USER);
-}
-
-#define	BUMP(buf, len)		while (*(buf)) {++(buf), --(len);}
-#define	ADDC(buf, len, c)	if ((len) > 0) {*(buf)++ = (c); --(len);}
-
-void
-kerberos5_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
-{
-    int i;
-
-    buf[buflen-1] = '\0';		/* make sure it's NULL terminated */
-    buflen -= 1;
-
-    switch(data[3]) {
-    case KRB_REJECT:		/* Rejected (reason might follow) */
-	strlcpy((char *)buf, " REJECT ", buflen);
-	goto common;
-
-    case KRB_ACCEPT:		/* Accepted (name might follow) */
-	strlcpy((char *)buf, " ACCEPT ", buflen);
-    common:
-	BUMP(buf, buflen);
-	if (cnt <= 4)
-	    break;
-	ADDC(buf, buflen, '"');
-	for (i = 4; i < cnt; i++)
-	    ADDC(buf, buflen, data[i]);
-	ADDC(buf, buflen, '"');
-	ADDC(buf, buflen, '\0');
-	break;
-
-
-    case KRB_AUTH:			/* Authentication data follows */
-	strlcpy((char *)buf, " AUTH", buflen);
-	goto common2;
-
-    case KRB_RESPONSE:
-	strlcpy((char *)buf, " RESPONSE", buflen);
-	goto common2;
-
-    case KRB_FORWARD:		/* Forwarded credentials follow */
-	strlcpy((char *)buf, " FORWARD", buflen);
-	goto common2;
-
-    case KRB_FORWARD_ACCEPT:	/* Forwarded credentials accepted */
-	strlcpy((char *)buf, " FORWARD_ACCEPT", buflen);
-	goto common2;
-
-    case KRB_FORWARD_REJECT:	/* Forwarded credentials rejected */
-	/* (reason might follow) */
-	strlcpy((char *)buf, " FORWARD_REJECT", buflen);
-	goto common2;
-
-    default:
-	snprintf((char*)buf, buflen, " %d (unknown)", data[3]);
-    common2:
-	BUMP(buf, buflen);
-	for (i = 4; i < cnt; i++) {
-	    snprintf((char*)buf, buflen, " %d", data[i]);
-	    BUMP(buf, buflen);
-	}
-	break;
-    }
-}
-
-void
-kerberos5_forward(Authenticator *ap)
-{
-    krb5_error_code ret;
-    krb5_ccache     ccache;
-    krb5_creds      creds;
-    KDCOptions	    flags;
-    krb5_data       out_data;
-    krb5_principal  principal;
-
-    ret = krb5_cc_default (context, &ccache);
-    if (ret) {
-	if (auth_debug_mode)
-	    printf ("KerberosV5: could not get default ccache: %s\r\n",
-		    krb5_get_err_text (context, ret));
-	return;
-    }
-
-    ret = krb5_cc_get_principal (context, ccache, &principal);
-    if (ret) {
-	if (auth_debug_mode)
-	    printf ("KerberosV5: could not get principal: %s\r\n",
-		    krb5_get_err_text (context, ret));
-	return;
-    }
-
-    memset (&creds, 0, sizeof(creds));
-
-    creds.client = principal;
-    
-    ret = krb5_build_principal (context,
-				&creds.server,
-				strlen(principal->realm),
-				principal->realm,
-				"krbtgt",
-				principal->realm,
-				NULL);
-
-    if (ret) {
-	if (auth_debug_mode)
-	    printf ("KerberosV5: could not get principal: %s\r\n",
-		    krb5_get_err_text (context, ret));
-	return;
-    }
-
-    creds.times.endtime = 0;
-
-    memset(&flags, 0, sizeof(flags));
-    flags.forwarded = 1;
-    if (forward_flags & OPTS_FORWARDABLE_CREDS)
-	flags.forwardable = 1;
-
-    ret = krb5_get_forwarded_creds (context,
-				    auth_context,
-				    ccache,
-				    KDCOptions2int(flags),
-				    RemoteHostName,
-				    &creds,
-				    &out_data);
-    if (ret) {
-	if (auth_debug_mode)
-	    printf ("Kerberos V5: error getting forwarded creds: %s\r\n",
-		    krb5_get_err_text (context, ret));
-	return;
-    }
-
-    if(!Data(ap, KRB_FORWARD, out_data.data, out_data.length)) {
-	if (auth_debug_mode)
-	    printf("Not enough room for authentication data\r\n");
-    } else {
-	if (auth_debug_mode)
-	    printf("Forwarded local Kerberos V5 credentials to server\r\n");
-    }
-}
-
-#if defined(DCE)
-/* if this was a K5 authentication try and join a PAG for the user. */
-void
-kerberos5_dfspag(void)
-{
-    if (dfsk5ok) {
-	dfspag = krb5_dfs_pag(context, dfsfwd, ticket->client,
-			      UserNameRequested);
-    }
-}
-#endif
-
-int
-kerberos5_set_forward(int on)
-{
-    if(on == 0)
-	forward_flags &= ~OPTS_FORWARD_CREDS;
-    if(on == 1)
-	forward_flags |= OPTS_FORWARD_CREDS;
-    if(on == -1)
-	forward_flags ^= OPTS_FORWARD_CREDS;
-    return 0;
-}
-
-int
-kerberos5_set_forwardable(int on)
-{
-    if(on == 0)
-	forward_flags &= ~OPTS_FORWARDABLE_CREDS;
-    if(on == 1)
-	forward_flags |= OPTS_FORWARDABLE_CREDS;
-    if(on == -1)
-	forward_flags ^= OPTS_FORWARDABLE_CREDS;
-    return 0;
-}
-
-#endif /* KRB5 */
diff --git a/crypto/heimdal/appl/telnet/libtelnet/krb4encpwd.c b/crypto/heimdal/appl/telnet/libtelnet/krb4encpwd.c
deleted file mode 100644
index f14bc7da50f0..000000000000
--- a/crypto/heimdal/appl/telnet/libtelnet/krb4encpwd.c
+++ /dev/null
@@ -1,436 +0,0 @@
-/*-
- * Copyright (c) 1992, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <config.h>
-
-RCSID("$Id: krb4encpwd.c 22071 2007-11-14 20:04:50Z lha $");
-
-#ifdef	KRB4_ENCPWD
-/*
- * COPYRIGHT (C) 1990 DIGITAL EQUIPMENT CORPORATION
- * ALL RIGHTS RESERVED
- *
- * "Digital Equipment Corporation authorizes the reproduction,
- * distribution and modification of this software subject to the following
- * restrictions:
- *
- * 1.  Any partial or whole copy of this software, or any modification
- * thereof, must include this copyright notice in its entirety.
- *
- * 2.  This software is supplied "as is" with no warranty of any kind,
- * expressed or implied, for any purpose, including any warranty of fitness
- * or merchantibility.  DIGITAL assumes no responsibility for the use or
- * reliability of this software, nor promises to provide any form of
- * support for it on any basis.
- *
- * 3.  Distribution of this software is authorized only if no profit or
- * remuneration of any kind is received in exchange for such distribution.
- *
- * 4.  This software produces public key authentication certificates
- * bearing an expiration date established by DIGITAL and RSA Data
- * Security, Inc.  It may cease to generate certificates after the expiration
- * date.  Any modification of this software that changes or defeats
- * the expiration date or its effect is unauthorized.
- *
- * 5.  Software that will renew or extend the expiration date of
- * authentication certificates produced by this software may be obtained
- * from RSA Data Security, Inc., 10 Twin Dolphin Drive, Redwood City, CA
- * 94065, (415)595-8782, or from DIGITAL"
- *
- */
-
-#include <sys/types.h>
-#include <arpa/telnet.h>
-#include <pwd.h>
-#include <stdio.h>
-
-#include <krb.h>
-#include <stdlib.h>
-#include <string.h>
-#ifdef SOCKS
-#include <socks.h>
-#endif
-
-#include "encrypt.h"
-#include "auth.h"
-#include "misc.h"
-
-int krb_mk_encpwd_req (KTEXT, char *, char *, char *, char *, char *, char *);
-int krb_rd_encpwd_req (KTEXT, char *, char *, u_long, AUTH_DAT *, char *, char *, char *, char *);
-
-extern auth_debug_mode;
-
-static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
-			  		AUTHTYPE_KRB4_ENCPWD, };
-static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
-					TELQUAL_NAME, };
-
-#define	KRB4_ENCPWD_AUTH	0	/* Authentication data follows */
-#define	KRB4_ENCPWD_REJECT	1	/* Rejected (reason might follow) */
-#define KRB4_ENCPWD_ACCEPT	2	/* Accepted */
-#define	KRB4_ENCPWD_CHALLENGE	3	/* Challenge for mutual auth. */
-#define	KRB4_ENCPWD_ACK		4	/* Acknowledge */
-
-#define KRB_SERVICE_NAME    "rcmd"
-
-static	KTEXT_ST auth;
-static	char name[ANAME_SZ];
-static	char user_passwd[ANAME_SZ];
-static	AUTH_DAT adat = { 0 };
-static des_key_schedule sched;
-static char  challenge[REALM_SZ];
-
-	static int
-Data(ap, type, d, c)
-	Authenticator *ap;
-	int type;
-	void *d;
-	int c;
-{
-	unsigned char *p = str_data + 4;
-	unsigned char *cd = (unsigned char *)d;
-
-	if (c == -1)
-		c = strlen(cd);
-
-	if (0) {
-		printf("%s:%d: [%d] (%d)",
-			str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
-			str_data[3],
-			type, c);
-		printd(d, c);
-		printf("\r\n");
-	}
-	*p++ = ap->type;
-	*p++ = ap->way;
-	*p++ = type;
-	while (c-- > 0) {
-		if ((*p++ = *cd++) == IAC)
-			*p++ = IAC;
-	}
-	*p++ = IAC;
-	*p++ = SE;
-	if (str_data[3] == TELQUAL_IS)
-		printsub('>', &str_data[2], p - (&str_data[2]));
-	return(telnet_net_write(str_data, p - str_data));
-}
-
-	int
-krb4encpwd_init(ap, server)
-	Authenticator *ap;
-	int server;
-{
-	char hostname[80], *cp, *realm;
-	des_clock skey;
-
-	if (server) {
-		str_data[3] = TELQUAL_REPLY;
-	} else {
-		str_data[3] = TELQUAL_IS;
-		gethostname(hostname, sizeof(hostname));
-		realm = krb_realmofhost(hostname);
-		cp = strchr(hostname, '.');
-		if (*cp != NULL) *cp = NULL;
-		if (read_service_key(KRB_SERVICE_NAME, hostname, realm, 0,
-					KEYFILE, (char *)skey)) {
-		  return(0);
-		}
-	}
-	return(1);
-}
-
-	int
-krb4encpwd_send(ap)
-	Authenticator *ap;
-{
-
-	printf("[ Trying KRB4ENCPWD ... ]\r\n");
-	if (!UserNameRequested) {
-		return(0);
-	}
-	if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
-		return(0);
-	}
-
-	if (!Data(ap, KRB4_ENCPWD_ACK, NULL, 0)) {
-		return(0);
-	}
-
-	return(1);
-}
-
-	void
-krb4encpwd_is(ap, data, cnt)
-	Authenticator *ap;
-	unsigned char *data;
-	int cnt;
-{
-	Session_Key skey;
-	des_cblock datablock;
-	char  r_passwd[ANAME_SZ], r_user[ANAME_SZ];
-	char  lhostname[ANAME_SZ], *cp;
-	int r;
-	time_t now;
-
-	if (cnt-- < 1)
-		return;
-	switch (*data++) {
-	case KRB4_ENCPWD_AUTH:
-		memmove(auth.dat, data, auth.length = cnt);
-
-		gethostname(lhostname, sizeof(lhostname));
-		if ((cp = strchr(lhostname, '.')) != 0)  *cp = '\0';
-
-		if (r = krb_rd_encpwd_req(&auth, KRB_SERVICE_NAME, lhostname, 0, &adat, NULL, challenge, r_user, r_passwd)) {
-			Data(ap, KRB4_ENCPWD_REJECT, "Auth failed", -1);
-			auth_finished(ap, AUTH_REJECT);
-			return;
-		}
-		auth_encrypt_userpwd(r_passwd);
-		if (passwdok(UserNameRequested, UserPassword) == 0) {
-		  /*
-		   *  illegal username and password
-		   */
-		  Data(ap, KRB4_ENCPWD_REJECT, "Illegal password", -1);
-		  auth_finished(ap, AUTH_REJECT);
-		  return;
-		}
-
-		memmove(session_key, adat.session, sizeof(des_cblock));
-		Data(ap, KRB4_ENCPWD_ACCEPT, 0, 0);
-		auth_finished(ap, AUTH_USER);
-		break;
-
-	case KRB4_ENCPWD_CHALLENGE:
-		/*
-		 *  Take the received random challenge text and save
-		 *  for future authentication.
-		 */
-		memmove(challenge, data, sizeof(des_cblock));
-		break;
-
-
-	case KRB4_ENCPWD_ACK:
-		/*
-		 *  Receive ack, if mutual then send random challenge
-		 */
-
-		/*
-		 * If we are doing mutual authentication, get set up to send
-		 * the challenge, and verify it when the response comes back.
-		 */
-
-		if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
-		  int i;
-
-		  time(&now);
-		  snprintf(challenge, sizeof(challenge), "%x", now);
-		  Data(ap, KRB4_ENCPWD_CHALLENGE, challenge, strlen(challenge));
-		}
-		break;
-
-	default:
-		Data(ap, KRB4_ENCPWD_REJECT, 0, 0);
-		break;
-	}
-}
-
-
-	void
-krb4encpwd_reply(ap, data, cnt)
-	Authenticator *ap;
-	unsigned char *data;
-	int cnt;
-{
-	Session_Key skey;
-	KTEXT_ST krb_token;
-	des_cblock enckey;
-	CREDENTIALS cred;
-	int r;
-	char	randchal[REALM_SZ], instance[ANAME_SZ], *cp;
-	char	hostname[80], *realm;
-
-	if (cnt-- < 1)
-		return;
-	switch (*data++) {
-	case KRB4_ENCPWD_REJECT:
-		if (cnt > 0) {
-			printf("[ KRB4_ENCPWD refuses authentication because %.*s ]\r\n",
-				cnt, data);
-		} else
-			printf("[ KRB4_ENCPWD refuses authentication ]\r\n");
-		auth_send_retry();
-		return;
-	case KRB4_ENCPWD_ACCEPT:
-		printf("[ KRB4_ENCPWD accepts you ]\r\n");
-		auth_finished(ap, AUTH_USER);
-		return;
-	case KRB4_ENCPWD_CHALLENGE:
-		/*
-		 * Verify that the response to the challenge is correct.
-		 */
-
-		gethostname(hostname, sizeof(hostname));
-		realm = krb_realmofhost(hostname);
-		memmove(challenge, data, cnt);
-		memset(user_passwd, 0, sizeof(user_passwd));
-		des_read_pw_string(user_passwd, sizeof(user_passwd)-1, "Password: ", 0);
-		UserPassword = user_passwd;
-		Challenge = challenge;
-		strlcpy(instance, RemoteHostName, sizeof(instance));
-		if ((cp = strchr(instance, '.')) != 0)  *cp = '\0';
-
-		if (r = krb_mk_encpwd_req(&krb_token, KRB_SERVICE_NAME, instance, realm, Challenge, UserNameRequested, user_passwd)) {
-		  krb_token.length = 0;
-		}
-
-		if (!Data(ap, KRB4_ENCPWD_AUTH, krb_token.dat, krb_token.length)) {
-		  return;
-		}
-
-		break;
-
-	default:
-		return;
-	}
-}
-
-	int
-krb4encpwd_status(ap, name, name_sz, level)
-	Authenticator *ap;
-	char *name;
-	size_t name_sz;
-	int level;
-{
-
-	if (level < AUTH_USER)
-		return(level);
-
-	if (UserNameRequested && passwdok(UserNameRequested, UserPassword)) {
-		strlcpy(name, UserNameRequested, name_sz);
-		return(AUTH_VALID);
-	} else {
-		return(AUTH_USER);
-	}
-}
-
-#define	BUMP(buf, len)		while (*(buf)) {++(buf), --(len);}
-#define	ADDC(buf, len, c)	if ((len) > 0) {*(buf)++ = (c); --(len);}
-
-	void
-krb4encpwd_printsub(data, cnt, buf, buflen)
-	unsigned char *data, *buf;
-	int cnt, buflen;
-{
-	int i;
-
-	buf[buflen-1] = '\0';		/* make sure it's NULL terminated */
-	buflen -= 1;
-
-	switch(data[3]) {
-	case KRB4_ENCPWD_REJECT:	/* Rejected (reason might follow) */
-		strlcpy((char *)buf, " REJECT ", buflen);
-		goto common;
-
-	case KRB4_ENCPWD_ACCEPT:	/* Accepted (name might follow) */
-		strlcpy((char *)buf, " ACCEPT ", buflen);
-	common:
-		BUMP(buf, buflen);
-		if (cnt <= 4)
-			break;
-		ADDC(buf, buflen, '"');
-		for (i = 4; i < cnt; i++)
-			ADDC(buf, buflen, data[i]);
-		ADDC(buf, buflen, '"');
-		ADDC(buf, buflen, '\0');
-		break;
-
-	case KRB4_ENCPWD_AUTH:		/* Authentication data follows */
-		strlcpy((char *)buf, " AUTH", buflen);
-		goto common2;
-
-	case KRB4_ENCPWD_CHALLENGE:
-		strlcpy((char *)buf, " CHALLENGE", buflen);
-		goto common2;
-
-	case KRB4_ENCPWD_ACK:
-		strlcpy((char *)buf, " ACK", buflen);
-		goto common2;
-
-	default:
-		snprintf(buf, buflen, " %d (unknown)", data[3]);
-	common2:
-		BUMP(buf, buflen);
-		for (i = 4; i < cnt; i++) {
-			snprintf(buf, buflen, " %d", data[i]);
-			BUMP(buf, buflen);
-		}
-		break;
-	}
-}
-
-int passwdok(name, passwd)
-char *name, *passwd;
-{
-  char *crypt();
-  char *salt, *p;
-  struct passwd *pwd;
-  int   passwdok_status = 0;
-
-  if (pwd = k_getpwnam(name))
-    salt = pwd->pw_passwd;
-  else salt = "xx";
-
-  p = crypt(passwd, salt);
-
-  if (pwd && !strcmp(p, pwd->pw_passwd)) {
-    passwdok_status = 1;
-  } else passwdok_status = 0;
-  return(passwdok_status);
-}
-
-#endif
-
-#ifdef notdef
-
-prkey(msg, key)
-	char *msg;
-	unsigned char *key;
-{
-	int i;
-	printf("%s:", msg);
-	for (i = 0; i < 8; i++)
-		printf(" %3d", key[i]);
-	printf("\r\n");
-}
-#endif
diff --git a/crypto/heimdal/appl/telnet/libtelnet/misc-proto.h b/crypto/heimdal/appl/telnet/libtelnet/misc-proto.h
deleted file mode 100644
index 07a250948f60..000000000000
--- a/crypto/heimdal/appl/telnet/libtelnet/misc-proto.h
+++ /dev/null
@@ -1,79 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)misc-proto.h	8.1 (Berkeley) 6/4/93
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-/* $Id: misc-proto.h 9187 2000-11-15 23:00:21Z assar $ */
-
-#ifndef	__MISC_PROTO__
-#define	__MISC_PROTO__
-
-void auth_encrypt_init (const char *, const char *, const char *, int);
-void auth_encrypt_user(const char *name);
-void auth_encrypt_connect (int);
-void printd (const unsigned char *, int);
-
-char** genget (char *name, char **table, int stlen);
-int isprefix(char *s1, char *s2);
-int Ambiguous(void *s);
-
-/*
- * These functions are imported from the application
- */
-int telnet_net_write (unsigned char *, int);
-void net_encrypt (void);
-int telnet_spin (void);
-char *telnet_getenv (const char *);
-char *telnet_gets (char *, char *, int, int);
-void printsub(int direction, unsigned char *pointer, int length);
-#endif
diff --git a/crypto/heimdal/appl/telnet/libtelnet/misc.c b/crypto/heimdal/appl/telnet/libtelnet/misc.c
deleted file mode 100644
index f74e30482db1..000000000000
--- a/crypto/heimdal/appl/telnet/libtelnet/misc.c
+++ /dev/null
@@ -1,95 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <config.h>
-
-RCSID("$Id: misc.c 7822 2000-01-25 23:24:58Z assar $");
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <roken.h>
-#ifdef SOCKS
-#include <socks.h>
-#endif
-#include "misc.h"
-#include "auth.h"
-#include "encrypt.h"
-
-
-const char *RemoteHostName;
-const char *LocalHostName;
-char *UserNameRequested = 0;
-int ConnectedCount = 0;
-
-void
-auth_encrypt_init(const char *local, const char *remote, const char *name,
-		  int server)
-{
-    RemoteHostName = remote;
-    LocalHostName = local;
-#ifdef AUTHENTICATION
-    auth_init(name, server);
-#endif
-#ifdef ENCRYPTION
-    encrypt_init(name, server);
-#endif
-    if (UserNameRequested) {
-	free(UserNameRequested);
-	UserNameRequested = 0;
-    }
-}
-
-void
-auth_encrypt_user(const char *name)
-{
-    if (UserNameRequested)
-	free(UserNameRequested);
-    UserNameRequested = name ? strdup(name) : 0;
-}
-
-void
-auth_encrypt_connect(int cnt)
-{
-}
-
-void
-printd(const unsigned char *data, int cnt)
-{
-    if (cnt > 16)
-	cnt = 16;
-    while (cnt-- > 0) {
-	printf(" %02x", *data);
-	++data;
-    }
-}
diff --git a/crypto/heimdal/appl/telnet/libtelnet/misc.h b/crypto/heimdal/appl/telnet/libtelnet/misc.h
deleted file mode 100644
index e31556530aa5..000000000000
--- a/crypto/heimdal/appl/telnet/libtelnet/misc.h
+++ /dev/null
@@ -1,42 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)misc.h	8.1 (Berkeley) 6/4/93
- */
-
-extern char *UserNameRequested;
-extern const char *LocalHostName;
-extern const char *RemoteHostName;
-extern int ConnectedCount;
-extern int ReservedPort;
-
-#include "misc-proto.h"
diff --git a/crypto/heimdal/appl/telnet/libtelnet/rsaencpwd.c b/crypto/heimdal/appl/telnet/libtelnet/rsaencpwd.c
deleted file mode 100644
index cff096c0229e..000000000000
--- a/crypto/heimdal/appl/telnet/libtelnet/rsaencpwd.c
+++ /dev/null
@@ -1,487 +0,0 @@
-/*-
- * Copyright (c) 1992, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <config.h>
-
-RCSID("$Id: rsaencpwd.c 22071 2007-11-14 20:04:50Z lha $");
-
-#ifdef	RSA_ENCPWD
-/*
- * COPYRIGHT (C) 1990 DIGITAL EQUIPMENT CORPORATION
- * ALL RIGHTS RESERVED
- *
- * "Digital Equipment Corporation authorizes the reproduction,
- * distribution and modification of this software subject to the following
- * restrictions:
- *
- * 1.  Any partial or whole copy of this software, or any modification
- * thereof, must include this copyright notice in its entirety.
- *
- * 2.  This software is supplied "as is" with no warranty of any kind,
- * expressed or implied, for any purpose, including any warranty of fitness
- * or merchantibility.  DIGITAL assumes no responsibility for the use or
- * reliability of this software, nor promises to provide any form of
- * support for it on any basis.
- *
- * 3.  Distribution of this software is authorized only if no profit or
- * remuneration of any kind is received in exchange for such distribution.
- *
- * 4.  This software produces public key authentication certificates
- * bearing an expiration date established by DIGITAL and RSA Data
- * Security, Inc.  It may cease to generate certificates after the expiration
- * date.  Any modification of this software that changes or defeats
- * the expiration date or its effect is unauthorized.
- *
- * 5.  Software that will renew or extend the expiration date of
- * authentication certificates produced by this software may be obtained
- * from RSA Data Security, Inc., 10 Twin Dolphin Drive, Redwood City, CA
- * 94065, (415)595-8782, or from DIGITAL"
- *
- */
-
-#include <sys/types.h>
-#ifdef HAVE_ARPA_TELNET_H
-#include <arpa/telnet.h>
-#endif
-#include <pwd.h>
-#include <stdio.h>
-
-#include <stdlib.h>
-#include <string.h>
-#ifdef SOCKS
-#include <socks.h>
-#endif
-
-#include "encrypt.h"
-#include "auth.h"
-#include "misc.h"
-#include "cdc.h"
-
-extern auth_debug_mode;
-
-static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
-			  		AUTHTYPE_RSA_ENCPWD, };
-static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
-					TELQUAL_NAME, };
-
-#define	RSA_ENCPWD_AUTH	0	/* Authentication data follows */
-#define	RSA_ENCPWD_REJECT	1	/* Rejected (reason might follow) */
-#define RSA_ENCPWD_ACCEPT	2	/* Accepted */
-#define	RSA_ENCPWD_CHALLENGEKEY	3	/* Challenge and public key */
-
-#define NAME_SZ   40
-#define CHAL_SZ   20
-#define PWD_SZ    40
-
-static	KTEXT_ST auth;
-static	char name[NAME_SZ];
-static	char user_passwd[PWD_SZ];
-static  char key_file[2*NAME_SZ];
-static  char lhostname[NAME_SZ];
-static char  challenge[CHAL_SZ];
-static int   challenge_len;
-
-	static int
-Data(ap, type, d, c)
-	Authenticator *ap;
-	int type;
-	void *d;
-	int c;
-{
-	unsigned char *p = str_data + 4;
-	unsigned char *cd = (unsigned char *)d;
-
-	if (c == -1)
-		c = strlen((char *)cd);
-
-	if (0) {
-		printf("%s:%d: [%d] (%d)",
-			str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
-			str_data[3],
-			type, c);
-		printd(d, c);
-		printf("\r\n");
-	}
-	*p++ = ap->type;
-	*p++ = ap->way;
-	if (type != NULL) *p++ = type;
-	while (c-- > 0) {
-		if ((*p++ = *cd++) == IAC)
-			*p++ = IAC;
-	}
-	*p++ = IAC;
-	*p++ = SE;
-	if (str_data[3] == TELQUAL_IS)
-		printsub('>', &str_data[2], p - (&str_data[2]));
-	return(telnet_net_write(str_data, p - str_data));
-}
-
-	int
-rsaencpwd_init(ap, server)
-	Authenticator *ap;
-	int server;
-{
-	char  *cp;
-	FILE  *fp;
-
-	if (server) {
-		str_data[3] = TELQUAL_REPLY;
-		memset(key_file, 0, sizeof(key_file));
-		gethostname(lhostname, sizeof(lhostname));
-		if ((cp = strchr(lhostname, '.')) != 0)  *cp = '\0';
-		snprintf(key_file, sizeof(key_file),
-			 SYSCONFDIR "/.%s_privkey", lhostname);
-		if ((fp=fopen(key_file, "r"))==NULL) return(0);
-		fclose(fp);
-	} else {
-		str_data[3] = TELQUAL_IS;
-	}
-	return(1);
-}
-
-	int
-rsaencpwd_send(ap)
-	Authenticator *ap;
-{
-
-	printf("[ Trying RSAENCPWD ... ]\r\n");
-	if (!UserNameRequested) {
-		return(0);
-	}
-	if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
-		return(0);
-	}
-	if (!Data(ap, NULL, NULL, 0)) {
-		return(0);
-	}
-
-
-	return(1);
-}
-
-	void
-rsaencpwd_is(ap, data, cnt)
-	Authenticator *ap;
-	unsigned char *data;
-	int cnt;
-{
-	Session_Key skey;
-	des_cblock datablock;
-	char  r_passwd[PWD_SZ], r_user[NAME_SZ];
-	char  *cp, key[160];
-	char  chalkey[160], *ptr;
-	FILE  *fp;
-	int r, i, j, chalkey_len, len;
-	time_t now;
-
-	cnt--;
-	switch (*data++) {
-	case RSA_ENCPWD_AUTH:
-		memmove(auth.dat, data, auth.length = cnt);
-
-		if ((fp=fopen(key_file, "r"))==NULL) {
-		  Data(ap, RSA_ENCPWD_REJECT, "Auth failed", -1);
-		  auth_finished(ap, AUTH_REJECT);
-		  return;
-		}
-		/*
-		 *  get privkey
-		 */
-		fscanf(fp, "%x;", &len);
-		for (i=0;i<len;i++) {
-		  j = getc(fp);  key[i]=j;
-		}
-		fclose(fp);
-
-		r = accept_rsa_encpwd(&auth, key, challenge,
-				      challenge_len, r_passwd);
-		if (r < 0) {
-		  Data(ap, RSA_ENCPWD_REJECT, "Auth failed", -1);
-		  auth_finished(ap, AUTH_REJECT);
-		  return;
-		}
-		auth_encrypt_userpwd(r_passwd);
-		if (rsaencpwd_passwdok(UserNameRequested, UserPassword) == 0) {
-		  /*
-		   *  illegal username and password
-		   */
-		  Data(ap, RSA_ENCPWD_REJECT, "Illegal password", -1);
-		  auth_finished(ap, AUTH_REJECT);
-		  return;
-		}
-
-		Data(ap, RSA_ENCPWD_ACCEPT, 0, 0);
-		auth_finished(ap, AUTH_USER);
-		break;
-
-
-	case IAC:
-
-		/*
-		 * If we are doing mutual authentication, get set up to send
-		 * the challenge, and verify it when the response comes back.
-		 */
-		if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_ONE_WAY) {
-		  int i;
-
-
-		  time(&now);
-		  if ((now % 2) == 0) {
-		    snprintf(challenge, sizeof(challenge), "%x", now);
-		    challenge_len = strlen(challenge);
-		  } else {
-		    strlcpy(challenge, "randchal", sizeof(challenge));
-		    challenge_len = 8;
-		  }
-
-		  if ((fp=fopen(key_file, "r"))==NULL) {
-		    Data(ap, RSA_ENCPWD_REJECT, "Auth failed", -1);
-		    auth_finished(ap, AUTH_REJECT);
-		    return;
-		  }
-		  /*
-		   *  skip privkey
-		   */
-		  fscanf(fp, "%x;", &len);
-		  for (i=0;i<len;i++) {
-		    j = getc(fp);
-		  }
-		  /*
-		   * get pubkey
-		   */
-		  fscanf(fp, "%x;", &len);
-		  for (i=0;i<len;i++) {
-		    j = getc(fp);  key[i]=j;
-		  }
-		  fclose(fp);
-		  chalkey[0] = 0x30;
-		  ptr = (char *) &chalkey[1];
-		  chalkey_len = 1+NumEncodeLengthOctets(i)+i+1+NumEncodeLengthOctets(challenge_len)+challenge_len;
-		  EncodeLength(ptr, chalkey_len);
-		  ptr +=NumEncodeLengthOctets(chalkey_len);
-		  *ptr++ = 0x04;  /* OCTET STRING */
-		  *ptr++ = challenge_len;
-		  memmove(ptr, challenge, challenge_len);
-		  ptr += challenge_len;
-		  *ptr++ = 0x04;  /* OCTET STRING */
-		  EncodeLength(ptr, i);
-		  ptr += NumEncodeLengthOctets(i);
-		  memmove(ptr, key, i);
-		  chalkey_len = 1+NumEncodeLengthOctets(chalkey_len)+chalkey_len;
-		  Data(ap, RSA_ENCPWD_CHALLENGEKEY, chalkey, chalkey_len);
-		}
-		break;
-
-	default:
-		Data(ap, RSA_ENCPWD_REJECT, 0, 0);
-		break;
-	}
-}
-
-
-	void
-rsaencpwd_reply(ap, data, cnt)
-	Authenticator *ap;
-	unsigned char *data;
-	int cnt;
-{
-	Session_Key skey;
-	KTEXT_ST token;
-	des_cblock enckey;
-	int r, pubkey_len;
-	char	randchal[CHAL_SZ], *cp;
-	char	chalkey[160], pubkey[128], *ptr;
-
-	if (cnt-- < 1)
-		return;
-	switch (*data++) {
-	case RSA_ENCPWD_REJECT:
-		if (cnt > 0) {
-			printf("[ RSA_ENCPWD refuses authentication because %.*s ]\r\n",
-				cnt, data);
-		} else
-			printf("[ RSA_ENCPWD refuses authentication ]\r\n");
-		auth_send_retry();
-		return;
-	case RSA_ENCPWD_ACCEPT:
-		printf("[ RSA_ENCPWD accepts you ]\r\n");
-		auth_finished(ap, AUTH_USER);
-		return;
-	case RSA_ENCPWD_CHALLENGEKEY:
-		/*
-		 * Verify that the response to the challenge is correct.
-		 */
-
-		memmove(chalkey, data, cnt);
-		ptr = (char *) &chalkey[0];
-		ptr += DecodeHeaderLength(chalkey);
-		if (*ptr != 0x04) {
-		  return;
-		}
-		*ptr++;
-		challenge_len = DecodeValueLength(ptr);
-		ptr += NumEncodeLengthOctets(challenge_len);
-		memmove(challenge, ptr, challenge_len);
-		ptr += challenge_len;
-		if (*ptr != 0x04) {
-		  return;
-		}
-		*ptr++;
-		pubkey_len = DecodeValueLength(ptr);
-		ptr += NumEncodeLengthOctets(pubkey_len);
-		memmove(pubkey, ptr, pubkey_len);
-		memset(user_passwd, 0, sizeof(user_passwd));
-		des_read_pw_string(user_passwd, sizeof(user_passwd)-1, "Password: ", 0);
-		UserPassword = user_passwd;
-		Challenge = challenge;
-		r = init_rsa_encpwd(&token, user_passwd, challenge, challenge_len, pubkey);
-		if (r < 0) {
-		  token.length = 1;
-		}
-
-		if (!Data(ap, RSA_ENCPWD_AUTH, token.dat, token.length)) {
-		  return;
-		}
-
-		break;
-
-	default:
-		return;
-	}
-}
-
-	int
-rsaencpwd_status(ap, name, name_sz, level)
-	Authenticator *ap;
-	char *name;
-	size_t name_sz;
-	int level;
-{
-
-	if (level < AUTH_USER)
-		return(level);
-
-	if (UserNameRequested && rsaencpwd_passwdok(UserNameRequested, UserPassword)) {
-		strlcpy(name, UserNameRequested, name_sz);
-		return(AUTH_VALID);
-	} else {
-		return(AUTH_USER);
-	}
-}
-
-#define	BUMP(buf, len)		while (*(buf)) {++(buf), --(len);}
-#define	ADDC(buf, len, c)	if ((len) > 0) {*(buf)++ = (c); --(len);}
-
-	void
-rsaencpwd_printsub(data, cnt, buf, buflen)
-	unsigned char *data, *buf;
-	int cnt, buflen;
-{
-	int i;
-
-	buf[buflen-1] = '\0';		/* make sure it's NULL terminated */
-	buflen -= 1;
-
-	switch(data[3]) {
-	case RSA_ENCPWD_REJECT:	/* Rejected (reason might follow) */
-		strlcpy((char *)buf, " REJECT ", buflen);
-		goto common;
-
-	case RSA_ENCPWD_ACCEPT:	/* Accepted (name might follow) */
-		strlcpy((char *)buf, " ACCEPT ", buflen);
-	common:
-		BUMP(buf, buflen);
-		if (cnt <= 4)
-			break;
-		ADDC(buf, buflen, '"');
-		for (i = 4; i < cnt; i++)
-			ADDC(buf, buflen, data[i]);
-		ADDC(buf, buflen, '"');
-		ADDC(buf, buflen, '\0');
-		break;
-
-	case RSA_ENCPWD_AUTH:		/* Authentication data follows */
-		strlcpy((char *)buf, " AUTH", buflen);
-		goto common2;
-
-	case RSA_ENCPWD_CHALLENGEKEY:
-		strlcpy((char *)buf, " CHALLENGEKEY", buflen);
-		goto common2;
-
-	default:
-		snprintf(buf, buflen, " %d (unknown)", data[3]);
-	common2:
-		BUMP(buf, buflen);
-		for (i = 4; i < cnt; i++) {
-			snprintf(buf, buflen, " %d", data[i]);
-			BUMP(buf, buflen);
-		}
-		break;
-	}
-}
-
-int rsaencpwd_passwdok(name, passwd)
-char *name, *passwd;
-{
-  char *crypt();
-  char *salt, *p;
-  struct passwd *pwd;
-  int   passwdok_status = 0;
-
-  if (pwd = k_getpwnam(name))
-    salt = pwd->pw_passwd;
-  else salt = "xx";
-
-  p = crypt(passwd, salt);
-
-  if (pwd && !strcmp(p, pwd->pw_passwd)) {
-    passwdok_status = 1;
-  } else passwdok_status = 0;
-  return(passwdok_status);
-}
-
-#endif
-
-#ifdef notdef
-
-prkey(msg, key)
-	char *msg;
-	unsigned char *key;
-{
-	int i;
-	printf("%s:", msg);
-	for (i = 0; i < 8; i++)
-		printf(" %3d", key[i]);
-	printf("\r\n");
-}
-#endif
diff --git a/crypto/heimdal/appl/telnet/libtelnet/spx.c b/crypto/heimdal/appl/telnet/libtelnet/spx.c
deleted file mode 100644
index 82fafdb0b7d9..000000000000
--- a/crypto/heimdal/appl/telnet/libtelnet/spx.c
+++ /dev/null
@@ -1,586 +0,0 @@
-/*-
- * Copyright (c) 1992, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <config.h>
-
-RCSID("$Id: spx.c 22071 2007-11-14 20:04:50Z lha $");
-
-#ifdef	SPX
-/*
- * COPYRIGHT (C) 1990 DIGITAL EQUIPMENT CORPORATION
- * ALL RIGHTS RESERVED
- *
- * "Digital Equipment Corporation authorizes the reproduction,
- * distribution and modification of this software subject to the following
- * restrictions:
- *
- * 1.  Any partial or whole copy of this software, or any modification
- * thereof, must include this copyright notice in its entirety.
- *
- * 2.  This software is supplied "as is" with no warranty of any kind,
- * expressed or implied, for any purpose, including any warranty of fitness
- * or merchantibility.  DIGITAL assumes no responsibility for the use or
- * reliability of this software, nor promises to provide any form of
- * support for it on any basis.
- *
- * 3.  Distribution of this software is authorized only if no profit or
- * remuneration of any kind is received in exchange for such distribution.
- *
- * 4.  This software produces public key authentication certificates
- * bearing an expiration date established by DIGITAL and RSA Data
- * Security, Inc.  It may cease to generate certificates after the expiration
- * date.  Any modification of this software that changes or defeats
- * the expiration date or its effect is unauthorized.
- *
- * 5.  Software that will renew or extend the expiration date of
- * authentication certificates produced by this software may be obtained
- * from RSA Data Security, Inc., 10 Twin Dolphin Drive, Redwood City, CA
- * 94065, (415)595-8782, or from DIGITAL"
- *
- */
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_ARPA_TELNET_H
-#include <arpa/telnet.h>
-#endif
-#include <stdio.h>
-#include "gssapi_defs.h"
-#include <stdlib.h>
-#include <string.h>
-
-#include <pwd.h>
-#ifdef SOCKS
-#include <socks.h>
-#endif
-
-#include "encrypt.h"
-#include "auth.h"
-#include "misc.h"
-
-extern auth_debug_mode;
-
-static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
-			  		AUTHTYPE_SPX, };
-static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
-					TELQUAL_NAME, };
-
-#define	SPX_AUTH	0		/* Authentication data follows */
-#define	SPX_REJECT	1		/* Rejected (reason might follow) */
-#define SPX_ACCEPT	2		/* Accepted */
-
-static des_key_schedule sched;
-static des_cblock	challenge	= { 0 };
-
-
-/*******************************************************************/
-
-gss_OID_set		actual_mechs;
-gss_OID			actual_mech_type, output_name_type;
-int			major_status, status, msg_ctx = 0, new_status;
-int			req_flags = 0, ret_flags, lifetime_rec;
-gss_cred_id_t		gss_cred_handle;
-gss_ctx_id_t		actual_ctxhandle, context_handle;
-gss_buffer_desc		output_token, input_token, input_name_buffer;
-gss_buffer_desc		status_string;
-gss_name_t		desired_targname, src_name;
-gss_channel_bindings	input_chan_bindings;
-char			lhostname[GSS_C_MAX_PRINTABLE_NAME];
-char			targ_printable[GSS_C_MAX_PRINTABLE_NAME];
-int			to_addr=0, from_addr=0;
-char			*address;
-gss_buffer_desc		fullname_buffer;
-gss_OID			fullname_type;
-gss_cred_id_t		gss_delegated_cred_handle;
-
-/*******************************************************************/
-
-
-
-	static int
-Data(ap, type, d, c)
-	Authenticator *ap;
-	int type;
-	void *d;
-	int c;
-{
-	unsigned char *p = str_data + 4;
-	unsigned char *cd = (unsigned char *)d;
-
-	if (c == -1)
-		c = strlen((char *)cd);
-
-	if (0) {
-		printf("%s:%d: [%d] (%d)",
-			str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
-			str_data[3],
-			type, c);
-		printd(d, c);
-		printf("\r\n");
-	}
-	*p++ = ap->type;
-	*p++ = ap->way;
-	*p++ = type;
-	while (c-- > 0) {
-		if ((*p++ = *cd++) == IAC)
-			*p++ = IAC;
-	}
-	*p++ = IAC;
-	*p++ = SE;
-	if (str_data[3] == TELQUAL_IS)
-		printsub('>', &str_data[2], p - (&str_data[2]));
-	return(telnet_net_write(str_data, p - str_data));
-}
-
-	int
-spx_init(ap, server)
-	Authenticator *ap;
-	int server;
-{
-	gss_cred_id_t	tmp_cred_handle;
-
-	if (server) {
-		str_data[3] = TELQUAL_REPLY;
-		gethostname(lhostname, sizeof(lhostname));
-		snprintf (targ_printable, sizeof(targ_printable),
-			  "SERVICE:rcmd@%s", lhostname);
-		input_name_buffer.length = strlen(targ_printable);
-		input_name_buffer.value = targ_printable;
-		major_status = gss_import_name(&status,
-					&input_name_buffer,
-					GSS_C_NULL_OID,
-					&desired_targname);
-		major_status = gss_acquire_cred(&status,
-					desired_targname,
-					0,
-					GSS_C_NULL_OID_SET,
-					GSS_C_ACCEPT,
-					&tmp_cred_handle,
-					&actual_mechs,
-					&lifetime_rec);
-		if (major_status != GSS_S_COMPLETE) return(0);
-	} else {
-		str_data[3] = TELQUAL_IS;
-	}
-	return(1);
-}
-
-	int
-spx_send(ap)
-	Authenticator *ap;
-{
-	des_cblock enckey;
-	int r;
-
-	gss_OID	actual_mech_type, output_name_type;
-	int	msg_ctx = 0, new_status, status;
-	int	req_flags = 0, ret_flags, lifetime_rec, major_status;
-	gss_buffer_desc  output_token, input_token, input_name_buffer;
-	gss_buffer_desc  output_name_buffer, status_string;
-	gss_name_t    desired_targname;
-	gss_channel_bindings  input_chan_bindings;
-	char targ_printable[GSS_C_MAX_PRINTABLE_NAME];
-	int  from_addr=0, to_addr=0, myhostlen, j;
-	int  deleg_flag=1, mutual_flag=0, replay_flag=0, seq_flag=0;
-	char *address;
-
-	printf("[ Trying SPX ... ]\r\n");
-	snprintf (targ_printable, sizeof(targ_printable),
-		  "SERVICE:rcmd@%s", RemoteHostName);
-
-	input_name_buffer.length = strlen(targ_printable);
-	input_name_buffer.value = targ_printable;
-
-	if (!UserNameRequested) {
-		return(0);
-	}
-
-	major_status = gss_import_name(&status,
-					&input_name_buffer,
-					GSS_C_NULL_OID,
-					&desired_targname);
-
-
-	major_status = gss_display_name(&status,
-					desired_targname,
-					&output_name_buffer,
-					&output_name_type);
-
-	printf("target is '%s'\n", output_name_buffer.value); fflush(stdout);
-
-	major_status = gss_release_buffer(&status, &output_name_buffer);
-
-	input_chan_bindings = (gss_channel_bindings)
-	  malloc(sizeof(gss_channel_bindings_desc));
-
-	input_chan_bindings->initiator_addrtype = GSS_C_AF_INET;
-	input_chan_bindings->initiator_address.length = 4;
-	address = (char *) malloc(4);
-	input_chan_bindings->initiator_address.value = (char *) address;
-	address[0] = ((from_addr & 0xff000000) >> 24);
-	address[1] = ((from_addr & 0xff0000) >> 16);
-	address[2] = ((from_addr & 0xff00) >> 8);
-	address[3] = (from_addr & 0xff);
-	input_chan_bindings->acceptor_addrtype = GSS_C_AF_INET;
-	input_chan_bindings->acceptor_address.length = 4;
-	address = (char *) malloc(4);
-	input_chan_bindings->acceptor_address.value = (char *) address;
-	address[0] = ((to_addr & 0xff000000) >> 24);
-	address[1] = ((to_addr & 0xff0000) >> 16);
-	address[2] = ((to_addr & 0xff00) >> 8);
-	address[3] = (to_addr & 0xff);
-	input_chan_bindings->application_data.length = 0;
-
-	req_flags = 0;
-	if (deleg_flag)  req_flags = req_flags | 1;
-	if (mutual_flag) req_flags = req_flags | 2;
-	if (replay_flag) req_flags = req_flags | 4;
-	if (seq_flag)    req_flags = req_flags | 8;
-
-	major_status = gss_init_sec_context(&status,         /* minor status */
-					GSS_C_NO_CREDENTIAL, /* cred handle */
-					&actual_ctxhandle,   /* ctx handle */
-					desired_targname,    /* target name */
-					GSS_C_NULL_OID,      /* mech type */
-					req_flags,           /* req flags */
-					0,                   /* time req */
-					input_chan_bindings, /* chan binding */
-					GSS_C_NO_BUFFER,     /* input token */
-					&actual_mech_type,   /* actual mech */
-					&output_token,       /* output token */
-					&ret_flags,          /* ret flags */
-					&lifetime_rec);      /* time rec */
-
-	if ((major_status != GSS_S_COMPLETE) &&
-	    (major_status != GSS_S_CONTINUE_NEEDED)) {
-	  gss_display_status(&new_status,
-				status,
-				GSS_C_MECH_CODE,
-				GSS_C_NULL_OID,
-				&msg_ctx,
-				&status_string);
-	  printf("%s\n", status_string.value);
-	  return(0);
-	}
-
-	if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
-		return(0);
-	}
-
-	if (!Data(ap, SPX_AUTH, output_token.value, output_token.length)) {
-		return(0);
-	}
-
-	return(1);
-}
-
-	void
-spx_is(ap, data, cnt)
-	Authenticator *ap;
-	unsigned char *data;
-	int cnt;
-{
-	Session_Key skey;
-	des_cblock datablock;
-	int r;
-
-	if (cnt-- < 1)
-		return;
-	switch (*data++) {
-	case SPX_AUTH:
-		input_token.length = cnt;
-		input_token.value = (char *) data;
-
-		gethostname(lhostname, sizeof(lhostname));
-
-		snprintf(targ_printable, sizeof(targ_printable),
-			 "SERVICE:rcmd@%s", lhostname);
-
-		input_name_buffer.length = strlen(targ_printable);
-		input_name_buffer.value = targ_printable;
-
-		major_status = gss_import_name(&status,
-					&input_name_buffer,
-					GSS_C_NULL_OID,
-					&desired_targname);
-
-		major_status = gss_acquire_cred(&status,
-					desired_targname,
-					0,
-					GSS_C_NULL_OID_SET,
-					GSS_C_ACCEPT,
-					&gss_cred_handle,
-					&actual_mechs,
-					&lifetime_rec);
-
-		major_status = gss_release_name(&status, desired_targname);
-
-		input_chan_bindings = (gss_channel_bindings)
-		  malloc(sizeof(gss_channel_bindings_desc));
-
-		input_chan_bindings->initiator_addrtype = GSS_C_AF_INET;
-		input_chan_bindings->initiator_address.length = 4;
-		address = (char *) malloc(4);
-		input_chan_bindings->initiator_address.value = (char *) address;
-		address[0] = ((from_addr & 0xff000000) >> 24);
-		address[1] = ((from_addr & 0xff0000) >> 16);
-		address[2] = ((from_addr & 0xff00) >> 8);
-		address[3] = (from_addr & 0xff);
-		input_chan_bindings->acceptor_addrtype = GSS_C_AF_INET;
-		input_chan_bindings->acceptor_address.length = 4;
-		address = (char *) malloc(4);
-		input_chan_bindings->acceptor_address.value = (char *) address;
-		address[0] = ((to_addr & 0xff000000) >> 24);
-		address[1] = ((to_addr & 0xff0000) >> 16);
-		address[2] = ((to_addr & 0xff00) >> 8);
-		address[3] = (to_addr & 0xff);
-		input_chan_bindings->application_data.length = 0;
-
-		major_status = gss_accept_sec_context(&status,
-						&context_handle,
-						gss_cred_handle,
-						&input_token,
-						input_chan_bindings,
-						&src_name,
-						&actual_mech_type,
-						&output_token,
-						&ret_flags,
-						&lifetime_rec,
-						&gss_delegated_cred_handle);
-
-
-		if (major_status != GSS_S_COMPLETE) {
-
-		  major_status = gss_display_name(&status,
-					src_name,
-					&fullname_buffer,
-					&fullname_type);
-			Data(ap, SPX_REJECT, "auth failed", -1);
-			auth_finished(ap, AUTH_REJECT);
-			return;
-		}
-
-		major_status = gss_display_name(&status,
-					src_name,
-					&fullname_buffer,
-					&fullname_type);
-
-
-		Data(ap, SPX_ACCEPT, output_token.value, output_token.length);
-		auth_finished(ap, AUTH_USER);
-		break;
-
-	default:
-		Data(ap, SPX_REJECT, 0, 0);
-		break;
-	}
-}
-
-
-	void
-spx_reply(ap, data, cnt)
-	Authenticator *ap;
-	unsigned char *data;
-	int cnt;
-{
-	Session_Key skey;
-
-	if (cnt-- < 1)
-		return;
-	switch (*data++) {
-	case SPX_REJECT:
-		if (cnt > 0) {
-			printf("[ SPX refuses authentication because %.*s ]\r\n",
-				cnt, data);
-		} else
-			printf("[ SPX refuses authentication ]\r\n");
-		auth_send_retry();
-		return;
-	case SPX_ACCEPT:
-		printf("[ SPX accepts you ]\r\n");
-		if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
-			/*
-			 * Send over the encrypted challenge.
-		 	 */
-		  input_token.value = (char *) data;
-		  input_token.length = cnt;
-
-		  major_status = gss_init_sec_context(&status, /* minor stat */
-					GSS_C_NO_CREDENTIAL, /* cred handle */
-					&actual_ctxhandle,   /* ctx handle */
-					desired_targname,    /* target name */
-					GSS_C_NULL_OID,      /* mech type */
-					req_flags,           /* req flags */
-					0,                   /* time req */
-					input_chan_bindings, /* chan binding */
-					&input_token,        /* input token */
-					&actual_mech_type,   /* actual mech */
-					&output_token,       /* output token */
-					&ret_flags,          /* ret flags */
-					&lifetime_rec);      /* time rec */
-
-		  if (major_status != GSS_S_COMPLETE) {
-		    gss_display_status(&new_status,
-					status,
-					GSS_C_MECH_CODE,
-					GSS_C_NULL_OID,
-					&msg_ctx,
-					&status_string);
-		    printf("[ SPX mutual response fails ... '%s' ]\r\n",
-			 status_string.value);
-		    auth_send_retry();
-		    return;
-		  }
-		}
-		auth_finished(ap, AUTH_USER);
-		return;
-
-	default:
-		return;
-	}
-}
-
-	int
-spx_status(ap, name, name_sz, level)
-	Authenticator *ap;
-	char *name;
-	size_t name_sz;
-	int level;
-{
-
-	gss_buffer_desc  fullname_buffer, acl_file_buffer;
-	gss_OID          fullname_type;
-	char acl_file[160], fullname[160];
-	int major_status, status = 0;
-	struct passwd  *pwd;
-
-	/*
-	 * hard code fullname to
-	 *   "SPX:/C=US/O=Digital/OU=LKG/OU=Sphinx/OU=Users/CN=Kannan Alagappan"
-	 * and acl_file to "~kannan/.sphinx"
-	 */
-
-	pwd = k_getpwnam(UserNameRequested);
-	if (pwd == NULL) {
-	  return(AUTH_USER);   /*  not authenticated  */
-	}
-
-	snprintf (acl_file, sizeof(acl_file),
-		  "%s/.sphinx", pwd->pw_dir);
-
-	acl_file_buffer.value = acl_file;
-	acl_file_buffer.length = strlen(acl_file);
-
-	major_status = gss_display_name(&status,
-					src_name,
-					&fullname_buffer,
-					&fullname_type);
-
-	if (level < AUTH_USER)
-		return(level);
-
-	major_status = gss__check_acl(&status, &fullname_buffer,
-					&acl_file_buffer);
-
-	if (major_status == GSS_S_COMPLETE) {
-	  strlcpy(name, UserNameRequested, name_sz);
-	  return(AUTH_VALID);
-	} else {
-	   return(AUTH_USER);
-	}
-
-}
-
-#define	BUMP(buf, len)		while (*(buf)) {++(buf), --(len);}
-#define	ADDC(buf, len, c)	if ((len) > 0) {*(buf)++ = (c); --(len);}
-
-	void
-spx_printsub(data, cnt, buf, buflen)
-	unsigned char *data, *buf;
-	int cnt, buflen;
-{
-	int i;
-
-	buf[buflen-1] = '\0';		/* make sure it's NULL terminated */
-	buflen -= 1;
-
-	switch(data[3]) {
-	case SPX_REJECT:		/* Rejected (reason might follow) */
-		strlcpy((char *)buf, " REJECT ", buflen);
-		goto common;
-
-	case SPX_ACCEPT:		/* Accepted (name might follow) */
-		strlcpy((char *)buf, " ACCEPT ", buflen);
-	common:
-		BUMP(buf, buflen);
-		if (cnt <= 4)
-			break;
-		ADDC(buf, buflen, '"');
-		for (i = 4; i < cnt; i++)
-			ADDC(buf, buflen, data[i]);
-		ADDC(buf, buflen, '"');
-		ADDC(buf, buflen, '\0');
-		break;
-
-	case SPX_AUTH:			/* Authentication data follows */
-		strlcpy((char *)buf, " AUTH", buflen);
-		goto common2;
-
-	default:
-		snprintf(buf, buflen, " %d (unknown)", data[3]);
-	common2:
-		BUMP(buf, buflen);
-		for (i = 4; i < cnt; i++) {
-			snprintf(buf, buflen, " %d", data[i]);
-			BUMP(buf, buflen);
-		}
-		break;
-	}
-}
-
-#endif
-
-#ifdef notdef
-
-prkey(msg, key)
-	char *msg;
-	unsigned char *key;
-{
-	int i;
-	printf("%s:", msg);
-	for (i = 0; i < 8; i++)
-		printf(" %3d", key[i]);
-	printf("\r\n");
-}
-#endif
diff --git a/crypto/heimdal/appl/telnet/telnet.state b/crypto/heimdal/appl/telnet/telnet.state
deleted file mode 100644
index 1927a2b4bb5b..000000000000
--- a/crypto/heimdal/appl/telnet/telnet.state
+++ /dev/null
@@ -1,80 +0,0 @@
-
-   Three pieces of state need to be kept for each side of each option.
-   (You need the localside, sending WILL/WONT & receiving DO/DONT, and
-   the remoteside, sending DO/DONT and receiving WILL/WONT)
-
-	MY_STATE:	What state am I in?
-	WANT_STATE:	What state do I want?
-	WANT_RESP:	How many requests have I initiated?
-
-   Default values:
-	MY_STATE = WANT_STATE = DONT
-	WANT_RESP = 0
-
-   The local setup will change based on the state of the Telnet
-   variables.  When we are the originator, we can either make the
-   local setup changes at option request time (in which case if
-   the option is denied we need to change things back) or when
-   the option is acknowledged.
-
-   To initiate a switch to NEW_STATE:
-
-	if ((WANT_RESP == 0 && NEW_STATE == MY_STATE) ||
-			WANT_STATE == NEW_STATE) {
-	    do nothing;
-	} else {
-	    /*
-	     * This is where the logic goes to change the local setup
-	     * if we are doing so at request initiation
-	     */
-	    WANT_STATE = NEW_STATE;
-	    send NEW_STATE;
-	    WANT_RESP += 1;
-	}
-
-   When receiving NEW_STATE:
-
-	if (WANT_RESP) {
-	    --WANT_RESP;
-	    if (WANT_RESP && (NEW_STATE == MY_STATE))
-		--WANT_RESP;
-	}
-	if (WANT_RESP == 0) {
-	    if (NEW_STATE != WANT_STATE) {
-		/*
-		 * This is where the logic goes to decide if it is ok
-		 * to switch to NEW_STATE, and if so, do any necessary
-		 * local setup changes.
-		 */
-		if (ok_to_switch_to NEW_STATE)
-		    WANT_STATE = NEW_STATE;
-		else
-		    WANT_RESP++;
-*		if (MY_STATE != WANT_STATE)
-		    reply with WANT_STATE;
-	    } else {
-		/*
-		 * This is where the logic goes to change the local setup
-		 * if we are doing so at request acknowledgment
-		 */
-	    }
-	}
-	MY_STATE = NEW_STATE;
-
-* This if() line is not needed, it should be ok to always do the
-  "reply with WANT_STATE".  With the if() line, asking to turn on
-  an option that the other side doesn't understand is:
-		Send DO option
-		Recv WONT option
-  Without the if() line, it is:
-		Send DO option
-		Recv WONT option
-		Send DONT option
-  If the other side does not expect to receive the latter case,
-  but generates the latter case, then there is a potential for
-  option negotiation loops.  An implementation that does not expect
-  to get the second case should not generate it, an implementation
-  that does expect to get it may or may not generate it, and things
-  will still work.  Being conservative in what we send, we have the
-  if() statement in, but we expect the other side to generate the
-  last response.
diff --git a/crypto/heimdal/appl/telnet/telnet/Makefile.am b/crypto/heimdal/appl/telnet/telnet/Makefile.am
deleted file mode 100644
index a472ba919dd1..000000000000
--- a/crypto/heimdal/appl/telnet/telnet/Makefile.am
+++ /dev/null
@@ -1,25 +0,0 @@
-# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-AM_CPPFLAGS += -I$(srcdir)/.. $(INCLUDE_krb4) $(INCLUDE_hcrypto)
-
-bin_PROGRAMS = telnet
-
-CHECK_LOCAL = 
-
-telnet_SOURCES  = authenc.c commands.c main.c network.c ring.c \
-		  sys_bsd.c telnet.c terminal.c \
-		  utilities.c defines.h externs.h ring.h telnet_locl.h types.h
-
-man_MANS = telnet.1
-
-LDADD = ../libtelnet/libtelnet.a \
-	$(LIB_krb5) \
-	$(LIB_krb4) \
-	$(LIB_hcrypto) \
-	$(LIB_tgetent) \
-	$(LIB_kdfs) \
-	$(LIB_roken)
-
-EXTRA_DIST = $(man_MANS)
diff --git a/crypto/heimdal/appl/telnet/telnet/Makefile.in b/crypto/heimdal/appl/telnet/telnet/Makefile.in
deleted file mode 100644
index df9afb1f52da..000000000000
--- a/crypto/heimdal/appl/telnet/telnet/Makefile.in
+++ /dev/null
@@ -1,845 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common
-bin_PROGRAMS = telnet$(EXEEXT)
-subdir = appl/telnet/telnet
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)"
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-PROGRAMS = $(bin_PROGRAMS)
-am_telnet_OBJECTS = authenc.$(OBJEXT) commands.$(OBJEXT) \
-	main.$(OBJEXT) network.$(OBJEXT) ring.$(OBJEXT) \
-	sys_bsd.$(OBJEXT) telnet.$(OBJEXT) terminal.$(OBJEXT) \
-	utilities.$(OBJEXT)
-telnet_OBJECTS = $(am_telnet_OBJECTS)
-telnet_LDADD = $(LDADD)
-am__DEPENDENCIES_1 =
-telnet_DEPENDENCIES = ../libtelnet/libtelnet.a $(LIB_krb5) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(LIB_kdfs) $(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-SOURCES = $(telnet_SOURCES)
-DIST_SOURCES = $(telnet_SOURCES)
-man1dir = $(mandir)/man1
-MANS = $(man_MANS)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
-	-I$(srcdir)/.. $(INCLUDE_krb4) $(INCLUDE_hcrypto)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-CHECK_LOCAL = 
-telnet_SOURCES = authenc.c commands.c main.c network.c ring.c \
-		  sys_bsd.c telnet.c terminal.c \
-		  utilities.c defines.h externs.h ring.h telnet_locl.h types.h
-
-man_MANS = telnet.1
-LDADD = ../libtelnet/libtelnet.a \
-	$(LIB_krb5) \
-	$(LIB_krb4) \
-	$(LIB_hcrypto) \
-	$(LIB_tgetent) \
-	$(LIB_kdfs) \
-	$(LIB_roken)
-
-EXTRA_DIST = $(man_MANS)
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps appl/telnet/telnet/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps appl/telnet/telnet/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(bindir)/$$f"; \
-	done
-
-clean-binPROGRAMS:
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-telnet$(EXEEXT): $(telnet_OBJECTS) $(telnet_DEPENDENCIES) 
-	@rm -f telnet$(EXEEXT)
-	$(LINK) $(telnet_OBJECTS) $(telnet_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-man1: $(man1_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)"
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    1*) ;; \
-	    *) ext='1' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \
-	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \
-	done
-uninstall-man1:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    1*) ;; \
-	    *) ext='1' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \
-	  rm -f "$(DESTDIR)$(man1dir)/$$inst"; \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-installdirs:
-	for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am: install-binPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man: install-man1
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-binPROGRAMS uninstall-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-uninstall-man: uninstall-man1
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
-	clean clean-binPROGRAMS clean-generic clean-libtool ctags \
-	dist-hook distclean distclean-compile distclean-generic \
-	distclean-libtool distclean-tags distdir dvi dvi-am html \
-	html-am info info-am install install-am install-binPROGRAMS \
-	install-data install-data-am install-data-hook install-dvi \
-	install-dvi-am install-exec install-exec-am install-exec-hook \
-	install-html install-html-am install-info install-info-am \
-	install-man install-man1 install-pdf install-pdf-am install-ps \
-	install-ps-am install-strip installcheck installcheck-am \
-	installdirs maintainer-clean maintainer-clean-generic \
-	mostlyclean mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \
-	uninstall-am uninstall-binPROGRAMS uninstall-hook \
-	uninstall-man uninstall-man1
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/telnet/telnet/authenc.c b/crypto/heimdal/appl/telnet/telnet/authenc.c
deleted file mode 100644
index 35a3bf74abca..000000000000
--- a/crypto/heimdal/appl/telnet/telnet/authenc.c
+++ /dev/null
@@ -1,99 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "telnet_locl.h"
-
-RCSID("$Id: authenc.c 12921 2003-09-25 15:45:51Z lha $");
-
-#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
-int
-telnet_net_write(unsigned char *str, int len)
-{
-	if (NETROOM() > len) {
-		ring_supply_data(&netoring, str, len);
-		if (str[0] == IAC && str[1] == SE)
-			printsub('>', &str[2], len-2);
-		return(len);
-	}
-	return(0);
-}
-
-void
-net_encrypt(void)
-{
-#if	defined(ENCRYPTION)
-	if (encrypt_output)
-		ring_encrypt(&netoring, encrypt_output);
-	else
-		ring_clearto(&netoring);
-#endif
-}
-
-int
-telnet_spin(void)
-{
-    int ret = 0;
-
-    scheduler_lockout_tty = 1;
-    if (Scheduler(0) == -1)
-	ret = 1;
-    scheduler_lockout_tty = 0;
-    
-    return ret;
-
-}
-
-char *
-telnet_getenv(const char *val)
-{
-	return((char *)env_getvalue((unsigned char *)val));
-}
-
-char *
-telnet_gets(char *prompt, char *result, int length, int echo)
-{
-	int om = globalmode;
-	char *res;
-
-	TerminalNewMode(-1);
-	if (echo) {
-		printf("%s", prompt);
-		res = fgets(result, length, stdin);
-	} else if ((res = getpass(prompt))) {
-		strlcpy(result, res, length);
-		res = result;
-	}
-	TerminalNewMode(om);
-	return(res);
-}
-#endif
diff --git a/crypto/heimdal/appl/telnet/telnet/commands.c b/crypto/heimdal/appl/telnet/telnet/commands.c
deleted file mode 100644
index 98031e87abfd..000000000000
--- a/crypto/heimdal/appl/telnet/telnet/commands.c
+++ /dev/null
@@ -1,2696 +0,0 @@
-/*
- * Copyright (c) 1988, 1990, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "telnet_locl.h"
-
-RCSID("$Id: commands.c 16224 2005-10-22 17:17:44Z lha $");
-
-#if	defined(IPPROTO_IP) && defined(IP_TOS)
-int tos = -1;
-#endif	/* defined(IPPROTO_IP) && defined(IP_TOS) */
-
-char	*hostname;
-static char _hostname[MaxHostNameLen];
-
-typedef int (*intrtn_t)(int, char**);
-static int call(intrtn_t, ...);
-
-typedef struct {
-	char	*name;		/* command name */
-	char	*help;		/* help string (NULL for no help) */
-	int	(*handler)();	/* routine which executes command */
-	int	needconnect;	/* Do we need to be connected to execute? */
-} Command;
-
-static char line[256];
-static char saveline[256];
-static int margc;
-static char *margv[20];
-
-static void
-makeargv()
-{
-    char *cp, *cp2, c;
-    char **argp = margv;
-
-    margc = 0;
-    cp = line;
-    if (*cp == '!') {		/* Special case shell escape */
-	/* save for shell command */
-	strlcpy(saveline, line, sizeof(saveline));
-	*argp++ = "!";		/* No room in string to get this */
-	margc++;
-	cp++;
-    }
-    while ((c = *cp)) {
-	int inquote = 0;
-	while (isspace((unsigned char)c))
-	    c = *++cp;
-	if (c == '\0')
-	    break;
-	*argp++ = cp;
-	margc += 1;
-	for (cp2 = cp; c != '\0'; c = *++cp) {
-	    if (inquote) {
-		if (c == inquote) {
-		    inquote = 0;
-		    continue;
-		}
-	    } else {
-		if (c == '\\') {
-		    if ((c = *++cp) == '\0')
-			break;
-		} else if (c == '"') {
-		    inquote = '"';
-		    continue;
-		} else if (c == '\'') {
-		    inquote = '\'';
-		    continue;
-		} else if (isspace((unsigned char)c))
-		    break;
-	    }
-	    *cp2++ = c;
-	}
-	*cp2 = '\0';
-	if (c == '\0')
-	    break;
-	cp++;
-    }
-    *argp++ = 0;
-}
-
-/*
- * Make a character string into a number.
- *
- * Todo:  1.  Could take random integers (12, 0x12, 012, 0b1).
- */
-
-static char
-special(char *s)
-{
-	char c;
-	char b;
-
-	switch (*s) {
-	case '^':
-		b = *++s;
-		if (b == '?') {
-		    c = b | 0x40;		/* DEL */
-		} else {
-		    c = b & 0x1f;
-		}
-		break;
-	default:
-		c = *s;
-		break;
-	}
-	return c;
-}
-
-/*
- * Construct a control character sequence
- * for a special character.
- */
-static char *
-control(cc_t c)
-{
-	static char buf[5];
-	/*
-	 * The only way I could get the Sun 3.5 compiler
-	 * to shut up about
-	 *	if ((unsigned int)c >= 0x80)
-	 * was to assign "c" to an unsigned int variable...
-	 * Arggg....
-	 */
-	unsigned int uic = (unsigned int)c;
-
-	if (uic == 0x7f)
-		return ("^?");
-	if (c == (cc_t)_POSIX_VDISABLE) {
-		return "off";
-	}
-	if (uic >= 0x80) {
-		buf[0] = '\\';
-		buf[1] = ((c>>6)&07) + '0';
-		buf[2] = ((c>>3)&07) + '0';
-		buf[3] = (c&07) + '0';
-		buf[4] = 0;
-	} else if (uic >= 0x20) {
-		buf[0] = c;
-		buf[1] = 0;
-	} else {
-		buf[0] = '^';
-		buf[1] = '@'+c;
-		buf[2] = 0;
-	}
-	return (buf);
-}
-
-
-
-/*
- *	The following are data structures and routines for
- *	the "send" command.
- *
- */
-
-struct sendlist {
-    char	*name;		/* How user refers to it (case independent) */
-    char	*help;		/* Help information (0 ==> no help) */
-    int		needconnect;	/* Need to be connected */
-    int		narg;		/* Number of arguments */
-    int		(*handler)();	/* Routine to perform (for special ops) */
-    int		nbyte;		/* Number of bytes to send this command */
-    int		what;		/* Character to be sent (<0 ==> special) */
-};
-
-
-static int
-	send_esc (void),
-	send_help (void),
-	send_docmd (char *),
-	send_dontcmd (char *),
-	send_willcmd (char *),
-	send_wontcmd (char *);
-
-static struct sendlist Sendlist[] = {
-    { "ao",	"Send Telnet Abort output",		1, 0, 0, 2, AO },
-    { "ayt",	"Send Telnet 'Are You There'",		1, 0, 0, 2, AYT },
-    { "brk",	"Send Telnet Break",			1, 0, 0, 2, BREAK },
-    { "break",	0,					1, 0, 0, 2, BREAK },
-    { "ec",	"Send Telnet Erase Character",		1, 0, 0, 2, EC },
-    { "el",	"Send Telnet Erase Line",		1, 0, 0, 2, EL },
-    { "escape",	"Send current escape character",	1, 0, send_esc, 1, 0 },
-    { "ga",	"Send Telnet 'Go Ahead' sequence",	1, 0, 0, 2, GA },
-    { "ip",	"Send Telnet Interrupt Process",	1, 0, 0, 2, IP },
-    { "intp",	0,					1, 0, 0, 2, IP },
-    { "interrupt", 0,					1, 0, 0, 2, IP },
-    { "intr",	0,					1, 0, 0, 2, IP },
-    { "nop",	"Send Telnet 'No operation'",		1, 0, 0, 2, NOP },
-    { "eor",	"Send Telnet 'End of Record'",		1, 0, 0, 2, EOR },
-    { "abort",	"Send Telnet 'Abort Process'",		1, 0, 0, 2, ABORT },
-    { "susp",	"Send Telnet 'Suspend Process'",	1, 0, 0, 2, SUSP },
-    { "eof",	"Send Telnet End of File Character",	1, 0, 0, 2, xEOF },
-    { "synch",	"Perform Telnet 'Synch operation'",	1, 0, dosynch, 2, 0 },
-    { "getstatus", "Send request for STATUS",		1, 0, get_status, 6, 0 },
-    { "?",	"Display send options",			0, 0, send_help, 0, 0 },
-    { "help",	0,					0, 0, send_help, 0, 0 },
-    { "do",	0,					0, 1, send_docmd, 3, 0 },
-    { "dont",	0,					0, 1, send_dontcmd, 3, 0 },
-    { "will",	0,					0, 1, send_willcmd, 3, 0 },
-    { "wont",	0,					0, 1, send_wontcmd, 3, 0 },
-    { 0 }
-};
-
-#define	GETSEND(name) ((struct sendlist *) genget(name, (char **) Sendlist, \
-				sizeof(struct sendlist)))
-
-static int
-sendcmd(int argc, char **argv)
-{
-    int count;		/* how many bytes we are going to need to send */
-    int i;
-    struct sendlist *s;	/* pointer to current command */
-    int success = 0;
-    int needconnect = 0;
-
-    if (argc < 2) {
-	printf("need at least one argument for 'send' command\r\n");
-	printf("'send ?' for help\r\n");
-	return 0;
-    }
-    /*
-     * First, validate all the send arguments.
-     * In addition, we see how much space we are going to need, and
-     * whether or not we will be doing a "SYNCH" operation (which
-     * flushes the network queue).
-     */
-    count = 0;
-    for (i = 1; i < argc; i++) {
-	s = GETSEND(argv[i]);
-	if (s == 0) {
-	    printf("Unknown send argument '%s'\r\n'send ?' for help.\r\n",
-			argv[i]);
-	    return 0;
-	} else if (Ambiguous(s)) {
-	    printf("Ambiguous send argument '%s'\r\n'send ?' for help.\r\n",
-			argv[i]);
-	    return 0;
-	}
-	if (i + s->narg >= argc) {
-	    fprintf(stderr,
-	    "Need %d argument%s to 'send %s' command.  'send %s ?' for help.\r\n",
-		s->narg, s->narg == 1 ? "" : "s", s->name, s->name);
-	    return 0;
-	}
-	count += s->nbyte;
-	if (s->handler == send_help) {
-	    send_help();
-	    return 0;
-	}
-
-	i += s->narg;
-	needconnect += s->needconnect;
-    }
-    if (!connected && needconnect) {
-	printf("?Need to be connected first.\r\n");
-	printf("'send ?' for help\r\n");
-	return 0;
-    }
-    /* Now, do we have enough room? */
-    if (NETROOM() < count) {
-	printf("There is not enough room in the buffer TO the network\r\n");
-	printf("to process your request.  Nothing will be done.\r\n");
-	printf("('send synch' will throw away most data in the network\r\n");
-	printf("buffer, if this might help.)\r\n");
-	return 0;
-    }
-    /* OK, they are all OK, now go through again and actually send */
-    count = 0;
-    for (i = 1; i < argc; i++) {
-	if ((s = GETSEND(argv[i])) == 0) {
-	    fprintf(stderr, "Telnet 'send' error - argument disappeared!\r\n");
-	    quit();
-	    /*NOTREACHED*/
-	}
-	if (s->handler) {
-	    count++;
-	    success += (*s->handler)((s->narg > 0) ? argv[i+1] : 0,
-				  (s->narg > 1) ? argv[i+2] : 0);
-	    i += s->narg;
-	} else {
-	    NET2ADD(IAC, s->what);
-	    printoption("SENT", IAC, s->what);
-	}
-    }
-    return (count == success);
-}
-
-static int
-send_tncmd(void (*func)(), char *cmd, char *name);
-
-static int
-send_esc()
-{
-    NETADD(escape);
-    return 1;
-}
-
-static int
-send_docmd(char *name)
-{
-    return(send_tncmd(send_do, "do", name));
-}
-
-static int
-send_dontcmd(char *name)
-{
-    return(send_tncmd(send_dont, "dont", name));
-}
-
-static int
-send_willcmd(char *name)
-{
-    return(send_tncmd(send_will, "will", name));
-}
-
-static int
-send_wontcmd(char *name)
-{
-    return(send_tncmd(send_wont, "wont", name));
-}
-
-extern char *telopts[];		/* XXX */
-
-static int
-send_tncmd(void (*func)(), char *cmd, char *name)
-{
-    char **cpp;
-    int val = 0;
-
-    if (isprefix(name, "help") || isprefix(name, "?")) {
-	int col, len;
-
-	printf("Usage: send %s <value|option>\r\n", cmd);
-	printf("\"value\" must be from 0 to 255\r\n");
-	printf("Valid options are:\r\n\t");
-
-	col = 8;
-	for (cpp = telopts; *cpp; cpp++) {
-	    len = strlen(*cpp) + 3;
-	    if (col + len > 65) {
-		printf("\r\n\t");
-		col = 8;
-	    }
-	    printf(" \"%s\"", *cpp);
-	    col += len;
-	}
-	printf("\r\n");
-	return 0;
-    }
-    cpp = genget(name, telopts, sizeof(char *));
-    if (Ambiguous(cpp)) {
-	fprintf(stderr,"'%s': ambiguous argument ('send %s ?' for help).\r\n",
-					name, cmd);
-	return 0;
-    }
-    if (cpp) {
-	val = cpp - telopts;
-    } else {
-	char *cp = name;
-
-	while (*cp >= '0' && *cp <= '9') {
-	    val *= 10;
-	    val += *cp - '0';
-	    cp++;
-	}
-	if (*cp != 0) {
-	    fprintf(stderr, "'%s': unknown argument ('send %s ?' for help).\r\n",
-					name, cmd);
-	    return 0;
-	} else if (val < 0 || val > 255) {
-	    fprintf(stderr, "'%s': bad value ('send %s ?' for help).\r\n",
-					name, cmd);
-	    return 0;
-	}
-    }
-    if (!connected) {
-	printf("?Need to be connected first.\r\n");
-	return 0;
-    }
-    (*func)(val, 1);
-    return 1;
-}
-
-static int
-send_help()
-{
-    struct sendlist *s;	/* pointer to current command */
-    for (s = Sendlist; s->name; s++) {
-	if (s->help)
-	    printf("%-15s %s\r\n", s->name, s->help);
-    }
-    return(0);
-}
-
-/*
- * The following are the routines and data structures referred
- * to by the arguments to the "toggle" command.
- */
-
-static int
-lclchars()
-{
-    donelclchars = 1;
-    return 1;
-}
-
-static int
-togdebug()
-{
-#ifndef	NOT43
-    if (net > 0 &&
-	(SetSockOpt(net, SOL_SOCKET, SO_DEBUG, debug)) < 0) {
-	    perror("setsockopt (SO_DEBUG)");
-    }
-#else	/* NOT43 */
-    if (debug) {
-	if (net > 0 && SetSockOpt(net, SOL_SOCKET, SO_DEBUG, 0, 0) < 0)
-	    perror("setsockopt (SO_DEBUG)");
-    } else
-	printf("Cannot turn off socket debugging\r\n");
-#endif	/* NOT43 */
-    return 1;
-}
-
-#if defined(KRB4) && defined(HAVE_KRB_DISABLE_DEBUG)
-#include <krb.h>
-
-static int
-togkrbdebug(void)
-{
-    if(krb_debug)
-	krb_enable_debug();
-    else
-	krb_disable_debug();
-    return 1;
-}
-#endif
-
-static int
-togcrlf()
-{
-    if (crlf) {
-	printf("Will send carriage returns as telnet <CR><LF>.\r\n");
-    } else {
-	printf("Will send carriage returns as telnet <CR><NUL>.\r\n");
-    }
-    return 1;
-}
-
-int binmode;
-
-static int
-togbinary(int val)
-{
-    donebinarytoggle = 1;
-
-    if (val >= 0) {
-	binmode = val;
-    } else {
-	if (my_want_state_is_will(TELOPT_BINARY) &&
-				my_want_state_is_do(TELOPT_BINARY)) {
-	    binmode = 1;
-	} else if (my_want_state_is_wont(TELOPT_BINARY) &&
-				my_want_state_is_dont(TELOPT_BINARY)) {
-	    binmode = 0;
-	}
-	val = binmode ? 0 : 1;
-    }
-
-    if (val == 1) {
-	if (my_want_state_is_will(TELOPT_BINARY) &&
-					my_want_state_is_do(TELOPT_BINARY)) {
-	    printf("Already operating in binary mode with remote host.\r\n");
-	} else {
-	    printf("Negotiating binary mode with remote host.\r\n");
-	    tel_enter_binary(3);
-	}
-    } else {
-	if (my_want_state_is_wont(TELOPT_BINARY) &&
-					my_want_state_is_dont(TELOPT_BINARY)) {
-	    printf("Already in network ascii mode with remote host.\r\n");
-	} else {
-	    printf("Negotiating network ascii mode with remote host.\r\n");
-	    tel_leave_binary(3);
-	}
-    }
-    return 1;
-}
-
-static int
-togrbinary(int val)
-{
-    donebinarytoggle = 1;
-
-    if (val == -1)
-	val = my_want_state_is_do(TELOPT_BINARY) ? 0 : 1;
-
-    if (val == 1) {
-	if (my_want_state_is_do(TELOPT_BINARY)) {
-	    printf("Already receiving in binary mode.\r\n");
-	} else {
-	    printf("Negotiating binary mode on input.\r\n");
-	    tel_enter_binary(1);
-	}
-    } else {
-	if (my_want_state_is_dont(TELOPT_BINARY)) {
-	    printf("Already receiving in network ascii mode.\r\n");
-	} else {
-	    printf("Negotiating network ascii mode on input.\r\n");
-	    tel_leave_binary(1);
-	}
-    }
-    return 1;
-}
-
-static int
-togxbinary(int val)
-{
-    donebinarytoggle = 1;
-
-    if (val == -1)
-	val = my_want_state_is_will(TELOPT_BINARY) ? 0 : 1;
-
-    if (val == 1) {
-	if (my_want_state_is_will(TELOPT_BINARY)) {
-	    printf("Already transmitting in binary mode.\r\n");
-	} else {
-	    printf("Negotiating binary mode on output.\r\n");
-	    tel_enter_binary(2);
-	}
-    } else {
-	if (my_want_state_is_wont(TELOPT_BINARY)) {
-	    printf("Already transmitting in network ascii mode.\r\n");
-	} else {
-	    printf("Negotiating network ascii mode on output.\r\n");
-	    tel_leave_binary(2);
-	}
-    }
-    return 1;
-}
-
-
-static int togglehelp (void);
-#if	defined(AUTHENTICATION)
-extern int auth_togdebug (int);
-#endif
-#if	defined(ENCRYPTION)
-extern int EncryptAutoEnc (int);
-extern int EncryptAutoDec (int);
-extern int EncryptDebug (int);
-extern int EncryptVerbose (int);
-#endif
-
-struct togglelist {
-    char	*name;		/* name of toggle */
-    char	*help;		/* help message */
-    int		(*handler)();	/* routine to do actual setting */
-    int		*variable;
-    char	*actionexplanation;
-};
-
-static struct togglelist Togglelist[] = {
-    { "autoflush",
-	"flushing of output when sending interrupt characters",
-	    0,
-		&autoflush,
-		    "flush output when sending interrupt characters" },
-    { "autosynch",
-	"automatic sending of interrupt characters in urgent mode",
-	    0,
-		&autosynch,
-		    "send interrupt characters in urgent mode" },
-#if	defined(AUTHENTICATION)
-    { "autologin",
-	"automatic sending of login and/or authentication info",
-	    0,
-		&autologin,
-		    "send login name and/or authentication information" },
-    { "authdebug",
-	"authentication debugging",
-	    auth_togdebug,
-		0,
-		     "print authentication debugging information" },
-#endif
-#if	defined(ENCRYPTION)
-    { "autoencrypt",
-	"automatic encryption of data stream",
-	    EncryptAutoEnc,
-		0,
-		    "automatically encrypt output" },
-    { "autodecrypt",
-	"automatic decryption of data stream",
-	    EncryptAutoDec,
-		0,
-		    "automatically decrypt input" },
-    { "verbose_encrypt",
-	"verbose encryption output",
-	    EncryptVerbose,
-		0,
-		    "print verbose encryption output" },
-    { "encdebug",
-	"encryption debugging",
-	    EncryptDebug,
-		0,
-		    "print encryption debugging information" },
-#endif
-#if defined(KRB5)
-    { "forward",
-	"credentials forwarding",
-	    kerberos5_set_forward,
-		0,
-		    "forward credentials" },
-    { "forwardable",
-	"forwardable flag of forwarded credentials",
-	    kerberos5_set_forwardable,
-		0,
-		    "forward forwardable credentials" },
-#endif
-   { "skiprc",
-	"don't read ~/.telnetrc file",
-	    0,
-		&skiprc,
-		    "skip reading of ~/.telnetrc file" },
-    { "binary",
-	"sending and receiving of binary data",
-	    togbinary,
-		0,
-		    0 },
-    { "inbinary",
-	"receiving of binary data",
-	    togrbinary,
-		0,
-		    0 },
-    { "outbinary",
-	"sending of binary data",
-	    togxbinary,
-		0,
-		    0 },
-    { "crlf",
-	"sending carriage returns as telnet <CR><LF>",
-	    togcrlf,
-		&crlf,
-		    0 },
-    { "crmod",
-	"mapping of received carriage returns",
-	    0,
-		&crmod,
-		    "map carriage return on output" },
-    { "localchars",
-	"local recognition of certain control characters",
-	    lclchars,
-		&localchars,
-		    "recognize certain control characters" },
-    { " ", "", 0 },		/* empty line */
-    { "debug",
-	"debugging",
-	    togdebug,
-		&debug,
-		    "turn on socket level debugging" },
-#if defined(KRB4) && defined(HAVE_KRB_DISABLE_DEBUG)
-    { "krb_debug",
-      "kerberos 4 debugging",
-      togkrbdebug,
-      &krb_debug,
-      "turn on kerberos 4 debugging" },
-#endif
-    { "netdata",
-	"printing of hexadecimal network data (debugging)",
-	    0,
-		&netdata,
-		    "print hexadecimal representation of network traffic" },
-    { "prettydump",
-	"output of \"netdata\" to user readable format (debugging)",
-	    0,
-		&prettydump,
-		    "print user readable output for \"netdata\"" },
-    { "options",
-	"viewing of options processing (debugging)",
-	    0,
-		&showoptions,
-		    "show option processing" },
-    { "termdata",
-	"printing of hexadecimal terminal data (debugging)",
-	    0,
-		&termdata,
-		    "print hexadecimal representation of terminal traffic" },
-    { "?",
-	0,
-	    togglehelp },
-    { "help",
-	0,
-	    togglehelp },
-    { 0 }
-};
-
-static int
-togglehelp()
-{
-    struct togglelist *c;
-
-    for (c = Togglelist; c->name; c++) {
-	if (c->help) {
-	    if (*c->help)
-		printf("%-15s toggle %s\r\n", c->name, c->help);
-	    else
-		printf("\r\n");
-	}
-    }
-    printf("\r\n");
-    printf("%-15s %s\r\n", "?", "display help information");
-    return 0;
-}
-
-static void
-settogglehelp(int set)
-{
-    struct togglelist *c;
-
-    for (c = Togglelist; c->name; c++) {
-	if (c->help) {
-	    if (*c->help)
-		printf("%-15s %s %s\r\n", c->name, set ? "enable" : "disable",
-						c->help);
-	    else
-		printf("\r\n");
-	}
-    }
-}
-
-#define	GETTOGGLE(name) (struct togglelist *) \
-		genget(name, (char **) Togglelist, sizeof(struct togglelist))
-
-static int
-toggle(int argc, char *argv[])
-{
-    int retval = 1;
-    char *name;
-    struct togglelist *c;
-
-    if (argc < 2) {
-	fprintf(stderr,
-	    "Need an argument to 'toggle' command.  'toggle ?' for help.\r\n");
-	return 0;
-    }
-    argc--;
-    argv++;
-    while (argc--) {
-	name = *argv++;
-	c = GETTOGGLE(name);
-	if (Ambiguous(c)) {
-	    fprintf(stderr, "'%s': ambiguous argument ('toggle ?' for help).\r\n",
-					name);
-	    return 0;
-	} else if (c == 0) {
-	    fprintf(stderr, "'%s': unknown argument ('toggle ?' for help).\r\n",
-					name);
-	    return 0;
-	} else {
-	    if (c->variable) {
-		*c->variable = !*c->variable;		/* invert it */
-		if (c->actionexplanation) {
-		    printf("%s %s.\r\n", *c->variable? "Will" : "Won't",
-							c->actionexplanation);
-		}
-	    }
-	    if (c->handler) {
-		retval &= (*c->handler)(-1);
-	    }
-	}
-    }
-    return retval;
-}
-
-/*
- * The following perform the "set" command.
- */
-
-struct termios new_tc = { 0 };
-
-struct setlist {
-    char *name;				/* name */
-    char *help;				/* help information */
-    void (*handler)();
-    cc_t *charp;			/* where it is located at */
-};
-
-static struct setlist Setlist[] = {
-#ifdef	KLUDGELINEMODE
-    { "echo", 	"character to toggle local echoing on/off", 0, &echoc },
-#endif
-    { "escape",	"character to escape back to telnet command mode", 0, &escape },
-    { "rlogin", "rlogin escape character", 0, &rlogin },
-    { "tracefile", "file to write trace information to", SetNetTrace, (cc_t *)NetTraceFile},
-    { " ", "" },
-    { " ", "The following need 'localchars' to be toggled true", 0, 0 },
-    { "flushoutput", "character to cause an Abort Output", 0, &termFlushChar },
-    { "interrupt", "character to cause an Interrupt Process", 0, &termIntChar },
-    { "quit",	"character to cause an Abort process", 0, &termQuitChar },
-    { "eof",	"character to cause an EOF ", 0, &termEofChar },
-    { " ", "" },
-    { " ", "The following are for local editing in linemode", 0, 0 },
-    { "erase",	"character to use to erase a character", 0, &termEraseChar },
-    { "kill",	"character to use to erase a line", 0, &termKillChar },
-    { "lnext",	"character to use for literal next", 0, &termLiteralNextChar },
-    { "susp",	"character to cause a Suspend Process", 0, &termSuspChar },
-    { "reprint", "character to use for line reprint", 0, &termRprntChar },
-    { "worderase", "character to use to erase a word", 0, &termWerasChar },
-    { "start",	"character to use for XON", 0, &termStartChar },
-    { "stop",	"character to use for XOFF", 0, &termStopChar },
-    { "forw1",	"alternate end of line character", 0, &termForw1Char },
-    { "forw2",	"alternate end of line character", 0, &termForw2Char },
-    { "ayt",	"alternate AYT character", 0, &termAytChar },
-    { 0 }
-};
-
-static struct setlist *
-getset(char *name)
-{
-    return (struct setlist *)
-		genget(name, (char **) Setlist, sizeof(struct setlist));
-}
-
-void
-set_escape_char(char *s)
-{
-	if (rlogin != _POSIX_VDISABLE) {
-		rlogin = (s && *s) ? special(s) : _POSIX_VDISABLE;
-		printf("Telnet rlogin escape character is '%s'.\r\n",
-					control(rlogin));
-	} else {
-		escape = (s && *s) ? special(s) : _POSIX_VDISABLE;
-		printf("Telnet escape character is '%s'.\r\n", control(escape));
-	}
-}
-
-static int
-setcmd(int argc, char *argv[])
-{
-    int value;
-    struct setlist *ct;
-    struct togglelist *c;
-
-    if (argc < 2 || argc > 3) {
-	printf("Format is 'set Name Value'\r\n'set ?' for help.\r\n");
-	return 0;
-    }
-    if ((argc == 2) && (isprefix(argv[1], "?") || isprefix(argv[1], "help"))) {
-	for (ct = Setlist; ct->name; ct++)
-	    printf("%-15s %s\r\n", ct->name, ct->help);
-	printf("\r\n");
-	settogglehelp(1);
-	printf("%-15s %s\r\n", "?", "display help information");
-	return 0;
-    }
-
-    ct = getset(argv[1]);
-    if (ct == 0) {
-	c = GETTOGGLE(argv[1]);
-	if (c == 0) {
-	    fprintf(stderr, "'%s': unknown argument ('set ?' for help).\r\n",
-			argv[1]);
-	    return 0;
-	} else if (Ambiguous(c)) {
-	    fprintf(stderr, "'%s': ambiguous argument ('set ?' for help).\r\n",
-			argv[1]);
-	    return 0;
-	}
-	if (c->variable) {
-	    if ((argc == 2) || (strcmp("on", argv[2]) == 0))
-		*c->variable = 1;
-	    else if (strcmp("off", argv[2]) == 0)
-		*c->variable = 0;
-	    else {
-		printf("Format is 'set togglename [on|off]'\r\n'set ?' for help.\r\n");
-		return 0;
-	    }
-	    if (c->actionexplanation) {
-		printf("%s %s.\r\n", *c->variable? "Will" : "Won't",
-							c->actionexplanation);
-	    }
-	}
-	if (c->handler)
-	    (*c->handler)(1);
-    } else if (argc != 3) {
-	printf("Format is 'set Name Value'\r\n'set ?' for help.\r\n");
-	return 0;
-    } else if (Ambiguous(ct)) {
-	fprintf(stderr, "'%s': ambiguous argument ('set ?' for help).\r\n",
-			argv[1]);
-	return 0;
-    } else if (ct->handler) {
-	(*ct->handler)(argv[2]);
-	printf("%s set to \"%s\".\r\n", ct->name, (char *)ct->charp);
-    } else {
-	if (strcmp("off", argv[2])) {
-	    value = special(argv[2]);
-	} else {
-	    value = _POSIX_VDISABLE;
-	}
-	*(ct->charp) = (cc_t)value;
-	printf("%s character is '%s'.\r\n", ct->name, control(*(ct->charp)));
-    }
-    slc_check();
-    return 1;
-}
-
-static int
-unsetcmd(int argc, char *argv[])
-{
-    struct setlist *ct;
-    struct togglelist *c;
-    char *name;
-
-    if (argc < 2) {
-	fprintf(stderr,
-	    "Need an argument to 'unset' command.  'unset ?' for help.\r\n");
-	return 0;
-    }
-    if (isprefix(argv[1], "?") || isprefix(argv[1], "help")) {
-	for (ct = Setlist; ct->name; ct++)
-	    printf("%-15s %s\r\n", ct->name, ct->help);
-	printf("\r\n");
-	settogglehelp(0);
-	printf("%-15s %s\r\n", "?", "display help information");
-	return 0;
-    }
-
-    argc--;
-    argv++;
-    while (argc--) {
-	name = *argv++;
-	ct = getset(name);
-	if (ct == 0) {
-	    c = GETTOGGLE(name);
-	    if (c == 0) {
-		fprintf(stderr, "'%s': unknown argument ('unset ?' for help).\r\n",
-			name);
-		return 0;
-	    } else if (Ambiguous(c)) {
-		fprintf(stderr, "'%s': ambiguous argument ('unset ?' for help).\r\n",
-			name);
-		return 0;
-	    }
-	    if (c->variable) {
-		*c->variable = 0;
-		if (c->actionexplanation) {
-		    printf("%s %s.\r\n", *c->variable? "Will" : "Won't",
-							c->actionexplanation);
-		}
-	    }
-	    if (c->handler)
-		(*c->handler)(0);
-	} else if (Ambiguous(ct)) {
-	    fprintf(stderr, "'%s': ambiguous argument ('unset ?' for help).\r\n",
-			name);
-	    return 0;
-	} else if (ct->handler) {
-	    (*ct->handler)(0);
-	    printf("%s reset to \"%s\".\r\n", ct->name, (char *)ct->charp);
-	} else {
-	    *(ct->charp) = _POSIX_VDISABLE;
-	    printf("%s character is '%s'.\r\n", ct->name, control(*(ct->charp)));
-	}
-    }
-    return 1;
-}
-
-/*
- * The following are the data structures and routines for the
- * 'mode' command.
- */
-#ifdef	KLUDGELINEMODE
-
-static int
-dokludgemode(void)
-{
-    kludgelinemode = 1;
-    send_wont(TELOPT_LINEMODE, 1);
-    send_dont(TELOPT_SGA, 1);
-    send_dont(TELOPT_ECHO, 1);
-    return 1;
-}
-#endif
-
-static int
-dolinemode()
-{
-#ifdef	KLUDGELINEMODE
-    if (kludgelinemode)
-	send_dont(TELOPT_SGA, 1);
-#endif
-    send_will(TELOPT_LINEMODE, 1);
-    send_dont(TELOPT_ECHO, 1);
-    return 1;
-}
-
-static int
-docharmode()
-{
-#ifdef	KLUDGELINEMODE
-    if (kludgelinemode)
-	send_do(TELOPT_SGA, 1);
-    else
-#endif
-    send_wont(TELOPT_LINEMODE, 1);
-    send_do(TELOPT_ECHO, 1);
-    return 1;
-}
-
-static int
-dolmmode(int bit, int on)
-{
-    unsigned char c;
-
-    if (my_want_state_is_wont(TELOPT_LINEMODE)) {
-	printf("?Need to have LINEMODE option enabled first.\r\n");
-	printf("'mode ?' for help.\r\n");
- 	return 0;
-    }
-
-    if (on)
-	c = (linemode | bit);
-    else
-	c = (linemode & ~bit);
-    lm_mode(&c, 1, 1);
-    return 1;
-}
-
-static int
-tn_setmode(int bit)
-{
-    return dolmmode(bit, 1);
-}
-
-static int
-tn_clearmode(int bit)
-{
-    return dolmmode(bit, 0);
-}
-
-struct modelist {
-	char	*name;		/* command name */
-	char	*help;		/* help string */
-	int	(*handler)();	/* routine which executes command */
-	int	needconnect;	/* Do we need to be connected to execute? */
-	int	arg1;
-};
-
-static int modehelp(void);
-
-static struct modelist ModeList[] = {
-    { "character", "Disable LINEMODE option",	docharmode, 1 },
-#ifdef	KLUDGELINEMODE
-    { "",	"(or disable obsolete line-by-line mode)", 0 },
-#endif
-    { "line",	"Enable LINEMODE option",	dolinemode, 1 },
-#ifdef	KLUDGELINEMODE
-    { "",	"(or enable obsolete line-by-line mode)", 0 },
-#endif
-    { "", "", 0 },
-    { "",	"These require the LINEMODE option to be enabled", 0 },
-    { "isig",	"Enable signal trapping",	tn_setmode, 1, MODE_TRAPSIG },
-    { "+isig",	0,				tn_setmode, 1, MODE_TRAPSIG },
-    { "-isig",	"Disable signal trapping",	tn_clearmode, 1, MODE_TRAPSIG },
-    { "edit",	"Enable character editing",	tn_setmode, 1, MODE_EDIT },
-    { "+edit",	0,				tn_setmode, 1, MODE_EDIT },
-    { "-edit",	"Disable character editing",	tn_clearmode, 1, MODE_EDIT },
-    { "softtabs", "Enable tab expansion",	tn_setmode, 1, MODE_SOFT_TAB },
-    { "+softtabs", 0,				tn_setmode, 1, MODE_SOFT_TAB },
-    { "-softtabs", "Disable tab expansion",	tn_clearmode, 1, MODE_SOFT_TAB },
-    { "litecho", "Enable literal character echo", tn_setmode, 1, MODE_LIT_ECHO },
-    { "+litecho", 0,				tn_setmode, 1, MODE_LIT_ECHO },
-    { "-litecho", "Disable literal character echo", tn_clearmode, 1, MODE_LIT_ECHO },
-    { "help",	0,				modehelp, 0 },
-#ifdef	KLUDGELINEMODE
-    { "kludgeline", 0,				dokludgemode, 1 },
-#endif
-    { "", "", 0 },
-    { "?",	"Print help information",	modehelp, 0 },
-    { 0 },
-};
-
-
-static int
-modehelp(void)
-{
-    struct modelist *mt;
-
-    printf("format is:  'mode Mode', where 'Mode' is one of:\r\n\r\n");
-    for (mt = ModeList; mt->name; mt++) {
-	if (mt->help) {
-	    if (*mt->help)
-		printf("%-15s %s\r\n", mt->name, mt->help);
-	    else
-		printf("\r\n");
-	}
-    }
-    return 0;
-}
-
-#define	GETMODECMD(name) (struct modelist *) \
-		genget(name, (char **) ModeList, sizeof(struct modelist))
-
-static int
-modecmd(int argc, char **argv)
-{
-    struct modelist *mt;
-
-    if (argc != 2) {
-	printf("'mode' command requires an argument\r\n");
-	printf("'mode ?' for help.\r\n");
-    } else if ((mt = GETMODECMD(argv[1])) == 0) {
-	fprintf(stderr, "Unknown mode '%s' ('mode ?' for help).\r\n", argv[1]);
-    } else if (Ambiguous(mt)) {
-	fprintf(stderr, "Ambiguous mode '%s' ('mode ?' for help).\r\n", argv[1]);
-    } else if (mt->needconnect && !connected) {
-	printf("?Need to be connected first.\r\n");
-	printf("'mode ?' for help.\r\n");
-    } else if (mt->handler) {
-	return (*mt->handler)(mt->arg1);
-    }
-    return 0;
-}
-
-/*
- * The following data structures and routines implement the
- * "display" command.
- */
-
-static int
-display(int argc, char *argv[])
-{
-    struct togglelist *tl;
-    struct setlist *sl;
-
-#define	dotog(tl)	if (tl->variable && tl->actionexplanation) { \
-			    if (*tl->variable) { \
-				printf("will"); \
-			    } else { \
-				printf("won't"); \
-			    } \
-			    printf(" %s.\r\n", tl->actionexplanation); \
-			}
-
-#define	doset(sl)   if (sl->name && *sl->name != ' ') { \
-			if (sl->handler == 0) \
-			    printf("%-15s [%s]\r\n", sl->name, control(*sl->charp)); \
-			else \
-			    printf("%-15s \"%s\"\r\n", sl->name, (char *)sl->charp); \
-		    }
-
-    if (argc == 1) {
-	for (tl = Togglelist; tl->name; tl++) {
-	    dotog(tl);
-	}
-	printf("\r\n");
-	for (sl = Setlist; sl->name; sl++) {
-	    doset(sl);
-	}
-    } else {
-	int i;
-
-	for (i = 1; i < argc; i++) {
-	    sl = getset(argv[i]);
-	    tl = GETTOGGLE(argv[i]);
-	    if (Ambiguous(sl) || Ambiguous(tl)) {
-		printf("?Ambiguous argument '%s'.\r\n", argv[i]);
-		return 0;
-	    } else if (!sl && !tl) {
-		printf("?Unknown argument '%s'.\r\n", argv[i]);
-		return 0;
-	    } else {
-		if (tl) {
-		    dotog(tl);
-		}
-		if (sl) {
-		    doset(sl);
-		}
-	    }
-	}
-    }
-/*@*/optionstatus();
-#if	defined(ENCRYPTION)
-    EncryptStatus();
-#endif
-    return 1;
-#undef	doset
-#undef	dotog
-}
-
-/*
- * The following are the data structures, and many of the routines,
- * relating to command processing.
- */
-
-/*
- * Set the escape character.
- */
-static int
-setescape(int argc, char *argv[])
-{
-	char *arg;
-	char buf[50];
-
-	printf(
-	    "Deprecated usage - please use 'set escape%s%s' in the future.\r\n",
-				(argc > 2)? " ":"", (argc > 2)? argv[1]: "");
-	if (argc > 2)
-		arg = argv[1];
-	else {
-		printf("new escape character: ");
-		fgets(buf, sizeof(buf), stdin);
-		arg = buf;
-	}
-	if (arg[0] != '\0')
-		escape = arg[0];
-	printf("Escape character is '%s'.\r\n", control(escape));
-
-	fflush(stdout);
-	return 1;
-}
-
-static int
-togcrmod()
-{
-    crmod = !crmod;
-    printf("Deprecated usage - please use 'toggle crmod' in the future.\r\n");
-    printf("%s map carriage return on output.\r\n", crmod ? "Will" : "Won't");
-    fflush(stdout);
-    return 1;
-}
-
-static int
-telnetsuspend()
-{
-#ifdef	SIGTSTP
-    setcommandmode();
-    {
-	long oldrows, oldcols, newrows, newcols, err;
-
-	err = (TerminalWindowSize(&oldrows, &oldcols) == 0) ? 1 : 0;
-	kill(0, SIGTSTP);
-	/*
-	 * If we didn't get the window size before the SUSPEND, but we
-	 * can get them now (?), then send the NAWS to make sure that
-	 * we are set up for the right window size.
-	 */
-	if (TerminalWindowSize(&newrows, &newcols) && connected &&
-	    (err || ((oldrows != newrows) || (oldcols != newcols)))) {
-		sendnaws();
-	}
-    }
-    /* reget parameters in case they were changed */
-    TerminalSaveState();
-    setconnmode(0);
-#else
-    printf("Suspend is not supported.  Try the '!' command instead\r\n");
-#endif
-    return 1;
-}
-
-static int
-shell(int argc, char **argv)
-{
-    long oldrows, oldcols, newrows, newcols, err;
-
-    setcommandmode();
-
-    err = (TerminalWindowSize(&oldrows, &oldcols) == 0) ? 1 : 0;
-    switch(fork()) {
-    case -1:
-	perror("Fork failed\r\n");
-	break;
-
-    case 0:
-	{
-	    /*
-	     * Fire up the shell in the child.
-	     */
-	    char *shellp, *shellname;
-
-	    shellp = getenv("SHELL");
-	    if (shellp == NULL)
-		shellp = "/bin/sh";
-	    if ((shellname = strrchr(shellp, '/')) == 0)
-		shellname = shellp;
-	    else
-		shellname++;
-	    if (argc > 1)
-		execl(shellp, shellname, "-c", &saveline[1], NULL);
-	    else
-		execl(shellp, shellname, NULL);
-	    perror("Execl");
-	    _exit(1);
-	}
-    default:
-	    wait((int *)0);	/* Wait for the shell to complete */
-
-	    if (TerminalWindowSize(&newrows, &newcols) && connected &&
-		(err || ((oldrows != newrows) || (oldcols != newcols)))) {
-		    sendnaws();
-	    }
-	    break;
-    }
-    return 1;
-}
-
-static int
-bye(int argc, char **argv)
-{
-    if (connected) {
-	shutdown(net, 2);
-	printf("Connection closed.\r\n");
-	NetClose(net);
-	connected = 0;
-	resettermname = 1;
-#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
-	auth_encrypt_connect(connected);
-#endif
-	/* reset options */
-	tninit();
-    }
-    if ((argc != 2) || (strcmp(argv[1], "fromquit") != 0)) 
-	longjmp(toplevel, 1);
-    return 0;	/* NOTREACHED */
-}
-
-int
-quit(void)
-{
-	call(bye, "bye", "fromquit", 0);
-	Exit(0);
-	return 0; /*NOTREACHED*/
-}
-
-static int
-logout()
-{
-	send_do(TELOPT_LOGOUT, 1);
-	netflush();
-	return 1;
-}
-
-
-/*
- * The SLC command.
- */
-
-struct slclist {
-	char	*name;
-	char	*help;
-	void	(*handler)();
-	int	arg;
-};
-
-static void slc_help(void);
-
-struct slclist SlcList[] = {
-    { "export",	"Use local special character definitions",
-						slc_mode_export,	0 },
-    { "import",	"Use remote special character definitions",
-						slc_mode_import,	1 },
-    { "check",	"Verify remote special character definitions",
-						slc_mode_import,	0 },
-    { "help",	0,				slc_help,		0 },
-    { "?",	"Print help information",	slc_help,		0 },
-    { 0 },
-};
-
-static void
-slc_help(void)
-{
-    struct slclist *c;
-
-    for (c = SlcList; c->name; c++) {
-	if (c->help) {
-	    if (*c->help)
-		printf("%-15s %s\r\n", c->name, c->help);
-	    else
-		printf("\r\n");
-	}
-    }
-}
-
-static struct slclist *
-getslc(char *name)
-{
-    return (struct slclist *)
-		genget(name, (char **) SlcList, sizeof(struct slclist));
-}
-
-static int
-slccmd(int argc, char **argv)
-{
-    struct slclist *c;
-
-    if (argc != 2) {
-	fprintf(stderr,
-	    "Need an argument to 'slc' command.  'slc ?' for help.\r\n");
-	return 0;
-    }
-    c = getslc(argv[1]);
-    if (c == 0) {
-	fprintf(stderr, "'%s': unknown argument ('slc ?' for help).\r\n",
-    				argv[1]);
-	return 0;
-    }
-    if (Ambiguous(c)) {
-	fprintf(stderr, "'%s': ambiguous argument ('slc ?' for help).\r\n",
-    				argv[1]);
-	return 0;
-    }
-    (*c->handler)(c->arg);
-    slcstate();
-    return 1;
-}
-
-/*
- * The ENVIRON command.
- */
-
-struct envlist {
-	char	*name;
-	char	*help;
-	void	(*handler)();
-	int	narg;
-};
-
-static void env_help (void);
-
-struct envlist EnvList[] = {
-    { "define",	"Define an environment variable",
-						(void (*)())env_define,	2 },
-    { "undefine", "Undefine an environment variable",
-						env_undefine,	1 },
-    { "export",	"Mark an environment variable for automatic export",
-						env_export,	1 },
-    { "unexport", "Don't mark an environment variable for automatic export",
-						env_unexport,	1 },
-    { "send",	"Send an environment variable", env_send,	1 },
-    { "list",	"List the current environment variables",
-						env_list,	0 },
-    { "help",	0,				env_help,		0 },
-    { "?",	"Print help information",	env_help,		0 },
-    { 0 },
-};
-
-static void
-env_help()
-{
-    struct envlist *c;
-
-    for (c = EnvList; c->name; c++) {
-	if (c->help) {
-	    if (*c->help)
-		printf("%-15s %s\r\n", c->name, c->help);
-	    else
-		printf("\r\n");
-	}
-    }
-}
-
-static struct envlist *
-getenvcmd(char *name)
-{
-    return (struct envlist *)
-		genget(name, (char **) EnvList, sizeof(struct envlist));
-}
-
-static int
-env_cmd(int argc, char **argv)
-{
-    struct envlist *c;
-
-    if (argc < 2) {
-	fprintf(stderr,
-	    "Need an argument to 'environ' command.  'environ ?' for help.\r\n");
-	return 0;
-    }
-    c = getenvcmd(argv[1]);
-    if (c == 0) {
-	fprintf(stderr, "'%s': unknown argument ('environ ?' for help).\r\n",
-    				argv[1]);
-	return 0;
-    }
-    if (Ambiguous(c)) {
-	fprintf(stderr, "'%s': ambiguous argument ('environ ?' for help).\r\n",
-    				argv[1]);
-	return 0;
-    }
-    if (c->narg + 2 != argc) {
-	fprintf(stderr,
-	    "Need %s%d argument%s to 'environ %s' command.  'environ ?' for help.\r\n",
-		c->narg < argc + 2 ? "only " : "",
-		c->narg, c->narg == 1 ? "" : "s", c->name);
-	return 0;
-    }
-    (*c->handler)(argv[2], argv[3]);
-    return 1;
-}
-
-struct env_lst {
-	struct env_lst *next;	/* pointer to next structure */
-	struct env_lst *prev;	/* pointer to previous structure */
-	unsigned char *var;	/* pointer to variable name */
-	unsigned char *value;	/* pointer to variable value */
-	int export;		/* 1 -> export with default list of variables */
-	int welldefined;	/* A well defined variable */
-};
-
-struct env_lst envlisthead;
-
-struct env_lst *
-env_find(unsigned char *var)
-{
-	struct env_lst *ep;
-
-	for (ep = envlisthead.next; ep; ep = ep->next) {
-		if (strcmp((char *)ep->var, (char *)var) == 0)
-			return(ep);
-	}
-	return(NULL);
-}
-
-#ifdef IRIX4
-#define environ _environ
-#endif
-
-void
-env_init(void)
-{
-	char **epp, *cp;
-	struct env_lst *ep;
-
-	for (epp = environ; *epp; epp++) {
-		if ((cp = strchr(*epp, '='))) {
-			*cp = '\0';
-			ep = env_define((unsigned char *)*epp,
-					(unsigned char *)cp+1);
-			ep->export = 0;
-			*cp = '=';
-		}
-	}
-	/*
-	 * Special case for DISPLAY variable.  If it is ":0.0" or
-	 * "unix:0.0", we have to get rid of "unix" and insert our
-	 * hostname.
-	 */
-	if ((ep = env_find((unsigned char*)"DISPLAY"))
-	    && (*ep->value == ':'
-	    || strncmp((char *)ep->value, "unix:", 5) == 0)) {
-		char hbuf[256+1];
-		char *cp2 = strchr((char *)ep->value, ':');
-		int error;
-
-		/* XXX - should be k_gethostname? */
-		gethostname(hbuf, 256);
-		hbuf[256] = '\0';
-
-		/* If this is not the full name, try to get it via DNS */
-		if (strchr(hbuf, '.') == 0) {
-			struct addrinfo hints, *ai, *a;
-
-			memset (&hints, 0, sizeof(hints));
-			hints.ai_flags = AI_CANONNAME;
-
-			error = getaddrinfo (hbuf, NULL, &hints, &ai);
-			if (error == 0) {
-				for (a = ai; a != NULL; a = a->ai_next)
-					if (a->ai_canonname != NULL) {
-						strlcpy (hbuf,
-							 ai->ai_canonname,
-							 256);
-						break;
-					}
-				freeaddrinfo (ai);
-			}
-		}
-
-		error = asprintf (&cp, "%s%s", hbuf, cp2);
-		if (error != -1) {
-		    free (ep->value);
-		    ep->value = (unsigned char *)cp;
-		}
-	}
-	/*
-	 * If USER is not defined, but LOGNAME is, then add
-	 * USER with the value from LOGNAME.  By default, we
-	 * don't export the USER variable.
-	 */
-	if ((env_find((unsigned char*)"USER") == NULL) && 
-	    (ep = env_find((unsigned char*)"LOGNAME"))) {
-		env_define((unsigned char *)"USER", ep->value);
-		env_unexport((unsigned char *)"USER");
-	}
-	env_export((unsigned char *)"DISPLAY");
-	env_export((unsigned char *)"PRINTER");
-	env_export((unsigned char *)"XAUTHORITY");
-}
-
-struct env_lst *
-env_define(unsigned char *var, unsigned char *value)
-{
-	struct env_lst *ep;
-
-	if ((ep = env_find(var))) {
-		if (ep->var)
-			free(ep->var);
-		if (ep->value)
-			free(ep->value);
-	} else {
-		ep = (struct env_lst *)malloc(sizeof(struct env_lst));
-		ep->next = envlisthead.next;
-		envlisthead.next = ep;
-		ep->prev = &envlisthead;
-		if (ep->next)
-			ep->next->prev = ep;
-	}
-	ep->welldefined = opt_welldefined((char *)var);
-	ep->export = 1;
-	ep->var = (unsigned char *)strdup((char *)var);
-	ep->value = (unsigned char *)strdup((char *)value);
-	return(ep);
-}
-
-void
-env_undefine(unsigned char *var)
-{
-	struct env_lst *ep;
-
-	if ((ep = env_find(var))) {
-		ep->prev->next = ep->next;
-		if (ep->next)
-			ep->next->prev = ep->prev;
-		if (ep->var)
-			free(ep->var);
-		if (ep->value)
-			free(ep->value);
-		free(ep);
-	}
-}
-
-void
-env_export(unsigned char *var)
-{
-	struct env_lst *ep;
-
-	if ((ep = env_find(var)))
-		ep->export = 1;
-}
-
-void
-env_unexport(unsigned char *var)
-{
-	struct env_lst *ep;
-
-	if ((ep = env_find(var)))
-		ep->export = 0;
-}
-
-void
-env_send(unsigned char *var)
-{
-	struct env_lst *ep;
-
-	if (my_state_is_wont(TELOPT_NEW_ENVIRON)
-#ifdef	OLD_ENVIRON
-	    && my_state_is_wont(TELOPT_OLD_ENVIRON)
-#endif
-		) {
-		fprintf(stderr,
-		    "Cannot send '%s': Telnet ENVIRON option not enabled\r\n",
-									var);
-		return;
-	}
-	ep = env_find(var);
-	if (ep == 0) {
-		fprintf(stderr, "Cannot send '%s': variable not defined\r\n",
-									var);
-		return;
-	}
-	env_opt_start_info();
-	env_opt_add(ep->var);
-	env_opt_end(0);
-}
-
-void
-env_list(void)
-{
-	struct env_lst *ep;
-
-	for (ep = envlisthead.next; ep; ep = ep->next) {
-		printf("%c %-20s %s\r\n", ep->export ? '*' : ' ',
-					ep->var, ep->value);
-	}
-}
-
-unsigned char *
-env_default(int init, int welldefined)
-{
-	static struct env_lst *nep = NULL;
-
-	if (init) {
-		nep = &envlisthead;
-		return NULL;
-	}
-	if (nep) {
-		while ((nep = nep->next)) {
-			if (nep->export && (nep->welldefined == welldefined))
-				return(nep->var);
-		}
-	}
-	return(NULL);
-}
-
-unsigned char *
-env_getvalue(unsigned char *var)
-{
-	struct env_lst *ep;
-
-	if ((ep = env_find(var)))
-		return(ep->value);
-	return(NULL);
-}
-
-
-#if	defined(AUTHENTICATION)
-/*
- * The AUTHENTICATE command.
- */
-
-struct authlist {
-	char	*name;
-	char	*help;
-	int	(*handler)();
-	int	narg;
-};
-
-static int
-	auth_help (void);
-
-struct authlist AuthList[] = {
-    { "status",	"Display current status of authentication information",
-						auth_status,	0 },
-    { "disable", "Disable an authentication type ('auth disable ?' for more)",
-						auth_disable,	1 },
-    { "enable", "Enable an authentication type ('auth enable ?' for more)",
-						auth_enable,	1 },
-    { "help",	0,				auth_help,		0 },
-    { "?",	"Print help information",	auth_help,		0 },
-    { 0 },
-};
-
-static int
-auth_help()
-{
-    struct authlist *c;
-
-    for (c = AuthList; c->name; c++) {
-	if (c->help) {
-	    if (*c->help)
-		printf("%-15s %s\r\n", c->name, c->help);
-	    else
-		printf("\r\n");
-	}
-    }
-    return 0;
-}
-
-static int
-auth_cmd(int argc, char **argv)
-{
-    struct authlist *c;
-
-    if (argc < 2) {
-	fprintf(stderr,
-	    "Need an argument to 'auth' command.  'auth ?' for help.\r\n");
-	return 0;
-    }
-
-    c = (struct authlist *)
-		genget(argv[1], (char **) AuthList, sizeof(struct authlist));
-    if (c == 0) {
-	fprintf(stderr, "'%s': unknown argument ('auth ?' for help).\r\n",
-    				argv[1]);
-	return 0;
-    }
-    if (Ambiguous(c)) {
-	fprintf(stderr, "'%s': ambiguous argument ('auth ?' for help).\r\n",
-    				argv[1]);
-	return 0;
-    }
-    if (c->narg + 2 != argc) {
-	fprintf(stderr,
-	    "Need %s%d argument%s to 'auth %s' command.  'auth ?' for help.\r\n",
-		c->narg < argc + 2 ? "only " : "",
-		c->narg, c->narg == 1 ? "" : "s", c->name);
-	return 0;
-    }
-    return((*c->handler)(argv[2], argv[3]));
-}
-#endif
-
-
-#if	defined(ENCRYPTION)
-/*
- * The ENCRYPT command.
- */
-
-struct encryptlist {
-	char	*name;
-	char	*help;
-	int	(*handler)();
-	int	needconnect;
-	int	minarg;
-	int	maxarg;
-};
-
-static int
-	EncryptHelp (void);
-
-struct encryptlist EncryptList[] = {
-    { "enable", "Enable encryption. ('encrypt enable ?' for more)",
-						EncryptEnable, 1, 1, 2 },
-    { "disable", "Disable encryption. ('encrypt enable ?' for more)",
-						EncryptDisable, 0, 1, 2 },
-    { "type", "Set encryptiong type. ('encrypt type ?' for more)",
-						EncryptType, 0, 1, 1 },
-    { "start", "Start encryption. ('encrypt start ?' for more)",
-						EncryptStart, 1, 0, 1 },
-    { "stop", "Stop encryption. ('encrypt stop ?' for more)",
-						EncryptStop, 1, 0, 1 },
-    { "input", "Start encrypting the input stream",
-						EncryptStartInput, 1, 0, 0 },
-    { "-input", "Stop encrypting the input stream",
-						EncryptStopInput, 1, 0, 0 },
-    { "output", "Start encrypting the output stream",
-						EncryptStartOutput, 1, 0, 0 },
-    { "-output", "Stop encrypting the output stream",
-						EncryptStopOutput, 1, 0, 0 },
-
-    { "status",	"Display current status of authentication information",
-						EncryptStatus,	0, 0, 0 },
-    { "help",	0,				EncryptHelp,	0, 0, 0 },
-    { "?",	"Print help information",	EncryptHelp,	0, 0, 0 },
-    { 0 },
-};
-
-static int
-EncryptHelp()
-{
-    struct encryptlist *c;
-
-    for (c = EncryptList; c->name; c++) {
-	if (c->help) {
-	    if (*c->help)
-		printf("%-15s %s\r\n", c->name, c->help);
-	    else
-		printf("\r\n");
-	}
-    }
-    return 0;
-}
-
-static int
-encrypt_cmd(int argc, char **argv)
-{
-    struct encryptlist *c;
-
-    c = (struct encryptlist *)
-		genget(argv[1], (char **) EncryptList, sizeof(struct encryptlist));
-    if (c == 0) {
-        fprintf(stderr, "'%s': unknown argument ('encrypt ?' for help).\r\n",
-    				argv[1]);
-        return 0;
-    }
-    if (Ambiguous(c)) {
-        fprintf(stderr, "'%s': ambiguous argument ('encrypt ?' for help).\r\n",
-    				argv[1]);
-        return 0;
-    }
-    argc -= 2;
-    if (argc < c->minarg || argc > c->maxarg) {
-	if (c->minarg == c->maxarg) {
-	    fprintf(stderr, "Need %s%d argument%s ",
-		c->minarg < argc ? "only " : "", c->minarg,
-		c->minarg == 1 ? "" : "s");
-	} else {
-	    fprintf(stderr, "Need %s%d-%d arguments ",
-		c->maxarg < argc ? "only " : "", c->minarg, c->maxarg);
-	}
-	fprintf(stderr, "to 'encrypt %s' command.  'encrypt ?' for help.\r\n",
-		c->name);
-	return 0;
-    }
-    if (c->needconnect && !connected) {
-	if (!(argc && (isprefix(argv[2], "help") || isprefix(argv[2], "?")))) {
-	    printf("?Need to be connected first.\r\n");
-	    return 0;
-	}
-    }
-    return ((*c->handler)(argc > 0 ? argv[2] : 0,
-			argc > 1 ? argv[3] : 0,
-			argc > 2 ? argv[4] : 0));
-}
-#endif
-
-
-/*
- * Print status about the connection.
- */
-
-static int
-status(int argc, char **argv)
-{
-    if (connected) {
-	printf("Connected to %s.\r\n", hostname);
-	if ((argc < 2) || strcmp(argv[1], "notmuch")) {
-	    int mode = getconnmode();
-
-	    if (my_want_state_is_will(TELOPT_LINEMODE)) {
-		printf("Operating with LINEMODE option\r\n");
-		printf("%s line editing\r\n", (mode&MODE_EDIT) ? "Local" : "No");
-		printf("%s catching of signals\r\n",
-					(mode&MODE_TRAPSIG) ? "Local" : "No");
-		slcstate();
-#ifdef	KLUDGELINEMODE
-	    } else if (kludgelinemode && my_want_state_is_dont(TELOPT_SGA)) {
-		printf("Operating in obsolete linemode\r\n");
-#endif
-	    } else {
-		printf("Operating in single character mode\r\n");
-		if (localchars)
-		    printf("Catching signals locally\r\n");
-	    }
-	    printf("%s character echo\r\n", (mode&MODE_ECHO) ? "Local" : "Remote");
-	    if (my_want_state_is_will(TELOPT_LFLOW))
-		printf("%s flow control\r\n", (mode&MODE_FLOW) ? "Local" : "No");
-#if	defined(ENCRYPTION)
-	    encrypt_display();
-#endif
-	}
-    } else {
-	printf("No connection.\r\n");
-    }
-    printf("Escape character is '%s'.\r\n", control(escape));
-    fflush(stdout);
-    return 1;
-}
-
-#ifdef	SIGINFO
-/*
- * Function that gets called when SIGINFO is received.
- */
-RETSIGTYPE
-ayt_status(int ignore)
-{
-    call(status, "status", "notmuch", 0);
-}
-#endif
-
-static Command *getcmd(char *name);
-
-static void
-cmdrc(char *m1, char *m2)
-{
-    static char rcname[128];
-    Command *c;
-    FILE *rcfile;
-    int gotmachine = 0;
-    int l1 = strlen(m1);
-    int l2 = strlen(m2);
-    char m1save[64];
-
-    if (skiprc)
-	return;
-
-    strlcpy(m1save, m1, sizeof(m1save));
-    m1 = m1save;
-
-    if (rcname[0] == 0) {
-	char *home = getenv("HOME");
-
-	snprintf (rcname, sizeof(rcname), "%s/.telnetrc",
-		  home ? home : "");
-    }
-
-    if ((rcfile = fopen(rcname, "r")) == 0) {
-	return;
-    }
-
-    for (;;) {
-	if (fgets(line, sizeof(line), rcfile) == NULL)
-	    break;
-	if (line[0] == 0)
-	    break;
-	if (line[0] == '#')
-	    continue;
-	if (gotmachine) {
-	    if (!isspace((unsigned char)line[0]))
-		gotmachine = 0;
-	}
-	if (gotmachine == 0) {
-	    if (isspace((unsigned char)line[0]))
-		continue;
-	    if (strncasecmp(line, m1, l1) == 0)
-		strncpy(line, &line[l1], sizeof(line) - l1);
-	    else if (strncasecmp(line, m2, l2) == 0)
-		strncpy(line, &line[l2], sizeof(line) - l2);
-	    else if (strncasecmp(line, "DEFAULT", 7) == 0)
-		strncpy(line, &line[7], sizeof(line) - 7);
-	    else
-		continue;
-	    if (line[0] != ' ' && line[0] != '\t' && line[0] != '\n')
-		continue;
-	    gotmachine = 1;
-	}
-	makeargv();
-	if (margv[0] == 0)
-	    continue;
-	c = getcmd(margv[0]);
-	if (Ambiguous(c)) {
-	    printf("?Ambiguous command: %s\r\n", margv[0]);
-	    continue;
-	}
-	if (c == 0) {
-	    printf("?Invalid command: %s\r\n", margv[0]);
-	    continue;
-	}
-	/*
-	 * This should never happen...
-	 */
-	if (c->needconnect && !connected) {
-	    printf("?Need to be connected first for %s.\r\n", margv[0]);
-	    continue;
-	}
-	(*c->handler)(margc, margv);
-    }
-    fclose(rcfile);
-}
-
-int
-tn(int argc, char **argv)
-{
-    struct servent *sp = 0;
-    char *cmd, *hostp = 0, *portp = 0;
-    char *user = 0;
-    int port = 0;
-
-    /* clear the socket address prior to use */
-
-    if (connected) {
-	printf("?Already connected to %s\r\n", hostname);
-	return 0;
-    }
-    if (argc < 2) {
-	strlcpy(line, "open ", sizeof(line));
-	printf("(to) ");
-	fgets(&line[strlen(line)], sizeof(line) - strlen(line), stdin);
-	makeargv();
-	argc = margc;
-	argv = margv;
-    }
-    cmd = *argv;
-    --argc; ++argv;
-    while (argc) {
-	if (strcmp(*argv, "help") == 0 || isprefix(*argv, "?"))
-	    goto usage;
-	if (strcmp(*argv, "-l") == 0) {
-	    --argc; ++argv;
-	    if (argc == 0)
-		goto usage;
-	    user = strdup(*argv++);
-	    --argc;
-	    continue;
-	}
-	if (strcmp(*argv, "-a") == 0) {
-	    --argc; ++argv;
-	    autologin = 1;
-	    continue;
-	}
-	if (hostp == 0) {
-	    hostp = *argv++;
-	    --argc;
-	    continue;
-	}
-	if (portp == 0) {
-	    portp = *argv++;
-	    --argc;
-	    continue;
-	}
-    usage:
-	printf("usage: %s [-l user] [-a] host-name [port]\r\n", cmd);
-	return 0;
-    }
-    if (hostp == 0)
-	goto usage;
-
-    strlcpy (_hostname, hostp, sizeof(_hostname));
-    hostp = _hostname;
-    if (hostp[0] == '@' || hostp[0] == '!') {
-	char *p;
-	hostname = NULL;
-	for (p = hostp + 1; *p; p++) {
-	    if (*p == ',' || *p == '@')
-		hostname = p;
-	}
-	if (hostname == NULL) {
-	    fprintf(stderr, "%s: bad source route specification\n", hostp);
-	    return 0;
-	}
-	*hostname++ = '\0';
-    } else
-	hostname = hostp;
-
-    if (portp) {
-	if (*portp == '-') {
-	    portp++;
-	    telnetport = 1;
-	} else
-	    telnetport = 0;
-	port = atoi(portp);
-	if (port == 0) {
-	    sp = roken_getservbyname(portp, "tcp");
-	    if (sp)
-		port = sp->s_port;
-	    else {
-		printf("%s: bad port number\r\n", portp);
-		return 0;
-	    }
-	} else {
-	    port = htons(port);
-	}
-    } else {
-	if (sp == 0) {
-	    sp = roken_getservbyname("telnet", "tcp");
-	    if (sp == 0) {
-		fprintf(stderr, "telnet: tcp/telnet: unknown service\r\n");
-		return 0;
-	    }
-	    port = sp->s_port;
-	}
-	telnetport = 1;
-    }
-
-    {
-	struct addrinfo *ai, *a, hints;
-	int error;
-	char portstr[NI_MAXSERV];
-
-	memset (&hints, 0, sizeof(hints));
-	hints.ai_socktype = SOCK_STREAM;
-	hints.ai_protocol = IPPROTO_TCP;
-	hints.ai_flags    = AI_CANONNAME;
-
-	snprintf (portstr, sizeof(portstr), "%u", ntohs(port));
-
-	error = getaddrinfo (hostname, portstr, &hints, &ai);
-	if (error) {
-	    fprintf (stderr, "%s: %s\r\n", hostname, gai_strerror (error));
-	    return 0;
-	}
-
-	for (a = ai; a != NULL && connected == 0; a = a->ai_next) {
-	    char addrstr[256];
-
-	    if (a->ai_canonname != NULL)
-		strlcpy (_hostname, a->ai_canonname, sizeof(_hostname));
-
-	    if (getnameinfo (a->ai_addr, a->ai_addrlen,
-			     addrstr, sizeof(addrstr),
-			     NULL, 0, NI_NUMERICHOST) != 0)
-		strlcpy (addrstr, "unknown address", sizeof(addrstr));
-			     
-	    printf("Trying %s...\r\n", addrstr);
-
-	    net = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
-	    if (net < 0) {
-		warn ("socket");
-		continue;
-	    }
-
-#if	defined(IP_OPTIONS) && defined(IPPROTO_IP) && defined(HAVE_SETSOCKOPT)
-	if (hostp[0] == '@' || hostp[0] == '!') {
-	    char *srp = 0;
-	    int srlen;
-	    int proto, opt;
-
-	    if ((srlen = sourceroute(a, hostp, &srp, &proto, &opt)) < 0) {
-		(void) NetClose(net);
-		net = -1;
-		continue;
-	    }
-	    if (srp && setsockopt(net, proto, opt, srp, srlen) < 0)
-		perror("setsockopt (source route)");
-	}
-#endif
-
-#if	defined(IPPROTO_IP) && defined(IP_TOS)
-	    if (a->ai_family == AF_INET) {
-# if	defined(HAVE_GETTOSBYNAME)
-		struct tosent *tp;
-		if (tos < 0 && (tp = gettosbyname("telnet", "tcp")))
-		    tos = tp->t_tos;
-# endif
-		if (tos < 0)
-		    tos = 020;	/* Low Delay bit */
-		if (tos
-		    && (setsockopt(net, IPPROTO_IP, IP_TOS,
-				   (void *)&tos, sizeof(int)) < 0)
-		    && (errno != ENOPROTOOPT))
-		    perror("telnet: setsockopt (IP_TOS) (ignored)");
-	    }
-#endif	/* defined(IPPROTO_IP) && defined(IP_TOS) */
-	    if (debug && SetSockOpt(net, SOL_SOCKET, SO_DEBUG, 1) < 0) {
-		perror("setsockopt (SO_DEBUG)");
-	    }
-
-	    if (connect (net, a->ai_addr, a->ai_addrlen) < 0) {
-		fprintf (stderr, "telnet: connect to address %s: %s\n",
-			 addrstr, strerror(errno));
-		NetClose(net);
-		if (a->ai_next != NULL) {
-		    continue;
-		} else {
-		    freeaddrinfo (ai);
-		    return 0;
-		}
-	    }
-	    ++connected;
-#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
-	    auth_encrypt_connect(connected);
-#endif
-	}
-	freeaddrinfo (ai);
-	if (connected == 0)
-	    return 0;
-    }
-    cmdrc(hostp, hostname);
-    set_forward_options();
-    if (autologin && user == NULL)
-	user = (char *)get_default_username ();
-    if (user) {
-	env_define((unsigned char *)"USER", (unsigned char *)user);
-	env_export((unsigned char *)"USER");
-    }
-    call(status, "status", "notmuch", 0);
-    if (setjmp(peerdied) == 0)
-	my_telnet((char *)user);
-    NetClose(net);
-    ExitString("Connection closed by foreign host.\r\n",1);
-    /*NOTREACHED*/
-    return 0;
-}
-
-#define HELPINDENT ((int)sizeof ("connect"))
-
-static char
-	openhelp[] =	"connect to a site",
-	closehelp[] =	"close current connection",
-	logouthelp[] =	"forcibly logout remote user and close the connection",
-	quithelp[] =	"exit telnet",
-	statushelp[] =	"print status information",
-	helphelp[] =	"print help information",
-	sendhelp[] =	"transmit special characters ('send ?' for more)",
-	sethelp[] = 	"set operating parameters ('set ?' for more)",
-	unsethelp[] = 	"unset operating parameters ('unset ?' for more)",
-	togglestring[] ="toggle operating parameters ('toggle ?' for more)",
-	slchelp[] =	"change state of special charaters ('slc ?' for more)",
-	displayhelp[] =	"display operating parameters",
-#if	defined(AUTHENTICATION)
-	authhelp[] =	"turn on (off) authentication ('auth ?' for more)",
-#endif
-#if	defined(ENCRYPTION)
-	encrypthelp[] =	"turn on (off) encryption ('encrypt ?' for more)",
-#endif
-	zhelp[] =	"suspend telnet",
-	shellhelp[] =	"invoke a subshell",
-	envhelp[] =	"change environment variables ('environ ?' for more)",
-	modestring[] = "try to enter line or character mode ('mode ?' for more)";
-
-static int help(int argc, char **argv);
-
-static Command cmdtab[] = {
-	{ "close",	closehelp,	bye,		1 },
-	{ "logout",	logouthelp,	logout,		1 },
-	{ "display",	displayhelp,	display,	0 },
-	{ "mode",	modestring,	modecmd,	0 },
-	{ "open",	openhelp,	tn,		0 },
-	{ "quit",	quithelp,	quit,		0 },
-	{ "send",	sendhelp,	sendcmd,	0 },
-	{ "set",	sethelp,	setcmd,		0 },
-	{ "unset",	unsethelp,	unsetcmd,	0 },
-	{ "status",	statushelp,	status,		0 },
-	{ "toggle",	togglestring,	toggle,		0 },
-	{ "slc",	slchelp,	slccmd,		0 },
-#if	defined(AUTHENTICATION)
-	{ "auth",	authhelp,	auth_cmd,	0 },
-#endif
-#if	defined(ENCRYPTION)
-	{ "encrypt",	encrypthelp,	encrypt_cmd,	0 },
-#endif
-	{ "z",		zhelp,		telnetsuspend,	0 },
-	{ "!",		shellhelp,	shell,		0 },
-	{ "environ",	envhelp,	env_cmd,	0 },
-	{ "?",		helphelp,	help,		0 },
-	{ 0,            0,              0,              0 }
-};
-
-static char	crmodhelp[] =	"deprecated command -- use 'toggle crmod' instead";
-static char	escapehelp[] =	"deprecated command -- use 'set escape' instead";
-
-static Command cmdtab2[] = {
-	{ "help",	0,		help,		0 },
-	{ "escape",	escapehelp,	setescape,	0 },
-	{ "crmod",	crmodhelp,	togcrmod,	0 },
-	{ 0,            0,		0, 		0 }
-};
-
-
-/*
- * Call routine with argc, argv set from args (terminated by 0).
- */
-
-static int
-call(intrtn_t routine, ...)
-{
-    va_list ap;
-    char *args[100];
-    int argno = 0;
-
-    va_start(ap, routine);
-    while ((args[argno++] = va_arg(ap, char *)) != 0);
-    va_end(ap);
-    return (*routine)(argno-1, args);
-}
-
-
-static Command
-*getcmd(char *name)
-{
-    Command *cm;
-
-    if ((cm = (Command *) genget(name, (char **) cmdtab, sizeof(Command))))
-	return cm;
-    return (Command *) genget(name, (char **) cmdtab2, sizeof(Command));
-}
-
-void
-command(int top, char *tbuf, int cnt)
-{
-    Command *c;
-
-    setcommandmode();
-    if (!top) {
-	putchar('\n');
-    } else {
-	signal(SIGINT, SIG_DFL);
-	signal(SIGQUIT, SIG_DFL);
-    }
-    for (;;) {
-	if (rlogin == _POSIX_VDISABLE)
-		printf("%s> ", prompt);
-	if (tbuf) {
-	    char *cp;
-	    cp = line;
-	    while (cnt > 0 && (*cp++ = *tbuf++) != '\n')
-		cnt--;
-	    tbuf = 0;
-	    if (cp == line || *--cp != '\n' || cp == line)
-		goto getline;
-	    *cp = '\0';
-	    if (rlogin == _POSIX_VDISABLE)
-		printf("%s\r\n", line);
-	} else {
-	getline:
-	    if (rlogin != _POSIX_VDISABLE)
-		printf("%s> ", prompt);
-	    if (fgets(line, sizeof(line), stdin) == NULL) {
-		if (feof(stdin) || ferror(stdin)) {
-		    quit();
-		    /*NOTREACHED*/
-		}
-		break;
-	    }
-	}
-	if (line[0] == 0)
-	    break;
-	makeargv();
-	if (margv[0] == 0) {
-	    break;
-	}
-	c = getcmd(margv[0]);
-	if (Ambiguous(c)) {
-	    printf("?Ambiguous command\r\n");
-	    continue;
-	}
-	if (c == 0) {
-	    printf("?Invalid command\r\n");
-	    continue;
-	}
-	if (c->needconnect && !connected) {
-	    printf("?Need to be connected first.\r\n");
-	    continue;
-	}
-	if ((*c->handler)(margc, margv)) {
-	    break;
-	}
-    }
-    if (!top) {
-	if (!connected) {
-	    longjmp(toplevel, 1);
-	    /*NOTREACHED*/
-	}
-	setconnmode(0);
-    }
-}
-
-/*
- * Help command.
- */
-static int
-help(int argc, char **argv)
-{
-	Command *c;
-
-	if (argc == 1) {
-		printf("Commands may be abbreviated.  Commands are:\r\n\r\n");
-		for (c = cmdtab; c->name; c++)
-			if (c->help) {
-				printf("%-*s\t%s\r\n", HELPINDENT, c->name,
-								    c->help);
-			}
-		return 0;
-	}
-	while (--argc > 0) {
-		char *arg;
-		arg = *++argv;
-		c = getcmd(arg);
-		if (Ambiguous(c))
-			printf("?Ambiguous help command %s\r\n", arg);
-		else if (c == (Command *)0)
-			printf("?Invalid help command %s\r\n", arg);
-		else
-			printf("%s\r\n", c->help);
-	}
-	return 0;
-}
-
-
-#if	defined(IP_OPTIONS) && defined(IPPROTO_IP)
-
-/*
- * Source route is handed in as
- *	[!]@hop1@hop2...@dst
- *
- * If the leading ! is present, it is a strict source route, otherwise it is
- * assmed to be a loose source route.  Note that leading ! is effective
- * only for IPv4 case.
- *
- * We fill in the source route option as
- *	hop1,hop2,hop3...dest
- * and return a pointer to hop1, which will
- * be the address to connect() to.
- *
- * Arguments:
- *	ai:	The address (by struct addrinfo) for the final destination.
- *
- *	arg:	Pointer to route list to decipher
- *
- *	cpp: 	Pointer to a pointer, so that sourceroute() can return
- *		the address of result buffer (statically alloc'ed).
- *
- *	protop/optp:
- *		Pointer to an integer.  The pointed variable
- *	lenp:	pointer to an integer that contains the
- *		length of *cpp if *cpp != NULL.
- *
- * Return values:
- *
- *	Returns the length of the option pointed to by *cpp.  If the
- *	return value is -1, there was a syntax error in the
- *	option, either arg contained unknown characters or too many hosts,
- *	or hostname cannot be resolved.
- *
- *	The caller needs to pass return value (len), *cpp, *protop and *optp
- *	to setsockopt(2).
- *
- *	*cpp:	Points to the result buffer.  The region is statically
- *		allocated by the function.
- *
- *	*protop:
- *		protocol # to be passed to setsockopt(2).
- *
- *	*optp:	option # to be passed to setsockopt(2).
- *
- */
-int
-sourceroute(struct addrinfo *ai,
-	    char *arg,
-	    char **cpp,
-	    int *protop,
-	    int *optp)
-{
-	char *cp, *cp2, *lsrp = NULL, *lsrep = NULL;
-	struct addrinfo hints, *res;
-	int len, error;
-	struct sockaddr_in *sin;
-	register char c;
-	static char lsr[44];
-#ifdef INET6
-	struct cmsghdr *cmsg = NULL;
-	struct sockaddr_in6 *sin6;
-	static char rhbuf[1024];
-#endif
-
-	/*
-	 * Verify the arguments.
-	 */
-	if (cpp == NULL)
-		return -1;
-
-	cp = arg;
-
-	*cpp = NULL;
-	switch (ai->ai_family) {
-	case AF_INET:
-		lsrp = lsr;
-		lsrep = lsrp + sizeof(lsr);
-
-		/*
-		 * Next, decide whether we have a loose source
-		 * route or a strict source route, and fill in
-		 * the begining of the option.
-		 */
-		if (*cp == '!') {
-			cp++;
-			*lsrp++ = IPOPT_SSRR;
-		} else
-			*lsrp++ = IPOPT_LSRR;
-		if (*cp != '@')
-			return -1;
-		lsrp++;		/* skip over length, we'll fill it in later */
-		*lsrp++ = 4;
-		cp++;
-		*protop = IPPROTO_IP;
-		*optp = IP_OPTIONS;
-		break;
-#ifdef INET6
-	case AF_INET6:
-/* this needs to be updated for rfc2292bis */
-#ifdef IPV6_PKTOPTIONS
-		cmsg = inet6_rthdr_init(rhbuf, IPV6_RTHDR_TYPE_0);
-		if (*cp != '@')
-			return -1;
-		cp++;
-		*protop = IPPROTO_IPV6;
-		*optp = IPV6_PKTOPTIONS;
-		break;
-#else
-		return -1;
-#endif
-#endif
-	default:
-		return -1;
-	}
-
-	memset(&hints, 0, sizeof(hints));
-	hints.ai_family = ai->ai_family;
-	hints.ai_socktype = SOCK_STREAM;
-
-	for (c = 0;;) {
-		if (c == ':')
-			cp2 = 0;
-		else for (cp2 = cp; (c = *cp2) != '\0'; cp2++) {
-			if (c == ',') {
-				*cp2++ = '\0';
-				if (*cp2 == '@')
-					cp2++;
-			} else if (c == '@') {
-				*cp2++ = '\0';
-			}
-#if 0	/*colon conflicts with IPv6 address*/
-			else if (c == ':') {
-				*cp2++ = '\0';
-			}
-#endif
-			else
-				continue;
-			break;
-		}
-		if (!c)
-			cp2 = 0;
-
-		error = getaddrinfo(cp, NULL, &hints, &res);
-		if (error) {
-			fprintf(stderr, "%s: %s\n", cp, gai_strerror(error));
-			return -1;
-		}
-		if (ai->ai_family != res->ai_family) {
-			freeaddrinfo(res);
-			return -1;
-		}
-		if (ai->ai_family == AF_INET) {
-			/*
-			 * Check to make sure there is space for address
-			 */
-			if (lsrp + 4 > lsrep) {
-				freeaddrinfo(res);
-				return -1;
-			}
-			sin = (struct sockaddr_in *)res->ai_addr;
-			memcpy(lsrp, &sin->sin_addr, sizeof(struct in_addr));
-			lsrp += sizeof(struct in_addr);
-		}
-#ifdef INET6
-		else if (ai->ai_family == AF_INET6) {
-			sin6 = (struct sockaddr_in6 *)res->ai_addr;
-			inet6_rthdr_add(cmsg, &sin6->sin6_addr,
-				IPV6_RTHDR_LOOSE);
-		}
-#endif
-		else {
-			freeaddrinfo(res);
-			return -1;
-		}
-		freeaddrinfo(res);
-		if (cp2)
-			cp = cp2;
-		else
-			break;
-	}
-	if (ai->ai_family == AF_INET) {
-		/* record the last hop */
-		if (lsrp + 4 > lsrep)
-			return -1;
-		sin = (struct sockaddr_in *)ai->ai_addr;
-		memcpy(lsrp, &sin->sin_addr, sizeof(struct in_addr));
-		lsrp += sizeof(struct in_addr);
-#ifndef	sysV88
-		lsr[IPOPT_OLEN] = lsrp - lsr;
-		if (lsr[IPOPT_OLEN] <= 7 || lsr[IPOPT_OLEN] > 40)
-			return -1;
-		*lsrp++ = IPOPT_NOP;	/*32bit word align*/
-		len = lsrp - lsr;
-		*cpp = lsr;
-#else
-		ipopt.io_len = lsrp - lsr;
-		if (ipopt.io_len <= 5)	/*is 3 better?*/
-			return -1;
-		*cpp = (char 8)&ipopt;
-#endif
-	}
-#ifdef INET6
-	else if (ai->ai_family == AF_INET6) {
-		inet6_rthdr_lasthop(cmsg, IPV6_RTHDR_LOOSE);
-		len = cmsg->cmsg_len;
-		*cpp = rhbuf;
-	}
-#endif
-	else
-		return -1;
-	return len;
-}
-#endif
diff --git a/crypto/heimdal/appl/telnet/telnet/defines.h b/crypto/heimdal/appl/telnet/telnet/defines.h
deleted file mode 100644
index 5c1ac2bcc658..000000000000
--- a/crypto/heimdal/appl/telnet/telnet/defines.h
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Copyright (c) 1988, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)defines.h	8.1 (Berkeley) 6/6/93
- */
-
-#define	settimer(x)	clocks.x = clocks.system++
-
-#define	NETADD(c)	{ *netoring.supply = c; ring_supplied(&netoring, 1); }
-#define	NET2ADD(c1,c2)	{ NETADD(c1); NETADD(c2); }
-#define	NETBYTES()	(ring_full_count(&netoring))
-#define	NETROOM()	(ring_empty_count(&netoring))
-
-#define	TTYADD(c)	if (!(SYNCHing||flushout)) { \
-				*ttyoring.supply = c; \
-				ring_supplied(&ttyoring, 1); \
-			}
-#define	TTYBYTES()	(ring_full_count(&ttyoring))
-#define	TTYROOM()	(ring_empty_count(&ttyoring))
-
-/*	Various modes */
-#define	MODE_LOCAL_CHARS(m)	((m)&(MODE_EDIT|MODE_TRAPSIG))
-#define	MODE_LOCAL_ECHO(m)	((m)&MODE_ECHO)
-#define	MODE_COMMAND_LINE(m)	((m)==-1)
-
-#define	CONTROL(x)	((x)&0x1f)		/* CTRL(x) is not portable */
-
-
-/* XXX extra mode bits, these should be synced with <arpa/telnet.h> */
-
-#define MODE_OUT8	0x8000 /* binary mode sans -opost */
diff --git a/crypto/heimdal/appl/telnet/telnet/externs.h b/crypto/heimdal/appl/telnet/telnet/externs.h
deleted file mode 100644
index badfca5775a2..000000000000
--- a/crypto/heimdal/appl/telnet/telnet/externs.h
+++ /dev/null
@@ -1,444 +0,0 @@
-/*
- * Copyright (c) 1988, 1990, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)externs.h	8.3 (Berkeley) 5/30/95
- */
-
-/* $Id: externs.h 21734 2007-07-31 01:55:45Z lha $ */
-
-#ifndef	BSD
-# define BSD 43
-#endif
-
-#ifndef	_POSIX_VDISABLE
-# ifdef sun
-#  include <sys/param.h>	/* pick up VDISABLE definition, mayby */
-# endif
-# ifdef VDISABLE
-#  define _POSIX_VDISABLE VDISABLE
-# else
-#  define _POSIX_VDISABLE ((cc_t)'\377')
-# endif
-#endif
-
-#define	SUBBUFSIZE	256
-
-extern int
-    autologin,		/* Autologin enabled */
-    skiprc,		/* Don't process the ~/.telnetrc file */
-    eight,		/* use eight bit mode (binary in and/or out */
-    binary,
-    flushout,		/* flush output */
-    connected,		/* Are we connected to the other side? */
-    globalmode,		/* Mode tty should be in */
-    telnetport,		/* Are we connected to the telnet port? */
-    localflow,		/* Flow control handled locally */
-    restartany,		/* If flow control, restart output on any character */
-    localchars,		/* we recognize interrupt/quit */
-    donelclchars,	/* the user has set "localchars" */
-    showoptions,
-    wantencryption,	/* User has requested encryption */
-    net,		/* Network file descriptor */
-    tin,		/* Terminal input file descriptor */
-    tout,		/* Terminal output file descriptor */
-    crlf,		/* Should '\r' be mapped to <CR><LF> (or <CR><NUL>)? */
-    autoflush,		/* flush output when interrupting? */
-    autosynch,		/* send interrupt characters with SYNCH? */
-    SYNCHing,		/* Is the stream in telnet SYNCH mode? */
-    donebinarytoggle,	/* the user has put us in binary */
-    dontlecho,		/* do we suppress local echoing right now? */
-    crmod,
-    netdata,		/* Print out network data flow */
-    prettydump,		/* Print "netdata" output in user readable format */
-    termdata,		/* Print out terminal data flow */
-    debug;		/* Debug level */
-
-extern int intr_happened, intr_waiting;	/* for interrupt handling */
-
-extern cc_t escape;	/* Escape to command mode */
-extern cc_t rlogin;	/* Rlogin mode escape character */
-#ifdef	KLUDGELINEMODE
-extern cc_t echoc;	/* Toggle local echoing */
-#endif
-
-extern char
-    *prompt;		/* Prompt for command. */
-
-extern char
-    doopt[],
-    dont[],
-    will[],
-    wont[],
-    do_dont_resp[],
-    will_wont_resp[],
-    options[],		/* All the little options */
-    *hostname;		/* Who are we connected to? */
-#if	defined(ENCRYPTION)
-extern void (*encrypt_output) (unsigned char *, int);
-extern int (*decrypt_input) (int);
-#endif
-
-/*
- * We keep track of each side of the option negotiation.
- */
-
-#define	MY_STATE_WILL		0x01
-#define	MY_WANT_STATE_WILL	0x02
-#define	MY_STATE_DO		0x04
-#define	MY_WANT_STATE_DO	0x08
-
-/*
- * Macros to check the current state of things
- */
-
-#define	my_state_is_do(opt)		(options[opt]&MY_STATE_DO)
-#define	my_state_is_will(opt)		(options[opt]&MY_STATE_WILL)
-#define my_want_state_is_do(opt)	(options[opt]&MY_WANT_STATE_DO)
-#define my_want_state_is_will(opt)	(options[opt]&MY_WANT_STATE_WILL)
-
-#define	my_state_is_dont(opt)		(!my_state_is_do(opt))
-#define	my_state_is_wont(opt)		(!my_state_is_will(opt))
-#define my_want_state_is_dont(opt)	(!my_want_state_is_do(opt))
-#define my_want_state_is_wont(opt)	(!my_want_state_is_will(opt))
-
-#define	set_my_state_do(opt)		{options[opt] |= MY_STATE_DO;}
-#define	set_my_state_will(opt)		{options[opt] |= MY_STATE_WILL;}
-#define	set_my_want_state_do(opt)	{options[opt] |= MY_WANT_STATE_DO;}
-#define	set_my_want_state_will(opt)	{options[opt] |= MY_WANT_STATE_WILL;}
-
-#define	set_my_state_dont(opt)		{options[opt] &= ~MY_STATE_DO;}
-#define	set_my_state_wont(opt)		{options[opt] &= ~MY_STATE_WILL;}
-#define	set_my_want_state_dont(opt)	{options[opt] &= ~MY_WANT_STATE_DO;}
-#define	set_my_want_state_wont(opt)	{options[opt] &= ~MY_WANT_STATE_WILL;}
-
-/*
- * Make everything symmetrical
- */
-
-#define	HIS_STATE_WILL			MY_STATE_DO
-#define	HIS_WANT_STATE_WILL		MY_WANT_STATE_DO
-#define HIS_STATE_DO			MY_STATE_WILL
-#define HIS_WANT_STATE_DO		MY_WANT_STATE_WILL
-
-#define	his_state_is_do			my_state_is_will
-#define	his_state_is_will		my_state_is_do
-#define his_want_state_is_do		my_want_state_is_will
-#define his_want_state_is_will		my_want_state_is_do
-
-#define	his_state_is_dont		my_state_is_wont
-#define	his_state_is_wont		my_state_is_dont
-#define his_want_state_is_dont		my_want_state_is_wont
-#define his_want_state_is_wont		my_want_state_is_dont
-
-#define	set_his_state_do		set_my_state_will
-#define	set_his_state_will		set_my_state_do
-#define	set_his_want_state_do		set_my_want_state_will
-#define	set_his_want_state_will		set_my_want_state_do
-
-#define	set_his_state_dont		set_my_state_wont
-#define	set_his_state_wont		set_my_state_dont
-#define	set_his_want_state_dont		set_my_want_state_wont
-#define	set_his_want_state_wont		set_my_want_state_dont
-
-
-extern FILE
-    *NetTrace;		/* Where debugging output goes */
-extern char
-    NetTraceFile[];	/* Name of file where debugging output goes */
-extern void
-    SetNetTrace (char *);	/* Function to change where debugging goes */
-
-extern jmp_buf
-    peerdied,
-    toplevel;		/* For error conditions. */
-
-int Scheduler(int);
-extern int scheduler_lockout_tty;
-
-
-/* authenc.c */
-
-#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
-int telnet_net_write(unsigned char *str, int len);
-void net_encrypt(void);
-int telnet_spin(void);
-char *telnet_getenv(const char *val);
-char *telnet_gets(char *prompt, char *result, int length, int echo);
-#endif
-
-/* commands.c */
-
-struct env_lst *env_define (unsigned char *, unsigned char *);
-struct env_lst *env_find(unsigned char *var);
-void env_init (void);
-void env_undefine (unsigned char *);
-void env_export (unsigned char *);
-void env_unexport (unsigned char *);
-void env_send (unsigned char *);
-void env_list (void);
-unsigned char * env_default(int init, int welldefined);
-unsigned char * env_getvalue(unsigned char *var);
-
-void set_escape_char(char *s);
-int sourceroute(struct addrinfo *ai, char *arg, char **cpp,
-		int *prototp, int *optp);
-
-#if	defined(AUTHENTICATION)
-int auth_enable (char *);
-int auth_disable (char *);
-int auth_status (void);
-#endif
-
-#if defined(ENCRYPTION)
-int 	EncryptEnable (char *, char *);
-int 	EncryptDisable (char *, char *);
-int 	EncryptType (char *, char *);
-int 	EncryptStart (char *);
-int 	EncryptStartInput (void);
-int 	EncryptStartOutput (void);
-int 	EncryptStop (char *);
-int 	EncryptStopInput (void);
-int 	EncryptStopOutput (void);
-int 	EncryptStatus (void);
-#endif
-
-#ifdef SIGINFO
-RETSIGTYPE ayt_status(int);
-#endif
-int tn(int argc, char **argv);
-void command(int top, char *tbuf, int cnt);
-
-/* main.c */
-
-void tninit(void);
-void set_forward_options(void);
-
-/* network.c */
-
-void init_network(void);
-int stilloob(void);
-void setneturg(void);
-int netflush(void);
-
-/* sys_bsd.c */
-
-void init_sys(void);
-int TerminalWrite(char *buf, int n);
-int TerminalRead(unsigned char *buf, int n);
-int TerminalAutoFlush(void);
-int TerminalSpecialChars(int c);
-void TerminalFlushOutput(void);
-void TerminalSaveState(void);
-void TerminalDefaultChars(void);
-void TerminalNewMode(int f);
-cc_t *tcval(int func);
-void TerminalSpeeds(long *input_speed, long *output_speed);
-int TerminalWindowSize(long *rows, long *cols);
-int NetClose(int fd);
-void NetNonblockingIO(int fd, int onoff);
-int process_rings(int netin, int netout, int netex, int ttyin, int ttyout,
-		  int poll);
-
-/* telnet.c */
-
-void init_telnet(void);
-
-void tel_leave_binary(int rw);
-void tel_enter_binary(int rw);
-int opt_welldefined(char *ep);
-int telrcv(void);
-int rlogin_susp(void);
-void intp(void);
-void sendbrk(void);
-void sendabort(void);
-void sendsusp(void);
-void sendeof(void);
-void sendayt(void);
-
-void xmitAO(void);
-void xmitEL(void);
-void xmitEC(void);
-
-
-void     Dump (char, unsigned char *, int);
-void     printoption (char *, int, int);
-void     printsub (int, unsigned char *, int);
-void     sendnaws (void);
-void     setconnmode (int);
-void     setcommandmode (void);
-void     setneturg (void);
-void     sys_telnet_init (void);
-void     my_telnet (char *);
-void     tel_enter_binary (int);
-void     TerminalFlushOutput (void);
-void     TerminalNewMode (int);
-void     TerminalRestoreState (void);
-void     TerminalSaveState (void);
-void     willoption (int);
-void     wontoption (int);
-
-
-void     send_do (int, int);
-void     send_dont (int, int);
-void     send_will (int, int);
-void     send_wont (int, int);
-
-void     lm_will (unsigned char *, int);
-void     lm_wont (unsigned char *, int);
-void     lm_do (unsigned char *, int);
-void     lm_dont (unsigned char *, int);
-void     lm_mode (unsigned char *, int, int);
-
-void     slc_init (void);
-void     slcstate (void);
-void     slc_mode_export (void);
-void     slc_mode_import (int);
-void     slc_import (int);
-void     slc_export (void);
-void     slc (unsigned char *, int);
-void     slc_check (void);
-void     slc_start_reply (void);
-void     slc_add_reply (unsigned char, unsigned char, cc_t);
-void     slc_end_reply (void);
-int	 slc_update (void);
-
-void     env_opt (unsigned char *, int);
-void     env_opt_start (void);
-void     env_opt_start_info (void);
-void     env_opt_add (unsigned char *);
-void     env_opt_end (int);
-
-unsigned char     *env_default (int, int);
-unsigned char     *env_getvalue (unsigned char *);
-
-int get_status (void);
-int dosynch (void);
-
-cc_t *tcval (int);
-
-int quit (void);
-
-/* terminal.c */
-
-void init_terminal(void);
-int ttyflush(int drop);
-int getconnmode(void);
-
-/* utilities.c */
-
-int SetSockOpt(int fd, int level, int option, int yesno);
-void SetNetTrace(char *file);
-void Dump(char direction, unsigned char *buffer, int length);
-void printoption(char *direction, int cmd, int option);
-void optionstatus(void);
-void printsub(int direction, unsigned char *pointer, int length);
-void EmptyTerminal(void);
-void SetForExit(void);
-void Exit(int returnCode);
-void ExitString(char *string, int returnCode);
-
-extern struct	termios new_tc;
-
-# define termEofChar		new_tc.c_cc[VEOF]
-# define termEraseChar		new_tc.c_cc[VERASE]
-# define termIntChar		new_tc.c_cc[VINTR]
-# define termKillChar		new_tc.c_cc[VKILL]
-# define termQuitChar		new_tc.c_cc[VQUIT]
-
-# ifndef	VSUSP
-extern cc_t termSuspChar;
-# else
-#  define termSuspChar		new_tc.c_cc[VSUSP]
-# endif
-# if	defined(VFLUSHO) && !defined(VDISCARD)
-#  define VDISCARD VFLUSHO
-# endif
-# ifndef	VDISCARD
-extern cc_t termFlushChar;
-# else
-#  define termFlushChar		new_tc.c_cc[VDISCARD]
-# endif
-# ifndef VWERASE
-extern cc_t termWerasChar;
-# else
-#  define termWerasChar		new_tc.c_cc[VWERASE]
-# endif
-# ifndef	VREPRINT
-extern cc_t termRprntChar;
-# else
-#  define termRprntChar		new_tc.c_cc[VREPRINT]
-# endif
-# ifndef	VLNEXT
-extern cc_t termLiteralNextChar;
-# else
-#  define termLiteralNextChar	new_tc.c_cc[VLNEXT]
-# endif
-# ifndef	VSTART
-extern cc_t termStartChar;
-# else
-#  define termStartChar		new_tc.c_cc[VSTART]
-# endif
-# ifndef	VSTOP
-extern cc_t termStopChar;
-# else
-#  define termStopChar		new_tc.c_cc[VSTOP]
-# endif
-# ifndef	VEOL
-extern cc_t termForw1Char;
-# else
-#  define termForw1Char		new_tc.c_cc[VEOL]
-# endif
-# ifndef	VEOL2
-extern cc_t termForw2Char;
-# else
-#  define termForw2Char		new_tc.c_cc[VEOL]
-# endif
-# ifndef	VSTATUS
-extern cc_t termAytChar;
-#else
-#  define termAytChar		new_tc.c_cc[VSTATUS]
-#endif
-
-/* Ring buffer structures which are shared */
-
-extern Ring
-    netoring,
-    netiring,
-    ttyoring,
-    ttyiring;
-
-extern int resettermname;
-extern int linemode;
-#ifdef KLUDGELINEMODE
-extern int kludgelinemode;
-#endif
-extern int want_status_response;
diff --git a/crypto/heimdal/appl/telnet/telnet/main.c b/crypto/heimdal/appl/telnet/telnet/main.c
deleted file mode 100644
index bb358a8d8823..000000000000
--- a/crypto/heimdal/appl/telnet/telnet/main.c
+++ /dev/null
@@ -1,370 +0,0 @@
-/*
- * Copyright (c) 1988, 1990, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-static char *copyright[] = {
-    "@(#) Copyright (c) 1988, 1990, 1993\n"
-    "\tThe Regents of the University of California.  All rights reserved.\n",
-    (char*)copyright
-};
-
-#include "telnet_locl.h"
-RCSID("$Id: main.c 21731 2007-07-30 20:01:26Z lha $");
-
-#if KRB5
-#define FORWARD
-#endif
-
-/*
- * Initialize variables.
- */
-void
-tninit(void)
-{
-    init_terminal();
-
-    init_network();
-
-    init_telnet();
-
-    init_sys();
-}
-
-static void
-usage(int exit_code)
-{
-  fprintf(stderr, "Usage: %s %s%s%s%s\n", prompt,
-#ifdef	AUTHENTICATION
-	  "[-8] [-E] [-K] [-L] [-G] [-S tos] [-X atype] [-a] [-c] [-d] [-e char]",
-	  "\n\t[-k realm] [-l user] [-f/-F] [-n tracefile] ",
-#else
-	  "[-8] [-E] [-L] [-S tos] [-a] [-c] [-d] [-e char] [-l user]",
-	  "\n\t[-n tracefile]",
-#endif
-	  "[-r] ",
-#ifdef	ENCRYPTION
-	  "[-x] [host-name [port]]"
-#else
-	  "[host-name [port]]"
-#endif
-    );
-  exit(exit_code);
-}
-
-/*
- * main.  Parse arguments, invoke the protocol or command parser.
- */
-
-
-#ifdef	FORWARD
-int forward_option = 0; /* forward flags set from command line */
-#endif	/* FORWARD */
-void
-set_forward_options(void)
-{
-#ifdef FORWARD
-	switch(forward_option) {
-	case 'f':
-		kerberos5_set_forward(1);
-		kerberos5_set_forwardable(0);
-		break;
-	case 'F':
-		kerberos5_set_forward(1);
-		kerberos5_set_forwardable(1);
-		break;
-	case 'G':
-		kerberos5_set_forward(0);
-		kerberos5_set_forwardable(0);
-		break;
-	default:
-		break;
-	}
-#endif
-}
-
-#ifdef KRB5
-#define Authenticator asn1_Authenticator
-#include <krb5.h>
-static void
-krb5_init(void)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    krb5_boolean ret_val;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	return;
-
-#if defined(AUTHENTICATION) && defined(FORWARD)
-    krb5_appdefault_boolean(context, NULL,
-			    NULL, "forward",
-			    0, &ret_val);
-    if (ret_val)
-	    kerberos5_set_forward(1);
-    krb5_appdefault_boolean(context, NULL,
-			    NULL, "forwardable",
-			    0, &ret_val);
-    if (ret_val)
-	    kerberos5_set_forwardable(1);
-#endif
-#ifdef  ENCRYPTION
-    krb5_appdefault_boolean(context, NULL, 
-			    NULL, "encrypt",
-			    0, &ret_val);
-    if (ret_val) {
-          encrypt_auto(1);
-          decrypt_auto(1); 
-	  wantencryption = 1;
-          EncryptVerbose(1);
-        }
-#endif
-
-    krb5_free_context(context);
-}
-#endif
-
-#if defined(AUTHENTICATION) && defined(KRB4)
-extern char *dest_realm, dst_realm_buf[];
-extern int dst_realm_sz;
-#endif
-
-int
-main(int argc, char **argv)
-{
-	int ch;
-	char *user;
-
-	setprogname(argv[0]);
-
-#ifdef KRB5
-	krb5_init();
-#endif
-	
-	tninit();		/* Clear out things */
-
-	TerminalSaveState();
-
-	if ((prompt = strrchr(argv[0], '/')))
-		++prompt;
-	else
-		prompt = argv[0];
-
-	user = NULL;
-
-	rlogin = (strncmp(prompt, "rlog", 4) == 0) ? '~' : _POSIX_VDISABLE;
-
-	/* 
-	 * if AUTHENTICATION and ENCRYPTION is set autologin will be
-	 * se to true after the getopt switch; unless the -K option is
-	 * passed 
-	 */
-	autologin = -1;
-
-	if (argc == 2 && strcmp(argv[1], "--version") == 0) {
-	    print_version(NULL);
-	    exit(0);
-	}
-	if (argc == 2 && strcmp(argv[1], "--help") == 0)
-	    usage(0);
-
-
-	while((ch = getopt(argc, argv,
-			   "78DEKLS:X:abcde:fFk:l:n:rxG")) != -1) {
-		switch(ch) {
-		case '8':
-			eight = 3;	/* binary output and input */
-			break;
-		case '7':
-			eight = 0;
-			break;
-		case 'b':
-		    binary = 3;
-		    break;
-		case 'D': {
-		    /* sometimes we don't want a mangled display */
-		    char *p;
-		    if((p = getenv("DISPLAY")))
-			env_define((unsigned char*)"DISPLAY", (unsigned char*)p);
-		    break;
-		}
-		case 'E':
-			rlogin = escape = _POSIX_VDISABLE;
-			break;
-		case 'K':
-#ifdef	AUTHENTICATION
-			autologin = 0;
-#endif
-			break;
-		case 'L':
-			eight |= 2;	/* binary output only */
-			break;
-		case 'S':
-		    {
-#ifdef	HAVE_PARSETOS
-			extern int tos;
-
-			if ((tos = parsetos(optarg, "tcp")) < 0)
-				fprintf(stderr, "%s%s%s%s\n",
-					prompt, ": Bad TOS argument '",
-					optarg,
-					"; will try to use default TOS");
-#else
-			fprintf(stderr,
-			   "%s: Warning: -S ignored, no parsetos() support.\n",
-								prompt);
-#endif
-		    }
-			break;
-		case 'X':
-#ifdef	AUTHENTICATION
-			auth_disable_name(optarg);
-#endif
-			break;
-		case 'a':
-			autologin = 1;
-			break;
-		case 'c':
-			skiprc = 1;
-			break;
-		case 'd':
-			debug = 1;
-			break;
-		case 'e':
-			set_escape_char(optarg);
-			break;
-		case 'f':
-		case 'F':
-		case 'G':
-#if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD)
-			if (forward_option) {
-			    fprintf(stderr,
-				    "%s: Only one of -f, -F and -G allowed.\n",
-				    prompt);
-			    usage(1);
-			}
-			forward_option = ch;
-#else
-			fprintf(stderr,
-			 "%s: Warning: -%c ignored, no Kerberos V5 support.\n",
-				prompt, ch);
-#endif
-			break;
-		case 'k':
-#if defined(AUTHENTICATION) && defined(KRB4)
-		    {
-			dest_realm = dst_realm_buf;
-			strlcpy(dest_realm, optarg, dst_realm_sz);
-		    }
-#else
-			fprintf(stderr,
-			   "%s: Warning: -k ignored, no Kerberos V4 support.\n",
-								prompt);
-#endif
-			break;
-		case 'l':
-		  if(autologin == 0){
-		    fprintf(stderr, "%s: Warning: -K ignored\n", prompt);
-		    autologin = -1;
-		  }
-			user = optarg;
-			break;
-		case 'n':
-				SetNetTrace(optarg);
-			break;
-		case 'r':
-			rlogin = '~';
-			break;
-		case 'x':
-#ifdef	ENCRYPTION
-			encrypt_auto(1);
-			decrypt_auto(1);
-			wantencryption = 1;
-			EncryptVerbose(1);
-#else
-			fprintf(stderr,
-			    "%s: Warning: -x ignored, no ENCRYPT support.\n",
-								prompt);
-#endif
-			break;
-
-		case '?':
-		default:
-			usage(1);
-			/* NOTREACHED */
-		}
-	}
-
-	if (autologin == -1) {		/* esc@magic.fi; force  */
-#if defined(AUTHENTICATION)
-		autologin = 1;
-#endif
-#if defined(ENCRYPTION)
-		encrypt_auto(1);
-		decrypt_auto(1);
-		wantencryption = -1;
-#endif
-	}
-
-	if (autologin == -1)
-		autologin = (rlogin == _POSIX_VDISABLE) ? 0 : 1;
-
-	argc -= optind;
-	argv += optind;
-
-	if (argc) {
-		char *args[7], **argp = args;
-
-		if (argc > 2)
-			usage(1);
-		*argp++ = prompt;
-		if (user) {
-			*argp++ = "-l";
-			*argp++ = user;
-		}
-		*argp++ = argv[0];		/* host */
-		if (argc > 1)
-			*argp++ = argv[1];	/* port */
-		*argp = 0;
-
-		if (setjmp(toplevel) != 0)
-			Exit(0);
-		if (tn(argp - args, args) == 1)
-			return (0);
-		else
-			return (1);
-	}
-	setjmp(toplevel);
-	for (;;) {
-			command(1, 0, 0);
-	}
-}
diff --git a/crypto/heimdal/appl/telnet/telnet/network.c b/crypto/heimdal/appl/telnet/telnet/network.c
deleted file mode 100644
index 4a565880d2a2..000000000000
--- a/crypto/heimdal/appl/telnet/telnet/network.c
+++ /dev/null
@@ -1,173 +0,0 @@
-/*
- * Copyright (c) 1988, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "telnet_locl.h"
-
-RCSID("$Id: network.c 13941 2004-06-20 17:01:28Z lha $");
-
-Ring		netoring, netiring;
-size_t		netobufsize = 64*1024;
-size_t		netibufsize = 64*1024;
-
-/*
- * Initialize internal network data structures.
- */
-
-void
-init_network(void)
-{
-    void *obuf, *ibuf;
-    
-    if ((obuf = malloc(netobufsize)) == NULL)
-	exit(1);
-    if ((ibuf = malloc(netibufsize)) == NULL)
-	exit(1);
-
-    if (ring_init(&netoring, obuf, netobufsize) != 1) {
-	exit(1);
-    }
-    if (ring_init(&netiring, ibuf, netibufsize) != 1) {
-	exit(1);
-    }
-    NetTrace = stdout;
-}
-
-
-/*
- * Check to see if any out-of-band data exists on a socket (for
- * Telnet "synch" processing).
- */
-
-int
-stilloob(void)
-{
-    static struct timeval timeout = { 0 };
-    fd_set	excepts;
-    int value;
-
-    do {
-	FD_ZERO(&excepts);
-	if (net >= FD_SETSIZE)
-	    errx (1, "fd too large");
-	FD_SET(net, &excepts);
-	value = select(net+1, 0, 0, &excepts, &timeout);
-    } while ((value == -1) && (errno == EINTR));
-
-    if (value < 0) {
-	perror("select");
-	quit();
-	/* NOTREACHED */
-    }
-    if (FD_ISSET(net, &excepts)) {
-	return 1;
-    } else {
-	return 0;
-    }
-}
-
-
-/*
- *  setneturg()
- *
- *	Sets "neturg" to the current location.
- */
-
-void
-setneturg(void)
-{
-    ring_mark(&netoring);
-}
-
-
-/*
- *  netflush
- *		Send as much data as possible to the network,
- *	handling requests for urgent data.
- *
- *		The return value indicates whether we did any
- *	useful work.
- */
-
-
-int
-netflush(void)
-{
-    int n, n1;
-
-#if	defined(ENCRYPTION)
-    if (encrypt_output)
-	ring_encrypt(&netoring, encrypt_output);
-#endif
-    if ((n1 = n = ring_full_consecutive(&netoring)) > 0) {
-	if (!ring_at_mark(&netoring)) {
-	    n = send(net, (char *)netoring.consume, n, 0); /* normal write */
-	} else {
-	    /*
-	     * In 4.2 (and 4.3) systems, there is some question about
-	     * what byte in a sendOOB operation is the "OOB" data.
-	     * To make ourselves compatible, we only send ONE byte
-	     * out of band, the one WE THINK should be OOB (though
-	     * we really have more the TCP philosophy of urgent data
-	     * rather than the Unix philosophy of OOB data).
-	     */
-	    n = send(net, (char *)netoring.consume, 1, MSG_OOB);/* URGENT data */
-	}
-    }
-    if (n < 0) {
-	if (errno != ENOBUFS && errno != EWOULDBLOCK) {
-	    setcommandmode();
-	    perror(hostname);
-	    NetClose(net);
-	    ring_clear_mark(&netoring);
-	    longjmp(peerdied, -1);
-	    /*NOTREACHED*/
-	}
-	n = 0;
-    }
-    if (netdata && n) {
-	Dump('>', netoring.consume, n);
-    }
-    if (n) {
-	ring_consumed(&netoring, n);
-	/*
-	 * If we sent all, and more to send, then recurse to pick
-	 * up the other half.
-	 */
-	if ((n1 == n) && ring_full_consecutive(&netoring)) {
-	    netflush();
-	}
-	return 1;
-    } else {
-	return 0;
-    }
-}
diff --git a/crypto/heimdal/appl/telnet/telnet/ring.c b/crypto/heimdal/appl/telnet/telnet/ring.c
deleted file mode 100644
index fd93e949482c..000000000000
--- a/crypto/heimdal/appl/telnet/telnet/ring.c
+++ /dev/null
@@ -1,321 +0,0 @@
-/*
- * Copyright (c) 1988, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "telnet_locl.h"
-
-RCSID("$Id: ring.c 7853 2000-02-06 05:15:47Z assar $");
-
-/*
- * This defines a structure for a ring buffer.
- *
- * The circular buffer has two parts:
- *(((
- *	full:	[consume, supply)
- *	empty:	[supply, consume)
- *]]]
- *
- */
-
-/* Internal macros */
-
-#define	ring_subtract(d,a,b)	(((a)-(b) >= 0)? \
-					(a)-(b): (((a)-(b))+(d)->size))
-
-#define	ring_increment(d,a,c)	(((a)+(c) < (d)->top)? \
-					(a)+(c) : (((a)+(c))-(d)->size))
-
-#define	ring_decrement(d,a,c)	(((a)-(c) >= (d)->bottom)? \
-					(a)-(c) : (((a)-(c))-(d)->size))
-
-
-/*
- * The following is a clock, used to determine full, empty, etc.
- *
- * There is some trickiness here.  Since the ring buffers are initialized
- * to ZERO on allocation, we need to make sure, when interpreting the
- * clock, that when the times are EQUAL, then the buffer is FULL.
- */
-static u_long ring_clock = 0;
-
-
-#define	ring_empty(d) (((d)->consume == (d)->supply) && \
-				((d)->consumetime >= (d)->supplytime))
-#define	ring_full(d) (((d)->supply == (d)->consume) && \
-				((d)->supplytime > (d)->consumetime))
-
-
-
-
-
-/* Buffer state transition routines */
-
-int
-ring_init(Ring *ring, unsigned char *buffer, int count)
-{
-    memset(ring, 0, sizeof *ring);
-
-    ring->size = count;
-
-    ring->supply = ring->consume = ring->bottom = buffer;
-
-    ring->top = ring->bottom+ring->size;
-
-#if	defined(ENCRYPTION)
-    ring->clearto = 0;
-#endif
-
-    return 1;
-}
-
-/* Mark routines */
-
-/*
- * Mark the most recently supplied byte.
- */
-
-void
-ring_mark(Ring *ring)
-{
-    ring->mark = ring_decrement(ring, ring->supply, 1);
-}
-
-/*
- * Is the ring pointing to the mark?
- */
-
-int
-ring_at_mark(Ring *ring)
-{
-    if (ring->mark == ring->consume) {
-	return 1;
-    } else {
-	return 0;
-    }
-}
-
-/*
- * Clear any mark set on the ring.
- */
-
-void
-ring_clear_mark(Ring *ring)
-{
-    ring->mark = 0;
-}
-
-/*
- * Add characters from current segment to ring buffer.
- */
-void
-ring_supplied(Ring *ring, int count)
-{
-    ring->supply = ring_increment(ring, ring->supply, count);
-    ring->supplytime = ++ring_clock;
-}
-
-/*
- * We have just consumed "c" bytes.
- */
-void
-ring_consumed(Ring *ring, int count)
-{
-    if (count == 0)	/* don't update anything */
-	return;
-
-    if (ring->mark &&
-		(ring_subtract(ring, ring->mark, ring->consume) < count)) {
-	ring->mark = 0;
-    }
-#if	defined(ENCRYPTION)
-    if (ring->consume < ring->clearto &&
-		ring->clearto <= ring->consume + count)
-	ring->clearto = 0;
-    else if (ring->consume + count > ring->top &&
-		ring->bottom <= ring->clearto &&
-		ring->bottom + ((ring->consume + count) - ring->top))
-	ring->clearto = 0;
-#endif
-    ring->consume = ring_increment(ring, ring->consume, count);
-    ring->consumetime = ++ring_clock;
-    /*
-     * Try to encourage "ring_empty_consecutive()" to be large.
-     */
-    if (ring_empty(ring)) {
-	ring->consume = ring->supply = ring->bottom;
-    }
-}
-
-
-
-/* Buffer state query routines */
-
-
-/* Number of bytes that may be supplied */
-int
-ring_empty_count(Ring *ring)
-{
-    if (ring_empty(ring)) {	/* if empty */
-	    return ring->size;
-    } else {
-	return ring_subtract(ring, ring->consume, ring->supply);
-    }
-}
-
-/* number of CONSECUTIVE bytes that may be supplied */
-int
-ring_empty_consecutive(Ring *ring)
-{
-    if ((ring->consume < ring->supply) || ring_empty(ring)) {
-			    /*
-			     * if consume is "below" supply, or empty, then
-			     * return distance to the top
-			     */
-	return ring_subtract(ring, ring->top, ring->supply);
-    } else {
-				    /*
-				     * else, return what we may.
-				     */
-	return ring_subtract(ring, ring->consume, ring->supply);
-    }
-}
-
-/* Return the number of bytes that are available for consuming
- * (but don't give more than enough to get to cross over set mark)
- */
-
-int
-ring_full_count(Ring *ring)
-{
-    if ((ring->mark == 0) || (ring->mark == ring->consume)) {
-	if (ring_full(ring)) {
-	    return ring->size;	/* nothing consumed, but full */
-	} else {
-	    return ring_subtract(ring, ring->supply, ring->consume);
-	}
-    } else {
-	return ring_subtract(ring, ring->mark, ring->consume);
-    }
-}
-
-/*
- * Return the number of CONSECUTIVE bytes available for consuming.
- * However, don't return more than enough to cross over set mark.
- */
-int
-ring_full_consecutive(Ring *ring)
-{
-    if ((ring->mark == 0) || (ring->mark == ring->consume)) {
-	if ((ring->supply < ring->consume) || ring_full(ring)) {
-	    return ring_subtract(ring, ring->top, ring->consume);
-	} else {
-	    return ring_subtract(ring, ring->supply, ring->consume);
-	}
-    } else {
-	if (ring->mark < ring->consume) {
-	    return ring_subtract(ring, ring->top, ring->consume);
-	} else {	/* Else, distance to mark */
-	    return ring_subtract(ring, ring->mark, ring->consume);
-	}
-    }
-}
-
-/*
- * Move data into the "supply" portion of of the ring buffer.
- */
-void
-ring_supply_data(Ring *ring, unsigned char *buffer, int count)
-{
-    int i;
-
-    while (count) {
-	i = min(count, ring_empty_consecutive(ring));
-	memmove(ring->supply, buffer, i);
-	ring_supplied(ring, i);
-	count -= i;
-	buffer += i;
-    }
-}
-
-#ifdef notdef
-
-/*
- * Move data from the "consume" portion of the ring buffer
- */
-void
-ring_consume_data(Ring *ring, unsigned char *buffer, int count)
-{
-    int i;
-
-    while (count) {
-	i = min(count, ring_full_consecutive(ring));
-	memmove(buffer, ring->consume, i);
-	ring_consumed(ring, i);
-	count -= i;
-	buffer += i;
-    }
-}
-#endif
-
-#if	defined(ENCRYPTION)
-void
-ring_encrypt(Ring *ring, void (*encryptor)(unsigned char *, int))
-{
-    unsigned char *s, *c;
-
-    if (ring_empty(ring) || ring->clearto == ring->supply)
-	return;
-
-    if (!(c = ring->clearto))
-	c = ring->consume;
-
-    s = ring->supply;
-
-    if (s <= c) {
-	(*encryptor)(c, ring->top - c);
-	(*encryptor)(ring->bottom, s - ring->bottom);
-    } else
-	(*encryptor)(c, s - c);
-
-    ring->clearto = ring->supply;
-}
-
-void
-ring_clearto(Ring *ring)
-{
-    if (!ring_empty(ring))
-	ring->clearto = ring->supply;
-    else
-	ring->clearto = 0;
-}
-#endif
-
diff --git a/crypto/heimdal/appl/telnet/telnet/ring.h b/crypto/heimdal/appl/telnet/telnet/ring.h
deleted file mode 100644
index d0c2ad75b66c..000000000000
--- a/crypto/heimdal/appl/telnet/telnet/ring.h
+++ /dev/null
@@ -1,99 +0,0 @@
-/*
- * Copyright (c) 1988, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)ring.h	8.1 (Berkeley) 6/6/93
- */
-
-/* $Id: ring.h 7853 2000-02-06 05:15:47Z assar $ */
-
-/*
- * This defines a structure for a ring buffer.
- *
- * The circular buffer has two parts:
- *(((
- *	full:	[consume, supply)
- *	empty:	[supply, consume)
- *]]]
- *
- */
-typedef struct {
-    unsigned char	*consume,	/* where data comes out of */
-			*supply,	/* where data comes in to */
-			*bottom,	/* lowest address in buffer */
-			*top,		/* highest address+1 in buffer */
-			*mark;		/* marker (user defined) */
-#if	defined(ENCRYPTION)
-    unsigned char	*clearto;	/* Data to this point is clear text */
-    unsigned char	*encryyptedto;	/* Data is encrypted to here */
-#endif
-    int		size;		/* size in bytes of buffer */
-    u_long	consumetime,	/* help us keep straight full, empty, etc. */
-		supplytime;
-} Ring;
-
-/* Here are some functions and macros to deal with the ring buffer */
-
-/* Initialization routine */
-extern int
-	ring_init (Ring *ring, unsigned char *buffer, int count);
-
-/* Data movement routines */
-extern void
-	ring_supply_data (Ring *ring, unsigned char *buffer, int count);
-#ifdef notdef
-extern void
-	ring_consume_data (Ring *ring, unsigned char *buffer, int count);
-#endif
-
-/* Buffer state transition routines */
-extern void
-	ring_supplied (Ring *ring, int count),
-	ring_consumed (Ring *ring, int count);
-
-/* Buffer state query routines */
-extern int
-	ring_empty_count (Ring *ring),
-	ring_empty_consecutive (Ring *ring),
-	ring_full_count (Ring *ring),
-	ring_full_consecutive (Ring *ring);
-
-#if	defined(ENCRYPTION)
-extern void
-	ring_encrypt (Ring *ring, void (*func)(unsigned char *, int)),
-	ring_clearto (Ring *ring);
-#endif
-
-extern int ring_at_mark(Ring *ring);
-
-extern void
-    ring_clear_mark(Ring *ring),
-    ring_mark(Ring *ring);
diff --git a/crypto/heimdal/appl/telnet/telnet/sys_bsd.c b/crypto/heimdal/appl/telnet/telnet/sys_bsd.c
deleted file mode 100644
index 5bc2d1298cbb..000000000000
--- a/crypto/heimdal/appl/telnet/telnet/sys_bsd.c
+++ /dev/null
@@ -1,979 +0,0 @@
-/*
- * Copyright (c) 1988, 1990, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "telnet_locl.h"
-
-RCSID("$Id: sys_bsd.c 10941 2002-04-18 16:18:43Z joda $");
-
-/*
- * The following routines try to encapsulate what is system dependent
- * (at least between 4.x and dos) which is used in telnet.c.
- */
-
-int
-	tout,			/* Output file descriptor */
-	tin,			/* Input file descriptor */
-	net;
-
-struct	termios old_tc = { 0 };
-extern struct termios new_tc;
-
-# ifndef	TCSANOW
-#  ifdef TCSETS
-#   define	TCSANOW		TCSETS
-#   define	TCSADRAIN	TCSETSW
-#   define	tcgetattr(f, t) ioctl(f, TCGETS, (char *)t)
-#  else
-#   ifdef TCSETA
-#    define	TCSANOW		TCSETA
-#    define	TCSADRAIN	TCSETAW
-#    define	tcgetattr(f, t) ioctl(f, TCGETA, (char *)t)
-#   else
-#    define	TCSANOW		TIOCSETA
-#    define	TCSADRAIN	TIOCSETAW
-#    define	tcgetattr(f, t) ioctl(f, TIOCGETA, (char *)t)
-#   endif
-#  endif
-#  define	tcsetattr(f, a, t) ioctl(f, a, (char *)t)
-#  define	cfgetospeed(ptr)	((ptr)->c_cflag&CBAUD)
-#  ifdef CIBAUD
-#   define	cfgetispeed(ptr)	(((ptr)->c_cflag&CIBAUD) >> IBSHIFT)
-#  else
-#   define	cfgetispeed(ptr)	cfgetospeed(ptr)
-#  endif
-# endif /* TCSANOW */
-
-static fd_set ibits, obits, xbits;
-
-
-void
-init_sys(void)
-{
-    tout = fileno(stdout);
-    tin = fileno(stdin);
-    FD_ZERO(&ibits);
-    FD_ZERO(&obits);
-    FD_ZERO(&xbits);
-
-    errno = 0;
-}
-
-
-int
-TerminalWrite(char *buf, int n)
-{
-    return write(tout, buf, n);
-}
-
-int
-TerminalRead(unsigned char *buf, int n)
-{
-    return read(tin, buf, n);
-}
-
-/*
- *
- */
-
-int
-TerminalAutoFlush(void)
-{
-#if	defined(LNOFLSH)
-    int flush;
-
-    ioctl(0, TIOCLGET, (char *)&flush);
-    return !(flush&LNOFLSH);	/* if LNOFLSH, no autoflush */
-#else	/* LNOFLSH */
-    return 1;
-#endif	/* LNOFLSH */
-}
-
-/*
- * TerminalSpecialChars()
- *
- * Look at an input character to see if it is a special character
- * and decide what to do.
- *
- * Output:
- *
- *	0	Don't add this character.
- *	1	Do add this character
- */
-
-int
-TerminalSpecialChars(int c)
-{
-    if (c == termIntChar) {
-	intp();
-	return 0;
-    } else if (c == termQuitChar) {
-#ifdef	KLUDGELINEMODE
-	if (kludgelinemode)
-	    sendbrk();
-	else
-#endif
-	    sendabort();
-	return 0;
-    } else if (c == termEofChar) {
-	if (my_want_state_is_will(TELOPT_LINEMODE)) {
-	    sendeof();
-	    return 0;
-	}
-	return 1;
-    } else if (c == termSuspChar) {
-	sendsusp();
-	return(0);
-    } else if (c == termFlushChar) {
-	xmitAO();		/* Transmit Abort Output */
-	return 0;
-    } else if (!MODE_LOCAL_CHARS(globalmode)) {
-	if (c == termKillChar) {
-	    xmitEL();
-	    return 0;
-	} else if (c == termEraseChar) {
-	    xmitEC();		/* Transmit Erase Character */
-	    return 0;
-	}
-    }
-    return 1;
-}
-
-
-/*
- * Flush output to the terminal
- */
-
-void
-TerminalFlushOutput(void)
-{
-#ifdef	TIOCFLUSH
-    ioctl(fileno(stdout), TIOCFLUSH, (char *) 0);
-#else
-    ioctl(fileno(stdout), TCFLSH, (char *) 0);
-#endif
-}
-
-void
-TerminalSaveState(void)
-{
-    tcgetattr(0, &old_tc);
-
-    new_tc = old_tc;
-
-#ifndef	VDISCARD
-    termFlushChar = CONTROL('O');
-#endif
-#ifndef	VWERASE
-    termWerasChar = CONTROL('W');
-#endif
-#ifndef	VREPRINT
-    termRprntChar = CONTROL('R');
-#endif
-#ifndef	VLNEXT
-    termLiteralNextChar = CONTROL('V');
-#endif
-#ifndef	VSTART
-    termStartChar = CONTROL('Q');
-#endif
-#ifndef	VSTOP
-    termStopChar = CONTROL('S');
-#endif
-#ifndef	VSTATUS
-    termAytChar = CONTROL('T');
-#endif
-}
-
-cc_t*
-tcval(int func)
-{
-    switch(func) {
-    case SLC_IP:	return(&termIntChar);
-    case SLC_ABORT:	return(&termQuitChar);
-    case SLC_EOF:	return(&termEofChar);
-    case SLC_EC:	return(&termEraseChar);
-    case SLC_EL:	return(&termKillChar);
-    case SLC_XON:	return(&termStartChar);
-    case SLC_XOFF:	return(&termStopChar);
-    case SLC_FORW1:	return(&termForw1Char);
-    case SLC_FORW2:	return(&termForw2Char);
-# ifdef	VDISCARD
-    case SLC_AO:	return(&termFlushChar);
-# endif
-# ifdef	VSUSP
-    case SLC_SUSP:	return(&termSuspChar);
-# endif
-# ifdef	VWERASE
-    case SLC_EW:	return(&termWerasChar);
-# endif
-# ifdef	VREPRINT
-    case SLC_RP:	return(&termRprntChar);
-# endif
-# ifdef	VLNEXT
-    case SLC_LNEXT:	return(&termLiteralNextChar);
-# endif
-# ifdef	VSTATUS
-    case SLC_AYT:	return(&termAytChar);
-# endif
-
-    case SLC_SYNCH:
-    case SLC_BRK:
-    case SLC_EOR:
-    default:
-	return((cc_t *)0);
-    }
-}
-
-void
-TerminalDefaultChars(void)
-{
-    memmove(new_tc.c_cc, old_tc.c_cc, sizeof(old_tc.c_cc));
-# ifndef	VDISCARD
-    termFlushChar = CONTROL('O');
-# endif
-# ifndef	VWERASE
-    termWerasChar = CONTROL('W');
-# endif
-# ifndef	VREPRINT
-    termRprntChar = CONTROL('R');
-# endif
-# ifndef	VLNEXT
-    termLiteralNextChar = CONTROL('V');
-# endif
-# ifndef	VSTART
-    termStartChar = CONTROL('Q');
-# endif
-# ifndef	VSTOP
-    termStopChar = CONTROL('S');
-# endif
-# ifndef	VSTATUS
-    termAytChar = CONTROL('T');
-# endif
-}
-
-#ifdef notdef
-void
-TerminalRestoreState()
-{
-}
-#endif
-
-/*
- * TerminalNewMode - set up terminal to a specific mode.
- *	MODE_ECHO: do local terminal echo
- *	MODE_FLOW: do local flow control
- *	MODE_TRAPSIG: do local mapping to TELNET IAC sequences
- *	MODE_EDIT: do local line editing
- *
- *	Command mode:
- *		MODE_ECHO|MODE_EDIT|MODE_FLOW|MODE_TRAPSIG
- *		local echo
- *		local editing
- *		local xon/xoff
- *		local signal mapping
- *
- *	Linemode:
- *		local/no editing
- *	Both Linemode and Single Character mode:
- *		local/remote echo
- *		local/no xon/xoff
- *		local/no signal mapping
- */
-
-
-#ifdef	SIGTSTP
-static RETSIGTYPE susp(int);
-#endif	/* SIGTSTP */
-#ifdef	SIGINFO
-static RETSIGTYPE ayt(int);
-#endif
-
-void
-TerminalNewMode(int f)
-{
-    static int prevmode = 0;
-    struct termios tmp_tc;
-    int onoff;
-    int old;
-    cc_t esc;
-
-    globalmode = f&~MODE_FORCE;
-    if (prevmode == f)
-	return;
-
-    /*
-     * Write any outstanding data before switching modes
-     * ttyflush() returns 0 only when there is no more data
-     * left to write out, it returns -1 if it couldn't do
-     * anything at all, otherwise it returns 1 + the number
-     * of characters left to write.
-     */
-    old = ttyflush(SYNCHing|flushout);
-    if (old < 0 || old > 1) {
-	tcgetattr(tin, &tmp_tc);
-	do {
-	    /*
-	     * Wait for data to drain, then flush again.
-	     */
-	    tcsetattr(tin, TCSADRAIN, &tmp_tc);
-	    old = ttyflush(SYNCHing|flushout);
-	} while (old < 0 || old > 1);
-    }
-
-    old = prevmode;
-    prevmode = f&~MODE_FORCE;
-    tmp_tc = new_tc;
-
-    if (f&MODE_ECHO) {
-	tmp_tc.c_lflag |= ECHO;
-	tmp_tc.c_oflag |= ONLCR;
-	if (crlf)
-		tmp_tc.c_iflag |= ICRNL;
-    } else {
-	tmp_tc.c_lflag &= ~ECHO;
-	tmp_tc.c_oflag &= ~ONLCR;
-# ifdef notdef
-	if (crlf)
-		tmp_tc.c_iflag &= ~ICRNL;
-# endif
-    }
-
-    if ((f&MODE_FLOW) == 0) {
-	tmp_tc.c_iflag &= ~(IXOFF|IXON);	/* Leave the IXANY bit alone */
-    } else {
-	if (restartany < 0) {
-		tmp_tc.c_iflag |= IXOFF|IXON;	/* Leave the IXANY bit alone */
-	} else if (restartany > 0) {
-		tmp_tc.c_iflag |= IXOFF|IXON|IXANY;
-	} else {
-		tmp_tc.c_iflag |= IXOFF|IXON;
-		tmp_tc.c_iflag &= ~IXANY;
-	}
-    }
-
-    if ((f&MODE_TRAPSIG) == 0) {
-	tmp_tc.c_lflag &= ~ISIG;
-	localchars = 0;
-    } else {
-	tmp_tc.c_lflag |= ISIG;
-	localchars = 1;
-    }
-
-    if (f&MODE_EDIT) {
-	tmp_tc.c_lflag |= ICANON;
-    } else {
-	tmp_tc.c_lflag &= ~ICANON;
-	tmp_tc.c_iflag &= ~ICRNL;
-	tmp_tc.c_cc[VMIN] = 1;
-	tmp_tc.c_cc[VTIME] = 0;
-    }
-
-    if ((f&(MODE_EDIT|MODE_TRAPSIG)) == 0) {
-# ifdef VLNEXT
-	tmp_tc.c_cc[VLNEXT] = (cc_t)(_POSIX_VDISABLE);
-# endif
-    }
-
-    if (f&MODE_SOFT_TAB) {
-# ifdef	OXTABS
-	tmp_tc.c_oflag |= OXTABS;
-# endif
-# ifdef	TABDLY
-	tmp_tc.c_oflag &= ~TABDLY;
-	tmp_tc.c_oflag |= TAB3;
-# endif
-    } else {
-# ifdef	OXTABS
-	tmp_tc.c_oflag &= ~OXTABS;
-# endif
-# ifdef	TABDLY
-	tmp_tc.c_oflag &= ~TABDLY;
-# endif
-    }
-
-    if (f&MODE_LIT_ECHO) {
-# ifdef	ECHOCTL
-	tmp_tc.c_lflag &= ~ECHOCTL;
-# endif
-    } else {
-# ifdef	ECHOCTL
-	tmp_tc.c_lflag |= ECHOCTL;
-# endif
-    }
-
-    if (f == -1) {
-	onoff = 0;
-    } else {
-	if (f & MODE_INBIN)
-		tmp_tc.c_iflag &= ~ISTRIP;
-	else
-		tmp_tc.c_iflag |= ISTRIP;
-	if ((f & MODE_OUTBIN) || (f & MODE_OUT8)) {
-		tmp_tc.c_cflag &= ~(CSIZE|PARENB);
-		tmp_tc.c_cflag |= CS8;
-		if(f & MODE_OUTBIN)
-		    tmp_tc.c_oflag &= ~OPOST;
-		else
-		    tmp_tc.c_oflag |= OPOST;
-	} else {
-		tmp_tc.c_cflag &= ~(CSIZE|PARENB);
-		tmp_tc.c_cflag |= old_tc.c_cflag & (CSIZE|PARENB);
-		tmp_tc.c_oflag |= OPOST;
-	}
-	onoff = 1;
-    }
-
-    if (f != -1) {
-
-#ifdef	SIGTSTP
-	signal(SIGTSTP, susp);
-#endif	/* SIGTSTP */
-#ifdef	SIGINFO
-	signal(SIGINFO, ayt);
-#endif
-#ifdef NOKERNINFO
-	tmp_tc.c_lflag |= NOKERNINFO;
-#endif
-	/*
-	 * We don't want to process ^Y here.  It's just another
-	 * character that we'll pass on to the back end.  It has
-	 * to process it because it will be processed when the
-	 * user attempts to read it, not when we send it.
-	 */
-# ifdef	VDSUSP
-	tmp_tc.c_cc[VDSUSP] = (cc_t)(_POSIX_VDISABLE);
-# endif
-	/*
-	 * If the VEOL character is already set, then use VEOL2,
-	 * otherwise use VEOL.
-	 */
-	esc = (rlogin != _POSIX_VDISABLE) ? rlogin : escape;
-	if ((tmp_tc.c_cc[VEOL] != esc)
-# ifdef	VEOL2
-	    && (tmp_tc.c_cc[VEOL2] != esc)
-# endif
-	    ) {
-		if (tmp_tc.c_cc[VEOL] == (cc_t)(_POSIX_VDISABLE))
-		    tmp_tc.c_cc[VEOL] = esc;
-# ifdef	VEOL2
-		else if (tmp_tc.c_cc[VEOL2] == (cc_t)(_POSIX_VDISABLE))
-		    tmp_tc.c_cc[VEOL2] = esc;
-# endif
-	}
-    } else {
-        sigset_t sm;
-
-#ifdef	SIGINFO
-	signal(SIGINFO, ayt_status);
-#endif
-#ifdef	SIGTSTP
-	signal(SIGTSTP, SIG_DFL);
-	sigemptyset(&sm);
-	sigaddset(&sm, SIGTSTP);
-	sigprocmask(SIG_UNBLOCK, &sm, NULL);
-#endif	/* SIGTSTP */
-	tmp_tc = old_tc;
-    }
-    if (tcsetattr(tin, TCSADRAIN, &tmp_tc) < 0)
-	tcsetattr(tin, TCSANOW, &tmp_tc);
-
-    ioctl(tin, FIONBIO, (char *)&onoff);
-    ioctl(tout, FIONBIO, (char *)&onoff);
-
-}
-
-/*
- * Try to guess whether speeds are "encoded" (4.2BSD) or just numeric (4.4BSD).
- */
-#if B4800 != 4800
-#define	DECODE_BAUD
-#endif
-
-#ifdef	DECODE_BAUD
-#ifndef	B7200
-#define B7200   B4800
-#endif
-
-#ifndef	B14400
-#define B14400  B9600
-#endif
-
-#ifndef	B19200
-# define B19200 B14400
-#endif
-
-#ifndef	B28800
-#define B28800  B19200
-#endif
-
-#ifndef	B38400
-# define B38400 B28800
-#endif
-
-#ifndef B57600
-#define B57600  B38400
-#endif
-
-#ifndef B76800
-#define B76800  B57600
-#endif
-
-#ifndef B115200
-#define B115200 B76800
-#endif
-
-#ifndef B230400
-#define B230400 B115200
-#endif
-
-
-/*
- * This code assumes that the values B0, B50, B75...
- * are in ascending order.  They do not have to be
- * contiguous.
- */
-struct termspeeds {
-	long speed;
-	long value;
-} termspeeds[] = {
-	{ 0,      B0 },      { 50,    B50 },    { 75,     B75 },
-	{ 110,    B110 },    { 134,   B134 },   { 150,    B150 },
-	{ 200,    B200 },    { 300,   B300 },   { 600,    B600 },
-	{ 1200,   B1200 },   { 1800,  B1800 },  { 2400,   B2400 },
-	{ 4800,   B4800 },   { 7200,  B7200 },  { 9600,   B9600 },
-	{ 14400,  B14400 },  { 19200, B19200 }, { 28800,  B28800 },
-	{ 38400,  B38400 },  { 57600, B57600 }, { 115200, B115200 },
-	{ 230400, B230400 }, { -1,    B230400 }
-};
-#endif	/* DECODE_BAUD */
-
-void
-TerminalSpeeds(long *input_speed, long *output_speed)
-{
-#ifdef	DECODE_BAUD
-    struct termspeeds *tp;
-#endif	/* DECODE_BAUD */
-    long in, out;
-
-    out = cfgetospeed(&old_tc);
-    in = cfgetispeed(&old_tc);
-    if (in == 0)
-	in = out;
-
-#ifdef	DECODE_BAUD
-    tp = termspeeds;
-    while ((tp->speed != -1) && (tp->value < in))
-	tp++;
-    *input_speed = tp->speed;
-
-    tp = termspeeds;
-    while ((tp->speed != -1) && (tp->value < out))
-	tp++;
-    *output_speed = tp->speed;
-#else	/* DECODE_BAUD */
-	*input_speed = in;
-	*output_speed = out;
-#endif	/* DECODE_BAUD */
-}
-
-int
-TerminalWindowSize(long *rows, long *cols)
-{
-    struct winsize ws;
-
-    if (get_window_size (STDIN_FILENO, &ws) == 0) {
-	*rows = ws.ws_row;
-	*cols = ws.ws_col;
-	return 1;
-    } else
-	return 0;
-}
-
-int
-NetClose(int fd)
-{
-    return close(fd);
-}
-
-
-void
-NetNonblockingIO(int fd, int onoff)
-{
-    ioctl(fd, FIONBIO, (char *)&onoff);
-}
-
-
-/*
- * Various signal handling routines.
- */
-
-static RETSIGTYPE deadpeer(int),
-  intr(int), intr2(int), susp(int), sendwin(int);
-#ifdef SIGINFO
-static RETSIGTYPE ayt(int);
-#endif
-  
-
-    /* ARGSUSED */
-static RETSIGTYPE
-deadpeer(int sig)
-{
-	setcommandmode();
-	longjmp(peerdied, -1);
-}
-
-int intr_happened = 0;
-int intr_waiting = 0;
-
-    /* ARGSUSED */
-static RETSIGTYPE
-intr(int sig)
-{
-    if (intr_waiting) {
-	intr_happened = 1;
-	return;
-    }
-    if (localchars) {
-	intp();
-	return;
-    }
-    setcommandmode();
-    longjmp(toplevel, -1);
-}
-
-    /* ARGSUSED */
-static RETSIGTYPE
-intr2(int sig)
-{
-    if (localchars) {
-#ifdef	KLUDGELINEMODE
-	if (kludgelinemode)
-	    sendbrk();
-	else
-#endif
-	    sendabort();
-	return;
-    }
-}
-
-#ifdef	SIGTSTP
-    /* ARGSUSED */
-static RETSIGTYPE
-susp(int sig)
-{
-    if ((rlogin != _POSIX_VDISABLE) && rlogin_susp())
-	return;
-    if (localchars)
-	sendsusp();
-}
-#endif
-
-#ifdef	SIGWINCH
-    /* ARGSUSED */
-static RETSIGTYPE
-sendwin(int sig)
-{
-    if (connected) {
-	sendnaws();
-    }
-}
-#endif
-
-#ifdef	SIGINFO
-    /* ARGSUSED */
-static RETSIGTYPE
-ayt(int sig)
-{
-    if (connected)
-	sendayt();
-    else
-	ayt_status(sig);
-}
-#endif
-
-
-void
-sys_telnet_init(void)
-{
-    signal(SIGINT, intr);
-    signal(SIGQUIT, intr2);
-    signal(SIGPIPE, deadpeer);
-#ifdef	SIGWINCH
-    signal(SIGWINCH, sendwin);
-#endif
-#ifdef	SIGTSTP
-    signal(SIGTSTP, susp);
-#endif
-#ifdef	SIGINFO
-    signal(SIGINFO, ayt);
-#endif
-
-    setconnmode(0);
-
-    NetNonblockingIO(net, 1);
-
-
-#if	defined(SO_OOBINLINE)
-    if (SetSockOpt(net, SOL_SOCKET, SO_OOBINLINE, 1) == -1)
-	perror("setsockopt (SO_OOBINLINE) (ignored)");
-#endif	/* defined(SO_OOBINLINE) */
-}
-
-/*
- * Process rings -
- *
- *	This routine tries to fill up/empty our various rings.
- *
- *	The parameter specifies whether this is a poll operation,
- *	or a block-until-something-happens operation.
- *
- *	The return value is 1 if something happened, 0 if not.
- */
-
-int
-process_rings(int netin,
-	      int netout,
-	      int netex,
-	      int ttyin,
-	      int ttyout,
-	      int poll) /* If 0, then block until something to do */
-{
-    int c;
-		/* One wants to be a bit careful about setting returnValue
-		 * to one, since a one implies we did some useful work,
-		 * and therefore probably won't be called to block next
-		 * time (TN3270 mode only).
-		 */
-    int returnValue = 0;
-    static struct timeval TimeValue = { 0 };
-
-    if (net >= FD_SETSIZE
-	|| tout >= FD_SETSIZE
-	|| tin >= FD_SETSIZE)
-	errx (1, "fd too large");
-
-    if (netout) {
-	FD_SET(net, &obits);
-    }
-    if (ttyout) {
-	FD_SET(tout, &obits);
-    }
-    if (ttyin) {
-	FD_SET(tin, &ibits);
-    }
-    if (netin) {
-	FD_SET(net, &ibits);
-    }
-#if !defined(SO_OOBINLINE)
-    if (netex) {
-	FD_SET(net, &xbits);
-    }
-#endif
-    if ((c = select(FD_SETSIZE, &ibits, &obits, &xbits,
-			(poll == 0)? (struct timeval *)0 : &TimeValue)) < 0) {
-	if (c == -1) {
-		    /*
-		     * we can get EINTR if we are in line mode,
-		     * and the user does an escape (TSTP), or
-		     * some other signal generator.
-		     */
-	    if (errno == EINTR) {
-		return 0;
-	    }
-		    /* I don't like this, does it ever happen? */
-	    printf("sleep(5) from telnet, after select\r\n");
-	    sleep(5);
-	}
-	return 0;
-    }
-
-    /*
-     * Any urgent data?
-     */
-    if (FD_ISSET(net, &xbits)) {
-	FD_CLR(net, &xbits);
-	SYNCHing = 1;
-	ttyflush(1);	/* flush already enqueued data */
-    }
-
-    /*
-     * Something to read from the network...
-     */
-    if (FD_ISSET(net, &ibits)) {
-	int canread;
-
-	FD_CLR(net, &ibits);
-	canread = ring_empty_consecutive(&netiring);
-#if	!defined(SO_OOBINLINE)
-	    /*
-	     * In 4.2 (and some early 4.3) systems, the
-	     * OOB indication and data handling in the kernel
-	     * is such that if two separate TCP Urgent requests
-	     * come in, one byte of TCP data will be overlaid.
-	     * This is fatal for Telnet, but we try to live
-	     * with it.
-	     *
-	     * In addition, in 4.2 (and...), a special protocol
-	     * is needed to pick up the TCP Urgent data in
-	     * the correct sequence.
-	     *
-	     * What we do is:  if we think we are in urgent
-	     * mode, we look to see if we are "at the mark".
-	     * If we are, we do an OOB receive.  If we run
-	     * this twice, we will do the OOB receive twice,
-	     * but the second will fail, since the second
-	     * time we were "at the mark", but there wasn't
-	     * any data there (the kernel doesn't reset
-	     * "at the mark" until we do a normal read).
-	     * Once we've read the OOB data, we go ahead
-	     * and do normal reads.
-	     *
-	     * There is also another problem, which is that
-	     * since the OOB byte we read doesn't put us
-	     * out of OOB state, and since that byte is most
-	     * likely the TELNET DM (data mark), we would
-	     * stay in the TELNET SYNCH (SYNCHing) state.
-	     * So, clocks to the rescue.  If we've "just"
-	     * received a DM, then we test for the
-	     * presence of OOB data when the receive OOB
-	     * fails (and AFTER we did the normal mode read
-	     * to clear "at the mark").
-	     */
-	if (SYNCHing) {
-	    int atmark;
-	    static int bogus_oob = 0, first = 1;
-
-	    ioctl(net, SIOCATMARK, (char *)&atmark);
-	    if (atmark) {
-		c = recv(net, netiring.supply, canread, MSG_OOB);
-		if ((c == -1) && (errno == EINVAL)) {
-		    c = recv(net, netiring.supply, canread, 0);
-		    if (clocks.didnetreceive < clocks.gotDM) {
-			SYNCHing = stilloob();
-		    }
-		} else if (first && c > 0) {
-		    /*
-		     * Bogosity check.  Systems based on 4.2BSD
-		     * do not return an error if you do a second
-		     * recv(MSG_OOB).  So, we do one.  If it
-		     * succeeds and returns exactly the same
-		     * data, then assume that we are running
-		     * on a broken system and set the bogus_oob
-		     * flag.  (If the data was different, then
-		     * we probably got some valid new data, so
-		     * increment the count...)
-		     */
-		    int i;
-		    i = recv(net, netiring.supply + c, canread - c, MSG_OOB);
-		    if (i == c &&
-			 memcmp(netiring.supply, netiring.supply + c, i) == 0) {
-			bogus_oob = 1;
-			first = 0;
-		    } else if (i < 0) {
-			bogus_oob = 0;
-			first = 0;
-		    } else
-			c += i;
-		}
-		if (bogus_oob && c > 0) {
-		    int i;
-		    /*
-		     * Bogosity.  We have to do the read
-		     * to clear the atmark to get out of
-		     * an infinate loop.
-		     */
-		    i = read(net, netiring.supply + c, canread - c);
-		    if (i > 0)
-			c += i;
-		}
-	    } else {
-		c = recv(net, netiring.supply, canread, 0);
-	    }
-	} else {
-	    c = recv(net, netiring.supply, canread, 0);
-	}
-	settimer(didnetreceive);
-#else	/* !defined(SO_OOBINLINE) */
-	c = recv(net, (char *)netiring.supply, canread, 0);
-#endif	/* !defined(SO_OOBINLINE) */
-	if (c < 0 && errno == EWOULDBLOCK) {
-	    c = 0;
-	} else if (c <= 0) {
-	    return -1;
-	}
-	if (netdata) {
-	    Dump('<', netiring.supply, c);
-	}
-	if (c)
-	    ring_supplied(&netiring, c);
-	returnValue = 1;
-    }
-
-    /*
-     * Something to read from the tty...
-     */
-    if (FD_ISSET(tin, &ibits)) {
-	FD_CLR(tin, &ibits);
-	c = TerminalRead(ttyiring.supply, ring_empty_consecutive(&ttyiring));
-	if (c < 0 && errno == EIO)
-	    c = 0;
-	if (c < 0 && errno == EWOULDBLOCK) {
-	    c = 0;
-	} else {
-	    /* EOF detection for line mode!!!! */
-	    if ((c == 0) && MODE_LOCAL_CHARS(globalmode) && isatty(tin)) {
-			/* must be an EOF... */
-		*ttyiring.supply = termEofChar;
-		c = 1;
-	    }
-	    if (c <= 0) {
-		return -1;
-	    }
-	    if (termdata) {
-		Dump('<', ttyiring.supply, c);
-	    }
-	    ring_supplied(&ttyiring, c);
-	}
-	returnValue = 1;		/* did something useful */
-    }
-
-    if (FD_ISSET(net, &obits)) {
-	FD_CLR(net, &obits);
-	returnValue |= netflush();
-    }
-    if (FD_ISSET(tout, &obits)) {
-	FD_CLR(tout, &obits);
-	returnValue |= (ttyflush(SYNCHing|flushout) > 0);
-    }
-
-    return returnValue;
-}
diff --git a/crypto/heimdal/appl/telnet/telnet/telnet.1 b/crypto/heimdal/appl/telnet/telnet/telnet.1
deleted file mode 100644
index 37f588a4c59c..000000000000
--- a/crypto/heimdal/appl/telnet/telnet/telnet.1
+++ /dev/null
@@ -1,1369 +0,0 @@
-.\" Copyright (c) 1983, 1990, 1993
-.\"	The Regents of the University of California.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\"    must display the following acknowledgement:
-.\"	This product includes software developed by the University of
-.\"	California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\"	@(#)telnet.1	8.6 (Berkeley) 6/1/94
-.\"
-.Dd June 1, 1994
-.Dt TELNET 1
-.Os BSD 4.2
-.Sh NAME
-.Nm telnet
-.Nd user interface to the
-.Tn TELNET
-protocol
-.Sh SYNOPSIS
-.Nm telnet
-.Op Fl 78EFKLacdfrx
-.Op Fl S Ar tos
-.Op Fl X Ar authtype
-.Op Fl e Ar escapechar
-.Op Fl k Ar realm
-.Op Fl l Ar user
-.Op Fl n Ar tracefile
-.Oo
-.Ar host
-.Op port
-.Oc
-.Sh DESCRIPTION
-The
-.Nm telnet
-command
-is used to communicate with another host using the
-.Tn TELNET
-protocol.
-If
-.Nm telnet
-is invoked without the
-.Ar host
-argument, it enters command mode,
-indicated by its prompt
-.Pq Nm telnet\*[Gt] .
-In this mode, it accepts and executes the commands listed below.
-If it is invoked with arguments, it performs an
-.Ic open
-command with those arguments.
-.Pp
-Options:
-.Bl -tag -width indent
-.It Fl 8
-Specifies an 8-bit data path.  This causes an attempt to
-negotiate the
-.Dv TELNET BINARY
-option on both input and output.
-.It Fl 7
-Do not try to negotiate
-.Dv TELNET BINARY
-option.
-.It Fl E
-Stops any character from being recognized as an escape character.
-.It Fl F
-If Kerberos V5 authentication is being used, the
-.Fl F
-option allows the local credentials to be forwarded
-to the remote system, including any credentials that
-have already been forwarded into the local environment.
-.It Fl K
-Specifies no automatic login to the remote system.
-.It Fl L
-Specifies an 8-bit data path on output.  This causes the
-BINARY option to be negotiated on output.
-.It Fl S Ar tos
-Sets the IP type-of-service (TOS) option for the telnet
-connection to the value
-.Ar tos ,
-which can be a numeric TOS value
-or, on systems that support it, a symbolic
-TOS name found in the /etc/iptos file.
-.It Fl X Ar atype
-Disables the
-.Ar atype
-type of authentication.
-.It Fl a
-Attempt automatic login.
-Currently, this sends the user name via the
-.Ev USER
-variable
-of the
-.Ev ENVIRON
-option if supported by the remote system.
-The name used is that of the current user as returned by
-.Xr getlogin 2
-if it agrees with the current user ID,
-otherwise it is the name associated with the user ID.
-.It Fl c
-Disables the reading of the user's
-.Pa \&.telnetrc
-file.  (See the
-.Ic toggle skiprc
-command on this man page.)
-.It Fl d
-Sets the initial value of the
-.Ic debug
-toggle to
-.Dv TRUE
-.It Fl e Ar escape char
-Sets the initial
-.Nm
-.Nm telnet
-escape character to
-.Ar escape char .
-If
-.Ar escape char
-is omitted, then
-there will be no escape character.
-.It Fl f
-If Kerberos V5 authentication is being used, the
-.Fl f
-option allows the local credentials to be forwarded to the remote system.
-.It Fl k Ar realm
-If Kerberos authentication is being used, the
-.Fl k
-option requests that telnet obtain tickets for the remote host in
-realm realm instead of the remote host's realm, as determined
-by
-.Xr krb_realmofhost 3 .
-.It Fl l Ar user
-When connecting to the remote system, if the remote system
-understands the
-.Ev ENVIRON
-option, then
-.Ar user
-will be sent to the remote system as the value for the variable USER.
-This option implies the
-.Fl a
-option.
-This option may also be used with the
-.Ic open
-command.
-.It Fl n Ar tracefile
-Opens
-.Ar tracefile
-for recording trace information.
-See the
-.Ic set tracefile
-command below.
-.It Fl r
-Specifies a user interface similar to
-.Xr rlogin 1 .
-In this
-mode, the escape character is set to the tilde (~) character,
-unless modified by the -e option.
-.It Fl x
-Turn on encryption of the data stream.  When this option is turned on,
-.B telnet
-will exit with an error if authentication cannot be negotiated or if
-encryption cannot be turned on.
-.It Ar host
-Indicates the official name, an alias, or the Internet address
-of a remote host.
-.It Ar port
-Indicates a port number (address of an application).  If a number is
-not specified, the default
-.Nm telnet
-port is used.
-.El
-.Pp
-When in rlogin mode, a line of the form ~.  disconnects from the
-remote host; ~ is the telnet escape character.
-Similarly, the line ~^Z suspends the telnet session.
-The line ~^] escapes to the normal telnet escape prompt.
-.Pp
-Once a connection has been opened,
-.Nm telnet
-will attempt to enable the
-.Dv TELNET LINEMODE
-option.
-If this fails, then
-.Nm telnet
-will revert to one of two input modes:
-either \*(Lqcharacter at a time\*(Rq
-or \*(Lqold line by line\*(Rq
-depending on what the remote system supports.
-.Pp
-When
-.Dv LINEMODE
-is enabled, character processing is done on the
-local system, under the control of the remote system.  When input
-editing or character echoing is to be disabled, the remote system
-will relay that information.  The remote system will also relay
-changes to any special characters that happen on the remote
-system, so that they can take effect on the local system.
-.Pp
-In \*(Lqcharacter at a time\*(Rq mode, most
-text typed is immediately sent to the remote host for processing.
-.Pp
-In \*(Lqold line by line\*(Rq mode, all text is echoed locally,
-and (normally) only completed lines are sent to the remote host.
-The \*(Lqlocal echo character\*(Rq (initially \*(Lq^E\*(Rq) may be used
-to turn off and on the local echo
-(this would mostly be used to enter passwords
-without the password being echoed).
-.Pp
-If the
-.Dv LINEMODE
-option is enabled, or if the
-.Ic localchars
-toggle is
-.Dv TRUE
-(the default for \*(Lqold line by line\*(Lq; see below),
-the user's
-.Ic quit  ,
-.Ic intr ,
-and
-.Ic flush
-characters are trapped locally, and sent as
-.Tn TELNET
-protocol sequences to the remote side.
-If
-.Dv LINEMODE
-has ever been enabled, then the user's
-.Ic susp
-and
-.Ic eof
-are also sent as
-.Tn TELNET
-protocol sequences,
-and
-.Ic quit
-is sent as a
-.Dv TELNET ABORT
-instead of
-.Dv BREAK
-There are options (see
-.Ic toggle
-.Ic autoflush
-and
-.Ic toggle
-.Ic autosynch
-below)
-which cause this action to flush subsequent output to the terminal
-(until the remote host acknowledges the
-.Tn TELNET
-sequence) and flush previous terminal input
-(in the case of
-.Ic quit
-and
-.Ic intr  ) .
-.Pp
-While connected to a remote host,
-.Nm telnet
-command mode may be entered by typing the
-.Nm telnet
-\*(Lqescape character\*(Rq (initially \*(Lq^]\*(Rq).
-When in command mode, the normal terminal editing conventions are available.
-.Pp
-The following
-.Nm telnet
-commands are available.
-Only enough of each command to uniquely identify it need be typed
-(this is also true for arguments to the
-.Ic mode  ,
-.Ic set ,
-.Ic toggle  ,
-.Ic unset ,
-.Ic slc  ,
-.Ic environ ,
-and
-.Ic display
-commands).
-.Pp
-.Bl -tag -width "mode type"
-.It Ic auth Ar argument ...
-The auth command manipulates the information sent through the
-.Dv TELNET AUTHENTICATE
-option.  Valid arguments for the
-auth command are as follows:
-.Bl -tag -width "disable type"
-.It Ic disable Ar type
-Disables the specified type of authentication.  To
-obtain a list of available types, use the
-.Ic auth disable ?\&
-command.
-.It Ic enable Ar type
-Enables the specified type of authentication.  To
-obtain a list of available types, use the
-.Ic auth enable ?\&
-command.
-.It Ic status
-Lists the current status of the various types of
-authentication.
-.El
-.It Ic close
-Close a
-.Tn TELNET
-session and return to command mode.
-.It Ic display Ar argument ...
-Displays all, or some, of the
-.Ic set
-and
-.Ic toggle
-values (see below).
-.It Ic encrypt Ar argument ...
-The encrypt command manipulates the information sent through the
-.Dv TELNET ENCRYPT
-option.
-.Pp
-Note:  Because of export controls, the
-.Dv TELNET ENCRYPT
-option is not supported outside of the United States and Canada.
-.Pp
-Valid arguments for the encrypt command are as follows:
-.Bl -tag -width Ar
-.It Ic disable Ar type Xo
-.Op Cm input | output
-.Xc
-Disables the specified type of encryption.  If you
-omit the input and output, both input and output
-are disabled.  To obtain a list of available
-types, use the
-.Ic encrypt disable ?\&
-command.
-.It Ic enable Ar type Xo
-.Op Cm input | output
-.Xc
-Enables the specified type of encryption.  If you
-omit input and output, both input and output are
-enabled.  To obtain a list of available types, use the
-.Ic encrypt enable ?\&
-command.
-.It Ic input
-This is the same as the
-.Ic encrypt start input
-command.
-.It Ic -input
-This is the same as the
-.Ic encrypt stop input
-command.
-.It Ic output
-This is the same as the
-.Ic encrypt start output
-command.
-.It Ic -output
-This is the same as the
-.Ic encrypt stop output
-command.
-.It Ic start Op Cm input | output
-Attempts to start encryption.  If you omit
-.Ic input
-and
-.Ic output ,
-both input and output are enabled.  To
-obtain a list of available types, use the
-.Ic encrypt enable ?\&
-command.
-.It Ic status
-Lists the current status of encryption.
-.It Ic stop Op Cm input | output
-Stops encryption.  If you omit input and output,
-encryption is on both input and output.
-.It Ic type Ar type
-Sets the default type of encryption to be used
-with later
-.Ic encrypt start
-or
-.Ic encrypt stop
-commands.
-.El
-.It Ic environ Ar arguments ...
-The
-.Ic environ
-command is used to manipulate the
-the variables that my be sent through the
-.Dv TELNET ENVIRON
-option.
-The initial set of variables is taken from the users
-environment, with only the
-.Ev DISPLAY
-and
-.Ev PRINTER
-variables being exported by default.
-The
-.Ev USER
-variable is also exported if the
-.Fl a
-or
-.Fl l
-options are used.
-.Pp
-Valid arguments for the
-.Ic environ
-command are:
-.Bl -tag -width Fl
-.It Ic define Ar variable value
-Define the variable
-.Ar variable
-to have a value of
-.Ar value .
-Any variables defined by this command are automatically exported.
-The
-.Ar value
-may be enclosed in single or double quotes so
-that tabs and spaces may be included.
-.It Ic undefine Ar variable
-Remove
-.Ar variable
-from the list of environment variables.
-.It Ic export Ar variable
-Mark the variable
-.Ar variable
-to be exported to the remote side.
-.It Ic unexport Ar variable
-Mark the variable
-.Ar variable
-to not be exported unless
-explicitly asked for by the remote side.
-.It Ic list
-List the current set of environment variables.
-Those marked with a
-.Cm *
-will be sent automatically,
-other variables will only be sent if explicitly requested.
-.It Ic ?\&
-Prints out help information for the
-.Ic environ
-command.
-.El
-.It Ic logout
-Sends the
-.Dv TELNET LOGOUT
-option to the remote side.
-This command is similar to a
-.Ic close
-command; however, if the remote side does not support the
-.Dv LOGOUT
-option, nothing happens.
-If, however, the remote side does support the
-.Dv LOGOUT
-option, this command should cause the remote side to close the
-.Tn TELNET
-connection.
-If the remote side also supports the concept of
-suspending a user's session for later reattachment,
-the logout argument indicates that you
-should terminate the session immediately.
-.It Ic mode Ar type
-.Ar Type
-is one of several options, depending on the state of the
-.Tn TELNET
-session.
-The remote host is asked for permission to go into the requested mode.
-If the remote host is capable of entering that mode, the requested
-mode will be entered.
-.Bl -tag -width Ar
-.It Ic character
-Disable the
-.Dv TELNET LINEMODE
-option, or, if the remote side does not understand the
-.Dv LINEMODE
-option, then enter \*(Lqcharacter at a time\*(Lq mode.
-.It Ic line
-Enable the
-.Dv TELNET LINEMODE
-option, or, if the remote side does not understand the
-.Dv LINEMODE
-option, then attempt to enter \*(Lqold-line-by-line\*(Lq mode.
-.It Ic isig Pq Ic \-isig
-Attempt to enable (disable) the
-.Dv TRAPSIG
-mode of the
-.Dv LINEMODE
-option.
-This requires that the
-.Dv LINEMODE
-option be enabled.
-.It Ic edit Pq Ic \-edit
-Attempt to enable (disable) the
-.Dv EDIT
-mode of the
-.Dv LINEMODE
-option.
-This requires that the
-.Dv LINEMODE
-option be enabled.
-.It Ic softtabs Pq Ic \-softtabs
-Attempt to enable (disable) the
-.Dv SOFT_TAB
-mode of the
-.Dv LINEMODE
-option.
-This requires that the
-.Dv LINEMODE
-option be enabled.
-.It Ic litecho Pq Ic \-litecho
-Attempt to enable (disable) the
-.Dv LIT_ECHO
-mode of the
-.Dv LINEMODE
-option.
-This requires that the
-.Dv LINEMODE
-option be enabled.
-.It Ic ?\&
-Prints out help information for the
-.Ic mode
-command.
-.El
-.It Xo
-.Ic open Ar host
-.Op Fl l Ar user
-.Op Oo Fl Oc Ns Ar port
-.Xc
-Open a connection to the named host.
-If no port number
-is specified,
-.Nm telnet
-will attempt to contact a
-.Tn TELNET
-server at the default port.
-The host specification may be either a host name (see
-.Xr hosts  5  )
-or an Internet address specified in the \*(Lqdot notation\*(Rq (see
-.Xr inet 3 ) .
-The
-.Op Fl l
-option may be used to specify the user name
-to be passed to the remote system via the
-.Ev ENVIRON
-option.
-When connecting to a non-standard port,
-.Nm telnet
-omits any automatic initiation of
-.Tn TELNET
-options.  When the port number is preceded by a minus sign,
-the initial option negotiation is done.
-After establishing a connection, the file
-.Pa \&.telnetrc
-in the
-users home directory is opened.  Lines beginning with a # are
-comment lines.  Blank lines are ignored.  Lines that begin
-without white space are the start of a machine entry.  The
-first thing on the line is the name of the machine that is
-being connected to.  The rest of the line, and successive
-lines that begin with white space are assumed to be
-.Nm telnet
-commands and are processed as if they had been typed
-in manually to the
-.Nm telnet
-command prompt.
-.It Ic quit
-Close any open
-.Tn TELNET
-session and exit
-.Nm telnet  .
-An end of file (in command mode) will also close a session and exit.
-.It Ic send Ar arguments
-Sends one or more special character sequences to the remote host.
-The following are the arguments which may be specified
-(more than one argument may be specified at a time):
-.Pp
-.Bl -tag -width escape
-.It Ic abort
-Sends the
-.Dv TELNET ABORT
-(Abort
-processes)
-sequence.
-.It Ic ao
-Sends the
-.Dv TELNET AO
-(Abort Output) sequence, which should cause the remote system to flush
-all output
-.Em from
-the remote system
-.Em to
-the user's terminal.
-.It Ic ayt
-Sends the
-.Dv TELNET AYT
-(Are You There)
-sequence, to which the remote system may or may not choose to respond.
-.It Ic brk
-Sends the
-.Dv TELNET BRK
-(Break) sequence, which may have significance to the remote
-system.
-.It Ic ec
-Sends the
-.Dv TELNET EC
-(Erase Character)
-sequence, which should cause the remote system to erase the last character
-entered.
-.It Ic el
-Sends the
-.Dv TELNET EL
-(Erase Line)
-sequence, which should cause the remote system to erase the line currently
-being entered.
-.It Ic eof
-Sends the
-.Dv TELNET EOF
-(End Of File)
-sequence.
-.It Ic eor
-Sends the
-.Dv TELNET EOR
-(End of Record)
-sequence.
-.It Ic escape
-Sends the current
-.Nm telnet
-escape character (initially \*(Lq^\*(Rq).
-.It Ic ga
-Sends the
-.Dv TELNET GA
-(Go Ahead)
-sequence, which likely has no significance to the remote system.
-.It Ic getstatus
-If the remote side supports the
-.Dv TELNET STATUS
-command,
-.Ic getstatus
-will send the subnegotiation to request that the server send
-its current option status.
-.It Ic ip
-Sends the
-.Dv TELNET IP
-(Interrupt Process) sequence, which should cause the remote
-system to abort the currently running process.
-.It Ic nop
-Sends the
-.Dv TELNET NOP
-(No OPeration)
-sequence.
-.It Ic susp
-Sends the
-.Dv TELNET SUSP
-(SUSPend process)
-sequence.
-.It Ic synch
-Sends the
-.Dv TELNET SYNCH
-sequence.
-This sequence causes the remote system to discard all previously typed
-(but not yet read) input.
-This sequence is sent as
-.Tn TCP
-urgent
-data (and may not work if the remote system is a
-.Bx 4.2
-system -- if
-it doesn't work, a lower case \*(Lqr\*(Rq may be echoed on the terminal).
-.It Ic do Ar cmd
-.It Ic dont Ar cmd
-.It Ic will Ar cmd
-.It Ic wont Ar cmd
-Sends the
-.Dv TELNET DO
-.Ar cmd
-sequence.
-.Ar Cmd
-can be either a decimal number between 0 and 255,
-or a symbolic name for a specific
-.Dv TELNET
-command.
-.Ar Cmd
-can also be either
-.Ic help
-or
-.Ic ?\&
-to print out help information, including
-a list of known symbolic names.
-.It Ic ?\&
-Prints out help information for the
-.Ic send
-command.
-.El
-.It Ic set Ar argument value
-.It Ic unset Ar argument value
-The
-.Ic set
-command will set any one of a number of
-.Nm telnet
-variables to a specific value or to
-.Dv TRUE .
-The special value
-.Ic off
-turns off the function associated with
-the variable, this is equivalent to using the
-.Ic unset
-command.
-The
-.Ic unset
-command will disable or set to
-.Dv FALSE
-any of the specified functions.
-The values of variables may be interrogated with the
-.Ic display
-command.
-The variables which may be set or unset, but not toggled, are
-listed here.  In addition, any of the variables for the
-.Ic toggle
-command may be explicitly set or unset using
-the
-.Ic set
-and
-.Ic unset
-commands.
-.Bl -tag -width escape
-.It Ic ayt
-If
-.Tn TELNET
-is in localchars mode, or
-.Dv LINEMODE
-is enabled, and the status character is typed, a
-.Dv TELNET AYT
-sequence (see
-.Ic send ayt
-preceding) is sent to the
-remote host.  The initial value for the "Are You There"
-character is the terminal's status character.
-.It Ic echo
-This is the value (initially \*(Lq^E\*(Rq) which, when in
-\*(Lqline by line\*(Rq mode, toggles between doing local echoing
-of entered characters (for normal processing), and suppressing
-echoing of entered characters (for entering, say, a password).
-.It Ic eof
-If
-.Nm telnet
-is operating in
-.Dv LINEMODE
-or \*(Lqold line by line\*(Rq mode, entering this character
-as the first character on a line will cause this character to be
-sent to the remote system.
-The initial value of the eof character is taken to be the terminal's
-.Ic eof
-character.
-.It Ic erase
-If
-.Nm telnet
-is in
-.Ic localchars
-mode (see
-.Ic toggle
-.Ic localchars
-below),
-.Sy and
-if
-.Nm telnet
-is operating in \*(Lqcharacter at a time\*(Rq mode, then when this
-character is typed, a
-.Dv TELNET EC
-sequence (see
-.Ic send
-.Ic ec
-above)
-is sent to the remote system.
-The initial value for the erase character is taken to be
-the terminal's
-.Ic erase
-character.
-.It Ic escape
-This is the
-.Nm telnet
-escape character (initially \*(Lq^[\*(Rq) which causes entry
-into
-.Nm telnet
-command mode (when connected to a remote system).
-.It Ic flushoutput
-If
-.Nm telnet
-is in
-.Ic localchars
-mode (see
-.Ic toggle
-.Ic localchars
-below)
-and the
-.Ic flushoutput
-character is typed, a
-.Dv TELNET AO
-sequence (see
-.Ic send
-.Ic ao
-above)
-is sent to the remote host.
-The initial value for the flush character is taken to be
-the terminal's
-.Ic flush
-character.
-.It Ic forw1
-.It Ic forw2
-If
-.Tn TELNET
-is operating in
-.Dv LINEMODE ,
-these are the
-characters that, when typed, cause partial lines to be
-forwarded to the remote system.  The initial value for
-the forwarding characters are taken from the terminal's
-eol and eol2 characters.
-.It Ic interrupt
-If
-.Nm telnet
-is in
-.Ic localchars
-mode (see
-.Ic toggle
-.Ic localchars
-below)
-and the
-.Ic interrupt
-character is typed, a
-.Dv TELNET IP
-sequence (see
-.Ic send
-.Ic ip
-above)
-is sent to the remote host.
-The initial value for the interrupt character is taken to be
-the terminal's
-.Ic intr
-character.
-.It Ic kill
-If
-.Nm telnet
-is in
-.Ic localchars
-mode (see
-.Ic toggle
-.Ic localchars
-below),
-.Ic and
-if
-.Nm telnet
-is operating in \*(Lqcharacter at a time\*(Rq mode, then when this
-character is typed, a
-.Dv TELNET EL
-sequence (see
-.Ic send
-.Ic el
-above)
-is sent to the remote system.
-The initial value for the kill character is taken to be
-the terminal's
-.Ic kill
-character.
-.It Ic lnext
-If
-.Nm telnet
-is operating in
-.Dv LINEMODE
-or \*(Lqold line by line\*(Lq mode, then this character is taken to
-be the terminal's
-.Ic lnext
-character.
-The initial value for the lnext character is taken to be
-the terminal's
-.Ic lnext
-character.
-.It Ic quit
-If
-.Nm telnet
-is in
-.Ic localchars
-mode (see
-.Ic toggle
-.Ic localchars
-below)
-and the
-.Ic quit
-character is typed, a
-.Dv TELNET BRK
-sequence (see
-.Ic send
-.Ic brk
-above)
-is sent to the remote host.
-The initial value for the quit character is taken to be
-the terminal's
-.Ic quit
-character.
-.It Ic reprint
-If
-.Nm telnet
-is operating in
-.Dv LINEMODE
-or \*(Lqold line by line\*(Lq mode, then this character is taken to
-be the terminal's
-.Ic reprint
-character.
-The initial value for the reprint character is taken to be
-the terminal's
-.Ic reprint
-character.
-.It Ic rlogin
-This is the rlogin escape character.
-If set, the normal
-.Tn TELNET
-escape character is ignored unless it is
-preceded by this character at the beginning of a line.
-This character, at the beginning of a line followed by
-a "."  closes the connection; when followed by a ^Z it
-suspends the telnet command.  The initial state is to
-disable the rlogin escape character.
-.It Ic start
-If the
-.Dv TELNET TOGGLE-FLOW-CONTROL
-option has been enabled,
-then this character is taken to
-be the terminal's
-.Ic start
-character.
-The initial value for the kill character is taken to be
-the terminal's
-.Ic start
-character.
-.It Ic stop
-If the
-.Dv TELNET TOGGLE-FLOW-CONTROL
-option has been enabled,
-then this character is taken to
-be the terminal's
-.Ic stop
-character.
-The initial value for the kill character is taken to be
-the terminal's
-.Ic stop
-character.
-.It Ic susp
-If
-.Nm telnet
-is in
-.Ic localchars
-mode, or
-.Dv LINEMODE
-is enabled, and the
-.Ic suspend
-character is typed, a
-.Dv TELNET SUSP
-sequence (see
-.Ic send
-.Ic susp
-above)
-is sent to the remote host.
-The initial value for the suspend character is taken to be
-the terminal's
-.Ic suspend
-character.
-.It Ic tracefile
-This is the file to which the output, caused by
-.Ic netdata
-or
-.Ic option
-tracing being
-.Dv TRUE ,
-will be written.  If it is set to
-.Dq Fl ,
-then tracing information will be written to standard output (the default).
-.It Ic worderase
-If
-.Nm telnet
-is operating in
-.Dv LINEMODE
-or \*(Lqold line by line\*(Lq mode, then this character is taken to
-be the terminal's
-.Ic worderase
-character.
-The initial value for the worderase character is taken to be
-the terminal's
-.Ic worderase
-character.
-.It Ic ?\&
-Displays the legal
-.Ic set
-.Pq Ic unset
-commands.
-.El
-.It Ic slc Ar state
-The
-.Ic slc
-command (Set Local Characters) is used to set
-or change the state of the the special
-characters when the
-.Dv TELNET LINEMODE
-option has
-been enabled.  Special characters are characters that get
-mapped to
-.Tn TELNET
-commands sequences (like
-.Ic ip
-or
-.Ic quit  )
-or line editing characters (like
-.Ic erase
-and
-.Ic kill  ) .
-By default, the local special characters are exported.
-.Bl -tag -width Fl
-.It Ic check
-Verify the current settings for the current special characters.
-The remote side is requested to send all the current special
-character settings, and if there are any discrepancies with
-the local side, the local side will switch to the remote value.
-.It Ic export
-Switch to the local defaults for the special characters.  The
-local default characters are those of the local terminal at
-the time when
-.Nm telnet
-was started.
-.It Ic import
-Switch to the remote defaults for the special characters.
-The remote default characters are those of the remote system
-at the time when the
-.Tn TELNET
-connection was established.
-.It Ic ?\&
-Prints out help information for the
-.Ic slc
-command.
-.El
-.It Ic status
-Show the current status of
-.Nm telnet  .
-This includes the peer one is connected to, as well
-as the current mode.
-.It Ic toggle Ar arguments ...
-Toggle (between
-.Dv TRUE
-and
-.Dv FALSE )
-various flags that control how
-.Nm telnet
-responds to events.
-These flags may be set explicitly to
-.Dv TRUE
-or
-.Dv FALSE
-using the
-.Ic set
-and
-.Ic unset
-commands listed above.
-More than one argument may be specified.
-The state of these flags may be interrogated with the
-.Ic display
-command.
-Valid arguments are:
-.Bl -tag -width Ar
-.It Ic authdebug
-Turns on debugging information for the authentication code.
-.It Ic autoflush
-If
-.Ic autoflush
-and
-.Ic localchars
-are both
-.Dv TRUE ,
-then when the
-.Ic ao  ,
-or
-.Ic quit
-characters are recognized (and transformed into
-.Tn TELNET
-sequences; see
-.Ic set
-above for details),
-.Nm telnet
-refuses to display any data on the user's terminal
-until the remote system acknowledges (via a
-.Dv TELNET TIMING MARK
-option)
-that it has processed those
-.Tn TELNET
-sequences.
-The initial value for this toggle is
-.Dv TRUE
-if the terminal user had not
-done an "stty noflsh", otherwise
-.Dv FALSE
-(see
-.Xr stty  1  ) .
-.It Ic autodecrypt
-When the
-.Dv TELNET ENCRYPT
-option is negotiated, by
-default the actual encryption (decryption) of the data
-stream does not start automatically.  The autoencrypt
-(autodecrypt) command states that encryption of the
-output (input) stream should be enabled as soon as
-possible.
-.Pp
-Note:  Because of export controls, the
-.Dv TELNET ENCRYPT
-option is not supported outside the United States and Canada.
-.It Ic autologin
-If the remote side supports the
-.Dv TELNET AUTHENTICATION
-option
-.Tn TELNET
-attempts to use it to perform automatic authentication.  If the
-.Dv AUTHENTICATION
-option is not supported, the user's login
-name are propagated through the
-.Dv TELNET ENVIRON
-option.
-This command is the same as specifying
-.Ar a
-option on the
-.Ic open
-command.
-.It Ic autosynch
-If
-.Ic autosynch
-and
-.Ic localchars
-are both
-.Dv TRUE ,
-then when either the
-.Ic intr
-or
-.Ic quit
-characters is typed (see
-.Ic set
-above for descriptions of the
-.Ic intr
-and
-.Ic quit
-characters), the resulting
-.Tn TELNET
-sequence sent is followed by the
-.Dv TELNET SYNCH
-sequence.
-This procedure
-.Ic should
-cause the remote system to begin throwing away all previously
-typed input until both of the
-.Tn TELNET
-sequences have been read and acted upon.
-The initial value of this toggle is
-.Dv FALSE .
-.It Ic binary
-Enable or disable the
-.Dv TELNET BINARY
-option on both input and output.
-.It Ic inbinary
-Enable or disable the
-.Dv TELNET BINARY
-option on input.
-.It Ic outbinary
-Enable or disable the
-.Dv TELNET BINARY
-option on output.
-.It Ic crlf
-If this is
-.Dv TRUE ,
-then carriage returns will be sent as
-.Li \*[Lt]CR\*[Gt]\*[Lt]LF\*[Gt] .
-If this is
-.Dv FALSE ,
-then carriage returns will be send as
-.Li \*[Lt]CR\*[Gt]\*[Lt]NUL\*[Gt] .
-The initial value for this toggle is
-.Dv FALSE .
-.It Ic crmod
-Toggle carriage return mode.
-When this mode is enabled, most carriage return characters received from
-the remote host will be mapped into a carriage return followed by
-a line feed.
-This mode does not affect those characters typed by the user, only
-those received from the remote host.
-This mode is not very useful unless the remote host
-only sends carriage return, but never line feed.
-The initial value for this toggle is
-.Dv FALSE .
-.It Ic debug
-Toggles socket level debugging (useful only to the
-.Ic super user  ) .
-The initial value for this toggle is
-.Dv FALSE .
-.It Ic encdebug
-Turns on debugging information for the encryption code.
-.It Ic localchars
-If this is
-.Dv TRUE ,
-then the
-.Ic flush  ,
-.Ic interrupt ,
-.Ic quit  ,
-.Ic erase ,
-and
-.Ic kill
-characters (see
-.Ic set
-above) are recognized locally, and transformed into (hopefully) appropriate
-.Tn TELNET
-control sequences
-(respectively
-.Ic ao  ,
-.Ic ip ,
-.Ic brk  ,
-.Ic ec ,
-and
-.Ic el  ;
-see
-.Ic send
-above).
-The initial value for this toggle is
-.Dv TRUE
-in \*(Lqold line by line\*(Rq mode,
-and
-.Dv FALSE
-in \*(Lqcharacter at a time\*(Rq mode.
-When the
-.Dv LINEMODE
-option is enabled, the value of
-.Ic localchars
-is ignored, and assumed to always be
-.Dv TRUE .
-If
-.Dv LINEMODE
-has ever been enabled, then
-.Ic quit
-is sent as
-.Ic abort  ,
-and
-.Ic eof
-and
-.Ic suspend
-are sent as
-.Ic eof
-and
-.Ic susp ,
-see
-.Ic send
-above).
-.It Ic netdata
-Toggles the display of all network data (in hexadecimal format).
-The initial value for this toggle is
-.Dv FALSE .
-.It Ic options
-Toggles the display of some internal
-.Nm telnet
-protocol processing (having to do with
-.Tn TELNET
-options).
-The initial value for this toggle is
-.Dv FALSE .
-.It Ic prettydump
-When the
-.Ic netdata
-toggle is enabled, if
-.Ic prettydump
-is enabled the output from the
-.Ic netdata
-command will be formatted in a more user readable format.
-Spaces are put between each character in the output, and the
-beginning of any
-.Tn TELNET
-escape sequence is preceded by a '*' to aid in locating them.
-.It Ic skiprc
-When the skiprc toggle is
-.Dv TRUE ,
-.Tn TELNET
-skips the reading of the
-.Pa \&.telnetrc
-file in the users home
-directory when connections are opened.  The initial
-value for this toggle is
-.Dv FALSE .
-.It Ic termdata
-Toggles the display of all terminal data (in hexadecimal format).
-The initial value for this toggle is
-.Dv FALSE .
-.It Ic verbose_encrypt
-When the
-.Ic verbose_encrypt
-toggle is
-.Dv TRUE ,
-.Tn TELNET
-prints out a message each time encryption is enabled or
-disabled.  The initial value for this toggle is
-.Dv FALSE .
-Note:  Because of export controls, data encryption
-is not supported outside of the United States and Canada.
-.It Ic \&?
-Displays the legal
-.Ic toggle
-commands.
-.El
-.It Ic z
-Suspend
-.Nm telnet  .
-This command only works when the user is using the
-.Xr csh  1  .
-.It Ic \&! Op Ar command
-Execute a single command in a subshell on the local
-system.  If
-.Ic command
-is omitted, then an interactive
-subshell is invoked.
-.It Ic ?\& Op Ar command
-Get help.  With no arguments,
-.Nm telnet
-prints a help summary.
-If a command is specified,
-.Nm telnet
-will print the help information for just that command.
-.El
-.Sh ENVIRONMENT
-.Nm Telnet
-uses at least the
-.Ev HOME ,
-.Ev SHELL ,
-.Ev DISPLAY ,
-and
-.Ev TERM
-environment variables.
-Other environment variables may be propagated
-to the other side via the
-.Dv TELNET ENVIRON
-option.
-.Sh FILES
-.Bl -tag -width ~/.telnetrc -compact
-.It Pa ~/.telnetrc
-user customized telnet startup values
-.El
-.Sh HISTORY
-The
-.Nm Telnet
-command appeared in
-.Bx 4.2 .
-.Sh NOTES
-.Pp
-On some remote systems, echo has to be turned off manually when in
-\*(Lqold line by line\*(Rq mode.
-.Pp
-In \*(Lqold line by line\*(Rq mode or
-.Dv LINEMODE
-the terminal's
-.Ic eof
-character is only recognized (and sent to the remote system)
-when it is the first character on a line.
diff --git a/crypto/heimdal/appl/telnet/telnet/telnet.c b/crypto/heimdal/appl/telnet/telnet/telnet.c
deleted file mode 100644
index a90f2124dc70..000000000000
--- a/crypto/heimdal/appl/telnet/telnet/telnet.c
+++ /dev/null
@@ -1,2420 +0,0 @@
-/*
- * Copyright (c) 1988, 1990, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "telnet_locl.h"
-
-RCSID("$Id: telnet.c 16285 2005-11-03 18:38:57Z lha $");
-
-#define	strip(x) (eight ? (x) : ((x) & 0x7f))
-
-static unsigned char	subbuffer[SUBBUFSIZE],
-			*subpointer, *subend;	 /* buffer for sub-options */
-#define	SB_CLEAR()	subpointer = subbuffer;
-#define	SB_TERM()	{ subend = subpointer; SB_CLEAR(); }
-#define	SB_ACCUM(c)	if (subpointer < (subbuffer+sizeof subbuffer)) { \
-				*subpointer++ = (c); \
-			}
-
-#define	SB_GET()	((*subpointer++)&0xff)
-#define	SB_PEEK()	((*subpointer)&0xff)
-#define	SB_EOF()	(subpointer >= subend)
-#define	SB_LEN()	(subend - subpointer)
-
-char	options[256];		/* The combined options */
-char	do_dont_resp[256];
-char	will_wont_resp[256];
-
-int
-	eight = 3,
-	binary = 0,
-	autologin = 0,	/* Autologin anyone? */
-	skiprc = 0,
-	connected,
-	showoptions,
-	ISend,		/* trying to send network data in */
-	debug = 0,
-	crmod,
-	netdata,	/* Print out network data flow */
-	crlf,		/* Should '\r' be mapped to <CR><LF> (or <CR><NUL>)? */
-	telnetport,
-        wantencryption = 0,
-	SYNCHing,	/* we are in TELNET SYNCH mode */
-	flushout,	/* flush output */
-	autoflush = 0,	/* flush output when interrupting? */
-	autosynch,	/* send interrupt characters with SYNCH? */
-	localflow,	/* we handle flow control locally */
-	restartany,	/* if flow control enabled, restart on any character */
-	localchars,	/* we recognize interrupt/quit */
-	donelclchars,	/* the user has set "localchars" */
-	donebinarytoggle,	/* the user has put us in binary */
-	dontlecho,	/* do we suppress local echoing right now? */
-	globalmode;
-
-char *prompt = 0;
-
-int scheduler_lockout_tty = 0;
-
-cc_t escape;
-cc_t rlogin;
-#ifdef	KLUDGELINEMODE
-cc_t echoc;
-#endif
-
-/*
- * Telnet receiver states for fsm
- */
-#define	TS_DATA		0
-#define	TS_IAC		1
-#define	TS_WILL		2
-#define	TS_WONT		3
-#define	TS_DO		4
-#define	TS_DONT		5
-#define	TS_CR		6
-#define	TS_SB		7		/* sub-option collection */
-#define	TS_SE		8		/* looking for sub-option end */
-
-static int	telrcv_state;
-#ifdef	OLD_ENVIRON
-unsigned char telopt_environ = TELOPT_NEW_ENVIRON;
-#else
-# define telopt_environ TELOPT_NEW_ENVIRON
-#endif
-
-jmp_buf	toplevel;
-jmp_buf	peerdied;
-
-int	flushline;
-int	linemode;
-
-#ifdef	KLUDGELINEMODE
-int	kludgelinemode = 1;
-#endif
-
-/*
- * The following are some clocks used to decide how to interpret
- * the relationship between various variables.
- */
-
-Clocks clocks;
-
-static int is_unique(char *name, char **as, char **ae);
-
-
-/*
- * Initialize telnet environment.
- */
-
-void
-init_telnet(void)
-{
-    env_init();
-
-    SB_CLEAR();
-    memset(options, 0, sizeof options);
-
-    connected = ISend = localflow = donebinarytoggle = 0;
-#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
-    auth_encrypt_connect(connected);
-#endif	/* defined(AUTHENTICATION) || defined(ENCRYPTION)  */
-    restartany = -1;
-
-    SYNCHing = 0;
-
-    /* Don't change NetTrace */
-
-    escape = CONTROL(']');
-    rlogin = _POSIX_VDISABLE;
-#ifdef	KLUDGELINEMODE
-    echoc = CONTROL('E');
-#endif
-
-    flushline = 1;
-    telrcv_state = TS_DATA;
-}
-
-
-/*
- * These routines are in charge of sending option negotiations
- * to the other side.
- *
- * The basic idea is that we send the negotiation if either side
- * is in disagreement as to what the current state should be.
- */
-
-void
-send_do(int c, int init)
-{
-    if (init) {
-	if (((do_dont_resp[c] == 0) && my_state_is_do(c)) ||
-				my_want_state_is_do(c))
-	    return;
-	set_my_want_state_do(c);
-	do_dont_resp[c]++;
-    }
-    NET2ADD(IAC, DO);
-    NETADD(c);
-    printoption("SENT", DO, c);
-}
-
-void
-send_dont(int c, int init)
-{
-    if (init) {
-	if (((do_dont_resp[c] == 0) && my_state_is_dont(c)) ||
-				my_want_state_is_dont(c))
-	    return;
-	set_my_want_state_dont(c);
-	do_dont_resp[c]++;
-    }
-    NET2ADD(IAC, DONT);
-    NETADD(c);
-    printoption("SENT", DONT, c);
-}
-
-void
-send_will(int c, int init)
-{
-    if (init) {
-	if (((will_wont_resp[c] == 0) && my_state_is_will(c)) ||
-				my_want_state_is_will(c))
-	    return;
-	set_my_want_state_will(c);
-	will_wont_resp[c]++;
-    }
-    NET2ADD(IAC, WILL);
-    NETADD(c);
-    printoption("SENT", WILL, c);
-}
-
-void
-send_wont(int c, int init)
-{
-    if (init) {
-	if (((will_wont_resp[c] == 0) && my_state_is_wont(c)) ||
-				my_want_state_is_wont(c))
-	    return;
-	set_my_want_state_wont(c);
-	will_wont_resp[c]++;
-    }
-    NET2ADD(IAC, WONT);
-    NETADD(c);
-    printoption("SENT", WONT, c);
-}
-
-
-void
-willoption(int option)
-{
-	int new_state_ok = 0;
-
-	if (do_dont_resp[option]) {
-	    --do_dont_resp[option];
-	    if (do_dont_resp[option] && my_state_is_do(option))
-		--do_dont_resp[option];
-	}
-
-	if ((do_dont_resp[option] == 0) && my_want_state_is_dont(option)) {
-
-	    switch (option) {
-
-	    case TELOPT_ECHO:
-	    case TELOPT_BINARY:
-	    case TELOPT_SGA:
-		settimer(modenegotiated);
-		/* FALL THROUGH */
-	    case TELOPT_STATUS:
-#if	defined(AUTHENTICATION)
-	    case TELOPT_AUTHENTICATION:
-#endif
-#if	defined(ENCRYPTION)
-	    case TELOPT_ENCRYPT:
-#endif
-		new_state_ok = 1;
-		break;
-
-	    case TELOPT_TM:
-		if (flushout)
-		    flushout = 0;
-		/*
-		 * Special case for TM.  If we get back a WILL,
-		 * pretend we got back a WONT.
-		 */
-		set_my_want_state_dont(option);
-		set_my_state_dont(option);
-		return;			/* Never reply to TM will's/wont's */
-
-	    case TELOPT_LINEMODE:
-	    default:
-		break;
-	    }
-
-	    if (new_state_ok) {
-		set_my_want_state_do(option);
-		send_do(option, 0);
-		setconnmode(0);		/* possibly set new tty mode */
-	    } else {
-		do_dont_resp[option]++;
-		send_dont(option, 0);
-	    }
-	}
-	set_my_state_do(option);
-#if	defined(ENCRYPTION)
-	if (option == TELOPT_ENCRYPT)
-		encrypt_send_support();
-#endif
-}
-
-void
-wontoption(int option)
-{
-	if (do_dont_resp[option]) {
-	    --do_dont_resp[option];
-	    if (do_dont_resp[option] && my_state_is_dont(option))
-		--do_dont_resp[option];
-	}
-
-	if ((do_dont_resp[option] == 0) && my_want_state_is_do(option)) {
-
-	    switch (option) {
-
-#ifdef	KLUDGELINEMODE
-	    case TELOPT_SGA:
-		if (!kludgelinemode)
-		    break;
-		/* FALL THROUGH */
-#endif
-	    case TELOPT_ECHO:
-		settimer(modenegotiated);
-		break;
-
-	    case TELOPT_TM:
-		if (flushout)
-		    flushout = 0;
-		set_my_want_state_dont(option);
-		set_my_state_dont(option);
-		return;		/* Never reply to TM will's/wont's */
-
-#ifdef ENCRYPTION
-  	    case TELOPT_ENCRYPT:
-	      encrypt_not();
-	      break;
-#endif
-	    default:
-		break;
-	    }
-	    set_my_want_state_dont(option);
-	    if (my_state_is_do(option))
-		send_dont(option, 0);
-	    setconnmode(0);			/* Set new tty mode */
-	} else if (option == TELOPT_TM) {
-	    /*
-	     * Special case for TM.
-	     */
-	    if (flushout)
-		flushout = 0;
-	    set_my_want_state_dont(option);
-	}
-	set_my_state_dont(option);
-}
-
-static void
-dooption(int option)
-{
-	int new_state_ok = 0;
-
-	if (will_wont_resp[option]) {
-	    --will_wont_resp[option];
-	    if (will_wont_resp[option] && my_state_is_will(option))
-		--will_wont_resp[option];
-	}
-
-	if (will_wont_resp[option] == 0) {
-	  if (my_want_state_is_wont(option)) {
-
-	    switch (option) {
-
-	    case TELOPT_TM:
-		/*
-		 * Special case for TM.  We send a WILL, but pretend
-		 * we sent WONT.
-		 */
-		send_will(option, 0);
-		set_my_want_state_wont(TELOPT_TM);
-		set_my_state_wont(TELOPT_TM);
-		return;
-
-	    case TELOPT_BINARY:		/* binary mode */
-	    case TELOPT_NAWS:		/* window size */
-	    case TELOPT_TSPEED:		/* terminal speed */
-	    case TELOPT_LFLOW:		/* local flow control */
-	    case TELOPT_TTYPE:		/* terminal type option */
-	    case TELOPT_SGA:		/* no big deal */
-#if	defined(ENCRYPTION)
-	    case TELOPT_ENCRYPT:	/* encryption variable option */
-#endif
-		new_state_ok = 1;
-		break;
-
-	    case TELOPT_NEW_ENVIRON:	/* New environment variable option */
-#ifdef	OLD_ENVIRON
-		if (my_state_is_will(TELOPT_OLD_ENVIRON))
-			send_wont(TELOPT_OLD_ENVIRON, 1); /* turn off the old */
-		goto env_common;
-	    case TELOPT_OLD_ENVIRON:	/* Old environment variable option */
-		if (my_state_is_will(TELOPT_NEW_ENVIRON))
-			break;		/* Don't enable if new one is in use! */
-	    env_common:
-		telopt_environ = option;
-#endif
-		new_state_ok = 1;
-		break;
-
-#if	defined(AUTHENTICATION)
-	    case TELOPT_AUTHENTICATION:
-		if (autologin)
-			new_state_ok = 1;
-		break;
-#endif
-
-	    case TELOPT_XDISPLOC:	/* X Display location */
-		if (env_getvalue((unsigned char *)"DISPLAY"))
-		    new_state_ok = 1;
-		break;
-
-	    case TELOPT_LINEMODE:
-#ifdef	KLUDGELINEMODE
-		kludgelinemode = 0;
-		send_do(TELOPT_SGA, 1);
-#endif
-		set_my_want_state_will(TELOPT_LINEMODE);
-		send_will(option, 0);
-		set_my_state_will(TELOPT_LINEMODE);
-		slc_init();
-		return;
-
-	    case TELOPT_ECHO:		/* We're never going to echo... */
-	    default:
-		break;
-	    }
-
-	    if (new_state_ok) {
-		set_my_want_state_will(option);
-		send_will(option, 0);
-		setconnmode(0);			/* Set new tty mode */
-	    } else {
-		will_wont_resp[option]++;
-		send_wont(option, 0);
-	    }
-	  } else {
-	    /*
-	     * Handle options that need more things done after the
-	     * other side has acknowledged the option.
-	     */
-	    switch (option) {
-	    case TELOPT_LINEMODE:
-#ifdef	KLUDGELINEMODE
-		kludgelinemode = 0;
-		send_do(TELOPT_SGA, 1);
-#endif
-		set_my_state_will(option);
-		slc_init();
-		send_do(TELOPT_SGA, 0);
-		return;
-	    }
-	  }
-	}
-	set_my_state_will(option);
-}
-
-static void
-dontoption(int option)
-{
-
-	if (will_wont_resp[option]) {
-	    --will_wont_resp[option];
-	    if (will_wont_resp[option] && my_state_is_wont(option))
-		--will_wont_resp[option];
-	}
-
-	if ((will_wont_resp[option] == 0) && my_want_state_is_will(option)) {
-	    switch (option) {
-	    case TELOPT_LINEMODE:
-		linemode = 0;	/* put us back to the default state */
-		break;
-#ifdef	OLD_ENVIRON
-	    case TELOPT_NEW_ENVIRON:
-		/*
-		 * The new environ option wasn't recognized, try
-		 * the old one.
-		 */
-		send_will(TELOPT_OLD_ENVIRON, 1);
-		telopt_environ = TELOPT_OLD_ENVIRON;
-		break;
-#endif
-#if 0
-#ifdef ENCRYPTION
-	    case TELOPT_ENCRYPT:
-	      encrypt_not();
-	      break;
-#endif
-#endif
-	    }
-	    /* we always accept a DONT */
-	    set_my_want_state_wont(option);
-	    if (my_state_is_will(option))
-		send_wont(option, 0);
-	    setconnmode(0);			/* Set new tty mode */
-	}
-	set_my_state_wont(option);
-}
-
-/*
- * Given a buffer returned by tgetent(), this routine will turn
- * the pipe separated list of names in the buffer into an array
- * of pointers to null terminated names.  We toss out any bad,
- * duplicate, or verbose names (names with spaces).
- */
-
-static char *name_unknown = "UNKNOWN";
-static char *unknown[] = { 0, 0 };
-
-static char **
-mklist(char *buf, char *name)
-{
-	int n;
-	char c, *cp, **argvp, *cp2, **argv, **avt;
-
-	if (name) {
-		if ((int)strlen(name) > 40) {
-			name = 0;
-			unknown[0] = name_unknown;
-		} else {
-			unknown[0] = name;
-			strupr(name);
-		}
-	} else
-		unknown[0] = name_unknown;
-	/*
-	 * Count up the number of names.
-	 */
-	for (n = 1, cp = buf; *cp && *cp != ':'; cp++) {
-		if (*cp == '|')
-			n++;
-	}
-	/*
-	 * Allocate an array to put the name pointers into
-	 */
-	argv = (char **)malloc((n+3)*sizeof(char *));
-	if (argv == 0)
-		return(unknown);
-
-	/*
-	 * Fill up the array of pointers to names.
-	 */
-	*argv = 0;
-	argvp = argv+1;
-	n = 0;
-	for (cp = cp2 = buf; (c = *cp);  cp++) {
-		if (c == '|' || c == ':') {
-			*cp++ = '\0';
-			/*
-			 * Skip entries that have spaces or are over 40
-			 * characters long.  If this is our environment
-			 * name, then put it up front.  Otherwise, as
-			 * long as this is not a duplicate name (case
-			 * insensitive) add it to the list.
-			 */
-			if (n || (cp - cp2 > 41))
-				;
-			else if (name && (strncasecmp(name, cp2, cp-cp2) == 0))
-				*argv = cp2;
-			else if (is_unique(cp2, argv+1, argvp))
-				*argvp++ = cp2;
-			if (c == ':')
-				break;
-			/*
-			 * Skip multiple delimiters. Reset cp2 to
-			 * the beginning of the next name. Reset n,
-			 * the flag for names with spaces.
-			 */
-			while ((c = *cp) == '|')
-				cp++;
-			cp2 = cp;
-			n = 0;
-		}
-		/*
-		 * Skip entries with spaces or non-ascii values.
-		 * Convert lower case letters to upper case.
-		 */
-#undef ISASCII
-#define ISASCII(c) (!((c)&0x80))
-		if ((c == ' ') || !ISASCII(c))
-			n = 1;
-		else if (islower((unsigned char)c))
-			*cp = toupper((unsigned char)c);
-	}
-
-	/*
-	 * Check for an old V6 2 character name.  If the second
-	 * name points to the beginning of the buffer, and is
-	 * only 2 characters long, move it to the end of the array.
-	 */
-	if ((argv[1] == buf) && (strlen(argv[1]) == 2)) {
-		--argvp;
-		for (avt = &argv[1]; avt < argvp; avt++)
-			*avt = *(avt+1);
-		*argvp++ = buf;
-	}
-
-	/*
-	 * Duplicate last name, for TTYPE option, and null
-	 * terminate the array.  If we didn't find a match on
-	 * our terminal name, put that name at the beginning.
-	 */
-	cp = *(argvp-1);
-	*argvp++ = cp;
-	*argvp = 0;
-
-	if (*argv == 0) {
-		if (name)
-			*argv = name;
-		else {
-			--argvp;
-			for (avt = argv; avt < argvp; avt++)
-				*avt = *(avt+1);
-		}
-	}
-	if (*argv)
-		return(argv);
-	else
-		return(unknown);
-}
-
-static int
-is_unique(char *name, char **as, char **ae)
-{
-	char **ap;
-	int n;
-
-	n = strlen(name) + 1;
-	for (ap = as; ap < ae; ap++)
-		if (strncasecmp(*ap, name, n) == 0)
-			return(0);
-	return (1);
-}
-
-static char termbuf[1024];
-
-static int
-telnet_setupterm(const char *tname, int fd, int *errp)
-{
-#ifdef HAVE_TGETENT
-    if (tgetent(termbuf, tname) == 1) {
-	termbuf[1023] = '\0';
-	if (errp)
-	    *errp = 1;
-	return(0);
-    }
-    if (errp)
-	*errp = 0;
-    return(-1);
-#else
-    strlcpy(termbuf, tname, sizeof(termbuf));
-    if(errp) *errp = 1;
-    return 0;
-#endif
-}
-
-int resettermname = 1;
-
-static char *
-gettermname()
-{
-	char *tname;
-	static char **tnamep = 0;
-	static char **next;
-	int err;
-
-	if (resettermname) {
-		resettermname = 0;
-		if (tnamep && tnamep != unknown)
-			free(tnamep);
-		if ((tname = (char *)env_getvalue((unsigned char *)"TERM")) &&
-				telnet_setupterm(tname, 1, &err) == 0) {
-			tnamep = mklist(termbuf, tname);
-		} else {
-			if (tname && ((int)strlen(tname) <= 40)) {
-				unknown[0] = tname;
-				strupr(tname);
-			} else
-				unknown[0] = name_unknown;
-			tnamep = unknown;
-		}
-		next = tnamep;
-	}
-	if (*next == 0)
-		next = tnamep;
-	return(*next++);
-}
-/*
- * suboption()
- *
- *	Look at the sub-option buffer, and try to be helpful to the other
- * side.
- *
- *	Currently we recognize:
- *
- *		Terminal type, send request.
- *		Terminal speed (send request).
- *		Local flow control (is request).
- *		Linemode
- */
-
-static void
-suboption()
-{
-    unsigned char subchar;
-
-    printsub('<', subbuffer, SB_LEN()+2);
-    switch (subchar = SB_GET()) {
-    case TELOPT_TTYPE:
-	if (my_want_state_is_wont(TELOPT_TTYPE))
-	    return;
-	if (SB_EOF() || SB_GET() != TELQUAL_SEND) {
-	    return;
-	} else {
-	    char *name;
-	    unsigned char temp[50];
-	    int len;
-
-	    name = gettermname();
-	    len = strlen(name) + 4 + 2;
-	    if (len < NETROOM()) {
-		snprintf((char *)temp, sizeof(temp),
-			 "%c%c%c%c%s%c%c", IAC, SB, TELOPT_TTYPE,
-			 TELQUAL_IS, name, IAC, SE);
-		ring_supply_data(&netoring, temp, len);
-		printsub('>', &temp[2], len-2);
-	    } else {
-		ExitString("No room in buffer for terminal type.\n", 1);
-		/*NOTREACHED*/
-	    }
-	}
-	break;
-    case TELOPT_TSPEED:
-	if (my_want_state_is_wont(TELOPT_TSPEED))
-	    return;
-	if (SB_EOF())
-	    return;
-	if (SB_GET() == TELQUAL_SEND) {
-	    long output_speed, input_speed;
-	    unsigned char temp[50];
-	    int len;
-
-	    TerminalSpeeds(&input_speed, &output_speed);
-
-	    snprintf((char *)temp, sizeof(temp),
-		     "%c%c%c%c%u,%u%c%c", IAC, SB, TELOPT_TSPEED,
-		     TELQUAL_IS,
-		     (unsigned)output_speed,
-		     (unsigned)input_speed, IAC, SE);
-	    len = strlen((char *)temp+4) + 4;	/* temp[3] is 0 ... */
-
-	    if (len < NETROOM()) {
-		ring_supply_data(&netoring, temp, len);
-		printsub('>', temp+2, len - 2);
-	    }
-/*@*/	    else printf("lm_will: not enough room in buffer\n");
-	}
-	break;
-    case TELOPT_LFLOW:
-	if (my_want_state_is_wont(TELOPT_LFLOW))
-	    return;
-	if (SB_EOF())
-	    return;
-	switch(SB_GET()) {
-	case LFLOW_RESTART_ANY:
-	    restartany = 1;
-	    break;
-	case LFLOW_RESTART_XON:
-	    restartany = 0;
-	    break;
-	case LFLOW_ON:
-	    localflow = 1;
-	    break;
-	case LFLOW_OFF:
-	    localflow = 0;
-	    break;
-	default:
-	    return;
-	}
-	setcommandmode();
-	setconnmode(0);
-	break;
-
-    case TELOPT_LINEMODE:
-	if (my_want_state_is_wont(TELOPT_LINEMODE))
-	    return;
-	if (SB_EOF())
-	    return;
-	switch (SB_GET()) {
-	case WILL:
-	    lm_will(subpointer, SB_LEN());
-	    break;
-	case WONT:
-	    lm_wont(subpointer, SB_LEN());
-	    break;
-	case DO:
-	    lm_do(subpointer, SB_LEN());
-	    break;
-	case DONT:
-	    lm_dont(subpointer, SB_LEN());
-	    break;
-	case LM_SLC:
-	    slc(subpointer, SB_LEN());
-	    break;
-	case LM_MODE:
-	    lm_mode(subpointer, SB_LEN(), 0);
-	    break;
-	default:
-	    break;
-	}
-	break;
-
-#ifdef	OLD_ENVIRON
-    case TELOPT_OLD_ENVIRON:
-#endif
-    case TELOPT_NEW_ENVIRON:
-	if (SB_EOF())
-	    return;
-	switch(SB_PEEK()) {
-	case TELQUAL_IS:
-	case TELQUAL_INFO:
-	    if (my_want_state_is_dont(subchar))
-		return;
-	    break;
-	case TELQUAL_SEND:
-	    if (my_want_state_is_wont(subchar)) {
-		return;
-	    }
-	    break;
-	default:
-	    return;
-	}
-	env_opt(subpointer, SB_LEN());
-	break;
-
-    case TELOPT_XDISPLOC:
-	if (my_want_state_is_wont(TELOPT_XDISPLOC))
-	    return;
-	if (SB_EOF())
-	    return;
-	if (SB_GET() == TELQUAL_SEND) {
-	    unsigned char temp[50], *dp;
-	    int len;
-
-	    if ((dp = env_getvalue((unsigned char *)"DISPLAY")) == NULL) {
-		/*
-		 * Something happened, we no longer have a DISPLAY
-		 * variable.  So, turn off the option.
-		 */
-		send_wont(TELOPT_XDISPLOC, 1);
-		break;
-	    }
-	    snprintf((char *)temp, sizeof(temp),
-		     "%c%c%c%c%s%c%c", IAC, SB, TELOPT_XDISPLOC,
-		     TELQUAL_IS, dp, IAC, SE);
-	    len = strlen((char *)temp+4) + 4;	/* temp[3] is 0 ... */
-
-	    if (len < NETROOM()) {
-		ring_supply_data(&netoring, temp, len);
-		printsub('>', temp+2, len - 2);
-	    }
-/*@*/	    else printf("lm_will: not enough room in buffer\n");
-	}
-	break;
-
-#if	defined(AUTHENTICATION)
-	case TELOPT_AUTHENTICATION: {
-		if (!autologin)
-			break;
-		if (SB_EOF())
-			return;
-		switch(SB_GET()) {
-		case TELQUAL_IS:
-			if (my_want_state_is_dont(TELOPT_AUTHENTICATION))
-				return;
-			auth_is(subpointer, SB_LEN());
-			break;
-		case TELQUAL_SEND:
-			if (my_want_state_is_wont(TELOPT_AUTHENTICATION))
-				return;
-			auth_send(subpointer, SB_LEN());
-			break;
-		case TELQUAL_REPLY:
-			if (my_want_state_is_wont(TELOPT_AUTHENTICATION))
-				return;
-			auth_reply(subpointer, SB_LEN());
-			break;
-		case TELQUAL_NAME:
-			if (my_want_state_is_dont(TELOPT_AUTHENTICATION))
-				return;
-			auth_name(subpointer, SB_LEN());
-			break;
-		}
-	}
-	break;
-#endif
-#if	defined(ENCRYPTION)
-	case TELOPT_ENCRYPT:
-		if (SB_EOF())
-			return;
-		switch(SB_GET()) {
-		case ENCRYPT_START:
-			if (my_want_state_is_dont(TELOPT_ENCRYPT))
-				return;
-			encrypt_start(subpointer, SB_LEN());
-			break;
-		case ENCRYPT_END:
-			if (my_want_state_is_dont(TELOPT_ENCRYPT))
-				return;
-			encrypt_end();
-			break;
-		case ENCRYPT_SUPPORT:
-			if (my_want_state_is_wont(TELOPT_ENCRYPT))
-				return;
-			encrypt_support(subpointer, SB_LEN());
-			break;
-		case ENCRYPT_REQSTART:
-			if (my_want_state_is_wont(TELOPT_ENCRYPT))
-				return;
-			encrypt_request_start(subpointer, SB_LEN());
-			break;
-		case ENCRYPT_REQEND:
-			if (my_want_state_is_wont(TELOPT_ENCRYPT))
-				return;
-			/*
-			 * We can always send an REQEND so that we cannot
-			 * get stuck encrypting.  We should only get this
-			 * if we have been able to get in the correct mode
-			 * anyhow.
-			 */
-			encrypt_request_end();
-			break;
-		case ENCRYPT_IS:
-			if (my_want_state_is_dont(TELOPT_ENCRYPT))
-				return;
-			encrypt_is(subpointer, SB_LEN());
-			break;
-		case ENCRYPT_REPLY:
-			if (my_want_state_is_wont(TELOPT_ENCRYPT))
-				return;
-			encrypt_reply(subpointer, SB_LEN());
-			break;
-		case ENCRYPT_ENC_KEYID:
-			if (my_want_state_is_dont(TELOPT_ENCRYPT))
-				return;
-			encrypt_enc_keyid(subpointer, SB_LEN());
-			break;
-		case ENCRYPT_DEC_KEYID:
-			if (my_want_state_is_wont(TELOPT_ENCRYPT))
-				return;
-			encrypt_dec_keyid(subpointer, SB_LEN());
-			break;
-		default:
-			break;
-		}
-		break;
-#endif
-    default:
-	break;
-    }
-}
-
-static unsigned char str_lm[] = { IAC, SB, TELOPT_LINEMODE, 0, 0, IAC, SE };
-
-void
-lm_will(unsigned char *cmd, int len)
-{
-    if (len < 1) {
-/*@*/	printf("lm_will: no command!!!\n");	/* Should not happen... */
-	return;
-    }
-    switch(cmd[0]) {
-    case LM_FORWARDMASK:	/* We shouldn't ever get this... */
-    default:
-	str_lm[3] = DONT;
-	str_lm[4] = cmd[0];
-	if (NETROOM() > sizeof(str_lm)) {
-	    ring_supply_data(&netoring, str_lm, sizeof(str_lm));
-	    printsub('>', &str_lm[2], sizeof(str_lm)-2);
-	}
-/*@*/	else printf("lm_will: not enough room in buffer\n");
-	break;
-    }
-}
-
-void
-lm_wont(unsigned char *cmd, int len)
-{
-    if (len < 1) {
-/*@*/	printf("lm_wont: no command!!!\n");	/* Should not happen... */
-	return;
-    }
-    switch(cmd[0]) {
-    case LM_FORWARDMASK:	/* We shouldn't ever get this... */
-    default:
-	/* We are always DONT, so don't respond */
-	return;
-    }
-}
-
-void
-lm_do(unsigned char *cmd, int len)
-{
-    if (len < 1) {
-/*@*/	printf("lm_do: no command!!!\n");	/* Should not happen... */
-	return;
-    }
-    switch(cmd[0]) {
-    case LM_FORWARDMASK:
-    default:
-	str_lm[3] = WONT;
-	str_lm[4] = cmd[0];
-	if (NETROOM() > sizeof(str_lm)) {
-	    ring_supply_data(&netoring, str_lm, sizeof(str_lm));
-	    printsub('>', &str_lm[2], sizeof(str_lm)-2);
-	}
-/*@*/	else printf("lm_do: not enough room in buffer\n");
-	break;
-    }
-}
-
-void
-lm_dont(unsigned char *cmd, int len)
-{
-    if (len < 1) {
-/*@*/	printf("lm_dont: no command!!!\n");	/* Should not happen... */
-	return;
-    }
-    switch(cmd[0]) {
-    case LM_FORWARDMASK:
-    default:
-	/* we are always WONT, so don't respond */
-	break;
-    }
-}
-
-static unsigned char str_lm_mode[] = {
-	IAC, SB, TELOPT_LINEMODE, LM_MODE, 0, IAC, SE
-};
-
-void
-lm_mode(unsigned char *cmd, int len, int init)
-{
-	if (len != 1)
-		return;
-	if ((linemode&MODE_MASK&~MODE_ACK) == *cmd)
-		return;
-	if (*cmd&MODE_ACK)
-		return;
-	linemode = *cmd&(MODE_MASK&~MODE_ACK);
-	str_lm_mode[4] = linemode;
-	if (!init)
-	    str_lm_mode[4] |= MODE_ACK;
-	if (NETROOM() > sizeof(str_lm_mode)) {
-	    ring_supply_data(&netoring, str_lm_mode, sizeof(str_lm_mode));
-	    printsub('>', &str_lm_mode[2], sizeof(str_lm_mode)-2);
-	}
-/*@*/	else printf("lm_mode: not enough room in buffer\n");
-	setconnmode(0);	/* set changed mode */
-}
-
-
-
-/*
- * slc()
- * Handle special character suboption of LINEMODE.
- */
-
-struct spc {
-	cc_t val;
-	cc_t *valp;
-	char flags;	/* Current flags & level */
-	char mylevel;	/* Maximum level & flags */
-} spc_data[NSLC+1];
-
-#define SLC_IMPORT	0
-#define	SLC_EXPORT	1
-#define SLC_RVALUE	2
-static int slc_mode = SLC_EXPORT;
-
-void
-slc_init()
-{
-	struct spc *spcp;
-
-	localchars = 1;
-	for (spcp = spc_data; spcp < &spc_data[NSLC+1]; spcp++) {
-		spcp->val = 0;
-		spcp->valp = 0;
-		spcp->flags = spcp->mylevel = SLC_NOSUPPORT;
-	}
-
-#define	initfunc(func, flags) { \
-					spcp = &spc_data[func]; \
-					if ((spcp->valp = tcval(func))) { \
-					    spcp->val = *spcp->valp; \
-					    spcp->mylevel = SLC_VARIABLE|flags; \
-					} else { \
-					    spcp->val = 0; \
-					    spcp->mylevel = SLC_DEFAULT; \
-					} \
-				    }
-
-	initfunc(SLC_SYNCH, 0);
-	/* No BRK */
-	initfunc(SLC_AO, 0);
-	initfunc(SLC_AYT, 0);
-	/* No EOR */
-	initfunc(SLC_ABORT, SLC_FLUSHIN|SLC_FLUSHOUT);
-	initfunc(SLC_EOF, 0);
-	initfunc(SLC_SUSP, SLC_FLUSHIN);
-	initfunc(SLC_EC, 0);
-	initfunc(SLC_EL, 0);
-	initfunc(SLC_EW, 0);
-	initfunc(SLC_RP, 0);
-	initfunc(SLC_LNEXT, 0);
-	initfunc(SLC_XON, 0);
-	initfunc(SLC_XOFF, 0);
-	initfunc(SLC_FORW1, 0);
-	initfunc(SLC_FORW2, 0);
-	/* No FORW2 */
-
-	initfunc(SLC_IP, SLC_FLUSHIN|SLC_FLUSHOUT);
-#undef	initfunc
-
-	if (slc_mode == SLC_EXPORT)
-		slc_export();
-	else
-		slc_import(1);
-
-}
-
-void
-slcstate()
-{
-    printf("Special characters are %s values\n",
-		slc_mode == SLC_IMPORT ? "remote default" :
-		slc_mode == SLC_EXPORT ? "local" :
-					 "remote");
-}
-
-void
-slc_mode_export()
-{
-    slc_mode = SLC_EXPORT;
-    if (my_state_is_will(TELOPT_LINEMODE))
-	slc_export();
-}
-
-void
-slc_mode_import(int def)
-{
-    slc_mode = def ? SLC_IMPORT : SLC_RVALUE;
-    if (my_state_is_will(TELOPT_LINEMODE))
-	slc_import(def);
-}
-
-unsigned char slc_import_val[] = {
-	IAC, SB, TELOPT_LINEMODE, LM_SLC, 0, SLC_VARIABLE, 0, IAC, SE
-};
-unsigned char slc_import_def[] = {
-	IAC, SB, TELOPT_LINEMODE, LM_SLC, 0, SLC_DEFAULT, 0, IAC, SE
-};
-
-void
-slc_import(int def)
-{
-    if (NETROOM() > sizeof(slc_import_val)) {
-	if (def) {
-	    ring_supply_data(&netoring, slc_import_def, sizeof(slc_import_def));
-	    printsub('>', &slc_import_def[2], sizeof(slc_import_def)-2);
-	} else {
-	    ring_supply_data(&netoring, slc_import_val, sizeof(slc_import_val));
-	    printsub('>', &slc_import_val[2], sizeof(slc_import_val)-2);
-	}
-    }
-/*@*/ else printf("slc_import: not enough room\n");
-}
-
-void
-slc_export()
-{
-    struct spc *spcp;
-
-    TerminalDefaultChars();
-
-    slc_start_reply();
-    for (spcp = &spc_data[1]; spcp < &spc_data[NSLC+1]; spcp++) {
-	if (spcp->mylevel != SLC_NOSUPPORT) {
-	    if (spcp->val == (cc_t)(_POSIX_VDISABLE))
-		spcp->flags = SLC_NOSUPPORT;
-	    else
-		spcp->flags = spcp->mylevel;
-	    if (spcp->valp)
-		spcp->val = *spcp->valp;
-	    slc_add_reply(spcp - spc_data, spcp->flags, spcp->val);
-	}
-    }
-    slc_end_reply();
-    slc_update();
-    setconnmode(1);	/* Make sure the character values are set */
-}
-
-void
-slc(unsigned char *cp, int len)
-{
-	struct spc *spcp;
-	int func,level;
-
-	slc_start_reply();
-
-	for (; len >= 3; len -=3, cp +=3) {
-
-		func = cp[SLC_FUNC];
-
-		if (func == 0) {
-			/*
-			 * Client side: always ignore 0 function.
-			 */
-			continue;
-		}
-		if (func > NSLC) {
-			if ((cp[SLC_FLAGS] & SLC_LEVELBITS) != SLC_NOSUPPORT)
-				slc_add_reply(func, SLC_NOSUPPORT, 0);
-			continue;
-		}
-
-		spcp = &spc_data[func];
-
-		level = cp[SLC_FLAGS]&(SLC_LEVELBITS|SLC_ACK);
-
-		if ((cp[SLC_VALUE] == (unsigned char)spcp->val) &&
-		    ((level&SLC_LEVELBITS) == (spcp->flags&SLC_LEVELBITS))) {
-			continue;
-		}
-
-		if (level == (SLC_DEFAULT|SLC_ACK)) {
-			/*
-			 * This is an error condition, the SLC_ACK
-			 * bit should never be set for the SLC_DEFAULT
-			 * level.  Our best guess to recover is to
-			 * ignore the SLC_ACK bit.
-			 */
-			cp[SLC_FLAGS] &= ~SLC_ACK;
-		}
-
-		if (level == ((spcp->flags&SLC_LEVELBITS)|SLC_ACK)) {
-			spcp->val = (cc_t)cp[SLC_VALUE];
-			spcp->flags = cp[SLC_FLAGS];	/* include SLC_ACK */
-			continue;
-		}
-
-		level &= ~SLC_ACK;
-
-		if (level <= (spcp->mylevel&SLC_LEVELBITS)) {
-			spcp->flags = cp[SLC_FLAGS]|SLC_ACK;
-			spcp->val = (cc_t)cp[SLC_VALUE];
-		}
-		if (level == SLC_DEFAULT) {
-			if ((spcp->mylevel&SLC_LEVELBITS) != SLC_DEFAULT)
-				spcp->flags = spcp->mylevel;
-			else
-				spcp->flags = SLC_NOSUPPORT;
-		}
-		slc_add_reply(func, spcp->flags, spcp->val);
-	}
-	slc_end_reply();
-	if (slc_update())
-		setconnmode(1);	/* set the  new character values */
-}
-
-void
-slc_check()
-{
-    struct spc *spcp;
-
-    slc_start_reply();
-    for (spcp = &spc_data[1]; spcp < &spc_data[NSLC+1]; spcp++) {
-	if (spcp->valp && spcp->val != *spcp->valp) {
-	    spcp->val = *spcp->valp;
-	    if (spcp->val == (cc_t)(_POSIX_VDISABLE))
-		spcp->flags = SLC_NOSUPPORT;
-	    else
-		spcp->flags = spcp->mylevel;
-	    slc_add_reply(spcp - spc_data, spcp->flags, spcp->val);
-	}
-    }
-    slc_end_reply();
-    setconnmode(1);
-}
-
-
-unsigned char slc_reply[128];
-unsigned char const * const slc_reply_eom = &slc_reply[sizeof(slc_reply)];
-unsigned char *slc_replyp;
-
-void
-slc_start_reply()
-{
-	slc_replyp = slc_reply;
-	*slc_replyp++ = IAC;
-	*slc_replyp++ = SB;
-	*slc_replyp++ = TELOPT_LINEMODE;
-	*slc_replyp++ = LM_SLC;
-}
-
-void
-slc_add_reply(unsigned char func, unsigned char flags, cc_t value)
-{
-	/* A sequence of up to 6 bytes my be written for this member of the SLC
-	 * suboption list by this function.  The end of negotiation command,
-	 * which is written by slc_end_reply(), will require 2 additional
-	 * bytes.  Do not proceed unless there is sufficient space for these
-	 * items.
-	 */
-	if (&slc_replyp[6+2] > slc_reply_eom)
-		return;
-	if ((*slc_replyp++ = func) == IAC)
-		*slc_replyp++ = IAC;
-	if ((*slc_replyp++ = flags) == IAC)
-		*slc_replyp++ = IAC;
-	if ((*slc_replyp++ = (unsigned char)value) == IAC)
-		*slc_replyp++ = IAC;
-}
-
-void
-slc_end_reply()
-{
-    int len;
-
-    /* The end of negotiation command requires 2 bytes. */
-    if (&slc_replyp[2] > slc_reply_eom)
-            return;
-    *slc_replyp++ = IAC;
-    *slc_replyp++ = SE;
-    len = slc_replyp - slc_reply;
-    if (len <= 6)
-	return;
-    if (NETROOM() > len) {
-	ring_supply_data(&netoring, slc_reply, slc_replyp - slc_reply);
-	printsub('>', &slc_reply[2], slc_replyp - slc_reply - 2);
-    }
-/*@*/else printf("slc_end_reply: not enough room\n");
-}
-
-int
-slc_update()
-{
-	struct spc *spcp;
-	int need_update = 0;
-
-	for (spcp = &spc_data[1]; spcp < &spc_data[NSLC+1]; spcp++) {
-		if (!(spcp->flags&SLC_ACK))
-			continue;
-		spcp->flags &= ~SLC_ACK;
-		if (spcp->valp && (*spcp->valp != spcp->val)) {
-			*spcp->valp = spcp->val;
-			need_update = 1;
-		}
-	}
-	return(need_update);
-}
-
-#ifdef	OLD_ENVIRON
-#  define old_env_var OLD_ENV_VAR
-#  define old_env_value OLD_ENV_VALUE
-#endif
-
-void
-env_opt(unsigned char *buf, int len)
-{
-	unsigned char *ep = 0, *epc = 0;
-	int i;
-
-	switch(buf[0]&0xff) {
-	case TELQUAL_SEND:
-		env_opt_start();
-		if (len == 1) {
-			env_opt_add(NULL);
-		} else for (i = 1; i < len; i++) {
-			switch (buf[i]&0xff) {
-#ifdef	OLD_ENVIRON
-			case OLD_ENV_VAR:
-			case OLD_ENV_VALUE:
-				/*
-				 * Although OLD_ENV_VALUE is not legal, we will
-				 * still recognize it, just in case it is an
-				 * old server that has VAR & VALUE mixed up...
-				 */
-				/* FALL THROUGH */
-#else
-			case NEW_ENV_VAR:
-#endif
-			case ENV_USERVAR:
-				if (ep) {
-					*epc = 0;
-					env_opt_add(ep);
-				}
-				ep = epc = &buf[i+1];
-				break;
-			case ENV_ESC:
-				i++;
-				/*FALL THROUGH*/
-			default:
-				if (epc)
-					*epc++ = buf[i];
-				break;
-			}
-		}
-		if (ep) {
-			*epc = 0;
-			env_opt_add(ep);
-		}
-		env_opt_end(1);
-		break;
-
-	case TELQUAL_IS:
-	case TELQUAL_INFO:
-		/* Ignore for now.  We shouldn't get it anyway. */
-		break;
-
-	default:
-		break;
-	}
-}
-
-#define	OPT_REPLY_SIZE	(2 * SUBBUFSIZE)
-unsigned char *opt_reply;
-unsigned char *opt_replyp;
-unsigned char *opt_replyend;
-
-void
-env_opt_start()
-{
-	if (opt_reply) {
-		void *tmp = realloc (opt_reply, OPT_REPLY_SIZE);
-		if (tmp != NULL) {
-			opt_reply = tmp;
-		} else {
-			free (opt_reply);
-			opt_reply = NULL;
-		}
-	} else
-		opt_reply = (unsigned char *)malloc(OPT_REPLY_SIZE);
-	if (opt_reply == NULL) {
-/*@*/		printf("env_opt_start: malloc()/realloc() failed!!!\n");
-		opt_reply = opt_replyp = opt_replyend = NULL;
-		return;
-	}
-	opt_replyp = opt_reply;
-	opt_replyend = opt_reply + OPT_REPLY_SIZE;
-	*opt_replyp++ = IAC;
-	*opt_replyp++ = SB;
-	*opt_replyp++ = telopt_environ;
-	*opt_replyp++ = TELQUAL_IS;
-}
-
-void
-env_opt_start_info()
-{
-	env_opt_start();
-	if (opt_replyp)
-	    opt_replyp[-1] = TELQUAL_INFO;
-}
-
-void
-env_opt_add(unsigned char *ep)
-{
-	unsigned char *vp, c;
-
-	if (opt_reply == NULL)		/*XXX*/
-		return;			/*XXX*/
-
-	if (ep == NULL || *ep == '\0') {
-		/* Send user defined variables first. */
-		env_default(1, 0);
-		while ((ep = env_default(0, 0)))
-			env_opt_add(ep);
-
-		/* Now add the list of well know variables.  */
-		env_default(1, 1);
-		while ((ep = env_default(0, 1)))
-			env_opt_add(ep);
-		return;
-	}
-	vp = env_getvalue(ep);
-        if (opt_replyp + (vp ? 2 * strlen((char *)vp) : 0) +
-                                2 * strlen((char *)ep) + 6 > opt_replyend)
-        {
-		int len;
-		void *tmp;
-		opt_replyend += OPT_REPLY_SIZE;
-		len = opt_replyend - opt_reply;
-		tmp = realloc(opt_reply, len);
-		if (tmp == NULL) {
-/*@*/			printf("env_opt_add: realloc() failed!!!\n");
-			opt_reply = opt_replyp = opt_replyend = NULL;
-			return;
-		}
-		opt_reply = tmp;
-		opt_replyp = opt_reply + len - (opt_replyend - opt_replyp);
-		opt_replyend = opt_reply + len;
-	}
-	if (opt_welldefined((char *)ep)) {
-#ifdef	OLD_ENVIRON
-		if (telopt_environ == TELOPT_OLD_ENVIRON)
-			*opt_replyp++ = old_env_var;
-		else
-#endif
-			*opt_replyp++ = NEW_ENV_VAR;
-	} else
-		*opt_replyp++ = ENV_USERVAR;
-	for (;;) {
-		while ((c = *ep++)) {
-			if (opt_replyp + (2 + 2) > opt_replyend)
-				return;
-			switch(c&0xff) {
-			case IAC:
-				*opt_replyp++ = IAC;
-				break;
-			case NEW_ENV_VAR:
-			case NEW_ENV_VALUE:
-			case ENV_ESC:
-			case ENV_USERVAR:
-				*opt_replyp++ = ENV_ESC;
-				break;
-			}
-			*opt_replyp++ = c;
-		}
-		if ((ep = vp)) {
-			if (opt_replyp + (1 + 2 + 2) > opt_replyend)
-				return;
-#ifdef	OLD_ENVIRON
-			if (telopt_environ == TELOPT_OLD_ENVIRON)
-				*opt_replyp++ = old_env_value;
-			else
-#endif
-				*opt_replyp++ = NEW_ENV_VALUE;
-			vp = NULL;
-		} else
-			break;
-	}
-}
-
-int
-opt_welldefined(char *ep)
-{
-	if ((strcmp(ep, "USER") == 0) ||
-	    (strcmp(ep, "DISPLAY") == 0) ||
-	    (strcmp(ep, "PRINTER") == 0) ||
-	    (strcmp(ep, "SYSTEMTYPE") == 0) ||
-	    (strcmp(ep, "JOB") == 0) ||
-	    (strcmp(ep, "ACCT") == 0))
-		return(1);
-	return(0);
-}
-
-void
-env_opt_end(int emptyok)
-{
-	int len;
-
-	if (opt_replyp + 2 > opt_replyend)
-		return;
-	len = opt_replyp + 2 - opt_reply;
-	if (emptyok || len > 6) {
-		*opt_replyp++ = IAC;
-		*opt_replyp++ = SE;
-		if (NETROOM() > len) {
-			ring_supply_data(&netoring, opt_reply, len);
-			printsub('>', &opt_reply[2], len - 2);
-		}
-/*@*/		else printf("slc_end_reply: not enough room\n");
-	}
-	if (opt_reply) {
-		free(opt_reply);
-		opt_reply = opt_replyp = opt_replyend = NULL;
-	}
-}
-
-
-
-int
-telrcv(void)
-{
-    int c;
-    int scc;
-    unsigned char *sbp = NULL;
-    int count;
-    int returnValue = 0;
-
-    scc = 0;
-    count = 0;
-    while (TTYROOM() > 2) {
-	if (scc == 0) {
-	    if (count) {
-		ring_consumed(&netiring, count);
-		returnValue = 1;
-		count = 0;
-	    }
-	    sbp = netiring.consume;
-	    scc = ring_full_consecutive(&netiring);
-	    if (scc == 0) {
-		/* No more data coming in */
-		break;
-	    }
-	}
-
-	c = *sbp++ & 0xff, scc--; count++;
-#if	defined(ENCRYPTION)
-	if (decrypt_input)
-		c = (*decrypt_input)(c);
-#endif
-
-	switch (telrcv_state) {
-
-	case TS_CR:
-	    telrcv_state = TS_DATA;
-	    if (c == '\0') {
-		break;	/* Ignore \0 after CR */
-	    }
-	    else if ((c == '\n') && my_want_state_is_dont(TELOPT_ECHO) && !crmod) {
-		TTYADD(c);
-		break;
-	    }
-	    /* Else, fall through */
-
-	case TS_DATA:
-	    if (c == IAC) {
-		telrcv_state = TS_IAC;
-		break;
-	    }
-		    /* 
-		     * The 'crmod' hack (see following) is needed
-		     * since we can't set CRMOD on output only.
-		     * Machines like MULTICS like to send \r without
-		     * \n; since we must turn off CRMOD to get proper
-		     * input, the mapping is done here (sigh).
-		     */
-	    if ((c == '\r') && my_want_state_is_dont(TELOPT_BINARY)) {
-		if (scc > 0) {
-		    c = *sbp&0xff;
-#if	defined(ENCRYPTION)
-		    if (decrypt_input)
-			c = (*decrypt_input)(c);
-#endif
-		    if (c == 0) {
-			sbp++, scc--; count++;
-			/* a "true" CR */
-			TTYADD('\r');
-		    } else if (my_want_state_is_dont(TELOPT_ECHO) &&
-					(c == '\n')) {
-			sbp++, scc--; count++;
-			TTYADD('\n');
-		    } else {
-#if	defined(ENCRYPTION)
-		        if (decrypt_input)
-			    (*decrypt_input)(-1);
-#endif
-
-			TTYADD('\r');
-			if (crmod) {
-				TTYADD('\n');
-			}
-		    }
-		} else {
-		    telrcv_state = TS_CR;
-		    TTYADD('\r');
-		    if (crmod) {
-			    TTYADD('\n');
-		    }
-		}
-	    } else {
-		TTYADD(c);
-	    }
-	    continue;
-
-	case TS_IAC:
-process_iac:
-	    switch (c) {
-
-	    case WILL:
-		telrcv_state = TS_WILL;
-		continue;
-
-	    case WONT:
-		telrcv_state = TS_WONT;
-		continue;
-
-	    case DO:
-		telrcv_state = TS_DO;
-		continue;
-
-	    case DONT:
-		telrcv_state = TS_DONT;
-		continue;
-
-	    case DM:
-		    /*
-		     * We may have missed an urgent notification,
-		     * so make sure we flush whatever is in the
-		     * buffer currently.
-		     */
-		printoption("RCVD", IAC, DM);
-		SYNCHing = 1;
-		ttyflush(1);
-		SYNCHing = stilloob();
-		settimer(gotDM);
-		break;
-
-	    case SB:
-		SB_CLEAR();
-		telrcv_state = TS_SB;
-		continue;
-
-
-	    case IAC:
-		TTYADD(IAC);
-		break;
-
-	    case NOP:
-	    case GA:
-	    default:
-		printoption("RCVD", IAC, c);
-		break;
-	    }
-	    telrcv_state = TS_DATA;
-	    continue;
-
-	case TS_WILL:
-	    printoption("RCVD", WILL, c);
-	    willoption(c);
-	    telrcv_state = TS_DATA;
-	    continue;
-
-	case TS_WONT:
-	    printoption("RCVD", WONT, c);
-	    wontoption(c);
-	    telrcv_state = TS_DATA;
-	    continue;
-
-	case TS_DO:
-	    printoption("RCVD", DO, c);
-	    dooption(c);
-	    if (c == TELOPT_NAWS) {
-		sendnaws();
-	    } else if (c == TELOPT_LFLOW) {
-		localflow = 1;
-		setcommandmode();
-		setconnmode(0);
-	    }
-	    telrcv_state = TS_DATA;
-	    continue;
-
-	case TS_DONT:
-	    printoption("RCVD", DONT, c);
-	    dontoption(c);
-	    flushline = 1;
-	    setconnmode(0);	/* set new tty mode (maybe) */
-	    telrcv_state = TS_DATA;
-	    continue;
-
-	case TS_SB:
-	    if (c == IAC) {
-		telrcv_state = TS_SE;
-	    } else {
-		SB_ACCUM(c);
-	    }
-	    continue;
-
-	case TS_SE:
-	    if (c != SE) {
-		if (c != IAC) {
-		    /*
-		     * This is an error.  We only expect to get
-		     * "IAC IAC" or "IAC SE".  Several things may
-		     * have happened.  An IAC was not doubled, the
-		     * IAC SE was left off, or another option got
-		     * inserted into the suboption are all possibilities.
-		     * If we assume that the IAC was not doubled,
-		     * and really the IAC SE was left off, we could
-		     * get into an infinite loop here.  So, instead,
-		     * we terminate the suboption, and process the
-		     * partial suboption if we can.
-		     */
-		    SB_ACCUM(IAC);
-		    SB_ACCUM(c);
-		    subpointer -= 2;
-		    SB_TERM();
-
-		    printoption("In SUBOPTION processing, RCVD", IAC, c);
-		    suboption();	/* handle sub-option */
-		    telrcv_state = TS_IAC;
-		    goto process_iac;
-		}
-		SB_ACCUM(c);
-		telrcv_state = TS_SB;
-	    } else {
-		SB_ACCUM(IAC);
-		SB_ACCUM(SE);
-		subpointer -= 2;
-		SB_TERM();
-		suboption();	/* handle sub-option */
-		telrcv_state = TS_DATA;
-	    }
-	}
-    }
-    if (count)
-	ring_consumed(&netiring, count);
-    return returnValue||count;
-}
-
-static int bol = 1, local = 0;
-
-int
-rlogin_susp(void)
-{
-    if (local) {
-	local = 0;
-	bol = 1;
-	command(0, "z\n", 2);
-	return(1);
-    }
-    return(0);
-}
-
-static int
-telsnd()
-{
-    int tcc;
-    int count;
-    int returnValue = 0;
-    unsigned char *tbp = NULL;
-
-    tcc = 0;
-    count = 0;
-    while (NETROOM() > 2) {
-	int sc;
-	int c;
-
-	if (tcc == 0) {
-	    if (count) {
-		ring_consumed(&ttyiring, count);
-		returnValue = 1;
-		count = 0;
-	    }
-	    tbp = ttyiring.consume;
-	    tcc = ring_full_consecutive(&ttyiring);
-	    if (tcc == 0) {
-		break;
-	    }
-	}
-	c = *tbp++ & 0xff, sc = strip(c), tcc--; count++;
-	if (rlogin != _POSIX_VDISABLE) {
-		if (bol) {
-			bol = 0;
-			if (sc == rlogin) {
-				local = 1;
-				continue;
-			}
-		} else if (local) {
-			local = 0;
-			if (sc == '.' || c == termEofChar) {
-				bol = 1;
-				command(0, "close\n", 6);
-				continue;
-			}
-			if (sc == termSuspChar) {
-				bol = 1;
-				command(0, "z\n", 2);
-				continue;
-			}
-			if (sc == escape) {
-				command(0, (char *)tbp, tcc);
-				bol = 1;
-				count += tcc;
-				tcc = 0;
-				flushline = 1;
-				break;
-			}
-			if (sc != rlogin) {
-				++tcc;
-				--tbp;
-				--count;
-				c = sc = rlogin;
-			}
-		}
-		if ((sc == '\n') || (sc == '\r'))
-			bol = 1;
-	} else if (sc == escape) {
-	    /*
-	     * Double escape is a pass through of a single escape character.
-	     */
-	    if (tcc && strip(*tbp) == escape) {
-		tbp++;
-		tcc--;
-		count++;
-		bol = 0;
-	    } else {
-		command(0, (char *)tbp, tcc);
-		bol = 1;
-		count += tcc;
-		tcc = 0;
-		flushline = 1;
-		break;
-	    }
-	} else
-	    bol = 0;
-#ifdef	KLUDGELINEMODE
-	if (kludgelinemode && (globalmode&MODE_EDIT) && (sc == echoc)) {
-	    if (tcc > 0 && strip(*tbp) == echoc) {
-		tcc--; tbp++; count++;
-	    } else {
-		dontlecho = !dontlecho;
-		settimer(echotoggle);
-		setconnmode(0);
-		flushline = 1;
-		break;
-	    }
-	}
-#endif
-	if (MODE_LOCAL_CHARS(globalmode)) {
-	    if (TerminalSpecialChars(sc) == 0) {
-		bol = 1;
-		break;
-	    }
-	}
-	if (my_want_state_is_wont(TELOPT_BINARY)) {
-	    switch (c) {
-	    case '\n':
-		    /*
-		     * If we are in CRMOD mode (\r ==> \n)
-		     * on our local machine, then probably
-		     * a newline (unix) is CRLF (TELNET).
-		     */
-		if (MODE_LOCAL_CHARS(globalmode)) {
-		    NETADD('\r');
-		}
-		NETADD('\n');
-		bol = flushline = 1;
-		break;
-	    case '\r':
-		if (!crlf) {
-		    NET2ADD('\r', '\0');
-		} else {
-		    NET2ADD('\r', '\n');
-		}
-		bol = flushline = 1;
-		break;
-	    case IAC:
-		NET2ADD(IAC, IAC);
-		break;
-	    default:
-		NETADD(c);
-		break;
-	    }
-	} else if (c == IAC) {
-	    NET2ADD(IAC, IAC);
-	} else {
-	    NETADD(c);
-	}
-    }
-    if (count)
-	ring_consumed(&ttyiring, count);
-    return returnValue||count;		/* Non-zero if we did anything */
-}
-
-/*
- * Scheduler()
- *
- * Try to do something.
- *
- * If we do something useful, return 1; else return 0.
- *
- */
-
-
-    int
-Scheduler(int block) /* should we block in the select ? */
-{
-		/* One wants to be a bit careful about setting returnValue
-		 * to one, since a one implies we did some useful work,
-		 * and therefore probably won't be called to block next
-		 * time (TN3270 mode only).
-		 */
-    int returnValue;
-    int netin, netout, netex, ttyin, ttyout;
-
-    /* Decide which rings should be processed */
-
-    netout = ring_full_count(&netoring) &&
-	    (flushline ||
-		(my_want_state_is_wont(TELOPT_LINEMODE)
-#ifdef	KLUDGELINEMODE
-			&& (!kludgelinemode || my_want_state_is_do(TELOPT_SGA))
-#endif
-		) ||
-			my_want_state_is_will(TELOPT_BINARY));
-    ttyout = ring_full_count(&ttyoring);
-
-    ttyin = ring_empty_count(&ttyiring);
-
-    netin = !ISend && ring_empty_count(&netiring);
-
-    netex = !SYNCHing;
-
-    /* If we have seen a signal recently, reset things */
-
-    if (scheduler_lockout_tty) {
-        ttyin = ttyout = 0;
-    }
-
-    /* Call to system code to process rings */
-
-    returnValue = process_rings(netin, netout, netex, ttyin, ttyout, !block);
-
-    /* Now, look at the input rings, looking for work to do. */
-
-    if (ring_full_count(&ttyiring)) {
-	    returnValue |= telsnd();
-    }
-
-    if (ring_full_count(&netiring)) {
-	returnValue |= telrcv();
-    }
-    return returnValue;
-}
-
-extern int auth_has_failed; /* XXX should be somewhere else */
-
-/*
- * Select from tty and network...
- */
-void
-my_telnet(char *user)
-{
-    int printed_encrypt = 0;
-    
-    sys_telnet_init();
-
-#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
-    {
-	static char local_host[256] = { 0 };
-
-	if (!local_host[0]) {
-		/* XXX - should be k_gethostname? */
-		gethostname(local_host, sizeof(local_host));
-		local_host[sizeof(local_host)-1] = 0;
-	}
-	auth_encrypt_init(local_host, hostname, "TELNET", 0);
-	auth_encrypt_user(user);
-    }
-#endif
-    if (telnetport) {
-#if	defined(AUTHENTICATION)
-	if (autologin)
-		send_will(TELOPT_AUTHENTICATION, 1);
-#endif
-#if	defined(ENCRYPTION)
-	send_do(TELOPT_ENCRYPT, 1);
-	send_will(TELOPT_ENCRYPT, 1);
-#endif
-	send_do(TELOPT_SGA, 1);
-	send_will(TELOPT_TTYPE, 1);
-	send_will(TELOPT_NAWS, 1);
-	send_will(TELOPT_TSPEED, 1);
-	send_will(TELOPT_LFLOW, 1);
-	send_will(TELOPT_LINEMODE, 1);
-	send_will(TELOPT_NEW_ENVIRON, 1);
-	send_do(TELOPT_STATUS, 1);
-	if (env_getvalue((unsigned char *)"DISPLAY"))
-	    send_will(TELOPT_XDISPLOC, 1);
-	if (binary)
-	    tel_enter_binary(binary);
-    }
-
-#ifdef ENCRYPTION
-    /*
-     * Note: we assume a tie to the authentication option here.  This
-     * is necessary so that authentication fails, we don't spin
-     * forever. 
-     */
-    if (telnetport && wantencryption) {
-	time_t timeout = time(0) + 60;
-
-	send_do(TELOPT_ENCRYPT, 1);
-	send_will(TELOPT_ENCRYPT, 1);
-	while (1) {
-	    if (my_want_state_is_wont(TELOPT_AUTHENTICATION)) {
-		if (wantencryption == -1) {
-		    break;
-		} else {
-		    printf("\nServer refused to negotiate authentication,\n");
-		    printf("which is required for encryption.\n");
-		    Exit(1);
-		}
-	    }
-	    if (auth_has_failed) {
-		printf("\nAuthentication negotiation has failed,\n");
-		printf("which is required for encryption.\n");
-		Exit(1);
-	    }
-	    if (my_want_state_is_dont(TELOPT_ENCRYPT) ||
-		my_want_state_is_wont(TELOPT_ENCRYPT)) {
-		printf("\nServer refused to negotiate encryption.\n");
-		Exit(1);
-	    }
-	    if (encrypt_is_encrypting())
-		break;
-	    if (time(0) > timeout) {
-		printf("\nEncryption could not be enabled.\n");
-		Exit(1);
-	    }
-	    if (printed_encrypt == 0) {
-		    printed_encrypt = 1;
-		    printf("Waiting for encryption to be negotiated...\n");
-		    /*
-		     * Turn on MODE_TRAPSIG and then turn off localchars 
-		     * so that ^C will cause telnet to exit.
-		     */
-		    TerminalNewMode(getconnmode()|MODE_TRAPSIG);
-		    intr_waiting = 1;
-	    }
-	    if (intr_happened) {
-		    printf("\nUser interrupt.\n");
-		    Exit(1);
-	    }
-	    if (telnet_spin()) {
-		    printf("\nServer disconnected.\n");
-		    Exit(1);
-	    }
-		
-	}
-	if (printed_encrypt) {
-		printf("Encryption negotiated.\n");
-		intr_waiting = 0;
-		setconnmode(0);
-	}
-    }
-#endif
-
-    for (;;) {
-	int schedValue;
-
-	while ((schedValue = Scheduler(0)) != 0) {
-	    if (schedValue == -1) {
-		setcommandmode();
-		return;
-	    }
-	}
-
-	if (Scheduler(1) == -1) {
-	    setcommandmode();
-	    return;
-	}
-    }
-}
-
-/*
- * netclear()
- *
- *	We are about to do a TELNET SYNCH operation.  Clear
- * the path to the network.
- *
- *	Things are a bit tricky since we may have sent the first
- * byte or so of a previous TELNET command into the network.
- * So, we have to scan the network buffer from the beginning
- * until we are up to where we want to be.
- *
- *	A side effect of what we do, just to keep things
- * simple, is to clear the urgent data pointer.  The principal
- * caller should be setting the urgent data pointer AFTER calling
- * us in any case.
- */
-
-static void
-netclear()
-{
-#if	0	/* XXX */
-    char *thisitem, *next;
-    char *good;
-#define	wewant(p)	((nfrontp > p) && ((*p&0xff) == IAC) && \
-				((*(p+1)&0xff) != EC) && ((*(p+1)&0xff) != EL))
-
-    thisitem = netobuf;
-
-    while ((next = nextitem(thisitem)) <= netobuf.send) {
-	thisitem = next;
-    }
-
-    /* Now, thisitem is first before/at boundary. */
-
-    good = netobuf;	/* where the good bytes go */
-
-    while (netoring.add > thisitem) {
-	if (wewant(thisitem)) {
-	    int length;
-
-	    next = thisitem;
-	    do {
-		next = nextitem(next);
-	    } while (wewant(next) && (nfrontp > next));
-	    length = next-thisitem;
-	    memmove(good, thisitem, length);
-	    good += length;
-	    thisitem = next;
-	} else {
-	    thisitem = nextitem(thisitem);
-	}
-    }
-
-#endif	/* 0 */
-}
-
-/*
- * These routines add various telnet commands to the data stream.
- */
-
-static void
-doflush()
-{
-    NET2ADD(IAC, DO);
-    NETADD(TELOPT_TM);
-    flushline = 1;
-    flushout = 1;
-    ttyflush(1);			/* Flush/drop output */
-    /* do printoption AFTER flush, otherwise the output gets tossed... */
-    printoption("SENT", DO, TELOPT_TM);
-}
-
-void
-xmitAO(void)
-{
-    NET2ADD(IAC, AO);
-    printoption("SENT", IAC, AO);
-    if (autoflush) {
-	doflush();
-    }
-}
-
-
-void
-xmitEL(void)
-{
-    NET2ADD(IAC, EL);
-    printoption("SENT", IAC, EL);
-}
-
-void
-xmitEC(void)
-{
-    NET2ADD(IAC, EC);
-    printoption("SENT", IAC, EC);
-}
-
-
-int
-dosynch()
-{
-    netclear();			/* clear the path to the network */
-    NETADD(IAC);
-    setneturg();
-    NETADD(DM);
-    printoption("SENT", IAC, DM);
-    return 1;
-}
-
-int want_status_response = 0;
-
-int
-get_status()
-{
-    unsigned char tmp[16];
-    unsigned char *cp;
-
-    if (my_want_state_is_dont(TELOPT_STATUS)) {
-	printf("Remote side does not support STATUS option\n");
-	return 0;
-    }
-    cp = tmp;
-
-    *cp++ = IAC;
-    *cp++ = SB;
-    *cp++ = TELOPT_STATUS;
-    *cp++ = TELQUAL_SEND;
-    *cp++ = IAC;
-    *cp++ = SE;
-    if (NETROOM() >= cp - tmp) {
-	ring_supply_data(&netoring, tmp, cp-tmp);
-	printsub('>', tmp+2, cp - tmp - 2);
-    }
-    ++want_status_response;
-    return 1;
-}
-
-void
-intp(void)
-{
-    NET2ADD(IAC, IP);
-    printoption("SENT", IAC, IP);
-    flushline = 1;
-    if (autoflush) {
-	doflush();
-    }
-    if (autosynch) {
-	dosynch();
-    }
-}
-
-void
-sendbrk(void)
-{
-    NET2ADD(IAC, BREAK);
-    printoption("SENT", IAC, BREAK);
-    flushline = 1;
-    if (autoflush) {
-	doflush();
-    }
-    if (autosynch) {
-	dosynch();
-    }
-}
-
-void
-sendabort(void)
-{
-    NET2ADD(IAC, ABORT);
-    printoption("SENT", IAC, ABORT);
-    flushline = 1;
-    if (autoflush) {
-	doflush();
-    }
-    if (autosynch) {
-	dosynch();
-    }
-}
-
-void
-sendsusp(void)
-{
-    NET2ADD(IAC, SUSP);
-    printoption("SENT", IAC, SUSP);
-    flushline = 1;
-    if (autoflush) {
-	doflush();
-    }
-    if (autosynch) {
-	dosynch();
-    }
-}
-
-void
-sendeof(void)
-{
-    NET2ADD(IAC, xEOF);
-    printoption("SENT", IAC, xEOF);
-}
-
-void
-sendayt(void)
-{
-    NET2ADD(IAC, AYT);
-    printoption("SENT", IAC, AYT);
-}
-
-/*
- * Send a window size update to the remote system.
- */
-
-void
-sendnaws()
-{
-    long rows, cols;
-    unsigned char tmp[16];
-    unsigned char *cp;
-
-    if (my_state_is_wont(TELOPT_NAWS))
-	return;
-
-#undef PUTSHORT
-#define	PUTSHORT(cp, x) { if ((*cp++ = ((x)>>8)&0xff) == IAC) *cp++ = IAC; \
-			    if ((*cp++ = ((x))&0xff) == IAC) *cp++ = IAC; }
-
-    if (TerminalWindowSize(&rows, &cols) == 0) {	/* Failed */
-	return;
-    }
-
-    cp = tmp;
-
-    *cp++ = IAC;
-    *cp++ = SB;
-    *cp++ = TELOPT_NAWS;
-    PUTSHORT(cp, cols);
-    PUTSHORT(cp, rows);
-    *cp++ = IAC;
-    *cp++ = SE;
-    if (NETROOM() >= cp - tmp) {
-	ring_supply_data(&netoring, tmp, cp-tmp);
-	printsub('>', tmp+2, cp - tmp - 2);
-    }
-}
-
-void
-tel_enter_binary(int rw)
-{
-    if (rw&1)
-	send_do(TELOPT_BINARY, 1);
-    if (rw&2)
-	send_will(TELOPT_BINARY, 1);
-}
-
-void
-tel_leave_binary(int rw)
-{
-    if (rw&1)
-	send_dont(TELOPT_BINARY, 1);
-    if (rw&2)
-	send_wont(TELOPT_BINARY, 1);
-}
diff --git a/crypto/heimdal/appl/telnet/telnet/telnet_locl.h b/crypto/heimdal/appl/telnet/telnet/telnet_locl.h
deleted file mode 100644
index 503191db1f32..000000000000
--- a/crypto/heimdal/appl/telnet/telnet/telnet_locl.h
+++ /dev/null
@@ -1,181 +0,0 @@
-/*
- * Copyright (c) 1995 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: telnet_locl.h 18776 2006-10-21 19:14:13Z lha $ */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdarg.h>
-#include <string.h>
-#include <ctype.h>
-#ifdef HAVE_SIGNAL_H
-#include <signal.h>
-#endif
-#include <errno.h>
-#include <setjmp.h>
-#ifdef HAVE_BSDSETJMP_H
-#include <bsdsetjmp.h>
-#endif
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-/* termios.h *must* be included before curses.h, but not on Solaris 9,
-   at least, where we end up with
-   "/usr/include/term.h", line 1060: incomplete struct/union/enum termio: Ottyb
-*/
-#if defined HAVE_TERMIOS_H && !defined __sun
-#include <termios.h>
-#endif
-
-#if defined(HAVE_CURSES_H)
-#include <curses.h>
-#ifdef HAVE_TERM_H
-#include <term.h>
-#endif
-#elif defined(HAVE_TERMCAP_H)
-#include <termcap.h>
-#endif
-
-#if defined(HAVE_SYS_TERMIO_H) && !defined(HAVE_TERMIOS_H)
-#include <sys/termio.h>
-#endif
-
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-
-#ifdef HAVE_PWD_H
-#include <pwd.h>
-#endif
-
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-#ifdef TIME_WITH_SYS_TIME
-#include <sys/time.h>
-#include <time.h>
-#elif defined(HAVE_SYS_TIME_H)
-#include <sys/time.h>
-#else
-#include <time.h>
-#endif
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-/* not with SunOS 4 */
-#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
-#include <sys/ioctl.h>
-#endif
-#ifdef HAVE_SYS_RESOURCE_H
-#include <sys/resource.h>
-#endif /* HAVE_SYS_RESOURCE_H */
-#ifdef HAVE_SYS_WAIT_H
-#include <sys/wait.h>
-#endif
-#ifdef HAVE_SYS_FILIO_H
-#include <sys/filio.h>
-#endif
-#ifdef HAVE_SYS_FILE_H
-#include <sys/file.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-#ifdef HAVE_NETINET6_IN6_H
-#include <netinet6/in6.h>
-#endif
-
-#ifdef HAVE_NETINET_IN_SYSTM_H
-#include <netinet/in_systm.h>
-#endif
-#ifdef HAVE_NETINET_IP_H
-#include <netinet/ip.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#ifdef _AIX
-struct sockaddr_dl; /* AIX fun */
-struct ether_addr;
-#endif
-#include <arpa/inet.h>
-#endif
-
-#ifdef HAVE_ARPA_TELNET_H
-#include <arpa/telnet.h>
-#endif
-
-#ifdef SOCKS
-#include <socks.h>
-#endif
-
-#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
-#include <libtelnet/auth.h>
-#include <libtelnet/encrypt.h>
-#endif
-#include <libtelnet/misc.h>
-#include <libtelnet/misc-proto.h>
-
-#define LINEMODE
-#ifndef KLUDGELINEMODE
-#define KLUDGELINEMODE
-#endif
-
-#include <err.h>
-#include <roken.h>
-
-#include "ring.h"
-#include "externs.h"
-#include "defines.h"
-#include "types.h"
-
-/* prototypes */
-
diff --git a/crypto/heimdal/appl/telnet/telnet/terminal.c b/crypto/heimdal/appl/telnet/telnet/terminal.c
deleted file mode 100644
index 2fbd3dc9ab94..000000000000
--- a/crypto/heimdal/appl/telnet/telnet/terminal.c
+++ /dev/null
@@ -1,221 +0,0 @@
-/*
- * Copyright (c) 1988, 1990, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "telnet_locl.h"
-
-RCSID("$Id: terminal.c 9733 2001-03-06 20:10:14Z assar $");
-
-Ring		ttyoring, ttyiring;
-unsigned char	ttyobuf[2*BUFSIZ], ttyibuf[BUFSIZ];
-
-int termdata;			/* Debugging flag */
-
-# ifndef VDISCARD
-cc_t termFlushChar;
-# endif
-# ifndef VLNEXT
-cc_t termLiteralNextChar;
-# endif
-# ifndef VSUSP
-cc_t termSuspChar;
-# endif
-# ifndef VWERASE
-cc_t termWerasChar;
-# endif
-# ifndef VREPRINT
-cc_t termRprntChar;
-# endif
-# ifndef VSTART
-cc_t termStartChar;
-# endif
-# ifndef VSTOP
-cc_t termStopChar;
-# endif
-# ifndef VEOL
-cc_t termForw1Char;
-# endif
-# ifndef VEOL2
-cc_t termForw2Char;
-# endif
-# ifndef VSTATUS
-cc_t termAytChar;
-# endif
-
-/*
- * initialize the terminal data structures.
- */
-
-void
-init_terminal(void)
-{
-    if (ring_init(&ttyoring, ttyobuf, sizeof ttyobuf) != 1) {
-	exit(1);
-    }
-    if (ring_init(&ttyiring, ttyibuf, sizeof ttyibuf) != 1) {
-	exit(1);
-    }
-    autoflush = TerminalAutoFlush();
-}
-
-
-/*
- *		Send as much data as possible to the terminal.
- *
- *		Return value:
- *			-1: No useful work done, data waiting to go out.
- *			 0: No data was waiting, so nothing was done.
- *			 1: All waiting data was written out.
- *			 n: All data - n was written out.
- */
-
-
-int
-ttyflush(int drop)
-{
-    int n, n0, n1;
-
-    n0 = ring_full_count(&ttyoring);
-    if ((n1 = n = ring_full_consecutive(&ttyoring)) > 0) {
-	if (drop) {
-	    TerminalFlushOutput();
-	    /* we leave 'n' alone! */
-	} else {
-	    n = TerminalWrite((char *)ttyoring.consume, n);
-	}
-    }
-    if (n > 0) {
-	if (termdata && n) {
-	    Dump('>', ttyoring.consume, n);
-	}
-	/*
-	 * If we wrote everything, and the full count is
-	 * larger than what we wrote, then write the
-	 * rest of the buffer.
-	 */
-	if (n1 == n && n0 > n) {
-		n1 = n0 - n;
-		if (!drop)
-			n1 = TerminalWrite((char *)ttyoring.bottom, n1);
-		if (n1 > 0)
-			n += n1;
-	}
-	ring_consumed(&ttyoring, n);
-    }
-    if (n < 0)
-	return -1;
-    if (n == n0) {
-	if (n0)
-	    return -1;
-	return 0;
-    }
-    return n0 - n + 1;
-}
-
-
-/*
- * These routines decides on what the mode should be (based on the values
- * of various global variables).
- */
-
-
-int
-getconnmode(void)
-{
-    int mode = 0;
-
-    if (my_want_state_is_dont(TELOPT_ECHO))
-	mode |= MODE_ECHO;
-
-    if (localflow)
-	mode |= MODE_FLOW;
-
-    if ((eight & 1) || my_want_state_is_will(TELOPT_BINARY))
-	mode |= MODE_INBIN;
-
-    if (eight & 2)
-	mode |= MODE_OUT8;
-    if (his_want_state_is_will(TELOPT_BINARY))
-	mode |= MODE_OUTBIN;
-
-#ifdef	KLUDGELINEMODE
-    if (kludgelinemode) {
-	if (my_want_state_is_dont(TELOPT_SGA)) {
-	    mode |= (MODE_TRAPSIG|MODE_EDIT);
-	    if (dontlecho && (clocks.echotoggle > clocks.modenegotiated)) {
-		mode &= ~MODE_ECHO;
-	    }
-	}
-	return(mode);
-    }
-#endif
-    if (my_want_state_is_will(TELOPT_LINEMODE))
-	mode |= linemode;
-    return(mode);
-}
-
-    void
-setconnmode(force)
-    int force;
-{
-#ifdef	ENCRYPTION
-    static int enc_passwd = 0;
-#endif
-    int newmode;
-
-    newmode = getconnmode()|(force?MODE_FORCE:0);
-
-    TerminalNewMode(newmode);
-    
-#ifdef  ENCRYPTION
-    if ((newmode & (MODE_ECHO|MODE_EDIT)) == MODE_EDIT) {
-	if (my_want_state_is_will(TELOPT_ENCRYPT)
-				&& (enc_passwd == 0) && !encrypt_output) {
-	    encrypt_request_start(0, 0);
-	    enc_passwd = 1;
-	}
-    } else {
-	if (enc_passwd) {
-	    encrypt_request_end();
-	    enc_passwd = 0;
-	}
-    }
-#endif
-
-}
-
-
-    void
-setcommandmode()
-{
-    TerminalNewMode(-1);
-}
diff --git a/crypto/heimdal/appl/telnet/telnet/types.h b/crypto/heimdal/appl/telnet/telnet/types.h
deleted file mode 100644
index 191d311fd154..000000000000
--- a/crypto/heimdal/appl/telnet/telnet/types.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright (c) 1988, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)types.h	8.1 (Berkeley) 6/6/93
- */
-
-typedef struct {
-    char *modedescriptions;
-    char modetype;
-} Modelist;
-
-extern Modelist modelist[];
-
-typedef struct {
-    int
-	system,			/* what the current time is */
-	echotoggle,		/* last time user entered echo character */
-	modenegotiated,		/* last time operating mode negotiated */
-	didnetreceive,		/* last time we read data from network */
-	gotDM;			/* when did we last see a data mark */
-} Clocks;
-
-extern Clocks clocks;
diff --git a/crypto/heimdal/appl/telnet/telnet/utilities.c b/crypto/heimdal/appl/telnet/telnet/utilities.c
deleted file mode 100644
index d62d572a5fe4..000000000000
--- a/crypto/heimdal/appl/telnet/telnet/utilities.c
+++ /dev/null
@@ -1,864 +0,0 @@
-/*
- * Copyright (c) 1988, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#define TELOPTS
-#define TELCMDS
-#define SLC_NAMES
-
-#include "telnet_locl.h"
-
-RCSID("$Id: utilities.c 10587 2001-08-29 00:45:23Z assar $");
-
-FILE	*NetTrace = 0;		/* Not in bss, since needs to stay */
-int	prettydump;
-
-/*
- * SetSockOpt()
- *
- * Compensate for differences in 4.2 and 4.3 systems.
- */
-
-int
-SetSockOpt(int fd, int level, int option, int yesno)
-{
-#ifdef HAVE_SETSOCKOPT
-#ifndef	NOT43
-    return setsockopt(fd, level, option,
-				(void *)&yesno, sizeof yesno);
-#else	/* NOT43 */
-    if (yesno == 0) {		/* Can't do that in 4.2! */
-	fprintf(stderr, "Error: attempt to turn off an option 0x%x.\n",
-				option);
-	return -1;
-    }
-    return setsockopt(fd, level, option, 0, 0);
-#endif	/* NOT43 */
-#else
-    return -1;
-#endif
-}
-
-/*
- * The following are routines used to print out debugging information.
- */
-
-char NetTraceFile[256] = "(standard output)";
-
-void
-SetNetTrace(char *file)
-{
-    if (NetTrace && NetTrace != stdout)
-	fclose(NetTrace);
-    if (file  && (strcmp(file, "-") != 0)) {
-	NetTrace = fopen(file, "w");
-	if (NetTrace) {
-	    strlcpy(NetTraceFile, file, sizeof(NetTraceFile));
-	    return;
-	}
-	fprintf(stderr, "Cannot open %s.\n", file);
-    }
-    NetTrace = stdout;
-    strlcpy(NetTraceFile, "(standard output)", sizeof(NetTraceFile));
-}
-
-void
-Dump(char direction, unsigned char *buffer, int length)
-{
-#   define BYTES_PER_LINE	32
-    unsigned char *pThis;
-    int offset;
-
-    offset = 0;
-
-    while (length) {
-	/* print one line */
-	fprintf(NetTrace, "%c 0x%x\t", direction, offset);
-	pThis = buffer;
-	if (prettydump) {
-	    buffer = buffer + min(length, BYTES_PER_LINE/2);
-	    while (pThis < buffer) {
-		fprintf(NetTrace, "%c%.2x",
-		    (((*pThis)&0xff) == 0xff) ? '*' : ' ',
-		    (*pThis)&0xff);
-		pThis++;
-	    }
-	    length -= BYTES_PER_LINE/2;
-	    offset += BYTES_PER_LINE/2;
-	} else {
-	    buffer = buffer + min(length, BYTES_PER_LINE);
-	    while (pThis < buffer) {
-		fprintf(NetTrace, "%.2x", (*pThis)&0xff);
-		pThis++;
-	    }
-	    length -= BYTES_PER_LINE;
-	    offset += BYTES_PER_LINE;
-	}
-	if (NetTrace == stdout) {
-	    fprintf(NetTrace, "\r\n");
-	} else {
-	    fprintf(NetTrace, "\n");
-	}
-	if (length < 0) {
-	    fflush(NetTrace);
-	    return;
-	}
-	/* find next unique line */
-    }
-    fflush(NetTrace);
-}
-
-
-void
-printoption(char *direction, int cmd, int option)
-{
-	if (!showoptions)
-		return;
-	if (cmd == IAC) {
-		if (TELCMD_OK(option))
-		    fprintf(NetTrace, "%s IAC %s", direction, TELCMD(option));
-		else
-		    fprintf(NetTrace, "%s IAC %d", direction, option);
-	} else {
-		char *fmt;
-		fmt = (cmd == WILL) ? "WILL" : (cmd == WONT) ? "WONT" :
-			(cmd == DO) ? "DO" : (cmd == DONT) ? "DONT" : 0;
-		if (fmt) {
-		    fprintf(NetTrace, "%s %s ", direction, fmt);
-		    if (TELOPT_OK(option))
-			fprintf(NetTrace, "%s", TELOPT(option));
-		    else if (option == TELOPT_EXOPL)
-			fprintf(NetTrace, "EXOPL");
-		    else
-			fprintf(NetTrace, "%d", option);
-		} else
-		    fprintf(NetTrace, "%s %d %d", direction, cmd, option);
-	}
-	if (NetTrace == stdout) {
-	    fprintf(NetTrace, "\r\n");
-	    fflush(NetTrace);
-	} else {
-	    fprintf(NetTrace, "\n");
-	}
-	return;
-}
-
-void
-optionstatus(void)
-{
-    int i;
-
-    for (i = 0; i < 256; i++) {
-	if (do_dont_resp[i]) {
-	    if (TELOPT_OK(i))
-		printf("resp DO_DONT %s: %d\n", TELOPT(i), do_dont_resp[i]);
-	    else if (TELCMD_OK(i))
-		printf("resp DO_DONT %s: %d\n", TELCMD(i), do_dont_resp[i]);
-	    else
-		printf("resp DO_DONT %d: %d\n", i,
-				do_dont_resp[i]);
-	    if (my_want_state_is_do(i)) {
-		if (TELOPT_OK(i))
-		    printf("want DO   %s\n", TELOPT(i));
-		else if (TELCMD_OK(i))
-		    printf("want DO   %s\n", TELCMD(i));
-		else
-		    printf("want DO   %d\n", i);
-	    } else {
-		if (TELOPT_OK(i))
-		    printf("want DONT %s\n", TELOPT(i));
-		else if (TELCMD_OK(i))
-		    printf("want DONT %s\n", TELCMD(i));
-		else
-		    printf("want DONT %d\n", i);
-	    }
-	} else {
-	    if (my_state_is_do(i)) {
-		if (TELOPT_OK(i))
-		    printf("     DO   %s\n", TELOPT(i));
-		else if (TELCMD_OK(i))
-		    printf("     DO   %s\n", TELCMD(i));
-		else
-		    printf("     DO   %d\n", i);
-	    }
-	}
-	if (will_wont_resp[i]) {
-	    if (TELOPT_OK(i))
-		printf("resp WILL_WONT %s: %d\n", TELOPT(i), will_wont_resp[i]);
-	    else if (TELCMD_OK(i))
-		printf("resp WILL_WONT %s: %d\n", TELCMD(i), will_wont_resp[i]);
-	    else
-		printf("resp WILL_WONT %d: %d\n",
-				i, will_wont_resp[i]);
-	    if (my_want_state_is_will(i)) {
-		if (TELOPT_OK(i))
-		    printf("want WILL %s\n", TELOPT(i));
-		else if (TELCMD_OK(i))
-		    printf("want WILL %s\n", TELCMD(i));
-		else
-		    printf("want WILL %d\n", i);
-	    } else {
-		if (TELOPT_OK(i))
-		    printf("want WONT %s\n", TELOPT(i));
-		else if (TELCMD_OK(i))
-		    printf("want WONT %s\n", TELCMD(i));
-		else
-		    printf("want WONT %d\n", i);
-	    }
-	} else {
-	    if (my_state_is_will(i)) {
-		if (TELOPT_OK(i))
-		    printf("     WILL %s\n", TELOPT(i));
-		else if (TELCMD_OK(i))
-		    printf("     WILL %s\n", TELCMD(i));
-		else
-		    printf("     WILL %d\n", i);
-	    }
-	}
-    }
-
-}
-
-void
-printsub(int direction, unsigned char *pointer, int length)
-{
-    int i;
-    unsigned char buf[512];
-
-    if (showoptions || direction == 0 ||
-	(want_status_response && (pointer[0] == TELOPT_STATUS))) {
-	if (direction) {
-	    fprintf(NetTrace, "%s IAC SB ",
-				(direction == '<')? "RCVD":"SENT");
-	    if (length >= 3) {
-		int j;
-
-		i = pointer[length-2];
-		j = pointer[length-1];
-
-		if (i != IAC || j != SE) {
-		    fprintf(NetTrace, "(terminated by ");
-		    if (TELOPT_OK(i))
-			fprintf(NetTrace, "%s ", TELOPT(i));
-		    else if (TELCMD_OK(i))
-			fprintf(NetTrace, "%s ", TELCMD(i));
-		    else
-			fprintf(NetTrace, "%d ", i);
-		    if (TELOPT_OK(j))
-			fprintf(NetTrace, "%s", TELOPT(j));
-		    else if (TELCMD_OK(j))
-			fprintf(NetTrace, "%s", TELCMD(j));
-		    else
-			fprintf(NetTrace, "%d", j);
-		    fprintf(NetTrace, ", not IAC SE!) ");
-		}
-	    }
-	    length -= 2;
-	}
-	if (length < 1) {
-	    fprintf(NetTrace, "(Empty suboption??\?)");
-	    if (NetTrace == stdout)
-		fflush(NetTrace);
-	    return;
-	}
-	switch (pointer[0]) {
-	case TELOPT_TTYPE:
-	    fprintf(NetTrace, "TERMINAL-TYPE ");
-	    switch (pointer[1]) {
-	    case TELQUAL_IS:
-		fprintf(NetTrace, "IS \"%.*s\"", length-2, (char *)pointer+2);
-		break;
-	    case TELQUAL_SEND:
-		fprintf(NetTrace, "SEND");
-		break;
-	    default:
-		fprintf(NetTrace,
-				"- unknown qualifier %d (0x%x).",
-				pointer[1], pointer[1]);
-	    }
-	    break;
-	case TELOPT_TSPEED:
-	    fprintf(NetTrace, "TERMINAL-SPEED");
-	    if (length < 2) {
-		fprintf(NetTrace, " (empty suboption??\?)");
-		break;
-	    }
-	    switch (pointer[1]) {
-	    case TELQUAL_IS:
-		fprintf(NetTrace, " IS ");
-		fprintf(NetTrace, "%.*s", length-2, (char *)pointer+2);
-		break;
-	    default:
-		if (pointer[1] == 1)
-		    fprintf(NetTrace, " SEND");
-		else
-		    fprintf(NetTrace, " %d (unknown)", pointer[1]);
-		for (i = 2; i < length; i++)
-		    fprintf(NetTrace, " ?%d?", pointer[i]);
-		break;
-	    }
-	    break;
-
-	case TELOPT_LFLOW:
-	    fprintf(NetTrace, "TOGGLE-FLOW-CONTROL");
-	    if (length < 2) {
-		fprintf(NetTrace, " (empty suboption??\?)");
-		break;
-	    }
-	    switch (pointer[1]) {
-	    case LFLOW_OFF:
-		fprintf(NetTrace, " OFF"); break;
-	    case LFLOW_ON:
-		fprintf(NetTrace, " ON"); break;
-	    case LFLOW_RESTART_ANY:
-		fprintf(NetTrace, " RESTART-ANY"); break;
-	    case LFLOW_RESTART_XON:
-		fprintf(NetTrace, " RESTART-XON"); break;
-	    default:
-		fprintf(NetTrace, " %d (unknown)", pointer[1]);
-	    }
-	    for (i = 2; i < length; i++)
-		fprintf(NetTrace, " ?%d?", pointer[i]);
-	    break;
-
-	case TELOPT_NAWS:
-	    fprintf(NetTrace, "NAWS");
-	    if (length < 2) {
-		fprintf(NetTrace, " (empty suboption??\?)");
-		break;
-	    }
-	    if (length == 2) {
-		fprintf(NetTrace, " ?%d?", pointer[1]);
-		break;
-	    }
-	    fprintf(NetTrace, " %d %d (%d)",
-		pointer[1], pointer[2],
-		(int)((((unsigned int)pointer[1])<<8)|((unsigned int)pointer[2])));
-	    if (length == 4) {
-		fprintf(NetTrace, " ?%d?", pointer[3]);
-		break;
-	    }
-	    fprintf(NetTrace, " %d %d (%d)",
-		pointer[3], pointer[4],
-		(int)((((unsigned int)pointer[3])<<8)|((unsigned int)pointer[4])));
-	    for (i = 5; i < length; i++)
-		fprintf(NetTrace, " ?%d?", pointer[i]);
-	    break;
-
-#if	defined(AUTHENTICATION)
-	case TELOPT_AUTHENTICATION:
-	    fprintf(NetTrace, "AUTHENTICATION");
-	    if (length < 2) {
-		fprintf(NetTrace, " (empty suboption??\?)");
-		break;
-	    }
-	    switch (pointer[1]) {
-	    case TELQUAL_REPLY:
-	    case TELQUAL_IS:
-		fprintf(NetTrace, " %s ", (pointer[1] == TELQUAL_IS) ?
-							"IS" : "REPLY");
-		if (AUTHTYPE_NAME_OK(pointer[2]))
-		    fprintf(NetTrace, "%s ", AUTHTYPE_NAME(pointer[2]));
-		else
-		    fprintf(NetTrace, "%d ", pointer[2]);
-		if (length < 3) {
-		    fprintf(NetTrace, "(partial suboption??\?)");
-		    break;
-		}
-		fprintf(NetTrace, "%s|%s",
-			((pointer[3] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
-			"CLIENT" : "SERVER",
-			((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
-			"MUTUAL" : "ONE-WAY");
-
-		auth_printsub(&pointer[1], length - 1, buf, sizeof(buf));
-		fprintf(NetTrace, "%s", buf);
-		break;
-
-	    case TELQUAL_SEND:
-		i = 2;
-		fprintf(NetTrace, " SEND ");
-		while (i < length) {
-		    if (AUTHTYPE_NAME_OK(pointer[i]))
-			fprintf(NetTrace, "%s ", AUTHTYPE_NAME(pointer[i]));
-		    else
-			fprintf(NetTrace, "%d ", pointer[i]);
-		    if (++i >= length) {
-			fprintf(NetTrace, "(partial suboption??\?)");
-			break;
-		    }
-		    fprintf(NetTrace, "%s|%s ",
-			((pointer[i] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
-							"CLIENT" : "SERVER",
-			((pointer[i] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
-							"MUTUAL" : "ONE-WAY");
-		    ++i;
-		}
-		break;
-
-	    case TELQUAL_NAME:
-		i = 2;
-		fprintf(NetTrace, " NAME \"");
-		while (i < length)
-		    putc(pointer[i++], NetTrace);
-		putc('"', NetTrace);
-		break;
-
-	    default:
-		    for (i = 2; i < length; i++)
-			fprintf(NetTrace, " ?%d?", pointer[i]);
-		    break;
-	    }
-	    break;
-#endif
-
-#if	defined(ENCRYPTION)
-	case TELOPT_ENCRYPT:
-	    fprintf(NetTrace, "ENCRYPT");
-	    if (length < 2) {
-		fprintf(NetTrace, " (empty suboption?)");
-		break;
-	    }
-	    switch (pointer[1]) {
-	    case ENCRYPT_START:
-		fprintf(NetTrace, " START");
-		break;
-
-	    case ENCRYPT_END:
-		fprintf(NetTrace, " END");
-		break;
-
-	    case ENCRYPT_REQSTART:
-		fprintf(NetTrace, " REQUEST-START");
-		break;
-
-	    case ENCRYPT_REQEND:
-		fprintf(NetTrace, " REQUEST-END");
-		break;
-
-	    case ENCRYPT_IS:
-	    case ENCRYPT_REPLY:
-		fprintf(NetTrace, " %s ", (pointer[1] == ENCRYPT_IS) ?
-							"IS" : "REPLY");
-		if (length < 3) {
-		    fprintf(NetTrace, " (partial suboption?)");
-		    break;
-		}
-		if (ENCTYPE_NAME_OK(pointer[2]))
-		    fprintf(NetTrace, "%s ", ENCTYPE_NAME(pointer[2]));
-		else
-		    fprintf(NetTrace, " %d (unknown)", pointer[2]);
-
-		encrypt_printsub(&pointer[1], length - 1, buf, sizeof(buf));
-		fprintf(NetTrace, "%s", buf);
-		break;
-
-	    case ENCRYPT_SUPPORT:
-		i = 2;
-		fprintf(NetTrace, " SUPPORT ");
-		while (i < length) {
-		    if (ENCTYPE_NAME_OK(pointer[i]))
-			fprintf(NetTrace, "%s ", ENCTYPE_NAME(pointer[i]));
-		    else
-			fprintf(NetTrace, "%d ", pointer[i]);
-		    i++;
-		}
-		break;
-
-	    case ENCRYPT_ENC_KEYID:
-		fprintf(NetTrace, " ENC_KEYID ");
-		goto encommon;
-
-	    case ENCRYPT_DEC_KEYID:
-		fprintf(NetTrace, " DEC_KEYID ");
-		goto encommon;
-
-	    default:
-		fprintf(NetTrace, " %d (unknown)", pointer[1]);
-	    encommon:
-		for (i = 2; i < length; i++)
-		    fprintf(NetTrace, " %d", pointer[i]);
-		break;
-	    }
-	    break;
-#endif
-
-	case TELOPT_LINEMODE:
-	    fprintf(NetTrace, "LINEMODE ");
-	    if (length < 2) {
-		fprintf(NetTrace, " (empty suboption??\?)");
-		break;
-	    }
-	    switch (pointer[1]) {
-	    case WILL:
-		fprintf(NetTrace, "WILL ");
-		goto common;
-	    case WONT:
-		fprintf(NetTrace, "WONT ");
-		goto common;
-	    case DO:
-		fprintf(NetTrace, "DO ");
-		goto common;
-	    case DONT:
-		fprintf(NetTrace, "DONT ");
-	    common:
-		if (length < 3) {
-		    fprintf(NetTrace, "(no option??\?)");
-		    break;
-		}
-		switch (pointer[2]) {
-		case LM_FORWARDMASK:
-		    fprintf(NetTrace, "Forward Mask");
-		    for (i = 3; i < length; i++)
-			fprintf(NetTrace, " %x", pointer[i]);
-		    break;
-		default:
-		    fprintf(NetTrace, "%d (unknown)", pointer[2]);
-		    for (i = 3; i < length; i++)
-			fprintf(NetTrace, " %d", pointer[i]);
-		    break;
-		}
-		break;
-
-	    case LM_SLC:
-		fprintf(NetTrace, "SLC");
-		for (i = 2; i < length - 2; i += 3) {
-		    if (SLC_NAME_OK(pointer[i+SLC_FUNC]))
-			fprintf(NetTrace, " %s", SLC_NAME(pointer[i+SLC_FUNC]));
-		    else
-			fprintf(NetTrace, " %d", pointer[i+SLC_FUNC]);
-		    switch (pointer[i+SLC_FLAGS]&SLC_LEVELBITS) {
-		    case SLC_NOSUPPORT:
-			fprintf(NetTrace, " NOSUPPORT"); break;
-		    case SLC_CANTCHANGE:
-			fprintf(NetTrace, " CANTCHANGE"); break;
-		    case SLC_VARIABLE:
-			fprintf(NetTrace, " VARIABLE"); break;
-		    case SLC_DEFAULT:
-			fprintf(NetTrace, " DEFAULT"); break;
-		    }
-		    fprintf(NetTrace, "%s%s%s",
-			pointer[i+SLC_FLAGS]&SLC_ACK ? "|ACK" : "",
-			pointer[i+SLC_FLAGS]&SLC_FLUSHIN ? "|FLUSHIN" : "",
-			pointer[i+SLC_FLAGS]&SLC_FLUSHOUT ? "|FLUSHOUT" : "");
-		    if (pointer[i+SLC_FLAGS]& ~(SLC_ACK|SLC_FLUSHIN|
-						SLC_FLUSHOUT| SLC_LEVELBITS))
-			fprintf(NetTrace, "(0x%x)", pointer[i+SLC_FLAGS]);
-		    fprintf(NetTrace, " %d;", pointer[i+SLC_VALUE]);
-		    if ((pointer[i+SLC_VALUE] == IAC) &&
-			(pointer[i+SLC_VALUE+1] == IAC))
-				i++;
-		}
-		for (; i < length; i++)
-		    fprintf(NetTrace, " ?%d?", pointer[i]);
-		break;
-
-	    case LM_MODE:
-		fprintf(NetTrace, "MODE ");
-		if (length < 3) {
-		    fprintf(NetTrace, "(no mode??\?)");
-		    break;
-		}
-		{
-		    char tbuf[64];
-		    snprintf(tbuf, sizeof(tbuf),
-			     "%s%s%s%s%s",
-			     pointer[2]&MODE_EDIT ? "|EDIT" : "",
-			     pointer[2]&MODE_TRAPSIG ? "|TRAPSIG" : "",
-			     pointer[2]&MODE_SOFT_TAB ? "|SOFT_TAB" : "",
-			     pointer[2]&MODE_LIT_ECHO ? "|LIT_ECHO" : "",
-			     pointer[2]&MODE_ACK ? "|ACK" : "");
-		    fprintf(NetTrace, "%s", tbuf[1] ? &tbuf[1] : "0");
-		}
-		if (pointer[2]&~(MODE_MASK))
-		    fprintf(NetTrace, " (0x%x)", pointer[2]);
-		for (i = 3; i < length; i++)
-		    fprintf(NetTrace, " ?0x%x?", pointer[i]);
-		break;
-	    default:
-		fprintf(NetTrace, "%d (unknown)", pointer[1]);
-		for (i = 2; i < length; i++)
-		    fprintf(NetTrace, " %d", pointer[i]);
-	    }
-	    break;
-
-	case TELOPT_STATUS: {
-	    char *cp;
-	    int j, k;
-
-	    fprintf(NetTrace, "STATUS");
-
-	    switch (pointer[1]) {
-	    default:
-		if (pointer[1] == TELQUAL_SEND)
-		    fprintf(NetTrace, " SEND");
-		else
-		    fprintf(NetTrace, " %d (unknown)", pointer[1]);
-		for (i = 2; i < length; i++)
-		    fprintf(NetTrace, " ?%d?", pointer[i]);
-		break;
-	    case TELQUAL_IS:
-		if (--want_status_response < 0)
-		    want_status_response = 0;
-		if (NetTrace == stdout)
-		    fprintf(NetTrace, " IS\r\n");
-		else
-		    fprintf(NetTrace, " IS\n");
-
-		for (i = 2; i < length; i++) {
-		    switch(pointer[i]) {
-		    case DO:	cp = "DO"; goto common2;
-		    case DONT:	cp = "DONT"; goto common2;
-		    case WILL:	cp = "WILL"; goto common2;
-		    case WONT:	cp = "WONT"; goto common2;
-		    common2:
-			i++;
-			if (TELOPT_OK((int)pointer[i]))
-			    fprintf(NetTrace, " %s %s", cp, TELOPT(pointer[i]));
-			else
-			    fprintf(NetTrace, " %s %d", cp, pointer[i]);
-
-			if (NetTrace == stdout)
-			    fprintf(NetTrace, "\r\n");
-			else
-			    fprintf(NetTrace, "\n");
-			break;
-
-		    case SB:
-			fprintf(NetTrace, " SB ");
-			i++;
-			j = k = i;
-			while (j < length) {
-			    if (pointer[j] == SE) {
-				if (j+1 == length)
-				    break;
-				if (pointer[j+1] == SE)
-				    j++;
-				else
-				    break;
-			    }
-			    pointer[k++] = pointer[j++];
-			}
-			printsub(0, &pointer[i], k - i);
-			if (i < length) {
-			    fprintf(NetTrace, " SE");
-			    i = j;
-			} else
-			    i = j - 1;
-
-			if (NetTrace == stdout)
-			    fprintf(NetTrace, "\r\n");
-			else
-			    fprintf(NetTrace, "\n");
-
-			break;
-
-		    default:
-			fprintf(NetTrace, " %d", pointer[i]);
-			break;
-		    }
-		}
-		break;
-	    }
-	    break;
-	  }
-
-	case TELOPT_XDISPLOC:
-	    fprintf(NetTrace, "X-DISPLAY-LOCATION ");
-	    switch (pointer[1]) {
-	    case TELQUAL_IS:
-		fprintf(NetTrace, "IS \"%.*s\"", length-2, (char *)pointer+2);
-		break;
-	    case TELQUAL_SEND:
-		fprintf(NetTrace, "SEND");
-		break;
-	    default:
-		fprintf(NetTrace, "- unknown qualifier %d (0x%x).",
-				pointer[1], pointer[1]);
-	    }
-	    break;
-
-	case TELOPT_NEW_ENVIRON:
-	    fprintf(NetTrace, "NEW-ENVIRON ");
-#ifdef	OLD_ENVIRON
-	    goto env_common1;
-	case TELOPT_OLD_ENVIRON:
-	    fprintf(NetTrace, "OLD-ENVIRON");
-	env_common1:
-#endif
-	    switch (pointer[1]) {
-	    case TELQUAL_IS:
-		fprintf(NetTrace, "IS ");
-		goto env_common;
-	    case TELQUAL_SEND:
-		fprintf(NetTrace, "SEND ");
-		goto env_common;
-	    case TELQUAL_INFO:
-		fprintf(NetTrace, "INFO ");
-	    env_common:
-		{
-		    int noquote = 2;
-		    for (i = 2; i < length; i++ ) {
-			switch (pointer[i]) {
-			case NEW_ENV_VALUE:
-#ifdef OLD_ENVIRON
-		     /*	case NEW_ENV_OVAR: */
-			    if (pointer[0] == TELOPT_OLD_ENVIRON) {
-				    fprintf(NetTrace, "\" VAR " + noquote);
-			    } else
-#endif /* OLD_ENVIRON */
-				fprintf(NetTrace, "\" VALUE " + noquote);
-			    noquote = 2;
-			    break;
-
-			case NEW_ENV_VAR:
-#ifdef OLD_ENVIRON
-		     /* case OLD_ENV_VALUE: */
-			    if (pointer[0] == TELOPT_OLD_ENVIRON) {
-				    fprintf(NetTrace, "\" VALUE " + noquote);
-			    } else
-#endif /* OLD_ENVIRON */
-				fprintf(NetTrace, "\" VAR " + noquote);
-			    noquote = 2;
-			    break;
-
-			case ENV_ESC:
-			    fprintf(NetTrace, "\" ESC " + noquote);
-			    noquote = 2;
-			    break;
-
-			case ENV_USERVAR:
-			    fprintf(NetTrace, "\" USERVAR " + noquote);
-			    noquote = 2;
-			    break;
-
-			default:
-			    if (isprint(pointer[i]) && pointer[i] != '"') {
-				if (noquote) {
-				    putc('"', NetTrace);
-				    noquote = 0;
-				}
-				putc(pointer[i], NetTrace);
-			    } else {
-				fprintf(NetTrace, "\" %03o " + noquote,
-							pointer[i]);
-				noquote = 2;
-			    }
-			    break;
-			}
-		    }
-		    if (!noquote)
-			putc('"', NetTrace);
-		    break;
-		}
-	    }
-	    break;
-
-	default:
-	    if (TELOPT_OK(pointer[0]))
-		fprintf(NetTrace, "%s (unknown)", TELOPT(pointer[0]));
-	    else
-		fprintf(NetTrace, "%d (unknown)", pointer[0]);
-	    for (i = 1; i < length; i++)
-		fprintf(NetTrace, " %d", pointer[i]);
-	    break;
-	}
-	if (direction) {
-	    if (NetTrace == stdout)
-		fprintf(NetTrace, "\r\n");
-	    else
-		fprintf(NetTrace, "\n");
-	}
-	if (NetTrace == stdout)
-	    fflush(NetTrace);
-    }
-}
-
-/* EmptyTerminal - called to make sure that the terminal buffer is empty.
- *			Note that we consider the buffer to run all the
- *			way to the kernel (thus the select).
- */
-
-void
-EmptyTerminal(void)
-{
-    fd_set	outs;
-
-    FD_ZERO(&outs);
-
-    if (tout >= FD_SETSIZE)
-	ExitString("fd too large", 1);
-
-    if (TTYBYTES() == 0) {
-	FD_SET(tout, &outs);
-	select(tout+1, 0, &outs, 0,
-		      (struct timeval *) 0); /* wait for TTLOWAT */
-    } else {
-	while (TTYBYTES()) {
-	    ttyflush(0);
-	    FD_SET(tout, &outs);
-	    select(tout+1, 0, &outs, 0,
-			  (struct timeval *) 0); /* wait for TTLOWAT */
-	}
-    }
-}
-
-void
-SetForExit(void)
-{
-    setconnmode(0);
-    do {
-	telrcv();			/* Process any incoming data */
-	EmptyTerminal();
-    } while (ring_full_count(&netiring));	/* While there is any */
-    setcommandmode();
-    fflush(stdout);
-    fflush(stderr);
-    setconnmode(0);
-    EmptyTerminal();			/* Flush the path to the tty */
-    setcommandmode();
-}
-
-void
-Exit(int returnCode)
-{
-    SetForExit();
-    exit(returnCode);
-}
-
-void
-ExitString(char *string, int returnCode)
-{
-    SetForExit();
-    fwrite(string, 1, strlen(string), stderr);
-    exit(returnCode);
-}
diff --git a/crypto/heimdal/appl/telnet/telnetd/Makefile.am b/crypto/heimdal/appl/telnet/telnetd/Makefile.am
deleted file mode 100644
index df2b864dc17e..000000000000
--- a/crypto/heimdal/appl/telnet/telnetd/Makefile.am
+++ /dev/null
@@ -1,28 +0,0 @@
-# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-AM_CPPFLAGS += -I$(srcdir)/.. $(INCLUDE_krb4) $(INCLUDE_hcrypto)
-
-libexec_PROGRAMS = telnetd
-
-CHECK_LOCAL = 
-
-telnetd_SOURCES  = telnetd.c state.c termstat.c slc.c sys_term.c \
-		   utility.c global.c authenc.c defs.h ext.h telnetd.h
-
-man_MANS = telnetd.8
-
-LDADD = \
-	../libtelnet/libtelnet.a \
-	$(LIB_krb5) \
-	$(LIB_krb4) \
-	$(LIB_hcrypto) \
-	$(LIB_tgetent) \
-	$(LIB_logwtmp) \
-	$(LIB_logout) \
-	$(LIB_openpty) \
-	$(LIB_kdfs) \
-	$(LIB_roken)
-
-EXTRA_DIST = $(man_MANS)
diff --git a/crypto/heimdal/appl/telnet/telnetd/Makefile.in b/crypto/heimdal/appl/telnet/telnetd/Makefile.in
deleted file mode 100644
index ba4cd3594b4f..000000000000
--- a/crypto/heimdal/appl/telnet/telnetd/Makefile.in
+++ /dev/null
@@ -1,850 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common
-libexec_PROGRAMS = telnetd$(EXEEXT)
-subdir = appl/telnet/telnetd
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-am__installdirs = "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man8dir)"
-libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-PROGRAMS = $(libexec_PROGRAMS)
-am_telnetd_OBJECTS = telnetd.$(OBJEXT) state.$(OBJEXT) \
-	termstat.$(OBJEXT) slc.$(OBJEXT) sys_term.$(OBJEXT) \
-	utility.$(OBJEXT) global.$(OBJEXT) authenc.$(OBJEXT)
-telnetd_OBJECTS = $(am_telnetd_OBJECTS)
-telnetd_LDADD = $(LDADD)
-am__DEPENDENCIES_1 =
-telnetd_DEPENDENCIES = ../libtelnet/libtelnet.a $(LIB_krb5) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(LIB_kdfs) \
-	$(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-SOURCES = $(telnetd_SOURCES)
-DIST_SOURCES = $(telnetd_SOURCES)
-man8dir = $(mandir)/man8
-MANS = $(man_MANS)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
-	-I$(srcdir)/.. $(INCLUDE_krb4) $(INCLUDE_hcrypto)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-CHECK_LOCAL = 
-telnetd_SOURCES = telnetd.c state.c termstat.c slc.c sys_term.c \
-		   utility.c global.c authenc.c defs.h ext.h telnetd.h
-
-man_MANS = telnetd.8
-LDADD = \
-	../libtelnet/libtelnet.a \
-	$(LIB_krb5) \
-	$(LIB_krb4) \
-	$(LIB_hcrypto) \
-	$(LIB_tgetent) \
-	$(LIB_logwtmp) \
-	$(LIB_logout) \
-	$(LIB_openpty) \
-	$(LIB_kdfs) \
-	$(LIB_roken)
-
-EXTRA_DIST = $(man_MANS)
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps appl/telnet/telnetd/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps appl/telnet/telnetd/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-install-libexecPROGRAMS: $(libexec_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)"
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(libexecdir)/$$f'"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(libexecdir)/$$f" || exit 1; \
-	  else :; fi; \
-	done
-
-uninstall-libexecPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f '$(DESTDIR)$(libexecdir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(libexecdir)/$$f"; \
-	done
-
-clean-libexecPROGRAMS:
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-telnetd$(EXEEXT): $(telnetd_OBJECTS) $(telnetd_DEPENDENCIES) 
-	@rm -f telnetd$(EXEEXT)
-	$(LINK) $(telnetd_OBJECTS) $(telnetd_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-man8: $(man8_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    8*) ;; \
-	    *) ext='8' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
-	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
-	done
-uninstall-man8:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    8*) ;; \
-	    *) ext='8' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
-	  rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-installdirs:
-	for dir in "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man8dir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libexecPROGRAMS clean-libtool \
-	mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am: install-libexecPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man: install-man8
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-libexecPROGRAMS uninstall-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-uninstall-man: uninstall-man8
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
-	clean clean-generic clean-libexecPROGRAMS clean-libtool ctags \
-	dist-hook distclean distclean-compile distclean-generic \
-	distclean-libtool distclean-tags distdir dvi dvi-am html \
-	html-am info info-am install install-am install-data \
-	install-data-am install-data-hook install-dvi install-dvi-am \
-	install-exec install-exec-am install-exec-hook install-html \
-	install-html-am install-info install-info-am \
-	install-libexecPROGRAMS install-man install-man8 install-pdf \
-	install-pdf-am install-ps install-ps-am install-strip \
-	installcheck installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-hook \
-	uninstall-libexecPROGRAMS uninstall-man uninstall-man8
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/telnet/telnetd/authenc.c b/crypto/heimdal/appl/telnet/telnetd/authenc.c
deleted file mode 100644
index 1fac6c0917ae..000000000000
--- a/crypto/heimdal/appl/telnet/telnetd/authenc.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "telnetd.h"
-
-RCSID("$Id: authenc.c 9200 2000-11-15 23:20:43Z assar $");
-
-#ifdef AUTHENTICATION
-
-int
-telnet_net_write(unsigned char *str, int len)
-{
-    if (nfrontp + len < netobuf + BUFSIZ) {
-	memmove(nfrontp, str, len);
-	nfrontp += len;
-	return(len);
-    }
-    return(0);
-}
-
-void
-net_encrypt(void)
-{
-#ifdef ENCRYPTION
-    char *s = (nclearto > nbackp) ? nclearto : nbackp;
-    if (s < nfrontp && encrypt_output) {
-	(*encrypt_output)((unsigned char *)s, nfrontp - s);
-    }
-    nclearto = nfrontp;
-#endif
-}
-
-int
-telnet_spin(void)
-{
-    return ttloop();
-}
-
-char *
-telnet_getenv(const char *val)
-{
-    return(getenv(val));
-}
-
-char *
-telnet_gets(char *prompt, char *result, int length, int echo)
-{
-    return NULL;
-}
-#endif
diff --git a/crypto/heimdal/appl/telnet/telnetd/defs.h b/crypto/heimdal/appl/telnet/telnetd/defs.h
deleted file mode 100644
index add8fd21518a..000000000000
--- a/crypto/heimdal/appl/telnet/telnetd/defs.h
+++ /dev/null
@@ -1,190 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)defs.h	8.1 (Berkeley) 6/4/93
- */
-
-/*
- * Telnet server defines
- */
-
-#ifndef __DEFS_H__
-#define __DEFS_H__
-
-#ifndef	BSD
-# define	BSD 43
-#endif
-
-#if defined(PRINTOPTIONS) && defined(DIAGNOSTICS)
-#define TELOPTS
-#define TELCMDS
-#define	SLC_NAMES
-#endif
-
-#if	!defined(TIOCSCTTY) && defined(TCSETCTTY)
-# define	TIOCSCTTY TCSETCTTY
-#endif
-
-#ifndef TIOCPKT_FLUSHWRITE
-#define TIOCPKT_FLUSHWRITE      0x02
-#endif
- 
-#ifndef TIOCPKT_NOSTOP
-#define TIOCPKT_NOSTOP  0x10
-#endif
- 
-#ifndef TIOCPKT_DOSTOP
-#define TIOCPKT_DOSTOP  0x20
-#endif
-
-/*
- * I/O data buffers defines
- */
-#define	NETSLOP	64
-#ifdef _CRAY
-#undef BUFSIZ
-#define BUFSIZ  2048
-#endif
-
-#define	NIACCUM(c)	{   *netip++ = c; \
-			    ncc++; \
-			}
-
-/* clock manipulations */
-#define	settimer(x)	(clocks.x = ++clocks.system)
-#define	sequenceIs(x,y)	(clocks.x < clocks.y)
-
-/*
- * Structures of information for each special character function.
- */
-typedef struct {
-	unsigned char	flag;		/* the flags for this function */
-	cc_t		val;		/* the value of the special character */
-} slcent, *Slcent;
-
-typedef struct {
-	slcent		defset;		/* the default settings */
-	slcent		current;	/* the current settings */
-	cc_t		*sptr;		/* a pointer to the char in */
-					/* system data structures */
-} slcfun, *Slcfun;
-
-#ifdef DIAGNOSTICS
-/*
- * Diagnostics capabilities
- */
-#define	TD_REPORT	0x01	/* Report operations to client */
-#define TD_EXERCISE	0x02	/* Exercise client's implementation */
-#define TD_NETDATA	0x04	/* Display received data stream */
-#define TD_PTYDATA	0x08	/* Display data passed to pty */
-#define	TD_OPTIONS	0x10	/* Report just telnet options */
-#endif /* DIAGNOSTICS */
-
-/*
- * We keep track of each side of the option negotiation.
- */
-
-#define	MY_STATE_WILL		0x01
-#define	MY_WANT_STATE_WILL	0x02
-#define	MY_STATE_DO		0x04
-#define	MY_WANT_STATE_DO	0x08
-
-/*
- * Macros to check the current state of things
- */
-
-#define	my_state_is_do(opt)		(options[opt]&MY_STATE_DO)
-#define	my_state_is_will(opt)		(options[opt]&MY_STATE_WILL)
-#define my_want_state_is_do(opt)	(options[opt]&MY_WANT_STATE_DO)
-#define my_want_state_is_will(opt)	(options[opt]&MY_WANT_STATE_WILL)
-
-#define	my_state_is_dont(opt)		(!my_state_is_do(opt))
-#define	my_state_is_wont(opt)		(!my_state_is_will(opt))
-#define my_want_state_is_dont(opt)	(!my_want_state_is_do(opt))
-#define my_want_state_is_wont(opt)	(!my_want_state_is_will(opt))
-
-#define	set_my_state_do(opt)		(options[opt] |= MY_STATE_DO)
-#define	set_my_state_will(opt)		(options[opt] |= MY_STATE_WILL)
-#define	set_my_want_state_do(opt)	(options[opt] |= MY_WANT_STATE_DO)
-#define	set_my_want_state_will(opt)	(options[opt] |= MY_WANT_STATE_WILL)
-
-#define	set_my_state_dont(opt)		(options[opt] &= ~MY_STATE_DO)
-#define	set_my_state_wont(opt)		(options[opt] &= ~MY_STATE_WILL)
-#define	set_my_want_state_dont(opt)	(options[opt] &= ~MY_WANT_STATE_DO)
-#define	set_my_want_state_wont(opt)	(options[opt] &= ~MY_WANT_STATE_WILL)
-
-/*
- * Tricky code here.  What we want to know is if the MY_STATE_WILL
- * and MY_WANT_STATE_WILL bits have the same value.  Since the two
- * bits are adjacent, a little arithmatic will show that by adding
- * in the lower bit, the upper bit will be set if the two bits were
- * different, and clear if they were the same.
- */
-#define my_will_wont_is_changing(opt) \
-			((options[opt]+MY_STATE_WILL) & MY_WANT_STATE_WILL)
-
-#define my_do_dont_is_changing(opt) \
-			((options[opt]+MY_STATE_DO) & MY_WANT_STATE_DO)
-
-/*
- * Make everything symmetrical
- */
-
-#define	HIS_STATE_WILL			MY_STATE_DO
-#define	HIS_WANT_STATE_WILL		MY_WANT_STATE_DO
-#define HIS_STATE_DO			MY_STATE_WILL
-#define HIS_WANT_STATE_DO		MY_WANT_STATE_WILL
-
-#define	his_state_is_do			my_state_is_will
-#define	his_state_is_will		my_state_is_do
-#define his_want_state_is_do		my_want_state_is_will
-#define his_want_state_is_will		my_want_state_is_do
-
-#define	his_state_is_dont		my_state_is_wont
-#define	his_state_is_wont		my_state_is_dont
-#define his_want_state_is_dont		my_want_state_is_wont
-#define his_want_state_is_wont		my_want_state_is_dont
-
-#define	set_his_state_do		set_my_state_will
-#define	set_his_state_will		set_my_state_do
-#define	set_his_want_state_do		set_my_want_state_will
-#define	set_his_want_state_will		set_my_want_state_do
-
-#define	set_his_state_dont		set_my_state_wont
-#define	set_his_state_wont		set_my_state_dont
-#define	set_his_want_state_dont		set_my_want_state_wont
-#define	set_his_want_state_wont		set_my_want_state_dont
-
-#define his_will_wont_is_changing	my_do_dont_is_changing
-#define his_do_dont_is_changing		my_will_wont_is_changing
-
-#endif /* __DEFS_H__ */
diff --git a/crypto/heimdal/appl/telnet/telnetd/ext.h b/crypto/heimdal/appl/telnet/telnetd/ext.h
deleted file mode 100644
index 68b97bfea3e9..000000000000
--- a/crypto/heimdal/appl/telnet/telnetd/ext.h
+++ /dev/null
@@ -1,208 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)ext.h	8.2 (Berkeley) 12/15/93
- */
-
-/* $Id: ext.h 15841 2005-08-08 13:34:26Z lha $ */
-
-#ifndef __EXT_H__
-#define __EXT_H__
-
-/*
- * Telnet server variable declarations
- */
-extern char	options[256];
-extern char	do_dont_resp[256];
-extern char	will_wont_resp[256];
-extern int	flowmode;	/* current flow control state */
-extern int	restartany;	/* restart output on any character state */
-#ifdef DIAGNOSTICS
-extern int	diagnostic;	/* telnet diagnostic capabilities */
-#endif /* DIAGNOSTICS */
-extern int	require_otp;
-#ifdef AUTHENTICATION
-extern int	auth_level;
-#endif
-extern const char *new_login;
-
-extern slcfun	slctab[NSLC + 1];	/* slc mapping table */
-
-extern char	terminaltype[41];
-
-/*
- * I/O data buffers, pointers, and counters.
- */
-extern char	ptyobuf[BUFSIZ+NETSLOP], *pfrontp, *pbackp;
-
-extern char	netibuf[BUFSIZ], *netip;
-
-extern char	netobuf[BUFSIZ+NETSLOP], *nfrontp, *nbackp;
-extern char	*neturg;		/* one past last bye of urgent data */
-
-extern int	pcc, ncc;
-
-extern int	ourpty, net;
-extern char	*line;
-extern int	SYNCHing;		/* we are in TELNET SYNCH mode */
-
-int telnet_net_write (unsigned char *str, int len);
-void net_encrypt (void);
-int telnet_spin (void);
-char *telnet_getenv (const char *val);
-char *telnet_gets (char *prompt, char *result, int length, int echo);
-void get_slc_defaults (void);
-void telrcv (void);
-void send_do (int option, int init);
-void willoption (int option);
-void send_dont (int option, int init);
-void wontoption (int option);
-void send_will (int option, int init);
-void dooption (int option);
-void send_wont (int option, int init);
-void dontoption (int option);
-void suboption (void);
-void doclientstat (void);
-void send_status (void);
-void init_termbuf (void);
-void set_termbuf (void);
-int spcset (int func, cc_t *valp, cc_t **valpp);
-void set_utid (void);
-int getpty (int *ptynum);
-int tty_isecho (void);
-int tty_flowmode (void);
-int tty_restartany (void);
-void tty_setecho (int on);
-int tty_israw (void);
-void tty_binaryin (int on);
-void tty_binaryout (int on);
-int tty_isbinaryin (void);
-int tty_isbinaryout (void);
-int tty_issofttab (void);
-void tty_setsofttab (int on);
-int tty_islitecho (void);
-void tty_setlitecho (int on);
-int tty_iscrnl (void);
-void tty_tspeed (int val);
-void tty_rspeed (int val);
-void getptyslave (void);
-int cleanopen (char *);
-void startslave (const char *host, const char *, int autologin, char *autoname);
-void init_env (void);
-void start_login (const char *host, int autologin, char *name);
-void cleanup (int sig);
-int main (int argc, char **argv);
-int getterminaltype (char *name, size_t);
-void _gettermname (void);
-int terminaltypeok (char *s);
-void my_telnet (int f, int p, const char*, const char *, int, char*);
-void interrupt (void);
-void sendbrk (void);
-void sendsusp (void);
-void recv_ayt (void);
-void doeof (void);
-void flowstat (void);
-void clientstat (int code, int parm1, int parm2);
-int ttloop (void);
-int stilloob (int s);
-void ptyflush (void);
-char *nextitem (char *current);
-void netclear (void);
-void netflush (void);
-void writenet (const void *, size_t);
-void fatal (int f, char *msg);
-void fatalperror (int f, const char *msg);
-void fatalperror_errno (int f, const char *msg, int error);
-void edithost (char *pat, char *host);
-void putstr (char *s);
-void putchr (int cc);
-void putf (char *cp, char *where);
-void printoption (char *fmt, int option);
-void printsub (int direction, unsigned char *pointer, int length);
-void printdata (char *tag, char *ptr, int cnt);
-int login_tty(int t);
-
-#ifdef ENCRYPTION
-extern void	(*encrypt_output) (unsigned char *, int);
-extern int	(*decrypt_input) (int);
-extern char	*nclearto;
-#endif
-
-
-/*
- * The following are some clocks used to decide how to interpret
- * the relationship between various variables.
- */
-
-struct clocks_t{
-    int
-	system,			/* what the current time is */
-	echotoggle,		/* last time user entered echo character */
-	modenegotiated,		/* last time operating mode negotiated */
-	didnetreceive,		/* last time we read data from network */
-	ttypesubopt,		/* ttype subopt is received */
-	tspeedsubopt,		/* tspeed subopt is received */
-	environsubopt,		/* environ subopt is received */
-	oenvironsubopt,		/* old environ subopt is received */
-	xdisplocsubopt,		/* xdisploc subopt is received */
-	baseline,		/* time started to do timed action */
-	gotDM;			/* when did we last see a data mark */
-};
-extern struct clocks_t clocks;
-
-extern int log_unauth;
-extern int no_warn;
-
-extern int def_tspeed, def_rspeed;
-#ifdef	TIOCSWINSZ
-extern int def_row, def_col;
-#endif
-
-#ifdef STREAMSPTY
-extern int really_stream;
-#endif
-
-#ifndef USE_IM
-# ifdef CRAY
-#  define USE_IM "Cray UNICOS (%h) (%t)"
-# endif
-# ifdef _AIX
-#  define USE_IM "%s %v.%r (%h) (%t)"
-# endif
-# ifndef USE_IM
-#  define USE_IM "%s %r (%h) (%t)"
-# endif
-#endif
-
-#define DEFAULT_IM "\r\n\r\n" USE_IM "\r\n\r\n\r\n"
-
-#endif /* __EXT_H__ */
diff --git a/crypto/heimdal/appl/telnet/telnetd/global.c b/crypto/heimdal/appl/telnet/telnetd/global.c
deleted file mode 100644
index 8b3c40580e3d..000000000000
--- a/crypto/heimdal/appl/telnet/telnetd/global.c
+++ /dev/null
@@ -1,107 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* a *lot* of ugly global definitions that really should be removed...
- */
-
-#include "telnetd.h"
-
-RCSID("$Id: global.c 14939 2005-04-24 20:59:35Z lha $");
-
-/*
- * Telnet server variable declarations
- */
-char	options[256];
-char	do_dont_resp[256];
-char	will_wont_resp[256];
-int	linemode;	/* linemode on/off */
-int	flowmode;	/* current flow control state */
-int	restartany;	/* restart output on any character state */
-#ifdef DIAGNOSTICS
-int	diagnostic;	/* telnet diagnostic capabilities */
-#endif /* DIAGNOSTICS */
-int	require_otp;
-
-slcfun	slctab[NSLC + 1];	/* slc mapping table */
-
-char	terminaltype[41];
-
-/*
- * I/O data buffers, pointers, and counters.
- */
-char	ptyobuf[BUFSIZ+NETSLOP], *pfrontp, *pbackp;
-
-char	netibuf[BUFSIZ], *netip;
-
-char	netobuf[BUFSIZ+NETSLOP], *nfrontp, *nbackp;
-char	*neturg;		/* one past last bye of urgent data */
-
-int	pcc, ncc;
-
-int	ourpty, net;
-int	SYNCHing;		/* we are in TELNET SYNCH mode */
-
-/*
- * The following are some clocks used to decide how to interpret
- * the relationship between various variables.
- */
-
-struct clocks_t clocks;
-
-
-/* whether to log unauthenticated login attempts */
-int log_unauth;
-
-/* do not print warning if connection is not encrypted */
-int no_warn;
-
-/*
- * This function appends data to nfrontp and advances nfrontp.
- */
-
-int
-output_data (const char *format, ...)
-{
-  va_list args;
-  int remaining, ret;
-
-  va_start(args, format);
-  remaining = BUFSIZ - (nfrontp - netobuf);
-  ret = vsnprintf (nfrontp,
-		   remaining,
-		   format,
-		   args);
-  nfrontp += min(ret, remaining-1);
-  va_end(args);
-  return ret;
-}
diff --git a/crypto/heimdal/appl/telnet/telnetd/slc.c b/crypto/heimdal/appl/telnet/telnetd/slc.c
deleted file mode 100644
index b9ab1212c07f..000000000000
--- a/crypto/heimdal/appl/telnet/telnetd/slc.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "telnetd.h"
-
-RCSID("$Id: slc.c 1695 1997-05-11 06:30:05Z assar $");
-
-/*
- * get_slc_defaults
- *
- * Initialize the slc mapping table.
- */
-void
-get_slc_defaults(void)
-{
-    int i;
-    
-    init_termbuf();
-    
-    for (i = 1; i <= NSLC; i++) {
-	slctab[i].defset.flag =
-	    spcset(i, &slctab[i].defset.val, &slctab[i].sptr);
-	slctab[i].current.flag = SLC_NOSUPPORT;
-	slctab[i].current.val = 0;
-    }
-    
-}
diff --git a/crypto/heimdal/appl/telnet/telnetd/state.c b/crypto/heimdal/appl/telnet/telnetd/state.c
deleted file mode 100644
index 32c3d0e02c39..000000000000
--- a/crypto/heimdal/appl/telnet/telnetd/state.c
+++ /dev/null
@@ -1,1360 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "telnetd.h"
-
-RCSID("$Id: state.c 18110 2006-09-19 08:25:20Z lha $");
-
-unsigned char	doopt[] = { IAC, DO, '%', 'c', 0 };
-unsigned char	dont[] = { IAC, DONT, '%', 'c', 0 };
-unsigned char	will[] = { IAC, WILL, '%', 'c', 0 };
-unsigned char	wont[] = { IAC, WONT, '%', 'c', 0 };
-int	not42 = 1;
-
-/*
- * Buffer for sub-options, and macros
- * for suboptions buffer manipulations
- */
-unsigned char subbuffer[1024*64], *subpointer= subbuffer, *subend= subbuffer;
-
-#define	SB_CLEAR()	subpointer = subbuffer
-#define	SB_TERM()	{ subend = subpointer; SB_CLEAR(); }
-#define	SB_ACCUM(c)	if (subpointer < (subbuffer+sizeof subbuffer)) { \
-    *subpointer++ = (c); \
-			     }
-#define	SB_GET()	((*subpointer++)&0xff)
-#define	SB_EOF()	(subpointer >= subend)
-#define	SB_LEN()	(subend - subpointer)
-
-#ifdef	ENV_HACK
-unsigned char *subsave;
-#define SB_SAVE()	subsave = subpointer;
-#define	SB_RESTORE()	subpointer = subsave;
-#endif
-
-
-/*
- * State for recv fsm
- */
-#define	TS_DATA		0	/* base state */
-#define	TS_IAC		1	/* look for double IAC's */
-#define	TS_CR		2	/* CR-LF ->'s CR */
-#define	TS_SB		3	/* throw away begin's... */
-#define	TS_SE		4	/* ...end's (suboption negotiation) */
-#define	TS_WILL		5	/* will option negotiation */
-#define	TS_WONT		6	/* wont -''- */
-#define	TS_DO		7	/* do -''- */
-#define	TS_DONT		8	/* dont -''- */
-
-void
-telrcv(void)
-{
-    int c;
-    static int state = TS_DATA;
-
-    while (ncc > 0) {
-	if ((&ptyobuf[BUFSIZ] - pfrontp) < 2)
-	    break;
-	c = *netip++ & 0377, ncc--;
-#ifdef ENCRYPTION
-	if (decrypt_input)
-	    c = (*decrypt_input)(c);
-#endif
-	switch (state) {
-
-	case TS_CR:
-	    state = TS_DATA;
-	    /* Strip off \n or \0 after a \r */
-	    if ((c == 0) || (c == '\n')) {
-		break;
-	    }
-	    /* FALL THROUGH */
-
-	case TS_DATA:
-	    if (c == IAC) {
-		state = TS_IAC;
-		break;
-	    }
-	    /*
-	     * We now map \r\n ==> \r for pragmatic reasons.
-	     * Many client implementations send \r\n when
-	     * the user hits the CarriageReturn key.
-	     *
-	     * We USED to map \r\n ==> \n, since \r\n says
-	     * that we want to be in column 1 of the next
-	     * printable line, and \n is the standard
-	     * unix way of saying that (\r is only good
-	     * if CRMOD is set, which it normally is).
-	     */
-	    if ((c == '\r') && his_state_is_wont(TELOPT_BINARY)) {
-		int nc = *netip;
-#ifdef ENCRYPTION
-		if (decrypt_input)
-		    nc = (*decrypt_input)(nc & 0xff);
-#endif
-		{
-#ifdef ENCRYPTION
-		    if (decrypt_input)
-			(void)(*decrypt_input)(-1);
-#endif
-		    state = TS_CR;
-		}
-	    }
-	    *pfrontp++ = c;
-	    break;
-
-	case TS_IAC:
-	gotiac:			switch (c) {
-
-	    /*
-	     * Send the process on the pty side an
-	     * interrupt.  Do this with a NULL or
-	     * interrupt char; depending on the tty mode.
-	     */
-	case IP:
-	    DIAG(TD_OPTIONS,
-		 printoption("td: recv IAC", c));
-	    interrupt();
-	    break;
-
-	case BREAK:
-	    DIAG(TD_OPTIONS,
-		 printoption("td: recv IAC", c));
-	    sendbrk();
-	    break;
-
-	    /*
-	     * Are You There?
-	     */
-	case AYT:
-	    DIAG(TD_OPTIONS,
-		 printoption("td: recv IAC", c));
-	    recv_ayt();
-	    break;
-
-	    /*
-	     * Abort Output
-	     */
-	case AO:
-	    {
-		DIAG(TD_OPTIONS,
-		     printoption("td: recv IAC", c));
-		ptyflush();	/* half-hearted */
-		init_termbuf();
-
-		if (slctab[SLC_AO].sptr &&
-		    *slctab[SLC_AO].sptr != (cc_t)(_POSIX_VDISABLE)) {
-		    *pfrontp++ =
-			(unsigned char)*slctab[SLC_AO].sptr;
-		}
-
-		netclear();	/* clear buffer back */
-		output_data ("%c%c", IAC, DM);
-		neturg = nfrontp-1; /* off by one XXX */
-		DIAG(TD_OPTIONS,
-		     printoption("td: send IAC", DM));
-		break;
-	    }
-
-	/*
-	 * Erase Character and
-	 * Erase Line
-	 */
-	case EC:
-	case EL:
-	    {
-		cc_t ch;
-
-		DIAG(TD_OPTIONS,
-		     printoption("td: recv IAC", c));
-		ptyflush();	/* half-hearted */
-		init_termbuf();
-		if (c == EC)
-		    ch = *slctab[SLC_EC].sptr;
-		else
-		    ch = *slctab[SLC_EL].sptr;
-		if (ch != (cc_t)(_POSIX_VDISABLE))
-		    *pfrontp++ = (unsigned char)ch;
-		break;
-	    }
-
-	/*
-	 * Check for urgent data...
-	 */
-	case DM:
-	    DIAG(TD_OPTIONS,
-		 printoption("td: recv IAC", c));
-	    SYNCHing = stilloob(net);
-	    settimer(gotDM);
-	    break;
-
-
-	    /*
-	     * Begin option subnegotiation...
-	     */
-	case SB:
-	    state = TS_SB;
-	    SB_CLEAR();
-	    continue;
-
-	case WILL:
-	    state = TS_WILL;
-	    continue;
-
-	case WONT:
-	    state = TS_WONT;
-	    continue;
-
-	case DO:
-	    state = TS_DO;
-	    continue;
-
-	case DONT:
-	    state = TS_DONT;
-	    continue;
-	case EOR:
-	    if (his_state_is_will(TELOPT_EOR))
-		doeof();
-	    break;
-
-	    /*
-	     * Handle RFC 10xx Telnet linemode option additions
-	     * to command stream (EOF, SUSP, ABORT).
-	     */
-	case xEOF:
-	    doeof();
-	    break;
-
-	case SUSP:
-	    sendsusp();
-	    break;
-
-	case ABORT:
-	    sendbrk();
-	    break;
-
-	case IAC:
-	    *pfrontp++ = c;
-	    break;
-	}
-	state = TS_DATA;
-	break;
-
-	case TS_SB:
-	    if (c == IAC) {
-		state = TS_SE;
-	    } else {
-		SB_ACCUM(c);
-	    }
-	    break;
-
-	case TS_SE:
-	    if (c != SE) {
-		if (c != IAC) {
-		    /*
-		     * bad form of suboption negotiation.
-		     * handle it in such a way as to avoid
-		     * damage to local state.  Parse
-		     * suboption buffer found so far,
-		     * then treat remaining stream as
-		     * another command sequence.
-		     */
-
-		    /* for DIAGNOSTICS */
-		    SB_ACCUM(IAC);
-		    SB_ACCUM(c);
-		    subpointer -= 2;
-
-		    SB_TERM();
-		    suboption();
-		    state = TS_IAC;
-		    goto gotiac;
-		}
-		SB_ACCUM(c);
-		state = TS_SB;
-	    } else {
-		/* for DIAGNOSTICS */
-		SB_ACCUM(IAC);
-		SB_ACCUM(SE);
-		subpointer -= 2;
-
-		SB_TERM();
-		suboption();	/* handle sub-option */
-		state = TS_DATA;
-	    }
-	    break;
-
-	case TS_WILL:
-	    willoption(c);
-	    state = TS_DATA;
-	    continue;
-
-	case TS_WONT:
-	    wontoption(c);
-	    if (c==TELOPT_ENCRYPT && his_do_dont_is_changing(TELOPT_ENCRYPT) )
-                dontoption(c);
-	    state = TS_DATA;
-	    continue;
-
-	case TS_DO:
-	    dooption(c);
-	    state = TS_DATA;
-	    continue;
-
-	case TS_DONT:
-	    dontoption(c);
-	    state = TS_DATA;
-	    continue;
-
-	default:
-	    syslog(LOG_ERR, "telnetd: panic state=%d\n", state);
-	    printf("telnetd: panic state=%d\n", state);
-	    exit(1);
-	}
-    }
-}  /* end of telrcv */
-
-/*
- * The will/wont/do/dont state machines are based on Dave Borman's
- * Telnet option processing state machine.
- *
- * These correspond to the following states:
- *	my_state = the last negotiated state
- *	want_state = what I want the state to go to
- *	want_resp = how many requests I have sent
- * All state defaults are negative, and resp defaults to 0.
- *
- * When initiating a request to change state to new_state:
- *
- * if ((want_resp == 0 && new_state == my_state) || want_state == new_state) {
- *	do nothing;
- * } else {
- *	want_state = new_state;
- *	send new_state;
- *	want_resp++;
- * }
- *
- * When receiving new_state:
- *
- * if (want_resp) {
- *	want_resp--;
- *	if (want_resp && (new_state == my_state))
- *		want_resp--;
- * }
- * if ((want_resp == 0) && (new_state != want_state)) {
- *	if (ok_to_switch_to new_state)
- *		want_state = new_state;
- *	else
- *		want_resp++;
- *	send want_state;
- * }
- * my_state = new_state;
- *
- * Note that new_state is implied in these functions by the function itself.
- * will and do imply positive new_state, wont and dont imply negative.
- *
- * Finally, there is one catch.  If we send a negative response to a
- * positive request, my_state will be the positive while want_state will
- * remain negative.  my_state will revert to negative when the negative
- * acknowlegment arrives from the peer.  Thus, my_state generally tells
- * us not only the last negotiated state, but also tells us what the peer
- * wants to be doing as well.  It is important to understand this difference
- * as we may wish to be processing data streams based on our desired state
- * (want_state) or based on what the peer thinks the state is (my_state).
- *
- * This all works fine because if the peer sends a positive request, the data
- * that we receive prior to negative acknowlegment will probably be affected
- * by the positive state, and we can process it as such (if we can; if we
- * can't then it really doesn't matter).  If it is that important, then the
- * peer probably should be buffering until this option state negotiation
- * is complete.
- *
- */
-void
-send_do(int option, int init)
-{
-    if (init) {
-	if ((do_dont_resp[option] == 0 && his_state_is_will(option)) ||
-	    his_want_state_is_will(option))
-	    return;
-	/*
-	 * Special case for TELOPT_TM:  We send a DO, but pretend
-	 * that we sent a DONT, so that we can send more DOs if
-	 * we want to.
-	 */
-	if (option == TELOPT_TM)
-	    set_his_want_state_wont(option);
-	else
-	    set_his_want_state_will(option);
-	do_dont_resp[option]++;
-    }
-    output_data((const char *)doopt, option);
-
-    DIAG(TD_OPTIONS, printoption("td: send do", option));
-}
-
-#ifdef	AUTHENTICATION
-extern void auth_request(void);
-#endif
-#ifdef	ENCRYPTION
-extern void encrypt_send_support(void);
-#endif
-
-void
-willoption(int option)
-{
-    int changeok = 0;
-    void (*func)(void) = NULL;
-
-    /*
-     * process input from peer.
-     */
-
-    DIAG(TD_OPTIONS, printoption("td: recv will", option));
-
-    if (do_dont_resp[option]) {
-	do_dont_resp[option]--;
-	if (do_dont_resp[option] && his_state_is_will(option))
-	    do_dont_resp[option]--;
-    }
-    if (do_dont_resp[option] == 0) {
-	if (his_want_state_is_wont(option)) {
-	    switch (option) {
-
-	    case TELOPT_BINARY:
-		init_termbuf();
-		tty_binaryin(1);
-		set_termbuf();
-		changeok++;
-		break;
-
-	    case TELOPT_ECHO:
-		/*
-		 * See comments below for more info.
-		 */
-		not42 = 0;	/* looks like a 4.2 system */
-		break;
-
-	    case TELOPT_TM:
-		/*
-		 * We never respond to a WILL TM, and
-		 * we leave the state WONT.
-		 */
-		return;
-
-	    case TELOPT_LFLOW:
-		/*
-		 * If we are going to support flow control
-		 * option, then don't worry peer that we can't
-		 * change the flow control characters.
-		 */
-		slctab[SLC_XON].defset.flag &= ~SLC_LEVELBITS;
-		slctab[SLC_XON].defset.flag |= SLC_DEFAULT;
-		slctab[SLC_XOFF].defset.flag &= ~SLC_LEVELBITS;
-		slctab[SLC_XOFF].defset.flag |= SLC_DEFAULT;
-	    case TELOPT_TTYPE:
-	    case TELOPT_SGA:
-	    case TELOPT_NAWS:
-	    case TELOPT_TSPEED:
-	    case TELOPT_XDISPLOC:
-	    case TELOPT_NEW_ENVIRON:
-	    case TELOPT_OLD_ENVIRON:
-		changeok++;
-		break;
-
-
-#ifdef	AUTHENTICATION
-	    case TELOPT_AUTHENTICATION:
-		func = auth_request;
-		changeok++;
-		break;
-#endif
-
-#ifdef	ENCRYPTION
-	    case TELOPT_ENCRYPT:
-		func = encrypt_send_support;
-		changeok++;
-		break;
-#endif
-			
-	    default:
-		break;
-	    }
-	    if (changeok) {
-		set_his_want_state_will(option);
-		send_do(option, 0);
-	    } else {
-		do_dont_resp[option]++;
-		send_dont(option, 0);
-	    }
-	} else {
-	    /*
-	     * Option processing that should happen when
-	     * we receive conformation of a change in
-	     * state that we had requested.
-	     */
-	    switch (option) {
-	    case TELOPT_ECHO:
-		not42 = 0;	/* looks like a 4.2 system */
-		/*
-		 * Egads, he responded "WILL ECHO".  Turn
-		 * it off right now!
-		 */
-		send_dont(option, 1);
-		/*
-		 * "WILL ECHO".  Kludge upon kludge!
-		 * A 4.2 client is now echoing user input at
-		 * the tty.  This is probably undesireable and
-		 * it should be stopped.  The client will
-		 * respond WONT TM to the DO TM that we send to
-		 * check for kludge linemode.  When the WONT TM
-		 * arrives, linemode will be turned off and a
-		 * change propogated to the pty.  This change
-		 * will cause us to process the new pty state
-		 * in localstat(), which will notice that
-		 * linemode is off and send a WILL ECHO
-		 * so that we are properly in character mode and
-		 * all is well.
-		 */
-		break;
-
-#ifdef	AUTHENTICATION
-	    case TELOPT_AUTHENTICATION:
-		func = auth_request;
-		break;
-#endif
-
-#ifdef	ENCRYPTION
-	    case TELOPT_ENCRYPT:
-		func = encrypt_send_support;
-		break;
-#endif
-
-	    case TELOPT_LFLOW:
-		func = flowstat;
-		break;
-	    }
-	}
-    }
-    set_his_state_will(option);
-    if (func)
-	(*func)();
-}  /* end of willoption */
-
-void
-send_dont(int option, int init)
-{
-    if (init) {
-	if ((do_dont_resp[option] == 0 && his_state_is_wont(option)) ||
-	    his_want_state_is_wont(option))
-	    return;
-	set_his_want_state_wont(option);
-	do_dont_resp[option]++;
-    }
-    output_data((const char *)dont, option);
-
-    DIAG(TD_OPTIONS, printoption("td: send dont", option));
-}
-
-void
-wontoption(int option)
-{
-    /*
-     * Process client input.
-	 */
-
-    DIAG(TD_OPTIONS, printoption("td: recv wont", option));
-
-    if (do_dont_resp[option]) {
-	do_dont_resp[option]--;
-	if (do_dont_resp[option] && his_state_is_wont(option))
-	    do_dont_resp[option]--;
-    }
-    if (do_dont_resp[option] == 0) {
-	if (his_want_state_is_will(option)) {
-	    /* it is always ok to change to negative state */
-	    switch (option) {
-	    case TELOPT_ECHO:
-		not42 = 1; /* doesn't seem to be a 4.2 system */
-		break;
-
-	    case TELOPT_BINARY:
-		init_termbuf();
-		tty_binaryin(0);
-		set_termbuf();
-		break;
-
-	    case TELOPT_TM:
-		/*
-		 * If we get a WONT TM, and had sent a DO TM,
-		 * don't respond with a DONT TM, just leave it
-		 * as is.  Short circut the state machine to
-		 * achive this.
-		 */
-		set_his_want_state_wont(TELOPT_TM);
-		return;
-
-	    case TELOPT_LFLOW:
-		/*
-		 * If we are not going to support flow control
-		 * option, then let peer know that we can't
-		 * change the flow control characters.
-		 */
-		slctab[SLC_XON].defset.flag &= ~SLC_LEVELBITS;
-		slctab[SLC_XON].defset.flag |= SLC_CANTCHANGE;
-		slctab[SLC_XOFF].defset.flag &= ~SLC_LEVELBITS;
-		slctab[SLC_XOFF].defset.flag |= SLC_CANTCHANGE;
-		break;
-
-#ifdef AUTHENTICATION
-	    case TELOPT_AUTHENTICATION:
-		auth_finished(0, AUTH_REJECT);
-		break;
-#endif
-
-		/*
-		 * For options that we might spin waiting for
-		 * sub-negotiation, if the client turns off the
-		 * option rather than responding to the request,
-		 * we have to treat it here as if we got a response
-		 * to the sub-negotiation, (by updating the timers)
-		 * so that we'll break out of the loop.
-		 */
-	    case TELOPT_TTYPE:
-		settimer(ttypesubopt);
-		break;
-
-	    case TELOPT_TSPEED:
-		settimer(tspeedsubopt);
-		break;
-
-	    case TELOPT_XDISPLOC:
-		settimer(xdisplocsubopt);
-		break;
-
-	    case TELOPT_OLD_ENVIRON:
-		settimer(oenvironsubopt);
-		break;
-
-	    case TELOPT_NEW_ENVIRON:
-		settimer(environsubopt);
-		break;
-
-	    default:
-		break;
-	    }
-	    set_his_want_state_wont(option);
-	    if (his_state_is_will(option))
-		send_dont(option, 0);
-	} else {
-	    switch (option) {
-	    case TELOPT_TM:
-		break;
-
-#ifdef AUTHENTICATION
-	    case TELOPT_AUTHENTICATION:
-		auth_finished(0, AUTH_REJECT);
-		break;
-#endif
-	    default:
-		break;
-	    }
-	}
-    }
-    set_his_state_wont(option);
-
-}  /* end of wontoption */
-
-void
-send_will(int option, int init)
-{
-    if (init) {
-	if ((will_wont_resp[option] == 0 && my_state_is_will(option))||
-	    my_want_state_is_will(option))
-	    return;
-	set_my_want_state_will(option);
-	will_wont_resp[option]++;
-    }
-    output_data ((const char *)will, option);
-
-    DIAG(TD_OPTIONS, printoption("td: send will", option));
-}
-
-/*
- * When we get a DONT SGA, we will try once to turn it
- * back on.  If the other side responds DONT SGA, we
- * leave it at that.  This is so that when we talk to
- * clients that understand KLUDGELINEMODE but not LINEMODE,
- * we'll keep them in char-at-a-time mode.
- */
-int turn_on_sga = 0;
-
-void
-dooption(int option)
-{
-    int changeok = 0;
-
-    /*
-     * Process client input.
-     */
-
-    DIAG(TD_OPTIONS, printoption("td: recv do", option));
-
-    if (will_wont_resp[option]) {
-	will_wont_resp[option]--;
-	if (will_wont_resp[option] && my_state_is_will(option))
-	    will_wont_resp[option]--;
-    }
-    if ((will_wont_resp[option] == 0) && (my_want_state_is_wont(option))) {
-	switch (option) {
-	case TELOPT_ECHO:
-	    {
-		init_termbuf();
-		tty_setecho(1);
-		set_termbuf();
-	    }
-	changeok++;
-	break;
-
-	case TELOPT_BINARY:
-	    init_termbuf();
-	    tty_binaryout(1);
-	    set_termbuf();
-	    changeok++;
-	    break;
-
-	case TELOPT_SGA:
-	    turn_on_sga = 0;
-	    changeok++;
-	    break;
-
-	case TELOPT_STATUS:
-	    changeok++;
-	    break;
-
-	case TELOPT_TM:
-	    /*
-	     * Special case for TM.  We send a WILL, but
-	     * pretend we sent a WONT.
-	     */
-	    send_will(option, 0);
-	    set_my_want_state_wont(option);
-	    set_my_state_wont(option);
-	    return;
-
-	case TELOPT_LOGOUT:
-	    /*
-	     * When we get a LOGOUT option, respond
-	     * with a WILL LOGOUT, make sure that
-	     * it gets written out to the network,
-	     * and then just go away...
-	     */
-	    set_my_want_state_will(TELOPT_LOGOUT);
-	    send_will(TELOPT_LOGOUT, 0);
-	    set_my_state_will(TELOPT_LOGOUT);
-	    netflush();
-	    cleanup(0);
-	    /* NOT REACHED */
-	    break;
-
-#ifdef ENCRYPTION
-	case TELOPT_ENCRYPT:
-	    changeok++;
-	    break;
-#endif
-	case TELOPT_LINEMODE:
-	case TELOPT_TTYPE:
-	case TELOPT_NAWS:
-	case TELOPT_TSPEED:
-	case TELOPT_LFLOW:
-	case TELOPT_XDISPLOC:
-#ifdef	TELOPT_ENVIRON
-	case TELOPT_NEW_ENVIRON:
-#endif
-	case TELOPT_OLD_ENVIRON:
-	default:
-	    break;
-	}
-	if (changeok) {
-	    set_my_want_state_will(option);
-	    send_will(option, 0);
-	} else {
-	    will_wont_resp[option]++;
-	    send_wont(option, 0);
-	}
-    }
-    set_my_state_will(option);
-
-}  /* end of dooption */
-
-void
-send_wont(int option, int init)
-{
-    if (init) {
-	if ((will_wont_resp[option] == 0 && my_state_is_wont(option)) ||
-	    my_want_state_is_wont(option))
-	    return;
-	set_my_want_state_wont(option);
-	will_wont_resp[option]++;
-    }
-    output_data ((const char *)wont, option);
-
-    DIAG(TD_OPTIONS, printoption("td: send wont", option));
-}
-
-void
-dontoption(int option)
-{
-    /*
-     * Process client input.
-	 */
-
-
-    DIAG(TD_OPTIONS, printoption("td: recv dont", option));
-
-    if (will_wont_resp[option]) {
-	will_wont_resp[option]--;
-	if (will_wont_resp[option] && my_state_is_wont(option))
-	    will_wont_resp[option]--;
-    }
-    if ((will_wont_resp[option] == 0) && (my_want_state_is_will(option))) {
-	switch (option) {
-	case TELOPT_BINARY:
-	    init_termbuf();
-	    tty_binaryout(0);
-	    set_termbuf();
-	    break;
-
-	case TELOPT_ECHO:	/* we should stop echoing */
-	    {
-		init_termbuf();
-		tty_setecho(0);
-		set_termbuf();
-	    }
-	break;
-
-	case TELOPT_SGA:
-	    set_my_want_state_wont(option);
-	    if (my_state_is_will(option))
-		send_wont(option, 0);
-	    set_my_state_wont(option);
-	    if (turn_on_sga ^= 1)
-		send_will(option, 1);
-	    return;
-
-	default:
-	    break;
-	}
-
-	set_my_want_state_wont(option);
-	if (my_state_is_will(option))
-	    send_wont(option, 0);
-    }
-    set_my_state_wont(option);
-
-}  /* end of dontoption */
-
-#ifdef	ENV_HACK
-int env_ovar = -1;
-int env_ovalue = -1;
-#else	/* ENV_HACK */
-# define env_ovar OLD_ENV_VAR
-# define env_ovalue OLD_ENV_VALUE
-#endif	/* ENV_HACK */
-
-/*
- * suboption()
- *
- *	Look at the sub-option buffer, and try to be helpful to the other
- * side.
- *
- *	Currently we recognize:
- *
- *	Terminal type is
- *	Linemode
- *	Window size
- *	Terminal speed
- */
-void
-suboption(void)
-{
-    int subchar;
-
-    DIAG(TD_OPTIONS, {netflush(); printsub('<', subpointer, SB_LEN()+2);});
-
-    subchar = SB_GET();
-    switch (subchar) {
-    case TELOPT_TSPEED: {
-	int xspeed, rspeed;
-
-	if (his_state_is_wont(TELOPT_TSPEED))	/* Ignore if option disabled */
-	    break;
-
-	settimer(tspeedsubopt);
-
-	if (SB_EOF() || SB_GET() != TELQUAL_IS)
-	    return;
-
-	xspeed = atoi((char *)subpointer);
-
-	while (SB_GET() != ',' && !SB_EOF());
-	if (SB_EOF())
-	    return;
-
-	rspeed = atoi((char *)subpointer);
-	clientstat(TELOPT_TSPEED, xspeed, rspeed);
-
-	break;
-
-    }  /* end of case TELOPT_TSPEED */
-
-    case TELOPT_TTYPE: {		/* Yaaaay! */
-	char *p;
-
-	if (his_state_is_wont(TELOPT_TTYPE))	/* Ignore if option disabled */
-	    break;
-	settimer(ttypesubopt);
-
-	if (SB_EOF() || SB_GET() != TELQUAL_IS) {
-	    return;		/* ??? XXX but, this is the most robust */
-	}
-
-	p = terminaltype;
-
-	while ((p < (terminaltype + sizeof terminaltype-1)) &&
-	       !SB_EOF()) {
-	    int c;
-
-	    c = SB_GET();
-	    if (isupper(c)) {
-		c = tolower(c);
-	    }
-	    *p++ = c;    /* accumulate name */
-	}
-	*p = 0;
-	break;
-    }  /* end of case TELOPT_TTYPE */
-
-    case TELOPT_NAWS: {
-	int xwinsize, ywinsize;
-
-	if (his_state_is_wont(TELOPT_NAWS))	/* Ignore if option disabled */
-	    break;
-
-	if (SB_EOF())
-	    return;
-	xwinsize = SB_GET() << 8;
-	if (SB_EOF())
-	    return;
-	xwinsize |= SB_GET();
-	if (SB_EOF())
-	    return;
-	ywinsize = SB_GET() << 8;
-	if (SB_EOF())
-	    return;
-	ywinsize |= SB_GET();
-	clientstat(TELOPT_NAWS, xwinsize, ywinsize);
-
-	break;
-
-    }  /* end of case TELOPT_NAWS */
-
-    case TELOPT_STATUS: {
-	int mode;
-
-	if (SB_EOF())
-	    break;
-	mode = SB_GET();
-	switch (mode) {
-	case TELQUAL_SEND:
-	    if (my_state_is_will(TELOPT_STATUS))
-		send_status();
-	    break;
-
-	case TELQUAL_IS:
-	    break;
-
-	default:
-	    break;
-	}
-	break;
-    }  /* end of case TELOPT_STATUS */
-
-    case TELOPT_XDISPLOC: {
-	if (SB_EOF() || SB_GET() != TELQUAL_IS)
-	    return;
-	settimer(xdisplocsubopt);
-	subpointer[SB_LEN()] = '\0';
-	esetenv("DISPLAY", (char *)subpointer, 1);
-	break;
-    }  /* end of case TELOPT_XDISPLOC */
-
-#ifdef	TELOPT_NEW_ENVIRON
-    case TELOPT_NEW_ENVIRON:
-#endif
-    case TELOPT_OLD_ENVIRON: {
-	int c;
-	char *cp, *varp, *valp;
-
-	if (SB_EOF())
-	    return;
-	c = SB_GET();
-	if (c == TELQUAL_IS) {
-	    if (subchar == TELOPT_OLD_ENVIRON)
-		settimer(oenvironsubopt);
-	    else
-		settimer(environsubopt);
-	} else if (c != TELQUAL_INFO) {
-	    return;
-	}
-
-#ifdef	TELOPT_NEW_ENVIRON
-	if (subchar == TELOPT_NEW_ENVIRON) {
-	    while (!SB_EOF()) {
-		c = SB_GET();
-		if ((c == NEW_ENV_VAR) || (c == ENV_USERVAR))
-		    break;
-	    }
-	} else
-#endif
-	    {
-#ifdef	ENV_HACK
-		/*
-		 * We only want to do this if we haven't already decided
-		 * whether or not the other side has its VALUE and VAR
-		 * reversed.
-		 */
-		if (env_ovar < 0) {
-		    int last = -1;		/* invalid value */
-		    int empty = 0;
-		    int got_var = 0, got_value = 0, got_uservar = 0;
-
-		    /*
-		     * The other side might have its VALUE and VAR values
-		     * reversed.  To be interoperable, we need to determine
-		     * which way it is.  If the first recognized character
-		     * is a VAR or VALUE, then that will tell us what
-		     * type of client it is.  If the fist recognized
-		     * character is a USERVAR, then we continue scanning
-		     * the suboption looking for two consecutive
-		     * VAR or VALUE fields.  We should not get two
-		     * consecutive VALUE fields, so finding two
-		     * consecutive VALUE or VAR fields will tell us
-		     * what the client is.
-		     */
-		    SB_SAVE();
-		    while (!SB_EOF()) {
-			c = SB_GET();
-			switch(c) {
-			case OLD_ENV_VAR:
-			    if (last < 0 || last == OLD_ENV_VAR
-				|| (empty && (last == OLD_ENV_VALUE)))
-				goto env_ovar_ok;
-			    got_var++;
-			    last = OLD_ENV_VAR;
-			    break;
-			case OLD_ENV_VALUE:
-			    if (last < 0 || last == OLD_ENV_VALUE
-				|| (empty && (last == OLD_ENV_VAR)))
-				goto env_ovar_wrong;
-			    got_value++;
-			    last = OLD_ENV_VALUE;
-			    break;
-			case ENV_USERVAR:
-			    /* count strings of USERVAR as one */
-			    if (last != ENV_USERVAR)
-				got_uservar++;
-			    if (empty) {
-				if (last == OLD_ENV_VALUE)
-				    goto env_ovar_ok;
-				if (last == OLD_ENV_VAR)
-				    goto env_ovar_wrong;
-			    }
-			    last = ENV_USERVAR;
-			    break;
-			case ENV_ESC:
-			    if (!SB_EOF())
-				c = SB_GET();
-			    /* FALL THROUGH */
-			default:
-			    empty = 0;
-			    continue;
-			}
-			empty = 1;
-		    }
-		    if (empty) {
-			if (last == OLD_ENV_VALUE)
-			    goto env_ovar_ok;
-			if (last == OLD_ENV_VAR)
-			    goto env_ovar_wrong;
-		    }
-		    /*
-		     * Ok, the first thing was a USERVAR, and there
-		     * are not two consecutive VAR or VALUE commands,
-		     * and none of the VAR or VALUE commands are empty.
-		     * If the client has sent us a well-formed option,
-		     * then the number of VALUEs received should always
-		     * be less than or equal to the number of VARs and
-		     * USERVARs received.
-		     *
-		     * If we got exactly as many VALUEs as VARs and
-		     * USERVARs, the client has the same definitions.
-		     *
-		     * If we got exactly as many VARs as VALUEs and
-		     * USERVARS, the client has reversed definitions.
-		     */
-		    if (got_uservar + got_var == got_value) {
-		    env_ovar_ok:
-			env_ovar = OLD_ENV_VAR;
-			env_ovalue = OLD_ENV_VALUE;
-		    } else if (got_uservar + got_value == got_var) {
-		    env_ovar_wrong:
-			env_ovar = OLD_ENV_VALUE;
-			env_ovalue = OLD_ENV_VAR;
-			DIAG(TD_OPTIONS, {
-			    output_data("ENVIRON VALUE and VAR are reversed!\r\n");
-			});
-
-		    }
-		}
-		SB_RESTORE();
-#endif
-
-		while (!SB_EOF()) {
-		    c = SB_GET();
-		    if ((c == env_ovar) || (c == ENV_USERVAR))
-			break;
-		}
-	    }
-
-	if (SB_EOF())
-	    return;
-
-	cp = varp = (char *)subpointer;
-	valp = 0;
-
-	while (!SB_EOF()) {
-	    c = SB_GET();
-	    if (subchar == TELOPT_OLD_ENVIRON) {
-		if (c == env_ovar)
-		    c = NEW_ENV_VAR;
-		else if (c == env_ovalue)
-		    c = NEW_ENV_VALUE;
-	    }
-	    switch (c) {
-
-	    case NEW_ENV_VALUE:
-		*cp = '\0';
-		cp = valp = (char *)subpointer;
-		break;
-
-	    case NEW_ENV_VAR:
-	    case ENV_USERVAR:
-		*cp = '\0';
-		if (valp)
-		    esetenv(varp, valp, 1);
-		else
-		    unsetenv(varp);
-		cp = varp = (char *)subpointer;
-		valp = 0;
-		break;
-
-	    case ENV_ESC:
-		if (SB_EOF())
-		    break;
-		c = SB_GET();
-		/* FALL THROUGH */
-	    default:
-		*cp++ = c;
-		break;
-	    }
-	}
-	*cp = '\0';
-	if (valp)
-	    esetenv(varp, valp, 1);
-	else
-	    unsetenv(varp);
-	break;
-    }  /* end of case TELOPT_NEW_ENVIRON */
-#ifdef AUTHENTICATION
-    case TELOPT_AUTHENTICATION:
-	if (SB_EOF())
-	    break;
-	switch(SB_GET()) {
-	case TELQUAL_SEND:
-	case TELQUAL_REPLY:
-	    /*
-	     * These are sent by us and cannot be sent by
-	     * the client.
-	     */
-	    break;
-	case TELQUAL_IS:
-	    auth_is(subpointer, SB_LEN());
-	    break;
-	case TELQUAL_NAME:
-	    auth_name(subpointer, SB_LEN());
-	    break;
-	}
-	break;
-#endif
-#ifdef ENCRYPTION
-    case TELOPT_ENCRYPT:
-	if (SB_EOF())
-	    break;
-	switch(SB_GET()) {
-	case ENCRYPT_SUPPORT:
-	    encrypt_support(subpointer, SB_LEN());
-	    break;
-	case ENCRYPT_IS:
-	    encrypt_is(subpointer, SB_LEN());
-	    break;
-	case ENCRYPT_REPLY:
-	    encrypt_reply(subpointer, SB_LEN());
-	    break;
-	case ENCRYPT_START:
-	    encrypt_start(subpointer, SB_LEN());
-	    break;
-	case ENCRYPT_END:
-	    if (require_encryption)
-		fatal(net, "Output encryption is not possible to turn off");
-	    encrypt_end();
-	    break;
-	case ENCRYPT_REQSTART:
-	    encrypt_request_start(subpointer, SB_LEN());
-	    break;
-	case ENCRYPT_REQEND:
-	    /*
-	     * We can always send an REQEND so that we cannot
-	     * get stuck encrypting.  We should only get this
-	     * if we have been able to get in the correct mode
-	     * anyhow.
-	     */
-	    if (require_encryption)
-		fatal(net, "Input encryption is not possible to turn off");
-	    encrypt_request_end();
-	    break;
-	case ENCRYPT_ENC_KEYID:
-	    encrypt_enc_keyid(subpointer, SB_LEN());
-	    break;
-	case ENCRYPT_DEC_KEYID:
-	    encrypt_dec_keyid(subpointer, SB_LEN());
-	    break;
-	default:
-	    break;
-	}
-	break;
-#endif
-
-    default:
-	break;
-    }  /* end of switch */
-
-}  /* end of suboption */
-
-void
-doclientstat(void)
-{
-    clientstat(TELOPT_LINEMODE, WILL, 0);
-}
-
-#undef ADD
-#define	ADD(c)	 *ncp++ = c
-#define	ADD_DATA(c) { *ncp++ = c; if (c == SE || c == IAC) *ncp++ = c; }
-
-void
-send_status(void)
-{
-    unsigned char statusbuf[256];
-    unsigned char *ncp;
-    unsigned char i;
-
-    ncp = statusbuf;
-
-    netflush();	/* get rid of anything waiting to go out */
-
-    ADD(IAC);
-    ADD(SB);
-    ADD(TELOPT_STATUS);
-    ADD(TELQUAL_IS);
-
-    /*
-     * We check the want_state rather than the current state,
-     * because if we received a DO/WILL for an option that we
-     * don't support, and the other side didn't send a DONT/WONT
-     * in response to our WONT/DONT, then the "state" will be
-     * WILL/DO, and the "want_state" will be WONT/DONT.  We
-     * need to go by the latter.
-     */
-    for (i = 0; i < (unsigned char)NTELOPTS; i++) {
-	if (my_want_state_is_will(i)) {
-	    ADD(WILL);
-	    ADD_DATA(i);
-	}
-	if (his_want_state_is_will(i)) {
-	    ADD(DO);
-	    ADD_DATA(i);
-	}
-    }
-
-    if (his_want_state_is_will(TELOPT_LFLOW)) {
-	ADD(SB);
-	ADD(TELOPT_LFLOW);
-	if (flowmode) {
-	    ADD(LFLOW_ON);
-	} else {
-	    ADD(LFLOW_OFF);
-	}
-	ADD(SE);
-
-	if (restartany >= 0) {
-	    ADD(SB);
-	    ADD(TELOPT_LFLOW);
-	    if (restartany) {
-		ADD(LFLOW_RESTART_ANY);
-	    } else {
-		ADD(LFLOW_RESTART_XON);
-	    }
-	    ADD(SE);
-	}
-    }
-
-
-    ADD(IAC);
-    ADD(SE);
-
-    writenet(statusbuf, ncp - statusbuf);
-    netflush();	/* Send it on its way */
-
-    DIAG(TD_OPTIONS,
-	 {printsub('>', statusbuf, ncp - statusbuf); netflush();});
-}
diff --git a/crypto/heimdal/appl/telnet/telnetd/sys_term.c b/crypto/heimdal/appl/telnet/telnetd/sys_term.c
deleted file mode 100644
index 852611f8eefa..000000000000
--- a/crypto/heimdal/appl/telnet/telnetd/sys_term.c
+++ /dev/null
@@ -1,1899 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "telnetd.h"
-
-RCSID("$Id: sys_term.c 22390 2007-12-31 10:12:48Z lha $");
-
-#if defined(_CRAY) || (defined(__hpux) && !defined(HAVE_UTMPX_H))
-# define PARENT_DOES_UTMP
-#endif
-
-#ifdef HAVE_UTMP_H
-#include <utmp.h>
-#endif
-
-#ifdef HAVE_UTMPX_H
-#include <utmpx.h>
-#endif
-
-#ifdef HAVE_UTMPX_H
-struct	utmpx wtmp;
-#elif defined(HAVE_UTMP_H)
-struct	utmp wtmp;
-#endif /* HAVE_UTMPX_H */
-
-#ifdef HAVE_STRUCT_UTMP_UT_HOST
-int	utmp_len = sizeof(wtmp.ut_host);
-#else
-int	utmp_len = MaxHostNameLen;
-#endif
-
-#ifndef UTMP_FILE
-#ifdef _PATH_UTMP
-#define UTMP_FILE _PATH_UTMP
-#else
-#define UTMP_FILE "/etc/utmp"
-#endif
-#endif
-
-#if !defined(WTMP_FILE) && defined(_PATH_WTMP)
-#define WTMP_FILE _PATH_WTMP
-#endif
-
-#ifndef PARENT_DOES_UTMP
-#ifdef WTMP_FILE
-char	wtmpf[] = WTMP_FILE;
-#else
-char	wtmpf[]	= "/usr/adm/wtmp";
-#endif
-char	utmpf[] = UTMP_FILE;
-#else /* PARENT_DOES_UTMP */
-#ifdef WTMP_FILE
-char	wtmpf[] = WTMP_FILE;
-#else
-char	wtmpf[]	= "/etc/wtmp";
-#endif
-#endif /* PARENT_DOES_UTMP */
-
-#ifdef HAVE_TMPDIR_H
-#include <tmpdir.h>
-#endif	/* CRAY */
-
-#if !(defined(__sgi) || defined(__linux) || defined(_AIX)) && defined(HAVE_SYS_TTY)
-#include <sys/tty.h>
-#endif
-#ifdef	t_erase
-#undef	t_erase
-#undef	t_kill
-#undef	t_intrc
-#undef	t_quitc
-#undef	t_startc
-#undef	t_stopc
-#undef	t_eofc
-#undef	t_brkc
-#undef	t_suspc
-#undef	t_dsuspc
-#undef	t_rprntc
-#undef	t_flushc
-#undef	t_werasc
-#undef	t_lnextc
-#endif
-
-#ifdef HAVE_TERMIOS_H
-#include <termios.h>
-#else
-#ifdef HAVE_TERMIO_H
-#include <termio.h>
-#endif
-#endif
-
-#ifdef HAVE_UTIL_H
-#include <util.h>
-#endif
-#ifdef HAVE_LIBUTIL_H
-#include <libutil.h>
-#endif
-
-# ifndef	TCSANOW
-#  ifdef TCSETS
-#   define	TCSANOW		TCSETS
-#   define	TCSADRAIN	TCSETSW
-#   define	tcgetattr(f, t)	ioctl(f, TCGETS, (char *)t)
-#  else
-#   ifdef TCSETA
-#    define	TCSANOW		TCSETA
-#    define	TCSADRAIN	TCSETAW
-#    define	tcgetattr(f, t)	ioctl(f, TCGETA, (char *)t)
-#   else
-#    define	TCSANOW		TIOCSETA
-#    define	TCSADRAIN	TIOCSETAW
-#    define	tcgetattr(f, t)	ioctl(f, TIOCGETA, (char *)t)
-#   endif
-#  endif
-#  define	tcsetattr(f, a, t)	ioctl(f, a, t)
-#  define	cfsetospeed(tp, val)	(tp)->c_cflag &= ~CBAUD; \
-(tp)->c_cflag |= (val)
-#  define	cfgetospeed(tp)		((tp)->c_cflag & CBAUD)
-#  ifdef CIBAUD
-#   define	cfsetispeed(tp, val)	(tp)->c_cflag &= ~CIBAUD; \
-     (tp)->c_cflag |= ((val)<<IBSHIFT)
-#   define	cfgetispeed(tp)		(((tp)->c_cflag & CIBAUD)>>IBSHIFT)
-#  else
-#   define	cfsetispeed(tp, val)	(tp)->c_cflag &= ~CBAUD; \
-     (tp)->c_cflag |= (val)
-#   define	cfgetispeed(tp)		((tp)->c_cflag & CBAUD)
-#  endif
-# endif /* TCSANOW */
-     struct termios termbuf, termbuf2;	/* pty control structure */
-# ifdef  STREAMSPTY
-     static int ttyfd = -1;
-     int really_stream = 0;
-# endif
-
-     const char *new_login = _PATH_LOGIN;
-
-/*
- * init_termbuf()
- * copy_termbuf(cp)
- * set_termbuf()
- *
- * These three routines are used to get and set the "termbuf" structure
- * to and from the kernel.  init_termbuf() gets the current settings.
- * copy_termbuf() hands in a new "termbuf" to write to the kernel, and
- * set_termbuf() writes the structure into the kernel.
- */
-
-     void
-     init_termbuf(void)
-{
-# ifdef  STREAMSPTY
-    if (really_stream)
-	tcgetattr(ttyfd, &termbuf);
-    else
-# endif
-	tcgetattr(ourpty, &termbuf);
-    termbuf2 = termbuf;
-}
-
-void
-set_termbuf(void)
-{
-    /*
-     * Only make the necessary changes.
-	 */
-    if (memcmp(&termbuf, &termbuf2, sizeof(termbuf))) {
-# ifdef  STREAMSPTY
-	if (really_stream)
-	    tcsetattr(ttyfd, TCSANOW, &termbuf);
-	else
-# endif
-	    tcsetattr(ourpty, TCSANOW, &termbuf);
-    }
-}
-
-
-/*
- * spcset(func, valp, valpp)
- *
- * This function takes various special characters (func), and
- * sets *valp to the current value of that character, and
- * *valpp to point to where in the "termbuf" structure that
- * value is kept.
- *
- * It returns the SLC_ level of support for this function.
- */
-
-
-int
-spcset(int func, cc_t *valp, cc_t **valpp)
-{
-
-#define	setval(a, b)	*valp = termbuf.c_cc[a]; \
-    *valpp = &termbuf.c_cc[a]; \
-				   return(b);
-#define	defval(a) *valp = ((cc_t)a); *valpp = (cc_t *)0; return(SLC_DEFAULT);
-
-    switch(func) {
-    case SLC_EOF:
-	setval(VEOF, SLC_VARIABLE);
-    case SLC_EC:
-	setval(VERASE, SLC_VARIABLE);
-    case SLC_EL:
-	setval(VKILL, SLC_VARIABLE);
-    case SLC_IP:
-	setval(VINTR, SLC_VARIABLE|SLC_FLUSHIN|SLC_FLUSHOUT);
-    case SLC_ABORT:
-	setval(VQUIT, SLC_VARIABLE|SLC_FLUSHIN|SLC_FLUSHOUT);
-    case SLC_XON:
-#ifdef	VSTART
-	setval(VSTART, SLC_VARIABLE);
-#else
-	defval(0x13);
-#endif
-    case SLC_XOFF:
-#ifdef	VSTOP
-	setval(VSTOP, SLC_VARIABLE);
-#else
-	defval(0x11);
-#endif
-    case SLC_EW:
-#ifdef	VWERASE
-	setval(VWERASE, SLC_VARIABLE);
-#else
-	defval(0);
-#endif
-    case SLC_RP:
-#ifdef	VREPRINT
-	setval(VREPRINT, SLC_VARIABLE);
-#else
-	defval(0);
-#endif
-    case SLC_LNEXT:
-#ifdef	VLNEXT
-	setval(VLNEXT, SLC_VARIABLE);
-#else
-	defval(0);
-#endif
-    case SLC_AO:
-#if	!defined(VDISCARD) && defined(VFLUSHO)
-# define VDISCARD VFLUSHO
-#endif
-#ifdef	VDISCARD
-	setval(VDISCARD, SLC_VARIABLE|SLC_FLUSHOUT);
-#else
-	defval(0);
-#endif
-    case SLC_SUSP:
-#ifdef	VSUSP
-	setval(VSUSP, SLC_VARIABLE|SLC_FLUSHIN);
-#else
-	defval(0);
-#endif
-#ifdef	VEOL
-    case SLC_FORW1:
-	setval(VEOL, SLC_VARIABLE);
-#endif
-#ifdef	VEOL2
-    case SLC_FORW2:
-	setval(VEOL2, SLC_VARIABLE);
-#endif
-    case SLC_AYT:
-#ifdef	VSTATUS
-	setval(VSTATUS, SLC_VARIABLE);
-#else
-	defval(0);
-#endif
-
-    case SLC_BRK:
-    case SLC_SYNCH:
-    case SLC_EOR:
-	defval(0);
-
-    default:
-	*valp = 0;
-	*valpp = 0;
-	return(SLC_NOSUPPORT);
-    }
-}
-
-#ifdef _CRAY
-/*
- * getnpty()
- *
- * Return the number of pty's configured into the system.
- */
-int
-getnpty()
-{
-#ifdef _SC_CRAY_NPTY
-    int numptys;
-
-    if ((numptys = sysconf(_SC_CRAY_NPTY)) != -1)
-	return numptys;
-    else
-#endif /* _SC_CRAY_NPTY */
-	return 128;
-}
-#endif /* CRAY */
-
-/*
- * getpty()
- *
- * Allocate a pty.  As a side effect, the external character
- * array "line" contains the name of the slave side.
- *
- * Returns the file descriptor of the opened pty.
- */
-
-static int ptyslavefd = -1;
-
-static char Xline[] = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
-char *line = Xline;
-
-#ifdef	_CRAY
-char myline[] = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
-#endif	/* CRAY */
-
-#if !defined(HAVE_PTSNAME) && defined(STREAMSPTY)
-static char *ptsname(int fd)
-{
-#ifdef HAVE_TTYNAME
-    return ttyname(fd);
-#else
-    return NULL;
-#endif
-}
-#endif
-
-int getpty(int *ptynum)
-{
-#if defined(HAVE_OPENPTY) || defined(__linux) || defined(__osf__) /* XXX */
-    {
-	int master;
-	int slave;
-	if(openpty(&master, &slave, line, 0, 0) == 0){
-	    ptyslavefd = slave;
-	    return master;
-	}
-    }
-#endif /* HAVE_OPENPTY .... */
-#ifdef HAVE__GETPTY
-    {
-	int master;
-	char *p;
-	p = _getpty(&master, O_RDWR, 0600, 1);
-	if(p == NULL)
-	    return -1;
-	strlcpy(line, p, sizeof(Xline));
-	return master;
-    }
-#endif
-    
-#ifdef	STREAMSPTY
-    {
-	char *clone[] = { "/dev/ptc", "/dev/ptmx", "/dev/ptm", 
-			  "/dev/ptym/clone", 0 };
-	
-	char **q;
-	int p;
-	for(q=clone; *q; q++){
-	    p=open(*q, O_RDWR);
-	    if(p >= 0){
-#ifdef HAVE_GRANTPT
-		grantpt(p);
-#endif
-#ifdef HAVE_UNLOCKPT
-		unlockpt(p);
-#endif
-		strlcpy(line, ptsname(p), sizeof(Xline));
-		really_stream = 1;
-		return p;
-	    }
-	}
-    }
-#endif /* STREAMSPTY */
-#ifndef _CRAY
-    {
-	int p;
-	char *cp, *p1, *p2;
-	int i;
-	
-#ifndef	__hpux
-	snprintf(line, sizeof(Xline), "/dev/ptyXX");
-	p1 = &line[8];
-	p2 = &line[9];
-#else
-	snprintf(line, sizeof(Xline), "/dev/ptym/ptyXX");
-	p1 = &line[13];
-	p2 = &line[14];
-#endif
-	
-	
-	for (cp = "pqrstuvwxyzPQRST"; *cp; cp++) {
-	    struct stat stb;
-	    
-	    *p1 = *cp;
-	    *p2 = '0';
-	    /*
-	     * This stat() check is just to keep us from
-	     * looping through all 256 combinations if there
-	     * aren't that many ptys available.
-	     */
-	    if (stat(line, &stb) < 0)
-		break;
-	    for (i = 0; i < 16; i++) {
-		*p2 = "0123456789abcdef"[i];
-		p = open(line, O_RDWR);
-		if (p > 0) {
-#if SunOS == 40
-		    int dummy;
-#endif
-		    
-#ifndef	__hpux
-		    line[5] = 't';
-#else
-		    for (p1 = &line[8]; *p1; p1++)
-			*p1 = *(p1+1);
-		    line[9] = 't';
-#endif
-		    chown(line, 0, 0);
-		    chmod(line, 0600);
-#if SunOS == 40
-		    if (ioctl(p, TIOCGPGRP, &dummy) == 0
-			|| errno != EIO) {
-			chmod(line, 0666);
-			close(p);
-			line[5] = 'p';
-		    } else
-#endif /* SunOS == 40 */
-			return(p);
-		}
-	    }
-	}
-    }
-#else	/* CRAY */
-    {
-	extern lowpty, highpty;
-	struct stat sb;
-	int p;
-	
-	for (*ptynum = lowpty; *ptynum <= highpty; (*ptynum)++) {
-	    snprintf(myline, sizeof(myline), "/dev/pty/%03d", *ptynum);
-	    p = open(myline, 2);
-	    if (p < 0)
-		continue;
-	    snprintf(line, sizeof(Xline), "/dev/ttyp%03d", *ptynum);
-	    /*
-	     * Here are some shenanigans to make sure that there
-	     * are no listeners lurking on the line.
-	     */
-	    if(stat(line, &sb) < 0) {
-		close(p);
-		continue;
-	    }
-	    if(sb.st_uid || sb.st_gid || sb.st_mode != 0600) {
-		chown(line, 0, 0);
-		chmod(line, 0600);
-		close(p);
-		p = open(myline, 2);
-		if (p < 0)
-		    continue;
-	    }
-	    /*
-	     * Now it should be safe...check for accessability.
-	     */
-	    if (access(line, 6) == 0)
-		return(p);
-	    else {
-		/* no tty side to pty so skip it */
-		close(p);
-	    }
-	}
-    }
-#endif	/* CRAY */
-    return(-1);
-}
-
-
-int
-tty_isecho(void)
-{
-    return (termbuf.c_lflag & ECHO);
-}
-
-int
-tty_flowmode(void)
-{
-    return((termbuf.c_iflag & IXON) ? 1 : 0);
-}
-
-int
-tty_restartany(void)
-{
-    return((termbuf.c_iflag & IXANY) ? 1 : 0);
-}
-
-void
-tty_setecho(int on)
-{
-    if (on)
-	termbuf.c_lflag |= ECHO;
-    else
-	termbuf.c_lflag &= ~ECHO;
-}
-
-int
-tty_israw(void)
-{
-    return(!(termbuf.c_lflag & ICANON));
-}
-
-void
-tty_binaryin(int on)
-{
-    if (on) {
-	termbuf.c_iflag &= ~ISTRIP;
-    } else {
-	termbuf.c_iflag |= ISTRIP;
-    }
-}
-
-void
-tty_binaryout(int on)
-{
-    if (on) {
-	termbuf.c_cflag &= ~(CSIZE|PARENB);
-	termbuf.c_cflag |= CS8;
-	termbuf.c_oflag &= ~OPOST;
-    } else {
-	termbuf.c_cflag &= ~CSIZE;
-	termbuf.c_cflag |= CS7|PARENB;
-	termbuf.c_oflag |= OPOST;
-    }
-}
-
-int
-tty_isbinaryin(void)
-{
-    return(!(termbuf.c_iflag & ISTRIP));
-}
-
-int
-tty_isbinaryout(void)
-{
-    return(!(termbuf.c_oflag&OPOST));
-}
-
-
-int
-tty_issofttab(void)
-{
-# ifdef	OXTABS
-    return (termbuf.c_oflag & OXTABS);
-# endif
-# ifdef	TABDLY
-    return ((termbuf.c_oflag & TABDLY) == TAB3);
-# endif
-}
-
-void
-tty_setsofttab(int on)
-{
-    if (on) {
-# ifdef	OXTABS
-	termbuf.c_oflag |= OXTABS;
-# endif
-# ifdef	TABDLY
-	termbuf.c_oflag &= ~TABDLY;
-	termbuf.c_oflag |= TAB3;
-# endif
-    } else {
-# ifdef	OXTABS
-	termbuf.c_oflag &= ~OXTABS;
-# endif
-# ifdef	TABDLY
-	termbuf.c_oflag &= ~TABDLY;
-	termbuf.c_oflag |= TAB0;
-# endif
-    }
-}
-
-int
-tty_islitecho(void)
-{
-# ifdef	ECHOCTL
-    return (!(termbuf.c_lflag & ECHOCTL));
-# endif
-# ifdef	TCTLECH
-    return (!(termbuf.c_lflag & TCTLECH));
-# endif
-# if	!defined(ECHOCTL) && !defined(TCTLECH)
-    return (0);	/* assumes ctl chars are echoed '^x' */
-# endif
-}
-
-void
-tty_setlitecho(int on)
-{
-# ifdef	ECHOCTL
-    if (on)
-	termbuf.c_lflag &= ~ECHOCTL;
-    else
-	termbuf.c_lflag |= ECHOCTL;
-# endif
-# ifdef	TCTLECH
-    if (on)
-	termbuf.c_lflag &= ~TCTLECH;
-    else
-	termbuf.c_lflag |= TCTLECH;
-# endif
-}
-
-int
-tty_iscrnl(void)
-{
-    return (termbuf.c_iflag & ICRNL);
-}
-
-/*
- * Try to guess whether speeds are "encoded" (4.2BSD) or just numeric (4.4BSD).
- */
-#if B4800 != 4800
-#define	DECODE_BAUD
-#endif
-
-#ifdef	DECODE_BAUD
-
-/*
- * A table of available terminal speeds
- */
-struct termspeeds {
-    int	speed;
-    int	value;
-} termspeeds[] = {
-    { 0,      B0 },      { 50,    B50 },    { 75,     B75 },
-    { 110,    B110 },    { 134,   B134 },   { 150,    B150 },
-    { 200,    B200 },    { 300,   B300 },   { 600,    B600 },
-    { 1200,   B1200 },   { 1800,  B1800 },  { 2400,   B2400 },
-    { 4800,   B4800 },
-#ifdef	B7200
-    { 7200,  B7200 },
-#endif
-    { 9600,   B9600 },
-#ifdef	B14400
-    { 14400,  B14400 },
-#endif
-#ifdef	B19200
-    { 19200,  B19200 },
-#endif
-#ifdef	B28800
-    { 28800,  B28800 },
-#endif
-#ifdef	B38400
-    { 38400,  B38400 },
-#endif
-#ifdef	B57600
-    { 57600,  B57600 },
-#endif
-#ifdef	B115200
-    { 115200, B115200 },
-#endif
-#ifdef	B230400
-    { 230400, B230400 },
-#endif
-    { -1,     0 }
-};
-#endif	/* DECODE_BUAD */
-
-void
-tty_tspeed(int val)
-{
-#ifdef	DECODE_BAUD
-    struct termspeeds *tp;
-
-    for (tp = termspeeds; (tp->speed != -1) && (val > tp->speed); tp++)
-	;
-    if (tp->speed == -1)	/* back up to last valid value */
-	--tp;
-    cfsetospeed(&termbuf, tp->value);
-#else	/* DECODE_BUAD */
-    cfsetospeed(&termbuf, val);
-#endif	/* DECODE_BUAD */
-}
-
-void
-tty_rspeed(int val)
-{
-#ifdef	DECODE_BAUD
-    struct termspeeds *tp;
-
-    for (tp = termspeeds; (tp->speed != -1) && (val > tp->speed); tp++)
-	;
-    if (tp->speed == -1)	/* back up to last valid value */
-	--tp;
-    cfsetispeed(&termbuf, tp->value);
-#else	/* DECODE_BAUD */
-    cfsetispeed(&termbuf, val);
-#endif	/* DECODE_BAUD */
-}
-
-#ifdef PARENT_DOES_UTMP
-extern	struct utmp wtmp;
-extern char wtmpf[];
-
-extern void utmp_sig_init (void);
-extern void utmp_sig_reset (void);
-extern void utmp_sig_wait (void);
-extern void utmp_sig_notify (int);
-# endif /* PARENT_DOES_UTMP */
-
-#ifdef STREAMSPTY
-
-/* I_FIND seems to live a life of its own */
-static int my_find(int fd, char *module)
-{
-#if defined(I_FIND) && defined(I_LIST)
-    static int flag;
-    static struct str_list sl;
-    int n;
-    int i;
-  
-    if(!flag){
-	n = ioctl(fd, I_LIST, 0);
-	if(n < 0){
-	    perror("ioctl(fd, I_LIST, 0)");
-	    return -1;
-	}
-	sl.sl_modlist=(struct str_mlist*)malloc(n * sizeof(struct str_mlist));
-	sl.sl_nmods = n;
-	n = ioctl(fd, I_LIST, &sl);
-	if(n < 0){
-	    perror("ioctl(fd, I_LIST, n)");
-	    return -1;
-	}
-	flag = 1;
-    }
-  
-    for(i=0; i<sl.sl_nmods; i++)
-	if(!strcmp(sl.sl_modlist[i].l_name, module))
-	    return 1;
-#endif
-    return 0;
-}
-
-static void maybe_push_modules(int fd, char **modules)
-{
-    char **p;
-    int err;
-
-    for(p=modules; *p; p++){
-	err = my_find(fd, *p);
-	if(err == 1)
-	    break;
-	if(err < 0 && errno != EINVAL)
-	    fatalperror(net, "my_find()");
-	/* module not pushed or does not exist */
-    }
-    /* p points to null or to an already pushed module, now push all
-       modules before this one */
-  
-    for(p--; p >= modules; p--){
-	err = ioctl(fd, I_PUSH, *p);
-	if(err < 0 && errno != EINVAL)
-	    fatalperror(net, "I_PUSH");
-    }
-}
-#endif
-
-/*
- * getptyslave()
- *
- * Open the slave side of the pty, and do any initialization
- * that is necessary.  The return value is a file descriptor
- * for the slave side.
- */
-void getptyslave(void)
-{
-    int t = -1;
-
-    struct winsize ws;
-    /*
-     * Opening the slave side may cause initilization of the
-     * kernel tty structure.  We need remember the state of
-     * 	if linemode was turned on
-     *	terminal window size
-     *	terminal speed
-     * so that we can re-set them if we need to.
-     */
-
-
-    /*
-     * Make sure that we don't have a controlling tty, and
-     * that we are the session (process group) leader.
-     */
-
-#ifdef HAVE_SETSID
-    if(setsid()<0)
-	fatalperror(net, "setsid()");
-#else
-# ifdef	TIOCNOTTY
-    t = open(_PATH_TTY, O_RDWR);
-    if (t >= 0) {
-	ioctl(t, TIOCNOTTY, (char *)0);
-	close(t);
-    }
-# endif
-#endif
-
-# ifdef PARENT_DOES_UTMP
-    /*
-     * Wait for our parent to get the utmp stuff to get done.
-     */
-    utmp_sig_wait();
-# endif
-
-    t = cleanopen(line);
-    if (t < 0)
-	fatalperror(net, line);
-
-#ifdef  STREAMSPTY
-    ttyfd = t;
-	  
-
-    /*
-     * Not all systems have (or need) modules ttcompat and pckt so
-     * don't flag it as a fatal error if they don't exist.
-     */
-
-    if (really_stream)
-	{
-	    /* these are the streams modules that we want pushed. note
-	       that they are in reverse order, ptem will be pushed
-	       first. maybe_push_modules() will try to push all modules
-	       before the first one that isn't already pushed. i.e if
-	       ldterm is pushed, only ttcompat will be attempted.
-
-	       all this is because we don't know which modules are
-	       available, and we don't know which modules are already
-	       pushed (via autopush, for instance).
-
-	       */
-	     
-	    char *ttymodules[] = { "ttcompat", "ldterm", "ptem", NULL };
-	    char *ptymodules[] = { "pckt", NULL };
-
-	    maybe_push_modules(t, ttymodules);
-	    maybe_push_modules(ourpty, ptymodules);
-	}
-#endif
-    /*
-     * set up the tty modes as we like them to be.
-     */
-    init_termbuf();
-# ifdef	TIOCSWINSZ
-    if (def_row || def_col) {
-	memset(&ws, 0, sizeof(ws));
-	ws.ws_col = def_col;
-	ws.ws_row = def_row;
-	ioctl(t, TIOCSWINSZ, (char *)&ws);
-    }
-# endif
-
-    /*
-     * Settings for sgtty based systems
-     */
-
-    /*
-     * Settings for UNICOS (and HPUX)
-     */
-# if defined(_CRAY) || defined(__hpux)
-    termbuf.c_oflag = OPOST|ONLCR|TAB3;
-    termbuf.c_iflag = IGNPAR|ISTRIP|ICRNL|IXON;
-    termbuf.c_lflag = ISIG|ICANON|ECHO|ECHOE|ECHOK;
-    termbuf.c_cflag = EXTB|HUPCL|CS8;
-# endif
-
-    /*
-     * Settings for all other termios/termio based
-     * systems, other than 4.4BSD.  In 4.4BSD the
-     * kernel does the initial terminal setup.
-     */
-# if !(defined(_CRAY) || defined(__hpux)) && (BSD <= 43)
-#  ifndef	OXTABS
-#   define OXTABS	0
-#  endif
-    termbuf.c_lflag |= ECHO;
-    termbuf.c_oflag |= ONLCR|OXTABS;
-    termbuf.c_iflag |= ICRNL;
-    termbuf.c_iflag &= ~IXOFF;
-# endif
-    tty_rspeed((def_rspeed > 0) ? def_rspeed : 9600);
-    tty_tspeed((def_tspeed > 0) ? def_tspeed : 9600);
-
-    /*
-     * Set the tty modes, and make this our controlling tty.
-     */
-    set_termbuf();
-    if (login_tty(t) == -1)
-	fatalperror(net, "login_tty");
-    if (net > 2)
-	close(net);
-    if (ourpty > 2) {
-	close(ourpty);
-	ourpty = -1;
-    }
-}
-
-#ifndef	O_NOCTTY
-#define	O_NOCTTY	0
-#endif
-/*
- * Open the specified slave side of the pty,
- * making sure that we have a clean tty.
- */
-
-int cleanopen(char *line)
-{
-    int t;
-
-    if (ptyslavefd != -1)
-	return ptyslavefd;
-
-#ifdef STREAMSPTY
-    if (!really_stream)
-#endif
-	{
-	    /*
-	     * Make sure that other people can't open the
-	     * slave side of the connection.
-	     */
-	    chown(line, 0, 0);
-	    chmod(line, 0600);
-	}
-
-#ifdef HAVE_REVOKE
-    revoke(line);
-#endif
-
-    t = open(line, O_RDWR|O_NOCTTY);
-
-    if (t < 0)
-	return(-1);
-
-    /*
-     * Hangup anybody else using this ttyp, then reopen it for
-     * ourselves.
-     */
-# if !(defined(_CRAY) || defined(__hpux)) && (BSD <= 43) && !defined(STREAMSPTY)
-    signal(SIGHUP, SIG_IGN);
-#ifdef HAVE_VHANGUP
-    vhangup();
-#else
-#endif
-    signal(SIGHUP, SIG_DFL);
-    t = open(line, O_RDWR|O_NOCTTY);
-    if (t < 0)
-	return(-1);
-# endif
-# if	defined(_CRAY) && defined(TCVHUP)
-    {
-	int i;
-	signal(SIGHUP, SIG_IGN);
-	ioctl(t, TCVHUP, (char *)0);
-	signal(SIGHUP, SIG_DFL);
-
-	i = open(line, O_RDWR);
-
-	if (i < 0)
-	    return(-1);
-	close(t);
-	t = i;
-    }
-# endif	/* defined(CRAY) && defined(TCVHUP) */
-    return(t);
-}
-
-#if !defined(BSD4_4)
-
-int login_tty(int t)
-{
-# if defined(TIOCSCTTY) && !defined(__hpux)
-    if (ioctl(t, TIOCSCTTY, (char *)0) < 0)
-	fatalperror(net, "ioctl(sctty)");
-#  ifdef _CRAY
-    /*
-     * Close the hard fd to /dev/ttypXXX, and re-open through
-     * the indirect /dev/tty interface.
-     */
-    close(t);
-    if ((t = open("/dev/tty", O_RDWR)) < 0)
-	fatalperror(net, "open(/dev/tty)");
-#  endif
-# else
-    /*
-     * We get our controlling tty assigned as a side-effect
-     * of opening up a tty device.  But on BSD based systems,
-     * this only happens if our process group is zero.  The
-     * setsid() call above may have set our pgrp, so clear
-     * it out before opening the tty...
-     */
-#ifdef HAVE_SETPGID
-    setpgid(0, 0);
-#else
-    setpgrp(0, 0); /* if setpgid isn't available, setpgrp
-		      probably takes arguments */
-#endif
-    close(open(line, O_RDWR));
-# endif
-    if (t != 0)
-	dup2(t, 0);
-    if (t != 1)
-	dup2(t, 1);
-    if (t != 2)
-	dup2(t, 2);
-    if (t > 2)
-	close(t);
-    return(0);
-}
-#endif	/* BSD <= 43 */
-
-/*
- * This comes from ../../bsd/tty.c and should not really be here.
- */
-
-/*
- * Clean the tty name.  Return a pointer to the cleaned version.
- */
-
-static char * clean_ttyname (char *) __attribute__((unused));
-
-static char *
-clean_ttyname (char *tty)
-{
-  char *res = tty;
-
-  if (strncmp (res, _PATH_DEV, strlen(_PATH_DEV)) == 0)
-    res += strlen(_PATH_DEV);
-  if (strncmp (res, "pty/", 4) == 0)
-    res += 4;
-  if (strncmp (res, "ptym/", 5) == 0)
-    res += 5;
-  return res;
-}
-
-/*
- * Generate a name usable as an `ut_id', typically without `tty'.
- */
-
-#ifdef HAVE_STRUCT_UTMP_UT_ID
-static char *
-make_id (char *tty)
-{
-  char *res = tty;
-  
-  if (strncmp (res, "pts/", 4) == 0)
-    res += 4;
-  if (strncmp (res, "tty", 3) == 0)
-    res += 3;
-  return res;
-}
-#endif
-
-/*
- * startslave(host)
- *
- * Given a hostname, do whatever
- * is necessary to startup the login process on the slave side of the pty.
- */
-
-/* ARGSUSED */
-void
-startslave(const char *host, const char *utmp_host,
-	   int autologin, char *autoname)
-{
-    int i;
-
-#ifdef AUTHENTICATION
-    if (!autoname || !autoname[0])
-	autologin = 0;
-
-    if (autologin < auth_level) {
-	fatal(net, "Authorization failed");
-	exit(1);
-    }
-#endif
-
-    {
-	char *tbuf =
-	    "\r\n*** Connection not encrypted! "
-	    "Communication may be eavesdropped. ***\r\n";
-#ifdef ENCRYPTION
-	if (!no_warn && (encrypt_output == 0 || decrypt_input == 0))
-#endif
-	    writenet(tbuf, strlen(tbuf));
-    }
-# ifdef	PARENT_DOES_UTMP
-    utmp_sig_init();
-# endif	/* PARENT_DOES_UTMP */
-
-    if ((i = fork()) < 0)
-	fatalperror(net, "fork");
-    if (i) {
-# ifdef PARENT_DOES_UTMP
-	/*
-	 * Cray parent will create utmp entry for child and send
-	 * signal to child to tell when done.  Child waits for signal
-	 * before doing anything important.
-	 */
-	int pid = i;
-	void sigjob (int);
-
-	setpgrp();
-	utmp_sig_reset();		/* reset handler to default */
-	/*
-	 * Create utmp entry for child
-	 */
-	wtmp.ut_time = time(NULL);
-	wtmp.ut_type = LOGIN_PROCESS;
-	wtmp.ut_pid = pid;
-	strncpy(wtmp.ut_user,  "LOGIN", sizeof(wtmp.ut_user));
-	strncpy(wtmp.ut_host,  utmp_host, sizeof(wtmp.ut_host));
-	strncpy(wtmp.ut_line,  clean_ttyname(line), sizeof(wtmp.ut_line));
-#ifdef HAVE_STRUCT_UTMP_UT_ID
-	strncpy(wtmp.ut_id, wtmp.ut_line + 3, sizeof(wtmp.ut_id));
-#endif
-
-	pututline(&wtmp);
-	endutent();
-	if ((i = open(wtmpf, O_WRONLY|O_APPEND)) >= 0) {
-	    write(i, &wtmp, sizeof(struct utmp));
-	    close(i);
-	}
-#ifdef	_CRAY
-	signal(WJSIGNAL, sigjob);
-#endif
-	utmp_sig_notify(pid);
-# endif	/* PARENT_DOES_UTMP */
-    } else {
-	getptyslave();
-#if defined(DCE)
-	/* if we authenticated via K5, try and join the PAG */
-	kerberos5_dfspag();
-#endif
-	start_login(host, autologin, autoname);
-	/*NOTREACHED*/
-    }
-}
-
-char	*envinit[3];
-extern char **environ;
-
-void
-init_env(void)
-{
-    char **envp;
-
-    envp = envinit;
-    if ((*envp = getenv("TZ")))
-	*envp++ -= 3;
-#if defined(_CRAY) || defined(__hpux)
-    else
-	*envp++ = "TZ=GMT0";
-#endif
-    *envp = 0;
-    environ = envinit;
-}
-
-/*
- * scrub_env()
- *
- * We only accept the environment variables listed below.
- */
-
-static void
-scrub_env(void)
-{
-    static const char *reject[] = {
-	"TERMCAP=/",
-	NULL
-    };
-
-    static const char *accept[] = {
-	"XAUTH=", "XAUTHORITY=", "DISPLAY=",
-	"TERM=",
-	"EDITOR=",
-	"PAGER=",
-	"PRINTER=",
-	"LOGNAME=",
-	"POSIXLY_CORRECT=",
-	"TERMCAP=",
-	NULL
-    };
-
-    char **cpp, **cpp2;
-    const char **p;
-  
-    for (cpp2 = cpp = environ; *cpp; cpp++) {
-	int reject_it = 0;
-
-	for(p = reject; *p; p++)
-	    if(strncmp(*cpp, *p, strlen(*p)) == 0) {
-		reject_it = 1;
-		break;
-	    }
-	if (reject_it)
-	    continue;
-
-	for(p = accept; *p; p++)
-	    if(strncmp(*cpp, *p, strlen(*p)) == 0)
-		break;
-	if(*p != NULL)
-	    *cpp2++ = *cpp;
-    }
-    *cpp2 = NULL;
-}
-
-
-struct arg_val {
-    int size;
-    int argc;
-    char **argv;
-};
-
-static void addarg(struct arg_val*, const char*);
-
-/*
- * start_login(host)
- *
- * Assuming that we are now running as a child processes, this
- * function will turn us into the login process.
- */
-
-void
-start_login(const char *host, int autologin, char *name)
-{
-    struct arg_val argv;
-    char *user;
-    int save_errno;
-
-#ifdef ENCRYPTION
-    encrypt_output = NULL;
-    decrypt_input = NULL;
-#endif
-    
-#ifdef HAVE_UTMPX_H
-    {
-	int pid = getpid();
-	struct utmpx utmpx;
-	struct timeval tv;
-	char *clean_tty;
-	
-	/*
-	 * Create utmp entry for child
-	 */
-	
-	clean_tty = clean_ttyname(line);
-	memset(&utmpx, 0, sizeof(utmpx));
-	strncpy(utmpx.ut_user,  ".telnet", sizeof(utmpx.ut_user));
-	strncpy(utmpx.ut_line,  clean_tty, sizeof(utmpx.ut_line));
-#ifdef HAVE_STRUCT_UTMP_UT_ID
-	strncpy(utmpx.ut_id, make_id(clean_tty), sizeof(utmpx.ut_id));
-#endif
-	utmpx.ut_pid = pid;
-	
-	utmpx.ut_type = LOGIN_PROCESS;
-	
-	gettimeofday (&tv, NULL);
-	utmpx.ut_tv.tv_sec = tv.tv_sec;
-	utmpx.ut_tv.tv_usec = tv.tv_usec;
-
-	if (pututxline(&utmpx) == NULL)
-	    fatal(net, "pututxline failed");
-    }
-#endif
-
-    scrub_env();
-	
-    /*
-     * -h : pass on name of host.
-     *		WARNING:  -h is accepted by login if and only if
-     *			getuid() == 0.
-     * -p : don't clobber the environment (so terminal type stays set).
-     *
-     * -f : force this login, he has already been authenticated
-     */
-
-    /* init argv structure */ 
-    argv.size=0;
-    argv.argc=0;
-    argv.argv=malloc(0); /*so we can call realloc later */
-    addarg(&argv, "login");
-    addarg(&argv, "-h");
-    addarg(&argv, host);
-    addarg(&argv, "-p");
-    if(name[0])
-	user = name;
-    else
-	user = getenv("USER");
-#ifdef AUTHENTICATION
-    if (auth_level < 0 || autologin != AUTH_VALID) {
-	if(!no_warn) {
-	    printf("User not authenticated. ");
-	    if (require_otp)
-		printf("Using one-time password\r\n");
-	    else
-		printf("Using plaintext username and password\r\n");
-	}
-	if (require_otp) {
-	    addarg(&argv, "-a");
-	    addarg(&argv, "otp");
-	}
-	if(log_unauth) 
-	    syslog(LOG_INFO, "unauthenticated access from %s (%s)", 
-		   host, user ? user : "unknown user");
-    }
-    if (auth_level >= 0 && autologin == AUTH_VALID)
-	addarg(&argv, "-f");
-#endif
-    if(user){
-	addarg(&argv, "--");
-	addarg(&argv, strdup(user));
-    }
-    if (getenv("USER")) {
-	/*
-	 * Assume that login will set the USER variable
-	 * correctly.  For SysV systems, this means that
-	 * USER will no longer be set, just LOGNAME by
-	 * login.  (The problem is that if the auto-login
-	 * fails, and the user then specifies a different
-	 * account name, he can get logged in with both
-	 * LOGNAME and USER in his environment, but the
-	 * USER value will be wrong.
-	 */
-	unsetenv("USER");
-    }
-    closelog();
-    /*
-     * This sleep(1) is in here so that telnetd can
-     * finish up with the tty.  There's a race condition
-     * the login banner message gets lost...
-     */
-    sleep(1);
-
-    execv(new_login, argv.argv);
-    save_errno = errno;
-    syslog(LOG_ERR, "%s: %m", new_login);
-    fatalperror_errno(net, new_login, save_errno);
-    /*NOTREACHED*/
-}
-
-static void
-addarg(struct arg_val *argv, const char *val)
-{
-    if(argv->size <= argv->argc+1) {
-	argv->argv = realloc(argv->argv, sizeof(char*) * (argv->size + 10));
-	if (argv->argv == NULL)
-	    fatal (net, "realloc: out of memory");
-	argv->size+=10;
-    }
-    if((argv->argv[argv->argc++] = strdup(val)) == NULL)
-	fatal (net, "strdup: out of memory");
-    argv->argv[argv->argc]   = NULL;
-}
-
-
-/*
- * rmut()
- *
- * This is the function called by cleanup() to
- * remove the utmp entry for this person.
- */
-
-#ifdef HAVE_UTMPX_H
-static void
-rmut(void)
-{
-    struct utmpx utmpx, *non_save_utxp;
-    char *clean_tty = clean_ttyname(line);
-
-    /*
-     * This updates the utmpx and utmp entries and make a wtmp/x entry
-     */
-
-    setutxent();
-    memset(&utmpx, 0, sizeof(utmpx));
-    strncpy(utmpx.ut_line, clean_tty, sizeof(utmpx.ut_line));
-    utmpx.ut_type = LOGIN_PROCESS;
-    non_save_utxp = getutxline(&utmpx);
-    if (non_save_utxp) {
-	struct utmpx *utxp;
-	struct timeval tv;
-	char user0;
-
-	utxp = malloc(sizeof(struct utmpx));
-	*utxp = *non_save_utxp;
-	user0 = utxp->ut_user[0];
-	utxp->ut_user[0] = '\0';
-	utxp->ut_type = DEAD_PROCESS;
-#ifdef HAVE_STRUCT_UTMPX_UT_EXIT
-#ifdef _STRUCT___EXIT_STATUS
-	utxp->ut_exit.__e_termination = 0;
-	utxp->ut_exit.__e_exit = 0;
-#elif defined(__osf__) /* XXX */
-	utxp->ut_exit.ut_termination = 0;
-	utxp->ut_exit.ut_exit = 0;
-#else	
-	utxp->ut_exit.e_termination = 0;
-	utxp->ut_exit.e_exit = 0;
-#endif
-#endif
-	gettimeofday (&tv, NULL);
-	utxp->ut_tv.tv_sec = tv.tv_sec;
-	utxp->ut_tv.tv_usec = tv.tv_usec;
-
-	pututxline(utxp);
-#ifdef WTMPX_FILE
-	utxp->ut_user[0] = user0;
-	updwtmpx(WTMPX_FILE, utxp);
-#elif defined(WTMP_FILE)
-	/* This is a strange system with a utmpx and a wtmp! */
-	{
-	  int f = open(wtmpf, O_WRONLY|O_APPEND);
-	  struct utmp wtmp;
-	  if (f >= 0) {
-	    strncpy(wtmp.ut_line,  clean_tty, sizeof(wtmp.ut_line));
-	    strncpy(wtmp.ut_name,  "", sizeof(wtmp.ut_name));
-#ifdef HAVE_STRUCT_UTMP_UT_HOST
-	    strncpy(wtmp.ut_host,  "", sizeof(wtmp.ut_host));
-#endif
-	    wtmp.ut_time = time(NULL);
-	    write(f, &wtmp, sizeof(wtmp));
-	    close(f);
-	  }
-	}
-#endif
-	free (utxp);
-    }
-    endutxent();
-}  /* end of rmut */
-#endif
-
-#if !defined(HAVE_UTMPX_H) && !(defined(_CRAY) || defined(__hpux)) && BSD <= 43
-static void
-rmut(void)
-{
-    int f;
-    int found = 0;
-    struct utmp *u, *utmp;
-    int nutmp;
-    struct stat statbf;
-    char *clean_tty = clean_ttyname(line);
-
-    f = open(utmpf, O_RDWR);
-    if (f >= 0) {
-	fstat(f, &statbf);
-	utmp = (struct utmp *)malloc((unsigned)statbf.st_size);
-	if (!utmp)
-	    syslog(LOG_ERR, "utmp malloc failed");
-	if (statbf.st_size && utmp) {
-	    nutmp = read(f, utmp, (int)statbf.st_size);
-	    nutmp /= sizeof(struct utmp);
-
-	    for (u = utmp ; u < &utmp[nutmp] ; u++) {
-		if (strncmp(u->ut_line,
-			    clean_tty,
-			    sizeof(u->ut_line)) ||
-		    u->ut_name[0]==0)
-		    continue;
-		lseek(f, ((long)u)-((long)utmp), L_SET);
-		strncpy(u->ut_name,  "", sizeof(u->ut_name));
-#ifdef HAVE_STRUCT_UTMP_UT_HOST
-		strncpy(u->ut_host,  "", sizeof(u->ut_host));
-#endif
-		u->ut_time = time(NULL);
-		write(f, u, sizeof(wtmp));
-		found++;
-	    }
-	}
-	close(f);
-    }
-    if (found) {
-	f = open(wtmpf, O_WRONLY|O_APPEND);
-	if (f >= 0) {
-	    strncpy(wtmp.ut_line,  clean_tty, sizeof(wtmp.ut_line));
-	    strncpy(wtmp.ut_name,  "", sizeof(wtmp.ut_name));
-#ifdef HAVE_STRUCT_UTMP_UT_HOST
-	    strncpy(wtmp.ut_host,  "", sizeof(wtmp.ut_host));
-#endif
-	    wtmp.ut_time = time(NULL);
-	    write(f, &wtmp, sizeof(wtmp));
-	    close(f);
-	}
-    }
-    chmod(line, 0666);
-    chown(line, 0, 0);
-    line[strlen("/dev/")] = 'p';
-    chmod(line, 0666);
-    chown(line, 0, 0);
-}  /* end of rmut */
-#endif	/* CRAY */
-
-#if defined(__hpux) && !defined(HAVE_UTMPX_H)
-static void
-rmut (char *line)
-{
-    struct utmp utmp;
-    struct utmp *utptr;
-    int fd;			/* for /etc/wtmp */
-
-    utmp.ut_type = USER_PROCESS;
-    strncpy(utmp.ut_line, clean_ttyname(line), sizeof(utmp.ut_line));
-    setutent();
-    utptr = getutline(&utmp);
-    /* write it out only if it exists */
-    if (utptr) {
-	utptr->ut_type = DEAD_PROCESS;
-	utptr->ut_time = time(NULL);
-	pututline(utptr);
-	/* set wtmp entry if wtmp file exists */
-	if ((fd = open(wtmpf, O_WRONLY | O_APPEND)) >= 0) {
-	    write(fd, utptr, sizeof(utmp));
-	    close(fd);
-	}
-    }
-    endutent();
-
-    chmod(line, 0666);
-    chown(line, 0, 0);
-    line[14] = line[13];
-    line[13] = line[12];
-    line[8] = 'm';
-    line[9] = '/';
-    line[10] = 'p';
-    line[11] = 't';
-    line[12] = 'y';
-    chmod(line, 0666);
-    chown(line, 0, 0);
-}
-#endif
-
-/*
- * cleanup()
- *
- * This is the routine to call when we are all through, to
- * clean up anything that needs to be cleaned up.
- */
-
-#ifdef PARENT_DOES_UTMP
-
-void
-cleanup(int sig)
-{
-#ifdef _CRAY
-    static int incleanup = 0;
-    int t;
-    int child_status; /* status of child process as returned by waitpid */
-    int flags = WNOHANG|WUNTRACED;
-    
-    /*
-     * 1: Pick up the zombie, if we are being called
-     *    as the signal handler.
-     * 2: If we are a nested cleanup(), return.
-     * 3: Try to clean up TMPDIR.
-     * 4: Fill in utmp with shutdown of process.
-     * 5: Close down the network and pty connections.
-     * 6: Finish up the TMPDIR cleanup, if needed.
-     */
-    if (sig == SIGCHLD) {
-	while (waitpid(-1, &child_status, flags) > 0)
-	    ;	/* VOID */
-	/* Check if the child process was stopped
-	 * rather than exited.  We want cleanup only if
-	 * the child has died.
-	 */
-	if (WIFSTOPPED(child_status)) {
-	    return;
-	}
-    }
-    t = sigblock(sigmask(SIGCHLD));
-    if (incleanup) {
-	sigsetmask(t);
-	return;
-    }
-    incleanup = 1;
-    sigsetmask(t);
-    
-    t = cleantmp(&wtmp);
-    setutent();	/* just to make sure */
-#endif /* CRAY */
-    rmut(line);
-    close(ourpty);
-    shutdown(net, 2);
-#ifdef _CRAY
-    if (t == 0)
-	cleantmp(&wtmp);
-#endif /* CRAY */
-    exit(1);
-}
-
-#else /* PARENT_DOES_UTMP */
-
-void
-cleanup(int sig)
-{
-#if defined(HAVE_UTMPX_H) || !defined(HAVE_LOGWTMP)
-    rmut();
-#ifdef HAVE_VHANGUP
-#ifndef __sgi
-    vhangup(); /* XXX */
-#endif
-#endif
-#else
-    char *p;
-    
-    p = line + sizeof("/dev/") - 1;
-    if (logout(p))
-	logwtmp(p, "", "");
-    chmod(line, 0666);
-    chown(line, 0, 0);
-    *p = 'p';
-    chmod(line, 0666);
-    chown(line, 0, 0);
-#endif
-    shutdown(net, 2);
-    exit(1);
-}
-
-#endif /* PARENT_DOES_UTMP */
-
-#ifdef PARENT_DOES_UTMP
-/*
- * _utmp_sig_rcv
- * utmp_sig_init
- * utmp_sig_wait
- *	These three functions are used to coordinate the handling of
- *	the utmp file between the server and the soon-to-be-login shell.
- *	The server actually creates the utmp structure, the child calls
- *	utmp_sig_wait(), until the server calls utmp_sig_notify() and
- *	signals the future-login shell to proceed.
- */
-static int caught=0;		/* NZ when signal intercepted */
-static void (*func)();		/* address of previous handler */
-
-void
-_utmp_sig_rcv(sig)
-     int sig;
-{
-    caught = 1;
-    signal(SIGUSR1, func);
-}
-
-void
-utmp_sig_init()
-{
-    /*
-     * register signal handler for UTMP creation
-     */
-    if ((int)(func = signal(SIGUSR1, _utmp_sig_rcv)) == -1)
-	fatalperror(net, "telnetd/signal");
-}
-
-void
-utmp_sig_reset()
-{
-    signal(SIGUSR1, func);	/* reset handler to default */
-}
-
-# ifdef __hpux
-# define sigoff() /* do nothing */
-# define sigon() /* do nothing */
-# endif
-
-void
-utmp_sig_wait()
-{
-    /*
-     * Wait for parent to write our utmp entry.
-	 */
-    sigoff();
-    while (caught == 0) {
-	pause();	/* wait until we get a signal (sigon) */
-	sigoff();	/* turn off signals while we check caught */
-    }
-    sigon();		/* turn on signals again */
-}
-
-void
-utmp_sig_notify(pid)
-{
-    kill(pid, SIGUSR1);
-}
-
-#ifdef _CRAY
-static int gotsigjob = 0;
-
-	/*ARGSUSED*/
-void
-sigjob(sig)
-     int sig;
-{
-    int jid;
-    struct jobtemp *jp;
-
-    while ((jid = waitjob(NULL)) != -1) {
-	if (jid == 0) {
-	    return;
-	}
-	gotsigjob++;
-	jobend(jid, NULL, NULL);
-    }
-}
-
-/*
- *	jid_getutid:
- *		called by jobend() before calling cleantmp()
- *		to find the correct $TMPDIR to cleanup.
- */
-
-struct utmp *
-jid_getutid(jid)
-     int jid;
-{
-    struct utmp *cur = NULL;
-
-    setutent();	/* just to make sure */
-    while (cur = getutent()) {
-	if ( (cur->ut_type != NULL) && (jid == cur->ut_jid) ) {
-	    return(cur);
-	}
-    }
-
-    return(0);
-}
-
-/*
- * Clean up the TMPDIR that login created.
- * The first time this is called we pick up the info
- * from the utmp.  If the job has already gone away,
- * then we'll clean up and be done.  If not, then
- * when this is called the second time it will wait
- * for the signal that the job is done.
- */
-int
-cleantmp(wtp)
-     struct utmp *wtp;
-{
-    struct utmp *utp;
-    static int first = 1;
-    int mask, omask, ret;
-    extern struct utmp *getutid (const struct utmp *_Id);
-
-
-    mask = sigmask(WJSIGNAL);
-
-    if (first == 0) {
-	omask = sigblock(mask);
-	while (gotsigjob == 0)
-	    sigpause(omask);
-	return(1);
-    }
-    first = 0;
-    setutent();	/* just to make sure */
-
-    utp = getutid(wtp);
-    if (utp == 0) {
-	syslog(LOG_ERR, "Can't get /etc/utmp entry to clean TMPDIR");
-	return(-1);
-    }
-    /*
-     * Nothing to clean up if the user shell was never started.
-     */
-    if (utp->ut_type != USER_PROCESS || utp->ut_jid == 0)
-	return(1);
-
-    /*
-     * Block the WJSIGNAL while we are in jobend().
-     */
-    omask = sigblock(mask);
-    ret = jobend(utp->ut_jid, utp->ut_tpath, utp->ut_user);
-    sigsetmask(omask);
-    return(ret);
-}
-
-int
-jobend(jid, path, user)
-     int jid;
-     char *path;
-     char *user;
-{
-    static int saved_jid = 0;
-    static int pty_saved_jid = 0;
-    static char saved_path[sizeof(wtmp.ut_tpath)+1];
-    static char saved_user[sizeof(wtmp.ut_user)+1];
-
-    /*
-     * this little piece of code comes into play
-     * only when ptyreconnect is used to reconnect
-     * to an previous session.
-     *
-     * this is the only time when the
-     * "saved_jid != jid" code is executed.
-     */
-
-    if ( saved_jid && saved_jid != jid ) {
-	if (!path) {	/* called from signal handler */
-	    pty_saved_jid = jid;
-	} else {
-	    pty_saved_jid = saved_jid;
-	}
-    }
-
-    if (path) {
-	strlcpy(saved_path, path, sizeof(saved_path));
-	strlcpy(saved_user, user, sizeof(saved_user));
-    }
-    if (saved_jid == 0) {
-	saved_jid = jid;
-	return(0);
-    }
-
-    /* if the jid has changed, get the correct entry from the utmp file */
-
-    if ( saved_jid != jid ) {
-	struct utmp *utp = NULL;
-	struct utmp *jid_getutid();
-
-	utp = jid_getutid(pty_saved_jid);
-
-	if (utp == 0) {
-	    syslog(LOG_ERR, "Can't get /etc/utmp entry to clean TMPDIR");
-	    return(-1);
-	}
-
-	cleantmpdir(jid, utp->ut_tpath, utp->ut_user);
-	return(1);
-    }
-
-    cleantmpdir(jid, saved_path, saved_user);
-    return(1);
-}
-
-/*
- * Fork a child process to clean up the TMPDIR
- */
-cleantmpdir(jid, tpath, user)
-     int jid;
-     char *tpath;
-     char *user;
-{
-    switch(fork()) {
-    case -1:
-	syslog(LOG_ERR, "TMPDIR cleanup(%s): fork() failed: %m\n",
-	       tpath);
-	break;
-    case 0:
-	execl(CLEANTMPCMD, CLEANTMPCMD, user, tpath, NULL);
-	syslog(LOG_ERR, "TMPDIR cleanup(%s): execl(%s) failed: %m\n",
-	       tpath, CLEANTMPCMD);
-	exit(1);
-    default:
-	/*
-	 * Forget about child.  We will exit, and
-	 * /etc/init will pick it up.
-	 */
-	break;
-    }
-}
-#endif /* CRAY */
-#endif	/* defined(PARENT_DOES_UTMP) */
diff --git a/crypto/heimdal/appl/telnet/telnetd/telnetd.8 b/crypto/heimdal/appl/telnet/telnetd/telnetd.8
deleted file mode 100644
index a7dd67024c46..000000000000
--- a/crypto/heimdal/appl/telnet/telnetd/telnetd.8
+++ /dev/null
@@ -1,536 +0,0 @@
-.\" Copyright (c) 1983, 1993
-.\"	The Regents of the University of California.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\"    must display the following acknowledgement:
-.\"	This product includes software developed by the University of
-.\"	California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\"	@(#)telnetd.8	8.4 (Berkeley) 6/1/94
-.\"
-.Dd September 19, 2006
-.Dt TELNETD 8
-.Os BSD 4.2
-.Sh NAME
-.Nm telnetd
-.Nd DARPA
-.Tn TELNET
-protocol server
-.Sh SYNOPSIS
-.Nm telnetd
-.Op Fl BeUhkln
-.Op Fl D Ar debugmode
-.Op Fl S Ar tos
-.Op Fl X Ar authtype
-.Op Fl a Ar authmode
-.Op Fl r Ns Ar lowpty-highpty
-.Op Fl u Ar len
-.Op Fl debug
-.Op Fl L Ar /bin/login
-.Op Fl y
-.Op Ar port
-.Sh DESCRIPTION
-The
-.Nm telnetd
-command is a server which supports the
-.Tn DARPA
-standard
-.Tn TELNET
-virtual terminal protocol.
-.Nm Telnetd
-is normally invoked by the internet server (see
-.Xr inetd 8 )
-for requests to connect to the
-.Tn TELNET
-port as indicated by the
-.Pa /etc/services
-file (see
-.Xr services 5 ) .
-The
-.Fl debug
-option may be used to start up
-.Nm telnetd
-manually, instead of through
-.Xr inetd 8 .
-If started up this way,
-.Ar port
-may be specified to run
-.Nm telnetd
-on an alternate
-.Tn TCP
-port number.
-.Pp
-The
-.Nm telnetd
-command accepts the following options:
-.Bl -tag -width "-a authmode"
-.It Fl a Ar authmode
-This option may be used for specifying what mode should
-be used for authentication.
-Note that this option is only useful if
-.Nm telnetd
-has been compiled with support for the
-.Dv AUTHENTICATION
-option.
-There are several valid values for
-.Ar authmode :
-.Bl -tag -width debug
-.It debug
-Turns on authentication debugging code.
-.It user
-Only allow connections when the remote user
-can provide valid authentication information
-to identify the remote user,
-and is allowed access to the specified account
-without providing a password.
-.It valid
-Only allow connections when the remote user
-can provide valid authentication information
-to identify the remote user.
-The
-.Xr login 1
-command will provide any additional user verification
-needed if the remote user is not allowed automatic
-access to the specified account.
-.It other
-Only allow connections that supply some authentication information.
-This option is currently not supported
-by any of the existing authentication mechanisms,
-and is thus the same as specifying
-.Fl a
-.Cm valid .
-.It otp
-Only allow authenticated connections (as with
-.Fl a
-.Cm user )
-and also logins with one-time passwords (OTPs).  This option will call
-login with an option so that only OTPs are accepted.  The user can of
-course still type secret information at the prompt.
-.It none
-This is the default state.
-Authentication information is not required.
-If no or insufficient authentication information
-is provided, then the
-.Xr login 1
-program will provide the necessary user
-verification.
-.It off
-This disables the authentication code.
-All user verification will happen through the
-.Xr login 1
-program.
-.El
-.It Fl B
-Ignored.
-.It Fl D Ar debugmode
-This option may be used for debugging purposes.
-This allows
-.Nm telnetd
-to print out debugging information
-to the connection, allowing the user to see what
-.Nm telnetd
-is doing.
-There are several possible values for
-.Ar debugmode :
-.Bl -tag -width exercise
-.It Cm options
-Prints information about the negotiation of
-.Tn TELNET
-options.
-.It Cm report
-Prints the
-.Cm options
-information, plus some additional information
-about what processing is going on.
-.It Cm netdata
-Displays the data stream received by
-.Nm telnetd .
-.It Cm ptydata
-Displays data written to the pty.
-.It Cm exercise
-Has not been implemented yet.
-.El
-.It Fl e
-require encryption to be turned on (in both direction) by the client
-and disconnects if the client tries to turn the encryption off (in
-either direction).
-.It Fl h
-Disables the printing of host-specific information before
-login has been completed.
-.It Fl k
-.It Fl l
-Ignored.
-.It Fl n
-Disable
-.Dv TCP
-keep-alives.  Normally
-.Nm telnetd
-enables the
-.Tn TCP
-keep-alive mechanism to probe connections that
-have been idle for some period of time to determine
-if the client is still there, so that idle connections
-from machines that have crashed or can no longer
-be reached may be cleaned up.
-.It Fl r Ar lowpty-highpty
-This option is only enabled when
-.Nm telnetd
-is compiled for
-.Dv UNICOS .
-It specifies an inclusive range of pseudo-terminal devices to
-use.  If the system has sysconf variable
-.Dv _SC_CRAY_NPTY
-configured, the default pty search range is 0 to
-.Dv _SC_CRAY_NPTY ;
-otherwise, the default range is 0 to 128.  Either
-.Ar lowpty
-or
-.Ar highpty
-may be omitted to allow changing
-either end of the search range.  If
-.Ar lowpty
-is omitted, the - character is still required so that
-.Nm telnetd
-can differentiate
-.Ar highpty
-from
-.Ar lowpty .
-.It Fl S Ar tos
-.It Fl u Ar len
-This option is used to specify the size of the field
-in the
-.Dv utmp
-structure that holds the remote host name.
-If the resolved host name is longer than
-.Ar len ,
-the dotted decimal value will be used instead.
-This allows hosts with very long host names that
-overflow this field to still be uniquely identified.
-Specifying
-.Fl u0
-indicates that only dotted decimal addresses
-should be put into the
-.Pa utmp
-file.
-.It Fl U
-This option causes
-.Nm telnetd
-to refuse connections from addresses that
-cannot be mapped back into a symbolic name
-via the
-.Xr gethostbyaddr 3
-routine.
-.It Fl X Ar authtype
-This option is only valid if
-.Nm telnetd
-has been built with support for the authentication option.
-It disables the use of
-.Ar authtype
-authentication, and
-can be used to temporarily disable
-a specific authentication type without having to recompile
-.Nm telnetd .
-.It Fl L Ar pathname
-Specify pathname to an alternative login program.
-.It Fl y
-Makes
-.Nm
-not warn when a user is trying to login with a cleartext password.
-.El
-.Pp
-.Nm Telnetd
-operates by allocating a pseudo-terminal device (see
-.Xr pty 4 )
-for a client, then creating a login process which has
-the slave side of the pseudo-terminal as
-.Dv stdin ,
-.Dv stdout
-and
-.Dv stderr .
-.Nm Telnetd
-manipulates the master side of the pseudo-terminal,
-implementing the
-.Tn TELNET
-protocol and passing characters
-between the remote client and the login process.
-.Pp
-When a
-.Tn TELNET
-session is started up,
-.Nm telnetd
-sends
-.Tn TELNET
-options to the client side indicating
-a willingness to do the
-following
-.Tn TELNET
-options, which are described in more detail below:
-.Bd -literal -offset indent
-DO AUTHENTICATION
-WILL ENCRYPT
-DO TERMINAL TYPE
-DO TSPEED
-DO XDISPLOC
-DO NEW-ENVIRON
-DO ENVIRON
-WILL SUPPRESS GO AHEAD
-DO ECHO
-DO LINEMODE
-DO NAWS
-WILL STATUS
-DO LFLOW
-DO TIMING-MARK
-.Ed
-.Pp
-The pseudo-terminal allocated to the client is configured
-to operate in
-.Dq cooked
-mode, and with
-.Dv XTABS and
-.Dv CRMOD
-enabled (see
-.Xr tty 4 ) .
-.Pp
-.Nm Telnetd
-has support for enabling locally the following
-.Tn TELNET
-options:
-.Bl -tag -width "DO AUTHENTICATION"
-.It "WILL ECHO"
-When the
-.Dv LINEMODE
-option is enabled, a
-.Dv WILL ECHO
-or
-.Dv WONT ECHO
-will be sent to the client to indicate the
-current state of terminal echoing.
-When terminal echo is not desired, a
-.Dv WILL ECHO
-is sent to indicate that
-.Tn telnetd
-will take care of echoing any data that needs to be
-echoed to the terminal, and then nothing is echoed.
-When terminal echo is desired, a
-.Dv WONT ECHO
-is sent to indicate that
-.Tn telnetd
-will not be doing any terminal echoing, so the
-client should do any terminal echoing that is needed.
-.It "WILL BINARY"
-Indicates that the client is willing to send a
-8 bits of data, rather than the normal 7 bits
-of the Network Virtual Terminal.
-.It "WILL SGA"
-Indicates that it will not be sending
-.Dv IAC GA ,
-go ahead, commands.
-.It "WILL STATUS"
-Indicates a willingness to send the client, upon
-request, of the current status of all
-.Tn TELNET
-options.
-.It "WILL TIMING-MARK"
-Whenever a
-.Dv DO TIMING-MARK
-command is received, it is always responded
-to with a
-.Dv WILL TIMING-MARK
-.It "WILL LOGOUT"
-When a
-.Dv DO LOGOUT
-is received, a
-.Dv WILL LOGOUT
-is sent in response, and the
-.Tn TELNET
-session is shut down.
-.It "WILL ENCRYPT"
-Only sent if
-.Nm telnetd
-is compiled with support for data encryption, and
-indicates a willingness to decrypt
-the data stream.
-.El
-.Pp
-.Nm Telnetd
-has support for enabling remotely the following
-.Tn TELNET
-options:
-.Bl -tag -width "DO AUTHENTICATION"
-.It "DO BINARY"
-Sent to indicate that
-.Tn telnetd
-is willing to receive an 8 bit data stream.
-.It "DO LFLOW"
-Requests that the client handle flow control
-characters remotely.
-.It "DO ECHO"
-This is not really supported, but is sent to identify a 4.2BSD
-.Xr telnet 1
-client, which will improperly respond with
-.Dv WILL ECHO .
-If a
-.Dv WILL ECHO
-is received, a
-.Dv DONT ECHO
-will be sent in response.
-.It "DO TERMINAL-TYPE"
-Indicates a desire to be able to request the
-name of the type of terminal that is attached
-to the client side of the connection.
-.It "DO SGA"
-Indicates that it does not need to receive
-.Dv IAC GA ,
-the go ahead command.
-.It "DO NAWS"
-Requests that the client inform the server when
-the window (display) size changes.
-.It "DO TERMINAL-SPEED"
-Indicates a desire to be able to request information
-about the speed of the serial line to which
-the client is attached.
-.It "DO XDISPLOC"
-Indicates a desire to be able to request the name
-of the X windows display that is associated with
-the telnet client.
-.It "DO NEW-ENVIRON"
-Indicates a desire to be able to request environment
-variable information, as described in RFC 1572.
-.It "DO ENVIRON"
-Indicates a desire to be able to request environment
-variable information, as described in RFC 1408.
-.It "DO LINEMODE"
-Only sent if
-.Nm telnetd
-is compiled with support for linemode, and
-requests that the client do line by line processing.
-.It "DO TIMING-MARK"
-Only sent if
-.Nm telnetd
-is compiled with support for both linemode and
-kludge linemode, and the client responded with
-.Dv WONT LINEMODE .
-If the client responds with
-.Dv WILL TM ,
-the it is assumed that the client supports
-kludge linemode.
-Note that the
-.Op Fl k
-option can be used to disable this.
-.It "DO AUTHENTICATION"
-Only sent if
-.Nm telnetd
-is compiled with support for authentication, and
-indicates a willingness to receive authentication
-information for automatic login.
-.It "DO ENCRYPT"
-Only sent if
-.Nm telnetd
-is compiled with support for data encryption, and
-indicates a willingness to decrypt
-the data stream.
-.El
-.Sh FILES
-.Bl -tag -width /etc/services -compact
-.It Pa /etc/services
-.It Pa /etc/inittab
-(UNICOS systems only)
-.It Pa /etc/iptos
-(if supported)
-.El
-.Sh "SEE ALSO"
-.Xr telnet 1 ,
-.Xr login 1
-.Sh STANDARDS
-.Bl -tag -compact -width RFC-1572
-.It Cm RFC-854
-.Tn TELNET
-PROTOCOL SPECIFICATION
-.It Cm RFC-855
-TELNET OPTION SPECIFICATIONS
-.It Cm RFC-856
-TELNET BINARY TRANSMISSION
-.It Cm RFC-857
-TELNET ECHO OPTION
-.It Cm RFC-858
-TELNET SUPPRESS GO AHEAD OPTION
-.It Cm RFC-859
-TELNET STATUS OPTION
-.It Cm RFC-860
-TELNET TIMING MARK OPTION
-.It Cm RFC-861
-TELNET EXTENDED OPTIONS - LIST OPTION
-.It Cm RFC-885
-TELNET END OF RECORD OPTION
-.It Cm RFC-1073
-Telnet Window Size Option
-.It Cm RFC-1079
-Telnet Terminal Speed Option
-.It Cm RFC-1091
-Telnet Terminal-Type Option
-.It Cm RFC-1096
-Telnet X Display Location Option
-.It Cm RFC-1123
-Requirements for Internet Hosts -- Application and Support
-.It Cm RFC-1184
-Telnet Linemode Option
-.It Cm RFC-1372
-Telnet Remote Flow Control Option
-.It Cm RFC-1416
-Telnet Authentication Option
-.It Cm RFC-1411
-Telnet Authentication: Kerberos Version 4
-.It Cm RFC-1412
-Telnet Authentication: SPX
-.It Cm RFC-1571
-Telnet Environment Option Interoperability Issues
-.It Cm RFC-1572
-Telnet Environment Option
-.El
-.Sh BUGS
-Some
-.Tn TELNET
-commands are only partially implemented.
-.Pp
-Because of bugs in the original 4.2 BSD
-.Xr telnet 1 ,
-.Nm telnetd
-performs some dubious protocol exchanges to try to discover if the remote
-client is, in fact, a 4.2 BSD
-.Xr telnet 1 .
-.Pp
-Binary mode
-has no common interpretation except between similar operating systems
-(Unix in this case).
-.Pp
-The terminal type name received from the remote client is converted to
-lower case.
-.Pp
-.Nm Telnetd
-never sends
-.Tn TELNET
-.Dv IAC GA
-(go ahead) commands.
diff --git a/crypto/heimdal/appl/telnet/telnetd/telnetd.c b/crypto/heimdal/appl/telnet/telnetd/telnetd.c
deleted file mode 100644
index 033a0bffc3e1..000000000000
--- a/crypto/heimdal/appl/telnet/telnetd/telnetd.c
+++ /dev/null
@@ -1,1401 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "telnetd.h"
-
-RCSID("$Id: telnetd.c 21748 2007-07-31 18:57:20Z lha $");
-
-#ifdef _SC_CRAY_SECURE_SYS
-#include <sys/sysv.h>
-#include <sys/secdev.h>
-#include <sys/secparm.h>
-#include <sys/usrv.h>
-int	secflag;
-char	tty_dev[16];
-struct	secdev dv;
-struct	sysv sysv;
-struct	socksec ss;
-#endif	/* _SC_CRAY_SECURE_SYS */
-
-#ifdef AUTHENTICATION
-int	auth_level = 0;
-#endif
-
-#ifdef KRB5
-#define Authenticator k5_Authenticator
-#include <krb5.h>
-#undef Authenticator
-#endif
-
-extern	int utmp_len;
-int	registerd_host_only = 0;
-#ifdef ENCRYPTION
-int	require_encryption = 0;
-#endif
-
-#ifdef STREAMSPTY
-
-#ifdef _AIX
-#include <sys/termio.h>
-#endif
-# ifdef HAVE_SYS_STRTTY_H
-# include <sys/strtty.h>
-# endif
-# ifdef HAVE_SYS_STR_TTY_H
-# include <sys/str_tty.h>
-# endif
-/* make sure we don't get the bsd version */
-/* what is this here for? solaris? /joda */
-# ifdef HAVE_SYS_TTY_H
-# include "/usr/include/sys/tty.h"
-# endif
-# ifdef HAVE_SYS_PTYVAR_H
-# include <sys/ptyvar.h>
-# endif
-
-/*
- * Because of the way ptyibuf is used with streams messages, we need
- * ptyibuf+1 to be on a full-word boundary.  The following wierdness
- * is simply to make that happen.
- */
-long	ptyibufbuf[BUFSIZ/sizeof(long)+1];
-char	*ptyibuf = ((char *)&ptyibufbuf[1])-1;
-char	*ptyip = ((char *)&ptyibufbuf[1])-1;
-char	ptyibuf2[BUFSIZ];
-unsigned char ctlbuf[BUFSIZ];
-struct	strbuf strbufc, strbufd;
-
-int readstream(int, char*, int);
-
-#else	/* ! STREAMPTY */
-
-/*
- * I/O data buffers,
- * pointers, and counters.
- */
-char	ptyibuf[BUFSIZ], *ptyip = ptyibuf;
-char	ptyibuf2[BUFSIZ];
-
-#endif /* ! STREAMPTY */
-
-int	hostinfo = 1;			/* do we print login banner? */
-
-#ifdef	_CRAY
-extern int      newmap; /* nonzero if \n maps to ^M^J */
-int	lowpty = 0, highpty;	/* low, high pty numbers */
-#endif /* CRAY */
-
-int debug = 0;
-int keepalive = 1;
-char *progname;
-
-static void usage (int error_code);
-
-/*
- * The string to pass to getopt().  We do it this way so
- * that only the actual options that we support will be
- * passed off to getopt().
- */
-char valid_opts[] = "Bd:hklnS:u:UL:y"
-#ifdef AUTHENTICATION
-		    "a:X:z"
-#endif
-#ifdef ENCRYPTION
-                     "e"
-#endif
-#ifdef DIAGNOSTICS
-		    "D:"
-#endif
-#ifdef _CRAY
-		    "r:"
-#endif
-		    ;
-
-static void doit(struct sockaddr*, int);
-
-int
-main(int argc, char **argv)
-{
-    struct sockaddr_storage __ss;
-    struct sockaddr *sa = (struct sockaddr *)&__ss;
-    int on = 1;
-    socklen_t sa_size;
-    int ch;
-#if	defined(IPPROTO_IP) && defined(IP_TOS)
-    int tos = -1;
-#endif
-    pfrontp = pbackp = ptyobuf;
-    netip = netibuf;
-    nfrontp = nbackp = netobuf;
-
-    setprogname(argv[0]);
-
-    progname = *argv;
-#ifdef ENCRYPTION
-    nclearto = 0;
-#endif
-
-#ifdef _CRAY
-    /*
-     * Get number of pty's before trying to process options,
-     * which may include changing pty range.
-     */
-    highpty = getnpty();
-#endif /* CRAY */
-
-    if (argc == 2 && strcmp(argv[1], "--version") == 0) {
-	print_version(NULL);
-	exit(0);
-    }
-    if (argc == 2 && strcmp(argv[1], "--help") == 0)
-	usage(0);
-
-    while ((ch = getopt(argc, argv, valid_opts)) != -1) {
-	switch(ch) {
-
-#ifdef	AUTHENTICATION
-	case 'a':
-	    /*
-	     * Check for required authentication level
-	     */
-	    if (strcmp(optarg, "debug") == 0) {
-		auth_debug_mode = 1;
-	    } else if (strcasecmp(optarg, "none") == 0) {
-		auth_level = 0;
-	    } else if (strcasecmp(optarg, "otp") == 0) {
-		auth_level = 0;
-		require_otp = 1;
-	    } else if (strcasecmp(optarg, "other") == 0) {
-		auth_level = AUTH_OTHER;
-	    } else if (strcasecmp(optarg, "user") == 0) {
-		auth_level = AUTH_USER;
-	    } else if (strcasecmp(optarg, "valid") == 0) {
-		auth_level = AUTH_VALID;
-	    } else if (strcasecmp(optarg, "off") == 0) {
-		/*
-		 * This hack turns off authentication
-		 */
-		auth_level = -1;
-	    } else {
-		fprintf(stderr,
-			"telnetd: unknown authorization level for -a\n");
-	    }
-	    break;
-#endif	/* AUTHENTICATION */
-
-	case 'B': /* BFTP mode is not supported any more */
-	    break;
-	case 'd':
-	    if (strcmp(optarg, "ebug") == 0) {
-		debug++;
-		break;
-	    }
-	    usage(1);
-	    /* NOTREACHED */
-	    break;
-
-#ifdef DIAGNOSTICS
-	case 'D':
-	    /*
-	     * Check for desired diagnostics capabilities.
-	     */
-	    if (!strcmp(optarg, "report")) {
-		diagnostic |= TD_REPORT|TD_OPTIONS;
-	    } else if (!strcmp(optarg, "exercise")) {
-		diagnostic |= TD_EXERCISE;
-	    } else if (!strcmp(optarg, "netdata")) {
-		diagnostic |= TD_NETDATA;
-	    } else if (!strcmp(optarg, "ptydata")) {
-		diagnostic |= TD_PTYDATA;
-	    } else if (!strcmp(optarg, "options")) {
-		diagnostic |= TD_OPTIONS;
-	    } else {
-		usage(1);
-		/* NOT REACHED */
-	    }
-	    break;
-#endif /* DIAGNOSTICS */
-
-#ifdef ENCRYPTION
-	case 'e':
-	    require_encryption = 1;
-	    break;
-#endif
-
-	case 'h':
-	    hostinfo = 0;
-	    break;
-
-	case 'k': /* Linemode is not supported any more */
-	case 'l':
-	    break;
-
-	case 'n':
-	    keepalive = 0;
-	    break;
-
-#ifdef _CRAY
-	case 'r':
-	    {
-		char *strchr();
-		char *c;
-
-		/*
-		 * Allow the specification of alterations
-		 * to the pty search range.  It is legal to
-		 * specify only one, and not change the
-		 * other from its default.
-		 */
-		c = strchr(optarg, '-');
-		if (c) {
-		    *c++ = '\0';
-		    highpty = atoi(c);
-		}
-		if (*optarg != '\0')
-		    lowpty = atoi(optarg);
-		if ((lowpty > highpty) || (lowpty < 0) ||
-		    (highpty > 32767)) {
-		    usage(1);
-		    /* NOT REACHED */
-		}
-		break;
-	    }
-#endif	/* CRAY */
-
-	case 'S':
-#ifdef	HAVE_PARSETOS
-	    if ((tos = parsetos(optarg, "tcp")) < 0)
-		fprintf(stderr, "%s%s%s\n",
-			"telnetd: Bad TOS argument '", optarg,
-			"'; will try to use default TOS");
-#else
-	    fprintf(stderr, "%s%s\n", "TOS option unavailable; ",
-		    "-S flag not supported\n");
-#endif
-	    break;
-
-	case 'u': {
-	    char *eptr;
-
-	    utmp_len = strtol(optarg, &eptr, 0);
-	    if (optarg == eptr)
-		fprintf(stderr, "telnetd: unknown utmp len (%s)\n", optarg);
-	    break;
-	}
-
-	case 'U':
-	    registerd_host_only = 1;
-	    break;
-
-#ifdef	AUTHENTICATION
-	case 'X':
-	    /*
-	     * Check for invalid authentication types
-	     */
-	    auth_disable_name(optarg);
-	    break;
-#endif
-	case 'y':
-	    no_warn = 1;
-	    break;
-#ifdef AUTHENTICATION
-	case 'z':
-	    log_unauth = 1;
-	    break;
-
-#endif	/* AUTHENTICATION */
-
-	case 'L':
-	    new_login = optarg;
-	    break;
-			
-	default:
-	    fprintf(stderr, "telnetd: %c: unknown option\n", ch);
-	    /* FALLTHROUGH */
-	case '?':
-	    usage(0);
-	    /* NOTREACHED */
-	}
-    }
-
-    argc -= optind;
-    argv += optind;
-
-    if (debug) {
-	int port = 0;
-	struct servent *sp;
-
-	if (argc > 1) {
-	    usage (1);
-	} else if (argc == 1) {
-	    sp = roken_getservbyname (*argv, "tcp");
-	    if (sp)
-		port = sp->s_port;
-	    else
-		port = htons(atoi(*argv));
-	} else {
-#ifdef KRB5
-	    port = krb5_getportbyname (NULL, "telnet", "tcp", 23);
-#else
-	    port = k_getportbyname("telnet", "tcp", htons(23));
-#endif
-	}
-	mini_inetd (port);
-    } else if (argc > 0) {
-	usage(1);
-	/* NOT REACHED */
-    }
-
-#ifdef _SC_CRAY_SECURE_SYS
-    secflag = sysconf(_SC_CRAY_SECURE_SYS);
-
-    /*
-     *	Get socket's security label
-     */
-    if (secflag)  {
-	socklen_t szss = sizeof(ss);
-	int sock_multi;
-	socklen_t szi = sizeof(int);
-
-	memset(&dv, 0, sizeof(dv));
-
-	if (getsysv(&sysv, sizeof(struct sysv)) != 0) 
-	    fatalperror(net, "getsysv");
-
-	/*
-	 *	Get socket security label and set device values
-	 *	   {security label to be set on ttyp device}
-	 */
-#ifdef SO_SEC_MULTI			/* 8.0 code */
-	if ((getsockopt(0, SOL_SOCKET, SO_SECURITY,
-			(void *)&ss, &szss) < 0) ||
-	    (getsockopt(0, SOL_SOCKET, SO_SEC_MULTI,
-			(void *)&sock_multi, &szi) < 0)) 
-	    fatalperror(net, "getsockopt");
-	else {
-	    dv.dv_actlvl = ss.ss_actlabel.lt_level;
-	    dv.dv_actcmp = ss.ss_actlabel.lt_compart;
-	    if (!sock_multi) {
-		dv.dv_minlvl = dv.dv_maxlvl = dv.dv_actlvl;
-		dv.dv_valcmp = dv.dv_actcmp;
-	    } else {
-		dv.dv_minlvl = ss.ss_minlabel.lt_level;
-		dv.dv_maxlvl = ss.ss_maxlabel.lt_level;
-		dv.dv_valcmp = ss.ss_maxlabel.lt_compart;
-	    }
-	    dv.dv_devflg = 0;
-	}
-#else /* SO_SEC_MULTI */		/* 7.0 code */
-	if (getsockopt(0, SOL_SOCKET, SO_SECURITY,
-		       (void *)&ss, &szss) >= 0) {
-	    dv.dv_actlvl = ss.ss_slevel;
-	    dv.dv_actcmp = ss.ss_compart;
-	    dv.dv_minlvl = ss.ss_minlvl;
-	    dv.dv_maxlvl = ss.ss_maxlvl;
-	    dv.dv_valcmp = ss.ss_maxcmp;
-	}
-#endif /* SO_SEC_MULTI */
-    }
-#endif	/* _SC_CRAY_SECURE_SYS */
-
-    roken_openlog("telnetd", LOG_PID | LOG_ODELAY, LOG_DAEMON);
-    sa_size = sizeof (__ss);
-    if (getpeername(STDIN_FILENO, sa, &sa_size) < 0) {
-	fprintf(stderr, "%s: ", progname);
-	perror("getpeername");
-	_exit(1);
-    }
-    if (keepalive &&
-	setsockopt(STDIN_FILENO, SOL_SOCKET, SO_KEEPALIVE,
-		   (void *)&on, sizeof (on)) < 0) {
-	syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
-    }
-
-#if	defined(IPPROTO_IP) && defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
-    {
-# ifdef HAVE_GETTOSBYNAME
-	struct tosent *tp;
-	if (tos < 0 && (tp = gettosbyname("telnet", "tcp")))
-	    tos = tp->t_tos;
-# endif
-	if (tos < 0)
-	    tos = 020;	/* Low Delay bit */
-	if (tos
-	    && sa->sa_family == AF_INET
-	    && (setsockopt(STDIN_FILENO, IPPROTO_IP, IP_TOS,
-			   (void *)&tos, sizeof(tos)) < 0)
-	    && (errno != ENOPROTOOPT) )
-	    syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
-    }
-#endif	/* defined(IPPROTO_IP) && defined(IP_TOS) */
-    net = STDIN_FILENO;
-    doit(sa, sa_size);
-    /* NOTREACHED */
-    return 0;
-}  /* end of main */
-
-static void
-usage(int exit_code)
-{
-    fprintf(stderr, "Usage: telnetd");
-    fprintf(stderr, " [--help]");
-    fprintf(stderr, " [--version]");
-#ifdef	AUTHENTICATION
-    fprintf(stderr, " [-a (debug|other|otp|user|valid|off|none)]\n\t");
-#endif
-    fprintf(stderr, " [-debug]");
-#ifdef DIAGNOSTICS
-    fprintf(stderr, " [-D (options|report|exercise|netdata|ptydata)]\n\t");
-#endif
-#ifdef	AUTHENTICATION
-    fprintf(stderr, " [-edebug]");
-#endif
-    fprintf(stderr, " [-h]");
-    fprintf(stderr, " [-L login]");
-    fprintf(stderr, " [-n]");
-#ifdef	_CRAY
-    fprintf(stderr, " [-r[lowpty]-[highpty]]");
-#endif
-    fprintf(stderr, "\n\t");
-#ifdef	HAVE_GETTOSBYNAME
-    fprintf(stderr, " [-S tos]");
-#endif
-#ifdef	AUTHENTICATION
-    fprintf(stderr, " [-X auth-type] [-y] [-z]");
-#endif
-    fprintf(stderr, " [-u utmp_hostname_length] [-U]");
-    fprintf(stderr, " [port]\n");
-    exit(exit_code);
-}
-
-/*
- * getterminaltype
- *
- *	Ask the other end to send along its terminal type and speed.
- * Output is the variable terminaltype filled in.
- */
-static unsigned char ttytype_sbbuf[] = {
-    IAC, SB, TELOPT_TTYPE, TELQUAL_SEND, IAC, SE
-};
-
-int
-getterminaltype(char *name, size_t name_sz)
-{
-    int retval = -1;
-
-    settimer(baseline);
-#ifdef AUTHENTICATION
-    /*
-     * Handle the Authentication option before we do anything else.
-     */
-    send_do(TELOPT_AUTHENTICATION, 1);
-    while (his_will_wont_is_changing(TELOPT_AUTHENTICATION))
-	ttloop();
-    if (his_state_is_will(TELOPT_AUTHENTICATION)) {
-	retval = auth_wait(name, name_sz);
-    }
-#endif
-
-#ifdef ENCRYPTION
-    send_will(TELOPT_ENCRYPT, 1);
-    send_do(TELOPT_ENCRYPT, 1);	/* esc@magic.fi */
-#endif
-    send_do(TELOPT_TTYPE, 1);
-    send_do(TELOPT_TSPEED, 1);
-    send_do(TELOPT_XDISPLOC, 1);
-    send_do(TELOPT_NEW_ENVIRON, 1);
-    send_do(TELOPT_OLD_ENVIRON, 1);
-    while (
-#ifdef ENCRYPTION
-	   his_do_dont_is_changing(TELOPT_ENCRYPT) ||
-#endif
-	   his_will_wont_is_changing(TELOPT_TTYPE) ||
-	   his_will_wont_is_changing(TELOPT_TSPEED) ||
-	   his_will_wont_is_changing(TELOPT_XDISPLOC) ||
-	   his_will_wont_is_changing(TELOPT_NEW_ENVIRON) ||
-	   his_will_wont_is_changing(TELOPT_OLD_ENVIRON)) {
-	ttloop();
-    }
-#ifdef ENCRYPTION
-    /*
-     * Wait for the negotiation of what type of encryption we can
-     * send with.  If autoencrypt is not set, this will just return.
-     */
-    if (his_state_is_will(TELOPT_ENCRYPT)) {
-	encrypt_wait();
-    }
-    if (require_encryption) {
-
-	while (encrypt_delay())
-	    if (telnet_spin())
-		fatal(net, "Failed while waiting for encryption");
-
-	if (!encrypt_is_encrypting())
-	    fatal(net, "Encryption required but not turned on by client");
-    }
-#endif
-    if (his_state_is_will(TELOPT_TSPEED)) {
-	static unsigned char sb[] =
-	{ IAC, SB, TELOPT_TSPEED, TELQUAL_SEND, IAC, SE };
-
-	telnet_net_write (sb, sizeof sb);
-	DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
-    }
-    if (his_state_is_will(TELOPT_XDISPLOC)) {
-	static unsigned char sb[] =
-	{ IAC, SB, TELOPT_XDISPLOC, TELQUAL_SEND, IAC, SE };
-
-	telnet_net_write (sb, sizeof sb);
-	DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
-    }
-    if (his_state_is_will(TELOPT_NEW_ENVIRON)) {
-	static unsigned char sb[] =
-	{ IAC, SB, TELOPT_NEW_ENVIRON, TELQUAL_SEND, IAC, SE };
-
-	telnet_net_write (sb, sizeof sb);
-	DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
-    }
-    else if (his_state_is_will(TELOPT_OLD_ENVIRON)) {
-	static unsigned char sb[] =
-	{ IAC, SB, TELOPT_OLD_ENVIRON, TELQUAL_SEND, IAC, SE };
-
-	telnet_net_write (sb, sizeof sb);
-	DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
-    }
-    if (his_state_is_will(TELOPT_TTYPE)) {
-
-	telnet_net_write (ttytype_sbbuf, sizeof ttytype_sbbuf);
-	DIAG(TD_OPTIONS, printsub('>', ttytype_sbbuf + 2,
-				  sizeof ttytype_sbbuf - 2););
-    }
-    if (his_state_is_will(TELOPT_TSPEED)) {
-	while (sequenceIs(tspeedsubopt, baseline))
-	    ttloop();
-    }
-    if (his_state_is_will(TELOPT_XDISPLOC)) {
-	while (sequenceIs(xdisplocsubopt, baseline))
-	    ttloop();
-    }
-    if (his_state_is_will(TELOPT_NEW_ENVIRON)) {
-	while (sequenceIs(environsubopt, baseline))
-	    ttloop();
-    }
-    if (his_state_is_will(TELOPT_OLD_ENVIRON)) {
-	while (sequenceIs(oenvironsubopt, baseline))
-	    ttloop();
-    }
-    if (his_state_is_will(TELOPT_TTYPE)) {
-	char first[256], last[256];
-
-	while (sequenceIs(ttypesubopt, baseline))
-	    ttloop();
-
-	/*
-	 * If the other side has already disabled the option, then
-	 * we have to just go with what we (might) have already gotten.
-	 */
-	if (his_state_is_will(TELOPT_TTYPE) && !terminaltypeok(terminaltype)) {
-	    strlcpy(first, terminaltype, sizeof(first));
-	    for(;;) {
-		/*
-		 * Save the unknown name, and request the next name.
-		 */
-		strlcpy(last, terminaltype, sizeof(last));
-		_gettermname();
-		if (terminaltypeok(terminaltype))
-		    break;
-		if ((strncmp(last, terminaltype, sizeof(last)) == 0) ||
-		    his_state_is_wont(TELOPT_TTYPE)) {
-		    /*
-		     * We've hit the end.  If this is the same as
-		     * the first name, just go with it.
-		     */
-		    if (strncmp(first, terminaltype, sizeof(first)) == 0)
-			break;
-		    /*
-		     * Get the terminal name one more time, so that
-		     * RFC1091 compliant telnets will cycle back to
-		     * the start of the list.
-		     */
-		    _gettermname();
-		    if (strncmp(first, terminaltype, sizeof(first)) != 0)
-			strlcpy(terminaltype, first, sizeof(terminaltype));
-		    break;
-		}
-	    }
-	}
-    }
-    return(retval);
-}  /* end of getterminaltype */
-
-void
-_gettermname(void)
-{
-    /*
-     * If the client turned off the option,
-     * we can't send another request, so we
-     * just return.
-     */
-    if (his_state_is_wont(TELOPT_TTYPE))
-	return;
-    settimer(baseline);
-    telnet_net_write (ttytype_sbbuf, sizeof ttytype_sbbuf);
-    DIAG(TD_OPTIONS, printsub('>', ttytype_sbbuf + 2,
-			      sizeof ttytype_sbbuf - 2););
-    while (sequenceIs(ttypesubopt, baseline))
-	ttloop();
-}
-
-int
-terminaltypeok(char *s)
-{
-    return 1;
-}
-
-
-char host_name[MaxHostNameLen];
-char remote_host_name[MaxHostNameLen];
-char remote_utmp_name[MaxHostNameLen];
-
-/*
- * Get a pty, scan input lines.
- */
-static void
-doit(struct sockaddr *who, int who_len)
-{
-    int level;
-    int ptynum;
-    char user_name[256];
-    int error;
-
-    /*
-     * Find an available pty to use.
-     */
-    ourpty = getpty(&ptynum);
-    if (ourpty < 0)
-	fatal(net, "All network ports in use");
-
-#ifdef _SC_CRAY_SECURE_SYS
-    /*
-     *	set ttyp line security label
-     */
-    if (secflag) {
-	char slave_dev[16];
-
-	snprintf(tty_dev, sizeof(tty_dev), "/dev/pty/%03d", ptynum);
-	if (setdevs(tty_dev, &dv) < 0)
-	    fatal(net, "cannot set pty security");
-	snprintf(slave_dev, sizeof(slave_dev), "/dev/ttyp%03d", ptynum);
-	if (setdevs(slave_dev, &dv) < 0)
-	    fatal(net, "cannot set tty security");
-    }
-#endif	/* _SC_CRAY_SECURE_SYS */
-
-    error = getnameinfo_verified (who, who_len,
-				  remote_host_name,
-				  sizeof(remote_host_name),
-				  NULL, 0, 
-				  registerd_host_only ? NI_NAMEREQD : 0);
-    if (error)
-	fatal(net, "Couldn't resolve your address into a host name.\r\n\
-Please contact your net administrator");
-
-    gethostname(host_name, sizeof (host_name));
-
-    strlcpy (remote_utmp_name, remote_host_name, sizeof(remote_utmp_name));
-
-    /* Only trim if too long (and possible) */
-    if (strlen(remote_utmp_name) > utmp_len) {
-	char *domain = strchr(host_name, '.');
-	char *p = strchr(remote_utmp_name, '.');
-	if (domain != NULL && p != NULL && (strcmp(p, domain) == 0))
-	    *p = '\0'; /* remove domain part */
-    }
-
-    /*
-     * If hostname still doesn't fit utmp, use ipaddr.
-     */
-    if (strlen(remote_utmp_name) > utmp_len) {
-	error = getnameinfo (who, who_len,
-			     remote_utmp_name,
-			     sizeof(remote_utmp_name),
-			     NULL, 0,
-			     NI_NUMERICHOST);
-	if (error)
-	    fatal(net, "Couldn't get numeric address\r\n");
-    }
-
-#ifdef AUTHENTICATION
-    auth_encrypt_init(host_name, remote_host_name, "TELNETD", 1);
-#endif
-
-    init_env();
-
-    /* begin server processing */
-
-    /*
-     * Initialize the slc mapping table.
-     */
-
-    get_slc_defaults();
-
-    /*
-     * get terminal type.
-     */
-    *user_name = 0;
-    level = getterminaltype(user_name, sizeof(user_name));
-    esetenv("TERM", terminaltype[0] ? terminaltype : "network", 1);
-
-#ifdef _SC_CRAY_SECURE_SYS
-    if (secflag) {
-	if (setulvl(dv.dv_actlvl) < 0)
-	    fatal(net,"cannot setulvl()");
-	if (setucmp(dv.dv_actcmp) < 0)
-	    fatal(net, "cannot setucmp()");
-    }
-#endif	/* _SC_CRAY_SECURE_SYS */
-
-    my_telnet(net, ourpty, remote_host_name, remote_utmp_name,
-	      level, user_name);
-    /*NOTREACHED*/
-}  /* end of doit */
-
-/* output contents of /etc/issue.net, or /etc/issue */
-static void
-show_issue(void)
-{
-    FILE *f;
-    char buf[128];
-    f = fopen(SYSCONFDIR "/issue.net", "r");
-    if(f == NULL)
-	f = fopen(SYSCONFDIR "/issue", "r");
-    if(f){
-	while(fgets(buf, sizeof(buf), f) != NULL) {
-	    size_t len = strcspn(buf, "\r\n");
-	    if(len == strlen(buf)) {
-		/* there's no newline */
-		writenet(buf, len);
-	    } else {
-		/* replace newline with \r\n */
-		buf[len] = '\0';
-		writenet(buf, len);
-		writenet("\r\n", 2);
-	    }
-	}
-	fclose(f);
-    }
-}
-
-/*
- * Main loop.  Select from pty and network, and
- * hand data to telnet receiver finite state machine.
- */
-void
-my_telnet(int f, int p, const char *host, const char *utmp_host,
-	  int level, char *autoname)
-{
-    int on = 1;
-    char *he;
-    char *IM;
-    int nfd;
-    int startslave_called = 0;
-    time_t timeout;
-
-    /*
-     * Do some tests where it is desireable to wait for a response.
-     * Rather than doing them slowly, one at a time, do them all
-     * at once.
-     */
-    if (my_state_is_wont(TELOPT_SGA))
-	send_will(TELOPT_SGA, 1);
-    /*
-     * Is the client side a 4.2 (NOT 4.3) system?  We need to know this
-     * because 4.2 clients are unable to deal with TCP urgent data.
-     *
-     * To find out, we send out a "DO ECHO".  If the remote system
-     * answers "WILL ECHO" it is probably a 4.2 client, and we note
-     * that fact ("WILL ECHO" ==> that the client will echo what
-     * WE, the server, sends it; it does NOT mean that the client will
-     * echo the terminal input).
-     */
-    send_do(TELOPT_ECHO, 1);
-
-    /*
-     * Send along a couple of other options that we wish to negotiate.
-     */
-    send_do(TELOPT_NAWS, 1);
-    send_will(TELOPT_STATUS, 1);
-    flowmode = 1;		/* default flow control state */
-    restartany = -1;	/* uninitialized... */
-    send_do(TELOPT_LFLOW, 1);
-
-    /*
-     * Spin, waiting for a response from the DO ECHO.  However,
-     * some REALLY DUMB telnets out there might not respond
-     * to the DO ECHO.  So, we spin looking for NAWS, (most dumb
-     * telnets so far seem to respond with WONT for a DO that
-     * they don't understand...) because by the time we get the
-     * response, it will already have processed the DO ECHO.
-     * Kludge upon kludge.
-     */
-    while (his_will_wont_is_changing(TELOPT_NAWS))
-	ttloop();
-
-    /*
-     * But...
-     * The client might have sent a WILL NAWS as part of its
-     * startup code; if so, we'll be here before we get the
-     * response to the DO ECHO.  We'll make the assumption
-     * that any implementation that understands about NAWS
-     * is a modern enough implementation that it will respond
-     * to our DO ECHO request; hence we'll do another spin
-     * waiting for the ECHO option to settle down, which is
-     * what we wanted to do in the first place...
-     */
-    if (his_want_state_is_will(TELOPT_ECHO) &&
-	his_state_is_will(TELOPT_NAWS)) {
-	while (his_will_wont_is_changing(TELOPT_ECHO))
-	    ttloop();
-    }
-    /*
-     * On the off chance that the telnet client is broken and does not
-     * respond to the DO ECHO we sent, (after all, we did send the
-     * DO NAWS negotiation after the DO ECHO, and we won't get here
-     * until a response to the DO NAWS comes back) simulate the
-     * receipt of a will echo.  This will also send a WONT ECHO
-     * to the client, since we assume that the client failed to
-     * respond because it believes that it is already in DO ECHO
-     * mode, which we do not want.
-     */
-    if (his_want_state_is_will(TELOPT_ECHO)) {
-	DIAG(TD_OPTIONS,
-	     {output_data("td: simulating recv\r\n");
-	     });
-	willoption(TELOPT_ECHO);
-    }
-
-    /*
-     * Finally, to clean things up, we turn on our echo.  This
-     * will break stupid 4.2 telnets out of local terminal echo.
-     */
-
-    if (my_state_is_wont(TELOPT_ECHO))
-	send_will(TELOPT_ECHO, 1);
-
-#ifdef TIOCPKT
-#ifdef	STREAMSPTY
-    if (!really_stream)
-#endif
-	/*
-	 * Turn on packet mode
-	 */
-	ioctl(p, TIOCPKT, (char *)&on);
-#endif
-
-
-    /*
-     * Call telrcv() once to pick up anything received during
-     * terminal type negotiation, 4.2/4.3 determination, and
-     * linemode negotiation.
-     */
-    telrcv();
-
-    ioctl(f, FIONBIO, (char *)&on);
-    ioctl(p, FIONBIO, (char *)&on);
-
-#if	defined(SO_OOBINLINE) && defined(HAVE_SETSOCKOPT)
-    setsockopt(net, SOL_SOCKET, SO_OOBINLINE,
-	       (void *)&on, sizeof on);
-#endif	/* defined(SO_OOBINLINE) */
-
-#ifdef	SIGTSTP
-    signal(SIGTSTP, SIG_IGN);
-#endif
-#ifdef	SIGTTOU
-    /*
-     * Ignoring SIGTTOU keeps the kernel from blocking us
-     * in ttioct() in /sys/tty.c.
-     */
-    signal(SIGTTOU, SIG_IGN);
-#endif
-
-    signal(SIGCHLD, cleanup);
-
-#ifdef  TIOCNOTTY
-    {
-	int t;
-	t = open(_PATH_TTY, O_RDWR);
-	if (t >= 0) {
-	    ioctl(t, TIOCNOTTY, (char *)0);
-	    close(t);
-	}
-    }
-#endif
-
-    show_issue();
-    /*
-     * Show banner that getty never gave.
-     *
-     * We put the banner in the pty input buffer.  This way, it
-     * gets carriage return null processing, etc., just like all
-     * other pty --> client data.
-     */
-
-    if (getenv("USER"))
-	hostinfo = 0;
-
-    IM = DEFAULT_IM;
-    he = 0;
-    edithost(he, host_name);
-    if (hostinfo && *IM)
-	putf(IM, ptyibuf2);
-
-    if (pcc)
-	strncat(ptyibuf2, ptyip, pcc+1);
-    ptyip = ptyibuf2;
-    pcc = strlen(ptyip);
-
-    DIAG(TD_REPORT, {
-	output_data("td: Entering processing loop\r\n");
-    });
-
-
-    nfd = ((f > p) ? f : p) + 1;
-    timeout = time(NULL) + 5;
-    for (;;) {
-	fd_set ibits, obits, xbits;
-	int c;
-
-	/* wait for encryption to be turned on, but don't wait
-           indefinitely */
-	if(!startslave_called && (!encrypt_delay() || timeout > time(NULL))){
-	    startslave_called = 1;
-	    startslave(host, utmp_host, level, autoname);
-	}
-
-	if (ncc < 0 && pcc < 0)
-	    break;
-
-	FD_ZERO(&ibits);
-	FD_ZERO(&obits);
-	FD_ZERO(&xbits);
-
-	if (f >= FD_SETSIZE
-	    || p >= FD_SETSIZE)
-	    fatal(net, "fd too large");
-
-	/*
-	 * Never look for input if there's still
-	 * stuff in the corresponding output buffer
-	 */
-	if (nfrontp - nbackp || pcc > 0) {
-	    FD_SET(f, &obits);
-	} else {
-	    FD_SET(p, &ibits);
-	}
-	if (pfrontp - pbackp || ncc > 0) {
-	    FD_SET(p, &obits);
-	} else {
-	    FD_SET(f, &ibits);
-	}
-	if (!SYNCHing) {
-	    FD_SET(f, &xbits);
-	}
-	if ((c = select(nfd, &ibits, &obits, &xbits,
-			(struct timeval *)0)) < 1) {
-	    if (c == -1) {
-		if (errno == EINTR) {
-		    continue;
-		}
-	    }
-	    sleep(5);
-	    continue;
-	}
-
-	/*
-	 * Any urgent data?
-	 */
-	if (FD_ISSET(net, &xbits)) {
-	    SYNCHing = 1;
-	}
-
-	/*
-	 * Something to read from the network...
-	 */
-	if (FD_ISSET(net, &ibits)) {
-#ifndef SO_OOBINLINE
-	    /*
-	     * In 4.2 (and 4.3 beta) systems, the
-	     * OOB indication and data handling in the kernel
-	     * is such that if two separate TCP Urgent requests
-	     * come in, one byte of TCP data will be overlaid.
-	     * This is fatal for Telnet, but we try to live
-	     * with it.
-	     *
-	     * In addition, in 4.2 (and...), a special protocol
-	     * is needed to pick up the TCP Urgent data in
-	     * the correct sequence.
-	     *
-	     * What we do is:  if we think we are in urgent
-	     * mode, we look to see if we are "at the mark".
-	     * If we are, we do an OOB receive.  If we run
-	     * this twice, we will do the OOB receive twice,
-	     * but the second will fail, since the second
-	     * time we were "at the mark", but there wasn't
-	     * any data there (the kernel doesn't reset
-	     * "at the mark" until we do a normal read).
-	     * Once we've read the OOB data, we go ahead
-	     * and do normal reads.
-	     *
-	     * There is also another problem, which is that
-	     * since the OOB byte we read doesn't put us
-	     * out of OOB state, and since that byte is most
-	     * likely the TELNET DM (data mark), we would
-	     * stay in the TELNET SYNCH (SYNCHing) state.
-	     * So, clocks to the rescue.  If we've "just"
-	     * received a DM, then we test for the
-	     * presence of OOB data when the receive OOB
-	     * fails (and AFTER we did the normal mode read
-	     * to clear "at the mark").
-	     */
-	    if (SYNCHing) {
-		int atmark;
-
-		ioctl(net, SIOCATMARK, (char *)&atmark);
-		if (atmark) {
-		    ncc = recv(net, netibuf, sizeof (netibuf), MSG_OOB);
-		    if ((ncc == -1) && (errno == EINVAL)) {
-			ncc = read(net, netibuf, sizeof (netibuf));
-			if (sequenceIs(didnetreceive, gotDM)) {
-			    SYNCHing = stilloob(net);
-			}
-		    }
-		} else {
-		    ncc = read(net, netibuf, sizeof (netibuf));
-		}
-	    } else {
-		ncc = read(net, netibuf, sizeof (netibuf));
-	    }
-	    settimer(didnetreceive);
-#else	/* !defined(SO_OOBINLINE)) */
-	    ncc = read(net, netibuf, sizeof (netibuf));
-#endif	/* !defined(SO_OOBINLINE)) */
-	    if (ncc < 0 && errno == EWOULDBLOCK)
-		ncc = 0;
-	    else {
-		if (ncc <= 0) {
-		    break;
-		}
-		netip = netibuf;
-	    }
-	    DIAG((TD_REPORT | TD_NETDATA), {
-		output_data("td: netread %d chars\r\n", ncc);
-		});
-	    DIAG(TD_NETDATA, printdata("nd", netip, ncc));
-	}
-
-	/*
-	 * Something to read from the pty...
-	 */
-	if (FD_ISSET(p, &ibits)) {
-#ifdef STREAMSPTY
-	    if (really_stream)
-		pcc = readstream(p, ptyibuf, BUFSIZ);
-	    else
-#endif
-		pcc = read(p, ptyibuf, BUFSIZ);
-
-	    /*
-	     * On some systems, if we try to read something
-	     * off the master side before the slave side is
-	     * opened, we get EIO.
-	     */
-	    if (pcc < 0 && (errno == EWOULDBLOCK ||
-#ifdef	EAGAIN
-			    errno == EAGAIN ||
-#endif
-			    errno == EIO)) {
-		pcc = 0;
-	    } else {
-		if (pcc <= 0)
-		    break;
-		if (ptyibuf[0] & TIOCPKT_FLUSHWRITE) {
-		    netclear();	/* clear buffer back */
-#ifndef	NO_URGENT
-		    /*
-		     * There are client telnets on some
-		     * operating systems get screwed up
-		     * royally if we send them urgent
-		     * mode data.
-		     */
-		    output_data ("%c%c", IAC, DM);
-
-		    neturg = nfrontp-1; /* off by one XXX */
-		    DIAG(TD_OPTIONS,
-			 printoption("td: send IAC", DM));
-
-#endif
-		}
-		if (his_state_is_will(TELOPT_LFLOW) &&
-		    (ptyibuf[0] &
-		     (TIOCPKT_NOSTOP|TIOCPKT_DOSTOP))) {
-		    int newflow =
-			ptyibuf[0] & TIOCPKT_DOSTOP ? 1 : 0;
-		    if (newflow != flowmode) {
-			flowmode = newflow;
-			output_data("%c%c%c%c%c%c",
-				    IAC, SB, TELOPT_LFLOW,
-				    flowmode ? LFLOW_ON
-				    : LFLOW_OFF,
-				    IAC, SE);
-			DIAG(TD_OPTIONS, printsub('>',
-						  (unsigned char *)nfrontp-4,
-						  4););
-		    }
-		}
-		pcc--;
-		ptyip = ptyibuf+1;
-	    }
-	}
-
-	while (pcc > 0) {
-	    if ((&netobuf[BUFSIZ] - nfrontp) < 3)
-		break;
-	    c = *ptyip++ & 0377, pcc--;
-	    if (c == IAC)
-		*nfrontp++ = c;
-	    *nfrontp++ = c;
-	    if ((c == '\r') && (my_state_is_wont(TELOPT_BINARY))) {
-		if (pcc > 0 && ((*ptyip & 0377) == '\n')) {
-		    *nfrontp++ = *ptyip++ & 0377;
-		    pcc--;
-		} else
-		    *nfrontp++ = '\0';
-	    }
-	}
-
-	if (FD_ISSET(f, &obits) && (nfrontp - nbackp) > 0)
-	    netflush();
-	if (ncc > 0)
-	    telrcv();
-	if (FD_ISSET(p, &obits) && (pfrontp - pbackp) > 0)
-	    ptyflush();
-    }
-    cleanup(0);
-}
-
-#ifndef	TCSIG
-# ifdef	TIOCSIG
-#  define TCSIG TIOCSIG
-# endif
-#endif
-
-#ifdef	STREAMSPTY
-
-    int flowison = -1;  /* current state of flow: -1 is unknown */
-
-int
-readstream(int p, char *ibuf, int bufsize)
-{
-    int flags = 0;
-    int ret = 0;
-    struct termios *tsp;
-#if 0
-    struct termio *tp;
-#endif
-    struct iocblk *ip;
-    char vstop, vstart;
-    int ixon;
-    int newflow;
-
-    strbufc.maxlen = BUFSIZ;
-    strbufc.buf = (char *)ctlbuf;
-    strbufd.maxlen = bufsize-1;
-    strbufd.len = 0;
-    strbufd.buf = ibuf+1;
-    ibuf[0] = 0;
-
-    ret = getmsg(p, &strbufc, &strbufd, &flags);
-    if (ret < 0)  /* error of some sort -- probably EAGAIN */
-	return(-1);
-
-    if (strbufc.len <= 0 || ctlbuf[0] == M_DATA) {
-	/* data message */
-	if (strbufd.len > 0) {			/* real data */
-	    return(strbufd.len + 1);	/* count header char */
-	} else {
-	    /* nothing there */
-	    errno = EAGAIN;
-	    return(-1);
-	}
-    }
-
-    /*
-     * It's a control message.  Return 1, to look at the flag we set
-     */
-
-    switch (ctlbuf[0]) {
-    case M_FLUSH:
-	if (ibuf[1] & FLUSHW)
-	    ibuf[0] = TIOCPKT_FLUSHWRITE;
-	return(1);
-
-    case M_IOCTL:
-	ip = (struct iocblk *) (ibuf+1);
-
-	switch (ip->ioc_cmd) {
-#ifdef TCSETS
-	case TCSETS:
-	case TCSETSW:
-	case TCSETSF:
-	    tsp = (struct termios *)
-		(ibuf+1 + sizeof(struct iocblk));
-	    vstop = tsp->c_cc[VSTOP];
-	    vstart = tsp->c_cc[VSTART];
-	    ixon = tsp->c_iflag & IXON;
-	    break;
-#endif
-#if 0
-	case TCSETA:
-	case TCSETAW:
-	case TCSETAF:
-	    tp = (struct termio *) (ibuf+1 + sizeof(struct iocblk));
-	    vstop = tp->c_cc[VSTOP];
-	    vstart = tp->c_cc[VSTART];
-	    ixon = tp->c_iflag & IXON;
-	    break;
-#endif
-	default:
-	    errno = EAGAIN;
-	    return(-1);
-	}
-
-	newflow =  (ixon && (vstart == 021) && (vstop == 023)) ? 1 : 0;
-	if (newflow != flowison) {  /* it's a change */
-	    flowison = newflow;
-	    ibuf[0] = newflow ? TIOCPKT_DOSTOP : TIOCPKT_NOSTOP;
-	    return(1);
-	}
-    }
-
-    /* nothing worth doing anything about */
-    errno = EAGAIN;
-    return(-1);
-}
-#endif /* STREAMSPTY */
-
-/*
- * Send interrupt to process on other side of pty.
- * If it is in raw mode, just write NULL;
- * otherwise, write intr char.
- */
-void
-interrupt()
-{
-    ptyflush();	/* half-hearted */
-
-#if defined(STREAMSPTY) && defined(TIOCSIGNAL)
-    /* Streams PTY style ioctl to post a signal */
-    if (really_stream)
-	{
-	    int sig = SIGINT;
-	    ioctl(ourpty, TIOCSIGNAL, &sig);
-	    ioctl(ourpty, I_FLUSH, FLUSHR);
-	}
-#else
-#ifdef	TCSIG
-    ioctl(ourpty, TCSIG, (char *)SIGINT);
-#else	/* TCSIG */
-    init_termbuf();
-    *pfrontp++ = slctab[SLC_IP].sptr ?
-	(unsigned char)*slctab[SLC_IP].sptr : '\177';
-#endif	/* TCSIG */
-#endif
-}
-
-/*
- * Send quit to process on other side of pty.
- * If it is in raw mode, just write NULL;
- * otherwise, write quit char.
- */
-void
-sendbrk()
-{
-    ptyflush();	/* half-hearted */
-#ifdef	TCSIG
-    ioctl(ourpty, TCSIG, (char *)SIGQUIT);
-#else	/* TCSIG */
-    init_termbuf();
-    *pfrontp++ = slctab[SLC_ABORT].sptr ?
-	(unsigned char)*slctab[SLC_ABORT].sptr : '\034';
-#endif	/* TCSIG */
-}
-
-void
-sendsusp()
-{
-#ifdef	SIGTSTP
-    ptyflush();	/* half-hearted */
-# ifdef	TCSIG
-    ioctl(ourpty, TCSIG, (char *)SIGTSTP);
-# else	/* TCSIG */
-    *pfrontp++ = slctab[SLC_SUSP].sptr ?
-	(unsigned char)*slctab[SLC_SUSP].sptr : '\032';
-# endif	/* TCSIG */
-#endif	/* SIGTSTP */
-}
-
-/*
- * When we get an AYT, if ^T is enabled, use that.  Otherwise,
- * just send back "[Yes]".
- */
-void
-recv_ayt()
-{
-#if	defined(SIGINFO) && defined(TCSIG)
-    if (slctab[SLC_AYT].sptr && *slctab[SLC_AYT].sptr != _POSIX_VDISABLE) {
-	ioctl(ourpty, TCSIG, (char *)SIGINFO);
-	return;
-    }
-#endif
-    output_data("\r\n[Yes]\r\n");
-}
-
-void
-doeof()
-{
-    init_termbuf();
-
-    *pfrontp++ = slctab[SLC_EOF].sptr ?
-	(unsigned char)*slctab[SLC_EOF].sptr : '\004';
-}
diff --git a/crypto/heimdal/appl/telnet/telnetd/telnetd.h b/crypto/heimdal/appl/telnet/telnetd/telnetd.h
deleted file mode 100644
index 51a5725bd9a0..000000000000
--- a/crypto/heimdal/appl/telnet/telnetd/telnetd.h
+++ /dev/null
@@ -1,251 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)telnetd.h	8.1 (Berkeley) 6/4/93
- */
-
-
-#include <config.h>
-
-#include <stdio.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <string.h>
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef TIME_WITH_SYS_TIME
-#include <sys/time.h>
-#include <time.h>
-#elif defined(HAVE_SYS_TIME_H)
-#include <sys/time.h>
-#else
-#include <time.h>
-#endif
-
-#ifdef HAVE_SYS_RESOURCE_H
-#include <sys/resource.h>
-#endif /* HAVE_SYS_RESOURCE_H */
-
-#ifdef HAVE_SYS_WAIT_H
-#include <sys/wait.h>
-#endif
-
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#ifdef HAVE_SYS_FILE_H
-#include <sys/file.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-#include <sys/stat.h>
-#endif
-
-/* including both <sys/ioctl.h> and <termios.h> in SunOS 4 generates a
-   lot of warnings */
-
-#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
-#include <sys/ioctl.h>
-#endif
-#ifdef HAVE_SYS_FILIO_H
-#include <sys/filio.h>
-#endif
-
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-#ifdef HAVE_NETINET6_IN6_H
-#include <netinet6/in6.h>
-#endif
-
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-
-#include <signal.h>
-#include <errno.h>
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef HAVE_SYSLOG_H
-#include <syslog.h>
-#endif
-#include <ctype.h>
-
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-#include <termios.h>
-
-#ifdef HAVE_PTY_H
-#include <pty.h>
-#endif
-
-#ifdef	STREAMSPTY
-#ifdef HAVE_SAC_H
-#include <sac.h>
-#endif
-#ifdef HAVE_SYS_STROPTS_H
-#include <sys/stropts.h>
-#endif
-
-# include <stropts.h>
-
-#ifdef  HAVE_SYS_UIO_H
-#include <sys/uio.h>
-#ifdef __hpux
-#undef SE
-#endif
-#endif
-#ifdef	HAVE_SYS_STREAM_H
-#include <sys/stream.h>
-#endif
-
-#endif /* STREAMSPTY */
-
-#undef NOERROR
-
-#include "defs.h"
-
-#ifndef _POSIX_VDISABLE
-# ifdef VDISABLE
-#  define _POSIX_VDISABLE VDISABLE
-# else
-#  define _POSIX_VDISABLE ((unsigned char)'\377')
-# endif
-#endif
-
-
-#ifdef HAVE_SYS_PTY_H
-#include <sys/pty.h>
-#endif
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-
-#ifdef HAVE_SYS_PTYIO_H
-#include <sys/ptyio.h>
-#endif
-
-#ifdef HAVE_SYS_UTSNAME_H
-#include <sys/utsname.h>
-#endif
-
-#ifdef HAVE_PATHS_H
-#include <paths.h>
-#endif
-
-#ifdef HAVE_ARPA_TELNET_H
-#include <arpa/telnet.h>
-#endif
-
-#include "ext.h"
-
-#ifdef SOCKS
-#include <socks.h>
-/* This doesn't belong here. */
-struct tm *localtime(const time_t *);
-struct hostent  *gethostbyname(const char *);
-#endif
-
-#ifdef KRB4
-#include <krb.h>
-#endif
-
-#ifdef AUTHENTICATION
-#include <libtelnet/auth.h>
-#include <libtelnet/misc.h>
-#ifdef ENCRYPTION
-#include <libtelnet/encrypt.h>
-#endif
-#endif
-
-#ifdef HAVE_LIBUTIL_H
-#include <libutil.h>
-#endif
-
-#include <roken.h>
-
-/* Don't use the system login, use our version instead */
-
-/* BINDIR should be defined somewhere else... */
-
-#ifndef BINDIR
-#define BINDIR "/usr/athena/bin"
-#endif
-
-#undef _PATH_LOGIN
-#define _PATH_LOGIN	BINDIR "/login"
-
-/* fallbacks */
-
-#ifndef _PATH_DEV
-#define _PATH_DEV "/dev/"
-#endif
-
-#ifndef _PATH_TTY
-#define _PATH_TTY "/dev/tty"
-#endif /* _PATH_TTY */
-
-#ifdef	DIAGNOSTICS
-#define	DIAG(a,b)	if (diagnostic & (a)) b
-#else
-#define	DIAG(a,b)
-#endif
-
-/* other external variables */
-extern	char **environ;
-
-/* prototypes */
-
-/* appends data to nfrontp and advances */
-int output_data (const char *format, ...)
-#ifdef __GNUC__
-__attribute__ ((format (printf, 1, 2)))
-#endif
-;
-
-#ifdef ENCRYPTION
-extern int require_encryption;
-#endif
diff --git a/crypto/heimdal/appl/telnet/telnetd/termstat.c b/crypto/heimdal/appl/telnet/telnetd/termstat.c
deleted file mode 100644
index 696a2343dffd..000000000000
--- a/crypto/heimdal/appl/telnet/telnetd/termstat.c
+++ /dev/null
@@ -1,138 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "telnetd.h"
-
-RCSID("$Id: termstat.c 10587 2001-08-29 00:45:23Z assar $");
-
-/*
- * local variables
- */
-int def_tspeed = -1, def_rspeed = -1;
-#ifdef	TIOCSWINSZ
-int def_row = 0, def_col = 0;
-#endif
-
-/*
- * flowstat
- *
- * Check for changes to flow control
- */
-void
-flowstat(void)
-{
-    if (his_state_is_will(TELOPT_LFLOW)) {
-	if (tty_flowmode() != flowmode) {
-	    flowmode = tty_flowmode();
-	    output_data("%c%c%c%c%c%c",
-			IAC, SB, TELOPT_LFLOW,
-			flowmode ? LFLOW_ON : LFLOW_OFF,
-			IAC, SE);
-	}
-	if (tty_restartany() != restartany) {
-	    restartany = tty_restartany();
-	    output_data("%c%c%c%c%c%c",
-			IAC, SB, TELOPT_LFLOW,
-			restartany ? LFLOW_RESTART_ANY
-			: LFLOW_RESTART_XON,
-			IAC, SE);
-	}
-    }
-}
-
-/*
- * clientstat
- *
- * Process linemode related requests from the client.
- * Client can request a change to only one of linemode, editmode or slc's
- * at a time, and if using kludge linemode, then only linemode may be
- * affected.
- */
-void
-clientstat(int code, int parm1, int parm2)
-{
-    /*
-     * Get a copy of terminal characteristics.
-     */
-    init_termbuf();
-
-    /*
-     * Process request from client. code tells what it is.
-     */
-    switch (code) {
-    case TELOPT_NAWS:
-#ifdef	TIOCSWINSZ
-	{
-	    struct winsize ws;
-
-	    def_col = parm1;
-	    def_row = parm2;
-
-	    /*
-	     * Change window size as requested by client.
-	     */
-
-	    ws.ws_col = parm1;
-	    ws.ws_row = parm2;
-	    ioctl(ourpty, TIOCSWINSZ, (char *)&ws);
-	}
-#endif	/* TIOCSWINSZ */
-
-    break;
-
-    case TELOPT_TSPEED:
-	{
-	    def_tspeed = parm1;
-	    def_rspeed = parm2;
-	    /*
-	     * Change terminal speed as requested by client.
-	     * We set the receive speed first, so that if we can't
-	     * store seperate receive and transmit speeds, the transmit
-	     * speed will take precedence.
-	     */
-	    tty_rspeed(parm2);
-	    tty_tspeed(parm1);
-	    set_termbuf();
-
-	    break;
-
-	}  /* end of case TELOPT_TSPEED */
-
-    default:
-	/* What? */
-	break;
-    }  /* end of switch */
-
-    netflush();
-
-}
diff --git a/crypto/heimdal/appl/telnet/telnetd/utility.c b/crypto/heimdal/appl/telnet/telnetd/utility.c
deleted file mode 100644
index f55914f199b3..000000000000
--- a/crypto/heimdal/appl/telnet/telnetd/utility.c
+++ /dev/null
@@ -1,1163 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#define PRINTOPTIONS
-#include "telnetd.h"
-
-RCSID("$Id: utility.c 15844 2005-08-08 13:36:16Z lha $");
-
-/*
- * utility functions performing io related tasks
- */
-
-/*
- * ttloop
- *
- * A small subroutine to flush the network output buffer, get some
- * data from the network, and pass it through the telnet state
- * machine.  We also flush the pty input buffer (by dropping its data)
- * if it becomes too full.
- *
- * return 0 if OK or 1 if interrupted by a signal.
- */
-
-int
-ttloop(void)
-{
-    DIAG(TD_REPORT, {
-	output_data("td: ttloop\r\n");
-    });
-    if (nfrontp-nbackp)
-	netflush();
-    ncc = read(net, netibuf, sizeof netibuf);
-    if (ncc < 0) {
-	if (errno == EINTR)
-	    return 1;
-	syslog(LOG_INFO, "ttloop:  read: %m\n");
-	exit(1);
-    } else if (ncc == 0) {
-	syslog(LOG_INFO, "ttloop:  peer died\n");
-	exit(1);
-    }
-    DIAG(TD_REPORT, {
-	output_data("td: ttloop read %d chars\r\n", ncc);
-    });
-    netip = netibuf;
-    telrcv();			/* state machine */
-    if (ncc > 0) {
-	pfrontp = pbackp = ptyobuf;
-	telrcv();
-    }
-    return 0;
-}  /* end of ttloop */
-
-/*
- * Check a descriptor to see if out of band data exists on it.
- */
-int
-stilloob(int s)
-{
-    static struct timeval timeout = { 0 };
-    fd_set	excepts;
-    int value;
-
-    if (s >= FD_SETSIZE)
-	fatal(ourpty, "fd too large");
-
-    do {
-	FD_ZERO(&excepts);
-	FD_SET(s, &excepts);
-	value = select(s+1, 0, 0, &excepts, &timeout);
-    } while ((value == -1) && (errno == EINTR));
-
-    if (value < 0) {
-	fatalperror(ourpty, "select");
-    }
-    if (FD_ISSET(s, &excepts)) {
-	return 1;
-    } else {
-	return 0;
-    }
-}
-
-void
-ptyflush(void)
-{
-    int n;
-
-    if ((n = pfrontp - pbackp) > 0) {
-	DIAG((TD_REPORT | TD_PTYDATA), { 
-	    output_data("td: ptyflush %d chars\r\n", n);
-	});
-	DIAG(TD_PTYDATA, printdata("pd", pbackp, n));
-	n = write(ourpty, pbackp, n);
-    }
-    if (n < 0) {
-	if (errno == EWOULDBLOCK || errno == EINTR)
-	    return;
-	cleanup(0);
-    }
-    pbackp += n;
-    if (pbackp == pfrontp)
-	pbackp = pfrontp = ptyobuf;
-}
-
-/*
- * nextitem()
- *
- *	Return the address of the next "item" in the TELNET data
- * stream.  This will be the address of the next character if
- * the current address is a user data character, or it will
- * be the address of the character following the TELNET command
- * if the current address is a TELNET IAC ("I Am a Command")
- * character.
- */
-char *
-nextitem(char *current)
-{
-    if ((*current&0xff) != IAC) {
-	return current+1;
-    }
-    switch (*(current+1)&0xff) {
-    case DO:
-    case DONT:
-    case WILL:
-    case WONT:
-	return current+3;
-    case SB:{
-	/* loop forever looking for the SE */
-	char *look = current+2;
-
-	for (;;) {
-	    if ((*look++&0xff) == IAC) {
-		if ((*look++&0xff) == SE) {
-		    return look;
-		}
-	    }
-	}
-    }
-    default:
-	return current+2;
-    }
-}
-
-
-/*
- * netclear()
- *
- *	We are about to do a TELNET SYNCH operation.  Clear
- * the path to the network.
- *
- *	Things are a bit tricky since we may have sent the first
- * byte or so of a previous TELNET command into the network.
- * So, we have to scan the network buffer from the beginning
- * until we are up to where we want to be.
- *
- *	A side effect of what we do, just to keep things
- * simple, is to clear the urgent data pointer.  The principal
- * caller should be setting the urgent data pointer AFTER calling
- * us in any case.
- */
-void
-netclear(void)
-{
-    char *thisitem, *next;
-    char *good;
-#define	wewant(p)	((nfrontp > p) && ((*p&0xff) == IAC) && \
-			 ((*(p+1)&0xff) != EC) && ((*(p+1)&0xff) != EL))
-
-#ifdef ENCRYPTION
-	thisitem = nclearto > netobuf ? nclearto : netobuf;
-#else
-	thisitem = netobuf;
-#endif
-
-	while ((next = nextitem(thisitem)) <= nbackp) {
-	    thisitem = next;
-	}
-
-	/* Now, thisitem is first before/at boundary. */
-
-#ifdef ENCRYPTION
-	good = nclearto > netobuf ? nclearto : netobuf;
-#else
-	good = netobuf;	/* where the good bytes go */
-#endif
-
-	while (nfrontp > thisitem) {
-	    if (wewant(thisitem)) {
-		int length;
-
-		next = thisitem;
-		do {
-		    next = nextitem(next);
-		} while (wewant(next) && (nfrontp > next));
-		length = next-thisitem;
-		memmove(good, thisitem, length);
-		good += length;
-		thisitem = next;
-	    } else {
-		thisitem = nextitem(thisitem);
-	    }
-	}
-
-	nbackp = netobuf;
-	nfrontp = good;		/* next byte to be sent */
-	neturg = 0;
-}  /* end of netclear */
-
-extern int not42;
-
-/*
- *  netflush
- *		Send as much data as possible to the network,
- *	handling requests for urgent data.
- */
-void
-netflush(void)
-{
-    int n;
-
-    if ((n = nfrontp - nbackp) > 0) {
-	DIAG(TD_REPORT,
-	     { n += output_data("td: netflush %d chars\r\n", n);
-	     });
-#ifdef ENCRYPTION
-	if (encrypt_output) {
-	    char *s = nclearto ? nclearto : nbackp;
-	    if (nfrontp - s > 0) {
-		(*encrypt_output)((unsigned char *)s, nfrontp-s);
-		nclearto = nfrontp;
-	    }
-	}
-#endif
-	/*
-	 * if no urgent data, or if the other side appears to be an
-	 * old 4.2 client (and thus unable to survive TCP urgent data),
-	 * write the entire buffer in non-OOB mode.
-	 */
-#if 1 /* remove this to make it work between solaris 2.6 and linux */
-	if ((neturg == 0) || (not42 == 0)) {
-#endif
-	    n = write(net, nbackp, n);	/* normal write */
-#if 1 /* remove this to make it work between solaris 2.6 and linux */
-	} else {
-	    n = neturg - nbackp;
-	    /*
-	     * In 4.2 (and 4.3) systems, there is some question about
-	     * what byte in a sendOOB operation is the "OOB" data.
-	     * To make ourselves compatible, we only send ONE byte
-	     * out of band, the one WE THINK should be OOB (though
-	     * we really have more the TCP philosophy of urgent data
-	     * rather than the Unix philosophy of OOB data).
-	     */
-	    if (n > 1) {
-		n = send(net, nbackp, n-1, 0);	/* send URGENT all by itself */
-	    } else {
-		n = send(net, nbackp, n, MSG_OOB);	/* URGENT data */
-	    }
-	}
-#endif
-    }
-    if (n < 0) {
-	if (errno == EWOULDBLOCK || errno == EINTR)
-	    return;
-	cleanup(0);
-    }
-    nbackp += n;
-#ifdef ENCRYPTION
-    if (nbackp > nclearto)
-	nclearto = 0;
-#endif
-    if (nbackp >= neturg) {
-	neturg = 0;
-    }
-    if (nbackp == nfrontp) {
-	nbackp = nfrontp = netobuf;
-#ifdef ENCRYPTION
-	nclearto = 0;
-#endif
-    }
-    return;
-}
-
-
-/*
- * writenet
- *
- * Just a handy little function to write a bit of raw data to the net.
- * It will force a transmit of the buffer if necessary
- *
- * arguments
- *    ptr - A pointer to a character string to write
- *    len - How many bytes to write
- */
-void
-writenet(const void *ptr, size_t len)
-{
-    /* flush buffer if no room for new data) */
-    while ((&netobuf[BUFSIZ] - nfrontp) < len) {
-	/* if this fails, don't worry, buffer is a little big */
-	netflush();
-    }
-    if ((&netobuf[BUFSIZ] - nfrontp) < len)
-	abort();
-
-    memmove(nfrontp, ptr, len);
-    nfrontp += len;
-}
-
-
-/*
- * miscellaneous functions doing a variety of little jobs follow ...
- */
-
-
-void fatal(int f, char *msg)
-{
-    char buf[BUFSIZ];
-
-    snprintf(buf, sizeof(buf), "telnetd: %s.\r\n", msg);
-#ifdef ENCRYPTION
-    if (encrypt_output) {
-	/*
-	 * Better turn off encryption first....
-	 * Hope it flushes...
-	 */
-	encrypt_send_end();
-	netflush();
-    }
-#endif
-    write(f, buf, (int)strlen(buf));
-    sleep(1);	/*XXX*/
-    exit(1);
-}
-
-void
-fatalperror_errno(int f, const char *msg, int error)
-{
-    char buf[BUFSIZ];
-    
-    snprintf(buf, sizeof(buf), "%s: %s", msg, strerror(error));
-    fatal(f, buf);
-}
-
-void
-fatalperror(int f, const char *msg)
-{
-    fatalperror_errno(f, msg, errno);
-}
-
-char editedhost[32];
-
-void edithost(char *pat, char *host)
-{
-    char *res = editedhost;
-
-    if (!pat)
-	pat = "";
-    while (*pat) {
-	switch (*pat) {
-
-	case '#':
-	    if (*host)
-		host++;
-	    break;
-
-	case '@':
-	    if (*host)
-		*res++ = *host++;
-	    break;
-
-	default:
-	    *res++ = *pat;
-	    break;
-	}
-	if (res == &editedhost[sizeof editedhost - 1]) {
-	    *res = '\0';
-	    return;
-	}
-	pat++;
-    }
-    if (*host)
-	strlcpy (res, host,
-			 sizeof editedhost - (res - editedhost));
-    else
-	*res = '\0';
-    editedhost[sizeof editedhost - 1] = '\0';
-}
-
-static char *putlocation;
-
-void
-putstr(char *s)
-{
-
-    while (*s)
-	putchr(*s++);
-}
-
-void
-putchr(int cc)
-{
-    *putlocation++ = cc;
-}
-
-static char fmtstr[] = { "%l:%M%P on %A, %d %B %Y" };
-
-void putf(char *cp, char *where)
-{
-#ifdef HAVE_UNAME
-    struct utsname name;
-#endif
-    char *slash;
-    time_t t;
-    char db[100];
-
-    /* if we don't have uname, set these to sensible values */
-    char *sysname = "Unix", 
-	*machine = "", 
-	*release = "",
-	*version = ""; 
-
-#ifdef HAVE_UNAME
-    uname(&name);
-    sysname=name.sysname;
-    machine=name.machine;
-    release=name.release;
-    version=name.version;
-#endif
-
-    putlocation = where;
-
-    while (*cp) {
-	if (*cp != '%') {
-	    putchr(*cp++);
-	    continue;
-	}
-	switch (*++cp) {
-
-	case 't':
-	    slash = strchr(line+1, '/');
-	    if (slash == (char *) 0)
-		putstr(line);
-	    else
-		putstr(&slash[1]);
-	    break;
-
-	case 'h':
-	    putstr(editedhost);
-	    break;
-
-	case 's':
-	    putstr(sysname);
-	    break;
-
-	case 'm':
-	    putstr(machine);
-	    break;
-
-	case 'r':
-	    putstr(release);
-	    break;
-
-	case 'v':
-	    putstr(version);
-	    break;
-
-	case 'd':
-	    time(&t);
-	    strftime(db, sizeof(db), fmtstr, localtime(&t));
-	    putstr(db);
-	    break;
-
-	case '%':
-	    putchr('%');
-	    break;
-	}
-	cp++;
-    }
-}
-
-#ifdef DIAGNOSTICS
-/*
- * Print telnet options and commands in plain text, if possible.
- */
-void
-printoption(char *fmt, int option)
-{
-    if (TELOPT_OK(option))
-	output_data("%s %s\r\n",
-		    fmt,
-		    TELOPT(option));
-    else if (TELCMD_OK(option))
-	output_data("%s %s\r\n",
-		    fmt,
-		    TELCMD(option));
-    else
-	output_data("%s %d\r\n",
-		    fmt,
-		    option);
-    return;
-}
-
-void
-printsub(int direction, unsigned char *pointer, int length)
-        		          	/* '<' or '>' */
-                 	         	/* where suboption data sits */
-       			       		/* length of suboption data */
-{
-    int i = 0;
-    unsigned char buf[512];
-
-    if (!(diagnostic & TD_OPTIONS))
-	return;
-
-    if (direction) {
-	output_data("td: %s suboption ",
-		    direction == '<' ? "recv" : "send");
-	if (length >= 3) {
-	    int j;
-
-	    i = pointer[length-2];
-	    j = pointer[length-1];
-
-	    if (i != IAC || j != SE) {
-		output_data("(terminated by ");
-		if (TELOPT_OK(i))
-		    output_data("%s ",
-				TELOPT(i));
-		else if (TELCMD_OK(i))
-		    output_data("%s ",
-				TELCMD(i));
-		else
-		    output_data("%d ",
-				i);
-		if (TELOPT_OK(j))
-		    output_data("%s",
-				TELOPT(j));
-		else if (TELCMD_OK(j))
-		    output_data("%s",
-				TELCMD(j));
-		else
-		    output_data("%d",
-				j);
-		output_data(", not IAC SE!) ");
-	    }
-	}
-	length -= 2;
-    }
-    if (length < 1) {
-	output_data("(Empty suboption??\?)");
-	return;
-    }
-    switch (pointer[0]) {
-    case TELOPT_TTYPE:
-	output_data("TERMINAL-TYPE ");
-	switch (pointer[1]) {
-	case TELQUAL_IS:
-	    output_data("IS \"%.*s\"",
-			length-2,
-			(char *)pointer+2);
-	    break;
-	case TELQUAL_SEND:
-	    output_data("SEND");
-	    break;
-	default:
-	    output_data("- unknown qualifier %d (0x%x).",
-			pointer[1], pointer[1]);
-	}
-	break;
-    case TELOPT_TSPEED:
-	output_data("TERMINAL-SPEED");
-	if (length < 2) {
-	    output_data(" (empty suboption??\?)");
-	    break;
-	}
-	switch (pointer[1]) {
-	case TELQUAL_IS:
-	    output_data(" IS %.*s", length-2, (char *)pointer+2);
-	    break;
-	default:
-	    if (pointer[1] == 1)
-		output_data(" SEND");
-	    else
-		output_data(" %d (unknown)", pointer[1]);
-	    for (i = 2; i < length; i++) {
-		output_data(" ?%d?", pointer[i]);
-	    }
-	    break;
-	}
-	break;
-
-    case TELOPT_LFLOW:
-	output_data("TOGGLE-FLOW-CONTROL");
-	if (length < 2) {
-	    output_data(" (empty suboption??\?)");
-	    break;
-	}
-	switch (pointer[1]) {
-	case LFLOW_OFF:
-	    output_data(" OFF");
-	    break;
-	case LFLOW_ON:
-	    output_data(" ON");
-	    break;
-	case LFLOW_RESTART_ANY:
-	    output_data(" RESTART-ANY");
-	    break;
-	case LFLOW_RESTART_XON:
-	    output_data(" RESTART-XON");
-	    break;
-	default:
-	    output_data(" %d (unknown)",
-			pointer[1]);
-	}
-	for (i = 2; i < length; i++) {
-	    output_data(" ?%d?",
-			pointer[i]);
-	}
-	break;
-
-    case TELOPT_NAWS:
-	output_data("NAWS");
-	if (length < 2) {
-	    output_data(" (empty suboption??\?)");
-	    break;
-	}
-	if (length == 2) {
-	    output_data(" ?%d?",
-			pointer[1]);
-	    break;
-	}
-	output_data(" %u %u(%u)",
-		    pointer[1],
-		    pointer[2],
-		    (((unsigned int)pointer[1])<<8) + pointer[2]);
-	if (length == 4) {
-	    output_data(" ?%d?",
-			pointer[3]);
-	    break;
-	}
-	output_data(" %u %u(%u)",
-		    pointer[3],
-		    pointer[4],
-		    (((unsigned int)pointer[3])<<8) + pointer[4]);
-	for (i = 5; i < length; i++) {
-	    output_data(" ?%d?",
-			pointer[i]);
-	}
-	break;
-
-    case TELOPT_LINEMODE:
-	output_data("LINEMODE ");
-	if (length < 2) {
-	    output_data(" (empty suboption??\?)");
-	    break;
-	}
-	switch (pointer[1]) {
-	case WILL:
-	    output_data("WILL ");
-	    goto common;
-	case WONT:
-	    output_data("WONT ");
-	    goto common;
-	case DO:
-	    output_data("DO ");
-	    goto common;
-	case DONT:
-	    output_data("DONT ");
-	common:
-	    if (length < 3) {
-		output_data("(no option??\?)");
-		break;
-	    }
-	    switch (pointer[2]) {
-	    case LM_FORWARDMASK:
-		output_data("Forward Mask");
-		for (i = 3; i < length; i++) {
-		    output_data(" %x", pointer[i]);
-		}
-		break;
-	    default:
-		output_data("%d (unknown)",
-			    pointer[2]);
-		for (i = 3; i < length; i++) {
-		    output_data(" %d",
-				pointer[i]);
-		}
-		break;
-	    }
-	    break;
-
-	case LM_SLC:
-	    output_data("SLC");
-	    for (i = 2; i < length - 2; i += 3) {
-		if (SLC_NAME_OK(pointer[i+SLC_FUNC]))
-		    output_data(" %s",
-				SLC_NAME(pointer[i+SLC_FUNC]));
-		else
-		    output_data(" %d",
-				pointer[i+SLC_FUNC]);
-		switch (pointer[i+SLC_FLAGS]&SLC_LEVELBITS) {
-		case SLC_NOSUPPORT:
-		    output_data(" NOSUPPORT");
-		    break;
-		case SLC_CANTCHANGE:
-		    output_data(" CANTCHANGE");
-		    break;
-		case SLC_VARIABLE:
-		    output_data(" VARIABLE");
-		    break;
-		case SLC_DEFAULT:
-		    output_data(" DEFAULT");
-		    break;
-		}
-		output_data("%s%s%s",
-			    pointer[i+SLC_FLAGS]&SLC_ACK ? "|ACK" : "",
-			    pointer[i+SLC_FLAGS]&SLC_FLUSHIN ? "|FLUSHIN" : "",
-			    pointer[i+SLC_FLAGS]&SLC_FLUSHOUT ? "|FLUSHOUT" : "");
-		if (pointer[i+SLC_FLAGS]& ~(SLC_ACK|SLC_FLUSHIN|
-					    SLC_FLUSHOUT| SLC_LEVELBITS)) {
-		    output_data("(0x%x)",
-				pointer[i+SLC_FLAGS]);
-		}
-		output_data(" %d;",
-			    pointer[i+SLC_VALUE]);
-		if ((pointer[i+SLC_VALUE] == IAC) &&
-		    (pointer[i+SLC_VALUE+1] == IAC))
-		    i++;
-	    }
-	    for (; i < length; i++) {
-		output_data(" ?%d?",
-			    pointer[i]);
-	    }
-	    break;
-
-	case LM_MODE:
-	    output_data("MODE ");
-	    if (length < 3) {
-		output_data("(no mode??\?)");
-		break;
-	    }
-	    {
-		char tbuf[32];
-		snprintf(tbuf,
-			 sizeof(tbuf),
-			 "%s%s%s%s%s",
-			 pointer[2]&MODE_EDIT ? "|EDIT" : "",
-			 pointer[2]&MODE_TRAPSIG ? "|TRAPSIG" : "",
-			 pointer[2]&MODE_SOFT_TAB ? "|SOFT_TAB" : "",
-			 pointer[2]&MODE_LIT_ECHO ? "|LIT_ECHO" : "",
-			 pointer[2]&MODE_ACK ? "|ACK" : "");
-		output_data("%s",
-			    tbuf[1] ? &tbuf[1] : "0");
-	    }
-	    if (pointer[2]&~(MODE_EDIT|MODE_TRAPSIG|MODE_ACK)) {
-		output_data(" (0x%x)",
-			    pointer[2]);
-	    }
-	    for (i = 3; i < length; i++) {
-		output_data(" ?0x%x?",
-			 pointer[i]);
-	    }
-	    break;
-	default:
-	    output_data("%d (unknown)",
-			pointer[1]);
-	    for (i = 2; i < length; i++) {
-		output_data(" %d", pointer[i]);
-	    }
-	}
-	break;
-
-    case TELOPT_STATUS: {
-	char *cp;
-	int j, k;
-
-	output_data("STATUS");
-
-	switch (pointer[1]) {
-	default:
-	    if (pointer[1] == TELQUAL_SEND)
-		output_data(" SEND");
-	    else
-		output_data(" %d (unknown)",
-			    pointer[1]);
-	    for (i = 2; i < length; i++) {
-		output_data(" ?%d?",
-			    pointer[i]);
-	    }
-	    break;
-	case TELQUAL_IS:
-	    output_data(" IS\r\n");
-
-	    for (i = 2; i < length; i++) {
-		switch(pointer[i]) {
-		case DO:	cp = "DO"; goto common2;
-		case DONT:	cp = "DONT"; goto common2;
-		case WILL:	cp = "WILL"; goto common2;
-		case WONT:	cp = "WONT"; goto common2;
-		common2:
-		i++;
-		if (TELOPT_OK(pointer[i]))
-		    output_data(" %s %s",
-				cp,
-				TELOPT(pointer[i]));
-		else
-		    output_data(" %s %d",
-				cp,
-				pointer[i]);
-
-		output_data("\r\n");
-		break;
-
-		case SB:
-		    output_data(" SB ");
-		    i++;
-		    j = k = i;
-		    while (j < length) {
-			if (pointer[j] == SE) {
-			    if (j+1 == length)
-				break;
-			    if (pointer[j+1] == SE)
-				j++;
-			    else
-				break;
-			}
-			pointer[k++] = pointer[j++];
-		    }
-		    printsub(0, &pointer[i], k - i);
-		    if (i < length) {
-			output_data(" SE");
-			i = j;
-		    } else
-			i = j - 1;
-
-		    output_data("\r\n");
-
-		    break;
-
-		default:
-		    output_data(" %d",
-				pointer[i]);
-		    break;
-		}
-	    }
-	    break;
-	}
-	break;
-    }
-
-    case TELOPT_XDISPLOC:
-	output_data("X-DISPLAY-LOCATION ");
-	switch (pointer[1]) {
-	case TELQUAL_IS:
-	    output_data("IS \"%.*s\"",
-			length-2,
-			(char *)pointer+2);
-	    break;
-	case TELQUAL_SEND:
-	    output_data("SEND");
-	    break;
-	default:
-	    output_data("- unknown qualifier %d (0x%x).",
-			pointer[1], pointer[1]);
-	}
-	break;
-
-    case TELOPT_NEW_ENVIRON:
-	output_data("NEW-ENVIRON ");
-	goto env_common1;
-    case TELOPT_OLD_ENVIRON:
-	output_data("OLD-ENVIRON");
-    env_common1:
-	switch (pointer[1]) {
-	case TELQUAL_IS:
-	    output_data("IS ");
-	    goto env_common;
-	case TELQUAL_SEND:
-	    output_data("SEND ");
-	    goto env_common;
-	case TELQUAL_INFO:
-	    output_data("INFO ");
-	env_common:
-	    {
-		int noquote = 2;
-		for (i = 2; i < length; i++ ) {
-		    switch (pointer[i]) {
-		    case NEW_ENV_VAR:
-			output_data("\" VAR " + noquote);
-			noquote = 2;
-			break;
-
-		    case NEW_ENV_VALUE:
-			output_data("\" VALUE " + noquote);
-			noquote = 2;
-			break;
-
-		    case ENV_ESC:
-			output_data("\" ESC " + noquote);
-			noquote = 2;
-			break;
-
-		    case ENV_USERVAR:
-			output_data("\" USERVAR " + noquote);
-			noquote = 2;
-			break;
-
-		    default:
-			if (isprint(pointer[i]) && pointer[i] != '"') {
-			    if (noquote) {
-				output_data ("\"");
-				noquote = 0;
-			    }
-			    output_data ("%c", pointer[i]);
-			} else {
-			    output_data("\" %03o " + noquote,
-					pointer[i]);
-			    noquote = 2;
-			}
-			break;
-		    }
-		}
-		if (!noquote)
-		    output_data ("\"");
-		break;
-	    }
-	}
-	break;
-
-#ifdef AUTHENTICATION
-    case TELOPT_AUTHENTICATION:
-	output_data("AUTHENTICATION");
-
-	if (length < 2) {
-	    output_data(" (empty suboption??\?)");
-	    break;
-	}
-	switch (pointer[1]) {
-	case TELQUAL_REPLY:
-	case TELQUAL_IS:
-	    output_data(" %s ",
-			(pointer[1] == TELQUAL_IS) ?
-			"IS" : "REPLY");
-	    if (AUTHTYPE_NAME_OK(pointer[2]))
-		output_data("%s ",
-			    AUTHTYPE_NAME(pointer[2]));
-	    else
-		output_data("%d ",
-			    pointer[2]);
-	    if (length < 3) {
-		output_data("(partial suboption??\?)");
-		break;
-	    }
-	    output_data("%s|%s",
-			((pointer[3] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
-			"CLIENT" : "SERVER",
-			((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
-			"MUTUAL" : "ONE-WAY");
-
-	    auth_printsub(&pointer[1], length - 1, buf, sizeof(buf));
-	    output_data("%s",
-			buf);
-	    break;
-
-	case TELQUAL_SEND:
-	    i = 2;
-	    output_data(" SEND ");
-	    while (i < length) {
-		if (AUTHTYPE_NAME_OK(pointer[i]))
-		    output_data("%s ",
-				AUTHTYPE_NAME(pointer[i]));
-		else
-		    output_data("%d ",
-				pointer[i]);
-		if (++i >= length) {
-		    output_data("(partial suboption??\?)");
-		    break;
-		}
-		output_data("%s|%s ",
-			    ((pointer[i] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
-			    "CLIENT" : "SERVER",
-			    ((pointer[i] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
-			    "MUTUAL" : "ONE-WAY");
-		++i;
-	    }
-	    break;
-
-	case TELQUAL_NAME:
-	    i = 2;
-	    output_data(" NAME \"%.*s\"",
-			length - 2,
-			pointer);
-	    break;
-
-	default:
-	    for (i = 2; i < length; i++) {
-		output_data(" ?%d?",
-			    pointer[i]);
-	    }
-	    break;
-	}
-	break;
-#endif
-
-#ifdef ENCRYPTION
-    case TELOPT_ENCRYPT:
-	output_data("ENCRYPT");
-	if (length < 2) {
-	    output_data(" (empty suboption?)");
-	    break;
-	}
-	switch (pointer[1]) {
-	case ENCRYPT_START:
-	    output_data(" START");
-	    break;
-
-	case ENCRYPT_END:
-	    output_data(" END");
-	    break;
-
-	case ENCRYPT_REQSTART:
-	    output_data(" REQUEST-START");
-	    break;
-
-	case ENCRYPT_REQEND:
-	    output_data(" REQUEST-END");
-	    break;
-
-	case ENCRYPT_IS:
-	case ENCRYPT_REPLY:
-	    output_data(" %s ",
-			(pointer[1] == ENCRYPT_IS) ?
-			"IS" : "REPLY");
-	    if (length < 3) {
-		output_data(" (partial suboption?)");
-		break;
-	    }
-	    if (ENCTYPE_NAME_OK(pointer[2]))
-		output_data("%s ",
-			    ENCTYPE_NAME(pointer[2]));
-	    else
-		output_data(" %d (unknown)",
-			    pointer[2]);
-
-	    encrypt_printsub(&pointer[1], length - 1, buf, sizeof(buf));
-	    output_data("%s",
-			buf);
-	    break;
-
-	case ENCRYPT_SUPPORT:
-	    i = 2;
-	    output_data(" SUPPORT ");
-	    while (i < length) {
-		if (ENCTYPE_NAME_OK(pointer[i]))
-		    output_data("%s ",
-				ENCTYPE_NAME(pointer[i]));
-		else
-		    output_data("%d ",
-				pointer[i]);
-		i++;
-	    }
-	    break;
-
-	case ENCRYPT_ENC_KEYID:
-	    output_data(" ENC_KEYID %d", pointer[1]);
-	    goto encommon;
-
-	case ENCRYPT_DEC_KEYID:
-	    output_data(" DEC_KEYID %d", pointer[1]);
-	    goto encommon;
-
-	default:
-	    output_data(" %d (unknown)", pointer[1]);
-	encommon:
-	    for (i = 2; i < length; i++) {
-		output_data(" %d", pointer[i]);
-	    }
-	    break;
-	}
-	break;
-#endif
-
-    default:
-	if (TELOPT_OK(pointer[0]))
-	    output_data("%s (unknown)",
-			TELOPT(pointer[0]));
-	else
-	    output_data("%d (unknown)",
-			pointer[i]);
-	for (i = 1; i < length; i++) {
-	    output_data(" %d", pointer[i]);
-	}
-	break;
-    }
-    output_data("\r\n");
-}
-
-/*
- * Dump a data buffer in hex and ascii to the output data stream.
- */
-void
-printdata(char *tag, char *ptr, int cnt)
-{
-    int i;
-    char xbuf[30];
-
-    while (cnt) {
-	/* flush net output buffer if no room for new data) */
-	if ((&netobuf[BUFSIZ] - nfrontp) < 80) {
-	    netflush();
-	}
-
-	/* add a line of output */
-	output_data("%s: ", tag);
-	for (i = 0; i < 20 && cnt; i++) {
-	    output_data("%02x", *ptr);
-	    if (isprint((unsigned char)*ptr)) {
-		xbuf[i] = *ptr;
-	    } else {
-		xbuf[i] = '.';
-	    }
-	    if (i % 2) {
-		output_data(" ");
-	    }
-	    cnt--;
-	    ptr++;
-	}
-	xbuf[i] = '\0';
-	output_data(" %s\r\n", xbuf);
-    }
-}
-#endif /* DIAGNOSTICS */
diff --git a/crypto/heimdal/appl/test/Makefile.am b/crypto/heimdal/appl/test/Makefile.am
deleted file mode 100644
index 21f2013b71e1..000000000000
--- a/crypto/heimdal/appl/test/Makefile.am
+++ /dev/null
@@ -1,42 +0,0 @@
-# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-noinst_PROGRAMS = tcp_client tcp_server gssapi_server gssapi_client \
-	uu_server uu_client nt_gss_server nt_gss_client http_client
-
-tcp_client_SOURCES = tcp_client.c common.c test_locl.h
-
-tcp_server_SOURCES = tcp_server.c common.c test_locl.h
-
-gssapi_server_SOURCES = gssapi_server.c gss_common.c common.c \
-	gss_common.h test_locl.h
-
-gssapi_client_SOURCES = gssapi_client.c gss_common.c common.c \
-	gss_common.h test_locl.h
-
-http_client_SOURCES = http_client.c gss_common.c common.c \
-	gss_common.h test_locl.h
-
-uu_server_SOURCES = uu_server.c common.c test_locl.h
-
-uu_client_SOURCES = uu_client.c common.c test_locl.h
-
-gssapi_server_LDADD = $(top_builddir)/lib/gssapi/libgssapi.la $(LDADD)
-
-gssapi_client_LDADD = $(gssapi_server_LDADD)
-
-http_client_LDADD = $(top_builddir)/lib/gssapi/libgssapi.la $(LDADD)
-
-nt_gss_client_SOURCES = nt_gss_client.c nt_gss_common.c nt_gss_common.h common.c
-
-nt_gss_server_SOURCES = nt_gss_server.c nt_gss_common.c nt_gss_common.h
-
-nt_gss_client_LDADD = $(gssapi_server_LDADD)
-
-nt_gss_server_LDADD = $(nt_gss_client_LDADD)
-
-LDADD = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken)
diff --git a/crypto/heimdal/appl/test/Makefile.in b/crypto/heimdal/appl/test/Makefile.in
deleted file mode 100644
index fb9e36884f94..000000000000
--- a/crypto/heimdal/appl/test/Makefile.in
+++ /dev/null
@@ -1,856 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common
-noinst_PROGRAMS = tcp_client$(EXEEXT) tcp_server$(EXEEXT) \
-	gssapi_server$(EXEEXT) gssapi_client$(EXEEXT) \
-	uu_server$(EXEEXT) uu_client$(EXEEXT) nt_gss_server$(EXEEXT) \
-	nt_gss_client$(EXEEXT) http_client$(EXEEXT)
-subdir = appl/test
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-PROGRAMS = $(noinst_PROGRAMS)
-am_gssapi_client_OBJECTS = gssapi_client.$(OBJEXT) \
-	gss_common.$(OBJEXT) common.$(OBJEXT)
-gssapi_client_OBJECTS = $(am_gssapi_client_OBJECTS)
-am__DEPENDENCIES_1 =
-am__DEPENDENCIES_2 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
-	$(am__DEPENDENCIES_1)
-am__DEPENDENCIES_3 = $(top_builddir)/lib/gssapi/libgssapi.la \
-	$(am__DEPENDENCIES_2)
-gssapi_client_DEPENDENCIES = $(am__DEPENDENCIES_3)
-am_gssapi_server_OBJECTS = gssapi_server.$(OBJEXT) \
-	gss_common.$(OBJEXT) common.$(OBJEXT)
-gssapi_server_OBJECTS = $(am_gssapi_server_OBJECTS)
-gssapi_server_DEPENDENCIES = $(top_builddir)/lib/gssapi/libgssapi.la \
-	$(am__DEPENDENCIES_2)
-am_http_client_OBJECTS = http_client.$(OBJEXT) gss_common.$(OBJEXT) \
-	common.$(OBJEXT)
-http_client_OBJECTS = $(am_http_client_OBJECTS)
-http_client_DEPENDENCIES = $(top_builddir)/lib/gssapi/libgssapi.la \
-	$(am__DEPENDENCIES_2)
-am_nt_gss_client_OBJECTS = nt_gss_client.$(OBJEXT) \
-	nt_gss_common.$(OBJEXT) common.$(OBJEXT)
-nt_gss_client_OBJECTS = $(am_nt_gss_client_OBJECTS)
-nt_gss_client_DEPENDENCIES = $(am__DEPENDENCIES_3)
-am_nt_gss_server_OBJECTS = nt_gss_server.$(OBJEXT) \
-	nt_gss_common.$(OBJEXT)
-nt_gss_server_OBJECTS = $(am_nt_gss_server_OBJECTS)
-am__DEPENDENCIES_4 = $(am__DEPENDENCIES_3)
-nt_gss_server_DEPENDENCIES = $(am__DEPENDENCIES_4)
-am_tcp_client_OBJECTS = tcp_client.$(OBJEXT) common.$(OBJEXT)
-tcp_client_OBJECTS = $(am_tcp_client_OBJECTS)
-tcp_client_LDADD = $(LDADD)
-tcp_client_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
-	$(am__DEPENDENCIES_1)
-am_tcp_server_OBJECTS = tcp_server.$(OBJEXT) common.$(OBJEXT)
-tcp_server_OBJECTS = $(am_tcp_server_OBJECTS)
-tcp_server_LDADD = $(LDADD)
-tcp_server_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
-	$(am__DEPENDENCIES_1)
-am_uu_client_OBJECTS = uu_client.$(OBJEXT) common.$(OBJEXT)
-uu_client_OBJECTS = $(am_uu_client_OBJECTS)
-uu_client_LDADD = $(LDADD)
-uu_client_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
-	$(am__DEPENDENCIES_1)
-am_uu_server_OBJECTS = uu_server.$(OBJEXT) common.$(OBJEXT)
-uu_server_OBJECTS = $(am_uu_server_OBJECTS)
-uu_server_LDADD = $(LDADD)
-uu_server_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
-	$(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-SOURCES = $(gssapi_client_SOURCES) $(gssapi_server_SOURCES) \
-	$(http_client_SOURCES) $(nt_gss_client_SOURCES) \
-	$(nt_gss_server_SOURCES) $(tcp_client_SOURCES) \
-	$(tcp_server_SOURCES) $(uu_client_SOURCES) \
-	$(uu_server_SOURCES)
-DIST_SOURCES = $(gssapi_client_SOURCES) $(gssapi_server_SOURCES) \
-	$(http_client_SOURCES) $(nt_gss_client_SOURCES) \
-	$(nt_gss_server_SOURCES) $(tcp_client_SOURCES) \
-	$(tcp_server_SOURCES) $(uu_client_SOURCES) \
-	$(uu_server_SOURCES)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-tcp_client_SOURCES = tcp_client.c common.c test_locl.h
-tcp_server_SOURCES = tcp_server.c common.c test_locl.h
-gssapi_server_SOURCES = gssapi_server.c gss_common.c common.c \
-	gss_common.h test_locl.h
-
-gssapi_client_SOURCES = gssapi_client.c gss_common.c common.c \
-	gss_common.h test_locl.h
-
-http_client_SOURCES = http_client.c gss_common.c common.c \
-	gss_common.h test_locl.h
-
-uu_server_SOURCES = uu_server.c common.c test_locl.h
-uu_client_SOURCES = uu_client.c common.c test_locl.h
-gssapi_server_LDADD = $(top_builddir)/lib/gssapi/libgssapi.la $(LDADD)
-gssapi_client_LDADD = $(gssapi_server_LDADD)
-http_client_LDADD = $(top_builddir)/lib/gssapi/libgssapi.la $(LDADD)
-nt_gss_client_SOURCES = nt_gss_client.c nt_gss_common.c nt_gss_common.h common.c
-nt_gss_server_SOURCES = nt_gss_server.c nt_gss_common.c nt_gss_common.h
-nt_gss_client_LDADD = $(gssapi_server_LDADD)
-nt_gss_server_LDADD = $(nt_gss_client_LDADD)
-LDADD = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps appl/test/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps appl/test/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-clean-noinstPROGRAMS:
-	@list='$(noinst_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-gssapi_client$(EXEEXT): $(gssapi_client_OBJECTS) $(gssapi_client_DEPENDENCIES) 
-	@rm -f gssapi_client$(EXEEXT)
-	$(LINK) $(gssapi_client_OBJECTS) $(gssapi_client_LDADD) $(LIBS)
-gssapi_server$(EXEEXT): $(gssapi_server_OBJECTS) $(gssapi_server_DEPENDENCIES) 
-	@rm -f gssapi_server$(EXEEXT)
-	$(LINK) $(gssapi_server_OBJECTS) $(gssapi_server_LDADD) $(LIBS)
-http_client$(EXEEXT): $(http_client_OBJECTS) $(http_client_DEPENDENCIES) 
-	@rm -f http_client$(EXEEXT)
-	$(LINK) $(http_client_OBJECTS) $(http_client_LDADD) $(LIBS)
-nt_gss_client$(EXEEXT): $(nt_gss_client_OBJECTS) $(nt_gss_client_DEPENDENCIES) 
-	@rm -f nt_gss_client$(EXEEXT)
-	$(LINK) $(nt_gss_client_OBJECTS) $(nt_gss_client_LDADD) $(LIBS)
-nt_gss_server$(EXEEXT): $(nt_gss_server_OBJECTS) $(nt_gss_server_DEPENDENCIES) 
-	@rm -f nt_gss_server$(EXEEXT)
-	$(LINK) $(nt_gss_server_OBJECTS) $(nt_gss_server_LDADD) $(LIBS)
-tcp_client$(EXEEXT): $(tcp_client_OBJECTS) $(tcp_client_DEPENDENCIES) 
-	@rm -f tcp_client$(EXEEXT)
-	$(LINK) $(tcp_client_OBJECTS) $(tcp_client_LDADD) $(LIBS)
-tcp_server$(EXEEXT): $(tcp_server_OBJECTS) $(tcp_server_DEPENDENCIES) 
-	@rm -f tcp_server$(EXEEXT)
-	$(LINK) $(tcp_server_OBJECTS) $(tcp_server_LDADD) $(LIBS)
-uu_client$(EXEEXT): $(uu_client_OBJECTS) $(uu_client_DEPENDENCIES) 
-	@rm -f uu_client$(EXEEXT)
-	$(LINK) $(uu_client_OBJECTS) $(uu_client_LDADD) $(LIBS)
-uu_server$(EXEEXT): $(uu_server_OBJECTS) $(uu_server_DEPENDENCIES) 
-	@rm -f uu_server$(EXEEXT)
-	$(LINK) $(uu_server_OBJECTS) $(uu_server_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) all-local
-installdirs:
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool clean-noinstPROGRAMS \
-	mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
-	clean clean-generic clean-libtool clean-noinstPROGRAMS ctags \
-	dist-hook distclean distclean-compile distclean-generic \
-	distclean-libtool distclean-tags distdir dvi dvi-am html \
-	html-am info info-am install install-am install-data \
-	install-data-am install-data-hook install-dvi install-dvi-am \
-	install-exec install-exec-am install-exec-hook install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-ps install-ps-am \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
-	pdf pdf-am ps ps-am tags uninstall uninstall-am uninstall-hook
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/test/common.c b/crypto/heimdal/appl/test/common.c
deleted file mode 100644
index 595c8287e12f..000000000000
--- a/crypto/heimdal/appl/test/common.c
+++ /dev/null
@@ -1,174 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "test_locl.h"
-
-RCSID("$Id: common.c 12796 2003-09-09 03:38:04Z lha $");
-
-static int help_flag;
-static int version_flag;
-static char *port_str;
-static char *keytab_str;
-krb5_keytab keytab;
-char *service = SERVICE;
-char *mech = "krb5";
-int fork_flag;
-
-static struct getargs args[] = {
-    { "port", 'p', arg_string, &port_str, "port to listen to", "port" },
-    { "service", 's', arg_string, &service, "service to use", "service" },
-    { "keytab", 'k', arg_string, &keytab_str, "keytab to use", "keytab" },
-    { "mech", 'm', arg_string, &mech, "gssapi mech to use", "mech" },
-    { "fork", 'f', arg_flag, &fork_flag, "do fork" },
-    { "help", 'h', arg_flag, &help_flag },
-    { "version", 0, arg_flag, &version_flag }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-server_usage(int code, struct getargs *args, int num_args)
-{
-    arg_printusage(args, num_args, NULL, "");
-    exit(code);
-}
-
-static void
-client_usage(int code, struct getargs *args, int num_args)
-{
-    arg_printusage(args, num_args, NULL, "host");
-    exit(code);
-}
-
-
-static int
-common_setup(krb5_context *context, int *argc, char **argv, 
-	     void (*usage)(int, struct getargs*, int))
-{
-    int port = 0;
-    *argc = krb5_program_setup(context, *argc, argv, args, num_args, usage);
-
-    if(help_flag)
-	(*usage)(0, args, num_args);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-    
-    if(port_str){
-	struct servent *s = roken_getservbyname(port_str, "tcp");
-	if(s)
-	    port = s->s_port;
-	else {
-	    char *ptr;
-
-	    port = strtol (port_str, &ptr, 10);
-	    if (port == 0 && ptr == port_str)
-		errx (1, "Bad port `%s'", port_str);
-	    port = htons(port);
-	}
-    }
-
-    if (port == 0)
-	port = krb5_getportbyname (*context, PORT, "tcp", 4711);
-    
-    return port;
-}
-
-int
-server_setup(krb5_context *context, int argc, char **argv)
-{
-    int port = common_setup(context, &argc, argv, server_usage);
-    krb5_error_code ret;
-
-    if(argv[argc] != NULL)
-	server_usage(1, args, num_args);
-    if (keytab_str != NULL)
-	ret = krb5_kt_resolve (*context, keytab_str, &keytab);
-    else
-	ret = krb5_kt_default (*context, &keytab);
-    if (ret)
-	krb5_err (*context, 1, ret, "krb5_kt_resolve/default");
-    return port;
-}
-
-int
-client_setup(krb5_context *context, int *argc, char **argv)
-{
-    int optind = *argc;
-    int port = common_setup(context, &optind, argv, client_usage);
-    if(*argc - optind != 1)
-	client_usage(1, args, num_args);
-    *argc = optind;
-    return port;
-}
-
-int
-client_doit (const char *hostname, int port, const char *service,
-	     int (*func)(int, const char *hostname, const char *service))
-{
-    struct addrinfo *ai, *a;
-    struct addrinfo hints;
-    int error;
-    char portstr[NI_MAXSERV];
-
-    memset (&hints, 0, sizeof(hints));
-    hints.ai_socktype = SOCK_STREAM;
-    hints.ai_protocol = IPPROTO_TCP;
-
-    snprintf (portstr, sizeof(portstr), "%u", ntohs(port));
-
-    error = getaddrinfo (hostname, portstr, &hints, &ai);
-    if (error) {
-	errx (1, "%s: %s", hostname, gai_strerror(error));
-	return -1;
-    }
-
-    for (a = ai; a != NULL; a = a->ai_next) {
-	int s;
-
-	s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
-	if (s < 0)
-	    continue;
-	if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
-	    warn ("connect(%s)", hostname);
-	    close (s);
-	    continue;
-	}
-	freeaddrinfo (ai);
-	return (*func) (s, hostname, service);
-    }
-    warnx ("failed to contact %s", hostname);
-    freeaddrinfo (ai);
-    return 1;
-}
diff --git a/crypto/heimdal/appl/test/gss_common.c b/crypto/heimdal/appl/test/gss_common.c
deleted file mode 100644
index 4c80e543b7c8..000000000000
--- a/crypto/heimdal/appl/test/gss_common.c
+++ /dev/null
@@ -1,152 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "test_locl.h"
-#include <gssapi.h>
-#include "gss_common.h"
-RCSID("$Id: gss_common.c 19937 2007-01-16 21:56:01Z lha $");
-
-void
-write_token (int sock, gss_buffer_t buf)
-{
-    uint32_t len, net_len;
-    OM_uint32 min_stat;
-
-    len = buf->length;
-
-    net_len = htonl(len);
-
-    if (net_write (sock, &net_len, 4) != 4)
-	err (1, "write");
-    if (net_write (sock, buf->value, len) != len)
-	err (1, "write");
-
-    gss_release_buffer (&min_stat, buf);
-}
-
-static void
-enet_read(int fd, void *buf, size_t len)
-{
-    ssize_t ret;
-
-    ret = net_read (fd, buf, len);
-    if (ret == 0)
-	errx (1, "EOF in read");
-    else if (ret < 0)
-	errx (1, "read");
-}
-
-void
-read_token (int sock, gss_buffer_t buf)
-{
-    uint32_t len, net_len;
-
-    enet_read (sock, &net_len, 4);
-    len = ntohl(net_len);
-    buf->length = len;
-    buf->value  = emalloc(len);
-    enet_read (sock, buf->value, len);
-}
-
-void
-gss_print_errors (int min_stat)
-{
-    OM_uint32 new_stat;
-    OM_uint32 msg_ctx = 0;
-    gss_buffer_desc status_string;
-    OM_uint32 ret;
-
-    do {
-	ret = gss_display_status (&new_stat,
-				  min_stat,
-				  GSS_C_MECH_CODE,
-				  GSS_C_NO_OID,
-				  &msg_ctx,
-				  &status_string);
-	fprintf (stderr, "%.*s\n", (int)status_string.length, 
-		 (char *)status_string.value);
-	gss_release_buffer (&new_stat, &status_string);
-    } while (!GSS_ERROR(ret) && msg_ctx != 0);
-}
-
-void
-gss_verr(int exitval, int status, const char *fmt, va_list ap)
-{
-    vwarnx (fmt, ap);
-    gss_print_errors (status);
-    exit (exitval);
-}
-
-void
-gss_err(int exitval, int status, const char *fmt, ...)
-{
-    va_list args;
-
-    va_start(args, fmt);
-    gss_verr (exitval, status, fmt, args);
-    va_end(args);
-}
-
-gss_OID
-select_mech(const char *mech)
-{
-    if (strcasecmp(mech, "krb5") == 0)
-	return GSS_KRB5_MECHANISM;
-    else if (strcasecmp(mech, "spnego") == 0)
-	return GSS_SPNEGO_MECHANISM;
-    else if (strcasecmp(mech, "no-oid") == 0)
-	return GSS_C_NO_OID;
-    else
-	errx (1, "Unknown mechanism '%s' (spnego, krb5, no-oid)", mech);
-}
-
-void
-print_gss_name(const char *prefix, gss_name_t name)
-{
-    OM_uint32 maj_stat, min_stat;
-    gss_buffer_desc name_token;
-
-    maj_stat = gss_display_name (&min_stat,
-				 name,
-				 &name_token,
-				 NULL);
-    if (GSS_ERROR(maj_stat))
-	gss_err (1, min_stat, "gss_display_name");
-
-    fprintf (stderr, "%s `%.*s'\n", prefix,
-	     (int)name_token.length,
-	     (char *)name_token.value);
-
-    gss_release_buffer (&min_stat, &name_token);
-
-}
diff --git a/crypto/heimdal/appl/test/gss_common.h b/crypto/heimdal/appl/test/gss_common.h
deleted file mode 100644
index 598ac8c287d8..000000000000
--- a/crypto/heimdal/appl/test/gss_common.h
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: gss_common.h 14661 2005-03-19 03:13:14Z lha $ */
-
-void write_token (int sock, gss_buffer_t buf);
-void read_token (int sock, gss_buffer_t buf);
-
-void gss_print_errors (int min_stat);
-
-void gss_verr(int exitval, int status, const char *fmt, va_list ap)
-    __attribute__ ((format (printf, 3, 0)));
-
-void gss_err(int exitval, int status, const char *fmt, ...)
-    __attribute__ ((format (printf, 3, 4)));
-
-gss_OID select_mech(const char *);
-
-void print_gss_name(const char *, gss_name_t);
diff --git a/crypto/heimdal/appl/test/gssapi_client.c b/crypto/heimdal/appl/test/gssapi_client.c
deleted file mode 100644
index d10fc5701fa8..000000000000
--- a/crypto/heimdal/appl/test/gssapi_client.c
+++ /dev/null
@@ -1,248 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "test_locl.h"
-#include <gssapi.h>
-#include "gss_common.h"
-RCSID("$Id: gssapi_client.c 21521 2007-07-12 13:13:40Z lha $");
-
-static int
-do_trans (int sock, gss_ctx_id_t context_hdl)
-{
-    OM_uint32 maj_stat, min_stat;
-    gss_buffer_desc real_input_token, real_output_token;
-    gss_buffer_t input_token = &real_input_token,
-	output_token = &real_output_token;
-
-    /* get_mic */
-
-    input_token->length = 3;
-    input_token->value  = strdup("hej");
-
-    maj_stat = gss_get_mic(&min_stat,
-			   context_hdl,
-			   GSS_C_QOP_DEFAULT,
-			   input_token,
-			   output_token);
-    if (GSS_ERROR(maj_stat))
-	gss_err (1, min_stat, "gss_get_mic");
-
-    write_token (sock, input_token);
-    write_token (sock, output_token);
-
-    /* wrap */
-
-    input_token->length = 7;
-    input_token->value  = "hemligt";
-
-    maj_stat = gss_wrap (&min_stat,
-			 context_hdl,
-			 0,
-			 GSS_C_QOP_DEFAULT,
-			 input_token,
-			 NULL,
-			 output_token);
-    if (GSS_ERROR(maj_stat))
-	gss_err (1, min_stat, "gss_wrap");
-
-    write_token (sock, output_token);
-
-    maj_stat = gss_wrap (&min_stat,
-			 context_hdl,
-			 1,
-			 GSS_C_QOP_DEFAULT,
-			 input_token,
-			 NULL,
-			 output_token);
-    if (GSS_ERROR(maj_stat))
-	gss_err (1, min_stat, "gss_wrap");
-
-    write_token (sock, output_token);
-
-    return 0;
-}
-
-static int
-proto (int sock, const char *hostname, const char *service)
-{
-    struct sockaddr_in remote, local;
-    socklen_t addrlen;
-
-    int context_established = 0;
-    gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT;
-    gss_buffer_desc real_input_token, real_output_token;
-    gss_buffer_t input_token = &real_input_token,
-	output_token = &real_output_token;
-    OM_uint32 maj_stat, min_stat;
-    gss_name_t server;
-    gss_buffer_desc name_token;
-    struct gss_channel_bindings_struct input_chan_bindings;
-    u_char init_buf[4];
-    u_char acct_buf[4];
-    gss_OID mech_oid;
-    char *str;
-
-    mech_oid = select_mech(mech);
-
-    name_token.length = asprintf (&str,
-				  "%s@%s", service, hostname);
-    if (str == NULL)
-	errx(1, "malloc - out of memory");
-    name_token.value = str;
-	
-    maj_stat = gss_import_name (&min_stat,
-				&name_token,
-				GSS_C_NT_HOSTBASED_SERVICE,
-				&server);
-    if (GSS_ERROR(maj_stat))
-	gss_err (1, min_stat,
-		 "Error importing name `%s@%s':\n", service, hostname);
-
-    addrlen = sizeof(local);
-    if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0
-	|| addrlen != sizeof(local))
-	err (1, "getsockname(%s)", hostname);
-
-    addrlen = sizeof(remote);
-    if (getpeername (sock, (struct sockaddr *)&remote, &addrlen) < 0
-	|| addrlen != sizeof(remote))
-	err (1, "getpeername(%s)", hostname);
-
-    input_token->length = 0;
-    output_token->length = 0;
-
-    input_chan_bindings.initiator_addrtype = GSS_C_AF_INET;
-    input_chan_bindings.initiator_address.length = 4;
-    init_buf[0] = (local.sin_addr.s_addr >> 24) & 0xFF;
-    init_buf[1] = (local.sin_addr.s_addr >> 16) & 0xFF;
-    init_buf[2] = (local.sin_addr.s_addr >>  8) & 0xFF;
-    init_buf[3] = (local.sin_addr.s_addr >>  0) & 0xFF;
-    input_chan_bindings.initiator_address.value = init_buf;
-
-    input_chan_bindings.acceptor_addrtype = GSS_C_AF_INET;
-    input_chan_bindings.acceptor_address.length = 4;
-    acct_buf[0] = (remote.sin_addr.s_addr >> 24) & 0xFF;
-    acct_buf[1] = (remote.sin_addr.s_addr >> 16) & 0xFF;
-    acct_buf[2] = (remote.sin_addr.s_addr >>  8) & 0xFF;
-    acct_buf[3] = (remote.sin_addr.s_addr >>  0) & 0xFF;
-    input_chan_bindings.acceptor_address.value = acct_buf;
-    
-#if 0
-    input_chan_bindings.application_data.value = emalloc(4);
-    * (unsigned short*)input_chan_bindings.application_data.value = local.sin_port;
-    * ((unsigned short *)input_chan_bindings.application_data.value + 1) = remote.sin_port;
-    input_chan_bindings.application_data.length = 4;
-#else
-    input_chan_bindings.application_data.length = 0;
-    input_chan_bindings.application_data.value = NULL;
-#endif
-
-    while(!context_established) {
-	maj_stat =
-	    gss_init_sec_context(&min_stat,
-				 GSS_C_NO_CREDENTIAL,
-				 &context_hdl,
-				 server,
-				 mech_oid,
-				 GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG
-				 | GSS_C_DELEG_FLAG,
-				 0,
-				 &input_chan_bindings,
-				 input_token,
-				 NULL,
-				 output_token,
-				 NULL,
-				 NULL);
-	if (GSS_ERROR(maj_stat))
-	    gss_err (1, min_stat, "gss_init_sec_context");
-	if (output_token->length != 0)
-	    write_token (sock, output_token);
-	if (GSS_ERROR(maj_stat)) {
-	    if (context_hdl != GSS_C_NO_CONTEXT)
-		gss_delete_sec_context (&min_stat,
-					&context_hdl,
-					GSS_C_NO_BUFFER);
-	    break;
-	}
-	if (maj_stat & GSS_S_CONTINUE_NEEDED) {
-	    read_token (sock, input_token);
-	} else {
-	    context_established = 1;
-	}
-
-    }
-    if (fork_flag) {
-	pid_t pid;
-	int pipefd[2];
-
-	if (pipe (pipefd) < 0)
-	    err (1, "pipe");
-
-	pid = fork ();
-	if (pid < 0)
-	    err (1, "fork");
-	if (pid != 0) {
-	    gss_buffer_desc buf;
-
-	    maj_stat = gss_export_sec_context (&min_stat,
-					       &context_hdl,
-					       &buf);
-	    if (GSS_ERROR(maj_stat))
-		gss_err (1, min_stat, "gss_export_sec_context");
-	    write_token (pipefd[1], &buf);
-	    exit (0);
-	} else {
-	    gss_ctx_id_t context_hdl;
-	    gss_buffer_desc buf;
-
-	    close (pipefd[1]);
-	    read_token (pipefd[0], &buf);
-	    close (pipefd[0]);
-	    maj_stat = gss_import_sec_context (&min_stat, &buf, &context_hdl);
-	    if (GSS_ERROR(maj_stat))
-		gss_err (1, min_stat, "gss_import_sec_context");
-	    gss_release_buffer (&min_stat, &buf);
-	    return do_trans (sock, context_hdl);
-	}
-    } else {
-	return do_trans (sock, context_hdl);
-    }
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context; /* XXX */
-    int port = client_setup(&context, &argc, argv);
-    return client_doit (argv[argc], port, service, proto);
-}
diff --git a/crypto/heimdal/appl/test/gssapi_server.c b/crypto/heimdal/appl/test/gssapi_server.c
deleted file mode 100644
index e63a2bc8c538..000000000000
--- a/crypto/heimdal/appl/test/gssapi_server.c
+++ /dev/null
@@ -1,334 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "test_locl.h"
-#include <gssapi.h>
-#include "gss_common.h"
-RCSID("$Id: gssapi_server.c 14762 2005-04-10 14:47:41Z lha $");
-
-static int
-process_it(int sock,
-	   gss_ctx_id_t context_hdl,
-	   gss_name_t client_name
-	   )
-{
-    OM_uint32 maj_stat, min_stat;
-    gss_buffer_desc real_input_token, real_output_token;
-    gss_buffer_t input_token = &real_input_token,
-	output_token = &real_output_token;
-    gss_name_t server_name;
-    int conf_flag;
-
-    print_gss_name("User is", client_name);
-
-    maj_stat = gss_inquire_context(&min_stat,
-				   context_hdl,
-				   NULL,
-				   &server_name,
-				   NULL,
-				   NULL,
-				   NULL,
-				   NULL,
-				   NULL);
-    if (GSS_ERROR(maj_stat))
-	gss_err (1, min_stat, "gss_inquire_context");
-
-    print_gss_name("Server is", server_name);
-
-    maj_stat = gss_release_name(&min_stat, &server_name);
-    if (GSS_ERROR(maj_stat))
-	gss_err (1, min_stat, "gss_release_name");
-
-    /* gss_verify_mic */
-
-    read_token (sock, input_token);
-    read_token (sock, output_token);
-
-    maj_stat = gss_verify_mic (&min_stat,
-			       context_hdl,
-			       input_token,
-			       output_token,
-			       NULL);
-    if (GSS_ERROR(maj_stat))
-	gss_err (1, min_stat, "gss_verify_mic");
-
-    fprintf (stderr, "gss_verify_mic: %.*s\n", (int)input_token->length,
-	    (char *)input_token->value);
-
-    gss_release_buffer (&min_stat, input_token);
-    gss_release_buffer (&min_stat, output_token);
-
-    /* gss_unwrap */
-
-    read_token (sock, input_token);
-
-    maj_stat = gss_unwrap (&min_stat,
-			   context_hdl,
-			   input_token,
-			   output_token,
-			   &conf_flag,
-			   NULL);
-    if(GSS_ERROR(maj_stat))
-	gss_err (1, min_stat, "gss_unwrap");
-
-    fprintf (stderr, "gss_unwrap: %.*s %s\n", (int)output_token->length,
-	    (char *)output_token->value,
-	     conf_flag ? "CONF" : "INT");
-
-    gss_release_buffer (&min_stat, input_token);
-    gss_release_buffer (&min_stat, output_token);
-
-    read_token (sock, input_token);
-
-    maj_stat = gss_unwrap (&min_stat,
-			   context_hdl,
-			   input_token,
-			   output_token,
-			   &conf_flag,
-			   NULL);
-    if(GSS_ERROR(maj_stat))
-	gss_err (1, min_stat, "gss_unwrap");
-
-    fprintf (stderr, "gss_unwrap: %.*s %s\n", (int)output_token->length,
-	     (char *)output_token->value,
-	     conf_flag ? "CONF" : "INT");
-
-    gss_release_buffer (&min_stat, input_token);
-    gss_release_buffer (&min_stat, output_token);
-
-    return 0;
-}
-
-static int
-proto (int sock, const char *service)
-{
-    struct sockaddr_in remote, local;
-    socklen_t addrlen;
-    gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT;
-    gss_buffer_desc real_input_token, real_output_token;
-    gss_buffer_t input_token = &real_input_token,
-	output_token = &real_output_token;
-    OM_uint32 maj_stat, min_stat;
-    gss_name_t client_name;
-    struct gss_channel_bindings_struct input_chan_bindings;
-    gss_cred_id_t delegated_cred_handle = NULL;
-    krb5_ccache ccache;
-    u_char init_buf[4];
-    u_char acct_buf[4];
-    gss_OID mech_oid;
-    char *mech, *p;
-
-    addrlen = sizeof(local);
-    if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0
-	|| addrlen != sizeof(local))
-	err (1, "getsockname)");
-
-    addrlen = sizeof(remote);
-    if (getpeername (sock, (struct sockaddr *)&remote, &addrlen) < 0
-	|| addrlen != sizeof(remote))
-	err (1, "getpeername");
-
-    input_chan_bindings.initiator_addrtype = GSS_C_AF_INET;
-    input_chan_bindings.initiator_address.length = 4;
-    init_buf[0] = (remote.sin_addr.s_addr >> 24) & 0xFF;
-    init_buf[1] = (remote.sin_addr.s_addr >> 16) & 0xFF;
-    init_buf[2] = (remote.sin_addr.s_addr >>  8) & 0xFF;
-    init_buf[3] = (remote.sin_addr.s_addr >>  0) & 0xFF;
-
-    input_chan_bindings.initiator_address.value = init_buf;
-    input_chan_bindings.acceptor_addrtype = GSS_C_AF_INET;
-
-    input_chan_bindings.acceptor_address.length = 4;
-    acct_buf[0] = (local.sin_addr.s_addr >> 24) & 0xFF;
-    acct_buf[1] = (local.sin_addr.s_addr >> 16) & 0xFF;
-    acct_buf[2] = (local.sin_addr.s_addr >>  8) & 0xFF;
-    acct_buf[3] = (local.sin_addr.s_addr >>  0) & 0xFF;
-    input_chan_bindings.acceptor_address.value = acct_buf;
-    input_chan_bindings.application_data.value = emalloc(4);
-#if 0
-    * (unsigned short *)input_chan_bindings.application_data.value =
-                          remote.sin_port;
-    * ((unsigned short *)input_chan_bindings.application_data.value + 1) =
-                          local.sin_port;
-    input_chan_bindings.application_data.length = 4;
-#else
-    input_chan_bindings.application_data.length = 0;
-    input_chan_bindings.application_data.value = NULL;
-#endif
-    
-    delegated_cred_handle = GSS_C_NO_CREDENTIAL;
-    
-    do {
-	read_token (sock, input_token);
-	maj_stat =
-	    gss_accept_sec_context (&min_stat,
-				    &context_hdl,
-				    GSS_C_NO_CREDENTIAL,
-				    input_token,
-				    &input_chan_bindings,
-				    &client_name,
-				    &mech_oid,
-				    output_token,
-				    NULL,
-				    NULL,
-				    &delegated_cred_handle);
-	if(GSS_ERROR(maj_stat))
-	    gss_err (1, min_stat, "gss_accept_sec_context");
-	if (output_token->length != 0)
-	    write_token (sock, output_token);
-	if (GSS_ERROR(maj_stat)) {
-	    if (context_hdl != GSS_C_NO_CONTEXT)
-		gss_delete_sec_context (&min_stat,
-					&context_hdl,
-					GSS_C_NO_BUFFER);
-	    break;
-	}
-    } while(maj_stat & GSS_S_CONTINUE_NEEDED);
-    
-    p = (char *)mech_oid->elements;
-    if (mech_oid->length == GSS_KRB5_MECHANISM->length
-	&& memcmp(p, GSS_KRB5_MECHANISM->elements, mech_oid->length) == 0)
-	mech = "Kerberos 5";
-    else if (mech_oid->length == GSS_SPNEGO_MECHANISM->length
-	&& memcmp(p, GSS_SPNEGO_MECHANISM->elements, mech_oid->length) == 0)
-	mech = "SPNEGO"; /* XXX Silly, wont show up */
-    else
-	mech = "Unknown";
-
-    printf("Using mech: %s\n", mech);
-
-    if (delegated_cred_handle != GSS_C_NO_CREDENTIAL) {
-       krb5_context context;
-
-       printf("Delegated cred found\n");
-
-       maj_stat = krb5_init_context(&context);
-       maj_stat = krb5_cc_resolve(context, "FILE:/tmp/krb5cc_test", &ccache);
-       maj_stat = gss_krb5_copy_ccache(&min_stat,
-				       delegated_cred_handle,
-				       ccache);
-       if (maj_stat == 0) {
-	   krb5_principal p;
-	   maj_stat = krb5_cc_get_principal(context, ccache, &p);
-	   if (maj_stat == 0) {
-	       char *name;
-	       maj_stat = krb5_unparse_name(context, p, &name);
-	       if (maj_stat == 0) {
-		   printf("Delegated user is: `%s'\n", name);
-		   free(name);
-	       }
-	       krb5_free_principal(context, p);
-	   }
-       }
-       krb5_cc_close(context, ccache);
-       gss_release_cred(&min_stat, &delegated_cred_handle);
-    }
-
-    if (fork_flag) {
-	pid_t pid;
-	int pipefd[2];
-
-	if (pipe (pipefd) < 0)
-	    err (1, "pipe");
-
-	pid = fork ();
-	if (pid < 0)
-	    err (1, "fork");
-	if (pid != 0) {
-	    gss_buffer_desc buf;
-
-	    maj_stat = gss_export_sec_context (&min_stat,
-					       &context_hdl,
-					       &buf);
-	    if (GSS_ERROR(maj_stat))
-		gss_err (1, min_stat, "gss_export_sec_context");
-	    write_token (pipefd[1], &buf);
-	    exit (0);
-	} else {
-	    gss_ctx_id_t context_hdl;
-	    gss_buffer_desc buf;
-
-	    close (pipefd[1]);
-	    read_token (pipefd[0], &buf);
-	    close (pipefd[0]);
-	    maj_stat = gss_import_sec_context (&min_stat, &buf, &context_hdl);
-	    if (GSS_ERROR(maj_stat))
-		gss_err (1, min_stat, "gss_import_sec_context");
-	    gss_release_buffer (&min_stat, &buf);
-	    return process_it (sock, context_hdl, client_name);
-	}
-    } else {
-	return process_it (sock, context_hdl, client_name);
-    }
-}
-
-static int
-doit (int port, const char *service)
-{
-    int sock, sock2;
-    struct sockaddr_in my_addr;
-    int one = 1;
-
-    sock = socket (AF_INET, SOCK_STREAM, 0);
-    if (sock < 0)
-	err (1, "socket");
-
-    memset (&my_addr, 0, sizeof(my_addr));
-    my_addr.sin_family      = AF_INET;
-    my_addr.sin_port        = port;
-    my_addr.sin_addr.s_addr = INADDR_ANY;
-
-    if (setsockopt (sock, SOL_SOCKET, SO_REUSEADDR,
-		    (void *)&one, sizeof(one)) < 0)
-	warn ("setsockopt SO_REUSEADDR");
-
-    if (bind (sock, (struct sockaddr *)&my_addr, sizeof(my_addr)) < 0)
-	err (1, "bind");
-
-    if (listen (sock, 1) < 0)
-	err (1, "listen");
-
-    sock2 = accept (sock, NULL, NULL);
-    if (sock2 < 0)
-	err (1, "accept");
-
-    return proto (sock2, service);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context = NULL; /* XXX */
-    int port = server_setup(&context, argc, argv);
-    return doit (port, service);
-}
diff --git a/crypto/heimdal/appl/test/http_client.c b/crypto/heimdal/appl/test/http_client.c
deleted file mode 100644
index 074ba3768bef..000000000000
--- a/crypto/heimdal/appl/test/http_client.c
+++ /dev/null
@@ -1,504 +0,0 @@
-/*
- * Copyright (c) 2003 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "test_locl.h"
-#include <gssapi.h>
-#include "gss_common.h"
-#include <base64.h>
-
-RCSID("$Id: http_client.c 14861 2005-04-20 10:38:37Z lha $");
-
-/*
- * A simplistic client implementing draft-brezak-spnego-http-04.txt
- */
-
-static int
-do_connect (const char *hostname, const char *port)
-{
-    struct addrinfo *ai, *a;
-    struct addrinfo hints;
-    int error;
-    int s = -1;
-
-    memset (&hints, 0, sizeof(hints));
-    hints.ai_family = PF_UNSPEC;
-    hints.ai_socktype = SOCK_STREAM;
-    hints.ai_protocol = 0;
-
-    error = getaddrinfo (hostname, port, &hints, &ai);
-    if (error)
-	errx (1, "getaddrinfo(%s): %s", hostname, gai_strerror(error));
-
-    for (a = ai; a != NULL; a = a->ai_next) {
-	s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
-	if (s < 0)
-	    continue;
-	if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
-	    warn ("connect(%s)", hostname);
- 	    close (s);
- 	    continue;
-	}
-	break;
-    }
-    freeaddrinfo (ai);
-    if (a == NULL)
-	errx (1, "failed to contact %s", hostname);
-
-    return s;
-}
-
-static void
-fdprintf(int s, const char *fmt, ...)
-{
-    size_t len;
-    ssize_t ret;
-    va_list ap;
-    char *str, *buf;
-    
-    va_start(ap, fmt);
-    vasprintf(&str, fmt, ap);
-    va_end(ap);
-
-    if (str == NULL)
-	errx(1, "vasprintf");
-
-    buf = str;
-    len = strlen(buf);
-    while (len) {
-	ret = write(s, buf, len);
-	if (ret == 0)
-	    err(1, "connection closed");
-	else if (ret < 0)
-	    err(1, "error");
-	len -= ret;
-	buf += ret;
-    }
-    free(str);
-}
-
-static int help_flag;
-static int version_flag;
-static int verbose_flag;
-static int mutual_flag = 1;
-static int delegate_flag;
-static char *port_str = "http";
-static char *gss_service = "HTTP";
-
-static struct getargs http_args[] = {
-    { "verbose", 'v', arg_flag, &verbose_flag, "verbose logging", },
-    { "port", 'p', arg_string, &port_str, "port to connect to", "port" },
-    { "delegate", 0, arg_flag, &delegate_flag, "gssapi delegate credential" },
-    { "gss-service", 's', arg_string, &gss_service, "gssapi service to use",
-      "service" },
-    { "mech", 'm', arg_string, &mech, "gssapi mech to use", "mech" },
-    { "mutual", 0, arg_negative_flag, &mutual_flag, "no gssapi mutual auth" },
-    { "help", 'h', arg_flag, &help_flag },
-    { "version", 0, arg_flag, &version_flag }
-};
-
-static int num_http_args = sizeof(http_args) / sizeof(http_args[0]);
-
-static void
-usage(int code)
-{
-    arg_printusage(http_args, num_http_args, NULL, "host [page]");
-    exit(code);
-}
-
-/*
- *
- */
-
-struct http_req {
-    char *response;
-    char **headers;
-    int num_headers;
-    void *body;
-    size_t body_size;
-};
-
-
-static void
-http_req_zero(struct http_req *req)
-{
-    req->response = NULL;
-    req->headers = NULL;
-    req->num_headers = 0;
-    req->body = NULL;
-    req->body_size = 0;
-}
-
-static void
-http_req_free(struct http_req *req)
-{
-    int i;
-
-    free(req->response);
-    for (i = 0; i < req->num_headers; i++)
-	free(req->headers[i]);
-    free(req->headers);
-    free(req->body);
-    http_req_zero(req);
-}
-
-static const char *
-http_find_header(struct http_req *req, const char *header)
-{
-    int i, len = strlen(header);
-
-    for (i = 0; i < req->num_headers; i++) {
-	if (strncasecmp(header, req->headers[i], len) == 0) {
-	    return req->headers[i] + len + 1;
-	}
-    }
-    return NULL;
-}
-
-
-static int
-http_query(const char *host, const char *page, 
-	   char **headers, int num_headers, struct http_req *req)
-{
-    enum { RESPONSE, HEADER, BODY } state;
-    ssize_t ret;
-    char in_buf[1024], *in_ptr = in_buf;
-    size_t in_len = 0;
-    int s, i;
-
-    http_req_zero(req);
-
-    s = do_connect(host, port_str);
-    if (s < 0)
-	errx(1, "connection failed");
-
-    fdprintf(s, "GET %s HTTP/1.0\r\n", page);
-    for (i = 0; i < num_headers; i++)
-	fdprintf(s, "%s\r\n", headers[i]);
-    fdprintf(s, "Host: %s\r\n\r\n", host);
-
-    state = RESPONSE;
-
-    while (1) {
-	ret = read (s, in_ptr, sizeof(in_buf) - in_len - 1);
-	if (ret == 0)
-	    break;
-	else if (ret < 0)
-	    err (1, "read: %lu", (unsigned long)ret);
-	
-	in_buf[ret + in_len] = '\0';
-
-	if (state == HEADER || state == RESPONSE) {
-	    char *p;
-
-	    in_len += ret;
-	    in_ptr += ret;
-
-	    while (1) {
-		p = strstr(in_buf, "\r\n");
-
-		if (p == NULL) {
-		    break;
-		} else if (p == in_buf) {
-		    memmove(in_buf, in_buf + 2, sizeof(in_buf) - 2);
-		    state = BODY;
-		    in_len -= 2;
-		    in_ptr -= 2;
-		    break;
-		} else if (state == RESPONSE) {
-		    req->response = strndup(in_buf, p - in_buf);
-		    state = HEADER;
-		} else {
-		    req->headers = realloc(req->headers,
-					   (req->num_headers + 1) * sizeof(req->headers[0]));
-		    req->headers[req->num_headers] = strndup(in_buf, p - in_buf);
-		    if (req->headers[req->num_headers] == NULL)
-			errx(1, "strdup");
-		    req->num_headers++;
-		}
-		memmove(in_buf, p + 2, sizeof(in_buf) - (p - in_buf) - 2);
-		in_len -= (p - in_buf) + 2;
-		in_ptr -= (p - in_buf) + 2;
-	    }
-	}
-
-	if (state == BODY) {
-
-	    req->body = erealloc(req->body, req->body_size + ret + 1);
-
-	    memcpy((char *)req->body + req->body_size, in_buf, ret);
-	    req->body_size += ret;
-	    ((char *)req->body)[req->body_size] = '\0';
-
-	    in_ptr = in_buf;
-	    in_len = 0;
-	} else
-	    abort();
-    }
-
-    if (verbose_flag) {
-	int i;
-	printf("response: %s\n", req->response);
-	for (i = 0; i < req->num_headers; i++)
-	    printf("header[%d] %s\n", i, req->headers[i]);
-	printf("body: %.*s\n", (int)req->body_size, (char *)req->body);
-    }
-
-    close(s);
-    return 0;
-}
-
-
-int
-main(int argc, char **argv)
-{
-    struct http_req req;
-    const char *host, *page;
-    int i, done, print_body, gssapi_done, gssapi_started;
-    char *headers[10]; /* XXX */
-    int num_headers;
-    gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT;
-    gss_name_t server = GSS_C_NO_NAME;
-    int optind = 0;
-    gss_OID mech_oid;
-    OM_uint32 flags;
-
-    setprogname(argv[0]);
-
-    if(getarg(http_args, num_http_args, argc, argv, &optind))
-	usage(1);
-
-    if (help_flag)
-	usage (0);
-
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optind;
-    argv += optind;
-
-    mech_oid = select_mech(mech);
-
-    if (argc != 1 && argc != 2)
-	errx(1, "usage: %s host [page]", getprogname());
-    host = argv[0];
-    if (argc == 2)
-	page = argv[1];
-    else
-	page = "/";
-
-    flags = 0;
-    if (delegate_flag)
-	flags |= GSS_C_DELEG_FLAG;
-    if (mutual_flag)
-	flags |= GSS_C_MUTUAL_FLAG;
-
-    done = 0;
-    num_headers = 0;
-    gssapi_done = 1;
-    gssapi_started = 0;
-    do {
-	print_body = 0;
-
-	http_query(host, page, headers, num_headers, &req);
-	for (i = 0 ; i < num_headers; i++) 
-	    free(headers[i]);
-	num_headers = 0;
-
-	if (strstr(req.response, " 200 ") != NULL) {
-	    print_body = 1;
-	    done = 1;
-	} else if (strstr(req.response, " 401 ") != NULL) {
-	    if (http_find_header(&req, "WWW-Authenticate:") == NULL)
-		errx(1, "Got %s but missed `WWW-Authenticate'", req.response);
-	    gssapi_done = 0;
-	}
-
-	if (!gssapi_done) {
-	    const char *h = http_find_header(&req, "WWW-Authenticate:");
-	    if (h == NULL)
-		errx(1, "Got %s but missed `WWW-Authenticate'", req.response);
-
-	    if (strncasecmp(h, "Negotiate", 9) == 0) {
-		OM_uint32 maj_stat, min_stat;
-		gss_buffer_desc input_token, output_token;
-
-		if (verbose_flag)
-		    printf("Negotiate found\n");
-		
-		if (server == GSS_C_NO_NAME) {
-		    char *name;
-		    asprintf(&name, "%s@%s", gss_service, host);
-		    input_token.length = strlen(name);
-		    input_token.value = name;
-
-		    maj_stat = gss_import_name(&min_stat,
-					       &input_token,
-					       GSS_C_NT_HOSTBASED_SERVICE,
-					       &server);
-		    if (GSS_ERROR(maj_stat))
-			gss_err (1, min_stat, "gss_inport_name");
-		    free(name);
-		    input_token.length = 0;
-		    input_token.value = NULL;
-		}
-
-		i = 9;
-		while(h[i] && isspace((unsigned char)h[i]))
-		    i++;
-		if (h[i] != '\0') {
-		    int len = strlen(&h[i]);
-		    if (len == 0)
-			errx(1, "invalid Negotiate token");
-		    input_token.value = emalloc(len);
-		    len = base64_decode(&h[i], input_token.value);
-		    if (len < 0)
-			errx(1, "invalid base64 Negotiate token %s", &h[i]);
-		    input_token.length = len;
-		} else {
-		    if (gssapi_started)
-			errx(1, "Negotiate already started");
-		    gssapi_started = 1;
-
-		    input_token.length = 0;
-		    input_token.value = NULL;
-		}
-
-		maj_stat =
-		    gss_init_sec_context(&min_stat,
-					 GSS_C_NO_CREDENTIAL,
-					 &context_hdl,
-					 server,
-					 mech_oid,
-					 flags,
-					 0,
-					 GSS_C_NO_CHANNEL_BINDINGS,
-					 &input_token,
-					 NULL,
-					 &output_token,
-					 NULL,
-					 NULL);
-		if (GSS_ERROR(maj_stat))
-		    gss_err (1, min_stat, "gss_init_sec_context");
-		else if (maj_stat & GSS_S_CONTINUE_NEEDED)
-		    gssapi_done = 0;
-		else {
-		    gss_name_t targ_name, src_name;
-		    gss_buffer_desc name_buffer;
-		    gss_OID mech_type;
-
-		    gssapi_done = 1;
-
-		    printf("Negotiate done: %s\n", mech);
-
-		    maj_stat = gss_inquire_context(&min_stat,
-						   context_hdl,
-						   &src_name,
-						   &targ_name,
-						   NULL,
-						   &mech_type,
-						   NULL,
-						   NULL,
-						   NULL);
-		    if (GSS_ERROR(maj_stat))
-			gss_err (1, min_stat, "gss_inquire_context");
-
-		    maj_stat = gss_display_name(&min_stat,
-						src_name,
-						&name_buffer,
-						NULL);
-		    if (GSS_ERROR(maj_stat))
-			gss_err (1, min_stat, "gss_display_name");
-
-		    printf("Source: %.*s\n",
-			   (int)name_buffer.length,
-			   (char *)name_buffer.value);
-
-		    gss_release_buffer(&min_stat, &name_buffer);
-
-		    maj_stat = gss_display_name(&min_stat,
-						targ_name,
-						&name_buffer,
-						NULL);
-		    if (GSS_ERROR(maj_stat))
-			gss_err (1, min_stat, "gss_display_name");
-
-		    printf("Target: %.*s\n",
-			   (int)name_buffer.length,
-			   (char *)name_buffer.value);
-
-		    gss_release_name(&min_stat, &targ_name);
-		    gss_release_buffer(&min_stat, &name_buffer);
-		}
-
-		if (output_token.length) {
-		    char *neg_token;
-
-		    base64_encode(output_token.value,
-				  output_token.length,
-				  &neg_token);
-		    
-		    asprintf(&headers[0], "Authorization: Negotiate %s",
-			     neg_token);
-
-		    num_headers = 1;
-		    free(neg_token);
-		    gss_release_buffer(&min_stat, &output_token);
-		}
-		if (input_token.length)
-		    free(input_token.value);
-
-	    } else
-		done = 1;
-	} else
-	    done = 1;
-
-	if (verbose_flag) {
-	    printf("%s\n\n", req.response);
-
-	    for (i = 0; i < req.num_headers; i++)
-		printf("%s\n", req.headers[i]);
-	    printf("\n");
-	}
-	if (print_body || verbose_flag)
-	    printf("%.*s\n", (int)req.body_size, (char *)req.body);
-
-	http_req_free(&req);
-    } while (!done);
-
-    if (gssapi_done == 0)
-	errx(1, "gssapi not done but http dance done");
-
-    return 0;
-}
diff --git a/crypto/heimdal/appl/test/nt_gss_client.c b/crypto/heimdal/appl/test/nt_gss_client.c
deleted file mode 100644
index 3527799b4017..000000000000
--- a/crypto/heimdal/appl/test/nt_gss_client.c
+++ /dev/null
@@ -1,167 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "test_locl.h"
-#include <gssapi.h>
-#include "nt_gss_common.h"
-
-RCSID("$Id: nt_gss_client.c 21522 2007-07-12 13:15:04Z lha $");
-
-/*
- * This program tries to act as a client for the sample in `Sample
- * SSPI Code' in Windows 2000 RC1 SDK.
- */
-
-static int
-proto (int sock, const char *hostname, const char *service)
-{
-    struct sockaddr_in remote, local;
-    socklen_t addrlen;
-
-    int context_established = 0;
-    gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT;
-    gss_buffer_t input_token, output_token;
-    gss_buffer_desc real_input_token, real_output_token;
-    OM_uint32 maj_stat, min_stat;
-    gss_name_t server;
-    gss_buffer_desc name_token;
-    char *str;
-
-    name_token.length = asprintf (&str,
-				  "%s@%s", service, hostname);
-    if (str == NULL)
-	errx(1, "out of memory");
-    name_token.value = str;
-
-    maj_stat = gss_import_name (&min_stat,
-				&name_token,
-				GSS_C_NT_HOSTBASED_SERVICE,
-				&server);
-    if (GSS_ERROR(maj_stat))
-	gss_err (1, min_stat,
-		 "Error importing name `%s@%s':\n", service, hostname);
-
-    addrlen = sizeof(local);
-    if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0
-	|| addrlen != sizeof(local))
-	err (1, "getsockname(%s)", hostname);
-
-    addrlen = sizeof(remote);
-    if (getpeername (sock, (struct sockaddr *)&remote, &addrlen) < 0
-	|| addrlen != sizeof(remote))
-	err (1, "getpeername(%s)", hostname);
-
-    input_token = &real_input_token;
-    output_token = &real_output_token;
-
-    input_token->length = 0;
-    output_token->length = 0;
-
-    while(!context_established) {
-	maj_stat =
-	    gss_init_sec_context(&min_stat,
-				 GSS_C_NO_CREDENTIAL,
-				 &context_hdl,
-				 server,
-				 GSS_C_NO_OID,
-				 GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG,
-				 0,
-				 GSS_C_NO_CHANNEL_BINDINGS,
-				 input_token,
-				 NULL,
-				 output_token,
-				 NULL,
-				 NULL);
-	if (GSS_ERROR(maj_stat))
-	    gss_err (1, min_stat, "gss_init_sec_context");
-	if (output_token->length != 0)
-	    nt_write_token (sock, output_token);
-	if (GSS_ERROR(maj_stat)) {
-	    if (context_hdl != GSS_C_NO_CONTEXT)
-		gss_delete_sec_context (&min_stat,
-					&context_hdl,
-					GSS_C_NO_BUFFER);
-	    break;
-	}
-	if (maj_stat & GSS_S_CONTINUE_NEEDED) {
-	    nt_read_token (sock, input_token);
-	} else {
-	    context_established = 1;
-	}
-
-    }
-
-    /* get_mic */
-
-    input_token->length = 3;
-    input_token->value  = strdup("hej");
-
-    maj_stat = gss_get_mic(&min_stat,
-			   context_hdl,
-			   GSS_C_QOP_DEFAULT,
-			   input_token,
-			   output_token);
-    if (GSS_ERROR(maj_stat))
-	gss_err (1, min_stat, "gss_get_mic");
-
-    nt_write_token (sock, input_token);
-    nt_write_token (sock, output_token);
-
-    /* wrap */
-
-    input_token->length = 7;
-    input_token->value  = "hemligt";
-
-
-    maj_stat = gss_wrap (&min_stat,
-			 context_hdl,
-			 1,
-			 GSS_C_QOP_DEFAULT,
-			 input_token,
-			 NULL,
-			 output_token);
-    if (GSS_ERROR(maj_stat))
-	gss_err (1, min_stat, "gss_wrap");
-
-    nt_write_token (sock, output_token);
-
-    return 0;
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context; /* XXX */
-    int port = client_setup(&context, &argc, argv);
-    return client_doit (argv[argc], port, service, proto);
-}
diff --git a/crypto/heimdal/appl/test/nt_gss_common.c b/crypto/heimdal/appl/test/nt_gss_common.c
deleted file mode 100644
index ca079179bc8f..000000000000
--- a/crypto/heimdal/appl/test/nt_gss_common.c
+++ /dev/null
@@ -1,131 +0,0 @@
-/*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "test_locl.h"
-#include <gssapi.h>
-#include "nt_gss_common.h"
-
-RCSID("$Id: nt_gss_common.c 17450 2006-05-05 11:11:43Z lha $");
-
-/*
- * These are functions that are needed to interoperate with the
- * `Sample SSPI Code' in Windows 2000 RC1 SDK.
- */
-
-/*
- * Write the `gss_buffer_t' in `buf' onto the fd `sock', but remember that 
- * the length is written in little-endian-order.
- */
-
-void
-nt_write_token (int sock, gss_buffer_t buf)
-{
-    unsigned char net_len[4];
-    uint32_t len;
-    OM_uint32 min_stat;
-
-    len = buf->length;
-
-    net_len[0] = (len >>  0) & 0xFF;
-    net_len[1] = (len >>  8) & 0xFF;
-    net_len[2] = (len >> 16) & 0xFF;
-    net_len[3] = (len >> 24) & 0xFF;
-
-    if (write (sock, net_len, 4) != 4)
-	err (1, "write");
-    if (write (sock, buf->value, len) != len)
-	err (1, "write");
-
-    gss_release_buffer (&min_stat, buf);
-}
-
-/*
- *
- */
-
-void
-nt_read_token (int sock, gss_buffer_t buf)
-{
-    unsigned char net_len[4];
-    uint32_t len;
-
-    if (read(sock, net_len, 4) != 4)
-	err (1, "read");
-    len = (net_len[0] <<  0)
-	| (net_len[1] <<  8)
-	| (net_len[2] << 16)
-	| (net_len[3] << 24);
-
-    buf->length = len;
-    buf->value  = malloc(len);
-    if (read (sock, buf->value, len) != len)
-	err (1, "read");
-}
-
-void
-gss_print_errors (int min_stat)
-{
-    OM_uint32 new_stat;
-    OM_uint32 msg_ctx = 0;
-    gss_buffer_desc status_string;
-    OM_uint32 ret;
-
-    do {
-	ret = gss_display_status (&new_stat,
-				  min_stat,
-				  GSS_C_MECH_CODE,
-				  GSS_C_NO_OID,
-				  &msg_ctx,
-				  &status_string);
-	fprintf (stderr, "%s\n", (char *)status_string.value);
-	gss_release_buffer (&new_stat, &status_string);
-    } while (!GSS_ERROR(ret) && msg_ctx != 0);
-}
-
-void
-gss_verr(int exitval, int status, const char *fmt, va_list ap)
-{
-    vwarnx (fmt, ap);
-    gss_print_errors (status);
-    exit (exitval);
-}
-
-void
-gss_err(int exitval, int status, const char *fmt, ...)
-{
-    va_list args;
-
-    va_start(args, fmt);
-    gss_verr (exitval, status, fmt, args);
-    va_end(args);
-}
diff --git a/crypto/heimdal/appl/test/nt_gss_common.h b/crypto/heimdal/appl/test/nt_gss_common.h
deleted file mode 100644
index 50b5c8380f4b..000000000000
--- a/crypto/heimdal/appl/test/nt_gss_common.h
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: nt_gss_common.h 7464 1999-12-02 17:05:13Z joda $ */
-
-void nt_write_token (int sock, gss_buffer_t buf);
-void nt_read_token (int sock, gss_buffer_t buf);
-
-void gss_print_errors (int min_stat);
-
-void gss_verr(int exitval, int status, const char *fmt, va_list ap)
-    __attribute__ ((format (printf, 3, 0)));
-
-void gss_err(int exitval, int status, const char *fmt, ...)
-    __attribute__ ((format (printf, 3, 4)));
diff --git a/crypto/heimdal/appl/test/nt_gss_server.c b/crypto/heimdal/appl/test/nt_gss_server.c
deleted file mode 100644
index df4a32ef857c..000000000000
--- a/crypto/heimdal/appl/test/nt_gss_server.c
+++ /dev/null
@@ -1,247 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "test_locl.h"
-#include <gssapi.h>
-#include <krb5.h>
-#include "nt_gss_common.h"
-
-RCSID("$Id: nt_gss_server.c 12323 2003-05-21 15:15:34Z lha $");
-
-/*
- * This program tries to act as a server for the sample in `Sample
- * SSPI Code' in Windows 2000 RC1 SDK.
- *
- * use --dump-auth to get a binary dump of the authorization data in the ticket
- */
-
-static int help_flag;
-static int version_flag;
-static char *port_str;
-char *service = SERVICE;
-static char *auth_file;
-
-static struct getargs args[] = {
-    { "port", 'p', arg_string, &port_str, "port to listen to", "port" },
-    { "service", 's', arg_string, &service, "service to use", "service" },
-    { "dump-auth", 0, arg_string, &auth_file, "dump authorization data",
-      "file" },
-    { "help", 'h', arg_flag, &help_flag },
-    { "version", 0, arg_flag, &version_flag }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-static int
-proto (int sock, const char *service)
-{
-    struct sockaddr_in remote, local;
-    socklen_t addrlen;
-    gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT;
-    gss_buffer_t input_token, output_token;
-    gss_buffer_desc real_input_token, real_output_token;
-    OM_uint32 maj_stat, min_stat;
-    gss_name_t client_name;
-    gss_buffer_desc name_token;
-
-    addrlen = sizeof(local);
-    if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0
-	|| addrlen != sizeof(local))
-	err (1, "getsockname)");
-
-    addrlen = sizeof(remote);
-    if (getpeername (sock, (struct sockaddr *)&remote, &addrlen) < 0
-	|| addrlen != sizeof(remote))
-	err (1, "getpeername");
-
-    input_token = &real_input_token;
-    output_token = &real_output_token;
-
-    do {
-	nt_read_token (sock, input_token);
-	maj_stat =
-	    gss_accept_sec_context (&min_stat,
-				    &context_hdl,
-				    GSS_C_NO_CREDENTIAL,
-				    input_token,
-				    GSS_C_NO_CHANNEL_BINDINGS,
-				    &client_name,
-				    NULL,
-				    output_token,
-				    NULL,
-				    NULL,
-				    NULL);
-	if(GSS_ERROR(maj_stat))
-	    gss_err (1, min_stat, "gss_accept_sec_context");
-	if (output_token->length != 0)
-	    nt_write_token (sock, output_token);
-	if (GSS_ERROR(maj_stat)) {
-	    if (context_hdl != GSS_C_NO_CONTEXT)
-		gss_delete_sec_context (&min_stat,
-					&context_hdl,
-					GSS_C_NO_BUFFER);
-	    break;
-	}
-    } while(maj_stat & GSS_S_CONTINUE_NEEDED);
-
-    if (auth_file != NULL) {
-	int fd = open (auth_file, O_WRONLY | O_CREAT, 0666);
-#if 0
-	krb5_ticket *ticket;
-	krb5_data *data;
-
-	ticket = context_hdl->ticket;
-	data = &ticket->ticket.authorization_data->val[0].ad_data;
-
-	if(fd < 0)
-	    err (1, "open %s", auth_file);
-	if (write (fd, data->data, data->length) != data->length)
-	    errx (1, "write to %s failed", auth_file);
-#endif
-	if (close (fd))
-	    err (1, "close %s", auth_file);
-    }
-
-    maj_stat = gss_display_name (&min_stat,
-				 client_name,
-				 &name_token,
-				 NULL);
-    if (GSS_ERROR(maj_stat))
-	gss_err (1, min_stat, "gss_display_name");
-
-    fprintf (stderr, "User is `%.*s'\n", (int)name_token.length,
-	    (char *)name_token.value);
-
-    /* write something back */
-
-    output_token->value  = strdup ("hejsan");
-    output_token->length = strlen (output_token->value) + 1;
-    nt_write_token (sock, output_token);
-
-    output_token->value  = strdup ("hoppsan");
-    output_token->length = strlen (output_token->value) + 1;
-    nt_write_token (sock, output_token);
-
-    return 0;
-}
-
-static int
-doit (int port, const char *service)
-{
-    int sock, sock2;
-    struct sockaddr_in my_addr;
-    int one = 1;
-
-    sock = socket (AF_INET, SOCK_STREAM, 0);
-    if (sock < 0)
-	err (1, "socket");
-
-    memset (&my_addr, 0, sizeof(my_addr));
-    my_addr.sin_family      = AF_INET;
-    my_addr.sin_port        = port;
-    my_addr.sin_addr.s_addr = INADDR_ANY;
-
-    if (setsockopt (sock, SOL_SOCKET, SO_REUSEADDR,
-		    (void *)&one, sizeof(one)) < 0)
-	warn ("setsockopt SO_REUSEADDR");
-
-    if (bind (sock, (struct sockaddr *)&my_addr, sizeof(my_addr)) < 0)
-	err (1, "bind");
-
-    if (listen (sock, 1) < 0)
-	err (1, "listen");
-
-    sock2 = accept (sock, NULL, NULL);
-    if (sock2 < 0)
-	err (1, "accept");
-
-    return proto (sock2, service);
-}
-
-static void
-usage(int code, struct getargs *args, int num_args)
-{
-    arg_printusage(args, num_args, NULL, "");
-    exit(code);
-}
-
-static int
-common_setup(krb5_context *context, int *argc, char **argv, 
-	     void (*usage)(int, struct getargs*, int))
-{
-    int port = 0;
-    *argc = krb5_program_setup(context, *argc, argv, args, num_args, usage);
-
-    if(help_flag)
-	(*usage)(0, args, num_args);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-    
-    if(port_str){
-	struct servent *s = roken_getservbyname(port_str, "tcp");
-	if(s)
-	    port = s->s_port;
-	else {
-	    char *ptr;
-
-	    port = strtol (port_str, &ptr, 10);
-	    if (port == 0 && ptr == port_str)
-		errx (1, "Bad port `%s'", port_str);
-	    port = htons(port);
-	}
-    }
-
-    if (port == 0)
-	port = krb5_getportbyname (*context, PORT, "tcp", 4711);
-    
-    return port;
-}
-
-static int
-setup(krb5_context *context, int argc, char **argv)
-{
-    int port = common_setup(context, &argc, argv, usage);
-    if(argv[argc] != NULL)
-	usage(1, args, num_args);
-    return port;
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context = NULL; /* XXX */
-    int port = setup(&context, argc, argv);
-    return doit (port, service);
-}
diff --git a/crypto/heimdal/appl/test/tcp_client.c b/crypto/heimdal/appl/test/tcp_client.c
deleted file mode 100644
index f1a4cb25216f..000000000000
--- a/crypto/heimdal/appl/test/tcp_client.c
+++ /dev/null
@@ -1,132 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "test_locl.h"
-RCSID("$Id: tcp_client.c 17450 2006-05-05 11:11:43Z lha $");
-
-krb5_context context;
-
-static int
-proto (int sock, const char *hostname, const char *service)
-{
-    krb5_auth_context auth_context;
-    krb5_error_code status;
-    krb5_principal server;
-    krb5_data data;
-    krb5_data packet;
-    uint32_t len, net_len;
-
-    status = krb5_auth_con_init (context, &auth_context);
-    if (status)
-	krb5_err (context, 1, status, "krb5_auth_con_init");
-
-    status = krb5_auth_con_setaddrs_from_fd (context,
-					     auth_context,
-					     &sock);
-    if (status)
-	krb5_err (context, 1, status, "krb5_auth_con_setaddrs_from_fd");
-
-    status = krb5_sname_to_principal (context,
-				      hostname,
-				      service,
-				      KRB5_NT_SRV_HST,
-				      &server);
-    if (status)
-	krb5_err (context, 1, status, "krb5_sname_to_principal");
-
-    status = krb5_sendauth (context,
-			    &auth_context,
-			    &sock,
-			    VERSION,
-			    NULL,
-			    server,
-			    AP_OPTS_MUTUAL_REQUIRED,
-			    NULL,
-			    NULL,
-			    NULL,
-			    NULL,
-			    NULL,
-			    NULL);
-    if (status)
-	krb5_err (context, 1, status, "krb5_sendauth");
-
-    data.data   = "hej";
-    data.length = 3;
-
-    krb5_data_zero (&packet);
-
-    status = krb5_mk_safe (context,
-			   auth_context,
-			   &data,
-			   &packet,
-			   NULL);
-    if (status)
-	krb5_err (context, 1, status, "krb5_mk_safe");
-
-    len = packet.length;
-    net_len = htonl(len);
-
-    if (krb5_net_write (context, &sock, &net_len, 4) != 4)
-	err (1, "krb5_net_write");
-    if (krb5_net_write (context, &sock, packet.data, len) != len)
-	err (1, "krb5_net_write");
-
-    data.data   = "hemligt";
-    data.length = 7;
-
-    krb5_data_free (&packet);
-
-    status = krb5_mk_priv (context,
-			   auth_context,
-			   &data,
-			   &packet,
-			   NULL);
-    if (status)
-	krb5_err (context, 1, status, "krb5_mk_priv");
-
-    len = packet.length;
-    net_len = htonl(len);
-
-    if (krb5_net_write (context, &sock, &net_len, 4) != 4)
-	err (1, "krb5_net_write");
-    if (krb5_net_write (context, &sock, packet.data, len) != len)
-	err (1, "krb5_net_write");
-    return 0;
-}
-
-int
-main(int argc, char **argv)
-{
-    int port = client_setup(&context, &argc, argv);
-    return client_doit (argv[argc], port, service, proto);
-}
diff --git a/crypto/heimdal/appl/test/tcp_server.c b/crypto/heimdal/appl/test/tcp_server.c
deleted file mode 100644
index 97a9b1170d2e..000000000000
--- a/crypto/heimdal/appl/test/tcp_server.c
+++ /dev/null
@@ -1,168 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "test_locl.h"
-RCSID("$Id: tcp_server.c 17954 2006-09-01 09:01:03Z lha $");
-
-krb5_context context;
-
-static int
-proto (int sock, const char *service)
-{
-    krb5_auth_context auth_context;
-    krb5_error_code status;
-    krb5_principal server;
-    krb5_ticket *ticket;
-    char *name;
-    char hostname[MAXHOSTNAMELEN];
-    krb5_data packet;
-    krb5_data data;
-    uint32_t len, net_len;
-    ssize_t n;
-
-    status = krb5_auth_con_init (context, &auth_context);
-    if (status)
-	krb5_err (context, 1, status, "krb5_auth_con_init");
-
-    status = krb5_auth_con_setaddrs_from_fd (context,
-					     auth_context,
-					     &sock);
-
-    if (status)
-	krb5_err (context, 1, status, "krb5_auth_con_setaddrs_from_fd");
-
-    if(gethostname (hostname, sizeof(hostname)) < 0)
-	krb5_err (context, 1, errno, "gethostname");
-
-    status = krb5_sname_to_principal (context,
-				      hostname,
-				      service,
-				      KRB5_NT_SRV_HST,
-				      &server);
-    if (status)
-	krb5_err (context, 1, status, "krb5_sname_to_principal");
-
-    status = krb5_recvauth (context,
-			    &auth_context,
-			    &sock,
-			    VERSION,
-			    server,
-			    0,
-			    keytab,
-			    &ticket);
-    if (status)
-	krb5_err (context, 1, status, "krb5_recvauth");
-
-    status = krb5_unparse_name (context,
-				ticket->client,
-				&name);
-    if (status)
-	krb5_err (context, 1, status, "krb5_unparse_name");
-
-    fprintf (stderr, "User is `%s'\n", name);
-    free (name);
-
-    krb5_data_zero (&data);
-    krb5_data_zero (&packet);
-
-    n = krb5_net_read (context, &sock, &net_len, 4);
-    if (n == 0)
-	krb5_errx (context, 1, "EOF in krb5_net_read");
-    if (n < 0)
-	krb5_err (context, 1, errno, "krb5_net_read");
-
-    len = ntohl(net_len);
-
-    krb5_data_alloc (&packet, len);
-
-    n = krb5_net_read (context, &sock, packet.data, len);
-    if (n == 0)
-	krb5_errx (context, 1, "EOF in krb5_net_read");
-    if (n < 0)
-	krb5_err (context, 1, errno, "krb5_net_read");
-    
-    status = krb5_rd_safe (context,
-			   auth_context,
-			   &packet,
-			   &data,
-			   NULL);
-    if (status)
-	krb5_err (context, 1, status, "krb5_rd_safe");
-
-    fprintf (stderr, "safe packet: %.*s\n", (int)data.length,
-	    (char *)data.data);
-
-    n = krb5_net_read (context, &sock, &net_len, 4);
-    if (n == 0)
-	krb5_errx (context, 1, "EOF in krb5_net_read");
-    if (n < 0)
-	krb5_err (context, 1, errno, "krb5_net_read");
-
-    len = ntohl(net_len);
-
-    krb5_data_alloc (&packet, len);
-
-    n = krb5_net_read (context, &sock, packet.data, len);
-    if (n == 0)
-	krb5_errx (context, 1, "EOF in krb5_net_read");
-    if (n < 0)
-	krb5_err (context, 1, errno, "krb5_net_read");
-    
-    status = krb5_rd_priv (context,
-			   auth_context,
-			   &packet,
-			   &data,
-			   NULL);
-    if (status)
-	krb5_err (context, 1, status, "krb5_rd_priv");
-
-    fprintf (stderr, "priv packet: %.*s\n", (int)data.length,
-	    (char *)data.data);
-
-    return 0;
-}
-
-static int
-doit (int port, const char *service)
-{
-    mini_inetd (port);
-
-    return proto (STDIN_FILENO, service);
-}
-
-int
-main(int argc, char **argv)
-{
-    int port = server_setup(&context, argc, argv);
-    return doit (port, service);
-}
diff --git a/crypto/heimdal/appl/test/test_locl.h b/crypto/heimdal/appl/test/test_locl.h
deleted file mode 100644
index b203787f0a07..000000000000
--- a/crypto/heimdal/appl/test/test_locl.h
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: test_locl.h 12797 2003-09-09 03:38:51Z lha $ */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdarg.h>
-#include <ctype.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-#ifdef HAVE_NETINET6_IN6_H
-#include <netinet6/in6.h>
-#endif
-
-#ifdef HAVE_PWD_H
-#include <pwd.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-#include <errno.h>
-#include <roken.h>
-#include <getarg.h>
-#include <err.h>
-#include <krb5.h>
-
-#define SERVICE "test"
-
-#define PORT "test"
-
-extern char *service;
-extern char *mech;
-extern krb5_keytab keytab;
-extern int fork_flag;
-int server_setup(krb5_context*, int, char**);
-int client_setup(krb5_context*, int*, char**);
-int client_doit (const char *hostname, int port, const char *service,
-		 int (*func)(int, const char *hostname, const char *service));
diff --git a/crypto/heimdal/appl/test/uu_client.c b/crypto/heimdal/appl/test/uu_client.c
deleted file mode 100644
index 6113b8b569f9..000000000000
--- a/crypto/heimdal/appl/test/uu_client.c
+++ /dev/null
@@ -1,193 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "test_locl.h"
-RCSID("$Id: uu_client.c 14719 2005-04-03 19:53:32Z lha $");
-
-krb5_context context;
-
-static int
-proto (int sock, const char *hostname, const char *service)
-{
-    struct sockaddr_in remote, local;
-    socklen_t addrlen;
-    krb5_address remote_addr, local_addr;
-    krb5_context context;
-    krb5_ccache ccache;
-    krb5_auth_context auth_context;
-    krb5_error_code status;
-    krb5_principal client;
-    krb5_data data;
-    krb5_data packet;
-    krb5_creds mcred, cred;
-    krb5_ticket *ticket;
-
-    addrlen = sizeof(local);
-    if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0
-	|| addrlen != sizeof(local))
-	err (1, "getsockname(%s)", hostname);
-
-    addrlen = sizeof(remote);
-    if (getpeername (sock, (struct sockaddr *)&remote, &addrlen) < 0
-	|| addrlen != sizeof(remote))
-	err (1, "getpeername(%s)", hostname);
-
-    status = krb5_init_context(&context);
-    if (status)
-	errx(1, "krb5_init_context failed: %d", status);
-
-    status = krb5_cc_default (context, &ccache);
-    if (status)
-	krb5_err(context, 1, status, "krb5_cc_default");
-
-    status = krb5_auth_con_init (context, &auth_context);
-    if (status)
-	krb5_err(context, 1, status, "krb5_auth_con_init");
-
-    local_addr.addr_type = AF_INET;
-    local_addr.address.length = sizeof(local.sin_addr);
-    local_addr.address.data   = &local.sin_addr;
-
-    remote_addr.addr_type = AF_INET;
-    remote_addr.address.length = sizeof(remote.sin_addr);
-    remote_addr.address.data   = &remote.sin_addr;
-
-    status = krb5_auth_con_setaddrs (context,
-				     auth_context,
-				     &local_addr,
-				     &remote_addr);
-    if (status)
-	krb5_err(context, 1, status, "krb5_auth_con_setaddr");
-
-    krb5_cc_clear_mcred(&mcred);
-
-    status = krb5_cc_get_principal(context, ccache, &client);
-    if(status)
-	krb5_err(context, 1, status, "krb5_cc_get_principal");
-    status = krb5_make_principal(context, &mcred.server,
-				 *krb5_princ_realm(context, client), 
-				 "krbtgt", 
-				 *krb5_princ_realm(context, client),
-				 NULL);
-    if(status)
-	krb5_err(context, 1, status, "krb5_make_principal");
-    mcred.client = client;
-    
-    status = krb5_cc_retrieve_cred(context, ccache, 0, &mcred, &cred);
-    if(status)
-	krb5_err(context, 1, status, "krb5_cc_retrieve_cred");
-
-    {
-	char *client_name;
-	krb5_data data;
-	status = krb5_unparse_name(context, cred.client, &client_name);
-	if(status)
-	    krb5_err(context, 1, status, "krb5_unparse_name");
-	data.data = client_name;
-	data.length = strlen(client_name) + 1;
-	status = krb5_write_message(context, &sock, &data);
-	if(status)
-	    krb5_err(context, 1, status, "krb5_write_message");
-	free(client_name);
-    }
-
-    status = krb5_write_message(context, &sock, &cred.ticket);
-    if(status)
-	krb5_err(context, 1, status, "krb5_write_message");
-
-    status = krb5_auth_con_setuserkey(context, auth_context, &cred.session);
-    if(status)
-	krb5_err(context, 1, status, "krb5_auth_con_setuserkey");
-    
-    status = krb5_recvauth(context, &auth_context, &sock, 
-			   VERSION, client, 0, NULL, &ticket);
-
-    if (status)
-	krb5_err(context, 1, status, "krb5_recvauth");
-    
-    if (ticket->ticket.authorization_data) {
-	AuthorizationData *authz;
-	int i;
-
-	printf("Authorization data:\n");
-
-	authz = ticket->ticket.authorization_data;
-	for (i = 0; i < authz->len; i++) {
-	    printf("\ttype %d, length %lu\n",
-		   authz->val[i].ad_type,
-		   (unsigned long)authz->val[i].ad_data.length);
-	}
-    }
-
-    data.data   = "hej";
-    data.length = 3;
-
-    krb5_data_zero (&packet);
-
-    status = krb5_mk_safe (context,
-			   auth_context,
-			   &data,
-			   &packet,
-			   NULL);
-    if (status)
-	krb5_err(context, 1, status, "krb5_mk_safe");
-
-    status = krb5_write_message(context, &sock, &packet);
-    if(status)
-	krb5_err(context, 1, status, "krb5_write_message");
-
-    data.data   = "hemligt";
-    data.length = 7;
-
-    krb5_data_free (&packet);
-
-    status = krb5_mk_priv (context,
-			   auth_context,
-			   &data,
-			   &packet,
-			   NULL);
-    if (status)
-	krb5_err(context, 1, status, "krb5_mk_priv");
-
-    status = krb5_write_message(context, &sock, &packet);
-    if(status)
-	krb5_err(context, 1, status, "krb5_write_message");
-    return 0;
-}
-
-int
-main(int argc, char **argv)
-{
-    int port = client_setup(&context, &argc, argv);
-    return client_doit (argv[argc], port, service, proto);
-}
diff --git a/crypto/heimdal/appl/test/uu_server.c b/crypto/heimdal/appl/test/uu_server.c
deleted file mode 100644
index 6462363456cd..000000000000
--- a/crypto/heimdal/appl/test/uu_server.c
+++ /dev/null
@@ -1,210 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000, 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "test_locl.h"
-RCSID("$Id: uu_server.c 20880 2007-06-04 16:55:00Z lha $");
-
-krb5_context context;
-
-static int
-proto (int sock, const char *service)
-{
-    struct sockaddr_in remote, local;
-    socklen_t addrlen;
-    krb5_address remote_addr, local_addr;
-    krb5_ccache ccache;
-    krb5_auth_context auth_context;
-    krb5_error_code status;
-    krb5_data packet;
-    krb5_data data;
-    krb5_data client_name;
-    krb5_creds in_creds, *out_creds;
-
-    addrlen = sizeof(local);
-    if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0
-	|| addrlen != sizeof(local))
-	err (1, "getsockname)");
-
-    addrlen = sizeof(remote);
-    if (getpeername (sock, (struct sockaddr *)&remote, &addrlen) < 0
-	|| addrlen != sizeof(remote))
-	err (1, "getpeername");
-
-    status = krb5_auth_con_init (context, &auth_context);
-    if (status)
-	errx (1, "krb5_auth_con_init: %s",
-	      krb5_get_err_text(context, status));
-
-    local_addr.addr_type = AF_INET;
-    local_addr.address.length = sizeof(local.sin_addr);
-    local_addr.address.data   = &local.sin_addr;
-
-    remote_addr.addr_type = AF_INET;
-    remote_addr.address.length = sizeof(remote.sin_addr);
-    remote_addr.address.data   = &remote.sin_addr;
-
-    status = krb5_auth_con_setaddrs (context,
-				     auth_context,
-				     &local_addr,
-				     &remote_addr);
-    if (status)
-	errx (1, "krb5_auth_con_setaddr: %s",
-	      krb5_get_err_text(context, status));
-
-    status = krb5_read_message(context, &sock, &client_name);
-    if(status)
-	krb5_err(context, 1, status, "krb5_read_message");
-    
-    memset(&in_creds, 0, sizeof(in_creds));
-    status = krb5_cc_default(context, &ccache);
-    status = krb5_cc_get_principal(context, ccache, &in_creds.client);
-
-    status = krb5_read_message(context, &sock, &in_creds.second_ticket);
-    if(status)
-	krb5_err(context, 1, status, "krb5_read_message");
-
-    status = krb5_parse_name(context, client_name.data, &in_creds.server);
-    if(status)
-	krb5_err(context, 1, status, "krb5_parse_name");
-    
-    status = krb5_get_credentials(context, KRB5_GC_USER_USER, ccache, 
-				  &in_creds, &out_creds);
-    if(status)
-	krb5_err(context, 1, status, "krb5_get_credentials");
-
-    status = krb5_cc_default(context, &ccache);
-
-    status = krb5_sendauth(context, 
-			   &auth_context,
-			   &sock, 
-			   VERSION, 
-			   in_creds.client,
-			   in_creds.server,
-			   AP_OPTS_USE_SESSION_KEY,
-			   NULL,
-			   out_creds,
-			   ccache,
-			   NULL,
-			   NULL,
-			   NULL);
-			   
-    if (status)
-	krb5_err(context, 1, status, "krb5_sendauth");
-    
-    {
-	char *str;
-	krb5_unparse_name(context, in_creds.server, &str);
-	printf ("User is `%s'\n", str);
-	free(str);
-	krb5_unparse_name(context, in_creds.client, &str);
-	printf ("Server is `%s'\n", str);
-	free(str);
-    }
-
-    krb5_data_zero (&data);
-    krb5_data_zero (&packet);
-
-    status = krb5_read_message(context, &sock, &packet);
-    if(status)
-	krb5_err(context, 1, status, "krb5_read_message");
-    
-    status = krb5_rd_safe (context,
-			   auth_context,
-			   &packet,
-			   &data,
-			   NULL);
-    if (status)
-	errx (1, "krb5_rd_safe: %s",
-	      krb5_get_err_text(context, status));
-
-    printf ("safe packet: %.*s\n", (int)data.length,
-	    (char *)data.data);
-
-    status = krb5_read_message(context, &sock, &packet);
-    if(status)
-	krb5_err(context, 1, status, "krb5_read_message");
-    
-    status = krb5_rd_priv (context,
-			   auth_context,
-			   &packet,
-			   &data,
-			   NULL);
-    if (status)
-	errx (1, "krb5_rd_priv: %s",
-	      krb5_get_err_text(context, status));
-
-    printf ("priv packet: %.*s\n", (int)data.length,
-	    (char *)data.data);
-
-    return 0;
-}
-
-static int
-doit (int port, const char *service)
-{
-    int sock, sock2;
-    struct sockaddr_in my_addr;
-    int one = 1;
-
-    sock = socket (AF_INET, SOCK_STREAM, 0);
-    if (sock < 0)
-	err (1, "socket");
-
-    memset (&my_addr, 0, sizeof(my_addr));
-    my_addr.sin_family      = AF_INET;
-    my_addr.sin_port        = port;
-    my_addr.sin_addr.s_addr = INADDR_ANY;
-
-    if (setsockopt (sock, SOL_SOCKET, SO_REUSEADDR, 
-		    (void *)&one, sizeof(one)) < 0)
-	warn ("setsockopt SO_REUSEADDR");
-
-    if (bind (sock, (struct sockaddr *)&my_addr, sizeof(my_addr)) < 0)
-	err (1, "bind");
-
-    if (listen (sock, 1) < 0)
-	err (1, "listen");
-
-    sock2 = accept (sock, NULL, NULL);
-    if (sock2 < 0)
-	err (1, "accept");
-
-    return proto (sock2, service);
-}
-
-int
-main(int argc, char **argv)
-{
-    int port = server_setup(&context, argc, argv);
-    return doit (port, service);
-}
diff --git a/crypto/heimdal/autogen.sh b/crypto/heimdal/autogen.sh
deleted file mode 100644
index c3facbf5c7ee..000000000000
--- a/crypto/heimdal/autogen.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/sh
-# to really generate all files you need to run "make distcheck" in a
-# object tree, but this will do if you have all parts of the required
-# tool-chain installed
-autoreconf -f -i || { echo "autoreconf failed: $?"; exit 1; }
diff --git a/crypto/heimdal/cf/ChangeLog b/crypto/heimdal/cf/ChangeLog
deleted file mode 100644
index 0bd84c652cbd..000000000000
--- a/crypto/heimdal/cf/ChangeLog
+++ /dev/null
@@ -1,1232 +0,0 @@
-2007-10-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* crypto.m4: openssl might require -ldl too, so lets check that.
-
-2007-07-31  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am.common (check-local::): exit on failure to perform
-	test.
-
-2007-07-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am.common (check-local): also check that --help works.
-	
-2007-07-17  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* crypto.m4: depend on EVP_CIPHER_iv_length
-
-2007-06-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am.common: Need absolute reference to the top source
-	directory and top build directory.
-	
-2007-06-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* wflags.m4: Add --enable-developer and make it cause -Werror to
-	be included.
-	
-2007-06-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am.common: Merge from samba config.
-
-	* Makefile.am.common (makedir-in-tree): depend on INFO_DEPS.
-
-	* valgrind-suppressions: Unknown suppression in runtime link
-	editor
-
-2007-06-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am.common: Add heimdal-lorikeet target distdir-in-tree
-
-2007-06-04  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* framework-security.m4: test for -framework Security
-	
-2007-05-10  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* roken-frag.m4: we have a fnmatch.h only if there is a working
-	implementation and a header file. If we do use roken, lets use our
-	own headerfile that does symbol renaming.
-	
-2007-04-19  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* version-script.m4: check if ld supports --version-script
-	
-2007-04-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* roken-frag.m4: drop broken-getnameinfo.m4
-	
-	* roken-frag.m4: drop test for broken getnameinfo, that old aix is
-	no longer relevant.
-	
-2007-02-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* install-catman.sh: Stop overwriting cmd.
-	
-2007-01-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* install-catman.sh: Use test instead of [.
-
-	* install-catman.sh: Use = instead of ==, make solaris more happy.
-	
-2007-01-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* roken-frag.m4: More headerfiles for iruserok prototype check.
-
-	* check-symbols.sh: Add fc_softc for AIX as ignore syms.
-	
-2007-01-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* roken-frag.m4: Check if iruserok needs a prototype.
-	
-2006-12-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-compile-et.m4: set automake symbol COM_ERR when we build
-	local com_err
-	
-2006-11-16  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* valgrind-suppressions: We shouldn't be running /bin/ls under
-	valgrind, but for now, at least make it easier to see any other
-	warnings. From Andrew Bartlett.
-	
-2006-10-22  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am.common: Add target for valgrind debugging
-	
-	* valgrind-suppressions: valgrind suppressions
-	
-2006-10-21  Love H�rnquist �strand <lha@it.su.se>
-	
-	* check-lex.m4: Borrow test for autoconf cvs to help hpux hosts
-	
-2006-10-20  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am.common: provide uninstall hook for cat/manpages.
-
-	* install-catman.sh: provide uninstall command
-	
-2006-10-19  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* roken-frag.m4: Add check for timegm.
-
-	* roken-frag.m4: Include sys/types.h for sys/socket.h and netdb.h.
-	
-2006-10-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am.common (install-build-headers): make this function
-	convoluted and deal with dist_, nodist, nobase and all its
-	friends.
-
-	* have-struct-field.m4: memset the structure to make sure that we
-	don't get compiler warnings.
-
-	* crypto.m4: OpenSSL_add_all_algorithms is not a openssl specific
-	requirement, hcrypto need to have to too.
-
-	* crypto.m4: Require openssl have OpenSSL_add_all_algorithms
-	
-2006-10-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* autobuild.m4: Add autobuild, GPLed, but free to use in projects
-	not avaible under GPL or LGPL (just like autoconf).
-	
-2006-09-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* roken-frag.m4: Add samba_SOCKET_WRAPPER fragment
-	
-2006-09-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* socket-wrapper.m4: Add socket-wrapper test
-	
-2006-05-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* crypto.m4: Move up evp.h to please OpenSSL, from Douglas
-	E. Engert.
-
-2006-04-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* roken-frag.m4: Add check for fnmatch.h, its needed to be done
-	for the automake conditional below.
-	
-2006-04-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* crypto.m4: Require SHA256
-	
-2006-01-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* crypto.m4 Check for <openssl/engine.h> if we are to consider
-	using OpenSSL, also check for <hcrypto/...> headers since
-	make_crypto.c assumes that the name of the files.
-	
-2006-01-13 Love H�rnquist �strand <lha@it.su.se>
-
-	* crypto.m4: libdes is renamed to hcrypto
-
-	* crypto.m4: Remove support for old hash names.
-	
-2005-10-26  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* install-catman.sh: Add variable INSTALL_CATPAGES that controls
-	if cat pages are installed, defaults to true. From Johnny Lam
-	<jlam@pkgsrc.org>.
-	
-2005-09-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* roken-frag.m4: Check for <stdint.h> and uintptr_t
-	
-2005-09-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* roken-frag.m4: Resolver check moved to rk_RESOLV, from Andrew
-	Bartlet <abartlet@samba.org>
-
-	* resolv.m4: Resolver checks, broken out so samba can use it From
-	Andrew Bartlet <abartlet@samba.org>
-	
-2005-08-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* roken-frag.m4: Check for res_ndestroy.
-
-2005-08-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* crypto.m4: Add <sys/types.h>, OpenSSL 0.9.8 needs it for size_t.
-	From: Quanah Gibson-Mount <quanah@stanford.edu>
-
-2005-07-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-compile-et.m4: check that initialize_conf_error_table_r
-	have the right argument
-
-2005-07-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-symbols.sh: allow symbols to start with ., aix uses this
-
-2005-06-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* krb-bigendian.m4: use ansi c prototypes
-	
-	* krb-func-getcwd-broken.m4: use ansi c prototypes
-
-	* broken-snprintf.m4: use ansi c prototypes
-
-	* have-pragma-weak.m4: use ansi c declarations
-
-	* check-getpwnam_r-posix.m4: use ansi c declarations
-
-	* broken-realloc.m4: use ansi c declarations
-	
-	* check-compile-et.m4: use ansi c declarations
-	
-	* dlopen.m4: add headers and argument to dlopen
-	
-	* c-function.m4: use ansi c declarations
-	
-	* check-var.m4: use ansi c declarations
-
-	* pthreads.m4: disable threads on aix because of utmp/utmpx
-	problems
-
-	* broken-getaddrinfo.m4: check for brokenness in getaddrinfo on
-	AIX that can't handle "0" as port number.
-	
-2005-06-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* db.m4: Add an option to disable ndbm, from Stefan Metzmacher
-	<metze@samba.org>
-
-2005-06-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* pthreads.m4: rework how pthreads support to turned on/off,
-	always run though the switch to figure out what the
-	linker/compiler flag are
-
-2005-06-01  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* pthreads.m4: s/else if/elif/
-	
-	* check-symbols.sh: AIX have a diffrent nm, use -B to get bsd like
-	output
-	
-	* pthreads.m4: aix case: assume gcc handles -pthread, in the
-	non-gcc case, use the compiler as hint (xlc vs xlc_r) if this
-	environment handles threads or not
-
-2005-05-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-symbols.sh: ignore weak symbols too
-
-2005-05-19  David Love  <fx@gnu.org>
-
-	* check-getpwnam_r-posix.m4: define _POSIX_PTHREAD_SEMANTICS to
-	make solaris provide the right getpwname_r
-
-2005-05-17  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken-frag.m4: am_conditional have_cgetent
-	
-2005-05-10  David Love  <fx@gnu.org>
-
-	* roken-frag.m4: Get daemon declared on Solaris (it's in unistd.h
-	but masked by a feature test), just to avoid a warning, since it
-	has int args.
-
-2005-05-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-var.m4: AC_CHECK_DECL and AC_CHECK_DECLS have a subtile
-	diffrence, the later defines HAVE_ cpp symbols, the first doesn't.
-
-2005-05-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-symbols.sh: ignore N symbols too
-
-2005-04-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* broken-snprintf.m4: include checking if snprintf(NULL, 0, "")
-	works
-
-	* check-compile-et.m4: require compile_et to generate a
-	initialize_FOO_error_table_r (they are used in libkrb5), and
-	always check for initialize_error_table_r
-
-2005-04-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am.common: add LIB_com_err
-	
-2005-04-29  David Love  <fx@gnu.org>
-
-	* roken-frag.m4: Check for correct vis.h.
-	
-2005-04-28  David Love  <fx@gnu.org>
-
-	* pthreads.m4: Set PTHREADS_LIBS on Irix.
-
-2005-04-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* broken-realloc.m4: use rk_realloc if realloc is broken, this
-	makes "host-tools" not beeing able to use realloc
-
-	* pthreads.m4: Add support for Solaris, Irix, and modern
-	Linux. From David Love <fx@gnu.org>
-
-2005-04-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-symbols.sh: limit the units functions to
-	asn1_[A-Za-z0-9]*_units$
-
-2005-04-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-symbols.sh: this lib include com_err, add -com_err to
-	CHECK_SYMBOLS
-
-	* check-symbols.sh: print the type so I don't need to ask for it
-
-2005-04-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-symbols.sh: ignore filename symbols
-	
-2005-04-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-symbols.sh: assume symbols prefixed with _ is a sideeffekt
-	of the local linker and also just fine
-	
-2005-03-16 Love H�rnquist �strand  <lha@it.su.se>
-
-	* roken-frag.m4: include <sys/socket.h> for <netinet6/in6_var.h>
-	
-2005-03-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* sunos.m4: Match solaris 10.  From: Joakim Fallsjo
-	<fallsjo@sanchin.se>
-
-2004-12-29  Love  <lha@stacken.kth.se>
-
-	* check-symbols.sh: add -asn1compile symbols
-
-2004-12-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-symbols.sh: add exported symbols test
-	
-	* Makefile.am.common: add CHECK_SYMBOLS tests, so that we don't
-	export to much stuff
-	
-2004-09-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* make-proto.pl: add cpluscplus extern "C" support
-	
-2004-07-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* pthreads.m4: add -pthread to LIBS since libtool doesn't preserve
-	it for us when adding is as a dependency on libs
-	
-2004-04-24  Johan Danielsson  <joda@pdc.kth.se>
-
-	* largefile.m4: like AC_SYS_LARGEFILE, but also add to CPPFLAGS
-	
-2004-04-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-compile-et.m4: even more evil stuff for cross-compiling
-	
-	* check-x.m4: use AC_RUN_IFELSE so we can handle cross compiling
-	
-	* check-compile-et.m4: use AC_RUN_IFELSE so we can handle cross
-	compiling
-
-2004-04-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* make-proto.pl: if -E, add windows standard calling conv to
-	headerfile if needed
-
-	* win32.m4: add rk_WIN32_EXPORT
-	
-2004-02-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* configure.in: rename AC_WFLAGS to rk_WFLAGS
-	
-	* *.m4: overquote to pacify automake1.8
-
-2004-02-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* roken-frag.m4: resolv.h is even more special
-	
-	* roken-frag.m4: AC_CHECK_HEADERS(net/if.h netinet6/in6_var.h
-	sys/sysctl.h sys/proc.h, resolv.h) are all special and need extra
-	help
-
-	* test-package.m4: If there is a --with-PACKAGE=path but no
-	--with-PACKAGE-config, go seach for path/PACKEGE-config and use it
-	if it exists.  Inspired by Harald Barth <haba@pdc.kth.se>
-
-2003-09-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* crypto.m4: check for DES_, AES_, and if openssl UI_
-	
-2003-08-27  Johan Danielsson  <joda@pdc.kth.se>
-
-	* vararray.m4: test for variable-length arrays
-
-	* roken-frag.m4: test for poll and poll.h
-
-2003-08-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am.common: don't try doing local checks if CHECK_LOCAL
-	is set to no-check-local
-
-2003-08-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-compile-et.m4: check if compile_et support ``error_table N
-	M'' also, don't be overly aggressivly reset CFLAGS
-	
-2003-07-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* pthreads.m4: pthread test
-	
-2003-05-08  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am.common: change install-data-local to
-	install-data-hook
-
-2003-05-05  Assar Westerlund  <assar@kth.se>
-
-	* crypto.m4: define OPENSSL_DES_LIBDES_COMPATIBILITY
-
-2003-04-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* crypto.m4: check if libcrypto needs -lnsl or -lsocket
-	
-2003-04-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* crypto.m4: in the case where se don't link with kerberos 4, use
-	${with_openssl_include} if its are set (not
-	${with_openssl}/include) same for with_openssl_lib
-	
-2003-03-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am.common: always define LIB_kafs
-	
-2003-03-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-compile-et.m4: check if the output of compile_et needs
-	initialize_error_table_r
-
-2003-02-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-var.m4: add a check if the variable is avaible when we
-	include the headerfiles
-
-2002-12-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken-frag.m4: res_nsearch takes 6 parameters; spotted by Howard
-	Chu
-
-2002-10-25  Johan Danielsson  <joda@pdc.kth.se>
-
-	* crypto.m4: do a better job at matching headers to libraries
-
-2002-10-16  Johan Danielsson  <joda@pdc.kth.se>
-
-	* sunos.m4: more quoting
-
-2002-09-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* make-proto.pl: check the processed string for closing ), not the
-	source
-
-2002-09-10  Johan Danielsson  <joda@pdc.kth.se>
-
-	* crypto.m4: use m4 macros for test cases, also test for older
-	hash names
-
-	* test-package.m4: include dep libraries in LIB_*
-
-	* crypto.m4: move krb4 test before test for openssl, and bail out
-	if krb4 is requested, but the crypto library is not the same as
-	krb4
-
-	* db.m4: filter contents of LDFLAGS
-
-2002-09-09  Johan Danielsson  <joda@pdc.kth.se>
-
-	* auth-modules.m4: rename to rk_AUTH_MODULES
-
-	* auth-modules.m4: only include modules explicitly asked for
-
-2002-09-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken-frag.m4: test for res_nsearch
-
-2002-09-03  Assar Westerlund  <assar@kth.se>
-
-	* roken-frag.m4: check for sys/mman.h and mmap (used by
-	parse_reply-test)
-
-2002-08-28  Assar Westerlund  <assar@kth.se>
-
-	* krb-readline.m4: also add LIB_tgetent in the case of editline
-
-	* crypto.m4: define HAVE_OPENSSL even if we got to hear about it
-	by krb4
-
-2002-08-28  Johan Danielsson  <joda@pdc.kth.se>
-
-	* krb-readline.m4: add LIB_tgetent to LIB_readline if we have to
-
-	* sunos.m4: various sunos tests
-
-	* crypto.m4: try to extract the crypto compiler flags from
-	{INCLUDE,LIB}_krb4
-	(XXX this is really horrible)
-
-	* krb-readline.m4: don't add -rpath to LIB_readline (libtool
-	should to this for us), also don't append LIB_tgetent to
-	LIB_readline (TEST_PACKAGE should do this)
-
-	* test-package.m4: add the possibility to use a *-config program
-	to get flags; rename to rk_TEST_PACKAGE while here
-
-	* krb-bigendian.m4: move ENDIANESS_IN_SYS_PARAM_H tests here
-
-	* aix.m4: rename to rk_AIX
-
-	* telnet.m4: move telnet tests here
-
-	* aix.m4: restructure this somewhat
-
-	* dlopen.m4: test for dlopen suitable for AC_REQUIRE
-
-	* irix.m4: move some stuff here and rename to irix.m4
-
-	* krb-sys-nextstep.m4: move SGTTY stuff to read_pwd.c
-
-2002-08-28  Jacques Vidrine  <nectar@kth.se>
-
-	* auth-modules.m4: do not build pam_krb4 on freebsd
-
-2002-08-26  Assar Westerlund  <assar@kth.se>
-
-	* roken-frag.m4: test for the vis, strvis functions requiring
-	prototypes
-
-2002-08-23  Johan Danielsson  <joda@pdc.kth.se>
-
-	* need-proto.m4: missing comma
-
-2002-08-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken-frag.m4: some rototilling
-
-	* need-proto.m4: use AS_TR_CPP
-
-2002-08-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken-frag.m4: HAVE_TYPE instead of CHECK_TYPE ssize_t
-
-	* krb-version.m4: use PACKAGE_TARNAME and PACKAGE_STRING
-
-	* broken-getaddrinfo.m4: can't test for EAI_SERVICE here since AIX
-	is even more fsck:ed
-
-	* roken-frag.m4: test for altzone
-
-2002-08-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am.common: only define ROKEN_RENAME if do_roken_rename
-
-2002-08-13  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am.common: add ROKEN_RENAME variable
-
-2002-08-12  Johan Danielsson  <joda@pdc.kth.se>
-
-	* make-proto.pl: include <stdarg.h> to get va_list
-
-	* destdirs.m4: also define localstatedir and sysconfdir
-
-2002-08-01  Johan Danielsson  <joda@pdc.kth.se>
-
-	* crypto.m4: newer openssl seems to take the address of the
-	schedule parameter to des_cbc_encrypt, so we need to feed it a
-	variable, not just NULL (from Magnus Holmberg)
-
-2002-05-24  Johan Danielsson  <joda@pdc.kth.se>
-
-	* misc.m4: change \100 back to @; some m4's (probably some regex)
-	doesn't like this as a replacement regexp; the reason it was once
-	changed to \100 was probably because of some autoconf bug at the
-	time
-
-2002-05-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* broken2.m4 []-less is apparently the way to go
-
-2002-05-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* otp.m4: check db_type instead of precence of dbm_firstkey
-
-	* roken-frag.m4: don't AC_LIBOBJ more than one function at a time
-
-	* find-if-not-broken.m4: s/AC_LIBOBJ/rk_LIBOBJ/
-
-	* broken2.m4: s/AC_LIBOBJ/rk_LIBOBJ/
-
-	* broken.m4: s/AC_LIBOBJ/rk_LIBOBJ/
-
-	* misc.m4: automake can't handle macros passed to AC_LIBOBJ, so
-	add an alias to it called rk_LIBOBJ; this requires that the
-	relevant source are manually included in roken/Makefile.am
-
-	* aix.m4: ac_enable --diable-dynamic-afs
-
-	* roken-frag.m4: use AC_LIBOBJ
-
-	* krb-func-getcwd-broken.m4: use AC_LIBOBJ
-
-	* find-if-not-broken.m4: use AC_LIBOBJ
-
-	* broken2.m4: use AC_LIBOBJ
-
-	* broken.m4: use AC_LIBOBJ
-
-	* aix.m4: recognise aix5
-	
-2002-05-17  Johan Danielsson  <joda@pdc.kth.se>
-
-	* crypto.m4: am-conditionalise HAVE_OPENSSL
-
-	* db.m4: make it possible to run this twice
-
-	* Makefile.am.common: also install nodist_include_HEADERS
-
-2002-05-16  Johan Danielsson  <joda@pdc.kth.se>
-
-	* make-proto.pl: make it possible to redefine the "private" regexp
-
-2002-05-02  Johan Danielsson  <joda@pdc.kth.se>
-
-	* db.m4: am_cond HAVE_*
-
-2002-04-30  Johan Danielsson  <joda@pdc.kth.se>
-
-	* krb-ipv6.m4: use AC_HELP_STRING; fix logic bug in AC_MSG_RESULT
-	call
-
-	* test-package.m4: use AC_HELP_STRING
-
-	* roken.m4: use AC_HELP_STRING
-
-	* osfc2.m4: use AC_HELP_STRING
-
-	* mips-abi.m4: use AC_HELP_STRING
-
-	* krb-bigendian.m4: use AC_HELP_STRING
-
-	* db.m4: rework this somewhat; check for db3/4 in subdirs, change
-	--with to --enable; it should really be possible to point it to
-	some directory --with-berkeley-db=/foo
-
-	* otp.m4: OTP test
-
-2002-04-25  Johan Danielsson  <joda@pdc.kth.se>
-
-	* destdirs.m4: define BINDIR et al
-
-2002-04-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* misc.m4: remove some stuff that is defined elsewhere
-
-	* make-proto.pl: optionally remove __P and parameter names
-
-2001-11-30  Assar Westerlund  <assar@sics.se>
-
-	* roken-frag.m4: move ipv6 tests after -lsocket (to handle Solaris
-	8)
-
-2001-09-29  Assar Westerlund  <assar@sics.se>
-
-	* install-catman.sh: handle man pages without SYNOPSIS but looking
-	for both SYNOPSIS and DESCRIPTION
-
-2001-09-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken-frag.m4: include freeaddrinfo if using getaddrinfo
-
-2001-09-13  Assar Westerlund  <assar@sics.se>
-
-	* db.m4: test for the ndbm database really being a .db one
-	and use it when moving/removing database files
-
-2001-09-03  Assar Westerlund  <assar@sics.se>
-
-	* db.m4: prefer ndbm.h to dbm.h
-	* roken-frag.m4: check for atexit and on_exit
-
-2001-09-02  Assar Westerlund  <assar@sics.se>
-
-	* check-compile-et.m4: only add /usr/include/et to CPPFLAGS if
-	it's actually used
-
-2001-09-01  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am.common (AUTOMAKE_OPTIONS): set 1.4b here so that
-	users are warned if using earlier automake versions
-
-	* find-func-no-libs2.m4: ignore "no" as a library - another
-	special case to make it easy to send the result from this macro
-	into another invocation
-
-2001-08-30  Assar Westerlund  <assar@sics.se>
-
-	* db.m4: check for ndbm functions in db3 library too
-
-2001-08-29  Jacques Vidrine  <n@nectar.com>
-
-	* check-compile-et.m4: Check for already-installed com_err.
-	* Makefile.am.common: Use the compile_et discovered at
-	  configuration time.
-
-2001-08-29  Assar Westerlund  <assar@sics.se>
-
-	* crypto.m4: use AC_WITH_ALL to allow separate specification of
-	include and lib
-	* with-all.m4: new macro for doing --with-foo, --with-foo-include,
-	and --with-foo-lib in a sensible way
-
-	* find-func-no-libs2.m4: handle both -llib and lib in the second
-	argument also yes -> "" as a library, to ease callers that send in
-	results from this macro (this might be a little bit unclean)
-
-2001-08-28  Assar Westerlund  <assar@sics.se>
-
-	* roken-frag.m4: test for issetugid
-
-2001-08-24  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am.common: change one += to = to AM_CFLAGS to avoid an
-	error with recent automake
-
-2001-08-22  Assar Westerlund  <assar@sics.se>
-
-	* crypto.m4: SHA1_CTX should be SHA_CTX
-
-2001-08-21  Assar Westerlund  <assar@sics.se>
-
-	* roken-frag.m4: remove all winsock.h
-	for now, it does more harm than good under cygwin and if it should be
-	used, the correct conditional needs to be found
-	from <tol@stacken.kth.se>
-
-2001-08-21  Johan Danielsson  <joda@pdc.kth.se>
-
-	* check-var.m4: AC_TR_CPP -> AS_TR_CPP to make autoconf 2.52 happy
-
-2001-08-17  Johan Danielsson  <joda@pdc.kth.se>
-
-	* krb-ipv6.m4: add test for non-existant in6addr_loopback in AIX
-
-2001-08-15  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken-frag.m4: test for getaddrinfo's that doesn't like numeric
-	services
-
-	* broken-getaddrinfo.m4: test for getaddrinfo's that doesn't like
-	numeric services
-
-2001-08-08  Assar Westerlund  <assar@sics.se>
-
-	* db.m4: do a separate test for gdbm/ndbm.h and -lgdbm
-
-2001-08-05  Assar Westerlund  <assar@sics.se>
-
-	* db.m4: ac_cv_funclib_\func can be yes
-	* db.m4: use AC_FIND_FUNC_NO_LIBS to test in libc
-	anset cache variables after first attempt at finding dbm_firstkey (how
-	should this be done?)
-	* db.m4: do not test for ndbm library when ndbm-db was found in libc
-	* db.m4: test for ndbm-compatability with db
-	* db.m4: add forgotten AC_SUBST
-	* db.m4: first steps towards a new db test
-
-	* roken-frag.m4: remove header files checked by rk_db
-
-2001-08-05  Assar Westerlund  <assar@sics.se>
-
-	* roken-frag.m4: remove header files checked by rk_db
-
-2001-06-24  Assar Westerlund  <assar@sics.se>
-
-	* roken-frag.m4: make sure of building getaddrinfo et al if
-	missing
-
-2001-06-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* install-catman.sh: try to install links to manpages
-
-2001-06-19  Assar Westerlund  <assar@sics.se>
-
-	* broken-glob.m4: try to handle FreeBSD's GLOB_MAXPATH
-
-2001-06-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken-frag.m4: test for getaddrinfo needs netdb.h on Tru64
-
-2001-06-17  Assar Westerlund  <assar@sics.se>
-
-	* roken-frag.m4 (AC_CHECK_HEADERS): test for random
-	* roken-frag.m4 (AC_CHECK_HEADERS): test for initstate and
-	setstate
-
-	* roken-frag.m4 (AC_BROKEN): test for
-	emalloc,ecalloc,erealloc,estrdup
-
-2001-05-11  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken-frag.m4: bswap{16,32}
-	
-2001-03-26  Assar Westerlund  <assar@sics.se>
-
-	* broken-glob.m4: also test for GLOB_LIMIT
-	* krb-ipv6.m4: restore CFLAGS if v6 is not detected
-
-2001-02-20  Assar Westerlund  <assar@sics.se>
-
-	* roken-frag.m4: check for getprogname, setprogname
-
-2001-02-07  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am.common (LIB_kdfs): set.  use it.  from Ake Sandgren
- 	<ake@cs.umu.se>
-
-2000-12-26  Assar Westerlund  <assar@sics.se>
-
-	* krb-ipv6.m4: remove some dnl that weren't the correct with
-	modern autoconf
-
-2000-12-15  Assar Westerlund  <assar@sics.se>
-
-	* roken-frag.m4 (inet_ntoa, inet_ntop, inet_pton): add necessary
-	includes when testing
-	* broken2.m4: new variant of broken, with includes and arguments
-
-	* test-package.m4: s/ifval/m4_ifval/ to keep in sync with
- 	autoconf.  from Ake Sandgren <ake@cs.umu.se>
-	* check-var.m4: s/ifval/m4_ifval/ to keep in sync with autoconf.
-  	from Ake Sandgren <ake@cs.umu.se>
-
-2000-12-13  Assar Westerlund  <assar@sics.se>
-
-	* krb-irix.m4: need to set irix to no first.  From Ake Sandgren
-	<ake@cs.umu.se>
-
-2000-12-12  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken-frag.m4: move sa_len test to before test for broken
-	getnameinfo
-
-2000-12-12  Assar Westerlund  <assar@sics.se>
-
-	* roken-frag.m4: only test for broken getnameinfo if it exists
-
-2000-12-10  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken-frag.m4: ifaddrs.h
-
-2000-12-06  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken-frag.m4: test for unvis, and vis.h
-
-	* roken-frag.m4: test for strvis*
-
-2000-12-05  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am.common: just warn if we fail to setuid a program
-
-	* broken-getnameinfo.m4: add more quotes
-
-	* roken-frag.m4: test for getifaddrs
-
-	* roken-frag.m4: test for broken AIX getnameinfo
-
-	* broken-getnameinfo.m4: test for broken getnameinfo
-
-2000-12-01  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am.common: add kludge for LIBS
-
-2000-11-30  Johan Danielsson  <joda@pdc.kth.se>
-
-	* check-man.m4: update this after recent changes
-
-	* Makefile.am.common: use install-catman.sh
-
-	* install-catman.sh: script to install preformatted manual pages
-
-	* Makefile.am.common: change cat handling
-
-2000-11-29  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken-frag.m4: don't use AC_CONFIG_FILES here, since it doesn't
-	work with automake
-
-2000-11-15  Assar Westerlund  <assar@sics.se>
-
-	* krb-readline.m4: link against the libtool-versions of
-	libeditline and libel_compat
-
-	* Makefile.am.common (INCLUDES): add $(INCLUDES_roken)
-	* roken-frag.m4 (CPPFLAGS_roken): rename to INCLUDES_roken
-
-2000-11-05  Johan Danielsson  <joda@pdc.kth.se>
-
-	* aix.m4: set aix
-
-2000-08-19  Assar Westerlund  <assar@sics.se>
-
-	* krb-bigendian.m4: merge from arla: make it work better
-
-2000-08-07  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken-frag.m4: check getsockname for proto compat
-
-2000-08-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am.common: add library for pidfile
-
-	* roken-frag.m4: tests for util.h and pidfile
-
-2000-07-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* check-var.m4: rename to rk_CHECK_VAR, transposing the arguments,
-	and making the second optional, AU_DEFINE AC_CHECK_VAR to
-	rk_CHECK_VAR
-
-	* roken-frag.m4: other roken tests
-
-	* db.m4: db tests
-
-2000-07-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* mips-abi.m4: AC_ERROR -> AC_MSG_ERROR
-
-	* check-netinet-ip-and-tcp.m4: use cache_check, and make this work
-	with new autoconf
-
-	* aix.m4: don't subst AFS_EXTRA_LD
-
-2000-07-15  Johan Danielsson  <joda@pdc.kth.se>
-
-	* check-var.m4: workaround feature of newer autoconf
-
-	* find-func-no-libs2.m4: use cleaner autoheader trick
-
-	* have-type.m4: use cleaner autoheader trick
-
-	* have-types.m4: use cleaner autoheader trick
-
-	* test-package.m4: add 6th parameter for now
-
-	* broken.m4: use cleaner autoheader trick
-
-	* retsigtype.m4: test for signal handler return type
-
-	* broken-realloc.m4: test for broken realloc
-
-2000-07-08  Assar Westerlund  <assar@sics.se>
-
-	* roken.m4: set CPPFLAGS_roken and call AC_CONFIG_SUBDIRS
-
-2000-07-02  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am.common (CP): set and use
-
-2000-04-05  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am.common (INCLUDE_openldap, LIB_openldap): add
-
-2000-03-28  Assar Westerlund  <assar@sics.se>
-
-	* krb-prog-yacc.m4: AC_MSG_WARNING should be AC_MSG_WARN
-
-	* shared-libs.m4: try to update to freebsd5 (and elf)
-
-2000-03-16  Assar Westerlund  <assar@sics.se>
-
-	* krb-prog-yacc.m4: warn we do not find any yacc
-
-2000-01-08  Assar Westerlund  <assar@sics.se>
-
-	* krb-bigendian.m4: new file, replacement for ac_c_bigendian
-
-2000-01-01  Assar Westerlund  <assar@sics.se>
-
-	* krb-ipv6.m4: re-organize: test for type of stack first so that
-	we can find the libraries that we might have to link the test
-	program against.  not linking the test program means we don't know
-	if the right stuff is in the libraries.  also cosmetic changes to
-	make sure we print the checking for... nicely
-
-1999-12-21  Assar Westerlund  <assar@sics.se>
-
-	* krb-ipv6.m4: try linking, not only compiling
-	* krb-ipv6.m4: add --without-ipv6 make sure we have `in6addr_any'
- 	which we use in the code.  This test avoids false positives on
- 	OpenBSD
-
-1999-11-29  Johan Danielsson  <joda@pdc.kth.se>
-
-	* grok-type.m4: inttypes.h
-
-1999-11-05  Assar Westerlund  <assar@sics.se>
-
-	* check-x.m4: include X_PRE_LIBS and X_EXTRA_LIBS when testing
-
-1999-11-01  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am.common (install-build-headers): use `cp' instead of
- 	INSTALL_DATA for copying header files inside the build tree.  The
- 	user might have redefined INSTALL_DATA to specify owners and other
- 	information.
-
-1999-10-30  Assar Westerlund  <assar@sics.se>
-
-	* find-func-no-libs2.m4: add yet another argument to allow specify
- 	linker flags that will be added _before_ the library when trying
- 	to link
-
-	* find-func-no-libs.m4: add yet another argument to allow specify
- 	linker flags that will be added _before_ the library when trying
- 	to link
-
-1999-10-12  Assar Westerlund  <assar@sics.se>
-
-	* find-func-no-libs2.m4 (AC_FIND_FUNC_NO_LIBS2): new argument
- 	`extra libs'
-
-	* find-func-no-libs.m4 (AC_FIND_FUNC_NO_LIBS): new argument `extra
- 	libs'
-
-1999-09-01  Johan Danielsson  <joda@pdc.kth.se>
-
-	* capabilities.m4: sgi capabilities
-
-1999-07-29  Assar Westerlund  <assar@sics.se>
-
-	* have-struct-field.m4: quote macros when undefining
-
-1999-07-28  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am.common (install-build-headers): add dependencies
-
-1999-07-24  Assar Westerlund  <assar@sics.se>
-	
-	* have-type.m4: try to get autoheader to co-operate
-
-	* have-type.m4: stolen from Arla
-
-	* krb-struct-sockaddr-sa-len.m4: not used any longer.  removed.
-
-1999-06-13  Assar Westerlund  <assar@sics.se>
-
-	* krb-struct-spwd.m4: consequent name of cache variables
-
-	* krb-func-getlogin.m4: new file for testing for posix (broken)
- 	getlogin
-
-	* shared-libs.m4 (freebsd[34]): don't use ld -Bshareable
-
-1999-06-02  Johan Danielsson  <joda@pdc.kth.se>
-
-	* check-x.m4: extended test for X
-	
-1999-05-14  Assar Westerlund  <assar@sics.se>
-
-	* check-netinet-ip-and-tcp.m4: proper autoheader tricks
-
-	* check-netinet-ip-and-tcp.m4: new file for checking for
- 	netinet/{ip,tcp}.h.  These are special as they on Irix 6.5.3
-	require <standards.h> to be included in advance.
- 
-	* check-xau.m4: we also need to check for XauFilename since it's
- 	used by appl/kx.  And on Irix 6.5 that function requires linking
- 	with -lX11.
-
-1999-05-08  Assar Westerlund  <assar@sics.se>
-
-	* krb-find-db.m4: try with more header files than ndbm.h
-
-1999-04-19  Assar Westerlund  <assar@sics.se>
-
-	* test-package.m4: try to handle the case of --without-package
- 	correctly
-
-1999-04-17  Assar Westerlund  <assar@sics.se>
-
-	* make-aclocal: removed.  Not used anymore, being replaced by
-	aclocal from automake.
-
-Thu Apr 15 14:17:26 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* make-proto.pl: handle __attribute__
-
-Fri Apr  9 20:37:18 1999  Assar Westerlund  <assar@sics.se>
-
-	* shared-libs.m4: quote $@
-	(freebsd3): add install_symlink_command2
-
-Wed Apr  7 20:40:22 1999  Assar Westerlund  <assar@sics.se>
-
-	* shared-libs.m4 (hpux): no library dependencies
-
-Mon Apr  5 16:13:08 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* test-package.m4: compile and link, rather than looking for
- 	files; also export more information, so it's possible to add rpath
- 	information
-
-Tue Mar 30 13:49:54 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am.common: CFLAGS -> AM_CFLAGS
-
-Mon Mar 29 16:51:12 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* check-xau.m4: check for XauWriteAuth before checking for
- 	XauReadAuth to catch -lX11:s not containing XauWriteAuth, and IRIX
- 	6.5 that doesn't work with -lXau
-
-Sat Mar 27 18:03:58 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* osfc2.m4: --enable-osfc2
-
-Fri Mar 19 15:34:52 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* shared-libs.m4: move shared lib stuff here
-
-Wed Mar 24 23:24:51 1999  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am.common (install-build-headers): simplify loop
-
-Tue Mar 23 17:31:23 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* check-getpwnam_r-posix.m4: check for getpwnam_r, and if it's
- 	posix or not
-
-Tue Mar 23 00:00:13 1999  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am.common (install_build_headers): try to make it work
- 	better when list of headers is empty.  handle make rewriting the
- 	filenames.
-
-	* Makefile.am.common: hesoid -> hesiod
-
-Sun Mar 21 14:48:03 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* grok-type.m4: <bind/bitypes.h>
-
-	* Makefile.am.common: fix for automake bug/feature; add more LIB_*
-
-	* test-package.m4: fix typo
-
-	* check-man.m4: fix some typos
-
-	* auth-modules.m4: tests for authentication modules
-
-Thu Mar 18 11:02:55 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am.common: make install-build-headers a multi
- 	dependency target
-
-	* Makefile.am.common: remove include_dir hack
-
-	* Makefile.am.common: define LIB_kafs and LIB_gssapi
-
-	* krb-find-db.m4: subst DBLIB also
-
-	* check-xau.m4: test for Xau{Read,Write}Auth
-
-Wed Mar 10 19:29:20 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* wflags.m4: AC_WFLAGS
-
-Mon Mar  1 11:23:41 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* have-struct-field.m4: remove extra AC_MSG_RESULT
-
-	* proto-compat.m4: typo
-
-	* krb-func-getcwd-broken.m4: update to autoconf 2.13
-
-	* krb-find-db.m4: update to autoconf 2.13
-
-	* check-declaration.m4: typo
-
-	* have-pragma-weak.m4: update to autoconf 2.13
-
-	* have-struct-field.m4: better handling of types with spaces
-
-Mon Feb 22 20:05:06 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* broken-glob.m4: check for broken glob
-
-Sun Jan 31 06:50:33 1999  Assar Westerlund  <assar@sics.se>
-
-	* krb-ipv6.m4: more magic for different v6 implementations.  From
- 	Jun-ichiro itojun Hagino <itojun@kame.net>
-
-Sun Nov 22 12:16:06 1998  Assar Westerlund  <assar@sics.se>
-
-	* krb-struct-spwd.m4: new file
-
-Thu Jun  4 04:07:41 1998  Assar Westerlund  <assar@sics.se>
-
-	* find-func-no-libs2.m4: new file
-
-Fri May  1 23:31:28 1998  Assar Westerlund  <assar@sics.se>
-
-	* c-attribute.m4, c-function.m4: new files (from arla)
-
-Wed Mar 18 23:11:29 1998  Assar Westerlund  <assar@sics.se>
-
-	* krb-ipv6.m4: rename HAVE_STRUCT_SOCKADDR_IN6 to HAVE_IPV6
-
-Thu Feb 26 02:37:49 1998  Assar Westerlund  <assar@sics.se>
-
-	* make-proto.pl: should work with perl4
-
diff --git a/crypto/heimdal/cf/Makefile.am.common b/crypto/heimdal/cf/Makefile.am.common
deleted file mode 100644
index bbc79a5ab9df..000000000000
--- a/crypto/heimdal/cf/Makefile.am.common
+++ /dev/null
@@ -1,249 +0,0 @@
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-SUFFIXES = .et .h
-
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
-
-if do_roken_rename
-ROKEN_RENAME = -DROKEN_RENAME
-endif
-
-AM_CFLAGS = $(WFLAGS)
-
-CP	= cp
-
-## set build_HEADERZ to headers that should just be installed in build tree
-
-buildinclude = $(top_builddir)/include
-
-## these aren't detected by automake
-LIB_XauReadAuth		= @LIB_XauReadAuth@
-LIB_crypt		= @LIB_crypt@
-LIB_dbm_firstkey	= @LIB_dbm_firstkey@
-LIB_dbopen		= @LIB_dbopen@
-LIB_dlopen		= @LIB_dlopen@
-LIB_dn_expand		= @LIB_dn_expand@
-LIB_el_init		= @LIB_el_init@
-LIB_getattr		= @LIB_getattr@
-LIB_gethostbyname	= @LIB_gethostbyname@
-LIB_getpwent_r		= @LIB_getpwent_r@
-LIB_getpwnam_r		= @LIB_getpwnam_r@
-LIB_getsockopt		= @LIB_getsockopt@
-LIB_logout		= @LIB_logout@
-LIB_logwtmp		= @LIB_logwtmp@
-LIB_odm_initialize	= @LIB_odm_initialize@
-LIB_openpty		= @LIB_openpty@
-LIB_pidfile		= @LIB_pidfile@
-LIB_res_search		= @LIB_res_search@
-LIB_setpcred		= @LIB_setpcred@
-LIB_setsockopt		= @LIB_setsockopt@
-LIB_socket		= @LIB_socket@
-LIB_syslog		= @LIB_syslog@
-LIB_tgetent		= @LIB_tgetent@
-LIB_com_err		= @LIB_com_err@
-LIB_door_create		= @LIB_door_create@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-LEXLIB = @LEXLIB@
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-SUFFIXES += .x .z
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-
-SUFFIXES += .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-NROFF_MAN = groff -mandoc -Tascii
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-## MAINTAINERCLEANFILES += 
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-if KRB5
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-endif
-
-if DCE
-LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-endif
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
diff --git a/crypto/heimdal/cf/aix.m4 b/crypto/heimdal/cf/aix.m4
deleted file mode 100644
index 32aeba6a70c2..000000000000
--- a/crypto/heimdal/cf/aix.m4
+++ /dev/null
@@ -1,57 +0,0 @@
-dnl
-dnl $Id: aix.m4 14147 2004-08-25 14:14:01Z joda $
-dnl
-
-AC_DEFUN([rk_AIX],[
-
-aix=no
-case "$host" in 
-*-*-aix3*)
-	aix=3
-	;;
-*-*-aix4*|*-*-aix5*)
-	aix=4
-	;;
-esac
-
-AM_CONDITIONAL(AIX, test "$aix" != no)dnl
-AM_CONDITIONAL(AIX4, test "$aix" = 4)
-
-
-AC_ARG_ENABLE(dynamic-afs,
-	AS_HELP_STRING([--disable-dynamic-afs],
-		[do not use loaded AFS library with AIX]))
-
-if test "$aix" != no; then
-	if test "$enable_dynamic_afs" != no; then
-		AC_REQUIRE([rk_DLOPEN])
-		if test "$ac_cv_func_dlopen" = no; then
-			AC_FIND_FUNC_NO_LIBS(loadquery, ld)
-		fi
-		if test "$ac_cv_func_dlopen" != no; then
-			AIX_EXTRA_KAFS='$(LIB_dlopen)'
-		elif test "$ac_cv_func_loadquery" != no; then
-			AIX_EXTRA_KAFS='$(LIB_loadquery)'
-		else
-			AC_MSG_NOTICE([not using dynloaded AFS library])
-			AIX_EXTRA_KAFS=
-			enable_dynamic_afs=no
-		fi
-	else
-		AIX_EXTRA_KAFS=
-	fi
-fi
-
-AM_CONDITIONAL(AIX_DYNAMIC_AFS, test "$enable_dynamic_afs" != no)dnl
-AC_SUBST(AIX_EXTRA_KAFS)dnl
-
-AH_BOTTOM([#if _AIX
-#define _ALL_SOURCE
-/* XXX this is gross, but kills about a gazillion warnings */
-struct ether_addr;
-struct sockaddr;
-struct sockaddr_dl;
-struct sockaddr_in;
-#endif])
-
-])
diff --git a/crypto/heimdal/cf/auth-modules.m4 b/crypto/heimdal/cf/auth-modules.m4
deleted file mode 100644
index d2383c6bbde6..000000000000
--- a/crypto/heimdal/cf/auth-modules.m4
+++ /dev/null
@@ -1,45 +0,0 @@
-dnl $Id: auth-modules.m4 13338 2004-02-12 14:21:14Z lha $
-dnl
-dnl Figure what authentication modules should be built
-dnl
-dnl rk_AUTH_MODULES(module-list)
-
-AC_DEFUN([rk_AUTH_MODULES],[
-AC_MSG_CHECKING([which authentication modules should be built])
-
-z='m4_ifval([$1], $1, [sia pam afskauthlib])'
-LIB_AUTH_SUBDIRS=
-for i in $z; do
-case $i in
-sia)
-if test "$ac_cv_header_siad_h" = yes; then
-	LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS sia"
-fi
-;;
-pam)
-case "${host}" in
-*-*-freebsd*)	ac_cv_want_pam_krb4=no ;;
-*)		ac_cv_want_pam_krb4=yes ;;
-esac
-
-if test "$ac_cv_want_pam_krb4" = yes -a \
-    "$ac_cv_header_security_pam_modules_h" = yes -a \
-    "$enable_shared" = yes; then
-	LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS pam"
-fi
-;;
-afskauthlib)
-case "${host}" in
-*-*-irix[[56]]*) LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS afskauthlib" ;;
-esac
-;;
-esac
-done
-if test "$LIB_AUTH_SUBDIRS"; then
-	AC_MSG_RESULT($LIB_AUTH_SUBDIRS)
-else
-	AC_MSG_RESULT(none)
-fi
-
-AC_SUBST(LIB_AUTH_SUBDIRS)dnl
-])
diff --git a/crypto/heimdal/cf/autobuild.m4 b/crypto/heimdal/cf/autobuild.m4
deleted file mode 100644
index bd1f4dc1b0b3..000000000000
--- a/crypto/heimdal/cf/autobuild.m4
+++ /dev/null
@@ -1,34 +0,0 @@
-# autobuild.m4 serial 2 (autobuild-3.3)
-# Copyright (C) 2004 Simon Josefsson
-#
-# This file is free software, distributed under the terms of the GNU
-# General Public License.  As a special exception to the GNU General
-# Public License, this file may be distributed as part of a program
-# that contains a configuration script generated by Autoconf, under
-# the same distribution terms as the rest of that program.
-#
-# This file can can be used in projects which are not available under
-# the GNU General Public License or the GNU Library General Public
-# License but which still want to provide support for Autobuild.
-
-# Usage: AB_INIT([MODE]).
-AC_DEFUN([AB_INIT],
-[
-	AC_REQUIRE([AC_CANONICAL_BUILD])
-	AC_REQUIRE([AC_CANONICAL_HOST])
-
-	AC_MSG_NOTICE([autobuild project... ${PACKAGE_NAME:-$PACKAGE}])
-	AC_MSG_NOTICE([autobuild revision... ${PACKAGE_VERSION:-$VERSION}])
-	hostname=`hostname`
-	if test "$hostname"; then
-	   AC_MSG_NOTICE([autobuild hostname... $hostname])
-	fi
-	ifelse([$1],[],,[AC_MSG_NOTICE([autobuild mode... $1])])
-	date=`date +%Y%m%d-%H%M%S`
-	if test "$?" != 0; then
-	   date=`date`
-	fi
-	if test "$date"; then
-	   AC_MSG_NOTICE([autobuild timestamp... $date])
-	fi
-])
diff --git a/crypto/heimdal/cf/broken-getaddrinfo.m4 b/crypto/heimdal/cf/broken-getaddrinfo.m4
deleted file mode 100644
index b8d323c71229..000000000000
--- a/crypto/heimdal/cf/broken-getaddrinfo.m4
+++ /dev/null
@@ -1,26 +0,0 @@
-dnl $Id: broken-getaddrinfo.m4 15401 2005-06-16 16:10:50Z lha $
-dnl
-dnl test if getaddrinfo can handle numeric services
-
-AC_DEFUN([rk_BROKEN_GETADDRINFO],[
-AC_CACHE_CHECK([if getaddrinfo handles numeric services], ac_cv_func_getaddrinfo_numserv,
-AC_RUN_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netdb.h>
-
-int
-main(int argc, char **argv)
-{
-	struct addrinfo hints, *ai;
-	memset(&hints, 0, sizeof(hints));
-	hints.ai_flags = AI_PASSIVE;
-	hints.ai_socktype = SOCK_STREAM;
-	hints.ai_family = PF_UNSPEC;
-	if(getaddrinfo(NULL, "17", &hints, &ai) != 0)
-		return 1;
-	if(getaddrinfo(NULL, "0", &hints, &ai) != 0)
-		return 1;
-	return 0;
-}
-]])],[ac_cv_func_getaddrinfo_numserv=yes],[ac_cv_func_getaddrinfo_numserv=no]))])
diff --git a/crypto/heimdal/cf/broken-getnameinfo.m4 b/crypto/heimdal/cf/broken-getnameinfo.m4
deleted file mode 100644
index bf2897b2cdd8..000000000000
--- a/crypto/heimdal/cf/broken-getnameinfo.m4
+++ /dev/null
@@ -1,28 +0,0 @@
-dnl $Id: broken-getnameinfo.m4,v 1.2.12.1 2004/04/01 07:27:32 joda Exp $
-dnl
-dnl test for broken AIX getnameinfo
-
-AC_DEFUN([rk_BROKEN_GETNAMEINFO],[
-AC_CACHE_CHECK([if getnameinfo is broken], ac_cv_func_getnameinfo_broken,
-AC_TRY_RUN([[#include <stdio.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <netdb.h>
-
-int
-main(int argc, char **argv)
-{
-  struct sockaddr_in sin;
-  char host[256];
-  memset(&sin, 0, sizeof(sin));
-#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
-  sin.sin_len = sizeof(sin);
-#endif
-  sin.sin_family = AF_INET;
-  sin.sin_addr.s_addr = 0xffffffff;
-  sin.sin_port = 0;
-  return getnameinfo((struct sockaddr*)&sin, sizeof(sin), host, sizeof(host),
-	      NULL, 0, 0);
-}
-]], ac_cv_func_getnameinfo_broken=no, ac_cv_func_getnameinfo_broken=yes))])
diff --git a/crypto/heimdal/cf/broken-glob.m4 b/crypto/heimdal/cf/broken-glob.m4
deleted file mode 100644
index a27e7ea3be0f..000000000000
--- a/crypto/heimdal/cf/broken-glob.m4
+++ /dev/null
@@ -1,29 +0,0 @@
-dnl $Id: broken-glob.m4 14166 2004-08-26 12:35:42Z joda $
-dnl
-dnl check for glob(3)
-dnl
-AC_DEFUN([AC_BROKEN_GLOB],[
-AC_CACHE_CHECK(for working glob, ac_cv_func_glob_working,
-ac_cv_func_glob_working=yes
-AC_LINK_IFELSE([AC_LANG_PROGRAM([[
-#include <stdio.h>
-#include <glob.h>]],[[
-glob(NULL, GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE|
-#ifdef GLOB_MAXPATH
-GLOB_MAXPATH
-#else
-GLOB_LIMIT
-#endif
-,
-NULL, NULL);
-]])],[:],[ac_cv_func_glob_working=no]))
-
-if test "$ac_cv_func_glob_working" = yes; then
-	AC_DEFINE(HAVE_GLOB, 1, [define if you have a glob() that groks 
-	GLOB_BRACE, GLOB_NOCHECK, GLOB_QUOTE, GLOB_TILDE, and GLOB_LIMIT])
-fi
-if test "$ac_cv_func_glob_working" = yes; then
-AC_NEED_PROTO([#include <stdio.h>
-#include <glob.h>],glob)
-fi
-])
diff --git a/crypto/heimdal/cf/broken-realloc.m4 b/crypto/heimdal/cf/broken-realloc.m4
deleted file mode 100644
index 0b7c4766372c..000000000000
--- a/crypto/heimdal/cf/broken-realloc.m4
+++ /dev/null
@@ -1,25 +0,0 @@
-dnl
-dnl $Id: broken-realloc.m4 15435 2005-06-16 19:45:52Z lha $
-dnl
-dnl Test for realloc that doesn't handle NULL as first parameter
-dnl
-AC_DEFUN([rk_BROKEN_REALLOC], [
-AC_CACHE_CHECK(if realloc if broken, ac_cv_func_realloc_broken, [
-ac_cv_func_realloc_broken=no
-AC_RUN_IFELSE([AC_LANG_SOURCE([[
-#include <stddef.h>
-#include <stdlib.h>
-
-int main(int argc, char **argv)
-{
-	return realloc(NULL, 17) == NULL;
-}
-]])],[:], [ac_cv_func_realloc_broken=yes],[:])
-])
-if test "$ac_cv_func_realloc_broken" = yes ; then
-	AC_DEFINE(BROKEN_REALLOC, 1, [Define if realloc(NULL) doesn't work.])
-fi
-AH_BOTTOM([#ifdef BROKEN_REALLOC
-#define realloc(X, Y) rk_realloc((X), (Y))
-#endif])
-])
diff --git a/crypto/heimdal/cf/broken-snprintf.m4 b/crypto/heimdal/cf/broken-snprintf.m4
deleted file mode 100644
index 8e2287419f2d..000000000000
--- a/crypto/heimdal/cf/broken-snprintf.m4
+++ /dev/null
@@ -1,63 +0,0 @@
-dnl $Id: broken-snprintf.m4 15455 2005-06-16 21:03:43Z lha $
-dnl
-AC_DEFUN([AC_BROKEN_SNPRINTF], [
-AC_CACHE_CHECK(for working snprintf,ac_cv_func_snprintf_working,
-ac_cv_func_snprintf_working=yes
-AC_RUN_IFELSE([AC_LANG_SOURCE([[
-#include <stdio.h>
-#include <string.h>
-int main(int argc, char **argv)
-{
-	char foo[[3]];
-	snprintf(foo, 2, "12");
-	return strcmp(foo, "1") || snprintf(NULL, 0, "%d", 12) != 2;
-}]])],[:],[ac_cv_func_snprintf_working=no],[:]))
-
-if test "$ac_cv_func_snprintf_working" = yes; then
-	AC_DEFINE_UNQUOTED(HAVE_SNPRINTF, 1, [define if you have a working snprintf])
-fi
-if test "$ac_cv_func_snprintf_working" = yes; then
-AC_NEED_PROTO([#include <stdio.h>],snprintf)
-fi
-])
-
-AC_DEFUN([AC_BROKEN_VSNPRINTF],[
-AC_CACHE_CHECK(for working vsnprintf,ac_cv_func_vsnprintf_working,
-ac_cv_func_vsnprintf_working=yes
-AC_RUN_IFELSE([AC_LANG_SOURCE([[
-#include <stdio.h>
-#include <string.h>
-#include <stdarg.h>
-
-int foo(int num, ...)
-{
-	char bar[[3]];
-	va_list arg;
-	va_start(arg, num);
-	vsnprintf(bar, 2, "%s", arg);
-	va_end(arg);
-	return strcmp(bar, "1");
-}
-
-int bar(int num, int len, ...)
-{
-	int r;
-	va_list arg;
-	va_start(arg, len);
-	r = vsnprintf(NULL, 0, "%s", arg);
-	va_end(arg);
-	return r != len;
-}
-
-int main(int argc, char **argv)
-{
-	return foo(0, "12") || bar(0, 2, "12");
-}]])],[:],[ac_cv_func_vsnprintf_working=no],[:]))
-
-if test "$ac_cv_func_vsnprintf_working" = yes; then
-	AC_DEFINE_UNQUOTED(HAVE_VSNPRINTF, 1, [define if you have a working vsnprintf])
-fi
-if test "$ac_cv_func_vsnprintf_working" = yes; then
-AC_NEED_PROTO([#include <stdio.h>],vsnprintf)
-fi
-])
diff --git a/crypto/heimdal/cf/broken.m4 b/crypto/heimdal/cf/broken.m4
deleted file mode 100644
index 6306ba7176f3..000000000000
--- a/crypto/heimdal/cf/broken.m4
+++ /dev/null
@@ -1,12 +0,0 @@
-dnl $Id: broken.m4 11003 2002-05-19 19:37:08Z joda $
-dnl
-dnl
-dnl Same as AC _REPLACE_FUNCS, just define HAVE_func if found in normal
-dnl libraries 
-
-AC_DEFUN([AC_BROKEN],
-[AC_FOREACH([rk_func], [$1],
-	[AC_CHECK_FUNC(rk_func,
-		[AC_DEFINE_UNQUOTED(AS_TR_CPP(HAVE_[]rk_func), 1, 
-			[Define if you have the function `]rk_func['.])],
-		[rk_LIBOBJ(rk_func)])])])
diff --git a/crypto/heimdal/cf/broken2.m4 b/crypto/heimdal/cf/broken2.m4
deleted file mode 100644
index 20d5163ac85a..000000000000
--- a/crypto/heimdal/cf/broken2.m4
+++ /dev/null
@@ -1,25 +0,0 @@
-dnl $Id: broken2.m4 14181 2004-08-31 12:53:36Z joda $
-dnl
-dnl AC_BROKEN but with more arguments
-
-dnl AC_BROKEN2(func, includes, arguments)
-AC_DEFUN([AC_BROKEN2],
-[AC_MSG_CHECKING([for $1])
-AC_CACHE_VAL(ac_cv_func_[]$1,
-[AC_LINK_IFELSE([AC_LANG_PROGRAM([[$2]],[[
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$1) || defined (__stub___$1)
-choke me
-#else
-$1($3);
-#endif
-]])], [eval "ac_cv_func_[]$1=yes"], [eval "ac_cv_func_[]$1=no"])])
-if eval "test \"\${ac_cv_func_[]$1}\" = yes"; then
-  AC_DEFINE_UNQUOTED(AS_TR_CPP(HAVE_[]$1), 1, define)
-  AC_MSG_RESULT(yes)
-else
-  AC_MSG_RESULT(no)
-  rk_LIBOBJ($1)
-fi])
diff --git a/crypto/heimdal/cf/c-attribute.m4 b/crypto/heimdal/cf/c-attribute.m4
deleted file mode 100644
index 1025538f66f7..000000000000
--- a/crypto/heimdal/cf/c-attribute.m4
+++ /dev/null
@@ -1,28 +0,0 @@
-dnl
-dnl $Id: c-attribute.m4 14166 2004-08-26 12:35:42Z joda $
-dnl
-
-dnl
-dnl Test for __attribute__
-dnl
-
-AC_DEFUN([AC_C___ATTRIBUTE__], [
-AC_MSG_CHECKING(for __attribute__)
-AC_CACHE_VAL(ac_cv___attribute__, [
-AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdlib.h>
-static void foo(void) __attribute__ ((noreturn));
-
-static void
-foo(void)
-{
-  exit(1);
-}
-]])],
-[ac_cv___attribute__=yes],
-[ac_cv___attribute__=no])])
-if test "$ac_cv___attribute__" = "yes"; then
-  AC_DEFINE(HAVE___ATTRIBUTE__, 1, [define if your compiler has __attribute__])
-fi
-AC_MSG_RESULT($ac_cv___attribute__)
-])
-
diff --git a/crypto/heimdal/cf/c-function.m4 b/crypto/heimdal/cf/c-function.m4
deleted file mode 100644
index cb39705e8694..000000000000
--- a/crypto/heimdal/cf/c-function.m4
+++ /dev/null
@@ -1,33 +0,0 @@
-dnl
-dnl $Id: c-function.m4 15422 2005-06-16 18:59:29Z lha $
-dnl
-
-dnl
-dnl Test for __FUNCTION__
-dnl
-
-AC_DEFUN([AC_C___FUNCTION__], [
-AC_MSG_CHECKING(for __FUNCTION__)
-AC_CACHE_VAL(ac_cv___function__, [
-AC_RUN_IFELSE([AC_LANG_SOURCE([[
-#include <string.h>
-
-static char *foo(void)
-{
-  return __FUNCTION__;
-}
-
-int main(int argc, char **argc)
-{
-  return strcmp(foo(), "foo") != 0;
-}
-]])],
-[ac_cv___function__=yes],
-[ac_cv___function__=no],
-[ac_cv___function__=no])])
-if test "$ac_cv___function__" = "yes"; then
-  AC_DEFINE(HAVE___FUNCTION__, 1, [define if your compiler has __FUNCTION__])
-fi
-AC_MSG_RESULT($ac_cv___function__)
-])
-
diff --git a/crypto/heimdal/cf/capabilities.m4 b/crypto/heimdal/cf/capabilities.m4
deleted file mode 100644
index 12cbef81b417..000000000000
--- a/crypto/heimdal/cf/capabilities.m4
+++ /dev/null
@@ -1,14 +0,0 @@
-dnl
-dnl $Id: capabilities.m4 13338 2004-02-12 14:21:14Z lha $
-dnl
-
-dnl
-dnl Test SGI capabilities
-dnl
-
-AC_DEFUN([KRB_CAPABILITIES],[
-
-AC_CHECK_HEADERS(capability.h sys/capability.h)
-
-AC_CHECK_FUNCS(sgi_getcapabilitybyname cap_set_proc)
-])
diff --git a/crypto/heimdal/cf/check-compile-et.m4 b/crypto/heimdal/cf/check-compile-et.m4
deleted file mode 100644
index 583abdf7099c..000000000000
--- a/crypto/heimdal/cf/check-compile-et.m4
+++ /dev/null
@@ -1,109 +0,0 @@
-dnl $Id: check-compile-et.m4 19252 2006-12-06 13:32:55Z lha $
-dnl
-dnl CHECK_COMPILE_ET
-AC_DEFUN([CHECK_COMPILE_ET], [
-
-AC_CHECK_PROG(COMPILE_ET, compile_et, [compile_et])
-
-krb_cv_compile_et="no"
-krb_cv_com_err_need_r=""
-krb_cv_compile_et_cross=no
-if test "${COMPILE_ET}" = "compile_et"; then
-
-dnl We have compile_et.  Now let's see if it supports `prefix' and `index'.
-AC_MSG_CHECKING(whether compile_et has the features we need)
-cat > conftest_et.et <<'EOF'
-error_table test conf
-prefix CONFTEST
-index 1
-error_code CODE1, "CODE1"
-index 128
-error_code CODE2, "CODE2"
-end
-EOF
-if ${COMPILE_ET} conftest_et.et >/dev/null 2>&1; then
-  dnl XXX Some systems have <et/com_err.h>.
-  save_CPPFLAGS="${CPPFLAGS}"
-  if test -d "/usr/include/et"; then
-    CPPFLAGS="-I/usr/include/et ${CPPFLAGS}"
-  fi
-  dnl Check that the `prefix' and `index' directives were honored.
-  AC_RUN_IFELSE([
-#include <com_err.h>
-#include <string.h>
-#include "conftest_et.h"
-int main(int argc, char **argv){
-#ifndef ERROR_TABLE_BASE_conf
-#error compile_et does not handle error_table N M
-#endif
-return (CONFTEST_CODE2 - CONFTEST_CODE1) != 127;}
-  ], [krb_cv_compile_et="yes"],[CPPFLAGS="${save_CPPFLAGS}"],
-  [krb_cv_compile_et="yes" krb_cv_compile_et_cross=yes] )
-fi
-AC_MSG_RESULT(${krb_cv_compile_et})
-if test "${krb_cv_compile_et}" = "yes" -a "${krb_cv_compile_et_cross}" = no; then
-  AC_MSG_CHECKING([for if com_err generates a initialize_conf_error_table_r])
-  AC_EGREP_CPP([initialize_conf_error_table_r.*struct et_list],
-     [#include "conftest_et.h"],
-     [krb_cv_com_err_need_r="ok"])
-  if test X"$krb_cv_com_err_need_r" = X ; then
-    AC_MSG_RESULT(no)
-    krb_cv_compile_et=no
-  else
-    AC_MSG_RESULT(yes)
-  fi
-fi
-rm -fr conftest*
-fi
-
-if test "${krb_cv_compile_et_cross}" = yes ; then
-  krb_cv_com_err="cross"
-elif test "${krb_cv_compile_et}" = "yes"; then
-  dnl Since compile_et seems to work, let's check libcom_err
-  krb_cv_save_LIBS="${LIBS}"
-  LIBS="${LIBS} -lcom_err"
-  AC_MSG_CHECKING(for com_err)
-  AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <com_err.h>]],[[
-    const char *p;
-    p = error_message(0);
-    initialize_error_table_r(0,0,0,0);
-  ]])],[krb_cv_com_err="yes"],[krb_cv_com_err="no"; CPPFLAGS="${save_CPPFLAGS}"])
-  AC_MSG_RESULT(${krb_cv_com_err})
-  LIBS="${krb_cv_save_LIBS}"
-else
-  dnl Since compile_et doesn't work, forget about libcom_err
-  krb_cv_com_err="no"
-fi
-
-dnl Only use the system's com_err if we found compile_et, libcom_err, and
-dnl com_err.h.
-if test "${krb_cv_com_err}" = "yes"; then
-    DIR_com_err=""
-    LIB_com_err="-lcom_err"
-    LIB_com_err_a=""
-    LIB_com_err_so=""
-    AC_MSG_NOTICE(Using the already-installed com_err)
-    localcomerr=no
-elif test "${krb_cv_com_err}" = "cross"; then
-    DIR_com_err="com_err"
-    LIB_com_err="\$(top_builddir)/lib/com_err/libcom_err.la"
-    LIB_com_err_a="\$(top_builddir)/lib/com_err/.libs/libcom_err.a"
-    LIB_com_err_so="\$(top_builddir)/lib/com_err/.libs/libcom_err.so"
-    AC_MSG_NOTICE(Using our own com_err with toolchain compile_et)
-    localcomerr=yes
-else
-    COMPILE_ET="\$(top_builddir)/lib/com_err/compile_et"
-    DIR_com_err="com_err"
-    LIB_com_err="\$(top_builddir)/lib/com_err/libcom_err.la"
-    LIB_com_err_a="\$(top_builddir)/lib/com_err/.libs/libcom_err.a"
-    LIB_com_err_so="\$(top_builddir)/lib/com_err/.libs/libcom_err.so"
-    AC_MSG_NOTICE(Using our own com_err)
-    localcomerr=yes
-fi
-AM_CONDITIONAL(COM_ERR, test "$localcomerr" = yes)dnl
-AC_SUBST(DIR_com_err)
-AC_SUBST(LIB_com_err)
-AC_SUBST(LIB_com_err_a)
-AC_SUBST(LIB_com_err_so)
-
-])
diff --git a/crypto/heimdal/cf/check-declaration.m4 b/crypto/heimdal/cf/check-declaration.m4
deleted file mode 100644
index 18bdf8a7a0ab..000000000000
--- a/crypto/heimdal/cf/check-declaration.m4
+++ /dev/null
@@ -1,25 +0,0 @@
-dnl $Id: check-declaration.m4,v 1.3.34.1 2004/04/01 07:27:32 joda Exp $
-dnl
-dnl
-dnl Check if we need the declaration of a variable
-dnl
-
-dnl AC_HAVE_DECLARATION(includes, variable)
-AC_DEFUN([AC_CHECK_DECLARATION], [
-AC_MSG_CHECKING([if $2 is properly declared])
-AC_CACHE_VAL(ac_cv_var_$2_declaration, [
-AC_TRY_COMPILE([$1
-extern struct { int foo; } $2;],
-[$2.foo = 1;],
-eval "ac_cv_var_$2_declaration=no",
-eval "ac_cv_var_$2_declaration=yes")
-])
-
-define(foo, [HAVE_]translit($2, [a-z], [A-Z])[_DECLARATION])
-
-AC_MSG_RESULT($ac_cv_var_$2_declaration)
-if eval "test \"\$ac_cv_var_$2_declaration\" = yes"; then
-	AC_DEFINE(foo, 1, [define if your system declares $2])
-fi
-undefine([foo])
-])
diff --git a/crypto/heimdal/cf/check-getpwnam_r-posix.m4 b/crypto/heimdal/cf/check-getpwnam_r-posix.m4
deleted file mode 100644
index bb7e38859a25..000000000000
--- a/crypto/heimdal/cf/check-getpwnam_r-posix.m4
+++ /dev/null
@@ -1,25 +0,0 @@
-dnl $Id: check-getpwnam_r-posix.m4 15435 2005-06-16 19:45:52Z lha $
-dnl
-dnl check for getpwnam_r, and if it's posix or not
-
-AC_DEFUN([AC_CHECK_GETPWNAM_R_POSIX],[
-AC_FIND_FUNC_NO_LIBS(getpwnam_r,c_r)
-if test "$ac_cv_func_getpwnam_r" = yes; then
-	AC_CACHE_CHECK(if getpwnam_r is posix,ac_cv_func_getpwnam_r_posix,
-	ac_libs="$LIBS"
-	LIBS="$LIBS $LIB_getpwnam_r"
-	AC_RUN_IFELSE([AC_LANG_SOURCE([[
-#define _POSIX_PTHREAD_SEMANTICS
-#include <pwd.h>
-int main(int argc, char **argv)
-{
-	struct passwd pw, *pwd;
-	return getpwnam_r("", &pw, NULL, 0, &pwd) < 0;
-}
-]])],[ac_cv_func_getpwnam_r_posix=yes],[ac_cv_func_getpwnam_r_posix=no],[:])
-LIBS="$ac_libs")
-if test "$ac_cv_func_getpwnam_r_posix" = yes; then
-	AC_DEFINE(POSIX_GETPWNAM_R, 1, [Define if getpwnam_r has POSIX flavour.])
-fi
-fi
-])
-\ No newline at end of file
diff --git a/crypto/heimdal/cf/check-man.m4 b/crypto/heimdal/cf/check-man.m4
deleted file mode 100644
index 7538cc82d7af..000000000000
--- a/crypto/heimdal/cf/check-man.m4
+++ /dev/null
@@ -1,58 +0,0 @@
-dnl $Id: check-man.m4 13338 2004-02-12 14:21:14Z lha $
-dnl check how to format manual pages
-dnl
-
-AC_DEFUN([rk_CHECK_MAN],
-[AC_PATH_PROG(NROFF, nroff)
-AC_PATH_PROG(GROFF, groff)
-AC_CACHE_CHECK(how to format man pages,ac_cv_sys_man_format,
-[cat > conftest.1 << END
-.Dd January 1, 1970
-.Dt CONFTEST 1
-.Sh NAME
-.Nm conftest
-.Nd
-foobar
-END
-
-if test "$NROFF" ; then
-	for i in "-mdoc" "-mandoc"; do
-		if "$NROFF" $i conftest.1 2> /dev/null | \
-			grep Jan > /dev/null 2>&1 ; then
-			ac_cv_sys_man_format="$NROFF $i"
-			break
-		fi
-	done
-fi
-if test "$ac_cv_sys_man_format" = "" -a "$GROFF" ; then
-	for i in "-mdoc" "-mandoc"; do
-		if "$GROFF" -Tascii $i conftest.1 2> /dev/null | \
-			grep Jan > /dev/null 2>&1 ; then
-			ac_cv_sys_man_format="$GROFF -Tascii $i"
-			break
-		fi
-	done
-fi
-if test "$ac_cv_sys_man_format"; then
-	ac_cv_sys_man_format="$ac_cv_sys_man_format \[$]< > \[$]@"
-fi
-])
-if test "$ac_cv_sys_man_format"; then
-	CATMAN="$ac_cv_sys_man_format"
-	AC_SUBST(CATMAN)
-fi
-AM_CONDITIONAL(CATMAN, test "$CATMAN")
-AC_CACHE_CHECK(extension of pre-formatted manual pages,ac_cv_sys_catman_ext,
-[if grep _suffix /etc/man.conf > /dev/null 2>&1; then
-	ac_cv_sys_catman_ext=0
-else
-	ac_cv_sys_catman_ext=number
-fi
-])
-if test "$ac_cv_sys_catman_ext" = number; then
-	CATMANEXT='$$section'
-else
-	CATMANEXT=0
-fi
-AC_SUBST(CATMANEXT)
-])
-\ No newline at end of file
diff --git a/crypto/heimdal/cf/check-netinet-ip-and-tcp.m4 b/crypto/heimdal/cf/check-netinet-ip-and-tcp.m4
deleted file mode 100644
index 64bb8f139de7..000000000000
--- a/crypto/heimdal/cf/check-netinet-ip-and-tcp.m4
+++ /dev/null
@@ -1,33 +0,0 @@
-dnl
-dnl $Id: check-netinet-ip-and-tcp.m4 14162 2004-08-26 11:27:32Z joda $
-dnl
-
-dnl extra magic check for netinet/{ip.h,tcp.h} because on irix 6.5.3
-dnl you have to include standards.h before including these files
-
-AC_DEFUN([CHECK_NETINET_IP_AND_TCP],
-[
-AC_CHECK_HEADERS(standards.h)
-for i in netinet/ip.h netinet/tcp.h; do
-
-cv=`echo "$i" | sed 'y%./+-%__p_%'`
-
-AC_CACHE_CHECK([for $i],ac_cv_header_$cv,
-[AC_PREPROC_IFELSE([AC_LANG_SOURCE([[
-#ifdef HAVE_STANDARDS_H
-#include <standards.h>
-#endif
-#include <$i>
-]])],
-[eval "ac_cv_header_$cv=yes"],
-[eval "ac_cv_header_$cv=no"])])
-ac_res=`eval echo \\$ac_cv_header_$cv`
-if test "$ac_res" = yes; then
-	ac_tr_hdr=HAVE_`echo $i | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
-	AC_DEFINE_UNQUOTED($ac_tr_hdr, 1)
-fi
-done
-if false;then
-	AC_CHECK_HEADERS(netinet/ip.h netinet/tcp.h)
-fi
-])
diff --git a/crypto/heimdal/cf/check-type-extra.m4 b/crypto/heimdal/cf/check-type-extra.m4
deleted file mode 100644
index 2778a9d76f13..000000000000
--- a/crypto/heimdal/cf/check-type-extra.m4
+++ /dev/null
@@ -1,23 +0,0 @@
-dnl $Id: check-type-extra.m4 13338 2004-02-12 14:21:14Z lha $
-dnl
-dnl ac_check_type + extra headers
-
-dnl AC_CHECK_TYPE_EXTRA(TYPE, DEFAULT, HEADERS)
-AC_DEFUN([AC_CHECK_TYPE_EXTRA],
-[AC_REQUIRE([AC_HEADER_STDC])dnl
-AC_MSG_CHECKING(for $1)
-AC_CACHE_VAL(ac_cv_type_$1,
-[AC_EGREP_CPP(dnl
-changequote(<<,>>)dnl
-<<$1[^a-zA-Z_0-9]>>dnl
-changequote([,]), [#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-$3], ac_cv_type_$1=yes, ac_cv_type_$1=no)])dnl
-AC_MSG_RESULT($ac_cv_type_$1)
-if test $ac_cv_type_$1 = no; then
-  AC_DEFINE($1, $2, [Define this to what the type $1 should be.])
-fi
-])
diff --git a/crypto/heimdal/cf/check-var.m4 b/crypto/heimdal/cf/check-var.m4
deleted file mode 100644
index 1e6846593b08..000000000000
--- a/crypto/heimdal/cf/check-var.m4
+++ /dev/null
@@ -1,27 +0,0 @@
-dnl $Id: check-var.m4 15422 2005-06-16 18:59:29Z lha $
-dnl
-dnl rk_CHECK_VAR(variable, includes)
-AC_DEFUN([rk_CHECK_VAR], [
-AC_MSG_CHECKING(for $1)
-AC_CACHE_VAL(ac_cv_var_$1, [
-m4_ifval([$2],[
-	AC_LINK_IFELSE([AC_LANG_PROGRAM([[$2
-	void * foo(void) { return &$1; }]],[[foo()]])],
-	    [ac_cv_var_$1=yes],[ac_cv_var_$1=no])])
-if test "$ac_cv_var_$1" != yes ; then
-AC_LINK_IFELSE([AC_LANG_PROGRAM([[extern int $1;
-int foo(void) { return $1; }]],[[foo()]])],
-	    [ac_cv_var_$1=yes],[ac_cv_var_$1=no])
-fi
-])
-ac_foo=`eval echo \\$ac_cv_var_$1`
-AC_MSG_RESULT($ac_foo)
-if test "$ac_foo" = yes; then
-	AC_DEFINE_UNQUOTED(AS_TR_CPP(HAVE_[]$1), 1, 
-		[Define if you have the `]$1[' variable.])
-	m4_ifval([$2], AC_CHECK_DECLS([$1],[],[],[$2]))
-fi
-])
-
-AC_WARNING_ENABLE([obsolete])
-AU_DEFUN([AC_CHECK_VAR], [rk_CHECK_VAR([$2], [$1])], [foo])
diff --git a/crypto/heimdal/cf/check-x.m4 b/crypto/heimdal/cf/check-x.m4
deleted file mode 100644
index 07f7e2d80f59..000000000000
--- a/crypto/heimdal/cf/check-x.m4
+++ /dev/null
@@ -1,53 +0,0 @@
-dnl 
-dnl See if there is any X11 present
-dnl
-dnl $Id: check-x.m4 15435 2005-06-16 19:45:52Z lha $
-
-AC_DEFUN([KRB_CHECK_X],[
-AC_PATH_XTRA
-
-# try to figure out if we need any additional ld flags, like -R
-# and yes, the autoconf X test is utterly broken
-if test "$no_x" != yes; then
-	AC_CACHE_CHECK(for special X linker flags,krb_cv_sys_x_libs_rpath,[
-	ac_save_libs="$LIBS"
-	ac_save_cflags="$CFLAGS"
-	CFLAGS="$CFLAGS $X_CFLAGS"
-	krb_cv_sys_x_libs_rpath=""
-	krb_cv_sys_x_libs=""
-	for rflag in "" "-R" "-R " "-rpath "; do
-		if test "$rflag" = ""; then
-			foo="$X_LIBS"
-		else
-			foo=""
-			for flag in $X_LIBS; do
-			case $flag in
-			-L*)
-				foo="$foo $flag `echo $flag | sed \"s/-L/$rflag/\"`"
-				;;
-			*)
-				foo="$foo $flag"
-				;;
-			esac
-			done
-		fi
-		LIBS="$ac_save_libs $foo $X_PRE_LIBS -lX11 $X_EXTRA_LIBS"
-		AC_RUN_IFELSE([
-		#include <X11/Xlib.h>
-		foo(void)
-		{
-		XOpenDisplay(NULL);
-		}
-		main(int argc, char **argv)
-		{
-		return 0;
-		}
-		],krb_cv_sys_x_libs_rpath="$rflag"; krb_cv_sys_x_libs="$foo"; break,:,
-		krb_cv_sys_x_libs_rpath="" ; krb_cv_sys_x_libs="" ; break)
-	done
-	LIBS="$ac_save_libs"
-	CFLAGS="$ac_save_cflags"
-	])
-	X_LIBS="$krb_cv_sys_x_libs"
-fi
-])
diff --git a/crypto/heimdal/cf/check-xau.m4 b/crypto/heimdal/cf/check-xau.m4
deleted file mode 100644
index 4d416fd19ac6..000000000000
--- a/crypto/heimdal/cf/check-xau.m4
+++ /dev/null
@@ -1,64 +0,0 @@
-dnl $Id: check-xau.m4 15454 2005-06-16 21:02:16Z lha $
-dnl
-dnl check for Xau{Read,Write}Auth and XauFileName
-dnl
-AC_DEFUN([AC_CHECK_XAU],[
-save_CFLAGS="$CFLAGS"
-CFLAGS="$X_CFLAGS $CFLAGS"
-save_LIBS="$LIBS"
-dnl LIBS="$X_LIBS $X_PRE_LIBS $X_EXTRA_LIBS $LIBS"
-LIBS="$X_PRE_LIBS $X_EXTRA_LIBS $LIBS"
-save_LDFLAGS="$LDFLAGS"
-LDFLAGS="$LDFLAGS $X_LIBS"
-
-## check for XauWriteAuth first, so we detect the case where
-## XauReadAuth is in -lX11, but XauWriteAuth is only in -lXau this
-## could be done by checking for XauReadAuth in -lXau first, but this
-## breaks in IRIX 6.5
-
-AC_FIND_FUNC_NO_LIBS(XauWriteAuth, X11 Xau,[#include <X11/Xauth.h>],[0,0])
-ac_xxx="$LIBS"
-LIBS="$LIB_XauWriteAuth $LIBS"
-AC_FIND_FUNC_NO_LIBS(XauReadAuth, X11 Xau,[#include <X11/Xauth.h>],[0])
-LIBS="$LIB_XauReadAauth $LIBS"
-AC_FIND_FUNC_NO_LIBS(XauFileName, X11 Xau,[#include <X11/Xauth.h>])
-LIBS="$ac_xxx"
-
-## set LIB_XauReadAuth to union of these tests, since this is what the
-## Makefiles are using
-case "$ac_cv_funclib_XauWriteAuth" in
-yes)	;;
-no)	;;
-*)	if test "$ac_cv_funclib_XauReadAuth" = yes; then
-		if test "$ac_cv_funclib_XauFileName" = yes; then
-			LIB_XauReadAuth="$LIB_XauWriteAuth"
-		else
-			LIB_XauReadAuth="$LIB_XauWriteAuth $LIB_XauFileName"
-		fi
-	else
-		if test "$ac_cv_funclib_XauFileName" = yes; then
-			LIB_XauReadAuth="$LIB_XauReadAuth $LIB_XauWriteAuth"
-		else
-			LIB_XauReadAuth="$LIB_XauReadAuth $LIB_XauWriteAuth $LIB_XauFileName"
-		fi
-	fi
-	;;
-esac
-
-if test "$AUTOMAKE" != ""; then
-	AM_CONDITIONAL(NEED_WRITEAUTH, test "$ac_cv_func_XauWriteAuth" != "yes")
-else
-	AC_SUBST(NEED_WRITEAUTH_TRUE)
-	AC_SUBST(NEED_WRITEAUTH_FALSE)
-	if test "$ac_cv_func_XauWriteAuth" != "yes"; then
-		NEED_WRITEAUTH_TRUE=
-		NEED_WRITEAUTH_FALSE='#'
-	else
-		NEED_WRITEAUTH_TRUE='#'
-		NEED_WRITEAUTH_FALSE=
-	fi
-fi
-CFLAGS=$save_CFLAGS
-LIBS=$save_LIBS
-LDFLAGS=$save_LDFLAGS
-])
diff --git a/crypto/heimdal/cf/crypto.m4 b/crypto/heimdal/cf/crypto.m4
deleted file mode 100644
index 69b2fc963c31..000000000000
--- a/crypto/heimdal/cf/crypto.m4
+++ /dev/null
@@ -1,177 +0,0 @@
-dnl $Id: crypto.m4 22080 2007-11-16 11:10:54Z lha $
-dnl
-dnl test for crypto libraries:
-dnl - libcrypto (from openssl)
-dnl - own-built libhcrypto
-
-m4_define([test_headers], [
-		#undef KRB5 /* makes md4.h et al unhappy */
-		#ifdef HAVE_OPENSSL
-		#ifdef HAVE_SYS_TYPES_H
-		#include <sys/types.h>
-		#endif
-		#include <openssl/evp.h>
-		#include <openssl/md4.h>
-		#include <openssl/md5.h>
-		#include <openssl/sha.h>
-		#include <openssl/des.h>
-		#include <openssl/rc4.h>
-		#include <openssl/aes.h>
-		#include <openssl/engine.h>
-		#include <openssl/ui.h>
-		#include <openssl/rand.h>
-		#include <openssl/hmac.h>
-		#include <openssl/pkcs12.h>
-		#else
-		#include <hcrypto/evp.h>
-		#include <hcrypto/md4.h>
-		#include <hcrypto/md5.h>
-		#include <hcrypto/sha.h>
-		#include <hcrypto/des.h>
-		#include <hcrypto/rc4.h>
-		#include <hcrypto/aes.h>
-		#include <hcrypto/engine.h>
-		#include <hcrypto/hmac.h>
-		#include <hcrypto/pkcs12.h>
-		#endif
-		])
-m4_define([test_body], [
-		void *schedule = 0;
-		MD4_CTX md4;
-		MD5_CTX md5;
-		SHA_CTX sha1;
-		SHA256_CTX sha256;
-
-		MD4_Init(&md4);
-		MD5_Init(&md5);
-		SHA1_Init(&sha1);
-		SHA256_Init(&sha256);
-		EVP_CIPHER_iv_length(((EVP_CIPHER*)0));
-		#ifdef HAVE_OPENSSL
-		RAND_status();
-		UI_UTIL_read_pw_string(0,0,0,0);
-		#endif
-
-		OpenSSL_add_all_algorithms();
-		AES_encrypt(0,0,0);
-		DES_cbc_encrypt(0, 0, 0, schedule, 0, 0);
-		RC4(0, 0, 0, 0);])
-
-
-AC_DEFUN([KRB_CRYPTO],[
-crypto_lib=unknown
-AC_WITH_ALL([openssl])
-
-DIR_hcrypto=
-
-AC_MSG_CHECKING([for crypto library])
-
-openssl=no
-
-if test "$crypto_lib" = "unknown" -a "$with_krb4" != "no"; then
-	save_CPPFLAGS="$CPPFLAGS"
-	save_LIBS="$LIBS"
-
-	cdirs= clibs=
-	for i in $LIB_krb4; do
-		case "$i" in
-		-L*) cdirs="$cdirs $i";;
-		-l*) clibs="$clibs $i";;
-		esac
-	done
-
-	ires=
-	for i in $INCLUDE_krb4; do
-		CFLAGS="-DHAVE_OPENSSL $i $save_CFLAGS"
-		for j in $cdirs; do
-			for k in $clibs; do
-				LIBS="$j $k $save_LIBS"
-				AC_LINK_IFELSE([AC_LANG_PROGRAM([test_headers],
-						[test_body])],
-					[openssl=yes ires="$i" lres="$j $k"; break 3])
-			done
-		done
-		CFLAGS="$i $save_CFLAGS"
-		for j in $cdirs; do
-			for k in $clibs; do
-				LIBS="$j $k $save_LIBS"
-				AC_LINK_IFELSE([AC_LANG_PROGRAM([test_headers],[test_body])],
-					[openssl=no ires="$i" lres="$j $k"; break 3])
-			done
-		done
-	done
-		
-	CFLAGS="$save_CFLAGS"
-	LIBS="$save_LIBS"
-	if test "$ires" -a "$lres"; then
-		INCLUDE_hcrypto="$ires"
-		LIB_hcrypto="$lres"
-		crypto_lib=krb4
-		AC_MSG_RESULT([same as krb4])
-		LIB_hcrypto_a='$(LIB_hcrypto)'
-		LIB_hcrypto_so='$(LIB_hcrypto)'
-		LIB_hcrypto_appl='$(LIB_hcrypto)'
-	fi
-fi
-
-if test "$crypto_lib" = "unknown" -a "$with_openssl" != "no"; then
-	save_CFLAGS="$CFLAGS"
-	save_LIBS="$LIBS"
-	INCLUDE_hcrypto=
-	LIB_hcrypto=
-	if test "$with_openssl_include" != ""; then
-		INCLUDE_hcrypto="-I${with_openssl_include}"
-	fi
-	if test "$with_openssl_lib" != ""; then
-		LIB_hcrypto="-L${with_openssl_lib}"
-	fi
-	CFLAGS="-DHAVE_OPENSSL ${INCLUDE_hcrypto} ${CFLAGS}"
-	saved_LIB_hcrypto="$LIB_hcrypto"
-	for lres in "" "-ldl" "-lnsl -lsocket" "-lnsl -lsocket -ldl"; do
-		LIB_hcrypto="${saved_LIB_hcrypto} -lcrypto $lres"
-		LIB_hcrypto_a="$LIB_hcrypto"
-		LIB_hcrypto_so="$LIB_hcrypto"
-		LIB_hcrypto_appl="$LIB_hcrypto"
-		LIBS="${LIBS} ${LIB_hcrypto}"
-		AC_LINK_IFELSE([AC_LANG_PROGRAM([test_headers],[test_body])], [
-			crypto_lib=libcrypto openssl=yes
-			AC_MSG_RESULT([libcrypto])
-		])
-		if test "$crypto_lib" = libcrypto ; then
-			break;
-		fi
-	done
-	CFLAGS="$save_CFLAGS"
-	LIBS="$save_LIBS"
-fi
-
-if test "$crypto_lib" = "unknown"; then
-
-  DIR_hcrypto='hcrypto'
-  LIB_hcrypto='$(top_builddir)/lib/hcrypto/libhcrypto.la'
-  LIB_hcrypto_a='$(top_builddir)/lib/hcrypto/.libs/libhcrypto.a'
-  LIB_hcrypto_so='$(top_builddir)/lib/hcrypto/.libs/libhcrypto.so'
-  LIB_hcrypto_appl="-lhcrypto"
-
-  AC_MSG_RESULT([included libhcrypto])
-
-fi
-
-if test "$with_krb4" != no -a "$crypto_lib" != krb4; then
-	AC_MSG_ERROR([the crypto library used by krb4 lacks features
-required by Kerberos 5; to continue, you need to install a newer 
-Kerberos 4 or configure --without-krb4])
-fi
-
-if test "$openssl" = "yes"; then
-  AC_DEFINE([HAVE_OPENSSL], 1, [define to use openssl's libcrypto])
-fi
-AM_CONDITIONAL(HAVE_OPENSSL, test "$openssl" = yes)dnl
-
-AC_SUBST(DIR_hcrypto)
-AC_SUBST(INCLUDE_hcrypto)
-AC_SUBST(LIB_hcrypto)
-AC_SUBST(LIB_hcrypto_a)
-AC_SUBST(LIB_hcrypto_so)
-AC_SUBST(LIB_hcrypto_appl)
-])
diff --git a/crypto/heimdal/cf/db.m4 b/crypto/heimdal/cf/db.m4
deleted file mode 100644
index cc8b8cae40e9..000000000000
--- a/crypto/heimdal/cf/db.m4
+++ /dev/null
@@ -1,211 +0,0 @@
-dnl $Id: db.m4 15456 2005-06-16 21:04:43Z lha $
-dnl
-dnl tests for various db libraries
-dnl
-AC_DEFUN([rk_DB],[
-AC_ARG_ENABLE(berkeley-db,
-                       AS_HELP_STRING([--disable-berkeley-db],
-                                      [if you don't want berkeley db]),[
-])
-
-AC_ARG_ENABLE(ndbm-db,
-                       AS_HELP_STRING([--disable-ndbm-db],
-                                      [if you don't want ndbm db]),[
-])
-
-have_ndbm=no
-db_type=unknown
-
-if test "$enable_berkeley_db" != no; then
-
-  AC_CHECK_HEADERS([				\
-	db4/db.h				\
-	db3/db.h				\
-	db.h					\
-	db_185.h				\
-  ])
-
-dnl db_create is used by db3 and db4
-
-  AC_FIND_FUNC_NO_LIBS(db_create, db4 db3 db, [
-  #include <stdio.h>
-  #ifdef HAVE_DB4_DB_H
-  #include <db4/db.h>
-  #elif defined(HAVE_DB3_DB_H)
-  #include <db3/db.h>
-  #else
-  #include <db.h>
-  #endif
-  ],[NULL, NULL, 0])
-
-  if test "$ac_cv_func_db_create" = "yes"; then
-    db_type=db3
-    if test "$ac_cv_funclib_db_create" != "yes"; then
-      DBLIB="$ac_cv_funclib_db_create"
-    else
-      DBLIB=""
-    fi
-    AC_DEFINE(HAVE_DB3, 1, [define if you have a berkeley db3/4 library])
-  else
-
-dnl dbopen is used by db1/db2
-
-    AC_FIND_FUNC_NO_LIBS(dbopen, db2 db, [
-    #include <stdio.h>
-    #if defined(HAVE_DB2_DB_H)
-    #include <db2/db.h>
-    #elif defined(HAVE_DB_185_H)
-    #include <db_185.h>
-    #elif defined(HAVE_DB_H)
-    #include <db.h>
-    #else
-    #error no db.h
-    #endif
-    ],[NULL, 0, 0, 0, NULL])
-
-    if test "$ac_cv_func_dbopen" = "yes"; then
-      db_type=db1
-      if test "$ac_cv_funclib_dbopen" != "yes"; then
-        DBLIB="$ac_cv_funclib_dbopen"
-      else
-        DBLIB=""
-      fi
-      AC_DEFINE(HAVE_DB1, 1, [define if you have a berkeley db1/2 library])
-    fi
-  fi
-
-dnl test for ndbm compatability
-
-  if test "$ac_cv_func_dbm_firstkey" != yes; then
-    AC_FIND_FUNC_NO_LIBS2(dbm_firstkey, $ac_cv_funclib_dbopen $ac_cv_funclib_db_create, [
-    #include <stdio.h>
-    #define DB_DBM_HSEARCH 1
-    #include <db.h>
-    DBM *dbm;
-    ],[NULL])
-  
-    if test "$ac_cv_func_dbm_firstkey" = "yes"; then
-      if test "$ac_cv_funclib_dbm_firstkey" != "yes"; then
-        LIB_NDBM="$ac_cv_funclib_dbm_firstkey"
-      else
-        LIB_NDBM=""
-      fi
-      AC_DEFINE(HAVE_DB_NDBM, 1, [define if you have ndbm compat in db])
-      AC_DEFINE(HAVE_NEW_DB, 1, [Define if NDBM really is DB (creates files *.db)])
-    else
-      $as_unset ac_cv_func_dbm_firstkey
-      $as_unset ac_cv_funclib_dbm_firstkey
-    fi
-  fi
-
-fi # berkeley db
-
-if test "$enable_ndbm_db" != "no"; then
-
-  if test "$db_type" = "unknown" -o "$ac_cv_func_dbm_firstkey" = ""; then
-
-    AC_CHECK_HEADERS([				\
-  	dbm.h					\
-  	ndbm.h					\
-    ])
-  
-    AC_FIND_FUNC_NO_LIBS(dbm_firstkey, ndbm, [
-    #include <stdio.h>
-    #if defined(HAVE_NDBM_H)
-    #include <ndbm.h>
-    #elif defined(HAVE_DBM_H)
-    #include <dbm.h>
-    #endif
-    DBM *dbm;
-    ],[NULL])
-  
-    if test "$ac_cv_func_dbm_firstkey" = "yes"; then
-      if test "$ac_cv_funclib_dbm_firstkey" != "yes"; then
-        LIB_NDBM="$ac_cv_funclib_dbm_firstkey"
-      else
-        LIB_NDBM=""
-      fi
-      AC_DEFINE(HAVE_NDBM, 1, [define if you have a ndbm library])dnl
-      have_ndbm=yes
-      if test "$db_type" = "unknown"; then
-        db_type=ndbm
-        DBLIB="$LIB_NDBM"
-      fi
-    else
-  
-      $as_unset ac_cv_func_dbm_firstkey
-      $as_unset ac_cv_funclib_dbm_firstkey
-  
-      AC_CHECK_HEADERS([				\
-  	  gdbm/ndbm.h				\
-      ])
-  
-      AC_FIND_FUNC_NO_LIBS(dbm_firstkey, gdbm, [
-      #include <stdio.h>
-      #include <gdbm/ndbm.h>
-      DBM *dbm;
-      ],[NULL])
-  
-      if test "$ac_cv_func_dbm_firstkey" = "yes"; then
-        if test "$ac_cv_funclib_dbm_firstkey" != "yes"; then
-  	LIB_NDBM="$ac_cv_funclib_dbm_firstkey"
-        else
-  	LIB_NDBM=""
-        fi
-        AC_DEFINE(HAVE_NDBM, 1, [define if you have a ndbm library])dnl
-        have_ndbm=yes
-        if test "$db_type" = "unknown"; then
-  	db_type=ndbm
-  	DBLIB="$LIB_NDBM"
-        fi
-      fi
-    fi
-  fi #enable_ndbm_db
-fi # unknown
-
-if test "$have_ndbm" = "yes"; then
-  AC_MSG_CHECKING([if ndbm is implemented with db])
-  AC_RUN_IFELSE([AC_LANG_SOURCE([[
-#include <unistd.h>
-#include <fcntl.h>
-#if defined(HAVE_GDBM_NDBM_H)
-#include <gdbm/ndbm.h>
-#elif defined(HAVE_NDBM_H)
-#include <ndbm.h>
-#elif defined(HAVE_DBM_H)
-#include <dbm.h>
-#endif
-int main(int argc, char **argv)
-{
-  DBM *d;
-
-  d = dbm_open("conftest", O_RDWR | O_CREAT, 0666);
-  if (d == NULL)
-    return 1;
-  dbm_close(d);
-  return 0;
-}]])],[
-    if test -f conftest.db; then
-      AC_MSG_RESULT([yes])
-      AC_DEFINE(HAVE_NEW_DB, 1, [Define if NDBM really is DB (creates files *.db)])
-    else
-      AC_MSG_RESULT([no])
-    fi],[AC_MSG_RESULT([no])])
-fi
-
-AM_CONDITIONAL(HAVE_DB1, test "$db_type" = db1)dnl
-AM_CONDITIONAL(HAVE_DB3, test "$db_type" = db3)dnl
-AM_CONDITIONAL(HAVE_NDBM, test "$db_type" = ndbm)dnl
-
-## it's probably not correct to include LDFLAGS here, but we might
-## need it, for now just add any possible -L
-z=""
-for i in $LDFLAGS; do
-	case "$i" in
-	-L*) z="$z $i";;
-	esac
-done
-DBLIB="$z $DBLIB"
-AC_SUBST(DBLIB)dnl
-AC_SUBST(LIB_NDBM)dnl
-])
diff --git a/crypto/heimdal/cf/destdirs.m4 b/crypto/heimdal/cf/destdirs.m4
deleted file mode 100644
index 6b75f655fb07..000000000000
--- a/crypto/heimdal/cf/destdirs.m4
+++ /dev/null
@@ -1,18 +0,0 @@
-dnl
-dnl $Id: destdirs.m4 11082 2002-08-12 15:12:50Z joda $
-dnl
-
-AC_DEFUN([rk_DESTDIRS], [
-# This is done by AC_OUTPUT but we need the result here.
-test "x$prefix" = xNONE && prefix=$ac_default_prefix
-test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
-
-AC_FOREACH([rk_dir], [bin lib libexec localstate sbin sysconf], [
-	x="${rk_dir[]dir}"
-	eval y="$x"
-	while test "x$y" != "x$x"; do
-		x="$y"
-		eval y="$x"
-	done
-	AC_DEFINE_UNQUOTED(AS_TR_CPP(rk_dir[]dir), "$x", [path to ]rk_dir[])])
-])
diff --git a/crypto/heimdal/cf/dlopen.m4 b/crypto/heimdal/cf/dlopen.m4
deleted file mode 100644
index 310ca556b4d1..000000000000
--- a/crypto/heimdal/cf/dlopen.m4
+++ /dev/null
@@ -1,11 +0,0 @@
-dnl
-dnl $Id: dlopen.m4 15433 2005-06-16 19:40:59Z lha $
-dnl
-
-AC_DEFUN([rk_DLOPEN], [
-	AC_FIND_FUNC_NO_LIBS(dlopen, dl,[
-#ifdef HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif],[0,0])
-	AM_CONDITIONAL(HAVE_DLOPEN, test "$ac_cv_funclib_dlopen" != no)
-])
diff --git a/crypto/heimdal/cf/find-func-no-libs.m4 b/crypto/heimdal/cf/find-func-no-libs.m4
deleted file mode 100644
index 76965a84ee8a..000000000000
--- a/crypto/heimdal/cf/find-func-no-libs.m4
+++ /dev/null
@@ -1,9 +0,0 @@
-dnl $Id: find-func-no-libs.m4 13338 2004-02-12 14:21:14Z lha $
-dnl
-dnl
-dnl Look for function in any of the specified libraries
-dnl
-
-dnl AC_FIND_FUNC_NO_LIBS(func, libraries, includes, arguments, extra libs, extra args)
-AC_DEFUN([AC_FIND_FUNC_NO_LIBS], [
-AC_FIND_FUNC_NO_LIBS2([$1], ["" $2], [$3], [$4], [$5], [$6])])
diff --git a/crypto/heimdal/cf/find-func-no-libs2.m4 b/crypto/heimdal/cf/find-func-no-libs2.m4
deleted file mode 100644
index 617a09e8da1b..000000000000
--- a/crypto/heimdal/cf/find-func-no-libs2.m4
+++ /dev/null
@@ -1,63 +0,0 @@
-dnl $Id: find-func-no-libs2.m4 14166 2004-08-26 12:35:42Z joda $
-dnl
-dnl
-dnl Look for function in any of the specified libraries
-dnl
-
-dnl AC_FIND_FUNC_NO_LIBS2(func, libraries, includes, arguments, extra libs, extra args)
-AC_DEFUN([AC_FIND_FUNC_NO_LIBS2], [
-
-AC_MSG_CHECKING([for $1])
-AC_CACHE_VAL(ac_cv_funclib_$1,
-[
-if eval "test \"\$ac_cv_func_$1\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in $2; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS="$6 $ac_lib $5 $ac_save_LIBS"
-		AC_LINK_IFELSE([AC_LANG_PROGRAM([[$3]],[[$1($4)]])],[eval "if test -n \"$ac_lib\";then ac_cv_funclib_$1=$ac_lib; else ac_cv_funclib_$1=yes; fi";break])
-	done
-	eval "ac_cv_funclib_$1=\${ac_cv_funclib_$1-no}"
-	LIBS="$ac_save_LIBS"
-fi
-])
-
-eval "ac_res=\$ac_cv_funclib_$1"
-
-if false; then
-	AC_CHECK_FUNCS($1)
-dnl	AC_CHECK_LIBS($2, foo)
-fi
-# $1
-eval "ac_tr_func=HAVE_[]upcase($1)"
-eval "ac_tr_lib=HAVE_LIB[]upcase($ac_res | sed -e 's/-l//')"
-eval "LIB_$1=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_$1=yes"
-	eval "LIB_$1="
-	AC_DEFINE_UNQUOTED($ac_tr_func)
-	AC_MSG_RESULT([yes])
-	;;
-	no)
-	eval "ac_cv_func_$1=no"
-	eval "LIB_$1="
-	AC_MSG_RESULT([no])
-	;;
-	*)
-	eval "ac_cv_func_$1=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	AC_DEFINE_UNQUOTED($ac_tr_func)
-	AC_DEFINE_UNQUOTED($ac_tr_lib)
-	AC_MSG_RESULT([yes, in $ac_res])
-	;;
-esac
-AC_SUBST(LIB_$1)
-])
diff --git a/crypto/heimdal/cf/find-func.m4 b/crypto/heimdal/cf/find-func.m4
deleted file mode 100644
index 2354f38e5e4b..000000000000
--- a/crypto/heimdal/cf/find-func.m4
+++ /dev/null
@@ -1,9 +0,0 @@
-dnl $Id: find-func.m4 13338 2004-02-12 14:21:14Z lha $
-dnl
-dnl AC_FIND_FUNC(func, libraries, includes, arguments)
-AC_DEFUN([AC_FIND_FUNC], [
-AC_FIND_FUNC_NO_LIBS([$1], [$2], [$3], [$4])
-if test -n "$LIB_$1"; then
-	LIBS="$LIB_$1 $LIBS"
-fi
-])
diff --git a/crypto/heimdal/cf/find-if-not-broken.m4 b/crypto/heimdal/cf/find-if-not-broken.m4
deleted file mode 100644
index 3e946385c50a..000000000000
--- a/crypto/heimdal/cf/find-if-not-broken.m4
+++ /dev/null
@@ -1,12 +0,0 @@
-dnl $Id: find-if-not-broken.m4 13338 2004-02-12 14:21:14Z lha $
-dnl
-dnl
-dnl Mix between AC_FIND_FUNC and AC_BROKEN
-dnl
-
-AC_DEFUN([AC_FIND_IF_NOT_BROKEN],
-[AC_FIND_FUNC([$1], [$2], [$3], [$4])
-if eval "test \"$ac_cv_func_$1\" != yes"; then 
-	rk_LIBOBJ([$1])
-fi
-])
diff --git a/crypto/heimdal/cf/framework-security.m4 b/crypto/heimdal/cf/framework-security.m4
deleted file mode 100644
index 3358292f4e6b..000000000000
--- a/crypto/heimdal/cf/framework-security.m4
+++ /dev/null
@@ -1,31 +0,0 @@
-AC_DEFUN([rk_FRAMEWORK_SECURITY], [
-
-AC_MSG_CHECKING([for framework security])
-AC_CACHE_VAL(rk_cv_framework_security,
-[
-if test "$rk_cv_framework_security" != yes; then
-	ac_save_LIBS="$LIBS"
-	LIBS="$ac_save_LIBS -framework Security -framework CoreFoundation"
-	AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <Security/Security.h>
-]],
-[[SecKeychainSearchRef searchRef;
-SecKeychainSearchCreateFromAttributes(NULL,kSecCertificateItemClass,NULL, &searchRef);
-CFRelease(&searchRef);
-]])],[rk_cv_framework_security=yes])
-	LIBS="$ac_save_LIBS"
-fi
-])
-
-if test "$rk_cv_framework_security" = yes; then
-   AC_DEFINE(HAVE_FRAMEWORK_SECURITY, 1, [Have -framework Security])
-   AC_MSG_RESULT(yes)
-else
-   AC_MSG_RESULT(no)
-fi
-AM_CONDITIONAL(FRAMEWORK_SECURITY, test "$rk_cv_framework_security" = yes)
-
-if test "$rk_cv_framework_security" = yes; then
-   AC_NEED_PROTO([#include <Security/Security.h>],SecKeyGetCSPHandle)
-fi
-
-])
diff --git a/crypto/heimdal/cf/have-pragma-weak.m4 b/crypto/heimdal/cf/have-pragma-weak.m4
deleted file mode 100644
index 32b7a67da149..000000000000
--- a/crypto/heimdal/cf/have-pragma-weak.m4
+++ /dev/null
@@ -1,37 +0,0 @@
-dnl $Id: have-pragma-weak.m4 15435 2005-06-16 19:45:52Z lha $
-dnl
-AC_DEFUN([AC_HAVE_PRAGMA_WEAK], [
-if test "${enable_shared}" = "yes"; then
-AC_MSG_CHECKING(for pragma weak)
-AC_CACHE_VAL(ac_have_pragma_weak, [
-ac_have_pragma_weak=no
-cat > conftest_foo.$ac_ext <<'EOF'
-[#]line __oline__ "configure"
-#include "confdefs.h"
-#pragma weak foo = _foo
-int _foo = 17;
-EOF
-cat > conftest_bar.$ac_ext <<'EOF'
-[#]line __oline__ "configure"
-#include "confdefs.h"
-extern int foo;
-
-int t(void) {
-  return foo;
-}
-
-int main(int argc, char **argv) {
-  return t();
-}
-EOF
-if AC_TRY_EVAL('CC -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest_foo.$ac_ext conftest_bar.$ac_ext 1>&AC_FD_CC'); then
-ac_have_pragma_weak=yes
-fi
-rm -rf conftest*
-])
-if test "$ac_have_pragma_weak" = "yes"; then
-	AC_DEFINE(HAVE_PRAGMA_WEAK, 1, [Define this if your compiler supports \`#pragma weak.'])dnl
-fi
-AC_MSG_RESULT($ac_have_pragma_weak)
-fi
-])
diff --git a/crypto/heimdal/cf/have-struct-field.m4 b/crypto/heimdal/cf/have-struct-field.m4
deleted file mode 100644
index 8618bc073482..000000000000
--- a/crypto/heimdal/cf/have-struct-field.m4
+++ /dev/null
@@ -1,21 +0,0 @@
-dnl $Id: have-struct-field.m4 18314 2006-10-07 17:31:56Z lha $
-dnl
-dnl check for fields in a structure
-dnl
-dnl AC_HAVE_STRUCT_FIELD(struct, field, headers)
-
-AC_DEFUN([AC_HAVE_STRUCT_FIELD], [
-define(cache_val, translit(ac_cv_type_$1_$2, [A-Z ], [a-z_]))
-AC_CACHE_CHECK([for $2 in $1], cache_val,[
-AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[$3]],
-	[[$1 x; memset(&x, 0, sizeof(x)); x.$2]])],
-	[cache_val=yes],
-	[cache_val=no])
-])
-if test "$cache_val" = yes; then
-	define(foo, translit(HAVE_$1_$2, [a-z ], [A-Z_]))
-	AC_DEFINE(foo, 1, [Define if $1 has field $2.])
-	undefine([foo])
-fi
-undefine([cache_val])
-])
diff --git a/crypto/heimdal/cf/have-type.m4 b/crypto/heimdal/cf/have-type.m4
deleted file mode 100644
index 34d5befbb602..000000000000
--- a/crypto/heimdal/cf/have-type.m4
+++ /dev/null
@@ -1,30 +0,0 @@
-dnl $Id: have-type.m4 14166 2004-08-26 12:35:42Z joda $
-dnl
-dnl check for existance of a type
-
-dnl AC_HAVE_TYPE(TYPE,INCLUDES)
-AC_DEFUN([AC_HAVE_TYPE], [
-AC_REQUIRE([AC_HEADER_STDC])
-cv=`echo "$1" | sed 'y%./+- %__p__%'`
-AC_MSG_CHECKING(for $1)
-AC_CACHE_VAL([ac_cv_type_$cv],
-AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
-#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-$2]],
-[[$1 foo;]])],
-[eval "ac_cv_type_$cv=yes"],
-[eval "ac_cv_type_$cv=no"]))dnl
-ac_foo=`eval echo \\$ac_cv_type_$cv`
-AC_MSG_RESULT($ac_foo)
-if test "$ac_foo" = yes; then
-  ac_tr_hdr=HAVE_`echo $1 | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
-if false; then
-	AC_CHECK_TYPES($1)
-fi
-  AC_DEFINE_UNQUOTED($ac_tr_hdr, 1, [Define if you have type `$1'])
-fi
-])
diff --git a/crypto/heimdal/cf/have-types.m4 b/crypto/heimdal/cf/have-types.m4
deleted file mode 100644
index 79ceb97e40f8..000000000000
--- a/crypto/heimdal/cf/have-types.m4
+++ /dev/null
@@ -1,12 +0,0 @@
-dnl
-dnl $Id: have-types.m4 13338 2004-02-12 14:21:14Z lha $
-dnl
-
-AC_DEFUN([AC_HAVE_TYPES], [
-for i in $1; do
-        AC_HAVE_TYPE($i)
-done
-if false;then
-	AC_CHECK_FUNCS($1)
-fi
-])
diff --git a/crypto/heimdal/cf/install-catman.sh b/crypto/heimdal/cf/install-catman.sh
deleted file mode 100755
index 872e1628070c..000000000000
--- a/crypto/heimdal/cf/install-catman.sh
+++ /dev/null
@@ -1,72 +0,0 @@
-#!/bin/sh
-#
-# $Id: install-catman.sh 20232 2007-02-16 11:03:13Z lha $
-#
-# install preformatted manual pages
-
-cmd="$1"; shift
-INSTALL_DATA="$1"; shift
-mkinstalldirs="$1"; shift
-srcdir="$1"; shift
-manbase="$1"; shift
-suffix="$1"; shift
-catinstall="${INSTALL_CATPAGES-yes}"
-
-for f in "$@"; do
-	base=`echo "$f" | sed 's/\(.*\)\.\([^.]*\)$/\1/'`
-	section=`echo "$f" | sed 's/\(.*\)\.\([^.]*\)$/\2/'`
-	mandir="$manbase/man$section"
-	catdir="$manbase/cat$section"
-	c="$base.cat$section"
-
-	if test "$catinstall" = yes -a -f "$srcdir/$c"; then
-		if test "$cmd" = install ; then
-			if test \! -d "$catdir"; then
-				eval "$mkinstalldirs $catdir"
-			fi
-			eval "echo $INSTALL_DATA $srcdir/$c $catdir/$base.$suffix"
-			eval "$INSTALL_DATA $srcdir/$c $catdir/$base.$suffix"
-		elif test "$cmd" = uninstall ; then
-			eval "echo rm -f $catdir/$base.$suffix"
-			eval "rm -f $catdir/$base.$suffix"
-		fi
-	fi
-	for link in `sed -n -e '/SYNOPSIS/q;/DESCRIPTION/q;s/^\.Nm \([^ ]*\).*/\1/p' $srcdir/$f`; do
-		if test "$link" = "$base" ; then
-			continue
-		fi
-		if test "$cmd" = install ; then
-			target="$mandir/$link.$section"
-			for lncmd in "ln -f $mandir/$base.$section $target" \
-				   "ln -s $base.$section $target" \
-				   "cp -f $mandir/$base.$section $target"
-			do
-				if eval "$lncmd"; then
-					eval echo "$lncmd"
-					break
-				fi
-			done
-			if test "$catinstall" = yes -a -f "$srcdir/$c"; then
-				target="$catdir/$link.$suffix"
-				for lncmd in "ln -f $catdir/$base.$suffix $target" \
-					   "ln -fs $base.$suffix $target" \
-					   "cp -f $catdir/$base.$suffix $target"
-				do
-					if eval "$lncmd"; then
-						eval echo "$lncmd"
-						break
-					fi
-				done
-			fi
-		elif test "$cmd" = uninstall ; then
-			target="$mandir/$link.$section"
-			eval "echo rm -f $target"
-			eval "rm -f $target"
-			if test "$catinstall" = yes; then
-				target="$catdir/$link.$suffix"
-				eval "echo rm -f $target"
-				eval "rm -f $target"
-			fi
-		fi
-	done
-done
diff --git a/crypto/heimdal/cf/irix.m4 b/crypto/heimdal/cf/irix.m4
deleted file mode 100644
index 510b81f26bc0..000000000000
--- a/crypto/heimdal/cf/irix.m4
+++ /dev/null
@@ -1,26 +0,0 @@
-dnl
-dnl $Id: irix.m4 11267 2002-08-28 19:11:44Z joda $
-dnl
-
-AC_DEFUN([rk_IRIX],
-[
-irix=no
-case "$host" in
-*-*-irix4*) 
-	AC_DEFINE([IRIX4], 1,
-		[Define if you are running IRIX 4.])
-	irix=yes
-	;;
-*-*-irix*) 
-	irix=yes
-	;;
-esac
-AM_CONDITIONAL(IRIX, test "$irix" != no)dnl
-
-AH_BOTTOM([
-/* IRIX 4 braindamage */
-#if IRIX == 4 && !defined(__STDC__)
-#define __STDC__ 0
-#endif
-])
-])
diff --git a/crypto/heimdal/cf/krb-bigendian.m4 b/crypto/heimdal/cf/krb-bigendian.m4
deleted file mode 100644
index 30e1a799c511..000000000000
--- a/crypto/heimdal/cf/krb-bigendian.m4
+++ /dev/null
@@ -1,62 +0,0 @@
-dnl
-dnl $Id: krb-bigendian.m4 15456 2005-06-16 21:04:43Z lha $
-dnl
-
-dnl check if this computer is little or big-endian
-dnl if we can figure it out at compile-time then don't define the cpp symbol
-dnl otherwise test for it and define it.  also allow options for overriding
-dnl it when cross-compiling
-
-AC_DEFUN([KRB_C_BIGENDIAN], [
-AC_ARG_ENABLE(bigendian,
-	AS_HELP_STRING([--enable-bigendian],[the target is big endian]),
-krb_cv_c_bigendian=yes)
-AC_ARG_ENABLE(littleendian,
-	AS_HELP_STRING([--enable-littleendian],[the target is little endian]),
-krb_cv_c_bigendian=no)
-AC_CACHE_CHECK([whether byte order is known at compile time],
-krb_cv_c_bigendian_compile,
-[AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
-#include <sys/types.h>
-#include <sys/param.h>
-#if !BYTE_ORDER || !BIG_ENDIAN || !LITTLE_ENDIAN
- bogus endian macros
-#endif]])],[krb_cv_c_bigendian_compile=yes],[krb_cv_c_bigendian_compile=no])])
-AC_CACHE_CHECK(whether byte ordering is bigendian, krb_cv_c_bigendian,[
-  if test "$krb_cv_c_bigendian_compile" = "yes"; then
-    AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
-#include <sys/types.h>
-#include <sys/param.h>
-#if BYTE_ORDER != BIG_ENDIAN
-  not big endian
-#endif]])],[krb_cv_c_bigendian=yes],[krb_cv_c_bigendian=no])
-  else
-    AC_RUN_IFELSE([AC_LANG_SOURCE([[main (int argc, char **argv) {
-      /* Are we little or big endian?  From Harbison&Steele.  */
-      union
-      {
-	long l;
-	char c[sizeof (long)];
-    } u;
-    u.l = 1;
-    exit (u.c[sizeof (long) - 1] == 1);
-  }]])],[krb_cv_c_bigendian=no],[krb_cv_c_bigendian=yes],
-  [AC_MSG_ERROR([specify either --enable-bigendian or --enable-littleendian])])
-  fi
-])
-if test "$krb_cv_c_bigendian" = "yes"; then
-  AC_DEFINE(WORDS_BIGENDIAN, 1, [define if target is big endian])dnl
-fi
-if test "$krb_cv_c_bigendian_compile" = "yes"; then
-  AC_DEFINE(ENDIANESS_IN_SYS_PARAM_H, 1, [define if sys/param.h defines the endiness])dnl
-fi
-AH_BOTTOM([
-#if ENDIANESS_IN_SYS_PARAM_H
-#  include <sys/types.h>
-#  include <sys/param.h>
-#  if BYTE_ORDER == BIG_ENDIAN
-#  define WORDS_BIGENDIAN 1
-#  endif
-#endif
-])
-])
diff --git a/crypto/heimdal/cf/krb-func-getcwd-broken.m4 b/crypto/heimdal/cf/krb-func-getcwd-broken.m4
deleted file mode 100644
index 6ab4a268a47c..000000000000
--- a/crypto/heimdal/cf/krb-func-getcwd-broken.m4
+++ /dev/null
@@ -1,41 +0,0 @@
-dnl $Id: krb-func-getcwd-broken.m4 15455 2005-06-16 21:03:43Z lha $
-dnl
-dnl
-dnl test for broken getcwd in (SunOS braindamage)
-dnl
-
-AC_DEFUN([AC_KRB_FUNC_GETCWD_BROKEN], [
-if test "$ac_cv_func_getcwd" = yes; then
-AC_MSG_CHECKING(if getcwd is broken)
-AC_CACHE_VAL(ac_cv_func_getcwd_broken, [
-ac_cv_func_getcwd_broken=no
-
-AC_RUN_IFELSE([AC_LANG_SOURCE([[
-#include <errno.h>
-char *getcwd(char*, int);
-
-void *popen(char *cmd, char *mode)
-{
-	errno = ENOTTY;
-	return 0;
-}
-
-int main(int argc, char **argv)
-{
-	char *ret;
-	ret = getcwd(0, 1024);
-	if(ret == 0 && errno == ENOTTY)
-		return 0;
-	return 1;
-}
-]])], [ac_cv_func_getcwd_broken=yes],[:],[:])
-])
-if test "$ac_cv_func_getcwd_broken" = yes; then
-	AC_DEFINE(BROKEN_GETCWD, 1, [Define if getcwd is broken (like in SunOS 4).])dnl
-	AC_LIBOBJ(getcwd)
-	AC_MSG_RESULT($ac_cv_func_getcwd_broken)
-else
-	AC_MSG_RESULT([seems ok])
-fi
-fi
-])
diff --git a/crypto/heimdal/cf/krb-func-getlogin.m4 b/crypto/heimdal/cf/krb-func-getlogin.m4
deleted file mode 100644
index 03cecfcefe66..000000000000
--- a/crypto/heimdal/cf/krb-func-getlogin.m4
+++ /dev/null
@@ -1,22 +0,0 @@
-dnl
-dnl $Id: krb-func-getlogin.m4 13338 2004-02-12 14:21:14Z lha $
-dnl
-dnl test for POSIX (broken) getlogin
-dnl
-
-
-AC_DEFUN([AC_FUNC_GETLOGIN], [
-AC_CHECK_FUNCS(getlogin setlogin)
-if test "$ac_cv_func_getlogin" = yes; then
-AC_CACHE_CHECK(if getlogin is posix, ac_cv_func_getlogin_posix, [
-if test "$ac_cv_func_getlogin" = yes -a "$ac_cv_func_setlogin" = yes; then
-	ac_cv_func_getlogin_posix=no
-else
-	ac_cv_func_getlogin_posix=yes
-fi
-])
-if test "$ac_cv_func_getlogin_posix" = yes; then
-	AC_DEFINE(POSIX_GETLOGIN, 1, [Define if getlogin has POSIX flavour (and not BSD).])
-fi
-fi
-])
diff --git a/crypto/heimdal/cf/krb-ipv6.m4 b/crypto/heimdal/cf/krb-ipv6.m4
deleted file mode 100644
index ba0b00093fde..000000000000
--- a/crypto/heimdal/cf/krb-ipv6.m4
+++ /dev/null
@@ -1,149 +0,0 @@
-dnl $Id: krb-ipv6.m4 14166 2004-08-26 12:35:42Z joda $
-dnl
-dnl test for IPv6
-dnl
-AC_DEFUN([AC_KRB_IPV6], [
-AC_ARG_WITH(ipv6,
-	AS_HELP_STRING([--without-ipv6],[do not enable IPv6 support]),[
-if test "$withval" = "no"; then
-	ac_cv_lib_ipv6=no
-fi])
-save_CFLAGS="${CFLAGS}"
-AC_CACHE_CHECK([for IPv6 stack type], v6type,
-[dnl check for different v6 implementations (by itojun)
-v6type=unknown
-v6lib=none
-
-for i in v6d toshiba kame inria zeta linux; do
-	case $i in
-	v6d)
-		AC_EGREP_CPP(yes, [
-#include </usr/local/v6/include/sys/types.h>
-#ifdef __V6D__
-yes
-#endif],
-			[v6type=$i; v6lib=v6;
-			v6libdir=/usr/local/v6/lib;
-			CFLAGS="-I/usr/local/v6/include $CFLAGS"])
-		;;
-	toshiba)
-		AC_EGREP_CPP(yes, [
-#include <sys/param.h>
-#ifdef _TOSHIBA_INET6
-yes
-#endif],
-			[v6type=$i; v6lib=inet6;
-			v6libdir=/usr/local/v6/lib;
-			CFLAGS="-DINET6 $CFLAGS"])
-		;;
-	kame)
-		AC_EGREP_CPP(yes, [
-#include <netinet/in.h>
-#ifdef __KAME__
-yes
-#endif],
-			[v6type=$i; v6lib=inet6;
-			v6libdir=/usr/local/v6/lib;
-			CFLAGS="-DINET6 $CFLAGS"])
-		;;
-	inria)
-		AC_EGREP_CPP(yes, [
-#include <netinet/in.h>
-#ifdef IPV6_INRIA_VERSION
-yes
-#endif],
-			[v6type=$i; CFLAGS="-DINET6 $CFLAGS"])
-		;;
-	zeta)
-		AC_EGREP_CPP(yes, [
-#include <sys/param.h>
-#ifdef _ZETA_MINAMI_INET6
-yes
-#endif],
-			[v6type=$i; v6lib=inet6;
-			v6libdir=/usr/local/v6/lib;
-			CFLAGS="-DINET6 $CFLAGS"])
-		;;
-	linux)
-		if test -d /usr/inet6; then
-			v6type=$i
-			v6lib=inet6
-			v6libdir=/usr/inet6
-			CFLAGS="-DINET6 $CFLAGS"
-		fi
-		;;
-	esac
-	if test "$v6type" != "unknown"; then
-		break
-	fi
-done
-
-if test "$v6lib" != "none"; then
-	for dir in $v6libdir /usr/local/v6/lib /usr/local/lib; do
-		if test -d $dir -a -f $dir/lib$v6lib.a; then
-			LIBS="-L$dir -l$v6lib $LIBS"
-			break
-		fi
-	done
-fi
-])
-
-AC_CACHE_CHECK([for IPv6], ac_cv_lib_ipv6, [
-AC_LINK_IFELSE([AC_LANG_PROGRAM([[
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-]],
-[[
- struct sockaddr_in6 sin6;
- int s;
-
- s = socket(AF_INET6, SOCK_DGRAM, 0);
-
- sin6.sin6_family = AF_INET6;
- sin6.sin6_port = htons(17);
- sin6.sin6_addr = in6addr_any;
- bind(s, (struct sockaddr *)&sin6, sizeof(sin6));
-]])],
-[ac_cv_lib_ipv6=yes],
-[ac_cv_lib_ipv6=no])])
-if test "$ac_cv_lib_ipv6" = yes; then
-  AC_DEFINE(HAVE_IPV6, 1, [Define if you have IPv6.])
-else
-  CFLAGS="${save_CFLAGS}"
-fi
-
-## test for AIX missing in6addr_loopback
-if test "$ac_cv_lib_ipv6" = yes; then
-	AC_CACHE_CHECK([for in6addr_loopback],[ac_cv_var_in6addr_loopback],[
-	AC_LINK_IFELSE([AC_LANG_PROGRAM([[
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif]],[[
-struct sockaddr_in6 sin6;
-sin6.sin6_addr = in6addr_loopback;
-]])],[ac_cv_var_in6addr_loopback=yes],[ac_cv_var_in6addr_loopback=no])])
-	if test "$ac_cv_var_in6addr_loopback" = yes; then
-		AC_DEFINE(HAVE_IN6ADDR_LOOPBACK, 1, 
-			[Define if you have the in6addr_loopback variable])
-	fi
-fi
-])
-\ No newline at end of file
diff --git a/crypto/heimdal/cf/krb-prog-ln-s.m4 b/crypto/heimdal/cf/krb-prog-ln-s.m4
deleted file mode 100644
index e4bb7cad460a..000000000000
--- a/crypto/heimdal/cf/krb-prog-ln-s.m4
+++ /dev/null
@@ -1,28 +0,0 @@
-dnl $Id: krb-prog-ln-s.m4 13338 2004-02-12 14:21:14Z lha $
-dnl
-dnl
-dnl Better test for ln -s, ln or cp
-dnl
-
-AC_DEFUN([AC_KRB_PROG_LN_S],
-[AC_MSG_CHECKING(for ln -s or something else)
-AC_CACHE_VAL(ac_cv_prog_LN_S,
-[rm -f conftestdata
-if ln -s X conftestdata 2>/dev/null
-then
-  rm -f conftestdata
-  ac_cv_prog_LN_S="ln -s"
-else
-  touch conftestdata1
-  if ln conftestdata1 conftestdata2; then
-    rm -f conftestdata*
-    ac_cv_prog_LN_S=ln
-  else
-    ac_cv_prog_LN_S=cp
-  fi
-fi])dnl
-LN_S="$ac_cv_prog_LN_S"
-AC_MSG_RESULT($ac_cv_prog_LN_S)
-AC_SUBST(LN_S)dnl
-])
-
diff --git a/crypto/heimdal/cf/krb-prog-ranlib.m4 b/crypto/heimdal/cf/krb-prog-ranlib.m4
deleted file mode 100644
index 6a851a24da62..000000000000
--- a/crypto/heimdal/cf/krb-prog-ranlib.m4
+++ /dev/null
@@ -1,8 +0,0 @@
-dnl $Id: krb-prog-ranlib.m4 13338 2004-02-12 14:21:14Z lha $
-dnl
-dnl
-dnl Also look for EMXOMF for OS/2
-dnl
-
-AC_DEFUN([AC_KRB_PROG_RANLIB],
-[AC_CHECK_PROGS(RANLIB, ranlib EMXOMF, :)])
diff --git a/crypto/heimdal/cf/krb-prog-yacc.m4 b/crypto/heimdal/cf/krb-prog-yacc.m4
deleted file mode 100644
index 10203e453fe4..000000000000
--- a/crypto/heimdal/cf/krb-prog-yacc.m4
+++ /dev/null
@@ -1,12 +0,0 @@
-dnl $Id: krb-prog-yacc.m4 13338 2004-02-12 14:21:14Z lha $
-dnl
-dnl
-dnl We prefer byacc or yacc because they do not use `alloca'
-dnl
-
-AC_DEFUN([AC_KRB_PROG_YACC],
-[AC_CHECK_PROGS(YACC, byacc yacc 'bison -y')
-if test "$YACC" = ""; then
-  AC_MSG_WARN([yacc not found - some stuff will not build])
-fi
-])
diff --git a/crypto/heimdal/cf/krb-readline.m4 b/crypto/heimdal/cf/krb-readline.m4
deleted file mode 100644
index 61a50c5abacd..000000000000
--- a/crypto/heimdal/cf/krb-readline.m4
+++ /dev/null
@@ -1,39 +0,0 @@
-dnl $Id: krb-readline.m4 14166 2004-08-26 12:35:42Z joda $
-dnl
-dnl Tests for readline functions
-dnl
-
-dnl el_init
-
-AC_DEFUN([KRB_READLINE],[
-AC_FIND_FUNC_NO_LIBS(el_init, edit, [], [], [$LIB_tgetent])
-if test "$ac_cv_func_el_init" = yes ; then
-	AC_CACHE_CHECK(for four argument el_init, ac_cv_func_el_init_four,[
-		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <stdio.h>
-			#include <histedit.h>]],
-			[[el_init("", NULL, NULL, NULL);]])],
-			[ac_cv_func_el_init_four=yes],
-			[ac_cv_func_el_init_four=no])])
-	if test "$ac_cv_func_el_init_four" = yes; then
-		AC_DEFINE(HAVE_FOUR_VALUED_EL_INIT, 1, [Define if el_init takes four arguments.])
-	fi
-fi
-
-dnl readline
-
-ac_foo=no
-if test "$with_readline" = yes; then
-	:
-elif test "$ac_cv_func_readline" = yes; then
-	:
-elif test "$ac_cv_func_el_init" = yes; then
-	ac_foo=yes
-	LIB_readline="\$(top_builddir)/lib/editline/libel_compat.la \$(LIB_el_init) \$(LIB_tgetent)"
-else
-	LIB_readline="\$(top_builddir)/lib/editline/libeditline.la \$(LIB_tgetent)"
-fi
-AM_CONDITIONAL(el_compat, test "$ac_foo" = yes)
-AC_DEFINE(HAVE_READLINE, 1, 
-	[Define if you have a readline compatible library.])dnl
-
-])
diff --git a/crypto/heimdal/cf/krb-struct-spwd.m4 b/crypto/heimdal/cf/krb-struct-spwd.m4
deleted file mode 100644
index 17fb2a371cb3..000000000000
--- a/crypto/heimdal/cf/krb-struct-spwd.m4
+++ /dev/null
@@ -1,21 +0,0 @@
-dnl $Id: krb-struct-spwd.m4 14166 2004-08-26 12:35:42Z joda $
-dnl
-dnl Test for `struct spwd'
-
-AC_DEFUN([AC_KRB_STRUCT_SPWD], [
-AC_MSG_CHECKING(for struct spwd)
-AC_CACHE_VAL(ac_cv_struct_spwd, [
-AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
-#include <pwd.h>
-#ifdef HAVE_SHADOW_H
-#include <shadow.h>
-#endif]],[[struct spwd foo;]])],
-[ac_cv_struct_spwd=yes],
-[ac_cv_struct_spwd=no])
-])
-AC_MSG_RESULT($ac_cv_struct_spwd)
-
-if test "$ac_cv_struct_spwd" = "yes"; then
-  AC_DEFINE(HAVE_STRUCT_SPWD, 1, [define if you have struct spwd])
-fi
-])
diff --git a/crypto/heimdal/cf/krb-struct-winsize.m4 b/crypto/heimdal/cf/krb-struct-winsize.m4
deleted file mode 100644
index 06e5f5bb8e7e..000000000000
--- a/crypto/heimdal/cf/krb-struct-winsize.m4
+++ /dev/null
@@ -1,25 +0,0 @@
-dnl $Id: krb-struct-winsize.m4 13338 2004-02-12 14:21:14Z lha $
-dnl
-dnl
-dnl Search for struct winsize
-dnl
-
-AC_DEFUN([AC_KRB_STRUCT_WINSIZE], [
-AC_MSG_CHECKING(for struct winsize)
-AC_CACHE_VAL(ac_cv_struct_winsize, [
-ac_cv_struct_winsize=no
-for i in sys/termios.h sys/ioctl.h; do
-AC_EGREP_HEADER(
-struct[[ 	]]*winsize,dnl
-$i, ac_cv_struct_winsize=yes; break)dnl
-done
-])
-if test "$ac_cv_struct_winsize" = "yes"; then
-  AC_DEFINE(HAVE_STRUCT_WINSIZE, 1, [define if struct winsize is declared in sys/termios.h])
-fi
-AC_MSG_RESULT($ac_cv_struct_winsize)
-AC_EGREP_HEADER(ws_xpixel, termios.h, 
-	AC_DEFINE(HAVE_WS_XPIXEL, 1, [define if struct winsize has ws_xpixel]))
-AC_EGREP_HEADER(ws_ypixel, termios.h, 
-	AC_DEFINE(HAVE_WS_YPIXEL, 1, [define if struct winsize has ws_ypixel]))
-])
diff --git a/crypto/heimdal/cf/krb-sys-aix.m4 b/crypto/heimdal/cf/krb-sys-aix.m4
deleted file mode 100644
index 544e779181a5..000000000000
--- a/crypto/heimdal/cf/krb-sys-aix.m4
+++ /dev/null
@@ -1,15 +0,0 @@
-dnl $Id: krb-sys-aix.m4 13338 2004-02-12 14:21:14Z lha $
-dnl
-dnl
-dnl AIX have a very different syscall convention
-dnl
-AC_DEFUN([AC_KRB_SYS_AIX], [
-AC_MSG_CHECKING(for AIX)
-AC_CACHE_VAL(krb_cv_sys_aix,
-AC_EGREP_CPP(yes, 
-[#ifdef _AIX
-	yes
-#endif 
-], krb_cv_sys_aix=yes, krb_cv_sys_aix=no) )
-AC_MSG_RESULT($krb_cv_sys_aix)
-])
diff --git a/crypto/heimdal/cf/krb-sys-nextstep.m4 b/crypto/heimdal/cf/krb-sys-nextstep.m4
deleted file mode 100644
index dcf7e096c33e..000000000000
--- a/crypto/heimdal/cf/krb-sys-nextstep.m4
+++ /dev/null
@@ -1,18 +0,0 @@
-dnl $Id: krb-sys-nextstep.m4 13338 2004-02-12 14:21:14Z lha $
-dnl
-dnl NEXTSTEP is not posix compliant by default,
-dnl you need a switch -posix to the compiler
-dnl
-
-AC_DEFUN([rk_SYS_NEXTSTEP], [
-AC_CACHE_CHECK(for NeXTSTEP, rk_cv_sys_nextstep, [
-AC_EGREP_CPP(yes, 
-[#if defined(NeXT) && !defined(__APPLE__)
-	yes
-#endif 
-], rk_cv_sys_nextstep=yes, rk_cv_sys_nextstep=no)])
-if test "$rk_cv_sys_nextstep" = "yes"; then
-  CFLAGS="$CFLAGS -posix"
-  LIBS="$LIBS -posix"
-fi
-])
diff --git a/crypto/heimdal/cf/krb-version.m4 b/crypto/heimdal/cf/krb-version.m4
deleted file mode 100644
index 92d731f0438f..000000000000
--- a/crypto/heimdal/cf/krb-version.m4
+++ /dev/null
@@ -1,24 +0,0 @@
-dnl $Id: krb-version.m4 13338 2004-02-12 14:21:14Z lha $
-dnl
-dnl
-dnl output a C header-file with some version strings
-dnl
-
-AC_DEFUN([AC_KRB_VERSION],[
-cat > include/newversion.h.in <<FOOBAR
-const char *${PACKAGE_TARNAME}_long_version = "@(#)\$Version: $PACKAGE_STRING by @USER@ on @HOST@ ($host) @DATE@ \$";
-const char *${PACKAGE_TARNAME}_version = "$PACKAGE_STRING";
-FOOBAR
-
-if test -f include/version.h && cmp -s include/newversion.h.in include/version.h.in; then
-	echo "include/version.h is unchanged"
-	rm -f include/newversion.h.in
-else
- 	echo "creating include/version.h"
- 	User=${USER-${LOGNAME}}
- 	Host=`(hostname || uname -n) 2>/dev/null | sed 1q`
- 	Date=`date`
-	mv -f include/newversion.h.in include/version.h.in
-	sed -e "s/@USER@/$User/" -e "s/@HOST@/$Host/" -e "s/@DATE@/$Date/" include/version.h.in > include/version.h
-fi
-])
diff --git a/crypto/heimdal/cf/largefile.m4 b/crypto/heimdal/cf/largefile.m4
deleted file mode 100644
index 972ba9c44549..000000000000
--- a/crypto/heimdal/cf/largefile.m4
+++ /dev/null
@@ -1,16 +0,0 @@
-dnl $Id: largefile.m4 13768 2004-04-24 21:51:32Z joda $
-dnl
-dnl Figure out what flags we need for 64-bit file access, and also set
-dnl them on the command line.
-dnl
-AC_DEFUN([rk_SYS_LARGEFILE],[
-AC_REQUIRE([AC_SYS_LARGEFILE])dnl
-dnl need to set this on the command line, since it might otherwise break
-dnl with generated code, such as lex
-if test "$enable_largefile" != no -a "$ac_cv_sys_large_files" != no; then
-	CPPFLAGS="$CPPFLAGS -D_LARGE_FILES=$ac_cv_sys_large_files"
-fi
-if test "$enable_largefile" != no -a "$ac_cv_sys_file_offset_bits" != no; then
-	CPPFLAGS="$CPPFLAGS -D_FILE_OFFSET_BITS=$ac_cv_sys_file_offset_bits"
-fi
-])
diff --git a/crypto/heimdal/cf/make-proto.pl b/crypto/heimdal/cf/make-proto.pl
deleted file mode 100644
index f119b517e792..000000000000
--- a/crypto/heimdal/cf/make-proto.pl
+++ /dev/null
@@ -1,337 +0,0 @@
-# Make prototypes from .c files
-# $Id: make-proto.pl 14183 2004-09-03 08:50:57Z lha $
-
-##use Getopt::Std;
-require 'getopts.pl';
-
-$brace = 0;
-$line = "";
-$debug = 0;
-$oproto = 1;
-$private_func_re = "^_";
-
-do Getopts('x:m:o:p:dqE:R:P:') || die "foo";
-
-if($opt_d) {
-    $debug = 1;
-}
-
-if($opt_q) {
-    $oproto = 0;
-}
-
-if($opt_R) {
-    $private_func_re = $opt_R;
-}
-%flags = (
-	  'multiline-proto' => 1,
-	  'header' => 1,
-	  'function-blocking' => 0,
-	  'gnuc-attribute' => 1,
-	  'cxx' => 1
-	  );
-if($opt_m) {
-    foreach $i (split(/,/, $opt_m)) {
-	if($i eq "roken") {
-	    $flags{"multiline-proto"} = 0;
-	    $flags{"header"} = 0;
-	    $flags{"function-blocking"} = 0;
-	    $flags{"gnuc-attribute"} = 0;
-	    $flags{"cxx"} = 0;
-	} else {
-	    if(substr($i, 0, 3) eq "no-") {
-		$flags{substr($i, 3)} = 0;
-	    } else {
-		$flags{$i} = 1;
-	    }
-	}
-    }
-}
-
-if($opt_x) {
-    open(EXP, $opt_x);
-    while(<EXP>) {
-	chomp;
-	s/\#.*//g;
-	s/\s+/ /g;
-	if(/^([a-zA-Z0-9_]+)\s?(.*)$/) {
-	    $exported{$1} = $2;
-	} else {
-	    print $_, "\n";
-	}
-    }
-    close EXP;
-}
-
-while(<>) {
-    print $brace, " ", $_ if($debug);
-    if(/^\#if 0/) {
-	$if_0 = 1;
-    }
-    if($if_0 && /^\#endif/) {
-	$if_0 = 0;
-    }
-    if($if_0) { next }
-    if(/^\s*\#/) {
-	next;
-    }
-    if(/^\s*$/) {
-	$line = "";
-	next;
-    }
-    if(/\{/){
-	if (!/\}/) {
-	    $brace++;
-	}
-	$_ = $line;
-	while(s/\*\//\ca/){
-	    s/\/\*(.|\n)*\ca//;
-	}
-	s/^\s*//;
-	s/\s*$//;
-	s/\s+/ /g;
-	if($_ =~ /\)$/){
-	    if(!/^static/ && !/^PRIVATE/){
-		if(/(.*)(__attribute__\s?\(.*\))/) {
-		    $attr = $2;
-		    $_ = $1;
-		} else {
-		    $attr = "";
-		}
-		# remove outer ()
-		s/\s*\(/</;
-		s/\)\s?$/>/;
-		# remove , within ()
-		while(s/\(([^()]*),(.*)\)/($1\$$2)/g){}
-		s/\<\s*void\s*\>/<>/;
-		# remove parameter names 
-		if($opt_P eq "remove") {
-		    s/(\s*)([a-zA-Z0-9_]+)([,>])/$3/g;
-		    s/\s+\*/*/g;
-		    s/\(\*(\s*)([a-zA-Z0-9_]+)\)/(*)/g;
-		} elsif($opt_P eq "comment") {
-		    s/([a-zA-Z0-9_]+)([,>])/\/\*$1\*\/$2/g;
-		    s/\(\*([a-zA-Z0-9_]+)\)/(*\/\*$1\*\/)/g;
-		}
-		s/\<\>/<void>/;
-		# add newlines before parameters
-		if($flags{"multiline-proto"}) {
-		    s/,\s*/,\n\t/g;
-		} else {
-		    s/,\s*/, /g;
-		}
-		# fix removed ,
-		s/\$/,/g;
-		# match function name
-		/([a-zA-Z0-9_]+)\s*\</;
-		$f = $1;
-		if($oproto) {
-		    $LP = "__P((";
-		    $RP = "))";
-		} else {
-		    $LP = "(";
-		    $RP = ")";
-		}
-		# only add newline if more than one parameter
-                if($flags{"multiline-proto"} && /,/){ 
-		    s/\</ $LP\n\t/;
-		}else{
-		    s/\</ $LP/;
-		}
-		s/\>/$RP/;
-		# insert newline before function name
-		if($flags{"multiline-proto"}) {
-		    s/(.*)\s([a-zA-Z0-9_]+ \Q$LP\E)/$1\n$2/;
-		}
-		if($attr ne "") {
-		    $_ .= "\n    $attr";
-		}
-		$_ = $_ . ";";
-		$funcs{$f} = $_;
-	    }
-	}
-	$line = "";
-    }
-    if(/\}/){
-	$brace--;
-    }
-    if(/^\}/){
-	$brace = 0;
-    }
-    if($brace == 0) {
-	$line = $line . " " . $_;
-    }
-}
-
-sub foo {
-    local ($arg) = @_;
-    $_ = $arg;
-    s/.*\/([^\/]*)/$1/;
-    s/[^a-zA-Z0-9]/_/g;
-    "__" . $_ . "__";
-}
-
-if($opt_o) {
-    open(OUT, ">$opt_o");
-    $block = &foo($opt_o);
-} else {
-    $block = "__public_h__";
-}
-
-if($opt_p) {
-    open(PRIV, ">$opt_p");
-    $private = &foo($opt_p);
-} else {
-    $private = "__private_h__";
-}
-
-$public_h = "";
-$private_h = "";
-
-$public_h_header .= "/* This is a generated file */
-#ifndef $block
-#define $block
-
-";
-if ($oproto) {
-    $public_h_header .= "#ifdef __STDC__
-#include <stdarg.h>
-#ifndef __P
-#define __P(x) x
-#endif
-#else
-#ifndef __P
-#define __P(x) ()
-#endif
-#endif
-
-";
-} else {
-    $public_h_header .= "#include <stdarg.h>
-
-";
-}
-$public_h_trailer = "";
-
-$private_h_header = "/* This is a generated file */
-#ifndef $private
-#define $private
-
-";
-if($oproto) {
-    $private_h_header .= "#ifdef __STDC__
-#include <stdarg.h>
-#ifndef __P
-#define __P(x) x
-#endif
-#else
-#ifndef __P
-#define __P(x) ()
-#endif
-#endif
-
-";
-} else {
-    $private_h_header .= "#include <stdarg.h>
-
-";
-}
-$private_h_trailer = "";
-
-foreach(sort keys %funcs){
-    if(/^(main)$/) { next }
-    if(!defined($exported{$_}) && /$private_func_re/) {
-	$private_h .= $funcs{$_} . "\n\n";
-	if($funcs{$_} =~ /__attribute__/) {
-	    $private_attribute_seen = 1;
-	}
-    } else {
-	if($flags{"function-blocking"}) {
-	    $fupper = uc $_;
-	    if($exported{$_} =~ /proto/) {
-		$public_h .= "#if !defined(HAVE_$fupper) || defined(NEED_${fupper}_PROTO)\n";
-	    } else {
-		$public_h .= "#ifndef HAVE_$fupper\n";
-	    }
-	}
-	$public_h .= $funcs{$_} . "\n";
-	if($funcs{$_} =~ /__attribute__/) {
-	    $public_attribute_seen = 1;
-	}
-	if($flags{"function-blocking"}) {
-	    $public_h .= "#endif\n";
-	}
-	$public_h .= "\n";
-    }
-}
-
-if($flags{"gnuc-attribute"}) {
-    if ($public_attribute_seen) {
-	$public_h_header .= "#if !defined(__GNUC__) && !defined(__attribute__)
-#define __attribute__(x)
-#endif
-
-";
-    }
-
-    if ($private_attribute_seen) {
-	$private_h_header .= "#if !defined(__GNUC__) && !defined(__attribute__)
-#define __attribute__(x)
-#endif
-
-";
-    }
-}
-if($flags{"cxx"}) {
-    $public_h_header .= "#ifdef __cplusplus
-extern \"C\" {
-#endif
-
-";
-    $public_h_trailer .= "#ifdef __cplusplus
-}
-#endif
-
-";
-
-}
-if ($opt_E) {
-    $public_h_header .= "#ifndef $opt_E
-#if defined(_WIN32)
-#define $opt_E _stdcall
-#else
-#define $opt_E
-#endif
-#endif
-
-";
-    
-    $private_h_header .= "#ifndef $opt_E
-#if defined(_WIN32)
-#define $opt_E _stdcall
-#else
-#define $opt_E
-#endif
-#endif
-
-";
-}
-    
-if ($public_h ne "" && $flags{"header"}) {
-    $public_h = $public_h_header . $public_h . 
-	$public_h_trailer . "#endif /* $block */\n";
-}
-if ($private_h ne "" && $flags{"header"}) {
-    $private_h = $private_h_header . $private_h .
-	$private_h_trailer . "#endif /* $private */\n";
-}
-
-if($opt_o) {
-    print OUT $public_h;
-} 
-if($opt_p) {
-    print PRIV $private_h;
-} 
-
-close OUT;
-close PRIV;
diff --git a/crypto/heimdal/cf/mips-abi.m4 b/crypto/heimdal/cf/mips-abi.m4
deleted file mode 100644
index 2af513e188df..000000000000
--- a/crypto/heimdal/cf/mips-abi.m4
+++ /dev/null
@@ -1,87 +0,0 @@
-dnl $Id: mips-abi.m4 14166 2004-08-26 12:35:42Z joda $
-dnl
-dnl
-dnl Check for MIPS/IRIX ABI flags. Sets $abi and $abilibdirext to some
-dnl value.
-
-AC_DEFUN([AC_MIPS_ABI], [
-AC_ARG_WITH(mips_abi,
-	AS_HELP_STRING([--with-mips-abi=abi],[ABI to use for IRIX (32, n32, or 64)]))
-
-case "$host_os" in
-irix*)
-with_mips_abi="${with_mips_abi:-yes}"
-if test -n "$GCC"; then
-
-# GCC < 2.8 only supports the O32 ABI. GCC >= 2.8 has a flag to select
-# which ABI to use, but only supports (as of 2.8.1) the N32 and 64 ABIs.
-#
-# Default to N32, but if GCC doesn't grok -mabi=n32, we assume an old
-# GCC and revert back to O32. The same goes if O32 is asked for - old
-# GCCs doesn't like the -mabi option, and new GCCs can't output O32.
-#
-# Don't you just love *all* the different SGI ABIs?
-
-case "${with_mips_abi}" in 
-        32|o32) abi='-mabi=32';  abilibdirext=''     ;;
-       n32|yes) abi='-mabi=n32'; abilibdirext='32'  ;;
-        64) abi='-mabi=64';  abilibdirext='64'   ;;
-	no) abi=''; abilibdirext='';;
-         *) AC_MSG_ERROR("Invalid ABI specified") ;;
-esac
-if test -n "$abi" ; then
-ac_foo=krb_cv_gcc_`echo $abi | tr =- __`
-dnl
-dnl can't use AC_CACHE_CHECK here, since it doesn't quote CACHE-ID to
-dnl AC_MSG_RESULT
-dnl
-AC_MSG_CHECKING([if $CC supports the $abi option])
-AC_CACHE_VAL($ac_foo, [
-save_CFLAGS="$CFLAGS"
-CFLAGS="$CFLAGS $abi"
-AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]],[[int x;]])],[eval $ac_foo=yes], [eval $ac_foo=no])dnl
-CFLAGS="$save_CFLAGS"
-])
-ac_res=`eval echo \\\$$ac_foo`
-AC_MSG_RESULT($ac_res)
-if test $ac_res = no; then
-# Try to figure out why that failed...
-case $abi in
-	-mabi=32) 
-	save_CFLAGS="$CFLAGS"
-	CFLAGS="$CFLAGS -mabi=n32"
-	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]],[[int x;]])],[ac_res=yes],[ac_res=no])dnl
-	CLAGS="$save_CFLAGS"
-	if test $ac_res = yes; then
-		# New GCC
-		AC_MSG_ERROR([$CC does not support the $with_mips_abi ABI])
-	fi
-	# Old GCC
-	abi=''
-	abilibdirext=''
-	;;
-	-mabi=n32|-mabi=64)
-		if test $with_mips_abi = yes; then
-			# Old GCC, default to O32
-			abi=''
-			abilibdirext=''
-		else
-			# Some broken GCC
-			AC_MSG_ERROR([$CC does not support the $with_mips_abi ABI])
-		fi
-	;;
-esac
-fi #if test $ac_res = no; then
-fi #if test -n "$abi" ; then
-else
-case "${with_mips_abi}" in
-        32|o32) abi='-32'; abilibdirext=''     ;;
-       n32|yes) abi='-n32'; abilibdirext='32'  ;;
-        64) abi='-64'; abilibdirext='64'   ;;
-	no) abi=''; abilibdirext='';;
-         *) AC_MSG_ERROR("Invalid ABI specified") ;;
-esac
-fi #if test -n "$GCC"; then
-;;
-esac
-])
diff --git a/crypto/heimdal/cf/misc.m4 b/crypto/heimdal/cf/misc.m4
deleted file mode 100644
index 042f30a58d60..000000000000
--- a/crypto/heimdal/cf/misc.m4
+++ /dev/null
@@ -1,15 +0,0 @@
-
-dnl $Id: misc.m4 11022 2002-05-24 15:35:32Z joda $
-dnl
-AC_DEFUN([upcase],[`echo $1 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`])dnl
-AC_DEFUN([rk_LIBOBJ],[AC_LIBOBJ([$1])])dnl
-AC_DEFUN([rk_CONFIG_HEADER],[AH_TOP([#ifndef RCSID
-#define RCSID(msg) \
-static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
-#endif
-
-/* Maximum values on all known systems */
-#define MaxHostNameLen (64+4)
-#define MaxPathLen (1024+4)
-
-])])
-\ No newline at end of file
diff --git a/crypto/heimdal/cf/need-proto.m4 b/crypto/heimdal/cf/need-proto.m4
deleted file mode 100644
index 978abb1afbaa..000000000000
--- a/crypto/heimdal/cf/need-proto.m4
+++ /dev/null
@@ -1,22 +0,0 @@
-dnl $Id: need-proto.m4 14166 2004-08-26 12:35:42Z joda $
-dnl
-dnl
-dnl Check if we need the prototype for a function
-dnl
-
-dnl AC_NEED_PROTO(includes, function)
-
-AC_DEFUN([AC_NEED_PROTO], [
-if test "$ac_cv_func_$2+set" != set -o "$ac_cv_func_$2" = yes; then
-AC_CACHE_CHECK([if $2 needs a prototype], ac_cv_func_$2_noproto,
-AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[$1
-struct foo { int foo; } xx;
-extern int $2 (struct foo*);]],[[$2(&xx)]])],
-[eval "ac_cv_func_$2_noproto=yes"],
-[eval "ac_cv_func_$2_noproto=no"]))
-if test "$ac_cv_func_$2_noproto" = yes; then
-	AC_DEFINE(AS_TR_CPP(NEED_[]$2[]_PROTO), 1,
-		[define if the system is missing a prototype for $2()])
-fi
-fi
-])
diff --git a/crypto/heimdal/cf/osfc2.m4 b/crypto/heimdal/cf/osfc2.m4
deleted file mode 100644
index 6366f7a4ed23..000000000000
--- a/crypto/heimdal/cf/osfc2.m4
+++ /dev/null
@@ -1,14 +0,0 @@
-dnl $Id: osfc2.m4 14147 2004-08-25 14:14:01Z joda $
-dnl
-dnl enable OSF C2 stuff
-
-AC_DEFUN([AC_CHECK_OSFC2],[
-AC_ARG_ENABLE(osfc2,
-	AS_HELP_STRING([--enable-osfc2],[enable some OSF C2 support]))
-LIB_security=
-if test "$enable_osfc2" = yes; then
-	AC_DEFINE(HAVE_OSFC2, 1, [Define to enable basic OSF C2 support.])
-	LIB_security=-lsecurity
-fi
-AC_SUBST(LIB_security)
-])
diff --git a/crypto/heimdal/cf/otp.m4 b/crypto/heimdal/cf/otp.m4
deleted file mode 100644
index fa6a530bcf34..000000000000
--- a/crypto/heimdal/cf/otp.m4
+++ /dev/null
@@ -1,27 +0,0 @@
-dnl $Id: otp.m4 14147 2004-08-25 14:14:01Z joda $
-dnl
-dnl check requirements for OTP library
-dnl
-AC_DEFUN([rk_OTP],[
-AC_REQUIRE([rk_DB])dnl
-AC_ARG_ENABLE(otp,
-	AS_HELP_STRING([--disable-otp],[if you don't want OTP support]))
-if test "$enable_otp" = yes -a "$db_type" = unknown; then
-	AC_MSG_ERROR([OTP requires a NDBM/DB compatible library])
-fi
-if test "$enable_otp" != no; then
-	if test "$db_type" != unknown; then
-		enable_otp=yes
-	else
-		enable_otp=no
-	fi
-fi
-if test "$enable_otp" = yes; then
-	AC_DEFINE(OTP, 1, [Define if you want OTP support in applications.])
-	LIB_otp='$(top_builddir)/lib/otp/libotp.la'
-	AC_SUBST(LIB_otp)
-fi
-AC_MSG_CHECKING([whether to enable OTP library])
-AC_MSG_RESULT($enable_otp)
-AM_CONDITIONAL(OTP, test "$enable_otp" = yes)dnl
-])
diff --git a/crypto/heimdal/cf/proto-compat.m4 b/crypto/heimdal/cf/proto-compat.m4
deleted file mode 100644
index 0da8b250e60f..000000000000
--- a/crypto/heimdal/cf/proto-compat.m4
+++ /dev/null
@@ -1,21 +0,0 @@
-dnl $Id: proto-compat.m4 14166 2004-08-26 12:35:42Z joda $
-dnl
-dnl
-dnl Check if the prototype of a function is compatible with another one
-dnl
-
-dnl AC_PROTO_COMPAT(includes, function, prototype)
-
-AC_DEFUN([AC_PROTO_COMPAT], [
-AC_CACHE_CHECK([if $2 is compatible with system prototype],
-ac_cv_func_$2_proto_compat,
-AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[$1]],[[$3]])],
-[eval "ac_cv_func_$2_proto_compat=yes"],
-[eval "ac_cv_func_$2_proto_compat=no"]))
-define([foo], translit($2, [a-z], [A-Z])[_PROTO_COMPATIBLE])
-if test "$ac_cv_func_$2_proto_compat" = yes; then
-	AC_DEFINE(foo, 1, [define if prototype of $2 is compatible with
-	$3])
-fi
-undefine([foo])
-])
-\ No newline at end of file
diff --git a/crypto/heimdal/cf/pthreads.m4 b/crypto/heimdal/cf/pthreads.m4
deleted file mode 100644
index fd2c81ba3f07..000000000000
--- a/crypto/heimdal/cf/pthreads.m4
+++ /dev/null
@@ -1,75 +0,0 @@
-dnl $Id: pthreads.m4 20295 2007-04-11 11:08:08Z lha $
-
-AC_DEFUN([KRB_PTHREADS], [
-AC_MSG_CHECKING(if compiling threadsafe libraries)
-
-AC_ARG_ENABLE(pthread-support,
-	AS_HELP_STRING([--enable-pthread-support],
-			[if you want thread safe libraries]),
-	[],[enable_pthread_support=maybe])
-
-case "$host" in 
-*-*-solaris2*)
-	native_pthread_support=yes
-	if test "$GCC" = yes; then
-		PTHREADS_CFLAGS=-pthreads
-		PTHREADS_LIBS=-pthreads
-	else
-		PTHREADS_CFLAGS=-mt
-		PTHREADS_LIBS=-mt
-	fi
-	;;
-*-*-netbsd*)
-	native_pthread_support="if running netbsd 1.6T or newer"
-	dnl heim_threads.h knows this
-	PTHREADS_LIBS=""
-	;;
-*-*-freebsd5*)
-	native_pthread_support=yes
-	;;
-*-*-linux* | *-*-linux-gnu)
-	case `uname -r` in
-	2.*)
-		native_pthread_support=yes
-		PTHREADS_CFLAGS=-pthread
-		PTHREADS_LIBS=-pthread
-		;;
-	esac
-	;;
-*-*-aix*)
-	dnl AIX is disabled since we don't handle the utmp/utmpx
-        dnl problems that aix causes when compiling with pthread support
-	native_pthread_support=no
-	;;
-mips-sgi-irix6.[[5-9]])  # maybe works for earlier versions too
-	native_pthread_support=yes
-	PTHREADS_LIBS="-lpthread"
-	;;
-*-*-darwin*)
-	native_pthread_support=yes
-	;;
-*)
-	native_pthread_support=no
-	;;
-esac
-
-if test "$enable_pthread_support" = maybe ; then
-	enable_pthread_support="$native_pthread_support"
-fi
-	
-if test "$enable_pthread_support" != no; then
-    AC_DEFINE(ENABLE_PTHREAD_SUPPORT, 1,
-	[Define if you want have a thread safe libraries])
-    dnl This sucks, but libtool doesn't save the depenecy on -pthread
-    dnl for libraries.
-    LIBS="$PTHREADS_LIBS $LIBS"
-else
-  PTHREADS_CFLAGS=""
-  PTHREADS_LIBS=""
-fi
-
-AC_SUBST(PTHREADS_CFLAGS)
-AC_SUBST(PTHREADS_LIBS)
-
-AC_MSG_RESULT($enable_pthread_support)
-])
diff --git a/crypto/heimdal/cf/resolv.m4 b/crypto/heimdal/cf/resolv.m4
deleted file mode 100644
index 8bb5e4ecbb0f..000000000000
--- a/crypto/heimdal/cf/resolv.m4
+++ /dev/null
@@ -1,109 +0,0 @@
-dnl stuff used by DNS resolv code in roken
-dnl
-dnl $Id: resolv.m4 16009 2005-09-02 10:17:38Z lha $
-dnl
-
-AC_DEFUN([rk_RESOLV],[
-
-AC_CHECK_HEADERS([arpa/nameser.h])
-
-AC_CHECK_HEADERS(resolv.h, , , [AC_INCLUDES_DEFAULT
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-])
-
-AC_FIND_FUNC(res_search, resolv,
-[
-#include <stdio.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#ifdef HAVE_RESOLV_H
-#include <resolv.h>
-#endif
-],
-[0,0,0,0,0])
-
-AC_FIND_FUNC(res_nsearch, resolv,
-[
-#include <stdio.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#ifdef HAVE_RESOLV_H
-#include <resolv.h>
-#endif
-],
-[0,0,0,0,0,0])
-
-AC_FIND_FUNC(res_ndestroy, resolv,
-[
-#include <stdio.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#ifdef HAVE_RESOLV_H
-#include <resolv.h>
-#endif
-],
-[0])
-
-AC_FIND_FUNC(dn_expand, resolv,
-[
-#include <stdio.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#ifdef HAVE_RESOLV_H
-#include <resolv.h>
-#endif
-],
-[0,0,0,0,0])
-
-rk_CHECK_VAR(_res, 
-[#include <stdio.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#ifdef HAVE_RESOLV_H
-#include <resolv.h>
-#endif])
-
-])
diff --git a/crypto/heimdal/cf/retsigtype.m4 b/crypto/heimdal/cf/retsigtype.m4
deleted file mode 100644
index 2857bff1d965..000000000000
--- a/crypto/heimdal/cf/retsigtype.m4
+++ /dev/null
@@ -1,18 +0,0 @@
-dnl
-dnl $Id: retsigtype.m4 13338 2004-02-12 14:21:14Z lha $
-dnl
-dnl Figure out return type of signal handlers, and define SIGRETURN macro
-dnl that can be used to return from one
-dnl
-AC_DEFUN([rk_RETSIGTYPE],[
-AC_TYPE_SIGNAL
-if test "$ac_cv_type_signal" = "void" ; then
-	AC_DEFINE(VOID_RETSIGTYPE, 1, [Define if signal handlers return void.])
-fi
-AC_SUBST(VOID_RETSIGTYPE)
-AH_BOTTOM([#ifdef VOID_RETSIGTYPE
-#define SIGRETURN(x) return
-#else
-#define SIGRETURN(x) return (RETSIGTYPE)(x)
-#endif])
-])
-\ No newline at end of file
diff --git a/crypto/heimdal/cf/roken-frag.m4 b/crypto/heimdal/cf/roken-frag.m4
deleted file mode 100644
index eccbdbd4142f..000000000000
--- a/crypto/heimdal/cf/roken-frag.m4
+++ /dev/null
@@ -1,655 +0,0 @@
-dnl $Id: roken-frag.m4 20639 2007-05-10 17:22:58Z lha $
-dnl
-dnl some code to get roken working
-dnl
-dnl rk_ROKEN(subdir)
-dnl
-AC_DEFUN([rk_ROKEN], [
-
-AC_REQUIRE([rk_CONFIG_HEADER])
-
-DIR_roken=roken
-LIB_roken='$(top_builddir)/$1/libroken.la'
-INCLUDES_roken='-I$(top_builddir)/$1 -I$(top_srcdir)/$1'
-
-dnl Checks for programs
-AC_REQUIRE([AC_PROG_CC])
-AC_REQUIRE([AC_PROG_AWK])
-AC_REQUIRE([AC_OBJEXT])
-AC_REQUIRE([AC_EXEEXT])
-AC_REQUIRE([AC_PROG_LIBTOOL])
-
-AC_REQUIRE([AC_MIPS_ABI])
-
-dnl C characteristics
-
-AC_REQUIRE([AC_C___ATTRIBUTE__])
-AC_REQUIRE([AC_C_INLINE])
-AC_REQUIRE([AC_C_CONST])
-rk_WFLAGS(-Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs)
-
-AC_REQUIRE([rk_DB])
-
-dnl C types
-
-AC_REQUIRE([AC_TYPE_SIZE_T])
-AC_HAVE_TYPE([ssize_t],[#include <unistd.h>])
-AC_REQUIRE([AC_TYPE_PID_T])
-AC_REQUIRE([AC_TYPE_UID_T])
-AC_HAVE_TYPE([long long])
-
-AC_REQUIRE([rk_RETSIGTYPE])
-
-dnl Checks for header files.
-AC_REQUIRE([AC_HEADER_STDC])
-AC_REQUIRE([AC_HEADER_TIME])
-
-AC_CHECK_HEADERS([\
-	arpa/inet.h				\
-	config.h				\
-	crypt.h					\
-	dirent.h				\
-	errno.h					\
-	err.h					\
-	fcntl.h					\
-	fnmatch.h				\
-	grp.h					\
-	ifaddrs.h				\
-	netinet/in.h				\
-	netinet/in6.h				\
-	netinet/in_systm.h			\
-	netinet6/in6.h				\
-	paths.h					\
-	poll.h					\
-	pwd.h					\
-	rpcsvc/ypclnt.h				\
-	shadow.h				\
-	stdint.h				\
-	sys/bswap.h				\
-	sys/ioctl.h				\
-	sys/mman.h				\
-	sys/param.h				\
-	sys/resource.h				\
-	sys/sockio.h				\
-	sys/stat.h				\
-	sys/time.h				\
-	sys/tty.h				\
-	sys/types.h				\
-	sys/uio.h				\
-	sys/utsname.h				\
-	sys/wait.h				\
-	syslog.h				\
-	termios.h				\
-	unistd.h				\
-	userconf.h				\
-	usersec.h				\
-	util.h					\
-])
-
-AC_HAVE_TYPE([uintptr_t],[#ifdef HAVE_STDINT_H
-#include <stdint.h>
-#endif])
-
-dnl Sunpro 5.2 has a vis.h which is something different.
-AC_CHECK_HEADERS(vis.h, , , [
-#include <vis.h>
-#ifndef VIS_SP
-#error invis
-#endif])
-	
-AC_CHECK_HEADERS(netdb.h, , , [AC_INCLUDES_DEFAULT
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-])
-
-AC_CHECK_HEADERS(sys/socket.h, , , [AC_INCLUDES_DEFAULT
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-])
-
-AC_CHECK_HEADERS(net/if.h, , , [AC_INCLUDES_DEFAULT
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#if HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif])
-
-AC_CHECK_HEADERS(netinet6/in6_var.h, , , [AC_INCLUDES_DEFAULT
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#if HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET6_IN6_H
-#include <netinet6/in6.h>
-#endif
-])
-
-AC_CHECK_HEADERS(sys/sysctl.h, , , [AC_INCLUDES_DEFAULT
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-])
-
-AC_CHECK_HEADERS(sys/proc.h, , , [AC_INCLUDES_DEFAULT
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-])
-
-AC_REQUIRE([CHECK_NETINET_IP_AND_TCP])
-
-AM_CONDITIONAL(have_err_h, test "$ac_cv_header_err_h" = yes)
-AM_CONDITIONAL(have_ifaddrs_h, test "$ac_cv_header_ifaddrs_h" = yes)
-AM_CONDITIONAL(have_vis_h, test "$ac_cv_header_vis_h" = yes)
-
-dnl Check for functions and libraries
-
-AC_FIND_FUNC(socket, socket)
-AC_FIND_FUNC(gethostbyname, nsl)
-AC_FIND_FUNC(syslog, syslog)
-
-AC_KRB_IPV6
-
-AC_FIND_FUNC(gethostbyname2, inet6 ip6)
-
-rk_RESOLV
-
-AC_BROKEN_SNPRINTF
-AC_BROKEN_VSNPRINTF
-
-AC_BROKEN_GLOB
-if test "$ac_cv_func_glob_working" != yes; then
-	AC_LIBOBJ(glob)
-fi
-AM_CONDITIONAL(have_glob_h, test "$ac_cv_func_glob_working" = yes)
-
-
-AC_CHECK_FUNCS([				\
-	asnprintf				\
-	asprintf				\
-	atexit					\
-	cgetent					\
-	getconfattr				\
-	getprogname				\
-	getrlimit				\
-	getspnam				\
-	initstate				\
-	issetugid				\
-	on_exit					\
-	poll					\
-	random					\
-	setprogname				\
-	setstate				\
-	strsvis					\
-	strunvis				\
-	strvis					\
-	strvisx					\
-	svis					\
-	sysconf					\
-	sysctl					\
-	uname					\
-	unvis					\
-	vasnprintf				\
-	vasprintf				\
-	vis					\
-])
-
-if test "$ac_cv_func_cgetent" = no; then
-	AC_LIBOBJ(getcap)
-fi
-AM_CONDITIONAL(have_cgetent, test "$ac_cv_func_cgetent" = yes)
-
-AC_REQUIRE([AC_FUNC_GETLOGIN])
-
-AC_REQUIRE([AC_FUNC_MMAP])
-
-AC_FIND_FUNC_NO_LIBS(getsockopt,,
-[#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif],
-[0,0,0,0,0])
-AC_FIND_FUNC_NO_LIBS(setsockopt,,
-[#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif],
-[0,0,0,0,0])
-
-AC_FIND_IF_NOT_BROKEN(hstrerror, resolv,
-[#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif],
-17)
-AC_NEED_PROTO([
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif],
-hstrerror)
-
-AC_FOREACH([rk_func], [asprintf vasprintf asnprintf vasnprintf],
-	[AC_NEED_PROTO([
-	#include <stdio.h>
-	#include <string.h>],
-	rk_func)])
-
-AC_FIND_FUNC_NO_LIBS(bswap16,,
-[#ifdef HAVE_SYS_BSWAP_H
-#include <sys/bswap.h>
-#endif],0)
-
-AC_FIND_FUNC_NO_LIBS(bswap32,,
-[#ifdef HAVE_SYS_BSWAP_H
-#include <sys/bswap.h>
-#endif],0)
-
-AC_FIND_FUNC_NO_LIBS(pidfile,util,
-[#ifdef HAVE_UTIL_H
-#include <util.h>
-#endif],0)
-
-AC_FIND_IF_NOT_BROKEN(getaddrinfo,,
-[#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif],[0,0,0,0])
-
-AC_FIND_IF_NOT_BROKEN(getnameinfo,,
-[#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif],[0,0,0,0,0,0,0])
-
-AC_FIND_IF_NOT_BROKEN(freeaddrinfo,,
-[#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif],[0])
-
-AC_FIND_IF_NOT_BROKEN(gai_strerror,,
-[#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif],[0])
-
-AC_BROKEN([					\
-	chown					\
-	copyhostent				\
-	closefrom				\
-	daemon					\
-	ecalloc					\
-	emalloc					\
-	erealloc				\
-	estrdup					\
-	err					\
-	errx					\
-	fchown					\
-	flock					\
-	fnmatch					\
-	freehostent				\
-	getcwd					\
-	getdtablesize				\
-	getegid					\
-	geteuid					\
-	getgid					\
-	gethostname				\
-	getifaddrs				\
-	getipnodebyaddr				\
-	getipnodebyname				\
-	getopt					\
-	gettimeofday				\
-	getuid					\
-	getusershell				\
-	initgroups				\
-	innetgr					\
-	iruserok				\
-	localtime_r				\
-	lstat					\
-	memmove					\
-	mkstemp					\
-	putenv					\
-	rcmd					\
-	readv					\
-	recvmsg					\
-	sendmsg					\
-	setegid					\
-	setenv					\
-	seteuid					\
-	strcasecmp				\
-	strdup					\
-	strerror				\
-	strftime				\
-	strlcat					\
-	strlcpy					\
-	strlwr					\
-	strncasecmp				\
-	strndup					\
-	strnlen					\
-	strptime				\
-	strsep					\
-	strsep_copy				\
-	strtok_r				\
-	strupr					\
-	swab					\
-	timegm					\
-	unsetenv				\
-	verr					\
-	verrx					\
-	vsyslog					\
-	vwarn					\
-	vwarnx					\
-	warn					\
-	warnx					\
-	writev					\
-])
-
-AM_CONDITIONAL(have_fnmatch_h,
-	test "$ac_cv_header_fnmatch_h" = yes -a "$ac_cv_func_fnmatch" = yes)
-
-AC_FOREACH([rk_func], [strndup strsep strtok_r],
-	[AC_NEED_PROTO([#include <string.h>], rk_func)])
-
-AC_FOREACH([rk_func], [strsvis strunvis strvis strvisx svis unvis vis],
-[AC_NEED_PROTO([#ifdef HAVE_VIS_H
-#include <vis.h>
-#endif], rk_func)])
-
-AC_BROKEN2(inet_aton,
-[#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif],
-[0,0])
-
-AC_BROKEN2(inet_ntop,
-[#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif],
-[0, 0, 0, 0])
-
-AC_BROKEN2(inet_pton,
-[#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif],
-[0,0,0])
-
-dnl
-dnl Check for sa_len in struct sockaddr, 
-dnl needs to come before the getnameinfo test
-dnl
-AC_HAVE_STRUCT_FIELD(struct sockaddr, sa_len, [#include <sys/types.h>
-#include <sys/socket.h>])
-
-if test "$ac_cv_func_getaddrinfo" = "yes"; then
-  rk_BROKEN_GETADDRINFO
-  if test "$ac_cv_func_getaddrinfo_numserv" = no; then
-	AC_LIBOBJ(getaddrinfo)
-	AC_LIBOBJ(freeaddrinfo)
-  fi
-fi
-
-AC_NEED_PROTO([#include <stdlib.h>], setenv)
-AC_NEED_PROTO([#include <stdlib.h>], unsetenv)
-AC_NEED_PROTO([#include <unistd.h>], gethostname)
-AC_NEED_PROTO([#include <unistd.h>], mkstemp)
-AC_NEED_PROTO([#include <unistd.h>], getusershell)
-AC_NEED_PROTO([#include <unistd.h>], daemon)
-AC_NEED_PROTO([
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif],
-iruserok)
-
-AC_NEED_PROTO([
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif],
-inet_aton)
-
-AC_FIND_FUNC_NO_LIBS(crypt, crypt)dnl
-
-AC_REQUIRE([rk_BROKEN_REALLOC])dnl
-
-dnl AC_KRB_FUNC_GETCWD_BROKEN
-
-dnl
-dnl Checks for prototypes and declarations
-dnl
-
-AC_PROTO_COMPAT([
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-],
-gethostbyname, struct hostent *gethostbyname(const char *))
-
-AC_PROTO_COMPAT([
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-],
-gethostbyaddr, struct hostent *gethostbyaddr(const void *, size_t, int))
-
-AC_PROTO_COMPAT([
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-],
-getservbyname, struct servent *getservbyname(const char *, const char *))
-
-AC_PROTO_COMPAT([
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-],
-getsockname, int getsockname(int, struct sockaddr*, socklen_t*))
-
-AC_PROTO_COMPAT([
-#ifdef HAVE_SYSLOG_H
-#include <syslog.h>
-#endif
-],
-openlog, void openlog(const char *, int, int))
-
-AC_NEED_PROTO([
-#ifdef HAVE_CRYPT_H
-#include <crypt.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-],
-crypt)
-
-dnl variables
-
-rk_CHECK_VAR(h_errno, 
-[#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif])
-
-rk_CHECK_VAR(h_errlist, 
-[#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif])
-
-rk_CHECK_VAR(h_nerr, 
-[#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif])
-
-rk_CHECK_VAR([__progname], 
-[#ifdef HAVE_ERR_H
-#include <err.h>
-#endif])
-
-AC_CHECK_DECLS([optarg, optind, opterr, optopt, environ],[],[][
-#include <stdlib.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif])
-
-dnl
-dnl Check for fields in struct tm
-dnl
-
-AC_HAVE_STRUCT_FIELD(struct tm, tm_gmtoff, [#include <time.h>])
-AC_HAVE_STRUCT_FIELD(struct tm, tm_zone, [#include <time.h>])
-
-dnl
-dnl or do we have a variable `timezone' ?
-dnl
-
-rk_CHECK_VAR(timezone,[#include <time.h>])
-rk_CHECK_VAR(altzone,[#include <time.h>])
-
-AC_HAVE_TYPE([sa_family_t],[
-#include <sys/types.h>
-#include <sys/socket.h>])
-AC_HAVE_TYPE([socklen_t],[
-#include <sys/types.h>
-#include <sys/socket.h>])
-AC_HAVE_TYPE([struct sockaddr], [
-#include <sys/types.h>
-#include <sys/socket.h>])
-AC_HAVE_TYPE([struct sockaddr_storage], [
-#include <sys/types.h>
-#include <sys/socket.h>])
-AC_HAVE_TYPE([struct addrinfo], [
-#include <sys/types.h>
-#include <netdb.h>])
-AC_HAVE_TYPE([struct ifaddrs], [#include <ifaddrs.h>])
-AC_HAVE_TYPE([struct iovec],[
-#include <sys/types.h>
-#include <sys/uio.h>
-])
-AC_HAVE_TYPE([struct msghdr],[
-#include <sys/types.h>
-#include <sys/socket.h>
-])
-
-dnl
-dnl Check for struct winsize
-dnl
-
-AC_KRB_STRUCT_WINSIZE
-
-dnl
-dnl Check for struct spwd
-dnl
-
-AC_KRB_STRUCT_SPWD
-
-#
-# Check if we want samba's socket wrapper
-#
-
-samba_SOCKET_WRAPPER
-
-dnl won't work with automake
-dnl moved to AC_OUTPUT in configure.in
-dnl AC_CONFIG_FILES($1/Makefile)
-
-LIB_roken="${LIB_roken} \$(LIB_crypt) \$(LIB_dbopen)"
-
-AC_SUBST(DIR_roken)dnl
-AC_SUBST(LIB_roken)dnl
-AC_SUBST(INCLUDES_roken)dnl
-])
diff --git a/crypto/heimdal/cf/roken.m4 b/crypto/heimdal/cf/roken.m4
deleted file mode 100644
index 7d8a7e8d2442..000000000000
--- a/crypto/heimdal/cf/roken.m4
+++ /dev/null
@@ -1,64 +0,0 @@
-dnl $Id: roken.m4 14162 2004-08-26 11:27:32Z joda $
-dnl
-dnl try to look for an installed roken library with sufficient stuff
-dnl
-dnl set LIB_roken to the what we should link with
-dnl set DIR_roken to if the directory should be built
-dnl set CPPFLAGS_roken to stuff to add to CPPFLAGS
-
-dnl AC_ROKEN(version,directory-to-try,roken-dir,fallback-library,fallback-cppflags)
-AC_DEFUN([AC_ROKEN], [
-
-AC_ARG_WITH(roken,
-	AS_HELP_STRING([--with-roken=dir],[use the roken library in dir]),
-[if test "$withval" = "no"; then
-  AC_MSG_ERROR(roken is required)
-fi])
-
-save_CPPFLAGS="${CPPFLAGS}"
-
-case $with_roken in
-yes|"")
-  dirs="$2" ;;
-*)
-  dirs="$with_roken" ;;
-esac
-
-roken_installed=no
-
-for i in $dirs; do
-
-AC_MSG_CHECKING(for roken in $i)
-
-CPPFLAGS="-I$i/include ${CPPFLAGS}"
-
-AC_PREPROC_IFELSE([AC_LANG_SOURCE([[
-#include <roken.h>
-#if ROKEN_VERSION < $1
-#error old roken version, should be $1
-fail
-#endif
-]])],[roken_installed=yes; break])
-
-AC_MSG_RESULT($roken_installed)
-
-done
-
-CPPFLAGS="$save_CPPFLAGS"
-
-if test "$roken_installed" != "yes"; then
-  DIR_roken="roken"
-  LIB_roken='$4'
-  CPPFLAGS_roken='$5'
-  AC_CONFIG_SUBDIRS(lib/roken)
-else
-  LIB_roken="$i/lib/libroken.la"
-  CPPFLAGS_roken="-I$i/include"
-fi
-
-LIB_roken="${LIB_roken} \$(LIB_crypt) \$(LIB_dbopen)"
-
-AC_SUBST(LIB_roken)dnl
-AC_SUBST(DIR_roken)dnl
-AC_SUBST(CPPFLAGS_roken)dnl
-])
diff --git a/crypto/heimdal/cf/socket-wrapper.m4 b/crypto/heimdal/cf/socket-wrapper.m4
deleted file mode 100644
index a2b934bd0a15..000000000000
--- a/crypto/heimdal/cf/socket-wrapper.m4
+++ /dev/null
@@ -1,16 +0,0 @@
-dnl $Id: socket-wrapper.m4 18077 2006-09-12 17:33:07Z lha $
-dnl
-AC_DEFUN([samba_SOCKET_WRAPPER], [
-
-AC_ARG_ENABLE(socket-wrapper,
-	AS_HELP_STRING([--enable-socket-wrapper],
-		[use sambas socket-wrapper for testing]))
-
-AM_CONDITIONAL(have_socket_wrapper, test "x$enable_socket_wrapper" = xyes)dnl
-
-if test "x$enable_socket_wrapper" = xyes ; then
-       AC_DEFINE(SOCKET_WRAPPER_REPLACE, 1,
-               [Define if you want to use samba socket wrappers.])
-fi
-
-])
diff --git a/crypto/heimdal/cf/sunos.m4 b/crypto/heimdal/cf/sunos.m4
deleted file mode 100644
index 18876f58e12c..000000000000
--- a/crypto/heimdal/cf/sunos.m4
+++ /dev/null
@@ -1,25 +0,0 @@
-dnl
-dnl $Id: sunos.m4 14608 2005-03-01 22:17:44Z lha $
-dnl
-
-AC_DEFUN([rk_SUNOS],[
-sunos=no
-case "$host" in 
-*-*-sunos4*)
-	sunos=40
-	;;
-*-*-solaris2.7)
-	sunos=57
-	;;
-*-*-solaris2.[[89]] | *-*-solaris2.10)
-	sunos=58
-	;;
-*-*-solaris2*)
-	sunos=50
-	;;
-esac
-if test "$sunos" != no; then
-	AC_DEFINE_UNQUOTED(SunOS, $sunos, 
-		[Define to what version of SunOS you are running.])
-fi
-])
-\ No newline at end of file
diff --git a/crypto/heimdal/cf/telnet.m4 b/crypto/heimdal/cf/telnet.m4
deleted file mode 100644
index b2bef86e9e7d..000000000000
--- a/crypto/heimdal/cf/telnet.m4
+++ /dev/null
@@ -1,78 +0,0 @@
-dnl
-dnl $Id: telnet.m4 15435 2005-06-16 19:45:52Z lha $
-dnl
-dnl stuff used by telnet
-
-AC_DEFUN([rk_TELNET],[
-AC_DEFINE(AUTHENTICATION, 1, 
-	[Define if you want authentication support in telnet.])dnl
-AC_DEFINE(ENCRYPTION, 1,
-	[Define if you want encryption support in telnet.])dnl
-AC_DEFINE(DES_ENCRYPTION, 1,
-	[Define if you want to use DES encryption in telnet.])dnl
-AC_DEFINE(DIAGNOSTICS, 1,
-	[Define this to enable diagnostics in telnet.])dnl
-AC_DEFINE(OLD_ENVIRON, 1,
-	[Define this to enable old environment option in telnet.])dnl
-if false; then
-	AC_DEFINE(ENV_HACK, 1,
-		[Define this if you want support for broken ENV_{VAR,VAL} telnets.])
-fi
-
-# Simple test for streamspty, based on the existance of getmsg(), alas
-# this breaks on SunOS4 which have streams but BSD-like ptys
-#
-# And also something wierd has happend with dec-osf1, fallback to bsd-ptys
-
-case "$host" in
-*-*-aix3*|*-*-sunos4*|*-*-osf*|*-*-hpux1[[01]]*)
-	;;
-*)
-	AC_CHECK_FUNC(getmsg)
-	if test "$ac_cv_func_getmsg" = "yes"; then
-		AC_CACHE_CHECK([if getmsg works], ac_cv_func_getmsg_works,
-		AC_RUN_IFELSE([AC_LANG_SOURCE([[
-			#include <stdio.h>
-			#include <errno.h>
-
-			int main(int argc, char **argv)
-			{
-			  int ret;
-			  ret = getmsg(open("/dev/null", 0), NULL, NULL, NULL);
-			  if(ret < 0 && errno == ENOSYS)
-			    return 1;
-			  return 0;
-			}
-			]])], [ac_cv_func_getmsg_works=yes], 
-			[ac_cv_func_getmsg_works=no],
-			[ac_cv_func_getmsg_works=no]))
-		if test "$ac_cv_func_getmsg_works" = "yes"; then
-			AC_DEFINE(HAVE_GETMSG, 1,
-				[Define if you have a working getmsg.])
-			AC_DEFINE(STREAMSPTY, 1,
-				[Define if you have streams ptys.])
-		fi
-	fi
-	;;
-esac
-
-AH_BOTTOM([
-#if defined(ENCRYPTION) && !defined(AUTHENTICATION)
-#define AUTHENTICATION 1
-#endif
-
-/* Set this to the default system lead string for telnetd 
- * can contain %-escapes: %s=sysname, %m=machine, %r=os-release
- * %v=os-version, %t=tty, %h=hostname, %d=date and time
- */
-#undef USE_IM
-
-/* Used with login -p */
-#undef LOGIN_ARGS
-
-/* set this to a sensible login */
-#ifndef LOGIN_PATH
-#define LOGIN_PATH BINDIR "/login"
-#endif
-])
-])
diff --git a/crypto/heimdal/cf/test-package.m4 b/crypto/heimdal/cf/test-package.m4
deleted file mode 100644
index 8ef9ef738e44..000000000000
--- a/crypto/heimdal/cf/test-package.m4
+++ /dev/null
@@ -1,133 +0,0 @@
-dnl $Id: test-package.m4 14166 2004-08-26 12:35:42Z joda $
-dnl
-dnl rk_TEST_PACKAGE(package,headers,libraries,extra libs,
-dnl			default locations, conditional, config-program)
-
-AC_DEFUN([rk_TEST_PACKAGE],[
-AC_ARG_WITH($1,
-	AS_HELP_STRING([--with-$1=dir],[use $1 in dir]))
-AC_ARG_WITH($1-lib,
-	AS_HELP_STRING([--with-$1-lib=dir],[use $1 libraries in dir]),
-[if test "$withval" = "yes" -o "$withval" = "no"; then
-  AC_MSG_ERROR([No argument for --with-$1-lib])
-elif test "X$with_$1" = "X"; then
-  with_$1=yes
-fi])
-AC_ARG_WITH($1-include,
-	AS_HELP_STRING([--with-$1-include=dir],[use $1 headers in dir]),
-[if test "$withval" = "yes" -o "$withval" = "no"; then
-  AC_MSG_ERROR([No argument for --with-$1-include])
-elif test "X$with_$1" = "X"; then
-  with_$1=yes
-fi])
-AC_ARG_WITH($1-config,
-	AS_HELP_STRING([--with-$1-config=path],[config program for $1]))
-
-m4_ifval([$6],
-	m4_define([rk_pkgname], $6),
-	m4_define([rk_pkgname], AS_TR_CPP($1)))
-
-AC_MSG_CHECKING(for $1)
-
-case "$with_$1" in
-yes|"") d='$5' ;;
-no)	d= ;;
-*)	d="$with_$1" ;;
-esac
-
-header_dirs=
-lib_dirs=
-for i in $d; do
-	if test "$with_$1_include" = ""; then
-		if test -d "$i/include/$1"; then
-			header_dirs="$header_dirs $i/include/$1"
-		fi
-		if test -d "$i/include"; then
-			header_dirs="$header_dirs $i/include"
-		fi
-	fi
-	if test "$with_$1_lib" = ""; then
-		if test -d "$i/lib$abilibdirext"; then
-			lib_dirs="$lib_dirs $i/lib$abilibdirext"
-		fi
-	fi
-done
-
-if test "$with_$1_include"; then
-	header_dirs="$with_$1_include $header_dirs"
-fi
-if test "$with_$1_lib"; then
-	lib_dirs="$with_$1_lib $lib_dirs"
-fi
-
-if test "$with_$1_config" = ""; then
-	with_$1_config='$7'
-fi
-
-$1_cflags=
-$1_libs=
-
-case "$with_$1_config" in
-yes|no|""|"$7")
-	if test -f $with_$1/bin/$7 ; then
-		with_$1_config=$with_$1/bin/$7
-	fi
-	;;
-esac
-
-case "$with_$1_config" in
-yes|no|"")
-	;;
-*)
-	$1_cflags="`$with_$1_config --cflags 2>&1`"
-	$1_libs="`$with_$1_config --libs 2>&1`"
-	;;
-esac
-
-found=no
-if test "$with_$1" != no; then
-	save_CFLAGS="$CFLAGS"
-	save_LIBS="$LIBS"
-	if test "$[]$1_cflags" -a "$[]$1_libs"; then
-		CFLAGS="$[]$1_cflags $save_CFLAGS"
-		LIBS="$[]$1_libs $save_LIBS"
-		AC_LINK_IFELSE([AC_LANG_PROGRAM([[$2]],[[]])],[
-			INCLUDE_$1="$[]$1_cflags"
-			LIB_$1="$[]$1_libs"
-			AC_MSG_RESULT([from $with_$1_config])
-			found=yes])
-	fi
-	if test "$found" = no; then
-		ires= lres=
-		for i in $header_dirs; do
-			CFLAGS="-I$i $save_CFLAGS"
-			AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[$2]],[[]])],[ires=$i;break])
-		done
-		for i in $lib_dirs; do
-			LIBS="-L$i $3 $4 $save_LIBS"
-			AC_LINK_IFELSE([AC_LANG_PROGRAM([[$2]],[[]])],[lres=$i;break])
-		done
-		if test "$ires" -a "$lres" -a "$with_$1" != "no"; then
-			INCLUDE_$1="-I$ires"
-			LIB_$1="-L$lres $3 $4"
-			found=yes
-			AC_MSG_RESULT([headers $ires, libraries $lres])
-		fi
-	fi
-	CFLAGS="$save_CFLAGS"
-	LIBS="$save_LIBS"
-fi
-
-if test "$found" = yes; then
-	AC_DEFINE_UNQUOTED(rk_pkgname, 1, [Define if you have the $1 package.])
-	with_$1=yes
-else
-	with_$1=no
-	INCLUDE_$1=
-	LIB_$1=
-	AC_MSG_RESULT(no)
-fi
-
-AC_SUBST(INCLUDE_$1)
-AC_SUBST(LIB_$1)
-])
diff --git a/crypto/heimdal/cf/valgrind-suppressions b/crypto/heimdal/cf/valgrind-suppressions
deleted file mode 100644
index 1e32042f3c4f..000000000000
--- a/crypto/heimdal/cf/valgrind-suppressions
+++ /dev/null
@@ -1,84 +0,0 @@
-# $Id: valgrind-suppressions 21182 2007-06-20 02:57:13Z lha $
-{
-   linux db init brokenness
-   Memcheck:Param
-   pwrite64(buf)
-   fun:do_pwrite64
-   fun:__os_io
-   fun:__memp_pgwrite
-   fun:__memp_fsync
-   fun:__bam_read_root
-   fun:__bam_open
-   fun:__db_dbopen
-   fun:__db_open
-   fun:DB_open
-}
-{
-   linux strerror
-   Memcheck:Leak
-   fun:_vgrZU_libcZdsoZa_malloc
-   fun:rwlock_add_to_list
-   fun:rwlock_have_already
-   fun:pthread_rwlock_rdlock
-   fun:__dcigettext
-   fun:dcgettext
-   fun:strerror_r
-   fun:strerror
-}
-{
-   linux db close brokenness
-   Memcheck:Param
-   pwrite64(buf)
-   fun:do_pwrite64
-   fun:__os_io
-   fun:__memp_pgwrite
-   fun:__memp_fsync
-   fun:__db_sync
-   fun:__db_close
-   fun:DB_close
-}
-{
-   GLIBC 2.1.2 getservbyname defect
-   Memcheck:Leak
-   fun:_vgrZU_libcZdsoZa_malloc
-   fun:strdup
-   obj:*
-   obj:*
-   fun:getservbyname_r@@GLIBC_2.1.2
-   fun:getservbyname
-}
-{
-   glibc getaddrinfo defect
-   Memcheck:Leak
-   fun:_vgrZU_libcZdsoZa_malloc
-   fun:__libc_res_nsend
-   fun:__libc_res_nquery
-   fun:__libc_res_nquerydomain
-   fun:__libc_res_nsearch
-   obj:*
-   fun:gaih_inet
-   fun:getaddrinfo
-}
-{
-   glibc dlopen failure called from /bin/ls
-   Memcheck:Addr4
-   obj:/lib/ld-2.3.6.so
-   obj:/lib/ld-2.3.6.so
-   obj:/lib/ld-2.3.6.so
-}
-{
-   Unknown suppression in runtime link editor
-   Memcheck:Cond
-   obj:/lib/ld-2.5.so
-   obj:/lib/ld-2.5.so
-   obj:/lib/ld-2.5.so
-   obj:/lib/ld-2.5.so
-}
-{
-   Unknown suppression in runtime link editor
-   Memcheck:Addr4
-   obj:/lib/ld-2.5.so
-   obj:/lib/ld-2.5.so
-   obj:/lib/ld-2.5.so
-   obj:/lib/ld-2.5.so
-}
diff --git a/crypto/heimdal/cf/vararray.m4 b/crypto/heimdal/cf/vararray.m4
deleted file mode 100644
index 86f58d954f33..000000000000
--- a/crypto/heimdal/cf/vararray.m4
+++ /dev/null
@@ -1,16 +0,0 @@
-dnl
-dnl $Id: vararray.m4 14166 2004-08-26 12:35:42Z joda $
-dnl
-dnl Test for variable size arrays.
-dnl
-
-AC_DEFUN([rk_C_VARARRAY], [
-	AC_CACHE_CHECK([if the compiler supports variable-length arrays],[rk_cv_c_vararray],[
-	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]],[[int x = 0; { int y[x]; }]])],
-		[rk_cv_c_vararray=yes],
-		[rk_cv_c_vararray=no])])
-	if test "$rk_cv_c_vararray" = yes; then
-		AC_DEFINE([HAVE_VARIABLE_LENGTH_ARRAY], [1],
-			[Define if your compiler supports variable-length arrays.])
-	fi
-])
diff --git a/crypto/heimdal/cf/version-script.m4 b/crypto/heimdal/cf/version-script.m4
deleted file mode 100644
index 342e5ac9cb14..000000000000
--- a/crypto/heimdal/cf/version-script.m4
+++ /dev/null
@@ -1,40 +0,0 @@
-dnl check if ld supports --version-script
-dnl
-AC_DEFUN([rk_VERSIONSCRIPT],[
-AC_CACHE_CHECK(for ld --version-script, rk_cv_version_script,[
-  rk_cv_version_script=no
-
-  cat > conftest.map <<EOF
-HEIM_GSS_V1 {
-        global: gss*;
-};
-HEIM_GSS_V1_1 {
-        global: gss_init_creds;
-} HEIM_GSS_V1;
-EOF
-cat > conftest.c <<EOF
-int gss_init_creds(int foo) { return 0; }
-EOF
-
-  if AC_TRY_COMMAND([${CC-cc} $CFLAGS $LDFLAGS -shared
-                               -o conftest.so conftest.c
-                               -Wl,--version-script,conftest.map]);
-  then
-    rk_cv_version_script=yes
-  fi
-rm -f conftest*
-])
-
-if test $rk_cv_version_script = yes ; then
-  doversioning=yes
-  LDFLAGS_VERSION_SCRIPT="-Wl,--version-script,"
-else
-  doversioning=no
-  LDFLAGS_VERSION_SCRIPT=
-fi
-AC_SUBST(VERSIONING)
-
-AM_CONDITIONAL(versionscript,test $doversioning = yes)
-AC_SUBST(LDFLAGS_VERSION_SCRIPT)
-
-])
-\ No newline at end of file
diff --git a/crypto/heimdal/cf/wflags.m4 b/crypto/heimdal/cf/wflags.m4
deleted file mode 100644
index d099151aaef2..000000000000
--- a/crypto/heimdal/cf/wflags.m4
+++ /dev/null
@@ -1,28 +0,0 @@
-dnl $Id: wflags.m4 21183 2007-06-20 03:07:07Z lha $
-dnl
-dnl set WFLAGS
-
-AC_DEFUN([rk_WFLAGS],[
-
-AC_ARG_ENABLE(developer, 
-	AS_HELP_STRING([--enable-developer], [enable developer warnings]))
-if test "X$enable_developer" = Xyes; then
-    dwflags="-Werror"
-fi
-
-WFLAGS_NOUNUSED=""
-WFLAGS_NOIMPLICITINT=""
-if test -z "$WFLAGS" -a "$GCC" = "yes"; then
-  # -Wno-implicit-int for broken X11 headers
-  # leave these out for now:
-  #   -Wcast-align doesn't work well on alpha osf/1
-  #   -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast
-  #   -Wmissing-declarations -Wnested-externs
-  WFLAGS="ifelse($#, 0,-Wall, $1) $dwflags"
-  WFLAGS_NOUNUSED="-Wno-unused"
-  WFLAGS_NOIMPLICITINT="-Wno-implicit-int"
-fi
-AC_SUBST(WFLAGS)dnl
-AC_SUBST(WFLAGS_NOUNUSED)dnl
-AC_SUBST(WFLAGS_NOIMPLICITINT)dnl
-])
diff --git a/crypto/heimdal/cf/win32.m4 b/crypto/heimdal/cf/win32.m4
deleted file mode 100644
index 0687ff721d8f..000000000000
--- a/crypto/heimdal/cf/win32.m4
+++ /dev/null
@@ -1,12 +0,0 @@
-dnl $Id: win32.m4 13709 2004-04-13 14:29:47Z lha $
-dnl rk_WIN32_EXPORT buildsymbol symbol-that-export
-AC_DEFUN([rk_WIN32_EXPORT],[AH_TOP([#ifdef $1
-#ifndef $2
-#ifdef _WIN32_
-#define $2 _export _stdcall
-#else
-#define $2
-#endif
-#endif
-#endif
-])])
diff --git a/crypto/heimdal/cf/with-all.m4 b/crypto/heimdal/cf/with-all.m4
deleted file mode 100644
index d518b45ac28a..000000000000
--- a/crypto/heimdal/cf/with-all.m4
+++ /dev/null
@@ -1,42 +0,0 @@
-dnl
-dnl $Id: with-all.m4 14147 2004-08-25 14:14:01Z joda $
-dnl
-
-dnl AC_WITH_ALL(name)
-
-AC_DEFUN([AC_WITH_ALL], [
-AC_ARG_WITH($1,
-	AS_HELP_STRING([--with-$1=dir],
-		[use $1 in dir]))
-
-AC_ARG_WITH($1-lib,
-	AS_HELP_STRING([--with-$1-lib=dir],
-		[use $1 libraries in dir]),
-[if test "$withval" = "yes" -o "$withval" = "no"; then
-  AC_MSG_ERROR([No argument for --with-$1-lib])
-elif test "X$with_$1" = "X"; then
-  with_$1=yes
-fi])
-
-AC_ARG_WITH($1-include,
-	AS_HELP_STRING([--with-$1-include=dir],
-		[use $1 headers in dir]),
-[if test "$withval" = "yes" -o "$withval" = "no"; then
-  AC_MSG_ERROR([No argument for --with-$1-include])
-elif test "X$with_$1" = "X"; then
-  with_$1=yes
-fi])
-
-case "$with_$1" in
-yes)	;;
-no)	;;
-"")	;;
-*)	if test "$with_$1_include" = ""; then
-		with_$1_include="$with_$1/include"
-	fi
-	if test "$with_$1_lib" = ""; then
-		with_$1_lib="$with_$1/lib$abilibdirext"
-	fi
-	;;
-esac
-])
-\ No newline at end of file
diff --git a/crypto/heimdal/compile b/crypto/heimdal/compile
deleted file mode 100755
index 1b1d23216958..000000000000
--- a/crypto/heimdal/compile
+++ /dev/null
@@ -1,142 +0,0 @@
-#! /bin/sh
-# Wrapper for compilers which do not understand `-c -o'.
-
-scriptversion=2005-05-14.22
-
-# Copyright (C) 1999, 2000, 2003, 2004, 2005 Free Software Foundation, Inc.
-# Written by Tom Tromey <tromey@cygnus.com>.
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-# This file is maintained in Automake, please report
-# bugs to <bug-automake@gnu.org> or send patches to
-# <automake-patches@gnu.org>.
-
-case $1 in
-  '')
-     echo "$0: No command.  Try \`$0 --help' for more information." 1>&2
-     exit 1;
-     ;;
-  -h | --h*)
-    cat <<\EOF
-Usage: compile [--help] [--version] PROGRAM [ARGS]
-
-Wrapper for compilers which do not understand `-c -o'.
-Remove `-o dest.o' from ARGS, run PROGRAM with the remaining
-arguments, and rename the output as expected.
-
-If you are trying to build a whole package this is not the
-right script to run: please start by reading the file `INSTALL'.
-
-Report bugs to <bug-automake@gnu.org>.
-EOF
-    exit $?
-    ;;
-  -v | --v*)
-    echo "compile $scriptversion"
-    exit $?
-    ;;
-esac
-
-ofile=
-cfile=
-eat=
-
-for arg
-do
-  if test -n "$eat"; then
-    eat=
-  else
-    case $1 in
-      -o)
-	# configure might choose to run compile as `compile cc -o foo foo.c'.
-	# So we strip `-o arg' only if arg is an object.
-	eat=1
-	case $2 in
-	  *.o | *.obj)
-	    ofile=$2
-	    ;;
-	  *)
-	    set x "$@" -o "$2"
-	    shift
-	    ;;
-	esac
-	;;
-      *.c)
-	cfile=$1
-	set x "$@" "$1"
-	shift
-	;;
-      *)
-	set x "$@" "$1"
-	shift
-	;;
-    esac
-  fi
-  shift
-done
-
-if test -z "$ofile" || test -z "$cfile"; then
-  # If no `-o' option was seen then we might have been invoked from a
-  # pattern rule where we don't need one.  That is ok -- this is a
-  # normal compilation that the losing compiler can handle.  If no
-  # `.c' file was seen then we are probably linking.  That is also
-  # ok.
-  exec "$@"
-fi
-
-# Name of file we expect compiler to create.
-cofile=`echo "$cfile" | sed -e 's|^.*/||' -e 's/\.c$/.o/'`
-
-# Create the lock directory.
-# Note: use `[/.-]' here to ensure that we don't use the same name
-# that we are using for the .o file.  Also, base the name on the expected
-# object file name, since that is what matters with a parallel build.
-lockdir=`echo "$cofile" | sed -e 's|[/.-]|_|g'`.d
-while true; do
-  if mkdir "$lockdir" >/dev/null 2>&1; then
-    break
-  fi
-  sleep 1
-done
-# FIXME: race condition here if user kills between mkdir and trap.
-trap "rmdir '$lockdir'; exit 1" 1 2 15
-
-# Run the compile.
-"$@"
-ret=$?
-
-if test -f "$cofile"; then
-  mv "$cofile" "$ofile"
-elif test -f "${cofile}bj"; then
-  mv "${cofile}bj" "$ofile"
-fi
-
-rmdir "$lockdir"
-exit $ret
-
-# Local Variables:
-# mode: shell-script
-# sh-indentation: 2
-# eval: (add-hook 'write-file-hooks 'time-stamp)
-# time-stamp-start: "scriptversion="
-# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-end: "$"
-# End:
diff --git a/crypto/heimdal/config.guess b/crypto/heimdal/config.guess
deleted file mode 100755
index 396482d6cb50..000000000000
--- a/crypto/heimdal/config.guess
+++ /dev/null
@@ -1,1500 +0,0 @@
-#! /bin/sh
-# Attempt to guess a canonical system name.
-#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
-#   2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation,
-#   Inc.
-
-timestamp='2006-07-02'
-
-# This file is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
-# 02110-1301, USA.
-#
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-
-# Originally written by Per Bothner <per@bothner.com>.
-# Please send patches to <config-patches@gnu.org>.  Submit a context
-# diff and a properly formatted ChangeLog entry.
-#
-# This script attempts to guess a canonical system name similar to
-# config.sub.  If it succeeds, it prints the system name on stdout, and
-# exits with 0.  Otherwise, it exits with 1.
-#
-# The plan is that this can be called by configure scripts if you
-# don't specify an explicit build system type.
-
-me=`echo "$0" | sed -e 's,.*/,,'`
-
-usage="\
-Usage: $0 [OPTION]
-
-Output the configuration name of the system \`$me' is run on.
-
-Operation modes:
-  -h, --help         print this help, then exit
-  -t, --time-stamp   print date of last modification, then exit
-  -v, --version      print version number, then exit
-
-Report bugs and patches to <config-patches@gnu.org>."
-
-version="\
-GNU config.guess ($timestamp)
-
-Originally written by Per Bothner.
-Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
-Free Software Foundation, Inc.
-
-This is free software; see the source for copying conditions.  There is NO
-warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
-
-help="
-Try \`$me --help' for more information."
-
-# Parse command line
-while test $# -gt 0 ; do
-  case $1 in
-    --time-stamp | --time* | -t )
-       echo "$timestamp" ; exit ;;
-    --version | -v )
-       echo "$version" ; exit ;;
-    --help | --h* | -h )
-       echo "$usage"; exit ;;
-    -- )     # Stop option processing
-       shift; break ;;
-    - )	# Use stdin as input.
-       break ;;
-    -* )
-       echo "$me: invalid option $1$help" >&2
-       exit 1 ;;
-    * )
-       break ;;
-  esac
-done
-
-if test $# != 0; then
-  echo "$me: too many arguments$help" >&2
-  exit 1
-fi
-
-trap 'exit 1' 1 2 15
-
-# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
-# compiler to aid in system detection is discouraged as it requires
-# temporary files to be created and, as you can see below, it is a
-# headache to deal with in a portable fashion.
-
-# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
-# use `HOST_CC' if defined, but it is deprecated.
-
-# Portable tmp directory creation inspired by the Autoconf team.
-
-set_cc_for_build='
-trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
-trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
-: ${TMPDIR=/tmp} ;
- { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
- { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
- { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
- { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
-dummy=$tmp/dummy ;
-tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
-case $CC_FOR_BUILD,$HOST_CC,$CC in
- ,,)    echo "int x;" > $dummy.c ;
-	for c in cc gcc c89 c99 ; do
-	  if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then
-	     CC_FOR_BUILD="$c"; break ;
-	  fi ;
-	done ;
-	if test x"$CC_FOR_BUILD" = x ; then
-	  CC_FOR_BUILD=no_compiler_found ;
-	fi
-	;;
- ,,*)   CC_FOR_BUILD=$CC ;;
- ,*,*)  CC_FOR_BUILD=$HOST_CC ;;
-esac ; set_cc_for_build= ;'
-
-# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
-# (ghazi@noc.rutgers.edu 1994-08-24)
-if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
-	PATH=$PATH:/.attbin ; export PATH
-fi
-
-UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
-UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
-UNAME_SYSTEM=`(uname -s) 2>/dev/null`  || UNAME_SYSTEM=unknown
-UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
-
-# Note: order is significant - the case branches are not exclusive.
-
-case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
-    *:NetBSD:*:*)
-	# NetBSD (nbsd) targets should (where applicable) match one or
-	# more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
-	# *-*-netbsdecoff* and *-*-netbsd*.  For targets that recently
-	# switched to ELF, *-*-netbsd* would select the old
-	# object file format.  This provides both forward
-	# compatibility and a consistent mechanism for selecting the
-	# object file format.
-	#
-	# Note: NetBSD doesn't particularly care about the vendor
-	# portion of the name.  We always set it to "unknown".
-	sysctl="sysctl -n hw.machine_arch"
-	UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
-	    /usr/sbin/$sysctl 2>/dev/null || echo unknown)`
-	case "${UNAME_MACHINE_ARCH}" in
-	    armeb) machine=armeb-unknown ;;
-	    arm*) machine=arm-unknown ;;
-	    sh3el) machine=shl-unknown ;;
-	    sh3eb) machine=sh-unknown ;;
-	    *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
-	esac
-	# The Operating System including object format, if it has switched
-	# to ELF recently, or will in the future.
-	case "${UNAME_MACHINE_ARCH}" in
-	    arm*|i386|m68k|ns32k|sh3*|sparc|vax)
-		eval $set_cc_for_build
-		if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
-			| grep __ELF__ >/dev/null
-		then
-		    # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
-		    # Return netbsd for either.  FIX?
-		    os=netbsd
-		else
-		    os=netbsdelf
-		fi
-		;;
-	    *)
-	        os=netbsd
-		;;
-	esac
-	# The OS release
-	# Debian GNU/NetBSD machines have a different userland, and
-	# thus, need a distinct triplet. However, they do not need
-	# kernel version information, so it can be replaced with a
-	# suitable tag, in the style of linux-gnu.
-	case "${UNAME_VERSION}" in
-	    Debian*)
-		release='-gnu'
-		;;
-	    *)
-		release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
-		;;
-	esac
-	# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
-	# contains redundant information, the shorter form:
-	# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
-	echo "${machine}-${os}${release}"
-	exit ;;
-    *:OpenBSD:*:*)
-	UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
-	echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
-	exit ;;
-    *:ekkoBSD:*:*)
-	echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
-	exit ;;
-    *:SolidBSD:*:*)
-	echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE}
-	exit ;;
-    macppc:MirBSD:*:*)
-	echo powerpc-unknown-mirbsd${UNAME_RELEASE}
-	exit ;;
-    *:MirBSD:*:*)
-	echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
-	exit ;;
-    alpha:OSF1:*:*)
-	case $UNAME_RELEASE in
-	*4.0)
-		UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
-		;;
-	*5.*)
-	        UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
-		;;
-	esac
-	# According to Compaq, /usr/sbin/psrinfo has been available on
-	# OSF/1 and Tru64 systems produced since 1995.  I hope that
-	# covers most systems running today.  This code pipes the CPU
-	# types through head -n 1, so we only detect the type of CPU 0.
-	ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^  The alpha \(.*\) processor.*$/\1/p' | head -n 1`
-	case "$ALPHA_CPU_TYPE" in
-	    "EV4 (21064)")
-		UNAME_MACHINE="alpha" ;;
-	    "EV4.5 (21064)")
-		UNAME_MACHINE="alpha" ;;
-	    "LCA4 (21066/21068)")
-		UNAME_MACHINE="alpha" ;;
-	    "EV5 (21164)")
-		UNAME_MACHINE="alphaev5" ;;
-	    "EV5.6 (21164A)")
-		UNAME_MACHINE="alphaev56" ;;
-	    "EV5.6 (21164PC)")
-		UNAME_MACHINE="alphapca56" ;;
-	    "EV5.7 (21164PC)")
-		UNAME_MACHINE="alphapca57" ;;
-	    "EV6 (21264)")
-		UNAME_MACHINE="alphaev6" ;;
-	    "EV6.7 (21264A)")
-		UNAME_MACHINE="alphaev67" ;;
-	    "EV6.8CB (21264C)")
-		UNAME_MACHINE="alphaev68" ;;
-	    "EV6.8AL (21264B)")
-		UNAME_MACHINE="alphaev68" ;;
-	    "EV6.8CX (21264D)")
-		UNAME_MACHINE="alphaev68" ;;
-	    "EV6.9A (21264/EV69A)")
-		UNAME_MACHINE="alphaev69" ;;
-	    "EV7 (21364)")
-		UNAME_MACHINE="alphaev7" ;;
-	    "EV7.9 (21364A)")
-		UNAME_MACHINE="alphaev79" ;;
-	esac
-	# A Pn.n version is a patched version.
-	# A Vn.n version is a released version.
-	# A Tn.n version is a released field test version.
-	# A Xn.n version is an unreleased experimental baselevel.
-	# 1.2 uses "1.2" for uname -r.
-	echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
-	exit ;;
-    Alpha\ *:Windows_NT*:*)
-	# How do we know it's Interix rather than the generic POSIX subsystem?
-	# Should we change UNAME_MACHINE based on the output of uname instead
-	# of the specific Alpha model?
-	echo alpha-pc-interix
-	exit ;;
-    21064:Windows_NT:50:3)
-	echo alpha-dec-winnt3.5
-	exit ;;
-    Amiga*:UNIX_System_V:4.0:*)
-	echo m68k-unknown-sysv4
-	exit ;;
-    *:[Aa]miga[Oo][Ss]:*:*)
-	echo ${UNAME_MACHINE}-unknown-amigaos
-	exit ;;
-    *:[Mm]orph[Oo][Ss]:*:*)
-	echo ${UNAME_MACHINE}-unknown-morphos
-	exit ;;
-    *:OS/390:*:*)
-	echo i370-ibm-openedition
-	exit ;;
-    *:z/VM:*:*)
-	echo s390-ibm-zvmoe
-	exit ;;
-    *:OS400:*:*)
-        echo powerpc-ibm-os400
-	exit ;;
-    arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
-	echo arm-acorn-riscix${UNAME_RELEASE}
-	exit ;;
-    arm:riscos:*:*|arm:RISCOS:*:*)
-	echo arm-unknown-riscos
-	exit ;;
-    SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
-	echo hppa1.1-hitachi-hiuxmpp
-	exit ;;
-    Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
-	# akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
-	if test "`(/bin/universe) 2>/dev/null`" = att ; then
-		echo pyramid-pyramid-sysv3
-	else
-		echo pyramid-pyramid-bsd
-	fi
-	exit ;;
-    NILE*:*:*:dcosx)
-	echo pyramid-pyramid-svr4
-	exit ;;
-    DRS?6000:unix:4.0:6*)
-	echo sparc-icl-nx6
-	exit ;;
-    DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
-	case `/usr/bin/uname -p` in
-	    sparc) echo sparc-icl-nx7; exit ;;
-	esac ;;
-    sun4H:SunOS:5.*:*)
-	echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
-	exit ;;
-    sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
-	echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
-	exit ;;
-    i86pc:SunOS:5.*:*)
-	echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
-	exit ;;
-    sun4*:SunOS:6*:*)
-	# According to config.sub, this is the proper way to canonicalize
-	# SunOS6.  Hard to guess exactly what SunOS6 will be like, but
-	# it's likely to be more like Solaris than SunOS4.
-	echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
-	exit ;;
-    sun4*:SunOS:*:*)
-	case "`/usr/bin/arch -k`" in
-	    Series*|S4*)
-		UNAME_RELEASE=`uname -v`
-		;;
-	esac
-	# Japanese Language versions have a version number like `4.1.3-JL'.
-	echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
-	exit ;;
-    sun3*:SunOS:*:*)
-	echo m68k-sun-sunos${UNAME_RELEASE}
-	exit ;;
-    sun*:*:4.2BSD:*)
-	UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
-	test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
-	case "`/bin/arch`" in
-	    sun3)
-		echo m68k-sun-sunos${UNAME_RELEASE}
-		;;
-	    sun4)
-		echo sparc-sun-sunos${UNAME_RELEASE}
-		;;
-	esac
-	exit ;;
-    aushp:SunOS:*:*)
-	echo sparc-auspex-sunos${UNAME_RELEASE}
-	exit ;;
-    # The situation for MiNT is a little confusing.  The machine name
-    # can be virtually everything (everything which is not
-    # "atarist" or "atariste" at least should have a processor
-    # > m68000).  The system name ranges from "MiNT" over "FreeMiNT"
-    # to the lowercase version "mint" (or "freemint").  Finally
-    # the system name "TOS" denotes a system which is actually not
-    # MiNT.  But MiNT is downward compatible to TOS, so this should
-    # be no problem.
-    atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
-        echo m68k-atari-mint${UNAME_RELEASE}
-	exit ;;
-    atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
-	echo m68k-atari-mint${UNAME_RELEASE}
-        exit ;;
-    *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
-        echo m68k-atari-mint${UNAME_RELEASE}
-	exit ;;
-    milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
-        echo m68k-milan-mint${UNAME_RELEASE}
-        exit ;;
-    hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
-        echo m68k-hades-mint${UNAME_RELEASE}
-        exit ;;
-    *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
-        echo m68k-unknown-mint${UNAME_RELEASE}
-        exit ;;
-    m68k:machten:*:*)
-	echo m68k-apple-machten${UNAME_RELEASE}
-	exit ;;
-    powerpc:machten:*:*)
-	echo powerpc-apple-machten${UNAME_RELEASE}
-	exit ;;
-    RISC*:Mach:*:*)
-	echo mips-dec-mach_bsd4.3
-	exit ;;
-    RISC*:ULTRIX:*:*)
-	echo mips-dec-ultrix${UNAME_RELEASE}
-	exit ;;
-    VAX*:ULTRIX*:*:*)
-	echo vax-dec-ultrix${UNAME_RELEASE}
-	exit ;;
-    2020:CLIX:*:* | 2430:CLIX:*:*)
-	echo clipper-intergraph-clix${UNAME_RELEASE}
-	exit ;;
-    mips:*:*:UMIPS | mips:*:*:RISCos)
-	eval $set_cc_for_build
-	sed 's/^	//' << EOF >$dummy.c
-#ifdef __cplusplus
-#include <stdio.h>  /* for printf() prototype */
-	int main (int argc, char *argv[]) {
-#else
-	int main (argc, argv) int argc; char *argv[]; {
-#endif
-	#if defined (host_mips) && defined (MIPSEB)
-	#if defined (SYSTYPE_SYSV)
-	  printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
-	#endif
-	#if defined (SYSTYPE_SVR4)
-	  printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
-	#endif
-	#if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
-	  printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
-	#endif
-	#endif
-	  exit (-1);
-	}
-EOF
-	$CC_FOR_BUILD -o $dummy $dummy.c &&
-	  dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` &&
-	  SYSTEM_NAME=`$dummy $dummyarg` &&
-	    { echo "$SYSTEM_NAME"; exit; }
-	echo mips-mips-riscos${UNAME_RELEASE}
-	exit ;;
-    Motorola:PowerMAX_OS:*:*)
-	echo powerpc-motorola-powermax
-	exit ;;
-    Motorola:*:4.3:PL8-*)
-	echo powerpc-harris-powermax
-	exit ;;
-    Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
-	echo powerpc-harris-powermax
-	exit ;;
-    Night_Hawk:Power_UNIX:*:*)
-	echo powerpc-harris-powerunix
-	exit ;;
-    m88k:CX/UX:7*:*)
-	echo m88k-harris-cxux7
-	exit ;;
-    m88k:*:4*:R4*)
-	echo m88k-motorola-sysv4
-	exit ;;
-    m88k:*:3*:R3*)
-	echo m88k-motorola-sysv3
-	exit ;;
-    AViiON:dgux:*:*)
-        # DG/UX returns AViiON for all architectures
-        UNAME_PROCESSOR=`/usr/bin/uname -p`
-	if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
-	then
-	    if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
-	       [ ${TARGET_BINARY_INTERFACE}x = x ]
-	    then
-		echo m88k-dg-dgux${UNAME_RELEASE}
-	    else
-		echo m88k-dg-dguxbcs${UNAME_RELEASE}
-	    fi
-	else
-	    echo i586-dg-dgux${UNAME_RELEASE}
-	fi
- 	exit ;;
-    M88*:DolphinOS:*:*)	# DolphinOS (SVR3)
-	echo m88k-dolphin-sysv3
-	exit ;;
-    M88*:*:R3*:*)
-	# Delta 88k system running SVR3
-	echo m88k-motorola-sysv3
-	exit ;;
-    XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
-	echo m88k-tektronix-sysv3
-	exit ;;
-    Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
-	echo m68k-tektronix-bsd
-	exit ;;
-    *:IRIX*:*:*)
-	echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
-	exit ;;
-    ????????:AIX?:[12].1:2)   # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
-	echo romp-ibm-aix     # uname -m gives an 8 hex-code CPU id
-	exit ;;               # Note that: echo "'`uname -s`'" gives 'AIX '
-    i*86:AIX:*:*)
-	echo i386-ibm-aix
-	exit ;;
-    ia64:AIX:*:*)
-	if [ -x /usr/bin/oslevel ] ; then
-		IBM_REV=`/usr/bin/oslevel`
-	else
-		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
-	fi
-	echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
-	exit ;;
-    *:AIX:2:3)
-	if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
-		eval $set_cc_for_build
-		sed 's/^		//' << EOF >$dummy.c
-		#include <sys/systemcfg.h>
-
-		main()
-			{
-			if (!__power_pc())
-				exit(1);
-			puts("powerpc-ibm-aix3.2.5");
-			exit(0);
-			}
-EOF
-		if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy`
-		then
-			echo "$SYSTEM_NAME"
-		else
-			echo rs6000-ibm-aix3.2.5
-		fi
-	elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
-		echo rs6000-ibm-aix3.2.4
-	else
-		echo rs6000-ibm-aix3.2
-	fi
-	exit ;;
-    *:AIX:*:[45])
-	IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
-	if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
-		IBM_ARCH=rs6000
-	else
-		IBM_ARCH=powerpc
-	fi
-	if [ -x /usr/bin/oslevel ] ; then
-		IBM_REV=`/usr/bin/oslevel`
-	else
-		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
-	fi
-	echo ${IBM_ARCH}-ibm-aix${IBM_REV}
-	exit ;;
-    *:AIX:*:*)
-	echo rs6000-ibm-aix
-	exit ;;
-    ibmrt:4.4BSD:*|romp-ibm:BSD:*)
-	echo romp-ibm-bsd4.4
-	exit ;;
-    ibmrt:*BSD:*|romp-ibm:BSD:*)            # covers RT/PC BSD and
-	echo romp-ibm-bsd${UNAME_RELEASE}   # 4.3 with uname added to
-	exit ;;                             # report: romp-ibm BSD 4.3
-    *:BOSX:*:*)
-	echo rs6000-bull-bosx
-	exit ;;
-    DPX/2?00:B.O.S.:*:*)
-	echo m68k-bull-sysv3
-	exit ;;
-    9000/[34]??:4.3bsd:1.*:*)
-	echo m68k-hp-bsd
-	exit ;;
-    hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
-	echo m68k-hp-bsd4.4
-	exit ;;
-    9000/[34678]??:HP-UX:*:*)
-	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
-	case "${UNAME_MACHINE}" in
-	    9000/31? )            HP_ARCH=m68000 ;;
-	    9000/[34]?? )         HP_ARCH=m68k ;;
-	    9000/[678][0-9][0-9])
-		if [ -x /usr/bin/getconf ]; then
-		    sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
-                    sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
-                    case "${sc_cpu_version}" in
-                      523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
-                      528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
-                      532)                      # CPU_PA_RISC2_0
-                        case "${sc_kernel_bits}" in
-                          32) HP_ARCH="hppa2.0n" ;;
-                          64) HP_ARCH="hppa2.0w" ;;
-			  '') HP_ARCH="hppa2.0" ;;   # HP-UX 10.20
-                        esac ;;
-                    esac
-		fi
-		if [ "${HP_ARCH}" = "" ]; then
-		    eval $set_cc_for_build
-		    sed 's/^              //' << EOF >$dummy.c
-
-              #define _HPUX_SOURCE
-              #include <stdlib.h>
-              #include <unistd.h>
-
-              int main ()
-              {
-              #if defined(_SC_KERNEL_BITS)
-                  long bits = sysconf(_SC_KERNEL_BITS);
-              #endif
-                  long cpu  = sysconf (_SC_CPU_VERSION);
-
-                  switch (cpu)
-              	{
-              	case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
-              	case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
-              	case CPU_PA_RISC2_0:
-              #if defined(_SC_KERNEL_BITS)
-              	    switch (bits)
-              		{
-              		case 64: puts ("hppa2.0w"); break;
-              		case 32: puts ("hppa2.0n"); break;
-              		default: puts ("hppa2.0"); break;
-              		} break;
-              #else  /* !defined(_SC_KERNEL_BITS) */
-              	    puts ("hppa2.0"); break;
-              #endif
-              	default: puts ("hppa1.0"); break;
-              	}
-                  exit (0);
-              }
-EOF
-		    (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
-		    test -z "$HP_ARCH" && HP_ARCH=hppa
-		fi ;;
-	esac
-	if [ ${HP_ARCH} = "hppa2.0w" ]
-	then
-	    eval $set_cc_for_build
-
-	    # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
-	    # 32-bit code.  hppa64-hp-hpux* has the same kernel and a compiler
-	    # generating 64-bit code.  GNU and HP use different nomenclature:
-	    #
-	    # $ CC_FOR_BUILD=cc ./config.guess
-	    # => hppa2.0w-hp-hpux11.23
-	    # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
-	    # => hppa64-hp-hpux11.23
-
-	    if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
-		grep __LP64__ >/dev/null
-	    then
-		HP_ARCH="hppa2.0w"
-	    else
-		HP_ARCH="hppa64"
-	    fi
-	fi
-	echo ${HP_ARCH}-hp-hpux${HPUX_REV}
-	exit ;;
-    ia64:HP-UX:*:*)
-	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
-	echo ia64-hp-hpux${HPUX_REV}
-	exit ;;
-    3050*:HI-UX:*:*)
-	eval $set_cc_for_build
-	sed 's/^	//' << EOF >$dummy.c
-	#include <unistd.h>
-	int
-	main ()
-	{
-	  long cpu = sysconf (_SC_CPU_VERSION);
-	  /* The order matters, because CPU_IS_HP_MC68K erroneously returns
-	     true for CPU_PA_RISC1_0.  CPU_IS_PA_RISC returns correct
-	     results, however.  */
-	  if (CPU_IS_PA_RISC (cpu))
-	    {
-	      switch (cpu)
-		{
-		  case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
-		  case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
-		  case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
-		  default: puts ("hppa-hitachi-hiuxwe2"); break;
-		}
-	    }
-	  else if (CPU_IS_HP_MC68K (cpu))
-	    puts ("m68k-hitachi-hiuxwe2");
-	  else puts ("unknown-hitachi-hiuxwe2");
-	  exit (0);
-	}
-EOF
-	$CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` &&
-		{ echo "$SYSTEM_NAME"; exit; }
-	echo unknown-hitachi-hiuxwe2
-	exit ;;
-    9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
-	echo hppa1.1-hp-bsd
-	exit ;;
-    9000/8??:4.3bsd:*:*)
-	echo hppa1.0-hp-bsd
-	exit ;;
-    *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
-	echo hppa1.0-hp-mpeix
-	exit ;;
-    hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
-	echo hppa1.1-hp-osf
-	exit ;;
-    hp8??:OSF1:*:*)
-	echo hppa1.0-hp-osf
-	exit ;;
-    i*86:OSF1:*:*)
-	if [ -x /usr/sbin/sysversion ] ; then
-	    echo ${UNAME_MACHINE}-unknown-osf1mk
-	else
-	    echo ${UNAME_MACHINE}-unknown-osf1
-	fi
-	exit ;;
-    parisc*:Lites*:*:*)
-	echo hppa1.1-hp-lites
-	exit ;;
-    C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
-	echo c1-convex-bsd
-        exit ;;
-    C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
-	if getsysinfo -f scalar_acc
-	then echo c32-convex-bsd
-	else echo c2-convex-bsd
-	fi
-        exit ;;
-    C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
-	echo c34-convex-bsd
-        exit ;;
-    C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
-	echo c38-convex-bsd
-        exit ;;
-    C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
-	echo c4-convex-bsd
-        exit ;;
-    CRAY*Y-MP:*:*:*)
-	echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
-	exit ;;
-    CRAY*[A-Z]90:*:*:*)
-	echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
-	| sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
-	      -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
-	      -e 's/\.[^.]*$/.X/'
-	exit ;;
-    CRAY*TS:*:*:*)
-	echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
-	exit ;;
-    CRAY*T3E:*:*:*)
-	echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
-	exit ;;
-    CRAY*SV1:*:*:*)
-	echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
-	exit ;;
-    *:UNICOS/mp:*:*)
-	echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
-	exit ;;
-    F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
-	FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
-        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
-        FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
-        echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
-        exit ;;
-    5000:UNIX_System_V:4.*:*)
-        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
-        FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
-        echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
-	exit ;;
-    i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
-	echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
-	exit ;;
-    sparc*:BSD/OS:*:*)
-	echo sparc-unknown-bsdi${UNAME_RELEASE}
-	exit ;;
-    *:BSD/OS:*:*)
-	echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
-	exit ;;
-    *:FreeBSD:*:*)
-	case ${UNAME_MACHINE} in
-	    pc98)
-		echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
-	    amd64)
-		echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
-	    *)
-		echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
-	esac
-	exit ;;
-    i*:CYGWIN*:*)
-	echo ${UNAME_MACHINE}-pc-cygwin
-	exit ;;
-    i*:MINGW*:*)
-	echo ${UNAME_MACHINE}-pc-mingw32
-	exit ;;
-    i*:windows32*:*)
-    	# uname -m includes "-pc" on this system.
-    	echo ${UNAME_MACHINE}-mingw32
-	exit ;;
-    i*:PW*:*)
-	echo ${UNAME_MACHINE}-pc-pw32
-	exit ;;
-    x86:Interix*:[3456]*)
-	echo i586-pc-interix${UNAME_RELEASE}
-	exit ;;
-    EM64T:Interix*:[3456]*)
-	echo x86_64-unknown-interix${UNAME_RELEASE}
-	exit ;;
-    [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
-	echo i${UNAME_MACHINE}-pc-mks
-	exit ;;
-    i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
-	# How do we know it's Interix rather than the generic POSIX subsystem?
-	# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
-	# UNAME_MACHINE based on the output of uname instead of i386?
-	echo i586-pc-interix
-	exit ;;
-    i*:UWIN*:*)
-	echo ${UNAME_MACHINE}-pc-uwin
-	exit ;;
-    amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
-	echo x86_64-unknown-cygwin
-	exit ;;
-    p*:CYGWIN*:*)
-	echo powerpcle-unknown-cygwin
-	exit ;;
-    prep*:SunOS:5.*:*)
-	echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
-	exit ;;
-    *:GNU:*:*)
-	# the GNU system
-	echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
-	exit ;;
-    *:GNU/*:*:*)
-	# other systems with GNU libc and userland
-	echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu
-	exit ;;
-    i*86:Minix:*:*)
-	echo ${UNAME_MACHINE}-pc-minix
-	exit ;;
-    arm*:Linux:*:*)
-	echo ${UNAME_MACHINE}-unknown-linux-gnu
-	exit ;;
-    avr32*:Linux:*:*)
-	echo ${UNAME_MACHINE}-unknown-linux-gnu
-	exit ;;
-    cris:Linux:*:*)
-	echo cris-axis-linux-gnu
-	exit ;;
-    crisv32:Linux:*:*)
-	echo crisv32-axis-linux-gnu
-	exit ;;
-    frv:Linux:*:*)
-    	echo frv-unknown-linux-gnu
-	exit ;;
-    ia64:Linux:*:*)
-	echo ${UNAME_MACHINE}-unknown-linux-gnu
-	exit ;;
-    m32r*:Linux:*:*)
-	echo ${UNAME_MACHINE}-unknown-linux-gnu
-	exit ;;
-    m68*:Linux:*:*)
-	echo ${UNAME_MACHINE}-unknown-linux-gnu
-	exit ;;
-    mips:Linux:*:*)
-	eval $set_cc_for_build
-	sed 's/^	//' << EOF >$dummy.c
-	#undef CPU
-	#undef mips
-	#undef mipsel
-	#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
-	CPU=mipsel
-	#else
-	#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
-	CPU=mips
-	#else
-	CPU=
-	#endif
-	#endif
-EOF
-	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
-	    /^CPU/{
-		s: ::g
-		p
-	    }'`"
-	test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
-	;;
-    mips64:Linux:*:*)
-	eval $set_cc_for_build
-	sed 's/^	//' << EOF >$dummy.c
-	#undef CPU
-	#undef mips64
-	#undef mips64el
-	#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
-	CPU=mips64el
-	#else
-	#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
-	CPU=mips64
-	#else
-	CPU=
-	#endif
-	#endif
-EOF
-	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
-	    /^CPU/{
-		s: ::g
-		p
-	    }'`"
-	test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
-	;;
-    or32:Linux:*:*)
-	echo or32-unknown-linux-gnu
-	exit ;;
-    ppc:Linux:*:*)
-	echo powerpc-unknown-linux-gnu
-	exit ;;
-    ppc64:Linux:*:*)
-	echo powerpc64-unknown-linux-gnu
-	exit ;;
-    alpha:Linux:*:*)
-	case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
-	  EV5)   UNAME_MACHINE=alphaev5 ;;
-	  EV56)  UNAME_MACHINE=alphaev56 ;;
-	  PCA56) UNAME_MACHINE=alphapca56 ;;
-	  PCA57) UNAME_MACHINE=alphapca56 ;;
-	  EV6)   UNAME_MACHINE=alphaev6 ;;
-	  EV67)  UNAME_MACHINE=alphaev67 ;;
-	  EV68*) UNAME_MACHINE=alphaev68 ;;
-        esac
-	objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null
-	if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
-	echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
-	exit ;;
-    parisc:Linux:*:* | hppa:Linux:*:*)
-	# Look for CPU level
-	case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
-	  PA7*) echo hppa1.1-unknown-linux-gnu ;;
-	  PA8*) echo hppa2.0-unknown-linux-gnu ;;
-	  *)    echo hppa-unknown-linux-gnu ;;
-	esac
-	exit ;;
-    parisc64:Linux:*:* | hppa64:Linux:*:*)
-	echo hppa64-unknown-linux-gnu
-	exit ;;
-    s390:Linux:*:* | s390x:Linux:*:*)
-	echo ${UNAME_MACHINE}-ibm-linux
-	exit ;;
-    sh64*:Linux:*:*)
-    	echo ${UNAME_MACHINE}-unknown-linux-gnu
-	exit ;;
-    sh*:Linux:*:*)
-	echo ${UNAME_MACHINE}-unknown-linux-gnu
-	exit ;;
-    sparc:Linux:*:* | sparc64:Linux:*:*)
-	echo ${UNAME_MACHINE}-unknown-linux-gnu
-	exit ;;
-    vax:Linux:*:*)
-	echo ${UNAME_MACHINE}-dec-linux-gnu
-	exit ;;
-    x86_64:Linux:*:*)
-	echo x86_64-unknown-linux-gnu
-	exit ;;
-    i*86:Linux:*:*)
-	# The BFD linker knows what the default object file format is, so
-	# first see if it will tell us. cd to the root directory to prevent
-	# problems with other programs or directories called `ld' in the path.
-	# Set LC_ALL=C to ensure ld outputs messages in English.
-	ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \
-			 | sed -ne '/supported targets:/!d
-				    s/[ 	][ 	]*/ /g
-				    s/.*supported targets: *//
-				    s/ .*//
-				    p'`
-        case "$ld_supported_targets" in
-	  elf32-i386)
-		TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu"
-		;;
-	  a.out-i386-linux)
-		echo "${UNAME_MACHINE}-pc-linux-gnuaout"
-		exit ;;
-	  coff-i386)
-		echo "${UNAME_MACHINE}-pc-linux-gnucoff"
-		exit ;;
-	  "")
-		# Either a pre-BFD a.out linker (linux-gnuoldld) or
-		# one that does not give us useful --help.
-		echo "${UNAME_MACHINE}-pc-linux-gnuoldld"
-		exit ;;
-	esac
-	# Determine whether the default compiler is a.out or elf
-	eval $set_cc_for_build
-	sed 's/^	//' << EOF >$dummy.c
-	#include <features.h>
-	#ifdef __ELF__
-	# ifdef __GLIBC__
-	#  if __GLIBC__ >= 2
-	LIBC=gnu
-	#  else
-	LIBC=gnulibc1
-	#  endif
-	# else
-	LIBC=gnulibc1
-	# endif
-	#else
-	#if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__SUNPRO_C) || defined(__SUNPRO_CC)
-	LIBC=gnu
-	#else
-	LIBC=gnuaout
-	#endif
-	#endif
-	#ifdef __dietlibc__
-	LIBC=dietlibc
-	#endif
-EOF
-	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
-	    /^LIBC/{
-		s: ::g
-		p
-	    }'`"
-	test x"${LIBC}" != x && {
-		echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
-		exit
-	}
-	test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; }
-	;;
-    i*86:DYNIX/ptx:4*:*)
-	# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
-	# earlier versions are messed up and put the nodename in both
-	# sysname and nodename.
-	echo i386-sequent-sysv4
-	exit ;;
-    i*86:UNIX_SV:4.2MP:2.*)
-        # Unixware is an offshoot of SVR4, but it has its own version
-        # number series starting with 2...
-        # I am not positive that other SVR4 systems won't match this,
-	# I just have to hope.  -- rms.
-        # Use sysv4.2uw... so that sysv4* matches it.
-	echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
-	exit ;;
-    i*86:OS/2:*:*)
-	# If we were able to find `uname', then EMX Unix compatibility
-	# is probably installed.
-	echo ${UNAME_MACHINE}-pc-os2-emx
-	exit ;;
-    i*86:XTS-300:*:STOP)
-	echo ${UNAME_MACHINE}-unknown-stop
-	exit ;;
-    i*86:atheos:*:*)
-	echo ${UNAME_MACHINE}-unknown-atheos
-	exit ;;
-    i*86:syllable:*:*)
-	echo ${UNAME_MACHINE}-pc-syllable
-	exit ;;
-    i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*)
-	echo i386-unknown-lynxos${UNAME_RELEASE}
-	exit ;;
-    i*86:*DOS:*:*)
-	echo ${UNAME_MACHINE}-pc-msdosdjgpp
-	exit ;;
-    i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
-	UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
-	if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
-		echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
-	else
-		echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
-	fi
-	exit ;;
-    i*86:*:5:[678]*)
-    	# UnixWare 7.x, OpenUNIX and OpenServer 6.
-	case `/bin/uname -X | grep "^Machine"` in
-	    *486*)	     UNAME_MACHINE=i486 ;;
-	    *Pentium)	     UNAME_MACHINE=i586 ;;
-	    *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
-	esac
-	echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
-	exit ;;
-    i*86:*:3.2:*)
-	if test -f /usr/options/cb.name; then
-		UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
-		echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
-	elif /bin/uname -X 2>/dev/null >/dev/null ; then
-		UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
-		(/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
-		(/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
-			&& UNAME_MACHINE=i586
-		(/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \
-			&& UNAME_MACHINE=i686
-		(/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
-			&& UNAME_MACHINE=i686
-		echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
-	else
-		echo ${UNAME_MACHINE}-pc-sysv32
-	fi
-	exit ;;
-    pc:*:*:*)
-	# Left here for compatibility:
-        # uname -m prints for DJGPP always 'pc', but it prints nothing about
-        # the processor, so we play safe by assuming i386.
-	echo i386-pc-msdosdjgpp
-        exit ;;
-    Intel:Mach:3*:*)
-	echo i386-pc-mach3
-	exit ;;
-    paragon:*:*:*)
-	echo i860-intel-osf1
-	exit ;;
-    i860:*:4.*:*) # i860-SVR4
-	if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
-	  echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
-	else # Add other i860-SVR4 vendors below as they are discovered.
-	  echo i860-unknown-sysv${UNAME_RELEASE}  # Unknown i860-SVR4
-	fi
-	exit ;;
-    mini*:CTIX:SYS*5:*)
-	# "miniframe"
-	echo m68010-convergent-sysv
-	exit ;;
-    mc68k:UNIX:SYSTEM5:3.51m)
-	echo m68k-convergent-sysv
-	exit ;;
-    M680?0:D-NIX:5.3:*)
-	echo m68k-diab-dnix
-	exit ;;
-    M68*:*:R3V[5678]*:*)
-	test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
-    3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
-	OS_REL=''
-	test -r /etc/.relid \
-	&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
-	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
-	  && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
-	/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
-	  && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
-    3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
-        /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
-          && { echo i486-ncr-sysv4; exit; } ;;
-    m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
-	echo m68k-unknown-lynxos${UNAME_RELEASE}
-	exit ;;
-    mc68030:UNIX_System_V:4.*:*)
-	echo m68k-atari-sysv4
-	exit ;;
-    TSUNAMI:LynxOS:2.*:*)
-	echo sparc-unknown-lynxos${UNAME_RELEASE}
-	exit ;;
-    rs6000:LynxOS:2.*:*)
-	echo rs6000-unknown-lynxos${UNAME_RELEASE}
-	exit ;;
-    PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*)
-	echo powerpc-unknown-lynxos${UNAME_RELEASE}
-	exit ;;
-    SM[BE]S:UNIX_SV:*:*)
-	echo mips-dde-sysv${UNAME_RELEASE}
-	exit ;;
-    RM*:ReliantUNIX-*:*:*)
-	echo mips-sni-sysv4
-	exit ;;
-    RM*:SINIX-*:*:*)
-	echo mips-sni-sysv4
-	exit ;;
-    *:SINIX-*:*:*)
-	if uname -p 2>/dev/null >/dev/null ; then
-		UNAME_MACHINE=`(uname -p) 2>/dev/null`
-		echo ${UNAME_MACHINE}-sni-sysv4
-	else
-		echo ns32k-sni-sysv
-	fi
-	exit ;;
-    PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
-                      # says <Richard.M.Bartel@ccMail.Census.GOV>
-        echo i586-unisys-sysv4
-        exit ;;
-    *:UNIX_System_V:4*:FTX*)
-	# From Gerald Hewes <hewes@openmarket.com>.
-	# How about differentiating between stratus architectures? -djm
-	echo hppa1.1-stratus-sysv4
-	exit ;;
-    *:*:*:FTX*)
-	# From seanf@swdc.stratus.com.
-	echo i860-stratus-sysv4
-	exit ;;
-    i*86:VOS:*:*)
-	# From Paul.Green@stratus.com.
-	echo ${UNAME_MACHINE}-stratus-vos
-	exit ;;
-    *:VOS:*:*)
-	# From Paul.Green@stratus.com.
-	echo hppa1.1-stratus-vos
-	exit ;;
-    mc68*:A/UX:*:*)
-	echo m68k-apple-aux${UNAME_RELEASE}
-	exit ;;
-    news*:NEWS-OS:6*:*)
-	echo mips-sony-newsos6
-	exit ;;
-    R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
-	if [ -d /usr/nec ]; then
-	        echo mips-nec-sysv${UNAME_RELEASE}
-	else
-	        echo mips-unknown-sysv${UNAME_RELEASE}
-	fi
-        exit ;;
-    BeBox:BeOS:*:*)	# BeOS running on hardware made by Be, PPC only.
-	echo powerpc-be-beos
-	exit ;;
-    BeMac:BeOS:*:*)	# BeOS running on Mac or Mac clone, PPC only.
-	echo powerpc-apple-beos
-	exit ;;
-    BePC:BeOS:*:*)	# BeOS running on Intel PC compatible.
-	echo i586-pc-beos
-	exit ;;
-    SX-4:SUPER-UX:*:*)
-	echo sx4-nec-superux${UNAME_RELEASE}
-	exit ;;
-    SX-5:SUPER-UX:*:*)
-	echo sx5-nec-superux${UNAME_RELEASE}
-	exit ;;
-    SX-6:SUPER-UX:*:*)
-	echo sx6-nec-superux${UNAME_RELEASE}
-	exit ;;
-    Power*:Rhapsody:*:*)
-	echo powerpc-apple-rhapsody${UNAME_RELEASE}
-	exit ;;
-    *:Rhapsody:*:*)
-	echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
-	exit ;;
-    *:Darwin:*:*)
-	UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
-	case $UNAME_PROCESSOR in
-	    unknown) UNAME_PROCESSOR=powerpc ;;
-	esac
-	echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
-	exit ;;
-    *:procnto*:*:* | *:QNX:[0123456789]*:*)
-	UNAME_PROCESSOR=`uname -p`
-	if test "$UNAME_PROCESSOR" = "x86"; then
-		UNAME_PROCESSOR=i386
-		UNAME_MACHINE=pc
-	fi
-	echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
-	exit ;;
-    *:QNX:*:4*)
-	echo i386-pc-qnx
-	exit ;;
-    NSE-?:NONSTOP_KERNEL:*:*)
-	echo nse-tandem-nsk${UNAME_RELEASE}
-	exit ;;
-    NSR-?:NONSTOP_KERNEL:*:*)
-	echo nsr-tandem-nsk${UNAME_RELEASE}
-	exit ;;
-    *:NonStop-UX:*:*)
-	echo mips-compaq-nonstopux
-	exit ;;
-    BS2000:POSIX*:*:*)
-	echo bs2000-siemens-sysv
-	exit ;;
-    DS/*:UNIX_System_V:*:*)
-	echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
-	exit ;;
-    *:Plan9:*:*)
-	# "uname -m" is not consistent, so use $cputype instead. 386
-	# is converted to i386 for consistency with other x86
-	# operating systems.
-	if test "$cputype" = "386"; then
-	    UNAME_MACHINE=i386
-	else
-	    UNAME_MACHINE="$cputype"
-	fi
-	echo ${UNAME_MACHINE}-unknown-plan9
-	exit ;;
-    *:TOPS-10:*:*)
-	echo pdp10-unknown-tops10
-	exit ;;
-    *:TENEX:*:*)
-	echo pdp10-unknown-tenex
-	exit ;;
-    KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
-	echo pdp10-dec-tops20
-	exit ;;
-    XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
-	echo pdp10-xkl-tops20
-	exit ;;
-    *:TOPS-20:*:*)
-	echo pdp10-unknown-tops20
-	exit ;;
-    *:ITS:*:*)
-	echo pdp10-unknown-its
-	exit ;;
-    SEI:*:*:SEIUX)
-        echo mips-sei-seiux${UNAME_RELEASE}
-	exit ;;
-    *:DragonFly:*:*)
-	echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
-	exit ;;
-    *:*VMS:*:*)
-    	UNAME_MACHINE=`(uname -p) 2>/dev/null`
-	case "${UNAME_MACHINE}" in
-	    A*) echo alpha-dec-vms ; exit ;;
-	    I*) echo ia64-dec-vms ; exit ;;
-	    V*) echo vax-dec-vms ; exit ;;
-	esac ;;
-    *:XENIX:*:SysV)
-	echo i386-pc-xenix
-	exit ;;
-    i*86:skyos:*:*)
-	echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
-	exit ;;
-    i*86:rdos:*:*)
-	echo ${UNAME_MACHINE}-pc-rdos
-	exit ;;
-esac
-
-#echo '(No uname command or uname output not recognized.)' 1>&2
-#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
-
-eval $set_cc_for_build
-cat >$dummy.c <<EOF
-#ifdef _SEQUENT_
-# include <sys/types.h>
-# include <sys/utsname.h>
-#endif
-main ()
-{
-#if defined (sony)
-#if defined (MIPSEB)
-  /* BFD wants "bsd" instead of "newsos".  Perhaps BFD should be changed,
-     I don't know....  */
-  printf ("mips-sony-bsd\n"); exit (0);
-#else
-#include <sys/param.h>
-  printf ("m68k-sony-newsos%s\n",
-#ifdef NEWSOS4
-          "4"
-#else
-	  ""
-#endif
-         ); exit (0);
-#endif
-#endif
-
-#if defined (__arm) && defined (__acorn) && defined (__unix)
-  printf ("arm-acorn-riscix\n"); exit (0);
-#endif
-
-#if defined (hp300) && !defined (hpux)
-  printf ("m68k-hp-bsd\n"); exit (0);
-#endif
-
-#if defined (NeXT)
-#if !defined (__ARCHITECTURE__)
-#define __ARCHITECTURE__ "m68k"
-#endif
-  int version;
-  version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
-  if (version < 4)
-    printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
-  else
-    printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
-  exit (0);
-#endif
-
-#if defined (MULTIMAX) || defined (n16)
-#if defined (UMAXV)
-  printf ("ns32k-encore-sysv\n"); exit (0);
-#else
-#if defined (CMU)
-  printf ("ns32k-encore-mach\n"); exit (0);
-#else
-  printf ("ns32k-encore-bsd\n"); exit (0);
-#endif
-#endif
-#endif
-
-#if defined (__386BSD__)
-  printf ("i386-pc-bsd\n"); exit (0);
-#endif
-
-#if defined (sequent)
-#if defined (i386)
-  printf ("i386-sequent-dynix\n"); exit (0);
-#endif
-#if defined (ns32000)
-  printf ("ns32k-sequent-dynix\n"); exit (0);
-#endif
-#endif
-
-#if defined (_SEQUENT_)
-    struct utsname un;
-
-    uname(&un);
-
-    if (strncmp(un.version, "V2", 2) == 0) {
-	printf ("i386-sequent-ptx2\n"); exit (0);
-    }
-    if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
-	printf ("i386-sequent-ptx1\n"); exit (0);
-    }
-    printf ("i386-sequent-ptx\n"); exit (0);
-
-#endif
-
-#if defined (vax)
-# if !defined (ultrix)
-#  include <sys/param.h>
-#  if defined (BSD)
-#   if BSD == 43
-      printf ("vax-dec-bsd4.3\n"); exit (0);
-#   else
-#    if BSD == 199006
-      printf ("vax-dec-bsd4.3reno\n"); exit (0);
-#    else
-      printf ("vax-dec-bsd\n"); exit (0);
-#    endif
-#   endif
-#  else
-    printf ("vax-dec-bsd\n"); exit (0);
-#  endif
-# else
-    printf ("vax-dec-ultrix\n"); exit (0);
-# endif
-#endif
-
-#if defined (alliant) && defined (i860)
-  printf ("i860-alliant-bsd\n"); exit (0);
-#endif
-
-  exit (1);
-}
-EOF
-
-$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
-	{ echo "$SYSTEM_NAME"; exit; }
-
-# Apollos put the system type in the environment.
-
-test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
-
-# Convex versions that predate uname can use getsysinfo(1)
-
-if [ -x /usr/convex/getsysinfo ]
-then
-    case `getsysinfo -f cpu_type` in
-    c1*)
-	echo c1-convex-bsd
-	exit ;;
-    c2*)
-	if getsysinfo -f scalar_acc
-	then echo c32-convex-bsd
-	else echo c2-convex-bsd
-	fi
-	exit ;;
-    c34*)
-	echo c34-convex-bsd
-	exit ;;
-    c38*)
-	echo c38-convex-bsd
-	exit ;;
-    c4*)
-	echo c4-convex-bsd
-	exit ;;
-    esac
-fi
-
-cat >&2 <<EOF
-$0: unable to guess system type
-
-This script, last modified $timestamp, has failed to recognize
-the operating system you are using. It is advised that you
-download the most up to date version of the config scripts from
-
-  http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess
-and
-  http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub
-
-If the version you run ($0) is already up to date, please
-send the following data and any information you think might be
-pertinent to <config-patches@gnu.org> in order to provide the needed
-information to handle your system.
-
-config.guess timestamp = $timestamp
-
-uname -m = `(uname -m) 2>/dev/null || echo unknown`
-uname -r = `(uname -r) 2>/dev/null || echo unknown`
-uname -s = `(uname -s) 2>/dev/null || echo unknown`
-uname -v = `(uname -v) 2>/dev/null || echo unknown`
-
-/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
-/bin/uname -X     = `(/bin/uname -X) 2>/dev/null`
-
-hostinfo               = `(hostinfo) 2>/dev/null`
-/bin/universe          = `(/bin/universe) 2>/dev/null`
-/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null`
-/bin/arch              = `(/bin/arch) 2>/dev/null`
-/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null`
-/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
-
-UNAME_MACHINE = ${UNAME_MACHINE}
-UNAME_RELEASE = ${UNAME_RELEASE}
-UNAME_SYSTEM  = ${UNAME_SYSTEM}
-UNAME_VERSION = ${UNAME_VERSION}
-EOF
-
-exit 1
-
-# Local variables:
-# eval: (add-hook 'write-file-hooks 'time-stamp)
-# time-stamp-start: "timestamp='"
-# time-stamp-format: "%:y-%02m-%02d"
-# time-stamp-end: "'"
-# End:
diff --git a/crypto/heimdal/config.sub b/crypto/heimdal/config.sub
deleted file mode 100755
index fab0aa355663..000000000000
--- a/crypto/heimdal/config.sub
+++ /dev/null
@@ -1,1616 +0,0 @@
-#! /bin/sh
-# Configuration validation subroutine script.
-#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
-#   2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation,
-#   Inc.
-
-timestamp='2006-09-20'
-
-# This file is (in principle) common to ALL GNU software.
-# The presence of a machine in this file suggests that SOME GNU software
-# can handle that machine.  It does not imply ALL GNU software can.
-#
-# This file is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
-# 02110-1301, USA.
-#
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-
-# Please send patches to <config-patches@gnu.org>.  Submit a context
-# diff and a properly formatted ChangeLog entry.
-#
-# Configuration subroutine to validate and canonicalize a configuration type.
-# Supply the specified configuration type as an argument.
-# If it is invalid, we print an error message on stderr and exit with code 1.
-# Otherwise, we print the canonical config type on stdout and succeed.
-
-# This file is supposed to be the same for all GNU packages
-# and recognize all the CPU types, system types and aliases
-# that are meaningful with *any* GNU software.
-# Each package is responsible for reporting which valid configurations
-# it does not support.  The user should be able to distinguish
-# a failure to support a valid configuration from a meaningless
-# configuration.
-
-# The goal of this file is to map all the various variations of a given
-# machine specification into a single specification in the form:
-#	CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
-# or in some cases, the newer four-part form:
-#	CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
-# It is wrong to echo any other type of specification.
-
-me=`echo "$0" | sed -e 's,.*/,,'`
-
-usage="\
-Usage: $0 [OPTION] CPU-MFR-OPSYS
-       $0 [OPTION] ALIAS
-
-Canonicalize a configuration name.
-
-Operation modes:
-  -h, --help         print this help, then exit
-  -t, --time-stamp   print date of last modification, then exit
-  -v, --version      print version number, then exit
-
-Report bugs and patches to <config-patches@gnu.org>."
-
-version="\
-GNU config.sub ($timestamp)
-
-Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
-Free Software Foundation, Inc.
-
-This is free software; see the source for copying conditions.  There is NO
-warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
-
-help="
-Try \`$me --help' for more information."
-
-# Parse command line
-while test $# -gt 0 ; do
-  case $1 in
-    --time-stamp | --time* | -t )
-       echo "$timestamp" ; exit ;;
-    --version | -v )
-       echo "$version" ; exit ;;
-    --help | --h* | -h )
-       echo "$usage"; exit ;;
-    -- )     # Stop option processing
-       shift; break ;;
-    - )	# Use stdin as input.
-       break ;;
-    -* )
-       echo "$me: invalid option $1$help"
-       exit 1 ;;
-
-    *local*)
-       # First pass through any local machine types.
-       echo $1
-       exit ;;
-
-    * )
-       break ;;
-  esac
-done
-
-case $# in
- 0) echo "$me: missing argument$help" >&2
-    exit 1;;
- 1) ;;
- *) echo "$me: too many arguments$help" >&2
-    exit 1;;
-esac
-
-# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
-# Here we must recognize all the valid KERNEL-OS combinations.
-maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
-case $maybe_os in
-  nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \
-  uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \
-  storm-chaos* | os2-emx* | rtmk-nova*)
-    os=-$maybe_os
-    basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
-    ;;
-  *)
-    basic_machine=`echo $1 | sed 's/-[^-]*$//'`
-    if [ $basic_machine != $1 ]
-    then os=`echo $1 | sed 's/.*-/-/'`
-    else os=; fi
-    ;;
-esac
-
-### Let's recognize common machines as not being operating systems so
-### that things like config.sub decstation-3100 work.  We also
-### recognize some manufacturers as not being operating systems, so we
-### can provide default operating systems below.
-case $os in
-	-sun*os*)
-		# Prevent following clause from handling this invalid input.
-		;;
-	-dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
-	-att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
-	-unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
-	-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
-	-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
-	-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
-	-apple | -axis | -knuth | -cray)
-		os=
-		basic_machine=$1
-		;;
-	-sim | -cisco | -oki | -wec | -winbond)
-		os=
-		basic_machine=$1
-		;;
-	-scout)
-		;;
-	-wrs)
-		os=-vxworks
-		basic_machine=$1
-		;;
-	-chorusos*)
-		os=-chorusos
-		basic_machine=$1
-		;;
- 	-chorusrdb)
- 		os=-chorusrdb
-		basic_machine=$1
- 		;;
-	-hiux*)
-		os=-hiuxwe2
-		;;
-	-sco6)
-		os=-sco5v6
-		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
-		;;
-	-sco5)
-		os=-sco3.2v5
-		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
-		;;
-	-sco4)
-		os=-sco3.2v4
-		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
-		;;
-	-sco3.2.[4-9]*)
-		os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
-		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
-		;;
-	-sco3.2v[4-9]*)
-		# Don't forget version if it is 3.2v4 or newer.
-		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
-		;;
-	-sco5v6*)
-		# Don't forget version if it is 3.2v4 or newer.
-		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
-		;;
-	-sco*)
-		os=-sco3.2v2
-		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
-		;;
-	-udk*)
-		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
-		;;
-	-isc)
-		os=-isc2.2
-		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
-		;;
-	-clix*)
-		basic_machine=clipper-intergraph
-		;;
-	-isc*)
-		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
-		;;
-	-lynx*)
-		os=-lynxos
-		;;
-	-ptx*)
-		basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
-		;;
-	-windowsnt*)
-		os=`echo $os | sed -e 's/windowsnt/winnt/'`
-		;;
-	-psos*)
-		os=-psos
-		;;
-	-mint | -mint[0-9]*)
-		basic_machine=m68k-atari
-		os=-mint
-		;;
-esac
-
-# Decode aliases for certain CPU-COMPANY combinations.
-case $basic_machine in
-	# Recognize the basic CPU types without company name.
-	# Some are omitted here because they have special meanings below.
-	1750a | 580 \
-	| a29k \
-	| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
-	| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
-	| am33_2.0 \
-	| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \
-	| bfin \
-	| c4x | clipper \
-	| d10v | d30v | dlx | dsp16xx \
-	| fr30 | frv \
-	| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
-	| i370 | i860 | i960 | ia64 \
-	| ip2k | iq2000 \
-	| m32c | m32r | m32rle | m68000 | m68k | m88k \
-	| maxq | mb | microblaze | mcore \
-	| mips | mipsbe | mipseb | mipsel | mipsle \
-	| mips16 \
-	| mips64 | mips64el \
-	| mips64vr | mips64vrel \
-	| mips64orion | mips64orionel \
-	| mips64vr4100 | mips64vr4100el \
-	| mips64vr4300 | mips64vr4300el \
-	| mips64vr5000 | mips64vr5000el \
-	| mips64vr5900 | mips64vr5900el \
-	| mipsisa32 | mipsisa32el \
-	| mipsisa32r2 | mipsisa32r2el \
-	| mipsisa64 | mipsisa64el \
-	| mipsisa64r2 | mipsisa64r2el \
-	| mipsisa64sb1 | mipsisa64sb1el \
-	| mipsisa64sr71k | mipsisa64sr71kel \
-	| mipstx39 | mipstx39el \
-	| mn10200 | mn10300 \
-	| mt \
-	| msp430 \
-	| nios | nios2 \
-	| ns16k | ns32k \
-	| or32 \
-	| pdp10 | pdp11 | pj | pjl \
-	| powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
-	| pyramid \
-	| score \
-	| sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
-	| sh64 | sh64le \
-	| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
-	| sparcv8 | sparcv9 | sparcv9b | sparcv9v \
-	| spu | strongarm \
-	| tahoe | thumb | tic4x | tic80 | tron \
-	| v850 | v850e \
-	| we32k \
-	| x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \
-	| z8k)
-		basic_machine=$basic_machine-unknown
-		;;
-	m6811 | m68hc11 | m6812 | m68hc12)
-		# Motorola 68HC11/12.
-		basic_machine=$basic_machine-unknown
-		os=-none
-		;;
-	m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
-		;;
-	ms1)
-		basic_machine=mt-unknown
-		;;
-
-	# We use `pc' rather than `unknown'
-	# because (1) that's what they normally are, and
-	# (2) the word "unknown" tends to confuse beginning users.
-	i*86 | x86_64)
-	  basic_machine=$basic_machine-pc
-	  ;;
-	# Object if more than one company name word.
-	*-*-*)
-		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
-		exit 1
-		;;
-	# Recognize the basic CPU types with company name.
-	580-* \
-	| a29k-* \
-	| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
-	| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
-	| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
-	| arm-*  | armbe-* | armle-* | armeb-* | armv*-* \
-	| avr-* | avr32-* \
-	| bfin-* | bs2000-* \
-	| c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
-	| clipper-* | craynv-* | cydra-* \
-	| d10v-* | d30v-* | dlx-* \
-	| elxsi-* \
-	| f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \
-	| h8300-* | h8500-* \
-	| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
-	| i*86-* | i860-* | i960-* | ia64-* \
-	| ip2k-* | iq2000-* \
-	| m32c-* | m32r-* | m32rle-* \
-	| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
-	| m88110-* | m88k-* | maxq-* | mcore-* \
-	| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
-	| mips16-* \
-	| mips64-* | mips64el-* \
-	| mips64vr-* | mips64vrel-* \
-	| mips64orion-* | mips64orionel-* \
-	| mips64vr4100-* | mips64vr4100el-* \
-	| mips64vr4300-* | mips64vr4300el-* \
-	| mips64vr5000-* | mips64vr5000el-* \
-	| mips64vr5900-* | mips64vr5900el-* \
-	| mipsisa32-* | mipsisa32el-* \
-	| mipsisa32r2-* | mipsisa32r2el-* \
-	| mipsisa64-* | mipsisa64el-* \
-	| mipsisa64r2-* | mipsisa64r2el-* \
-	| mipsisa64sb1-* | mipsisa64sb1el-* \
-	| mipsisa64sr71k-* | mipsisa64sr71kel-* \
-	| mipstx39-* | mipstx39el-* \
-	| mmix-* \
-	| mt-* \
-	| msp430-* \
-	| nios-* | nios2-* \
-	| none-* | np1-* | ns16k-* | ns32k-* \
-	| orion-* \
-	| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
-	| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
-	| pyramid-* \
-	| romp-* | rs6000-* \
-	| sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
-	| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
-	| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
-	| sparclite-* \
-	| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \
-	| tahoe-* | thumb-* \
-	| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
-	| tron-* \
-	| v850-* | v850e-* | vax-* \
-	| we32k-* \
-	| x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \
-	| xstormy16-* | xtensa-* \
-	| ymp-* \
-	| z8k-*)
-		;;
-	# Recognize the various machine names and aliases which stand
-	# for a CPU type and a company and sometimes even an OS.
-	386bsd)
-		basic_machine=i386-unknown
-		os=-bsd
-		;;
-	3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
-		basic_machine=m68000-att
-		;;
-	3b*)
-		basic_machine=we32k-att
-		;;
-	a29khif)
-		basic_machine=a29k-amd
-		os=-udi
-		;;
-    	abacus)
-		basic_machine=abacus-unknown
-		;;
-	adobe68k)
-		basic_machine=m68010-adobe
-		os=-scout
-		;;
-	alliant | fx80)
-		basic_machine=fx80-alliant
-		;;
-	altos | altos3068)
-		basic_machine=m68k-altos
-		;;
-	am29k)
-		basic_machine=a29k-none
-		os=-bsd
-		;;
-	amd64)
-		basic_machine=x86_64-pc
-		;;
-	amd64-*)
-		basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'`
-		;;
-	amdahl)
-		basic_machine=580-amdahl
-		os=-sysv
-		;;
-	amiga | amiga-*)
-		basic_machine=m68k-unknown
-		;;
-	amigaos | amigados)
-		basic_machine=m68k-unknown
-		os=-amigaos
-		;;
-	amigaunix | amix)
-		basic_machine=m68k-unknown
-		os=-sysv4
-		;;
-	apollo68)
-		basic_machine=m68k-apollo
-		os=-sysv
-		;;
-	apollo68bsd)
-		basic_machine=m68k-apollo
-		os=-bsd
-		;;
-	aux)
-		basic_machine=m68k-apple
-		os=-aux
-		;;
-	balance)
-		basic_machine=ns32k-sequent
-		os=-dynix
-		;;
-	c90)
-		basic_machine=c90-cray
-		os=-unicos
-		;;
-	convex-c1)
-		basic_machine=c1-convex
-		os=-bsd
-		;;
-	convex-c2)
-		basic_machine=c2-convex
-		os=-bsd
-		;;
-	convex-c32)
-		basic_machine=c32-convex
-		os=-bsd
-		;;
-	convex-c34)
-		basic_machine=c34-convex
-		os=-bsd
-		;;
-	convex-c38)
-		basic_machine=c38-convex
-		os=-bsd
-		;;
-	cray | j90)
-		basic_machine=j90-cray
-		os=-unicos
-		;;
-	craynv)
-		basic_machine=craynv-cray
-		os=-unicosmp
-		;;
-	cr16c)
-		basic_machine=cr16c-unknown
-		os=-elf
-		;;
-	crds | unos)
-		basic_machine=m68k-crds
-		;;
-	crisv32 | crisv32-* | etraxfs*)
-		basic_machine=crisv32-axis
-		;;
-	cris | cris-* | etrax*)
-		basic_machine=cris-axis
-		;;
-	crx)
-		basic_machine=crx-unknown
-		os=-elf
-		;;
-	da30 | da30-*)
-		basic_machine=m68k-da30
-		;;
-	decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
-		basic_machine=mips-dec
-		;;
-	decsystem10* | dec10*)
-		basic_machine=pdp10-dec
-		os=-tops10
-		;;
-	decsystem20* | dec20*)
-		basic_machine=pdp10-dec
-		os=-tops20
-		;;
-	delta | 3300 | motorola-3300 | motorola-delta \
-	      | 3300-motorola | delta-motorola)
-		basic_machine=m68k-motorola
-		;;
-	delta88)
-		basic_machine=m88k-motorola
-		os=-sysv3
-		;;
-	djgpp)
-		basic_machine=i586-pc
-		os=-msdosdjgpp
-		;;
-	dpx20 | dpx20-*)
-		basic_machine=rs6000-bull
-		os=-bosx
-		;;
-	dpx2* | dpx2*-bull)
-		basic_machine=m68k-bull
-		os=-sysv3
-		;;
-	ebmon29k)
-		basic_machine=a29k-amd
-		os=-ebmon
-		;;
-	elxsi)
-		basic_machine=elxsi-elxsi
-		os=-bsd
-		;;
-	encore | umax | mmax)
-		basic_machine=ns32k-encore
-		;;
-	es1800 | OSE68k | ose68k | ose | OSE)
-		basic_machine=m68k-ericsson
-		os=-ose
-		;;
-	fx2800)
-		basic_machine=i860-alliant
-		;;
-	genix)
-		basic_machine=ns32k-ns
-		;;
-	gmicro)
-		basic_machine=tron-gmicro
-		os=-sysv
-		;;
-	go32)
-		basic_machine=i386-pc
-		os=-go32
-		;;
-	h3050r* | hiux*)
-		basic_machine=hppa1.1-hitachi
-		os=-hiuxwe2
-		;;
-	h8300hms)
-		basic_machine=h8300-hitachi
-		os=-hms
-		;;
-	h8300xray)
-		basic_machine=h8300-hitachi
-		os=-xray
-		;;
-	h8500hms)
-		basic_machine=h8500-hitachi
-		os=-hms
-		;;
-	harris)
-		basic_machine=m88k-harris
-		os=-sysv3
-		;;
-	hp300-*)
-		basic_machine=m68k-hp
-		;;
-	hp300bsd)
-		basic_machine=m68k-hp
-		os=-bsd
-		;;
-	hp300hpux)
-		basic_machine=m68k-hp
-		os=-hpux
-		;;
-	hp3k9[0-9][0-9] | hp9[0-9][0-9])
-		basic_machine=hppa1.0-hp
-		;;
-	hp9k2[0-9][0-9] | hp9k31[0-9])
-		basic_machine=m68000-hp
-		;;
-	hp9k3[2-9][0-9])
-		basic_machine=m68k-hp
-		;;
-	hp9k6[0-9][0-9] | hp6[0-9][0-9])
-		basic_machine=hppa1.0-hp
-		;;
-	hp9k7[0-79][0-9] | hp7[0-79][0-9])
-		basic_machine=hppa1.1-hp
-		;;
-	hp9k78[0-9] | hp78[0-9])
-		# FIXME: really hppa2.0-hp
-		basic_machine=hppa1.1-hp
-		;;
-	hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
-		# FIXME: really hppa2.0-hp
-		basic_machine=hppa1.1-hp
-		;;
-	hp9k8[0-9][13679] | hp8[0-9][13679])
-		basic_machine=hppa1.1-hp
-		;;
-	hp9k8[0-9][0-9] | hp8[0-9][0-9])
-		basic_machine=hppa1.0-hp
-		;;
-	hppa-next)
-		os=-nextstep3
-		;;
-	hppaosf)
-		basic_machine=hppa1.1-hp
-		os=-osf
-		;;
-	hppro)
-		basic_machine=hppa1.1-hp
-		os=-proelf
-		;;
-	i370-ibm* | ibm*)
-		basic_machine=i370-ibm
-		;;
-# I'm not sure what "Sysv32" means.  Should this be sysv3.2?
-	i*86v32)
-		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
-		os=-sysv32
-		;;
-	i*86v4*)
-		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
-		os=-sysv4
-		;;
-	i*86v)
-		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
-		os=-sysv
-		;;
-	i*86sol2)
-		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
-		os=-solaris2
-		;;
-	i386mach)
-		basic_machine=i386-mach
-		os=-mach
-		;;
-	i386-vsta | vsta)
-		basic_machine=i386-unknown
-		os=-vsta
-		;;
-	iris | iris4d)
-		basic_machine=mips-sgi
-		case $os in
-		    -irix*)
-			;;
-		    *)
-			os=-irix4
-			;;
-		esac
-		;;
-	isi68 | isi)
-		basic_machine=m68k-isi
-		os=-sysv
-		;;
-	m88k-omron*)
-		basic_machine=m88k-omron
-		;;
-	magnum | m3230)
-		basic_machine=mips-mips
-		os=-sysv
-		;;
-	merlin)
-		basic_machine=ns32k-utek
-		os=-sysv
-		;;
-	mingw32)
-		basic_machine=i386-pc
-		os=-mingw32
-		;;
-	miniframe)
-		basic_machine=m68000-convergent
-		;;
-	*mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
-		basic_machine=m68k-atari
-		os=-mint
-		;;
-	mips3*-*)
-		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
-		;;
-	mips3*)
-		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
-		;;
-	monitor)
-		basic_machine=m68k-rom68k
-		os=-coff
-		;;
-	morphos)
-		basic_machine=powerpc-unknown
-		os=-morphos
-		;;
-	msdos)
-		basic_machine=i386-pc
-		os=-msdos
-		;;
-	ms1-*)
-		basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
-		;;
-	mvs)
-		basic_machine=i370-ibm
-		os=-mvs
-		;;
-	ncr3000)
-		basic_machine=i486-ncr
-		os=-sysv4
-		;;
-	netbsd386)
-		basic_machine=i386-unknown
-		os=-netbsd
-		;;
-	netwinder)
-		basic_machine=armv4l-rebel
-		os=-linux
-		;;
-	news | news700 | news800 | news900)
-		basic_machine=m68k-sony
-		os=-newsos
-		;;
-	news1000)
-		basic_machine=m68030-sony
-		os=-newsos
-		;;
-	news-3600 | risc-news)
-		basic_machine=mips-sony
-		os=-newsos
-		;;
-	necv70)
-		basic_machine=v70-nec
-		os=-sysv
-		;;
-	next | m*-next )
-		basic_machine=m68k-next
-		case $os in
-		    -nextstep* )
-			;;
-		    -ns2*)
-		      os=-nextstep2
-			;;
-		    *)
-		      os=-nextstep3
-			;;
-		esac
-		;;
-	nh3000)
-		basic_machine=m68k-harris
-		os=-cxux
-		;;
-	nh[45]000)
-		basic_machine=m88k-harris
-		os=-cxux
-		;;
-	nindy960)
-		basic_machine=i960-intel
-		os=-nindy
-		;;
-	mon960)
-		basic_machine=i960-intel
-		os=-mon960
-		;;
-	nonstopux)
-		basic_machine=mips-compaq
-		os=-nonstopux
-		;;
-	np1)
-		basic_machine=np1-gould
-		;;
-	nsr-tandem)
-		basic_machine=nsr-tandem
-		;;
-	op50n-* | op60c-*)
-		basic_machine=hppa1.1-oki
-		os=-proelf
-		;;
-	openrisc | openrisc-*)
-		basic_machine=or32-unknown
-		;;
-	os400)
-		basic_machine=powerpc-ibm
-		os=-os400
-		;;
-	OSE68000 | ose68000)
-		basic_machine=m68000-ericsson
-		os=-ose
-		;;
-	os68k)
-		basic_machine=m68k-none
-		os=-os68k
-		;;
-	pa-hitachi)
-		basic_machine=hppa1.1-hitachi
-		os=-hiuxwe2
-		;;
-	paragon)
-		basic_machine=i860-intel
-		os=-osf
-		;;
-	pbd)
-		basic_machine=sparc-tti
-		;;
-	pbb)
-		basic_machine=m68k-tti
-		;;
-	pc532 | pc532-*)
-		basic_machine=ns32k-pc532
-		;;
-	pc98)
-		basic_machine=i386-pc
-		;;
-	pc98-*)
-		basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'`
-		;;
-	pentium | p5 | k5 | k6 | nexgen | viac3)
-		basic_machine=i586-pc
-		;;
-	pentiumpro | p6 | 6x86 | athlon | athlon_*)
-		basic_machine=i686-pc
-		;;
-	pentiumii | pentium2 | pentiumiii | pentium3)
-		basic_machine=i686-pc
-		;;
-	pentium4)
-		basic_machine=i786-pc
-		;;
-	pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
-		basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
-		;;
-	pentiumpro-* | p6-* | 6x86-* | athlon-*)
-		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
-		;;
-	pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
-		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
-		;;
-	pentium4-*)
-		basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
-		;;
-	pn)
-		basic_machine=pn-gould
-		;;
-	power)	basic_machine=power-ibm
-		;;
-	ppc)	basic_machine=powerpc-unknown
-		;;
-	ppc-*)	basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
-		;;
-	ppcle | powerpclittle | ppc-le | powerpc-little)
-		basic_machine=powerpcle-unknown
-		;;
-	ppcle-* | powerpclittle-*)
-		basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
-		;;
-	ppc64)	basic_machine=powerpc64-unknown
-		;;
-	ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
-		;;
-	ppc64le | powerpc64little | ppc64-le | powerpc64-little)
-		basic_machine=powerpc64le-unknown
-		;;
-	ppc64le-* | powerpc64little-*)
-		basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
-		;;
-	ps2)
-		basic_machine=i386-ibm
-		;;
-	pw32)
-		basic_machine=i586-unknown
-		os=-pw32
-		;;
-	rdos)
-		basic_machine=i386-pc
-		os=-rdos
-		;;
-	rom68k)
-		basic_machine=m68k-rom68k
-		os=-coff
-		;;
-	rm[46]00)
-		basic_machine=mips-siemens
-		;;
-	rtpc | rtpc-*)
-		basic_machine=romp-ibm
-		;;
-	s390 | s390-*)
-		basic_machine=s390-ibm
-		;;
-	s390x | s390x-*)
-		basic_machine=s390x-ibm
-		;;
-	sa29200)
-		basic_machine=a29k-amd
-		os=-udi
-		;;
-	sb1)
-		basic_machine=mipsisa64sb1-unknown
-		;;
-	sb1el)
-		basic_machine=mipsisa64sb1el-unknown
-		;;
-	sde)
-		basic_machine=mipsisa32-sde
-		os=-elf
-		;;
-	sei)
-		basic_machine=mips-sei
-		os=-seiux
-		;;
-	sequent)
-		basic_machine=i386-sequent
-		;;
-	sh)
-		basic_machine=sh-hitachi
-		os=-hms
-		;;
-	sh64)
-		basic_machine=sh64-unknown
-		;;
-	sparclite-wrs | simso-wrs)
-		basic_machine=sparclite-wrs
-		os=-vxworks
-		;;
-	sps7)
-		basic_machine=m68k-bull
-		os=-sysv2
-		;;
-	spur)
-		basic_machine=spur-unknown
-		;;
-	st2000)
-		basic_machine=m68k-tandem
-		;;
-	stratus)
-		basic_machine=i860-stratus
-		os=-sysv4
-		;;
-	sun2)
-		basic_machine=m68000-sun
-		;;
-	sun2os3)
-		basic_machine=m68000-sun
-		os=-sunos3
-		;;
-	sun2os4)
-		basic_machine=m68000-sun
-		os=-sunos4
-		;;
-	sun3os3)
-		basic_machine=m68k-sun
-		os=-sunos3
-		;;
-	sun3os4)
-		basic_machine=m68k-sun
-		os=-sunos4
-		;;
-	sun4os3)
-		basic_machine=sparc-sun
-		os=-sunos3
-		;;
-	sun4os4)
-		basic_machine=sparc-sun
-		os=-sunos4
-		;;
-	sun4sol2)
-		basic_machine=sparc-sun
-		os=-solaris2
-		;;
-	sun3 | sun3-*)
-		basic_machine=m68k-sun
-		;;
-	sun4)
-		basic_machine=sparc-sun
-		;;
-	sun386 | sun386i | roadrunner)
-		basic_machine=i386-sun
-		;;
-	sv1)
-		basic_machine=sv1-cray
-		os=-unicos
-		;;
-	symmetry)
-		basic_machine=i386-sequent
-		os=-dynix
-		;;
-	t3e)
-		basic_machine=alphaev5-cray
-		os=-unicos
-		;;
-	t90)
-		basic_machine=t90-cray
-		os=-unicos
-		;;
-	tic54x | c54x*)
-		basic_machine=tic54x-unknown
-		os=-coff
-		;;
-	tic55x | c55x*)
-		basic_machine=tic55x-unknown
-		os=-coff
-		;;
-	tic6x | c6x*)
-		basic_machine=tic6x-unknown
-		os=-coff
-		;;
-	tx39)
-		basic_machine=mipstx39-unknown
-		;;
-	tx39el)
-		basic_machine=mipstx39el-unknown
-		;;
-	toad1)
-		basic_machine=pdp10-xkl
-		os=-tops20
-		;;
-	tower | tower-32)
-		basic_machine=m68k-ncr
-		;;
-	tpf)
-		basic_machine=s390x-ibm
-		os=-tpf
-		;;
-	udi29k)
-		basic_machine=a29k-amd
-		os=-udi
-		;;
-	ultra3)
-		basic_machine=a29k-nyu
-		os=-sym1
-		;;
-	v810 | necv810)
-		basic_machine=v810-nec
-		os=-none
-		;;
-	vaxv)
-		basic_machine=vax-dec
-		os=-sysv
-		;;
-	vms)
-		basic_machine=vax-dec
-		os=-vms
-		;;
-	vpp*|vx|vx-*)
-		basic_machine=f301-fujitsu
-		;;
-	vxworks960)
-		basic_machine=i960-wrs
-		os=-vxworks
-		;;
-	vxworks68)
-		basic_machine=m68k-wrs
-		os=-vxworks
-		;;
-	vxworks29k)
-		basic_machine=a29k-wrs
-		os=-vxworks
-		;;
-	w65*)
-		basic_machine=w65-wdc
-		os=-none
-		;;
-	w89k-*)
-		basic_machine=hppa1.1-winbond
-		os=-proelf
-		;;
-	xbox)
-		basic_machine=i686-pc
-		os=-mingw32
-		;;
-	xps | xps100)
-		basic_machine=xps100-honeywell
-		;;
-	ymp)
-		basic_machine=ymp-cray
-		os=-unicos
-		;;
-	z8k-*-coff)
-		basic_machine=z8k-unknown
-		os=-sim
-		;;
-	none)
-		basic_machine=none-none
-		os=-none
-		;;
-
-# Here we handle the default manufacturer of certain CPU types.  It is in
-# some cases the only manufacturer, in others, it is the most popular.
-	w89k)
-		basic_machine=hppa1.1-winbond
-		;;
-	op50n)
-		basic_machine=hppa1.1-oki
-		;;
-	op60c)
-		basic_machine=hppa1.1-oki
-		;;
-	romp)
-		basic_machine=romp-ibm
-		;;
-	mmix)
-		basic_machine=mmix-knuth
-		;;
-	rs6000)
-		basic_machine=rs6000-ibm
-		;;
-	vax)
-		basic_machine=vax-dec
-		;;
-	pdp10)
-		# there are many clones, so DEC is not a safe bet
-		basic_machine=pdp10-unknown
-		;;
-	pdp11)
-		basic_machine=pdp11-dec
-		;;
-	we32k)
-		basic_machine=we32k-att
-		;;
-	sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele)
-		basic_machine=sh-unknown
-		;;
-	sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v)
-		basic_machine=sparc-sun
-		;;
-	cydra)
-		basic_machine=cydra-cydrome
-		;;
-	orion)
-		basic_machine=orion-highlevel
-		;;
-	orion105)
-		basic_machine=clipper-highlevel
-		;;
-	mac | mpw | mac-mpw)
-		basic_machine=m68k-apple
-		;;
-	pmac | pmac-mpw)
-		basic_machine=powerpc-apple
-		;;
-	*-unknown)
-		# Make sure to match an already-canonicalized machine name.
-		;;
-	*)
-		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
-		exit 1
-		;;
-esac
-
-# Here we canonicalize certain aliases for manufacturers.
-case $basic_machine in
-	*-digital*)
-		basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
-		;;
-	*-commodore*)
-		basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
-		;;
-	*)
-		;;
-esac
-
-# Decode manufacturer-specific aliases for certain operating systems.
-
-if [ x"$os" != x"" ]
-then
-case $os in
-        # First match some system type aliases
-        # that might get confused with valid system types.
-	# -solaris* is a basic system type, with this one exception.
-	-solaris1 | -solaris1.*)
-		os=`echo $os | sed -e 's|solaris1|sunos4|'`
-		;;
-	-solaris)
-		os=-solaris2
-		;;
-	-svr4*)
-		os=-sysv4
-		;;
-	-unixware*)
-		os=-sysv4.2uw
-		;;
-	-gnu/linux*)
-		os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
-		;;
-	# First accept the basic system types.
-	# The portable systems comes first.
-	# Each alternative MUST END IN A *, to match a version number.
-	# -sysv* is not here because it comes later, after sysvr4.
-	-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
-	      | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\
-	      | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
-	      | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
-	      | -aos* \
-	      | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
-	      | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
-	      | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
-	      | -openbsd* | -solidbsd* \
-	      | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
-	      | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
-	      | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
-	      | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
-	      | -chorusos* | -chorusrdb* \
-	      | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
-	      | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \
-	      | -uxpv* | -beos* | -mpeix* | -udk* \
-	      | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
-	      | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
-	      | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
-	      | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
-	      | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
-	      | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
-	      | -skyos* | -haiku* | -rdos* | -toppers*)
-	# Remember, each alternative MUST END IN *, to match a version number.
-		;;
-	-qnx*)
-		case $basic_machine in
-		    x86-* | i*86-*)
-			;;
-		    *)
-			os=-nto$os
-			;;
-		esac
-		;;
-	-nto-qnx*)
-		;;
-	-nto*)
-		os=`echo $os | sed -e 's|nto|nto-qnx|'`
-		;;
-	-sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
-	      | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \
-	      | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
-		;;
-	-mac*)
-		os=`echo $os | sed -e 's|mac|macos|'`
-		;;
-	-linux-dietlibc)
-		os=-linux-dietlibc
-		;;
-	-linux*)
-		os=`echo $os | sed -e 's|linux|linux-gnu|'`
-		;;
-	-sunos5*)
-		os=`echo $os | sed -e 's|sunos5|solaris2|'`
-		;;
-	-sunos6*)
-		os=`echo $os | sed -e 's|sunos6|solaris3|'`
-		;;
-	-opened*)
-		os=-openedition
-		;;
-        -os400*)
-		os=-os400
-		;;
-	-wince*)
-		os=-wince
-		;;
-	-osfrose*)
-		os=-osfrose
-		;;
-	-osf*)
-		os=-osf
-		;;
-	-utek*)
-		os=-bsd
-		;;
-	-dynix*)
-		os=-bsd
-		;;
-	-acis*)
-		os=-aos
-		;;
-	-atheos*)
-		os=-atheos
-		;;
-	-syllable*)
-		os=-syllable
-		;;
-	-386bsd)
-		os=-bsd
-		;;
-	-ctix* | -uts*)
-		os=-sysv
-		;;
-	-nova*)
-		os=-rtmk-nova
-		;;
-	-ns2 )
-		os=-nextstep2
-		;;
-	-nsk*)
-		os=-nsk
-		;;
-	# Preserve the version number of sinix5.
-	-sinix5.*)
-		os=`echo $os | sed -e 's|sinix|sysv|'`
-		;;
-	-sinix*)
-		os=-sysv4
-		;;
-        -tpf*)
-		os=-tpf
-		;;
-	-triton*)
-		os=-sysv3
-		;;
-	-oss*)
-		os=-sysv3
-		;;
-	-svr4)
-		os=-sysv4
-		;;
-	-svr3)
-		os=-sysv3
-		;;
-	-sysvr4)
-		os=-sysv4
-		;;
-	# This must come after -sysvr4.
-	-sysv*)
-		;;
-	-ose*)
-		os=-ose
-		;;
-	-es1800*)
-		os=-ose
-		;;
-	-xenix)
-		os=-xenix
-		;;
-	-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
-		os=-mint
-		;;
-	-aros*)
-		os=-aros
-		;;
-	-kaos*)
-		os=-kaos
-		;;
-	-zvmoe)
-		os=-zvmoe
-		;;
-	-none)
-		;;
-	*)
-		# Get rid of the `-' at the beginning of $os.
-		os=`echo $os | sed 's/[^-]*-//'`
-		echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
-		exit 1
-		;;
-esac
-else
-
-# Here we handle the default operating systems that come with various machines.
-# The value should be what the vendor currently ships out the door with their
-# machine or put another way, the most popular os provided with the machine.
-
-# Note that if you're going to try to match "-MANUFACTURER" here (say,
-# "-sun"), then you have to tell the case statement up towards the top
-# that MANUFACTURER isn't an operating system.  Otherwise, code above
-# will signal an error saying that MANUFACTURER isn't an operating
-# system, and we'll never get to this point.
-
-case $basic_machine in
-        score-*)
-		os=-elf
-		;;
-        spu-*)
-		os=-elf
-		;;
-	*-acorn)
-		os=-riscix1.2
-		;;
-	arm*-rebel)
-		os=-linux
-		;;
-	arm*-semi)
-		os=-aout
-		;;
-        c4x-* | tic4x-*)
-        	os=-coff
-		;;
-	# This must come before the *-dec entry.
-	pdp10-*)
-		os=-tops20
-		;;
-	pdp11-*)
-		os=-none
-		;;
-	*-dec | vax-*)
-		os=-ultrix4.2
-		;;
-	m68*-apollo)
-		os=-domain
-		;;
-	i386-sun)
-		os=-sunos4.0.2
-		;;
-	m68000-sun)
-		os=-sunos3
-		# This also exists in the configure program, but was not the
-		# default.
-		# os=-sunos4
-		;;
-	m68*-cisco)
-		os=-aout
-		;;
-	mips*-cisco)
-		os=-elf
-		;;
-	mips*-*)
-		os=-elf
-		;;
-	or32-*)
-		os=-coff
-		;;
-	*-tti)	# must be before sparc entry or we get the wrong os.
-		os=-sysv3
-		;;
-	sparc-* | *-sun)
-		os=-sunos4.1.1
-		;;
-	*-be)
-		os=-beos
-		;;
-	*-haiku)
-		os=-haiku
-		;;
-	*-ibm)
-		os=-aix
-		;;
-    	*-knuth)
-		os=-mmixware
-		;;
-	*-wec)
-		os=-proelf
-		;;
-	*-winbond)
-		os=-proelf
-		;;
-	*-oki)
-		os=-proelf
-		;;
-	*-hp)
-		os=-hpux
-		;;
-	*-hitachi)
-		os=-hiux
-		;;
-	i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
-		os=-sysv
-		;;
-	*-cbm)
-		os=-amigaos
-		;;
-	*-dg)
-		os=-dgux
-		;;
-	*-dolphin)
-		os=-sysv3
-		;;
-	m68k-ccur)
-		os=-rtu
-		;;
-	m88k-omron*)
-		os=-luna
-		;;
-	*-next )
-		os=-nextstep
-		;;
-	*-sequent)
-		os=-ptx
-		;;
-	*-crds)
-		os=-unos
-		;;
-	*-ns)
-		os=-genix
-		;;
-	i370-*)
-		os=-mvs
-		;;
-	*-next)
-		os=-nextstep3
-		;;
-	*-gould)
-		os=-sysv
-		;;
-	*-highlevel)
-		os=-bsd
-		;;
-	*-encore)
-		os=-bsd
-		;;
-	*-sgi)
-		os=-irix
-		;;
-	*-siemens)
-		os=-sysv4
-		;;
-	*-masscomp)
-		os=-rtu
-		;;
-	f30[01]-fujitsu | f700-fujitsu)
-		os=-uxpv
-		;;
-	*-rom68k)
-		os=-coff
-		;;
-	*-*bug)
-		os=-coff
-		;;
-	*-apple)
-		os=-macos
-		;;
-	*-atari*)
-		os=-mint
-		;;
-	*)
-		os=-none
-		;;
-esac
-fi
-
-# Here we handle the case where we know the os, and the CPU type, but not the
-# manufacturer.  We pick the logical manufacturer.
-vendor=unknown
-case $basic_machine in
-	*-unknown)
-		case $os in
-			-riscix*)
-				vendor=acorn
-				;;
-			-sunos*)
-				vendor=sun
-				;;
-			-aix*)
-				vendor=ibm
-				;;
-			-beos*)
-				vendor=be
-				;;
-			-hpux*)
-				vendor=hp
-				;;
-			-mpeix*)
-				vendor=hp
-				;;
-			-hiux*)
-				vendor=hitachi
-				;;
-			-unos*)
-				vendor=crds
-				;;
-			-dgux*)
-				vendor=dg
-				;;
-			-luna*)
-				vendor=omron
-				;;
-			-genix*)
-				vendor=ns
-				;;
-			-mvs* | -opened*)
-				vendor=ibm
-				;;
-			-os400*)
-				vendor=ibm
-				;;
-			-ptx*)
-				vendor=sequent
-				;;
-			-tpf*)
-				vendor=ibm
-				;;
-			-vxsim* | -vxworks* | -windiss*)
-				vendor=wrs
-				;;
-			-aux*)
-				vendor=apple
-				;;
-			-hms*)
-				vendor=hitachi
-				;;
-			-mpw* | -macos*)
-				vendor=apple
-				;;
-			-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
-				vendor=atari
-				;;
-			-vos*)
-				vendor=stratus
-				;;
-		esac
-		basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
-		;;
-esac
-
-echo $basic_machine$os
-exit
-
-# Local variables:
-# eval: (add-hook 'write-file-hooks 'time-stamp)
-# time-stamp-start: "timestamp='"
-# time-stamp-format: "%:y-%02m-%02d"
-# time-stamp-end: "'"
-# End:
diff --git a/crypto/heimdal/configure b/crypto/heimdal/configure
deleted file mode 100755
index e905a3519728..000000000000
--- a/crypto/heimdal/configure
+++ /dev/null
@@ -1,54327 +0,0 @@
-#! /bin/sh
-# From configure.in Revision: 22513 .
-# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.61 for Heimdal 1.1.
-#
-# Report bugs to <heimdal-bugs@h5l.org>.
-#
-# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
-# 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
-# This configure script is free software; the Free Software Foundation
-# gives unlimited permission to copy, distribute and modify it.
-## --------------------- ##
-## M4sh Initialization.  ##
-## --------------------- ##
-
-# Be more Bourne compatible
-DUALCASE=1; export DUALCASE # for MKS sh
-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
-  emulate sh
-  NULLCMD=:
-  # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
-  # is contrary to our usage.  Disable this feature.
-  alias -g '${1+"$@"}'='"$@"'
-  setopt NO_GLOB_SUBST
-else
-  case `(set -o) 2>/dev/null` in
-  *posix*) set -o posix ;;
-esac
-
-fi
-
-
-
-
-# PATH needs CR
-# Avoid depending upon Character Ranges.
-as_cr_letters='abcdefghijklmnopqrstuvwxyz'
-as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
-as_cr_Letters=$as_cr_letters$as_cr_LETTERS
-as_cr_digits='0123456789'
-as_cr_alnum=$as_cr_Letters$as_cr_digits
-
-# The user is always right.
-if test "${PATH_SEPARATOR+set}" != set; then
-  echo "#! /bin/sh" >conf$$.sh
-  echo  "exit 0"   >>conf$$.sh
-  chmod +x conf$$.sh
-  if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
-    PATH_SEPARATOR=';'
-  else
-    PATH_SEPARATOR=:
-  fi
-  rm -f conf$$.sh
-fi
-
-# Support unset when possible.
-if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
-  as_unset=unset
-else
-  as_unset=false
-fi
-
-
-# IFS
-# We need space, tab and new line, in precisely that order.  Quoting is
-# there to prevent editors from complaining about space-tab.
-# (If _AS_PATH_WALK were called with IFS unset, it would disable word
-# splitting by setting IFS to empty value.)
-as_nl='
-'
-IFS=" ""	$as_nl"
-
-# Find who we are.  Look in the path if we contain no directory separator.
-case $0 in
-  *[\\/]* ) as_myself=$0 ;;
-  *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
-done
-IFS=$as_save_IFS
-
-     ;;
-esac
-# We did not find ourselves, most probably we were run as `sh COMMAND'
-# in which case we are not to be found in the path.
-if test "x$as_myself" = x; then
-  as_myself=$0
-fi
-if test ! -f "$as_myself"; then
-  echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
-  { (exit 1); exit 1; }
-fi
-
-# Work around bugs in pre-3.0 UWIN ksh.
-for as_var in ENV MAIL MAILPATH
-do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
-done
-PS1='$ '
-PS2='> '
-PS4='+ '
-
-# NLS nuisances.
-for as_var in \
-  LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \
-  LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \
-  LC_TELEPHONE LC_TIME
-do
-  if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then
-    eval $as_var=C; export $as_var
-  else
-    ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
-  fi
-done
-
-# Required to use basename.
-if expr a : '\(a\)' >/dev/null 2>&1 &&
-   test "X`expr 00001 : '.*\(...\)'`" = X001; then
-  as_expr=expr
-else
-  as_expr=false
-fi
-
-if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
-  as_basename=basename
-else
-  as_basename=false
-fi
-
-
-# Name of the executable.
-as_me=`$as_basename -- "$0" ||
-$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
-	 X"$0" : 'X\(//\)$' \| \
-	 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
-echo X/"$0" |
-    sed '/^.*\/\([^/][^/]*\)\/*$/{
-	    s//\1/
-	    q
-	  }
-	  /^X\/\(\/\/\)$/{
-	    s//\1/
-	    q
-	  }
-	  /^X\/\(\/\).*/{
-	    s//\1/
-	    q
-	  }
-	  s/.*/./; q'`
-
-# CDPATH.
-$as_unset CDPATH
-
-
-if test "x$CONFIG_SHELL" = x; then
-  if (eval ":") 2>/dev/null; then
-  as_have_required=yes
-else
-  as_have_required=no
-fi
-
-  if test $as_have_required = yes && 	 (eval ":
-(as_func_return () {
-  (exit \$1)
-}
-as_func_success () {
-  as_func_return 0
-}
-as_func_failure () {
-  as_func_return 1
-}
-as_func_ret_success () {
-  return 0
-}
-as_func_ret_failure () {
-  return 1
-}
-
-exitcode=0
-if as_func_success; then
-  :
-else
-  exitcode=1
-  echo as_func_success failed.
-fi
-
-if as_func_failure; then
-  exitcode=1
-  echo as_func_failure succeeded.
-fi
-
-if as_func_ret_success; then
-  :
-else
-  exitcode=1
-  echo as_func_ret_success failed.
-fi
-
-if as_func_ret_failure; then
-  exitcode=1
-  echo as_func_ret_failure succeeded.
-fi
-
-if ( set x; as_func_ret_success y && test x = \"\$1\" ); then
-  :
-else
-  exitcode=1
-  echo positional parameters were not saved.
-fi
-
-test \$exitcode = 0) || { (exit 1); exit 1; }
-
-(
-  as_lineno_1=\$LINENO
-  as_lineno_2=\$LINENO
-  test \"x\$as_lineno_1\" != \"x\$as_lineno_2\" &&
-  test \"x\`expr \$as_lineno_1 + 1\`\" = \"x\$as_lineno_2\") || { (exit 1); exit 1; }
-") 2> /dev/null; then
-  :
-else
-  as_candidate_shells=
-    as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  case $as_dir in
-	 /*)
-	   for as_base in sh bash ksh sh5; do
-	     as_candidate_shells="$as_candidate_shells $as_dir/$as_base"
-	   done;;
-       esac
-done
-IFS=$as_save_IFS
-
-
-      for as_shell in $as_candidate_shells $SHELL; do
-	 # Try only shells that exist, to save several forks.
-	 if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
-		{ ("$as_shell") 2> /dev/null <<\_ASEOF
-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
-  emulate sh
-  NULLCMD=:
-  # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
-  # is contrary to our usage.  Disable this feature.
-  alias -g '${1+"$@"}'='"$@"'
-  setopt NO_GLOB_SUBST
-else
-  case `(set -o) 2>/dev/null` in
-  *posix*) set -o posix ;;
-esac
-
-fi
-
-
-:
-_ASEOF
-}; then
-  CONFIG_SHELL=$as_shell
-	       as_have_required=yes
-	       if { "$as_shell" 2> /dev/null <<\_ASEOF
-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
-  emulate sh
-  NULLCMD=:
-  # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
-  # is contrary to our usage.  Disable this feature.
-  alias -g '${1+"$@"}'='"$@"'
-  setopt NO_GLOB_SUBST
-else
-  case `(set -o) 2>/dev/null` in
-  *posix*) set -o posix ;;
-esac
-
-fi
-
-
-:
-(as_func_return () {
-  (exit $1)
-}
-as_func_success () {
-  as_func_return 0
-}
-as_func_failure () {
-  as_func_return 1
-}
-as_func_ret_success () {
-  return 0
-}
-as_func_ret_failure () {
-  return 1
-}
-
-exitcode=0
-if as_func_success; then
-  :
-else
-  exitcode=1
-  echo as_func_success failed.
-fi
-
-if as_func_failure; then
-  exitcode=1
-  echo as_func_failure succeeded.
-fi
-
-if as_func_ret_success; then
-  :
-else
-  exitcode=1
-  echo as_func_ret_success failed.
-fi
-
-if as_func_ret_failure; then
-  exitcode=1
-  echo as_func_ret_failure succeeded.
-fi
-
-if ( set x; as_func_ret_success y && test x = "$1" ); then
-  :
-else
-  exitcode=1
-  echo positional parameters were not saved.
-fi
-
-test $exitcode = 0) || { (exit 1); exit 1; }
-
-(
-  as_lineno_1=$LINENO
-  as_lineno_2=$LINENO
-  test "x$as_lineno_1" != "x$as_lineno_2" &&
-  test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2") || { (exit 1); exit 1; }
-
-_ASEOF
-}; then
-  break
-fi
-
-fi
-
-      done
-
-      if test "x$CONFIG_SHELL" != x; then
-  for as_var in BASH_ENV ENV
-        do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
-        done
-        export CONFIG_SHELL
-        exec "$CONFIG_SHELL" "$as_myself" ${1+"$@"}
-fi
-
-
-    if test $as_have_required = no; then
-  echo This script requires a shell more modern than all the
-      echo shells that I found on your system.  Please install a
-      echo modern shell, or manually run the script under such a
-      echo shell if you do have one.
-      { (exit 1); exit 1; }
-fi
-
-
-fi
-
-fi
-
-
-
-(eval "as_func_return () {
-  (exit \$1)
-}
-as_func_success () {
-  as_func_return 0
-}
-as_func_failure () {
-  as_func_return 1
-}
-as_func_ret_success () {
-  return 0
-}
-as_func_ret_failure () {
-  return 1
-}
-
-exitcode=0
-if as_func_success; then
-  :
-else
-  exitcode=1
-  echo as_func_success failed.
-fi
-
-if as_func_failure; then
-  exitcode=1
-  echo as_func_failure succeeded.
-fi
-
-if as_func_ret_success; then
-  :
-else
-  exitcode=1
-  echo as_func_ret_success failed.
-fi
-
-if as_func_ret_failure; then
-  exitcode=1
-  echo as_func_ret_failure succeeded.
-fi
-
-if ( set x; as_func_ret_success y && test x = \"\$1\" ); then
-  :
-else
-  exitcode=1
-  echo positional parameters were not saved.
-fi
-
-test \$exitcode = 0") || {
-  echo No shell found that supports shell functions.
-  echo Please tell autoconf@gnu.org about your system,
-  echo including any error possibly output before this
-  echo message
-}
-
-
-
-  as_lineno_1=$LINENO
-  as_lineno_2=$LINENO
-  test "x$as_lineno_1" != "x$as_lineno_2" &&
-  test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || {
-
-  # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
-  # uniformly replaced by the line number.  The first 'sed' inserts a
-  # line-number line after each line using $LINENO; the second 'sed'
-  # does the real work.  The second script uses 'N' to pair each
-  # line-number line with the line containing $LINENO, and appends
-  # trailing '-' during substitution so that $LINENO is not a special
-  # case at line end.
-  # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
-  # scripts with optimization help from Paolo Bonzini.  Blame Lee
-  # E. McMahon (1931-1989) for sed's syntax.  :-)
-  sed -n '
-    p
-    /[$]LINENO/=
-  ' <$as_myself |
-    sed '
-      s/[$]LINENO.*/&-/
-      t lineno
-      b
-      :lineno
-      N
-      :loop
-      s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
-      t loop
-      s/-\n.*//
-    ' >$as_me.lineno &&
-  chmod +x "$as_me.lineno" ||
-    { echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2
-   { (exit 1); exit 1; }; }
-
-  # Don't try to exec as it changes $[0], causing all sort of problems
-  # (the dirname of $[0] is not the place where we might find the
-  # original and so on.  Autoconf is especially sensitive to this).
-  . "./$as_me.lineno"
-  # Exit status is that of the last command.
-  exit
-}
-
-
-if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
-  as_dirname=dirname
-else
-  as_dirname=false
-fi
-
-ECHO_C= ECHO_N= ECHO_T=
-case `echo -n x` in
--n*)
-  case `echo 'x\c'` in
-  *c*) ECHO_T='	';;	# ECHO_T is single tab character.
-  *)   ECHO_C='\c';;
-  esac;;
-*)
-  ECHO_N='-n';;
-esac
-
-if expr a : '\(a\)' >/dev/null 2>&1 &&
-   test "X`expr 00001 : '.*\(...\)'`" = X001; then
-  as_expr=expr
-else
-  as_expr=false
-fi
-
-rm -f conf$$ conf$$.exe conf$$.file
-if test -d conf$$.dir; then
-  rm -f conf$$.dir/conf$$.file
-else
-  rm -f conf$$.dir
-  mkdir conf$$.dir
-fi
-echo >conf$$.file
-if ln -s conf$$.file conf$$ 2>/dev/null; then
-  as_ln_s='ln -s'
-  # ... but there are two gotchas:
-  # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
-  # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
-  # In both cases, we have to default to `cp -p'.
-  ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
-    as_ln_s='cp -p'
-elif ln conf$$.file conf$$ 2>/dev/null; then
-  as_ln_s=ln
-else
-  as_ln_s='cp -p'
-fi
-rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
-rmdir conf$$.dir 2>/dev/null
-
-if mkdir -p . 2>/dev/null; then
-  as_mkdir_p=:
-else
-  test -d ./-p && rmdir ./-p
-  as_mkdir_p=false
-fi
-
-if test -x / >/dev/null 2>&1; then
-  as_test_x='test -x'
-else
-  if ls -dL / >/dev/null 2>&1; then
-    as_ls_L_option=L
-  else
-    as_ls_L_option=
-  fi
-  as_test_x='
-    eval sh -c '\''
-      if test -d "$1"; then
-        test -d "$1/.";
-      else
-	case $1 in
-        -*)set "./$1";;
-	esac;
-	case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in
-	???[sx]*):;;*)false;;esac;fi
-    '\'' sh
-  '
-fi
-as_executable_p=$as_test_x
-
-# Sed expression to map a string onto a valid CPP name.
-as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
-
-# Sed expression to map a string onto a valid variable name.
-as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
-
-
-
-
-# Check that we are running under the correct shell.
-SHELL=${CONFIG_SHELL-/bin/sh}
-
-case X$ECHO in
-X*--fallback-echo)
-  # Remove one level of quotation (which was required for Make).
-  ECHO=`echo "$ECHO" | sed 's,\\\\\$\\$0,'$0','`
-  ;;
-esac
-
-echo=${ECHO-echo}
-if test "X$1" = X--no-reexec; then
-  # Discard the --no-reexec flag, and continue.
-  shift
-elif test "X$1" = X--fallback-echo; then
-  # Avoid inline document here, it may be left over
-  :
-elif test "X`($echo '\t') 2>/dev/null`" = 'X\t' ; then
-  # Yippee, $echo works!
-  :
-else
-  # Restart under the correct shell.
-  exec $SHELL "$0" --no-reexec ${1+"$@"}
-fi
-
-if test "X$1" = X--fallback-echo; then
-  # used as fallback echo
-  shift
-  cat <<EOF
-$*
-EOF
-  exit 0
-fi
-
-# The HP-UX ksh and POSIX shell print the target directory to stdout
-# if CDPATH is set.
-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
-
-if test -z "$ECHO"; then
-if test "X${echo_test_string+set}" != Xset; then
-# find a string as large as possible, as long as the shell can cope with it
-  for cmd in 'sed 50q "$0"' 'sed 20q "$0"' 'sed 10q "$0"' 'sed 2q "$0"' 'echo test'; do
-    # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ...
-    if (echo_test_string=`eval $cmd`) 2>/dev/null &&
-       echo_test_string=`eval $cmd` &&
-       (test "X$echo_test_string" = "X$echo_test_string") 2>/dev/null
-    then
-      break
-    fi
-  done
-fi
-
-if test "X`($echo '\t') 2>/dev/null`" = 'X\t' &&
-   echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` &&
-   test "X$echo_testing_string" = "X$echo_test_string"; then
-  :
-else
-  # The Solaris, AIX, and Digital Unix default echo programs unquote
-  # backslashes.  This makes it impossible to quote backslashes using
-  #   echo "$something" | sed 's/\\/\\\\/g'
-  #
-  # So, first we look for a working echo in the user's PATH.
-
-  lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
-  for dir in $PATH /usr/ucb; do
-    IFS="$lt_save_ifs"
-    if (test -f $dir/echo || test -f $dir/echo$ac_exeext) &&
-       test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' &&
-       echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` &&
-       test "X$echo_testing_string" = "X$echo_test_string"; then
-      echo="$dir/echo"
-      break
-    fi
-  done
-  IFS="$lt_save_ifs"
-
-  if test "X$echo" = Xecho; then
-    # We didn't find a better echo, so look for alternatives.
-    if test "X`(print -r '\t') 2>/dev/null`" = 'X\t' &&
-       echo_testing_string=`(print -r "$echo_test_string") 2>/dev/null` &&
-       test "X$echo_testing_string" = "X$echo_test_string"; then
-      # This shell has a builtin print -r that does the trick.
-      echo='print -r'
-    elif (test -f /bin/ksh || test -f /bin/ksh$ac_exeext) &&
-	 test "X$CONFIG_SHELL" != X/bin/ksh; then
-      # If we have ksh, try running configure again with it.
-      ORIGINAL_CONFIG_SHELL=${CONFIG_SHELL-/bin/sh}
-      export ORIGINAL_CONFIG_SHELL
-      CONFIG_SHELL=/bin/ksh
-      export CONFIG_SHELL
-      exec $CONFIG_SHELL "$0" --no-reexec ${1+"$@"}
-    else
-      # Try using printf.
-      echo='printf %s\n'
-      if test "X`($echo '\t') 2>/dev/null`" = 'X\t' &&
-	 echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` &&
-	 test "X$echo_testing_string" = "X$echo_test_string"; then
-	# Cool, printf works
-	:
-      elif echo_testing_string=`($ORIGINAL_CONFIG_SHELL "$0" --fallback-echo '\t') 2>/dev/null` &&
-	   test "X$echo_testing_string" = 'X\t' &&
-	   echo_testing_string=`($ORIGINAL_CONFIG_SHELL "$0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
-	   test "X$echo_testing_string" = "X$echo_test_string"; then
-	CONFIG_SHELL=$ORIGINAL_CONFIG_SHELL
-	export CONFIG_SHELL
-	SHELL="$CONFIG_SHELL"
-	export SHELL
-	echo="$CONFIG_SHELL $0 --fallback-echo"
-      elif echo_testing_string=`($CONFIG_SHELL "$0" --fallback-echo '\t') 2>/dev/null` &&
-	   test "X$echo_testing_string" = 'X\t' &&
-	   echo_testing_string=`($CONFIG_SHELL "$0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
-	   test "X$echo_testing_string" = "X$echo_test_string"; then
-	echo="$CONFIG_SHELL $0 --fallback-echo"
-      else
-	# maybe with a smaller string...
-	prev=:
-
-	for cmd in 'echo test' 'sed 2q "$0"' 'sed 10q "$0"' 'sed 20q "$0"' 'sed 50q "$0"'; do
-	  if (test "X$echo_test_string" = "X`eval $cmd`") 2>/dev/null
-	  then
-	    break
-	  fi
-	  prev="$cmd"
-	done
-
-	if test "$prev" != 'sed 50q "$0"'; then
-	  echo_test_string=`eval $prev`
-	  export echo_test_string
-	  exec ${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}} "$0" ${1+"$@"}
-	else
-	  # Oops.  We lost completely, so just stick with echo.
-	  echo=echo
-	fi
-      fi
-    fi
-  fi
-fi
-fi
-
-# Copy echo and quote the copy suitably for passing to libtool from
-# the Makefile, instead of quoting the original, which is used later.
-ECHO=$echo
-if test "X$ECHO" = "X$CONFIG_SHELL $0 --fallback-echo"; then
-   ECHO="$CONFIG_SHELL \\\$\$0 --fallback-echo"
-fi
-
-
-
-
-tagnames=${tagnames+${tagnames},}CXX
-
-tagnames=${tagnames+${tagnames},}F77
-
-exec 7<&0 </dev/null 6>&1
-
-# Name of the host.
-# hostname on some systems (SVR3.2, Linux) returns a bogus exit status,
-# so uname gets run too.
-ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
-
-#
-# Initializations.
-#
-ac_default_prefix=/usr/local
-ac_clean_files=
-ac_config_libobj_dir=.
-LIBOBJS=
-cross_compiling=no
-subdirs=
-MFLAGS=
-MAKEFLAGS=
-SHELL=${CONFIG_SHELL-/bin/sh}
-
-# Identity of this package.
-PACKAGE_NAME='Heimdal'
-PACKAGE_TARNAME='heimdal'
-PACKAGE_VERSION='1.1'
-PACKAGE_STRING='Heimdal 1.1'
-PACKAGE_BUGREPORT='heimdal-bugs@h5l.org'
-
-ac_unique_file="kuser/kinit.c"
-ac_default_prefix=/usr/heimdal
-# Factoring default headers for most tests.
-ac_includes_default="\
-#include <stdio.h>
-#ifdef HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#ifdef STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# ifdef HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#ifdef HAVE_STRING_H
-# if !defined STDC_HEADERS && defined HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#ifdef HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#ifdef HAVE_INTTYPES_H
-# include <inttypes.h>
-#endif
-#ifdef HAVE_STDINT_H
-# include <stdint.h>
-#endif
-#ifdef HAVE_UNISTD_H
-# include <unistd.h>
-#endif"
-
-ac_subst_vars='SHELL
-PATH_SEPARATOR
-PACKAGE_NAME
-PACKAGE_TARNAME
-PACKAGE_VERSION
-PACKAGE_STRING
-PACKAGE_BUGREPORT
-exec_prefix
-prefix
-program_transform_name
-bindir
-sbindir
-libexecdir
-datarootdir
-datadir
-sysconfdir
-sharedstatedir
-localstatedir
-includedir
-oldincludedir
-docdir
-infodir
-htmldir
-dvidir
-pdfdir
-psdir
-libdir
-localedir
-mandir
-DEFS
-ECHO_C
-ECHO_N
-ECHO_T
-LIBS
-build_alias
-host_alias
-target_alias
-INSTALL_PROGRAM
-INSTALL_SCRIPT
-INSTALL_DATA
-am__isrc
-CYGPATH_W
-PACKAGE
-VERSION
-ACLOCAL
-AUTOCONF
-AUTOMAKE
-AUTOHEADER
-MAKEINFO
-install_sh
-STRIP
-INSTALL_STRIP_PROGRAM
-mkdir_p
-AWK
-SET_MAKE
-am__leading_dot
-AMTAR
-am__tar
-am__untar
-MAINTAINER_MODE_TRUE
-MAINTAINER_MODE_FALSE
-MAINT
-CC
-CFLAGS
-LDFLAGS
-CPPFLAGS
-ac_ct_CC
-EXEEXT
-OBJEXT
-CPP
-build
-build_cpu
-build_vendor
-build_os
-host
-host_cpu
-host_vendor
-host_os
-CANONICAL_HOST
-YACC
-YFLAGS
-LEX
-LEX_OUTPUT_ROOT
-LEXLIB
-LN_S
-GREP
-EGREP
-ECHO
-AR
-RANLIB
-CXX
-CXXFLAGS
-ac_ct_CXX
-CXXCPP
-F77
-FFLAGS
-ac_ct_F77
-LIBTOOL
-ENABLE_SHARED_TRUE
-ENABLE_SHARED_FALSE
-VERSIONING
-versionscript_TRUE
-versionscript_FALSE
-LDFLAGS_VERSION_SCRIPT
-INCLUDE_openldap
-LIB_openldap
-OPENLDAP_MODULE_TRUE
-OPENLDAP_MODULE_FALSE
-PKINIT_TRUE
-PKINIT_FALSE
-DIR_hdbdir
-INCLUDE_krb4
-LIB_krb4
-KRB4_TRUE
-KRB4_FALSE
-KRB5_TRUE
-KRB5_FALSE
-do_roken_rename_TRUE
-do_roken_rename_FALSE
-LIB_kdb
-HAVE_OPENSSL_TRUE
-HAVE_OPENSSL_FALSE
-DIR_hcrypto
-INCLUDE_hcrypto
-LIB_hcrypto
-LIB_hcrypto_a
-LIB_hcrypto_so
-LIB_hcrypto_appl
-PTHREADS_CFLAGS
-PTHREADS_LIBS
-DCE_TRUE
-DCE_FALSE
-dpagaix_cflags
-dpagaix_ldadd
-dpagaix_ldflags
-LIB_db_create
-LIB_dbopen
-LIB_dbm_firstkey
-HAVE_DB1_TRUE
-HAVE_DB1_FALSE
-HAVE_DB3_TRUE
-HAVE_DB3_FALSE
-HAVE_NDBM_TRUE
-HAVE_NDBM_FALSE
-DBLIB
-LIB_NDBM
-WFLAGS
-WFLAGS_NOUNUSED
-WFLAGS_NOIMPLICITINT
-VOID_RETSIGTYPE
-have_err_h_TRUE
-have_err_h_FALSE
-have_ifaddrs_h_TRUE
-have_ifaddrs_h_FALSE
-have_vis_h_TRUE
-have_vis_h_FALSE
-LIB_socket
-LIB_gethostbyname
-LIB_syslog
-LIB_gethostbyname2
-LIB_res_search
-LIB_res_nsearch
-LIB_res_ndestroy
-LIB_dn_expand
-LIBOBJS
-have_glob_h_TRUE
-have_glob_h_FALSE
-have_cgetent_TRUE
-have_cgetent_FALSE
-LIB_getsockopt
-LIB_setsockopt
-LIB_hstrerror
-LIB_bswap16
-LIB_bswap32
-LIB_pidfile
-LIB_getaddrinfo
-LIB_getnameinfo
-LIB_freeaddrinfo
-LIB_gai_strerror
-have_fnmatch_h_TRUE
-have_fnmatch_h_FALSE
-LIB_crypt
-have_socket_wrapper_TRUE
-have_socket_wrapper_FALSE
-DIR_roken
-LIB_roken
-INCLUDES_roken
-LIBADD_roken
-LIB_otp
-OTP_TRUE
-OTP_FALSE
-LIB_security
-NROFF
-GROFF
-CATMAN
-CATMAN_TRUE
-CATMAN_FALSE
-CATMANEXT
-INCLUDE_readline
-LIB_readline
-INCLUDE_hesiod
-LIB_hesiod
-AIX_TRUE
-AIX_FALSE
-AIX4_TRUE
-AIX4_FALSE
-LIB_dlopen
-HAVE_DLOPEN_TRUE
-HAVE_DLOPEN_FALSE
-LIB_loadquery
-AIX_DYNAMIC_AFS_TRUE
-AIX_DYNAMIC_AFS_FALSE
-AIX_EXTRA_KAFS
-IRIX_TRUE
-IRIX_FALSE
-XMKMF
-X_CFLAGS
-X_PRE_LIBS
-X_LIBS
-X_EXTRA_LIBS
-HAVE_X_TRUE
-HAVE_X_FALSE
-LIB_XauWriteAuth
-LIB_XauReadAuth
-LIB_XauFileName
-NEED_WRITEAUTH_TRUE
-NEED_WRITEAUTH_FALSE
-LIB_logwtmp
-LIB_logout
-LIB_openpty
-LIB_tgetent
-LIB_getpwnam_r
-LIB_door_create
-KCM_TRUE
-KCM_FALSE
-FRAMEWORK_SECURITY_TRUE
-FRAMEWORK_SECURITY_FALSE
-LIB_el_init
-el_compat_TRUE
-el_compat_FALSE
-COMPILE_ET
-COM_ERR_TRUE
-COM_ERR_FALSE
-DIR_com_err
-LIB_com_err
-LIB_com_err_a
-LIB_com_err_so
-LIB_AUTH_SUBDIRS
-LTLIBOBJS'
-ac_subst_files=''
-      ac_precious_vars='build_alias
-host_alias
-target_alias
-CC
-CFLAGS
-LDFLAGS
-LIBS
-CPPFLAGS
-CPP
-YACC
-YFLAGS
-CXX
-CXXFLAGS
-CCC
-CXXCPP
-F77
-FFLAGS
-XMKMF'
-
-
-# Initialize some variables set by options.
-ac_init_help=
-ac_init_version=false
-# The variables have the same names as the options, with
-# dashes changed to underlines.
-cache_file=/dev/null
-exec_prefix=NONE
-no_create=
-no_recursion=
-prefix=NONE
-program_prefix=NONE
-program_suffix=NONE
-program_transform_name=s,x,x,
-silent=
-site=
-srcdir=
-verbose=
-x_includes=NONE
-x_libraries=NONE
-
-# Installation directory options.
-# These are left unexpanded so users can "make install exec_prefix=/foo"
-# and all the variables that are supposed to be based on exec_prefix
-# by default will actually change.
-# Use braces instead of parens because sh, perl, etc. also accept them.
-# (The list follows the same order as the GNU Coding Standards.)
-bindir='${exec_prefix}/bin'
-sbindir='${exec_prefix}/sbin'
-libexecdir='${exec_prefix}/libexec'
-datarootdir='${prefix}/share'
-datadir='${datarootdir}'
-sysconfdir='${prefix}/etc'
-sharedstatedir='${prefix}/com'
-localstatedir='${prefix}/var'
-includedir='${prefix}/include'
-oldincludedir='/usr/include'
-docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
-infodir='${datarootdir}/info'
-htmldir='${docdir}'
-dvidir='${docdir}'
-pdfdir='${docdir}'
-psdir='${docdir}'
-libdir='${exec_prefix}/lib'
-localedir='${datarootdir}/locale'
-mandir='${datarootdir}/man'
-
-ac_prev=
-ac_dashdash=
-for ac_option
-do
-  # If the previous option needs an argument, assign it.
-  if test -n "$ac_prev"; then
-    eval $ac_prev=\$ac_option
-    ac_prev=
-    continue
-  fi
-
-  case $ac_option in
-  *=*)	ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
-  *)	ac_optarg=yes ;;
-  esac
-
-  # Accept the important Cygnus configure options, so we can diagnose typos.
-
-  case $ac_dashdash$ac_option in
-  --)
-    ac_dashdash=yes ;;
-
-  -bindir | --bindir | --bindi | --bind | --bin | --bi)
-    ac_prev=bindir ;;
-  -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
-    bindir=$ac_optarg ;;
-
-  -build | --build | --buil | --bui | --bu)
-    ac_prev=build_alias ;;
-  -build=* | --build=* | --buil=* | --bui=* | --bu=*)
-    build_alias=$ac_optarg ;;
-
-  -cache-file | --cache-file | --cache-fil | --cache-fi \
-  | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
-    ac_prev=cache_file ;;
-  -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
-  | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
-    cache_file=$ac_optarg ;;
-
-  --config-cache | -C)
-    cache_file=config.cache ;;
-
-  -datadir | --datadir | --datadi | --datad)
-    ac_prev=datadir ;;
-  -datadir=* | --datadir=* | --datadi=* | --datad=*)
-    datadir=$ac_optarg ;;
-
-  -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \
-  | --dataroo | --dataro | --datar)
-    ac_prev=datarootdir ;;
-  -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \
-  | --dataroot=* | --dataroo=* | --dataro=* | --datar=*)
-    datarootdir=$ac_optarg ;;
-
-  -disable-* | --disable-*)
-    ac_feature=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
-    # Reject names that are not valid shell variable names.
-    expr "x$ac_feature" : ".*[^-._$as_cr_alnum]" >/dev/null &&
-      { echo "$as_me: error: invalid feature name: $ac_feature" >&2
-   { (exit 1); exit 1; }; }
-    ac_feature=`echo $ac_feature | sed 's/[-.]/_/g'`
-    eval enable_$ac_feature=no ;;
-
-  -docdir | --docdir | --docdi | --doc | --do)
-    ac_prev=docdir ;;
-  -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*)
-    docdir=$ac_optarg ;;
-
-  -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv)
-    ac_prev=dvidir ;;
-  -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*)
-    dvidir=$ac_optarg ;;
-
-  -enable-* | --enable-*)
-    ac_feature=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
-    # Reject names that are not valid shell variable names.
-    expr "x$ac_feature" : ".*[^-._$as_cr_alnum]" >/dev/null &&
-      { echo "$as_me: error: invalid feature name: $ac_feature" >&2
-   { (exit 1); exit 1; }; }
-    ac_feature=`echo $ac_feature | sed 's/[-.]/_/g'`
-    eval enable_$ac_feature=\$ac_optarg ;;
-
-  -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
-  | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
-  | --exec | --exe | --ex)
-    ac_prev=exec_prefix ;;
-  -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
-  | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
-  | --exec=* | --exe=* | --ex=*)
-    exec_prefix=$ac_optarg ;;
-
-  -gas | --gas | --ga | --g)
-    # Obsolete; use --with-gas.
-    with_gas=yes ;;
-
-  -help | --help | --hel | --he | -h)
-    ac_init_help=long ;;
-  -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
-    ac_init_help=recursive ;;
-  -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
-    ac_init_help=short ;;
-
-  -host | --host | --hos | --ho)
-    ac_prev=host_alias ;;
-  -host=* | --host=* | --hos=* | --ho=*)
-    host_alias=$ac_optarg ;;
-
-  -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht)
-    ac_prev=htmldir ;;
-  -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \
-  | --ht=*)
-    htmldir=$ac_optarg ;;
-
-  -includedir | --includedir | --includedi | --included | --include \
-  | --includ | --inclu | --incl | --inc)
-    ac_prev=includedir ;;
-  -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
-  | --includ=* | --inclu=* | --incl=* | --inc=*)
-    includedir=$ac_optarg ;;
-
-  -infodir | --infodir | --infodi | --infod | --info | --inf)
-    ac_prev=infodir ;;
-  -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
-    infodir=$ac_optarg ;;
-
-  -libdir | --libdir | --libdi | --libd)
-    ac_prev=libdir ;;
-  -libdir=* | --libdir=* | --libdi=* | --libd=*)
-    libdir=$ac_optarg ;;
-
-  -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
-  | --libexe | --libex | --libe)
-    ac_prev=libexecdir ;;
-  -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
-  | --libexe=* | --libex=* | --libe=*)
-    libexecdir=$ac_optarg ;;
-
-  -localedir | --localedir | --localedi | --localed | --locale)
-    ac_prev=localedir ;;
-  -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*)
-    localedir=$ac_optarg ;;
-
-  -localstatedir | --localstatedir | --localstatedi | --localstated \
-  | --localstate | --localstat | --localsta | --localst | --locals)
-    ac_prev=localstatedir ;;
-  -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
-  | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*)
-    localstatedir=$ac_optarg ;;
-
-  -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
-    ac_prev=mandir ;;
-  -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
-    mandir=$ac_optarg ;;
-
-  -nfp | --nfp | --nf)
-    # Obsolete; use --without-fp.
-    with_fp=no ;;
-
-  -no-create | --no-create | --no-creat | --no-crea | --no-cre \
-  | --no-cr | --no-c | -n)
-    no_create=yes ;;
-
-  -no-recursion | --no-recursion | --no-recursio | --no-recursi \
-  | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
-    no_recursion=yes ;;
-
-  -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
-  | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
-  | --oldin | --oldi | --old | --ol | --o)
-    ac_prev=oldincludedir ;;
-  -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
-  | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
-  | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
-    oldincludedir=$ac_optarg ;;
-
-  -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
-    ac_prev=prefix ;;
-  -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
-    prefix=$ac_optarg ;;
-
-  -program-prefix | --program-prefix | --program-prefi | --program-pref \
-  | --program-pre | --program-pr | --program-p)
-    ac_prev=program_prefix ;;
-  -program-prefix=* | --program-prefix=* | --program-prefi=* \
-  | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
-    program_prefix=$ac_optarg ;;
-
-  -program-suffix | --program-suffix | --program-suffi | --program-suff \
-  | --program-suf | --program-su | --program-s)
-    ac_prev=program_suffix ;;
-  -program-suffix=* | --program-suffix=* | --program-suffi=* \
-  | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
-    program_suffix=$ac_optarg ;;
-
-  -program-transform-name | --program-transform-name \
-  | --program-transform-nam | --program-transform-na \
-  | --program-transform-n | --program-transform- \
-  | --program-transform | --program-transfor \
-  | --program-transfo | --program-transf \
-  | --program-trans | --program-tran \
-  | --progr-tra | --program-tr | --program-t)
-    ac_prev=program_transform_name ;;
-  -program-transform-name=* | --program-transform-name=* \
-  | --program-transform-nam=* | --program-transform-na=* \
-  | --program-transform-n=* | --program-transform-=* \
-  | --program-transform=* | --program-transfor=* \
-  | --program-transfo=* | --program-transf=* \
-  | --program-trans=* | --program-tran=* \
-  | --progr-tra=* | --program-tr=* | --program-t=*)
-    program_transform_name=$ac_optarg ;;
-
-  -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd)
-    ac_prev=pdfdir ;;
-  -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*)
-    pdfdir=$ac_optarg ;;
-
-  -psdir | --psdir | --psdi | --psd | --ps)
-    ac_prev=psdir ;;
-  -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
-    psdir=$ac_optarg ;;
-
-  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
-  | -silent | --silent | --silen | --sile | --sil)
-    silent=yes ;;
-
-  -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
-    ac_prev=sbindir ;;
-  -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
-  | --sbi=* | --sb=*)
-    sbindir=$ac_optarg ;;
-
-  -sharedstatedir | --sharedstatedir | --sharedstatedi \
-  | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
-  | --sharedst | --shareds | --shared | --share | --shar \
-  | --sha | --sh)
-    ac_prev=sharedstatedir ;;
-  -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
-  | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
-  | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
-  | --sha=* | --sh=*)
-    sharedstatedir=$ac_optarg ;;
-
-  -site | --site | --sit)
-    ac_prev=site ;;
-  -site=* | --site=* | --sit=*)
-    site=$ac_optarg ;;
-
-  -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
-    ac_prev=srcdir ;;
-  -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
-    srcdir=$ac_optarg ;;
-
-  -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
-  | --syscon | --sysco | --sysc | --sys | --sy)
-    ac_prev=sysconfdir ;;
-  -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
-  | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
-    sysconfdir=$ac_optarg ;;
-
-  -target | --target | --targe | --targ | --tar | --ta | --t)
-    ac_prev=target_alias ;;
-  -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
-    target_alias=$ac_optarg ;;
-
-  -v | -verbose | --verbose | --verbos | --verbo | --verb)
-    verbose=yes ;;
-
-  -version | --version | --versio | --versi | --vers | -V)
-    ac_init_version=: ;;
-
-  -with-* | --with-*)
-    ac_package=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
-    # Reject names that are not valid shell variable names.
-    expr "x$ac_package" : ".*[^-._$as_cr_alnum]" >/dev/null &&
-      { echo "$as_me: error: invalid package name: $ac_package" >&2
-   { (exit 1); exit 1; }; }
-    ac_package=`echo $ac_package | sed 's/[-.]/_/g'`
-    eval with_$ac_package=\$ac_optarg ;;
-
-  -without-* | --without-*)
-    ac_package=`expr "x$ac_option" : 'x-*without-\(.*\)'`
-    # Reject names that are not valid shell variable names.
-    expr "x$ac_package" : ".*[^-._$as_cr_alnum]" >/dev/null &&
-      { echo "$as_me: error: invalid package name: $ac_package" >&2
-   { (exit 1); exit 1; }; }
-    ac_package=`echo $ac_package | sed 's/[-.]/_/g'`
-    eval with_$ac_package=no ;;
-
-  --x)
-    # Obsolete; use --with-x.
-    with_x=yes ;;
-
-  -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
-  | --x-incl | --x-inc | --x-in | --x-i)
-    ac_prev=x_includes ;;
-  -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
-  | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
-    x_includes=$ac_optarg ;;
-
-  -x-libraries | --x-libraries | --x-librarie | --x-librari \
-  | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
-    ac_prev=x_libraries ;;
-  -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
-  | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
-    x_libraries=$ac_optarg ;;
-
-  -*) { echo "$as_me: error: unrecognized option: $ac_option
-Try \`$0 --help' for more information." >&2
-   { (exit 1); exit 1; }; }
-    ;;
-
-  *=*)
-    ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
-    # Reject names that are not valid shell variable names.
-    expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null &&
-      { echo "$as_me: error: invalid variable name: $ac_envvar" >&2
-   { (exit 1); exit 1; }; }
-    eval $ac_envvar=\$ac_optarg
-    export $ac_envvar ;;
-
-  *)
-    # FIXME: should be removed in autoconf 3.0.
-    echo "$as_me: WARNING: you should use --build, --host, --target" >&2
-    expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
-      echo "$as_me: WARNING: invalid host type: $ac_option" >&2
-    : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}
-    ;;
-
-  esac
-done
-
-if test -n "$ac_prev"; then
-  ac_option=--`echo $ac_prev | sed 's/_/-/g'`
-  { echo "$as_me: error: missing argument to $ac_option" >&2
-   { (exit 1); exit 1; }; }
-fi
-
-# Be sure to have absolute directory names.
-for ac_var in	exec_prefix prefix bindir sbindir libexecdir datarootdir \
-		datadir sysconfdir sharedstatedir localstatedir includedir \
-		oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
-		libdir localedir mandir
-do
-  eval ac_val=\$$ac_var
-  case $ac_val in
-    [\\/$]* | ?:[\\/]* )  continue;;
-    NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
-  esac
-  { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2
-   { (exit 1); exit 1; }; }
-done
-
-# There might be people who depend on the old broken behavior: `$host'
-# used to hold the argument of --host etc.
-# FIXME: To remove some day.
-build=$build_alias
-host=$host_alias
-target=$target_alias
-
-# FIXME: To remove some day.
-if test "x$host_alias" != x; then
-  if test "x$build_alias" = x; then
-    cross_compiling=maybe
-    echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host.
-    If a cross compiler is detected then cross compile mode will be used." >&2
-  elif test "x$build_alias" != "x$host_alias"; then
-    cross_compiling=yes
-  fi
-fi
-
-ac_tool_prefix=
-test -n "$host_alias" && ac_tool_prefix=$host_alias-
-
-test "$silent" = yes && exec 6>/dev/null
-
-
-ac_pwd=`pwd` && test -n "$ac_pwd" &&
-ac_ls_di=`ls -di .` &&
-ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
-  { echo "$as_me: error: Working directory cannot be determined" >&2
-   { (exit 1); exit 1; }; }
-test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
-  { echo "$as_me: error: pwd does not report name of working directory" >&2
-   { (exit 1); exit 1; }; }
-
-
-# Find the source files, if location was not specified.
-if test -z "$srcdir"; then
-  ac_srcdir_defaulted=yes
-  # Try the directory containing this script, then the parent directory.
-  ac_confdir=`$as_dirname -- "$0" ||
-$as_expr X"$0" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-	 X"$0" : 'X\(//\)[^/]' \| \
-	 X"$0" : 'X\(//\)$' \| \
-	 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
-echo X"$0" |
-    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
-	    s//\1/
-	    q
-	  }
-	  /^X\(\/\/\)[^/].*/{
-	    s//\1/
-	    q
-	  }
-	  /^X\(\/\/\)$/{
-	    s//\1/
-	    q
-	  }
-	  /^X\(\/\).*/{
-	    s//\1/
-	    q
-	  }
-	  s/.*/./; q'`
-  srcdir=$ac_confdir
-  if test ! -r "$srcdir/$ac_unique_file"; then
-    srcdir=..
-  fi
-else
-  ac_srcdir_defaulted=no
-fi
-if test ! -r "$srcdir/$ac_unique_file"; then
-  test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
-  { echo "$as_me: error: cannot find sources ($ac_unique_file) in $srcdir" >&2
-   { (exit 1); exit 1; }; }
-fi
-ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
-ac_abs_confdir=`(
-	cd "$srcdir" && test -r "./$ac_unique_file" || { echo "$as_me: error: $ac_msg" >&2
-   { (exit 1); exit 1; }; }
-	pwd)`
-# When building in place, set srcdir=.
-if test "$ac_abs_confdir" = "$ac_pwd"; then
-  srcdir=.
-fi
-# Remove unnecessary trailing slashes from srcdir.
-# Double slashes in file names in object file debugging info
-# mess up M-x gdb in Emacs.
-case $srcdir in
-*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;;
-esac
-for ac_var in $ac_precious_vars; do
-  eval ac_env_${ac_var}_set=\${${ac_var}+set}
-  eval ac_env_${ac_var}_value=\$${ac_var}
-  eval ac_cv_env_${ac_var}_set=\${${ac_var}+set}
-  eval ac_cv_env_${ac_var}_value=\$${ac_var}
-done
-
-#
-# Report the --help message.
-#
-if test "$ac_init_help" = "long"; then
-  # Omit some internal or obsolete options to make the list less imposing.
-  # This message is too long to be a string in the A/UX 3.1 sh.
-  cat <<_ACEOF
-\`configure' configures Heimdal 1.1 to adapt to many kinds of systems.
-
-Usage: $0 [OPTION]... [VAR=VALUE]...
-
-To assign environment variables (e.g., CC, CFLAGS...), specify them as
-VAR=VALUE.  See below for descriptions of some of the useful variables.
-
-Defaults for the options are specified in brackets.
-
-Configuration:
-  -h, --help              display this help and exit
-      --help=short        display options specific to this package
-      --help=recursive    display the short help of all the included packages
-  -V, --version           display version information and exit
-  -q, --quiet, --silent   do not print \`checking...' messages
-      --cache-file=FILE   cache test results in FILE [disabled]
-  -C, --config-cache      alias for \`--cache-file=config.cache'
-  -n, --no-create         do not create output files
-      --srcdir=DIR        find the sources in DIR [configure dir or \`..']
-
-Installation directories:
-  --prefix=PREFIX         install architecture-independent files in PREFIX
-			  [$ac_default_prefix]
-  --exec-prefix=EPREFIX   install architecture-dependent files in EPREFIX
-			  [PREFIX]
-
-By default, \`make install' will install all the files in
-\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc.  You can specify
-an installation prefix other than \`$ac_default_prefix' using \`--prefix',
-for instance \`--prefix=\$HOME'.
-
-For better control, use the options below.
-
-Fine tuning of the installation directories:
-  --bindir=DIR           user executables [EPREFIX/bin]
-  --sbindir=DIR          system admin executables [EPREFIX/sbin]
-  --libexecdir=DIR       program executables [EPREFIX/libexec]
-  --sysconfdir=DIR       read-only single-machine data [PREFIX/etc]
-  --sharedstatedir=DIR   modifiable architecture-independent data [PREFIX/com]
-  --localstatedir=DIR    modifiable single-machine data [PREFIX/var]
-  --libdir=DIR           object code libraries [EPREFIX/lib]
-  --includedir=DIR       C header files [PREFIX/include]
-  --oldincludedir=DIR    C header files for non-gcc [/usr/include]
-  --datarootdir=DIR      read-only arch.-independent data root [PREFIX/share]
-  --datadir=DIR          read-only architecture-independent data [DATAROOTDIR]
-  --infodir=DIR          info documentation [DATAROOTDIR/info]
-  --localedir=DIR        locale-dependent data [DATAROOTDIR/locale]
-  --mandir=DIR           man documentation [DATAROOTDIR/man]
-  --docdir=DIR           documentation root [DATAROOTDIR/doc/heimdal]
-  --htmldir=DIR          html documentation [DOCDIR]
-  --dvidir=DIR           dvi documentation [DOCDIR]
-  --pdfdir=DIR           pdf documentation [DOCDIR]
-  --psdir=DIR            ps documentation [DOCDIR]
-_ACEOF
-
-  cat <<\_ACEOF
-
-Program names:
-  --program-prefix=PREFIX            prepend PREFIX to installed program names
-  --program-suffix=SUFFIX            append SUFFIX to installed program names
-  --program-transform-name=PROGRAM   run sed PROGRAM on installed program names
-
-X features:
-  --x-includes=DIR    X include files are in DIR
-  --x-libraries=DIR   X library files are in DIR
-
-System types:
-  --build=BUILD     configure for building on BUILD [guessed]
-  --host=HOST       cross-compile to build programs to run on HOST [BUILD]
-_ACEOF
-fi
-
-if test -n "$ac_init_help"; then
-  case $ac_init_help in
-     short | recursive ) echo "Configuration of Heimdal 1.1:";;
-   esac
-  cat <<\_ACEOF
-
-Optional Features:
-  --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
-  --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
-  --enable-maintainer-mode  enable make rules and dependencies not useful
-			  (and sometimes confusing) to the casual installer
-  --disable-largefile     omit support for large files
-  --enable-shared[=PKGS]  build shared libraries [default=yes]
-  --enable-static[=PKGS]  build static libraries [default=yes]
-  --enable-fast-install[=PKGS]
-                          optimize for fast installation [default=yes]
-  --disable-libtool-lock  avoid locking (might break parallel builds)
-  --enable-hdb-openldap-module
-                          if you want support to build openldap hdb as shared
-                          object
-  --disable-pk-init       if you want disable to PK-INIT support
-  --enable-pthread-support
-                          if you want thread safe libraries
-  --enable-dce            if you want support for DCE/DFS PAG's
-  --disable-afs-support   if you don't want support for AFS
-  --disable-berkeley-db   if you don't want berkeley db
-  --disable-ndbm-db       if you don't want ndbm db
-  --enable-developer      enable developer warnings
-  --enable-socket-wrapper use sambas socket-wrapper for testing
-  --disable-otp           if you don't want OTP support
-  --enable-osfc2          enable some OSF C2 support
-  --disable-mmap          disable use of mmap
-  --disable-afs-string-to-key
-                          disable use of weak AFS string-to-key functions
-  --enable-bigendian      the target is big endian
-  --enable-littleendian   the target is little endian
-  --disable-dynamic-afs   do not use loaded AFS library with AIX
-  --enable-netinfo        enable netinfo for configuration lookup
-  --enable-kcm            enable Kerberos Credentials Manager
-
-Optional Packages:
-  --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
-  --without-PACKAGE       do not use PACKAGE (same as --with-PACKAGE=no)
-  --with-mips-abi=abi     ABI to use for IRIX (32, n32, or 64)
-  --with-gnu-ld           assume the C compiler uses GNU ld [default=no]
-  --with-pic              try to use only PIC/non-PIC objects [default=use
-                          both]
-  --with-tags[=TAGS]      include additional configurations [automatic]
-  --with-openldap=dir     use openldap in dir
-  --with-openldap-lib=dir use openldap libraries in dir
-  --with-openldap-include=dir
-                          use openldap headers in dir
-  --with-openldap-config=path
-                          config program for openldap
-  --with-hdbdir           Default location for KDC database
-                          [default=/var/heimdal]
-  --with-openssl=dir      use openssl in dir
-  --with-openssl-lib=dir  use openssl libraries in dir
-  --with-openssl-include=dir
-                          use openssl headers in dir
-  --without-ipv6          do not enable IPv6 support
-  --with-readline=dir     use readline in dir
-  --with-readline-lib=dir use readline libraries in dir
-  --with-readline-include=dir
-                          use readline headers in dir
-  --with-readline-config=path
-                          config program for readline
-  --with-hesiod=dir       use hesiod in dir
-  --with-hesiod-lib=dir   use hesiod libraries in dir
-  --with-hesiod-include=dir
-                          use hesiod headers in dir
-  --with-hesiod-config=path
-                          config program for hesiod
-  --with-x                use the X Window System
-
-Some influential environment variables:
-  CC          C compiler command
-  CFLAGS      C compiler flags
-  LDFLAGS     linker flags, e.g. -L<lib dir> if you have libraries in a
-              nonstandard directory <lib dir>
-  LIBS        libraries to pass to the linker, e.g. -l<library>
-  CPPFLAGS    C/C++/Objective C preprocessor flags, e.g. -I<include dir> if
-              you have headers in a nonstandard directory <include dir>
-  CPP         C preprocessor
-  YACC        The `Yet Another C Compiler' implementation to use. Defaults to
-              the first program found out of: `bison -y', `byacc', `yacc'.
-  YFLAGS      The list of arguments that will be passed by default to $YACC.
-              This script will default YFLAGS to the empty string to avoid a
-              default value of `-d' given by some make applications.
-  CXX         C++ compiler command
-  CXXFLAGS    C++ compiler flags
-  CXXCPP      C++ preprocessor
-  F77         Fortran 77 compiler command
-  FFLAGS      Fortran 77 compiler flags
-  XMKMF       Path to xmkmf, Makefile generator for X Window System
-
-Use these variables to override the choices made by `configure' or to help
-it to find libraries and programs with nonstandard names/locations.
-
-Report bugs to <heimdal-bugs@h5l.org>.
-_ACEOF
-ac_status=$?
-fi
-
-if test "$ac_init_help" = "recursive"; then
-  # If there are subdirs, report their specific --help.
-  for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
-    test -d "$ac_dir" || continue
-    ac_builddir=.
-
-case "$ac_dir" in
-.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
-*)
-  ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'`
-  # A ".." for each directory in $ac_dir_suffix.
-  ac_top_builddir_sub=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,/..,g;s,/,,'`
-  case $ac_top_builddir_sub in
-  "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
-  *)  ac_top_build_prefix=$ac_top_builddir_sub/ ;;
-  esac ;;
-esac
-ac_abs_top_builddir=$ac_pwd
-ac_abs_builddir=$ac_pwd$ac_dir_suffix
-# for backward compatibility:
-ac_top_builddir=$ac_top_build_prefix
-
-case $srcdir in
-  .)  # We are building in place.
-    ac_srcdir=.
-    ac_top_srcdir=$ac_top_builddir_sub
-    ac_abs_top_srcdir=$ac_pwd ;;
-  [\\/]* | ?:[\\/]* )  # Absolute name.
-    ac_srcdir=$srcdir$ac_dir_suffix;
-    ac_top_srcdir=$srcdir
-    ac_abs_top_srcdir=$srcdir ;;
-  *) # Relative name.
-    ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
-    ac_top_srcdir=$ac_top_build_prefix$srcdir
-    ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
-esac
-ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
-
-    cd "$ac_dir" || { ac_status=$?; continue; }
-    # Check for guested configure.
-    if test -f "$ac_srcdir/configure.gnu"; then
-      echo &&
-      $SHELL "$ac_srcdir/configure.gnu" --help=recursive
-    elif test -f "$ac_srcdir/configure"; then
-      echo &&
-      $SHELL "$ac_srcdir/configure" --help=recursive
-    else
-      echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
-    fi || ac_status=$?
-    cd "$ac_pwd" || { ac_status=$?; break; }
-  done
-fi
-
-test -n "$ac_init_help" && exit $ac_status
-if $ac_init_version; then
-  cat <<\_ACEOF
-Heimdal configure 1.1
-generated by GNU Autoconf 2.61
-
-Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
-2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
-This configure script is free software; the Free Software Foundation
-gives unlimited permission to copy, distribute and modify it.
-_ACEOF
-  exit
-fi
-cat >config.log <<_ACEOF
-This file contains any messages produced by compilers while
-running configure, to aid debugging if configure makes a mistake.
-
-It was created by Heimdal $as_me 1.1, which was
-generated by GNU Autoconf 2.61.  Invocation command line was
-
-  $ $0 $@
-
-_ACEOF
-exec 5>>config.log
-{
-cat <<_ASUNAME
-## --------- ##
-## Platform. ##
-## --------- ##
-
-hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
-uname -m = `(uname -m) 2>/dev/null || echo unknown`
-uname -r = `(uname -r) 2>/dev/null || echo unknown`
-uname -s = `(uname -s) 2>/dev/null || echo unknown`
-uname -v = `(uname -v) 2>/dev/null || echo unknown`
-
-/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
-/bin/uname -X     = `(/bin/uname -X) 2>/dev/null     || echo unknown`
-
-/bin/arch              = `(/bin/arch) 2>/dev/null              || echo unknown`
-/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null       || echo unknown`
-/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
-/usr/bin/hostinfo      = `(/usr/bin/hostinfo) 2>/dev/null      || echo unknown`
-/bin/machine           = `(/bin/machine) 2>/dev/null           || echo unknown`
-/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null       || echo unknown`
-/bin/universe          = `(/bin/universe) 2>/dev/null          || echo unknown`
-
-_ASUNAME
-
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  echo "PATH: $as_dir"
-done
-IFS=$as_save_IFS
-
-} >&5
-
-cat >&5 <<_ACEOF
-
-
-## ----------- ##
-## Core tests. ##
-## ----------- ##
-
-_ACEOF
-
-
-# Keep a trace of the command line.
-# Strip out --no-create and --no-recursion so they do not pile up.
-# Strip out --silent because we don't want to record it for future runs.
-# Also quote any args containing shell meta-characters.
-# Make two passes to allow for proper duplicate-argument suppression.
-ac_configure_args=
-ac_configure_args0=
-ac_configure_args1=
-ac_must_keep_next=false
-for ac_pass in 1 2
-do
-  for ac_arg
-  do
-    case $ac_arg in
-    -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
-    -q | -quiet | --quiet | --quie | --qui | --qu | --q \
-    | -silent | --silent | --silen | --sile | --sil)
-      continue ;;
-    *\'*)
-      ac_arg=`echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
-    esac
-    case $ac_pass in
-    1) ac_configure_args0="$ac_configure_args0 '$ac_arg'" ;;
-    2)
-      ac_configure_args1="$ac_configure_args1 '$ac_arg'"
-      if test $ac_must_keep_next = true; then
-	ac_must_keep_next=false # Got value, back to normal.
-      else
-	case $ac_arg in
-	  *=* | --config-cache | -C | -disable-* | --disable-* \
-	  | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
-	  | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
-	  | -with-* | --with-* | -without-* | --without-* | --x)
-	    case "$ac_configure_args0 " in
-	      "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
-	    esac
-	    ;;
-	  -* ) ac_must_keep_next=true ;;
-	esac
-      fi
-      ac_configure_args="$ac_configure_args '$ac_arg'"
-      ;;
-    esac
-  done
-done
-$as_unset ac_configure_args0 || test "${ac_configure_args0+set}" != set || { ac_configure_args0=; export ac_configure_args0; }
-$as_unset ac_configure_args1 || test "${ac_configure_args1+set}" != set || { ac_configure_args1=; export ac_configure_args1; }
-
-# When interrupted or exit'd, cleanup temporary files, and complete
-# config.log.  We remove comments because anyway the quotes in there
-# would cause problems or look ugly.
-# WARNING: Use '\'' to represent an apostrophe within the trap.
-# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
-trap 'exit_status=$?
-  # Save into config.log some information that might help in debugging.
-  {
-    echo
-
-    cat <<\_ASBOX
-## ---------------- ##
-## Cache variables. ##
-## ---------------- ##
-_ASBOX
-    echo
-    # The following way of writing the cache mishandles newlines in values,
-(
-  for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
-    eval ac_val=\$$ac_var
-    case $ac_val in #(
-    *${as_nl}*)
-      case $ac_var in #(
-      *_cv_*) { echo "$as_me:$LINENO: WARNING: Cache variable $ac_var contains a newline." >&5
-echo "$as_me: WARNING: Cache variable $ac_var contains a newline." >&2;} ;;
-      esac
-      case $ac_var in #(
-      _ | IFS | as_nl) ;; #(
-      *) $as_unset $ac_var ;;
-      esac ;;
-    esac
-  done
-  (set) 2>&1 |
-    case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
-    *${as_nl}ac_space=\ *)
-      sed -n \
-	"s/'\''/'\''\\\\'\'''\''/g;
-	  s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
-      ;; #(
-    *)
-      sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
-      ;;
-    esac |
-    sort
-)
-    echo
-
-    cat <<\_ASBOX
-## ----------------- ##
-## Output variables. ##
-## ----------------- ##
-_ASBOX
-    echo
-    for ac_var in $ac_subst_vars
-    do
-      eval ac_val=\$$ac_var
-      case $ac_val in
-      *\'\''*) ac_val=`echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
-      esac
-      echo "$ac_var='\''$ac_val'\''"
-    done | sort
-    echo
-
-    if test -n "$ac_subst_files"; then
-      cat <<\_ASBOX
-## ------------------- ##
-## File substitutions. ##
-## ------------------- ##
-_ASBOX
-      echo
-      for ac_var in $ac_subst_files
-      do
-	eval ac_val=\$$ac_var
-	case $ac_val in
-	*\'\''*) ac_val=`echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
-	esac
-	echo "$ac_var='\''$ac_val'\''"
-      done | sort
-      echo
-    fi
-
-    if test -s confdefs.h; then
-      cat <<\_ASBOX
-## ----------- ##
-## confdefs.h. ##
-## ----------- ##
-_ASBOX
-      echo
-      cat confdefs.h
-      echo
-    fi
-    test "$ac_signal" != 0 &&
-      echo "$as_me: caught signal $ac_signal"
-    echo "$as_me: exit $exit_status"
-  } >&5
-  rm -f core *.core core.conftest.* &&
-    rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
-    exit $exit_status
-' 0
-for ac_signal in 1 2 13 15; do
-  trap 'ac_signal='$ac_signal'; { (exit 1); exit 1; }' $ac_signal
-done
-ac_signal=0
-
-# confdefs.h avoids OS command line length limits that DEFS can exceed.
-rm -f -r conftest* confdefs.h
-
-# Predefined preprocessor variables.
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_NAME "$PACKAGE_NAME"
-_ACEOF
-
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
-_ACEOF
-
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_VERSION "$PACKAGE_VERSION"
-_ACEOF
-
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_STRING "$PACKAGE_STRING"
-_ACEOF
-
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
-_ACEOF
-
-
-# Let the site file select an alternate cache file if it wants to.
-# Prefer explicitly selected file to automatically selected ones.
-if test -n "$CONFIG_SITE"; then
-  set x "$CONFIG_SITE"
-elif test "x$prefix" != xNONE; then
-  set x "$prefix/share/config.site" "$prefix/etc/config.site"
-else
-  set x "$ac_default_prefix/share/config.site" \
-	"$ac_default_prefix/etc/config.site"
-fi
-shift
-for ac_site_file
-do
-  if test -r "$ac_site_file"; then
-    { echo "$as_me:$LINENO: loading site script $ac_site_file" >&5
-echo "$as_me: loading site script $ac_site_file" >&6;}
-    sed 's/^/| /' "$ac_site_file" >&5
-    . "$ac_site_file"
-  fi
-done
-
-if test -r "$cache_file"; then
-  # Some versions of bash will fail to source /dev/null (special
-  # files actually), so we avoid doing that.
-  if test -f "$cache_file"; then
-    { echo "$as_me:$LINENO: loading cache $cache_file" >&5
-echo "$as_me: loading cache $cache_file" >&6;}
-    case $cache_file in
-      [\\/]* | ?:[\\/]* ) . "$cache_file";;
-      *)                      . "./$cache_file";;
-    esac
-  fi
-else
-  { echo "$as_me:$LINENO: creating cache $cache_file" >&5
-echo "$as_me: creating cache $cache_file" >&6;}
-  >$cache_file
-fi
-
-# Check that the precious variables saved in the cache have kept the same
-# value.
-ac_cache_corrupted=false
-for ac_var in $ac_precious_vars; do
-  eval ac_old_set=\$ac_cv_env_${ac_var}_set
-  eval ac_new_set=\$ac_env_${ac_var}_set
-  eval ac_old_val=\$ac_cv_env_${ac_var}_value
-  eval ac_new_val=\$ac_env_${ac_var}_value
-  case $ac_old_set,$ac_new_set in
-    set,)
-      { echo "$as_me:$LINENO: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
-echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
-      ac_cache_corrupted=: ;;
-    ,set)
-      { echo "$as_me:$LINENO: error: \`$ac_var' was not set in the previous run" >&5
-echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
-      ac_cache_corrupted=: ;;
-    ,);;
-    *)
-      if test "x$ac_old_val" != "x$ac_new_val"; then
-	{ echo "$as_me:$LINENO: error: \`$ac_var' has changed since the previous run:" >&5
-echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
-	{ echo "$as_me:$LINENO:   former value:  $ac_old_val" >&5
-echo "$as_me:   former value:  $ac_old_val" >&2;}
-	{ echo "$as_me:$LINENO:   current value: $ac_new_val" >&5
-echo "$as_me:   current value: $ac_new_val" >&2;}
-	ac_cache_corrupted=:
-      fi;;
-  esac
-  # Pass precious variables to config.status.
-  if test "$ac_new_set" = set; then
-    case $ac_new_val in
-    *\'*) ac_arg=$ac_var=`echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
-    *) ac_arg=$ac_var=$ac_new_val ;;
-    esac
-    case " $ac_configure_args " in
-      *" '$ac_arg' "*) ;; # Avoid dups.  Use of quotes ensures accuracy.
-      *) ac_configure_args="$ac_configure_args '$ac_arg'" ;;
-    esac
-  fi
-done
-if $ac_cache_corrupted; then
-  { echo "$as_me:$LINENO: error: changes in the environment can compromise the build" >&5
-echo "$as_me: error: changes in the environment can compromise the build" >&2;}
-  { { echo "$as_me:$LINENO: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5
-echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;}
-   { (exit 1); exit 1; }; }
-fi
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-
-ac_config_headers="$ac_config_headers include/config.h"
-
-
-am__api_version='1.10'
-
-ac_aux_dir=
-for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
-  if test -f "$ac_dir/install-sh"; then
-    ac_aux_dir=$ac_dir
-    ac_install_sh="$ac_aux_dir/install-sh -c"
-    break
-  elif test -f "$ac_dir/install.sh"; then
-    ac_aux_dir=$ac_dir
-    ac_install_sh="$ac_aux_dir/install.sh -c"
-    break
-  elif test -f "$ac_dir/shtool"; then
-    ac_aux_dir=$ac_dir
-    ac_install_sh="$ac_aux_dir/shtool install -c"
-    break
-  fi
-done
-if test -z "$ac_aux_dir"; then
-  { { echo "$as_me:$LINENO: error: cannot find install-sh or install.sh in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" >&5
-echo "$as_me: error: cannot find install-sh or install.sh in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" >&2;}
-   { (exit 1); exit 1; }; }
-fi
-
-# These three variables are undocumented and unsupported,
-# and are intended to be withdrawn in a future Autoconf release.
-# They can cause serious problems if a builder's source tree is in a directory
-# whose full name contains unusual characters.
-ac_config_guess="$SHELL $ac_aux_dir/config.guess"  # Please don't use this var.
-ac_config_sub="$SHELL $ac_aux_dir/config.sub"  # Please don't use this var.
-ac_configure="$SHELL $ac_aux_dir/configure"  # Please don't use this var.
-
-
-# Find a good install program.  We prefer a C program (faster),
-# so one script is as good as another.  But avoid the broken or
-# incompatible versions:
-# SysV /etc/install, /usr/sbin/install
-# SunOS /usr/etc/install
-# IRIX /sbin/install
-# AIX /bin/install
-# AmigaOS /C/install, which installs bootblocks on floppy discs
-# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
-# AFS /usr/afsws/bin/install, which mishandles nonexistent args
-# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
-# OS/2's system install, which has a completely different semantic
-# ./install, which can be erroneously created by make from ./install.sh.
-{ echo "$as_me:$LINENO: checking for a BSD-compatible install" >&5
-echo $ECHO_N "checking for a BSD-compatible install... $ECHO_C" >&6; }
-if test -z "$INSTALL"; then
-if test "${ac_cv_path_install+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  # Account for people who put trailing slashes in PATH elements.
-case $as_dir/ in
-  ./ | .// | /cC/* | \
-  /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
-  ?:\\/os2\\/install\\/* | ?:\\/OS2\\/INSTALL\\/* | \
-  /usr/ucb/* ) ;;
-  *)
-    # OSF1 and SCO ODT 3.0 have their own names for install.
-    # Don't use installbsd from OSF since it installs stuff as root
-    # by default.
-    for ac_prog in ginstall scoinst install; do
-      for ac_exec_ext in '' $ac_executable_extensions; do
-	if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; }; then
-	  if test $ac_prog = install &&
-	    grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
-	    # AIX install.  It has an incompatible calling convention.
-	    :
-	  elif test $ac_prog = install &&
-	    grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
-	    # program-specific install script used by HP pwplus--don't use.
-	    :
-	  else
-	    ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c"
-	    break 3
-	  fi
-	fi
-      done
-    done
-    ;;
-esac
-done
-IFS=$as_save_IFS
-
-
-fi
-  if test "${ac_cv_path_install+set}" = set; then
-    INSTALL=$ac_cv_path_install
-  else
-    # As a last resort, use the slow shell script.  Don't cache a
-    # value for INSTALL within a source directory, because that will
-    # break other packages using the cache if that directory is
-    # removed, or if the value is a relative name.
-    INSTALL=$ac_install_sh
-  fi
-fi
-{ echo "$as_me:$LINENO: result: $INSTALL" >&5
-echo "${ECHO_T}$INSTALL" >&6; }
-
-# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
-# It thinks the first close brace ends the variable substitution.
-test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
-
-test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
-
-test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
-
-{ echo "$as_me:$LINENO: checking whether build environment is sane" >&5
-echo $ECHO_N "checking whether build environment is sane... $ECHO_C" >&6; }
-# Just in case
-sleep 1
-echo timestamp > conftest.file
-# Do `set' in a subshell so we don't clobber the current shell's
-# arguments.  Must try -L first in case configure is actually a
-# symlink; some systems play weird games with the mod time of symlinks
-# (eg FreeBSD returns the mod time of the symlink's containing
-# directory).
-if (
-   set X `ls -Lt $srcdir/configure conftest.file 2> /dev/null`
-   if test "$*" = "X"; then
-      # -L didn't work.
-      set X `ls -t $srcdir/configure conftest.file`
-   fi
-   rm -f conftest.file
-   if test "$*" != "X $srcdir/configure conftest.file" \
-      && test "$*" != "X conftest.file $srcdir/configure"; then
-
-      # If neither matched, then we have a broken ls.  This can happen
-      # if, for instance, CONFIG_SHELL is bash and it inherits a
-      # broken ls alias from the environment.  This has actually
-      # happened.  Such a system could not be considered "sane".
-      { { echo "$as_me:$LINENO: error: ls -t appears to fail.  Make sure there is not a broken
-alias in your environment" >&5
-echo "$as_me: error: ls -t appears to fail.  Make sure there is not a broken
-alias in your environment" >&2;}
-   { (exit 1); exit 1; }; }
-   fi
-
-   test "$2" = conftest.file
-   )
-then
-   # Ok.
-   :
-else
-   { { echo "$as_me:$LINENO: error: newly created file is older than distributed files!
-Check your system clock" >&5
-echo "$as_me: error: newly created file is older than distributed files!
-Check your system clock" >&2;}
-   { (exit 1); exit 1; }; }
-fi
-{ echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-test "$program_prefix" != NONE &&
-  program_transform_name="s&^&$program_prefix&;$program_transform_name"
-# Use a double $ so make ignores it.
-test "$program_suffix" != NONE &&
-  program_transform_name="s&\$&$program_suffix&;$program_transform_name"
-# Double any \ or $.  echo might interpret backslashes.
-# By default was `s,x,x', remove it if useless.
-cat <<\_ACEOF >conftest.sed
-s/[\\$]/&&/g;s/;s,x,x,$//
-_ACEOF
-program_transform_name=`echo $program_transform_name | sed -f conftest.sed`
-rm -f conftest.sed
-
-# expand $ac_aux_dir to an absolute path
-am_aux_dir=`cd $ac_aux_dir && pwd`
-
-test x"${MISSING+set}" = xset || MISSING="\${SHELL} $am_aux_dir/missing"
-# Use eval to expand $SHELL
-if eval "$MISSING --run true"; then
-  am_missing_run="$MISSING --run "
-else
-  am_missing_run=
-  { echo "$as_me:$LINENO: WARNING: \`missing' script is too old or missing" >&5
-echo "$as_me: WARNING: \`missing' script is too old or missing" >&2;}
-fi
-
-{ echo "$as_me:$LINENO: checking for a thread-safe mkdir -p" >&5
-echo $ECHO_N "checking for a thread-safe mkdir -p... $ECHO_C" >&6; }
-if test -z "$MKDIR_P"; then
-  if test "${ac_cv_path_mkdir+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_prog in mkdir gmkdir; do
-	 for ac_exec_ext in '' $ac_executable_extensions; do
-	   { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; } || continue
-	   case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #(
-	     'mkdir (GNU coreutils) '* | \
-	     'mkdir (coreutils) '* | \
-	     'mkdir (fileutils) '4.1*)
-	       ac_cv_path_mkdir=$as_dir/$ac_prog$ac_exec_ext
-	       break 3;;
-	   esac
-	 done
-       done
-done
-IFS=$as_save_IFS
-
-fi
-
-  if test "${ac_cv_path_mkdir+set}" = set; then
-    MKDIR_P="$ac_cv_path_mkdir -p"
-  else
-    # As a last resort, use the slow shell script.  Don't cache a
-    # value for MKDIR_P within a source directory, because that will
-    # break other packages using the cache if that directory is
-    # removed, or if the value is a relative name.
-    test -d ./--version && rmdir ./--version
-    MKDIR_P="$ac_install_sh -d"
-  fi
-fi
-{ echo "$as_me:$LINENO: result: $MKDIR_P" >&5
-echo "${ECHO_T}$MKDIR_P" >&6; }
-
-mkdir_p="$MKDIR_P"
-case $mkdir_p in
-  [\\/$]* | ?:[\\/]*) ;;
-  */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;;
-esac
-
-for ac_prog in gawk mawk nawk awk
-do
-  # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_AWK+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$AWK"; then
-  ac_cv_prog_AWK="$AWK" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-    ac_cv_prog_AWK="$ac_prog"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-AWK=$ac_cv_prog_AWK
-if test -n "$AWK"; then
-  { echo "$as_me:$LINENO: result: $AWK" >&5
-echo "${ECHO_T}$AWK" >&6; }
-else
-  { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-
-
-  test -n "$AWK" && break
-done
-
-{ echo "$as_me:$LINENO: checking whether ${MAKE-make} sets \$(MAKE)" >&5
-echo $ECHO_N "checking whether ${MAKE-make} sets \$(MAKE)... $ECHO_C" >&6; }
-set x ${MAKE-make}; ac_make=`echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'`
-if { as_var=ac_cv_prog_make_${ac_make}_set; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.make <<\_ACEOF
-SHELL = /bin/sh
-all:
-	@echo '@@@%%%=$(MAKE)=@@@%%%'
-_ACEOF
-# GNU make sometimes prints "make[1]: Entering...", which would confuse us.
-case `${MAKE-make} -f conftest.make 2>/dev/null` in
-  *@@@%%%=?*=@@@%%%*)
-    eval ac_cv_prog_make_${ac_make}_set=yes;;
-  *)
-    eval ac_cv_prog_make_${ac_make}_set=no;;
-esac
-rm -f conftest.make
-fi
-if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then
-  { echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-  SET_MAKE=
-else
-  { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-  SET_MAKE="MAKE=${MAKE-make}"
-fi
-
-rm -rf .tst 2>/dev/null
-mkdir .tst 2>/dev/null
-if test -d .tst; then
-  am__leading_dot=.
-else
-  am__leading_dot=_
-fi
-rmdir .tst 2>/dev/null
-
-if test "`cd $srcdir && pwd`" != "`pwd`"; then
-  # Use -I$(srcdir) only when $(srcdir) != ., so that make's output
-  # is not polluted with repeated "-I."
-  am__isrc=' -I$(srcdir)'
-  # test to see if srcdir already configured
-  if test -f $srcdir/config.status; then
-    { { echo "$as_me:$LINENO: error: source directory already configured; run \"make distclean\" there first" >&5
-echo "$as_me: error: source directory already configured; run \"make distclean\" there first" >&2;}
-   { (exit 1); exit 1; }; }
-  fi
-fi
-
-# test whether we have cygpath
-if test -z "$CYGPATH_W"; then
-  if (cygpath --version) >/dev/null 2>/dev/null; then
-    CYGPATH_W='cygpath -w'
-  else
-    CYGPATH_W=echo
-  fi
-fi
-
-
-# Define the identity of the package.
- PACKAGE='heimdal'
- VERSION='1.1'
-
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE "$PACKAGE"
-_ACEOF
-
-
-cat >>confdefs.h <<_ACEOF
-#define VERSION "$VERSION"
-_ACEOF
-
-# Some tools Automake needs.
-
-ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"}
-
-
-AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"}
-
-
-AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"}
-
-
-AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"}
-
-
-MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"}
-
-install_sh=${install_sh-"\$(SHELL) $am_aux_dir/install-sh"}
-
-# Installed binaries are usually stripped using `strip' when the user
-# run `make install-strip'.  However `strip' might not be the right
-# tool to use in cross-compilation environments, therefore Automake
-# will honor the `STRIP' environment variable to overrule this program.
-if test "$cross_compiling" != no; then
-  if test -n "$ac_tool_prefix"; then
-  # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
-set dummy ${ac_tool_prefix}strip; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_STRIP+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$STRIP"; then
-  ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-    ac_cv_prog_STRIP="${ac_tool_prefix}strip"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-STRIP=$ac_cv_prog_STRIP
-if test -n "$STRIP"; then
-  { echo "$as_me:$LINENO: result: $STRIP" >&5
-echo "${ECHO_T}$STRIP" >&6; }
-else
-  { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_STRIP"; then
-  ac_ct_STRIP=$STRIP
-  # Extract the first word of "strip", so it can be a program name with args.
-set dummy strip; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$ac_ct_STRIP"; then
-  ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-    ac_cv_prog_ac_ct_STRIP="strip"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
-if test -n "$ac_ct_STRIP"; then
-  { echo "$as_me:$LINENO: result: $ac_ct_STRIP" >&5
-echo "${ECHO_T}$ac_ct_STRIP" >&6; }
-else
-  { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-
-  if test "x$ac_ct_STRIP" = x; then
-    STRIP=":"
-  else
-    case $cross_compiling:$ac_tool_warned in
-yes:)
-{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet.  If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&5
-echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet.  If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&2;}
-ac_tool_warned=yes ;;
-esac
-    STRIP=$ac_ct_STRIP
-  fi
-else
-  STRIP="$ac_cv_prog_STRIP"
-fi
-
-fi
-INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
-
-# We need awk for the "check" target.  The system "awk" is bad on
-# some platforms.
-# Always define AMTAR for backward compatibility.
-
-AMTAR=${AMTAR-"${am_missing_run}tar"}
-
-am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'
-
-
-
-
-
-{ echo "$as_me:$LINENO: checking whether to enable maintainer-specific portions of Makefiles" >&5
-echo $ECHO_N "checking whether to enable maintainer-specific portions of Makefiles... $ECHO_C" >&6; }
-    # Check whether --enable-maintainer-mode was given.
-if test "${enable_maintainer_mode+set}" = set; then
-  enableval=$enable_maintainer_mode; USE_MAINTAINER_MODE=$enableval
-else
-  USE_MAINTAINER_MODE=no
-fi
-
-  { echo "$as_me:$LINENO: result: $USE_MAINTAINER_MODE" >&5
-echo "${ECHO_T}$USE_MAINTAINER_MODE" >&6; }
-   if test $USE_MAINTAINER_MODE = yes; then
-  MAINTAINER_MODE_TRUE=
-  MAINTAINER_MODE_FALSE='#'
-else
-  MAINTAINER_MODE_TRUE='#'
-  MAINTAINER_MODE_FALSE=
-fi
-
-  MAINT=$MAINTAINER_MODE_TRUE
-
-
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-if test -n "$ac_tool_prefix"; then
-  # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
-set dummy ${ac_tool_prefix}gcc; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_CC+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$CC"; then
-  ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-    ac_cv_prog_CC="${ac_tool_prefix}gcc"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
-  { echo "$as_me:$LINENO: result: $CC" >&5
-echo "${ECHO_T}$CC" >&6; }
-else
-  { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_CC"; then
-  ac_ct_CC=$CC
-  # Extract the first word of "gcc", so it can be a program name with args.
-set dummy gcc; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$ac_ct_CC"; then
-  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-    ac_cv_prog_ac_ct_CC="gcc"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
-  { echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
-echo "${ECHO_T}$ac_ct_CC" >&6; }
-else
-  { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-
-  if test "x$ac_ct_CC" = x; then
-    CC=""
-  else
-    case $cross_compiling:$ac_tool_warned in
-yes:)
-{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet.  If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&5
-echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet.  If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&2;}
-ac_tool_warned=yes ;;
-esac
-    CC=$ac_ct_CC
-  fi
-else
-  CC="$ac_cv_prog_CC"
-fi
-
-if test -z "$CC"; then
-          if test -n "$ac_tool_prefix"; then
-    # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
-set dummy ${ac_tool_prefix}cc; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_CC+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$CC"; then
-  ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-    ac_cv_prog_CC="${ac_tool_prefix}cc"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
-  { echo "$as_me:$LINENO: result: $CC" >&5
-echo "${ECHO_T}$CC" >&6; }
-else
-  { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-
-
-  fi
-fi
-if test -z "$CC"; then
-  # Extract the first word of "cc", so it can be a program name with args.
-set dummy cc; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_CC+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$CC"; then
-  ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-  ac_prog_rejected=no
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-    if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
-       ac_prog_rejected=yes
-       continue
-     fi
-    ac_cv_prog_CC="cc"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-IFS=$as_save_IFS
-
-if test $ac_prog_rejected = yes; then
-  # We found a bogon in the path, so make sure we never use it.
-  set dummy $ac_cv_prog_CC
-  shift
-  if test $# != 0; then
-    # We chose a different compiler from the bogus one.
-    # However, it has the same basename, so the bogon will be chosen
-    # first if we set CC to just the basename; use the full file name.
-    shift
-    ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
-  fi
-fi
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
-  { echo "$as_me:$LINENO: result: $CC" >&5
-echo "${ECHO_T}$CC" >&6; }
-else
-  { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-
-
-fi
-if test -z "$CC"; then
-  if test -n "$ac_tool_prefix"; then
-  for ac_prog in cl.exe
-  do
-    # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
-set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_CC+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$CC"; then
-  ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-    ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
-  { echo "$as_me:$LINENO: result: $CC" >&5
-echo "${ECHO_T}$CC" >&6; }
-else
-  { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-
-
-    test -n "$CC" && break
-  done
-fi
-if test -z "$CC"; then
-  ac_ct_CC=$CC
-  for ac_prog in cl.exe
-do
-  # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$ac_ct_CC"; then
-  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-    ac_cv_prog_ac_ct_CC="$ac_prog"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
-  { echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
-echo "${ECHO_T}$ac_ct_CC" >&6; }
-else
-  { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-
-
-  test -n "$ac_ct_CC" && break
-done
-
-  if test "x$ac_ct_CC" = x; then
-    CC=""
-  else
-    case $cross_compiling:$ac_tool_warned in
-yes:)
-{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet.  If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&5
-echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet.  If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&2;}
-ac_tool_warned=yes ;;
-esac
-    CC=$ac_ct_CC
-  fi
-fi
-
-fi
-
-
-test -z "$CC" && { { echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH
-See \`config.log' for more details." >&5
-echo "$as_me: error: no acceptable C compiler found in \$PATH
-See \`config.log' for more details." >&2;}
-   { (exit 1); exit 1; }; }
-
-# Provide some information about the compiler.
-echo "$as_me:$LINENO: checking for C compiler version" >&5
-ac_compiler=`set X $ac_compile; echo $2`
-{ (ac_try="$ac_compiler --version >&5"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compiler --version >&5") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }
-{ (ac_try="$ac_compiler -v >&5"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compiler -v >&5") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }
-{ (ac_try="$ac_compiler -V >&5"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compiler -V >&5") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }
-
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-ac_clean_files_save=$ac_clean_files
-ac_clean_files="$ac_clean_files a.out a.exe b.out"
-# Try to create an executable without -o first, disregard a.out.
-# It will help us diagnose broken compilers, and finding out an intuition
-# of exeext.
-{ echo "$as_me:$LINENO: checking for C compiler default output file name" >&5
-echo $ECHO_N "checking for C compiler default output file name... $ECHO_C" >&6; }
-ac_link_default=`echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
-#
-# List of possible output files, starting from the most likely.
-# The algorithm is not robust to junk in `.', hence go to wildcards (a.*)
-# only as a last resort.  b.out is created by i960 compilers.
-ac_files='a_out.exe a.exe conftest.exe a.out conftest a.* conftest.* b.out'
-#
-# The IRIX 6 linker writes into existing files which may not be
-# executable, retaining their permissions.  Remove them first so a
-# subsequent execution test works.
-ac_rmfiles=
-for ac_file in $ac_files
-do
-  case $ac_file in
-    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.o | *.obj ) ;;
-    * ) ac_rmfiles="$ac_rmfiles $ac_file";;
-  esac
-done
-rm -f $ac_rmfiles
-
-if { (ac_try="$ac_link_default"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link_default") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-  # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
-# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
-# in a Makefile.  We should not override ac_cv_exeext if it was cached,
-# so that the user can short-circuit this test for compilers unknown to
-# Autoconf.
-for ac_file in $ac_files ''
-do
-  test -f "$ac_file" || continue
-  case $ac_file in
-    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.o | *.obj )
-	;;
-    [ab].out )
-	# We found the default executable, but exeext='' is most
-	# certainly right.
-	break;;
-    *.* )
-        if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no;
-	then :; else
-	   ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
-	fi
-	# We set ac_cv_exeext here because the later test for it is not
-	# safe: cross compilers may not add the suffix if given an `-o'
-	# argument, so we may need to know it at that point already.
-	# Even if this section looks crufty: it has the advantage of
-	# actually working.
-	break;;
-    * )
-	break;;
-  esac
-done
-test "$ac_cv_exeext" = no && ac_cv_exeext=
-
-else
-  ac_file=''
-fi
-
-{ echo "$as_me:$LINENO: result: $ac_file" >&5
-echo "${ECHO_T}$ac_file" >&6; }
-if test -z "$ac_file"; then
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-{ { echo "$as_me:$LINENO: error: C compiler cannot create executables
-See \`config.log' for more details." >&5
-echo "$as_me: error: C compiler cannot create executables
-See \`config.log' for more details." >&2;}
-   { (exit 77); exit 77; }; }
-fi
-
-ac_exeext=$ac_cv_exeext
-
-# Check that the compiler produces executables we can run.  If not, either
-# the compiler is broken, or we cross compile.
-{ echo "$as_me:$LINENO: checking whether the C compiler works" >&5
-echo $ECHO_N "checking whether the C compiler works... $ECHO_C" >&6; }
-# FIXME: These cross compiler hacks should be removed for Autoconf 3.0
-# If not cross compiling, check that we can run a simple program.
-if test "$cross_compiling" != yes; then
-  if { ac_try='./$ac_file'
-  { (case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_try") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-    cross_compiling=no
-  else
-    if test "$cross_compiling" = maybe; then
-	cross_compiling=yes
-    else
-	{ { echo "$as_me:$LINENO: error: cannot run C compiled programs.
-If you meant to cross compile, use \`--host'.
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot run C compiled programs.
-If you meant to cross compile, use \`--host'.
-See \`config.log' for more details." >&2;}
-   { (exit 1); exit 1; }; }
-    fi
-  fi
-fi
-{ echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-
-rm -f a.out a.exe conftest$ac_cv_exeext b.out
-ac_clean_files=$ac_clean_files_save
-# Check that the compiler produces executables we can run.  If not, either
-# the compiler is broken, or we cross compile.
-{ echo "$as_me:$LINENO: checking whether we are cross compiling" >&5
-echo $ECHO_N "checking whether we are cross compiling... $ECHO_C" >&6; }
-{ echo "$as_me:$LINENO: result: $cross_compiling" >&5
-echo "${ECHO_T}$cross_compiling" >&6; }
-
-{ echo "$as_me:$LINENO: checking for suffix of executables" >&5
-echo $ECHO_N "checking for suffix of executables... $ECHO_C" >&6; }
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-  # If both `conftest.exe' and `conftest' are `present' (well, observable)
-# catch `conftest.exe'.  For instance with Cygwin, `ls conftest' will
-# work properly (i.e., refer to `conftest.exe'), while it won't with
-# `rm'.
-for ac_file in conftest.exe conftest conftest.*; do
-  test -f "$ac_file" || continue
-  case $ac_file in
-    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.o | *.obj ) ;;
-    *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
-	  break;;
-    * ) break;;
-  esac
-done
-else
-  { { echo "$as_me:$LINENO: error: cannot compute suffix of executables: cannot compile and link
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot compute suffix of executables: cannot compile and link
-See \`config.log' for more details." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-
-rm -f conftest$ac_cv_exeext
-{ echo "$as_me:$LINENO: result: $ac_cv_exeext" >&5
-echo "${ECHO_T}$ac_cv_exeext" >&6; }
-
-rm -f conftest.$ac_ext
-EXEEXT=$ac_cv_exeext
-ac_exeext=$EXEEXT
-{ echo "$as_me:$LINENO: checking for suffix of object files" >&5
-echo $ECHO_N "checking for suffix of object files... $ECHO_C" >&6; }
-if test "${ac_cv_objext+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.o conftest.obj
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-  for ac_file in conftest.o conftest.obj conftest.*; do
-  test -f "$ac_file" || continue;
-  case $ac_file in
-    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf ) ;;
-    *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
-       break;;
-  esac
-done
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-{ { echo "$as_me:$LINENO: error: cannot compute suffix of object files: cannot compile
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot compute suffix of object files: cannot compile
-See \`config.log' for more details." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-
-rm -f conftest.$ac_cv_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_objext" >&5
-echo "${ECHO_T}$ac_cv_objext" >&6; }
-OBJEXT=$ac_cv_objext
-ac_objext=$OBJEXT
-{ echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5
-echo $ECHO_N "checking whether we are using the GNU C compiler... $ECHO_C" >&6; }
-if test "${ac_cv_c_compiler_gnu+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-int
-main ()
-{
-#ifndef __GNUC__
-       choke me
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_compiler_gnu=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_compiler_gnu=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-ac_cv_c_compiler_gnu=$ac_compiler_gnu
-
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5
-echo "${ECHO_T}$ac_cv_c_compiler_gnu" >&6; }
-GCC=`test $ac_compiler_gnu = yes && echo yes`
-ac_test_CFLAGS=${CFLAGS+set}
-ac_save_CFLAGS=$CFLAGS
-{ echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5
-echo $ECHO_N "checking whether $CC accepts -g... $ECHO_C" >&6; }
-if test "${ac_cv_prog_cc_g+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_save_c_werror_flag=$ac_c_werror_flag
-   ac_c_werror_flag=yes
-   ac_cv_prog_cc_g=no
-   CFLAGS="-g"
-   cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_prog_cc_g=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	CFLAGS=""
-      cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  :
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_c_werror_flag=$ac_save_c_werror_flag
-	 CFLAGS="-g"
-	 cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_prog_cc_g=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-   ac_c_werror_flag=$ac_save_c_werror_flag
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5
-echo "${ECHO_T}$ac_cv_prog_cc_g" >&6; }
-if test "$ac_test_CFLAGS" = set; then
-  CFLAGS=$ac_save_CFLAGS
-elif test $ac_cv_prog_cc_g = yes; then
-  if test "$GCC" = yes; then
-    CFLAGS="-g -O2"
-  else
-    CFLAGS="-g"
-  fi
-else
-  if test "$GCC" = yes; then
-    CFLAGS="-O2"
-  else
-    CFLAGS=
-  fi
-fi
-{ echo "$as_me:$LINENO: checking for $CC option to accept ISO C89" >&5
-echo $ECHO_N "checking for $CC option to accept ISO C89... $ECHO_C" >&6; }
-if test "${ac_cv_prog_cc_c89+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_cv_prog_cc_c89=no
-ac_save_CC=$CC
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <stdarg.h>
-#include <stdio.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-/* Most of the following tests are stolen from RCS 5.7's src/conf.sh.  */
-struct buf { int x; };
-FILE * (*rcsopen) (struct buf *, struct stat *, int);
-static char *e (p, i)
-     char **p;
-     int i;
-{
-  return p[i];
-}
-static char *f (char * (*g) (char **, int), char **p, ...)
-{
-  char *s;
-  va_list v;
-  va_start (v,p);
-  s = g (p, va_arg (v,int));
-  va_end (v);
-  return s;
-}
-
-/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default.  It has
-   function prototypes and stuff, but not '\xHH' hex character constants.
-   These don't provoke an error unfortunately, instead are silently treated
-   as 'x'.  The following induces an error, until -std is added to get
-   proper ANSI mode.  Curiously '\x00'!='x' always comes out true, for an
-   array size at least.  It's necessary to write '\x00'==0 to get something
-   that's true only with -std.  */
-int osf4_cc_array ['\x00' == 0 ? 1 : -1];
-
-/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
-   inside strings and character constants.  */
-#define FOO(x) 'x'
-int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
-
-int test (int i, double x);
-struct s1 {int (*f) (int a);};
-struct s2 {int (*f) (double a);};
-int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
-int argc;
-char **argv;
-int
-main ()
-{
-return f (e, argv, 0) != argv[0]  ||  f (e, argv, 1) != argv[1];
-  ;
-  return 0;
-}
-_ACEOF
-for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
-	-Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
-do
-  CC="$ac_save_CC $ac_arg"
-  rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_prog_cc_c89=$ac_arg
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext
-  test "x$ac_cv_prog_cc_c89" != "xno" && break
-done
-rm -f conftest.$ac_ext
-CC=$ac_save_CC
-
-fi
-# AC_CACHE_VAL
-case "x$ac_cv_prog_cc_c89" in
-  x)
-    { echo "$as_me:$LINENO: result: none needed" >&5
-echo "${ECHO_T}none needed" >&6; } ;;
-  xno)
-    { echo "$as_me:$LINENO: result: unsupported" >&5
-echo "${ECHO_T}unsupported" >&6; } ;;
-  *)
-    CC="$CC $ac_cv_prog_cc_c89"
-    { echo "$as_me:$LINENO: result: $ac_cv_prog_cc_c89" >&5
-echo "${ECHO_T}$ac_cv_prog_cc_c89" >&6; } ;;
-esac
-
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-if test "x$CC" != xcc; then
-  { echo "$as_me:$LINENO: checking whether $CC and cc understand -c and -o together" >&5
-echo $ECHO_N "checking whether $CC and cc understand -c and -o together... $ECHO_C" >&6; }
-else
-  { echo "$as_me:$LINENO: checking whether cc understands -c and -o together" >&5
-echo $ECHO_N "checking whether cc understands -c and -o together... $ECHO_C" >&6; }
-fi
-set dummy $CC; ac_cc=`echo $2 |
-		      sed 's/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/'`
-if { as_var=ac_cv_prog_cc_${ac_cc}_c_o; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-# Make sure it works both with $CC and with simple cc.
-# We do the test twice because some compilers refuse to overwrite an
-# existing .o file with -o, though they will create one.
-ac_try='$CC -c conftest.$ac_ext -o conftest2.$ac_objext >&5'
-rm -f conftest2.*
-if { (case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_try") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-   test -f conftest2.$ac_objext && { (case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_try") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); };
-then
-  eval ac_cv_prog_cc_${ac_cc}_c_o=yes
-  if test "x$CC" != xcc; then
-    # Test first that cc exists at all.
-    if { ac_try='cc -c conftest.$ac_ext >&5'
-  { (case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_try") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-      ac_try='cc -c conftest.$ac_ext -o conftest2.$ac_objext >&5'
-      rm -f conftest2.*
-      if { (case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_try") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 test -f conftest2.$ac_objext && { (case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_try") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); };
-      then
-	# cc works too.
-	:
-      else
-	# cc exists but doesn't like -o.
-	eval ac_cv_prog_cc_${ac_cc}_c_o=no
-      fi
-    fi
-  fi
-else
-  eval ac_cv_prog_cc_${ac_cc}_c_o=no
-fi
-rm -f core conftest*
-
-fi
-if eval test \$ac_cv_prog_cc_${ac_cc}_c_o = yes; then
-  { echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-else
-  { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-
-cat >>confdefs.h <<\_ACEOF
-#define NO_MINUS_C_MINUS_O 1
-_ACEOF
-
-fi
-
-# FIXME: we rely on the cache variable name because
-# there is no other way.
-set dummy $CC
-ac_cc=`echo $2 | sed 's/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/'`
-if eval "test \"`echo '$ac_cv_prog_cc_'${ac_cc}_c_o`\" != yes"; then
-   # Losing compiler, so override with the script.
-   # FIXME: It is wrong to rewrite CC.
-   # But if we don't then we get into trouble of one sort or another.
-   # A longer-term fix would be to have automake use am__CC in this case,
-   # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)"
-   CC="$am_aux_dir/compile $CC"
-fi
-
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-{ echo "$as_me:$LINENO: checking how to run the C preprocessor" >&5
-echo $ECHO_N "checking how to run the C preprocessor... $ECHO_C" >&6; }
-# On Suns, sometimes $CPP names a directory.
-if test -n "$CPP" && test -d "$CPP"; then
-  CPP=
-fi
-if test -z "$CPP"; then
-  if test "${ac_cv_prog_CPP+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-      # Double quotes because CPP needs to be expanded
-    for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
-    do
-      ac_preproc_ok=false
-for ac_c_preproc_warn_flag in '' yes
-do
-  # Use a header file that comes with gcc, so configuring glibc
-  # with a fresh cross-compiler works.
-  # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-  # <limits.h> exists even on freestanding compilers.
-  # On the NeXT, cc -E runs the code through the compiler's parser,
-  # not just through cpp. "Syntax error" is here to catch this case.
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-		     Syntax error
-_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null && {
-	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       }; then
-  :
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-  # Broken: fails on valid input.
-continue
-fi
-
-rm -f conftest.err conftest.$ac_ext
-
-  # OK, works on sane cases.  Now check whether nonexistent headers
-  # can be detected and how.
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <ac_nonexistent.h>
-_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null && {
-	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       }; then
-  # Broken: success on invalid input.
-continue
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-  # Passes both tests.
-ac_preproc_ok=:
-break
-fi
-
-rm -f conftest.err conftest.$ac_ext
-
-done
-# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
-rm -f conftest.err conftest.$ac_ext
-if $ac_preproc_ok; then
-  break
-fi
-
-    done
-    ac_cv_prog_CPP=$CPP
-
-fi
-  CPP=$ac_cv_prog_CPP
-else
-  ac_cv_prog_CPP=$CPP
-fi
-{ echo "$as_me:$LINENO: result: $CPP" >&5
-echo "${ECHO_T}$CPP" >&6; }
-ac_preproc_ok=false
-for ac_c_preproc_warn_flag in '' yes
-do
-  # Use a header file that comes with gcc, so configuring glibc
-  # with a fresh cross-compiler works.
-  # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-  # <limits.h> exists even on freestanding compilers.
-  # On the NeXT, cc -E runs the code through the compiler's parser,
-  # not just through cpp. "Syntax error" is here to catch this case.
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-		     Syntax error
-_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null && {
-	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       }; then
-  :
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-  # Broken: fails on valid input.
-continue
-fi
-
-rm -f conftest.err conftest.$ac_ext
-
-  # OK, works on sane cases.  Now check whether nonexistent headers
-  # can be detected and how.
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <ac_nonexistent.h>
-_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null && {
-	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       }; then
-  # Broken: success on invalid input.
-continue
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-  # Passes both tests.
-ac_preproc_ok=:
-break
-fi
-
-rm -f conftest.err conftest.$ac_ext
-
-done
-# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
-rm -f conftest.err conftest.$ac_ext
-if $ac_preproc_ok; then
-  :
-else
-  { { echo "$as_me:$LINENO: error: C preprocessor \"$CPP\" fails sanity check
-See \`config.log' for more details." >&5
-echo "$as_me: error: C preprocessor \"$CPP\" fails sanity check
-See \`config.log' for more details." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-
-
-test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc'
-test "$localstatedir" = '${prefix}/var' && localstatedir='/var/heimdal'
-
-# Make sure we can run config.sub.
-$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 ||
-  { { echo "$as_me:$LINENO: error: cannot run $SHELL $ac_aux_dir/config.sub" >&5
-echo "$as_me: error: cannot run $SHELL $ac_aux_dir/config.sub" >&2;}
-   { (exit 1); exit 1; }; }
-
-{ echo "$as_me:$LINENO: checking build system type" >&5
-echo $ECHO_N "checking build system type... $ECHO_C" >&6; }
-if test "${ac_cv_build+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_build_alias=$build_alias
-test "x$ac_build_alias" = x &&
-  ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"`
-test "x$ac_build_alias" = x &&
-  { { echo "$as_me:$LINENO: error: cannot guess build type; you must specify one" >&5
-echo "$as_me: error: cannot guess build type; you must specify one" >&2;}
-   { (exit 1); exit 1; }; }
-ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` ||
-  { { echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $ac_build_alias failed" >&5
-echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $ac_build_alias failed" >&2;}
-   { (exit 1); exit 1; }; }
-
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_build" >&5
-echo "${ECHO_T}$ac_cv_build" >&6; }
-case $ac_cv_build in
-*-*-*) ;;
-*) { { echo "$as_me:$LINENO: error: invalid value of canonical build" >&5
-echo "$as_me: error: invalid value of canonical build" >&2;}
-   { (exit 1); exit 1; }; };;
-esac
-build=$ac_cv_build
-ac_save_IFS=$IFS; IFS='-'
-set x $ac_cv_build
-shift
-build_cpu=$1
-build_vendor=$2
-shift; shift
-# Remember, the first character of IFS is used to create $*,
-# except with old shells:
-build_os=$*
-IFS=$ac_save_IFS
-case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac
-
-
-{ echo "$as_me:$LINENO: checking host system type" >&5
-echo $ECHO_N "checking host system type... $ECHO_C" >&6; }
-if test "${ac_cv_host+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test "x$host_alias" = x; then
-  ac_cv_host=$ac_cv_build
-else
-  ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` ||
-    { { echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $host_alias failed" >&5
-echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $host_alias failed" >&2;}
-   { (exit 1); exit 1; }; }
-fi
-
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_host" >&5
-echo "${ECHO_T}$ac_cv_host" >&6; }
-case $ac_cv_host in
-*-*-*) ;;
-*) { { echo "$as_me:$LINENO: error: invalid value of canonical host" >&5
-echo "$as_me: error: invalid value of canonical host" >&2;}
-   { (exit 1); exit 1; }; };;
-esac
-host=$ac_cv_host
-ac_save_IFS=$IFS; IFS='-'
-set x $ac_cv_host
-shift
-host_cpu=$1
-host_vendor=$2
-shift; shift
-# Remember, the first character of IFS is used to create $*,
-# except with old shells:
-host_os=$*
-IFS=$ac_save_IFS
-case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac
-
-
-CANONICAL_HOST=$host
-
-
-
-
-
-
-	{ echo "$as_me:$LINENO: autobuild project... ${PACKAGE_NAME:-$PACKAGE}" >&5
-echo "$as_me: autobuild project... ${PACKAGE_NAME:-$PACKAGE}" >&6;}
-	{ echo "$as_me:$LINENO: autobuild revision... ${PACKAGE_VERSION:-$VERSION}" >&5
-echo "$as_me: autobuild revision... ${PACKAGE_VERSION:-$VERSION}" >&6;}
-	hostname=`hostname`
-	if test "$hostname"; then
-	   { echo "$as_me:$LINENO: autobuild hostname... $hostname" >&5
-echo "$as_me: autobuild hostname... $hostname" >&6;}
-	fi
-
-	date=`date +%Y%m%d-%H%M%S`
-	if test "$?" != 0; then
-	   date=`date`
-	fi
-	if test "$date"; then
-	   { echo "$as_me:$LINENO: autobuild timestamp... $date" >&5
-echo "$as_me: autobuild timestamp... $date" >&6;}
-	fi
-
-
-
-# Check whether --enable-largefile was given.
-if test "${enable_largefile+set}" = set; then
-  enableval=$enable_largefile;
-fi
-
-if test "$enable_largefile" != no; then
-
-  { echo "$as_me:$LINENO: checking for special C compiler options needed for large files" >&5
-echo $ECHO_N "checking for special C compiler options needed for large files... $ECHO_C" >&6; }
-if test "${ac_cv_sys_largefile_CC+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_cv_sys_largefile_CC=no
-     if test "$GCC" != yes; then
-       ac_save_CC=$CC
-       while :; do
-	 # IRIX 6.2 and later do not support large files by default,
-	 # so use the C compiler's -n32 option if that helps.
-	 cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <sys/types.h>
- /* Check that off_t can represent 2**63 - 1 correctly.
-    We can't simply define LARGE_OFF_T to be 9223372036854775807,
-    since some C++ compilers masquerading as C compilers
-    incorrectly reject 9223372036854775807.  */
-#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
-  int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
-		       && LARGE_OFF_T % 2147483647 == 1)
-		      ? 1 : -1];
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-	 rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext
-	 CC="$CC -n32"
-	 rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_sys_largefile_CC=' -n32'; break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext
-	 break
-       done
-       CC=$ac_save_CC
-       rm -f conftest.$ac_ext
-    fi
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_sys_largefile_CC" >&5
-echo "${ECHO_T}$ac_cv_sys_largefile_CC" >&6; }
-  if test "$ac_cv_sys_largefile_CC" != no; then
-    CC=$CC$ac_cv_sys_largefile_CC
-  fi
-
-  { echo "$as_me:$LINENO: checking for _FILE_OFFSET_BITS value needed for large files" >&5
-echo $ECHO_N "checking for _FILE_OFFSET_BITS value needed for large files... $ECHO_C" >&6; }
-if test "${ac_cv_sys_file_offset_bits+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  while :; do
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <sys/types.h>
- /* Check that off_t can represent 2**63 - 1 correctly.
-    We can't simply define LARGE_OFF_T to be 9223372036854775807,
-    since some C++ compilers masquerading as C compilers
-    incorrectly reject 9223372036854775807.  */
-#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
-  int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
-		       && LARGE_OFF_T % 2147483647 == 1)
-		      ? 1 : -1];
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_sys_file_offset_bits=no; break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#define _FILE_OFFSET_BITS 64
-#include <sys/types.h>
- /* Check that off_t can represent 2**63 - 1 correctly.
-    We can't simply define LARGE_OFF_T to be 9223372036854775807,
-    since some C++ compilers masquerading as C compilers
-    incorrectly reject 9223372036854775807.  */
-#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
-  int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
-		       && LARGE_OFF_T % 2147483647 == 1)
-		      ? 1 : -1];
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_sys_file_offset_bits=64; break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-  ac_cv_sys_file_offset_bits=unknown
-  break
-done
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_sys_file_offset_bits" >&5
-echo "${ECHO_T}$ac_cv_sys_file_offset_bits" >&6; }
-case $ac_cv_sys_file_offset_bits in #(
-  no | unknown) ;;
-  *)
-cat >>confdefs.h <<_ACEOF
-#define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits
-_ACEOF
-;;
-esac
-rm -f conftest*
-  if test $ac_cv_sys_file_offset_bits = unknown; then
-    { echo "$as_me:$LINENO: checking for _LARGE_FILES value needed for large files" >&5
-echo $ECHO_N "checking for _LARGE_FILES value needed for large files... $ECHO_C" >&6; }
-if test "${ac_cv_sys_large_files+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  while :; do
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <sys/types.h>
- /* Check that off_t can represent 2**63 - 1 correctly.
-    We can't simply define LARGE_OFF_T to be 9223372036854775807,
-    since some C++ compilers masquerading as C compilers
-    incorrectly reject 9223372036854775807.  */
-#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
-  int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
-		       && LARGE_OFF_T % 2147483647 == 1)
-		      ? 1 : -1];
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_sys_large_files=no; break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#define _LARGE_FILES 1
-#include <sys/types.h>
- /* Check that off_t can represent 2**63 - 1 correctly.
-    We can't simply define LARGE_OFF_T to be 9223372036854775807,
-    since some C++ compilers masquerading as C compilers
-    incorrectly reject 9223372036854775807.  */
-#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
-  int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
-		       && LARGE_OFF_T % 2147483647 == 1)
-		      ? 1 : -1];
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_sys_large_files=1; break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-  ac_cv_sys_large_files=unknown
-  break
-done
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_sys_large_files" >&5
-echo "${ECHO_T}$ac_cv_sys_large_files" >&6; }
-case $ac_cv_sys_large_files in #(
-  no | unknown) ;;
-  *)
-cat >>confdefs.h <<_ACEOF
-#define _LARGE_FILES $ac_cv_sys_large_files
-_ACEOF
-;;
-esac
-rm -f conftest*
-  fi
-fi
-
-
-if test "$enable_largefile" != no -a "$ac_cv_sys_large_files" != no; then
-	CPPFLAGS="$CPPFLAGS -D_LARGE_FILES=$ac_cv_sys_large_files"
-fi
-if test "$enable_largefile" != no -a "$ac_cv_sys_file_offset_bits" != no; then
-	CPPFLAGS="$CPPFLAGS -D_FILE_OFFSET_BITS=$ac_cv_sys_file_offset_bits"
-fi
-
-
-
-cat >>confdefs.h <<\_ACEOF
-#define _GNU_SOURCE 1
-_ACEOF
-
-
-
-
-
-for ac_prog in 'bison -y' byacc
-do
-  # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_YACC+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$YACC"; then
-  ac_cv_prog_YACC="$YACC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-    ac_cv_prog_YACC="$ac_prog"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-YACC=$ac_cv_prog_YACC
-if test -n "$YACC"; then
-  { echo "$as_me:$LINENO: result: $YACC" >&5
-echo "${ECHO_T}$YACC" >&6; }
-else
-  { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-
-
-  test -n "$YACC" && break
-done
-test -n "$YACC" || YACC="yacc"
-
-for ac_prog in flex lex
-do
-  # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_LEX+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$LEX"; then
-  ac_cv_prog_LEX="$LEX" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-    ac_cv_prog_LEX="$ac_prog"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-LEX=$ac_cv_prog_LEX
-if test -n "$LEX"; then
-  { echo "$as_me:$LINENO: result: $LEX" >&5
-echo "${ECHO_T}$LEX" >&6; }
-else
-  { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-
-
-  test -n "$LEX" && break
-done
-test -n "$LEX" || LEX=":"
-
-if test "x$LEX" != "x:"; then
-  cat >conftest.l <<_ACEOF
-%%
-a { ECHO; }
-b { REJECT; }
-c { yymore (); }
-d { yyless (1); }
-e { yyless (input () != 0); }
-f { unput (yytext[0]); }
-. { BEGIN INITIAL; }
-%%
-#ifdef YYTEXT_POINTER
-extern char *yytext;
-#endif
-int
-main (void)
-{
-  return ! yylex () + ! yywrap ();
-}
-_ACEOF
-{ (ac_try="$LEX conftest.l"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$LEX conftest.l") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }
-{ echo "$as_me:$LINENO: checking lex output file root" >&5
-echo $ECHO_N "checking lex output file root... $ECHO_C" >&6; }
-if test "${ac_cv_prog_lex_root+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if test -f lex.yy.c; then
-  ac_cv_prog_lex_root=lex.yy
-elif test -f lexyy.c; then
-  ac_cv_prog_lex_root=lexyy
-else
-  { { echo "$as_me:$LINENO: error: cannot find output from $LEX; giving up" >&5
-echo "$as_me: error: cannot find output from $LEX; giving up" >&2;}
-   { (exit 1); exit 1; }; }
-fi
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_prog_lex_root" >&5
-echo "${ECHO_T}$ac_cv_prog_lex_root" >&6; }
-LEX_OUTPUT_ROOT=$ac_cv_prog_lex_root
-
-if test -z "${LEXLIB+set}"; then
-  { echo "$as_me:$LINENO: checking lex library" >&5
-echo $ECHO_N "checking lex library... $ECHO_C" >&6; }
-if test "${ac_cv_lib_lex+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-    ac_save_LIBS=$LIBS
-    ac_cv_lib_lex='none needed'
-    for ac_lib in '' -lfl -ll; do
-      LIBS="$ac_lib $ac_save_LIBS"
-      cat >conftest.$ac_ext <<_ACEOF
-`cat $LEX_OUTPUT_ROOT.c`
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_lib_lex=$ac_lib
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-      test "$ac_cv_lib_lex" != 'none needed' && break
-    done
-    LIBS=$ac_save_LIBS
-
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_lib_lex" >&5
-echo "${ECHO_T}$ac_cv_lib_lex" >&6; }
-  test "$ac_cv_lib_lex" != 'none needed' && LEXLIB=$ac_cv_lib_lex
-fi
-
-
-{ echo "$as_me:$LINENO: checking whether yytext is a pointer" >&5
-echo $ECHO_N "checking whether yytext is a pointer... $ECHO_C" >&6; }
-if test "${ac_cv_prog_lex_yytext_pointer+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  # POSIX says lex can declare yytext either as a pointer or an array; the
-# default is implementation-dependent.  Figure out which it is, since
-# not all implementations provide the %pointer and %array declarations.
-ac_cv_prog_lex_yytext_pointer=no
-ac_save_LIBS=$LIBS
-LIBS="$LEXLIB $ac_save_LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#define YYTEXT_POINTER 1
-`cat $LEX_OUTPUT_ROOT.c`
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_prog_lex_yytext_pointer=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_save_LIBS
-
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_prog_lex_yytext_pointer" >&5
-echo "${ECHO_T}$ac_cv_prog_lex_yytext_pointer" >&6; }
-if test $ac_cv_prog_lex_yytext_pointer = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define YYTEXT_POINTER 1
-_ACEOF
-
-fi
-rm -f conftest.l $LEX_OUTPUT_ROOT.c
-
-fi
-if test "$LEX" = :; then
-  LEX=${am_missing_run}flex
-fi
-for ac_prog in gawk mawk nawk awk
-do
-  # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_AWK+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$AWK"; then
-  ac_cv_prog_AWK="$AWK" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-    ac_cv_prog_AWK="$ac_prog"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-AWK=$ac_cv_prog_AWK
-if test -n "$AWK"; then
-  { echo "$as_me:$LINENO: result: $AWK" >&5
-echo "${ECHO_T}$AWK" >&6; }
-else
-  { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-
-
-  test -n "$AWK" && break
-done
-
-{ echo "$as_me:$LINENO: checking for ln -s or something else" >&5
-echo $ECHO_N "checking for ln -s or something else... $ECHO_C" >&6; }
-if test "${ac_cv_prog_LN_S+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  rm -f conftestdata
-if ln -s X conftestdata 2>/dev/null
-then
-  rm -f conftestdata
-  ac_cv_prog_LN_S="ln -s"
-else
-  touch conftestdata1
-  if ln conftestdata1 conftestdata2; then
-    rm -f conftestdata*
-    ac_cv_prog_LN_S=ln
-  else
-    ac_cv_prog_LN_S=cp
-  fi
-fi
-fi
-LN_S="$ac_cv_prog_LN_S"
-{ echo "$as_me:$LINENO: result: $ac_cv_prog_LN_S" >&5
-echo "${ECHO_T}$ac_cv_prog_LN_S" >&6; }
-
-
-
-
-# Check whether --with-mips_abi was given.
-if test "${with_mips_abi+set}" = set; then
-  withval=$with_mips_abi;
-fi
-
-
-case "$host_os" in
-irix*)
-with_mips_abi="${with_mips_abi:-yes}"
-if test -n "$GCC"; then
-
-# GCC < 2.8 only supports the O32 ABI. GCC >= 2.8 has a flag to select
-# which ABI to use, but only supports (as of 2.8.1) the N32 and 64 ABIs.
-#
-# Default to N32, but if GCC doesn't grok -mabi=n32, we assume an old
-# GCC and revert back to O32. The same goes if O32 is asked for - old
-# GCCs doesn't like the -mabi option, and new GCCs can't output O32.
-#
-# Don't you just love *all* the different SGI ABIs?
-
-case "${with_mips_abi}" in
-        32|o32) abi='-mabi=32';  abilibdirext=''     ;;
-       n32|yes) abi='-mabi=n32'; abilibdirext='32'  ;;
-        64) abi='-mabi=64';  abilibdirext='64'   ;;
-	no) abi=''; abilibdirext='';;
-         *) { { echo "$as_me:$LINENO: error: \"Invalid ABI specified\"" >&5
-echo "$as_me: error: \"Invalid ABI specified\"" >&2;}
-   { (exit 1); exit 1; }; } ;;
-esac
-if test -n "$abi" ; then
-ac_foo=krb_cv_gcc_`echo $abi | tr =- __`
-{ echo "$as_me:$LINENO: checking if $CC supports the $abi option" >&5
-echo $ECHO_N "checking if $CC supports the $abi option... $ECHO_C" >&6; }
-if { as_var=$ac_foo; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-save_CFLAGS="$CFLAGS"
-CFLAGS="$CFLAGS $abi"
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-int
-main ()
-{
-int x;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval $ac_foo=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval $ac_foo=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_extCFLAGS="$save_CFLAGS"
-
-fi
-
-ac_res=`eval echo \\\$$ac_foo`
-{ echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test $ac_res = no; then
-# Try to figure out why that failed...
-case $abi in
-	-mabi=32)
-	save_CFLAGS="$CFLAGS"
-	CFLAGS="$CFLAGS -mabi=n32"
-	cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-int
-main ()
-{
-int x;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_res=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_res=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext	CLAGS="$save_CFLAGS"
-	if test $ac_res = yes; then
-		# New GCC
-		{ { echo "$as_me:$LINENO: error: $CC does not support the $with_mips_abi ABI" >&5
-echo "$as_me: error: $CC does not support the $with_mips_abi ABI" >&2;}
-   { (exit 1); exit 1; }; }
-	fi
-	# Old GCC
-	abi=''
-	abilibdirext=''
-	;;
-	-mabi=n32|-mabi=64)
-		if test $with_mips_abi = yes; then
-			# Old GCC, default to O32
-			abi=''
-			abilibdirext=''
-		else
-			# Some broken GCC
-			{ { echo "$as_me:$LINENO: error: $CC does not support the $with_mips_abi ABI" >&5
-echo "$as_me: error: $CC does not support the $with_mips_abi ABI" >&2;}
-   { (exit 1); exit 1; }; }
-		fi
-	;;
-esac
-fi #if test $ac_res = no; then
-fi #if test -n "$abi" ; then
-else
-case "${with_mips_abi}" in
-        32|o32) abi='-32'; abilibdirext=''     ;;
-       n32|yes) abi='-n32'; abilibdirext='32'  ;;
-        64) abi='-64'; abilibdirext='64'   ;;
-	no) abi=''; abilibdirext='';;
-         *) { { echo "$as_me:$LINENO: error: \"Invalid ABI specified\"" >&5
-echo "$as_me: error: \"Invalid ABI specified\"" >&2;}
-   { (exit 1); exit 1; }; } ;;
-esac
-fi #if test -n "$GCC"; then
-;;
-esac
-
-CC="$CC $abi"
-libdir="$libdir$abilibdirext"
-
-
-{ echo "$as_me:$LINENO: checking for __attribute__" >&5
-echo $ECHO_N "checking for __attribute__... $ECHO_C" >&6; }
-if test "${ac_cv___attribute__+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <stdlib.h>
-static void foo(void) __attribute__ ((noreturn));
-
-static void
-foo(void)
-{
-  exit(1);
-}
-
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv___attribute__=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv___attribute__=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-
-if test "$ac_cv___attribute__" = "yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE___ATTRIBUTE__ 1
-_ACEOF
-
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv___attribute__" >&5
-echo "${ECHO_T}$ac_cv___attribute__" >&6; }
-
-
-# Check whether --enable-shared was given.
-if test "${enable_shared+set}" = set; then
-  enableval=$enable_shared; p=${PACKAGE-default}
-    case $enableval in
-    yes) enable_shared=yes ;;
-    no) enable_shared=no ;;
-    *)
-      enable_shared=no
-      # Look at the argument we got.  We use all the common list separators.
-      lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
-      for pkg in $enableval; do
-	IFS="$lt_save_ifs"
-	if test "X$pkg" = "X$p"; then
-	  enable_shared=yes
-	fi
-      done
-      IFS="$lt_save_ifs"
-      ;;
-    esac
-else
-  enable_shared=yes
-fi
-
-
-# Check whether --enable-static was given.
-if test "${enable_static+set}" = set; then
-  enableval=$enable_static; p=${PACKAGE-default}
-    case $enableval in
-    yes) enable_static=yes ;;
-    no) enable_static=no ;;
-    *)
-     enable_static=no
-      # Look at the argument we got.  We use all the common list separators.
-      lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
-      for pkg in $enableval; do
-	IFS="$lt_save_ifs"
-	if test "X$pkg" = "X$p"; then
-	  enable_static=yes
-	fi
-      done
-      IFS="$lt_save_ifs"
-      ;;
-    esac
-else
-  enable_static=yes
-fi
-
-
-# Check whether --enable-fast-install was given.
-if test "${enable_fast_install+set}" = set; then
-  enableval=$enable_fast_install; p=${PACKAGE-default}
-    case $enableval in
-    yes) enable_fast_install=yes ;;
-    no) enable_fast_install=no ;;
-    *)
-      enable_fast_install=no
-      # Look at the argument we got.  We use all the common list separators.
-      lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
-      for pkg in $enableval; do
-	IFS="$lt_save_ifs"
-	if test "X$pkg" = "X$p"; then
-	  enable_fast_install=yes
-	fi
-      done
-      IFS="$lt_save_ifs"
-      ;;
-    esac
-else
-  enable_fast_install=yes
-fi
-
-
-{ echo "$as_me:$LINENO: checking for a sed that does not truncate output" >&5
-echo $ECHO_N "checking for a sed that does not truncate output... $ECHO_C" >&6; }
-if test "${lt_cv_path_SED+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  # Loop through the user's path and test for sed and gsed.
-# Then use that list of sed's as ones to test for truncation.
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for lt_ac_prog in sed gsed; do
-    for ac_exec_ext in '' $ac_executable_extensions; do
-      if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then
-        lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext"
-      fi
-    done
-  done
-done
-lt_ac_max=0
-lt_ac_count=0
-# Add /usr/xpg4/bin/sed as it is typically found on Solaris
-# along with /bin/sed that truncates output.
-for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do
-  test ! -f $lt_ac_sed && continue
-  cat /dev/null > conftest.in
-  lt_ac_count=0
-  echo $ECHO_N "0123456789$ECHO_C" >conftest.in
-  # Check for GNU sed and select it if it is found.
-  if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then
-    lt_cv_path_SED=$lt_ac_sed
-    break
-  fi
-  while true; do
-    cat conftest.in conftest.in >conftest.tmp
-    mv conftest.tmp conftest.in
-    cp conftest.in conftest.nl
-    echo >>conftest.nl
-    $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break
-    cmp -s conftest.out conftest.nl || break
-    # 10000 chars as input seems more than enough
-    test $lt_ac_count -gt 10 && break
-    lt_ac_count=`expr $lt_ac_count + 1`
-    if test $lt_ac_count -gt $lt_ac_max; then
-      lt_ac_max=$lt_ac_count
-      lt_cv_path_SED=$lt_ac_sed
-    fi
-  done
-done
-
-fi
-
-SED=$lt_cv_path_SED
-{ echo "$as_me:$LINENO: result: $SED" >&5
-echo "${ECHO_T}$SED" >&6; }
-
-{ echo "$as_me:$LINENO: checking for grep that handles long lines and -e" >&5
-echo $ECHO_N "checking for grep that handles long lines and -e... $ECHO_C" >&6; }
-if test "${ac_cv_path_GREP+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  # Extract the first word of "grep ggrep" to use in msg output
-if test -z "$GREP"; then
-set dummy grep ggrep; ac_prog_name=$2
-if test "${ac_cv_path_GREP+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_path_GREP_found=false
-# Loop through the user's path and test for each of PROGNAME-LIST
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_prog in grep ggrep; do
-  for ac_exec_ext in '' $ac_executable_extensions; do
-    ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext"
-    { test -f "$ac_path_GREP" && $as_test_x "$ac_path_GREP"; } || continue
-    # Check for GNU ac_path_GREP and select it if it is found.
-  # Check for GNU $ac_path_GREP
-case `"$ac_path_GREP" --version 2>&1` in
-*GNU*)
-  ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;;
-*)
-  ac_count=0
-  echo $ECHO_N "0123456789$ECHO_C" >"conftest.in"
-  while :
-  do
-    cat "conftest.in" "conftest.in" >"conftest.tmp"
-    mv "conftest.tmp" "conftest.in"
-    cp "conftest.in" "conftest.nl"
-    echo 'GREP' >> "conftest.nl"
-    "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break
-    diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
-    ac_count=`expr $ac_count + 1`
-    if test $ac_count -gt ${ac_path_GREP_max-0}; then
-      # Best one so far, save it but keep looking for a better one
-      ac_cv_path_GREP="$ac_path_GREP"
-      ac_path_GREP_max=$ac_count
-    fi
-    # 10*(2^10) chars as input seems more than enough
-    test $ac_count -gt 10 && break
-  done
-  rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
-esac
-
-
-    $ac_path_GREP_found && break 3
-  done
-done
-
-done
-IFS=$as_save_IFS
-
-
-fi
-
-GREP="$ac_cv_path_GREP"
-if test -z "$GREP"; then
-  { { echo "$as_me:$LINENO: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&5
-echo "$as_me: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&2;}
-   { (exit 1); exit 1; }; }
-fi
-
-else
-  ac_cv_path_GREP=$GREP
-fi
-
-
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_path_GREP" >&5
-echo "${ECHO_T}$ac_cv_path_GREP" >&6; }
- GREP="$ac_cv_path_GREP"
-
-
-{ echo "$as_me:$LINENO: checking for egrep" >&5
-echo $ECHO_N "checking for egrep... $ECHO_C" >&6; }
-if test "${ac_cv_path_EGREP+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
-   then ac_cv_path_EGREP="$GREP -E"
-   else
-     # Extract the first word of "egrep" to use in msg output
-if test -z "$EGREP"; then
-set dummy egrep; ac_prog_name=$2
-if test "${ac_cv_path_EGREP+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_path_EGREP_found=false
-# Loop through the user's path and test for each of PROGNAME-LIST
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_prog in egrep; do
-  for ac_exec_ext in '' $ac_executable_extensions; do
-    ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext"
-    { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue
-    # Check for GNU ac_path_EGREP and select it if it is found.
-  # Check for GNU $ac_path_EGREP
-case `"$ac_path_EGREP" --version 2>&1` in
-*GNU*)
-  ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
-*)
-  ac_count=0
-  echo $ECHO_N "0123456789$ECHO_C" >"conftest.in"
-  while :
-  do
-    cat "conftest.in" "conftest.in" >"conftest.tmp"
-    mv "conftest.tmp" "conftest.in"
-    cp "conftest.in" "conftest.nl"
-    echo 'EGREP' >> "conftest.nl"
-    "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
-    diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
-    ac_count=`expr $ac_count + 1`
-    if test $ac_count -gt ${ac_path_EGREP_max-0}; then
-      # Best one so far, save it but keep looking for a better one
-      ac_cv_path_EGREP="$ac_path_EGREP"
-      ac_path_EGREP_max=$ac_count
-    fi
-    # 10*(2^10) chars as input seems more than enough
-    test $ac_count -gt 10 && break
-  done
-  rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
-esac
-
-
-    $ac_path_EGREP_found && break 3
-  done
-done
-
-done
-IFS=$as_save_IFS
-
-
-fi
-
-EGREP="$ac_cv_path_EGREP"
-if test -z "$EGREP"; then
-  { { echo "$as_me:$LINENO: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&5
-echo "$as_me: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&2;}
-   { (exit 1); exit 1; }; }
-fi
-
-else
-  ac_cv_path_EGREP=$EGREP
-fi
-
-
-   fi
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_path_EGREP" >&5
-echo "${ECHO_T}$ac_cv_path_EGREP" >&6; }
- EGREP="$ac_cv_path_EGREP"
-
-
-
-# Check whether --with-gnu-ld was given.
-if test "${with_gnu_ld+set}" = set; then
-  withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes
-else
-  with_gnu_ld=no
-fi
-
-ac_prog=ld
-if test "$GCC" = yes; then
-  # Check if gcc -print-prog-name=ld gives a path.
-  { echo "$as_me:$LINENO: checking for ld used by $CC" >&5
-echo $ECHO_N "checking for ld used by $CC... $ECHO_C" >&6; }
-  case $host in
-  *-*-mingw*)
-    # gcc leaves a trailing carriage return which upsets mingw
-    ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
-  *)
-    ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
-  esac
-  case $ac_prog in
-    # Accept absolute paths.
-    [\\/]* | ?:[\\/]*)
-      re_direlt='/[^/][^/]*/\.\./'
-      # Canonicalize the pathname of ld
-      ac_prog=`echo $ac_prog| $SED 's%\\\\%/%g'`
-      while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do
-	ac_prog=`echo $ac_prog| $SED "s%$re_direlt%/%"`
-      done
-      test -z "$LD" && LD="$ac_prog"
-      ;;
-  "")
-    # If it fails, then pretend we aren't using GCC.
-    ac_prog=ld
-    ;;
-  *)
-    # If it is relative, then search for the first ld in PATH.
-    with_gnu_ld=unknown
-    ;;
-  esac
-elif test "$with_gnu_ld" = yes; then
-  { echo "$as_me:$LINENO: checking for GNU ld" >&5
-echo $ECHO_N "checking for GNU ld... $ECHO_C" >&6; }
-else
-  { echo "$as_me:$LINENO: checking for non-GNU ld" >&5
-echo $ECHO_N "checking for non-GNU ld... $ECHO_C" >&6; }
-fi
-if test "${lt_cv_path_LD+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -z "$LD"; then
-  lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
-  for ac_dir in $PATH; do
-    IFS="$lt_save_ifs"
-    test -z "$ac_dir" && ac_dir=.
-    if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
-      lt_cv_path_LD="$ac_dir/$ac_prog"
-      # Check to see if the program is GNU ld.  I'd rather use --version,
-      # but apparently some variants of GNU ld only accept -v.
-      # Break only if it was the GNU/non-GNU ld that we prefer.
-      case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
-      *GNU* | *'with BFD'*)
-	test "$with_gnu_ld" != no && break
-	;;
-      *)
-	test "$with_gnu_ld" != yes && break
-	;;
-      esac
-    fi
-  done
-  IFS="$lt_save_ifs"
-else
-  lt_cv_path_LD="$LD" # Let the user override the test with a path.
-fi
-fi
-
-LD="$lt_cv_path_LD"
-if test -n "$LD"; then
-  { echo "$as_me:$LINENO: result: $LD" >&5
-echo "${ECHO_T}$LD" >&6; }
-else
-  { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-test -z "$LD" && { { echo "$as_me:$LINENO: error: no acceptable ld found in \$PATH" >&5
-echo "$as_me: error: no acceptable ld found in \$PATH" >&2;}
-   { (exit 1); exit 1; }; }
-{ echo "$as_me:$LINENO: checking if the linker ($LD) is GNU ld" >&5
-echo $ECHO_N "checking if the linker ($LD) is GNU ld... $ECHO_C" >&6; }
-if test "${lt_cv_prog_gnu_ld+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  # I'd rather use --version here, but apparently some GNU lds only accept -v.
-case `$LD -v 2>&1 </dev/null` in
-*GNU* | *'with BFD'*)
-  lt_cv_prog_gnu_ld=yes
-  ;;
-*)
-  lt_cv_prog_gnu_ld=no
-  ;;
-esac
-fi
-{ echo "$as_me:$LINENO: result: $lt_cv_prog_gnu_ld" >&5
-echo "${ECHO_T}$lt_cv_prog_gnu_ld" >&6; }
-with_gnu_ld=$lt_cv_prog_gnu_ld
-
-
-{ echo "$as_me:$LINENO: checking for $LD option to reload object files" >&5
-echo $ECHO_N "checking for $LD option to reload object files... $ECHO_C" >&6; }
-if test "${lt_cv_ld_reload_flag+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  lt_cv_ld_reload_flag='-r'
-fi
-{ echo "$as_me:$LINENO: result: $lt_cv_ld_reload_flag" >&5
-echo "${ECHO_T}$lt_cv_ld_reload_flag" >&6; }
-reload_flag=$lt_cv_ld_reload_flag
-case $reload_flag in
-"" | " "*) ;;
-*) reload_flag=" $reload_flag" ;;
-esac
-reload_cmds='$LD$reload_flag -o $output$reload_objs'
-case $host_os in
-  darwin*)
-    if test "$GCC" = yes; then
-      reload_cmds='$LTCC $LTCFLAGS -nostdlib ${wl}-r -o $output$reload_objs'
-    else
-      reload_cmds='$LD$reload_flag -o $output$reload_objs'
-    fi
-    ;;
-esac
-
-{ echo "$as_me:$LINENO: checking for BSD-compatible nm" >&5
-echo $ECHO_N "checking for BSD-compatible nm... $ECHO_C" >&6; }
-if test "${lt_cv_path_NM+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$NM"; then
-  # Let the user override the test.
-  lt_cv_path_NM="$NM"
-else
-  lt_nm_to_check="${ac_tool_prefix}nm"
-  if test -n "$ac_tool_prefix" && test "$build" = "$host"; then
-    lt_nm_to_check="$lt_nm_to_check nm"
-  fi
-  for lt_tmp_nm in $lt_nm_to_check; do
-    lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
-    for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do
-      IFS="$lt_save_ifs"
-      test -z "$ac_dir" && ac_dir=.
-      tmp_nm="$ac_dir/$lt_tmp_nm"
-      if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then
-	# Check to see if the nm accepts a BSD-compat flag.
-	# Adding the `sed 1q' prevents false positives on HP-UX, which says:
-	#   nm: unknown option "B" ignored
-	# Tru64's nm complains that /dev/null is an invalid object file
-	case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in
-	*/dev/null* | *'Invalid file or object type'*)
-	  lt_cv_path_NM="$tmp_nm -B"
-	  break
-	  ;;
-	*)
-	  case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
-	  */dev/null*)
-	    lt_cv_path_NM="$tmp_nm -p"
-	    break
-	    ;;
-	  *)
-	    lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
-	    continue # so that we can try to find one that supports BSD flags
-	    ;;
-	  esac
-	  ;;
-	esac
-      fi
-    done
-    IFS="$lt_save_ifs"
-  done
-  test -z "$lt_cv_path_NM" && lt_cv_path_NM=nm
-fi
-fi
-{ echo "$as_me:$LINENO: result: $lt_cv_path_NM" >&5
-echo "${ECHO_T}$lt_cv_path_NM" >&6; }
-NM="$lt_cv_path_NM"
-
-{ echo "$as_me:$LINENO: checking whether ln -s works" >&5
-echo $ECHO_N "checking whether ln -s works... $ECHO_C" >&6; }
-LN_S=$as_ln_s
-if test "$LN_S" = "ln -s"; then
-  { echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-else
-  { echo "$as_me:$LINENO: result: no, using $LN_S" >&5
-echo "${ECHO_T}no, using $LN_S" >&6; }
-fi
-
-{ echo "$as_me:$LINENO: checking how to recognise dependent libraries" >&5
-echo $ECHO_N "checking how to recognise dependent libraries... $ECHO_C" >&6; }
-if test "${lt_cv_deplibs_check_method+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  lt_cv_file_magic_cmd='$MAGIC_CMD'
-lt_cv_file_magic_test_file=
-lt_cv_deplibs_check_method='unknown'
-# Need to set the preceding variable on all platforms that support
-# interlibrary dependencies.
-# 'none' -- dependencies not supported.
-# `unknown' -- same as none, but documents that we really don't know.
-# 'pass_all' -- all dependencies passed with no checks.
-# 'test_compile' -- check by making test program.
-# 'file_magic [[regex]]' -- check by looking for files in library path
-# which responds to the $file_magic_cmd with a given extended regex.
-# If you have `file' or equivalent on your system and you're not sure
-# whether `pass_all' will *always* work, you probably want this one.
-
-case $host_os in
-aix4* | aix5*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-beos*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-bsdi[45]*)
-  lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib)'
-  lt_cv_file_magic_cmd='/usr/bin/file -L'
-  lt_cv_file_magic_test_file=/shlib/libc.so
-  ;;
-
-cygwin*)
-  # func_win32_libid is a shell function defined in ltmain.sh
-  lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
-  lt_cv_file_magic_cmd='func_win32_libid'
-  ;;
-
-mingw* | pw32*)
-  # Base MSYS/MinGW do not provide the 'file' command needed by
-  # func_win32_libid shell function, so use a weaker test based on 'objdump'.
-  lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?'
-  lt_cv_file_magic_cmd='$OBJDUMP -f'
-  ;;
-
-darwin* | rhapsody*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-freebsd* | kfreebsd*-gnu | dragonfly*)
-  if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then
-    case $host_cpu in
-    i*86 )
-      # Not sure whether the presence of OpenBSD here was a mistake.
-      # Let's accept both of them until this is cleared up.
-      lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[3-9]86 (compact )?demand paged shared library'
-      lt_cv_file_magic_cmd=/usr/bin/file
-      lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
-      ;;
-    esac
-  else
-    lt_cv_deplibs_check_method=pass_all
-  fi
-  ;;
-
-gnu*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-hpux10.20* | hpux11*)
-  lt_cv_file_magic_cmd=/usr/bin/file
-  case $host_cpu in
-  ia64*)
-    lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - IA64'
-    lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so
-    ;;
-  hppa*64*)
-    lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - PA-RISC [0-9].[0-9]'
-    lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl
-    ;;
-  *)
-    lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|PA-RISC[0-9].[0-9]) shared library'
-    lt_cv_file_magic_test_file=/usr/lib/libc.sl
-    ;;
-  esac
-  ;;
-
-interix3*)
-  # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here
-  lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|\.a)$'
-  ;;
-
-irix5* | irix6* | nonstopux*)
-  case $LD in
-  *-32|*"-32 ") libmagic=32-bit;;
-  *-n32|*"-n32 ") libmagic=N32;;
-  *-64|*"-64 ") libmagic=64-bit;;
-  *) libmagic=never-match;;
-  esac
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-# This must be Linux ELF.
-linux*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-netbsd*)
-  if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then
-    lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
-  else
-    lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|_pic\.a)$'
-  fi
-  ;;
-
-newos6*)
-  lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (executable|dynamic lib)'
-  lt_cv_file_magic_cmd=/usr/bin/file
-  lt_cv_file_magic_test_file=/usr/lib/libnls.so
-  ;;
-
-nto-qnx*)
-  lt_cv_deplibs_check_method=unknown
-  ;;
-
-openbsd*)
-  if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
-    lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|\.so|_pic\.a)$'
-  else
-    lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
-  fi
-  ;;
-
-osf3* | osf4* | osf5*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-solaris*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-sysv4 | sysv4.3*)
-  case $host_vendor in
-  motorola)
-    lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib) M[0-9][0-9]* Version [0-9]'
-    lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*`
-    ;;
-  ncr)
-    lt_cv_deplibs_check_method=pass_all
-    ;;
-  sequent)
-    lt_cv_file_magic_cmd='/bin/file'
-    lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB (shared object|dynamic lib )'
-    ;;
-  sni)
-    lt_cv_file_magic_cmd='/bin/file'
-    lt_cv_deplibs_check_method="file_magic ELF [0-9][0-9]*-bit [LM]SB dynamic lib"
-    lt_cv_file_magic_test_file=/lib/libc.so
-    ;;
-  siemens)
-    lt_cv_deplibs_check_method=pass_all
-    ;;
-  pc)
-    lt_cv_deplibs_check_method=pass_all
-    ;;
-  esac
-  ;;
-
-sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: result: $lt_cv_deplibs_check_method" >&5
-echo "${ECHO_T}$lt_cv_deplibs_check_method" >&6; }
-file_magic_cmd=$lt_cv_file_magic_cmd
-deplibs_check_method=$lt_cv_deplibs_check_method
-test -z "$deplibs_check_method" && deplibs_check_method=unknown
-
-
-# If no C compiler was specified, use CC.
-LTCC=${LTCC-"$CC"}
-
-# If no C compiler flags were specified, use CFLAGS.
-LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
-
-# Allow CC to be a program name with arguments.
-compiler=$CC
-
-# Check whether --enable-libtool-lock was given.
-if test "${enable_libtool_lock+set}" = set; then
-  enableval=$enable_libtool_lock;
-fi
-
-test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes
-
-# Some flags need to be propagated to the compiler or linker for good
-# libtool support.
-case $host in
-ia64-*-hpux*)
-  # Find out which ABI we are using.
-  echo 'int i;' > conftest.$ac_ext
-  if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-    case `/usr/bin/file conftest.$ac_objext` in
-    *ELF-32*)
-      HPUX_IA64_MODE="32"
-      ;;
-    *ELF-64*)
-      HPUX_IA64_MODE="64"
-      ;;
-    esac
-  fi
-  rm -rf conftest*
-  ;;
-*-*-irix6*)
-  # Find out which ABI we are using.
-  echo '#line 5679 "configure"' > conftest.$ac_ext
-  if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-   if test "$lt_cv_prog_gnu_ld" = yes; then
-    case `/usr/bin/file conftest.$ac_objext` in
-    *32-bit*)
-      LD="${LD-ld} -melf32bsmip"
-      ;;
-    *N32*)
-      LD="${LD-ld} -melf32bmipn32"
-      ;;
-    *64-bit*)
-      LD="${LD-ld} -melf64bmip"
-      ;;
-    esac
-   else
-    case `/usr/bin/file conftest.$ac_objext` in
-    *32-bit*)
-      LD="${LD-ld} -32"
-      ;;
-    *N32*)
-      LD="${LD-ld} -n32"
-      ;;
-    *64-bit*)
-      LD="${LD-ld} -64"
-      ;;
-    esac
-   fi
-  fi
-  rm -rf conftest*
-  ;;
-
-x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*|s390*-*linux*|sparc*-*linux*)
-  # Find out which ABI we are using.
-  echo 'int i;' > conftest.$ac_ext
-  if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-    case `/usr/bin/file conftest.o` in
-    *32-bit*)
-      case $host in
-        x86_64-*linux*)
-          LD="${LD-ld} -m elf_i386"
-          ;;
-        ppc64-*linux*|powerpc64-*linux*)
-          LD="${LD-ld} -m elf32ppclinux"
-          ;;
-        s390x-*linux*)
-          LD="${LD-ld} -m elf_s390"
-          ;;
-        sparc64-*linux*)
-          LD="${LD-ld} -m elf32_sparc"
-          ;;
-      esac
-      ;;
-    *64-bit*)
-      case $host in
-        x86_64-*linux*)
-          LD="${LD-ld} -m elf_x86_64"
-          ;;
-        ppc*-*linux*|powerpc*-*linux*)
-          LD="${LD-ld} -m elf64ppc"
-          ;;
-        s390*-*linux*)
-          LD="${LD-ld} -m elf64_s390"
-          ;;
-        sparc*-*linux*)
-          LD="${LD-ld} -m elf64_sparc"
-          ;;
-      esac
-      ;;
-    esac
-  fi
-  rm -rf conftest*
-  ;;
-
-*-*-sco3.2v5*)
-  # On SCO OpenServer 5, we need -belf to get full-featured binaries.
-  SAVE_CFLAGS="$CFLAGS"
-  CFLAGS="$CFLAGS -belf"
-  { echo "$as_me:$LINENO: checking whether the C compiler needs -belf" >&5
-echo $ECHO_N "checking whether the C compiler needs -belf... $ECHO_C" >&6; }
-if test "${lt_cv_cc_needs_belf+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-     cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  lt_cv_cc_needs_belf=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	lt_cv_cc_needs_belf=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-     ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-fi
-{ echo "$as_me:$LINENO: result: $lt_cv_cc_needs_belf" >&5
-echo "${ECHO_T}$lt_cv_cc_needs_belf" >&6; }
-  if test x"$lt_cv_cc_needs_belf" != x"yes"; then
-    # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
-    CFLAGS="$SAVE_CFLAGS"
-  fi
-  ;;
-sparc*-*solaris*)
-  # Find out which ABI we are using.
-  echo 'int i;' > conftest.$ac_ext
-  if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-    case `/usr/bin/file conftest.o` in
-    *64-bit*)
-      case $lt_cv_prog_gnu_ld in
-      yes*) LD="${LD-ld} -m elf64_sparc" ;;
-      *)    LD="${LD-ld} -64" ;;
-      esac
-      ;;
-    esac
-  fi
-  rm -rf conftest*
-  ;;
-
-
-esac
-
-need_locks="$enable_libtool_lock"
-
-
-
-{ echo "$as_me:$LINENO: checking for ANSI C header files" >&5
-echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6; }
-if test "${ac_cv_header_stdc+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <stdlib.h>
-#include <stdarg.h>
-#include <string.h>
-#include <float.h>
-
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_header_stdc=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_header_stdc=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-
-if test $ac_cv_header_stdc = yes; then
-  # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <string.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP "memchr" >/dev/null 2>&1; then
-  :
-else
-  ac_cv_header_stdc=no
-fi
-rm -f conftest*
-
-fi
-
-if test $ac_cv_header_stdc = yes; then
-  # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <stdlib.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP "free" >/dev/null 2>&1; then
-  :
-else
-  ac_cv_header_stdc=no
-fi
-rm -f conftest*
-
-fi
-
-if test $ac_cv_header_stdc = yes; then
-  # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
-  if test "$cross_compiling" = yes; then
-  :
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <ctype.h>
-#include <stdlib.h>
-#if ((' ' & 0x0FF) == 0x020)
-# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
-# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
-#else
-# define ISLOWER(c) \
-		   (('a' <= (c) && (c) <= 'i') \
-		     || ('j' <= (c) && (c) <= 'r') \
-		     || ('s' <= (c) && (c) <= 'z'))
-# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
-#endif
-
-#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
-int
-main ()
-{
-  int i;
-  for (i = 0; i < 256; i++)
-    if (XOR (islower (i), ISLOWER (i))
-	|| toupper (i) != TOUPPER (i))
-      return 2;
-  return 0;
-}
-_ACEOF
-rm -f conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_try") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  :
-else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-( exit $ac_status )
-ac_cv_header_stdc=no
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-
-
-fi
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5
-echo "${ECHO_T}$ac_cv_header_stdc" >&6; }
-if test $ac_cv_header_stdc = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define STDC_HEADERS 1
-_ACEOF
-
-fi
-
-# On IRIX 5.3, sys/types and inttypes.h are conflicting.
-
-
-
-
-
-
-
-
-
-for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
-		  inttypes.h stdint.h unistd.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "$as_ac_Header=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_Header=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-
-for ac_header in dlfcn.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  { echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-else
-  # Is the header compilable?
-{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_header_compiler=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_header_compiler=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6; }
-
-# Is the header present?
-{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <$ac_header>
-_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null && {
-	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       }; then
-  ac_header_preproc=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-  ac_header_preproc=no
-fi
-
-rm -f conftest.err conftest.$ac_ext
-{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6; }
-
-# So?  What about this header?
-case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
-  yes:no: )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
-    ac_header_preproc=yes
-    ;;
-  no:yes:* )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header:     check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header:     check for missing prerequisite headers?" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
-echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&5
-echo "$as_me: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
-echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    ( cat <<\_ASBOX
-## ----------------------------------- ##
-## Report this to heimdal-bugs@h5l.org ##
-## ----------------------------------- ##
-_ASBOX
-     ) | sed "s/^/$as_me: WARNING:     /" >&2
-    ;;
-esac
-{ echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  eval "$as_ac_Header=\$ac_header_preproc"
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-ac_ext=cpp
-ac_cpp='$CXXCPP $CPPFLAGS'
-ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
-if test -z "$CXX"; then
-  if test -n "$CCC"; then
-    CXX=$CCC
-  else
-    if test -n "$ac_tool_prefix"; then
-  for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC
-  do
-    # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
-set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_CXX+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$CXX"; then
-  ac_cv_prog_CXX="$CXX" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-    ac_cv_prog_CXX="$ac_tool_prefix$ac_prog"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-CXX=$ac_cv_prog_CXX
-if test -n "$CXX"; then
-  { echo "$as_me:$LINENO: result: $CXX" >&5
-echo "${ECHO_T}$CXX" >&6; }
-else
-  { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-
-
-    test -n "$CXX" && break
-  done
-fi
-if test -z "$CXX"; then
-  ac_ct_CXX=$CXX
-  for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC
-do
-  # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_ac_ct_CXX+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$ac_ct_CXX"; then
-  ac_cv_prog_ac_ct_CXX="$ac_ct_CXX" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-    ac_cv_prog_ac_ct_CXX="$ac_prog"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_CXX=$ac_cv_prog_ac_ct_CXX
-if test -n "$ac_ct_CXX"; then
-  { echo "$as_me:$LINENO: result: $ac_ct_CXX" >&5
-echo "${ECHO_T}$ac_ct_CXX" >&6; }
-else
-  { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-
-
-  test -n "$ac_ct_CXX" && break
-done
-
-  if test "x$ac_ct_CXX" = x; then
-    CXX="g++"
-  else
-    case $cross_compiling:$ac_tool_warned in
-yes:)
-{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet.  If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&5
-echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet.  If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&2;}
-ac_tool_warned=yes ;;
-esac
-    CXX=$ac_ct_CXX
-  fi
-fi
-
-  fi
-fi
-# Provide some information about the compiler.
-echo "$as_me:$LINENO: checking for C++ compiler version" >&5
-ac_compiler=`set X $ac_compile; echo $2`
-{ (ac_try="$ac_compiler --version >&5"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compiler --version >&5") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }
-{ (ac_try="$ac_compiler -v >&5"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compiler -v >&5") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }
-{ (ac_try="$ac_compiler -V >&5"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compiler -V >&5") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }
-
-{ echo "$as_me:$LINENO: checking whether we are using the GNU C++ compiler" >&5
-echo $ECHO_N "checking whether we are using the GNU C++ compiler... $ECHO_C" >&6; }
-if test "${ac_cv_cxx_compiler_gnu+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-int
-main ()
-{
-#ifndef __GNUC__
-       choke me
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_cxx_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_compiler_gnu=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_compiler_gnu=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-ac_cv_cxx_compiler_gnu=$ac_compiler_gnu
-
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_cxx_compiler_gnu" >&5
-echo "${ECHO_T}$ac_cv_cxx_compiler_gnu" >&6; }
-GXX=`test $ac_compiler_gnu = yes && echo yes`
-ac_test_CXXFLAGS=${CXXFLAGS+set}
-ac_save_CXXFLAGS=$CXXFLAGS
-{ echo "$as_me:$LINENO: checking whether $CXX accepts -g" >&5
-echo $ECHO_N "checking whether $CXX accepts -g... $ECHO_C" >&6; }
-if test "${ac_cv_prog_cxx_g+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_save_cxx_werror_flag=$ac_cxx_werror_flag
-   ac_cxx_werror_flag=yes
-   ac_cv_prog_cxx_g=no
-   CXXFLAGS="-g"
-   cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_cxx_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_prog_cxx_g=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	CXXFLAGS=""
-      cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_cxx_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  :
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cxx_werror_flag=$ac_save_cxx_werror_flag
-	 CXXFLAGS="-g"
-	 cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_cxx_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_prog_cxx_g=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-   ac_cxx_werror_flag=$ac_save_cxx_werror_flag
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_prog_cxx_g" >&5
-echo "${ECHO_T}$ac_cv_prog_cxx_g" >&6; }
-if test "$ac_test_CXXFLAGS" = set; then
-  CXXFLAGS=$ac_save_CXXFLAGS
-elif test $ac_cv_prog_cxx_g = yes; then
-  if test "$GXX" = yes; then
-    CXXFLAGS="-g -O2"
-  else
-    CXXFLAGS="-g"
-  fi
-else
-  if test "$GXX" = yes; then
-    CXXFLAGS="-O2"
-  else
-    CXXFLAGS=
-  fi
-fi
-ac_ext=cpp
-ac_cpp='$CXXCPP $CPPFLAGS'
-ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
-
-
-
-if test -n "$CXX" && ( test "X$CXX" != "Xno" &&
-    ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) ||
-    (test "X$CXX" != "Xg++"))) ; then
-  ac_ext=cpp
-ac_cpp='$CXXCPP $CPPFLAGS'
-ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
-{ echo "$as_me:$LINENO: checking how to run the C++ preprocessor" >&5
-echo $ECHO_N "checking how to run the C++ preprocessor... $ECHO_C" >&6; }
-if test -z "$CXXCPP"; then
-  if test "${ac_cv_prog_CXXCPP+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-      # Double quotes because CXXCPP needs to be expanded
-    for CXXCPP in "$CXX -E" "/lib/cpp"
-    do
-      ac_preproc_ok=false
-for ac_cxx_preproc_warn_flag in '' yes
-do
-  # Use a header file that comes with gcc, so configuring glibc
-  # with a fresh cross-compiler works.
-  # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-  # <limits.h> exists even on freestanding compilers.
-  # On the NeXT, cc -E runs the code through the compiler's parser,
-  # not just through cpp. "Syntax error" is here to catch this case.
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-		     Syntax error
-_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null && {
-	 test -z "$ac_cxx_preproc_warn_flag$ac_cxx_werror_flag" ||
-	 test ! -s conftest.err
-       }; then
-  :
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-  # Broken: fails on valid input.
-continue
-fi
-
-rm -f conftest.err conftest.$ac_ext
-
-  # OK, works on sane cases.  Now check whether nonexistent headers
-  # can be detected and how.
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <ac_nonexistent.h>
-_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null && {
-	 test -z "$ac_cxx_preproc_warn_flag$ac_cxx_werror_flag" ||
-	 test ! -s conftest.err
-       }; then
-  # Broken: success on invalid input.
-continue
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-  # Passes both tests.
-ac_preproc_ok=:
-break
-fi
-
-rm -f conftest.err conftest.$ac_ext
-
-done
-# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
-rm -f conftest.err conftest.$ac_ext
-if $ac_preproc_ok; then
-  break
-fi
-
-    done
-    ac_cv_prog_CXXCPP=$CXXCPP
-
-fi
-  CXXCPP=$ac_cv_prog_CXXCPP
-else
-  ac_cv_prog_CXXCPP=$CXXCPP
-fi
-{ echo "$as_me:$LINENO: result: $CXXCPP" >&5
-echo "${ECHO_T}$CXXCPP" >&6; }
-ac_preproc_ok=false
-for ac_cxx_preproc_warn_flag in '' yes
-do
-  # Use a header file that comes with gcc, so configuring glibc
-  # with a fresh cross-compiler works.
-  # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-  # <limits.h> exists even on freestanding compilers.
-  # On the NeXT, cc -E runs the code through the compiler's parser,
-  # not just through cpp. "Syntax error" is here to catch this case.
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-		     Syntax error
-_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null && {
-	 test -z "$ac_cxx_preproc_warn_flag$ac_cxx_werror_flag" ||
-	 test ! -s conftest.err
-       }; then
-  :
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-  # Broken: fails on valid input.
-continue
-fi
-
-rm -f conftest.err conftest.$ac_ext
-
-  # OK, works on sane cases.  Now check whether nonexistent headers
-  # can be detected and how.
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <ac_nonexistent.h>
-_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null && {
-	 test -z "$ac_cxx_preproc_warn_flag$ac_cxx_werror_flag" ||
-	 test ! -s conftest.err
-       }; then
-  # Broken: success on invalid input.
-continue
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-  # Passes both tests.
-ac_preproc_ok=:
-break
-fi
-
-rm -f conftest.err conftest.$ac_ext
-
-done
-# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
-rm -f conftest.err conftest.$ac_ext
-if $ac_preproc_ok; then
-  :
-else
-  { { echo "$as_me:$LINENO: error: C++ preprocessor \"$CXXCPP\" fails sanity check
-See \`config.log' for more details." >&5
-echo "$as_me: error: C++ preprocessor \"$CXXCPP\" fails sanity check
-See \`config.log' for more details." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-
-ac_ext=cpp
-ac_cpp='$CXXCPP $CPPFLAGS'
-ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
-
-fi
-
-
-ac_ext=f
-ac_compile='$F77 -c $FFLAGS conftest.$ac_ext >&5'
-ac_link='$F77 -o conftest$ac_exeext $FFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_f77_compiler_gnu
-if test -n "$ac_tool_prefix"; then
-  for ac_prog in g77 xlf f77 frt pgf77 cf77 fort77 fl32 af77 xlf90 f90 pgf90 pghpf epcf90 gfortran g95 xlf95 f95 fort ifort ifc efc pgf95 lf95 ftn
-  do
-    # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
-set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_F77+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$F77"; then
-  ac_cv_prog_F77="$F77" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-    ac_cv_prog_F77="$ac_tool_prefix$ac_prog"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-F77=$ac_cv_prog_F77
-if test -n "$F77"; then
-  { echo "$as_me:$LINENO: result: $F77" >&5
-echo "${ECHO_T}$F77" >&6; }
-else
-  { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-
-
-    test -n "$F77" && break
-  done
-fi
-if test -z "$F77"; then
-  ac_ct_F77=$F77
-  for ac_prog in g77 xlf f77 frt pgf77 cf77 fort77 fl32 af77 xlf90 f90 pgf90 pghpf epcf90 gfortran g95 xlf95 f95 fort ifort ifc efc pgf95 lf95 ftn
-do
-  # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_ac_ct_F77+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$ac_ct_F77"; then
-  ac_cv_prog_ac_ct_F77="$ac_ct_F77" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-    ac_cv_prog_ac_ct_F77="$ac_prog"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_F77=$ac_cv_prog_ac_ct_F77
-if test -n "$ac_ct_F77"; then
-  { echo "$as_me:$LINENO: result: $ac_ct_F77" >&5
-echo "${ECHO_T}$ac_ct_F77" >&6; }
-else
-  { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-
-
-  test -n "$ac_ct_F77" && break
-done
-
-  if test "x$ac_ct_F77" = x; then
-    F77=""
-  else
-    case $cross_compiling:$ac_tool_warned in
-yes:)
-{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet.  If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&5
-echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet.  If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&2;}
-ac_tool_warned=yes ;;
-esac
-    F77=$ac_ct_F77
-  fi
-fi
-
-
-# Provide some information about the compiler.
-echo "$as_me:$LINENO: checking for Fortran 77 compiler version" >&5
-ac_compiler=`set X $ac_compile; echo $2`
-{ (ac_try="$ac_compiler --version >&5"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compiler --version >&5") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }
-{ (ac_try="$ac_compiler -v >&5"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compiler -v >&5") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }
-{ (ac_try="$ac_compiler -V >&5"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compiler -V >&5") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }
-rm -f a.out
-
-# If we don't use `.F' as extension, the preprocessor is not run on the
-# input file.  (Note that this only needs to work for GNU compilers.)
-ac_save_ext=$ac_ext
-ac_ext=F
-{ echo "$as_me:$LINENO: checking whether we are using the GNU Fortran 77 compiler" >&5
-echo $ECHO_N "checking whether we are using the GNU Fortran 77 compiler... $ECHO_C" >&6; }
-if test "${ac_cv_f77_compiler_gnu+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-      program main
-#ifndef __GNUC__
-       choke me
-#endif
-
-      end
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_f77_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_compiler_gnu=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_compiler_gnu=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-ac_cv_f77_compiler_gnu=$ac_compiler_gnu
-
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_f77_compiler_gnu" >&5
-echo "${ECHO_T}$ac_cv_f77_compiler_gnu" >&6; }
-ac_ext=$ac_save_ext
-ac_test_FFLAGS=${FFLAGS+set}
-ac_save_FFLAGS=$FFLAGS
-FFLAGS=
-{ echo "$as_me:$LINENO: checking whether $F77 accepts -g" >&5
-echo $ECHO_N "checking whether $F77 accepts -g... $ECHO_C" >&6; }
-if test "${ac_cv_prog_f77_g+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  FFLAGS=-g
-cat >conftest.$ac_ext <<_ACEOF
-      program main
-
-      end
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_f77_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_prog_f77_g=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_prog_f77_g=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_prog_f77_g" >&5
-echo "${ECHO_T}$ac_cv_prog_f77_g" >&6; }
-if test "$ac_test_FFLAGS" = set; then
-  FFLAGS=$ac_save_FFLAGS
-elif test $ac_cv_prog_f77_g = yes; then
-  if test "x$ac_cv_f77_compiler_gnu" = xyes; then
-    FFLAGS="-g -O2"
-  else
-    FFLAGS="-g"
-  fi
-else
-  if test "x$ac_cv_f77_compiler_gnu" = xyes; then
-    FFLAGS="-O2"
-  else
-    FFLAGS=
-  fi
-fi
-
-G77=`test $ac_compiler_gnu = yes && echo yes`
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-
-# Autoconf 2.13's AC_OBJEXT and AC_EXEEXT macros only works for C compilers!
-
-# find the maximum length of command line arguments
-{ echo "$as_me:$LINENO: checking the maximum length of command line arguments" >&5
-echo $ECHO_N "checking the maximum length of command line arguments... $ECHO_C" >&6; }
-if test "${lt_cv_sys_max_cmd_len+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-    i=0
-  teststring="ABCD"
-
-  case $build_os in
-  msdosdjgpp*)
-    # On DJGPP, this test can blow up pretty badly due to problems in libc
-    # (any single argument exceeding 2000 bytes causes a buffer overrun
-    # during glob expansion).  Even if it were fixed, the result of this
-    # check would be larger than it should be.
-    lt_cv_sys_max_cmd_len=12288;    # 12K is about right
-    ;;
-
-  gnu*)
-    # Under GNU Hurd, this test is not required because there is
-    # no limit to the length of command line arguments.
-    # Libtool will interpret -1 as no limit whatsoever
-    lt_cv_sys_max_cmd_len=-1;
-    ;;
-
-  cygwin* | mingw*)
-    # On Win9x/ME, this test blows up -- it succeeds, but takes
-    # about 5 minutes as the teststring grows exponentially.
-    # Worse, since 9x/ME are not pre-emptively multitasking,
-    # you end up with a "frozen" computer, even though with patience
-    # the test eventually succeeds (with a max line length of 256k).
-    # Instead, let's just punt: use the minimum linelength reported by
-    # all of the supported platforms: 8192 (on NT/2K/XP).
-    lt_cv_sys_max_cmd_len=8192;
-    ;;
-
-  amigaos*)
-    # On AmigaOS with pdksh, this test takes hours, literally.
-    # So we just punt and use a minimum line length of 8192.
-    lt_cv_sys_max_cmd_len=8192;
-    ;;
-
-  netbsd* | freebsd* | openbsd* | darwin* | dragonfly*)
-    # This has been around since 386BSD, at least.  Likely further.
-    if test -x /sbin/sysctl; then
-      lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
-    elif test -x /usr/sbin/sysctl; then
-      lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax`
-    else
-      lt_cv_sys_max_cmd_len=65536	# usable default for all BSDs
-    fi
-    # And add a safety zone
-    lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
-    lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
-    ;;
-
-  interix*)
-    # We know the value 262144 and hardcode it with a safety zone (like BSD)
-    lt_cv_sys_max_cmd_len=196608
-    ;;
-
-  osf*)
-    # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
-    # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
-    # nice to cause kernel panics so lets avoid the loop below.
-    # First set a reasonable default.
-    lt_cv_sys_max_cmd_len=16384
-    #
-    if test -x /sbin/sysconfig; then
-      case `/sbin/sysconfig -q proc exec_disable_arg_limit` in
-        *1*) lt_cv_sys_max_cmd_len=-1 ;;
-      esac
-    fi
-    ;;
-  sco3.2v5*)
-    lt_cv_sys_max_cmd_len=102400
-    ;;
-  sysv5* | sco5v6* | sysv4.2uw2*)
-    kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null`
-    if test -n "$kargmax"; then
-      lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[ 	]//'`
-    else
-      lt_cv_sys_max_cmd_len=32768
-    fi
-    ;;
-  *)
-    # If test is not a shell built-in, we'll probably end up computing a
-    # maximum length that is only half of the actual maximum length, but
-    # we can't tell.
-    SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}}
-    while (test "X"`$SHELL $0 --fallback-echo "X$teststring" 2>/dev/null` \
-	       = "XX$teststring") >/dev/null 2>&1 &&
-	    new_result=`expr "X$teststring" : ".*" 2>&1` &&
-	    lt_cv_sys_max_cmd_len=$new_result &&
-	    test $i != 17 # 1/2 MB should be enough
-    do
-      i=`expr $i + 1`
-      teststring=$teststring$teststring
-    done
-    teststring=
-    # Add a significant safety factor because C++ compilers can tack on massive
-    # amounts of additional arguments before passing them to the linker.
-    # It appears as though 1/2 is a usable value.
-    lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2`
-    ;;
-  esac
-
-fi
-
-if test -n $lt_cv_sys_max_cmd_len ; then
-  { echo "$as_me:$LINENO: result: $lt_cv_sys_max_cmd_len" >&5
-echo "${ECHO_T}$lt_cv_sys_max_cmd_len" >&6; }
-else
-  { echo "$as_me:$LINENO: result: none" >&5
-echo "${ECHO_T}none" >&6; }
-fi
-
-
-
-
-# Check for command to grab the raw symbol name followed by C symbol from nm.
-{ echo "$as_me:$LINENO: checking command to parse $NM output from $compiler object" >&5
-echo $ECHO_N "checking command to parse $NM output from $compiler object... $ECHO_C" >&6; }
-if test "${lt_cv_sys_global_symbol_pipe+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-# These are sane defaults that work on at least a few old systems.
-# [They come from Ultrix.  What could be older than Ultrix?!! ;)]
-
-# Character class describing NM global symbol codes.
-symcode='[BCDEGRST]'
-
-# Regexp to match symbols that can be accessed directly from C.
-sympat='\([_A-Za-z][_A-Za-z0-9]*\)'
-
-# Transform an extracted symbol line into a proper C declaration
-lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^. .* \(.*\)$/extern int \1;/p'"
-
-# Transform an extracted symbol line into symbol name and symbol address
-lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\) $/  {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode \([^ ]*\) \([^ ]*\)$/  {\"\2\", (lt_ptr) \&\2},/p'"
-
-# Define system-specific variables.
-case $host_os in
-aix*)
-  symcode='[BCDT]'
-  ;;
-cygwin* | mingw* | pw32*)
-  symcode='[ABCDGISTW]'
-  ;;
-hpux*) # Its linker distinguishes data from code symbols
-  if test "$host_cpu" = ia64; then
-    symcode='[ABCDEGRST]'
-  fi
-  lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
-  lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\) $/  {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/  {\"\2\", (lt_ptr) \&\2},/p'"
-  ;;
-linux*)
-  if test "$host_cpu" = ia64; then
-    symcode='[ABCDGIRSTW]'
-    lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
-    lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\) $/  {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/  {\"\2\", (lt_ptr) \&\2},/p'"
-  fi
-  ;;
-irix* | nonstopux*)
-  symcode='[BCDEGRST]'
-  ;;
-osf*)
-  symcode='[BCDEGQRST]'
-  ;;
-solaris*)
-  symcode='[BDRT]'
-  ;;
-sco3.2v5*)
-  symcode='[DT]'
-  ;;
-sysv4.2uw2*)
-  symcode='[DT]'
-  ;;
-sysv5* | sco5v6* | unixware* | OpenUNIX*)
-  symcode='[ABDT]'
-  ;;
-sysv4)
-  symcode='[DFNSTU]'
-  ;;
-esac
-
-# Handle CRLF in mingw tool chain
-opt_cr=
-case $build_os in
-mingw*)
-  opt_cr=`echo 'x\{0,1\}' | tr x '\015'` # option cr in regexp
-  ;;
-esac
-
-# If we're using GNU nm, then use its standard symbol codes.
-case `$NM -V 2>&1` in
-*GNU* | *'with BFD'*)
-  symcode='[ABCDGIRSTW]' ;;
-esac
-
-# Try without a prefix undercore, then with it.
-for ac_symprfx in "" "_"; do
-
-  # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol.
-  symxfrm="\\1 $ac_symprfx\\2 \\2"
-
-  # Write the raw and C identifiers.
-  lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[ 	]\($symcode$symcode*\)[ 	][ 	]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
-
-  # Check to see that the pipe works correctly.
-  pipe_works=no
-
-  rm -f conftest*
-  cat > conftest.$ac_ext <<EOF
-#ifdef __cplusplus
-extern "C" {
-#endif
-char nm_test_var;
-void nm_test_func(){}
-#ifdef __cplusplus
-}
-#endif
-int main(){nm_test_var='a';nm_test_func();return(0);}
-EOF
-
-  if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-    # Now try to grab the symbols.
-    nlist=conftest.nm
-    if { (eval echo "$as_me:$LINENO: \"$NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist\"") >&5
-  (eval $NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && test -s "$nlist"; then
-      # Try sorting and uniquifying the output.
-      if sort "$nlist" | uniq > "$nlist"T; then
-	mv -f "$nlist"T "$nlist"
-      else
-	rm -f "$nlist"T
-      fi
-
-      # Make sure that we snagged all the symbols we need.
-      if grep ' nm_test_var$' "$nlist" >/dev/null; then
-	if grep ' nm_test_func$' "$nlist" >/dev/null; then
-	  cat <<EOF > conftest.$ac_ext
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-EOF
-	  # Now generate the symbol file.
-	  eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | grep -v main >> conftest.$ac_ext'
-
-	  cat <<EOF >> conftest.$ac_ext
-#if defined (__STDC__) && __STDC__
-# define lt_ptr_t void *
-#else
-# define lt_ptr_t char *
-# define const
-#endif
-
-/* The mapping between symbol names and symbols. */
-const struct {
-  const char *name;
-  lt_ptr_t address;
-}
-lt_preloaded_symbols[] =
-{
-EOF
-	  $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/  {\"\2\", (lt_ptr_t) \&\2},/" < "$nlist" | grep -v main >> conftest.$ac_ext
-	  cat <<\EOF >> conftest.$ac_ext
-  {0, (lt_ptr_t) 0}
-};
-
-#ifdef __cplusplus
-}
-#endif
-EOF
-	  # Now try linking the two files.
-	  mv conftest.$ac_objext conftstm.$ac_objext
-	  lt_save_LIBS="$LIBS"
-	  lt_save_CFLAGS="$CFLAGS"
-	  LIBS="conftstm.$ac_objext"
-	  CFLAGS="$CFLAGS$lt_prog_compiler_no_builtin_flag"
-	  if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && test -s conftest${ac_exeext}; then
-	    pipe_works=yes
-	  fi
-	  LIBS="$lt_save_LIBS"
-	  CFLAGS="$lt_save_CFLAGS"
-	else
-	  echo "cannot find nm_test_func in $nlist" >&5
-	fi
-      else
-	echo "cannot find nm_test_var in $nlist" >&5
-      fi
-    else
-      echo "cannot run $lt_cv_sys_global_symbol_pipe" >&5
-    fi
-  else
-    echo "$progname: failed program was:" >&5
-    cat conftest.$ac_ext >&5
-  fi
-  rm -f conftest* conftst*
-
-  # Do not use the global_symbol_pipe unless it works.
-  if test "$pipe_works" = yes; then
-    break
-  else
-    lt_cv_sys_global_symbol_pipe=
-  fi
-done
-
-fi
-
-if test -z "$lt_cv_sys_global_symbol_pipe"; then
-  lt_cv_sys_global_symbol_to_cdecl=
-fi
-if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then
-  { echo "$as_me:$LINENO: result: failed" >&5
-echo "${ECHO_T}failed" >&6; }
-else
-  { echo "$as_me:$LINENO: result: ok" >&5
-echo "${ECHO_T}ok" >&6; }
-fi
-
-{ echo "$as_me:$LINENO: checking for objdir" >&5
-echo $ECHO_N "checking for objdir... $ECHO_C" >&6; }
-if test "${lt_cv_objdir+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  rm -f .libs 2>/dev/null
-mkdir .libs 2>/dev/null
-if test -d .libs; then
-  lt_cv_objdir=.libs
-else
-  # MS-DOS does not allow filenames that begin with a dot.
-  lt_cv_objdir=_libs
-fi
-rmdir .libs 2>/dev/null
-fi
-{ echo "$as_me:$LINENO: result: $lt_cv_objdir" >&5
-echo "${ECHO_T}$lt_cv_objdir" >&6; }
-objdir=$lt_cv_objdir
-
-
-
-
-
-case $host_os in
-aix3*)
-  # AIX sometimes has problems with the GCC collect2 program.  For some
-  # reason, if we set the COLLECT_NAMES environment variable, the problems
-  # vanish in a puff of smoke.
-  if test "X${COLLECT_NAMES+set}" != Xset; then
-    COLLECT_NAMES=
-    export COLLECT_NAMES
-  fi
-  ;;
-esac
-
-# Sed substitution that helps us do robust quoting.  It backslashifies
-# metacharacters that are still active within double-quoted strings.
-Xsed='sed -e 1s/^X//'
-sed_quote_subst='s/\([\\"\\`$\\\\]\)/\\\1/g'
-
-# Same as above, but do not quote variable references.
-double_quote_subst='s/\([\\"\\`\\\\]\)/\\\1/g'
-
-# Sed substitution to delay expansion of an escaped shell variable in a
-# double_quote_subst'ed string.
-delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
-
-# Sed substitution to avoid accidental globbing in evaled expressions
-no_glob_subst='s/\*/\\\*/g'
-
-# Constants:
-rm="rm -f"
-
-# Global variables:
-default_ofile=libtool
-can_build_shared=yes
-
-# All known linkers require a `.a' archive for static linking (except MSVC,
-# which needs '.lib').
-libext=a
-ltmain="$ac_aux_dir/ltmain.sh"
-ofile="$default_ofile"
-with_gnu_ld="$lt_cv_prog_gnu_ld"
-
-if test -n "$ac_tool_prefix"; then
-  # Extract the first word of "${ac_tool_prefix}ar", so it can be a program name with args.
-set dummy ${ac_tool_prefix}ar; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_AR+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$AR"; then
-  ac_cv_prog_AR="$AR" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-    ac_cv_prog_AR="${ac_tool_prefix}ar"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-AR=$ac_cv_prog_AR
-if test -n "$AR"; then
-  { echo "$as_me:$LINENO: result: $AR" >&5
-echo "${ECHO_T}$AR" >&6; }
-else
-  { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_AR"; then
-  ac_ct_AR=$AR
-  # Extract the first word of "ar", so it can be a program name with args.
-set dummy ar; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_ac_ct_AR+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$ac_ct_AR"; then
-  ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-    ac_cv_prog_ac_ct_AR="ar"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_AR=$ac_cv_prog_ac_ct_AR
-if test -n "$ac_ct_AR"; then
-  { echo "$as_me:$LINENO: result: $ac_ct_AR" >&5
-echo "${ECHO_T}$ac_ct_AR" >&6; }
-else
-  { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-
-  if test "x$ac_ct_AR" = x; then
-    AR="false"
-  else
-    case $cross_compiling:$ac_tool_warned in
-yes:)
-{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet.  If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&5
-echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet.  If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&2;}
-ac_tool_warned=yes ;;
-esac
-    AR=$ac_ct_AR
-  fi
-else
-  AR="$ac_cv_prog_AR"
-fi
-
-if test -n "$ac_tool_prefix"; then
-  # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
-set dummy ${ac_tool_prefix}ranlib; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_RANLIB+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$RANLIB"; then
-  ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-    ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-RANLIB=$ac_cv_prog_RANLIB
-if test -n "$RANLIB"; then
-  { echo "$as_me:$LINENO: result: $RANLIB" >&5
-echo "${ECHO_T}$RANLIB" >&6; }
-else
-  { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_RANLIB"; then
-  ac_ct_RANLIB=$RANLIB
-  # Extract the first word of "ranlib", so it can be a program name with args.
-set dummy ranlib; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_ac_ct_RANLIB+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$ac_ct_RANLIB"; then
-  ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-    ac_cv_prog_ac_ct_RANLIB="ranlib"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
-if test -n "$ac_ct_RANLIB"; then
-  { echo "$as_me:$LINENO: result: $ac_ct_RANLIB" >&5
-echo "${ECHO_T}$ac_ct_RANLIB" >&6; }
-else
-  { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-
-  if test "x$ac_ct_RANLIB" = x; then
-    RANLIB=":"
-  else
-    case $cross_compiling:$ac_tool_warned in
-yes:)
-{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet.  If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&5
-echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet.  If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&2;}
-ac_tool_warned=yes ;;
-esac
-    RANLIB=$ac_ct_RANLIB
-  fi
-else
-  RANLIB="$ac_cv_prog_RANLIB"
-fi
-
-if test -n "$ac_tool_prefix"; then
-  # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
-set dummy ${ac_tool_prefix}strip; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_STRIP+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$STRIP"; then
-  ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-    ac_cv_prog_STRIP="${ac_tool_prefix}strip"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-STRIP=$ac_cv_prog_STRIP
-if test -n "$STRIP"; then
-  { echo "$as_me:$LINENO: result: $STRIP" >&5
-echo "${ECHO_T}$STRIP" >&6; }
-else
-  { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_STRIP"; then
-  ac_ct_STRIP=$STRIP
-  # Extract the first word of "strip", so it can be a program name with args.
-set dummy strip; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$ac_ct_STRIP"; then
-  ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-    ac_cv_prog_ac_ct_STRIP="strip"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
-if test -n "$ac_ct_STRIP"; then
-  { echo "$as_me:$LINENO: result: $ac_ct_STRIP" >&5
-echo "${ECHO_T}$ac_ct_STRIP" >&6; }
-else
-  { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-
-  if test "x$ac_ct_STRIP" = x; then
-    STRIP=":"
-  else
-    case $cross_compiling:$ac_tool_warned in
-yes:)
-{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet.  If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&5
-echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet.  If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&2;}
-ac_tool_warned=yes ;;
-esac
-    STRIP=$ac_ct_STRIP
-  fi
-else
-  STRIP="$ac_cv_prog_STRIP"
-fi
-
-
-old_CC="$CC"
-old_CFLAGS="$CFLAGS"
-
-# Set sane defaults for various variables
-test -z "$AR" && AR=ar
-test -z "$AR_FLAGS" && AR_FLAGS=cru
-test -z "$AS" && AS=as
-test -z "$CC" && CC=cc
-test -z "$LTCC" && LTCC=$CC
-test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS
-test -z "$DLLTOOL" && DLLTOOL=dlltool
-test -z "$LD" && LD=ld
-test -z "$LN_S" && LN_S="ln -s"
-test -z "$MAGIC_CMD" && MAGIC_CMD=file
-test -z "$NM" && NM=nm
-test -z "$SED" && SED=sed
-test -z "$OBJDUMP" && OBJDUMP=objdump
-test -z "$RANLIB" && RANLIB=:
-test -z "$STRIP" && STRIP=:
-test -z "$ac_objext" && ac_objext=o
-
-# Determine commands to create old-style static archives.
-old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs$old_deplibs'
-old_postinstall_cmds='chmod 644 $oldlib'
-old_postuninstall_cmds=
-
-if test -n "$RANLIB"; then
-  case $host_os in
-  openbsd*)
-    old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib"
-    ;;
-  *)
-    old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib"
-    ;;
-  esac
-  old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib"
-fi
-
-for cc_temp in $compiler""; do
-  case $cc_temp in
-    compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
-    distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
-    \-*) ;;
-    *) break;;
-  esac
-done
-cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
-
-
-# Only perform the check for file, if the check method requires it
-case $deplibs_check_method in
-file_magic*)
-  if test "$file_magic_cmd" = '$MAGIC_CMD'; then
-    { echo "$as_me:$LINENO: checking for ${ac_tool_prefix}file" >&5
-echo $ECHO_N "checking for ${ac_tool_prefix}file... $ECHO_C" >&6; }
-if test "${lt_cv_path_MAGIC_CMD+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  case $MAGIC_CMD in
-[\\/*] |  ?:[\\/]*)
-  lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path.
-  ;;
-*)
-  lt_save_MAGIC_CMD="$MAGIC_CMD"
-  lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
-  ac_dummy="/usr/bin$PATH_SEPARATOR$PATH"
-  for ac_dir in $ac_dummy; do
-    IFS="$lt_save_ifs"
-    test -z "$ac_dir" && ac_dir=.
-    if test -f $ac_dir/${ac_tool_prefix}file; then
-      lt_cv_path_MAGIC_CMD="$ac_dir/${ac_tool_prefix}file"
-      if test -n "$file_magic_test_file"; then
-	case $deplibs_check_method in
-	"file_magic "*)
-	  file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
-	  MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
-	  if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
-	    $EGREP "$file_magic_regex" > /dev/null; then
-	    :
-	  else
-	    cat <<EOF 1>&2
-
-*** Warning: the command libtool uses to detect shared libraries,
-*** $file_magic_cmd, produces output that libtool cannot recognize.
-*** The result is that libtool may fail to recognize shared libraries
-*** as such.  This will affect the creation of libtool libraries that
-*** depend on shared libraries, but programs linked with such libtool
-*** libraries will work regardless of this problem.  Nevertheless, you
-*** may want to report the problem to your system manager and/or to
-*** bug-libtool@gnu.org
-
-EOF
-	  fi ;;
-	esac
-      fi
-      break
-    fi
-  done
-  IFS="$lt_save_ifs"
-  MAGIC_CMD="$lt_save_MAGIC_CMD"
-  ;;
-esac
-fi
-
-MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
-if test -n "$MAGIC_CMD"; then
-  { echo "$as_me:$LINENO: result: $MAGIC_CMD" >&5
-echo "${ECHO_T}$MAGIC_CMD" >&6; }
-else
-  { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-
-if test -z "$lt_cv_path_MAGIC_CMD"; then
-  if test -n "$ac_tool_prefix"; then
-    { echo "$as_me:$LINENO: checking for file" >&5
-echo $ECHO_N "checking for file... $ECHO_C" >&6; }
-if test "${lt_cv_path_MAGIC_CMD+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  case $MAGIC_CMD in
-[\\/*] |  ?:[\\/]*)
-  lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path.
-  ;;
-*)
-  lt_save_MAGIC_CMD="$MAGIC_CMD"
-  lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
-  ac_dummy="/usr/bin$PATH_SEPARATOR$PATH"
-  for ac_dir in $ac_dummy; do
-    IFS="$lt_save_ifs"
-    test -z "$ac_dir" && ac_dir=.
-    if test -f $ac_dir/file; then
-      lt_cv_path_MAGIC_CMD="$ac_dir/file"
-      if test -n "$file_magic_test_file"; then
-	case $deplibs_check_method in
-	"file_magic "*)
-	  file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
-	  MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
-	  if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
-	    $EGREP "$file_magic_regex" > /dev/null; then
-	    :
-	  else
-	    cat <<EOF 1>&2
-
-*** Warning: the command libtool uses to detect shared libraries,
-*** $file_magic_cmd, produces output that libtool cannot recognize.
-*** The result is that libtool may fail to recognize shared libraries
-*** as such.  This will affect the creation of libtool libraries that
-*** depend on shared libraries, but programs linked with such libtool
-*** libraries will work regardless of this problem.  Nevertheless, you
-*** may want to report the problem to your system manager and/or to
-*** bug-libtool@gnu.org
-
-EOF
-	  fi ;;
-	esac
-      fi
-      break
-    fi
-  done
-  IFS="$lt_save_ifs"
-  MAGIC_CMD="$lt_save_MAGIC_CMD"
-  ;;
-esac
-fi
-
-MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
-if test -n "$MAGIC_CMD"; then
-  { echo "$as_me:$LINENO: result: $MAGIC_CMD" >&5
-echo "${ECHO_T}$MAGIC_CMD" >&6; }
-else
-  { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-
-  else
-    MAGIC_CMD=:
-  fi
-fi
-
-  fi
-  ;;
-esac
-
-enable_dlopen=no
-enable_win32_dll=no
-
-# Check whether --enable-libtool-lock was given.
-if test "${enable_libtool_lock+set}" = set; then
-  enableval=$enable_libtool_lock;
-fi
-
-test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes
-
-
-# Check whether --with-pic was given.
-if test "${with_pic+set}" = set; then
-  withval=$with_pic; pic_mode="$withval"
-else
-  pic_mode=default
-fi
-
-test -z "$pic_mode" && pic_mode=default
-
-# Use C for the default configuration in the libtool script
-tagname=
-lt_save_CC="$CC"
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-# Source file extension for C test sources.
-ac_ext=c
-
-# Object file extension for compiled C test sources.
-objext=o
-objext=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code="int some_variable = 0;\n"
-
-# Code to be used in simple link tests
-lt_simple_link_test_code='int main(){return(0);}\n'
-
-
-# If no C compiler was specified, use CC.
-LTCC=${LTCC-"$CC"}
-
-# If no C compiler flags were specified, use CFLAGS.
-LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
-
-# Allow CC to be a program name with arguments.
-compiler=$CC
-
-
-# save warnings/boilerplate of simple test code
-ac_outfile=conftest.$ac_objext
-printf "$lt_simple_compile_test_code" >conftest.$ac_ext
-eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_compiler_boilerplate=`cat conftest.err`
-$rm conftest*
-
-ac_outfile=conftest.$ac_objext
-printf "$lt_simple_link_test_code" >conftest.$ac_ext
-eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_linker_boilerplate=`cat conftest.err`
-$rm conftest*
-
-
-
-lt_prog_compiler_no_builtin_flag=
-
-if test "$GCC" = yes; then
-  lt_prog_compiler_no_builtin_flag=' -fno-builtin'
-
-
-{ echo "$as_me:$LINENO: checking if $compiler supports -fno-rtti -fno-exceptions" >&5
-echo $ECHO_N "checking if $compiler supports -fno-rtti -fno-exceptions... $ECHO_C" >&6; }
-if test "${lt_cv_prog_compiler_rtti_exceptions+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  lt_cv_prog_compiler_rtti_exceptions=no
-  ac_outfile=conftest.$ac_objext
-   printf "$lt_simple_compile_test_code" > conftest.$ac_ext
-   lt_compiler_flag="-fno-rtti -fno-exceptions"
-   # Insert the option either (1) after the last *FLAGS variable, or
-   # (2) before a word containing "conftest.", or (3) at the end.
-   # Note that $ac_compile itself does not contain backslashes and begins
-   # with a dollar sign (not a hyphen), so the echo should work correctly.
-   # The option is referenced via a variable to avoid confusing sed.
-   lt_compile=`echo "$ac_compile" | $SED \
-   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-   -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:8072: $lt_compile\"" >&5)
-   (eval "$lt_compile" 2>conftest.err)
-   ac_status=$?
-   cat conftest.err >&5
-   echo "$as_me:8076: \$? = $ac_status" >&5
-   if (exit $ac_status) && test -s "$ac_outfile"; then
-     # The compiler can only warn and ignore the option if not recognized
-     # So say no if there are warnings other than the usual output.
-     $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
-     $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
-     if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
-       lt_cv_prog_compiler_rtti_exceptions=yes
-     fi
-   fi
-   $rm conftest*
-
-fi
-{ echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_rtti_exceptions" >&5
-echo "${ECHO_T}$lt_cv_prog_compiler_rtti_exceptions" >&6; }
-
-if test x"$lt_cv_prog_compiler_rtti_exceptions" = xyes; then
-    lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions"
-else
-    :
-fi
-
-fi
-
-lt_prog_compiler_wl=
-lt_prog_compiler_pic=
-lt_prog_compiler_static=
-
-{ echo "$as_me:$LINENO: checking for $compiler option to produce PIC" >&5
-echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6; }
-
-  if test "$GCC" = yes; then
-    lt_prog_compiler_wl='-Wl,'
-    lt_prog_compiler_static='-static'
-
-    case $host_os in
-      aix*)
-      # All AIX code is PIC.
-      if test "$host_cpu" = ia64; then
-	# AIX 5 now supports IA64 processor
-	lt_prog_compiler_static='-Bstatic'
-      fi
-      ;;
-
-    amigaos*)
-      # FIXME: we need at least 68020 code to build shared libraries, but
-      # adding the `-m68020' flag to GCC prevents building anything better,
-      # like `-m68040'.
-      lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4'
-      ;;
-
-    beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
-      # PIC is the default for these OSes.
-      ;;
-
-    mingw* | pw32* | os2*)
-      # This hack is so that the source file can tell whether it is being
-      # built for inclusion in a dll (and should export symbols for example).
-      lt_prog_compiler_pic='-DDLL_EXPORT'
-      ;;
-
-    darwin* | rhapsody*)
-      # PIC is the default on this platform
-      # Common symbols not allowed in MH_DYLIB files
-      lt_prog_compiler_pic='-fno-common'
-      ;;
-
-    interix3*)
-      # Interix 3.x gcc -fpic/-fPIC options generate broken code.
-      # Instead, we relocate shared libraries at runtime.
-      ;;
-
-    msdosdjgpp*)
-      # Just because we use GCC doesn't mean we suddenly get shared libraries
-      # on systems that don't support them.
-      lt_prog_compiler_can_build_shared=no
-      enable_shared=no
-      ;;
-
-    sysv4*MP*)
-      if test -d /usr/nec; then
-	lt_prog_compiler_pic=-Kconform_pic
-      fi
-      ;;
-
-    hpux*)
-      # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
-      # not for PA HP-UX.
-      case $host_cpu in
-      hppa*64*|ia64*)
-	# +Z the default
-	;;
-      *)
-	lt_prog_compiler_pic='-fPIC'
-	;;
-      esac
-      ;;
-
-    *)
-      lt_prog_compiler_pic='-fPIC'
-      ;;
-    esac
-  else
-    # PORTME Check for flag to pass linker flags through the system compiler.
-    case $host_os in
-    aix*)
-      lt_prog_compiler_wl='-Wl,'
-      if test "$host_cpu" = ia64; then
-	# AIX 5 now supports IA64 processor
-	lt_prog_compiler_static='-Bstatic'
-      else
-	lt_prog_compiler_static='-bnso -bI:/lib/syscalls.exp'
-      fi
-      ;;
-      darwin*)
-        # PIC is the default on this platform
-        # Common symbols not allowed in MH_DYLIB files
-       case $cc_basename in
-         xlc*)
-         lt_prog_compiler_pic='-qnocommon'
-         lt_prog_compiler_wl='-Wl,'
-         ;;
-       esac
-       ;;
-
-    mingw* | pw32* | os2*)
-      # This hack is so that the source file can tell whether it is being
-      # built for inclusion in a dll (and should export symbols for example).
-      lt_prog_compiler_pic='-DDLL_EXPORT'
-      ;;
-
-    hpux9* | hpux10* | hpux11*)
-      lt_prog_compiler_wl='-Wl,'
-      # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
-      # not for PA HP-UX.
-      case $host_cpu in
-      hppa*64*|ia64*)
-	# +Z the default
-	;;
-      *)
-	lt_prog_compiler_pic='+Z'
-	;;
-      esac
-      # Is there a better lt_prog_compiler_static that works with the bundled CC?
-      lt_prog_compiler_static='${wl}-a ${wl}archive'
-      ;;
-
-    irix5* | irix6* | nonstopux*)
-      lt_prog_compiler_wl='-Wl,'
-      # PIC (with -KPIC) is the default.
-      lt_prog_compiler_static='-non_shared'
-      ;;
-
-    newsos6)
-      lt_prog_compiler_pic='-KPIC'
-      lt_prog_compiler_static='-Bstatic'
-      ;;
-
-    linux*)
-      case $cc_basename in
-      icc* | ecc*)
-	lt_prog_compiler_wl='-Wl,'
-	lt_prog_compiler_pic='-KPIC'
-	lt_prog_compiler_static='-static'
-        ;;
-      pgcc* | pgf77* | pgf90* | pgf95*)
-        # Portland Group compilers (*not* the Pentium gcc compiler,
-	# which looks to be a dead project)
-	lt_prog_compiler_wl='-Wl,'
-	lt_prog_compiler_pic='-fpic'
-	lt_prog_compiler_static='-Bstatic'
-        ;;
-      ccc*)
-        lt_prog_compiler_wl='-Wl,'
-        # All Alpha code is PIC.
-        lt_prog_compiler_static='-non_shared'
-        ;;
-      esac
-      ;;
-
-    osf3* | osf4* | osf5*)
-      lt_prog_compiler_wl='-Wl,'
-      # All OSF/1 code is PIC.
-      lt_prog_compiler_static='-non_shared'
-      ;;
-
-    solaris*)
-      lt_prog_compiler_pic='-KPIC'
-      lt_prog_compiler_static='-Bstatic'
-      case $cc_basename in
-      f77* | f90* | f95*)
-	lt_prog_compiler_wl='-Qoption ld ';;
-      *)
-	lt_prog_compiler_wl='-Wl,';;
-      esac
-      ;;
-
-    sunos4*)
-      lt_prog_compiler_wl='-Qoption ld '
-      lt_prog_compiler_pic='-PIC'
-      lt_prog_compiler_static='-Bstatic'
-      ;;
-
-    sysv4 | sysv4.2uw2* | sysv4.3*)
-      lt_prog_compiler_wl='-Wl,'
-      lt_prog_compiler_pic='-KPIC'
-      lt_prog_compiler_static='-Bstatic'
-      ;;
-
-    sysv4*MP*)
-      if test -d /usr/nec ;then
-	lt_prog_compiler_pic='-Kconform_pic'
-	lt_prog_compiler_static='-Bstatic'
-      fi
-      ;;
-
-    sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
-      lt_prog_compiler_wl='-Wl,'
-      lt_prog_compiler_pic='-KPIC'
-      lt_prog_compiler_static='-Bstatic'
-      ;;
-
-    unicos*)
-      lt_prog_compiler_wl='-Wl,'
-      lt_prog_compiler_can_build_shared=no
-      ;;
-
-    uts4*)
-      lt_prog_compiler_pic='-pic'
-      lt_prog_compiler_static='-Bstatic'
-      ;;
-
-    *)
-      lt_prog_compiler_can_build_shared=no
-      ;;
-    esac
-  fi
-
-{ echo "$as_me:$LINENO: result: $lt_prog_compiler_pic" >&5
-echo "${ECHO_T}$lt_prog_compiler_pic" >&6; }
-
-#
-# Check to make sure the PIC flag actually works.
-#
-if test -n "$lt_prog_compiler_pic"; then
-
-{ echo "$as_me:$LINENO: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5
-echo $ECHO_N "checking if $compiler PIC flag $lt_prog_compiler_pic works... $ECHO_C" >&6; }
-if test "${lt_prog_compiler_pic_works+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  lt_prog_compiler_pic_works=no
-  ac_outfile=conftest.$ac_objext
-   printf "$lt_simple_compile_test_code" > conftest.$ac_ext
-   lt_compiler_flag="$lt_prog_compiler_pic -DPIC"
-   # Insert the option either (1) after the last *FLAGS variable, or
-   # (2) before a word containing "conftest.", or (3) at the end.
-   # Note that $ac_compile itself does not contain backslashes and begins
-   # with a dollar sign (not a hyphen), so the echo should work correctly.
-   # The option is referenced via a variable to avoid confusing sed.
-   lt_compile=`echo "$ac_compile" | $SED \
-   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-   -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:8340: $lt_compile\"" >&5)
-   (eval "$lt_compile" 2>conftest.err)
-   ac_status=$?
-   cat conftest.err >&5
-   echo "$as_me:8344: \$? = $ac_status" >&5
-   if (exit $ac_status) && test -s "$ac_outfile"; then
-     # The compiler can only warn and ignore the option if not recognized
-     # So say no if there are warnings other than the usual output.
-     $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
-     $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
-     if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
-       lt_prog_compiler_pic_works=yes
-     fi
-   fi
-   $rm conftest*
-
-fi
-{ echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_works" >&5
-echo "${ECHO_T}$lt_prog_compiler_pic_works" >&6; }
-
-if test x"$lt_prog_compiler_pic_works" = xyes; then
-    case $lt_prog_compiler_pic in
-     "" | " "*) ;;
-     *) lt_prog_compiler_pic=" $lt_prog_compiler_pic" ;;
-     esac
-else
-    lt_prog_compiler_pic=
-     lt_prog_compiler_can_build_shared=no
-fi
-
-fi
-case $host_os in
-  # For platforms which do not support PIC, -DPIC is meaningless:
-  *djgpp*)
-    lt_prog_compiler_pic=
-    ;;
-  *)
-    lt_prog_compiler_pic="$lt_prog_compiler_pic -DPIC"
-    ;;
-esac
-
-#
-# Check to make sure the static flag actually works.
-#
-wl=$lt_prog_compiler_wl eval lt_tmp_static_flag=\"$lt_prog_compiler_static\"
-{ echo "$as_me:$LINENO: checking if $compiler static flag $lt_tmp_static_flag works" >&5
-echo $ECHO_N "checking if $compiler static flag $lt_tmp_static_flag works... $ECHO_C" >&6; }
-if test "${lt_prog_compiler_static_works+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  lt_prog_compiler_static_works=no
-   save_LDFLAGS="$LDFLAGS"
-   LDFLAGS="$LDFLAGS $lt_tmp_static_flag"
-   printf "$lt_simple_link_test_code" > conftest.$ac_ext
-   if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
-     # The linker can only warn and ignore the option if not recognized
-     # So say no if there are warnings
-     if test -s conftest.err; then
-       # Append any errors to the config.log.
-       cat conftest.err 1>&5
-       $echo "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp
-       $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
-       if diff conftest.exp conftest.er2 >/dev/null; then
-         lt_prog_compiler_static_works=yes
-       fi
-     else
-       lt_prog_compiler_static_works=yes
-     fi
-   fi
-   $rm conftest*
-   LDFLAGS="$save_LDFLAGS"
-
-fi
-{ echo "$as_me:$LINENO: result: $lt_prog_compiler_static_works" >&5
-echo "${ECHO_T}$lt_prog_compiler_static_works" >&6; }
-
-if test x"$lt_prog_compiler_static_works" = xyes; then
-    :
-else
-    lt_prog_compiler_static=
-fi
-
-
-{ echo "$as_me:$LINENO: checking if $compiler supports -c -o file.$ac_objext" >&5
-echo $ECHO_N "checking if $compiler supports -c -o file.$ac_objext... $ECHO_C" >&6; }
-if test "${lt_cv_prog_compiler_c_o+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  lt_cv_prog_compiler_c_o=no
-   $rm -r conftest 2>/dev/null
-   mkdir conftest
-   cd conftest
-   mkdir out
-   printf "$lt_simple_compile_test_code" > conftest.$ac_ext
-
-   lt_compiler_flag="-o out/conftest2.$ac_objext"
-   # Insert the option either (1) after the last *FLAGS variable, or
-   # (2) before a word containing "conftest.", or (3) at the end.
-   # Note that $ac_compile itself does not contain backslashes and begins
-   # with a dollar sign (not a hyphen), so the echo should work correctly.
-   lt_compile=`echo "$ac_compile" | $SED \
-   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-   -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:8444: $lt_compile\"" >&5)
-   (eval "$lt_compile" 2>out/conftest.err)
-   ac_status=$?
-   cat out/conftest.err >&5
-   echo "$as_me:8448: \$? = $ac_status" >&5
-   if (exit $ac_status) && test -s out/conftest2.$ac_objext
-   then
-     # The compiler can only warn and ignore the option if not recognized
-     # So say no if there are warnings
-     $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
-     $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
-     if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
-       lt_cv_prog_compiler_c_o=yes
-     fi
-   fi
-   chmod u+w . 2>&5
-   $rm conftest*
-   # SGI C++ compiler will create directory out/ii_files/ for
-   # template instantiation
-   test -d out/ii_files && $rm out/ii_files/* && rmdir out/ii_files
-   $rm out/* && rmdir out
-   cd ..
-   rmdir conftest
-   $rm conftest*
-
-fi
-{ echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_c_o" >&5
-echo "${ECHO_T}$lt_cv_prog_compiler_c_o" >&6; }
-
-
-hard_links="nottested"
-if test "$lt_cv_prog_compiler_c_o" = no && test "$need_locks" != no; then
-  # do not overwrite the value of need_locks provided by the user
-  { echo "$as_me:$LINENO: checking if we can lock with hard links" >&5
-echo $ECHO_N "checking if we can lock with hard links... $ECHO_C" >&6; }
-  hard_links=yes
-  $rm conftest*
-  ln conftest.a conftest.b 2>/dev/null && hard_links=no
-  touch conftest.a
-  ln conftest.a conftest.b 2>&5 || hard_links=no
-  ln conftest.a conftest.b 2>/dev/null && hard_links=no
-  { echo "$as_me:$LINENO: result: $hard_links" >&5
-echo "${ECHO_T}$hard_links" >&6; }
-  if test "$hard_links" = no; then
-    { echo "$as_me:$LINENO: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5
-echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;}
-    need_locks=warn
-  fi
-else
-  need_locks=no
-fi
-
-{ echo "$as_me:$LINENO: checking whether the $compiler linker ($LD) supports shared libraries" >&5
-echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared libraries... $ECHO_C" >&6; }
-
-  runpath_var=
-  allow_undefined_flag=
-  enable_shared_with_static_runtimes=no
-  archive_cmds=
-  archive_expsym_cmds=
-  old_archive_From_new_cmds=
-  old_archive_from_expsyms_cmds=
-  export_dynamic_flag_spec=
-  whole_archive_flag_spec=
-  thread_safe_flag_spec=
-  hardcode_libdir_flag_spec=
-  hardcode_libdir_flag_spec_ld=
-  hardcode_libdir_separator=
-  hardcode_direct=no
-  hardcode_minus_L=no
-  hardcode_shlibpath_var=unsupported
-  link_all_deplibs=unknown
-  hardcode_automatic=no
-  module_cmds=
-  module_expsym_cmds=
-  always_export_symbols=no
-  export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
-  # include_expsyms should be a list of space-separated symbols to be *always*
-  # included in the symbol list
-  include_expsyms=
-  # exclude_expsyms can be an extended regexp of symbols to exclude
-  # it will be wrapped by ` (' and `)$', so one must not match beginning or
-  # end of line.  Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc',
-  # as well as any symbol that contains `d'.
-  exclude_expsyms="_GLOBAL_OFFSET_TABLE_"
-  # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
-  # platforms (ab)use it in PIC code, but their linkers get confused if
-  # the symbol is explicitly referenced.  Since portable code cannot
-  # rely on this symbol name, it's probably fine to never include it in
-  # preloaded symbol tables.
-  extract_expsyms_cmds=
-  # Just being paranoid about ensuring that cc_basename is set.
-  for cc_temp in $compiler""; do
-  case $cc_temp in
-    compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
-    distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
-    \-*) ;;
-    *) break;;
-  esac
-done
-cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
-
-  case $host_os in
-  cygwin* | mingw* | pw32*)
-    # FIXME: the MSVC++ port hasn't been tested in a loooong time
-    # When not using gcc, we currently assume that we are using
-    # Microsoft Visual C++.
-    if test "$GCC" != yes; then
-      with_gnu_ld=no
-    fi
-    ;;
-  interix*)
-    # we just hope/assume this is gcc and not c89 (= MSVC++)
-    with_gnu_ld=yes
-    ;;
-  openbsd*)
-    with_gnu_ld=no
-    ;;
-  esac
-
-  ld_shlibs=yes
-  if test "$with_gnu_ld" = yes; then
-    # If archive_cmds runs LD, not CC, wlarc should be empty
-    wlarc='${wl}'
-
-    # Set some defaults for GNU ld with shared library support. These
-    # are reset later if shared libraries are not supported. Putting them
-    # here allows them to be overridden if necessary.
-    runpath_var=LD_RUN_PATH
-    hardcode_libdir_flag_spec='${wl}--rpath ${wl}$libdir'
-    export_dynamic_flag_spec='${wl}--export-dynamic'
-    # ancient GNU ld didn't support --whole-archive et. al.
-    if $LD --help 2>&1 | grep 'no-whole-archive' > /dev/null; then
-	whole_archive_flag_spec="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
-      else
-  	whole_archive_flag_spec=
-    fi
-    supports_anon_versioning=no
-    case `$LD -v 2>/dev/null` in
-      *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11
-      *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
-      *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
-      *\ 2.11.*) ;; # other 2.11 versions
-      *) supports_anon_versioning=yes ;;
-    esac
-
-    # See if GNU ld supports shared libraries.
-    case $host_os in
-    aix3* | aix4* | aix5*)
-      # On AIX/PPC, the GNU linker is very broken
-      if test "$host_cpu" != ia64; then
-	ld_shlibs=no
-	cat <<EOF 1>&2
-
-*** Warning: the GNU linker, at least up to release 2.9.1, is reported
-*** to be unable to reliably create shared libraries on AIX.
-*** Therefore, libtool is disabling shared libraries support.  If you
-*** really care for shared libraries, you may want to modify your PATH
-*** so that a non-GNU linker is found, and then restart.
-
-EOF
-      fi
-      ;;
-
-    amigaos*)
-      archive_cmds='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
-      hardcode_libdir_flag_spec='-L$libdir'
-      hardcode_minus_L=yes
-
-      # Samuel A. Falvo II <kc5tja@dolphin.openprojects.net> reports
-      # that the semantics of dynamic libraries on AmigaOS, at least up
-      # to version 4, is to share data among multiple programs linked
-      # with the same dynamic library.  Since this doesn't match the
-      # behavior of shared libraries on other platforms, we can't use
-      # them.
-      ld_shlibs=no
-      ;;
-
-    beos*)
-      if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
-	allow_undefined_flag=unsupported
-	# Joseph Beckenbach <jrb3@best.com> says some releases of gcc
-	# support --undefined.  This deserves some investigation.  FIXME
-	archive_cmds='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
-      else
-	ld_shlibs=no
-      fi
-      ;;
-
-    cygwin* | mingw* | pw32*)
-      # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless,
-      # as there is no search path for DLLs.
-      hardcode_libdir_flag_spec='-L$libdir'
-      allow_undefined_flag=unsupported
-      always_export_symbols=no
-      enable_shared_with_static_runtimes=yes
-      export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols'
-
-      if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
-        archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
-	# If the export-symbols file already is a .def file (1st line
-	# is EXPORTS), use it as is; otherwise, prepend...
-	archive_expsym_cmds='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
-	  cp $export_symbols $output_objdir/$soname.def;
-	else
-	  echo EXPORTS > $output_objdir/$soname.def;
-	  cat $export_symbols >> $output_objdir/$soname.def;
-	fi~
-	$CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
-      else
-	ld_shlibs=no
-      fi
-      ;;
-
-    interix3*)
-      hardcode_direct=no
-      hardcode_shlibpath_var=no
-      hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
-      export_dynamic_flag_spec='${wl}-E'
-      # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
-      # Instead, shared libraries are loaded at an image base (0x10000000 by
-      # default) and relocated if they conflict, which is a slow very memory
-      # consuming and fragmenting process.  To avoid this, we pick a random,
-      # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
-      # time.  Moving up from 0x10000000 also allows more sbrk(2) space.
-      archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-      archive_expsym_cmds='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-      ;;
-
-    linux*)
-      if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
-	tmp_addflag=
-	case $cc_basename,$host_cpu in
-	pgcc*)				# Portland Group C compiler
-	  whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
-	  tmp_addflag=' $pic_flag'
-	  ;;
-	pgf77* | pgf90* | pgf95*)	# Portland Group f77 and f90 compilers
-	  whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
-	  tmp_addflag=' $pic_flag -Mnomain' ;;
-	ecc*,ia64* | icc*,ia64*)		# Intel C compiler on ia64
-	  tmp_addflag=' -i_dynamic' ;;
-	efc*,ia64* | ifort*,ia64*)	# Intel Fortran compiler on ia64
-	  tmp_addflag=' -i_dynamic -nofor_main' ;;
-	ifc* | ifort*)			# Intel Fortran compiler
-	  tmp_addflag=' -nofor_main' ;;
-	esac
-	archive_cmds='$CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
-
-	if test $supports_anon_versioning = yes; then
-	  archive_expsym_cmds='$echo "{ global:" > $output_objdir/$libname.ver~
-  cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
-  $echo "local: *; };" >> $output_objdir/$libname.ver~
-	  $CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
-	fi
-      else
-	ld_shlibs=no
-      fi
-      ;;
-
-    netbsd*)
-      if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
-	archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
-	wlarc=
-      else
-	archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
-	archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
-      fi
-      ;;
-
-    solaris*)
-      if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then
-	ld_shlibs=no
-	cat <<EOF 1>&2
-
-*** Warning: The releases 2.8.* of the GNU linker cannot reliably
-*** create shared libraries on Solaris systems.  Therefore, libtool
-*** is disabling shared libraries support.  We urge you to upgrade GNU
-*** binutils to release 2.9.1 or newer.  Another option is to modify
-*** your PATH or compiler configuration so that the native linker is
-*** used, and then restart.
-
-EOF
-      elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
-	archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
-	archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
-      else
-	ld_shlibs=no
-      fi
-      ;;
-
-    sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
-      case `$LD -v 2>&1` in
-        *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*)
-	ld_shlibs=no
-	cat <<_LT_EOF 1>&2
-
-*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not
-*** reliably create shared libraries on SCO systems.  Therefore, libtool
-*** is disabling shared libraries support.  We urge you to upgrade GNU
-*** binutils to release 2.16.91.0.3 or newer.  Another option is to modify
-*** your PATH or compiler configuration so that the native linker is
-*** used, and then restart.
-
-_LT_EOF
-	;;
-	*)
-	  if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
-	    hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-rpath,$libdir`'
-	    archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib'
-	    archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname,-retain-symbols-file,$export_symbols -o $lib'
-	  else
-	    ld_shlibs=no
-	  fi
-	;;
-      esac
-      ;;
-
-    sunos4*)
-      archive_cmds='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
-      wlarc=
-      hardcode_direct=yes
-      hardcode_shlibpath_var=no
-      ;;
-
-    *)
-      if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
-	archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
-	archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
-      else
-	ld_shlibs=no
-      fi
-      ;;
-    esac
-
-    if test "$ld_shlibs" = no; then
-      runpath_var=
-      hardcode_libdir_flag_spec=
-      export_dynamic_flag_spec=
-      whole_archive_flag_spec=
-    fi
-  else
-    # PORTME fill in a description of your system's linker (not GNU ld)
-    case $host_os in
-    aix3*)
-      allow_undefined_flag=unsupported
-      always_export_symbols=yes
-      archive_expsym_cmds='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
-      # Note: this linker hardcodes the directories in LIBPATH if there
-      # are no directories specified by -L.
-      hardcode_minus_L=yes
-      if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then
-	# Neither direct hardcoding nor static linking is supported with a
-	# broken collect2.
-	hardcode_direct=unsupported
-      fi
-      ;;
-
-    aix4* | aix5*)
-      if test "$host_cpu" = ia64; then
-	# On IA64, the linker does run time linking by default, so we don't
-	# have to do anything special.
-	aix_use_runtimelinking=no
-	exp_sym_flag='-Bexport'
-	no_entry_flag=""
-      else
-	# If we're using GNU nm, then we don't want the "-C" option.
-	# -C means demangle to AIX nm, but means don't demangle with GNU nm
-	if $NM -V 2>&1 | grep 'GNU' > /dev/null; then
-	  export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols'
-	else
-	  export_symbols_cmds='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols'
-	fi
-	aix_use_runtimelinking=no
-
-	# Test if we are trying to use run time linking or normal
-	# AIX style linking. If -brtl is somewhere in LDFLAGS, we
-	# need to do runtime linking.
-	case $host_os in aix4.[23]|aix4.[23].*|aix5*)
-	  for ld_flag in $LDFLAGS; do
-  	  if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
-  	    aix_use_runtimelinking=yes
-  	    break
-  	  fi
-	  done
-	  ;;
-	esac
-
-	exp_sym_flag='-bexport'
-	no_entry_flag='-bnoentry'
-      fi
-
-      # When large executables or shared objects are built, AIX ld can
-      # have problems creating the table of contents.  If linking a library
-      # or program results in "error TOC overflow" add -mminimal-toc to
-      # CXXFLAGS/CFLAGS for g++/gcc.  In the cases where that is not
-      # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
-
-      archive_cmds=''
-      hardcode_direct=yes
-      hardcode_libdir_separator=':'
-      link_all_deplibs=yes
-
-      if test "$GCC" = yes; then
-	case $host_os in aix4.[012]|aix4.[012].*)
-	# We only want to do this on AIX 4.2 and lower, the check
-	# below for broken collect2 doesn't work under 4.3+
-	  collect2name=`${CC} -print-prog-name=collect2`
-	  if test -f "$collect2name" && \
-  	   strings "$collect2name" | grep resolve_lib_name >/dev/null
-	  then
-  	  # We have reworked collect2
-  	  hardcode_direct=yes
-	  else
-  	  # We have old collect2
-  	  hardcode_direct=unsupported
-  	  # It fails to find uninstalled libraries when the uninstalled
-  	  # path is not listed in the libpath.  Setting hardcode_minus_L
-  	  # to unsupported forces relinking
-  	  hardcode_minus_L=yes
-  	  hardcode_libdir_flag_spec='-L$libdir'
-  	  hardcode_libdir_separator=
-	  fi
-	  ;;
-	esac
-	shared_flag='-shared'
-	if test "$aix_use_runtimelinking" = yes; then
-	  shared_flag="$shared_flag "'${wl}-G'
-	fi
-      else
-	# not using gcc
-	if test "$host_cpu" = ia64; then
-  	# VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
-  	# chokes on -Wl,-G. The following line is correct:
-	  shared_flag='-G'
-	else
-	  if test "$aix_use_runtimelinking" = yes; then
-	    shared_flag='${wl}-G'
-	  else
-	    shared_flag='${wl}-bM:SRE'
-	  fi
-	fi
-      fi
-
-      # It seems that -bexpall does not export symbols beginning with
-      # underscore (_), so it is better to generate a list of symbols to export.
-      always_export_symbols=yes
-      if test "$aix_use_runtimelinking" = yes; then
-	# Warning - without using the other runtime loading flags (-brtl),
-	# -berok will link without error, but may produce a broken library.
-	allow_undefined_flag='-berok'
-       # Determine the default libpath from the value encoded in an empty executable.
-       cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-
-aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
-}'`
-# Check for a 64-bit object if we didn't find anything.
-if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
-}'`; fi
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
-
-       hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
-	archive_expsym_cmds="\$CC"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
-       else
-	if test "$host_cpu" = ia64; then
-	  hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib'
-	  allow_undefined_flag="-z nodefs"
-	  archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols"
-	else
-	 # Determine the default libpath from the value encoded in an empty executable.
-	 cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-
-aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
-}'`
-# Check for a 64-bit object if we didn't find anything.
-if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
-}'`; fi
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
-
-	 hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
-	  # Warning - without using the other run time loading flags,
-	  # -berok will link without error, but may produce a broken library.
-	  no_undefined_flag=' ${wl}-bernotok'
-	  allow_undefined_flag=' ${wl}-berok'
-	  # Exported symbols can be pulled into shared objects from archives
-	  whole_archive_flag_spec='$convenience'
-	  archive_cmds_need_lc=yes
-	  # This is similar to how AIX traditionally builds its shared libraries.
-	  archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
-	fi
-      fi
-      ;;
-
-    amigaos*)
-      archive_cmds='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
-      hardcode_libdir_flag_spec='-L$libdir'
-      hardcode_minus_L=yes
-      # see comment about different semantics on the GNU ld section
-      ld_shlibs=no
-      ;;
-
-    bsdi[45]*)
-      export_dynamic_flag_spec=-rdynamic
-      ;;
-
-    cygwin* | mingw* | pw32*)
-      # When not using gcc, we currently assume that we are using
-      # Microsoft Visual C++.
-      # hardcode_libdir_flag_spec is actually meaningless, as there is
-      # no search path for DLLs.
-      hardcode_libdir_flag_spec=' '
-      allow_undefined_flag=unsupported
-      # Tell ltmain to make .lib files, not .a files.
-      libext=lib
-      # Tell ltmain to make .dll files, not .so files.
-      shrext_cmds=".dll"
-      # FIXME: Setting linknames here is a bad hack.
-      archive_cmds='$CC -o $lib $libobjs $compiler_flags `echo "$deplibs" | $SED -e '\''s/ -lc$//'\''` -link -dll~linknames='
-      # The linker will automatically build a .lib file if we build a DLL.
-      old_archive_From_new_cmds='true'
-      # FIXME: Should let the user specify the lib program.
-      old_archive_cmds='lib /OUT:$oldlib$oldobjs$old_deplibs'
-      fix_srcfile_path='`cygpath -w "$srcfile"`'
-      enable_shared_with_static_runtimes=yes
-      ;;
-
-    darwin* | rhapsody*)
-      case $host_os in
-        rhapsody* | darwin1.[012])
-         allow_undefined_flag='${wl}-undefined ${wl}suppress'
-         ;;
-       *) # Darwin 1.3 on
-         if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then
-           allow_undefined_flag='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
-         else
-           case ${MACOSX_DEPLOYMENT_TARGET} in
-             10.[012])
-               allow_undefined_flag='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
-               ;;
-             10.*)
-               allow_undefined_flag='${wl}-undefined ${wl}dynamic_lookup'
-               ;;
-           esac
-         fi
-         ;;
-      esac
-      archive_cmds_need_lc=no
-      hardcode_direct=no
-      hardcode_automatic=yes
-      hardcode_shlibpath_var=unsupported
-      whole_archive_flag_spec=''
-      link_all_deplibs=yes
-    if test "$GCC" = yes ; then
-    	output_verbose_link_cmd='echo'
-        archive_cmds='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring'
-      module_cmds='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
-      # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
-      archive_expsym_cmds='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
-      module_expsym_cmds='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag  -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
-    else
-      case $cc_basename in
-        xlc*)
-         output_verbose_link_cmd='echo'
-         archive_cmds='$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring'
-         module_cmds='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
-          # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
-         archive_expsym_cmds='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
-          module_expsym_cmds='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag  -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
-          ;;
-       *)
-         ld_shlibs=no
-          ;;
-      esac
-    fi
-      ;;
-
-    dgux*)
-      archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      hardcode_libdir_flag_spec='-L$libdir'
-      hardcode_shlibpath_var=no
-      ;;
-
-    freebsd1*)
-      ld_shlibs=no
-      ;;
-
-    # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
-    # support.  Future versions do this automatically, but an explicit c++rt0.o
-    # does not break anything, and helps significantly (at the cost of a little
-    # extra space).
-    freebsd2.2*)
-      archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
-      hardcode_libdir_flag_spec='-R$libdir'
-      hardcode_direct=yes
-      hardcode_shlibpath_var=no
-      ;;
-
-    # Unfortunately, older versions of FreeBSD 2 do not have this feature.
-    freebsd2*)
-      archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
-      hardcode_direct=yes
-      hardcode_minus_L=yes
-      hardcode_shlibpath_var=no
-      ;;
-
-    # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
-    freebsd* | kfreebsd*-gnu | dragonfly*)
-      archive_cmds='$CC -shared -o $lib $libobjs $deplibs $compiler_flags'
-      hardcode_libdir_flag_spec='-R$libdir'
-      hardcode_direct=yes
-      hardcode_shlibpath_var=no
-      ;;
-
-    hpux9*)
-      if test "$GCC" = yes; then
-	archive_cmds='$rm $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
-      else
-	archive_cmds='$rm $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
-      fi
-      hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
-      hardcode_libdir_separator=:
-      hardcode_direct=yes
-
-      # hardcode_minus_L: Not really in the search PATH,
-      # but as the default location of the library.
-      hardcode_minus_L=yes
-      export_dynamic_flag_spec='${wl}-E'
-      ;;
-
-    hpux10*)
-      if test "$GCC" = yes -a "$with_gnu_ld" = no; then
-	archive_cmds='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
-      fi
-      if test "$with_gnu_ld" = no; then
-	hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
-	hardcode_libdir_separator=:
-
-	hardcode_direct=yes
-	export_dynamic_flag_spec='${wl}-E'
-
-	# hardcode_minus_L: Not really in the search PATH,
-	# but as the default location of the library.
-	hardcode_minus_L=yes
-      fi
-      ;;
-
-    hpux11*)
-      if test "$GCC" = yes -a "$with_gnu_ld" = no; then
-	case $host_cpu in
-	hppa*64*)
-	  archive_cmds='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	ia64*)
-	  archive_cmds='$CC -shared ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	*)
-	  archive_cmds='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	esac
-      else
-	case $host_cpu in
-	hppa*64*)
-	  archive_cmds='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	ia64*)
-	  archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	*)
-	  archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	esac
-      fi
-      if test "$with_gnu_ld" = no; then
-	hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
-	hardcode_libdir_separator=:
-
-	case $host_cpu in
-	hppa*64*|ia64*)
-	  hardcode_libdir_flag_spec_ld='+b $libdir'
-	  hardcode_direct=no
-	  hardcode_shlibpath_var=no
-	  ;;
-	*)
-	  hardcode_direct=yes
-	  export_dynamic_flag_spec='${wl}-E'
-
-	  # hardcode_minus_L: Not really in the search PATH,
-	  # but as the default location of the library.
-	  hardcode_minus_L=yes
-	  ;;
-	esac
-      fi
-      ;;
-
-    irix5* | irix6* | nonstopux*)
-      if test "$GCC" = yes; then
-	archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
-      else
-	archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
-	hardcode_libdir_flag_spec_ld='-rpath $libdir'
-      fi
-      hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
-      hardcode_libdir_separator=:
-      link_all_deplibs=yes
-      ;;
-
-    netbsd*)
-      if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
-	archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'  # a.out
-      else
-	archive_cmds='$LD -shared -o $lib $libobjs $deplibs $linker_flags'      # ELF
-      fi
-      hardcode_libdir_flag_spec='-R$libdir'
-      hardcode_direct=yes
-      hardcode_shlibpath_var=no
-      ;;
-
-    newsos6)
-      archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      hardcode_direct=yes
-      hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
-      hardcode_libdir_separator=:
-      hardcode_shlibpath_var=no
-      ;;
-
-    openbsd*)
-      hardcode_direct=yes
-      hardcode_shlibpath_var=no
-      if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
-	archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
-	archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols'
-	hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
-	export_dynamic_flag_spec='${wl}-E'
-      else
-       case $host_os in
-	 openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*)
-	   archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
-	   hardcode_libdir_flag_spec='-R$libdir'
-	   ;;
-	 *)
-	   archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
-	   hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
-	   ;;
-       esac
-      fi
-      ;;
-
-    os2*)
-      hardcode_libdir_flag_spec='-L$libdir'
-      hardcode_minus_L=yes
-      allow_undefined_flag=unsupported
-      archive_cmds='$echo "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$echo "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$echo DATA >> $output_objdir/$libname.def~$echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~$echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def'
-      old_archive_From_new_cmds='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def'
-      ;;
-
-    osf3*)
-      if test "$GCC" = yes; then
-	allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*'
-	archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
-      else
-	allow_undefined_flag=' -expect_unresolved \*'
-	archive_cmds='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
-      fi
-      hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
-      hardcode_libdir_separator=:
-      ;;
-
-    osf4* | osf5*)	# as osf3* with the addition of -msym flag
-      if test "$GCC" = yes; then
-	allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*'
-	archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
-	hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
-      else
-	allow_undefined_flag=' -expect_unresolved \*'
-	archive_cmds='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
-	archive_expsym_cmds='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; echo "-hidden">> $lib.exp~
-	$LD -shared${allow_undefined_flag} -input $lib.exp $linker_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib~$rm $lib.exp'
-
-	# Both c and cxx compiler support -rpath directly
-	hardcode_libdir_flag_spec='-rpath $libdir'
-      fi
-      hardcode_libdir_separator=:
-      ;;
-
-    solaris*)
-      no_undefined_flag=' -z text'
-      if test "$GCC" = yes; then
-	wlarc='${wl}'
-	archive_cmds='$CC -shared ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
-	archive_expsym_cmds='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
-	  $CC -shared ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$rm $lib.exp'
-      else
-	wlarc=''
-	archive_cmds='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	archive_expsym_cmds='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
-  	$LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp'
-      fi
-      hardcode_libdir_flag_spec='-R$libdir'
-      hardcode_shlibpath_var=no
-      case $host_os in
-      solaris2.[0-5] | solaris2.[0-5].*) ;;
-      *)
- 	# The compiler driver will combine linker options so we
- 	# cannot just pass the convience library names through
- 	# without $wl, iff we do not link with $LD.
- 	# Luckily, gcc supports the same syntax we need for Sun Studio.
- 	# Supported since Solaris 2.6 (maybe 2.5.1?)
- 	case $wlarc in
- 	'')
- 	  whole_archive_flag_spec='-z allextract$convenience -z defaultextract' ;;
- 	*)
- 	  whole_archive_flag_spec='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract' ;;
- 	esac ;;
-      esac
-      link_all_deplibs=yes
-      ;;
-
-    sunos4*)
-      if test "x$host_vendor" = xsequent; then
-	# Use $CC to link under sequent, because it throws in some extra .o
-	# files that make .init and .fini sections work.
-	archive_cmds='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
-      fi
-      hardcode_libdir_flag_spec='-L$libdir'
-      hardcode_direct=yes
-      hardcode_minus_L=yes
-      hardcode_shlibpath_var=no
-      ;;
-
-    sysv4)
-      case $host_vendor in
-	sni)
-	  archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	  hardcode_direct=yes # is this really true???
-	;;
-	siemens)
-	  ## LD is ld it makes a PLAMLIB
-	  ## CC just makes a GrossModule.
-	  archive_cmds='$LD -G -o $lib $libobjs $deplibs $linker_flags'
-	  reload_cmds='$CC -r -o $output$reload_objs'
-	  hardcode_direct=no
-        ;;
-	motorola)
-	  archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	  hardcode_direct=no #Motorola manual says yes, but my tests say they lie
-	;;
-      esac
-      runpath_var='LD_RUN_PATH'
-      hardcode_shlibpath_var=no
-      ;;
-
-    sysv4.3*)
-      archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      hardcode_shlibpath_var=no
-      export_dynamic_flag_spec='-Bexport'
-      ;;
-
-    sysv4*MP*)
-      if test -d /usr/nec; then
-	archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	hardcode_shlibpath_var=no
-	runpath_var=LD_RUN_PATH
-	hardcode_runpath_var=yes
-	ld_shlibs=yes
-      fi
-      ;;
-
-    sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7*)
-      no_undefined_flag='${wl}-z,text'
-      archive_cmds_need_lc=no
-      hardcode_shlibpath_var=no
-      runpath_var='LD_RUN_PATH'
-
-      if test "$GCC" = yes; then
-	archive_cmds='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	archive_cmds='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-      fi
-      ;;
-
-    sysv5* | sco3.2v5* | sco5v6*)
-      # Note: We can NOT use -z defs as we might desire, because we do not
-      # link with -lc, and that would cause any symbols used from libc to
-      # always be unresolved, which means just about no library would
-      # ever link correctly.  If we're not using GNU ld we use -z text
-      # though, which does catch some bad symbols but isn't as heavy-handed
-      # as -z defs.
-      no_undefined_flag='${wl}-z,text'
-      allow_undefined_flag='${wl}-z,nodefs'
-      archive_cmds_need_lc=no
-      hardcode_shlibpath_var=no
-      hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`'
-      hardcode_libdir_separator=':'
-      link_all_deplibs=yes
-      export_dynamic_flag_spec='${wl}-Bexport'
-      runpath_var='LD_RUN_PATH'
-
-      if test "$GCC" = yes; then
-	archive_cmds='$CC -shared ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
-	archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	archive_cmds='$CC -G ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
-	archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
-      fi
-      ;;
-
-    uts4*)
-      archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      hardcode_libdir_flag_spec='-L$libdir'
-      hardcode_shlibpath_var=no
-      ;;
-
-    *)
-      ld_shlibs=no
-      ;;
-    esac
-  fi
-
-{ echo "$as_me:$LINENO: result: $ld_shlibs" >&5
-echo "${ECHO_T}$ld_shlibs" >&6; }
-test "$ld_shlibs" = no && can_build_shared=no
-
-#
-# Do we need to explicitly link libc?
-#
-case "x$archive_cmds_need_lc" in
-x|xyes)
-  # Assume -lc should be added
-  archive_cmds_need_lc=yes
-
-  if test "$enable_shared" = yes && test "$GCC" = yes; then
-    case $archive_cmds in
-    *'~'*)
-      # FIXME: we may have to deal with multi-command sequences.
-      ;;
-    '$CC '*)
-      # Test whether the compiler implicitly links with -lc since on some
-      # systems, -lgcc has to come before -lc. If gcc already passes -lc
-      # to ld, don't add -lc before -lgcc.
-      { echo "$as_me:$LINENO: checking whether -lc should be explicitly linked in" >&5
-echo $ECHO_N "checking whether -lc should be explicitly linked in... $ECHO_C" >&6; }
-      $rm conftest*
-      printf "$lt_simple_compile_test_code" > conftest.$ac_ext
-
-      if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } 2>conftest.err; then
-        soname=conftest
-        lib=conftest
-        libobjs=conftest.$ac_objext
-        deplibs=
-        wl=$lt_prog_compiler_wl
-	pic_flag=$lt_prog_compiler_pic
-        compiler_flags=-v
-        linker_flags=-v
-        verstring=
-        output_objdir=.
-        libname=conftest
-        lt_save_allow_undefined_flag=$allow_undefined_flag
-        allow_undefined_flag=
-        if { (eval echo "$as_me:$LINENO: \"$archive_cmds 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1\"") >&5
-  (eval $archive_cmds 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }
-        then
-	  archive_cmds_need_lc=no
-        else
-	  archive_cmds_need_lc=yes
-        fi
-        allow_undefined_flag=$lt_save_allow_undefined_flag
-      else
-        cat conftest.err 1>&5
-      fi
-      $rm conftest*
-      { echo "$as_me:$LINENO: result: $archive_cmds_need_lc" >&5
-echo "${ECHO_T}$archive_cmds_need_lc" >&6; }
-      ;;
-    esac
-  fi
-  ;;
-esac
-
-{ echo "$as_me:$LINENO: checking dynamic linker characteristics" >&5
-echo $ECHO_N "checking dynamic linker characteristics... $ECHO_C" >&6; }
-library_names_spec=
-libname_spec='lib$name'
-soname_spec=
-shrext_cmds=".so"
-postinstall_cmds=
-postuninstall_cmds=
-finish_cmds=
-finish_eval=
-shlibpath_var=
-shlibpath_overrides_runpath=unknown
-version_type=none
-dynamic_linker="$host_os ld.so"
-sys_lib_dlsearch_path_spec="/lib /usr/lib"
-if test "$GCC" = yes; then
-  sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
-  if echo "$sys_lib_search_path_spec" | grep ';' >/dev/null ; then
-    # if the path contains ";" then we assume it to be the separator
-    # otherwise default to the standard path separator (i.e. ":") - it is
-    # assumed that no part of a normal pathname contains ";" but that should
-    # okay in the real world where ";" in dirpaths is itself problematic.
-    sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
-  else
-    sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED  -e "s/$PATH_SEPARATOR/ /g"`
-  fi
-else
-  sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
-fi
-need_lib_prefix=unknown
-hardcode_into_libs=no
-
-# when you set need_version to no, make sure it does not cause -set_version
-# flags to be left without arguments
-need_version=unknown
-
-case $host_os in
-aix3*)
-  version_type=linux
-  library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
-  shlibpath_var=LIBPATH
-
-  # AIX 3 has no versioning support, so we append a major version to the name.
-  soname_spec='${libname}${release}${shared_ext}$major'
-  ;;
-
-aix4* | aix5*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  hardcode_into_libs=yes
-  if test "$host_cpu" = ia64; then
-    # AIX 5 supports IA64
-    library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}'
-    shlibpath_var=LD_LIBRARY_PATH
-  else
-    # With GCC up to 2.95.x, collect2 would create an import file
-    # for dependence libraries.  The import file would start with
-    # the line `#! .'.  This would cause the generated library to
-    # depend on `.', always an invalid library.  This was fixed in
-    # development snapshots of GCC prior to 3.0.
-    case $host_os in
-      aix4 | aix4.[01] | aix4.[01].*)
-      if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
-	   echo ' yes '
-	   echo '#endif'; } | ${CC} -E - | grep yes > /dev/null; then
-	:
-      else
-	can_build_shared=no
-      fi
-      ;;
-    esac
-    # AIX (on Power*) has no versioning support, so currently we can not hardcode correct
-    # soname into executable. Probably we can add versioning support to
-    # collect2, so additional links can be useful in future.
-    if test "$aix_use_runtimelinking" = yes; then
-      # If using run time linking (on AIX 4.2 or later) use lib<name>.so
-      # instead of lib<name>.a to let people know that these are not
-      # typical AIX shared libraries.
-      library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-    else
-      # We preserve .a as extension for shared libraries through AIX4.2
-      # and later when we are not doing run time linking.
-      library_names_spec='${libname}${release}.a $libname.a'
-      soname_spec='${libname}${release}${shared_ext}$major'
-    fi
-    shlibpath_var=LIBPATH
-  fi
-  ;;
-
-amigaos*)
-  library_names_spec='$libname.ixlibrary $libname.a'
-  # Create ${libname}_ixlibrary.a entries in /sys/libs.
-  finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
-  ;;
-
-beos*)
-  library_names_spec='${libname}${shared_ext}'
-  dynamic_linker="$host_os ld.so"
-  shlibpath_var=LIBRARY_PATH
-  ;;
-
-bsdi[45]*)
-  version_type=linux
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
-  sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
-  # the default ld.so.conf also contains /usr/contrib/lib and
-  # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
-  # libtool to hard-code these into programs
-  ;;
-
-cygwin* | mingw* | pw32*)
-  version_type=windows
-  shrext_cmds=".dll"
-  need_version=no
-  need_lib_prefix=no
-
-  case $GCC,$host_os in
-  yes,cygwin* | yes,mingw* | yes,pw32*)
-    library_names_spec='$libname.dll.a'
-    # DLL is installed to $(libdir)/../bin by postinstall_cmds
-    postinstall_cmds='base_file=`basename \${file}`~
-      dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i;echo \$dlname'\''`~
-      dldir=$destdir/`dirname \$dlpath`~
-      test -d \$dldir || mkdir -p \$dldir~
-      $install_prog $dir/$dlname \$dldir/$dlname~
-      chmod a+x \$dldir/$dlname'
-    postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
-      dlpath=$dir/\$dldll~
-       $rm \$dlpath'
-    shlibpath_overrides_runpath=yes
-
-    case $host_os in
-    cygwin*)
-      # Cygwin DLLs use 'cyg' prefix rather than 'lib'
-      soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
-      sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib"
-      ;;
-    mingw*)
-      # MinGW DLLs use traditional 'lib' prefix
-      soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
-      sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
-      if echo "$sys_lib_search_path_spec" | grep ';[c-zC-Z]:/' >/dev/null; then
-        # It is most probably a Windows format PATH printed by
-        # mingw gcc, but we are running on Cygwin. Gcc prints its search
-        # path with ; separators, and with drive letters. We can handle the
-        # drive letters (cygwin fileutils understands them), so leave them,
-        # especially as we might pass files found there to a mingw objdump,
-        # which wouldn't understand a cygwinified path. Ahh.
-        sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
-      else
-        sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED  -e "s/$PATH_SEPARATOR/ /g"`
-      fi
-      ;;
-    pw32*)
-      # pw32 DLLs use 'pw' prefix rather than 'lib'
-      library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
-      ;;
-    esac
-    ;;
-
-  *)
-    library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib'
-    ;;
-  esac
-  dynamic_linker='Win32 ld.exe'
-  # FIXME: first we should search . and the directory the executable is in
-  shlibpath_var=PATH
-  ;;
-
-darwin* | rhapsody*)
-  dynamic_linker="$host_os dyld"
-  version_type=darwin
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext ${libname}${release}${versuffix}$shared_ext'
-  soname_spec='${libname}${release}${major}$shared_ext'
-  shlibpath_overrides_runpath=yes
-  shlibpath_var=DYLD_LIBRARY_PATH
-  shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
-  # Apple's gcc prints 'gcc -print-search-dirs' doesn't operate the same.
-  if test "$GCC" = yes; then
-    sys_lib_search_path_spec=`$CC -print-search-dirs | tr "\n" "$PATH_SEPARATOR" | sed -e 's/libraries:/@libraries:/' | tr "@" "\n" | grep "^libraries:" | sed -e "s/^libraries://" -e "s,=/,/,g" -e "s,$PATH_SEPARATOR, ,g" -e "s,.*,& /lib /usr/lib /usr/local/lib,g"`
-  else
-    sys_lib_search_path_spec='/lib /usr/lib /usr/local/lib'
-  fi
-  sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
-  ;;
-
-dgux*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-freebsd1*)
-  dynamic_linker=no
-  ;;
-
-kfreebsd*-gnu)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  hardcode_into_libs=yes
-  dynamic_linker='GNU ld.so'
-  ;;
-
-freebsd* | dragonfly*)
-  # DragonFly does not have aout.  When/if they implement a new
-  # versioning mechanism, adjust this.
-  if test -x /usr/bin/objformat; then
-    objformat=`/usr/bin/objformat`
-  else
-    case $host_os in
-    freebsd[123]*) objformat=aout ;;
-    *) objformat=elf ;;
-    esac
-  fi
-  version_type=freebsd-$objformat
-  case $version_type in
-    freebsd-elf*)
-      library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
-      need_version=no
-      need_lib_prefix=no
-      ;;
-    freebsd-*)
-      library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix'
-      need_version=yes
-      ;;
-  esac
-  shlibpath_var=LD_LIBRARY_PATH
-  case $host_os in
-  freebsd2*)
-    shlibpath_overrides_runpath=yes
-    ;;
-  freebsd3.[01]* | freebsdelf3.[01]*)
-    shlibpath_overrides_runpath=yes
-    hardcode_into_libs=yes
-    ;;
-  freebsd3.[2-9]* | freebsdelf3.[2-9]* | \
-  freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1)
-    shlibpath_overrides_runpath=no
-    hardcode_into_libs=yes
-    ;;
-  freebsd*) # from 4.6 on
-    shlibpath_overrides_runpath=yes
-    hardcode_into_libs=yes
-    ;;
-  esac
-  ;;
-
-gnu*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  hardcode_into_libs=yes
-  ;;
-
-hpux9* | hpux10* | hpux11*)
-  # Give a soname corresponding to the major version so that dld.sl refuses to
-  # link against other versions.
-  version_type=sunos
-  need_lib_prefix=no
-  need_version=no
-  case $host_cpu in
-  ia64*)
-    shrext_cmds='.so'
-    hardcode_into_libs=yes
-    dynamic_linker="$host_os dld.so"
-    shlibpath_var=LD_LIBRARY_PATH
-    shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
-    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-    soname_spec='${libname}${release}${shared_ext}$major'
-    if test "X$HPUX_IA64_MODE" = X32; then
-      sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
-    else
-      sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
-    fi
-    sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
-    ;;
-   hppa*64*)
-     shrext_cmds='.sl'
-     hardcode_into_libs=yes
-     dynamic_linker="$host_os dld.sl"
-     shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
-     shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
-     library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-     soname_spec='${libname}${release}${shared_ext}$major'
-     sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
-     sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
-     ;;
-   *)
-    shrext_cmds='.sl'
-    dynamic_linker="$host_os dld.sl"
-    shlibpath_var=SHLIB_PATH
-    shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
-    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-    soname_spec='${libname}${release}${shared_ext}$major'
-    ;;
-  esac
-  # HP-UX runs *really* slowly unless shared libraries are mode 555.
-  postinstall_cmds='chmod 555 $lib'
-  ;;
-
-interix3*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  hardcode_into_libs=yes
-  ;;
-
-irix5* | irix6* | nonstopux*)
-  case $host_os in
-    nonstopux*) version_type=nonstopux ;;
-    *)
-	if test "$lt_cv_prog_gnu_ld" = yes; then
-		version_type=linux
-	else
-		version_type=irix
-	fi ;;
-  esac
-  need_lib_prefix=no
-  need_version=no
-  soname_spec='${libname}${release}${shared_ext}$major'
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}'
-  case $host_os in
-  irix5* | nonstopux*)
-    libsuff= shlibsuff=
-    ;;
-  *)
-    case $LD in # libtool.m4 will add one of these switches to LD
-    *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
-      libsuff= shlibsuff= libmagic=32-bit;;
-    *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
-      libsuff=32 shlibsuff=N32 libmagic=N32;;
-    *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
-      libsuff=64 shlibsuff=64 libmagic=64-bit;;
-    *) libsuff= shlibsuff= libmagic=never-match;;
-    esac
-    ;;
-  esac
-  shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
-  shlibpath_overrides_runpath=no
-  sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
-  sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
-  hardcode_into_libs=yes
-  ;;
-
-# No shared lib support for Linux oldld, aout, or coff.
-linux*oldld* | linux*aout* | linux*coff*)
-  dynamic_linker=no
-  ;;
-
-# This must be Linux ELF.
-linux*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  # This implies no fast_install, which is unacceptable.
-  # Some rework will be needed to allow for fast_install
-  # before this can be enabled.
-  hardcode_into_libs=yes
-
-  # Append ld.so.conf contents to the search path
-  if test -f /etc/ld.so.conf; then
-    lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
-    sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
-  fi
-
-  # We used to test for /lib/ld.so.1 and disable shared libraries on
-  # powerpc, because MkLinux only supported shared libraries with the
-  # GNU dynamic linker.  Since this was broken with cross compilers,
-  # most powerpc-linux boxes support dynamic linking these days and
-  # people can always --disable-shared, the test was removed, and we
-  # assume the GNU/Linux dynamic linker is in use.
-  dynamic_linker='GNU/Linux ld.so'
-  ;;
-
-knetbsd*-gnu)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  hardcode_into_libs=yes
-  dynamic_linker='GNU ld.so'
-  ;;
-
-netbsd*)
-  version_type=sunos
-  need_lib_prefix=no
-  need_version=no
-  if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
-    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
-    finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
-    dynamic_linker='NetBSD (a.out) ld.so'
-  else
-    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
-    soname_spec='${libname}${release}${shared_ext}$major'
-    dynamic_linker='NetBSD ld.elf_so'
-  fi
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  hardcode_into_libs=yes
-  ;;
-
-newsos6)
-  version_type=linux
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  ;;
-
-nto-qnx*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  ;;
-
-openbsd*)
-  version_type=sunos
-  sys_lib_dlsearch_path_spec="/usr/lib"
-  need_lib_prefix=no
-  # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs.
-  case $host_os in
-    openbsd3.3 | openbsd3.3.*) need_version=yes ;;
-    *)                         need_version=no  ;;
-  esac
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
-    case $host_os in
-      openbsd2.[89] | openbsd2.[89].*)
-	shlibpath_overrides_runpath=no
-	;;
-      *)
-	shlibpath_overrides_runpath=yes
-	;;
-      esac
-  else
-    shlibpath_overrides_runpath=yes
-  fi
-  ;;
-
-os2*)
-  libname_spec='$name'
-  shrext_cmds=".dll"
-  need_lib_prefix=no
-  library_names_spec='$libname${shared_ext} $libname.a'
-  dynamic_linker='OS/2 ld.exe'
-  shlibpath_var=LIBPATH
-  ;;
-
-osf3* | osf4* | osf5*)
-  version_type=osf
-  need_lib_prefix=no
-  need_version=no
-  soname_spec='${libname}${release}${shared_ext}$major'
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-  shlibpath_var=LD_LIBRARY_PATH
-  sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
-  sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
-  ;;
-
-solaris*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  hardcode_into_libs=yes
-  # ldd complains unless libraries are executable
-  postinstall_cmds='chmod +x $lib'
-  ;;
-
-sunos4*)
-  version_type=sunos
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
-  finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  if test "$with_gnu_ld" = yes; then
-    need_lib_prefix=no
-  fi
-  need_version=yes
-  ;;
-
-sysv4 | sysv4.3*)
-  version_type=linux
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  case $host_vendor in
-    sni)
-      shlibpath_overrides_runpath=no
-      need_lib_prefix=no
-      export_dynamic_flag_spec='${wl}-Blargedynsym'
-      runpath_var=LD_RUN_PATH
-      ;;
-    siemens)
-      need_lib_prefix=no
-      ;;
-    motorola)
-      need_lib_prefix=no
-      need_version=no
-      shlibpath_overrides_runpath=no
-      sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
-      ;;
-  esac
-  ;;
-
-sysv4*MP*)
-  if test -d /usr/nec ;then
-    version_type=linux
-    library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
-    soname_spec='$libname${shared_ext}.$major'
-    shlibpath_var=LD_LIBRARY_PATH
-  fi
-  ;;
-
-sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
-  version_type=freebsd-elf
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  hardcode_into_libs=yes
-  if test "$with_gnu_ld" = yes; then
-    sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
-    shlibpath_overrides_runpath=no
-  else
-    sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
-    shlibpath_overrides_runpath=yes
-    case $host_os in
-      sco3.2v5*)
-        sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
-	;;
-    esac
-  fi
-  sys_lib_dlsearch_path_spec='/usr/lib'
-  ;;
-
-uts4*)
-  version_type=linux
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-*)
-  dynamic_linker=no
-  ;;
-esac
-{ echo "$as_me:$LINENO: result: $dynamic_linker" >&5
-echo "${ECHO_T}$dynamic_linker" >&6; }
-test "$dynamic_linker" = no && can_build_shared=no
-
-variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
-if test "$GCC" = yes; then
-  variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
-fi
-
-{ echo "$as_me:$LINENO: checking how to hardcode library paths into programs" >&5
-echo $ECHO_N "checking how to hardcode library paths into programs... $ECHO_C" >&6; }
-hardcode_action=
-if test -n "$hardcode_libdir_flag_spec" || \
-   test -n "$runpath_var" || \
-   test "X$hardcode_automatic" = "Xyes" ; then
-
-  # We can hardcode non-existant directories.
-  if test "$hardcode_direct" != no &&
-     # If the only mechanism to avoid hardcoding is shlibpath_var, we
-     # have to relink, otherwise we might link with an installed library
-     # when we should be linking with a yet-to-be-installed one
-     ## test "$_LT_AC_TAGVAR(hardcode_shlibpath_var, )" != no &&
-     test "$hardcode_minus_L" != no; then
-    # Linking always hardcodes the temporary library directory.
-    hardcode_action=relink
-  else
-    # We can link without hardcoding, and we can hardcode nonexisting dirs.
-    hardcode_action=immediate
-  fi
-else
-  # We cannot hardcode anything, or else we can only hardcode existing
-  # directories.
-  hardcode_action=unsupported
-fi
-{ echo "$as_me:$LINENO: result: $hardcode_action" >&5
-echo "${ECHO_T}$hardcode_action" >&6; }
-
-if test "$hardcode_action" = relink; then
-  # Fast installation is not supported
-  enable_fast_install=no
-elif test "$shlibpath_overrides_runpath" = yes ||
-     test "$enable_shared" = no; then
-  # Fast installation is not necessary
-  enable_fast_install=needless
-fi
-
-striplib=
-old_striplib=
-{ echo "$as_me:$LINENO: checking whether stripping libraries is possible" >&5
-echo $ECHO_N "checking whether stripping libraries is possible... $ECHO_C" >&6; }
-if test -n "$STRIP" && $STRIP -V 2>&1 | grep "GNU strip" >/dev/null; then
-  test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
-  test -z "$striplib" && striplib="$STRIP --strip-unneeded"
-  { echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-else
-# FIXME - insert some real tests, host_os isn't really good enough
-  case $host_os in
-   darwin*)
-       if test -n "$STRIP" ; then
-         striplib="$STRIP -x"
-         { echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-       else
-  { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-       ;;
-   *)
-  { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-    ;;
-  esac
-fi
-
-if test "x$enable_dlopen" != xyes; then
-  enable_dlopen=unknown
-  enable_dlopen_self=unknown
-  enable_dlopen_self_static=unknown
-else
-  lt_cv_dlopen=no
-  lt_cv_dlopen_libs=
-
-  case $host_os in
-  beos*)
-    lt_cv_dlopen="load_add_on"
-    lt_cv_dlopen_libs=
-    lt_cv_dlopen_self=yes
-    ;;
-
-  mingw* | pw32*)
-    lt_cv_dlopen="LoadLibrary"
-    lt_cv_dlopen_libs=
-   ;;
-
-  cygwin*)
-    lt_cv_dlopen="dlopen"
-    lt_cv_dlopen_libs=
-   ;;
-
-  darwin*)
-  # if libdl is installed we need to link against it
-    { echo "$as_me:$LINENO: checking for dlopen in -ldl" >&5
-echo $ECHO_N "checking for dlopen in -ldl... $ECHO_C" >&6; }
-if test "${ac_cv_lib_dl_dlopen+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldl  $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char dlopen ();
-int
-main ()
-{
-return dlopen ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_lib_dl_dlopen=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_lib_dl_dlopen=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_lib_dl_dlopen" >&5
-echo "${ECHO_T}$ac_cv_lib_dl_dlopen" >&6; }
-if test $ac_cv_lib_dl_dlopen = yes; then
-  lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"
-else
-
-    lt_cv_dlopen="dyld"
-    lt_cv_dlopen_libs=
-    lt_cv_dlopen_self=yes
-
-fi
-
-   ;;
-
-  *)
-    { echo "$as_me:$LINENO: checking for shl_load" >&5
-echo $ECHO_N "checking for shl_load... $ECHO_C" >&6; }
-if test "${ac_cv_func_shl_load+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define shl_load to an innocuous variant, in case <limits.h> declares shl_load.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define shl_load innocuous_shl_load
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char shl_load (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef shl_load
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char shl_load ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_shl_load || defined __stub___shl_load
-choke me
-#endif
-
-int
-main ()
-{
-return shl_load ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_shl_load=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_shl_load=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_shl_load" >&5
-echo "${ECHO_T}$ac_cv_func_shl_load" >&6; }
-if test $ac_cv_func_shl_load = yes; then
-  lt_cv_dlopen="shl_load"
-else
-  { echo "$as_me:$LINENO: checking for shl_load in -ldld" >&5
-echo $ECHO_N "checking for shl_load in -ldld... $ECHO_C" >&6; }
-if test "${ac_cv_lib_dld_shl_load+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldld  $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char shl_load ();
-int
-main ()
-{
-return shl_load ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_lib_dld_shl_load=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_lib_dld_shl_load=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_lib_dld_shl_load" >&5
-echo "${ECHO_T}$ac_cv_lib_dld_shl_load" >&6; }
-if test $ac_cv_lib_dld_shl_load = yes; then
-  lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-dld"
-else
-  { echo "$as_me:$LINENO: checking for dlopen" >&5
-echo $ECHO_N "checking for dlopen... $ECHO_C" >&6; }
-if test "${ac_cv_func_dlopen+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define dlopen to an innocuous variant, in case <limits.h> declares dlopen.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define dlopen innocuous_dlopen
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char dlopen (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef dlopen
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char dlopen ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_dlopen || defined __stub___dlopen
-choke me
-#endif
-
-int
-main ()
-{
-return dlopen ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_dlopen=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_dlopen=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_dlopen" >&5
-echo "${ECHO_T}$ac_cv_func_dlopen" >&6; }
-if test $ac_cv_func_dlopen = yes; then
-  lt_cv_dlopen="dlopen"
-else
-  { echo "$as_me:$LINENO: checking for dlopen in -ldl" >&5
-echo $ECHO_N "checking for dlopen in -ldl... $ECHO_C" >&6; }
-if test "${ac_cv_lib_dl_dlopen+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldl  $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char dlopen ();
-int
-main ()
-{
-return dlopen ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_lib_dl_dlopen=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_lib_dl_dlopen=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_lib_dl_dlopen" >&5
-echo "${ECHO_T}$ac_cv_lib_dl_dlopen" >&6; }
-if test $ac_cv_lib_dl_dlopen = yes; then
-  lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"
-else
-  { echo "$as_me:$LINENO: checking for dlopen in -lsvld" >&5
-echo $ECHO_N "checking for dlopen in -lsvld... $ECHO_C" >&6; }
-if test "${ac_cv_lib_svld_dlopen+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lsvld  $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char dlopen ();
-int
-main ()
-{
-return dlopen ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_lib_svld_dlopen=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_lib_svld_dlopen=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_lib_svld_dlopen" >&5
-echo "${ECHO_T}$ac_cv_lib_svld_dlopen" >&6; }
-if test $ac_cv_lib_svld_dlopen = yes; then
-  lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"
-else
-  { echo "$as_me:$LINENO: checking for dld_link in -ldld" >&5
-echo $ECHO_N "checking for dld_link in -ldld... $ECHO_C" >&6; }
-if test "${ac_cv_lib_dld_dld_link+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldld  $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char dld_link ();
-int
-main ()
-{
-return dld_link ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_lib_dld_dld_link=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_lib_dld_dld_link=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_lib_dld_dld_link" >&5
-echo "${ECHO_T}$ac_cv_lib_dld_dld_link" >&6; }
-if test $ac_cv_lib_dld_dld_link = yes; then
-  lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-dld"
-fi
-
-
-fi
-
-
-fi
-
-
-fi
-
-
-fi
-
-
-fi
-
-    ;;
-  esac
-
-  if test "x$lt_cv_dlopen" != xno; then
-    enable_dlopen=yes
-  else
-    enable_dlopen=no
-  fi
-
-  case $lt_cv_dlopen in
-  dlopen)
-    save_CPPFLAGS="$CPPFLAGS"
-    test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
-
-    save_LDFLAGS="$LDFLAGS"
-    wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
-
-    save_LIBS="$LIBS"
-    LIBS="$lt_cv_dlopen_libs $LIBS"
-
-    { echo "$as_me:$LINENO: checking whether a program can dlopen itself" >&5
-echo $ECHO_N "checking whether a program can dlopen itself... $ECHO_C" >&6; }
-if test "${lt_cv_dlopen_self+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  	  if test "$cross_compiling" = yes; then :
-  lt_cv_dlopen_self=cross
-else
-  lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
-  lt_status=$lt_dlunknown
-  cat > conftest.$ac_ext <<EOF
-#line 10752 "configure"
-#include "confdefs.h"
-
-#if HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-#include <stdio.h>
-
-#ifdef RTLD_GLOBAL
-#  define LT_DLGLOBAL		RTLD_GLOBAL
-#else
-#  ifdef DL_GLOBAL
-#    define LT_DLGLOBAL		DL_GLOBAL
-#  else
-#    define LT_DLGLOBAL		0
-#  endif
-#endif
-
-/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
-   find out it does not work in some platform. */
-#ifndef LT_DLLAZY_OR_NOW
-#  ifdef RTLD_LAZY
-#    define LT_DLLAZY_OR_NOW		RTLD_LAZY
-#  else
-#    ifdef DL_LAZY
-#      define LT_DLLAZY_OR_NOW		DL_LAZY
-#    else
-#      ifdef RTLD_NOW
-#        define LT_DLLAZY_OR_NOW	RTLD_NOW
-#      else
-#        ifdef DL_NOW
-#          define LT_DLLAZY_OR_NOW	DL_NOW
-#        else
-#          define LT_DLLAZY_OR_NOW	0
-#        endif
-#      endif
-#    endif
-#  endif
-#endif
-
-#ifdef __cplusplus
-extern "C" void exit (int);
-#endif
-
-void fnord() { int i=42;}
-int main ()
-{
-  void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
-  int status = $lt_dlunknown;
-
-  if (self)
-    {
-      if (dlsym (self,"fnord"))       status = $lt_dlno_uscore;
-      else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
-      /* dlclose (self); */
-    }
-  else
-    puts (dlerror ());
-
-    exit (status);
-}
-EOF
-  if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && test -s conftest${ac_exeext} 2>/dev/null; then
-    (./conftest; exit; ) >&5 2>/dev/null
-    lt_status=$?
-    case x$lt_status in
-      x$lt_dlno_uscore) lt_cv_dlopen_self=yes ;;
-      x$lt_dlneed_uscore) lt_cv_dlopen_self=yes ;;
-      x$lt_dlunknown|x*) lt_cv_dlopen_self=no ;;
-    esac
-  else :
-    # compilation failed
-    lt_cv_dlopen_self=no
-  fi
-fi
-rm -fr conftest*
-
-
-fi
-{ echo "$as_me:$LINENO: result: $lt_cv_dlopen_self" >&5
-echo "${ECHO_T}$lt_cv_dlopen_self" >&6; }
-
-    if test "x$lt_cv_dlopen_self" = xyes; then
-      wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\"
-      { echo "$as_me:$LINENO: checking whether a statically linked program can dlopen itself" >&5
-echo $ECHO_N "checking whether a statically linked program can dlopen itself... $ECHO_C" >&6; }
-if test "${lt_cv_dlopen_self_static+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  	  if test "$cross_compiling" = yes; then :
-  lt_cv_dlopen_self_static=cross
-else
-  lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
-  lt_status=$lt_dlunknown
-  cat > conftest.$ac_ext <<EOF
-#line 10852 "configure"
-#include "confdefs.h"
-
-#if HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-#include <stdio.h>
-
-#ifdef RTLD_GLOBAL
-#  define LT_DLGLOBAL		RTLD_GLOBAL
-#else
-#  ifdef DL_GLOBAL
-#    define LT_DLGLOBAL		DL_GLOBAL
-#  else
-#    define LT_DLGLOBAL		0
-#  endif
-#endif
-
-/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
-   find out it does not work in some platform. */
-#ifndef LT_DLLAZY_OR_NOW
-#  ifdef RTLD_LAZY
-#    define LT_DLLAZY_OR_NOW		RTLD_LAZY
-#  else
-#    ifdef DL_LAZY
-#      define LT_DLLAZY_OR_NOW		DL_LAZY
-#    else
-#      ifdef RTLD_NOW
-#        define LT_DLLAZY_OR_NOW	RTLD_NOW
-#      else
-#        ifdef DL_NOW
-#          define LT_DLLAZY_OR_NOW	DL_NOW
-#        else
-#          define LT_DLLAZY_OR_NOW	0
-#        endif
-#      endif
-#    endif
-#  endif
-#endif
-
-#ifdef __cplusplus
-extern "C" void exit (int);
-#endif
-
-void fnord() { int i=42;}
-int main ()
-{
-  void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
-  int status = $lt_dlunknown;
-
-  if (self)
-    {
-      if (dlsym (self,"fnord"))       status = $lt_dlno_uscore;
-      else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
-      /* dlclose (self); */
-    }
-  else
-    puts (dlerror ());
-
-    exit (status);
-}
-EOF
-  if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && test -s conftest${ac_exeext} 2>/dev/null; then
-    (./conftest; exit; ) >&5 2>/dev/null
-    lt_status=$?
-    case x$lt_status in
-      x$lt_dlno_uscore) lt_cv_dlopen_self_static=yes ;;
-      x$lt_dlneed_uscore) lt_cv_dlopen_self_static=yes ;;
-      x$lt_dlunknown|x*) lt_cv_dlopen_self_static=no ;;
-    esac
-  else :
-    # compilation failed
-    lt_cv_dlopen_self_static=no
-  fi
-fi
-rm -fr conftest*
-
-
-fi
-{ echo "$as_me:$LINENO: result: $lt_cv_dlopen_self_static" >&5
-echo "${ECHO_T}$lt_cv_dlopen_self_static" >&6; }
-    fi
-
-    CPPFLAGS="$save_CPPFLAGS"
-    LDFLAGS="$save_LDFLAGS"
-    LIBS="$save_LIBS"
-    ;;
-  esac
-
-  case $lt_cv_dlopen_self in
-  yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
-  *) enable_dlopen_self=unknown ;;
-  esac
-
-  case $lt_cv_dlopen_self_static in
-  yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
-  *) enable_dlopen_self_static=unknown ;;
-  esac
-fi
-
-
-# Report which library types will actually be built
-{ echo "$as_me:$LINENO: checking if libtool supports shared libraries" >&5
-echo $ECHO_N "checking if libtool supports shared libraries... $ECHO_C" >&6; }
-{ echo "$as_me:$LINENO: result: $can_build_shared" >&5
-echo "${ECHO_T}$can_build_shared" >&6; }
-
-{ echo "$as_me:$LINENO: checking whether to build shared libraries" >&5
-echo $ECHO_N "checking whether to build shared libraries... $ECHO_C" >&6; }
-test "$can_build_shared" = "no" && enable_shared=no
-
-# On AIX, shared libraries and static libraries use the same namespace, and
-# are all built from PIC.
-case $host_os in
-aix3*)
-  test "$enable_shared" = yes && enable_static=no
-  if test -n "$RANLIB"; then
-    archive_cmds="$archive_cmds~\$RANLIB \$lib"
-    postinstall_cmds='$RANLIB $lib'
-  fi
-  ;;
-
-aix4* | aix5*)
-  if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
-    test "$enable_shared" = yes && enable_static=no
-  fi
-    ;;
-esac
-{ echo "$as_me:$LINENO: result: $enable_shared" >&5
-echo "${ECHO_T}$enable_shared" >&6; }
-
-{ echo "$as_me:$LINENO: checking whether to build static libraries" >&5
-echo $ECHO_N "checking whether to build static libraries... $ECHO_C" >&6; }
-# Make sure either enable_shared or enable_static is yes.
-test "$enable_shared" = yes || enable_static=yes
-{ echo "$as_me:$LINENO: result: $enable_static" >&5
-echo "${ECHO_T}$enable_static" >&6; }
-
-# The else clause should only fire when bootstrapping the
-# libtool distribution, otherwise you forgot to ship ltmain.sh
-# with your package, and you will get complaints that there are
-# no rules to generate ltmain.sh.
-if test -f "$ltmain"; then
-  # See if we are running on zsh, and set the options which allow our commands through
-  # without removal of \ escapes.
-  if test -n "${ZSH_VERSION+set}" ; then
-    setopt NO_GLOB_SUBST
-  fi
-  # Now quote all the things that may contain metacharacters while being
-  # careful not to overquote the AC_SUBSTed values.  We take copies of the
-  # variables and quote the copies for generation of the libtool script.
-  for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC LTCFLAGS NM \
-    SED SHELL STRIP \
-    libname_spec library_names_spec soname_spec extract_expsyms_cmds \
-    old_striplib striplib file_magic_cmd finish_cmds finish_eval \
-    deplibs_check_method reload_flag reload_cmds need_locks \
-    lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl \
-    lt_cv_sys_global_symbol_to_c_name_address \
-    sys_lib_search_path_spec sys_lib_dlsearch_path_spec \
-    old_postinstall_cmds old_postuninstall_cmds \
-    compiler \
-    CC \
-    LD \
-    lt_prog_compiler_wl \
-    lt_prog_compiler_pic \
-    lt_prog_compiler_static \
-    lt_prog_compiler_no_builtin_flag \
-    export_dynamic_flag_spec \
-    thread_safe_flag_spec \
-    whole_archive_flag_spec \
-    enable_shared_with_static_runtimes \
-    old_archive_cmds \
-    old_archive_from_new_cmds \
-    predep_objects \
-    postdep_objects \
-    predeps \
-    postdeps \
-    compiler_lib_search_path \
-    archive_cmds \
-    archive_expsym_cmds \
-    postinstall_cmds \
-    postuninstall_cmds \
-    old_archive_from_expsyms_cmds \
-    allow_undefined_flag \
-    no_undefined_flag \
-    export_symbols_cmds \
-    hardcode_libdir_flag_spec \
-    hardcode_libdir_flag_spec_ld \
-    hardcode_libdir_separator \
-    hardcode_automatic \
-    module_cmds \
-    module_expsym_cmds \
-    lt_cv_prog_compiler_c_o \
-    exclude_expsyms \
-    include_expsyms; do
-
-    case $var in
-    old_archive_cmds | \
-    old_archive_from_new_cmds | \
-    archive_cmds | \
-    archive_expsym_cmds | \
-    module_cmds | \
-    module_expsym_cmds | \
-    old_archive_from_expsyms_cmds | \
-    export_symbols_cmds | \
-    extract_expsyms_cmds | reload_cmds | finish_cmds | \
-    postinstall_cmds | postuninstall_cmds | \
-    old_postinstall_cmds | old_postuninstall_cmds | \
-    sys_lib_search_path_spec | sys_lib_dlsearch_path_spec)
-      # Double-quote double-evaled strings.
-      eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\""
-      ;;
-    *)
-      eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\""
-      ;;
-    esac
-  done
-
-  case $lt_echo in
-  *'\$0 --fallback-echo"')
-    lt_echo=`$echo "X$lt_echo" | $Xsed -e 's/\\\\\\\$0 --fallback-echo"$/$0 --fallback-echo"/'`
-    ;;
-  esac
-
-cfgfile="${ofile}T"
-  trap "$rm \"$cfgfile\"; exit 1" 1 2 15
-  $rm -f "$cfgfile"
-  { echo "$as_me:$LINENO: creating $ofile" >&5
-echo "$as_me: creating $ofile" >&6;}
-
-  cat <<__EOF__ >> "$cfgfile"
-#! $SHELL
-
-# `$echo "$cfgfile" | sed 's%^.*/%%'` - Provide generalized library-building support services.
-# Generated automatically by $PROGRAM (GNU $PACKAGE $VERSION$TIMESTAMP)
-# NOTE: Changes made to this file will be lost: look at ltmain.sh.
-#
-# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001
-# Free Software Foundation, Inc.
-#
-# This file is part of GNU Libtool:
-# Originally by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-#
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-# A sed program that does not truncate output.
-SED=$lt_SED
-
-# Sed that helps us avoid accidentally triggering echo(1) options like -n.
-Xsed="$SED -e 1s/^X//"
-
-# The HP-UX ksh and POSIX shell print the target directory to stdout
-# if CDPATH is set.
-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
-
-# The names of the tagged configurations supported by this script.
-available_tags=
-
-# ### BEGIN LIBTOOL CONFIG
-
-# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
-
-# Shell to use when invoking shell scripts.
-SHELL=$lt_SHELL
-
-# Whether or not to build shared libraries.
-build_libtool_libs=$enable_shared
-
-# Whether or not to build static libraries.
-build_old_libs=$enable_static
-
-# Whether or not to add -lc for building shared libraries.
-build_libtool_need_lc=$archive_cmds_need_lc
-
-# Whether or not to disallow shared libs when runtime libs are static
-allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes
-
-# Whether or not to optimize for fast installation.
-fast_install=$enable_fast_install
-
-# The host system.
-host_alias=$host_alias
-host=$host
-host_os=$host_os
-
-# The build system.
-build_alias=$build_alias
-build=$build
-build_os=$build_os
-
-# An echo program that does not interpret backslashes.
-echo=$lt_echo
-
-# The archiver.
-AR=$lt_AR
-AR_FLAGS=$lt_AR_FLAGS
-
-# A C compiler.
-LTCC=$lt_LTCC
-
-# LTCC compiler flags.
-LTCFLAGS=$lt_LTCFLAGS
-
-# A language-specific compiler.
-CC=$lt_compiler
-
-# Is the compiler the GNU C compiler?
-with_gcc=$GCC
-
-# An ERE matcher.
-EGREP=$lt_EGREP
-
-# The linker used to build libraries.
-LD=$lt_LD
-
-# Whether we need hard or soft links.
-LN_S=$lt_LN_S
-
-# A BSD-compatible nm program.
-NM=$lt_NM
-
-# A symbol stripping program
-STRIP=$lt_STRIP
-
-# Used to examine libraries when file_magic_cmd begins "file"
-MAGIC_CMD=$MAGIC_CMD
-
-# Used on cygwin: DLL creation program.
-DLLTOOL="$DLLTOOL"
-
-# Used on cygwin: object dumper.
-OBJDUMP="$OBJDUMP"
-
-# Used on cygwin: assembler.
-AS="$AS"
-
-# The name of the directory that contains temporary libtool files.
-objdir=$objdir
-
-# How to create reloadable object files.
-reload_flag=$lt_reload_flag
-reload_cmds=$lt_reload_cmds
-
-# How to pass a linker flag through the compiler.
-wl=$lt_lt_prog_compiler_wl
-
-# Object file suffix (normally "o").
-objext="$ac_objext"
-
-# Old archive suffix (normally "a").
-libext="$libext"
-
-# Shared library suffix (normally ".so").
-shrext_cmds='$shrext_cmds'
-
-# Executable file suffix (normally "").
-exeext="$exeext"
-
-# Additional compiler flags for building library objects.
-pic_flag=$lt_lt_prog_compiler_pic
-pic_mode=$pic_mode
-
-# What is the maximum length of a command?
-max_cmd_len=$lt_cv_sys_max_cmd_len
-
-# Does compiler simultaneously support -c and -o options?
-compiler_c_o=$lt_lt_cv_prog_compiler_c_o
-
-# Must we lock files when doing compilation?
-need_locks=$lt_need_locks
-
-# Do we need the lib prefix for modules?
-need_lib_prefix=$need_lib_prefix
-
-# Do we need a version for libraries?
-need_version=$need_version
-
-# Whether dlopen is supported.
-dlopen_support=$enable_dlopen
-
-# Whether dlopen of programs is supported.
-dlopen_self=$enable_dlopen_self
-
-# Whether dlopen of statically linked programs is supported.
-dlopen_self_static=$enable_dlopen_self_static
-
-# Compiler flag to prevent dynamic linking.
-link_static_flag=$lt_lt_prog_compiler_static
-
-# Compiler flag to turn off builtin functions.
-no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag
-
-# Compiler flag to allow reflexive dlopens.
-export_dynamic_flag_spec=$lt_export_dynamic_flag_spec
-
-# Compiler flag to generate shared objects directly from archives.
-whole_archive_flag_spec=$lt_whole_archive_flag_spec
-
-# Compiler flag to generate thread-safe objects.
-thread_safe_flag_spec=$lt_thread_safe_flag_spec
-
-# Library versioning type.
-version_type=$version_type
-
-# Format of library name prefix.
-libname_spec=$lt_libname_spec
-
-# List of archive names.  First name is the real one, the rest are links.
-# The last name is the one that the linker finds with -lNAME.
-library_names_spec=$lt_library_names_spec
-
-# The coded name of the library, if different from the real name.
-soname_spec=$lt_soname_spec
-
-# Commands used to build and install an old-style archive.
-RANLIB=$lt_RANLIB
-old_archive_cmds=$lt_old_archive_cmds
-old_postinstall_cmds=$lt_old_postinstall_cmds
-old_postuninstall_cmds=$lt_old_postuninstall_cmds
-
-# Create an old-style archive from a shared archive.
-old_archive_from_new_cmds=$lt_old_archive_from_new_cmds
-
-# Create a temporary old-style archive to link instead of a shared archive.
-old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds
-
-# Commands used to build and install a shared archive.
-archive_cmds=$lt_archive_cmds
-archive_expsym_cmds=$lt_archive_expsym_cmds
-postinstall_cmds=$lt_postinstall_cmds
-postuninstall_cmds=$lt_postuninstall_cmds
-
-# Commands used to build a loadable module (assumed same as above if empty)
-module_cmds=$lt_module_cmds
-module_expsym_cmds=$lt_module_expsym_cmds
-
-# Commands to strip libraries.
-old_striplib=$lt_old_striplib
-striplib=$lt_striplib
-
-# Dependencies to place before the objects being linked to create a
-# shared library.
-predep_objects=$lt_predep_objects
-
-# Dependencies to place after the objects being linked to create a
-# shared library.
-postdep_objects=$lt_postdep_objects
-
-# Dependencies to place before the objects being linked to create a
-# shared library.
-predeps=$lt_predeps
-
-# Dependencies to place after the objects being linked to create a
-# shared library.
-postdeps=$lt_postdeps
-
-# The library search path used internally by the compiler when linking
-# a shared library.
-compiler_lib_search_path=$lt_compiler_lib_search_path
-
-# Method to check whether dependent libraries are shared objects.
-deplibs_check_method=$lt_deplibs_check_method
-
-# Command to use when deplibs_check_method == file_magic.
-file_magic_cmd=$lt_file_magic_cmd
-
-# Flag that allows shared libraries with undefined symbols to be built.
-allow_undefined_flag=$lt_allow_undefined_flag
-
-# Flag that forces no undefined symbols.
-no_undefined_flag=$lt_no_undefined_flag
-
-# Commands used to finish a libtool library installation in a directory.
-finish_cmds=$lt_finish_cmds
-
-# Same as above, but a single script fragment to be evaled but not shown.
-finish_eval=$lt_finish_eval
-
-# Take the output of nm and produce a listing of raw symbols and C names.
-global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe
-
-# Transform the output of nm in a proper C declaration
-global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl
-
-# Transform the output of nm in a C name address pair
-global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address
-
-# This is the shared library runtime path variable.
-runpath_var=$runpath_var
-
-# This is the shared library path variable.
-shlibpath_var=$shlibpath_var
-
-# Is shlibpath searched before the hard-coded library search path?
-shlibpath_overrides_runpath=$shlibpath_overrides_runpath
-
-# How to hardcode a shared library path into an executable.
-hardcode_action=$hardcode_action
-
-# Whether we should hardcode library paths into libraries.
-hardcode_into_libs=$hardcode_into_libs
-
-# Flag to hardcode \$libdir into a binary during linking.
-# This must work even if \$libdir does not exist.
-hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec
-
-# If ld is used when linking, flag to hardcode \$libdir into
-# a binary during linking. This must work even if \$libdir does
-# not exist.
-hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld
-
-# Whether we need a single -rpath flag with a separated argument.
-hardcode_libdir_separator=$lt_hardcode_libdir_separator
-
-# Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the
-# resulting binary.
-hardcode_direct=$hardcode_direct
-
-# Set to yes if using the -LDIR flag during linking hardcodes DIR into the
-# resulting binary.
-hardcode_minus_L=$hardcode_minus_L
-
-# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into
-# the resulting binary.
-hardcode_shlibpath_var=$hardcode_shlibpath_var
-
-# Set to yes if building a shared library automatically hardcodes DIR into the library
-# and all subsequent libraries and executables linked against it.
-hardcode_automatic=$hardcode_automatic
-
-# Variables whose values should be saved in libtool wrapper scripts and
-# restored at relink time.
-variables_saved_for_relink="$variables_saved_for_relink"
-
-# Whether libtool must link a program against all its dependency libraries.
-link_all_deplibs=$link_all_deplibs
-
-# Compile-time system search path for libraries
-sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
-
-# Run-time system search path for libraries
-sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
-
-# Fix the shell variable \$srcfile for the compiler.
-fix_srcfile_path="$fix_srcfile_path"
-
-# Set to yes if exported symbols are required.
-always_export_symbols=$always_export_symbols
-
-# The commands to list exported symbols.
-export_symbols_cmds=$lt_export_symbols_cmds
-
-# The commands to extract the exported symbol list from a shared archive.
-extract_expsyms_cmds=$lt_extract_expsyms_cmds
-
-# Symbols that should not be listed in the preloaded symbols.
-exclude_expsyms=$lt_exclude_expsyms
-
-# Symbols that must always be exported.
-include_expsyms=$lt_include_expsyms
-
-# ### END LIBTOOL CONFIG
-
-__EOF__
-
-
-  case $host_os in
-  aix3*)
-    cat <<\EOF >> "$cfgfile"
-
-# AIX sometimes has problems with the GCC collect2 program.  For some
-# reason, if we set the COLLECT_NAMES environment variable, the problems
-# vanish in a puff of smoke.
-if test "X${COLLECT_NAMES+set}" != Xset; then
-  COLLECT_NAMES=
-  export COLLECT_NAMES
-fi
-EOF
-    ;;
-  esac
-
-  # We use sed instead of cat because bash on DJGPP gets confused if
-  # if finds mixed CR/LF and LF-only lines.  Since sed operates in
-  # text mode, it properly converts lines to CR/LF.  This bash problem
-  # is reportedly fixed, but why not run on old versions too?
-  sed '$q' "$ltmain" >> "$cfgfile" || (rm -f "$cfgfile"; exit 1)
-
-  mv -f "$cfgfile" "$ofile" || \
-    (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile")
-  chmod +x "$ofile"
-
-else
-  # If there is no Makefile yet, we rely on a make rule to execute
-  # `config.status --recheck' to rerun these tests and create the
-  # libtool script then.
-  ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'`
-  if test -f "$ltmain_in"; then
-    test -f Makefile && make "$ltmain"
-  fi
-fi
-
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-CC="$lt_save_CC"
-
-
-# Check whether --with-tags was given.
-if test "${with_tags+set}" = set; then
-  withval=$with_tags; tagnames="$withval"
-fi
-
-
-if test -f "$ltmain" && test -n "$tagnames"; then
-  if test ! -f "${ofile}"; then
-    { echo "$as_me:$LINENO: WARNING: output file \`$ofile' does not exist" >&5
-echo "$as_me: WARNING: output file \`$ofile' does not exist" >&2;}
-  fi
-
-  if test -z "$LTCC"; then
-    eval "`$SHELL ${ofile} --config | grep '^LTCC='`"
-    if test -z "$LTCC"; then
-      { echo "$as_me:$LINENO: WARNING: output file \`$ofile' does not look like a libtool script" >&5
-echo "$as_me: WARNING: output file \`$ofile' does not look like a libtool script" >&2;}
-    else
-      { echo "$as_me:$LINENO: WARNING: using \`LTCC=$LTCC', extracted from \`$ofile'" >&5
-echo "$as_me: WARNING: using \`LTCC=$LTCC', extracted from \`$ofile'" >&2;}
-    fi
-  fi
-  if test -z "$LTCFLAGS"; then
-    eval "`$SHELL ${ofile} --config | grep '^LTCFLAGS='`"
-  fi
-
-  # Extract list of available tagged configurations in $ofile.
-  # Note that this assumes the entire list is on one line.
-  available_tags=`grep "^available_tags=" "${ofile}" | $SED -e 's/available_tags=\(.*$\)/\1/' -e 's/\"//g'`
-
-  lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
-  for tagname in $tagnames; do
-    IFS="$lt_save_ifs"
-    # Check whether tagname contains only valid characters
-    case `$echo "X$tagname" | $Xsed -e 's:[-_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890,/]::g'` in
-    "") ;;
-    *)  { { echo "$as_me:$LINENO: error: invalid tag name: $tagname" >&5
-echo "$as_me: error: invalid tag name: $tagname" >&2;}
-   { (exit 1); exit 1; }; }
-	;;
-    esac
-
-    if grep "^# ### BEGIN LIBTOOL TAG CONFIG: $tagname$" < "${ofile}" > /dev/null
-    then
-      { { echo "$as_me:$LINENO: error: tag name \"$tagname\" already exists" >&5
-echo "$as_me: error: tag name \"$tagname\" already exists" >&2;}
-   { (exit 1); exit 1; }; }
-    fi
-
-    # Update the list of available tags.
-    if test -n "$tagname"; then
-      echo appending configuration tag \"$tagname\" to $ofile
-
-      case $tagname in
-      CXX)
-	if test -n "$CXX" && ( test "X$CXX" != "Xno" &&
-	    ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) ||
-	    (test "X$CXX" != "Xg++"))) ; then
-	  ac_ext=cpp
-ac_cpp='$CXXCPP $CPPFLAGS'
-ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
-
-
-
-
-archive_cmds_need_lc_CXX=no
-allow_undefined_flag_CXX=
-always_export_symbols_CXX=no
-archive_expsym_cmds_CXX=
-export_dynamic_flag_spec_CXX=
-hardcode_direct_CXX=no
-hardcode_libdir_flag_spec_CXX=
-hardcode_libdir_flag_spec_ld_CXX=
-hardcode_libdir_separator_CXX=
-hardcode_minus_L_CXX=no
-hardcode_shlibpath_var_CXX=unsupported
-hardcode_automatic_CXX=no
-module_cmds_CXX=
-module_expsym_cmds_CXX=
-link_all_deplibs_CXX=unknown
-old_archive_cmds_CXX=$old_archive_cmds
-no_undefined_flag_CXX=
-whole_archive_flag_spec_CXX=
-enable_shared_with_static_runtimes_CXX=no
-
-# Dependencies to place before and after the object being linked:
-predep_objects_CXX=
-postdep_objects_CXX=
-predeps_CXX=
-postdeps_CXX=
-compiler_lib_search_path_CXX=
-
-# Source file extension for C++ test sources.
-ac_ext=cpp
-
-# Object file extension for compiled C++ test sources.
-objext=o
-objext_CXX=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code="int some_variable = 0;\n"
-
-# Code to be used in simple link tests
-lt_simple_link_test_code='int main(int, char *[]) { return(0); }\n'
-
-# ltmain only uses $CC for tagged configurations so make sure $CC is set.
-
-# If no C compiler was specified, use CC.
-LTCC=${LTCC-"$CC"}
-
-# If no C compiler flags were specified, use CFLAGS.
-LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
-
-# Allow CC to be a program name with arguments.
-compiler=$CC
-
-
-# save warnings/boilerplate of simple test code
-ac_outfile=conftest.$ac_objext
-printf "$lt_simple_compile_test_code" >conftest.$ac_ext
-eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_compiler_boilerplate=`cat conftest.err`
-$rm conftest*
-
-ac_outfile=conftest.$ac_objext
-printf "$lt_simple_link_test_code" >conftest.$ac_ext
-eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_linker_boilerplate=`cat conftest.err`
-$rm conftest*
-
-
-# Allow CC to be a program name with arguments.
-lt_save_CC=$CC
-lt_save_LD=$LD
-lt_save_GCC=$GCC
-GCC=$GXX
-lt_save_with_gnu_ld=$with_gnu_ld
-lt_save_path_LD=$lt_cv_path_LD
-if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then
-  lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx
-else
-  $as_unset lt_cv_prog_gnu_ld
-fi
-if test -n "${lt_cv_path_LDCXX+set}"; then
-  lt_cv_path_LD=$lt_cv_path_LDCXX
-else
-  $as_unset lt_cv_path_LD
-fi
-test -z "${LDCXX+set}" || LD=$LDCXX
-CC=${CXX-"c++"}
-compiler=$CC
-compiler_CXX=$CC
-for cc_temp in $compiler""; do
-  case $cc_temp in
-    compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
-    distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
-    \-*) ;;
-    *) break;;
-  esac
-done
-cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
-
-
-# We don't want -fno-exception wen compiling C++ code, so set the
-# no_builtin_flag separately
-if test "$GXX" = yes; then
-  lt_prog_compiler_no_builtin_flag_CXX=' -fno-builtin'
-else
-  lt_prog_compiler_no_builtin_flag_CXX=
-fi
-
-if test "$GXX" = yes; then
-  # Set up default GNU C++ configuration
-
-
-# Check whether --with-gnu-ld was given.
-if test "${with_gnu_ld+set}" = set; then
-  withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes
-else
-  with_gnu_ld=no
-fi
-
-ac_prog=ld
-if test "$GCC" = yes; then
-  # Check if gcc -print-prog-name=ld gives a path.
-  { echo "$as_me:$LINENO: checking for ld used by $CC" >&5
-echo $ECHO_N "checking for ld used by $CC... $ECHO_C" >&6; }
-  case $host in
-  *-*-mingw*)
-    # gcc leaves a trailing carriage return which upsets mingw
-    ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
-  *)
-    ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
-  esac
-  case $ac_prog in
-    # Accept absolute paths.
-    [\\/]* | ?:[\\/]*)
-      re_direlt='/[^/][^/]*/\.\./'
-      # Canonicalize the pathname of ld
-      ac_prog=`echo $ac_prog| $SED 's%\\\\%/%g'`
-      while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do
-	ac_prog=`echo $ac_prog| $SED "s%$re_direlt%/%"`
-      done
-      test -z "$LD" && LD="$ac_prog"
-      ;;
-  "")
-    # If it fails, then pretend we aren't using GCC.
-    ac_prog=ld
-    ;;
-  *)
-    # If it is relative, then search for the first ld in PATH.
-    with_gnu_ld=unknown
-    ;;
-  esac
-elif test "$with_gnu_ld" = yes; then
-  { echo "$as_me:$LINENO: checking for GNU ld" >&5
-echo $ECHO_N "checking for GNU ld... $ECHO_C" >&6; }
-else
-  { echo "$as_me:$LINENO: checking for non-GNU ld" >&5
-echo $ECHO_N "checking for non-GNU ld... $ECHO_C" >&6; }
-fi
-if test "${lt_cv_path_LD+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -z "$LD"; then
-  lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
-  for ac_dir in $PATH; do
-    IFS="$lt_save_ifs"
-    test -z "$ac_dir" && ac_dir=.
-    if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
-      lt_cv_path_LD="$ac_dir/$ac_prog"
-      # Check to see if the program is GNU ld.  I'd rather use --version,
-      # but apparently some variants of GNU ld only accept -v.
-      # Break only if it was the GNU/non-GNU ld that we prefer.
-      case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
-      *GNU* | *'with BFD'*)
-	test "$with_gnu_ld" != no && break
-	;;
-      *)
-	test "$with_gnu_ld" != yes && break
-	;;
-      esac
-    fi
-  done
-  IFS="$lt_save_ifs"
-else
-  lt_cv_path_LD="$LD" # Let the user override the test with a path.
-fi
-fi
-
-LD="$lt_cv_path_LD"
-if test -n "$LD"; then
-  { echo "$as_me:$LINENO: result: $LD" >&5
-echo "${ECHO_T}$LD" >&6; }
-else
-  { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-test -z "$LD" && { { echo "$as_me:$LINENO: error: no acceptable ld found in \$PATH" >&5
-echo "$as_me: error: no acceptable ld found in \$PATH" >&2;}
-   { (exit 1); exit 1; }; }
-{ echo "$as_me:$LINENO: checking if the linker ($LD) is GNU ld" >&5
-echo $ECHO_N "checking if the linker ($LD) is GNU ld... $ECHO_C" >&6; }
-if test "${lt_cv_prog_gnu_ld+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  # I'd rather use --version here, but apparently some GNU lds only accept -v.
-case `$LD -v 2>&1 </dev/null` in
-*GNU* | *'with BFD'*)
-  lt_cv_prog_gnu_ld=yes
-  ;;
-*)
-  lt_cv_prog_gnu_ld=no
-  ;;
-esac
-fi
-{ echo "$as_me:$LINENO: result: $lt_cv_prog_gnu_ld" >&5
-echo "${ECHO_T}$lt_cv_prog_gnu_ld" >&6; }
-with_gnu_ld=$lt_cv_prog_gnu_ld
-
-
-
-  # Check if GNU C++ uses GNU ld as the underlying linker, since the
-  # archiving commands below assume that GNU ld is being used.
-  if test "$with_gnu_ld" = yes; then
-    archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
-    archive_expsym_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
-
-    hardcode_libdir_flag_spec_CXX='${wl}--rpath ${wl}$libdir'
-    export_dynamic_flag_spec_CXX='${wl}--export-dynamic'
-
-    # If archive_cmds runs LD, not CC, wlarc should be empty
-    # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to
-    #     investigate it a little bit more. (MM)
-    wlarc='${wl}'
-
-    # ancient GNU ld didn't support --whole-archive et. al.
-    if eval "`$CC -print-prog-name=ld` --help 2>&1" | \
-	grep 'no-whole-archive' > /dev/null; then
-      whole_archive_flag_spec_CXX="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
-    else
-      whole_archive_flag_spec_CXX=
-    fi
-  else
-    with_gnu_ld=no
-    wlarc=
-
-    # A generic and very simple default shared library creation
-    # command for GNU C++ for the case where it uses the native
-    # linker, instead of GNU ld.  If possible, this setting should
-    # overridden to take advantage of the native linker features on
-    # the platform it is being used on.
-    archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
-  fi
-
-  # Commands to make compiler produce verbose output that lists
-  # what "hidden" libraries, object files and flags are used when
-  # linking a shared library.
-  output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"'
-
-else
-  GXX=no
-  with_gnu_ld=no
-  wlarc=
-fi
-
-# PORTME: fill in a description of your system's C++ link characteristics
-{ echo "$as_me:$LINENO: checking whether the $compiler linker ($LD) supports shared libraries" >&5
-echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared libraries... $ECHO_C" >&6; }
-ld_shlibs_CXX=yes
-case $host_os in
-  aix3*)
-    # FIXME: insert proper C++ library support
-    ld_shlibs_CXX=no
-    ;;
-  aix4* | aix5*)
-    if test "$host_cpu" = ia64; then
-      # On IA64, the linker does run time linking by default, so we don't
-      # have to do anything special.
-      aix_use_runtimelinking=no
-      exp_sym_flag='-Bexport'
-      no_entry_flag=""
-    else
-      aix_use_runtimelinking=no
-
-      # Test if we are trying to use run time linking or normal
-      # AIX style linking. If -brtl is somewhere in LDFLAGS, we
-      # need to do runtime linking.
-      case $host_os in aix4.[23]|aix4.[23].*|aix5*)
-	for ld_flag in $LDFLAGS; do
-	  case $ld_flag in
-	  *-brtl*)
-	    aix_use_runtimelinking=yes
-	    break
-	    ;;
-	  esac
-	done
-	;;
-      esac
-
-      exp_sym_flag='-bexport'
-      no_entry_flag='-bnoentry'
-    fi
-
-    # When large executables or shared objects are built, AIX ld can
-    # have problems creating the table of contents.  If linking a library
-    # or program results in "error TOC overflow" add -mminimal-toc to
-    # CXXFLAGS/CFLAGS for g++/gcc.  In the cases where that is not
-    # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
-
-    archive_cmds_CXX=''
-    hardcode_direct_CXX=yes
-    hardcode_libdir_separator_CXX=':'
-    link_all_deplibs_CXX=yes
-
-    if test "$GXX" = yes; then
-      case $host_os in aix4.[012]|aix4.[012].*)
-      # We only want to do this on AIX 4.2 and lower, the check
-      # below for broken collect2 doesn't work under 4.3+
-	collect2name=`${CC} -print-prog-name=collect2`
-	if test -f "$collect2name" && \
-	   strings "$collect2name" | grep resolve_lib_name >/dev/null
-	then
-	  # We have reworked collect2
-	  hardcode_direct_CXX=yes
-	else
-	  # We have old collect2
-	  hardcode_direct_CXX=unsupported
-	  # It fails to find uninstalled libraries when the uninstalled
-	  # path is not listed in the libpath.  Setting hardcode_minus_L
-	  # to unsupported forces relinking
-	  hardcode_minus_L_CXX=yes
-	  hardcode_libdir_flag_spec_CXX='-L$libdir'
-	  hardcode_libdir_separator_CXX=
-	fi
-	;;
-      esac
-      shared_flag='-shared'
-      if test "$aix_use_runtimelinking" = yes; then
-	shared_flag="$shared_flag "'${wl}-G'
-      fi
-    else
-      # not using gcc
-      if test "$host_cpu" = ia64; then
-	# VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
-	# chokes on -Wl,-G. The following line is correct:
-	shared_flag='-G'
-      else
-	if test "$aix_use_runtimelinking" = yes; then
-	  shared_flag='${wl}-G'
-	else
-	  shared_flag='${wl}-bM:SRE'
-	fi
-      fi
-    fi
-
-    # It seems that -bexpall does not export symbols beginning with
-    # underscore (_), so it is better to generate a list of symbols to export.
-    always_export_symbols_CXX=yes
-    if test "$aix_use_runtimelinking" = yes; then
-      # Warning - without using the other runtime loading flags (-brtl),
-      # -berok will link without error, but may produce a broken library.
-      allow_undefined_flag_CXX='-berok'
-      # Determine the default libpath from the value encoded in an empty executable.
-      cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_cxx_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-
-aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
-}'`
-# Check for a 64-bit object if we didn't find anything.
-if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
-}'`; fi
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
-
-      hardcode_libdir_flag_spec_CXX='${wl}-blibpath:$libdir:'"$aix_libpath"
-
-      archive_expsym_cmds_CXX="\$CC"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
-     else
-      if test "$host_cpu" = ia64; then
-	hardcode_libdir_flag_spec_CXX='${wl}-R $libdir:/usr/lib:/lib'
-	allow_undefined_flag_CXX="-z nodefs"
-	archive_expsym_cmds_CXX="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols"
-      else
-	# Determine the default libpath from the value encoded in an empty executable.
-	cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_cxx_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-
-aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
-}'`
-# Check for a 64-bit object if we didn't find anything.
-if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
-}'`; fi
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
-
-	hardcode_libdir_flag_spec_CXX='${wl}-blibpath:$libdir:'"$aix_libpath"
-	# Warning - without using the other run time loading flags,
-	# -berok will link without error, but may produce a broken library.
-	no_undefined_flag_CXX=' ${wl}-bernotok'
-	allow_undefined_flag_CXX=' ${wl}-berok'
-	# Exported symbols can be pulled into shared objects from archives
-	whole_archive_flag_spec_CXX='$convenience'
-	archive_cmds_need_lc_CXX=yes
-	# This is similar to how AIX traditionally builds its shared libraries.
-	archive_expsym_cmds_CXX="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
-      fi
-    fi
-    ;;
-
-  beos*)
-    if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
-      allow_undefined_flag_CXX=unsupported
-      # Joseph Beckenbach <jrb3@best.com> says some releases of gcc
-      # support --undefined.  This deserves some investigation.  FIXME
-      archive_cmds_CXX='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
-    else
-      ld_shlibs_CXX=no
-    fi
-    ;;
-
-  chorus*)
-    case $cc_basename in
-      *)
-	# FIXME: insert proper C++ library support
-	ld_shlibs_CXX=no
-	;;
-    esac
-    ;;
-
-  cygwin* | mingw* | pw32*)
-    # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, CXX) is actually meaningless,
-    # as there is no search path for DLLs.
-    hardcode_libdir_flag_spec_CXX='-L$libdir'
-    allow_undefined_flag_CXX=unsupported
-    always_export_symbols_CXX=no
-    enable_shared_with_static_runtimes_CXX=yes
-
-    if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
-      archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
-      # If the export-symbols file already is a .def file (1st line
-      # is EXPORTS), use it as is; otherwise, prepend...
-      archive_expsym_cmds_CXX='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
-	cp $export_symbols $output_objdir/$soname.def;
-      else
-	echo EXPORTS > $output_objdir/$soname.def;
-	cat $export_symbols >> $output_objdir/$soname.def;
-      fi~
-      $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
-    else
-      ld_shlibs_CXX=no
-    fi
-  ;;
-      darwin* | rhapsody*)
-        case $host_os in
-        rhapsody* | darwin1.[012])
-         allow_undefined_flag_CXX='${wl}-undefined ${wl}suppress'
-         ;;
-       *) # Darwin 1.3 on
-         if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then
-           allow_undefined_flag_CXX='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
-         else
-           case ${MACOSX_DEPLOYMENT_TARGET} in
-             10.[012])
-               allow_undefined_flag_CXX='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
-               ;;
-             10.*)
-               allow_undefined_flag_CXX='${wl}-undefined ${wl}dynamic_lookup'
-               ;;
-           esac
-         fi
-         ;;
-        esac
-      archive_cmds_need_lc_CXX=no
-      hardcode_direct_CXX=no
-      hardcode_automatic_CXX=yes
-      hardcode_shlibpath_var_CXX=unsupported
-      whole_archive_flag_spec_CXX=''
-      link_all_deplibs_CXX=yes
-
-    if test "$GXX" = yes ; then
-      lt_int_apple_cc_single_mod=no
-      output_verbose_link_cmd='echo'
-      if $CC -dumpspecs 2>&1 | $EGREP 'single_module' >/dev/null ; then
-       lt_int_apple_cc_single_mod=yes
-      fi
-      if test "X$lt_int_apple_cc_single_mod" = Xyes ; then
-       archive_cmds_CXX='$CC -dynamiclib -single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring'
-      else
-          archive_cmds_CXX='$CC -r -keep_private_externs -nostdlib -o ${lib}-master.o $libobjs~$CC -dynamiclib $allow_undefined_flag -o $lib ${lib}-master.o $deplibs $compiler_flags -install_name $rpath/$soname $verstring'
-        fi
-        module_cmds_CXX='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
-        # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
-          if test "X$lt_int_apple_cc_single_mod" = Xyes ; then
-            archive_expsym_cmds_CXX='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib -single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
-          else
-            archive_expsym_cmds_CXX='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -r -keep_private_externs -nostdlib -o ${lib}-master.o $libobjs~$CC -dynamiclib $allow_undefined_flag -o $lib ${lib}-master.o $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
-          fi
-            module_expsym_cmds_CXX='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag  -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
-      else
-      case $cc_basename in
-        xlc*)
-         output_verbose_link_cmd='echo'
-          archive_cmds_CXX='$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring'
-          module_cmds_CXX='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
-          # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
-          archive_expsym_cmds_CXX='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
-          module_expsym_cmds_CXX='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag  -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
-          ;;
-       *)
-         ld_shlibs_CXX=no
-          ;;
-      esac
-      fi
-        ;;
-
-  dgux*)
-    case $cc_basename in
-      ec++*)
-	# FIXME: insert proper C++ library support
-	ld_shlibs_CXX=no
-	;;
-      ghcx*)
-	# Green Hills C++ Compiler
-	# FIXME: insert proper C++ library support
-	ld_shlibs_CXX=no
-	;;
-      *)
-	# FIXME: insert proper C++ library support
-	ld_shlibs_CXX=no
-	;;
-    esac
-    ;;
-  freebsd[12]*)
-    # C++ shared libraries reported to be fairly broken before switch to ELF
-    ld_shlibs_CXX=no
-    ;;
-  freebsd-elf*)
-    archive_cmds_need_lc_CXX=no
-    ;;
-  freebsd* | kfreebsd*-gnu | dragonfly*)
-    # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF
-    # conventions
-    ld_shlibs_CXX=yes
-    ;;
-  gnu*)
-    ;;
-  hpux9*)
-    hardcode_libdir_flag_spec_CXX='${wl}+b ${wl}$libdir'
-    hardcode_libdir_separator_CXX=:
-    export_dynamic_flag_spec_CXX='${wl}-E'
-    hardcode_direct_CXX=yes
-    hardcode_minus_L_CXX=yes # Not in the search PATH,
-				# but as the default
-				# location of the library.
-
-    case $cc_basename in
-    CC*)
-      # FIXME: insert proper C++ library support
-      ld_shlibs_CXX=no
-      ;;
-    aCC*)
-      archive_cmds_CXX='$rm $output_objdir/$soname~$CC -b ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
-      # Commands to make compiler produce verbose output that lists
-      # what "hidden" libraries, object files and flags are used when
-      # linking a shared library.
-      #
-      # There doesn't appear to be a way to prevent this compiler from
-      # explicitly linking system object files so we need to strip them
-      # from the output so that they don't get included in the library
-      # dependencies.
-      output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | grep "[-]L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
-      ;;
-    *)
-      if test "$GXX" = yes; then
-        archive_cmds_CXX='$rm $output_objdir/$soname~$CC -shared -nostdlib -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
-      else
-        # FIXME: insert proper C++ library support
-        ld_shlibs_CXX=no
-      fi
-      ;;
-    esac
-    ;;
-  hpux10*|hpux11*)
-    if test $with_gnu_ld = no; then
-      hardcode_libdir_flag_spec_CXX='${wl}+b ${wl}$libdir'
-      hardcode_libdir_separator_CXX=:
-
-      case $host_cpu in
-      hppa*64*|ia64*)
-	hardcode_libdir_flag_spec_ld_CXX='+b $libdir'
-        ;;
-      *)
-	export_dynamic_flag_spec_CXX='${wl}-E'
-        ;;
-      esac
-    fi
-    case $host_cpu in
-    hppa*64*|ia64*)
-      hardcode_direct_CXX=no
-      hardcode_shlibpath_var_CXX=no
-      ;;
-    *)
-      hardcode_direct_CXX=yes
-      hardcode_minus_L_CXX=yes # Not in the search PATH,
-					      # but as the default
-					      # location of the library.
-      ;;
-    esac
-
-    case $cc_basename in
-      CC*)
-	# FIXME: insert proper C++ library support
-	ld_shlibs_CXX=no
-	;;
-      aCC*)
-	case $host_cpu in
-	hppa*64*)
-	  archive_cmds_CXX='$CC -b ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	  ;;
-	ia64*)
-	  archive_cmds_CXX='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	  ;;
-	*)
-	  archive_cmds_CXX='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	  ;;
-	esac
-	# Commands to make compiler produce verbose output that lists
-	# what "hidden" libraries, object files and flags are used when
-	# linking a shared library.
-	#
-	# There doesn't appear to be a way to prevent this compiler from
-	# explicitly linking system object files so we need to strip them
-	# from the output so that they don't get included in the library
-	# dependencies.
-	output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | grep "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
-	;;
-      *)
-	if test "$GXX" = yes; then
-	  if test $with_gnu_ld = no; then
-	    case $host_cpu in
-	    hppa*64*)
-	      archive_cmds_CXX='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	      ;;
-	    ia64*)
-	      archive_cmds_CXX='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	      ;;
-	    *)
-	      archive_cmds_CXX='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	      ;;
-	    esac
-	  fi
-	else
-	  # FIXME: insert proper C++ library support
-	  ld_shlibs_CXX=no
-	fi
-	;;
-    esac
-    ;;
-  interix3*)
-    hardcode_direct_CXX=no
-    hardcode_shlibpath_var_CXX=no
-    hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir'
-    export_dynamic_flag_spec_CXX='${wl}-E'
-    # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
-    # Instead, shared libraries are loaded at an image base (0x10000000 by
-    # default) and relocated if they conflict, which is a slow very memory
-    # consuming and fragmenting process.  To avoid this, we pick a random,
-    # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
-    # time.  Moving up from 0x10000000 also allows more sbrk(2) space.
-    archive_cmds_CXX='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-    archive_expsym_cmds_CXX='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-    ;;
-  irix5* | irix6*)
-    case $cc_basename in
-      CC*)
-	# SGI C++
-	archive_cmds_CXX='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
-
-	# Archives containing C++ object files must be created using
-	# "CC -ar", where "CC" is the IRIX C++ compiler.  This is
-	# necessary to make sure instantiated templates are included
-	# in the archive.
-	old_archive_cmds_CXX='$CC -ar -WR,-u -o $oldlib $oldobjs'
-	;;
-      *)
-	if test "$GXX" = yes; then
-	  if test "$with_gnu_ld" = no; then
-	    archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
-	  else
-	    archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` -o $lib'
-	  fi
-	fi
-	link_all_deplibs_CXX=yes
-	;;
-    esac
-    hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir'
-    hardcode_libdir_separator_CXX=:
-    ;;
-  linux*)
-    case $cc_basename in
-      KCC*)
-	# Kuck and Associates, Inc. (KAI) C++ Compiler
-
-	# KCC will only create a shared library if the output file
-	# ends with ".so" (or ".sl" for HP-UX), so rename the library
-	# to its proper name (with version) after linking.
-	archive_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
-	archive_expsym_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib ${wl}-retain-symbols-file,$export_symbols; mv \$templib $lib'
-	# Commands to make compiler produce verbose output that lists
-	# what "hidden" libraries, object files and flags are used when
-	# linking a shared library.
-	#
-	# There doesn't appear to be a way to prevent this compiler from
-	# explicitly linking system object files so we need to strip them
-	# from the output so that they don't get included in the library
-	# dependencies.
-	output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | grep "ld"`; rm -f libconftest$shared_ext; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
-
-	hardcode_libdir_flag_spec_CXX='${wl}--rpath,$libdir'
-	export_dynamic_flag_spec_CXX='${wl}--export-dynamic'
-
-	# Archives containing C++ object files must be created using
-	# "CC -Bstatic", where "CC" is the KAI C++ compiler.
-	old_archive_cmds_CXX='$CC -Bstatic -o $oldlib $oldobjs'
-	;;
-      icpc*)
-	# Intel C++
-	with_gnu_ld=yes
-	# version 8.0 and above of icpc choke on multiply defined symbols
-	# if we add $predep_objects and $postdep_objects, however 7.1 and
-	# earlier do not add the objects themselves.
-	case `$CC -V 2>&1` in
-	*"Version 7."*)
-  	  archive_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
-  	  archive_expsym_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
-	  ;;
-	*)  # Version 8.0 or newer
-	  tmp_idyn=
-	  case $host_cpu in
-	    ia64*) tmp_idyn=' -i_dynamic';;
-	  esac
-  	  archive_cmds_CXX='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
-	  archive_expsym_cmds_CXX='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
-	  ;;
-	esac
-	archive_cmds_need_lc_CXX=no
-	hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir'
-	export_dynamic_flag_spec_CXX='${wl}--export-dynamic'
-	whole_archive_flag_spec_CXX='${wl}--whole-archive$convenience ${wl}--no-whole-archive'
-	;;
-      pgCC*)
-        # Portland Group C++ compiler
-	archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
-  	archive_expsym_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
-
-	hardcode_libdir_flag_spec_CXX='${wl}--rpath ${wl}$libdir'
-	export_dynamic_flag_spec_CXX='${wl}--export-dynamic'
-	whole_archive_flag_spec_CXX='${wl}--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
-        ;;
-      cxx*)
-	# Compaq C++
-	archive_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
-	archive_expsym_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname  -o $lib ${wl}-retain-symbols-file $wl$export_symbols'
-
-	runpath_var=LD_RUN_PATH
-	hardcode_libdir_flag_spec_CXX='-rpath $libdir'
-	hardcode_libdir_separator_CXX=:
-
-	# Commands to make compiler produce verbose output that lists
-	# what "hidden" libraries, object files and flags are used when
-	# linking a shared library.
-	#
-	# There doesn't appear to be a way to prevent this compiler from
-	# explicitly linking system object files so we need to strip them
-	# from the output so that they don't get included in the library
-	# dependencies.
-	output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
-	;;
-    esac
-    ;;
-  lynxos*)
-    # FIXME: insert proper C++ library support
-    ld_shlibs_CXX=no
-    ;;
-  m88k*)
-    # FIXME: insert proper C++ library support
-    ld_shlibs_CXX=no
-    ;;
-  mvs*)
-    case $cc_basename in
-      cxx*)
-	# FIXME: insert proper C++ library support
-	ld_shlibs_CXX=no
-	;;
-      *)
-	# FIXME: insert proper C++ library support
-	ld_shlibs_CXX=no
-	;;
-    esac
-    ;;
-  netbsd*)
-    if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
-      archive_cmds_CXX='$LD -Bshareable  -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags'
-      wlarc=
-      hardcode_libdir_flag_spec_CXX='-R$libdir'
-      hardcode_direct_CXX=yes
-      hardcode_shlibpath_var_CXX=no
-    fi
-    # Workaround some broken pre-1.5 toolchains
-    output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"'
-    ;;
-  openbsd2*)
-    # C++ shared libraries are fairly broken
-    ld_shlibs_CXX=no
-    ;;
-  openbsd*)
-    hardcode_direct_CXX=yes
-    hardcode_shlibpath_var_CXX=no
-    archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
-    hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir'
-    if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
-      archive_expsym_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file,$export_symbols -o $lib'
-      export_dynamic_flag_spec_CXX='${wl}-E'
-      whole_archive_flag_spec_CXX="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
-    fi
-    output_verbose_link_cmd='echo'
-    ;;
-  osf3*)
-    case $cc_basename in
-      KCC*)
-	# Kuck and Associates, Inc. (KAI) C++ Compiler
-
-	# KCC will only create a shared library if the output file
-	# ends with ".so" (or ".sl" for HP-UX), so rename the library
-	# to its proper name (with version) after linking.
-	archive_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
-
-	hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir'
-	hardcode_libdir_separator_CXX=:
-
-	# Archives containing C++ object files must be created using
-	# "CC -Bstatic", where "CC" is the KAI C++ compiler.
-	old_archive_cmds_CXX='$CC -Bstatic -o $oldlib $oldobjs'
-
-	;;
-      RCC*)
-	# Rational C++ 2.4.1
-	# FIXME: insert proper C++ library support
-	ld_shlibs_CXX=no
-	;;
-      cxx*)
-	allow_undefined_flag_CXX=' ${wl}-expect_unresolved ${wl}\*'
-	archive_cmds_CXX='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $soname `test -n "$verstring" && echo ${wl}-set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
-
-	hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir'
-	hardcode_libdir_separator_CXX=:
-
-	# Commands to make compiler produce verbose output that lists
-	# what "hidden" libraries, object files and flags are used when
-	# linking a shared library.
-	#
-	# There doesn't appear to be a way to prevent this compiler from
-	# explicitly linking system object files so we need to strip them
-	# from the output so that they don't get included in the library
-	# dependencies.
-	output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld" | grep -v "ld:"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
-	;;
-      *)
-	if test "$GXX" = yes && test "$with_gnu_ld" = no; then
-	  allow_undefined_flag_CXX=' ${wl}-expect_unresolved ${wl}\*'
-	  archive_cmds_CXX='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
-
-	  hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir'
-	  hardcode_libdir_separator_CXX=:
-
-	  # Commands to make compiler produce verbose output that lists
-	  # what "hidden" libraries, object files and flags are used when
-	  # linking a shared library.
-	  output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"'
-
-	else
-	  # FIXME: insert proper C++ library support
-	  ld_shlibs_CXX=no
-	fi
-	;;
-    esac
-    ;;
-  osf4* | osf5*)
-    case $cc_basename in
-      KCC*)
-	# Kuck and Associates, Inc. (KAI) C++ Compiler
-
-	# KCC will only create a shared library if the output file
-	# ends with ".so" (or ".sl" for HP-UX), so rename the library
-	# to its proper name (with version) after linking.
-	archive_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
-
-	hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir'
-	hardcode_libdir_separator_CXX=:
-
-	# Archives containing C++ object files must be created using
-	# the KAI C++ compiler.
-	old_archive_cmds_CXX='$CC -o $oldlib $oldobjs'
-	;;
-      RCC*)
-	# Rational C++ 2.4.1
-	# FIXME: insert proper C++ library support
-	ld_shlibs_CXX=no
-	;;
-      cxx*)
-	allow_undefined_flag_CXX=' -expect_unresolved \*'
-	archive_cmds_CXX='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
-	archive_expsym_cmds_CXX='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~
-	  echo "-hidden">> $lib.exp~
-	  $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname -Wl,-input -Wl,$lib.exp  `test -n "$verstring" && echo -set_version	$verstring` -update_registry ${output_objdir}/so_locations -o $lib~
-	  $rm $lib.exp'
-
-	hardcode_libdir_flag_spec_CXX='-rpath $libdir'
-	hardcode_libdir_separator_CXX=:
-
-	# Commands to make compiler produce verbose output that lists
-	# what "hidden" libraries, object files and flags are used when
-	# linking a shared library.
-	#
-	# There doesn't appear to be a way to prevent this compiler from
-	# explicitly linking system object files so we need to strip them
-	# from the output so that they don't get included in the library
-	# dependencies.
-	output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld" | grep -v "ld:"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
-	;;
-      *)
-	if test "$GXX" = yes && test "$with_gnu_ld" = no; then
-	  allow_undefined_flag_CXX=' ${wl}-expect_unresolved ${wl}\*'
-	 archive_cmds_CXX='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
-
-	  hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir'
-	  hardcode_libdir_separator_CXX=:
-
-	  # Commands to make compiler produce verbose output that lists
-	  # what "hidden" libraries, object files and flags are used when
-	  # linking a shared library.
-	  output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"'
-
-	else
-	  # FIXME: insert proper C++ library support
-	  ld_shlibs_CXX=no
-	fi
-	;;
-    esac
-    ;;
-  psos*)
-    # FIXME: insert proper C++ library support
-    ld_shlibs_CXX=no
-    ;;
-  sunos4*)
-    case $cc_basename in
-      CC*)
-	# Sun C++ 4.x
-	# FIXME: insert proper C++ library support
-	ld_shlibs_CXX=no
-	;;
-      lcc*)
-	# Lucid
-	# FIXME: insert proper C++ library support
-	ld_shlibs_CXX=no
-	;;
-      *)
-	# FIXME: insert proper C++ library support
-	ld_shlibs_CXX=no
-	;;
-    esac
-    ;;
-  solaris*)
-    case $cc_basename in
-      CC*)
-	# Sun C++ 4.2, 5.x and Centerline C++
-        archive_cmds_need_lc_CXX=yes
-	no_undefined_flag_CXX=' -zdefs'
-	archive_cmds_CXX='$CC -G${allow_undefined_flag}  -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	archive_expsym_cmds_CXX='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
-	$CC -G${allow_undefined_flag}  ${wl}-M ${wl}$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp'
-
-	hardcode_libdir_flag_spec_CXX='-R$libdir'
-	hardcode_shlibpath_var_CXX=no
-	case $host_os in
-	  solaris2.[0-5] | solaris2.[0-5].*) ;;
-	  *)
-	    # The C++ compiler is used as linker so we must use $wl
-	    # flag to pass the commands to the underlying system
-	    # linker. We must also pass each convience library through
-	    # to the system linker between allextract/defaultextract.
-	    # The C++ compiler will combine linker options so we
-	    # cannot just pass the convience library names through
-	    # without $wl.
-	    # Supported since Solaris 2.6 (maybe 2.5.1?)
-	    whole_archive_flag_spec_CXX='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract'
-	    ;;
-	esac
-	link_all_deplibs_CXX=yes
-
-	output_verbose_link_cmd='echo'
-
-	# Archives containing C++ object files must be created using
-	# "CC -xar", where "CC" is the Sun C++ compiler.  This is
-	# necessary to make sure instantiated templates are included
-	# in the archive.
-	old_archive_cmds_CXX='$CC -xar -o $oldlib $oldobjs'
-	;;
-      gcx*)
-	# Green Hills C++ Compiler
-	archive_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
-
-	# The C++ compiler must be used to create the archive.
-	old_archive_cmds_CXX='$CC $LDFLAGS -archive -o $oldlib $oldobjs'
-	;;
-      *)
-	# GNU C++ compiler with Solaris linker
-	if test "$GXX" = yes && test "$with_gnu_ld" = no; then
-	  no_undefined_flag_CXX=' ${wl}-z ${wl}defs'
-	  if $CC --version | grep -v '^2\.7' > /dev/null; then
-	    archive_cmds_CXX='$CC -shared -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
-	    archive_expsym_cmds_CXX='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
-		$CC -shared -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp'
-
-	    # Commands to make compiler produce verbose output that lists
-	    # what "hidden" libraries, object files and flags are used when
-	    # linking a shared library.
-	    output_verbose_link_cmd="$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep \"\-L\""
-	  else
-	    # g++ 2.7 appears to require `-G' NOT `-shared' on this
-	    # platform.
-	    archive_cmds_CXX='$CC -G -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
-	    archive_expsym_cmds_CXX='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
-		$CC -G -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp'
-
-	    # Commands to make compiler produce verbose output that lists
-	    # what "hidden" libraries, object files and flags are used when
-	    # linking a shared library.
-	    output_verbose_link_cmd="$CC -G $CFLAGS -v conftest.$objext 2>&1 | grep \"\-L\""
-	  fi
-
-	  hardcode_libdir_flag_spec_CXX='${wl}-R $wl$libdir'
-	fi
-	;;
-    esac
-    ;;
-  sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*)
-    no_undefined_flag_CXX='${wl}-z,text'
-    archive_cmds_need_lc_CXX=no
-    hardcode_shlibpath_var_CXX=no
-    runpath_var='LD_RUN_PATH'
-
-    case $cc_basename in
-      CC*)
-	archive_cmds_CXX='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	archive_expsym_cmds_CXX='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	;;
-      *)
-	archive_cmds_CXX='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	archive_expsym_cmds_CXX='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	;;
-    esac
-    ;;
-  sysv5* | sco3.2v5* | sco5v6*)
-    # Note: We can NOT use -z defs as we might desire, because we do not
-    # link with -lc, and that would cause any symbols used from libc to
-    # always be unresolved, which means just about no library would
-    # ever link correctly.  If we're not using GNU ld we use -z text
-    # though, which does catch some bad symbols but isn't as heavy-handed
-    # as -z defs.
-    # For security reasons, it is highly recommended that you always
-    # use absolute paths for naming shared libraries, and exclude the
-    # DT_RUNPATH tag from executables and libraries.  But doing so
-    # requires that you compile everything twice, which is a pain.
-    # So that behaviour is only enabled if SCOABSPATH is set to a
-    # non-empty value in the environment.  Most likely only useful for
-    # creating official distributions of packages.
-    # This is a hack until libtool officially supports absolute path
-    # names for shared libraries.
-    no_undefined_flag_CXX='${wl}-z,text'
-    allow_undefined_flag_CXX='${wl}-z,nodefs'
-    archive_cmds_need_lc_CXX=no
-    hardcode_shlibpath_var_CXX=no
-    hardcode_libdir_flag_spec_CXX='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`'
-    hardcode_libdir_separator_CXX=':'
-    link_all_deplibs_CXX=yes
-    export_dynamic_flag_spec_CXX='${wl}-Bexport'
-    runpath_var='LD_RUN_PATH'
-
-    case $cc_basename in
-      CC*)
-	archive_cmds_CXX='$CC -G ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
-	archive_expsym_cmds_CXX='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
-	;;
-      *)
-	archive_cmds_CXX='$CC -shared ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
-	archive_expsym_cmds_CXX='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
-	;;
-    esac
-    ;;
-  tandem*)
-    case $cc_basename in
-      NCC*)
-	# NonStop-UX NCC 3.20
-	# FIXME: insert proper C++ library support
-	ld_shlibs_CXX=no
-	;;
-      *)
-	# FIXME: insert proper C++ library support
-	ld_shlibs_CXX=no
-	;;
-    esac
-    ;;
-  vxworks*)
-    # FIXME: insert proper C++ library support
-    ld_shlibs_CXX=no
-    ;;
-  *)
-    # FIXME: insert proper C++ library support
-    ld_shlibs_CXX=no
-    ;;
-esac
-{ echo "$as_me:$LINENO: result: $ld_shlibs_CXX" >&5
-echo "${ECHO_T}$ld_shlibs_CXX" >&6; }
-test "$ld_shlibs_CXX" = no && can_build_shared=no
-
-GCC_CXX="$GXX"
-LD_CXX="$LD"
-
-
-cat > conftest.$ac_ext <<EOF
-class Foo
-{
-public:
-  Foo (void) { a = 0; }
-private:
-  int a;
-};
-EOF
-
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-  # Parse the compiler output and extract the necessary
-  # objects, libraries and library flags.
-
-  # Sentinel used to keep track of whether or not we are before
-  # the conftest object file.
-  pre_test_object_deps_done=no
-
-  # The `*' in the case matches for architectures that use `case' in
-  # $output_verbose_cmd can trigger glob expansion during the loop
-  # eval without this substitution.
-  output_verbose_link_cmd=`$echo "X$output_verbose_link_cmd" | $Xsed -e "$no_glob_subst"`
-
-  for p in `eval $output_verbose_link_cmd`; do
-    case $p in
-
-    -L* | -R* | -l*)
-       # Some compilers place space between "-{L,R}" and the path.
-       # Remove the space.
-       if test $p = "-L" \
-	  || test $p = "-R"; then
-	 prev=$p
-	 continue
-       else
-	 prev=
-       fi
-
-       if test "$pre_test_object_deps_done" = no; then
-	 case $p in
-	 -L* | -R*)
-	   # Internal compiler library paths should come after those
-	   # provided the user.  The postdeps already come after the
-	   # user supplied libs so there is no need to process them.
-	   if test -z "$compiler_lib_search_path_CXX"; then
-	     compiler_lib_search_path_CXX="${prev}${p}"
-	   else
-	     compiler_lib_search_path_CXX="${compiler_lib_search_path_CXX} ${prev}${p}"
-	   fi
-	   ;;
-	 # The "-l" case would never come before the object being
-	 # linked, so don't bother handling this case.
-	 esac
-       else
-	 if test -z "$postdeps_CXX"; then
-	   postdeps_CXX="${prev}${p}"
-	 else
-	   postdeps_CXX="${postdeps_CXX} ${prev}${p}"
-	 fi
-       fi
-       ;;
-
-    *.$objext)
-       # This assumes that the test object file only shows up
-       # once in the compiler output.
-       if test "$p" = "conftest.$objext"; then
-	 pre_test_object_deps_done=yes
-	 continue
-       fi
-
-       if test "$pre_test_object_deps_done" = no; then
-	 if test -z "$predep_objects_CXX"; then
-	   predep_objects_CXX="$p"
-	 else
-	   predep_objects_CXX="$predep_objects_CXX $p"
-	 fi
-       else
-	 if test -z "$postdep_objects_CXX"; then
-	   postdep_objects_CXX="$p"
-	 else
-	   postdep_objects_CXX="$postdep_objects_CXX $p"
-	 fi
-       fi
-       ;;
-
-    *) ;; # Ignore the rest.
-
-    esac
-  done
-
-  # Clean up.
-  rm -f a.out a.exe
-else
-  echo "libtool.m4: error: problem compiling CXX test program"
-fi
-
-$rm -f confest.$objext
-
-# PORTME: override above test on systems where it is broken
-case $host_os in
-interix3*)
-  # Interix 3.5 installs completely hosed .la files for C++, so rather than
-  # hack all around it, let's just trust "g++" to DTRT.
-  predep_objects_CXX=
-  postdep_objects_CXX=
-  postdeps_CXX=
-  ;;
-
-solaris*)
-  case $cc_basename in
-  CC*)
-    # Adding this requires a known-good setup of shared libraries for
-    # Sun compiler versions before 5.6, else PIC objects from an old
-    # archive will be linked into the output, leading to subtle bugs.
-    postdeps_CXX='-lCstd -lCrun'
-    ;;
-  esac
-  ;;
-esac
-
-
-case " $postdeps_CXX " in
-*" -lc "*) archive_cmds_need_lc_CXX=no ;;
-esac
-
-lt_prog_compiler_wl_CXX=
-lt_prog_compiler_pic_CXX=
-lt_prog_compiler_static_CXX=
-
-{ echo "$as_me:$LINENO: checking for $compiler option to produce PIC" >&5
-echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6; }
-
-  # C++ specific cases for pic, static, wl, etc.
-  if test "$GXX" = yes; then
-    lt_prog_compiler_wl_CXX='-Wl,'
-    lt_prog_compiler_static_CXX='-static'
-
-    case $host_os in
-    aix*)
-      # All AIX code is PIC.
-      if test "$host_cpu" = ia64; then
-	# AIX 5 now supports IA64 processor
-	lt_prog_compiler_static_CXX='-Bstatic'
-      fi
-      ;;
-    amigaos*)
-      # FIXME: we need at least 68020 code to build shared libraries, but
-      # adding the `-m68020' flag to GCC prevents building anything better,
-      # like `-m68040'.
-      lt_prog_compiler_pic_CXX='-m68020 -resident32 -malways-restore-a4'
-      ;;
-    beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
-      # PIC is the default for these OSes.
-      ;;
-    mingw* | os2* | pw32*)
-      # This hack is so that the source file can tell whether it is being
-      # built for inclusion in a dll (and should export symbols for example).
-      lt_prog_compiler_pic_CXX='-DDLL_EXPORT'
-      ;;
-    darwin* | rhapsody*)
-      # PIC is the default on this platform
-      # Common symbols not allowed in MH_DYLIB files
-      lt_prog_compiler_pic_CXX='-fno-common'
-      ;;
-    *djgpp*)
-      # DJGPP does not support shared libraries at all
-      lt_prog_compiler_pic_CXX=
-      ;;
-    interix3*)
-      # Interix 3.x gcc -fpic/-fPIC options generate broken code.
-      # Instead, we relocate shared libraries at runtime.
-      ;;
-    sysv4*MP*)
-      if test -d /usr/nec; then
-	lt_prog_compiler_pic_CXX=-Kconform_pic
-      fi
-      ;;
-    hpux*)
-      # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
-      # not for PA HP-UX.
-      case $host_cpu in
-      hppa*64*|ia64*)
-	;;
-      *)
-	lt_prog_compiler_pic_CXX='-fPIC'
-	;;
-      esac
-      ;;
-    *)
-      lt_prog_compiler_pic_CXX='-fPIC'
-      ;;
-    esac
-  else
-    case $host_os in
-      aix4* | aix5*)
-	# All AIX code is PIC.
-	if test "$host_cpu" = ia64; then
-	  # AIX 5 now supports IA64 processor
-	  lt_prog_compiler_static_CXX='-Bstatic'
-	else
-	  lt_prog_compiler_static_CXX='-bnso -bI:/lib/syscalls.exp'
-	fi
-	;;
-      chorus*)
-	case $cc_basename in
-	cxch68*)
-	  # Green Hills C++ Compiler
-	  # _LT_AC_TAGVAR(lt_prog_compiler_static, CXX)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a"
-	  ;;
-	esac
-	;;
-       darwin*)
-         # PIC is the default on this platform
-         # Common symbols not allowed in MH_DYLIB files
-         case $cc_basename in
-           xlc*)
-           lt_prog_compiler_pic_CXX='-qnocommon'
-           lt_prog_compiler_wl_CXX='-Wl,'
-           ;;
-         esac
-       ;;
-      dgux*)
-	case $cc_basename in
-	  ec++*)
-	    lt_prog_compiler_pic_CXX='-KPIC'
-	    ;;
-	  ghcx*)
-	    # Green Hills C++ Compiler
-	    lt_prog_compiler_pic_CXX='-pic'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      freebsd* | kfreebsd*-gnu | dragonfly*)
-	# FreeBSD uses GNU C++
-	;;
-      hpux9* | hpux10* | hpux11*)
-	case $cc_basename in
-	  CC*)
-	    lt_prog_compiler_wl_CXX='-Wl,'
-	    lt_prog_compiler_static_CXX='${wl}-a ${wl}archive'
-	    if test "$host_cpu" != ia64; then
-	      lt_prog_compiler_pic_CXX='+Z'
-	    fi
-	    ;;
-	  aCC*)
-	    lt_prog_compiler_wl_CXX='-Wl,'
-	    lt_prog_compiler_static_CXX='${wl}-a ${wl}archive'
-	    case $host_cpu in
-	    hppa*64*|ia64*)
-	      # +Z the default
-	      ;;
-	    *)
-	      lt_prog_compiler_pic_CXX='+Z'
-	      ;;
-	    esac
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      interix*)
-	# This is c89, which is MS Visual C++ (no shared libs)
-	# Anyone wants to do a port?
-	;;
-      irix5* | irix6* | nonstopux*)
-	case $cc_basename in
-	  CC*)
-	    lt_prog_compiler_wl_CXX='-Wl,'
-	    lt_prog_compiler_static_CXX='-non_shared'
-	    # CC pic flag -KPIC is the default.
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      linux*)
-	case $cc_basename in
-	  KCC*)
-	    # KAI C++ Compiler
-	    lt_prog_compiler_wl_CXX='--backend -Wl,'
-	    lt_prog_compiler_pic_CXX='-fPIC'
-	    ;;
-	  icpc* | ecpc*)
-	    # Intel C++
-	    lt_prog_compiler_wl_CXX='-Wl,'
-	    lt_prog_compiler_pic_CXX='-KPIC'
-	    lt_prog_compiler_static_CXX='-static'
-	    ;;
-	  pgCC*)
-	    # Portland Group C++ compiler.
-	    lt_prog_compiler_wl_CXX='-Wl,'
-	    lt_prog_compiler_pic_CXX='-fpic'
-	    lt_prog_compiler_static_CXX='-Bstatic'
-	    ;;
-	  cxx*)
-	    # Compaq C++
-	    # Make sure the PIC flag is empty.  It appears that all Alpha
-	    # Linux and Compaq Tru64 Unix objects are PIC.
-	    lt_prog_compiler_pic_CXX=
-	    lt_prog_compiler_static_CXX='-non_shared'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      lynxos*)
-	;;
-      m88k*)
-	;;
-      mvs*)
-	case $cc_basename in
-	  cxx*)
-	    lt_prog_compiler_pic_CXX='-W c,exportall'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      netbsd*)
-	;;
-      osf3* | osf4* | osf5*)
-	case $cc_basename in
-	  KCC*)
-	    lt_prog_compiler_wl_CXX='--backend -Wl,'
-	    ;;
-	  RCC*)
-	    # Rational C++ 2.4.1
-	    lt_prog_compiler_pic_CXX='-pic'
-	    ;;
-	  cxx*)
-	    # Digital/Compaq C++
-	    lt_prog_compiler_wl_CXX='-Wl,'
-	    # Make sure the PIC flag is empty.  It appears that all Alpha
-	    # Linux and Compaq Tru64 Unix objects are PIC.
-	    lt_prog_compiler_pic_CXX=
-	    lt_prog_compiler_static_CXX='-non_shared'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      psos*)
-	;;
-      solaris*)
-	case $cc_basename in
-	  CC*)
-	    # Sun C++ 4.2, 5.x and Centerline C++
-	    lt_prog_compiler_pic_CXX='-KPIC'
-	    lt_prog_compiler_static_CXX='-Bstatic'
-	    lt_prog_compiler_wl_CXX='-Qoption ld '
-	    ;;
-	  gcx*)
-	    # Green Hills C++ Compiler
-	    lt_prog_compiler_pic_CXX='-PIC'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      sunos4*)
-	case $cc_basename in
-	  CC*)
-	    # Sun C++ 4.x
-	    lt_prog_compiler_pic_CXX='-pic'
-	    lt_prog_compiler_static_CXX='-Bstatic'
-	    ;;
-	  lcc*)
-	    # Lucid
-	    lt_prog_compiler_pic_CXX='-pic'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      tandem*)
-	case $cc_basename in
-	  NCC*)
-	    # NonStop-UX NCC 3.20
-	    lt_prog_compiler_pic_CXX='-KPIC'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
-	case $cc_basename in
-	  CC*)
-	    lt_prog_compiler_wl_CXX='-Wl,'
-	    lt_prog_compiler_pic_CXX='-KPIC'
-	    lt_prog_compiler_static_CXX='-Bstatic'
-	    ;;
-	esac
-	;;
-      vxworks*)
-	;;
-      *)
-	lt_prog_compiler_can_build_shared_CXX=no
-	;;
-    esac
-  fi
-
-{ echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_CXX" >&5
-echo "${ECHO_T}$lt_prog_compiler_pic_CXX" >&6; }
-
-#
-# Check to make sure the PIC flag actually works.
-#
-if test -n "$lt_prog_compiler_pic_CXX"; then
-
-{ echo "$as_me:$LINENO: checking if $compiler PIC flag $lt_prog_compiler_pic_CXX works" >&5
-echo $ECHO_N "checking if $compiler PIC flag $lt_prog_compiler_pic_CXX works... $ECHO_C" >&6; }
-if test "${lt_prog_compiler_pic_works_CXX+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  lt_prog_compiler_pic_works_CXX=no
-  ac_outfile=conftest.$ac_objext
-   printf "$lt_simple_compile_test_code" > conftest.$ac_ext
-   lt_compiler_flag="$lt_prog_compiler_pic_CXX -DPIC"
-   # Insert the option either (1) after the last *FLAGS variable, or
-   # (2) before a word containing "conftest.", or (3) at the end.
-   # Note that $ac_compile itself does not contain backslashes and begins
-   # with a dollar sign (not a hyphen), so the echo should work correctly.
-   # The option is referenced via a variable to avoid confusing sed.
-   lt_compile=`echo "$ac_compile" | $SED \
-   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-   -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:13188: $lt_compile\"" >&5)
-   (eval "$lt_compile" 2>conftest.err)
-   ac_status=$?
-   cat conftest.err >&5
-   echo "$as_me:13192: \$? = $ac_status" >&5
-   if (exit $ac_status) && test -s "$ac_outfile"; then
-     # The compiler can only warn and ignore the option if not recognized
-     # So say no if there are warnings other than the usual output.
-     $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
-     $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
-     if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
-       lt_prog_compiler_pic_works_CXX=yes
-     fi
-   fi
-   $rm conftest*
-
-fi
-{ echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_works_CXX" >&5
-echo "${ECHO_T}$lt_prog_compiler_pic_works_CXX" >&6; }
-
-if test x"$lt_prog_compiler_pic_works_CXX" = xyes; then
-    case $lt_prog_compiler_pic_CXX in
-     "" | " "*) ;;
-     *) lt_prog_compiler_pic_CXX=" $lt_prog_compiler_pic_CXX" ;;
-     esac
-else
-    lt_prog_compiler_pic_CXX=
-     lt_prog_compiler_can_build_shared_CXX=no
-fi
-
-fi
-case $host_os in
-  # For platforms which do not support PIC, -DPIC is meaningless:
-  *djgpp*)
-    lt_prog_compiler_pic_CXX=
-    ;;
-  *)
-    lt_prog_compiler_pic_CXX="$lt_prog_compiler_pic_CXX -DPIC"
-    ;;
-esac
-
-#
-# Check to make sure the static flag actually works.
-#
-wl=$lt_prog_compiler_wl_CXX eval lt_tmp_static_flag=\"$lt_prog_compiler_static_CXX\"
-{ echo "$as_me:$LINENO: checking if $compiler static flag $lt_tmp_static_flag works" >&5
-echo $ECHO_N "checking if $compiler static flag $lt_tmp_static_flag works... $ECHO_C" >&6; }
-if test "${lt_prog_compiler_static_works_CXX+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  lt_prog_compiler_static_works_CXX=no
-   save_LDFLAGS="$LDFLAGS"
-   LDFLAGS="$LDFLAGS $lt_tmp_static_flag"
-   printf "$lt_simple_link_test_code" > conftest.$ac_ext
-   if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
-     # The linker can only warn and ignore the option if not recognized
-     # So say no if there are warnings
-     if test -s conftest.err; then
-       # Append any errors to the config.log.
-       cat conftest.err 1>&5
-       $echo "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp
-       $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
-       if diff conftest.exp conftest.er2 >/dev/null; then
-         lt_prog_compiler_static_works_CXX=yes
-       fi
-     else
-       lt_prog_compiler_static_works_CXX=yes
-     fi
-   fi
-   $rm conftest*
-   LDFLAGS="$save_LDFLAGS"
-
-fi
-{ echo "$as_me:$LINENO: result: $lt_prog_compiler_static_works_CXX" >&5
-echo "${ECHO_T}$lt_prog_compiler_static_works_CXX" >&6; }
-
-if test x"$lt_prog_compiler_static_works_CXX" = xyes; then
-    :
-else
-    lt_prog_compiler_static_CXX=
-fi
-
-
-{ echo "$as_me:$LINENO: checking if $compiler supports -c -o file.$ac_objext" >&5
-echo $ECHO_N "checking if $compiler supports -c -o file.$ac_objext... $ECHO_C" >&6; }
-if test "${lt_cv_prog_compiler_c_o_CXX+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  lt_cv_prog_compiler_c_o_CXX=no
-   $rm -r conftest 2>/dev/null
-   mkdir conftest
-   cd conftest
-   mkdir out
-   printf "$lt_simple_compile_test_code" > conftest.$ac_ext
-
-   lt_compiler_flag="-o out/conftest2.$ac_objext"
-   # Insert the option either (1) after the last *FLAGS variable, or
-   # (2) before a word containing "conftest.", or (3) at the end.
-   # Note that $ac_compile itself does not contain backslashes and begins
-   # with a dollar sign (not a hyphen), so the echo should work correctly.
-   lt_compile=`echo "$ac_compile" | $SED \
-   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-   -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:13292: $lt_compile\"" >&5)
-   (eval "$lt_compile" 2>out/conftest.err)
-   ac_status=$?
-   cat out/conftest.err >&5
-   echo "$as_me:13296: \$? = $ac_status" >&5
-   if (exit $ac_status) && test -s out/conftest2.$ac_objext
-   then
-     # The compiler can only warn and ignore the option if not recognized
-     # So say no if there are warnings
-     $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
-     $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
-     if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
-       lt_cv_prog_compiler_c_o_CXX=yes
-     fi
-   fi
-   chmod u+w . 2>&5
-   $rm conftest*
-   # SGI C++ compiler will create directory out/ii_files/ for
-   # template instantiation
-   test -d out/ii_files && $rm out/ii_files/* && rmdir out/ii_files
-   $rm out/* && rmdir out
-   cd ..
-   rmdir conftest
-   $rm conftest*
-
-fi
-{ echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_c_o_CXX" >&5
-echo "${ECHO_T}$lt_cv_prog_compiler_c_o_CXX" >&6; }
-
-
-hard_links="nottested"
-if test "$lt_cv_prog_compiler_c_o_CXX" = no && test "$need_locks" != no; then
-  # do not overwrite the value of need_locks provided by the user
-  { echo "$as_me:$LINENO: checking if we can lock with hard links" >&5
-echo $ECHO_N "checking if we can lock with hard links... $ECHO_C" >&6; }
-  hard_links=yes
-  $rm conftest*
-  ln conftest.a conftest.b 2>/dev/null && hard_links=no
-  touch conftest.a
-  ln conftest.a conftest.b 2>&5 || hard_links=no
-  ln conftest.a conftest.b 2>/dev/null && hard_links=no
-  { echo "$as_me:$LINENO: result: $hard_links" >&5
-echo "${ECHO_T}$hard_links" >&6; }
-  if test "$hard_links" = no; then
-    { echo "$as_me:$LINENO: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5
-echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;}
-    need_locks=warn
-  fi
-else
-  need_locks=no
-fi
-
-{ echo "$as_me:$LINENO: checking whether the $compiler linker ($LD) supports shared libraries" >&5
-echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared libraries... $ECHO_C" >&6; }
-
-  export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
-  case $host_os in
-  aix4* | aix5*)
-    # If we're using GNU nm, then we don't want the "-C" option.
-    # -C means demangle to AIX nm, but means don't demangle with GNU nm
-    if $NM -V 2>&1 | grep 'GNU' > /dev/null; then
-      export_symbols_cmds_CXX='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols'
-    else
-      export_symbols_cmds_CXX='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols'
-    fi
-    ;;
-  pw32*)
-    export_symbols_cmds_CXX="$ltdll_cmds"
-  ;;
-  cygwin* | mingw*)
-    export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS] /s/.* \([^ ]*\)/\1 DATA/;/^.* __nm__/s/^.* __nm__\([^ ]*\) [^ ]*/\1 DATA/;/^I /d;/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols'
-  ;;
-  *)
-    export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
-  ;;
-  esac
-
-{ echo "$as_me:$LINENO: result: $ld_shlibs_CXX" >&5
-echo "${ECHO_T}$ld_shlibs_CXX" >&6; }
-test "$ld_shlibs_CXX" = no && can_build_shared=no
-
-#
-# Do we need to explicitly link libc?
-#
-case "x$archive_cmds_need_lc_CXX" in
-x|xyes)
-  # Assume -lc should be added
-  archive_cmds_need_lc_CXX=yes
-
-  if test "$enable_shared" = yes && test "$GCC" = yes; then
-    case $archive_cmds_CXX in
-    *'~'*)
-      # FIXME: we may have to deal with multi-command sequences.
-      ;;
-    '$CC '*)
-      # Test whether the compiler implicitly links with -lc since on some
-      # systems, -lgcc has to come before -lc. If gcc already passes -lc
-      # to ld, don't add -lc before -lgcc.
-      { echo "$as_me:$LINENO: checking whether -lc should be explicitly linked in" >&5
-echo $ECHO_N "checking whether -lc should be explicitly linked in... $ECHO_C" >&6; }
-      $rm conftest*
-      printf "$lt_simple_compile_test_code" > conftest.$ac_ext
-
-      if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } 2>conftest.err; then
-        soname=conftest
-        lib=conftest
-        libobjs=conftest.$ac_objext
-        deplibs=
-        wl=$lt_prog_compiler_wl_CXX
-	pic_flag=$lt_prog_compiler_pic_CXX
-        compiler_flags=-v
-        linker_flags=-v
-        verstring=
-        output_objdir=.
-        libname=conftest
-        lt_save_allow_undefined_flag=$allow_undefined_flag_CXX
-        allow_undefined_flag_CXX=
-        if { (eval echo "$as_me:$LINENO: \"$archive_cmds_CXX 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1\"") >&5
-  (eval $archive_cmds_CXX 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }
-        then
-	  archive_cmds_need_lc_CXX=no
-        else
-	  archive_cmds_need_lc_CXX=yes
-        fi
-        allow_undefined_flag_CXX=$lt_save_allow_undefined_flag
-      else
-        cat conftest.err 1>&5
-      fi
-      $rm conftest*
-      { echo "$as_me:$LINENO: result: $archive_cmds_need_lc_CXX" >&5
-echo "${ECHO_T}$archive_cmds_need_lc_CXX" >&6; }
-      ;;
-    esac
-  fi
-  ;;
-esac
-
-{ echo "$as_me:$LINENO: checking dynamic linker characteristics" >&5
-echo $ECHO_N "checking dynamic linker characteristics... $ECHO_C" >&6; }
-library_names_spec=
-libname_spec='lib$name'
-soname_spec=
-shrext_cmds=".so"
-postinstall_cmds=
-postuninstall_cmds=
-finish_cmds=
-finish_eval=
-shlibpath_var=
-shlibpath_overrides_runpath=unknown
-version_type=none
-dynamic_linker="$host_os ld.so"
-sys_lib_dlsearch_path_spec="/lib /usr/lib"
-if test "$GCC" = yes; then
-  sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
-  if echo "$sys_lib_search_path_spec" | grep ';' >/dev/null ; then
-    # if the path contains ";" then we assume it to be the separator
-    # otherwise default to the standard path separator (i.e. ":") - it is
-    # assumed that no part of a normal pathname contains ";" but that should
-    # okay in the real world where ";" in dirpaths is itself problematic.
-    sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
-  else
-    sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED  -e "s/$PATH_SEPARATOR/ /g"`
-  fi
-else
-  sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
-fi
-need_lib_prefix=unknown
-hardcode_into_libs=no
-
-# when you set need_version to no, make sure it does not cause -set_version
-# flags to be left without arguments
-need_version=unknown
-
-case $host_os in
-aix3*)
-  version_type=linux
-  library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
-  shlibpath_var=LIBPATH
-
-  # AIX 3 has no versioning support, so we append a major version to the name.
-  soname_spec='${libname}${release}${shared_ext}$major'
-  ;;
-
-aix4* | aix5*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  hardcode_into_libs=yes
-  if test "$host_cpu" = ia64; then
-    # AIX 5 supports IA64
-    library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}'
-    shlibpath_var=LD_LIBRARY_PATH
-  else
-    # With GCC up to 2.95.x, collect2 would create an import file
-    # for dependence libraries.  The import file would start with
-    # the line `#! .'.  This would cause the generated library to
-    # depend on `.', always an invalid library.  This was fixed in
-    # development snapshots of GCC prior to 3.0.
-    case $host_os in
-      aix4 | aix4.[01] | aix4.[01].*)
-      if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
-	   echo ' yes '
-	   echo '#endif'; } | ${CC} -E - | grep yes > /dev/null; then
-	:
-      else
-	can_build_shared=no
-      fi
-      ;;
-    esac
-    # AIX (on Power*) has no versioning support, so currently we can not hardcode correct
-    # soname into executable. Probably we can add versioning support to
-    # collect2, so additional links can be useful in future.
-    if test "$aix_use_runtimelinking" = yes; then
-      # If using run time linking (on AIX 4.2 or later) use lib<name>.so
-      # instead of lib<name>.a to let people know that these are not
-      # typical AIX shared libraries.
-      library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-    else
-      # We preserve .a as extension for shared libraries through AIX4.2
-      # and later when we are not doing run time linking.
-      library_names_spec='${libname}${release}.a $libname.a'
-      soname_spec='${libname}${release}${shared_ext}$major'
-    fi
-    shlibpath_var=LIBPATH
-  fi
-  ;;
-
-amigaos*)
-  library_names_spec='$libname.ixlibrary $libname.a'
-  # Create ${libname}_ixlibrary.a entries in /sys/libs.
-  finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
-  ;;
-
-beos*)
-  library_names_spec='${libname}${shared_ext}'
-  dynamic_linker="$host_os ld.so"
-  shlibpath_var=LIBRARY_PATH
-  ;;
-
-bsdi[45]*)
-  version_type=linux
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
-  sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
-  # the default ld.so.conf also contains /usr/contrib/lib and
-  # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
-  # libtool to hard-code these into programs
-  ;;
-
-cygwin* | mingw* | pw32*)
-  version_type=windows
-  shrext_cmds=".dll"
-  need_version=no
-  need_lib_prefix=no
-
-  case $GCC,$host_os in
-  yes,cygwin* | yes,mingw* | yes,pw32*)
-    library_names_spec='$libname.dll.a'
-    # DLL is installed to $(libdir)/../bin by postinstall_cmds
-    postinstall_cmds='base_file=`basename \${file}`~
-      dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i;echo \$dlname'\''`~
-      dldir=$destdir/`dirname \$dlpath`~
-      test -d \$dldir || mkdir -p \$dldir~
-      $install_prog $dir/$dlname \$dldir/$dlname~
-      chmod a+x \$dldir/$dlname'
-    postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
-      dlpath=$dir/\$dldll~
-       $rm \$dlpath'
-    shlibpath_overrides_runpath=yes
-
-    case $host_os in
-    cygwin*)
-      # Cygwin DLLs use 'cyg' prefix rather than 'lib'
-      soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
-      sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib"
-      ;;
-    mingw*)
-      # MinGW DLLs use traditional 'lib' prefix
-      soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
-      sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
-      if echo "$sys_lib_search_path_spec" | grep ';[c-zC-Z]:/' >/dev/null; then
-        # It is most probably a Windows format PATH printed by
-        # mingw gcc, but we are running on Cygwin. Gcc prints its search
-        # path with ; separators, and with drive letters. We can handle the
-        # drive letters (cygwin fileutils understands them), so leave them,
-        # especially as we might pass files found there to a mingw objdump,
-        # which wouldn't understand a cygwinified path. Ahh.
-        sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
-      else
-        sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED  -e "s/$PATH_SEPARATOR/ /g"`
-      fi
-      ;;
-    pw32*)
-      # pw32 DLLs use 'pw' prefix rather than 'lib'
-      library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
-      ;;
-    esac
-    ;;
-
-  *)
-    library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib'
-    ;;
-  esac
-  dynamic_linker='Win32 ld.exe'
-  # FIXME: first we should search . and the directory the executable is in
-  shlibpath_var=PATH
-  ;;
-
-darwin* | rhapsody*)
-  dynamic_linker="$host_os dyld"
-  version_type=darwin
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext ${libname}${release}${versuffix}$shared_ext'
-  soname_spec='${libname}${release}${major}$shared_ext'
-  shlibpath_overrides_runpath=yes
-  shlibpath_var=DYLD_LIBRARY_PATH
-  shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
-  # Apple's gcc prints 'gcc -print-search-dirs' doesn't operate the same.
-  if test "$GCC" = yes; then
-    sys_lib_search_path_spec=`$CC -print-search-dirs | tr "\n" "$PATH_SEPARATOR" | sed -e 's/libraries:/@libraries:/' | tr "@" "\n" | grep "^libraries:" | sed -e "s/^libraries://" -e "s,=/,/,g" -e "s,$PATH_SEPARATOR, ,g" -e "s,.*,& /lib /usr/lib /usr/local/lib,g"`
-  else
-    sys_lib_search_path_spec='/lib /usr/lib /usr/local/lib'
-  fi
-  sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
-  ;;
-
-dgux*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-freebsd1*)
-  dynamic_linker=no
-  ;;
-
-kfreebsd*-gnu)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  hardcode_into_libs=yes
-  dynamic_linker='GNU ld.so'
-  ;;
-
-freebsd* | dragonfly*)
-  # DragonFly does not have aout.  When/if they implement a new
-  # versioning mechanism, adjust this.
-  if test -x /usr/bin/objformat; then
-    objformat=`/usr/bin/objformat`
-  else
-    case $host_os in
-    freebsd[123]*) objformat=aout ;;
-    *) objformat=elf ;;
-    esac
-  fi
-  version_type=freebsd-$objformat
-  case $version_type in
-    freebsd-elf*)
-      library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
-      need_version=no
-      need_lib_prefix=no
-      ;;
-    freebsd-*)
-      library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix'
-      need_version=yes
-      ;;
-  esac
-  shlibpath_var=LD_LIBRARY_PATH
-  case $host_os in
-  freebsd2*)
-    shlibpath_overrides_runpath=yes
-    ;;
-  freebsd3.[01]* | freebsdelf3.[01]*)
-    shlibpath_overrides_runpath=yes
-    hardcode_into_libs=yes
-    ;;
-  freebsd3.[2-9]* | freebsdelf3.[2-9]* | \
-  freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1)
-    shlibpath_overrides_runpath=no
-    hardcode_into_libs=yes
-    ;;
-  freebsd*) # from 4.6 on
-    shlibpath_overrides_runpath=yes
-    hardcode_into_libs=yes
-    ;;
-  esac
-  ;;
-
-gnu*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  hardcode_into_libs=yes
-  ;;
-
-hpux9* | hpux10* | hpux11*)
-  # Give a soname corresponding to the major version so that dld.sl refuses to
-  # link against other versions.
-  version_type=sunos
-  need_lib_prefix=no
-  need_version=no
-  case $host_cpu in
-  ia64*)
-    shrext_cmds='.so'
-    hardcode_into_libs=yes
-    dynamic_linker="$host_os dld.so"
-    shlibpath_var=LD_LIBRARY_PATH
-    shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
-    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-    soname_spec='${libname}${release}${shared_ext}$major'
-    if test "X$HPUX_IA64_MODE" = X32; then
-      sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
-    else
-      sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
-    fi
-    sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
-    ;;
-   hppa*64*)
-     shrext_cmds='.sl'
-     hardcode_into_libs=yes
-     dynamic_linker="$host_os dld.sl"
-     shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
-     shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
-     library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-     soname_spec='${libname}${release}${shared_ext}$major'
-     sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
-     sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
-     ;;
-   *)
-    shrext_cmds='.sl'
-    dynamic_linker="$host_os dld.sl"
-    shlibpath_var=SHLIB_PATH
-    shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
-    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-    soname_spec='${libname}${release}${shared_ext}$major'
-    ;;
-  esac
-  # HP-UX runs *really* slowly unless shared libraries are mode 555.
-  postinstall_cmds='chmod 555 $lib'
-  ;;
-
-interix3*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  hardcode_into_libs=yes
-  ;;
-
-irix5* | irix6* | nonstopux*)
-  case $host_os in
-    nonstopux*) version_type=nonstopux ;;
-    *)
-	if test "$lt_cv_prog_gnu_ld" = yes; then
-		version_type=linux
-	else
-		version_type=irix
-	fi ;;
-  esac
-  need_lib_prefix=no
-  need_version=no
-  soname_spec='${libname}${release}${shared_ext}$major'
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}'
-  case $host_os in
-  irix5* | nonstopux*)
-    libsuff= shlibsuff=
-    ;;
-  *)
-    case $LD in # libtool.m4 will add one of these switches to LD
-    *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
-      libsuff= shlibsuff= libmagic=32-bit;;
-    *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
-      libsuff=32 shlibsuff=N32 libmagic=N32;;
-    *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
-      libsuff=64 shlibsuff=64 libmagic=64-bit;;
-    *) libsuff= shlibsuff= libmagic=never-match;;
-    esac
-    ;;
-  esac
-  shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
-  shlibpath_overrides_runpath=no
-  sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
-  sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
-  hardcode_into_libs=yes
-  ;;
-
-# No shared lib support for Linux oldld, aout, or coff.
-linux*oldld* | linux*aout* | linux*coff*)
-  dynamic_linker=no
-  ;;
-
-# This must be Linux ELF.
-linux*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  # This implies no fast_install, which is unacceptable.
-  # Some rework will be needed to allow for fast_install
-  # before this can be enabled.
-  hardcode_into_libs=yes
-
-  # Append ld.so.conf contents to the search path
-  if test -f /etc/ld.so.conf; then
-    lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
-    sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
-  fi
-
-  # We used to test for /lib/ld.so.1 and disable shared libraries on
-  # powerpc, because MkLinux only supported shared libraries with the
-  # GNU dynamic linker.  Since this was broken with cross compilers,
-  # most powerpc-linux boxes support dynamic linking these days and
-  # people can always --disable-shared, the test was removed, and we
-  # assume the GNU/Linux dynamic linker is in use.
-  dynamic_linker='GNU/Linux ld.so'
-  ;;
-
-knetbsd*-gnu)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  hardcode_into_libs=yes
-  dynamic_linker='GNU ld.so'
-  ;;
-
-netbsd*)
-  version_type=sunos
-  need_lib_prefix=no
-  need_version=no
-  if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
-    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
-    finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
-    dynamic_linker='NetBSD (a.out) ld.so'
-  else
-    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
-    soname_spec='${libname}${release}${shared_ext}$major'
-    dynamic_linker='NetBSD ld.elf_so'
-  fi
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  hardcode_into_libs=yes
-  ;;
-
-newsos6)
-  version_type=linux
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  ;;
-
-nto-qnx*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  ;;
-
-openbsd*)
-  version_type=sunos
-  sys_lib_dlsearch_path_spec="/usr/lib"
-  need_lib_prefix=no
-  # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs.
-  case $host_os in
-    openbsd3.3 | openbsd3.3.*) need_version=yes ;;
-    *)                         need_version=no  ;;
-  esac
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
-    case $host_os in
-      openbsd2.[89] | openbsd2.[89].*)
-	shlibpath_overrides_runpath=no
-	;;
-      *)
-	shlibpath_overrides_runpath=yes
-	;;
-      esac
-  else
-    shlibpath_overrides_runpath=yes
-  fi
-  ;;
-
-os2*)
-  libname_spec='$name'
-  shrext_cmds=".dll"
-  need_lib_prefix=no
-  library_names_spec='$libname${shared_ext} $libname.a'
-  dynamic_linker='OS/2 ld.exe'
-  shlibpath_var=LIBPATH
-  ;;
-
-osf3* | osf4* | osf5*)
-  version_type=osf
-  need_lib_prefix=no
-  need_version=no
-  soname_spec='${libname}${release}${shared_ext}$major'
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-  shlibpath_var=LD_LIBRARY_PATH
-  sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
-  sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
-  ;;
-
-solaris*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  hardcode_into_libs=yes
-  # ldd complains unless libraries are executable
-  postinstall_cmds='chmod +x $lib'
-  ;;
-
-sunos4*)
-  version_type=sunos
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
-  finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  if test "$with_gnu_ld" = yes; then
-    need_lib_prefix=no
-  fi
-  need_version=yes
-  ;;
-
-sysv4 | sysv4.3*)
-  version_type=linux
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  case $host_vendor in
-    sni)
-      shlibpath_overrides_runpath=no
-      need_lib_prefix=no
-      export_dynamic_flag_spec='${wl}-Blargedynsym'
-      runpath_var=LD_RUN_PATH
-      ;;
-    siemens)
-      need_lib_prefix=no
-      ;;
-    motorola)
-      need_lib_prefix=no
-      need_version=no
-      shlibpath_overrides_runpath=no
-      sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
-      ;;
-  esac
-  ;;
-
-sysv4*MP*)
-  if test -d /usr/nec ;then
-    version_type=linux
-    library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
-    soname_spec='$libname${shared_ext}.$major'
-    shlibpath_var=LD_LIBRARY_PATH
-  fi
-  ;;
-
-sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
-  version_type=freebsd-elf
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  hardcode_into_libs=yes
-  if test "$with_gnu_ld" = yes; then
-    sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
-    shlibpath_overrides_runpath=no
-  else
-    sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
-    shlibpath_overrides_runpath=yes
-    case $host_os in
-      sco3.2v5*)
-        sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
-	;;
-    esac
-  fi
-  sys_lib_dlsearch_path_spec='/usr/lib'
-  ;;
-
-uts4*)
-  version_type=linux
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-*)
-  dynamic_linker=no
-  ;;
-esac
-{ echo "$as_me:$LINENO: result: $dynamic_linker" >&5
-echo "${ECHO_T}$dynamic_linker" >&6; }
-test "$dynamic_linker" = no && can_build_shared=no
-
-variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
-if test "$GCC" = yes; then
-  variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
-fi
-
-{ echo "$as_me:$LINENO: checking how to hardcode library paths into programs" >&5
-echo $ECHO_N "checking how to hardcode library paths into programs... $ECHO_C" >&6; }
-hardcode_action_CXX=
-if test -n "$hardcode_libdir_flag_spec_CXX" || \
-   test -n "$runpath_var_CXX" || \
-   test "X$hardcode_automatic_CXX" = "Xyes" ; then
-
-  # We can hardcode non-existant directories.
-  if test "$hardcode_direct_CXX" != no &&
-     # If the only mechanism to avoid hardcoding is shlibpath_var, we
-     # have to relink, otherwise we might link with an installed library
-     # when we should be linking with a yet-to-be-installed one
-     ## test "$_LT_AC_TAGVAR(hardcode_shlibpath_var, CXX)" != no &&
-     test "$hardcode_minus_L_CXX" != no; then
-    # Linking always hardcodes the temporary library directory.
-    hardcode_action_CXX=relink
-  else
-    # We can link without hardcoding, and we can hardcode nonexisting dirs.
-    hardcode_action_CXX=immediate
-  fi
-else
-  # We cannot hardcode anything, or else we can only hardcode existing
-  # directories.
-  hardcode_action_CXX=unsupported
-fi
-{ echo "$as_me:$LINENO: result: $hardcode_action_CXX" >&5
-echo "${ECHO_T}$hardcode_action_CXX" >&6; }
-
-if test "$hardcode_action_CXX" = relink; then
-  # Fast installation is not supported
-  enable_fast_install=no
-elif test "$shlibpath_overrides_runpath" = yes ||
-     test "$enable_shared" = no; then
-  # Fast installation is not necessary
-  enable_fast_install=needless
-fi
-
-
-# The else clause should only fire when bootstrapping the
-# libtool distribution, otherwise you forgot to ship ltmain.sh
-# with your package, and you will get complaints that there are
-# no rules to generate ltmain.sh.
-if test -f "$ltmain"; then
-  # See if we are running on zsh, and set the options which allow our commands through
-  # without removal of \ escapes.
-  if test -n "${ZSH_VERSION+set}" ; then
-    setopt NO_GLOB_SUBST
-  fi
-  # Now quote all the things that may contain metacharacters while being
-  # careful not to overquote the AC_SUBSTed values.  We take copies of the
-  # variables and quote the copies for generation of the libtool script.
-  for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC LTCFLAGS NM \
-    SED SHELL STRIP \
-    libname_spec library_names_spec soname_spec extract_expsyms_cmds \
-    old_striplib striplib file_magic_cmd finish_cmds finish_eval \
-    deplibs_check_method reload_flag reload_cmds need_locks \
-    lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl \
-    lt_cv_sys_global_symbol_to_c_name_address \
-    sys_lib_search_path_spec sys_lib_dlsearch_path_spec \
-    old_postinstall_cmds old_postuninstall_cmds \
-    compiler_CXX \
-    CC_CXX \
-    LD_CXX \
-    lt_prog_compiler_wl_CXX \
-    lt_prog_compiler_pic_CXX \
-    lt_prog_compiler_static_CXX \
-    lt_prog_compiler_no_builtin_flag_CXX \
-    export_dynamic_flag_spec_CXX \
-    thread_safe_flag_spec_CXX \
-    whole_archive_flag_spec_CXX \
-    enable_shared_with_static_runtimes_CXX \
-    old_archive_cmds_CXX \
-    old_archive_from_new_cmds_CXX \
-    predep_objects_CXX \
-    postdep_objects_CXX \
-    predeps_CXX \
-    postdeps_CXX \
-    compiler_lib_search_path_CXX \
-    archive_cmds_CXX \
-    archive_expsym_cmds_CXX \
-    postinstall_cmds_CXX \
-    postuninstall_cmds_CXX \
-    old_archive_from_expsyms_cmds_CXX \
-    allow_undefined_flag_CXX \
-    no_undefined_flag_CXX \
-    export_symbols_cmds_CXX \
-    hardcode_libdir_flag_spec_CXX \
-    hardcode_libdir_flag_spec_ld_CXX \
-    hardcode_libdir_separator_CXX \
-    hardcode_automatic_CXX \
-    module_cmds_CXX \
-    module_expsym_cmds_CXX \
-    lt_cv_prog_compiler_c_o_CXX \
-    exclude_expsyms_CXX \
-    include_expsyms_CXX; do
-
-    case $var in
-    old_archive_cmds_CXX | \
-    old_archive_from_new_cmds_CXX | \
-    archive_cmds_CXX | \
-    archive_expsym_cmds_CXX | \
-    module_cmds_CXX | \
-    module_expsym_cmds_CXX | \
-    old_archive_from_expsyms_cmds_CXX | \
-    export_symbols_cmds_CXX | \
-    extract_expsyms_cmds | reload_cmds | finish_cmds | \
-    postinstall_cmds | postuninstall_cmds | \
-    old_postinstall_cmds | old_postuninstall_cmds | \
-    sys_lib_search_path_spec | sys_lib_dlsearch_path_spec)
-      # Double-quote double-evaled strings.
-      eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\""
-      ;;
-    *)
-      eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\""
-      ;;
-    esac
-  done
-
-  case $lt_echo in
-  *'\$0 --fallback-echo"')
-    lt_echo=`$echo "X$lt_echo" | $Xsed -e 's/\\\\\\\$0 --fallback-echo"$/$0 --fallback-echo"/'`
-    ;;
-  esac
-
-cfgfile="$ofile"
-
-  cat <<__EOF__ >> "$cfgfile"
-# ### BEGIN LIBTOOL TAG CONFIG: $tagname
-
-# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
-
-# Shell to use when invoking shell scripts.
-SHELL=$lt_SHELL
-
-# Whether or not to build shared libraries.
-build_libtool_libs=$enable_shared
-
-# Whether or not to build static libraries.
-build_old_libs=$enable_static
-
-# Whether or not to add -lc for building shared libraries.
-build_libtool_need_lc=$archive_cmds_need_lc_CXX
-
-# Whether or not to disallow shared libs when runtime libs are static
-allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes_CXX
-
-# Whether or not to optimize for fast installation.
-fast_install=$enable_fast_install
-
-# The host system.
-host_alias=$host_alias
-host=$host
-host_os=$host_os
-
-# The build system.
-build_alias=$build_alias
-build=$build
-build_os=$build_os
-
-# An echo program that does not interpret backslashes.
-echo=$lt_echo
-
-# The archiver.
-AR=$lt_AR
-AR_FLAGS=$lt_AR_FLAGS
-
-# A C compiler.
-LTCC=$lt_LTCC
-
-# LTCC compiler flags.
-LTCFLAGS=$lt_LTCFLAGS
-
-# A language-specific compiler.
-CC=$lt_compiler_CXX
-
-# Is the compiler the GNU C compiler?
-with_gcc=$GCC_CXX
-
-# An ERE matcher.
-EGREP=$lt_EGREP
-
-# The linker used to build libraries.
-LD=$lt_LD_CXX
-
-# Whether we need hard or soft links.
-LN_S=$lt_LN_S
-
-# A BSD-compatible nm program.
-NM=$lt_NM
-
-# A symbol stripping program
-STRIP=$lt_STRIP
-
-# Used to examine libraries when file_magic_cmd begins "file"
-MAGIC_CMD=$MAGIC_CMD
-
-# Used on cygwin: DLL creation program.
-DLLTOOL="$DLLTOOL"
-
-# Used on cygwin: object dumper.
-OBJDUMP="$OBJDUMP"
-
-# Used on cygwin: assembler.
-AS="$AS"
-
-# The name of the directory that contains temporary libtool files.
-objdir=$objdir
-
-# How to create reloadable object files.
-reload_flag=$lt_reload_flag
-reload_cmds=$lt_reload_cmds
-
-# How to pass a linker flag through the compiler.
-wl=$lt_lt_prog_compiler_wl_CXX
-
-# Object file suffix (normally "o").
-objext="$ac_objext"
-
-# Old archive suffix (normally "a").
-libext="$libext"
-
-# Shared library suffix (normally ".so").
-shrext_cmds='$shrext_cmds'
-
-# Executable file suffix (normally "").
-exeext="$exeext"
-
-# Additional compiler flags for building library objects.
-pic_flag=$lt_lt_prog_compiler_pic_CXX
-pic_mode=$pic_mode
-
-# What is the maximum length of a command?
-max_cmd_len=$lt_cv_sys_max_cmd_len
-
-# Does compiler simultaneously support -c and -o options?
-compiler_c_o=$lt_lt_cv_prog_compiler_c_o_CXX
-
-# Must we lock files when doing compilation?
-need_locks=$lt_need_locks
-
-# Do we need the lib prefix for modules?
-need_lib_prefix=$need_lib_prefix
-
-# Do we need a version for libraries?
-need_version=$need_version
-
-# Whether dlopen is supported.
-dlopen_support=$enable_dlopen
-
-# Whether dlopen of programs is supported.
-dlopen_self=$enable_dlopen_self
-
-# Whether dlopen of statically linked programs is supported.
-dlopen_self_static=$enable_dlopen_self_static
-
-# Compiler flag to prevent dynamic linking.
-link_static_flag=$lt_lt_prog_compiler_static_CXX
-
-# Compiler flag to turn off builtin functions.
-no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag_CXX
-
-# Compiler flag to allow reflexive dlopens.
-export_dynamic_flag_spec=$lt_export_dynamic_flag_spec_CXX
-
-# Compiler flag to generate shared objects directly from archives.
-whole_archive_flag_spec=$lt_whole_archive_flag_spec_CXX
-
-# Compiler flag to generate thread-safe objects.
-thread_safe_flag_spec=$lt_thread_safe_flag_spec_CXX
-
-# Library versioning type.
-version_type=$version_type
-
-# Format of library name prefix.
-libname_spec=$lt_libname_spec
-
-# List of archive names.  First name is the real one, the rest are links.
-# The last name is the one that the linker finds with -lNAME.
-library_names_spec=$lt_library_names_spec
-
-# The coded name of the library, if different from the real name.
-soname_spec=$lt_soname_spec
-
-# Commands used to build and install an old-style archive.
-RANLIB=$lt_RANLIB
-old_archive_cmds=$lt_old_archive_cmds_CXX
-old_postinstall_cmds=$lt_old_postinstall_cmds
-old_postuninstall_cmds=$lt_old_postuninstall_cmds
-
-# Create an old-style archive from a shared archive.
-old_archive_from_new_cmds=$lt_old_archive_from_new_cmds_CXX
-
-# Create a temporary old-style archive to link instead of a shared archive.
-old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds_CXX
-
-# Commands used to build and install a shared archive.
-archive_cmds=$lt_archive_cmds_CXX
-archive_expsym_cmds=$lt_archive_expsym_cmds_CXX
-postinstall_cmds=$lt_postinstall_cmds
-postuninstall_cmds=$lt_postuninstall_cmds
-
-# Commands used to build a loadable module (assumed same as above if empty)
-module_cmds=$lt_module_cmds_CXX
-module_expsym_cmds=$lt_module_expsym_cmds_CXX
-
-# Commands to strip libraries.
-old_striplib=$lt_old_striplib
-striplib=$lt_striplib
-
-# Dependencies to place before the objects being linked to create a
-# shared library.
-predep_objects=$lt_predep_objects_CXX
-
-# Dependencies to place after the objects being linked to create a
-# shared library.
-postdep_objects=$lt_postdep_objects_CXX
-
-# Dependencies to place before the objects being linked to create a
-# shared library.
-predeps=$lt_predeps_CXX
-
-# Dependencies to place after the objects being linked to create a
-# shared library.
-postdeps=$lt_postdeps_CXX
-
-# The library search path used internally by the compiler when linking
-# a shared library.
-compiler_lib_search_path=$lt_compiler_lib_search_path_CXX
-
-# Method to check whether dependent libraries are shared objects.
-deplibs_check_method=$lt_deplibs_check_method
-
-# Command to use when deplibs_check_method == file_magic.
-file_magic_cmd=$lt_file_magic_cmd
-
-# Flag that allows shared libraries with undefined symbols to be built.
-allow_undefined_flag=$lt_allow_undefined_flag_CXX
-
-# Flag that forces no undefined symbols.
-no_undefined_flag=$lt_no_undefined_flag_CXX
-
-# Commands used to finish a libtool library installation in a directory.
-finish_cmds=$lt_finish_cmds
-
-# Same as above, but a single script fragment to be evaled but not shown.
-finish_eval=$lt_finish_eval
-
-# Take the output of nm and produce a listing of raw symbols and C names.
-global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe
-
-# Transform the output of nm in a proper C declaration
-global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl
-
-# Transform the output of nm in a C name address pair
-global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address
-
-# This is the shared library runtime path variable.
-runpath_var=$runpath_var
-
-# This is the shared library path variable.
-shlibpath_var=$shlibpath_var
-
-# Is shlibpath searched before the hard-coded library search path?
-shlibpath_overrides_runpath=$shlibpath_overrides_runpath
-
-# How to hardcode a shared library path into an executable.
-hardcode_action=$hardcode_action_CXX
-
-# Whether we should hardcode library paths into libraries.
-hardcode_into_libs=$hardcode_into_libs
-
-# Flag to hardcode \$libdir into a binary during linking.
-# This must work even if \$libdir does not exist.
-hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec_CXX
-
-# If ld is used when linking, flag to hardcode \$libdir into
-# a binary during linking. This must work even if \$libdir does
-# not exist.
-hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld_CXX
-
-# Whether we need a single -rpath flag with a separated argument.
-hardcode_libdir_separator=$lt_hardcode_libdir_separator_CXX
-
-# Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the
-# resulting binary.
-hardcode_direct=$hardcode_direct_CXX
-
-# Set to yes if using the -LDIR flag during linking hardcodes DIR into the
-# resulting binary.
-hardcode_minus_L=$hardcode_minus_L_CXX
-
-# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into
-# the resulting binary.
-hardcode_shlibpath_var=$hardcode_shlibpath_var_CXX
-
-# Set to yes if building a shared library automatically hardcodes DIR into the library
-# and all subsequent libraries and executables linked against it.
-hardcode_automatic=$hardcode_automatic_CXX
-
-# Variables whose values should be saved in libtool wrapper scripts and
-# restored at relink time.
-variables_saved_for_relink="$variables_saved_for_relink"
-
-# Whether libtool must link a program against all its dependency libraries.
-link_all_deplibs=$link_all_deplibs_CXX
-
-# Compile-time system search path for libraries
-sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
-
-# Run-time system search path for libraries
-sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
-
-# Fix the shell variable \$srcfile for the compiler.
-fix_srcfile_path="$fix_srcfile_path_CXX"
-
-# Set to yes if exported symbols are required.
-always_export_symbols=$always_export_symbols_CXX
-
-# The commands to list exported symbols.
-export_symbols_cmds=$lt_export_symbols_cmds_CXX
-
-# The commands to extract the exported symbol list from a shared archive.
-extract_expsyms_cmds=$lt_extract_expsyms_cmds
-
-# Symbols that should not be listed in the preloaded symbols.
-exclude_expsyms=$lt_exclude_expsyms_CXX
-
-# Symbols that must always be exported.
-include_expsyms=$lt_include_expsyms_CXX
-
-# ### END LIBTOOL TAG CONFIG: $tagname
-
-__EOF__
-
-
-else
-  # If there is no Makefile yet, we rely on a make rule to execute
-  # `config.status --recheck' to rerun these tests and create the
-  # libtool script then.
-  ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'`
-  if test -f "$ltmain_in"; then
-    test -f Makefile && make "$ltmain"
-  fi
-fi
-
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-CC=$lt_save_CC
-LDCXX=$LD
-LD=$lt_save_LD
-GCC=$lt_save_GCC
-with_gnu_ldcxx=$with_gnu_ld
-with_gnu_ld=$lt_save_with_gnu_ld
-lt_cv_path_LDCXX=$lt_cv_path_LD
-lt_cv_path_LD=$lt_save_path_LD
-lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld
-lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld
-
-	else
-	  tagname=""
-	fi
-	;;
-
-      F77)
-	if test -n "$F77" && test "X$F77" != "Xno"; then
-
-ac_ext=f
-ac_compile='$F77 -c $FFLAGS conftest.$ac_ext >&5'
-ac_link='$F77 -o conftest$ac_exeext $FFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_f77_compiler_gnu
-
-
-archive_cmds_need_lc_F77=no
-allow_undefined_flag_F77=
-always_export_symbols_F77=no
-archive_expsym_cmds_F77=
-export_dynamic_flag_spec_F77=
-hardcode_direct_F77=no
-hardcode_libdir_flag_spec_F77=
-hardcode_libdir_flag_spec_ld_F77=
-hardcode_libdir_separator_F77=
-hardcode_minus_L_F77=no
-hardcode_automatic_F77=no
-module_cmds_F77=
-module_expsym_cmds_F77=
-link_all_deplibs_F77=unknown
-old_archive_cmds_F77=$old_archive_cmds
-no_undefined_flag_F77=
-whole_archive_flag_spec_F77=
-enable_shared_with_static_runtimes_F77=no
-
-# Source file extension for f77 test sources.
-ac_ext=f
-
-# Object file extension for compiled f77 test sources.
-objext=o
-objext_F77=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code="      subroutine t\n      return\n      end\n"
-
-# Code to be used in simple link tests
-lt_simple_link_test_code="      program t\n      end\n"
-
-# ltmain only uses $CC for tagged configurations so make sure $CC is set.
-
-# If no C compiler was specified, use CC.
-LTCC=${LTCC-"$CC"}
-
-# If no C compiler flags were specified, use CFLAGS.
-LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
-
-# Allow CC to be a program name with arguments.
-compiler=$CC
-
-
-# save warnings/boilerplate of simple test code
-ac_outfile=conftest.$ac_objext
-printf "$lt_simple_compile_test_code" >conftest.$ac_ext
-eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_compiler_boilerplate=`cat conftest.err`
-$rm conftest*
-
-ac_outfile=conftest.$ac_objext
-printf "$lt_simple_link_test_code" >conftest.$ac_ext
-eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_linker_boilerplate=`cat conftest.err`
-$rm conftest*
-
-
-# Allow CC to be a program name with arguments.
-lt_save_CC="$CC"
-CC=${F77-"f77"}
-compiler=$CC
-compiler_F77=$CC
-for cc_temp in $compiler""; do
-  case $cc_temp in
-    compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
-    distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
-    \-*) ;;
-    *) break;;
-  esac
-done
-cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
-
-
-{ echo "$as_me:$LINENO: checking if libtool supports shared libraries" >&5
-echo $ECHO_N "checking if libtool supports shared libraries... $ECHO_C" >&6; }
-{ echo "$as_me:$LINENO: result: $can_build_shared" >&5
-echo "${ECHO_T}$can_build_shared" >&6; }
-
-{ echo "$as_me:$LINENO: checking whether to build shared libraries" >&5
-echo $ECHO_N "checking whether to build shared libraries... $ECHO_C" >&6; }
-test "$can_build_shared" = "no" && enable_shared=no
-
-# On AIX, shared libraries and static libraries use the same namespace, and
-# are all built from PIC.
-case $host_os in
-aix3*)
-  test "$enable_shared" = yes && enable_static=no
-  if test -n "$RANLIB"; then
-    archive_cmds="$archive_cmds~\$RANLIB \$lib"
-    postinstall_cmds='$RANLIB $lib'
-  fi
-  ;;
-aix4* | aix5*)
-  if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
-    test "$enable_shared" = yes && enable_static=no
-  fi
-  ;;
-esac
-{ echo "$as_me:$LINENO: result: $enable_shared" >&5
-echo "${ECHO_T}$enable_shared" >&6; }
-
-{ echo "$as_me:$LINENO: checking whether to build static libraries" >&5
-echo $ECHO_N "checking whether to build static libraries... $ECHO_C" >&6; }
-# Make sure either enable_shared or enable_static is yes.
-test "$enable_shared" = yes || enable_static=yes
-{ echo "$as_me:$LINENO: result: $enable_static" >&5
-echo "${ECHO_T}$enable_static" >&6; }
-
-GCC_F77="$G77"
-LD_F77="$LD"
-
-lt_prog_compiler_wl_F77=
-lt_prog_compiler_pic_F77=
-lt_prog_compiler_static_F77=
-
-{ echo "$as_me:$LINENO: checking for $compiler option to produce PIC" >&5
-echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6; }
-
-  if test "$GCC" = yes; then
-    lt_prog_compiler_wl_F77='-Wl,'
-    lt_prog_compiler_static_F77='-static'
-
-    case $host_os in
-      aix*)
-      # All AIX code is PIC.
-      if test "$host_cpu" = ia64; then
-	# AIX 5 now supports IA64 processor
-	lt_prog_compiler_static_F77='-Bstatic'
-      fi
-      ;;
-
-    amigaos*)
-      # FIXME: we need at least 68020 code to build shared libraries, but
-      # adding the `-m68020' flag to GCC prevents building anything better,
-      # like `-m68040'.
-      lt_prog_compiler_pic_F77='-m68020 -resident32 -malways-restore-a4'
-      ;;
-
-    beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
-      # PIC is the default for these OSes.
-      ;;
-
-    mingw* | pw32* | os2*)
-      # This hack is so that the source file can tell whether it is being
-      # built for inclusion in a dll (and should export symbols for example).
-      lt_prog_compiler_pic_F77='-DDLL_EXPORT'
-      ;;
-
-    darwin* | rhapsody*)
-      # PIC is the default on this platform
-      # Common symbols not allowed in MH_DYLIB files
-      lt_prog_compiler_pic_F77='-fno-common'
-      ;;
-
-    interix3*)
-      # Interix 3.x gcc -fpic/-fPIC options generate broken code.
-      # Instead, we relocate shared libraries at runtime.
-      ;;
-
-    msdosdjgpp*)
-      # Just because we use GCC doesn't mean we suddenly get shared libraries
-      # on systems that don't support them.
-      lt_prog_compiler_can_build_shared_F77=no
-      enable_shared=no
-      ;;
-
-    sysv4*MP*)
-      if test -d /usr/nec; then
-	lt_prog_compiler_pic_F77=-Kconform_pic
-      fi
-      ;;
-
-    hpux*)
-      # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
-      # not for PA HP-UX.
-      case $host_cpu in
-      hppa*64*|ia64*)
-	# +Z the default
-	;;
-      *)
-	lt_prog_compiler_pic_F77='-fPIC'
-	;;
-      esac
-      ;;
-
-    *)
-      lt_prog_compiler_pic_F77='-fPIC'
-      ;;
-    esac
-  else
-    # PORTME Check for flag to pass linker flags through the system compiler.
-    case $host_os in
-    aix*)
-      lt_prog_compiler_wl_F77='-Wl,'
-      if test "$host_cpu" = ia64; then
-	# AIX 5 now supports IA64 processor
-	lt_prog_compiler_static_F77='-Bstatic'
-      else
-	lt_prog_compiler_static_F77='-bnso -bI:/lib/syscalls.exp'
-      fi
-      ;;
-      darwin*)
-        # PIC is the default on this platform
-        # Common symbols not allowed in MH_DYLIB files
-       case $cc_basename in
-         xlc*)
-         lt_prog_compiler_pic_F77='-qnocommon'
-         lt_prog_compiler_wl_F77='-Wl,'
-         ;;
-       esac
-       ;;
-
-    mingw* | pw32* | os2*)
-      # This hack is so that the source file can tell whether it is being
-      # built for inclusion in a dll (and should export symbols for example).
-      lt_prog_compiler_pic_F77='-DDLL_EXPORT'
-      ;;
-
-    hpux9* | hpux10* | hpux11*)
-      lt_prog_compiler_wl_F77='-Wl,'
-      # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
-      # not for PA HP-UX.
-      case $host_cpu in
-      hppa*64*|ia64*)
-	# +Z the default
-	;;
-      *)
-	lt_prog_compiler_pic_F77='+Z'
-	;;
-      esac
-      # Is there a better lt_prog_compiler_static that works with the bundled CC?
-      lt_prog_compiler_static_F77='${wl}-a ${wl}archive'
-      ;;
-
-    irix5* | irix6* | nonstopux*)
-      lt_prog_compiler_wl_F77='-Wl,'
-      # PIC (with -KPIC) is the default.
-      lt_prog_compiler_static_F77='-non_shared'
-      ;;
-
-    newsos6)
-      lt_prog_compiler_pic_F77='-KPIC'
-      lt_prog_compiler_static_F77='-Bstatic'
-      ;;
-
-    linux*)
-      case $cc_basename in
-      icc* | ecc*)
-	lt_prog_compiler_wl_F77='-Wl,'
-	lt_prog_compiler_pic_F77='-KPIC'
-	lt_prog_compiler_static_F77='-static'
-        ;;
-      pgcc* | pgf77* | pgf90* | pgf95*)
-        # Portland Group compilers (*not* the Pentium gcc compiler,
-	# which looks to be a dead project)
-	lt_prog_compiler_wl_F77='-Wl,'
-	lt_prog_compiler_pic_F77='-fpic'
-	lt_prog_compiler_static_F77='-Bstatic'
-        ;;
-      ccc*)
-        lt_prog_compiler_wl_F77='-Wl,'
-        # All Alpha code is PIC.
-        lt_prog_compiler_static_F77='-non_shared'
-        ;;
-      esac
-      ;;
-
-    osf3* | osf4* | osf5*)
-      lt_prog_compiler_wl_F77='-Wl,'
-      # All OSF/1 code is PIC.
-      lt_prog_compiler_static_F77='-non_shared'
-      ;;
-
-    solaris*)
-      lt_prog_compiler_pic_F77='-KPIC'
-      lt_prog_compiler_static_F77='-Bstatic'
-      case $cc_basename in
-      f77* | f90* | f95*)
-	lt_prog_compiler_wl_F77='-Qoption ld ';;
-      *)
-	lt_prog_compiler_wl_F77='-Wl,';;
-      esac
-      ;;
-
-    sunos4*)
-      lt_prog_compiler_wl_F77='-Qoption ld '
-      lt_prog_compiler_pic_F77='-PIC'
-      lt_prog_compiler_static_F77='-Bstatic'
-      ;;
-
-    sysv4 | sysv4.2uw2* | sysv4.3*)
-      lt_prog_compiler_wl_F77='-Wl,'
-      lt_prog_compiler_pic_F77='-KPIC'
-      lt_prog_compiler_static_F77='-Bstatic'
-      ;;
-
-    sysv4*MP*)
-      if test -d /usr/nec ;then
-	lt_prog_compiler_pic_F77='-Kconform_pic'
-	lt_prog_compiler_static_F77='-Bstatic'
-      fi
-      ;;
-
-    sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
-      lt_prog_compiler_wl_F77='-Wl,'
-      lt_prog_compiler_pic_F77='-KPIC'
-      lt_prog_compiler_static_F77='-Bstatic'
-      ;;
-
-    unicos*)
-      lt_prog_compiler_wl_F77='-Wl,'
-      lt_prog_compiler_can_build_shared_F77=no
-      ;;
-
-    uts4*)
-      lt_prog_compiler_pic_F77='-pic'
-      lt_prog_compiler_static_F77='-Bstatic'
-      ;;
-
-    *)
-      lt_prog_compiler_can_build_shared_F77=no
-      ;;
-    esac
-  fi
-
-{ echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_F77" >&5
-echo "${ECHO_T}$lt_prog_compiler_pic_F77" >&6; }
-
-#
-# Check to make sure the PIC flag actually works.
-#
-if test -n "$lt_prog_compiler_pic_F77"; then
-
-{ echo "$as_me:$LINENO: checking if $compiler PIC flag $lt_prog_compiler_pic_F77 works" >&5
-echo $ECHO_N "checking if $compiler PIC flag $lt_prog_compiler_pic_F77 works... $ECHO_C" >&6; }
-if test "${lt_prog_compiler_pic_works_F77+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  lt_prog_compiler_pic_works_F77=no
-  ac_outfile=conftest.$ac_objext
-   printf "$lt_simple_compile_test_code" > conftest.$ac_ext
-   lt_compiler_flag="$lt_prog_compiler_pic_F77"
-   # Insert the option either (1) after the last *FLAGS variable, or
-   # (2) before a word containing "conftest.", or (3) at the end.
-   # Note that $ac_compile itself does not contain backslashes and begins
-   # with a dollar sign (not a hyphen), so the echo should work correctly.
-   # The option is referenced via a variable to avoid confusing sed.
-   lt_compile=`echo "$ac_compile" | $SED \
-   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-   -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:14862: $lt_compile\"" >&5)
-   (eval "$lt_compile" 2>conftest.err)
-   ac_status=$?
-   cat conftest.err >&5
-   echo "$as_me:14866: \$? = $ac_status" >&5
-   if (exit $ac_status) && test -s "$ac_outfile"; then
-     # The compiler can only warn and ignore the option if not recognized
-     # So say no if there are warnings other than the usual output.
-     $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
-     $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
-     if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
-       lt_prog_compiler_pic_works_F77=yes
-     fi
-   fi
-   $rm conftest*
-
-fi
-{ echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_works_F77" >&5
-echo "${ECHO_T}$lt_prog_compiler_pic_works_F77" >&6; }
-
-if test x"$lt_prog_compiler_pic_works_F77" = xyes; then
-    case $lt_prog_compiler_pic_F77 in
-     "" | " "*) ;;
-     *) lt_prog_compiler_pic_F77=" $lt_prog_compiler_pic_F77" ;;
-     esac
-else
-    lt_prog_compiler_pic_F77=
-     lt_prog_compiler_can_build_shared_F77=no
-fi
-
-fi
-case $host_os in
-  # For platforms which do not support PIC, -DPIC is meaningless:
-  *djgpp*)
-    lt_prog_compiler_pic_F77=
-    ;;
-  *)
-    lt_prog_compiler_pic_F77="$lt_prog_compiler_pic_F77"
-    ;;
-esac
-
-#
-# Check to make sure the static flag actually works.
-#
-wl=$lt_prog_compiler_wl_F77 eval lt_tmp_static_flag=\"$lt_prog_compiler_static_F77\"
-{ echo "$as_me:$LINENO: checking if $compiler static flag $lt_tmp_static_flag works" >&5
-echo $ECHO_N "checking if $compiler static flag $lt_tmp_static_flag works... $ECHO_C" >&6; }
-if test "${lt_prog_compiler_static_works_F77+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  lt_prog_compiler_static_works_F77=no
-   save_LDFLAGS="$LDFLAGS"
-   LDFLAGS="$LDFLAGS $lt_tmp_static_flag"
-   printf "$lt_simple_link_test_code" > conftest.$ac_ext
-   if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
-     # The linker can only warn and ignore the option if not recognized
-     # So say no if there are warnings
-     if test -s conftest.err; then
-       # Append any errors to the config.log.
-       cat conftest.err 1>&5
-       $echo "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp
-       $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
-       if diff conftest.exp conftest.er2 >/dev/null; then
-         lt_prog_compiler_static_works_F77=yes
-       fi
-     else
-       lt_prog_compiler_static_works_F77=yes
-     fi
-   fi
-   $rm conftest*
-   LDFLAGS="$save_LDFLAGS"
-
-fi
-{ echo "$as_me:$LINENO: result: $lt_prog_compiler_static_works_F77" >&5
-echo "${ECHO_T}$lt_prog_compiler_static_works_F77" >&6; }
-
-if test x"$lt_prog_compiler_static_works_F77" = xyes; then
-    :
-else
-    lt_prog_compiler_static_F77=
-fi
-
-
-{ echo "$as_me:$LINENO: checking if $compiler supports -c -o file.$ac_objext" >&5
-echo $ECHO_N "checking if $compiler supports -c -o file.$ac_objext... $ECHO_C" >&6; }
-if test "${lt_cv_prog_compiler_c_o_F77+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  lt_cv_prog_compiler_c_o_F77=no
-   $rm -r conftest 2>/dev/null
-   mkdir conftest
-   cd conftest
-   mkdir out
-   printf "$lt_simple_compile_test_code" > conftest.$ac_ext
-
-   lt_compiler_flag="-o out/conftest2.$ac_objext"
-   # Insert the option either (1) after the last *FLAGS variable, or
-   # (2) before a word containing "conftest.", or (3) at the end.
-   # Note that $ac_compile itself does not contain backslashes and begins
-   # with a dollar sign (not a hyphen), so the echo should work correctly.
-   lt_compile=`echo "$ac_compile" | $SED \
-   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-   -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:14966: $lt_compile\"" >&5)
-   (eval "$lt_compile" 2>out/conftest.err)
-   ac_status=$?
-   cat out/conftest.err >&5
-   echo "$as_me:14970: \$? = $ac_status" >&5
-   if (exit $ac_status) && test -s out/conftest2.$ac_objext
-   then
-     # The compiler can only warn and ignore the option if not recognized
-     # So say no if there are warnings
-     $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
-     $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
-     if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
-       lt_cv_prog_compiler_c_o_F77=yes
-     fi
-   fi
-   chmod u+w . 2>&5
-   $rm conftest*
-   # SGI C++ compiler will create directory out/ii_files/ for
-   # template instantiation
-   test -d out/ii_files && $rm out/ii_files/* && rmdir out/ii_files
-   $rm out/* && rmdir out
-   cd ..
-   rmdir conftest
-   $rm conftest*
-
-fi
-{ echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_c_o_F77" >&5
-echo "${ECHO_T}$lt_cv_prog_compiler_c_o_F77" >&6; }
-
-
-hard_links="nottested"
-if test "$lt_cv_prog_compiler_c_o_F77" = no && test "$need_locks" != no; then
-  # do not overwrite the value of need_locks provided by the user
-  { echo "$as_me:$LINENO: checking if we can lock with hard links" >&5
-echo $ECHO_N "checking if we can lock with hard links... $ECHO_C" >&6; }
-  hard_links=yes
-  $rm conftest*
-  ln conftest.a conftest.b 2>/dev/null && hard_links=no
-  touch conftest.a
-  ln conftest.a conftest.b 2>&5 || hard_links=no
-  ln conftest.a conftest.b 2>/dev/null && hard_links=no
-  { echo "$as_me:$LINENO: result: $hard_links" >&5
-echo "${ECHO_T}$hard_links" >&6; }
-  if test "$hard_links" = no; then
-    { echo "$as_me:$LINENO: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5
-echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;}
-    need_locks=warn
-  fi
-else
-  need_locks=no
-fi
-
-{ echo "$as_me:$LINENO: checking whether the $compiler linker ($LD) supports shared libraries" >&5
-echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared libraries... $ECHO_C" >&6; }
-
-  runpath_var=
-  allow_undefined_flag_F77=
-  enable_shared_with_static_runtimes_F77=no
-  archive_cmds_F77=
-  archive_expsym_cmds_F77=
-  old_archive_From_new_cmds_F77=
-  old_archive_from_expsyms_cmds_F77=
-  export_dynamic_flag_spec_F77=
-  whole_archive_flag_spec_F77=
-  thread_safe_flag_spec_F77=
-  hardcode_libdir_flag_spec_F77=
-  hardcode_libdir_flag_spec_ld_F77=
-  hardcode_libdir_separator_F77=
-  hardcode_direct_F77=no
-  hardcode_minus_L_F77=no
-  hardcode_shlibpath_var_F77=unsupported
-  link_all_deplibs_F77=unknown
-  hardcode_automatic_F77=no
-  module_cmds_F77=
-  module_expsym_cmds_F77=
-  always_export_symbols_F77=no
-  export_symbols_cmds_F77='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
-  # include_expsyms should be a list of space-separated symbols to be *always*
-  # included in the symbol list
-  include_expsyms_F77=
-  # exclude_expsyms can be an extended regexp of symbols to exclude
-  # it will be wrapped by ` (' and `)$', so one must not match beginning or
-  # end of line.  Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc',
-  # as well as any symbol that contains `d'.
-  exclude_expsyms_F77="_GLOBAL_OFFSET_TABLE_"
-  # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
-  # platforms (ab)use it in PIC code, but their linkers get confused if
-  # the symbol is explicitly referenced.  Since portable code cannot
-  # rely on this symbol name, it's probably fine to never include it in
-  # preloaded symbol tables.
-  extract_expsyms_cmds=
-  # Just being paranoid about ensuring that cc_basename is set.
-  for cc_temp in $compiler""; do
-  case $cc_temp in
-    compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
-    distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
-    \-*) ;;
-    *) break;;
-  esac
-done
-cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
-
-  case $host_os in
-  cygwin* | mingw* | pw32*)
-    # FIXME: the MSVC++ port hasn't been tested in a loooong time
-    # When not using gcc, we currently assume that we are using
-    # Microsoft Visual C++.
-    if test "$GCC" != yes; then
-      with_gnu_ld=no
-    fi
-    ;;
-  interix*)
-    # we just hope/assume this is gcc and not c89 (= MSVC++)
-    with_gnu_ld=yes
-    ;;
-  openbsd*)
-    with_gnu_ld=no
-    ;;
-  esac
-
-  ld_shlibs_F77=yes
-  if test "$with_gnu_ld" = yes; then
-    # If archive_cmds runs LD, not CC, wlarc should be empty
-    wlarc='${wl}'
-
-    # Set some defaults for GNU ld with shared library support. These
-    # are reset later if shared libraries are not supported. Putting them
-    # here allows them to be overridden if necessary.
-    runpath_var=LD_RUN_PATH
-    hardcode_libdir_flag_spec_F77='${wl}--rpath ${wl}$libdir'
-    export_dynamic_flag_spec_F77='${wl}--export-dynamic'
-    # ancient GNU ld didn't support --whole-archive et. al.
-    if $LD --help 2>&1 | grep 'no-whole-archive' > /dev/null; then
-	whole_archive_flag_spec_F77="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
-      else
-  	whole_archive_flag_spec_F77=
-    fi
-    supports_anon_versioning=no
-    case `$LD -v 2>/dev/null` in
-      *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11
-      *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
-      *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
-      *\ 2.11.*) ;; # other 2.11 versions
-      *) supports_anon_versioning=yes ;;
-    esac
-
-    # See if GNU ld supports shared libraries.
-    case $host_os in
-    aix3* | aix4* | aix5*)
-      # On AIX/PPC, the GNU linker is very broken
-      if test "$host_cpu" != ia64; then
-	ld_shlibs_F77=no
-	cat <<EOF 1>&2
-
-*** Warning: the GNU linker, at least up to release 2.9.1, is reported
-*** to be unable to reliably create shared libraries on AIX.
-*** Therefore, libtool is disabling shared libraries support.  If you
-*** really care for shared libraries, you may want to modify your PATH
-*** so that a non-GNU linker is found, and then restart.
-
-EOF
-      fi
-      ;;
-
-    amigaos*)
-      archive_cmds_F77='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
-      hardcode_libdir_flag_spec_F77='-L$libdir'
-      hardcode_minus_L_F77=yes
-
-      # Samuel A. Falvo II <kc5tja@dolphin.openprojects.net> reports
-      # that the semantics of dynamic libraries on AmigaOS, at least up
-      # to version 4, is to share data among multiple programs linked
-      # with the same dynamic library.  Since this doesn't match the
-      # behavior of shared libraries on other platforms, we can't use
-      # them.
-      ld_shlibs_F77=no
-      ;;
-
-    beos*)
-      if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
-	allow_undefined_flag_F77=unsupported
-	# Joseph Beckenbach <jrb3@best.com> says some releases of gcc
-	# support --undefined.  This deserves some investigation.  FIXME
-	archive_cmds_F77='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
-      else
-	ld_shlibs_F77=no
-      fi
-      ;;
-
-    cygwin* | mingw* | pw32*)
-      # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, F77) is actually meaningless,
-      # as there is no search path for DLLs.
-      hardcode_libdir_flag_spec_F77='-L$libdir'
-      allow_undefined_flag_F77=unsupported
-      always_export_symbols_F77=no
-      enable_shared_with_static_runtimes_F77=yes
-      export_symbols_cmds_F77='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols'
-
-      if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
-        archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
-	# If the export-symbols file already is a .def file (1st line
-	# is EXPORTS), use it as is; otherwise, prepend...
-	archive_expsym_cmds_F77='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
-	  cp $export_symbols $output_objdir/$soname.def;
-	else
-	  echo EXPORTS > $output_objdir/$soname.def;
-	  cat $export_symbols >> $output_objdir/$soname.def;
-	fi~
-	$CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
-      else
-	ld_shlibs_F77=no
-      fi
-      ;;
-
-    interix3*)
-      hardcode_direct_F77=no
-      hardcode_shlibpath_var_F77=no
-      hardcode_libdir_flag_spec_F77='${wl}-rpath,$libdir'
-      export_dynamic_flag_spec_F77='${wl}-E'
-      # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
-      # Instead, shared libraries are loaded at an image base (0x10000000 by
-      # default) and relocated if they conflict, which is a slow very memory
-      # consuming and fragmenting process.  To avoid this, we pick a random,
-      # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
-      # time.  Moving up from 0x10000000 also allows more sbrk(2) space.
-      archive_cmds_F77='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-      archive_expsym_cmds_F77='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-      ;;
-
-    linux*)
-      if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
-	tmp_addflag=
-	case $cc_basename,$host_cpu in
-	pgcc*)				# Portland Group C compiler
-	  whole_archive_flag_spec_F77='${wl}--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
-	  tmp_addflag=' $pic_flag'
-	  ;;
-	pgf77* | pgf90* | pgf95*)	# Portland Group f77 and f90 compilers
-	  whole_archive_flag_spec_F77='${wl}--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
-	  tmp_addflag=' $pic_flag -Mnomain' ;;
-	ecc*,ia64* | icc*,ia64*)		# Intel C compiler on ia64
-	  tmp_addflag=' -i_dynamic' ;;
-	efc*,ia64* | ifort*,ia64*)	# Intel Fortran compiler on ia64
-	  tmp_addflag=' -i_dynamic -nofor_main' ;;
-	ifc* | ifort*)			# Intel Fortran compiler
-	  tmp_addflag=' -nofor_main' ;;
-	esac
-	archive_cmds_F77='$CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
-
-	if test $supports_anon_versioning = yes; then
-	  archive_expsym_cmds_F77='$echo "{ global:" > $output_objdir/$libname.ver~
-  cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
-  $echo "local: *; };" >> $output_objdir/$libname.ver~
-	  $CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
-	fi
-      else
-	ld_shlibs_F77=no
-      fi
-      ;;
-
-    netbsd*)
-      if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
-	archive_cmds_F77='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
-	wlarc=
-      else
-	archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
-	archive_expsym_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
-      fi
-      ;;
-
-    solaris*)
-      if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then
-	ld_shlibs_F77=no
-	cat <<EOF 1>&2
-
-*** Warning: The releases 2.8.* of the GNU linker cannot reliably
-*** create shared libraries on Solaris systems.  Therefore, libtool
-*** is disabling shared libraries support.  We urge you to upgrade GNU
-*** binutils to release 2.9.1 or newer.  Another option is to modify
-*** your PATH or compiler configuration so that the native linker is
-*** used, and then restart.
-
-EOF
-      elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
-	archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
-	archive_expsym_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
-      else
-	ld_shlibs_F77=no
-      fi
-      ;;
-
-    sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
-      case `$LD -v 2>&1` in
-        *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*)
-	ld_shlibs_F77=no
-	cat <<_LT_EOF 1>&2
-
-*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not
-*** reliably create shared libraries on SCO systems.  Therefore, libtool
-*** is disabling shared libraries support.  We urge you to upgrade GNU
-*** binutils to release 2.16.91.0.3 or newer.  Another option is to modify
-*** your PATH or compiler configuration so that the native linker is
-*** used, and then restart.
-
-_LT_EOF
-	;;
-	*)
-	  if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
-	    hardcode_libdir_flag_spec_F77='`test -z "$SCOABSPATH" && echo ${wl}-rpath,$libdir`'
-	    archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib'
-	    archive_expsym_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname,-retain-symbols-file,$export_symbols -o $lib'
-	  else
-	    ld_shlibs_F77=no
-	  fi
-	;;
-      esac
-      ;;
-
-    sunos4*)
-      archive_cmds_F77='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
-      wlarc=
-      hardcode_direct_F77=yes
-      hardcode_shlibpath_var_F77=no
-      ;;
-
-    *)
-      if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
-	archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
-	archive_expsym_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
-      else
-	ld_shlibs_F77=no
-      fi
-      ;;
-    esac
-
-    if test "$ld_shlibs_F77" = no; then
-      runpath_var=
-      hardcode_libdir_flag_spec_F77=
-      export_dynamic_flag_spec_F77=
-      whole_archive_flag_spec_F77=
-    fi
-  else
-    # PORTME fill in a description of your system's linker (not GNU ld)
-    case $host_os in
-    aix3*)
-      allow_undefined_flag_F77=unsupported
-      always_export_symbols_F77=yes
-      archive_expsym_cmds_F77='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
-      # Note: this linker hardcodes the directories in LIBPATH if there
-      # are no directories specified by -L.
-      hardcode_minus_L_F77=yes
-      if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then
-	# Neither direct hardcoding nor static linking is supported with a
-	# broken collect2.
-	hardcode_direct_F77=unsupported
-      fi
-      ;;
-
-    aix4* | aix5*)
-      if test "$host_cpu" = ia64; then
-	# On IA64, the linker does run time linking by default, so we don't
-	# have to do anything special.
-	aix_use_runtimelinking=no
-	exp_sym_flag='-Bexport'
-	no_entry_flag=""
-      else
-	# If we're using GNU nm, then we don't want the "-C" option.
-	# -C means demangle to AIX nm, but means don't demangle with GNU nm
-	if $NM -V 2>&1 | grep 'GNU' > /dev/null; then
-	  export_symbols_cmds_F77='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols'
-	else
-	  export_symbols_cmds_F77='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols'
-	fi
-	aix_use_runtimelinking=no
-
-	# Test if we are trying to use run time linking or normal
-	# AIX style linking. If -brtl is somewhere in LDFLAGS, we
-	# need to do runtime linking.
-	case $host_os in aix4.[23]|aix4.[23].*|aix5*)
-	  for ld_flag in $LDFLAGS; do
-  	  if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
-  	    aix_use_runtimelinking=yes
-  	    break
-  	  fi
-	  done
-	  ;;
-	esac
-
-	exp_sym_flag='-bexport'
-	no_entry_flag='-bnoentry'
-      fi
-
-      # When large executables or shared objects are built, AIX ld can
-      # have problems creating the table of contents.  If linking a library
-      # or program results in "error TOC overflow" add -mminimal-toc to
-      # CXXFLAGS/CFLAGS for g++/gcc.  In the cases where that is not
-      # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
-
-      archive_cmds_F77=''
-      hardcode_direct_F77=yes
-      hardcode_libdir_separator_F77=':'
-      link_all_deplibs_F77=yes
-
-      if test "$GCC" = yes; then
-	case $host_os in aix4.[012]|aix4.[012].*)
-	# We only want to do this on AIX 4.2 and lower, the check
-	# below for broken collect2 doesn't work under 4.3+
-	  collect2name=`${CC} -print-prog-name=collect2`
-	  if test -f "$collect2name" && \
-  	   strings "$collect2name" | grep resolve_lib_name >/dev/null
-	  then
-  	  # We have reworked collect2
-  	  hardcode_direct_F77=yes
-	  else
-  	  # We have old collect2
-  	  hardcode_direct_F77=unsupported
-  	  # It fails to find uninstalled libraries when the uninstalled
-  	  # path is not listed in the libpath.  Setting hardcode_minus_L
-  	  # to unsupported forces relinking
-  	  hardcode_minus_L_F77=yes
-  	  hardcode_libdir_flag_spec_F77='-L$libdir'
-  	  hardcode_libdir_separator_F77=
-	  fi
-	  ;;
-	esac
-	shared_flag='-shared'
-	if test "$aix_use_runtimelinking" = yes; then
-	  shared_flag="$shared_flag "'${wl}-G'
-	fi
-      else
-	# not using gcc
-	if test "$host_cpu" = ia64; then
-  	# VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
-  	# chokes on -Wl,-G. The following line is correct:
-	  shared_flag='-G'
-	else
-	  if test "$aix_use_runtimelinking" = yes; then
-	    shared_flag='${wl}-G'
-	  else
-	    shared_flag='${wl}-bM:SRE'
-	  fi
-	fi
-      fi
-
-      # It seems that -bexpall does not export symbols beginning with
-      # underscore (_), so it is better to generate a list of symbols to export.
-      always_export_symbols_F77=yes
-      if test "$aix_use_runtimelinking" = yes; then
-	# Warning - without using the other runtime loading flags (-brtl),
-	# -berok will link without error, but may produce a broken library.
-	allow_undefined_flag_F77='-berok'
-       # Determine the default libpath from the value encoded in an empty executable.
-       cat >conftest.$ac_ext <<_ACEOF
-      program main
-
-      end
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_f77_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-
-aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
-}'`
-# Check for a 64-bit object if we didn't find anything.
-if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
-}'`; fi
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
-
-       hardcode_libdir_flag_spec_F77='${wl}-blibpath:$libdir:'"$aix_libpath"
-	archive_expsym_cmds_F77="\$CC"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
-       else
-	if test "$host_cpu" = ia64; then
-	  hardcode_libdir_flag_spec_F77='${wl}-R $libdir:/usr/lib:/lib'
-	  allow_undefined_flag_F77="-z nodefs"
-	  archive_expsym_cmds_F77="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols"
-	else
-	 # Determine the default libpath from the value encoded in an empty executable.
-	 cat >conftest.$ac_ext <<_ACEOF
-      program main
-
-      end
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_f77_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-
-aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
-}'`
-# Check for a 64-bit object if we didn't find anything.
-if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
-}'`; fi
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
-
-	 hardcode_libdir_flag_spec_F77='${wl}-blibpath:$libdir:'"$aix_libpath"
-	  # Warning - without using the other run time loading flags,
-	  # -berok will link without error, but may produce a broken library.
-	  no_undefined_flag_F77=' ${wl}-bernotok'
-	  allow_undefined_flag_F77=' ${wl}-berok'
-	  # Exported symbols can be pulled into shared objects from archives
-	  whole_archive_flag_spec_F77='$convenience'
-	  archive_cmds_need_lc_F77=yes
-	  # This is similar to how AIX traditionally builds its shared libraries.
-	  archive_expsym_cmds_F77="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
-	fi
-      fi
-      ;;
-
-    amigaos*)
-      archive_cmds_F77='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
-      hardcode_libdir_flag_spec_F77='-L$libdir'
-      hardcode_minus_L_F77=yes
-      # see comment about different semantics on the GNU ld section
-      ld_shlibs_F77=no
-      ;;
-
-    bsdi[45]*)
-      export_dynamic_flag_spec_F77=-rdynamic
-      ;;
-
-    cygwin* | mingw* | pw32*)
-      # When not using gcc, we currently assume that we are using
-      # Microsoft Visual C++.
-      # hardcode_libdir_flag_spec is actually meaningless, as there is
-      # no search path for DLLs.
-      hardcode_libdir_flag_spec_F77=' '
-      allow_undefined_flag_F77=unsupported
-      # Tell ltmain to make .lib files, not .a files.
-      libext=lib
-      # Tell ltmain to make .dll files, not .so files.
-      shrext_cmds=".dll"
-      # FIXME: Setting linknames here is a bad hack.
-      archive_cmds_F77='$CC -o $lib $libobjs $compiler_flags `echo "$deplibs" | $SED -e '\''s/ -lc$//'\''` -link -dll~linknames='
-      # The linker will automatically build a .lib file if we build a DLL.
-      old_archive_From_new_cmds_F77='true'
-      # FIXME: Should let the user specify the lib program.
-      old_archive_cmds_F77='lib /OUT:$oldlib$oldobjs$old_deplibs'
-      fix_srcfile_path_F77='`cygpath -w "$srcfile"`'
-      enable_shared_with_static_runtimes_F77=yes
-      ;;
-
-    darwin* | rhapsody*)
-      case $host_os in
-        rhapsody* | darwin1.[012])
-         allow_undefined_flag_F77='${wl}-undefined ${wl}suppress'
-         ;;
-       *) # Darwin 1.3 on
-         if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then
-           allow_undefined_flag_F77='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
-         else
-           case ${MACOSX_DEPLOYMENT_TARGET} in
-             10.[012])
-               allow_undefined_flag_F77='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
-               ;;
-             10.*)
-               allow_undefined_flag_F77='${wl}-undefined ${wl}dynamic_lookup'
-               ;;
-           esac
-         fi
-         ;;
-      esac
-      archive_cmds_need_lc_F77=no
-      hardcode_direct_F77=no
-      hardcode_automatic_F77=yes
-      hardcode_shlibpath_var_F77=unsupported
-      whole_archive_flag_spec_F77=''
-      link_all_deplibs_F77=yes
-    if test "$GCC" = yes ; then
-    	output_verbose_link_cmd='echo'
-        archive_cmds_F77='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring'
-      module_cmds_F77='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
-      # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
-      archive_expsym_cmds_F77='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
-      module_expsym_cmds_F77='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag  -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
-    else
-      case $cc_basename in
-        xlc*)
-         output_verbose_link_cmd='echo'
-         archive_cmds_F77='$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring'
-         module_cmds_F77='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
-          # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
-         archive_expsym_cmds_F77='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
-          module_expsym_cmds_F77='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag  -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
-          ;;
-       *)
-         ld_shlibs_F77=no
-          ;;
-      esac
-    fi
-      ;;
-
-    dgux*)
-      archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      hardcode_libdir_flag_spec_F77='-L$libdir'
-      hardcode_shlibpath_var_F77=no
-      ;;
-
-    freebsd1*)
-      ld_shlibs_F77=no
-      ;;
-
-    # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
-    # support.  Future versions do this automatically, but an explicit c++rt0.o
-    # does not break anything, and helps significantly (at the cost of a little
-    # extra space).
-    freebsd2.2*)
-      archive_cmds_F77='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
-      hardcode_libdir_flag_spec_F77='-R$libdir'
-      hardcode_direct_F77=yes
-      hardcode_shlibpath_var_F77=no
-      ;;
-
-    # Unfortunately, older versions of FreeBSD 2 do not have this feature.
-    freebsd2*)
-      archive_cmds_F77='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
-      hardcode_direct_F77=yes
-      hardcode_minus_L_F77=yes
-      hardcode_shlibpath_var_F77=no
-      ;;
-
-    # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
-    freebsd* | kfreebsd*-gnu | dragonfly*)
-      archive_cmds_F77='$CC -shared -o $lib $libobjs $deplibs $compiler_flags'
-      hardcode_libdir_flag_spec_F77='-R$libdir'
-      hardcode_direct_F77=yes
-      hardcode_shlibpath_var_F77=no
-      ;;
-
-    hpux9*)
-      if test "$GCC" = yes; then
-	archive_cmds_F77='$rm $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
-      else
-	archive_cmds_F77='$rm $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
-      fi
-      hardcode_libdir_flag_spec_F77='${wl}+b ${wl}$libdir'
-      hardcode_libdir_separator_F77=:
-      hardcode_direct_F77=yes
-
-      # hardcode_minus_L: Not really in the search PATH,
-      # but as the default location of the library.
-      hardcode_minus_L_F77=yes
-      export_dynamic_flag_spec_F77='${wl}-E'
-      ;;
-
-    hpux10*)
-      if test "$GCC" = yes -a "$with_gnu_ld" = no; then
-	archive_cmds_F77='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	archive_cmds_F77='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
-      fi
-      if test "$with_gnu_ld" = no; then
-	hardcode_libdir_flag_spec_F77='${wl}+b ${wl}$libdir'
-	hardcode_libdir_separator_F77=:
-
-	hardcode_direct_F77=yes
-	export_dynamic_flag_spec_F77='${wl}-E'
-
-	# hardcode_minus_L: Not really in the search PATH,
-	# but as the default location of the library.
-	hardcode_minus_L_F77=yes
-      fi
-      ;;
-
-    hpux11*)
-      if test "$GCC" = yes -a "$with_gnu_ld" = no; then
-	case $host_cpu in
-	hppa*64*)
-	  archive_cmds_F77='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	ia64*)
-	  archive_cmds_F77='$CC -shared ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	*)
-	  archive_cmds_F77='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	esac
-      else
-	case $host_cpu in
-	hppa*64*)
-	  archive_cmds_F77='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	ia64*)
-	  archive_cmds_F77='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	*)
-	  archive_cmds_F77='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	esac
-      fi
-      if test "$with_gnu_ld" = no; then
-	hardcode_libdir_flag_spec_F77='${wl}+b ${wl}$libdir'
-	hardcode_libdir_separator_F77=:
-
-	case $host_cpu in
-	hppa*64*|ia64*)
-	  hardcode_libdir_flag_spec_ld_F77='+b $libdir'
-	  hardcode_direct_F77=no
-	  hardcode_shlibpath_var_F77=no
-	  ;;
-	*)
-	  hardcode_direct_F77=yes
-	  export_dynamic_flag_spec_F77='${wl}-E'
-
-	  # hardcode_minus_L: Not really in the search PATH,
-	  # but as the default location of the library.
-	  hardcode_minus_L_F77=yes
-	  ;;
-	esac
-      fi
-      ;;
-
-    irix5* | irix6* | nonstopux*)
-      if test "$GCC" = yes; then
-	archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
-      else
-	archive_cmds_F77='$LD -shared $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
-	hardcode_libdir_flag_spec_ld_F77='-rpath $libdir'
-      fi
-      hardcode_libdir_flag_spec_F77='${wl}-rpath ${wl}$libdir'
-      hardcode_libdir_separator_F77=:
-      link_all_deplibs_F77=yes
-      ;;
-
-    netbsd*)
-      if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
-	archive_cmds_F77='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'  # a.out
-      else
-	archive_cmds_F77='$LD -shared -o $lib $libobjs $deplibs $linker_flags'      # ELF
-      fi
-      hardcode_libdir_flag_spec_F77='-R$libdir'
-      hardcode_direct_F77=yes
-      hardcode_shlibpath_var_F77=no
-      ;;
-
-    newsos6)
-      archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      hardcode_direct_F77=yes
-      hardcode_libdir_flag_spec_F77='${wl}-rpath ${wl}$libdir'
-      hardcode_libdir_separator_F77=:
-      hardcode_shlibpath_var_F77=no
-      ;;
-
-    openbsd*)
-      hardcode_direct_F77=yes
-      hardcode_shlibpath_var_F77=no
-      if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
-	archive_cmds_F77='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
-	archive_expsym_cmds_F77='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols'
-	hardcode_libdir_flag_spec_F77='${wl}-rpath,$libdir'
-	export_dynamic_flag_spec_F77='${wl}-E'
-      else
-       case $host_os in
-	 openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*)
-	   archive_cmds_F77='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
-	   hardcode_libdir_flag_spec_F77='-R$libdir'
-	   ;;
-	 *)
-	   archive_cmds_F77='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
-	   hardcode_libdir_flag_spec_F77='${wl}-rpath,$libdir'
-	   ;;
-       esac
-      fi
-      ;;
-
-    os2*)
-      hardcode_libdir_flag_spec_F77='-L$libdir'
-      hardcode_minus_L_F77=yes
-      allow_undefined_flag_F77=unsupported
-      archive_cmds_F77='$echo "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$echo "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$echo DATA >> $output_objdir/$libname.def~$echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~$echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def'
-      old_archive_From_new_cmds_F77='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def'
-      ;;
-
-    osf3*)
-      if test "$GCC" = yes; then
-	allow_undefined_flag_F77=' ${wl}-expect_unresolved ${wl}\*'
-	archive_cmds_F77='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
-      else
-	allow_undefined_flag_F77=' -expect_unresolved \*'
-	archive_cmds_F77='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
-      fi
-      hardcode_libdir_flag_spec_F77='${wl}-rpath ${wl}$libdir'
-      hardcode_libdir_separator_F77=:
-      ;;
-
-    osf4* | osf5*)	# as osf3* with the addition of -msym flag
-      if test "$GCC" = yes; then
-	allow_undefined_flag_F77=' ${wl}-expect_unresolved ${wl}\*'
-	archive_cmds_F77='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
-	hardcode_libdir_flag_spec_F77='${wl}-rpath ${wl}$libdir'
-      else
-	allow_undefined_flag_F77=' -expect_unresolved \*'
-	archive_cmds_F77='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
-	archive_expsym_cmds_F77='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; echo "-hidden">> $lib.exp~
-	$LD -shared${allow_undefined_flag} -input $lib.exp $linker_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib~$rm $lib.exp'
-
-	# Both c and cxx compiler support -rpath directly
-	hardcode_libdir_flag_spec_F77='-rpath $libdir'
-      fi
-      hardcode_libdir_separator_F77=:
-      ;;
-
-    solaris*)
-      no_undefined_flag_F77=' -z text'
-      if test "$GCC" = yes; then
-	wlarc='${wl}'
-	archive_cmds_F77='$CC -shared ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
-	archive_expsym_cmds_F77='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
-	  $CC -shared ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$rm $lib.exp'
-      else
-	wlarc=''
-	archive_cmds_F77='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	archive_expsym_cmds_F77='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
-  	$LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp'
-      fi
-      hardcode_libdir_flag_spec_F77='-R$libdir'
-      hardcode_shlibpath_var_F77=no
-      case $host_os in
-      solaris2.[0-5] | solaris2.[0-5].*) ;;
-      *)
- 	# The compiler driver will combine linker options so we
- 	# cannot just pass the convience library names through
- 	# without $wl, iff we do not link with $LD.
- 	# Luckily, gcc supports the same syntax we need for Sun Studio.
- 	# Supported since Solaris 2.6 (maybe 2.5.1?)
- 	case $wlarc in
- 	'')
- 	  whole_archive_flag_spec_F77='-z allextract$convenience -z defaultextract' ;;
- 	*)
- 	  whole_archive_flag_spec_F77='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract' ;;
- 	esac ;;
-      esac
-      link_all_deplibs_F77=yes
-      ;;
-
-    sunos4*)
-      if test "x$host_vendor" = xsequent; then
-	# Use $CC to link under sequent, because it throws in some extra .o
-	# files that make .init and .fini sections work.
-	archive_cmds_F77='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	archive_cmds_F77='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
-      fi
-      hardcode_libdir_flag_spec_F77='-L$libdir'
-      hardcode_direct_F77=yes
-      hardcode_minus_L_F77=yes
-      hardcode_shlibpath_var_F77=no
-      ;;
-
-    sysv4)
-      case $host_vendor in
-	sni)
-	  archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	  hardcode_direct_F77=yes # is this really true???
-	;;
-	siemens)
-	  ## LD is ld it makes a PLAMLIB
-	  ## CC just makes a GrossModule.
-	  archive_cmds_F77='$LD -G -o $lib $libobjs $deplibs $linker_flags'
-	  reload_cmds_F77='$CC -r -o $output$reload_objs'
-	  hardcode_direct_F77=no
-        ;;
-	motorola)
-	  archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	  hardcode_direct_F77=no #Motorola manual says yes, but my tests say they lie
-	;;
-      esac
-      runpath_var='LD_RUN_PATH'
-      hardcode_shlibpath_var_F77=no
-      ;;
-
-    sysv4.3*)
-      archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      hardcode_shlibpath_var_F77=no
-      export_dynamic_flag_spec_F77='-Bexport'
-      ;;
-
-    sysv4*MP*)
-      if test -d /usr/nec; then
-	archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	hardcode_shlibpath_var_F77=no
-	runpath_var=LD_RUN_PATH
-	hardcode_runpath_var=yes
-	ld_shlibs_F77=yes
-      fi
-      ;;
-
-    sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7*)
-      no_undefined_flag_F77='${wl}-z,text'
-      archive_cmds_need_lc_F77=no
-      hardcode_shlibpath_var_F77=no
-      runpath_var='LD_RUN_PATH'
-
-      if test "$GCC" = yes; then
-	archive_cmds_F77='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	archive_expsym_cmds_F77='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	archive_cmds_F77='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	archive_expsym_cmds_F77='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-      fi
-      ;;
-
-    sysv5* | sco3.2v5* | sco5v6*)
-      # Note: We can NOT use -z defs as we might desire, because we do not
-      # link with -lc, and that would cause any symbols used from libc to
-      # always be unresolved, which means just about no library would
-      # ever link correctly.  If we're not using GNU ld we use -z text
-      # though, which does catch some bad symbols but isn't as heavy-handed
-      # as -z defs.
-      no_undefined_flag_F77='${wl}-z,text'
-      allow_undefined_flag_F77='${wl}-z,nodefs'
-      archive_cmds_need_lc_F77=no
-      hardcode_shlibpath_var_F77=no
-      hardcode_libdir_flag_spec_F77='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`'
-      hardcode_libdir_separator_F77=':'
-      link_all_deplibs_F77=yes
-      export_dynamic_flag_spec_F77='${wl}-Bexport'
-      runpath_var='LD_RUN_PATH'
-
-      if test "$GCC" = yes; then
-	archive_cmds_F77='$CC -shared ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
-	archive_expsym_cmds_F77='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	archive_cmds_F77='$CC -G ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
-	archive_expsym_cmds_F77='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
-      fi
-      ;;
-
-    uts4*)
-      archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      hardcode_libdir_flag_spec_F77='-L$libdir'
-      hardcode_shlibpath_var_F77=no
-      ;;
-
-    *)
-      ld_shlibs_F77=no
-      ;;
-    esac
-  fi
-
-{ echo "$as_me:$LINENO: result: $ld_shlibs_F77" >&5
-echo "${ECHO_T}$ld_shlibs_F77" >&6; }
-test "$ld_shlibs_F77" = no && can_build_shared=no
-
-#
-# Do we need to explicitly link libc?
-#
-case "x$archive_cmds_need_lc_F77" in
-x|xyes)
-  # Assume -lc should be added
-  archive_cmds_need_lc_F77=yes
-
-  if test "$enable_shared" = yes && test "$GCC" = yes; then
-    case $archive_cmds_F77 in
-    *'~'*)
-      # FIXME: we may have to deal with multi-command sequences.
-      ;;
-    '$CC '*)
-      # Test whether the compiler implicitly links with -lc since on some
-      # systems, -lgcc has to come before -lc. If gcc already passes -lc
-      # to ld, don't add -lc before -lgcc.
-      { echo "$as_me:$LINENO: checking whether -lc should be explicitly linked in" >&5
-echo $ECHO_N "checking whether -lc should be explicitly linked in... $ECHO_C" >&6; }
-      $rm conftest*
-      printf "$lt_simple_compile_test_code" > conftest.$ac_ext
-
-      if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } 2>conftest.err; then
-        soname=conftest
-        lib=conftest
-        libobjs=conftest.$ac_objext
-        deplibs=
-        wl=$lt_prog_compiler_wl_F77
-	pic_flag=$lt_prog_compiler_pic_F77
-        compiler_flags=-v
-        linker_flags=-v
-        verstring=
-        output_objdir=.
-        libname=conftest
-        lt_save_allow_undefined_flag=$allow_undefined_flag_F77
-        allow_undefined_flag_F77=
-        if { (eval echo "$as_me:$LINENO: \"$archive_cmds_F77 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1\"") >&5
-  (eval $archive_cmds_F77 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }
-        then
-	  archive_cmds_need_lc_F77=no
-        else
-	  archive_cmds_need_lc_F77=yes
-        fi
-        allow_undefined_flag_F77=$lt_save_allow_undefined_flag
-      else
-        cat conftest.err 1>&5
-      fi
-      $rm conftest*
-      { echo "$as_me:$LINENO: result: $archive_cmds_need_lc_F77" >&5
-echo "${ECHO_T}$archive_cmds_need_lc_F77" >&6; }
-      ;;
-    esac
-  fi
-  ;;
-esac
-
-{ echo "$as_me:$LINENO: checking dynamic linker characteristics" >&5
-echo $ECHO_N "checking dynamic linker characteristics... $ECHO_C" >&6; }
-library_names_spec=
-libname_spec='lib$name'
-soname_spec=
-shrext_cmds=".so"
-postinstall_cmds=
-postuninstall_cmds=
-finish_cmds=
-finish_eval=
-shlibpath_var=
-shlibpath_overrides_runpath=unknown
-version_type=none
-dynamic_linker="$host_os ld.so"
-sys_lib_dlsearch_path_spec="/lib /usr/lib"
-if test "$GCC" = yes; then
-  sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
-  if echo "$sys_lib_search_path_spec" | grep ';' >/dev/null ; then
-    # if the path contains ";" then we assume it to be the separator
-    # otherwise default to the standard path separator (i.e. ":") - it is
-    # assumed that no part of a normal pathname contains ";" but that should
-    # okay in the real world where ";" in dirpaths is itself problematic.
-    sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
-  else
-    sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED  -e "s/$PATH_SEPARATOR/ /g"`
-  fi
-else
-  sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
-fi
-need_lib_prefix=unknown
-hardcode_into_libs=no
-
-# when you set need_version to no, make sure it does not cause -set_version
-# flags to be left without arguments
-need_version=unknown
-
-case $host_os in
-aix3*)
-  version_type=linux
-  library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
-  shlibpath_var=LIBPATH
-
-  # AIX 3 has no versioning support, so we append a major version to the name.
-  soname_spec='${libname}${release}${shared_ext}$major'
-  ;;
-
-aix4* | aix5*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  hardcode_into_libs=yes
-  if test "$host_cpu" = ia64; then
-    # AIX 5 supports IA64
-    library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}'
-    shlibpath_var=LD_LIBRARY_PATH
-  else
-    # With GCC up to 2.95.x, collect2 would create an import file
-    # for dependence libraries.  The import file would start with
-    # the line `#! .'.  This would cause the generated library to
-    # depend on `.', always an invalid library.  This was fixed in
-    # development snapshots of GCC prior to 3.0.
-    case $host_os in
-      aix4 | aix4.[01] | aix4.[01].*)
-      if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
-	   echo ' yes '
-	   echo '#endif'; } | ${CC} -E - | grep yes > /dev/null; then
-	:
-      else
-	can_build_shared=no
-      fi
-      ;;
-    esac
-    # AIX (on Power*) has no versioning support, so currently we can not hardcode correct
-    # soname into executable. Probably we can add versioning support to
-    # collect2, so additional links can be useful in future.
-    if test "$aix_use_runtimelinking" = yes; then
-      # If using run time linking (on AIX 4.2 or later) use lib<name>.so
-      # instead of lib<name>.a to let people know that these are not
-      # typical AIX shared libraries.
-      library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-    else
-      # We preserve .a as extension for shared libraries through AIX4.2
-      # and later when we are not doing run time linking.
-      library_names_spec='${libname}${release}.a $libname.a'
-      soname_spec='${libname}${release}${shared_ext}$major'
-    fi
-    shlibpath_var=LIBPATH
-  fi
-  ;;
-
-amigaos*)
-  library_names_spec='$libname.ixlibrary $libname.a'
-  # Create ${libname}_ixlibrary.a entries in /sys/libs.
-  finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
-  ;;
-
-beos*)
-  library_names_spec='${libname}${shared_ext}'
-  dynamic_linker="$host_os ld.so"
-  shlibpath_var=LIBRARY_PATH
-  ;;
-
-bsdi[45]*)
-  version_type=linux
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
-  sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
-  # the default ld.so.conf also contains /usr/contrib/lib and
-  # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
-  # libtool to hard-code these into programs
-  ;;
-
-cygwin* | mingw* | pw32*)
-  version_type=windows
-  shrext_cmds=".dll"
-  need_version=no
-  need_lib_prefix=no
-
-  case $GCC,$host_os in
-  yes,cygwin* | yes,mingw* | yes,pw32*)
-    library_names_spec='$libname.dll.a'
-    # DLL is installed to $(libdir)/../bin by postinstall_cmds
-    postinstall_cmds='base_file=`basename \${file}`~
-      dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i;echo \$dlname'\''`~
-      dldir=$destdir/`dirname \$dlpath`~
-      test -d \$dldir || mkdir -p \$dldir~
-      $install_prog $dir/$dlname \$dldir/$dlname~
-      chmod a+x \$dldir/$dlname'
-    postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
-      dlpath=$dir/\$dldll~
-       $rm \$dlpath'
-    shlibpath_overrides_runpath=yes
-
-    case $host_os in
-    cygwin*)
-      # Cygwin DLLs use 'cyg' prefix rather than 'lib'
-      soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
-      sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib"
-      ;;
-    mingw*)
-      # MinGW DLLs use traditional 'lib' prefix
-      soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
-      sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
-      if echo "$sys_lib_search_path_spec" | grep ';[c-zC-Z]:/' >/dev/null; then
-        # It is most probably a Windows format PATH printed by
-        # mingw gcc, but we are running on Cygwin. Gcc prints its search
-        # path with ; separators, and with drive letters. We can handle the
-        # drive letters (cygwin fileutils understands them), so leave them,
-        # especially as we might pass files found there to a mingw objdump,
-        # which wouldn't understand a cygwinified path. Ahh.
-        sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
-      else
-        sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED  -e "s/$PATH_SEPARATOR/ /g"`
-      fi
-      ;;
-    pw32*)
-      # pw32 DLLs use 'pw' prefix rather than 'lib'
-      library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
-      ;;
-    esac
-    ;;
-
-  *)
-    library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib'
-    ;;
-  esac
-  dynamic_linker='Win32 ld.exe'
-  # FIXME: first we should search . and the directory the executable is in
-  shlibpath_var=PATH
-  ;;
-
-darwin* | rhapsody*)
-  dynamic_linker="$host_os dyld"
-  version_type=darwin
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext ${libname}${release}${versuffix}$shared_ext'
-  soname_spec='${libname}${release}${major}$shared_ext'
-  shlibpath_overrides_runpath=yes
-  shlibpath_var=DYLD_LIBRARY_PATH
-  shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
-  # Apple's gcc prints 'gcc -print-search-dirs' doesn't operate the same.
-  if test "$GCC" = yes; then
-    sys_lib_search_path_spec=`$CC -print-search-dirs | tr "\n" "$PATH_SEPARATOR" | sed -e 's/libraries:/@libraries:/' | tr "@" "\n" | grep "^libraries:" | sed -e "s/^libraries://" -e "s,=/,/,g" -e "s,$PATH_SEPARATOR, ,g" -e "s,.*,& /lib /usr/lib /usr/local/lib,g"`
-  else
-    sys_lib_search_path_spec='/lib /usr/lib /usr/local/lib'
-  fi
-  sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
-  ;;
-
-dgux*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-freebsd1*)
-  dynamic_linker=no
-  ;;
-
-kfreebsd*-gnu)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  hardcode_into_libs=yes
-  dynamic_linker='GNU ld.so'
-  ;;
-
-freebsd* | dragonfly*)
-  # DragonFly does not have aout.  When/if they implement a new
-  # versioning mechanism, adjust this.
-  if test -x /usr/bin/objformat; then
-    objformat=`/usr/bin/objformat`
-  else
-    case $host_os in
-    freebsd[123]*) objformat=aout ;;
-    *) objformat=elf ;;
-    esac
-  fi
-  version_type=freebsd-$objformat
-  case $version_type in
-    freebsd-elf*)
-      library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
-      need_version=no
-      need_lib_prefix=no
-      ;;
-    freebsd-*)
-      library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix'
-      need_version=yes
-      ;;
-  esac
-  shlibpath_var=LD_LIBRARY_PATH
-  case $host_os in
-  freebsd2*)
-    shlibpath_overrides_runpath=yes
-    ;;
-  freebsd3.[01]* | freebsdelf3.[01]*)
-    shlibpath_overrides_runpath=yes
-    hardcode_into_libs=yes
-    ;;
-  freebsd3.[2-9]* | freebsdelf3.[2-9]* | \
-  freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1)
-    shlibpath_overrides_runpath=no
-    hardcode_into_libs=yes
-    ;;
-  freebsd*) # from 4.6 on
-    shlibpath_overrides_runpath=yes
-    hardcode_into_libs=yes
-    ;;
-  esac
-  ;;
-
-gnu*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  hardcode_into_libs=yes
-  ;;
-
-hpux9* | hpux10* | hpux11*)
-  # Give a soname corresponding to the major version so that dld.sl refuses to
-  # link against other versions.
-  version_type=sunos
-  need_lib_prefix=no
-  need_version=no
-  case $host_cpu in
-  ia64*)
-    shrext_cmds='.so'
-    hardcode_into_libs=yes
-    dynamic_linker="$host_os dld.so"
-    shlibpath_var=LD_LIBRARY_PATH
-    shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
-    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-    soname_spec='${libname}${release}${shared_ext}$major'
-    if test "X$HPUX_IA64_MODE" = X32; then
-      sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
-    else
-      sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
-    fi
-    sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
-    ;;
-   hppa*64*)
-     shrext_cmds='.sl'
-     hardcode_into_libs=yes
-     dynamic_linker="$host_os dld.sl"
-     shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
-     shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
-     library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-     soname_spec='${libname}${release}${shared_ext}$major'
-     sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
-     sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
-     ;;
-   *)
-    shrext_cmds='.sl'
-    dynamic_linker="$host_os dld.sl"
-    shlibpath_var=SHLIB_PATH
-    shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
-    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-    soname_spec='${libname}${release}${shared_ext}$major'
-    ;;
-  esac
-  # HP-UX runs *really* slowly unless shared libraries are mode 555.
-  postinstall_cmds='chmod 555 $lib'
-  ;;
-
-interix3*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  hardcode_into_libs=yes
-  ;;
-
-irix5* | irix6* | nonstopux*)
-  case $host_os in
-    nonstopux*) version_type=nonstopux ;;
-    *)
-	if test "$lt_cv_prog_gnu_ld" = yes; then
-		version_type=linux
-	else
-		version_type=irix
-	fi ;;
-  esac
-  need_lib_prefix=no
-  need_version=no
-  soname_spec='${libname}${release}${shared_ext}$major'
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}'
-  case $host_os in
-  irix5* | nonstopux*)
-    libsuff= shlibsuff=
-    ;;
-  *)
-    case $LD in # libtool.m4 will add one of these switches to LD
-    *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
-      libsuff= shlibsuff= libmagic=32-bit;;
-    *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
-      libsuff=32 shlibsuff=N32 libmagic=N32;;
-    *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
-      libsuff=64 shlibsuff=64 libmagic=64-bit;;
-    *) libsuff= shlibsuff= libmagic=never-match;;
-    esac
-    ;;
-  esac
-  shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
-  shlibpath_overrides_runpath=no
-  sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
-  sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
-  hardcode_into_libs=yes
-  ;;
-
-# No shared lib support for Linux oldld, aout, or coff.
-linux*oldld* | linux*aout* | linux*coff*)
-  dynamic_linker=no
-  ;;
-
-# This must be Linux ELF.
-linux*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  # This implies no fast_install, which is unacceptable.
-  # Some rework will be needed to allow for fast_install
-  # before this can be enabled.
-  hardcode_into_libs=yes
-
-  # Append ld.so.conf contents to the search path
-  if test -f /etc/ld.so.conf; then
-    lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
-    sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
-  fi
-
-  # We used to test for /lib/ld.so.1 and disable shared libraries on
-  # powerpc, because MkLinux only supported shared libraries with the
-  # GNU dynamic linker.  Since this was broken with cross compilers,
-  # most powerpc-linux boxes support dynamic linking these days and
-  # people can always --disable-shared, the test was removed, and we
-  # assume the GNU/Linux dynamic linker is in use.
-  dynamic_linker='GNU/Linux ld.so'
-  ;;
-
-knetbsd*-gnu)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  hardcode_into_libs=yes
-  dynamic_linker='GNU ld.so'
-  ;;
-
-netbsd*)
-  version_type=sunos
-  need_lib_prefix=no
-  need_version=no
-  if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
-    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
-    finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
-    dynamic_linker='NetBSD (a.out) ld.so'
-  else
-    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
-    soname_spec='${libname}${release}${shared_ext}$major'
-    dynamic_linker='NetBSD ld.elf_so'
-  fi
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  hardcode_into_libs=yes
-  ;;
-
-newsos6)
-  version_type=linux
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  ;;
-
-nto-qnx*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  ;;
-
-openbsd*)
-  version_type=sunos
-  sys_lib_dlsearch_path_spec="/usr/lib"
-  need_lib_prefix=no
-  # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs.
-  case $host_os in
-    openbsd3.3 | openbsd3.3.*) need_version=yes ;;
-    *)                         need_version=no  ;;
-  esac
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
-    case $host_os in
-      openbsd2.[89] | openbsd2.[89].*)
-	shlibpath_overrides_runpath=no
-	;;
-      *)
-	shlibpath_overrides_runpath=yes
-	;;
-      esac
-  else
-    shlibpath_overrides_runpath=yes
-  fi
-  ;;
-
-os2*)
-  libname_spec='$name'
-  shrext_cmds=".dll"
-  need_lib_prefix=no
-  library_names_spec='$libname${shared_ext} $libname.a'
-  dynamic_linker='OS/2 ld.exe'
-  shlibpath_var=LIBPATH
-  ;;
-
-osf3* | osf4* | osf5*)
-  version_type=osf
-  need_lib_prefix=no
-  need_version=no
-  soname_spec='${libname}${release}${shared_ext}$major'
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-  shlibpath_var=LD_LIBRARY_PATH
-  sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
-  sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
-  ;;
-
-solaris*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  hardcode_into_libs=yes
-  # ldd complains unless libraries are executable
-  postinstall_cmds='chmod +x $lib'
-  ;;
-
-sunos4*)
-  version_type=sunos
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
-  finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  if test "$with_gnu_ld" = yes; then
-    need_lib_prefix=no
-  fi
-  need_version=yes
-  ;;
-
-sysv4 | sysv4.3*)
-  version_type=linux
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  case $host_vendor in
-    sni)
-      shlibpath_overrides_runpath=no
-      need_lib_prefix=no
-      export_dynamic_flag_spec='${wl}-Blargedynsym'
-      runpath_var=LD_RUN_PATH
-      ;;
-    siemens)
-      need_lib_prefix=no
-      ;;
-    motorola)
-      need_lib_prefix=no
-      need_version=no
-      shlibpath_overrides_runpath=no
-      sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
-      ;;
-  esac
-  ;;
-
-sysv4*MP*)
-  if test -d /usr/nec ;then
-    version_type=linux
-    library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
-    soname_spec='$libname${shared_ext}.$major'
-    shlibpath_var=LD_LIBRARY_PATH
-  fi
-  ;;
-
-sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
-  version_type=freebsd-elf
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  hardcode_into_libs=yes
-  if test "$with_gnu_ld" = yes; then
-    sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
-    shlibpath_overrides_runpath=no
-  else
-    sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
-    shlibpath_overrides_runpath=yes
-    case $host_os in
-      sco3.2v5*)
-        sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
-	;;
-    esac
-  fi
-  sys_lib_dlsearch_path_spec='/usr/lib'
-  ;;
-
-uts4*)
-  version_type=linux
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-*)
-  dynamic_linker=no
-  ;;
-esac
-{ echo "$as_me:$LINENO: result: $dynamic_linker" >&5
-echo "${ECHO_T}$dynamic_linker" >&6; }
-test "$dynamic_linker" = no && can_build_shared=no
-
-variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
-if test "$GCC" = yes; then
-  variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
-fi
-
-{ echo "$as_me:$LINENO: checking how to hardcode library paths into programs" >&5
-echo $ECHO_N "checking how to hardcode library paths into programs... $ECHO_C" >&6; }
-hardcode_action_F77=
-if test -n "$hardcode_libdir_flag_spec_F77" || \
-   test -n "$runpath_var_F77" || \
-   test "X$hardcode_automatic_F77" = "Xyes" ; then
-
-  # We can hardcode non-existant directories.
-  if test "$hardcode_direct_F77" != no &&
-     # If the only mechanism to avoid hardcoding is shlibpath_var, we
-     # have to relink, otherwise we might link with an installed library
-     # when we should be linking with a yet-to-be-installed one
-     ## test "$_LT_AC_TAGVAR(hardcode_shlibpath_var, F77)" != no &&
-     test "$hardcode_minus_L_F77" != no; then
-    # Linking always hardcodes the temporary library directory.
-    hardcode_action_F77=relink
-  else
-    # We can link without hardcoding, and we can hardcode nonexisting dirs.
-    hardcode_action_F77=immediate
-  fi
-else
-  # We cannot hardcode anything, or else we can only hardcode existing
-  # directories.
-  hardcode_action_F77=unsupported
-fi
-{ echo "$as_me:$LINENO: result: $hardcode_action_F77" >&5
-echo "${ECHO_T}$hardcode_action_F77" >&6; }
-
-if test "$hardcode_action_F77" = relink; then
-  # Fast installation is not supported
-  enable_fast_install=no
-elif test "$shlibpath_overrides_runpath" = yes ||
-     test "$enable_shared" = no; then
-  # Fast installation is not necessary
-  enable_fast_install=needless
-fi
-
-
-# The else clause should only fire when bootstrapping the
-# libtool distribution, otherwise you forgot to ship ltmain.sh
-# with your package, and you will get complaints that there are
-# no rules to generate ltmain.sh.
-if test -f "$ltmain"; then
-  # See if we are running on zsh, and set the options which allow our commands through
-  # without removal of \ escapes.
-  if test -n "${ZSH_VERSION+set}" ; then
-    setopt NO_GLOB_SUBST
-  fi
-  # Now quote all the things that may contain metacharacters while being
-  # careful not to overquote the AC_SUBSTed values.  We take copies of the
-  # variables and quote the copies for generation of the libtool script.
-  for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC LTCFLAGS NM \
-    SED SHELL STRIP \
-    libname_spec library_names_spec soname_spec extract_expsyms_cmds \
-    old_striplib striplib file_magic_cmd finish_cmds finish_eval \
-    deplibs_check_method reload_flag reload_cmds need_locks \
-    lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl \
-    lt_cv_sys_global_symbol_to_c_name_address \
-    sys_lib_search_path_spec sys_lib_dlsearch_path_spec \
-    old_postinstall_cmds old_postuninstall_cmds \
-    compiler_F77 \
-    CC_F77 \
-    LD_F77 \
-    lt_prog_compiler_wl_F77 \
-    lt_prog_compiler_pic_F77 \
-    lt_prog_compiler_static_F77 \
-    lt_prog_compiler_no_builtin_flag_F77 \
-    export_dynamic_flag_spec_F77 \
-    thread_safe_flag_spec_F77 \
-    whole_archive_flag_spec_F77 \
-    enable_shared_with_static_runtimes_F77 \
-    old_archive_cmds_F77 \
-    old_archive_from_new_cmds_F77 \
-    predep_objects_F77 \
-    postdep_objects_F77 \
-    predeps_F77 \
-    postdeps_F77 \
-    compiler_lib_search_path_F77 \
-    archive_cmds_F77 \
-    archive_expsym_cmds_F77 \
-    postinstall_cmds_F77 \
-    postuninstall_cmds_F77 \
-    old_archive_from_expsyms_cmds_F77 \
-    allow_undefined_flag_F77 \
-    no_undefined_flag_F77 \
-    export_symbols_cmds_F77 \
-    hardcode_libdir_flag_spec_F77 \
-    hardcode_libdir_flag_spec_ld_F77 \
-    hardcode_libdir_separator_F77 \
-    hardcode_automatic_F77 \
-    module_cmds_F77 \
-    module_expsym_cmds_F77 \
-    lt_cv_prog_compiler_c_o_F77 \
-    exclude_expsyms_F77 \
-    include_expsyms_F77; do
-
-    case $var in
-    old_archive_cmds_F77 | \
-    old_archive_from_new_cmds_F77 | \
-    archive_cmds_F77 | \
-    archive_expsym_cmds_F77 | \
-    module_cmds_F77 | \
-    module_expsym_cmds_F77 | \
-    old_archive_from_expsyms_cmds_F77 | \
-    export_symbols_cmds_F77 | \
-    extract_expsyms_cmds | reload_cmds | finish_cmds | \
-    postinstall_cmds | postuninstall_cmds | \
-    old_postinstall_cmds | old_postuninstall_cmds | \
-    sys_lib_search_path_spec | sys_lib_dlsearch_path_spec)
-      # Double-quote double-evaled strings.
-      eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\""
-      ;;
-    *)
-      eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\""
-      ;;
-    esac
-  done
-
-  case $lt_echo in
-  *'\$0 --fallback-echo"')
-    lt_echo=`$echo "X$lt_echo" | $Xsed -e 's/\\\\\\\$0 --fallback-echo"$/$0 --fallback-echo"/'`
-    ;;
-  esac
-
-cfgfile="$ofile"
-
-  cat <<__EOF__ >> "$cfgfile"
-# ### BEGIN LIBTOOL TAG CONFIG: $tagname
-
-# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
-
-# Shell to use when invoking shell scripts.
-SHELL=$lt_SHELL
-
-# Whether or not to build shared libraries.
-build_libtool_libs=$enable_shared
-
-# Whether or not to build static libraries.
-build_old_libs=$enable_static
-
-# Whether or not to add -lc for building shared libraries.
-build_libtool_need_lc=$archive_cmds_need_lc_F77
-
-# Whether or not to disallow shared libs when runtime libs are static
-allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes_F77
-
-# Whether or not to optimize for fast installation.
-fast_install=$enable_fast_install
-
-# The host system.
-host_alias=$host_alias
-host=$host
-host_os=$host_os
-
-# The build system.
-build_alias=$build_alias
-build=$build
-build_os=$build_os
-
-# An echo program that does not interpret backslashes.
-echo=$lt_echo
-
-# The archiver.
-AR=$lt_AR
-AR_FLAGS=$lt_AR_FLAGS
-
-# A C compiler.
-LTCC=$lt_LTCC
-
-# LTCC compiler flags.
-LTCFLAGS=$lt_LTCFLAGS
-
-# A language-specific compiler.
-CC=$lt_compiler_F77
-
-# Is the compiler the GNU C compiler?
-with_gcc=$GCC_F77
-
-# An ERE matcher.
-EGREP=$lt_EGREP
-
-# The linker used to build libraries.
-LD=$lt_LD_F77
-
-# Whether we need hard or soft links.
-LN_S=$lt_LN_S
-
-# A BSD-compatible nm program.
-NM=$lt_NM
-
-# A symbol stripping program
-STRIP=$lt_STRIP
-
-# Used to examine libraries when file_magic_cmd begins "file"
-MAGIC_CMD=$MAGIC_CMD
-
-# Used on cygwin: DLL creation program.
-DLLTOOL="$DLLTOOL"
-
-# Used on cygwin: object dumper.
-OBJDUMP="$OBJDUMP"
-
-# Used on cygwin: assembler.
-AS="$AS"
-
-# The name of the directory that contains temporary libtool files.
-objdir=$objdir
-
-# How to create reloadable object files.
-reload_flag=$lt_reload_flag
-reload_cmds=$lt_reload_cmds
-
-# How to pass a linker flag through the compiler.
-wl=$lt_lt_prog_compiler_wl_F77
-
-# Object file suffix (normally "o").
-objext="$ac_objext"
-
-# Old archive suffix (normally "a").
-libext="$libext"
-
-# Shared library suffix (normally ".so").
-shrext_cmds='$shrext_cmds'
-
-# Executable file suffix (normally "").
-exeext="$exeext"
-
-# Additional compiler flags for building library objects.
-pic_flag=$lt_lt_prog_compiler_pic_F77
-pic_mode=$pic_mode
-
-# What is the maximum length of a command?
-max_cmd_len=$lt_cv_sys_max_cmd_len
-
-# Does compiler simultaneously support -c and -o options?
-compiler_c_o=$lt_lt_cv_prog_compiler_c_o_F77
-
-# Must we lock files when doing compilation?
-need_locks=$lt_need_locks
-
-# Do we need the lib prefix for modules?
-need_lib_prefix=$need_lib_prefix
-
-# Do we need a version for libraries?
-need_version=$need_version
-
-# Whether dlopen is supported.
-dlopen_support=$enable_dlopen
-
-# Whether dlopen of programs is supported.
-dlopen_self=$enable_dlopen_self
-
-# Whether dlopen of statically linked programs is supported.
-dlopen_self_static=$enable_dlopen_self_static
-
-# Compiler flag to prevent dynamic linking.
-link_static_flag=$lt_lt_prog_compiler_static_F77
-
-# Compiler flag to turn off builtin functions.
-no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag_F77
-
-# Compiler flag to allow reflexive dlopens.
-export_dynamic_flag_spec=$lt_export_dynamic_flag_spec_F77
-
-# Compiler flag to generate shared objects directly from archives.
-whole_archive_flag_spec=$lt_whole_archive_flag_spec_F77
-
-# Compiler flag to generate thread-safe objects.
-thread_safe_flag_spec=$lt_thread_safe_flag_spec_F77
-
-# Library versioning type.
-version_type=$version_type
-
-# Format of library name prefix.
-libname_spec=$lt_libname_spec
-
-# List of archive names.  First name is the real one, the rest are links.
-# The last name is the one that the linker finds with -lNAME.
-library_names_spec=$lt_library_names_spec
-
-# The coded name of the library, if different from the real name.
-soname_spec=$lt_soname_spec
-
-# Commands used to build and install an old-style archive.
-RANLIB=$lt_RANLIB
-old_archive_cmds=$lt_old_archive_cmds_F77
-old_postinstall_cmds=$lt_old_postinstall_cmds
-old_postuninstall_cmds=$lt_old_postuninstall_cmds
-
-# Create an old-style archive from a shared archive.
-old_archive_from_new_cmds=$lt_old_archive_from_new_cmds_F77
-
-# Create a temporary old-style archive to link instead of a shared archive.
-old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds_F77
-
-# Commands used to build and install a shared archive.
-archive_cmds=$lt_archive_cmds_F77
-archive_expsym_cmds=$lt_archive_expsym_cmds_F77
-postinstall_cmds=$lt_postinstall_cmds
-postuninstall_cmds=$lt_postuninstall_cmds
-
-# Commands used to build a loadable module (assumed same as above if empty)
-module_cmds=$lt_module_cmds_F77
-module_expsym_cmds=$lt_module_expsym_cmds_F77
-
-# Commands to strip libraries.
-old_striplib=$lt_old_striplib
-striplib=$lt_striplib
-
-# Dependencies to place before the objects being linked to create a
-# shared library.
-predep_objects=$lt_predep_objects_F77
-
-# Dependencies to place after the objects being linked to create a
-# shared library.
-postdep_objects=$lt_postdep_objects_F77
-
-# Dependencies to place before the objects being linked to create a
-# shared library.
-predeps=$lt_predeps_F77
-
-# Dependencies to place after the objects being linked to create a
-# shared library.
-postdeps=$lt_postdeps_F77
-
-# The library search path used internally by the compiler when linking
-# a shared library.
-compiler_lib_search_path=$lt_compiler_lib_search_path_F77
-
-# Method to check whether dependent libraries are shared objects.
-deplibs_check_method=$lt_deplibs_check_method
-
-# Command to use when deplibs_check_method == file_magic.
-file_magic_cmd=$lt_file_magic_cmd
-
-# Flag that allows shared libraries with undefined symbols to be built.
-allow_undefined_flag=$lt_allow_undefined_flag_F77
-
-# Flag that forces no undefined symbols.
-no_undefined_flag=$lt_no_undefined_flag_F77
-
-# Commands used to finish a libtool library installation in a directory.
-finish_cmds=$lt_finish_cmds
-
-# Same as above, but a single script fragment to be evaled but not shown.
-finish_eval=$lt_finish_eval
-
-# Take the output of nm and produce a listing of raw symbols and C names.
-global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe
-
-# Transform the output of nm in a proper C declaration
-global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl
-
-# Transform the output of nm in a C name address pair
-global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address
-
-# This is the shared library runtime path variable.
-runpath_var=$runpath_var
-
-# This is the shared library path variable.
-shlibpath_var=$shlibpath_var
-
-# Is shlibpath searched before the hard-coded library search path?
-shlibpath_overrides_runpath=$shlibpath_overrides_runpath
-
-# How to hardcode a shared library path into an executable.
-hardcode_action=$hardcode_action_F77
-
-# Whether we should hardcode library paths into libraries.
-hardcode_into_libs=$hardcode_into_libs
-
-# Flag to hardcode \$libdir into a binary during linking.
-# This must work even if \$libdir does not exist.
-hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec_F77
-
-# If ld is used when linking, flag to hardcode \$libdir into
-# a binary during linking. This must work even if \$libdir does
-# not exist.
-hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld_F77
-
-# Whether we need a single -rpath flag with a separated argument.
-hardcode_libdir_separator=$lt_hardcode_libdir_separator_F77
-
-# Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the
-# resulting binary.
-hardcode_direct=$hardcode_direct_F77
-
-# Set to yes if using the -LDIR flag during linking hardcodes DIR into the
-# resulting binary.
-hardcode_minus_L=$hardcode_minus_L_F77
-
-# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into
-# the resulting binary.
-hardcode_shlibpath_var=$hardcode_shlibpath_var_F77
-
-# Set to yes if building a shared library automatically hardcodes DIR into the library
-# and all subsequent libraries and executables linked against it.
-hardcode_automatic=$hardcode_automatic_F77
-
-# Variables whose values should be saved in libtool wrapper scripts and
-# restored at relink time.
-variables_saved_for_relink="$variables_saved_for_relink"
-
-# Whether libtool must link a program against all its dependency libraries.
-link_all_deplibs=$link_all_deplibs_F77
-
-# Compile-time system search path for libraries
-sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
-
-# Run-time system search path for libraries
-sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
-
-# Fix the shell variable \$srcfile for the compiler.
-fix_srcfile_path="$fix_srcfile_path_F77"
-
-# Set to yes if exported symbols are required.
-always_export_symbols=$always_export_symbols_F77
-
-# The commands to list exported symbols.
-export_symbols_cmds=$lt_export_symbols_cmds_F77
-
-# The commands to extract the exported symbol list from a shared archive.
-extract_expsyms_cmds=$lt_extract_expsyms_cmds
-
-# Symbols that should not be listed in the preloaded symbols.
-exclude_expsyms=$lt_exclude_expsyms_F77
-
-# Symbols that must always be exported.
-include_expsyms=$lt_include_expsyms_F77
-
-# ### END LIBTOOL TAG CONFIG: $tagname
-
-__EOF__
-
-
-else
-  # If there is no Makefile yet, we rely on a make rule to execute
-  # `config.status --recheck' to rerun these tests and create the
-  # libtool script then.
-  ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'`
-  if test -f "$ltmain_in"; then
-    test -f Makefile && make "$ltmain"
-  fi
-fi
-
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-CC="$lt_save_CC"
-
-	else
-	  tagname=""
-	fi
-	;;
-
-      GCJ)
-	if test -n "$GCJ" && test "X$GCJ" != "Xno"; then
-
-
-# Source file extension for Java test sources.
-ac_ext=java
-
-# Object file extension for compiled Java test sources.
-objext=o
-objext_GCJ=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code="class foo {}\n"
-
-# Code to be used in simple link tests
-lt_simple_link_test_code='public class conftest { public static void main(String[] argv) {}; }\n'
-
-# ltmain only uses $CC for tagged configurations so make sure $CC is set.
-
-# If no C compiler was specified, use CC.
-LTCC=${LTCC-"$CC"}
-
-# If no C compiler flags were specified, use CFLAGS.
-LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
-
-# Allow CC to be a program name with arguments.
-compiler=$CC
-
-
-# save warnings/boilerplate of simple test code
-ac_outfile=conftest.$ac_objext
-printf "$lt_simple_compile_test_code" >conftest.$ac_ext
-eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_compiler_boilerplate=`cat conftest.err`
-$rm conftest*
-
-ac_outfile=conftest.$ac_objext
-printf "$lt_simple_link_test_code" >conftest.$ac_ext
-eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_linker_boilerplate=`cat conftest.err`
-$rm conftest*
-
-
-# Allow CC to be a program name with arguments.
-lt_save_CC="$CC"
-CC=${GCJ-"gcj"}
-compiler=$CC
-compiler_GCJ=$CC
-for cc_temp in $compiler""; do
-  case $cc_temp in
-    compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
-    distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
-    \-*) ;;
-    *) break;;
-  esac
-done
-cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
-
-
-# GCJ did not exist at the time GCC didn't implicitly link libc in.
-archive_cmds_need_lc_GCJ=no
-
-old_archive_cmds_GCJ=$old_archive_cmds
-
-
-lt_prog_compiler_no_builtin_flag_GCJ=
-
-if test "$GCC" = yes; then
-  lt_prog_compiler_no_builtin_flag_GCJ=' -fno-builtin'
-
-
-{ echo "$as_me:$LINENO: checking if $compiler supports -fno-rtti -fno-exceptions" >&5
-echo $ECHO_N "checking if $compiler supports -fno-rtti -fno-exceptions... $ECHO_C" >&6; }
-if test "${lt_cv_prog_compiler_rtti_exceptions+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  lt_cv_prog_compiler_rtti_exceptions=no
-  ac_outfile=conftest.$ac_objext
-   printf "$lt_simple_compile_test_code" > conftest.$ac_ext
-   lt_compiler_flag="-fno-rtti -fno-exceptions"
-   # Insert the option either (1) after the last *FLAGS variable, or
-   # (2) before a word containing "conftest.", or (3) at the end.
-   # Note that $ac_compile itself does not contain backslashes and begins
-   # with a dollar sign (not a hyphen), so the echo should work correctly.
-   # The option is referenced via a variable to avoid confusing sed.
-   lt_compile=`echo "$ac_compile" | $SED \
-   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-   -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:17164: $lt_compile\"" >&5)
-   (eval "$lt_compile" 2>conftest.err)
-   ac_status=$?
-   cat conftest.err >&5
-   echo "$as_me:17168: \$? = $ac_status" >&5
-   if (exit $ac_status) && test -s "$ac_outfile"; then
-     # The compiler can only warn and ignore the option if not recognized
-     # So say no if there are warnings other than the usual output.
-     $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
-     $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
-     if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
-       lt_cv_prog_compiler_rtti_exceptions=yes
-     fi
-   fi
-   $rm conftest*
-
-fi
-{ echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_rtti_exceptions" >&5
-echo "${ECHO_T}$lt_cv_prog_compiler_rtti_exceptions" >&6; }
-
-if test x"$lt_cv_prog_compiler_rtti_exceptions" = xyes; then
-    lt_prog_compiler_no_builtin_flag_GCJ="$lt_prog_compiler_no_builtin_flag_GCJ -fno-rtti -fno-exceptions"
-else
-    :
-fi
-
-fi
-
-lt_prog_compiler_wl_GCJ=
-lt_prog_compiler_pic_GCJ=
-lt_prog_compiler_static_GCJ=
-
-{ echo "$as_me:$LINENO: checking for $compiler option to produce PIC" >&5
-echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6; }
-
-  if test "$GCC" = yes; then
-    lt_prog_compiler_wl_GCJ='-Wl,'
-    lt_prog_compiler_static_GCJ='-static'
-
-    case $host_os in
-      aix*)
-      # All AIX code is PIC.
-      if test "$host_cpu" = ia64; then
-	# AIX 5 now supports IA64 processor
-	lt_prog_compiler_static_GCJ='-Bstatic'
-      fi
-      ;;
-
-    amigaos*)
-      # FIXME: we need at least 68020 code to build shared libraries, but
-      # adding the `-m68020' flag to GCC prevents building anything better,
-      # like `-m68040'.
-      lt_prog_compiler_pic_GCJ='-m68020 -resident32 -malways-restore-a4'
-      ;;
-
-    beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
-      # PIC is the default for these OSes.
-      ;;
-
-    mingw* | pw32* | os2*)
-      # This hack is so that the source file can tell whether it is being
-      # built for inclusion in a dll (and should export symbols for example).
-      lt_prog_compiler_pic_GCJ='-DDLL_EXPORT'
-      ;;
-
-    darwin* | rhapsody*)
-      # PIC is the default on this platform
-      # Common symbols not allowed in MH_DYLIB files
-      lt_prog_compiler_pic_GCJ='-fno-common'
-      ;;
-
-    interix3*)
-      # Interix 3.x gcc -fpic/-fPIC options generate broken code.
-      # Instead, we relocate shared libraries at runtime.
-      ;;
-
-    msdosdjgpp*)
-      # Just because we use GCC doesn't mean we suddenly get shared libraries
-      # on systems that don't support them.
-      lt_prog_compiler_can_build_shared_GCJ=no
-      enable_shared=no
-      ;;
-
-    sysv4*MP*)
-      if test -d /usr/nec; then
-	lt_prog_compiler_pic_GCJ=-Kconform_pic
-      fi
-      ;;
-
-    hpux*)
-      # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
-      # not for PA HP-UX.
-      case $host_cpu in
-      hppa*64*|ia64*)
-	# +Z the default
-	;;
-      *)
-	lt_prog_compiler_pic_GCJ='-fPIC'
-	;;
-      esac
-      ;;
-
-    *)
-      lt_prog_compiler_pic_GCJ='-fPIC'
-      ;;
-    esac
-  else
-    # PORTME Check for flag to pass linker flags through the system compiler.
-    case $host_os in
-    aix*)
-      lt_prog_compiler_wl_GCJ='-Wl,'
-      if test "$host_cpu" = ia64; then
-	# AIX 5 now supports IA64 processor
-	lt_prog_compiler_static_GCJ='-Bstatic'
-      else
-	lt_prog_compiler_static_GCJ='-bnso -bI:/lib/syscalls.exp'
-      fi
-      ;;
-      darwin*)
-        # PIC is the default on this platform
-        # Common symbols not allowed in MH_DYLIB files
-       case $cc_basename in
-         xlc*)
-         lt_prog_compiler_pic_GCJ='-qnocommon'
-         lt_prog_compiler_wl_GCJ='-Wl,'
-         ;;
-       esac
-       ;;
-
-    mingw* | pw32* | os2*)
-      # This hack is so that the source file can tell whether it is being
-      # built for inclusion in a dll (and should export symbols for example).
-      lt_prog_compiler_pic_GCJ='-DDLL_EXPORT'
-      ;;
-
-    hpux9* | hpux10* | hpux11*)
-      lt_prog_compiler_wl_GCJ='-Wl,'
-      # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
-      # not for PA HP-UX.
-      case $host_cpu in
-      hppa*64*|ia64*)
-	# +Z the default
-	;;
-      *)
-	lt_prog_compiler_pic_GCJ='+Z'
-	;;
-      esac
-      # Is there a better lt_prog_compiler_static that works with the bundled CC?
-      lt_prog_compiler_static_GCJ='${wl}-a ${wl}archive'
-      ;;
-
-    irix5* | irix6* | nonstopux*)
-      lt_prog_compiler_wl_GCJ='-Wl,'
-      # PIC (with -KPIC) is the default.
-      lt_prog_compiler_static_GCJ='-non_shared'
-      ;;
-
-    newsos6)
-      lt_prog_compiler_pic_GCJ='-KPIC'
-      lt_prog_compiler_static_GCJ='-Bstatic'
-      ;;
-
-    linux*)
-      case $cc_basename in
-      icc* | ecc*)
-	lt_prog_compiler_wl_GCJ='-Wl,'
-	lt_prog_compiler_pic_GCJ='-KPIC'
-	lt_prog_compiler_static_GCJ='-static'
-        ;;
-      pgcc* | pgf77* | pgf90* | pgf95*)
-        # Portland Group compilers (*not* the Pentium gcc compiler,
-	# which looks to be a dead project)
-	lt_prog_compiler_wl_GCJ='-Wl,'
-	lt_prog_compiler_pic_GCJ='-fpic'
-	lt_prog_compiler_static_GCJ='-Bstatic'
-        ;;
-      ccc*)
-        lt_prog_compiler_wl_GCJ='-Wl,'
-        # All Alpha code is PIC.
-        lt_prog_compiler_static_GCJ='-non_shared'
-        ;;
-      esac
-      ;;
-
-    osf3* | osf4* | osf5*)
-      lt_prog_compiler_wl_GCJ='-Wl,'
-      # All OSF/1 code is PIC.
-      lt_prog_compiler_static_GCJ='-non_shared'
-      ;;
-
-    solaris*)
-      lt_prog_compiler_pic_GCJ='-KPIC'
-      lt_prog_compiler_static_GCJ='-Bstatic'
-      case $cc_basename in
-      f77* | f90* | f95*)
-	lt_prog_compiler_wl_GCJ='-Qoption ld ';;
-      *)
-	lt_prog_compiler_wl_GCJ='-Wl,';;
-      esac
-      ;;
-
-    sunos4*)
-      lt_prog_compiler_wl_GCJ='-Qoption ld '
-      lt_prog_compiler_pic_GCJ='-PIC'
-      lt_prog_compiler_static_GCJ='-Bstatic'
-      ;;
-
-    sysv4 | sysv4.2uw2* | sysv4.3*)
-      lt_prog_compiler_wl_GCJ='-Wl,'
-      lt_prog_compiler_pic_GCJ='-KPIC'
-      lt_prog_compiler_static_GCJ='-Bstatic'
-      ;;
-
-    sysv4*MP*)
-      if test -d /usr/nec ;then
-	lt_prog_compiler_pic_GCJ='-Kconform_pic'
-	lt_prog_compiler_static_GCJ='-Bstatic'
-      fi
-      ;;
-
-    sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
-      lt_prog_compiler_wl_GCJ='-Wl,'
-      lt_prog_compiler_pic_GCJ='-KPIC'
-      lt_prog_compiler_static_GCJ='-Bstatic'
-      ;;
-
-    unicos*)
-      lt_prog_compiler_wl_GCJ='-Wl,'
-      lt_prog_compiler_can_build_shared_GCJ=no
-      ;;
-
-    uts4*)
-      lt_prog_compiler_pic_GCJ='-pic'
-      lt_prog_compiler_static_GCJ='-Bstatic'
-      ;;
-
-    *)
-      lt_prog_compiler_can_build_shared_GCJ=no
-      ;;
-    esac
-  fi
-
-{ echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_GCJ" >&5
-echo "${ECHO_T}$lt_prog_compiler_pic_GCJ" >&6; }
-
-#
-# Check to make sure the PIC flag actually works.
-#
-if test -n "$lt_prog_compiler_pic_GCJ"; then
-
-{ echo "$as_me:$LINENO: checking if $compiler PIC flag $lt_prog_compiler_pic_GCJ works" >&5
-echo $ECHO_N "checking if $compiler PIC flag $lt_prog_compiler_pic_GCJ works... $ECHO_C" >&6; }
-if test "${lt_prog_compiler_pic_works_GCJ+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  lt_prog_compiler_pic_works_GCJ=no
-  ac_outfile=conftest.$ac_objext
-   printf "$lt_simple_compile_test_code" > conftest.$ac_ext
-   lt_compiler_flag="$lt_prog_compiler_pic_GCJ"
-   # Insert the option either (1) after the last *FLAGS variable, or
-   # (2) before a word containing "conftest.", or (3) at the end.
-   # Note that $ac_compile itself does not contain backslashes and begins
-   # with a dollar sign (not a hyphen), so the echo should work correctly.
-   # The option is referenced via a variable to avoid confusing sed.
-   lt_compile=`echo "$ac_compile" | $SED \
-   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-   -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:17432: $lt_compile\"" >&5)
-   (eval "$lt_compile" 2>conftest.err)
-   ac_status=$?
-   cat conftest.err >&5
-   echo "$as_me:17436: \$? = $ac_status" >&5
-   if (exit $ac_status) && test -s "$ac_outfile"; then
-     # The compiler can only warn and ignore the option if not recognized
-     # So say no if there are warnings other than the usual output.
-     $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
-     $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
-     if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
-       lt_prog_compiler_pic_works_GCJ=yes
-     fi
-   fi
-   $rm conftest*
-
-fi
-{ echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_works_GCJ" >&5
-echo "${ECHO_T}$lt_prog_compiler_pic_works_GCJ" >&6; }
-
-if test x"$lt_prog_compiler_pic_works_GCJ" = xyes; then
-    case $lt_prog_compiler_pic_GCJ in
-     "" | " "*) ;;
-     *) lt_prog_compiler_pic_GCJ=" $lt_prog_compiler_pic_GCJ" ;;
-     esac
-else
-    lt_prog_compiler_pic_GCJ=
-     lt_prog_compiler_can_build_shared_GCJ=no
-fi
-
-fi
-case $host_os in
-  # For platforms which do not support PIC, -DPIC is meaningless:
-  *djgpp*)
-    lt_prog_compiler_pic_GCJ=
-    ;;
-  *)
-    lt_prog_compiler_pic_GCJ="$lt_prog_compiler_pic_GCJ"
-    ;;
-esac
-
-#
-# Check to make sure the static flag actually works.
-#
-wl=$lt_prog_compiler_wl_GCJ eval lt_tmp_static_flag=\"$lt_prog_compiler_static_GCJ\"
-{ echo "$as_me:$LINENO: checking if $compiler static flag $lt_tmp_static_flag works" >&5
-echo $ECHO_N "checking if $compiler static flag $lt_tmp_static_flag works... $ECHO_C" >&6; }
-if test "${lt_prog_compiler_static_works_GCJ+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  lt_prog_compiler_static_works_GCJ=no
-   save_LDFLAGS="$LDFLAGS"
-   LDFLAGS="$LDFLAGS $lt_tmp_static_flag"
-   printf "$lt_simple_link_test_code" > conftest.$ac_ext
-   if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
-     # The linker can only warn and ignore the option if not recognized
-     # So say no if there are warnings
-     if test -s conftest.err; then
-       # Append any errors to the config.log.
-       cat conftest.err 1>&5
-       $echo "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp
-       $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
-       if diff conftest.exp conftest.er2 >/dev/null; then
-         lt_prog_compiler_static_works_GCJ=yes
-       fi
-     else
-       lt_prog_compiler_static_works_GCJ=yes
-     fi
-   fi
-   $rm conftest*
-   LDFLAGS="$save_LDFLAGS"
-
-fi
-{ echo "$as_me:$LINENO: result: $lt_prog_compiler_static_works_GCJ" >&5
-echo "${ECHO_T}$lt_prog_compiler_static_works_GCJ" >&6; }
-
-if test x"$lt_prog_compiler_static_works_GCJ" = xyes; then
-    :
-else
-    lt_prog_compiler_static_GCJ=
-fi
-
-
-{ echo "$as_me:$LINENO: checking if $compiler supports -c -o file.$ac_objext" >&5
-echo $ECHO_N "checking if $compiler supports -c -o file.$ac_objext... $ECHO_C" >&6; }
-if test "${lt_cv_prog_compiler_c_o_GCJ+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  lt_cv_prog_compiler_c_o_GCJ=no
-   $rm -r conftest 2>/dev/null
-   mkdir conftest
-   cd conftest
-   mkdir out
-   printf "$lt_simple_compile_test_code" > conftest.$ac_ext
-
-   lt_compiler_flag="-o out/conftest2.$ac_objext"
-   # Insert the option either (1) after the last *FLAGS variable, or
-   # (2) before a word containing "conftest.", or (3) at the end.
-   # Note that $ac_compile itself does not contain backslashes and begins
-   # with a dollar sign (not a hyphen), so the echo should work correctly.
-   lt_compile=`echo "$ac_compile" | $SED \
-   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-   -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:17536: $lt_compile\"" >&5)
-   (eval "$lt_compile" 2>out/conftest.err)
-   ac_status=$?
-   cat out/conftest.err >&5
-   echo "$as_me:17540: \$? = $ac_status" >&5
-   if (exit $ac_status) && test -s out/conftest2.$ac_objext
-   then
-     # The compiler can only warn and ignore the option if not recognized
-     # So say no if there are warnings
-     $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
-     $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
-     if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
-       lt_cv_prog_compiler_c_o_GCJ=yes
-     fi
-   fi
-   chmod u+w . 2>&5
-   $rm conftest*
-   # SGI C++ compiler will create directory out/ii_files/ for
-   # template instantiation
-   test -d out/ii_files && $rm out/ii_files/* && rmdir out/ii_files
-   $rm out/* && rmdir out
-   cd ..
-   rmdir conftest
-   $rm conftest*
-
-fi
-{ echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_c_o_GCJ" >&5
-echo "${ECHO_T}$lt_cv_prog_compiler_c_o_GCJ" >&6; }
-
-
-hard_links="nottested"
-if test "$lt_cv_prog_compiler_c_o_GCJ" = no && test "$need_locks" != no; then
-  # do not overwrite the value of need_locks provided by the user
-  { echo "$as_me:$LINENO: checking if we can lock with hard links" >&5
-echo $ECHO_N "checking if we can lock with hard links... $ECHO_C" >&6; }
-  hard_links=yes
-  $rm conftest*
-  ln conftest.a conftest.b 2>/dev/null && hard_links=no
-  touch conftest.a
-  ln conftest.a conftest.b 2>&5 || hard_links=no
-  ln conftest.a conftest.b 2>/dev/null && hard_links=no
-  { echo "$as_me:$LINENO: result: $hard_links" >&5
-echo "${ECHO_T}$hard_links" >&6; }
-  if test "$hard_links" = no; then
-    { echo "$as_me:$LINENO: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5
-echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;}
-    need_locks=warn
-  fi
-else
-  need_locks=no
-fi
-
-{ echo "$as_me:$LINENO: checking whether the $compiler linker ($LD) supports shared libraries" >&5
-echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared libraries... $ECHO_C" >&6; }
-
-  runpath_var=
-  allow_undefined_flag_GCJ=
-  enable_shared_with_static_runtimes_GCJ=no
-  archive_cmds_GCJ=
-  archive_expsym_cmds_GCJ=
-  old_archive_From_new_cmds_GCJ=
-  old_archive_from_expsyms_cmds_GCJ=
-  export_dynamic_flag_spec_GCJ=
-  whole_archive_flag_spec_GCJ=
-  thread_safe_flag_spec_GCJ=
-  hardcode_libdir_flag_spec_GCJ=
-  hardcode_libdir_flag_spec_ld_GCJ=
-  hardcode_libdir_separator_GCJ=
-  hardcode_direct_GCJ=no
-  hardcode_minus_L_GCJ=no
-  hardcode_shlibpath_var_GCJ=unsupported
-  link_all_deplibs_GCJ=unknown
-  hardcode_automatic_GCJ=no
-  module_cmds_GCJ=
-  module_expsym_cmds_GCJ=
-  always_export_symbols_GCJ=no
-  export_symbols_cmds_GCJ='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
-  # include_expsyms should be a list of space-separated symbols to be *always*
-  # included in the symbol list
-  include_expsyms_GCJ=
-  # exclude_expsyms can be an extended regexp of symbols to exclude
-  # it will be wrapped by ` (' and `)$', so one must not match beginning or
-  # end of line.  Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc',
-  # as well as any symbol that contains `d'.
-  exclude_expsyms_GCJ="_GLOBAL_OFFSET_TABLE_"
-  # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
-  # platforms (ab)use it in PIC code, but their linkers get confused if
-  # the symbol is explicitly referenced.  Since portable code cannot
-  # rely on this symbol name, it's probably fine to never include it in
-  # preloaded symbol tables.
-  extract_expsyms_cmds=
-  # Just being paranoid about ensuring that cc_basename is set.
-  for cc_temp in $compiler""; do
-  case $cc_temp in
-    compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
-    distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
-    \-*) ;;
-    *) break;;
-  esac
-done
-cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
-
-  case $host_os in
-  cygwin* | mingw* | pw32*)
-    # FIXME: the MSVC++ port hasn't been tested in a loooong time
-    # When not using gcc, we currently assume that we are using
-    # Microsoft Visual C++.
-    if test "$GCC" != yes; then
-      with_gnu_ld=no
-    fi
-    ;;
-  interix*)
-    # we just hope/assume this is gcc and not c89 (= MSVC++)
-    with_gnu_ld=yes
-    ;;
-  openbsd*)
-    with_gnu_ld=no
-    ;;
-  esac
-
-  ld_shlibs_GCJ=yes
-  if test "$with_gnu_ld" = yes; then
-    # If archive_cmds runs LD, not CC, wlarc should be empty
-    wlarc='${wl}'
-
-    # Set some defaults for GNU ld with shared library support. These
-    # are reset later if shared libraries are not supported. Putting them
-    # here allows them to be overridden if necessary.
-    runpath_var=LD_RUN_PATH
-    hardcode_libdir_flag_spec_GCJ='${wl}--rpath ${wl}$libdir'
-    export_dynamic_flag_spec_GCJ='${wl}--export-dynamic'
-    # ancient GNU ld didn't support --whole-archive et. al.
-    if $LD --help 2>&1 | grep 'no-whole-archive' > /dev/null; then
-	whole_archive_flag_spec_GCJ="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
-      else
-  	whole_archive_flag_spec_GCJ=
-    fi
-    supports_anon_versioning=no
-    case `$LD -v 2>/dev/null` in
-      *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11
-      *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
-      *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
-      *\ 2.11.*) ;; # other 2.11 versions
-      *) supports_anon_versioning=yes ;;
-    esac
-
-    # See if GNU ld supports shared libraries.
-    case $host_os in
-    aix3* | aix4* | aix5*)
-      # On AIX/PPC, the GNU linker is very broken
-      if test "$host_cpu" != ia64; then
-	ld_shlibs_GCJ=no
-	cat <<EOF 1>&2
-
-*** Warning: the GNU linker, at least up to release 2.9.1, is reported
-*** to be unable to reliably create shared libraries on AIX.
-*** Therefore, libtool is disabling shared libraries support.  If you
-*** really care for shared libraries, you may want to modify your PATH
-*** so that a non-GNU linker is found, and then restart.
-
-EOF
-      fi
-      ;;
-
-    amigaos*)
-      archive_cmds_GCJ='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
-      hardcode_libdir_flag_spec_GCJ='-L$libdir'
-      hardcode_minus_L_GCJ=yes
-
-      # Samuel A. Falvo II <kc5tja@dolphin.openprojects.net> reports
-      # that the semantics of dynamic libraries on AmigaOS, at least up
-      # to version 4, is to share data among multiple programs linked
-      # with the same dynamic library.  Since this doesn't match the
-      # behavior of shared libraries on other platforms, we can't use
-      # them.
-      ld_shlibs_GCJ=no
-      ;;
-
-    beos*)
-      if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
-	allow_undefined_flag_GCJ=unsupported
-	# Joseph Beckenbach <jrb3@best.com> says some releases of gcc
-	# support --undefined.  This deserves some investigation.  FIXME
-	archive_cmds_GCJ='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
-      else
-	ld_shlibs_GCJ=no
-      fi
-      ;;
-
-    cygwin* | mingw* | pw32*)
-      # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, GCJ) is actually meaningless,
-      # as there is no search path for DLLs.
-      hardcode_libdir_flag_spec_GCJ='-L$libdir'
-      allow_undefined_flag_GCJ=unsupported
-      always_export_symbols_GCJ=no
-      enable_shared_with_static_runtimes_GCJ=yes
-      export_symbols_cmds_GCJ='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols'
-
-      if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
-        archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
-	# If the export-symbols file already is a .def file (1st line
-	# is EXPORTS), use it as is; otherwise, prepend...
-	archive_expsym_cmds_GCJ='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
-	  cp $export_symbols $output_objdir/$soname.def;
-	else
-	  echo EXPORTS > $output_objdir/$soname.def;
-	  cat $export_symbols >> $output_objdir/$soname.def;
-	fi~
-	$CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
-      else
-	ld_shlibs_GCJ=no
-      fi
-      ;;
-
-    interix3*)
-      hardcode_direct_GCJ=no
-      hardcode_shlibpath_var_GCJ=no
-      hardcode_libdir_flag_spec_GCJ='${wl}-rpath,$libdir'
-      export_dynamic_flag_spec_GCJ='${wl}-E'
-      # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
-      # Instead, shared libraries are loaded at an image base (0x10000000 by
-      # default) and relocated if they conflict, which is a slow very memory
-      # consuming and fragmenting process.  To avoid this, we pick a random,
-      # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
-      # time.  Moving up from 0x10000000 also allows more sbrk(2) space.
-      archive_cmds_GCJ='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-      archive_expsym_cmds_GCJ='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-      ;;
-
-    linux*)
-      if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
-	tmp_addflag=
-	case $cc_basename,$host_cpu in
-	pgcc*)				# Portland Group C compiler
-	  whole_archive_flag_spec_GCJ='${wl}--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
-	  tmp_addflag=' $pic_flag'
-	  ;;
-	pgf77* | pgf90* | pgf95*)	# Portland Group f77 and f90 compilers
-	  whole_archive_flag_spec_GCJ='${wl}--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
-	  tmp_addflag=' $pic_flag -Mnomain' ;;
-	ecc*,ia64* | icc*,ia64*)		# Intel C compiler on ia64
-	  tmp_addflag=' -i_dynamic' ;;
-	efc*,ia64* | ifort*,ia64*)	# Intel Fortran compiler on ia64
-	  tmp_addflag=' -i_dynamic -nofor_main' ;;
-	ifc* | ifort*)			# Intel Fortran compiler
-	  tmp_addflag=' -nofor_main' ;;
-	esac
-	archive_cmds_GCJ='$CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
-
-	if test $supports_anon_versioning = yes; then
-	  archive_expsym_cmds_GCJ='$echo "{ global:" > $output_objdir/$libname.ver~
-  cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
-  $echo "local: *; };" >> $output_objdir/$libname.ver~
-	  $CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
-	fi
-      else
-	ld_shlibs_GCJ=no
-      fi
-      ;;
-
-    netbsd*)
-      if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
-	archive_cmds_GCJ='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
-	wlarc=
-      else
-	archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
-	archive_expsym_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
-      fi
-      ;;
-
-    solaris*)
-      if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then
-	ld_shlibs_GCJ=no
-	cat <<EOF 1>&2
-
-*** Warning: The releases 2.8.* of the GNU linker cannot reliably
-*** create shared libraries on Solaris systems.  Therefore, libtool
-*** is disabling shared libraries support.  We urge you to upgrade GNU
-*** binutils to release 2.9.1 or newer.  Another option is to modify
-*** your PATH or compiler configuration so that the native linker is
-*** used, and then restart.
-
-EOF
-      elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
-	archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
-	archive_expsym_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
-      else
-	ld_shlibs_GCJ=no
-      fi
-      ;;
-
-    sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
-      case `$LD -v 2>&1` in
-        *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*)
-	ld_shlibs_GCJ=no
-	cat <<_LT_EOF 1>&2
-
-*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not
-*** reliably create shared libraries on SCO systems.  Therefore, libtool
-*** is disabling shared libraries support.  We urge you to upgrade GNU
-*** binutils to release 2.16.91.0.3 or newer.  Another option is to modify
-*** your PATH or compiler configuration so that the native linker is
-*** used, and then restart.
-
-_LT_EOF
-	;;
-	*)
-	  if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
-	    hardcode_libdir_flag_spec_GCJ='`test -z "$SCOABSPATH" && echo ${wl}-rpath,$libdir`'
-	    archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib'
-	    archive_expsym_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname,-retain-symbols-file,$export_symbols -o $lib'
-	  else
-	    ld_shlibs_GCJ=no
-	  fi
-	;;
-      esac
-      ;;
-
-    sunos4*)
-      archive_cmds_GCJ='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
-      wlarc=
-      hardcode_direct_GCJ=yes
-      hardcode_shlibpath_var_GCJ=no
-      ;;
-
-    *)
-      if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
-	archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
-	archive_expsym_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
-      else
-	ld_shlibs_GCJ=no
-      fi
-      ;;
-    esac
-
-    if test "$ld_shlibs_GCJ" = no; then
-      runpath_var=
-      hardcode_libdir_flag_spec_GCJ=
-      export_dynamic_flag_spec_GCJ=
-      whole_archive_flag_spec_GCJ=
-    fi
-  else
-    # PORTME fill in a description of your system's linker (not GNU ld)
-    case $host_os in
-    aix3*)
-      allow_undefined_flag_GCJ=unsupported
-      always_export_symbols_GCJ=yes
-      archive_expsym_cmds_GCJ='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
-      # Note: this linker hardcodes the directories in LIBPATH if there
-      # are no directories specified by -L.
-      hardcode_minus_L_GCJ=yes
-      if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then
-	# Neither direct hardcoding nor static linking is supported with a
-	# broken collect2.
-	hardcode_direct_GCJ=unsupported
-      fi
-      ;;
-
-    aix4* | aix5*)
-      if test "$host_cpu" = ia64; then
-	# On IA64, the linker does run time linking by default, so we don't
-	# have to do anything special.
-	aix_use_runtimelinking=no
-	exp_sym_flag='-Bexport'
-	no_entry_flag=""
-      else
-	# If we're using GNU nm, then we don't want the "-C" option.
-	# -C means demangle to AIX nm, but means don't demangle with GNU nm
-	if $NM -V 2>&1 | grep 'GNU' > /dev/null; then
-	  export_symbols_cmds_GCJ='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols'
-	else
-	  export_symbols_cmds_GCJ='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols'
-	fi
-	aix_use_runtimelinking=no
-
-	# Test if we are trying to use run time linking or normal
-	# AIX style linking. If -brtl is somewhere in LDFLAGS, we
-	# need to do runtime linking.
-	case $host_os in aix4.[23]|aix4.[23].*|aix5*)
-	  for ld_flag in $LDFLAGS; do
-  	  if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
-  	    aix_use_runtimelinking=yes
-  	    break
-  	  fi
-	  done
-	  ;;
-	esac
-
-	exp_sym_flag='-bexport'
-	no_entry_flag='-bnoentry'
-      fi
-
-      # When large executables or shared objects are built, AIX ld can
-      # have problems creating the table of contents.  If linking a library
-      # or program results in "error TOC overflow" add -mminimal-toc to
-      # CXXFLAGS/CFLAGS for g++/gcc.  In the cases where that is not
-      # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
-
-      archive_cmds_GCJ=''
-      hardcode_direct_GCJ=yes
-      hardcode_libdir_separator_GCJ=':'
-      link_all_deplibs_GCJ=yes
-
-      if test "$GCC" = yes; then
-	case $host_os in aix4.[012]|aix4.[012].*)
-	# We only want to do this on AIX 4.2 and lower, the check
-	# below for broken collect2 doesn't work under 4.3+
-	  collect2name=`${CC} -print-prog-name=collect2`
-	  if test -f "$collect2name" && \
-  	   strings "$collect2name" | grep resolve_lib_name >/dev/null
-	  then
-  	  # We have reworked collect2
-  	  hardcode_direct_GCJ=yes
-	  else
-  	  # We have old collect2
-  	  hardcode_direct_GCJ=unsupported
-  	  # It fails to find uninstalled libraries when the uninstalled
-  	  # path is not listed in the libpath.  Setting hardcode_minus_L
-  	  # to unsupported forces relinking
-  	  hardcode_minus_L_GCJ=yes
-  	  hardcode_libdir_flag_spec_GCJ='-L$libdir'
-  	  hardcode_libdir_separator_GCJ=
-	  fi
-	  ;;
-	esac
-	shared_flag='-shared'
-	if test "$aix_use_runtimelinking" = yes; then
-	  shared_flag="$shared_flag "'${wl}-G'
-	fi
-      else
-	# not using gcc
-	if test "$host_cpu" = ia64; then
-  	# VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
-  	# chokes on -Wl,-G. The following line is correct:
-	  shared_flag='-G'
-	else
-	  if test "$aix_use_runtimelinking" = yes; then
-	    shared_flag='${wl}-G'
-	  else
-	    shared_flag='${wl}-bM:SRE'
-	  fi
-	fi
-      fi
-
-      # It seems that -bexpall does not export symbols beginning with
-      # underscore (_), so it is better to generate a list of symbols to export.
-      always_export_symbols_GCJ=yes
-      if test "$aix_use_runtimelinking" = yes; then
-	# Warning - without using the other runtime loading flags (-brtl),
-	# -berok will link without error, but may produce a broken library.
-	allow_undefined_flag_GCJ='-berok'
-       # Determine the default libpath from the value encoded in an empty executable.
-       cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-
-aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
-}'`
-# Check for a 64-bit object if we didn't find anything.
-if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
-}'`; fi
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
-
-       hardcode_libdir_flag_spec_GCJ='${wl}-blibpath:$libdir:'"$aix_libpath"
-	archive_expsym_cmds_GCJ="\$CC"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
-       else
-	if test "$host_cpu" = ia64; then
-	  hardcode_libdir_flag_spec_GCJ='${wl}-R $libdir:/usr/lib:/lib'
-	  allow_undefined_flag_GCJ="-z nodefs"
-	  archive_expsym_cmds_GCJ="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols"
-	else
-	 # Determine the default libpath from the value encoded in an empty executable.
-	 cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-
-aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
-}'`
-# Check for a 64-bit object if we didn't find anything.
-if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
-}'`; fi
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
-
-	 hardcode_libdir_flag_spec_GCJ='${wl}-blibpath:$libdir:'"$aix_libpath"
-	  # Warning - without using the other run time loading flags,
-	  # -berok will link without error, but may produce a broken library.
-	  no_undefined_flag_GCJ=' ${wl}-bernotok'
-	  allow_undefined_flag_GCJ=' ${wl}-berok'
-	  # Exported symbols can be pulled into shared objects from archives
-	  whole_archive_flag_spec_GCJ='$convenience'
-	  archive_cmds_need_lc_GCJ=yes
-	  # This is similar to how AIX traditionally builds its shared libraries.
-	  archive_expsym_cmds_GCJ="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
-	fi
-      fi
-      ;;
-
-    amigaos*)
-      archive_cmds_GCJ='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
-      hardcode_libdir_flag_spec_GCJ='-L$libdir'
-      hardcode_minus_L_GCJ=yes
-      # see comment about different semantics on the GNU ld section
-      ld_shlibs_GCJ=no
-      ;;
-
-    bsdi[45]*)
-      export_dynamic_flag_spec_GCJ=-rdynamic
-      ;;
-
-    cygwin* | mingw* | pw32*)
-      # When not using gcc, we currently assume that we are using
-      # Microsoft Visual C++.
-      # hardcode_libdir_flag_spec is actually meaningless, as there is
-      # no search path for DLLs.
-      hardcode_libdir_flag_spec_GCJ=' '
-      allow_undefined_flag_GCJ=unsupported
-      # Tell ltmain to make .lib files, not .a files.
-      libext=lib
-      # Tell ltmain to make .dll files, not .so files.
-      shrext_cmds=".dll"
-      # FIXME: Setting linknames here is a bad hack.
-      archive_cmds_GCJ='$CC -o $lib $libobjs $compiler_flags `echo "$deplibs" | $SED -e '\''s/ -lc$//'\''` -link -dll~linknames='
-      # The linker will automatically build a .lib file if we build a DLL.
-      old_archive_From_new_cmds_GCJ='true'
-      # FIXME: Should let the user specify the lib program.
-      old_archive_cmds_GCJ='lib /OUT:$oldlib$oldobjs$old_deplibs'
-      fix_srcfile_path_GCJ='`cygpath -w "$srcfile"`'
-      enable_shared_with_static_runtimes_GCJ=yes
-      ;;
-
-    darwin* | rhapsody*)
-      case $host_os in
-        rhapsody* | darwin1.[012])
-         allow_undefined_flag_GCJ='${wl}-undefined ${wl}suppress'
-         ;;
-       *) # Darwin 1.3 on
-         if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then
-           allow_undefined_flag_GCJ='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
-         else
-           case ${MACOSX_DEPLOYMENT_TARGET} in
-             10.[012])
-               allow_undefined_flag_GCJ='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
-               ;;
-             10.*)
-               allow_undefined_flag_GCJ='${wl}-undefined ${wl}dynamic_lookup'
-               ;;
-           esac
-         fi
-         ;;
-      esac
-      archive_cmds_need_lc_GCJ=no
-      hardcode_direct_GCJ=no
-      hardcode_automatic_GCJ=yes
-      hardcode_shlibpath_var_GCJ=unsupported
-      whole_archive_flag_spec_GCJ=''
-      link_all_deplibs_GCJ=yes
-    if test "$GCC" = yes ; then
-    	output_verbose_link_cmd='echo'
-        archive_cmds_GCJ='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring'
-      module_cmds_GCJ='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
-      # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
-      archive_expsym_cmds_GCJ='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
-      module_expsym_cmds_GCJ='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag  -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
-    else
-      case $cc_basename in
-        xlc*)
-         output_verbose_link_cmd='echo'
-         archive_cmds_GCJ='$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring'
-         module_cmds_GCJ='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
-          # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
-         archive_expsym_cmds_GCJ='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
-          module_expsym_cmds_GCJ='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag  -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
-          ;;
-       *)
-         ld_shlibs_GCJ=no
-          ;;
-      esac
-    fi
-      ;;
-
-    dgux*)
-      archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      hardcode_libdir_flag_spec_GCJ='-L$libdir'
-      hardcode_shlibpath_var_GCJ=no
-      ;;
-
-    freebsd1*)
-      ld_shlibs_GCJ=no
-      ;;
-
-    # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
-    # support.  Future versions do this automatically, but an explicit c++rt0.o
-    # does not break anything, and helps significantly (at the cost of a little
-    # extra space).
-    freebsd2.2*)
-      archive_cmds_GCJ='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
-      hardcode_libdir_flag_spec_GCJ='-R$libdir'
-      hardcode_direct_GCJ=yes
-      hardcode_shlibpath_var_GCJ=no
-      ;;
-
-    # Unfortunately, older versions of FreeBSD 2 do not have this feature.
-    freebsd2*)
-      archive_cmds_GCJ='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
-      hardcode_direct_GCJ=yes
-      hardcode_minus_L_GCJ=yes
-      hardcode_shlibpath_var_GCJ=no
-      ;;
-
-    # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
-    freebsd* | kfreebsd*-gnu | dragonfly*)
-      archive_cmds_GCJ='$CC -shared -o $lib $libobjs $deplibs $compiler_flags'
-      hardcode_libdir_flag_spec_GCJ='-R$libdir'
-      hardcode_direct_GCJ=yes
-      hardcode_shlibpath_var_GCJ=no
-      ;;
-
-    hpux9*)
-      if test "$GCC" = yes; then
-	archive_cmds_GCJ='$rm $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
-      else
-	archive_cmds_GCJ='$rm $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
-      fi
-      hardcode_libdir_flag_spec_GCJ='${wl}+b ${wl}$libdir'
-      hardcode_libdir_separator_GCJ=:
-      hardcode_direct_GCJ=yes
-
-      # hardcode_minus_L: Not really in the search PATH,
-      # but as the default location of the library.
-      hardcode_minus_L_GCJ=yes
-      export_dynamic_flag_spec_GCJ='${wl}-E'
-      ;;
-
-    hpux10*)
-      if test "$GCC" = yes -a "$with_gnu_ld" = no; then
-	archive_cmds_GCJ='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	archive_cmds_GCJ='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
-      fi
-      if test "$with_gnu_ld" = no; then
-	hardcode_libdir_flag_spec_GCJ='${wl}+b ${wl}$libdir'
-	hardcode_libdir_separator_GCJ=:
-
-	hardcode_direct_GCJ=yes
-	export_dynamic_flag_spec_GCJ='${wl}-E'
-
-	# hardcode_minus_L: Not really in the search PATH,
-	# but as the default location of the library.
-	hardcode_minus_L_GCJ=yes
-      fi
-      ;;
-
-    hpux11*)
-      if test "$GCC" = yes -a "$with_gnu_ld" = no; then
-	case $host_cpu in
-	hppa*64*)
-	  archive_cmds_GCJ='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	ia64*)
-	  archive_cmds_GCJ='$CC -shared ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	*)
-	  archive_cmds_GCJ='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	esac
-      else
-	case $host_cpu in
-	hppa*64*)
-	  archive_cmds_GCJ='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	ia64*)
-	  archive_cmds_GCJ='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	*)
-	  archive_cmds_GCJ='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	esac
-      fi
-      if test "$with_gnu_ld" = no; then
-	hardcode_libdir_flag_spec_GCJ='${wl}+b ${wl}$libdir'
-	hardcode_libdir_separator_GCJ=:
-
-	case $host_cpu in
-	hppa*64*|ia64*)
-	  hardcode_libdir_flag_spec_ld_GCJ='+b $libdir'
-	  hardcode_direct_GCJ=no
-	  hardcode_shlibpath_var_GCJ=no
-	  ;;
-	*)
-	  hardcode_direct_GCJ=yes
-	  export_dynamic_flag_spec_GCJ='${wl}-E'
-
-	  # hardcode_minus_L: Not really in the search PATH,
-	  # but as the default location of the library.
-	  hardcode_minus_L_GCJ=yes
-	  ;;
-	esac
-      fi
-      ;;
-
-    irix5* | irix6* | nonstopux*)
-      if test "$GCC" = yes; then
-	archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
-      else
-	archive_cmds_GCJ='$LD -shared $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
-	hardcode_libdir_flag_spec_ld_GCJ='-rpath $libdir'
-      fi
-      hardcode_libdir_flag_spec_GCJ='${wl}-rpath ${wl}$libdir'
-      hardcode_libdir_separator_GCJ=:
-      link_all_deplibs_GCJ=yes
-      ;;
-
-    netbsd*)
-      if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
-	archive_cmds_GCJ='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'  # a.out
-      else
-	archive_cmds_GCJ='$LD -shared -o $lib $libobjs $deplibs $linker_flags'      # ELF
-      fi
-      hardcode_libdir_flag_spec_GCJ='-R$libdir'
-      hardcode_direct_GCJ=yes
-      hardcode_shlibpath_var_GCJ=no
-      ;;
-
-    newsos6)
-      archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      hardcode_direct_GCJ=yes
-      hardcode_libdir_flag_spec_GCJ='${wl}-rpath ${wl}$libdir'
-      hardcode_libdir_separator_GCJ=:
-      hardcode_shlibpath_var_GCJ=no
-      ;;
-
-    openbsd*)
-      hardcode_direct_GCJ=yes
-      hardcode_shlibpath_var_GCJ=no
-      if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
-	archive_cmds_GCJ='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
-	archive_expsym_cmds_GCJ='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols'
-	hardcode_libdir_flag_spec_GCJ='${wl}-rpath,$libdir'
-	export_dynamic_flag_spec_GCJ='${wl}-E'
-      else
-       case $host_os in
-	 openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*)
-	   archive_cmds_GCJ='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
-	   hardcode_libdir_flag_spec_GCJ='-R$libdir'
-	   ;;
-	 *)
-	   archive_cmds_GCJ='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
-	   hardcode_libdir_flag_spec_GCJ='${wl}-rpath,$libdir'
-	   ;;
-       esac
-      fi
-      ;;
-
-    os2*)
-      hardcode_libdir_flag_spec_GCJ='-L$libdir'
-      hardcode_minus_L_GCJ=yes
-      allow_undefined_flag_GCJ=unsupported
-      archive_cmds_GCJ='$echo "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$echo "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$echo DATA >> $output_objdir/$libname.def~$echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~$echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def'
-      old_archive_From_new_cmds_GCJ='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def'
-      ;;
-
-    osf3*)
-      if test "$GCC" = yes; then
-	allow_undefined_flag_GCJ=' ${wl}-expect_unresolved ${wl}\*'
-	archive_cmds_GCJ='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
-      else
-	allow_undefined_flag_GCJ=' -expect_unresolved \*'
-	archive_cmds_GCJ='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
-      fi
-      hardcode_libdir_flag_spec_GCJ='${wl}-rpath ${wl}$libdir'
-      hardcode_libdir_separator_GCJ=:
-      ;;
-
-    osf4* | osf5*)	# as osf3* with the addition of -msym flag
-      if test "$GCC" = yes; then
-	allow_undefined_flag_GCJ=' ${wl}-expect_unresolved ${wl}\*'
-	archive_cmds_GCJ='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
-	hardcode_libdir_flag_spec_GCJ='${wl}-rpath ${wl}$libdir'
-      else
-	allow_undefined_flag_GCJ=' -expect_unresolved \*'
-	archive_cmds_GCJ='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
-	archive_expsym_cmds_GCJ='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; echo "-hidden">> $lib.exp~
-	$LD -shared${allow_undefined_flag} -input $lib.exp $linker_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib~$rm $lib.exp'
-
-	# Both c and cxx compiler support -rpath directly
-	hardcode_libdir_flag_spec_GCJ='-rpath $libdir'
-      fi
-      hardcode_libdir_separator_GCJ=:
-      ;;
-
-    solaris*)
-      no_undefined_flag_GCJ=' -z text'
-      if test "$GCC" = yes; then
-	wlarc='${wl}'
-	archive_cmds_GCJ='$CC -shared ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
-	archive_expsym_cmds_GCJ='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
-	  $CC -shared ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$rm $lib.exp'
-      else
-	wlarc=''
-	archive_cmds_GCJ='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	archive_expsym_cmds_GCJ='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
-  	$LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp'
-      fi
-      hardcode_libdir_flag_spec_GCJ='-R$libdir'
-      hardcode_shlibpath_var_GCJ=no
-      case $host_os in
-      solaris2.[0-5] | solaris2.[0-5].*) ;;
-      *)
- 	# The compiler driver will combine linker options so we
- 	# cannot just pass the convience library names through
- 	# without $wl, iff we do not link with $LD.
- 	# Luckily, gcc supports the same syntax we need for Sun Studio.
- 	# Supported since Solaris 2.6 (maybe 2.5.1?)
- 	case $wlarc in
- 	'')
- 	  whole_archive_flag_spec_GCJ='-z allextract$convenience -z defaultextract' ;;
- 	*)
- 	  whole_archive_flag_spec_GCJ='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract' ;;
- 	esac ;;
-      esac
-      link_all_deplibs_GCJ=yes
-      ;;
-
-    sunos4*)
-      if test "x$host_vendor" = xsequent; then
-	# Use $CC to link under sequent, because it throws in some extra .o
-	# files that make .init and .fini sections work.
-	archive_cmds_GCJ='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	archive_cmds_GCJ='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
-      fi
-      hardcode_libdir_flag_spec_GCJ='-L$libdir'
-      hardcode_direct_GCJ=yes
-      hardcode_minus_L_GCJ=yes
-      hardcode_shlibpath_var_GCJ=no
-      ;;
-
-    sysv4)
-      case $host_vendor in
-	sni)
-	  archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	  hardcode_direct_GCJ=yes # is this really true???
-	;;
-	siemens)
-	  ## LD is ld it makes a PLAMLIB
-	  ## CC just makes a GrossModule.
-	  archive_cmds_GCJ='$LD -G -o $lib $libobjs $deplibs $linker_flags'
-	  reload_cmds_GCJ='$CC -r -o $output$reload_objs'
-	  hardcode_direct_GCJ=no
-        ;;
-	motorola)
-	  archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	  hardcode_direct_GCJ=no #Motorola manual says yes, but my tests say they lie
-	;;
-      esac
-      runpath_var='LD_RUN_PATH'
-      hardcode_shlibpath_var_GCJ=no
-      ;;
-
-    sysv4.3*)
-      archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      hardcode_shlibpath_var_GCJ=no
-      export_dynamic_flag_spec_GCJ='-Bexport'
-      ;;
-
-    sysv4*MP*)
-      if test -d /usr/nec; then
-	archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	hardcode_shlibpath_var_GCJ=no
-	runpath_var=LD_RUN_PATH
-	hardcode_runpath_var=yes
-	ld_shlibs_GCJ=yes
-      fi
-      ;;
-
-    sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7*)
-      no_undefined_flag_GCJ='${wl}-z,text'
-      archive_cmds_need_lc_GCJ=no
-      hardcode_shlibpath_var_GCJ=no
-      runpath_var='LD_RUN_PATH'
-
-      if test "$GCC" = yes; then
-	archive_cmds_GCJ='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	archive_expsym_cmds_GCJ='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	archive_cmds_GCJ='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	archive_expsym_cmds_GCJ='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-      fi
-      ;;
-
-    sysv5* | sco3.2v5* | sco5v6*)
-      # Note: We can NOT use -z defs as we might desire, because we do not
-      # link with -lc, and that would cause any symbols used from libc to
-      # always be unresolved, which means just about no library would
-      # ever link correctly.  If we're not using GNU ld we use -z text
-      # though, which does catch some bad symbols but isn't as heavy-handed
-      # as -z defs.
-      no_undefined_flag_GCJ='${wl}-z,text'
-      allow_undefined_flag_GCJ='${wl}-z,nodefs'
-      archive_cmds_need_lc_GCJ=no
-      hardcode_shlibpath_var_GCJ=no
-      hardcode_libdir_flag_spec_GCJ='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`'
-      hardcode_libdir_separator_GCJ=':'
-      link_all_deplibs_GCJ=yes
-      export_dynamic_flag_spec_GCJ='${wl}-Bexport'
-      runpath_var='LD_RUN_PATH'
-
-      if test "$GCC" = yes; then
-	archive_cmds_GCJ='$CC -shared ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
-	archive_expsym_cmds_GCJ='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	archive_cmds_GCJ='$CC -G ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
-	archive_expsym_cmds_GCJ='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
-      fi
-      ;;
-
-    uts4*)
-      archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      hardcode_libdir_flag_spec_GCJ='-L$libdir'
-      hardcode_shlibpath_var_GCJ=no
-      ;;
-
-    *)
-      ld_shlibs_GCJ=no
-      ;;
-    esac
-  fi
-
-{ echo "$as_me:$LINENO: result: $ld_shlibs_GCJ" >&5
-echo "${ECHO_T}$ld_shlibs_GCJ" >&6; }
-test "$ld_shlibs_GCJ" = no && can_build_shared=no
-
-#
-# Do we need to explicitly link libc?
-#
-case "x$archive_cmds_need_lc_GCJ" in
-x|xyes)
-  # Assume -lc should be added
-  archive_cmds_need_lc_GCJ=yes
-
-  if test "$enable_shared" = yes && test "$GCC" = yes; then
-    case $archive_cmds_GCJ in
-    *'~'*)
-      # FIXME: we may have to deal with multi-command sequences.
-      ;;
-    '$CC '*)
-      # Test whether the compiler implicitly links with -lc since on some
-      # systems, -lgcc has to come before -lc. If gcc already passes -lc
-      # to ld, don't add -lc before -lgcc.
-      { echo "$as_me:$LINENO: checking whether -lc should be explicitly linked in" >&5
-echo $ECHO_N "checking whether -lc should be explicitly linked in... $ECHO_C" >&6; }
-      $rm conftest*
-      printf "$lt_simple_compile_test_code" > conftest.$ac_ext
-
-      if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } 2>conftest.err; then
-        soname=conftest
-        lib=conftest
-        libobjs=conftest.$ac_objext
-        deplibs=
-        wl=$lt_prog_compiler_wl_GCJ
-	pic_flag=$lt_prog_compiler_pic_GCJ
-        compiler_flags=-v
-        linker_flags=-v
-        verstring=
-        output_objdir=.
-        libname=conftest
-        lt_save_allow_undefined_flag=$allow_undefined_flag_GCJ
-        allow_undefined_flag_GCJ=
-        if { (eval echo "$as_me:$LINENO: \"$archive_cmds_GCJ 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1\"") >&5
-  (eval $archive_cmds_GCJ 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }
-        then
-	  archive_cmds_need_lc_GCJ=no
-        else
-	  archive_cmds_need_lc_GCJ=yes
-        fi
-        allow_undefined_flag_GCJ=$lt_save_allow_undefined_flag
-      else
-        cat conftest.err 1>&5
-      fi
-      $rm conftest*
-      { echo "$as_me:$LINENO: result: $archive_cmds_need_lc_GCJ" >&5
-echo "${ECHO_T}$archive_cmds_need_lc_GCJ" >&6; }
-      ;;
-    esac
-  fi
-  ;;
-esac
-
-{ echo "$as_me:$LINENO: checking dynamic linker characteristics" >&5
-echo $ECHO_N "checking dynamic linker characteristics... $ECHO_C" >&6; }
-library_names_spec=
-libname_spec='lib$name'
-soname_spec=
-shrext_cmds=".so"
-postinstall_cmds=
-postuninstall_cmds=
-finish_cmds=
-finish_eval=
-shlibpath_var=
-shlibpath_overrides_runpath=unknown
-version_type=none
-dynamic_linker="$host_os ld.so"
-sys_lib_dlsearch_path_spec="/lib /usr/lib"
-if test "$GCC" = yes; then
-  sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
-  if echo "$sys_lib_search_path_spec" | grep ';' >/dev/null ; then
-    # if the path contains ";" then we assume it to be the separator
-    # otherwise default to the standard path separator (i.e. ":") - it is
-    # assumed that no part of a normal pathname contains ";" but that should
-    # okay in the real world where ";" in dirpaths is itself problematic.
-    sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
-  else
-    sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED  -e "s/$PATH_SEPARATOR/ /g"`
-  fi
-else
-  sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
-fi
-need_lib_prefix=unknown
-hardcode_into_libs=no
-
-# when you set need_version to no, make sure it does not cause -set_version
-# flags to be left without arguments
-need_version=unknown
-
-case $host_os in
-aix3*)
-  version_type=linux
-  library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
-  shlibpath_var=LIBPATH
-
-  # AIX 3 has no versioning support, so we append a major version to the name.
-  soname_spec='${libname}${release}${shared_ext}$major'
-  ;;
-
-aix4* | aix5*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  hardcode_into_libs=yes
-  if test "$host_cpu" = ia64; then
-    # AIX 5 supports IA64
-    library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}'
-    shlibpath_var=LD_LIBRARY_PATH
-  else
-    # With GCC up to 2.95.x, collect2 would create an import file
-    # for dependence libraries.  The import file would start with
-    # the line `#! .'.  This would cause the generated library to
-    # depend on `.', always an invalid library.  This was fixed in
-    # development snapshots of GCC prior to 3.0.
-    case $host_os in
-      aix4 | aix4.[01] | aix4.[01].*)
-      if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
-	   echo ' yes '
-	   echo '#endif'; } | ${CC} -E - | grep yes > /dev/null; then
-	:
-      else
-	can_build_shared=no
-      fi
-      ;;
-    esac
-    # AIX (on Power*) has no versioning support, so currently we can not hardcode correct
-    # soname into executable. Probably we can add versioning support to
-    # collect2, so additional links can be useful in future.
-    if test "$aix_use_runtimelinking" = yes; then
-      # If using run time linking (on AIX 4.2 or later) use lib<name>.so
-      # instead of lib<name>.a to let people know that these are not
-      # typical AIX shared libraries.
-      library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-    else
-      # We preserve .a as extension for shared libraries through AIX4.2
-      # and later when we are not doing run time linking.
-      library_names_spec='${libname}${release}.a $libname.a'
-      soname_spec='${libname}${release}${shared_ext}$major'
-    fi
-    shlibpath_var=LIBPATH
-  fi
-  ;;
-
-amigaos*)
-  library_names_spec='$libname.ixlibrary $libname.a'
-  # Create ${libname}_ixlibrary.a entries in /sys/libs.
-  finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
-  ;;
-
-beos*)
-  library_names_spec='${libname}${shared_ext}'
-  dynamic_linker="$host_os ld.so"
-  shlibpath_var=LIBRARY_PATH
-  ;;
-
-bsdi[45]*)
-  version_type=linux
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
-  sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
-  # the default ld.so.conf also contains /usr/contrib/lib and
-  # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
-  # libtool to hard-code these into programs
-  ;;
-
-cygwin* | mingw* | pw32*)
-  version_type=windows
-  shrext_cmds=".dll"
-  need_version=no
-  need_lib_prefix=no
-
-  case $GCC,$host_os in
-  yes,cygwin* | yes,mingw* | yes,pw32*)
-    library_names_spec='$libname.dll.a'
-    # DLL is installed to $(libdir)/../bin by postinstall_cmds
-    postinstall_cmds='base_file=`basename \${file}`~
-      dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i;echo \$dlname'\''`~
-      dldir=$destdir/`dirname \$dlpath`~
-      test -d \$dldir || mkdir -p \$dldir~
-      $install_prog $dir/$dlname \$dldir/$dlname~
-      chmod a+x \$dldir/$dlname'
-    postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
-      dlpath=$dir/\$dldll~
-       $rm \$dlpath'
-    shlibpath_overrides_runpath=yes
-
-    case $host_os in
-    cygwin*)
-      # Cygwin DLLs use 'cyg' prefix rather than 'lib'
-      soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
-      sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib"
-      ;;
-    mingw*)
-      # MinGW DLLs use traditional 'lib' prefix
-      soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
-      sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
-      if echo "$sys_lib_search_path_spec" | grep ';[c-zC-Z]:/' >/dev/null; then
-        # It is most probably a Windows format PATH printed by
-        # mingw gcc, but we are running on Cygwin. Gcc prints its search
-        # path with ; separators, and with drive letters. We can handle the
-        # drive letters (cygwin fileutils understands them), so leave them,
-        # especially as we might pass files found there to a mingw objdump,
-        # which wouldn't understand a cygwinified path. Ahh.
-        sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
-      else
-        sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED  -e "s/$PATH_SEPARATOR/ /g"`
-      fi
-      ;;
-    pw32*)
-      # pw32 DLLs use 'pw' prefix rather than 'lib'
-      library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
-      ;;
-    esac
-    ;;
-
-  *)
-    library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib'
-    ;;
-  esac
-  dynamic_linker='Win32 ld.exe'
-  # FIXME: first we should search . and the directory the executable is in
-  shlibpath_var=PATH
-  ;;
-
-darwin* | rhapsody*)
-  dynamic_linker="$host_os dyld"
-  version_type=darwin
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext ${libname}${release}${versuffix}$shared_ext'
-  soname_spec='${libname}${release}${major}$shared_ext'
-  shlibpath_overrides_runpath=yes
-  shlibpath_var=DYLD_LIBRARY_PATH
-  shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
-  # Apple's gcc prints 'gcc -print-search-dirs' doesn't operate the same.
-  if test "$GCC" = yes; then
-    sys_lib_search_path_spec=`$CC -print-search-dirs | tr "\n" "$PATH_SEPARATOR" | sed -e 's/libraries:/@libraries:/' | tr "@" "\n" | grep "^libraries:" | sed -e "s/^libraries://" -e "s,=/,/,g" -e "s,$PATH_SEPARATOR, ,g" -e "s,.*,& /lib /usr/lib /usr/local/lib,g"`
-  else
-    sys_lib_search_path_spec='/lib /usr/lib /usr/local/lib'
-  fi
-  sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
-  ;;
-
-dgux*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-freebsd1*)
-  dynamic_linker=no
-  ;;
-
-kfreebsd*-gnu)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  hardcode_into_libs=yes
-  dynamic_linker='GNU ld.so'
-  ;;
-
-freebsd* | dragonfly*)
-  # DragonFly does not have aout.  When/if they implement a new
-  # versioning mechanism, adjust this.
-  if test -x /usr/bin/objformat; then
-    objformat=`/usr/bin/objformat`
-  else
-    case $host_os in
-    freebsd[123]*) objformat=aout ;;
-    *) objformat=elf ;;
-    esac
-  fi
-  version_type=freebsd-$objformat
-  case $version_type in
-    freebsd-elf*)
-      library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
-      need_version=no
-      need_lib_prefix=no
-      ;;
-    freebsd-*)
-      library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix'
-      need_version=yes
-      ;;
-  esac
-  shlibpath_var=LD_LIBRARY_PATH
-  case $host_os in
-  freebsd2*)
-    shlibpath_overrides_runpath=yes
-    ;;
-  freebsd3.[01]* | freebsdelf3.[01]*)
-    shlibpath_overrides_runpath=yes
-    hardcode_into_libs=yes
-    ;;
-  freebsd3.[2-9]* | freebsdelf3.[2-9]* | \
-  freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1)
-    shlibpath_overrides_runpath=no
-    hardcode_into_libs=yes
-    ;;
-  freebsd*) # from 4.6 on
-    shlibpath_overrides_runpath=yes
-    hardcode_into_libs=yes
-    ;;
-  esac
-  ;;
-
-gnu*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  hardcode_into_libs=yes
-  ;;
-
-hpux9* | hpux10* | hpux11*)
-  # Give a soname corresponding to the major version so that dld.sl refuses to
-  # link against other versions.
-  version_type=sunos
-  need_lib_prefix=no
-  need_version=no
-  case $host_cpu in
-  ia64*)
-    shrext_cmds='.so'
-    hardcode_into_libs=yes
-    dynamic_linker="$host_os dld.so"
-    shlibpath_var=LD_LIBRARY_PATH
-    shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
-    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-    soname_spec='${libname}${release}${shared_ext}$major'
-    if test "X$HPUX_IA64_MODE" = X32; then
-      sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
-    else
-      sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
-    fi
-    sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
-    ;;
-   hppa*64*)
-     shrext_cmds='.sl'
-     hardcode_into_libs=yes
-     dynamic_linker="$host_os dld.sl"
-     shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
-     shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
-     library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-     soname_spec='${libname}${release}${shared_ext}$major'
-     sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
-     sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
-     ;;
-   *)
-    shrext_cmds='.sl'
-    dynamic_linker="$host_os dld.sl"
-    shlibpath_var=SHLIB_PATH
-    shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
-    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-    soname_spec='${libname}${release}${shared_ext}$major'
-    ;;
-  esac
-  # HP-UX runs *really* slowly unless shared libraries are mode 555.
-  postinstall_cmds='chmod 555 $lib'
-  ;;
-
-interix3*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  hardcode_into_libs=yes
-  ;;
-
-irix5* | irix6* | nonstopux*)
-  case $host_os in
-    nonstopux*) version_type=nonstopux ;;
-    *)
-	if test "$lt_cv_prog_gnu_ld" = yes; then
-		version_type=linux
-	else
-		version_type=irix
-	fi ;;
-  esac
-  need_lib_prefix=no
-  need_version=no
-  soname_spec='${libname}${release}${shared_ext}$major'
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}'
-  case $host_os in
-  irix5* | nonstopux*)
-    libsuff= shlibsuff=
-    ;;
-  *)
-    case $LD in # libtool.m4 will add one of these switches to LD
-    *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
-      libsuff= shlibsuff= libmagic=32-bit;;
-    *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
-      libsuff=32 shlibsuff=N32 libmagic=N32;;
-    *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
-      libsuff=64 shlibsuff=64 libmagic=64-bit;;
-    *) libsuff= shlibsuff= libmagic=never-match;;
-    esac
-    ;;
-  esac
-  shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
-  shlibpath_overrides_runpath=no
-  sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
-  sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
-  hardcode_into_libs=yes
-  ;;
-
-# No shared lib support for Linux oldld, aout, or coff.
-linux*oldld* | linux*aout* | linux*coff*)
-  dynamic_linker=no
-  ;;
-
-# This must be Linux ELF.
-linux*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  # This implies no fast_install, which is unacceptable.
-  # Some rework will be needed to allow for fast_install
-  # before this can be enabled.
-  hardcode_into_libs=yes
-
-  # Append ld.so.conf contents to the search path
-  if test -f /etc/ld.so.conf; then
-    lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
-    sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
-  fi
-
-  # We used to test for /lib/ld.so.1 and disable shared libraries on
-  # powerpc, because MkLinux only supported shared libraries with the
-  # GNU dynamic linker.  Since this was broken with cross compilers,
-  # most powerpc-linux boxes support dynamic linking these days and
-  # people can always --disable-shared, the test was removed, and we
-  # assume the GNU/Linux dynamic linker is in use.
-  dynamic_linker='GNU/Linux ld.so'
-  ;;
-
-knetbsd*-gnu)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  hardcode_into_libs=yes
-  dynamic_linker='GNU ld.so'
-  ;;
-
-netbsd*)
-  version_type=sunos
-  need_lib_prefix=no
-  need_version=no
-  if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
-    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
-    finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
-    dynamic_linker='NetBSD (a.out) ld.so'
-  else
-    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
-    soname_spec='${libname}${release}${shared_ext}$major'
-    dynamic_linker='NetBSD ld.elf_so'
-  fi
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  hardcode_into_libs=yes
-  ;;
-
-newsos6)
-  version_type=linux
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  ;;
-
-nto-qnx*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  ;;
-
-openbsd*)
-  version_type=sunos
-  sys_lib_dlsearch_path_spec="/usr/lib"
-  need_lib_prefix=no
-  # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs.
-  case $host_os in
-    openbsd3.3 | openbsd3.3.*) need_version=yes ;;
-    *)                         need_version=no  ;;
-  esac
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
-    case $host_os in
-      openbsd2.[89] | openbsd2.[89].*)
-	shlibpath_overrides_runpath=no
-	;;
-      *)
-	shlibpath_overrides_runpath=yes
-	;;
-      esac
-  else
-    shlibpath_overrides_runpath=yes
-  fi
-  ;;
-
-os2*)
-  libname_spec='$name'
-  shrext_cmds=".dll"
-  need_lib_prefix=no
-  library_names_spec='$libname${shared_ext} $libname.a'
-  dynamic_linker='OS/2 ld.exe'
-  shlibpath_var=LIBPATH
-  ;;
-
-osf3* | osf4* | osf5*)
-  version_type=osf
-  need_lib_prefix=no
-  need_version=no
-  soname_spec='${libname}${release}${shared_ext}$major'
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-  shlibpath_var=LD_LIBRARY_PATH
-  sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
-  sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
-  ;;
-
-solaris*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  hardcode_into_libs=yes
-  # ldd complains unless libraries are executable
-  postinstall_cmds='chmod +x $lib'
-  ;;
-
-sunos4*)
-  version_type=sunos
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
-  finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  if test "$with_gnu_ld" = yes; then
-    need_lib_prefix=no
-  fi
-  need_version=yes
-  ;;
-
-sysv4 | sysv4.3*)
-  version_type=linux
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  case $host_vendor in
-    sni)
-      shlibpath_overrides_runpath=no
-      need_lib_prefix=no
-      export_dynamic_flag_spec='${wl}-Blargedynsym'
-      runpath_var=LD_RUN_PATH
-      ;;
-    siemens)
-      need_lib_prefix=no
-      ;;
-    motorola)
-      need_lib_prefix=no
-      need_version=no
-      shlibpath_overrides_runpath=no
-      sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
-      ;;
-  esac
-  ;;
-
-sysv4*MP*)
-  if test -d /usr/nec ;then
-    version_type=linux
-    library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
-    soname_spec='$libname${shared_ext}.$major'
-    shlibpath_var=LD_LIBRARY_PATH
-  fi
-  ;;
-
-sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
-  version_type=freebsd-elf
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  hardcode_into_libs=yes
-  if test "$with_gnu_ld" = yes; then
-    sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
-    shlibpath_overrides_runpath=no
-  else
-    sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
-    shlibpath_overrides_runpath=yes
-    case $host_os in
-      sco3.2v5*)
-        sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
-	;;
-    esac
-  fi
-  sys_lib_dlsearch_path_spec='/usr/lib'
-  ;;
-
-uts4*)
-  version_type=linux
-  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
-  soname_spec='${libname}${release}${shared_ext}$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-*)
-  dynamic_linker=no
-  ;;
-esac
-{ echo "$as_me:$LINENO: result: $dynamic_linker" >&5
-echo "${ECHO_T}$dynamic_linker" >&6; }
-test "$dynamic_linker" = no && can_build_shared=no
-
-variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
-if test "$GCC" = yes; then
-  variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
-fi
-
-{ echo "$as_me:$LINENO: checking how to hardcode library paths into programs" >&5
-echo $ECHO_N "checking how to hardcode library paths into programs... $ECHO_C" >&6; }
-hardcode_action_GCJ=
-if test -n "$hardcode_libdir_flag_spec_GCJ" || \
-   test -n "$runpath_var_GCJ" || \
-   test "X$hardcode_automatic_GCJ" = "Xyes" ; then
-
-  # We can hardcode non-existant directories.
-  if test "$hardcode_direct_GCJ" != no &&
-     # If the only mechanism to avoid hardcoding is shlibpath_var, we
-     # have to relink, otherwise we might link with an installed library
-     # when we should be linking with a yet-to-be-installed one
-     ## test "$_LT_AC_TAGVAR(hardcode_shlibpath_var, GCJ)" != no &&
-     test "$hardcode_minus_L_GCJ" != no; then
-    # Linking always hardcodes the temporary library directory.
-    hardcode_action_GCJ=relink
-  else
-    # We can link without hardcoding, and we can hardcode nonexisting dirs.
-    hardcode_action_GCJ=immediate
-  fi
-else
-  # We cannot hardcode anything, or else we can only hardcode existing
-  # directories.
-  hardcode_action_GCJ=unsupported
-fi
-{ echo "$as_me:$LINENO: result: $hardcode_action_GCJ" >&5
-echo "${ECHO_T}$hardcode_action_GCJ" >&6; }
-
-if test "$hardcode_action_GCJ" = relink; then
-  # Fast installation is not supported
-  enable_fast_install=no
-elif test "$shlibpath_overrides_runpath" = yes ||
-     test "$enable_shared" = no; then
-  # Fast installation is not necessary
-  enable_fast_install=needless
-fi
-
-
-# The else clause should only fire when bootstrapping the
-# libtool distribution, otherwise you forgot to ship ltmain.sh
-# with your package, and you will get complaints that there are
-# no rules to generate ltmain.sh.
-if test -f "$ltmain"; then
-  # See if we are running on zsh, and set the options which allow our commands through
-  # without removal of \ escapes.
-  if test -n "${ZSH_VERSION+set}" ; then
-    setopt NO_GLOB_SUBST
-  fi
-  # Now quote all the things that may contain metacharacters while being
-  # careful not to overquote the AC_SUBSTed values.  We take copies of the
-  # variables and quote the copies for generation of the libtool script.
-  for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC LTCFLAGS NM \
-    SED SHELL STRIP \
-    libname_spec library_names_spec soname_spec extract_expsyms_cmds \
-    old_striplib striplib file_magic_cmd finish_cmds finish_eval \
-    deplibs_check_method reload_flag reload_cmds need_locks \
-    lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl \
-    lt_cv_sys_global_symbol_to_c_name_address \
-    sys_lib_search_path_spec sys_lib_dlsearch_path_spec \
-    old_postinstall_cmds old_postuninstall_cmds \
-    compiler_GCJ \
-    CC_GCJ \
-    LD_GCJ \
-    lt_prog_compiler_wl_GCJ \
-    lt_prog_compiler_pic_GCJ \
-    lt_prog_compiler_static_GCJ \
-    lt_prog_compiler_no_builtin_flag_GCJ \
-    export_dynamic_flag_spec_GCJ \
-    thread_safe_flag_spec_GCJ \
-    whole_archive_flag_spec_GCJ \
-    enable_shared_with_static_runtimes_GCJ \
-    old_archive_cmds_GCJ \
-    old_archive_from_new_cmds_GCJ \
-    predep_objects_GCJ \
-    postdep_objects_GCJ \
-    predeps_GCJ \
-    postdeps_GCJ \
-    compiler_lib_search_path_GCJ \
-    archive_cmds_GCJ \
-    archive_expsym_cmds_GCJ \
-    postinstall_cmds_GCJ \
-    postuninstall_cmds_GCJ \
-    old_archive_from_expsyms_cmds_GCJ \
-    allow_undefined_flag_GCJ \
-    no_undefined_flag_GCJ \
-    export_symbols_cmds_GCJ \
-    hardcode_libdir_flag_spec_GCJ \
-    hardcode_libdir_flag_spec_ld_GCJ \
-    hardcode_libdir_separator_GCJ \
-    hardcode_automatic_GCJ \
-    module_cmds_GCJ \
-    module_expsym_cmds_GCJ \
-    lt_cv_prog_compiler_c_o_GCJ \
-    exclude_expsyms_GCJ \
-    include_expsyms_GCJ; do
-
-    case $var in
-    old_archive_cmds_GCJ | \
-    old_archive_from_new_cmds_GCJ | \
-    archive_cmds_GCJ | \
-    archive_expsym_cmds_GCJ | \
-    module_cmds_GCJ | \
-    module_expsym_cmds_GCJ | \
-    old_archive_from_expsyms_cmds_GCJ | \
-    export_symbols_cmds_GCJ | \
-    extract_expsyms_cmds | reload_cmds | finish_cmds | \
-    postinstall_cmds | postuninstall_cmds | \
-    old_postinstall_cmds | old_postuninstall_cmds | \
-    sys_lib_search_path_spec | sys_lib_dlsearch_path_spec)
-      # Double-quote double-evaled strings.
-      eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\""
-      ;;
-    *)
-      eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\""
-      ;;
-    esac
-  done
-
-  case $lt_echo in
-  *'\$0 --fallback-echo"')
-    lt_echo=`$echo "X$lt_echo" | $Xsed -e 's/\\\\\\\$0 --fallback-echo"$/$0 --fallback-echo"/'`
-    ;;
-  esac
-
-cfgfile="$ofile"
-
-  cat <<__EOF__ >> "$cfgfile"
-# ### BEGIN LIBTOOL TAG CONFIG: $tagname
-
-# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
-
-# Shell to use when invoking shell scripts.
-SHELL=$lt_SHELL
-
-# Whether or not to build shared libraries.
-build_libtool_libs=$enable_shared
-
-# Whether or not to build static libraries.
-build_old_libs=$enable_static
-
-# Whether or not to add -lc for building shared libraries.
-build_libtool_need_lc=$archive_cmds_need_lc_GCJ
-
-# Whether or not to disallow shared libs when runtime libs are static
-allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes_GCJ
-
-# Whether or not to optimize for fast installation.
-fast_install=$enable_fast_install
-
-# The host system.
-host_alias=$host_alias
-host=$host
-host_os=$host_os
-
-# The build system.
-build_alias=$build_alias
-build=$build
-build_os=$build_os
-
-# An echo program that does not interpret backslashes.
-echo=$lt_echo
-
-# The archiver.
-AR=$lt_AR
-AR_FLAGS=$lt_AR_FLAGS
-
-# A C compiler.
-LTCC=$lt_LTCC
-
-# LTCC compiler flags.
-LTCFLAGS=$lt_LTCFLAGS
-
-# A language-specific compiler.
-CC=$lt_compiler_GCJ
-
-# Is the compiler the GNU C compiler?
-with_gcc=$GCC_GCJ
-
-# An ERE matcher.
-EGREP=$lt_EGREP
-
-# The linker used to build libraries.
-LD=$lt_LD_GCJ
-
-# Whether we need hard or soft links.
-LN_S=$lt_LN_S
-
-# A BSD-compatible nm program.
-NM=$lt_NM
-
-# A symbol stripping program
-STRIP=$lt_STRIP
-
-# Used to examine libraries when file_magic_cmd begins "file"
-MAGIC_CMD=$MAGIC_CMD
-
-# Used on cygwin: DLL creation program.
-DLLTOOL="$DLLTOOL"
-
-# Used on cygwin: object dumper.
-OBJDUMP="$OBJDUMP"
-
-# Used on cygwin: assembler.
-AS="$AS"
-
-# The name of the directory that contains temporary libtool files.
-objdir=$objdir
-
-# How to create reloadable object files.
-reload_flag=$lt_reload_flag
-reload_cmds=$lt_reload_cmds
-
-# How to pass a linker flag through the compiler.
-wl=$lt_lt_prog_compiler_wl_GCJ
-
-# Object file suffix (normally "o").
-objext="$ac_objext"
-
-# Old archive suffix (normally "a").
-libext="$libext"
-
-# Shared library suffix (normally ".so").
-shrext_cmds='$shrext_cmds'
-
-# Executable file suffix (normally "").
-exeext="$exeext"
-
-# Additional compiler flags for building library objects.
-pic_flag=$lt_lt_prog_compiler_pic_GCJ
-pic_mode=$pic_mode
-
-# What is the maximum length of a command?
-max_cmd_len=$lt_cv_sys_max_cmd_len
-
-# Does compiler simultaneously support -c and -o options?
-compiler_c_o=$lt_lt_cv_prog_compiler_c_o_GCJ
-
-# Must we lock files when doing compilation?
-need_locks=$lt_need_locks
-
-# Do we need the lib prefix for modules?
-need_lib_prefix=$need_lib_prefix
-
-# Do we need a version for libraries?
-need_version=$need_version
-
-# Whether dlopen is supported.
-dlopen_support=$enable_dlopen
-
-# Whether dlopen of programs is supported.
-dlopen_self=$enable_dlopen_self
-
-# Whether dlopen of statically linked programs is supported.
-dlopen_self_static=$enable_dlopen_self_static
-
-# Compiler flag to prevent dynamic linking.
-link_static_flag=$lt_lt_prog_compiler_static_GCJ
-
-# Compiler flag to turn off builtin functions.
-no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag_GCJ
-
-# Compiler flag to allow reflexive dlopens.
-export_dynamic_flag_spec=$lt_export_dynamic_flag_spec_GCJ
-
-# Compiler flag to generate shared objects directly from archives.
-whole_archive_flag_spec=$lt_whole_archive_flag_spec_GCJ
-
-# Compiler flag to generate thread-safe objects.
-thread_safe_flag_spec=$lt_thread_safe_flag_spec_GCJ
-
-# Library versioning type.
-version_type=$version_type
-
-# Format of library name prefix.
-libname_spec=$lt_libname_spec
-
-# List of archive names.  First name is the real one, the rest are links.
-# The last name is the one that the linker finds with -lNAME.
-library_names_spec=$lt_library_names_spec
-
-# The coded name of the library, if different from the real name.
-soname_spec=$lt_soname_spec
-
-# Commands used to build and install an old-style archive.
-RANLIB=$lt_RANLIB
-old_archive_cmds=$lt_old_archive_cmds_GCJ
-old_postinstall_cmds=$lt_old_postinstall_cmds
-old_postuninstall_cmds=$lt_old_postuninstall_cmds
-
-# Create an old-style archive from a shared archive.
-old_archive_from_new_cmds=$lt_old_archive_from_new_cmds_GCJ
-
-# Create a temporary old-style archive to link instead of a shared archive.
-old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds_GCJ
-
-# Commands used to build and install a shared archive.
-archive_cmds=$lt_archive_cmds_GCJ
-archive_expsym_cmds=$lt_archive_expsym_cmds_GCJ
-postinstall_cmds=$lt_postinstall_cmds
-postuninstall_cmds=$lt_postuninstall_cmds
-
-# Commands used to build a loadable module (assumed same as above if empty)
-module_cmds=$lt_module_cmds_GCJ
-module_expsym_cmds=$lt_module_expsym_cmds_GCJ
-
-# Commands to strip libraries.
-old_striplib=$lt_old_striplib
-striplib=$lt_striplib
-
-# Dependencies to place before the objects being linked to create a
-# shared library.
-predep_objects=$lt_predep_objects_GCJ
-
-# Dependencies to place after the objects being linked to create a
-# shared library.
-postdep_objects=$lt_postdep_objects_GCJ
-
-# Dependencies to place before the objects being linked to create a
-# shared library.
-predeps=$lt_predeps_GCJ
-
-# Dependencies to place after the objects being linked to create a
-# shared library.
-postdeps=$lt_postdeps_GCJ
-
-# The library search path used internally by the compiler when linking
-# a shared library.
-compiler_lib_search_path=$lt_compiler_lib_search_path_GCJ
-
-# Method to check whether dependent libraries are shared objects.
-deplibs_check_method=$lt_deplibs_check_method
-
-# Command to use when deplibs_check_method == file_magic.
-file_magic_cmd=$lt_file_magic_cmd
-
-# Flag that allows shared libraries with undefined symbols to be built.
-allow_undefined_flag=$lt_allow_undefined_flag_GCJ
-
-# Flag that forces no undefined symbols.
-no_undefined_flag=$lt_no_undefined_flag_GCJ
-
-# Commands used to finish a libtool library installation in a directory.
-finish_cmds=$lt_finish_cmds
-
-# Same as above, but a single script fragment to be evaled but not shown.
-finish_eval=$lt_finish_eval
-
-# Take the output of nm and produce a listing of raw symbols and C names.
-global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe
-
-# Transform the output of nm in a proper C declaration
-global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl
-
-# Transform the output of nm in a C name address pair
-global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address
-
-# This is the shared library runtime path variable.
-runpath_var=$runpath_var
-
-# This is the shared library path variable.
-shlibpath_var=$shlibpath_var
-
-# Is shlibpath searched before the hard-coded library search path?
-shlibpath_overrides_runpath=$shlibpath_overrides_runpath
-
-# How to hardcode a shared library path into an executable.
-hardcode_action=$hardcode_action_GCJ
-
-# Whether we should hardcode library paths into libraries.
-hardcode_into_libs=$hardcode_into_libs
-
-# Flag to hardcode \$libdir into a binary during linking.
-# This must work even if \$libdir does not exist.
-hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec_GCJ
-
-# If ld is used when linking, flag to hardcode \$libdir into
-# a binary during linking. This must work even if \$libdir does
-# not exist.
-hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld_GCJ
-
-# Whether we need a single -rpath flag with a separated argument.
-hardcode_libdir_separator=$lt_hardcode_libdir_separator_GCJ
-
-# Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the
-# resulting binary.
-hardcode_direct=$hardcode_direct_GCJ
-
-# Set to yes if using the -LDIR flag during linking hardcodes DIR into the
-# resulting binary.
-hardcode_minus_L=$hardcode_minus_L_GCJ
-
-# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into
-# the resulting binary.
-hardcode_shlibpath_var=$hardcode_shlibpath_var_GCJ
-
-# Set to yes if building a shared library automatically hardcodes DIR into the library
-# and all subsequent libraries and executables linked against it.
-hardcode_automatic=$hardcode_automatic_GCJ
-
-# Variables whose values should be saved in libtool wrapper scripts and
-# restored at relink time.
-variables_saved_for_relink="$variables_saved_for_relink"
-
-# Whether libtool must link a program against all its dependency libraries.
-link_all_deplibs=$link_all_deplibs_GCJ
-
-# Compile-time system search path for libraries
-sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
-
-# Run-time system search path for libraries
-sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
-
-# Fix the shell variable \$srcfile for the compiler.
-fix_srcfile_path="$fix_srcfile_path_GCJ"
-
-# Set to yes if exported symbols are required.
-always_export_symbols=$always_export_symbols_GCJ
-
-# The commands to list exported symbols.
-export_symbols_cmds=$lt_export_symbols_cmds_GCJ
-
-# The commands to extract the exported symbol list from a shared archive.
-extract_expsyms_cmds=$lt_extract_expsyms_cmds
-
-# Symbols that should not be listed in the preloaded symbols.
-exclude_expsyms=$lt_exclude_expsyms_GCJ
-
-# Symbols that must always be exported.
-include_expsyms=$lt_include_expsyms_GCJ
-
-# ### END LIBTOOL TAG CONFIG: $tagname
-
-__EOF__
-
-
-else
-  # If there is no Makefile yet, we rely on a make rule to execute
-  # `config.status --recheck' to rerun these tests and create the
-  # libtool script then.
-  ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'`
-  if test -f "$ltmain_in"; then
-    test -f Makefile && make "$ltmain"
-  fi
-fi
-
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-CC="$lt_save_CC"
-
-	else
-	  tagname=""
-	fi
-	;;
-
-      RC)
-
-
-# Source file extension for RC test sources.
-ac_ext=rc
-
-# Object file extension for compiled RC test sources.
-objext=o
-objext_RC=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }\n'
-
-# Code to be used in simple link tests
-lt_simple_link_test_code="$lt_simple_compile_test_code"
-
-# ltmain only uses $CC for tagged configurations so make sure $CC is set.
-
-# If no C compiler was specified, use CC.
-LTCC=${LTCC-"$CC"}
-
-# If no C compiler flags were specified, use CFLAGS.
-LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
-
-# Allow CC to be a program name with arguments.
-compiler=$CC
-
-
-# save warnings/boilerplate of simple test code
-ac_outfile=conftest.$ac_objext
-printf "$lt_simple_compile_test_code" >conftest.$ac_ext
-eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_compiler_boilerplate=`cat conftest.err`
-$rm conftest*
-
-ac_outfile=conftest.$ac_objext
-printf "$lt_simple_link_test_code" >conftest.$ac_ext
-eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_linker_boilerplate=`cat conftest.err`
-$rm conftest*
-
-
-# Allow CC to be a program name with arguments.
-lt_save_CC="$CC"
-CC=${RC-"windres"}
-compiler=$CC
-compiler_RC=$CC
-for cc_temp in $compiler""; do
-  case $cc_temp in
-    compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
-    distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
-    \-*) ;;
-    *) break;;
-  esac
-done
-cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
-
-lt_cv_prog_compiler_c_o_RC=yes
-
-# The else clause should only fire when bootstrapping the
-# libtool distribution, otherwise you forgot to ship ltmain.sh
-# with your package, and you will get complaints that there are
-# no rules to generate ltmain.sh.
-if test -f "$ltmain"; then
-  # See if we are running on zsh, and set the options which allow our commands through
-  # without removal of \ escapes.
-  if test -n "${ZSH_VERSION+set}" ; then
-    setopt NO_GLOB_SUBST
-  fi
-  # Now quote all the things that may contain metacharacters while being
-  # careful not to overquote the AC_SUBSTed values.  We take copies of the
-  # variables and quote the copies for generation of the libtool script.
-  for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC LTCFLAGS NM \
-    SED SHELL STRIP \
-    libname_spec library_names_spec soname_spec extract_expsyms_cmds \
-    old_striplib striplib file_magic_cmd finish_cmds finish_eval \
-    deplibs_check_method reload_flag reload_cmds need_locks \
-    lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl \
-    lt_cv_sys_global_symbol_to_c_name_address \
-    sys_lib_search_path_spec sys_lib_dlsearch_path_spec \
-    old_postinstall_cmds old_postuninstall_cmds \
-    compiler_RC \
-    CC_RC \
-    LD_RC \
-    lt_prog_compiler_wl_RC \
-    lt_prog_compiler_pic_RC \
-    lt_prog_compiler_static_RC \
-    lt_prog_compiler_no_builtin_flag_RC \
-    export_dynamic_flag_spec_RC \
-    thread_safe_flag_spec_RC \
-    whole_archive_flag_spec_RC \
-    enable_shared_with_static_runtimes_RC \
-    old_archive_cmds_RC \
-    old_archive_from_new_cmds_RC \
-    predep_objects_RC \
-    postdep_objects_RC \
-    predeps_RC \
-    postdeps_RC \
-    compiler_lib_search_path_RC \
-    archive_cmds_RC \
-    archive_expsym_cmds_RC \
-    postinstall_cmds_RC \
-    postuninstall_cmds_RC \
-    old_archive_from_expsyms_cmds_RC \
-    allow_undefined_flag_RC \
-    no_undefined_flag_RC \
-    export_symbols_cmds_RC \
-    hardcode_libdir_flag_spec_RC \
-    hardcode_libdir_flag_spec_ld_RC \
-    hardcode_libdir_separator_RC \
-    hardcode_automatic_RC \
-    module_cmds_RC \
-    module_expsym_cmds_RC \
-    lt_cv_prog_compiler_c_o_RC \
-    exclude_expsyms_RC \
-    include_expsyms_RC; do
-
-    case $var in
-    old_archive_cmds_RC | \
-    old_archive_from_new_cmds_RC | \
-    archive_cmds_RC | \
-    archive_expsym_cmds_RC | \
-    module_cmds_RC | \
-    module_expsym_cmds_RC | \
-    old_archive_from_expsyms_cmds_RC | \
-    export_symbols_cmds_RC | \
-    extract_expsyms_cmds | reload_cmds | finish_cmds | \
-    postinstall_cmds | postuninstall_cmds | \
-    old_postinstall_cmds | old_postuninstall_cmds | \
-    sys_lib_search_path_spec | sys_lib_dlsearch_path_spec)
-      # Double-quote double-evaled strings.
-      eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\""
-      ;;
-    *)
-      eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\""
-      ;;
-    esac
-  done
-
-  case $lt_echo in
-  *'\$0 --fallback-echo"')
-    lt_echo=`$echo "X$lt_echo" | $Xsed -e 's/\\\\\\\$0 --fallback-echo"$/$0 --fallback-echo"/'`
-    ;;
-  esac
-
-cfgfile="$ofile"
-
-  cat <<__EOF__ >> "$cfgfile"
-# ### BEGIN LIBTOOL TAG CONFIG: $tagname
-
-# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
-
-# Shell to use when invoking shell scripts.
-SHELL=$lt_SHELL
-
-# Whether or not to build shared libraries.
-build_libtool_libs=$enable_shared
-
-# Whether or not to build static libraries.
-build_old_libs=$enable_static
-
-# Whether or not to add -lc for building shared libraries.
-build_libtool_need_lc=$archive_cmds_need_lc_RC
-
-# Whether or not to disallow shared libs when runtime libs are static
-allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes_RC
-
-# Whether or not to optimize for fast installation.
-fast_install=$enable_fast_install
-
-# The host system.
-host_alias=$host_alias
-host=$host
-host_os=$host_os
-
-# The build system.
-build_alias=$build_alias
-build=$build
-build_os=$build_os
-
-# An echo program that does not interpret backslashes.
-echo=$lt_echo
-
-# The archiver.
-AR=$lt_AR
-AR_FLAGS=$lt_AR_FLAGS
-
-# A C compiler.
-LTCC=$lt_LTCC
-
-# LTCC compiler flags.
-LTCFLAGS=$lt_LTCFLAGS
-
-# A language-specific compiler.
-CC=$lt_compiler_RC
-
-# Is the compiler the GNU C compiler?
-with_gcc=$GCC_RC
-
-# An ERE matcher.
-EGREP=$lt_EGREP
-
-# The linker used to build libraries.
-LD=$lt_LD_RC
-
-# Whether we need hard or soft links.
-LN_S=$lt_LN_S
-
-# A BSD-compatible nm program.
-NM=$lt_NM
-
-# A symbol stripping program
-STRIP=$lt_STRIP
-
-# Used to examine libraries when file_magic_cmd begins "file"
-MAGIC_CMD=$MAGIC_CMD
-
-# Used on cygwin: DLL creation program.
-DLLTOOL="$DLLTOOL"
-
-# Used on cygwin: object dumper.
-OBJDUMP="$OBJDUMP"
-
-# Used on cygwin: assembler.
-AS="$AS"
-
-# The name of the directory that contains temporary libtool files.
-objdir=$objdir
-
-# How to create reloadable object files.
-reload_flag=$lt_reload_flag
-reload_cmds=$lt_reload_cmds
-
-# How to pass a linker flag through the compiler.
-wl=$lt_lt_prog_compiler_wl_RC
-
-# Object file suffix (normally "o").
-objext="$ac_objext"
-
-# Old archive suffix (normally "a").
-libext="$libext"
-
-# Shared library suffix (normally ".so").
-shrext_cmds='$shrext_cmds'
-
-# Executable file suffix (normally "").
-exeext="$exeext"
-
-# Additional compiler flags for building library objects.
-pic_flag=$lt_lt_prog_compiler_pic_RC
-pic_mode=$pic_mode
-
-# What is the maximum length of a command?
-max_cmd_len=$lt_cv_sys_max_cmd_len
-
-# Does compiler simultaneously support -c and -o options?
-compiler_c_o=$lt_lt_cv_prog_compiler_c_o_RC
-
-# Must we lock files when doing compilation?
-need_locks=$lt_need_locks
-
-# Do we need the lib prefix for modules?
-need_lib_prefix=$need_lib_prefix
-
-# Do we need a version for libraries?
-need_version=$need_version
-
-# Whether dlopen is supported.
-dlopen_support=$enable_dlopen
-
-# Whether dlopen of programs is supported.
-dlopen_self=$enable_dlopen_self
-
-# Whether dlopen of statically linked programs is supported.
-dlopen_self_static=$enable_dlopen_self_static
-
-# Compiler flag to prevent dynamic linking.
-link_static_flag=$lt_lt_prog_compiler_static_RC
-
-# Compiler flag to turn off builtin functions.
-no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag_RC
-
-# Compiler flag to allow reflexive dlopens.
-export_dynamic_flag_spec=$lt_export_dynamic_flag_spec_RC
-
-# Compiler flag to generate shared objects directly from archives.
-whole_archive_flag_spec=$lt_whole_archive_flag_spec_RC
-
-# Compiler flag to generate thread-safe objects.
-thread_safe_flag_spec=$lt_thread_safe_flag_spec_RC
-
-# Library versioning type.
-version_type=$version_type
-
-# Format of library name prefix.
-libname_spec=$lt_libname_spec
-
-# List of archive names.  First name is the real one, the rest are links.
-# The last name is the one that the linker finds with -lNAME.
-library_names_spec=$lt_library_names_spec
-
-# The coded name of the library, if different from the real name.
-soname_spec=$lt_soname_spec
-
-# Commands used to build and install an old-style archive.
-RANLIB=$lt_RANLIB
-old_archive_cmds=$lt_old_archive_cmds_RC
-old_postinstall_cmds=$lt_old_postinstall_cmds
-old_postuninstall_cmds=$lt_old_postuninstall_cmds
-
-# Create an old-style archive from a shared archive.
-old_archive_from_new_cmds=$lt_old_archive_from_new_cmds_RC
-
-# Create a temporary old-style archive to link instead of a shared archive.
-old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds_RC
-
-# Commands used to build and install a shared archive.
-archive_cmds=$lt_archive_cmds_RC
-archive_expsym_cmds=$lt_archive_expsym_cmds_RC
-postinstall_cmds=$lt_postinstall_cmds
-postuninstall_cmds=$lt_postuninstall_cmds
-
-# Commands used to build a loadable module (assumed same as above if empty)
-module_cmds=$lt_module_cmds_RC
-module_expsym_cmds=$lt_module_expsym_cmds_RC
-
-# Commands to strip libraries.
-old_striplib=$lt_old_striplib
-striplib=$lt_striplib
-
-# Dependencies to place before the objects being linked to create a
-# shared library.
-predep_objects=$lt_predep_objects_RC
-
-# Dependencies to place after the objects being linked to create a
-# shared library.
-postdep_objects=$lt_postdep_objects_RC
-
-# Dependencies to place before the objects being linked to create a
-# shared library.
-predeps=$lt_predeps_RC
-
-# Dependencies to place after the objects being linked to create a
-# shared library.
-postdeps=$lt_postdeps_RC
-
-# The library search path used internally by the compiler when linking
-# a shared library.
-compiler_lib_search_path=$lt_compiler_lib_search_path_RC
-
-# Method to check whether dependent libraries are shared objects.
-deplibs_check_method=$lt_deplibs_check_method
-
-# Command to use when deplibs_check_method == file_magic.
-file_magic_cmd=$lt_file_magic_cmd
-
-# Flag that allows shared libraries with undefined symbols to be built.
-allow_undefined_flag=$lt_allow_undefined_flag_RC
-
-# Flag that forces no undefined symbols.
-no_undefined_flag=$lt_no_undefined_flag_RC
-
-# Commands used to finish a libtool library installation in a directory.
-finish_cmds=$lt_finish_cmds
-
-# Same as above, but a single script fragment to be evaled but not shown.
-finish_eval=$lt_finish_eval
-
-# Take the output of nm and produce a listing of raw symbols and C names.
-global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe
-
-# Transform the output of nm in a proper C declaration
-global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl
-
-# Transform the output of nm in a C name address pair
-global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address
-
-# This is the shared library runtime path variable.
-runpath_var=$runpath_var
-
-# This is the shared library path variable.
-shlibpath_var=$shlibpath_var
-
-# Is shlibpath searched before the hard-coded library search path?
-shlibpath_overrides_runpath=$shlibpath_overrides_runpath
-
-# How to hardcode a shared library path into an executable.
-hardcode_action=$hardcode_action_RC
-
-# Whether we should hardcode library paths into libraries.
-hardcode_into_libs=$hardcode_into_libs
-
-# Flag to hardcode \$libdir into a binary during linking.
-# This must work even if \$libdir does not exist.
-hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec_RC
-
-# If ld is used when linking, flag to hardcode \$libdir into
-# a binary during linking. This must work even if \$libdir does
-# not exist.
-hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld_RC
-
-# Whether we need a single -rpath flag with a separated argument.
-hardcode_libdir_separator=$lt_hardcode_libdir_separator_RC
-
-# Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the
-# resulting binary.
-hardcode_direct=$hardcode_direct_RC
-
-# Set to yes if using the -LDIR flag during linking hardcodes DIR into the
-# resulting binary.
-hardcode_minus_L=$hardcode_minus_L_RC
-
-# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into
-# the resulting binary.
-hardcode_shlibpath_var=$hardcode_shlibpath_var_RC
-
-# Set to yes if building a shared library automatically hardcodes DIR into the library
-# and all subsequent libraries and executables linked against it.
-hardcode_automatic=$hardcode_automatic_RC
-
-# Variables whose values should be saved in libtool wrapper scripts and
-# restored at relink time.
-variables_saved_for_relink="$variables_saved_for_relink"
-
-# Whether libtool must link a program against all its dependency libraries.
-link_all_deplibs=$link_all_deplibs_RC
-
-# Compile-time system search path for libraries
-sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
-
-# Run-time system search path for libraries
-sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
-
-# Fix the shell variable \$srcfile for the compiler.
-fix_srcfile_path="$fix_srcfile_path_RC"
-
-# Set to yes if exported symbols are required.
-always_export_symbols=$always_export_symbols_RC
-
-# The commands to list exported symbols.
-export_symbols_cmds=$lt_export_symbols_cmds_RC
-
-# The commands to extract the exported symbol list from a shared archive.
-extract_expsyms_cmds=$lt_extract_expsyms_cmds
-
-# Symbols that should not be listed in the preloaded symbols.
-exclude_expsyms=$lt_exclude_expsyms_RC
-
-# Symbols that must always be exported.
-include_expsyms=$lt_include_expsyms_RC
-
-# ### END LIBTOOL TAG CONFIG: $tagname
-
-__EOF__
-
-
-else
-  # If there is no Makefile yet, we rely on a make rule to execute
-  # `config.status --recheck' to rerun these tests and create the
-  # libtool script then.
-  ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'`
-  if test -f "$ltmain_in"; then
-    test -f Makefile && make "$ltmain"
-  fi
-fi
-
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-CC="$lt_save_CC"
-
-	;;
-
-      *)
-	{ { echo "$as_me:$LINENO: error: Unsupported tag name: $tagname" >&5
-echo "$as_me: error: Unsupported tag name: $tagname" >&2;}
-   { (exit 1); exit 1; }; }
-	;;
-      esac
-
-      # Append the new tag name to the list of available tags.
-      if test -n "$tagname" ; then
-      available_tags="$available_tags $tagname"
-    fi
-    fi
-  done
-  IFS="$lt_save_ifs"
-
-  # Now substitute the updated list of available tags.
-  if eval "sed -e 's/^available_tags=.*\$/available_tags=\"$available_tags\"/' \"$ofile\" > \"${ofile}T\""; then
-    mv "${ofile}T" "$ofile"
-    chmod +x "$ofile"
-  else
-    rm -f "${ofile}T"
-    { { echo "$as_me:$LINENO: error: unable to update list of available tagged configurations." >&5
-echo "$as_me: error: unable to update list of available tagged configurations." >&2;}
-   { (exit 1); exit 1; }; }
-  fi
-fi
-
-
-
-# This can be used to rebuild libtool when needed
-LIBTOOL_DEPS="$ac_aux_dir/ltmain.sh"
-
-# Always use our own libtool.
-LIBTOOL='$(SHELL) $(top_builddir)/libtool'
-
-# Prevent multiple expansion
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- if test "$enable_shared" = "yes"; then
-  ENABLE_SHARED_TRUE=
-  ENABLE_SHARED_FALSE='#'
-else
-  ENABLE_SHARED_TRUE='#'
-  ENABLE_SHARED_FALSE=
-fi
-
-
-{ echo "$as_me:$LINENO: checking for ld --version-script" >&5
-echo $ECHO_N "checking for ld --version-script... $ECHO_C" >&6; }
-if test "${rk_cv_version_script+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-  rk_cv_version_script=no
-
-  cat > conftest.map <<EOF
-HEIM_GSS_V1 {
-        global: gss*;
-};
-HEIM_GSS_V1_1 {
-        global: gss_init_creds;
-} HEIM_GSS_V1;
-EOF
-cat > conftest.c <<EOF
-int gss_init_creds(int foo) { return 0; }
-EOF
-
-  if { ac_try='${CC-cc} $CFLAGS $LDFLAGS -shared
-                               -o conftest.so conftest.c
-                               -Wl,--version-script,conftest.map'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; };
-  then
-    rk_cv_version_script=yes
-  fi
-rm -f conftest*
-
-fi
-{ echo "$as_me:$LINENO: result: $rk_cv_version_script" >&5
-echo "${ECHO_T}$rk_cv_version_script" >&6; }
-
-if test $rk_cv_version_script = yes ; then
-  doversioning=yes
-  LDFLAGS_VERSION_SCRIPT="-Wl,--version-script,"
-else
-  doversioning=no
-  LDFLAGS_VERSION_SCRIPT=
-fi
-
-
- if test $doversioning = yes; then
-  versionscript_TRUE=
-  versionscript_FALSE='#'
-else
-  versionscript_TRUE='#'
-  versionscript_FALSE=
-fi
-
-
-
-
-
-
-
-# Check whether --with-openldap was given.
-if test "${with_openldap+set}" = set; then
-  withval=$with_openldap;
-fi
-
-
-# Check whether --with-openldap-lib was given.
-if test "${with_openldap_lib+set}" = set; then
-  withval=$with_openldap_lib; if test "$withval" = "yes" -o "$withval" = "no"; then
-  { { echo "$as_me:$LINENO: error: No argument for --with-openldap-lib" >&5
-echo "$as_me: error: No argument for --with-openldap-lib" >&2;}
-   { (exit 1); exit 1; }; }
-elif test "X$with_openldap" = "X"; then
-  with_openldap=yes
-fi
-fi
-
-
-# Check whether --with-openldap-include was given.
-if test "${with_openldap_include+set}" = set; then
-  withval=$with_openldap_include; if test "$withval" = "yes" -o "$withval" = "no"; then
-  { { echo "$as_me:$LINENO: error: No argument for --with-openldap-include" >&5
-echo "$as_me: error: No argument for --with-openldap-include" >&2;}
-   { (exit 1); exit 1; }; }
-elif test "X$with_openldap" = "X"; then
-  with_openldap=yes
-fi
-fi
-
-
-# Check whether --with-openldap-config was given.
-if test "${with_openldap_config+set}" = set; then
-  withval=$with_openldap_config;
-fi
-
-
-
-
-{ echo "$as_me:$LINENO: checking for openldap" >&5
-echo $ECHO_N "checking for openldap... $ECHO_C" >&6; }
-
-case "$with_openldap" in
-yes|"") d='' ;;
-no)	d= ;;
-*)	d="$with_openldap" ;;
-esac
-
-header_dirs=
-lib_dirs=
-for i in $d; do
-	if test "$with_openldap_include" = ""; then
-		if test -d "$i/include/openldap"; then
-			header_dirs="$header_dirs $i/include/openldap"
-		fi
-		if test -d "$i/include"; then
-			header_dirs="$header_dirs $i/include"
-		fi
-	fi
-	if test "$with_openldap_lib" = ""; then
-		if test -d "$i/lib$abilibdirext"; then
-			lib_dirs="$lib_dirs $i/lib$abilibdirext"
-		fi
-	fi
-done
-
-if test "$with_openldap_include"; then
-	header_dirs="$with_openldap_include $header_dirs"
-fi
-if test "$with_openldap_lib"; then
-	lib_dirs="$with_openldap_lib $lib_dirs"
-fi
-
-if test "$with_openldap_config" = ""; then
-	with_openldap_config=''
-fi
-
-openldap_cflags=
-openldap_libs=
-
-case "$with_openldap_config" in
-yes|no|""|"")
-	if test -f $with_openldap/bin/ ; then
-		with_openldap_config=$with_openldap/bin/
-	fi
-	;;
-esac
-
-case "$with_openldap_config" in
-yes|no|"")
-	;;
-*)
-	openldap_cflags="`$with_openldap_config --cflags 2>&1`"
-	openldap_libs="`$with_openldap_config --libs 2>&1`"
-	;;
-esac
-
-found=no
-if test "$with_openldap" != no; then
-	save_CFLAGS="$CFLAGS"
-	save_LIBS="$LIBS"
-	if test "$openldap_cflags" -a "$openldap_libs"; then
-		CFLAGS="$openldap_cflags $save_CFLAGS"
-		LIBS="$openldap_libs $save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <lber.h>
-#include <ldap.h>
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-
-			INCLUDE_openldap="$openldap_cflags"
-			LIB_openldap="$openldap_libs"
-			{ echo "$as_me:$LINENO: result: from $with_openldap_config" >&5
-echo "${ECHO_T}from $with_openldap_config" >&6; }
-			found=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-	fi
-	if test "$found" = no; then
-		ires= lres=
-		for i in $header_dirs; do
-			CFLAGS="-I$i $save_CFLAGS"
-			cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <lber.h>
-#include <ldap.h>
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ires=$i;break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-		done
-		for i in $lib_dirs; do
-			LIBS="-L$i -lldap -llber  $save_LIBS"
-			cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <lber.h>
-#include <ldap.h>
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  lres=$i;break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-		done
-		if test "$ires" -a "$lres" -a "$with_openldap" != "no"; then
-			INCLUDE_openldap="-I$ires"
-			LIB_openldap="-L$lres -lldap -llber "
-			found=yes
-			{ echo "$as_me:$LINENO: result: headers $ires, libraries $lres" >&5
-echo "${ECHO_T}headers $ires, libraries $lres" >&6; }
-		fi
-	fi
-	CFLAGS="$save_CFLAGS"
-	LIBS="$save_LIBS"
-fi
-
-if test "$found" = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define OPENLDAP 1
-_ACEOF
-
-	with_openldap=yes
-else
-	with_openldap=no
-	INCLUDE_openldap=
-	LIB_openldap=
-	{ echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-
-
-
-
-
-# Check whether --enable-hdb-openldap-module was given.
-if test "${enable_hdb_openldap_module+set}" = set; then
-  enableval=$enable_hdb_openldap_module;
-fi
-
-if test "$enable_hdb_openldap_module" = yes -a "$with_openldap" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define OPENLDAP_MODULE 1
-_ACEOF
-
-fi
- if test "$enable_hdb_openldap_module" = yes -a "$with_openldap" = yes; then
-  OPENLDAP_MODULE_TRUE=
-  OPENLDAP_MODULE_FALSE='#'
-else
-  OPENLDAP_MODULE_TRUE='#'
-  OPENLDAP_MODULE_FALSE=
-fi
-
-
-# Check whether --enable-pk-init was given.
-if test "${enable_pk_init+set}" = set; then
-  enableval=$enable_pk_init;
-fi
-
-if test "$enable_pk_init" != no ;then
-
-cat >>confdefs.h <<\_ACEOF
-#define PKINIT 1
-_ACEOF
-
-fi
- if test "$enable_pk_init" != no; then
-  PKINIT_TRUE=
-  PKINIT_FALSE='#'
-else
-  PKINIT_TRUE='#'
-  PKINIT_FALSE=
-fi
-
-
-
-
-# Check whether --with-hdbdir was given.
-if test "${with_hdbdir+set}" = set; then
-  withval=$with_hdbdir;
-else
-  with_hdbdir=/var/heimdal
-fi
-
-DIR_hdbdir="$with_hdbdir"
-
-
-
-with_krb4=no
-
-
- if false; then
-  KRB4_TRUE=
-  KRB4_FALSE='#'
-else
-  KRB4_TRUE='#'
-  KRB4_FALSE=
-fi
-
-
- if true; then
-  KRB5_TRUE=
-  KRB5_FALSE='#'
-else
-  KRB5_TRUE='#'
-  KRB5_FALSE=
-fi
-
- if true; then
-  do_roken_rename_TRUE=
-  do_roken_rename_FALSE='#'
-else
-  do_roken_rename_TRUE='#'
-  do_roken_rename_FALSE=
-fi
-
-
-
-cat >>confdefs.h <<\_ACEOF
-#define KRB5 1
-_ACEOF
-
-
-crypto_lib=unknown
-
-
-# Check whether --with-openssl was given.
-if test "${with_openssl+set}" = set; then
-  withval=$with_openssl;
-fi
-
-
-
-# Check whether --with-openssl-lib was given.
-if test "${with_openssl_lib+set}" = set; then
-  withval=$with_openssl_lib; if test "$withval" = "yes" -o "$withval" = "no"; then
-  { { echo "$as_me:$LINENO: error: No argument for --with-openssl-lib" >&5
-echo "$as_me: error: No argument for --with-openssl-lib" >&2;}
-   { (exit 1); exit 1; }; }
-elif test "X$with_openssl" = "X"; then
-  with_openssl=yes
-fi
-fi
-
-
-
-# Check whether --with-openssl-include was given.
-if test "${with_openssl_include+set}" = set; then
-  withval=$with_openssl_include; if test "$withval" = "yes" -o "$withval" = "no"; then
-  { { echo "$as_me:$LINENO: error: No argument for --with-openssl-include" >&5
-echo "$as_me: error: No argument for --with-openssl-include" >&2;}
-   { (exit 1); exit 1; }; }
-elif test "X$with_openssl" = "X"; then
-  with_openssl=yes
-fi
-fi
-
-
-case "$with_openssl" in
-yes)	;;
-no)	;;
-"")	;;
-*)	if test "$with_openssl_include" = ""; then
-		with_openssl_include="$with_openssl/include"
-	fi
-	if test "$with_openssl_lib" = ""; then
-		with_openssl_lib="$with_openssl/lib$abilibdirext"
-	fi
-	;;
-esac
-
-
-DIR_hcrypto=
-
-{ echo "$as_me:$LINENO: checking for crypto library" >&5
-echo $ECHO_N "checking for crypto library... $ECHO_C" >&6; }
-
-openssl=no
-
-if test "$crypto_lib" = "unknown" -a "$with_krb4" != "no"; then
-	save_CPPFLAGS="$CPPFLAGS"
-	save_LIBS="$LIBS"
-
-	cdirs= clibs=
-	for i in $LIB_krb4; do
-		case "$i" in
-		-L*) cdirs="$cdirs $i";;
-		-l*) clibs="$clibs $i";;
-		esac
-	done
-
-	ires=
-	for i in $INCLUDE_krb4; do
-		CFLAGS="-DHAVE_OPENSSL $i $save_CFLAGS"
-		for j in $cdirs; do
-			for k in $clibs; do
-				LIBS="$j $k $save_LIBS"
-				cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-		#undef KRB5 /* makes md4.h et al unhappy */
-		#ifdef HAVE_OPENSSL
-		#ifdef HAVE_SYS_TYPES_H
-		#include <sys/types.h>
-		#endif
-		#include <openssl/evp.h>
-		#include <openssl/md4.h>
-		#include <openssl/md5.h>
-		#include <openssl/sha.h>
-		#include <openssl/des.h>
-		#include <openssl/rc4.h>
-		#include <openssl/aes.h>
-		#include <openssl/engine.h>
-		#include <openssl/ui.h>
-		#include <openssl/rand.h>
-		#include <openssl/hmac.h>
-		#include <openssl/pkcs12.h>
-		#else
-		#include <hcrypto/evp.h>
-		#include <hcrypto/md4.h>
-		#include <hcrypto/md5.h>
-		#include <hcrypto/sha.h>
-		#include <hcrypto/des.h>
-		#include <hcrypto/rc4.h>
-		#include <hcrypto/aes.h>
-		#include <hcrypto/engine.h>
-		#include <hcrypto/hmac.h>
-		#include <hcrypto/pkcs12.h>
-		#endif
-
-int
-main ()
-{
-
-		void *schedule = 0;
-		MD4_CTX md4;
-		MD5_CTX md5;
-		SHA_CTX sha1;
-		SHA256_CTX sha256;
-
-		MD4_Init(&md4);
-		MD5_Init(&md5);
-		SHA1_Init(&sha1);
-		SHA256_Init(&sha256);
-		EVP_CIPHER_iv_length(((EVP_CIPHER*)0));
-		#ifdef HAVE_OPENSSL
-		RAND_status();
-		UI_UTIL_read_pw_string(0,0,0,0);
-		#endif
-
-		OpenSSL_add_all_algorithms();
-		AES_encrypt(0,0,0);
-		DES_cbc_encrypt(0, 0, 0, schedule, 0, 0);
-		RC4(0, 0, 0, 0);
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  openssl=yes ires="$i" lres="$j $k"; break 3
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-			done
-		done
-		CFLAGS="$i $save_CFLAGS"
-		for j in $cdirs; do
-			for k in $clibs; do
-				LIBS="$j $k $save_LIBS"
-				cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-		#undef KRB5 /* makes md4.h et al unhappy */
-		#ifdef HAVE_OPENSSL
-		#ifdef HAVE_SYS_TYPES_H
-		#include <sys/types.h>
-		#endif
-		#include <openssl/evp.h>
-		#include <openssl/md4.h>
-		#include <openssl/md5.h>
-		#include <openssl/sha.h>
-		#include <openssl/des.h>
-		#include <openssl/rc4.h>
-		#include <openssl/aes.h>
-		#include <openssl/engine.h>
-		#include <openssl/ui.h>
-		#include <openssl/rand.h>
-		#include <openssl/hmac.h>
-		#include <openssl/pkcs12.h>
-		#else
-		#include <hcrypto/evp.h>
-		#include <hcrypto/md4.h>
-		#include <hcrypto/md5.h>
-		#include <hcrypto/sha.h>
-		#include <hcrypto/des.h>
-		#include <hcrypto/rc4.h>
-		#include <hcrypto/aes.h>
-		#include <hcrypto/engine.h>
-		#include <hcrypto/hmac.h>
-		#include <hcrypto/pkcs12.h>
-		#endif
-
-int
-main ()
-{
-
-		void *schedule = 0;
-		MD4_CTX md4;
-		MD5_CTX md5;
-		SHA_CTX sha1;
-		SHA256_CTX sha256;
-
-		MD4_Init(&md4);
-		MD5_Init(&md5);
-		SHA1_Init(&sha1);
-		SHA256_Init(&sha256);
-		EVP_CIPHER_iv_length(((EVP_CIPHER*)0));
-		#ifdef HAVE_OPENSSL
-		RAND_status();
-		UI_UTIL_read_pw_string(0,0,0,0);
-		#endif
-
-		OpenSSL_add_all_algorithms();
-		AES_encrypt(0,0,0);
-		DES_cbc_encrypt(0, 0, 0, schedule, 0, 0);
-		RC4(0, 0, 0, 0);
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  openssl=no ires="$i" lres="$j $k"; break 3
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-			done
-		done
-	done
-
-	CFLAGS="$save_CFLAGS"
-	LIBS="$save_LIBS"
-	if test "$ires" -a "$lres"; then
-		INCLUDE_hcrypto="$ires"
-		LIB_hcrypto="$lres"
-		crypto_lib=krb4
-		{ echo "$as_me:$LINENO: result: same as krb4" >&5
-echo "${ECHO_T}same as krb4" >&6; }
-		LIB_hcrypto_a='$(LIB_hcrypto)'
-		LIB_hcrypto_so='$(LIB_hcrypto)'
-		LIB_hcrypto_appl='$(LIB_hcrypto)'
-	fi
-fi
-
-if test "$crypto_lib" = "unknown" -a "$with_openssl" != "no"; then
-	save_CFLAGS="$CFLAGS"
-	save_LIBS="$LIBS"
-	INCLUDE_hcrypto=
-	LIB_hcrypto=
-	if test "$with_openssl_include" != ""; then
-		INCLUDE_hcrypto="-I${with_openssl_include}"
-	fi
-	if test "$with_openssl_lib" != ""; then
-		LIB_hcrypto="-L${with_openssl_lib}"
-	fi
-	CFLAGS="-DHAVE_OPENSSL ${INCLUDE_hcrypto} ${CFLAGS}"
-	saved_LIB_hcrypto="$LIB_hcrypto"
-	for lres in "" "-ldl" "-lnsl -lsocket" "-lnsl -lsocket -ldl"; do
-		LIB_hcrypto="${saved_LIB_hcrypto} -lcrypto $lres"
-		LIB_hcrypto_a="$LIB_hcrypto"
-		LIB_hcrypto_so="$LIB_hcrypto"
-		LIB_hcrypto_appl="$LIB_hcrypto"
-		LIBS="${LIBS} ${LIB_hcrypto}"
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-		#undef KRB5 /* makes md4.h et al unhappy */
-		#ifdef HAVE_OPENSSL
-		#ifdef HAVE_SYS_TYPES_H
-		#include <sys/types.h>
-		#endif
-		#include <openssl/evp.h>
-		#include <openssl/md4.h>
-		#include <openssl/md5.h>
-		#include <openssl/sha.h>
-		#include <openssl/des.h>
-		#include <openssl/rc4.h>
-		#include <openssl/aes.h>
-		#include <openssl/engine.h>
-		#include <openssl/ui.h>
-		#include <openssl/rand.h>
-		#include <openssl/hmac.h>
-		#include <openssl/pkcs12.h>
-		#else
-		#include <hcrypto/evp.h>
-		#include <hcrypto/md4.h>
-		#include <hcrypto/md5.h>
-		#include <hcrypto/sha.h>
-		#include <hcrypto/des.h>
-		#include <hcrypto/rc4.h>
-		#include <hcrypto/aes.h>
-		#include <hcrypto/engine.h>
-		#include <hcrypto/hmac.h>
-		#include <hcrypto/pkcs12.h>
-		#endif
-
-int
-main ()
-{
-
-		void *schedule = 0;
-		MD4_CTX md4;
-		MD5_CTX md5;
-		SHA_CTX sha1;
-		SHA256_CTX sha256;
-
-		MD4_Init(&md4);
-		MD5_Init(&md5);
-		SHA1_Init(&sha1);
-		SHA256_Init(&sha256);
-		EVP_CIPHER_iv_length(((EVP_CIPHER*)0));
-		#ifdef HAVE_OPENSSL
-		RAND_status();
-		UI_UTIL_read_pw_string(0,0,0,0);
-		#endif
-
-		OpenSSL_add_all_algorithms();
-		AES_encrypt(0,0,0);
-		DES_cbc_encrypt(0, 0, 0, schedule, 0, 0);
-		RC4(0, 0, 0, 0);
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-
-			crypto_lib=libcrypto openssl=yes
-			{ echo "$as_me:$LINENO: result: libcrypto" >&5
-echo "${ECHO_T}libcrypto" >&6; }
-
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-		if test "$crypto_lib" = libcrypto ; then
-			break;
-		fi
-	done
-	CFLAGS="$save_CFLAGS"
-	LIBS="$save_LIBS"
-fi
-
-if test "$crypto_lib" = "unknown"; then
-
-  DIR_hcrypto='hcrypto'
-  LIB_hcrypto='$(top_builddir)/lib/hcrypto/libhcrypto.la'
-  LIB_hcrypto_a='$(top_builddir)/lib/hcrypto/.libs/libhcrypto.a'
-  LIB_hcrypto_so='$(top_builddir)/lib/hcrypto/.libs/libhcrypto.so'
-  LIB_hcrypto_appl="-lhcrypto"
-
-  { echo "$as_me:$LINENO: result: included libhcrypto" >&5
-echo "${ECHO_T}included libhcrypto" >&6; }
-
-fi
-
-if test "$with_krb4" != no -a "$crypto_lib" != krb4; then
-	{ { echo "$as_me:$LINENO: error: the crypto library used by krb4 lacks features
-required by Kerberos 5; to continue, you need to install a newer
-Kerberos 4 or configure --without-krb4" >&5
-echo "$as_me: error: the crypto library used by krb4 lacks features
-required by Kerberos 5; to continue, you need to install a newer
-Kerberos 4 or configure --without-krb4" >&2;}
-   { (exit 1); exit 1; }; }
-fi
-
-if test "$openssl" = "yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_OPENSSL 1
-_ACEOF
-
-fi
- if test "$openssl" = yes; then
-  HAVE_OPENSSL_TRUE=
-  HAVE_OPENSSL_FALSE='#'
-else
-  HAVE_OPENSSL_TRUE='#'
-  HAVE_OPENSSL_FALSE=
-fi
-
-
-
-
-
-
-
-
-
-
-{ echo "$as_me:$LINENO: checking if compiling threadsafe libraries" >&5
-echo $ECHO_N "checking if compiling threadsafe libraries... $ECHO_C" >&6; }
-
-# Check whether --enable-pthread-support was given.
-if test "${enable_pthread_support+set}" = set; then
-  enableval=$enable_pthread_support;
-else
-  enable_pthread_support=maybe
-fi
-
-
-case "$host" in
-*-*-solaris2*)
-	native_pthread_support=yes
-	if test "$GCC" = yes; then
-		PTHREADS_CFLAGS=-pthreads
-		PTHREADS_LIBS=-pthreads
-	else
-		PTHREADS_CFLAGS=-mt
-		PTHREADS_LIBS=-mt
-	fi
-	;;
-*-*-netbsd*)
-	native_pthread_support="if running netbsd 1.6T or newer"
-		PTHREADS_LIBS=""
-	;;
-*-*-freebsd5*)
-	native_pthread_support=yes
-	;;
-*-*-linux* | *-*-linux-gnu)
-	case `uname -r` in
-	2.*)
-		native_pthread_support=yes
-		PTHREADS_CFLAGS=-pthread
-		PTHREADS_LIBS=-pthread
-		;;
-	esac
-	;;
-*-*-aix*)
-	        	native_pthread_support=no
-	;;
-mips-sgi-irix6.[5-9])  # maybe works for earlier versions too
-	native_pthread_support=yes
-	PTHREADS_LIBS="-lpthread"
-	;;
-*-*-darwin*)
-	native_pthread_support=yes
-	;;
-*)
-	native_pthread_support=no
-	;;
-esac
-
-if test "$enable_pthread_support" = maybe ; then
-	enable_pthread_support="$native_pthread_support"
-fi
-
-if test "$enable_pthread_support" != no; then
-
-cat >>confdefs.h <<\_ACEOF
-#define ENABLE_PTHREAD_SUPPORT 1
-_ACEOF
-
-            LIBS="$PTHREADS_LIBS $LIBS"
-else
-  PTHREADS_CFLAGS=""
-  PTHREADS_LIBS=""
-fi
-
-
-
-
-{ echo "$as_me:$LINENO: result: $enable_pthread_support" >&5
-echo "${ECHO_T}$enable_pthread_support" >&6; }
-
-
-# Check whether --enable-dce was given.
-if test "${enable_dce+set}" = set; then
-  enableval=$enable_dce;
-fi
-
-if test "$enable_dce" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define DCE 1
-_ACEOF
-
-fi
- if test "$enable_dce" = yes; then
-  DCE_TRUE=
-  DCE_FALSE='#'
-else
-  DCE_TRUE='#'
-  DCE_FALSE=
-fi
-
-
-## XXX quite horrible:
-if test -f /etc/ibmcxx.cfg; then
-	dpagaix_ldadd=`sed -n '/^xlc_r4/,/^$/p' /etc/ibmcxx.cfg | sed -n -e '/libraries/{;s/^[^=]*=\(.*\)/\1/;s/,/ /gp;}'`
-	dpagaix_cflags=`sed -n '/^xlc_r4/,/^$/p' /etc/ibmcxx.cfg | sed -n -e '/options/{;s/^[^=]*=\(.*\)/\1/;s/-q^,*//;s/,/ /gp;}'`
-	dpagaix_ldflags=
-else
-	dpagaix_cflags="-D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce"
-	dpagaix_ldadd="-L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r"
-	dpagaix_ldflags="-Wl,-bI:dfspag.exp"
-fi
-
-
-
-
-# Check whether --enable-afs-support was given.
-if test "${enable_afs_support+set}" = set; then
-  enableval=$enable_afs_support;
-fi
-
-if test "$enable_afs_support" = no; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NO_AFS 1
-_ACEOF
-
-fi
-
-
-# Check whether --enable-berkeley-db was given.
-if test "${enable_berkeley_db+set}" = set; then
-  enableval=$enable_berkeley_db;
-
-fi
-
-
-# Check whether --enable-ndbm-db was given.
-if test "${enable_ndbm_db+set}" = set; then
-  enableval=$enable_ndbm_db;
-
-fi
-
-
-have_ndbm=no
-db_type=unknown
-
-if test "$enable_berkeley_db" != no; then
-
-
-
-
-
-for ac_header in 				\
-	db4/db.h				\
-	db3/db.h				\
-	db.h					\
-	db_185.h				\
-
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  { echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-else
-  # Is the header compilable?
-{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_header_compiler=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_header_compiler=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6; }
-
-# Is the header present?
-{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <$ac_header>
-_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null && {
-	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       }; then
-  ac_header_preproc=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-  ac_header_preproc=no
-fi
-
-rm -f conftest.err conftest.$ac_ext
-{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6; }
-
-# So?  What about this header?
-case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
-  yes:no: )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
-    ac_header_preproc=yes
-    ;;
-  no:yes:* )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header:     check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header:     check for missing prerequisite headers?" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
-echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&5
-echo "$as_me: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
-echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    ( cat <<\_ASBOX
-## ----------------------------------- ##
-## Report this to heimdal-bugs@h5l.org ##
-## ----------------------------------- ##
-_ASBOX
-     ) | sed "s/^/$as_me: WARNING:     /" >&2
-    ;;
-esac
-{ echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  eval "$as_ac_Header=\$ac_header_preproc"
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-
-
-
-
-{ echo "$as_me:$LINENO: checking for db_create" >&5
-echo $ECHO_N "checking for db_create... $ECHO_C" >&6; }
-if test "${ac_cv_funclib_db_create+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_db_create\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" db4 db3 db; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-  #include <stdio.h>
-  #ifdef HAVE_DB4_DB_H
-  #include <db4/db.h>
-  #elif defined(HAVE_DB3_DB_H)
-  #include <db3/db.h>
-  #else
-  #include <db.h>
-  #endif
-
-int
-main ()
-{
-db_create(NULL, NULL, 0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_db_create=$ac_lib; else ac_cv_funclib_db_create=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_db_create=\${ac_cv_funclib_db_create-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_db_create"
-
-if false; then
-
-for ac_func in db_create
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# db_create
-eval "ac_tr_func=HAVE_`echo db_create | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_db_create=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_db_create=yes"
-	eval "LIB_db_create="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-	;;
-	no)
-	eval "ac_cv_func_db_create=no"
-	eval "LIB_db_create="
-	{ echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-	;;
-	*)
-	eval "ac_cv_func_db_create=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6; }
-	;;
-esac
-
-
-
-  if test "$ac_cv_func_db_create" = "yes"; then
-    db_type=db3
-    if test "$ac_cv_funclib_db_create" != "yes"; then
-      DBLIB="$ac_cv_funclib_db_create"
-    else
-      DBLIB=""
-    fi
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_DB3 1
-_ACEOF
-
-  else
-
-
-
-
-
-{ echo "$as_me:$LINENO: checking for dbopen" >&5
-echo $ECHO_N "checking for dbopen... $ECHO_C" >&6; }
-if test "${ac_cv_funclib_dbopen+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_dbopen\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" db2 db; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-    #include <stdio.h>
-    #if defined(HAVE_DB2_DB_H)
-    #include <db2/db.h>
-    #elif defined(HAVE_DB_185_H)
-    #include <db_185.h>
-    #elif defined(HAVE_DB_H)
-    #include <db.h>
-    #else
-    #error no db.h
-    #endif
-
-int
-main ()
-{
-dbopen(NULL, 0, 0, 0, NULL)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_dbopen=$ac_lib; else ac_cv_funclib_dbopen=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_dbopen=\${ac_cv_funclib_dbopen-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_dbopen"
-
-if false; then
-
-for ac_func in dbopen
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# dbopen
-eval "ac_tr_func=HAVE_`echo dbopen | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_dbopen=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_dbopen=yes"
-	eval "LIB_dbopen="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-	;;
-	no)
-	eval "ac_cv_func_dbopen=no"
-	eval "LIB_dbopen="
-	{ echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-	;;
-	*)
-	eval "ac_cv_func_dbopen=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6; }
-	;;
-esac
-
-
-
-    if test "$ac_cv_func_dbopen" = "yes"; then
-      db_type=db1
-      if test "$ac_cv_funclib_dbopen" != "yes"; then
-        DBLIB="$ac_cv_funclib_dbopen"
-      else
-        DBLIB=""
-      fi
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_DB1 1
-_ACEOF
-
-    fi
-  fi
-
-
-  if test "$ac_cv_func_dbm_firstkey" != yes; then
-
-
-{ echo "$as_me:$LINENO: checking for dbm_firstkey" >&5
-echo $ECHO_N "checking for dbm_firstkey... $ECHO_C" >&6; }
-if test "${ac_cv_funclib_dbm_firstkey+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_dbm_firstkey\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in $ac_cv_funclib_dbopen $ac_cv_funclib_db_create; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-    #include <stdio.h>
-    #define DB_DBM_HSEARCH 1
-    #include <db.h>
-    DBM *dbm;
-
-int
-main ()
-{
-dbm_firstkey(NULL)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_dbm_firstkey=$ac_lib; else ac_cv_funclib_dbm_firstkey=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_dbm_firstkey=\${ac_cv_funclib_dbm_firstkey-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_dbm_firstkey"
-
-if false; then
-
-for ac_func in dbm_firstkey
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# dbm_firstkey
-eval "ac_tr_func=HAVE_`echo dbm_firstkey | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_dbm_firstkey=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_dbm_firstkey=yes"
-	eval "LIB_dbm_firstkey="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-	;;
-	no)
-	eval "ac_cv_func_dbm_firstkey=no"
-	eval "LIB_dbm_firstkey="
-	{ echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-	;;
-	*)
-	eval "ac_cv_func_dbm_firstkey=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6; }
-	;;
-esac
-
-
-
-    if test "$ac_cv_func_dbm_firstkey" = "yes"; then
-      if test "$ac_cv_funclib_dbm_firstkey" != "yes"; then
-        LIB_NDBM="$ac_cv_funclib_dbm_firstkey"
-      else
-        LIB_NDBM=""
-      fi
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_DB_NDBM 1
-_ACEOF
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_NEW_DB 1
-_ACEOF
-
-    else
-      $as_unset ac_cv_func_dbm_firstkey
-      $as_unset ac_cv_funclib_dbm_firstkey
-    fi
-  fi
-
-fi # berkeley db
-
-if test "$enable_ndbm_db" != "no"; then
-
-  if test "$db_type" = "unknown" -o "$ac_cv_func_dbm_firstkey" = ""; then
-
-
-
-for ac_header in 				\
-  	dbm.h					\
-  	ndbm.h					\
-
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  { echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-else
-  # Is the header compilable?
-{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_header_compiler=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_header_compiler=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6; }
-
-# Is the header present?
-{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <$ac_header>
-_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null && {
-	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       }; then
-  ac_header_preproc=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-  ac_header_preproc=no
-fi
-
-rm -f conftest.err conftest.$ac_ext
-{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6; }
-
-# So?  What about this header?
-case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
-  yes:no: )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
-    ac_header_preproc=yes
-    ;;
-  no:yes:* )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header:     check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header:     check for missing prerequisite headers?" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
-echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&5
-echo "$as_me: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
-echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    ( cat <<\_ASBOX
-## ----------------------------------- ##
-## Report this to heimdal-bugs@h5l.org ##
-## ----------------------------------- ##
-_ASBOX
-     ) | sed "s/^/$as_me: WARNING:     /" >&2
-    ;;
-esac
-{ echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  eval "$as_ac_Header=\$ac_header_preproc"
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-
-
-
-{ echo "$as_me:$LINENO: checking for dbm_firstkey" >&5
-echo $ECHO_N "checking for dbm_firstkey... $ECHO_C" >&6; }
-if test "${ac_cv_funclib_dbm_firstkey+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_dbm_firstkey\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" ndbm; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-    #include <stdio.h>
-    #if defined(HAVE_NDBM_H)
-    #include <ndbm.h>
-    #elif defined(HAVE_DBM_H)
-    #include <dbm.h>
-    #endif
-    DBM *dbm;
-
-int
-main ()
-{
-dbm_firstkey(NULL)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_dbm_firstkey=$ac_lib; else ac_cv_funclib_dbm_firstkey=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_dbm_firstkey=\${ac_cv_funclib_dbm_firstkey-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_dbm_firstkey"
-
-if false; then
-
-for ac_func in dbm_firstkey
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# dbm_firstkey
-eval "ac_tr_func=HAVE_`echo dbm_firstkey | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_dbm_firstkey=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_dbm_firstkey=yes"
-	eval "LIB_dbm_firstkey="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-	;;
-	no)
-	eval "ac_cv_func_dbm_firstkey=no"
-	eval "LIB_dbm_firstkey="
-	{ echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-	;;
-	*)
-	eval "ac_cv_func_dbm_firstkey=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6; }
-	;;
-esac
-
-
-
-    if test "$ac_cv_func_dbm_firstkey" = "yes"; then
-      if test "$ac_cv_funclib_dbm_firstkey" != "yes"; then
-        LIB_NDBM="$ac_cv_funclib_dbm_firstkey"
-      else
-        LIB_NDBM=""
-      fi
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_NDBM 1
-_ACEOF
-      have_ndbm=yes
-      if test "$db_type" = "unknown"; then
-        db_type=ndbm
-        DBLIB="$LIB_NDBM"
-      fi
-    else
-
-      $as_unset ac_cv_func_dbm_firstkey
-      $as_unset ac_cv_funclib_dbm_firstkey
-
-
-for ac_header in 				\
-  	  gdbm/ndbm.h				\
-
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  { echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-else
-  # Is the header compilable?
-{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_header_compiler=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_header_compiler=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6; }
-
-# Is the header present?
-{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <$ac_header>
-_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null && {
-	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       }; then
-  ac_header_preproc=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-  ac_header_preproc=no
-fi
-
-rm -f conftest.err conftest.$ac_ext
-{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6; }
-
-# So?  What about this header?
-case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
-  yes:no: )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
-    ac_header_preproc=yes
-    ;;
-  no:yes:* )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header:     check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header:     check for missing prerequisite headers?" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
-echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&5
-echo "$as_me: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
-echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    ( cat <<\_ASBOX
-## ----------------------------------- ##
-## Report this to heimdal-bugs@h5l.org ##
-## ----------------------------------- ##
-_ASBOX
-     ) | sed "s/^/$as_me: WARNING:     /" >&2
-    ;;
-esac
-{ echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  eval "$as_ac_Header=\$ac_header_preproc"
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-
-
-
-{ echo "$as_me:$LINENO: checking for dbm_firstkey" >&5
-echo $ECHO_N "checking for dbm_firstkey... $ECHO_C" >&6; }
-if test "${ac_cv_funclib_dbm_firstkey+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_dbm_firstkey\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" gdbm; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-      #include <stdio.h>
-      #include <gdbm/ndbm.h>
-      DBM *dbm;
-
-int
-main ()
-{
-dbm_firstkey(NULL)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_dbm_firstkey=$ac_lib; else ac_cv_funclib_dbm_firstkey=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_dbm_firstkey=\${ac_cv_funclib_dbm_firstkey-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_dbm_firstkey"
-
-if false; then
-
-for ac_func in dbm_firstkey
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# dbm_firstkey
-eval "ac_tr_func=HAVE_`echo dbm_firstkey | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_dbm_firstkey=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_dbm_firstkey=yes"
-	eval "LIB_dbm_firstkey="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-	;;
-	no)
-	eval "ac_cv_func_dbm_firstkey=no"
-	eval "LIB_dbm_firstkey="
-	{ echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-	;;
-	*)
-	eval "ac_cv_func_dbm_firstkey=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6; }
-	;;
-esac
-
-
-
-      if test "$ac_cv_func_dbm_firstkey" = "yes"; then
-        if test "$ac_cv_funclib_dbm_firstkey" != "yes"; then
-  	LIB_NDBM="$ac_cv_funclib_dbm_firstkey"
-        else
-  	LIB_NDBM=""
-        fi
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_NDBM 1
-_ACEOF
-        have_ndbm=yes
-        if test "$db_type" = "unknown"; then
-  	db_type=ndbm
-  	DBLIB="$LIB_NDBM"
-        fi
-      fi
-    fi
-  fi #enable_ndbm_db
-fi # unknown
-
-if test "$have_ndbm" = "yes"; then
-  { echo "$as_me:$LINENO: checking if ndbm is implemented with db" >&5
-echo $ECHO_N "checking if ndbm is implemented with db... $ECHO_C" >&6; }
-  if test "$cross_compiling" = yes; then
-  { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&2;}
-   { (exit 1); exit 1; }; }
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#include <unistd.h>
-#include <fcntl.h>
-#if defined(HAVE_GDBM_NDBM_H)
-#include <gdbm/ndbm.h>
-#elif defined(HAVE_NDBM_H)
-#include <ndbm.h>
-#elif defined(HAVE_DBM_H)
-#include <dbm.h>
-#endif
-int main(int argc, char **argv)
-{
-  DBM *d;
-
-  d = dbm_open("conftest", O_RDWR | O_CREAT, 0666);
-  if (d == NULL)
-    return 1;
-  dbm_close(d);
-  return 0;
-}
-_ACEOF
-rm -f conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_try") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-
-    if test -f conftest.db; then
-      { echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_NEW_DB 1
-_ACEOF
-
-    else
-      { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-    fi
-else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-( exit $ac_status )
-{ echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-
-
-fi
-
- if test "$db_type" = db1; then
-  HAVE_DB1_TRUE=
-  HAVE_DB1_FALSE='#'
-else
-  HAVE_DB1_TRUE='#'
-  HAVE_DB1_FALSE=
-fi
- if test "$db_type" = db3; then
-  HAVE_DB3_TRUE=
-  HAVE_DB3_FALSE='#'
-else
-  HAVE_DB3_TRUE='#'
-  HAVE_DB3_FALSE=
-fi
- if test "$db_type" = ndbm; then
-  HAVE_NDBM_TRUE=
-  HAVE_NDBM_FALSE='#'
-else
-  HAVE_NDBM_TRUE='#'
-  HAVE_NDBM_FALSE=
-fi
-
-## it's probably not correct to include LDFLAGS here, but we might
-## need it, for now just add any possible -L
-z=""
-for i in $LDFLAGS; do
-	case "$i" in
-	-L*) z="$z $i";;
-	esac
-done
-DBLIB="$z $DBLIB"
-
-
-
-
-
-{ echo "$as_me:$LINENO: checking for inline" >&5
-echo $ECHO_N "checking for inline... $ECHO_C" >&6; }
-if test "${ac_cv_c_inline+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_cv_c_inline=no
-for ac_kw in inline __inline__ __inline; do
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#ifndef __cplusplus
-typedef int foo_t;
-static $ac_kw foo_t static_foo () {return 0; }
-$ac_kw foo_t foo () {return 0; }
-#endif
-
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_c_inline=$ac_kw
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-  test "$ac_cv_c_inline" != no && break
-done
-
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_c_inline" >&5
-echo "${ECHO_T}$ac_cv_c_inline" >&6; }
-
-
-case $ac_cv_c_inline in
-  inline | yes) ;;
-  *)
-    case $ac_cv_c_inline in
-      no) ac_val=;;
-      *) ac_val=$ac_cv_c_inline;;
-    esac
-    cat >>confdefs.h <<_ACEOF
-#ifndef __cplusplus
-#define inline $ac_val
-#endif
-_ACEOF
-    ;;
-esac
-
-{ echo "$as_me:$LINENO: checking for an ANSI C-conforming const" >&5
-echo $ECHO_N "checking for an ANSI C-conforming const... $ECHO_C" >&6; }
-if test "${ac_cv_c_const+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-int
-main ()
-{
-/* FIXME: Include the comments suggested by Paul. */
-#ifndef __cplusplus
-  /* Ultrix mips cc rejects this.  */
-  typedef int charset[2];
-  const charset cs;
-  /* SunOS 4.1.1 cc rejects this.  */
-  char const *const *pcpcc;
-  char **ppc;
-  /* NEC SVR4.0.2 mips cc rejects this.  */
-  struct point {int x, y;};
-  static struct point const zero = {0,0};
-  /* AIX XL C 1.02.0.0 rejects this.
-     It does not let you subtract one const X* pointer from another in
-     an arm of an if-expression whose if-part is not a constant
-     expression */
-  const char *g = "string";
-  pcpcc = &g + (g ? g-g : 0);
-  /* HPUX 7.0 cc rejects these. */
-  ++pcpcc;
-  ppc = (char**) pcpcc;
-  pcpcc = (char const *const *) ppc;
-  { /* SCO 3.2v4 cc rejects this.  */
-    char *t;
-    char const *s = 0 ? (char *) 0 : (char const *) 0;
-
-    *t++ = 0;
-    if (s) return 0;
-  }
-  { /* Someone thinks the Sun supposedly-ANSI compiler will reject this.  */
-    int x[] = {25, 17};
-    const int *foo = &x[0];
-    ++foo;
-  }
-  { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */
-    typedef const int *iptr;
-    iptr p = 0;
-    ++p;
-  }
-  { /* AIX XL C 1.02.0.0 rejects this saying
-       "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */
-    struct s { int j; const int *ap[3]; };
-    struct s *b; b->j = 5;
-  }
-  { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */
-    const int foo = 10;
-    if (!foo) return 0;
-  }
-  return !cs[0] && !zero.x;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_c_const=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_c_const=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_c_const" >&5
-echo "${ECHO_T}$ac_cv_c_const" >&6; }
-if test $ac_cv_c_const = no; then
-
-cat >>confdefs.h <<\_ACEOF
-#define const
-_ACEOF
-
-fi
-
-{ echo "$as_me:$LINENO: checking for size_t" >&5
-echo $ECHO_N "checking for size_t... $ECHO_C" >&6; }
-if test "${ac_cv_type_size_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-typedef size_t ac__type_new_;
-int
-main ()
-{
-if ((ac__type_new_ *) 0)
-  return 0;
-if (sizeof (ac__type_new_))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_type_size_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_type_size_t=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_size_t" >&5
-echo "${ECHO_T}$ac_cv_type_size_t" >&6; }
-if test $ac_cv_type_size_t = yes; then
-  :
-else
-
-cat >>confdefs.h <<_ACEOF
-#define size_t unsigned int
-_ACEOF
-
-fi
-
-{ echo "$as_me:$LINENO: checking for pid_t" >&5
-echo $ECHO_N "checking for pid_t... $ECHO_C" >&6; }
-if test "${ac_cv_type_pid_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-typedef pid_t ac__type_new_;
-int
-main ()
-{
-if ((ac__type_new_ *) 0)
-  return 0;
-if (sizeof (ac__type_new_))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_type_pid_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_type_pid_t=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_pid_t" >&5
-echo "${ECHO_T}$ac_cv_type_pid_t" >&6; }
-if test $ac_cv_type_pid_t = yes; then
-  :
-else
-
-cat >>confdefs.h <<_ACEOF
-#define pid_t int
-_ACEOF
-
-fi
-
-{ echo "$as_me:$LINENO: checking for uid_t in sys/types.h" >&5
-echo $ECHO_N "checking for uid_t in sys/types.h... $ECHO_C" >&6; }
-if test "${ac_cv_type_uid_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <sys/types.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP "uid_t" >/dev/null 2>&1; then
-  ac_cv_type_uid_t=yes
-else
-  ac_cv_type_uid_t=no
-fi
-rm -f conftest*
-
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_uid_t" >&5
-echo "${ECHO_T}$ac_cv_type_uid_t" >&6; }
-if test $ac_cv_type_uid_t = no; then
-
-cat >>confdefs.h <<\_ACEOF
-#define uid_t int
-_ACEOF
-
-
-cat >>confdefs.h <<\_ACEOF
-#define gid_t int
-_ACEOF
-
-fi
-
-
-{ echo "$as_me:$LINENO: checking return type of signal handlers" >&5
-echo $ECHO_N "checking return type of signal handlers... $ECHO_C" >&6; }
-if test "${ac_cv_type_signal+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <sys/types.h>
-#include <signal.h>
-
-int
-main ()
-{
-return *(signal (0, 0)) (0) == 1;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_type_signal=int
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_type_signal=void
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_signal" >&5
-echo "${ECHO_T}$ac_cv_type_signal" >&6; }
-
-cat >>confdefs.h <<_ACEOF
-#define RETSIGTYPE $ac_cv_type_signal
-_ACEOF
-
-
-if test "$ac_cv_type_signal" = "void" ; then
-
-cat >>confdefs.h <<\_ACEOF
-#define VOID_RETSIGTYPE 1
-_ACEOF
-
-fi
-
-
-
-
-{ echo "$as_me:$LINENO: checking whether time.h and sys/time.h may both be included" >&5
-echo $ECHO_N "checking whether time.h and sys/time.h may both be included... $ECHO_C" >&6; }
-if test "${ac_cv_header_time+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <sys/types.h>
-#include <sys/time.h>
-#include <time.h>
-
-int
-main ()
-{
-if ((struct tm *) 0)
-return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_header_time=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_header_time=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_header_time" >&5
-echo "${ECHO_T}$ac_cv_header_time" >&6; }
-if test $ac_cv_header_time = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define TIME_WITH_SYS_TIME 1
-_ACEOF
-
-fi
-
-
-
-for ac_header in standards.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  { echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-else
-  # Is the header compilable?
-{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_header_compiler=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_header_compiler=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6; }
-
-# Is the header present?
-{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <$ac_header>
-_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null && {
-	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       }; then
-  ac_header_preproc=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-  ac_header_preproc=no
-fi
-
-rm -f conftest.err conftest.$ac_ext
-{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6; }
-
-# So?  What about this header?
-case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
-  yes:no: )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
-    ac_header_preproc=yes
-    ;;
-  no:yes:* )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header:     check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header:     check for missing prerequisite headers?" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
-echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&5
-echo "$as_me: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
-echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    ( cat <<\_ASBOX
-## ----------------------------------- ##
-## Report this to heimdal-bugs@h5l.org ##
-## ----------------------------------- ##
-_ASBOX
-     ) | sed "s/^/$as_me: WARNING:     /" >&2
-    ;;
-esac
-{ echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  eval "$as_ac_Header=\$ac_header_preproc"
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-for i in netinet/ip.h netinet/tcp.h; do
-
-cv=`echo "$i" | sed 'y%./+-%__p_%'`
-
-{ echo "$as_me:$LINENO: checking for $i" >&5
-echo $ECHO_N "checking for $i... $ECHO_C" >&6; }
-if { as_var=ac_cv_header_$cv; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_STANDARDS_H
-#include <standards.h>
-#endif
-#include <$i>
-
-_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null && {
-	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       }; then
-  eval "ac_cv_header_$cv=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-  eval "ac_cv_header_$cv=no"
-fi
-
-rm -f conftest.err conftest.$ac_ext
-fi
-ac_res=`eval echo '${'ac_cv_header_$cv'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-ac_res=`eval echo \\$ac_cv_header_$cv`
-if test "$ac_res" = yes; then
-	ac_tr_hdr=HAVE_`echo $i | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_hdr 1
-_ACEOF
-
-fi
-done
-if false;then
-
-
-for ac_header in netinet/ip.h netinet/tcp.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  { echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-else
-  # Is the header compilable?
-{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_header_compiler=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_header_compiler=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6; }
-
-# Is the header present?
-{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <$ac_header>
-_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null && {
-	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       }; then
-  ac_header_preproc=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-  ac_header_preproc=no
-fi
-
-rm -f conftest.err conftest.$ac_ext
-{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6; }
-
-# So?  What about this header?
-case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
-  yes:no: )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
-    ac_header_preproc=yes
-    ;;
-  no:yes:* )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header:     check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header:     check for missing prerequisite headers?" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
-echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&5
-echo "$as_me: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
-echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    ( cat <<\_ASBOX
-## ----------------------------------- ##
-## Report this to heimdal-bugs@h5l.org ##
-## ----------------------------------- ##
-_ASBOX
-     ) | sed "s/^/$as_me: WARNING:     /" >&2
-    ;;
-esac
-{ echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  eval "$as_ac_Header=\$ac_header_preproc"
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-fi
-
-
-
-
-for ac_func in getlogin setlogin
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-if test "$ac_cv_func_getlogin" = yes; then
-{ echo "$as_me:$LINENO: checking if getlogin is posix" >&5
-echo $ECHO_N "checking if getlogin is posix... $ECHO_C" >&6; }
-if test "${ac_cv_func_getlogin_posix+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if test "$ac_cv_func_getlogin" = yes -a "$ac_cv_func_setlogin" = yes; then
-	ac_cv_func_getlogin_posix=no
-else
-	ac_cv_func_getlogin_posix=yes
-fi
-
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_getlogin_posix" >&5
-echo "${ECHO_T}$ac_cv_func_getlogin_posix" >&6; }
-if test "$ac_cv_func_getlogin_posix" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define POSIX_GETLOGIN 1
-_ACEOF
-
-fi
-fi
-
-
-
-for ac_header in stdlib.h unistd.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  { echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-else
-  # Is the header compilable?
-{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_header_compiler=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_header_compiler=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6; }
-
-# Is the header present?
-{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <$ac_header>
-_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null && {
-	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       }; then
-  ac_header_preproc=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-  ac_header_preproc=no
-fi
-
-rm -f conftest.err conftest.$ac_ext
-{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6; }
-
-# So?  What about this header?
-case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
-  yes:no: )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
-    ac_header_preproc=yes
-    ;;
-  no:yes:* )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header:     check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header:     check for missing prerequisite headers?" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
-echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&5
-echo "$as_me: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
-echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    ( cat <<\_ASBOX
-## ----------------------------------- ##
-## Report this to heimdal-bugs@h5l.org ##
-## ----------------------------------- ##
-_ASBOX
-     ) | sed "s/^/$as_me: WARNING:     /" >&2
-    ;;
-esac
-{ echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  eval "$as_ac_Header=\$ac_header_preproc"
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-for ac_func in getpagesize
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-{ echo "$as_me:$LINENO: checking for working mmap" >&5
-echo $ECHO_N "checking for working mmap... $ECHO_C" >&6; }
-if test "${ac_cv_func_mmap_fixed_mapped+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test "$cross_compiling" = yes; then
-  ac_cv_func_mmap_fixed_mapped=no
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-/* malloc might have been renamed as rpl_malloc. */
-#undef malloc
-
-/* Thanks to Mike Haertel and Jim Avera for this test.
-   Here is a matrix of mmap possibilities:
-	mmap private not fixed
-	mmap private fixed at somewhere currently unmapped
-	mmap private fixed at somewhere already mapped
-	mmap shared not fixed
-	mmap shared fixed at somewhere currently unmapped
-	mmap shared fixed at somewhere already mapped
-   For private mappings, we should verify that changes cannot be read()
-   back from the file, nor mmap's back from the file at a different
-   address.  (There have been systems where private was not correctly
-   implemented like the infamous i386 svr4.0, and systems where the
-   VM page cache was not coherent with the file system buffer cache
-   like early versions of FreeBSD and possibly contemporary NetBSD.)
-   For shared mappings, we should conversely verify that changes get
-   propagated back to all the places they're supposed to be.
-
-   Grep wants private fixed already mapped.
-   The main things grep needs to know about mmap are:
-   * does it exist and is it safe to write into the mmap'd area
-   * how to use it (BSD variants)  */
-
-#include <fcntl.h>
-#include <sys/mman.h>
-
-#if !defined STDC_HEADERS && !defined HAVE_STDLIB_H
-char *malloc ();
-#endif
-
-/* This mess was copied from the GNU getpagesize.h.  */
-#ifndef HAVE_GETPAGESIZE
-/* Assume that all systems that can run configure have sys/param.h.  */
-# ifndef HAVE_SYS_PARAM_H
-#  define HAVE_SYS_PARAM_H 1
-# endif
-
-# ifdef _SC_PAGESIZE
-#  define getpagesize() sysconf(_SC_PAGESIZE)
-# else /* no _SC_PAGESIZE */
-#  ifdef HAVE_SYS_PARAM_H
-#   include <sys/param.h>
-#   ifdef EXEC_PAGESIZE
-#    define getpagesize() EXEC_PAGESIZE
-#   else /* no EXEC_PAGESIZE */
-#    ifdef NBPG
-#     define getpagesize() NBPG * CLSIZE
-#     ifndef CLSIZE
-#      define CLSIZE 1
-#     endif /* no CLSIZE */
-#    else /* no NBPG */
-#     ifdef NBPC
-#      define getpagesize() NBPC
-#     else /* no NBPC */
-#      ifdef PAGESIZE
-#       define getpagesize() PAGESIZE
-#      endif /* PAGESIZE */
-#     endif /* no NBPC */
-#    endif /* no NBPG */
-#   endif /* no EXEC_PAGESIZE */
-#  else /* no HAVE_SYS_PARAM_H */
-#   define getpagesize() 8192	/* punt totally */
-#  endif /* no HAVE_SYS_PARAM_H */
-# endif /* no _SC_PAGESIZE */
-
-#endif /* no HAVE_GETPAGESIZE */
-
-int
-main ()
-{
-  char *data, *data2, *data3;
-  int i, pagesize;
-  int fd;
-
-  pagesize = getpagesize ();
-
-  /* First, make a file with some known garbage in it. */
-  data = (char *) malloc (pagesize);
-  if (!data)
-    return 1;
-  for (i = 0; i < pagesize; ++i)
-    *(data + i) = rand ();
-  umask (0);
-  fd = creat ("conftest.mmap", 0600);
-  if (fd < 0)
-    return 1;
-  if (write (fd, data, pagesize) != pagesize)
-    return 1;
-  close (fd);
-
-  /* Next, try to mmap the file at a fixed address which already has
-     something else allocated at it.  If we can, also make sure that
-     we see the same garbage.  */
-  fd = open ("conftest.mmap", O_RDWR);
-  if (fd < 0)
-    return 1;
-  data2 = (char *) malloc (2 * pagesize);
-  if (!data2)
-    return 1;
-  data2 += (pagesize - ((long int) data2 & (pagesize - 1))) & (pagesize - 1);
-  if (data2 != mmap (data2, pagesize, PROT_READ | PROT_WRITE,
-		     MAP_PRIVATE | MAP_FIXED, fd, 0L))
-    return 1;
-  for (i = 0; i < pagesize; ++i)
-    if (*(data + i) != *(data2 + i))
-      return 1;
-
-  /* Finally, make sure that changes to the mapped area do not
-     percolate back to the file as seen by read().  (This is a bug on
-     some variants of i386 svr4.0.)  */
-  for (i = 0; i < pagesize; ++i)
-    *(data2 + i) = *(data2 + i) + 1;
-  data3 = (char *) malloc (pagesize);
-  if (!data3)
-    return 1;
-  if (read (fd, data3, pagesize) != pagesize)
-    return 1;
-  for (i = 0; i < pagesize; ++i)
-    if (*(data + i) != *(data3 + i))
-      return 1;
-  close (fd);
-  return 0;
-}
-_ACEOF
-rm -f conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_try") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_mmap_fixed_mapped=yes
-else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-( exit $ac_status )
-ac_cv_func_mmap_fixed_mapped=no
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-
-
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_mmap_fixed_mapped" >&5
-echo "${ECHO_T}$ac_cv_func_mmap_fixed_mapped" >&6; }
-if test $ac_cv_func_mmap_fixed_mapped = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_MMAP 1
-_ACEOF
-
-fi
-rm -f conftest.mmap
-
-
-{ echo "$as_me:$LINENO: checking if realloc if broken" >&5
-echo $ECHO_N "checking if realloc if broken... $ECHO_C" >&6; }
-if test "${ac_cv_func_realloc_broken+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-ac_cv_func_realloc_broken=no
-if test "$cross_compiling" = yes; then
-  :
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#include <stddef.h>
-#include <stdlib.h>
-
-int main(int argc, char **argv)
-{
-	return realloc(NULL, 17) == NULL;
-}
-
-_ACEOF
-rm -f conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_try") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  :
-else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-( exit $ac_status )
-ac_cv_func_realloc_broken=yes
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-
-
-
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_realloc_broken" >&5
-echo "${ECHO_T}$ac_cv_func_realloc_broken" >&6; }
-if test "$ac_cv_func_realloc_broken" = yes ; then
-
-cat >>confdefs.h <<\_ACEOF
-#define BROKEN_REALLOC 1
-_ACEOF
-
-fi
-
-
-
-
-
-
-
-DIR_roken=roken
-LIB_roken='$(top_builddir)/lib/roken/libroken.la'
-INCLUDES_roken='-I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken'
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-# Check whether --enable-developer was given.
-if test "${enable_developer+set}" = set; then
-  enableval=$enable_developer;
-fi
-
-if test "X$enable_developer" = Xyes; then
-    dwflags="-Werror"
-fi
-
-WFLAGS_NOUNUSED=""
-WFLAGS_NOIMPLICITINT=""
-if test -z "$WFLAGS" -a "$GCC" = "yes"; then
-  # -Wno-implicit-int for broken X11 headers
-  # leave these out for now:
-  #   -Wcast-align doesn't work well on alpha osf/1
-  #   -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast
-  #   -Wmissing-declarations -Wnested-externs
-  WFLAGS="-Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs $dwflags"
-  WFLAGS_NOUNUSED="-Wno-unused"
-  WFLAGS_NOIMPLICITINT="-Wno-implicit-int"
-fi
-
-
-
-
-
-
-
-
-cv=`echo "ssize_t" | sed 'y%./+- %__p__%'`
-{ echo "$as_me:$LINENO: checking for ssize_t" >&5
-echo $ECHO_N "checking for ssize_t... $ECHO_C" >&6; }
-if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-#include <unistd.h>
-int
-main ()
-{
-ssize_t foo;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_type_$cv=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_type_$cv=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-ac_foo=`eval echo \\$ac_cv_type_$cv`
-{ echo "$as_me:$LINENO: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6; }
-if test "$ac_foo" = yes; then
-  ac_tr_hdr=HAVE_`echo ssize_t | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
-if false; then
-	{ echo "$as_me:$LINENO: checking for ssize_t" >&5
-echo $ECHO_N "checking for ssize_t... $ECHO_C" >&6; }
-if test "${ac_cv_type_ssize_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-typedef ssize_t ac__type_new_;
-int
-main ()
-{
-if ((ac__type_new_ *) 0)
-  return 0;
-if (sizeof (ac__type_new_))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_type_ssize_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_type_ssize_t=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_ssize_t" >&5
-echo "${ECHO_T}$ac_cv_type_ssize_t" >&6; }
-if test $ac_cv_type_ssize_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_SSIZE_T 1
-_ACEOF
-
-
-fi
-
-fi
-
-cat >>confdefs.h <<_ACEOF
-#define $ac_tr_hdr 1
-_ACEOF
-
-fi
-
-
-
-
-
-cv=`echo "long long" | sed 'y%./+- %__p__%'`
-{ echo "$as_me:$LINENO: checking for long long" >&5
-echo $ECHO_N "checking for long long... $ECHO_C" >&6; }
-if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-
-int
-main ()
-{
-long long foo;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_type_$cv=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_type_$cv=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-ac_foo=`eval echo \\$ac_cv_type_$cv`
-{ echo "$as_me:$LINENO: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6; }
-if test "$ac_foo" = yes; then
-  ac_tr_hdr=HAVE_`echo long long | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
-if false; then
-	{ echo "$as_me:$LINENO: checking for long long" >&5
-echo $ECHO_N "checking for long long... $ECHO_C" >&6; }
-if test "${ac_cv_type_long_long+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-typedef long long ac__type_new_;
-int
-main ()
-{
-if ((ac__type_new_ *) 0)
-  return 0;
-if (sizeof (ac__type_new_))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_type_long_long=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_type_long_long=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_long_long" >&5
-echo "${ECHO_T}$ac_cv_type_long_long" >&6; }
-if test $ac_cv_type_long_long = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_LONG_LONG 1
-_ACEOF
-
-
-fi
-
-fi
-
-cat >>confdefs.h <<_ACEOF
-#define $ac_tr_hdr 1
-_ACEOF
-
-fi
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-for ac_header in \
-	arpa/inet.h				\
-	config.h				\
-	crypt.h					\
-	dirent.h				\
-	errno.h					\
-	err.h					\
-	fcntl.h					\
-	fnmatch.h				\
-	grp.h					\
-	ifaddrs.h				\
-	netinet/in.h				\
-	netinet/in6.h				\
-	netinet/in_systm.h			\
-	netinet6/in6.h				\
-	paths.h					\
-	poll.h					\
-	pwd.h					\
-	rpcsvc/ypclnt.h				\
-	shadow.h				\
-	stdint.h				\
-	sys/bswap.h				\
-	sys/ioctl.h				\
-	sys/mman.h				\
-	sys/param.h				\
-	sys/resource.h				\
-	sys/sockio.h				\
-	sys/stat.h				\
-	sys/time.h				\
-	sys/tty.h				\
-	sys/types.h				\
-	sys/uio.h				\
-	sys/utsname.h				\
-	sys/wait.h				\
-	syslog.h				\
-	termios.h				\
-	unistd.h				\
-	userconf.h				\
-	usersec.h				\
-	util.h					\
-
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  { echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-else
-  # Is the header compilable?
-{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_header_compiler=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_header_compiler=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6; }
-
-# Is the header present?
-{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <$ac_header>
-_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null && {
-	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       }; then
-  ac_header_preproc=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-  ac_header_preproc=no
-fi
-
-rm -f conftest.err conftest.$ac_ext
-{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6; }
-
-# So?  What about this header?
-case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
-  yes:no: )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
-    ac_header_preproc=yes
-    ;;
-  no:yes:* )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header:     check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header:     check for missing prerequisite headers?" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
-echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&5
-echo "$as_me: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
-echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    ( cat <<\_ASBOX
-## ----------------------------------- ##
-## Report this to heimdal-bugs@h5l.org ##
-## ----------------------------------- ##
-_ASBOX
-     ) | sed "s/^/$as_me: WARNING:     /" >&2
-    ;;
-esac
-{ echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  eval "$as_ac_Header=\$ac_header_preproc"
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-
-
-cv=`echo "uintptr_t" | sed 'y%./+- %__p__%'`
-{ echo "$as_me:$LINENO: checking for uintptr_t" >&5
-echo $ECHO_N "checking for uintptr_t... $ECHO_C" >&6; }
-if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-#ifdef HAVE_STDINT_H
-#include <stdint.h>
-#endif
-int
-main ()
-{
-uintptr_t foo;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_type_$cv=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_type_$cv=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-ac_foo=`eval echo \\$ac_cv_type_$cv`
-{ echo "$as_me:$LINENO: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6; }
-if test "$ac_foo" = yes; then
-  ac_tr_hdr=HAVE_`echo uintptr_t | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
-if false; then
-	{ echo "$as_me:$LINENO: checking for uintptr_t" >&5
-echo $ECHO_N "checking for uintptr_t... $ECHO_C" >&6; }
-if test "${ac_cv_type_uintptr_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-typedef uintptr_t ac__type_new_;
-int
-main ()
-{
-if ((ac__type_new_ *) 0)
-  return 0;
-if (sizeof (ac__type_new_))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_type_uintptr_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_type_uintptr_t=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_uintptr_t" >&5
-echo "${ECHO_T}$ac_cv_type_uintptr_t" >&6; }
-if test $ac_cv_type_uintptr_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_UINTPTR_T 1
-_ACEOF
-
-
-fi
-
-fi
-
-cat >>confdefs.h <<_ACEOF
-#define $ac_tr_hdr 1
-_ACEOF
-
-fi
-
-
-
-for ac_header in vis.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#include <vis.h>
-#ifndef VIS_SP
-#error invis
-#endif
-
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "$as_ac_Header=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_Header=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-
-for ac_header in netdb.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-
-
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "$as_ac_Header=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_Header=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-
-for ac_header in sys/socket.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-
-
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "$as_ac_Header=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_Header=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-
-for ac_header in net/if.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#if HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "$as_ac_Header=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_Header=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-
-for ac_header in netinet6/in6_var.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#if HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET6_IN6_H
-#include <netinet6/in6.h>
-#endif
-
-
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "$as_ac_Header=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_Header=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-
-for ac_header in sys/sysctl.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-
-
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "$as_ac_Header=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_Header=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-
-for ac_header in sys/proc.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-
-
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "$as_ac_Header=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_Header=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-
-
- if test "$ac_cv_header_err_h" = yes; then
-  have_err_h_TRUE=
-  have_err_h_FALSE='#'
-else
-  have_err_h_TRUE='#'
-  have_err_h_FALSE=
-fi
-
- if test "$ac_cv_header_ifaddrs_h" = yes; then
-  have_ifaddrs_h_TRUE=
-  have_ifaddrs_h_FALSE='#'
-else
-  have_ifaddrs_h_TRUE='#'
-  have_ifaddrs_h_FALSE=
-fi
-
- if test "$ac_cv_header_vis_h" = yes; then
-  have_vis_h_TRUE=
-  have_vis_h_FALSE='#'
-else
-  have_vis_h_TRUE='#'
-  have_vis_h_FALSE=
-fi
-
-
-
-
-
-
-
-{ echo "$as_me:$LINENO: checking for socket" >&5
-echo $ECHO_N "checking for socket... $ECHO_C" >&6; }
-if test "${ac_cv_funclib_socket+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_socket\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" socket; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-int
-main ()
-{
-socket()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_socket=$ac_lib; else ac_cv_funclib_socket=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_socket=\${ac_cv_funclib_socket-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_socket"
-
-if false; then
-
-for ac_func in socket
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# socket
-eval "ac_tr_func=HAVE_`echo socket | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_socket=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_socket=yes"
-	eval "LIB_socket="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-	;;
-	no)
-	eval "ac_cv_func_socket=no"
-	eval "LIB_socket="
-	{ echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-	;;
-	*)
-	eval "ac_cv_func_socket=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6; }
-	;;
-esac
-
-
-if test -n "$LIB_socket"; then
-	LIBS="$LIB_socket $LIBS"
-fi
-
-
-
-
-
-{ echo "$as_me:$LINENO: checking for gethostbyname" >&5
-echo $ECHO_N "checking for gethostbyname... $ECHO_C" >&6; }
-if test "${ac_cv_funclib_gethostbyname+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_gethostbyname\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" nsl; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-int
-main ()
-{
-gethostbyname()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_gethostbyname=$ac_lib; else ac_cv_funclib_gethostbyname=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_gethostbyname=\${ac_cv_funclib_gethostbyname-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_gethostbyname"
-
-if false; then
-
-for ac_func in gethostbyname
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# gethostbyname
-eval "ac_tr_func=HAVE_`echo gethostbyname | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_gethostbyname=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_gethostbyname=yes"
-	eval "LIB_gethostbyname="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-	;;
-	no)
-	eval "ac_cv_func_gethostbyname=no"
-	eval "LIB_gethostbyname="
-	{ echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-	;;
-	*)
-	eval "ac_cv_func_gethostbyname=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6; }
-	;;
-esac
-
-
-if test -n "$LIB_gethostbyname"; then
-	LIBS="$LIB_gethostbyname $LIBS"
-fi
-
-
-
-
-
-{ echo "$as_me:$LINENO: checking for syslog" >&5
-echo $ECHO_N "checking for syslog... $ECHO_C" >&6; }
-if test "${ac_cv_funclib_syslog+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_syslog\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" syslog; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-int
-main ()
-{
-syslog()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_syslog=$ac_lib; else ac_cv_funclib_syslog=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_syslog=\${ac_cv_funclib_syslog-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_syslog"
-
-if false; then
-
-for ac_func in syslog
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# syslog
-eval "ac_tr_func=HAVE_`echo syslog | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_syslog=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_syslog=yes"
-	eval "LIB_syslog="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-	;;
-	no)
-	eval "ac_cv_func_syslog=no"
-	eval "LIB_syslog="
-	{ echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-	;;
-	*)
-	eval "ac_cv_func_syslog=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6; }
-	;;
-esac
-
-
-if test -n "$LIB_syslog"; then
-	LIBS="$LIB_syslog $LIBS"
-fi
-
-
-
-
-# Check whether --with-ipv6 was given.
-if test "${with_ipv6+set}" = set; then
-  withval=$with_ipv6;
-if test "$withval" = "no"; then
-	ac_cv_lib_ipv6=no
-fi
-fi
-
-save_CFLAGS="${CFLAGS}"
-{ echo "$as_me:$LINENO: checking for IPv6 stack type" >&5
-echo $ECHO_N "checking for IPv6 stack type... $ECHO_C" >&6; }
-if test "${v6type+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  v6type=unknown
-v6lib=none
-
-for i in v6d toshiba kame inria zeta linux; do
-	case $i in
-	v6d)
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#include </usr/local/v6/include/sys/types.h>
-#ifdef __V6D__
-yes
-#endif
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP "yes" >/dev/null 2>&1; then
-  v6type=$i; v6lib=v6;
-			v6libdir=/usr/local/v6/lib;
-			CFLAGS="-I/usr/local/v6/include $CFLAGS"
-fi
-rm -f conftest*
-
-		;;
-	toshiba)
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#include <sys/param.h>
-#ifdef _TOSHIBA_INET6
-yes
-#endif
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP "yes" >/dev/null 2>&1; then
-  v6type=$i; v6lib=inet6;
-			v6libdir=/usr/local/v6/lib;
-			CFLAGS="-DINET6 $CFLAGS"
-fi
-rm -f conftest*
-
-		;;
-	kame)
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#include <netinet/in.h>
-#ifdef __KAME__
-yes
-#endif
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP "yes" >/dev/null 2>&1; then
-  v6type=$i; v6lib=inet6;
-			v6libdir=/usr/local/v6/lib;
-			CFLAGS="-DINET6 $CFLAGS"
-fi
-rm -f conftest*
-
-		;;
-	inria)
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#include <netinet/in.h>
-#ifdef IPV6_INRIA_VERSION
-yes
-#endif
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP "yes" >/dev/null 2>&1; then
-  v6type=$i; CFLAGS="-DINET6 $CFLAGS"
-fi
-rm -f conftest*
-
-		;;
-	zeta)
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#include <sys/param.h>
-#ifdef _ZETA_MINAMI_INET6
-yes
-#endif
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP "yes" >/dev/null 2>&1; then
-  v6type=$i; v6lib=inet6;
-			v6libdir=/usr/local/v6/lib;
-			CFLAGS="-DINET6 $CFLAGS"
-fi
-rm -f conftest*
-
-		;;
-	linux)
-		if test -d /usr/inet6; then
-			v6type=$i
-			v6lib=inet6
-			v6libdir=/usr/inet6
-			CFLAGS="-DINET6 $CFLAGS"
-		fi
-		;;
-	esac
-	if test "$v6type" != "unknown"; then
-		break
-	fi
-done
-
-if test "$v6lib" != "none"; then
-	for dir in $v6libdir /usr/local/v6/lib /usr/local/lib; do
-		if test -d $dir -a -f $dir/lib$v6lib.a; then
-			LIBS="-L$dir -l$v6lib $LIBS"
-			break
-		fi
-	done
-fi
-
-fi
-{ echo "$as_me:$LINENO: result: $v6type" >&5
-echo "${ECHO_T}$v6type" >&6; }
-
-{ echo "$as_me:$LINENO: checking for IPv6" >&5
-echo $ECHO_N "checking for IPv6... $ECHO_C" >&6; }
-if test "${ac_cv_lib_ipv6+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-
-int
-main ()
-{
-
- struct sockaddr_in6 sin6;
- int s;
-
- s = socket(AF_INET6, SOCK_DGRAM, 0);
-
- sin6.sin6_family = AF_INET6;
- sin6.sin6_port = htons(17);
- sin6.sin6_addr = in6addr_any;
- bind(s, (struct sockaddr *)&sin6, sizeof(sin6));
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_lib_ipv6=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_lib_ipv6=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_lib_ipv6" >&5
-echo "${ECHO_T}$ac_cv_lib_ipv6" >&6; }
-if test "$ac_cv_lib_ipv6" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_IPV6 1
-_ACEOF
-
-else
-  CFLAGS="${save_CFLAGS}"
-fi
-
-## test for AIX missing in6addr_loopback
-if test "$ac_cv_lib_ipv6" = yes; then
-	{ echo "$as_me:$LINENO: checking for in6addr_loopback" >&5
-echo $ECHO_N "checking for in6addr_loopback... $ECHO_C" >&6; }
-if test "${ac_cv_var_in6addr_loopback+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-	cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-int
-main ()
-{
-
-struct sockaddr_in6 sin6;
-sin6.sin6_addr = in6addr_loopback;
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_var_in6addr_loopback=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_var_in6addr_loopback=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_var_in6addr_loopback" >&5
-echo "${ECHO_T}$ac_cv_var_in6addr_loopback" >&6; }
-	if test "$ac_cv_var_in6addr_loopback" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_IN6ADDR_LOOPBACK 1
-_ACEOF
-
-	fi
-fi
-
-
-
-
-
-
-{ echo "$as_me:$LINENO: checking for gethostbyname2" >&5
-echo $ECHO_N "checking for gethostbyname2... $ECHO_C" >&6; }
-if test "${ac_cv_funclib_gethostbyname2+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_gethostbyname2\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" inet6 ip6; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-int
-main ()
-{
-gethostbyname2()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_gethostbyname2=$ac_lib; else ac_cv_funclib_gethostbyname2=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_gethostbyname2=\${ac_cv_funclib_gethostbyname2-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_gethostbyname2"
-
-if false; then
-
-for ac_func in gethostbyname2
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# gethostbyname2
-eval "ac_tr_func=HAVE_`echo gethostbyname2 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_gethostbyname2=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_gethostbyname2=yes"
-	eval "LIB_gethostbyname2="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-	;;
-	no)
-	eval "ac_cv_func_gethostbyname2=no"
-	eval "LIB_gethostbyname2="
-	{ echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-	;;
-	*)
-	eval "ac_cv_func_gethostbyname2=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6; }
-	;;
-esac
-
-
-if test -n "$LIB_gethostbyname2"; then
-	LIBS="$LIB_gethostbyname2 $LIBS"
-fi
-
-
-
-
-
-for ac_header in arpa/nameser.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  { echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-else
-  # Is the header compilable?
-{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_header_compiler=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_header_compiler=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6; }
-
-# Is the header present?
-{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <$ac_header>
-_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null && {
-	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       }; then
-  ac_header_preproc=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-  ac_header_preproc=no
-fi
-
-rm -f conftest.err conftest.$ac_ext
-{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6; }
-
-# So?  What about this header?
-case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
-  yes:no: )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
-    ac_header_preproc=yes
-    ;;
-  no:yes:* )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header:     check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header:     check for missing prerequisite headers?" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
-echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&5
-echo "$as_me: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
-echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    ( cat <<\_ASBOX
-## ----------------------------------- ##
-## Report this to heimdal-bugs@h5l.org ##
-## ----------------------------------- ##
-_ASBOX
-     ) | sed "s/^/$as_me: WARNING:     /" >&2
-    ;;
-esac
-{ echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  eval "$as_ac_Header=\$ac_header_preproc"
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-
-for ac_header in resolv.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-
-
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "$as_ac_Header=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_Header=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-
-
-
-
-{ echo "$as_me:$LINENO: checking for res_search" >&5
-echo $ECHO_N "checking for res_search... $ECHO_C" >&6; }
-if test "${ac_cv_funclib_res_search+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_res_search\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" resolv; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#include <stdio.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#ifdef HAVE_RESOLV_H
-#include <resolv.h>
-#endif
-
-int
-main ()
-{
-res_search(0,0,0,0,0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_res_search=$ac_lib; else ac_cv_funclib_res_search=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_res_search=\${ac_cv_funclib_res_search-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_res_search"
-
-if false; then
-
-for ac_func in res_search
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# res_search
-eval "ac_tr_func=HAVE_`echo res_search | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_res_search=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_res_search=yes"
-	eval "LIB_res_search="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-	;;
-	no)
-	eval "ac_cv_func_res_search=no"
-	eval "LIB_res_search="
-	{ echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-	;;
-	*)
-	eval "ac_cv_func_res_search=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6; }
-	;;
-esac
-
-
-if test -n "$LIB_res_search"; then
-	LIBS="$LIB_res_search $LIBS"
-fi
-
-
-
-
-
-
-{ echo "$as_me:$LINENO: checking for res_nsearch" >&5
-echo $ECHO_N "checking for res_nsearch... $ECHO_C" >&6; }
-if test "${ac_cv_funclib_res_nsearch+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_res_nsearch\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" resolv; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#include <stdio.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#ifdef HAVE_RESOLV_H
-#include <resolv.h>
-#endif
-
-int
-main ()
-{
-res_nsearch(0,0,0,0,0,0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_res_nsearch=$ac_lib; else ac_cv_funclib_res_nsearch=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_res_nsearch=\${ac_cv_funclib_res_nsearch-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_res_nsearch"
-
-if false; then
-
-for ac_func in res_nsearch
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# res_nsearch
-eval "ac_tr_func=HAVE_`echo res_nsearch | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_res_nsearch=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_res_nsearch=yes"
-	eval "LIB_res_nsearch="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-	;;
-	no)
-	eval "ac_cv_func_res_nsearch=no"
-	eval "LIB_res_nsearch="
-	{ echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-	;;
-	*)
-	eval "ac_cv_func_res_nsearch=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6; }
-	;;
-esac
-
-
-if test -n "$LIB_res_nsearch"; then
-	LIBS="$LIB_res_nsearch $LIBS"
-fi
-
-
-
-
-
-
-{ echo "$as_me:$LINENO: checking for res_ndestroy" >&5
-echo $ECHO_N "checking for res_ndestroy... $ECHO_C" >&6; }
-if test "${ac_cv_funclib_res_ndestroy+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_res_ndestroy\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" resolv; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#include <stdio.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#ifdef HAVE_RESOLV_H
-#include <resolv.h>
-#endif
-
-int
-main ()
-{
-res_ndestroy(0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_res_ndestroy=$ac_lib; else ac_cv_funclib_res_ndestroy=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_res_ndestroy=\${ac_cv_funclib_res_ndestroy-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_res_ndestroy"
-
-if false; then
-
-for ac_func in res_ndestroy
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# res_ndestroy
-eval "ac_tr_func=HAVE_`echo res_ndestroy | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_res_ndestroy=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_res_ndestroy=yes"
-	eval "LIB_res_ndestroy="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-	;;
-	no)
-	eval "ac_cv_func_res_ndestroy=no"
-	eval "LIB_res_ndestroy="
-	{ echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-	;;
-	*)
-	eval "ac_cv_func_res_ndestroy=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6; }
-	;;
-esac
-
-
-if test -n "$LIB_res_ndestroy"; then
-	LIBS="$LIB_res_ndestroy $LIBS"
-fi
-
-
-
-
-
-
-{ echo "$as_me:$LINENO: checking for dn_expand" >&5
-echo $ECHO_N "checking for dn_expand... $ECHO_C" >&6; }
-if test "${ac_cv_funclib_dn_expand+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_dn_expand\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" resolv; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#include <stdio.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#ifdef HAVE_RESOLV_H
-#include <resolv.h>
-#endif
-
-int
-main ()
-{
-dn_expand(0,0,0,0,0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_dn_expand=$ac_lib; else ac_cv_funclib_dn_expand=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_dn_expand=\${ac_cv_funclib_dn_expand-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_dn_expand"
-
-if false; then
-
-for ac_func in dn_expand
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# dn_expand
-eval "ac_tr_func=HAVE_`echo dn_expand | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_dn_expand=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_dn_expand=yes"
-	eval "LIB_dn_expand="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-	;;
-	no)
-	eval "ac_cv_func_dn_expand=no"
-	eval "LIB_dn_expand="
-	{ echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-	;;
-	*)
-	eval "ac_cv_func_dn_expand=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6; }
-	;;
-esac
-
-
-if test -n "$LIB_dn_expand"; then
-	LIBS="$LIB_dn_expand $LIBS"
-fi
-
-
-
-{ echo "$as_me:$LINENO: checking for _res" >&5
-echo $ECHO_N "checking for _res... $ECHO_C" >&6; }
-if test "${ac_cv_var__res+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-
-	cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <stdio.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#ifdef HAVE_RESOLV_H
-#include <resolv.h>
-#endif
-	void * foo(void) { return &_res; }
-int
-main ()
-{
-foo()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_var__res=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_var__res=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-if test "$ac_cv_var__res" != yes ; then
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-extern int _res;
-int foo(void) { return _res; }
-int
-main ()
-{
-foo()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_var__res=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_var__res=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-
-fi
-
-ac_foo=`eval echo \\$ac_cv_var__res`
-{ echo "$as_me:$LINENO: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6; }
-if test "$ac_foo" = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE__RES 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: checking whether _res is declared" >&5
-echo $ECHO_N "checking whether _res is declared... $ECHO_C" >&6; }
-if test "${ac_cv_have_decl__res+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <stdio.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#ifdef HAVE_RESOLV_H
-#include <resolv.h>
-#endif
-
-int
-main ()
-{
-#ifndef _res
-  (void) _res;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_have_decl__res=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_have_decl__res=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_have_decl__res" >&5
-echo "${ECHO_T}$ac_cv_have_decl__res" >&6; }
-if test $ac_cv_have_decl__res = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_DECL__RES 1
-_ACEOF
-
-
-else
-  cat >>confdefs.h <<_ACEOF
-#define HAVE_DECL__RES 0
-_ACEOF
-
-
-fi
-
-
-fi
-
-
-
-
-
-{ echo "$as_me:$LINENO: checking for working snprintf" >&5
-echo $ECHO_N "checking for working snprintf... $ECHO_C" >&6; }
-if test "${ac_cv_func_snprintf_working+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_cv_func_snprintf_working=yes
-if test "$cross_compiling" = yes; then
-  :
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#include <stdio.h>
-#include <string.h>
-int main(int argc, char **argv)
-{
-	char foo[3];
-	snprintf(foo, 2, "12");
-	return strcmp(foo, "1") || snprintf(NULL, 0, "%d", 12) != 2;
-}
-_ACEOF
-rm -f conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_try") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  :
-else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-( exit $ac_status )
-ac_cv_func_snprintf_working=no
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-
-
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_snprintf_working" >&5
-echo "${ECHO_T}$ac_cv_func_snprintf_working" >&6; }
-
-if test "$ac_cv_func_snprintf_working" = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_SNPRINTF 1
-_ACEOF
-
-fi
-if test "$ac_cv_func_snprintf_working" = yes; then
-
-if test "$ac_cv_func_snprintf+set" != set -o "$ac_cv_func_snprintf" = yes; then
-{ echo "$as_me:$LINENO: checking if snprintf needs a prototype" >&5
-echo $ECHO_N "checking if snprintf needs a prototype... $ECHO_C" >&6; }
-if test "${ac_cv_func_snprintf_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <stdio.h>
-struct foo { int foo; } xx;
-extern int snprintf (struct foo*);
-int
-main ()
-{
-snprintf(&xx)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_func_snprintf_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_func_snprintf_noproto=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_snprintf_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_snprintf_noproto" >&6; }
-if test "$ac_cv_func_snprintf_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_SNPRINTF_PROTO 1
-_ACEOF
-
-fi
-fi
-
-fi
-
-
-{ echo "$as_me:$LINENO: checking for working vsnprintf" >&5
-echo $ECHO_N "checking for working vsnprintf... $ECHO_C" >&6; }
-if test "${ac_cv_func_vsnprintf_working+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_cv_func_vsnprintf_working=yes
-if test "$cross_compiling" = yes; then
-  :
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdarg.h>
-
-int foo(int num, ...)
-{
-	char bar[3];
-	va_list arg;
-	va_start(arg, num);
-	vsnprintf(bar, 2, "%s", arg);
-	va_end(arg);
-	return strcmp(bar, "1");
-}
-
-int bar(int num, int len, ...)
-{
-	int r;
-	va_list arg;
-	va_start(arg, len);
-	r = vsnprintf(NULL, 0, "%s", arg);
-	va_end(arg);
-	return r != len;
-}
-
-int main(int argc, char **argv)
-{
-	return foo(0, "12") || bar(0, 2, "12");
-}
-_ACEOF
-rm -f conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_try") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  :
-else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-( exit $ac_status )
-ac_cv_func_vsnprintf_working=no
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-
-
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_vsnprintf_working" >&5
-echo "${ECHO_T}$ac_cv_func_vsnprintf_working" >&6; }
-
-if test "$ac_cv_func_vsnprintf_working" = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_VSNPRINTF 1
-_ACEOF
-
-fi
-if test "$ac_cv_func_vsnprintf_working" = yes; then
-
-if test "$ac_cv_func_vsnprintf+set" != set -o "$ac_cv_func_vsnprintf" = yes; then
-{ echo "$as_me:$LINENO: checking if vsnprintf needs a prototype" >&5
-echo $ECHO_N "checking if vsnprintf needs a prototype... $ECHO_C" >&6; }
-if test "${ac_cv_func_vsnprintf_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <stdio.h>
-struct foo { int foo; } xx;
-extern int vsnprintf (struct foo*);
-int
-main ()
-{
-vsnprintf(&xx)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_func_vsnprintf_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_func_vsnprintf_noproto=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_vsnprintf_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_vsnprintf_noproto" >&6; }
-if test "$ac_cv_func_vsnprintf_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_VSNPRINTF_PROTO 1
-_ACEOF
-
-fi
-fi
-
-fi
-
-
-
-{ echo "$as_me:$LINENO: checking for working glob" >&5
-echo $ECHO_N "checking for working glob... $ECHO_C" >&6; }
-if test "${ac_cv_func_glob_working+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_cv_func_glob_working=yes
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#include <stdio.h>
-#include <glob.h>
-int
-main ()
-{
-
-glob(NULL, GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE|
-#ifdef GLOB_MAXPATH
-GLOB_MAXPATH
-#else
-GLOB_LIMIT
-#endif
-,
-NULL, NULL);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  :
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_glob_working=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_glob_working" >&5
-echo "${ECHO_T}$ac_cv_func_glob_working" >&6; }
-
-if test "$ac_cv_func_glob_working" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_GLOB 1
-_ACEOF
-
-fi
-if test "$ac_cv_func_glob_working" = yes; then
-
-if test "$ac_cv_func_glob+set" != set -o "$ac_cv_func_glob" = yes; then
-{ echo "$as_me:$LINENO: checking if glob needs a prototype" >&5
-echo $ECHO_N "checking if glob needs a prototype... $ECHO_C" >&6; }
-if test "${ac_cv_func_glob_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <stdio.h>
-#include <glob.h>
-struct foo { int foo; } xx;
-extern int glob (struct foo*);
-int
-main ()
-{
-glob(&xx)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_func_glob_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_func_glob_noproto=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_glob_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_glob_noproto" >&6; }
-if test "$ac_cv_func_glob_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_GLOB_PROTO 1
-_ACEOF
-
-fi
-fi
-
-fi
-
-if test "$ac_cv_func_glob_working" != yes; then
-	case " $LIBOBJS " in
-  *" glob.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS glob.$ac_objext"
- ;;
-esac
-
-fi
- if test "$ac_cv_func_glob_working" = yes; then
-  have_glob_h_TRUE=
-  have_glob_h_FALSE='#'
-else
-  have_glob_h_TRUE='#'
-  have_glob_h_FALSE=
-fi
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-for ac_func in 				\
-	asnprintf				\
-	asprintf				\
-	atexit					\
-	cgetent					\
-	getconfattr				\
-	getprogname				\
-	getrlimit				\
-	getspnam				\
-	initstate				\
-	issetugid				\
-	on_exit					\
-	poll					\
-	random					\
-	setprogname				\
-	setstate				\
-	strsvis					\
-	strunvis				\
-	strvis					\
-	strvisx					\
-	svis					\
-	sysconf					\
-	sysctl					\
-	uname					\
-	unvis					\
-	vasnprintf				\
-	vasprintf				\
-	vis					\
-
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-
-if test "$ac_cv_func_cgetent" = no; then
-	case " $LIBOBJS " in
-  *" getcap.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS getcap.$ac_objext"
- ;;
-esac
-
-fi
- if test "$ac_cv_func_cgetent" = yes; then
-  have_cgetent_TRUE=
-  have_cgetent_FALSE='#'
-else
-  have_cgetent_TRUE='#'
-  have_cgetent_FALSE=
-fi
-
-
-
-
-
-
-
-
-
-{ echo "$as_me:$LINENO: checking for getsockopt" >&5
-echo $ECHO_N "checking for getsockopt... $ECHO_C" >&6; }
-if test "${ac_cv_funclib_getsockopt+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_getsockopt\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" ; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-int
-main ()
-{
-getsockopt(0,0,0,0,0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_getsockopt=$ac_lib; else ac_cv_funclib_getsockopt=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_getsockopt=\${ac_cv_funclib_getsockopt-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_getsockopt"
-
-if false; then
-
-for ac_func in getsockopt
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# getsockopt
-eval "ac_tr_func=HAVE_`echo getsockopt | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_getsockopt=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_getsockopt=yes"
-	eval "LIB_getsockopt="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-	;;
-	no)
-	eval "ac_cv_func_getsockopt=no"
-	eval "LIB_getsockopt="
-	{ echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-	;;
-	*)
-	eval "ac_cv_func_getsockopt=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6; }
-	;;
-esac
-
-
-
-
-
-{ echo "$as_me:$LINENO: checking for setsockopt" >&5
-echo $ECHO_N "checking for setsockopt... $ECHO_C" >&6; }
-if test "${ac_cv_funclib_setsockopt+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_setsockopt\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" ; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-int
-main ()
-{
-setsockopt(0,0,0,0,0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_setsockopt=$ac_lib; else ac_cv_funclib_setsockopt=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_setsockopt=\${ac_cv_funclib_setsockopt-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_setsockopt"
-
-if false; then
-
-for ac_func in setsockopt
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# setsockopt
-eval "ac_tr_func=HAVE_`echo setsockopt | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_setsockopt=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_setsockopt=yes"
-	eval "LIB_setsockopt="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-	;;
-	no)
-	eval "ac_cv_func_setsockopt=no"
-	eval "LIB_setsockopt="
-	{ echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-	;;
-	*)
-	eval "ac_cv_func_setsockopt=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6; }
-	;;
-esac
-
-
-
-
-
-
-
-{ echo "$as_me:$LINENO: checking for hstrerror" >&5
-echo $ECHO_N "checking for hstrerror... $ECHO_C" >&6; }
-if test "${ac_cv_funclib_hstrerror+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_hstrerror\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" resolv; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-int
-main ()
-{
-hstrerror(17)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_hstrerror=$ac_lib; else ac_cv_funclib_hstrerror=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_hstrerror=\${ac_cv_funclib_hstrerror-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_hstrerror"
-
-if false; then
-
-for ac_func in hstrerror
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# hstrerror
-eval "ac_tr_func=HAVE_`echo hstrerror | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_hstrerror=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_hstrerror=yes"
-	eval "LIB_hstrerror="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-	;;
-	no)
-	eval "ac_cv_func_hstrerror=no"
-	eval "LIB_hstrerror="
-	{ echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-	;;
-	*)
-	eval "ac_cv_func_hstrerror=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6; }
-	;;
-esac
-
-
-if test -n "$LIB_hstrerror"; then
-	LIBS="$LIB_hstrerror $LIBS"
-fi
-
-if eval "test \"$ac_cv_func_hstrerror\" != yes"; then
-	case " $LIBOBJS " in
-  *" hstrerror.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS hstrerror.$ac_objext"
- ;;
-esac
-
-fi
-
-
-if test "$ac_cv_func_hstrerror+set" != set -o "$ac_cv_func_hstrerror" = yes; then
-{ echo "$as_me:$LINENO: checking if hstrerror needs a prototype" >&5
-echo $ECHO_N "checking if hstrerror needs a prototype... $ECHO_C" >&6; }
-if test "${ac_cv_func_hstrerror_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-struct foo { int foo; } xx;
-extern int hstrerror (struct foo*);
-int
-main ()
-{
-hstrerror(&xx)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_func_hstrerror_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_func_hstrerror_noproto=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_hstrerror_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_hstrerror_noproto" >&6; }
-if test "$ac_cv_func_hstrerror_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_HSTRERROR_PROTO 1
-_ACEOF
-
-fi
-fi
-
-
-
-if test "$ac_cv_func_asprintf+set" != set -o "$ac_cv_func_asprintf" = yes; then
-{ echo "$as_me:$LINENO: checking if asprintf needs a prototype" >&5
-echo $ECHO_N "checking if asprintf needs a prototype... $ECHO_C" >&6; }
-if test "${ac_cv_func_asprintf_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-	#include <stdio.h>
-	#include <string.h>
-struct foo { int foo; } xx;
-extern int asprintf (struct foo*);
-int
-main ()
-{
-asprintf(&xx)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_func_asprintf_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_func_asprintf_noproto=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_asprintf_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_asprintf_noproto" >&6; }
-if test "$ac_cv_func_asprintf_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_ASPRINTF_PROTO 1
-_ACEOF
-
-fi
-fi
-
-if test "$ac_cv_func_vasprintf+set" != set -o "$ac_cv_func_vasprintf" = yes; then
-{ echo "$as_me:$LINENO: checking if vasprintf needs a prototype" >&5
-echo $ECHO_N "checking if vasprintf needs a prototype... $ECHO_C" >&6; }
-if test "${ac_cv_func_vasprintf_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-	#include <stdio.h>
-	#include <string.h>
-struct foo { int foo; } xx;
-extern int vasprintf (struct foo*);
-int
-main ()
-{
-vasprintf(&xx)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_func_vasprintf_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_func_vasprintf_noproto=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_vasprintf_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_vasprintf_noproto" >&6; }
-if test "$ac_cv_func_vasprintf_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_VASPRINTF_PROTO 1
-_ACEOF
-
-fi
-fi
-
-if test "$ac_cv_func_asnprintf+set" != set -o "$ac_cv_func_asnprintf" = yes; then
-{ echo "$as_me:$LINENO: checking if asnprintf needs a prototype" >&5
-echo $ECHO_N "checking if asnprintf needs a prototype... $ECHO_C" >&6; }
-if test "${ac_cv_func_asnprintf_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-	#include <stdio.h>
-	#include <string.h>
-struct foo { int foo; } xx;
-extern int asnprintf (struct foo*);
-int
-main ()
-{
-asnprintf(&xx)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_func_asnprintf_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_func_asnprintf_noproto=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_asnprintf_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_asnprintf_noproto" >&6; }
-if test "$ac_cv_func_asnprintf_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_ASNPRINTF_PROTO 1
-_ACEOF
-
-fi
-fi
-
-if test "$ac_cv_func_vasnprintf+set" != set -o "$ac_cv_func_vasnprintf" = yes; then
-{ echo "$as_me:$LINENO: checking if vasnprintf needs a prototype" >&5
-echo $ECHO_N "checking if vasnprintf needs a prototype... $ECHO_C" >&6; }
-if test "${ac_cv_func_vasnprintf_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-	#include <stdio.h>
-	#include <string.h>
-struct foo { int foo; } xx;
-extern int vasnprintf (struct foo*);
-int
-main ()
-{
-vasnprintf(&xx)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_func_vasnprintf_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_func_vasnprintf_noproto=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_vasnprintf_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_vasnprintf_noproto" >&6; }
-if test "$ac_cv_func_vasnprintf_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_VASNPRINTF_PROTO 1
-_ACEOF
-
-fi
-fi
-
-
-
-
-
-{ echo "$as_me:$LINENO: checking for bswap16" >&5
-echo $ECHO_N "checking for bswap16... $ECHO_C" >&6; }
-if test "${ac_cv_funclib_bswap16+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_bswap16\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" ; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#ifdef HAVE_SYS_BSWAP_H
-#include <sys/bswap.h>
-#endif
-int
-main ()
-{
-bswap16(0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_bswap16=$ac_lib; else ac_cv_funclib_bswap16=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_bswap16=\${ac_cv_funclib_bswap16-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_bswap16"
-
-if false; then
-
-for ac_func in bswap16
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# bswap16
-eval "ac_tr_func=HAVE_`echo bswap16 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_bswap16=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_bswap16=yes"
-	eval "LIB_bswap16="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-	;;
-	no)
-	eval "ac_cv_func_bswap16=no"
-	eval "LIB_bswap16="
-	{ echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-	;;
-	*)
-	eval "ac_cv_func_bswap16=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6; }
-	;;
-esac
-
-
-
-
-
-
-{ echo "$as_me:$LINENO: checking for bswap32" >&5
-echo $ECHO_N "checking for bswap32... $ECHO_C" >&6; }
-if test "${ac_cv_funclib_bswap32+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_bswap32\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" ; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#ifdef HAVE_SYS_BSWAP_H
-#include <sys/bswap.h>
-#endif
-int
-main ()
-{
-bswap32(0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_bswap32=$ac_lib; else ac_cv_funclib_bswap32=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_bswap32=\${ac_cv_funclib_bswap32-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_bswap32"
-
-if false; then
-
-for ac_func in bswap32
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# bswap32
-eval "ac_tr_func=HAVE_`echo bswap32 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_bswap32=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_bswap32=yes"
-	eval "LIB_bswap32="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-	;;
-	no)
-	eval "ac_cv_func_bswap32=no"
-	eval "LIB_bswap32="
-	{ echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-	;;
-	*)
-	eval "ac_cv_func_bswap32=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6; }
-	;;
-esac
-
-
-
-
-
-
-{ echo "$as_me:$LINENO: checking for pidfile" >&5
-echo $ECHO_N "checking for pidfile... $ECHO_C" >&6; }
-if test "${ac_cv_funclib_pidfile+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_pidfile\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" util; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#ifdef HAVE_UTIL_H
-#include <util.h>
-#endif
-int
-main ()
-{
-pidfile(0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_pidfile=$ac_lib; else ac_cv_funclib_pidfile=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_pidfile=\${ac_cv_funclib_pidfile-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_pidfile"
-
-if false; then
-
-for ac_func in pidfile
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# pidfile
-eval "ac_tr_func=HAVE_`echo pidfile | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_pidfile=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_pidfile=yes"
-	eval "LIB_pidfile="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-	;;
-	no)
-	eval "ac_cv_func_pidfile=no"
-	eval "LIB_pidfile="
-	{ echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-	;;
-	*)
-	eval "ac_cv_func_pidfile=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6; }
-	;;
-esac
-
-
-
-
-
-
-
-{ echo "$as_me:$LINENO: checking for getaddrinfo" >&5
-echo $ECHO_N "checking for getaddrinfo... $ECHO_C" >&6; }
-if test "${ac_cv_funclib_getaddrinfo+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_getaddrinfo\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" ; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-int
-main ()
-{
-getaddrinfo(0,0,0,0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_getaddrinfo=$ac_lib; else ac_cv_funclib_getaddrinfo=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_getaddrinfo=\${ac_cv_funclib_getaddrinfo-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_getaddrinfo"
-
-if false; then
-
-for ac_func in getaddrinfo
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# getaddrinfo
-eval "ac_tr_func=HAVE_`echo getaddrinfo | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_getaddrinfo=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_getaddrinfo=yes"
-	eval "LIB_getaddrinfo="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-	;;
-	no)
-	eval "ac_cv_func_getaddrinfo=no"
-	eval "LIB_getaddrinfo="
-	{ echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-	;;
-	*)
-	eval "ac_cv_func_getaddrinfo=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6; }
-	;;
-esac
-
-
-if test -n "$LIB_getaddrinfo"; then
-	LIBS="$LIB_getaddrinfo $LIBS"
-fi
-
-if eval "test \"$ac_cv_func_getaddrinfo\" != yes"; then
-	case " $LIBOBJS " in
-  *" getaddrinfo.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS getaddrinfo.$ac_objext"
- ;;
-esac
-
-fi
-
-
-
-
-
-
-{ echo "$as_me:$LINENO: checking for getnameinfo" >&5
-echo $ECHO_N "checking for getnameinfo... $ECHO_C" >&6; }
-if test "${ac_cv_funclib_getnameinfo+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_getnameinfo\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" ; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-int
-main ()
-{
-getnameinfo(0,0,0,0,0,0,0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_getnameinfo=$ac_lib; else ac_cv_funclib_getnameinfo=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_getnameinfo=\${ac_cv_funclib_getnameinfo-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_getnameinfo"
-
-if false; then
-
-for ac_func in getnameinfo
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# getnameinfo
-eval "ac_tr_func=HAVE_`echo getnameinfo | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_getnameinfo=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_getnameinfo=yes"
-	eval "LIB_getnameinfo="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-	;;
-	no)
-	eval "ac_cv_func_getnameinfo=no"
-	eval "LIB_getnameinfo="
-	{ echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-	;;
-	*)
-	eval "ac_cv_func_getnameinfo=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6; }
-	;;
-esac
-
-
-if test -n "$LIB_getnameinfo"; then
-	LIBS="$LIB_getnameinfo $LIBS"
-fi
-
-if eval "test \"$ac_cv_func_getnameinfo\" != yes"; then
-	case " $LIBOBJS " in
-  *" getnameinfo.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS getnameinfo.$ac_objext"
- ;;
-esac
-
-fi
-
-
-
-
-
-
-{ echo "$as_me:$LINENO: checking for freeaddrinfo" >&5
-echo $ECHO_N "checking for freeaddrinfo... $ECHO_C" >&6; }
-if test "${ac_cv_funclib_freeaddrinfo+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_freeaddrinfo\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" ; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-int
-main ()
-{
-freeaddrinfo(0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_freeaddrinfo=$ac_lib; else ac_cv_funclib_freeaddrinfo=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_freeaddrinfo=\${ac_cv_funclib_freeaddrinfo-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_freeaddrinfo"
-
-if false; then
-
-for ac_func in freeaddrinfo
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# freeaddrinfo
-eval "ac_tr_func=HAVE_`echo freeaddrinfo | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_freeaddrinfo=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_freeaddrinfo=yes"
-	eval "LIB_freeaddrinfo="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-	;;
-	no)
-	eval "ac_cv_func_freeaddrinfo=no"
-	eval "LIB_freeaddrinfo="
-	{ echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-	;;
-	*)
-	eval "ac_cv_func_freeaddrinfo=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6; }
-	;;
-esac
-
-
-if test -n "$LIB_freeaddrinfo"; then
-	LIBS="$LIB_freeaddrinfo $LIBS"
-fi
-
-if eval "test \"$ac_cv_func_freeaddrinfo\" != yes"; then
-	case " $LIBOBJS " in
-  *" freeaddrinfo.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS freeaddrinfo.$ac_objext"
- ;;
-esac
-
-fi
-
-
-
-
-
-
-{ echo "$as_me:$LINENO: checking for gai_strerror" >&5
-echo $ECHO_N "checking for gai_strerror... $ECHO_C" >&6; }
-if test "${ac_cv_funclib_gai_strerror+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_gai_strerror\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" ; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-int
-main ()
-{
-gai_strerror(0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_gai_strerror=$ac_lib; else ac_cv_funclib_gai_strerror=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_gai_strerror=\${ac_cv_funclib_gai_strerror-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_gai_strerror"
-
-if false; then
-
-for ac_func in gai_strerror
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# gai_strerror
-eval "ac_tr_func=HAVE_`echo gai_strerror | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_gai_strerror=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_gai_strerror=yes"
-	eval "LIB_gai_strerror="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-	;;
-	no)
-	eval "ac_cv_func_gai_strerror=no"
-	eval "LIB_gai_strerror="
-	{ echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-	;;
-	*)
-	eval "ac_cv_func_gai_strerror=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6; }
-	;;
-esac
-
-
-if test -n "$LIB_gai_strerror"; then
-	LIBS="$LIB_gai_strerror $LIBS"
-fi
-
-if eval "test \"$ac_cv_func_gai_strerror\" != yes"; then
-	case " $LIBOBJS " in
-  *" gai_strerror.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS gai_strerror.$ac_objext"
- ;;
-esac
-
-fi
-
-
-{ echo "$as_me:$LINENO: checking for chown" >&5
-echo $ECHO_N "checking for chown... $ECHO_C" >&6; }
-if test "${ac_cv_func_chown+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define chown to an innocuous variant, in case <limits.h> declares chown.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define chown innocuous_chown
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char chown (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef chown
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char chown ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_chown || defined __stub___chown
-choke me
-#endif
-
-int
-main ()
-{
-return chown ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_chown=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_chown=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_chown" >&5
-echo "${ECHO_T}$ac_cv_func_chown" >&6; }
-if test $ac_cv_func_chown = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_CHOWN 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" chown.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS chown.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for copyhostent" >&5
-echo $ECHO_N "checking for copyhostent... $ECHO_C" >&6; }
-if test "${ac_cv_func_copyhostent+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define copyhostent to an innocuous variant, in case <limits.h> declares copyhostent.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define copyhostent innocuous_copyhostent
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char copyhostent (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef copyhostent
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char copyhostent ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_copyhostent || defined __stub___copyhostent
-choke me
-#endif
-
-int
-main ()
-{
-return copyhostent ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_copyhostent=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_copyhostent=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_copyhostent" >&5
-echo "${ECHO_T}$ac_cv_func_copyhostent" >&6; }
-if test $ac_cv_func_copyhostent = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_COPYHOSTENT 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" copyhostent.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS copyhostent.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for closefrom" >&5
-echo $ECHO_N "checking for closefrom... $ECHO_C" >&6; }
-if test "${ac_cv_func_closefrom+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define closefrom to an innocuous variant, in case <limits.h> declares closefrom.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define closefrom innocuous_closefrom
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char closefrom (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef closefrom
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char closefrom ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_closefrom || defined __stub___closefrom
-choke me
-#endif
-
-int
-main ()
-{
-return closefrom ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_closefrom=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_closefrom=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_closefrom" >&5
-echo "${ECHO_T}$ac_cv_func_closefrom" >&6; }
-if test $ac_cv_func_closefrom = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_CLOSEFROM 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" closefrom.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS closefrom.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for daemon" >&5
-echo $ECHO_N "checking for daemon... $ECHO_C" >&6; }
-if test "${ac_cv_func_daemon+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define daemon to an innocuous variant, in case <limits.h> declares daemon.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define daemon innocuous_daemon
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char daemon (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef daemon
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char daemon ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_daemon || defined __stub___daemon
-choke me
-#endif
-
-int
-main ()
-{
-return daemon ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_daemon=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_daemon=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_daemon" >&5
-echo "${ECHO_T}$ac_cv_func_daemon" >&6; }
-if test $ac_cv_func_daemon = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_DAEMON 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" daemon.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS daemon.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for ecalloc" >&5
-echo $ECHO_N "checking for ecalloc... $ECHO_C" >&6; }
-if test "${ac_cv_func_ecalloc+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define ecalloc to an innocuous variant, in case <limits.h> declares ecalloc.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define ecalloc innocuous_ecalloc
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char ecalloc (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef ecalloc
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char ecalloc ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_ecalloc || defined __stub___ecalloc
-choke me
-#endif
-
-int
-main ()
-{
-return ecalloc ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_ecalloc=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_ecalloc=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_ecalloc" >&5
-echo "${ECHO_T}$ac_cv_func_ecalloc" >&6; }
-if test $ac_cv_func_ecalloc = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_ECALLOC 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" ecalloc.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS ecalloc.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for emalloc" >&5
-echo $ECHO_N "checking for emalloc... $ECHO_C" >&6; }
-if test "${ac_cv_func_emalloc+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define emalloc to an innocuous variant, in case <limits.h> declares emalloc.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define emalloc innocuous_emalloc
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char emalloc (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef emalloc
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char emalloc ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_emalloc || defined __stub___emalloc
-choke me
-#endif
-
-int
-main ()
-{
-return emalloc ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_emalloc=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_emalloc=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_emalloc" >&5
-echo "${ECHO_T}$ac_cv_func_emalloc" >&6; }
-if test $ac_cv_func_emalloc = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_EMALLOC 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" emalloc.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS emalloc.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for erealloc" >&5
-echo $ECHO_N "checking for erealloc... $ECHO_C" >&6; }
-if test "${ac_cv_func_erealloc+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define erealloc to an innocuous variant, in case <limits.h> declares erealloc.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define erealloc innocuous_erealloc
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char erealloc (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef erealloc
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char erealloc ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_erealloc || defined __stub___erealloc
-choke me
-#endif
-
-int
-main ()
-{
-return erealloc ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_erealloc=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_erealloc=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_erealloc" >&5
-echo "${ECHO_T}$ac_cv_func_erealloc" >&6; }
-if test $ac_cv_func_erealloc = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_EREALLOC 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" erealloc.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS erealloc.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for estrdup" >&5
-echo $ECHO_N "checking for estrdup... $ECHO_C" >&6; }
-if test "${ac_cv_func_estrdup+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define estrdup to an innocuous variant, in case <limits.h> declares estrdup.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define estrdup innocuous_estrdup
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char estrdup (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef estrdup
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char estrdup ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_estrdup || defined __stub___estrdup
-choke me
-#endif
-
-int
-main ()
-{
-return estrdup ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_estrdup=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_estrdup=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_estrdup" >&5
-echo "${ECHO_T}$ac_cv_func_estrdup" >&6; }
-if test $ac_cv_func_estrdup = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_ESTRDUP 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" estrdup.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS estrdup.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for err" >&5
-echo $ECHO_N "checking for err... $ECHO_C" >&6; }
-if test "${ac_cv_func_err+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define err to an innocuous variant, in case <limits.h> declares err.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define err innocuous_err
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char err (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef err
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char err ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_err || defined __stub___err
-choke me
-#endif
-
-int
-main ()
-{
-return err ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_err=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_err=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_err" >&5
-echo "${ECHO_T}$ac_cv_func_err" >&6; }
-if test $ac_cv_func_err = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_ERR 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" err.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS err.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for errx" >&5
-echo $ECHO_N "checking for errx... $ECHO_C" >&6; }
-if test "${ac_cv_func_errx+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define errx to an innocuous variant, in case <limits.h> declares errx.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define errx innocuous_errx
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char errx (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef errx
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char errx ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_errx || defined __stub___errx
-choke me
-#endif
-
-int
-main ()
-{
-return errx ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_errx=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_errx=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_errx" >&5
-echo "${ECHO_T}$ac_cv_func_errx" >&6; }
-if test $ac_cv_func_errx = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_ERRX 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" errx.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS errx.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for fchown" >&5
-echo $ECHO_N "checking for fchown... $ECHO_C" >&6; }
-if test "${ac_cv_func_fchown+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define fchown to an innocuous variant, in case <limits.h> declares fchown.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define fchown innocuous_fchown
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char fchown (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef fchown
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char fchown ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_fchown || defined __stub___fchown
-choke me
-#endif
-
-int
-main ()
-{
-return fchown ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_fchown=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_fchown=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_fchown" >&5
-echo "${ECHO_T}$ac_cv_func_fchown" >&6; }
-if test $ac_cv_func_fchown = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_FCHOWN 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" fchown.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS fchown.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for flock" >&5
-echo $ECHO_N "checking for flock... $ECHO_C" >&6; }
-if test "${ac_cv_func_flock+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define flock to an innocuous variant, in case <limits.h> declares flock.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define flock innocuous_flock
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char flock (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef flock
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char flock ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_flock || defined __stub___flock
-choke me
-#endif
-
-int
-main ()
-{
-return flock ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_flock=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_flock=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_flock" >&5
-echo "${ECHO_T}$ac_cv_func_flock" >&6; }
-if test $ac_cv_func_flock = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_FLOCK 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" flock.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS flock.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for fnmatch" >&5
-echo $ECHO_N "checking for fnmatch... $ECHO_C" >&6; }
-if test "${ac_cv_func_fnmatch+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define fnmatch to an innocuous variant, in case <limits.h> declares fnmatch.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define fnmatch innocuous_fnmatch
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char fnmatch (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef fnmatch
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char fnmatch ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_fnmatch || defined __stub___fnmatch
-choke me
-#endif
-
-int
-main ()
-{
-return fnmatch ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_fnmatch=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_fnmatch=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_fnmatch" >&5
-echo "${ECHO_T}$ac_cv_func_fnmatch" >&6; }
-if test $ac_cv_func_fnmatch = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_FNMATCH 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" fnmatch.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS fnmatch.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for freehostent" >&5
-echo $ECHO_N "checking for freehostent... $ECHO_C" >&6; }
-if test "${ac_cv_func_freehostent+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define freehostent to an innocuous variant, in case <limits.h> declares freehostent.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define freehostent innocuous_freehostent
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char freehostent (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef freehostent
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char freehostent ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_freehostent || defined __stub___freehostent
-choke me
-#endif
-
-int
-main ()
-{
-return freehostent ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_freehostent=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_freehostent=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_freehostent" >&5
-echo "${ECHO_T}$ac_cv_func_freehostent" >&6; }
-if test $ac_cv_func_freehostent = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_FREEHOSTENT 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" freehostent.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS freehostent.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for getcwd" >&5
-echo $ECHO_N "checking for getcwd... $ECHO_C" >&6; }
-if test "${ac_cv_func_getcwd+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define getcwd to an innocuous variant, in case <limits.h> declares getcwd.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define getcwd innocuous_getcwd
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char getcwd (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef getcwd
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char getcwd ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_getcwd || defined __stub___getcwd
-choke me
-#endif
-
-int
-main ()
-{
-return getcwd ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_getcwd=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_getcwd=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_getcwd" >&5
-echo "${ECHO_T}$ac_cv_func_getcwd" >&6; }
-if test $ac_cv_func_getcwd = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_GETCWD 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" getcwd.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS getcwd.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for getdtablesize" >&5
-echo $ECHO_N "checking for getdtablesize... $ECHO_C" >&6; }
-if test "${ac_cv_func_getdtablesize+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define getdtablesize to an innocuous variant, in case <limits.h> declares getdtablesize.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define getdtablesize innocuous_getdtablesize
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char getdtablesize (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef getdtablesize
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char getdtablesize ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_getdtablesize || defined __stub___getdtablesize
-choke me
-#endif
-
-int
-main ()
-{
-return getdtablesize ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_getdtablesize=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_getdtablesize=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_getdtablesize" >&5
-echo "${ECHO_T}$ac_cv_func_getdtablesize" >&6; }
-if test $ac_cv_func_getdtablesize = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_GETDTABLESIZE 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" getdtablesize.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS getdtablesize.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for getegid" >&5
-echo $ECHO_N "checking for getegid... $ECHO_C" >&6; }
-if test "${ac_cv_func_getegid+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define getegid to an innocuous variant, in case <limits.h> declares getegid.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define getegid innocuous_getegid
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char getegid (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef getegid
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char getegid ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_getegid || defined __stub___getegid
-choke me
-#endif
-
-int
-main ()
-{
-return getegid ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_getegid=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_getegid=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_getegid" >&5
-echo "${ECHO_T}$ac_cv_func_getegid" >&6; }
-if test $ac_cv_func_getegid = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_GETEGID 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" getegid.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS getegid.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for geteuid" >&5
-echo $ECHO_N "checking for geteuid... $ECHO_C" >&6; }
-if test "${ac_cv_func_geteuid+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define geteuid to an innocuous variant, in case <limits.h> declares geteuid.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define geteuid innocuous_geteuid
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char geteuid (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef geteuid
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char geteuid ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_geteuid || defined __stub___geteuid
-choke me
-#endif
-
-int
-main ()
-{
-return geteuid ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_geteuid=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_geteuid=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_geteuid" >&5
-echo "${ECHO_T}$ac_cv_func_geteuid" >&6; }
-if test $ac_cv_func_geteuid = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_GETEUID 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" geteuid.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS geteuid.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for getgid" >&5
-echo $ECHO_N "checking for getgid... $ECHO_C" >&6; }
-if test "${ac_cv_func_getgid+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define getgid to an innocuous variant, in case <limits.h> declares getgid.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define getgid innocuous_getgid
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char getgid (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef getgid
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char getgid ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_getgid || defined __stub___getgid
-choke me
-#endif
-
-int
-main ()
-{
-return getgid ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_getgid=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_getgid=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_getgid" >&5
-echo "${ECHO_T}$ac_cv_func_getgid" >&6; }
-if test $ac_cv_func_getgid = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_GETGID 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" getgid.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS getgid.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for gethostname" >&5
-echo $ECHO_N "checking for gethostname... $ECHO_C" >&6; }
-if test "${ac_cv_func_gethostname+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define gethostname to an innocuous variant, in case <limits.h> declares gethostname.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define gethostname innocuous_gethostname
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char gethostname (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef gethostname
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char gethostname ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_gethostname || defined __stub___gethostname
-choke me
-#endif
-
-int
-main ()
-{
-return gethostname ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_gethostname=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_gethostname=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_gethostname" >&5
-echo "${ECHO_T}$ac_cv_func_gethostname" >&6; }
-if test $ac_cv_func_gethostname = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_GETHOSTNAME 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" gethostname.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS gethostname.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for getifaddrs" >&5
-echo $ECHO_N "checking for getifaddrs... $ECHO_C" >&6; }
-if test "${ac_cv_func_getifaddrs+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define getifaddrs to an innocuous variant, in case <limits.h> declares getifaddrs.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define getifaddrs innocuous_getifaddrs
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char getifaddrs (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef getifaddrs
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char getifaddrs ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_getifaddrs || defined __stub___getifaddrs
-choke me
-#endif
-
-int
-main ()
-{
-return getifaddrs ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_getifaddrs=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_getifaddrs=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_getifaddrs" >&5
-echo "${ECHO_T}$ac_cv_func_getifaddrs" >&6; }
-if test $ac_cv_func_getifaddrs = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_GETIFADDRS 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" getifaddrs.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS getifaddrs.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for getipnodebyaddr" >&5
-echo $ECHO_N "checking for getipnodebyaddr... $ECHO_C" >&6; }
-if test "${ac_cv_func_getipnodebyaddr+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define getipnodebyaddr to an innocuous variant, in case <limits.h> declares getipnodebyaddr.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define getipnodebyaddr innocuous_getipnodebyaddr
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char getipnodebyaddr (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef getipnodebyaddr
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char getipnodebyaddr ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_getipnodebyaddr || defined __stub___getipnodebyaddr
-choke me
-#endif
-
-int
-main ()
-{
-return getipnodebyaddr ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_getipnodebyaddr=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_getipnodebyaddr=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_getipnodebyaddr" >&5
-echo "${ECHO_T}$ac_cv_func_getipnodebyaddr" >&6; }
-if test $ac_cv_func_getipnodebyaddr = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_GETIPNODEBYADDR 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" getipnodebyaddr.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS getipnodebyaddr.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for getipnodebyname" >&5
-echo $ECHO_N "checking for getipnodebyname... $ECHO_C" >&6; }
-if test "${ac_cv_func_getipnodebyname+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define getipnodebyname to an innocuous variant, in case <limits.h> declares getipnodebyname.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define getipnodebyname innocuous_getipnodebyname
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char getipnodebyname (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef getipnodebyname
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char getipnodebyname ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_getipnodebyname || defined __stub___getipnodebyname
-choke me
-#endif
-
-int
-main ()
-{
-return getipnodebyname ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_getipnodebyname=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_getipnodebyname=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_getipnodebyname" >&5
-echo "${ECHO_T}$ac_cv_func_getipnodebyname" >&6; }
-if test $ac_cv_func_getipnodebyname = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_GETIPNODEBYNAME 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" getipnodebyname.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS getipnodebyname.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for getopt" >&5
-echo $ECHO_N "checking for getopt... $ECHO_C" >&6; }
-if test "${ac_cv_func_getopt+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define getopt to an innocuous variant, in case <limits.h> declares getopt.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define getopt innocuous_getopt
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char getopt (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef getopt
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char getopt ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_getopt || defined __stub___getopt
-choke me
-#endif
-
-int
-main ()
-{
-return getopt ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_getopt=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_getopt=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_getopt" >&5
-echo "${ECHO_T}$ac_cv_func_getopt" >&6; }
-if test $ac_cv_func_getopt = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_GETOPT 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" getopt.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS getopt.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for gettimeofday" >&5
-echo $ECHO_N "checking for gettimeofday... $ECHO_C" >&6; }
-if test "${ac_cv_func_gettimeofday+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define gettimeofday to an innocuous variant, in case <limits.h> declares gettimeofday.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define gettimeofday innocuous_gettimeofday
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char gettimeofday (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef gettimeofday
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char gettimeofday ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_gettimeofday || defined __stub___gettimeofday
-choke me
-#endif
-
-int
-main ()
-{
-return gettimeofday ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_gettimeofday=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_gettimeofday=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_gettimeofday" >&5
-echo "${ECHO_T}$ac_cv_func_gettimeofday" >&6; }
-if test $ac_cv_func_gettimeofday = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_GETTIMEOFDAY 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" gettimeofday.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS gettimeofday.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for getuid" >&5
-echo $ECHO_N "checking for getuid... $ECHO_C" >&6; }
-if test "${ac_cv_func_getuid+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define getuid to an innocuous variant, in case <limits.h> declares getuid.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define getuid innocuous_getuid
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char getuid (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef getuid
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char getuid ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_getuid || defined __stub___getuid
-choke me
-#endif
-
-int
-main ()
-{
-return getuid ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_getuid=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_getuid=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_getuid" >&5
-echo "${ECHO_T}$ac_cv_func_getuid" >&6; }
-if test $ac_cv_func_getuid = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_GETUID 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" getuid.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS getuid.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for getusershell" >&5
-echo $ECHO_N "checking for getusershell... $ECHO_C" >&6; }
-if test "${ac_cv_func_getusershell+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define getusershell to an innocuous variant, in case <limits.h> declares getusershell.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define getusershell innocuous_getusershell
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char getusershell (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef getusershell
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char getusershell ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_getusershell || defined __stub___getusershell
-choke me
-#endif
-
-int
-main ()
-{
-return getusershell ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_getusershell=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_getusershell=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_getusershell" >&5
-echo "${ECHO_T}$ac_cv_func_getusershell" >&6; }
-if test $ac_cv_func_getusershell = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_GETUSERSHELL 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" getusershell.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS getusershell.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for initgroups" >&5
-echo $ECHO_N "checking for initgroups... $ECHO_C" >&6; }
-if test "${ac_cv_func_initgroups+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define initgroups to an innocuous variant, in case <limits.h> declares initgroups.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define initgroups innocuous_initgroups
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char initgroups (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef initgroups
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char initgroups ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_initgroups || defined __stub___initgroups
-choke me
-#endif
-
-int
-main ()
-{
-return initgroups ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_initgroups=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_initgroups=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_initgroups" >&5
-echo "${ECHO_T}$ac_cv_func_initgroups" >&6; }
-if test $ac_cv_func_initgroups = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_INITGROUPS 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" initgroups.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS initgroups.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for innetgr" >&5
-echo $ECHO_N "checking for innetgr... $ECHO_C" >&6; }
-if test "${ac_cv_func_innetgr+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define innetgr to an innocuous variant, in case <limits.h> declares innetgr.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define innetgr innocuous_innetgr
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char innetgr (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef innetgr
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char innetgr ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_innetgr || defined __stub___innetgr
-choke me
-#endif
-
-int
-main ()
-{
-return innetgr ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_innetgr=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_innetgr=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_innetgr" >&5
-echo "${ECHO_T}$ac_cv_func_innetgr" >&6; }
-if test $ac_cv_func_innetgr = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_INNETGR 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" innetgr.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS innetgr.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for iruserok" >&5
-echo $ECHO_N "checking for iruserok... $ECHO_C" >&6; }
-if test "${ac_cv_func_iruserok+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define iruserok to an innocuous variant, in case <limits.h> declares iruserok.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define iruserok innocuous_iruserok
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char iruserok (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef iruserok
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char iruserok ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_iruserok || defined __stub___iruserok
-choke me
-#endif
-
-int
-main ()
-{
-return iruserok ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_iruserok=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_iruserok=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_iruserok" >&5
-echo "${ECHO_T}$ac_cv_func_iruserok" >&6; }
-if test $ac_cv_func_iruserok = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_IRUSEROK 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" iruserok.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS iruserok.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for localtime_r" >&5
-echo $ECHO_N "checking for localtime_r... $ECHO_C" >&6; }
-if test "${ac_cv_func_localtime_r+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define localtime_r to an innocuous variant, in case <limits.h> declares localtime_r.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define localtime_r innocuous_localtime_r
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char localtime_r (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef localtime_r
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char localtime_r ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_localtime_r || defined __stub___localtime_r
-choke me
-#endif
-
-int
-main ()
-{
-return localtime_r ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_localtime_r=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_localtime_r=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_localtime_r" >&5
-echo "${ECHO_T}$ac_cv_func_localtime_r" >&6; }
-if test $ac_cv_func_localtime_r = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_LOCALTIME_R 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" localtime_r.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS localtime_r.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for lstat" >&5
-echo $ECHO_N "checking for lstat... $ECHO_C" >&6; }
-if test "${ac_cv_func_lstat+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define lstat to an innocuous variant, in case <limits.h> declares lstat.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define lstat innocuous_lstat
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char lstat (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef lstat
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char lstat ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_lstat || defined __stub___lstat
-choke me
-#endif
-
-int
-main ()
-{
-return lstat ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_lstat=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_lstat=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_lstat" >&5
-echo "${ECHO_T}$ac_cv_func_lstat" >&6; }
-if test $ac_cv_func_lstat = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_LSTAT 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" lstat.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS lstat.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for memmove" >&5
-echo $ECHO_N "checking for memmove... $ECHO_C" >&6; }
-if test "${ac_cv_func_memmove+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define memmove to an innocuous variant, in case <limits.h> declares memmove.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define memmove innocuous_memmove
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char memmove (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef memmove
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char memmove ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_memmove || defined __stub___memmove
-choke me
-#endif
-
-int
-main ()
-{
-return memmove ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_memmove=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_memmove=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_memmove" >&5
-echo "${ECHO_T}$ac_cv_func_memmove" >&6; }
-if test $ac_cv_func_memmove = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_MEMMOVE 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" memmove.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS memmove.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for mkstemp" >&5
-echo $ECHO_N "checking for mkstemp... $ECHO_C" >&6; }
-if test "${ac_cv_func_mkstemp+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define mkstemp to an innocuous variant, in case <limits.h> declares mkstemp.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define mkstemp innocuous_mkstemp
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char mkstemp (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef mkstemp
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char mkstemp ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_mkstemp || defined __stub___mkstemp
-choke me
-#endif
-
-int
-main ()
-{
-return mkstemp ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_mkstemp=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_mkstemp=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_mkstemp" >&5
-echo "${ECHO_T}$ac_cv_func_mkstemp" >&6; }
-if test $ac_cv_func_mkstemp = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_MKSTEMP 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" mkstemp.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS mkstemp.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for putenv" >&5
-echo $ECHO_N "checking for putenv... $ECHO_C" >&6; }
-if test "${ac_cv_func_putenv+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define putenv to an innocuous variant, in case <limits.h> declares putenv.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define putenv innocuous_putenv
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char putenv (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef putenv
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char putenv ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_putenv || defined __stub___putenv
-choke me
-#endif
-
-int
-main ()
-{
-return putenv ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_putenv=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_putenv=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_putenv" >&5
-echo "${ECHO_T}$ac_cv_func_putenv" >&6; }
-if test $ac_cv_func_putenv = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_PUTENV 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" putenv.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS putenv.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for rcmd" >&5
-echo $ECHO_N "checking for rcmd... $ECHO_C" >&6; }
-if test "${ac_cv_func_rcmd+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define rcmd to an innocuous variant, in case <limits.h> declares rcmd.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define rcmd innocuous_rcmd
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char rcmd (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef rcmd
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char rcmd ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_rcmd || defined __stub___rcmd
-choke me
-#endif
-
-int
-main ()
-{
-return rcmd ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_rcmd=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_rcmd=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_rcmd" >&5
-echo "${ECHO_T}$ac_cv_func_rcmd" >&6; }
-if test $ac_cv_func_rcmd = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_RCMD 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" rcmd.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS rcmd.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for readv" >&5
-echo $ECHO_N "checking for readv... $ECHO_C" >&6; }
-if test "${ac_cv_func_readv+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define readv to an innocuous variant, in case <limits.h> declares readv.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define readv innocuous_readv
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char readv (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef readv
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char readv ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_readv || defined __stub___readv
-choke me
-#endif
-
-int
-main ()
-{
-return readv ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_readv=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_readv=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_readv" >&5
-echo "${ECHO_T}$ac_cv_func_readv" >&6; }
-if test $ac_cv_func_readv = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_READV 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" readv.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS readv.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for recvmsg" >&5
-echo $ECHO_N "checking for recvmsg... $ECHO_C" >&6; }
-if test "${ac_cv_func_recvmsg+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define recvmsg to an innocuous variant, in case <limits.h> declares recvmsg.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define recvmsg innocuous_recvmsg
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char recvmsg (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef recvmsg
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char recvmsg ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_recvmsg || defined __stub___recvmsg
-choke me
-#endif
-
-int
-main ()
-{
-return recvmsg ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_recvmsg=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_recvmsg=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_recvmsg" >&5
-echo "${ECHO_T}$ac_cv_func_recvmsg" >&6; }
-if test $ac_cv_func_recvmsg = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_RECVMSG 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" recvmsg.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS recvmsg.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for sendmsg" >&5
-echo $ECHO_N "checking for sendmsg... $ECHO_C" >&6; }
-if test "${ac_cv_func_sendmsg+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define sendmsg to an innocuous variant, in case <limits.h> declares sendmsg.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define sendmsg innocuous_sendmsg
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char sendmsg (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef sendmsg
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char sendmsg ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_sendmsg || defined __stub___sendmsg
-choke me
-#endif
-
-int
-main ()
-{
-return sendmsg ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_sendmsg=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_sendmsg=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_sendmsg" >&5
-echo "${ECHO_T}$ac_cv_func_sendmsg" >&6; }
-if test $ac_cv_func_sendmsg = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_SENDMSG 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" sendmsg.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS sendmsg.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for setegid" >&5
-echo $ECHO_N "checking for setegid... $ECHO_C" >&6; }
-if test "${ac_cv_func_setegid+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define setegid to an innocuous variant, in case <limits.h> declares setegid.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define setegid innocuous_setegid
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char setegid (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef setegid
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char setegid ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_setegid || defined __stub___setegid
-choke me
-#endif
-
-int
-main ()
-{
-return setegid ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_setegid=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_setegid=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_setegid" >&5
-echo "${ECHO_T}$ac_cv_func_setegid" >&6; }
-if test $ac_cv_func_setegid = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_SETEGID 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" setegid.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS setegid.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for setenv" >&5
-echo $ECHO_N "checking for setenv... $ECHO_C" >&6; }
-if test "${ac_cv_func_setenv+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define setenv to an innocuous variant, in case <limits.h> declares setenv.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define setenv innocuous_setenv
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char setenv (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef setenv
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char setenv ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_setenv || defined __stub___setenv
-choke me
-#endif
-
-int
-main ()
-{
-return setenv ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_setenv=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_setenv=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_setenv" >&5
-echo "${ECHO_T}$ac_cv_func_setenv" >&6; }
-if test $ac_cv_func_setenv = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_SETENV 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" setenv.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS setenv.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for seteuid" >&5
-echo $ECHO_N "checking for seteuid... $ECHO_C" >&6; }
-if test "${ac_cv_func_seteuid+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define seteuid to an innocuous variant, in case <limits.h> declares seteuid.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define seteuid innocuous_seteuid
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char seteuid (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef seteuid
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char seteuid ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_seteuid || defined __stub___seteuid
-choke me
-#endif
-
-int
-main ()
-{
-return seteuid ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_seteuid=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_seteuid=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_seteuid" >&5
-echo "${ECHO_T}$ac_cv_func_seteuid" >&6; }
-if test $ac_cv_func_seteuid = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_SETEUID 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" seteuid.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS seteuid.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for strcasecmp" >&5
-echo $ECHO_N "checking for strcasecmp... $ECHO_C" >&6; }
-if test "${ac_cv_func_strcasecmp+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define strcasecmp to an innocuous variant, in case <limits.h> declares strcasecmp.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define strcasecmp innocuous_strcasecmp
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strcasecmp (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef strcasecmp
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char strcasecmp ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_strcasecmp || defined __stub___strcasecmp
-choke me
-#endif
-
-int
-main ()
-{
-return strcasecmp ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_strcasecmp=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_strcasecmp=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_strcasecmp" >&5
-echo "${ECHO_T}$ac_cv_func_strcasecmp" >&6; }
-if test $ac_cv_func_strcasecmp = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRCASECMP 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" strcasecmp.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS strcasecmp.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for strdup" >&5
-echo $ECHO_N "checking for strdup... $ECHO_C" >&6; }
-if test "${ac_cv_func_strdup+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define strdup to an innocuous variant, in case <limits.h> declares strdup.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define strdup innocuous_strdup
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strdup (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef strdup
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char strdup ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_strdup || defined __stub___strdup
-choke me
-#endif
-
-int
-main ()
-{
-return strdup ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_strdup=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_strdup=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_strdup" >&5
-echo "${ECHO_T}$ac_cv_func_strdup" >&6; }
-if test $ac_cv_func_strdup = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRDUP 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" strdup.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS strdup.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for strerror" >&5
-echo $ECHO_N "checking for strerror... $ECHO_C" >&6; }
-if test "${ac_cv_func_strerror+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define strerror to an innocuous variant, in case <limits.h> declares strerror.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define strerror innocuous_strerror
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strerror (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef strerror
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char strerror ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_strerror || defined __stub___strerror
-choke me
-#endif
-
-int
-main ()
-{
-return strerror ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_strerror=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_strerror=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_strerror" >&5
-echo "${ECHO_T}$ac_cv_func_strerror" >&6; }
-if test $ac_cv_func_strerror = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRERROR 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" strerror.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS strerror.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for strftime" >&5
-echo $ECHO_N "checking for strftime... $ECHO_C" >&6; }
-if test "${ac_cv_func_strftime+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define strftime to an innocuous variant, in case <limits.h> declares strftime.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define strftime innocuous_strftime
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strftime (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef strftime
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char strftime ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_strftime || defined __stub___strftime
-choke me
-#endif
-
-int
-main ()
-{
-return strftime ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_strftime=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_strftime=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_strftime" >&5
-echo "${ECHO_T}$ac_cv_func_strftime" >&6; }
-if test $ac_cv_func_strftime = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRFTIME 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" strftime.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS strftime.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for strlcat" >&5
-echo $ECHO_N "checking for strlcat... $ECHO_C" >&6; }
-if test "${ac_cv_func_strlcat+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define strlcat to an innocuous variant, in case <limits.h> declares strlcat.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define strlcat innocuous_strlcat
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strlcat (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef strlcat
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char strlcat ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_strlcat || defined __stub___strlcat
-choke me
-#endif
-
-int
-main ()
-{
-return strlcat ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_strlcat=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_strlcat=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_strlcat" >&5
-echo "${ECHO_T}$ac_cv_func_strlcat" >&6; }
-if test $ac_cv_func_strlcat = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRLCAT 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" strlcat.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS strlcat.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for strlcpy" >&5
-echo $ECHO_N "checking for strlcpy... $ECHO_C" >&6; }
-if test "${ac_cv_func_strlcpy+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define strlcpy to an innocuous variant, in case <limits.h> declares strlcpy.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define strlcpy innocuous_strlcpy
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strlcpy (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef strlcpy
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char strlcpy ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_strlcpy || defined __stub___strlcpy
-choke me
-#endif
-
-int
-main ()
-{
-return strlcpy ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_strlcpy=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_strlcpy=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_strlcpy" >&5
-echo "${ECHO_T}$ac_cv_func_strlcpy" >&6; }
-if test $ac_cv_func_strlcpy = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRLCPY 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" strlcpy.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS strlcpy.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for strlwr" >&5
-echo $ECHO_N "checking for strlwr... $ECHO_C" >&6; }
-if test "${ac_cv_func_strlwr+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define strlwr to an innocuous variant, in case <limits.h> declares strlwr.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define strlwr innocuous_strlwr
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strlwr (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef strlwr
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char strlwr ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_strlwr || defined __stub___strlwr
-choke me
-#endif
-
-int
-main ()
-{
-return strlwr ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_strlwr=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_strlwr=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_strlwr" >&5
-echo "${ECHO_T}$ac_cv_func_strlwr" >&6; }
-if test $ac_cv_func_strlwr = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRLWR 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" strlwr.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS strlwr.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for strncasecmp" >&5
-echo $ECHO_N "checking for strncasecmp... $ECHO_C" >&6; }
-if test "${ac_cv_func_strncasecmp+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define strncasecmp to an innocuous variant, in case <limits.h> declares strncasecmp.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define strncasecmp innocuous_strncasecmp
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strncasecmp (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef strncasecmp
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char strncasecmp ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_strncasecmp || defined __stub___strncasecmp
-choke me
-#endif
-
-int
-main ()
-{
-return strncasecmp ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_strncasecmp=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_strncasecmp=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_strncasecmp" >&5
-echo "${ECHO_T}$ac_cv_func_strncasecmp" >&6; }
-if test $ac_cv_func_strncasecmp = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRNCASECMP 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" strncasecmp.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS strncasecmp.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for strndup" >&5
-echo $ECHO_N "checking for strndup... $ECHO_C" >&6; }
-if test "${ac_cv_func_strndup+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define strndup to an innocuous variant, in case <limits.h> declares strndup.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define strndup innocuous_strndup
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strndup (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef strndup
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char strndup ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_strndup || defined __stub___strndup
-choke me
-#endif
-
-int
-main ()
-{
-return strndup ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_strndup=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_strndup=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_strndup" >&5
-echo "${ECHO_T}$ac_cv_func_strndup" >&6; }
-if test $ac_cv_func_strndup = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRNDUP 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" strndup.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS strndup.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for strnlen" >&5
-echo $ECHO_N "checking for strnlen... $ECHO_C" >&6; }
-if test "${ac_cv_func_strnlen+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define strnlen to an innocuous variant, in case <limits.h> declares strnlen.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define strnlen innocuous_strnlen
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strnlen (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef strnlen
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char strnlen ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_strnlen || defined __stub___strnlen
-choke me
-#endif
-
-int
-main ()
-{
-return strnlen ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_strnlen=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_strnlen=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_strnlen" >&5
-echo "${ECHO_T}$ac_cv_func_strnlen" >&6; }
-if test $ac_cv_func_strnlen = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRNLEN 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" strnlen.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS strnlen.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for strptime" >&5
-echo $ECHO_N "checking for strptime... $ECHO_C" >&6; }
-if test "${ac_cv_func_strptime+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define strptime to an innocuous variant, in case <limits.h> declares strptime.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define strptime innocuous_strptime
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strptime (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef strptime
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char strptime ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_strptime || defined __stub___strptime
-choke me
-#endif
-
-int
-main ()
-{
-return strptime ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_strptime=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_strptime=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_strptime" >&5
-echo "${ECHO_T}$ac_cv_func_strptime" >&6; }
-if test $ac_cv_func_strptime = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRPTIME 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" strptime.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS strptime.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for strsep" >&5
-echo $ECHO_N "checking for strsep... $ECHO_C" >&6; }
-if test "${ac_cv_func_strsep+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define strsep to an innocuous variant, in case <limits.h> declares strsep.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define strsep innocuous_strsep
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strsep (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef strsep
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char strsep ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_strsep || defined __stub___strsep
-choke me
-#endif
-
-int
-main ()
-{
-return strsep ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_strsep=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_strsep=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_strsep" >&5
-echo "${ECHO_T}$ac_cv_func_strsep" >&6; }
-if test $ac_cv_func_strsep = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRSEP 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" strsep.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS strsep.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for strsep_copy" >&5
-echo $ECHO_N "checking for strsep_copy... $ECHO_C" >&6; }
-if test "${ac_cv_func_strsep_copy+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define strsep_copy to an innocuous variant, in case <limits.h> declares strsep_copy.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define strsep_copy innocuous_strsep_copy
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strsep_copy (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef strsep_copy
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char strsep_copy ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_strsep_copy || defined __stub___strsep_copy
-choke me
-#endif
-
-int
-main ()
-{
-return strsep_copy ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_strsep_copy=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_strsep_copy=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_strsep_copy" >&5
-echo "${ECHO_T}$ac_cv_func_strsep_copy" >&6; }
-if test $ac_cv_func_strsep_copy = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRSEP_COPY 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" strsep_copy.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS strsep_copy.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for strtok_r" >&5
-echo $ECHO_N "checking for strtok_r... $ECHO_C" >&6; }
-if test "${ac_cv_func_strtok_r+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define strtok_r to an innocuous variant, in case <limits.h> declares strtok_r.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define strtok_r innocuous_strtok_r
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strtok_r (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef strtok_r
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char strtok_r ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_strtok_r || defined __stub___strtok_r
-choke me
-#endif
-
-int
-main ()
-{
-return strtok_r ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_strtok_r=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_strtok_r=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_strtok_r" >&5
-echo "${ECHO_T}$ac_cv_func_strtok_r" >&6; }
-if test $ac_cv_func_strtok_r = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRTOK_R 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" strtok_r.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS strtok_r.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for strupr" >&5
-echo $ECHO_N "checking for strupr... $ECHO_C" >&6; }
-if test "${ac_cv_func_strupr+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define strupr to an innocuous variant, in case <limits.h> declares strupr.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define strupr innocuous_strupr
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strupr (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef strupr
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char strupr ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_strupr || defined __stub___strupr
-choke me
-#endif
-
-int
-main ()
-{
-return strupr ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_strupr=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_strupr=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_strupr" >&5
-echo "${ECHO_T}$ac_cv_func_strupr" >&6; }
-if test $ac_cv_func_strupr = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRUPR 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" strupr.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS strupr.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for swab" >&5
-echo $ECHO_N "checking for swab... $ECHO_C" >&6; }
-if test "${ac_cv_func_swab+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define swab to an innocuous variant, in case <limits.h> declares swab.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define swab innocuous_swab
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char swab (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef swab
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char swab ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_swab || defined __stub___swab
-choke me
-#endif
-
-int
-main ()
-{
-return swab ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_swab=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_swab=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_swab" >&5
-echo "${ECHO_T}$ac_cv_func_swab" >&6; }
-if test $ac_cv_func_swab = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_SWAB 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" swab.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS swab.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for timegm" >&5
-echo $ECHO_N "checking for timegm... $ECHO_C" >&6; }
-if test "${ac_cv_func_timegm+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define timegm to an innocuous variant, in case <limits.h> declares timegm.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define timegm innocuous_timegm
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char timegm (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef timegm
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char timegm ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_timegm || defined __stub___timegm
-choke me
-#endif
-
-int
-main ()
-{
-return timegm ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_timegm=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_timegm=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_timegm" >&5
-echo "${ECHO_T}$ac_cv_func_timegm" >&6; }
-if test $ac_cv_func_timegm = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_TIMEGM 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" timegm.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS timegm.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for unsetenv" >&5
-echo $ECHO_N "checking for unsetenv... $ECHO_C" >&6; }
-if test "${ac_cv_func_unsetenv+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define unsetenv to an innocuous variant, in case <limits.h> declares unsetenv.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define unsetenv innocuous_unsetenv
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char unsetenv (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef unsetenv
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char unsetenv ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_unsetenv || defined __stub___unsetenv
-choke me
-#endif
-
-int
-main ()
-{
-return unsetenv ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_unsetenv=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_unsetenv=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_unsetenv" >&5
-echo "${ECHO_T}$ac_cv_func_unsetenv" >&6; }
-if test $ac_cv_func_unsetenv = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_UNSETENV 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" unsetenv.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS unsetenv.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for verr" >&5
-echo $ECHO_N "checking for verr... $ECHO_C" >&6; }
-if test "${ac_cv_func_verr+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define verr to an innocuous variant, in case <limits.h> declares verr.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define verr innocuous_verr
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char verr (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef verr
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char verr ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_verr || defined __stub___verr
-choke me
-#endif
-
-int
-main ()
-{
-return verr ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_verr=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_verr=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_verr" >&5
-echo "${ECHO_T}$ac_cv_func_verr" >&6; }
-if test $ac_cv_func_verr = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_VERR 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" verr.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS verr.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for verrx" >&5
-echo $ECHO_N "checking for verrx... $ECHO_C" >&6; }
-if test "${ac_cv_func_verrx+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define verrx to an innocuous variant, in case <limits.h> declares verrx.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define verrx innocuous_verrx
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char verrx (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef verrx
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char verrx ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_verrx || defined __stub___verrx
-choke me
-#endif
-
-int
-main ()
-{
-return verrx ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_verrx=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_verrx=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_verrx" >&5
-echo "${ECHO_T}$ac_cv_func_verrx" >&6; }
-if test $ac_cv_func_verrx = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_VERRX 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" verrx.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS verrx.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for vsyslog" >&5
-echo $ECHO_N "checking for vsyslog... $ECHO_C" >&6; }
-if test "${ac_cv_func_vsyslog+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define vsyslog to an innocuous variant, in case <limits.h> declares vsyslog.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define vsyslog innocuous_vsyslog
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char vsyslog (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef vsyslog
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char vsyslog ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_vsyslog || defined __stub___vsyslog
-choke me
-#endif
-
-int
-main ()
-{
-return vsyslog ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_vsyslog=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_vsyslog=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_vsyslog" >&5
-echo "${ECHO_T}$ac_cv_func_vsyslog" >&6; }
-if test $ac_cv_func_vsyslog = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_VSYSLOG 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" vsyslog.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS vsyslog.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for vwarn" >&5
-echo $ECHO_N "checking for vwarn... $ECHO_C" >&6; }
-if test "${ac_cv_func_vwarn+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define vwarn to an innocuous variant, in case <limits.h> declares vwarn.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define vwarn innocuous_vwarn
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char vwarn (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef vwarn
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char vwarn ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_vwarn || defined __stub___vwarn
-choke me
-#endif
-
-int
-main ()
-{
-return vwarn ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_vwarn=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_vwarn=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_vwarn" >&5
-echo "${ECHO_T}$ac_cv_func_vwarn" >&6; }
-if test $ac_cv_func_vwarn = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_VWARN 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" vwarn.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS vwarn.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for vwarnx" >&5
-echo $ECHO_N "checking for vwarnx... $ECHO_C" >&6; }
-if test "${ac_cv_func_vwarnx+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define vwarnx to an innocuous variant, in case <limits.h> declares vwarnx.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define vwarnx innocuous_vwarnx
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char vwarnx (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef vwarnx
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char vwarnx ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_vwarnx || defined __stub___vwarnx
-choke me
-#endif
-
-int
-main ()
-{
-return vwarnx ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_vwarnx=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_vwarnx=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_vwarnx" >&5
-echo "${ECHO_T}$ac_cv_func_vwarnx" >&6; }
-if test $ac_cv_func_vwarnx = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_VWARNX 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" vwarnx.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS vwarnx.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for warn" >&5
-echo $ECHO_N "checking for warn... $ECHO_C" >&6; }
-if test "${ac_cv_func_warn+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define warn to an innocuous variant, in case <limits.h> declares warn.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define warn innocuous_warn
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char warn (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef warn
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char warn ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_warn || defined __stub___warn
-choke me
-#endif
-
-int
-main ()
-{
-return warn ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_warn=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_warn=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_warn" >&5
-echo "${ECHO_T}$ac_cv_func_warn" >&6; }
-if test $ac_cv_func_warn = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_WARN 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" warn.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS warn.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for warnx" >&5
-echo $ECHO_N "checking for warnx... $ECHO_C" >&6; }
-if test "${ac_cv_func_warnx+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define warnx to an innocuous variant, in case <limits.h> declares warnx.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define warnx innocuous_warnx
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char warnx (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef warnx
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char warnx ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_warnx || defined __stub___warnx
-choke me
-#endif
-
-int
-main ()
-{
-return warnx ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_warnx=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_warnx=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_warnx" >&5
-echo "${ECHO_T}$ac_cv_func_warnx" >&6; }
-if test $ac_cv_func_warnx = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_WARNX 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" warnx.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS warnx.$ac_objext"
- ;;
-esac
-
-fi
-{ echo "$as_me:$LINENO: checking for writev" >&5
-echo $ECHO_N "checking for writev... $ECHO_C" >&6; }
-if test "${ac_cv_func_writev+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define writev to an innocuous variant, in case <limits.h> declares writev.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define writev innocuous_writev
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char writev (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef writev
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char writev ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_writev || defined __stub___writev
-choke me
-#endif
-
-int
-main ()
-{
-return writev ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_writev=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_writev=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_writev" >&5
-echo "${ECHO_T}$ac_cv_func_writev" >&6; }
-if test $ac_cv_func_writev = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_WRITEV 1
-_ACEOF
-
-else
-  case " $LIBOBJS " in
-  *" writev.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS writev.$ac_objext"
- ;;
-esac
-
-fi
-
-
- if test "$ac_cv_header_fnmatch_h" = yes -a "$ac_cv_func_fnmatch" = yes; then
-  have_fnmatch_h_TRUE=
-  have_fnmatch_h_FALSE='#'
-else
-  have_fnmatch_h_TRUE='#'
-  have_fnmatch_h_FALSE=
-fi
-
-
-
-if test "$ac_cv_func_strndup+set" != set -o "$ac_cv_func_strndup" = yes; then
-{ echo "$as_me:$LINENO: checking if strndup needs a prototype" >&5
-echo $ECHO_N "checking if strndup needs a prototype... $ECHO_C" >&6; }
-if test "${ac_cv_func_strndup_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <string.h>
-struct foo { int foo; } xx;
-extern int strndup (struct foo*);
-int
-main ()
-{
-strndup(&xx)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_func_strndup_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_func_strndup_noproto=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_strndup_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_strndup_noproto" >&6; }
-if test "$ac_cv_func_strndup_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_STRNDUP_PROTO 1
-_ACEOF
-
-fi
-fi
-
-if test "$ac_cv_func_strsep+set" != set -o "$ac_cv_func_strsep" = yes; then
-{ echo "$as_me:$LINENO: checking if strsep needs a prototype" >&5
-echo $ECHO_N "checking if strsep needs a prototype... $ECHO_C" >&6; }
-if test "${ac_cv_func_strsep_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <string.h>
-struct foo { int foo; } xx;
-extern int strsep (struct foo*);
-int
-main ()
-{
-strsep(&xx)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_func_strsep_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_func_strsep_noproto=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_strsep_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_strsep_noproto" >&6; }
-if test "$ac_cv_func_strsep_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_STRSEP_PROTO 1
-_ACEOF
-
-fi
-fi
-
-if test "$ac_cv_func_strtok_r+set" != set -o "$ac_cv_func_strtok_r" = yes; then
-{ echo "$as_me:$LINENO: checking if strtok_r needs a prototype" >&5
-echo $ECHO_N "checking if strtok_r needs a prototype... $ECHO_C" >&6; }
-if test "${ac_cv_func_strtok_r_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <string.h>
-struct foo { int foo; } xx;
-extern int strtok_r (struct foo*);
-int
-main ()
-{
-strtok_r(&xx)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_func_strtok_r_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_func_strtok_r_noproto=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_strtok_r_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_strtok_r_noproto" >&6; }
-if test "$ac_cv_func_strtok_r_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_STRTOK_R_PROTO 1
-_ACEOF
-
-fi
-fi
-
-
-
-if test "$ac_cv_func_strsvis+set" != set -o "$ac_cv_func_strsvis" = yes; then
-{ echo "$as_me:$LINENO: checking if strsvis needs a prototype" >&5
-echo $ECHO_N "checking if strsvis needs a prototype... $ECHO_C" >&6; }
-if test "${ac_cv_func_strsvis_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#ifdef HAVE_VIS_H
-#include <vis.h>
-#endif
-struct foo { int foo; } xx;
-extern int strsvis (struct foo*);
-int
-main ()
-{
-strsvis(&xx)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_func_strsvis_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_func_strsvis_noproto=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_strsvis_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_strsvis_noproto" >&6; }
-if test "$ac_cv_func_strsvis_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_STRSVIS_PROTO 1
-_ACEOF
-
-fi
-fi
-
-if test "$ac_cv_func_strunvis+set" != set -o "$ac_cv_func_strunvis" = yes; then
-{ echo "$as_me:$LINENO: checking if strunvis needs a prototype" >&5
-echo $ECHO_N "checking if strunvis needs a prototype... $ECHO_C" >&6; }
-if test "${ac_cv_func_strunvis_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#ifdef HAVE_VIS_H
-#include <vis.h>
-#endif
-struct foo { int foo; } xx;
-extern int strunvis (struct foo*);
-int
-main ()
-{
-strunvis(&xx)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_func_strunvis_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_func_strunvis_noproto=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_strunvis_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_strunvis_noproto" >&6; }
-if test "$ac_cv_func_strunvis_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_STRUNVIS_PROTO 1
-_ACEOF
-
-fi
-fi
-
-if test "$ac_cv_func_strvis+set" != set -o "$ac_cv_func_strvis" = yes; then
-{ echo "$as_me:$LINENO: checking if strvis needs a prototype" >&5
-echo $ECHO_N "checking if strvis needs a prototype... $ECHO_C" >&6; }
-if test "${ac_cv_func_strvis_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#ifdef HAVE_VIS_H
-#include <vis.h>
-#endif
-struct foo { int foo; } xx;
-extern int strvis (struct foo*);
-int
-main ()
-{
-strvis(&xx)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_func_strvis_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_func_strvis_noproto=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_strvis_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_strvis_noproto" >&6; }
-if test "$ac_cv_func_strvis_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_STRVIS_PROTO 1
-_ACEOF
-
-fi
-fi
-
-if test "$ac_cv_func_strvisx+set" != set -o "$ac_cv_func_strvisx" = yes; then
-{ echo "$as_me:$LINENO: checking if strvisx needs a prototype" >&5
-echo $ECHO_N "checking if strvisx needs a prototype... $ECHO_C" >&6; }
-if test "${ac_cv_func_strvisx_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#ifdef HAVE_VIS_H
-#include <vis.h>
-#endif
-struct foo { int foo; } xx;
-extern int strvisx (struct foo*);
-int
-main ()
-{
-strvisx(&xx)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_func_strvisx_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_func_strvisx_noproto=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_strvisx_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_strvisx_noproto" >&6; }
-if test "$ac_cv_func_strvisx_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_STRVISX_PROTO 1
-_ACEOF
-
-fi
-fi
-
-if test "$ac_cv_func_svis+set" != set -o "$ac_cv_func_svis" = yes; then
-{ echo "$as_me:$LINENO: checking if svis needs a prototype" >&5
-echo $ECHO_N "checking if svis needs a prototype... $ECHO_C" >&6; }
-if test "${ac_cv_func_svis_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#ifdef HAVE_VIS_H
-#include <vis.h>
-#endif
-struct foo { int foo; } xx;
-extern int svis (struct foo*);
-int
-main ()
-{
-svis(&xx)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_func_svis_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_func_svis_noproto=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_svis_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_svis_noproto" >&6; }
-if test "$ac_cv_func_svis_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_SVIS_PROTO 1
-_ACEOF
-
-fi
-fi
-
-if test "$ac_cv_func_unvis+set" != set -o "$ac_cv_func_unvis" = yes; then
-{ echo "$as_me:$LINENO: checking if unvis needs a prototype" >&5
-echo $ECHO_N "checking if unvis needs a prototype... $ECHO_C" >&6; }
-if test "${ac_cv_func_unvis_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#ifdef HAVE_VIS_H
-#include <vis.h>
-#endif
-struct foo { int foo; } xx;
-extern int unvis (struct foo*);
-int
-main ()
-{
-unvis(&xx)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_func_unvis_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_func_unvis_noproto=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_unvis_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_unvis_noproto" >&6; }
-if test "$ac_cv_func_unvis_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_UNVIS_PROTO 1
-_ACEOF
-
-fi
-fi
-
-if test "$ac_cv_func_vis+set" != set -o "$ac_cv_func_vis" = yes; then
-{ echo "$as_me:$LINENO: checking if vis needs a prototype" >&5
-echo $ECHO_N "checking if vis needs a prototype... $ECHO_C" >&6; }
-if test "${ac_cv_func_vis_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#ifdef HAVE_VIS_H
-#include <vis.h>
-#endif
-struct foo { int foo; } xx;
-extern int vis (struct foo*);
-int
-main ()
-{
-vis(&xx)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_func_vis_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_func_vis_noproto=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_vis_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_vis_noproto" >&6; }
-if test "$ac_cv_func_vis_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_VIS_PROTO 1
-_ACEOF
-
-fi
-fi
-
-
-{ echo "$as_me:$LINENO: checking for inet_aton" >&5
-echo $ECHO_N "checking for inet_aton... $ECHO_C" >&6; }
-if test "${ac_cv_func_inet_aton+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-int
-main ()
-{
-
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_inet_aton) || defined (__stub___inet_aton)
-choke me
-#else
-inet_aton(0,0);
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "ac_cv_func_inet_aton=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_func_inet_aton=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-
-if eval "test \"\${ac_cv_func_inet_aton}\" = yes"; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_INET_ATON 1
-_ACEOF
-
-  { echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-else
-  { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-  case " $LIBOBJS " in
-  *" inet_aton.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS inet_aton.$ac_objext"
- ;;
-esac
-
-fi
-
-{ echo "$as_me:$LINENO: checking for inet_ntop" >&5
-echo $ECHO_N "checking for inet_ntop... $ECHO_C" >&6; }
-if test "${ac_cv_func_inet_ntop+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-int
-main ()
-{
-
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_inet_ntop) || defined (__stub___inet_ntop)
-choke me
-#else
-inet_ntop(0, 0, 0, 0);
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "ac_cv_func_inet_ntop=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_func_inet_ntop=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-
-if eval "test \"\${ac_cv_func_inet_ntop}\" = yes"; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_INET_NTOP 1
-_ACEOF
-
-  { echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-else
-  { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-  case " $LIBOBJS " in
-  *" inet_ntop.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS inet_ntop.$ac_objext"
- ;;
-esac
-
-fi
-
-{ echo "$as_me:$LINENO: checking for inet_pton" >&5
-echo $ECHO_N "checking for inet_pton... $ECHO_C" >&6; }
-if test "${ac_cv_func_inet_pton+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-int
-main ()
-{
-
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_inet_pton) || defined (__stub___inet_pton)
-choke me
-#else
-inet_pton(0,0,0);
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "ac_cv_func_inet_pton=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_func_inet_pton=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-
-if eval "test \"\${ac_cv_func_inet_pton}\" = yes"; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_INET_PTON 1
-_ACEOF
-
-  { echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-else
-  { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-  case " $LIBOBJS " in
-  *" inet_pton.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS inet_pton.$ac_objext"
- ;;
-esac
-
-fi
-
-
-
-{ echo "$as_me:$LINENO: checking for sa_len in struct sockaddr" >&5
-echo $ECHO_N "checking for sa_len in struct sockaddr... $ECHO_C" >&6; }
-if test "${ac_cv_type_struct_sockaddr_sa_len+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <sys/types.h>
-#include <sys/socket.h>
-int
-main ()
-{
-struct sockaddr x; memset(&x, 0, sizeof(x)); x.sa_len
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_type_struct_sockaddr_sa_len=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_type_struct_sockaddr_sa_len=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_sockaddr_sa_len" >&5
-echo "${ECHO_T}$ac_cv_type_struct_sockaddr_sa_len" >&6; }
-if test "$ac_cv_type_struct_sockaddr_sa_len" = yes; then
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_STRUCT_SOCKADDR_SA_LEN 1
-_ACEOF
-
-
-fi
-
-
-
-if test "$ac_cv_func_getaddrinfo" = "yes"; then
-
-{ echo "$as_me:$LINENO: checking if getaddrinfo handles numeric services" >&5
-echo $ECHO_N "checking if getaddrinfo handles numeric services... $ECHO_C" >&6; }
-if test "${ac_cv_func_getaddrinfo_numserv+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test "$cross_compiling" = yes; then
-  { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&2;}
-   { (exit 1); exit 1; }; }
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <stdio.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netdb.h>
-
-int
-main(int argc, char **argv)
-{
-	struct addrinfo hints, *ai;
-	memset(&hints, 0, sizeof(hints));
-	hints.ai_flags = AI_PASSIVE;
-	hints.ai_socktype = SOCK_STREAM;
-	hints.ai_family = PF_UNSPEC;
-	if(getaddrinfo(NULL, "17", &hints, &ai) != 0)
-		return 1;
-	if(getaddrinfo(NULL, "0", &hints, &ai) != 0)
-		return 1;
-	return 0;
-}
-
-_ACEOF
-rm -f conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_try") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_getaddrinfo_numserv=yes
-else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-( exit $ac_status )
-ac_cv_func_getaddrinfo_numserv=no
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-
-
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_getaddrinfo_numserv" >&5
-echo "${ECHO_T}$ac_cv_func_getaddrinfo_numserv" >&6; }
-  if test "$ac_cv_func_getaddrinfo_numserv" = no; then
-	case " $LIBOBJS " in
-  *" getaddrinfo.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS getaddrinfo.$ac_objext"
- ;;
-esac
-
-	case " $LIBOBJS " in
-  *" freeaddrinfo.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS freeaddrinfo.$ac_objext"
- ;;
-esac
-
-  fi
-fi
-
-
-if test "$ac_cv_func_setenv+set" != set -o "$ac_cv_func_setenv" = yes; then
-{ echo "$as_me:$LINENO: checking if setenv needs a prototype" >&5
-echo $ECHO_N "checking if setenv needs a prototype... $ECHO_C" >&6; }
-if test "${ac_cv_func_setenv_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <stdlib.h>
-struct foo { int foo; } xx;
-extern int setenv (struct foo*);
-int
-main ()
-{
-setenv(&xx)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_func_setenv_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_func_setenv_noproto=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_setenv_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_setenv_noproto" >&6; }
-if test "$ac_cv_func_setenv_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_SETENV_PROTO 1
-_ACEOF
-
-fi
-fi
-
-
-if test "$ac_cv_func_unsetenv+set" != set -o "$ac_cv_func_unsetenv" = yes; then
-{ echo "$as_me:$LINENO: checking if unsetenv needs a prototype" >&5
-echo $ECHO_N "checking if unsetenv needs a prototype... $ECHO_C" >&6; }
-if test "${ac_cv_func_unsetenv_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <stdlib.h>
-struct foo { int foo; } xx;
-extern int unsetenv (struct foo*);
-int
-main ()
-{
-unsetenv(&xx)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_func_unsetenv_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_func_unsetenv_noproto=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_unsetenv_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_unsetenv_noproto" >&6; }
-if test "$ac_cv_func_unsetenv_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_UNSETENV_PROTO 1
-_ACEOF
-
-fi
-fi
-
-
-if test "$ac_cv_func_gethostname+set" != set -o "$ac_cv_func_gethostname" = yes; then
-{ echo "$as_me:$LINENO: checking if gethostname needs a prototype" >&5
-echo $ECHO_N "checking if gethostname needs a prototype... $ECHO_C" >&6; }
-if test "${ac_cv_func_gethostname_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <unistd.h>
-struct foo { int foo; } xx;
-extern int gethostname (struct foo*);
-int
-main ()
-{
-gethostname(&xx)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_func_gethostname_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_func_gethostname_noproto=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_gethostname_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_gethostname_noproto" >&6; }
-if test "$ac_cv_func_gethostname_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_GETHOSTNAME_PROTO 1
-_ACEOF
-
-fi
-fi
-
-
-if test "$ac_cv_func_mkstemp+set" != set -o "$ac_cv_func_mkstemp" = yes; then
-{ echo "$as_me:$LINENO: checking if mkstemp needs a prototype" >&5
-echo $ECHO_N "checking if mkstemp needs a prototype... $ECHO_C" >&6; }
-if test "${ac_cv_func_mkstemp_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <unistd.h>
-struct foo { int foo; } xx;
-extern int mkstemp (struct foo*);
-int
-main ()
-{
-mkstemp(&xx)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_func_mkstemp_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_func_mkstemp_noproto=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_mkstemp_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_mkstemp_noproto" >&6; }
-if test "$ac_cv_func_mkstemp_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_MKSTEMP_PROTO 1
-_ACEOF
-
-fi
-fi
-
-
-if test "$ac_cv_func_getusershell+set" != set -o "$ac_cv_func_getusershell" = yes; then
-{ echo "$as_me:$LINENO: checking if getusershell needs a prototype" >&5
-echo $ECHO_N "checking if getusershell needs a prototype... $ECHO_C" >&6; }
-if test "${ac_cv_func_getusershell_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <unistd.h>
-struct foo { int foo; } xx;
-extern int getusershell (struct foo*);
-int
-main ()
-{
-getusershell(&xx)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_func_getusershell_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_func_getusershell_noproto=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_getusershell_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_getusershell_noproto" >&6; }
-if test "$ac_cv_func_getusershell_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_GETUSERSHELL_PROTO 1
-_ACEOF
-
-fi
-fi
-
-
-if test "$ac_cv_func_daemon+set" != set -o "$ac_cv_func_daemon" = yes; then
-{ echo "$as_me:$LINENO: checking if daemon needs a prototype" >&5
-echo $ECHO_N "checking if daemon needs a prototype... $ECHO_C" >&6; }
-if test "${ac_cv_func_daemon_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <unistd.h>
-struct foo { int foo; } xx;
-extern int daemon (struct foo*);
-int
-main ()
-{
-daemon(&xx)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_func_daemon_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_func_daemon_noproto=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_daemon_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_daemon_noproto" >&6; }
-if test "$ac_cv_func_daemon_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_DAEMON_PROTO 1
-_ACEOF
-
-fi
-fi
-
-
-if test "$ac_cv_func_iruserok+set" != set -o "$ac_cv_func_iruserok" = yes; then
-{ echo "$as_me:$LINENO: checking if iruserok needs a prototype" >&5
-echo $ECHO_N "checking if iruserok needs a prototype... $ECHO_C" >&6; }
-if test "${ac_cv_func_iruserok_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-struct foo { int foo; } xx;
-extern int iruserok (struct foo*);
-int
-main ()
-{
-iruserok(&xx)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_func_iruserok_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_func_iruserok_noproto=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_iruserok_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_iruserok_noproto" >&6; }
-if test "$ac_cv_func_iruserok_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_IRUSEROK_PROTO 1
-_ACEOF
-
-fi
-fi
-
-
-
-if test "$ac_cv_func_inet_aton+set" != set -o "$ac_cv_func_inet_aton" = yes; then
-{ echo "$as_me:$LINENO: checking if inet_aton needs a prototype" >&5
-echo $ECHO_N "checking if inet_aton needs a prototype... $ECHO_C" >&6; }
-if test "${ac_cv_func_inet_aton_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-struct foo { int foo; } xx;
-extern int inet_aton (struct foo*);
-int
-main ()
-{
-inet_aton(&xx)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_func_inet_aton_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_func_inet_aton_noproto=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_inet_aton_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_inet_aton_noproto" >&6; }
-if test "$ac_cv_func_inet_aton_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_INET_ATON_PROTO 1
-_ACEOF
-
-fi
-fi
-
-
-
-
-
-{ echo "$as_me:$LINENO: checking for crypt" >&5
-echo $ECHO_N "checking for crypt... $ECHO_C" >&6; }
-if test "${ac_cv_funclib_crypt+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_crypt\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" crypt; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-int
-main ()
-{
-crypt()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_crypt=$ac_lib; else ac_cv_funclib_crypt=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_crypt=\${ac_cv_funclib_crypt-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_crypt"
-
-if false; then
-
-for ac_func in crypt
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# crypt
-eval "ac_tr_func=HAVE_`echo crypt | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_crypt=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_crypt=yes"
-	eval "LIB_crypt="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-	;;
-	no)
-	eval "ac_cv_func_crypt=no"
-	eval "LIB_crypt="
-	{ echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-	;;
-	*)
-	eval "ac_cv_func_crypt=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6; }
-	;;
-esac
-
-
-
-
-
-
-{ echo "$as_me:$LINENO: checking if gethostbyname is compatible with system prototype" >&5
-echo $ECHO_N "checking if gethostbyname is compatible with system prototype... $ECHO_C" >&6; }
-if test "${ac_cv_func_gethostbyname_proto_compat+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-
-int
-main ()
-{
-struct hostent *gethostbyname(const char *)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_func_gethostbyname_proto_compat=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_func_gethostbyname_proto_compat=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_gethostbyname_proto_compat" >&5
-echo "${ECHO_T}$ac_cv_func_gethostbyname_proto_compat" >&6; }
-
-if test "$ac_cv_func_gethostbyname_proto_compat" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define GETHOSTBYNAME_PROTO_COMPATIBLE 1
-_ACEOF
-
-fi
-
-
-
-
-{ echo "$as_me:$LINENO: checking if gethostbyaddr is compatible with system prototype" >&5
-echo $ECHO_N "checking if gethostbyaddr is compatible with system prototype... $ECHO_C" >&6; }
-if test "${ac_cv_func_gethostbyaddr_proto_compat+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-
-int
-main ()
-{
-struct hostent *gethostbyaddr(const void *, size_t, int)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_func_gethostbyaddr_proto_compat=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_func_gethostbyaddr_proto_compat=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_gethostbyaddr_proto_compat" >&5
-echo "${ECHO_T}$ac_cv_func_gethostbyaddr_proto_compat" >&6; }
-
-if test "$ac_cv_func_gethostbyaddr_proto_compat" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define GETHOSTBYADDR_PROTO_COMPATIBLE 1
-_ACEOF
-
-fi
-
-
-
-
-{ echo "$as_me:$LINENO: checking if getservbyname is compatible with system prototype" >&5
-echo $ECHO_N "checking if getservbyname is compatible with system prototype... $ECHO_C" >&6; }
-if test "${ac_cv_func_getservbyname_proto_compat+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-
-int
-main ()
-{
-struct servent *getservbyname(const char *, const char *)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_func_getservbyname_proto_compat=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_func_getservbyname_proto_compat=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_getservbyname_proto_compat" >&5
-echo "${ECHO_T}$ac_cv_func_getservbyname_proto_compat" >&6; }
-
-if test "$ac_cv_func_getservbyname_proto_compat" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define GETSERVBYNAME_PROTO_COMPATIBLE 1
-_ACEOF
-
-fi
-
-
-
-
-{ echo "$as_me:$LINENO: checking if getsockname is compatible with system prototype" >&5
-echo $ECHO_N "checking if getsockname is compatible with system prototype... $ECHO_C" >&6; }
-if test "${ac_cv_func_getsockname_proto_compat+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-
-int
-main ()
-{
-int getsockname(int, struct sockaddr*, socklen_t*)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_func_getsockname_proto_compat=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_func_getsockname_proto_compat=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_getsockname_proto_compat" >&5
-echo "${ECHO_T}$ac_cv_func_getsockname_proto_compat" >&6; }
-
-if test "$ac_cv_func_getsockname_proto_compat" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define GETSOCKNAME_PROTO_COMPATIBLE 1
-_ACEOF
-
-fi
-
-
-
-
-{ echo "$as_me:$LINENO: checking if openlog is compatible with system prototype" >&5
-echo $ECHO_N "checking if openlog is compatible with system prototype... $ECHO_C" >&6; }
-if test "${ac_cv_func_openlog_proto_compat+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_SYSLOG_H
-#include <syslog.h>
-#endif
-
-int
-main ()
-{
-void openlog(const char *, int, int)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_func_openlog_proto_compat=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_func_openlog_proto_compat=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_openlog_proto_compat" >&5
-echo "${ECHO_T}$ac_cv_func_openlog_proto_compat" >&6; }
-
-if test "$ac_cv_func_openlog_proto_compat" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define OPENLOG_PROTO_COMPATIBLE 1
-_ACEOF
-
-fi
-
-
-
-
-if test "$ac_cv_func_crypt+set" != set -o "$ac_cv_func_crypt" = yes; then
-{ echo "$as_me:$LINENO: checking if crypt needs a prototype" >&5
-echo $ECHO_N "checking if crypt needs a prototype... $ECHO_C" >&6; }
-if test "${ac_cv_func_crypt_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_CRYPT_H
-#include <crypt.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-struct foo { int foo; } xx;
-extern int crypt (struct foo*);
-int
-main ()
-{
-crypt(&xx)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_func_crypt_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_func_crypt_noproto=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_crypt_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_crypt_noproto" >&6; }
-if test "$ac_cv_func_crypt_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_CRYPT_PROTO 1
-_ACEOF
-
-fi
-fi
-
-
-
-
-{ echo "$as_me:$LINENO: checking for h_errno" >&5
-echo $ECHO_N "checking for h_errno... $ECHO_C" >&6; }
-if test "${ac_cv_var_h_errno+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-
-	cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-	void * foo(void) { return &h_errno; }
-int
-main ()
-{
-foo()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_var_h_errno=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_var_h_errno=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-if test "$ac_cv_var_h_errno" != yes ; then
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-extern int h_errno;
-int foo(void) { return h_errno; }
-int
-main ()
-{
-foo()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_var_h_errno=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_var_h_errno=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-
-fi
-
-ac_foo=`eval echo \\$ac_cv_var_h_errno`
-{ echo "$as_me:$LINENO: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6; }
-if test "$ac_foo" = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_H_ERRNO 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: checking whether h_errno is declared" >&5
-echo $ECHO_N "checking whether h_errno is declared... $ECHO_C" >&6; }
-if test "${ac_cv_have_decl_h_errno+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-
-int
-main ()
-{
-#ifndef h_errno
-  (void) h_errno;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_have_decl_h_errno=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_have_decl_h_errno=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_h_errno" >&5
-echo "${ECHO_T}$ac_cv_have_decl_h_errno" >&6; }
-if test $ac_cv_have_decl_h_errno = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_DECL_H_ERRNO 1
-_ACEOF
-
-
-else
-  cat >>confdefs.h <<_ACEOF
-#define HAVE_DECL_H_ERRNO 0
-_ACEOF
-
-
-fi
-
-
-fi
-
-
-
-{ echo "$as_me:$LINENO: checking for h_errlist" >&5
-echo $ECHO_N "checking for h_errlist... $ECHO_C" >&6; }
-if test "${ac_cv_var_h_errlist+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-
-	cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-	void * foo(void) { return &h_errlist; }
-int
-main ()
-{
-foo()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_var_h_errlist=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_var_h_errlist=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-if test "$ac_cv_var_h_errlist" != yes ; then
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-extern int h_errlist;
-int foo(void) { return h_errlist; }
-int
-main ()
-{
-foo()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_var_h_errlist=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_var_h_errlist=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-
-fi
-
-ac_foo=`eval echo \\$ac_cv_var_h_errlist`
-{ echo "$as_me:$LINENO: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6; }
-if test "$ac_foo" = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_H_ERRLIST 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: checking whether h_errlist is declared" >&5
-echo $ECHO_N "checking whether h_errlist is declared... $ECHO_C" >&6; }
-if test "${ac_cv_have_decl_h_errlist+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-
-int
-main ()
-{
-#ifndef h_errlist
-  (void) h_errlist;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_have_decl_h_errlist=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_have_decl_h_errlist=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_h_errlist" >&5
-echo "${ECHO_T}$ac_cv_have_decl_h_errlist" >&6; }
-if test $ac_cv_have_decl_h_errlist = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_DECL_H_ERRLIST 1
-_ACEOF
-
-
-else
-  cat >>confdefs.h <<_ACEOF
-#define HAVE_DECL_H_ERRLIST 0
-_ACEOF
-
-
-fi
-
-
-fi
-
-
-
-{ echo "$as_me:$LINENO: checking for h_nerr" >&5
-echo $ECHO_N "checking for h_nerr... $ECHO_C" >&6; }
-if test "${ac_cv_var_h_nerr+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-
-	cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-	void * foo(void) { return &h_nerr; }
-int
-main ()
-{
-foo()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_var_h_nerr=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_var_h_nerr=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-if test "$ac_cv_var_h_nerr" != yes ; then
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-extern int h_nerr;
-int foo(void) { return h_nerr; }
-int
-main ()
-{
-foo()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_var_h_nerr=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_var_h_nerr=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-
-fi
-
-ac_foo=`eval echo \\$ac_cv_var_h_nerr`
-{ echo "$as_me:$LINENO: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6; }
-if test "$ac_foo" = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_H_NERR 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: checking whether h_nerr is declared" >&5
-echo $ECHO_N "checking whether h_nerr is declared... $ECHO_C" >&6; }
-if test "${ac_cv_have_decl_h_nerr+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-
-int
-main ()
-{
-#ifndef h_nerr
-  (void) h_nerr;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_have_decl_h_nerr=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_have_decl_h_nerr=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_h_nerr" >&5
-echo "${ECHO_T}$ac_cv_have_decl_h_nerr" >&6; }
-if test $ac_cv_have_decl_h_nerr = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_DECL_H_NERR 1
-_ACEOF
-
-
-else
-  cat >>confdefs.h <<_ACEOF
-#define HAVE_DECL_H_NERR 0
-_ACEOF
-
-
-fi
-
-
-fi
-
-
-
-{ echo "$as_me:$LINENO: checking for __progname" >&5
-echo $ECHO_N "checking for __progname... $ECHO_C" >&6; }
-if test "${ac_cv_var___progname+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-
-	cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#ifdef HAVE_ERR_H
-#include <err.h>
-#endif
-	void * foo(void) { return &__progname; }
-int
-main ()
-{
-foo()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_var___progname=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_var___progname=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-if test "$ac_cv_var___progname" != yes ; then
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-extern int __progname;
-int foo(void) { return __progname; }
-int
-main ()
-{
-foo()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_var___progname=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_var___progname=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-
-fi
-
-ac_foo=`eval echo \\$ac_cv_var___progname`
-{ echo "$as_me:$LINENO: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6; }
-if test "$ac_foo" = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE___PROGNAME 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: checking whether __progname is declared" >&5
-echo $ECHO_N "checking whether __progname is declared... $ECHO_C" >&6; }
-if test "${ac_cv_have_decl___progname+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#ifdef HAVE_ERR_H
-#include <err.h>
-#endif
-
-int
-main ()
-{
-#ifndef __progname
-  (void) __progname;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_have_decl___progname=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_have_decl___progname=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_have_decl___progname" >&5
-echo "${ECHO_T}$ac_cv_have_decl___progname" >&6; }
-if test $ac_cv_have_decl___progname = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_DECL___PROGNAME 1
-_ACEOF
-
-
-else
-  cat >>confdefs.h <<_ACEOF
-#define HAVE_DECL___PROGNAME 0
-_ACEOF
-
-
-fi
-
-
-fi
-
-
-{ echo "$as_me:$LINENO: checking whether optarg is declared" >&5
-echo $ECHO_N "checking whether optarg is declared... $ECHO_C" >&6; }
-if test "${ac_cv_have_decl_optarg+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-int
-main ()
-{
-#ifndef optarg
-  (void) optarg;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_have_decl_optarg=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_have_decl_optarg=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_optarg" >&5
-echo "${ECHO_T}$ac_cv_have_decl_optarg" >&6; }
-if test $ac_cv_have_decl_optarg = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_DECL_OPTARG 1
-_ACEOF
-
-
-else
-  cat >>confdefs.h <<_ACEOF
-#define HAVE_DECL_OPTARG 0
-_ACEOF
-
-
-#include <stdlib.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-fi
-{ echo "$as_me:$LINENO: checking whether optind is declared" >&5
-echo $ECHO_N "checking whether optind is declared... $ECHO_C" >&6; }
-if test "${ac_cv_have_decl_optind+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-int
-main ()
-{
-#ifndef optind
-  (void) optind;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_have_decl_optind=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_have_decl_optind=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_optind" >&5
-echo "${ECHO_T}$ac_cv_have_decl_optind" >&6; }
-if test $ac_cv_have_decl_optind = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_DECL_OPTIND 1
-_ACEOF
-
-
-else
-  cat >>confdefs.h <<_ACEOF
-#define HAVE_DECL_OPTIND 0
-_ACEOF
-
-
-#include <stdlib.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-fi
-{ echo "$as_me:$LINENO: checking whether opterr is declared" >&5
-echo $ECHO_N "checking whether opterr is declared... $ECHO_C" >&6; }
-if test "${ac_cv_have_decl_opterr+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-int
-main ()
-{
-#ifndef opterr
-  (void) opterr;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_have_decl_opterr=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_have_decl_opterr=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_opterr" >&5
-echo "${ECHO_T}$ac_cv_have_decl_opterr" >&6; }
-if test $ac_cv_have_decl_opterr = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_DECL_OPTERR 1
-_ACEOF
-
-
-else
-  cat >>confdefs.h <<_ACEOF
-#define HAVE_DECL_OPTERR 0
-_ACEOF
-
-
-#include <stdlib.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-fi
-{ echo "$as_me:$LINENO: checking whether optopt is declared" >&5
-echo $ECHO_N "checking whether optopt is declared... $ECHO_C" >&6; }
-if test "${ac_cv_have_decl_optopt+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-int
-main ()
-{
-#ifndef optopt
-  (void) optopt;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_have_decl_optopt=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_have_decl_optopt=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_optopt" >&5
-echo "${ECHO_T}$ac_cv_have_decl_optopt" >&6; }
-if test $ac_cv_have_decl_optopt = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_DECL_OPTOPT 1
-_ACEOF
-
-
-else
-  cat >>confdefs.h <<_ACEOF
-#define HAVE_DECL_OPTOPT 0
-_ACEOF
-
-
-#include <stdlib.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-fi
-{ echo "$as_me:$LINENO: checking whether environ is declared" >&5
-echo $ECHO_N "checking whether environ is declared... $ECHO_C" >&6; }
-if test "${ac_cv_have_decl_environ+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-int
-main ()
-{
-#ifndef environ
-  (void) environ;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_have_decl_environ=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_have_decl_environ=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_environ" >&5
-echo "${ECHO_T}$ac_cv_have_decl_environ" >&6; }
-if test $ac_cv_have_decl_environ = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_DECL_ENVIRON 1
-_ACEOF
-
-
-else
-  cat >>confdefs.h <<_ACEOF
-#define HAVE_DECL_ENVIRON 0
-_ACEOF
-
-
-#include <stdlib.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-fi
-
-
-
-
-
-
-{ echo "$as_me:$LINENO: checking for tm_gmtoff in struct tm" >&5
-echo $ECHO_N "checking for tm_gmtoff in struct tm... $ECHO_C" >&6; }
-if test "${ac_cv_type_struct_tm_tm_gmtoff+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <time.h>
-int
-main ()
-{
-struct tm x; memset(&x, 0, sizeof(x)); x.tm_gmtoff
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_type_struct_tm_tm_gmtoff=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_type_struct_tm_tm_gmtoff=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_tm_tm_gmtoff" >&5
-echo "${ECHO_T}$ac_cv_type_struct_tm_tm_gmtoff" >&6; }
-if test "$ac_cv_type_struct_tm_tm_gmtoff" = yes; then
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_STRUCT_TM_TM_GMTOFF 1
-_ACEOF
-
-
-fi
-
-
-
-
-{ echo "$as_me:$LINENO: checking for tm_zone in struct tm" >&5
-echo $ECHO_N "checking for tm_zone in struct tm... $ECHO_C" >&6; }
-if test "${ac_cv_type_struct_tm_tm_zone+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <time.h>
-int
-main ()
-{
-struct tm x; memset(&x, 0, sizeof(x)); x.tm_zone
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_type_struct_tm_tm_zone=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_type_struct_tm_tm_zone=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_tm_tm_zone" >&5
-echo "${ECHO_T}$ac_cv_type_struct_tm_tm_zone" >&6; }
-if test "$ac_cv_type_struct_tm_tm_zone" = yes; then
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_STRUCT_TM_TM_ZONE 1
-_ACEOF
-
-
-fi
-
-
-
-
-
-{ echo "$as_me:$LINENO: checking for timezone" >&5
-echo $ECHO_N "checking for timezone... $ECHO_C" >&6; }
-if test "${ac_cv_var_timezone+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-
-	cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <time.h>
-	void * foo(void) { return &timezone; }
-int
-main ()
-{
-foo()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_var_timezone=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_var_timezone=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-if test "$ac_cv_var_timezone" != yes ; then
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-extern int timezone;
-int foo(void) { return timezone; }
-int
-main ()
-{
-foo()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_var_timezone=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_var_timezone=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-
-fi
-
-ac_foo=`eval echo \\$ac_cv_var_timezone`
-{ echo "$as_me:$LINENO: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6; }
-if test "$ac_foo" = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_TIMEZONE 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: checking whether timezone is declared" >&5
-echo $ECHO_N "checking whether timezone is declared... $ECHO_C" >&6; }
-if test "${ac_cv_have_decl_timezone+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <time.h>
-
-int
-main ()
-{
-#ifndef timezone
-  (void) timezone;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_have_decl_timezone=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_have_decl_timezone=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_timezone" >&5
-echo "${ECHO_T}$ac_cv_have_decl_timezone" >&6; }
-if test $ac_cv_have_decl_timezone = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_DECL_TIMEZONE 1
-_ACEOF
-
-
-else
-  cat >>confdefs.h <<_ACEOF
-#define HAVE_DECL_TIMEZONE 0
-_ACEOF
-
-
-fi
-
-
-fi
-
-
-{ echo "$as_me:$LINENO: checking for altzone" >&5
-echo $ECHO_N "checking for altzone... $ECHO_C" >&6; }
-if test "${ac_cv_var_altzone+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-
-	cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <time.h>
-	void * foo(void) { return &altzone; }
-int
-main ()
-{
-foo()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_var_altzone=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_var_altzone=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-if test "$ac_cv_var_altzone" != yes ; then
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-extern int altzone;
-int foo(void) { return altzone; }
-int
-main ()
-{
-foo()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_var_altzone=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_var_altzone=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-
-fi
-
-ac_foo=`eval echo \\$ac_cv_var_altzone`
-{ echo "$as_me:$LINENO: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6; }
-if test "$ac_foo" = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_ALTZONE 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: checking whether altzone is declared" >&5
-echo $ECHO_N "checking whether altzone is declared... $ECHO_C" >&6; }
-if test "${ac_cv_have_decl_altzone+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <time.h>
-
-int
-main ()
-{
-#ifndef altzone
-  (void) altzone;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_have_decl_altzone=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_have_decl_altzone=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_altzone" >&5
-echo "${ECHO_T}$ac_cv_have_decl_altzone" >&6; }
-if test $ac_cv_have_decl_altzone = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_DECL_ALTZONE 1
-_ACEOF
-
-
-else
-  cat >>confdefs.h <<_ACEOF
-#define HAVE_DECL_ALTZONE 0
-_ACEOF
-
-
-fi
-
-
-fi
-
-
-
-
-cv=`echo "sa_family_t" | sed 'y%./+- %__p__%'`
-{ echo "$as_me:$LINENO: checking for sa_family_t" >&5
-echo $ECHO_N "checking for sa_family_t... $ECHO_C" >&6; }
-if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-
-#include <sys/types.h>
-#include <sys/socket.h>
-int
-main ()
-{
-sa_family_t foo;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_type_$cv=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_type_$cv=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-ac_foo=`eval echo \\$ac_cv_type_$cv`
-{ echo "$as_me:$LINENO: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6; }
-if test "$ac_foo" = yes; then
-  ac_tr_hdr=HAVE_`echo sa_family_t | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
-if false; then
-	{ echo "$as_me:$LINENO: checking for sa_family_t" >&5
-echo $ECHO_N "checking for sa_family_t... $ECHO_C" >&6; }
-if test "${ac_cv_type_sa_family_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-typedef sa_family_t ac__type_new_;
-int
-main ()
-{
-if ((ac__type_new_ *) 0)
-  return 0;
-if (sizeof (ac__type_new_))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_type_sa_family_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_type_sa_family_t=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_sa_family_t" >&5
-echo "${ECHO_T}$ac_cv_type_sa_family_t" >&6; }
-if test $ac_cv_type_sa_family_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_SA_FAMILY_T 1
-_ACEOF
-
-
-fi
-
-fi
-
-cat >>confdefs.h <<_ACEOF
-#define $ac_tr_hdr 1
-_ACEOF
-
-fi
-
-
-
-cv=`echo "socklen_t" | sed 'y%./+- %__p__%'`
-{ echo "$as_me:$LINENO: checking for socklen_t" >&5
-echo $ECHO_N "checking for socklen_t... $ECHO_C" >&6; }
-if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-
-#include <sys/types.h>
-#include <sys/socket.h>
-int
-main ()
-{
-socklen_t foo;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_type_$cv=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_type_$cv=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-ac_foo=`eval echo \\$ac_cv_type_$cv`
-{ echo "$as_me:$LINENO: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6; }
-if test "$ac_foo" = yes; then
-  ac_tr_hdr=HAVE_`echo socklen_t | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
-if false; then
-	{ echo "$as_me:$LINENO: checking for socklen_t" >&5
-echo $ECHO_N "checking for socklen_t... $ECHO_C" >&6; }
-if test "${ac_cv_type_socklen_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-typedef socklen_t ac__type_new_;
-int
-main ()
-{
-if ((ac__type_new_ *) 0)
-  return 0;
-if (sizeof (ac__type_new_))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_type_socklen_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_type_socklen_t=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_socklen_t" >&5
-echo "${ECHO_T}$ac_cv_type_socklen_t" >&6; }
-if test $ac_cv_type_socklen_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_SOCKLEN_T 1
-_ACEOF
-
-
-fi
-
-fi
-
-cat >>confdefs.h <<_ACEOF
-#define $ac_tr_hdr 1
-_ACEOF
-
-fi
-
-
-
-cv=`echo "struct sockaddr" | sed 'y%./+- %__p__%'`
-{ echo "$as_me:$LINENO: checking for struct sockaddr" >&5
-echo $ECHO_N "checking for struct sockaddr... $ECHO_C" >&6; }
-if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-
-#include <sys/types.h>
-#include <sys/socket.h>
-int
-main ()
-{
-struct sockaddr foo;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_type_$cv=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_type_$cv=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-ac_foo=`eval echo \\$ac_cv_type_$cv`
-{ echo "$as_me:$LINENO: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6; }
-if test "$ac_foo" = yes; then
-  ac_tr_hdr=HAVE_`echo struct sockaddr | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
-if false; then
-	{ echo "$as_me:$LINENO: checking for struct sockaddr" >&5
-echo $ECHO_N "checking for struct sockaddr... $ECHO_C" >&6; }
-if test "${ac_cv_type_struct_sockaddr+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-typedef struct sockaddr ac__type_new_;
-int
-main ()
-{
-if ((ac__type_new_ *) 0)
-  return 0;
-if (sizeof (ac__type_new_))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_type_struct_sockaddr=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_type_struct_sockaddr=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_sockaddr" >&5
-echo "${ECHO_T}$ac_cv_type_struct_sockaddr" >&6; }
-if test $ac_cv_type_struct_sockaddr = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRUCT_SOCKADDR 1
-_ACEOF
-
-
-fi
-
-fi
-
-cat >>confdefs.h <<_ACEOF
-#define $ac_tr_hdr 1
-_ACEOF
-
-fi
-
-
-
-cv=`echo "struct sockaddr_storage" | sed 'y%./+- %__p__%'`
-{ echo "$as_me:$LINENO: checking for struct sockaddr_storage" >&5
-echo $ECHO_N "checking for struct sockaddr_storage... $ECHO_C" >&6; }
-if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-
-#include <sys/types.h>
-#include <sys/socket.h>
-int
-main ()
-{
-struct sockaddr_storage foo;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_type_$cv=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_type_$cv=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-ac_foo=`eval echo \\$ac_cv_type_$cv`
-{ echo "$as_me:$LINENO: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6; }
-if test "$ac_foo" = yes; then
-  ac_tr_hdr=HAVE_`echo struct sockaddr_storage | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
-if false; then
-	{ echo "$as_me:$LINENO: checking for struct sockaddr_storage" >&5
-echo $ECHO_N "checking for struct sockaddr_storage... $ECHO_C" >&6; }
-if test "${ac_cv_type_struct_sockaddr_storage+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-typedef struct sockaddr_storage ac__type_new_;
-int
-main ()
-{
-if ((ac__type_new_ *) 0)
-  return 0;
-if (sizeof (ac__type_new_))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_type_struct_sockaddr_storage=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_type_struct_sockaddr_storage=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_sockaddr_storage" >&5
-echo "${ECHO_T}$ac_cv_type_struct_sockaddr_storage" >&6; }
-if test $ac_cv_type_struct_sockaddr_storage = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRUCT_SOCKADDR_STORAGE 1
-_ACEOF
-
-
-fi
-
-fi
-
-cat >>confdefs.h <<_ACEOF
-#define $ac_tr_hdr 1
-_ACEOF
-
-fi
-
-
-
-cv=`echo "struct addrinfo" | sed 'y%./+- %__p__%'`
-{ echo "$as_me:$LINENO: checking for struct addrinfo" >&5
-echo $ECHO_N "checking for struct addrinfo... $ECHO_C" >&6; }
-if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-
-#include <sys/types.h>
-#include <netdb.h>
-int
-main ()
-{
-struct addrinfo foo;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_type_$cv=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_type_$cv=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-ac_foo=`eval echo \\$ac_cv_type_$cv`
-{ echo "$as_me:$LINENO: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6; }
-if test "$ac_foo" = yes; then
-  ac_tr_hdr=HAVE_`echo struct addrinfo | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
-if false; then
-	{ echo "$as_me:$LINENO: checking for struct addrinfo" >&5
-echo $ECHO_N "checking for struct addrinfo... $ECHO_C" >&6; }
-if test "${ac_cv_type_struct_addrinfo+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-typedef struct addrinfo ac__type_new_;
-int
-main ()
-{
-if ((ac__type_new_ *) 0)
-  return 0;
-if (sizeof (ac__type_new_))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_type_struct_addrinfo=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_type_struct_addrinfo=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_addrinfo" >&5
-echo "${ECHO_T}$ac_cv_type_struct_addrinfo" >&6; }
-if test $ac_cv_type_struct_addrinfo = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRUCT_ADDRINFO 1
-_ACEOF
-
-
-fi
-
-fi
-
-cat >>confdefs.h <<_ACEOF
-#define $ac_tr_hdr 1
-_ACEOF
-
-fi
-
-
-
-cv=`echo "struct ifaddrs" | sed 'y%./+- %__p__%'`
-{ echo "$as_me:$LINENO: checking for struct ifaddrs" >&5
-echo $ECHO_N "checking for struct ifaddrs... $ECHO_C" >&6; }
-if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-#include <ifaddrs.h>
-int
-main ()
-{
-struct ifaddrs foo;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_type_$cv=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_type_$cv=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-ac_foo=`eval echo \\$ac_cv_type_$cv`
-{ echo "$as_me:$LINENO: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6; }
-if test "$ac_foo" = yes; then
-  ac_tr_hdr=HAVE_`echo struct ifaddrs | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
-if false; then
-	{ echo "$as_me:$LINENO: checking for struct ifaddrs" >&5
-echo $ECHO_N "checking for struct ifaddrs... $ECHO_C" >&6; }
-if test "${ac_cv_type_struct_ifaddrs+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-typedef struct ifaddrs ac__type_new_;
-int
-main ()
-{
-if ((ac__type_new_ *) 0)
-  return 0;
-if (sizeof (ac__type_new_))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_type_struct_ifaddrs=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_type_struct_ifaddrs=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_ifaddrs" >&5
-echo "${ECHO_T}$ac_cv_type_struct_ifaddrs" >&6; }
-if test $ac_cv_type_struct_ifaddrs = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRUCT_IFADDRS 1
-_ACEOF
-
-
-fi
-
-fi
-
-cat >>confdefs.h <<_ACEOF
-#define $ac_tr_hdr 1
-_ACEOF
-
-fi
-
-
-
-cv=`echo "struct iovec" | sed 'y%./+- %__p__%'`
-{ echo "$as_me:$LINENO: checking for struct iovec" >&5
-echo $ECHO_N "checking for struct iovec... $ECHO_C" >&6; }
-if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-
-#include <sys/types.h>
-#include <sys/uio.h>
-
-int
-main ()
-{
-struct iovec foo;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_type_$cv=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_type_$cv=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-ac_foo=`eval echo \\$ac_cv_type_$cv`
-{ echo "$as_me:$LINENO: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6; }
-if test "$ac_foo" = yes; then
-  ac_tr_hdr=HAVE_`echo struct iovec | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
-if false; then
-	{ echo "$as_me:$LINENO: checking for struct iovec" >&5
-echo $ECHO_N "checking for struct iovec... $ECHO_C" >&6; }
-if test "${ac_cv_type_struct_iovec+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-typedef struct iovec ac__type_new_;
-int
-main ()
-{
-if ((ac__type_new_ *) 0)
-  return 0;
-if (sizeof (ac__type_new_))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_type_struct_iovec=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_type_struct_iovec=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_iovec" >&5
-echo "${ECHO_T}$ac_cv_type_struct_iovec" >&6; }
-if test $ac_cv_type_struct_iovec = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRUCT_IOVEC 1
-_ACEOF
-
-
-fi
-
-fi
-
-cat >>confdefs.h <<_ACEOF
-#define $ac_tr_hdr 1
-_ACEOF
-
-fi
-
-
-
-cv=`echo "struct msghdr" | sed 'y%./+- %__p__%'`
-{ echo "$as_me:$LINENO: checking for struct msghdr" >&5
-echo $ECHO_N "checking for struct msghdr... $ECHO_C" >&6; }
-if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-
-#include <sys/types.h>
-#include <sys/socket.h>
-
-int
-main ()
-{
-struct msghdr foo;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_type_$cv=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_type_$cv=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-ac_foo=`eval echo \\$ac_cv_type_$cv`
-{ echo "$as_me:$LINENO: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6; }
-if test "$ac_foo" = yes; then
-  ac_tr_hdr=HAVE_`echo struct msghdr | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
-if false; then
-	{ echo "$as_me:$LINENO: checking for struct msghdr" >&5
-echo $ECHO_N "checking for struct msghdr... $ECHO_C" >&6; }
-if test "${ac_cv_type_struct_msghdr+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-typedef struct msghdr ac__type_new_;
-int
-main ()
-{
-if ((ac__type_new_ *) 0)
-  return 0;
-if (sizeof (ac__type_new_))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_type_struct_msghdr=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_type_struct_msghdr=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_msghdr" >&5
-echo "${ECHO_T}$ac_cv_type_struct_msghdr" >&6; }
-if test $ac_cv_type_struct_msghdr = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRUCT_MSGHDR 1
-_ACEOF
-
-
-fi
-
-fi
-
-cat >>confdefs.h <<_ACEOF
-#define $ac_tr_hdr 1
-_ACEOF
-
-fi
-
-
-
-
-{ echo "$as_me:$LINENO: checking for struct winsize" >&5
-echo $ECHO_N "checking for struct winsize... $ECHO_C" >&6; }
-if test "${ac_cv_struct_winsize+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-ac_cv_struct_winsize=no
-for i in sys/termios.h sys/ioctl.h; do
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <$i>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP "struct[ 	]*winsize" >/dev/null 2>&1; then
-  ac_cv_struct_winsize=yes; break
-fi
-rm -f conftest*
-done
-
-fi
-
-if test "$ac_cv_struct_winsize" = "yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_STRUCT_WINSIZE 1
-_ACEOF
-
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_struct_winsize" >&5
-echo "${ECHO_T}$ac_cv_struct_winsize" >&6; }
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <termios.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP "ws_xpixel" >/dev/null 2>&1; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_WS_XPIXEL 1
-_ACEOF
-
-fi
-rm -f conftest*
-
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <termios.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP "ws_ypixel" >/dev/null 2>&1; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_WS_YPIXEL 1
-_ACEOF
-
-fi
-rm -f conftest*
-
-
-
-
-
-{ echo "$as_me:$LINENO: checking for struct spwd" >&5
-echo $ECHO_N "checking for struct spwd... $ECHO_C" >&6; }
-if test "${ac_cv_struct_spwd+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#include <pwd.h>
-#ifdef HAVE_SHADOW_H
-#include <shadow.h>
-#endif
-int
-main ()
-{
-struct spwd foo;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_struct_spwd=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_struct_spwd=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-
-fi
-
-{ echo "$as_me:$LINENO: result: $ac_cv_struct_spwd" >&5
-echo "${ECHO_T}$ac_cv_struct_spwd" >&6; }
-
-if test "$ac_cv_struct_spwd" = "yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_STRUCT_SPWD 1
-_ACEOF
-
-fi
-
-
-#
-# Check if we want samba's socket wrapper
-#
-
-
-
-# Check whether --enable-socket-wrapper was given.
-if test "${enable_socket_wrapper+set}" = set; then
-  enableval=$enable_socket_wrapper;
-fi
-
-
- if test "x$enable_socket_wrapper" = xyes; then
-  have_socket_wrapper_TRUE=
-  have_socket_wrapper_FALSE='#'
-else
-  have_socket_wrapper_TRUE='#'
-  have_socket_wrapper_FALSE=
-fi
-
-if test "x$enable_socket_wrapper" = xyes ; then
-
-cat >>confdefs.h <<\_ACEOF
-#define SOCKET_WRAPPER_REPLACE 1
-_ACEOF
-
-fi
-
-
-
-
-LIB_roken="${LIB_roken} \$(LIB_crypt) \$(LIB_dbopen)"
-
-
-LIBADD_roken="$LIB_roken"
-LIB_roken="\$(top_builddir)/lib/vers/libvers.la $LIB_roken"
-
-
-# Check whether --enable-otp was given.
-if test "${enable_otp+set}" = set; then
-  enableval=$enable_otp;
-fi
-
-if test "$enable_otp" = yes -a "$db_type" = unknown; then
-	{ { echo "$as_me:$LINENO: error: OTP requires a NDBM/DB compatible library" >&5
-echo "$as_me: error: OTP requires a NDBM/DB compatible library" >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test "$enable_otp" != no; then
-	if test "$db_type" != unknown; then
-		enable_otp=yes
-	else
-		enable_otp=no
-	fi
-fi
-if test "$enable_otp" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define OTP 1
-_ACEOF
-
-	LIB_otp='$(top_builddir)/lib/otp/libotp.la'
-
-fi
-{ echo "$as_me:$LINENO: checking whether to enable OTP library" >&5
-echo $ECHO_N "checking whether to enable OTP library... $ECHO_C" >&6; }
-{ echo "$as_me:$LINENO: result: $enable_otp" >&5
-echo "${ECHO_T}$enable_otp" >&6; }
- if test "$enable_otp" = yes; then
-  OTP_TRUE=
-  OTP_FALSE='#'
-else
-  OTP_TRUE='#'
-  OTP_FALSE=
-fi
-
-
-
-# Check whether --enable-osfc2 was given.
-if test "${enable_osfc2+set}" = set; then
-  enableval=$enable_osfc2;
-fi
-
-LIB_security=
-if test "$enable_osfc2" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_OSFC2 1
-_ACEOF
-
-	LIB_security=-lsecurity
-fi
-
-
-
-# Check whether --enable-mmap was given.
-if test "${enable_mmap+set}" = set; then
-  enableval=$enable_mmap;
-fi
-
-if test "$enable_mmap" = "no"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NO_MMAP 1
-_ACEOF
-
-fi
-
-# Check whether --enable-afs-string-to-key was given.
-if test "${enable_afs_string_to_key+set}" = set; then
-  enableval=$enable_afs_string_to_key;
-else
-  enable_afs_string_to_key=yes
-fi
-
-
-if test "$enable_afs_string_to_key" = "yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define ENABLE_AFS_STRING_TO_KEY 1
-_ACEOF
-
-fi
-
-
-# Extract the first word of "nroff", so it can be a program name with args.
-set dummy nroff; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_path_NROFF+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  case $NROFF in
-  [\\/]* | ?:[\\/]*)
-  ac_cv_path_NROFF="$NROFF" # Let the user override the test with a path.
-  ;;
-  *)
-  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-    ac_cv_path_NROFF="$as_dir/$ac_word$ac_exec_ext"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-IFS=$as_save_IFS
-
-  ;;
-esac
-fi
-NROFF=$ac_cv_path_NROFF
-if test -n "$NROFF"; then
-  { echo "$as_me:$LINENO: result: $NROFF" >&5
-echo "${ECHO_T}$NROFF" >&6; }
-else
-  { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-
-
-# Extract the first word of "groff", so it can be a program name with args.
-set dummy groff; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_path_GROFF+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  case $GROFF in
-  [\\/]* | ?:[\\/]*)
-  ac_cv_path_GROFF="$GROFF" # Let the user override the test with a path.
-  ;;
-  *)
-  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-    ac_cv_path_GROFF="$as_dir/$ac_word$ac_exec_ext"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-IFS=$as_save_IFS
-
-  ;;
-esac
-fi
-GROFF=$ac_cv_path_GROFF
-if test -n "$GROFF"; then
-  { echo "$as_me:$LINENO: result: $GROFF" >&5
-echo "${ECHO_T}$GROFF" >&6; }
-else
-  { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-
-
-{ echo "$as_me:$LINENO: checking how to format man pages" >&5
-echo $ECHO_N "checking how to format man pages... $ECHO_C" >&6; }
-if test "${ac_cv_sys_man_format+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat > conftest.1 << END
-.Dd January 1, 1970
-.Dt CONFTEST 1
-.Sh NAME
-.Nm conftest
-.Nd
-foobar
-END
-
-if test "$NROFF" ; then
-	for i in "-mdoc" "-mandoc"; do
-		if "$NROFF" $i conftest.1 2> /dev/null | \
-			grep Jan > /dev/null 2>&1 ; then
-			ac_cv_sys_man_format="$NROFF $i"
-			break
-		fi
-	done
-fi
-if test "$ac_cv_sys_man_format" = "" -a "$GROFF" ; then
-	for i in "-mdoc" "-mandoc"; do
-		if "$GROFF" -Tascii $i conftest.1 2> /dev/null | \
-			grep Jan > /dev/null 2>&1 ; then
-			ac_cv_sys_man_format="$GROFF -Tascii $i"
-			break
-		fi
-	done
-fi
-if test "$ac_cv_sys_man_format"; then
-	ac_cv_sys_man_format="$ac_cv_sys_man_format \$< > \$@"
-fi
-
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_sys_man_format" >&5
-echo "${ECHO_T}$ac_cv_sys_man_format" >&6; }
-if test "$ac_cv_sys_man_format"; then
-	CATMAN="$ac_cv_sys_man_format"
-
-fi
- if test "$CATMAN"; then
-  CATMAN_TRUE=
-  CATMAN_FALSE='#'
-else
-  CATMAN_TRUE='#'
-  CATMAN_FALSE=
-fi
-
-{ echo "$as_me:$LINENO: checking extension of pre-formatted manual pages" >&5
-echo $ECHO_N "checking extension of pre-formatted manual pages... $ECHO_C" >&6; }
-if test "${ac_cv_sys_catman_ext+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if grep _suffix /etc/man.conf > /dev/null 2>&1; then
-	ac_cv_sys_catman_ext=0
-else
-	ac_cv_sys_catman_ext=number
-fi
-
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_sys_catman_ext" >&5
-echo "${ECHO_T}$ac_cv_sys_catman_ext" >&6; }
-if test "$ac_cv_sys_catman_ext" = number; then
-	CATMANEXT='$$section'
-else
-	CATMANEXT=0
-fi
-
-
-
-
-
-# Check whether --with-readline was given.
-if test "${with_readline+set}" = set; then
-  withval=$with_readline;
-fi
-
-
-# Check whether --with-readline-lib was given.
-if test "${with_readline_lib+set}" = set; then
-  withval=$with_readline_lib; if test "$withval" = "yes" -o "$withval" = "no"; then
-  { { echo "$as_me:$LINENO: error: No argument for --with-readline-lib" >&5
-echo "$as_me: error: No argument for --with-readline-lib" >&2;}
-   { (exit 1); exit 1; }; }
-elif test "X$with_readline" = "X"; then
-  with_readline=yes
-fi
-fi
-
-
-# Check whether --with-readline-include was given.
-if test "${with_readline_include+set}" = set; then
-  withval=$with_readline_include; if test "$withval" = "yes" -o "$withval" = "no"; then
-  { { echo "$as_me:$LINENO: error: No argument for --with-readline-include" >&5
-echo "$as_me: error: No argument for --with-readline-include" >&2;}
-   { (exit 1); exit 1; }; }
-elif test "X$with_readline" = "X"; then
-  with_readline=yes
-fi
-fi
-
-
-# Check whether --with-readline-config was given.
-if test "${with_readline_config+set}" = set; then
-  withval=$with_readline_config;
-fi
-
-
-
-
-{ echo "$as_me:$LINENO: checking for readline" >&5
-echo $ECHO_N "checking for readline... $ECHO_C" >&6; }
-
-case "$with_readline" in
-yes|"") d='' ;;
-no)	d= ;;
-*)	d="$with_readline" ;;
-esac
-
-header_dirs=
-lib_dirs=
-for i in $d; do
-	if test "$with_readline_include" = ""; then
-		if test -d "$i/include/readline"; then
-			header_dirs="$header_dirs $i/include/readline"
-		fi
-		if test -d "$i/include"; then
-			header_dirs="$header_dirs $i/include"
-		fi
-	fi
-	if test "$with_readline_lib" = ""; then
-		if test -d "$i/lib$abilibdirext"; then
-			lib_dirs="$lib_dirs $i/lib$abilibdirext"
-		fi
-	fi
-done
-
-if test "$with_readline_include"; then
-	header_dirs="$with_readline_include $header_dirs"
-fi
-if test "$with_readline_lib"; then
-	lib_dirs="$with_readline_lib $lib_dirs"
-fi
-
-if test "$with_readline_config" = ""; then
-	with_readline_config=''
-fi
-
-readline_cflags=
-readline_libs=
-
-case "$with_readline_config" in
-yes|no|""|"")
-	if test -f $with_readline/bin/ ; then
-		with_readline_config=$with_readline/bin/
-	fi
-	;;
-esac
-
-case "$with_readline_config" in
-yes|no|"")
-	;;
-*)
-	readline_cflags="`$with_readline_config --cflags 2>&1`"
-	readline_libs="`$with_readline_config --libs 2>&1`"
-	;;
-esac
-
-found=no
-if test "$with_readline" != no; then
-	save_CFLAGS="$CFLAGS"
-	save_LIBS="$LIBS"
-	if test "$readline_cflags" -a "$readline_libs"; then
-		CFLAGS="$readline_cflags $save_CFLAGS"
-		LIBS="$readline_libs $save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <stdio.h>
- #include <readline.h>
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-
-			INCLUDE_readline="$readline_cflags"
-			LIB_readline="$readline_libs"
-			{ echo "$as_me:$LINENO: result: from $with_readline_config" >&5
-echo "${ECHO_T}from $with_readline_config" >&6; }
-			found=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-	fi
-	if test "$found" = no; then
-		ires= lres=
-		for i in $header_dirs; do
-			CFLAGS="-I$i $save_CFLAGS"
-			cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <stdio.h>
- #include <readline.h>
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ires=$i;break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-		done
-		for i in $lib_dirs; do
-			LIBS="-L$i -lreadline  $save_LIBS"
-			cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <stdio.h>
- #include <readline.h>
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  lres=$i;break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-		done
-		if test "$ires" -a "$lres" -a "$with_readline" != "no"; then
-			INCLUDE_readline="-I$ires"
-			LIB_readline="-L$lres -lreadline "
-			found=yes
-			{ echo "$as_me:$LINENO: result: headers $ires, libraries $lres" >&5
-echo "${ECHO_T}headers $ires, libraries $lres" >&6; }
-		fi
-	fi
-	CFLAGS="$save_CFLAGS"
-	LIBS="$save_LIBS"
-fi
-
-if test "$found" = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define READLINE 1
-_ACEOF
-
-	with_readline=yes
-else
-	with_readline=no
-	INCLUDE_readline=
-	LIB_readline=
-	{ echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-
-
-
-
-
-
-
-# Check whether --with-hesiod was given.
-if test "${with_hesiod+set}" = set; then
-  withval=$with_hesiod;
-fi
-
-
-# Check whether --with-hesiod-lib was given.
-if test "${with_hesiod_lib+set}" = set; then
-  withval=$with_hesiod_lib; if test "$withval" = "yes" -o "$withval" = "no"; then
-  { { echo "$as_me:$LINENO: error: No argument for --with-hesiod-lib" >&5
-echo "$as_me: error: No argument for --with-hesiod-lib" >&2;}
-   { (exit 1); exit 1; }; }
-elif test "X$with_hesiod" = "X"; then
-  with_hesiod=yes
-fi
-fi
-
-
-# Check whether --with-hesiod-include was given.
-if test "${with_hesiod_include+set}" = set; then
-  withval=$with_hesiod_include; if test "$withval" = "yes" -o "$withval" = "no"; then
-  { { echo "$as_me:$LINENO: error: No argument for --with-hesiod-include" >&5
-echo "$as_me: error: No argument for --with-hesiod-include" >&2;}
-   { (exit 1); exit 1; }; }
-elif test "X$with_hesiod" = "X"; then
-  with_hesiod=yes
-fi
-fi
-
-
-# Check whether --with-hesiod-config was given.
-if test "${with_hesiod_config+set}" = set; then
-  withval=$with_hesiod_config;
-fi
-
-
-
-
-{ echo "$as_me:$LINENO: checking for hesiod" >&5
-echo $ECHO_N "checking for hesiod... $ECHO_C" >&6; }
-
-case "$with_hesiod" in
-yes|"") d='' ;;
-no)	d= ;;
-*)	d="$with_hesiod" ;;
-esac
-
-header_dirs=
-lib_dirs=
-for i in $d; do
-	if test "$with_hesiod_include" = ""; then
-		if test -d "$i/include/hesiod"; then
-			header_dirs="$header_dirs $i/include/hesiod"
-		fi
-		if test -d "$i/include"; then
-			header_dirs="$header_dirs $i/include"
-		fi
-	fi
-	if test "$with_hesiod_lib" = ""; then
-		if test -d "$i/lib$abilibdirext"; then
-			lib_dirs="$lib_dirs $i/lib$abilibdirext"
-		fi
-	fi
-done
-
-if test "$with_hesiod_include"; then
-	header_dirs="$with_hesiod_include $header_dirs"
-fi
-if test "$with_hesiod_lib"; then
-	lib_dirs="$with_hesiod_lib $lib_dirs"
-fi
-
-if test "$with_hesiod_config" = ""; then
-	with_hesiod_config=''
-fi
-
-hesiod_cflags=
-hesiod_libs=
-
-case "$with_hesiod_config" in
-yes|no|""|"")
-	if test -f $with_hesiod/bin/ ; then
-		with_hesiod_config=$with_hesiod/bin/
-	fi
-	;;
-esac
-
-case "$with_hesiod_config" in
-yes|no|"")
-	;;
-*)
-	hesiod_cflags="`$with_hesiod_config --cflags 2>&1`"
-	hesiod_libs="`$with_hesiod_config --libs 2>&1`"
-	;;
-esac
-
-found=no
-if test "$with_hesiod" != no; then
-	save_CFLAGS="$CFLAGS"
-	save_LIBS="$LIBS"
-	if test "$hesiod_cflags" -a "$hesiod_libs"; then
-		CFLAGS="$hesiod_cflags $save_CFLAGS"
-		LIBS="$hesiod_libs $save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <hesiod.h>
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-
-			INCLUDE_hesiod="$hesiod_cflags"
-			LIB_hesiod="$hesiod_libs"
-			{ echo "$as_me:$LINENO: result: from $with_hesiod_config" >&5
-echo "${ECHO_T}from $with_hesiod_config" >&6; }
-			found=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-	fi
-	if test "$found" = no; then
-		ires= lres=
-		for i in $header_dirs; do
-			CFLAGS="-I$i $save_CFLAGS"
-			cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <hesiod.h>
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ires=$i;break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-		done
-		for i in $lib_dirs; do
-			LIBS="-L$i -lhesiod  $save_LIBS"
-			cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <hesiod.h>
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  lres=$i;break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-		done
-		if test "$ires" -a "$lres" -a "$with_hesiod" != "no"; then
-			INCLUDE_hesiod="-I$ires"
-			LIB_hesiod="-L$lres -lhesiod "
-			found=yes
-			{ echo "$as_me:$LINENO: result: headers $ires, libraries $lres" >&5
-echo "${ECHO_T}headers $ires, libraries $lres" >&6; }
-		fi
-	fi
-	CFLAGS="$save_CFLAGS"
-	LIBS="$save_LIBS"
-fi
-
-if test "$found" = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HESIOD 1
-_ACEOF
-
-	with_hesiod=yes
-else
-	with_hesiod=no
-	INCLUDE_hesiod=
-	LIB_hesiod=
-	{ echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-
-
-
-
-
-
-# Check whether --enable-bigendian was given.
-if test "${enable_bigendian+set}" = set; then
-  enableval=$enable_bigendian; krb_cv_c_bigendian=yes
-fi
-
-# Check whether --enable-littleendian was given.
-if test "${enable_littleendian+set}" = set; then
-  enableval=$enable_littleendian; krb_cv_c_bigendian=no
-fi
-
-{ echo "$as_me:$LINENO: checking whether byte order is known at compile time" >&5
-echo $ECHO_N "checking whether byte order is known at compile time... $ECHO_C" >&6; }
-if test "${krb_cv_c_bigendian_compile+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#include <sys/types.h>
-#include <sys/param.h>
-#if !BYTE_ORDER || !BIG_ENDIAN || !LITTLE_ENDIAN
- bogus endian macros
-#endif
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  krb_cv_c_bigendian_compile=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	krb_cv_c_bigendian_compile=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $krb_cv_c_bigendian_compile" >&5
-echo "${ECHO_T}$krb_cv_c_bigendian_compile" >&6; }
-{ echo "$as_me:$LINENO: checking whether byte ordering is bigendian" >&5
-echo $ECHO_N "checking whether byte ordering is bigendian... $ECHO_C" >&6; }
-if test "${krb_cv_c_bigendian+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-  if test "$krb_cv_c_bigendian_compile" = "yes"; then
-    cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#include <sys/types.h>
-#include <sys/param.h>
-#if BYTE_ORDER != BIG_ENDIAN
-  not big endian
-#endif
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  krb_cv_c_bigendian=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	krb_cv_c_bigendian=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-  else
-    if test "$cross_compiling" = yes; then
-  { { echo "$as_me:$LINENO: error: specify either --enable-bigendian or --enable-littleendian" >&5
-echo "$as_me: error: specify either --enable-bigendian or --enable-littleendian" >&2;}
-   { (exit 1); exit 1; }; }
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-main (int argc, char **argv) {
-      /* Are we little or big endian?  From Harbison&Steele.  */
-      union
-      {
-	long l;
-	char c[sizeof (long)];
-    } u;
-    u.l = 1;
-    exit (u.c[sizeof (long) - 1] == 1);
-  }
-_ACEOF
-rm -f conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_try") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  krb_cv_c_bigendian=no
-else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-( exit $ac_status )
-krb_cv_c_bigendian=yes
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-
-
-  fi
-
-fi
-{ echo "$as_me:$LINENO: result: $krb_cv_c_bigendian" >&5
-echo "${ECHO_T}$krb_cv_c_bigendian" >&6; }
-if test "$krb_cv_c_bigendian" = "yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define WORDS_BIGENDIAN 1
-_ACEOF
-fi
-if test "$krb_cv_c_bigendian_compile" = "yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define ENDIANESS_IN_SYS_PARAM_H 1
-_ACEOF
-fi
-
-
-
-{ echo "$as_me:$LINENO: checking for inline" >&5
-echo $ECHO_N "checking for inline... $ECHO_C" >&6; }
-if test "${ac_cv_c_inline+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_cv_c_inline=no
-for ac_kw in inline __inline__ __inline; do
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#ifndef __cplusplus
-typedef int foo_t;
-static $ac_kw foo_t static_foo () {return 0; }
-$ac_kw foo_t foo () {return 0; }
-#endif
-
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_c_inline=$ac_kw
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-  test "$ac_cv_c_inline" != no && break
-done
-
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_c_inline" >&5
-echo "${ECHO_T}$ac_cv_c_inline" >&6; }
-
-
-case $ac_cv_c_inline in
-  inline | yes) ;;
-  *)
-    case $ac_cv_c_inline in
-      no) ac_val=;;
-      *) ac_val=$ac_cv_c_inline;;
-    esac
-    cat >>confdefs.h <<_ACEOF
-#ifndef __cplusplus
-#define inline $ac_val
-#endif
-_ACEOF
-    ;;
-esac
-
-
-
-
-
-
-{ echo "$as_me:$LINENO: checking for dlopen" >&5
-echo $ECHO_N "checking for dlopen... $ECHO_C" >&6; }
-if test "${ac_cv_funclib_dlopen+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_dlopen\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" dl; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-int
-main ()
-{
-dlopen(0,0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_dlopen=$ac_lib; else ac_cv_funclib_dlopen=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_dlopen=\${ac_cv_funclib_dlopen-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_dlopen"
-
-if false; then
-
-for ac_func in dlopen
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# dlopen
-eval "ac_tr_func=HAVE_`echo dlopen | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_dlopen=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_dlopen=yes"
-	eval "LIB_dlopen="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-	;;
-	no)
-	eval "ac_cv_func_dlopen=no"
-	eval "LIB_dlopen="
-	{ echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-	;;
-	*)
-	eval "ac_cv_func_dlopen=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6; }
-	;;
-esac
-
-
-	 if test "$ac_cv_funclib_dlopen" != no; then
-  HAVE_DLOPEN_TRUE=
-  HAVE_DLOPEN_FALSE='#'
-else
-  HAVE_DLOPEN_TRUE='#'
-  HAVE_DLOPEN_FALSE=
-fi
-
-
-
-
-aix=no
-case "$host" in
-*-*-aix3*)
-	aix=3
-	;;
-*-*-aix4*|*-*-aix5*)
-	aix=4
-	;;
-esac
-
- if test "$aix" != no; then
-  AIX_TRUE=
-  AIX_FALSE='#'
-else
-  AIX_TRUE='#'
-  AIX_FALSE=
-fi
- if test "$aix" = 4; then
-  AIX4_TRUE=
-  AIX4_FALSE='#'
-else
-  AIX4_TRUE='#'
-  AIX4_FALSE=
-fi
-
-
-
-# Check whether --enable-dynamic-afs was given.
-if test "${enable_dynamic_afs+set}" = set; then
-  enableval=$enable_dynamic_afs;
-fi
-
-
-if test "$aix" != no; then
-	if test "$enable_dynamic_afs" != no; then
-
-		if test "$ac_cv_func_dlopen" = no; then
-
-
-
-{ echo "$as_me:$LINENO: checking for loadquery" >&5
-echo $ECHO_N "checking for loadquery... $ECHO_C" >&6; }
-if test "${ac_cv_funclib_loadquery+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_loadquery\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" ld; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-int
-main ()
-{
-loadquery()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_loadquery=$ac_lib; else ac_cv_funclib_loadquery=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_loadquery=\${ac_cv_funclib_loadquery-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_loadquery"
-
-if false; then
-
-for ac_func in loadquery
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# loadquery
-eval "ac_tr_func=HAVE_`echo loadquery | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_loadquery=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_loadquery=yes"
-	eval "LIB_loadquery="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-	;;
-	no)
-	eval "ac_cv_func_loadquery=no"
-	eval "LIB_loadquery="
-	{ echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-	;;
-	*)
-	eval "ac_cv_func_loadquery=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6; }
-	;;
-esac
-
-
-		fi
-		if test "$ac_cv_func_dlopen" != no; then
-			AIX_EXTRA_KAFS='$(LIB_dlopen)'
-		elif test "$ac_cv_func_loadquery" != no; then
-			AIX_EXTRA_KAFS='$(LIB_loadquery)'
-		else
-			{ echo "$as_me:$LINENO: not using dynloaded AFS library" >&5
-echo "$as_me: not using dynloaded AFS library" >&6;}
-			AIX_EXTRA_KAFS=
-			enable_dynamic_afs=no
-		fi
-	else
-		AIX_EXTRA_KAFS=
-	fi
-fi
-
- if test "$enable_dynamic_afs" != no; then
-  AIX_DYNAMIC_AFS_TRUE=
-  AIX_DYNAMIC_AFS_FALSE='#'
-else
-  AIX_DYNAMIC_AFS_TRUE='#'
-  AIX_DYNAMIC_AFS_FALSE=
-fi
-
-
-
-
-
-
-irix=no
-case "$host" in
-*-*-irix4*)
-
-cat >>confdefs.h <<\_ACEOF
-#define IRIX4 1
-_ACEOF
-
-	irix=yes
-	;;
-*-*-irix*)
-	irix=yes
-	;;
-esac
- if test "$irix" != no; then
-  IRIX_TRUE=
-  IRIX_FALSE='#'
-else
-  IRIX_TRUE='#'
-  IRIX_FALSE=
-fi
-
-
-
-
-
-sunos=no
-case "$host" in
-*-*-sunos4*)
-	sunos=40
-	;;
-*-*-solaris2.7)
-	sunos=57
-	;;
-*-*-solaris2.[89] | *-*-solaris2.10)
-	sunos=58
-	;;
-*-*-solaris2*)
-	sunos=50
-	;;
-esac
-if test "$sunos" != no; then
-
-cat >>confdefs.h <<_ACEOF
-#define SunOS $sunos
-_ACEOF
-
-fi
-
-
-{ echo "$as_me:$LINENO: checking for X" >&5
-echo $ECHO_N "checking for X... $ECHO_C" >&6; }
-
-
-# Check whether --with-x was given.
-if test "${with_x+set}" = set; then
-  withval=$with_x;
-fi
-
-# $have_x is `yes', `no', `disabled', or empty when we do not yet know.
-if test "x$with_x" = xno; then
-  # The user explicitly disabled X.
-  have_x=disabled
-else
-  case $x_includes,$x_libraries in #(
-    *\'*) { { echo "$as_me:$LINENO: error: Cannot use X directory names containing '" >&5
-echo "$as_me: error: Cannot use X directory names containing '" >&2;}
-   { (exit 1); exit 1; }; };; #(
-    *,NONE | NONE,*) if test "${ac_cv_have_x+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  # One or both of the vars are not set, and there is no cached value.
-ac_x_includes=no ac_x_libraries=no
-rm -f -r conftest.dir
-if mkdir conftest.dir; then
-  cd conftest.dir
-  cat >Imakefile <<'_ACEOF'
-incroot:
-	@echo incroot='${INCROOT}'
-usrlibdir:
-	@echo usrlibdir='${USRLIBDIR}'
-libdir:
-	@echo libdir='${LIBDIR}'
-_ACEOF
-  if (export CC; ${XMKMF-xmkmf}) >/dev/null 2>/dev/null && test -f Makefile; then
-    # GNU make sometimes prints "make[1]: Entering...", which would confuse us.
-    for ac_var in incroot usrlibdir libdir; do
-      eval "ac_im_$ac_var=\`\${MAKE-make} $ac_var 2>/dev/null | sed -n 's/^$ac_var=//p'\`"
-    done
-    # Open Windows xmkmf reportedly sets LIBDIR instead of USRLIBDIR.
-    for ac_extension in a so sl; do
-      if test ! -f "$ac_im_usrlibdir/libX11.$ac_extension" &&
-	 test -f "$ac_im_libdir/libX11.$ac_extension"; then
-	ac_im_usrlibdir=$ac_im_libdir; break
-      fi
-    done
-    # Screen out bogus values from the imake configuration.  They are
-    # bogus both because they are the default anyway, and because
-    # using them would break gcc on systems where it needs fixed includes.
-    case $ac_im_incroot in
-	/usr/include) ac_x_includes= ;;
-	*) test -f "$ac_im_incroot/X11/Xos.h" && ac_x_includes=$ac_im_incroot;;
-    esac
-    case $ac_im_usrlibdir in
-	/usr/lib | /lib) ;;
-	*) test -d "$ac_im_usrlibdir" && ac_x_libraries=$ac_im_usrlibdir ;;
-    esac
-  fi
-  cd ..
-  rm -f -r conftest.dir
-fi
-
-# Standard set of common directories for X headers.
-# Check X11 before X11Rn because it is often a symlink to the current release.
-ac_x_header_dirs='
-/usr/X11/include
-/usr/X11R6/include
-/usr/X11R5/include
-/usr/X11R4/include
-
-/usr/include/X11
-/usr/include/X11R6
-/usr/include/X11R5
-/usr/include/X11R4
-
-/usr/local/X11/include
-/usr/local/X11R6/include
-/usr/local/X11R5/include
-/usr/local/X11R4/include
-
-/usr/local/include/X11
-/usr/local/include/X11R6
-/usr/local/include/X11R5
-/usr/local/include/X11R4
-
-/usr/X386/include
-/usr/x386/include
-/usr/XFree86/include/X11
-
-/usr/include
-/usr/local/include
-/usr/unsupported/include
-/usr/athena/include
-/usr/local/x11r5/include
-/usr/lpp/Xamples/include
-
-/usr/openwin/include
-/usr/openwin/share/include'
-
-if test "$ac_x_includes" = no; then
-  # Guess where to find include files, by looking for Xlib.h.
-  # First, try using that file with no special directory specified.
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <X11/Xlib.h>
-_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null && {
-	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       }; then
-  # We can compile using X headers with no special include directory.
-ac_x_includes=
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-  for ac_dir in $ac_x_header_dirs; do
-  if test -r "$ac_dir/X11/Xlib.h"; then
-    ac_x_includes=$ac_dir
-    break
-  fi
-done
-fi
-
-rm -f conftest.err conftest.$ac_ext
-fi # $ac_x_includes = no
-
-if test "$ac_x_libraries" = no; then
-  # Check for the libraries.
-  # See if we find them without any special options.
-  # Don't add to $LIBS permanently.
-  ac_save_LIBS=$LIBS
-  LIBS="-lX11 $LIBS"
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <X11/Xlib.h>
-int
-main ()
-{
-XrmInitialize ()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  LIBS=$ac_save_LIBS
-# We can link X programs with no special library path.
-ac_x_libraries=
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	LIBS=$ac_save_LIBS
-for ac_dir in `echo "$ac_x_includes $ac_x_header_dirs" | sed s/include/lib/g`
-do
-  # Don't even attempt the hair of trying to link an X program!
-  for ac_extension in a so sl; do
-    if test -r "$ac_dir/libX11.$ac_extension"; then
-      ac_x_libraries=$ac_dir
-      break 2
-    fi
-  done
-done
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi # $ac_x_libraries = no
-
-case $ac_x_includes,$ac_x_libraries in #(
-  no,* | *,no | *\'*)
-    # Didn't find X, or a directory has "'" in its name.
-    ac_cv_have_x="have_x=no";; #(
-  *)
-    # Record where we found X for the cache.
-    ac_cv_have_x="have_x=yes\
-	ac_x_includes='$ac_x_includes'\
-	ac_x_libraries='$ac_x_libraries'"
-esac
-fi
-;; #(
-    *) have_x=yes;;
-  esac
-  eval "$ac_cv_have_x"
-fi # $with_x != no
-
-if test "$have_x" != yes; then
-  { echo "$as_me:$LINENO: result: $have_x" >&5
-echo "${ECHO_T}$have_x" >&6; }
-  no_x=yes
-else
-  # If each of the values was on the command line, it overrides each guess.
-  test "x$x_includes" = xNONE && x_includes=$ac_x_includes
-  test "x$x_libraries" = xNONE && x_libraries=$ac_x_libraries
-  # Update the cache value to reflect the command line values.
-  ac_cv_have_x="have_x=yes\
-	ac_x_includes='$x_includes'\
-	ac_x_libraries='$x_libraries'"
-  { echo "$as_me:$LINENO: result: libraries $x_libraries, headers $x_includes" >&5
-echo "${ECHO_T}libraries $x_libraries, headers $x_includes" >&6; }
-fi
-
-
-if test "$no_x" = yes; then
-  # Not all programs may use this symbol, but it does not hurt to define it.
-
-cat >>confdefs.h <<\_ACEOF
-#define X_DISPLAY_MISSING 1
-_ACEOF
-
-  X_CFLAGS= X_PRE_LIBS= X_LIBS= X_EXTRA_LIBS=
-else
-  if test -n "$x_includes"; then
-    X_CFLAGS="$X_CFLAGS -I$x_includes"
-  fi
-
-  # It would also be nice to do this for all -L options, not just this one.
-  if test -n "$x_libraries"; then
-    X_LIBS="$X_LIBS -L$x_libraries"
-    # For Solaris; some versions of Sun CC require a space after -R and
-    # others require no space.  Words are not sufficient . . . .
-    { echo "$as_me:$LINENO: checking whether -R must be followed by a space" >&5
-echo $ECHO_N "checking whether -R must be followed by a space... $ECHO_C" >&6; }
-    ac_xsave_LIBS=$LIBS; LIBS="$LIBS -R$x_libraries"
-    ac_xsave_c_werror_flag=$ac_c_werror_flag
-    ac_c_werror_flag=yes
-    cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-       X_LIBS="$X_LIBS -R$x_libraries"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	LIBS="$ac_xsave_LIBS -R $x_libraries"
-       cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  { echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-	  X_LIBS="$X_LIBS -R $x_libraries"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	{ echo "$as_me:$LINENO: result: neither works" >&5
-echo "${ECHO_T}neither works" >&6; }
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-    ac_c_werror_flag=$ac_xsave_c_werror_flag
-    LIBS=$ac_xsave_LIBS
-  fi
-
-  # Check for system-dependent libraries X programs must link with.
-  # Do this before checking for the system-independent R6 libraries
-  # (-lICE), since we may need -lsocket or whatever for X linking.
-
-  if test "$ISC" = yes; then
-    X_EXTRA_LIBS="$X_EXTRA_LIBS -lnsl_s -linet"
-  else
-    # Martyn Johnson says this is needed for Ultrix, if the X
-    # libraries were built with DECnet support.  And Karl Berry says
-    # the Alpha needs dnet_stub (dnet does not exist).
-    ac_xsave_LIBS="$LIBS"; LIBS="$LIBS $X_LIBS -lX11"
-    cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char XOpenDisplay ();
-int
-main ()
-{
-return XOpenDisplay ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  :
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	{ echo "$as_me:$LINENO: checking for dnet_ntoa in -ldnet" >&5
-echo $ECHO_N "checking for dnet_ntoa in -ldnet... $ECHO_C" >&6; }
-if test "${ac_cv_lib_dnet_dnet_ntoa+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldnet  $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char dnet_ntoa ();
-int
-main ()
-{
-return dnet_ntoa ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_lib_dnet_dnet_ntoa=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_lib_dnet_dnet_ntoa=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_lib_dnet_dnet_ntoa" >&5
-echo "${ECHO_T}$ac_cv_lib_dnet_dnet_ntoa" >&6; }
-if test $ac_cv_lib_dnet_dnet_ntoa = yes; then
-  X_EXTRA_LIBS="$X_EXTRA_LIBS -ldnet"
-fi
-
-    if test $ac_cv_lib_dnet_dnet_ntoa = no; then
-      { echo "$as_me:$LINENO: checking for dnet_ntoa in -ldnet_stub" >&5
-echo $ECHO_N "checking for dnet_ntoa in -ldnet_stub... $ECHO_C" >&6; }
-if test "${ac_cv_lib_dnet_stub_dnet_ntoa+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldnet_stub  $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char dnet_ntoa ();
-int
-main ()
-{
-return dnet_ntoa ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_lib_dnet_stub_dnet_ntoa=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_lib_dnet_stub_dnet_ntoa=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_lib_dnet_stub_dnet_ntoa" >&5
-echo "${ECHO_T}$ac_cv_lib_dnet_stub_dnet_ntoa" >&6; }
-if test $ac_cv_lib_dnet_stub_dnet_ntoa = yes; then
-  X_EXTRA_LIBS="$X_EXTRA_LIBS -ldnet_stub"
-fi
-
-    fi
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-    LIBS="$ac_xsave_LIBS"
-
-    # msh@cis.ufl.edu says -lnsl (and -lsocket) are needed for his 386/AT,
-    # to get the SysV transport functions.
-    # Chad R. Larson says the Pyramis MIS-ES running DC/OSx (SVR4)
-    # needs -lnsl.
-    # The nsl library prevents programs from opening the X display
-    # on Irix 5.2, according to T.E. Dickey.
-    # The functions gethostbyname, getservbyname, and inet_addr are
-    # in -lbsd on LynxOS 3.0.1/i386, according to Lars Hecking.
-    { echo "$as_me:$LINENO: checking for gethostbyname" >&5
-echo $ECHO_N "checking for gethostbyname... $ECHO_C" >&6; }
-if test "${ac_cv_func_gethostbyname+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define gethostbyname to an innocuous variant, in case <limits.h> declares gethostbyname.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define gethostbyname innocuous_gethostbyname
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char gethostbyname (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef gethostbyname
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char gethostbyname ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_gethostbyname || defined __stub___gethostbyname
-choke me
-#endif
-
-int
-main ()
-{
-return gethostbyname ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_gethostbyname=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_gethostbyname=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_gethostbyname" >&5
-echo "${ECHO_T}$ac_cv_func_gethostbyname" >&6; }
-
-    if test $ac_cv_func_gethostbyname = no; then
-      { echo "$as_me:$LINENO: checking for gethostbyname in -lnsl" >&5
-echo $ECHO_N "checking for gethostbyname in -lnsl... $ECHO_C" >&6; }
-if test "${ac_cv_lib_nsl_gethostbyname+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lnsl  $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char gethostbyname ();
-int
-main ()
-{
-return gethostbyname ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_lib_nsl_gethostbyname=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_lib_nsl_gethostbyname=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_lib_nsl_gethostbyname" >&5
-echo "${ECHO_T}$ac_cv_lib_nsl_gethostbyname" >&6; }
-if test $ac_cv_lib_nsl_gethostbyname = yes; then
-  X_EXTRA_LIBS="$X_EXTRA_LIBS -lnsl"
-fi
-
-      if test $ac_cv_lib_nsl_gethostbyname = no; then
-	{ echo "$as_me:$LINENO: checking for gethostbyname in -lbsd" >&5
-echo $ECHO_N "checking for gethostbyname in -lbsd... $ECHO_C" >&6; }
-if test "${ac_cv_lib_bsd_gethostbyname+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lbsd  $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char gethostbyname ();
-int
-main ()
-{
-return gethostbyname ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_lib_bsd_gethostbyname=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_lib_bsd_gethostbyname=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_lib_bsd_gethostbyname" >&5
-echo "${ECHO_T}$ac_cv_lib_bsd_gethostbyname" >&6; }
-if test $ac_cv_lib_bsd_gethostbyname = yes; then
-  X_EXTRA_LIBS="$X_EXTRA_LIBS -lbsd"
-fi
-
-      fi
-    fi
-
-    # lieder@skyler.mavd.honeywell.com says without -lsocket,
-    # socket/setsockopt and other routines are undefined under SCO ODT
-    # 2.0.  But -lsocket is broken on IRIX 5.2 (and is not necessary
-    # on later versions), says Simon Leinen: it contains gethostby*
-    # variants that don't use the name server (or something).  -lsocket
-    # must be given before -lnsl if both are needed.  We assume that
-    # if connect needs -lnsl, so does gethostbyname.
-    { echo "$as_me:$LINENO: checking for connect" >&5
-echo $ECHO_N "checking for connect... $ECHO_C" >&6; }
-if test "${ac_cv_func_connect+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define connect to an innocuous variant, in case <limits.h> declares connect.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define connect innocuous_connect
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char connect (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef connect
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char connect ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_connect || defined __stub___connect
-choke me
-#endif
-
-int
-main ()
-{
-return connect ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_connect=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_connect=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_connect" >&5
-echo "${ECHO_T}$ac_cv_func_connect" >&6; }
-
-    if test $ac_cv_func_connect = no; then
-      { echo "$as_me:$LINENO: checking for connect in -lsocket" >&5
-echo $ECHO_N "checking for connect in -lsocket... $ECHO_C" >&6; }
-if test "${ac_cv_lib_socket_connect+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lsocket $X_EXTRA_LIBS $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char connect ();
-int
-main ()
-{
-return connect ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_lib_socket_connect=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_lib_socket_connect=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_lib_socket_connect" >&5
-echo "${ECHO_T}$ac_cv_lib_socket_connect" >&6; }
-if test $ac_cv_lib_socket_connect = yes; then
-  X_EXTRA_LIBS="-lsocket $X_EXTRA_LIBS"
-fi
-
-    fi
-
-    # Guillermo Gomez says -lposix is necessary on A/UX.
-    { echo "$as_me:$LINENO: checking for remove" >&5
-echo $ECHO_N "checking for remove... $ECHO_C" >&6; }
-if test "${ac_cv_func_remove+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define remove to an innocuous variant, in case <limits.h> declares remove.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define remove innocuous_remove
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char remove (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef remove
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char remove ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_remove || defined __stub___remove
-choke me
-#endif
-
-int
-main ()
-{
-return remove ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_remove=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_remove=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_remove" >&5
-echo "${ECHO_T}$ac_cv_func_remove" >&6; }
-
-    if test $ac_cv_func_remove = no; then
-      { echo "$as_me:$LINENO: checking for remove in -lposix" >&5
-echo $ECHO_N "checking for remove in -lposix... $ECHO_C" >&6; }
-if test "${ac_cv_lib_posix_remove+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lposix  $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char remove ();
-int
-main ()
-{
-return remove ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_lib_posix_remove=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_lib_posix_remove=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_lib_posix_remove" >&5
-echo "${ECHO_T}$ac_cv_lib_posix_remove" >&6; }
-if test $ac_cv_lib_posix_remove = yes; then
-  X_EXTRA_LIBS="$X_EXTRA_LIBS -lposix"
-fi
-
-    fi
-
-    # BSDI BSD/OS 2.1 needs -lipc for XOpenDisplay.
-    { echo "$as_me:$LINENO: checking for shmat" >&5
-echo $ECHO_N "checking for shmat... $ECHO_C" >&6; }
-if test "${ac_cv_func_shmat+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define shmat to an innocuous variant, in case <limits.h> declares shmat.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define shmat innocuous_shmat
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char shmat (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef shmat
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char shmat ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_shmat || defined __stub___shmat
-choke me
-#endif
-
-int
-main ()
-{
-return shmat ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_shmat=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_shmat=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_shmat" >&5
-echo "${ECHO_T}$ac_cv_func_shmat" >&6; }
-
-    if test $ac_cv_func_shmat = no; then
-      { echo "$as_me:$LINENO: checking for shmat in -lipc" >&5
-echo $ECHO_N "checking for shmat in -lipc... $ECHO_C" >&6; }
-if test "${ac_cv_lib_ipc_shmat+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lipc  $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char shmat ();
-int
-main ()
-{
-return shmat ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_lib_ipc_shmat=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_lib_ipc_shmat=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_lib_ipc_shmat" >&5
-echo "${ECHO_T}$ac_cv_lib_ipc_shmat" >&6; }
-if test $ac_cv_lib_ipc_shmat = yes; then
-  X_EXTRA_LIBS="$X_EXTRA_LIBS -lipc"
-fi
-
-    fi
-  fi
-
-  # Check for libraries that X11R6 Xt/Xaw programs need.
-  ac_save_LDFLAGS=$LDFLAGS
-  test -n "$x_libraries" && LDFLAGS="$LDFLAGS -L$x_libraries"
-  # SM needs ICE to (dynamically) link under SunOS 4.x (so we have to
-  # check for ICE first), but we must link in the order -lSM -lICE or
-  # we get undefined symbols.  So assume we have SM if we have ICE.
-  # These have to be linked with before -lX11, unlike the other
-  # libraries we check for below, so use a different variable.
-  # John Interrante, Karl Berry
-  { echo "$as_me:$LINENO: checking for IceConnectionNumber in -lICE" >&5
-echo $ECHO_N "checking for IceConnectionNumber in -lICE... $ECHO_C" >&6; }
-if test "${ac_cv_lib_ICE_IceConnectionNumber+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lICE $X_EXTRA_LIBS $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char IceConnectionNumber ();
-int
-main ()
-{
-return IceConnectionNumber ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_lib_ICE_IceConnectionNumber=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_lib_ICE_IceConnectionNumber=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_lib_ICE_IceConnectionNumber" >&5
-echo "${ECHO_T}$ac_cv_lib_ICE_IceConnectionNumber" >&6; }
-if test $ac_cv_lib_ICE_IceConnectionNumber = yes; then
-  X_PRE_LIBS="$X_PRE_LIBS -lSM -lICE"
-fi
-
-  LDFLAGS=$ac_save_LDFLAGS
-
-fi
-
-
-# try to figure out if we need any additional ld flags, like -R
-# and yes, the autoconf X test is utterly broken
-if test "$no_x" != yes; then
-	{ echo "$as_me:$LINENO: checking for special X linker flags" >&5
-echo $ECHO_N "checking for special X linker flags... $ECHO_C" >&6; }
-if test "${krb_cv_sys_x_libs_rpath+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-	ac_save_libs="$LIBS"
-	ac_save_cflags="$CFLAGS"
-	CFLAGS="$CFLAGS $X_CFLAGS"
-	krb_cv_sys_x_libs_rpath=""
-	krb_cv_sys_x_libs=""
-	for rflag in "" "-R" "-R " "-rpath "; do
-		if test "$rflag" = ""; then
-			foo="$X_LIBS"
-		else
-			foo=""
-			for flag in $X_LIBS; do
-			case $flag in
-			-L*)
-				foo="$foo $flag `echo $flag | sed \"s/-L/$rflag/\"`"
-				;;
-			*)
-				foo="$foo $flag"
-				;;
-			esac
-			done
-		fi
-		LIBS="$ac_save_libs $foo $X_PRE_LIBS -lX11 $X_EXTRA_LIBS"
-		if test "$cross_compiling" = yes; then
-  krb_cv_sys_x_libs_rpath="" ; krb_cv_sys_x_libs="" ; break
-else
-  cat >conftest.$ac_ext <<_ACEOF
-
-		#include <X11/Xlib.h>
-		foo(void)
-		{
-		XOpenDisplay(NULL);
-		}
-		main(int argc, char **argv)
-		{
-		return 0;
-		}
-
-_ACEOF
-rm -f conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_try") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  krb_cv_sys_x_libs_rpath="$rflag"; krb_cv_sys_x_libs="$foo"; break
-else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-( exit $ac_status )
-:
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-
-
-	done
-	LIBS="$ac_save_libs"
-	CFLAGS="$ac_save_cflags"
-
-fi
-{ echo "$as_me:$LINENO: result: $krb_cv_sys_x_libs_rpath" >&5
-echo "${ECHO_T}$krb_cv_sys_x_libs_rpath" >&6; }
-	X_LIBS="$krb_cv_sys_x_libs"
-fi
-
-
- if test "$no_x" != yes; then
-  HAVE_X_TRUE=
-  HAVE_X_FALSE='#'
-else
-  HAVE_X_TRUE='#'
-  HAVE_X_FALSE=
-fi
-
-
-
-save_CFLAGS="$CFLAGS"
-CFLAGS="$X_CFLAGS $CFLAGS"
-save_LIBS="$LIBS"
-LIBS="$X_PRE_LIBS $X_EXTRA_LIBS $LIBS"
-save_LDFLAGS="$LDFLAGS"
-LDFLAGS="$LDFLAGS $X_LIBS"
-
-## check for XauWriteAuth first, so we detect the case where
-## XauReadAuth is in -lX11, but XauWriteAuth is only in -lXau this
-## could be done by checking for XauReadAuth in -lXau first, but this
-## breaks in IRIX 6.5
-
-
-
-
-{ echo "$as_me:$LINENO: checking for XauWriteAuth" >&5
-echo $ECHO_N "checking for XauWriteAuth... $ECHO_C" >&6; }
-if test "${ac_cv_funclib_XauWriteAuth+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_XauWriteAuth\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" X11 Xau; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <X11/Xauth.h>
-int
-main ()
-{
-XauWriteAuth(0,0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_XauWriteAuth=$ac_lib; else ac_cv_funclib_XauWriteAuth=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_XauWriteAuth=\${ac_cv_funclib_XauWriteAuth-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_XauWriteAuth"
-
-if false; then
-
-for ac_func in XauWriteAuth
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# XauWriteAuth
-eval "ac_tr_func=HAVE_`echo XauWriteAuth | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_XauWriteAuth=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_XauWriteAuth=yes"
-	eval "LIB_XauWriteAuth="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-	;;
-	no)
-	eval "ac_cv_func_XauWriteAuth=no"
-	eval "LIB_XauWriteAuth="
-	{ echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-	;;
-	*)
-	eval "ac_cv_func_XauWriteAuth=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6; }
-	;;
-esac
-
-
-ac_xxx="$LIBS"
-LIBS="$LIB_XauWriteAuth $LIBS"
-
-
-
-{ echo "$as_me:$LINENO: checking for XauReadAuth" >&5
-echo $ECHO_N "checking for XauReadAuth... $ECHO_C" >&6; }
-if test "${ac_cv_funclib_XauReadAuth+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_XauReadAuth\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" X11 Xau; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <X11/Xauth.h>
-int
-main ()
-{
-XauReadAuth(0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_XauReadAuth=$ac_lib; else ac_cv_funclib_XauReadAuth=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_XauReadAuth=\${ac_cv_funclib_XauReadAuth-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_XauReadAuth"
-
-if false; then
-
-for ac_func in XauReadAuth
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# XauReadAuth
-eval "ac_tr_func=HAVE_`echo XauReadAuth | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_XauReadAuth=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_XauReadAuth=yes"
-	eval "LIB_XauReadAuth="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-	;;
-	no)
-	eval "ac_cv_func_XauReadAuth=no"
-	eval "LIB_XauReadAuth="
-	{ echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-	;;
-	*)
-	eval "ac_cv_func_XauReadAuth=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6; }
-	;;
-esac
-
-
-LIBS="$LIB_XauReadAauth $LIBS"
-
-
-
-{ echo "$as_me:$LINENO: checking for XauFileName" >&5
-echo $ECHO_N "checking for XauFileName... $ECHO_C" >&6; }
-if test "${ac_cv_funclib_XauFileName+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_XauFileName\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" X11 Xau; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <X11/Xauth.h>
-int
-main ()
-{
-XauFileName()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_XauFileName=$ac_lib; else ac_cv_funclib_XauFileName=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_XauFileName=\${ac_cv_funclib_XauFileName-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_XauFileName"
-
-if false; then
-
-for ac_func in XauFileName
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# XauFileName
-eval "ac_tr_func=HAVE_`echo XauFileName | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_XauFileName=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_XauFileName=yes"
-	eval "LIB_XauFileName="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-	;;
-	no)
-	eval "ac_cv_func_XauFileName=no"
-	eval "LIB_XauFileName="
-	{ echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-	;;
-	*)
-	eval "ac_cv_func_XauFileName=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6; }
-	;;
-esac
-
-
-LIBS="$ac_xxx"
-
-## set LIB_XauReadAuth to union of these tests, since this is what the
-## Makefiles are using
-case "$ac_cv_funclib_XauWriteAuth" in
-yes)	;;
-no)	;;
-*)	if test "$ac_cv_funclib_XauReadAuth" = yes; then
-		if test "$ac_cv_funclib_XauFileName" = yes; then
-			LIB_XauReadAuth="$LIB_XauWriteAuth"
-		else
-			LIB_XauReadAuth="$LIB_XauWriteAuth $LIB_XauFileName"
-		fi
-	else
-		if test "$ac_cv_funclib_XauFileName" = yes; then
-			LIB_XauReadAuth="$LIB_XauReadAuth $LIB_XauWriteAuth"
-		else
-			LIB_XauReadAuth="$LIB_XauReadAuth $LIB_XauWriteAuth $LIB_XauFileName"
-		fi
-	fi
-	;;
-esac
-
-if test "$AUTOMAKE" != ""; then
-	 if test "$ac_cv_func_XauWriteAuth" != "yes"; then
-  NEED_WRITEAUTH_TRUE=
-  NEED_WRITEAUTH_FALSE='#'
-else
-  NEED_WRITEAUTH_TRUE='#'
-  NEED_WRITEAUTH_FALSE=
-fi
-
-else
-
-
-	if test "$ac_cv_func_XauWriteAuth" != "yes"; then
-		NEED_WRITEAUTH_TRUE=
-		NEED_WRITEAUTH_FALSE='#'
-	else
-		NEED_WRITEAUTH_TRUE='#'
-		NEED_WRITEAUTH_FALSE=
-	fi
-fi
-CFLAGS=$save_CFLAGS
-LIBS=$save_LIBS
-LDFLAGS=$save_LDFLAGS
-
-
-
-{ echo "$as_me:$LINENO: checking for an ANSI C-conforming const" >&5
-echo $ECHO_N "checking for an ANSI C-conforming const... $ECHO_C" >&6; }
-if test "${ac_cv_c_const+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-int
-main ()
-{
-/* FIXME: Include the comments suggested by Paul. */
-#ifndef __cplusplus
-  /* Ultrix mips cc rejects this.  */
-  typedef int charset[2];
-  const charset cs;
-  /* SunOS 4.1.1 cc rejects this.  */
-  char const *const *pcpcc;
-  char **ppc;
-  /* NEC SVR4.0.2 mips cc rejects this.  */
-  struct point {int x, y;};
-  static struct point const zero = {0,0};
-  /* AIX XL C 1.02.0.0 rejects this.
-     It does not let you subtract one const X* pointer from another in
-     an arm of an if-expression whose if-part is not a constant
-     expression */
-  const char *g = "string";
-  pcpcc = &g + (g ? g-g : 0);
-  /* HPUX 7.0 cc rejects these. */
-  ++pcpcc;
-  ppc = (char**) pcpcc;
-  pcpcc = (char const *const *) ppc;
-  { /* SCO 3.2v4 cc rejects this.  */
-    char *t;
-    char const *s = 0 ? (char *) 0 : (char const *) 0;
-
-    *t++ = 0;
-    if (s) return 0;
-  }
-  { /* Someone thinks the Sun supposedly-ANSI compiler will reject this.  */
-    int x[] = {25, 17};
-    const int *foo = &x[0];
-    ++foo;
-  }
-  { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */
-    typedef const int *iptr;
-    iptr p = 0;
-    ++p;
-  }
-  { /* AIX XL C 1.02.0.0 rejects this saying
-       "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */
-    struct s { int j; const int *ap[3]; };
-    struct s *b; b->j = 5;
-  }
-  { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */
-    const int foo = 10;
-    if (!foo) return 0;
-  }
-  return !cs[0] && !zero.x;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_c_const=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_c_const=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_c_const" >&5
-echo "${ECHO_T}$ac_cv_c_const" >&6; }
-if test $ac_cv_c_const = no; then
-
-cat >>confdefs.h <<\_ACEOF
-#define const
-_ACEOF
-
-fi
-
-{ echo "$as_me:$LINENO: checking for off_t" >&5
-echo $ECHO_N "checking for off_t... $ECHO_C" >&6; }
-if test "${ac_cv_type_off_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-typedef off_t ac__type_new_;
-int
-main ()
-{
-if ((ac__type_new_ *) 0)
-  return 0;
-if (sizeof (ac__type_new_))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_type_off_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_type_off_t=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_off_t" >&5
-echo "${ECHO_T}$ac_cv_type_off_t" >&6; }
-if test $ac_cv_type_off_t = yes; then
-  :
-else
-
-cat >>confdefs.h <<_ACEOF
-#define off_t long int
-_ACEOF
-
-fi
-
-{ echo "$as_me:$LINENO: checking for mode_t" >&5
-echo $ECHO_N "checking for mode_t... $ECHO_C" >&6; }
-if test "${ac_cv_type_mode_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP "mode_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then
-  ac_cv_type_mode_t=yes
-else
-  ac_cv_type_mode_t=no
-fi
-rm -f conftest*
-
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_mode_t" >&5
-echo "${ECHO_T}$ac_cv_type_mode_t" >&6; }
-if test $ac_cv_type_mode_t = no; then
-
-cat >>confdefs.h <<\_ACEOF
-#define mode_t unsigned short
-_ACEOF
-
-fi
-
-{ echo "$as_me:$LINENO: checking for sig_atomic_t" >&5
-echo $ECHO_N "checking for sig_atomic_t... $ECHO_C" >&6; }
-if test "${ac_cv_type_sig_atomic_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-#include <signal.h>
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP "sig_atomic_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then
-  ac_cv_type_sig_atomic_t=yes
-else
-  ac_cv_type_sig_atomic_t=no
-fi
-rm -f conftest*
-
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_sig_atomic_t" >&5
-echo "${ECHO_T}$ac_cv_type_sig_atomic_t" >&6; }
-if test $ac_cv_type_sig_atomic_t = no; then
-
-cat >>confdefs.h <<\_ACEOF
-#define sig_atomic_t int
-_ACEOF
-
-fi
-
-
-
-cv=`echo "long long" | sed 'y%./+- %__p__%'`
-{ echo "$as_me:$LINENO: checking for long long" >&5
-echo $ECHO_N "checking for long long... $ECHO_C" >&6; }
-if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-
-int
-main ()
-{
-long long foo;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_type_$cv=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_type_$cv=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-ac_foo=`eval echo \\$ac_cv_type_$cv`
-{ echo "$as_me:$LINENO: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6; }
-if test "$ac_foo" = yes; then
-  ac_tr_hdr=HAVE_`echo long long | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
-if false; then
-	{ echo "$as_me:$LINENO: checking for long long" >&5
-echo $ECHO_N "checking for long long... $ECHO_C" >&6; }
-if test "${ac_cv_type_long_long+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-typedef long long ac__type_new_;
-int
-main ()
-{
-if ((ac__type_new_ *) 0)
-  return 0;
-if (sizeof (ac__type_new_))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_type_long_long=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_type_long_long=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_long_long" >&5
-echo "${ECHO_T}$ac_cv_type_long_long" >&6; }
-if test $ac_cv_type_long_long = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_LONG_LONG 1
-_ACEOF
-
-
-fi
-
-fi
-
-cat >>confdefs.h <<_ACEOF
-#define $ac_tr_hdr 1
-_ACEOF
-
-fi
-
-{ echo "$as_me:$LINENO: checking whether time.h and sys/time.h may both be included" >&5
-echo $ECHO_N "checking whether time.h and sys/time.h may both be included... $ECHO_C" >&6; }
-if test "${ac_cv_header_time+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <sys/types.h>
-#include <sys/time.h>
-#include <time.h>
-
-int
-main ()
-{
-if ((struct tm *) 0)
-return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_header_time=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_header_time=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_header_time" >&5
-echo "${ECHO_T}$ac_cv_header_time" >&6; }
-if test $ac_cv_header_time = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define TIME_WITH_SYS_TIME 1
-_ACEOF
-
-fi
-
-{ echo "$as_me:$LINENO: checking whether struct tm is in sys/time.h or time.h" >&5
-echo $ECHO_N "checking whether struct tm is in sys/time.h or time.h... $ECHO_C" >&6; }
-if test "${ac_cv_struct_tm+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <sys/types.h>
-#include <time.h>
-
-int
-main ()
-{
-struct tm tm;
-				     int *p = &tm.tm_sec;
- 				     return !p;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_struct_tm=time.h
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_struct_tm=sys/time.h
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_struct_tm" >&5
-echo "${ECHO_T}$ac_cv_struct_tm" >&6; }
-if test $ac_cv_struct_tm = sys/time.h; then
-
-cat >>confdefs.h <<\_ACEOF
-#define TM_IN_SYS_TIME 1
-_ACEOF
-
-fi
-
-
-{ echo "$as_me:$LINENO: checking for ANSI C header files" >&5
-echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6; }
-if test "${ac_cv_header_stdc+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <stdlib.h>
-#include <stdarg.h>
-#include <string.h>
-#include <float.h>
-
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_header_stdc=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_header_stdc=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-
-if test $ac_cv_header_stdc = yes; then
-  # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <string.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP "memchr" >/dev/null 2>&1; then
-  :
-else
-  ac_cv_header_stdc=no
-fi
-rm -f conftest*
-
-fi
-
-if test $ac_cv_header_stdc = yes; then
-  # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <stdlib.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP "free" >/dev/null 2>&1; then
-  :
-else
-  ac_cv_header_stdc=no
-fi
-rm -f conftest*
-
-fi
-
-if test $ac_cv_header_stdc = yes; then
-  # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
-  if test "$cross_compiling" = yes; then
-  :
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <ctype.h>
-#include <stdlib.h>
-#if ((' ' & 0x0FF) == 0x020)
-# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
-# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
-#else
-# define ISLOWER(c) \
-		   (('a' <= (c) && (c) <= 'i') \
-		     || ('j' <= (c) && (c) <= 'r') \
-		     || ('s' <= (c) && (c) <= 'z'))
-# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
-#endif
-
-#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
-int
-main ()
-{
-  int i;
-  for (i = 0; i < 256; i++)
-    if (XOR (islower (i), ISLOWER (i))
-	|| toupper (i) != TOUPPER (i))
-      return 2;
-  return 0;
-}
-_ACEOF
-rm -f conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_try") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  :
-else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-( exit $ac_status )
-ac_cv_header_stdc=no
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-
-
-fi
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5
-echo "${ECHO_T}$ac_cv_header_stdc" >&6; }
-if test $ac_cv_header_stdc = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define STDC_HEADERS 1
-_ACEOF
-
-fi
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-for ac_header in \
-	arpa/ftp.h				\
-	arpa/telnet.h				\
-	bind/bitypes.h				\
-	bsdsetjmp.h				\
-	curses.h				\
-	dlfcn.h					\
-	fnmatch.h				\
-	inttypes.h				\
-	io.h					\
-	libutil.h				\
-	limits.h				\
-	maillock.h				\
-	netgroup.h				\
-	netinet/in6_machtypes.h			\
-	netinfo/ni.h				\
-	pthread.h				\
-	pty.h					\
-	sac.h					\
-	sgtty.h					\
-	siad.h					\
-	signal.h				\
-	strings.h				\
-	stropts.h				\
-	sys/bitypes.h				\
-	sys/category.h				\
-	sys/file.h				\
-	sys/filio.h				\
-	sys/ioccom.h				\
-	sys/mman.h				\
-	sys/param.h				\
-	sys/pty.h				\
-	sys/ptyio.h				\
-	sys/select.h				\
-	sys/socket.h				\
-	sys/str_tty.h				\
-	sys/stream.h				\
-	sys/stropts.h				\
-	sys/syscall.h				\
-	sys/termio.h				\
-	sys/timeb.h				\
-	sys/times.h				\
-	sys/types.h				\
-	sys/un.h				\
-	termcap.h				\
-	termio.h				\
-	termios.h				\
-	time.h					\
-	tmpdir.h				\
-	udb.h					\
-	util.h					\
-	utmp.h					\
-	utmpx.h					\
-
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  { echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-else
-  # Is the header compilable?
-{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_header_compiler=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_header_compiler=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6; }
-
-# Is the header present?
-{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <$ac_header>
-_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null && {
-	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       }; then
-  ac_header_preproc=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-  ac_header_preproc=no
-fi
-
-rm -f conftest.err conftest.$ac_ext
-{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6; }
-
-# So?  What about this header?
-case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
-  yes:no: )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
-    ac_header_preproc=yes
-    ;;
-  no:yes:* )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header:     check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header:     check for missing prerequisite headers?" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
-echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&5
-echo "$as_me: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
-echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    ( cat <<\_ASBOX
-## ----------------------------------- ##
-## Report this to heimdal-bugs@h5l.org ##
-## ----------------------------------- ##
-_ASBOX
-     ) | sed "s/^/$as_me: WARNING:     /" >&2
-    ;;
-esac
-{ echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  eval "$as_ac_Header=\$ac_header_preproc"
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-
-for ac_header in term.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <$ac_header>
-_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null && {
-	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       }; then
-  eval "$as_ac_Header=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-  eval "$as_ac_Header=no"
-fi
-
-rm -f conftest.err conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-
-for ac_header in net/if.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-#if HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "$as_ac_Header=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_Header=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-
-for ac_header in sys/ptyvar.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-#if HAVE_SYS_TTY_H
-#include <sys/tty.h>
-#endif
-
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "$as_ac_Header=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_Header=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-
-for ac_header in sys/strtty.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-#if HAVE_TERMIOS_H
-#include <termios.h>
-#endif
-#if HAVE_SYS_STREAM_H
-#include <sys/stream.h>
-#endif
-
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "$as_ac_Header=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_Header=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-
-for ac_header in sys/ucred.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-#if HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#if HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "$as_ac_Header=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_Header=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-
-for ac_header in security/pam_modules.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-#include <security/pam_appl.h>
-
-
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "$as_ac_Header=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_Header=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-# Check whether --enable-netinfo was given.
-if test "${enable_netinfo+set}" = set; then
-  enableval=$enable_netinfo;
-fi
-
-
-if test "$ac_cv_header_netinfo_ni_h" = yes -a "$enable_netinfo" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_NETINFO 1
-_ACEOF
-
-fi
-
-
-
-
-
-
-
-
-
-
-{ echo "$as_me:$LINENO: checking for logwtmp" >&5
-echo $ECHO_N "checking for logwtmp... $ECHO_C" >&6; }
-if test "${ac_cv_funclib_logwtmp+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_logwtmp\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" util; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_UTIL_H
-#include <util.h>
-#endif
-
-int
-main ()
-{
-logwtmp(0,0,0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_logwtmp=$ac_lib; else ac_cv_funclib_logwtmp=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_logwtmp=\${ac_cv_funclib_logwtmp-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_logwtmp"
-
-if false; then
-
-for ac_func in logwtmp
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# logwtmp
-eval "ac_tr_func=HAVE_`echo logwtmp | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_logwtmp=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_logwtmp=yes"
-	eval "LIB_logwtmp="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-	;;
-	no)
-	eval "ac_cv_func_logwtmp=no"
-	eval "LIB_logwtmp="
-	{ echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-	;;
-	*)
-	eval "ac_cv_func_logwtmp=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6; }
-	;;
-esac
-
-
-
-
-
-{ echo "$as_me:$LINENO: checking for logout" >&5
-echo $ECHO_N "checking for logout... $ECHO_C" >&6; }
-if test "${ac_cv_funclib_logout+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_logout\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" util; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_UTIL_H
-#include <util.h>
-#endif
-
-int
-main ()
-{
-logout(0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_logout=$ac_lib; else ac_cv_funclib_logout=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_logout=\${ac_cv_funclib_logout-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_logout"
-
-if false; then
-
-for ac_func in logout
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# logout
-eval "ac_tr_func=HAVE_`echo logout | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_logout=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_logout=yes"
-	eval "LIB_logout="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-	;;
-	no)
-	eval "ac_cv_func_logout=no"
-	eval "LIB_logout="
-	{ echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-	;;
-	*)
-	eval "ac_cv_func_logout=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6; }
-	;;
-esac
-
-
-
-
-
-{ echo "$as_me:$LINENO: checking for openpty" >&5
-echo $ECHO_N "checking for openpty... $ECHO_C" >&6; }
-if test "${ac_cv_funclib_openpty+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_openpty\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" util; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_UTIL_H
-#include <util.h>
-#endif
-
-int
-main ()
-{
-openpty(0,0,0,0,0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_openpty=$ac_lib; else ac_cv_funclib_openpty=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_openpty=\${ac_cv_funclib_openpty-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_openpty"
-
-if false; then
-
-for ac_func in openpty
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# openpty
-eval "ac_tr_func=HAVE_`echo openpty | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_openpty=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_openpty=yes"
-	eval "LIB_openpty="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-	;;
-	no)
-	eval "ac_cv_func_openpty=no"
-	eval "LIB_openpty="
-	{ echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-	;;
-	*)
-	eval "ac_cv_func_openpty=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6; }
-	;;
-esac
-
-
-
-
-
-
-{ echo "$as_me:$LINENO: checking for tgetent" >&5
-echo $ECHO_N "checking for tgetent... $ECHO_C" >&6; }
-if test "${ac_cv_funclib_tgetent+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_tgetent\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" termcap ncurses curses; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_TERMCAP_H
-#include <termcap.h>
-#endif
-#ifdef HAVE_CURSES_H
-#include <curses.h>
-#endif
-
-int
-main ()
-{
-tgetent(0,0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_tgetent=$ac_lib; else ac_cv_funclib_tgetent=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_tgetent=\${ac_cv_funclib_tgetent-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_tgetent"
-
-if false; then
-
-for ac_func in tgetent
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# tgetent
-eval "ac_tr_func=HAVE_`echo tgetent | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_tgetent=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_tgetent=yes"
-	eval "LIB_tgetent="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-	;;
-	no)
-	eval "ac_cv_func_tgetent=no"
-	eval "LIB_tgetent="
-	{ echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-	;;
-	*)
-	eval "ac_cv_func_tgetent=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6; }
-	;;
-esac
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-for ac_func in 				\
-	_getpty					\
-	_scrsize				\
-	arc4random				\
-	fcntl					\
-	getpeereid				\
-	getpeerucred				\
-	grantpt					\
-	mktime					\
-	ptsname					\
-	rand					\
-	revoke					\
-	select					\
-	setitimer				\
-	setpcred				\
-	setpgid					\
-	setproctitle				\
-	setregid				\
-	setresgid				\
-	setresuid				\
-	setreuid				\
-	setsid					\
-	setutent				\
-	sigaction				\
-	strstr					\
-	ttyname					\
-	ttyslot					\
-	umask					\
-	unlockpt				\
-	vhangup					\
-	yp_get_default_domain			\
-
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-
-
-
-for ac_header in stdlib.h unistd.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  { echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-else
-  # Is the header compilable?
-{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_header_compiler=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_header_compiler=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6; }
-
-# Is the header present?
-{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <$ac_header>
-_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null && {
-	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       }; then
-  ac_header_preproc=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-  ac_header_preproc=no
-fi
-
-rm -f conftest.err conftest.$ac_ext
-{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6; }
-
-# So?  What about this header?
-case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
-  yes:no: )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
-    ac_header_preproc=yes
-    ;;
-  no:yes:* )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header:     check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header:     check for missing prerequisite headers?" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
-echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&5
-echo "$as_me: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
-echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    ( cat <<\_ASBOX
-## ----------------------------------- ##
-## Report this to heimdal-bugs@h5l.org ##
-## ----------------------------------- ##
-_ASBOX
-     ) | sed "s/^/$as_me: WARNING:     /" >&2
-    ;;
-esac
-{ echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  eval "$as_ac_Header=\$ac_header_preproc"
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-for ac_func in getpagesize
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-{ echo "$as_me:$LINENO: checking for working mmap" >&5
-echo $ECHO_N "checking for working mmap... $ECHO_C" >&6; }
-if test "${ac_cv_func_mmap_fixed_mapped+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test "$cross_compiling" = yes; then
-  ac_cv_func_mmap_fixed_mapped=no
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-/* malloc might have been renamed as rpl_malloc. */
-#undef malloc
-
-/* Thanks to Mike Haertel and Jim Avera for this test.
-   Here is a matrix of mmap possibilities:
-	mmap private not fixed
-	mmap private fixed at somewhere currently unmapped
-	mmap private fixed at somewhere already mapped
-	mmap shared not fixed
-	mmap shared fixed at somewhere currently unmapped
-	mmap shared fixed at somewhere already mapped
-   For private mappings, we should verify that changes cannot be read()
-   back from the file, nor mmap's back from the file at a different
-   address.  (There have been systems where private was not correctly
-   implemented like the infamous i386 svr4.0, and systems where the
-   VM page cache was not coherent with the file system buffer cache
-   like early versions of FreeBSD and possibly contemporary NetBSD.)
-   For shared mappings, we should conversely verify that changes get
-   propagated back to all the places they're supposed to be.
-
-   Grep wants private fixed already mapped.
-   The main things grep needs to know about mmap are:
-   * does it exist and is it safe to write into the mmap'd area
-   * how to use it (BSD variants)  */
-
-#include <fcntl.h>
-#include <sys/mman.h>
-
-#if !defined STDC_HEADERS && !defined HAVE_STDLIB_H
-char *malloc ();
-#endif
-
-/* This mess was copied from the GNU getpagesize.h.  */
-#ifndef HAVE_GETPAGESIZE
-/* Assume that all systems that can run configure have sys/param.h.  */
-# ifndef HAVE_SYS_PARAM_H
-#  define HAVE_SYS_PARAM_H 1
-# endif
-
-# ifdef _SC_PAGESIZE
-#  define getpagesize() sysconf(_SC_PAGESIZE)
-# else /* no _SC_PAGESIZE */
-#  ifdef HAVE_SYS_PARAM_H
-#   include <sys/param.h>
-#   ifdef EXEC_PAGESIZE
-#    define getpagesize() EXEC_PAGESIZE
-#   else /* no EXEC_PAGESIZE */
-#    ifdef NBPG
-#     define getpagesize() NBPG * CLSIZE
-#     ifndef CLSIZE
-#      define CLSIZE 1
-#     endif /* no CLSIZE */
-#    else /* no NBPG */
-#     ifdef NBPC
-#      define getpagesize() NBPC
-#     else /* no NBPC */
-#      ifdef PAGESIZE
-#       define getpagesize() PAGESIZE
-#      endif /* PAGESIZE */
-#     endif /* no NBPC */
-#    endif /* no NBPG */
-#   endif /* no EXEC_PAGESIZE */
-#  else /* no HAVE_SYS_PARAM_H */
-#   define getpagesize() 8192	/* punt totally */
-#  endif /* no HAVE_SYS_PARAM_H */
-# endif /* no _SC_PAGESIZE */
-
-#endif /* no HAVE_GETPAGESIZE */
-
-int
-main ()
-{
-  char *data, *data2, *data3;
-  int i, pagesize;
-  int fd;
-
-  pagesize = getpagesize ();
-
-  /* First, make a file with some known garbage in it. */
-  data = (char *) malloc (pagesize);
-  if (!data)
-    return 1;
-  for (i = 0; i < pagesize; ++i)
-    *(data + i) = rand ();
-  umask (0);
-  fd = creat ("conftest.mmap", 0600);
-  if (fd < 0)
-    return 1;
-  if (write (fd, data, pagesize) != pagesize)
-    return 1;
-  close (fd);
-
-  /* Next, try to mmap the file at a fixed address which already has
-     something else allocated at it.  If we can, also make sure that
-     we see the same garbage.  */
-  fd = open ("conftest.mmap", O_RDWR);
-  if (fd < 0)
-    return 1;
-  data2 = (char *) malloc (2 * pagesize);
-  if (!data2)
-    return 1;
-  data2 += (pagesize - ((long int) data2 & (pagesize - 1))) & (pagesize - 1);
-  if (data2 != mmap (data2, pagesize, PROT_READ | PROT_WRITE,
-		     MAP_PRIVATE | MAP_FIXED, fd, 0L))
-    return 1;
-  for (i = 0; i < pagesize; ++i)
-    if (*(data + i) != *(data2 + i))
-      return 1;
-
-  /* Finally, make sure that changes to the mapped area do not
-     percolate back to the file as seen by read().  (This is a bug on
-     some variants of i386 svr4.0.)  */
-  for (i = 0; i < pagesize; ++i)
-    *(data2 + i) = *(data2 + i) + 1;
-  data3 = (char *) malloc (pagesize);
-  if (!data3)
-    return 1;
-  if (read (fd, data3, pagesize) != pagesize)
-    return 1;
-  for (i = 0; i < pagesize; ++i)
-    if (*(data + i) != *(data3 + i))
-      return 1;
-  close (fd);
-  return 0;
-}
-_ACEOF
-rm -f conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_try") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_mmap_fixed_mapped=yes
-else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-( exit $ac_status )
-ac_cv_func_mmap_fixed_mapped=no
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-
-
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_mmap_fixed_mapped" >&5
-echo "${ECHO_T}$ac_cv_func_mmap_fixed_mapped" >&6; }
-if test $ac_cv_func_mmap_fixed_mapped = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_MMAP 1
-_ACEOF
-
-fi
-rm -f conftest.mmap
-
-
-
-
-
-
-for ac_header in capability.h sys/capability.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  { echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-else
-  # Is the header compilable?
-{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_header_compiler=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_header_compiler=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6; }
-
-# Is the header present?
-{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <$ac_header>
-_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null && {
-	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       }; then
-  ac_header_preproc=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-  ac_header_preproc=no
-fi
-
-rm -f conftest.err conftest.$ac_ext
-{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6; }
-
-# So?  What about this header?
-case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
-  yes:no: )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
-    ac_header_preproc=yes
-    ;;
-  no:yes:* )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header:     check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header:     check for missing prerequisite headers?" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
-echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&5
-echo "$as_me: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
-echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    ( cat <<\_ASBOX
-## ----------------------------------- ##
-## Report this to heimdal-bugs@h5l.org ##
-## ----------------------------------- ##
-_ASBOX
-     ) | sed "s/^/$as_me: WARNING:     /" >&2
-    ;;
-esac
-{ echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  eval "$as_ac_Header=\$ac_header_preproc"
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-
-
-for ac_func in sgi_getcapabilitybyname cap_set_proc
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-
-
-
-
-
-
-{ echo "$as_me:$LINENO: checking for getpwnam_r" >&5
-echo $ECHO_N "checking for getpwnam_r... $ECHO_C" >&6; }
-if test "${ac_cv_funclib_getpwnam_r+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_getpwnam_r\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" c_r; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-int
-main ()
-{
-getpwnam_r()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_getpwnam_r=$ac_lib; else ac_cv_funclib_getpwnam_r=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_getpwnam_r=\${ac_cv_funclib_getpwnam_r-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_getpwnam_r"
-
-if false; then
-
-for ac_func in getpwnam_r
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# getpwnam_r
-eval "ac_tr_func=HAVE_`echo getpwnam_r | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_getpwnam_r=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_getpwnam_r=yes"
-	eval "LIB_getpwnam_r="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-	;;
-	no)
-	eval "ac_cv_func_getpwnam_r=no"
-	eval "LIB_getpwnam_r="
-	{ echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-	;;
-	*)
-	eval "ac_cv_func_getpwnam_r=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6; }
-	;;
-esac
-
-
-if test "$ac_cv_func_getpwnam_r" = yes; then
-	{ echo "$as_me:$LINENO: checking if getpwnam_r is posix" >&5
-echo $ECHO_N "checking if getpwnam_r is posix... $ECHO_C" >&6; }
-if test "${ac_cv_func_getpwnam_r_posix+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_libs="$LIBS"
-	LIBS="$LIBS $LIB_getpwnam_r"
-	if test "$cross_compiling" = yes; then
-  :
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#define _POSIX_PTHREAD_SEMANTICS
-#include <pwd.h>
-int main(int argc, char **argv)
-{
-	struct passwd pw, *pwd;
-	return getpwnam_r("", &pw, NULL, 0, &pwd) < 0;
-}
-
-_ACEOF
-rm -f conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_try") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_getpwnam_r_posix=yes
-else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-( exit $ac_status )
-ac_cv_func_getpwnam_r_posix=no
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-
-
-LIBS="$ac_libs"
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_getpwnam_r_posix" >&5
-echo "${ECHO_T}$ac_cv_func_getpwnam_r_posix" >&6; }
-if test "$ac_cv_func_getpwnam_r_posix" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define POSIX_GETPWNAM_R 1
-_ACEOF
-
-fi
-fi
-
-
-if test "$enable_pthread_support" != no; then
-   saved_LIBS="$LIBS"
-   LIBS="$LIBS $PTHREADS_LIBS"
-
-
-
-{ echo "$as_me:$LINENO: checking for door_create" >&5
-echo $ECHO_N "checking for door_create... $ECHO_C" >&6; }
-if test "${ac_cv_funclib_door_create+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_door_create\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" door; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-int
-main ()
-{
-door_create()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_door_create=$ac_lib; else ac_cv_funclib_door_create=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_door_create=\${ac_cv_funclib_door_create-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_door_create"
-
-if false; then
-
-for ac_func in door_create
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# door_create
-eval "ac_tr_func=HAVE_`echo door_create | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_door_create=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_door_create=yes"
-	eval "LIB_door_create="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-	;;
-	no)
-	eval "ac_cv_func_door_create=no"
-	eval "LIB_door_create="
-	{ echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-	;;
-	*)
-	eval "ac_cv_func_door_create=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6; }
-	;;
-esac
-
-
-   LIBS="$saved_LIBS"
-fi
-
-# Check whether --enable-kcm was given.
-if test "${enable_kcm+set}" = set; then
-  enableval=$enable_kcm;
-else
-  enable_kcm=yes
-fi
-
-
-if test "$enable_kcm" = yes ; then
-   if test  "$ac_cv_header_sys_un_h" != yes -a "$ac_cv_funclib_door_create" != yes ; then
-  	enable_kcm=no
-   fi
-fi
-if test "$enable_kcm" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_KCM 1
-_ACEOF
-
-fi
- if test "$enable_kcm" = yes; then
-  KCM_TRUE=
-  KCM_FALSE='#'
-else
-  KCM_TRUE='#'
-  KCM_FALSE=
-fi
-
-
-
-
-
-
-for ac_func in getudbnam setlim
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-
-
-
-
-
-{ echo "$as_me:$LINENO: checking for ut_addr in struct utmp" >&5
-echo $ECHO_N "checking for ut_addr in struct utmp... $ECHO_C" >&6; }
-if test "${ac_cv_type_struct_utmp_ut_addr+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <utmp.h>
-int
-main ()
-{
-struct utmp x; memset(&x, 0, sizeof(x)); x.ut_addr
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_type_struct_utmp_ut_addr=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_type_struct_utmp_ut_addr=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_utmp_ut_addr" >&5
-echo "${ECHO_T}$ac_cv_type_struct_utmp_ut_addr" >&6; }
-if test "$ac_cv_type_struct_utmp_ut_addr" = yes; then
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_STRUCT_UTMP_UT_ADDR 1
-_ACEOF
-
-
-fi
-
-
-
-
-{ echo "$as_me:$LINENO: checking for ut_host in struct utmp" >&5
-echo $ECHO_N "checking for ut_host in struct utmp... $ECHO_C" >&6; }
-if test "${ac_cv_type_struct_utmp_ut_host+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <utmp.h>
-int
-main ()
-{
-struct utmp x; memset(&x, 0, sizeof(x)); x.ut_host
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_type_struct_utmp_ut_host=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_type_struct_utmp_ut_host=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_utmp_ut_host" >&5
-echo "${ECHO_T}$ac_cv_type_struct_utmp_ut_host" >&6; }
-if test "$ac_cv_type_struct_utmp_ut_host" = yes; then
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_STRUCT_UTMP_UT_HOST 1
-_ACEOF
-
-
-fi
-
-
-
-
-{ echo "$as_me:$LINENO: checking for ut_id in struct utmp" >&5
-echo $ECHO_N "checking for ut_id in struct utmp... $ECHO_C" >&6; }
-if test "${ac_cv_type_struct_utmp_ut_id+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <utmp.h>
-int
-main ()
-{
-struct utmp x; memset(&x, 0, sizeof(x)); x.ut_id
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_type_struct_utmp_ut_id=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_type_struct_utmp_ut_id=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_utmp_ut_id" >&5
-echo "${ECHO_T}$ac_cv_type_struct_utmp_ut_id" >&6; }
-if test "$ac_cv_type_struct_utmp_ut_id" = yes; then
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_STRUCT_UTMP_UT_ID 1
-_ACEOF
-
-
-fi
-
-
-
-
-{ echo "$as_me:$LINENO: checking for ut_pid in struct utmp" >&5
-echo $ECHO_N "checking for ut_pid in struct utmp... $ECHO_C" >&6; }
-if test "${ac_cv_type_struct_utmp_ut_pid+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <utmp.h>
-int
-main ()
-{
-struct utmp x; memset(&x, 0, sizeof(x)); x.ut_pid
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_type_struct_utmp_ut_pid=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_type_struct_utmp_ut_pid=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_utmp_ut_pid" >&5
-echo "${ECHO_T}$ac_cv_type_struct_utmp_ut_pid" >&6; }
-if test "$ac_cv_type_struct_utmp_ut_pid" = yes; then
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_STRUCT_UTMP_UT_PID 1
-_ACEOF
-
-
-fi
-
-
-
-
-{ echo "$as_me:$LINENO: checking for ut_type in struct utmp" >&5
-echo $ECHO_N "checking for ut_type in struct utmp... $ECHO_C" >&6; }
-if test "${ac_cv_type_struct_utmp_ut_type+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <utmp.h>
-int
-main ()
-{
-struct utmp x; memset(&x, 0, sizeof(x)); x.ut_type
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_type_struct_utmp_ut_type=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_type_struct_utmp_ut_type=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_utmp_ut_type" >&5
-echo "${ECHO_T}$ac_cv_type_struct_utmp_ut_type" >&6; }
-if test "$ac_cv_type_struct_utmp_ut_type" = yes; then
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_STRUCT_UTMP_UT_TYPE 1
-_ACEOF
-
-
-fi
-
-
-
-
-{ echo "$as_me:$LINENO: checking for ut_user in struct utmp" >&5
-echo $ECHO_N "checking for ut_user in struct utmp... $ECHO_C" >&6; }
-if test "${ac_cv_type_struct_utmp_ut_user+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <utmp.h>
-int
-main ()
-{
-struct utmp x; memset(&x, 0, sizeof(x)); x.ut_user
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_type_struct_utmp_ut_user=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_type_struct_utmp_ut_user=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_utmp_ut_user" >&5
-echo "${ECHO_T}$ac_cv_type_struct_utmp_ut_user" >&6; }
-if test "$ac_cv_type_struct_utmp_ut_user" = yes; then
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_STRUCT_UTMP_UT_USER 1
-_ACEOF
-
-
-fi
-
-
-
-
-{ echo "$as_me:$LINENO: checking for ut_exit in struct utmpx" >&5
-echo $ECHO_N "checking for ut_exit in struct utmpx... $ECHO_C" >&6; }
-if test "${ac_cv_type_struct_utmpx_ut_exit+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <utmpx.h>
-int
-main ()
-{
-struct utmpx x; memset(&x, 0, sizeof(x)); x.ut_exit
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_type_struct_utmpx_ut_exit=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_type_struct_utmpx_ut_exit=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_utmpx_ut_exit" >&5
-echo "${ECHO_T}$ac_cv_type_struct_utmpx_ut_exit" >&6; }
-if test "$ac_cv_type_struct_utmpx_ut_exit" = yes; then
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_STRUCT_UTMPX_UT_EXIT 1
-_ACEOF
-
-
-fi
-
-
-
-
-{ echo "$as_me:$LINENO: checking for ut_syslen in struct utmpx" >&5
-echo $ECHO_N "checking for ut_syslen in struct utmpx... $ECHO_C" >&6; }
-if test "${ac_cv_type_struct_utmpx_ut_syslen+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <utmpx.h>
-int
-main ()
-{
-struct utmpx x; memset(&x, 0, sizeof(x)); x.ut_syslen
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_type_struct_utmpx_ut_syslen=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_type_struct_utmpx_ut_syslen=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_utmpx_ut_syslen" >&5
-echo "${ECHO_T}$ac_cv_type_struct_utmpx_ut_syslen" >&6; }
-if test "$ac_cv_type_struct_utmpx_ut_syslen" = yes; then
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_STRUCT_UTMPX_UT_SYSLEN 1
-_ACEOF
-
-
-fi
-
-
-
-{ echo "$as_me:$LINENO: checking for int8_t" >&5
-echo $ECHO_N "checking for int8_t... $ECHO_C" >&6; }
-if test "${ac_cv_type_int8_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-#include <sys/bitypes.h>
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-#include <netinet/in6_machtypes.h>
-#endif
-
-
-typedef int8_t ac__type_new_;
-int
-main ()
-{
-if ((ac__type_new_ *) 0)
-  return 0;
-if (sizeof (ac__type_new_))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_type_int8_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_type_int8_t=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_int8_t" >&5
-echo "${ECHO_T}$ac_cv_type_int8_t" >&6; }
-if test $ac_cv_type_int8_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_INT8_T 1
-_ACEOF
-
-
-fi
-{ echo "$as_me:$LINENO: checking for int16_t" >&5
-echo $ECHO_N "checking for int16_t... $ECHO_C" >&6; }
-if test "${ac_cv_type_int16_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-#include <sys/bitypes.h>
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-#include <netinet/in6_machtypes.h>
-#endif
-
-
-typedef int16_t ac__type_new_;
-int
-main ()
-{
-if ((ac__type_new_ *) 0)
-  return 0;
-if (sizeof (ac__type_new_))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_type_int16_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_type_int16_t=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_int16_t" >&5
-echo "${ECHO_T}$ac_cv_type_int16_t" >&6; }
-if test $ac_cv_type_int16_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_INT16_T 1
-_ACEOF
-
-
-fi
-{ echo "$as_me:$LINENO: checking for int32_t" >&5
-echo $ECHO_N "checking for int32_t... $ECHO_C" >&6; }
-if test "${ac_cv_type_int32_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-#include <sys/bitypes.h>
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-#include <netinet/in6_machtypes.h>
-#endif
-
-
-typedef int32_t ac__type_new_;
-int
-main ()
-{
-if ((ac__type_new_ *) 0)
-  return 0;
-if (sizeof (ac__type_new_))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_type_int32_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_type_int32_t=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_int32_t" >&5
-echo "${ECHO_T}$ac_cv_type_int32_t" >&6; }
-if test $ac_cv_type_int32_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_INT32_T 1
-_ACEOF
-
-
-fi
-{ echo "$as_me:$LINENO: checking for int64_t" >&5
-echo $ECHO_N "checking for int64_t... $ECHO_C" >&6; }
-if test "${ac_cv_type_int64_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-#include <sys/bitypes.h>
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-#include <netinet/in6_machtypes.h>
-#endif
-
-
-typedef int64_t ac__type_new_;
-int
-main ()
-{
-if ((ac__type_new_ *) 0)
-  return 0;
-if (sizeof (ac__type_new_))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_type_int64_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_type_int64_t=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_int64_t" >&5
-echo "${ECHO_T}$ac_cv_type_int64_t" >&6; }
-if test $ac_cv_type_int64_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_INT64_T 1
-_ACEOF
-
-
-fi
-{ echo "$as_me:$LINENO: checking for u_int8_t" >&5
-echo $ECHO_N "checking for u_int8_t... $ECHO_C" >&6; }
-if test "${ac_cv_type_u_int8_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-#include <sys/bitypes.h>
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-#include <netinet/in6_machtypes.h>
-#endif
-
-
-typedef u_int8_t ac__type_new_;
-int
-main ()
-{
-if ((ac__type_new_ *) 0)
-  return 0;
-if (sizeof (ac__type_new_))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_type_u_int8_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_type_u_int8_t=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_u_int8_t" >&5
-echo "${ECHO_T}$ac_cv_type_u_int8_t" >&6; }
-if test $ac_cv_type_u_int8_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_U_INT8_T 1
-_ACEOF
-
-
-fi
-{ echo "$as_me:$LINENO: checking for u_int16_t" >&5
-echo $ECHO_N "checking for u_int16_t... $ECHO_C" >&6; }
-if test "${ac_cv_type_u_int16_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-#include <sys/bitypes.h>
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-#include <netinet/in6_machtypes.h>
-#endif
-
-
-typedef u_int16_t ac__type_new_;
-int
-main ()
-{
-if ((ac__type_new_ *) 0)
-  return 0;
-if (sizeof (ac__type_new_))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_type_u_int16_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_type_u_int16_t=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_u_int16_t" >&5
-echo "${ECHO_T}$ac_cv_type_u_int16_t" >&6; }
-if test $ac_cv_type_u_int16_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_U_INT16_T 1
-_ACEOF
-
-
-fi
-{ echo "$as_me:$LINENO: checking for u_int32_t" >&5
-echo $ECHO_N "checking for u_int32_t... $ECHO_C" >&6; }
-if test "${ac_cv_type_u_int32_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-#include <sys/bitypes.h>
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-#include <netinet/in6_machtypes.h>
-#endif
-
-
-typedef u_int32_t ac__type_new_;
-int
-main ()
-{
-if ((ac__type_new_ *) 0)
-  return 0;
-if (sizeof (ac__type_new_))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_type_u_int32_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_type_u_int32_t=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_u_int32_t" >&5
-echo "${ECHO_T}$ac_cv_type_u_int32_t" >&6; }
-if test $ac_cv_type_u_int32_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_U_INT32_T 1
-_ACEOF
-
-
-fi
-{ echo "$as_me:$LINENO: checking for u_int64_t" >&5
-echo $ECHO_N "checking for u_int64_t... $ECHO_C" >&6; }
-if test "${ac_cv_type_u_int64_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-#include <sys/bitypes.h>
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-#include <netinet/in6_machtypes.h>
-#endif
-
-
-typedef u_int64_t ac__type_new_;
-int
-main ()
-{
-if ((ac__type_new_ *) 0)
-  return 0;
-if (sizeof (ac__type_new_))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_type_u_int64_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_type_u_int64_t=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_u_int64_t" >&5
-echo "${ECHO_T}$ac_cv_type_u_int64_t" >&6; }
-if test $ac_cv_type_u_int64_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_U_INT64_T 1
-_ACEOF
-
-
-fi
-{ echo "$as_me:$LINENO: checking for uint8_t" >&5
-echo $ECHO_N "checking for uint8_t... $ECHO_C" >&6; }
-if test "${ac_cv_type_uint8_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-#include <sys/bitypes.h>
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-#include <netinet/in6_machtypes.h>
-#endif
-
-
-typedef uint8_t ac__type_new_;
-int
-main ()
-{
-if ((ac__type_new_ *) 0)
-  return 0;
-if (sizeof (ac__type_new_))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_type_uint8_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_type_uint8_t=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_uint8_t" >&5
-echo "${ECHO_T}$ac_cv_type_uint8_t" >&6; }
-if test $ac_cv_type_uint8_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_UINT8_T 1
-_ACEOF
-
-
-fi
-{ echo "$as_me:$LINENO: checking for uint16_t" >&5
-echo $ECHO_N "checking for uint16_t... $ECHO_C" >&6; }
-if test "${ac_cv_type_uint16_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-#include <sys/bitypes.h>
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-#include <netinet/in6_machtypes.h>
-#endif
-
-
-typedef uint16_t ac__type_new_;
-int
-main ()
-{
-if ((ac__type_new_ *) 0)
-  return 0;
-if (sizeof (ac__type_new_))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_type_uint16_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_type_uint16_t=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_uint16_t" >&5
-echo "${ECHO_T}$ac_cv_type_uint16_t" >&6; }
-if test $ac_cv_type_uint16_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_UINT16_T 1
-_ACEOF
-
-
-fi
-{ echo "$as_me:$LINENO: checking for uint32_t" >&5
-echo $ECHO_N "checking for uint32_t... $ECHO_C" >&6; }
-if test "${ac_cv_type_uint32_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-#include <sys/bitypes.h>
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-#include <netinet/in6_machtypes.h>
-#endif
-
-
-typedef uint32_t ac__type_new_;
-int
-main ()
-{
-if ((ac__type_new_ *) 0)
-  return 0;
-if (sizeof (ac__type_new_))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_type_uint32_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_type_uint32_t=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_uint32_t" >&5
-echo "${ECHO_T}$ac_cv_type_uint32_t" >&6; }
-if test $ac_cv_type_uint32_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_UINT32_T 1
-_ACEOF
-
-
-fi
-{ echo "$as_me:$LINENO: checking for uint64_t" >&5
-echo $ECHO_N "checking for uint64_t... $ECHO_C" >&6; }
-if test "${ac_cv_type_uint64_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-#include <sys/bitypes.h>
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-#include <netinet/in6_machtypes.h>
-#endif
-
-
-typedef uint64_t ac__type_new_;
-int
-main ()
-{
-if ((ac__type_new_ *) 0)
-  return 0;
-if (sizeof (ac__type_new_))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_type_uint64_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_type_uint64_t=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_uint64_t" >&5
-echo "${ECHO_T}$ac_cv_type_uint64_t" >&6; }
-if test $ac_cv_type_uint64_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_UINT64_T 1
-_ACEOF
-
-
-fi
-
-
-
-
-{ echo "$as_me:$LINENO: checking for framework security" >&5
-echo $ECHO_N "checking for framework security... $ECHO_C" >&6; }
-if test "${rk_cv_framework_security+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if test "$rk_cv_framework_security" != yes; then
-	ac_save_LIBS="$LIBS"
-	LIBS="$ac_save_LIBS -framework Security -framework CoreFoundation"
-	cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <Security/Security.h>
-
-int
-main ()
-{
-SecKeychainSearchRef searchRef;
-SecKeychainSearchCreateFromAttributes(NULL,kSecCertificateItemClass,NULL, &searchRef);
-CFRelease(&searchRef);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  rk_cv_framework_security=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-if test "$rk_cv_framework_security" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_FRAMEWORK_SECURITY 1
-_ACEOF
-
-   { echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-else
-   { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
- if test "$rk_cv_framework_security" = yes; then
-  FRAMEWORK_SECURITY_TRUE=
-  FRAMEWORK_SECURITY_FALSE='#'
-else
-  FRAMEWORK_SECURITY_TRUE='#'
-  FRAMEWORK_SECURITY_FALSE=
-fi
-
-
-if test "$rk_cv_framework_security" = yes; then
-
-if test "$ac_cv_func_SecKeyGetCSPHandle+set" != set -o "$ac_cv_func_SecKeyGetCSPHandle" = yes; then
-{ echo "$as_me:$LINENO: checking if SecKeyGetCSPHandle needs a prototype" >&5
-echo $ECHO_N "checking if SecKeyGetCSPHandle needs a prototype... $ECHO_C" >&6; }
-if test "${ac_cv_func_SecKeyGetCSPHandle_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <Security/Security.h>
-struct foo { int foo; } xx;
-extern int SecKeyGetCSPHandle (struct foo*);
-int
-main ()
-{
-SecKeyGetCSPHandle(&xx)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "ac_cv_func_SecKeyGetCSPHandle_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "ac_cv_func_SecKeyGetCSPHandle_noproto=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_SecKeyGetCSPHandle_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_SecKeyGetCSPHandle_noproto" >&6; }
-if test "$ac_cv_func_SecKeyGetCSPHandle_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_SECKEYGETCSPHANDLE_PROTO 1
-_ACEOF
-
-fi
-fi
-
-fi
-
-
-
-
-
-
-
-{ echo "$as_me:$LINENO: checking for el_init" >&5
-echo $ECHO_N "checking for el_init... $ECHO_C" >&6; }
-if test "${ac_cv_funclib_el_init+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_el_init\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" edit; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib $LIB_tgetent $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-int
-main ()
-{
-el_init()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_el_init=$ac_lib; else ac_cv_funclib_el_init=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_el_init=\${ac_cv_funclib_el_init-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_el_init"
-
-if false; then
-
-for ac_func in el_init
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# el_init
-eval "ac_tr_func=HAVE_`echo el_init | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_el_init=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_el_init=yes"
-	eval "LIB_el_init="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-	;;
-	no)
-	eval "ac_cv_func_el_init=no"
-	eval "LIB_el_init="
-	{ echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-	;;
-	*)
-	eval "ac_cv_func_el_init=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	{ echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6; }
-	;;
-esac
-
-
-if test "$ac_cv_func_el_init" = yes ; then
-	{ echo "$as_me:$LINENO: checking for four argument el_init" >&5
-echo $ECHO_N "checking for four argument el_init... $ECHO_C" >&6; }
-if test "${ac_cv_func_el_init_four+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <stdio.h>
-			#include <histedit.h>
-int
-main ()
-{
-el_init("", NULL, NULL, NULL);
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  ac_cv_func_el_init_four=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_el_init_four=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_el_init_four" >&5
-echo "${ECHO_T}$ac_cv_func_el_init_four" >&6; }
-	if test "$ac_cv_func_el_init_four" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_FOUR_VALUED_EL_INIT 1
-_ACEOF
-
-	fi
-fi
-
-
-ac_foo=no
-if test "$with_readline" = yes; then
-	:
-elif test "$ac_cv_func_readline" = yes; then
-	:
-elif test "$ac_cv_func_el_init" = yes; then
-	ac_foo=yes
-	LIB_readline="\$(top_builddir)/lib/editline/libel_compat.la \$(LIB_el_init) \$(LIB_tgetent)"
-else
-	LIB_readline="\$(top_builddir)/lib/editline/libeditline.la \$(LIB_tgetent)"
-fi
- if test "$ac_foo" = yes; then
-  el_compat_TRUE=
-  el_compat_FALSE='#'
-else
-  el_compat_TRUE='#'
-  el_compat_FALSE=
-fi
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_READLINE 1
-_ACEOF
-
-
-
-
-
-cat >>confdefs.h <<\_ACEOF
-#define AUTHENTICATION 1
-_ACEOF
-
-cat >>confdefs.h <<\_ACEOF
-#define ENCRYPTION 1
-_ACEOF
-
-cat >>confdefs.h <<\_ACEOF
-#define DES_ENCRYPTION 1
-_ACEOF
-
-cat >>confdefs.h <<\_ACEOF
-#define DIAGNOSTICS 1
-_ACEOF
-
-cat >>confdefs.h <<\_ACEOF
-#define OLD_ENVIRON 1
-_ACEOF
-if false; then
-
-cat >>confdefs.h <<\_ACEOF
-#define ENV_HACK 1
-_ACEOF
-
-fi
-
-# Simple test for streamspty, based on the existance of getmsg(), alas
-# this breaks on SunOS4 which have streams but BSD-like ptys
-#
-# And also something wierd has happend with dec-osf1, fallback to bsd-ptys
-
-case "$host" in
-*-*-aix3*|*-*-sunos4*|*-*-osf*|*-*-hpux1[01]*)
-	;;
-*)
-	{ echo "$as_me:$LINENO: checking for getmsg" >&5
-echo $ECHO_N "checking for getmsg... $ECHO_C" >&6; }
-if test "${ac_cv_func_getmsg+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define getmsg to an innocuous variant, in case <limits.h> declares getmsg.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define getmsg innocuous_getmsg
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char getmsg (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef getmsg
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char getmsg ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_getmsg || defined __stub___getmsg
-choke me
-#endif
-
-int
-main ()
-{
-return getmsg ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_getmsg=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	ac_cv_func_getmsg=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_getmsg" >&5
-echo "${ECHO_T}$ac_cv_func_getmsg" >&6; }
-
-	if test "$ac_cv_func_getmsg" = "yes"; then
-		{ echo "$as_me:$LINENO: checking if getmsg works" >&5
-echo $ECHO_N "checking if getmsg works... $ECHO_C" >&6; }
-if test "${ac_cv_func_getmsg_works+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test "$cross_compiling" = yes; then
-  ac_cv_func_getmsg_works=no
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-			#include <stdio.h>
-			#include <errno.h>
-
-			int main(int argc, char **argv)
-			{
-			  int ret;
-			  ret = getmsg(open("/dev/null", 0), NULL, NULL, NULL);
-			  if(ret < 0 && errno == ENOSYS)
-			    return 1;
-			  return 0;
-			}
-
-_ACEOF
-rm -f conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_try") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_getmsg_works=yes
-else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-( exit $ac_status )
-ac_cv_func_getmsg_works=no
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-
-
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_getmsg_works" >&5
-echo "${ECHO_T}$ac_cv_func_getmsg_works" >&6; }
-		if test "$ac_cv_func_getmsg_works" = "yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_GETMSG 1
-_ACEOF
-
-
-cat >>confdefs.h <<\_ACEOF
-#define STREAMSPTY 1
-_ACEOF
-
-		fi
-	fi
-	;;
-esac
-
-
-
-
-
-
-
-# Extract the first word of "compile_et", so it can be a program name with args.
-set dummy compile_et; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_COMPILE_ET+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$COMPILE_ET"; then
-  ac_cv_prog_COMPILE_ET="$COMPILE_ET" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-    ac_cv_prog_COMPILE_ET="compile_et"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-COMPILE_ET=$ac_cv_prog_COMPILE_ET
-if test -n "$COMPILE_ET"; then
-  { echo "$as_me:$LINENO: result: $COMPILE_ET" >&5
-echo "${ECHO_T}$COMPILE_ET" >&6; }
-else
-  { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-
-
-
-krb_cv_compile_et="no"
-krb_cv_com_err_need_r=""
-krb_cv_compile_et_cross=no
-if test "${COMPILE_ET}" = "compile_et"; then
-
-{ echo "$as_me:$LINENO: checking whether compile_et has the features we need" >&5
-echo $ECHO_N "checking whether compile_et has the features we need... $ECHO_C" >&6; }
-cat > conftest_et.et <<'EOF'
-error_table test conf
-prefix CONFTEST
-index 1
-error_code CODE1, "CODE1"
-index 128
-error_code CODE2, "CODE2"
-end
-EOF
-if ${COMPILE_ET} conftest_et.et >/dev/null 2>&1; then
-    save_CPPFLAGS="${CPPFLAGS}"
-  if test -d "/usr/include/et"; then
-    CPPFLAGS="-I/usr/include/et ${CPPFLAGS}"
-  fi
-    if test "$cross_compiling" = yes; then
-  krb_cv_compile_et="yes" krb_cv_compile_et_cross=yes
-else
-  cat >conftest.$ac_ext <<_ACEOF
-
-#include <com_err.h>
-#include <string.h>
-#include "conftest_et.h"
-int main(int argc, char **argv){
-#ifndef ERROR_TABLE_BASE_conf
-#error compile_et does not handle error_table N M
-#endif
-return (CONFTEST_CODE2 - CONFTEST_CODE1) != 127;}
-
-_ACEOF
-rm -f conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_try") 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  krb_cv_compile_et="yes"
-else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-( exit $ac_status )
-CPPFLAGS="${save_CPPFLAGS}"
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-
-
-fi
-{ echo "$as_me:$LINENO: result: ${krb_cv_compile_et}" >&5
-echo "${ECHO_T}${krb_cv_compile_et}" >&6; }
-if test "${krb_cv_compile_et}" = "yes" -a "${krb_cv_compile_et_cross}" = no; then
-  { echo "$as_me:$LINENO: checking for if com_err generates a initialize_conf_error_table_r" >&5
-echo $ECHO_N "checking for if com_err generates a initialize_conf_error_table_r... $ECHO_C" >&6; }
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include "conftest_et.h"
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP "initialize_conf_error_table_r.*struct et_list" >/dev/null 2>&1; then
-  krb_cv_com_err_need_r="ok"
-fi
-rm -f conftest*
-
-  if test X"$krb_cv_com_err_need_r" = X ; then
-    { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-    krb_cv_compile_et=no
-  else
-    { echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-  fi
-fi
-rm -fr conftest*
-fi
-
-if test "${krb_cv_compile_et_cross}" = yes ; then
-  krb_cv_com_err="cross"
-elif test "${krb_cv_compile_et}" = "yes"; then
-    krb_cv_save_LIBS="${LIBS}"
-  LIBS="${LIBS} -lcom_err"
-  { echo "$as_me:$LINENO: checking for com_err" >&5
-echo $ECHO_N "checking for com_err... $ECHO_C" >&6; }
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-#include <com_err.h>
-int
-main ()
-{
-
-    const char *p;
-    p = error_message(0);
-    initialize_error_table_r(0,0,0,0);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  krb_cv_com_err="yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	krb_cv_com_err="no"; CPPFLAGS="${save_CPPFLAGS}"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-  { echo "$as_me:$LINENO: result: ${krb_cv_com_err}" >&5
-echo "${ECHO_T}${krb_cv_com_err}" >&6; }
-  LIBS="${krb_cv_save_LIBS}"
-else
-    krb_cv_com_err="no"
-fi
-
-if test "${krb_cv_com_err}" = "yes"; then
-    DIR_com_err=""
-    LIB_com_err="-lcom_err"
-    LIB_com_err_a=""
-    LIB_com_err_so=""
-    { echo "$as_me:$LINENO: Using the already-installed com_err" >&5
-echo "$as_me: Using the already-installed com_err" >&6;}
-    localcomerr=no
-elif test "${krb_cv_com_err}" = "cross"; then
-    DIR_com_err="com_err"
-    LIB_com_err="\$(top_builddir)/lib/com_err/libcom_err.la"
-    LIB_com_err_a="\$(top_builddir)/lib/com_err/.libs/libcom_err.a"
-    LIB_com_err_so="\$(top_builddir)/lib/com_err/.libs/libcom_err.so"
-    { echo "$as_me:$LINENO: Using our own com_err with toolchain compile_et" >&5
-echo "$as_me: Using our own com_err with toolchain compile_et" >&6;}
-    localcomerr=yes
-else
-    COMPILE_ET="\$(top_builddir)/lib/com_err/compile_et"
-    DIR_com_err="com_err"
-    LIB_com_err="\$(top_builddir)/lib/com_err/libcom_err.la"
-    LIB_com_err_a="\$(top_builddir)/lib/com_err/.libs/libcom_err.a"
-    LIB_com_err_so="\$(top_builddir)/lib/com_err/.libs/libcom_err.so"
-    { echo "$as_me:$LINENO: Using our own com_err" >&5
-echo "$as_me: Using our own com_err" >&6;}
-    localcomerr=yes
-fi
- if test "$localcomerr" = yes; then
-  COM_ERR_TRUE=
-  COM_ERR_FALSE='#'
-else
-  COM_ERR_TRUE='#'
-  COM_ERR_FALSE=
-fi
-
-
-
-
-
-
-
-
-{ echo "$as_me:$LINENO: checking which authentication modules should be built" >&5
-echo $ECHO_N "checking which authentication modules should be built... $ECHO_C" >&6; }
-
-z='sia afskauthlib'
-LIB_AUTH_SUBDIRS=
-for i in $z; do
-case $i in
-sia)
-if test "$ac_cv_header_siad_h" = yes; then
-	LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS sia"
-fi
-;;
-pam)
-case "${host}" in
-*-*-freebsd*)	ac_cv_want_pam_krb4=no ;;
-*)		ac_cv_want_pam_krb4=yes ;;
-esac
-
-if test "$ac_cv_want_pam_krb4" = yes -a \
-    "$ac_cv_header_security_pam_modules_h" = yes -a \
-    "$enable_shared" = yes; then
-	LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS pam"
-fi
-;;
-afskauthlib)
-case "${host}" in
-*-*-irix[56]*) LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS afskauthlib" ;;
-esac
-;;
-esac
-done
-if test "$LIB_AUTH_SUBDIRS"; then
-	{ echo "$as_me:$LINENO: result: $LIB_AUTH_SUBDIRS" >&5
-echo "${ECHO_T}$LIB_AUTH_SUBDIRS" >&6; }
-else
-	{ echo "$as_me:$LINENO: result: none" >&5
-echo "${ECHO_T}none" >&6; }
-fi
-
-
-
-
-# This is done by AC_OUTPUT but we need the result here.
-test "x$prefix" = xNONE && prefix=$ac_default_prefix
-test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
-
-
-	x="${bindir}"
-	eval y="$x"
-	while test "x$y" != "x$x"; do
-		x="$y"
-		eval y="$x"
-	done
-
-cat >>confdefs.h <<_ACEOF
-#define BINDIR "$x"
-_ACEOF
-
-	x="${libdir}"
-	eval y="$x"
-	while test "x$y" != "x$x"; do
-		x="$y"
-		eval y="$x"
-	done
-
-cat >>confdefs.h <<_ACEOF
-#define LIBDIR "$x"
-_ACEOF
-
-	x="${libexecdir}"
-	eval y="$x"
-	while test "x$y" != "x$x"; do
-		x="$y"
-		eval y="$x"
-	done
-
-cat >>confdefs.h <<_ACEOF
-#define LIBEXECDIR "$x"
-_ACEOF
-
-	x="${localstatedir}"
-	eval y="$x"
-	while test "x$y" != "x$x"; do
-		x="$y"
-		eval y="$x"
-	done
-
-cat >>confdefs.h <<_ACEOF
-#define LOCALSTATEDIR "$x"
-_ACEOF
-
-	x="${sbindir}"
-	eval y="$x"
-	while test "x$y" != "x$x"; do
-		x="$y"
-		eval y="$x"
-	done
-
-cat >>confdefs.h <<_ACEOF
-#define SBINDIR "$x"
-_ACEOF
-
-	x="${sysconfdir}"
-	eval y="$x"
-	while test "x$y" != "x$x"; do
-		x="$y"
-		eval y="$x"
-	done
-
-cat >>confdefs.h <<_ACEOF
-#define SYSCONFDIR "$x"
-_ACEOF
-
-
-
-
-
-# Check whether --enable-developer was given.
-if test "${enable_developer+set}" = set; then
-  enableval=$enable_developer;
-fi
-
-if test "X$enable_developer" = Xyes; then
-    dwflags="-Werror"
-fi
-
-WFLAGS_NOUNUSED=""
-WFLAGS_NOIMPLICITINT=""
-if test -z "$WFLAGS" -a "$GCC" = "yes"; then
-  # -Wno-implicit-int for broken X11 headers
-  # leave these out for now:
-  #   -Wcast-align doesn't work well on alpha osf/1
-  #   -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast
-  #   -Wmissing-declarations -Wnested-externs
-  WFLAGS="-Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs $dwflags"
-  WFLAGS_NOUNUSED="-Wno-unused"
-  WFLAGS_NOIMPLICITINT="-Wno-implicit-int"
-fi
-
-
-
-
-
-
-ac_config_files="$ac_config_files Makefile etc/Makefile include/Makefile include/gssapi/Makefile include/hcrypto/Makefile include/kadm5/Makefile lib/Makefile lib/45/Makefile lib/auth/Makefile lib/auth/afskauthlib/Makefile lib/auth/pam/Makefile lib/auth/sia/Makefile lib/asn1/Makefile lib/com_err/Makefile lib/hcrypto/Makefile lib/editline/Makefile lib/hx509/Makefile lib/gssapi/Makefile lib/ntlm/Makefile lib/hdb/Makefile lib/kadm5/Makefile lib/kafs/Makefile lib/kdfs/Makefile lib/krb5/Makefile lib/otp/Makefile lib/roken/Makefile lib/sl/Makefile lib/vers/Makefile kuser/Makefile kpasswd/Makefile kadmin/Makefile admin/Makefile kcm/Makefile kdc/Makefile appl/Makefile appl/afsutil/Makefile appl/ftp/Makefile appl/ftp/common/Makefile appl/ftp/ftp/Makefile appl/ftp/ftpd/Makefile appl/gssmask/Makefile appl/kx/Makefile appl/login/Makefile appl/otp/Makefile appl/popper/Makefile appl/push/Makefile appl/rsh/Makefile appl/rcp/Makefile appl/su/Makefile appl/xnlock/Makefile appl/telnet/Makefile appl/telnet/libtelnet/Makefile appl/telnet/telnet/Makefile appl/telnet/telnetd/Makefile appl/test/Makefile appl/kf/Makefile appl/dceutils/Makefile tests/Makefile tests/can/Makefile tests/db/Makefile tests/kdc/Makefile tests/ldap/Makefile tests/gss/Makefile tests/java/Makefile tests/plugin/Makefile packages/Makefile packages/mac/Makefile packages/debian/Makefile doc/Makefile tools/Makefile"
-
-
-cat >confcache <<\_ACEOF
-# This file is a shell script that caches the results of configure
-# tests run on this system so they can be shared between configure
-# scripts and configure runs, see configure's option --config-cache.
-# It is not useful on other systems.  If it contains results you don't
-# want to keep, you may remove or edit it.
-#
-# config.status only pays attention to the cache file if you give it
-# the --recheck option to rerun configure.
-#
-# `ac_cv_env_foo' variables (set or unset) will be overridden when
-# loading this file, other *unset* `ac_cv_foo' will be assigned the
-# following values.
-
-_ACEOF
-
-# The following way of writing the cache mishandles newlines in values,
-# but we know of no workaround that is simple, portable, and efficient.
-# So, we kill variables containing newlines.
-# Ultrix sh set writes to stderr and can't be redirected directly,
-# and sets the high bit in the cache file unless we assign to the vars.
-(
-  for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do
-    eval ac_val=\$$ac_var
-    case $ac_val in #(
-    *${as_nl}*)
-      case $ac_var in #(
-      *_cv_*) { echo "$as_me:$LINENO: WARNING: Cache variable $ac_var contains a newline." >&5
-echo "$as_me: WARNING: Cache variable $ac_var contains a newline." >&2;} ;;
-      esac
-      case $ac_var in #(
-      _ | IFS | as_nl) ;; #(
-      *) $as_unset $ac_var ;;
-      esac ;;
-    esac
-  done
-
-  (set) 2>&1 |
-    case $as_nl`(ac_space=' '; set) 2>&1` in #(
-    *${as_nl}ac_space=\ *)
-      # `set' does not quote correctly, so add quotes (double-quote
-      # substitution turns \\\\ into \\, and sed turns \\ into \).
-      sed -n \
-	"s/'/'\\\\''/g;
-	  s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
-      ;; #(
-    *)
-      # `set' quotes correctly as required by POSIX, so do not add quotes.
-      sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
-      ;;
-    esac |
-    sort
-) |
-  sed '
-     /^ac_cv_env_/b end
-     t clear
-     :clear
-     s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
-     t end
-     s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
-     :end' >>confcache
-if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
-  if test -w "$cache_file"; then
-    test "x$cache_file" != "x/dev/null" &&
-      { echo "$as_me:$LINENO: updating cache $cache_file" >&5
-echo "$as_me: updating cache $cache_file" >&6;}
-    cat confcache >$cache_file
-  else
-    { echo "$as_me:$LINENO: not updating unwritable cache $cache_file" >&5
-echo "$as_me: not updating unwritable cache $cache_file" >&6;}
-  fi
-fi
-rm -f confcache
-
-test "x$prefix" = xNONE && prefix=$ac_default_prefix
-# Let make expand exec_prefix.
-test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
-
-DEFS=-DHAVE_CONFIG_H
-
-ac_libobjs=
-ac_ltlibobjs=
-for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
-  # 1. Remove the extension, and $U if already installed.
-  ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
-  ac_i=`echo "$ac_i" | sed "$ac_script"`
-  # 2. Prepend LIBOBJDIR.  When used with automake>=1.10 LIBOBJDIR
-  #    will be set to the directory where LIBOBJS objects are built.
-  ac_libobjs="$ac_libobjs \${LIBOBJDIR}$ac_i\$U.$ac_objext"
-  ac_ltlibobjs="$ac_ltlibobjs \${LIBOBJDIR}$ac_i"'$U.lo'
-done
-LIBOBJS=$ac_libobjs
-
-LTLIBOBJS=$ac_ltlibobjs
-
-
-if test -z "${MAINTAINER_MODE_TRUE}" && test -z "${MAINTAINER_MODE_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"MAINTAINER_MODE\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"MAINTAINER_MODE\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${ENABLE_SHARED_TRUE}" && test -z "${ENABLE_SHARED_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"ENABLE_SHARED\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"ENABLE_SHARED\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${versionscript_TRUE}" && test -z "${versionscript_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"versionscript\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"versionscript\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${OPENLDAP_MODULE_TRUE}" && test -z "${OPENLDAP_MODULE_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"OPENLDAP_MODULE\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"OPENLDAP_MODULE\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${PKINIT_TRUE}" && test -z "${PKINIT_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"PKINIT\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"PKINIT\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${KRB4_TRUE}" && test -z "${KRB4_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"KRB4\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"KRB4\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${KRB5_TRUE}" && test -z "${KRB5_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"KRB5\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"KRB5\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${do_roken_rename_TRUE}" && test -z "${do_roken_rename_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"do_roken_rename\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"do_roken_rename\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${HAVE_OPENSSL_TRUE}" && test -z "${HAVE_OPENSSL_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"HAVE_OPENSSL\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"HAVE_OPENSSL\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${DCE_TRUE}" && test -z "${DCE_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"DCE\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"DCE\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${HAVE_DB1_TRUE}" && test -z "${HAVE_DB1_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"HAVE_DB1\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"HAVE_DB1\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${HAVE_DB3_TRUE}" && test -z "${HAVE_DB3_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"HAVE_DB3\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"HAVE_DB3\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${HAVE_NDBM_TRUE}" && test -z "${HAVE_NDBM_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"HAVE_NDBM\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"HAVE_NDBM\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${have_err_h_TRUE}" && test -z "${have_err_h_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"have_err_h\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"have_err_h\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${have_ifaddrs_h_TRUE}" && test -z "${have_ifaddrs_h_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"have_ifaddrs_h\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"have_ifaddrs_h\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${have_vis_h_TRUE}" && test -z "${have_vis_h_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"have_vis_h\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"have_vis_h\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${have_glob_h_TRUE}" && test -z "${have_glob_h_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"have_glob_h\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"have_glob_h\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${have_cgetent_TRUE}" && test -z "${have_cgetent_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"have_cgetent\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"have_cgetent\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${have_fnmatch_h_TRUE}" && test -z "${have_fnmatch_h_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"have_fnmatch_h\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"have_fnmatch_h\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${have_socket_wrapper_TRUE}" && test -z "${have_socket_wrapper_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"have_socket_wrapper\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"have_socket_wrapper\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${OTP_TRUE}" && test -z "${OTP_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"OTP\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"OTP\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${CATMAN_TRUE}" && test -z "${CATMAN_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"CATMAN\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"CATMAN\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${AIX_TRUE}" && test -z "${AIX_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"AIX\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"AIX\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${AIX4_TRUE}" && test -z "${AIX4_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"AIX4\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"AIX4\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${HAVE_DLOPEN_TRUE}" && test -z "${HAVE_DLOPEN_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"HAVE_DLOPEN\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"HAVE_DLOPEN\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${AIX_DYNAMIC_AFS_TRUE}" && test -z "${AIX_DYNAMIC_AFS_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"AIX_DYNAMIC_AFS\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"AIX_DYNAMIC_AFS\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${IRIX_TRUE}" && test -z "${IRIX_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"IRIX\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"IRIX\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${HAVE_X_TRUE}" && test -z "${HAVE_X_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"HAVE_X\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"HAVE_X\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${NEED_WRITEAUTH_TRUE}" && test -z "${NEED_WRITEAUTH_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"NEED_WRITEAUTH\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"NEED_WRITEAUTH\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${KCM_TRUE}" && test -z "${KCM_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"KCM\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"KCM\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${FRAMEWORK_SECURITY_TRUE}" && test -z "${FRAMEWORK_SECURITY_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"FRAMEWORK_SECURITY\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"FRAMEWORK_SECURITY\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${el_compat_TRUE}" && test -z "${el_compat_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"el_compat\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"el_compat\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${COM_ERR_TRUE}" && test -z "${COM_ERR_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"COM_ERR\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"COM_ERR\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-
-: ${CONFIG_STATUS=./config.status}
-ac_clean_files_save=$ac_clean_files
-ac_clean_files="$ac_clean_files $CONFIG_STATUS"
-{ echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5
-echo "$as_me: creating $CONFIG_STATUS" >&6;}
-cat >$CONFIG_STATUS <<_ACEOF
-#! $SHELL
-# Generated by $as_me.
-# Run this file to recreate the current configuration.
-# Compiler output produced by configure, useful for debugging
-# configure, is in config.log if it exists.
-
-debug=false
-ac_cs_recheck=false
-ac_cs_silent=false
-SHELL=\${CONFIG_SHELL-$SHELL}
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF
-## --------------------- ##
-## M4sh Initialization.  ##
-## --------------------- ##
-
-# Be more Bourne compatible
-DUALCASE=1; export DUALCASE # for MKS sh
-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
-  emulate sh
-  NULLCMD=:
-  # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
-  # is contrary to our usage.  Disable this feature.
-  alias -g '${1+"$@"}'='"$@"'
-  setopt NO_GLOB_SUBST
-else
-  case `(set -o) 2>/dev/null` in
-  *posix*) set -o posix ;;
-esac
-
-fi
-
-
-
-
-# PATH needs CR
-# Avoid depending upon Character Ranges.
-as_cr_letters='abcdefghijklmnopqrstuvwxyz'
-as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
-as_cr_Letters=$as_cr_letters$as_cr_LETTERS
-as_cr_digits='0123456789'
-as_cr_alnum=$as_cr_Letters$as_cr_digits
-
-# The user is always right.
-if test "${PATH_SEPARATOR+set}" != set; then
-  echo "#! /bin/sh" >conf$$.sh
-  echo  "exit 0"   >>conf$$.sh
-  chmod +x conf$$.sh
-  if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
-    PATH_SEPARATOR=';'
-  else
-    PATH_SEPARATOR=:
-  fi
-  rm -f conf$$.sh
-fi
-
-# Support unset when possible.
-if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
-  as_unset=unset
-else
-  as_unset=false
-fi
-
-
-# IFS
-# We need space, tab and new line, in precisely that order.  Quoting is
-# there to prevent editors from complaining about space-tab.
-# (If _AS_PATH_WALK were called with IFS unset, it would disable word
-# splitting by setting IFS to empty value.)
-as_nl='
-'
-IFS=" ""	$as_nl"
-
-# Find who we are.  Look in the path if we contain no directory separator.
-case $0 in
-  *[\\/]* ) as_myself=$0 ;;
-  *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
-done
-IFS=$as_save_IFS
-
-     ;;
-esac
-# We did not find ourselves, most probably we were run as `sh COMMAND'
-# in which case we are not to be found in the path.
-if test "x$as_myself" = x; then
-  as_myself=$0
-fi
-if test ! -f "$as_myself"; then
-  echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
-  { (exit 1); exit 1; }
-fi
-
-# Work around bugs in pre-3.0 UWIN ksh.
-for as_var in ENV MAIL MAILPATH
-do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
-done
-PS1='$ '
-PS2='> '
-PS4='+ '
-
-# NLS nuisances.
-for as_var in \
-  LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \
-  LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \
-  LC_TELEPHONE LC_TIME
-do
-  if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then
-    eval $as_var=C; export $as_var
-  else
-    ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
-  fi
-done
-
-# Required to use basename.
-if expr a : '\(a\)' >/dev/null 2>&1 &&
-   test "X`expr 00001 : '.*\(...\)'`" = X001; then
-  as_expr=expr
-else
-  as_expr=false
-fi
-
-if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
-  as_basename=basename
-else
-  as_basename=false
-fi
-
-
-# Name of the executable.
-as_me=`$as_basename -- "$0" ||
-$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
-	 X"$0" : 'X\(//\)$' \| \
-	 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
-echo X/"$0" |
-    sed '/^.*\/\([^/][^/]*\)\/*$/{
-	    s//\1/
-	    q
-	  }
-	  /^X\/\(\/\/\)$/{
-	    s//\1/
-	    q
-	  }
-	  /^X\/\(\/\).*/{
-	    s//\1/
-	    q
-	  }
-	  s/.*/./; q'`
-
-# CDPATH.
-$as_unset CDPATH
-
-
-
-  as_lineno_1=$LINENO
-  as_lineno_2=$LINENO
-  test "x$as_lineno_1" != "x$as_lineno_2" &&
-  test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || {
-
-  # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
-  # uniformly replaced by the line number.  The first 'sed' inserts a
-  # line-number line after each line using $LINENO; the second 'sed'
-  # does the real work.  The second script uses 'N' to pair each
-  # line-number line with the line containing $LINENO, and appends
-  # trailing '-' during substitution so that $LINENO is not a special
-  # case at line end.
-  # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
-  # scripts with optimization help from Paolo Bonzini.  Blame Lee
-  # E. McMahon (1931-1989) for sed's syntax.  :-)
-  sed -n '
-    p
-    /[$]LINENO/=
-  ' <$as_myself |
-    sed '
-      s/[$]LINENO.*/&-/
-      t lineno
-      b
-      :lineno
-      N
-      :loop
-      s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
-      t loop
-      s/-\n.*//
-    ' >$as_me.lineno &&
-  chmod +x "$as_me.lineno" ||
-    { echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2
-   { (exit 1); exit 1; }; }
-
-  # Don't try to exec as it changes $[0], causing all sort of problems
-  # (the dirname of $[0] is not the place where we might find the
-  # original and so on.  Autoconf is especially sensitive to this).
-  . "./$as_me.lineno"
-  # Exit status is that of the last command.
-  exit
-}
-
-
-if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
-  as_dirname=dirname
-else
-  as_dirname=false
-fi
-
-ECHO_C= ECHO_N= ECHO_T=
-case `echo -n x` in
--n*)
-  case `echo 'x\c'` in
-  *c*) ECHO_T='	';;	# ECHO_T is single tab character.
-  *)   ECHO_C='\c';;
-  esac;;
-*)
-  ECHO_N='-n';;
-esac
-
-if expr a : '\(a\)' >/dev/null 2>&1 &&
-   test "X`expr 00001 : '.*\(...\)'`" = X001; then
-  as_expr=expr
-else
-  as_expr=false
-fi
-
-rm -f conf$$ conf$$.exe conf$$.file
-if test -d conf$$.dir; then
-  rm -f conf$$.dir/conf$$.file
-else
-  rm -f conf$$.dir
-  mkdir conf$$.dir
-fi
-echo >conf$$.file
-if ln -s conf$$.file conf$$ 2>/dev/null; then
-  as_ln_s='ln -s'
-  # ... but there are two gotchas:
-  # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
-  # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
-  # In both cases, we have to default to `cp -p'.
-  ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
-    as_ln_s='cp -p'
-elif ln conf$$.file conf$$ 2>/dev/null; then
-  as_ln_s=ln
-else
-  as_ln_s='cp -p'
-fi
-rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
-rmdir conf$$.dir 2>/dev/null
-
-if mkdir -p . 2>/dev/null; then
-  as_mkdir_p=:
-else
-  test -d ./-p && rmdir ./-p
-  as_mkdir_p=false
-fi
-
-if test -x / >/dev/null 2>&1; then
-  as_test_x='test -x'
-else
-  if ls -dL / >/dev/null 2>&1; then
-    as_ls_L_option=L
-  else
-    as_ls_L_option=
-  fi
-  as_test_x='
-    eval sh -c '\''
-      if test -d "$1"; then
-        test -d "$1/.";
-      else
-	case $1 in
-        -*)set "./$1";;
-	esac;
-	case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in
-	???[sx]*):;;*)false;;esac;fi
-    '\'' sh
-  '
-fi
-as_executable_p=$as_test_x
-
-# Sed expression to map a string onto a valid CPP name.
-as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
-
-# Sed expression to map a string onto a valid variable name.
-as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
-
-
-exec 6>&1
-
-# Save the log message, to keep $[0] and so on meaningful, and to
-# report actual input values of CONFIG_FILES etc. instead of their
-# values after options handling.
-ac_log="
-This file was extended by Heimdal $as_me 1.1, which was
-generated by GNU Autoconf 2.61.  Invocation command line was
-
-  CONFIG_FILES    = $CONFIG_FILES
-  CONFIG_HEADERS  = $CONFIG_HEADERS
-  CONFIG_LINKS    = $CONFIG_LINKS
-  CONFIG_COMMANDS = $CONFIG_COMMANDS
-  $ $0 $@
-
-on `(hostname || uname -n) 2>/dev/null | sed 1q`
-"
-
-_ACEOF
-
-cat >>$CONFIG_STATUS <<_ACEOF
-# Files that config.status was made for.
-config_files="$ac_config_files"
-config_headers="$ac_config_headers"
-
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF
-ac_cs_usage="\
-\`$as_me' instantiates files from templates according to the
-current configuration.
-
-Usage: $0 [OPTIONS] [FILE]...
-
-  -h, --help       print this help, then exit
-  -V, --version    print version number and configuration settings, then exit
-  -q, --quiet      do not print progress messages
-  -d, --debug      don't remove temporary files
-      --recheck    update $as_me by reconfiguring in the same conditions
-  --file=FILE[:TEMPLATE]
-		   instantiate the configuration file FILE
-  --header=FILE[:TEMPLATE]
-		   instantiate the configuration header FILE
-
-Configuration files:
-$config_files
-
-Configuration headers:
-$config_headers
-
-Report bugs to <bug-autoconf@gnu.org>."
-
-_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF
-ac_cs_version="\\
-Heimdal config.status 1.1
-configured by $0, generated by GNU Autoconf 2.61,
-  with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"
-
-Copyright (C) 2006 Free Software Foundation, Inc.
-This config.status script is free software; the Free Software Foundation
-gives unlimited permission to copy, distribute and modify it."
-
-ac_pwd='$ac_pwd'
-srcdir='$srcdir'
-INSTALL='$INSTALL'
-MKDIR_P='$MKDIR_P'
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF
-# If no file are specified by the user, then we need to provide default
-# value.  By we need to know if files were specified by the user.
-ac_need_defaults=:
-while test $# != 0
-do
-  case $1 in
-  --*=*)
-    ac_option=`expr "X$1" : 'X\([^=]*\)='`
-    ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
-    ac_shift=:
-    ;;
-  *)
-    ac_option=$1
-    ac_optarg=$2
-    ac_shift=shift
-    ;;
-  esac
-
-  case $ac_option in
-  # Handling of the options.
-  -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
-    ac_cs_recheck=: ;;
-  --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
-    echo "$ac_cs_version"; exit ;;
-  --debug | --debu | --deb | --de | --d | -d )
-    debug=: ;;
-  --file | --fil | --fi | --f )
-    $ac_shift
-    CONFIG_FILES="$CONFIG_FILES $ac_optarg"
-    ac_need_defaults=false;;
-  --header | --heade | --head | --hea )
-    $ac_shift
-    CONFIG_HEADERS="$CONFIG_HEADERS $ac_optarg"
-    ac_need_defaults=false;;
-  --he | --h)
-    # Conflict between --help and --header
-    { echo "$as_me: error: ambiguous option: $1
-Try \`$0 --help' for more information." >&2
-   { (exit 1); exit 1; }; };;
-  --help | --hel | -h )
-    echo "$ac_cs_usage"; exit ;;
-  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
-  | -silent | --silent | --silen | --sile | --sil | --si | --s)
-    ac_cs_silent=: ;;
-
-  # This is an error.
-  -*) { echo "$as_me: error: unrecognized option: $1
-Try \`$0 --help' for more information." >&2
-   { (exit 1); exit 1; }; } ;;
-
-  *) ac_config_targets="$ac_config_targets $1"
-     ac_need_defaults=false ;;
-
-  esac
-  shift
-done
-
-ac_configure_extra_args=
-
-if $ac_cs_silent; then
-  exec 6>/dev/null
-  ac_configure_extra_args="$ac_configure_extra_args --silent"
-fi
-
-_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF
-if \$ac_cs_recheck; then
-  echo "running CONFIG_SHELL=$SHELL $SHELL $0 "$ac_configure_args \$ac_configure_extra_args " --no-create --no-recursion" >&6
-  CONFIG_SHELL=$SHELL
-  export CONFIG_SHELL
-  exec $SHELL "$0"$ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
-fi
-
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF
-exec 5>>config.log
-{
-  echo
-  sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
-## Running $as_me. ##
-_ASBOX
-  echo "$ac_log"
-} >&5
-
-_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF
-
-# Handling of arguments.
-for ac_config_target in $ac_config_targets
-do
-  case $ac_config_target in
-    "include/config.h") CONFIG_HEADERS="$CONFIG_HEADERS include/config.h" ;;
-    "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
-    "etc/Makefile") CONFIG_FILES="$CONFIG_FILES etc/Makefile" ;;
-    "include/Makefile") CONFIG_FILES="$CONFIG_FILES include/Makefile" ;;
-    "include/gssapi/Makefile") CONFIG_FILES="$CONFIG_FILES include/gssapi/Makefile" ;;
-    "include/hcrypto/Makefile") CONFIG_FILES="$CONFIG_FILES include/hcrypto/Makefile" ;;
-    "include/kadm5/Makefile") CONFIG_FILES="$CONFIG_FILES include/kadm5/Makefile" ;;
-    "lib/Makefile") CONFIG_FILES="$CONFIG_FILES lib/Makefile" ;;
-    "lib/45/Makefile") CONFIG_FILES="$CONFIG_FILES lib/45/Makefile" ;;
-    "lib/auth/Makefile") CONFIG_FILES="$CONFIG_FILES lib/auth/Makefile" ;;
-    "lib/auth/afskauthlib/Makefile") CONFIG_FILES="$CONFIG_FILES lib/auth/afskauthlib/Makefile" ;;
-    "lib/auth/pam/Makefile") CONFIG_FILES="$CONFIG_FILES lib/auth/pam/Makefile" ;;
-    "lib/auth/sia/Makefile") CONFIG_FILES="$CONFIG_FILES lib/auth/sia/Makefile" ;;
-    "lib/asn1/Makefile") CONFIG_FILES="$CONFIG_FILES lib/asn1/Makefile" ;;
-    "lib/com_err/Makefile") CONFIG_FILES="$CONFIG_FILES lib/com_err/Makefile" ;;
-    "lib/hcrypto/Makefile") CONFIG_FILES="$CONFIG_FILES lib/hcrypto/Makefile" ;;
-    "lib/editline/Makefile") CONFIG_FILES="$CONFIG_FILES lib/editline/Makefile" ;;
-    "lib/hx509/Makefile") CONFIG_FILES="$CONFIG_FILES lib/hx509/Makefile" ;;
-    "lib/gssapi/Makefile") CONFIG_FILES="$CONFIG_FILES lib/gssapi/Makefile" ;;
-    "lib/ntlm/Makefile") CONFIG_FILES="$CONFIG_FILES lib/ntlm/Makefile" ;;
-    "lib/hdb/Makefile") CONFIG_FILES="$CONFIG_FILES lib/hdb/Makefile" ;;
-    "lib/kadm5/Makefile") CONFIG_FILES="$CONFIG_FILES lib/kadm5/Makefile" ;;
-    "lib/kafs/Makefile") CONFIG_FILES="$CONFIG_FILES lib/kafs/Makefile" ;;
-    "lib/kdfs/Makefile") CONFIG_FILES="$CONFIG_FILES lib/kdfs/Makefile" ;;
-    "lib/krb5/Makefile") CONFIG_FILES="$CONFIG_FILES lib/krb5/Makefile" ;;
-    "lib/otp/Makefile") CONFIG_FILES="$CONFIG_FILES lib/otp/Makefile" ;;
-    "lib/roken/Makefile") CONFIG_FILES="$CONFIG_FILES lib/roken/Makefile" ;;
-    "lib/sl/Makefile") CONFIG_FILES="$CONFIG_FILES lib/sl/Makefile" ;;
-    "lib/vers/Makefile") CONFIG_FILES="$CONFIG_FILES lib/vers/Makefile" ;;
-    "kuser/Makefile") CONFIG_FILES="$CONFIG_FILES kuser/Makefile" ;;
-    "kpasswd/Makefile") CONFIG_FILES="$CONFIG_FILES kpasswd/Makefile" ;;
-    "kadmin/Makefile") CONFIG_FILES="$CONFIG_FILES kadmin/Makefile" ;;
-    "admin/Makefile") CONFIG_FILES="$CONFIG_FILES admin/Makefile" ;;
-    "kcm/Makefile") CONFIG_FILES="$CONFIG_FILES kcm/Makefile" ;;
-    "kdc/Makefile") CONFIG_FILES="$CONFIG_FILES kdc/Makefile" ;;
-    "appl/Makefile") CONFIG_FILES="$CONFIG_FILES appl/Makefile" ;;
-    "appl/afsutil/Makefile") CONFIG_FILES="$CONFIG_FILES appl/afsutil/Makefile" ;;
-    "appl/ftp/Makefile") CONFIG_FILES="$CONFIG_FILES appl/ftp/Makefile" ;;
-    "appl/ftp/common/Makefile") CONFIG_FILES="$CONFIG_FILES appl/ftp/common/Makefile" ;;
-    "appl/ftp/ftp/Makefile") CONFIG_FILES="$CONFIG_FILES appl/ftp/ftp/Makefile" ;;
-    "appl/ftp/ftpd/Makefile") CONFIG_FILES="$CONFIG_FILES appl/ftp/ftpd/Makefile" ;;
-    "appl/gssmask/Makefile") CONFIG_FILES="$CONFIG_FILES appl/gssmask/Makefile" ;;
-    "appl/kx/Makefile") CONFIG_FILES="$CONFIG_FILES appl/kx/Makefile" ;;
-    "appl/login/Makefile") CONFIG_FILES="$CONFIG_FILES appl/login/Makefile" ;;
-    "appl/otp/Makefile") CONFIG_FILES="$CONFIG_FILES appl/otp/Makefile" ;;
-    "appl/popper/Makefile") CONFIG_FILES="$CONFIG_FILES appl/popper/Makefile" ;;
-    "appl/push/Makefile") CONFIG_FILES="$CONFIG_FILES appl/push/Makefile" ;;
-    "appl/rsh/Makefile") CONFIG_FILES="$CONFIG_FILES appl/rsh/Makefile" ;;
-    "appl/rcp/Makefile") CONFIG_FILES="$CONFIG_FILES appl/rcp/Makefile" ;;
-    "appl/su/Makefile") CONFIG_FILES="$CONFIG_FILES appl/su/Makefile" ;;
-    "appl/xnlock/Makefile") CONFIG_FILES="$CONFIG_FILES appl/xnlock/Makefile" ;;
-    "appl/telnet/Makefile") CONFIG_FILES="$CONFIG_FILES appl/telnet/Makefile" ;;
-    "appl/telnet/libtelnet/Makefile") CONFIG_FILES="$CONFIG_FILES appl/telnet/libtelnet/Makefile" ;;
-    "appl/telnet/telnet/Makefile") CONFIG_FILES="$CONFIG_FILES appl/telnet/telnet/Makefile" ;;
-    "appl/telnet/telnetd/Makefile") CONFIG_FILES="$CONFIG_FILES appl/telnet/telnetd/Makefile" ;;
-    "appl/test/Makefile") CONFIG_FILES="$CONFIG_FILES appl/test/Makefile" ;;
-    "appl/kf/Makefile") CONFIG_FILES="$CONFIG_FILES appl/kf/Makefile" ;;
-    "appl/dceutils/Makefile") CONFIG_FILES="$CONFIG_FILES appl/dceutils/Makefile" ;;
-    "tests/Makefile") CONFIG_FILES="$CONFIG_FILES tests/Makefile" ;;
-    "tests/can/Makefile") CONFIG_FILES="$CONFIG_FILES tests/can/Makefile" ;;
-    "tests/db/Makefile") CONFIG_FILES="$CONFIG_FILES tests/db/Makefile" ;;
-    "tests/kdc/Makefile") CONFIG_FILES="$CONFIG_FILES tests/kdc/Makefile" ;;
-    "tests/ldap/Makefile") CONFIG_FILES="$CONFIG_FILES tests/ldap/Makefile" ;;
-    "tests/gss/Makefile") CONFIG_FILES="$CONFIG_FILES tests/gss/Makefile" ;;
-    "tests/java/Makefile") CONFIG_FILES="$CONFIG_FILES tests/java/Makefile" ;;
-    "tests/plugin/Makefile") CONFIG_FILES="$CONFIG_FILES tests/plugin/Makefile" ;;
-    "packages/Makefile") CONFIG_FILES="$CONFIG_FILES packages/Makefile" ;;
-    "packages/mac/Makefile") CONFIG_FILES="$CONFIG_FILES packages/mac/Makefile" ;;
-    "packages/debian/Makefile") CONFIG_FILES="$CONFIG_FILES packages/debian/Makefile" ;;
-    "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;;
-    "tools/Makefile") CONFIG_FILES="$CONFIG_FILES tools/Makefile" ;;
-
-  *) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5
-echo "$as_me: error: invalid argument: $ac_config_target" >&2;}
-   { (exit 1); exit 1; }; };;
-  esac
-done
-
-
-# If the user did not use the arguments to specify the items to instantiate,
-# then the envvar interface is used.  Set only those that are not.
-# We use the long form for the default assignment because of an extremely
-# bizarre bug on SunOS 4.1.3.
-if $ac_need_defaults; then
-  test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
-  test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
-fi
-
-# Have a temporary directory for convenience.  Make it in the build tree
-# simply because there is no reason against having it here, and in addition,
-# creating and moving files from /tmp can sometimes cause problems.
-# Hook for its removal unless debugging.
-# Note that there is a small window in which the directory will not be cleaned:
-# after its creation but before its name has been assigned to `$tmp'.
-$debug ||
-{
-  tmp=
-  trap 'exit_status=$?
-  { test -z "$tmp" || test ! -d "$tmp" || rm -fr "$tmp"; } && exit $exit_status
-' 0
-  trap '{ (exit 1); exit 1; }' 1 2 13 15
-}
-# Create a (secure) tmp directory for tmp files.
-
-{
-  tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
-  test -n "$tmp" && test -d "$tmp"
-}  ||
-{
-  tmp=./conf$$-$RANDOM
-  (umask 077 && mkdir "$tmp")
-} ||
-{
-   echo "$me: cannot create a temporary directory in ." >&2
-   { (exit 1); exit 1; }
-}
-
-#
-# Set up the sed scripts for CONFIG_FILES section.
-#
-
-# No need to generate the scripts if there are no CONFIG_FILES.
-# This happens for instance when ./config.status config.h
-if test -n "$CONFIG_FILES"; then
-
-_ACEOF
-
-
-
-ac_delim='%!_!# '
-for ac_last_try in false false false false false :; do
-  cat >conf$$subs.sed <<_ACEOF
-SHELL!$SHELL$ac_delim
-PATH_SEPARATOR!$PATH_SEPARATOR$ac_delim
-PACKAGE_NAME!$PACKAGE_NAME$ac_delim
-PACKAGE_TARNAME!$PACKAGE_TARNAME$ac_delim
-PACKAGE_VERSION!$PACKAGE_VERSION$ac_delim
-PACKAGE_STRING!$PACKAGE_STRING$ac_delim
-PACKAGE_BUGREPORT!$PACKAGE_BUGREPORT$ac_delim
-exec_prefix!$exec_prefix$ac_delim
-prefix!$prefix$ac_delim
-program_transform_name!$program_transform_name$ac_delim
-bindir!$bindir$ac_delim
-sbindir!$sbindir$ac_delim
-libexecdir!$libexecdir$ac_delim
-datarootdir!$datarootdir$ac_delim
-datadir!$datadir$ac_delim
-sysconfdir!$sysconfdir$ac_delim
-sharedstatedir!$sharedstatedir$ac_delim
-localstatedir!$localstatedir$ac_delim
-includedir!$includedir$ac_delim
-oldincludedir!$oldincludedir$ac_delim
-docdir!$docdir$ac_delim
-infodir!$infodir$ac_delim
-htmldir!$htmldir$ac_delim
-dvidir!$dvidir$ac_delim
-pdfdir!$pdfdir$ac_delim
-psdir!$psdir$ac_delim
-libdir!$libdir$ac_delim
-localedir!$localedir$ac_delim
-mandir!$mandir$ac_delim
-DEFS!$DEFS$ac_delim
-ECHO_C!$ECHO_C$ac_delim
-ECHO_N!$ECHO_N$ac_delim
-ECHO_T!$ECHO_T$ac_delim
-LIBS!$LIBS$ac_delim
-build_alias!$build_alias$ac_delim
-host_alias!$host_alias$ac_delim
-target_alias!$target_alias$ac_delim
-INSTALL_PROGRAM!$INSTALL_PROGRAM$ac_delim
-INSTALL_SCRIPT!$INSTALL_SCRIPT$ac_delim
-INSTALL_DATA!$INSTALL_DATA$ac_delim
-am__isrc!$am__isrc$ac_delim
-CYGPATH_W!$CYGPATH_W$ac_delim
-PACKAGE!$PACKAGE$ac_delim
-VERSION!$VERSION$ac_delim
-ACLOCAL!$ACLOCAL$ac_delim
-AUTOCONF!$AUTOCONF$ac_delim
-AUTOMAKE!$AUTOMAKE$ac_delim
-AUTOHEADER!$AUTOHEADER$ac_delim
-MAKEINFO!$MAKEINFO$ac_delim
-install_sh!$install_sh$ac_delim
-STRIP!$STRIP$ac_delim
-INSTALL_STRIP_PROGRAM!$INSTALL_STRIP_PROGRAM$ac_delim
-mkdir_p!$mkdir_p$ac_delim
-AWK!$AWK$ac_delim
-SET_MAKE!$SET_MAKE$ac_delim
-am__leading_dot!$am__leading_dot$ac_delim
-AMTAR!$AMTAR$ac_delim
-am__tar!$am__tar$ac_delim
-am__untar!$am__untar$ac_delim
-MAINTAINER_MODE_TRUE!$MAINTAINER_MODE_TRUE$ac_delim
-MAINTAINER_MODE_FALSE!$MAINTAINER_MODE_FALSE$ac_delim
-MAINT!$MAINT$ac_delim
-CC!$CC$ac_delim
-CFLAGS!$CFLAGS$ac_delim
-LDFLAGS!$LDFLAGS$ac_delim
-CPPFLAGS!$CPPFLAGS$ac_delim
-ac_ct_CC!$ac_ct_CC$ac_delim
-EXEEXT!$EXEEXT$ac_delim
-OBJEXT!$OBJEXT$ac_delim
-CPP!$CPP$ac_delim
-build!$build$ac_delim
-build_cpu!$build_cpu$ac_delim
-build_vendor!$build_vendor$ac_delim
-build_os!$build_os$ac_delim
-host!$host$ac_delim
-host_cpu!$host_cpu$ac_delim
-host_vendor!$host_vendor$ac_delim
-host_os!$host_os$ac_delim
-CANONICAL_HOST!$CANONICAL_HOST$ac_delim
-YACC!$YACC$ac_delim
-YFLAGS!$YFLAGS$ac_delim
-LEX!$LEX$ac_delim
-LEX_OUTPUT_ROOT!$LEX_OUTPUT_ROOT$ac_delim
-LEXLIB!$LEXLIB$ac_delim
-LN_S!$LN_S$ac_delim
-GREP!$GREP$ac_delim
-EGREP!$EGREP$ac_delim
-ECHO!$ECHO$ac_delim
-AR!$AR$ac_delim
-RANLIB!$RANLIB$ac_delim
-CXX!$CXX$ac_delim
-CXXFLAGS!$CXXFLAGS$ac_delim
-ac_ct_CXX!$ac_ct_CXX$ac_delim
-CXXCPP!$CXXCPP$ac_delim
-F77!$F77$ac_delim
-FFLAGS!$FFLAGS$ac_delim
-ac_ct_F77!$ac_ct_F77$ac_delim
-_ACEOF
-
-  if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then
-    break
-  elif $ac_last_try; then
-    { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
-echo "$as_me: error: could not make $CONFIG_STATUS" >&2;}
-   { (exit 1); exit 1; }; }
-  else
-    ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
-  fi
-done
-
-ac_eof=`sed -n '/^CEOF[0-9]*$/s/CEOF/0/p' conf$$subs.sed`
-if test -n "$ac_eof"; then
-  ac_eof=`echo "$ac_eof" | sort -nru | sed 1q`
-  ac_eof=`expr $ac_eof + 1`
-fi
-
-cat >>$CONFIG_STATUS <<_ACEOF
-cat >"\$tmp/subs-1.sed" <<\CEOF$ac_eof
-/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
-_ACEOF
-sed '
-s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g
-s/^/s,@/; s/!/@,|#_!!_#|/
-:n
-t n
-s/'"$ac_delim"'$/,g/; t
-s/$/\\/; p
-N; s/^.*\n//; s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g; b n
-' >>$CONFIG_STATUS <conf$$subs.sed
-rm -f conf$$subs.sed
-cat >>$CONFIG_STATUS <<_ACEOF
-CEOF$ac_eof
-_ACEOF
-
-
-ac_delim='%!_!# '
-for ac_last_try in false false false false false :; do
-  cat >conf$$subs.sed <<_ACEOF
-LIBTOOL!$LIBTOOL$ac_delim
-ENABLE_SHARED_TRUE!$ENABLE_SHARED_TRUE$ac_delim
-ENABLE_SHARED_FALSE!$ENABLE_SHARED_FALSE$ac_delim
-VERSIONING!$VERSIONING$ac_delim
-versionscript_TRUE!$versionscript_TRUE$ac_delim
-versionscript_FALSE!$versionscript_FALSE$ac_delim
-LDFLAGS_VERSION_SCRIPT!$LDFLAGS_VERSION_SCRIPT$ac_delim
-INCLUDE_openldap!$INCLUDE_openldap$ac_delim
-LIB_openldap!$LIB_openldap$ac_delim
-OPENLDAP_MODULE_TRUE!$OPENLDAP_MODULE_TRUE$ac_delim
-OPENLDAP_MODULE_FALSE!$OPENLDAP_MODULE_FALSE$ac_delim
-PKINIT_TRUE!$PKINIT_TRUE$ac_delim
-PKINIT_FALSE!$PKINIT_FALSE$ac_delim
-DIR_hdbdir!$DIR_hdbdir$ac_delim
-INCLUDE_krb4!$INCLUDE_krb4$ac_delim
-LIB_krb4!$LIB_krb4$ac_delim
-KRB4_TRUE!$KRB4_TRUE$ac_delim
-KRB4_FALSE!$KRB4_FALSE$ac_delim
-KRB5_TRUE!$KRB5_TRUE$ac_delim
-KRB5_FALSE!$KRB5_FALSE$ac_delim
-do_roken_rename_TRUE!$do_roken_rename_TRUE$ac_delim
-do_roken_rename_FALSE!$do_roken_rename_FALSE$ac_delim
-LIB_kdb!$LIB_kdb$ac_delim
-HAVE_OPENSSL_TRUE!$HAVE_OPENSSL_TRUE$ac_delim
-HAVE_OPENSSL_FALSE!$HAVE_OPENSSL_FALSE$ac_delim
-DIR_hcrypto!$DIR_hcrypto$ac_delim
-INCLUDE_hcrypto!$INCLUDE_hcrypto$ac_delim
-LIB_hcrypto!$LIB_hcrypto$ac_delim
-LIB_hcrypto_a!$LIB_hcrypto_a$ac_delim
-LIB_hcrypto_so!$LIB_hcrypto_so$ac_delim
-LIB_hcrypto_appl!$LIB_hcrypto_appl$ac_delim
-PTHREADS_CFLAGS!$PTHREADS_CFLAGS$ac_delim
-PTHREADS_LIBS!$PTHREADS_LIBS$ac_delim
-DCE_TRUE!$DCE_TRUE$ac_delim
-DCE_FALSE!$DCE_FALSE$ac_delim
-dpagaix_cflags!$dpagaix_cflags$ac_delim
-dpagaix_ldadd!$dpagaix_ldadd$ac_delim
-dpagaix_ldflags!$dpagaix_ldflags$ac_delim
-LIB_db_create!$LIB_db_create$ac_delim
-LIB_dbopen!$LIB_dbopen$ac_delim
-LIB_dbm_firstkey!$LIB_dbm_firstkey$ac_delim
-HAVE_DB1_TRUE!$HAVE_DB1_TRUE$ac_delim
-HAVE_DB1_FALSE!$HAVE_DB1_FALSE$ac_delim
-HAVE_DB3_TRUE!$HAVE_DB3_TRUE$ac_delim
-HAVE_DB3_FALSE!$HAVE_DB3_FALSE$ac_delim
-HAVE_NDBM_TRUE!$HAVE_NDBM_TRUE$ac_delim
-HAVE_NDBM_FALSE!$HAVE_NDBM_FALSE$ac_delim
-DBLIB!$DBLIB$ac_delim
-LIB_NDBM!$LIB_NDBM$ac_delim
-WFLAGS!$WFLAGS$ac_delim
-WFLAGS_NOUNUSED!$WFLAGS_NOUNUSED$ac_delim
-WFLAGS_NOIMPLICITINT!$WFLAGS_NOIMPLICITINT$ac_delim
-VOID_RETSIGTYPE!$VOID_RETSIGTYPE$ac_delim
-have_err_h_TRUE!$have_err_h_TRUE$ac_delim
-have_err_h_FALSE!$have_err_h_FALSE$ac_delim
-have_ifaddrs_h_TRUE!$have_ifaddrs_h_TRUE$ac_delim
-have_ifaddrs_h_FALSE!$have_ifaddrs_h_FALSE$ac_delim
-have_vis_h_TRUE!$have_vis_h_TRUE$ac_delim
-have_vis_h_FALSE!$have_vis_h_FALSE$ac_delim
-LIB_socket!$LIB_socket$ac_delim
-LIB_gethostbyname!$LIB_gethostbyname$ac_delim
-LIB_syslog!$LIB_syslog$ac_delim
-LIB_gethostbyname2!$LIB_gethostbyname2$ac_delim
-LIB_res_search!$LIB_res_search$ac_delim
-LIB_res_nsearch!$LIB_res_nsearch$ac_delim
-LIB_res_ndestroy!$LIB_res_ndestroy$ac_delim
-LIB_dn_expand!$LIB_dn_expand$ac_delim
-LIBOBJS!$LIBOBJS$ac_delim
-have_glob_h_TRUE!$have_glob_h_TRUE$ac_delim
-have_glob_h_FALSE!$have_glob_h_FALSE$ac_delim
-have_cgetent_TRUE!$have_cgetent_TRUE$ac_delim
-have_cgetent_FALSE!$have_cgetent_FALSE$ac_delim
-LIB_getsockopt!$LIB_getsockopt$ac_delim
-LIB_setsockopt!$LIB_setsockopt$ac_delim
-LIB_hstrerror!$LIB_hstrerror$ac_delim
-LIB_bswap16!$LIB_bswap16$ac_delim
-LIB_bswap32!$LIB_bswap32$ac_delim
-LIB_pidfile!$LIB_pidfile$ac_delim
-LIB_getaddrinfo!$LIB_getaddrinfo$ac_delim
-LIB_getnameinfo!$LIB_getnameinfo$ac_delim
-LIB_freeaddrinfo!$LIB_freeaddrinfo$ac_delim
-LIB_gai_strerror!$LIB_gai_strerror$ac_delim
-have_fnmatch_h_TRUE!$have_fnmatch_h_TRUE$ac_delim
-have_fnmatch_h_FALSE!$have_fnmatch_h_FALSE$ac_delim
-LIB_crypt!$LIB_crypt$ac_delim
-have_socket_wrapper_TRUE!$have_socket_wrapper_TRUE$ac_delim
-have_socket_wrapper_FALSE!$have_socket_wrapper_FALSE$ac_delim
-DIR_roken!$DIR_roken$ac_delim
-LIB_roken!$LIB_roken$ac_delim
-INCLUDES_roken!$INCLUDES_roken$ac_delim
-LIBADD_roken!$LIBADD_roken$ac_delim
-LIB_otp!$LIB_otp$ac_delim
-OTP_TRUE!$OTP_TRUE$ac_delim
-OTP_FALSE!$OTP_FALSE$ac_delim
-LIB_security!$LIB_security$ac_delim
-NROFF!$NROFF$ac_delim
-GROFF!$GROFF$ac_delim
-_ACEOF
-
-  if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then
-    break
-  elif $ac_last_try; then
-    { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
-echo "$as_me: error: could not make $CONFIG_STATUS" >&2;}
-   { (exit 1); exit 1; }; }
-  else
-    ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
-  fi
-done
-
-ac_eof=`sed -n '/^CEOF[0-9]*$/s/CEOF/0/p' conf$$subs.sed`
-if test -n "$ac_eof"; then
-  ac_eof=`echo "$ac_eof" | sort -nru | sed 1q`
-  ac_eof=`expr $ac_eof + 1`
-fi
-
-cat >>$CONFIG_STATUS <<_ACEOF
-cat >"\$tmp/subs-2.sed" <<\CEOF$ac_eof
-/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
-_ACEOF
-sed '
-s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g
-s/^/s,@/; s/!/@,|#_!!_#|/
-:n
-t n
-s/'"$ac_delim"'$/,g/; t
-s/$/\\/; p
-N; s/^.*\n//; s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g; b n
-' >>$CONFIG_STATUS <conf$$subs.sed
-rm -f conf$$subs.sed
-cat >>$CONFIG_STATUS <<_ACEOF
-CEOF$ac_eof
-_ACEOF
-
-
-ac_delim='%!_!# '
-for ac_last_try in false false false false false :; do
-  cat >conf$$subs.sed <<_ACEOF
-CATMAN!$CATMAN$ac_delim
-CATMAN_TRUE!$CATMAN_TRUE$ac_delim
-CATMAN_FALSE!$CATMAN_FALSE$ac_delim
-CATMANEXT!$CATMANEXT$ac_delim
-INCLUDE_readline!$INCLUDE_readline$ac_delim
-LIB_readline!$LIB_readline$ac_delim
-INCLUDE_hesiod!$INCLUDE_hesiod$ac_delim
-LIB_hesiod!$LIB_hesiod$ac_delim
-AIX_TRUE!$AIX_TRUE$ac_delim
-AIX_FALSE!$AIX_FALSE$ac_delim
-AIX4_TRUE!$AIX4_TRUE$ac_delim
-AIX4_FALSE!$AIX4_FALSE$ac_delim
-LIB_dlopen!$LIB_dlopen$ac_delim
-HAVE_DLOPEN_TRUE!$HAVE_DLOPEN_TRUE$ac_delim
-HAVE_DLOPEN_FALSE!$HAVE_DLOPEN_FALSE$ac_delim
-LIB_loadquery!$LIB_loadquery$ac_delim
-AIX_DYNAMIC_AFS_TRUE!$AIX_DYNAMIC_AFS_TRUE$ac_delim
-AIX_DYNAMIC_AFS_FALSE!$AIX_DYNAMIC_AFS_FALSE$ac_delim
-AIX_EXTRA_KAFS!$AIX_EXTRA_KAFS$ac_delim
-IRIX_TRUE!$IRIX_TRUE$ac_delim
-IRIX_FALSE!$IRIX_FALSE$ac_delim
-XMKMF!$XMKMF$ac_delim
-X_CFLAGS!$X_CFLAGS$ac_delim
-X_PRE_LIBS!$X_PRE_LIBS$ac_delim
-X_LIBS!$X_LIBS$ac_delim
-X_EXTRA_LIBS!$X_EXTRA_LIBS$ac_delim
-HAVE_X_TRUE!$HAVE_X_TRUE$ac_delim
-HAVE_X_FALSE!$HAVE_X_FALSE$ac_delim
-LIB_XauWriteAuth!$LIB_XauWriteAuth$ac_delim
-LIB_XauReadAuth!$LIB_XauReadAuth$ac_delim
-LIB_XauFileName!$LIB_XauFileName$ac_delim
-NEED_WRITEAUTH_TRUE!$NEED_WRITEAUTH_TRUE$ac_delim
-NEED_WRITEAUTH_FALSE!$NEED_WRITEAUTH_FALSE$ac_delim
-LIB_logwtmp!$LIB_logwtmp$ac_delim
-LIB_logout!$LIB_logout$ac_delim
-LIB_openpty!$LIB_openpty$ac_delim
-LIB_tgetent!$LIB_tgetent$ac_delim
-LIB_getpwnam_r!$LIB_getpwnam_r$ac_delim
-LIB_door_create!$LIB_door_create$ac_delim
-KCM_TRUE!$KCM_TRUE$ac_delim
-KCM_FALSE!$KCM_FALSE$ac_delim
-FRAMEWORK_SECURITY_TRUE!$FRAMEWORK_SECURITY_TRUE$ac_delim
-FRAMEWORK_SECURITY_FALSE!$FRAMEWORK_SECURITY_FALSE$ac_delim
-LIB_el_init!$LIB_el_init$ac_delim
-el_compat_TRUE!$el_compat_TRUE$ac_delim
-el_compat_FALSE!$el_compat_FALSE$ac_delim
-COMPILE_ET!$COMPILE_ET$ac_delim
-COM_ERR_TRUE!$COM_ERR_TRUE$ac_delim
-COM_ERR_FALSE!$COM_ERR_FALSE$ac_delim
-DIR_com_err!$DIR_com_err$ac_delim
-LIB_com_err!$LIB_com_err$ac_delim
-LIB_com_err_a!$LIB_com_err_a$ac_delim
-LIB_com_err_so!$LIB_com_err_so$ac_delim
-LIB_AUTH_SUBDIRS!$LIB_AUTH_SUBDIRS$ac_delim
-LTLIBOBJS!$LTLIBOBJS$ac_delim
-_ACEOF
-
-  if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 55; then
-    break
-  elif $ac_last_try; then
-    { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
-echo "$as_me: error: could not make $CONFIG_STATUS" >&2;}
-   { (exit 1); exit 1; }; }
-  else
-    ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
-  fi
-done
-
-ac_eof=`sed -n '/^CEOF[0-9]*$/s/CEOF/0/p' conf$$subs.sed`
-if test -n "$ac_eof"; then
-  ac_eof=`echo "$ac_eof" | sort -nru | sed 1q`
-  ac_eof=`expr $ac_eof + 1`
-fi
-
-cat >>$CONFIG_STATUS <<_ACEOF
-cat >"\$tmp/subs-3.sed" <<\CEOF$ac_eof
-/@[a-zA-Z_][a-zA-Z_0-9]*@/!b end
-_ACEOF
-sed '
-s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g
-s/^/s,@/; s/!/@,|#_!!_#|/
-:n
-t n
-s/'"$ac_delim"'$/,g/; t
-s/$/\\/; p
-N; s/^.*\n//; s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g; b n
-' >>$CONFIG_STATUS <conf$$subs.sed
-rm -f conf$$subs.sed
-cat >>$CONFIG_STATUS <<_ACEOF
-:end
-s/|#_!!_#|//g
-CEOF$ac_eof
-_ACEOF
-
-
-# VPATH may cause trouble with some makes, so we remove $(srcdir),
-# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and
-# trailing colons and then remove the whole line if VPATH becomes empty
-# (actually we leave an empty line to preserve line numbers).
-if test "x$srcdir" = x.; then
-  ac_vpsub='/^[	 ]*VPATH[	 ]*=/{
-s/:*\$(srcdir):*/:/
-s/:*\${srcdir}:*/:/
-s/:*@srcdir@:*/:/
-s/^\([^=]*=[	 ]*\):*/\1/
-s/:*$//
-s/^[^=]*=[	 ]*$//
-}'
-fi
-
-cat >>$CONFIG_STATUS <<\_ACEOF
-fi # test -n "$CONFIG_FILES"
-
-
-for ac_tag in  :F $CONFIG_FILES  :H $CONFIG_HEADERS
-do
-  case $ac_tag in
-  :[FHLC]) ac_mode=$ac_tag; continue;;
-  esac
-  case $ac_mode$ac_tag in
-  :[FHL]*:*);;
-  :L* | :C*:*) { { echo "$as_me:$LINENO: error: Invalid tag $ac_tag." >&5
-echo "$as_me: error: Invalid tag $ac_tag." >&2;}
-   { (exit 1); exit 1; }; };;
-  :[FH]-) ac_tag=-:-;;
-  :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
-  esac
-  ac_save_IFS=$IFS
-  IFS=:
-  set x $ac_tag
-  IFS=$ac_save_IFS
-  shift
-  ac_file=$1
-  shift
-
-  case $ac_mode in
-  :L) ac_source=$1;;
-  :[FH])
-    ac_file_inputs=
-    for ac_f
-    do
-      case $ac_f in
-      -) ac_f="$tmp/stdin";;
-      *) # Look for the file first in the build tree, then in the source tree
-	 # (if the path is not absolute).  The absolute path cannot be DOS-style,
-	 # because $ac_f cannot contain `:'.
-	 test -f "$ac_f" ||
-	   case $ac_f in
-	   [\\/$]*) false;;
-	   *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
-	   esac ||
-	   { { echo "$as_me:$LINENO: error: cannot find input file: $ac_f" >&5
-echo "$as_me: error: cannot find input file: $ac_f" >&2;}
-   { (exit 1); exit 1; }; };;
-      esac
-      ac_file_inputs="$ac_file_inputs $ac_f"
-    done
-
-    # Let's still pretend it is `configure' which instantiates (i.e., don't
-    # use $as_me), people would be surprised to read:
-    #    /* config.h.  Generated by config.status.  */
-    configure_input="Generated from "`IFS=:
-	  echo $* | sed 's|^[^:]*/||;s|:[^:]*/|, |g'`" by configure."
-    if test x"$ac_file" != x-; then
-      configure_input="$ac_file.  $configure_input"
-      { echo "$as_me:$LINENO: creating $ac_file" >&5
-echo "$as_me: creating $ac_file" >&6;}
-    fi
-
-    case $ac_tag in
-    *:-:* | *:-) cat >"$tmp/stdin";;
-    esac
-    ;;
-  esac
-
-  ac_dir=`$as_dirname -- "$ac_file" ||
-$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-	 X"$ac_file" : 'X\(//\)[^/]' \| \
-	 X"$ac_file" : 'X\(//\)$' \| \
-	 X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
-echo X"$ac_file" |
-    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
-	    s//\1/
-	    q
-	  }
-	  /^X\(\/\/\)[^/].*/{
-	    s//\1/
-	    q
-	  }
-	  /^X\(\/\/\)$/{
-	    s//\1/
-	    q
-	  }
-	  /^X\(\/\).*/{
-	    s//\1/
-	    q
-	  }
-	  s/.*/./; q'`
-  { as_dir="$ac_dir"
-  case $as_dir in #(
-  -*) as_dir=./$as_dir;;
-  esac
-  test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || {
-    as_dirs=
-    while :; do
-      case $as_dir in #(
-      *\'*) as_qdir=`echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #(
-      *) as_qdir=$as_dir;;
-      esac
-      as_dirs="'$as_qdir' $as_dirs"
-      as_dir=`$as_dirname -- "$as_dir" ||
-$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-	 X"$as_dir" : 'X\(//\)[^/]' \| \
-	 X"$as_dir" : 'X\(//\)$' \| \
-	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
-echo X"$as_dir" |
-    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
-	    s//\1/
-	    q
-	  }
-	  /^X\(\/\/\)[^/].*/{
-	    s//\1/
-	    q
-	  }
-	  /^X\(\/\/\)$/{
-	    s//\1/
-	    q
-	  }
-	  /^X\(\/\).*/{
-	    s//\1/
-	    q
-	  }
-	  s/.*/./; q'`
-      test -d "$as_dir" && break
-    done
-    test -z "$as_dirs" || eval "mkdir $as_dirs"
-  } || test -d "$as_dir" || { { echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5
-echo "$as_me: error: cannot create directory $as_dir" >&2;}
-   { (exit 1); exit 1; }; }; }
-  ac_builddir=.
-
-case "$ac_dir" in
-.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
-*)
-  ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'`
-  # A ".." for each directory in $ac_dir_suffix.
-  ac_top_builddir_sub=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,/..,g;s,/,,'`
-  case $ac_top_builddir_sub in
-  "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
-  *)  ac_top_build_prefix=$ac_top_builddir_sub/ ;;
-  esac ;;
-esac
-ac_abs_top_builddir=$ac_pwd
-ac_abs_builddir=$ac_pwd$ac_dir_suffix
-# for backward compatibility:
-ac_top_builddir=$ac_top_build_prefix
-
-case $srcdir in
-  .)  # We are building in place.
-    ac_srcdir=.
-    ac_top_srcdir=$ac_top_builddir_sub
-    ac_abs_top_srcdir=$ac_pwd ;;
-  [\\/]* | ?:[\\/]* )  # Absolute name.
-    ac_srcdir=$srcdir$ac_dir_suffix;
-    ac_top_srcdir=$srcdir
-    ac_abs_top_srcdir=$srcdir ;;
-  *) # Relative name.
-    ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
-    ac_top_srcdir=$ac_top_build_prefix$srcdir
-    ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
-esac
-ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
-
-
-  case $ac_mode in
-  :F)
-  #
-  # CONFIG_FILE
-  #
-
-  case $INSTALL in
-  [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
-  *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;;
-  esac
-  ac_MKDIR_P=$MKDIR_P
-  case $MKDIR_P in
-  [\\/$]* | ?:[\\/]* ) ;;
-  */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;;
-  esac
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF
-# If the template does not know about datarootdir, expand it.
-# FIXME: This hack should be removed a few years after 2.60.
-ac_datarootdir_hack=; ac_datarootdir_seen=
-
-case `sed -n '/datarootdir/ {
-  p
-  q
-}
-/@datadir@/p
-/@docdir@/p
-/@infodir@/p
-/@localedir@/p
-/@mandir@/p
-' $ac_file_inputs` in
-*datarootdir*) ac_datarootdir_seen=yes;;
-*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
-  { echo "$as_me:$LINENO: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
-echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
-_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF
-  ac_datarootdir_hack='
-  s&@datadir@&$datadir&g
-  s&@docdir@&$docdir&g
-  s&@infodir@&$infodir&g
-  s&@localedir@&$localedir&g
-  s&@mandir@&$mandir&g
-    s&\\\${datarootdir}&$datarootdir&g' ;;
-esac
-_ACEOF
-
-# Neutralize VPATH when `$srcdir' = `.'.
-# Shell code in configure.ac might set extrasub.
-# FIXME: do we really want to maintain this feature?
-cat >>$CONFIG_STATUS <<_ACEOF
-  sed "$ac_vpsub
-$extrasub
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF
-:t
-/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
-s&@configure_input@&$configure_input&;t t
-s&@top_builddir@&$ac_top_builddir_sub&;t t
-s&@srcdir@&$ac_srcdir&;t t
-s&@abs_srcdir@&$ac_abs_srcdir&;t t
-s&@top_srcdir@&$ac_top_srcdir&;t t
-s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
-s&@builddir@&$ac_builddir&;t t
-s&@abs_builddir@&$ac_abs_builddir&;t t
-s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
-s&@INSTALL@&$ac_INSTALL&;t t
-s&@MKDIR_P@&$ac_MKDIR_P&;t t
-$ac_datarootdir_hack
-" $ac_file_inputs | sed -f "$tmp/subs-1.sed" | sed -f "$tmp/subs-2.sed" | sed -f "$tmp/subs-3.sed" >$tmp/out
-
-test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
-  { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } &&
-  { ac_out=`sed -n '/^[	 ]*datarootdir[	 ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } &&
-  { echo "$as_me:$LINENO: WARNING: $ac_file contains a reference to the variable \`datarootdir'
-which seems to be undefined.  Please make sure it is defined." >&5
-echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
-which seems to be undefined.  Please make sure it is defined." >&2;}
-
-  rm -f "$tmp/stdin"
-  case $ac_file in
-  -) cat "$tmp/out"; rm -f "$tmp/out";;
-  *) rm -f "$ac_file"; mv "$tmp/out" $ac_file;;
-  esac
- ;;
-  :H)
-  #
-  # CONFIG_HEADER
-  #
-_ACEOF
-
-# Transform confdefs.h into a sed script `conftest.defines', that
-# substitutes the proper values into config.h.in to produce config.h.
-rm -f conftest.defines conftest.tail
-# First, append a space to every undef/define line, to ease matching.
-echo 's/$/ /' >conftest.defines
-# Then, protect against being on the right side of a sed subst, or in
-# an unquoted here document, in config.status.  If some macros were
-# called several times there might be several #defines for the same
-# symbol, which is useless.  But do not sort them, since the last
-# AC_DEFINE must be honored.
-ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]*
-# These sed commands are passed to sed as "A NAME B PARAMS C VALUE D", where
-# NAME is the cpp macro being defined, VALUE is the value it is being given.
-# PARAMS is the parameter list in the macro definition--in most cases, it's
-# just an empty string.
-ac_dA='s,^\\([	 #]*\\)[^	 ]*\\([	 ]*'
-ac_dB='\\)[	 (].*,\\1define\\2'
-ac_dC=' '
-ac_dD=' ,'
-
-uniq confdefs.h |
-  sed -n '
-	t rset
-	:rset
-	s/^[	 ]*#[	 ]*define[	 ][	 ]*//
-	t ok
-	d
-	:ok
-	s/[\\&,]/\\&/g
-	s/^\('"$ac_word_re"'\)\(([^()]*)\)[	 ]*\(.*\)/ '"$ac_dA"'\1'"$ac_dB"'\2'"${ac_dC}"'\3'"$ac_dD"'/p
-	s/^\('"$ac_word_re"'\)[	 ]*\(.*\)/'"$ac_dA"'\1'"$ac_dB$ac_dC"'\2'"$ac_dD"'/p
-  ' >>conftest.defines
-
-# Remove the space that was appended to ease matching.
-# Then replace #undef with comments.  This is necessary, for
-# example, in the case of _POSIX_SOURCE, which is predefined and required
-# on some systems where configure will not decide to define it.
-# (The regexp can be short, since the line contains either #define or #undef.)
-echo 's/ $//
-s,^[	 #]*u.*,/* & */,' >>conftest.defines
-
-# Break up conftest.defines:
-ac_max_sed_lines=50
-
-# First sed command is:	 sed -f defines.sed $ac_file_inputs >"$tmp/out1"
-# Second one is:	 sed -f defines.sed "$tmp/out1" >"$tmp/out2"
-# Third one will be:	 sed -f defines.sed "$tmp/out2" >"$tmp/out1"
-# et cetera.
-ac_in='$ac_file_inputs'
-ac_out='"$tmp/out1"'
-ac_nxt='"$tmp/out2"'
-
-while :
-do
-  # Write a here document:
-    cat >>$CONFIG_STATUS <<_ACEOF
-    # First, check the format of the line:
-    cat >"\$tmp/defines.sed" <<\\CEOF
-/^[	 ]*#[	 ]*undef[	 ][	 ]*$ac_word_re[	 ]*\$/b def
-/^[	 ]*#[	 ]*define[	 ][	 ]*$ac_word_re[(	 ]/b def
-b
-:def
-_ACEOF
-  sed ${ac_max_sed_lines}q conftest.defines >>$CONFIG_STATUS
-  echo 'CEOF
-    sed -f "$tmp/defines.sed"' "$ac_in >$ac_out" >>$CONFIG_STATUS
-  ac_in=$ac_out; ac_out=$ac_nxt; ac_nxt=$ac_in
-  sed 1,${ac_max_sed_lines}d conftest.defines >conftest.tail
-  grep . conftest.tail >/dev/null || break
-  rm -f conftest.defines
-  mv conftest.tail conftest.defines
-done
-rm -f conftest.defines conftest.tail
-
-echo "ac_result=$ac_in" >>$CONFIG_STATUS
-cat >>$CONFIG_STATUS <<\_ACEOF
-  if test x"$ac_file" != x-; then
-    echo "/* $configure_input  */" >"$tmp/config.h"
-    cat "$ac_result" >>"$tmp/config.h"
-    if diff $ac_file "$tmp/config.h" >/dev/null 2>&1; then
-      { echo "$as_me:$LINENO: $ac_file is unchanged" >&5
-echo "$as_me: $ac_file is unchanged" >&6;}
-    else
-      rm -f $ac_file
-      mv "$tmp/config.h" $ac_file
-    fi
-  else
-    echo "/* $configure_input  */"
-    cat "$ac_result"
-  fi
-  rm -f "$tmp/out12"
-# Compute $ac_file's index in $config_headers.
-_am_stamp_count=1
-for _am_header in $config_headers :; do
-  case $_am_header in
-    $ac_file | $ac_file:* )
-      break ;;
-    * )
-      _am_stamp_count=`expr $_am_stamp_count + 1` ;;
-  esac
-done
-echo "timestamp for $ac_file" >`$as_dirname -- $ac_file ||
-$as_expr X$ac_file : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-	 X$ac_file : 'X\(//\)[^/]' \| \
-	 X$ac_file : 'X\(//\)$' \| \
-	 X$ac_file : 'X\(/\)' \| . 2>/dev/null ||
-echo X$ac_file |
-    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
-	    s//\1/
-	    q
-	  }
-	  /^X\(\/\/\)[^/].*/{
-	    s//\1/
-	    q
-	  }
-	  /^X\(\/\/\)$/{
-	    s//\1/
-	    q
-	  }
-	  /^X\(\/\).*/{
-	    s//\1/
-	    q
-	  }
-	  s/.*/./; q'`/stamp-h$_am_stamp_count
- ;;
-
-
-  esac
-
-done # for ac_tag
-
-
-{ (exit 0); exit 0; }
-_ACEOF
-chmod +x $CONFIG_STATUS
-ac_clean_files=$ac_clean_files_save
-
-
-# configure is writing to config.log, and then calls config.status.
-# config.status does its own redirection, appending to config.log.
-# Unfortunately, on DOS this fails, as config.log is still kept open
-# by configure, so config.status won't be able to write to it; its
-# output is simply discarded.  So we exec the FD to /dev/null,
-# effectively closing config.log, so it can be properly (re)opened and
-# appended to by config.status.  When coming back to configure, we
-# need to make the FD available again.
-if test "$no_create" != yes; then
-  ac_cs_success=:
-  ac_config_status_args=
-  test "$silent" = yes &&
-    ac_config_status_args="$ac_config_status_args --quiet"
-  exec 5>/dev/null
-  $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
-  exec 5>>config.log
-  # Use ||, not &&, to avoid exiting from the if with $? = 1, which
-  # would make configure fail if this is the last instruction.
-  $ac_cs_success || { (exit 1); exit 1; }
-fi
-
-
-
-cat > include/newversion.h.in <<EOF
-const char *heimdal_long_version = "@(#)\$Version: $PACKAGE_STRING by @USER@ on @HOST@ ($host) @DATE@ \$";
-const char *heimdal_version = "Heimdal 1.1";
-EOF
-
-if test -f include/version.h && cmp -s include/newversion.h.in include/version.h.in; then
-	echo "include/version.h is unchanged"
-	rm -f include/newversion.h.in
-else
- 	echo "creating include/version.h"
- 	User=${USER-${LOGNAME}}
- 	Host=`(hostname || uname -n || echo unknown) 2>/dev/null | sed 1q`
- 	Date=`date`
-	mv -f include/newversion.h.in include/version.h.in
-	sed -e "s/@USER@/$User/" -e "s/@HOST@/$Host/" -e "s/@DATE@/$Date/" include/version.h.in > include/version.h
-fi
diff --git a/crypto/heimdal/configure.in b/crypto/heimdal/configure.in
deleted file mode 100644
index a039a71e04f6..000000000000
--- a/crypto/heimdal/configure.in
+++ /dev/null
@@ -1,543 +0,0 @@
-dnl Process this file with autoconf to produce a configure script.
-AC_REVISION($Revision: 22513 $)
-AC_PREREQ([2.59])
-test -z "$CFLAGS" && CFLAGS="-g"
-AC_INIT([Heimdal],[1.1],[heimdal-bugs@h5l.org])
-AC_CONFIG_SRCDIR([kuser/kinit.c])
-AC_CONFIG_HEADERS(include/config.h)
-
-AM_INIT_AUTOMAKE([foreign no-dependencies 1.8])
-AM_MAINTAINER_MODE
-
-dnl Checks for programs.
-AC_PROG_CC
-AM_PROG_CC_C_O
-AC_PROG_CPP
-
-AC_PREFIX_DEFAULT(/usr/heimdal)
-
-test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc'
-test "$localstatedir" = '${prefix}/var' && localstatedir='/var/heimdal'
-
-AC_CANONICAL_HOST
-CANONICAL_HOST=$host
-AC_SUBST(CANONICAL_HOST)
-
-dnl Hints for autobuild
-AB_INIT
-
-rk_SYS_LARGEFILE
-
-dnl
-dnl this is needed to run the configure tests against glibc
-dnl
-AC_DEFINE([_GNU_SOURCE], 1,
-	[Define to enable extensions on glibc-based systems such as Linux.])
-
-AC_OBJEXT
-AC_EXEEXT
-
-dnl AC_KRB_PROG_YACC
-AC_PROG_YACC
-AM_PROG_LEX
-dnl AC_PROG_RANLIB
-AC_PROG_AWK
-AC_KRB_PROG_LN_S
-
-AC_MIPS_ABI
-CC="$CC $abi"
-libdir="$libdir$abilibdirext"
-
-AC_C___ATTRIBUTE__
-
-AC_PROG_LIBTOOL
-
-AM_CONDITIONAL(ENABLE_SHARED, test "$enable_shared" = "yes")
-rk_VERSIONSCRIPT
-
-rk_TEST_PACKAGE(openldap,
-[#include <lber.h>
-#include <ldap.h>],
-[-lldap -llber],,,OPENLDAP)
-
-AC_ARG_ENABLE(hdb-openldap-module, 
-	AS_HELP_STRING([--enable-hdb-openldap-module],
-		[if you want support to build openldap hdb as shared object]))
-if test "$enable_hdb_openldap_module" = yes -a "$with_openldap" = yes; then
-    AC_DEFINE(OPENLDAP_MODULE, 1, [Define if you want support for hdb ldap module])
-fi
-AM_CONDITIONAL(OPENLDAP_MODULE, test "$enable_hdb_openldap_module" = yes -a "$with_openldap" = yes)
-
-AC_ARG_ENABLE(pk-init, 
-	AS_HELP_STRING([--disable-pk-init],
-		[if you want disable to PK-INIT support]))
-if test "$enable_pk_init" != no ;then
-	AC_DEFINE([PKINIT], 1, [Define to enable PKINIT.])
-fi
-AM_CONDITIONAL(PKINIT, test "$enable_pk_init" != no)
-
-
-dnl path where the hdb directory is stored
-AC_ARG_WITH([hdbdir], 
-	[AC_HELP_STRING([--with-hdbdir],
-		[Default location for KDC database @<:@default=/var/heimdal@:>@])],
-	[],
-	[with_hdbdir=/var/heimdal])
-DIR_hdbdir="$with_hdbdir"
-AC_SUBST([DIR_hdbdir])
-
-
-dnl no kerberos4 any more
-with_krb4=no
-AC_SUBST(INCLUDE_krb4)
-AC_SUBST(LIB_krb4)
-AM_CONDITIONAL(KRB4, false)
-
-AM_CONDITIONAL(KRB5, true)
-AM_CONDITIONAL(do_roken_rename, true)
-
-AC_DEFINE(KRB5, 1, [Enable Kerberos 5 support in applications.])dnl
-AC_SUBST(LIB_kdb)dnl
-
-KRB_CRYPTO
-
-KRB_PTHREADS
-
-AC_ARG_ENABLE(dce, 
-	AS_HELP_STRING([--enable-dce],[if you want support for DCE/DFS PAG's]))
-if test "$enable_dce" = yes; then
-    AC_DEFINE(DCE, 1, [Define if you want support for DCE/DFS PAG's.])
-fi
-AM_CONDITIONAL(DCE, test "$enable_dce" = yes)
-
-## XXX quite horrible:
-if test -f /etc/ibmcxx.cfg; then
-	dpagaix_ldadd=`sed -n '/^xlc_r4/,/^$/p' /etc/ibmcxx.cfg | sed -n -e '/libraries/{;s/^[[^=]]*=\(.*\)/\1/;s/,/ /gp;}'`
-	dpagaix_cflags=`sed -n '/^xlc_r4/,/^$/p' /etc/ibmcxx.cfg | sed -n -e '/options/{;s/^[[^=]]*=\(.*\)/\1/;s/-q[^,]*//;s/,/ /gp;}'`
-	dpagaix_ldflags=
-else
-	dpagaix_cflags="-D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce"
-	dpagaix_ldadd="-L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r"
-	dpagaix_ldflags="-Wl,-bI:dfspag.exp"
-fi
-AC_SUBST(dpagaix_cflags)
-AC_SUBST(dpagaix_ldadd)
-AC_SUBST(dpagaix_ldflags)
-
-AC_ARG_ENABLE([afs-support],
-	AC_HELP_STRING([--disable-afs-support],
-		[if you don't want support for AFS]))
-if test "$enable_afs_support" = no; then
-	AC_DEFINE(NO_AFS, 1, [Define if you don't wan't support for AFS.])
-fi
-
-rk_DB
-
-dnl AC_ROKEN(10,[/usr/heimdal /usr/athena],[lib/roken],[$(top_builddir)/lib/roken/libroken.la],[-I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken])
-
-rk_ROKEN(lib/roken)
-LIBADD_roken="$LIB_roken"
-AC_SUBST(LIBADD_roken)dnl
-LIB_roken="\$(top_builddir)/lib/vers/libvers.la $LIB_roken"
-
-rk_OTP
-
-AC_CHECK_OSFC2
-
-AC_ARG_ENABLE(mmap,
-	AS_HELP_STRING([--disable-mmap],[disable use of mmap]))
-if test "$enable_mmap" = "no"; then
-	AC_DEFINE(NO_MMAP, 1, [Define if you don't want to use mmap.])
-fi
-
-AC_ARG_ENABLE(afs-string-to-key,
-	AS_HELP_STRING([--disable-afs-string-to-key],
-	[disable use of weak AFS string-to-key functions]),
-	[], [enable_afs_string_to_key=yes])
-
-if test "$enable_afs_string_to_key" = "yes"; then
-	AC_DEFINE(ENABLE_AFS_STRING_TO_KEY, 1, [Define if want to use the weak AFS string to key functions.])
-fi
-
-
-rk_CHECK_MAN
-
-rk_TEST_PACKAGE(readline,
-[#include <stdio.h>
- #include <readline.h>],-lreadline,,, READLINE)
-
-rk_TEST_PACKAGE(hesiod,[#include <hesiod.h>],-lhesiod,,, HESIOD)
-
-KRB_C_BIGENDIAN
-AC_C_INLINE
-
-rk_AIX
-rk_IRIX
-rk_SUNOS
-
-KRB_CHECK_X
-
-AM_CONDITIONAL(HAVE_X, test "$no_x" != yes)
-
-AC_CHECK_XAU
-
-dnl AM_C_PROTOTYPES
-
-dnl Checks for typedefs, structures, and compiler characteristics.
-AC_C_CONST
-AC_TYPE_OFF_T
-AC_CHECK_TYPE_EXTRA(mode_t, unsigned short, [])
-AC_CHECK_TYPE_EXTRA(sig_atomic_t, int, [#include <signal.h>])
-AC_HAVE_TYPE([long long])
-AC_HEADER_TIME
-AC_STRUCT_TM
-
-dnl Checks for header files.
-AC_HEADER_STDC
-
-AC_CHECK_HEADERS([\
-	arpa/ftp.h				\
-	arpa/telnet.h				\
-	bind/bitypes.h				\
-	bsdsetjmp.h				\
-	curses.h				\
-	dlfcn.h					\
-	fnmatch.h				\
-	inttypes.h				\
-	io.h					\
-	libutil.h				\
-	limits.h				\
-	maillock.h				\
-	netgroup.h				\
-	netinet/in6_machtypes.h			\
-	netinfo/ni.h				\
-	pthread.h				\
-	pty.h					\
-	sac.h					\
-	sgtty.h					\
-	siad.h					\
-	signal.h				\
-	strings.h				\
-	stropts.h				\
-	sys/bitypes.h				\
-	sys/category.h				\
-	sys/file.h				\
-	sys/filio.h				\
-	sys/ioccom.h				\
-	sys/mman.h				\
-	sys/param.h				\
-	sys/pty.h				\
-	sys/ptyio.h				\
-	sys/select.h				\
-	sys/socket.h				\
-	sys/str_tty.h				\
-	sys/stream.h				\
-	sys/stropts.h				\
-	sys/syscall.h				\
-	sys/termio.h				\
-	sys/timeb.h				\
-	sys/times.h				\
-	sys/types.h				\
-	sys/un.h				\
-	termcap.h				\
-	termio.h				\
-	termios.h				\
-	time.h					\
-	tmpdir.h				\
-	udb.h					\
-	util.h					\
-	utmp.h					\
-	utmpx.h					\
-])
-
-dnl On Solaris 8 there's a compilation warning for term.h because
-dnl it doesn't define `bool'.
-AC_CHECK_HEADERS(term.h, , , -)
-
-AC_CHECK_HEADERS(net/if.h, , , [AC_INCLUDES_DEFAULT
-#if HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif])
-
-AC_CHECK_HEADERS(sys/ptyvar.h, , , [AC_INCLUDES_DEFAULT
-#if HAVE_SYS_TTY_H
-#include <sys/tty.h>
-#endif])
-
-AC_CHECK_HEADERS(sys/strtty.h, , , [AC_INCLUDES_DEFAULT
-#if HAVE_TERMIOS_H
-#include <termios.h>
-#endif
-#if HAVE_SYS_STREAM_H
-#include <sys/stream.h>
-#endif])
-
-AC_CHECK_HEADERS(sys/ucred.h, , , [AC_INCLUDES_DEFAULT
-#if HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#if HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif])
-
-AC_CHECK_HEADERS(security/pam_modules.h, , , [AC_INCLUDES_DEFAULT
-#include <security/pam_appl.h>
-])
-
-AC_ARG_ENABLE(netinfo,
-	AS_HELP_STRING([--enable-netinfo],[enable netinfo for configuration lookup]))
-
-if test "$ac_cv_header_netinfo_ni_h" = yes -a "$enable_netinfo" = yes; then
-       AC_DEFINE(HAVE_NETINFO, 1,
-               [Define if you want to use Netinfo instead of krb5.conf.])
-fi
-
-dnl export symbols
-rk_WIN32_EXPORT(BUILD_KRB5_LIB, KRB5_LIB_FUNCTION)
-rk_WIN32_EXPORT(BUILD_ROKEN_LIB, ROKEN_LIB_FUNCTION)
-
-dnl Checks for libraries.
-
-AC_FIND_FUNC_NO_LIBS(logwtmp, util,[
-#ifdef HAVE_UTIL_H
-#include <util.h>
-#endif
-],[0,0,0])
-AC_FIND_FUNC_NO_LIBS(logout, util,[
-#ifdef HAVE_UTIL_H
-#include <util.h>
-#endif
-],[0])
-AC_FIND_FUNC_NO_LIBS(openpty, util,[
-#ifdef HAVE_UTIL_H
-#include <util.h>
-#endif
-],[0,0,0,0,0])
-
-AC_FIND_FUNC_NO_LIBS(tgetent, termcap ncurses curses,[
-#ifdef HAVE_TERMCAP_H
-#include <termcap.h>
-#endif
-#ifdef HAVE_CURSES_H
-#include <curses.h>
-#endif
-],[0,0])
-
-dnl Checks for library functions.
-
-AC_CHECK_FUNCS([				\
-	_getpty					\
-	_scrsize				\
-	arc4random				\
-	fcntl					\
-	getpeereid				\
-	getpeerucred				\
-	grantpt					\
-	mktime					\
-	ptsname					\
-	rand					\
-	revoke					\
-	select					\
-	setitimer				\
-	setpcred				\
-	setpgid					\
-	setproctitle				\
-	setregid				\
-	setresgid				\
-	setresuid				\
-	setreuid				\
-	setsid					\
-	setutent				\
-	sigaction				\
-	strstr					\
-	ttyname					\
-	ttyslot					\
-	umask					\
-	unlockpt				\
-	vhangup					\
-	yp_get_default_domain			\
-])
-
-AC_FUNC_MMAP
-
-KRB_CAPABILITIES
-
-AC_CHECK_GETPWNAM_R_POSIX
-
-dnl detect doors on solaris
-if test "$enable_pthread_support" != no; then
-   saved_LIBS="$LIBS"
-   LIBS="$LIBS $PTHREADS_LIBS"
-   AC_FIND_FUNC_NO_LIBS(door_create, door)
-   LIBS="$saved_LIBS"
-fi
-
-AC_ARG_ENABLE(kcm,
-	AS_HELP_STRING([--enable-kcm],[enable Kerberos Credentials Manager]),
-,[enable_kcm=yes])
-
-if test "$enable_kcm" = yes ; then
-   if test  "$ac_cv_header_sys_un_h" != yes -a "$ac_cv_funclib_door_create" != yes ; then
-  	enable_kcm=no
-   fi
-fi
-if test "$enable_kcm" = yes; then
-       AC_DEFINE(HAVE_KCM, 1,
-               [Define if you want to use the Kerberos Credentials Manager.])
-fi
-AM_CONDITIONAL(KCM, test "$enable_kcm" = yes)
-
-
-
-dnl Cray stuff
-AC_CHECK_FUNCS(getudbnam setlim)
-
-dnl AC_KRB_FUNC_GETCWD_BROKEN
-
-dnl
-dnl Check for fields in struct utmp
-dnl
-
-AC_HAVE_STRUCT_FIELD(struct utmp, ut_addr, [#include <utmp.h>])
-AC_HAVE_STRUCT_FIELD(struct utmp, ut_host, [#include <utmp.h>])
-AC_HAVE_STRUCT_FIELD(struct utmp, ut_id, [#include <utmp.h>])
-AC_HAVE_STRUCT_FIELD(struct utmp, ut_pid, [#include <utmp.h>])
-AC_HAVE_STRUCT_FIELD(struct utmp, ut_type, [#include <utmp.h>])
-AC_HAVE_STRUCT_FIELD(struct utmp, ut_user, [#include <utmp.h>])
-AC_HAVE_STRUCT_FIELD(struct utmpx, ut_exit, [#include <utmpx.h>])
-AC_HAVE_STRUCT_FIELD(struct utmpx, ut_syslen, [#include <utmpx.h>])
-
-AC_CHECK_TYPES([int8_t, int16_t, int32_t, int64_t, 
-	u_int8_t, u_int16_t, u_int32_t, u_int64_t,
-	uint8_t, uint16_t, uint32_t, uint64_t],,,[
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-#include <sys/bitypes.h>
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-#include <netinet/in6_machtypes.h>
-#endif
-])
-
-rk_FRAMEWORK_SECURITY
-
-KRB_READLINE
-
-rk_TELNET
-
-dnl Some operating systems already have com_err and compile_et
-CHECK_COMPILE_ET
-
-rk_AUTH_MODULES([sia afskauthlib])
-
-rk_DESTDIRS
-
-rk_WFLAGS([-Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs])
-
-
-AH_BOTTOM([#ifdef ROKEN_RENAME
-#include "roken_rename.h"
-#endif])
-
-AC_CONFIG_FILES(Makefile 		\
-	etc/Makefile			\
-	include/Makefile		\
-	include/gssapi/Makefile		\
-	include/hcrypto/Makefile	\
-	include/kadm5/Makefile		\
-	lib/Makefile			\
-	lib/45/Makefile			\
-	lib/auth/Makefile		\
-	lib/auth/afskauthlib/Makefile	\
-	lib/auth/pam/Makefile		\
-	lib/auth/sia/Makefile		\
-	lib/asn1/Makefile		\
-	lib/com_err/Makefile		\
-	lib/hcrypto/Makefile		\
-	lib/editline/Makefile		\
-	lib/hx509/Makefile		\
-	lib/gssapi/Makefile		\
-	lib/ntlm/Makefile		\
-	lib/hdb/Makefile		\
-	lib/kadm5/Makefile		\
-	lib/kafs/Makefile		\
-	lib/kdfs/Makefile		\
-	lib/krb5/Makefile		\
-	lib/otp/Makefile		\
-	lib/roken/Makefile		\
-	lib/sl/Makefile			\
-	lib/vers/Makefile		\
-	kuser/Makefile			\
-	kpasswd/Makefile		\
-	kadmin/Makefile			\
-	admin/Makefile			\
-	kcm/Makefile			\
-	kdc/Makefile			\
-	appl/Makefile			\
-	appl/afsutil/Makefile		\
-	appl/ftp/Makefile		\
-	appl/ftp/common/Makefile	\
-	appl/ftp/ftp/Makefile		\
-	appl/ftp/ftpd/Makefile		\
-	appl/gssmask/Makefile		\
-	appl/kx/Makefile		\
-	appl/login/Makefile		\
-	appl/otp/Makefile		\
-	appl/popper/Makefile		\
-	appl/push/Makefile		\
-	appl/rsh/Makefile		\
-	appl/rcp/Makefile		\
-	appl/su/Makefile		\
-	appl/xnlock/Makefile		\
-	appl/telnet/Makefile		\
-	appl/telnet/libtelnet/Makefile	\
-	appl/telnet/telnet/Makefile	\
-	appl/telnet/telnetd/Makefile	\
-	appl/test/Makefile		\
-	appl/kf/Makefile		\
-	appl/dceutils/Makefile		\
-	tests/Makefile			\
-	tests/can/Makefile		\
-	tests/db/Makefile		\
-	tests/kdc/Makefile		\
-	tests/ldap/Makefile		\
-	tests/gss/Makefile		\
-	tests/java/Makefile		\
-	tests/plugin/Makefile		\
-	packages/Makefile		\
-	packages/mac/Makefile		\
-	packages/debian/Makefile	\
-	doc/Makefile			\
-	tools/Makefile			\
-)
-
-AC_OUTPUT
-
-dnl
-dnl This is the release version name-number[beta]
-dnl
-
-cat > include/newversion.h.in <<EOF
-const char *heimdal_long_version = "@([#])\$Version: $PACKAGE_STRING by @USER@ on @HOST@ ($host) @DATE@ \$";
-const char *heimdal_version = "AC_PACKAGE_STRING";
-EOF
-
-if test -f include/version.h && cmp -s include/newversion.h.in include/version.h.in; then
-	echo "include/version.h is unchanged"
-	rm -f include/newversion.h.in
-else
- 	echo "creating include/version.h"
- 	User=${USER-${LOGNAME}}
- 	Host=`(hostname || uname -n || echo unknown) 2>/dev/null | sed 1q`
- 	Date=`date`
-	mv -f include/newversion.h.in include/version.h.in
-	sed -e "s/@USER@/$User/" -e "s/@HOST@/$Host/" -e "s/@DATE@/$Date/" include/version.h.in > include/version.h
-fi
diff --git a/crypto/heimdal/doc/Makefile.am b/crypto/heimdal/doc/Makefile.am
deleted file mode 100644
index 87473fe0a3d6..000000000000
--- a/crypto/heimdal/doc/Makefile.am
+++ /dev/null
@@ -1,85 +0,0 @@
-# $Id: Makefile.am 22284 2007-12-13 20:39:37Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-AUTOMAKE_OPTIONS = no-texinfo.tex
-
-MAKEINFOFLAGS = --no-split --css-include=$(srcdir)/heimdal.css
-
-TEXI2DVI = true # ARGH, make distcheck can't be disabled to not build dvifiles
-
-info_TEXINFOS = heimdal.texi hx509.texi
-
-dxy_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \
-	-e 's,[@]objdir[@],.,g' \
-	-e 's,[@]PACKAGE_VERSION[@],$(PACKAGE_VERSION),g'
-
-krb5.dxy: krb5.din Makefile
-	$(dxy_subst) < $(srcdir)/krb5.din > krb5.dxy.tmp
-	chmod +x krb5.dxy.tmp
-	mv krb5.dxy.tmp krb5.dxy
-
-ntlm.dxy: ntlm.din Makefile
-	$(dxy_subst) < $(srcdir)/ntlm.din > ntlm.dxy.tmp
-	chmod +x ntlm.dxy.tmp
-	mv ntlm.dxy.tmp ntlm.dxy
-
-hx509.dxy: hx509.din Makefile
-	$(dxy_subst) < $(srcdir)/hx509.din > hx509.dxy.tmp
-	chmod +x hx509.dxy.tmp
-	mv hx509.dxy.tmp hx509.dxy
-
-hcrypto.dxy: hcrypto.din Makefile
-	$(dxy_subst) < $(srcdir)/hcrypto.din > hcrypto.dxy.tmp
-	chmod +x hcrypto.dxy.tmp
-	mv hcrypto.dxy.tmp hcrypto.dxy
-
-
-texi_subst = sed -e 's,[@]dbdir[@],$(localstatedir),g' \
-	-e 's,[@]PACKAGE_VERSION[@],$(PACKAGE_VERSION),g'
-
-vars.texi: vars.tin Makefile
-	$(texi_subst) < $(srcdir)/vars.tin > vars.texi.tmp
-	chmod +x vars.texi.tmp
-	mv vars.texi.tmp vars.texi
-
-doxygen: krb5.dxy ntlm.dxy hx509.dxy hcrypto.dxy
-	doxygen krb5.dxy
-	doxygen ntlm.dxy
-	doxygen hx509.dxy
-	doxygen hcrypto.dxy
-
-heimdal_TEXINFOS = \
-	ack.texi \
-	apps.texi \
-	heimdal.texi \
-	install.texi \
-	intro.texi \
-	kerberos4.texi \
-	migration.texi \
-	misc.texi \
-	programming.texi \
-	setup.texi \
-	vars.texi \
-	whatis.texi \
-	win2k.texi
-
-EXTRA_DIST = \
-	krb5.din \
-	ntlm.din \
-	hx509.din \
-	hcrypto.din \
-	heimdal.css \
-	init-creds \
-	latin1.tex \
-	layman.asc \
-	doxytmpl.dxy \
-	vars.tin
-
-CLEANFILES = \
-	krb5.dxy* \
-	ntlm.dxy* \
-	hx509.dxy* \
-	hcrypto.dxy* \
-	vars.texi*
-
diff --git a/crypto/heimdal/doc/Makefile.in b/crypto/heimdal/doc/Makefile.in
deleted file mode 100644
index b79a7e33ece5..000000000000
--- a/crypto/heimdal/doc/Makefile.in
+++ /dev/null
@@ -1,982 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 22284 2007-12-13 20:39:37Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(heimdal_TEXINFOS) $(srcdir)/Makefile.am \
-	$(srcdir)/Makefile.in $(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common mdate-sh
-subdir = doc
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-SOURCES =
-DIST_SOURCES =
-INFO_DEPS = $(srcdir)/heimdal.info $(srcdir)/hx509.info
-am__TEXINFO_TEX_DIR = $(srcdir)
-DVIS = heimdal.dvi hx509.dvi
-PDFS = heimdal.pdf hx509.pdf
-PSS = heimdal.ps hx509.ps
-HTMLS = heimdal.html hx509.html
-TEXINFOS = heimdal.texi hx509.texi
-TEXI2PDF = $(TEXI2DVI) --pdf --batch
-MAKEINFOHTML = $(MAKEINFO) --html
-AM_MAKEINFOHTMLFLAGS = $(AM_MAKEINFOFLAGS)
-DVIPS = dvips
-am__installdirs = "$(DESTDIR)$(infodir)"
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
-    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
-    *) f=$$p;; \
-  esac;
-am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-AUTOMAKE_OPTIONS = no-texinfo.tex
-MAKEINFOFLAGS = --no-split --css-include=$(srcdir)/heimdal.css
-TEXI2DVI = true # ARGH, make distcheck can't be disabled to not build dvifiles
-info_TEXINFOS = heimdal.texi hx509.texi
-dxy_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \
-	-e 's,[@]objdir[@],.,g' \
-	-e 's,[@]PACKAGE_VERSION[@],$(PACKAGE_VERSION),g'
-
-texi_subst = sed -e 's,[@]dbdir[@],$(localstatedir),g' \
-	-e 's,[@]PACKAGE_VERSION[@],$(PACKAGE_VERSION),g'
-
-heimdal_TEXINFOS = \
-	ack.texi \
-	apps.texi \
-	heimdal.texi \
-	install.texi \
-	intro.texi \
-	kerberos4.texi \
-	migration.texi \
-	misc.texi \
-	programming.texi \
-	setup.texi \
-	vars.texi \
-	whatis.texi \
-	win2k.texi
-
-EXTRA_DIST = \
-	krb5.din \
-	ntlm.din \
-	hx509.din \
-	hcrypto.din \
-	heimdal.css \
-	init-creds \
-	latin1.tex \
-	layman.asc \
-	doxytmpl.dxy \
-	vars.tin
-
-CLEANFILES = \
-	krb5.dxy* \
-	ntlm.dxy* \
-	hx509.dxy* \
-	hcrypto.dxy* \
-	vars.texi*
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .dvi .html .info .pdf .ps .texi
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps doc/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps doc/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-.texi.info:
-	restore=: && backupdir="$(am__leading_dot)am$$$$" && \
-	am__cwd=`pwd` && cd $(srcdir) && \
-	rm -rf $$backupdir && mkdir $$backupdir && \
-	if ($(MAKEINFO) --version) >/dev/null 2>&1; then \
-	  for f in $@ $@-[0-9] $@-[0-9][0-9] $(@:.info=).i[0-9] $(@:.info=).i[0-9][0-9]; do \
-	    if test -f $$f; then mv $$f $$backupdir; restore=mv; else :; fi; \
-	  done; \
-	else :; fi && \
-	cd "$$am__cwd"; \
-	if $(MAKEINFO) $(AM_MAKEINFOFLAGS) $(MAKEINFOFLAGS) -I $(srcdir) \
-	 -o $@ $<; \
-	then \
-	  rc=0; \
-	  cd $(srcdir); \
-	else \
-	  rc=$$?; \
-	  cd $(srcdir) && \
-	  $$restore $$backupdir/* `echo "./$@" | sed 's|[^/]*$$||'`; \
-	fi; \
-	rm -rf $$backupdir; exit $$rc
-
-.texi.dvi:
-	TEXINPUTS="$(am__TEXINFO_TEX_DIR)$(PATH_SEPARATOR)$$TEXINPUTS" \
-	MAKEINFO='$(MAKEINFO) $(AM_MAKEINFOFLAGS) $(MAKEINFOFLAGS) -I $(srcdir)' \
-	$(TEXI2DVI) $<
-
-.texi.pdf:
-	TEXINPUTS="$(am__TEXINFO_TEX_DIR)$(PATH_SEPARATOR)$$TEXINPUTS" \
-	MAKEINFO='$(MAKEINFO) $(AM_MAKEINFOFLAGS) $(MAKEINFOFLAGS) -I $(srcdir)' \
-	$(TEXI2PDF) $<
-
-.texi.html:
-	rm -rf $(@:.html=.htp)
-	if $(MAKEINFOHTML) $(AM_MAKEINFOHTMLFLAGS) $(MAKEINFOFLAGS) -I $(srcdir) \
-	 -o $(@:.html=.htp) $<; \
-	then \
-	  rm -rf $@; \
-	  if test ! -d $(@:.html=.htp) && test -d $(@:.html=); then \
-	    mv $(@:.html=) $@; else mv $(@:.html=.htp) $@; fi; \
-	else \
-	  if test ! -d $(@:.html=.htp) && test -d $(@:.html=); then \
-	    rm -rf $(@:.html=); else rm -Rf $(@:.html=.htp) $@; fi; \
-	  exit 1; \
-	fi
-$(srcdir)/heimdal.info: heimdal.texi $(heimdal_TEXINFOS)
-heimdal.dvi: heimdal.texi $(heimdal_TEXINFOS)
-heimdal.pdf: heimdal.texi $(heimdal_TEXINFOS)
-heimdal.html: heimdal.texi $(heimdal_TEXINFOS)
-$(srcdir)/hx509.info: hx509.texi 
-hx509.dvi: hx509.texi 
-hx509.pdf: hx509.texi 
-hx509.html: hx509.texi 
-.dvi.ps:
-	TEXINPUTS="$(am__TEXINFO_TEX_DIR)$(PATH_SEPARATOR)$$TEXINPUTS" \
-	$(DVIPS) -o $@ $<
-
-uninstall-dvi-am:
-	@$(NORMAL_UNINSTALL)
-	@list='$(DVIS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(dvidir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(dvidir)/$$f"; \
-	done
-
-uninstall-html-am:
-	@$(NORMAL_UNINSTALL)
-	@list='$(HTMLS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -rf '$(DESTDIR)$(htmldir)/$$f'"; \
-	  rm -rf "$(DESTDIR)$(htmldir)/$$f"; \
-	done
-
-uninstall-info-am:
-	@$(PRE_UNINSTALL)
-	@if test -d '$(DESTDIR)$(infodir)' && \
-	    (install-info --version && \
-	     install-info --version 2>&1 | sed 1q | grep -i -v debian) >/dev/null 2>&1; then \
-	  list='$(INFO_DEPS)'; \
-	  for file in $$list; do \
-	    relfile=`echo "$$file" | sed 's|^.*/||'`; \
-	    echo " install-info --info-dir='$(DESTDIR)$(infodir)' --remove '$(DESTDIR)$(infodir)/$$relfile'"; \
-	    install-info --info-dir="$(DESTDIR)$(infodir)" --remove "$(DESTDIR)$(infodir)/$$relfile"; \
-	  done; \
-	else :; fi
-	@$(NORMAL_UNINSTALL)
-	@list='$(INFO_DEPS)'; \
-	for file in $$list; do \
-	  relfile=`echo "$$file" | sed 's|^.*/||'`; \
-	  relfile_i=`echo "$$relfile" | sed 's|\.info$$||;s|$$|.i|'`; \
-	  (if test -d "$(DESTDIR)$(infodir)" && cd "$(DESTDIR)$(infodir)"; then \
-	     echo " cd '$(DESTDIR)$(infodir)' && rm -f $$relfile $$relfile-[0-9] $$relfile-[0-9][0-9] $$relfile_i[0-9] $$relfile_i[0-9][0-9]"; \
-	     rm -f $$relfile $$relfile-[0-9] $$relfile-[0-9][0-9] $$relfile_i[0-9] $$relfile_i[0-9][0-9]; \
-	   else :; fi); \
-	done
-
-uninstall-pdf-am:
-	@$(NORMAL_UNINSTALL)
-	@list='$(PDFS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(pdfdir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(pdfdir)/$$f"; \
-	done
-
-uninstall-ps-am:
-	@$(NORMAL_UNINSTALL)
-	@list='$(PSS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(psdir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(psdir)/$$f"; \
-	done
-
-dist-info: $(INFO_DEPS)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
-	list='$(INFO_DEPS)'; \
-	for base in $$list; do \
-	  case $$base in \
-	    $(srcdir)/*) base=`echo "$$base" | sed "s|^$$srcdirstrip/||"`;; \
-	  esac; \
-	  if test -f $$base; then d=.; else d=$(srcdir); fi; \
-	  base_i=`echo "$$base" | sed 's|\.info$$||;s|$$|.i|'`; \
-	  for file in $$d/$$base $$d/$$base-[0-9] $$d/$$base-[0-9][0-9] $$d/$$base_i[0-9] $$d/$$base_i[0-9][0-9]; do \
-	    if test -f $$file; then \
-	      relfile=`expr "$$file" : "$$d/\(.*\)"`; \
-	      test -f $(distdir)/$$relfile || \
-		cp -p $$file $(distdir)/$$relfile; \
-	    else :; fi; \
-	  done; \
-	done
-
-mostlyclean-aminfo:
-	-rm -rf heimdal.aux heimdal.cp heimdal.cps heimdal.fn heimdal.fns heimdal.ky \
-	  heimdal.kys heimdal.log heimdal.pg heimdal.tmp heimdal.toc \
-	  heimdal.tp heimdal.tps heimdal.vr heimdal.vrs heimdal.dvi \
-	  heimdal.pdf heimdal.ps heimdal.html hx509.aux hx509.cp \
-	  hx509.cps hx509.fn hx509.fns hx509.ky hx509.kys hx509.log \
-	  hx509.pg hx509.tmp hx509.toc hx509.tp hx509.tps hx509.vr \
-	  hx509.vrs hx509.dvi hx509.pdf hx509.ps hx509.html
-
-maintainer-clean-aminfo:
-	@list='$(INFO_DEPS)'; for i in $$list; do \
-	  i_i=`echo "$$i" | sed 's|\.info$$||;s|$$|.i|'`; \
-	  echo " rm -f $$i $$i-[0-9] $$i-[0-9][0-9] $$i_i[0-9] $$i_i[0-9][0-9]"; \
-	  rm -f $$i $$i-[0-9] $$i-[0-9][0-9] $$i_i[0-9] $$i_i[0-9][0-9]; \
-	done
-tags: TAGS
-TAGS:
-
-ctags: CTAGS
-CTAGS:
-
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-info dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(INFO_DEPS) all-local
-installdirs:
-	for dir in "$(DESTDIR)$(infodir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-generic
-
-dvi: dvi-am
-
-dvi-am: $(DVIS)
-
-html: html-am
-
-html-am: $(HTMLS)
-
-info: info-am
-
-info-am: $(INFO_DEPS)
-
-install-data-am: install-info-am
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-dvi-am: $(DVIS)
-	@$(NORMAL_INSTALL)
-	test -z "$(dvidir)" || $(MKDIR_P) "$(DESTDIR)$(dvidir)"
-	@list='$(DVIS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(INSTALL_DATA) '$$d$$p' '$(DESTDIR)$(dvidir)/$$f'"; \
-	  $(INSTALL_DATA) "$$d$$p" "$(DESTDIR)$(dvidir)/$$f"; \
-	done
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-html-am: $(HTMLS)
-	@$(NORMAL_INSTALL)
-	test -z "$(htmldir)" || $(MKDIR_P) "$(DESTDIR)$(htmldir)"
-	@list='$(HTMLS)'; for p in $$list; do \
-	  if test -f "$$p" || test -d "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  if test -d "$$d$$p"; then \
-	    echo " $(MKDIR_P) '$(DESTDIR)$(htmldir)/$$f'"; \
-	    $(MKDIR_P) "$(DESTDIR)$(htmldir)/$$f" || exit 1; \
-	    echo " $(INSTALL_DATA) '$$d$$p'/* '$(DESTDIR)$(htmldir)/$$f'"; \
-	    $(INSTALL_DATA) "$$d$$p"/* "$(DESTDIR)$(htmldir)/$$f"; \
-	  else \
-	    echo " $(INSTALL_DATA) '$$d$$p' '$(DESTDIR)$(htmldir)/$$f'"; \
-	    $(INSTALL_DATA) "$$d$$p" "$(DESTDIR)$(htmldir)/$$f"; \
-	  fi; \
-	done
-install-info: install-info-am
-
-install-info-am: $(INFO_DEPS)
-	@$(NORMAL_INSTALL)
-	test -z "$(infodir)" || $(MKDIR_P) "$(DESTDIR)$(infodir)"
-	@srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
-	list='$(INFO_DEPS)'; \
-	for file in $$list; do \
-	  case $$file in \
-	    $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
-	  esac; \
-	  if test -f $$file; then d=.; else d=$(srcdir); fi; \
-	  file_i=`echo "$$file" | sed 's|\.info$$||;s|$$|.i|'`; \
-	  for ifile in $$d/$$file $$d/$$file-[0-9] $$d/$$file-[0-9][0-9] \
-                       $$d/$$file_i[0-9] $$d/$$file_i[0-9][0-9] ; do \
-	    if test -f $$ifile; then \
-	      relfile=`echo "$$ifile" | sed 's|^.*/||'`; \
-	      echo " $(INSTALL_DATA) '$$ifile' '$(DESTDIR)$(infodir)/$$relfile'"; \
-	      $(INSTALL_DATA) "$$ifile" "$(DESTDIR)$(infodir)/$$relfile"; \
-	    else : ; fi; \
-	  done; \
-	done
-	@$(POST_INSTALL)
-	@if (install-info --version && \
-	     install-info --version 2>&1 | sed 1q | grep -i -v debian) >/dev/null 2>&1; then \
-	  list='$(INFO_DEPS)'; \
-	  for file in $$list; do \
-	    relfile=`echo "$$file" | sed 's|^.*/||'`; \
-	    echo " install-info --info-dir='$(DESTDIR)$(infodir)' '$(DESTDIR)$(infodir)/$$relfile'";\
-	    install-info --info-dir="$(DESTDIR)$(infodir)" "$(DESTDIR)$(infodir)/$$relfile" || :;\
-	  done; \
-	else : ; fi
-install-man:
-
-install-pdf: install-pdf-am
-
-install-pdf-am: $(PDFS)
-	@$(NORMAL_INSTALL)
-	test -z "$(pdfdir)" || $(MKDIR_P) "$(DESTDIR)$(pdfdir)"
-	@list='$(PDFS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(INSTALL_DATA) '$$d$$p' '$(DESTDIR)$(pdfdir)/$$f'"; \
-	  $(INSTALL_DATA) "$$d$$p" "$(DESTDIR)$(pdfdir)/$$f"; \
-	done
-install-ps: install-ps-am
-
-install-ps-am: $(PSS)
-	@$(NORMAL_INSTALL)
-	test -z "$(psdir)" || $(MKDIR_P) "$(DESTDIR)$(psdir)"
-	@list='$(PSS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(INSTALL_DATA) '$$d$$p' '$(DESTDIR)$(psdir)/$$f'"; \
-	  $(INSTALL_DATA) "$$d$$p" "$(DESTDIR)$(psdir)/$$f"; \
-	done
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-aminfo \
-	maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-aminfo mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am: $(PDFS)
-
-ps: ps-am
-
-ps-am: $(PSS)
-
-uninstall-am: uninstall-dvi-am uninstall-html-am uninstall-info-am \
-	uninstall-pdf-am uninstall-ps-am
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool dist-hook dist-info distclean \
-	distclean-generic distclean-libtool distdir dvi dvi-am html \
-	html-am info info-am install install-am install-data \
-	install-data-am install-data-hook install-dvi install-dvi-am \
-	install-exec install-exec-am install-exec-hook install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-ps install-ps-am \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-aminfo \
-	maintainer-clean-generic mostlyclean mostlyclean-aminfo \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	uninstall uninstall-am uninstall-dvi-am uninstall-hook \
-	uninstall-html-am uninstall-info-am uninstall-pdf-am \
-	uninstall-ps-am
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-krb5.dxy: krb5.din Makefile
-	$(dxy_subst) < $(srcdir)/krb5.din > krb5.dxy.tmp
-	chmod +x krb5.dxy.tmp
-	mv krb5.dxy.tmp krb5.dxy
-
-ntlm.dxy: ntlm.din Makefile
-	$(dxy_subst) < $(srcdir)/ntlm.din > ntlm.dxy.tmp
-	chmod +x ntlm.dxy.tmp
-	mv ntlm.dxy.tmp ntlm.dxy
-
-hx509.dxy: hx509.din Makefile
-	$(dxy_subst) < $(srcdir)/hx509.din > hx509.dxy.tmp
-	chmod +x hx509.dxy.tmp
-	mv hx509.dxy.tmp hx509.dxy
-
-hcrypto.dxy: hcrypto.din Makefile
-	$(dxy_subst) < $(srcdir)/hcrypto.din > hcrypto.dxy.tmp
-	chmod +x hcrypto.dxy.tmp
-	mv hcrypto.dxy.tmp hcrypto.dxy
-
-vars.texi: vars.tin Makefile
-	$(texi_subst) < $(srcdir)/vars.tin > vars.texi.tmp
-	chmod +x vars.texi.tmp
-	mv vars.texi.tmp vars.texi
-
-doxygen: krb5.dxy ntlm.dxy hx509.dxy hcrypto.dxy
-	doxygen krb5.dxy
-	doxygen ntlm.dxy
-	doxygen hx509.dxy
-	doxygen hcrypto.dxy
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/doc/ack.texi b/crypto/heimdal/doc/ack.texi
deleted file mode 100644
index 3c41f5000bc2..000000000000
--- a/crypto/heimdal/doc/ack.texi
+++ /dev/null
@@ -1,72 +0,0 @@
-@c $Id: ack.texi 21228 2007-06-20 10:18:03Z lha $
-
-@node  Acknowledgments, , Migration, Top
-@comment  node-name,  next,  previous,  up
-@appendix Acknowledgments
-
-Eric Young wrote ``libdes''. Heimdal used to use libdes, without it
-kth-krb would never have existed. Since there are no longer any Eric
-Young code left in the library, we renamed it to libhcrypto.
-
-All functions in libhcrypto have been re-implemented or used available
-public domain code. The core AES function where written by Vincent
-Rijmen, Antoon Bosselaers and Paulo Barreto.  The core DES SBOX
-transformation was written by Richard Outerbridge. @code{imath} that
-is used for public key crypto support is written by Michael
-J. Fromberger.
-
-The University of California at Berkeley initially wrote @code{telnet},
-and @code{telnetd}.  The authentication and encryption code of
-@code{telnet} and @code{telnetd} was added by David Borman (then of Cray
-Research, Inc).  The encryption code was removed when this was exported
-and then added back by Juha Eskelinen.
-
-The @code{popper} was also a Berkeley program initially.
-
-Some of the functions in @file{libroken} also come from Berkeley by way
-of NetBSD/FreeBSD.
-
-@code{editline} was written by Simmule Turner and Rich Salz. Heimdal
-contains a modifed copy.
-
-The @code{getifaddrs} implementation for Linux was written by Hideaki
-YOSHIFUJI for the Usagi project.
-
-The @code{pkcs11.h} headerfile was written by the Scute project.
-
-Bugfixes, documentation, encouragement, and code has been contributed by:
-@table @asis
-@item Alexander Bostr�m
-@item Andreaw Bartlett
-@item Bj�rn Sandell
-@item Brandon S. Allbery KF8NH
-@item Brian A May
-@item Chaskiel M Grundman
-@item Cizzi Storm
-@item Daniel Kouril
-@item David Love
-@item Derrick J Brashear
-@item Douglas E Engert
-@item Frank van der Linden
-@item Jason McIntyre
-@item Johan Ihr�n
-@item Jun-ichiro itojun Hagino
-@item Ken Hornstein
-@item Magnus Ahltorp
-@item Marc Horowitz
-@item Mario Strasser
-@item Mark Eichin
-@item Mattias Amnefelt
-@item Michael B Allen
-@item Michael Fromberger
-@item Michal Vocu
-@item Miroslav Ruda
-@item Petr Holub
-@item Phil Fisher
-@item Rafal Malinowski
-@item Richard Nyberg
-@item �ke Sandgren 
-@item and we hope that those not mentioned here will forgive us.
-@end table
-
-All bugs were introduced by ourselves.
diff --git a/crypto/heimdal/doc/apps.texi b/crypto/heimdal/doc/apps.texi
deleted file mode 100644
index 9d451b60cd75..000000000000
--- a/crypto/heimdal/doc/apps.texi
+++ /dev/null
@@ -1,244 +0,0 @@
-@c $Id: apps.texi 22071 2007-11-14 20:04:50Z lha $
-
-@node Applications, Things in search for a better place, Setting up a realm, Top
-
-@chapter Applications
-
-@menu
-* Authentication modules::
-* AFS::
-@end menu
-
-@node  Authentication modules, AFS, Applications, Applications
-@section Authentication modules
-
-The problem of having different authentication mechanisms has been
-recognised by several vendors, and several solutions have appeared. In
-most cases these solutions involve some kind of shared modules that are
-loaded at run-time.  Modules for some of these systems can be found in
-@file{lib/auth}.  Presently there are modules for Digital's SIA,
-and IRIX' @code{login} and @code{xdm} (in
-@file{lib/auth/afskauthlib}).
-
-@menu
-* Digital SIA::                 
-* IRIX::                        
-@end menu
-
-@node Digital SIA, IRIX, Authentication modules, Authentication modules
-@subsection Digital SIA
-
-How to install the SIA module depends on which OS version you're
-running. Tru64 5.0 has a new command, @file{siacfg}, which makes this
-process quite simple. If you have this program, you should just be able
-to run:
-@example
-siacfg -a KRB5 /usr/athena/lib/libsia_krb5.so
-@end example
-
-On older versions, or if you want to do it by hand, you have to do the
-following (not tested by us on Tru64 5.0):
-
-@itemize @bullet
-
-@item
-Make sure @file{libsia_krb5.so} is available in
-@file{/usr/athena/lib}. If @file{/usr/athena} is not on local disk, you
-might want to put it in @file{/usr/shlib} or someplace else. If you do,
-you'll have to edit @file{krb5_matrix.conf} to reflect the new location
-(you will also have to do this if you installed in some other directory
-than @file{/usr/athena}). If you built with shared libraries, you will
-have to copy the shared @file{libkrb.so}, @file{libdes.so},
-@file{libkadm.so}, and @file{libkafs.so} to a place where the loader can
-find them (such as @file{/usr/shlib}).
-@item
-Copy (your possibly edited) @file{krb5_matrix.conf} to @file{/etc/sia}.
-@item
-Apply @file{security.patch} to @file{/sbin/init.d/security}.
-@item
-Turn on KRB5 security by issuing @kbd{rcmgr set SECURITY KRB5} and
-@kbd{rcmgr set KRB5_MATRIX_CONF krb5_matrix.conf}.
-@item
-Digital thinks you should reboot your machine, but that really shouldn't
-be necessary.  It's usually sufficient just to run
-@kbd{/sbin/init.d/security start} (and restart any applications that use
-SIA, like @code{xdm}.)
-@end itemize
-
-Users with local passwords (like @samp{root}) should be able to login
-safely.
-
-When using Digital's xdm the @samp{KRB5CCNAME} environment variable isn't
-passed along as it should (since xdm zaps the environment). Instead you
-have to set @samp{KRB5CCNAME} to the correct value in
-@file{/usr/lib/X11/xdm/Xsession}. Add a line similar to
-@example
-KRB5CCNAME=FILE:/tmp/krb5cc`id -u`_`ps -o ppid= -p $$`; export KRB5CCNAME
-@end example
-If you use CDE, @code{dtlogin} allows you to specify which additional
-environment variables it should export. To add @samp{KRB5CCNAME} to this
-list, edit @file{/usr/dt/config/Xconfig}, and look for the definition of
-@samp{exportList}. You want to add something like:
-@example
-Dtlogin.exportList:     KRB5CCNAME
-@end example
-
-@subsubheading Notes to users with Enhanced security
-
-Digital's @samp{ENHANCED} (C2) security, and Kerberos solve two
-different problems. C2 deals with local security, adds better control of
-who can do what, auditing, and similar things. Kerberos deals with
-network security.
-
-To make C2 security work with Kerberos you will have to do the
-following.
-
-@itemize @bullet
-@item
-Replace all occurrences of @file{krb5_matrix.conf} with
-@file{krb5+c2_matrix.conf} in the directions above.
-@item
-You must enable ``vouching'' in the @samp{default} database.  This will
-make the OSFC2 module trust other SIA modules, so you can login without
-giving your C2 password. To do this use @samp{edauth} to edit the
-default entry @kbd{/usr/tcb/bin/edauth -dd default}, and add a
-@samp{d_accept_alternate_vouching} capability, if not already present.
-@item
-For each user who does @emph{not} have a local C2 password, you should
-set the password expiration field to zero. You can do this for each
-user, or in the @samp{default} table. To do this use @samp{edauth} to
-set (or change) the @samp{u_exp} capability to @samp{u_exp#0}.
-@item
-You also need to be aware that the shipped @file{login}, @file{rcp}, and
-@file{rshd}, don't do any particular C2 magic (such as checking for
-various forms of disabled accounts), so if you rely on those features,
-you shouldn't use those programs. If you configure with
-@samp{--enable-osfc2}, these programs will, however, set the login
-UID. Still: use at your own risk.
-@end itemize
-
-At present @samp{su} does not accept the vouching flag, so it will not
-work as expected.
-
-Also, kerberised ftp will not work with C2 passwords. You can solve this
-by using both Digital's ftpd and our on different ports.
-
-@strong{Remember}, if you do these changes you will get a system that
-most certainly does @emph{not} fulfil the requirements of a C2
-system. If C2 is what you want, for instance if someone else is forcing
-you to use it, you're out of luck.  If you use enhanced security because
-you want a system that is more secure than it would otherwise be, you
-probably got an even more secure system. Passwords will not be sent in
-the clear, for instance.
-
-@node IRIX, , Digital SIA, Authentication modules
-@subsection IRIX
-
-The IRIX support is a module that is compatible with Transarc's
-@file{afskauthlib.so}.  It should work with all programs that use this
-library. This should include @command{login} and @command{xdm}.
-
-The interface is not very documented but it seems that you have to copy
-@file{libkafs.so}, @file{libkrb.so}, and @file{libdes.so} to
-@file{/usr/lib}, or build your @file{afskauthlib.so} statically.
-
-The @file{afskauthlib.so} itself is able to reside in
-@file{/usr/vice/etc}, @file{/usr/afsws/lib}, or the current directory
-(wherever that is).
-
-IRIX 6.4 and newer seem to have all programs (including @command{xdm} and
-@command{login}) in the N32 object format, whereas in older versions they
-were O32. For it to work, the @file{afskauthlib.so} library has to be in
-the same object format as the program that tries to load it. This might
-require that you have to configure and build for O32 in addition to the
-default N32.
-
-Apart from this it should ``just work''; there are no configuration
-files.
-
-Note that recent Irix 6.5 versions (at least 6.5.22) have PAM,
-including a @file{pam_krb5.so} module.  Not all relevant programs use
-PAM, though, e.g.@: @command{ssh}. In particular, for console
-graphical login you need to turn off @samp{visuallogin} and turn on
-@samp{xdm} with @command{chkconfig}.
-
-@node AFS, , Authentication modules, Applications
-@section AFS
-
-@cindex AFS
-AFS is a distributed filesystem that uses Kerberos for authentication.
-
-@cindex OpenAFS
-@cindex Arla
-For more information about AFS see OpenAFS
-@url{http://www.openafs.org/} and Arla
-@url{http://www.stacken.kth.se/projekt/arla/}.
-
-@subsection How to get a KeyFile
-
-@file{ktutil -k AFSKEYFILE:KeyFile get afs@@MY.REALM}
-
-or you can extract it with kadmin
-
-@example
-kadmin> ext -k AFSKEYFILE:/usr/afs/etc/KeyFile afs@@My.CELL.NAME
-@end example
-
-You have to make sure you have a @code{des-cbc-md5} encryption type since that
-is the enctype that will be converted.
-
-@subsection How to convert a srvtab to a KeyFile
-
-You need a @file{/usr/vice/etc/ThisCell} containing the cellname of your
-AFS-cell.
-
-@file{ktutil copy krb4:/root/afs-srvtab AFSKEYFILE:/usr/afs/etc/KeyFile}.
-
-If keyfile already exists, this will add the new key in afs-srvtab to
-KeyFile.
-
-@section Using 2b tokens with AFS
-
-@subsection What is 2b ?
-
-2b is the name of the proposal that was implemented to give basic
-Kerberos 5 support to AFS in rxkad. It's not real Kerberos 5 support
-since it still uses fcrypt for data encryption and not Kerberos
-encryption types.
-
-Its only possible (in all cases) to do this for DES encryption types
-because only then the token (the AFS equivalent of a ticket) will be
-smaller than the maximum size that can fit in the token cache in the
-OpenAFS/Transarc client. It is a so tight fit that some extra wrapping
-on the ASN1/DER encoding is removed from the Kerberos ticket.
-
-2b uses a Kerberos 5 EncTicketPart instead of a Kerberos 4 ditto for
-the part of the ticket that is encrypted with the service's key. The
-client doesn't know what's inside the encrypted data so to the client
-it doesn't matter.
-
-To  differentiate between Kerberos 4 tickets and Kerberos 5 tickets, 2b
-uses a special kvno, 213 for 2b tokens and 255 for Kerberos 5 tokens.
-
-Its a requirement that all AFS servers that support 2b also support
-native Kerberos 5 in rxkad.
-
-@subsection Configuring a Heimdal kdc to use 2b tokens
-
-Support for 2b tokens in the kdc are turned on for specific principals
-by adding them to the string list option @code{[kdc]use_2b} in the
-kdc's @file{krb5.conf} file.
-
-@example
-[kdc]
-	use_2b = @{
-		afs@@SU.SE = yes
-		afs/it.su.se@@SU.SE = yes
-	@}
-@end example
-
-@subsection Configuring AFS clients for 2b support
-
-There is no need to configure AFS clients for 2b support. The only
-software that needs to be installed/upgrade is a Kerberos 5 enabled
-@file{afslog}.
diff --git a/crypto/heimdal/doc/doxytmpl.dxy b/crypto/heimdal/doc/doxytmpl.dxy
deleted file mode 100644
index bb7f25cb85e1..000000000000
--- a/crypto/heimdal/doc/doxytmpl.dxy
+++ /dev/null
@@ -1,257 +0,0 @@
-#---------------------------------------------------------------------------
-# Project related configuration options
-#---------------------------------------------------------------------------
-DOXYFILE_ENCODING      = UTF-8
-CREATE_SUBDIRS         = NO
-OUTPUT_LANGUAGE        = English
-BRIEF_MEMBER_DESC      = YES
-REPEAT_BRIEF           = YES
-ABBREVIATE_BRIEF       = "The $name class " \
-                         "The $name widget " \
-                         "The $name file " \
-                         is \
-                         provides \
-                         specifies \
-                         contains \
-                         represents \
-                         a \
-                         an \
-                         the
-ALWAYS_DETAILED_SEC    = NO
-INLINE_INHERITED_MEMB  = NO
-FULL_PATH_NAMES        = YES
-STRIP_FROM_PATH        = /Applications/
-STRIP_FROM_INC_PATH    = 
-SHORT_NAMES            = NO
-JAVADOC_AUTOBRIEF      = NO
-QT_AUTOBRIEF           = NO
-MULTILINE_CPP_IS_BRIEF = NO
-DETAILS_AT_TOP         = NO
-INHERIT_DOCS           = YES
-SEPARATE_MEMBER_PAGES  = NO
-TAB_SIZE               = 8
-ALIASES                = 
-OPTIMIZE_OUTPUT_FOR_C  = YES
-OPTIMIZE_OUTPUT_JAVA   = NO
-BUILTIN_STL_SUPPORT    = NO
-CPP_CLI_SUPPORT        = NO
-DISTRIBUTE_GROUP_DOC   = NO
-SUBGROUPING            = YES
-#---------------------------------------------------------------------------
-# Build related configuration options
-#---------------------------------------------------------------------------
-EXTRACT_ALL            = NO
-EXTRACT_PRIVATE        = NO
-EXTRACT_STATIC         = NO
-EXTRACT_LOCAL_CLASSES  = YES
-EXTRACT_LOCAL_METHODS  = NO
-EXTRACT_ANON_NSPACES   = NO
-HIDE_UNDOC_MEMBERS     = YES
-HIDE_UNDOC_CLASSES     = YES
-HIDE_FRIEND_COMPOUNDS  = NO
-HIDE_IN_BODY_DOCS      = NO
-INTERNAL_DOCS          = NO
-CASE_SENSE_NAMES       = NO
-HIDE_SCOPE_NAMES       = NO
-SHOW_INCLUDE_FILES     = YES
-INLINE_INFO            = YES
-SORT_MEMBER_DOCS       = YES
-SORT_BRIEF_DOCS        = NO
-SORT_BY_SCOPE_NAME     = NO
-GENERATE_TODOLIST      = YES
-GENERATE_TESTLIST      = YES
-GENERATE_BUGLIST       = YES
-GENERATE_DEPRECATEDLIST= YES
-ENABLED_SECTIONS       = 
-MAX_INITIALIZER_LINES  = 30
-SHOW_USED_FILES        = YES
-SHOW_DIRECTORIES       = NO
-FILE_VERSION_FILTER    = 
-#---------------------------------------------------------------------------
-# configuration options related to warning and progress messages
-#---------------------------------------------------------------------------
-QUIET                  = YES
-WARNINGS               = YES
-WARN_IF_DOC_ERROR      = YES
-WARN_NO_PARAMDOC       = YES
-WARN_FORMAT            = "$file:$line: $text "
-WARN_LOGFILE           = 
-#---------------------------------------------------------------------------
-# configuration options related to the input files
-#---------------------------------------------------------------------------
-INPUT_ENCODING         = UTF-8
-FILE_PATTERNS          = *.c \
-                         *.cc \
-                         *.cxx \
-                         *.cpp \
-                         *.c++ \
-                         *.d \
-                         *.java \
-                         *.ii \
-                         *.ixx \
-                         *.ipp \
-                         *.i++ \
-                         *.inl \
-                         *.h \
-                         *.hh \
-                         *.hxx \
-                         *.hpp \
-                         *.h++ \
-                         *.idl \
-                         *.odl \
-                         *.cs \
-                         *.php \
-                         *.php3 \
-                         *.inc \
-                         *.m \
-                         *.mm \
-                         *.dox \
-                         *.py
-RECURSIVE              = YES
-EXCLUDE                = 
-EXCLUDE_SYMLINKS       = NO
-EXCLUDE_PATTERNS       = */.svn
-EXCLUDE_SYMBOLS        = 
-EXAMPLE_PATH           = 
-EXAMPLE_PATTERNS       = *
-EXAMPLE_RECURSIVE      = NO
-IMAGE_PATH             = 
-INPUT_FILTER           = 
-FILTER_PATTERNS        = 
-FILTER_SOURCE_FILES    = NO
-#---------------------------------------------------------------------------
-# configuration options related to source browsing
-#---------------------------------------------------------------------------
-SOURCE_BROWSER         = NO
-INLINE_SOURCES         = NO
-STRIP_CODE_COMMENTS    = YES
-REFERENCED_BY_RELATION = NO
-REFERENCES_RELATION    = NO
-REFERENCES_LINK_SOURCE = YES
-USE_HTAGS              = NO
-VERBATIM_HEADERS       = NO
-#---------------------------------------------------------------------------
-# configuration options related to the alphabetical class index
-#---------------------------------------------------------------------------
-ALPHABETICAL_INDEX     = NO
-COLS_IN_ALPHA_INDEX    = 5
-IGNORE_PREFIX          = 
-#---------------------------------------------------------------------------
-# configuration options related to the HTML output
-#---------------------------------------------------------------------------
-GENERATE_HTML          = YES
-HTML_OUTPUT            = html
-HTML_FILE_EXTENSION    = .html
-HTML_STYLESHEET        = 
-HTML_ALIGN_MEMBERS     = YES
-GENERATE_HTMLHELP      = NO
-HTML_DYNAMIC_SECTIONS  = NO
-CHM_FILE               = 
-HHC_LOCATION           = 
-GENERATE_CHI           = NO
-BINARY_TOC             = NO
-TOC_EXPAND             = NO
-DISABLE_INDEX          = NO
-ENUM_VALUES_PER_LINE   = 4
-GENERATE_TREEVIEW      = NO
-TREEVIEW_WIDTH         = 250
-#---------------------------------------------------------------------------
-# configuration options related to the LaTeX output
-#---------------------------------------------------------------------------
-GENERATE_LATEX         = NO
-LATEX_OUTPUT           = latex
-LATEX_CMD_NAME         = latex
-MAKEINDEX_CMD_NAME     = makeindex
-COMPACT_LATEX          = NO
-PAPER_TYPE             = a4wide
-EXTRA_PACKAGES         = 
-LATEX_HEADER           = 
-PDF_HYPERLINKS         = NO
-USE_PDFLATEX           = NO
-LATEX_BATCHMODE        = NO
-LATEX_HIDE_INDICES     = NO
-#---------------------------------------------------------------------------
-# configuration options related to the RTF output
-#---------------------------------------------------------------------------
-GENERATE_RTF           = NO
-RTF_OUTPUT             = rtf
-COMPACT_RTF            = NO
-RTF_HYPERLINKS         = NO
-RTF_STYLESHEET_FILE    = 
-RTF_EXTENSIONS_FILE    = 
-#---------------------------------------------------------------------------
-# configuration options related to the man page output
-#---------------------------------------------------------------------------
-GENERATE_MAN           = YES
-MAN_OUTPUT             = man
-MAN_EXTENSION          = .3
-MAN_LINKS              = YES
-#---------------------------------------------------------------------------
-# configuration options related to the XML output
-#---------------------------------------------------------------------------
-GENERATE_XML           = NO
-XML_OUTPUT             = xml
-XML_SCHEMA             = 
-XML_DTD                = 
-XML_PROGRAMLISTING     = YES
-#---------------------------------------------------------------------------
-# configuration options for the AutoGen Definitions output
-#---------------------------------------------------------------------------
-GENERATE_AUTOGEN_DEF   = NO
-#---------------------------------------------------------------------------
-# configuration options related to the Perl module output
-#---------------------------------------------------------------------------
-GENERATE_PERLMOD       = NO
-PERLMOD_LATEX          = NO
-PERLMOD_PRETTY         = YES
-PERLMOD_MAKEVAR_PREFIX = 
-#---------------------------------------------------------------------------
-# Configuration options related to the preprocessor   
-#---------------------------------------------------------------------------
-ENABLE_PREPROCESSING   = YES
-MACRO_EXPANSION        = NO
-EXPAND_ONLY_PREDEF     = NO
-SEARCH_INCLUDES        = YES
-INCLUDE_PATH           = 
-INCLUDE_FILE_PATTERNS  = 
-PREDEFINED             = 
-EXPAND_AS_DEFINED      = 
-SKIP_FUNCTION_MACROS   = YES
-#---------------------------------------------------------------------------
-# Configuration::additions related to external references   
-#---------------------------------------------------------------------------
-TAGFILES               = 
-GENERATE_TAGFILE       = 
-ALLEXTERNALS           = NO
-EXTERNAL_GROUPS        = YES
-#---------------------------------------------------------------------------
-# Configuration options related to the dot tool   
-#---------------------------------------------------------------------------
-CLASS_DIAGRAMS         = NO
-MSCGEN_PATH            = /Applications/Doxygen.app/Contents/Resources/
-HIDE_UNDOC_RELATIONS   = YES
-HAVE_DOT               = YES
-CLASS_GRAPH            = YES
-COLLABORATION_GRAPH    = YES
-GROUP_GRAPHS           = YES
-UML_LOOK               = NO
-TEMPLATE_RELATIONS     = NO
-INCLUDE_GRAPH          = YES
-INCLUDED_BY_GRAPH      = YES
-CALL_GRAPH             = NO
-CALLER_GRAPH           = NO
-GRAPHICAL_HIERARCHY    = YES
-DIRECTORY_GRAPH        = YES
-DOT_IMAGE_FORMAT       = png
-DOT_PATH               = /Applications/Doxygen.app/Contents/Resources/
-DOTFILE_DIRS           = 
-DOT_GRAPH_MAX_NODES    = 50
-MAX_DOT_GRAPH_DEPTH    = 1000
-DOT_TRANSPARENT        = NO
-DOT_MULTI_TARGETS      = NO
-GENERATE_LEGEND        = YES
-DOT_CLEANUP            = YES
-#---------------------------------------------------------------------------
-# Configuration::additions related to the search engine   
-#---------------------------------------------------------------------------
-SEARCHENGINE           = NO
diff --git a/crypto/heimdal/doc/hcrypto.din b/crypto/heimdal/doc/hcrypto.din
deleted file mode 100644
index 55f1ed7c6ae3..000000000000
--- a/crypto/heimdal/doc/hcrypto.din
+++ /dev/null
@@ -1,15 +0,0 @@
-# Doxyfile 1.5.3
-
-PROJECT_NAME           = "Heimdal crypto library"
-PROJECT_NUMBER         = @PACKAGE_VERSION@
-OUTPUT_DIRECTORY       = @objdir@/hcrypto
-INPUT                  = @srcdir@/../lib/hcrypto
-
-WARN_IF_UNDOCUMENTED   = YES
-
-PERL_PATH              = /usr/bin/perl
-
-HTML_HEADER = "@srcdir@/header.html"
-HTML_FOOTER = "@srcdir@/footer.html"
-
-@INCLUDE = "@srcdir@/doxytmpl.dxy"
diff --git a/crypto/heimdal/doc/heimdal.css b/crypto/heimdal/doc/heimdal.css
deleted file mode 100644
index 2e5b374f1f87..000000000000
--- a/crypto/heimdal/doc/heimdal.css
+++ /dev/null
@@ -1,53 +0,0 @@
-body {
-	color: black;
-	background-color: #fdfdfd;
-	font-family: serif;
-	max-width: 40em;
-}
-h1, h2, h3 {
-	font-family: sans-serif;
-	font-weight: bold;
-}
-h1 {
-    padding: 0.5em 0 0.5em 5%;
-    color: white;
-    background: #3366cc;
-    border-bottom: solid 1px black;
-}
-h1 {
-	font-size: 200%;
-}
-h2 {
-	font-size: 150%;
-}
-h3 {
-	font-size: 120%;
-}
-h4 {
-	font-weight: bold;
-}
-pre.example {
-	margin-left: 2em;
-	padding: 1em 0em;
-	border: 2px dashed #c0c0c0;
-	background: #f0f0f0;
-}
-a:link {
-  color: blue;
-  text-decoration: none;
-}
-a:visited {
-  color: red;
-  text-decoration: none
-}
-a:hover {
-  text-decoration: underline
-}
-span.literal {
-	font-family: monospace;
-}
-hr {
-	border-style: none;
-	background-color: black;
-	height: 1px;
-}
diff --git a/crypto/heimdal/doc/heimdal.texi b/crypto/heimdal/doc/heimdal.texi
deleted file mode 100644
index 1b999d30108f..000000000000
--- a/crypto/heimdal/doc/heimdal.texi
+++ /dev/null
@@ -1,370 +0,0 @@
-\input texinfo @c -*- texinfo -*-
-@c %**start of header
-@c $Id: heimdal.texi 22191 2007-12-06 17:26:30Z lha $
-@setfilename heimdal.info
-@settitle HEIMDAL
-@iftex
-@afourpaper
-@end iftex
-@c some sensible characters, please?
-@tex
-\input latin1.tex
-@end tex
-@setchapternewpage on
-@syncodeindex pg cp
-@c %**end of header
-
-@include vars.texi
-
-@set UPDATED $Date: 2007-12-06 09:26:30 -0800 (Tor, 06 Dec 2007) $
-@set VERSION @value{PACKAGE_VERSION}
-@set EDITION 1.0
-
-@ifinfo
-@dircategory Security
-@direntry
-* Heimdal: (heimdal).           The Kerberos 5 distribution from KTH
-@end direntry
-@end ifinfo
-
-@c title page
-@titlepage
-@title Heimdal
-@subtitle Kerberos 5 from KTH
-@subtitle Edition @value{EDITION}, for version @value{VERSION}
-@subtitle 2007
-@author Johan Danielsson
-@author Love H�rnquist �strand
-@author Assar Westerlund
-@author last updated @value{UPDATED}
-
-@def@copynext{@vskip 20pt plus 1fil@penalty-1000}
-@def@copyrightstart{}
-@def@copyrightend{}
-@page
-@copyrightstart
-Copyright (c) 1997-2007 Kungliga Tekniska H�gskolan 
-(Royal Institute of Technology, Stockholm, Sweden).
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-
-1. Redistributions of source code must retain the above copyright
-   notice, this list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-
-3. Neither the name of the Institute nor the names of its contributors
-   may be used to endorse or promote products derived from this software
-   without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
-@copynext
-
-Copyright (C) 1990 by the Massachusetts Institute of Technology
-
-Export of this software from the United States of America may
-require a specific license from the United States Government.
-It is the responsibility of any person or organization contemplating
-export to obtain such a license before exporting.
-
-WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission.  M.I.T. makes no representations about the suitability of
-this software for any purpose.  It is provided "as is" without express
-or implied warranty.
-
-@copynext
-
-Copyright (c) 1988, 1990, 1993
-     The Regents of the University of California.  All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-
-1. Redistributions of source code must retain the above copyright
-   notice, this list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-
-3. Neither the name of the University nor the names of its contributors
-   may be used to endorse or promote products derived from this software
-   without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
-@copynext
-
-Copyright 1992 Simmule Turner and Rich Salz.  All rights reserved. 
-
-This software is not subject to any license of the American Telephone 
-and Telegraph Company or of the Regents of the University of California. 
-
-Permission is granted to anyone to use this software for any purpose on
-any computer system, and to alter it and redistribute it freely, subject
-to the following restrictions:
-
-1. The authors are not responsible for the consequences of use of this
-   software, no matter how awful, even if they arise from flaws in it.
-
-2. The origin of this software must not be misrepresented, either by
-   explicit claim or by omission.  Since few users ever read sources,
-   credits must appear in the documentation.
-
-3. Altered versions must be plainly marked as such, and must not be
-   misrepresented as being the original software.  Since few users
-   ever read sources, credits must appear in the documentation.
-
-4. This notice may not be removed or altered.
-
-@copynext
-
-IMath is Copyright 2002-2005 Michael J. Fromberger
-You may use it subject to the following Licensing Terms:
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-@copynext
-
-Copyright (c) 2005 Doug Rabson
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the above copyright
-   notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-
-THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
-@copynext
-
-Copyright (c) 2005 Marko Kreen
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the above copyright
-       notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
-       notice, this list of conditions and the following disclaimer in the
-       documentation and/or other materials provided with the distribution.
-
-THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.	IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
-@copynext
-
-Copyright (c) 2006,2007
-NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the above copyright
-  notice, this list of conditions and the following disclaimer as
-  the first lines of this file unmodified.
-2. Redistributions in binary form must reproduce the above copyright
-  notice, this list of conditions and the following disclaimer in the
-  documentation and/or other materials provided with the distribution.
-
-THIS SOFTWARE IS PROVIDED BY NTT ``AS IS'' AND ANY EXPRESS OR
-IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT,
-INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-@copyrightend
-@end titlepage
-
-@macro manpage{man, section}
-@cite{\man\(\section\)}
-@end macro
-
-@c Less filling! Tastes great!
-@iftex
-@parindent=0pt
-@global@parskip 6pt plus 1pt
-@global@chapheadingskip = 15pt plus 4pt minus 2pt 
-@global@secheadingskip = 12pt plus 3pt minus 2pt
-@global@subsecheadingskip = 9pt plus 2pt minus 2pt
-@end iftex
-@ifinfo
-@paragraphindent 0
-@end ifinfo
-
-@ifnottex
-@node Top, Introduction, (dir), (dir)
-@top Heimdal
-@end ifnottex
-
-This manual is last updated @value{UPDATED} for version
-@value{VERSION} of Heimdal.
-
-@menu
-* Introduction::                
-* What is Kerberos?::           
-* Building and Installing::     
-* Setting up a realm::          
-* Applications::                
-* Things in search for a better place::  
-* Kerberos 4 issues::           
-* Windows 2000 compatability::  
-* Programming with Kerberos::   
-* Migration::                   
-* Acknowledgments::             
-
-@detailmenu
- --- The Detailed Node Listing ---
-
-Setting up a realm
-
-* Configuration file::          
-* Creating the database::       
-* Modifying the database::      
-* keytabs::                     
-* Serving Kerberos 4/524/kaserver::  
-* Remote administration::       
-* Password changing::           
-* Testing clients and servers::  
-* Slave Servers::               
-* Incremental propagation::     
-* Encryption types and salting::                     
-* Cross realm::                 
-* Transit policy::              
-* Setting up DNS::              
-* Using LDAP to store the database::  
-* Providing Kerberos credentials to servers and programs::  
-* Setting up PK-INIT::
-
-Applications
-
-* Authentication modules::      
-* AFS::                         
-
-Authentication modules
-
-* Digital SIA::                 
-* IRIX::                        
-
-Kerberos 4 issues
-
-* Principal conversion issues::  
-* Converting a version 4 database::  
-* kaserver::                    
-
-Windows 2000 compatability
-
-* Configuring Windows 2000 to use a Heimdal KDC::  
-* Inter-Realm keys (trust) between Windows 2000 and a Heimdal KDC::  
-* Create account mappings::     
-* Encryption types::            
-* Authorisation data::          
-* Quirks of Windows 2000 KDC::  
-* Useful links when reading about the Windows 2000::  
-
-Programming with Kerberos
-
-* Kerberos 5 API Overview::     
-* Walkthrough of a sample Kerberos 5 client::  
-* Validating a password in a server application::  
-* API differences to MIT Kerberos::  
-* File formats::
-
-@end detailmenu
-@end menu
-
-@include intro.texi
-@include whatis.texi
-@include install.texi
-@include setup.texi
-@include apps.texi
-@include misc.texi
-@include kerberos4.texi
-@include win2k.texi
-@include programming.texi
-@include migration.texi
-@include ack.texi
-
-@c @shortcontents
-@contents
-
-@bye
diff --git a/crypto/heimdal/doc/hx509.din b/crypto/heimdal/doc/hx509.din
deleted file mode 100644
index e28429f383bd..000000000000
--- a/crypto/heimdal/doc/hx509.din
+++ /dev/null
@@ -1,15 +0,0 @@
-# Doxyfile 1.5.3
-
-PROJECT_NAME           = Heimdal x509 library
-PROJECT_NUMBER         = @PACKAGE_VERSION@
-OUTPUT_DIRECTORY       = @objdir@/hx509
-INPUT                  = @srcdir@/../lib/hx509
-
-WARN_IF_UNDOCUMENTED   = YES
-
-PERL_PATH              = /usr/bin/perl
-
-HTML_HEADER = "@srcdir@/header.html"
-HTML_FOOTER = "@srcdir@/footer.html"
-
-@INCLUDE = "@srcdir@/doxytmpl.dxy"
diff --git a/crypto/heimdal/doc/hx509.texi b/crypto/heimdal/doc/hx509.texi
deleted file mode 100644
index dbb5261ef938..000000000000
--- a/crypto/heimdal/doc/hx509.texi
+++ /dev/null
@@ -1,633 +0,0 @@
-\input texinfo @c -*- texinfo -*-
-@c %**start of header
-@c $Id: hx509.texi 22071 2007-11-14 20:04:50Z lha $
-@setfilename hx509.info
-@settitle HX509
-@iftex
-@afourpaper
-@end iftex
-@c some sensible characters, please?
-@tex
-\input latin1.tex
-@end tex
-@setchapternewpage on
-@syncodeindex pg cp
-@c %**end of header
-
-@set UPDATED $Date: 2007-11-14 12:04:50 -0800 (Ons, 14 Nov 2007) $
-@set VERSION 1.0
-@set EDITION 1.0
-
-@ifinfo
-@dircategory Security
-@direntry
-* hx509: (hx509).           The X.509 distribution from KTH
-@end direntry
-@end ifinfo
-
-@c title page
-@titlepage
-@title HX509
-@subtitle X.509 distribution from KTH
-@subtitle Edition @value{EDITION}, for version @value{VERSION}
-@subtitle 2007
-@author Love H�rnquist �strand
-@author last updated @value{UPDATED}
-
-@def@copynext{@vskip 20pt plus 1fil@penalty-1000}
-@def@copyrightstart{}
-@def@copyrightend{}
-@page
-@copyrightstart
-Copyright (c) 1994-2007 Kungliga Tekniska H�gskolan
-(Royal Institute of Technology, Stockholm, Sweden).
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-
-1. Redistributions of source code must retain the above copyright
-   notice, this list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-
-3. Neither the name of the Institute nor the names of its contributors
-   may be used to endorse or promote products derived from this software
-   without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
-@copynext
-
-Copyright (C) 1990 by the Massachusetts Institute of Technology
-
-Export of this software from the United States of America may
-require a specific license from the United States Government.
-It is the responsibility of any person or organization contemplating
-export to obtain such a license before exporting.
-
-WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission.  M.I.T. makes no representations about the suitability of
-this software for any purpose.  It is provided "as is" without express
-or implied warranty.
-
-@copynext
-
-Copyright (c) 1988, 1990, 1993
-     The Regents of the University of California.  All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-
-1. Redistributions of source code must retain the above copyright
-   notice, this list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-
-3. Neither the name of the University nor the names of its contributors
-   may be used to endorse or promote products derived from this software
-   without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
-@copynext
-
-Copyright 1992 Simmule Turner and Rich Salz.  All rights reserved.
-
-This software is not subject to any license of the American Telephone
-and Telegraph Company or of the Regents of the University of California.
-
-Permission is granted to anyone to use this software for any purpose on
-any computer system, and to alter it and redistribute it freely, subject
-to the following restrictions:
-
-1. The authors are not responsible for the consequences of use of this
-   software, no matter how awful, even if they arise from flaws in it.
-
-2. The origin of this software must not be misrepresented, either by
-   explicit claim or by omission.  Since few users ever read sources,
-   credits must appear in the documentation.
-
-3. Altered versions must be plainly marked as such, and must not be
-   misrepresented as being the original software.  Since few users
-   ever read sources, credits must appear in the documentation.
-
-4. This notice may not be removed or altered.
-
-@copynext
-
-IMath is Copyright 2002-2005 Michael J. Fromberger
-You may use it subject to the following Licensing Terms:
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-@copyrightend
-@end titlepage
-
-@macro manpage{man, section}
-@cite{\man\(\section\)}
-@end macro
-
-@c Less filling! Tastes great!
-@iftex
-@parindent=0pt
-@global@parskip 6pt plus 1pt
-@global@chapheadingskip = 15pt plus 4pt minus 2pt
-@global@secheadingskip = 12pt plus 3pt minus 2pt
-@global@subsecheadingskip = 9pt plus 2pt minus 2pt
-@end iftex
-@ifinfo
-@paragraphindent 0
-@end ifinfo
-
-@ifnottex
-@node Top, Introduction, (dir), (dir)
-@top Heimdal
-@end ifnottex
-
-This manual is last updated @value{UPDATED} for version
-@value{VERSION} of hx509.
-
-@menu
-* Introduction::
-* What is X.509 ?::
-* Setting up a CA::
-* CMS signing and encryption::
-
-@detailmenu
- --- The Detailed Node Listing ---
-
-Setting up a CA
-
-@c * Issuing certificates::
-* Creating a CA certificate::
-* Issuing certificates::
-* Issuing CRLs::
-@c * Issuing a proxy certificate::
-@c * Creating a user certificate::
-@c * Validating a certificate::
-@c * Validating a certificate path::
-* Application requirements::
-
-CMS signing and encryption
-
-* CMS background::
-
-@end detailmenu
-@end menu
-
-@node Introduction, What is X.509 ?, Top, Top
-@chapter Introduction
-
-hx509 is a somewhat complete X.509 stack that can handle CMS messages
-(crypto system used in S/MIME and Kerberos PK-INIT) and basic
-certificate processing tasks, path construction, path validation, OCSP
-and CRL validation, PKCS10 message construction, CMS Encrypted (shared
-secret encrypted), CMS SignedData (certificate signed), and CMS
-EnvelopedData (certificate encrypted).
-
-hx509 can use PKCS11 tokens, PKCS12 files, PEM files, DER encoded files.
-
-@node What is X.509 ?, Setting up a CA, Introduction, Top
-@chapter What is X.509, PKIX, PKCS7 and CMS ? 
-
-X.509 is from the beginning created by CCITT (later ITU) for the X.500
-directory service. But today when people are talking about X.509 they
-are commonly referring to IETF's PKIX Certificate and CRL Profile of the
-X.509 v3 certificate standard, as specified in RFC 3280.
-
-ITU continues to develop the X.509 standard together in a complicated
-dance with IETF.
-
-X.509 is public key based security system that have associated data
-stored within a so called certificate. From the beginning X.509 was a
-strict hierarchical system with one root. This didn't not work so over
-time X.509 got support for multiple policy roots, bridges, and mesh
-solutions. You can even use it as a peer to peer system, but this is not
-very common.
-
-@section Type of certificates
-
-There are several flavors of certificate in X.509.
-
-@itemize @bullet
-
-@item Trust anchors
-
-Trust anchors are strictly not certificate, but commonly stored in
-certificate since they are easier to handle then. Trust anchor are the
-keys that you trust to validate other certificate. This is done by
-building a path from the certificate you wan to validate to to any of
-the trust anchors you have.
-
-@item End Entity (EE) certificates
-
-End entity certificates is the most common type of certificate. End
-entity certificates can't issue certificate them-self and is used to
-authenticate and authorize user and services.
-
-@item Certification Authority (CA) certificates
-
-Certificate authority are certificates that have the right to issue
-other certificate, they may be End entity certificates or Certificate
-Authority certificates. There is no limit to how many certificates a CA
-may issue, but there might other restrictions, like the maximum path
-depth.
-
-@item Proxy certificates
-
-Remember that End Entity can't issue certificates by them own, it's not
-really true. There there is an extension called proxy certificates,
-defined in RFC3820, that allows certificates to be issued by end entity
-certificates. The service that receives the proxy certificates must have
-explicitly turned on support for proxy certificates, so their use is
-somewhat limited.
-
-Proxy certificates can be limited by policy stored in the certificate to
-what they can be used for. This allows users to delegate the proxy
-certificate to services (by sending over the certificate and private
-key) so the service can access services on behalf of the user.
-
-One example of this would be a print service. The user wants to print a
-large job in the middle of the night when the printer isn't used that
-much, so the user creates a proxy certificate with the policy that it
-can only be used to access files related to this print job, creates the
-print job description and send both the description and proxy
-certificate with key over to print service. Later at night will the
-print service, without the help of the user, access the files for the
-the print job using the proxy certificate and print the job. Because of
-the policy (limitation) in the proxy certificate, it can't be used for
-any other purposes.
-
-@end itemize
-
-@section Building a path
-
-Before validating a path the path must be constructed. Given a
-certificate (EE, CA, Proxy, or any other type), the path construction
-algorithm will try to find a path to one of the trust anchors.
-
-It start with looking at whom issued the certificate, by name or Key
-Identifier, and tries to find that certificate while at the same time
-evaluates the policy.
-
-@node Setting up a CA, Creating a CA certificate, What is X.509 ?, Top
-@chapter Setting up a CA
-
-Do not let this chapter scare you off, it's just to give you an idea how
-to complicated setting up a CA can be. If you are just playing around,
-skip all this and go to the next chapter, @pxref{Creating a CA
-certificate}.
-
-Creating a CA certificate should be more the just creating a
-certificate, there is the policy of the CA. If it's just you and your
-friend that is playing around then it probably doesn't matter what the
-policy is. But then it comes to trust in an organisation, it will
-probably matter more whom your users and sysadmins will find it
-acceptable to trust.
-
-At the same time, try to keep thing simple, it's not very hard to run a
-Certificate authority and the process to get new certificates should
-simple.
-
-Fill all this in later.
-
-How do you trust your CA.
-
-What is the CA responsibility.
-
-Review of CA activity.
-
-How much process should it be to issue certificate.
-
-Who is allowed to issue certificates.
-
-Who is allowed to requests certificates.
-
-How to handle certificate revocation, issuing CRLs and maintain OCSP
-services.
-
-@node Creating a CA certificate, Issuing certificates, Setting up a CA, Top
-@section Creating a CA certificate
-
-This section describes how to create a CA certificate and what to think
-about.
-
-@subsection Lifetime CA certificate
-
-You probably want to create a CA certificate with a long lifetime, 10
-years at the shortest. This because you don't want to push out the
-certificate (as a trust anchor) to all you users once again when the old
-one just expired. A trust anchor can't really expire, but not all
-software works that way.
-
-Keep in mind the security requirements might be different 10-20 years
-into the future. For example, SHA1 is going to be withdrawn in 2010, so
-make sure you have enough buffering in your choice of digest/hash
-algorithms, signature algorithms and key lengths.
-
-@subsection Create a CA certificate
-
-This command below will create a CA certificate in the file ca.pem.
-
-@example
-hxtool issue-certificate \
-    --self-signed \
-    --issue-ca \
-    --generate-key=rsa \
-    --subject="CN=CertificateAuthority,DC=test,DC=h5l,DC=se" \
-    --lifetime=10years \
-    --certificate="FILE:ca.pem"
-@end example
-
-@subsection Extending lifetime of a CA certificate
-
-You just realised that your CA certificate is going to expire soon and
-that you need replace it with something else, the easiest way to do that
-is to extend the lifetime of your CA certificate.
-
-The example below will extend the CA certificate 10 years into the
-future. You should compare this new certificate if it contains all the
-special tweaks as the old certificate had.
-
-@example
-hxtool issue-certificate \
-    --self-signed \
-    --issue-ca \
-    --lifetime="10years" \
-    --template-certificate="FILE:ca.pem" \
-    --template-fields="serialNumber,notBefore,subject,SPKI" \
-    --ca-private-key=FILE:ca.pem \
-    --certificate="FILE:new-ca.pem"
-@end example
-
-@subsection Subordinate CA
-
-This example create a new subordinate certificate authority.
-
-@example
-hxtool issue-certificate \
-    --ca-certificate=FILE:ca.pem \
-    --issue-ca \
-    --generate-key=rsa \
-    --subject="CN=CertificateAuthority,DC=dev,DC=test,DC=h5l,DC=se" \
-    --certificate="FILE:dev-ca.pem"
-@end example
-
-
-@node Issuing certificates, Issuing CRLs, Creating a CA certificate, Top
-@section Issuing certificates
-
-First you'll create a CA certificate, after that you have to deal with
-your users and servers and issue certificate to them.
-
-CA can generate the key for the user.
-
-Can receive PKCS10 certificate requests from the users. PKCS10 is a
-request for a certificate. The user can specified what DN the user wants
-and what public key. To prove the user have the key, the whole request
-is signed by the private key of the user.
-
-@subsection Name space management
-
-What people might want to see.
-
-Re-issue certificates just because people moved within the organization.
-
-Expose privacy information.
-
-Using Sub-component name (+ notation).
-
-@subsection Certificate Revocation, CRL and OCSP
-
-Sonetimes people loose smartcard or computers and certificates have to
-be make not valid any more, this is called revoking certificates. There
-are two main protocols for doing this Certificate Revocations Lists
-(CRL) and Online Certificate Status Protocol (OCSP).
-
-If you know that the certificate is destroyed then there is no need to
-revoke the certificate because it can not be used by someone else.
-
-The main reason you as a CA administrator have to deal with CRLs however
-will be that some software require there to be CRLs. Example of this is
-Windows, so you have to deal with this somehow.
-
-@node Issuing CRLs, Application requirements, Issuing certificates, Top
-@section Issuing CRLs
-
-Create an empty CRL with not certificates revoked. Default expiration
-value is one year from now.
-
-@example
-hxtool crl-sign \
-	--crl-file=crl.der \
-	--signer=FILE:ca.pem
-@end example
-
-Create a CRL with all certificates in the directory
-@file{/path/to/revoked/dir} included in the CRL as revoked.  Also make
-it expire one month from now.
-
-@example
-hxtool crl-sign \
-	--crl-file=crl.der \
-        --signer=FILE:ca.pem \
-	--lifetime='1 month' \
-        DIR:/path/to/revoked/dir
-@end example
-
-@node Application requirements, CMS signing and encryption, Issuing CRLs, Top
-@section Application requirements
-
-Application have different requirements on certificates. This section
-tries to expand what they are and how to use hxtool to generate
-certificates for those services.
-
-@subsection HTTPS - server
-
-@example
-hxtool issue-certificate \
-	  --subject="CN=www.test.h5l.se,DC=test,DC=h5l,DC=se" \
-	  --type="https-server" \
-          --hostname="www.test.h5l.se" \
-          --hostname="www2.test.h5l.se" \
-          ...
-@end example
-
-@subsection HTTPS - client
-
-@example
-hxtool issue-certificate \
-	  --subject="UID=testus,DC=test,DC=h5l,DC=se" \
-	  --type="https-client" \
-          ...
-@end example
-
-@subsection S/MIME - email
-
-There are two things that should be set in S/MIME certificates, one or
-more email addresses and an extended eku usage (EKU), emailProtection.
-
-The email address format used in S/MIME certificates is defined in
-RFC2822, section 3.4.1 and it should be an ``addr-spec''.
-
-There are two ways to specifify email address in certificates. The old
-ways is in the subject distinguished name, this should not be used. The
-new way is using a Subject Alternative Name (SAN).
-
-But even though email address is stored in certificates, they don't need
-to, email reader programs are required to accept certificates that
-doesn't have either of the two methods of storing email in certificates.
-In that case, they try to protect the user by printing the name of the
-certificate instead.
-
-S/MIME certificate can be used in another special way. They can be
-issued with a NULL subject distinguished name plus the email in SAN,
-this is a valid certificate. This is used when you wont want to share
-more information then you need to.
-
-hx509 issue-certificate supports adding the email SAN to certificate by
-using the --email option, --email also gives an implicit emailProtection
-eku. If you want to create an certificate without an email address, the
-option --type=email will add the emailProtection EKU.
-
-@example
-hxtool issue-certificate \
-	  --subject="UID=testus-email,DC=test,DC=h5l,DC=se" \
-	  --type=email \
-	  --email="testus@@test.h5l.se" \
-          ...
-@end example
-
-An example of an certificate without and subject distinguished name with
-an email address in a SAN.
-
-@example
-hxtool issue-certificate \
-	  --subject="" \
-	  --type=email \
-	  --email="testus@@test.h5l.se" \
-          ...
-@end example
-
-@subsection PK-INIT
-
-How to create a certificate for a KDC.
-
-@example
-hxtool issue-certificate \
-    --type="pkinit-kdc" \
-    --pk-init-principal="krbtgt/TEST.H5L.SE@@TEST.H5L.SE" \
-    --hostname kerberos.test.h5l.se \
-    --hostname pal.test.h5l.se \
-    ...
-@end example
-
-How to create a certificate for a user.
-
-@example
-hxtool issue-certificate \
-    --type="pkinit-client" \
-    --pk-init-principal="user@@TEST.H5L.SE" \
-    ...
-@end example
-
-@subsection XMPP/Jabber
-
-The jabber server certificate should have a dNSname that is the same as
-the user entered into the application, not the same as the host name of
-the machine.
-
-@example
-hxtool issue-certificate \
-	  --subject="CN=xmpp1.test.h5l.se,DC=test,DC=h5l,DC=se" \
-          --hostname="xmpp1.test.h5l.se" \
-          --hostname="test.h5l.se" \
-          ...
-@end example
-
-The certificate may also contain a jabber identifier (JID) that, if the
-receiver allows it, authorises the server or client to use that JID.
-
-When storing a JID inside the certificate, both for server and client,
-it's stored inside a UTF8String within an otherName entity inside the
-subjectAltName, using the OID id-on-xmppAddr (1.3.6.1.5.5.7.8.5).
-
-To read more about the requirements, see RFC3920, Extensible Messaging
-and Presence Protocol (XMPP): Core.
-
-hxtool issue-certificate have support to add jid to the certificate
-using the option @kbd{--jid}.
-
-@example
-hxtool issue-certificate \
-	  --subject="CN=Love,DC=test,DC=h5l,DC=se" \
-          --jid="lha@@test.h5l.se" \
-          ...
-@end example
-
-
-@node CMS signing and encryption, CMS background, Application requirements, Top
-@chapter CMS signing and encryption
-
-CMS is the Cryptographic Message System that among other, is used by
-S/MIME (secure email) and Kerberos PK-INIT. It's an extended version of
-the RSA, Inc standard PKCS7.
-
-@node CMS background, , CMS signing and encryption, Top
-@section CMS background
-
-
-@c @shortcontents
-@contents
-
-@bye
diff --git a/crypto/heimdal/doc/init-creds b/crypto/heimdal/doc/init-creds
deleted file mode 100644
index 8892d29ff40e..000000000000
--- a/crypto/heimdal/doc/init-creds
+++ /dev/null
@@ -1,374 +0,0 @@
-Currently, getting an initial ticket for a user involves many function
-calls, especially when a full set of features including password
-expiration and challenge preauthentication is desired.  In order to
-solve this problem, a new api is proposed.
-
-typedef struct _krb5_prompt {
-    char *prompt;
-    int hidden;
-    krb5_data *reply;
-} krb5_prompt;
-
-typedef int (*krb5_prompter_fct)(krb5_context context,
-				 void *data,
-				 const char *banner,
-				 int num_prompts,
-				 krb5_prompt prompts[]);
-
-typedef struct _krb5_get_init_creds_opt {
-    krb5_flags flags;
-    krb5_deltat tkt_life;
-    krb5_deltat renew_life;
-    int forwardable;
-    int proxiable;
-    krb5_enctype *etype_list;
-    int etype_list_length;
-    krb5_address **address_list;
-	/* XXX the next three should not be used, as they may be
-	removed later */
-    krb5_preauthtype *preauth_list;
-    int preauth_list_length;
-    krb5_data *salt;
-} krb5_get_init_creds_opt;
-
-#define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE	0x0001
-#define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE	0x0002
-#define KRB5_GET_INIT_CREDS_OPT_FORWARDABLE	0x0004
-#define KRB5_GET_INIT_CREDS_OPT_PROXIABLE	0x0008
-#define KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST	0x0010
-#define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST	0x0020
-#define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST	0x0040
-#define KRB5_GET_INIT_CREDS_OPT_SALT		0x0080
-
-void krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt);
-
-void krb5_get_init_creds_opt_set_tkt_life(krb5_get_init_creds_opt *opt,
-					  krb5_deltat tkt_life);
-void krb5_get_init_creds_opt_set_renew_life(krb5_get_init_creds_opt *opt,
-					    krb5_deltat renew_life);
-void krb5_get_init_creds_opt_set_forwardable(krb5_get_init_creds_opt *opt,
-					     int forwardable);
-void krb5_get_init_creds_opt_set_proxiable(krb5_get_init_creds_opt *opt,
-					   int proxiable);
-void krb5_get_init_creds_opt_set_etype_list(krb5_get_init_creds_opt *opt,
-					    krb5_enctype *etype_list,
-					    int etype_list_length);
-void krb5_get_init_creds_opt_set_address_list(krb5_get_init_creds_opt *opt,
-					      krb5_address **addresses);
-void krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt,
-					      krb5_preauthtype *preauth_list,
-					      int preauth_list_length);
-void krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt,
-				      krb5_data *salt);
-
-krb5_error_code
-krb5_get_init_creds_password(krb5_context context,
-			     krb5_creds *creds,
-			     krb5_principal client,
-			     char *password,
-			     krb5_prompter_fct prompter,
-			     void *data,
-			     krb5_deltat start_time,
-			     char *in_tkt_service,
-			     krb5_get_init_creds_opt *options);
-
-This function will attempt to acquire an initial ticket.  The function
-will perform whatever tasks are necessary to do so.  This may include
-changing an expired password, preauthentication.
-
-The arguments divide into two types.  Some arguments are basically
-invariant and arbitrary across all initial tickets, and if not
-specified are determined by configuration or library defaults.  Some
-arguments are different for each execution or application, and if not
-specified can be determined correctly from system configuration or
-environment.  The former arguments are contained in a structure whose
-pointer is passed to the function.  A bitmask specifies which elements
-of the structure should be used.  In most cases, a NULL pointer can be
-used.  The latter arguments are specified as individual arguments to
-the function.
-
-If a pointer to a credential is specified, the initial credential is
-filled in.  If the caller only wishes to do a simple password check
-and will not be doing any other kerberos functions, then a NULL
-pointer may be specified, and the credential will be destroyed.
-
-If the client name is non-NULL, the initial ticket requested will be
-for that principal.  Otherwise, the principal will be the username
-specified by the USER environment variable, or if the USER environment
-variable is not set, the username corresponding to the real user id of
-the caller.
-
-If the password is non-NULL, then this string is used as the password.
-Otherwise, the prompter function will be used to prompt the user for
-the password.
-
-If a prompter function is non-NULL, it will be used if additional user
-input is required, such as if the user's password has expired and
-needs to be changed, or if input preauthentication is necessary.  If
-no function is specified and input is required, then the login will
-fail.
-
-	The context argument is the same as that passed to krb5_login.
-	The data argument is passed unmodified to the prompter
-	function and is intended to be used to pass application data
-	(such as a display handle) to the prompter function.
-
-	The banner argument, if non-NULL, will indicate what sort of
-	input is expected from the user (for example, "Password has
-	expired and must be changed" or "Enter Activcard response for
-	challenge 012345678"), and should be displayed accordingly.
-	
-	The num_prompts argument indicates the number of values which
-	should be prompted for.  If num_prompts == 0, then the banner
-	contains an informational message which should be displayed to
-	the user.
-
-	The prompts argument contains an array describing the values
-	for which the user should be prompted.  The prompt member
-	indicates the prompt for each value ("Enter new
-	password"/"Enter it again", or "Challenge response").  The
-	hidden member is nonzero if the response should not be
-	displayed back to the user.  The reply member is a pointer to
-	krb5_data structure which has already been allocated.  The
-	prompter should fill in the structure with the NUL-terminated
-	response from the user.
-
-	If the response data does not fit, or if any other error
-	occurs, then the prompter function should return a non-zero
-	value which will be returned by the krb5_get_init_creds
-	function. Otherwise, zero should be returned.
-
-	The library function krb5_prompter_posix() implements
-	a prompter using a posix terminal for user in.  This function
-	does not use the data argument.
-
-If the start_time is zero, then the requested ticket will be valid
-beginning immediately.  Otherwise, the start_time indicates how far in
-the future the ticket should be postdated.
-
-If the in_tkt_service name is non-NULL, that principal name will be
-used as the server name for the initial ticket request.  The realm of
-the name specified will be ignored and will be set to the realm of the
-client name.  If no in_tkt_service name is specified,
-krbtgt/CLIENT-REALM@CLIENT-REALM will be used.
-
-For the rest of arguments, a configuration or library default will be
-used if no value is specified in the options structure.
-
-If a tkt_life is specified, that will be the lifetime of the ticket.
-The library default is 10 hours; there is no configuration variable
-(there should be, but it's not there now).
-
-If a renew_life is specified and non-zero, then the RENEWABLE option
-on the ticket will be set, and the value of the argument will be the
-the renewable lifetime.  The configuration variable [libdefaults]
-"renew_lifetime" is the renewable lifetime if none is passed in.  The
-library default is not to set the RENEWABLE option.
-
-If forwardable is specified, the FORWARDABLE option on the ticket will
-be set if and only if forwardable is non-zero.  The configuration
-variable [libdefaults] "forwardable" is used if no value is passed in.
-The option will be set if and only if the variable is "y", "yes",
-"true", "t", "1", or "on", case insensitive.  The library default is
-not to set the FORWARDABLE option.
-
-If proxiable is specified, the PROXIABLE option on the ticket will be
-set if and only if proxiable is non-zero.  The configuration variable
-[libdefaults] "proxiable" is used if no value is passed in.  The
-option will be set if and only if the variable is "y", "yes", "true",
-"t", "1", or "on", case insensitive.  The library default is not to
-set the PROXIABLE option.
-
-If etype_list is specified, it will be used as the list of desired
-encryption algorithms in the request.  The configuration variable
-[libdefaults] "default_tkt_enctypes" is used if no value is passed in.
-The library default is "des-cbc-md5 des-cbc-crc".
-
-If address_list is specified, it will be used as the list of addresses
-for which the ticket will be valid.  The library default is to use all
-local non-loopback addresses.  There is no configuration variable.
-
-If preauth_list is specified, it names preauth data types which will
-be included in the request.  The library default is to interact with
-the kdc to determine the required preauth types.  There is no
-configuration variable.
-
-If salt is specified, it specifies the salt which will be used when
-converting the password to a key.  The library default is to interact
-with the kdc to determine the correct salt.  There is no configuration
-variable.
-
-================================================================
-
-typedef struct _krb5_verify_init_creds_opt {
-    krb5_flags flags;
-    int ap_req_nofail;
-} krb5_verify_init_creds_opt;
-
-#define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL	0x0001
-
-void krb5_verify_init_creds_opt_init(krb5_init_creds_opt *options);
-void krb5_verify_init_creds_opt_set_ap_req_nofail(krb5_init_creds_opt *options,
-						  int ap_req_nofail);
-
-krb5_error_code
-krb5_verify_init_creds(krb5_context context,
-		       krb5_creds *creds,
-		       krb5_principal ap_req_server,
-		       krb5_keytab ap_req_keytab,
-		       krb5_ccache *ccache,
-		       krb5_verify_init_creds_opt *options);
-
-This function will use the initial ticket in creds to make an AP_REQ
-and verify it to insure that the AS_REP has not been spoofed.
-
-If the ap_req_server name is non-NULL, then this service name will be
-used for the AP_REQ; otherwise, the default host key
-(host/hostname.domain@LOCAL-REALM) will be used.
-
-If ap_req_keytab is non-NULL, the service key for the verification
-will be read from that keytab; otherwise, the service key will be read
-from the default keytab. 
-
-If the service of the ticket in creds is the same as the service name
-for the AP_REQ, then this ticket will be used directly.  If the ticket
-is a tgt, then it will be used to obtain credentials for the service.
-Otherwise, the verification will fail, and return an error.
-
-Other failures of the AP_REQ verification may or may not be considered
-errors, as described below.
-
-If a pointer to a credential cache handle is specified, and the handle
-is NULL, a credential cache handle referring to all credentials
-obtained in the course of verifying the user will be returned.  In
-order to avoid potential setuid race conditions and other problems
-related to file system access, this handle will refer to a memory
-credential cache.  If the handle is non-NULL, then the credentials
-will be added to the existing ccache.  If the caller only wishes to
-verify the password and will not be doing any other kerberos
-functions, then a NULL pointer may be specified, and the credentials
-will be deleted before the function returns.
-
-If ap_req_nofail is specified, then failures of the AP_REQ
-verification are considered errors if and only if ap_req_nofail is
-non-zero.
-
-Whether or not AP_REQ validation is performed and what failures mean
-depends on these inputs:
-
- A) The appropriate keytab exists and contains the named key.
-
- B) An AP_REQ request to the kdc succeeds, and the resulting AP_REQ
-can be decrypted and verified.
-
- C) The administrator has specified in a configuration file that
-AP_REQ validation must succeed.  This is basically a paranoid bit, and
-can be overridden by the application based on a command line flag or
-other application-specific info.  This flag is especially useful if
-the admin is concerned that DNS might be spoofed while determining the
-host/FQDN name.  The configuration variable [libdefaults]
-"verify_ap_req_nofail" is used if no value is passed in.  The library
-default is not to set this option.
-
-Initial ticket verification will succeed if and only if:
-
- - A && B    or
- - !A && !C
-
-================================================================
-
-For illustrative purposes, here's the invocations I expect some
-programs will use.  Of course, error checking needs to be added.
-
-kinit:
-
-    /* Fill in client from the command line || existing ccache, and,
-       start_time, and options.{tkt_life,renew_life,forwardable,proxiable}
-       from the command line.  Some or all may remain unset. */
-
-    krb5_get_init_creds(context, &creds, client,
-			krb5_initial_prompter_posix, NULL,
-			start_time, NULL, &options);
-    krb5_cc_store_cred(context, ccache, &creds);
-    krb5_free_cred_contents(context, &creds);
-
-login:
-
-    krb5_get_init_creds(context, &creds, client,
-			krb5_initial_prompter_posix, NULL,
-			0, NULL, NULL);
-    krb5_verify_init_creds(context, &creds, NULL, NULL, &vcc, NULL);
-    /* setuid */
-    krb5_cc_store_cred(context, ccache, &creds);
-    krb5_cc_copy(context, vcc, ccache);
-    krb5_free_cred_contents(context, &creds);
-    krb5_cc_destroy(context, vcc);
-
-xdm:
-
-    krb5_get_initial_creds(context, &creds, client,
-			   krb5_initial_prompter_xt, (void *) &xtstuff,
-			   0, NULL, NULL);
-    krb5_verify_init_creds(context, &creds, NULL, NULL, &vcc, NULL);
-    /* setuid */
-    krb5_cc_store_cred(context, ccache, &creds);
-    krb5_free_cred_contents(context, &creds);
-    krb5_cc_copy(context, vcc, ccache);
-    krb5_cc_destroy(context, vcc);
-
-passwd:
-
-    krb5_init_creds_opt_init(&options);
-    krb5_init_creds_opt_set_tkt_life = 300;
-    krb5_get_initial_creds(context, &creds, client,
-			   krb5_initial_prompter_posix, NULL,
-			   0, "kadmin/changepw", &options);
-    /* change password */
-    krb5_free_cred_contents(context, &creds);
-
-pop3d (simple password validator when no user interation possible):
-
-    krb5_get_initial_creds(context, &creds, client,
-			   NULL, NULL, 0, NULL, NULL);
-    krb5_verify_init_creds(context, &creds, NULL, NULL, &vcc, NULL);
-    krb5_cc_destroy(context, vcc);
-
-================================================================
-
-password expiration has a subtlety.  When a password expires and is
-changed, there is a delay between when the master gets the new key
-(immediately), and the slaves (propogation interval).  So, when
-getting an in_tkt, if the password is expired, the request should be
-reissued to the master (this kind of sucks if you have SAM, oh well).
-If this says expired, too, then the password should be changed, and
-then the initial ticket request should be issued to the master again.
-If the master times out, then a message that the password has expired
-and cannot be changed due to the master being unreachable should be
-displayed.
-
-================================================================
-
-get_init_creds reads config stuff from:
-
-[libdefaults]
-	varname1 = defvalue
-	REALM = {
-		varname1 = value
-		varname2 = value
-	}
-
-typedef struct _krb5_get_init_creds_opt {
-    krb5_flags flags;
-    krb5_deltat tkt_life;	/* varname = "ticket_lifetime" */
-    krb5_deltat renew_life;	/* varname = "renew_lifetime" */
-    int forwardable;		/* varname = "forwardable" */
-    int proxiable;		/* varname = "proxiable" */
-    krb5_enctype *etype_list;	/* varname = "default_tkt_enctypes" */
-    int etype_list_length;
-    krb5_address **address_list; /* no varname */
-    krb5_preauthtype *preauth_list; /* no varname */
-    int preauth_list_length;
-    krb5_data *salt;
-} krb5_get_init_creds_opt;
-
-
diff --git a/crypto/heimdal/doc/install.texi b/crypto/heimdal/doc/install.texi
deleted file mode 100644
index 3d4b78d1c4ea..000000000000
--- a/crypto/heimdal/doc/install.texi
+++ /dev/null
@@ -1,107 +0,0 @@
-@c $Id: install.texi 16768 2006-02-27 12:26:49Z joda $
-
-@node Building and Installing, Setting up a realm, What is Kerberos?, Top
-@comment  node-name,  next,  previous,  up
-@chapter Building and Installing
-
-Heimdal uses GNU Autoconf to configure for specific hosts, and GNU
-Automake to manage makefiles. If this is new to you, the short
-instruction is to run the @code{configure} script in the top level
-directory, and when that finishes @code{make}.
-
-If you want to build the distribution in a different directory from the
-source directory, you will need a make that implements VPATH correctly,
-such as GNU make.
-
-You will need to build the distribution:
-
-@itemize @bullet
-@item
-A compiler that supports a ``loose'' ANSI C mode, such as @code{gcc}.
-@item
-lex or flex
-@item
-awk
-@item
-yacc or bison
-@item
-a socket library
-@item
-NDBM or Berkeley DB for building the server side.
-@end itemize
-
-When everything is built, you can install by doing @kbd{make
-install}. The default location for installation is @file{/usr/heimdal},
-but this can be changed by running @code{configure} with
-@samp{--prefix=/some/other/place}.
-
-If you need to change the default behaviour, configure understands the
-following options:
-
-@table @asis
-@item @kbd{--without-berkeley-db}
-DB is preferred before NDBM, but if you for some reason want to use NDBM
-instead, you can use this option.
-
-@item @kbd{--with-krb4=@file{dir}}
-Gives the location of Kerberos 4 libraries and headers. This enables
-Kerberos 4 support in the applications (telnet, rsh, popper, etc) and
-the KDC. It is automatically found if present under
-@file{/usr/athena}.  If you keep libraries and headers in different
-places, you can instead give the path to each with the
-@kbd{--with-krb4-lib=@file{dir}}, and
-@kbd{--with-krb4-include=@file{dir}} options.
-
-You will need a fairly recent version of our Kerberos 4 distribution for
-@code{rshd} and @code{popper} to support version 4 clients.
-
-@item @kbd{--enable-dce}
-Enables support for getting DCE credentials and tokens.  See the README
-files in @file{appl/dceutils} for more information.
-
-@item @kbd{--disable-otp}
-By default some of the application programs will build with support for
-one-time passwords (OTP).  Use this option to disable that support.
-
-@item @kbd{--enable-osfc2}
-Enable some C2 support for OSF/Digital Unix/Tru64.  Use this option if
-you are running your OSF operating system in C2 mode.
-
-@item @kbd{--with-readline=@file{dir}}
-Gives the path for the GNU Readline library, which will be used in some
-programs. If no readline library is found, the (simpler) editline
-library will be used instead.
-
-@item @kbd{--with-hesiod=@file{dir}}
-Enables hesiod support in push.
-
-@item @kbd{--enable-netinfo}
-Add support for using netinfo to lookup configuration information.
-Probably only useful (and working) on NextStep/Mac OS X.
-
-@item @kbd{--without-ipv6}
-Disable the IPv6 support.
-
-@item @kbd{--with-openldap}
-Compile Heimdal with support for storing the database in LDAP.  Requires
-OpenLDAP @url{http://www.openldap.org}.  See
-@url{http://www.padl.com/Research/Heimdal.html} for more information.
-
-@item @kbd{--enable-bigendian}
-@item @kbd{--enable-littleendian}
-Normally, the build process will figure out by itself if the machine is
-big or little endian.  It might fail in some cases when
-cross-compiling.  If it does fail to figure it out, use the relevant of
-these two options.
-
-@item @kbd{--with-mips-abi=@var{abi}}
-On Irix there are three different ABIs that can be used (@samp{32},
-@samp{n32}, or @samp{64}).  This option allows you to override the
-automatic selection.
-
-@item @kbd{--disable-mmap}
-Do not use the mmap system call.  Normally, configure detects if there
-is a working mmap and it is only used if there is one.  Only try this
-option if it fails to work anyhow.
-
-@end table
diff --git a/crypto/heimdal/doc/intro.texi b/crypto/heimdal/doc/intro.texi
deleted file mode 100644
index e1a96e12057a..000000000000
--- a/crypto/heimdal/doc/intro.texi
+++ /dev/null
@@ -1,99 +0,0 @@
-@c $Id: intro.texi 22509 2008-01-23 18:28:01Z lha $
-
-@node Introduction, What is Kerberos?, Top, Top
-@c @node Introduction, What is Kerberos?, Top, Top
-@comment  node-name,  next,  previous,  up
-@chapter Introduction
-
-@heading What is Heimdal?
-
-Heimdal is a free implementation of Kerberos 5. The goals are to:
-
-@itemize @bullet
-@item
-have an implementation that can be freely used by anyone
-@item
-be protocol compatible with existing implementations and, if not in
-conflict, with RFC 4120 (and any future updated RFC). RFC 4120
-replaced RFC 1510.
-@item
-be reasonably compatible with the M.I.T Kerberos V5 API
-@item
-have support for Kerberos V5 over GSS-API (RFC1964)
-@item
-include the most important and useful application programs (rsh, telnet,
-popper, etc.)
-@item
-include enough backwards compatibility with Kerberos V4
-@end itemize
-
-@heading Status
-
-Heimdal has the following features (this does not mean any of this
-works):
-
-@itemize @bullet
-@item
-a stub generator and a library to encode/decode/whatever ASN.1/DER
-stuff
-@item
-a @code{libkrb5} library that should be possible to get to work with
-simple applications
-@item
-a GSS-API library
-@item
-@file{kinit}, @file{klist}, @file{kdestroy}
-@item
-@file{telnet}, @file{telnetd}
-@item
-@file{rsh}, @file{rshd}
-@item
-@file{popper}, @file{push} (a movemail equivalent)
-@item
-@file{ftp}, and @file{ftpd}
-@item
-a library @file{libkafs} for authenticating to AFS and a program
-@file{afslog} that uses it
-@item
-some simple test programs
-@item
-a KDC that supports most things; optionally, it may also support
-Kerberos V4 and kaserver,
-@item
-simple programs for distributing databases between a KDC master and
-slaves
-@item
-a password changing daemon @file{kpasswdd}, library functions for
-changing passwords and a simple client
-@item
-some kind of administration system
-@item
-Kerberos V4 support in many of the applications.
-@end itemize
-
-@heading Bug reports
-
-If you find bugs in this software, make sure it is a genuine bug and not
-just a part of the code that isn't implemented.
-
-Bug reports should be sent to @email{heimdal-bugs@@h5l.org}. Please
-include information on what machine and operating system (including
-version) you are running, what you are trying to do, what happens, what
-you think should have happened, an example for us to repeat, the output
-you get when trying the example, and a patch for the problem if you have
-one. Please make any patches with @code{diff -u} or @code{diff -c}.
-
-Suggestions, comments and other non bug reports are also welcome.
-
-@heading Mailing list
-
-There are two mailing lists with talk about
-Heimdal. @email{heimdal-announce@@sics.se} is a low-volume announcement
-list, while @email{heimdal-discuss@@sics.se} is for general discussion.
-Send a message to @email{majordomo@@sics.se} to subscribe.
-
-@heading Heimdal source code, binaries and the manual
-
-The source code for heimdal, links to binaries and the manual (this
-document) can be found on our web-page at
-@url{http://www.pdc.kth.se/heimdal/}.
diff --git a/crypto/heimdal/doc/kerberos4.texi b/crypto/heimdal/doc/kerberos4.texi
deleted file mode 100644
index fb490f372e86..000000000000
--- a/crypto/heimdal/doc/kerberos4.texi
+++ /dev/null
@@ -1,226 +0,0 @@
-@c $Id: kerberos4.texi 16370 2005-12-12 12:11:51Z lha $
-
-@node Kerberos 4 issues, Windows 2000 compatability, Things in search for a better place, Top
-@comment  node-name,  next,  previous,  up
-@chapter Kerberos 4 issues
-
-The KDC has built-in version 4 support. It is not enabled by default,
-see setup how to set it up.
-
-The KDC will also have kaserver emulation and be able to handle
-AFS-clients that use @code{klog}.
-
-@menu
-* Principal conversion issues::  
-* Converting a version 4 database::  
-* kaserver::
-@end menu
-
-@node Principal conversion issues, Converting a version 4 database, Kerberos 4 issues, Kerberos 4 issues
-@section Principal conversion issues
-
-First, Kerberos 4 and Kerberos 5 principals are different. A version 4
-principal consists of a name, an instance, and a realm. A version 5
-principal has one or more components, and a realm (the terms ``name''
-and ``instance'' are still used, for the first and second component,
-respectively).    Also, in some cases the name of a version 4 principal
-differs from the first component of the corresponding version 5
-principal. One notable example is the ``host'' type principals, where
-the version 4 name is @samp{rcmd} (for ``remote command''), and the
-version 5 name is @samp{host}. For the class of principals that has a
-hostname as instance, there is an other major difference, Kerberos 4
-uses only the first component of the hostname, whereas Kerberos 5 uses
-the fully qualified hostname.
-
-Because of this it can be hard or impossible to correctly convert a
-version 4 principal to a version 5 principal @footnote{the other way is
-not always trivial either, but usually easier}. The biggest problem is
-to know if the conversion resulted in a valid principal. To give an
-example, suppose you want to convert the principal @samp{rcmd.foo}.
-
-The @samp{rcmd} name suggests that the instance is a hostname (even if
-there are exceptions to this rule). To correctly convert the instance
-@samp{foo} to a hostname, you have to know which host it is referring
-to. You can to this by either guessing (from the realm) which domain
-name to append, or you have to have a list of possible hostnames. In the
-simplest cases you can cover most principals with the first rule. If you
-have several domains sharing a single realm this will not usually
-work. If the exceptions are few you can probably come by with a lookup
-table for the exceptions.
-
-In a complex scenario you will need some kind of host lookup mechanism.
-Using DNS for this is tempting, but DNS is error prone, slow and unsafe
-@footnote{at least until secure DNS is commonly available}.
-
-Fortunately, the KDC has a trump on hand: it can easily tell if a
-principal exists in the database. The KDC will use
-@code{krb5_425_conv_principal_ext} to convert principals when handling
-to version 4 requests.
-
-@node Converting a version 4 database, kaserver , Principal conversion issues, Kerberos 4 issues
-@section Converting a version 4 database
-
-If you want to convert an existing version 4 database, the principal
-conversion issue arises too.
-
-If you decide to convert your database once and for all, you will only
-have to do this conversion once. It is also possible to run a version 5
-KDC as a slave to a version 4 KDC. In this case this conversion will
-happen every time the database is propagated.  When doing this
-conversion, there are a few things to look out for. If you have stale
-entries in the database, these entries will not be converted. This might
-be because these principals are not used anymore, or it might be just
-because the principal couldn't be converted.
-
-You might also see problems with a many-to-one mapping of
-principals. For instance, if you are using DNS lookups and you have two
-principals @samp{rcmd.foo} and @samp{rcmd.bar}, where `foo' is a CNAME
-for `bar', the resulting principals will be the same. Since the
-conversion function can't tell which is correct, these conflicts will
-have to be resolved manually.
-
-@subsection Conversion example
-
-Given the following set of hosts and services:
-
-@example
-foo.se          rcmd
-mail.foo.se     rcmd, pop
-ftp.bar.se      rcmd, ftp
-@end example
-
-you have a database that consists of the following principals:
-
-@samp{rcmd.foo}, @samp{rcmd.mail}, @samp{pop.mail}, @samp{rcmd.ftp}, and
-@samp{ftp.ftp}.
-
-lets say you also got these extra principals: @samp{rcmd.gone},
-@samp{rcmd.old-mail}, where @samp{gone.foo.se} was a machine that has
-now passed away, and @samp{old-mail.foo.se} was an old mail machine that
-is now a CNAME for @samp{mail.foo.se}.
-
-When you convert this database you want the following conversions to be
-done:
-@example
-rcmd.foo         host/foo.se
-rcmd.mail        host/mail.foo.se
-pop.mail         pop/mail.foo.se
-rcmd.ftp         host/ftp.bar.se
-ftp.ftp          ftp/ftp.bar.se
-rcmd.gone        @i{removed}
-rcmd.old-mail    @i{removed}
-@end example
-
-A @file{krb5.conf} that does this looks like:
-
-@example
-[realms]
-        FOO.SE = @{
-                v4_name_convert = @{
-                        host = @{
-                                ftp = ftp
-                                pop = pop
-                                rcmd = host
-                        @}
-                @}
-                v4_instance_convert = @{
-                        foo = foo.se
-                        ftp = ftp.bar.se
-                @}
-                default_domain = foo.se
-        @}
-@end example
-
-The @samp{v4_name_convert} section says which names should be considered
-having an instance consisting of a hostname, and it also says how the
-names should be converted (for instance @samp{rcmd} should be converted
-to @samp{host}). The @samp{v4_instance_convert} section says how a
-hostname should be qualified (this is just a hosts-file in
-disguise). Host-instances that aren't covered by
-@samp{v4_instance_convert} are qualified by appending the contents of
-the @samp{default_domain}.
-
-Actually, this example doesn't work. Or rather, it works to well. Since
-it has no way of knowing which hostnames are valid and which are not, it
-will happily convert @samp{rcmd.gone} to @samp{host/gone.foo.se}. This
-isn't a big problem, but if you have run your kerberos realm for a few
-years, chances are big that you have quite a few `junk' principals.
-
-If you don't want this you can remove the @samp{default_domain}
-statement, but then you will have to add entries for @emph{all} your hosts
-in the @samp{v4_instance_convert} section.
-
-Instead of doing this you can use DNS to convert instances. This is not
-a solution without problems, but it is probably easier than adding lots
-of static host entries. 
-
-To enable DNS lookup you should turn on @samp{v4_instance_resolve} in
-the @samp{[libdefaults]} section.
-
-@subsection Converting a database
-
-The database conversion is done with @samp{hprop}. You can run this
-command to propagate the database to the machine called
-@samp{slave-server} (which should be running a @samp{hpropd}).
-
-@example
-hprop --source=krb4-db --master-key=/.m slave-server
-@end example
-
-This command can also be to use for converting the v4 database on the
-server:
-
-@example
-hprop -n --source=krb4-db -d /var/kerberos/principal --master-key=/.m | hpropd -n
-@end example
-
-@section Version 4 Kadmin
-
-@samp{kadmind} can act as a version 4 kadmind, and you can do most
-operations, but with some restrictions (since the version 4 kadmin
-protocol is, lets say, very ad hoc.) One example is that it only passes
-des keys when creating principals and changing passwords (modern kpasswd
-clients do send the password, so it's possible to to password quality
-checks). Because of this you can only create principals with des keys,
-and you can't set any flags or do any other fancy stuff.
-
-To get this to work, you have to add another entry to inetd (since
-version 4 uses port 751, not 749).
-
-@emph{And then there are a many more things you can do; more on this in
-a later version of this manual. Until then, UTSL.}
-
-@node kaserver, , Converting a version 4 database, Kerberos 4 issues
-@section kaserver
-
-@subsection kaserver emulation
-
-The Heimdal kdc can emulate a kaserver. The kaserver is a Kerberos 4
-server with pre-authentication using Rx as the on-wire protocol. The kdc
-contains a minimalistic Rx implementation.
-
-There are three parts of the kaserver; KAA (Authentication), KAT (Ticket
-Granting), and KAM (Maintenance). The KAA interface and KAT interface
-both passes over DES encrypted data-blobs (just like the
-Kerberos-protocol) and thus do not need any other protection.  The KAM
-interface uses @code{rxkad} (Kerberos authentication layer for Rx) for
-security and data protection, and is used for example for changing
-passwords.  This part is not implemented in the kdc.
-
-Another difference between the ka-protocol and the Kerberos 4 protocol
-is that the pass-phrase is salted with the cellname in the @code{string to
-key} function in the ka-protocol, while in the Kerberos 4 protocol there
-is no salting of the password at all. To make sure AFS-compatible keys
-are added to each principals when they are created or their password are
-changed, @samp{afs3-salt} should be added to
-@samp{[kadmin]default_keys}.
-
-@subsection Transarc AFS Windows client
-
-The Transarc Windows client uses Kerberos 4 to obtain tokens, and thus
-does not need a kaserver. The Windows client assumes that the Kerberos
-server is on the same machine as the AFS-database server. If you do not
-like to do that you can add a small program that runs on the database
-servers that forward all kerberos requests to the real kerberos
-server. A program that does this is @code{krb-forward}
-(@url{ftp://ftp.stacken.kth.se/pub/projekts/krb-forward}).
diff --git a/crypto/heimdal/doc/krb5.din b/crypto/heimdal/doc/krb5.din
deleted file mode 100644
index 2af99473ebb3..000000000000
--- a/crypto/heimdal/doc/krb5.din
+++ /dev/null
@@ -1,16 +0,0 @@
-# Doxyfile 1.5.3
-
-PROJECT_NAME           = Heimdal Kerberos 5 library
-PROJECT_NUMBER         = @PACKAGE_VERSION@
-OUTPUT_DIRECTORY       = @objdir@/krb5
-INPUT                  = @srcdir@/../lib/krb5
-
-WARN_IF_UNDOCUMENTED   = NO
-
-PERL_PATH              = /usr/bin/perl
-
-HTML_HEADER = "@srcdir@/header.html"
-HTML_FOOTER = "@srcdir@/footer.html"
-
-@INCLUDE = "@srcdir@/doxytmpl.dxy"
-
diff --git a/crypto/heimdal/doc/latin1.tex b/crypto/heimdal/doc/latin1.tex
deleted file mode 100644
index e683dd271dc1..000000000000
--- a/crypto/heimdal/doc/latin1.tex
+++ /dev/null
@@ -1,95 +0,0 @@
-% ISO Latin 1 (ISO 8859/1) encoding for Computer Modern fonts.
-% Jan Michael Rynning <jmr@nada.kth.se> 1990-10-12
-\def\inmathmode#1{\relax\ifmmode#1\else$#1$\fi}
-\global\catcode`\^^a0=\active \global\let^^a0=~		% no-break space
-\global\catcode`\^^a1=\active \global\def^^a1{!`}		% inverted exclamation mark
-\global\catcode`\^^a2=\active \global\def^^a2{{\rm\rlap/c}}	% cent sign
-\global\catcode`\^^a3=\active \global\def^^a3{{\it\$}}	% pound sign
-% currency sign, yen sign, broken bar
-\global\catcode`\^^a7=\active \global\let^^a7=\S		% section sign
-\global\catcode`\^^a8=\active \global\def^^a8{\"{}}		% diaeresis
-\global\catcode`\^^a9=\active \global\let^^a9=\copyright	% copyright sign
-% feminine ordinal indicator, left angle quotation mark
-\global\catcode`\^^ac=\active \global\def^^ac{\inmathmode\neg}% not sign
-\global\catcode`\^^ad=\active \global\let^^ad=\-		% soft hyphen
-% registered trade mark sign
-\global\catcode`\^^af=\active \global\def^^af{\={}}		% macron
-% ...
-\global\catcode`\^^b1=\active \global\def^^b1{\inmathmode\pm}	% plus minus
-\global\catcode`\^^b2=\active \global\def^^b2{\inmathmode{{^2}}}
-\global\catcode`\^^b3=\active \global\def^^b3{\inmathmode{{^3}}}
-\global\catcode`\^^b4=\active \global\def^^b4{\'{}}		% acute accent
-\global\catcode`\^^b5=\active \global\def^^b5{\inmathmode\mu}	% mu
-\global\catcode`\^^b6=\active \global\let^^b6=\P		% pilcroy
-\global\catcode`\^^b7=\active \global\def^^b7{\inmathmode{{\cdot}}}
-\global\catcode`\^^b8=\active \global\def^^b8{\c{}}		% cedilla
-\global\catcode`\^^b9=\active \global\def^^b9{\inmathmode{{^1}}}
-% ...
-\global\catcode`\^^bc=\active \global\def^^bc{\inmathmode{{1\over4}}}
-\global\catcode`\^^bd=\active \global\def^^bd{\inmathmode{{1\over2}}}
-\global\catcode`\^^be=\active \global\def^^be{\inmathmode{{3\over4}}}
-\global\catcode`\^^bf=\active \global\def^^bf{?`}		% inverted question mark
-\global\catcode`\^^c0=\active \global\def^^c0{\`A}
-\global\catcode`\^^c1=\active \global\def^^c1{\'A}
-\global\catcode`\^^c2=\active \global\def^^c2{\^A}
-\global\catcode`\^^c3=\active \global\def^^c3{\~A}
-\global\catcode`\^^c4=\active \global\def^^c4{\"A}		% capital a with diaeresis
-\global\catcode`\^^c5=\active \global\let^^c5=\AA		% capital a with ring above
-\global\catcode`\^^c6=\active \global\let^^c6=\AE
-\global\catcode`\^^c7=\active \global\def^^c7{\c C}
-\global\catcode`\^^c8=\active \global\def^^c8{\`E}
-\global\catcode`\^^c9=\active \global\def^^c9{\'E}
-\global\catcode`\^^ca=\active \global\def^^ca{\^E}
-\global\catcode`\^^cb=\active \global\def^^cb{\"E}
-\global\catcode`\^^cc=\active \global\def^^cc{\`I}
-\global\catcode`\^^cd=\active \global\def^^cd{\'I}
-\global\catcode`\^^ce=\active \global\def^^ce{\^I}
-\global\catcode`\^^cf=\active \global\def^^cf{\"I}
-% capital eth
-\global\catcode`\^^d1=\active \global\def^^d1{\~N}
-\global\catcode`\^^d2=\active \global\def^^d2{\`O}
-\global\catcode`\^^d3=\active \global\def^^d3{\'O}
-\global\catcode`\^^d4=\active \global\def^^d4{\^O}
-\global\catcode`\^^d5=\active \global\def^^d5{\~O}
-\global\catcode`\^^d6=\active \global\def^^d6{\"O}		% capital o with diaeresis
-\global\catcode`\^^d7=\active \global\def^^d7{\inmathmode\times}% multiplication sign
-\global\catcode`\^^d8=\active \global\let^^d8=\O
-\global\catcode`\^^d9=\active \global\def^^d9{\`U}
-\global\catcode`\^^da=\active \global\def^^da{\'U}
-\global\catcode`\^^db=\active \global\def^^db{\^U}
-\global\catcode`\^^dc=\active \global\def^^dc{\"U}
-\global\catcode`\^^dd=\active \global\def^^dd{\'Y}
-% capital thorn
-\global\catcode`\^^df=\active \global\def^^df{\ss}
-\global\catcode`\^^e0=\active \global\def^^e0{\`a}
-\global\catcode`\^^e1=\active \global\def^^e1{\'a}
-\global\catcode`\^^e2=\active \global\def^^e2{\^a}
-\global\catcode`\^^e3=\active \global\def^^e3{\~a}
-\global\catcode`\^^e4=\active \global\def^^e4{\"a}		% small a with diaeresis
-\global\catcode`\^^e5=\active \global\let^^e5=\aa		% small a with ring above
-\global\catcode`\^^e6=\active \global\let^^e6=\ae
-\global\catcode`\^^e7=\active \global\def^^e7{\c c}
-\global\catcode`\^^e8=\active \global\def^^e8{\`e}
-\global\catcode`\^^e9=\active \global\def^^e9{\'e}
-\global\catcode`\^^ea=\active \global\def^^ea{\^e}
-\global\catcode`\^^eb=\active \global\def^^eb{\"e}
-\global\catcode`\^^ec=\active \global\def^^ec{\`\i}
-\global\catcode`\^^ed=\active \global\def^^ed{\'\i}
-\global\catcode`\^^ee=\active \global\def^^ee{\^\i}
-\global\catcode`\^^ef=\active \global\def^^ef{\"\i}
-% small eth
-\global\catcode`\^^f1=\active \global\def^^f1{\~n}
-\global\catcode`\^^f2=\active \global\def^^f2{\`o}
-\global\catcode`\^^f3=\active \global\def^^f3{\'o}
-\global\catcode`\^^f4=\active \global\def^^f4{\^o}
-\global\catcode`\^^f5=\active \global\def^^f5{\~o}
-\global\catcode`\^^f6=\active \global\def^^f6{\"o}		% small o with diaeresis
-\global\catcode`\^^f7=\active \global\def^^f7{\inmathmode\div}% division sign
-\global\catcode`\^^f8=\active \global\let^^f8=\o
-\global\catcode`\^^f9=\active \global\def^^f9{\`u}
-\global\catcode`\^^fa=\active \global\def^^fa{\'u}
-\global\catcode`\^^fb=\active \global\def^^fb{\^u}
-\global\catcode`\^^fc=\active \global\def^^fc{\"u}
-\global\catcode`\^^fd=\active \global\def^^fd{\'y}
-% capital thorn
-\global\catcode`\^^ff=\active \global\def^^ff{\"y}
diff --git a/crypto/heimdal/doc/layman.asc b/crypto/heimdal/doc/layman.asc
deleted file mode 100644
index d4fbe64be99d..000000000000
--- a/crypto/heimdal/doc/layman.asc
+++ /dev/null
@@ -1,1855 +0,0 @@
-A Layman's Guide to a Subset of ASN.1, BER, and DER
-
-An RSA Laboratories Technical Note
-Burton S. Kaliski Jr.
-Revised November 1, 1993
-
-
-Supersedes June 3, 1991 version, which was also published as
-NIST/OSI Implementors' Workshop document SEC-SIG-91-17.
-PKCS documents are available by electronic mail to
-<pkcs@rsa.com>.
-
-Copyright (C) 1991-1993 RSA Laboratories, a division of RSA
-Data Security, Inc. License to copy this document is granted
-provided that it is identified as "RSA Data Security, Inc.
-Public-Key Cryptography Standards (PKCS)" in all material
-mentioning or referencing this document.
-003-903015-110-000-000
-
-
-Abstract. This note gives a layman's introduction to a
-subset of OSI's Abstract Syntax Notation One (ASN.1), Basic
-Encoding Rules (BER), and Distinguished Encoding Rules
-(DER). The particular purpose of this note is to provide
-background material sufficient for understanding and
-implementing the PKCS family of standards.
-
-
-1. Introduction
-
-It is a generally accepted design principle that abstraction
-is a key to managing software development. With abstraction,
-a designer can specify a part of a system without concern
-for how the part is actually implemented or represented.
-Such a practice leaves the implementation open; it
-simplifies the specification; and it makes it possible to
-state "axioms" about the part that can be proved when the
-part is implemented, and assumed when the part is employed
-in another, higher-level part. Abstraction is the hallmark
-of most modern software specifications.
-
-One of the most complex systems today, and one that also
-involves a great deal of abstraction, is Open Systems
-Interconnection (OSI, described in X.200). OSI is an
-internationally standardized architecture that governs the
-interconnection of computers from the physical layer up to
-the user application layer. Objects at higher layers are
-defined abstractly and intended to be implemented with
-objects at lower layers. For instance, a service at one
-layer may require transfer of certain abstract objects
-between computers; a lower layer may provide transfer
-services for strings of ones and zeroes, using encoding
-rules to transform the abstract objects into such strings.
-OSI is called an open system because it supports many
-different implementations of the services at each layer.
-
-OSI's method of specifying abstract objects is called ASN.1
-(Abstract Syntax Notation One, defined in X.208), and one
-set of rules for representing such objects as strings of
-ones and zeros is called the BER (Basic Encoding Rules,
-defined in X.209). ASN.1 is a flexible notation that allows
-one to define a variety data types, from simple types such
-as integers and bit strings to structured types such as sets
-and sequences, as well as complex types defined in terms of
-others. BER describes how to represent or encode values of
-each ASN.1 type as a string of eight-bit octets. There is
-generally more than one way to BER-encode a given value.
-Another set of rules, called the Distinguished Encoding
-Rules (DER), which is a subset of BER, gives a unique
-encoding to each ASN.1 value.
-
-The purpose of this note is to describe a subset of ASN.1,
-BER and DER sufficient to understand and implement one OSI-
-based application, RSA Data Security, Inc.'s Public-Key
-Cryptography Standards. The features described include an
-overview of ASN.1, BER, and DER and an abridged list of
-ASN.1 types and their BER and DER encodings. Sections 2-4
-give an overview of ASN.1, BER, and DER, in that order.
-Section 5 lists some ASN.1 types, giving their notation,
-specific encoding rules, examples, and comments about their
-application to PKCS. Section 6 concludes with an example,
-X.500 distinguished names.
-
-Advanced features of ASN.1, such as macros, are not
-described in this note, as they are not needed to implement
-PKCS. For information on the other features, and for more
-detail generally, the reader is referred to CCITT
-Recommendations X.208 and X.209, which define ASN.1 and BER.
-
-Terminology and notation. In this note, an octet is an eight-
-bit unsigned integer. Bit 8 of the octet is the most
-significant and bit 1 is the least significant.
-
-The following meta-syntax is used for in describing ASN.1
-notation:
-
-     BIT  monospace denotes literal characters in the type
-          and value notation; in examples, it generally
-          denotes an octet value in hexadecimal
-
-     n1   bold italics denotes a variable
-
-     []   bold square brackets indicate that a term is
-          optional
-
-     {}   bold braces group related terms
-
-     |    bold vertical bar delimits alternatives with a
-          group
-
-     ...  bold ellipsis indicates repeated occurrences
-
-     =    bold equals sign expresses terms as subterms
-
-
-2. Abstract Syntax Notation One
-
-Abstract Syntax Notation One, abbreviated ASN.1, is a
-notation for describing abstract types and values.
-
-In ASN.1, a type is a set of values. For some types, there
-are a finite number of values, and for other types there are
-an infinite number. A value of a given ASN.1 type is an
-element of the type's set. ASN.1 has four kinds of type:
-simple types, which are "atomic" and have no components;
-structured types, which have components; tagged types, which
-are derived from other types; and other types, which include
-the CHOICE type and the ANY type. Types and values can be
-given names with the ASN.1 assignment operator (::=) , and
-those names can be used in defining other types and values.
-
-Every ASN.1 type other than CHOICE and ANY has a tag, which
-consists of a class and a nonnegative tag number. ASN.1
-types are abstractly the same if and only if their tag
-numbers are the same. In other words, the name of an ASN.1
-type does not affect its abstract meaning, only the tag
-does. There are four classes of tag:
-
-     Universal, for types whose meaning is the same in all
-          applications; these types are only defined in
-          X.208.
-
-     Application, for types whose meaning is specific to an
-          application, such as X.500 directory services;
-          types in two different applications may have the
-          same application-specific tag and different
-          meanings.
-
-     Private, for types whose meaning is specific to a given
-          enterprise.
-
-     Context-specific, for types whose meaning is specific
-          to a given structured type; context-specific tags
-          are used to distinguish between component types
-          with the same underlying tag within the context of
-          a given structured type, and component types in
-          two different structured types may have the same
-          tag and different meanings.
-
-The types with universal tags are defined in X.208, which
-also gives the types' universal tag numbers. Types with
-other tags are defined in many places, and are always
-obtained by implicit or explicit tagging (see Section 2.3).
-Table 1 lists some ASN.1 types and their universal-class
-tags.
-
-    Type                     Tag number     Tag number
-                             (decimal)      (hexadecimal)
-    INTEGER                  2              02
-    BIT STRING               3              03
-    OCTET STRING             4              04
-    NULL                     5              05
-    OBJECT IDENTIFIER        6              06
-    SEQUENCE and SEQUENCE OF 16             10
-    SET and SET OF           17             11
-    PrintableString          19             13
-    T61String                20             14
-    IA5String                22             16
-    UTCTime                  23             17
-
-     Table 1. Some types and their universal-class tags.
-
-ASN.1 types and values are expressed in a flexible,
-programming-language-like notation, with the following
-special rules:
-
-     o    Layout is not significant; multiple spaces and
-          line breaks can be considered as a single space.
-
-     o    Comments are delimited by pairs of hyphens (--),
-          or a pair of hyphens and a line break.
-
-     o    Identifiers (names of values and fields) and type
-          references (names of types) consist of upper- and
-          lower-case letters, digits, hyphens, and spaces;
-          identifiers begin with lower-case letters; type
-          references begin with upper-case letters.
-
-The following four subsections give an overview of simple
-types, structured types, implicitly and explicitly tagged
-types, and other types. Section 5 describes specific types
-in more detail.
-
-
-2.1 Simple types
-
-Simple types are those not consisting of components; they
-are the "atomic" types. ASN.1 defines several; the types
-that are relevant to the PKCS standards are the following:
-
-     BIT STRING, an arbitrary string of bits (ones and
-          zeroes).
-
-     IA5String, an arbitrary string of IA5 (ASCII)
-          characters.
-
-     INTEGER, an arbitrary integer.
-
-     NULL, a null value.
-
-     OBJECT IDENTIFIER, an object identifier, which is a
-          sequence of integer components that identify an
-          object such as an algorithm or attribute type.
-
-     OCTET STRING, an arbitrary string of octets (eight-bit
-          values).
-
-     PrintableString, an arbitrary string of printable
-          characters.
-
-     T61String, an arbitrary string of T.61 (eight-bit)
-          characters.
-
-     UTCTime, a "coordinated universal time" or Greenwich
-          Mean Time (GMT) value.
-
-Simple types fall into two categories: string types and non-
-string types. BIT STRING, IA5String, OCTET STRING,
-PrintableString, T61String, and UTCTime are string types.
-
-String types can be viewed, for the purposes of encoding, as
-consisting of components, where the components are
-substrings. This view allows one to encode a value whose
-length is not known in advance (e.g., an octet string value
-input from a file stream) with a constructed, indefinite-
-length encoding (see Section 3).
-
-The string types can be given size constraints limiting the
-length of values.
-
-
-2.2 Structured types
-
-Structured types are those consisting of components. ASN.1
-defines four, all of which are relevant to the PKCS
-standards:
-
-     SEQUENCE, an ordered collection of one or more types.
-
-     SEQUENCE OF, an ordered collection of zero or more
-          occurrences of a given type.
-
-     SET, an unordered collection of one or more types.
-
-     SET OF, an unordered collection of zero or more
-          occurrences of a given type.
-
-The structured types can have optional components, possibly
-with default values.
-
-
-2.3 Implicitly and explicitly tagged types
-
-Tagging is useful to distinguish types within an
-application; it is also commonly used to distinguish
-component types within a structured type. For instance,
-optional components of a SET or SEQUENCE type are typically
-given distinct context-specific tags to avoid ambiguity.
-
-There are two ways to tag a type: implicitly and explicitly.
-
-Implicitly tagged types are derived from other types by
-changing the tag of the underlying type. Implicit tagging is
-denoted by the ASN.1 keywords [class number] IMPLICIT (see
-Section 5.1).
-
-Explicitly tagged types are derived from other types by
-adding an outer tag to the underlying type. In effect,
-explicitly tagged types are structured types consisting of
-one component, the underlying type. Explicit tagging is
-denoted by the ASN.1 keywords [class number] EXPLICIT (see
-Section 5.2).
-
-The keyword [class number] alone is the same as explicit
-tagging, except when the "module" in which the ASN.1 type is
-defined has implicit tagging by default. ("Modules" are
-among the advanced features not described in this note.)
-
-For purposes of encoding, an implicitly tagged type is
-considered the same as the underlying type, except that the
-tag is different. An explicitly tagged type is considered
-like a structured type with one component, the underlying
-type. Implicit tags result in shorter encodings, but
-explicit tags may be necessary to avoid ambiguity if the tag
-of the underlying type is indeterminate (e.g., the
-underlying type is CHOICE or ANY).
-
-
-2.4 Other types
-
-Other types in ASN.1 include the CHOICE and ANY types. The
-CHOICE type denotes a union of one or more alternatives; the
-ANY type denotes an arbitrary value of an arbitrary type,
-where the arbitrary type is possibly defined in the
-registration of an object identifier or integer value.
-
-
-3. Basic Encoding Rules
-
-The Basic Encoding Rules for ASN.1, abbreviated BER, give
-one or more ways to represent any ASN.1 value as an octet
-string. (There are certainly other ways to represent ASN.1
-values, but BER is the standard for interchanging such
-values in OSI.)
-
-There are three methods to encode an ASN.1 value under BER,
-the choice of which depends on the type of value and whether
-the length of the value is known. The three methods are
-primitive, definite-length encoding; constructed, definite-
-length encoding; and constructed, indefinite-length
-encoding. Simple non-string types employ the primitive,
-definite-length method; structured types employ either of
-the constructed methods; and simple string types employ any
-of the methods, depending on whether the length of the value
-is known. Types derived by implicit tagging employ the
-method of the underlying type and types derived by explicit
-tagging employ the constructed methods.
-
-In each method, the BER encoding has three or four parts:
-
-     Identifier octets. These identify the class and tag
-          number of the ASN.1 value, and indicate whether
-          the method is primitive or constructed.
-
-     Length octets. For the definite-length methods, these
-          give the number of contents octets. For the
-          constructed, indefinite-length method, these
-          indicate that the length is indefinite.
-
-     Contents octets. For the primitive, definite-length
-          method, these give a concrete representation of
-          the  value. For the constructed methods, these
-          give the concatenation of the BER encodings of the
-          components of the value.
-
-     End-of-contents octets. For the constructed, indefinite-
-          length method, these denote the end of the
-          contents. For the other methods, these are absent.
-
-The three methods of encoding are described in the following
-sections.
-
-
-3.1 Primitive, definite-length method
-
-This method applies to simple types and types derived from
-simple types by implicit tagging. It requires that the
-length of the value be known in advance. The parts of the
-BER encoding are as follows:
-
-Identifier octets. There are two forms: low tag number (for
-tag numbers between 0 and 30) and high tag number (for tag
-numbers 31 and greater).
-
-     Low-tag-number form. One octet. Bits 8 and 7 specify
-          the class (see Table 2), bit 6 has value "0,"
-          indicating that the encoding is primitive, and
-          bits 5-1 give the tag number.
-
-                  Class            Bit  Bit
-                                   8    7
-                  universal        0    0
-                  application      0    1
-                  context-specific 1    0
-                  private          1    1
-
-        Table 2. Class encoding in identifier octets.
-
-     High-tag-number form. Two or more octets. First octet
-          is as in low-tag-number form, except that bits 5-1
-          all have value "1." Second and following octets
-          give the tag number, base 128, most significant
-          digit first, with as few digits as possible, and
-          with the bit 8 of each octet except the last set
-          to "1."
-
-Length octets. There are two forms: short (for lengths
-between 0 and 127), and long definite (for lengths between 0
-and 21008-1).
-
-     Short form. One octet. Bit 8 has value "0" and bits 7-1
-          give the length.
-
-     Long form. Two to 127 octets. Bit 8 of first octet has
-          value "1" and bits 7-1 give the number of
-          additional length octets. Second and following
-          octets give the length, base 256, most significant
-          digit first.
-
-Contents octets. These give a concrete representation of the
-value (or the value of the underlying type, if the type is
-derived by implicit tagging). Details for particular types
-are given in Section 5.
-
-
-3.2 Constructed, definite-length method
-
-This method applies to simple string types, structured
-types, types derived simple string types and structured
-types by implicit tagging, and types derived from anything
-by explicit tagging. It requires that the length of the
-value be known in advance. The parts of the BER encoding are
-as follows:
-
-Identifier octets. As described in Section 3.1, except that
-bit 6 has value "1," indicating that the encoding is
-constructed.
-
-Length octets. As described in Section 3.1.
-
-Contents octets. The concatenation of the BER encodings of
-the components of the value:
-
-     o    For simple string types and types derived from
-          them by implicit tagging, the concatenation of the
-          BER encodings of consecutive substrings of the
-          value (underlying value for implicit tagging).
-
-     o    For structured types and types derived from them
-          by implicit tagging, the concatenation of the BER
-          encodings of components of the value (underlying
-          value for implicit tagging).
-
-     o    For types derived from anything by explicit
-          tagging, the BER encoding of the underlying value.
-
-Details for particular types are given in Section 5.
-
-
-3.3 Constructed, indefinite-length method
-
-This method applies to simple string types, structured
-types, types derived simple string types and structured
-types by implicit tagging, and types derived from anything
-by explicit tagging. It does not require that the length of
-the value be known in advance. The parts of the BER encoding
-are as follows:
-
-Identifier octets. As described in Section 3.2.
-
-Length octets. One octet, 80.
-
-Contents octets. As described in Section 3.2.
-
-End-of-contents octets. Two octets, 00 00.
-
-Since the end-of-contents octets appear where an ordinary
-BER encoding might be expected (e.g., in the contents octets
-of a sequence value), the 00 and 00 appear as identifier and
-length octets, respectively. Thus the end-of-contents octets
-is really the primitive, definite-length encoding of a value
-with universal class, tag number 0, and length 0.
-
-
-4. Distinguished Encoding Rules
-
-The Distinguished Encoding Rules for ASN.1, abbreviated DER,
-are a subset of BER, and give exactly one way to represent
-any ASN.1 value as an octet string. DER is intended for
-applications in which a unique octet string encoding is
-needed, as is the case when a digital signature is computed
-on an ASN.1 value. DER is defined in Section 8.7 of X.509.
-
-DER adds the following restrictions to the rules given in
-Section 3:
-
-     1.   When the length is between 0 and 127, the short
-          form of length must be used
-
-     2.   When the length is 128 or greater, the long form
-          of length must be used, and the length must be
-          encoded in the minimum number of octets.
-
-     3.   For simple string types and implicitly tagged
-          types derived from simple string types, the
-          primitive, definite-length method must be
-          employed.
-
-     4.   For structured types, implicitly tagged types
-          derived from structured types, and explicitly
-          tagged types derived from anything, the
-          constructed, definite-length method must be
-          employed.
-
-Other restrictions are defined for particular types (such as
-BIT STRING, SEQUENCE, SET, and SET OF), and can be found in
-Section 5.
-
-
-5. Notation and encodings for some types
-
-This section gives the notation for some ASN.1 types and
-describes how to encode values of those types under both BER
-and DER.
-
-The types described are those presented in Section 2. They
-are listed alphabetically here.
-
-Each description includes ASN.1 notation, BER encoding, and
-DER encoding. The focus of the encodings is primarily on the
-contents octets; the tag and length octets follow Sections 3
-and 4. The descriptions also explain where each type is used
-in PKCS and related standards. ASN.1 notation is generally
-only for types, although for the type OBJECT IDENTIFIER,
-value notation is given as well.
-
-
-5.1 Implicitly tagged types
-
-An implicitly tagged type is a type derived from another
-type by changing the tag of the underlying type.
-
-Implicit tagging is used for optional SEQUENCE components
-with underlying type other than ANY throughout PKCS, and for
-the extendedCertificate alternative of PKCS #7's
-ExtendedCertificateOrCertificate type.
-
-ASN.1 notation:
-
-[[class] number] IMPLICIT Type
-
-class = UNIVERSAL  |  APPLICATION  |  PRIVATE
-
-where Type is a type, class is an optional class name, and
-number is the tag number within the class, a nonnegative
-integer.
-
-In ASN.1 "modules" whose default tagging method is implicit
-tagging, the notation [[class] number] Type is also
-acceptable, and the keyword IMPLICIT is implied. (See
-Section 2.3.) For definitions stated outside a module, the
-explicit inclusion of the keyword IMPLICIT is preferable to
-prevent ambiguity.
-
-If the class name is absent, then the tag is context-
-specific. Context-specific tags can only appear in a
-component of a structured or CHOICE type.
-
-Example: PKCS #8's PrivateKeyInfo type has an optional
-attributes component with an implicit, context-specific tag:
-
-PrivateKeyInfo ::= SEQUENCE {
-  version Version,
-  privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
-  privateKey PrivateKey,
-  attributes [0] IMPLICIT Attributes OPTIONAL }
-
-Here the underlying type is Attributes, the class is absent
-(i.e., context-specific), and the tag number within the
-class is 0.
-
-BER encoding. Primitive or constructed, depending on the
-underlying type. Contents octets are as for the BER encoding
-of the underlying value.
-
-Example: The BER encoding of the attributes component of a
-PrivateKeyInfo value is as follows:
-
-     o    the identifier octets are 80 if the underlying
-          Attributes value has a primitive BER encoding and
-          a0 if the underlying Attributes value has a
-          constructed BER encoding
-
-     o    the length and contents octets are the same as the
-          length and contents octets of the BER encoding of
-          the underlying Attributes value
-
-DER encoding. Primitive or constructed, depending on the
-underlying type. Contents octets are as for the DER encoding
-of the underlying value.
-
-
-5.2 Explicitly tagged types
-
-Explicit tagging denotes a type derived from another type by
-adding an outer tag to the underlying type.
-
-Explicit tagging is used for optional SEQUENCE components
-with underlying type ANY throughout PKCS, and for the
-version component of X.509's Certificate type.
-
-ASN.1 notation:
-
-[[class] number] EXPLICIT Type
-
-class = UNIVERSAL  |  APPLICATION  |  PRIVATE
-
-where Type is a type, class is an optional class name, and
-number is the tag number within the class, a nonnegative
-integer.
-
-If the class name is absent, then the tag is context-
-specific. Context-specific tags can only appear in a
-component of a SEQUENCE, SET or CHOICE type.
-
-In ASN.1 "modules" whose default tagging method is explicit
-tagging, the notation [[class] number] Type is also
-acceptable, and the keyword EXPLICIT is implied. (See
-Section 2.3.) For definitions stated outside a module, the
-explicit inclusion of the keyword EXPLICIT is preferable to
-prevent ambiguity.
-
-Example 1: PKCS #7's ContentInfo type has an optional
-content component with an explicit, context-specific tag:
-
-ContentInfo ::= SEQUENCE {
-  contentType ContentType,
-  content
-    [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL }
-
-Here the underlying type is ANY DEFINED BY contentType, the
-class is absent (i.e., context-specific), and the tag number
-within the class is 0.
-
-Example 2: X.509's Certificate type has a version component
-with an explicit, context-specific tag, where the EXPLICIT
-keyword is omitted:
-
-Certificate ::= ...
-  version [0] Version DEFAULT v1988,
-...
-
-The tag is explicit because the default tagging method for
-the ASN.1 "module" in X.509 that defines the Certificate
-type is explicit tagging.
-
-BER encoding. Constructed. Contents octets are the BER
-encoding of the underlying value.
-
-Example: the BER encoding of the content component of a
-ContentInfo value is as follows:
-
-     o    identifier octets are a0
-
-     o    length octets represent the length of the BER
-          encoding of the underlying ANY DEFINED BY
-          contentType value
-
-     o    contents octets are the BER encoding of the
-          underlying ANY DEFINED BY contentType value
-
-DER encoding. Constructed. Contents octets are the DER
-encoding of the underlying value.
-
-
-5.3 ANY
-
-The ANY type denotes an arbitrary value of an arbitrary
-type, where the arbitrary type is possibly defined in the
-registration of an object identifier or associated with an
-integer index.
-
-The ANY type is used for content of a particular content
-type in PKCS #7's ContentInfo type, for parameters of a
-particular algorithm in X.509's AlgorithmIdentifier type,
-and for attribute values in X.501's Attribute and
-AttributeValueAssertion types. The Attribute type is used by
-PKCS #6, #7, #8, #9 and #10, and the AttributeValueAssertion
-type is used in X.501 distinguished names.
-
-ASN.1 notation:
-
-ANY [DEFINED BY identifier]
-
-where identifier is an optional identifier.
-
-In the ANY form, the actual type is indeterminate.
-
-The ANY DEFINED BY identifier form can only appear in a
-component of a SEQUENCE or SET type for which identifier
-identifies some other component, and that other component
-has type INTEGER or OBJECT IDENTIFIER (or a type derived
-from either of those by tagging). In that form, the actual
-type is determined by the value of the other component,
-either in the registration of the object identifier value,
-or in a table of integer values.
-
-Example: X.509's AlgorithmIdentifier type has a component of
-type ANY:
-
-AlgorithmIdentifier ::= SEQUENCE {
-  algorithm OBJECT IDENTIFIER,
-  parameters ANY DEFINED BY algorithm OPTIONAL }
-
-Here the actual type of the parameter component depends on
-the value of the algorithm component. The actual type would
-be defined in the registration of object identifier values
-for the algorithm component.
-
-BER encoding. Same as the BER encoding of the actual value.
-
-Example: The BER encoding of the value of the parameter
-component is the BER encoding of the value of the actual
-type as defined in the registration of object identifier
-values for the algorithm component.
-
-DER encoding. Same as the DER encoding of the actual value.
-
-
-5.4 BIT STRING
-
-The BIT STRING type denotes an arbitrary string of bits
-(ones and zeroes). A BIT STRING value can have any length,
-including zero. This type is a string type.
-
-The BIT STRING type is used for digital signatures on
-extended certificates in PKCS #6's ExtendedCertificate type,
-for digital signatures on certificates in X.509's
-Certificate type, and for public keys in certificates in
-X.509's SubjectPublicKeyInfo type.
-
-ASN.1 notation:
-
-BIT STRING
-
-Example: X.509's SubjectPublicKeyInfo type has a component
-of type BIT STRING:
-
-SubjectPublicKeyInfo ::= SEQUENCE {
-  algorithm AlgorithmIdentifier,
-  publicKey BIT STRING }
-
-BER encoding. Primitive or constructed. In a primitive
-encoding, the first contents octet gives the number of bits
-by which the length of the bit string is less than the next
-multiple of eight (this is called the "number of unused
-bits"). The second and following contents octets give the
-value of the bit string, converted to an octet string. The
-conversion process is as follows:
-
-     1.   The bit string is padded after the last bit with
-          zero to seven bits of any value to make the length
-          of the bit string a multiple of eight. If the
-          length of the bit string is a multiple of eight
-          already, no padding is done.
-
-     2.   The padded bit string is divided into octets. The
-          first eight bits of the padded bit string become
-          the first octet, bit 8 to bit 1, and so on through
-          the last eight bits of the padded bit string.
-
-In a constructed encoding, the contents octets give the
-concatenation of the BER encodings of consecutive substrings
-of the bit string, where each substring except the last has
-a length that is a multiple of eight bits.
-
-Example: The BER encoding of the BIT STRING value
-"011011100101110111" can be any of the following, among
-others, depending on the choice of padding bits, the form of
-length octets, and whether the encoding is primitive or
-constructed:
-
-03 04 06 6e 5d c0                               DER encoding
-
-03 04 06 6e 5d e0                       padded with "100000"
-
-03 81 04 06 6e 5d c0              long form of length octets
-
-23 09        constructed encoding: "0110111001011101" + "11"
-   03 03 00 6e 5d
-   03 02 06 c0
-
-DER encoding. Primitive. The contents octects are as for a
-primitive BER encoding, except that the bit string is padded
-with zero-valued bits.
-
-Example: The DER encoding of the BIT STRING value
-"011011100101110111" is
-
-03 04 06 6e 5d c0
-
-
-5.5 CHOICE
-
-The CHOICE type denotes a union of one or more alternatives.
-
-The CHOICE type is used to represent the union of an
-extended certificate and an X.509 certificate in PKCS #7's
-ExtendedCertificateOrCertificate type.
-
-ASN.1 notation:
-
-CHOICE {
-  [identifier1] Type1,
-  ...,
-  [identifiern] Typen }
-
-where identifier1 , ..., identifiern are optional, distinct
-identifiers for the alternatives, and Type1, ..., Typen are
-the types of the alternatives. The identifiers are primarily
-for documentation; they do not affect values of the type or
-their encodings in any way.
-
-The types must have distinct tags. This requirement is
-typically satisfied with explicit or implicit tagging on
-some of the alternatives.
-
-Example: PKCS #7's ExtendedCertificateOrCertificate type is
-a CHOICE type:
-
-ExtendedCertificateOrCertificate ::= CHOICE {
-  certificate Certificate, -- X.509
-  extendedCertificate [0] IMPLICIT ExtendedCertificate
-}
-
-Here the identifiers for the alternatives are certificate
-and extendedCertificate, and the types of the alternatives
-are Certificate and [0] IMPLICIT ExtendedCertificate.
-
-BER encoding. Same as the BER encoding of the chosen
-alternative. The fact that the alternatives have distinct
-tags makes it possible to distinguish between their BER
-encodings.
-
-Example: The identifier octets for the BER encoding are 30
-if the chosen alternative is certificate, and a0 if the
-chosen alternative is extendedCertificate.
-
-DER encoding. Same as the DER encoding of the chosen
-alternative.
-
-
-5.6 IA5String
-
-The IA5String type denotes an arbtrary string of IA5
-characters. IA5 stands for International Alphabet 5, which
-is the same as ASCII. The character set includes non-
-printing control characters. An IA5String value can have any
-length, including zero. This type is a string type.
-
-The IA5String type is used in PKCS #9's electronic-mail
-address, unstructured-name, and unstructured-address
-attributes.
-
-ASN.1 notation:
-
-IA5String
-
-BER encoding. Primitive or constructed. In a primitive
-encoding, the contents octets give the characters in the IA5
-string, encoded in ASCII. In a constructed encoding, the
-contents octets give the concatenation of the BER encodings
-of consecutive substrings of the IA5 string.
-
-Example: The BER encoding of the IA5String value
-"test1@rsa.com" can be any of the following, among others,
-depending on the form of length octets and whether the
-encoding is primitive or constructed:
-
-16 0d 74 65 73 74 31 40 72 73 61 2e 63 6f 6d DER encoding
-
-16 81 0d                       long form of length octets
-   74 65 73 74 31 40 72 73 61 2e 63 6f 6d
-
-36 13     constructed encoding: "test1" + "@" + "rsa.com"
-   16 05 74 65 73 74 31
-   16 01 40
-   16 07 72 73 61 2e 63 6f 6d
-
-DER encoding. Primitive. Contents octets are as for a
-primitive BER encoding.
-
-Example: The DER encoding of the IA5String value
-"test1@rsa.com" is
-
-16 0d 74 65 73 74 31 40 72 73 61 2e 63 6f 6d
-
-
-5.7 INTEGER
-
-The INTEGER type denotes an arbitrary integer. INTEGER
-values can be positive, negative, or zero, and can have any
-magnitude.
-
-The INTEGER type is used for version numbers throughout
-PKCS, cryptographic values such as modulus, exponent, and
-primes in PKCS #1's RSAPublicKey and RSAPrivateKey types and
-PKCS #3's DHParameter type, a message-digest iteration count
-in PKCS #5's PBEParameter type, and version numbers and
-serial numbers in X.509's Certificate type.
-
-ASN.1 notation:
-
-INTEGER [{ identifier1(value1) ... identifiern(valuen) }]
-
-where identifier1, ..., identifiern are optional distinct
-identifiers and value1, ..., valuen are optional integer
-values. The identifiers, when present, are associated with
-values of the type.
-
-Example: X.509's Version type is an INTEGER type with
-identified values:
-
-Version ::= INTEGER { v1988(0) }
-
-The identifier v1988 is associated with the value 0. X.509's
-Certificate type uses the identifier v1988 to give a default
-value of 0 for the version component:
-
-Certificate ::= ...
-  version Version DEFAULT v1988,
-...
-
-BER encoding. Primitive. Contents octets give the value of
-the integer, base 256, in two's complement form, most
-significant digit first, with the minimum number of octets.
-The value 0 is encoded as a single 00 octet.
-
-Some example BER encodings (which also happen to be DER
-encodings) are given in Table 3.
-
-                    Integer   BER encoding
-                    value
-                    0         02 01 00
-                    127       02 01 7F
-                    128       02 02 00 80
-                    256       02 02 01 00
-                    -128      02 01 80
-                    -129      02 02 FF 7F
-
-      Table 3. Example BER encodings of INTEGER values.
-
-DER encoding. Primitive. Contents octets are as for a
-primitive BER encoding.
-
-
-5.8 NULL
-
-The NULL type denotes a null value.
-
-The NULL type is used for algorithm parameters in several
-places in PKCS.
-
-ASN.1 notation:
-
-NULL
-
-BER encoding. Primitive. Contents octets are empty.
-
-Example: The BER encoding of a NULL value can be either of
-the following, as well as others, depending on the form of
-the length octets:
-
-05 00
-
-05 81 00
-
-DER encoding. Primitive. Contents octets are empty; the DER
-encoding of a NULL value is always 05 00.
-
-
-5.9 OBJECT IDENTIFIER
-
-The OBJECT IDENTIFIER type denotes an object identifier, a
-sequence of integer components that identifies an object
-such as an algorithm, an attribute type, or perhaps a
-registration authority that defines other object
-identifiers. An OBJECT IDENTIFIER value can have any number
-of components, and components can generally have any
-nonnegative value. This type is a non-string type.
-
-OBJECT IDENTIFIER values are given meanings by registration
-authorities. Each registration authority is responsible for
-all sequences of components beginning with a given sequence.
-A registration authority typically delegates responsibility
-for subsets of the sequences in its domain to other
-registration authorities, or for particular types of object.
-There are always at least two components.
-
-The OBJECT IDENTIFIER type is used to identify content in
-PKCS #7's ContentInfo type, to identify algorithms in
-X.509's AlgorithmIdentifier type, and to identify attributes
-in X.501's Attribute and AttributeValueAssertion types. The
-Attribute type is used by PKCS #6, #7, #8, #9, and #10, and
-the AttributeValueAssertion type is used in X.501
-distinguished names. OBJECT IDENTIFIER values are defined
-throughout PKCS.
-
-ASN.1 notation:
-
-OBJECT IDENTIFIER
-
-The ASN.1 notation for values of the OBJECT IDENTIFIER type
-is
-
-{ [identifier] component1 ... componentn }
-
-componenti = identifieri | identifieri (valuei) | valuei
-
-where identifier, identifier1, ..., identifiern are
-identifiers, and value1, ..., valuen are optional integer
-values.
-
-The form without identifier is the "complete" value with all
-its components; the form with identifier abbreviates the
-beginning components with another object identifier value.
-The identifiers identifier1, ..., identifiern are intended
-primarily for documentation, but they must correspond to the
-integer value when both are present. These identifiers can
-appear without integer values only if they are among a small
-set of identifiers defined in X.208.
-
-Example: The following values both refer to the object
-identifier assigned to RSA Data Security, Inc.:
-
-{ iso(1) member-body(2) 840 113549 }
-{ 1 2 840 113549 }
-
-(In this example, which gives ASN.1 value notation, the
-object identifier values are decimal, not hexadecimal.)
-Table 4 gives some other object identifier values and their
-meanings.
-
- Object identifier value       Meaning
- { 1 2 }                       ISO member bodies
- { 1 2 840 }                   US (ANSI)
- { 1 2 840 113549 }            RSA Data Security, Inc.
- { 1 2 840 113549 1 }          RSA Data Security, Inc. PKCS
- { 2 5 }                       directory services (X.500)
- { 2 5 8 }                     directory services-algorithms
-
- Table 4. Some object identifier values and their meanings.
-
-BER encoding. Primitive. Contents octets are as follows,
-where value1, ..., valuen denote the integer values of the
-components in the complete object identifier:
-
-     1.   The first octet has value 40 * value1 + value2.
-          (This is unambiguous, since value1 is limited to
-          values 0, 1, and 2; value2 is limited to the range
-          0 to 39 when value1 is 0 or 1; and, according to
-          X.208, n is always at least 2.)
-
-     2.   The following octets, if any, encode value3, ...,
-          valuen. Each value is encoded base 128, most
-          significant digit first, with as few digits as
-          possible, and the most significant bit of each
-          octet except the last in the value's encoding set
-          to "1."
-
-Example: The first octet of the BER encoding of RSA Data
-Security, Inc.'s object identifier is 40 * 1 + 2 = 42 =
-2a16. The encoding of 840 = 6 * 128 + 4816 is 86 48 and the
-encoding of 113549 = 6 * 1282 + 7716 * 128 + d16 is 86 f7
-0d. This leads to the following BER encoding:
-
-06 06 2a 86 48 86 f7 0d
-
-DER encoding. Primitive. Contents octets are as for a
-primitive BER encoding.
-
-
-5.10 OCTET STRING
-
-The OCTET STRING type denotes an arbitrary string of octets
-(eight-bit values). An OCTET STRING value can have any
-length, including zero. This type is a string type.
-
-The OCTET STRING type is used for salt values in PKCS #5's
-PBEParameter type, for message digests, encrypted message
-digests, and encrypted content in PKCS #7, and for private
-keys and encrypted private keys in PKCS #8.
-
-ASN.1 notation:
-
-OCTET STRING [SIZE ({size | size1..size2})]
-
-where size, size1, and size2 are optional size constraints.
-In the OCTET STRING SIZE (size) form, the octet string must
-have size octets. In the OCTET STRING SIZE (size1..size2)
-form, the octet string must have between size1 and size2
-octets. In the OCTET STRING form, the octet string can have
-any size.
-
-Example: PKCS #5's PBEParameter type has a component of type
-OCTET STRING:
-
-PBEParameter ::= SEQUENCE {
-  salt OCTET STRING SIZE(8),
-  iterationCount INTEGER }
-
-Here the size of the salt component is always eight octets.
-
-BER encoding. Primitive or constructed. In a primitive
-encoding, the contents octets give the value of the octet
-string, first octet to last octet. In a constructed
-encoding, the contents octets give the concatenation of the
-BER encodings of substrings of the OCTET STRING value.
-
-Example: The BER encoding of the OCTET STRING value 01 23 45
-67 89 ab cd ef can be any of the following, among others,
-depending on the form of length octets and whether the
-encoding is primitive or constructed:
-
-04 08 01 23 45 67 89 ab cd ef                   DER encoding
-
-04 81 08 01 23 45 67 89 ab cd ef  long form of length octets
-
-24 0c            constructed encoding: 01 ... 67 + 89 ... ef
-   04 04 01 23 45 67
-   04 04 89 ab cd ef
-
-DER encoding. Primitive. Contents octets are as for a
-primitive BER encoding.
-
-Example: The BER encoding of the OCTET STRING value 01 23 45
-67 89 ab cd ef is
-
-04 08 01 23 45 67 89 ab cd ef
-
-
-5.11 PrintableString
-
-The PrintableString type denotes an arbitrary string of
-printable characters from the following character set:
-
-                         A, B, ..., Z
-                         a, b, ..., z
-                         0, 1, ..., 9
-               (space) ' ( ) + , - . / : = ?
-
-This type is a string type.
-
-The PrintableString type is used in PKCS #9's challenge-
-password and unstructuerd-address attributes, and in several
-X.521 distinguished names attributes.
-
-ASN.1 notation:
-
-PrintableString
-
-BER encoding. Primitive or constructed. In a primitive
-encoding, the contents octets give the characters in the
-printable string, encoded in ASCII. In a constructed
-encoding, the contents octets give the concatenation of the
-BER encodings of consecutive substrings of the string.
-
-Example: The BER encoding of the PrintableString value "Test
-User 1" can be any of the following, among others, depending
-on the form of length octets and whether the encoding is
-primitive or constructed:
-
-13 0b 54 65 73 74 20 55 73 65 72 20 31          DER encoding
-
-13 81 0b                          long form of length octets
-   54 65 73 74 20 55 73 65 72 20 31
-
-33 0f               constructed encoding: "Test " + "User 1"
-   13 05 54 65 73 74 20
-   13 06 55 73 65 72 20 31
-
-DER encoding. Primitive. Contents octets are as for a
-primitive BER encoding.
-
-Example: The DER encoding of the PrintableString value "Test
-User 1" is
-
-13 0b 54 65 73 74 20 55 73 65 72 20 31
-
-
-5.12 SEQUENCE
-
-The SEQUENCE type denotes an ordered collection of one or
-more types.
-
-The SEQUENCE type is used throughout PKCS and related
-standards.
-
-ASN.1 notation:
-
-SEQUENCE {
-  [identifier1] Type1 [{OPTIONAL | DEFAULT value1}],
-  ...,
-  [identifiern] Typen [{OPTIONAL | DEFAULT valuen}]}
-
-where identifier1 , ..., identifiern are optional, distinct
-identifiers for the components, Type1, ..., Typen are the
-types of the components, and value1, ..., valuen are optional
-default values for the components. The identifiers are
-primarily for documentation; they do not affect values of
-the type or their encodings in any way.
-
-The OPTIONAL qualifier indicates that the value of a
-component is optional and need not be present in the
-sequence. The DEFAULT qualifier also indicates that the
-value of a component is optional, and assigns a default
-value to the component when the component is absent.
-
-The types of any consecutive series of components with the
-OPTIONAL or DEFAULT qualifier, as well as of any component
-immediately following that series, must have distinct tags.
-This requirement is typically satisfied with explicit or
-implicit tagging on some of the components.
-
-Example: X.509's Validity type is a SEQUENCE type with two
-components:
-
-Validity ::= SEQUENCE {
-  start UTCTime,
-  end UTCTime }
-
-Here the identifiers for the components are start and end,
-and the types of the components are both UTCTime.
-
-BER encoding. Constructed. Contents octets are the
-concatenation of the BER encodings of the values of the
-components of the sequence, in order of definition, with the
-following rules for components with the OPTIONAL and DEFAULT
-qualifiers:
-
-     o    if the value of a component with the OPTIONAL or
-          DEFAULT qualifier is absent from the sequence,
-          then the encoding of that component is not
-          included in the contents octets
-
-     o    if the value of a component with the DEFAULT
-          qualifier is the default value, then the encoding
-          of that component may or may not be included in
-          the contents octets
-
-DER encoding. Constructed. Contents octets are the same as
-the BER encoding, except that if the value of a component
-with the DEFAULT qualifier is the default value, the
-encoding of that component is not included in the contents
-octets.
-
-
-5.13 SEQUENCE OF
-
-The SEQUENCE OF type denotes an ordered collection of zero
-or more occurrences of a given type.
-
-The SEQUENCE OF type is used in X.501 distinguished names.
-
-ASN.1 notation:
-
-SEQUENCE OF Type
-
-where Type is a type.
-
-Example: X.501's RDNSequence type consists of zero or more
-occurences of the RelativeDistinguishedName type, most
-significant occurrence first:
-
-RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
-
-BER encoding. Constructed. Contents octets are the
-concatenation of the BER encodings of the values of the
-occurrences in the collection, in order of occurence.
-
-DER encoding. Constructed. Contents octets are the
-concatenation of the DER encodings of the values of the
-occurrences in the collection, in order of occurence.
-
-
-5.14 SET
-
-The SET type denotes an unordered collection of one or more
-types.
-
-The SET type is not used in PKCS.
-
-ASN.1 notation:
-
-SET {
-  [identifier1] Type1 [{OPTIONAL | DEFAULT value1}],
-  ...,
-  [identifiern] Typen [{OPTIONAL | DEFAULT valuen}]}
-
-where identifier1, ..., identifiern are optional, distinct
-identifiers for the components, Type1, ..., Typen are the
-types of the components, and value1, ..., valuen are
-optional default values for the components. The identifiers
-are primarily for documentation; they do not affect values
-of the type or their encodings in any way.
-
-The OPTIONAL qualifier indicates that the value of a
-component is optional and need not be present in the set.
-The DEFAULT qualifier also indicates that the value of a
-component is optional, and assigns a default value to the
-component when the component is absent.
-
-The types must have distinct tags. This requirement is
-typically satisfied with explicit or implicit tagging on
-some of the components.
-
-BER encoding. Constructed. Contents octets are the
-concatenation of the BER encodings of the values of the
-components of the set, in any order, with the following
-rules for components with the OPTIONAL and DEFAULT
-qualifiers:
-
-     o    if the value of a component with the OPTIONAL or
-          DEFAULT qualifier is absent from the set, then the
-          encoding of that component is not included in the
-          contents octets
-
-     o    if the value of a component with the DEFAULT
-          qualifier is the default value, then the encoding
-          of that component may or may not be included in
-          the contents octets
-
-DER encoding. Constructed. Contents octets are the same as
-for the BER encoding, except that:
-
-     1.   If the value of a component with the DEFAULT
-          qualifier is the default value, the encoding of
-          that component is not included.
-
-     2.   There is an order to the components, namely
-          ascending order by tag.
-
-
-5.15 SET OF
-
-The SET OF type denotes an unordered collection of zero or
-more occurrences of a given type.
-
-The SET OF type is used for sets of attributes in PKCS #6,
-#7, #8, #9 and #10, for sets of message-digest algorithm
-identifiers, signer information, and recipient information
-in PKCS #7, and in X.501 distinguished names.
-
-ASN.1 notation:
-
-SET OF Type
-
-where Type is a type.
-
-Example: X.501's RelativeDistinguishedName type consists of
-zero or more occurrences of the AttributeValueAssertion
-type, where the order is unimportant:
-
-RelativeDistinguishedName ::=
-  SET OF AttributeValueAssertion
-
-BER encoding. Constructed. Contents octets are the
-concatenation of the BER encodings of the values of the
-occurrences in the collection, in any order.
-
-DER encoding. Constructed. Contents octets are the same as
-for the BER encoding, except that there is an order, namely
-ascending lexicographic order of BER encoding. Lexicographic
-comparison of two different BER encodings is done as
-follows: Logically pad the shorter BER encoding after the
-last octet with dummy octets that are smaller in value than
-any normal octet. Scan the BER encodings from left to right
-until a difference is found. The smaller-valued BER encoding
-is the one with the smaller-valued octet at the point of
-difference.
-
-
-5.16 T61String
-
-The T61String type denotes an arbtrary string of T.61
-characters. T.61 is an eight-bit extension to the ASCII
-character set. Special "escape" sequences specify the
-interpretation of subsequent character values as, for
-example, Japanese; the initial interpretation is Latin. The
-character set includes non-printing control characters. The
-T61String type allows only the Latin and Japanese character
-interepretations, and implementors' agreements for directory
-names exclude control characters [NIST92]. A T61String value
-can have any length, including zero. This type is a string
-type.
-
-The T61String type is used in PKCS #9's unstructured-address
-and challenge-password attributes, and in several X.521
-attributes.
-
-ASN.1 notation:
-
-T61String
-
-BER encoding. Primitive or constructed. In a primitive
-encoding, the contents octets give the characters in the
-T.61 string, encoded in ASCII. In a constructed encoding,
-the contents octets give the concatenation of the BER
-encodings of consecutive substrings of the T.61 string.
-
-Example: The BER encoding of the T61String value "cl'es
-publiques" (French for "public keys") can be any of the
-following, among others, depending on the form of length
-octets and whether the encoding is primitive or constructed:
-
-14 0f                                           DER encoding
-   63 6c c2 65 73 20 70 75 62 6c 69 71 75 65 73
-
-14 81 0f                          long form of length octets
-   63 6c c2 65 73 20 70 75 62 6c 69 71 75 65 73
-
-34 15      constructed encoding: "cl'es" + " " + "publiques"
-   14 05 63 6c c2 65 73
-   14 01 20
-   14 09 70 75 62 6c 69 71 75 65 73
-
-The eight-bit character c2 is a T.61 prefix that adds an
-acute accent (') to the next character.
-
-DER encoding. Primitive. Contents octets are as for a
-primitive BER encoding.
-
-Example: The DER encoding of the T61String value "cl'es
-publiques" is
-
-14 0f 63 6c c2 65 73 20 70 75 62 6c 69 71 75 65 73
-
-
-5.17 UTCTime
-
-The UTCTime type denotes a "coordinated universal time" or
-Greenwich Mean Time (GMT) value. A UTCTime value includes
-the local time precise to either minutes or seconds, and an
-offset from GMT in hours and minutes. It takes any of the
-following forms:
-
-YYMMDDhhmmZ
-YYMMDDhhmm+hh'mm'
-YYMMDDhhmm-hh'mm'
-YYMMDDhhmmssZ
-YYMMDDhhmmss+hh'mm'
-YYMMDDhhmmss-hh'mm'
-
-where:
-
-     YY is the least significant two digits of the year
-
-     MM is the month (01 to 12)
-
-     DD is the day (01 to 31)
-
-     hh is the hour (00 to 23)
-
-     mm are the minutes (00 to 59)
-
-     ss are the seconds (00 to 59)
-
-     Z indicates that local time is GMT, + indicates that
-          local time is later than GMT, and - indicates that
-          local time is earlier than GMT
-
-     hh' is the absolute value of the offset from GMT in
-          hours
-
-     mm' is the absolute value of the offset from GMT in
-          minutes
-
-This type is a string type.
-
-The UTCTime type is used for signing times in PKCS #9's
-signing-time attribute and for certificate validity periods
-in X.509's Validity type.
-
-ASN.1 notation:
-
-UTCTime
-
-BER encoding. Primitive or constructed. In a primitive
-encoding, the contents octets give the characters in the
-string, encoded in ASCII. In a constructed encoding, the
-contents octets give the concatenation of the BER encodings
-of consecutive substrings of the string. (The constructed
-encoding is not particularly interesting, since UTCTime
-values are so short, but the constructed encoding is
-permitted.)
-
-Example: The time this sentence was originally written was
-4:45:40 p.m. Pacific Daylight Time on May 6, 1991, which can
-be represented with either of the following UTCTime values,
-among others:
-
-"910506164540-0700"
-
-"910506234540Z"
-
-These values have the following BER encodings, among others:
-
-17 0d 39 31 30 35 30 36 32 33 34 35 34 30 5a
-
-17 11 39 31 30 35 30 36 31 36 34 35 34 30 2D 30 37 30
-      30
-
-DER encoding. Primitive. Contents octets are as for a
-primitive BER encoding.
-
-
-6. An example
-
-This section gives an example of ASN.1 notation and DER
-encoding: the X.501 type Name.
-
-
-6.1 Abstract notation
-
-This section gives the ASN.1 notation for the X.501 type
-Name.
-
-Name ::= CHOICE {
-  RDNSequence }
-
-RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
-
-RelativeDistinguishedName ::=
-  SET OF AttributeValueAssertion
-
-AttributeValueAssertion ::= SEQUENCE {
-   AttributeType,
-   AttributeValue }
-
-AttributeType ::= OBJECT IDENTIFIER
-
-AttributeValue ::= ANY
-
-The Name type identifies an object in an X.500 directory.
-Name is a CHOICE type consisting of one alternative:
-RDNSequence. (Future revisions of X.500 may have other
-alternatives.)
-
-The RDNSequence type gives a path through an X.500 directory
-tree starting at the root. RDNSequence is a SEQUENCE OF type
-consisting of zero or more occurences of
-RelativeDistinguishedName.
-
-The RelativeDistinguishedName type gives a unique name to an
-object relative to the object superior to it in the
-directory tree. RelativeDistinguishedName is a SET OF type
-consisting of zero or more occurrences of
-AttributeValueAssertion.
-
-The AttributeValueAssertion type assigns a value to some
-attribute of a relative distinguished name, such as country
-name or common name. AttributeValueAssertion is a SEQUENCE
-type consisting of two components, an AttributeType type and
-an AttributeValue type.
-
-The AttributeType type identifies an attribute by object
-identifier. The AttributeValue type gives an arbitrary
-attribute value. The actual type of the attribute value is
-determined by the attribute type.
-
-
-6.2 DER encoding
-
-This section gives an example of a DER encoding of a value
-of type Name, working from the bottom up.
-
-The name is that of the Test User 1 from the PKCS examples
-[Kal93]. The name is represented by the following path:
-
-                           (root)
-                              |
-                     countryName = "US"
-                              |
-          organizationName = "Example Organization"
-                              |
-                 commonName = "Test User 1"
-
-Each level corresponds to one RelativeDistinguishedName
-value, each of which happens for this name to consist of one
-AttributeValueAssertion value. The AttributeType value is
-before the equals sign, and the AttributeValue value (a
-printable string for the given attribute types) is after the
-equals sign.
-
-The countryName, organizationName, and commonUnitName are
-attribute types defined in X.520 as:
-
-attributeType OBJECT IDENTIFIER ::=
-  { joint-iso-ccitt(2) ds(5) 4 }
-
-countryName OBJECT IDENTIFIER ::= { attributeType 6 }
-organizationName OBJECT IDENTIFIER ::=
-  { attributeType 10 }
-commonUnitName OBJECT IDENTIFIER ::=
-  { attributeType 3 }
-
-
-6.2.1 AttributeType
-
-The three AttributeType values are OCTET STRING values, so
-their DER encoding follows the primitive, definite-length
-method:
-
-06 03 55 04 06                                   countryName
-
-06 03 55 04 0a                              organizationName
-
-06 03 55 04 03                                    commonName
-
-The identifier octets follow the low-tag form, since the tag
-is 6 for OBJECT IDENTIFIER. Bits 8 and 7 have value "0,"
-indicating universal class, and bit 6 has value "0,"
-indicating that the encoding is primitive. The length octets
-follow the short form. The contents octets are the
-concatenation of three octet strings derived from
-subidentifiers (in decimal): 40 * 2 + 5 = 85 = 5516; 4; and
-6, 10, or 3.
-
-
-6.2.2 AttributeValue
-
-The three AttributeValue values are PrintableString values,
-so their encodings follow the primitive, definite-length
-method:
-
-13 02 55 53                                             "US"
-
-13 14                                 "Example Organization"
-   45 78 61 6d 70 6c 65 20 4f 72 67 61 6e 69 7a 61
-   74 69 6f 6e
-
-13 0b                                          "Test User 1"
-   54 65 73 74 20 55 73 65 72 20 31
-
-The identifier octets follow the low-tag-number form, since
-the tag for PrintableString, 19 (decimal), is between 0 and
-30. Bits 8 and 7 have value "0" since PrintableString is in
-the universal class. Bit 6 has value "0" since the encoding
-is primitive. The length octets follow the short form, and
-the contents octets are the ASCII representation of the
-attribute value.
-
-
-6.2.3 AttributeValueAssertion
-
-The three AttributeValueAssertion values are SEQUENCE
-values, so their DER encodings follow the constructed,
-definite-length method:
-
-30 09                                     countryName = "US"
-   06 03 55 04 06
-   13 02 55 53
-
-30 1b              organizationName = "Example Organizaiton"
-   06 03 55 04 0a
-   13 14 ... 6f 6e
-
-30 12                             commonName = "Test User 1"
-   06 03 55 04 0b
-   13 0b ... 20 31
-
-The identifier octets follow the low-tag-number form, since
-the tag for SEQUENCE, 16 (decimal), is between 0 and 30.
-Bits 8 and 7 have value "0" since SEQUENCE is in the
-universal class. Bit 6 has value "1" since the encoding is
-constructed. The length octets follow the short form, and
-the contents octets are the concatenation of the DER
-encodings of the attributeType and attributeValue
-components.
-
-
-6.2.4 RelativeDistinguishedName
-
-The three RelativeDistinguishedName values are SET OF
-values, so their DER encodings follow the constructed,
-definite-length method:
-
-31 0b
-   30 09 ... 55 53
-
-31 1d
-   30 1b ... 6f 6e
-
-31 14
-   30 12 ... 20 31
-
-The identifier octets follow the low-tag-number form, since
-the tag for SET OF, 17 (decimal), is between 0 and 30. Bits
-8 and 7 have value "0" since SET OF is in the universal
-class Bit 6 has value "1" since the encoding is constructed.
-The lengths octets follow the short form, and the contents
-octets are the DER encodings of the respective
-AttributeValueAssertion values, since there is only one
-value in each set.
-
-
-6.2.5 RDNSequence
-
-The RDNSequence value is a SEQUENCE OF value, so its DER
-encoding follows the constructed, definite-length method:
-
-30 42
-   31 0b ... 55 53
-   31 1d ... 6f 6e
-   31 14 ... 20 31
-
-The identifier octets follow the low-tag-number form, since
-the tag for SEQUENCE OF, 16 (decimal), is between 0 and 30.
-Bits 8 and 7 have value "0" since SEQUENCE OF is in the
-universal class. Bit 6 has value "1" since the encoding is
-constructed. The lengths octets follow the short form, and
-the contents octets are the concatenation of the DER
-encodings of the three RelativeDistinguishedName values, in
-order of occurrence.
-
-
-6.2.6 Name
-
-The Name value is a CHOICE value, so its DER encoding is the
-same as that of the RDNSequence value:
-
-30 42
-   31 0b
-      30 09
-         06 03 55 04 06          attributeType = countryName
-         13 02 55 53                   attributeValue = "US"
-   31 1d
-      30 1b
-         06 03 55 04 0a     attributeType = organizationName
-         13 14       attributeValue = "Example Organization"
-            45 78 61 6d 70 6c 65 20 4f 72 67 61 6e 69 7a 61
-            74 69 6f 6e
-
-   31 14
-      30 12
-         06 03 55 04 03           attributeType = commonName
-         13 0b                attributeValue = "Test User 1"
-            54 65 73 74 20 55 73 65 72 20 31
-
-
-References
-
-PKCS #1   RSA Laboratories. PKCS #1: RSA Encryption
-          Standard. Version 1.5, November 1993.
-
-PKCS #3   RSA Laboratories. PKCS #3: Diffie-Hellman Key-
-          Agreement Standard. Version 1.4, November 1993.
-
-PKCS #5   RSA Laboratories. PKCS #5: Password-Based
-          Encryption Standard. Version 1.5, November 1993.
-
-PKCS #6   RSA Laboratories. PKCS #6: Extended-Certificate
-          Syntax Standard. Version 1.5, November 1993.
-
-PKCS #7   RSA Laboratories. PKCS #7: Cryptographic Message
-          Syntax Standard. Version 1.5, November 1993.
-
-PKCS #8   RSA Laboratories. PKCS #8: Private-Key Information
-          Syntax Standard. Version 1.2, November 1993.
-
-PKCS #9   RSA Laboratories. PKCS #9: Selected Attribute
-          Types. Version 1.1, November 1993.
-
-PKCS #10  RSA Laboratories. PKCS #10: Certification Request
-          Syntax Standard. Version 1.0, November 1993.
-
-X.200     CCITT. Recommendation X.200: Reference Model of
-          Open Systems Interconnection for CCITT
-          Applications. 1984.
-
-X.208     CCITT. Recommendation X.208: Specification of
-          Abstract Syntax Notation One (ASN.1). 1988.
-
-X.209     CCITT. Recommendation X.209: Specification of
-          Basic Encoding Rules for Abstract Syntax Notation
-          One (ASN.1). 1988.
-
-X.500     CCITT. Recommendation X.500: The
-          Directory--Overview of Concepts, Models and
-          Services. 1988.
-
-X.501     CCITT. Recommendation X.501: The Directory--
-          Models. 1988.
-
-X.509     CCITT. Recommendation X.509: The Directory--
-          Authentication Framework. 1988.
-
-X.520     CCITT. Recommendation X.520: The Directory--
-          Selected Attribute Types. 1988.
-
-[Kal93]   Burton S. Kaliski Jr. Some Examples of the PKCS
-          Standards. RSA Laboratories, November 1993.
-
-[NIST92]  NIST. Special Publication 500-202: Stable
-          Implementation Agreements for Open Systems
-          Interconnection Protocols. Part 11 (Directory
-          Services Protocols). December 1992.
-
-
-Revision history
-
-
-June 3, 1991 version
-
-The June 3, 1991 version is part of the initial public
-release of PKCS. It was published as NIST/OSI Implementors'
-Workshop document SEC-SIG-91-17.
-
-
-November 1, 1993 version
-
-The November 1, 1993 version incorporates several editorial
-changes, including the addition of a revision history. It is
-updated to be consistent with the following versions of the
-PKCS documents:
-
-     PKCS #1: RSA Encryption Standard. Version 1.5, November
-          1993.
-
-     PKCS #3: Diffie-Hellman Key-Agreement Standard. Version
-          1.4, November 1993.
-
-     PKCS #5: Password-Based Encryption Standard. Version
-          1.5, November 1993.
-
-     PKCS #6: Extended-Certificate Syntax Standard. Version
-          1.5, November 1993.
-
-     PKCS #7: Cryptographic Message Syntax Standard. Version
-          1.5, November 1993.
-
-     PKCS #8: Private-Key Information Syntax Standard.
-          Version 1.2, November 1993.
-
-     PKCS #9: Selected Attribute Types. Version 1.1,
-          November 1993.
-
-     PKCS #10: Certification Request Syntax Standard.
-          Version 1.0, November 1993.
-
-The following substantive changes were made:
-
-     Section 5: Description of T61String type is added.
-
-     Section 6: Names are changed, consistent with other
-          PKCS examples.
-
-
-Author's address
-
-Burton S. Kaliski Jr., Ph.D.
-Chief Scientist
-RSA Laboratories              (415) 595-7703
-100 Marine Parkway            (415) 595-4126 (fax)
-Redwood City, CA  94065  USA  burt@rsa.com
diff --git a/crypto/heimdal/doc/mdate-sh b/crypto/heimdal/doc/mdate-sh
deleted file mode 100755
index 37171f21fbd9..000000000000
--- a/crypto/heimdal/doc/mdate-sh
+++ /dev/null
@@ -1,92 +0,0 @@
-#!/bin/sh
-# Get modification time of a file or directory and pretty-print it.
-# Copyright (C) 1995, 1996, 1997 Free Software Foundation, Inc.
-# written by Ulrich Drepper <drepper@gnu.ai.mit.edu>, June 1995
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation,
-# Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-
-# Prevent date giving response in another language.
-LANG=C
-export LANG
-LC_ALL=C
-export LC_ALL
-LC_TIME=C
-export LC_TIME
-
-# Get the extended ls output of the file or directory.
-# On HPUX /bin/sh, "set" interprets "-rw-r--r--" as options, so the "x" below.
-if ls -L /dev/null 1>/dev/null 2>&1; then
-  set - x`ls -L -l -d $1`
-else
-  set - x`ls -l -d $1`
-fi
-# The month is at least the fourth argument
-# (3 shifts here, the next inside the loop).
-shift
-shift
-shift
-
-# Find the month.  Next argument is day, followed by the year or time.
-month=
-until test $month
-do
-  shift
-  case $1 in
-    Jan) month=January; nummonth=1;;
-    Feb) month=February; nummonth=2;;
-    Mar) month=March; nummonth=3;;
-    Apr) month=April; nummonth=4;;
-    May) month=May; nummonth=5;;
-    Jun) month=June; nummonth=6;;
-    Jul) month=July; nummonth=7;;
-    Aug) month=August; nummonth=8;;
-    Sep) month=September; nummonth=9;;
-    Oct) month=October; nummonth=10;;
-    Nov) month=November; nummonth=11;;
-    Dec) month=December; nummonth=12;;
-  esac
-done
-
-day=$2
-
-# Here we have to deal with the problem that the ls output gives either
-# the time of day or the year.
-case $3 in
-  *:*) set `date`; eval year=\$$#
-       case $2 in
-	 Jan) nummonthtod=1;;
-	 Feb) nummonthtod=2;;
-	 Mar) nummonthtod=3;;
-	 Apr) nummonthtod=4;;
-	 May) nummonthtod=5;;
-	 Jun) nummonthtod=6;;
-	 Jul) nummonthtod=7;;
-	 Aug) nummonthtod=8;;
-	 Sep) nummonthtod=9;;
-	 Oct) nummonthtod=10;;
-	 Nov) nummonthtod=11;;
-	 Dec) nummonthtod=12;;
-       esac
-       # For the first six month of the year the time notation can also
-       # be used for files modified in the last year.
-       if (expr $nummonth \> $nummonthtod) > /dev/null;
-       then
-	 year=`expr $year - 1`
-       fi;;
-  *) year=$3;;
-esac
-
-# The result.
-echo $day $month $year
diff --git a/crypto/heimdal/doc/migration.texi b/crypto/heimdal/doc/migration.texi
deleted file mode 100644
index 586d48814939..000000000000
--- a/crypto/heimdal/doc/migration.texi
+++ /dev/null
@@ -1,43 +0,0 @@
-@c $Id: migration.texi 9718 2001-02-24 05:09:24Z assar $
-
-@node Migration, Acknowledgments, Programming with Kerberos, Top
-@chapter Migration
-
-@section General issues
-
-When migrating from a Kerberos 4 KDC.
-
-@section Order in what to do things:
-
-@itemize @bullet
-
-@item Convert the database, check all principals that hprop complains
-about.
-
-@samp{hprop -n --source=<NNN>| hpropd -n}
-
-Replace <NNN> with whatever source you have, like krb4-db or krb4-dump.
-
-@item Run a Kerberos 5 slave for a while.
-
-@c XXX Add you slave first to your kdc list in you kdc.
-
-@item Figure out if it does everything you want it to.
-
-Make sure that all things that you use works for you.
-
-@item Let a small number of controlled users use Kerberos 5 tools.
-
-Find a sample population of your users and check what programs they use,
-you can also check the kdc-log to check what ticket are checked out.
-
-@item Burn the bridge and change the master.
-@item Let all users use the Kerberos 5 tools by default.
-@item Turn off services that do not need Kerberos 4 authentication.
-
-Things that might be hard to get away is old programs with support for
-Kerberos 4. Example applications are old Eudora installations using
-KPOP, and Zephyr. Eudora can use the Kerberos 4 kerberos in the Heimdal
-kdc.
-
-@end itemize
diff --git a/crypto/heimdal/doc/misc.texi b/crypto/heimdal/doc/misc.texi
deleted file mode 100644
index ea2260996b3c..000000000000
--- a/crypto/heimdal/doc/misc.texi
+++ /dev/null
@@ -1,58 +0,0 @@
-@c $Id: misc.texi 12197 2003-05-04 13:32:37Z lha $
-
-@node Things in search for a better place, Kerberos 4 issues, Applications, Top
-@chapter Things in search for a better place
-
-@section Making things work on Ciscos
-
-Modern versions of Cisco IOS has some support for authenticating via
-Kerberos 5. This can be used both by having the router get a ticket when
-you login (boring), and by using Kerberos authenticated telnet to access
-your router (less boring). The following has been tested on IOS
-11.2(12), things might be different with other versions. Old versions
-are known to have bugs.
-
-To make this work, you will first have to configure your router to use
-Kerberos (this is explained in the documentation). A sample
-configuration looks like the following:
-
-@example
-aaa new-model
-aaa authentication login default krb5-telnet krb5 enable
-aaa authorization exec krb5-instance
-kerberos local-realm FOO.SE
-kerberos srvtab entry host/router.foo.se 0 891725446 4 1 8 012345678901234567
-kerberos server FOO.SE 10.0.0.1
-kerberos instance map admin 15
-@end example
-
-This tells you (among other things) that when logging in, the router
-should try to authenticate with kerberised telnet, and if that fails try
-to verify a plain text password via a Kerberos ticket exchange (as
-opposed to a local database, RADIUS or something similar), and if that
-fails try the local enable password. If you're not careful when you
-specify the `login default' authentication mechanism, you might not be
-able to login at all. The `instance map' and `authorization exec' lines
-says that people with `admin' instances should be given `enabled' shells
-when logging in.
-
-The numbers after the principal on the `srvtab' line are principal type,
-time stamp (in seconds since 1970), key version number (4), keytype (1 ==
-des), key length (always 8 with des), and then the key.
-
-To make the Heimdal KDC produce tickets that the Cisco can decode you
-might have to turn on the @samp{encode_as_rep_as_tgs_rep} flag in the
-KDC. You will also have to specify that the router can't handle anything
-but @samp{des-cbc-crc}. This can be done with the @samp{del_enctype}
-command of @samp{kadmin}.
-
-This all fine and so, but unless you have an IOS version with encryption
-(available only in the U.S) it doesn't really solve any problems. Sure
-you don't have to send your password over the wire, but since the telnet
-connection isn't protected it's still possible for someone to steal your
-session. This won't be fixed until someone adds integrity to the telnet
-protocol.
-
-A working solution would be to hook up a machine with a real operating
-system to the console of the Cisco and then use it as a backwards
-terminal server.
diff --git a/crypto/heimdal/doc/ntlm.din b/crypto/heimdal/doc/ntlm.din
deleted file mode 100644
index bbf1087a5db8..000000000000
--- a/crypto/heimdal/doc/ntlm.din
+++ /dev/null
@@ -1,15 +0,0 @@
-# Doxyfile 1.5.3
-
-PROJECT_NAME           = Heimdal ntlm library
-PROJECT_NUMBER         = @PACKAGE_VERSION@
-OUTPUT_DIRECTORY       = @objdir@/ntlm
-INPUT                  = @srcdir@/../lib/ntlm
-
-WARN_IF_UNDOCUMENTED   = YES
-
-PERL_PATH              = /usr/bin/perl
-
-HTML_HEADER = "@srcdir@/header.html"
-HTML_FOOTER = "@srcdir@/footer.html"
-
-@INCLUDE = "@srcdir@/doxytmpl.dxy"
diff --git a/crypto/heimdal/doc/programming.texi b/crypto/heimdal/doc/programming.texi
deleted file mode 100644
index 528348bdaaa6..000000000000
--- a/crypto/heimdal/doc/programming.texi
+++ /dev/null
@@ -1,642 +0,0 @@
-@c $Id: programming.texi 22071 2007-11-14 20:04:50Z lha $
-
-@node Programming with Kerberos, Migration, Windows 2000 compatability, Top
-@chapter Programming with Kerberos
-
-First you need to know how the Kerberos model works, go read the
-introduction text (@pxref{What is Kerberos?}).
-
-@menu
-* Kerberos 5 API Overview::     
-* Walkthrough of a sample Kerberos 5 client::  
-* Validating a password in a server application::  
-* API differences to MIT Kerberos::  
-* File formats::
-@end menu
-
-@node Kerberos 5 API Overview, Walkthrough of a sample Kerberos 5 client, Programming with Kerberos, Programming with Kerberos
-@section Kerberos 5 API Overview
-
-All functions are documented in manual pages.  This section tries to
-give an overview of the major components used in Kerberos library, and
-point to where to look for a specific function.
-
-@subsection Kerberos context
-
-A kerberos context (@code{krb5_context}) holds all per thread state. All global variables that
-are context specific are stored in this structure, including default
-encryption types, credential cache (for example, a ticket file), and default realms.
-
-See the manual pages for @manpage{krb5_context,3} and
-@manpage{krb5_init_context,3}.
-
-@subsection Kerberos authentication context
-
-Kerberos authentication context (@code{krb5_auth_context}) holds all
-context related to an authenticated connection, in a similar way to the
-kerberos context that holds the context for the thread or process.
-
-The @code{krb5_auth_context} is used by various functions that are
-directly related to authentication between the server/client. Example of
-data that this structure contains are various flags, addresses of client
-and server, port numbers, keyblocks (and subkeys), sequence numbers,
-replay cache, and checksum types.
-
-See the manual page for @manpage{krb5_auth_context,3}.
-
-@subsection Kerberos principal
-
-The Kerberos principal is the structure that identifies a user or
-service in Kerberos. The structure that holds the principal is the
-@code{krb5_principal}. There are function to extract the realm and
-elements of the principal, but most applications have no reason to
-inspect the content of the structure.
-
-The are several ways to create a principal (with different degree of
-portability), and one way to free it.
-
-See manual page for @manpage{krb5_principal,3} for more information
-about the functions.
-
-@subsection Credential cache
-
-A credential cache holds the tickets for a user. A given user can have
-several credential caches, one for each realm where the user have the
-initial tickets (the first krbtgt).
-
-The credential cache data can be stored internally in different way, each of them for
-different proposes.  File credential (FILE) caches and processes based
-(KCM) caches are for permanent storage. While memory caches (MEMORY)
-are local caches to the local process.
-
-Caches are opened with @manpage{krb5_cc_resolve,3} or created with
-@manpage{krb5_cc_gen_unique,3}.
-
-If the cache needs to be opened again (using
-@manpage{krb5_cc_resolve,3}) @manpage{krb5_cc_close,3} will close the
-handle, but not the remove the cache. @manpage{krb5_cc_destroy,3} will
-zero out the cache, remove the cache so it can no longer be
-referenced.
-
-See also manual page for @manpage{krb5_ccache,3}
-
-@subsection Kerberos errors
-
-Kerberos errors are based on the com_err library.  All error codes are
-32-bit signed numbers, the first 24 bits define what subsystem the
-error originates from, and last 8 bits are 255 error codes within the
-library.  Each error code have fixed string associated with it.  For
-example, the error-code -1765328383 have the symbolic name
-KRB5KDC_ERR_NAME_EXP, and associated error string ``Client's entry in
-database has expired''.
-
-This is a great improvement compared to just getting one of the unix
-error-codes back.  However, Heimdal have an extention to pass back
-customised errors messages.  Instead of getting ``Key table entry not
-found'', the user might back ``failed to find
-host/host.example.com@@EXAMLE.COM(kvno 3) in keytab /etc/krb5.keytab
-(des-cbc-crc)''.  This improves the chance that the user find the
-cause of the error so you should use the customised error message
-whenever it's available.
-
-See also manual page for @manpage{krb5_get_error_string,3} and
-@manpage{krb5_get_err_text,3}.
-
-@subsection Keytab management
-
-A keytab is a storage for locally stored keys. Heimdal includes keytab
-support for Kerberos 5 keytabs, Kerberos 4 srvtab, AFS-KeyFile's,
-and for storing keys in memory.
-
-Keytabs are used for servers and long-running services.
-
-See also manual page for @manpage{krb5_keytab,3}
-
-@subsection Kerberos crypto
-
-Heimdal includes a implementation of the Kerberos crypto framework,
-all crypto operations.
-
-See also manual page for @manpage{krb5_crypto_init,3},
-@manpage{krb5_keyblock,3}, @manpage{krb5_create_checksum,3}, 
-and @manpage{krb5_encrypt,3}.
-
-@node Walkthrough of a sample Kerberos 5 client, Validating a password in a server application, Kerberos 5 API Overview, Programming with Kerberos
-@section Walkthrough of a sample Kerberos 5 client
-
-This example contains parts of a sample TCP Kerberos 5 clients, if you
-want a real working client, please look in @file{appl/test} directory in
-the Heimdal distribution.
-
-All Kerberos error-codes that are returned from kerberos functions in
-this program are passed to @code{krb5_err}, that will print a
-descriptive text of the error code and exit. Graphical programs can
-convert error-code to a human readable error-string with the
-@manpage{krb5_get_err_text,3} function.
-
-Note that you should not use any Kerberos function before
-@code{krb5_init_context()} have completed successfully. That is the
-reason @code{err()} is used when @code{krb5_init_context()} fails.
-
-First the client needs to call @code{krb5_init_context} to initialise
-the Kerberos 5 library. This is only needed once per thread
-in the program. If the function returns a non-zero value it indicates
-that either the Kerberos implementation is failing or it's disabled on
-this host.
-
-@example
-#include <krb5.h>
-
-int
-main(int argc, char **argv)
-@{
-        krb5_context context;
-
-        if (krb5_context(&context))
-                errx (1, "krb5_context");
-@end example
-
-Now the client wants to connect to the host at the other end. The
-preferred way of doing this is using @manpage{getaddrinfo,3} (for
-operating system that have this function implemented), since getaddrinfo
-is neutral to the address type and can use any protocol that is available.
-
-@example
-        struct addrinfo *ai, *a;
-        struct addrinfo hints;
-        int error;
-
-        memset (&hints, 0, sizeof(hints));
-        hints.ai_socktype = SOCK_STREAM;
-        hints.ai_protocol = IPPROTO_TCP;
-
-        error = getaddrinfo (hostname, "pop3", &hints, &ai);
-        if (error)
-                errx (1, "%s: %s", hostname, gai_strerror(error));
-
-        for (a = ai; a != NULL; a = a->ai_next) @{
-                int s;
-
-                s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
-                if (s < 0)
-                        continue;
-                if (connect (s, a->ai_addr, a->ai_addrlen) < 0) @{
-                        warn ("connect(%s)", hostname);
-                            close (s);
-                            continue;
-                @}
-                freeaddrinfo (ai);
-                ai = NULL;
-        @}
-        if (ai) @{
-                    freeaddrinfo (ai);
-                    errx ("failed to contact %s", hostname);
-        @}
-@end example
-
-Before authenticating, an authentication context needs to be
-created. This context keeps all information for one (to be) authenticated
-connection (see @manpage{krb5_auth_context,3}).
-
-@example
-        status = krb5_auth_con_init (context, &auth_context);
-        if (status)
-                krb5_err (context, 1, status, "krb5_auth_con_init");
-@end example
-
-For setting the address in the authentication there is a help function
-@code{krb5_auth_con_setaddrs_from_fd} that does everything that is needed
-when given a connected file descriptor to the socket.
-
-@example
-        status = krb5_auth_con_setaddrs_from_fd (context,
-                                                 auth_context,
-                                                 &sock);
-        if (status)
-                krb5_err (context, 1, status, 
-                          "krb5_auth_con_setaddrs_from_fd");
-@end example
-
-The next step is to build a server principal for the service we want
-to connect to. (See also @manpage{krb5_sname_to_principal,3}.)
-
-@example
-        status = krb5_sname_to_principal (context,
-                                          hostname,
-                                          service,
-                                          KRB5_NT_SRV_HST,
-                                          &server);
-        if (status)
-                krb5_err (context, 1, status, "krb5_sname_to_principal");
-@end example
-
-The client principal is not passed to @manpage{krb5_sendauth,3}
-function, this causes the @code{krb5_sendauth} function to try to figure it
-out itself.
-
-The server program is using the function @manpage{krb5_recvauth,3} to
-receive the Kerberos 5 authenticator.
-
-In this case, mutual authentication will be tried. That means that the server
-will authenticate to the client. Using mutual authentication
-is good since it enables the user to verify that they are talking to the
-right server (a server that knows the key).
-
-If you are using a non-blocking socket you will need to do all work of
-@code{krb5_sendauth} yourself. Basically you need to send over the
-authenticator from @manpage{krb5_mk_req,3} and, in case of mutual
-authentication, verifying the result from the server with
-@manpage{krb5_rd_rep,3}.
-
-@example
-        status = krb5_sendauth (context,
-                                &auth_context,
-                                &sock,
-                                VERSION,
-                                NULL,
-                                server,
-                                AP_OPTS_MUTUAL_REQUIRED,
-                                NULL,
-                                NULL,
-                                NULL,
-                                NULL,
-                                NULL,
-                                NULL);
-        if (status)
-                krb5_err (context, 1, status, "krb5_sendauth");
-@end example
-
-Once authentication has been performed, it is time to send some
-data. First we create a krb5_data structure, then we sign it with
-@manpage{krb5_mk_safe,3} using the @code{auth_context} that contains the
-session-key that was exchanged in the
-@manpage{krb5_sendauth,3}/@manpage{krb5_recvauth,3} authentication
-sequence.
-
-@example
-        data.data   = "hej";
-        data.length = 3;
-
-        krb5_data_zero (&packet);
-
-        status = krb5_mk_safe (context,
-                               auth_context,
-                               &data,
-                               &packet,
-                               NULL);
-        if (status)
-                krb5_err (context, 1, status, "krb5_mk_safe");
-@end example
-
-And send it over the network.
-
-@example
-        len = packet.length;
-        net_len = htonl(len);
-
-        if (krb5_net_write (context, &sock, &net_len, 4) != 4)
-                err (1, "krb5_net_write");
-        if (krb5_net_write (context, &sock, packet.data, len) != len)
-                err (1, "krb5_net_write");
-@end example
-
-To send encrypted (and signed) data @manpage{krb5_mk_priv,3} should be
-used instead. @manpage{krb5_mk_priv,3} works the same way as
-@manpage{krb5_mk_safe,3}, with the exception that it encrypts the data
-in addition to signing it.
-
-@example
-        data.data   = "hemligt";
-        data.length = 7;
-
-        krb5_data_free (&packet);
-
-        status = krb5_mk_priv (context,
-                               auth_context,
-                               &data,
-                               &packet,
-                               NULL);
-        if (status)
-                krb5_err (context, 1, status, "krb5_mk_priv");
-@end example
-
-And send it over the network.
-
-@example
-        len = packet.length;
-        net_len = htonl(len);
-
-        if (krb5_net_write (context, &sock, &net_len, 4) != 4)
-                err (1, "krb5_net_write");
-        if (krb5_net_write (context, &sock, packet.data, len) != len)
-                err (1, "krb5_net_write");
-
-@end example
-
-The server is using @manpage{krb5_rd_safe,3} and
-@manpage{krb5_rd_priv,3} to verify the signature and decrypt the packet.
-
-@node Validating a password in a server application, API differences to MIT Kerberos, Walkthrough of a sample Kerberos 5 client, Programming with Kerberos
-@section Validating a password in an application
-
-See the manual page for @manpage{krb5_verify_user,3}.
-
-@node API differences to MIT Kerberos, File formats, Validating a password in a server application, Programming with Kerberos
-@section API differences to MIT Kerberos
-
-This section is somewhat disorganised, but so far there is no overall
-structure to the differences, though some of the have their root in
-that Heimdal uses an ASN.1 compiler and MIT doesn't.
-
-@subsection Principal and realms
-
-Heimdal stores the realm as a @code{krb5_realm}, that is a @code{char *}.
-MIT Kerberos uses a @code{krb5_data} to store a realm.
-
-In Heimdal @code{krb5_principal} doesn't contain the component
-@code{name_type}; it's instead stored in component
-@code{name.name_type}. To get and set the nametype in Heimdal, use
-@manpage{krb5_principal_get_type,3} and
-@manpage{krb5_principal_set_type,3}.
-
-For more information about principal and realms, see
-@manpage{krb5_principal,3}.
-
-@subsection Error messages
-
-To get the error string, Heimdal uses
-@manpage{krb5_get_error_string,3} or, if @code{NULL} is returned,
-@manpage{krb5_get_err_text,3}. This is to return custom error messages
-(like ``Can't find host/datan.example.com@@EXAMPLE.COM in
-/etc/krb5.conf.'' instead of a ``Key table entry not found'' that
-@manpage{error_message,3} returns.
-
-Heimdal uses a threadsafe(r) version of the com_err interface; the
-global @code{com_err} table isn't initialised.  Then
-@manpage{error_message,3} returns quite a boring error string (just
-the error code itself).
-
-
-@c @node Why you should use GSS-API for new applications, Walkthrough of a sample GSS-API client, Validating a password in a server application, Programming with Kerberos
-@c @section Why you should use GSS-API for new applications
-@c 
-@c SSPI, bah, bah, microsoft, bah, bah, almost GSS-API.
-@c 
-@c It would also be possible for other mechanisms then Kerberos, but that
-@c doesn't exist any other GSS-API implementations today.
-@c 
-@c @node Walkthrough of a sample GSS-API client, , Why you should use GSS-API for new applications, Programming with Kerberos
-@c @section Walkthrough of a sample GSS-API client
-@c 
-@c Write about how gssapi_clent.c works.
-
-@node File formats,  , API differences to MIT Kerberos, Programming with Kerberos
-@section File formats
-
-This section documents the diffrent file formats that are used in
-Heimdal and other Kerberos implementations.
-
-@subsection keytab
-
-The keytab binary format is not a standard format. The format has
-evolved and may continue to. It is however understood by several
-Kerberos implementations including Heimdal, MIT, Sun's Java ktab and
-are created by the ktpass.exe utility from Windows. So it has
-established itself as the defacto format for storing Kerberos keys.
-
-The following C-like structure definitions illustrate the MIT keytab
-file format. All values are in network byte order. All text is ASCII.
-
-@example
-  keytab @{
-      uint16_t file_format_version;                    /* 0x502 */
-      keytab_entry entries[*];
-  @};
-
-  keytab_entry @{
-      int32_t size;
-      uint16_t num_components;   /* subtract 1 if version 0x501 */
-      counted_octet_string realm;
-      counted_octet_string components[num_components];
-      uint32_t name_type;       /* not present if version 0x501 */
-      uint32_t timestamp;
-      uint8_t vno8;
-      keyblock key;
-      uint32_t vno; /* only present if >= 4 bytes left in entry */
-  @};
-
-  counted_octet_string @{
-      uint16_t length;
-      uint8_t data[length];
-  @};
-
-  keyblock @{
-      uint16_t type;
-      counted_octet_string;
-  @};
-@end example
-
-All numbers are stored in network byteorder (big endian) format.
-
-The keytab file format begins with the 16 bit file_format_version which
-at the time this document was authored is 0x502. The format of older
-keytabs is described at the end of this document.
-
-The file_format_version is immediately followed by an array of
-keytab_entry structures which are prefixed with a 32 bit size indicating
-the number of bytes that follow in the entry. Note that the size should be
-evaluated as signed. This is because a negative value indicates that the
-entry is in fact empty (e.g. it has been deleted) and that the negative
-value of that negative value (which is of course a positive value) is
-the offset to the next keytab_entry. Based on these size values alone
-the entire keytab file can be traversed.
-
-The size is followed by a 16 bit num_components field indicating the
-number of counted_octet_string components in the components array.
-
-The num_components field is followed by a counted_octet_string
-representing the realm of the principal.
-
-A counted_octet_string is simply an array of bytes prefixed with a 16
-bit length. For the realm and name components, the counted_octet_string
-bytes are ASCII encoded text with no zero terminator.
-
-Following the realm is the components array that represents the name of
-the principal. The text of these components may be joined with slashs
-to construct the typical SPN representation. For example, the service
-principal HTTP/www.foo.net@@FOO.NET would consist of name components
-"HTTP" followed by "www.foo.net".
-
-Following the components array is the 32 bit name_type (e.g. 1 is
-KRB5_NT_PRINCIPAL, 2 is KRB5_NT_SRV_INST, 5 is KRB5_NT_UID, etc). In
-practice the name_type is almost certainly 1 meaning KRB5_NT_PRINCIPAL.
-
-The 32 bit timestamp indicates the time the key was established for that
-principal. The value represents the number of seconds since Jan 1, 1970.
-
-The 8 bit vno8 field is the version number of the key. This value is
-overridden by the 32 bit vno field if it is present. The vno8 field is
-filled with the lower 8 bits of the 32 bit protocol kvno field.
-
-The keyblock structure consists of a 16 bit value indicating the
-encryption type and is a counted_octet_string containing the key.  The
-encryption type is the same as the Kerberos standard (e.g. 3 is
-des-cbc-md5, 23 is arcfour-hmac-md5, etc).
-
-The last field of the keytab_entry structure is optional. If the size of
-the keytab_entry indicates that there are at least 4 bytes remaining,
-a 32 bit value representing the key version number is present. This
-value supersedes the 8 bit vno8 value preceeding the keyblock.
-
-Older keytabs with a file_format_version of 0x501 are different in
-three ways:
-
-@table @asis
-@item All integers are in host byte order [1].
-@item The num_components field is 1 too large (i.e. after decoding, decrement by 1).
-@item The 32 bit name_type field is not present.
-@end table
-
-[1] The file_format_version field should really be treated as two
-separate 8 bit quantities representing the major and minor version
-number respectively.
-
-@subsection Heimdal database dump file
-
-Format of the Heimdal text dump file as of Heimdal 0.6.3:
-
-Each line in the dump file is one entry in the database.
-
-Each field of a line is separated by one or more spaces, with the
-exception of fields consisting of principals containing spaces, where
-space can be quoted with \ and \ is quoted by \.
-
-Fields and their types are:
-
-@example
-	Quoted princial (quote character is \) [string]
-	Keys [keys]
-	Created by [event]
-	Modified by [event optional]
-	Valid start time [time optional]
-	Valid end time [time optional]
-	Password end valid time [time optional]
-	Max lifetime of ticket [time optional]
-	Max renew time of ticket [integer optional]
-	Flags [hdb flags]
-	Generation number [generation optional]
-	Extensions [extentions optional]
-@end example
-
-Fields following these silently are ignored.
-
-All optional fields will be skipped if they fail to parse (or comprise
-the optional field marker of "-", w/o quotes).
-
-Example:
-
-@example
-fred@@EXAMPLE.COM 27:1:16:e8b4c8fc7e60b9e641dcf4cff3f08a701d982a2f89ba373733d26ca59ba6c789666f6b8bfcf169412bb1e5dceb9b33cda29f3412:-:1:3:4498a933881178c744f4232172dcd774c64e81fa6d05ecdf643a7e390624a0ebf3c7407a:-:1:2:b01934b13eb795d76f3a80717d469639b4da0cfb644161340ef44fdeb375e54d684dbb85:-:1:1:ea8e16d8078bf60c781da90f508d4deccba70595258b9d31888d33987cd31af0c9cced2e:- 20020415130120:admin@@EXAMPLE.COM 20041221112428:fred@@EXAMPLE.COM - - - 86400 604800 126 20020415130120:793707:28 -
-@end example
-
-Encoding of types are as follows:
-
-@table @asis
-@item keys
-
-@example
-kvno:[masterkvno:keytype:keydata:salt]@{zero or more separated by :@}
-@end example
-
-kvno is the key version number.
-
-keydata is hex-encoded
-
-masterkvno is the kvno of the database master key.  If this field is
-empty, the kadmin load and merge operations will encrypt the key data
-with the master key if there is one.  Otherwise the key data will be
-imported asis.
-
-salt is encoded as "-" (no/default salt) or
-
-@example
-salt-type /
-salt-type / "string"
-salt-type / hex-encoded-data
-@end example
-
-keytype is the protocol enctype number; see enum ENCTYPE in
-include/krb5_asn1.h for values.
-
-Example:
-@example
-27:1:16:e8b4c8fc7e60b9e641dcf4cff3f08a701d982a2f89ba373733d26ca59ba6c789666f6b8bfcf169412bb1e5dceb9b33cda29f3412:-:1:3:4498a933881178c744f4232172dcd774c64e81fa6d05ecdf643a7e390624a0ebf3c7407a:-:1:2:b01934b13eb795d76f3a80717d469639b4da0cfb644161340ef44fdeb375e54d684dbb85:-:1:1:ea8e16d8078bf60c781da90f508d4deccba70595258b9d31888d33987cd31af0c9cced2e:-
-@end example
-
-
-@example
-kvno=27,@{key: masterkvno=1,keytype=des3-cbc-sha1,keydata=..., default salt@}...
-@end example
-
-@item time
-	
-Format of the time is: YYYYmmddHHMMSS, corresponding to strftime
-format "%Y%m%d%k%M%S".
-
-Time is expressed in UTC.
-
-Time can be optional (using -), when the time 0 is used.
-
-Example:
-
-@example
-20041221112428
-@end example
-
-@item event
-
-@example
-	time:principal
-@end example
-
-time is as given in format time
-
-principal is a string.  Not quoting it may not work in earlier
-versions of Heimdal.
-
-Example:
-@example
-20041221112428:bloggs@@EXAMPLE.COM
-@end example
-
-@item hdb flags
-
-Integer encoding of HDB flags, see HDBFlags in lib/hdb/hdb.asn1. Each
-bit in the integer is the same as the bit in the specification.
-
-@item generation:
-
-@example
-time:usec:gen
-@end example
-
-
-usec is a the microsecond, integer.
-gen is generation number, integer.
-
-The generation can be defaulted (using '-') or the empty string
-
-@item extensions:
-
-@example
-first-hex-encoded-HDB-Extension[:second-...]
-@end example
-
-HDB-extension is encoded the DER encoded HDB-Extension from
-lib/hdb/hdb.asn1. Consumers HDB extensions should be aware that
-unknown entires needs to be preserved even thought the ASN.1 data
-content might be unknown. There is a critical flag in the data to show
-to the KDC that the entry MUST be understod if the entry is to be
-used.
-
-@end table
diff --git a/crypto/heimdal/doc/setup.texi b/crypto/heimdal/doc/setup.texi
deleted file mode 100644
index 02e7972c1dfe..000000000000
--- a/crypto/heimdal/doc/setup.texi
+++ /dev/null
@@ -1,1455 +0,0 @@
-@c $Id: setup.texi 22191 2007-12-06 17:26:30Z lha $
-
-@node Setting up a realm, Applications, Building and Installing, Top
-
-@chapter Setting up a realm
-
-A
-@cindex realm
-realm is an administrative domain.  The name of a Kerberos realm is
-usually the Internet domain name in uppercase.  Call your realm the same
-as your Internet domain name if you do not have strong reasons for not
-doing so.  It will make life easier for you and everyone else.
-
-@menu
-* Configuration file::
-* Creating the database::
-* Modifying the database::
-* Checking the setup::
-* keytabs::
-* Serving Kerberos 4/524/kaserver::
-* Remote administration::
-* Password changing::
-* Testing clients and servers::
-* Slave Servers::
-* Incremental propagation::
-* Encryption types and salting::
-* Cross realm::
-* Transit policy::
-* Setting up DNS::
-* Using LDAP to store the database::
-* Providing Kerberos credentials to servers and programs::
-* Setting up PK-INIT::
-@end menu
-
-@node  Configuration file, Creating the database, Setting up a realm, Setting up a realm
-@section Configuration file
-
-To setup a realm you will first have to create a configuration file:
-@file{/etc/krb5.conf}. The @file{krb5.conf} file can contain many
-configuration options, some of which are described here.
-
-There is a sample @file{krb5.conf} supplied with the distribution.
-
-The configuration file is a hierarchical structure consisting of
-sections, each containing a list of bindings (either variable
-assignments or subsections). A section starts with
-@samp{[@samp{section-name}]}.  A binding consists of a left hand side, an equal sign
-(@samp{=}) and a right hand side (the left hand side tag must be
-separated from the equal sign with some whitespace). Subsections have a
-@samp{@{} as the first non-whitespace character after the equal sign. All
-other bindings are treated as variable assignments. The value of a
-variable extends to the end of the line.
-
-@example
-[section1]
-        a-subsection = @{
-                var = value1
-                other-var = value with @{@}
-                sub-sub-section = @{
-                        var = 123
-                @}
-        @}
-        var = some other value
-[section2]
-        var = yet another value
-@end example
-
-In this manual, names of sections and bindings will be given as strings
-separated by slashes (@samp{/}). The @samp{other-var} variable will thus
-be @samp{section1/a-subsection/other-var}.
-
-For in-depth information about the contents of the configuration file, refer to
-the @file{krb5.conf} manual page. Some of the more important sections
-are briefly described here.
-
-The @samp{libdefaults} section contains a list of library configuration
-parameters, such as the default realm and the timeout for KDC
-responses. The @samp{realms} section contains information about specific
-realms, such as where they hide their KDC@. This section serves the same
-purpose as the Kerberos 4 @file{krb.conf} file, but can contain more
-information. Finally the @samp{domain_realm} section contains a list of
-mappings from domains to realms, equivalent to the Kerberos 4
-@file{krb.realms} file.
-
-To continue with the realm setup, you will have to create a configuration file,
-with contents similar to the following.
-
-@example
-[libdefaults]
-        default_realm = MY.REALM
-[realms]
-        MY.REALM = @{
-                kdc = my.kdc my.slave.kdc
-                kdc = my.third.kdc
-        @}
-[domain_realm]
-        .my.domain = MY.REALM
-
-@end example
-
-If you use a realm name equal to your domain name, you can omit the
-@samp{libdefaults}, and @samp{domain_realm}, sections. If you have a DNS
-SRV-record for your realm, or your Kerberos server has DNS CNAME
-@samp{kerberos.my.realm}, you can omit the @samp{realms} section too.
-
-@node Creating the database, Modifying the database, Configuration file, Setting up a realm
-@section Creating the database
-
-The database library will look for the database in the directory
-@file{@value{dbdir}}, so you should probably create that directory.
-Make sure the directory has restrictive permissions.
-
-@example
-# mkdir /var/heimdal
-@end example
-
-The keys of all the principals are stored in the database.  If you
-choose to, these can be encrypted with a master key.  You do not have to
-remember this key (or password), but just to enter it once and it will
-be stored in a file (@file{/var/heimdal/m-key}).  If you want to have a
-master key, run @samp{kstash} to create this master key:
-
-@example
-# kstash
-Master key:
-Verifying password - Master key:
-@end example
-
-If you want to generate a random master key you can use the
-@kbd{--random-key} flag to kstash. This will make sure you have a good key
-on which attackers can't do a dictionary attack.
-
-If you have a master key, make sure you make a backup of your master
-key file; without it backups of the database are of no use.
-
-To initialise the database use the @command{kadmin} program, with the
-@kbd{-l} option (to enable local database mode). First issue a
-@kbd{init MY.REALM} command. This will create the database and insert
-default principals for that realm. You can have more than one realm in
-one database, so @samp{init} does not destroy any old database.
-
-Before creating the database, @samp{init} will ask you some questions
-about maximum ticket lifetimes.
-
-After creating the database you should probably add yourself to it. You
-do this with the @samp{add} command. It takes as argument the name of a
-principal. The principal should contain a realm, so if you haven't set up
-a default realm, you will need to explicitly include the realm.
-
-@example
-# kadmin -l
-kadmin> init MY.REALM
-Realm max ticket life [unlimited]:
-Realm max renewable ticket life [unlimited]:
-kadmin> add me
-Max ticket life [unlimited]:
-Max renewable life [unlimited]:
-Attributes []:
-Password:
-Verifying password - Password:
-@end example
-
-Now start the KDC and try getting a ticket.
-
-@example
-# kdc &
-# kinit me
-me@@MY.REALMS's Password:
-# klist
-Credentials cache: /tmp/krb5cc_0
-        Principal: me@@MY.REALM
-
-  Issued           Expires          Principal
-Aug 25 07:25:55  Aug 25 17:25:55  krbtgt/MY.REALM@@MY.REALM
-@end example
-
-If you are curious you can use the @samp{dump} command to list all the
-entries in the database.  It should look something similar to the
-following example (note that the entries here are truncated for
-typographical reasons):
-
-@smallexample
-kadmin> dump
-me@@MY.REALM 1:0:1:0b01d3cb7c293b57:-:0:7:8aec316b9d1629e3baf8 ...
-kadmin/admin@@MY.REALM 1:0:1:e5c8a2675b37a443:-:0:7:cb913ebf85 ...
-krbtgt/MY.REALM@@MY.REALM 1:0:1:52b53b61c875ce16:-:0:7:c8943be ...
-kadmin/changepw@@MY.REALM 1:0:1:f48c8af2b340e9fb:-:0:7:e3e6088 ...
-@end smallexample
-
-@node Modifying the database, Checking the setup, Creating the database, Setting up a realm
-@section Modifying the database
-
-All modifications of principals are done with with kadmin.
-
-A principal has several attributes and lifetimes associated with it.
-
-Principals are added, renamed, modified, and deleted with the kadmin
-commands @samp{add}, @samp{rename}, @samp{modify}, @samp{delete}.
-Both interactive editing and command line flags can be used (use --help
-to list the available options).
-
-There are different kinds of types for the fields in the database;
-attributes, absolute time times and relative times.
-
-@subsection Attributes
-
-When doing interactive editing, attributes are listed with @samp{?}.
-
-The attributes are given in a comma (@samp{,}) separated list.
-Attributes are removed from the list by prefixing them with @samp{-}.
-
-@smallexample
-kadmin> modify me
-Max ticket life [1 day]:
-Max renewable life [1 week]:
-Principal expiration time [never]:
-Password expiration time [never]:
-Attributes [disallow-renewable]: requires-pre-auth,-disallow-renewable
-kadmin> get me
-            Principal: me@@MY.REALM
-[...]
-           Attributes: requires-pre-auth
-@end smallexample
-
-@subsection Absolute times
-
-The format for absolute times are any of the following:
-
-@smallexample
-never
-now
-YYYY-mm-dd
-YYYY-mm-dd HH:MM:SS
-@end smallexample
-
-
-@subsection Relative times
-
-The format for relative times are any of the following combined:
-
-@smallexample
-N year
-M month
-O day
-P hour
-Q minute
-R second
-@end smallexample
-
-@c Describe more of kadmin commands here...
-
-@node Checking the setup, keytabs, Modifying the database, Setting up a realm
-@section Checking the setup
-
-There are two tools that can check the consistency of the Kerberos
-configuration file and the Kerberos database.
-
-The Kerberos configuration file is checked using
-@command{verify_krb5_conf}. The tool checks for common errors, but
-commonly there are several uncommon configuration entries that are
-never added to the tool and thus generates ``unknown entry'' warnings.
-This is usually nothing to worry about.
-
-The database check is built into the kadmin tool. It will check for
-common configuration error that will cause problems later. Common
-check are for existence and flags on important principals. The
-database check by run by the following command :
-
-@example
-kadmin check REALM.EXAMPLE.ORG
-@end example
-
-@node keytabs, Serving Kerberos 4/524/kaserver, Checking the setup, Setting up a realm
-@section keytabs
-
-To extract a service ticket from the database and put it in a keytab, you
-need to first create the principal in the database with @samp{ank}
-(using the @kbd{--random-key} flag to get a random key) and then
-extract it with @samp{ext_keytab}.
-
-@example
-kadmin> add --random-key host/my.host.name
-Max ticket life [unlimited]:
-Max renewable life [unlimited]:
-Attributes []:
-kadmin> ext host/my.host.name
-kadmin> exit
-# ktutil list
-Version  Type             Principal
-     1   des-cbc-md5      host/my.host.name@@MY.REALM
-     1   des-cbc-md4      host/my.host.name@@MY.REALM
-     1   des-cbc-crc      host/my.host.name@@MY.REALM
-     1   des3-cbc-sha1    host/my.host.name@@MY.REALM
-@end example
-
-@node Serving Kerberos 4/524/kaserver, Remote administration, keytabs, Setting up a realm
-@section Serving Kerberos 4/524/kaserver
-
-Heimdal can be configured to support 524, Kerberos 4 or kaserver. All
-these services are turned off by default. Kerberos 4 is always
-supported by the KDC, but the Kerberos 4 client support also depends
-on Kerberos 4 support having been included at compile-time, using
-@kbd{--with-krb4=dir}.
-
-@subsection 524
-
-524 is a service that allows the KDC to convert Kerberos 5 tickets to
-Kerberos 4 tickets for backward compatibility. See also Using 2b
-tokens with AFS in @xref{Things in search for a better place}.
-
-524 can be turned on by adding this to the configuration file
-
-@example
-[kdc]
-	enable-524 = yes
-@end example
-
-@subsection Kerberos 4
-
-Kerberos 4 is the predecessor to to Kerberos 5. It only supports
-single DES@. You should only enable Kerberos 4 support if you have
-needs for compatibility with an installed base of Kerberos 4
-clients/servers.
-
-Kerberos 4 can be turned on by adding this to the configuration file
-
-@example
-[kdc]
-	enable-kerberos4 = yes
-@end example
-
-@subsection kaserver
-
-Kaserver is a Kerberos 4 that is used in AFS@.  The protocol has some
-extra features over plain Kerberos 4, but like Kerberos 4, only uses
-single DES@.
-
-You should only enable Kaserver support if you have needs for
-compatibility with an installed base of AFS machines.
-
-Kaserver can be turned on by adding this to the configuration file
-
-@example
-[kdc]
-	enable-kaserver = yes
-@end example
-
-@node Remote administration, Password changing, Serving Kerberos 4/524/kaserver, Setting up a realm
-@section Remote administration
-
-The administration server, @command{kadmind}, can be started by
-@command{inetd} (which isn't recommended) or run as a normal daemon. If you
-want to start it from @command{inetd} you should add a line similar to the
-one below to your @file{/etc/inetd.conf}.
-
-@example
-kerberos-adm stream     tcp     nowait  root /usr/heimdal/libexec/kadmind kadmind
-@end example
-
-You might need to add @samp{kerberos-adm} to your @file{/etc/services}
-as @samp{749/tcp}.
-
-Access to the administration server is controlled by an ACL file,
-(default @file{/var/heimdal/kadmind.acl}.) The file has the following
-syntax:
-@smallexample
-principal       [priv1,priv2,...]       [glob-pattern]
-@end smallexample
-
-The matching is from top to bottom for matching principals (and if given,
-glob-pattern).  When there is a match, the access rights of that line are
-applied.
-
-The privileges you can assign to a principal are: @samp{add},
-@samp{change-password} (or @samp{cpw} for short), @samp{delete},
-@samp{get}, @samp{list}, and @samp{modify}, or the special privilege
-@samp{all}. All of these roughly correspond to the different commands
-in @command{kadmin}.
-
-If a @var{glob-pattern} is given on a line, it restricts the access
-rights for the principal to only apply for subjects that match the
-pattern.  The patterns are of the same type as those used in shell
-globbing, see @url{none,,fnmatch(3)}.
-
-In the example below @samp{lha/admin} can change every principal in the
-database. @samp{jimmy/admin} can only modify principals that belong to
-the realm @samp{E.KTH.SE}. @samp{mille/admin} is working at the
-help desk, so he should only be able to change the passwords for single
-component principals (ordinary users). He will not be able to change any
-@samp{/admin} principal.
-
-@example
-lha/admin@@E.KTH.SE	all
-jimmy/admin@@E.KTH.SE	all		*@@E.KTH.SE
-jimmy/admin@@E.KTH.SE	all		*/*@@E.KTH.SE
-mille/admin@@E.KTH.SE	change-password	*@@E.KTH.SE
-@end example
-
-@node Password changing, Testing clients and servers, Remote administration, Setting up a realm
-@section Password changing
-
-To allow users to change their passwords, you should run @command{kpasswdd}.
-It is not run from @command{inetd}.
-
-You might need to add @samp{kpasswd} to your @file{/etc/services} as
-@samp{464/udp}.
-
-@subsection Password quality assurance
-
-It is important that users have good passwords, both to make it harder
-to guess them and to avoid off-line attacks (although
-pre-authentication provides some defence against off-line attacks).
-To ensure that the users choose good passwords, you can enable
-password quality controls in @command{kpasswdd} and @command{kadmind}.
-The controls themselves are done in a shared library or an external
-program that is used by @command{kpasswdd}.  To configure in these
-controls, add lines similar to the following to your
-@file{/etc/krb5.conf}:
-
-@example
-[password_quality]
-	policies = external-check builtin:minimum-length module:policyname
-	external_program = /bin/false
-	policy_libraries = @var{library1.so} @var{library2.so}
-@end example
-
-In @samp{[password_quality]policies} the module name is optional if
-the policy name is unique in all modules (members of
-@samp{policy_libraries}).
-
-The built-in polices are
-
-@itemize @bullet
-
-@item external-check
-
-Executes the program specified by @samp{[password_quality]external_program}.
-
-A number of key/value pairs are passed as input to the program, one per
-line, ending with the string @samp{end}.  The key/value lines are of
-the form
-@example
-principal: @var{principal}
-new-password: @var{password}
-@end example
-where @var{password} is the password to check for the previous
-@var{principal}.
-
-If the external application approves the password, it should return
-@samp{APPROVED} on standard out and exit with exit code 0.  If it
-doesn't approve the password, an one line error message explaining the
-problem should be returned on standard error and the application
-should exit with exit code 0.  In case of a fatal error, the
-application should, if possible, print an error message on standard
-error and exit with a non-zero error code.
-
-@item minimum-length
-
-The minimum length password quality check reads the configuration file
-stanza @samp{[password_quality]min_length} and requires the password
-to be at least this length.
-
-@item character-class
-
-The character-class password quality check reads the configuration
-file stanza @samp{[password_quality]min_classes}. The policy requires
-the password to have characters from at least that many character
-classes. Default value if not given is 3.
-
-The four different characters classes are, uppercase, lowercase,
-number, special characters.
-
-@end itemize
-
-If you want to write your own shared object to check password
-policies, see the manual page @manpage{kadm5_pwcheck,3}.
-
-Code for a password quality checking function that uses the cracklib
-library can be found in @file{lib/kadm5/sample_password_check.c} in
-the source code distribution.  It requires that the cracklib library
-be built with the patch available at
-@url{ftp://ftp.pdc.kth.se/pub/krb/src/cracklib.patch}.
-
-A sample policy external program is included in
-@file{lib/kadm5/check-cracklib.pl}.
-
-If no password quality checking function is configured, the only check
-performed is that the password is at least six characters long.
-
-To check the password policy settings, use the command
-@command{password-quality} in @command{kadmin} program. The password
-verification is only performed locally, on the client.  It may be
-convenient to set the environment variable @samp{KRB5_CONFIG} to point
-to a test version of @file{krb5.conf} while you're testing the
-@samp{[password_quality]} stanza that way.
-
-@node Testing clients and servers, Slave Servers, Password changing, Setting up a realm
-@section Testing clients and servers
-
-Now you should be able to run all the clients and servers.  Refer to the
-appropriate man pages for information on how to use them.
-
-@node Slave Servers, Incremental propagation, Testing clients and servers, Setting up a realm
-@section Slave servers, Incremental propagation, Testing clients and servers, Setting up a realm
-
-It is desirable to have at least one backup (slave) server in case the
-master server fails. It is possible to have any number of such slave
-servers but more than three usually doesn't buy much more redundancy.
-
-All Kerberos servers for a realm must have the same database so that
-they present the same service to the users.  The
-@pindex hprop
-@command{hprop} program, running on the master, will propagate the database
-to the slaves, running
-@pindex hpropd
-@command{hpropd} processes.
-
-Every slave needs a database directory, the master key (if it was used
-for the database) and a keytab with the principal
-@samp{hprop/@var{hostname}}.  Add the principal with the
-@pindex ktutil
-@command{ktutil} command and start
-@pindex hpropd
-@command{hpropd}, as follows:
-
-@example
-slave# ktutil get -p foo/admin hprop/`hostname`
-slave# mkdir /var/heimdal
-slave# hpropd
-@end example
-
-The master will use the principal @samp{kadmin/hprop} to authenticate to
-the slaves.  This principal should be added when running @kbd{kadmin -l
-init} but if you do not have it in your database for whatever reason,
-please add it with @kbd{kadmin -l add}.
-
-Then run
-@pindex hprop
-@code{hprop} on the master:
-
-@example
-master# hprop slave
-@end example
-
-This was just an hands-on example to make sure that everything was
-working properly.  Doing it manually is of course the wrong way, and to
-automate this you will want to start
-@pindex hpropd
-@command{hpropd} from @command{inetd} on the slave(s) and regularly run
-@pindex hprop
-@command{hprop} on the master to regularly propagate the database.
-Starting the propagation once an hour from @command{cron} is probably a
-good idea.
-
-@node Incremental propagation, Encryption types and salting, Slave Servers, Setting up a realm
-@section Incremental propagation
-
-There is also a newer, and still somewhat experimental, mechanism for
-doing incremental propagation in Heimdal.  Instead of sending the whole
-database regularly, it sends the changes as they happen on the master to
-the slaves.  The master keeps track of all the changes by assigning a
-version number to every change to the database.  The slaves know which
-was the latest version they saw and in this way it can be determined if
-they are in sync or not.  A log of all the changes is kept on the master,
-and when a slave is at an older version than the oldest one in the
-log, the whole database has to be sent.
-
-Protocol-wise, all the slaves connect to the master and as a greeting
-tell it the latest version that they have (@samp{IHAVE} message).  The
-master then responds by sending all the changes between that version and
-the current version at the master (a series of @samp{FORYOU} messages)
-or the whole database in a @samp{TELLYOUEVERYTHING} message.  There is
-also a keep-alive protocol that makes sure all slaves are up and running.
-
-@subsection Configuring incremental propagation
-
-The program that runs on the master is @command{ipropd-master} and all
-clients run @command{ipropd-slave}.
-
-Create the file @file{/var/heimdal/slaves} on the master containing all
-the slaves that the database should be propagated to.  Each line contains
-the full name of the principal (for example
-@samp{iprop/hemligare.foo.se@@FOO.SE}).
-
-You should already have @samp{iprop/tcp} defined as 2121, in your
-@file{/etc/services}.  Otherwise, or if you need to use a different port
-for some peculiar reason, you can use the @kbd{--port} option.  This is
-useful when you have multiple realms to distribute from one server.
-
-Then you need to create those principals that you added in the
-configuration file.  Create one @samp{iprop/hostname} for the master and
-for every slave.
-
-
-@example
-master# /usr/heimdal/sbin/ktutil get iprop/`hostname`
-@end example
-
-The next step is to start the @command{ipropd-master} process on the master
-server.  The @command{ipropd-master} listens on the UNIX domain socket
-@file{/var/heimdal/signal} to know when changes have been made to the
-database so they can be propagated to the slaves.  There is also a
-safety feature of testing the version number regularly (every 30
-seconds) to see if it has been modified by some means that do not raise
-this signal.  Then, start @command{ipropd-slave} on all the slaves:
-
-@example
-master# /usr/heimdal/libexec/ipropd-master &
-slave#  /usr/heimdal/libexec/ipropd-slave master &
-@end example
-
-To manage the iprop log file you should use the @command{iprop-log}
-command. With it you can dump, truncate and replay the logfile.
-
-@node Encryption types and salting, Cross realm, Incremental propagation, Setting up a realm
-@section Encryption types and salting
-@cindex Salting
-@cindex Encryption types
-
-The encryption types that the KDC is going to assign by default is
-possible to change. Since the keys used for user authentication is
-salted the encryption types are described together with the salt
-strings.
-
-Salting is used to make it harder to pre-calculate all possible
-keys. Using a salt increases the search space to make it almost
-impossible to pre-calculate all keys. Salting is the process of mixing a
-public string (the salt) with the password, then sending it through an
-encryption type specific string-to-key function that will output the
-fixed size encryption key.
-
-In Kerberos 5 the salt is determined by the encryption type, except in
-some special cases.
-
-In @code{des} there is the Kerberos 4 salt
-(none at all) or the afs-salt (using the cell (realm in
-AFS lingo)).
-
-In @code{arcfour} (the encryption type that Microsoft Windows 2000 uses)
-there is no salt. This is to be compatible with NTLM keys in Windows
-NT 4.
-
-@code{[kadmin]default_keys} in @file{krb5.conf} controls
-what salting to use.
-
-The syntax of @code{[kadmin]default_keys} is
-@samp{[etype:]salt-type[:salt-string]}. @samp{etype} is the encryption
-type (des-cbc-crc, arcfour-hmac-md5, aes256-cts-hmac-sha1-96),
-@code{salt-type} is the type of salt (pw-salt or afs3-salt), and the
-salt-string is the string that will be used as salt (remember that if
-the salt is appended/prepended, the empty salt "" is the same thing as
-no salt at all).
-
-Common types of salting include
-
-@itemize @bullet
-@item @code{v4} (or @code{des:pw-salt:})
-
-The Kerberos 4 salting is using no salt at all. Reason there is colon
-at the end of the salt string is that it makes the salt the empty
-string (same as no salt).
-
-@item @code{v5} (or @code{pw-salt})
-
-@code{pw-salt} uses the default salt for each encryption type is
-specified for. If the encryption type @samp{etype} isn't given, all
-default encryption will be used.
-
-@item @code{afs3-salt}
-
-@code{afs3-salt} is the salt that is used with Transarc kaserver. It's
-the cell name appended to the password.
-
-@end itemize
-
-@node Cross realm, Transit policy, Encryption types and salting, Setting up a realm
-@section Cross realm
-@cindex Cross realm
-
-Suppose you reside in the realm @samp{MY.REALM}, how do you
-authenticate to a server in @samp{OTHER.REALM}? Having valid tickets in
-@samp{MY.REALM} allows you to communicate with Kerberised services in that
-realm. However, the computer in the other realm does not have a secret
-key shared with the Kerberos server in your realm.
-
-It is possible to share keys between two realms that trust each
-other. When a client program, such as @command{telnet} or @command{ssh},
-finds that the other computer is in a different realm, it will try to
-get a ticket granting ticket for that other realm, but from the local
-Kerberos server. With that ticket granting ticket, it will then obtain
-service tickets from the Kerberos server in the other realm.
-
-For a two way trust between @samp{MY.REALM} and @samp{OTHER.REALM}
-add the following principals to each realm. The principals should be
-@samp{krbtgt/OTHER.REALM@@MY.REALM} and
-@samp{krbtgt/MY.REALM@@OTHER.REALM} in @samp{MY.REALM}, and
-@samp{krbtgt/MY.REALM@@OTHER.REALM} and
-@samp{krbtgt/OTHER.REALM@@MY.REALM}in @samp{OTHER.REALM}.
-
-In Kerberos 5 the trust can be configured to be one way. So that
-users from @samp{MY.REALM} can authenticate to services in
-@samp{OTHER.REALM}, but not the opposite. In the example above, the
-@samp{krbtgt/MY.REALM@@OTHER.REALM} then should be removed.
-
-The two principals must have the same key, key version number, and the
-same set of encryption types. Remember to transfer the two keys in a
-safe manner.
-
-@example
-vr$ klist
-Credentials cache: FILE:/tmp/krb5cc_913.console
-        Principal: lha@@E.KTH.SE
-
-  Issued           Expires          Principal
-May  3 13:55:52  May  3 23:55:54  krbtgt/E.KTH.SE@@E.KTH.SE
-
-vr$ telnet -l lha hummel.it.su.se
-Trying 2001:6b0:5:1095:250:fcff:fe24:dbf...
-Connected to hummel.it.su.se.
-Escape character is '^]'.
-Waiting for encryption to be negotiated...
-[ Trying mutual KERBEROS5 (host/hummel.it.su.se@@SU.SE)... ]
-[ Kerberos V5 accepts you as ``lha@@E.KTH.SE'' ]
-Encryption negotiated.
-Last login: Sat May  3 14:11:47 from vr.l.nxs.se
-hummel$ exit
-
-vr$ klist
-Credentials cache: FILE:/tmp/krb5cc_913.console
-        Principal: lha@@E.KTH.SE
-
-  Issued           Expires          Principal
-May  3 13:55:52  May  3 23:55:54  krbtgt/E.KTH.SE@@E.KTH.SE
-May  3 13:55:56  May  3 23:55:54  krbtgt/SU.SE@@E.KTH.SE
-May  3 14:10:54  May  3 23:55:54  host/hummel.it.su.se@@SU.SE
-
-@end example
-
-@node Transit policy, Setting up DNS, Cross realm, Setting up a realm
-@section Transit policy
-@cindex Transit policy
-
-If you want to use cross realm authentication through an intermediate
-realm, it must be explicitly allowed by either the KDCs or the server
-receiving the request. This is done in @file{krb5.conf} in the
-@code{[capaths]} section.
-
-When the ticket transits through a realm to another realm, the
-destination realm adds its peer to the "transited-realms" field in the
-ticket. The field is unordered, since there is no way to know if
-know if one of the transited-realms changed the order of the list.
-
-The syntax for @code{[capaths]} section:
-
-@example
-[capaths]
-        CLIENT-REALM = @{
-                SERVER-REALM = PERMITTED-CROSS-REALMS ...
-        @}
-@end example
-
-The realm @code{STACKEN.KTH.SE} allows clients from @code{SU.SE} and
-@code{DSV.SU.SE} to cross it. Since @code{STACKEN.KTH.SE} only has
-direct cross realm setup with @code{KTH.SE}, and @code{DSV.SU.SE} only
-has direct cross realm setup with @code{SU.SE} they need to use both
-@code{SU.SE} and @code{KTH.SE} as transit realms.
-
-@example
-[capaths]
-	SU.SE = @{
-                    STACKEN.KTH.SE = KTH.SE
-	@}
-	DSV.SU.SE = @{
-                    STACKEN.KTH.SE = SU.SE KTH.SE
-	@}
-
-@end example
-
-The order of the @code{PERMITTED-CROSS-REALMS} is not important when
-doing transit cross realm verification.
-
-However, the order is important when the @code{[capaths]} section is used
-to figure out the intermediate realm to go to when doing multi-realm
-transit. When figuring out the next realm, the first realm of the list
-of @code{PERMITTED-CROSS-REALMS} is chosen. This is done in both the
-client kerberos library and the KDC.
-
-@c To test the cross realm configuration, use:
-@c    kmumble transit-check client server transit-realms ...
-
-@node Setting up DNS, Using LDAP to store the database, Transit policy, Setting up a realm
-@section Setting up DNS
-@cindex Setting up DNS
-
-@subsection Using DNS to find KDC
-
-If there is information about where to find the KDC or kadmind for a
-realm in the @file{krb5.conf} for a realm, that information will be
-preferred, and DNS will not be queried.
-
-Heimdal will try to use DNS to find the KDCs for a realm. First it
-will try to find a @code{SRV} resource record (RR) for the realm. If no
-SRV RRs are found, it will fall back to looking for an @code{A} RR for
-a machine named kerberos.REALM, and then kerberos-1.REALM, etc
-
-Adding this information to DNS minimises the client configuration (in
-the common case, resulting in no configuration needed) and allows the
-system administrator to change the number of KDCs and on what machines
-they are running without caring about clients.
-
-The downside of using DNS is that the client might be fooled to use the
-wrong server if someone fakes DNS replies/data, but storing the IP
-addresses of the KDC on all the clients makes it very hard to change
-the infrastructure.
-
-An example of the configuration for the realm @code{EXAMPLE.COM}:
-
-@example
-
-$ORIGIN example.com.
-_kerberos._tcp          SRV     10 1 88 kerberos.example.com.
-_kerberos._udp          SRV     10 1 88 kerberos.example.com.
-_kerberos._tcp          SRV     10 1 88 kerberos-1.example.com.
-_kerberos._udp          SRV     10 1 88 kerberos-1.example.com.
-_kpasswd._udp           SRV     10 1 464 kerberos.example.com.
-_kerberos-adm._tcp	SRV	10 1 749 kerberos.example.com.
-
-@end example
-
-More information about DNS SRV resource records can be found in
-RFC-2782 (A DNS RR for specifying the location of services (DNS SRV)).
-
-@subsection Using DNS to map hostname to Kerberos realm
-
-Heimdal also supports a way to lookup a realm from a hostname. This to
-minimise configuration needed on clients. Using this has the drawback
-that clients can be redirected by an attacker to realms within the
-same cross realm trust and made to believe they are talking to the
-right server (since Kerberos authentication will succeed).
-
-An example configuration that informs clients that for the realms
-it.example.com and srv.example.com, they should use the realm
-EXAMPLE.COM:
-
-@example
-
-$ORIGIN example.com.
-_kerberos.it		TXT     "EXAMPLE.COM"
-_kerberos.srv		TXT     "EXAMPLE.COM"
-
-@end example
-
-@node Using LDAP to store the database, Providing Kerberos credentials to servers and programs, Setting up DNS, Setting up a realm
-@section Using LDAP to store the database
-@cindex Using the LDAP backend
-
-This document describes how to install the LDAP backend for
-Heimdal. Note that before attempting to configure such an
-installation, you should be aware of the implications of storing
-private information (such as users' keys) in a directory service
-primarily designed for public information. Nonetheless, with a
-suitable authorisation policy, it is possible to set this up in a
-secure fashion. A knowledge of LDAP, Kerberos, and C is necessary to
-install this backend. The HDB schema was devised by Leif Johansson.
-
-Requirements:
-
-@itemize @bullet
-
-@item
-A current release of Heimdal, configured with
-@code{--with-openldap=/usr/local} (adjust according to where you have
-installed OpenLDAP).
-
-You can verify that you manage to configure LDAP support by running
-@file{kdc --builtin-hdb}, and checking that @samp{ldap:} is one entry
-in the list.
-
-Its also possible to configure the ldap backend as a shared module,
-see option --hdb-openldap-module to configure.
-
-@item
-OpenLDAP 2.0.x. Configure OpenLDAP with @kbd{--enable-local} to enable the
-local transport. (A patch to support SASL EXTERNAL authentication is
-necessary in order to use OpenLDAP 2.1.x.)
-
-@item
-Add the hdb schema to the LDAP server, it's included in the source-tree
-in @file{lib/hdb/hdb.schema}. Example from slapd.conf:
-
-@example
-include /usr/local/etc/openldap/schema/hdb.schema
-@end example
-
-@item
-Configure the LDAP server ACLs to accept writes from clients over the
-local transport. For example:
-
-@example
-access to *
-        by dn.exact="uid=heimdal,dc=services,dc=example,dc=com" write
-        ...
-
-sasl-regexp "uidNumber=0\\\+gidNumber=.*,cn=peercred,cn=external,cn=auth"
-	"uid=heimdal,dc=services,dc=example,dc=com"
-
-@end example
-
-The sasl-regexp is for mapping between the SASL/EXTERNAL and a user in
-a tree.  The user that the key is mapped to should be have a
-krb5Principal aux object with krb5PrincipalName set so that the
-``creator'' and ``modifier'' is right in @file{kadmin}.
-
-Another option is to create an admins group and add the dn to that
-group.
-
-Since Heimdal talks to the LDAP server over a UNIX domain socket, and
-uses external sasl authentication, it's not possible to require
-security layer quality (ssf in cyrus-sasl lingo). So that requirement
-has to be turned off in OpenLDAP @command{slapd} configuration file
-@file{slapd.conf}.
-
-@example
-sasl-secprops minssf=0
-@end example
-
-@item
-
-Start @command{slapd} with the local listener (as well as the default TCP/IP
-listener on port 389) as follows:
-
-@example
-    slapd -h "ldapi:/// ldap:///"
-@end example
-
-Note: These is a bug in @command{slapd} where it appears to corrupt the krb5Key
-binary attribute on shutdown. This may be related to our use of the V3
-schema definition syntax instead of the old UMich-style, V2 syntax.
-
-@item
-You should specify the distinguished name under which your
-principals will be stored in @file{krb5.conf}. Also you need to
-enter the path to the kadmin acl file:
-
-
-@example
-[kdc]
-        database = @{
-                dbname = ldap:ou=KerberosPrincipals,dc=example,dc=com
-                hdb-ldap-structural-object = inetOrgPerson
-                acl_file = /path/to/kadmind.acl
-                mkey_file = /path/to/mkey
-        @}
-@end example
-
-@samp{mkey_file} can be excluded if you feel that you trust your ldap
-directory to have the raw keys inside it.  The
-hdb-ldap-structural-object is not necessary if you do not need Samba
-comatibility.
-
-
-
-@item
-Once you have built Heimdal and started the LDAP server, run kadmin
-(as usual) to initialise the database. Note that the instructions for
-stashing a master key are as per any Heimdal installation.
-
-@example
-kdc# kadmin -l
-kadmin> init EXAMPLE.COM
-Realm max ticket life [unlimited]:
-Realm max renewable ticket life [unlimited]:
-kadmin> ank lukeh
-Max ticket life [1 day]:
-Max renewable life [1 week]:
-Principal expiration time [never]:
-Password expiration time [never]:
-Attributes []:
-lukeh@@EXAMPLE.COM's Password:
-Verifying password - lukeh@@EXAMPLE.COM's Password:
-kadmin> exit
-@end example
-
-Verify that the principal database has indeed been stored in the
-directory with the following command:
-
-@example
-kdc# ldapsearch -L -h localhost -D cn=manager \
- -w secret -b ou=KerberosPrincipals,dc=example,dc=com \
- 'objectclass=krb5KDCEntry'
-@end example
-
-@item
-Now consider adding indexes to the database to speed up the access, at
-least theses should be added to slapd.conf.
-
-@example
-index	objectClass		eq
-index	cn			eq,sub,pres
-index	uid			eq,sub,pres
-index	displayName		eq,sub,pres
-index	krb5PrincipalName	eq
-@end example
-
-@end itemize
-
-@subsection Troubleshooting guide
-
-@url{https://sec.miljovern.no/bin/view/Info/TroubleshootingGuide}
-
-
-@subsection Using Samba LDAP password database
-@cindex Samba
-
-@c @node Using Samba LDAP password database, Providing Kerberos credentials to servers and programs, Using LDAP to store the database, Setting up a realm
-@c @section Using Samba LDAP password database
-
-The Samba domain and the Kerberos realm can have different names since
-arcfour's string to key functions principal/realm independent.  So now
-will be your first and only chance name your Kerberos realm without
-needing to deal with old configuration files.
-
-First, you should set up Samba and get that working with LDAP backend.
-
-Now you can proceed as in @xref{Using LDAP to store the database}.
-Heimdal will pick up the Samba LDAP entries if they are in the same
-search space as the Kerberos entries.
-
-@node Providing Kerberos credentials to servers and programs, Setting up PK-INIT, Using LDAP to store the database, Setting up a realm
-@section Providing Kerberos credentials to servers and programs
-
-Some services require Kerberos credentials when they start to make
-connections to other services or need to use them when they have started.
-
-The easiest way to get tickets for a service is to store the key in a
-keytab. Both ktutil get and kadmin ext can be used to get a
-keytab. ktutil get is better in that way it changes the key/password
-for the user. This is also the problem with ktutil. If ktutil is used
-for the same service principal on several hosts, they keytab will only
-be useful on the last host. In that case, run the extract command on
-one host and then securely copy the keytab around to all other hosts
-that need it.
-
-@example
-host# ktutil -k /etc/krb5-service.keytab \
-      get -p lha/admin@@EXAMPLE.ORG service-principal@@EXAMPLE.ORG
-lha/admin@@EXAMPLE.ORG's Password:
-@end example
-
-To get a Kerberos credential file for the service, use kinit in the
-@kbd{--keytab} mode. This will not ask for a password but instead fetch the
-key from the keytab.
-
-@example
-service@@host$ kinit --cache=/var/run/service_krb5_cache \
-               --keytab=/etc/krb5-service.keytab \
-       service-principal@@EXAMPLE.ORG
-@end example
-
-Long running services might need credentials longer then the
-expiration time of the tickets. kinit can run in a mode that refreshes
-the tickets before they expire. This is useful for services that write
-into AFS and other distributed file systems using Kerberos. To run the
-long running script, just append the program and arguments (if any)
-after the principal. kinit will stop refreshing credentials and remove
-the credentials when the script-to-start-service exits.
-
-@example
-service@@host$ kinit --cache=/var/run/service_krb5_cache \
-       --keytab=/etc/krb5-service.keytab \
-       service-principal@@EXAMPLE.ORG \
-       script-to-start-service argument1 argument2
-@end example
-
-
-@node Setting up PK-INIT, , Providing Kerberos credentials to servers and programs, Setting up a realm
-@section Setting up PK-INIT
-
-PK-INIT is levering the existing PKI infrastructure to use
-certificates to get the initial ticket, that is usually the krbtgt.
-
-To use PK-INIT you must first have a PKI, so if you don't have one,
-it is time to create it. Note that you should read the whole chapter
-of the document to see the requirements on the CA software.
-
-There needs to exist a mapping between the certificate and what
-principals that certificate is allowed to use. There are several ways
-to do this. The administrator can use a configuration file, storing
-the principal in the SubjectAltName extension of the certificate, or store the
-mapping in the principals entry in the kerberos database.
-
-@section Certificates
-
-This section documents the requirements on the KDC and client
-certificates and the format used in the id-pkinit-san OtherName
-extention.
-
-@subsection KDC certificate
-
-The certificate for the KDC have serveral requirements.
-
-First the certificate should have an Extended Key Usage (EKU)
-id-pkkdcekuoid (1.3.6.1.5.2.3.5) set. Second there must be a
-subjectAltName otherName using oid id-pkinit-san (1.3.6.1.5.2.2) in
-the type field and a DER encoded KRB5PrincipalName that matches the
-name of the TGS of the target realm.
-
-Both of these two requirements are not required by the standard to be
-checked by the client if it have external information what the
-certificate the KDC is supposed to be used. So it's in the interest of
-minimum amount of configuration on the clients they should be included.
-
-Remember that if the client would accept any certificate as the KDC's
-certificate, the client could be fooled into trusting something that
-isn't a KDC and thus expose the user to giving away information (like
-password or other private information) that it is supposed to secret.
-
-Also, if the certificate has a nameConstraints extention with a
-Generalname with dNSName or iPAdress it must match the hostname or
-adress of the KDC.
-
-@subsection Client certificate
-
-The client certificate may need to have a EKU id-pkekuoid
-(1.3.6.1.5.2.3.4) set depending on the certifiate on the KDC.
-
-It possible to store the principal (if allowed by the KDC) in the
-certificate and thus delegate responsibility to do the mapping between
-certificates and principals to the CA.
-
-@subsubsection Using KRB5PrincipalName in id-pkinit-san
-
-OtherName extention in the GeneralName is used to do the
-mapping between certifiate and principal in the certifiate or storing
-the krbtgt principal in the KDC certificate.
-
-The principal is stored in a SubjectAltName in the certificate using
-OtherName. The oid in the type is id-pkinit-san.
-
-@example
-id-pkinit-san OBJECT IDENTIFIER ::= @{ iso (1) org (3) dod (6)
-internet (1) security (5) kerberosv5 (2) 2 @}
-@end example
-
-The data part of the OtherName is filled with the following DER
-encoded ASN.1 structure:
-
-@example
-KRB5PrincipalName ::= SEQUENCE @{
-	realm [0] Realm,
-	principalName [1] PrincipalName
-@}
-@end example
-
-where Realm and PrincipalName is defined by the Kerberos ASN.1 specification.
-
-@section Naming certificate using hx509
-
-hx509 is the X.509 software used in Heimdal to handle
-certificates. hx509 uses different syntaxes to specify the different
-formats the certificates are stored in and what formats they exist in.
-
-There are several formats that can be used, PEM, embedded into PKCS12
-files, embedded into PKCS11 devices and raw DER encoded certificates.
-Below is a list of types to use.
-
-
-@table @asis
-
-@item DIR:
-
-DIR is reading all certificates in a directory that is DER or PEM
-formatted.
-
-The main feature of DIR is that the directory is read on demand when
-iterating over certificates, that way applictions can for some cases
-avoid to store all certificates in memory. It's very useful for tests
-that iterate over larger amount of certificates.
-
-Syntax is:
-
-@example
-DIR:/path/to/der/files
-@end example
-
-@item FILE:
-
-FILE: is used to have the lib pick up a certificate chain and a
-private key. The file can be either a PEM (openssl) file or a raw DER
-encoded certificate. If it's a PEM file it can contain several keys and
-certificates and the code will try to match the private key and
-certificate together.
-
-Its useful to have one PEM file that contains all the trust anchors.
-
-Syntax is:
-
-@example
-FILE:certificate.pem,private-key.key,other-cert.pem,....
-@end example
-
-@item PKCS11:
-
-PKCS11: is used to handle smartcards via PKCS11 drivers, for example
-soft-token, opensc, or muscle. The default is to use all slots on the
-device/token.
-
-Syntax is:
-
-@example
-PKCS11:shared-object.so
-@end example
-
-@item PKCS12:
-
-PKCS12: is used to handle PKCS12 files. PKCS12 files commonly have the
-extension pfx or p12.
-
-Syntax is:
-
-@example
-PKCS12:/path/to/file.pfx
-@end example
-
-@end table
-
-@section Configure the Kerberos software
-
-First configure the client's trust anchors and what parameters to
-verify, see subsection below how to do that. Now you can use kinit to
-get yourself tickets. One example how that can look like is:
-
-@example
-$ kinit -C FILE:$HOME/.certs/lha.crt,$HOME/.certs/lha.key lha@@EXAMPLE.ORG
-Enter your private key passphrase:
-: lha@@nutcracker ; klist
-Credentials cache: FILE:/tmp/krb5cc_19100a
-        Principal: lha@@EXAMPLE.ORG
-
-  Issued           Expires          Principal
-Apr 20 02:08:08  Apr 20 12:08:08  krbtgt/EXAMPLE.ORG@@EXAMPLE.ORG
-@end example
-
-Using PKCS11 it can look like this instead:
-
-@example
-$ kinit -C PKCS11:/tmp/pkcs11/lib/soft-pkcs11.so lha@@EXAMPLE.ORG
-PIN code for SoftToken (slot):
-$ klist
-Credentials cache: API:4
-        Principal: lha@@EXAMPLE.ORG
-
-  Issued           Expires          Principal
-Mar 26 23:40:10  Mar 27 09:40:10  krbtgt/EXAMPLE.ORG@@EXAMPLE.ORG
-@end example
-
-
-Write about the kdc.
-
-@section Configure the client
-
-@example
-[appdefaults]
-	pkinit_anchors = FILE:/path/to/trust-anchors.pem
-
-[realms]
-        EXAMPLE.COM = @{
-		pkinit_require_eku = true
-		pkinit_require_krbtgt_otherName = true
-		pkinit_win2k = no
-		pkinit_win2k_require_binding = yes
-	@}
-
-@end example
-
-@section Configure the KDC
-
-@example
-[kdc]
-	enable-pkinit = yes
-	pkinit_identity = FILE:/secure/kdc.crt,/secure/kdc.key
-	pkinit_anchors = FILE:/path/to/trust-anchors.pem
-	pkinit_pool = PKCS12:/path/to/useful-intermediate-certs.pfx
-	pkinit_pool = FILE:/path/to/other-useful-intermediate-certs.pem
-	pkinit_allow_proxy_certificate = false
-	pkinit_win2k_require_binding = yes
-@end example
-
-@subsection Using pki-mapping file
-
-Note that the file name is space sensitive.
-
-@example
-# cat /var/heimdal/pki-mapping
-# comments starts with #
-lha@@EXAMPLE.ORG:C=SE,O=Stockholm universitet,CN=Love,UID=lha
-lha@@EXAMPLE.ORG:CN=Love,UID=lha
-@end example
-
-@subsection Using the Kerberos database
-
-@section Use hxtool to create certificates
-
-@subsection Generate certificates
-
-First you need to generate a CA certificate, change the --subject to
-something appropriate, the CA certificate will be valid for 10 years.
-
-You need to change --subject in the command below.
-
-@example
-hxtool issue-certificate \
-    --self-signed \
-    --issue-ca \
-    --generate-key=rsa \
-    --subject="CN=CA,DC=test,DC=h5l,DC=se" \
-    --lifetime=10years \
-    --certificate="FILE:ca.pem"
-@end example
-
-The KDC needs to have a certificate, so generate a certificate of the
-type ``pkinit-kdc'' and set the PK-INIT specifial SubjectAltName to the
-name of the krbtgt of the realm.
-
-You need to change --subject and --pk-init-principal in the command below.
-
-@example
-hxtool issue-certificate \
-    --ca-certificate=FILE:ca.pem \
-    --generate-key=rsa \
-    --type="pkinit-kdc" \
-    --pk-init-principal="krbtgt/TEST.H5L.SE@@TEST.H5L.SE" \
-    --subject="uid=kdc,DC=test,DC=h5l,DC=se" \
-    --certificate="FILE:kdc.pem"
-@end example
-
-The users also needs to have a certificate, so generate a certificate
-of the type ``pkinit-client''. The client doesn't need to have the PK-INIT
-SubjectAltName set, you can have the Subject DN in the ACL file
-(pki-mapping) instead.
-
-You need to change --subject and --pk-init-principal in the command below.
-
-@example
-hxtool issue-certificate \
-    --ca-certificate=FILE:ca.pem \
-    --generate-key=rsa \
-    --type="pkinit-client" \
-    --pk-init-principal="lha@@TEST.H5L.SE" \
-    --subject="uid=lha,DC=test,DC=h5l,DC=se" \
-    --certificate="FILE:user.pem"
-@end example
-
-@subsection Validate the certificate
-
-hxtool also contains a tool that will validate certificates according to
-rules from the PKIX document. These checks are not complete, but a good test
-to check if you got all of the basic bits right in your certificates.
-
-@example
-hxtool validate FILE:user.pem
-@end example
-
-@section Use OpenSSL to create certificates
-
-This section tries to give the CA owners hints how to create
-certificates using OpenSSL (or CA software based on OpenSSL).
-
-@subsection Using OpenSSL to create certificates with krb5PrincipalName
-
-To make OpenSSL create certificates with krb5PrincipalName use
-@file{openssl.cnf} as described below. To see a complete example of
-creating client and KDC certificates, see the test-data generation
-script @file{lib/hx509/data/gen-req.sh} in the source-tree. The
-certicates it creates are used to test the PK-INIT functionality in
-@file{tests/kdc/check-kdc.in}.
-
-To use this example you have to use OpenSSL 0.9.8a or later.
-
-@example
-
-[user_certificate]
-subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:princ_name
-
-[princ_name]
-realm = EXP:0, GeneralString:MY.REALM
-principal_name = EXP:1, SEQUENCE:principal_seq
-
-[principal_seq]
-name_type = EXP:0, INTEGER:1
-name_string = EXP:1, SEQUENCE:principals
-
-[principals]
-princ1 = GeneralString:userid
-
-@end example
-
-Command usage
-
-@example
-openssl x509 -extensions user_certificate
-openssl ca -extensions user_certificate
-@end example
-
-
-@c --- ms certificate
-@c
-@c [ new_oids ]
-@c msCertificateTemplateName       = 1.3.6.1.4.1.311.20.2
-@c
-@c
-@c [ req_smartcard ]
-@c keyUsage                = digitalSignature, keyEncipherment
-@c extendedKeyUsage        = msSmartcardLogin, clientAuth
-@c msCertificateTemplateName       = ASN1:BMP:SmartcardLogon
-@c subjectAltName          = otherName:msUPN;UTF8:lukeh@dsg.padl.com
-@c #subjectAltName         = email:copy
-
-
-@section Using PK-INIT with Windows
-
-@subsection Client configration
-
-Clients using a Windows KDC with PK-INIT need configuration since
-windows uses pre-standard format and this can't be autodetected.
-
-The pkinit_win2k_require_binding option requires the reply for the KDC
-to be of the new, secure, type that binds the request to reply. Before
-clients should fake the reply from the KDC. To use this option you
-have to apply a fix from Microsoft.
-
-@example
-[realms]
-        MY.MS.REALM = @{
-                pkinit_win2k = yes
-                pkinit_win2k_require_binding = no
-	@}
-@end example
-
-@subsection Certificates
-
-The client certificates need to have the extended keyusage ``Microsoft
-Smartcardlogin'' (openssl have the oid shortname msSmartcardLogin).
-
-See Microsoft Knowledge Base Article - 281245 ``Guidelines for Enabling
-Smart Card Logon with Third-Party Certification Authorities'' for a
-more extensive description of how set setup an external CA to it
-includes all information that will make a Windows KDC happy.
-
-@subsection Configure Windows 2000 CA
-
-To enable Microsoft Smartcardlogin> for certificates in your Windows
-2000 CA, you want to look at Microsoft Knowledge Base Article -
-313274 ``HOW TO: Configure a Certification Authority to Issue
-Smart Card Certificates in Windows''.
diff --git a/crypto/heimdal/doc/vars.texi b/crypto/heimdal/doc/vars.texi
deleted file mode 100755
index c2e6671a68eb..000000000000
--- a/crypto/heimdal/doc/vars.texi
+++ /dev/null
@@ -1,7 +0,0 @@
-
-@c
-@c Variables depending on installation
-@c
-
-@set dbdir /var/heimdal
-@set PACKAGE_VERSION 1.1
diff --git a/crypto/heimdal/doc/vars.tin b/crypto/heimdal/doc/vars.tin
deleted file mode 100644
index d3e67b7d4893..000000000000
--- a/crypto/heimdal/doc/vars.tin
+++ /dev/null
@@ -1,7 +0,0 @@
-
-@c
-@c Variables depending on installation
-@c
-
-@set dbdir @dbdir@
-@set PACKAGE_VERSION @PACKAGE_VERSION@
diff --git a/crypto/heimdal/doc/whatis.texi b/crypto/heimdal/doc/whatis.texi
deleted file mode 100644
index 307c5a20877a..000000000000
--- a/crypto/heimdal/doc/whatis.texi
+++ /dev/null
@@ -1,161 +0,0 @@
-@c $Id: whatis.texi 16769 2006-02-27 12:26:50Z joda $
-
-@node What is Kerberos?, Building and Installing, Introduction, Top
-@chapter What is Kerberos?
-
-@quotation
-@flushleft
-        Now this Cerberus had three heads of dogs,
-        the tail of a dragon, and on his back the
-        heads of all sorts of snakes.
-        --- Pseudo-Apollodorus Library 2.5.12
-@end flushleft
-@end quotation
-
-Kerberos is a system for authenticating users and services on a network.
-It is built upon the assumption that the network is ``unsafe''.  For
-example, data sent over the network can be eavesdropped and altered, and
-addresses can also be faked.  Therefore they cannot be used for
-authentication purposes.
-@cindex authentication
-
-Kerberos is a trusted third-party service.  That means that there is a
-third party (the kerberos server) that is trusted by all the entities on
-the network (users and services, usually called @dfn{principals}).  All
-principals share a secret password (or key) with the kerberos server and
-this enables principals to verify that the messages from the kerberos
-server are authentic.  Thus trusting the kerberos server, users and
-services can authenticate each other.
-
-@section Basic mechanism
-
-@ifinfo
-@macro sub{arg}
-<\arg\>
-@end macro
-@end ifinfo
-
-@tex
-@def@xsub#1{$_{#1}$}
-@global@let@sub=@xsub
-@end tex
-
-@ifhtml
-@macro sub{arg}
-@html
-<sub>\arg\</sub>
-@end html
-@end macro
-@end ifhtml
-
-@c ifdocbook
-@c macro sub{arg}
-@c docbook
-@c <subscript>\arg\</subscript>
-@c end docbook
-@c end macro
-@c end ifdocbook
-
-@quotation
-@strong{Note} This discussion is about Kerberos version 4, but version
-5 works similarly.
-@end quotation
-
-In Kerberos, principals use @dfn{tickets} to prove that they are who
-they claim to be. In the following example, @var{A} is the initiator of
-the authentication exchange, usually a user, and @var{B} is the service
-that @var{A} wishes to use.
-
-To obtain a ticket for a specific service, @var{A} sends a ticket
-request to the kerberos server. The request contains @var{A}'s and
-@var{B}'s names (along with some other fields). The kerberos server
-checks that both @var{A} and @var{B} are valid principals.
-
-Having verified the validity of the principals, it creates a packet
-containing @var{A}'s and @var{B}'s names, @var{A}'s network address
-(@var{A@sub{addr}}), the current time (@var{t@sub{issue}}), the lifetime
-of the ticket (@var{life}), and a secret @dfn{session key}
-@cindex session key
-(@var{K@sub{AB}}). This packet is encrypted with @var{B}'s secret key
-(@var{K@sub{B}}).  The actual ticket (@var{T@sub{AB}}) looks like this:
-(@{@var{A}, @var{B}, @var{A@sub{addr}}, @var{t@sub{issue}}, @var{life},
-@var{K@sub{AB}}@}@var{K@sub{B}}).
-
-The reply to @var{A} consists of the ticket (@var{T@sub{AB}}), @var{B}'s
-name, the current time, the lifetime of the ticket, and the session key, all
-encrypted in @var{A}'s secret key (@{@var{B}, @var{t@sub{issue}},
-@var{life}, @var{K@sub{AB}}, @var{T@sub{AB}}@}@var{K@sub{A}}). @var{A}
-decrypts the reply and retains it for later use.
-
-@sp 1
-
-Before sending a message to @var{B}, @var{A} creates an authenticator
-consisting of @var{A}'s name, @var{A}'s address, the current time, and a
-``checksum'' chosen by @var{A}, all encrypted with the secret session
-key (@{@var{A}, @var{A@sub{addr}}, @var{t@sub{current}},
-@var{checksum}@}@var{K@sub{AB}}). This is sent together with the ticket
-received from the kerberos server to @var{B}.  Upon reception, @var{B}
-decrypts the ticket using @var{B}'s secret key.  Since the ticket
-contains the session key that the authenticator was encrypted with,
-@var{B} can now also decrypt the authenticator. To verify that @var{A}
-really is @var{A}, @var{B} now has to compare the contents of the ticket
-with that of the authenticator. If everything matches, @var{B} now
-considers @var{A} as properly authenticated.
-
-@c (here we should have some more explanations)
-
-@section Different attacks
-
-@subheading Impersonating A
-
-An impostor, @var{C} could steal the authenticator and the ticket as it
-is transmitted across the network, and use them to impersonate
-@var{A}. The address in the ticket and the authenticator was added to
-make it more difficult to perform this attack.  To succeed @var{C} will
-have to either use the same machine as @var{A} or fake the source
-addresses of the packets. By including the time stamp in the
-authenticator, @var{C} does not have much time in which to mount the
-attack.
-
-@subheading Impersonating B
-
-@var{C} can hijack @var{B}'s network address, and when @var{A} sends
-her credentials, @var{C} just pretend to verify them. @var{C} can't
-be sure that she is talking to @var{A}.
-
-@section Defence strategies
-
-It would be possible to add a @dfn{replay cache}
-@cindex replay cache
-to the server side.  The idea is to save the authenticators sent during
-the last few minutes, so that @var{B} can detect when someone is trying
-to retransmit an already used message. This is somewhat impractical
-(mostly regarding efficiency), and is not part of Kerberos 4; MIT
-Kerberos 5 contains it.
-
-To authenticate @var{B}, @var{A} might request that @var{B} sends
-something back that proves that @var{B} has access to the session
-key. An example of this is the checksum that @var{A} sent as part of the
-authenticator. One typical procedure is to add one to the checksum,
-encrypt it with the session key and send it back to @var{A}.  This is
-called @dfn{mutual authentication}.
-
-The session key can also be used to add cryptographic checksums to the
-messages sent between @var{A} and @var{B} (known as @dfn{message
-integrity}).  Encryption can also be added (@dfn{message
-confidentiality}). This is probably the best approach in all cases.
-@cindex integrity
-@cindex confidentiality
-
-@section Further reading
-
-The original paper on Kerberos from 1988 is @cite{Kerberos: An
-Authentication Service for Open Network Systems}, by Jennifer Steiner,
-Clifford Neuman and Jeffrey I. Schiller.
-
-A less technical description can be found in @cite{Designing an
-Authentication System: a Dialogue in Four Scenes} by Bill Bryant, also
-from 1988.
-
-These documents can be found on our web-page at
-@url{http://www.pdc.kth.se/kth-krb/}.
diff --git a/crypto/heimdal/doc/win2k.texi b/crypto/heimdal/doc/win2k.texi
deleted file mode 100644
index 7bc9b2a30b81..000000000000
--- a/crypto/heimdal/doc/win2k.texi
+++ /dev/null
@@ -1,306 +0,0 @@
-@c $Id: win2k.texi 21991 2007-10-19 13:28:07Z lha $
-
-@node Windows 2000 compatability, Programming with Kerberos, Kerberos 4 issues, Top
-@comment  node-name,  next,  previous,  up
-@chapter Windows 2000 compatability
-
-Windows 2000 (formerly known as Windows NT 5) from Microsoft implements
-Kerberos 5.  Their implementation, however, has some quirks,
-peculiarities, and bugs.  This chapter is a short summary of the things
-that we have found out while trying to test Heimdal against Windows
-2000.  Another big problem with the Kerberos implementation in Windows
-2000 is that the available documentation is more focused on getting
-things to work rather than how they work, and not that useful in figuring
-out how things really work.
-
-This information should apply to Heimdal @value{VERSION} and Windows
-2000 Professional.  It's of course subject to change all the time and
-mostly consists of our not so inspired guesses.  Hopefully it's still
-somewhat useful.
-
-@menu
-* Configuring Windows 2000 to use a Heimdal KDC::  
-* Inter-Realm keys (trust) between Windows 2000 and a Heimdal KDC::  
-* Create account mappings::     
-* Encryption types::            
-* Authorisation data::          
-* Quirks of Windows 2000 KDC::  
-* Useful links when reading about the Windows 2000::  
-@end menu
-
-@node Configuring Windows 2000 to use a Heimdal KDC, Inter-Realm keys (trust) between Windows 2000 and a Heimdal KDC, Windows 2000 compatability, Windows 2000 compatability
-@comment node-name, next, precious, up
-@section Configuring Windows 2000 to use a Heimdal KDC
-
-You need the command line program called @command{ksetup.exe} which is available
-in the file @file{SUPPORT/TOOLS/SUPPORT.CAB} on the Windows 2000 Professional
-CD-ROM. This program is used to configure the Kerberos settings on a
-Workstation.
-
-@command{Ksetup} store the domain information under the registry key:
-@code{HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\Kerberos\Domains}.
-
-Use the @command{kadmin} program in Heimdal to create a host principal in the
-Kerberos realm.
-
-@example
-unix% kadmin
-kadmin> ank --password=password host/datan.example.com
-@end example
-
-The name @samp{datan.example.com} should be replaced with DNS name of
-the workstation.
-
-You must configure the workstation as a member of a workgroup, as opposed
-to a member in an NT domain, and specify the KDC server of the realm
-as follows:
-@example
-C:> ksetup /setdomain EXAMPLE.COM
-C:> ksetup /addkdc EXAMPLE.COM kdc.example.com
-@end example
-
-Set the machine password, i.e.@: create the local keytab:
-@example
-C:> ksetup /SetComputerPassword password
-@end example
-
-The password used in @kbd{ksetup /setmachpassword} must be the same
-as the password used in the @kbd{kadmin ank} command.
-
-The workstation must now be rebooted.
-
-A mapping between local NT users and Kerberos principals must be specified.
-You have two choices. First:
-
-@example
-C:> ksetup /mapuser user@@MY.REALM nt_user
-@end example
-
-This will map a user to a specific principal; this allows you to have
-other usernames in the realm than in your NT user database. (Don't ask
-me why on earth you would want that@enddots{})
-
-You can also say:
-@example
-C:> ksetup /mapuser * *
-@end example
-The Windows machine will now map any user to the corresponding principal,
-for example @samp{nisse} to the principal @samp{nisse@@MY.REALM}.
-(This is most likely what you want.)
-
-@node Inter-Realm keys (trust) between Windows 2000 and a Heimdal KDC, Create account mappings, Configuring Windows 2000 to use a Heimdal KDC, Windows 2000 compatability
-@comment node-name, next, precious, up
-@section Inter-Realm keys (trust) between Windows 2000 and a Heimdal KDC
-
-See also the Step-by-Step guide from Microsoft, referenced below.
-
-Install Windows 2000, and create a new controller (Active Directory
-Server) for the domain.
-
-By default the trust will be non-transitive. This means that only users
-directly from the trusted domain may authenticate. This can be changed
-to transitive by using the @command{netdom.exe} tool. @command{netdom.exe} 
-can also be used to add the trust between two realms.
-
-You need to tell Windows 2000 on what hosts to find the KDCs for the
-non-Windows realm with @command{ksetup}, see @xref{Configuring Windows 2000
-to use a Heimdal KDC}.
-
-This needs to be done on all computers that want enable cross-realm
-login with @code{Mapped Names}. @c XXX probably shouldn't be @code
-
-Then you need to add the inter-realm keys on the Windows KDC@. Start the
-Domain Tree Management tool (found in Programs, Administrative tools,
-Active Directory Domains and Trusts).
-
-Right click on Properties of your domain, select the Trust tab.  Press
-Add on the appropriate trust windows and enter domain name and
-password. When prompted if this is a non-Windows Kerberos realm, press
-OK.
-
-Do not forget to add trusts in both directions (if that's what you want).
-
-If you want to use @command{netdom.exe} instead of the Domain Tree
-Management tool, you do it like this:
-
-@example
-netdom trust NT.REALM.EXAMPLE.COM /Domain:EXAMPLE.COM /add /realm /passwordt:TrustPassword
-@end example
-
-You also need to add the inter-realm keys to the Heimdal KDC. Make sure
-you have matching encryption types (DES, Arcfour and AES in case of Longhorn)
-
-Another issue is salting.  Since Windows 2000 does not seem to
-understand Kerberos 4 salted hashes you might need to turn off anything
-similar to the following if you have it, at least while adding the
-principals that are going to share keys with Windows 2000.
-
-@example
-[kadmin]
-        default_keys = v5 v4
-@end example
-
-So remove v4 from default keys.
-
-What you probably want to use is this:
-
-@example
-[kadmin]
-        default_keys = des-cbc-crc:pw-salt arcfour-hmac-md5:pw-salt
-@end example
-
-@c XXX check this
-@c It is definitely not supported in base 2003.  I haven't been able to
-@c get SP1 installed here, but it is supposed to work in that.
-
-Once that is also done, you can add the required inter-realm keys:
-
-@example
-kadmin add krbtgt/NT.REALM.EXAMPLE.COM@@EXAMPLE.COM
-kadmin add krbtgt/REALM.EXAMPLE.COM@@NT.EXAMPLE.COM
-@end example
-
-Use the same passwords for both keys.
-
-Do not forget to reboot before trying the new realm-trust (after
-running @command{ksetup}). It looks like it might work, but packets are
-never sent to the non-Windows KDC.
-
-@node Create account mappings, Encryption types, Inter-Realm keys (trust) between Windows 2000 and a Heimdal KDC, Windows 2000 compatability
-@comment node-name, next, precious, up
-@section Create account mappings
-
-Start the @code{Active Directory Users and Computers} tool. Select the
-View menu, that is in the left corner just below the real menu (or press
-Alt-V), and select Advanced Features. Right click on the user that you
-are going to do a name mapping for and choose Name mapping.
-
-Click on the Kerberos Names tab and add a new principal from the
-non-Windows domain.
-
-@c XXX check entry name then I have network again
-This adds @samp{authorizationNames} entry to the users LDAP entry to
-the Active Directory LDAP catalog. When you create users by script you
-can add this entry instead.
-
-@node Encryption types, Authorisation data, Create account mappings, Windows 2000 compatability
-@comment  node-name,  next,  previous,  up
-@section Encryption types
-
-Windows 2000 supports both the standard DES encryptions (@samp{des-cbc-crc} and
-@samp{des-cbc-md5}) and its own proprietary encryption that is based on MD4 and
-RC4 that is documented in and is supposed to be described in
-@file{draft-brezak-win2k-krb-rc4-hmac-03.txt}.  New users will get both
-MD4 and DES keys.  Users that are converted from a NT4 database, will
-only have MD4 passwords and will need a password change to get a DES
-key.
-
-@node Authorisation data, Quirks of Windows 2000 KDC, Encryption types, Windows 2000 compatability
-@comment  node-name,  next,  previous,  up
-@section Authorisation data
-
-The Windows 2000 KDC also adds extra authorisation data in tickets.
-It is at this point unclear what triggers it to do this.  The format of
-this data is only available under a ``secret'' license from Microsoft,
-which prohibits you implementing it.
-
-A simple way of getting hold of the data to be able to understand it
-better is described here.
-
-@enumerate
-@item Find the client example on using the SSPI in the SDK documentation.
-@item Change ``AuthSamp'' in the source code to lowercase.
-@item Build the program.
-@item Add the ``authsamp'' principal with a known password to the
-database.  Make sure it has a DES key.
-@item Run @kbd{ktutil add} to add the key for that principal to a
-keytab.
-@item Run @kbd{appl/test/nt_gss_server -p 2000 -s authsamp
-@kbd{--dump-auth}=@var{file}} where @var{file} is an appropriate file.
-@item It should authenticate and dump for you the authorisation data in
-the file.
-@item The tool @kbd{lib/asn1/asn1_print} is somewhat useful for
-analysing the data.
-@end enumerate
-
-@node Quirks of Windows 2000 KDC, Useful links when reading about the Windows 2000, Authorisation data, Windows 2000 compatability
-@comment  node-name,  next,  previous,  up
-@section Quirks of Windows 2000 KDC
-
-There are some issues with salts and Windows 2000.  Using an empty salt---which is the only one that Kerberos 4 supported, and is therefore known
-as a Kerberos 4 compatible salt---does not work, as far as we can tell
-from out experiments and users' reports.  Therefore, you have to make
-sure you keep around keys with all the different types of salts that are
-required.  Microsoft have fixed this issue post Windows 2003.
-
-Microsoft seems also to have forgotten to implement the checksum
-algorithms @samp{rsa-md4-des} and @samp{rsa-md5-des}. This can make Name
-mapping (@pxref{Create account mappings}) fail if a @samp{des-cbc-md5} key
-is used. To make the KDC return only @samp{des-cbc-crc} you must delete
-the @samp{des-cbc-md5} key from the kdc using the @kbd{kadmin
-del_enctype} command.
-
-@example
-kadmin del_enctype lha des-cbc-md5
-@end example
-
-You should also add the following entries to the @file{krb5.conf} file:
-
-@example
-[libdefaults]
-	default_etypes = des-cbc-crc
-	default_etypes_des = des-cbc-crc
-@end example
-
-These configuration options will make sure that no checksums of the
-unsupported types are generated.
-
-@node Useful links when reading about the Windows 2000,  , Quirks of Windows 2000 KDC, Windows 2000 compatability
-@comment  node-name,  next,  previous,  up
-@section Useful links when reading about the Windows 2000
-
-See also our paper presented at the 2001 Usenix Annual Technical
-Conference, available in the proceedings or at
-@uref{http://www.usenix.org/publications/library/proceedings/usenix01/freenix01/westerlund.html}.
-
-There are lots of texts about Kerberos on Microsoft's web site, here is a
-short list of the interesting documents that we have managed to find.
-
-@itemize @bullet
-
-@item Step-by-Step Guide to Kerberos 5 (krb5 1.0) Interoperability:
-@uref{http://www.microsoft.com/technet/prodtechnol/windows2000serv/howto/kerbstep.mspx}.
-Kerberos GSS-API (in Windows-eze SSPI), Windows as a client in a
-non-Windows KDC realm, adding unix clients to a Windows 2000 KDC, and
-adding cross-realm trust (@pxref{Inter-Realm keys (trust) between Windows 2000
-and a Heimdal KDC}).
-
-@item Windows 2000 Kerberos Authentication:
-@uref{www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/confeat/kerberos.mspx}.
-White paper that describes how Kerberos is used in Windows 2000.
-
-@item Overview of Kerberos:
-@uref{http://support.microsoft.com/support/kb/articles/Q248/7/58.ASP}.
-Links to useful other links.
-
-@c @item Klist for Windows:
-@c @uref{http://msdn.microsoft.com/library/periodic/period00/security0500.htm}.
-@c Describes where to get a klist for Windows 2000.
-
-@item Event logging for Kerberos:
-@uref{http://support.microsoft.com/support/kb/articles/Q262/1/77.ASP}.
-Basically it say that you can add a registry key
-@code{HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\LogLevel}
-with value DWORD equal to 1, and then you'll get logging in the Event
-Logger.
-
-@c @item Access to the Active Directory through LDAP:
-@c @uref{http://msdn.microsoft.com/library/techart/kerberossamp.htm}
-
-@end itemize
-
-Other useful programs include these:
-
-@itemize @bullet
-@item pwdump2
-@uref{http://www.bindview.com/Support/RAZOR/Utilities/Windows/pwdump2_readme.cfm}@end itemize
diff --git a/crypto/heimdal/etc/Makefile.am b/crypto/heimdal/etc/Makefile.am
deleted file mode 100644
index d5675d57a2ed..000000000000
--- a/crypto/heimdal/etc/Makefile.am
+++ /dev/null
@@ -1,5 +0,0 @@
-# $Id: Makefile.am 20565 2007-04-27 13:52:30Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-EXTRA_DIST = services.append
diff --git a/crypto/heimdal/etc/Makefile.in b/crypto/heimdal/etc/Makefile.in
deleted file mode 100644
index fef8bd2fa2dc..000000000000
--- a/crypto/heimdal/etc/Makefile.in
+++ /dev/null
@@ -1,658 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 20565 2007-04-27 13:52:30Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common
-subdir = etc
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-SOURCES =
-DIST_SOURCES =
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-EXTRA_DIST = services.append
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps etc/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps etc/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-tags: TAGS
-TAGS:
-
-ctags: CTAGS
-CTAGS:
-
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile all-local
-installdirs:
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-generic
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool dist-hook distclean \
-	distclean-generic distclean-libtool distdir dvi dvi-am html \
-	html-am info info-am install install-am install-data \
-	install-data-am install-data-hook install-dvi install-dvi-am \
-	install-exec install-exec-am install-exec-hook install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-ps install-ps-am \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	uninstall uninstall-am uninstall-hook
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/etc/services.append b/crypto/heimdal/etc/services.append
deleted file mode 100644
index 2eff2f7a34d9..000000000000
--- a/crypto/heimdal/etc/services.append
+++ /dev/null
@@ -1,29 +0,0 @@
-#
-# $Id: services.append 10452 2001-08-08 15:48:37Z assar $
-#
-# Kerberos services
-#
-kerberos	88/udp		kerberos-sec	# Kerberos v5 UDP
-kerberos	88/tcp		kerberos-sec	# Kerberos v5 TCP
-kpasswd		464/udp				# password changing
-kpasswd		464/tcp				# password changing
-klogin		543/tcp				# Kerberos authenticated rlogin
-kshell		544/tcp		krcmd		# and remote shell
-ekshell		545/tcp		      # Kerberos encrypted remote shell -kfall
-ekshell2	2106/tcp	      # What U of Colorado @ Boulder uses?
-kerberos-adm	749/udp				# v5 kadmin
-kerberos-adm	749/tcp				# v5 kadmin
-kerberos-iv	750/udp		kdc		# Kerberos authentication--udp
-kerberos-iv	750/tcp		kdc		# Kerberos authentication--tcp
-kerberos_master 751/udp				# v4 kadmin
-kerberos_master 751/tcp				# v4 kadmin
-krb_prop	754/tcp		hprop		# Kerberos slave propagation
-kpop		1109/tcp			# Pop with Kerberos
-eklogin		2105/tcp			# Kerberos encrypted rlogin
-rkinit		2108/tcp			# Kerberos remote kinit
-kf		2110/tcp			# forward credentials
-kx		2111/tcp			# X over kerberos
-kip		2112/tcp			# IP over kerberos
-kauth		2120/tcp			# Remote kauth
-iprop		2121/tcp			# incremental propagation
-krb524		4444/udp			# MIT 5->4
diff --git a/crypto/heimdal/include/Makefile.am b/crypto/heimdal/include/Makefile.am
deleted file mode 100644
index a63c227d44af..000000000000
--- a/crypto/heimdal/include/Makefile.am
+++ /dev/null
@@ -1,87 +0,0 @@
-# $Id: Makefile.am 22396 2008-01-01 19:35:05Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-SUBDIRS = kadm5 hcrypto gssapi
-
-noinst_PROGRAMS = bits make_crypto
-CHECK_LOCAL = no-check-local
-
-AM_CPPFLAGS += -DHOST=\"$(CANONICAL_HOST)\"
-
-nodist_include_HEADERS = krb5-types.h
-nodist_noinst_HEADERS = crypto-headers.h
-
-krb5-types.h: bits$(EXEEXT)
-	./bits$(EXEEXT) krb5-types.h
-
-crypto-headers.h: make_crypto$(EXEEXT)
-	./make_crypto$(EXEEXT) crypto-headers.h
-
-CLEANFILES =			\
-	cms_asn1.h 		\
-	der-protos.h 		\
-	digest_asn1.h 		\
-	hdb-protos.h		\
-	heim_asn1.h		\
-	heim_threads.h		\
-	hex.h			\
-	hx509-protos.h		\
-	hx509.h			\
-	hx509_err.h		\
-	kx509_asn1.h		\
-	kx509_err.h		\
-	k524_err.h		\
-	kdc-protos.h		\
-	kdc.h			\
-	krb5_asn1.h		\
-	krb5_ccapi.h		\
-	parse_bytes.h		\
-	pkcs12_asn1.h		\
-	pkcs8_asn1.h		\
-	pkcs9_asn1.h		\
-	pkinit_asn1.h		\
-	rfc2459_asn1.h		\
-	rtbl.h			\
-	test-mem.h		\
-	vers.h			\
-	vis.h			\
-	asn1.h			\
-	asn1_err.h		\
-	base64.h		\
-	com_err.h		\
-	com_right.h		\
-	crypto-headers.h	\
-	der.h			\
-	editline.h		\
-	err.h			\
-	getarg.h		\
-	glob.h			\
-	gssapi.h		\
-	hdb.h			\
-	hdb_asn1.h		\
-	hdb_err.h		\
-	heim_err.h		\
-	heimntlm.h		\
-	heimntlm-protos.h	\
-	kafs.h			\
-	krb_err.h		\
-	krb5-protos.h		\
-	krb5-private.h		\
-	krb5-types.h		\
-	krb5.h			\
-	krb5_err.h		\
-	otp.h			\
-	parse_time.h		\
-	parse_units.h		\
-	resolve.h		\
-	roken-common.h		\
-	roken.h			\
-	sl.h			\
-	windc_plugin.h		\
-	locate_plugin.h		\
-	xdbm.h
-
-DISTCLEANFILES = 	\
-	version.h	\
-	version.h.in
diff --git a/crypto/heimdal/include/Makefile.in b/crypto/heimdal/include/Makefile.in
deleted file mode 100644
index 382274419419..000000000000
--- a/crypto/heimdal/include/Makefile.in
+++ /dev/null
@@ -1,996 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 22396 2008-01-01 19:35:05Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(srcdir)/config.h.in $(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common
-noinst_PROGRAMS = bits$(EXEEXT) make_crypto$(EXEEXT)
-subdir = include
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = config.h
-CONFIG_CLEAN_FILES =
-PROGRAMS = $(noinst_PROGRAMS)
-bits_SOURCES = bits.c
-bits_OBJECTS = bits.$(OBJEXT)
-bits_LDADD = $(LDADD)
-make_crypto_SOURCES = make_crypto.c
-make_crypto_OBJECTS = make_crypto.$(OBJEXT)
-make_crypto_LDADD = $(LDADD)
-DEFAULT_INCLUDES = -I.@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-SOURCES = bits.c make_crypto.c
-DIST_SOURCES = bits.c make_crypto.c
-RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
-	html-recursive info-recursive install-data-recursive \
-	install-dvi-recursive install-exec-recursive \
-	install-html-recursive install-info-recursive \
-	install-pdf-recursive install-ps-recursive install-recursive \
-	installcheck-recursive installdirs-recursive pdf-recursive \
-	ps-recursive uninstall-recursive
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
-    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
-    *) f=$$p;; \
-  esac;
-am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
-am__installdirs = "$(DESTDIR)$(includedir)"
-nodist_includeHEADERS_INSTALL = $(INSTALL_HEADER)
-HEADERS = $(nodist_include_HEADERS) $(nodist_noinst_HEADERS)
-RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive	\
-  distclean-recursive maintainer-clean-recursive
-ETAGS = etags
-CTAGS = ctags
-DIST_SUBDIRS = $(SUBDIRS)
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
-	-DHOST=\"$(CANONICAL_HOST)\"
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-SUBDIRS = kadm5 hcrypto gssapi
-CHECK_LOCAL = no-check-local
-nodist_include_HEADERS = krb5-types.h
-nodist_noinst_HEADERS = crypto-headers.h
-CLEANFILES = \
-	cms_asn1.h 		\
-	der-protos.h 		\
-	digest_asn1.h 		\
-	hdb-protos.h		\
-	heim_asn1.h		\
-	heim_threads.h		\
-	hex.h			\
-	hx509-protos.h		\
-	hx509.h			\
-	hx509_err.h		\
-	kx509_asn1.h		\
-	kx509_err.h		\
-	k524_err.h		\
-	kdc-protos.h		\
-	kdc.h			\
-	krb5_asn1.h		\
-	krb5_ccapi.h		\
-	parse_bytes.h		\
-	pkcs12_asn1.h		\
-	pkcs8_asn1.h		\
-	pkcs9_asn1.h		\
-	pkinit_asn1.h		\
-	rfc2459_asn1.h		\
-	rtbl.h			\
-	test-mem.h		\
-	vers.h			\
-	vis.h			\
-	asn1.h			\
-	asn1_err.h		\
-	base64.h		\
-	com_err.h		\
-	com_right.h		\
-	crypto-headers.h	\
-	der.h			\
-	editline.h		\
-	err.h			\
-	getarg.h		\
-	glob.h			\
-	gssapi.h		\
-	hdb.h			\
-	hdb_asn1.h		\
-	hdb_err.h		\
-	heim_err.h		\
-	heimntlm.h		\
-	heimntlm-protos.h	\
-	kafs.h			\
-	krb_err.h		\
-	krb5-protos.h		\
-	krb5-private.h		\
-	krb5-types.h		\
-	krb5.h			\
-	krb5_err.h		\
-	otp.h			\
-	parse_time.h		\
-	parse_units.h		\
-	resolve.h		\
-	roken-common.h		\
-	roken.h			\
-	sl.h			\
-	windc_plugin.h		\
-	locate_plugin.h		\
-	xdbm.h
-
-DISTCLEANFILES = \
-	version.h	\
-	version.h.in
-
-all: config.h
-	$(MAKE) $(AM_MAKEFLAGS) all-recursive
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps include/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps include/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-config.h: stamp-h1
-	@if test ! -f $@; then \
-	  rm -f stamp-h1; \
-	  $(MAKE) $(AM_MAKEFLAGS) stamp-h1; \
-	else :; fi
-
-stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status
-	@rm -f stamp-h1
-	cd $(top_builddir) && $(SHELL) ./config.status include/config.h
-$(srcdir)/config.h.in: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) 
-	cd $(top_srcdir) && $(AUTOHEADER)
-	rm -f stamp-h1
-	touch $@
-
-distclean-hdr:
-	-rm -f config.h stamp-h1
-
-clean-noinstPROGRAMS:
-	@list='$(noinst_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-bits$(EXEEXT): $(bits_OBJECTS) $(bits_DEPENDENCIES) 
-	@rm -f bits$(EXEEXT)
-	$(LINK) $(bits_OBJECTS) $(bits_LDADD) $(LIBS)
-make_crypto$(EXEEXT): $(make_crypto_OBJECTS) $(make_crypto_DEPENDENCIES) 
-	@rm -f make_crypto$(EXEEXT)
-	$(LINK) $(make_crypto_OBJECTS) $(make_crypto_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-nodist_includeHEADERS: $(nodist_include_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
-	@list='$(nodist_include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(nodist_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
-	  $(nodist_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-uninstall-nodist_includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(nodist_include_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-# This directory's subdirectories are mostly independent; you can cd
-# into them and run `make' without going through this Makefile.
-# To change the values of `make' variables: instead of editing Makefiles,
-# (1) if the variable is set in `config.status', edit `config.status'
-#     (which will cause the Makefiles to be regenerated when you run `make');
-# (2) otherwise, pass the desired values on the `make' command line.
-$(RECURSIVE_TARGETS):
-	@failcom='exit 1'; \
-	for f in x $$MAKEFLAGS; do \
-	  case $$f in \
-	    *=* | --[!k]*);; \
-	    *k*) failcom='fail=yes';; \
-	  esac; \
-	done; \
-	dot_seen=no; \
-	target=`echo $@ | sed s/-recursive//`; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    dot_seen=yes; \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	  || eval $$failcom; \
-	done; \
-	if test "$$dot_seen" = "no"; then \
-	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
-	fi; test -z "$$fail"
-
-$(RECURSIVE_CLEAN_TARGETS):
-	@failcom='exit 1'; \
-	for f in x $$MAKEFLAGS; do \
-	  case $$f in \
-	    *=* | --[!k]*);; \
-	    *k*) failcom='fail=yes';; \
-	  esac; \
-	done; \
-	dot_seen=no; \
-	case "$@" in \
-	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
-	  *) list='$(SUBDIRS)' ;; \
-	esac; \
-	rev=''; for subdir in $$list; do \
-	  if test "$$subdir" = "."; then :; else \
-	    rev="$$subdir $$rev"; \
-	  fi; \
-	done; \
-	rev="$$rev ."; \
-	target=`echo $@ | sed s/-recursive//`; \
-	for subdir in $$rev; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	  || eval $$failcom; \
-	done && test -z "$$fail"
-tags-recursive:
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
-	done
-ctags-recursive:
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS: tags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
-	  include_option=--etags-include; \
-	  empty_fix=.; \
-	else \
-	  include_option=--include; \
-	  empty_fix=; \
-	fi; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test ! -f $$subdir/TAGS || \
-	      tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \
-	  fi; \
-	done; \
-	list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS: ctags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test -d "$(distdir)/$$subdir" \
-	    || $(MKDIR_P) "$(distdir)/$$subdir" \
-	    || exit 1; \
-	    distdir=`$(am__cd) $(distdir) && pwd`; \
-	    top_distdir=`$(am__cd) $(top_distdir) && pwd`; \
-	    (cd $$subdir && \
-	      $(MAKE) $(AM_MAKEFLAGS) \
-	        top_distdir="$$top_distdir" \
-	        distdir="$$distdir/$$subdir" \
-		am__remove_distdir=: \
-		am__skip_length_check=: \
-	        distdir) \
-	      || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-recursive
-all-am: Makefile $(PROGRAMS) $(HEADERS) config.h all-local
-installdirs: installdirs-recursive
-installdirs-am:
-	for dir in "$(DESTDIR)$(includedir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-recursive
-install-exec: install-exec-recursive
-install-data: install-data-recursive
-uninstall: uninstall-recursive
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-recursive
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-	-test -z "$(DISTCLEANFILES)" || rm -f $(DISTCLEANFILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-recursive
-
-clean-am: clean-generic clean-libtool clean-noinstPROGRAMS \
-	mostlyclean-am
-
-distclean: distclean-recursive
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-hdr distclean-tags
-
-dvi: dvi-recursive
-
-dvi-am:
-
-html: html-recursive
-
-info: info-recursive
-
-info-am:
-
-install-data-am: install-nodist_includeHEADERS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-recursive
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-recursive
-
-install-info: install-info-recursive
-
-install-man:
-
-install-pdf: install-pdf-recursive
-
-install-ps: install-ps-recursive
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-recursive
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-recursive
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-recursive
-
-pdf-am:
-
-ps: ps-recursive
-
-ps-am:
-
-uninstall-am: uninstall-nodist_includeHEADERS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \
-	install-data-am install-exec-am install-strip uninstall-am
-
-.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
-	all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool clean-noinstPROGRAMS ctags \
-	ctags-recursive dist-hook distclean distclean-compile \
-	distclean-generic distclean-hdr distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am \
-	install-data-hook install-dvi install-dvi-am install-exec \
-	install-exec-am install-exec-hook install-html install-html-am \
-	install-info install-info-am install-man \
-	install-nodist_includeHEADERS install-pdf install-pdf-am \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs installdirs-am maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags tags-recursive uninstall uninstall-am uninstall-hook \
-	uninstall-nodist_includeHEADERS
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-krb5-types.h: bits$(EXEEXT)
-	./bits$(EXEEXT) krb5-types.h
-
-crypto-headers.h: make_crypto$(EXEEXT)
-	./make_crypto$(EXEEXT) crypto-headers.h
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/include/bits.c b/crypto/heimdal/include/bits.c
deleted file mode 100644
index 3fdaee420bfd..000000000000
--- a/crypto/heimdal/include/bits.c
+++ /dev/null
@@ -1,240 +0,0 @@
-/*
- * Copyright (c) 1997-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: bits.c 18703 2006-10-20 20:33:58Z lha $");
-#endif
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <ctype.h>
-
-#define BITSIZE(TYPE)						\
-{								\
-    int b = 0; TYPE x = 1, zero = 0; const char *pre = "u";	\
-    char tmp[128], tmp2[128];					\
-    while(x){ x <<= 1; b++; if(x < zero) pre=""; }		\
-    if(b >= len){						\
-        int tabs;						\
-	sprintf(tmp, "%sint%d_t" , pre, len);			\
-	sprintf(tmp2, "typedef %s %s;", #TYPE, tmp);		\
-	tabs = 5 - strlen(tmp2) / 8;				\
-        fprintf(f, "%s", tmp2);					\
-	while(tabs-- > 0) fprintf(f, "\t");			\
-	fprintf(f, "/* %2d bits */\n", b);			\
-        return;                                                 \
-    }								\
-}
-
-#ifndef HAVE___ATTRIBUTE__
-#define __attribute__(x)
-#endif
-
-static void
-try_signed(FILE *f, int len)  __attribute__ ((unused));
-
-static void
-try_unsigned(FILE *f, int len) __attribute__ ((unused));
-
-static int
-print_bt(FILE *f, int flag) __attribute__ ((unused));
-
-static void
-try_signed(FILE *f, int len)
-{
-    BITSIZE(signed char);
-    BITSIZE(short);
-    BITSIZE(int);
-    BITSIZE(long);
-#ifdef HAVE_LONG_LONG
-    BITSIZE(long long);
-#endif
-    fprintf(f, "/* There is no %d bit type */\n", len);
-}
-
-static void
-try_unsigned(FILE *f, int len)
-{
-    BITSIZE(unsigned char);
-    BITSIZE(unsigned short);
-    BITSIZE(unsigned int);
-    BITSIZE(unsigned long);
-#ifdef HAVE_LONG_LONG
-    BITSIZE(unsigned long long);
-#endif
-    fprintf(f, "/* There is no %d bit type */\n", len);
-}
-
-static int
-print_bt(FILE *f, int flag)
-{
-    if(flag == 0){
-	fprintf(f, "/* For compatibility with various type definitions */\n");
-	fprintf(f, "#ifndef __BIT_TYPES_DEFINED__\n");
-	fprintf(f, "#define __BIT_TYPES_DEFINED__\n");
-	fprintf(f, "\n");
-    }
-    return 1;
-}
-
-int main(int argc, char **argv)
-{
-    FILE *f;
-    int flag;
-    const char *fn, *hb;
-    
-    if (argc > 1 && strcmp(argv[1], "--version") == 0) {
-	printf("some version");
-	return 0;
-    }
-
-    if(argc < 2){
-	fn = "bits.h";
-	hb = "__BITS_H__";
-	f = stdout;
-    } else {
-	char *p;
-	fn = argv[1];
-	p = malloc(strlen(fn) + 5);
-	sprintf(p, "__%s__", fn);
-	hb = p;
-	for(; *p; p++){
-	    if(!isalnum((unsigned char)*p))
-		*p = '_';
-	}
-	f = fopen(argv[1], "w");
-    }
-    fprintf(f, "/* %s -- this file was generated for %s by\n", fn, HOST);
-    fprintf(f, "   %*s    %s */\n\n", (int)strlen(fn), "", 
-	    "$Id: bits.c 18703 2006-10-20 20:33:58Z lha $");
-    fprintf(f, "#ifndef %s\n", hb);
-    fprintf(f, "#define %s\n", hb);
-    fprintf(f, "\n");
-#ifdef HAVE_INTTYPES_H
-    fprintf(f, "#include <inttypes.h>\n");
-#endif
-#ifdef HAVE_SYS_TYPES_H
-    fprintf(f, "#include <sys/types.h>\n");
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-    fprintf(f, "#include <sys/bitypes.h>\n");
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-    fprintf(f, "#include <bind/bitypes.h>\n");
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-    fprintf(f, "#include <netinet/in6_machtypes.h>\n");
-#endif
-#ifdef HAVE_SOCKLEN_T
-    fprintf(f, "#include <sys/socket.h>\n");
-#endif
-    fprintf(f, "\n");
-
-    flag = 0;
-#ifndef HAVE_INT8_T
-    flag = print_bt(f, flag);
-    try_signed (f, 8);
-#endif /* HAVE_INT8_T */
-#ifndef HAVE_INT16_T
-    flag = print_bt(f, flag);
-    try_signed (f, 16);
-#endif /* HAVE_INT16_T */
-#ifndef HAVE_INT32_T
-    flag = print_bt(f, flag);
-    try_signed (f, 32);
-#endif /* HAVE_INT32_T */
-#ifndef HAVE_INT64_T
-    flag = print_bt(f, flag);
-    try_signed (f, 64);
-#endif /* HAVE_INT64_T */
-
-#ifndef HAVE_UINT8_T
-    flag = print_bt(f, flag);
-    try_unsigned (f, 8);
-#endif /* HAVE_UINT8_T */
-#ifndef HAVE_UINT16_T
-    flag = print_bt(f, flag);
-    try_unsigned (f, 16);
-#endif /* HAVE_UINT16_T */
-#ifndef HAVE_UINT32_T
-    flag = print_bt(f, flag);
-    try_unsigned (f, 32);
-#endif /* HAVE_UINT32_T */
-#ifndef HAVE_UINT64_T
-    flag = print_bt(f, flag);
-    try_unsigned (f, 64);
-#endif /* HAVE_UINT64_T */
-
-#define X(S) fprintf(f, "typedef uint" #S "_t u_int" #S "_t;\n")
-#ifndef HAVE_U_INT8_T
-    flag = print_bt(f, flag);
-    X(8);
-#endif /* HAVE_U_INT8_T */
-#ifndef HAVE_U_INT16_T
-    flag = print_bt(f, flag);
-    X(16);
-#endif /* HAVE_U_INT16_T */
-#ifndef HAVE_U_INT32_T
-    flag = print_bt(f, flag);
-    X(32);
-#endif /* HAVE_U_INT32_T */
-#ifndef HAVE_U_INT64_T
-    flag = print_bt(f, flag);
-    X(64);
-#endif /* HAVE_U_INT64_T */
-
-    if(flag){
-	fprintf(f, "\n");
-	fprintf(f, "#endif /* __BIT_TYPES_DEFINED__ */\n\n");
-    }
-#ifdef KRB5
-    fprintf(f, "\n");
-#if defined(HAVE_SOCKLEN_T)
-    fprintf(f, "typedef socklen_t krb5_socklen_t;\n");
-#else
-    fprintf(f, "typedef int krb5_socklen_t;\n");
-#endif
-#if defined(HAVE_SSIZE_T)
-#ifdef HAVE_UNISTD_H
-    fprintf(f, "#include <unistd.h>\n");
-#endif
-    fprintf(f, "typedef ssize_t krb5_ssize_t;\n");
-#else
-    fprintf(f, "typedef int krb5_ssize_t;\n");
-#endif
-    fprintf(f, "\n");
-#endif /* KRB5 */
-    fprintf(f, "#endif /* %s */\n", hb);
-    return 0;
-}
diff --git a/crypto/heimdal/include/config.h.in b/crypto/heimdal/include/config.h.in
deleted file mode 100644
index 50cf5b19001d..000000000000
--- a/crypto/heimdal/include/config.h.in
+++ /dev/null
@@ -1,1472 +0,0 @@
-/* include/config.h.in.  Generated from configure.in by autoheader.  */
-
-#ifndef RCSID
-#define RCSID(msg) \
-static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
-#endif
-
-/* Maximum values on all known systems */
-#define MaxHostNameLen (64+4)
-#define MaxPathLen (1024+4)
-
-
-
-#ifdef BUILD_KRB5_LIB
-#ifndef KRB5_LIB_FUNCTION
-#ifdef _WIN32_
-#define KRB5_LIB_FUNCTION _export _stdcall
-#else
-#define KRB5_LIB_FUNCTION
-#endif
-#endif
-#endif
-
-
-#ifdef BUILD_ROKEN_LIB
-#ifndef ROKEN_LIB_FUNCTION
-#ifdef _WIN32_
-#define ROKEN_LIB_FUNCTION _export _stdcall
-#else
-#define ROKEN_LIB_FUNCTION
-#endif
-#endif
-#endif
-
-
-/* Define if you want authentication support in telnet. */
-#undef AUTHENTICATION
-
-/* path to bin */
-#undef BINDIR
-
-/* Define if realloc(NULL) doesn't work. */
-#undef BROKEN_REALLOC
-
-/* Define if you want support for DCE/DFS PAG's. */
-#undef DCE
-
-/* Define if you want to use DES encryption in telnet. */
-#undef DES_ENCRYPTION
-
-/* Define this to enable diagnostics in telnet. */
-#undef DIAGNOSTICS
-
-/* Define if want to use the weak AFS string to key functions. */
-#undef ENABLE_AFS_STRING_TO_KEY
-
-/* Define if you want have a thread safe libraries */
-#undef ENABLE_PTHREAD_SUPPORT
-
-/* Define if you want encryption support in telnet. */
-#undef ENCRYPTION
-
-/* define if sys/param.h defines the endiness */
-#undef ENDIANESS_IN_SYS_PARAM_H
-
-/* Define this if you want support for broken ENV_{VAR,VAL} telnets. */
-#undef ENV_HACK
-
-/* define if prototype of gethostbyaddr is compatible with struct hostent
-   *gethostbyaddr(const void *, size_t, int) */
-#undef GETHOSTBYADDR_PROTO_COMPATIBLE
-
-/* define if prototype of gethostbyname is compatible with struct hostent
-   *gethostbyname(const char *) */
-#undef GETHOSTBYNAME_PROTO_COMPATIBLE
-
-/* define if prototype of getservbyname is compatible with struct servent
-   *getservbyname(const char *, const char *) */
-#undef GETSERVBYNAME_PROTO_COMPATIBLE
-
-/* define if prototype of getsockname is compatible with int getsockname(int,
-   struct sockaddr*, socklen_t*) */
-#undef GETSOCKNAME_PROTO_COMPATIBLE
-
-/* Define if you have the `altzone' variable. */
-#undef HAVE_ALTZONE
-
-/* Define to 1 if you have the `arc4random' function. */
-#undef HAVE_ARC4RANDOM
-
-/* Define to 1 if you have the <arpa/ftp.h> header file. */
-#undef HAVE_ARPA_FTP_H
-
-/* Define to 1 if you have the <arpa/inet.h> header file. */
-#undef HAVE_ARPA_INET_H
-
-/* Define to 1 if you have the <arpa/nameser.h> header file. */
-#undef HAVE_ARPA_NAMESER_H
-
-/* Define to 1 if you have the <arpa/telnet.h> header file. */
-#undef HAVE_ARPA_TELNET_H
-
-/* Define to 1 if you have the `asnprintf' function. */
-#undef HAVE_ASNPRINTF
-
-/* Define to 1 if you have the `asprintf' function. */
-#undef HAVE_ASPRINTF
-
-/* Define to 1 if you have the `atexit' function. */
-#undef HAVE_ATEXIT
-
-/* Define to 1 if you have the <bind/bitypes.h> header file. */
-#undef HAVE_BIND_BITYPES_H
-
-/* Define to 1 if you have the <bsdsetjmp.h> header file. */
-#undef HAVE_BSDSETJMP_H
-
-/* Define to 1 if you have the `bswap16' function. */
-#undef HAVE_BSWAP16
-
-/* Define to 1 if you have the `bswap32' function. */
-#undef HAVE_BSWAP32
-
-/* Define to 1 if you have the <capability.h> header file. */
-#undef HAVE_CAPABILITY_H
-
-/* Define to 1 if you have the `cap_set_proc' function. */
-#undef HAVE_CAP_SET_PROC
-
-/* Define to 1 if you have the `cgetent' function. */
-#undef HAVE_CGETENT
-
-/* Define if you have the function `chown'. */
-#undef HAVE_CHOWN
-
-/* Define if you have the function `closefrom'. */
-#undef HAVE_CLOSEFROM
-
-/* Define to 1 if you have the <config.h> header file. */
-#undef HAVE_CONFIG_H
-
-/* Define if you have the function `copyhostent'. */
-#undef HAVE_COPYHOSTENT
-
-/* Define to 1 if you have the `crypt' function. */
-#undef HAVE_CRYPT
-
-/* Define to 1 if you have the <crypt.h> header file. */
-#undef HAVE_CRYPT_H
-
-/* Define to 1 if you have the <curses.h> header file. */
-#undef HAVE_CURSES_H
-
-/* Define if you have the function `daemon'. */
-#undef HAVE_DAEMON
-
-/* define if you have a berkeley db1/2 library */
-#undef HAVE_DB1
-
-/* define if you have a berkeley db3/4 library */
-#undef HAVE_DB3
-
-/* Define to 1 if you have the <db3/db.h> header file. */
-#undef HAVE_DB3_DB_H
-
-/* Define to 1 if you have the <db4/db.h> header file. */
-#undef HAVE_DB4_DB_H
-
-/* Define to 1 if you have the `dbm_firstkey' function. */
-#undef HAVE_DBM_FIRSTKEY
-
-/* Define to 1 if you have the <dbm.h> header file. */
-#undef HAVE_DBM_H
-
-/* Define to 1 if you have the `dbopen' function. */
-#undef HAVE_DBOPEN
-
-/* Define to 1 if you have the <db_185.h> header file. */
-#undef HAVE_DB_185_H
-
-/* Define to 1 if you have the `db_create' function. */
-#undef HAVE_DB_CREATE
-
-/* Define to 1 if you have the <db.h> header file. */
-#undef HAVE_DB_H
-
-/* define if you have ndbm compat in db */
-#undef HAVE_DB_NDBM
-
-/* Define to 1 if you have the declaration of `altzone', and to 0 if you
-   don't. */
-#undef HAVE_DECL_ALTZONE
-
-/* Define to 1 if you have the declaration of `environ', and to 0 if you
-   don't. */
-#undef HAVE_DECL_ENVIRON
-
-/* Define to 1 if you have the declaration of `h_errlist', and to 0 if you
-   don't. */
-#undef HAVE_DECL_H_ERRLIST
-
-/* Define to 1 if you have the declaration of `h_errno', and to 0 if you
-   don't. */
-#undef HAVE_DECL_H_ERRNO
-
-/* Define to 1 if you have the declaration of `h_nerr', and to 0 if you don't.
-   */
-#undef HAVE_DECL_H_NERR
-
-/* Define to 1 if you have the declaration of `optarg', and to 0 if you don't.
-   */
-#undef HAVE_DECL_OPTARG
-
-/* Define to 1 if you have the declaration of `opterr', and to 0 if you don't.
-   */
-#undef HAVE_DECL_OPTERR
-
-/* Define to 1 if you have the declaration of `optind', and to 0 if you don't.
-   */
-#undef HAVE_DECL_OPTIND
-
-/* Define to 1 if you have the declaration of `optopt', and to 0 if you don't.
-   */
-#undef HAVE_DECL_OPTOPT
-
-/* Define to 1 if you have the declaration of `timezone', and to 0 if you
-   don't. */
-#undef HAVE_DECL_TIMEZONE
-
-/* Define to 1 if you have the declaration of `_res', and to 0 if you don't.
-   */
-#undef HAVE_DECL__RES
-
-/* Define to 1 if you have the declaration of `__progname', and to 0 if you
-   don't. */
-#undef HAVE_DECL___PROGNAME
-
-/* Define to 1 if you have the <dirent.h> header file. */
-#undef HAVE_DIRENT_H
-
-/* Define to 1 if you have the <dlfcn.h> header file. */
-#undef HAVE_DLFCN_H
-
-/* Define to 1 if you have the `dlopen' function. */
-#undef HAVE_DLOPEN
-
-/* Define to 1 if you have the `dn_expand' function. */
-#undef HAVE_DN_EXPAND
-
-/* Define to 1 if you have the `door_create' function. */
-#undef HAVE_DOOR_CREATE
-
-/* Define if you have the function `ecalloc'. */
-#undef HAVE_ECALLOC
-
-/* Define to 1 if you have the `el_init' function. */
-#undef HAVE_EL_INIT
-
-/* Define if you have the function `emalloc'. */
-#undef HAVE_EMALLOC
-
-/* Define if you have the function `erealloc'. */
-#undef HAVE_EREALLOC
-
-/* Define if you have the function `err'. */
-#undef HAVE_ERR
-
-/* Define to 1 if you have the <errno.h> header file. */
-#undef HAVE_ERRNO_H
-
-/* Define if you have the function `errx'. */
-#undef HAVE_ERRX
-
-/* Define to 1 if you have the <err.h> header file. */
-#undef HAVE_ERR_H
-
-/* Define if you have the function `estrdup'. */
-#undef HAVE_ESTRDUP
-
-/* Define if you have the function `fchown'. */
-#undef HAVE_FCHOWN
-
-/* Define to 1 if you have the `fcntl' function. */
-#undef HAVE_FCNTL
-
-/* Define to 1 if you have the <fcntl.h> header file. */
-#undef HAVE_FCNTL_H
-
-/* Define if you have the function `flock'. */
-#undef HAVE_FLOCK
-
-/* Define if you have the function `fnmatch'. */
-#undef HAVE_FNMATCH
-
-/* Define to 1 if you have the <fnmatch.h> header file. */
-#undef HAVE_FNMATCH_H
-
-/* Define if el_init takes four arguments. */
-#undef HAVE_FOUR_VALUED_EL_INIT
-
-/* Have -framework Security */
-#undef HAVE_FRAMEWORK_SECURITY
-
-/* Define to 1 if you have the `freeaddrinfo' function. */
-#undef HAVE_FREEADDRINFO
-
-/* Define if you have the function `freehostent'. */
-#undef HAVE_FREEHOSTENT
-
-/* Define to 1 if you have the `gai_strerror' function. */
-#undef HAVE_GAI_STRERROR
-
-/* Define to 1 if you have the <gdbm/ndbm.h> header file. */
-#undef HAVE_GDBM_NDBM_H
-
-/* Define to 1 if you have the `getaddrinfo' function. */
-#undef HAVE_GETADDRINFO
-
-/* Define to 1 if you have the `getconfattr' function. */
-#undef HAVE_GETCONFATTR
-
-/* Define if you have the function `getcwd'. */
-#undef HAVE_GETCWD
-
-/* Define if you have the function `getdtablesize'. */
-#undef HAVE_GETDTABLESIZE
-
-/* Define if you have the function `getegid'. */
-#undef HAVE_GETEGID
-
-/* Define if you have the function `geteuid'. */
-#undef HAVE_GETEUID
-
-/* Define if you have the function `getgid'. */
-#undef HAVE_GETGID
-
-/* Define to 1 if you have the `gethostbyname' function. */
-#undef HAVE_GETHOSTBYNAME
-
-/* Define to 1 if you have the `gethostbyname2' function. */
-#undef HAVE_GETHOSTBYNAME2
-
-/* Define if you have the function `gethostname'. */
-#undef HAVE_GETHOSTNAME
-
-/* Define if you have the function `getifaddrs'. */
-#undef HAVE_GETIFADDRS
-
-/* Define if you have the function `getipnodebyaddr'. */
-#undef HAVE_GETIPNODEBYADDR
-
-/* Define if you have the function `getipnodebyname'. */
-#undef HAVE_GETIPNODEBYNAME
-
-/* Define to 1 if you have the `getlogin' function. */
-#undef HAVE_GETLOGIN
-
-/* Define if you have a working getmsg. */
-#undef HAVE_GETMSG
-
-/* Define to 1 if you have the `getnameinfo' function. */
-#undef HAVE_GETNAMEINFO
-
-/* Define if you have the function `getopt'. */
-#undef HAVE_GETOPT
-
-/* Define to 1 if you have the `getpagesize' function. */
-#undef HAVE_GETPAGESIZE
-
-/* Define to 1 if you have the `getpeereid' function. */
-#undef HAVE_GETPEEREID
-
-/* Define to 1 if you have the `getpeerucred' function. */
-#undef HAVE_GETPEERUCRED
-
-/* Define to 1 if you have the `getprogname' function. */
-#undef HAVE_GETPROGNAME
-
-/* Define to 1 if you have the `getpwnam_r' function. */
-#undef HAVE_GETPWNAM_R
-
-/* Define to 1 if you have the `getrlimit' function. */
-#undef HAVE_GETRLIMIT
-
-/* Define to 1 if you have the `getsockopt' function. */
-#undef HAVE_GETSOCKOPT
-
-/* Define to 1 if you have the `getspnam' function. */
-#undef HAVE_GETSPNAM
-
-/* Define if you have the function `gettimeofday'. */
-#undef HAVE_GETTIMEOFDAY
-
-/* Define to 1 if you have the `getudbnam' function. */
-#undef HAVE_GETUDBNAM
-
-/* Define if you have the function `getuid'. */
-#undef HAVE_GETUID
-
-/* Define if you have the function `getusershell'. */
-#undef HAVE_GETUSERSHELL
-
-/* define if you have a glob() that groks GLOB_BRACE, GLOB_NOCHECK,
-   GLOB_QUOTE, GLOB_TILDE, and GLOB_LIMIT */
-#undef HAVE_GLOB
-
-/* Define to 1 if you have the `grantpt' function. */
-#undef HAVE_GRANTPT
-
-/* Define to 1 if you have the <grp.h> header file. */
-#undef HAVE_GRP_H
-
-/* Define to 1 if you have the `hstrerror' function. */
-#undef HAVE_HSTRERROR
-
-/* Define if you have the `h_errlist' variable. */
-#undef HAVE_H_ERRLIST
-
-/* Define if you have the `h_errno' variable. */
-#undef HAVE_H_ERRNO
-
-/* Define if you have the `h_nerr' variable. */
-#undef HAVE_H_NERR
-
-/* Define to 1 if you have the <ifaddrs.h> header file. */
-#undef HAVE_IFADDRS_H
-
-/* Define if you have the in6addr_loopback variable */
-#undef HAVE_IN6ADDR_LOOPBACK
-
-/* define */
-#undef HAVE_INET_ATON
-
-/* define */
-#undef HAVE_INET_NTOP
-
-/* define */
-#undef HAVE_INET_PTON
-
-/* Define if you have the function `initgroups'. */
-#undef HAVE_INITGROUPS
-
-/* Define to 1 if you have the `initstate' function. */
-#undef HAVE_INITSTATE
-
-/* Define if you have the function `innetgr'. */
-#undef HAVE_INNETGR
-
-/* Define to 1 if the system has the type `int16_t'. */
-#undef HAVE_INT16_T
-
-/* Define to 1 if the system has the type `int32_t'. */
-#undef HAVE_INT32_T
-
-/* Define to 1 if the system has the type `int64_t'. */
-#undef HAVE_INT64_T
-
-/* Define to 1 if the system has the type `int8_t'. */
-#undef HAVE_INT8_T
-
-/* Define to 1 if you have the <inttypes.h> header file. */
-#undef HAVE_INTTYPES_H
-
-/* Define to 1 if you have the <io.h> header file. */
-#undef HAVE_IO_H
-
-/* Define if you have IPv6. */
-#undef HAVE_IPV6
-
-/* Define if you have the function `iruserok'. */
-#undef HAVE_IRUSEROK
-
-/* Define to 1 if you have the `issetugid' function. */
-#undef HAVE_ISSETUGID
-
-/* Define if you want to use the Kerberos Credentials Manager. */
-#undef HAVE_KCM
-
-/* Define to 1 if you have the <libutil.h> header file. */
-#undef HAVE_LIBUTIL_H
-
-/* Define to 1 if you have the <limits.h> header file. */
-#undef HAVE_LIMITS_H
-
-/* Define to 1 if you have the `loadquery' function. */
-#undef HAVE_LOADQUERY
-
-/* Define if you have the function `localtime_r'. */
-#undef HAVE_LOCALTIME_R
-
-/* Define to 1 if you have the `logout' function. */
-#undef HAVE_LOGOUT
-
-/* Define to 1 if you have the `logwtmp' function. */
-#undef HAVE_LOGWTMP
-
-/* Define to 1 if the system has the type `long long'. */
-#undef HAVE_LONG_LONG
-
-/* Define if you have the function `lstat'. */
-#undef HAVE_LSTAT
-
-/* Define to 1 if you have the <maillock.h> header file. */
-#undef HAVE_MAILLOCK_H
-
-/* Define if you have the function `memmove'. */
-#undef HAVE_MEMMOVE
-
-/* Define to 1 if you have the <memory.h> header file. */
-#undef HAVE_MEMORY_H
-
-/* Define if you have the function `mkstemp'. */
-#undef HAVE_MKSTEMP
-
-/* Define to 1 if you have the `mktime' function. */
-#undef HAVE_MKTIME
-
-/* Define to 1 if you have a working `mmap' system call. */
-#undef HAVE_MMAP
-
-/* define if you have a ndbm library */
-#undef HAVE_NDBM
-
-/* Define to 1 if you have the <ndbm.h> header file. */
-#undef HAVE_NDBM_H
-
-/* Define to 1 if you have the <netdb.h> header file. */
-#undef HAVE_NETDB_H
-
-/* Define to 1 if you have the <netgroup.h> header file. */
-#undef HAVE_NETGROUP_H
-
-/* Define to 1 if you have the <netinet6/in6.h> header file. */
-#undef HAVE_NETINET6_IN6_H
-
-/* Define to 1 if you have the <netinet6/in6_var.h> header file. */
-#undef HAVE_NETINET6_IN6_VAR_H
-
-/* Define to 1 if you have the <netinet/in6.h> header file. */
-#undef HAVE_NETINET_IN6_H
-
-/* Define to 1 if you have the <netinet/in6_machtypes.h> header file. */
-#undef HAVE_NETINET_IN6_MACHTYPES_H
-
-/* Define to 1 if you have the <netinet/in.h> header file. */
-#undef HAVE_NETINET_IN_H
-
-/* Define to 1 if you have the <netinet/in_systm.h> header file. */
-#undef HAVE_NETINET_IN_SYSTM_H
-
-/* Define to 1 if you have the <netinet/ip.h> header file. */
-#undef HAVE_NETINET_IP_H
-
-/* Define to 1 if you have the <netinet/tcp.h> header file. */
-#undef HAVE_NETINET_TCP_H
-
-/* Define if you want to use Netinfo instead of krb5.conf. */
-#undef HAVE_NETINFO
-
-/* Define to 1 if you have the <netinfo/ni.h> header file. */
-#undef HAVE_NETINFO_NI_H
-
-/* Define to 1 if you have the <net/if.h> header file. */
-#undef HAVE_NET_IF_H
-
-/* Define if NDBM really is DB (creates files *.db) */
-#undef HAVE_NEW_DB
-
-/* Define to 1 if you have the `on_exit' function. */
-#undef HAVE_ON_EXIT
-
-/* Define to 1 if you have the `openpty' function. */
-#undef HAVE_OPENPTY
-
-/* define to use openssl's libcrypto */
-#undef HAVE_OPENSSL
-
-/* Define to enable basic OSF C2 support. */
-#undef HAVE_OSFC2
-
-/* Define to 1 if you have the <paths.h> header file. */
-#undef HAVE_PATHS_H
-
-/* Define to 1 if you have the `pidfile' function. */
-#undef HAVE_PIDFILE
-
-/* Define to 1 if you have the `poll' function. */
-#undef HAVE_POLL
-
-/* Define to 1 if you have the <poll.h> header file. */
-#undef HAVE_POLL_H
-
-/* Define to 1 if you have the <pthread.h> header file. */
-#undef HAVE_PTHREAD_H
-
-/* Define to 1 if you have the `ptsname' function. */
-#undef HAVE_PTSNAME
-
-/* Define to 1 if you have the <pty.h> header file. */
-#undef HAVE_PTY_H
-
-/* Define if you have the function `putenv'. */
-#undef HAVE_PUTENV
-
-/* Define to 1 if you have the <pwd.h> header file. */
-#undef HAVE_PWD_H
-
-/* Define to 1 if you have the `rand' function. */
-#undef HAVE_RAND
-
-/* Define to 1 if you have the `random' function. */
-#undef HAVE_RANDOM
-
-/* Define if you have the function `rcmd'. */
-#undef HAVE_RCMD
-
-/* Define if you have a readline compatible library. */
-#undef HAVE_READLINE
-
-/* Define if you have the function `readv'. */
-#undef HAVE_READV
-
-/* Define if you have the function `recvmsg'. */
-#undef HAVE_RECVMSG
-
-/* Define to 1 if you have the <resolv.h> header file. */
-#undef HAVE_RESOLV_H
-
-/* Define to 1 if you have the `res_ndestroy' function. */
-#undef HAVE_RES_NDESTROY
-
-/* Define to 1 if you have the `res_nsearch' function. */
-#undef HAVE_RES_NSEARCH
-
-/* Define to 1 if you have the `res_search' function. */
-#undef HAVE_RES_SEARCH
-
-/* Define to 1 if you have the `revoke' function. */
-#undef HAVE_REVOKE
-
-/* Define to 1 if you have the <rpcsvc/ypclnt.h> header file. */
-#undef HAVE_RPCSVC_YPCLNT_H
-
-/* Define to 1 if you have the <sac.h> header file. */
-#undef HAVE_SAC_H
-
-/* Define to 1 if the system has the type `sa_family_t'. */
-#undef HAVE_SA_FAMILY_T
-
-/* Define to 1 if you have the <security/pam_modules.h> header file. */
-#undef HAVE_SECURITY_PAM_MODULES_H
-
-/* Define to 1 if you have the `select' function. */
-#undef HAVE_SELECT
-
-/* Define if you have the function `sendmsg'. */
-#undef HAVE_SENDMSG
-
-/* Define if you have the function `setegid'. */
-#undef HAVE_SETEGID
-
-/* Define if you have the function `setenv'. */
-#undef HAVE_SETENV
-
-/* Define if you have the function `seteuid'. */
-#undef HAVE_SETEUID
-
-/* Define to 1 if you have the `setitimer' function. */
-#undef HAVE_SETITIMER
-
-/* Define to 1 if you have the `setlim' function. */
-#undef HAVE_SETLIM
-
-/* Define to 1 if you have the `setlogin' function. */
-#undef HAVE_SETLOGIN
-
-/* Define to 1 if you have the `setpcred' function. */
-#undef HAVE_SETPCRED
-
-/* Define to 1 if you have the `setpgid' function. */
-#undef HAVE_SETPGID
-
-/* Define to 1 if you have the `setproctitle' function. */
-#undef HAVE_SETPROCTITLE
-
-/* Define to 1 if you have the `setprogname' function. */
-#undef HAVE_SETPROGNAME
-
-/* Define to 1 if you have the `setregid' function. */
-#undef HAVE_SETREGID
-
-/* Define to 1 if you have the `setresgid' function. */
-#undef HAVE_SETRESGID
-
-/* Define to 1 if you have the `setresuid' function. */
-#undef HAVE_SETRESUID
-
-/* Define to 1 if you have the `setreuid' function. */
-#undef HAVE_SETREUID
-
-/* Define to 1 if you have the `setsid' function. */
-#undef HAVE_SETSID
-
-/* Define to 1 if you have the `setsockopt' function. */
-#undef HAVE_SETSOCKOPT
-
-/* Define to 1 if you have the `setstate' function. */
-#undef HAVE_SETSTATE
-
-/* Define to 1 if you have the `setutent' function. */
-#undef HAVE_SETUTENT
-
-/* Define to 1 if you have the `sgi_getcapabilitybyname' function. */
-#undef HAVE_SGI_GETCAPABILITYBYNAME
-
-/* Define to 1 if you have the <sgtty.h> header file. */
-#undef HAVE_SGTTY_H
-
-/* Define to 1 if you have the <shadow.h> header file. */
-#undef HAVE_SHADOW_H
-
-/* Define to 1 if you have the <siad.h> header file. */
-#undef HAVE_SIAD_H
-
-/* Define to 1 if you have the `sigaction' function. */
-#undef HAVE_SIGACTION
-
-/* Define to 1 if you have the <signal.h> header file. */
-#undef HAVE_SIGNAL_H
-
-/* define if you have a working snprintf */
-#undef HAVE_SNPRINTF
-
-/* Define to 1 if you have the `socket' function. */
-#undef HAVE_SOCKET
-
-/* Define to 1 if the system has the type `socklen_t'. */
-#undef HAVE_SOCKLEN_T
-
-/* Define to 1 if the system has the type `ssize_t'. */
-#undef HAVE_SSIZE_T
-
-/* Define to 1 if you have the <standards.h> header file. */
-#undef HAVE_STANDARDS_H
-
-/* Define to 1 if you have the <stdint.h> header file. */
-#undef HAVE_STDINT_H
-
-/* Define to 1 if you have the <stdlib.h> header file. */
-#undef HAVE_STDLIB_H
-
-/* Define if you have the function `strcasecmp'. */
-#undef HAVE_STRCASECMP
-
-/* Define if you have the function `strdup'. */
-#undef HAVE_STRDUP
-
-/* Define if you have the function `strerror'. */
-#undef HAVE_STRERROR
-
-/* Define if you have the function `strftime'. */
-#undef HAVE_STRFTIME
-
-/* Define to 1 if you have the <strings.h> header file. */
-#undef HAVE_STRINGS_H
-
-/* Define to 1 if you have the <string.h> header file. */
-#undef HAVE_STRING_H
-
-/* Define if you have the function `strlcat'. */
-#undef HAVE_STRLCAT
-
-/* Define if you have the function `strlcpy'. */
-#undef HAVE_STRLCPY
-
-/* Define if you have the function `strlwr'. */
-#undef HAVE_STRLWR
-
-/* Define if you have the function `strncasecmp'. */
-#undef HAVE_STRNCASECMP
-
-/* Define if you have the function `strndup'. */
-#undef HAVE_STRNDUP
-
-/* Define if you have the function `strnlen'. */
-#undef HAVE_STRNLEN
-
-/* Define to 1 if you have the <stropts.h> header file. */
-#undef HAVE_STROPTS_H
-
-/* Define if you have the function `strptime'. */
-#undef HAVE_STRPTIME
-
-/* Define if you have the function `strsep'. */
-#undef HAVE_STRSEP
-
-/* Define if you have the function `strsep_copy'. */
-#undef HAVE_STRSEP_COPY
-
-/* Define to 1 if you have the `strstr' function. */
-#undef HAVE_STRSTR
-
-/* Define to 1 if you have the `strsvis' function. */
-#undef HAVE_STRSVIS
-
-/* Define if you have the function `strtok_r'. */
-#undef HAVE_STRTOK_R
-
-/* Define to 1 if the system has the type `struct addrinfo'. */
-#undef HAVE_STRUCT_ADDRINFO
-
-/* Define to 1 if the system has the type `struct ifaddrs'. */
-#undef HAVE_STRUCT_IFADDRS
-
-/* Define to 1 if the system has the type `struct iovec'. */
-#undef HAVE_STRUCT_IOVEC
-
-/* Define to 1 if the system has the type `struct msghdr'. */
-#undef HAVE_STRUCT_MSGHDR
-
-/* Define to 1 if the system has the type `struct sockaddr'. */
-#undef HAVE_STRUCT_SOCKADDR
-
-/* Define if struct sockaddr has field sa_len. */
-#undef HAVE_STRUCT_SOCKADDR_SA_LEN
-
-/* Define to 1 if the system has the type `struct sockaddr_storage'. */
-#undef HAVE_STRUCT_SOCKADDR_STORAGE
-
-/* define if you have struct spwd */
-#undef HAVE_STRUCT_SPWD
-
-/* Define if struct tm has field tm_gmtoff. */
-#undef HAVE_STRUCT_TM_TM_GMTOFF
-
-/* Define if struct tm has field tm_zone. */
-#undef HAVE_STRUCT_TM_TM_ZONE
-
-/* Define if struct utmpx has field ut_exit. */
-#undef HAVE_STRUCT_UTMPX_UT_EXIT
-
-/* Define if struct utmpx has field ut_syslen. */
-#undef HAVE_STRUCT_UTMPX_UT_SYSLEN
-
-/* Define if struct utmp has field ut_addr. */
-#undef HAVE_STRUCT_UTMP_UT_ADDR
-
-/* Define if struct utmp has field ut_host. */
-#undef HAVE_STRUCT_UTMP_UT_HOST
-
-/* Define if struct utmp has field ut_id. */
-#undef HAVE_STRUCT_UTMP_UT_ID
-
-/* Define if struct utmp has field ut_pid. */
-#undef HAVE_STRUCT_UTMP_UT_PID
-
-/* Define if struct utmp has field ut_type. */
-#undef HAVE_STRUCT_UTMP_UT_TYPE
-
-/* Define if struct utmp has field ut_user. */
-#undef HAVE_STRUCT_UTMP_UT_USER
-
-/* define if struct winsize is declared in sys/termios.h */
-#undef HAVE_STRUCT_WINSIZE
-
-/* Define to 1 if you have the `strunvis' function. */
-#undef HAVE_STRUNVIS
-
-/* Define if you have the function `strupr'. */
-#undef HAVE_STRUPR
-
-/* Define to 1 if you have the `strvis' function. */
-#undef HAVE_STRVIS
-
-/* Define to 1 if you have the `strvisx' function. */
-#undef HAVE_STRVISX
-
-/* Define to 1 if you have the `svis' function. */
-#undef HAVE_SVIS
-
-/* Define if you have the function `swab'. */
-#undef HAVE_SWAB
-
-/* Define to 1 if you have the `sysconf' function. */
-#undef HAVE_SYSCONF
-
-/* Define to 1 if you have the `sysctl' function. */
-#undef HAVE_SYSCTL
-
-/* Define to 1 if you have the `syslog' function. */
-#undef HAVE_SYSLOG
-
-/* Define to 1 if you have the <syslog.h> header file. */
-#undef HAVE_SYSLOG_H
-
-/* Define to 1 if you have the <sys/bitypes.h> header file. */
-#undef HAVE_SYS_BITYPES_H
-
-/* Define to 1 if you have the <sys/bswap.h> header file. */
-#undef HAVE_SYS_BSWAP_H
-
-/* Define to 1 if you have the <sys/capability.h> header file. */
-#undef HAVE_SYS_CAPABILITY_H
-
-/* Define to 1 if you have the <sys/category.h> header file. */
-#undef HAVE_SYS_CATEGORY_H
-
-/* Define to 1 if you have the <sys/file.h> header file. */
-#undef HAVE_SYS_FILE_H
-
-/* Define to 1 if you have the <sys/filio.h> header file. */
-#undef HAVE_SYS_FILIO_H
-
-/* Define to 1 if you have the <sys/ioccom.h> header file. */
-#undef HAVE_SYS_IOCCOM_H
-
-/* Define to 1 if you have the <sys/ioctl.h> header file. */
-#undef HAVE_SYS_IOCTL_H
-
-/* Define to 1 if you have the <sys/mman.h> header file. */
-#undef HAVE_SYS_MMAN_H
-
-/* Define to 1 if you have the <sys/param.h> header file. */
-#undef HAVE_SYS_PARAM_H
-
-/* Define to 1 if you have the <sys/proc.h> header file. */
-#undef HAVE_SYS_PROC_H
-
-/* Define to 1 if you have the <sys/ptyio.h> header file. */
-#undef HAVE_SYS_PTYIO_H
-
-/* Define to 1 if you have the <sys/ptyvar.h> header file. */
-#undef HAVE_SYS_PTYVAR_H
-
-/* Define to 1 if you have the <sys/pty.h> header file. */
-#undef HAVE_SYS_PTY_H
-
-/* Define to 1 if you have the <sys/resource.h> header file. */
-#undef HAVE_SYS_RESOURCE_H
-
-/* Define to 1 if you have the <sys/select.h> header file. */
-#undef HAVE_SYS_SELECT_H
-
-/* Define to 1 if you have the <sys/socket.h> header file. */
-#undef HAVE_SYS_SOCKET_H
-
-/* Define to 1 if you have the <sys/sockio.h> header file. */
-#undef HAVE_SYS_SOCKIO_H
-
-/* Define to 1 if you have the <sys/stat.h> header file. */
-#undef HAVE_SYS_STAT_H
-
-/* Define to 1 if you have the <sys/stream.h> header file. */
-#undef HAVE_SYS_STREAM_H
-
-/* Define to 1 if you have the <sys/stropts.h> header file. */
-#undef HAVE_SYS_STROPTS_H
-
-/* Define to 1 if you have the <sys/strtty.h> header file. */
-#undef HAVE_SYS_STRTTY_H
-
-/* Define to 1 if you have the <sys/str_tty.h> header file. */
-#undef HAVE_SYS_STR_TTY_H
-
-/* Define to 1 if you have the <sys/syscall.h> header file. */
-#undef HAVE_SYS_SYSCALL_H
-
-/* Define to 1 if you have the <sys/sysctl.h> header file. */
-#undef HAVE_SYS_SYSCTL_H
-
-/* Define to 1 if you have the <sys/termio.h> header file. */
-#undef HAVE_SYS_TERMIO_H
-
-/* Define to 1 if you have the <sys/timeb.h> header file. */
-#undef HAVE_SYS_TIMEB_H
-
-/* Define to 1 if you have the <sys/times.h> header file. */
-#undef HAVE_SYS_TIMES_H
-
-/* Define to 1 if you have the <sys/time.h> header file. */
-#undef HAVE_SYS_TIME_H
-
-/* Define to 1 if you have the <sys/tty.h> header file. */
-#undef HAVE_SYS_TTY_H
-
-/* Define to 1 if you have the <sys/types.h> header file. */
-#undef HAVE_SYS_TYPES_H
-
-/* Define to 1 if you have the <sys/ucred.h> header file. */
-#undef HAVE_SYS_UCRED_H
-
-/* Define to 1 if you have the <sys/uio.h> header file. */
-#undef HAVE_SYS_UIO_H
-
-/* Define to 1 if you have the <sys/un.h> header file. */
-#undef HAVE_SYS_UN_H
-
-/* Define to 1 if you have the <sys/utsname.h> header file. */
-#undef HAVE_SYS_UTSNAME_H
-
-/* Define to 1 if you have the <sys/wait.h> header file. */
-#undef HAVE_SYS_WAIT_H
-
-/* Define to 1 if you have the <termcap.h> header file. */
-#undef HAVE_TERMCAP_H
-
-/* Define to 1 if you have the <termios.h> header file. */
-#undef HAVE_TERMIOS_H
-
-/* Define to 1 if you have the <termio.h> header file. */
-#undef HAVE_TERMIO_H
-
-/* Define to 1 if you have the <term.h> header file. */
-#undef HAVE_TERM_H
-
-/* Define to 1 if you have the `tgetent' function. */
-#undef HAVE_TGETENT
-
-/* Define if you have the function `timegm'. */
-#undef HAVE_TIMEGM
-
-/* Define if you have the `timezone' variable. */
-#undef HAVE_TIMEZONE
-
-/* Define to 1 if you have the <time.h> header file. */
-#undef HAVE_TIME_H
-
-/* Define to 1 if you have the <tmpdir.h> header file. */
-#undef HAVE_TMPDIR_H
-
-/* Define to 1 if you have the `ttyname' function. */
-#undef HAVE_TTYNAME
-
-/* Define to 1 if you have the `ttyslot' function. */
-#undef HAVE_TTYSLOT
-
-/* Define to 1 if you have the <udb.h> header file. */
-#undef HAVE_UDB_H
-
-/* Define to 1 if the system has the type `uint16_t'. */
-#undef HAVE_UINT16_T
-
-/* Define to 1 if the system has the type `uint32_t'. */
-#undef HAVE_UINT32_T
-
-/* Define to 1 if the system has the type `uint64_t'. */
-#undef HAVE_UINT64_T
-
-/* Define to 1 if the system has the type `uint8_t'. */
-#undef HAVE_UINT8_T
-
-/* Define to 1 if the system has the type `uintptr_t'. */
-#undef HAVE_UINTPTR_T
-
-/* Define to 1 if you have the `umask' function. */
-#undef HAVE_UMASK
-
-/* Define to 1 if you have the `uname' function. */
-#undef HAVE_UNAME
-
-/* Define to 1 if you have the <unistd.h> header file. */
-#undef HAVE_UNISTD_H
-
-/* Define to 1 if you have the `unlockpt' function. */
-#undef HAVE_UNLOCKPT
-
-/* Define if you have the function `unsetenv'. */
-#undef HAVE_UNSETENV
-
-/* Define to 1 if you have the `unvis' function. */
-#undef HAVE_UNVIS
-
-/* Define to 1 if you have the <userconf.h> header file. */
-#undef HAVE_USERCONF_H
-
-/* Define to 1 if you have the <usersec.h> header file. */
-#undef HAVE_USERSEC_H
-
-/* Define to 1 if you have the <util.h> header file. */
-#undef HAVE_UTIL_H
-
-/* Define to 1 if you have the <utmpx.h> header file. */
-#undef HAVE_UTMPX_H
-
-/* Define to 1 if you have the <utmp.h> header file. */
-#undef HAVE_UTMP_H
-
-/* Define to 1 if the system has the type `u_int16_t'. */
-#undef HAVE_U_INT16_T
-
-/* Define to 1 if the system has the type `u_int32_t'. */
-#undef HAVE_U_INT32_T
-
-/* Define to 1 if the system has the type `u_int64_t'. */
-#undef HAVE_U_INT64_T
-
-/* Define to 1 if the system has the type `u_int8_t'. */
-#undef HAVE_U_INT8_T
-
-/* Define to 1 if you have the `vasnprintf' function. */
-#undef HAVE_VASNPRINTF
-
-/* Define to 1 if you have the `vasprintf' function. */
-#undef HAVE_VASPRINTF
-
-/* Define if you have the function `verr'. */
-#undef HAVE_VERR
-
-/* Define if you have the function `verrx'. */
-#undef HAVE_VERRX
-
-/* Define to 1 if you have the `vhangup' function. */
-#undef HAVE_VHANGUP
-
-/* Define to 1 if you have the `vis' function. */
-#undef HAVE_VIS
-
-/* Define to 1 if you have the <vis.h> header file. */
-#undef HAVE_VIS_H
-
-/* define if you have a working vsnprintf */
-#undef HAVE_VSNPRINTF
-
-/* Define if you have the function `vsyslog'. */
-#undef HAVE_VSYSLOG
-
-/* Define if you have the function `vwarn'. */
-#undef HAVE_VWARN
-
-/* Define if you have the function `vwarnx'. */
-#undef HAVE_VWARNX
-
-/* Define if you have the function `warn'. */
-#undef HAVE_WARN
-
-/* Define if you have the function `warnx'. */
-#undef HAVE_WARNX
-
-/* Define if you have the function `writev'. */
-#undef HAVE_WRITEV
-
-/* define if struct winsize has ws_xpixel */
-#undef HAVE_WS_XPIXEL
-
-/* define if struct winsize has ws_ypixel */
-#undef HAVE_WS_YPIXEL
-
-/* Define to 1 if you have the `XauFileName' function. */
-#undef HAVE_XAUFILENAME
-
-/* Define to 1 if you have the `XauReadAuth' function. */
-#undef HAVE_XAUREADAUTH
-
-/* Define to 1 if you have the `XauWriteAuth' function. */
-#undef HAVE_XAUWRITEAUTH
-
-/* Define to 1 if you have the `yp_get_default_domain' function. */
-#undef HAVE_YP_GET_DEFAULT_DOMAIN
-
-/* Define to 1 if you have the `_getpty' function. */
-#undef HAVE__GETPTY
-
-/* Define if you have the `_res' variable. */
-#undef HAVE__RES
-
-/* Define to 1 if you have the `_scrsize' function. */
-#undef HAVE__SCRSIZE
-
-/* define if your compiler has __attribute__ */
-#undef HAVE___ATTRIBUTE__
-
-/* Define if you have the `__progname' variable. */
-#undef HAVE___PROGNAME
-
-/* Define if you have the hesiod package. */
-#undef HESIOD
-
-/* Define if you are running IRIX 4. */
-#undef IRIX4
-
-/* Enable Kerberos 5 support in applications. */
-#undef KRB5
-
-/* path to lib */
-#undef LIBDIR
-
-/* path to libexec */
-#undef LIBEXECDIR
-
-/* path to localstate */
-#undef LOCALSTATEDIR
-
-/* define if the system is missing a prototype for asnprintf() */
-#undef NEED_ASNPRINTF_PROTO
-
-/* define if the system is missing a prototype for asprintf() */
-#undef NEED_ASPRINTF_PROTO
-
-/* define if the system is missing a prototype for crypt() */
-#undef NEED_CRYPT_PROTO
-
-/* define if the system is missing a prototype for daemon() */
-#undef NEED_DAEMON_PROTO
-
-/* define if the system is missing a prototype for gethostname() */
-#undef NEED_GETHOSTNAME_PROTO
-
-/* define if the system is missing a prototype for getusershell() */
-#undef NEED_GETUSERSHELL_PROTO
-
-/* define if the system is missing a prototype for glob() */
-#undef NEED_GLOB_PROTO
-
-/* define if the system is missing a prototype for hstrerror() */
-#undef NEED_HSTRERROR_PROTO
-
-/* define if the system is missing a prototype for inet_aton() */
-#undef NEED_INET_ATON_PROTO
-
-/* define if the system is missing a prototype for iruserok() */
-#undef NEED_IRUSEROK_PROTO
-
-/* define if the system is missing a prototype for mkstemp() */
-#undef NEED_MKSTEMP_PROTO
-
-/* define if the system is missing a prototype for SecKeyGetCSPHandle() */
-#undef NEED_SECKEYGETCSPHANDLE_PROTO
-
-/* define if the system is missing a prototype for setenv() */
-#undef NEED_SETENV_PROTO
-
-/* define if the system is missing a prototype for snprintf() */
-#undef NEED_SNPRINTF_PROTO
-
-/* define if the system is missing a prototype for strndup() */
-#undef NEED_STRNDUP_PROTO
-
-/* define if the system is missing a prototype for strsep() */
-#undef NEED_STRSEP_PROTO
-
-/* define if the system is missing a prototype for strsvis() */
-#undef NEED_STRSVIS_PROTO
-
-/* define if the system is missing a prototype for strtok_r() */
-#undef NEED_STRTOK_R_PROTO
-
-/* define if the system is missing a prototype for strunvis() */
-#undef NEED_STRUNVIS_PROTO
-
-/* define if the system is missing a prototype for strvisx() */
-#undef NEED_STRVISX_PROTO
-
-/* define if the system is missing a prototype for strvis() */
-#undef NEED_STRVIS_PROTO
-
-/* define if the system is missing a prototype for svis() */
-#undef NEED_SVIS_PROTO
-
-/* define if the system is missing a prototype for unsetenv() */
-#undef NEED_UNSETENV_PROTO
-
-/* define if the system is missing a prototype for unvis() */
-#undef NEED_UNVIS_PROTO
-
-/* define if the system is missing a prototype for vasnprintf() */
-#undef NEED_VASNPRINTF_PROTO
-
-/* define if the system is missing a prototype for vasprintf() */
-#undef NEED_VASPRINTF_PROTO
-
-/* define if the system is missing a prototype for vis() */
-#undef NEED_VIS_PROTO
-
-/* define if the system is missing a prototype for vsnprintf() */
-#undef NEED_VSNPRINTF_PROTO
-
-/* Define if you don't wan't support for AFS. */
-#undef NO_AFS
-
-/* Define to 1 if your C compiler doesn't accept -c and -o together. */
-#undef NO_MINUS_C_MINUS_O
-
-/* Define if you don't want to use mmap. */
-#undef NO_MMAP
-
-/* Define this to enable old environment option in telnet. */
-#undef OLD_ENVIRON
-
-/* Define if you have the openldap package. */
-#undef OPENLDAP
-
-/* Define if you want support for hdb ldap module */
-#undef OPENLDAP_MODULE
-
-/* define if prototype of openlog is compatible with void openlog(const char
-   *, int, int) */
-#undef OPENLOG_PROTO_COMPATIBLE
-
-/* Define if you want OTP support in applications. */
-#undef OTP
-
-/* Name of package */
-#undef PACKAGE
-
-/* Define to the address where bug reports for this package should be sent. */
-#undef PACKAGE_BUGREPORT
-
-/* Define to the full name of this package. */
-#undef PACKAGE_NAME
-
-/* Define to the full name and version of this package. */
-#undef PACKAGE_STRING
-
-/* Define to the one symbol short name of this package. */
-#undef PACKAGE_TARNAME
-
-/* Define to the version of this package. */
-#undef PACKAGE_VERSION
-
-/* Define to enable PKINIT. */
-#undef PKINIT
-
-/* Define if getlogin has POSIX flavour (and not BSD). */
-#undef POSIX_GETLOGIN
-
-/* Define if getpwnam_r has POSIX flavour. */
-#undef POSIX_GETPWNAM_R
-
-/* Define if you have the readline package. */
-#undef READLINE
-
-/* Define as the return type of signal handlers (`int' or `void'). */
-#undef RETSIGTYPE
-
-/* path to sbin */
-#undef SBINDIR
-
-/* Define if you want to use samba socket wrappers. */
-#undef SOCKET_WRAPPER_REPLACE
-
-/* Define to 1 if you have the ANSI C header files. */
-#undef STDC_HEADERS
-
-/* Define if you have streams ptys. */
-#undef STREAMSPTY
-
-/* path to sysconf */
-#undef SYSCONFDIR
-
-/* Define to what version of SunOS you are running. */
-#undef SunOS
-
-/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
-#undef TIME_WITH_SYS_TIME
-
-/* Define to 1 if your <sys/time.h> declares `struct tm'. */
-#undef TM_IN_SYS_TIME
-
-/* Version number of package */
-#undef VERSION
-
-/* Define if signal handlers return void. */
-#undef VOID_RETSIGTYPE
-
-/* define if target is big endian */
-#undef WORDS_BIGENDIAN
-
-/* Define to 1 if the X Window System is missing or not being used. */
-#undef X_DISPLAY_MISSING
-
-/* Define to 1 if `lex' declares `yytext' as a `char *' by default, not a
-   `char[]'. */
-#undef YYTEXT_POINTER
-
-/* Number of bits in a file offset, on hosts where this is settable. */
-#undef _FILE_OFFSET_BITS
-
-/* Define to enable extensions on glibc-based systems such as Linux. */
-#undef _GNU_SOURCE
-
-/* Define for large files, on AIX-style hosts. */
-#undef _LARGE_FILES
-
-/* Define to empty if `const' does not conform to ANSI C. */
-#undef const
-
-/* Define to `int' if <sys/types.h> doesn't define. */
-#undef gid_t
-
-/* Define to `__inline__' or `__inline' if that's what the C compiler
-   calls it, or to nothing if 'inline' is not supported under any name.  */
-#ifndef __cplusplus
-#undef inline
-#endif
-
-/* Define this to what the type mode_t should be. */
-#undef mode_t
-
-/* Define to `long int' if <sys/types.h> does not define. */
-#undef off_t
-
-/* Define to `int' if <sys/types.h> does not define. */
-#undef pid_t
-
-/* Define this to what the type sig_atomic_t should be. */
-#undef sig_atomic_t
-
-/* Define to `unsigned int' if <sys/types.h> does not define. */
-#undef size_t
-
-/* Define to `int' if <sys/types.h> doesn't define. */
-#undef uid_t
-
-#ifdef ROKEN_RENAME
-#include "roken_rename.h"
-#endif
-
-#ifdef VOID_RETSIGTYPE
-#define SIGRETURN(x) return
-#else
-#define SIGRETURN(x) return (RETSIGTYPE)(x)
-#endif
-
-#ifdef BROKEN_REALLOC
-#define realloc(X, Y) rk_realloc((X), (Y))
-#endif
-
-
-#if ENDIANESS_IN_SYS_PARAM_H
-#  include <sys/types.h>
-#  include <sys/param.h>
-#  if BYTE_ORDER == BIG_ENDIAN
-#  define WORDS_BIGENDIAN 1
-#  endif
-#endif
-
-
-#if _AIX
-#define _ALL_SOURCE
-/* XXX this is gross, but kills about a gazillion warnings */
-struct ether_addr;
-struct sockaddr;
-struct sockaddr_dl;
-struct sockaddr_in;
-#endif
-
-
-/* IRIX 4 braindamage */
-#if IRIX == 4 && !defined(__STDC__)
-#define __STDC__ 0
-#endif
-
-
-
-#if defined(ENCRYPTION) && !defined(AUTHENTICATION)
-#define AUTHENTICATION 1
-#endif
-
-/* Set this to the default system lead string for telnetd 
- * can contain %-escapes: %s=sysname, %m=machine, %r=os-release
- * %v=os-version, %t=tty, %h=hostname, %d=date and time
- */
-#undef USE_IM
-
-/* Used with login -p */
-#undef LOGIN_ARGS
-
-/* set this to a sensible login */
-#ifndef LOGIN_PATH
-#define LOGIN_PATH BINDIR "/login"
-#endif
-
diff --git a/crypto/heimdal/include/gssapi/Makefile.am b/crypto/heimdal/include/gssapi/Makefile.am
deleted file mode 100644
index 717339557418..000000000000
--- a/crypto/heimdal/include/gssapi/Makefile.am
+++ /dev/null
@@ -1,6 +0,0 @@
-# $Id: Makefile.am 18701 2006-10-20 20:32:01Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-CLEANFILES = gssapi.h gssapi_krb5.h gssapi_spnego.h
-
diff --git a/crypto/heimdal/include/gssapi/Makefile.in b/crypto/heimdal/include/gssapi/Makefile.in
deleted file mode 100644
index 0aef05ddffe6..000000000000
--- a/crypto/heimdal/include/gssapi/Makefile.in
+++ /dev/null
@@ -1,659 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 18701 2006-10-20 20:32:01Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common
-subdir = include/gssapi
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-SOURCES =
-DIST_SOURCES =
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-CLEANFILES = gssapi.h gssapi_krb5.h gssapi_spnego.h
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps include/gssapi/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps include/gssapi/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-tags: TAGS
-TAGS:
-
-ctags: CTAGS
-CTAGS:
-
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile all-local
-installdirs:
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-generic
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool dist-hook distclean \
-	distclean-generic distclean-libtool distdir dvi dvi-am html \
-	html-am info info-am install install-am install-data \
-	install-data-am install-data-hook install-dvi install-dvi-am \
-	install-exec install-exec-am install-exec-hook install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-ps install-ps-am \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	uninstall uninstall-am uninstall-hook
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/include/hcrypto/Makefile.am b/crypto/heimdal/include/hcrypto/Makefile.am
deleted file mode 100644
index c5299a387cad..000000000000
--- a/crypto/heimdal/include/hcrypto/Makefile.am
+++ /dev/null
@@ -1,23 +0,0 @@
-# $Id: Makefile.am 16553 2006-01-13 13:43:32Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-CLEANFILES =		\
-	aes.h		\
-	bn.h		\
-	des.h		\
-	dh.h		\
-	dsa.h		\
-	engine.h	\
-	evp.h		\
-	hmac.h		\
-	md2.h		\
-	md4.h		\
-	md5.h		\
-	pkcs12.h	\
-	rand.h		\
-	rc2.h		\
-	rc4.h		\
-	rsa.h		\
-	sha.h		\
-	ui.h
diff --git a/crypto/heimdal/include/hcrypto/Makefile.in b/crypto/heimdal/include/hcrypto/Makefile.in
deleted file mode 100644
index 9896a2ad03f2..000000000000
--- a/crypto/heimdal/include/hcrypto/Makefile.in
+++ /dev/null
@@ -1,678 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 16553 2006-01-13 13:43:32Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common
-subdir = include/hcrypto
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-SOURCES =
-DIST_SOURCES =
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-CLEANFILES = \
-	aes.h		\
-	bn.h		\
-	des.h		\
-	dh.h		\
-	dsa.h		\
-	engine.h	\
-	evp.h		\
-	hmac.h		\
-	md2.h		\
-	md4.h		\
-	md5.h		\
-	pkcs12.h	\
-	rand.h		\
-	rc2.h		\
-	rc4.h		\
-	rsa.h		\
-	sha.h		\
-	ui.h
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps include/hcrypto/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps include/hcrypto/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-tags: TAGS
-TAGS:
-
-ctags: CTAGS
-CTAGS:
-
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile all-local
-installdirs:
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-generic
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool dist-hook distclean \
-	distclean-generic distclean-libtool distdir dvi dvi-am html \
-	html-am info info-am install install-am install-data \
-	install-data-am install-data-hook install-dvi install-dvi-am \
-	install-exec install-exec-am install-exec-hook install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-ps install-ps-am \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	uninstall uninstall-am uninstall-hook
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/include/kadm5/Makefile.am b/crypto/heimdal/include/kadm5/Makefile.am
deleted file mode 100644
index 6ccf564d30c2..000000000000
--- a/crypto/heimdal/include/kadm5/Makefile.am
+++ /dev/null
@@ -1,5 +0,0 @@
-# $Id: Makefile.am 18696 2006-10-20 20:25:13Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-CLEANFILES = admin.h kadm5_err.h private.h kadm5-private.h kadm5-protos.h
diff --git a/crypto/heimdal/include/kadm5/Makefile.in b/crypto/heimdal/include/kadm5/Makefile.in
deleted file mode 100644
index a553ab99d0c1..000000000000
--- a/crypto/heimdal/include/kadm5/Makefile.in
+++ /dev/null
@@ -1,659 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 18696 2006-10-20 20:25:13Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common
-subdir = include/kadm5
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-SOURCES =
-DIST_SOURCES =
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-CLEANFILES = admin.h kadm5_err.h private.h kadm5-private.h kadm5-protos.h
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps include/kadm5/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps include/kadm5/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-tags: TAGS
-TAGS:
-
-ctags: CTAGS
-CTAGS:
-
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile all-local
-installdirs:
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-generic
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool dist-hook distclean \
-	distclean-generic distclean-libtool distdir dvi dvi-am html \
-	html-am info info-am install install-am install-data \
-	install-data-am install-data-hook install-dvi install-dvi-am \
-	install-exec install-exec-am install-exec-hook install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-ps install-ps-am \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	uninstall uninstall-am uninstall-hook
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/include/make_crypto.c b/crypto/heimdal/include/make_crypto.c
deleted file mode 100644
index 2df17a555e88..000000000000
--- a/crypto/heimdal/include/make_crypto.c
+++ /dev/null
@@ -1,111 +0,0 @@
-/*
- * Copyright (c) 2002 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: make_crypto.c 19477 2006-12-20 19:51:53Z lha $");
-#endif
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <ctype.h>
-
-int
-main(int argc, char **argv)
-{
-    char *p;
-    FILE *f;
-    if(argc != 2) {
-	fprintf(stderr, "Usage: make_crypto file\n");
-	exit(1);
-    }
-    if (strcmp(argv[1], "--version") == 0) {
-	printf("some version");
-	return 0;
-    }
-    f = fopen(argv[1], "w");
-    if(f == NULL) {
-	perror(argv[1]);
-	exit(1);
-    }
-    for(p = argv[1]; *p; p++)
-	if(!isalnum((unsigned char)*p))
-	    *p = '_';
-    fprintf(f, "#ifndef __%s__\n", argv[1]);
-    fprintf(f, "#define __%s__\n", argv[1]);
-#ifdef HAVE_OPENSSL
-    fputs("#ifndef OPENSSL_DES_LIBDES_COMPATIBILITY\n", f);
-    fputs("#define OPENSSL_DES_LIBDES_COMPATIBILITY\n", f);
-    fputs("#endif\n", f);
-    fputs("#include <openssl/evp.h>\n", f);
-    fputs("#include <openssl/des.h>\n", f);
-    fputs("#include <openssl/rc4.h>\n", f);
-    fputs("#include <openssl/rc2.h>\n", f);
-    fputs("#include <openssl/md2.h>\n", f);
-    fputs("#include <openssl/md4.h>\n", f);
-    fputs("#include <openssl/md5.h>\n", f);
-    fputs("#include <openssl/sha.h>\n", f);
-    fputs("#include <openssl/aes.h>\n", f);
-    fputs("#include <openssl/ui.h>\n", f);
-    fputs("#include <openssl/rand.h>\n", f);
-    fputs("#include <openssl/engine.h>\n", f);
-    fputs("#include <openssl/pkcs12.h>\n", f);
-    fputs("#include <openssl/pem.h>\n", f);
-    fputs("#include <openssl/hmac.h>\n", f);
-    fputs("#ifndef BN_is_negative\n", f);
-    fputs("#define BN_set_negative(bn, flag) ((bn)->neg=(flag)?1:0)\n", f);
-    fputs("#define BN_is_negative(bn) ((bn)->neg != 0)\n", f);
-    fputs("#endif\n", f);
-#else
-    fputs("#ifdef KRB5\n", f);
-    fputs("#include <krb5-types.h>\n", f);
-    fputs("#endif\n", f);
-    fputs("#include <hcrypto/evp.h>\n", f);
-    fputs("#include <hcrypto/des.h>\n", f);
-    fputs("#include <hcrypto/md2.h>\n", f);
-    fputs("#include <hcrypto/md4.h>\n", f);
-    fputs("#include <hcrypto/md5.h>\n", f);
-    fputs("#include <hcrypto/sha.h>\n", f);
-    fputs("#include <hcrypto/rc4.h>\n", f);
-    fputs("#include <hcrypto/rc2.h>\n", f);
-    fputs("#include <hcrypto/aes.h>\n", f);
-    fputs("#include <hcrypto/ui.h>\n", f);
-    fputs("#include <hcrypto/rand.h>\n", f);
-    fputs("#include <hcrypto/engine.h>\n", f);
-    fputs("#include <hcrypto/pkcs12.h>\n", f);
-    fputs("#include <hcrypto/hmac.h>\n", f);
-#endif
-    fprintf(f, "#endif /* __%s__ */\n", argv[1]);
-    fclose(f);
-    exit(0);
-}
diff --git a/crypto/heimdal/install-sh b/crypto/heimdal/install-sh
deleted file mode 100755
index 4fbbae7b7ff9..000000000000
--- a/crypto/heimdal/install-sh
+++ /dev/null
@@ -1,507 +0,0 @@
-#!/bin/sh
-# install - install a program, script, or datafile
-
-scriptversion=2006-10-14.15
-
-# This originates from X11R5 (mit/util/scripts/install.sh), which was
-# later released in X11R6 (xc/config/util/install.sh) with the
-# following copyright and license.
-#
-# Copyright (C) 1994 X Consortium
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy
-# of this software and associated documentation files (the "Software"), to
-# deal in the Software without restriction, including without limitation the
-# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
-# sell copies of the Software, and to permit persons to whom the Software is
-# furnished to do so, subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in
-# all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
-# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
-# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
-# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-#
-# Except as contained in this notice, the name of the X Consortium shall not
-# be used in advertising or otherwise to promote the sale, use or other deal-
-# ings in this Software without prior written authorization from the X Consor-
-# tium.
-#
-#
-# FSF changes to this file are in the public domain.
-#
-# Calling this script install-sh is preferred over install.sh, to prevent
-# `make' implicit rules from creating a file called install from it
-# when there is no Makefile.
-#
-# This script is compatible with the BSD install script, but was written
-# from scratch.
-
-nl='
-'
-IFS=" ""	$nl"
-
-# set DOITPROG to echo to test this script
-
-# Don't use :- since 4.3BSD and earlier shells don't like it.
-doit="${DOITPROG-}"
-if test -z "$doit"; then
-  doit_exec=exec
-else
-  doit_exec=$doit
-fi
-
-# Put in absolute file names if you don't have them in your path;
-# or use environment vars.
-
-mvprog="${MVPROG-mv}"
-cpprog="${CPPROG-cp}"
-chmodprog="${CHMODPROG-chmod}"
-chownprog="${CHOWNPROG-chown}"
-chgrpprog="${CHGRPPROG-chgrp}"
-stripprog="${STRIPPROG-strip}"
-rmprog="${RMPROG-rm}"
-mkdirprog="${MKDIRPROG-mkdir}"
-
-posix_glob=
-posix_mkdir=
-
-# Desired mode of installed file.
-mode=0755
-
-chmodcmd=$chmodprog
-chowncmd=
-chgrpcmd=
-stripcmd=
-rmcmd="$rmprog -f"
-mvcmd="$mvprog"
-src=
-dst=
-dir_arg=
-dstarg=
-no_target_directory=
-
-usage="Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
-   or: $0 [OPTION]... SRCFILES... DIRECTORY
-   or: $0 [OPTION]... -t DIRECTORY SRCFILES...
-   or: $0 [OPTION]... -d DIRECTORIES...
-
-In the 1st form, copy SRCFILE to DSTFILE.
-In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
-In the 4th, create DIRECTORIES.
-
-Options:
--c         (ignored)
--d         create directories instead of installing files.
--g GROUP   $chgrpprog installed files to GROUP.
--m MODE    $chmodprog installed files to MODE.
--o USER    $chownprog installed files to USER.
--s         $stripprog installed files.
--t DIRECTORY  install into DIRECTORY.
--T         report an error if DSTFILE is a directory.
---help     display this help and exit.
---version  display version info and exit.
-
-Environment variables override the default commands:
-  CHGRPPROG CHMODPROG CHOWNPROG CPPROG MKDIRPROG MVPROG RMPROG STRIPPROG
-"
-
-while test $# -ne 0; do
-  case $1 in
-    -c) shift
-        continue;;
-
-    -d) dir_arg=true
-        shift
-        continue;;
-
-    -g) chgrpcmd="$chgrpprog $2"
-        shift
-        shift
-        continue;;
-
-    --help) echo "$usage"; exit $?;;
-
-    -m) mode=$2
-        shift
-        shift
-	case $mode in
-	  *' '* | *'	'* | *'
-'*	  | *'*'* | *'?'* | *'['*)
-	    echo "$0: invalid mode: $mode" >&2
-	    exit 1;;
-	esac
-        continue;;
-
-    -o) chowncmd="$chownprog $2"
-        shift
-        shift
-        continue;;
-
-    -s) stripcmd=$stripprog
-        shift
-        continue;;
-
-    -t) dstarg=$2
-	shift
-	shift
-	continue;;
-
-    -T) no_target_directory=true
-	shift
-	continue;;
-
-    --version) echo "$0 $scriptversion"; exit $?;;
-
-    --)	shift
-	break;;
-
-    -*)	echo "$0: invalid option: $1" >&2
-	exit 1;;
-
-    *)  break;;
-  esac
-done
-
-if test $# -ne 0 && test -z "$dir_arg$dstarg"; then
-  # When -d is used, all remaining arguments are directories to create.
-  # When -t is used, the destination is already specified.
-  # Otherwise, the last argument is the destination.  Remove it from $@.
-  for arg
-  do
-    if test -n "$dstarg"; then
-      # $@ is not empty: it contains at least $arg.
-      set fnord "$@" "$dstarg"
-      shift # fnord
-    fi
-    shift # arg
-    dstarg=$arg
-  done
-fi
-
-if test $# -eq 0; then
-  if test -z "$dir_arg"; then
-    echo "$0: no input file specified." >&2
-    exit 1
-  fi
-  # It's OK to call `install-sh -d' without argument.
-  # This can happen when creating conditional directories.
-  exit 0
-fi
-
-if test -z "$dir_arg"; then
-  trap '(exit $?); exit' 1 2 13 15
-
-  # Set umask so as not to create temps with too-generous modes.
-  # However, 'strip' requires both read and write access to temps.
-  case $mode in
-    # Optimize common cases.
-    *644) cp_umask=133;;
-    *755) cp_umask=22;;
-
-    *[0-7])
-      if test -z "$stripcmd"; then
-	u_plus_rw=
-      else
-	u_plus_rw='% 200'
-      fi
-      cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
-    *)
-      if test -z "$stripcmd"; then
-	u_plus_rw=
-      else
-	u_plus_rw=,u+rw
-      fi
-      cp_umask=$mode$u_plus_rw;;
-  esac
-fi
-
-for src
-do
-  # Protect names starting with `-'.
-  case $src in
-    -*) src=./$src ;;
-  esac
-
-  if test -n "$dir_arg"; then
-    dst=$src
-    dstdir=$dst
-    test -d "$dstdir"
-    dstdir_status=$?
-  else
-
-    # Waiting for this to be detected by the "$cpprog $src $dsttmp" command
-    # might cause directories to be created, which would be especially bad
-    # if $src (and thus $dsttmp) contains '*'.
-    if test ! -f "$src" && test ! -d "$src"; then
-      echo "$0: $src does not exist." >&2
-      exit 1
-    fi
-
-    if test -z "$dstarg"; then
-      echo "$0: no destination specified." >&2
-      exit 1
-    fi
-
-    dst=$dstarg
-    # Protect names starting with `-'.
-    case $dst in
-      -*) dst=./$dst ;;
-    esac
-
-    # If destination is a directory, append the input filename; won't work
-    # if double slashes aren't ignored.
-    if test -d "$dst"; then
-      if test -n "$no_target_directory"; then
-	echo "$0: $dstarg: Is a directory" >&2
-	exit 1
-      fi
-      dstdir=$dst
-      dst=$dstdir/`basename "$src"`
-      dstdir_status=0
-    else
-      # Prefer dirname, but fall back on a substitute if dirname fails.
-      dstdir=`
-	(dirname "$dst") 2>/dev/null ||
-	expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-	     X"$dst" : 'X\(//\)[^/]' \| \
-	     X"$dst" : 'X\(//\)$' \| \
-	     X"$dst" : 'X\(/\)' \| . 2>/dev/null ||
-	echo X"$dst" |
-	    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
-		   s//\1/
-		   q
-		 }
-		 /^X\(\/\/\)[^/].*/{
-		   s//\1/
-		   q
-		 }
-		 /^X\(\/\/\)$/{
-		   s//\1/
-		   q
-		 }
-		 /^X\(\/\).*/{
-		   s//\1/
-		   q
-		 }
-		 s/.*/./; q'
-      `
-
-      test -d "$dstdir"
-      dstdir_status=$?
-    fi
-  fi
-
-  obsolete_mkdir_used=false
-
-  if test $dstdir_status != 0; then
-    case $posix_mkdir in
-      '')
-	# Create intermediate dirs using mode 755 as modified by the umask.
-	# This is like FreeBSD 'install' as of 1997-10-28.
-	umask=`umask`
-	case $stripcmd.$umask in
-	  # Optimize common cases.
-	  *[2367][2367]) mkdir_umask=$umask;;
-	  .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
-
-	  *[0-7])
-	    mkdir_umask=`expr $umask + 22 \
-	      - $umask % 100 % 40 + $umask % 20 \
-	      - $umask % 10 % 4 + $umask % 2
-	    `;;
-	  *) mkdir_umask=$umask,go-w;;
-	esac
-
-	# With -d, create the new directory with the user-specified mode.
-	# Otherwise, rely on $mkdir_umask.
-	if test -n "$dir_arg"; then
-	  mkdir_mode=-m$mode
-	else
-	  mkdir_mode=
-	fi
-
-	posix_mkdir=false
-	case $umask in
-	  *[123567][0-7][0-7])
-	    # POSIX mkdir -p sets u+wx bits regardless of umask, which
-	    # is incompatible with FreeBSD 'install' when (umask & 300) != 0.
-	    ;;
-	  *)
-	    tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
-	    trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
-
-	    if (umask $mkdir_umask &&
-		exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
-	    then
-	      if test -z "$dir_arg" || {
-		   # Check for POSIX incompatibilities with -m.
-		   # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
-		   # other-writeable bit of parent directory when it shouldn't.
-		   # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
-		   ls_ld_tmpdir=`ls -ld "$tmpdir"`
-		   case $ls_ld_tmpdir in
-		     d????-?r-*) different_mode=700;;
-		     d????-?--*) different_mode=755;;
-		     *) false;;
-		   esac &&
-		   $mkdirprog -m$different_mode -p -- "$tmpdir" && {
-		     ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
-		     test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
-		   }
-		 }
-	      then posix_mkdir=:
-	      fi
-	      rmdir "$tmpdir/d" "$tmpdir"
-	    else
-	      # Remove any dirs left behind by ancient mkdir implementations.
-	      rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
-	    fi
-	    trap '' 0;;
-	esac;;
-    esac
-
-    if
-      $posix_mkdir && (
-	umask $mkdir_umask &&
-	$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
-      )
-    then :
-    else
-
-      # The umask is ridiculous, or mkdir does not conform to POSIX,
-      # or it failed possibly due to a race condition.  Create the
-      # directory the slow way, step by step, checking for races as we go.
-
-      case $dstdir in
-	/*) prefix=/ ;;
-	-*) prefix=./ ;;
-	*)  prefix= ;;
-      esac
-
-      case $posix_glob in
-        '')
-	  if (set -f) 2>/dev/null; then
-	    posix_glob=true
-	  else
-	    posix_glob=false
-	  fi ;;
-      esac
-
-      oIFS=$IFS
-      IFS=/
-      $posix_glob && set -f
-      set fnord $dstdir
-      shift
-      $posix_glob && set +f
-      IFS=$oIFS
-
-      prefixes=
-
-      for d
-      do
-	test -z "$d" && continue
-
-	prefix=$prefix$d
-	if test -d "$prefix"; then
-	  prefixes=
-	else
-	  if $posix_mkdir; then
-	    (umask=$mkdir_umask &&
-	     $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
-	    # Don't fail if two instances are running concurrently.
-	    test -d "$prefix" || exit 1
-	  else
-	    case $prefix in
-	      *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
-	      *) qprefix=$prefix;;
-	    esac
-	    prefixes="$prefixes '$qprefix'"
-	  fi
-	fi
-	prefix=$prefix/
-      done
-
-      if test -n "$prefixes"; then
-	# Don't fail if two instances are running concurrently.
-	(umask $mkdir_umask &&
-	 eval "\$doit_exec \$mkdirprog $prefixes") ||
-	  test -d "$dstdir" || exit 1
-	obsolete_mkdir_used=true
-      fi
-    fi
-  fi
-
-  if test -n "$dir_arg"; then
-    { test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
-    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
-    { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
-      test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
-  else
-
-    # Make a couple of temp file names in the proper directory.
-    dsttmp=$dstdir/_inst.$$_
-    rmtmp=$dstdir/_rm.$$_
-
-    # Trap to clean up those temp files at exit.
-    trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
-
-    # Copy the file name to the temp name.
-    (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
-
-    # and set any options; do chmod last to preserve setuid bits.
-    #
-    # If any of these fail, we abort the whole thing.  If we want to
-    # ignore errors from any of these, just make sure not to ignore
-    # errors from the above "$doit $cpprog $src $dsttmp" command.
-    #
-    { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } \
-      && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } \
-      && { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } \
-      && { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
-
-    # Now rename the file to the real destination.
-    { $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null \
-      || {
-	   # The rename failed, perhaps because mv can't rename something else
-	   # to itself, or perhaps because mv is so ancient that it does not
-	   # support -f.
-
-	   # Now remove or move aside any old file at destination location.
-	   # We try this two ways since rm can't unlink itself on some
-	   # systems and the destination file might be busy for other
-	   # reasons.  In this case, the final cleanup might fail but the new
-	   # file should still install successfully.
-	   {
-	     if test -f "$dst"; then
-	       $doit $rmcmd -f "$dst" 2>/dev/null \
-	       || { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null \
-		     && { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }; }\
-	       || {
-		 echo "$0: cannot unlink or rename $dst" >&2
-		 (exit 1); exit 1
-	       }
-	     else
-	       :
-	     fi
-	   } &&
-
-	   # Now rename the file to the real destination.
-	   $doit $mvcmd "$dsttmp" "$dst"
-	 }
-    } || exit 1
-
-    trap '' 0
-  fi
-done
-
-# Local variables:
-# eval: (add-hook 'write-file-hooks 'time-stamp)
-# time-stamp-start: "scriptversion="
-# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-end: "$"
-# End:
diff --git a/crypto/heimdal/kadmin/ChangeLog b/crypto/heimdal/kadmin/ChangeLog
deleted file mode 100644
index ef1d458127fe..000000000000
--- a/crypto/heimdal/kadmin/ChangeLog
+++ /dev/null
@@ -1,1044 +0,0 @@
-2007-12-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kadmin.c: Use hdb_db_dir().
-
-	* kadmind.c: Use hdb_db_dir().
-
-2007-07-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* util.c: Clear error string, just to be sure.
-
-2007-05-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kadmin-commands.in: modify --pkinit-acl
-
-	* mod.c: add pk-init command
-	
-2007-02-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kadmin.8: document kadmin add_enctype functionallity.
-
-	* Makefile.am: Add new command, add_enctype.
-
-	* kadmin-commands.in: Add new command, add_enctype.
-
-	* add_enctype.c: Add support for adding a random key enctype to a
-	principal.
-	
-2007-02-17  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* mod.c: add setting and displaying aliases
-
-	* get.c: add setting and displaying aliases
-
-	* kadmin-commands.in: add setting and displaying aliases
-
-2006-12-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* util.c: Make str2time_t parser more robust.
-
-	* Makefile.am: Add test_util test program.
-
-	* test_util.c: Test str2time_t parser.
-	
-2006-12-05  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* add-random-users.c: Use strcspn to remove \n from fgets
-	result. Prompted by change by Ray Lai of OpenBSD via Bj�rn
-	Sandell.
-	
-2006-10-22  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* mod.c: Try to not leak memory.
-
-	* check.c: Try to not leak memory.
-	
-2006-10-07  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: split build files into dist_ and noinst_ SOURCES
-	
-2006-08-28  Love H�rnquist �strand <lha@it.su.se>
-
-	* kadmin.c (help): use sl_slc_help().
-	
-2006-08-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* util.c: Add KRB5_KDB_ALLOW_DIGEST
-	
-2006-07-14  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* get.c (format_field): optionally print issuer and anchor.
-	
-2006-06-21  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* check.c: Check if afs@REALM and afs/cellname@REALM both exists.
-	
-2006-06-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* util.c (kdb_attrs): Add KRB5_KDB_ALLOW_KERBEROS4
-	
-2006-06-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* mod.c (do_mod_entry): Add setting 1 delegation entry
-	
-2006-06-01  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* server.c: Less shadowing.
-	
-2006-05-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: kadmin_SOURCES += add check.c
-
-	* kadmin_locl.h: Avoid shadowing.
-
-	* kadmin.8: Document the new check command.
-
-	* kadmin-commands.in: Add check command
-
-	* check.c: Check database for strange configurations on default
-	principals.
-	
-2006-05-08  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* server.c (kadm_get_privs): one less "pointer targets in passing
-	argument differ in signedness" warning.
-	
-2006-05-05  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* dump-format.txt: Moved to info documentation.
-
-	* Rename u_intXX_t to uintXX_t
-	
-2006-05-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kadmin.8: spelling, update .Dd
-	
-2006-04-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* add-random-users.c: Catch empty file case. From Tobias
-	Stoeckmann.
-	
-2006-04-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* random_password.c (generate_password): memory leak in error
-	condition case From Coverity NetBSD CID#1887
-	
-2006-02-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cpw.c (cpw_entry): make sure ret have a defined value
-
-	* del.c (del_entry): make sure ret have a defined value
-
-	* mod.c: Return error code so that toplevel function can catch
-	them.
-	
-2006-01-25  Love H�rnquist �strand <lha@it.su.se>
-
-	* cpw.c (cpw_entry): return 1 on failure.
-
-	* rename.c (rename_entry): return 1 on failure.
-
-	* del.c (del_entry): return 1 on failure.
-
-	* ank.c (add_new_key): return 1 on failure.
-
-	* get.c: Add printing of pkinit-acls. Don't print password by
-	default. Return 1 on failure processing any of the principals.
-
-	* util.c (foreach_principal): If any of calls to `func' failes,
-	the first error is returned when all principals are processed.
-	
-2005-12-01  Love H�rnquist �strand <lha@it.su.se>
-	
-	* kadmin-commands.in: Add ank as an alias to add, it lost in
-	transition to slc, from M�ns Nilsson.
-	
-2005-09-14  Love H�rquist �strand  <lha@it.su.se>
-
-	* dump-format.txt: Add extensions, fill in missing fields.
-
-2005-09-08  Love H�rquist �strand  <lha@it.su.se>
-
-	* init.c (create_random_entry): create principal with random
-	password even though its disabled. From Andrew Bartlet
-	<abartlet@samba.org>
-	
-2005-09-01  Love H�rquist �strand  <lha@it.su.se>
-
-	* kadm_conn.c: Use socket_set_reuseaddr and socket_set_ipv6only.
-	
-2005-08-11  Love H�rquist �strand  <lha@it.su.se>
-
-	* get.c: Remove structure that is never used (sneaked in the large
-	TL_DATA patch).
-
-	* kadmin-commands.in: Rename password-quality to
-	verify-password-quality.
-	
-	* get.c: Indent.
-	
-	* server.c: Avoid shadowing exp().
-
-	* load.c: Parse extensions.
-
-	* kadmin_locl.h: Include <hex.h>.
-	
-	* get.c: Extend struct field_name to have a subvalue and a
-	extra_mask.  Use that to implement printing of KADM5_TL_DATA
-	options and fix a dependency bug (keys needed principal to print
-	the salting).
-	
-2005-07-08  Love H�rquist �strand  <lha@it.su.se>
-
-	* lower amount of shadow and const warnings
-
-2005-06-07  David Love  <fx@gnu.org>
-
-	* dump-format.txt: Clarify, spelling and add examples.
-	
-2005-05-30  Love H�rquist �strand  <lha@it.su.se>
-
-	* util.c (kdb_attrs): add ok-as-delegate
-
-	* get.c (getit): init data.mask to 0.  Problem found by Andrew
-	Bartlett <abartlet@samba.org>
-
-2005-05-09  Love H�rquist �strand  <lha@it.su.se>
-
-	* kadmin.c (main): catch -2 as EOF
-
-2005-05-03  Dave Love  <d.love@dl.ac.uk>
-
-	* init.c (init): Don't disable forwardable for kadmin/changepw.
-
-2005-05-02  Dave Love  <d.love@dl.ac.uk>
-
-	* kadmin.c (help): Don't use non-constant initializer for `fake'.
-
-2005-04-20  Love H�rquist �strand  <lha@it.su.se>
-
-	* util.c (foreach_principal): initialize ret to make sure it have
-	a value
-
-2005-04-04  Love H�rquist �strand  <lha@it.su.se>
-
-	* kadmind.c: add verifier libraries with
-	kadm5_add_passwd_quality_verifier
-
-	* kadmin.c: add verifier libraries with
-	kadm5_add_passwd_quality_verifier
-
-	* load.c: max-life and max-renew is of unsigned int in asn1
-	compiler, use that for the parser too
-
-2005-03-26  Love H�rquist �strand  <lha@it.su.se>
-
-	* kadmin.8: List of attributes, from James F.  Hranicky
-	<jfh@cise.ufl.edu>
-
-2005-01-19  Love H�rquist �strand  <lha@it.su.se>
-
-	* dump.c (dump): handle errors
-
-2005-01-08 Love H�rquist �strand <lha@it.su.se>
-
-	* dump-format.txt: text dump format
-
-2004-12-08  Love H�rquist �strand  <lha@it.su.se>
-
-	* kadmind.8: use keeps around options, from OpenBSD
-	
-	* kadmin.8: use keeps around options, "improve" spelling, from
-	openbsd
-
-2004-11-01  Love H�rquist �strand  <lha@it.su.se>
-
-	* get.c (getit): always free columns
-	
-	* ank.c (add_one_principal): catch error from
-	UI_UTIL_read_pw_string
-
-2004-10-31  Love H�rquist �strand  <lha@it.su.se>
-
-	* del_enctype.c (del_enctype): fix off-by-one error in del_enctype
-	From: <ragge@ludd.luth.se>
-	
-2004-08-13  Love H�rquist �strand  <lha@it.su.se>
-
-	* get.c: print keytypes on long format
-	
-2004-07-06  Love H�rquist �strand  <lha@it.su.se>
-
-	* get.c (format_field): allow mod_name to be optional
-	
-	* ext.c (do_ext_keytab): if there isn't any keydata, try using
-	kadm5_randkey_principal
-
-2004-07-02  Love H�rquist �strand  <lha@it.su.se>
-
-	* load.c: make merge/load work again
-	
-	* del.c: fix usage string
-	
-	* ank.c: fix slc lossage
-	
-2004-06-28  Love H�rquist �strand  <lha@it.su.se>
-
-	* kadmin.c: use kadm5_ad_init_with_password_ctx
-	
-2004-06-27  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kadmin.8: document get -o and stash
-	
-	* get.c: implement output column selection, similar to ps -o
-	
-	* kadmin-commands.in: make get -l the default again, and add
-	column selection flag; sync list with get
-	
-2004-06-24  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kadmin-commands.in: mod needs default kvno of -1
-	
-2004-06-21  Johan Danielsson  <joda@pdc.kth.se>
-	
-	* kadmin: convert to use slc; also add stash subcommand
-
-2004-06-15  Love H�rquist �strand  <lha@it.su.se>
-
-	* kadmin.c (main): keytab mode requires principal name
-	
-2004-06-12  Love H�rquist �strand  <lha@it.su.se>
-
-	* kadmind.c: drop keyfile, not used, found by
-	Elrond <elrond@samba-tng.org>
-	
-	* kadmin.c: if keyfile is set, pass in to libkadm5 bug pointed out
-	by Elrond <elrond@samba-tng.org>
-	
-2004-05-31  Love H�rquist �strand  <lha@it.su.se>
-
-	* kadmin.c: add --ad flag, XXX rewrite the init kadm5 interface
-	
-2004-05-13  Johan Danielsson  <joda@pdc.kth.se>
-
-	* nuke kerberos 4 kadmin goo
-
-2004-05-07  Johan Danielsson  <joda@pdc.kth.se>
-
-	* util.c (str2time_t): fix end-of-day logic, from Duncan
-	McEwan/Mark Davies.
-
-2004-04-29  Love H�rquist �strand  <lha@it.su.se>
-
-	* version4.c (handle_v4): make sure length is longer then 2,
-	Pointed out by Evgeny Demidov <demidov@gleg.net>
-	
-	* kadmind.c: make kerberos4 support default turned off
-	
-2004-03-24  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kadmin.8: update manpage
-	
-	* mod.c: allow wildcarding principals, and make parameters a work
-	same as if prompted
-	
-2004-03-08  Love H�rquist �strand  <lha@it.su.se>
-
-	* kadmin.8: document password-quality
-	
-	* kadmin_locl.h: add prototype for password_quality
-	
-	* kadmin.c: add password-quality/pwq command
-	
-	* Makefile.am: kadmin_SOURCES += pw_quality.c
-	
-	* pw_quality.c: test run the password quality function
-	
-2004-03-07  Love H�rquist �strand  <lha@it.su.se>
-
-	* ank.c (add_one_principal): even though the principal is disabled
-	(creation of random key/keydata), create it with a random password
-	
-2003-12-07  Love H�rquist �strand  <lha@it.su.se>
-
-	* init.c (create_random_entry): print error message on failure
-	
-	* ank.c (add_one_principal): pass right argument to
-	kadm5_free_principal_ent From Panasas, Inc
-	
-2003-11-18  Love H�rquist �strand  <lha@it.su.se>
-
-	* kadmind.c (main): move opening the logfile to after reading
-	kdc.conf move the loading of hdb keytab ops closer to where its
-	used From: Jeffrey Hutzelman <jhutz@cmu.edu>
-	
-2003-10-04  Love H�rquist �strand  <lha@it.su.se>
-
-	* util.c (str2time_t): allow whitespace between date and time
-	From: Bob Beck <beck@cvs.openbsd.org> and adharw@yahoo.com
-	
-2003-09-03  Love H�rquist �strand  <lha@it.su.se>
-
-	* ank.c: s/des_read_pw_string/UI_UTIL_read_pw_string/
-	
-	* cpw.c: s/des_read_pw_string/UI_UTIL_read_pw_string/
-	
-2003-08-21  Love H�rquist �strand  <lha@it.su.se>
-
-	* get.c (print_entry_terse): handle error when unparsing name
-	
-2003-08-18  Love H�rquist �strand  <lha@it.su.se>
-
-	* kadmind.c (main): use krb5_prepend_config_files_default, now all
-	options in kdc.conf is parsed, not just [kdc]key-file=
-	
-	* kadmin.c (main): use krb5_prepend_config_files_default, now all
-	options in kdc.conf is parsed, not just [kdc]key-file=
-	
-2003-04-14  Love H�rquist �strand  <lha@it.su.se>
-
-	* util.c: cast argument to tolower to unsigned char, from
-	Christian Biere <christianbiere@gmx.de> via NetBSD
-	
-2003-04-06  Love H�rquist �strand <lha@it.su.se>
-
-	* kadmind.8: s/kerberos/Kerberos/
-	
-2003-03-31  Love H�rquist �strand  <lha@it.su.se>
-
-	* kadmin.8: initialises -> initializes, from Perry E. Metzger"
-	<perry@piermont.com>
-
-	* kadmin.c: principal, not pricipal. From Thomas Klausner
-	<wiz@netbsd.org>
-
-2003-02-04  Love H�rquist �strand  <lha@it.su.se>
-
-	* kadmind.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
-	
-	* kadmin.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
-	
-2003-01-29  Love H�rquist �strand  <lha@it.su.se>
-
-	* server.c (kadmind_dispatch): kadm_chpass: require the password
-	to pass the password quality check in case the user changes the
-	user's own password kadm_chpass_with_key: disallow the user to
-	change it own password to a key, since that password might violate
-	the password quality check.
-
-2002-12-03  Johan Danielsson  <joda@pdc.kth.se>
-
-	* util.c (get_response): print a newline if interrupted
-
-	* mod.c (mod_entry): check return value from edit_entry
-
-	* ank.c (add_one_principal): check return value from edit_entry
-
-	* ank.c (add_one_principal): don't continue if create_principal
-	fails
-
-	* init.c: check return value from edit_deltat
-
-	* init.c: add --help
-
-2002-10-29  Johan Danielsson  <joda@pdc.kth.se>
-
-	* version4.c: speling (from Tomas Olsson)
-
-2002-10-23  Assar Westerlund  <assar@kth.se>
-
-	* version4.c (decode_packet): check the length of the version
-	string and that rlen has a reasonable value
-
-2002-10-21  Johan Danielsson  <joda@pdc.kth.se>
-
-	* version4.c: check size of rlen
-
-2002-09-10  Johan Danielsson  <joda@pdc.kth.se>
-
-	* server.c: constify match_appl_version()
-
-	* version4.c: change some lingering krb_err_base
-
-2002-09-09  Jacques Vidrine  <nectar@kth.se>
-
-	* server.c (kadmind_dispatch): while decoding arguments for
-	kadm_chpass_with_key, sanity check the number of keys given.
-	Potential problem pointed out by
-	Sebastian Krahmer <krahmer@suse.de>.
-
-2002-09-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* load.c (parse_generation): return if there is no generation
-	(spotted by Daniel Kouril)
-
-2002-06-07  Jacques Vidrine <n@nectar.com>
-
-	* ank.c: do not attempt to free uninitialized pointer when
-	kadm5_randkey_principal fails.
-
-2002-06-07  Johan Danielsson  <joda@pdc.kth.se>
-
-	* util.c: remove unused variable; reported by Hans Insulander
-
-2002-03-05  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kadmind.8: clarify some acl wording, and add an example file
-
-2002-02-11  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ext.c: no need to use the "modify" keytab anymore
-
-2001-09-20  Assar Westerlund  <assar@sics.se>
-
-	* add-random-users.c: allocate several buffers for the list of
-	words, instead of one strdup per word (running under efence does
-	not work very well otherwise)
-
-2001-09-13  Assar Westerlund  <assar@sics.se>
-
-	* add-random-users.c: allow specifying the number of users to
-	create
-
-2001-08-24  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: rename variable name to avoid error from current
-	automake
-
-2001-08-22  Assar Westerlund  <assar@sics.se>
-
-	* kadmin_locl.h: include libutil.h if it exists
-
-2001-08-10  Johan Danielsson  <joda@pdc.kth.se>
-
-	* util.c: do something to handle C-c in prompts
-
-	* load.c: remove unused etypes code, and add parsing of the
-	generation field
-
-	* ank.c: add a --use-defaults option to just use default values
-	without questions
-
-	* kadmin.c: add "del" alias for delete
-
-	* cpw.c: call this operation "passwd" in usage
-
-	* kadmin_locl.h: prototype for set_defaults
-
-	* util.c (edit_entry): move setting of default values to a
-	separate function, set_defaults
-
-2001-08-01  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kadmin.c: print help message on bad options
-
-2001-07-31  Assar Westerlund  <assar@sics.se>
-
-	* add-random-users.c (main): handle --version
-
-2001-07-30  Johan Danielsson  <joda@pdc.kth.se>
-
-	* load.c: increase line buffer to 8k
-
-2001-06-12  Assar Westerlund  <assar@sics.se>
-
-	* ext.c (ext_keytab): use the default modify keytab per default
-
-2001-05-17  Assar Westerlund  <assar@sics.se>
-
-	* kadm_conn.c (start_server): fix krb5_eai_to_heim_errno call
-
-2001-05-15  Assar Westerlund  <assar@sics.se>
-
-	* kadmin.c (main): some error cleaning required
-
-2001-05-14  Assar Westerlund  <assar@sics.se>
-
-	* kadmind.c: new krb5_config_parse_file
-	* kadmin.c: new krb5_config_parse_file
-	* kadm_conn.c: update to new krb5_sockaddr2address
-
-2001-05-07  Assar Westerlund  <assar@sics.se>
-
-	* kadmin_locl.h (foreach_principal): update prototype
-	* get.c (getit): new foreach_principal
-	* ext.c (ext_keytab): new foreach_principal
-	* del.c (del_entry): new foreach_principal
-	* cpw.c (cpw_entry): new foreach_principal
-	* util.c (foreach_principal): add `funcname' and try printing the
-	error string
-
-2001-05-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rename.c: fix argument number test
-	
-2001-04-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* del_enctype.c: fix argument count check after getarg change;
-	spotted by mark@MCS.VUW.AC.NZ
-
-2001-02-15  Assar Westerlund  <assar@sics.se>
-
-	* kadmind.c (main): use a `struct sockaddr_storage' to be able to
-	store all types of addresses
-
-2001-02-07  Assar Westerlund  <assar@sics.se>
-
-	* kadmin.c: add --keytab / _K, from Leif Johansson
-	<leifj@it.su.se>
-
-2001-01-29  Assar Westerlund  <assar@sics.se>
-
-	* kadm_conn.c (spawn_child): close the newly created socket in the
-	packet, it's not used.  from <shadow@dementia.org>
-	* version4.c (decode_packet): check success of
-	krb5_425_conv_principal.  from <shadow@dementia.org>
-
-2001-01-12  Assar Westerlund  <assar@sics.se>
-
-	* util.c (parse_attributes): make empty string mean no attributes,
-	specifying the empty string at the command line should give you no
-	attributes, but just pressing return at the prompt gives you
-	default attributes
-	(edit_entry): only pick up values from the default principal if they
-	aren't set in the principal being edited
-
-2001-01-04  Assar Westerlund  <assar@sics.se>
-
-	* load.c (doit): print an error and bail out if storing an entry
-	in the database fails.  The most likely reason for it failing is
-	out-of-space.
-
-2000-12-31  Assar Westerlund  <assar@sics.se>
-
-	* kadmind.c (main): handle krb5_init_context failure consistently
-	* kadmin.c (main): handle krb5_init_context failure consistently
-	* add-random-users.c (add_user): handle krb5_init_context failure
-	consistently
-
-	* kadm_conn.c (spawn_child): use a struct sockaddr_storage
-
-2000-12-15  Johan Danielsson  <joda@pdc.kth.se>
-
-	* get.c: avoid asprintf'ing NULL strings
-
-2000-12-14  Johan Danielsson  <joda@pdc.kth.se>
-
-	* load.c: fix option parsing
-
-2000-11-16  Assar Westerlund  <assar@sics.se>
-
-	* kadm_conn.c (wait_for_connection): check for fd's being too
-	large to select on
-
-2000-11-09  Johan Danielsson  <joda@pdc.kth.se>
-
-	* get.c: don't try to print modifier name if it isn't set (from
-	Jacques A. Vidrine" <n@nectar.com>)
-
-2000-09-19  Assar Westerlund  <assar@sics.se>
-
-	* server.c (kadmind_loop): send in keytab to v4 handling function
-	* version4.c: allow the specification of what keytab to use
-
-	* get.c (print_entry_long): actually print the actual saltvalue
-	used if it's not the default
-
-2000-09-10  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kadmin.c: add option parsing, and add `privs' as an alias for
-	`privileges'
-
-	* init.c: complain if there's no realm name specified
-
-	* rename.c: add option parsing
-
-	* load.c: add option parsing
-
-	* get.c: make `get' and `list' aliases to each other, but with
-	different defaults
-
-	* del_enctype.c: add option parsing
-
-	* del.c: add option parsing
-
-	* ank.c: calling the command `add' make more sense from an english
-	pov
-
-	* Makefile.am: add kadmin manpage
-
-	* kadmin.8: short manpage
-
-	* kadmin.c: `quit' should be a alias for `exit', not `help'
-
-2000-08-27  Assar Westerlund  <assar@sics.se>
-
-	* server.c (handle_v5): do not try to perform stupid stunts when
-	printing errors
-
-2000-08-19  Assar Westerlund  <assar@sics.se>
-
-	* util.c (str2time_t): add alias for `now'.
-
-2000-08-18  Assar Westerlund  <assar@sics.se>
-
-	* server.c (handle_v5): accept any kadmin/admin@* principal as the
-	server
-	* kadmind.c: remove extra prototype of kadmind_loop
-	* kadmin_locl.h (kadmind_loop): add prototype
-	
-	* init.c (usage): print init-usage and not add-dito
-	
-2000-08-07  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kadmind.c: use roken_getsockname
-
-2000-08-07  Assar Westerlund  <assar@sics.se>
-
-	* kadmind.c, kadm_conn.c: use socklen_t instead of int where
-	appropriate.  From <thorpej@netbsd.org>
-
-2000-08-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: link with pidfile library
-
-	* kadmind.c: write a pid file, and setup password quality
-	functions
-
-	* kadmin_locl.h: util.h
-
-2000-07-27  Assar Westerlund  <assar@sics.se>
-
-	* version4.c (decode_packet): be totally consistent with the
-	prototype of des_cbc_cksum
-	* kadmind.c: use sa_size instead of sa_len, some systems define
-	this to emulate anonymous unions
-	* kadm_conn.c: use sa_size instead of sa_len, some systems define
-	this to emulate anonymous unions
-
-2000-07-24  Assar Westerlund  <assar@sics.se>
-
-	* kadmin.c (commands): add quit
-	* load.c (doit): truncate the log since there's no way of knowing
-	what changes are going to be added
-
-2000-07-23  Assar Westerlund  <assar@sics.se>
-
-	* util.c (str2time_t): be more careful with strptime that might
-	zero out the `struct tm'
-
-2000-07-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kadm_conn.c: make the parent process wait for children and
-	terminate after receiving a signal, also terminate on SIGINT
-
-2000-07-22  Assar Westerlund  <assar@sics.se>
-
-	* version4.c: map both princ_expire_time and pw_expiration to v4
-	principal expiration
-
-2000-07-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* version4.c (handle_v4): check for termination
-
-	* server.c (v5_loop): check for termination
-
-	* kadm_conn.c (wait_term): if we're doing something, set just set
-	a flag otherwise exit rightaway
-
-	* server.c: use krb5_read_priv_message; (v5_loop): check for EOF
-
-2000-07-21  Assar Westerlund  <assar@sics.se>
-
-	* kadm_conn.c: remove sys/select.h.  make signal handlers
-	type-correct and static
-
-	* kadmin_locl.h: add limits.h and sys/select.h
-
-2000-07-20  Assar Westerlund  <assar@sics.se>
-
-	* init.c (init): also create `kadmin/hprop'
-	* kadmind.c: ports is a string argument
-	* kadm_conn.c (start_server): fix printf format
-
-	* kadmin_locl.h: add <sys/select.h>
-	* kadm_conn.c: remove sys/select.h.  make signal handlers
-	type-correct and static
-
-	* kadmin_locl.h: add limits.h and sys/select.h
-
-2000-07-17  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kadm_conn.c: put all processes in a new process group
-
-	* server.c (v5_loop): use krb5_{read,write}_priv_message
-
-2000-07-11  Johan Danielsson  <joda@pdc.kth.se>
-
-	* version4.c: change log strings to match the v5 counterparts
-
-	* mod.c: allow setting kvno
-
-	* kadmind.c: if stdin is not a socket create and listen to sockets
-
-	* kadm_conn.c: socket creation functions
-
-	* util.c (deltat2str): treat 0 and INT_MAX as never
-
-2000-07-08  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (INCLUDES): add ../lib/krb5
-	* kadmin_locl.h: add krb5_locl.h (since we just use some stuff
-	from there)
-
-2000-06-07  Assar Westerlund  <assar@sics.se>
-
-	* add-random-users.c: new testing program that adds a number of
-	randomly generated users
-
-2000-04-12  Assar Westerlund  <assar@sics.se>
-
-	* cpw.c (do_cpw_entry): call set_password if no argument is given,
-	it will prompt for the password.
-	* kadmin.c: make help only print the commands that are actually
-	available.
-
-2000-04-03  Assar Westerlund  <assar@sics.se>
-
-	* del_enctype.c (del_enctype): set ignore correctly
-
-2000-04-02  Assar Westerlund  <assar@sics.se>
-
-	* kadmin.c (main): make parse errors a fatal error
-	* init.c (init): create changepw/kerberos with disallow-tgt and
-	pwchange attributes
-
-2000-03-23  Assar Westerlund  <assar@sics.se>
-
-	* util.c (hex2n, parse_des_key): add
-	* server.c (kadmind_dispatch): add kadm_chpass_with_key
-	* cpw.c: add --key
-	* ank.c: add --key
-
-2000-02-16  Assar Westerlund  <assar@sics.se>
-
-	* load.c (doit): check return value from parse_hdbflags2int
-	correctly
-
-2000-01-25  Assar Westerlund  <assar@sics.se>
-
-	* load.c: checking all parsing for errors and all memory
-	allocations also
-
-2000-01-02  Assar Westerlund  <assar@sics.se>
-
-	* server.c: check initial flag in ticket and allow users to change
-	their own password if it's set
-	* ext.c (do_ext_keytab): set timestamp
-
-1999-12-14  Assar Westerlund  <assar@sics.se>
-
-	* del_enctype.c (usage): don't use arg_printusage
-
-1999-11-25  Assar Westerlund  <assar@sics.se>
-
-	* del_enctype.c (del_enctype): try not to leak memory
-
-	* version4.c (kadm_ser_mod): use kadm5_s_modify_principal (no
- 	_with_key)
-
-	* kadmin.c: add `del_enctype'
-
-	* del_enctype.c (del_enctype): new function for deleting enctypes
-	from a principal
-
-	* Makefile.am (kadmin_SOURCES): add del_enctype.c
-
-1999-11-09  Johan Danielsson  <joda@pdc.kth.se>
-
-	* server.c: cope with old clients
-
-	* kadmin_locl.h: remove version string
-
-1999-10-17  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (kadmin_LDADD): add LIB_dlopen
-
-1999-10-01  Assar Westerlund  <assar@sics.se>
-
-	* ank.c (add_one_principal): `password' can cactually be NULL in
- 	the overwrite code, check for it.
-
-1999-09-20  Assar Westerlund  <assar@sics.se>
-
-	* mod.c (mod_entry): print the correct principal name in error
- 	messages.  From Love <lha@e.kth.se>
-
-1999-09-10  Assar Westerlund  <assar@sics.se>
-
-	* init.c (init): also create `changepw/kerberos'
-
-	* version4.c: only create you loose packets when we fail decoding
- 	and not when an operation is not performed for some reason
-	(decode_packet): read the service key from the hdb
-	(dispatch, decode_packet): return proper error messages
-
-	* version4.c (kadm_ser_cpw): add password quality functions
-
-1999-08-27  Johan Danielsson  <joda@pdc.kth.se>
-
-	* server.c (handle_v5): give more informative message if
-	KRB5_KT_NOTFOUND
-
-1999-08-26  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kadmind.c: use HDB keytabs
-
-1999-08-25  Assar Westerlund  <assar@sics.se>
-
-	* cpw.c (set_password): use correct variable.  From Love
- 	<lha@e.kth.se>
-
-	* server.c (v5_loop): use correct error code
-
-	* ank.c (add_one_principal): initialize `default_ent'
-
-1999-08-21  Assar Westerlund  <assar@sics.se>
-
-	* random_password.c: new file, stolen from krb4
-
-	* kadmin_locl.h: add prototype for random_password
-
-	* cpw.c: add support for --random-password
-
-	* ank.c: add support for --random-password
-
-	* Makefile.am (kadmin_SOURCES): add random_password.c
-
-1999-08-19  Assar Westerlund  <assar@sics.se>
-
-	* util.c (edit_timet): break when we manage to parse the time not
- 	the inverse.
-
-	* mod.c: add parsing of lots of options.  From Love
- 	<lha@stacken.kth.se>
-
-	* ank.c: add setting of expiration and password expiration
-
-	* kadmin_locl.h: update util.c prototypes
-
-	* util.c: move-around.  clean-up, rename, make consistent (and
- 	some other weird stuff).  based on patches from Love
- 	<lha@stacken.kth.se>
-
-	* version4.c (kadm_ser_cpw): initialize password
-	(handle_v4): remove unused variable `ret'
-
-1999-08-16  Assar Westerlund  <assar@sics.se>
-
-	* version4.c (handle_v4): more error checking and more correct
- 	error messages
-
-	* server.c (v5_loop, kadmind_loop): more error checking and more
- 	correct error messages
-
-1999-07-24  Assar Westerlund  <assar@sics.se>
-
-	* util.c (str2timeval, edit_time): functions for parsing and
- 	editing times.  Based on patches from Love <lha@stacken.kth.se>.
-	(edit_entry): call new functions
-
-	* mod.c (mod_entry): allow modifying expiration times
-
-	* kadmin_locl.h (str2timeval): add prototype
-
-	* ank.c (add_one_principal): allow setting expiration times
-
-1999-07-03  Assar Westerlund  <assar@sics.se>
-
-	* server.c (v5_loop): handle data allocation with krb5_data_alloc
- 	and check return value
-
-1999-06-23  Assar Westerlund  <assar@sics.se>
-
-	* version4.c (kadm_ser_cpw): read the key in the strange order
- 	it's sent
-
-	* util.c (edit_entry): look at default
-	(edit_time): always set mask even if value == 0
-
-	* kadmin_locl.h (edit_entry): update
-
-	* ank.c: make ank use the values of the default principal for
- 	prompting
-
-	* version4.c (values_to_ent): convert key data correctly
-
-1999-05-23  Assar Westerlund  <assar@sics.se>
-
-	* init.c (create_random_entry): more correct setting of mask
-
-1999-05-21  Assar Westerlund  <assar@sics.se>
-
-	* server.c (handle_v5): read sendauth version correctly.
-
-1999-05-14  Assar Westerlund  <assar@sics.se>
-
-	* version4.c (error_code): try to handle really old krb4
- 	distributions
-
-1999-05-11  Assar Westerlund  <assar@sics.se>
-
-	* init.c (init): initialize realm_max_life and realm_max_rlife
-
-1999-05-07  Assar Westerlund  <assar@sics.se>
-
-	* ank.c (add_new_key): initialize more variables
-
-1999-05-04  Assar Westerlund  <assar@sics.se>
-
-	* version4.c (kadm_ser_cpw): always allow a user to change her
- 	password
-	(kadm_ser_*): make logging work
-	clean-up and restructure
-	
-	* kadmin_locl.h (set_entry): add prototype
-
-	* kadmin.c (usage): update usage string
-
-	* init.c (init): new arguments realm-max-ticket-life and
- 	realm-max-renewable-life
-
-	* util.c (edit_time, edit_attributes): don't do anything if it's
- 	already set
-	(set_entry): new function
-
-	* ank.c (add_new_key): new options for setting max-ticket-life,
- 	max-renewable-life, and attributes
-
-	* server.c (v5_loop): remove unused variable
-
-	* kadmin_locl.h: add prototypes
-
-	* version4.c: re-insert krb_err.h and other miss
-
-	* server.c (kadmind_loop): break-up and restructure
-
-	* version4.c: add ACL checks more error code checks restructure
-	
-1999-05-03  Johan Danielsson  <joda@pdc.kth.se>
-
-	* load.c: check for (un-)encrypted keys
-
-	* dump.c: use hdb_print_entry
-	
-	* version4.c: version 4 support
-
-	* Makefile.am: link with krb4
-
-	* kadmin_locl.h: include <sys/un.h>
-
-	* server.c: move from lib/kadm5, and add basic support for krb4
-	kadmin protocol
-
-	* kadmind.c: move recvauth to kadmind_loop()
diff --git a/crypto/heimdal/kadmin/Makefile.am b/crypto/heimdal/kadmin/Makefile.am
deleted file mode 100644
index 323439a130d6..000000000000
--- a/crypto/heimdal/kadmin/Makefile.am
+++ /dev/null
@@ -1,94 +0,0 @@
-# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-AM_CPPFLAGS += $(INCLUDE_readline) $(INCLUDE_hcrypto) -I$(srcdir)/../lib/krb5
-
-sbin_PROGRAMS = kadmin
-
-libexec_PROGRAMS = kadmind
-
-SLC = $(top_builddir)/lib/sl/slc
-
-man_MANS = kadmin.8 kadmind.8
-
-noinst_PROGRAMS = add_random_users
-
-dist_kadmin_SOURCES =				\
-	ank.c					\
-	add_enctype.c				\
-	check.c					\
-	cpw.c					\
-	del.c					\
-	del_enctype.c				\
-	dump.c					\
-	ext.c					\
-	get.c					\
-	init.c					\
-	kadmin.c				\
-	load.c					\
-	mod.c					\
-	rename.c				\
-	stash.c					\
-	util.c					\
-	pw_quality.c				\
-	random_password.c			\
-	kadmin_locl.h
-
-nodist_kadmin_SOURCES =				\
-	kadmin-commands.c			\
-	kadmin-commands.h
-
-$(kadmin_OBJECTS): kadmin-commands.h
-
-CLEANFILES = kadmin-commands.h kadmin-commands.c
-
-kadmin-commands.c kadmin-commands.h: kadmin-commands.in
-	$(SLC) $(srcdir)/kadmin-commands.in
-
-kadmind_SOURCES =				\
-	kadmind.c				\
-	server.c				\
-	kadmin_locl.h				\
-	$(version4_c)				\
-	kadm_conn.c
-
-add_random_users_SOURCES = add-random-users.c
-
-test_util_SOURCES = test_util.c util.c
-
-TESTS = test_util
-
-check_PROGRAMS = $(TESTS)
-
-LDADD_common = \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(LIB_openldap) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken) \
-	$(DBLIB)
-
-kadmind_LDADD = $(top_builddir)/lib/kadm5/libkadm5srv.la \
-	$(LDADD_common) \
-	$(LIB_pidfile) \
-	$(LIB_dlopen)
-
-kadmin_LDADD = \
-	$(top_builddir)/lib/kadm5/libkadm5clnt.la \
-	$(top_builddir)/lib/kadm5/libkadm5srv.la \
-	$(top_builddir)/lib/sl/libsl.la \
-	$(LIB_readline) \
-	$(LDADD_common) \
-	$(LIB_dlopen)
-
-add_random_users_LDADD = \
-	$(top_builddir)/lib/kadm5/libkadm5clnt.la \
-	$(top_builddir)/lib/kadm5/libkadm5srv.la \
-	$(LDADD_common) \
-	$(LIB_dlopen)
-
-test_util_LDADD = $(kadmin_LDADD)
-
-EXTRA_DIST = $(man_MANS) kadmin-commands.in
diff --git a/crypto/heimdal/kadmin/Makefile.in b/crypto/heimdal/kadmin/Makefile.in
deleted file mode 100644
index 746cb48f664d..000000000000
--- a/crypto/heimdal/kadmin/Makefile.in
+++ /dev/null
@@ -1,1069 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common ChangeLog
-sbin_PROGRAMS = kadmin$(EXEEXT)
-libexec_PROGRAMS = kadmind$(EXEEXT)
-noinst_PROGRAMS = add_random_users$(EXEEXT)
-TESTS = test_util$(EXEEXT)
-check_PROGRAMS = $(am__EXEEXT_1)
-subdir = kadmin
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-am__EXEEXT_1 = test_util$(EXEEXT)
-am__installdirs = "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(sbindir)" \
-	"$(DESTDIR)$(man8dir)"
-libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-PROGRAMS = $(libexec_PROGRAMS) $(noinst_PROGRAMS) $(sbin_PROGRAMS)
-am_add_random_users_OBJECTS = add-random-users.$(OBJEXT)
-add_random_users_OBJECTS = $(am_add_random_users_OBJECTS)
-am__DEPENDENCIES_1 =
-am__DEPENDENCIES_2 = $(top_builddir)/lib/hdb/libhdb.la \
-	$(am__DEPENDENCIES_1) $(top_builddir)/lib/krb5/libkrb5.la \
-	$(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
-add_random_users_DEPENDENCIES =  \
-	$(top_builddir)/lib/kadm5/libkadm5clnt.la \
-	$(top_builddir)/lib/kadm5/libkadm5srv.la $(am__DEPENDENCIES_2) \
-	$(am__DEPENDENCIES_1)
-dist_kadmin_OBJECTS = ank.$(OBJEXT) add_enctype.$(OBJEXT) \
-	check.$(OBJEXT) cpw.$(OBJEXT) del.$(OBJEXT) \
-	del_enctype.$(OBJEXT) dump.$(OBJEXT) ext.$(OBJEXT) \
-	get.$(OBJEXT) init.$(OBJEXT) kadmin.$(OBJEXT) load.$(OBJEXT) \
-	mod.$(OBJEXT) rename.$(OBJEXT) stash.$(OBJEXT) util.$(OBJEXT) \
-	pw_quality.$(OBJEXT) random_password.$(OBJEXT)
-nodist_kadmin_OBJECTS = kadmin-commands.$(OBJEXT)
-kadmin_OBJECTS = $(dist_kadmin_OBJECTS) $(nodist_kadmin_OBJECTS)
-kadmin_DEPENDENCIES = $(top_builddir)/lib/kadm5/libkadm5clnt.la \
-	$(top_builddir)/lib/kadm5/libkadm5srv.la \
-	$(top_builddir)/lib/sl/libsl.la $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1)
-am_kadmind_OBJECTS = kadmind.$(OBJEXT) server.$(OBJEXT) \
-	kadm_conn.$(OBJEXT)
-kadmind_OBJECTS = $(am_kadmind_OBJECTS)
-kadmind_DEPENDENCIES = $(top_builddir)/lib/kadm5/libkadm5srv.la \
-	$(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1)
-am_test_util_OBJECTS = test_util.$(OBJEXT) util.$(OBJEXT)
-test_util_OBJECTS = $(am_test_util_OBJECTS)
-am__DEPENDENCIES_3 = $(top_builddir)/lib/kadm5/libkadm5clnt.la \
-	$(top_builddir)/lib/kadm5/libkadm5srv.la \
-	$(top_builddir)/lib/sl/libsl.la $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1)
-test_util_DEPENDENCIES = $(am__DEPENDENCIES_3)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-SOURCES = $(add_random_users_SOURCES) $(dist_kadmin_SOURCES) \
-	$(nodist_kadmin_SOURCES) $(kadmind_SOURCES) \
-	$(test_util_SOURCES)
-DIST_SOURCES = $(add_random_users_SOURCES) $(dist_kadmin_SOURCES) \
-	$(kadmind_SOURCES) $(test_util_SOURCES)
-man8dir = $(mandir)/man8
-MANS = $(man_MANS)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
-	$(INCLUDE_readline) $(INCLUDE_hcrypto) -I$(srcdir)/../lib/krb5
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-SLC = $(top_builddir)/lib/sl/slc
-man_MANS = kadmin.8 kadmind.8
-dist_kadmin_SOURCES = \
-	ank.c					\
-	add_enctype.c				\
-	check.c					\
-	cpw.c					\
-	del.c					\
-	del_enctype.c				\
-	dump.c					\
-	ext.c					\
-	get.c					\
-	init.c					\
-	kadmin.c				\
-	load.c					\
-	mod.c					\
-	rename.c				\
-	stash.c					\
-	util.c					\
-	pw_quality.c				\
-	random_password.c			\
-	kadmin_locl.h
-
-nodist_kadmin_SOURCES = \
-	kadmin-commands.c			\
-	kadmin-commands.h
-
-CLEANFILES = kadmin-commands.h kadmin-commands.c
-kadmind_SOURCES = \
-	kadmind.c				\
-	server.c				\
-	kadmin_locl.h				\
-	$(version4_c)				\
-	kadm_conn.c
-
-add_random_users_SOURCES = add-random-users.c
-test_util_SOURCES = test_util.c util.c
-LDADD_common = \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(LIB_openldap) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken) \
-	$(DBLIB)
-
-kadmind_LDADD = $(top_builddir)/lib/kadm5/libkadm5srv.la \
-	$(LDADD_common) \
-	$(LIB_pidfile) \
-	$(LIB_dlopen)
-
-kadmin_LDADD = \
-	$(top_builddir)/lib/kadm5/libkadm5clnt.la \
-	$(top_builddir)/lib/kadm5/libkadm5srv.la \
-	$(top_builddir)/lib/sl/libsl.la \
-	$(LIB_readline) \
-	$(LDADD_common) \
-	$(LIB_dlopen)
-
-add_random_users_LDADD = \
-	$(top_builddir)/lib/kadm5/libkadm5clnt.la \
-	$(top_builddir)/lib/kadm5/libkadm5srv.la \
-	$(LDADD_common) \
-	$(LIB_dlopen)
-
-test_util_LDADD = $(kadmin_LDADD)
-EXTRA_DIST = $(man_MANS) kadmin-commands.in
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps kadmin/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps kadmin/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-clean-checkPROGRAMS:
-	@list='$(check_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-install-libexecPROGRAMS: $(libexec_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)"
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(libexecdir)/$$f'"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(libexecdir)/$$f" || exit 1; \
-	  else :; fi; \
-	done
-
-uninstall-libexecPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f '$(DESTDIR)$(libexecdir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(libexecdir)/$$f"; \
-	done
-
-clean-libexecPROGRAMS:
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-
-clean-noinstPROGRAMS:
-	@list='$(noinst_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-install-sbinPROGRAMS: $(sbin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)"
-	@list='$(sbin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(sbindir)/$$f'"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(sbindir)/$$f" || exit 1; \
-	  else :; fi; \
-	done
-
-uninstall-sbinPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(sbin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f '$(DESTDIR)$(sbindir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(sbindir)/$$f"; \
-	done
-
-clean-sbinPROGRAMS:
-	@list='$(sbin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-add_random_users$(EXEEXT): $(add_random_users_OBJECTS) $(add_random_users_DEPENDENCIES) 
-	@rm -f add_random_users$(EXEEXT)
-	$(LINK) $(add_random_users_OBJECTS) $(add_random_users_LDADD) $(LIBS)
-kadmin$(EXEEXT): $(kadmin_OBJECTS) $(kadmin_DEPENDENCIES) 
-	@rm -f kadmin$(EXEEXT)
-	$(LINK) $(kadmin_OBJECTS) $(kadmin_LDADD) $(LIBS)
-kadmind$(EXEEXT): $(kadmind_OBJECTS) $(kadmind_DEPENDENCIES) 
-	@rm -f kadmind$(EXEEXT)
-	$(LINK) $(kadmind_OBJECTS) $(kadmind_LDADD) $(LIBS)
-test_util$(EXEEXT): $(test_util_OBJECTS) $(test_util_DEPENDENCIES) 
-	@rm -f test_util$(EXEEXT)
-	$(LINK) $(test_util_OBJECTS) $(test_util_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-man8: $(man8_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    8*) ;; \
-	    *) ext='8' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
-	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
-	done
-uninstall-man8:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    8*) ;; \
-	    *) ext='8' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
-	  rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-check-TESTS: $(TESTS)
-	@failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[	 ]'; \
-	srcdir=$(srcdir); export srcdir; \
-	list=' $(TESTS) '; \
-	if test -n "$$list"; then \
-	  for tst in $$list; do \
-	    if test -f ./$$tst; then dir=./; \
-	    elif test -f $$tst; then dir=; \
-	    else dir="$(srcdir)/"; fi; \
-	    if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xpass=`expr $$xpass + 1`; \
-		failed=`expr $$failed + 1`; \
-		echo "XPASS: $$tst"; \
-	      ;; \
-	      *) \
-		echo "PASS: $$tst"; \
-	      ;; \
-	      esac; \
-	    elif test $$? -ne 77; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xfail=`expr $$xfail + 1`; \
-		echo "XFAIL: $$tst"; \
-	      ;; \
-	      *) \
-		failed=`expr $$failed + 1`; \
-		echo "FAIL: $$tst"; \
-	      ;; \
-	      esac; \
-	    else \
-	      skip=`expr $$skip + 1`; \
-	      echo "SKIP: $$tst"; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    if test "$$xfail" -eq 0; then \
-	      banner="All $$all tests passed"; \
-	    else \
-	      banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
-	    fi; \
-	  else \
-	    if test "$$xpass" -eq 0; then \
-	      banner="$$failed of $$all tests failed"; \
-	    else \
-	      banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
-	    fi; \
-	  fi; \
-	  dashes="$$banner"; \
-	  skipped=""; \
-	  if test "$$skip" -ne 0; then \
-	    skipped="($$skip tests were not run)"; \
-	    test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$skipped"; \
-	  fi; \
-	  report=""; \
-	  if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
-	    report="Please report to $(PACKAGE_BUGREPORT)"; \
-	    test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$report"; \
-	  fi; \
-	  dashes=`echo "$$dashes" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  test -z "$$skipped" || echo "$$skipped"; \
-	  test -z "$$report" || echo "$$report"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	else :; fi
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
-	$(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-installdirs:
-	for dir in "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-checkPROGRAMS clean-generic clean-libexecPROGRAMS \
-	clean-libtool clean-noinstPROGRAMS clean-sbinPROGRAMS \
-	mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am: install-libexecPROGRAMS install-sbinPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man: install-man8
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-libexecPROGRAMS uninstall-man \
-	uninstall-sbinPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-uninstall-man: uninstall-man8
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-TESTS check-am \
-	check-local clean clean-checkPROGRAMS clean-generic \
-	clean-libexecPROGRAMS clean-libtool clean-noinstPROGRAMS \
-	clean-sbinPROGRAMS ctags dist-hook distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-data-hook install-dvi \
-	install-dvi-am install-exec install-exec-am install-exec-hook \
-	install-html install-html-am install-info install-info-am \
-	install-libexecPROGRAMS install-man install-man8 install-pdf \
-	install-pdf-am install-ps install-ps-am install-sbinPROGRAMS \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
-	pdf pdf-am ps ps-am tags uninstall uninstall-am uninstall-hook \
-	uninstall-libexecPROGRAMS uninstall-man uninstall-man8 \
-	uninstall-sbinPROGRAMS
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-$(kadmin_OBJECTS): kadmin-commands.h
-
-kadmin-commands.c kadmin-commands.h: kadmin-commands.in
-	$(SLC) $(srcdir)/kadmin-commands.in
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/kadmin/add-random-users.c b/crypto/heimdal/kadmin/add-random-users.c
deleted file mode 100644
index b7971434b25c..000000000000
--- a/crypto/heimdal/kadmin/add-random-users.c
+++ /dev/null
@@ -1,185 +0,0 @@
-/*
- * Copyright (c) 2000 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadmin_locl.h"
-
-RCSID("$Id: add-random-users.c 19213 2006-12-04 23:36:36Z lha $");
-
-#define WORDS_FILENAME "/usr/share/dict/words"
-
-#define NUSERS 1000
-
-#define WORDBUF_SIZE 65535
-
-static unsigned
-read_words (const char *filename, char ***ret_w)
-{
-    unsigned n, alloc;
-    FILE *f;
-    char buf[256];
-    char **w = NULL;
-    char *wbuf = NULL, *wptr = NULL, *wend = NULL;
-
-    f = fopen (filename, "r");
-    if (f == NULL)
-	err (1, "cannot open %s", filename);
-    alloc = n = 0;
-    while (fgets (buf, sizeof(buf), f) != NULL) {
-	size_t len;
-
-	buf[strcspn(buf, "\r\n")] = '\0';
-	if (n >= alloc) {
-	    alloc = max(alloc + 16, alloc * 2);
-	    w = erealloc (w, alloc * sizeof(char **));
-	}
-	len = strlen(buf);
-	if (wptr + len + 1 >= wend) {
-	    wptr = wbuf = emalloc (WORDBUF_SIZE);
-	    wend = wbuf + WORDBUF_SIZE;
-	}
-	memmove (wptr, buf, len + 1);
-	w[n++] = wptr;
-	wptr += len + 1;
-    }
-    if (n == 0)
-	errx(1, "%s is an empty file, no words to try", filename);
-    *ret_w = w;
-    return n;
-}
-
-static void
-add_user (krb5_context context, void *kadm_handle,
-	  unsigned nwords, char **words)
-{
-    kadm5_principal_ent_rec princ;
-    char name[64];
-    int r1, r2;
-    krb5_error_code ret;
-    int mask;
-
-    r1 = rand();
-    r2 = rand();
-
-    snprintf (name, sizeof(name), "%s%d", words[r1 % nwords], r2 % 1000);
-
-    mask = KADM5_PRINCIPAL;
-
-    memset(&princ, 0, sizeof(princ));
-    ret = krb5_parse_name(context, name, &princ.principal);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    ret = kadm5_create_principal (kadm_handle, &princ, mask, name);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_create_principal");
-    kadm5_free_principal_ent(kadm_handle, &princ);
-    printf ("%s\n", name);
-}
-
-static void
-add_users (const char *filename, unsigned n)
-{
-    krb5_error_code ret;
-    int i;
-    void *kadm_handle;
-    krb5_context context;
-    unsigned nwords;
-    char **words;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-    ret = kadm5_s_init_with_password_ctx(context, 
-					 KADM5_ADMIN_SERVICE,
-					 NULL,
-					 KADM5_ADMIN_SERVICE,
-					 NULL, 0, 0, 
-					 &kadm_handle);
-    if(ret)
-	krb5_err(context, 1, ret, "kadm5_init_with_password");
-
-    nwords = read_words (filename, &words);
-    
-    for (i = 0; i < n; ++i)
-	add_user (context, kadm_handle, nwords, words);
-    kadm5_destroy(kadm_handle);
-    krb5_free_context(context);
-}
-
-static int version_flag	= 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    { "version", 	0,   arg_flag, &version_flag },
-    { "help",		0,   arg_flag, &help_flag }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "[filename [n]]");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    int optidx = 0;
-    int n = NUSERS;
-    const char *filename = WORDS_FILENAME;
-
-    setprogname(argv[0]);
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    if (help_flag)
-	usage (0);
-    if (version_flag) {
-	print_version(NULL);
-	return 0;
-    }
-    srand (0);
-    argc -= optidx;
-    argv += optidx;
-
-    if (argc > 0) {
-	if (argc > 1)
-	    n = atoi(argv[1]);
-	filename = argv[0];
-    }
-
-    add_users (filename, n);
-    return 0;
-}
diff --git a/crypto/heimdal/kadmin/add_enctype.c b/crypto/heimdal/kadmin/add_enctype.c
deleted file mode 100644
index 65337e62c001..000000000000
--- a/crypto/heimdal/kadmin/add_enctype.c
+++ /dev/null
@@ -1,164 +0,0 @@
-/*
- * Copyright (c) 1999-2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadmin_locl.h"
-#include "kadmin-commands.h"
-
-RCSID("$Id: add_enctype.c 20287 2007-02-22 03:12:30Z lha $");
-
-/*
- * del_enctype principal enctypes...
- */
-
-int
-add_enctype(struct add_enctype_options*opt, int argc, char **argv)
-{
-    kadm5_principal_ent_rec princ;
-    krb5_principal princ_ent = NULL;
-    krb5_error_code ret;
-    const char *princ_name;
-    int i, j;
-    krb5_key_data *new_key_data;
-    int n_etypes;
-    krb5_enctype *etypes;
-
-    if (!opt->random_key_flag) {
-	krb5_warnx (context, "only random key is supported now");
-	return 0;
-    }
-
-    memset (&princ, 0, sizeof(princ));
-    princ_name = argv[0];
-    n_etypes   = argc - 1;
-    etypes     = malloc (n_etypes * sizeof(*etypes));
-    if (etypes == NULL) {
-	krb5_warnx (context, "out of memory");
-	return 0;
-    }
-    argv++;
-    for (i = 0; i < n_etypes; ++i) {
-	ret = krb5_string_to_enctype (context, argv[i], &etypes[i]);
-	if (ret) {
-	    krb5_warnx (context, "bad enctype \"%s\"", argv[i]);
-	    goto out2;
-	}
-    }
-
-    ret = krb5_parse_name(context, princ_name, &princ_ent);
-    if (ret) {
-	krb5_warn (context, ret, "krb5_parse_name %s", princ_name);
-	goto out2;
-    }
-
-    ret = kadm5_get_principal(kadm_handle, princ_ent, &princ,
-			      KADM5_PRINCIPAL | KADM5_KEY_DATA);
-    if (ret) {
-	krb5_free_principal (context, princ_ent);
-	krb5_warnx (context, "no such principal: %s", princ_name);
-	goto out2;
-    }
-
-    new_key_data   = malloc((princ.n_key_data + n_etypes)
-			    * sizeof(*new_key_data));
-    if (new_key_data == NULL) {
-	krb5_warnx (context, "out of memory");
-	goto out;
-    }
-
-    for (i = 0; i < princ.n_key_data; ++i) {
-	krb5_key_data *key = &princ.key_data[i];
-
-	for (j = 0; j < n_etypes; ++j) {
-	    if (etypes[j] == key->key_data_type[0]) {
-		krb5_warnx(context, "enctype %d already exists",
-			   (int)etypes[j]);
-		goto out;
-	    }
-	}
-	new_key_data[i] = *key;
-    }
-
-    for (i = 0; i < n_etypes; ++i) {
-	int n = princ.n_key_data + i;
-	krb5_keyblock keyblock;
-
-	memset(&new_key_data[n], 0, sizeof(new_key_data[n]));
-	new_key_data[n].key_data_ver = 2;
-	new_key_data[n].key_data_kvno = 0;
-
-	ret = krb5_generate_random_keyblock (context, etypes[i], &keyblock);
-	if (ret) {
-	    krb5_warnx(context, "genernate enctype %d failed", (int)etypes[i]);
-	    while (--i >= 0)
-		free(new_key_data[--n].key_data_contents[0]);
-	    goto out;
-	}
-
-	/* key */
-	new_key_data[n].key_data_type[0] = etypes[i];
-	new_key_data[n].key_data_contents[0] = malloc(keyblock.keyvalue.length);
-	if (new_key_data[n].key_data_contents[0] == NULL) {
-	    ret = ENOMEM;
-	    krb5_warn(context, ret, "out of memory");
-	    while (--i >= 0)
-		free(new_key_data[--n].key_data_contents[0]);
-	    goto out;
-	}
-	new_key_data[n].key_data_length[0]   = keyblock.keyvalue.length;
-	memcpy(new_key_data[n].key_data_contents[0],
-	       keyblock.keyvalue.data,
-	       keyblock.keyvalue.length);
-	krb5_free_keyblock_contents(context, &keyblock);
-
-	/* salt */
-	new_key_data[n].key_data_type[1]     = KRB5_PW_SALT;
-	new_key_data[n].key_data_length[1]   = 0;
-	new_key_data[n].key_data_contents[1] = NULL;
-
-    }
-
-    free (princ.key_data);
-    princ.n_key_data += n_etypes;
-    princ.key_data   = new_key_data;
-    new_key_data = NULL;
-
-    ret = kadm5_modify_principal (kadm_handle, &princ, KADM5_KEY_DATA);
-    if (ret)
-	krb5_warn(context, ret, "kadm5_modify_principal");
-out:
-    krb5_free_principal (context, princ_ent);
-    kadm5_free_principal_ent(kadm_handle, &princ);
-out2:
-    free (etypes);
-    return ret != 0;
-}
diff --git a/crypto/heimdal/kadmin/ank.c b/crypto/heimdal/kadmin/ank.c
deleted file mode 100644
index 7e7cfa8817e8..000000000000
--- a/crypto/heimdal/kadmin/ank.c
+++ /dev/null
@@ -1,266 +0,0 @@
-/*
- * Copyright (c) 1997-2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadmin_locl.h"
-#include "kadmin-commands.h"
-
-RCSID("$Id: ank.c 16658 2006-01-25 12:29:46Z lha $");
-
-/*
- * fetch the default principal corresponding to `princ'
- */
-
-static krb5_error_code
-get_default (kadm5_server_context *context,
-	     krb5_principal princ,
-	     kadm5_principal_ent_t default_ent)
-{
-    krb5_error_code ret;
-    krb5_principal def_principal;
-    krb5_realm *realm = krb5_princ_realm(context->context, princ);
-
-    ret = krb5_make_principal (context->context, &def_principal,
-			       *realm, "default", NULL);
-    if (ret)
-	return ret;
-    ret = kadm5_get_principal (context, def_principal, default_ent,
-			       KADM5_PRINCIPAL_NORMAL_MASK);
-    krb5_free_principal (context->context, def_principal);
-    return ret;
-}
-
-/*
- * Add the principal `name' to the database.
- * Prompt for all data not given by the input parameters.
- */
-
-static krb5_error_code
-add_one_principal (const char *name,
-		   int rand_key,
-		   int rand_password,
-		   int use_defaults, 
-		   char *password,
-		   krb5_key_data *key_data,
-		   const char *max_ticket_life,
-		   const char *max_renewable_life,
-		   const char *attributes,
-		   const char *expiration,
-		   const char *pw_expiration)
-{
-    krb5_error_code ret;
-    kadm5_principal_ent_rec princ, defrec;
-    kadm5_principal_ent_rec *default_ent = NULL;
-    krb5_principal princ_ent = NULL;
-    int mask = 0;
-    int default_mask = 0;
-    char pwbuf[1024];
-
-    memset(&princ, 0, sizeof(princ));
-    ret = krb5_parse_name(context, name, &princ_ent);
-    if (ret) {
-	krb5_warn(context, ret, "krb5_parse_name");
-	return ret;
-    }
-    princ.principal = princ_ent;
-    mask |= KADM5_PRINCIPAL;
-
-    ret = set_entry(context, &princ, &mask,
-		    max_ticket_life, max_renewable_life, 
-		    expiration, pw_expiration, attributes);
-    if (ret)
-	goto out;
-
-    default_ent = &defrec;
-    ret = get_default (kadm_handle, princ_ent, default_ent);
-    if (ret) {
-	default_ent  = NULL;
-	default_mask = 0;
-    } else {
-	default_mask = KADM5_ATTRIBUTES | KADM5_MAX_LIFE | KADM5_MAX_RLIFE |
-	    KADM5_PRINC_EXPIRE_TIME | KADM5_PW_EXPIRATION;
-    }
-
-    if(use_defaults) 
-	set_defaults(&princ, &mask, default_ent, default_mask);
-    else
-	if(edit_entry(&princ, &mask, default_ent, default_mask))
-	    goto out;
-    if(rand_key || key_data) {
-	princ.attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
-	mask |= KADM5_ATTRIBUTES;
-	random_password (pwbuf, sizeof(pwbuf));
-	password = pwbuf;
-    } else if (rand_password) {
-	random_password (pwbuf, sizeof(pwbuf));
-	password = pwbuf;
-    } else if(password == NULL) {
-	char *princ_name;
-	char *prompt;
-
-	krb5_unparse_name(context, princ_ent, &princ_name);
-	asprintf (&prompt, "%s's Password: ", princ_name);
-	free (princ_name);
-	ret = UI_UTIL_read_pw_string (pwbuf, sizeof(pwbuf), prompt, 1);
-	free (prompt);
-	if (ret) {
-	    krb5_set_error_string(context, "failed to verify password");
-	    ret = KRB5_LIBOS_BADPWDMATCH;
-	    goto out;
-	}
-	password = pwbuf;
-    }
-    
-    ret = kadm5_create_principal(kadm_handle, &princ, mask, password);
-    if(ret) {
-	krb5_warn(context, ret, "kadm5_create_principal");
-	goto out;
-    }
-    if(rand_key) {
-	krb5_keyblock *new_keys;
-	int n_keys, i;
-	ret = kadm5_randkey_principal(kadm_handle, princ_ent, 
-				      &new_keys, &n_keys);
-	if(ret){
-	    krb5_warn(context, ret, "kadm5_randkey_principal");
-	    n_keys = 0;
-	}
-	for(i = 0; i < n_keys; i++)
-	    krb5_free_keyblock_contents(context, &new_keys[i]);
-	if (n_keys > 0)
-	    free(new_keys);
-	kadm5_get_principal(kadm_handle, princ_ent, &princ, 
-			    KADM5_PRINCIPAL | KADM5_KVNO | KADM5_ATTRIBUTES);
-	princ.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX);
-	princ.kvno = 1;
-	kadm5_modify_principal(kadm_handle, &princ, 
-			       KADM5_ATTRIBUTES | KADM5_KVNO);
-	kadm5_free_principal_ent(kadm_handle, &princ);
-    } else if (key_data) {
-	ret = kadm5_chpass_principal_with_key (kadm_handle, princ_ent,
-					       3, key_data);
-	if (ret) {
-	    krb5_warn(context, ret, "kadm5_chpass_principal_with_key");
-	}
-	kadm5_get_principal(kadm_handle, princ_ent, &princ, 
-			    KADM5_PRINCIPAL | KADM5_ATTRIBUTES);
-	princ.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX);
-	kadm5_modify_principal(kadm_handle, &princ, KADM5_ATTRIBUTES);
-	kadm5_free_principal_ent(kadm_handle, &princ);
-    } else if (rand_password) {
-	char *princ_name;
-
-	krb5_unparse_name(context, princ_ent, &princ_name);
-	printf ("added %s with password \"%s\"\n", princ_name, password);
-	free (princ_name);
-    }
-out:
-    if (princ_ent)
-	krb5_free_principal (context, princ_ent);
-    if(default_ent)
-	kadm5_free_principal_ent (kadm_handle, default_ent);
-    if (password != NULL)
-	memset (password, 0, strlen(password));
-    return ret;
-}
-
-/*
- * parse the string `key_string' into `key', returning 0 iff succesful.
- */
-
-/*
- * the ank command
- */
-
-/*
- * Parse arguments and add all the principals.
- */
-
-int
-add_new_key(struct add_options *opt, int argc, char **argv)
-{
-    krb5_error_code ret = 0;
-    int i;
-    int num;
-    krb5_key_data key_data[3];
-    krb5_key_data *kdp = NULL;
-
-    num = 0;
-    if (opt->random_key_flag)
-	++num;
-    if (opt->random_password_flag)
-	++num;
-    if (opt->password_string)
-	++num;
-    if (opt->key_string)
-	++num;
-
-    if (num > 1) {
-	fprintf (stderr, "give only one of "
-		"--random-key, --random-password, --password, --key\n");
-	return 1;
-    }
-
-    if (opt->key_string) {
-	const char *error;
-
-	if (parse_des_key (opt->key_string, key_data, &error)) {
-	    fprintf (stderr, "failed parsing key \"%s\": %s\n", 
-		     opt->key_string, error);
-	    return 1;
-	}
-	kdp = key_data;
-    }
-
-    for(i = 0; i < argc; i++) {
-	ret = add_one_principal (argv[i], 
-				 opt->random_key_flag, 
-				 opt->random_password_flag,
-				 opt->use_defaults_flag, 
-				 opt->password_string,
-				 kdp,
-				 opt->max_ticket_life_string,
-				 opt->max_renewable_life_string,
-				 opt->attributes_string,
-				 opt->expiration_time_string,
-				 opt->pw_expiration_time_string);
-	if (ret) {
-	    krb5_warn (context, ret, "adding %s", argv[i]);
-	    break;
-	}
-    }
-    if (kdp) {
-	int16_t dummy = 3;
-	kadm5_free_key_data (kadm_handle, &dummy, key_data);
-    }
-    return ret != 0;
-}
diff --git a/crypto/heimdal/kadmin/check.c b/crypto/heimdal/kadmin/check.c
deleted file mode 100644
index bd4f270adb77..000000000000
--- a/crypto/heimdal/kadmin/check.c
+++ /dev/null
@@ -1,238 +0,0 @@
-/*
- * Copyright (c) 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/*
- * Check database for strange configurations on default principals
- */
-
-#include "kadmin_locl.h"
-#include "kadmin-commands.h"
-
-RCSID("$Id: check.c 20962 2007-06-07 05:09:24Z lha $");
-
-static int
-get_check_entry(const char *name, kadm5_principal_ent_rec *ent)
-{
-    krb5_error_code ret;
-    krb5_principal principal;
-
-    ret = krb5_parse_name(context, name, &principal);
-    if (ret) {
-	krb5_warn(context, ret, "krb5_unparse_name: %s", name);
-	return 1;
-    }
-
-    memset(ent, 0, sizeof(*ent));
-    ret = kadm5_get_principal(kadm_handle, principal, ent, 0);
-    krb5_free_principal(context, principal);
-    if(ret)
-	return 1;
-
-    return 0;
-}
-
-
-static int
-do_check_entry(krb5_principal principal, void *data)
-{
-    krb5_error_code ret;
-    kadm5_principal_ent_rec princ;
-    char *name;
-    int i;
-    
-    ret = krb5_unparse_name(context, principal, &name);
-    if (ret)
-	return 1;
-
-    memset (&princ, 0, sizeof(princ));
-    ret = kadm5_get_principal(kadm_handle, principal, &princ,
-			      KADM5_PRINCIPAL | KADM5_KEY_DATA);
-    if(ret) {
-	krb5_warn(context, ret, "Failed to get principal: %s", name);
-	free(name);
-	return 0;
-    }
-
-    for (i = 0; i < princ.n_key_data; i++) {
-	size_t keysize;
-	ret = krb5_enctype_keysize(context, 
-				   princ.key_data[i].key_data_type[0],
-				   &keysize);
-	if (ret == 0 && keysize != princ.key_data[i].key_data_length[0]) {
-	    krb5_warnx(context,
-		       "Principal %s enctype %d, wrong length: %lu\n",
-		       name, princ.key_data[i].key_data_type[0],
-		       (unsigned long)princ.key_data[i].key_data_length);
-	}
-    }
-
-    free(name);
-    kadm5_free_principal_ent(kadm_handle, &princ);
-
-    return 0;
-}
-
-int
-check(void *opt, int argc, char **argv)
-{
-    kadm5_principal_ent_rec ent;
-    krb5_error_code ret;
-    char *realm = NULL, *p, *p2;
-    int found;
-
-    if (argc == 0) {
-	ret = krb5_get_default_realm(context, &realm);
-	if (ret) {
-	    krb5_warn(context, ret, "krb5_get_default_realm");
-	    goto fail;
-	}
-    } else {
-	realm = strdup(argv[0]);
-	if (realm == NULL) {
-	    krb5_warnx(context, "malloc");
-	    goto fail;
-	}
-    }
-
-    /*
-     * Check krbtgt/REALM@REALM
-     *
-     * For now, just check existance
-     */
-
-    if (asprintf(&p, "%s/%s@%s", KRB5_TGS_NAME, realm, realm) == -1) {
-	krb5_warn(context, errno, "asprintf");
-	goto fail;
-    }
-
-    ret = get_check_entry(p, &ent);
-    if (ret) {
-	printf("%s doesn't exist, are you sure %s is a realm in your database",
-	       p, realm);
-	free(p);
-	goto fail;
-    }
-    free(p);    
-
-    kadm5_free_principal_ent(kadm_handle, &ent);
-
-    /*
-     * Check kadmin/admin@REALM
-     */
-
-    if (asprintf(&p, "kadmin/admin@%s", realm) == -1) {
-	krb5_warn(context, errno, "asprintf");
-	goto fail;
-    }
-
-    ret = get_check_entry(p, &ent);
-    if (ret) {
-	printf("%s doesn't exist, "
-	       "there is no way to do remote administration", p);
-	free(p);
-	goto fail;
-    }
-    free(p);
-
-    kadm5_free_principal_ent(kadm_handle, &ent);
-
-    /*
-     * Check kadmin/changepw@REALM
-     */
-
-    if (asprintf(&p, "kadmin/changepw@%s", realm) == -1) {
-	krb5_warn(context, errno, "asprintf");
-	goto fail;
-    }
-
-    ret = get_check_entry(p, &ent);
-    if (ret) {
-	printf("%s doesn't exist, "
-	       "there is no way to do change password", p);
-	free(p);
-	goto fail;
-    }
-    free(p);
-
-    kadm5_free_principal_ent(kadm_handle, &ent);
-
-    /*
-     * Check for duplicate afs keys 
-     */
-
-    p2 = strdup(realm);
-    if (p2 == NULL) {
-	krb5_warn(context, errno, "malloc");
-	free(p);
-	goto fail;
-    }
-    strlwr(p2);
-
-    if (asprintf(&p, "afs/%s@%s", p2, realm) == -1) {
-	krb5_warn(context, errno, "asprintf");
-	free(p2);
-	goto fail;
-    }
-    free(p2);
-
-    ret = get_check_entry(p, &ent);
-    free(p);
-    if (ret == 0) {
-	kadm5_free_principal_ent(kadm_handle, &ent);
-	found = 1;
-    } else
-	found = 0;
-
-    if (asprintf(&p, "afs@%s", realm) == -1) {
-	krb5_warn(context, errno, "asprintf");
-	goto fail;
-    }
-
-    ret = get_check_entry(p, &ent);
-    free(p);
-    if (ret == 0) {
-	kadm5_free_principal_ent(kadm_handle, &ent);
-	if (found) {
-	    krb5_warnx(context, "afs@REALM and afs/cellname@REALM both exists");
-	    goto fail;
-	}
-    }
-
-    foreach_principal("*", do_check_entry, "check", NULL);
-
-    free(realm);
-    return 0;
-fail:
-    free(realm);
-    return 1;
-}
diff --git a/crypto/heimdal/kadmin/cpw.c b/crypto/heimdal/kadmin/cpw.c
deleted file mode 100644
index c5fa9ed3994c..000000000000
--- a/crypto/heimdal/kadmin/cpw.c
+++ /dev/null
@@ -1,184 +0,0 @@
-/*
- * Copyright (c) 1997 - 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadmin_locl.h"
-#include "kadmin-commands.h"
-
-RCSID("$Id: cpw.c 16755 2006-02-18 23:30:32Z lha $");
-
-struct cpw_entry_data {
-    int random_key;
-    int random_password;
-    char *password;
-    krb5_key_data *key_data;
-};
-
-static int
-set_random_key (krb5_principal principal)
-{
-    krb5_error_code ret;
-    int i;
-    krb5_keyblock *keys;
-    int num_keys;
-
-    ret = kadm5_randkey_principal(kadm_handle, principal, &keys, &num_keys);
-    if(ret)
-	return ret;
-    for(i = 0; i < num_keys; i++)
-	krb5_free_keyblock_contents(context, &keys[i]);
-    free(keys);
-    return 0;
-}
-
-static int
-set_random_password (krb5_principal principal)
-{
-    krb5_error_code ret;
-    char pw[128];
-
-    random_password (pw, sizeof(pw));
-    ret = kadm5_chpass_principal(kadm_handle, principal, pw);
-    if (ret == 0) {
-	char *princ_name;
-
-	krb5_unparse_name(context, principal, &princ_name);
-
-	printf ("%s's password set to \"%s\"\n", princ_name, pw);
-	free (princ_name);
-    }
-    memset (pw, 0, sizeof(pw));
-    return ret;
-}
-
-static int
-set_password (krb5_principal principal, char *password)
-{
-    krb5_error_code ret = 0;
-    char pwbuf[128];
-
-    if(password == NULL) {
-	char *princ_name;
-	char *prompt;
-
-	krb5_unparse_name(context, principal, &princ_name);
-	asprintf(&prompt, "%s's Password: ", princ_name);
-	free (princ_name);
-	ret = UI_UTIL_read_pw_string(pwbuf, sizeof(pwbuf), prompt, 1);
-	free (prompt);
-	if(ret){
-	    return 0; /* XXX error code? */
-	}
-	password = pwbuf;
-    }
-    if(ret == 0)
-	ret = kadm5_chpass_principal(kadm_handle, principal, password);
-    memset(pwbuf, 0, sizeof(pwbuf));
-    return ret;
-}
-
-static int
-set_key_data (krb5_principal principal, krb5_key_data *key_data)
-{
-    krb5_error_code ret;
-
-    ret = kadm5_chpass_principal_with_key (kadm_handle, principal,
-					   3, key_data);
-    return ret;
-}
-
-static int
-do_cpw_entry(krb5_principal principal, void *data)
-{
-    struct cpw_entry_data *e = data;
-    
-    if (e->random_key)
-	return set_random_key (principal);
-    else if (e->random_password)
-	return set_random_password (principal);
-    else if (e->key_data)
-	return set_key_data (principal, e->key_data);
-    else
-	return set_password (principal, e->password);
-}
-
-int
-cpw_entry(struct passwd_options *opt, int argc, char **argv)
-{
-    krb5_error_code ret = 0;
-    int i;
-    struct cpw_entry_data data;
-    int num;
-    krb5_key_data key_data[3];
-
-    data.random_key = opt->random_key_flag;
-    data.random_password = opt->random_password_flag;
-    data.password = opt->password_string;
-    data.key_data	 = NULL;
-
-    num = 0;
-    if (data.random_key)
-	++num;
-    if (data.random_password)
-	++num;
-    if (data.password)
-	++num;
-    if (opt->key_string)
-	++num;
-
-    if (num > 1) {
-	fprintf (stderr, "give only one of "
-		"--random-key, --random-password, --password, --key\n");
-	return 1;
-    }
-	
-    if (opt->key_string) {
-	const char *error;
-
-	if (parse_des_key (opt->key_string, key_data, &error)) {
-	    fprintf (stderr, "failed parsing key \"%s\": %s\n", 
-		     opt->key_string, error);
-	    return 1;
-	}
-	data.key_data = key_data;
-    }
-
-    for(i = 0; i < argc; i++)
-	ret = foreach_principal(argv[i], do_cpw_entry, "cpw", &data);
-
-    if (data.key_data) {
-	int16_t dummy;
-	kadm5_free_key_data (kadm_handle, &dummy, key_data);
-    }
-
-    return ret != 0;
-}
diff --git a/crypto/heimdal/kadmin/del.c b/crypto/heimdal/kadmin/del.c
deleted file mode 100644
index a7db479135e6..000000000000
--- a/crypto/heimdal/kadmin/del.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 1997 - 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadmin_locl.h"
-#include "kadmin-commands.h"
-
-RCSID("$Id: del.c 16754 2006-02-18 23:29:43Z lha $");
-
-static int
-do_del_entry(krb5_principal principal, void *data)
-{
-    return kadm5_delete_principal(kadm_handle, principal);
-}
-
-int
-del_entry(void *opt, int argc, char **argv)
-{
-    int i;
-    krb5_error_code ret = 0;
-
-    for(i = 0; i < argc; i++) {
-	ret = foreach_principal(argv[i], do_del_entry, "del", NULL);
-	if (ret)
-	    break;
-    }
-    return ret != 0;
-}
diff --git a/crypto/heimdal/kadmin/del_enctype.c b/crypto/heimdal/kadmin/del_enctype.c
deleted file mode 100644
index 26921f2d42d6..000000000000
--- a/crypto/heimdal/kadmin/del_enctype.c
+++ /dev/null
@@ -1,123 +0,0 @@
-/*
- * Copyright (c) 1999-2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadmin_locl.h"
-#include "kadmin-commands.h"
-
-RCSID("$Id: del_enctype.c 16658 2006-01-25 12:29:46Z lha $");
-
-/*
- * del_enctype principal enctypes...
- */
-
-int
-del_enctype(void *opt, int argc, char **argv)
-{
-    kadm5_principal_ent_rec princ;
-    krb5_principal princ_ent = NULL;
-    krb5_error_code ret;
-    const char *princ_name;
-    int i, j, k;
-    krb5_key_data *new_key_data;
-    int n_etypes;
-    krb5_enctype *etypes;
-
-    memset (&princ, 0, sizeof(princ));
-    princ_name = argv[0];
-    n_etypes   = argc - 1;
-    etypes     = malloc (n_etypes * sizeof(*etypes));
-    if (etypes == NULL) {
-	krb5_warnx (context, "out of memory");
-	return 0;
-    }
-    argv++;
-    for (i = 0; i < n_etypes; ++i) {
-	ret = krb5_string_to_enctype (context, argv[i], &etypes[i]);
-	if (ret) {
-	    krb5_warnx (context, "bad enctype \"%s\"", argv[i]);
-	    goto out2;
-	}
-    }
-
-    ret = krb5_parse_name(context, princ_name, &princ_ent);
-    if (ret) {
-	krb5_warn (context, ret, "krb5_parse_name %s", princ_name);
-	goto out2;
-    }
-
-    ret = kadm5_get_principal(kadm_handle, princ_ent, &princ,
-			      KADM5_PRINCIPAL | KADM5_KEY_DATA);
-    if (ret) {
-	krb5_free_principal (context, princ_ent);
-	krb5_warnx (context, "no such principal: %s", princ_name);
-	goto out2;
-    }
-
-    new_key_data   = malloc(princ.n_key_data * sizeof(*new_key_data));
-    if (new_key_data == NULL) {
-	krb5_warnx (context, "out of memory");
-	goto out;
-    }
-
-    for (i = 0, j = 0; i < princ.n_key_data; ++i) {
-	krb5_key_data *key = &princ.key_data[i];
-	int docopy = 1;
-
-	for (k = 0; k < n_etypes; ++k)
-	    if (etypes[k] == key->key_data_type[0]) {
-		docopy = 0;
-		break;
-	    }
-	if (docopy) {
-	    new_key_data[j++] = *key;
-	} else {
-	    int16_t ignore = 1;
-
-	    kadm5_free_key_data (kadm_handle, &ignore, key);
-	}
-    }
-
-    free (princ.key_data);
-    princ.n_key_data = j;
-    princ.key_data   = new_key_data;
-
-    ret = kadm5_modify_principal (kadm_handle, &princ, KADM5_KEY_DATA);
-    if (ret)
-	krb5_warn(context, ret, "kadm5_modify_principal");
-out:
-    krb5_free_principal (context, princ_ent);
-    kadm5_free_principal_ent(kadm_handle, &princ);
-out2:
-    free (etypes);
-    return ret != 0;
-}
diff --git a/crypto/heimdal/kadmin/dump.c b/crypto/heimdal/kadmin/dump.c
deleted file mode 100644
index 97ec667ba6f2..000000000000
--- a/crypto/heimdal/kadmin/dump.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * Copyright (c) 1997-2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadmin_locl.h"
-#include "kadmin-commands.h"
-#include <kadm5/private.h>
-
-RCSID("$Id: dump.c 14518 2005-01-19 17:09:56Z lha $");
-
-extern int local_flag;
-
-int
-dump(struct dump_options *opt, int argc, char **argv)
-{
-    krb5_error_code ret;
-    FILE *f;
-    HDB *db = NULL;
-    
-    if(!local_flag) {
-	krb5_warnx(context, "dump is only available in local (-l) mode");
-	return 0;
-    }
-
-    db = _kadm5_s_get_db(kadm_handle);
-
-    if(argc == 0)
-	f = stdout;
-    else
-	f = fopen(argv[0], "w");
-    
-    if(f == NULL) {
-	krb5_warn(context, errno, "open: %s", argv[0]);
-	goto out;
-    }
-    ret = db->hdb_open(context, db, O_RDONLY, 0600);
-    if(ret) {
-	krb5_warn(context, ret, "hdb_open");
-	goto out;
-    }
-
-    hdb_foreach(context, db, opt->decrypt_flag ? HDB_F_DECRYPT : 0, 
-		hdb_print_entry, f);
-
-    db->hdb_close(context, db);
-out:
-    if(f && f != stdout)
-	fclose(f);
-    return 0;
-}
diff --git a/crypto/heimdal/kadmin/ext.c b/crypto/heimdal/kadmin/ext.c
deleted file mode 100644
index f80272f65f1d..000000000000
--- a/crypto/heimdal/kadmin/ext.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/*
- * Copyright (c) 1997 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadmin_locl.h"
-#include "kadmin-commands.h"
-
-RCSID("$Id: ext.c 16658 2006-01-25 12:29:46Z lha $");
-
-struct ext_keytab_data {
-    krb5_keytab keytab;
-};
-
-static int
-do_ext_keytab(krb5_principal principal, void *data)
-{
-    krb5_error_code ret;
-    kadm5_principal_ent_rec princ;
-    struct ext_keytab_data *e = data;
-    krb5_keytab_entry *keys = NULL;
-    krb5_keyblock *k = NULL;
-    int i, n_k;
-    
-    ret = kadm5_get_principal(kadm_handle, principal, &princ, 
-			      KADM5_PRINCIPAL|KADM5_KVNO|KADM5_KEY_DATA);
-    if(ret)
-	return ret;
-
-    if (princ.n_key_data) {
-	keys = malloc(sizeof(*keys) * princ.n_key_data);
-	if (keys == NULL) {
-	    kadm5_free_principal_ent(kadm_handle, &princ);
-	    krb5_clear_error_string(context);
-	    return ENOMEM;
-	}
-	for (i = 0; i < princ.n_key_data; i++) {
-	    krb5_key_data *kd = &princ.key_data[i];
-
-	    keys[i].principal = princ.principal;
-	    keys[i].vno = kd->key_data_kvno;
-	    keys[i].keyblock.keytype = kd->key_data_type[0];
-	    keys[i].keyblock.keyvalue.length = kd->key_data_length[0];
-	    keys[i].keyblock.keyvalue.data = kd->key_data_contents[0];
-	    keys[i].timestamp = time(NULL);
-	}
-
-	n_k = princ.n_key_data;
-    } else {
-	ret = kadm5_randkey_principal(kadm_handle, principal, &k, &n_k);
-	if (ret) {
-	    kadm5_free_principal_ent(kadm_handle, &princ);
-	    return ret;
-	}
-	keys = malloc(sizeof(*keys) * n_k);
-	if (keys == NULL) {
-	    kadm5_free_principal_ent(kadm_handle, &princ);
-	    krb5_clear_error_string(context);
-	    return ENOMEM;
-	}
-	for (i = 0; i < n_k; i++) {
-	    keys[i].principal = principal;
-	    keys[i].vno = princ.kvno + 1; /* XXX get entry again */
-	    keys[i].keyblock = k[i];
-	    keys[i].timestamp = time(NULL);
-	}
-    }
-
-    for(i = 0; i < n_k; i++) {
-	ret = krb5_kt_add_entry(context, e->keytab, &keys[i]);
-	if(ret)
-	    krb5_warn(context, ret, "krb5_kt_add_entry(%d)", i);
-    }
-
-    if (k) {
-	memset(k, 0, n_k * sizeof(*k));
-	free(k);
-    }
-    if (keys)
-	free(keys);
-    kadm5_free_principal_ent(kadm_handle, &princ);
-    return 0;
-}
-
-int
-ext_keytab(struct ext_keytab_options *opt, int argc, char **argv)
-{
-    krb5_error_code ret;
-    int i;
-    struct ext_keytab_data data;
-
-    if (opt->keytab_string == NULL)
-	ret = krb5_kt_default(context, &data.keytab);
-    else
-	ret = krb5_kt_resolve(context, opt->keytab_string, &data.keytab);
-
-    if(ret){
-	krb5_warn(context, ret, "krb5_kt_resolve");
-	return 1;
-    }
-
-    for(i = 0; i < argc; i++) {
-	ret = foreach_principal(argv[i], do_ext_keytab, "ext", &data);
-	if (ret)
-	    break;
-    }
-
-    krb5_kt_close(context, data.keytab);
-
-    return ret != 0;
-}
diff --git a/crypto/heimdal/kadmin/get.c b/crypto/heimdal/kadmin/get.c
deleted file mode 100644
index 6e09f916d4f9..000000000000
--- a/crypto/heimdal/kadmin/get.c
+++ /dev/null
@@ -1,498 +0,0 @@
-/*
- * Copyright (c) 1997-2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadmin_locl.h"
-#include "kadmin-commands.h"
-#include <parse_units.h>
-#include <rtbl.h>
-
-RCSID("$Id: get.c 21745 2007-07-31 16:11:25Z lha $");
-
-static struct field_name {
-    const char *fieldname;
-    unsigned int fieldvalue;
-    unsigned int subvalue;
-    uint32_t extra_mask;
-    const char *default_header;
-    const char *def_longheader;
-    unsigned int flags;
-} field_names[] = {
-    { "principal", KADM5_PRINCIPAL, 0, 0, "Principal", "Principal", 0 },
-    { "princ_expire_time", KADM5_PRINC_EXPIRE_TIME, 0, 0, "Expiration", "Principal expires", 0 },
-    { "pw_expiration", KADM5_PW_EXPIRATION, 0, 0, "PW-exp", "Password expires", 0 },
-    { "last_pwd_change", KADM5_LAST_PWD_CHANGE, 0, 0, "PW-change", "Last password change", 0 },
-    { "max_life", KADM5_MAX_LIFE, 0, 0, "Max life", "Max ticket life", 0 },
-    { "max_rlife", KADM5_MAX_RLIFE, 0, 0, "Max renew", "Max renewable life", 0 },
-    { "mod_time", KADM5_MOD_TIME, 0, 0, "Mod time", "Last modified", 0 },
-    { "mod_name", KADM5_MOD_NAME, 0, 0, "Modifier", "Modifier", 0 },
-    { "attributes", KADM5_ATTRIBUTES, 0, 0, "Attributes", "Attributes", 0 },
-    { "kvno", KADM5_KVNO, 0, 0, "Kvno", "Kvno", RTBL_ALIGN_RIGHT  },
-    { "mkvno", KADM5_MKVNO, 0, 0, "Mkvno", "Mkvno", RTBL_ALIGN_RIGHT },
-    { "last_success", KADM5_LAST_SUCCESS, 0, 0, "Last login", "Last successful login", 0 },
-    { "last_failed", KADM5_LAST_FAILED, 0, 0, "Last fail", "Last failed login", 0 },
-    { "fail_auth_count", KADM5_FAIL_AUTH_COUNT, 0, 0, "Fail count", "Failed login count", RTBL_ALIGN_RIGHT },
-    { "policy", KADM5_POLICY, 0, 0, "Policy", "Policy", 0 },
-    { "keytypes", KADM5_KEY_DATA, 0, KADM5_PRINCIPAL, "Keytypes", "Keytypes", 0 },
-    { "password", KADM5_TL_DATA, KRB5_TL_PASSWORD, KADM5_KEY_DATA, "Password", "Password", 0 },
-    { "pkinit-acl", KADM5_TL_DATA, KRB5_TL_PKINIT_ACL, 0, "PK-INIT ACL", "PK-INIT ACL", 0 },
-    { "aliases", KADM5_TL_DATA, KRB5_TL_ALIASES, 0, "Aliases", "Aliases", 0 },
-    { NULL }
-};
-
-struct field_info {
-    struct field_name *ff;
-    char *header;
-    struct field_info *next;
-};
-
-struct get_entry_data {
-    void (*format)(struct get_entry_data*, kadm5_principal_ent_t);
-    rtbl_t table;
-    uint32_t mask;
-    uint32_t extra_mask;
-    struct field_info *chead, **ctail;
-};
-
-static int
-add_column(struct get_entry_data *data, struct field_name *ff, const char *header)
-{
-    struct field_info *f = malloc(sizeof(*f));
-    if (f == NULL)
-	return ENOMEM;
-    f->ff = ff;
-    if(header)
-	f->header = strdup(header);
-    else
-	f->header = NULL;
-    f->next = NULL;
-    *data->ctail = f;
-    data->ctail = &f->next;
-    data->mask |= ff->fieldvalue;
-    data->extra_mask |= ff->extra_mask;
-    if(data->table != NULL)
-	rtbl_add_column_by_id(data->table, ff->fieldvalue, 
-			      header ? header : ff->default_header, ff->flags);
-    return 0;
-}
-
-/*
- * return 0 iff `salt' actually is the same as the current salt in `k'
- */
-
-static int
-cmp_salt (const krb5_salt *salt, const krb5_key_data *k)
-{
-    if (salt->salttype != k->key_data_type[1])
-	return 1;
-    if (salt->saltvalue.length != k->key_data_length[1])
-	return 1;
-    return memcmp (salt->saltvalue.data, k->key_data_contents[1],
-		   salt->saltvalue.length);
-}
-
-static void
-format_keytype(krb5_key_data *k, krb5_salt *def_salt, char *buf, size_t buf_len)
-{
-    krb5_error_code ret;
-    char *s;
-
-    ret = krb5_enctype_to_string (context,
-				  k->key_data_type[0],
-				  &s);
-    if (ret)
-	asprintf (&s, "unknown(%d)", k->key_data_type[0]);
-    strlcpy(buf, s, buf_len);
-    free(s);
-
-    strlcat(buf, "(", buf_len);
-
-    ret = krb5_salttype_to_string (context,
-				   k->key_data_type[0],
-				   k->key_data_type[1],
-				   &s);
-    if (ret)
-	asprintf (&s, "unknown(%d)", k->key_data_type[1]);
-    strlcat(buf, s, buf_len);
-    free(s);
-
-    if (cmp_salt(def_salt, k) == 0)
-	s = strdup("");
-    else if(k->key_data_length[1] == 0)
-	s = strdup("()");
-    else
-	asprintf (&s, "(%.*s)", k->key_data_length[1],
-		  (char *)k->key_data_contents[1]);
-    strlcat(buf, s, buf_len);
-    free(s);
-
-    strlcat(buf, ")", buf_len);
-}
-
-static void
-format_field(kadm5_principal_ent_t princ, unsigned int field, 
-	     unsigned int subfield, char *buf, size_t buf_len, int condensed)
-{
-    switch(field) {
-    case KADM5_PRINCIPAL:
-	if(condensed)
-	    krb5_unparse_name_fixed_short(context, princ->principal, buf, buf_len);
-	else
-	    krb5_unparse_name_fixed(context, princ->principal, buf, buf_len);
-	break;
-    
-    case KADM5_PRINC_EXPIRE_TIME:
-	time_t2str(princ->princ_expire_time, buf, buf_len, !condensed);
-	break;
-	    
-    case KADM5_PW_EXPIRATION:
-	time_t2str(princ->pw_expiration, buf, buf_len, !condensed);
-	break;
-	    
-    case KADM5_LAST_PWD_CHANGE:
-	time_t2str(princ->last_pwd_change, buf, buf_len, !condensed);
-	break;
-	    
-    case KADM5_MAX_LIFE:
-	deltat2str(princ->max_life, buf, buf_len);
-	break;
-	    
-    case KADM5_MAX_RLIFE:
-	deltat2str(princ->max_renewable_life, buf, buf_len);
-	break;
-	    
-    case KADM5_MOD_TIME:
-	time_t2str(princ->mod_date, buf, buf_len, !condensed);
-	break;
-
-    case KADM5_MOD_NAME:
-	if (princ->mod_name == NULL)
-	    strlcpy(buf, "unknown", buf_len);
-	else if(condensed)
-	    krb5_unparse_name_fixed_short(context, princ->mod_name, buf, buf_len);
-	else
-	    krb5_unparse_name_fixed(context, princ->mod_name, buf, buf_len);
-	break;
-    case KADM5_ATTRIBUTES:
-	attributes2str (princ->attributes, buf, buf_len);
-	break;
-    case KADM5_KVNO:
-	snprintf(buf, buf_len, "%d", princ->kvno);
-	break;
-    case KADM5_MKVNO:
-	snprintf(buf, buf_len, "%d", princ->mkvno);
-	break;
-    case KADM5_LAST_SUCCESS:
-	time_t2str(princ->last_success, buf, buf_len, !condensed);
-	break;
-    case KADM5_LAST_FAILED:
-	time_t2str(princ->last_failed, buf, buf_len, !condensed);
-	break;
-    case KADM5_FAIL_AUTH_COUNT:
-	snprintf(buf, buf_len, "%d", princ->fail_auth_count);
-	break;
-    case KADM5_POLICY:
-	if(princ->policy != NULL)
-	    strlcpy(buf, princ->policy, buf_len);
-	else
-	    strlcpy(buf, "none", buf_len);
-	break;
-    case KADM5_KEY_DATA:{
-	krb5_salt def_salt;
-	int i;
-	char buf2[1024];
-	krb5_get_pw_salt (context, princ->principal, &def_salt);
-
-	*buf = '\0';
-	for (i = 0; i < princ->n_key_data; ++i) {
-	    format_keytype(&princ->key_data[i], &def_salt, buf2, sizeof(buf2));
-	    if(i > 0)
-		strlcat(buf, ", ", buf_len);
-	    strlcat(buf, buf2, buf_len);
-	}
-	krb5_free_salt (context, def_salt);
-	break;
-    }
-    case KADM5_TL_DATA: {
-	krb5_tl_data *tl;
-
-	for (tl = princ->tl_data; tl != NULL; tl = tl->tl_data_next)
-	    if (tl->tl_data_type == subfield)
-		break;
-	if (tl == NULL) {
-	    strlcpy(buf, "", buf_len);
-	    break;
-	}
-
-	switch (subfield) {
-	case KRB5_TL_PASSWORD:
-	    snprintf(buf, buf_len, "\"%.*s\"",
-		     (int)tl->tl_data_length,
-		     (const char *)tl->tl_data_contents);
-	    break;
-	case KRB5_TL_PKINIT_ACL: {
-	    HDB_Ext_PKINIT_acl acl;
-	    size_t size;
-	    int i, ret;
-
-	    ret = decode_HDB_Ext_PKINIT_acl(tl->tl_data_contents,
-					    tl->tl_data_length,
-					    &acl,
-					    &size);
-	    if (ret) {
-		snprintf(buf, buf_len, "failed to decode ACL");
-		break;
-	    }
-
-	    buf[0] = '\0';
-	    for (i = 0; i < acl.len; i++) {
-		strlcat(buf, "subject: ", buf_len);
-		strlcat(buf, acl.val[i].subject, buf_len);
-		if (acl.val[i].issuer) {
-		    strlcat(buf, " issuer:", buf_len);
-		    strlcat(buf, *acl.val[i].issuer, buf_len);
-		}
-		if (acl.val[i].anchor) {
-		    strlcat(buf, " anchor:", buf_len);
-		    strlcat(buf, *acl.val[i].anchor, buf_len);
-		}
-		if (i + 1 < acl.len)
-		    strlcat(buf, ", ", buf_len);
-	    }
-	    free_HDB_Ext_PKINIT_acl(&acl);
-	    break;
-	}
-	case KRB5_TL_ALIASES: {
-	    HDB_Ext_Aliases alias;
-	    size_t size;
-	    int i, ret;
-
-	    ret = decode_HDB_Ext_Aliases(tl->tl_data_contents,
-					 tl->tl_data_length,
-					 &alias,
-					 &size);
-	    if (ret) {
-		snprintf(buf, buf_len, "failed to decode alias");
-		break;
-	    }
-	    buf[0] = '\0';
-	    for (i = 0; i < alias.aliases.len; i++) {
-		char *p;
-		ret = krb5_unparse_name(context, &alias.aliases.val[i], &p);
-		if (ret)
-		    break;
-		if (i < 0)
-		    strlcat(buf, " ", buf_len);
-		strlcat(buf, p, buf_len);
-		free(p);
-	    }
-	    free_HDB_Ext_Aliases(&alias);
-	    break;
-	}
-	default:
-	    snprintf(buf, buf_len, "unknown type %d", subfield);
-	    break;
-	}
-	break;
-    }
-    default:
-	strlcpy(buf, "<unknown>", buf_len);
-	break;
-    }
-}
-
-static void
-print_entry_short(struct get_entry_data *data, kadm5_principal_ent_t princ)
-{
-    char buf[1024];
-    struct field_info *f;
-    
-    for(f = data->chead; f != NULL; f = f->next) {
-	format_field(princ, f->ff->fieldvalue, f->ff->subvalue, buf, sizeof(buf), 1);
-	rtbl_add_column_entry_by_id(data->table, f->ff->fieldvalue, buf);
-    }
-}
-
-static void
-print_entry_long(struct get_entry_data *data, kadm5_principal_ent_t princ)
-{
-    char buf[1024];
-    struct field_info *f;
-    int width = 0;
-    
-    for(f = data->chead; f != NULL; f = f->next) {
-	int w = strlen(f->header ? f->header : f->ff->def_longheader);
-	if(w > width)
-	    width = w;
-    }
-    for(f = data->chead; f != NULL; f = f->next) {
-	format_field(princ, f->ff->fieldvalue, f->ff->subvalue, buf, sizeof(buf), 0);
-	printf("%*s: %s\n", width, f->header ? f->header : f->ff->def_longheader, buf);
-    }
-    printf("\n");
-}
-
-static int
-do_get_entry(krb5_principal principal, void *data)
-{
-    kadm5_principal_ent_rec princ;
-    krb5_error_code ret;
-    struct get_entry_data *e = data;
-    
-    memset(&princ, 0, sizeof(princ));
-    ret = kadm5_get_principal(kadm_handle, principal, 
-			      &princ,
-			      e->mask | e->extra_mask);
-    if(ret)
-	return ret;
-    else {
-	(e->format)(e, &princ);
-	kadm5_free_principal_ent(kadm_handle, &princ);
-    }
-    return 0;
-}
-
-static void
-free_columns(struct get_entry_data *data)
-{
-    struct field_info *f, *next;
-    for(f = data->chead; f != NULL; f = next) {
-	free(f->header);
-	next = f->next;
-	free(f);
-    }
-    data->chead = NULL;
-    data->ctail = &data->chead;
-}
-
-static int
-setup_columns(struct get_entry_data *data, const char *column_info)
-{
-    char buf[1024], *q;
-    char *field, *header;
-    struct field_name *f;
-
-    while(strsep_copy(&column_info, ",", buf, sizeof(buf)) != -1) {
-	q = buf;
-	field = strsep(&q, "=");
-	header = strsep(&q, "=");
-	for(f = field_names; f->fieldname != NULL; f++) {
-	    if(strcasecmp(field, f->fieldname) == 0) {
-		add_column(data, f, header);
-		break;
-	    }
-	}
-	if(f->fieldname == NULL) {
-	    krb5_warnx(context, "unknown field name \"%s\"", field);
-	    free_columns(data);
-	    return -1;
-	}
-    }
-    return 0;
-}
-
-#define DEFAULT_COLUMNS_SHORT "principal,princ_expire_time,pw_expiration,last_pwd_change,max_life,max_rlife"
-#define DEFAULT_COLUMNS_LONG "principal,princ_expire_time,pw_expiration,last_pwd_change,max_life,max_rlife,kvno,mkvno,last_success,last_failed,fail_auth_count,mod_time,mod_name,attributes,keytypes,pkinit-acl,aliases"
-#define DEFAULT_COLUMNS_TERSE "principal="
-
-static int
-getit(struct get_options *opt, const char *name, int argc, char **argv)
-{
-    int i;
-    krb5_error_code ret;
-    struct get_entry_data data;
-    
-    if(opt->long_flag == -1 && (opt->short_flag == 1 || opt->terse_flag == 1))
-	opt->long_flag = 0;
-    if(opt->short_flag == -1 && (opt->long_flag == 1 || opt->terse_flag == 1))
-	opt->short_flag = 0;
-    if(opt->terse_flag == -1 && (opt->long_flag == 1 || opt->short_flag == 1))
-	opt->terse_flag = 0;
-    if(opt->long_flag == 0 && opt->short_flag == 0 && opt->terse_flag == 0)
-	opt->short_flag = 1;
-
-    data.table = NULL;
-    data.chead = NULL;
-    data.ctail = &data.chead;
-    data.mask = 0;
-    data.extra_mask = 0;
-
-    if(opt->short_flag || opt->terse_flag) {
-	data.table = rtbl_create();
-	rtbl_set_separator(data.table, "  ");
-	data.format = print_entry_short;
-    } else
-	data.format = print_entry_long;
-    if(opt->column_info_string == NULL) {
-	if(opt->long_flag)
-	    ret = setup_columns(&data, DEFAULT_COLUMNS_LONG);
-	else if(opt->short_flag)
-	    ret = setup_columns(&data, DEFAULT_COLUMNS_SHORT);
-	else {
-	    ret = setup_columns(&data, DEFAULT_COLUMNS_TERSE);
-	    rtbl_set_flags(data.table, RTBL_HEADER_STYLE_NONE);
-	}
-    } else
-	ret = setup_columns(&data, opt->column_info_string);
-	
-    if(ret != 0) {
-	if(data.table != NULL)
-	    rtbl_destroy(data.table);
-	return 0;
-    }
-    
-    for(i = 0; i < argc; i++)
-	ret = foreach_principal(argv[i], do_get_entry, "get", &data);
-    
-    if(data.table != NULL) {
-	rtbl_format(data.table, stdout);
-	rtbl_destroy(data.table);
-    }
-    free_columns(&data);
-    return ret != 0;
-}
-
-int
-get_entry(struct get_options *opt, int argc, char **argv)
-{
-    return getit(opt, "get", argc, argv);
-}
-
-int
-list_princs(struct list_options *opt, int argc, char **argv)
-{
-    if(sizeof(struct get_options) != sizeof(struct list_options)) {
-	krb5_warnx(context, "programmer error: sizeof(struct get_options) != sizeof(struct list_options)");
-	return 0;
-    }
-    return getit((struct get_options*)opt, "list", argc, argv);
-}
diff --git a/crypto/heimdal/kadmin/init.c b/crypto/heimdal/kadmin/init.c
deleted file mode 100644
index 8b512f94f2d3..000000000000
--- a/crypto/heimdal/kadmin/init.c
+++ /dev/null
@@ -1,248 +0,0 @@
-/*
- * Copyright (c) 1997-2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadmin_locl.h"
-#include "kadmin-commands.h"
-#include <kadm5/private.h>
-
-RCSID("$Id: init.c 17447 2006-05-05 10:52:01Z lha $");
-
-static kadm5_ret_t
-create_random_entry(krb5_principal princ,
-		    unsigned max_life,
-		    unsigned max_rlife,
-		    uint32_t attributes)
-{
-    kadm5_principal_ent_rec ent;
-    kadm5_ret_t ret;
-    int mask = 0;
-    krb5_keyblock *keys;
-    int n_keys, i;
-    char *name;
-    const char *password;
-    char pwbuf[512];
-
-    random_password(pwbuf, sizeof(pwbuf));
-    password = pwbuf;
-
-    ret = krb5_unparse_name(context, princ, &name);
-    if (ret) {
-	krb5_warn(context, ret, "failed to unparse principal name");
-	return ret;
-    }
-
-    memset(&ent, 0, sizeof(ent));
-    ent.principal = princ;
-    mask |= KADM5_PRINCIPAL;
-    if (max_life) {
-	ent.max_life = max_life;
-	mask |= KADM5_MAX_LIFE;
-    }
-    if (max_rlife) {
-	ent.max_renewable_life = max_rlife;
-	mask |= KADM5_MAX_RLIFE;
-    }
-    ent.attributes |= attributes | KRB5_KDB_DISALLOW_ALL_TIX;
-    mask |= KADM5_ATTRIBUTES;
-
-    /* Create the entry with a random password */
-    ret = kadm5_create_principal(kadm_handle, &ent, mask, password);
-    if(ret) {
-	krb5_warn(context, ret, "create_random_entry(%s): randkey failed", 
-		  name);
-	goto out;
-    }
-    
-    /* Replace the string2key based keys with real random bytes */
-    ret = kadm5_randkey_principal(kadm_handle, princ, &keys, &n_keys);
-    if(ret) {
-	krb5_warn(context, ret, "create_random_entry*%s): randkey failed",
-		  name);
-	goto out;
-    }
-    for(i = 0; i < n_keys; i++)
-	krb5_free_keyblock_contents(context, &keys[i]);
-    free(keys);
-    ret = kadm5_get_principal(kadm_handle, princ, &ent, 
-			      KADM5_PRINCIPAL | KADM5_ATTRIBUTES);
-    if(ret) {
-	krb5_warn(context, ret, "create_random_entry(%s): "
-		  "unable to get principal", name);
-	goto out;
-    }
-    ent.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX);
-    ent.kvno = 1;
-    ret = kadm5_modify_principal(kadm_handle, &ent, 
-				 KADM5_ATTRIBUTES|KADM5_KVNO);
-    kadm5_free_principal_ent (kadm_handle, &ent);
-    if(ret) {
-	krb5_warn(context, ret, "create_random_entry(%s): "
-		  "unable to modify principal", name);
-	goto out;
-    }
- out:
-    free(name);
-    return ret;
-}
-
-extern int local_flag;
-
-int
-init(struct init_options *opt, int argc, char **argv)
-{
-    kadm5_ret_t ret;
-    int i;
-    HDB *db;
-    krb5_deltat max_life, max_rlife;
-
-    if(!local_flag) {
-	krb5_warnx(context, "init is only available in local (-l) mode");
-	return 0;
-    }
-
-    if (opt->realm_max_ticket_life_string) {
-	if (str2deltat (opt->realm_max_ticket_life_string, &max_life) != 0) {
-	    krb5_warnx (context, "unable to parse \"%s\"", 
-			opt->realm_max_ticket_life_string);
-	    return 0;
-	}
-    }
-    if (opt->realm_max_renewable_life_string) {
-	if (str2deltat (opt->realm_max_renewable_life_string, &max_rlife) != 0) {
-	    krb5_warnx (context, "unable to parse \"%s\"", 
-			opt->realm_max_renewable_life_string);
-	    return 0;
-	}
-    }
-
-    db = _kadm5_s_get_db(kadm_handle);
-
-    ret = db->hdb_open(context, db, O_RDWR | O_CREAT, 0600);
-    if(ret){
-	krb5_warn(context, ret, "hdb_open");
-	return 0;
-    }
-    db->hdb_close(context, db);
-    for(i = 0; i < argc; i++){
-	krb5_principal princ;
-	const char *realm = argv[i];
-
-	/* Create `krbtgt/REALM' */
-	ret = krb5_make_principal(context, &princ, realm,
-				  KRB5_TGS_NAME, realm, NULL);
-	if(ret)
-	    return 0;
-	if (opt->realm_max_ticket_life_string == NULL) {
-	    max_life = 0;
-	    if(edit_deltat ("Realm max ticket life", &max_life, NULL, 0)) {
-		krb5_free_principal(context, princ);
-		return 0;
-	    }
-	}
-	if (opt->realm_max_renewable_life_string == NULL) {
-	    max_rlife = 0;
-	    if(edit_deltat("Realm max renewable ticket life", &max_rlife,
-			   NULL, 0)) {
-		krb5_free_principal(context, princ);
-		return 0;
-	    }
-	}
-	create_random_entry(princ, max_life, max_rlife, 0);
-	krb5_free_principal(context, princ);
-
-	/* Create `kadmin/changepw' */
-	krb5_make_principal(context, &princ, realm, 
-			    "kadmin", "changepw", NULL);
-	/*
-	 * The Windows XP (at least) password changing protocol
-	 * request the `kadmin/changepw' ticket with `renewable_ok,
-	 * renewable, forwardable' and so fails if we disallow
-	 * forwardable here.
-	 */
-	create_random_entry(princ, 5*60, 5*60, 
-			    KRB5_KDB_DISALLOW_TGT_BASED|
-			    KRB5_KDB_PWCHANGE_SERVICE|
-			    KRB5_KDB_DISALLOW_POSTDATED|
-			    KRB5_KDB_DISALLOW_RENEWABLE|
-			    KRB5_KDB_DISALLOW_PROXIABLE|
-			    KRB5_KDB_REQUIRES_PRE_AUTH);
-	krb5_free_principal(context, princ);
-
-	/* Create `kadmin/admin' */
-	krb5_make_principal(context, &princ, realm, 
-			    "kadmin", "admin", NULL);
-	create_random_entry(princ, 60*60, 60*60, KRB5_KDB_REQUIRES_PRE_AUTH);
-	krb5_free_principal(context, princ);
-
-	/* Create `changepw/kerberos' (for v4 compat) */
-	krb5_make_principal(context, &princ, realm,
-			    "changepw", "kerberos", NULL);
-	create_random_entry(princ, 60*60, 60*60,
-			    KRB5_KDB_DISALLOW_TGT_BASED|
-			    KRB5_KDB_PWCHANGE_SERVICE);
-
-	krb5_free_principal(context, princ);
-
-	/* Create `kadmin/hprop' for database propagation */
-	krb5_make_principal(context, &princ, realm,
-			    "kadmin", "hprop", NULL);
-	create_random_entry(princ, 60*60, 60*60,
-			    KRB5_KDB_REQUIRES_PRE_AUTH|
-			    KRB5_KDB_DISALLOW_TGT_BASED);
-	krb5_free_principal(context, princ);
-
-	/* Create `default' */
-	{
-	    kadm5_principal_ent_rec ent;
-	    int mask = 0;
-
-	    memset (&ent, 0, sizeof(ent));
-	    mask |= KADM5_PRINCIPAL;
-	    krb5_make_principal(context, &ent.principal, realm,
-				"default", NULL);
-	    mask |= KADM5_MAX_LIFE;
-	    ent.max_life = 24 * 60 * 60;
-	    mask |= KADM5_MAX_RLIFE;
-	    ent.max_renewable_life = 7 * ent.max_life;
-	    ent.attributes = KRB5_KDB_DISALLOW_ALL_TIX;
-	    mask |= KADM5_ATTRIBUTES;
-
-	    ret = kadm5_create_principal(kadm_handle, &ent, mask, "");
-	    if (ret)
-		krb5_err (context, 1, ret, "kadm5_create_principal");
-
-	    krb5_free_principal(context, ent.principal);
-	}
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/kadmin/kadm_conn.c b/crypto/heimdal/kadmin/kadm_conn.c
deleted file mode 100644
index f2a0828ed859..000000000000
--- a/crypto/heimdal/kadmin/kadm_conn.c
+++ /dev/null
@@ -1,284 +0,0 @@
-/*
- * Copyright (c) 2000 - 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadmin_locl.h"
-#ifdef HAVE_SYS_WAIT_H
-#include <sys/wait.h>
-#endif
-
-RCSID("$Id: kadm_conn.c 16007 2005-09-01 18:49:57Z lha $");
-
-struct kadm_port {
-    char *port;
-    unsigned short def_port;
-    struct kadm_port *next;
-} *kadm_ports;
-
-static void
-add_kadm_port(krb5_context context, const char *service, unsigned int port)
-{
-    struct kadm_port *p;
-    p = malloc(sizeof(*p));
-    if(p == NULL) {
-	krb5_warnx(context, "failed to allocate %lu bytes\n", 
-		   (unsigned long)sizeof(*p));
-	return;
-    }
-    
-    p->port = strdup(service);
-    p->def_port = port;
-
-    p->next = kadm_ports;
-    kadm_ports = p;
-}
-
-static void
-add_standard_ports (krb5_context context)
-{
-    add_kadm_port(context, "kerberos-adm", 749);
-}
-
-/*
- * parse the set of space-delimited ports in `str' and add them.
- * "+" => all the standard ones
- * otherwise it's port|service[/protocol]
- */
-
-void
-parse_ports(krb5_context context, const char *str)
-{
-    char p[128];
-
-    while(strsep_copy(&str, " \t", p, sizeof(p)) != -1) {
-	if(strcmp(p, "+") == 0)
-	    add_standard_ports(context);
-	else
-	    add_kadm_port(context, p, 0);
-    }
-}
-
-static pid_t pgrp;
-sig_atomic_t term_flag, doing_useful_work;
-
-static RETSIGTYPE
-sigchld(int sig)
-{
-    int status;
-    waitpid(-1, &status, 0);
-    SIGRETURN(0);
-}
-
-static RETSIGTYPE
-terminate(int sig)
-{
-    if(getpid() == pgrp) {
-	/* parent */
-	term_flag = 1;
-	signal(sig, SIG_IGN);
-	killpg(pgrp, sig);
-    } else {
-	/* child */
-	if(doing_useful_work)
-	    term_flag = 1;
-	else
-	    exit(0);
-    }
-    SIGRETURN(0);
-}
-
-static int
-spawn_child(krb5_context context, int *socks, int num_socks, int this_sock)
-{
-    int e, i;
-    struct sockaddr_storage __ss;
-    struct sockaddr *sa = (struct sockaddr *)&__ss;
-    socklen_t sa_size = sizeof(__ss);
-    int s;
-    pid_t pid;
-    krb5_address addr;
-    char buf[128];
-    size_t buf_len;
-
-    s = accept(socks[this_sock], sa, &sa_size);
-    if(s < 0) {
-	krb5_warn(context, errno, "accept");
-	return 1;
-    }
-    e = krb5_sockaddr2address(context, sa, &addr);
-    if(e)
-	krb5_warn(context, e, "krb5_sockaddr2address");
-    else {
-	e = krb5_print_address (&addr, buf, sizeof(buf), 
-				&buf_len);
-	if(e) 
-	    krb5_warn(context, e, "krb5_print_address");
-	else
-	    krb5_warnx(context, "connection from %s", buf);
-	krb5_free_address(context, &addr);
-    }
-    
-    pid = fork();
-    if(pid == 0) {
-	for(i = 0; i < num_socks; i++)
-	    close(socks[i]);
-	dup2(s, STDIN_FILENO);
-	dup2(s, STDOUT_FILENO);
-	if(s != STDIN_FILENO && s != STDOUT_FILENO)
-	    close(s);
-	return 0;
-    } else {
-	close(s);
-    }
-    return 1;
-}
-
-static int
-wait_for_connection(krb5_context context,
-		    int *socks, int num_socks)
-{
-    int i, e;
-    fd_set orig_read_set, read_set;
-    int max_fd = -1;
-    
-    FD_ZERO(&orig_read_set);
-    
-    for(i = 0; i < num_socks; i++) {
-	if (socks[i] >= FD_SETSIZE)
-	    errx (1, "fd too large");
-	FD_SET(socks[i], &orig_read_set);
-	max_fd = max(max_fd, socks[i]);
-    }
-    
-    pgrp = getpid();
-
-    if(setpgid(0, pgrp) < 0)
-	err(1, "setpgid");
-
-    signal(SIGTERM, terminate);
-    signal(SIGINT, terminate);
-    signal(SIGCHLD, sigchld);
-
-    while (term_flag == 0) {
-	read_set = orig_read_set;
-	e = select(max_fd + 1, &read_set, NULL, NULL, NULL);
-	if(e < 0) {
-	    if(errno != EINTR)
-		krb5_warn(context, errno, "select");
-	} else if(e == 0)
-	    krb5_warnx(context, "select returned 0");
-	else {
-	    for(i = 0; i < num_socks; i++) {
-		if(FD_ISSET(socks[i], &read_set))
-		    if(spawn_child(context, socks, num_socks, i) == 0)
-			return 0;
-	    }
-	}
-    }
-    signal(SIGCHLD, SIG_IGN);
-    while(1) {
-	int status;
-	pid_t pid;
-	pid = waitpid(-1, &status, 0);
-	if(pid == -1 && errno == ECHILD)
-	    break;
-    }
-    exit(0);
-}
-
-
-int
-start_server(krb5_context context)
-{
-    int e;
-    struct kadm_port *p;
-
-    int *socks = NULL, *tmp;
-    int num_socks = 0;
-    int i;
-
-    for(p = kadm_ports; p; p = p->next) {
-	struct addrinfo hints, *ai, *ap;
-	char portstr[32];
-	memset (&hints, 0, sizeof(hints));
-	hints.ai_flags    = AI_PASSIVE;
-	hints.ai_socktype = SOCK_STREAM;
-
-	e = getaddrinfo(NULL, p->port, &hints, &ai);
-	if(e) {
-	    snprintf(portstr, sizeof(portstr), "%u", p->def_port);
-	    e = getaddrinfo(NULL, portstr, &hints, &ai);
-	}
-
-	if(e) {
-	    krb5_warn(context, krb5_eai_to_heim_errno(e, errno),
-		      "%s", portstr);
-	    continue;
-	}
-	i = 0;
-	for(ap = ai; ap; ap = ap->ai_next) 
-	    i++;
-	tmp = realloc(socks, (num_socks + i) * sizeof(*socks));
-	if(tmp == NULL) {
-	    krb5_warnx(context, "failed to reallocate %lu bytes", 
-		       (unsigned long)(num_socks + i) * sizeof(*socks));
-	    continue;
-	}
-	socks = tmp;
-	for(ap = ai; ap; ap = ap->ai_next) {
-	    int s = socket(ap->ai_family, ap->ai_socktype, ap->ai_protocol);
-	    if(s < 0) {
-		krb5_warn(context, errno, "socket");
-		continue;
-	    }
-
-	    socket_set_reuseaddr(s, 1);
-	    socket_set_ipv6only(s, 1);
-
-	    if (bind (s, ap->ai_addr, ap->ai_addrlen) < 0) {
-		krb5_warn(context, errno, "bind");
-		close(s);
-		continue;
-	    }
-	    if (listen (s, SOMAXCONN) < 0) {
-		krb5_warn(context, errno, "listen");
-		close(s);
-		continue;
-	    }
-	    socks[num_socks++] = s;
-	}
-	freeaddrinfo (ai);
-    }
-    if(num_socks == 0)
-	krb5_errx(context, 1, "no sockets to listen to - exiting");
-    return wait_for_connection(context, socks, num_socks);
-}
diff --git a/crypto/heimdal/kadmin/kadmin-commands.in b/crypto/heimdal/kadmin/kadmin-commands.in
deleted file mode 100644
index 019b99ce14bc..000000000000
--- a/crypto/heimdal/kadmin/kadmin-commands.in
+++ /dev/null
@@ -1,420 +0,0 @@
-/*
- * Copyright (c) 2004 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-/* $Id: kadmin-commands.in 21969 2007-10-18 18:51:11Z lha $ */
-
-command = {
-	name = "stash"
-	name = "kstash"
-	option = {
-		long = "enctype"
-		short = "e"
-		type = "string"
-		help = "encryption type"
-		default = "des3-cbc-sha1"
-	}
-	option = {
-		long = "key-file"
-		short = "k"
-		type = "string"
-		argument = "file"
-		help = "master key file"
-	}
-	option = {
-		long = "convert-file"
-		type = "flag"
-		help = "just convert keyfile to new format"
-	}
-	option = {
-		long = "master-key-fd"
-		type = "integer"
-		argument = "fd"
-		help = "filedescriptor to read passphrase from"
-		default = "-1"
-	}
-	help = "Writes the Kerberos master key to a file used by the KDC. \nLocal (-l) mode only."
-}
-command = {
-	name = "dump"
-	option = {
-		long = "decrypt"
-		short = "d"
-		type = "flag"
-		help = "decrypt keys"
-	}
-	argument = "[dump-file]"
-	min_args = "0"
-	max_args = "1"
-	help = "Dumps the database in a human readable format to the specified file, \nor the standard out. Local (-l) mode only."
-}
-
-command = {
-	name = "init"
-	option = {
-		long = "realm-max-ticket-life"
-		type = "string"
-		help = "realm max ticket lifetime"
-	}
-	option = {
-		long = "realm-max-renewable-life"
-		type = "string"
-		help = "realm max renewable lifetime"
-	}
-	argument = "realm..."
-	min_args = "1"
-	help = "Initializes the default principals for a realm. Creates the database\nif necessary. Local (-l) mode only."
-}
-command = {
-	name = "load"
-	argument = "file"
-	min_args = "1"
-	max_args = "1"
-	help = "Loads a previously dumped file. Local (-l) mode only."
-}
-command = {
-	name = "merge"
-	argument = "file"
-	min_args = "1"
-	max_args = "1"
-	help = "Merges the contents of a dump file into the database. Local (-l) mode only."
-}
-command = {
-	name = "add"
-	name = "ank"
-	name = "add_new_key"
-	function = "add_new_key"
-	option = {
-		long = "random-key"
-		short = "r"
-		type = "flag"
-		help = "set random key"
-	}
-	option = {
-		long = "random-password"
-		type = "flag"
-		help = "set random password"
-	}
-	option = {
-		long = "password"
-		short = "p"
-		type = "string"
-		help = "principal's password"
-	}
-	option = {
-		long = "key"
-		type = "string"
-		help = "DES-key in hex"
-	}
-	option = {
-		long = "max-ticket-life"
-		type = "string"
-		argument ="lifetime"
-		help = "max ticket lifetime"
-	}
-	option = {
-		long = "max-renewable-life"
-		type = "string"
-		argument = "lifetime"
-		help = "max renewable life"
-	}
-	option = {
-		long = "attributes"
-		type = "string"
-		argument = "attributes"
-		help = "principal attributes"
-	}
-	option = {
-		long = "expiration-time"
-		type = "string"
-		argument = "time"
-		help = "principal expiration time"
-	}
-	option = {
-		long = "pw-expiration-time"
-		type = "string"
-		argument = "time"
-		help = "password expiration time"
-	}
-	option = {
-		long = "use-defaults"
-		type = "flag"
-		help = "use default values"
-	}
-	argument = "principal..."
-	min_args = "1"
-	help = "Adds a principal to the database."
-}
-command = {
-	name = "passwd"
-	name = "cpw"
-	name = "change_password"
-	function = "cpw_entry"
-	option = {
-		long = "random-key"
-		short = "r"
-		type = "flag"
-		help = "set random key"
-	}
-	option = {
-		long = "random-password"
-		type = "flag"
-		help = "set random password"
-	}
-	option = {
-		long = "password"
-		short = "p"
-		type = "string"
-		help = "princial's password"
-	}
-	option = {
-		long = "key"
-		type = "string"
-		help = "DES key in hex"
-	}
-	argument = "principal..."
-	min_args = "1"
-	help = "Changes the password of one or more principals matching the expressions."
-}
-command = {
-	name = "delete"
-	name = "del"
-	name = "del_entry"
-	function = "del_entry"
-	argument = "principal..."
-	min_args = "1"
-	help = "Deletes all principals matching the expressions."
-}
-command = {
-	name = "del_enctype"
-	argument = "principal enctype..."
-	min_args = "2"
-	help = "Delete all the mentioned enctypes for principal."
-}
-command = {
-	name = "add_enctype"
-	option = {
-		long = "random-key"
-		short = "r"
-		type = "flag"
-		help = "set random key"
-	}
-	argument = "principal enctype..."
-	min_args = "2"
-	help = "Add new enctypes for principal."
-}
-command = {
-	name = "ext_keytab"
-	option = {
-		long = "keytab"
-		short = "k"
-		type = "string"
-		help = "keytab to use"
-	}
-	argument = "principal..."
-	min_args = "1"
-	help = "Extracts the keys of all principals matching the expressions, and stores them in a keytab." 
-}
-command = {
-	name = "get"
-	name = "get_entry"
-	function = "get_entry"
-	/* XXX sync options with "list" */
-	option = {
-		long = "long"
-		short = "l"
-		type = "flag"
-		help = "long format"
-		default = "-1"
-	}
-	option = {
-		long = "short"
-		short = "s"
-		type = "flag"
-		help = "short format"
-	}
-	option = {
-		long = "terse"
-		short = "t"
-		type = "flag"
-		help = "terse format"
-	}
-	option = {
-		long = "column-info"
-		short = "o"
-		type = "string"
-		help = "columns to print for short output"
-	}
-	argument = "principal..."
-	min_args = "1"
-	help = "Shows information about principals matching the expressions."
-}
-command = {
-	name = "rename"
-	function = "rename_entry"
-	argument = "from to"
-	min_args = "2"
-	max_args = "2"
-	help = "Renames a principal."
-}
-command = {
-	name = "modify"
-	function = "mod_entry"
-	option = {
-		long = "max-ticket-life"
-		type = "string"
-		argument ="lifetime"
-		help = "max ticket lifetime"
-	}
-	option = {
-		long = "max-renewable-life"
-		type = "string"
-		argument = "lifetime"
-		help = "max renewable life"
-	}
-	option = {
-		long = "attributes"
-		short = "a"
-		type = "string"
-		argument = "attributes"
-		help = "principal attributes"
-	}
-	option = {
-		long = "expiration-time"
-		type = "string"
-		argument = "time"
-		help = "principal expiration time"
-	}
-	option = {
-		long = "pw-expiration-time"
-		type = "string"
-		argument = "time"
-		help = "password expiration time"
-	}
-	option = {
-		long = "kvno"
-		type = "integer"
-		help = "key version number"
-		default = "-1"
-	}
-	option = {
-		long = "constrained-delegation"
-		type = "strings"
-		argument = "principal"
-		help = "allowed target principals"
-	}
-	option = {
-		long = "alias"
-		type = "strings"
-		argument = "principal"
-		help = "aliases"
-	}
-	option = {
-		long = "pkinit-acl"
-		type = "strings"
-		argument = "subject dn"
-		help = "aliases"
-	}
-	argument = "principal"
-	min_args = "1"
-	max_args = "1"
-	help = "Modifies some attributes of the specified principal."
-}
-command = {
-	name = "privileges"
-	name = "privs"
-	function = "get_privs"
-	help = "Shows which operations you are allowed to perform."
-}
-command = {
-	name = "list"
-	function = "list_princs"
-	/* XXX sync options with "get" */
-	option = {
-		long = "long"
-		short = "l"
-		type = "flag"
-		help = "long format"
-	}
-	option = {
-		long = "short"
-		short = "s"
-		type = "flag"
-		help = "short format"
-	}
-	option = {
-		long = "terse"
-		short = "t"
-		type = "flag"
-		help = "terse format"
-		default = "-1"
-	}
-	option = {
-		long = "column-info"
-		short = "o"
-		type = "string"
-		help = "columns to print for short output"
-	}
-	argument = "principal..."
-	min_args = "1"
-	help = "Lists principals in a terse format. Equivalent to \"get -t\"." 
-}
-command = {
-	name = "verify-password-quality"
-	name = "pwq"
-	function = "password_quality"
-	argument = "principal password"
-	min_args = "2"
-	max_args = "2"
-	help = "Try run the password quality function locally (not doing RPC out to server)."
-}
-command = {
-	name = "check"
-	function = "check"
-	argument = "[realm]"
-	min_args = "0"
-	max_args = "1"
-	help = "Check the realm (if not given, the default realm) for configuration errors."
-}
-command = {
-	name = "help"
-	name = "?"
-	argument = "[command]"
-	min_args = "0"
-	max_args = "1"
-	help = "Help! I need somebody."
-}
-command = {
-	name = "exit"
-	name = "quit"
-	function = "exit_kadmin"
-	help = "Quits."
-}
diff --git a/crypto/heimdal/kadmin/kadmin.8 b/crypto/heimdal/kadmin/kadmin.8
deleted file mode 100644
index 06fe3d09b262..000000000000
--- a/crypto/heimdal/kadmin/kadmin.8
+++ /dev/null
@@ -1,414 +0,0 @@
-.\" Copyright (c) 2000 - 2007 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: kadmin.8 21739 2007-07-31 15:55:32Z lha $
-.\"
-.Dd Feb  22, 2007
-.Dt KADMIN 8
-.Os HEIMDAL
-.Sh NAME
-.Nm kadmin
-.Nd Kerberos administration utility
-.Sh SYNOPSIS
-.Nm
-.Bk -words
-.Oo Fl p Ar string \*(Ba Xo
-.Fl -principal= Ns Ar string
-.Xc
-.Oc
-.Oo Fl K Ar string \*(Ba Xo
-.Fl -keytab= Ns Ar string
-.Xc
-.Oc
-.Oo Fl c Ar file \*(Ba Xo
-.Fl -config-file= Ns Ar file
-.Xc
-.Oc
-.Oo Fl k Ar file \*(Ba Xo
-.Fl -key-file= Ns Ar file
-.Xc
-.Oc
-.Oo Fl r Ar realm \*(Ba Xo
-.Fl -realm= Ns Ar realm
-.Xc
-.Oc
-.Oo Fl a Ar host \*(Ba Xo
-.Fl -admin-server= Ns Ar host
-.Xc
-.Oc
-.Oo Fl s Ar port number \*(Ba Xo
-.Fl -server-port= Ns Ar port number
-.Xc
-.Oc
-.Op Fl l | Fl -local
-.Op Fl h | Fl -help
-.Op Fl v | Fl -version
-.Op Ar command
-.Ek
-.Sh DESCRIPTION
-The
-.Nm
-program is used to make modifications to the Kerberos database, either remotely via the
-.Xr kadmind 8
-daemon, or locally (with the
-.Fl l
-option).
-.Pp
-Supported options:
-.Bl -tag -width Ds
-.It Xo
-.Fl p Ar string ,
-.Fl -principal= Ns Ar string
-.Xc
-principal to authenticate as
-.It Xo
-.Fl K Ar string ,
-.Fl -keytab= Ns Ar string
-.Xc
-keytab for authentication principal
-.It Xo
-.Fl c Ar file ,
-.Fl -config-file= Ns Ar file
-.Xc
-location of config file
-.It Xo
-.Fl k Ar file ,
-.Fl -key-file= Ns Ar file
-.Xc
-location of master key file
-.It Xo
-.Fl r Ar realm ,
-.Fl -realm= Ns Ar realm
-.Xc
-realm to use
-.It Xo
-.Fl a Ar host ,
-.Fl -admin-server= Ns Ar host
-.Xc
-server to contact
-.It Xo
-.Fl s Ar port number ,
-.Fl -server-port= Ns Ar port number
-.Xc
-port to use
-.It Xo
-.Fl l ,
-.Fl -local
-.Xc
-local admin mode
-.El
-.Pp
-If no
-.Ar command
-is given on the command line,
-.Nm
-will prompt for commands to process. Some of the commands that take
-one or more principals as argument
-.Ns ( Nm delete ,
-.Nm ext_keytab ,
-.Nm get ,
-.Nm modify ,
-and
-.Nm passwd )
-will accept a glob style wildcard, and perform the operation on all
-matching principals.
-.Pp
-Commands include:
-.\" not using a list here, since groff apparently gets confused
-.\" with nested Xo/Xc
-.Bd -ragged -offset indent
-.Nm add
-.Op Fl r | Fl -random-key
-.Op Fl -random-password
-.Oo Fl p Ar string \*(Ba Xo
-.Fl -password= Ns Ar string
-.Xc
-.Oc
-.Op Fl -key= Ns Ar string
-.Op Fl -max-ticket-life= Ns Ar lifetime
-.Op Fl -max-renewable-life= Ns Ar lifetime
-.Op Fl -attributes= Ns Ar attributes
-.Op Fl -expiration-time= Ns Ar time
-.Op Fl -pw-expiration-time= Ns Ar time
-.Ar principal...
-.Pp
-.Bd -ragged -offset indent
-Adds a new principal to the database. The options not passed on the
-command line will be promped for.
-.Ed
-.Pp
-.Nm add_enctype
-.Op Fl r | Fl -random-key
-.Ar principal enctypes...
-.Pp
-.Bd -ragged -offset indent
-Adds a new encryption type to the principal, only random key are
-supported.
-.Ed
-.Pp
-.Nm delete
-.Ar principal...
-.Pp
-.Bd -ragged -offset indent
-Removes a principal.
-.Ed
-.Pp
-.Nm del_enctype
-.Ar principal enctypes...
-.Pp
-.Bd -ragged -offset indent
-Removes some enctypes from a principal; this can be useful if the
-service belonging to the principal is known to not handle certain
-enctypes.
-.Ed
-.Pp
-.Nm ext_keytab
-.Oo Fl k Ar string \*(Ba Xo
-.Fl -keytab= Ns Ar string
-.Xc
-.Oc
-.Ar principal...
-.Pp
-.Bd -ragged -offset indent
-Creates a keytab with the keys of the specified principals.
-.Ed
-.Pp
-.Nm get
-.Op Fl l | Fl -long
-.Op Fl s | Fl -short
-.Op Fl t | Fl -terse
-.Op Fl o Ar string | Fl -column-info= Ns Ar string
-.Ar principal...
-.Pp
-.Bd -ragged -offset indent
-Lists the matching principals, short prints the result as a table,
-while long format produces a more verbose output. Which columns to
-print can be selected with the
-.Fl o
-option. The argument is a comma separated list of column names
-optionally appended with an equal sign
-.Pq Sq =
-and a column header. Which columns are printed by default differ
-slightly between short and long output.
-.Pp
-The default terse output format is similar to
-.Fl s o Ar principal= ,
-just printing the names of matched principals.
-.Pp
-Possible column names include:
-.Li principal ,
-.Li princ_expire_time ,
-.Li pw_expiration ,
-.Li last_pwd_change ,
-.Li max_life ,
-.Li max_rlife ,
-.Li mod_time ,
-.Li mod_name ,
-.Li attributes ,
-.Li kvno ,
-.Li mkvno ,
-.Li last_success ,
-.Li last_failed ,
-.Li fail_auth_count ,
-.Li policy ,
-and
-.Li keytypes .
-.Ed
-.Pp
-.Nm modify
-.Oo Fl a Ar attributes \*(Ba Xo
-.Fl -attributes= Ns Ar attributes
-.Xc
-.Oc
-.Op Fl -max-ticket-life= Ns Ar lifetime
-.Op Fl -max-renewable-life= Ns Ar lifetime
-.Op Fl -expiration-time= Ns Ar time
-.Op Fl -pw-expiration-time= Ns Ar time
-.Op Fl -kvno= Ns Ar number
-.Ar principal...
-.Pp
-.Bd -ragged -offset indent
-Modifies certain attributes of a principal. If run without command
-line options, you will be prompted. With command line options, it will
-only change the ones specified.
-.Pp
-Possible attributes are:
-.Li new-princ ,
-.Li support-desmd5 ,
-.Li pwchange-service ,
-.Li disallow-svr ,
-.Li requires-pw-change ,
-.Li requires-hw-auth ,
-.Li requires-pre-auth ,
-.Li disallow-all-tix ,
-.Li disallow-dup-skey ,
-.Li disallow-proxiable ,
-.Li disallow-renewable ,
-.Li disallow-tgt-based ,
-.Li disallow-forwardable ,
-.Li disallow-postdated
-.Pp
-Attributes may be negated with a "-", e.g., 
-.Pp 
-kadmin -l modify -a -disallow-proxiable user
-.Ed
-.Pp
-.Nm passwd
-.Op Fl r | Fl -random-key
-.Op Fl -random-password
-.Oo Fl p Ar string \*(Ba Xo
-.Fl -password= Ns Ar string
-.Xc
-.Oc
-.Op Fl -key= Ns Ar string
-.Ar principal...
-.Pp
-.Bd -ragged -offset indent
-Changes the password of an existing principal.
-.Ed
-.Pp
-.Nm password-quality
-.Ar principal
-.Ar password
-.Pp
-.Bd -ragged -offset indent
-Run the password quality check function locally.
-You can run this on the host that is configured to run the kadmind
-process to verify that your configuration file is correct.
-The verification is done locally, if kadmin is run in remote mode,
-no rpc call is done to the server.
-.Ed
-.Pp
-.Nm privileges
-.Pp
-.Bd -ragged -offset indent
-Lists the operations you are allowed to perform. These include
-.Li add ,
-.Li add_enctype ,
-.Li change-password ,
-.Li delete ,
-.Li del_enctype ,
-.Li get ,
-.Li list ,
-and
-.Li modify .
-.Ed
-.Pp
-.Nm rename
-.Ar from to
-.Pp
-.Bd -ragged -offset indent
-Renames a principal. This is normally transparent, but since keys are
-salted with the principal name, they will have a non-standard salt,
-and clients which are unable to cope with this will fail. Kerberos 4
-suffers from this.
-.Ed
-.Pp
-.Nm check
-.Op Ar realm
-.Pp
-.Bd -ragged -offset indent
-Check database for strange configurations on important principals. If
-no realm is given, the default realm is used.
-.Ed
-.Pp
-.Ed
-.Pp
-When running in local mode, the following commands can also be used:
-.Bd -ragged -offset indent
-.Nm dump
-.Op Fl d | Fl -decrypt
-.Op Ar dump-file
-.Pp
-.Bd -ragged -offset indent
-Writes the database in
-.Dq human readable
-form to the specified file, or standard out. If the database is
-encrypted, the dump will also have encrypted keys, unless
-.Fl -decrypt
-is used.
-.Ed
-.Pp
-.Nm init
-.Op Fl -realm-max-ticket-life= Ns Ar string
-.Op Fl -realm-max-renewable-life= Ns Ar string
-.Ar realm
-.Pp
-.Bd -ragged -offset indent
-Initializes the Kerberos database with entries for a new realm. It's
-possible to have more than one realm served by one server.
-.Ed
-.Pp
-.Nm load
-.Ar file
-.Pp
-.Bd -ragged -offset indent
-Reads a previously dumped database, and re-creates that database from
-scratch.
-.Ed
-.Pp
-.Nm merge
-.Ar file
-.Pp
-.Bd -ragged -offset indent
-Similar to
-.Nm load
-but just modifies the database with the entries in the dump file.
-.Ed
-.Pp
-.Nm stash
-.Oo Fl e Ar enctype \*(Ba Xo
-.Fl -enctype= Ns Ar enctype
-.Xc
-.Oc
-.Oo Fl k Ar keyfile \*(Ba Xo
-.Fl -key-file= Ns Ar keyfile
-.Xc
-.Oc
-.Op Fl -convert-file
-.Op Fl -master-key-fd= Ns Ar fd
-.Pp
-.Bd -ragged -offset indent
-Writes the Kerberos master key to a file used by the KDC.
-.Ed
-.Pp
-.Ed
-.\".Sh ENVIRONMENT
-.\".Sh FILES
-.\".Sh EXAMPLES
-.\".Sh DIAGNOSTICS
-.Sh SEE ALSO
-.Xr kadmind 8 ,
-.Xr kdc 8
-.\".Sh STANDARDS
-.\".Sh HISTORY
-.\".Sh AUTHORS
-.\".Sh BUGS
diff --git a/crypto/heimdal/kadmin/kadmin.c b/crypto/heimdal/kadmin/kadmin.c
deleted file mode 100644
index da9b894561d2..000000000000
--- a/crypto/heimdal/kadmin/kadmin.c
+++ /dev/null
@@ -1,284 +0,0 @@
-/*
- * Copyright (c) 1997 - 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadmin_locl.h"
-#include "kadmin-commands.h"
-#include <sl.h>
-
-RCSID("$Id: kadmin.c 22253 2007-12-09 06:00:00Z lha $");
-
-static char *config_file;
-static char *keyfile;
-int local_flag;
-static int ad_flag;
-static int help_flag;
-static int version_flag;
-static char *realm;
-static char *admin_server;
-static int server_port = 0;
-static char *client_name;
-static char *keytab;
-static char *check_library  = NULL;
-static char *check_function = NULL;
-static getarg_strings policy_libraries = { 0, NULL };
-
-static struct getargs args[] = {
-    {	"principal", 	'p',	arg_string,	&client_name,
-	"principal to authenticate as" },
-    {   "keytab",	'K',	arg_string,	&keytab,
-   	"keytab for authentication principal" },
-    { 
-	"config-file",	'c',	arg_string,	&config_file, 
-	"location of config file",	"file" 
-    },
-    {
-	"key-file",	'k',	arg_string, &keyfile, 
-	"location of master key file", "file"
-    },
-    {	
-	"realm",	'r',	arg_string,   &realm, 
-	"realm to use", "realm" 
-    },
-    {	
-	"admin-server",	'a',	arg_string,   &admin_server, 
-	"server to contact", "host" 
-    },
-    {	
-	"server-port",	's',	arg_integer,   &server_port, 
-	"port to use", "port number" 
-    },
-    {	"ad", 		0, arg_flag, &ad_flag, "active directory admin mode" },
-#ifdef HAVE_DLOPEN
-    { "check-library", 0, arg_string, &check_library, 
-      "library to load password check function from", "library" },
-    { "check-function", 0, arg_string, &check_function,
-      "password check function to load", "function" },
-    { "policy-libraries", 0, arg_strings, &policy_libraries,
-      "password check function to load", "function" },
-#endif
-    {	"local", 'l', arg_flag, &local_flag, "local admin mode" },
-    {	"help",		'h',	arg_flag,   &help_flag },
-    {	"version",	'v',	arg_flag,   &version_flag }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-
-krb5_context context;
-void *kadm_handle;
-
-int
-help(void *opt, int argc, char **argv)
-{
-    sl_slc_help(commands, argc, argv);
-    return 0;
-}
-
-static int exit_seen = 0;
-
-int
-exit_kadmin (void *opt, int argc, char **argv)
-{
-    exit_seen = 1;
-    return 0;
-}
-
-static void
-usage(int ret)
-{
-    arg_printusage (args, num_args, NULL, "[command]");
-    exit (ret);
-}
-
-int
-get_privs(void *opt, int argc, char **argv)
-{
-    uint32_t privs;
-    char str[128];
-    kadm5_ret_t ret;
-    
-    ret = kadm5_get_privs(kadm_handle, &privs);
-    if(ret)
-	krb5_warn(context, ret, "kadm5_get_privs");
-    else{
-	ret =_kadm5_privs_to_string(privs, str, sizeof(str));
-	printf("%s\n", str);
-    }
-    return 0;
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_error_code ret;
-    char **files;
-    kadm5_config_params conf;
-    int optidx = 0;
-    int exit_status = 0;
-
-    setprogname(argv[0]);
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-    
-    if(getarg(args, num_args, argc, argv, &optidx))
-	usage(1);
-
-    if (help_flag)
-	usage (0);
-
-    if (version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    if (config_file == NULL) {
-	asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context));
-	if (config_file == NULL)
-	    errx(1, "out of memory");
-    }
-
-    ret = krb5_prepend_config_files_default(config_file, &files);
-    if (ret)
-	krb5_err(context, 1, ret, "getting configuration files");
-    
-    ret = krb5_set_config_files(context, files);
-    krb5_free_config_files(files);
-    if(ret) 
-	krb5_err(context, 1, ret, "reading configuration files");
-    
-    memset(&conf, 0, sizeof(conf));
-    if(realm) {
-	krb5_set_default_realm(context, realm); /* XXX should be fixed
-						   some other way */
-	conf.realm = realm;
-	conf.mask |= KADM5_CONFIG_REALM;
-    }
-
-    if (admin_server) {
-	conf.admin_server = admin_server;
-	conf.mask |= KADM5_CONFIG_ADMIN_SERVER;
-    }
-
-    if (server_port) {
-	conf.kadmind_port = htons(server_port);
-	conf.mask |= KADM5_CONFIG_KADMIND_PORT;
-    }
-
-    if (keyfile) {
-	conf.stash_file = keyfile;
-	conf.mask |= KADM5_CONFIG_STASH_FILE;
-    }
-
-    if(local_flag) {
-	int i;
-
-	kadm5_setup_passwd_quality_check (context, 
-					  check_library, check_function);
-	
-	for (i = 0; i < policy_libraries.num_strings; i++) {
-	    ret = kadm5_add_passwd_quality_verifier(context, 
-						    policy_libraries.strings[i]);
-	    if (ret)
-		krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
-	}
-	ret = kadm5_add_passwd_quality_verifier(context, NULL);
-	if (ret)
-	    krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
-	
-	ret = kadm5_s_init_with_password_ctx(context, 
-					     KADM5_ADMIN_SERVICE,
-					     NULL,
-					     KADM5_ADMIN_SERVICE,
-					     &conf, 0, 0, 
-					     &kadm_handle);
-    } else if (ad_flag) {
-	if (client_name == NULL)
-	    krb5_errx(context, 1, "keytab mode require principal name");
-	ret = kadm5_ad_init_with_password_ctx(context,
-					      client_name,
-					      NULL,
-					      KADM5_ADMIN_SERVICE,
-					      &conf, 0, 0,
-					      &kadm_handle);
-    } else if (keytab) {
-	if (client_name == NULL)
-	    krb5_errx(context, 1, "keytab mode require principal name");
-        ret = kadm5_c_init_with_skey_ctx(context,
-					 client_name,
-					 keytab,
-					 KADM5_ADMIN_SERVICE,
-                                         &conf, 0, 0,
-                                         &kadm_handle);
-    } else
-	ret = kadm5_c_init_with_password_ctx(context, 
-					     client_name,
-					     NULL,
-					     KADM5_ADMIN_SERVICE,
-					     &conf, 0, 0, 
-					     &kadm_handle);
-    
-    if(ret)
-	krb5_err(context, 1, ret, "kadm5_init_with_password");
-
-    signal(SIGINT, SIG_IGN); /* ignore signals for now, the sl command
-                                parser will handle SIGINT its own way;
-                                we should really take care of this in
-                                each function, f.i `get' might be
-                                interruptable, but not `create' */
-    if (argc != 0) {
-	ret = sl_command (commands, argc, argv);
-	if(ret == -1)
-	    krb5_warnx (context, "unrecognized command: %s", argv[0]);
-	else if (ret == -2)
-	    ret = 0;
-	if(ret != 0)
-	    exit_status = 1;
-    } else {
-	while(!exit_seen) {
-	    ret = sl_command_loop(commands, "kadmin> ", NULL);
-	    if (ret == -2)
-		exit_seen = 1;
-	    else if (ret != 0)
-		exit_status = 1;
-	}
-    }
-
-    kadm5_destroy(kadm_handle);
-    krb5_free_context(context);
-    return exit_status;
-}
diff --git a/crypto/heimdal/kadmin/kadmin_locl.h b/crypto/heimdal/kadmin/kadmin_locl.h
deleted file mode 100644
index 7d0f77438a65..000000000000
--- a/crypto/heimdal/kadmin/kadmin_locl.h
+++ /dev/null
@@ -1,157 +0,0 @@
-/*
- * Copyright (c) 1997-2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* 
- * $Id: kadmin_locl.h 17580 2006-05-13 21:28:56Z lha $
- */
-
-#ifndef __ADMIN_LOCL_H__
-#define __ADMIN_LOCL_H__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#include <errno.h>
-#include <limits.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-#ifdef HAVE_NETINET6_IN6_H
-#include <netinet6/in6.h>
-#endif
-
-#ifdef HAVE_UTIL_H
-#include <util.h>
-#endif
-#ifdef HAVE_LIBUTIL_H
-#include <libutil.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef HAVE_SYS_UN_H
-#include <sys/un.h>
-#endif
-#include <err.h>
-#include <roken.h>
-#include <krb5.h>
-#include <krb5_locl.h>
-#include <hdb.h>
-#include <hdb_err.h>
-#include <hex.h>
-#include <kadm5/admin.h>
-#include <kadm5/private.h>
-#include <kadm5/kadm5_err.h>
-#include <parse_time.h>
-#include <getarg.h>
-
-extern krb5_context context;
-extern void * kadm_handle;
-
-#undef ALLOC
-#define ALLOC(X) ((X) = malloc(sizeof(*(X))))
-
-/* util.c */
-
-void attributes2str(krb5_flags, char *, size_t);
-int  str2attributes(const char *, krb5_flags *);
-int  parse_attributes (const char *, krb5_flags *, int *, int);
-int  edit_attributes (const char *, krb5_flags *, int *, int);
-
-void time_t2str(time_t, char *, size_t, int);
-int  str2time_t (const char *, time_t *);
-int  parse_timet (const char *, krb5_timestamp *, int *, int);
-int  edit_timet (const char *, krb5_timestamp *, int *,
-		 int);
-
-void deltat2str(unsigned, char *, size_t);
-int  str2deltat(const char *, krb5_deltat *);
-int  parse_deltat (const char *, krb5_deltat *, int *, int);
-int  edit_deltat (const char *, krb5_deltat *, int *, int);
-
-int edit_entry(kadm5_principal_ent_t, int *, kadm5_principal_ent_t, int);
-void set_defaults(kadm5_principal_ent_t, int *, kadm5_principal_ent_t, int);
-int set_entry(krb5_context, kadm5_principal_ent_t, int *,
-	      const char *, const char *, const char *,
-	      const char *, const char *);
-int
-foreach_principal(const char *, int (*)(krb5_principal, void*), 
-		  const char *, void *);
-
-int parse_des_key (const char *, krb5_key_data *, const char **);
-
-/* server.c */
-
-krb5_error_code
-kadmind_loop (krb5_context, krb5_auth_context, krb5_keytab, int);
-
-/* random_password.c */
-
-void
-random_password(char *, size_t);
-
-/* kadm_conn.c */
-
-extern sig_atomic_t term_flag, doing_useful_work;
-
-void parse_ports(krb5_context, const char*);
-int start_server(krb5_context);
-
-/* server.c */
-
-krb5_error_code
-kadmind_loop (krb5_context, krb5_auth_context, krb5_keytab, int);
-
-#endif /* __ADMIN_LOCL_H__ */
diff --git a/crypto/heimdal/kadmin/kadmind.8 b/crypto/heimdal/kadmin/kadmind.8
deleted file mode 100644
index 4715da9be664..000000000000
--- a/crypto/heimdal/kadmin/kadmind.8
+++ /dev/null
@@ -1,178 +0,0 @@
-.\" Copyright (c) 2002 - 2004 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: kadmind.8 14370 2004-12-08 17:20:21Z lha $
-.\"
-.Dd December  8, 2004
-.Dt KADMIND 8
-.Os HEIMDAL
-.Sh NAME
-.Nm kadmind
-.Nd "server for administrative access to Kerberos database"
-.Sh SYNOPSIS
-.Nm
-.Bk -words
-.Oo Fl c Ar file \*(Ba Xo
-.Fl -config-file= Ns Ar file
-.Xc
-.Oc
-.Oo Fl k Ar file \*(Ba Xo
-.Fl -key-file= Ns Ar file
-.Xc
-.Oc
-.Op Fl -keytab= Ns Ar keytab
-.Oo Fl r Ar realm \*(Ba Xo
-.Fl -realm= Ns Ar realm
-.Xc
-.Oc
-.Op Fl d | Fl -debug
-.Oo Fl p Ar port \*(Ba Xo
-.Fl -ports= Ns Ar port
-.Xc
-.Oc
-.Ek
-.Sh DESCRIPTION
-.Nm
-listens for requests for changes to the Kerberos database and performs
-these, subject to permissions.  When starting, if stdin is a socket it
-assumes that it has been started by
-.Xr inetd 8 ,
-otherwise it behaves as a daemon, forking processes for each new
-connection. The
-.Fl -debug
-option causes
-.Nm
-to accept exactly one connection, which is useful for debugging.
-.Pp
-The
-.Xr kpasswdd 8
-daemon is responsible for the Kerberos 5 password changing protocol
-(used by
-.Xr kpasswd 1 )
-.
-.Pp
-This daemon should only be run on the master server, and not on any
-slaves.
-.Pp
-Principals are always allowed to change their own password and list
-their own principal.  Apart from that, doing any operation requires
-permission explicitly added in the ACL file
-.Pa /var/heimdal/kadmind.acl .
-The format of this file is:
-.Bd -ragged
-.Va principal
-.Va rights
-.Op Va principal-pattern
-.Ed
-.Pp
-Where rights is any (comma separated) combination of:
-.Bl -bullet -compact
-.It
-change-password or cpw
-.It
-list
-.It
-delete
-.It
-modify
-.It
-add
-.It
-get
-.It
-all
-.El
-.Pp
-And the optional
-.Ar principal-pattern
-restricts the rights to operations on principals that match the
-glob-style pattern.
-.Pp
-Supported options:
-.Bl -tag -width Ds
-.It Xo
-.Fl c Ar file ,
-.Fl -config-file= Ns Ar file
-.Xc
-location of config file
-.It Xo
-.Fl k Ar file ,
-.Fl -key-file= Ns Ar file
-.Xc
-location of master key file
-.It Xo
-.Fl -keytab= Ns Ar keytab
-.Xc
-what keytab to use
-.It Xo
-.Fl r Ar realm ,
-.Fl -realm= Ns Ar realm
-.Xc
-realm to use
-.It Xo
-.Fl d ,
-.Fl -debug
-.Xc
-enable debugging
-.It Xo
-.Fl p Ar port ,
-.Fl -ports= Ns Ar port
-.Xc
-ports to listen to. By default, if run as a daemon, it listens to port
-749, but you can add any number of ports with this option. The port
-string is a whitespace separated list of port specifications, with the
-special string
-.Dq +
-representing the default port.
-.El
-.\".Sh ENVIRONMENT
-.Sh FILES
-.Pa /var/heimdal/kadmind.acl
-.Sh EXAMPLES
-This will cause
-.Nm
-to listen to port 4711 in addition to any
-compiled in defaults:
-.Pp
-.D1 Nm Fl -ports Ns Li "=\*[q]+ 4711\*[q] &"
-.Pp
-This acl file will grant Joe all rights, and allow Mallory to view and
-add host principals.
-.Bd -literal -offset indent
-joe/admin@EXAMPLE.COM      all
-mallory/admin@EXAMPLE.COM  add,get  host/*@EXAMPLE.COM
-.Ed
-.\".Sh DIAGNOSTICS
-.Sh SEE ALSO
-.Xr kpasswd 1 ,
-.Xr kadmin 8 ,
-.Xr kdc 8 ,
-.Xr kpasswdd 8
diff --git a/crypto/heimdal/kadmin/kadmind.c b/crypto/heimdal/kadmin/kadmind.c
deleted file mode 100644
index 4d1c2ecc2672..000000000000
--- a/crypto/heimdal/kadmin/kadmind.c
+++ /dev/null
@@ -1,187 +0,0 @@
-/*
- * Copyright (c) 1997-2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadmin_locl.h"
-
-RCSID("$Id: kadmind.c 22250 2007-12-09 05:57:31Z lha $");
-
-static char *check_library  = NULL;
-static char *check_function = NULL;
-static getarg_strings policy_libraries = { 0, NULL };
-static char *config_file;
-static char *keytab_str = "HDB:";
-static int help_flag;
-static int version_flag;
-static int debug_flag;
-static char *port_str;
-char *realm;
-
-static struct getargs args[] = {
-    { 
-	"config-file",	'c',	arg_string,	&config_file, 
-	"location of config file",	"file" 
-    },
-    {
-	"keytab",	0,	arg_string, &keytab_str,
-	"what keytab to use", "keytab"
-    },
-    {	"realm",	'r',	arg_string,   &realm, 
-	"realm to use", "realm" 
-    },
-#ifdef HAVE_DLOPEN
-    { "check-library", 0, arg_string, &check_library, 
-      "library to load password check function from", "library" },
-    { "check-function", 0, arg_string, &check_function,
-      "password check function to load", "function" },
-    { "policy-libraries", 0, arg_strings, &policy_libraries,
-      "password check function to load", "function" },
-#endif
-    {	"debug",	'd',	arg_flag,   &debug_flag, 
-	"enable debugging" 
-    },
-    {	"ports",	'p',	arg_string, &port_str, 
-	"ports to listen to", "port" },
-    {	"help",		'h',	arg_flag,   &help_flag },
-    {	"version",	'v',	arg_flag,   &version_flag }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-krb5_context context;
-
-static void
-usage(int ret)
-{
-    arg_printusage (args, num_args, NULL, "");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_error_code ret;
-    char **files;
-    int optidx = 0;
-    int e, i;
-    krb5_log_facility *logfacility;
-    krb5_keytab keytab;
-
-    setprogname(argv[0]);
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    while((e = getarg(args, num_args, argc, argv, &optidx)))
-	warnx("error at argument `%s'", argv[optidx]);
-
-    if (help_flag)
-	usage (0);
-
-    if (version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    if (config_file == NULL) {
-	asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context));
-	if (config_file == NULL)
-	    errx(1, "out of memory");
-    }
-    
-    ret = krb5_prepend_config_files_default(config_file, &files);
-    if (ret)
-	krb5_err(context, 1, ret, "getting configuration files");
-    
-    ret = krb5_set_config_files(context, files);
-    krb5_free_config_files(files);
-    if(ret) 
-	krb5_err(context, 1, ret, "reading configuration files");
-    
-    ret = krb5_openlog(context, "kadmind", &logfacility);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_openlog");
-    ret = krb5_set_warn_dest(context, logfacility);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_set_warn_dest");
-
-    ret = krb5_kt_register(context, &hdb_kt_ops);
-    if(ret)
-	krb5_err(context, 1, ret, "krb5_kt_register");
-
-    ret = krb5_kt_resolve(context, keytab_str, &keytab);
-    if(ret)
-	krb5_err(context, 1, ret, "krb5_kt_resolve");
-
-    kadm5_setup_passwd_quality_check (context, check_library, check_function);
-
-    for (i = 0; i < policy_libraries.num_strings; i++) {
-	ret = kadm5_add_passwd_quality_verifier(context, 
-						policy_libraries.strings[i]);
-	if (ret)
-	    krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
-    }
-    ret = kadm5_add_passwd_quality_verifier(context, NULL);
-    if (ret)
-	krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
-
-    {
-	int fd = 0;
-	struct sockaddr_storage __ss;
-	struct sockaddr *sa = (struct sockaddr *)&__ss;
-	socklen_t sa_size = sizeof(__ss);
-	krb5_auth_context ac = NULL;
-	int debug_port;
-
-	if(debug_flag) {
-	    if(port_str == NULL)
-		debug_port = krb5_getportbyname (context, "kerberos-adm", 
-						 "tcp", 749);
-	    else
-		debug_port = htons(atoi(port_str));
-	    mini_inetd(debug_port);
-	} else if(roken_getsockname(STDIN_FILENO, sa, &sa_size) < 0 && 
-		   errno == ENOTSOCK) {
-	    parse_ports(context, port_str ? port_str : "+");
-	    pidfile(NULL);
-	    start_server(context);
-	}
-	if(realm)
-	    krb5_set_default_realm(context, realm); /* XXX */
-	kadmind_loop(context, ac, keytab, fd);
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/kadmin/load.c b/crypto/heimdal/kadmin/load.c
deleted file mode 100644
index 30e6d93c0898..000000000000
--- a/crypto/heimdal/kadmin/load.c
+++ /dev/null
@@ -1,569 +0,0 @@
-/*
- * Copyright (c) 1997-2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadmin_locl.h"
-#include "kadmin-commands.h"
-#include <kadm5/private.h>
-
-RCSID("$Id: load.c 16658 2006-01-25 12:29:46Z lha $");
-
-struct entry {
-    char *principal;
-    char *key;
-    char *max_life;
-    char *max_renew;
-    char *created;
-    char *modified;
-    char *valid_start;
-    char *valid_end;
-    char *pw_end;
-    char *flags;
-    char *generation;
-    char *extensions;
-};
-
-static char *
-skip_next(char *p)
-{
-    while(*p && !isspace((unsigned char)*p)) 
-	p++;
-    *p++ = 0;
-    while(*p && isspace((unsigned char)*p))
-	p++;
-    return p;
-}
-
-/*
- * Parse the time in `s', returning:
- * -1 if error parsing
- * 0  if none  present
- * 1  if parsed ok
- */
-
-static int
-parse_time_string(time_t *t, const char *s)
-{
-    int year, month, date, hour, minute, second;
-    struct tm tm;
-
-    if(strcmp(s, "-") == 0)
-	return 0;
-    if(sscanf(s, "%04d%02d%02d%02d%02d%02d", 
-	      &year, &month, &date, &hour, &minute, &second) != 6)
-	return -1;
-    tm.tm_year  = year - 1900;
-    tm.tm_mon   = month - 1;
-    tm.tm_mday  = date;
-    tm.tm_hour  = hour;
-    tm.tm_min   = minute;
-    tm.tm_sec   = second;
-    tm.tm_isdst = 0;
-    *t = timegm(&tm);
-    return 1;
-}
-
-/*
- * parse time, allocating space in *t if it's there
- */
-
-static int
-parse_time_string_alloc (time_t **t, const char *s)
-{
-    time_t tmp;
-    int ret;
-
-    *t = NULL;
-    ret = parse_time_string (&tmp, s);
-    if (ret == 1) {
-	*t = malloc (sizeof (**t));
-	if (*t == NULL)
-	    krb5_errx (context, 1, "malloc: out of memory");
-	**t = tmp;
-    }
-    return ret;
-}
-
-/*
- * see parse_time_string for calling convention
- */
-
-static int
-parse_integer(unsigned int *u, const char *s)
-{
-    if(strcmp(s, "-") == 0)
-	return 0;
-    if (sscanf(s, "%u", u) != 1)
-	return -1;
-    return 1;
-}
-
-static int
-parse_integer_alloc (unsigned int **u, const char *s)
-{
-    unsigned int tmp;
-    int ret;
-
-    *u = NULL;
-    ret = parse_integer (&tmp, s);
-    if (ret == 1) {
-	*u = malloc (sizeof (**u));
-	if (*u == NULL)
-	    krb5_errx (context, 1, "malloc: out of memory");
-	**u = tmp;
-    }
-    return ret;
-}
-
-/*
- * Parse dumped keys in `str' and store them in `ent'
- * return -1 if parsing failed
- */
-
-static int
-parse_keys(hdb_entry *ent, char *str)
-{
-    krb5_error_code ret;
-    int tmp;
-    char *p;
-    int i;
-    
-    p = strsep(&str, ":");
-    if (sscanf(p, "%d", &tmp) != 1)
-	return 1;
-    ent->kvno = tmp;
-    p = strsep(&str, ":");
-    while(p){
-	Key *key;
-	key = realloc(ent->keys.val, 
-		      (ent->keys.len + 1) * sizeof(*ent->keys.val));
-	if(key == NULL)
-	    krb5_errx (context, 1, "realloc: out of memory");
-	ent->keys.val = key;
-	key = ent->keys.val + ent->keys.len;
-	ent->keys.len++;
-	memset(key, 0, sizeof(*key));
-	if(sscanf(p, "%d", &tmp) == 1) {
-	    key->mkvno = malloc(sizeof(*key->mkvno));
-	    *key->mkvno = tmp;
-	} else
-	    key->mkvno = NULL;
-	p = strsep(&str, ":");
-	if (sscanf(p, "%d", &tmp) != 1)
-	    return 1;
-	key->key.keytype = tmp;
-	p = strsep(&str, ":");
-	ret = krb5_data_alloc(&key->key.keyvalue, (strlen(p) - 1) / 2 + 1);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_data_alloc");
-	for(i = 0; i < strlen(p); i += 2) {
-	    if(sscanf(p + i, "%02x", &tmp) != 1)
-		return 1;
-	    ((u_char*)key->key.keyvalue.data)[i / 2] = tmp;
-	}
-	p = strsep(&str, ":");
-	if(strcmp(p, "-") != 0){
-	    unsigned type;
-	    size_t p_len;
-
-	    if(sscanf(p, "%u/", &type) != 1)
-		return 1;
-	    p = strchr(p, '/');
-	    if(p == NULL)
-		return 1;
-	    p++;
-	    p_len = strlen(p);
-
-	    key->salt = malloc(sizeof(*key->salt));
-	    if (key->salt == NULL)
-		krb5_errx (context, 1, "malloc: out of memory");
-	    key->salt->type = type;
-		
-	    if (p_len) {
-		if(*p == '\"') {
-		    ret = krb5_data_copy(&key->salt->salt, p + 1, p_len - 2);
-		    if (ret)
-			krb5_err (context, 1, ret, "krb5_data_copy");
-		} else {
-		    ret = krb5_data_alloc(&key->salt->salt,
-					  (p_len - 1) / 2 + 1);
-		    if (ret)
-			krb5_err (context, 1, ret, "krb5_data_alloc");
-		    for(i = 0; i < p_len; i += 2){
-			if (sscanf(p + i, "%02x", &tmp) != 1)
-			    return 1;
-			((u_char*)key->salt->salt.data)[i / 2] = tmp;
-		    }
-		}
-	    } else
-		krb5_data_zero (&key->salt->salt);
-	}
-	p = strsep(&str, ":");
-    }
-    return 0;
-}
-
-/*
- * see parse_time_string for calling convention
- */
-
-static int
-parse_event(Event *ev, char *s)
-{
-    krb5_error_code ret;
-    char *p;
-
-    if(strcmp(s, "-") == 0)
-	return 0;
-    memset(ev, 0, sizeof(*ev));
-    p = strsep(&s, ":");
-    if(parse_time_string(&ev->time, p) != 1)
-	return -1;
-    p = strsep(&s, ":");
-    ret = krb5_parse_name(context, p, &ev->principal);
-    if (ret)
-	return -1;
-    return 1;
-}
-
-static int
-parse_event_alloc (Event **ev, char *s)
-{
-    Event tmp;
-    int ret;
-
-    *ev = NULL;
-    ret = parse_event (&tmp, s);
-    if (ret == 1) {
-	*ev = malloc (sizeof (**ev));
-	if (*ev == NULL)
-	    krb5_errx (context, 1, "malloc: out of memory");
-	**ev = tmp;
-    }
-    return ret;
-}
-
-static int
-parse_hdbflags2int(HDBFlags *f, const char *s)
-{
-    int ret;
-    unsigned int tmp;
-
-    ret = parse_integer (&tmp, s);
-    if (ret == 1)
-	*f = int2HDBFlags (tmp);
-    return ret;
-}
-
-static int
-parse_generation(char *str, GENERATION **gen)
-{
-    char *p;
-    int v;
-
-    if(strcmp(str, "-") == 0 || *str == '\0') {
-	*gen = NULL;
-	return 0;
-    }
-    *gen = calloc(1, sizeof(**gen));
-
-    p = strsep(&str, ":");
-    if(parse_time_string(&(*gen)->time, p) != 1)
-	return -1;
-    p = strsep(&str, ":");
-    if(sscanf(p, "%d", &v) != 1)
-	return -1;
-    (*gen)->usec = v;
-    p = strsep(&str, ":");
-    if(sscanf(p, "%d", &v) != 1)
-	return -1;
-    (*gen)->gen = v - 1; /* XXX gets bumped in _hdb_store */
-    return 0;
-}
-
-static int
-parse_extensions(char *str, HDB_extensions **e)
-{
-    char *p;
-    int ret;
-
-    if(strcmp(str, "-") == 0 || *str == '\0') {
-	*e = NULL;
-	return 0;
-    }
-    *e = calloc(1, sizeof(**e));
-
-    p = strsep(&str, ":");
-
-    while (p) {
-	HDB_extension ext;
-	ssize_t len;
-	void *d;
-
-	len = strlen(p);
-	d = malloc(len);
-
-	len = hex_decode(p, d, len);
-	if (len < 0)
-	    return -1;
-
-	ret = decode_HDB_extension(d, len, &ext, NULL);
-	free(d);
-	if (ret)
-	    return -1;
-	d = realloc((*e)->val, ((*e)->len + 1) * sizeof((*e)->val[0]));
-	if (d == NULL)
-	    abort();
-	(*e)->val = d;
-	(*e)->val[(*e)->len] = ext;
-	(*e)->len++;
-
-	p = strsep(&str, ":");
-    }
-
-    return 0;
-}
-
-
-/*
- * Parse the dump file in `filename' and create the database (merging
- * iff merge)
- */
-
-static int
-doit(const char *filename, int mergep)
-{
-    krb5_error_code ret;
-    FILE *f;
-    char s[8192]; /* XXX should fix this properly */
-    char *p;
-    int line;
-    int flags = O_RDWR;
-    struct entry e;
-    hdb_entry_ex ent;
-    HDB *db = _kadm5_s_get_db(kadm_handle);
-
-    f = fopen(filename, "r");
-    if(f == NULL){
-	krb5_warn(context, errno, "fopen(%s)", filename);
-	return 1;
-    }
-    ret = kadm5_log_truncate (kadm_handle);
-    if (ret) {
-	fclose (f);
-	krb5_warn(context, ret, "kadm5_log_truncate");
-	return 1;
-    }
-
-    if(!mergep)
-	flags |= O_CREAT | O_TRUNC;
-    ret = db->hdb_open(context, db, flags, 0600);
-    if(ret){
-	krb5_warn(context, ret, "hdb_open");
-	fclose(f);
-	return 1;
-    }
-    line = 0;
-    ret = 0;
-    while(fgets(s, sizeof(s), f) != NULL) {
-	ret = 0;
-	line++;
-
-	p = s;
-	while (isspace((unsigned char)*p))
-	    p++;
-
-	e.principal = p;
-	for(p = s; *p; p++){
-	    if(*p == '\\')
-		p++;
-	    else if(isspace((unsigned char)*p)) {
-		*p = 0;
-		break;
-	    }
-	}
-	p = skip_next(p);
-	
-	e.key = p;
-	p = skip_next(p);
-
-	e.created = p;
-	p = skip_next(p);
-
-	e.modified = p;
-	p = skip_next(p);
-
-	e.valid_start = p;
-	p = skip_next(p);
-
-	e.valid_end = p;
-	p = skip_next(p);
-
-	e.pw_end = p;
-	p = skip_next(p);
-
-	e.max_life = p;
-	p = skip_next(p);
-
-	e.max_renew = p;
-	p = skip_next(p);
-
-	e.flags = p;
-	p = skip_next(p);
-
-	e.generation = p;
-	p = skip_next(p);
-
-	e.extensions = p;
-	p = skip_next(p);
-
-	memset(&ent, 0, sizeof(ent));
-	ret = krb5_parse_name(context, e.principal, &ent.entry.principal);
-	if(ret) {
-	    fprintf(stderr, "%s:%d:%s (%s)\n", 
-		    filename, 
-		    line,
-		    krb5_get_err_text(context, ret),
-		    e.principal);
-	    continue;
-	}
-	
-	if (parse_keys(&ent.entry, e.key)) {
-	    fprintf (stderr, "%s:%d:error parsing keys (%s)\n",
-		     filename, line, e.key);
-	    hdb_free_entry (context, &ent);
-	    continue;
-	}
-	
-	if (parse_event(&ent.entry.created_by, e.created) == -1) {
-	    fprintf (stderr, "%s:%d:error parsing created event (%s)\n",
-		     filename, line, e.created);
-	    hdb_free_entry (context, &ent);
-	    continue;
-	}
-	if (parse_event_alloc (&ent.entry.modified_by, e.modified) == -1) {
-	    fprintf (stderr, "%s:%d:error parsing event (%s)\n",
-		     filename, line, e.modified);
-	    hdb_free_entry (context, &ent);
-	    continue;
-	}
-	if (parse_time_string_alloc (&ent.entry.valid_start, e.valid_start) == -1) {
-	    fprintf (stderr, "%s:%d:error parsing time (%s)\n",
-		     filename, line, e.valid_start);
-	    hdb_free_entry (context, &ent);
-	    continue;
-	}
-	if (parse_time_string_alloc (&ent.entry.valid_end,   e.valid_end) == -1) {
-	    fprintf (stderr, "%s:%d:error parsing time (%s)\n",
-		     filename, line, e.valid_end);
-	    hdb_free_entry (context, &ent);
-	    continue;
-	}
-	if (parse_time_string_alloc (&ent.entry.pw_end,      e.pw_end) == -1) {
-	    fprintf (stderr, "%s:%d:error parsing time (%s)\n",
-		     filename, line, e.pw_end);
-	    hdb_free_entry (context, &ent);
-	    continue;
-	}
-
-	if (parse_integer_alloc (&ent.entry.max_life,  e.max_life) == -1) {
-	    fprintf (stderr, "%s:%d:error parsing lifetime (%s)\n",
-		     filename, line, e.max_life);
-	    hdb_free_entry (context, &ent);
-	    continue;
-
-	}
-	if (parse_integer_alloc (&ent.entry.max_renew, e.max_renew) == -1) {
-	    fprintf (stderr, "%s:%d:error parsing lifetime (%s)\n",
-		     filename, line, e.max_renew);
-	    hdb_free_entry (context, &ent);
-	    continue;
-	}
-
-	if (parse_hdbflags2int (&ent.entry.flags, e.flags) != 1) {
-	    fprintf (stderr, "%s:%d:error parsing flags (%s)\n",
-		     filename, line, e.flags);
-	    hdb_free_entry (context, &ent);
-	    continue;
-	}
-
-	if(parse_generation(e.generation, &ent.entry.generation) == -1) {
-	    fprintf (stderr, "%s:%d:error parsing generation (%s)\n",
-		     filename, line, e.generation);
-	    hdb_free_entry (context, &ent);
-	    continue;
-	}
-
-	if(parse_extensions(e.extensions, &ent.entry.extensions) == -1) {
-	    fprintf (stderr, "%s:%d:error parsing extension (%s)\n",
-		     filename, line, e.extensions);
-	    hdb_free_entry (context, &ent);
-	    continue;
-	}
-
-	ret = db->hdb_store(context, db, HDB_F_REPLACE, &ent);
-	hdb_free_entry (context, &ent);
-	if (ret) {
-	    krb5_warn(context, ret, "db_store");
-	    break;
-	}
-    }
-    db->hdb_close(context, db);
-    fclose(f);
-    return ret != 0;
-}
-
-
-extern int local_flag;
-
-static int
-loadit(int mergep, const char *name, int argc, char **argv)
-{
-    if(!local_flag) {
-	krb5_warnx(context, "%s is only available in local (-l) mode", name);
-	return 0;
-    }
-
-    return doit(argv[0], mergep);
-}
- 
-int
-load(void *opt, int argc, char **argv)
-{
-    return loadit(0, "load", argc, argv);
-}
- 
-int
-merge(void *opt, int argc, char **argv)
-{
-    return loadit(1, "merge", argc, argv);
-}
diff --git a/crypto/heimdal/kadmin/mod.c b/crypto/heimdal/kadmin/mod.c
deleted file mode 100644
index f5f9e0467a5b..000000000000
--- a/crypto/heimdal/kadmin/mod.c
+++ /dev/null
@@ -1,261 +0,0 @@
-/*
- * Copyright (c) 1997 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadmin_locl.h"
-#include "kadmin-commands.h"
-
-RCSID("$Id: mod.c 21968 2007-10-18 18:50:33Z lha $");
-
-static void
-add_tl(kadm5_principal_ent_rec *princ, int type, krb5_data *data)
-{
-    krb5_tl_data *tl, **ptl;
-
-    tl = ecalloc(1, sizeof(*tl));
-    tl->tl_data_next = NULL;
-    tl->tl_data_type = KRB5_TL_EXTENSION;
-    tl->tl_data_length = data->length;
-    tl->tl_data_contents = data->data;
-    
-    princ->n_tl_data++;
-    ptl = &princ->tl_data;
-    while (*ptl != NULL)
-	ptl = &(*ptl)->tl_data_next;
-    *ptl = tl;
-
-    return;
-}
-
-static void
-add_constrained_delegation(krb5_context context,
-			   kadm5_principal_ent_rec *princ,
-			   struct getarg_strings *strings)
-{
-    krb5_error_code ret;
-    HDB_extension ext;
-    krb5_data buf;
-    size_t size;
-	    
-    memset(&ext, 0, sizeof(ext));
-    ext.mandatory = FALSE;
-    ext.data.element = choice_HDB_extension_data_allowed_to_delegate_to;
-
-    if (strings->num_strings == 1 && strings->strings[0][0] == '\0') {
-	ext.data.u.allowed_to_delegate_to.val = NULL;
-	ext.data.u.allowed_to_delegate_to.len = 0;
-    } else {
-	krb5_principal p;
-	int i;
-
-	ext.data.u.allowed_to_delegate_to.val = 
-	    calloc(strings->num_strings, 
-		   sizeof(ext.data.u.allowed_to_delegate_to.val[0]));
-	ext.data.u.allowed_to_delegate_to.len = strings->num_strings;
-	
-	for (i = 0; i < strings->num_strings; i++) {
-	    ret = krb5_parse_name(context, strings->strings[i], &p);
-	    ret = copy_Principal(p, &ext.data.u.allowed_to_delegate_to.val[i]);
-	    krb5_free_principal(context, p);
-	}
-    }
-
-    ASN1_MALLOC_ENCODE(HDB_extension, buf.data, buf.length,
-		       &ext, &size, ret);
-    free_HDB_extension(&ext);
-    if (ret)
-	abort();
-    if (buf.length != size)
-	abort();
-
-    add_tl(princ, KRB5_TL_EXTENSION, &buf);
-}
-
-static void
-add_aliases(krb5_context context, kadm5_principal_ent_rec *princ,
-	    struct getarg_strings *strings)
-{
-    krb5_error_code ret;
-    HDB_extension ext;
-    krb5_data buf;
-    krb5_principal p;
-    size_t size;
-    int i;
-    
-    memset(&ext, 0, sizeof(ext));
-    ext.mandatory = FALSE;
-    ext.data.element = choice_HDB_extension_data_aliases;
-    ext.data.u.aliases.case_insensitive = 0;
-
-    if (strings->num_strings == 1 && strings->strings[0][0] == '\0') {
-	ext.data.u.aliases.aliases.val = NULL;
-	ext.data.u.aliases.aliases.len = 0;
-    } else {
-	ext.data.u.aliases.aliases.val = 
-	    calloc(strings->num_strings, 
-		   sizeof(ext.data.u.aliases.aliases.val[0]));
-	ext.data.u.aliases.aliases.len = strings->num_strings;
-	
-	for (i = 0; i < strings->num_strings; i++) {
-	    ret = krb5_parse_name(context, strings->strings[i], &p);
-	    ret = copy_Principal(p, &ext.data.u.aliases.aliases.val[i]);
-	    krb5_free_principal(context, p);
-	}
-    }
-
-    ASN1_MALLOC_ENCODE(HDB_extension, buf.data, buf.length,
-		       &ext, &size, ret);
-    free_HDB_extension(&ext);
-    if (ret)
-	abort();
-    if (buf.length != size)
-	abort();
-    
-    add_tl(princ, KRB5_TL_EXTENSION, &buf);
-}
-
-static void
-add_pkinit_acl(krb5_context context, kadm5_principal_ent_rec *princ,
-	       struct getarg_strings *strings)
-{
-    krb5_error_code ret;
-    HDB_extension ext;
-    krb5_data buf;
-    size_t size;
-    int i;
-    
-    memset(&ext, 0, sizeof(ext));
-    ext.mandatory = FALSE;
-    ext.data.element = choice_HDB_extension_data_pkinit_acl;
-    ext.data.u.aliases.case_insensitive = 0;
-
-    if (strings->num_strings == 1 && strings->strings[0][0] == '\0') {
-	ext.data.u.pkinit_acl.val = NULL;
-	ext.data.u.pkinit_acl.len = 0;
-    } else {
-	ext.data.u.pkinit_acl.val = 
-	    calloc(strings->num_strings, 
-		   sizeof(ext.data.u.pkinit_acl.val[0]));
-	ext.data.u.pkinit_acl.len = strings->num_strings;
-	
-	for (i = 0; i < strings->num_strings; i++) {
-	    ext.data.u.pkinit_acl.val[i].subject = estrdup(strings->strings[i]);
-	}
-    }
-
-    ASN1_MALLOC_ENCODE(HDB_extension, buf.data, buf.length,
-		       &ext, &size, ret);
-    free_HDB_extension(&ext);
-    if (ret)
-	abort();
-    if (buf.length != size)
-	abort();
-    
-    add_tl(princ, KRB5_TL_EXTENSION, &buf);
-}
-
-static int
-do_mod_entry(krb5_principal principal, void *data)
-{
-    krb5_error_code ret;
-    kadm5_principal_ent_rec princ;
-    int mask = 0;
-    struct modify_options *e = data;
-    
-    memset (&princ, 0, sizeof(princ));
-    ret = kadm5_get_principal(kadm_handle, principal, &princ,
-			      KADM5_PRINCIPAL | KADM5_ATTRIBUTES | 
-			      KADM5_MAX_LIFE | KADM5_MAX_RLIFE |
-			      KADM5_PRINC_EXPIRE_TIME |
-			      KADM5_PW_EXPIRATION);
-    if(ret) 
-	return ret;
-
-    if(e->max_ticket_life_string || 
-       e->max_renewable_life_string ||
-       e->expiration_time_string ||
-       e->pw_expiration_time_string ||
-       e->attributes_string ||
-       e->kvno_integer != -1 ||
-       e->constrained_delegation_strings.num_strings ||
-       e->alias_strings.num_strings ||
-       e->pkinit_acl_strings.num_strings) {
-	ret = set_entry(context, &princ, &mask, 
-			e->max_ticket_life_string, 
-			e->max_renewable_life_string, 
-			e->expiration_time_string, 
-			e->pw_expiration_time_string, 
-			e->attributes_string);
-	if(e->kvno_integer != -1) {
-	    princ.kvno = e->kvno_integer;
-	    mask |= KADM5_KVNO;
-	}
-	if (e->constrained_delegation_strings.num_strings) {
-	    add_constrained_delegation(context, &princ,
-				       &e->constrained_delegation_strings);
-	    mask |= KADM5_TL_DATA;
-	}
-	if (e->alias_strings.num_strings) {
-	    add_aliases(context, &princ, &e->alias_strings);
-	    mask |= KADM5_TL_DATA;
-	}
-	if (e->pkinit_acl_strings.num_strings) {
-	    add_pkinit_acl(context, &princ, &e->pkinit_acl_strings);
-	    mask |= KADM5_TL_DATA;
-	}
-
-    } else
-	ret = edit_entry(&princ, &mask, NULL, 0);
-    if(ret == 0) {
-	ret = kadm5_modify_principal(kadm_handle, &princ, mask);
-	if(ret)
-	    krb5_warn(context, ret, "kadm5_modify_principal");
-    }
-    
-    kadm5_free_principal_ent(kadm_handle, &princ);
-    return ret;
-}
-
-int
-mod_entry(struct modify_options *opt, int argc, char **argv)
-{
-    krb5_error_code ret = 0;
-    int i;
-
-    for(i = 0; i < argc; i++) {
-	ret = foreach_principal(argv[i], do_mod_entry, "mod", opt);
-	if (ret)
-	    break;
-    }
-    return ret != 0;
-}
-
diff --git a/crypto/heimdal/kadmin/pw_quality.c b/crypto/heimdal/kadmin/pw_quality.c
deleted file mode 100644
index 8d1e9cc11a88..000000000000
--- a/crypto/heimdal/kadmin/pw_quality.c
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Copyright (c) 2003-2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadmin_locl.h"
-#include "kadmin-commands.h"
-
-RCSID("$Id: pw_quality.c 14026 2004-07-05 11:41:22Z joda $");
-
-int
-password_quality(void *opt, int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_principal principal;
-    krb5_data pw_data;
-    const char *s;
-
-    ret = krb5_parse_name(context, argv[0], &principal);
-    if(ret){
-	krb5_warn(context, ret, "krb5_parse_name(%s)", argv[0]);
-	return 0;
-    }
-    pw_data.data = argv[1];
-    pw_data.length = strlen(argv[1]);
-
-    s = kadm5_check_password_quality (context, principal, &pw_data);
-    if (s)
-	krb5_warnx(context, "kadm5_check_password_quality: %s", s);
-
-    krb5_free_principal(context, principal);
-
-    return 0;
-}
diff --git a/crypto/heimdal/kadmin/random_password.c b/crypto/heimdal/kadmin/random_password.c
deleted file mode 100644
index d56dd941f39f..000000000000
--- a/crypto/heimdal/kadmin/random_password.c
+++ /dev/null
@@ -1,163 +0,0 @@
-/*
- * Copyright (c) 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadmin_locl.h"
-
-RCSID("$Id: random_password.c 21745 2007-07-31 16:11:25Z lha $");
-
-/* This file defines some a function that generates a random password,
-   that can be used when creating a large amount of principals (such
-   as for a batch of students). Since this is a political matter, you
-   should think about how secure generated passwords has to be.
-   
-   Both methods defined here will give you at least 55 bits of
-   entropy.
-   */
-
-/* If you want OTP-style passwords, define OTP_STYLE */
-
-#ifdef OTP_STYLE
-#include <otp.h>
-#else
-static void generate_password(char **pw, int num_classes, ...);
-#endif
-
-void
-random_password(char *pw, size_t len)
-{
-#ifdef OTP_STYLE
-    {
-	OtpKey newkey;
-
-	krb5_generate_random_block(&newkey, sizeof(newkey));
-	otp_print_stddict (newkey, pw, len);
-	strlwr(pw);
-    }
-#else
-    char *pass;
-    generate_password(&pass, 3, 
-		      "abcdefghijklmnopqrstuvwxyz", 7, 
-		      "ABCDEFGHIJKLMNOPQRSTUVWXYZ", 2, 
-		      "@$%&*()-+=:,/<>1234567890", 1);
-    strlcpy(pw, pass, len);
-    memset(pass, 0, strlen(pass));
-    free(pass);
-#endif
-}
-
-/* some helper functions */
-
-#ifndef OTP_STYLE
-/* return a random value in range 0-127 */
-static int
-RND(unsigned char *key, int keylen, int *left)
-{
-    if(*left == 0){
-	krb5_generate_random_block(key, keylen);
-	*left = keylen;
-    }
-    (*left)--;
-    return ((unsigned char*)key)[*left];
-}
-
-/* This a helper function that generates a random password with a
-   number of characters from a set of character classes.
-
-   If there are n classes, and the size of each class is Pi, and the
-   number of characters from each class is Ni, the number of possible
-   passwords are (given that the character classes are disjoint):
-
-     n             n
-   -----        /  ----  \
-   |   |  Ni    |  \     |
-   |   | Pi     |   \  Ni| !
-   |   | ---- * |   /    |
-   |   | Ni!    |  /___  |
-    i=1          \  i=1  /
-   
-    Since it uses the RND function above, neither the size of each
-    class, nor the total length of the generated password should be
-    larger than 127 (without fixing RND).
-   
-   */
-static void
-generate_password(char **pw, int num_classes, ...)
-{
-    struct {
-	const char *str;
-	int len;
-	int freq;
-    } *classes;
-    va_list ap;
-    int len, i;
-    unsigned char rbuf[8]; /* random buffer */
-    int rleft = 0;
-
-    *pw = NULL;
-
-    classes = malloc(num_classes * sizeof(*classes));
-    if(classes == NULL)
-	return;
-    va_start(ap, num_classes);
-    len = 0;
-    for(i = 0; i < num_classes; i++){
-	classes[i].str = va_arg(ap, const char*);
-	classes[i].len = strlen(classes[i].str);
-	classes[i].freq = va_arg(ap, int);
-	len += classes[i].freq;
-    }
-    va_end(ap);
-    *pw = malloc(len + 1);
-    if(*pw == NULL) {
-	free(classes);
-	return;
-    }
-    for(i = 0; i < len; i++) {
-	int j;
-	int x = RND(rbuf, sizeof(rbuf), &rleft) % (len - i);
-	int t = 0;
-	for(j = 0; j < num_classes; j++) {
-	    if(x < t + classes[j].freq) {
-		(*pw)[i] = classes[j].str[RND(rbuf, sizeof(rbuf), &rleft)
-					 % classes[j].len];
-		classes[j].freq--;
-		break;
-	    }
-	    t += classes[j].freq;
-	}
-    }
-    (*pw)[len] = '\0';
-    memset(rbuf, 0, sizeof(rbuf));
-    free(classes);
-}
-#endif
diff --git a/crypto/heimdal/kadmin/rename.c b/crypto/heimdal/kadmin/rename.c
deleted file mode 100644
index 9309db5c229c..000000000000
--- a/crypto/heimdal/kadmin/rename.c
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
- * Copyright (c) 1997-2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadmin_locl.h"
-#include "kadmin-commands.h"
-
-RCSID("$Id: rename.c 17007 2006-04-07 13:11:24Z lha $");
-
-int
-rename_entry(void *opt, int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_principal princ1, princ2;
-
-    ret = krb5_parse_name(context, argv[0], &princ1);
-    if(ret){
-	krb5_warn(context, ret, "krb5_parse_name(%s)", argv[0]);
-	return ret != 0;
-    }
-    ret = krb5_parse_name(context, argv[1], &princ2);
-    if(ret){
-	krb5_free_principal(context, princ1);
-	krb5_warn(context, ret, "krb5_parse_name(%s)", argv[1]);
-	return ret != 0;
-    }
-    ret = kadm5_rename_principal(kadm_handle, princ1, princ2);
-    if(ret)
-	krb5_warn(context, ret, "rename");
-    krb5_free_principal(context, princ1);
-    krb5_free_principal(context, princ2);
-    return ret != 0;
-}
-
diff --git a/crypto/heimdal/kadmin/server.c b/crypto/heimdal/kadmin/server.c
deleted file mode 100644
index 07dd9a5ad7b0..000000000000
--- a/crypto/heimdal/kadmin/server.c
+++ /dev/null
@@ -1,577 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadmin_locl.h"
-#include <krb5-private.h>
-
-RCSID("$Id: server.c 17611 2006-06-02 22:10:21Z lha $");
-
-static kadm5_ret_t
-kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
-		 krb5_data *in, krb5_data *out)
-{
-    kadm5_ret_t ret;
-    int32_t cmd, mask, tmp;
-    kadm5_server_context *context = kadm_handle;
-    char client[128], name[128], name2[128];
-    char *op = "";
-    krb5_principal princ, princ2;
-    kadm5_principal_ent_rec ent;
-    char *password, *expression;
-    krb5_keyblock *new_keys;
-    int n_keys;
-    char **princs;
-    int n_princs;
-    krb5_storage *sp;
-    
-    krb5_unparse_name_fixed(context->context, context->caller, 
-			    client, sizeof(client));
-    
-    sp = krb5_storage_from_data(in);
-
-    krb5_ret_int32(sp, &cmd);
-    switch(cmd){
-    case kadm_get:{
-	op = "GET";
-	ret = krb5_ret_principal(sp, &princ);
-	if(ret)
-	    goto fail;
-	ret = krb5_ret_int32(sp, &mask);
-	if(ret){
-	    krb5_free_principal(context->context, princ);
-	    goto fail;
-	}
-	krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
-	krb5_warnx(context->context, "%s: %s %s", client, op, name);
-	ret = _kadm5_acl_check_permission(context, KADM5_PRIV_GET, princ);
-	if(ret){
-	    krb5_free_principal(context->context, princ);
-	    goto fail;
-	}
-	ret = kadm5_get_principal(kadm_handle, princ, &ent, mask);
-	krb5_storage_free(sp);
-	sp = krb5_storage_emem();
-	krb5_store_int32(sp, ret);
-	if(ret == 0){
-	    kadm5_store_principal_ent(sp, &ent);
-	    kadm5_free_principal_ent(kadm_handle, &ent);
-	}
-	krb5_free_principal(context->context, princ);
-	break;
-    }
-    case kadm_delete:{
-	op = "DELETE";
-	ret = krb5_ret_principal(sp, &princ);
-	if(ret)
-	    goto fail;
-	krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
-	krb5_warnx(context->context, "%s: %s %s", client, op, name);
-	ret = _kadm5_acl_check_permission(context, KADM5_PRIV_DELETE, princ);
-	if(ret){
-	    krb5_free_principal(context->context, princ);
-	    goto fail;
-	}
-	ret = kadm5_delete_principal(kadm_handle, princ);
-	krb5_free_principal(context->context, princ);
-	krb5_storage_free(sp);
-	sp = krb5_storage_emem();
-	krb5_store_int32(sp, ret);
-	break;
-    }
-    case kadm_create:{
-	op = "CREATE";
-	ret = kadm5_ret_principal_ent(sp, &ent);
-	if(ret)
-	    goto fail;
-	ret = krb5_ret_int32(sp, &mask);
-	if(ret){
-	    kadm5_free_principal_ent(context->context, &ent);
-	    goto fail;
-	}
-	ret = krb5_ret_string(sp, &password);
-	if(ret){
-	    kadm5_free_principal_ent(context->context, &ent);
-	    goto fail;
-	}
-	krb5_unparse_name_fixed(context->context, ent.principal, 
-				name, sizeof(name));
-	krb5_warnx(context->context, "%s: %s %s", client, op, name);
-	ret = _kadm5_acl_check_permission(context, KADM5_PRIV_ADD,
-					  ent.principal);
-	if(ret){
-	    kadm5_free_principal_ent(context->context, &ent);
-	    memset(password, 0, strlen(password));
-	    free(password);
-	    goto fail;
-	}
-	ret = kadm5_create_principal(kadm_handle, &ent, 
-				     mask, password);
-	kadm5_free_principal_ent(kadm_handle, &ent);
-	memset(password, 0, strlen(password));
-	free(password);
-	krb5_storage_free(sp);
-	sp = krb5_storage_emem();
-	krb5_store_int32(sp, ret);
-	break;
-    }
-    case kadm_modify:{
-	op = "MODIFY";
-	ret = kadm5_ret_principal_ent(sp, &ent);
-	if(ret)
-	    goto fail;
-	ret = krb5_ret_int32(sp, &mask);
-	if(ret){
-	    kadm5_free_principal_ent(context, &ent);
-	    goto fail;
-	}
-	krb5_unparse_name_fixed(context->context, ent.principal, 
-				name, sizeof(name));
-	krb5_warnx(context->context, "%s: %s %s", client, op, name);
-	ret = _kadm5_acl_check_permission(context, KADM5_PRIV_MODIFY,
-					  ent.principal);
-	if(ret){
-	    kadm5_free_principal_ent(context, &ent);
-	    goto fail;
-	}
-	ret = kadm5_modify_principal(kadm_handle, &ent, mask);
-	kadm5_free_principal_ent(kadm_handle, &ent);
-	krb5_storage_free(sp);
-	sp = krb5_storage_emem();
-	krb5_store_int32(sp, ret);
-	break;
-    }
-    case kadm_rename:{
-	op = "RENAME";
-	ret = krb5_ret_principal(sp, &princ);
-	if(ret)
-	    goto fail;
-	ret = krb5_ret_principal(sp, &princ2);
-	if(ret){
-	    krb5_free_principal(context->context, princ);
-	    goto fail;
-	}
-	krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
-	krb5_unparse_name_fixed(context->context, princ2, name2, sizeof(name2));
-	krb5_warnx(context->context, "%s: %s %s -> %s", 
-		   client, op, name, name2);
-	ret = _kadm5_acl_check_permission(context, 
-					  KADM5_PRIV_ADD,
-					  princ2)
-	    || _kadm5_acl_check_permission(context, 
-					   KADM5_PRIV_DELETE,
-					   princ);
-	if(ret){
-	    krb5_free_principal(context->context, princ);
-	    krb5_free_principal(context->context, princ2);
-	    goto fail;
-	}
-	ret = kadm5_rename_principal(kadm_handle, princ, princ2);
-	krb5_free_principal(context->context, princ);
-	krb5_free_principal(context->context, princ2);
-	krb5_storage_free(sp);
-	sp = krb5_storage_emem();
-	krb5_store_int32(sp, ret);
-	break;
-    }
-    case kadm_chpass:{
-	op = "CHPASS";
-	ret = krb5_ret_principal(sp, &princ);
-	if(ret)
-	    goto fail;
-	ret = krb5_ret_string(sp, &password);
-	if(ret){
-	    krb5_free_principal(context->context, princ);
-	    goto fail;
-	}
-	krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
-	krb5_warnx(context->context, "%s: %s %s", client, op, name);
-
-	/*
-	 * The change is allowed if at least one of:
-
-	 * a) it's for the principal him/herself and this was an
-	 *    initial ticket, but then, check with the password quality
-	 *    function.
-	 * b) the user is on the CPW ACL.
-	 */
-
-	if (initial
-	    && krb5_principal_compare (context->context, context->caller,
-				       princ))
-	{
-	    krb5_data pwd_data;
-	    const char *pwd_reason;
-
-	    pwd_data.data = password;
-	    pwd_data.length = strlen(password);
-
-	    pwd_reason = kadm5_check_password_quality (context->context,
-						       princ, &pwd_data);
-	    if (pwd_reason != NULL)
-		ret = KADM5_PASS_Q_DICT;
-	    else
-		ret = 0;
-	} else
-	    ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW, princ);
-
-	if(ret) {
-	    krb5_free_principal(context->context, princ);
-	    memset(password, 0, strlen(password));
-	    free(password);
-	    goto fail;
-	}
-	ret = kadm5_chpass_principal(kadm_handle, princ, password);
-	krb5_free_principal(context->context, princ);
-	memset(password, 0, strlen(password));
-	free(password);
-	krb5_storage_free(sp);
-	sp = krb5_storage_emem();
-	krb5_store_int32(sp, ret);
-	break;
-    }
-    case kadm_chpass_with_key:{
-	int i;
-	krb5_key_data *key_data;
-	int n_key_data;
-
-	op = "CHPASS_WITH_KEY";
-	ret = krb5_ret_principal(sp, &princ);
-	if(ret)
-	    goto fail;
-	ret = krb5_ret_int32(sp, &n_key_data);
-	if (ret) {
-	    krb5_free_principal(context->context, princ);
-	    goto fail;
-	}
-	/* n_key_data will be squeezed into an int16_t below. */
-	if (n_key_data < 0 || n_key_data >= 1 << 16 ||
-	    n_key_data > UINT_MAX/sizeof(*key_data)) {
-	    ret = ERANGE;
-	    krb5_free_principal(context->context, princ);
-	    goto fail;
-	}
-
-	key_data = malloc (n_key_data * sizeof(*key_data));
-	if (key_data == NULL) {
-	    ret = ENOMEM;
-	    krb5_free_principal(context->context, princ);
-	    goto fail;
-	}
-
-	for (i = 0; i < n_key_data; ++i) {
-	    ret = kadm5_ret_key_data (sp, &key_data[i]);
-	    if (ret) {
-		int16_t dummy = i;
-
-		kadm5_free_key_data (context, &dummy, key_data);
-		free (key_data);
-		krb5_free_principal(context->context, princ);
-		goto fail;
-	    }
-	}
-
-	krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
-	krb5_warnx(context->context, "%s: %s %s", client, op, name);
-
-	/*
-	 * The change is only allowed if the user is on the CPW ACL,
-	 * this it to force password quality check on the user.
-	 */
-
-	ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW, princ);
-	if(ret) {
-	    int16_t dummy = n_key_data;
-
-	    kadm5_free_key_data (context, &dummy, key_data);
-	    free (key_data);
-	    krb5_free_principal(context->context, princ);
-	    goto fail;
-	}
-	ret = kadm5_chpass_principal_with_key(kadm_handle, princ,
-					      n_key_data, key_data);
-	{
-	    int16_t dummy = n_key_data;
-	    kadm5_free_key_data (context, &dummy, key_data);
-	}
-	free (key_data);
-	krb5_free_principal(context->context, princ);
-	krb5_storage_free(sp);
-	sp = krb5_storage_emem();
-	krb5_store_int32(sp, ret);
-	break;
-    }
-    case kadm_randkey:{
-	op = "RANDKEY";
-	ret = krb5_ret_principal(sp, &princ);
-	if(ret)
-	    goto fail;
-	krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
-	krb5_warnx(context->context, "%s: %s %s", client, op, name);
-	/*
-	 * The change is allowed if at least one of:
-	 * a) it's for the principal him/herself and this was an initial ticket
-	 * b) the user is on the CPW ACL.
-	 */
-
-	if (initial
-	    && krb5_principal_compare (context->context, context->caller,
-				       princ))
-	    ret = 0;
-	else
-	    ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW, princ);
-
-	if(ret) {
-	    krb5_free_principal(context->context, princ);
-	    goto fail;
-	}
-	ret = kadm5_randkey_principal(kadm_handle, princ, 
-				      &new_keys, &n_keys);
-	krb5_free_principal(context->context, princ);
-	krb5_storage_free(sp);
-	sp = krb5_storage_emem();
-	krb5_store_int32(sp, ret);
-	if(ret == 0){
-	    int i;
-	    krb5_store_int32(sp, n_keys);
-	    for(i = 0; i < n_keys; i++){
-		krb5_store_keyblock(sp, new_keys[i]);
-		krb5_free_keyblock_contents(context->context, &new_keys[i]);
-	    }
-	}
-	break;
-    }
-    case kadm_get_privs:{
-	uint32_t privs;
-	ret = kadm5_get_privs(kadm_handle, &privs);
-	krb5_storage_free(sp);
-	sp = krb5_storage_emem();
-	krb5_store_int32(sp, ret);
-	if(ret == 0)
-	    krb5_store_uint32(sp, privs);
-	break;
-    }
-    case kadm_get_princs:{
-	op = "LIST";
-	ret = krb5_ret_int32(sp, &tmp);
-	if(ret)
-	    goto fail;
-	if(tmp){
-	    ret = krb5_ret_string(sp, &expression);
-	    if(ret)
-		goto fail;
-	}else
-	    expression = NULL;
-	krb5_warnx(context->context, "%s: %s %s", client, op,
-		   expression ? expression : "*");
-	ret = _kadm5_acl_check_permission(context, KADM5_PRIV_LIST, NULL);
-	if(ret){
-	    free(expression);
-	    goto fail;
-	}
-	ret = kadm5_get_principals(kadm_handle, expression, &princs, &n_princs);
-	free(expression);
-	krb5_storage_free(sp);
-	sp = krb5_storage_emem();
-	krb5_store_int32(sp, ret);
-	if(ret == 0){
-	    int i;
-	    krb5_store_int32(sp, n_princs);
-	    for(i = 0; i < n_princs; i++)
-		krb5_store_string(sp, princs[i]);
-	    kadm5_free_name_list(kadm_handle, princs, &n_princs);
-	}
-	break;
-    }
-    default:
-	krb5_warnx(context->context, "%s: UNKNOWN OP %d", client, cmd);
-	krb5_storage_free(sp);
-	sp = krb5_storage_emem();
-	krb5_store_int32(sp, KADM5_FAILURE);
-	break;
-    }
-    krb5_storage_to_data(sp, out);
-    krb5_storage_free(sp);
-    return 0;
-fail:
-    krb5_warn(context->context, ret, "%s", op);
-    krb5_storage_seek(sp, 0, SEEK_SET);
-    krb5_store_int32(sp, ret);
-    krb5_storage_to_data(sp, out);
-    krb5_storage_free(sp);
-    return 0;
-}
-
-static void
-v5_loop (krb5_context context,
-	 krb5_auth_context ac,
-	 krb5_boolean initial,
-	 void *kadm_handle,
-	 int fd)
-{
-    krb5_error_code ret;
-    krb5_data in, out;
-
-    for (;;) {
-	doing_useful_work = 0;
-	if(term_flag)
-	    exit(0);
-	ret = krb5_read_priv_message(context, ac, &fd, &in);
-	if(ret == HEIM_ERR_EOF)
-	    exit(0);
-	if(ret)
-	    krb5_err(context, 1, ret, "krb5_read_priv_message");
-	doing_useful_work = 1;
-	kadmind_dispatch(kadm_handle, initial, &in, &out);
-	krb5_data_free(&in);
-	ret = krb5_write_priv_message(context, ac, &fd, &out);
-	if(ret)
-	    krb5_err(context, 1, ret, "krb5_write_priv_message");
-    }
-}
-
-static krb5_boolean
-match_appl_version(const void *data, const char *appl_version)
-{
-    unsigned minor;
-    if(sscanf(appl_version, "KADM0.%u", &minor) != 1)
-	return 0;
-    *(unsigned*)data = minor;
-    return 1;
-}
-
-static void
-handle_v5(krb5_context context,
-	  krb5_auth_context ac,
-	  krb5_keytab keytab,
-	  int len,
-	  int fd)
-{
-    krb5_error_code ret;
-    u_char version[sizeof(KRB5_SENDAUTH_VERSION)];
-    krb5_ticket *ticket;
-    char *server_name;
-    char *client;
-    void *kadm_handle;
-    ssize_t n;
-    krb5_boolean initial;
-
-    unsigned kadm_version;
-    kadm5_config_params realm_params;
-
-    if (len != sizeof(KRB5_SENDAUTH_VERSION))
-	krb5_errx(context, 1, "bad sendauth len %d", len);
-    n = krb5_net_read(context, &fd, version, len);
-    if (n < 0)
-	krb5_err (context, 1, errno, "reading sendauth version");
-    if (n == 0)
-	krb5_errx (context, 1, "EOF reading sendauth version");
-    if(memcmp(version, KRB5_SENDAUTH_VERSION, len) != 0)
-	krb5_errx(context, 1, "bad sendauth version %.8s", version);
-	
-    ret = krb5_recvauth_match_version(context, &ac, &fd, 
-				      match_appl_version, &kadm_version,
-				      NULL, KRB5_RECVAUTH_IGNORE_VERSION, 
-				      keytab, &ticket);
-    if(ret == KRB5_KT_NOTFOUND)
-	krb5_errx(context, 1, "krb5_recvauth: key not found");
-    if(ret)
-	krb5_err(context, 1, ret, "krb5_recvauth");
-
-    ret = krb5_unparse_name (context, ticket->server, &server_name);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_unparse_name");
-
-    if (strncmp (server_name, KADM5_ADMIN_SERVICE,
-		 strlen(KADM5_ADMIN_SERVICE)) != 0)
-	krb5_errx (context, 1, "ticket for strange principal (%s)",
-		   server_name);
-
-    free (server_name);
-
-    memset(&realm_params, 0, sizeof(realm_params));
-
-    if(kadm_version == 1) {
-	krb5_data params;
-	ret = krb5_read_priv_message(context, ac, &fd, &params);
-	if(ret)
-	    krb5_err(context, 1, ret, "krb5_read_priv_message");
-	_kadm5_unmarshal_params(context, &params, &realm_params);
-    }
-
-    initial = ticket->ticket.flags.initial;
-    ret = krb5_unparse_name(context, ticket->client, &client);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_unparse_name");
-    krb5_free_ticket (context, ticket);
-    ret = kadm5_init_with_password_ctx(context, 
-				       client, 
-				       NULL,
-				       KADM5_ADMIN_SERVICE,
-				       &realm_params, 
-				       0, 0, 
-				       &kadm_handle);
-    if(ret)
-	krb5_err (context, 1, ret, "kadm5_init_with_password_ctx");
-    v5_loop (context, ac, initial, kadm_handle, fd);
-}
-
-krb5_error_code
-kadmind_loop(krb5_context context,
-	     krb5_auth_context ac,
-	     krb5_keytab keytab, 
-	     int fd)
-{
-    unsigned char tmp[4];
-    ssize_t n;
-    unsigned long len;
-
-    n = krb5_net_read(context, &fd, tmp, 4);
-    if(n == 0)
-	exit(0);
-    if(n < 0)
-	krb5_err(context, 1, errno, "read");
-    _krb5_get_int(tmp, &len, 4);
-    /* this v4 test could probably also go away */
-    if(len > 0xffff && (len & 0xffff) == ('K' << 8) + 'A') {
-	unsigned char v4reply[] = { 
-	    0x00, 0x0c, 
-	    'K', 'Y', 'O', 'U', 'L', 'O', 'S', 'E', 
-	    0x95, 0xb7, 0xa7, 0x08 /* KADM_BAD_VER */
-	};
-	krb5_net_write(context, &fd, v4reply, sizeof(v4reply));
-	krb5_errx(context, 1, "packet appears to be version 4");
-    } else {
-	handle_v5(context, ac, keytab, len, fd);
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/kadmin/stash.c b/crypto/heimdal/kadmin/stash.c
deleted file mode 100644
index d5b65ee8d37a..000000000000
--- a/crypto/heimdal/kadmin/stash.c
+++ /dev/null
@@ -1,140 +0,0 @@
-/*
- * Copyright (c) 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadmin_locl.h"
-#include "kadmin-commands.h"
-
-RCSID("$Id: stash.c 22251 2007-12-09 05:58:43Z lha $");
-
-extern int local_flag;
-
-int
-stash(struct stash_options *opt, int argc, char **argv)
-{
-    char buf[1024];
-    krb5_error_code ret;
-    krb5_enctype enctype;
-    hdb_master_key mkey;
-    
-    if(!local_flag) {
-	krb5_warnx(context, "stash is only available in local (-l) mode");
-	return 0;
-    }
-
-    ret = krb5_string_to_enctype(context, opt->enctype_string, &enctype);
-    if(ret) {
-	krb5_warn(context, ret, "%s", opt->enctype_string);
-	return 0;
-    }
-
-    if(opt->key_file_string == NULL) {
-	asprintf(&opt->key_file_string, "%s/m-key", hdb_db_dir(context));
-	if (opt->key_file_string == NULL)
-	    errx(1, "out of memory");
-    }
-
-    ret = hdb_read_master_key(context, opt->key_file_string, &mkey);
-    if(ret && ret != ENOENT) {
-	krb5_warn(context, ret, "reading master key from %s", 
-		  opt->key_file_string);
-	return 0;
-    }
-
-    if (opt->convert_file_flag) {
-	if (ret)
-	    krb5_warn(context, ret, "reading master key from %s", 
-		      opt->key_file_string);
-	return 0;
-    } else {
-	krb5_keyblock key;
-	krb5_salt salt;
-	salt.salttype = KRB5_PW_SALT;
-	/* XXX better value? */
-	salt.saltvalue.data = NULL;
-	salt.saltvalue.length = 0;
-	if(opt->master_key_fd_integer != -1) {
-	    ssize_t n;
-	    n = read(opt->master_key_fd_integer, buf, sizeof(buf));
-	    if(n == 0)
-		krb5_warnx(context, "end of file reading passphrase");
-	    else if(n < 0)
-		krb5_warn(context, errno, "reading passphrase");
-	    buf[n] = '\0';
-	    buf[strcspn(buf, "\r\n")] = '\0';
-	} else {
-	    if(UI_UTIL_read_pw_string(buf, sizeof(buf), "Master key: ", 1)) {
-		hdb_free_master_key(context, mkey);
-		return 0;
-	    }
-	}
-	ret = krb5_string_to_key_salt(context, enctype, buf, salt, &key);
-	ret = hdb_add_master_key(context, &key, &mkey);
-	krb5_free_keyblock_contents(context, &key);
-    }
-    
-    {
-	char *new, *old;
-	asprintf(&old, "%s.old", opt->key_file_string);
-	asprintf(&new, "%s.new", opt->key_file_string);
-	if(old == NULL || new == NULL) {
-	    ret = ENOMEM;
-	    goto out;
-	}
-	    
-	if(unlink(new) < 0 && errno != ENOENT) {
-	    ret = errno;
-	    goto out;
-	}
-	krb5_warnx(context, "writing key to \"%s\"", opt->key_file_string);
-	ret = hdb_write_master_key(context, new, mkey);
-	if(ret)
-	    unlink(new);
-	else {
-	    unlink(old);
-	    if(link(opt->key_file_string, old) < 0 && errno != ENOENT) {
-		ret = errno;
-		unlink(new);
-	    } else if(rename(new, opt->key_file_string) < 0) {
-		ret = errno;
-	    }
-	}
-    out:
-	free(old);
-	free(new);
-	if(ret)
-	    krb5_warn(context, errno, "writing master key file");
-    }
-
-    hdb_free_master_key(context, mkey);
-    return 0;
-}
diff --git a/crypto/heimdal/kadmin/test_util.c b/crypto/heimdal/kadmin/test_util.c
deleted file mode 100644
index 0f59f60782e7..000000000000
--- a/crypto/heimdal/kadmin/test_util.c
+++ /dev/null
@@ -1,92 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "kadmin_locl.h"
-
-RCSID("$Id: test_util.c 19486 2006-12-22 17:25:59Z lha $");
-
-krb5_context context;
-void *kadm_handle;
-
-struct {
-    const char *str;
-    int ret;
-    time_t t;
-} ts[] = {
-    { "2006-12-22 18:09:00", 0, 1166810940 },
-    { "2006-12-22", 0, 1166831999 },
-    { "2006-12-22 23:59:59", 0, 1166831999 }
-};
-
-static int
-test_time(void)
-{
-    int i, errors = 0;
-
-    for (i = 0; i < sizeof(ts)/sizeof(ts[0]); i++) {
-	time_t t;
-	int ret;
-
-	ret = str2time_t (ts[i].str, &t);
-	if (ret != ts[i].ret) {
-	    printf("%d: %d is wrong ret\n", i, ret);
-	    errors++;
-	} 
-	else if (t != ts[i].t) {
-	    printf("%d: %d is wrong time\n", i, (int)t);
-	    errors++;
-	}
-    }
-    
-    return errors;
-}
-
-
-int
-main(int argc, char **argv)
-{
-    krb5_error_code ret;
-
-    setprogname(argv[0]);
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    ret = 0;
-    ret += test_time();
-
-    krb5_free_context(context);
-
-    return ret;
-}
-    
diff --git a/crypto/heimdal/kadmin/util.c b/crypto/heimdal/kadmin/util.c
deleted file mode 100644
index 3c12dcb835bc..000000000000
--- a/crypto/heimdal/kadmin/util.c
+++ /dev/null
@@ -1,664 +0,0 @@
-/*
- * Copyright (c) 1997 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadmin_locl.h"
-#include <parse_units.h>
-
-RCSID("$Id: util.c 21745 2007-07-31 16:11:25Z lha $");
-
-/*
- * util.c - functions for parsing, unparsing, and editing different
- * types of data used in kadmin.
- */
-
-static int
-get_response(const char *prompt, const char *def, char *buf, size_t len);
-
-/*
- * attributes 
- */
-
-struct units kdb_attrs[] = {
-    { "allow-digest",		KRB5_KDB_ALLOW_DIGEST },
-    { "allow-kerberos4",	KRB5_KDB_ALLOW_KERBEROS4 },
-    { "trusted-for-delegation",	KRB5_KDB_TRUSTED_FOR_DELEGATION },
-    { "ok-as-delegate",		KRB5_KDB_OK_AS_DELEGATE },
-    { "new-princ",		KRB5_KDB_NEW_PRINC },
-    { "support-desmd5",		KRB5_KDB_SUPPORT_DESMD5 },
-    { "pwchange-service",	KRB5_KDB_PWCHANGE_SERVICE },
-    { "disallow-svr",		KRB5_KDB_DISALLOW_SVR },
-    { "requires-pw-change",	KRB5_KDB_REQUIRES_PWCHANGE },
-    { "requires-hw-auth",	KRB5_KDB_REQUIRES_HW_AUTH },
-    { "requires-pre-auth",	KRB5_KDB_REQUIRES_PRE_AUTH },
-    { "disallow-all-tix",	KRB5_KDB_DISALLOW_ALL_TIX },
-    { "disallow-dup-skey",	KRB5_KDB_DISALLOW_DUP_SKEY },
-    { "disallow-proxiable",	KRB5_KDB_DISALLOW_PROXIABLE },
-    { "disallow-renewable",	KRB5_KDB_DISALLOW_RENEWABLE },
-    { "disallow-tgt-based",	KRB5_KDB_DISALLOW_TGT_BASED },
-    { "disallow-forwardable",	KRB5_KDB_DISALLOW_FORWARDABLE },
-    { "disallow-postdated",	KRB5_KDB_DISALLOW_POSTDATED },
-    { NULL }
-};
-
-/*
- * convert the attributes in `attributes' into a printable string
- * in `str, len'
- */
-
-void
-attributes2str(krb5_flags attributes, char *str, size_t len)
-{
-    unparse_flags (attributes, kdb_attrs, str, len);
-}
-
-/*
- * convert the string in `str' into attributes in `flags'
- * return 0 if parsed ok, else -1.
- */
-
-int
-str2attributes(const char *str, krb5_flags *flags)
-{
-    int res;
-
-    res = parse_flags (str, kdb_attrs, *flags);
-    if (res < 0)
-	return res;
-    else {
-	*flags = res;
-	return 0;
-    }
-}
-
-/*
- * try to parse the string `resp' into attributes in `attr', also
- * setting the `bit' in `mask' if attributes are given and valid.
- */
-
-int
-parse_attributes (const char *resp, krb5_flags *attr, int *mask, int bit)
-{
-    krb5_flags tmp = *attr;
-
-    if (str2attributes(resp, &tmp) == 0) {
-	*attr = tmp;
-	if (mask)
-	    *mask |= bit;
-	return 0;
-    } else if(*resp == '?') {
-	print_flags_table (kdb_attrs, stderr);
-    } else {
-	fprintf (stderr, "Unable to parse \"%s\"\n", resp);
-    }
-    return -1;
-}
-
-/*
- * allow the user to edit the attributes in `attr', prompting with `prompt'
- */
-
-int
-edit_attributes (const char *prompt, krb5_flags *attr, int *mask, int bit)
-{
-    char buf[1024], resp[1024];
-
-    if (mask && (*mask & bit))
-	return 0;
-
-    attributes2str(*attr, buf, sizeof(buf));
-    for (;;) {
-	if(get_response("Attributes", buf, resp, sizeof(resp)) != 0)
-	    return 1;
-	if (resp[0] == '\0')
-	    break;
-	if (parse_attributes (resp, attr, mask, bit) == 0)
-	    break;
-    }
-    return 0;
-}
-
-/*
- * time_t
- * the special value 0 means ``never''
- */
-
-/*
- * Convert the time `t' to a string representation in `str' (of max
- * size `len').  If include_time also include time, otherwise just
- * date.  
- */
-
-void
-time_t2str(time_t t, char *str, size_t len, int include_time)
-{
-    if(t) {
-	if(include_time)
-	    strftime(str, len, "%Y-%m-%d %H:%M:%S UTC", gmtime(&t));
-	else
-	    strftime(str, len, "%Y-%m-%d", gmtime(&t));
-    } else
-	snprintf(str, len, "never");
-}
-
-/*
- * Convert the time representation in `str' to a time in `time'.
- * Return 0 if succesful, else -1.
- */
-
-int
-str2time_t (const char *str, time_t *t)
-{
-    const char *p;
-    struct tm tm, tm2;
-
-    memset (&tm, 0, sizeof (tm));
-    memset (&tm2, 0, sizeof (tm2));
-
-    if(strcasecmp(str, "never") == 0) {
-	*t = 0;
-	return 0;
-    }
-
-    if(strcasecmp(str, "now") == 0) {
-	*t = time(NULL);
-	return 0;
-    }
-
-    p = strptime (str, "%Y-%m-%d", &tm);
-
-    if (p == NULL)
-	return -1;
-
-    while(isspace((unsigned char)*p))
-	p++;
-
-    /* XXX this is really a bit optimistic, we should really complain
-       if there was a problem parsing the time */
-    if(p[0] != '\0' && strptime (p, "%H:%M:%S", &tm2) != NULL) {
-	tm.tm_hour = tm2.tm_hour;
-	tm.tm_min  = tm2.tm_min;
-	tm.tm_sec  = tm2.tm_sec;
-    } else {
-	/* Do it on the end of the day */
-	tm.tm_hour = 23;
-	tm.tm_min  = 59;
-	tm.tm_sec  = 59;
-    }
-
-    *t = tm2time (tm, 0);
-    return 0;
-}
-
-/*
- * try to parse the time in `resp' storing it in `value'
- */
-
-int
-parse_timet (const char *resp, krb5_timestamp *value, int *mask, int bit)
-{
-    time_t tmp;
-
-    if (str2time_t(resp, &tmp) == 0) {
-	*value = tmp;
-	if(mask)
-	    *mask |= bit;
-	return 0;
-    } 
-    if(*resp != '?')
-	fprintf (stderr, "Unable to parse time \"%s\"\n", resp);
-    fprintf (stderr, "Print date on format YYYY-mm-dd [hh:mm:ss]\n");
-    return -1;
-}
-
-/*
- * allow the user to edit the time in `value'
- */
-
-int
-edit_timet (const char *prompt, krb5_timestamp *value, int *mask, int bit)
-{
-    char buf[1024], resp[1024];
-
-    if (mask && (*mask & bit))
-	return 0;
-
-    time_t2str (*value, buf, sizeof (buf), 0);
-
-    for (;;) {
-	if(get_response(prompt, buf, resp, sizeof(resp)) != 0)
-	    return 1;
-	if (parse_timet (resp, value, mask, bit) == 0)
-	    break;
-    }
-    return 0;
-}
-
-/*
- * deltat
- * the special value 0 means ``unlimited''
- */
-
-/*
- * convert the delta_t value in `t' into a printable form in `str, len'
- */
-
-void
-deltat2str(unsigned t, char *str, size_t len)
-{
-    if(t == 0 || t == INT_MAX)
-	snprintf(str, len, "unlimited");
-    else
-	unparse_time(t, str, len);
-}
-
-/*
- * parse the delta value in `str', storing result in `*delta'
- * return 0 if ok, else -1
- */
-
-int
-str2deltat(const char *str, krb5_deltat *delta)
-{
-    int res;
-
-    if(strcasecmp(str, "unlimited") == 0) {
-	*delta = 0;
-	return 0;
-    }
-    res = parse_time(str, "day");
-    if (res < 0)
-	return res;
-    else {
-	*delta = res;
-	return 0;
-    }
-}
-
-/*
- * try to parse the string in `resp' into a deltad in `value'
- * `mask' will get the bit `bit' set if a value was given.
- */
-
-int
-parse_deltat (const char *resp, krb5_deltat *value, int *mask, int bit)
-{
-    krb5_deltat tmp;
-
-    if (str2deltat(resp, &tmp) == 0) {
-	*value = tmp;
-	if (mask)
-	    *mask |= bit;
-	return 0;
-    } else if(*resp == '?') {
-	print_time_table (stderr);
-    } else {
-	fprintf (stderr, "Unable to parse time \"%s\"\n", resp);
-    }
-    return -1;
-}
-
-/*
- * allow the user to edit the deltat in `value'
- */
-
-int
-edit_deltat (const char *prompt, krb5_deltat *value, int *mask, int bit)
-{
-    char buf[1024], resp[1024];
-
-    if (mask && (*mask & bit))
-	return 0;
-
-    deltat2str(*value, buf, sizeof(buf));
-    for (;;) {
-	if(get_response(prompt, buf, resp, sizeof(resp)) != 0)
-	    return 1;
-	if (parse_deltat (resp, value, mask, bit) == 0)
-	    break;
-    }
-    return 0;
-}
-
-/*
- * allow the user to edit `ent'
- */
-
-void
-set_defaults(kadm5_principal_ent_t ent, int *mask,
-	     kadm5_principal_ent_t default_ent, int default_mask)
-{
-    if (default_ent
-	&& (default_mask & KADM5_MAX_LIFE)
-	&& !(*mask & KADM5_MAX_LIFE))
-	ent->max_life = default_ent->max_life;
-
-    if (default_ent
-	&& (default_mask & KADM5_MAX_RLIFE)
-	&& !(*mask & KADM5_MAX_RLIFE))
-	ent->max_renewable_life = default_ent->max_renewable_life;
-
-    if (default_ent
-	&& (default_mask & KADM5_PRINC_EXPIRE_TIME)
-	&& !(*mask & KADM5_PRINC_EXPIRE_TIME))
-	ent->princ_expire_time = default_ent->princ_expire_time;
-
-    if (default_ent
-	&& (default_mask & KADM5_PW_EXPIRATION)
-	&& !(*mask & KADM5_PW_EXPIRATION))
-	ent->pw_expiration = default_ent->pw_expiration;
-
-    if (default_ent
-	&& (default_mask & KADM5_ATTRIBUTES)
-	&& !(*mask & KADM5_ATTRIBUTES))
-	ent->attributes = default_ent->attributes & ~KRB5_KDB_DISALLOW_ALL_TIX;
-}
-
-int
-edit_entry(kadm5_principal_ent_t ent, int *mask,
-	   kadm5_principal_ent_t default_ent, int default_mask)
-{
-
-    set_defaults(ent, mask, default_ent, default_mask);
-
-    if(edit_deltat ("Max ticket life", &ent->max_life, mask,
-		    KADM5_MAX_LIFE) != 0)
-	return 1;
-    
-    if(edit_deltat ("Max renewable life", &ent->max_renewable_life, mask,
-		    KADM5_MAX_RLIFE) != 0)
-	return 1;
-
-    if(edit_timet ("Principal expiration time", &ent->princ_expire_time, mask,
-		   KADM5_PRINC_EXPIRE_TIME) != 0)
-	return 1;
-
-    if(edit_timet ("Password expiration time", &ent->pw_expiration, mask,
-		   KADM5_PW_EXPIRATION) != 0)
-	return 1;
-
-    if(edit_attributes ("Attributes", &ent->attributes, mask,
-			KADM5_ATTRIBUTES) != 0)
-	return 1;
-
-    return 0;
-}
-
-/*
- * Parse the arguments, set the fields in `ent' and the `mask' for the
- * entries having been set.
- * Return 1 on failure and 0 on success.
- */
-
-int
-set_entry(krb5_context context,
-	  kadm5_principal_ent_t ent,
-	  int *mask,
-	  const char *max_ticket_life,
-	  const char *max_renewable_life,
-	  const char *expiration,
-	  const char *pw_expiration,
-	  const char *attributes)
-{
-    if (max_ticket_life != NULL) {
-	if (parse_deltat (max_ticket_life, &ent->max_life, 
-			  mask, KADM5_MAX_LIFE)) {
-	    krb5_warnx (context, "unable to parse `%s'", max_ticket_life);
-	    return 1;
-	}
-    }
-    if (max_renewable_life != NULL) {
-	if (parse_deltat (max_renewable_life, &ent->max_renewable_life, 
-			  mask, KADM5_MAX_RLIFE)) {
-	    krb5_warnx (context, "unable to parse `%s'", max_renewable_life);
-	    return 1;
-	}
-    }
-
-    if (expiration) {
-	if (parse_timet (expiration, &ent->princ_expire_time, 
-			mask, KADM5_PRINC_EXPIRE_TIME)) {
-	    krb5_warnx (context, "unable to parse `%s'", expiration);
-	    return 1;
-	}
-    }
-    if (pw_expiration) {
-	if (parse_timet (pw_expiration, &ent->pw_expiration, 
-			 mask, KADM5_PW_EXPIRATION)) {
-	    krb5_warnx (context, "unable to parse `%s'", pw_expiration);
-	    return 1;
-	}
-    }
-    if (attributes != NULL) {
-	if (parse_attributes (attributes, &ent->attributes, 
-			      mask, KADM5_ATTRIBUTES)) {
-	    krb5_warnx (context, "unable to parse `%s'", attributes);
-	    return 1;
-	}
-    }
-    return 0;
-}
-
-/*
- * Does `string' contain any globing characters?
- */
-
-static int
-is_expression(const char *string)
-{
-    const char *p;
-    int quote = 0;
-
-    for(p = string; *p; p++) {
-	if(quote) {
-	    quote = 0;
-	    continue;
-	}
-	if(*p == '\\')
-	    quote++;
-	else if(strchr("[]*?", *p) != NULL) 
-	    return 1;
-    }
-    return 0;
-}
-
-/*
- * Loop over all principals matching exp.  If any of calls to `func'
- * failes, the first error is returned when all principals are
- * processed.
- */
-int
-foreach_principal(const char *exp_str, 
-		  int (*func)(krb5_principal, void*), 
-		  const char *funcname,
-		  void *data)
-{
-    char **princs;
-    int num_princs;
-    int i;
-    krb5_error_code saved_ret = 0, ret = 0;
-    krb5_principal princ_ent;
-    int is_expr;
-
-    /* if this isn't an expression, there is no point in wading
-       through the whole database looking for matches */
-    is_expr = is_expression(exp_str);
-    if(is_expr)
-	ret = kadm5_get_principals(kadm_handle, exp_str, &princs, &num_princs);
-    if(!is_expr || ret == KADM5_AUTH_LIST) {
-	/* we might be able to perform the requested opreration even
-           if we're not allowed to list principals */
-	num_princs = 1;
-	princs = malloc(sizeof(*princs));
-	if(princs == NULL)
-	    return ENOMEM;
-	princs[0] = strdup(exp_str);
-	if(princs[0] == NULL){ 
-	    free(princs);
-	    return ENOMEM;
-	}
-    } else if(ret) {
-	krb5_warn(context, ret, "kadm5_get_principals");
-	return ret;
-    }
-    for(i = 0; i < num_princs; i++) {
-	ret = krb5_parse_name(context, princs[i], &princ_ent);
-	if(ret){
-	    krb5_warn(context, ret, "krb5_parse_name(%s)", princs[i]);
-	    continue;
-	}
-	ret = (*func)(princ_ent, data);
-	if(ret) {
-	    krb5_clear_error_string(context);
-	    krb5_warn(context, ret, "%s %s", funcname, princs[i]);
-	    if (saved_ret == 0)
-		saved_ret = ret;
-	}
-	krb5_free_principal(context, princ_ent);
-    }
-    if (ret == 0 && saved_ret != 0)
-	ret = saved_ret;
-    kadm5_free_name_list(kadm_handle, princs, &num_princs);
-    return ret;
-}
-
-/*
- * prompt with `prompt' and default value `def', and store the reply
- * in `buf, len'
- */
-
-#include <setjmp.h>
-
-static jmp_buf jmpbuf;
-
-static void
-interrupt(int sig)
-{
-    longjmp(jmpbuf, 1);
-}
-
-static int
-get_response(const char *prompt, const char *def, char *buf, size_t len)
-{
-    char *p;
-    void (*osig)(int);
-
-    osig = signal(SIGINT, interrupt);
-    if(setjmp(jmpbuf)) {
-	signal(SIGINT, osig);
-	fprintf(stderr, "\n");
-	return 1;
-    }
-
-    fprintf(stderr, "%s [%s]:", prompt, def);
-    if(fgets(buf, len, stdin) == NULL) {
-	int save_errno = errno;
-	if(ferror(stdin))
-	    krb5_err(context, 1, save_errno, "<stdin>");
-	signal(SIGINT, osig);
-	return 1;
-    }
-    p = strchr(buf, '\n');
-    if(p)
-	*p = '\0';
-    if(strcmp(buf, "") == 0)
-	strlcpy(buf, def, len);
-    signal(SIGINT, osig);
-    return 0;
-}
-
-/*
- * return [0, 16) or -1
- */
-
-static int
-hex2n (char c)
-{
-    static char hexdigits[] = "0123456789abcdef";
-    const char *p;
-
-    p = strchr (hexdigits, tolower((unsigned char)c));
-    if (p == NULL)
-	return -1;
-    else
-	return p - hexdigits;
-}
-
-/*
- * convert a key in a readable format into a keyblock.
- * return 0 iff succesful, otherwise `err' should point to an error message
- */
-
-int
-parse_des_key (const char *key_string, krb5_key_data *key_data,
-	       const char **error)
-{
-    const char *p = key_string;
-    unsigned char bits[8];
-    int i;
-
-    if (strlen (key_string) != 16) {
-	*error = "bad length, should be 16 for DES key";
-	return 1;
-    }
-    for (i = 0; i < 8; ++i) {
-	int d1, d2;
-
-	d1 = hex2n(p[2 * i]);
-	d2 = hex2n(p[2 * i + 1]);
-	if (d1 < 0 || d2 < 0) {
-	    *error = "non-hex character";
-	    return 1;
-	}
-	bits[i] = (d1 << 4) | d2;
-    }
-    for (i = 0; i < 3; ++i) {
-	key_data[i].key_data_ver  = 2;
-	key_data[i].key_data_kvno = 0;
-	/* key */
-	key_data[i].key_data_type[0]     = ETYPE_DES_CBC_CRC;
-	key_data[i].key_data_length[0]   = 8;
-	key_data[i].key_data_contents[0] = malloc(8);
-	if (key_data[i].key_data_contents[0] == NULL) {
-	    *error = "malloc";
-	    return ENOMEM;
-	}
-	memcpy (key_data[i].key_data_contents[0], bits, 8);
-	/* salt */
-	key_data[i].key_data_type[1]     = KRB5_PW_SALT;
-	key_data[i].key_data_length[1]   = 0;
-	key_data[i].key_data_contents[1] = NULL;
-    }
-    key_data[0].key_data_type[0] = ETYPE_DES_CBC_MD5;
-    key_data[1].key_data_type[0] = ETYPE_DES_CBC_MD4;
-    return 0;
-}
diff --git a/crypto/heimdal/kadmin/version4.c b/crypto/heimdal/kadmin/version4.c
deleted file mode 100644
index ffa9c07f8582..000000000000
--- a/crypto/heimdal/kadmin/version4.c
+++ /dev/null
@@ -1,1016 +0,0 @@
-/*
- * Copyright (c) 1999 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "kadmin_locl.h"
-#include <krb5-private.h>
-
-#define Principal krb4_Principal
-#define kadm_get krb4_kadm_get
-#undef ALLOC
-#include <krb.h>
-#include <kadm.h>
-#include <krb_err.h>
-#include <kadm_err.h>
-
-RCSID("$Id: version4.c,v 1.29.2.1 2004/04/29 12:29:23 lha Exp $");
-
-#define KADM_NO_OPCODE -1
-#define KADM_NO_ENCRYPT -2
-
-/*
- * make an error packet if we fail encrypting
- */
-
-static void
-make_you_lose_packet(int code, krb5_data *reply)
-{
-    krb5_data_alloc(reply, KADM_VERSIZE + 4);
-    memcpy(reply->data, KADM_ULOSE, KADM_VERSIZE);
-    _krb5_put_int((char*)reply->data + KADM_VERSIZE, code, 4);
-}
-
-static int
-ret_fields(krb5_storage *sp, char *fields)
-{
-    return krb5_storage_read(sp, fields, FLDSZ);
-}
-
-static int
-store_fields(krb5_storage *sp, char *fields)
-{
-    return krb5_storage_write(sp, fields, FLDSZ);
-}
-
-static void
-ret_vals(krb5_storage *sp, Kadm_vals *vals)
-{
-    int field;
-    char *tmp_string;
-
-    memset(vals, 0, sizeof(*vals));
-    
-    ret_fields(sp, vals->fields);
-    
-    for(field = 31; field >= 0; field--) {
-	if(IS_FIELD(field, vals->fields)) {
-	    switch(field) {
-	    case KADM_NAME:
-		krb5_ret_stringz(sp, &tmp_string);
-		strlcpy(vals->name, tmp_string, sizeof(vals->name));
-		free(tmp_string);
-		break;
-	    case KADM_INST:
-		krb5_ret_stringz(sp, &tmp_string);
-		strlcpy(vals->instance, tmp_string, 
-				sizeof(vals->instance));
-		free(tmp_string);
-		break;
-	    case KADM_EXPDATE:
-		krb5_ret_int32(sp, &vals->exp_date);
-		break;
-	    case KADM_ATTR:
-		krb5_ret_int16(sp, &vals->attributes);
-		break;
-	    case KADM_MAXLIFE:
-		krb5_ret_int8(sp, &vals->max_life);
-		break;
-	    case KADM_DESKEY:
-		krb5_ret_int32(sp, &vals->key_high);
-		krb5_ret_int32(sp, &vals->key_low);
-		break;
-#ifdef EXTENDED_KADM
-	    case KADM_MODDATE:
-		krb5_ret_int32(sp, &vals->mod_date);
-		break;
-	    case KADM_MODNAME:
-		krb5_ret_stringz(sp, &tmp_string);
-		strlcpy(vals->mod_name, tmp_string, 
-				sizeof(vals->mod_name));
-		free(tmp_string);
-		break;
-	    case KADM_MODINST:
-		krb5_ret_stringz(sp, &tmp_string);
-		strlcpy(vals->mod_instance, tmp_string, 
-				sizeof(vals->mod_instance));
-		free(tmp_string);
-		break;
-	    case KADM_KVNO:
-		krb5_ret_int8(sp, &vals->key_version);
-		break;
-#endif
-	    default:
-		break;
-	    }
-	}
-    }
-}
-
-static void
-store_vals(krb5_storage *sp, Kadm_vals *vals)
-{
-    int field;
-    
-    store_fields(sp, vals->fields);
-
-    for(field = 31; field >= 0; field--) {
-	if(IS_FIELD(field, vals->fields)) {
-	    switch(field) {
-	    case KADM_NAME:
-		krb5_store_stringz(sp, vals->name);
-		break;
-	    case KADM_INST:
-		krb5_store_stringz(sp, vals->instance);
-		break;
-	    case KADM_EXPDATE:
-		krb5_store_int32(sp, vals->exp_date);
-		break;
-	    case KADM_ATTR:
-		krb5_store_int16(sp, vals->attributes);
-		break;
-	    case KADM_MAXLIFE:
-		krb5_store_int8(sp, vals->max_life);
-		break;
-	    case KADM_DESKEY:
-		krb5_store_int32(sp, vals->key_high);
-		krb5_store_int32(sp, vals->key_low);
-		break;
-#ifdef EXTENDED_KADM
-	    case KADM_MODDATE:
-		krb5_store_int32(sp, vals->mod_date);
-		break;
-	    case KADM_MODNAME:
-		krb5_store_stringz(sp, vals->mod_name);
-		break;
-	    case KADM_MODINST:
-		krb5_store_stringz(sp, vals->mod_instance);
-		break;
-	    case KADM_KVNO:
-		krb5_store_int8(sp, vals->key_version);
-		break;
-#endif
-	    default:
-		break;
-	    }
-	}
-    }
-}
-
-static int
-flags_4_to_5(char *flags)
-{
-    int i;
-    int32_t mask = 0;
-    for(i = 31; i >= 0; i--) {
-	if(IS_FIELD(i, flags))
-	    switch(i) {
-	    case KADM_NAME:
-	    case KADM_INST:
-		mask |= KADM5_PRINCIPAL;
-	    case KADM_EXPDATE:
-		mask |= KADM5_PRINC_EXPIRE_TIME;
-	    case KADM_MAXLIFE:
-		mask |= KADM5_MAX_LIFE;
-#ifdef EXTENDED_KADM
-	    case KADM_KVNO:
-		mask |= KADM5_KEY_DATA;
-	    case KADM_MODDATE:
-		mask |= KADM5_MOD_TIME;
-	    case KADM_MODNAME:
-	    case KADM_MODINST:
-		mask |= KADM5_MOD_NAME;
-#endif
-	    }
-    }
-    return mask;
-}
-
-static void
-ent_to_values(krb5_context context,
-	      kadm5_principal_ent_t ent,
-	      int32_t mask,
-	      Kadm_vals *vals)
-{
-    krb5_error_code ret;
-    char realm[REALM_SZ];
-    time_t exp = 0;
-
-    memset(vals, 0, sizeof(*vals));
-    if(mask & KADM5_PRINCIPAL) {
-	ret = krb5_524_conv_principal(context, ent->principal, 
-				      vals->name, vals->instance, realm);
-	SET_FIELD(KADM_NAME, vals->fields);
-	SET_FIELD(KADM_INST, vals->fields);
-    }
-    if(mask & KADM5_PRINC_EXPIRE_TIME) {
-	if(ent->princ_expire_time != 0)
-	    exp = ent->princ_expire_time;
-    }
-    if(mask & KADM5_PW_EXPIRATION) {
-	if(ent->pw_expiration != 0 && (exp == 0 || exp > ent->pw_expiration))
-	    exp = ent->pw_expiration;
-    }
-    if(exp) {
-	vals->exp_date = exp;
-	SET_FIELD(KADM_EXPDATE, vals->fields);
-    }
-    if(mask & KADM5_MAX_LIFE) {
-	if(ent->max_life == 0)
-	    vals->max_life = 255;
-	else
-	    vals->max_life = krb_time_to_life(0, ent->max_life);
-	SET_FIELD(KADM_MAXLIFE, vals->fields);
-    }
-    if(mask & KADM5_KEY_DATA) {
-	if(ent->n_key_data > 0) {
-#ifdef EXTENDED_KADM
-	vals->key_version = ent->key_data[0].key_data_kvno;
-	SET_FIELD(KADM_KVNO, vals->fields);
-#endif
-	}
-	/* XXX the key itself? */
-    }
-#ifdef EXTENDED_KADM
-    if(mask & KADM5_MOD_TIME) {
-	vals->mod_date = ent->mod_date;
-	SET_FIELD(KADM_MODDATE, vals->fields);
-    }
-    if(mask & KADM5_MOD_NAME) {
-	krb5_524_conv_principal(context, ent->mod_name, 
-				vals->mod_name, vals->mod_instance, realm);
-	SET_FIELD(KADM_MODNAME, vals->fields);
-	SET_FIELD(KADM_MODINST, vals->fields);
-    }
-#endif
-}
-
-/*
- * convert the kadm4 values in `vals' to `ent' (and `mask')
- */
-
-static krb5_error_code
-values_to_ent(krb5_context context,
-	      Kadm_vals *vals, 
-	      kadm5_principal_ent_t ent,
-	      int32_t *mask)
-{
-    krb5_error_code ret;
-    *mask = 0;
-    memset(ent, 0, sizeof(*ent));
-    
-    if(IS_FIELD(KADM_NAME, vals->fields)) {
-	char *inst = NULL;
-	if(IS_FIELD(KADM_INST, vals->fields))
-	    inst = vals->instance;
-	ret = krb5_425_conv_principal(context, 
-				      vals->name,
-				      inst,
-				      NULL,
-				      &ent->principal);
-	if(ret)
-	    return ret;
-	*mask |= KADM5_PRINCIPAL;
-    }
-    if(IS_FIELD(KADM_EXPDATE, vals->fields)) {
-	ent->princ_expire_time = vals->exp_date;
-	*mask |= KADM5_PRINC_EXPIRE_TIME;
-    }
-    if(IS_FIELD(KADM_MAXLIFE, vals->fields)) {
-	ent->max_life = krb_life_to_time(0, vals->max_life);
-	*mask |= KADM5_MAX_LIFE;
-    }
-    
-    if(IS_FIELD(KADM_DESKEY, vals->fields)) {
-	int i;
-	ent->key_data = calloc(3, sizeof(*ent->key_data));
-	if(ent->key_data == NULL)
-	    return ENOMEM;
-	for(i = 0; i < 3; i++) {
-	    u_int32_t key_low, key_high;
-
-	    ent->key_data[i].key_data_ver = 2;
-#ifdef EXTENDED_KADM
-	    if(IS_FIELD(KADM_KVNO, vals->fields))
-		ent->key_data[i].key_data_kvno = vals->key_version;
-#endif
-	    ent->key_data[i].key_data_type[0] = ETYPE_DES_CBC_MD5;
-	    ent->key_data[i].key_data_length[0] = 8;
-	    if((ent->key_data[i].key_data_contents[0] = malloc(8)) == NULL)
-		return ENOMEM;
-
-	    key_low  = ntohl(vals->key_low);
-	    key_high = ntohl(vals->key_high);
-	    memcpy(ent->key_data[i].key_data_contents[0],
-		   &key_low, 4);
-	    memcpy((char*)ent->key_data[i].key_data_contents[0] + 4,
-		   &key_high, 4);
-	    ent->key_data[i].key_data_type[1] = KRB5_PW_SALT;
-	    ent->key_data[i].key_data_length[1] = 0;
-	    ent->key_data[i].key_data_contents[1] = NULL;
-	}
-	ent->key_data[1].key_data_type[0] = ETYPE_DES_CBC_MD4;
-	ent->key_data[2].key_data_type[0] = ETYPE_DES_CBC_CRC;
-	ent->n_key_data = 3;
-	*mask |= KADM5_KEY_DATA;
-    }
-    
-#ifdef EXTENDED_KADM
-    if(IS_FIELD(KADM_MODDATE, vals->fields)) {
-	ent->mod_date = vals->mod_date;
-	*mask |= KADM5_MOD_TIME;
-    }
-    if(IS_FIELD(KADM_MODNAME, vals->fields)) {
-	char *inst = NULL;
-	if(IS_FIELD(KADM_MODINST, vals->fields))
-	    inst = vals->mod_instance;
-	ret = krb5_425_conv_principal(context, 
-				      vals->mod_name,
-				      inst,
-				      NULL,
-				      &ent->mod_name);
-	if(ret)
-	    return ret;
-	*mask |= KADM5_MOD_NAME;
-    }
-#endif
-    return 0;
-}
-
-/*
- * Try to translate a KADM5 error code into a v4 kadmin one.
- */
-
-static int
-error_code(int ret)
-{
-    switch (ret) {
-    case 0:
-	return 0;
-    case KADM5_FAILURE :
-    case KADM5_AUTH_GET :
-    case KADM5_AUTH_ADD :
-    case KADM5_AUTH_MODIFY :
-    case KADM5_AUTH_DELETE :
-    case KADM5_AUTH_INSUFFICIENT :
-	return KADM_UNAUTH;
-    case KADM5_BAD_DB :
-	return KADM_UK_RERROR;
-    case KADM5_DUP :
-	return KADM_INUSE;
-    case KADM5_RPC_ERROR :
-    case KADM5_NO_SRV :
-	return KADM_NO_SERV;
-    case KADM5_NOT_INIT :
-	return KADM_NO_CONN;
-    case KADM5_UNK_PRINC :
-	return KADM_NOENTRY;
-    case KADM5_PASS_Q_TOOSHORT :
-#ifdef KADM_PASS_Q_TOOSHORT
-	return KADM_PASS_Q_TOOSHORT;
-#else
-	return KADM_INSECURE_PW;
-#endif
-    case KADM5_PASS_Q_CLASS :
-#ifdef KADM_PASS_Q_CLASS
-	return KADM_PASS_Q_CLASS;
-#else
-	return KADM_INSECURE_PW;
-#endif
-    case KADM5_PASS_Q_DICT :
-#ifdef KADM_PASS_Q_DICT
-	return KADM_PASS_Q_DICT;
-#else
-	return KADM_INSECURE_PW;
-#endif
-    case KADM5_PASS_REUSE :
-    case KADM5_PASS_TOOSOON :
-    case KADM5_BAD_PASSWORD :
-	return KADM_INSECURE_PW;
-    case KADM5_PROTECT_PRINCIPAL :
-	return KADM_IMMUTABLE;
-    case KADM5_POLICY_REF :
-    case KADM5_INIT :
-    case KADM5_BAD_HIST_KEY :
-    case KADM5_UNK_POLICY :
-    case KADM5_BAD_MASK :
-    case KADM5_BAD_CLASS :
-    case KADM5_BAD_LENGTH :
-    case KADM5_BAD_POLICY :
-    case KADM5_BAD_PRINCIPAL :
-    case KADM5_BAD_AUX_ATTR :
-    case KADM5_BAD_HISTORY :
-    case KADM5_BAD_MIN_PASS_LIFE :
-    case KADM5_BAD_SERVER_HANDLE :
-    case KADM5_BAD_STRUCT_VERSION :
-    case KADM5_OLD_STRUCT_VERSION :
-    case KADM5_NEW_STRUCT_VERSION :
-    case KADM5_BAD_API_VERSION :
-    case KADM5_OLD_LIB_API_VERSION :
-    case KADM5_OLD_SERVER_API_VERSION :
-    case KADM5_NEW_LIB_API_VERSION :
-    case KADM5_NEW_SERVER_API_VERSION :
-    case KADM5_SECURE_PRINC_MISSING :
-    case KADM5_NO_RENAME_SALT :
-    case KADM5_BAD_CLIENT_PARAMS :
-    case KADM5_BAD_SERVER_PARAMS :
-    case KADM5_AUTH_LIST :
-    case KADM5_AUTH_CHANGEPW :
-    case KADM5_BAD_TL_TYPE :
-    case KADM5_MISSING_CONF_PARAMS :
-    case KADM5_BAD_SERVER_NAME :
-    default :
-	return KADM_UNAUTH;	/* XXX */
-    }
-}
-
-/*
- * server functions
- */
-
-static int
-kadm_ser_cpw(krb5_context context,
-	     void *kadm_handle, 
-	     krb5_principal principal, 
-	     const char *principal_string,
-	     krb5_storage *message,
-	     krb5_storage *reply)
-{
-    char key[8];
-    char *password = NULL;
-    krb5_error_code ret;
-    
-    krb5_warnx(context, "v4-compat %s: CHPASS %s",
-	       principal_string, principal_string); 
-
-    ret = krb5_storage_read(message, key + 4, 4);
-    ret = krb5_storage_read(message, key, 4);
-    ret = krb5_ret_stringz(message, &password);
-    
-    if(password) {
-	krb5_data pwd_data;
-	const char *tmp;
-
-	pwd_data.data   = password;
-	pwd_data.length = strlen(password);
-
-	tmp = kadm5_check_password_quality (context, principal, &pwd_data);
-
-	if (tmp != NULL) {
-	    krb5_store_stringz (reply, (char *)tmp);
-	    ret = KADM5_PASS_Q_DICT;
-	    goto fail;
-	}
-	ret = kadm5_chpass_principal(kadm_handle, principal, password);
-    } else {
-	krb5_key_data key_data[3];
-	int i;
-	for(i = 0; i < 3; i++) {
-	    key_data[i].key_data_ver = 2;
-	    key_data[i].key_data_kvno = 0;
-	    /* key */
-	    key_data[i].key_data_type[0] = ETYPE_DES_CBC_CRC;
-	    key_data[i].key_data_length[0] = 8;
-	    key_data[i].key_data_contents[0] = malloc(8);
-	    memcpy(key_data[i].key_data_contents[0], &key, 8);
-	    /* salt */
-	    key_data[i].key_data_type[1] = KRB5_PW_SALT;
-	    key_data[i].key_data_length[1] = 0;
-	    key_data[i].key_data_contents[1] = NULL;
-	}
-	key_data[0].key_data_type[0] = ETYPE_DES_CBC_MD5;
-	key_data[1].key_data_type[0] = ETYPE_DES_CBC_MD4;
-	ret = kadm5_s_chpass_principal_with_key(kadm_handle, 
-						principal, 3, key_data);
-    }
-
-    if(ret != 0) {
-	krb5_store_stringz(reply, (char*)krb5_get_err_text(context, ret));
-	goto fail;
-    }
-    return 0;
-fail:
-    krb5_warn(context, ret, "v4-compat CHPASS");
-    return error_code(ret);
-}
-
-static int
-kadm_ser_add(krb5_context context,
-	     void *kadm_handle, 
-	     krb5_principal principal, 
-	     const char *principal_string,
-	     krb5_storage *message,
-	     krb5_storage *reply)
-{
-    int32_t mask;
-    kadm5_principal_ent_rec ent, out;
-    Kadm_vals values;
-    krb5_error_code ret;
-    char name[128];
-
-    ret_vals(message, &values);
-
-    ret = values_to_ent(context, &values, &ent, &mask);
-    if(ret)
-	goto fail;
-
-    krb5_unparse_name_fixed(context, ent.principal, name, sizeof(name));
-    krb5_warnx(context, "v4-compat %s: ADD %s",
-	       principal_string, name);
-
-    ret = _kadm5_acl_check_permission (kadm_handle, KADM5_PRIV_ADD,
-				       ent.principal);
-    if (ret)
-	goto fail;
-
-    ret = kadm5_s_create_principal_with_key(kadm_handle, &ent, mask);
-    if(ret) {
-	kadm5_free_principal_ent(kadm_handle, &ent);
-	goto fail;
-    }
-
-    mask = KADM5_PRINCIPAL | KADM5_PRINC_EXPIRE_TIME | KADM5_MAX_LIFE |
-	KADM5_KEY_DATA | KADM5_MOD_TIME | KADM5_MOD_NAME;
-    
-    kadm5_get_principal(kadm_handle, ent.principal, &out, mask);
-    ent_to_values(context, &out, mask, &values);
-    kadm5_free_principal_ent(kadm_handle, &ent);
-    kadm5_free_principal_ent(kadm_handle, &out);
-    store_vals(reply, &values);
-    return 0;
-fail:
-    krb5_warn(context, ret, "v4-compat ADD");
-    return error_code(ret);
-}
-
-static int
-kadm_ser_get(krb5_context context,
-	     void *kadm_handle, 
-	     krb5_principal principal, 
-	     const char *principal_string,
-	     krb5_storage *message,
-	     krb5_storage *reply)
-{
-    krb5_error_code ret;
-    Kadm_vals values;
-    kadm5_principal_ent_rec ent, out;
-    int32_t mask;
-    char flags[FLDSZ];
-    char name[128];
-
-    ret_vals(message, &values);
-    /* XXX BRAIN DAMAGE! these flags are not stored in the same order
-       as in the header */
-    krb5_ret_int8(message, &flags[3]);
-    krb5_ret_int8(message, &flags[2]);
-    krb5_ret_int8(message, &flags[1]);
-    krb5_ret_int8(message, &flags[0]);
-    ret = values_to_ent(context, &values, &ent, &mask);
-    if(ret)
-	goto fail;
-
-    krb5_unparse_name_fixed(context, ent.principal, name, sizeof(name));
-    krb5_warnx(context, "v4-compat %s: GET %s",
-	       principal_string, name);
-
-    ret = _kadm5_acl_check_permission (kadm_handle, KADM5_PRIV_GET,
-				       ent.principal);
-    if (ret)
-	goto fail;
-
-    mask = flags_4_to_5(flags);
-
-    ret = kadm5_get_principal(kadm_handle, ent.principal, &out, mask);
-    kadm5_free_principal_ent(kadm_handle, &ent);
-
-    if (ret)
-	goto fail;
-    
-    ent_to_values(context, &out, mask, &values);
-
-    kadm5_free_principal_ent(kadm_handle, &out);
-
-    store_vals(reply, &values);
-    return 0;
-fail:
-    krb5_warn(context, ret, "v4-compat GET");
-    return error_code(ret);
-}
-
-static int
-kadm_ser_mod(krb5_context context,
-	     void *kadm_handle, 
-	     krb5_principal principal, 
-	     const char *principal_string,
-	     krb5_storage *message,
-	     krb5_storage *reply)
-{
-    Kadm_vals values1, values2;
-    kadm5_principal_ent_rec ent, out;
-    int32_t mask;
-    krb5_error_code ret;
-    char name[128];
-    
-    ret_vals(message, &values1);
-    /* why are the old values sent? is the mask the same in the old and
-       the new entry? */
-    ret_vals(message, &values2);
-    
-    ret = values_to_ent(context, &values2, &ent, &mask);
-    if(ret)
-	goto fail;
-
-    krb5_unparse_name_fixed(context, ent.principal, name, sizeof(name));
-    krb5_warnx(context, "v4-compat %s: MOD %s",
-	       principal_string, name);
-
-    ret = _kadm5_acl_check_permission (kadm_handle, KADM5_PRIV_MODIFY,
-				       ent.principal);
-    if (ret)
-	goto fail;
-
-    ret = kadm5_s_modify_principal(kadm_handle, &ent, mask);
-    if(ret) {
-	kadm5_free_principal_ent(kadm_handle, &ent);
-	krb5_warn(context, ret, "kadm5_s_modify_principal");
-	goto fail;
-    }
-
-    ret = kadm5_get_principal(kadm_handle, ent.principal, &out, mask);
-    if(ret) {
-	kadm5_free_principal_ent(kadm_handle, &ent);
-	krb5_warn(context, ret, "kadm5_s_modify_principal");
-	goto fail;
-    }
-
-    ent_to_values(context, &out, mask, &values1);
-
-    kadm5_free_principal_ent(kadm_handle, &ent);
-    kadm5_free_principal_ent(kadm_handle, &out);
-    
-    store_vals(reply, &values1);
-    return 0;
-fail:
-    krb5_warn(context, ret, "v4-compat MOD");
-    return error_code(ret);
-}
-
-static int
-kadm_ser_del(krb5_context context,
-	     void *kadm_handle, 
-	     krb5_principal principal, 
-	     const char *principal_string,
-	     krb5_storage *message,
-	     krb5_storage *reply)
-{
-    Kadm_vals values;
-    kadm5_principal_ent_rec ent;
-    int32_t mask;
-    krb5_error_code ret;
-    char name[128];
-
-    ret_vals(message, &values);
-
-    ret = values_to_ent(context, &values, &ent, &mask);
-    if(ret)
-	goto fail;
-    
-    krb5_unparse_name_fixed(context, ent.principal, name, sizeof(name));
-    krb5_warnx(context, "v4-compat %s: DEL %s",
-	       principal_string, name);
-
-    ret = _kadm5_acl_check_permission (kadm_handle, KADM5_PRIV_DELETE,
-				       ent.principal);
-    if (ret)
-	goto fail;
-
-    ret = kadm5_delete_principal(kadm_handle, ent.principal);
-
-    kadm5_free_principal_ent(kadm_handle, &ent);
-
-    if (ret)
-	goto fail;
-
-    return 0;
-fail:
-    krb5_warn(context, ret, "v4-compat ADD");
-    return error_code(ret);
-}
-
-static int
-dispatch(krb5_context context,
-	 void *kadm_handle,
-	 krb5_principal principal,
-	 const char *principal_string,
-	 krb5_data msg, 
-	 krb5_data *reply)
-{
-    int retval;
-    int8_t command;
-    krb5_storage *sp_in, *sp_out;
-    
-    sp_in = krb5_storage_from_data(&msg);
-    krb5_ret_int8(sp_in, &command);
-    
-    sp_out = krb5_storage_emem();
-    krb5_storage_write(sp_out, KADM_VERSTR, KADM_VERSIZE);
-    krb5_store_int32(sp_out, 0);
-
-    switch(command) {
-    case CHANGE_PW:
-	retval = kadm_ser_cpw(context, kadm_handle, principal,
-			      principal_string,
-			      sp_in, sp_out);
-	break;
-    case ADD_ENT:
-	retval = kadm_ser_add(context, kadm_handle, principal,
-			      principal_string,
-			      sp_in, sp_out);
-	break;
-    case GET_ENT:
-	retval = kadm_ser_get(context, kadm_handle, principal,
-			      principal_string,
-			      sp_in, sp_out);
-	break;
-    case MOD_ENT:
-	retval = kadm_ser_mod(context, kadm_handle, principal,
-			      principal_string,
-			      sp_in, sp_out);
-	break;
-    case DEL_ENT:
-	retval = kadm_ser_del(context, kadm_handle, principal,
-			      principal_string,
-			      sp_in, sp_out);
-	break;
-    default:
-	krb5_warnx(context, "v4-compat %s: unknown opcode: %d",
-		   principal_string, command);
-	retval = KADM_NO_OPCODE;
-	break;
-    }
-    krb5_storage_free(sp_in);
-    if(retval) {
-	krb5_storage_seek(sp_out, KADM_VERSIZE, SEEK_SET);
-	krb5_store_int32(sp_out, retval);
-    }
-    krb5_storage_to_data(sp_out, reply);
-    krb5_storage_free(sp_out);
-    return retval;
-}
-
-/*
- * Decode a v4 kadmin packet in `message' and create a reply in `reply'
- */
-
-static void
-decode_packet(krb5_context context,
-	      krb5_keytab keytab,
-	      struct sockaddr_in *admin_addr,
-	      struct sockaddr_in *client_addr,
-	      krb5_data message,
-	      krb5_data *reply)
-{
-    int ret;
-    KTEXT_ST authent;
-    AUTH_DAT ad;
-    MSG_DAT msg_dat;
-    off_t off = 0;
-    unsigned long rlen;
-    char sname[] = "changepw", sinst[] = "kerberos";
-    unsigned long checksum;
-    des_key_schedule schedule;
-    char *msg = message.data;
-    void *kadm_handle;
-    krb5_principal client;
-    char *client_str;
-    krb5_keytab_entry entry;
-    
-    if(message.length < KADM_VERSIZE + 4
-       || strncmp(msg, KADM_VERSTR, KADM_VERSIZE) != 0) {
-	make_you_lose_packet (KADM_BAD_VER, reply);
-	return;
-    }
-
-    off = KADM_VERSIZE;
-    off += _krb5_get_int(msg + off, &rlen, 4);
-    memset(&authent, 0, sizeof(authent));
-    authent.length = message.length - rlen - KADM_VERSIZE - 4;
-
-    if(rlen > message.length - KADM_VERSIZE - 4
-       || authent.length > MAX_KTXT_LEN) {
-	krb5_warnx(context, "received bad rlen (%lu)", (unsigned long)rlen);
-	make_you_lose_packet (KADM_LENGTH_ERROR, reply);
-	return;
-    }
-
-    memcpy(authent.dat, (char*)msg + off, authent.length);
-    off += authent.length;
-    
-    {
-	krb5_principal principal;
-	krb5_keyblock *key;
-
-	ret = krb5_make_principal(context, &principal, NULL, 
-				  "changepw", "kerberos", NULL);
-	if (ret) {
-	    krb5_warn (context, ret, "krb5_make_principal");
-	    make_you_lose_packet (KADM_NOMEM, reply);
-	    return;
-	}
-	ret = krb5_kt_get_entry (context, keytab, principal, 0,
-				 ETYPE_DES_CBC_MD5, &entry);
-	krb5_kt_close (context, keytab);
-	if (ret) {
-	    krb5_free_principal(context, principal);
-	    make_you_lose_packet (KADM_NO_AUTH, reply);
-	    return;
-	}
-	ret = krb5_copy_keyblock (context, &entry.keyblock,& key);
-	krb5_kt_free_entry(context, &entry);
-	krb5_free_principal(context, principal);
-	if(ret) {
-	    if(ret == KRB5_KT_NOTFOUND)
-		make_you_lose_packet(KADM_NO_AUTH, reply);
-	    else
-		/* XXX */
-		make_you_lose_packet(KADM_NO_AUTH, reply);
-	    krb5_warn(context, ret, "krb5_kt_read_service_key");
-	    return;
-	}
-	
-	if(key->keyvalue.length != 8)
-	    krb5_abortx(context, "key has wrong length (%lu)", 
-			(unsigned long)key->keyvalue.length);
-	krb_set_key(key->keyvalue.data, 0);
-	krb5_free_keyblock(context, key);
-    }
-    
-    ret = krb_rd_req(&authent, sname, sinst, 
-		     client_addr->sin_addr.s_addr, &ad, NULL);
-
-    if(ret) {
-	make_you_lose_packet(ERROR_TABLE_BASE_krb + ret, reply);
-	krb5_warnx(context, "krb_rd_req: %d", ret);
-	return;
-    }
-
-    ret = krb5_425_conv_principal(context, ad.pname, ad.pinst, ad.prealm,
-				  &client);
-    if (ret) {
-	krb5_warnx (context, "krb5_425_conv_principal: %d", ret);
-	make_you_lose_packet (KADM_NOMEM, reply);
-	return;
-    }
-
-    krb5_unparse_name(context, client, &client_str);
-
-    ret = kadm5_init_with_password_ctx(context, 
-				       client_str, 
-				       NULL,
-				       KADM5_ADMIN_SERVICE,
-				       NULL, 0, 0, 
-				       &kadm_handle);
-    if (ret) {
-	krb5_warn (context, ret, "kadm5_init_with_password_ctx");
-	make_you_lose_packet (KADM_NOMEM, reply);
-	goto out;
-    }
-    
-    checksum = des_quad_cksum((void *)(msg + off), NULL, rlen, 0, &ad.session);
-    if(checksum != ad.checksum) {
-	krb5_warnx(context, "decode_packet: bad checksum");
-	make_you_lose_packet (KADM_BAD_CHK, reply);
-	goto out;
-    }
-    des_set_key(&ad.session, schedule);
-    ret = krb_rd_priv(msg + off, rlen, schedule, &ad.session, 
-		      client_addr, admin_addr, &msg_dat);
-    if (ret) {
-	make_you_lose_packet (ERROR_TABLE_BASE_krb + ret, reply);
-	krb5_warnx(context, "krb_rd_priv: %d", ret);
-	goto out;
-    }
-
-    {
-	krb5_data d, r;
-	int retval;
-
-	d.data   = msg_dat.app_data;
-	d.length = msg_dat.app_length;
-	
-	retval = dispatch(context, kadm_handle,
-			  client, client_str, d, &r);
-	krb5_data_alloc(reply, r.length + 26);
-	reply->length = krb_mk_priv(r.data, reply->data, r.length, 
-				    schedule, &ad.session, 
-				    admin_addr, client_addr);
-	if((ssize_t)reply->length < 0) {
-	    make_you_lose_packet(KADM_NO_ENCRYPT, reply);
-	    goto out;
-	}
-    }
-out:
-    krb5_free_principal(context, client);
-    free(client_str);
-}
-
-void
-handle_v4(krb5_context context,
-	  krb5_keytab keytab,
-	  int len,
-	  int fd)
-{
-    int first = 1;
-    struct sockaddr_in admin_addr, client_addr;
-    socklen_t addr_len;
-    krb5_data message, reply;
-    ssize_t n;
-
-    addr_len = sizeof(client_addr);
-    if (getsockname(fd, (struct sockaddr*)&admin_addr, &addr_len) < 0)
-	krb5_errx (context, 1, "getsockname");
-    addr_len = sizeof(client_addr);
-    if (getpeername(fd, (struct sockaddr*)&client_addr, &addr_len) < 0)
-	krb5_errx (context, 1, "getpeername");
-
-    while(1) {
-	doing_useful_work = 0;
-	if(term_flag)
-	    exit(0);
-	if(first) {
-	    if (len < 2)
-		krb5_errx(context, 1, "received too short len (%d < 2)", len);
-	    /* first time around, we have already read len, and two
-               bytes of the version string */
-	    krb5_data_alloc(&message, len);
-	    memcpy(message.data, "KA", 2);
-	    n = krb5_net_read(context, &fd, (char*)message.data + 2,
-			      len - 2);
-	    if (n == 0)
-		exit (0);
-	    if (n < 0)
-		krb5_err (context, 1, errno, "krb5_net_read");
-	    first = 0;
-	} else {
-	    char buf[2];
-	    unsigned long tmp;
-	    ssize_t n;
-
-	    n = krb5_net_read(context, &fd, buf, sizeof(2));
-	    if (n == 0)
-		exit (0);
-	    if (n < 0)
-		krb5_err (context, 1, errno, "krb5_net_read");
-	    _krb5_get_int(buf, &tmp, 2);
-	    krb5_data_alloc(&message, tmp);
-	    n = krb5_net_read(context, &fd, message.data, message.length);
-	    if (n == 0)
-		krb5_errx (context, 1, "EOF in krb5_net_read");
-	    if (n < 0)
-		krb5_err (context, 1, errno, "krb5_net_read");
-	}
-	doing_useful_work = 1;
-	decode_packet(context, keytab, &admin_addr, &client_addr, 
-		      message, &reply);
-	krb5_data_free(&message);
-	{
-	    char buf[2];
-
-	    _krb5_put_int(buf, reply.length, sizeof(buf));
-	    n = krb5_net_write(context, &fd, buf, sizeof(buf));
-	    if (n < 0)
-		krb5_err (context, 1, errno, "krb5_net_write");
-	    n = krb5_net_write(context, &fd, reply.data, reply.length);
-	    if (n < 0)
-		krb5_err (context, 1, errno, "krb5_net_write");
-	    krb5_data_free(&reply);
-	}
-    }
-}
diff --git a/crypto/heimdal/kcm/Makefile.am b/crypto/heimdal/kcm/Makefile.am
deleted file mode 100644
index baf89ac61926..000000000000
--- a/crypto/heimdal/kcm/Makefile.am
+++ /dev/null
@@ -1,44 +0,0 @@
-# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-AM_CPPFLAGS += $(INCLUDE_krb4) $(INCLUDE_hcrypto) -I$(srcdir)/../lib/krb5
-
-libexec_PROGRAMS = kcm
-
-kcm_SOURCES =		\
-	acl.c		\
-	acquire.c	\
-	cache.c		\
-	client.c	\
-	config.c	\
-	connect.c	\
-	cursor.c	\
-	events.c	\
-	glue.c		\
-	headers.h	\
-	kcm_locl.h	\
-	kcm_protos.h	\
-	log.c		\
-	main.c		\
-	protocol.c	\
-	renew.c
-
-$(srcdir)/kcm_protos.h:
-	cd $(srcdir); perl ../cf/make-proto.pl -o kcm_protos.h -q -P comment $(kcm_SOURCES) || rm -f kcm_protos.h
-
-$(kcm_OBJECTS): $(srcdir)/kcm_protos.h
-
-man_MANS = kcm.8
-
-LDADD = $(top_builddir)/lib/hdb/libhdb.la \
-	$(LIB_openldap) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_krb4) \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken) \
-	$(LIB_door_create) \
-	$(LIB_pidfile)
-
-EXTRA_DIST = $(man_MANS)
diff --git a/crypto/heimdal/kcm/Makefile.in b/crypto/heimdal/kcm/Makefile.in
deleted file mode 100644
index c3996df70d65..000000000000
--- a/crypto/heimdal/kcm/Makefile.in
+++ /dev/null
@@ -1,868 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common
-libexec_PROGRAMS = kcm$(EXEEXT)
-subdir = kcm
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-am__installdirs = "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man8dir)"
-libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-PROGRAMS = $(libexec_PROGRAMS)
-am_kcm_OBJECTS = acl.$(OBJEXT) acquire.$(OBJEXT) cache.$(OBJEXT) \
-	client.$(OBJEXT) config.$(OBJEXT) connect.$(OBJEXT) \
-	cursor.$(OBJEXT) events.$(OBJEXT) glue.$(OBJEXT) log.$(OBJEXT) \
-	main.$(OBJEXT) protocol.$(OBJEXT) renew.$(OBJEXT)
-kcm_OBJECTS = $(am_kcm_OBJECTS)
-kcm_LDADD = $(LDADD)
-am__DEPENDENCIES_1 =
-kcm_DEPENDENCIES = $(top_builddir)/lib/hdb/libhdb.la \
-	$(am__DEPENDENCIES_1) $(top_builddir)/lib/krb5/libkrb5.la \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-SOURCES = $(kcm_SOURCES)
-DIST_SOURCES = $(kcm_SOURCES)
-man8dir = $(mandir)/man8
-MANS = $(man_MANS)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
-	$(INCLUDE_krb4) $(INCLUDE_hcrypto) -I$(srcdir)/../lib/krb5
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-kcm_SOURCES = \
-	acl.c		\
-	acquire.c	\
-	cache.c		\
-	client.c	\
-	config.c	\
-	connect.c	\
-	cursor.c	\
-	events.c	\
-	glue.c		\
-	headers.h	\
-	kcm_locl.h	\
-	kcm_protos.h	\
-	log.c		\
-	main.c		\
-	protocol.c	\
-	renew.c
-
-man_MANS = kcm.8
-LDADD = $(top_builddir)/lib/hdb/libhdb.la \
-	$(LIB_openldap) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_krb4) \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken) \
-	$(LIB_door_create) \
-	$(LIB_pidfile)
-
-EXTRA_DIST = $(man_MANS)
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps kcm/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps kcm/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-install-libexecPROGRAMS: $(libexec_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)"
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(libexecdir)/$$f'"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(libexecdir)/$$f" || exit 1; \
-	  else :; fi; \
-	done
-
-uninstall-libexecPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f '$(DESTDIR)$(libexecdir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(libexecdir)/$$f"; \
-	done
-
-clean-libexecPROGRAMS:
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-kcm$(EXEEXT): $(kcm_OBJECTS) $(kcm_DEPENDENCIES) 
-	@rm -f kcm$(EXEEXT)
-	$(LINK) $(kcm_OBJECTS) $(kcm_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-man8: $(man8_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    8*) ;; \
-	    *) ext='8' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
-	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
-	done
-uninstall-man8:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    8*) ;; \
-	    *) ext='8' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
-	  rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-installdirs:
-	for dir in "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man8dir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libexecPROGRAMS clean-libtool \
-	mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am: install-libexecPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man: install-man8
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-libexecPROGRAMS uninstall-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-uninstall-man: uninstall-man8
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
-	clean clean-generic clean-libexecPROGRAMS clean-libtool ctags \
-	dist-hook distclean distclean-compile distclean-generic \
-	distclean-libtool distclean-tags distdir dvi dvi-am html \
-	html-am info info-am install install-am install-data \
-	install-data-am install-data-hook install-dvi install-dvi-am \
-	install-exec install-exec-am install-exec-hook install-html \
-	install-html-am install-info install-info-am \
-	install-libexecPROGRAMS install-man install-man8 install-pdf \
-	install-pdf-am install-ps install-ps-am install-strip \
-	installcheck installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-hook \
-	uninstall-libexecPROGRAMS uninstall-man uninstall-man8
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-$(srcdir)/kcm_protos.h:
-	cd $(srcdir); perl ../cf/make-proto.pl -o kcm_protos.h -q -P comment $(kcm_SOURCES) || rm -f kcm_protos.h
-
-$(kcm_OBJECTS): $(srcdir)/kcm_protos.h
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/kcm/acl.c b/crypto/heimdal/kcm/acl.c
deleted file mode 100644
index 1b96204bd959..000000000000
--- a/crypto/heimdal/kcm/acl.c
+++ /dev/null
@@ -1,180 +0,0 @@
-/*
- * Copyright (c) 2005, PADL Software Pty Ltd.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of PADL Software nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kcm_locl.h"
-
-RCSID("$Id: acl.c 20472 2007-04-20 10:43:25Z lha $");
-
-krb5_error_code
-kcm_access(krb5_context context,
-	   kcm_client *client,
-	   kcm_operation opcode,
-	   kcm_ccache ccache)
-{
-    int read_p = 0;
-    int write_p = 0;
-    uint16_t mask;
-    krb5_error_code ret;
-
-    KCM_ASSERT_VALID(ccache);
-
-    switch (opcode) {
-    case KCM_OP_INITIALIZE:
-    case KCM_OP_DESTROY:
-    case KCM_OP_STORE:
-    case KCM_OP_REMOVE_CRED:
-    case KCM_OP_SET_FLAGS:
-    case KCM_OP_CHOWN:
-    case KCM_OP_CHMOD:
-    case KCM_OP_GET_INITIAL_TICKET:
-    case KCM_OP_GET_TICKET:
-	write_p = 1;
-	read_p = 0;
-	break;
-    case KCM_OP_NOOP:
-    case KCM_OP_GET_NAME:
-    case KCM_OP_RESOLVE:
-    case KCM_OP_GEN_NEW:
-    case KCM_OP_RETRIEVE:
-    case KCM_OP_GET_PRINCIPAL:
-    case KCM_OP_GET_FIRST:
-    case KCM_OP_GET_NEXT:
-    case KCM_OP_END_GET:
-    case KCM_OP_MAX:
-	write_p = 0;
-	read_p = 1;
-	break;
-    }
-
-    if (ccache->flags & KCM_FLAGS_OWNER_IS_SYSTEM) {
-	/* System caches cannot be reinitialized or destroyed by users */
-	if (opcode == KCM_OP_INITIALIZE ||
-	    opcode == KCM_OP_DESTROY ||
-	    opcode == KCM_OP_REMOVE_CRED) {
-	    ret = KRB5_FCC_PERM;
-	    goto out;
-	}
-
-	/* Let root always read system caches */
-	if (client->uid == 0) {
-	    ret = 0;
-	    goto out;
-	}
-    }
-
-    mask = 0;
-
-    /* Root may do whatever they like */
-    if (client->uid == ccache->uid || CLIENT_IS_ROOT(client)) {
-	if (read_p)
-	    mask |= S_IRUSR;
-	if (write_p)
-	    mask |= S_IWUSR;
-    } else if (client->gid == ccache->gid || CLIENT_IS_ROOT(client)) {
-	if (read_p)
-	    mask |= S_IRGRP;
-	if (write_p)
-	    mask |= S_IWGRP;
-    } else {
-	if (read_p)
-	    mask |= S_IROTH;
-	if (write_p)
-	    mask |= S_IWOTH;
-    }
-
-    ret = ((ccache->mode & mask) == mask) ? 0 : KRB5_FCC_PERM;
-
-out:
-    if (ret) {
-	kcm_log(2, "Process %d is not permitted to call %s on cache %s",
-		client->pid, kcm_op2string(opcode), ccache->name);
-    }
-
-    return ret;
-}
-
-krb5_error_code
-kcm_chmod(krb5_context context,
-	  kcm_client *client,
-	  kcm_ccache ccache,
-	  uint16_t mode)
-{
-    KCM_ASSERT_VALID(ccache);
-
-    /* System cache mode can only be set at startup */
-    if (ccache->flags & KCM_FLAGS_OWNER_IS_SYSTEM)
-	return KRB5_FCC_PERM;
-
-    if (ccache->uid != client->uid)
-	return KRB5_FCC_PERM;
-
-    if (ccache->gid != client->gid)
-	return KRB5_FCC_PERM;
-
-    HEIMDAL_MUTEX_lock(&ccache->mutex);
-
-    ccache->mode = mode;
-
-    HEIMDAL_MUTEX_unlock(&ccache->mutex);
-
-    return 0;
-}
-
-krb5_error_code
-kcm_chown(krb5_context context,
-	  kcm_client *client,
-	  kcm_ccache ccache,
-	  uid_t uid,
-	  gid_t gid)
-{
-    KCM_ASSERT_VALID(ccache);
-
-    /* System cache owner can only be set at startup */
-    if (ccache->flags & KCM_FLAGS_OWNER_IS_SYSTEM)
-	return KRB5_FCC_PERM;
-
-    if (ccache->uid != client->uid)
-	return KRB5_FCC_PERM;
-
-    if (ccache->gid != client->gid)
-	return KRB5_FCC_PERM;
-
-    HEIMDAL_MUTEX_lock(&ccache->mutex);
-
-    ccache->uid = uid;
-    ccache->gid = gid;
-
-    HEIMDAL_MUTEX_unlock(&ccache->mutex);
-
-    return 0;
-}
-
diff --git a/crypto/heimdal/kcm/acquire.c b/crypto/heimdal/kcm/acquire.c
deleted file mode 100644
index 416881a3a13b..000000000000
--- a/crypto/heimdal/kcm/acquire.c
+++ /dev/null
@@ -1,531 +0,0 @@
-/*
- * Copyright (c) 2005, PADL Software Pty Ltd.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of PADL Software nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kcm_locl.h"
-
-RCSID("$Id: acquire.c 22118 2007-12-03 21:44:00Z lha $");
-
-static krb5_error_code
-change_pw_and_update_keytab(krb5_context context, kcm_ccache ccache);
-
-/*
- * Get a new ticket using a keytab/cached key and swap it into
- * an existing redentials cache
- */
-
-krb5_error_code
-kcm_ccache_acquire(krb5_context context,
-		   kcm_ccache ccache,
-		   krb5_creds **credp)
-{
-    krb5_error_code ret = 0;
-    krb5_creds cred;
-    krb5_const_realm realm;
-    krb5_get_init_creds_opt opt;
-    krb5_ccache_data ccdata;
-    char *in_tkt_service = NULL;
-    int done = 0;
-
-    memset(&cred, 0, sizeof(cred));
-
-    KCM_ASSERT_VALID(ccache);
-
-    /* We need a cached key or keytab to acquire credentials */
-    if (ccache->flags & KCM_FLAGS_USE_CACHED_KEY) {
-	if (ccache->key.keyblock.keyvalue.length == 0)
-	    krb5_abortx(context,
-			"kcm_ccache_acquire: KCM_FLAGS_USE_CACHED_KEY without key");
-    } else if (ccache->flags & KCM_FLAGS_USE_KEYTAB) {
-	if (ccache->key.keytab == NULL)
-	    krb5_abortx(context,
-			"kcm_ccache_acquire: KCM_FLAGS_USE_KEYTAB without keytab");
-    } else {
-	kcm_log(0, "Cannot acquire initial credentials for cache %s without key",
-		ccache->name);
-	return KRB5_FCC_INTERNAL;
-    }
-	
-    HEIMDAL_MUTEX_lock(&ccache->mutex);
-
-    /* Fake up an internal ccache */
-    kcm_internal_ccache(context, ccache, &ccdata);
-
-    /* Now, actually acquire the creds */
-    if (ccache->server != NULL) {
-	ret = krb5_unparse_name(context, ccache->server, &in_tkt_service);
-	if (ret) {
-	    kcm_log(0, "Failed to unparse service principal name for cache %s: %s",
-		    ccache->name, krb5_get_err_text(context, ret));
-	    return ret;
-	}
-    }
-
-    realm = krb5_principal_get_realm(context, ccache->client);
-
-    krb5_get_init_creds_opt_init(&opt);
-    krb5_get_init_creds_opt_set_default_flags(context, "kcm", realm, &opt);
-    if (ccache->tkt_life != 0)
-	krb5_get_init_creds_opt_set_tkt_life(&opt, ccache->tkt_life);
-    if (ccache->renew_life != 0)
-	krb5_get_init_creds_opt_set_renew_life(&opt, ccache->renew_life);
-
-    if (ccache->flags & KCM_FLAGS_USE_CACHED_KEY) {
-	ret = krb5_get_init_creds_keyblock(context,
-					   &cred,
-					   ccache->client,
-					   &ccache->key.keyblock,
-					   0,
-					   in_tkt_service,
-					   &opt);
-    } else {
-	/* loosely based on lib/krb5/init_creds_pw.c */
-	while (!done) {
-	    ret = krb5_get_init_creds_keytab(context,
-					     &cred,
-					     ccache->client,
-					     ccache->key.keytab,
-					     0,
-					     in_tkt_service,
-					     &opt);
-	    switch (ret) {
-	    case KRB5KDC_ERR_KEY_EXPIRED:
-		if (in_tkt_service != NULL &&
-		    strcmp(in_tkt_service, "kadmin/changepw") == 0) {
-		    goto out;
-		}
-
-		ret = change_pw_and_update_keytab(context, ccache);
-		if (ret)
-		    goto out;
-		break;
-	    case 0:
-	    default:
-		done = 1;
-		break;
-	    }
-	}
-    }
-
-    if (ret) {
-	kcm_log(0, "Failed to acquire credentials for cache %s: %s",
-		ccache->name, krb5_get_err_text(context, ret));
-	if (in_tkt_service != NULL)
-	    free(in_tkt_service);
-	goto out;
-    }
-
-    if (in_tkt_service != NULL)
-	free(in_tkt_service);
-
-    /* Swap them in */
-    kcm_ccache_remove_creds_internal(context, ccache);
-
-    ret = kcm_ccache_store_cred_internal(context, ccache, &cred, 0, credp);
-    if (ret) {
-	kcm_log(0, "Failed to store credentials for cache %s: %s",
-		ccache->name, krb5_get_err_text(context, ret));
-	krb5_free_cred_contents(context, &cred);
-	goto out;
-    }
-
-out:
-    HEIMDAL_MUTEX_unlock(&ccache->mutex);
-
-    return ret;
-}
-
-static krb5_error_code
-change_pw(krb5_context context,
-	  kcm_ccache ccache,
-	  char *cpn,
-	  char *newpw)
-{
-    krb5_error_code ret;
-    krb5_creds cpw_cred;
-    int result_code;
-    krb5_data result_code_string;
-    krb5_data result_string;
-    krb5_get_init_creds_opt options;
-
-    memset(&cpw_cred, 0, sizeof(cpw_cred));
-
-    krb5_get_init_creds_opt_init(&options);
-    krb5_get_init_creds_opt_set_tkt_life(&options, 60);
-    krb5_get_init_creds_opt_set_forwardable(&options, FALSE);
-    krb5_get_init_creds_opt_set_proxiable(&options, FALSE);
-
-    krb5_data_zero(&result_code_string);
-    krb5_data_zero(&result_string);
-
-    ret = krb5_get_init_creds_keytab(context,
-				     &cpw_cred,
-				     ccache->client,
-				     ccache->key.keytab,
-				     0,
-				     "kadmin/changepw",
-				     &options);
-    if (ret) {
-	kcm_log(0, "Failed to acquire password change credentials "
-		"for principal %s: %s", 
-		cpn, krb5_get_err_text(context, ret));
-	goto out;
-    }
-
-    ret = krb5_set_password(context,
-			    &cpw_cred,
-			    newpw,
-			    ccache->client,
-			    &result_code,
-			    &result_code_string,
-			    &result_string);
-    if (ret) {
-	kcm_log(0, "Failed to change password for principal %s: %s",
-		cpn, krb5_get_err_text(context, ret));
-	goto out;
-    }
-
-    if (result_code) {
-	kcm_log(0, "Failed to change password for principal %s: %.*s",
-		cpn,
-		(int)result_string.length,
-		result_string.length > 0 ? (char *)result_string.data : "");
-	goto out;
-    }
-
-out:
-    krb5_data_free(&result_string);
-    krb5_data_free(&result_code_string);
-    krb5_free_cred_contents(context, &cpw_cred);
-
-    return ret;
-}
-
-struct kcm_keyseed_data {
-    krb5_salt salt;
-    const char *password;
-};
-
-static krb5_error_code
-kcm_password_key_proc(krb5_context context,
-		      krb5_enctype etype,
-		      krb5_salt salt,
-		      krb5_const_pointer keyseed,
-		      krb5_keyblock **key)
-{
-    krb5_error_code ret;
-    struct kcm_keyseed_data *s = (struct kcm_keyseed_data *)keyseed;
-
-    /* we may be called multiple times */
-    krb5_free_salt(context, s->salt);
-    krb5_data_zero(&s->salt.saltvalue);
-
-    /* stash the salt */
-    s->salt.salttype = salt.salttype;
-
-    ret = krb5_data_copy(&s->salt.saltvalue,
-		         salt.saltvalue.data,
-			 salt.saltvalue.length);
-    if (ret)
-	return ret;
-
-    *key = (krb5_keyblock *)malloc(sizeof(**key));
-    if (*key == NULL) {
-	return ENOMEM;
-    }
-
-    ret = krb5_string_to_key_salt(context, etype, s->password,
-				  s->salt, *key);
-    if (ret) {
-	free(*key);
-	*key = NULL;
-    }
-
-    return ret;
-}
-
-static krb5_error_code
-get_salt_and_kvno(krb5_context context,
-		  kcm_ccache ccache,
-		  krb5_enctype *etypes,
-		  char *cpn,
-		  char *newpw,
-		  krb5_salt *salt,
-		  unsigned *kvno)
-{
-    krb5_error_code ret;
-    krb5_creds creds;
-    krb5_ccache_data ccdata;
-    krb5_flags options = 0;
-    krb5_kdc_rep reply;
-    struct kcm_keyseed_data s;
-
-    memset(&creds, 0, sizeof(creds));
-    memset(&reply, 0, sizeof(reply));
-
-    s.password = NULL;
-    s.salt.salttype = (int)ETYPE_NULL;
-    krb5_data_zero(&s.salt.saltvalue);
-
-    *kvno = 0;
-    kcm_internal_ccache(context, ccache, &ccdata);
-    s.password = newpw;
-
-    /* Do an AS-REQ to determine salt and key version number */
-    ret = krb5_copy_principal(context, ccache->client, &creds.client);
-    if (ret)
-	return ret;
-
-    /* Yes, get a ticket to ourselves */
-    ret = krb5_copy_principal(context, ccache->client, &creds.server);
-    if (ret) {
-	krb5_free_principal(context, creds.client);
-	return ret;
-    }
-	
-    ret = krb5_get_in_tkt(context,
-			  options,
-			  NULL,
-			  etypes,
-			  NULL,
-			  kcm_password_key_proc,
-			  &s,
-			  NULL,
-			  NULL,
-			  &creds,
-			  &ccdata,
-			  &reply);
-    if (ret) {
-	kcm_log(0, "Failed to get self ticket for principal %s: %s",
-		cpn, krb5_get_err_text(context, ret));
-	krb5_free_salt(context, s.salt);
-    } else {
-	*salt = s.salt; /* retrieve stashed salt */
-	if (reply.kdc_rep.enc_part.kvno != NULL)
-	    *kvno = *(reply.kdc_rep.enc_part.kvno);
-    }
-    /* ccache may have been modified but it will get trashed anyway */
-
-    krb5_free_cred_contents(context, &creds);
-    krb5_free_kdc_rep(context, &reply);
-
-    return ret;
-}
-
-static krb5_error_code
-update_keytab_entry(krb5_context context,
-		    kcm_ccache ccache,
-		    krb5_enctype etype,
-		    char *cpn,
-		    char *spn,
-		    char *newpw,
-		    krb5_salt salt,
-		    unsigned kvno)
-{
-    krb5_error_code ret;
-    krb5_keytab_entry entry;
-    krb5_data pw;
-
-    memset(&entry, 0, sizeof(entry));
-
-    pw.data = (char *)newpw;
-    pw.length = strlen(newpw);
-
-    ret = krb5_string_to_key_data_salt(context, etype, pw,
-				       salt, &entry.keyblock);
-    if (ret) {
-	kcm_log(0, "String to key conversion failed for principal %s "
-		"and etype %d: %s",
-		cpn, etype, krb5_get_err_text(context, ret)); 
-	return ret;
-    }
-
-    if (spn == NULL) {
-	ret = krb5_copy_principal(context, ccache->client,
-				  &entry.principal);
-	if (ret) {
-	    kcm_log(0, "Failed to copy principal name %s: %s",
-		    cpn, krb5_get_err_text(context, ret));
-	    return ret;
-	}
-    } else {
-	ret = krb5_parse_name(context, spn, &entry.principal);
-	if (ret) {
-	    kcm_log(0, "Failed to parse SPN alias %s: %s",
-		    spn, krb5_get_err_text(context, ret));
-	    return ret;
-	}
-    }
-
-    entry.vno = kvno;
-    entry.timestamp = time(NULL);
-
-    ret = krb5_kt_add_entry(context, ccache->key.keytab, &entry);
-    if (ret) {
-	kcm_log(0, "Failed to update keytab for principal %s "
-		"and etype %d: %s",
-		cpn, etype, krb5_get_err_text(context, ret));
-    }
-
-    krb5_kt_free_entry(context, &entry);
-
-    return ret; 
-}
-
-static krb5_error_code
-update_keytab_entries(krb5_context context,
-		      kcm_ccache ccache,
-		      krb5_enctype *etypes,
-		      char *cpn,
-		      char *spn,
-		      char *newpw,
-		      krb5_salt salt,
-		      unsigned kvno)
-{
-    krb5_error_code ret = 0;
-    int i;
-
-    for (i = 0; etypes[i] != ETYPE_NULL; i++) {
-	ret = update_keytab_entry(context, ccache, etypes[i],
-				  cpn, spn, newpw, salt, kvno);
-	if (ret)
-	    break;
-    }
-
-    return ret;
-}
-
-static void
-generate_random_pw(krb5_context context,
-		   char *buf,
-		   size_t bufsiz)
-{
-    unsigned char x[512], *p;
-    size_t i;
-
-    memset(x, 0, sizeof(x));
-    krb5_generate_random_block(x, sizeof(x));
-    p = x;
-
-    for (i = 0; i < bufsiz; i++) {
-	while (isprint(*p) == 0)
-	    p++;
-
-	if (p - x >= sizeof(x)) {
-	    krb5_generate_random_block(x, sizeof(x));
-	    p = x;
-	}
-	buf[i] = (char)*p++;
-    }
-    buf[bufsiz - 1] = '\0';
-    memset(x, 0, sizeof(x));
-}
-
-static krb5_error_code
-change_pw_and_update_keytab(krb5_context context,
-			    kcm_ccache ccache)
-{
-    char newpw[121];
-    krb5_error_code ret;
-    unsigned kvno;
-    krb5_salt salt;
-    krb5_enctype *etypes = NULL;
-    int i;
-    char *cpn = NULL;
-    char **spns = NULL;
-
-    krb5_data_zero(&salt.saltvalue);
-
-    ret = krb5_unparse_name(context, ccache->client, &cpn);
-    if (ret) {
-	kcm_log(0, "Failed to unparse name: %s",
-		krb5_get_err_text(context, ret));
-	goto out;
-    }
-
-    ret = krb5_get_default_in_tkt_etypes(context, &etypes);
-    if (ret) {
-	kcm_log(0, "Failed to determine default encryption types: %s",
-		krb5_get_err_text(context, ret));
-	goto out;
-    }
-
-    /* Generate a random password (there is no set keys protocol) */
-    generate_random_pw(context, newpw, sizeof(newpw));
-
-    /* Change it */
-    ret = change_pw(context, ccache, cpn, newpw);
-    if (ret)
-	goto out;
-
-    /* Do an AS-REQ to determine salt and key version number */
-    ret = get_salt_and_kvno(context, ccache, etypes, cpn, newpw,
-			    &salt, &kvno);
-    if (ret) {
-	kcm_log(0, "Failed to determine salting principal for principal %s: %s",
-		cpn, krb5_get_err_text(context, ret));
-	goto out;
-    }
-
-    /* Add canonical name */
-    ret = update_keytab_entries(context, ccache, etypes, cpn,
-				NULL, newpw, salt, kvno);
-    if (ret)
-	goto out;
-
-    /* Add SPN aliases, if any */
-    spns = krb5_config_get_strings(context, NULL, "kcm",
-				   "system_ccache", "spn_aliases", NULL);
-    if (spns != NULL) {
-	for (i = 0; spns[i] != NULL; i++) {
-	    ret = update_keytab_entries(context, ccache, etypes, cpn,
-					spns[i], newpw, salt, kvno);
-	    if (ret)
-		goto out;
-	}
-    }
-
-    kcm_log(0, "Changed expired password for principal %s in cache %s",
-	    cpn, ccache->name);
-
-out:
-    if (cpn != NULL)
-	free(cpn);
-    if (spns != NULL)
-	krb5_config_free_strings(spns);
-    if (etypes != NULL)
-	free(etypes);
-    krb5_free_salt(context, salt);
-    memset(newpw, 0, sizeof(newpw));
-
-    return ret;
-}
-
diff --git a/crypto/heimdal/kcm/cache.c b/crypto/heimdal/kcm/cache.c
deleted file mode 100644
index aeb30cca1fe9..000000000000
--- a/crypto/heimdal/kcm/cache.c
+++ /dev/null
@@ -1,636 +0,0 @@
-/*
- * Copyright (c) 2005, PADL Software Pty Ltd.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of PADL Software nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kcm_locl.h"
-
-RCSID("$Id: cache.c 14566 2005-02-06 01:22:49Z lukeh $");
-
-static HEIMDAL_MUTEX ccache_mutex = HEIMDAL_MUTEX_INITIALIZER;
-static kcm_ccache_data *ccache_head = NULL;
-static unsigned int ccache_nextid = 0; 
-
-char *kcm_ccache_nextid(pid_t pid, uid_t uid, gid_t gid)
-{
-    unsigned n;
-    char *name;
-
-    HEIMDAL_MUTEX_lock(&ccache_mutex);
-    n = ++ccache_nextid;
-    HEIMDAL_MUTEX_unlock(&ccache_mutex);
-
-    asprintf(&name, "%d:%u", uid, n);
-
-    return name;
-}
-
-static krb5_error_code
-kcm_ccache_resolve_internal(krb5_context context,
-			    const char *name,
-			    kcm_ccache *ccache)
-{
-    kcm_ccache p;
-    krb5_error_code ret;
-
-    *ccache = NULL;
-
-    ret = KRB5_FCC_NOFILE;
-
-    HEIMDAL_MUTEX_lock(&ccache_mutex);
-
-    for (p = ccache_head; p != NULL; p = p->next) {
-	if ((p->flags & KCM_FLAGS_VALID) == 0)
-	    continue;
-	if (strcmp(p->name, name) == 0) {
-	    ret = 0;
-	    break;
-	}
-    }
-
-    if (ret == 0) {
-	kcm_retain_ccache(context, p);
-	*ccache = p;
-    }
-
-    HEIMDAL_MUTEX_unlock(&ccache_mutex);
-
-    return ret;
-}
-
-krb5_error_code kcm_debug_ccache(krb5_context context)
-{
-    kcm_ccache p;
-
-    for (p = ccache_head; p != NULL; p = p->next) {
-	char *cpn = NULL, *spn = NULL;
-	int ncreds = 0;
-	struct kcm_creds *k;
-
-	if ((p->flags & KCM_FLAGS_VALID) == 0) {
-	    kcm_log(7, "cache %08x: empty slot");
-	    continue;
-	}
-
-	KCM_ASSERT_VALID(p);
-
-	for (k = p->creds; k != NULL; k = k->next)
-	    ncreds++;
-
-	if (p->client != NULL)
-	    krb5_unparse_name(context, p->client, &cpn);
-	if (p->server != NULL)
-	    krb5_unparse_name(context, p->server, &spn);
-	
-	kcm_log(7, "cache %08x: name %s refcnt %d flags %04x mode %04o "
-		"uid %d gid %d client %s server %s ncreds %d",
-		p, p->name, p->refcnt, p->flags, p->mode, p->uid, p->gid,
-		(cpn == NULL) ? "<none>" : cpn,
-		(spn == NULL) ? "<none>" : spn,
-		ncreds);
-
-	if (cpn != NULL)
-	    free(cpn);
-	if (spn != NULL)
-	    free(spn);
-    }
-
-    return 0;
-}
-
-static krb5_error_code
-kcm_ccache_destroy_internal(krb5_context context, const char *name)
-{
-    kcm_ccache *p;
-    krb5_error_code ret;
-
-    ret = KRB5_FCC_NOFILE;
-
-    HEIMDAL_MUTEX_lock(&ccache_mutex);
-    for (p = &ccache_head; *p != NULL; p = &(*p)->next) {
-	if (((*p)->flags & KCM_FLAGS_VALID) == 0)
-	    continue;
-	if (strcmp((*p)->name, name) == 0) {
-	    ret = 0;
-	    break;
-	}
-    }
-
-    if (ret)
-	goto out;
-
-    kcm_release_ccache(context, p);
-
-out:
-    HEIMDAL_MUTEX_unlock(&ccache_mutex);
-
-    return ret;
-}
-
-static krb5_error_code
-kcm_ccache_alloc(krb5_context context,
-		 const char *name,
-		 kcm_ccache *ccache)
-{
-    kcm_ccache slot = NULL, p;
-    krb5_error_code ret;
-    int new_slot = 0;
-
-    *ccache = NULL;
-
-    /* First, check for duplicates */
-    HEIMDAL_MUTEX_lock(&ccache_mutex);
-    ret = 0;
-    for (p = ccache_head; p != NULL; p = p->next) {
-	if (p->flags & KCM_FLAGS_VALID) {
-	    if (strcmp(p->name, name) == 0) {
-		ret = KRB5_CC_WRITE;
-		break;
-	    }
-	} else if (slot == NULL)
-	    slot = p;
-    }
-
-    if (ret)
-	goto out;
-
-    /*
-     * Then try and find an empty slot
-     * XXX we need to recycle slots for this to actually do anything
-     */
-    if (slot == NULL) {
-	for (; p != NULL; p = p->next) {
-	    if ((p->flags & KCM_FLAGS_VALID) == 0) {
-		slot = p;
-		break;
-	    }
-	}
-
-	if (slot == NULL) {
-	    slot = (kcm_ccache_data *)malloc(sizeof(*slot));
-	    if (slot == NULL) {
-		ret = KRB5_CC_NOMEM;
-		goto out;
-	    }
-	    slot->next = ccache_head;
-	    HEIMDAL_MUTEX_init(&slot->mutex);
-	    new_slot = 1;
-	}
-    }
-
-    slot->name = strdup(name);
-    if (slot->name == NULL) {
-	ret = KRB5_CC_NOMEM;
-	goto out;
-    }
-
-    slot->refcnt = 1;
-    slot->flags = KCM_FLAGS_VALID;
-    slot->mode = S_IRUSR | S_IWUSR;
-    slot->uid = -1;
-    slot->gid = -1;
-    slot->client = NULL;
-    slot->server = NULL;
-    slot->creds = NULL;
-    slot->n_cursor = 0;
-    slot->cursors = NULL;
-    slot->key.keytab = NULL;
-    slot->tkt_life = 0;
-    slot->renew_life = 0;
-
-    if (new_slot)
-	ccache_head = slot;
-
-    *ccache = slot;
-
-    HEIMDAL_MUTEX_unlock(&ccache_mutex);
-    return 0;
-
-out:
-    HEIMDAL_MUTEX_unlock(&ccache_mutex);
-    if (new_slot && slot != NULL) {
-	HEIMDAL_MUTEX_destroy(&slot->mutex);
-	free(slot);
-    }
-    return ret;
-}
-
-krb5_error_code
-kcm_ccache_remove_creds_internal(krb5_context context,
-				 kcm_ccache ccache)
-{
-    struct kcm_creds *k;
-    struct kcm_cursor *c;
-
-    k = ccache->creds;
-    while (k != NULL) {
-	struct kcm_creds *old;
-
-	krb5_free_cred_contents(context, &k->cred);
-	old = k;
-	k = k->next;
-	free(old);
-    }
-    ccache->creds = NULL;
-
-    /* remove anything that would have pointed into the creds too */
-
-    ccache->n_cursor = 0;
-
-    c = ccache->cursors;
-    while (c != NULL) {
-	struct kcm_cursor *old;
-
-	old = c;
-	c = c->next;
-	free(old);
-    }
-    ccache->cursors = NULL;
-
-    return 0;
-}
-
-krb5_error_code
-kcm_ccache_remove_creds(krb5_context context,
-			kcm_ccache ccache)
-{
-    krb5_error_code ret;
-
-    KCM_ASSERT_VALID(ccache);
-
-    HEIMDAL_MUTEX_lock(&ccache->mutex);
-    ret = kcm_ccache_remove_creds_internal(context, ccache);
-    HEIMDAL_MUTEX_unlock(&ccache->mutex);
-
-    return ret;
-}
-
-krb5_error_code
-kcm_zero_ccache_data_internal(krb5_context context,
-			      kcm_ccache_data *cache)
-{
-    if (cache->client != NULL) {
-	krb5_free_principal(context, cache->client);
-	cache->client = NULL;
-    }
-
-    if (cache->server != NULL) {
-	krb5_free_principal(context, cache->server);
-	cache->server = NULL;
-    }
-
-    kcm_ccache_remove_creds_internal(context, cache);
-
-    return 0;
-}
-
-krb5_error_code
-kcm_zero_ccache_data(krb5_context context,
-		     kcm_ccache cache)
-{
-    krb5_error_code ret;
-
-    KCM_ASSERT_VALID(cache);
-
-    HEIMDAL_MUTEX_lock(&cache->mutex);
-    ret = kcm_zero_ccache_data_internal(context, cache);
-    HEIMDAL_MUTEX_unlock(&cache->mutex);
-
-    return ret;
-}
-
-static krb5_error_code
-kcm_free_ccache_data_internal(krb5_context context,
-			      kcm_ccache_data *cache)
-{
-    KCM_ASSERT_VALID(cache);
-
-    if (cache->name != NULL) {
-	free(cache->name);
-	cache->name = NULL;
-    }
-
-    if (cache->flags & KCM_FLAGS_USE_KEYTAB) {
-	krb5_kt_close(context, cache->key.keytab);
-	cache->key.keytab = NULL;
-    } else if (cache->flags & KCM_FLAGS_USE_CACHED_KEY) {
-	krb5_free_keyblock_contents(context, &cache->key.keyblock);
-	krb5_keyblock_zero(&cache->key.keyblock);
-    }
-
-    cache->flags = 0;
-    cache->mode = 0;
-    cache->uid = -1;
-    cache->gid = -1;
-
-    kcm_zero_ccache_data_internal(context, cache);
-
-    cache->tkt_life = 0;
-    cache->renew_life = 0;
-
-    cache->next = NULL;
-    cache->refcnt = 0;
-
-    HEIMDAL_MUTEX_unlock(&cache->mutex);
-    HEIMDAL_MUTEX_destroy(&cache->mutex);
-
-    return 0;
-}
-
-krb5_error_code
-kcm_retain_ccache(krb5_context context,
-		  kcm_ccache ccache)
-{
-    KCM_ASSERT_VALID(ccache);
-
-    HEIMDAL_MUTEX_lock(&ccache->mutex);
-    ccache->refcnt++;
-    HEIMDAL_MUTEX_unlock(&ccache->mutex);
-
-    return 0;
-}
-
-krb5_error_code
-kcm_release_ccache(krb5_context context,
-		   kcm_ccache *ccache)
-{
-    kcm_ccache c = *ccache;
-    krb5_error_code ret = 0;
-
-    KCM_ASSERT_VALID(c);
-
-    HEIMDAL_MUTEX_lock(&c->mutex);
-    if (c->refcnt == 1) {
-	ret = kcm_free_ccache_data_internal(context, c);
-	if (ret == 0)
-	    free(c);
-    } else {
-	c->refcnt--;
-	HEIMDAL_MUTEX_unlock(&c->mutex);
-    }
-
-    *ccache = NULL;
-
-    return ret;
-}
-
-krb5_error_code
-kcm_ccache_gen_new(krb5_context context,
-		   pid_t pid,
-		   uid_t uid,
-		   gid_t gid,
-		   kcm_ccache *ccache)
-{
-    krb5_error_code ret;
-    char *name;
-
-    name = kcm_ccache_nextid(pid, uid, gid);
-    if (name == NULL) {
-	return KRB5_CC_NOMEM;
-    }
-
-    ret = kcm_ccache_new(context, name, ccache);
-
-    free(name);
-    return ret;
-}
-
-krb5_error_code
-kcm_ccache_new(krb5_context context,
-	       const char *name,
-	       kcm_ccache *ccache)
-{
-    krb5_error_code ret;
-
-    ret = kcm_ccache_alloc(context, name, ccache);
-    if (ret == 0) {
-	/*
-	 * one reference is held by the linked list,
-	 * one by the caller
-	 */
-	kcm_retain_ccache(context, *ccache);
-    }
-
-    return ret;
-}
-
-krb5_error_code
-kcm_ccache_resolve(krb5_context context,
-		   const char *name,
-		   kcm_ccache *ccache)
-{
-    krb5_error_code ret;
-
-    ret = kcm_ccache_resolve_internal(context, name, ccache);
-
-    return ret;
-}
-
-krb5_error_code
-kcm_ccache_destroy(krb5_context context,
-		   const char *name)
-{
-    krb5_error_code ret;
-
-    ret = kcm_ccache_destroy_internal(context, name);
-
-    return ret;
-}
-
-krb5_error_code
-kcm_ccache_destroy_if_empty(krb5_context context,
-			    kcm_ccache ccache)
-{
-    krb5_error_code ret;
-
-    KCM_ASSERT_VALID(ccache);
-    
-    if (ccache->creds == NULL) {
-	ret = kcm_ccache_destroy_internal(context, ccache->name);
-    } else
-	ret = 0;
-
-    return ret;
-}
-
-krb5_error_code
-kcm_ccache_store_cred(krb5_context context,
-		      kcm_ccache ccache,
-		      krb5_creds *creds,
-		      int copy)
-{
-    krb5_error_code ret;
-    krb5_creds *tmp;
-
-    KCM_ASSERT_VALID(ccache);
-    
-    HEIMDAL_MUTEX_lock(&ccache->mutex);
-    ret = kcm_ccache_store_cred_internal(context, ccache, creds, copy, &tmp);
-    HEIMDAL_MUTEX_unlock(&ccache->mutex);
-
-    return ret;
-}
-
-krb5_error_code
-kcm_ccache_store_cred_internal(krb5_context context,
-			       kcm_ccache ccache,
-			       krb5_creds *creds,
-			       int copy,
-			       krb5_creds **credp)
-{
-    struct kcm_creds **c;
-    krb5_error_code ret;
-
-    for (c = &ccache->creds; *c != NULL; c = &(*c)->next)
-	;
-
-    *c = (struct kcm_creds *)malloc(sizeof(struct kcm_creds));
-    if (*c == NULL) {
-	return KRB5_CC_NOMEM;
-    }
-
-    *credp = &(*c)->cred;
-
-    if (copy) {
-	ret = krb5_copy_creds_contents(context, creds, *credp);
-	if (ret) {
-	    free(*c);
-	    *c = NULL;
-	}
-    } else {
-	**credp = *creds;
-	ret = 0;
-    }
-
-    (*c)->next = NULL;
-
-    return ret;
-}
-
-static void
-remove_cred(krb5_context context,
-	    struct kcm_creds **c)
-{
-    struct kcm_creds *cred;
-
-    cred = *c;
-
-    *c = cred->next;
-
-    krb5_free_cred_contents(context, &cred->cred);
-    free(cred);
-}
-
-krb5_error_code
-kcm_ccache_remove_cred_internal(krb5_context context,
-				kcm_ccache ccache,
-				krb5_flags whichfields,
-				const krb5_creds *mcreds)
-{
-    krb5_error_code ret;
-    struct kcm_creds **c;
-
-    ret = KRB5_CC_NOTFOUND;
-
-    for (c = &ccache->creds; *c != NULL; c = &(*c)->next) {
-	if (krb5_compare_creds(context, whichfields, mcreds, &(*c)->cred)) {
-	    remove_cred(context, c);
-	    ret = 0;
-	}
-    }
-
-    return ret;
-}
-
-krb5_error_code
-kcm_ccache_remove_cred(krb5_context context,
-		       kcm_ccache ccache,
-		       krb5_flags whichfields,
-		       const krb5_creds *mcreds)
-{
-    krb5_error_code ret;
-
-    KCM_ASSERT_VALID(ccache);
-
-    HEIMDAL_MUTEX_lock(&ccache->mutex);
-    ret = kcm_ccache_remove_cred_internal(context, ccache, whichfields, mcreds);
-    HEIMDAL_MUTEX_unlock(&ccache->mutex);
-
-    return ret;
-}
-
-krb5_error_code
-kcm_ccache_retrieve_cred_internal(krb5_context context,
-			 	  kcm_ccache ccache,
-			 	  krb5_flags whichfields,
-			 	  const krb5_creds *mcreds,
-			 	  krb5_creds **creds)
-{
-    krb5_boolean match;
-    struct kcm_creds *c;
-    krb5_error_code ret;
-
-    memset(creds, 0, sizeof(*creds));
-
-    ret = KRB5_CC_END;
-
-    match = FALSE;
-    for (c = ccache->creds; c != NULL; c = c->next) {
-	match = krb5_compare_creds(context, whichfields, mcreds, &c->cred);
-	if (match)
-	    break;
-    }
-
-    if (match) {
-	ret = 0;
-	*creds = &c->cred;
-    }
-
-    return ret;
-}
-
-krb5_error_code
-kcm_ccache_retrieve_cred(krb5_context context,
-			 kcm_ccache ccache,
-			 krb5_flags whichfields,
-			 const krb5_creds *mcreds,
-			 krb5_creds **credp)
-{
-    krb5_error_code ret;
-
-    KCM_ASSERT_VALID(ccache);
-    
-    HEIMDAL_MUTEX_lock(&ccache->mutex);
-    ret = kcm_ccache_retrieve_cred_internal(context, ccache,
-					    whichfields, mcreds, credp);
-    HEIMDAL_MUTEX_unlock(&ccache->mutex);
-
-    return ret;
-}
diff --git a/crypto/heimdal/kcm/client.c b/crypto/heimdal/kcm/client.c
deleted file mode 100644
index f0758949bafa..000000000000
--- a/crypto/heimdal/kcm/client.c
+++ /dev/null
@@ -1,185 +0,0 @@
-/*
- * Copyright (c) 2005, PADL Software Pty Ltd.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of PADL Software nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kcm_locl.h"
-#include <pwd.h>
-
-RCSID("$Id: client.c 20487 2007-04-21 06:25:06Z lha $");
-
-krb5_error_code
-kcm_ccache_resolve_client(krb5_context context,
-			  kcm_client *client,
-			  kcm_operation opcode,
-			  const char *name,
-			  kcm_ccache *ccache)
-{
-    krb5_error_code ret;
-
-    ret = kcm_ccache_resolve(context, name, ccache);
-    if (ret) {
-	kcm_log(1, "Failed to resolve cache %s: %s",
-		name, krb5_get_err_text(context, ret));
-	return ret;
-    }
-
-    ret = kcm_access(context, client, opcode, *ccache);
-    if (ret) {
-	ret = KRB5_FCC_NOFILE; /* don't disclose */
-	kcm_release_ccache(context, ccache);
-    }
-
-    return ret;
-}
-
-krb5_error_code
-kcm_ccache_destroy_client(krb5_context context,
-			  kcm_client *client,
-			  const char *name)
-{
-    krb5_error_code ret;
-    kcm_ccache ccache;
-
-    ret = kcm_ccache_resolve(context, name, &ccache);
-    if (ret) {
-	kcm_log(1, "Failed to resolve cache %s: %s",
-		name, krb5_get_err_text(context, ret));
-	return ret;
-    }
-
-    ret = kcm_access(context, client, KCM_OP_DESTROY, ccache);
-    if (ret) {
-	kcm_release_ccache(context, &ccache);
-	return ret;
-    }
-
-    ret = kcm_ccache_destroy(context, ccache->name);
-    if (ret == 0) {
-	/* don't leave any events dangling */
-	kcm_cleanup_events(context, ccache);
-    }
-
-    kcm_release_ccache(context, &ccache);
-    return ret;
-}
-
-krb5_error_code
-kcm_ccache_new_client(krb5_context context,
-		      kcm_client *client,
-		      const char *name,
-		      kcm_ccache *ccache_p)
-{
-    krb5_error_code ret;
-    kcm_ccache ccache;
-
-    /* We insist the ccache name starts with UID or UID: */
-    if (name_constraints != 0) {
-	char prefix[64];
-	size_t prefix_len;
-	int bad = 1;
-
-	snprintf(prefix, sizeof(prefix), "%ld:", (long)client->uid);
-	prefix_len = strlen(prefix);
-
-	if (strncmp(name, prefix, prefix_len) == 0)
-	    bad = 0;
-	else {
-	    prefix[prefix_len - 1] = '\0';
-	    if (strcmp(name, prefix) == 0)
-		bad = 0;
-	}
-
-	/* Allow root to create badly-named ccaches */
-	if (bad && !CLIENT_IS_ROOT(client))
-	    return KRB5_CC_BADNAME;
-    }
-	
-    ret = kcm_ccache_resolve(context, name, &ccache);
-    if (ret == 0) {
-	if ((ccache->uid != client->uid ||
-	     ccache->gid != client->gid) && !CLIENT_IS_ROOT(client))
-	    return KRB5_FCC_PERM;
-    } else if (ret != KRB5_FCC_NOFILE && !(CLIENT_IS_ROOT(client) && ret == KRB5_FCC_PERM)) {
-		return ret;
-    }
-
-    if (ret == KRB5_FCC_NOFILE) {
-	ret = kcm_ccache_new(context, name, &ccache);
-	if (ret) {
-	    kcm_log(1, "Failed to initialize cache %s: %s",
-		    name, krb5_get_err_text(context, ret));
-	    return ret;
-	}
-
-	/* bind to current client */
-	ccache->uid = client->uid;
-	ccache->gid = client->gid;
-    } else {
-	ret = kcm_zero_ccache_data(context, ccache);
-	if (ret) {
-	    kcm_log(1, "Failed to empty cache %s: %s",
-		    name, krb5_get_err_text(context, ret));
-	    kcm_release_ccache(context, &ccache);
-	    return ret;
-	}
-	kcm_cleanup_events(context, ccache);
-    }
-
-    ret = kcm_access(context, client, KCM_OP_INITIALIZE, ccache);
-    if (ret) {
-	kcm_release_ccache(context, &ccache);
-	kcm_ccache_destroy(context, name);
-	return ret;
-    }
-
-    /* 
-     * Finally, if the user is root and the cache was created under
-     * another user's name, chown the cache to that user and their
-     * default gid.
-     */
-    if (CLIENT_IS_ROOT(client)) {
-	unsigned long uid;
-	int matches = sscanf(name,"%ld:",&uid);
-	if (matches == 0)
-	    matches = sscanf(name,"%ld",&uid);
-	if (matches == 1) {
-	    struct passwd *pwd = getpwuid(uid);
-	    if (pwd != NULL) {
-		gid_t gid = pwd->pw_gid;
-		kcm_chown(context, client, ccache, uid, gid);
-	    }
-	}
-    }
-    
-    *ccache_p = ccache;
-    return 0;
-}
-
diff --git a/crypto/heimdal/kcm/config.c b/crypto/heimdal/kcm/config.c
deleted file mode 100644
index 5de797eb4b33..000000000000
--- a/crypto/heimdal/kcm/config.c
+++ /dev/null
@@ -1,390 +0,0 @@
-/*
- * Copyright (c) 2005, PADL Software Pty Ltd.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of PADL Software nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kcm_locl.h"
-#include <getarg.h>
-#include <parse_bytes.h>
-
-RCSID("$Id: config.c 15296 2005-05-30 10:17:43Z lha $");
-
-static const char *config_file;	/* location of kcm config file */
-
-size_t max_request = 0;		/* maximal size of a request */
-char *socket_path = NULL;
-char *door_path = NULL;
-
-static char *max_request_str;	/* `max_request' as a string */
-
-int detach_from_console = -1;
-#define DETACH_IS_DEFAULT FALSE
-
-static const char *system_cache_name = NULL;
-static const char *system_keytab = NULL;
-static const char *system_principal = NULL;
-static const char *system_server = NULL;
-static const char *system_perms = NULL;
-static const char *system_user = NULL;
-static const char *system_group = NULL;
-
-static const char *renew_life = NULL;
-static const char *ticket_life = NULL;
-
-int disallow_getting_krbtgt = -1;
-int name_constraints = -1;
-
-static int help_flag;
-static int version_flag;
-
-static struct getargs args[] = {
-    { 
-	"cache-name",	0,	arg_string,	&system_cache_name, 
-	"system cache name", "cachename" 
-    },
-    { 
-	"config-file",	'c',	arg_string,	&config_file, 
-	"location of config file",	"file" 
-    },
-    { 
-	"group",	'g',	arg_string,	&system_group, 
-	"system cache group",	"group" 
-    },
-    { 
-	"max-request",	0,	arg_string, &max_request, 
-	"max size for a kcm-request", "size"
-    },
-#if DETACH_IS_DEFAULT
-    {
-	"detach",       'D',      arg_negative_flag, &detach_from_console, 
-	"don't detach from console"
-    },
-#else
-    {
-	"detach",       0 ,      arg_flag, &detach_from_console, 
-	"detach from console"
-    },
-#endif
-    {	"help",		'h',	arg_flag,   &help_flag },
-    { 
-	"system-principal",	'k',	arg_string,	&system_principal, 
-	"system principal name",	"principal" 
-    },
-    {
-	"lifetime",	'l', arg_string, &ticket_life,
-	"lifetime of system tickets", "time"
-    },
-    {
-	"mode",		'm', arg_string, &system_perms,
-	"octal mode of system cache", "mode"
-    },
-    {
-	"name-constraints",	'n', arg_negative_flag, &name_constraints,
-	"disable credentials cache name constraints"
-    },
-    {
-	"disallow-getting-krbtgt", 0, arg_flag, &disallow_getting_krbtgt,
-	"disable fetching krbtgt from the cache"
-    },
-    {
-	"renewable-life",	'r', arg_string, &renew_life,
-    	"renewable lifetime of system tickets", "time"
-    },
-    {
-	"socket-path",		's', arg_string, &socket_path,
-    	"path to kcm domain socket", "path"
-    },
-#ifdef HAVE_DOOR_CREATE
-    {
-	"door-path",		's', arg_string, &door_path,
-    	"path to kcm door", "path"
-    },
-#endif
-    {
-	"server",		'S', arg_string, &system_server,
-    	"server to get system ticket for", "principal"
-    },
-    { 
-	"keytab",	't',	arg_string,	&system_keytab, 
-	"system keytab name",	"keytab" 
-    },
-    { 
-	"user",		'u',	arg_string,	&system_user, 
-	"system cache owner",	"user" 
-    },
-    {	"version",	'v',	arg_flag,   &version_flag }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(int ret)
-{
-    arg_printusage (args, num_args, NULL, "");
-    exit (ret);
-}
-
-static int parse_owners(kcm_ccache ccache)
-{
-    uid_t uid = 0;
-    gid_t gid = 0;
-    struct passwd *pw;
-    struct group *gr;
-    int uid_p = 0;
-    int gid_p = 0;
-
-    if (system_user != NULL) {
-	if (isdigit((unsigned char)system_user[0])) {
-	    pw = getpwuid(atoi(system_user));
-	} else {
-	    pw = getpwnam(system_user);
-	}
-	if (pw == NULL) {
-	    return errno;
-	}
-
-	system_user = strdup(pw->pw_name);
-	if (system_user == NULL) {
-	    return ENOMEM;
-	}
-
-	uid = pw->pw_uid; uid_p = 1;
-	gid = pw->pw_gid; gid_p = 1;
-    }
-
-    if (system_group != NULL) {
-	if (isdigit((unsigned char)system_group[0])) {
-	    gr = getgrgid(atoi(system_group));
-	} else {
-	    gr = getgrnam(system_group);
-	}
-	if (gr == NULL) {
-	    return errno;
-	}
-
-	gid = gr->gr_gid; gid_p = 1;
-    }
-
-    if (uid_p)
-	ccache->uid = uid;
-    else
-	ccache->uid = 0; /* geteuid() XXX */
-
-    if (gid_p)
-	ccache->gid = gid;
-    else
-	ccache->gid = 0; /* getegid() XXX */
-
-    return 0;
-}
-
-static const char *
-kcm_system_config_get_string(const char *string)
-{
-    return krb5_config_get_string(kcm_context, NULL, "kcm",
-				  "system_ccache", string, NULL);
-}
-
-static krb5_error_code
-ccache_init_system(void)
-{
-    kcm_ccache ccache;
-    krb5_error_code ret;
-
-    if (system_cache_name == NULL)
-	system_cache_name = kcm_system_config_get_string("cc_name");
-
-    ret = kcm_ccache_new(kcm_context,
-			 system_cache_name ? system_cache_name : "SYSTEM",
-			 &ccache);
-    if (ret)
-	return ret;
-
-    ccache->flags |= KCM_FLAGS_OWNER_IS_SYSTEM;
-    ccache->flags |= KCM_FLAGS_USE_KEYTAB;
-
-    ret = parse_owners(ccache);
-    if (ret)
-	return ret;
-
-    ret = krb5_parse_name(kcm_context, system_principal, &ccache->client);
-    if (ret) {
-	kcm_release_ccache(kcm_context, &ccache);
-	return ret;
-    }
-
-    if (system_server == NULL)
-	system_server = kcm_system_config_get_string("server");
-
-    if (system_server != NULL) {
-	ret = krb5_parse_name(kcm_context, system_server, &ccache->server);
-	if (ret) {
-	    kcm_release_ccache(kcm_context, &ccache);
-	    return ret;
-	}
-    }
-
-    if (system_keytab == NULL)
-	system_keytab = kcm_system_config_get_string("keytab_name");
-
-    if (system_keytab != NULL) {
-	ret = krb5_kt_resolve(kcm_context, system_keytab, &ccache->key.keytab);
-    } else {
-	ret = krb5_kt_default(kcm_context, &ccache->key.keytab);
-    }
-    if (ret) {
-	kcm_release_ccache(kcm_context, &ccache);
-	return ret;
-    }
-
-    if (renew_life == NULL)
-	renew_life = kcm_system_config_get_string("renew_life");
-
-    if (renew_life == NULL)
-	renew_life = "1 month";
-
-    if (renew_life != NULL) {
-	ccache->renew_life = parse_time(renew_life, "s");
-	if (ccache->renew_life < 0) {
-	    kcm_release_ccache(kcm_context, &ccache);
-	    return EINVAL;
-	}
-    }
-
-    if (ticket_life == NULL)
-	ticket_life = kcm_system_config_get_string("ticket_life");
-
-    if (ticket_life != NULL) {
-	ccache->tkt_life = parse_time(ticket_life, "s");
-	if (ccache->tkt_life < 0) {
-	    kcm_release_ccache(kcm_context, &ccache);
-	    return EINVAL;
-	}
-    }
-
-    if (system_perms == NULL)
-	system_perms = kcm_system_config_get_string("mode");
-
-    if (system_perms != NULL) {
-	int mode;
-
-	if (sscanf(system_perms, "%o", &mode) != 1)
-	    return EINVAL;
-
-	ccache->mode = mode;
-    }
-
-    if (disallow_getting_krbtgt == -1) {
-	disallow_getting_krbtgt =
-	    krb5_config_get_bool_default(kcm_context, NULL, FALSE, "kcm",
-					 "disallow-getting-krbtgt", NULL);
-    }
-
-    /* enqueue default actions for credentials cache */
-    ret = kcm_ccache_enqueue_default(kcm_context, ccache, NULL);
-
-    kcm_release_ccache(kcm_context, &ccache); /* retained by event queue */
-
-    return ret;
-}
-
-void
-kcm_configure(int argc, char **argv)
-{
-    krb5_error_code ret;
-    int optind = 0;
-    const char *p;
-    
-    while(getarg(args, num_args, argc, argv, &optind))
-	warnx("error at argument `%s'", argv[optind]);
-
-    if(help_flag)
-	usage (0);
-
-    if (version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optind;
-    argv += optind;
-
-    if (argc != 0)
-	usage(1);
-    
-    {
-	char **files;
-
-	if(config_file == NULL)
-	    config_file = _PATH_KCM_CONF;
-
-	ret = krb5_prepend_config_files_default(config_file, &files);
-	if (ret)
-	    krb5_err(kcm_context, 1, ret, "getting configuration files");
-	    
-	ret = krb5_set_config_files(kcm_context, files);
-	krb5_free_config_files(files);
-	if(ret) 
-	    krb5_err(kcm_context, 1, ret, "reading configuration files");
-    }
-
-    if(max_request_str)
-	max_request = parse_bytes(max_request_str, NULL);
-
-    if(max_request == 0){
-	p = krb5_config_get_string (kcm_context,
-				    NULL,
-				    "kcm",
-				    "max-request",
-				    NULL);
-	if(p)
-	    max_request = parse_bytes(p, NULL);
-    }
-
-    if (system_principal == NULL) {
-	system_principal = kcm_system_config_get_string("principal");
-    }
-
-    if (system_principal != NULL) {
-	ret = ccache_init_system();
-	if (ret)
-	    krb5_err(kcm_context, 1, ret, "initializing system ccache");
-    }
-
-    if(detach_from_console == -1) 
-	detach_from_console = krb5_config_get_bool_default(kcm_context, NULL,
-							   DETACH_IS_DEFAULT,
-							   "kcm",
-							   "detach", NULL);
-    kcm_openlog();
-    if(max_request == 0)
-	max_request = 64 * 1024;
-}
-
diff --git a/crypto/heimdal/kcm/connect.c b/crypto/heimdal/kcm/connect.c
deleted file mode 100644
index b3a21aa66a0b..000000000000
--- a/crypto/heimdal/kcm/connect.c
+++ /dev/null
@@ -1,688 +0,0 @@
-/*
- * Copyright (c) 1997-2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kcm_locl.h"
-
-RCSID("$Id: connect.c 16314 2005-11-29 19:03:50Z lha $");
-
-struct descr {
-    int s;
-    int type;
-    char *path;
-    unsigned char *buf;
-    size_t size;
-    size_t len;
-    time_t timeout;
-    struct sockaddr_storage __ss;
-    struct sockaddr *sa;
-    socklen_t sock_len;
-    kcm_client peercred;
-};
-
-static void
-init_descr(struct descr *d)
-{
-    memset(d, 0, sizeof(*d));
-    d->sa = (struct sockaddr *)&d->__ss;
-    d->s = -1;
-}
-
-/*
- * re-initialize all `n' ->sa in `d'.
- */
-
-static void
-reinit_descrs (struct descr *d, int n)
-{
-    int i;
-
-    for (i = 0; i < n; ++i)
-	d[i].sa = (struct sockaddr *)&d[i].__ss;
-}
-
-/*
- * Update peer credentials from socket.
- *
- * SCM_CREDS can only be updated the first time there is read data to
- * read from the filedescriptor, so if we read do it before this
- * point, the cred data might not be is not there yet.
- */
-
-static int
-update_client_creds(int s, kcm_client *peer)
-{
-#ifdef GETPEERUCRED
-    /* Solaris 10 */
-    {
-	ucred_t *peercred;
-	
-	if (getpeerucred(s, &peercred) != 0) {
-	    peer->uid = ucred_geteuid(peercred);
-	    peer->gid = ucred_getegid(peercred);
-	    peer->pid = 0;
-	    ucred_free(peercred);
-	    return 0;
-	}
-    } 
-#endif
-#ifdef GETPEEREID
-    /* FreeBSD, OpenBSD */
-    {
-	uid_t uid;
-	gid_t gid;
-
-	if (getpeereid(s, &uid, &gid) == 0) {
-	    peer->uid = uid;
-	    peer->gid = gid;
-	    peer->pid = 0;
-	    return 0;
-	}
-    }
-#endif
-#ifdef SO_PEERCRED
-    /* Linux */
-    {
-	struct ucred pc;
-	socklen_t pclen = sizeof(pc);
-
-	if (getsockopt(s, SOL_SOCKET, SO_PEERCRED, (void *)&pc, &pclen) == 0) {
-	    peer->uid = pc.uid;
-	    peer->gid = pc.gid;
-	    peer->pid = pc.pid;
-	    return 0;
-	}
-    }
-#endif
-#if defined(LOCAL_PEERCRED) && defined(XUCRED_VERSION)
-    {
-	struct xucred peercred;
-	socklen_t peercredlen = sizeof(peercred);
-
-	if (getsockopt(s, LOCAL_PEERCRED, 1,
-		       (void *)&peercred, &peercredlen) == 0
-	    && peercred.cr_version == XUCRED_VERSION)
-	{
-	    peer->uid = peercred.cr_uid;
-	    peer->gid = peercred.cr_gid;
-	    peer->pid = 0;
-	    return 0;
-	}
-    }
-#endif
-#if defined(SOCKCREDSIZE) && defined(SCM_CREDS)
-    /* NetBSD */
-    if (peer->uid == -1) {
-	struct msghdr msg;
-	socklen_t crmsgsize;
-	void *crmsg;
-	struct cmsghdr *cmp;
-	struct sockcred *sc;
-	
-	memset(&msg, 0, sizeof(msg));
-	crmsgsize = CMSG_SPACE(SOCKCREDSIZE(NGROUPS));
-	if (crmsgsize == 0)
-	    return 1 ;
-
-	crmsg = malloc(crmsgsize);
-	if (crmsg == NULL)
-	    goto failed_scm_creds;
-
-	memset(crmsg, 0, crmsgsize);
-	
-	msg.msg_control = crmsg;
-	msg.msg_controllen = crmsgsize;
-	
-	if (recvmsg(s, &msg, 0) < 0) {
-	    free(crmsg);
-	    goto failed_scm_creds;
-	}	
-	
-	if (msg.msg_controllen == 0 || (msg.msg_flags & MSG_CTRUNC) != 0) {
-	    free(crmsg);
-	    goto failed_scm_creds;
-	}	
-	
-	cmp = CMSG_FIRSTHDR(&msg);
-	if (cmp->cmsg_level != SOL_SOCKET || cmp->cmsg_type != SCM_CREDS) {
-	    free(crmsg);
-	    goto failed_scm_creds;
-	}	
-	
-	sc = (struct sockcred *)(void *)CMSG_DATA(cmp);
-	
-	peer->uid = sc->sc_euid;
-	peer->gid = sc->sc_egid;
-	peer->pid = 0;
-	
-	free(crmsg);
-	return 0;
-    } else {
-	/* we already got the cred, just return it */
-	return 0;
-    }
- failed_scm_creds:
-#endif
-    krb5_warn(kcm_context, errno, "failed to determine peer identity");
-    return 1;
-}
-
-
-/*
- * Create the socket (family, type, port) in `d'
- */
-
-static void 
-init_socket(struct descr *d)
-{
-    struct sockaddr_un un;
-    struct sockaddr *sa = (struct sockaddr *)&un;
-    krb5_socklen_t sa_size = sizeof(un);
-
-    init_descr (d);
-
-    un.sun_family = AF_UNIX;
-
-    if (socket_path != NULL)
-	d->path = socket_path;
-    else
-	d->path = _PATH_KCM_SOCKET;
-
-    strlcpy(un.sun_path, d->path, sizeof(un.sun_path));
-
-    d->s = socket(AF_UNIX, SOCK_STREAM, 0);
-    if (d->s < 0){
-	krb5_warn(kcm_context, errno, "socket(%d, %d, 0)", AF_UNIX, SOCK_STREAM);
-	d->s = -1;
-	return;
-    }
-#if defined(HAVE_SETSOCKOPT) && defined(SOL_SOCKET) && defined(SO_REUSEADDR)
-    {
-	int one = 1;
-	setsockopt(d->s, SOL_SOCKET, SO_REUSEADDR, (void *)&one, sizeof(one));
-    }
-#endif
-#ifdef LOCAL_CREDS
-    {
-	int one = 1;
-	setsockopt(d->s, 0, LOCAL_CREDS, (void *)&one, sizeof(one));
-    }
-#endif
-
-    d->type = SOCK_STREAM;
-
-    unlink(d->path);
-
-    if (bind(d->s, sa, sa_size) < 0) {
-	krb5_warn(kcm_context, errno, "bind %s", un.sun_path);
-	close(d->s);
-	d->s = -1;
-	return;
-    }
-
-    if (listen(d->s, SOMAXCONN) < 0) {
-	krb5_warn(kcm_context, errno, "listen %s", un.sun_path);
-	close(d->s);
-	d->s = -1;
-	return;
-    }
-
-    chmod(d->path, 0777);
-
-    return;
-}
-
-/*
- * Allocate descriptors for all the sockets that we should listen on
- * and return the number of them.
- */
-
-static int
-init_sockets(struct descr **desc)
-{
-    struct descr *d;
-    size_t num = 0;
-
-    d = (struct descr *)malloc(sizeof(*d));
-    if (d == NULL) {
-	krb5_errx(kcm_context, 1, "malloc failed");
-    }
-
-    init_socket(d);
-    if (d->s != -1) {
-	kcm_log(5, "listening on domain socket %s", d->path);
-	num++;
-    }
-
-    reinit_descrs (d, num);
-    *desc = d;
-
-    return num;
-}
-
-/*
- * handle the request in `buf, len', from `addr' (or `from' as a string),
- * sending a reply in `reply'.
- */
-
-static int
-process_request(unsigned char *buf, 
-		size_t len, 
-		krb5_data *reply,
-		kcm_client *client)
-{
-    krb5_data request;
-   
-    if (len < 4) {
-	kcm_log(1, "malformed request from process %d (too short)", 
-		client->pid);
-	return -1;
-    }
-
-    if (buf[0] != KCM_PROTOCOL_VERSION_MAJOR ||
-	buf[1] != KCM_PROTOCOL_VERSION_MINOR) {
-	kcm_log(1, "incorrect protocol version %d.%d from process %d",
-		buf[0], buf[1], client->pid);
-	return -1;
-    }
-
-    buf += 2;
-    len -= 2;
-
-    /* buf is now pointing at opcode */
-
-    request.data = buf;
-    request.length = len;
-
-    return kcm_dispatch(kcm_context, client, &request, reply);
-}
-
-/*
- * Handle the request in `buf, len' to socket `d'
- */
-
-static void
-do_request(void *buf, size_t len, struct descr *d)
-{
-    krb5_error_code ret;
-    krb5_data reply;
-
-    reply.length = 0;
-
-    ret = process_request(buf, len, &reply, &d->peercred);
-    if (reply.length != 0) {
-	unsigned char len[4];
-	struct msghdr msghdr;
-	struct iovec iov[2];
-
-	kcm_log(5, "sending %lu bytes to process %d", 
-		(unsigned long)reply.length,
-		(int)d->peercred.pid);
-
-	memset (&msghdr, 0, sizeof(msghdr));
-	msghdr.msg_name       = NULL;
-	msghdr.msg_namelen    = 0;
-	msghdr.msg_iov        = iov;
-	msghdr.msg_iovlen     = sizeof(iov)/sizeof(*iov);
-#if 0
-	msghdr.msg_control    = NULL;
-	msghdr.msg_controllen = 0;
-#endif
-
-	len[0] = (reply.length >> 24) & 0xff;
-	len[1] = (reply.length >> 16) & 0xff;
-	len[2] = (reply.length >> 8) & 0xff;
-	len[3] = reply.length & 0xff;
-
-	iov[0].iov_base       = (void*)len;
-	iov[0].iov_len        = 4;
-	iov[1].iov_base       = reply.data;
-	iov[1].iov_len        = reply.length;
-
-	if (sendmsg (d->s, &msghdr, 0) < 0) {
-	    kcm_log (0, "sendmsg(%d): %d %s", (int)d->peercred.pid,
-		     errno, strerror(errno));
-	    krb5_data_free(&reply);
-	    return;
-	}
-
-	krb5_data_free(&reply);
-    }
-
-    if (ret) {
-	kcm_log(0, "Failed processing %lu byte request from process %d", 
-		(unsigned long)len, d->peercred.pid);
-    }
-}
-
-static void
-clear_descr(struct descr *d)
-{
-    if(d->buf)
-	memset(d->buf, 0, d->size);
-    d->len = 0;
-    if(d->s != -1)
-	close(d->s);
-    d->s = -1;
-}
-
-#define STREAM_TIMEOUT 4
-
-/*
- * accept a new stream connection on `d[parent]' and store it in `d[child]'
- */
-
-static void
-add_new_stream (struct descr *d, int parent, int child)
-{
-    int s;
-
-    if (child == -1)
-	return;
-
-    d[child].peercred.pid = -1;
-    d[child].peercred.uid = -1;
-    d[child].peercred.gid = -1;
-
-    d[child].sock_len = sizeof(d[child].__ss);
-    s = accept(d[parent].s, d[child].sa, &d[child].sock_len);
-    if(s < 0) {
-	krb5_warn(kcm_context, errno, "accept");
-	return;
-    }
-
-    if (s >= FD_SETSIZE) {
-	krb5_warnx(kcm_context, "socket FD too large");
-	close (s);
-	return;
-    }
-
-    d[child].s = s;
-    d[child].timeout = time(NULL) + STREAM_TIMEOUT;
-    d[child].type = SOCK_STREAM;
-}
-
-/*
- * Grow `d' to handle at least `n'.
- * Return != 0 if fails
- */
-
-static int
-grow_descr (struct descr *d, size_t n)
-{
-    if (d->size - d->len < n) {
-	unsigned char *tmp;
-	size_t grow;
-
-	grow = max(1024, d->len + n);
-	if (d->size + grow > max_request) {
-	    kcm_log(0, "Request exceeds max request size (%lu bytes).",
-		    (unsigned long)d->size + grow);
-	    clear_descr(d);
-	    return -1;
-	}
-	tmp = realloc (d->buf, d->size + grow);
-	if (tmp == NULL) {
-	    kcm_log(0, "Failed to re-allocate %lu bytes.",
-		    (unsigned long)d->size + grow);
-	    clear_descr(d);
-	    return -1;
-	}
-	d->size += grow;
-	d->buf = tmp;
-    }
-    return 0;
-}
-
-/*
- * Handle incoming data to the stream socket in `d[index]'
- */
-
-static void
-handle_stream(struct descr *d, int index, int min_free)
-{
-    unsigned char buf[1024];
-    int n;
-    int ret = 0;
-
-    if (d[index].timeout == 0) {
-	add_new_stream (d, index, min_free);
-	return;
-    }
-
-    if (update_client_creds(d[index].s, &d[index].peercred)) {
-	krb5_warnx(kcm_context, "failed to update peer identity");
-	clear_descr(d + index);
-	return;
-    }
-
-    if (d[index].peercred.uid == -1) {
-	krb5_warnx(kcm_context, "failed to determine peer identity");
-	clear_descr (d + index);
-	return;
-    }
-
-    n = recvfrom(d[index].s, buf, sizeof(buf), 0, NULL, NULL);
-    if (n < 0) {
-	krb5_warn(kcm_context, errno, "recvfrom");
-	return;
-    } else if (n == 0) {
-	krb5_warnx(kcm_context, "connection closed before end of data "
-		   "after %lu bytes from process %ld",
-		   (unsigned long) d[index].len, (long) d[index].peercred.pid);
-	clear_descr (d + index);
-	return;
-    }
-    if (grow_descr (&d[index], n))
-	return;
-    memcpy(d[index].buf + d[index].len, buf, n);
-    d[index].len += n;
-    if (d[index].len > 4) {
-	krb5_storage *sp;
-	int32_t len;
-
-	sp = krb5_storage_from_mem(d[index].buf, d[index].len);
-	if (sp == NULL) {
-	    kcm_log (0, "krb5_storage_from_mem failed");
-	    ret = -1;
-	} else {
-	    krb5_ret_int32(sp, &len);
-	    krb5_storage_free(sp);
-	    if (d[index].len - 4 >= len) {
-		memmove(d[index].buf, d[index].buf + 4, d[index].len - 4);
-		ret = 1;
-	    } else
-		ret = 0;
-	}
-    }
-    if (ret < 0)
-	return;
-    else if (ret == 1) {
-	do_request(d[index].buf, d[index].len, &d[index]);
-	clear_descr(d + index);
-    }
-}
-
-#ifdef HAVE_DOOR_CREATE
-
-static void
-kcm_door_server(void  *cookie, char *argp, size_t arg_size,
-		door_desc_t *dp, uint_t n_desc)
-{
-    kcm_client peercred;
-    door_cred_t cred;
-    krb5_error_code ret;
-    krb5_data reply;
-    size_t length;
-    char *p;
-
-    reply.length = 0;
-
-    p = NULL;
-    length = 0;
-
-    if (door_cred(&cred) != 0) {
-	kcm_log(0, "door_cred failed with %s", strerror(errno));
-	goto out;
-    }
-
-    peercred.uid = cred.dc_euid;
-    peercred.gid = cred.dc_egid;
-    peercred.pid = cred.dc_pid;
-
-    ret = process_request((unsigned char*)argp, arg_size, &reply, &peercred);
-    if (reply.length != 0) {
-	p = alloca(reply.length); /* XXX don't use alloca */
-	if (p) {
-	    memcpy(p, reply.data, reply.length);
-	    length = reply.length;
-	}
-	krb5_data_free(&reply);
-    }
-
- out:
-    door_return(p, length, NULL, 0);
-}
-
-static void
-kcm_setup_door(void)
-{
-    int fd, ret;
-    char *path;
-
-    fd = door_create(kcm_door_server, NULL, 0);
-    if (fd < 0)
-	krb5_err(kcm_context, 1, errno, "Failed to create door");
-
-    if (door_path != NULL)
-	path = door_path;
-    else
-	path = _PATH_KCM_DOOR;
-
-    unlink(path);
-    ret = open(path, O_RDWR | O_CREAT, 0666);
-    if (ret < 0)
-	krb5_err(kcm_context, 1, errno, "Failed to create/open door");
-    close(ret);
-
-    ret = fattach(fd, path);
-    if (ret < 0)
-	krb5_err(kcm_context, 1, errno, "Failed to attach door");
-
-}
-#endif /* HAVE_DOOR_CREATE */
-
-
-void
-kcm_loop(void)
-{
-    struct descr *d;
-    int ndescr;
-
-#ifdef HAVE_DOOR_CREATE
-    kcm_setup_door();
-#endif
-
-    ndescr = init_sockets(&d);
-    if (ndescr <= 0) {
-	krb5_warnx(kcm_context, "No sockets!");
-#ifndef HAVE_DOOR_CREATE
-	exit(1);
-#endif
-    }
-    while (exit_flag == 0){
-	struct timeval tmout;
-	fd_set fds;
-	int min_free = -1;
-	int max_fd = 0;
-	int i;
-
-	FD_ZERO(&fds);
-	for(i = 0; i < ndescr; i++) {
-	    if (d[i].s >= 0){
-		if(d[i].type == SOCK_STREAM && 
-		   d[i].timeout && d[i].timeout < time(NULL)) {
-		    kcm_log(1, "Stream connection from %d expired after %lu bytes",
-			    d[i].peercred.pid, (unsigned long)d[i].len);
-		    clear_descr(&d[i]);
-		    continue;
-		}
-		if (max_fd < d[i].s)
-		    max_fd = d[i].s;
-		if (max_fd >= FD_SETSIZE)
-		    krb5_errx(kcm_context, 1, "fd too large");
-		FD_SET(d[i].s, &fds);
-	    } else if (min_free < 0 || i < min_free)
-		min_free = i;
-	}
-	if (min_free == -1) {
-	    struct descr *tmp;
-	    tmp = realloc(d, (ndescr + 4) * sizeof(*d));
-	    if(tmp == NULL)
-		krb5_warnx(kcm_context, "No memory");
-	    else {
-		d = tmp;
-		reinit_descrs (d, ndescr);
-		memset(d + ndescr, 0, 4 * sizeof(*d));
-		for(i = ndescr; i < ndescr + 4; i++)
-		    init_descr (&d[i]);
-		min_free = ndescr;
-		ndescr += 4;
-	    }
-	}
-
-	tmout.tv_sec = STREAM_TIMEOUT;
-	tmout.tv_usec = 0;
-	switch (select(max_fd + 1, &fds, 0, 0, &tmout)){
-	case 0:
-	    kcm_run_events(kcm_context, time(NULL));
-	    break;
-	case -1:
-	    if (errno != EINTR)
-		krb5_warn(kcm_context, errno, "select");
-	    break;
-	default:
-	    for(i = 0; i < ndescr; i++) {
-		if(d[i].s >= 0 && FD_ISSET(d[i].s, &fds)) {
-		    if (d[i].type == SOCK_STREAM)
-			handle_stream(d, i, min_free);
-		}
-	    }
-	    kcm_run_events(kcm_context, time(NULL));
-	    break;
-	}
-    }
-    if (d->path != NULL)
-	unlink(d->path);
-    free(d);
-}
-
diff --git a/crypto/heimdal/kcm/cursor.c b/crypto/heimdal/kcm/cursor.c
deleted file mode 100644
index 701f770219ff..000000000000
--- a/crypto/heimdal/kcm/cursor.c
+++ /dev/null
@@ -1,151 +0,0 @@
-/*
- * Copyright (c) 2005, PADL Software Pty Ltd.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of PADL Software nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kcm_locl.h"
-
-RCSID("$Id: cursor.c 17447 2006-05-05 10:52:01Z lha $");
-
-krb5_error_code
-kcm_cursor_new(krb5_context context,
-	       pid_t pid,
-	       kcm_ccache ccache,
-	       uint32_t *cursor)
-{
-    kcm_cursor **p;
-    krb5_error_code ret;
-
-    *cursor = 0;
-
-    KCM_ASSERT_VALID(ccache);
-
-    HEIMDAL_MUTEX_lock(&ccache->mutex);
-    for (p = &ccache->cursors; *p != NULL; p = &(*p)->next)
-	;
-
-    *p = (kcm_cursor *)malloc(sizeof(kcm_cursor));
-    if (*p == NULL) {
-	ret = KRB5_CC_NOMEM;
-	goto out;
-    }
-
-    (*p)->pid = pid;
-    (*p)->key = ++ccache->n_cursor;
-    (*p)->credp = ccache->creds;
-    (*p)->next = NULL;
-
-    *cursor = (*p)->key;
-
-    ret = 0;
-
-out:
-    HEIMDAL_MUTEX_unlock(&ccache->mutex);
-
-    return ret;
-}
-
-krb5_error_code
-kcm_cursor_find(krb5_context context,
-		pid_t pid,
-		kcm_ccache ccache,
-		uint32_t key,
-		kcm_cursor **cursor)
-{
-    kcm_cursor *p;
-    krb5_error_code ret;
-
-    KCM_ASSERT_VALID(ccache);
-
-    if (key == 0)
-	return KRB5_CC_NOTFOUND;
-
-    ret = KRB5_CC_END;
-
-    HEIMDAL_MUTEX_lock(&ccache->mutex);
-
-    for (p = ccache->cursors; p != NULL; p = p->next) {
-	if (p->key == key) {
-	    if (p->pid != pid)
-		ret = KRB5_FCC_PERM;
-	    else
-		ret = 0;
-	    break;
-	}
-    }
-
-    if (ret == 0)
-	*cursor = p;
-
-    HEIMDAL_MUTEX_unlock(&ccache->mutex);
-
-    return ret;
-}
-
-krb5_error_code
-kcm_cursor_delete(krb5_context context,
-	     	  pid_t pid,
-		  kcm_ccache ccache,
-		  uint32_t key)
-{
-    kcm_cursor **p;
-    krb5_error_code ret;
-
-    KCM_ASSERT_VALID(ccache);
-
-    if (key == 0)
-	return KRB5_CC_NOTFOUND;
-
-    ret = KRB5_CC_END;
-
-    HEIMDAL_MUTEX_lock(&ccache->mutex);
-
-    for (p = &ccache->cursors; *p != NULL; p = &(*p)->next) {
-	if ((*p)->key == key) {
-	    if ((*p)->pid != pid)
-		ret = KRB5_FCC_PERM;
-	    else
-		ret = 0;
-	    break;
-	}
-    }
-
-    if (ret == 0) {
-	kcm_cursor *x = *p;
-
-	*p = x->next;
-	free(x);
-    }
-
-    HEIMDAL_MUTEX_unlock(&ccache->mutex);
-
-    return ret;
-}
-
diff --git a/crypto/heimdal/kcm/events.c b/crypto/heimdal/kcm/events.c
deleted file mode 100644
index f1110d110f20..000000000000
--- a/crypto/heimdal/kcm/events.c
+++ /dev/null
@@ -1,440 +0,0 @@
-/*
- * Copyright (c) 2005, PADL Software Pty Ltd.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of PADL Software nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kcm_locl.h"
-
-RCSID("$Id: events.c 15294 2005-05-30 01:43:23Z lukeh $");
-
-/* thread-safe in case we multi-thread later */
-static HEIMDAL_MUTEX events_mutex = HEIMDAL_MUTEX_INITIALIZER;
-static kcm_event *events_head = NULL;
-static time_t last_run = 0;
-
-static char *action_strings[] = {
-	"NONE", "ACQUIRE_CREDS", "RENEW_CREDS",
-	"DESTROY_CREDS", "DESTROY_EMPTY_CACHE" };
-
-krb5_error_code
-kcm_enqueue_event(krb5_context context,
-		  kcm_event *event)
-{
-    krb5_error_code ret;
-
-    if (event->action == KCM_EVENT_NONE) {
-	return 0;
-    }
-
-    HEIMDAL_MUTEX_lock(&events_mutex);
-    ret = kcm_enqueue_event_internal(context, event);
-    HEIMDAL_MUTEX_unlock(&events_mutex);
-
-    return ret;
-}
-
-static void
-print_times(time_t time, char buf[64])
-{
-    if (time)
-	strftime(buf, 64, "%m-%dT%H:%M", gmtime(&time));
-    else
-	strlcpy(buf, "never", 64);
-}
-
-static void
-log_event(kcm_event *event, char *msg)
-{
-    char fire_time[64], expire_time[64];
-
-    print_times(event->fire_time, fire_time);
-    print_times(event->expire_time, expire_time);
-
-    kcm_log(7, "%s event %08x: fire_time %s fire_count %d expire_time %s "
-	    "backoff_time %d action %s cache %s",
-	    msg, event, fire_time, event->fire_count, expire_time,
-	    event->backoff_time, action_strings[event->action],
-	    event->ccache->name);
-}
-
-krb5_error_code
-kcm_enqueue_event_internal(krb5_context context,
-			   kcm_event *event)
-{
-    kcm_event **e;
-
-    if (event->action == KCM_EVENT_NONE)
-	return 0;
-
-    for (e = &events_head; *e != NULL; e = &(*e)->next)
-	;
-
-    *e = (kcm_event *)malloc(sizeof(kcm_event));
-    if (*e == NULL) {
-	return KRB5_CC_NOMEM;
-    }
-
-    (*e)->valid = 1;
-    (*e)->fire_time = event->fire_time;
-    (*e)->fire_count = 0;
-    (*e)->expire_time = event->expire_time;
-    (*e)->backoff_time = event->backoff_time;
-
-    (*e)->action = event->action;
-
-    kcm_retain_ccache(context, event->ccache);
-    (*e)->ccache = event->ccache;
-    (*e)->next = NULL;
-
-    log_event(*e, "enqueuing");
-
-    return 0;
-}
-
-/*
- * Dump events list on SIGUSR2
- */
-krb5_error_code
-kcm_debug_events(krb5_context context)
-{
-    kcm_event *e;
-
-    for (e = events_head; e != NULL; e = e->next)
-	log_event(e, "debug");
-
-    return 0;
-}
-
-krb5_error_code
-kcm_enqueue_event_relative(krb5_context context,
-			   kcm_event *event)
-{
-    krb5_error_code ret;
-    kcm_event e;
-
-    e = *event;
-    e.backoff_time = e.fire_time;
-    e.fire_time += time(NULL);
-
-    ret = kcm_enqueue_event(context, &e);
-
-    return ret;
-}
-
-static krb5_error_code
-kcm_remove_event_internal(krb5_context context,
-			  kcm_event **e)
-{
-    kcm_event *next;
-
-    next = (*e)->next;
-
-    (*e)->valid = 0;
-    (*e)->fire_time = 0;
-    (*e)->fire_count = 0;
-    (*e)->expire_time = 0;
-    (*e)->backoff_time = 0;
-    kcm_release_ccache(context, &(*e)->ccache);
-    (*e)->next = NULL;
-    free(*e);
-
-    *e = next;
-
-    return 0;
-}
-
-static int
-is_primary_credential_p(krb5_context context,
-			kcm_ccache ccache,
-			krb5_creds *newcred)
-{
-    krb5_flags whichfields;
-
-    if (ccache->client == NULL)
-	return 0;
-
-    if (newcred->client == NULL ||
-	!krb5_principal_compare(context, ccache->client, newcred->client))
-	return 0;
-
-    /* XXX just checks whether it's the first credential in the cache */
-    if (ccache->creds == NULL)
-	return 0;
-
-    whichfields = KRB5_TC_MATCH_KEYTYPE | KRB5_TC_MATCH_FLAGS_EXACT |
-		  KRB5_TC_MATCH_TIMES_EXACT | KRB5_TC_MATCH_AUTHDATA |
-		  KRB5_TC_MATCH_2ND_TKT | KRB5_TC_MATCH_IS_SKEY;
-
-    return krb5_compare_creds(context, whichfields, newcred, &ccache->creds->cred);
-}
-
-/*
- * Setup default events for a new credential
- */
-static krb5_error_code
-kcm_ccache_make_default_event(krb5_context context,
-			      kcm_event *event,
-			      krb5_creds *newcred)
-{
-    krb5_error_code ret = 0;
-    kcm_ccache ccache = event->ccache;
-
-    event->fire_time = 0; 
-    event->expire_time = 0;
-    event->backoff_time = KCM_EVENT_DEFAULT_BACKOFF_TIME;
-
-    if (newcred == NULL) {
-	/* no creds, must be acquire creds request */
-	if ((ccache->flags & KCM_MASK_KEY_PRESENT) == 0) {
-	    kcm_log(0, "Cannot acquire credentials without a key");
-	    return KRB5_FCC_INTERNAL;
-	}
-
-	event->fire_time = time(NULL); /* right away */
-	event->action = KCM_EVENT_ACQUIRE_CREDS;
-    } else if (is_primary_credential_p(context, ccache, newcred)) {
-	if (newcred->flags.b.renewable) {
-	    event->action = KCM_EVENT_RENEW_CREDS;
-	    ccache->flags |= KCM_FLAGS_RENEWABLE;
-	} else {
-	    if (ccache->flags & KCM_MASK_KEY_PRESENT)
-		event->action = KCM_EVENT_ACQUIRE_CREDS;
-	    else
-		event->action = KCM_EVENT_NONE;
-	    ccache->flags &= ~(KCM_FLAGS_RENEWABLE);
-	}
-	/* requeue with some slop factor */
-	event->fire_time = newcred->times.endtime - KCM_EVENT_QUEUE_INTERVAL;
-    } else {
-	event->action = KCM_EVENT_NONE;
-    }
-
-    return ret;
-}
-
-krb5_error_code
-kcm_ccache_enqueue_default(krb5_context context,
-			   kcm_ccache ccache,
-			   krb5_creds *newcred)
-{
-    kcm_event event;
-    krb5_error_code ret;
-
-    memset(&event, 0, sizeof(event));
-    event.ccache = ccache;
-
-    ret = kcm_ccache_make_default_event(context, &event, newcred);
-    if (ret)
-	return ret;
-
-    ret = kcm_enqueue_event_internal(context, &event);
-    if (ret)
-	return ret;
-
-    return 0;
-}
-
-krb5_error_code
-kcm_remove_event(krb5_context context,
-		 kcm_event *event)
-{
-    krb5_error_code ret;
-    kcm_event **e;
-    int found = 0;
-
-    log_event(event, "removing");
-
-    HEIMDAL_MUTEX_lock(&events_mutex);
-    for (e = &events_head; *e != NULL; e = &(*e)->next) {
-	if (event == *e) {
-	    *e = event->next;
-	    found++;
-	    break;
-	}
-    }
-
-    if (!found) {
-	ret = KRB5_CC_NOTFOUND;
-	goto out;
-    }
-
-    ret = kcm_remove_event_internal(context, &event);
-
-out:
-    HEIMDAL_MUTEX_unlock(&events_mutex);
-
-    return ret;
-}
-
-krb5_error_code
-kcm_cleanup_events(krb5_context context,
-		   kcm_ccache ccache)
-{
-    kcm_event **e;
-
-    KCM_ASSERT_VALID(ccache);
-
-    HEIMDAL_MUTEX_lock(&events_mutex);
-
-    for (e = &events_head; *e != NULL; e = &(*e)->next) {
-	if ((*e)->valid && (*e)->ccache == ccache) {
-	    kcm_remove_event_internal(context, e);
-	}
-	if (*e == NULL)
-	    break;
-    }
-
-    HEIMDAL_MUTEX_unlock(&events_mutex);
-
-    return 0;
-}
-
-static krb5_error_code
-kcm_fire_event(krb5_context context,
-	       kcm_event **e)
-{
-    kcm_event *event;
-    krb5_error_code ret;
-    krb5_creds *credp = NULL;
-    int oneshot = 1;
-
-    event = *e;
-
-    switch (event->action) {
-    case KCM_EVENT_ACQUIRE_CREDS:
-	ret = kcm_ccache_acquire(context, event->ccache, &credp);
-	oneshot = 0;
-	break;
-    case KCM_EVENT_RENEW_CREDS:
-	ret = kcm_ccache_refresh(context, event->ccache, &credp);
-	if (ret == KRB5KRB_AP_ERR_TKT_EXPIRED) {
-	    ret = kcm_ccache_acquire(context, event->ccache, &credp);
-	}
-	oneshot = 0;
-	break;
-    case KCM_EVENT_DESTROY_CREDS:
-	ret = kcm_ccache_destroy(context, event->ccache->name);
-	break;
-    case KCM_EVENT_DESTROY_EMPTY_CACHE:
-	ret = kcm_ccache_destroy_if_empty(context, event->ccache);
-	break;
-    default:
-	ret = KRB5_FCC_INTERNAL;
-	break;
-    }
-
-    event->fire_count++;
-
-    if (ret) {
-	/* Reschedule failed event for another time */ 
-	event->fire_time += event->backoff_time;
-	if (event->backoff_time < KCM_EVENT_MAX_BACKOFF_TIME)
-	    event->backoff_time *= 2;
-
-	/* Remove it if it would never get executed */
-	if (event->expire_time &&
-	    event->fire_time > event->expire_time)
-	    kcm_remove_event_internal(context, e);
-    } else {
-	if (!oneshot) {
-	    char *cpn;
-
-	    if (krb5_unparse_name(context, event->ccache->client,
-				  &cpn))
-		cpn = NULL;
-
-	    kcm_log(0, "%s credentials in cache %s for principal %s",
-		    (event->action == KCM_EVENT_ACQUIRE_CREDS) ?
-			"Acquired" : "Renewed",
-		    event->ccache->name,
-		    (cpn != NULL) ? cpn : "<none>");
-
-	    if (cpn != NULL)
-		free(cpn);
-
-	    /* Succeeded, but possibly replaced with another event */
-	    ret = kcm_ccache_make_default_event(context, event, credp);
-	    if (ret || event->action == KCM_EVENT_NONE)
-		oneshot = 1;
-	    else
-		log_event(event, "requeuing");
-	}
-	if (oneshot)
-	    kcm_remove_event_internal(context, e);
-    }
-
-    return ret;
-}
-
-krb5_error_code
-kcm_run_events(krb5_context context,
-	       time_t now)
-{
-    krb5_error_code ret;
-    kcm_event **e;
-
-    HEIMDAL_MUTEX_lock(&events_mutex);
-
-    /* Only run event queue every N seconds */
-    if (now < last_run + KCM_EVENT_QUEUE_INTERVAL) {
-	HEIMDAL_MUTEX_unlock(&events_mutex);
-	return 0;
-    }
-
-    /* go through events list, fire and expire */
-    for (e = &events_head; *e != NULL; e = &(*e)->next) {
-	if ((*e)->valid == 0)
-	    continue;
-
-	if (now >= (*e)->fire_time) {
-	    ret = kcm_fire_event(context, e);
-	    if (ret) {
-		kcm_log(1, "Could not fire event for cache %s: %s",
-			(*e)->ccache->name, krb5_get_err_text(context, ret));
-	    }
-	} else if ((*e)->expire_time && now >= (*e)->expire_time) {
-	    ret = kcm_remove_event_internal(context, e);
-	    if (ret) {
-		kcm_log(1, "Could not expire event for cache %s: %s",
-			(*e)->ccache->name, krb5_get_err_text(context, ret));
-	    }
-	}
-
-	if (*e == NULL)
-	    break;
-    }
-
-    last_run = now;
-
-    HEIMDAL_MUTEX_unlock(&events_mutex);
-
-    return 0;
-}
-
diff --git a/crypto/heimdal/kcm/glue.c b/crypto/heimdal/kcm/glue.c
deleted file mode 100644
index be217f344f4b..000000000000
--- a/crypto/heimdal/kcm/glue.c
+++ /dev/null
@@ -1,279 +0,0 @@
-/*
- * Copyright (c) 2005, PADL Software Pty Ltd.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of PADL Software nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kcm_locl.h"
-
-RCSID("$Id: glue.c 14566 2005-02-06 01:22:49Z lukeh $");
-
-/*
- * Server-side loopback glue for credentials cache operations; this
- * must be initialized with kcm_internal_ccache(), it is not for real
- * use. This entire file assumes the cache is locked, it does not do
- * any concurrency checking for multithread applications.
- */
-
-#define KCMCACHE(X)	((kcm_ccache)(X)->data.data)
-#define CACHENAME(X)	(KCMCACHE(X)->name)
-
-static const char *
-kcmss_get_name(krb5_context context,
-	       krb5_ccache id)
-{
-    return CACHENAME(id);
-}
-
-static krb5_error_code
-kcmss_resolve(krb5_context context, krb5_ccache *id, const char *res)
-{
-    return KRB5_FCC_INTERNAL;
-}
-
-static krb5_error_code
-kcmss_gen_new(krb5_context context, krb5_ccache *id)
-{
-    return KRB5_FCC_INTERNAL;
-}
-
-static krb5_error_code
-kcmss_initialize(krb5_context context,
-		 krb5_ccache id,
-		 krb5_principal primary_principal)
-{
-    krb5_error_code ret;
-    kcm_ccache c = KCMCACHE(id);
-
-    KCM_ASSERT_VALID(c);
-
-    ret = kcm_zero_ccache_data_internal(context, c);
-    if (ret)
-	return ret;
-
-    ret = krb5_copy_principal(context, primary_principal,
-			      &c->client);
-
-    return ret;
-}
-
-static krb5_error_code
-kcmss_close(krb5_context context,
-	    krb5_ccache id)
-{
-    kcm_ccache c = KCMCACHE(id);
-
-    KCM_ASSERT_VALID(c);
-
-    id->data.data = NULL;
-    id->data.length = 0;
-
-    return 0;
-}
-
-static krb5_error_code
-kcmss_destroy(krb5_context context,
-	      krb5_ccache id)
-{
-    krb5_error_code ret;
-    kcm_ccache c = KCMCACHE(id);
-
-    KCM_ASSERT_VALID(c);
-
-    ret = kcm_ccache_destroy(context, CACHENAME(id));
-
-    return ret;
-}
-
-static krb5_error_code
-kcmss_store_cred(krb5_context context,
-		 krb5_ccache id,
-		 krb5_creds *creds)
-{
-    krb5_error_code ret;
-    kcm_ccache c = KCMCACHE(id);
-    krb5_creds *tmp;
-
-    KCM_ASSERT_VALID(c);
-
-    ret = kcm_ccache_store_cred_internal(context, c, creds, 1, &tmp);
-
-    return ret;
-}
-
-static krb5_error_code
-kcmss_retrieve(krb5_context context,
-	       krb5_ccache id,
-	       krb5_flags which,
-	       const krb5_creds *mcred,
-	       krb5_creds *creds)
-{
-    krb5_error_code ret;
-    kcm_ccache c = KCMCACHE(id);
-    krb5_creds *credp;
-
-    KCM_ASSERT_VALID(c);
-
-    ret = kcm_ccache_retrieve_cred_internal(context, c, which,
-					    mcred, &credp);
-    if (ret)
-	return ret;
-
-    ret = krb5_copy_creds_contents(context, credp, creds);
-    if (ret)
-	return ret;
-
-    return 0;
-}
-
-static krb5_error_code
-kcmss_get_principal(krb5_context context,
-		    krb5_ccache id,
-		    krb5_principal *principal)
-{
-    krb5_error_code ret;
-    kcm_ccache c = KCMCACHE(id);
-
-    KCM_ASSERT_VALID(c);
-
-    ret = krb5_copy_principal(context, c->client,
-			      principal);
-
-    return ret;
-}
-
-static krb5_error_code
-kcmss_get_first (krb5_context context,
-		 krb5_ccache id,
-		 krb5_cc_cursor *cursor)
-{
-    kcm_ccache c = KCMCACHE(id);
-
-    KCM_ASSERT_VALID(c);
-
-    *cursor = c->creds;
-
-    return (*cursor == NULL) ? KRB5_CC_END : 0;
-}
-
-static krb5_error_code
-kcmss_get_next (krb5_context context,
-		krb5_ccache id,
-		krb5_cc_cursor *cursor,
-		krb5_creds *creds)
-{
-    krb5_error_code ret;
-    kcm_ccache c = KCMCACHE(id);
-
-    KCM_ASSERT_VALID(c);
-
-    ret = krb5_copy_creds_contents(context,
-				   &((struct kcm_creds *)cursor)->cred,
-				   creds);
-    if (ret)
-	return ret;
-
-    *cursor = ((struct kcm_creds *)cursor)->next;
-    if (*cursor == 0)
-	ret = KRB5_CC_END;
-
-    return ret;
-}
-
-static krb5_error_code
-kcmss_end_get (krb5_context context,
-	       krb5_ccache id,
-	       krb5_cc_cursor *cursor)
-{
-    *cursor = NULL;
-    return 0;
-}
-
-static krb5_error_code
-kcmss_remove_cred(krb5_context context,
-		  krb5_ccache id,
-		  krb5_flags which,
-		  krb5_creds *cred)
-{
-    krb5_error_code ret;
-    kcm_ccache c = KCMCACHE(id);
-
-    KCM_ASSERT_VALID(c);
-
-    ret = kcm_ccache_remove_cred_internal(context, c, which, cred);
-
-    return ret;
-}
-
-static krb5_error_code
-kcmss_set_flags(krb5_context context,
-		krb5_ccache id,
-		krb5_flags flags)
-{
-    return 0;
-}
-
-static krb5_error_code
-kcmss_get_version(krb5_context context,
-		  krb5_ccache id)
-{
-    return 0;
-}
-
-static const krb5_cc_ops krb5_kcmss_ops = {
-    "KCM",
-    kcmss_get_name,
-    kcmss_resolve,
-    kcmss_gen_new,
-    kcmss_initialize,
-    kcmss_destroy,
-    kcmss_close,
-    kcmss_store_cred,
-    kcmss_retrieve,
-    kcmss_get_principal,
-    kcmss_get_first,
-    kcmss_get_next,
-    kcmss_end_get,
-    kcmss_remove_cred,
-    kcmss_set_flags,
-    kcmss_get_version
-};
-
-krb5_error_code
-kcm_internal_ccache(krb5_context context,
-		    kcm_ccache c,
-		    krb5_ccache id)
-{
-    id->ops = &krb5_kcmss_ops;
-    id->data.length = sizeof(*c);
-    id->data.data = c;
-
-    return 0;
-}
-
diff --git a/crypto/heimdal/kcm/headers.h b/crypto/heimdal/kcm/headers.h
deleted file mode 100644
index 1042dd8d620d..000000000000
--- a/crypto/heimdal/kcm/headers.h
+++ /dev/null
@@ -1,89 +0,0 @@
-/*
- * Copyright (c) 2005, PADL Software Pty Ltd.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of PADL Software nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef __HEADERS_H__
-#define __HEADERS_H__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <limits.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include <signal.h>
-#include <stdarg.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_SYS_UN_H
-#include <sys/un.h>
-#endif
-#ifdef HAVE_SYS_UCRED_H
-#include <sys/ucred.h>
-#endif
-#ifdef HAVE_UTIL_H
-#include <util.h>
-#endif
-#ifdef HAVE_LIBUTIL_H
-#include <libutil.h>
-#endif
-#ifdef HAVE_GETPEERUCRED
-#include <ucred.h>
-#endif
-#ifdef HAVE_DOOR_CREATE
-#include <door.h>
-#include <alloca.h>
-#endif
-#include <err.h>
-#include <roken.h>
-#include <getarg.h>
-#include <base64.h>
-#include <parse_units.h>
-#include <krb5.h>
-#include <krb5_locl.h>
-
-#endif /* __HEADERS_H__ */
-
diff --git a/crypto/heimdal/kcm/kcm.8 b/crypto/heimdal/kcm/kcm.8
deleted file mode 100644
index 4a72eb382aa6..000000000000
--- a/crypto/heimdal/kcm/kcm.8
+++ /dev/null
@@ -1,224 +0,0 @@
-.\" Copyright (c) 2005 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\"
-.\" $Id: kcm.8 15497 2005-06-20 13:32:44Z lha $
-.\"
-.Dd May 29, 2005
-.Dt KCM 8
-.Os Heimdal
-.Sh NAME
-.Nm kcm
-.Nd
-is a process based credential cache for Kerberos tickets.
-.Sh SYNOPSIS
-.Nm
-.Op Fl -cache-name= Ns Ar cachename
-.Oo Fl c Ar file \*(Ba Xo
-.Fl -config-file= Ns Ar file
-.Xc
-.Oc
-.Oo Fl g Ar group \*(Ba Xo
-.Fl -group= Ns Ar group
-.Xc
-.Oc
-.Op Fl -max-request= Ns Ar size
-.Op Fl -disallow-getting-krbtgt
-.Op Fl -detach
-.Op Fl h | Fl -help
-.Oo Fl k Ar principal \*(Ba Xo
-.Fl -system-principal= Ns Ar principal
-.Xc
-.Oc
-.Oo Fl l Ar time \*(Ba Xo
-.Fl -lifetime= Ns Ar time
-.Xc
-.Oc
-.Oo Fl m Ar mode \*(Ba Xo
-.Fl -mode= Ns Ar mode
-.Xc
-.Oc
-.Op Fl n | Fl -no-name-constraints
-.Oo Fl r Ar time \*(Ba Xo
-.Fl -renewable-life= Ns Ar time
-.Xc
-.Oc
-.Oo Fl s Ar path \*(Ba Xo
-.Fl -socket-path= Ns Ar path
-.Xc
-.Oc
-.Oo Xo
-.Fl -door-path= Ns Ar path
-.Xc
-.Oc
-.Oo Fl S Ar principal \*(Ba Xo
-.Fl -server= Ns Ar principal
-.Xc
-.Oc
-.Oo Fl t Ar keytab \*(Ba Xo
-.Fl -keytab= Ns Ar keytab
-.Xc
-.Oc
-.Oo Fl u Ar user \*(Ba Xo
-.Fl -user= Ns Ar user
-.Xc
-.Oc
-.Op Fl v | Fl -version
-.Sh DESCRIPTION
-.Nm
-is a process based credential cache.
-To use it, set the
-.Ev KRB5CCNAME
-enviroment variable to
-.Ql KCM: Ns Ar uid
-or add the stanza
-.Bd -literal
-
-[libdefaults]
-        default_cc_name = KCM:%{uid}
-
-.Ed
-to the
-.Pa /etc/krb5.conf
-configuration file and make sure
-.Nm kcm
-is started in the system startup files.
-.Pp
-The
-.Nm
-daemon can hold the credentials for all users in the system.  Access
-control is done with Unix-like permissions.  The daemon checks the
-access on all operations based on the uid and gid of the user.  The
-tickets are renewed as long as is permitted by the KDC's policy.
-.Pp
-The
-.Nm
-daemon can also keep a SYSTEM credential that server processes can
-use to access services.  One example of usage might be an nss_ldap
-module that quickly needs to get credentials and doesn't want to renew
-the ticket itself. 
-.Pp
-Supported options:
-.Bl -tag -width Ds
-.It Xo
-.Fl -cache-name= Ns Ar cachename
-.Xc
-system cache name
-.It Xo
-.Fl c Ar file ,
-.Fl -config-file= Ns Ar file
-.Xc
-location of config file
-.It Xo
-.Fl g Ar group ,
-.Fl -group= Ns Ar group
-.Xc
-system cache group
-.It Xo
-.Fl -max-request= Ns Ar size
-.Xc
-max size for a kcm-request
-.It Xo
-.Fl -disallow-getting-krbtgt
-.Xc
-disallow extracting any krbtgt from the
-.Nm kcm
-daemon.
-.It Xo
-.Fl -detach
-.Xc
-detach from console
-.It Xo
-.Fl h ,
-.Fl -help
-.Xc
-.It Xo
-.Fl k Ar principal ,
-.Fl -system-principal= Ns Ar principal
-.Xc
-system principal name
-.It Xo
-.Fl l Ar time ,
-.Fl -lifetime= Ns Ar time
-.Xc
-lifetime of system tickets
-.It Xo
-.Fl m Ar mode ,
-.Fl -mode= Ns Ar mode
-.Xc
-octal mode of system cache
-.It Xo
-.Fl n ,
-.Fl -no-name-constraints
-.Xc
-disable credentials cache name constraints
-.It Xo
-.Fl r Ar time ,
-.Fl -renewable-life= Ns Ar time
-.Xc
-renewable lifetime of system tickets
-.It Xo
-.Fl s Ar path ,
-.Fl -socket-path= Ns Ar path
-.Xc
-path to kcm domain socket
-.It Xo
-.Fl -door-path= Ns Ar path
-.Xc
-path to kcm door socket
-.It Xo
-.Fl S Ar principal ,
-.Fl -server= Ns Ar principal
-.Xc
-server to get system ticket for
-.It Xo
-.Fl t Ar keytab ,
-.Fl -keytab= Ns Ar keytab
-.Xc
-system keytab name
-.It Xo
-.Fl u Ar user ,
-.Fl -user= Ns Ar user
-.Xc
-system cache owner
-.It Xo
-.Fl v ,
-.Fl -version
-.Xc
-.El
-.\".Sh ENVIRONMENT
-.\".Sh FILES
-.\".Sh EXAMPLES
-.\".Sh DIAGNOSTICS
-.\".Sh SEE ALSO
-.\".Sh STANDARDS
-.\".Sh HISTORY
-.\".Sh AUTHORS
-.\".Sh BUGS
diff --git a/crypto/heimdal/kcm/kcm_locl.h b/crypto/heimdal/kcm/kcm_locl.h
deleted file mode 100644
index 75e55ee0b3f8..000000000000
--- a/crypto/heimdal/kcm/kcm_locl.h
+++ /dev/null
@@ -1,173 +0,0 @@
-/*
- * Copyright (c) 2005, PADL Software Pty Ltd.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of PADL Software nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* 
- * $Id: kcm_locl.h 20470 2007-04-20 10:41:11Z lha $ 
- */
-
-#ifndef __KCM_LOCL_H__
-#define __KCM_LOCL_H__
-
-#include "headers.h"
-
-#include <kcm.h>
-
-#define KCM_LOG_REQUEST(_context, _client, _opcode)	do { \
-    kcm_log(1, "%s request by process %d/uid %d", \
-	    kcm_op2string(_opcode), (_client)->pid, (_client)->uid); \
-    } while (0)
-
-#define KCM_LOG_REQUEST_NAME(_context, _client, _opcode, _name)	do { \
-    kcm_log(1, "%s request for cache %s by process %d/uid %d", \
-	    kcm_op2string(_opcode), (_name), (_client)->pid, (_client)->uid); \
-    } while (0)
-
-/* Cache management */
-
-#define KCM_FLAGS_VALID			0x0001
-#define KCM_FLAGS_USE_KEYTAB		0x0002
-#define KCM_FLAGS_RENEWABLE		0x0004
-#define KCM_FLAGS_OWNER_IS_SYSTEM	0x0008
-#define KCM_FLAGS_USE_CACHED_KEY	0x0010
-
-#define KCM_MASK_KEY_PRESENT		( KCM_FLAGS_USE_KEYTAB | \
-					  KCM_FLAGS_USE_CACHED_KEY )
-
-struct kcm_ccache_data;
-struct kcm_creds;
-
-typedef struct kcm_cursor {
-    pid_t pid;
-    uint32_t key;
-    struct kcm_creds *credp;		/* pointer to next credential */ 
-    struct kcm_cursor *next;
-} kcm_cursor;
-
-typedef struct kcm_ccache_data {
-    char *name;
-    unsigned refcnt;
-    uint16_t flags;
-    uint16_t mode;
-    uid_t uid;
-    gid_t gid;
-    krb5_principal client; /* primary client principal */
-    krb5_principal server; /* primary server principal (TGS if NULL) */
-    struct kcm_creds {
-	krb5_creds cred; /* XXX would be useful for have ACLs on creds */
-	struct kcm_creds *next;
-    } *creds;
-    uint32_t n_cursor;
-    kcm_cursor *cursors;
-    krb5_deltat tkt_life;
-    krb5_deltat renew_life;
-    union {
-	krb5_keytab keytab;
-	krb5_keyblock keyblock;
-    } key;
-    HEIMDAL_MUTEX mutex;
-    struct kcm_ccache_data *next;
-} kcm_ccache_data;
-
-#define KCM_ASSERT_VALID(_ccache)		do { \
-    if (((_ccache)->flags & KCM_FLAGS_VALID) == 0) \
-	krb5_abortx(context, "kcm_free_ccache_data: ccache invalid"); \
-    else if ((_ccache)->refcnt == 0) \
-	krb5_abortx(context, "kcm_free_ccache_data: ccache refcnt == 0"); \
-    } while (0)
-
-typedef kcm_ccache_data *kcm_ccache;
-
-/* Event management */
-
-typedef struct kcm_event {
-    int valid;
-    time_t fire_time;
-    unsigned fire_count;
-    time_t expire_time;
-    time_t backoff_time;
-    enum {
-	KCM_EVENT_NONE = 0,
-	KCM_EVENT_ACQUIRE_CREDS,
-	KCM_EVENT_RENEW_CREDS,
-	KCM_EVENT_DESTROY_CREDS,
-	KCM_EVENT_DESTROY_EMPTY_CACHE
-    } action;
-    kcm_ccache ccache;
-    struct kcm_event *next;
-} kcm_event;
-
-/* wakeup interval for event queue */
-#define KCM_EVENT_QUEUE_INTERVAL		60
-#define KCM_EVENT_DEFAULT_BACKOFF_TIME		5
-#define KCM_EVENT_MAX_BACKOFF_TIME		(12 * 60 * 60)
-
-
-/* Request format is  LENGTH | MAJOR | MINOR | OPERATION | request */
-/* Response format is LENGTH | STATUS | response */
-
-typedef struct kcm_client {
-    pid_t pid;
-    uid_t uid;
-    gid_t gid;
-} kcm_client;
-
-#define CLIENT_IS_ROOT(client) ((client)->uid == 0)
-
-/* Dispatch table */
-/* passed in OPERATION | ... ; returns STATUS | ... */
-typedef krb5_error_code (*kcm_method)(krb5_context, kcm_client *, kcm_operation, krb5_storage *, krb5_storage *);
-
-struct kcm_op {
-    const char *name;
-    kcm_method method;
-};
-
-#define DEFAULT_LOG_DEST    "0/FILE:" LOCALSTATEDIR "/log/kcmd.log"
-#define _PATH_KCM_CONF	    SYSCONFDIR "/kcm.conf"
-
-extern krb5_context kcm_context;
-extern char *socket_path;
-extern char *door_path;
-extern size_t max_request;
-extern sig_atomic_t exit_flag;
-extern int name_constraints;
-extern int detach_from_console;
-extern int disallow_getting_krbtgt;
-
-#if 0
-extern const krb5_cc_ops krb5_kcmss_ops;
-#endif
-
-#include <kcm_protos.h>
-
-#endif /* __KCM_LOCL_H__ */
-
diff --git a/crypto/heimdal/kcm/kcm_protos.h b/crypto/heimdal/kcm/kcm_protos.h
deleted file mode 100644
index 0fcea7511f95..000000000000
--- a/crypto/heimdal/kcm/kcm_protos.h
+++ /dev/null
@@ -1,288 +0,0 @@
-/* This is a generated file */
-#ifndef __kcm_protos_h__
-#define __kcm_protos_h__
-
-#include <stdarg.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-krb5_error_code
-kcm_access (
-	krb5_context /*context*/,
-	kcm_client */*client*/,
-	kcm_operation /*opcode*/,
-	kcm_ccache /*ccache*/);
-
-krb5_error_code
-kcm_ccache_acquire (
-	krb5_context /*context*/,
-	kcm_ccache /*ccache*/,
-	krb5_creds **/*credp*/);
-
-krb5_error_code
-kcm_ccache_destroy (
-	krb5_context /*context*/,
-	const char */*name*/);
-
-krb5_error_code
-kcm_ccache_destroy_client (
-	krb5_context /*context*/,
-	kcm_client */*client*/,
-	const char */*name*/);
-
-krb5_error_code
-kcm_ccache_destroy_if_empty (
-	krb5_context /*context*/,
-	kcm_ccache /*ccache*/);
-
-krb5_error_code
-kcm_ccache_enqueue_default (
-	krb5_context /*context*/,
-	kcm_ccache /*ccache*/,
-	krb5_creds */*newcred*/);
-
-krb5_error_code
-kcm_ccache_gen_new (
-	krb5_context /*context*/,
-	pid_t /*pid*/,
-	uid_t /*uid*/,
-	gid_t /*gid*/,
-	kcm_ccache */*ccache*/);
-
-krb5_error_code
-kcm_ccache_new (
-	krb5_context /*context*/,
-	const char */*name*/,
-	kcm_ccache */*ccache*/);
-
-krb5_error_code
-kcm_ccache_new_client (
-	krb5_context /*context*/,
-	kcm_client */*client*/,
-	const char */*name*/,
-	kcm_ccache */*ccache_p*/);
-
-char *kcm_ccache_nextid (
-	pid_t /*pid*/,
-	uid_t /*uid*/,
-	gid_t /*gid*/);
-
-krb5_error_code
-kcm_ccache_refresh (
-	krb5_context /*context*/,
-	kcm_ccache /*ccache*/,
-	krb5_creds **/*credp*/);
-
-krb5_error_code
-kcm_ccache_remove_cred (
-	krb5_context /*context*/,
-	kcm_ccache /*ccache*/,
-	krb5_flags /*whichfields*/,
-	const krb5_creds */*mcreds*/);
-
-krb5_error_code
-kcm_ccache_remove_cred_internal (
-	krb5_context /*context*/,
-	kcm_ccache /*ccache*/,
-	krb5_flags /*whichfields*/,
-	const krb5_creds */*mcreds*/);
-
-krb5_error_code
-kcm_ccache_remove_creds (
-	krb5_context /*context*/,
-	kcm_ccache /*ccache*/);
-
-krb5_error_code
-kcm_ccache_remove_creds_internal (
-	krb5_context /*context*/,
-	kcm_ccache /*ccache*/);
-
-krb5_error_code
-kcm_ccache_resolve (
-	krb5_context /*context*/,
-	const char */*name*/,
-	kcm_ccache */*ccache*/);
-
-krb5_error_code
-kcm_ccache_resolve_client (
-	krb5_context /*context*/,
-	kcm_client */*client*/,
-	kcm_operation /*opcode*/,
-	const char */*name*/,
-	kcm_ccache */*ccache*/);
-
-krb5_error_code
-kcm_ccache_retrieve_cred (
-	krb5_context /*context*/,
-	kcm_ccache /*ccache*/,
-	krb5_flags /*whichfields*/,
-	const krb5_creds */*mcreds*/,
-	krb5_creds **/*credp*/);
-
-krb5_error_code
-kcm_ccache_retrieve_cred_internal (
-	krb5_context /*context*/,
-	kcm_ccache /*ccache*/,
-	krb5_flags /*whichfields*/,
-	const krb5_creds */*mcreds*/,
-	krb5_creds **/*creds*/);
-
-krb5_error_code
-kcm_ccache_store_cred (
-	krb5_context /*context*/,
-	kcm_ccache /*ccache*/,
-	krb5_creds */*creds*/,
-	int /*copy*/);
-
-krb5_error_code
-kcm_ccache_store_cred_internal (
-	krb5_context /*context*/,
-	kcm_ccache /*ccache*/,
-	krb5_creds */*creds*/,
-	int /*copy*/,
-	krb5_creds **/*credp*/);
-
-krb5_error_code
-kcm_chmod (
-	krb5_context /*context*/,
-	kcm_client */*client*/,
-	kcm_ccache /*ccache*/,
-	uint16_t /*mode*/);
-
-krb5_error_code
-kcm_chown (
-	krb5_context /*context*/,
-	kcm_client */*client*/,
-	kcm_ccache /*ccache*/,
-	uid_t /*uid*/,
-	gid_t /*gid*/);
-
-krb5_error_code
-kcm_cleanup_events (
-	krb5_context /*context*/,
-	kcm_ccache /*ccache*/);
-
-void
-kcm_configure (
-	int /*argc*/,
-	char **/*argv*/);
-
-krb5_error_code
-kcm_cursor_delete (
-	krb5_context /*context*/,
-	pid_t /*pid*/,
-	kcm_ccache /*ccache*/,
-	uint32_t /*key*/);
-
-krb5_error_code
-kcm_cursor_find (
-	krb5_context /*context*/,
-	pid_t /*pid*/,
-	kcm_ccache /*ccache*/,
-	uint32_t /*key*/,
-	kcm_cursor **/*cursor*/);
-
-krb5_error_code
-kcm_cursor_new (
-	krb5_context /*context*/,
-	pid_t /*pid*/,
-	kcm_ccache /*ccache*/,
-	uint32_t */*cursor*/);
-
-krb5_error_code
-kcm_debug_ccache (krb5_context /*context*/);
-
-krb5_error_code
-kcm_debug_events (krb5_context /*context*/);
-
-krb5_error_code
-kcm_dispatch (
-	krb5_context /*context*/,
-	kcm_client */*client*/,
-	krb5_data */*req_data*/,
-	krb5_data */*resp_data*/);
-
-krb5_error_code
-kcm_enqueue_event (
-	krb5_context /*context*/,
-	kcm_event */*event*/);
-
-krb5_error_code
-kcm_enqueue_event_internal (
-	krb5_context /*context*/,
-	kcm_event */*event*/);
-
-krb5_error_code
-kcm_enqueue_event_relative (
-	krb5_context /*context*/,
-	kcm_event */*event*/);
-
-krb5_error_code
-kcm_internal_ccache (
-	krb5_context /*context*/,
-	kcm_ccache /*c*/,
-	krb5_ccache /*id*/);
-
-void
-kcm_log (
-	int /*level*/,
-	const char */*fmt*/,
-	...);
-
-char*
-kcm_log_msg (
-	int /*level*/,
-	const char */*fmt*/,
-	...);
-
-char*
-kcm_log_msg_va (
-	int /*level*/,
-	const char */*fmt*/,
-	va_list /*ap*/);
-
-void
-kcm_loop (void);
-
-const char *kcm_op2string (kcm_operation /*opcode*/);
-
-void
-kcm_openlog (void);
-
-krb5_error_code
-kcm_release_ccache (
-	krb5_context /*context*/,
-	kcm_ccache */*ccache*/);
-
-krb5_error_code
-kcm_remove_event (
-	krb5_context /*context*/,
-	kcm_event */*event*/);
-
-krb5_error_code
-kcm_retain_ccache (
-	krb5_context /*context*/,
-	kcm_ccache /*ccache*/);
-
-krb5_error_code
-kcm_run_events (
-	krb5_context /*context*/,
-	time_t /*now*/);
-
-krb5_error_code
-kcm_zero_ccache_data (
-	krb5_context /*context*/,
-	kcm_ccache /*cache*/);
-
-krb5_error_code
-kcm_zero_ccache_data_internal (
-	krb5_context /*context*/,
-	kcm_ccache_data */*cache*/);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __kcm_protos_h__ */
diff --git a/crypto/heimdal/kcm/log.c b/crypto/heimdal/kcm/log.c
deleted file mode 100644
index 351782eba87d..000000000000
--- a/crypto/heimdal/kcm/log.c
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * Copyright (c) 1997, 1998, 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kcm_locl.h"
-
-RCSID("$Id: log.c 14566 2005-02-06 01:22:49Z lukeh $");
-
-static krb5_log_facility *logf;
-
-void
-kcm_openlog(void)
-{
-    char **s = NULL, **p;
-    krb5_initlog(kcm_context, "kcm", &logf);
-    s = krb5_config_get_strings(kcm_context, NULL, "kcm", "logging", NULL);
-    if(s == NULL)
-	s = krb5_config_get_strings(kcm_context, NULL, "logging", "kcm", NULL);
-    if(s){
-	for(p = s; *p; p++)
-	    krb5_addlog_dest(kcm_context, logf, *p);
-	krb5_config_free_strings(s);
-    }else
-	krb5_addlog_dest(kcm_context, logf, DEFAULT_LOG_DEST);
-    krb5_set_warn_dest(kcm_context, logf);
-}
-
-char*
-kcm_log_msg_va(int level, const char *fmt, va_list ap)
-{
-    char *msg;
-    krb5_vlog_msg(kcm_context, logf, &msg, level, fmt, ap);
-    return msg;
-}
-
-char*
-kcm_log_msg(int level, const char *fmt, ...)
-{
-    va_list ap;
-    char *s;
-    va_start(ap, fmt);
-    s = kcm_log_msg_va(level, fmt, ap);
-    va_end(ap);
-    return s;
-}
-
-void
-kcm_log(int level, const char *fmt, ...)
-{
-    va_list ap;
-    char *s;
-    va_start(ap, fmt);
-    s = kcm_log_msg_va(level, fmt, ap);
-    if(s) free(s);
-    va_end(ap);
-}
diff --git a/crypto/heimdal/kcm/main.c b/crypto/heimdal/kcm/main.c
deleted file mode 100644
index da88a2c653ce..000000000000
--- a/crypto/heimdal/kcm/main.c
+++ /dev/null
@@ -1,107 +0,0 @@
-/*
- * Copyright (c) 1997-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kcm_locl.h"
-
-RCSID("$Id: main.c 15298 2005-05-30 10:58:14Z lha $");
-
-sig_atomic_t exit_flag = 0;
-
-krb5_context kcm_context = NULL;
-
-static RETSIGTYPE
-sigterm(int sig)
-{
-    exit_flag = 1;
-}
-
-static RETSIGTYPE
-sigusr1(int sig)
-{
-    kcm_debug_ccache(kcm_context);
-}
-
-static RETSIGTYPE
-sigusr2(int sig)
-{
-    kcm_debug_events(kcm_context);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_error_code ret;
-    setprogname(argv[0]);
-
-    ret = krb5_init_context(&kcm_context);
-    if (ret) {
-	errx (1, "krb5_init_context failed: %d", ret);
-	return ret;
-    }
-
-    kcm_configure(argc, argv);
-    
-#ifdef HAVE_SIGACTION
-    {
-	struct sigaction sa;
-
-	sa.sa_flags = 0;
-	sa.sa_handler = sigterm;
-	sigemptyset(&sa.sa_mask);
-
-	sigaction(SIGINT, &sa, NULL);
-	sigaction(SIGTERM, &sa, NULL);
-
-	sa.sa_handler = sigusr1;
-	sigaction(SIGUSR1, &sa, NULL);
-
-	sa.sa_handler = sigusr2;
-	sigaction(SIGUSR2, &sa, NULL);
-
-	sa.sa_handler = SIG_IGN;
-	sigaction(SIGPIPE, &sa, NULL);
-    }
-#else
-    signal(SIGINT, sigterm);
-    signal(SIGTERM, sigterm);
-    signal(SIGUSR1, sigusr1);
-    signal(SIGUSR2, sigusr2);
-    signal(SIGPIPE, SIG_IGN);
-#endif
-    if (detach_from_console)
-	daemon(0, 0);
-    pidfile(NULL);
-    kcm_loop();
-    krb5_free_context(kcm_context);
-    return 0;
-}
diff --git a/crypto/heimdal/kcm/protocol.c b/crypto/heimdal/kcm/protocol.c
deleted file mode 100644
index bb3c6538f04c..000000000000
--- a/crypto/heimdal/kcm/protocol.c
+++ /dev/null
@@ -1,1046 +0,0 @@
-/*
- * Copyright (c) 2005, PADL Software Pty Ltd.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of PADL Software nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kcm_locl.h"
-
-RCSID("$Id: protocol.c 22112 2007-12-03 19:34:33Z lha $");
-
-static krb5_error_code
-kcm_op_noop(krb5_context context,
-	    kcm_client *client,
-	    kcm_operation opcode,
-	    krb5_storage *request,
-	    krb5_storage *response)
-{
-    KCM_LOG_REQUEST(context, client, opcode);
-
-    return 0;	
-}
-
-/*
- * Request:
- *	NameZ
- * Response:
- *	NameZ
- *
- */
-static krb5_error_code
-kcm_op_get_name(krb5_context context,
-		kcm_client *client,
-		kcm_operation opcode,
-		krb5_storage *request,
-		krb5_storage *response)
-
-{
-    krb5_error_code ret;
-    char *name = NULL;
-    kcm_ccache ccache;
-
-    ret = krb5_ret_stringz(request, &name);
-    if (ret)
-	return ret;
-
-    KCM_LOG_REQUEST_NAME(context, client, opcode, name);
-
-    ret = kcm_ccache_resolve_client(context, client, opcode,
-				    name, &ccache);
-    if (ret) {
-	free(name);
-	return ret;
-    }
-
-    ret = krb5_store_stringz(response, ccache->name);
-    if (ret) {
-	kcm_release_ccache(context, &ccache);
-	free(name);
-	return ret;
-    }
-
-    free(name);
-    kcm_release_ccache(context, &ccache);
-    return 0;
-}
-
-/*
- * Request:
- *	
- * Response:
- *	NameZ
- */
-static krb5_error_code
-kcm_op_gen_new(krb5_context context,
-	       kcm_client *client,
-	       kcm_operation opcode,
-	       krb5_storage *request,
-	       krb5_storage *response)
-{
-    krb5_error_code ret;
-    char *name;
-
-    KCM_LOG_REQUEST(context, client, opcode);
-
-    name = kcm_ccache_nextid(client->pid, client->uid, client->gid);
-    if (name == NULL) {
-	return KRB5_CC_NOMEM;
-    }
-
-    ret = krb5_store_stringz(response, name);
-    free(name);
-
-    return ret;
-}
-
-/*
- * Request:
- *	NameZ
- *	Principal
- *	
- * Response:
- *	
- */
-static krb5_error_code
-kcm_op_initialize(krb5_context context,
-		  kcm_client *client,
-		  kcm_operation opcode,
-		  krb5_storage *request,
-		  krb5_storage *response)
-{
-    kcm_ccache ccache;
-    krb5_principal principal;
-    krb5_error_code ret;
-    char *name;
-#if 0
-    kcm_event event;
-#endif
-
-    KCM_LOG_REQUEST(context, client, opcode);
-
-    ret = krb5_ret_stringz(request, &name);
-    if (ret)
-	return ret;
-
-    ret = krb5_ret_principal(request, &principal);
-    if (ret) {
-	free(name);
-	return ret;
-    }
-
-    ret = kcm_ccache_new_client(context, client, name, &ccache);
-    if (ret) {
-	free(name);
-	krb5_free_principal(context, principal);
-	return ret;
-    }
-
-    ccache->client = principal;
-
-    free(name);
-
-#if 0
-    /*
-     * Create a new credentials cache. To mitigate DoS attacks we will
-     * expire it in 30 minutes unless it has some credentials added
-     * to it
-     */
-
-    event.fire_time = 30 * 60;
-    event.expire_time = 0;
-    event.backoff_time = 0;
-    event.action = KCM_EVENT_DESTROY_EMPTY_CACHE;
-    event.ccache = ccache;
-
-    ret = kcm_enqueue_event_relative(context, &event);
-#endif
-
-    kcm_release_ccache(context, &ccache);
-
-    return ret;
-}
-
-/*
- * Request:
- *	NameZ
- *	
- * Response:
- *	
- */
-static krb5_error_code
-kcm_op_destroy(krb5_context context,
-	       kcm_client *client,
-	       kcm_operation opcode,
-	       krb5_storage *request,
-	       krb5_storage *response)
-{
-    krb5_error_code ret;
-    char *name;
-
-    ret = krb5_ret_stringz(request, &name);
-    if (ret)
-	return ret;
-
-    KCM_LOG_REQUEST_NAME(context, client, opcode, name);
-
-    ret = kcm_ccache_destroy_client(context, client, name);
-
-    free(name);
-
-    return ret;
-}
-
-/*
- * Request:
- *	NameZ
- *	Creds
- *	
- * Response:
- *	
- */
-static krb5_error_code
-kcm_op_store(krb5_context context,
-	     kcm_client *client,
-	     kcm_operation opcode,
-	     krb5_storage *request,
-	     krb5_storage *response)
-{
-    krb5_creds creds;
-    krb5_error_code ret;
-    kcm_ccache ccache;
-    char *name;
-
-    ret = krb5_ret_stringz(request, &name);
-    if (ret)
-	return ret;
-
-    KCM_LOG_REQUEST_NAME(context, client, opcode, name);
-
-    ret = krb5_ret_creds(request, &creds);
-    if (ret) {
-	free(name);
-	return ret;
-    }
-
-    ret = kcm_ccache_resolve_client(context, client, opcode,
-				    name, &ccache);
-    if (ret) {
-	free(name);
-	krb5_free_cred_contents(context, &creds);
-	return ret;
-    }
-
-    ret = kcm_ccache_store_cred(context, ccache, &creds, 0);
-    if (ret) {
-	free(name);
-	krb5_free_cred_contents(context, &creds);
-	kcm_release_ccache(context, &ccache);
-	return ret;
-    }
-
-    kcm_ccache_enqueue_default(context, ccache, &creds);
-
-    free(name);
-    kcm_release_ccache(context, &ccache);
-
-    return 0;
-}
-
-/*
- * Request:
- *	NameZ
- *	WhichFields
- *	MatchCreds
- *
- * Response:
- *	Creds
- *	
- */
-static krb5_error_code
-kcm_op_retrieve(krb5_context context,
-		kcm_client *client,
-		kcm_operation opcode,
-		krb5_storage *request,
-		krb5_storage *response)
-{
-    uint32_t flags;
-    krb5_creds mcreds;
-    krb5_error_code ret;
-    kcm_ccache ccache;
-    char *name;
-    krb5_creds *credp;
-    int free_creds = 0;
-
-    ret = krb5_ret_stringz(request, &name);
-    if (ret)
-	return ret;
-
-    KCM_LOG_REQUEST_NAME(context, client, opcode, name);
-
-    ret = krb5_ret_uint32(request, &flags);
-    if (ret) {
-	free(name);
-	return ret;
-    }
-
-    ret = krb5_ret_creds_tag(request, &mcreds);
-    if (ret) {
-	free(name);
-	return ret;
-    }
-
-    if (disallow_getting_krbtgt &&
-	mcreds.server->name.name_string.len == 2 &&
-	strcmp(mcreds.server->name.name_string.val[0], KRB5_TGS_NAME) == 0)
-    {
-	free(name);
-	krb5_free_cred_contents(context, &mcreds);
-	return KRB5_FCC_PERM;
-    }
-
-    ret = kcm_ccache_resolve_client(context, client, opcode,
-				    name, &ccache);
-    if (ret) {
-	free(name);
-	krb5_free_cred_contents(context, &mcreds);
-	return ret;
-    }
-
-    ret = kcm_ccache_retrieve_cred(context, ccache, flags,
-				   &mcreds, &credp);
-    if (ret && ((flags & KRB5_GC_CACHED) == 0)) {
-	krb5_ccache_data ccdata;
-
-	/* try and acquire */
-	HEIMDAL_MUTEX_lock(&ccache->mutex);
-
-	/* Fake up an internal ccache */
-	kcm_internal_ccache(context, ccache, &ccdata);
-
-	/* glue cc layer will store creds */
-	ret = krb5_get_credentials(context, 0, &ccdata, &mcreds, &credp);
-	if (ret == 0)
-	    free_creds = 1;
-
-	HEIMDAL_MUTEX_unlock(&ccache->mutex);
-    }
-
-    if (ret == 0) {
-	ret = krb5_store_creds(response, credp);
-    }
-
-    free(name);
-    krb5_free_cred_contents(context, &mcreds);
-    kcm_release_ccache(context, &ccache);
-
-    if (free_creds)
-	krb5_free_cred_contents(context, credp);
-
-    return ret;
-}
-
-/*
- * Request:
- *	NameZ
- *
- * Response:
- *	Principal
- */
-static krb5_error_code
-kcm_op_get_principal(krb5_context context,
-		     kcm_client *client,
-		     kcm_operation opcode,
-		     krb5_storage *request,
-		     krb5_storage *response)
-{
-    krb5_error_code ret;
-    kcm_ccache ccache;
-    char *name;
-
-    ret = krb5_ret_stringz(request, &name);
-    if (ret)
-	return ret;
-
-    KCM_LOG_REQUEST_NAME(context, client, opcode, name);
-
-    ret = kcm_ccache_resolve_client(context, client, opcode,
-				    name, &ccache);
-    if (ret) {
-	free(name);
-	return ret;
-    }
-
-    if (ccache->client == NULL)
-	ret = KRB5_CC_NOTFOUND;
-    else
-	ret = krb5_store_principal(response, ccache->client);
-
-    free(name);
-    kcm_release_ccache(context, &ccache);
-
-    return 0;
-}
-
-/*
- * Request:
- *	NameZ
- *
- * Response:
- *	Cursor
- *	
- */
-static krb5_error_code
-kcm_op_get_first(krb5_context context,
-		 kcm_client *client,
-		 kcm_operation opcode,
-		 krb5_storage *request,
-		 krb5_storage *response)
-{
-    krb5_error_code ret;
-    kcm_ccache ccache;
-    uint32_t cursor;
-    char *name;
-
-    ret = krb5_ret_stringz(request, &name);
-    if (ret)
-	return ret;
-
-    KCM_LOG_REQUEST_NAME(context, client, opcode, name);
-
-    ret = kcm_ccache_resolve_client(context, client, opcode,
-				    name, &ccache);
-    if (ret) {
-	free(name);
-	return ret;
-    }
-
-    ret = kcm_cursor_new(context, client->pid, ccache, &cursor);
-    if (ret) {
-	kcm_release_ccache(context, &ccache);
-	free(name);
-	return ret;
-    }
-
-    ret = krb5_store_int32(response, cursor);
-
-    free(name);
-    kcm_release_ccache(context, &ccache);
-
-    return ret;
-}
-
-/*
- * Request:
- *	NameZ
- *	Cursor
- *
- * Response:
- *	Creds
- */
-static krb5_error_code
-kcm_op_get_next(krb5_context context,
-		kcm_client *client,
-		kcm_operation opcode,
-		krb5_storage *request,
-		krb5_storage *response)
-{
-    krb5_error_code ret;
-    kcm_ccache ccache;
-    char *name;
-    uint32_t cursor;
-    kcm_cursor *c;
-
-    ret = krb5_ret_stringz(request, &name);
-    if (ret)
-	return ret;
-
-    KCM_LOG_REQUEST_NAME(context, client, opcode, name);
-
-    ret = krb5_ret_uint32(request, &cursor);
-    if (ret) {
-	free(name);
-	return ret;
-    }
-
-    ret = kcm_ccache_resolve_client(context, client, opcode,
-				    name, &ccache);
-    if (ret) {
-	free(name);
-	return ret;
-    }
-
-    ret = kcm_cursor_find(context, client->pid, ccache, cursor, &c);
-    if (ret) {
-	kcm_release_ccache(context, &ccache);
-	free(name);
-	return ret;
-    }
-
-    HEIMDAL_MUTEX_lock(&ccache->mutex);
-    if (c->credp == NULL) {
-	ret = KRB5_CC_END;
-    } else {
-	ret = krb5_store_creds(response, &c->credp->cred);
-	c->credp = c->credp->next;
-    }
-    HEIMDAL_MUTEX_unlock(&ccache->mutex);
-
-    free(name);
-    kcm_release_ccache(context, &ccache);
-
-    return ret;
-}
-
-/*
- * Request:
- *	NameZ
- *	Cursor
- *
- * Response:
- *	
- */
-static krb5_error_code
-kcm_op_end_get(krb5_context context,
-	       kcm_client *client,
-	       kcm_operation opcode,
-	       krb5_storage *request,
-	       krb5_storage *response)
-{
-    krb5_error_code ret;
-    kcm_ccache ccache;
-    uint32_t cursor;
-    char *name;
-
-    ret = krb5_ret_stringz(request, &name);
-    if (ret)
-	return ret;
-
-    KCM_LOG_REQUEST_NAME(context, client, opcode, name);
-
-    ret = krb5_ret_uint32(request, &cursor);
-    if (ret) {
-	free(name);
-	return ret;
-    }
-
-    ret = kcm_ccache_resolve_client(context, client, opcode,
-				    name, &ccache);
-    if (ret) {
-	free(name);
-	return ret;
-    }
-
-    ret = kcm_cursor_delete(context, client->pid, ccache, cursor);
-
-    free(name);
-    kcm_release_ccache(context, &ccache);
-
-    return ret;
-}
-
-/*
- * Request:
- *	NameZ
- *	WhichFields
- *	MatchCreds
- *
- * Response:
- *	
- */
-static krb5_error_code
-kcm_op_remove_cred(krb5_context context,
-		   kcm_client *client,
-		   kcm_operation opcode,
-		   krb5_storage *request,
-		   krb5_storage *response)
-{
-    uint32_t whichfields;
-    krb5_creds mcreds;
-    krb5_error_code ret;
-    kcm_ccache ccache;
-    char *name;
-
-    ret = krb5_ret_stringz(request, &name);
-    if (ret)
-	return ret;
-
-    KCM_LOG_REQUEST_NAME(context, client, opcode, name);
-
-    ret = krb5_ret_uint32(request, &whichfields);
-    if (ret) {
-	free(name);
-	return ret;
-    }
-
-    ret = krb5_ret_creds_tag(request, &mcreds);
-    if (ret) {
-	free(name);
-	return ret;
-    }
-
-    ret = kcm_ccache_resolve_client(context, client, opcode,
-				    name, &ccache);
-    if (ret) {
-	free(name);
-	krb5_free_cred_contents(context, &mcreds);
-	return ret;
-    }
-
-    ret = kcm_ccache_remove_cred(context, ccache, whichfields, &mcreds);
-
-    /* XXX need to remove any events that match */
-
-    free(name);
-    krb5_free_cred_contents(context, &mcreds);
-    kcm_release_ccache(context, &ccache);
-
-    return ret;
-}
-
-/*
- * Request:
- *	NameZ
- *	Flags
- *
- * Response:
- *	
- */
-static krb5_error_code
-kcm_op_set_flags(krb5_context context,
-		 kcm_client *client,
-		 kcm_operation opcode,
-		 krb5_storage *request,
-		 krb5_storage *response)
-{
-    uint32_t flags;
-    krb5_error_code ret;
-    kcm_ccache ccache;
-    char *name;
-
-    ret = krb5_ret_stringz(request, &name);
-    if (ret)
-	return ret;
-
-    KCM_LOG_REQUEST_NAME(context, client, opcode, name);
-
-    ret = krb5_ret_uint32(request, &flags);
-    if (ret) {
-	free(name);
-	return ret;
-    }
-
-    ret = kcm_ccache_resolve_client(context, client, opcode,
-				    name, &ccache);
-    if (ret) {
-	free(name);
-	return ret;
-    }
-
-    /* we don't really support any flags yet */
-    free(name);
-    kcm_release_ccache(context, &ccache);
-
-    return 0;
-}
-
-/*
- * Request:
- *	NameZ
- *	UID
- *	GID
- *
- * Response:
- *	
- */
-static krb5_error_code
-kcm_op_chown(krb5_context context,
-	     kcm_client *client,
-	     kcm_operation opcode,
-	     krb5_storage *request,
-	     krb5_storage *response)
-{
-    uint32_t uid;
-    uint32_t gid;
-    krb5_error_code ret;
-    kcm_ccache ccache;
-    char *name;
-
-    ret = krb5_ret_stringz(request, &name);
-    if (ret)
-	return ret;
-
-    KCM_LOG_REQUEST_NAME(context, client, opcode, name);
-
-    ret = krb5_ret_uint32(request, &uid);
-    if (ret) {
-	free(name);
-	return ret;
-    }
-
-    ret = krb5_ret_uint32(request, &gid);
-    if (ret) {
-	free(name);
-	return ret;
-    }
-
-    ret = kcm_ccache_resolve_client(context, client, opcode,
-				    name, &ccache);
-    if (ret) {
-	free(name);
-	return ret;
-    }
-
-    ret = kcm_chown(context, client, ccache, uid, gid);
-
-    free(name);
-    kcm_release_ccache(context, &ccache);
-
-    return ret;
-}
-
-/*
- * Request:
- *	NameZ
- *	Mode
- *
- * Response:
- *	
- */
-static krb5_error_code
-kcm_op_chmod(krb5_context context,
-	     kcm_client *client,
-	     kcm_operation opcode,
-	     krb5_storage *request,
-	     krb5_storage *response)
-{
-    uint16_t mode;
-    krb5_error_code ret;
-    kcm_ccache ccache;
-    char *name;
-
-    ret = krb5_ret_stringz(request, &name);
-    if (ret)
-	return ret;
-
-    KCM_LOG_REQUEST_NAME(context, client, opcode, name);
-
-    ret = krb5_ret_uint16(request, &mode);
-    if (ret) {
-	free(name);
-	return ret;
-    }
-
-    ret = kcm_ccache_resolve_client(context, client, opcode,
-				    name, &ccache);
-    if (ret) {
-	free(name);
-	return ret;
-    }
-
-    ret = kcm_chmod(context, client, ccache, mode);
-
-    free(name);
-    kcm_release_ccache(context, &ccache);
-
-    return ret;
-}
-
-/*
- * Protocol extensions for moving ticket acquisition responsibility
- * from client to KCM follow.
- */
-
-/*
- * Request:
- *	NameZ
- *	ServerPrincipalPresent
- *	ServerPrincipal OPTIONAL
- *	Key
- *
- * Repsonse:
- *
- */
-static krb5_error_code
-kcm_op_get_initial_ticket(krb5_context context,
-			  kcm_client *client,
-			  kcm_operation opcode,
-			  krb5_storage *request,
-			  krb5_storage *response)
-{
-    krb5_error_code ret;
-    kcm_ccache ccache;
-    char *name;
-    int8_t not_tgt = 0;
-    krb5_principal server = NULL;
-    krb5_keyblock key;
-
-    krb5_keyblock_zero(&key);
-
-    ret = krb5_ret_stringz(request, &name);
-    if (ret)
-	return ret;
-
-    KCM_LOG_REQUEST_NAME(context, client, opcode, name);
-
-    ret = krb5_ret_int8(request, &not_tgt);
-    if (ret) {
-	free(name);
-	return ret;
-    }
-
-    if (not_tgt) {
-	ret = krb5_ret_principal(request, &server);
-	if (ret) {
-	    free(name);
-	    return ret;
-	}
-    }
-
-    ret = krb5_ret_keyblock(request, &key);
-    if (ret) {
-	free(name);
-	if (server != NULL)
-	    krb5_free_principal(context, server);
-	return ret;
-    }
-
-    ret = kcm_ccache_resolve_client(context, client, opcode,
-				    name, &ccache);
-    if (ret == 0) {
-	HEIMDAL_MUTEX_lock(&ccache->mutex);
-
-	if (ccache->server != NULL) {
-	    krb5_free_principal(context, ccache->server);
-	    ccache->server = NULL;
-	}
-
-	krb5_free_keyblock(context, &ccache->key.keyblock);
-
-	ccache->server = server;
-	ccache->key.keyblock = key;
-    	ccache->flags |= KCM_FLAGS_USE_CACHED_KEY;
-
-	ret = kcm_ccache_enqueue_default(context, ccache, NULL);
-	if (ret) {
-	    ccache->server = NULL;
-	    krb5_keyblock_zero(&ccache->key.keyblock);
-	    ccache->flags &= ~(KCM_FLAGS_USE_CACHED_KEY);
-	}
-
-	HEIMDAL_MUTEX_unlock(&ccache->mutex);
-    }
-
-    free(name);
-
-    if (ret != 0) {
-	krb5_free_principal(context, server);
-	krb5_free_keyblock(context, &key);
-    }
-
-    kcm_release_ccache(context, &ccache);
-
-    return ret;
-}
-
-/*
- * Request:
- *	NameZ
- *	ServerPrincipal
- *	KDCFlags
- *	EncryptionType
- *
- * Repsonse:
- *
- */
-static krb5_error_code
-kcm_op_get_ticket(krb5_context context,
-		  kcm_client *client,
-		  kcm_operation opcode,
-		  krb5_storage *request,
-		  krb5_storage *response)
-{
-    krb5_error_code ret;
-    kcm_ccache ccache;
-    char *name;
-    krb5_principal server = NULL;
-    krb5_ccache_data ccdata;
-    krb5_creds in, *out;
-    krb5_kdc_flags flags;
-
-    memset(&in, 0, sizeof(in));
-
-    ret = krb5_ret_stringz(request, &name);
-    if (ret)
-	return ret;
-
-    KCM_LOG_REQUEST_NAME(context, client, opcode, name);
-
-    ret = krb5_ret_uint32(request, &flags.i);
-    if (ret) {
-	free(name);
-	return ret;
-    }
-
-    ret = krb5_ret_int32(request, &in.session.keytype);
-    if (ret) {
-	free(name);
-	return ret;
-    }
-
-    ret = krb5_ret_principal(request, &server);
-    if (ret) {
-	free(name);
-	return ret;
-    }
-
-    ret = kcm_ccache_resolve_client(context, client, opcode,
-				    name, &ccache);
-    if (ret) {
-	krb5_free_principal(context, server);
-	free(name);
-	return ret;
-    }
- 
-    HEIMDAL_MUTEX_lock(&ccache->mutex);
-
-    /* Fake up an internal ccache */
-    kcm_internal_ccache(context, ccache, &ccdata);
-
-    in.client = ccache->client;
-    in.server = server;
-    in.times.endtime = 0;
-
-    /* glue cc layer will store creds */
-    ret = krb5_get_credentials_with_flags(context, 0, flags,
-					  &ccdata, &in, &out);
-
-    HEIMDAL_MUTEX_unlock(&ccache->mutex);
-
-    if (ret == 0)
-	krb5_free_cred_contents(context, out);
-
-    free(name);
-
-    return ret;
-}
-
-static struct kcm_op kcm_ops[] = {
-    { "NOOP", 			kcm_op_noop },
-    { "GET_NAME",		kcm_op_get_name },
-    { "RESOLVE",		kcm_op_noop },
-    { "GEN_NEW", 		kcm_op_gen_new },
-    { "INITIALIZE",		kcm_op_initialize },
-    { "DESTROY",		kcm_op_destroy },
-    { "STORE",			kcm_op_store },
-    { "RETRIEVE",		kcm_op_retrieve },
-    { "GET_PRINCIPAL",		kcm_op_get_principal },
-    { "GET_FIRST",		kcm_op_get_first },
-    { "GET_NEXT",		kcm_op_get_next },
-    { "END_GET",		kcm_op_end_get },
-    { "REMOVE_CRED",		kcm_op_remove_cred },
-    { "SET_FLAGS",		kcm_op_set_flags },
-    { "CHOWN",			kcm_op_chown },
-    { "CHMOD",			kcm_op_chmod },
-    { "GET_INITIAL_TICKET",	kcm_op_get_initial_ticket },
-    { "GET_TICKET",		kcm_op_get_ticket }
-};
-
-
-const char *kcm_op2string(kcm_operation opcode)
-{
-    if (opcode >= sizeof(kcm_ops)/sizeof(kcm_ops[0]))
-	return "Unknown operation";
-
-    return kcm_ops[opcode].name;
-}
-
-krb5_error_code
-kcm_dispatch(krb5_context context,
-	     kcm_client *client,
-	     krb5_data *req_data,
-	     krb5_data *resp_data)
-{
-    krb5_error_code ret;
-    kcm_method method;
-    krb5_storage *req_sp = NULL;
-    krb5_storage *resp_sp = NULL;
-    uint16_t opcode;
-
-    resp_sp = krb5_storage_emem();
-    if (resp_sp == NULL) {
-	return ENOMEM;
-    }
-
-    if (client->pid == -1) {
-	kcm_log(0, "Client had invalid process number");
-	ret = KRB5_FCC_INTERNAL;
-	goto out;
-    }
-
-    req_sp = krb5_storage_from_data(req_data);
-    if (req_sp == NULL) {
-	kcm_log(0, "Process %d: failed to initialize storage from data",
-		client->pid);
-	ret = KRB5_CC_IO;
-	goto out;
-    }
-
-    ret = krb5_ret_uint16(req_sp, &opcode);
-    if (ret) {
-	kcm_log(0, "Process %d: didn't send a message", client->pid);
-	goto out;
-    }
-
-    if (opcode >= sizeof(kcm_ops)/sizeof(kcm_ops[0])) {
-	kcm_log(0, "Process %d: invalid operation code %d",
-		client->pid, opcode);
-	ret = KRB5_FCC_INTERNAL;
-	goto out;
-    }
-    method = kcm_ops[opcode].method;
-
-    /* seek past place for status code */
-    krb5_storage_seek(resp_sp, 4, SEEK_SET);
-
-    ret = (*method)(context, client, opcode, req_sp, resp_sp);
-
-out:
-    if (req_sp != NULL) {
-	krb5_storage_free(req_sp);
-    }
-
-    krb5_storage_seek(resp_sp, 0, SEEK_SET);
-    krb5_store_int32(resp_sp, ret);
-
-    ret = krb5_storage_to_data(resp_sp, resp_data);
-    krb5_storage_free(resp_sp);
-
-    return ret;
-}
-
diff --git a/crypto/heimdal/kcm/renew.c b/crypto/heimdal/kcm/renew.c
deleted file mode 100644
index 945020913503..000000000000
--- a/crypto/heimdal/kcm/renew.c
+++ /dev/null
@@ -1,124 +0,0 @@
-/*
- * Copyright (c) 2005, PADL Software Pty Ltd.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of PADL Software nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kcm_locl.h"
-
-RCSID("$Id: renew.c 14566 2005-02-06 01:22:49Z lukeh $");
-
-krb5_error_code
-kcm_ccache_refresh(krb5_context context,
-		   kcm_ccache ccache,
-		   krb5_creds **credp)
-{
-    krb5_error_code ret;
-    krb5_creds in, *out;
-    krb5_kdc_flags flags;
-    krb5_const_realm realm;
-    krb5_ccache_data ccdata;
-
-    memset(&in, 0, sizeof(in));
-
-    KCM_ASSERT_VALID(ccache);
-
-    if (ccache->client == NULL) {
-	/* no primary principal */
-	kcm_log(0, "Refresh credentials requested but no client principal");
-	return KRB5_CC_NOTFOUND;
-    }
-
-    HEIMDAL_MUTEX_lock(&ccache->mutex);
-
-    /* Fake up an internal ccache */
-    kcm_internal_ccache(context, ccache, &ccdata);
-
-    /* Find principal */
-    in.client = ccache->client;
-
-    if (ccache->server != NULL) {
-	ret = krb5_copy_principal(context, ccache->server, &in.server);
-	if (ret) {
-	    kcm_log(0, "Failed to copy service principal: %s",
-		    krb5_get_err_text(context, ret));
-	    goto out;
-	}
-    } else {
-	realm = krb5_principal_get_realm(context, in.client);
-	ret = krb5_make_principal(context, &in.server, realm,
-				  KRB5_TGS_NAME, realm, NULL);
-	if (ret) {
-	    kcm_log(0, "Failed to make TGS principal for realm %s: %s",
-		    realm, krb5_get_err_text(context, ret));
-	    goto out;
-	}
-    }
-
-    if (ccache->tkt_life)
-	in.times.endtime = time(NULL) + ccache->tkt_life;
-    if (ccache->renew_life)
-	in.times.renew_till = time(NULL) + ccache->renew_life;
-
-    flags.i = 0;
-    flags.b.renewable = TRUE;
-    flags.b.renew = TRUE;
-
-    ret = krb5_get_kdc_cred(context,
-			    &ccdata,
-			    flags,
-			    NULL,
-			    NULL,
-			    &in,
-			    &out);
-    if (ret) {
-	kcm_log(0, "Failed to renew credentials for cache %s: %s",
-		ccache->name, krb5_get_err_text(context, ret));
-	goto out;
-    }
-
-    /* Swap them in */
-    kcm_ccache_remove_creds_internal(context, ccache);
-
-    ret = kcm_ccache_store_cred_internal(context, ccache, out, 0, credp);
-    if (ret) {
-	kcm_log(0, "Failed to store credentials for cache %s: %s",
-		ccache->name, krb5_get_err_text(context, ret));
-	krb5_free_creds(context, out);
-	goto out;
-    }
-
-    free(out); /* but not contents */
-
-out:
-    HEIMDAL_MUTEX_unlock(&ccache->mutex);
-
-    return ret;
-}
-
diff --git a/crypto/heimdal/kdc/524.c b/crypto/heimdal/kdc/524.c
deleted file mode 100644
index 3e4ad292537b..000000000000
--- a/crypto/heimdal/kdc/524.c
+++ /dev/null
@@ -1,400 +0,0 @@
-/*
- * Copyright (c) 1997-2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kdc_locl.h"
-
-RCSID("$Id: 524.c 18270 2006-10-06 17:06:30Z lha $");
-
-#include <krb5-v4compat.h>
-
-/*
- * fetch the server from `t', returning the name in malloced memory in
- * `spn' and the entry itself in `server'
- */
-
-static krb5_error_code
-fetch_server (krb5_context context, 
-	      krb5_kdc_configuration *config,
-	      const Ticket *t,
-	      char **spn,
-	      hdb_entry_ex **server,
-	      const char *from)
-{
-    krb5_error_code ret;
-    krb5_principal sprinc;
-
-    ret = _krb5_principalname2krb5_principal(context, &sprinc,
-					     t->sname, t->realm);
-    if (ret) {
-	kdc_log(context, config, 0, "_krb5_principalname2krb5_principal: %s",
-		krb5_get_err_text(context, ret));
-	return ret;
-    }
-    ret = krb5_unparse_name(context, sprinc, spn);
-    if (ret) {
-	krb5_free_principal(context, sprinc);
-	kdc_log(context, config, 0, "krb5_unparse_name: %s",
-		krb5_get_err_text(context, ret));
-	return ret;
-    }
-    ret = _kdc_db_fetch(context, config, sprinc, HDB_F_GET_SERVER, 
-			NULL, server);
-    krb5_free_principal(context, sprinc);
-    if (ret) {
-	kdc_log(context, config, 0,
-	"Request to convert ticket from %s for unknown principal %s: %s",
-		from, *spn, krb5_get_err_text(context, ret));
-	if (ret == HDB_ERR_NOENTRY)
-	    ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
-	return ret;
-    }
-    return 0;
-}
-
-static krb5_error_code
-log_524 (krb5_context context, 
-	 krb5_kdc_configuration *config,
-	 const EncTicketPart *et,
-	 const char *from,
-	 const char *spn)
-{
-    krb5_principal client;
-    char *cpn;
-    krb5_error_code ret;
-
-    ret = _krb5_principalname2krb5_principal(context, &client, 
-					     et->cname, et->crealm);
-    if (ret) {
-	kdc_log(context, config, 0, "_krb5_principalname2krb5_principal: %s",
-		krb5_get_err_text (context, ret));
-	return ret;
-    }
-    ret = krb5_unparse_name(context, client, &cpn);
-    if (ret) {
-	krb5_free_principal(context, client);
-	kdc_log(context, config, 0, "krb5_unparse_name: %s",
-		krb5_get_err_text (context, ret));
-	return ret;
-    }
-    kdc_log(context, config, 1, "524-REQ %s from %s for %s", cpn, from, spn);
-    free(cpn);
-    krb5_free_principal(context, client);
-    return 0;
-}
-
-static krb5_error_code
-verify_flags (krb5_context context, 
-	      krb5_kdc_configuration *config,
-	      const EncTicketPart *et,
-	      const char *spn)
-{
-    if(et->endtime < kdc_time){
-	kdc_log(context, config, 0, "Ticket expired (%s)", spn);
-	return KRB5KRB_AP_ERR_TKT_EXPIRED;
-    }
-    if(et->flags.invalid){
-	kdc_log(context, config, 0, "Ticket not valid (%s)", spn);
-	return KRB5KRB_AP_ERR_TKT_NYV;
-    }
-    return 0;
-}
-
-/*
- * set the `et->caddr' to the most appropriate address to use, where
- * `addr' is the address the request was received from.
- */
-
-static krb5_error_code
-set_address (krb5_context context, 
-	     krb5_kdc_configuration *config,
-	     EncTicketPart *et,
-	     struct sockaddr *addr,
-	     const char *from)
-{
-    krb5_error_code ret;
-    krb5_address *v4_addr;
-
-    v4_addr = malloc (sizeof(*v4_addr));
-    if (v4_addr == NULL)
-	return ENOMEM;
-
-    ret = krb5_sockaddr2address(context, addr, v4_addr);
-    if(ret) {
-	free (v4_addr);
-	kdc_log(context, config, 0, "Failed to convert address (%s)", from);
-	return ret;
-    }
-	    
-    if (et->caddr && !krb5_address_search (context, v4_addr, et->caddr)) {
-	kdc_log(context, config, 0, "Incorrect network address (%s)", from);
-	krb5_free_address(context, v4_addr);
-	free (v4_addr);
-	return KRB5KRB_AP_ERR_BADADDR;
-    }
-    if(v4_addr->addr_type == KRB5_ADDRESS_INET) {
-	/* we need to collapse the addresses in the ticket to a
-	   single address; best guess is to use the address the
-	   connection came from */
-	
-	if (et->caddr != NULL) {
-	    free_HostAddresses(et->caddr);
-	} else {
-	    et->caddr = malloc (sizeof (*et->caddr));
-	    if (et->caddr == NULL) {
-		krb5_free_address(context, v4_addr);
-		free(v4_addr);
-		return ENOMEM;
-	    }
-	}
-	et->caddr->val = v4_addr;
-	et->caddr->len = 1;
-    } else {
-	krb5_free_address(context, v4_addr);
-	free(v4_addr);
-    }
-    return 0;
-}
-
-
-static krb5_error_code
-encrypt_v4_ticket(krb5_context context, 
-		  krb5_kdc_configuration *config,
-		  void *buf, 
-		  size_t len, 
-		  krb5_keyblock *skey, 
-		  EncryptedData *reply)
-{
-    krb5_crypto crypto;
-    krb5_error_code ret;
-    ret = krb5_crypto_init(context, skey, ETYPE_DES_PCBC_NONE, &crypto);
-    if (ret) {
-	free(buf);
-	kdc_log(context, config, 0, "krb5_crypto_init failed: %s",
-		krb5_get_err_text(context, ret));
-	return ret;
-    }
-
-    ret = krb5_encrypt_EncryptedData(context, 
-				     crypto,
-				     KRB5_KU_TICKET,
-				     buf,
-				     len,
-				     0,
-				     reply);
-    krb5_crypto_destroy(context, crypto);
-    if(ret) {
-	kdc_log(context, config, 0, "Failed to encrypt data: %s",
-		krb5_get_err_text(context, ret));
-	return ret;
-    }
-    return 0;
-}
-
-static krb5_error_code
-encode_524_response(krb5_context context, 
-		    krb5_kdc_configuration *config,
-		    const char *spn, const EncTicketPart et,
-		    const Ticket *t, hdb_entry_ex *server, 
-		    EncryptedData *ticket, int *kvno)
-{
-    krb5_error_code ret;
-    int use_2b;
-    size_t len;
-
-    use_2b = krb5_config_get_bool(context, NULL, "kdc", "use_2b", spn, NULL);
-    if(use_2b) {
-	ASN1_MALLOC_ENCODE(EncryptedData, 
-			   ticket->cipher.data, ticket->cipher.length, 
-			   &t->enc_part, &len, ret);
-	
-	if (ret) {
-	    kdc_log(context, config, 0, 
-		    "Failed to encode v4 (2b) ticket (%s)", spn);
-	    return ret;
-	}
-	
-	ticket->etype = 0;
-	ticket->kvno = NULL;
-	*kvno = 213; /* 2b's use this magic kvno */
-    } else {
-	unsigned char buf[MAX_KTXT_LEN + 4 * 4];
-	Key *skey;
-	
-	if (!config->enable_v4_cross_realm && strcmp (et.crealm, t->realm) != 0) {
-	    kdc_log(context, config, 0, "524 cross-realm %s -> %s disabled", et.crealm,
-		    t->realm);
-	    return KRB5KDC_ERR_POLICY;
-	}
-
-	ret = _kdc_encode_v4_ticket(context, config, 
-				    buf + sizeof(buf) - 1, sizeof(buf),
-				    &et, &t->sname, &len);
-	if(ret){
-	    kdc_log(context, config, 0,
-		    "Failed to encode v4 ticket (%s)", spn);
-	    return ret;
-	}
-	ret = _kdc_get_des_key(context, server, TRUE, FALSE, &skey);
-	if(ret){
-	    kdc_log(context, config, 0,
-		    "no suitable DES key for server (%s)", spn);
-	    return ret;
-	}
-	ret = encrypt_v4_ticket(context, config, buf + sizeof(buf) - len, len, 
-				&skey->key, ticket);
-	if(ret){
-	    kdc_log(context, config, 0,
-		    "Failed to encrypt v4 ticket (%s)", spn);
-	    return ret;
-	}
-	*kvno = server->entry.kvno;
-    }
-
-    return 0;
-}
-
-/*
- * process a 5->4 request, based on `t', and received `from, addr',
- * returning the reply in `reply'
- */
-
-krb5_error_code
-_kdc_do_524(krb5_context context, 
-	    krb5_kdc_configuration *config,
-	    const Ticket *t, krb5_data *reply,
-	    const char *from, struct sockaddr *addr)
-{
-    krb5_error_code ret = 0;
-    krb5_crypto crypto;
-    hdb_entry_ex *server = NULL;
-    Key *skey;
-    krb5_data et_data;
-    EncTicketPart et;
-    EncryptedData ticket;
-    krb5_storage *sp;
-    char *spn = NULL;
-    unsigned char buf[MAX_KTXT_LEN + 4 * 4];
-    size_t len;
-    int kvno = 0;
-    
-    if(!config->enable_524) {
-	ret = KRB5KDC_ERR_POLICY;
-	kdc_log(context, config, 0,
-		"Rejected ticket conversion request from %s", from);
-	goto out;
-    }
-
-    ret = fetch_server (context, config, t, &spn, &server, from);
-    if (ret) {
-	goto out;
-    }
-
-    ret = hdb_enctype2key(context, &server->entry, t->enc_part.etype, &skey);
-    if(ret){
-	kdc_log(context, config, 0,
-		"No suitable key found for server (%s) from %s", spn, from);
-	goto out;
-    }
-    ret = krb5_crypto_init(context, &skey->key, 0, &crypto);
-    if (ret) {
-	kdc_log(context, config, 0, "krb5_crypto_init failed: %s",
-		krb5_get_err_text(context, ret));
-	goto out;
-    }
-    ret = krb5_decrypt_EncryptedData (context,
-				      crypto,
-				      KRB5_KU_TICKET,
-				      &t->enc_part,
-				      &et_data);
-    krb5_crypto_destroy(context, crypto);
-    if(ret){
-	kdc_log(context, config, 0,
-		"Failed to decrypt ticket from %s for %s", from, spn);
-	goto out;
-    }
-    ret = krb5_decode_EncTicketPart(context, et_data.data, et_data.length, 
-				    &et, &len);
-    krb5_data_free(&et_data);
-    if(ret){
-	kdc_log(context, config, 0,
-		"Failed to decode ticket from %s for %s", from, spn);
-	goto out;
-    }
-
-    ret = log_524 (context, config, &et, from, spn);
-    if (ret) {
-	free_EncTicketPart(&et);
-	goto out;
-    }
-
-    ret = verify_flags (context, config, &et, spn);
-    if (ret) {
-	free_EncTicketPart(&et);
-	goto out;
-    }
-
-    ret = set_address (context, config, &et, addr, from);
-    if (ret) {
-	free_EncTicketPart(&et);
-	goto out;
-    }
-
-    ret = encode_524_response(context, config, spn, et, t,
-			      server, &ticket, &kvno);
-    free_EncTicketPart(&et);
-
- out:
-    /* make reply */
-    memset(buf, 0, sizeof(buf));
-    sp = krb5_storage_from_mem(buf, sizeof(buf));
-    if (sp) {
-	krb5_store_int32(sp, ret);
-	if(ret == 0){
-	    krb5_store_int32(sp, kvno);
-	    krb5_store_data(sp, ticket.cipher);
-	    /* Aargh! This is coded as a KTEXT_ST. */
-	    krb5_storage_seek(sp, MAX_KTXT_LEN - ticket.cipher.length, SEEK_CUR);
-	    krb5_store_int32(sp, 0); /* mbz */
-	    free_EncryptedData(&ticket);
-	}
-	ret = krb5_storage_to_data(sp, reply);
-	reply->length = krb5_storage_seek(sp, 0, SEEK_CUR);
-	krb5_storage_free(sp);
-    } else
-	krb5_data_zero(reply);
-    if(spn)
-	free(spn);
-    if(server)
-	_kdc_free_ent (context, server);
-    return ret;
-}
diff --git a/crypto/heimdal/kdc/Makefile.am b/crypto/heimdal/kdc/Makefile.am
deleted file mode 100644
index ff20bde9c572..000000000000
--- a/crypto/heimdal/kdc/Makefile.am
+++ /dev/null
@@ -1,122 +0,0 @@
-# $Id: Makefile.am 22489 2008-01-21 11:49:06Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-AM_CPPFLAGS += $(INCLUDE_krb4) $(INCLUDE_hcrypto) -I$(srcdir)/../lib/krb5
-
-lib_LTLIBRARIES = libkdc.la
-
-bin_PROGRAMS = string2key
-
-sbin_PROGRAMS = kstash
-
-libexec_PROGRAMS = hprop hpropd kdc
-
-noinst_PROGRAMS = kdc-replay
-
-man_MANS = kdc.8 kstash.8 hprop.8 hpropd.8 string2key.8
-
-hprop_SOURCES = hprop.c mit_dump.c v4_dump.c hprop.h kadb.h 
-hpropd_SOURCES = hpropd.c hprop.h
-
-kstash_SOURCES = kstash.c headers.h
-
-string2key_SOURCES = string2key.c headers.h
-
-kdc_SOURCES = connect.c	\
-	config.c	\
-	main.c
-
-libkdc_la_SOURCES = 		\
-	kdc-private.h	 	\
-	kdc-protos.h	 	\
-	default_config.c 	\
-	set_dbinfo.c	 	\
-	digest.c		\
-	kdc_locl.h		\
-	kerberos5.c		\
-	krb5tgs.c		\
-	pkinit.c		\
-	log.c			\
-	misc.c			\
-	524.c			\
-	kerberos4.c		\
-	kaserver.c		\
-	kx509.c			\
-	process.c		\
-	windc.c			\
-	rx.h
-
-
-$(libkdc_la_OBJECTS): $(srcdir)/kdc-protos.h $(srcdir)/kdc-private.h
-
-libkdc_la_LDFLAGS = -version-info 2:0:0
-
-if versionscript
-libkdc_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
-endif
-$(libkdc_la_OBJECTS): $(srcdir)/version-script.map
-
-$(srcdir)/kdc-protos.h:
-	cd $(srcdir) && perl ../cf/make-proto.pl -q -P comment -o kdc-protos.h $(libkdc_la_SOURCES) || rm -f kdc-protos.h
-
-$(srcdir)/kdc-private.h:
-	cd $(srcdir) && perl ../cf/make-proto.pl -q -P comment -p kdc-private.h $(libkdc_la_SOURCES) || rm -f kdc-private.h
-
-
-hprop_LDADD = \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(LIB_openldap) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_kdb) $(LIB_krb4) \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken) \
-	$(DBLIB) 
-
-hpropd_LDADD = \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(LIB_openldap) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_kdb) $(LIB_krb4) \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken) \
-	$(DBLIB) 
-
-if PKINIT
-LIB_pkinit = $(top_builddir)/lib/hx509/libhx509.la
-endif
-
-libkdc_la_LIBADD = \
-	$(LIB_pkinit) \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(LIB_openldap) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_kdb) $(LIB_krb4) \
-	$(top_builddir)/lib/ntlm/libheimntlm.la \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken) \
-	$(DBLIB) 
-
-LDADD = $(top_builddir)/lib/hdb/libhdb.la \
-	$(LIB_openldap) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_krb4) \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken) \
-	$(DBLIB)
-
-kdc_LDADD = libkdc.la $(LDADD) $(LIB_pidfile)
-kdc_replay_LDADD = $(kdc_LDADD)
-
-include_HEADERS = kdc.h kdc-protos.h
-
-krb5dir = $(includedir)/krb5
-krb5_HEADERS = windc_plugin.h
-
-build_HEADERZ = $(krb5_HEADERS) # XXX
-
-EXTRA_DIST = $(man_MANS) version-script.map
diff --git a/crypto/heimdal/kdc/Makefile.in b/crypto/heimdal/kdc/Makefile.in
deleted file mode 100644
index d7e623afe7e3..000000000000
--- a/crypto/heimdal/kdc/Makefile.in
+++ /dev/null
@@ -1,1151 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 22489 2008-01-21 11:49:06Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(include_HEADERS) $(krb5_HEADERS) $(srcdir)/Makefile.am \
-	$(srcdir)/Makefile.in $(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common
-bin_PROGRAMS = string2key$(EXEEXT)
-sbin_PROGRAMS = kstash$(EXEEXT)
-libexec_PROGRAMS = hprop$(EXEEXT) hpropd$(EXEEXT) kdc$(EXEEXT)
-noinst_PROGRAMS = kdc-replay$(EXEEXT)
-@versionscript_TRUE@am__append_1 = $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
-subdir = kdc
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
-    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
-    *) f=$$p;; \
-  esac;
-am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
-am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" \
-	"$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(sbindir)" \
-	"$(DESTDIR)$(man8dir)" "$(DESTDIR)$(includedir)" \
-	"$(DESTDIR)$(krb5dir)"
-libLTLIBRARIES_INSTALL = $(INSTALL)
-LTLIBRARIES = $(lib_LTLIBRARIES)
-am__DEPENDENCIES_1 =
-libkdc_la_DEPENDENCIES = $(LIB_pkinit) \
-	$(top_builddir)/lib/hdb/libhdb.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(top_builddir)/lib/ntlm/libheimntlm.la \
-	$(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
-am_libkdc_la_OBJECTS = default_config.lo set_dbinfo.lo digest.lo \
-	kerberos5.lo krb5tgs.lo pkinit.lo log.lo misc.lo 524.lo \
-	kerberos4.lo kaserver.lo kx509.lo process.lo windc.lo
-libkdc_la_OBJECTS = $(am_libkdc_la_OBJECTS)
-libkdc_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(libkdc_la_LDFLAGS) $(LDFLAGS) -o $@
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS) $(noinst_PROGRAMS) \
-	$(sbin_PROGRAMS)
-am_hprop_OBJECTS = hprop.$(OBJEXT) mit_dump.$(OBJEXT) \
-	v4_dump.$(OBJEXT)
-hprop_OBJECTS = $(am_hprop_OBJECTS)
-hprop_DEPENDENCIES = $(top_builddir)/lib/hdb/libhdb.la \
-	$(am__DEPENDENCIES_1) $(top_builddir)/lib/krb5/libkrb5.la \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
-am_hpropd_OBJECTS = hpropd.$(OBJEXT)
-hpropd_OBJECTS = $(am_hpropd_OBJECTS)
-hpropd_DEPENDENCIES = $(top_builddir)/lib/hdb/libhdb.la \
-	$(am__DEPENDENCIES_1) $(top_builddir)/lib/krb5/libkrb5.la \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
-am_kdc_OBJECTS = connect.$(OBJEXT) config.$(OBJEXT) main.$(OBJEXT)
-kdc_OBJECTS = $(am_kdc_OBJECTS)
-am__DEPENDENCIES_2 = $(top_builddir)/lib/hdb/libhdb.la \
-	$(am__DEPENDENCIES_1) $(top_builddir)/lib/krb5/libkrb5.la \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1)
-kdc_DEPENDENCIES = libkdc.la $(am__DEPENDENCIES_2) \
-	$(am__DEPENDENCIES_1)
-kdc_replay_SOURCES = kdc-replay.c
-kdc_replay_OBJECTS = kdc-replay.$(OBJEXT)
-am__DEPENDENCIES_3 = libkdc.la $(am__DEPENDENCIES_2) \
-	$(am__DEPENDENCIES_1)
-kdc_replay_DEPENDENCIES = $(am__DEPENDENCIES_3)
-am_kstash_OBJECTS = kstash.$(OBJEXT)
-kstash_OBJECTS = $(am_kstash_OBJECTS)
-kstash_LDADD = $(LDADD)
-kstash_DEPENDENCIES = $(top_builddir)/lib/hdb/libhdb.la \
-	$(am__DEPENDENCIES_1) $(top_builddir)/lib/krb5/libkrb5.la \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1)
-am_string2key_OBJECTS = string2key.$(OBJEXT)
-string2key_OBJECTS = $(am_string2key_OBJECTS)
-string2key_LDADD = $(LDADD)
-string2key_DEPENDENCIES = $(top_builddir)/lib/hdb/libhdb.la \
-	$(am__DEPENDENCIES_1) $(top_builddir)/lib/krb5/libkrb5.la \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-SOURCES = $(libkdc_la_SOURCES) $(hprop_SOURCES) $(hpropd_SOURCES) \
-	$(kdc_SOURCES) kdc-replay.c $(kstash_SOURCES) \
-	$(string2key_SOURCES)
-DIST_SOURCES = $(libkdc_la_SOURCES) $(hprop_SOURCES) $(hpropd_SOURCES) \
-	$(kdc_SOURCES) kdc-replay.c $(kstash_SOURCES) \
-	$(string2key_SOURCES)
-man8dir = $(mandir)/man8
-MANS = $(man_MANS)
-includeHEADERS_INSTALL = $(INSTALL_HEADER)
-krb5HEADERS_INSTALL = $(INSTALL_HEADER)
-HEADERS = $(include_HEADERS) $(krb5_HEADERS)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
-	$(INCLUDE_krb4) $(INCLUDE_hcrypto) -I$(srcdir)/../lib/krb5
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-lib_LTLIBRARIES = libkdc.la
-man_MANS = kdc.8 kstash.8 hprop.8 hpropd.8 string2key.8
-hprop_SOURCES = hprop.c mit_dump.c v4_dump.c hprop.h kadb.h 
-hpropd_SOURCES = hpropd.c hprop.h
-kstash_SOURCES = kstash.c headers.h
-string2key_SOURCES = string2key.c headers.h
-kdc_SOURCES = connect.c	\
-	config.c	\
-	main.c
-
-libkdc_la_SOURCES = \
-	kdc-private.h	 	\
-	kdc-protos.h	 	\
-	default_config.c 	\
-	set_dbinfo.c	 	\
-	digest.c		\
-	kdc_locl.h		\
-	kerberos5.c		\
-	krb5tgs.c		\
-	pkinit.c		\
-	log.c			\
-	misc.c			\
-	524.c			\
-	kerberos4.c		\
-	kaserver.c		\
-	kx509.c			\
-	process.c		\
-	windc.c			\
-	rx.h
-
-libkdc_la_LDFLAGS = -version-info 2:0:0 $(am__append_1)
-hprop_LDADD = \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(LIB_openldap) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_kdb) $(LIB_krb4) \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken) \
-	$(DBLIB) 
-
-hpropd_LDADD = \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(LIB_openldap) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_kdb) $(LIB_krb4) \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken) \
-	$(DBLIB) 
-
-@PKINIT_TRUE@LIB_pkinit = $(top_builddir)/lib/hx509/libhx509.la
-libkdc_la_LIBADD = \
-	$(LIB_pkinit) \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(LIB_openldap) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_kdb) $(LIB_krb4) \
-	$(top_builddir)/lib/ntlm/libheimntlm.la \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken) \
-	$(DBLIB) 
-
-LDADD = $(top_builddir)/lib/hdb/libhdb.la \
-	$(LIB_openldap) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_krb4) \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken) \
-	$(DBLIB)
-
-kdc_LDADD = libkdc.la $(LDADD) $(LIB_pidfile)
-kdc_replay_LDADD = $(kdc_LDADD)
-include_HEADERS = kdc.h kdc-protos.h
-krb5dir = $(includedir)/krb5
-krb5_HEADERS = windc_plugin.h
-build_HEADERZ = $(krb5_HEADERS) # XXX
-EXTRA_DIST = $(man_MANS) version-script.map
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps kdc/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps kdc/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f=$(am__strip_dir) \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  p=$(am__strip_dir) \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
-	  $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test "$$dir" != "$$p" || dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-libkdc.la: $(libkdc_la_OBJECTS) $(libkdc_la_DEPENDENCIES) 
-	$(libkdc_la_LINK) -rpath $(libdir) $(libkdc_la_OBJECTS) $(libkdc_la_LIBADD) $(LIBS)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(bindir)/$$f"; \
-	done
-
-clean-binPROGRAMS:
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-install-libexecPROGRAMS: $(libexec_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)"
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(libexecdir)/$$f'"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(libexecdir)/$$f" || exit 1; \
-	  else :; fi; \
-	done
-
-uninstall-libexecPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f '$(DESTDIR)$(libexecdir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(libexecdir)/$$f"; \
-	done
-
-clean-libexecPROGRAMS:
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-
-clean-noinstPROGRAMS:
-	@list='$(noinst_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-install-sbinPROGRAMS: $(sbin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)"
-	@list='$(sbin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(sbindir)/$$f'"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(sbindir)/$$f" || exit 1; \
-	  else :; fi; \
-	done
-
-uninstall-sbinPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(sbin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f '$(DESTDIR)$(sbindir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(sbindir)/$$f"; \
-	done
-
-clean-sbinPROGRAMS:
-	@list='$(sbin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-hprop$(EXEEXT): $(hprop_OBJECTS) $(hprop_DEPENDENCIES) 
-	@rm -f hprop$(EXEEXT)
-	$(LINK) $(hprop_OBJECTS) $(hprop_LDADD) $(LIBS)
-hpropd$(EXEEXT): $(hpropd_OBJECTS) $(hpropd_DEPENDENCIES) 
-	@rm -f hpropd$(EXEEXT)
-	$(LINK) $(hpropd_OBJECTS) $(hpropd_LDADD) $(LIBS)
-kdc$(EXEEXT): $(kdc_OBJECTS) $(kdc_DEPENDENCIES) 
-	@rm -f kdc$(EXEEXT)
-	$(LINK) $(kdc_OBJECTS) $(kdc_LDADD) $(LIBS)
-kdc-replay$(EXEEXT): $(kdc_replay_OBJECTS) $(kdc_replay_DEPENDENCIES) 
-	@rm -f kdc-replay$(EXEEXT)
-	$(LINK) $(kdc_replay_OBJECTS) $(kdc_replay_LDADD) $(LIBS)
-kstash$(EXEEXT): $(kstash_OBJECTS) $(kstash_DEPENDENCIES) 
-	@rm -f kstash$(EXEEXT)
-	$(LINK) $(kstash_OBJECTS) $(kstash_LDADD) $(LIBS)
-string2key$(EXEEXT): $(string2key_OBJECTS) $(string2key_DEPENDENCIES) 
-	@rm -f string2key$(EXEEXT)
-	$(LINK) $(string2key_OBJECTS) $(string2key_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-man8: $(man8_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    8*) ;; \
-	    *) ext='8' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
-	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
-	done
-uninstall-man8:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    8*) ;; \
-	    *) ext='8' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
-	  rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
-	done
-install-includeHEADERS: $(include_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
-	  $(includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-uninstall-includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(includedir)/$$f"; \
-	done
-install-krb5HEADERS: $(krb5_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(krb5dir)" || $(MKDIR_P) "$(DESTDIR)$(krb5dir)"
-	@list='$(krb5_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(krb5HEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(krb5dir)/$$f'"; \
-	  $(krb5HEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(krb5dir)/$$f"; \
-	done
-
-uninstall-krb5HEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(krb5_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(krb5dir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(krb5dir)/$$f"; \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(MANS) $(HEADERS) \
-		all-local
-install-binPROGRAMS: install-libLTLIBRARIES
-
-installdirs:
-	for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(includedir)" "$(DESTDIR)$(krb5dir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libLTLIBRARIES \
-	clean-libexecPROGRAMS clean-libtool clean-noinstPROGRAMS \
-	clean-sbinPROGRAMS mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-includeHEADERS install-krb5HEADERS \
-	install-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am: install-binPROGRAMS install-libLTLIBRARIES \
-	install-libexecPROGRAMS install-sbinPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man: install-man8
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-binPROGRAMS uninstall-includeHEADERS \
-	uninstall-krb5HEADERS uninstall-libLTLIBRARIES \
-	uninstall-libexecPROGRAMS uninstall-man uninstall-sbinPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-uninstall-man: uninstall-man8
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
-	clean clean-binPROGRAMS clean-generic clean-libLTLIBRARIES \
-	clean-libexecPROGRAMS clean-libtool clean-noinstPROGRAMS \
-	clean-sbinPROGRAMS ctags dist-hook distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-binPROGRAMS install-data install-data-am \
-	install-data-hook install-dvi install-dvi-am install-exec \
-	install-exec-am install-exec-hook install-html install-html-am \
-	install-includeHEADERS install-info install-info-am \
-	install-krb5HEADERS install-libLTLIBRARIES \
-	install-libexecPROGRAMS install-man install-man8 install-pdf \
-	install-pdf-am install-ps install-ps-am install-sbinPROGRAMS \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
-	pdf pdf-am ps ps-am tags uninstall uninstall-am \
-	uninstall-binPROGRAMS uninstall-hook uninstall-includeHEADERS \
-	uninstall-krb5HEADERS uninstall-libLTLIBRARIES \
-	uninstall-libexecPROGRAMS uninstall-man uninstall-man8 \
-	uninstall-sbinPROGRAMS
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-$(libkdc_la_OBJECTS): $(srcdir)/kdc-protos.h $(srcdir)/kdc-private.h
-$(libkdc_la_OBJECTS): $(srcdir)/version-script.map
-
-$(srcdir)/kdc-protos.h:
-	cd $(srcdir) && perl ../cf/make-proto.pl -q -P comment -o kdc-protos.h $(libkdc_la_SOURCES) || rm -f kdc-protos.h
-
-$(srcdir)/kdc-private.h:
-	cd $(srcdir) && perl ../cf/make-proto.pl -q -P comment -p kdc-private.h $(libkdc_la_SOURCES) || rm -f kdc-private.h
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/kdc/config.c b/crypto/heimdal/kdc/config.c
deleted file mode 100644
index a4d40fce4fa9..000000000000
--- a/crypto/heimdal/kdc/config.c
+++ /dev/null
@@ -1,322 +0,0 @@
-/*
- * Copyright (c) 1997-2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- *
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kdc_locl.h"
-#include <getarg.h>
-#include <parse_bytes.h>
-
-RCSID("$Id: config.c 22248 2007-12-08 23:52:12Z lha $");
-
-struct dbinfo {
-    char *realm;
-    char *dbname;
-    char *mkey_file;
-    struct dbinfo *next;
-};
-
-static char *config_file;	/* location of kdc config file */
-
-static int require_preauth = -1; /* 1 == require preauth for all principals */
-static char *max_request_str;	/* `max_request' as a string */
-
-static int disable_des = -1;
-static int enable_v4 = -1;
-static int enable_kaserver = -1;
-static int enable_524 = -1;
-static int enable_v4_cross_realm = -1;
-
-static int builtin_hdb_flag;
-static int help_flag;
-static int version_flag;
-
-static struct getarg_strings addresses_str;	/* addresses to listen on */
-
-static char *v4_realm;
-
-static struct getargs args[] = {
-    { 
-	"config-file",	'c',	arg_string,	&config_file, 
-	"location of config file",	"file" 
-    },
-    { 
-	"require-preauth",	'p',	arg_negative_flag, &require_preauth, 
-	"don't require pa-data in as-reqs"
-    },
-    { 
-	"max-request",	0,	arg_string, &max_request, 
-	"max size for a kdc-request", "size"
-    },
-    { "enable-http", 'H', arg_flag, &enable_http, "turn on HTTP support" },
-    {	"524",		0, 	arg_negative_flag, &enable_524,
-	"don't respond to 524 requests" 
-    },
-    {
-	"kaserver", 'K', arg_flag,   &enable_kaserver,
-	"enable kaserver support"
-    },
-    {	"kerberos4",	0, 	arg_flag, &enable_v4,
-	"respond to kerberos 4 requests" 
-    },
-    { 
-	"v4-realm",	'r',	arg_string, &v4_realm, 
-	"realm to serve v4-requests for"
-    },
-    {	"kerberos4-cross-realm",	0, 	arg_flag,
-	&enable_v4_cross_realm,
-	"respond to kerberos 4 requests from foreign realms" 
-    },
-    {	"ports",	'P', 	arg_string, &port_str,
-	"ports to listen to", "portspec"
-    },
-#if DETACH_IS_DEFAULT
-    {
-	"detach",       'D',      arg_negative_flag, &detach_from_console, 
-	"don't detach from console"
-    },
-#else
-    {
-	"detach",       0 ,      arg_flag, &detach_from_console, 
-	"detach from console"
-    },
-#endif
-    {	"addresses",	0,	arg_strings, &addresses_str,
-	"addresses to listen on", "list of addresses" },
-    {	"disable-des",	0,	arg_flag, &disable_des,
-	"disable DES" },
-    {	"builtin-hdb",	0,	arg_flag,   &builtin_hdb_flag,
-	"list builtin hdb backends"},
-    {	"help",		'h',	arg_flag,   &help_flag },
-    {	"version",	'v',	arg_flag,   &version_flag }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(int ret)
-{
-    arg_printusage (args, num_args, NULL, "");
-    exit (ret);
-}
-
-static void
-add_one_address (krb5_context context, const char *str, int first)
-{
-    krb5_error_code ret;
-    krb5_addresses tmp;
-
-    ret = krb5_parse_address (context, str, &tmp);
-    if (ret)
-	krb5_err (context, 1, ret, "parse_address `%s'", str);
-    if (first)
-	krb5_copy_addresses(context, &tmp, &explicit_addresses);
-    else
-	krb5_append_addresses(context, &explicit_addresses, &tmp);
-    krb5_free_addresses (context, &tmp);
-}
-
-krb5_kdc_configuration *
-configure(krb5_context context, int argc, char **argv)
-{
-    krb5_kdc_configuration *config;
-    krb5_error_code ret;
-    int optidx = 0;
-    const char *p;
-    
-    while(getarg(args, num_args, argc, argv, &optidx))
-	warnx("error at argument `%s'", argv[optidx]);
-
-    if(help_flag)
-	usage (0);
-
-    if (version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    if (builtin_hdb_flag) {
-	char *list;
-	ret = hdb_list_builtin(context, &list);
-	if (ret)
-	    krb5_err(context, 1, ret, "listing builtin hdb backends");
-	printf("builtin hdb backends: %s\n", list);
-	free(list);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    if (argc != 0)
-	usage(1);
-    
-    {
-	char **files;
-
-	if (config_file == NULL) {
-	    asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context));
-	    if (config_file == NULL)
-		errx(1, "out of memory");
-	}
-
-	ret = krb5_prepend_config_files_default(config_file, &files);
-	if (ret)
-	    krb5_err(context, 1, ret, "getting configuration files");
-	    
-	ret = krb5_set_config_files(context, files);
-	krb5_free_config_files(files);
-	if(ret) 
-	    krb5_err(context, 1, ret, "reading configuration files");
-    }
-
-    ret = krb5_kdc_get_config(context, &config);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_kdc_default_config");
-
-    kdc_openlog(context, config);
-
-    ret = krb5_kdc_set_dbinfo(context, config);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_kdc_set_dbinfo");
-
-    if(max_request_str)
-	max_request = parse_bytes(max_request_str, NULL);
-
-    if(max_request == 0){
-	p = krb5_config_get_string (context,
-				    NULL,
-				    "kdc",
-				    "max-request",
-				    NULL);
-	if(p)
-	    max_request = parse_bytes(p, NULL);
-    }
-    
-    if(require_preauth != -1)
-	config->require_preauth = require_preauth;
-
-    if(port_str == NULL){
-	p = krb5_config_get_string(context, NULL, "kdc", "ports", NULL);
-	if (p != NULL)
-	    port_str = strdup(p);
-    }
-
-    explicit_addresses.len = 0;
-
-    if (addresses_str.num_strings) {
-	int i;
-
-	for (i = 0; i < addresses_str.num_strings; ++i)
-	    add_one_address (context, addresses_str.strings[i], i == 0);
-	free_getarg_strings (&addresses_str);
-    } else {
-	char **foo = krb5_config_get_strings (context, NULL,
-					      "kdc", "addresses", NULL);
-
-	if (foo != NULL) {
-	    add_one_address (context, *foo++, TRUE);
-	    while (*foo)
-		add_one_address (context, *foo++, FALSE);
-	}
-    }
-
-    if(enable_v4 != -1)
-	config->enable_v4 = enable_v4;
-
-    if(enable_v4_cross_realm != -1)
-	config->enable_v4_cross_realm = enable_v4_cross_realm;
-
-    if(enable_524 != -1)
-	config->enable_524 = enable_524;
-
-    if(enable_http == -1)
-	enable_http = krb5_config_get_bool(context, NULL, "kdc", 
-					   "enable-http", NULL);
-
-    if(request_log == NULL)
-	request_log = krb5_config_get_string(context, NULL, 
-					     "kdc", 
-					     "kdc-request-log", 
-					     NULL);
-
-    if (krb5_config_get_string(context, NULL, "kdc", 
-			       "enforce-transited-policy", NULL))
-	krb5_errx(context, 1, "enforce-transited-policy deprecated, "
-		  "use [kdc]transited-policy instead");
-
-    if (enable_kaserver != -1)
-	config->enable_kaserver = enable_kaserver;
-
-    if(detach_from_console == -1) 
-	detach_from_console = krb5_config_get_bool_default(context, NULL, 
-							   DETACH_IS_DEFAULT,
-							   "kdc",
-							   "detach", NULL);
-
-    if(max_request == 0)
-	max_request = 64 * 1024;
-
-    if (port_str == NULL)
-	port_str = "+";
-
-    if (v4_realm)
-	config->v4_realm = v4_realm;
-
-    if(config->v4_realm == NULL && (config->enable_kaserver || config->enable_v4))
-	krb5_errx(context, 1, "Kerberos 4 enabled but no realm configured");
-
-    if(disable_des == -1)
-	disable_des = krb5_config_get_bool_default(context, NULL, 
-						   FALSE,
-						   "kdc",
-						   "disable-des", NULL);
-    if(disable_des) {
-	krb5_enctype_disable(context, ETYPE_DES_CBC_CRC);
-	krb5_enctype_disable(context, ETYPE_DES_CBC_MD4);
-	krb5_enctype_disable(context, ETYPE_DES_CBC_MD5);
-	krb5_enctype_disable(context, ETYPE_DES_CBC_NONE);
-	krb5_enctype_disable(context, ETYPE_DES_CFB64_NONE);
-	krb5_enctype_disable(context, ETYPE_DES_PCBC_NONE);
-
-	kdc_log(context, config, 
-		0, "DES was disabled, turned off Kerberos V4, 524 "
-		"and kaserver");
-	config->enable_v4 = 0;
-	config->enable_524 = 0;
-	config->enable_kaserver = 0;
-    }
-
-    krb5_kdc_windc_init(context);
-
-    return config;
-}
diff --git a/crypto/heimdal/kdc/connect.c b/crypto/heimdal/kdc/connect.c
deleted file mode 100644
index c2df088342f4..000000000000
--- a/crypto/heimdal/kdc/connect.c
+++ /dev/null
@@ -1,900 +0,0 @@
-/*
- * Copyright (c) 1997-2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kdc_locl.h"
-
-RCSID("$Id: connect.c 22434 2008-01-14 09:21:37Z lha $");
-
-/* Should we enable the HTTP hack? */
-int enable_http = -1;
-
-/* Log over requests to the KDC */
-const char *request_log;
-
-/* A string describing on what ports to listen */
-const char *port_str;
-
-krb5_addresses explicit_addresses;
-
-size_t max_request;		/* maximal size of a request */
-
-/*
- * a tuple describing on what to listen
- */
-
-struct port_desc{
-    int family;
-    int type;
-    int port;
-};
-
-/* the current ones */
-
-static struct port_desc *ports;
-static int num_ports;
-
-/*
- * add `family, port, protocol' to the list with duplicate suppresion.
- */
-
-static void
-add_port(krb5_context context, 
-	 int family, int port, const char *protocol)
-{
-    int type;
-    int i;
-
-    if(strcmp(protocol, "udp") == 0)
-	type = SOCK_DGRAM;
-    else if(strcmp(protocol, "tcp") == 0)
-	type = SOCK_STREAM;
-    else
-	return;
-    for(i = 0; i < num_ports; i++){
-	if(ports[i].type == type
-	   && ports[i].port == port
-	   && ports[i].family == family)
-	    return;
-    }
-    ports = realloc(ports, (num_ports + 1) * sizeof(*ports));
-    if (ports == NULL)
-	krb5_err (context, 1, errno, "realloc");
-    ports[num_ports].family = family;
-    ports[num_ports].type   = type;
-    ports[num_ports].port   = port;
-    num_ports++;
-}
-
-/*
- * add a triple but with service -> port lookup
- * (this prints warnings for stuff that does not exist)
- */
-
-static void
-add_port_service(krb5_context context, 
-		 int family, const char *service, int port,
-		 const char *protocol)
-{
-    port = krb5_getportbyname (context, service, protocol, port);
-    add_port (context, family, port, protocol);
-}
-
-/*
- * add the port with service -> port lookup or string -> number
- * (no warning is printed)
- */
-
-static void
-add_port_string (krb5_context context, 
-		 int family, const char *str, const char *protocol)
-{
-    struct servent *sp;
-    int port;
-
-    sp = roken_getservbyname (str, protocol);
-    if (sp != NULL) {
-	port = sp->s_port;
-    } else {
-	char *end;
-
-	port = htons(strtol(str, &end, 0));
-	if (end == str)
-	    return;
-    }
-    add_port (context, family, port, protocol);
-}
-
-/*
- * add the standard collection of ports for `family'
- */
-
-static void
-add_standard_ports (krb5_context context, 		 
-		    krb5_kdc_configuration *config,
-		    int family)
-{
-    add_port_service(context, family, "kerberos", 88, "udp");
-    add_port_service(context, family, "kerberos", 88, "tcp");
-    add_port_service(context, family, "kerberos-sec", 88, "udp");
-    add_port_service(context, family, "kerberos-sec", 88, "tcp");
-    if(enable_http)
-	add_port_service(context, family, "http", 80, "tcp");
-    if(config->enable_524) {
-	add_port_service(context, family, "krb524", 4444, "udp");
-	add_port_service(context, family, "krb524", 4444, "tcp");
-    }
-    if(config->enable_v4) {
-	add_port_service(context, family, "kerberos-iv", 750, "udp");
-	add_port_service(context, family, "kerberos-iv", 750, "tcp");
-    }
-    if (config->enable_kaserver)
-	add_port_service(context, family, "afs3-kaserver", 7004, "udp");
-    if(config->enable_kx509) {
-	add_port_service(context, family, "kca_service", 9878, "udp");
-	add_port_service(context, family, "kca_service", 9878, "tcp");
-    }
-
-}
-
-/*
- * parse the set of space-delimited ports in `str' and add them.
- * "+" => all the standard ones
- * otherwise it's port|service[/protocol]
- */
-
-static void
-parse_ports(krb5_context context, 		 
-	    krb5_kdc_configuration *config,
-	    const char *str)
-{
-    char *pos = NULL;
-    char *p;
-    char *str_copy = strdup (str);
-
-    p = strtok_r(str_copy, " \t", &pos);
-    while(p != NULL) {
-	if(strcmp(p, "+") == 0) {
-#ifdef HAVE_IPV6
-	    add_standard_ports(context, config, AF_INET6);
-#endif
-	    add_standard_ports(context, config, AF_INET);
-	} else {
-	    char *q = strchr(p, '/');
-	    if(q){
-		*q++ = 0;
-#ifdef HAVE_IPV6
-		add_port_string(context, AF_INET6, p, q);
-#endif
-		add_port_string(context, AF_INET, p, q);
-	    }else {
-#ifdef HAVE_IPV6
-		add_port_string(context, AF_INET6, p, "udp");
-		add_port_string(context, AF_INET6, p, "tcp");
-#endif
-		add_port_string(context, AF_INET, p, "udp");
-		add_port_string(context, AF_INET, p, "tcp");
-	    }
-	}
-	    
-	p = strtok_r(NULL, " \t", &pos);
-    }
-    free (str_copy);
-}
-
-/*
- * every socket we listen on
- */
-
-struct descr {
-    int s;
-    int type;
-    int port;
-    unsigned char *buf;
-    size_t size;
-    size_t len;
-    time_t timeout;
-    struct sockaddr_storage __ss;
-    struct sockaddr *sa;
-    socklen_t sock_len;
-    char addr_string[128];
-};
-
-static void
-init_descr(struct descr *d)
-{
-    memset(d, 0, sizeof(*d));
-    d->sa = (struct sockaddr *)&d->__ss;
-    d->s = -1;
-}
-
-/*
- * re-initialize all `n' ->sa in `d'.
- */
-
-static void
-reinit_descrs (struct descr *d, int n)
-{
-    int i;
-
-    for (i = 0; i < n; ++i)
-	d[i].sa = (struct sockaddr *)&d[i].__ss;
-}
-
-/*
- * Create the socket (family, type, port) in `d'
- */
-
-static void 
-init_socket(krb5_context context, 
-	    krb5_kdc_configuration *config,
-	    struct descr *d, krb5_address *a, int family, int type, int port)
-{
-    krb5_error_code ret;
-    struct sockaddr_storage __ss;
-    struct sockaddr *sa = (struct sockaddr *)&__ss;
-    krb5_socklen_t sa_size = sizeof(__ss);
-
-    init_descr (d);
-
-    ret = krb5_addr2sockaddr (context, a, sa, &sa_size, port);
-    if (ret) {
-	krb5_warn(context, ret, "krb5_addr2sockaddr");
-	close(d->s);
-	d->s = -1;
-	return;
-    }
-
-    if (sa->sa_family != family)
-	return;
-
-    d->s = socket(family, type, 0);
-    if(d->s < 0){
-	krb5_warn(context, errno, "socket(%d, %d, 0)", family, type);
-	d->s = -1;
-	return;
-    }
-#if defined(HAVE_SETSOCKOPT) && defined(SOL_SOCKET) && defined(SO_REUSEADDR)
-    {
-	int one = 1;
-	setsockopt(d->s, SOL_SOCKET, SO_REUSEADDR, (void *)&one, sizeof(one));
-    }
-#endif
-    d->type = type;
-    d->port = port;
-
-    if(bind(d->s, sa, sa_size) < 0){
-	char a_str[256];
-	size_t len;
-
-	krb5_print_address (a, a_str, sizeof(a_str), &len);
-	krb5_warn(context, errno, "bind %s/%d", a_str, ntohs(port));
-	close(d->s);
-	d->s = -1;
-	return;
-    }
-    if(type == SOCK_STREAM && listen(d->s, SOMAXCONN) < 0){
-	char a_str[256];
-	size_t len;
-
-	krb5_print_address (a, a_str, sizeof(a_str), &len);
-	krb5_warn(context, errno, "listen %s/%d", a_str, ntohs(port));
-	close(d->s);
-	d->s = -1;
-	return;
-    }
-}
-
-/*
- * Allocate descriptors for all the sockets that we should listen on
- * and return the number of them.
- */
-
-static int
-init_sockets(krb5_context context, 
-	     krb5_kdc_configuration *config,
-	     struct descr **desc)
-{
-    krb5_error_code ret;
-    int i, j;
-    struct descr *d;
-    int num = 0;
-    krb5_addresses addresses;
-
-    if (explicit_addresses.len) {
-	addresses = explicit_addresses;
-    } else {
-	ret = krb5_get_all_server_addrs (context, &addresses);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_get_all_server_addrs");
-    }
-    parse_ports(context, config, port_str);
-    d = malloc(addresses.len * num_ports * sizeof(*d));
-    if (d == NULL)
-	krb5_errx(context, 1, "malloc(%lu) failed",
-		  (unsigned long)num_ports * sizeof(*d));
-
-    for (i = 0; i < num_ports; i++){
-	for (j = 0; j < addresses.len; ++j) {
-	    init_socket(context, config, &d[num], &addresses.val[j],
-			ports[i].family, ports[i].type, ports[i].port);
-	    if(d[num].s != -1){
-		char a_str[80];
-		size_t len;
-
-		krb5_print_address (&addresses.val[j], a_str,
-				    sizeof(a_str), &len);
-
-		kdc_log(context, config, 5, "listening on %s port %u/%s",
-			a_str,
-			ntohs(ports[i].port), 
-			(ports[i].type == SOCK_STREAM) ? "tcp" : "udp");
-		/* XXX */
-		num++;
-	    }
-	}
-    }
-    krb5_free_addresses (context, &addresses);
-    d = realloc(d, num * sizeof(*d));
-    if (d == NULL && num != 0)
-	krb5_errx(context, 1, "realloc(%lu) failed",
-		  (unsigned long)num * sizeof(*d));
-    reinit_descrs (d, num);
-    *desc = d;
-    return num;
-}
-
-/*
- *
- */
-
-static const char *
-descr_type(struct descr *d)
-{
-    if (d->type == SOCK_DGRAM)
-	return "udp";
-    else if (d->type == SOCK_STREAM)
-	return "tcp";
-    return "unknown";
-}
-
-static void
-addr_to_string(krb5_context context, 		 
-	       struct sockaddr *addr, size_t addr_len, char *str, size_t len)
-{
-    krb5_address a;
-    if(krb5_sockaddr2address(context, addr, &a) == 0) {
-	if(krb5_print_address(&a, str, len, &len) == 0) {
-	    krb5_free_address(context, &a);
-	    return;
-	}
-	krb5_free_address(context, &a);
-    }
-    snprintf(str, len, "<family=%d>", addr->sa_family);
-}
-
-/*
- *
- */
-
-static void
-send_reply(krb5_context context, 
-	   krb5_kdc_configuration *config,
-	   krb5_boolean prependlength,
-	   struct descr *d,
-	   krb5_data *reply)
-{
-    kdc_log(context, config, 5,
-	    "sending %lu bytes to %s", (unsigned long)reply->length,
-	    d->addr_string);
-    if(prependlength){
-	unsigned char l[4];
-	l[0] = (reply->length >> 24) & 0xff;
-	l[1] = (reply->length >> 16) & 0xff;
-	l[2] = (reply->length >> 8) & 0xff;
-	l[3] = reply->length & 0xff;
-	if(sendto(d->s, l, sizeof(l), 0, d->sa, d->sock_len) < 0) {
-	    kdc_log (context, config, 
-		     0, "sendto(%s): %s", d->addr_string, strerror(errno));
-	    return;
-	}
-    }
-    if(sendto(d->s, reply->data, reply->length, 0, d->sa, d->sock_len) < 0) {
-	kdc_log (context, config, 
-		 0, "sendto(%s): %s", d->addr_string, strerror(errno));
-	return;
-    }
-}
-
-/*
- * Handle the request in `buf, len' to socket `d'
- */
-
-static void
-do_request(krb5_context context, 
-	   krb5_kdc_configuration *config,
-	   void *buf, size_t len, krb5_boolean prependlength,
-	   struct descr *d)
-{
-    krb5_error_code ret;
-    krb5_data reply;
-    int datagram_reply = (d->type == SOCK_DGRAM);
-
-    krb5_kdc_update_time(NULL);
-
-    krb5_data_zero(&reply);
-    ret = krb5_kdc_process_request(context, config, 
-				   buf, len, &reply, &prependlength,
-				   d->addr_string, d->sa,
-				   datagram_reply);
-    if(request_log)
-	krb5_kdc_save_request(context, request_log, buf, len, &reply, d->sa);
-    if(reply.length){
-	send_reply(context, config, prependlength, d, &reply);
-	krb5_data_free(&reply);
-    }
-    if(ret)
-	kdc_log(context, config, 0, 
-		"Failed processing %lu byte request from %s", 
-		(unsigned long)len, d->addr_string);
-}
-
-/*
- * Handle incoming data to the UDP socket in `d'
- */
-
-static void
-handle_udp(krb5_context context, 
-	   krb5_kdc_configuration *config,
-	   struct descr *d)
-{
-    unsigned char *buf;
-    int n;
-
-    buf = malloc(max_request);
-    if(buf == NULL){
-	kdc_log(context, config, 0, "Failed to allocate %lu bytes", (unsigned long)max_request);
-	return;
-    }
-
-    d->sock_len = sizeof(d->__ss);
-    n = recvfrom(d->s, buf, max_request, 0, d->sa, &d->sock_len);
-    if(n < 0)
-	krb5_warn(context, errno, "recvfrom");
-    else {
-	addr_to_string (context, d->sa, d->sock_len,
-			d->addr_string, sizeof(d->addr_string));
-	do_request(context, config, buf, n, FALSE, d);
-    }
-    free (buf);
-}
-
-static void
-clear_descr(struct descr *d)
-{
-    if(d->buf)
-	memset(d->buf, 0, d->size);
-    d->len = 0;
-    if(d->s != -1)
-	close(d->s);
-    d->s = -1;
-}
-
-
-/* remove HTTP %-quoting from buf */
-static int
-de_http(char *buf)
-{
-    unsigned char *p, *q;
-    for(p = q = (unsigned char *)buf; *p; p++, q++) {
-	if(*p == '%' && isxdigit(p[1]) && isxdigit(p[2])) {
-	    unsigned int x;
-	    if(sscanf((char *)p + 1, "%2x", &x) != 1)
-		return -1;
-	    *q = x;
-	    p += 2;
-	} else
-	    *q = *p;
-    }
-    *q = '\0';
-    return 0;
-}
-
-#define TCP_TIMEOUT 4
-
-/*
- * accept a new TCP connection on `d[parent]' and store it in `d[child]'
- */
-
-static void
-add_new_tcp (krb5_context context, 
-	     krb5_kdc_configuration *config,
-	     struct descr *d, int parent, int child)
-{
-    int s;
-
-    if (child == -1)
-	return;
-
-    d[child].sock_len = sizeof(d[child].__ss);
-    s = accept(d[parent].s, d[child].sa, &d[child].sock_len);
-    if(s < 0) {
-	krb5_warn(context, errno, "accept");
-	return;
-    }
-	    
-    if (s >= FD_SETSIZE) {
-	krb5_warnx(context, "socket FD too large");
-	close (s);
-	return;
-    }
-
-    d[child].s = s;
-    d[child].timeout = time(NULL) + TCP_TIMEOUT;
-    d[child].type = SOCK_STREAM;
-    addr_to_string (context, 
-		    d[child].sa, d[child].sock_len,
-		    d[child].addr_string, sizeof(d[child].addr_string));
-}
-
-/*
- * Grow `d' to handle at least `n'.
- * Return != 0 if fails
- */
-
-static int
-grow_descr (krb5_context context, 
-	    krb5_kdc_configuration *config,
-	    struct descr *d, size_t n)
-{
-    if (d->size - d->len < n) {
-	unsigned char *tmp;
-	size_t grow; 
-
-	grow = max(1024, d->len + n);
-	if (d->size + grow > max_request) {
-	    kdc_log(context, config, 0, "Request exceeds max request size (%lu bytes).",
-		    (unsigned long)d->size + grow);
-	    clear_descr(d);
-	    return -1;
-	}
-	tmp = realloc (d->buf, d->size + grow);
-	if (tmp == NULL) {
-	    kdc_log(context, config, 0, "Failed to re-allocate %lu bytes.",
-		    (unsigned long)d->size + grow);
-	    clear_descr(d);
-	    return -1;
-	}
-	d->size += grow;
-	d->buf = tmp;
-    }
-    return 0;
-}
-
-/*
- * Try to handle the TCP data at `d->buf, d->len'.
- * Return -1 if failed, 0 if succesful, and 1 if data is complete.
- */
-
-static int
-handle_vanilla_tcp (krb5_context context, 
-		    krb5_kdc_configuration *config,
-		    struct descr *d)
-{
-    krb5_storage *sp;
-    uint32_t len;
-
-    sp = krb5_storage_from_mem(d->buf, d->len);
-    if (sp == NULL) {
-	kdc_log (context, config, 0, "krb5_storage_from_mem failed");
-	return -1;
-    }
-    krb5_ret_uint32(sp, &len);
-    krb5_storage_free(sp);
-    if(d->len - 4 >= len) {
-	memmove(d->buf, d->buf + 4, d->len - 4);
-	d->len -= 4;
-	return 1;
-    }
-    return 0;
-}
-
-/*
- * Try to handle the TCP/HTTP data at `d->buf, d->len'.
- * Return -1 if failed, 0 if succesful, and 1 if data is complete.
- */
-
-static int
-handle_http_tcp (krb5_context context, 
-		 krb5_kdc_configuration *config,
-		 struct descr *d)
-{
-    char *s, *p, *t;
-    void *data;
-    char *proto;
-    int len;
-
-    s = (char *)d->buf;
-
-    p = strstr(s, "\r\n");
-    if (p == NULL) {
-	kdc_log(context, config, 0, "Malformed HTTP request from %s", d->addr_string);
-	return -1;
-    }
-    *p = 0;
-
-    p = NULL;
-    t = strtok_r(s, " \t", &p);
-    if (t == NULL) {
-	kdc_log(context, config, 0, "Malformed HTTP request from %s", d->addr_string);
-	return -1;
-    }
-    t = strtok_r(NULL, " \t", &p);
-    if(t == NULL) {
-	kdc_log(context, config, 0, "Malformed HTTP request from %s", d->addr_string);
-	return -1;
-    }
-    data = malloc(strlen(t));
-    if (data == NULL) {
-	kdc_log(context, config, 0, "Failed to allocate %lu bytes",
-		(unsigned long)strlen(t));
-	return -1;
-    }
-    if(*t == '/')
-	t++;
-    if(de_http(t) != 0) {
-	kdc_log(context, config, 0, "Malformed HTTP request from %s", d->addr_string);
-	kdc_log(context, config, 5, "HTTP request: %s", t);
-	free(data);
-	return -1;
-    }
-    proto = strtok_r(NULL, " \t", &p);
-    if (proto == NULL) {
-	kdc_log(context, config, 0, "Malformed HTTP request from %s", d->addr_string);
-	free(data);
-	return -1;
-    }
-    len = base64_decode(t, data);
-    if(len <= 0){
-	const char *msg = 
-	    " 404 Not found\r\n"
-	    "Server: Heimdal/" VERSION "\r\n"
-	    "Cache-Control: no-cache\r\n"
-	    "Pragma: no-cache\r\n"
-	    "Content-type: text/html\r\n"
-	    "Content-transfer-encoding: 8bit\r\n\r\n"
-	    "<TITLE>404 Not found</TITLE>\r\n"
-	    "<H1>404 Not found</H1>\r\n"
-	    "That page doesn't exist, maybe you are looking for "
-	    "<A HREF=\"http://www.h5l.org/\">Heimdal</A>?\r\n";
-	kdc_log(context, config, 0, "HTTP request from %s is non KDC request", d->addr_string);
-	kdc_log(context, config, 5, "HTTP request: %s", t);
-	free(data);
-	if (write(d->s, proto, strlen(proto)) < 0) {
-	    kdc_log(context, config, 0, "HTTP write failed: %s: %s", 
-		    d->addr_string, strerror(errno));
-	    return -1;
-	}
-	if (write(d->s, msg, strlen(msg)) < 0) {
-	    kdc_log(context, config, 0, "HTTP write failed: %s: %s", 
-		    d->addr_string, strerror(errno));
-	    return -1;
-	}
-	return -1;
-    }
-    {
-	const char *msg = 
-	    " 200 OK\r\n"
-	    "Server: Heimdal/" VERSION "\r\n"
-	    "Cache-Control: no-cache\r\n"
-	    "Pragma: no-cache\r\n"
-	    "Content-type: application/octet-stream\r\n"
-	    "Content-transfer-encoding: binary\r\n\r\n";
-	if (write(d->s, proto, strlen(proto)) < 0) {
-	    kdc_log(context, config, 0, "HTTP write failed: %s: %s", 
-		    d->addr_string, strerror(errno));
-	    return -1;
-	}
-	if (write(d->s, msg, strlen(msg)) < 0) {
-	    kdc_log(context, config, 0, "HTTP write failed: %s: %s", 
-		    d->addr_string, strerror(errno));
-	    return -1;
-	}
-    }
-    memcpy(d->buf, data, len);
-    d->len = len;
-    free(data);
-    return 1;
-}
-
-/*
- * Handle incoming data to the TCP socket in `d[index]'
- */
-
-static void
-handle_tcp(krb5_context context, 
-	   krb5_kdc_configuration *config,
-	   struct descr *d, int idx, int min_free)
-{
-    unsigned char buf[1024];
-    int n;
-    int ret = 0;
-
-    if (d[idx].timeout == 0) {
-	add_new_tcp (context, config, d, idx, min_free);
-	return;
-    }
-
-    n = recvfrom(d[idx].s, buf, sizeof(buf), 0, NULL, NULL);
-    if(n < 0){
-	krb5_warn(context, errno, "recvfrom failed from %s to %s/%d",
-		  d[idx].addr_string, descr_type(d + idx), 
-		  ntohs(d[idx].port));
-	return;
-    } else if (n == 0) {
-	krb5_warnx(context, "connection closed before end of data after %lu "
-		   "bytes from %s to %s/%d", (unsigned long)d[idx].len, 
-		   d[idx].addr_string, descr_type(d + idx), 
-		   ntohs(d[idx].port));
-	clear_descr (d + idx);
-	return;
-    }
-    if (grow_descr (context, config, &d[idx], n))
-	return;
-    memcpy(d[idx].buf + d[idx].len, buf, n);
-    d[idx].len += n;
-    if(d[idx].len > 4 && d[idx].buf[0] == 0) {
-	ret = handle_vanilla_tcp (context, config, &d[idx]);
-    } else if(enable_http &&
-	      d[idx].len >= 4 &&
-	      strncmp((char *)d[idx].buf, "GET ", 4) == 0 && 
-	      strncmp((char *)d[idx].buf + d[idx].len - 4,
-		      "\r\n\r\n", 4) == 0) {
-	ret = handle_http_tcp (context, config, &d[idx]);
-	if (ret < 0)
-	    clear_descr (d + idx);
-    } else if (d[idx].len > 4) {
-	kdc_log (context, config, 
-		 0, "TCP data of strange type from %s to %s/%d",
-		 d[idx].addr_string, descr_type(d + idx), 
-		 ntohs(d[idx].port));
-	if (d[idx].buf[0] & 0x80) {
-	    krb5_data reply;
-
-	    kdc_log (context, config, 0, "TCP extension not supported");
-
-	    ret = krb5_mk_error(context,
-				KRB5KRB_ERR_FIELD_TOOLONG,
-				NULL,
-				NULL,
-				NULL,
-				NULL,
-				NULL,
-				NULL,
-				&reply);
-	    if (ret == 0) {
-		send_reply(context, config, TRUE, d + idx, &reply);
-		krb5_data_free(&reply);
-	    }
-	}
-	clear_descr(d + idx);
-	return;
-    }
-    if (ret < 0)
-	return;
-    else if (ret == 1) {
-	do_request(context, config, 
-		   d[idx].buf, d[idx].len, TRUE, &d[idx]);
-	clear_descr(d + idx);
-    }
-}
-
-void
-loop(krb5_context context, 
-     krb5_kdc_configuration *config)
-{
-    struct descr *d;
-    int ndescr;
-
-    ndescr = init_sockets(context, config, &d);
-    if(ndescr <= 0)
-	krb5_errx(context, 1, "No sockets!");
-    kdc_log(context, config, 0, "KDC started");
-    while(exit_flag == 0){
-	struct timeval tmout;
-	fd_set fds;
-	int min_free = -1;
-	int max_fd = 0;
-	int i;
-
-	FD_ZERO(&fds);
-	for(i = 0; i < ndescr; i++) {
-	    if(d[i].s >= 0){
-		if(d[i].type == SOCK_STREAM && 
-		   d[i].timeout && d[i].timeout < time(NULL)) {
-		    kdc_log(context, config, 1, 
-			    "TCP-connection from %s expired after %lu bytes",
-			    d[i].addr_string, (unsigned long)d[i].len);
-		    clear_descr(&d[i]);
-		    continue;
-		}
-		if(max_fd < d[i].s)
-		    max_fd = d[i].s;
-		if (max_fd >= FD_SETSIZE)
-		    krb5_errx(context, 1, "fd too large");
-		FD_SET(d[i].s, &fds);
-	    } else if(min_free < 0 || i < min_free)
-		min_free = i;
-	}
-	if(min_free == -1){
-	    struct descr *tmp;
-	    tmp = realloc(d, (ndescr + 4) * sizeof(*d));
-	    if(tmp == NULL)
-		krb5_warnx(context, "No memory");
-	    else {
-		d = tmp;
-		reinit_descrs (d, ndescr);
-		memset(d + ndescr, 0, 4 * sizeof(*d));
-		for(i = ndescr; i < ndescr + 4; i++)
-		    init_descr (&d[i]);
-		min_free = ndescr;
-		ndescr += 4;
-	    }
-	}
-    
-	tmout.tv_sec = TCP_TIMEOUT;
-	tmout.tv_usec = 0;
-	switch(select(max_fd + 1, &fds, 0, 0, &tmout)){
-	case 0:
-	    break;
-	case -1:
-	    if (errno != EINTR)
-		krb5_warn(context, errno, "select");
-	    break;
-	default:
-	    for(i = 0; i < ndescr; i++)
-		if(d[i].s >= 0 && FD_ISSET(d[i].s, &fds)) {
-		    if(d[i].type == SOCK_DGRAM)
-			handle_udp(context, config, &d[i]);
-		    else if(d[i].type == SOCK_STREAM)
-			handle_tcp(context, config, d, i, min_free);
-		}
-	}
-    }
-    if(exit_flag == SIGXCPU)
-	kdc_log(context, config, 0, "CPU time limit exceeded");
-    else if(exit_flag == SIGINT || exit_flag == SIGTERM)
-	kdc_log(context, config, 0, "Terminated");
-    else
-	kdc_log(context, config, 0, "Unexpected exit reason: %d", exit_flag);
-    free (d);
-}
diff --git a/crypto/heimdal/kdc/default_config.c b/crypto/heimdal/kdc/default_config.c
deleted file mode 100644
index 5f336e3275db..000000000000
--- a/crypto/heimdal/kdc/default_config.c
+++ /dev/null
@@ -1,285 +0,0 @@
-/*
- * Copyright (c) 1997-2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- *
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kdc_locl.h"
-#include <getarg.h>
-#include <parse_bytes.h>
-
-RCSID("$Id: default_config.c 21405 2007-07-04 10:35:45Z lha $");
-
-krb5_error_code
-krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
-{
-    krb5_kdc_configuration *c;
-
-    c = calloc(1, sizeof(*c));
-    if (c == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    c->require_preauth = TRUE;
-    c->kdc_warn_pwexpire = 0;
-    c->encode_as_rep_as_tgs_rep = FALSE;
-    c->check_ticket_addresses = TRUE;
-    c->allow_null_ticket_addresses = TRUE;
-    c->allow_anonymous = FALSE;
-    c->trpolicy = TRPOLICY_ALWAYS_CHECK;
-    c->enable_v4 = FALSE;
-    c->enable_kaserver = FALSE;
-    c->enable_524 = FALSE;
-    c->enable_v4_cross_realm = FALSE;
-    c->enable_pkinit = FALSE;
-    c->pkinit_princ_in_cert = TRUE;
-    c->pkinit_require_binding = TRUE;
-    c->db = NULL;
-    c->num_db = 0;
-    c->logf = NULL;
-
-    c->require_preauth =
-	krb5_config_get_bool_default(context, NULL, 
-				     c->require_preauth,
-				     "kdc", "require-preauth", NULL);
-    c->enable_v4 = 
-	krb5_config_get_bool_default(context, NULL, 
-				     c->enable_v4, 
-				     "kdc", "enable-kerberos4", NULL);
-    c->enable_v4_cross_realm =
-	krb5_config_get_bool_default(context, NULL,
-				     c->enable_v4_cross_realm, 
-				     "kdc",
-				     "enable-kerberos4-cross-realm", NULL);
-    c->enable_524 =
-	krb5_config_get_bool_default(context, NULL, 
-				     c->enable_v4, 
-				     "kdc", "enable-524", NULL);
-    c->enable_digest = 
-	krb5_config_get_bool_default(context, NULL, 
-				     FALSE,
-				     "kdc", "enable-digest", NULL);
-
-    {
-	const char *digests;
-
-	digests = krb5_config_get_string(context, NULL, 
-					 "kdc", 
-					 "digests_allowed", NULL);
-	if (digests == NULL)
-	    digests = "ntlm-v2";
-	c->digests_allowed = parse_flags(digests,_kdc_digestunits, 0);
-	if (c->digests_allowed == -1) {
-	    kdc_log(context, c, 0,
-		    "unparsable digest units (%s), turning off digest",
-		    digests);
-	    c->enable_digest = 0;
-	} else if (c->digests_allowed == 0) {
-	    kdc_log(context, c, 0,
-		    "no digest enable, turning digest off",
-		    digests);
-	    c->enable_digest = 0;
-	}
-    }
-
-    c->enable_kx509 = 
-	krb5_config_get_bool_default(context, NULL, 
-				     FALSE, 
-				     "kdc", "enable-kx509", NULL);
-
-    if (c->enable_kx509) {
-	c->kx509_template =
-	    krb5_config_get_string(context, NULL, 
-				   "kdc", "kx509_template", NULL);
-	c->kx509_ca =
-	    krb5_config_get_string(context, NULL, 
-				   "kdc", "kx509_ca", NULL);
-	if (c->kx509_ca == NULL || c->kx509_template == NULL) {
-	    kdc_log(context, c, 0,
-		    "missing kx509 configuration, turning off");
-	    c->enable_kx509 = FALSE;
-	}
-    }
-
-    c->check_ticket_addresses = 
-	krb5_config_get_bool_default(context, NULL, 
-				     c->check_ticket_addresses, 
-				     "kdc", 
-				     "check-ticket-addresses", NULL);
-    c->allow_null_ticket_addresses = 
-	krb5_config_get_bool_default(context, NULL, 
-				     c->allow_null_ticket_addresses, 
-				     "kdc", 
-				     "allow-null-ticket-addresses", NULL);
-
-    c->allow_anonymous = 
-	krb5_config_get_bool_default(context, NULL, 
-				     c->allow_anonymous,
-				     "kdc", 
-				     "allow-anonymous", NULL);
-
-    c->max_datagram_reply_length =
-	krb5_config_get_int_default(context, 
-				    NULL, 
-				    1400,
-				    "kdc",
-				    "max-kdc-datagram-reply-length",
-				    NULL);
-
-    {
-	const char *trpolicy_str;
-
-	trpolicy_str = 
-	    krb5_config_get_string_default(context, NULL, "DEFAULT", "kdc", 
-					   "transited-policy", NULL);
-	if(strcasecmp(trpolicy_str, "always-check") == 0) {
-	    c->trpolicy = TRPOLICY_ALWAYS_CHECK;
-	} else if(strcasecmp(trpolicy_str, "allow-per-principal") == 0) {
-	    c->trpolicy = TRPOLICY_ALLOW_PER_PRINCIPAL;
-	} else if(strcasecmp(trpolicy_str, "always-honour-request") == 0) {
-	    c->trpolicy = TRPOLICY_ALWAYS_HONOUR_REQUEST;
-	} else if(strcasecmp(trpolicy_str, "DEFAULT") == 0) { 
-	    /* default */
-	} else {
-	    kdc_log(context, c, 0,
-		    "unknown transited-policy: %s, "
-		    "reverting to default (always-check)", 
-		    trpolicy_str);
-	}
-    }
-
-    {
-	const char *p;
-	p = krb5_config_get_string (context, NULL, 
-				    "kdc",
-				    "v4-realm",
-				    NULL);
-	if(p != NULL) {
-	    c->v4_realm = strdup(p);
-	    if (c->v4_realm == NULL)
-		krb5_errx(context, 1, "out of memory");
-	} else {
-	    c->v4_realm = NULL;
-	}
-    }
-
-    c->enable_kaserver = 
-	krb5_config_get_bool_default(context, 
-				     NULL, 
-				     c->enable_kaserver,
-				     "kdc", "enable-kaserver", NULL);
-
-
-    c->encode_as_rep_as_tgs_rep =
-	krb5_config_get_bool_default(context, NULL, 
-				     c->encode_as_rep_as_tgs_rep, 
-				     "kdc", 
-				     "encode_as_rep_as_tgs_rep", NULL);
-    
-    c->kdc_warn_pwexpire =
-	krb5_config_get_time_default (context, NULL,
-				      c->kdc_warn_pwexpire,
-				      "kdc", "kdc_warn_pwexpire", NULL);
-
-
-#ifdef PKINIT
-    c->enable_pkinit = 
-	krb5_config_get_bool_default(context, 
-				     NULL, 
-				     c->enable_pkinit,
-				     "kdc",
-				     "enable-pkinit",
-				     NULL);
-    if (c->enable_pkinit) {
-	const char *user_id, *anchors, *ocsp_file;
-	char **pool_list, **revoke_list;
-
-	user_id = 
-	    krb5_config_get_string(context, NULL,
-				   "kdc", "pkinit_identity", NULL);
-	if (user_id == NULL)
-	    krb5_errx(context, 1, "pkinit enabled but no identity");
-
-	anchors = krb5_config_get_string(context, NULL,
-					 "kdc", "pkinit_anchors", NULL);
-	if (anchors == NULL)
-	    krb5_errx(context, 1, "pkinit enabled but no X509 anchors");
-
-	pool_list =
-	    krb5_config_get_strings(context, NULL,
-				    "kdc", "pkinit_pool", NULL);
-
-	revoke_list =
-	    krb5_config_get_strings(context, NULL,
-				    "kdc", "pkinit_revoke", NULL);
-
-	ocsp_file = 
-	    krb5_config_get_string(context, NULL,
-				   "kdc", "pkinit_kdc_ocsp", NULL);
-	if (ocsp_file) {
-	    c->pkinit_kdc_ocsp_file = strdup(ocsp_file);
-	    if (c->pkinit_kdc_ocsp_file == NULL)
-		krb5_errx(context, 1, "out of memory");
-	}
-
-	_kdc_pk_initialize(context, c, user_id, anchors, 
-			   pool_list, revoke_list);
-
-	krb5_config_free_strings(pool_list);
-	krb5_config_free_strings(revoke_list);
-
-	c->pkinit_princ_in_cert = 
-	    krb5_config_get_bool_default(context, NULL,
-					 c->pkinit_princ_in_cert,
-					 "kdc",
-					 "pkinit_principal_in_certificate",
-					 NULL);
-
-	c->pkinit_require_binding = 
-	    krb5_config_get_bool_default(context, NULL,
-					 c->pkinit_require_binding,
-					 "kdc",
-					 "pkinit_win2k_require_binding",
-					 NULL);
-    }
-
-    c->pkinit_dh_min_bits =
-	krb5_config_get_int_default(context, NULL, 
-				    0,
-				    "kdc", "pkinit_dh_min_bits", NULL);
-
-#endif
-
-    *config = c;
-
-    return 0;
-}
diff --git a/crypto/heimdal/kdc/digest.c b/crypto/heimdal/kdc/digest.c
deleted file mode 100644
index b845b0f9a894..000000000000
--- a/crypto/heimdal/kdc/digest.c
+++ /dev/null
@@ -1,1456 +0,0 @@
-/*
- * Copyright (c) 2006 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kdc_locl.h"
-#include <hex.h>
-
-RCSID("$Id: digest.c 22374 2007-12-28 18:36:52Z lha $");
-
-#define MS_CHAP_V2	0x20
-#define CHAP_MD5	0x10
-#define DIGEST_MD5	0x08
-#define NTLM_V2		0x04
-#define NTLM_V1_SESSION	0x02
-#define NTLM_V1		0x01
-
-const struct units _kdc_digestunits[] = {
-	{"ms-chap-v2",		1U << 5},
-	{"chap-md5",		1U << 4},
-	{"digest-md5",		1U << 3},
-	{"ntlm-v2",		1U << 2},
-	{"ntlm-v1-session",	1U << 1},
-	{"ntlm-v1",		1U << 0},
-	{NULL,	0}
-};
-
-
-static krb5_error_code
-get_digest_key(krb5_context context,
-	       krb5_kdc_configuration *config,
-	       hdb_entry_ex *server,
-	       krb5_crypto *crypto)
-{
-    krb5_error_code ret;
-    krb5_enctype enctype;
-    Key *key;
-    
-    ret = _kdc_get_preferred_key(context,
-				 config,
-				 server,
-				 "digest-service",
-				 &enctype,
-				 &key);
-    if (ret)
-	return ret;
-    return krb5_crypto_init(context, &key->key, 0, crypto);
-}
-
-/*
- *
- */
-
-static char *
-get_ntlm_targetname(krb5_context context,
-		    hdb_entry_ex *client)
-{
-    char *targetname, *p;
-
-    targetname = strdup(krb5_principal_get_realm(context,
-						 client->entry.principal));
-    if (targetname == NULL)
-	return NULL;
-
-    p = strchr(targetname, '.');
-    if (p)
-	*p = '\0';
-
-    strupr(targetname);
-    return targetname;
-}
-
-static krb5_error_code
-fill_targetinfo(krb5_context context,
-		char *targetname,
-		hdb_entry_ex *client,
-		krb5_data *data)
-{
-    struct ntlm_targetinfo ti;
-    krb5_error_code ret;
-    struct ntlm_buf d;
-    krb5_principal p;
-    const char *str;
-
-    memset(&ti, 0, sizeof(ti));
-
-    ti.domainname = targetname;
-    p = client->entry.principal;
-    str = krb5_principal_get_comp_string(context, p, 0);
-    if (str != NULL && 
-	(strcmp("host", str) == 0 || 
-	 strcmp("ftp", str) == 0 ||
-	 strcmp("imap", str) == 0 ||
-	 strcmp("pop", str) == 0 ||
-	 strcmp("smtp", str)))
-    {
-	str = krb5_principal_get_comp_string(context, p, 1);
-	ti.dnsservername = rk_UNCONST(str);
-    }
-    
-    ret = heim_ntlm_encode_targetinfo(&ti, 1, &d);
-    if (ret)
-	return ret;
-
-    data->data = d.data;
-    data->length = d.length;
-
-    return 0;
-}
-
-
-static const unsigned char ms_chap_v2_magic1[39] = {
-    0x4D, 0x61, 0x67, 0x69, 0x63, 0x20, 0x73, 0x65, 0x72, 0x76,
-    0x65, 0x72, 0x20, 0x74, 0x6F, 0x20, 0x63, 0x6C, 0x69, 0x65,
-    0x6E, 0x74, 0x20, 0x73, 0x69, 0x67, 0x6E, 0x69, 0x6E, 0x67,
-    0x20, 0x63, 0x6F, 0x6E, 0x73, 0x74, 0x61, 0x6E, 0x74
-};
-static const unsigned char ms_chap_v2_magic2[41] = {
-    0x50, 0x61, 0x64, 0x20, 0x74, 0x6F, 0x20, 0x6D, 0x61, 0x6B,
-    0x65, 0x20, 0x69, 0x74, 0x20, 0x64, 0x6F, 0x20, 0x6D, 0x6F,
-    0x72, 0x65, 0x20, 0x74, 0x68, 0x61, 0x6E, 0x20, 0x6F, 0x6E,
-    0x65, 0x20, 0x69, 0x74, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6F,
-    0x6E
-};
-static const unsigned char ms_rfc3079_magic1[27] = {
-    0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74,
-    0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d,
-    0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79
-};
-
-/*
- *
- */
-
-static krb5_error_code
-get_password_entry(krb5_context context,
-		   krb5_kdc_configuration *config,
-		   const char *username,
-		   char **password)
-{
-    krb5_principal clientprincipal;
-    krb5_error_code ret;
-    hdb_entry_ex *user;
-    HDB *db;
-
-    /* get username */
-    ret = krb5_parse_name(context, username, &clientprincipal);
-    if (ret)
-	return ret;
-
-    ret = _kdc_db_fetch(context, config, clientprincipal,
-			HDB_F_GET_CLIENT, &db, &user);
-    krb5_free_principal(context, clientprincipal);
-    if (ret)
-	return ret;
-
-    ret = hdb_entry_get_password(context, db, &user->entry, password);
-    if (ret || password == NULL) {
-	if (ret == 0) {
-	    ret = EINVAL;
-	    krb5_set_error_string(context, "password missing");
-	}
-	memset(user, 0, sizeof(*user));
-    }
-    _kdc_free_ent (context, user);
-    return ret;
-}
-
-/*
- *
- */
-
-krb5_error_code
-_kdc_do_digest(krb5_context context, 
-	       krb5_kdc_configuration *config,
-	       const DigestREQ *req, krb5_data *reply,
-	       const char *from, struct sockaddr *addr)
-{
-    krb5_error_code ret = 0;
-    krb5_ticket *ticket = NULL;
-    krb5_auth_context ac = NULL;
-    krb5_keytab id = NULL;
-    krb5_crypto crypto = NULL;
-    DigestReqInner ireq;
-    DigestRepInner r;
-    DigestREP rep;
-    krb5_flags ap_req_options;
-    krb5_data buf;
-    size_t size;
-    krb5_storage *sp = NULL;
-    Checksum res;
-    hdb_entry_ex *server = NULL, *user = NULL;
-    hdb_entry_ex *client = NULL;
-    char *client_name = NULL, *password = NULL;
-    krb5_data serverNonce;
-
-    if(!config->enable_digest) {
-	kdc_log(context, config, 0, 
-		"Rejected digest request (disabled) from %s", from);
-	return KRB5KDC_ERR_POLICY;
-    }
-
-    krb5_data_zero(&buf);
-    krb5_data_zero(reply);
-    krb5_data_zero(&serverNonce);
-    memset(&ireq, 0, sizeof(ireq));
-    memset(&r, 0, sizeof(r));
-    memset(&rep, 0, sizeof(rep));
-
-    kdc_log(context, config, 0, "Digest request from %s", from);
-
-    ret = krb5_kt_resolve(context, "HDB:", &id);
-    if (ret) {
-	kdc_log(context, config, 0, "Can't open database for digest");
-	goto out;
-    }
-
-    ret = krb5_rd_req(context, 
-		      &ac,
-		      &req->apReq,
-		      NULL,
-		      id,
-		      &ap_req_options,
-		      &ticket);
-    if (ret)
-	goto out;
-
-    /* check the server principal in the ticket matches digest/R@R */
-    {
-	krb5_principal principal = NULL;
-	const char *p, *r;
-
-	ret = krb5_ticket_get_server(context, ticket, &principal);
-	if (ret)
-	    goto out;
-
-	ret = EINVAL;
-	krb5_set_error_string(context, "Wrong digest server principal used");
-	p = krb5_principal_get_comp_string(context, principal, 0);
-	if (p == NULL) {
-	    krb5_free_principal(context, principal);
-	    goto out;
-	}
-	if (strcmp(p, KRB5_DIGEST_NAME) != 0) {
-	    krb5_free_principal(context, principal);
-	    goto out;
-	}
-
-	p = krb5_principal_get_comp_string(context, principal, 1);
-	if (p == NULL) {
-	    krb5_free_principal(context, principal);
-	    goto out;
-	}
-	r = krb5_principal_get_realm(context, principal);
-	if (r == NULL) {
-	    krb5_free_principal(context, principal);
-	    goto out;
-	}
-	if (strcmp(p, r) != 0) {
-	    krb5_free_principal(context, principal);
-	    goto out;
-	}
-	krb5_clear_error_string(context);
-
-	ret = _kdc_db_fetch(context, config, principal,
-			    HDB_F_GET_SERVER, NULL, &server);
-	if (ret)
-	    goto out;
-
-	krb5_free_principal(context, principal);
-    }
-
-    /* check the client is allowed to do digest auth */
-    {
-	krb5_principal principal = NULL;
-
-	ret = krb5_ticket_get_client(context, ticket, &principal);
-	if (ret)
-	    goto out;
-
-	ret = krb5_unparse_name(context, principal, &client_name);
-	if (ret) {
-	    krb5_free_principal(context, principal);
-	    goto out;
-	}
-
-	ret = _kdc_db_fetch(context, config, principal,
-			    HDB_F_GET_CLIENT, NULL, &client);
-	krb5_free_principal(context, principal);
-	if (ret)
-	    goto out;
-
-	if (client->entry.flags.allow_digest == 0) {
-	    kdc_log(context, config, 0, 
-		    "Client %s tried to use digest "
-		    "but is not allowed to", 
-		    client_name);
-	    krb5_set_error_string(context, 
-				  "Client is not permitted to use digest");
-	    ret = KRB5KDC_ERR_POLICY;
-	    goto out;
-	}
-    }
-
-    /* unpack request */
-    {
-	krb5_keyblock *key;
-
-	ret = krb5_auth_con_getremotesubkey(context, ac, &key);
-	if (ret)
-	    goto out;
-	if (key == NULL) {
-	    krb5_set_error_string(context, "digest: remote subkey not found");
-	    ret = EINVAL;
-	    goto out;
-	}
-
-	ret = krb5_crypto_init(context, key, 0, &crypto);
-	krb5_free_keyblock (context, key);
-	if (ret)
-	    goto out;
-    }
-
-    ret = krb5_decrypt_EncryptedData(context, crypto, KRB5_KU_DIGEST_ENCRYPT,
-				     &req->innerReq, &buf);
-    krb5_crypto_destroy(context, crypto);
-    crypto = NULL;
-    if (ret)
-	goto out;
-	   
-    ret = decode_DigestReqInner(buf.data, buf.length, &ireq, NULL);
-    krb5_data_free(&buf);
-    if (ret) {
-	krb5_set_error_string(context, "Failed to decode digest inner request");
-	goto out;
-    }
-
-    kdc_log(context, config, 0, "Valid digest request from %s (%s)", 
-	    client_name, from);
-
-    /*
-     * Process the inner request
-     */
-
-    switch (ireq.element) {
-    case choice_DigestReqInner_init: {
-	unsigned char server_nonce[16], identifier;
-
-	RAND_pseudo_bytes(&identifier, sizeof(identifier));
-	RAND_pseudo_bytes(server_nonce, sizeof(server_nonce));
-
-	server_nonce[0] = kdc_time & 0xff;
-	server_nonce[1] = (kdc_time >> 8) & 0xff;
-	server_nonce[2] = (kdc_time >> 16) & 0xff;
-	server_nonce[3] = (kdc_time >> 24) & 0xff;
-
-	r.element = choice_DigestRepInner_initReply;
-
-	hex_encode(server_nonce, sizeof(server_nonce), &r.u.initReply.nonce);
-	if (r.u.initReply.nonce == NULL) {
-	    krb5_set_error_string(context, "Failed to decode server nonce");
-	    ret = ENOMEM;
-	    goto out;
-	}
-
-	sp = krb5_storage_emem();
-	if (sp == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string(context, "out of memory");
-	    goto out;
-	}
-	ret = krb5_store_stringz(sp, ireq.u.init.type);
-	if (ret) {
-	    krb5_clear_error_string(context);
-	    goto out;
-	}
-
-	if (ireq.u.init.channel) {
-	    char *s;
-
-	    asprintf(&s, "%s-%s:%s", r.u.initReply.nonce,
-		     ireq.u.init.channel->cb_type,
-		     ireq.u.init.channel->cb_binding);
-	    if (s == NULL) {
-		krb5_set_error_string(context, "Failed to allocate "
-				      "channel binding");
-		ret = ENOMEM;
-		goto out;
-	    }
-	    free(r.u.initReply.nonce);
-	    r.u.initReply.nonce = s;
-	}
-	
-	ret = krb5_store_stringz(sp, r.u.initReply.nonce);
-	if (ret) {
-	    krb5_clear_error_string(context);
-	    goto out;
-	}
-
-	if (strcasecmp(ireq.u.init.type, "CHAP") == 0) {
-	    r.u.initReply.identifier = 
-		malloc(sizeof(*r.u.initReply.identifier));
-	    if (r.u.initReply.identifier == NULL) {
-		krb5_set_error_string(context, "out of memory");
-		ret = ENOMEM;
-		goto out;
-	    }
-
-	    asprintf(r.u.initReply.identifier, "%02X", identifier & 0xff);
-	    if (*r.u.initReply.identifier == NULL) {
-		krb5_set_error_string(context, "out of memory");
-		ret = ENOMEM;
-		goto out;
-	    }
-
-	} else
-	    r.u.initReply.identifier = NULL;
-
-	if (ireq.u.init.hostname) {
-	    ret = krb5_store_stringz(sp, *ireq.u.init.hostname);
-	    if (ret) {
-		krb5_clear_error_string(context);
-		goto out;
-	    }
-	}
-
-	ret = krb5_storage_to_data(sp, &buf);
-	if (ret) {
-	    krb5_clear_error_string(context);
-	    goto out;
-	}
-
-	ret = get_digest_key(context, config, server, &crypto);
-	if (ret)
-	    goto out;
-
-	ret = krb5_create_checksum(context,
-				   crypto,
-				   KRB5_KU_DIGEST_OPAQUE,
-				   0,
-				   buf.data,
-				   buf.length,
-				   &res);
-	krb5_crypto_destroy(context, crypto);
-	crypto = NULL;
-	krb5_data_free(&buf);
-	if (ret)
-	    goto out;
-	
-	ASN1_MALLOC_ENCODE(Checksum, buf.data, buf.length, &res, &size, ret);
-	free_Checksum(&res);
-	if (ret) {
-	    krb5_set_error_string(context, "Failed to encode "
-				  "checksum in digest request");
-	    goto out;
-	}
-	if (size != buf.length)
-	    krb5_abortx(context, "ASN1 internal error");
-
-	hex_encode(buf.data, buf.length, &r.u.initReply.opaque);
-	free(buf.data);
-	if (r.u.initReply.opaque == NULL) {
-	    krb5_clear_error_string(context);
-	    ret = ENOMEM;
-	    goto out;
-	}
-
-	kdc_log(context, config, 0, "Digest %s init request successful from %s",
-		ireq.u.init.type, from);
-
-	break;
-    }
-    case choice_DigestReqInner_digestRequest: {
-	sp = krb5_storage_emem();
-	if (sp == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string(context, "out of memory");
-	    goto out;
-	}
-	ret = krb5_store_stringz(sp, ireq.u.digestRequest.type);
-	if (ret) {
-	    krb5_clear_error_string(context);
-	    goto out;
-	}
-
-	krb5_store_stringz(sp, ireq.u.digestRequest.serverNonce);
-
-	if (ireq.u.digestRequest.hostname) {
-	    ret = krb5_store_stringz(sp, *ireq.u.digestRequest.hostname);
-	    if (ret) {
-		krb5_clear_error_string(context);
-		goto out;
-	    }
-	}
-
-	buf.length = strlen(ireq.u.digestRequest.opaque);
-	buf.data = malloc(buf.length);
-	if (buf.data == NULL) {
-	    krb5_set_error_string(context, "out of memory");
-	    ret = ENOMEM;
-	    goto out;
-	}
-
-	ret = hex_decode(ireq.u.digestRequest.opaque, buf.data, buf.length);
-	if (ret <= 0) {
-	    krb5_set_error_string(context, "Failed to decode opaque");
-	    ret = ENOMEM;
-	    goto out;
-	}
-	buf.length = ret;
-
-	ret = decode_Checksum(buf.data, buf.length, &res, NULL);
-	free(buf.data);
-	if (ret) {
-	    krb5_set_error_string(context, "Failed to decode digest Checksum");
-	    goto out;
-	}
-	
-	ret = krb5_storage_to_data(sp, &buf);
-	if (ret) {
-	    krb5_clear_error_string(context);
-	    goto out;
-	}
-
-	serverNonce.length = strlen(ireq.u.digestRequest.serverNonce);
-	serverNonce.data = malloc(serverNonce.length);
-	if (serverNonce.data == NULL) {
-	    krb5_set_error_string(context, "out of memory");
-	    ret = ENOMEM;
-	    goto out;
-	}
-	    
-	/*
-	 * CHAP does the checksum of the raw nonce, but do it for all
-	 * types, since we need to check the timestamp.
-	 */
-	{
-	    ssize_t ssize;
-	    
-	    ssize = hex_decode(ireq.u.digestRequest.serverNonce, 
-			       serverNonce.data, serverNonce.length);
-	    if (ssize <= 0) {
-		krb5_set_error_string(context, "Failed to decode serverNonce");
-		ret = ENOMEM;
-		goto out;
-	    }
-	    serverNonce.length = ssize;
-	}
-
-	ret = get_digest_key(context, config, server, &crypto);
-	if (ret)
-	    goto out;
-
-	ret = krb5_verify_checksum(context, crypto, 
-				   KRB5_KU_DIGEST_OPAQUE,
-				   buf.data, buf.length, &res);
-	krb5_crypto_destroy(context, crypto);
-	crypto = NULL;
-	if (ret)
-	    goto out;
-
-	/* verify time */
-	{
-	    unsigned char *p = serverNonce.data;
-	    uint32_t t;
-	    
-	    if (serverNonce.length < 4) {
-		krb5_set_error_string(context, "server nonce too short");
-		ret = EINVAL;
-		goto out;
-	    }
-	    t = p[0] | (p[1] << 8) | (p[2] << 16) | (p[3] << 24);
-
-	    if (abs((kdc_time & 0xffffffff) - t) > context->max_skew) {
-		krb5_set_error_string(context, "time screw in server nonce ");
-		ret = EINVAL;
-		goto out;
-	    }
-	}
-
-	if (strcasecmp(ireq.u.digestRequest.type, "CHAP") == 0) {
-	    MD5_CTX ctx;
-	    unsigned char md[MD5_DIGEST_LENGTH];
-	    char *mdx;
-	    char id;
-
-	    if ((config->digests_allowed & CHAP_MD5) == 0) {
-		kdc_log(context, config, 0, "Digest CHAP MD5 not allowed");
-		goto out;
-	    }
-
-	    if (ireq.u.digestRequest.identifier == NULL) {
-		krb5_set_error_string(context, "Identifier missing "
-				      "from CHAP request");
-		ret = EINVAL;
-		goto out;
-	    }
-	    
-	    if (hex_decode(*ireq.u.digestRequest.identifier, &id, 1) != 1) {
-		krb5_set_error_string(context, "failed to decode identifier");
-		ret = EINVAL;
-		goto out;
-	    }
-	    
-	    ret = get_password_entry(context, config, 
-				     ireq.u.digestRequest.username,
-				     &password);
-	    if (ret)
-		goto out;
-
-	    MD5_Init(&ctx);
-	    MD5_Update(&ctx, &id, 1);
-	    MD5_Update(&ctx, password, strlen(password));
-	    MD5_Update(&ctx, serverNonce.data, serverNonce.length);
-	    MD5_Final(md, &ctx);
-
-	    hex_encode(md, sizeof(md), &mdx);
-	    if (mdx == NULL) {
-		krb5_clear_error_string(context);
-		ret = ENOMEM;
-		goto out;
-	    }
-
-	    r.element = choice_DigestRepInner_response;
-
-	    ret = strcasecmp(mdx, ireq.u.digestRequest.responseData);
-	    free(mdx);
-	    if (ret == 0) {
-		r.u.response.success = TRUE;
-	    } else {
-		kdc_log(context, config, 0, 
-			"CHAP reply mismatch for %s",
-			ireq.u.digestRequest.username);
-		r.u.response.success = FALSE;
-	    }
-
-	} else if (strcasecmp(ireq.u.digestRequest.type, "SASL-DIGEST-MD5") == 0) {
-	    MD5_CTX ctx;
-	    unsigned char md[MD5_DIGEST_LENGTH];
-	    char *mdx;
-	    char *A1, *A2;
-
-	    if ((config->digests_allowed & DIGEST_MD5) == 0) {
-		kdc_log(context, config, 0, "Digest SASL MD5 not allowed");
-		goto out;
-	    }
-
-	    if (ireq.u.digestRequest.nonceCount == NULL) 
-		goto out;
-	    if (ireq.u.digestRequest.clientNonce == NULL) 
-		goto out;
-	    if (ireq.u.digestRequest.qop == NULL) 
-		goto out;
-	    if (ireq.u.digestRequest.realm == NULL) 
-		goto out;
-	    
-	    ret = get_password_entry(context, config, 
-				     ireq.u.digestRequest.username,
-				     &password);
-	    if (ret)
-		goto failed;
-
-	    MD5_Init(&ctx);
-	    MD5_Update(&ctx, ireq.u.digestRequest.username,
-		       strlen(ireq.u.digestRequest.username));
-	    MD5_Update(&ctx, ":", 1);
-	    MD5_Update(&ctx, *ireq.u.digestRequest.realm,
-		       strlen(*ireq.u.digestRequest.realm));
-	    MD5_Update(&ctx, ":", 1);
-	    MD5_Update(&ctx, password, strlen(password));
-	    MD5_Final(md, &ctx);
-	    
-	    MD5_Init(&ctx);
-	    MD5_Update(&ctx, md, sizeof(md));
-	    MD5_Update(&ctx, ":", 1);
-	    MD5_Update(&ctx, ireq.u.digestRequest.serverNonce,
-		       strlen(ireq.u.digestRequest.serverNonce));
-	    MD5_Update(&ctx, ":", 1);
-	    MD5_Update(&ctx, *ireq.u.digestRequest.nonceCount,
-		       strlen(*ireq.u.digestRequest.nonceCount));
-	    if (ireq.u.digestRequest.authid) {
-		MD5_Update(&ctx, ":", 1);
-		MD5_Update(&ctx, *ireq.u.digestRequest.authid,
-			   strlen(*ireq.u.digestRequest.authid));
-	    }
-	    MD5_Final(md, &ctx);
-	    hex_encode(md, sizeof(md), &A1);
-	    if (A1 == NULL) {
-		krb5_set_error_string(context, "out of memory");
-		ret = ENOMEM;
-		goto failed;
-	    }
-	    
-	    MD5_Init(&ctx);
-	    MD5_Update(&ctx, "AUTHENTICATE:", sizeof("AUTHENTICATE:") - 1);
-	    MD5_Update(&ctx, *ireq.u.digestRequest.uri,
-		       strlen(*ireq.u.digestRequest.uri));
-	
-	    /* conf|int */
-	    if (strcmp(ireq.u.digestRequest.digest, "clear") != 0) {
-		static char conf_zeros[] = ":00000000000000000000000000000000";
-		MD5_Update(&ctx, conf_zeros, sizeof(conf_zeros) - 1);
-	    }
-	    
-	    MD5_Final(md, &ctx);
-	    hex_encode(md, sizeof(md), &A2);
-	    if (A2 == NULL) {
-		krb5_set_error_string(context, "out of memory");
-		ret = ENOMEM;
-		free(A1);
-		goto failed;
-	    }
-
-	    MD5_Init(&ctx);
-	    MD5_Update(&ctx, A1, strlen(A2));
-	    MD5_Update(&ctx, ":", 1);
-	    MD5_Update(&ctx, ireq.u.digestRequest.serverNonce,
-		       strlen(ireq.u.digestRequest.serverNonce));
-	    MD5_Update(&ctx, ":", 1);
-	    MD5_Update(&ctx, *ireq.u.digestRequest.nonceCount,
-		       strlen(*ireq.u.digestRequest.nonceCount));
-	    MD5_Update(&ctx, ":", 1);
-	    MD5_Update(&ctx, *ireq.u.digestRequest.clientNonce,
-		       strlen(*ireq.u.digestRequest.clientNonce));
-	    MD5_Update(&ctx, ":", 1);
-	    MD5_Update(&ctx, *ireq.u.digestRequest.qop,
-		       strlen(*ireq.u.digestRequest.qop));
-	    MD5_Update(&ctx, ":", 1);
-	    MD5_Update(&ctx, A2, strlen(A2));
-
-	    MD5_Final(md, &ctx);
-
-	    free(A1);
-	    free(A2);
-
-	    hex_encode(md, sizeof(md), &mdx);
-	    if (mdx == NULL) {
-		krb5_clear_error_string(context);
-		ret = ENOMEM;
-		goto out;
-	    }
-
-	    r.element = choice_DigestRepInner_response;
-	    ret = strcasecmp(mdx, ireq.u.digestRequest.responseData);
-	    free(mdx);
-	    if (ret == 0) {
-		r.u.response.success = TRUE;
-	    } else {
-		kdc_log(context, config, 0, 
-			"DIGEST-MD5 reply mismatch for %s",
-			ireq.u.digestRequest.username);
-		r.u.response.success = FALSE;
-	    }
-
-	} else if (strcasecmp(ireq.u.digestRequest.type, "MS-CHAP-V2") == 0) {
-	    unsigned char md[SHA_DIGEST_LENGTH], challange[SHA_DIGEST_LENGTH];
-	    krb5_principal clientprincipal = NULL;
-	    char *mdx;
-	    const char *username;
-	    struct ntlm_buf answer;
-	    Key *key = NULL;
-	    SHA_CTX ctx;
-
-	    if ((config->digests_allowed & MS_CHAP_V2) == 0) {
-		kdc_log(context, config, 0, "MS-CHAP-V2 not allowed");
-		goto failed;
-	    }
-
-	    if (ireq.u.digestRequest.clientNonce == NULL)  {
-		krb5_set_error_string(context, 
-				      "MS-CHAP-V2 clientNonce missing");
-		ret = EINVAL;
-		goto failed;
-	    }	    
-	    if (serverNonce.length != 16) {
-		krb5_set_error_string(context, 
-				      "MS-CHAP-V2 serverNonce wrong length");
-		ret = EINVAL;
-		goto failed;
-	    }
-
-	    /* strip of the domain component */
-	    username = strchr(ireq.u.digestRequest.username, '\\');
-	    if (username == NULL)
-		username = ireq.u.digestRequest.username;
-	    else
-		username++;
-
-	    /* ChallangeHash */
-	    SHA1_Init(&ctx);
-	    {
-		ssize_t ssize;
-		krb5_data clientNonce;
-		
-		clientNonce.length = strlen(*ireq.u.digestRequest.clientNonce);
-		clientNonce.data = malloc(clientNonce.length);
-		if (clientNonce.data == NULL) {
-		    ret = ENOMEM;
-		    krb5_set_error_string(context, "out of memory");
-		    goto out;
-		}
-
-		ssize = hex_decode(*ireq.u.digestRequest.clientNonce, 
-				   clientNonce.data, clientNonce.length);
-		if (ssize != 16) {
-		    krb5_set_error_string(context, 
-					  "Failed to decode clientNonce");
-		    ret = ENOMEM;
-		    goto out;
-		}
-		SHA1_Update(&ctx, clientNonce.data, ssize);
-		free(clientNonce.data);
-	    }
-	    SHA1_Update(&ctx, serverNonce.data, serverNonce.length);
-	    SHA1_Update(&ctx, username, strlen(username));
-	    SHA1_Final(challange, &ctx);
-
-	    /* NtPasswordHash */
-	    ret = krb5_parse_name(context, username, &clientprincipal);
-	    if (ret)
-		goto failed;
-	    
-	    ret = _kdc_db_fetch(context, config, clientprincipal,
-				HDB_F_GET_CLIENT, NULL, &user);
-	    krb5_free_principal(context, clientprincipal);
-	    if (ret) {
-		krb5_set_error_string(context, 
-				      "MS-CHAP-V2 user %s not in database",
-				      username);
-		goto failed;
-	    }
-
-	    ret = hdb_enctype2key(context, &user->entry, 
-				  ETYPE_ARCFOUR_HMAC_MD5, &key);
-	    if (ret) {
-		krb5_set_error_string(context, 
-				      "MS-CHAP-V2 missing arcfour key %s",
-				      username);
-		goto failed;
-	    }
-
-	    /* ChallengeResponse */
-	    ret = heim_ntlm_calculate_ntlm1(key->key.keyvalue.data,
-					    key->key.keyvalue.length,
-					    challange, &answer);
-	    if (ret) {
-		krb5_set_error_string(context, "NTLM missing arcfour key");
-		goto failed;
-	    }
-	    
-	    hex_encode(answer.data, answer.length, &mdx);
-	    if (mdx == NULL) {
-		free(answer.data);
-		krb5_clear_error_string(context);
-		ret = ENOMEM;
-		goto out;
-	    }
-
-	    r.element = choice_DigestRepInner_response;
-	    ret = strcasecmp(mdx, ireq.u.digestRequest.responseData);
-	    if (ret == 0) {
-		r.u.response.success = TRUE;
-	    } else {
-		kdc_log(context, config, 0, 
-			"MS-CHAP-V2 hash mismatch for %s",
-			ireq.u.digestRequest.username);
-		r.u.response.success = FALSE;
-	    }
-	    free(mdx);
-
-	    if (r.u.response.success) {
-		unsigned char hashhash[MD4_DIGEST_LENGTH];
-
-		/* hashhash */
-		{
-		    MD4_CTX hctx;
-
-		    MD4_Init(&hctx);
-		    MD4_Update(&hctx, key->key.keyvalue.data, 
-			       key->key.keyvalue.length);
-		    MD4_Final(hashhash, &hctx);
-		}
-
-		/* GenerateAuthenticatorResponse */
-		SHA1_Init(&ctx);
-		SHA1_Update(&ctx, hashhash, sizeof(hashhash));
-		SHA1_Update(&ctx, answer.data, answer.length);
-		SHA1_Update(&ctx, ms_chap_v2_magic1,sizeof(ms_chap_v2_magic1));
-		SHA1_Final(md, &ctx);
-
-		SHA1_Init(&ctx);
-		SHA1_Update(&ctx, md, sizeof(md));
-		SHA1_Update(&ctx, challange, 8);
-		SHA1_Update(&ctx, ms_chap_v2_magic2, sizeof(ms_chap_v2_magic2));
-		SHA1_Final(md, &ctx);
-
-		r.u.response.rsp = calloc(1, sizeof(*r.u.response.rsp));
-		if (r.u.response.rsp == NULL) {
-		    free(answer.data);
-		    krb5_clear_error_string(context);
-		    ret = ENOMEM;
-		    goto out;
-		}
-
-		hex_encode(md, sizeof(md), r.u.response.rsp);
-		if (r.u.response.rsp == NULL) {
-		    free(answer.data);
-		    krb5_clear_error_string(context);
-		    ret = ENOMEM;
-		    goto out;
-		}
-
-		/* get_master, rfc 3079 3.4 */
-		SHA1_Init(&ctx);
-		SHA1_Update(&ctx, hashhash, 16); /* md4(hash) */
-		SHA1_Update(&ctx, answer.data, answer.length);
-		SHA1_Update(&ctx, ms_rfc3079_magic1, sizeof(ms_rfc3079_magic1));
-		SHA1_Final(md, &ctx);
-
-		free(answer.data);
-
-		r.u.response.session_key = 
-		    calloc(1, sizeof(*r.u.response.session_key));
-		if (r.u.response.session_key == NULL) {
-		    krb5_clear_error_string(context);
-		    ret = ENOMEM;
-		    goto out;
-		}
-
-		ret = krb5_data_copy(r.u.response.session_key, md, 16);
-		if (ret) {
-		    krb5_clear_error_string(context);
-		    goto out;
-		}
-	    }
-
-	} else {
-	    r.element = choice_DigestRepInner_error;
-	    asprintf(&r.u.error.reason, "Unsupported digest type %s", 
-		     ireq.u.digestRequest.type);
-	    if (r.u.error.reason == NULL) {
-		krb5_set_error_string(context, "out of memory");
-		ret = ENOMEM;
-		goto out;
-	    }
-	    r.u.error.code = EINVAL;
-	}
-
-	kdc_log(context, config, 0, "Digest %s request successful %s",
-		ireq.u.digestRequest.type, ireq.u.digestRequest.username);
-
-	break;
-    }
-    case choice_DigestReqInner_ntlmInit:
-
-	if ((config->digests_allowed & (NTLM_V1|NTLM_V1_SESSION|NTLM_V2)) == 0) {
-	    kdc_log(context, config, 0, "NTLM not allowed");
-	    goto failed;
-	}
-
-	r.element = choice_DigestRepInner_ntlmInitReply;
-
-	r.u.ntlmInitReply.flags = NTLM_NEG_UNICODE;
-
-	if ((ireq.u.ntlmInit.flags & NTLM_NEG_UNICODE) == 0) {
-	    kdc_log(context, config, 0, "NTLM client have no unicode");
-	    goto failed;
-	}
-
-	if (ireq.u.ntlmInit.flags & NTLM_NEG_NTLM)
-	    r.u.ntlmInitReply.flags |= NTLM_NEG_NTLM;
-	else {
-	    kdc_log(context, config, 0, "NTLM client doesn't support NTLM");
-	    goto failed;
-	}
-
-	r.u.ntlmInitReply.flags |= 
-	    NTLM_NEG_TARGET |
-	    NTLM_TARGET_DOMAIN |
-	    NTLM_ENC_128;
-
-#define ALL					\
-	NTLM_NEG_SIGN|				\
-	    NTLM_NEG_SEAL|			\
-	    NTLM_NEG_ALWAYS_SIGN|		\
-	    NTLM_NEG_NTLM2_SESSION|		\
-	    NTLM_NEG_KEYEX
-
-	r.u.ntlmInitReply.flags |= (ireq.u.ntlmInit.flags & (ALL));
-
-#undef ALL
-
-	r.u.ntlmInitReply.targetname = 
-	    get_ntlm_targetname(context, client);
-	if (r.u.ntlmInitReply.targetname == NULL) {
-	    krb5_set_error_string(context, "out of memory");
-	    ret = ENOMEM;
-	    goto out;
-	}
-	r.u.ntlmInitReply.challange.data = malloc(8);
-	if (r.u.ntlmInitReply.challange.data == NULL) {
-	    krb5_set_error_string(context, "out of memory");
-	    ret = ENOMEM;
-	    goto out;
-	}
-	r.u.ntlmInitReply.challange.length = 8;
-	if (RAND_bytes(r.u.ntlmInitReply.challange.data,
-		       r.u.ntlmInitReply.challange.length) != 1) 
-	{
-	    krb5_set_error_string(context, "out of random error");
-	    ret = ENOMEM;
-	    goto out;
-	}
-	/* XXX fix targetinfo */
-	ALLOC(r.u.ntlmInitReply.targetinfo);
-	if (r.u.ntlmInitReply.targetinfo == NULL) {
-	    krb5_set_error_string(context, "out of memory");
-	    ret = ENOMEM;
-	    goto out;
-	}
-
-	ret = fill_targetinfo(context,
-			      r.u.ntlmInitReply.targetname,
-			      client,
-			      r.u.ntlmInitReply.targetinfo);
-	if (ret) {
-	    krb5_set_error_string(context, "out of memory");
-	    ret = ENOMEM;
-	    goto out;
-	}
-
-	/* 
-	 * Save data encryted in opaque for the second part of the
-	 * ntlm authentication
-	 */
-	sp = krb5_storage_emem();
-	if (sp == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string(context, "out of memory");
-	    goto out;
-	}
-	
-	ret = krb5_storage_write(sp, r.u.ntlmInitReply.challange.data, 8);
-	if (ret != 8) {
-	    ret = ENOMEM;
-	    krb5_set_error_string(context, "storage write challange");
-	    goto out;
-	}
-	ret = krb5_store_uint32(sp, r.u.ntlmInitReply.flags);
-	if (ret) {
-	    krb5_clear_error_string(context);
-	    goto out;
-	}
-
-	ret = krb5_storage_to_data(sp, &buf);
-	if (ret) {
-	    krb5_clear_error_string(context);
-	    goto out;
-	}
-
-	ret = get_digest_key(context, config, server, &crypto);
-	if (ret)
-	    goto out;
-
-	ret = krb5_encrypt(context, crypto, KRB5_KU_DIGEST_OPAQUE,
-			   buf.data, buf.length, &r.u.ntlmInitReply.opaque);
-	krb5_data_free(&buf);
-	krb5_crypto_destroy(context, crypto);
-	crypto = NULL;
-	if (ret)
-	    goto out;
-
-	kdc_log(context, config, 0, "NTLM init from %s", from);
-
-	break;
-
-    case choice_DigestReqInner_ntlmRequest: {
-	krb5_principal clientprincipal;
-	unsigned char sessionkey[16];
-	unsigned char challange[8];
-	uint32_t flags;
-	Key *key = NULL;
-	int version;
-	    
-	r.element = choice_DigestRepInner_ntlmResponse;
-	r.u.ntlmResponse.success = 0;
-	r.u.ntlmResponse.flags = 0;
-	r.u.ntlmResponse.sessionkey = NULL;
-	r.u.ntlmResponse.tickets = NULL;
-
-	/* get username */
-	ret = krb5_parse_name(context,
-			      ireq.u.ntlmRequest.username,
-			      &clientprincipal);
-	if (ret)
-	    goto failed;
-
-	ret = _kdc_db_fetch(context, config, clientprincipal,
-			    HDB_F_GET_CLIENT, NULL, &user);
-	krb5_free_principal(context, clientprincipal);
-	if (ret) {
-	    krb5_set_error_string(context, "NTLM user %s not in database",
-				  ireq.u.ntlmRequest.username);
-	    goto failed;
-	}
-
-	ret = get_digest_key(context, config, server, &crypto);
-	if (ret)
-	    goto failed;
-
-	ret = krb5_decrypt(context, crypto, KRB5_KU_DIGEST_OPAQUE,
-			   ireq.u.ntlmRequest.opaque.data,
-			   ireq.u.ntlmRequest.opaque.length, &buf);
-	krb5_crypto_destroy(context, crypto);
-	crypto = NULL;
-	if (ret) {
-	    kdc_log(context, config, 0, 
-		    "Failed to decrypt nonce from %s", from);
-	    goto failed;
-	}
-
-	sp = krb5_storage_from_data(&buf);
-	if (sp == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string(context, "out of memory");
-	    goto out;
-	}
-	
-	ret = krb5_storage_read(sp, challange, sizeof(challange));
-	if (ret != sizeof(challange)) {
-	    krb5_set_error_string(context, "NTLM storage read challange");
-	    ret = ENOMEM;
-	    goto out;
-	}
-	ret = krb5_ret_uint32(sp, &flags);
-	if (ret) {
-	    krb5_set_error_string(context, "NTLM storage read flags");
-	    goto out;
-	}
-	krb5_data_free(&buf);
-
-	if ((flags & NTLM_NEG_NTLM) == 0) {
-	    ret = EINVAL;
-	    krb5_set_error_string(context, "NTLM not negotiated");
-	    goto out;
-	}
-
-	ret = hdb_enctype2key(context, &user->entry, 
-			      ETYPE_ARCFOUR_HMAC_MD5, &key);
-	if (ret) {
-	    krb5_set_error_string(context, "NTLM missing arcfour key");
-	    goto out;
-	}
-
-	/* check if this is NTLMv2 */
-	if (ireq.u.ntlmRequest.ntlm.length != 24) {
-	    struct ntlm_buf infotarget, answer;
-	    char *targetname;
-
-	    if ((config->digests_allowed & NTLM_V2) == 0) {
-		kdc_log(context, config, 0, "NTLM v2 not allowed");
-		goto out;
-	    }
-
-	    version = 2;
-
-	    targetname = get_ntlm_targetname(context, client);
-	    if (targetname == NULL) {
-		krb5_set_error_string(context, "out of memory");
-		ret = ENOMEM;
-		goto out;
-	    }
-
-	    answer.length = ireq.u.ntlmRequest.ntlm.length;
-	    answer.data = ireq.u.ntlmRequest.ntlm.data;
-
-	    ret = heim_ntlm_verify_ntlm2(key->key.keyvalue.data,
-					 key->key.keyvalue.length,
-					 ireq.u.ntlmRequest.username,
-					 targetname,
-					 0,
-					 challange,
-					 &answer,
-					 &infotarget,
-					 sessionkey);
-	    free(targetname);
-	    if (ret) {
-		krb5_set_error_string(context, "NTLM v2 verify failed");
-		goto failed;
-	    }
-
-	    /* XXX verify infotarget matches client (checksum ?) */
-
-	    free(infotarget.data);
-	    /* */
-
-	} else {
-	    struct ntlm_buf answer;
-
-	    version = 1;
-
-	    if (flags & NTLM_NEG_NTLM2_SESSION) {
-		unsigned char sessionhash[MD5_DIGEST_LENGTH];
-		MD5_CTX md5ctx;
-		
-		if ((config->digests_allowed & NTLM_V1_SESSION) == 0) {
-		    kdc_log(context, config, 0, "NTLM v1-session not allowed");
-		    ret = EINVAL;
-		    goto failed;
-		}
-
-		if (ireq.u.ntlmRequest.lm.length != 24) {
-		    krb5_set_error_string(context, "LM hash have wrong length "
-					  "for NTLM session key");
-		    ret = EINVAL;
-		    goto failed;
-		}
-		
-		MD5_Init(&md5ctx);
-		MD5_Update(&md5ctx, challange, sizeof(challange));
-		MD5_Update(&md5ctx, ireq.u.ntlmRequest.lm.data, 8);
-		MD5_Final(sessionhash, &md5ctx);
-		memcpy(challange, sessionhash, sizeof(challange));
-	    } else {
-		if ((config->digests_allowed & NTLM_V1) == 0) {
-		    kdc_log(context, config, 0, "NTLM v1 not allowed");
-		    goto failed;
-		}
-	    }
-	    
-	    ret = heim_ntlm_calculate_ntlm1(key->key.keyvalue.data,
-					    key->key.keyvalue.length,
-					    challange, &answer);
-	    if (ret) {
-		krb5_set_error_string(context, "NTLM missing arcfour key");
-		goto failed;
-	    }
-	    
-	    if (ireq.u.ntlmRequest.ntlm.length != answer.length ||
-		memcmp(ireq.u.ntlmRequest.ntlm.data, answer.data, answer.length) != 0)
-	    {
-		free(answer.data);
-		ret = EINVAL;
-		krb5_set_error_string(context, "NTLM hash mismatch");
-		goto failed;
-	    }
-	    free(answer.data);
-
-	    {
-		MD4_CTX ctx;
-
-		MD4_Init(&ctx);
-		MD4_Update(&ctx, 
-			   key->key.keyvalue.data, key->key.keyvalue.length);
-		MD4_Final(sessionkey, &ctx);
-	    }
-	}
-
-	if (ireq.u.ntlmRequest.sessionkey) {
-	    unsigned char masterkey[MD4_DIGEST_LENGTH];
-	    RC4_KEY rc4;
-	    size_t len;
-	    
-	    if ((flags & NTLM_NEG_KEYEX) == 0) {
-		krb5_set_error_string(context,
-				      "NTLM client failed to neg key "
-				      "exchange but still sent key");
-		ret = EINVAL;
-		goto failed;
-	    }
-	    
-	    len = ireq.u.ntlmRequest.sessionkey->length;
-	    if (len != sizeof(masterkey)){
-		krb5_set_error_string(context,
-				      "NTLM master key wrong length: %lu",
-				      (unsigned long)len);
-		goto failed;
-	    }
-	    
-	    RC4_set_key(&rc4, sizeof(sessionkey), sessionkey);
-	    
-	    RC4(&rc4, sizeof(masterkey),
-		ireq.u.ntlmRequest.sessionkey->data, 
-		masterkey);
-	    memset(&rc4, 0, sizeof(rc4));
-	    
-	    r.u.ntlmResponse.sessionkey = 
-		malloc(sizeof(*r.u.ntlmResponse.sessionkey));
-	    if (r.u.ntlmResponse.sessionkey == NULL) {
-		krb5_set_error_string(context, "out of memory");
-		goto out;
-	    }
-	    
-	    ret = krb5_data_copy(r.u.ntlmResponse.sessionkey,
-				 masterkey, sizeof(masterkey));
-	    if (ret) {
-		krb5_set_error_string(context, "out of memory");
-		goto out;
-	    }
-	}
-
-	r.u.ntlmResponse.success = 1;
-	kdc_log(context, config, 0, "NTLM version %d successful for %s",
-		version, ireq.u.ntlmRequest.username);
-	break;
-    }
-    case choice_DigestReqInner_supportedMechs:
-
-	kdc_log(context, config, 0, "digest supportedMechs from %s", from);
-
-	r.element = choice_DigestRepInner_supportedMechs;
-	memset(&r.u.supportedMechs, 0, sizeof(r.u.supportedMechs));
-
-	if (config->digests_allowed & NTLM_V1)
-	    r.u.supportedMechs.ntlm_v1 = 1;
-	if (config->digests_allowed & NTLM_V1_SESSION)
-	    r.u.supportedMechs.ntlm_v1_session = 1;
-	if (config->digests_allowed & NTLM_V2)
-	    r.u.supportedMechs.ntlm_v2 = 1;
-	if (config->digests_allowed & DIGEST_MD5)
-	    r.u.supportedMechs.digest_md5 = 1;
-	if (config->digests_allowed & CHAP_MD5)
-	    r.u.supportedMechs.chap_md5 = 1;
-	if (config->digests_allowed & MS_CHAP_V2)
-	    r.u.supportedMechs.ms_chap_v2 = 1;
-	break;
-
-    default: {
-	char *s;
-	krb5_set_error_string(context, "unknown operation to digest");
-	ret = EINVAL;
-
-    failed:
-
-	s = krb5_get_error_message(context, ret);
-	if (s == NULL) {
-	    krb5_clear_error_string(context);
-	    goto out;
-	}
-	
-	kdc_log(context, config, 0, "Digest failed with: %s", s);
-
-	r.element = choice_DigestRepInner_error;
-	r.u.error.reason = strdup("unknown error");
-	krb5_free_error_string(context, s);
-	if (r.u.error.reason == NULL) {
-	    krb5_set_error_string(context, "out of memory");
-	    ret = ENOMEM;
-	    goto out;
-	}
-	r.u.error.code = EINVAL;
-	break;
-    }
-    }
-
-    ASN1_MALLOC_ENCODE(DigestRepInner, buf.data, buf.length, &r, &size, ret);
-    if (ret) {
-	krb5_set_error_string(context, "Failed to encode inner digest reply");
-	goto out;
-    }
-    if (size != buf.length)
-	krb5_abortx(context, "ASN1 internal error");
-
-    krb5_auth_con_addflags(context, ac, KRB5_AUTH_CONTEXT_USE_SUBKEY, NULL);
-
-    ret = krb5_mk_rep (context, ac, &rep.apRep);
-    if (ret)
-	goto out;
-
-    {
-	krb5_keyblock *key;
-
-	ret = krb5_auth_con_getlocalsubkey(context, ac, &key);
-	if (ret)
-	    goto out;
-
-	ret = krb5_crypto_init(context, key, 0, &crypto);
-	krb5_free_keyblock (context, key);
-	if (ret)
-	    goto out;
-    }
-
-    ret = krb5_encrypt_EncryptedData(context, crypto, KRB5_KU_DIGEST_ENCRYPT, 
-				     buf.data, buf.length, 0,
-				     &rep.innerRep);
-    
-    ASN1_MALLOC_ENCODE(DigestREP, reply->data, reply->length, &rep, &size, ret);
-    if (ret) {
-	krb5_set_error_string(context, "Failed to encode digest reply");
-	goto out;
-    }
-    if (size != reply->length)
-	krb5_abortx(context, "ASN1 internal error");
-
-    
-out:
-    if (ac)
-	krb5_auth_con_free(context, ac);
-    if (ret)
-	krb5_warn(context, ret, "Digest request from %s failed", from);
-    if (ticket)
-	krb5_free_ticket(context, ticket);
-    if (id)
-	krb5_kt_close(context, id);
-    if (crypto)
-	krb5_crypto_destroy(context, crypto);
-    if (sp)
-	krb5_storage_free(sp);
-    if (user)
-	_kdc_free_ent (context, user);
-    if (server)
-	_kdc_free_ent (context, server);
-    if (client)
-	_kdc_free_ent (context, client);
-    if (password) {
-	memset(password, 0, strlen(password));
-	free (password);
-    }
-    if (client_name)
-	free (client_name);
-    krb5_data_free(&buf);
-    krb5_data_free(&serverNonce);
-    free_DigestREP(&rep);
-    free_DigestRepInner(&r);
-    free_DigestReqInner(&ireq);
-
-    return ret;
-}
diff --git a/crypto/heimdal/kdc/headers.h b/crypto/heimdal/kdc/headers.h
deleted file mode 100644
index 64f6b6e438cb..000000000000
--- a/crypto/heimdal/kdc/headers.h
+++ /dev/null
@@ -1,109 +0,0 @@
-/*
- * Copyright (c) 1997 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* 
- * $Id: headers.h 19658 2007-01-04 00:15:34Z lha $ 
- */
-
-#ifndef __HEADERS_H__
-#define __HEADERS_H__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <limits.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include <signal.h>
-#include <stdarg.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-#ifdef HAVE_NETINET6_IN6_H
-#include <netinet6/in6.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_SYS_WAIT_H
-#include <sys/wait.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef HAVE_UTIL_H
-#include <util.h>
-#endif
-#ifdef HAVE_LIBUTIL_H
-#include <libutil.h>
-#endif
-#include <err.h>
-#include <roken.h>
-#include <getarg.h>
-#include <base64.h>
-#include <parse_units.h>
-#include <krb5.h>
-#include <krb5_locl.h>
-#include <digest_asn1.h>
-#include <kx509_asn1.h>
-#include <hdb.h>
-#include <hdb_err.h>
-#include <der.h>
-
-#include <heimntlm.h>
-#include <windc_plugin.h>
-
-#undef ALLOC
-#define ALLOC(X) ((X) = malloc(sizeof(*(X))))
-#undef ALLOC_SEQ
-#define ALLOC_SEQ(X, N) do { (X)->len = (N); \
-(X)->val = calloc((X)->len, sizeof(*(X)->val)); } while(0)
-
-#endif /* __HEADERS_H__ */
diff --git a/crypto/heimdal/kdc/hprop.8 b/crypto/heimdal/kdc/hprop.8
deleted file mode 100644
index 99fc9784bd91..000000000000
--- a/crypto/heimdal/kdc/hprop.8
+++ /dev/null
@@ -1,190 +0,0 @@
-.\" Copyright (c) 2000 - 2004 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: hprop.8 20456 2007-04-19 20:29:42Z lha $
-.\"
-.Dd December  8, 2004
-.Dt HPROP 8
-.Os HEIMDAL
-.Sh NAME
-.Nm hprop
-.Nd propagate the KDC database
-.Sh SYNOPSIS
-.Nm
-.Bk -words
-.Oo Fl m Ar file \*(Ba Xo
-.Fl -master-key= Ns Pa file
-.Xc
-.Oc
-.Oo Fl d Ar file \*(Ba Xo
-.Fl -database= Ns Pa file
-.Xc
-.Oc
-.Op Fl -source= Ns Ar heimdal|mit-dump|krb4-dump|kaserver
-.Oo Fl r Ar string \*(Ba Xo
-.Fl -v4-realm= Ns Ar string
-.Xc
-.Oc
-.Oo Fl c Ar cell \*(Ba Xo
-.Fl -cell= Ns Ar cell
-.Xc
-.Oc
-.Op Fl S | Fl -kaspecials
-.Oo Fl k Ar keytab \*(Ba Xo
-.Fl -keytab= Ns Ar keytab
-.Xc
-.Oc
-.Oo Fl R Ar string \*(Ba Xo
-.Fl -v5-realm= Ns Ar string
-.Xc
-.Oc
-.Op Fl D | Fl -decrypt
-.Op Fl E | Fl -encrypt
-.Op Fl n | Fl -stdout
-.Op Fl v | Fl -verbose
-.Op Fl -version
-.Op Fl h | Fl -help
-.Op Ar host Ns Op : Ns Ar port
-.Ar ...
-.Ek
-.Sh DESCRIPTION
-.Nm
-takes a principal database in a specified format and converts it into
-a stream of Heimdal database records. This stream can either be
-written to standard out, or (more commonly) be propagated to a
-.Xr hpropd 8
-server running on a different machine.
-.Pp
-If propagating, it connects to all
-.Ar hosts
-specified on the command by opening a TCP connection to port 754
-(service hprop) and sends the database in encrypted form.
-.Pp
-Supported options:
-.Bl -tag -width Ds
-.It Xo
-.Fl m Ar file ,
-.Fl -master-key= Ns Pa file
-.Xc
-Where to find the master key to encrypt or decrypt keys with.
-.It Xo
-.Fl d Ar file ,
-.Fl -database= Ns Pa file
-.Xc
-The database to be propagated.
-.It Xo
-.Fl -source= Ns Ar heimdal|mit-dump|krb4-dump|kaserver
-.Xc
-Specifies the type of the source database. Alternatives include:
-.Pp
-.Bl -tag -width krb4-dump -compact -offset indent
-.It heimdal
-a Heimdal database
-.It mit-dump
-a MIT Kerberos 5 dump file
-.It krb4-dump
-a Kerberos 4 dump file
-.It kaserver
-an AFS kaserver database
-.El
-.It Xo
-.Fl k Ar keytab ,
-.Fl -keytab= Ns Ar keytab
-.Xc
-The keytab to use for fetching the key to be used for authenticating
-to the propagation daemon(s). The key
-.Pa kadmin/hprop
-is used from this keytab.  The default is to fetch the key from the
-KDC database.
-.It Xo
-.Fl R Ar string ,
-.Fl -v5-realm= Ns Ar string
-.Xc
-Local realm override.
-.It Xo
-.Fl D ,
-.Fl -decrypt
-.Xc
-The encryption keys in the database can either be in clear, or
-encrypted with a master key. This option transmits the database with
-unencrypted keys.
-.It Xo
-.Fl E ,
-.Fl -encrypt
-.Xc
-This option transmits the database with encrypted keys.
-.It Xo
-.Fl n ,
-.Fl -stdout
-.Xc
-Dump the database on stdout, in a format that can be fed to hpropd.
-.El
-.Pp
-The following options are only valid if
-.Nm hprop
-is compiled with support for Kerberos 4 (kaserver).
-.Bl -tag -width Ds
-.It Xo
-.Fl r Ar string ,
-.Fl -v4-realm= Ns Ar string
-.Xc
-v4 realm to use.
-.It Xo
-.Fl c Ar cell ,
-.Fl -cell= Ns Ar cell
-.Xc
-The AFS cell name, used if reading a kaserver database.
-.It Xo
-.Fl S ,
-.Fl -kaspecials
-.Xc
-Also dump the principals marked as special in the kaserver database.
-.It Xo
-.Fl K ,
-.Fl -ka-db
-.Xc
-Deprecated, identical to
-.Sq --source=kaserver .
-.El
-.Sh EXAMPLES
-The following will propagate a database to another machine (which
-should run
-.Xr hpropd 8 ):
-.Bd -literal -offset indent
-$ hprop slave-1 slave-2
-.Ed
-.Pp
-Convert a Kerberos 4 dump-file for use with a Heimdal KDC:
-.Bd -literal -offset indent
-$ hprop -n --source=krb4-dump -d /var/kerberos/principal.dump --master-key=/.k | hpropd -n
-.Ed
-.Sh SEE ALSO
-.Xr hpropd 8
diff --git a/crypto/heimdal/kdc/hprop.c b/crypto/heimdal/kdc/hprop.c
deleted file mode 100644
index e5b7fd11fb40..000000000000
--- a/crypto/heimdal/kdc/hprop.c
+++ /dev/null
@@ -1,807 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hprop.h"
-
-RCSID("$Id: hprop.c 21745 2007-07-31 16:11:25Z lha $");
-
-static int version_flag;
-static int help_flag;
-static const char *ktname = HPROP_KEYTAB;
-static const char *database;
-static char *mkeyfile;
-static int to_stdout;
-static int verbose_flag;
-static int encrypt_flag;
-static int decrypt_flag;
-static hdb_master_key mkey5;
-
-static char *source_type;
-
-static char *afs_cell;
-static char *v4_realm;
-
-static int kaspecials_flag;
-static int ka_use_null_salt;
-
-static char *local_realm=NULL;
-
-static int
-open_socket(krb5_context context, const char *hostname, const char *port)
-{
-    struct addrinfo *ai, *a;
-    struct addrinfo hints;
-    int error;
-
-    memset (&hints, 0, sizeof(hints));
-    hints.ai_socktype = SOCK_STREAM;
-    hints.ai_protocol = IPPROTO_TCP;
-
-    error = getaddrinfo (hostname, port, &hints, &ai);
-    if (error) {
-	warnx ("%s: %s", hostname, gai_strerror(error));
-	return -1;
-    }
-    
-    for (a = ai; a != NULL; a = a->ai_next) {
-	int s;
-
-	s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
-	if (s < 0)
-	    continue;
-	if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
-	    warn ("connect(%s)", hostname);
-	    close (s);
-	    continue;
-	}
-	freeaddrinfo (ai);
-	return s;
-    }
-    warnx ("failed to contact %s", hostname);
-    freeaddrinfo (ai);
-    return -1;
-}
-
-krb5_error_code
-v5_prop(krb5_context context, HDB *db, hdb_entry_ex *entry, void *appdata)
-{
-    krb5_error_code ret;
-    struct prop_data *pd = appdata;
-    krb5_data data;
-
-    if(encrypt_flag) {
-	ret = hdb_seal_keys_mkey(context, &entry->entry, mkey5);
-	if (ret) {
-	    krb5_warn(context, ret, "hdb_seal_keys_mkey");
-	    return ret;
-	}
-    }
-    if(decrypt_flag) {
-	ret = hdb_unseal_keys_mkey(context, &entry->entry, mkey5);
-	if (ret) {
-	    krb5_warn(context, ret, "hdb_unseal_keys_mkey");
-	    return ret;
-	}
-    }	
-
-    ret = hdb_entry2value(context, &entry->entry, &data);
-    if(ret) {
-	krb5_warn(context, ret, "hdb_entry2value");
-	return ret;
-    }
-
-    if(to_stdout)
-	ret = krb5_write_message(context, &pd->sock, &data);
-    else
-	ret = krb5_write_priv_message(context, pd->auth_context, 
-				      &pd->sock, &data);
-    krb5_data_free(&data);
-    return ret;
-}
-
-int
-v4_prop(void *arg, struct v4_principal *p)
-{
-    struct prop_data *pd = arg;
-    hdb_entry_ex ent;
-    krb5_error_code ret;
-
-    memset(&ent, 0, sizeof(ent));
-
-    ret = krb5_425_conv_principal(pd->context, p->name, p->instance, v4_realm,
-				  &ent.entry.principal);
-    if(ret) {
-	krb5_warn(pd->context, ret,
-		  "krb5_425_conv_principal %s.%s@%s",
-		  p->name, p->instance, v4_realm);
-	return 0;
-    }
-
-    if(verbose_flag) {
-	char *s;
-	krb5_unparse_name_short(pd->context, ent.entry.principal, &s);
-	krb5_warnx(pd->context, "%s.%s -> %s", p->name, p->instance, s);
-	free(s);
-    }
-
-    ent.entry.kvno = p->kvno;
-    ent.entry.keys.len = 3;
-    ent.entry.keys.val = malloc(ent.entry.keys.len * sizeof(*ent.entry.keys.val));
-    if (ent.entry.keys.val == NULL)
-	krb5_errx(pd->context, ENOMEM, "malloc");
-    if(p->mkvno != -1) {
-	ent.entry.keys.val[0].mkvno = malloc (sizeof(*ent.entry.keys.val[0].mkvno));
-	if (ent.entry.keys.val[0].mkvno == NULL)
-	    krb5_errx(pd->context, ENOMEM, "malloc");
-	*(ent.entry.keys.val[0].mkvno) = p->mkvno;
-    } else
-	ent.entry.keys.val[0].mkvno = NULL;
-    ent.entry.keys.val[0].salt = calloc(1, sizeof(*ent.entry.keys.val[0].salt));
-    if (ent.entry.keys.val[0].salt == NULL)
-	krb5_errx(pd->context, ENOMEM, "calloc");
-    ent.entry.keys.val[0].salt->type = KRB5_PADATA_PW_SALT;
-    ent.entry.keys.val[0].key.keytype = ETYPE_DES_CBC_MD5;
-    krb5_data_alloc(&ent.entry.keys.val[0].key.keyvalue, DES_KEY_SZ);
-    memcpy(ent.entry.keys.val[0].key.keyvalue.data, p->key, 8);
-
-    copy_Key(&ent.entry.keys.val[0], &ent.entry.keys.val[1]);
-    ent.entry.keys.val[1].key.keytype = ETYPE_DES_CBC_MD4;
-    copy_Key(&ent.entry.keys.val[0], &ent.entry.keys.val[2]);
-    ent.entry.keys.val[2].key.keytype = ETYPE_DES_CBC_CRC;
-
-    {
-	int life = _krb5_krb_life_to_time(0, p->max_life);
-	if(life == NEVERDATE){
-	    ent.entry.max_life = NULL;
-	} else {
-	    /* clean up lifetime a bit */
-	    if(life > 86400)
-		life = (life + 86399) / 86400 * 86400;
-	    else if(life > 3600)
-		life = (life + 3599) / 3600 * 3600;
-	    ALLOC(ent.entry.max_life);
-	    *ent.entry.max_life = life;
-	}
-    }
-
-    ALLOC(ent.entry.valid_end);
-    *ent.entry.valid_end = p->exp_date;
-
-    ret = krb5_make_principal(pd->context, &ent.entry.created_by.principal,
-			      v4_realm,
-			      "kadmin",
-			      "hprop",
-			      NULL);
-    if(ret){
-	krb5_warn(pd->context, ret, "krb5_make_principal");
-	ret = 0;
-	goto out;
-    }
-    ent.entry.created_by.time = time(NULL);
-    ALLOC(ent.entry.modified_by);
-    ret = krb5_425_conv_principal(pd->context, p->mod_name, p->mod_instance, 
-				  v4_realm, &ent.entry.modified_by->principal);
-    if(ret){
-	krb5_warn(pd->context, ret, "%s.%s@%s", p->name, p->instance, v4_realm);
-	ent.entry.modified_by->principal = NULL;
-	ret = 0;
-	goto out;
-    }
-    ent.entry.modified_by->time = p->mod_date;
-
-    ent.entry.flags.forwardable = 1;
-    ent.entry.flags.renewable = 1;
-    ent.entry.flags.proxiable = 1;
-    ent.entry.flags.postdate = 1;
-    ent.entry.flags.client = 1;
-    ent.entry.flags.server = 1;
-    
-    /* special case password changing service */
-    if(strcmp(p->name, "changepw") == 0 && 
-       strcmp(p->instance, "kerberos") == 0) {
-	ent.entry.flags.forwardable = 0;
-	ent.entry.flags.renewable = 0;
-	ent.entry.flags.proxiable = 0;
-	ent.entry.flags.postdate = 0;
-	ent.entry.flags.initial = 1;
-	ent.entry.flags.change_pw = 1;
-    }
-
-    ret = v5_prop(pd->context, NULL, &ent, pd);
-
-    if (strcmp (p->name, "krbtgt") == 0
-	&& strcmp (v4_realm, p->instance) != 0) {
-	krb5_free_principal (pd->context, ent.entry.principal);
-	ret = krb5_425_conv_principal (pd->context, p->name,
-				       v4_realm, p->instance,
-				       &ent.entry.principal);
-	if (ret == 0)
-	    ret = v5_prop (pd->context, NULL, &ent, pd);
-    }
-
-  out:
-    hdb_free_entry(pd->context, &ent);
-    return ret;
-}
-
-#include "kadb.h"
-
-/* read a `ka_entry' from `fd' at offset `pos' */
-static void
-read_block(krb5_context context, int fd, int32_t pos, void *buf, size_t len)
-{
-    krb5_error_code ret;
-#ifdef HAVE_PREAD
-    if((ret = pread(fd, buf, len, 64 + pos)) < 0)
-	krb5_err(context, 1, errno, "pread(%u)", 64 + pos);
-#else
-    if(lseek(fd, 64 + pos, SEEK_SET) == (off_t)-1)
-	krb5_err(context, 1, errno, "lseek(%u)", 64 + pos);
-    ret = read(fd, buf, len);
-    if(ret < 0)
-	krb5_err(context, 1, errno, "read(%lu)", (unsigned long)len);
-#endif
-    if(ret != len)
-	krb5_errx(context, 1, "read(%lu) = %u", (unsigned long)len, ret);
-}
-
-static int
-ka_convert(struct prop_data *pd, int fd, struct ka_entry *ent)
-{
-    int32_t flags = ntohl(ent->flags);
-    krb5_error_code ret;
-    hdb_entry_ex hdb;
-
-    if(!kaspecials_flag
-       && (flags & KAFNORMAL) == 0) /* remove special entries */
-	return 0;
-    memset(&hdb, 0, sizeof(hdb));
-    ret = krb5_425_conv_principal(pd->context, ent->name, ent->instance, 
-				  v4_realm, &hdb.entry.principal);
-    if(ret) {
-	krb5_warn(pd->context, ret,
-		  "krb5_425_conv_principal (%s.%s@%s)",
-		  ent->name, ent->instance, v4_realm);
-	return 0;
-    }
-    hdb.entry.kvno = ntohl(ent->kvno);
-    hdb.entry.keys.len = 3;
-    hdb.entry.keys.val = 
-	malloc(hdb.entry.keys.len * sizeof(*hdb.entry.keys.val));
-    if (hdb.entry.keys.val == NULL)
-	krb5_errx(pd->context, ENOMEM, "malloc");
-    hdb.entry.keys.val[0].mkvno = NULL;
-    hdb.entry.keys.val[0].salt = calloc(1, sizeof(*hdb.entry.keys.val[0].salt));
-    if (hdb.entry.keys.val[0].salt == NULL)
-	krb5_errx(pd->context, ENOMEM, "calloc");
-    if (ka_use_null_salt) {
-	hdb.entry.keys.val[0].salt->type = hdb_pw_salt;
-	hdb.entry.keys.val[0].salt->salt.data = NULL;
-	hdb.entry.keys.val[0].salt->salt.length = 0;
-    } else {
-	hdb.entry.keys.val[0].salt->type = hdb_afs3_salt;
-	hdb.entry.keys.val[0].salt->salt.data = strdup(afs_cell);
-	if (hdb.entry.keys.val[0].salt->salt.data == NULL)
-	    krb5_errx(pd->context, ENOMEM, "strdup");
-	hdb.entry.keys.val[0].salt->salt.length = strlen(afs_cell);
-    }
-    
-    hdb.entry.keys.val[0].key.keytype = ETYPE_DES_CBC_MD5;
-    krb5_data_copy(&hdb.entry.keys.val[0].key.keyvalue,
-		   ent->key,
-		   sizeof(ent->key));
-    copy_Key(&hdb.entry.keys.val[0], &hdb.entry.keys.val[1]);
-    hdb.entry.keys.val[1].key.keytype = ETYPE_DES_CBC_MD4;
-    copy_Key(&hdb.entry.keys.val[0], &hdb.entry.keys.val[2]);
-    hdb.entry.keys.val[2].key.keytype = ETYPE_DES_CBC_CRC;
-
-    ALLOC(hdb.entry.max_life);
-    *hdb.entry.max_life = ntohl(ent->max_life);
-
-    if(ntohl(ent->valid_end) != NEVERDATE && ntohl(ent->valid_end) != 0xffffffff) {
-	ALLOC(hdb.entry.valid_end);
-	*hdb.entry.valid_end = ntohl(ent->valid_end);
-    }
-    
-    if (ntohl(ent->pw_change) != NEVERDATE && 
-	ent->pw_expire != 255 &&
-	ent->pw_expire != 0) {
-	ALLOC(hdb.entry.pw_end);
-	*hdb.entry.pw_end = ntohl(ent->pw_change)
-	    + 24 * 60 * 60 * ent->pw_expire;
-    }
-
-    ret = krb5_make_principal(pd->context, &hdb.entry.created_by.principal,
-			      v4_realm,
-			      "kadmin",
-			      "hprop",
-			      NULL);
-    hdb.entry.created_by.time = time(NULL);
-
-    if(ent->mod_ptr){
-	struct ka_entry mod;
-	ALLOC(hdb.entry.modified_by);
-	read_block(pd->context, fd, ntohl(ent->mod_ptr), &mod, sizeof(mod));
-	
-	krb5_425_conv_principal(pd->context, mod.name, mod.instance, v4_realm, 
-				&hdb.entry.modified_by->principal);
-	hdb.entry.modified_by->time = ntohl(ent->mod_time);
-	memset(&mod, 0, sizeof(mod));
-    }
-
-    hdb.entry.flags.forwardable = 1;
-    hdb.entry.flags.renewable = 1;
-    hdb.entry.flags.proxiable = 1;
-    hdb.entry.flags.postdate = 1;
-    /* XXX - AFS 3.4a creates krbtgt.REALMOFCELL as NOTGS+NOSEAL */
-    if (strcmp(ent->name, "krbtgt") == 0 &&
-	(flags & (KAFNOTGS|KAFNOSEAL)) == (KAFNOTGS|KAFNOSEAL))
-	flags &= ~(KAFNOTGS|KAFNOSEAL);
-
-    hdb.entry.flags.client = (flags & KAFNOTGS) == 0;
-    hdb.entry.flags.server = (flags & KAFNOSEAL) == 0;
-
-    ret = v5_prop(pd->context, NULL, &hdb, pd);
-    hdb_free_entry(pd->context, &hdb);
-    return ret;
-}
-
-static int
-ka_dump(struct prop_data *pd, const char *file)
-{
-    struct ka_header header;
-    int i;
-    int fd = open(file, O_RDONLY);
-
-    if(fd < 0)
-	krb5_err(pd->context, 1, errno, "open(%s)", file);
-    read_block(pd->context, fd, 0, &header, sizeof(header));
-    if(header.version1 != header.version2)
-	krb5_errx(pd->context, 1, "Version mismatch in header: %ld/%ld",
-		  (long)ntohl(header.version1), (long)ntohl(header.version2));
-    if(ntohl(header.version1) != 5)
-	krb5_errx(pd->context, 1, "Unknown database version %ld (expected 5)", 
-		  (long)ntohl(header.version1));
-    for(i = 0; i < ntohl(header.hashsize); i++){
-	int32_t pos = ntohl(header.hash[i]);
-	while(pos){
-	    struct ka_entry ent;
-	    read_block(pd->context, fd, pos, &ent, sizeof(ent));
-	    ka_convert(pd, fd, &ent);
-	    pos = ntohl(ent.next);
-	}
-    }
-    return 0;
-}
-
-
-
-struct getargs args[] = {
-    { "master-key", 'm', arg_string, &mkeyfile, "v5 master key file", "file" },
-    { "database", 'd',	arg_string, &database, "database", "file" },
-    { "source",   0,	arg_string, &source_type, "type of database to read", 
-      "heimdal"
-      "|mit-dump"
-      "|krb4-dump"
-      "|kaserver"
-    },
-      
-    { "v4-realm", 'r',  arg_string, &v4_realm, "v4 realm to use" },
-    { "cell",	  'c',  arg_string, &afs_cell, "name of AFS cell" },
-    { "kaspecials", 'S', arg_flag,   &kaspecials_flag, "dump KASPECIAL keys"},
-    { "keytab",   'k',	arg_string, &ktname, "keytab to use for authentication", "keytab" },
-    { "v5-realm", 'R',  arg_string, &local_realm, "v5 realm to use" },
-    { "decrypt",  'D',  arg_flag,   &decrypt_flag,   "decrypt keys" },
-    { "encrypt",  'E',  arg_flag,   &encrypt_flag,   "encrypt keys" },
-    { "stdout",	  'n',  arg_flag,   &to_stdout, "dump to stdout" },
-    { "verbose",  'v',	arg_flag, &verbose_flag },
-    { "version",   0,	arg_flag, &version_flag },
-    { "help",     'h',	arg_flag, &help_flag }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(int ret)
-{
-    arg_printusage (args, num_args, NULL, "[host[:port]] ...");
-    exit (ret);
-}
-
-static void
-get_creds(krb5_context context, krb5_ccache *cache)
-{
-    krb5_keytab keytab;
-    krb5_principal client;
-    krb5_error_code ret;
-    krb5_get_init_creds_opt *init_opts;
-    krb5_preauthtype preauth = KRB5_PADATA_ENC_TIMESTAMP;
-    krb5_creds creds;
-    
-    ret = krb5_kt_register(context, &hdb_kt_ops);
-    if(ret) krb5_err(context, 1, ret, "krb5_kt_register");
-
-    ret = krb5_kt_resolve(context, ktname, &keytab);
-    if(ret) krb5_err(context, 1, ret, "krb5_kt_resolve");
-    
-    ret = krb5_make_principal(context, &client, NULL, 
-			      "kadmin", HPROP_NAME, NULL);
-    if(ret) krb5_err(context, 1, ret, "krb5_make_principal");
-
-    ret = krb5_get_init_creds_opt_alloc(context, &init_opts);
-    if(ret) krb5_err(context, 1, ret, "krb5_get_init_creds_opt_alloc");
-    krb5_get_init_creds_opt_set_preauth_list(init_opts, &preauth, 1);
-
-    ret = krb5_get_init_creds_keytab(context, &creds, client, keytab, 0, NULL, init_opts);
-    if(ret) krb5_err(context, 1, ret, "krb5_get_init_creds");
-
-    krb5_get_init_creds_opt_free(context, init_opts);
-    
-    ret = krb5_kt_close(context, keytab);
-    if(ret) krb5_err(context, 1, ret, "krb5_kt_close");
-    
-    ret = krb5_cc_gen_new(context, &krb5_mcc_ops, cache);
-    if(ret) krb5_err(context, 1, ret, "krb5_cc_gen_new");
-
-    ret = krb5_cc_initialize(context, *cache, client);
-    if(ret) krb5_err(context, 1, ret, "krb5_cc_initialize");
-
-    krb5_free_principal(context, client);
-
-    ret = krb5_cc_store_cred(context, *cache, &creds);
-    if(ret) krb5_err(context, 1, ret, "krb5_cc_store_cred");
-
-    krb5_free_cred_contents(context, &creds);
-}
-
-enum hprop_source {
-    HPROP_HEIMDAL = 1,
-    HPROP_KRB4_DUMP,
-    HPROP_KASERVER,
-    HPROP_MIT_DUMP
-};
-
-#define IS_TYPE_V4(X) ((X) == HPROP_KRB4_DUMP || (X) == HPROP_KASERVER)
-
-struct {
-    int type;
-    const char *name;
-} types[] = {
-    { HPROP_HEIMDAL,	"heimdal" },
-    { HPROP_KRB4_DUMP,	"krb4-dump" },
-    { HPROP_KASERVER, 	"kaserver" },
-    { HPROP_MIT_DUMP,	"mit-dump" }
-};
-
-static int
-parse_source_type(const char *s)
-{
-    int i;
-    for(i = 0; i < sizeof(types) / sizeof(types[0]); i++) {
-	if(strstr(types[i].name, s) == types[i].name)
-	    return types[i].type;
-    }
-    return 0;
-}
-
-static int
-iterate (krb5_context context,
-	 const char *database_name,
-	 HDB *db,
-	 int type,
-	 struct prop_data *pd)
-{
-    int ret;
-
-    switch(type) {
-    case HPROP_KRB4_DUMP:
-	ret = v4_prop_dump(pd, database_name);
-	if(ret)
-	    krb5_warnx(context, "v4_prop_dump: %s", 
-		       krb5_get_err_text(context, ret));
-	break;
-    case HPROP_KASERVER:
-	ret = ka_dump(pd, database_name);
-	if(ret)
-	    krb5_warn(context, ret, "ka_dump");
-	break;
-    case HPROP_MIT_DUMP:
-	ret = mit_prop_dump(pd, database_name);
-	if (ret)
-	    krb5_warnx(context, "mit_prop_dump: %s",
-		      krb5_get_err_text(context, ret));
-	break;
-    case HPROP_HEIMDAL:
-	ret = hdb_foreach(context, db, HDB_F_DECRYPT, v5_prop, pd);
-	if(ret)
-	    krb5_warn(context, ret, "hdb_foreach");
-	break;
-    default:
-	krb5_errx(context, 1, "unknown prop type: %d", type);
-    }
-    return ret;
-}
-
-static int
-dump_database (krb5_context context, int type,
-	       const char *database_name, HDB *db)
-{
-    krb5_error_code ret;
-    struct prop_data pd;
-    krb5_data data;
-
-    pd.context      = context;
-    pd.auth_context = NULL;
-    pd.sock         = STDOUT_FILENO;
-	
-    ret = iterate (context, database_name, db, type, &pd);
-    if (ret)
-	krb5_errx(context, 1, "iterate failure");
-    krb5_data_zero (&data);
-    ret = krb5_write_message (context, &pd.sock, &data);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_write_message");
-
-    return 0;
-}
-
-static int
-propagate_database (krb5_context context, int type,
-		    const char *database_name, 
-		    HDB *db, krb5_ccache ccache,
-		    int optidx, int argc, char **argv)
-{
-    krb5_principal server;
-    krb5_error_code ret;
-    int i, failed = 0;
-
-    for(i = optidx; i < argc; i++){
-	krb5_auth_context auth_context;
-	int fd;
-	struct prop_data pd;
-	krb5_data data;
-
-	char *port, portstr[NI_MAXSERV];
-	char *host = argv[i];
-
-	port = strchr(host, ':');
-	if(port == NULL) {
-	    snprintf(portstr, sizeof(portstr), "%u", 
-		     ntohs(krb5_getportbyname (context, "hprop", "tcp", 
-					       HPROP_PORT)));
-	    port = portstr;
-	} else
-	    *port++ = '\0';
-
-	fd = open_socket(context, host, port);
-	if(fd < 0) {
-	    failed++;
-	    krb5_warn (context, errno, "connect %s", host);
-	    continue;
-	}
-
-	ret = krb5_sname_to_principal(context, argv[i],
-				      HPROP_NAME, KRB5_NT_SRV_HST, &server);
-	if(ret) {
-	    failed++;
-	    krb5_warn(context, ret, "krb5_sname_to_principal(%s)", host);
-	    close(fd);
-	    continue;
-	}
-
-        if (local_realm) {
-            krb5_realm my_realm;
-            krb5_get_default_realm(context,&my_realm);
-
-	    free (*krb5_princ_realm(context, server));
-            krb5_princ_set_realm(context,server,&my_realm);
-        }
-    
-	auth_context = NULL;
-	ret = krb5_sendauth(context,
-			    &auth_context,
-			    &fd,
-			    HPROP_VERSION,
-			    NULL,
-			    server,
-			    AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SUBKEY,
-			    NULL, /* in_data */
-			    NULL, /* in_creds */
-			    ccache,
-			    NULL,
-			    NULL,
-			    NULL);
-
-	krb5_free_principal(context, server);
-
-	if(ret) {
-	    failed++;
-	    krb5_warn(context, ret, "krb5_sendauth (%s)", host);
-	    close(fd);
-	    goto next_host;
-	}
-	
-	pd.context      = context;
-	pd.auth_context = auth_context;
-	pd.sock         = fd;
-
-	ret = iterate (context, database_name, db, type, &pd);
-	if (ret) {
-	    krb5_warnx(context, "iterate to host %s failed", host);
-	    failed++;
-	    goto next_host;
-	}
-
-	krb5_data_zero (&data);
-	ret = krb5_write_priv_message(context, auth_context, &fd, &data);
-	if(ret) {
-	    krb5_warn(context, ret, "krb5_write_priv_message");
-	    failed++;
-	    goto next_host;
-	}
-
-	ret = krb5_read_priv_message(context, auth_context, &fd, &data);
-	if(ret) {
-	    krb5_warn(context, ret, "krb5_read_priv_message: %s", host);
-	    failed++;
-	    goto next_host;
-	} else
-	    krb5_data_free (&data);
-	
-    next_host:
-	krb5_auth_con_free(context, auth_context);
-	close(fd);
-    }
-    if (failed)
-	return 1;
-    return 0;
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_context context;
-    krb5_ccache ccache = NULL;
-    HDB *db = NULL;
-    int optidx = 0;
-
-    int type, exit_code;
-
-    setprogname(argv[0]);
-
-    if(getarg(args, num_args, argc, argv, &optidx))
-	usage(1);
-
-    if(help_flag)
-	usage(0);
-    
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    ret = krb5_init_context(&context);
-    if(ret)
-	exit(1);
-
-    if(local_realm)
-	krb5_set_default_realm(context, local_realm);
-
-    if(v4_realm == NULL) {
-	ret = krb5_get_default_realm(context, &v4_realm);
-	if(ret)
-	    krb5_err(context, 1, ret, "krb5_get_default_realm");
-    }
-
-    if(afs_cell == NULL) {
-	afs_cell = strdup(v4_realm);
-	if(afs_cell == NULL)
-	    krb5_errx(context, 1, "out of memory");
-	strlwr(afs_cell);
-    }
-
-
-    if(encrypt_flag && decrypt_flag)
-	krb5_errx(context, 1, 
-		  "only one of `--encrypt' and `--decrypt' is meaningful");
-
-    if(source_type != NULL) {
-	type = parse_source_type(source_type);
-	if(type == 0)
-	    krb5_errx(context, 1, "unknown source type `%s'", source_type);
-    } else
-	type = HPROP_HEIMDAL;
-
-    if(!to_stdout)
-	get_creds(context, &ccache);
-    
-    if(decrypt_flag || encrypt_flag) {
-	ret = hdb_read_master_key(context, mkeyfile, &mkey5);
-	if(ret && ret != ENOENT)
-	    krb5_err(context, 1, ret, "hdb_read_master_key");
-	if(ret)
-	    krb5_errx(context, 1, "No master key file found");
-    }
-    
-    if (IS_TYPE_V4(type) && v4_realm == NULL)
-	krb5_errx(context, 1, "Its a Kerberos 4 database "
-		  "but no realm configured");
-
-    switch(type) {
-    case HPROP_KASERVER:
-	if (database == NULL)
-	    database = DEFAULT_DATABASE;
-	ka_use_null_salt = krb5_config_get_bool_default(context, NULL, FALSE, 
-							"hprop", 
-							"afs_uses_null_salt", 
-							NULL);
-
-	break;
-    case HPROP_KRB4_DUMP:
-	if (database == NULL)
-	    krb5_errx(context, 1, "no dump file specified");
-	
-	break;
-    case HPROP_MIT_DUMP:
-	if (database == NULL)
-	    krb5_errx(context, 1, "no dump file specified");
-	break;
-    case HPROP_HEIMDAL:
-	ret = hdb_create (context, &db, database);
-	if(ret)
-	    krb5_err(context, 1, ret, "hdb_create: %s", database);
-	ret = db->hdb_open(context, db, O_RDONLY, 0);
-	if(ret)
-	    krb5_err(context, 1, ret, "db->hdb_open");
-	break;
-    default:
-	krb5_errx(context, 1, "unknown dump type `%d'", type);
-	break;
-    }
-
-    if (to_stdout)
-	exit_code = dump_database (context, type, database, db);
-    else
-	exit_code = propagate_database (context, type, database, 
-					db, ccache, optidx, argc, argv);
-
-    if(ccache != NULL)
-	krb5_cc_destroy(context, ccache);
-	
-    if(db != NULL)
-	(*db->hdb_destroy)(context, db);
-
-    krb5_free_context(context);
-    return exit_code;
-}
diff --git a/crypto/heimdal/kdc/hprop.h b/crypto/heimdal/kdc/hprop.h
deleted file mode 100644
index d43d04c21539..000000000000
--- a/crypto/heimdal/kdc/hprop.h
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: hprop.h 16378 2005-12-12 12:40:12Z lha $ */
-
-#ifndef __HPROP_H__
-#define __HPROP_H__
-
-#include "headers.h"
-
-struct prop_data{
-    krb5_context context;
-    krb5_auth_context auth_context;
-    int sock;
-};
-
-#define HPROP_VERSION "hprop-0.0"
-#define HPROP_NAME "hprop"
-#define HPROP_KEYTAB "HDB:"
-#define HPROP_PORT 754
-
-#ifndef NEVERDATE
-#define NEVERDATE ((1U << 31) - 1)
-#endif
-
-krb5_error_code v5_prop(krb5_context, HDB*, hdb_entry_ex*, void*);
-int mit_prop_dump(void*, const char*);
-
-struct v4_principal {
-    char name[64];
-    char instance[64];
-    DES_cblock key;
-    int kvno;
-    int mkvno;
-    time_t exp_date;
-    time_t mod_date;
-    char mod_name[64];
-    char mod_instance[64];
-    int max_life;
-};
-
-int v4_prop(void*, struct v4_principal*);
-int v4_prop_dump(void *arg, const char*);
-
-#endif /* __HPROP_H__ */
diff --git a/crypto/heimdal/kdc/hpropd.8 b/crypto/heimdal/kdc/hpropd.8
deleted file mode 100644
index 74a3dad816d7..000000000000
--- a/crypto/heimdal/kdc/hpropd.8
+++ /dev/null
@@ -1,107 +0,0 @@
-.\" Copyright (c) 1997, 2000 - 2003 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: hpropd.8 14381 2004-12-10 09:44:05Z lha $
-.\"
-.Dd August 27, 1997
-.Dt HPROPD 8
-.Os HEIMDAL
-.Sh NAME
-.Nm hpropd
-.Nd receive a propagated database
-.Sh SYNOPSIS
-.Nm
-.Bk -words
-.Oo Fl d Ar file \*(Ba Xo
-.Fl -database= Ns Ar file
-.Xc
-.Oc
-.Op Fl n | Fl -stdin
-.Op Fl -print
-.Op Fl i | Fl -no-inetd
-.Oo Fl k Ar keytab \*(Ba Xo
-.Fl -keytab= Ns Ar keytab
-.Xc
-.Oc
-.Op Fl 4 | Fl -v4dump
-.Ek
-.Sh DESCRIPTION
-.Nm
-receives a database sent by
-.Nm hprop .
-and writes it as a local database.
-.Pp
-By default,
-.Nm
-expects to be started from
-.Nm inetd
-if stdin is a socket and expects to receive the dumped database over
-stdin otherwise.
-If the database is sent over the network, it is authenticated and
-encrypted.
-Only connections authenticated with the principal
-.Nm kadmin Ns / Ns Nm hprop
-are accepted.
-.Pp
-Options supported:
-.Bl -tag -width Ds
-.It Xo
-.Fl d Ar file ,
-.Fl -database= Ns Ar file
-.Xc
-database
-.It Xo
-.Fl n ,
-.Fl -stdin
-.Xc
-read from stdin
-.It Xo
-.Fl -print
-.Xc
-print dump to stdout
-.It Xo
-.Fl i ,
-.Fl -no-inetd
-.Xc
-not started from inetd
-.It Xo
-.Fl k Ar keytab ,
-.Fl -keytab= Ns Ar keytab
-.Xc
-keytab to use for authentication
-.It Xo
-.Fl 4 ,
-.Fl -v4dump
-.Xc
-create v4 type DB
-.El
-.Sh SEE ALSO
-.Xr hprop 8
diff --git a/crypto/heimdal/kdc/hpropd.c b/crypto/heimdal/kdc/hpropd.c
deleted file mode 100644
index 12a976657210..000000000000
--- a/crypto/heimdal/kdc/hpropd.c
+++ /dev/null
@@ -1,271 +0,0 @@
-/*
- * Copyright (c) 1997-2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hprop.h"
-
-RCSID("$Id: hpropd.c 22245 2007-12-08 23:48:52Z lha $");
-
-static int inetd_flag = -1;
-static int help_flag;
-static int version_flag;
-static int print_dump;
-static const char *database;
-static int from_stdin;
-static char *local_realm;
-static char *ktname = NULL;
-
-struct getargs args[] = {
-    { "database", 'd', arg_string, &database, "database", "file" },
-    { "stdin",    'n', arg_flag, &from_stdin, "read from stdin" },
-    { "print",	    0, arg_flag, &print_dump, "print dump to stdout" },
-    { "inetd",	   'i',	arg_negative_flag,	&inetd_flag,
-      "Not started from inetd" },
-    { "keytab",   'k',	arg_string, &ktname,	"keytab to use for authentication", "keytab" },
-    { "realm",   'r',	arg_string, &local_realm, "realm to use" },
-    { "version",    0, arg_flag, &version_flag, NULL, NULL },
-    { "help",    'h',  arg_flag, &help_flag, NULL, NULL}
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(int ret)
-{
-    arg_printusage (args, num_args, NULL, "");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_context context;
-    krb5_auth_context ac = NULL;
-    krb5_principal c1, c2;
-    krb5_authenticator authent;
-    krb5_keytab keytab;
-    int fd;
-    HDB *db;
-    int optidx = 0;
-    char *tmp_db;
-    krb5_log_facility *fac;
-    int nprincs;
-
-    setprogname(argv[0]);
-
-    ret = krb5_init_context(&context);
-    if(ret)
-	exit(1);
-
-    ret = krb5_openlog(context, "hpropd", &fac);
-    if(ret)
-	;
-    krb5_set_warn_dest(context, fac);
-  
-    if(getarg(args, num_args, argc, argv, &optidx))
-	usage(1);
-
-    if(local_realm != NULL)
-	krb5_set_default_realm(context, local_realm);
-    
-    if(help_flag)
-	usage(0);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-    
-    argc -= optidx;
-    argv += optidx;
-
-    if (argc != 0)
-	usage(1);
-
-    if (database == NULL)
-	database = hdb_default_db(context);
-
-    if(from_stdin)
-	fd = STDIN_FILENO;
-    else {
-	struct sockaddr_storage ss;
-	struct sockaddr *sa = (struct sockaddr *)&ss;
-	socklen_t sin_len = sizeof(ss);
-	char addr_name[256];
-	krb5_ticket *ticket;
-	char *server;
-
-	fd = STDIN_FILENO;
-	if (inetd_flag == -1) {
-	    if (getpeername (fd, sa, &sin_len) < 0)
-		inetd_flag = 0;
-	    else
-		inetd_flag = 1;
-	}
-	if (!inetd_flag) {
-	    mini_inetd (krb5_getportbyname (context, "hprop", "tcp",
-					    HPROP_PORT));
-	}
-	sin_len = sizeof(ss);
-	if(getpeername(fd, sa, &sin_len) < 0)
-	    krb5_err(context, 1, errno, "getpeername");
-
-	if (inet_ntop(sa->sa_family,
-		      socket_get_address (sa),
-		      addr_name,
-		      sizeof(addr_name)) == NULL)
-	    strlcpy (addr_name, "unknown address",
-		     sizeof(addr_name));
-
-	krb5_log(context, fac, 0, "Connection from %s", addr_name);
-    
-	ret = krb5_kt_register(context, &hdb_kt_ops);
-	if(ret)
-	    krb5_err(context, 1, ret, "krb5_kt_register");
-
-	if (ktname != NULL) {
-	    ret = krb5_kt_resolve(context, ktname, &keytab);
-	    if (ret)
-		krb5_err (context, 1, ret, "krb5_kt_resolve %s", ktname);
-	} else {
-	    ret = krb5_kt_default (context, &keytab);
-	    if (ret)
-		krb5_err (context, 1, ret, "krb5_kt_default");
-	}
-
-	ret = krb5_recvauth(context, &ac, &fd, HPROP_VERSION, NULL,
-			    0, keytab, &ticket);
-	if(ret)
-	    krb5_err(context, 1, ret, "krb5_recvauth");
-	
-	ret = krb5_unparse_name(context, ticket->server, &server);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_unparse_name");
-	if (strncmp(server, "hprop/", 5) != 0)
-	    krb5_errx(context, 1, "ticket not for hprop (%s)", server);
-
-	free(server);
-	krb5_free_ticket (context, ticket);
-
-	ret = krb5_auth_con_getauthenticator(context, ac, &authent);
-	if(ret)
-	    krb5_err(context, 1, ret, "krb5_auth_con_getauthenticator");
-	
-	ret = krb5_make_principal(context, &c1, NULL, "kadmin", "hprop", NULL);
-	if(ret)
-	    krb5_err(context, 1, ret, "krb5_make_principal");
-	_krb5_principalname2krb5_principal(context, &c2, 
-					   authent->cname, authent->crealm);
-	if(!krb5_principal_compare(context, c1, c2)) {
-	    char *s;
-	    ret = krb5_unparse_name(context, c2, &s);
-	    if (ret)
-		s = "unparseable name";
-	    krb5_errx(context, 1, "Unauthorized connection from %s", s);
-	}
-	krb5_free_principal(context, c1);
-	krb5_free_principal(context, c2);
-
-	ret = krb5_kt_close(context, keytab);
-	if(ret)
-	    krb5_err(context, 1, ret, "krb5_kt_close");
-    }
-    
-    if(!print_dump) {
-	asprintf(&tmp_db, "%s~", database);
-
-	ret = hdb_create(context, &db, tmp_db);
-	if(ret)
-	    krb5_err(context, 1, ret, "hdb_create(%s)", tmp_db);
-	ret = db->hdb_open(context, db, O_RDWR | O_CREAT | O_TRUNC, 0600);
-	if(ret)
-	    krb5_err(context, 1, ret, "hdb_open(%s)", tmp_db);
-    }
-
-    nprincs = 0;
-    while(1){
-	krb5_data data;
-	hdb_entry_ex entry;
-
-	if(from_stdin) {
-	    ret = krb5_read_message(context, &fd, &data);
-	    if(ret != 0 && ret != HEIM_ERR_EOF)
-		krb5_err(context, 1, ret, "krb5_read_message");
-	} else {
-	    ret = krb5_read_priv_message(context, ac, &fd, &data);
-	    if(ret)
-		krb5_err(context, 1, ret, "krb5_read_priv_message");
-	}
-
-	if(ret == HEIM_ERR_EOF || data.length == 0) {
-	    if(!from_stdin) {
-		data.data = NULL;
-		data.length = 0;
-		krb5_write_priv_message(context, ac, &fd, &data);
-	    }
-	    if(!print_dump) {
-		ret = db->hdb_rename(context, db, database);
-		if(ret)
-		    krb5_err(context, 1, ret, "db_rename");
-		ret = db->hdb_close(context, db);
-		if(ret)
-		    krb5_err(context, 1, ret, "db_close");
-	    }
-	    break;
-	}
-	memset(&entry, 0, sizeof(entry));
-	ret = hdb_value2entry(context, &data, &entry.entry);
-	krb5_data_free(&data);
-	if(ret)
-	    krb5_err(context, 1, ret, "hdb_value2entry");
-	if(print_dump)
-	    hdb_print_entry(context, db, &entry, stdout);
-	else {
-	    ret = db->hdb_store(context, db, 0, &entry);
-	    if(ret == HDB_ERR_EXISTS) {
-		char *s;
-		ret = krb5_unparse_name(context, entry.entry.principal, &s);
-		if (ret)
-		    s = strdup("unparseable name");
-		krb5_warnx(context, "Entry exists: %s", s);
-		free(s);
-	    } else if(ret) 
-		krb5_err(context, 1, ret, "db_store");
-	    else
-		nprincs++;
-	}
-	hdb_free_entry(context, &entry);
-    }
-    if (!print_dump)
-	krb5_log(context, fac, 0, "Received %d principals", nprincs);
-    exit(0);
-}
diff --git a/crypto/heimdal/kdc/kadb.h b/crypto/heimdal/kdc/kadb.h
deleted file mode 100644
index 4b59abe1cf97..000000000000
--- a/crypto/heimdal/kdc/kadb.h
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- * Copyright (c) 1998 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: kadb.h 7997 2000-03-03 12:36:26Z assar $ */
-
-#ifndef __kadb_h__
-#define __kadb_h__
-
-#define HASHSIZE 8191
-
-struct ka_header {
-    int32_t version1;			/* file format version, should
-					   match version2 */
-    int32_t size;
-    int32_t free_ptr;
-    int32_t eof_ptr;
-    int32_t kvno_ptr;
-    int32_t stats[8];
-    int32_t admin_accounts;
-    int32_t special_keys_version;
-    int32_t hashsize;			/* allocated size of hash */
-    int32_t hash[HASHSIZE];
-    int32_t version2;
-};
-
-struct ka_entry {
-    int32_t flags;			/* see below */
-    int32_t next;			/* next in hash list */
-    int32_t valid_end;			/* expiration date */
-    int32_t mod_time;			/* time last modified */
-    int32_t mod_ptr;			/* pointer to modifier */
-    int32_t pw_change;			/* last pw change */
-    int32_t max_life;			/* max ticket life */
-    int32_t kvno;
-    int32_t foo2[2];			/* huh? */
-    char name[64];
-    char instance[64];
-    char key[8];
-    u_char pw_expire;			/* # days before password expires  */
-    u_char spare;
-    u_char attempts;
-    u_char locktime;
-};
-
-#define KAFNORMAL	(1<<0)
-#define KAFADMIN        (1<<2)	/* an administrator */
-#define KAFNOTGS        (1<<3)	/* ! allow principal to get or use TGT */
-#define KAFNOSEAL       (1<<5)	/* ! allow principal as server in GetTicket */
-#define KAFNOCPW        (1<<6)	/* ! allow principal to change its own key */
-#define KAFSPECIAL      (1<<8)	/* set if special AuthServer principal */
-
-#define DEFAULT_DATABASE "/usr/afs/db/kaserver.DB0"
-
-#endif /* __kadb_h__ */
diff --git a/crypto/heimdal/kdc/kaserver.c b/crypto/heimdal/kdc/kaserver.c
deleted file mode 100644
index 27f497ea6643..000000000000
--- a/crypto/heimdal/kdc/kaserver.c
+++ /dev/null
@@ -1,951 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kdc_locl.h"
-
-RCSID("$Id: kaserver.c 21654 2007-07-21 17:30:18Z lha $");
-
-#include <krb5-v4compat.h>
-#include <rx.h>
-
-#define KA_AUTHENTICATION_SERVICE 731
-#define KA_TICKET_GRANTING_SERVICE 732
-#define KA_MAINTENANCE_SERVICE 733
-
-#define AUTHENTICATE_OLD	 1
-#define CHANGEPASSWORD		 2
-#define GETTICKET_OLD		 3
-#define SETPASSWORD		 4
-#define SETFIELDS		 5
-#define CREATEUSER		 6
-#define DELETEUSER		 7
-#define GETENTRY		 8
-#define LISTENTRY		 9
-#define GETSTATS		10
-#define DEBUG			11
-#define GETPASSWORD		12
-#define GETRANDOMKEY		13
-#define AUTHENTICATE		21
-#define AUTHENTICATE_V2		22
-#define GETTICKET		23
-
-/* XXX - Where do we get these? */
-
-#define RXGEN_OPCODE (-455)
-
-#define KADATABASEINCONSISTENT                   (180480L)
-#define KAEXIST                                  (180481L)
-#define KAIO                                     (180482L)
-#define KACREATEFAIL                             (180483L)
-#define KANOENT                                  (180484L)
-#define KAEMPTY                                  (180485L)
-#define KABADNAME                                (180486L)
-#define KABADINDEX                               (180487L)
-#define KANOAUTH                                 (180488L)
-#define KAANSWERTOOLONG                          (180489L)
-#define KABADREQUEST                             (180490L)
-#define KAOLDINTERFACE                           (180491L)
-#define KABADARGUMENT                            (180492L)
-#define KABADCMD                                 (180493L)
-#define KANOKEYS                                 (180494L)
-#define KAREADPW                                 (180495L)
-#define KABADKEY                                 (180496L)
-#define KAUBIKINIT                               (180497L)
-#define KAUBIKCALL                               (180498L)
-#define KABADPROTOCOL                            (180499L)
-#define KANOCELLS                                (180500L)
-#define KANOCELL                                 (180501L)
-#define KATOOMANYUBIKS                           (180502L)
-#define KATOOMANYKEYS                            (180503L)
-#define KABADTICKET                              (180504L)
-#define KAUNKNOWNKEY                             (180505L)
-#define KAKEYCACHEINVALID                        (180506L)
-#define KABADSERVER                              (180507L)
-#define KABADUSER                                (180508L)
-#define KABADCPW                                 (180509L)
-#define KABADCREATE                              (180510L)
-#define KANOTICKET                               (180511L)
-#define KAASSOCUSER                              (180512L)
-#define KANOTSPECIAL                             (180513L)
-#define KACLOCKSKEW                              (180514L)
-#define KANORECURSE                              (180515L)
-#define KARXFAIL                                 (180516L)
-#define KANULLPASSWORD                           (180517L)
-#define KAINTERNALERROR                          (180518L)
-#define KAPWEXPIRED                              (180519L)
-#define KAREUSED                                 (180520L)
-#define KATOOSOON                                (180521L)
-#define KALOCKED                                 (180522L)
-
-
-static krb5_error_code
-decode_rx_header (krb5_storage *sp,
-		  struct rx_header *h)
-{
-    krb5_error_code ret;
-
-    ret = krb5_ret_uint32(sp, &h->epoch);
-    if (ret) return ret;
-    ret = krb5_ret_uint32(sp, &h->connid);
-    if (ret) return ret;
-    ret = krb5_ret_uint32(sp, &h->callid);
-    if (ret) return ret;
-    ret = krb5_ret_uint32(sp, &h->seqno);
-    if (ret) return ret;
-    ret = krb5_ret_uint32(sp, &h->serialno);
-    if (ret) return ret;
-    ret = krb5_ret_uint8(sp,  &h->type);
-    if (ret) return ret;
-    ret = krb5_ret_uint8(sp,  &h->flags);
-    if (ret) return ret;
-    ret = krb5_ret_uint8(sp,  &h->status);
-    if (ret) return ret;
-    ret = krb5_ret_uint8(sp,  &h->secindex);
-    if (ret) return ret;
-    ret = krb5_ret_uint16(sp, &h->reserved);
-    if (ret) return ret;
-    ret = krb5_ret_uint16(sp, &h->serviceid);
-    if (ret) return ret;
-
-    return 0;
-}
-
-static krb5_error_code
-encode_rx_header (struct rx_header *h,
-		  krb5_storage *sp)
-{
-    krb5_error_code ret;
-
-    ret = krb5_store_uint32(sp, h->epoch);
-    if (ret) return ret;
-    ret = krb5_store_uint32(sp, h->connid);
-    if (ret) return ret;
-    ret = krb5_store_uint32(sp, h->callid);
-    if (ret) return ret;
-    ret = krb5_store_uint32(sp, h->seqno);
-    if (ret) return ret;
-    ret = krb5_store_uint32(sp, h->serialno);
-    if (ret) return ret;
-    ret = krb5_store_uint8(sp,  h->type);
-    if (ret) return ret;
-    ret = krb5_store_uint8(sp,  h->flags);
-    if (ret) return ret;
-    ret = krb5_store_uint8(sp,  h->status);
-    if (ret) return ret;
-    ret = krb5_store_uint8(sp,  h->secindex);
-    if (ret) return ret;
-    ret = krb5_store_uint16(sp, h->reserved);
-    if (ret) return ret;
-    ret = krb5_store_uint16(sp, h->serviceid);
-    if (ret) return ret;
-
-    return 0;
-}
-
-static void
-init_reply_header (struct rx_header *hdr,
-		   struct rx_header *reply_hdr,
-		   u_char type,
-		   u_char flags)
-{
-    reply_hdr->epoch     = hdr->epoch;
-    reply_hdr->connid    = hdr->connid;
-    reply_hdr->callid    = hdr->callid;
-    reply_hdr->seqno     = 1;
-    reply_hdr->serialno  = 1;
-    reply_hdr->type      = type;
-    reply_hdr->flags     = flags;
-    reply_hdr->status    = 0;
-    reply_hdr->secindex  = 0;
-    reply_hdr->reserved  = 0;
-    reply_hdr->serviceid = hdr->serviceid;
-}
-
-/*
- * Create an error `reply� using for the packet `hdr' with the error
- * `error� code.
- */
-static void
-make_error_reply (struct rx_header *hdr,
-		  uint32_t error,
-		  krb5_data *reply)
-
-{
-    struct rx_header reply_hdr;
-    krb5_error_code ret;
-    krb5_storage *sp;
-
-    init_reply_header (hdr, &reply_hdr, HT_ABORT, HF_LAST);
-    sp = krb5_storage_emem();
-    if (sp == NULL)
-	return;
-    ret = encode_rx_header (&reply_hdr, sp);
-    if (ret)
-	return;
-    krb5_store_int32(sp, error);
-    krb5_storage_to_data (sp, reply);
-    krb5_storage_free (sp);
-}
-
-static krb5_error_code
-krb5_ret_xdr_data(krb5_storage *sp,
-		  krb5_data *data)
-{
-    int ret;
-    int size;
-    ret = krb5_ret_int32(sp, &size);
-    if(ret)
-	return ret;
-    if(size < 0)
-	return ERANGE;
-    data->length = size;
-    if (size) {
-	u_char foo[4];
-	size_t pad = (4 - size % 4) % 4;
-
-	data->data = malloc(size);
-	if (data->data == NULL)
-	    return ENOMEM;
-	ret = krb5_storage_read(sp, data->data, size);
-	if(ret != size)
-	    return (ret < 0)? errno : KRB5_CC_END;
-	if (pad) {
-	    ret = krb5_storage_read(sp, foo, pad);
-	    if (ret != pad)
-		return (ret < 0)? errno : KRB5_CC_END;
-	}
-    } else
-	data->data = NULL;
-    return 0;
-}
-
-static krb5_error_code
-krb5_store_xdr_data(krb5_storage *sp,
-		    krb5_data data)
-{
-    u_char zero[4] = {0, 0, 0, 0};
-    int ret;
-    size_t pad;
-
-    ret = krb5_store_int32(sp, data.length);
-    if(ret < 0)
-	return ret;
-    ret = krb5_storage_write(sp, data.data, data.length);
-    if(ret != data.length){
-	if(ret < 0)
-	    return errno;
-	return KRB5_CC_END;
-    }
-    pad = (4 - data.length % 4) % 4;
-    if (pad) {
-	ret = krb5_storage_write(sp, zero, pad);
-	if (ret != pad) {
-	    if (ret < 0)
-		return errno;
-	    return KRB5_CC_END;
-	}
-    }
-    return 0;
-}
-
-
-static krb5_error_code
-create_reply_ticket (krb5_context context, 
-		     struct rx_header *hdr,
-		     Key *skey,
-		     char *name, char *instance, char *realm,
-		     struct sockaddr_in *addr,
-		     int life,
-		     int kvno,
-		     int32_t max_seq_len,
-		     const char *sname, const char *sinstance,
-		     uint32_t challenge,
-		     const char *label,
-		     krb5_keyblock *key,
-		     krb5_data *reply)
-{
-    krb5_error_code ret;
-    krb5_data ticket;
-    krb5_keyblock session;
-    krb5_storage *sp;
-    krb5_data enc_data;
-    struct rx_header reply_hdr;
-    char zero[8];
-    size_t pad;
-    unsigned fyrtiosjuelva;
-
-    /* create the ticket */
-
-    krb5_generate_random_keyblock(context, ETYPE_DES_PCBC_NONE, &session);
-
-    _krb5_krb_create_ticket(context,
-			    0,
-			    name,
-			    instance,
-			    realm,
-			    addr->sin_addr.s_addr,
-			    &session,
-			    life,
-			    kdc_time,
-			    sname,
-			    sinstance,
-			    &skey->key,
-			    &ticket);
-
-    /* create the encrypted part of the reply */
-    sp = krb5_storage_emem ();
-    krb5_generate_random_block(&fyrtiosjuelva, sizeof(fyrtiosjuelva));
-    fyrtiosjuelva &= 0xffffffff;
-    krb5_store_int32 (sp, fyrtiosjuelva);
-    krb5_store_int32 (sp, challenge);
-    krb5_storage_write  (sp, session.keyvalue.data, 8);
-    krb5_free_keyblock_contents(context, &session);
-    krb5_store_int32 (sp, kdc_time);
-    krb5_store_int32 (sp, kdc_time + _krb5_krb_life_to_time (0, life));
-    krb5_store_int32 (sp, kvno);
-    krb5_store_int32 (sp, ticket.length);
-    krb5_store_stringz (sp, name);
-    krb5_store_stringz (sp, instance);
-#if 1 /* XXX - Why shouldn't the realm go here? */
-    krb5_store_stringz (sp, "");
-#else
-    krb5_store_stringz (sp, realm);
-#endif
-    krb5_store_stringz (sp, sname);
-    krb5_store_stringz (sp, sinstance);
-    krb5_storage_write (sp, ticket.data, ticket.length);
-    krb5_storage_write (sp, label, strlen(label));
-
-    /* pad to DES block */
-    memset (zero, 0, sizeof(zero));
-    pad = (8 - krb5_storage_seek (sp, 0, SEEK_CUR) % 8) % 8;
-    krb5_storage_write (sp, zero, pad);
-
-    krb5_storage_to_data (sp, &enc_data);
-    krb5_storage_free (sp);
-
-    if (enc_data.length > max_seq_len) {
-	krb5_data_free (&enc_data);
-	make_error_reply (hdr, KAANSWERTOOLONG, reply);
-	return 0;
-    }
-
-    /* encrypt it */
-    {
-        DES_key_schedule schedule;
-	DES_cblock deskey;
-	
-	memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
-	DES_set_key (&deskey, &schedule);
-	DES_pcbc_encrypt (enc_data.data,
-			  enc_data.data,
-			  enc_data.length,
-			  &schedule,
-			  &deskey,
-			  DES_ENCRYPT);
-	memset (&schedule, 0, sizeof(schedule));
-	memset (&deskey, 0, sizeof(deskey));
-    }
-
-    /* create the reply packet */
-    init_reply_header (hdr, &reply_hdr, HT_DATA, HF_LAST);
-    sp = krb5_storage_emem ();
-    ret = encode_rx_header (&reply_hdr, sp);
-    krb5_store_int32 (sp, max_seq_len);
-    krb5_store_xdr_data (sp, enc_data);
-    krb5_data_free (&enc_data);
-    krb5_storage_to_data (sp, reply);
-    krb5_storage_free (sp);
-    return 0;
-}
-
-static krb5_error_code
-unparse_auth_args (krb5_storage *sp,
-		   char **name,
-		   char **instance,
-		   time_t *start_time,
-		   time_t *end_time,
-		   krb5_data *request,
-		   int32_t *max_seq_len)
-{
-    krb5_data data;
-    int32_t tmp;
-
-    krb5_ret_xdr_data (sp, &data);
-    *name = malloc(data.length + 1);
-    if (*name == NULL)
-	return ENOMEM;
-    memcpy (*name, data.data, data.length);
-    (*name)[data.length] = '\0';
-    krb5_data_free (&data);
-
-    krb5_ret_xdr_data (sp, &data);
-    *instance = malloc(data.length + 1);
-    if (*instance == NULL) {
-	free (*name);
-	return ENOMEM;
-    }
-    memcpy (*instance, data.data, data.length);
-    (*instance)[data.length] = '\0';
-    krb5_data_free (&data);
-
-    krb5_ret_int32 (sp, &tmp);
-    *start_time = tmp;
-    krb5_ret_int32 (sp, &tmp);
-    *end_time = tmp;
-    krb5_ret_xdr_data (sp, request);
-    krb5_ret_int32 (sp, max_seq_len);
-    /* ignore the rest */
-    return 0;
-}
-
-static void
-do_authenticate (krb5_context context, 
-		 krb5_kdc_configuration *config,
-		 struct rx_header *hdr,
-		 krb5_storage *sp,
-		 struct sockaddr_in *addr,
-		 const char *from,
-		 krb5_data *reply)
-{
-    krb5_error_code ret;
-    char *name = NULL;
-    char *instance = NULL;
-    time_t start_time;
-    time_t end_time;
-    krb5_data request;
-    int32_t max_seq_len;
-    hdb_entry_ex *client_entry = NULL;
-    hdb_entry_ex *server_entry = NULL;
-    Key *ckey = NULL;
-    Key *skey = NULL;
-    krb5_storage *reply_sp;
-    time_t max_life;
-    uint8_t life;
-    int32_t chal;
-    char client_name[256];
-    char server_name[256];
-	
-    krb5_data_zero (&request);
-
-    ret = unparse_auth_args (sp, &name, &instance, &start_time, &end_time,
-			     &request, &max_seq_len);
-    if (ret != 0 || request.length < 8) {
-	make_error_reply (hdr, KABADREQUEST, reply);
-	goto out;
-    }
-
-    snprintf (client_name, sizeof(client_name), "%s.%s@%s",
-	      name, instance, config->v4_realm);
-    snprintf (server_name, sizeof(server_name), "%s.%s@%s",
-	      "krbtgt", config->v4_realm, config->v4_realm);
-
-    kdc_log(context, config, 0, "AS-REQ (kaserver) %s from %s for %s",
-	    client_name, from, server_name);
-
-    ret = _kdc_db_fetch4 (context, config, name, instance, 
-			  config->v4_realm, HDB_F_GET_CLIENT,
-			  &client_entry);
-    if (ret) {
-	kdc_log(context, config, 0, "Client not found in database: %s: %s",
-		client_name, krb5_get_err_text(context, ret));
-	make_error_reply (hdr, KANOENT, reply);
-	goto out;
-    }
-
-    ret = _kdc_db_fetch4 (context, config, "krbtgt", 
-			  config->v4_realm, config->v4_realm, 
-			  HDB_F_GET_KRBTGT, &server_entry);
-    if (ret) {
-	kdc_log(context, config, 0, "Server not found in database: %s: %s",
-		server_name, krb5_get_err_text(context, ret));
-	make_error_reply (hdr, KANOENT, reply);
-	goto out;
-    }
-
-    ret = _kdc_check_flags (context, config,
-			    client_entry, client_name,
-			    server_entry, server_name,
-			    TRUE);
-    if (ret) {
-	make_error_reply (hdr, KAPWEXPIRED, reply);
-	goto out;
-    }
-
-    /* find a DES key */
-    ret = _kdc_get_des_key(context, client_entry, FALSE, TRUE, &ckey);
-    if(ret){
-	kdc_log(context, config, 0, "no suitable DES key for client");
-	make_error_reply (hdr, KANOKEYS, reply);
-	goto out;
-    }
-
-    /* find a DES key */
-    ret = _kdc_get_des_key(context, server_entry, TRUE, TRUE, &skey);
-    if(ret){
-	kdc_log(context, config, 0, "no suitable DES key for server");
-	make_error_reply (hdr, KANOKEYS, reply);
-	goto out;
-    }
-
-    {
-	DES_cblock key;
-	DES_key_schedule schedule;
-	
-	/* try to decode the `request' */
-	memcpy (&key, ckey->key.keyvalue.data, sizeof(key));
-	DES_set_key (&key, &schedule);
-	DES_pcbc_encrypt (request.data,
-			  request.data,
-			  request.length,
-			  &schedule,
-			  &key,
-			  DES_DECRYPT);
-	memset (&schedule, 0, sizeof(schedule));
-	memset (&key, 0, sizeof(key));
-    }
-
-    /* check for the magic label */
-    if (memcmp ((char *)request.data + 4, "gTGS", 4) != 0) {
-	kdc_log(context, config, 0, "preauth failed for %s", client_name);
-	make_error_reply (hdr, KABADREQUEST, reply);
-	goto out;
-    }
-
-    reply_sp = krb5_storage_from_mem (request.data, 4);
-    krb5_ret_int32 (reply_sp, &chal);
-    krb5_storage_free (reply_sp);
-
-    if (abs(chal - kdc_time) > context->max_skew) {
-	make_error_reply (hdr, KACLOCKSKEW, reply);
-	goto out;
-    }
-
-    /* life */
-    max_life = end_time - kdc_time;
-    /* end_time - kdc_time can sometimes be non-positive due to slight
-       time skew between client and server. Let's make sure it is postive */
-    if(max_life < 1)
-	max_life = 1;
-    if (client_entry->entry.max_life)
-	max_life = min(max_life, *client_entry->entry.max_life);
-    if (server_entry->entry.max_life)
-	max_life = min(max_life, *server_entry->entry.max_life);
-
-    life = krb_time_to_life(kdc_time, kdc_time + max_life);
-
-    create_reply_ticket (context, 
-			 hdr, skey,
-			 name, instance, config->v4_realm,
-			 addr, life, server_entry->entry.kvno,
-			 max_seq_len,
-			 "krbtgt", config->v4_realm,
-			 chal + 1, "tgsT",
-			 &ckey->key, reply);
-
- out:
-    if (request.length) {
-	memset (request.data, 0, request.length);
-	krb5_data_free (&request);
-    }
-    if (name)
-	free (name);
-    if (instance)
-	free (instance);
-    if (client_entry)
-	_kdc_free_ent (context, client_entry);
-    if (server_entry)
-	_kdc_free_ent (context, server_entry);
-}
-
-static krb5_error_code
-unparse_getticket_args (krb5_storage *sp,
-			int *kvno,
-			char **auth_domain,
-			krb5_data *ticket,
-			char **name,
-			char **instance,
-			krb5_data *times,
-			int32_t *max_seq_len)
-{
-    krb5_data data;
-    int32_t tmp;
-
-    krb5_ret_int32 (sp, &tmp);
-    *kvno = tmp;
-
-    krb5_ret_xdr_data (sp, &data);
-    *auth_domain = malloc(data.length + 1);
-    if (*auth_domain == NULL)
-	return ENOMEM;
-    memcpy (*auth_domain, data.data, data.length);
-    (*auth_domain)[data.length] = '\0';
-    krb5_data_free (&data);
-
-    krb5_ret_xdr_data (sp, ticket);
-
-    krb5_ret_xdr_data (sp, &data);
-    *name = malloc(data.length + 1);
-    if (*name == NULL) {
-	free (*auth_domain);
-	return ENOMEM;
-    }
-    memcpy (*name, data.data, data.length);
-    (*name)[data.length] = '\0';
-    krb5_data_free (&data);
-
-    krb5_ret_xdr_data (sp, &data);
-    *instance = malloc(data.length + 1);
-    if (*instance == NULL) {
-	free (*auth_domain);
-	free (*name);
-	return ENOMEM;
-    }
-    memcpy (*instance, data.data, data.length);
-    (*instance)[data.length] = '\0';
-    krb5_data_free (&data);
-
-    krb5_ret_xdr_data (sp, times);
-
-    krb5_ret_int32 (sp, max_seq_len);
-    /* ignore the rest */
-    return 0;
-}
-
-static void
-do_getticket (krb5_context context, 
-	      krb5_kdc_configuration *config,
-	      struct rx_header *hdr,
-	      krb5_storage *sp,
-	      struct sockaddr_in *addr,
-	      const char *from,
-	      krb5_data *reply)
-{
-    krb5_error_code ret;
-    int kvno;
-    char *auth_domain = NULL;
-    krb5_data aticket;
-    char *name = NULL;
-    char *instance = NULL;
-    krb5_data times;
-    int32_t max_seq_len;
-    hdb_entry_ex *server_entry = NULL;
-    hdb_entry_ex *client_entry = NULL;
-    hdb_entry_ex *krbtgt_entry = NULL;
-    Key *kkey = NULL;
-    Key *skey = NULL;
-    DES_cblock key;
-    DES_key_schedule schedule;
-    DES_cblock session;
-    time_t max_life;
-    int8_t life;
-    time_t start_time, end_time;
-    char server_name[256];
-    char client_name[256];
-    struct _krb5_krb_auth_data ad;
-
-    krb5_data_zero (&aticket);
-    krb5_data_zero (&times);
-
-    memset(&ad, 0, sizeof(ad));
-
-    unparse_getticket_args (sp, &kvno, &auth_domain, &aticket,
-			    &name, &instance, &times, &max_seq_len);
-    if (times.length < 8) {
-	make_error_reply (hdr, KABADREQUEST, reply);
-	goto out;
-	
-    }
-
-    snprintf (server_name, sizeof(server_name),
-	      "%s.%s@%s", name, instance, config->v4_realm);
-
-    ret = _kdc_db_fetch4 (context, config, name, instance, 
-			  config->v4_realm, HDB_F_GET_SERVER, &server_entry);
-    if (ret) {
-	kdc_log(context, config, 0, "Server not found in database: %s: %s",
-		server_name, krb5_get_err_text(context, ret));
-	make_error_reply (hdr, KANOENT, reply);
-	goto out;
-    }
-
-    ret = _kdc_db_fetch4 (context, config, "krbtgt", 
-		     config->v4_realm, config->v4_realm, HDB_F_GET_KRBTGT, &krbtgt_entry);
-    if (ret) {
-	kdc_log(context, config, 0,
-		"Server not found in database: %s.%s@%s: %s",
-		"krbtgt", config->v4_realm,  config->v4_realm,
-		krb5_get_err_text(context, ret));
-	make_error_reply (hdr, KANOENT, reply);
-	goto out;
-    }
-
-    /* find a DES key */
-    ret = _kdc_get_des_key(context, krbtgt_entry, TRUE, TRUE, &kkey);
-    if(ret){
-	kdc_log(context, config, 0, "no suitable DES key for krbtgt");
-	make_error_reply (hdr, KANOKEYS, reply);
-	goto out;
-    }
-
-    /* find a DES key */
-    ret = _kdc_get_des_key(context, server_entry, TRUE, TRUE, &skey);
-    if(ret){
-	kdc_log(context, config, 0, "no suitable DES key for server");
-	make_error_reply (hdr, KANOKEYS, reply);
-	goto out;
-    }
-
-    /* decrypt the incoming ticket */
-    memcpy (&key, kkey->key.keyvalue.data, sizeof(key));
-
-    /* unpack the ticket */
-    {
-	char *sname = NULL;
-	char *sinstance = NULL;
-
-	ret = _krb5_krb_decomp_ticket(context, &aticket, &kkey->key, 
-				      config->v4_realm, &sname,
-				      &sinstance, &ad);
-	if (ret) {
-	    kdc_log(context, config, 0,
-		    "kaserver: decomp failed for %s.%s with %d",
-		    sname, sinstance, ret);
-	    make_error_reply (hdr, KABADTICKET, reply);
-	    goto out;
-	}
-
-	if (strcmp (sname, "krbtgt") != 0
-	    || strcmp (sinstance, config->v4_realm) != 0) {
-	    kdc_log(context, config, 0, "no TGT: %s.%s for %s.%s@%s",
-		    sname, sinstance,
-		    ad.pname, ad.pinst, ad.prealm);
-	    make_error_reply (hdr, KABADTICKET, reply);
-	    free(sname);
-	    free(sinstance);
-	    goto out;
-	}
-	free(sname);
-	free(sinstance);
-
-	if (kdc_time > _krb5_krb_life_to_time(ad.time_sec, ad.life)) {
-	    kdc_log(context, config, 0, "TGT expired: %s.%s@%s",
-		    ad.pname, ad.pinst, ad.prealm);
-	    make_error_reply (hdr, KABADTICKET, reply);
-	    goto out;
-	}
-    }
-
-    snprintf (client_name, sizeof(client_name),
-	      "%s.%s@%s", ad.pname, ad.pinst, ad.prealm);
-
-    kdc_log(context, config, 0, "TGS-REQ (kaserver) %s from %s for %s",
-	    client_name, from, server_name);
-
-    ret = _kdc_db_fetch4 (context, config, 
-			  ad.pname, ad.pinst, ad.prealm, HDB_F_GET_CLIENT,
-			  &client_entry);
-    if(ret && ret != HDB_ERR_NOENTRY) {
-	kdc_log(context, config, 0,
-		"Client not found in database: (krb4) %s: %s",
-		client_name, krb5_get_err_text(context, ret));
-	make_error_reply (hdr, KANOENT, reply);
-	goto out;
-    }
-    if (client_entry == NULL && strcmp(ad.prealm, config->v4_realm) == 0) {
-	kdc_log(context, config, 0, 
-		"Local client not found in database: (krb4) "
-		"%s", client_name);
-	make_error_reply (hdr, KANOENT, reply);
-	goto out;
-    }
-
-    ret = _kdc_check_flags (context, config, 
-			    client_entry, client_name,
-			    server_entry, server_name,
-			    FALSE);
-    if (ret) {
-	make_error_reply (hdr, KAPWEXPIRED, reply);
-	goto out;
-    }
-
-    /* decrypt the times */
-    memcpy(&session, ad.session.keyvalue.data, sizeof(session));
-    DES_set_key (&session, &schedule);
-    DES_ecb_encrypt (times.data,
-		     times.data,
-		     &schedule,
-		     DES_DECRYPT);
-    memset (&schedule, 0, sizeof(schedule));
-    memset (&session, 0, sizeof(session));
-
-    /* and extract them */
-    {
-	krb5_storage *tsp;
-	int32_t tmp;
-
-	tsp = krb5_storage_from_mem (times.data, times.length);
-	krb5_ret_int32 (tsp, &tmp);
-	start_time = tmp;
-	krb5_ret_int32 (tsp, &tmp);
-	end_time = tmp;
-	krb5_storage_free (tsp);
-    }
-
-    /* life */
-    max_life = end_time - kdc_time;
-    /* end_time - kdc_time can sometimes be non-positive due to slight
-       time skew between client and server. Let's make sure it is postive */
-    if(max_life < 1)
-	max_life = 1;
-    if (krbtgt_entry->entry.max_life)
-	max_life = min(max_life, *krbtgt_entry->entry.max_life);
-    if (server_entry->entry.max_life)
-	max_life = min(max_life, *server_entry->entry.max_life);
-    /* if this is a cross realm request, the client_entry will likely
-       be NULL */
-    if (client_entry && client_entry->entry.max_life)
-	max_life = min(max_life, *client_entry->entry.max_life);
-
-    life = _krb5_krb_time_to_life(kdc_time, kdc_time + max_life);
-
-    create_reply_ticket (context, 
-			 hdr, skey,
-			 ad.pname, ad.pinst, ad.prealm,
-			 addr, life, server_entry->entry.kvno,
-			 max_seq_len,
-			 name, instance,
-			 0, "gtkt",
-			 &ad.session, reply);
-    
- out:
-    _krb5_krb_free_auth_data(context, &ad);
-    if (aticket.length) {
-	memset (aticket.data, 0, aticket.length);
-	krb5_data_free (&aticket);
-    }
-    if (times.length) {
-	memset (times.data, 0, times.length);
-	krb5_data_free (&times);
-    }
-    if (auth_domain)
-	free (auth_domain);
-    if (name)
-	free (name);
-    if (instance)
-	free (instance);
-    if (krbtgt_entry)
-	_kdc_free_ent (context, krbtgt_entry);
-    if (server_entry)
-	_kdc_free_ent (context, server_entry);
-}
-
-krb5_error_code
-_kdc_do_kaserver(krb5_context context, 
-		 krb5_kdc_configuration *config,
-		 unsigned char *buf,
-		 size_t len,
-		 krb5_data *reply,
-		 const char *from,
-		 struct sockaddr_in *addr)
-{
-    krb5_error_code ret = 0;
-    struct rx_header hdr;
-    uint32_t op;
-    krb5_storage *sp;
-
-    if (len < RX_HEADER_SIZE)
-	return -1;
-    sp = krb5_storage_from_mem (buf, len);
-
-    ret = decode_rx_header (sp, &hdr);
-    if (ret)
-	goto out;
-    buf += RX_HEADER_SIZE;
-    len -= RX_HEADER_SIZE;
-
-    switch (hdr.type) {
-    case HT_DATA :
-	break;
-    case HT_ACK :
-    case HT_BUSY :
-    case HT_ABORT :
-    case HT_ACKALL :
-    case HT_CHAL :
-    case HT_RESP :
-    case HT_DEBUG :
-    default:
-	/* drop */
-	goto out;
-    }
-
-
-    if (hdr.serviceid != KA_AUTHENTICATION_SERVICE
-	&& hdr.serviceid != KA_TICKET_GRANTING_SERVICE) {
-	ret = -1;
-	goto out;
-    }
-
-    ret = krb5_ret_uint32(sp, &op);
-    if (ret)
-	goto out;
-    switch (op) {
-    case AUTHENTICATE :
-    case AUTHENTICATE_V2 :
-	do_authenticate (context, config, &hdr, sp, addr, from, reply);
-	break;
-    case GETTICKET :
-	do_getticket (context, config, &hdr, sp, addr, from, reply);
-	break;
-    case AUTHENTICATE_OLD :
-    case CHANGEPASSWORD :
-    case GETTICKET_OLD :
-    case SETPASSWORD :
-    case SETFIELDS :
-    case CREATEUSER :
-    case DELETEUSER :
-    case GETENTRY :
-    case LISTENTRY :
-    case GETSTATS :
-    case DEBUG :
-    case GETPASSWORD :
-    case GETRANDOMKEY :
-    default :
-	make_error_reply (&hdr, RXGEN_OPCODE, reply);
-	break;
-    }
-
-out:
-    krb5_storage_free (sp);
-    return ret;
-}
diff --git a/crypto/heimdal/kdc/kdc-private.h b/crypto/heimdal/kdc/kdc-private.h
deleted file mode 100644
index 030be9ae58ba..000000000000
--- a/crypto/heimdal/kdc/kdc-private.h
+++ /dev/null
@@ -1,286 +0,0 @@
-/* This is a generated file */
-#ifndef __kdc_private_h__
-#define __kdc_private_h__
-
-#include <stdarg.h>
-
-krb5_error_code
-_kdc_add_KRB5SignedPath (
-	krb5_context /*context*/,
-	krb5_kdc_configuration */*config*/,
-	hdb_entry_ex */*krbtgt*/,
-	krb5_enctype /*enctype*/,
-	krb5_const_principal /*server*/,
-	KRB5SignedPathPrincipals */*principals*/,
-	EncTicketPart */*tkt*/);
-
-krb5_error_code
-_kdc_add_inital_verified_cas (
-	krb5_context /*context*/,
-	krb5_kdc_configuration */*config*/,
-	pk_client_params */*params*/,
-	EncTicketPart */*tkt*/);
-
-krb5_error_code
-_kdc_as_rep (
-	krb5_context /*context*/,
-	krb5_kdc_configuration */*config*/,
-	KDC_REQ */*req*/,
-	const krb5_data */*req_buffer*/,
-	krb5_data */*reply*/,
-	const char */*from*/,
-	struct sockaddr */*from_addr*/,
-	int /*datagram_reply*/);
-
-krb5_boolean
-_kdc_check_addresses (
-	krb5_context /*context*/,
-	krb5_kdc_configuration */*config*/,
-	HostAddresses */*addresses*/,
-	const struct sockaddr */*from*/);
-
-krb5_error_code
-_kdc_check_flags (
-	krb5_context /*context*/,
-	krb5_kdc_configuration */*config*/,
-	hdb_entry_ex */*client_ex*/,
-	const char */*client_name*/,
-	hdb_entry_ex */*server_ex*/,
-	const char */*server_name*/,
-	krb5_boolean /*is_as_req*/);
-
-krb5_error_code
-_kdc_db_fetch (
-	krb5_context /*context*/,
-	krb5_kdc_configuration */*config*/,
-	krb5_const_principal /*principal*/,
-	unsigned /*flags*/,
-	HDB **/*db*/,
-	hdb_entry_ex **/*h*/);
-
-krb5_error_code
-_kdc_db_fetch4 (
-	krb5_context /*context*/,
-	krb5_kdc_configuration */*config*/,
-	const char */*name*/,
-	const char */*instance*/,
-	const char */*realm*/,
-	unsigned /*flags*/,
-	hdb_entry_ex **/*ent*/);
-
-krb5_error_code
-_kdc_do_524 (
-	krb5_context /*context*/,
-	krb5_kdc_configuration */*config*/,
-	const Ticket */*t*/,
-	krb5_data */*reply*/,
-	const char */*from*/,
-	struct sockaddr */*addr*/);
-
-krb5_error_code
-_kdc_do_digest (
-	krb5_context /*context*/,
-	krb5_kdc_configuration */*config*/,
-	const DigestREQ */*req*/,
-	krb5_data */*reply*/,
-	const char */*from*/,
-	struct sockaddr */*addr*/);
-
-krb5_error_code
-_kdc_do_kaserver (
-	krb5_context /*context*/,
-	krb5_kdc_configuration */*config*/,
-	unsigned char */*buf*/,
-	size_t /*len*/,
-	krb5_data */*reply*/,
-	const char */*from*/,
-	struct sockaddr_in */*addr*/);
-
-krb5_error_code
-_kdc_do_kx509 (
-	krb5_context /*context*/,
-	krb5_kdc_configuration */*config*/,
-	const Kx509Request */*req*/,
-	krb5_data */*reply*/,
-	const char */*from*/,
-	struct sockaddr */*addr*/);
-
-krb5_error_code
-_kdc_do_version4 (
-	krb5_context /*context*/,
-	krb5_kdc_configuration */*config*/,
-	unsigned char */*buf*/,
-	size_t /*len*/,
-	krb5_data */*reply*/,
-	const char */*from*/,
-	struct sockaddr_in */*addr*/);
-
-krb5_error_code
-_kdc_encode_reply (
-	krb5_context /*context*/,
-	krb5_kdc_configuration */*config*/,
-	KDC_REP */*rep*/,
-	const EncTicketPart */*et*/,
-	EncKDCRepPart */*ek*/,
-	krb5_enctype /*etype*/,
-	int /*skvno*/,
-	const EncryptionKey */*skey*/,
-	int /*ckvno*/,
-	const EncryptionKey */*ckey*/,
-	const char **/*e_text*/,
-	krb5_data */*reply*/);
-
-krb5_error_code
-_kdc_encode_v4_ticket (
-	krb5_context /*context*/,
-	krb5_kdc_configuration */*config*/,
-	void */*buf*/,
-	size_t /*len*/,
-	const EncTicketPart */*et*/,
-	const PrincipalName */*service*/,
-	size_t */*size*/);
-
-krb5_error_code
-_kdc_find_etype (
-	krb5_context /*context*/,
-	const hdb_entry_ex */*princ*/,
-	krb5_enctype */*etypes*/,
-	unsigned /*len*/,
-	Key **/*ret_key*/,
-	krb5_enctype */*ret_etype*/);
-
-const PA_DATA*
-_kdc_find_padata (
-	const KDC_REQ */*req*/,
-	int */*start*/,
-	int /*type*/);
-
-void
-_kdc_fix_time (time_t **/*t*/);
-
-void
-_kdc_free_ent (
-	krb5_context /*context*/,
-	hdb_entry_ex */*ent*/);
-
-krb5_error_code
-_kdc_get_des_key (
-	krb5_context /*context*/,
-	hdb_entry_ex */*principal*/,
-	krb5_boolean /*is_server*/,
-	krb5_boolean /*prefer_afs_key*/,
-	Key **/*ret_key*/);
-
-krb5_error_code
-_kdc_get_preferred_key (
-	krb5_context /*context*/,
-	krb5_kdc_configuration */*config*/,
-	hdb_entry_ex */*h*/,
-	const char */*name*/,
-	krb5_enctype */*enctype*/,
-	Key **/*key*/);
-
-void
-_kdc_log_timestamp (
-	krb5_context /*context*/,
-	krb5_kdc_configuration */*config*/,
-	const char */*type*/,
-	KerberosTime /*authtime*/,
-	KerberosTime */*starttime*/,
-	KerberosTime /*endtime*/,
-	KerberosTime */*renew_till*/);
-
-krb5_error_code
-_kdc_make_anonymous_principalname (PrincipalName */*pn*/);
-
-int
-_kdc_maybe_version4 (
-	unsigned char */*buf*/,
-	int /*len*/);
-
-krb5_error_code
-_kdc_pac_generate (
-	krb5_context /*context*/,
-	hdb_entry_ex */*client*/,
-	krb5_pac */*pac*/);
-
-krb5_error_code
-_kdc_pac_verify (
-	krb5_context /*context*/,
-	const krb5_principal /*client_principal*/,
-	hdb_entry_ex */*client*/,
-	hdb_entry_ex */*server*/,
-	krb5_pac */*pac*/);
-
-krb5_error_code
-_kdc_pk_check_client (
-	krb5_context /*context*/,
-	krb5_kdc_configuration */*config*/,
-	const hdb_entry_ex */*client*/,
-	pk_client_params */*client_params*/,
-	char **/*subject_name*/);
-
-void
-_kdc_pk_free_client_param (
-	krb5_context /*context*/,
-	pk_client_params */*client_params*/);
-
-krb5_error_code
-_kdc_pk_initialize (
-	krb5_context /*context*/,
-	krb5_kdc_configuration */*config*/,
-	const char */*user_id*/,
-	const char */*anchors*/,
-	char **/*pool*/,
-	char **/*revoke_list*/);
-
-krb5_error_code
-_kdc_pk_mk_pa_reply (
-	krb5_context /*context*/,
-	krb5_kdc_configuration */*config*/,
-	pk_client_params */*client_params*/,
-	const hdb_entry_ex */*client*/,
-	const KDC_REQ */*req*/,
-	const krb5_data */*req_buffer*/,
-	krb5_keyblock **/*reply_key*/,
-	METHOD_DATA */*md*/);
-
-krb5_error_code
-_kdc_pk_rd_padata (
-	krb5_context /*context*/,
-	krb5_kdc_configuration */*config*/,
-	const KDC_REQ */*req*/,
-	const PA_DATA */*pa*/,
-	pk_client_params **/*ret_params*/);
-
-krb5_error_code
-_kdc_tgs_rep (
-	krb5_context /*context*/,
-	krb5_kdc_configuration */*config*/,
-	KDC_REQ */*req*/,
-	krb5_data */*data*/,
-	const char */*from*/,
-	struct sockaddr */*from_addr*/,
-	int /*datagram_reply*/);
-
-krb5_error_code
-_kdc_tkt_add_if_relevant_ad (
-	krb5_context /*context*/,
-	EncTicketPart */*tkt*/,
-	int /*type*/,
-	const krb5_data */*data*/);
-
-krb5_error_code
-_kdc_try_kx509_request (
-	void */*ptr*/,
-	size_t /*len*/,
-	Kx509Request */*req*/,
-	size_t */*size*/);
-
-krb5_error_code
-_kdc_windc_client_access (
-	krb5_context /*context*/,
-	struct hdb_entry_ex */*client*/,
-	KDC_REQ */*req*/);
-
-#endif /* __kdc_private_h__ */
diff --git a/crypto/heimdal/kdc/kdc-protos.h b/crypto/heimdal/kdc/kdc-protos.h
deleted file mode 100644
index 15e8c29f4cb1..000000000000
--- a/crypto/heimdal/kdc/kdc-protos.h
+++ /dev/null
@@ -1,92 +0,0 @@
-/* This is a generated file */
-#ifndef __kdc_protos_h__
-#define __kdc_protos_h__
-
-#include <stdarg.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-void
-kdc_log (
-	krb5_context /*context*/,
-	krb5_kdc_configuration */*config*/,
-	int /*level*/,
-	const char */*fmt*/,
-	...);
-
-char*
-kdc_log_msg (
-	krb5_context /*context*/,
-	krb5_kdc_configuration */*config*/,
-	int /*level*/,
-	const char */*fmt*/,
-	...);
-
-char*
-kdc_log_msg_va (
-	krb5_context /*context*/,
-	krb5_kdc_configuration */*config*/,
-	int /*level*/,
-	const char */*fmt*/,
-	va_list /*ap*/);
-
-void
-kdc_openlog (
-	krb5_context /*context*/,
-	krb5_kdc_configuration */*config*/);
-
-krb5_error_code
-krb5_kdc_get_config (
-	krb5_context /*context*/,
-	krb5_kdc_configuration **/*config*/);
-
-int
-krb5_kdc_process_krb5_request (
-	krb5_context /*context*/,
-	krb5_kdc_configuration */*config*/,
-	unsigned char */*buf*/,
-	size_t /*len*/,
-	krb5_data */*reply*/,
-	const char */*from*/,
-	struct sockaddr */*addr*/,
-	int /*datagram_reply*/);
-
-int
-krb5_kdc_process_request (
-	krb5_context /*context*/,
-	krb5_kdc_configuration */*config*/,
-	unsigned char */*buf*/,
-	size_t /*len*/,
-	krb5_data */*reply*/,
-	krb5_boolean */*prependlength*/,
-	const char */*from*/,
-	struct sockaddr */*addr*/,
-	int /*datagram_reply*/);
-
-int
-krb5_kdc_save_request (
-	krb5_context /*context*/,
-	const char */*fn*/,
-	const unsigned char */*buf*/,
-	size_t /*len*/,
-	const krb5_data */*reply*/,
-	const struct sockaddr */*sa*/);
-
-krb5_error_code
-krb5_kdc_set_dbinfo (
-	krb5_context /*context*/,
-	struct krb5_kdc_configuration */*c*/);
-
-void
-krb5_kdc_update_time (struct timeval */*tv*/);
-
-krb5_error_code
-krb5_kdc_windc_init (krb5_context /*context*/);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __kdc_protos_h__ */
diff --git a/crypto/heimdal/kdc/kdc-replay.c b/crypto/heimdal/kdc/kdc-replay.c
deleted file mode 100644
index 966831dca3f0..000000000000
--- a/crypto/heimdal/kdc/kdc-replay.c
+++ /dev/null
@@ -1,197 +0,0 @@
-/*
- * Copyright (c) 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kdc_locl.h"
-
-RCSID("$Id: kdc-replay.c 21945 2007-10-03 21:52:24Z lha $");
-
-static int version_flag;
-static int help_flag;
-
-struct getargs args[] = {
-    { "version",   0,	arg_flag, &version_flag },
-    { "help",     'h',	arg_flag, &help_flag }
-};
-
-const static int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(int ret)
-{
-    arg_printusage (args, num_args, NULL, "kdc-request-log-file");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_context context;
-    krb5_kdc_configuration *config;
-    krb5_storage *sp;
-    int fd, optidx = 0;
-
-    setprogname(argv[0]);
-    
-    if(getarg(args, num_args, argc, argv, &optidx))
-	usage(1);
-
-    if(help_flag)
-	usage(0);
-    
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed to parse configuration file");
-
-    ret = krb5_kdc_get_config(context, &config);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_kdc_default_config");
-
-    kdc_openlog(context, config);
-
-    ret = krb5_kdc_set_dbinfo(context, config);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_kdc_set_dbinfo");
-
-    if (argc != 2)
-	errx(1, "argc != 2");
-
-    printf("kdc replay\n");
-
-    fd = open(argv[1], O_RDONLY);
-    if (fd < 0)
-	err(1, "open: %s", argv[1]);
-
-    sp = krb5_storage_from_fd(fd);
-    if (sp == NULL)
-	krb5_errx(context, 1, "krb5_storage_from_fd");
-
-    while(1) {
-	struct sockaddr_storage sa;
-	krb5_socklen_t salen = sizeof(sa);
-	struct timeval tv;
-	krb5_address a;
-	krb5_data d, r;
-	uint32_t t, clty, tag;
-	char astr[80];
-
-	ret = krb5_ret_uint32(sp, &t);
-	if (ret == HEIM_ERR_EOF)
-	    break;
-	else if (ret)
-	    krb5_errx(context, 1, "krb5_ret_uint32(version)");
-	if (t != 1)
-	    krb5_errx(context, 1, "version not 1");
-	ret = krb5_ret_uint32(sp, &t);
-	if (ret)
-	    krb5_errx(context, 1, "krb5_ret_uint32(time)");
-	ret = krb5_ret_address(sp, &a);
-	if (ret)
-	    krb5_errx(context, 1, "krb5_ret_address");
-	ret = krb5_ret_data(sp, &d);
-	if (ret)
-	    krb5_errx(context, 1, "krb5_ret_data");
-	ret = krb5_ret_uint32(sp, &clty);
-	if (ret)
-	    krb5_errx(context, 1, "krb5_ret_uint32(class|type)");
-	ret = krb5_ret_uint32(sp, &tag);
-	if (ret)
-	    krb5_errx(context, 1, "krb5_ret_uint32(tag)");
-
-
-	ret = krb5_addr2sockaddr (context, &a, (struct sockaddr *)&sa,
-				  &salen, 88);
-	if (ret == KRB5_PROG_ATYPE_NOSUPP)
-	    goto out;
-	else if (ret)
-	    krb5_err(context, 1, ret, "krb5_addr2sockaddr");
-
-	ret = krb5_print_address(&a, astr, sizeof(astr), NULL);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_print_address");
-
-	printf("processing request from %s, %lu bytes\n", 
-	       astr, (unsigned long)d.length);
-
-	r.length = 0;
-	r.data = NULL;
-
-	tv.tv_sec = t;
-	tv.tv_usec = 0;
-
-	krb5_kdc_update_time(&tv);
-	krb5_set_real_time(context, tv.tv_sec, 0);
-
-	ret = krb5_kdc_process_request(context, config, d.data, d.length,
-				       &r, NULL, astr,
-				       (struct sockaddr *)&sa, 0);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_kdc_process_request");
-
-	if (r.length) {
-	    Der_class cl;
-	    Der_type ty;
-	    unsigned int tag2;
-	    ret = der_get_tag (r.data, r.length,
-			       &cl, &ty, &tag2, NULL);
-	    if (MAKE_TAG(cl, ty, 0) != clty)
-		krb5_errx(context, 1, "class|type mismatch: %d != %d",
-			  (int)MAKE_TAG(cl, ty, 0), (int)clty);
-	    if (tag != tag2)
-		krb5_errx(context, 1, "tag mismatch");
-
-	    krb5_data_free(&r);
-	} else {
-	    if (clty != 0xffffffff)
-		krb5_errx(context, 1, "clty not invalid");
-	    if (tag != 0xffffffff)
-		krb5_errx(context, 1, "tag not invalid");
-	}
-
-    out:
-	krb5_data_free(&d);
-	krb5_free_address(context, &a);
-    }
-
-    krb5_storage_free(sp);
-    krb5_free_context(context);
-
-    printf("done\n");
-
-    return 0;
-}
diff --git a/crypto/heimdal/kdc/kdc.8 b/crypto/heimdal/kdc/kdc.8
deleted file mode 100644
index 331682f1cd6b..000000000000
--- a/crypto/heimdal/kdc/kdc.8
+++ /dev/null
@@ -1,262 +0,0 @@
-.\" Copyright (c) 2003 - 2004 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\"
-.\" $Id: kdc.8 18419 2006-10-12 10:05:57Z lha $
-.\"
-.Dd August 24, 2006
-.Dt KDC 8
-.Os HEIMDAL
-.Sh NAME
-.Nm kdc
-.Nd Kerberos 5 server
-.Sh SYNOPSIS
-.Nm
-.Bk -words
-.Oo Fl c Ar file \*(Ba Xo
-.Fl -config-file= Ns Ar file
-.Xc
-.Oc
-.Op Fl p | Fl -no-require-preauth
-.Op Fl -max-request= Ns Ar size
-.Op Fl H | Fl -enable-http
-.Op Fl -no-524
-.Op Fl -kerberos4
-.Op Fl -kerberos4-cross-realm
-.Oo Fl r Ar string \*(Ba Xo
-.Fl -v4-realm= Ns Ar string
-.Xc
-.Oc
-.Op Fl K | Fl -kaserver
-.Oo Fl P Ar portspec \*(Ba Xo
-.Fl -ports= Ns Ar portspec
-.Xc
-.Oc
-.Op Fl -detach
-.Op Fl -disable-DES
-.Op Fl -addresses= Ns Ar list of addresses
-.Ek
-.Sh DESCRIPTION
-.Nm
-serves requests for tickets.
-When it starts, it first checks the flags passed, any options that are
-not specified with a command line flag are taken from a config file,
-or from a default compiled-in value.
-.Pp
-Options supported:
-.Bl -tag -width Ds
-.It Xo
-.Fl c Ar file ,
-.Fl -config-file= Ns Ar file
-.Xc
-Specifies the location of the config file, the default is
-.Pa /var/heimdal/kdc.conf .
-This is the only value that can't be specified in the config file.
-.It Xo
-.Fl p ,
-.Fl -no-require-preauth
-.Xc
-Turn off the requirement for pre-autentication in the initial AS-REQ
-for all principals.
-The use of pre-authentication makes it more difficult to do offline
-password attacks.
-You might want to turn it off if you have clients
-that don't support pre-authentication.
-Since the version 4 protocol doesn't support any pre-authentication,
-serving version 4 clients is just about the same as not requiring
-pre-athentication.
-The default is to require pre-authentication.
-Adding the require-preauth per principal is a more flexible way of
-handling this.
-.It Xo
-.Fl -max-request= Ns Ar size
-.Xc
-Gives an upper limit on the size of the requests that the kdc is
-willing to handle.
-.It Xo
-.Fl H ,
-.Fl -enable-http
-.Xc
-Makes the kdc listen on port 80 and handle requests encapsulated in HTTP.
-.It Xo
-.Fl -no-524
-.Xc
-don't respond to 524 requests
-.It Xo
-.Fl -kerberos4
-.Xc
-respond to Kerberos 4 requests
-.It Xo
-.Fl -kerberos4-cross-realm
-.Xc
-respond to Kerberos 4 requests from foreign realms.
-This is a known security hole and should not be enabled unless you
-understand the consequences and are willing to live with them.
-.It Xo
-.Fl r Ar string ,
-.Fl -v4-realm= Ns Ar string
-.Xc
-What realm this server should act as when dealing with version 4
-requests.
-The database can contain any number of realms, but since the version 4
-protocol doesn't contain a realm for the server, it must be explicitly
-specified.
-The default is whatever is returned by
-.Fn krb_get_lrealm .
-This option is only availabe if the KDC has been compiled with version
-4 support.
-.It Xo
-.Fl K ,
-.Fl -kaserver
-.Xc
-Enable kaserver emulation (in case it's compiled in).
-.It Xo
-.Fl P Ar portspec ,
-.Fl -ports= Ns Ar portspec
-.Xc
-Specifies the set of ports the KDC should listen on.
-It is given as a
-white-space separated list of services or port numbers.
-.It Fl -addresses= Ns Ar list of addresses
-The list of addresses to listen for requests on.
-By default, the kdc will listen on all the locally configured
-addresses.
-If only a subset is desired, or the automatic detection fails, this
-option might be used.
-.It Fl -detach
-detach from pty and run as a daemon.
-.It Fl -disable-DES
-disable add des encryption types, makes the kdc not use them.
-.El
-.Pp
-All activities are logged to one or more destinations, see
-.Xr krb5.conf 5 ,
-and
-.Xr krb5_openlog 3 .
-The entity used for logging is
-.Nm kdc .
-.Sh CONFIGURATION FILE
-The configuration file has the same syntax as 
-.Xr krb5.conf 5 ,
-but will be read before 
-.Pa /etc/krb5.conf ,
-so it may override settings found there.
-Options specific to the KDC only are found in the
-.Dq [kdc] 
-section.
-All the command-line options can preferably be added in the
-configuration file.
-The only difference is the pre-authentication flag, which has to be
-specified as:
-.Pp
-.Dl require-preauth = no
-.Pp
-(in fact you can specify the option as
-.Fl -require-preauth=no ) .
-.Pp
-And there are some configuration options which do not have
-command-line equivalents:
-.Bl -tag -width "xxx" -offset indent
-.It Li enable-digest = Va boolean
-turn on support for digest processing in the KDC.
-The default is FALSE.
-.It Li check-ticket-addresses = Va boolean
-Check the addresses in the ticket when processing TGS requests.
-The default is TRUE.
-.It Li allow-null-ticket-addresses = Va boolean
-Permit tickets with no addresses.
-This option is only relevant when check-ticket-addresses is TRUE.
-.It Li allow-anonymous = Va boolean
-Permit anonymous tickets with no addresses.
-.It Li max-kdc-datagram-reply-length = Va number
-Maximum packet size the UDP rely that the KDC will transmit, instead
-the KDC sends back a reply telling the client to use TCP instead.
-.It Li transited-policy = Xo
-.Li always-check \*(Ba
-.Li allow-per-principal |
-.Li always-honour-request
-.Xc
-This controls how KDC requests with the
-.Li disable-transited-check
-flag are handled. It can be one of:
-.Bl -tag -width "xxx" -offset indent
-.It Li always-check
-Always check transited encoding, this is the default.
-.It Li allow-per-principal
-Currently this is identical to
-.Li always-check .
-In a future release, it will be possible to mark a principal as able
-to handle unchecked requests.
-.It Li always-honour-request
-Always do what the client asked.
-In a future release, it will be possible to force a check per
-principal.
-.El
-.It encode_as_rep_as_tgs_rep = Va boolean
-Encode AS-Rep as TGS-Rep to be bug-compatible with old DCE code.
-The Heimdal clients allow both.
-.It kdc_warn_pwexpire = Va time
-How long before password/principal expiration the KDC should start
-sending out warning messages.
-.El
-.Pp
-The configuration file is only read when the 
-.Nm
-is started.
-If changes made to the configuration file are to take effect, the
-.Nm
-needs to be restarted.
-.Pp
-An example of a config file:
-.Bd -literal -offset indent
-[kdc]
-	require-preauth = no
-	v4-realm = FOO.SE
-.Ed
-.Sh BUGS
-If the machine running the KDC has new addresses added to it, the KDC
-will have to be restarted to listen to them.
-The reason it doesn't just listen to wildcarded (like INADDR_ANY)
-addresses, is that the replies has to come from the same address they
-were sent to, and most OS:es doesn't pass this information to the
-application.
-If your normal mode of operation require that you add and remove
-addresses, the best option is probably to listen to a wildcarded TCP
-socket, and make sure your clients use TCP to connect.
-For instance, this will listen to IPv4 TCP port 88 only:
-.Bd -literal -offset indent
-kdc --addresses=0.0.0.0 --ports="88/tcp" 
-.Ed
-.Pp
-There should be a way to specify protocol, port, and address triplets,
-not just addresses and protocol, port tuples.
-.Sh SEE ALSO
-.Xr kinit 1 ,
-.Xr krb5.conf 5
diff --git a/crypto/heimdal/kdc/kdc.h b/crypto/heimdal/kdc/kdc.h
deleted file mode 100644
index 6c129f38f520..000000000000
--- a/crypto/heimdal/kdc/kdc.h
+++ /dev/null
@@ -1,96 +0,0 @@
-/*
- * Copyright (c) 1997-2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- *
- * Copyright (c) 2005 Andrew Bartlett <abartlet@samba.org>
- * 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* 
- * $Id: kdc.h 21287 2007-06-25 14:09:03Z lha $ 
- */
-
-#ifndef __KDC_H__
-#define __KDC_H__
-
-#include <krb5.h>
-
-enum krb5_kdc_trpolicy {
-    TRPOLICY_ALWAYS_CHECK,
-    TRPOLICY_ALLOW_PER_PRINCIPAL, 
-    TRPOLICY_ALWAYS_HONOUR_REQUEST
-};
-
-typedef struct krb5_kdc_configuration {
-    krb5_boolean require_preauth; /* require preauth for all principals */
-    time_t kdc_warn_pwexpire; /* time before expiration to print a warning */
-
-    struct HDB **db;
-    int num_db;
-
-    krb5_boolean encode_as_rep_as_tgs_rep; /* bug compatibility */
-	
-    krb5_boolean check_ticket_addresses;
-    krb5_boolean allow_null_ticket_addresses;
-    krb5_boolean allow_anonymous;
-    enum krb5_kdc_trpolicy trpolicy;
-
-    char *v4_realm;
-    krb5_boolean enable_v4;
-    krb5_boolean enable_v4_cross_realm;
-    krb5_boolean enable_v4_per_principal;
-
-    krb5_boolean enable_kaserver;
-
-    krb5_boolean enable_524;
-
-    krb5_boolean enable_pkinit;
-    krb5_boolean pkinit_princ_in_cert;
-    char *pkinit_kdc_ocsp_file;
-    int pkinit_dh_min_bits;
-    int pkinit_require_binding;
-
-    krb5_log_facility *logf;
-
-    int enable_digest;
-    int digests_allowed;
-
-    size_t max_datagram_reply_length;
-
-    int enable_kx509;
-    const char *kx509_template;
-    const char *kx509_ca;
-
-} krb5_kdc_configuration;
-
-#include <kdc-protos.h>
-
-#endif
diff --git a/crypto/heimdal/kdc/kdc_locl.h b/crypto/heimdal/kdc/kdc_locl.h
deleted file mode 100644
index fe0523665a4d..000000000000
--- a/crypto/heimdal/kdc/kdc_locl.h
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * Copyright (c) 1997-2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* 
- * $Id: kdc_locl.h 22247 2007-12-08 23:49:41Z lha $ 
- */
-
-#ifndef __KDC_LOCL_H__
-#define __KDC_LOCL_H__
-
-#include "headers.h"
-#include "kdc.h"
-
-typedef struct pk_client_params pk_client_params;
-#include <kdc-private.h>
-
-extern sig_atomic_t exit_flag;
-extern size_t max_request;
-extern const char *request_log;
-extern const char *port_str;
-extern krb5_addresses explicit_addresses;
-
-extern int enable_http;
-
-#define DETACH_IS_DEFAULT FALSE
-
-extern int detach_from_console;
-
-extern const struct units _kdc_digestunits[];
-
-#define KDC_LOG_FILE		"kdc.log"
-
-extern struct timeval _kdc_now;
-#define kdc_time (_kdc_now.tv_sec)
-
-void
-loop(krb5_context context, krb5_kdc_configuration *config);
-
-krb5_kdc_configuration *
-configure(krb5_context context, int argc, char **argv);
-
-#endif /* __KDC_LOCL_H__ */
diff --git a/crypto/heimdal/kdc/kerberos4.c b/crypto/heimdal/kdc/kerberos4.c
deleted file mode 100644
index cbba64945b3e..000000000000
--- a/crypto/heimdal/kdc/kerberos4.c
+++ /dev/null
@@ -1,805 +0,0 @@
-/*
- * Copyright (c) 1997 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kdc_locl.h"
-
-#include <krb5-v4compat.h>
-
-RCSID("$Id: kerberos4.c 21577 2007-07-16 08:14:06Z lha $");
-
-#ifndef swap32
-static uint32_t
-swap32(uint32_t x)
-{
-    return ((x << 24) & 0xff000000) |
-	((x << 8) & 0xff0000) |
-	((x >> 8) & 0xff00) |
-	((x >> 24) & 0xff);
-}
-#endif /* swap32 */
-
-int
-_kdc_maybe_version4(unsigned char *buf, int len)
-{
-    return len > 0 && *buf == 4;
-}
-
-static void
-make_err_reply(krb5_context context, krb5_data *reply,
-	       int code, const char *msg)
-{
-    _krb5_krb_cr_err_reply(context, "", "", "", 
-			   kdc_time, code, msg, reply);
-}
-
-struct valid_princ_ctx {
-    krb5_kdc_configuration *config;
-    unsigned flags;
-};
-
-static krb5_boolean
-valid_princ(krb5_context context,
-	    void *funcctx,
-	    krb5_principal princ)
-{
-    struct valid_princ_ctx *ctx = funcctx;
-    krb5_error_code ret;
-    char *s;
-    hdb_entry_ex *ent;
-
-    ret = krb5_unparse_name(context, princ, &s);
-    if (ret)
-	return FALSE;
-    ret = _kdc_db_fetch(context, ctx->config, princ, ctx->flags, NULL, &ent);
-    if (ret) {
-	kdc_log(context, ctx->config, 7, "Lookup %s failed: %s", s,
-		krb5_get_err_text (context, ret));
-	free(s);
-	return FALSE;
-    }
-    kdc_log(context, ctx->config, 7, "Lookup %s succeeded", s);
-    free(s);
-    _kdc_free_ent(context, ent);
-    return TRUE;
-}
-
-krb5_error_code
-_kdc_db_fetch4(krb5_context context,
-	       krb5_kdc_configuration *config,
-	       const char *name, const char *instance, const char *realm,
-	       unsigned flags,
-	       hdb_entry_ex **ent)
-{
-    krb5_principal p;
-    krb5_error_code ret;
-    struct valid_princ_ctx ctx;
-
-    ctx.config = config;
-    ctx.flags = flags;
-    
-    ret = krb5_425_conv_principal_ext2(context, name, instance, realm, 
-				       valid_princ, &ctx, 0, &p);
-    if(ret)
-	return ret;
-    ret = _kdc_db_fetch(context, config, p, flags, NULL, ent);
-    krb5_free_principal(context, p);
-    return ret;
-}
-
-#define RCHECK(X, L) if(X){make_err_reply(context, reply, KFAILURE, "Packet too short"); goto L;}
-
-/*
- * Process the v4 request in `buf, len' (received from `addr'
- * (with string `from').
- * Return an error code and a reply in `reply'.
- */
-
-krb5_error_code
-_kdc_do_version4(krb5_context context, 
-		 krb5_kdc_configuration *config,
-		 unsigned char *buf,
-		 size_t len,
-		 krb5_data *reply,
-		 const char *from,
-		 struct sockaddr_in *addr)
-{
-    krb5_storage *sp;
-    krb5_error_code ret;
-    hdb_entry_ex *client = NULL, *server = NULL;
-    Key *ckey, *skey;
-    int8_t pvno;
-    int8_t msg_type;
-    int lsb;
-    char *name = NULL, *inst = NULL, *realm = NULL;
-    char *sname = NULL, *sinst = NULL;
-    int32_t req_time;
-    time_t max_life;
-    uint8_t life;
-    char client_name[256];
-    char server_name[256];
-
-    if(!config->enable_v4) {
-	kdc_log(context, config, 0,
-		"Rejected version 4 request from %s", from);
-	make_err_reply(context, reply, KRB4ET_KDC_GEN_ERR,
-		       "Function not enabled");
-	return 0;
-    }
-
-    sp = krb5_storage_from_mem(buf, len);
-    RCHECK(krb5_ret_int8(sp, &pvno), out);
-    if(pvno != 4){
-	kdc_log(context, config, 0,
-		"Protocol version mismatch (krb4) (%d)", pvno);
-	make_err_reply(context, reply, KRB4ET_KDC_PKT_VER, "protocol mismatch");
-	goto out;
-    }
-    RCHECK(krb5_ret_int8(sp, &msg_type), out);
-    lsb = msg_type & 1;
-    msg_type &= ~1;
-    switch(msg_type){
-    case AUTH_MSG_KDC_REQUEST: {
-	krb5_data ticket, cipher;
-	krb5_keyblock session;
-	
-	krb5_data_zero(&ticket);
-	krb5_data_zero(&cipher);
-
-	RCHECK(krb5_ret_stringz(sp, &name), out1);
-	RCHECK(krb5_ret_stringz(sp, &inst), out1);
-	RCHECK(krb5_ret_stringz(sp, &realm), out1);
-	RCHECK(krb5_ret_int32(sp, &req_time), out1);
-	if(lsb)
-	    req_time = swap32(req_time);
-	RCHECK(krb5_ret_uint8(sp, &life), out1);
-	RCHECK(krb5_ret_stringz(sp, &sname), out1);
-	RCHECK(krb5_ret_stringz(sp, &sinst), out1);
-	snprintf (client_name, sizeof(client_name),
-		  "%s.%s@%s", name, inst, realm);
-	snprintf (server_name, sizeof(server_name),
-		  "%s.%s@%s", sname, sinst, config->v4_realm);
-	
-	kdc_log(context, config, 0, "AS-REQ (krb4) %s from %s for %s",
-		client_name, from, server_name);
-
-	ret = _kdc_db_fetch4(context, config, name, inst, realm, 
-			     HDB_F_GET_CLIENT, &client);
-	if(ret) {
-	    kdc_log(context, config, 0, "Client not found in database: %s: %s",
-		    client_name, krb5_get_err_text(context, ret));
-	    make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN,
-			   "principal unknown");
-	    goto out1;
-	}
-	ret = _kdc_db_fetch4(context, config, sname, sinst, config->v4_realm,
-			     HDB_F_GET_SERVER, &server);
-	if(ret){
-	    kdc_log(context, config, 0, "Server not found in database: %s: %s",
-		    server_name, krb5_get_err_text(context, ret));
-	    make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN,
-			   "principal unknown");
-	    goto out1;
-	}
-
-	ret = _kdc_check_flags (context, config, 
-				client, client_name,
-				server, server_name,
-				TRUE);
-	if (ret) {
-	    /* good error code? */
-	    make_err_reply(context, reply, KRB4ET_KDC_NAME_EXP,
-			   "operation not allowed");
-	    goto out1;
-	}
-
-	if (config->enable_v4_per_principal &&
-	    client->entry.flags.allow_kerberos4 == 0)
-	{
-	    kdc_log(context, config, 0,
-		    "Per principal Kerberos 4 flag not turned on for %s",
-		    client_name);
-	    make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
-			   "allow kerberos4 flag required");
-	    goto out1;
-	}
-
-	/*
-	 * There's no way to do pre-authentication in v4 and thus no
-	 * good error code to return if preauthentication is required.
-	 */
-
-	if (config->require_preauth
-	    || client->entry.flags.require_preauth
-	    || server->entry.flags.require_preauth) {
-	    kdc_log(context, config, 0,
-		    "Pre-authentication required for v4-request: "
-		    "%s for %s",
-		    client_name, server_name);
-	    make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
-			   "preauth required");
-	    goto out1;
-	}
-
-	ret = _kdc_get_des_key(context, client, FALSE, FALSE, &ckey);
-	if(ret){
-	    kdc_log(context, config, 0, "no suitable DES key for client");
-	    make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY, 
-			   "no suitable DES key for client");
-	    goto out1;
-	}
-
-#if 0
-	/* this is not necessary with the new code in libkrb */
-	/* find a properly salted key */
-	while(ckey->salt == NULL || ckey->salt->salt.length != 0)
-	    ret = hdb_next_keytype2key(context, &client->entry, KEYTYPE_DES, &ckey);
-	if(ret){
-	    kdc_log(context, config, 0, "No version-4 salted key in database -- %s.%s@%s", 
-		    name, inst, realm);
-	    make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY, 
-			   "No version-4 salted key in database");
-	    goto out1;
-	}
-#endif
-	
-	ret = _kdc_get_des_key(context, server, TRUE, FALSE, &skey);
-	if(ret){
-	    kdc_log(context, config, 0, "no suitable DES key for server");
-	    make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY, 
-			   "no suitable DES key for server");
-	    goto out1;
-	}
-
-	max_life = _krb5_krb_life_to_time(0, life);
-	if(client->entry.max_life)
-	    max_life = min(max_life, *client->entry.max_life);
-	if(server->entry.max_life)
-	    max_life = min(max_life, *server->entry.max_life);
-
-	life = krb_time_to_life(kdc_time, kdc_time + max_life);
-    
-	ret = krb5_generate_random_keyblock(context,
-					    ETYPE_DES_PCBC_NONE,
-					    &session);
-	if (ret) {
-	    make_err_reply(context, reply, KFAILURE,
-			   "Not enough random i KDC");
-	    goto out1;
-	}
-	
-	ret = _krb5_krb_create_ticket(context,
-				      0,
-				      name,
-				      inst,
-				      config->v4_realm,
-				      addr->sin_addr.s_addr,
-				      &session,
-				      life,
-				      kdc_time,
-				      sname,
-				      sinst,
-				      &skey->key,
-				      &ticket);
-	if (ret) {
-	    krb5_free_keyblock_contents(context, &session);
-	    make_err_reply(context, reply, KFAILURE,
-			   "failed to create v4 ticket");
-	    goto out1;
-	}
-
-	ret = _krb5_krb_create_ciph(context,
-				    &session,
-				    sname,
-				    sinst,
-				    config->v4_realm,
-				    life,
-				    server->entry.kvno % 255,
-				    &ticket,
-				    kdc_time,
-				    &ckey->key,
-				    &cipher);
-	krb5_free_keyblock_contents(context, &session);
-	krb5_data_free(&ticket);
-	if (ret) {
-	    make_err_reply(context, reply, KFAILURE, 
-			   "Failed to create v4 cipher");
-	    goto out1;
-	}
-	
-	ret = _krb5_krb_create_auth_reply(context,
-					  name,
-					  inst,
-					  realm,
-					  req_time,
-					  0,
-					  client->entry.pw_end ? *client->entry.pw_end : 0,
-					  client->entry.kvno % 256,
-					  &cipher,
-					  reply);
-	krb5_data_free(&cipher);
-
-    out1:
-	break;
-    }
-    case AUTH_MSG_APPL_REQUEST: {
-	struct _krb5_krb_auth_data ad;
-	int8_t kvno;
-	int8_t ticket_len;
-	int8_t req_len;
-	krb5_data auth;
-	int32_t address;
-	size_t pos;
-	krb5_principal tgt_princ = NULL;
-	hdb_entry_ex *tgt = NULL;
-	Key *tkey;
-	time_t max_end, actual_end, issue_time;
-	
-	memset(&ad, 0, sizeof(ad));
-	krb5_data_zero(&auth);
-
-	RCHECK(krb5_ret_int8(sp, &kvno), out2);
-	RCHECK(krb5_ret_stringz(sp, &realm), out2);
-	
-	ret = krb5_425_conv_principal(context, "krbtgt", realm,
-				      config->v4_realm,
-				      &tgt_princ);
-	if(ret){
-	    kdc_log(context, config, 0,
-		    "Converting krbtgt principal (krb4): %s", 
-		    krb5_get_err_text(context, ret));
-	    make_err_reply(context, reply, KFAILURE, 
-			   "Failed to convert v4 principal (krbtgt)");
-	    goto out2;
-	}
-
-	ret = _kdc_db_fetch(context, config, tgt_princ,
-			    HDB_F_GET_KRBTGT, NULL, &tgt);
-	if(ret){
-	    char *s;
-	    s = kdc_log_msg(context, config, 0, "Ticket-granting ticket not "
-			    "found in database (krb4): krbtgt.%s@%s: %s", 
-			    realm, config->v4_realm,
-			    krb5_get_err_text(context, ret));
-	    make_err_reply(context, reply, KFAILURE, s);
-	    free(s);
-	    goto out2;
-	}
-	
-	if(tgt->entry.kvno % 256 != kvno){
-	    kdc_log(context, config, 0,
-		    "tgs-req (krb4) with old kvno %d (current %d) for "
-		    "krbtgt.%s@%s", kvno, tgt->entry.kvno % 256, 
-		    realm, config->v4_realm);
-	    make_err_reply(context, reply, KRB4ET_KDC_AUTH_EXP,
-			   "old krbtgt kvno used");
-	    goto out2;
-	}
-
-	ret = _kdc_get_des_key(context, tgt, TRUE, FALSE, &tkey);
-	if(ret){
-	    kdc_log(context, config, 0, 
-		    "no suitable DES key for krbtgt (krb4)");
-	    make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY, 
-			   "no suitable DES key for krbtgt");
-	    goto out2;
-	}
-
-	RCHECK(krb5_ret_int8(sp, &ticket_len), out2);
-	RCHECK(krb5_ret_int8(sp, &req_len), out2);
-	
-	pos = krb5_storage_seek(sp, ticket_len + req_len, SEEK_CUR);
-	
-	auth.data = buf;
-	auth.length = pos;
-
-	if (config->check_ticket_addresses)
-	    address = addr->sin_addr.s_addr;
-	else
-	    address = 0;
-
-	ret = _krb5_krb_rd_req(context, &auth, "krbtgt", realm, 
-			       config->v4_realm,
-			       address, &tkey->key, &ad);
-	if(ret){
-	    kdc_log(context, config, 0, "krb_rd_req: %d", ret);
-	    make_err_reply(context, reply, ret, "failed to parse request");
-	    goto out2;
-	}
-	
-	RCHECK(krb5_ret_int32(sp, &req_time), out2);
-	if(lsb)
-	    req_time = swap32(req_time);
-	RCHECK(krb5_ret_uint8(sp, &life), out2);
-	RCHECK(krb5_ret_stringz(sp, &sname), out2);
-	RCHECK(krb5_ret_stringz(sp, &sinst), out2);
-	snprintf (server_name, sizeof(server_name),
-		  "%s.%s@%s",
-		  sname, sinst, config->v4_realm);
-	snprintf (client_name, sizeof(client_name),
-		  "%s.%s@%s",
-		  ad.pname, ad.pinst, ad.prealm);
-
-	kdc_log(context, config, 0, "TGS-REQ (krb4) %s from %s for %s",
-		client_name, from, server_name);
-	
-	if(strcmp(ad.prealm, realm)){
-	    kdc_log(context, config, 0, 
-		    "Can't hop realms (krb4) %s -> %s", realm, ad.prealm);
-	    make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN, 
-			   "Can't hop realms");
-	    goto out2;
-	}
-
-	if (!config->enable_v4_cross_realm && strcmp(realm, config->v4_realm) != 0) {
-	    kdc_log(context, config, 0, 
-		    "krb4 Cross-realm %s -> %s disabled",
-		    realm, config->v4_realm);
-	    make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN,
-			   "Can't hop realms");
-	    goto out2;
-	}
-
-	if(strcmp(sname, "changepw") == 0){
-	    kdc_log(context, config, 0, 
-		    "Bad request for changepw ticket (krb4)");
-	    make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN, 
-			   "Can't authorize password change based on TGT");
-	    goto out2;
-	}
-	
-	ret = _kdc_db_fetch4(context, config, ad.pname, ad.pinst, ad.prealm,
-			     HDB_F_GET_CLIENT, &client);
-	if(ret && ret != HDB_ERR_NOENTRY) {
-	    char *s;
-	    s = kdc_log_msg(context, config, 0,
-			    "Client not found in database: (krb4) %s: %s",
-			    client_name, krb5_get_err_text(context, ret));
-	    make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN, s);
-	    free(s);
-	    goto out2;
-	}
-	if (client == NULL && strcmp(ad.prealm, config->v4_realm) == 0) {
-	    char *s;
-	    s = kdc_log_msg(context, config, 0,
-			    "Local client not found in database: (krb4) "
-			    "%s", client_name);
-	    make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN, s);
-	    free(s);
-	    goto out2;
-	}
-
-	ret = _kdc_db_fetch4(context, config, sname, sinst, config->v4_realm,
-			     HDB_F_GET_SERVER, &server);
-	if(ret){
-	    char *s;
-	    s = kdc_log_msg(context, config, 0,
-			    "Server not found in database (krb4): %s: %s",
-			    server_name, krb5_get_err_text(context, ret));
-	    make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN, s);
-	    free(s);
-	    goto out2;
-	}
-
-	ret = _kdc_check_flags (context, config, 
-				client, client_name,
-				server, server_name,
-				FALSE);
-	if (ret) {
-	    make_err_reply(context, reply, KRB4ET_KDC_NAME_EXP,
-			   "operation not allowed");
-	    goto out2;
-	}
-
-	ret = _kdc_get_des_key(context, server, TRUE, FALSE, &skey);
-	if(ret){
-	    kdc_log(context, config, 0, 
-		    "no suitable DES key for server (krb4)");
-	    make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY, 
-			   "no suitable DES key for server");
-	    goto out2;
-	}
-
-	max_end = _krb5_krb_life_to_time(ad.time_sec, ad.life);
-	max_end = min(max_end, _krb5_krb_life_to_time(kdc_time, life));
-	if(server->entry.max_life)
-	    max_end = min(max_end, kdc_time + *server->entry.max_life);
-	if(client && client->entry.max_life)
-	    max_end = min(max_end, kdc_time + *client->entry.max_life);
-	life = min(life, krb_time_to_life(kdc_time, max_end));
-	
-	issue_time = kdc_time;
-	actual_end = _krb5_krb_life_to_time(issue_time, life);
-	while (actual_end > max_end && life > 1) {
-	    /* move them into the next earlier lifetime bracket */
-	    life--;
-	    actual_end = _krb5_krb_life_to_time(issue_time, life);
-	}
-	if (actual_end > max_end) {
-	    /* if life <= 1 and it's still too long, backdate the ticket */
-	    issue_time -= actual_end - max_end;
-	}
-
-	{
-	    krb5_data ticket, cipher;
-	    krb5_keyblock session;
-
-	    krb5_data_zero(&ticket);
-	    krb5_data_zero(&cipher);
-
-	    ret = krb5_generate_random_keyblock(context,
-						ETYPE_DES_PCBC_NONE,
-						&session);
-	    if (ret) {
-		make_err_reply(context, reply, KFAILURE,
-			       "Not enough random i KDC");
-		goto out2;
-	    }
-	
-	    ret = _krb5_krb_create_ticket(context,
-					  0,
-					  ad.pname,
-					  ad.pinst,
-					  ad.prealm,
-					  addr->sin_addr.s_addr,
-					  &session,
-					  life,
-					  issue_time,
-					  sname,
-					  sinst,
-					  &skey->key,
-					  &ticket);
-	    if (ret) {
-		krb5_free_keyblock_contents(context, &session);
-		make_err_reply(context, reply, KFAILURE,
-			       "failed to create v4 ticket");
-		goto out2;
-	    }
-
-	    ret = _krb5_krb_create_ciph(context,
-					&session,
-					sname,
-					sinst,
-					config->v4_realm,
-					life,
-					server->entry.kvno % 255,
-					&ticket,
-					issue_time,
-					&ad.session,
-					&cipher);
-	    krb5_free_keyblock_contents(context, &session);
-	    if (ret) {
-		make_err_reply(context, reply, KFAILURE,
-			       "failed to create v4 cipher");
-		goto out2;
-	    }
-	    
-	    ret = _krb5_krb_create_auth_reply(context,
-					      ad.pname,
-					      ad.pinst,
-					      ad.prealm,
-					      req_time,
-					      0,
-					      0,
-					      0,
-					      &cipher,
-					      reply);
-	    krb5_data_free(&cipher);
-	}
-    out2:
-	_krb5_krb_free_auth_data(context, &ad);
-	if(tgt_princ)
-	    krb5_free_principal(context, tgt_princ);
-	if(tgt)
-	    _kdc_free_ent(context, tgt);
-	break;
-    }
-    case AUTH_MSG_ERR_REPLY:
-	break;
-    default:
-	kdc_log(context, config, 0, "Unknown message type (krb4): %d from %s", 
-		msg_type, from);
-	
-	make_err_reply(context, reply, KFAILURE, "Unknown message type");
-    }
- out:
-    if(name)
-	free(name);
-    if(inst)
-	free(inst);
-    if(realm)
-	free(realm);
-    if(sname)
-	free(sname);
-    if(sinst)
-	free(sinst);
-    if(client)
-	_kdc_free_ent(context, client);
-    if(server)
-	_kdc_free_ent(context, server);
-    krb5_storage_free(sp);
-    return 0;
-}
-
-krb5_error_code
-_kdc_encode_v4_ticket(krb5_context context, 
-		      krb5_kdc_configuration *config,
-		      void *buf, size_t len, const EncTicketPart *et,
-		      const PrincipalName *service, size_t *size)
-{
-    krb5_storage *sp;
-    krb5_error_code ret;
-    char name[40], inst[40], realm[40];
-    char sname[40], sinst[40];
-
-    {
-	krb5_principal princ;
-	_krb5_principalname2krb5_principal(context,
-					   &princ,
-					   *service,
-					   et->crealm);
-	ret = krb5_524_conv_principal(context, 
-				      princ,
-				      sname,
-				      sinst,
-				      realm);
-	krb5_free_principal(context, princ);
-	if(ret)
-	    return ret;
-
-	_krb5_principalname2krb5_principal(context,
-					   &princ,
-					   et->cname,
-					   et->crealm);
-				     
-	ret = krb5_524_conv_principal(context, 
-				      princ,
-				      name,
-				      inst,
-				      realm);
-	krb5_free_principal(context, princ);
-    }
-    if(ret)
-	return ret;
-
-    sp = krb5_storage_emem();
-    
-    krb5_store_int8(sp, 0); /* flags */
-    krb5_store_stringz(sp, name);
-    krb5_store_stringz(sp, inst);
-    krb5_store_stringz(sp, realm);
-    {
-	unsigned char tmp[4] = { 0, 0, 0, 0 };
-	int i;
-	if(et->caddr){
-	    for(i = 0; i < et->caddr->len; i++)
-		if(et->caddr->val[i].addr_type == AF_INET &&
-		   et->caddr->val[i].address.length == 4){
-		    memcpy(tmp, et->caddr->val[i].address.data, 4);
-		    break;
-		}
-	}
-	krb5_storage_write(sp, tmp, sizeof(tmp));
-    }
-
-    if((et->key.keytype != ETYPE_DES_CBC_MD5 &&
-	et->key.keytype != ETYPE_DES_CBC_MD4 &&
-	et->key.keytype != ETYPE_DES_CBC_CRC) || 
-       et->key.keyvalue.length != 8)
-	return -1;
-    krb5_storage_write(sp, et->key.keyvalue.data, 8);
-    
-    {
-	time_t start = et->starttime ? *et->starttime : et->authtime;
-	krb5_store_int8(sp, krb_time_to_life(start, et->endtime));
-	krb5_store_int32(sp, start);
-    }
-
-    krb5_store_stringz(sp, sname);
-    krb5_store_stringz(sp, sinst);
-    
-    {
-	krb5_data data;
-	krb5_storage_to_data(sp, &data);
-	krb5_storage_free(sp);
-	*size = (data.length + 7) & ~7; /* pad to 8 bytes */
-	if(*size > len)
-	    return -1;
-	memset((unsigned char*)buf - *size + 1, 0, *size);
-	memcpy((unsigned char*)buf - *size + 1, data.data, data.length);
-	krb5_data_free(&data);
-    }
-    return 0;
-}
-
-krb5_error_code
-_kdc_get_des_key(krb5_context context, 
-		 hdb_entry_ex *principal, krb5_boolean is_server, 
-		 krb5_boolean prefer_afs_key, Key **ret_key)
-{
-    Key *v5_key = NULL, *v4_key = NULL, *afs_key = NULL, *server_key = NULL;
-    int i;
-    krb5_enctype etypes[] = { ETYPE_DES_CBC_MD5, 
-			      ETYPE_DES_CBC_MD4, 
-			      ETYPE_DES_CBC_CRC };
-
-    for(i = 0;
-	i < sizeof(etypes)/sizeof(etypes[0])
-	    && (v5_key == NULL || v4_key == NULL || 
-		afs_key == NULL || server_key == NULL);
-	++i) {
-	Key *key = NULL;
-	while(hdb_next_enctype2key(context, &principal->entry, etypes[i], &key) == 0) {
-	    if(key->salt == NULL) {
-		if(v5_key == NULL)
-		    v5_key = key;
-	    } else if(key->salt->type == hdb_pw_salt && 
-		      key->salt->salt.length == 0) {
-		if(v4_key == NULL)
-		    v4_key = key;
-	    } else if(key->salt->type == hdb_afs3_salt) {
-		if(afs_key == NULL)
-		    afs_key = key;
-	    } else if(server_key == NULL)
-		server_key = key;
-	}
-    }
-
-    if(prefer_afs_key) {
-	if(afs_key)
-	    *ret_key = afs_key;
-	else if(v4_key)
-	    *ret_key = v4_key;
-	else if(v5_key)
-	    *ret_key = v5_key;
-	else if(is_server && server_key)
-	    *ret_key = server_key;
-	else
-	    return KRB4ET_KDC_NULL_KEY;
-    } else {
-	if(v4_key)
-	    *ret_key = v4_key;
-	else if(afs_key)
-	    *ret_key = afs_key;
-	else  if(v5_key)
-	    *ret_key = v5_key;
-	else if(is_server && server_key)
-	    *ret_key = server_key;
-	else
-	    return KRB4ET_KDC_NULL_KEY;
-    }
-
-    if((*ret_key)->key.keyvalue.length == 0)
-	return KRB4ET_KDC_NULL_KEY;
-    return 0;
-}
-
diff --git a/crypto/heimdal/kdc/kerberos5.c b/crypto/heimdal/kdc/kerberos5.c
deleted file mode 100644
index 9582cd85ec38..000000000000
--- a/crypto/heimdal/kdc/kerberos5.c
+++ /dev/null
@@ -1,1852 +0,0 @@
-/*
- * Copyright (c) 1997-2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kdc_locl.h"
-
-RCSID("$Id: kerberos5.c 22071 2007-11-14 20:04:50Z lha $");
-
-#define MAX_TIME ((time_t)((1U << 31) - 1))
-
-void
-_kdc_fix_time(time_t **t)
-{
-    if(*t == NULL){
-	ALLOC(*t);
-	**t = MAX_TIME;
-    }
-    if(**t == 0) **t = MAX_TIME; /* fix for old clients */
-}
-
-static int
-realloc_method_data(METHOD_DATA *md)
-{
-    PA_DATA *pa;
-    pa = realloc(md->val, (md->len + 1) * sizeof(*md->val));
-    if(pa == NULL)
-	return ENOMEM;
-    md->val = pa;
-    md->len++;
-    return 0;
-}
-
-static void
-set_salt_padata (METHOD_DATA *md, Salt *salt)
-{
-    if (salt) {
-	realloc_method_data(md);
-	md->val[md->len - 1].padata_type = salt->type;
-	der_copy_octet_string(&salt->salt,
-			      &md->val[md->len - 1].padata_value);
-    }
-}
-
-const PA_DATA*
-_kdc_find_padata(const KDC_REQ *req, int *start, int type)
-{
-    if (req->padata == NULL)
-	return NULL;
-
-    while(*start < req->padata->len){
-	(*start)++;
-	if(req->padata->val[*start - 1].padata_type == type)
-	    return &req->padata->val[*start - 1];
-    }
-    return NULL;
-}
-
-/*
- * Detect if `key' is the using the the precomputed `default_salt'.
- */
-
-static krb5_boolean
-is_default_salt_p(const krb5_salt *default_salt, const Key *key)
-{
-    if (key->salt == NULL)
-	return TRUE;
-    if (default_salt->salttype != key->salt->type)
-	return FALSE;
-    if (krb5_data_cmp(&default_salt->saltvalue, &key->salt->salt))
-	return FALSE;
-    return TRUE;
-}
-
-/*
- * return the first appropriate key of `princ' in `ret_key'.  Look for
- * all the etypes in (`etypes', `len'), stopping as soon as we find
- * one, but preferring one that has default salt
- */
-
-krb5_error_code
-_kdc_find_etype(krb5_context context, const hdb_entry_ex *princ,
-		krb5_enctype *etypes, unsigned len, 
-		Key **ret_key, krb5_enctype *ret_etype)
-{
-    int i;
-    krb5_error_code ret = KRB5KDC_ERR_ETYPE_NOSUPP;
-    krb5_salt def_salt;
-
-    krb5_get_pw_salt (context, princ->entry.principal, &def_salt);
-
-    for(i = 0; ret != 0 && i < len ; i++) {
-	Key *key = NULL;
-
-	if (krb5_enctype_valid(context, etypes[i]) != 0)
-	    continue;
-
-	while (hdb_next_enctype2key(context, &princ->entry, etypes[i], &key) == 0) {
-	    if (key->key.keyvalue.length == 0) {
-		ret = KRB5KDC_ERR_NULL_KEY;
-		continue;
-	    }
-	    *ret_key   = key;
-	    *ret_etype = etypes[i];
-	    ret = 0;
-	    if (is_default_salt_p(&def_salt, key)) {
-		krb5_free_salt (context, def_salt);
-		return ret;
-	    }
-	}
-    }
-    krb5_free_salt (context, def_salt);
-    return ret;
-}
-
-krb5_error_code
-_kdc_make_anonymous_principalname (PrincipalName *pn)
-{
-    pn->name_type = KRB5_NT_PRINCIPAL;
-    pn->name_string.len = 1;
-    pn->name_string.val = malloc(sizeof(*pn->name_string.val));
-    if (pn->name_string.val == NULL)
-	return ENOMEM;
-    pn->name_string.val[0] = strdup("anonymous");
-    if (pn->name_string.val[0] == NULL) {
-	free(pn->name_string.val);
-	pn->name_string.val = NULL;
-	return ENOMEM;
-    }
-    return 0;
-}
-
-void
-_kdc_log_timestamp(krb5_context context, 
-		   krb5_kdc_configuration *config,
-		   const char *type,
-		   KerberosTime authtime, KerberosTime *starttime, 
-		   KerberosTime endtime, KerberosTime *renew_till)
-{
-    char authtime_str[100], starttime_str[100], 
-	endtime_str[100], renewtime_str[100];
-    
-    krb5_format_time(context, authtime, 
-		     authtime_str, sizeof(authtime_str), TRUE); 
-    if (starttime)
-	krb5_format_time(context, *starttime, 
-			 starttime_str, sizeof(starttime_str), TRUE); 
-    else
-	strlcpy(starttime_str, "unset", sizeof(starttime_str));
-    krb5_format_time(context, endtime, 
-		     endtime_str, sizeof(endtime_str), TRUE); 
-    if (renew_till)
-	krb5_format_time(context, *renew_till, 
-			 renewtime_str, sizeof(renewtime_str), TRUE); 
-    else
-	strlcpy(renewtime_str, "unset", sizeof(renewtime_str));
-    
-    kdc_log(context, config, 5,
-	    "%s authtime: %s starttime: %s endtime: %s renew till: %s",
-	    type, authtime_str, starttime_str, endtime_str, renewtime_str);
-}
-
-static void
-log_patypes(krb5_context context, 
-	    krb5_kdc_configuration *config,
-	    METHOD_DATA *padata)
-{
-    struct rk_strpool *p = NULL;
-    char *str;
-    int i;
-	    
-    for (i = 0; i < padata->len; i++) {
-	switch(padata->val[i].padata_type) {
-	case KRB5_PADATA_PK_AS_REQ:
-	    p = rk_strpoolprintf(p, "PK-INIT(ietf)");
-	    break;
-	case KRB5_PADATA_PK_AS_REQ_WIN:
-	    p = rk_strpoolprintf(p, "PK-INIT(win2k)");
-	    break;
-	case KRB5_PADATA_PA_PK_OCSP_RESPONSE:
-	    p = rk_strpoolprintf(p, "OCSP");
-	    break;
-	case KRB5_PADATA_ENC_TIMESTAMP:
-	    p = rk_strpoolprintf(p, "encrypted-timestamp");
-	    break;
-	default:
-	    p = rk_strpoolprintf(p, "%d", padata->val[i].padata_type);
-	    break;
-	}
-	if (p && i + 1 < padata->len)
-	    p = rk_strpoolprintf(p, ", ");
-	if (p == NULL) {
-	    kdc_log(context, config, 0, "out of memory");
-	    return;
-	}
-    }
-    if (p == NULL)
-	p = rk_strpoolprintf(p, "none");
-	
-    str = rk_strpoolcollect(p);
-    kdc_log(context, config, 0, "Client sent patypes: %s", str);
-    free(str);
-}
-
-/*
- *
- */
-
-
-krb5_error_code
-_kdc_encode_reply(krb5_context context,
-		  krb5_kdc_configuration *config,
-		  KDC_REP *rep, const EncTicketPart *et, EncKDCRepPart *ek, 
-		  krb5_enctype etype, 
-		  int skvno, const EncryptionKey *skey,
-		  int ckvno, const EncryptionKey *ckey,
-		  const char **e_text,
-		  krb5_data *reply)
-{
-    unsigned char *buf;
-    size_t buf_size;
-    size_t len;
-    krb5_error_code ret;
-    krb5_crypto crypto;
-
-    ASN1_MALLOC_ENCODE(EncTicketPart, buf, buf_size, et, &len, ret);
-    if(ret) {
-	kdc_log(context, config, 0, "Failed to encode ticket: %s", 
-		krb5_get_err_text(context, ret));
-	return ret;
-    }
-    if(buf_size != len) {
-	free(buf);
-	kdc_log(context, config, 0, "Internal error in ASN.1 encoder");
-	*e_text = "KDC internal error";
-	return KRB5KRB_ERR_GENERIC;
-    }
-
-    ret = krb5_crypto_init(context, skey, etype, &crypto);
-    if (ret) {
-	free(buf);
-	kdc_log(context, config, 0, "krb5_crypto_init failed: %s",
-		krb5_get_err_text(context, ret));
-	return ret;
-    }
-
-    ret = krb5_encrypt_EncryptedData(context, 
-				     crypto,
-				     KRB5_KU_TICKET,
-				     buf,
-				     len,
-				     skvno,
-				     &rep->ticket.enc_part);
-    free(buf);
-    krb5_crypto_destroy(context, crypto);
-    if(ret) {
-	kdc_log(context, config, 0, "Failed to encrypt data: %s",
-		krb5_get_err_text(context, ret));
-	return ret;
-    }
-    
-    if(rep->msg_type == krb_as_rep && !config->encode_as_rep_as_tgs_rep)
-	ASN1_MALLOC_ENCODE(EncASRepPart, buf, buf_size, ek, &len, ret);
-    else
-	ASN1_MALLOC_ENCODE(EncTGSRepPart, buf, buf_size, ek, &len, ret);
-    if(ret) {
-	kdc_log(context, config, 0, "Failed to encode KDC-REP: %s", 
-		krb5_get_err_text(context, ret));
-	return ret;
-    }
-    if(buf_size != len) {
-	free(buf);
-	kdc_log(context, config, 0, "Internal error in ASN.1 encoder");
-	*e_text = "KDC internal error";
-	return KRB5KRB_ERR_GENERIC;
-    }
-    ret = krb5_crypto_init(context, ckey, 0, &crypto);
-    if (ret) {
-	free(buf);
-	kdc_log(context, config, 0, "krb5_crypto_init failed: %s",
-		krb5_get_err_text(context, ret));
-	return ret;
-    }
-    if(rep->msg_type == krb_as_rep) {
-	krb5_encrypt_EncryptedData(context,
-				   crypto,
-				   KRB5_KU_AS_REP_ENC_PART,
-				   buf,
-				   len,
-				   ckvno,
-				   &rep->enc_part);
-	free(buf);
-	ASN1_MALLOC_ENCODE(AS_REP, buf, buf_size, rep, &len, ret);
-    } else {
-	krb5_encrypt_EncryptedData(context,
-				   crypto,
-				   KRB5_KU_TGS_REP_ENC_PART_SESSION,
-				   buf,
-				   len,
-				   ckvno,
-				   &rep->enc_part);
-	free(buf);
-	ASN1_MALLOC_ENCODE(TGS_REP, buf, buf_size, rep, &len, ret);
-    }
-    krb5_crypto_destroy(context, crypto);
-    if(ret) {
-	kdc_log(context, config, 0, "Failed to encode KDC-REP: %s", 
-		krb5_get_err_text(context, ret));
-	return ret;
-    }
-    if(buf_size != len) {
-	free(buf);
-	kdc_log(context, config, 0, "Internal error in ASN.1 encoder");
-	*e_text = "KDC internal error";
-	return KRB5KRB_ERR_GENERIC;
-    }
-    reply->data = buf;
-    reply->length = buf_size;
-    return 0;
-}
-
-/*
- * Return 1 if the client have only older enctypes, this is for
- * determining if the server should send ETYPE_INFO2 or not.
- */
-
-static int
-older_enctype(krb5_enctype enctype)
-{
-    switch (enctype) {
-    case ETYPE_DES_CBC_CRC:
-    case ETYPE_DES_CBC_MD4:
-    case ETYPE_DES_CBC_MD5:
-    case ETYPE_DES3_CBC_SHA1:
-    case ETYPE_ARCFOUR_HMAC_MD5:
-    case ETYPE_ARCFOUR_HMAC_MD5_56:
-    /* 
-     * The following three is "old" windows enctypes and is needed for
-     * windows 2000 hosts.
-     */
-    case ETYPE_ARCFOUR_MD4:
-    case ETYPE_ARCFOUR_HMAC_OLD:
-    case ETYPE_ARCFOUR_HMAC_OLD_EXP:
-	return 1;
-    default:
-	return 0;
-    }
-}
-
-static int
-only_older_enctype_p(const KDC_REQ *req)
-{
-    int i;
-
-    for(i = 0; i < req->req_body.etype.len; i++) {
-	if (!older_enctype(req->req_body.etype.val[i]))
-	    return 0;
-    }
-    return 1;
-}
-
-/*
- *
- */
-
-static krb5_error_code
-make_etype_info_entry(krb5_context context, ETYPE_INFO_ENTRY *ent, Key *key)
-{
-    ent->etype = key->key.keytype;
-    if(key->salt){
-#if 0
-	ALLOC(ent->salttype);
-
-	if(key->salt->type == hdb_pw_salt)
-	    *ent->salttype = 0; /* or 1? or NULL? */
-	else if(key->salt->type == hdb_afs3_salt)
-	    *ent->salttype = 2;
-	else {
-	    kdc_log(context, config, 0, "unknown salt-type: %d", 
-		    key->salt->type);
-	    return KRB5KRB_ERR_GENERIC;
-	}
-	/* according to `the specs', we can't send a salt if
-	   we have AFS3 salted key, but that requires that you
-	   *know* what cell you are using (e.g by assuming
-	   that the cell is the same as the realm in lower
-	   case) */
-#elif 0
-	ALLOC(ent->salttype);
-	*ent->salttype = key->salt->type;
-#else
-	/* 
-	 * We shouldn't sent salttype since it is incompatible with the
-	 * specification and it breaks windows clients.  The afs
-	 * salting problem is solved by using KRB5-PADATA-AFS3-SALT
-	 * implemented in Heimdal 0.7 and later.
-	 */
-	ent->salttype = NULL;
-#endif
-	krb5_copy_data(context, &key->salt->salt,
-		       &ent->salt);
-    } else {
-	/* we return no salt type at all, as that should indicate
-	 * the default salt type and make everybody happy.  some
-	 * systems (like w2k) dislike being told the salt type
-	 * here. */
-
-	ent->salttype = NULL;
-	ent->salt = NULL;
-    }
-    return 0;
-}
-
-static krb5_error_code
-get_pa_etype_info(krb5_context context, 
-		  krb5_kdc_configuration *config,
-		  METHOD_DATA *md, hdb_entry *client, 
-		  ENCTYPE *etypes, unsigned int etypes_len)
-{
-    krb5_error_code ret = 0;
-    int i, j;
-    unsigned int n = 0;
-    ETYPE_INFO pa;
-    unsigned char *buf;
-    size_t len;
-    
-
-    pa.len = client->keys.len;
-    if(pa.len > UINT_MAX/sizeof(*pa.val))
-	return ERANGE;
-    pa.val = malloc(pa.len * sizeof(*pa.val));
-    if(pa.val == NULL)
-	return ENOMEM;
-    memset(pa.val, 0, pa.len * sizeof(*pa.val));
-
-    for(i = 0; i < client->keys.len; i++) {
-	for (j = 0; j < n; j++)
-	    if (pa.val[j].etype == client->keys.val[i].key.keytype)
-		goto skip1;
-	for(j = 0; j < etypes_len; j++) {
-	    if(client->keys.val[i].key.keytype == etypes[j]) {
- 		if (krb5_enctype_valid(context, etypes[j]) != 0)
- 		    continue;
-		if (!older_enctype(etypes[j]))
- 		    continue;
-		if (n >= pa.len)
-		    krb5_abortx(context, "internal error: n >= p.len");
-		if((ret = make_etype_info_entry(context, 
-						&pa.val[n++], 
-						&client->keys.val[i])) != 0) {
-		    free_ETYPE_INFO(&pa);
-		    return ret;
-		}
-		break;
-	    }
-	}
-    skip1:;
-    }
-    for(i = 0; i < client->keys.len; i++) {
-	/* already added? */
-	for(j = 0; j < etypes_len; j++) {
-	    if(client->keys.val[i].key.keytype == etypes[j])
-		goto skip2;
-	}
-	if (krb5_enctype_valid(context, client->keys.val[i].key.keytype) != 0)
-	    continue;
-	if (!older_enctype(etypes[j]))
-	    continue;
-	if (n >= pa.len)
-	    krb5_abortx(context, "internal error: n >= p.len");
-	if((ret = make_etype_info_entry(context, 
-					&pa.val[n++], 
-					&client->keys.val[i])) != 0) {
-	    free_ETYPE_INFO(&pa);
-	    return ret;
-	}
-    skip2:;
-    }
-    
-    if(n < pa.len) {
-	/* stripped out dups, newer enctypes, and not valid enctypes */
- 	pa.len = n;
-    }
-
-    ASN1_MALLOC_ENCODE(ETYPE_INFO, buf, len, &pa, &len, ret);
-    free_ETYPE_INFO(&pa);
-    if(ret)
-	return ret;
-    ret = realloc_method_data(md);
-    if(ret) {
-	free(buf);
-	return ret;
-    }
-    md->val[md->len - 1].padata_type = KRB5_PADATA_ETYPE_INFO;
-    md->val[md->len - 1].padata_value.length = len;
-    md->val[md->len - 1].padata_value.data = buf;
-    return 0;
-}
-
-/*
- *
- */
-
-extern int _krb5_AES_string_to_default_iterator;
-
-static krb5_error_code
-make_etype_info2_entry(ETYPE_INFO2_ENTRY *ent, Key *key)
-{
-    ent->etype = key->key.keytype;
-    if(key->salt) {
-	ALLOC(ent->salt);
-	if (ent->salt == NULL)
-	    return ENOMEM;
-	*ent->salt = malloc(key->salt->salt.length + 1);
-	if (*ent->salt == NULL) {
-	    free(ent->salt);
-	    ent->salt = NULL;
-	    return ENOMEM;
-	}
-	memcpy(*ent->salt, key->salt->salt.data, key->salt->salt.length);
-	(*ent->salt)[key->salt->salt.length] = '\0';
-    } else
-	ent->salt = NULL;
-
-    ent->s2kparams = NULL;
-
-    switch (key->key.keytype) {
-    case ETYPE_AES128_CTS_HMAC_SHA1_96:
-    case ETYPE_AES256_CTS_HMAC_SHA1_96:
-	ALLOC(ent->s2kparams);
-	if (ent->s2kparams == NULL)
-	    return ENOMEM;
-	ent->s2kparams->length = 4;
-	ent->s2kparams->data = malloc(ent->s2kparams->length);
-	if (ent->s2kparams->data == NULL) {
-	    free(ent->s2kparams);
-	    ent->s2kparams = NULL;
-	    return ENOMEM;
-	}
-	_krb5_put_int(ent->s2kparams->data, 
-		      _krb5_AES_string_to_default_iterator, 
-		      ent->s2kparams->length);
-	break;
-    case ETYPE_DES_CBC_CRC:
-    case ETYPE_DES_CBC_MD4:
-    case ETYPE_DES_CBC_MD5:
-	/* Check if this was a AFS3 salted key */
-	if(key->salt && key->salt->type == hdb_afs3_salt){
-	    ALLOC(ent->s2kparams);
-	    if (ent->s2kparams == NULL)
-		return ENOMEM;
-	    ent->s2kparams->length = 1;
-	    ent->s2kparams->data = malloc(ent->s2kparams->length);
-	    if (ent->s2kparams->data == NULL) {
-		free(ent->s2kparams);
-		ent->s2kparams = NULL;
-		return ENOMEM;
-	    }
-	    _krb5_put_int(ent->s2kparams->data, 
-			  1,
-			  ent->s2kparams->length);
-	}
-	break;
-    default:
-	break;
-    }
-    return 0;
-}
-
-/*
- * Return an ETYPE-INFO2. Enctypes are storted the same way as in the
- * database (client supported enctypes first, then the unsupported
- * enctypes).
- */
-
-static krb5_error_code
-get_pa_etype_info2(krb5_context context, 
-		   krb5_kdc_configuration *config,
-		   METHOD_DATA *md, hdb_entry *client, 
-		   ENCTYPE *etypes, unsigned int etypes_len)
-{
-    krb5_error_code ret = 0;
-    int i, j;
-    unsigned int n = 0;
-    ETYPE_INFO2 pa;
-    unsigned char *buf;
-    size_t len;
-
-    pa.len = client->keys.len;
-    if(pa.len > UINT_MAX/sizeof(*pa.val))
-	return ERANGE;
-    pa.val = malloc(pa.len * sizeof(*pa.val));
-    if(pa.val == NULL)
-	return ENOMEM;
-    memset(pa.val, 0, pa.len * sizeof(*pa.val));
-
-    for(i = 0; i < client->keys.len; i++) {
-	for (j = 0; j < n; j++)
-	    if (pa.val[j].etype == client->keys.val[i].key.keytype)
-		goto skip1;
-	for(j = 0; j < etypes_len; j++) {
-	    if(client->keys.val[i].key.keytype == etypes[j]) {
-		if (krb5_enctype_valid(context, etypes[j]) != 0)
-		    continue;
-		if (n >= pa.len)
-		    krb5_abortx(context, "internal error: n >= p.len");
-		if((ret = make_etype_info2_entry(&pa.val[n++], 
-						 &client->keys.val[i])) != 0) {
-		    free_ETYPE_INFO2(&pa);
-		    return ret;
-		}
-		break;
-	    }
-	}
-    skip1:;
-    }
-    /* send enctypes that the client doesn't know about too */
-    for(i = 0; i < client->keys.len; i++) {
-	/* already added? */
-	for(j = 0; j < etypes_len; j++) {
-	    if(client->keys.val[i].key.keytype == etypes[j])
-		goto skip2;
-	}
-	if (krb5_enctype_valid(context, client->keys.val[i].key.keytype) != 0)
-	    continue;
-	if (n >= pa.len)
-	    krb5_abortx(context, "internal error: n >= p.len");
-	if((ret = make_etype_info2_entry(&pa.val[n++],
-					 &client->keys.val[i])) != 0) {
-	    free_ETYPE_INFO2(&pa);
-	    return ret;
-	}
-      skip2:;
-    }
-    
-    if(n < pa.len) {
-	/* stripped out dups, and not valid enctypes */
- 	pa.len = n;
-    }
-
-    ASN1_MALLOC_ENCODE(ETYPE_INFO2, buf, len, &pa, &len, ret);
-    free_ETYPE_INFO2(&pa);
-    if(ret)
-	return ret;
-    ret = realloc_method_data(md);
-    if(ret) {
-	free(buf);
-	return ret;
-    }
-    md->val[md->len - 1].padata_type = KRB5_PADATA_ETYPE_INFO2;
-    md->val[md->len - 1].padata_value.length = len;
-    md->val[md->len - 1].padata_value.data = buf;
-    return 0;
-}
-
-/*
- *
- */
-
-static void
-log_as_req(krb5_context context,
-	   krb5_kdc_configuration *config,
-	   krb5_enctype cetype,
-	   krb5_enctype setype,
-	   const KDC_REQ_BODY *b)
-{
-    krb5_error_code ret;
-    struct rk_strpool *p = NULL;
-    char *str;
-    int i;
-    
-    for (i = 0; i < b->etype.len; i++) {
-	ret = krb5_enctype_to_string(context, b->etype.val[i], &str);
-	if (ret == 0) {
-	    p = rk_strpoolprintf(p, "%s", str);
-	    free(str);
-	} else
-	    p = rk_strpoolprintf(p, "%d", b->etype.val[i]);
-	if (p && i + 1 < b->etype.len)
-	    p = rk_strpoolprintf(p, ", ");
-	if (p == NULL) {
-	    kdc_log(context, config, 0, "out of memory");
-	    return;
-	}
-    }
-    if (p == NULL)
-	p = rk_strpoolprintf(p, "no encryption types");
-    
-    str = rk_strpoolcollect(p);
-    kdc_log(context, config, 0, "Client supported enctypes: %s", str);
-    free(str);
-
-    {
-	char *cet;
-	char *set;
-
-	ret = krb5_enctype_to_string(context, cetype, &cet);
-	if(ret == 0) {
-	    ret = krb5_enctype_to_string(context, setype, &set);
-	    if (ret == 0) {
-		kdc_log(context, config, 5, "Using %s/%s", cet, set);
-		free(set);
-	    }
-	    free(cet);
-	}
-	if (ret != 0)
-	    kdc_log(context, config, 5, "Using e-types %d/%d", cetype, setype);
-    }
-    
-    {
-	char fixedstr[128];
-	unparse_flags(KDCOptions2int(b->kdc_options), asn1_KDCOptions_units(), 
-		      fixedstr, sizeof(fixedstr));
-	if(*fixedstr)
-	    kdc_log(context, config, 2, "Requested flags: %s", fixedstr);
-    }
-}
-
-/*
- * verify the flags on `client' and `server', returning 0
- * if they are OK and generating an error messages and returning
- * and error code otherwise.
- */
-
-krb5_error_code
-_kdc_check_flags(krb5_context context, 
-		 krb5_kdc_configuration *config,
-		 hdb_entry_ex *client_ex, const char *client_name,
-		 hdb_entry_ex *server_ex, const char *server_name,
-		 krb5_boolean is_as_req)
-{
-    if(client_ex != NULL) {
-	hdb_entry *client = &client_ex->entry;
-
-	/* check client */
-	if (client->flags.invalid) {
-	    kdc_log(context, config, 0, 
-		    "Client (%s) has invalid bit set", client_name);
-	    return KRB5KDC_ERR_POLICY;
-	}
-	
-	if(!client->flags.client){
-	    kdc_log(context, config, 0,
-		    "Principal may not act as client -- %s", client_name);
-	    return KRB5KDC_ERR_POLICY;
-	}
-	
-	if (client->valid_start && *client->valid_start > kdc_time) {
-	    char starttime_str[100];
-	    krb5_format_time(context, *client->valid_start, 
-			     starttime_str, sizeof(starttime_str), TRUE); 
-	    kdc_log(context, config, 0,
-		    "Client not yet valid until %s -- %s", 
-		    starttime_str, client_name);
-	    return KRB5KDC_ERR_CLIENT_NOTYET;
-	}
-	
-	if (client->valid_end && *client->valid_end < kdc_time) {
-	    char endtime_str[100];
-	    krb5_format_time(context, *client->valid_end, 
-			     endtime_str, sizeof(endtime_str), TRUE); 
-	    kdc_log(context, config, 0,
-		    "Client expired at %s -- %s",
-		    endtime_str, client_name);
-	    return KRB5KDC_ERR_NAME_EXP;
-	}
-	
-	if (client->pw_end && *client->pw_end < kdc_time 
-	    && (server_ex == NULL || !server_ex->entry.flags.change_pw)) {
-	    char pwend_str[100];
-	    krb5_format_time(context, *client->pw_end, 
-			     pwend_str, sizeof(pwend_str), TRUE); 
-	    kdc_log(context, config, 0,
-		    "Client's key has expired at %s -- %s", 
-		    pwend_str, client_name);
-	    return KRB5KDC_ERR_KEY_EXPIRED;
-	}
-    }
-
-    /* check server */
-    
-    if (server_ex != NULL) {
-	hdb_entry *server = &server_ex->entry;
-
-	if (server->flags.invalid) {
-	    kdc_log(context, config, 0,
-		    "Server has invalid flag set -- %s", server_name);
-	    return KRB5KDC_ERR_POLICY;
-	}
-
-	if(!server->flags.server){
-	    kdc_log(context, config, 0,
-		    "Principal may not act as server -- %s", server_name);
-	    return KRB5KDC_ERR_POLICY;
-	}
-
-	if(!is_as_req && server->flags.initial) {
-	    kdc_log(context, config, 0,
-		    "AS-REQ is required for server -- %s", server_name);
-	    return KRB5KDC_ERR_POLICY;
-	}
-
-	if (server->valid_start && *server->valid_start > kdc_time) {
-	    char starttime_str[100];
-	    krb5_format_time(context, *server->valid_start, 
-			     starttime_str, sizeof(starttime_str), TRUE); 
-	    kdc_log(context, config, 0,
-		    "Server not yet valid until %s -- %s",
-		    starttime_str, server_name);
-	    return KRB5KDC_ERR_SERVICE_NOTYET;
-	}
-
-	if (server->valid_end && *server->valid_end < kdc_time) {
-	    char endtime_str[100];
-	    krb5_format_time(context, *server->valid_end, 
-			     endtime_str, sizeof(endtime_str), TRUE); 
-	    kdc_log(context, config, 0,
-		    "Server expired at %s -- %s", 
-		    endtime_str, server_name);
-	    return KRB5KDC_ERR_SERVICE_EXP;
-	}
-
-	if (server->pw_end && *server->pw_end < kdc_time) {
-	    char pwend_str[100];
-	    krb5_format_time(context, *server->pw_end, 
-			     pwend_str, sizeof(pwend_str), TRUE); 
-	    kdc_log(context, config, 0,
-		    "Server's key has expired at -- %s", 
-		    pwend_str, server_name);
-	    return KRB5KDC_ERR_KEY_EXPIRED;
-	}
-    }
-    return 0;
-}
-
-/*
- * Return TRUE if `from' is part of `addresses' taking into consideration
- * the configuration variables that tells us how strict we should be about
- * these checks
- */
-
-krb5_boolean
-_kdc_check_addresses(krb5_context context,        
-		     krb5_kdc_configuration *config,
-		     HostAddresses *addresses, const struct sockaddr *from)
-{
-    krb5_error_code ret;
-    krb5_address addr;
-    krb5_boolean result;
-    krb5_boolean only_netbios = TRUE;
-    int i;
-    
-    if(config->check_ticket_addresses == 0)
-	return TRUE;
-
-    if(addresses == NULL)
-	return config->allow_null_ticket_addresses;
-    
-    for (i = 0; i < addresses->len; ++i) {
-	if (addresses->val[i].addr_type != KRB5_ADDRESS_NETBIOS) {
-	    only_netbios = FALSE;
-	}
-    }
-
-    /* Windows sends it's netbios name, which I can only assume is
-     * used for the 'allowed workstations' check.  This is painful,
-     * but we still want to check IP addresses if they happen to be
-     * present.
-     */
-
-    if(only_netbios)
-	return config->allow_null_ticket_addresses;
-
-    ret = krb5_sockaddr2address (context, from, &addr);
-    if(ret)
-	return FALSE;
-
-    result = krb5_address_search(context, &addr, addresses);
-    krb5_free_address (context, &addr);
-    return result;
-}
-
-/*
- *
- */
-
-static krb5_boolean
-send_pac_p(krb5_context context, KDC_REQ *req)
-{
-    krb5_error_code ret;
-    PA_PAC_REQUEST pacreq;
-    const PA_DATA *pa;
-    int i = 0;
-    
-    pa = _kdc_find_padata(req, &i, KRB5_PADATA_PA_PAC_REQUEST);
-    if (pa == NULL)
-	return TRUE;
-
-    ret = decode_PA_PAC_REQUEST(pa->padata_value.data,
-				pa->padata_value.length,
-				&pacreq,
-				NULL);
-    if (ret)
-	return TRUE;
-    i = pacreq.include_pac;
-    free_PA_PAC_REQUEST(&pacreq);
-    if (i == 0)
-	return FALSE;
-    return TRUE;
-}
-
-/*
- *
- */
-
-krb5_error_code
-_kdc_as_rep(krb5_context context, 
-	    krb5_kdc_configuration *config,
-	    KDC_REQ *req, 
-	    const krb5_data *req_buffer, 
-	    krb5_data *reply,
-	    const char *from,
-	    struct sockaddr *from_addr,
-	    int datagram_reply)
-{
-    KDC_REQ_BODY *b = &req->req_body;
-    AS_REP rep;
-    KDCOptions f = b->kdc_options;
-    hdb_entry_ex *client = NULL, *server = NULL;
-    krb5_enctype cetype, setype, sessionetype;
-    krb5_data e_data;
-    EncTicketPart et;
-    EncKDCRepPart ek;
-    krb5_principal client_princ = NULL, server_princ = NULL;
-    char *client_name = NULL, *server_name = NULL;
-    krb5_error_code ret = 0;
-    const char *e_text = NULL;
-    krb5_crypto crypto;
-    Key *ckey, *skey;
-    EncryptionKey *reply_key;
-    int flags = 0;
-#ifdef PKINIT
-    pk_client_params *pkp = NULL;
-#endif
-
-    memset(&rep, 0, sizeof(rep));
-    krb5_data_zero(&e_data);
-
-    if (f.canonicalize)
-	flags |= HDB_F_CANON;
-
-    if(b->sname == NULL){
-	ret = KRB5KRB_ERR_GENERIC;
-	e_text = "No server in request";
-    } else{
-	ret = _krb5_principalname2krb5_principal (context,
-						  &server_princ,
-						  *(b->sname),
-						  b->realm);
-	if (ret == 0)
-	    ret = krb5_unparse_name(context, server_princ, &server_name);
-    }
-    if (ret) {
-	kdc_log(context, config, 0, 
-		"AS-REQ malformed server name from %s", from);
-	goto out;
-    }
-    
-    if(b->cname == NULL){
-	ret = KRB5KRB_ERR_GENERIC;
-	e_text = "No client in request";
-    } else {
-
-	if (b->cname->name_type == KRB5_NT_ENTERPRISE_PRINCIPAL) {
-	    if (b->cname->name_string.len != 1) {
-		kdc_log(context, config, 0,
-			"AS-REQ malformed canon request from %s, "
-			"enterprise name with %d name components", 
-			from, b->cname->name_string.len);
-		ret = KRB5_PARSE_MALFORMED;
-		goto out;
-	    }
-	    ret = krb5_parse_name(context, b->cname->name_string.val[0],
-				  &client_princ);
-	    if (ret)
-		goto out;
-	} else {
-	    ret = _krb5_principalname2krb5_principal (context,
-						      &client_princ,
-						      *(b->cname),
-						      b->realm);
-	    if (ret)
-		goto out;
-	}
-	ret = krb5_unparse_name(context, client_princ, &client_name);
-    }
-    if (ret) {
-	kdc_log(context, config, 0,
-		"AS-REQ malformed client name from %s", from);
-	goto out;
-    }
-
-    kdc_log(context, config, 0, "AS-REQ %s from %s for %s", 
-	    client_name, from, server_name);
-
-    ret = _kdc_db_fetch(context, config, client_princ, 
-			HDB_F_GET_CLIENT | flags, NULL, &client);
-    if(ret){
-	kdc_log(context, config, 0, "UNKNOWN -- %s: %s", client_name,
-		krb5_get_err_text(context, ret));
-	ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
-	goto out;
-    }
-
-    ret = _kdc_db_fetch(context, config, server_princ,
-			HDB_F_GET_SERVER|HDB_F_GET_KRBTGT,
-			NULL, &server);
-    if(ret){
-	kdc_log(context, config, 0, "UNKNOWN -- %s: %s", server_name,
-		krb5_get_err_text(context, ret));
-	ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
-	goto out;
-    }
-
-    ret = _kdc_windc_client_access(context, client, req);
-    if(ret)
-	goto out;
-
-    ret = _kdc_check_flags(context, config, 
-			   client, client_name,
-			   server, server_name,
-			   TRUE);
-    if(ret)
-	goto out;
-
-    memset(&et, 0, sizeof(et));
-    memset(&ek, 0, sizeof(ek));
-
-    if(req->padata){
-	int i;
-	const PA_DATA *pa;
-	int found_pa = 0;
-
-	log_patypes(context, config, req->padata);
-
-#ifdef PKINIT
-	kdc_log(context, config, 5, 
-		"Looking for PKINIT pa-data -- %s", client_name);
-
-	e_text = "No PKINIT PA found";
-
-	i = 0;
-	if ((pa = _kdc_find_padata(req, &i, KRB5_PADATA_PK_AS_REQ)))
-	    ;
-	if (pa == NULL) {
-	    i = 0;
-	    if((pa = _kdc_find_padata(req, &i, KRB5_PADATA_PK_AS_REQ_WIN)))
-		;
-	}
-	if (pa) {
-	    char *client_cert = NULL;
-
-	    ret = _kdc_pk_rd_padata(context, config, req, pa, &pkp);
-	    if (ret) {
-		ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-		kdc_log(context, config, 5, 
-			"Failed to decode PKINIT PA-DATA -- %s", 
-			client_name);
-		goto ts_enc;
-	    }
-	    if (ret == 0 && pkp == NULL)
-		goto ts_enc;
-
-	    ret = _kdc_pk_check_client(context,
-				       config,
-				       client,
-				       pkp,
-				       &client_cert);
-	    if (ret) {
-		e_text = "PKINIT certificate not allowed to "
-		    "impersonate principal";
-		_kdc_pk_free_client_param(context, pkp);
-
-		kdc_log(context, config, 0, "%s", e_text);
-		pkp = NULL;
-		goto out;
-	    }
-	    found_pa = 1;
-	    et.flags.pre_authent = 1;
-	    kdc_log(context, config, 0,
-		    "PKINIT pre-authentication succeeded -- %s using %s", 
-		    client_name, client_cert);
-	    free(client_cert);
-	    if (pkp)
-		goto preauth_done;
-	}
-    ts_enc:
-#endif
-	kdc_log(context, config, 5, "Looking for ENC-TS pa-data -- %s", 
-		client_name);
-
-	i = 0;
-	e_text = "No ENC-TS found";
-	while((pa = _kdc_find_padata(req, &i, KRB5_PADATA_ENC_TIMESTAMP))){
-	    krb5_data ts_data;
-	    PA_ENC_TS_ENC p;
-	    size_t len;
-	    EncryptedData enc_data;
-	    Key *pa_key;
-	    char *str;
-	    
-	    found_pa = 1;
-	    
-	    ret = decode_EncryptedData(pa->padata_value.data,
-				       pa->padata_value.length,
-				       &enc_data,
-				       &len);
-	    if (ret) {
-		ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-		kdc_log(context, config, 5, "Failed to decode PA-DATA -- %s", 
-			client_name);
-		goto out;
-	    }
-	    
-	    ret = hdb_enctype2key(context, &client->entry, 
-				  enc_data.etype, &pa_key);
-	    if(ret){
-		char *estr;
-		e_text = "No key matches pa-data";
-		ret = KRB5KDC_ERR_ETYPE_NOSUPP;
-		if(krb5_enctype_to_string(context, enc_data.etype, &estr))
-		    estr = NULL;
-		if(estr == NULL)
-		    kdc_log(context, config, 5, 
-			    "No client key matching pa-data (%d) -- %s", 
-			    enc_data.etype, client_name);
-		else
-		    kdc_log(context, config, 5,
-			    "No client key matching pa-data (%s) -- %s", 
-			    estr, client_name);
-		free(estr);
-		    
-		free_EncryptedData(&enc_data);
-		continue;
-	    }
-
-	try_next_key:
-	    ret = krb5_crypto_init(context, &pa_key->key, 0, &crypto);
-	    if (ret) {
-		kdc_log(context, config, 0, "krb5_crypto_init failed: %s",
-			krb5_get_err_text(context, ret));
-		free_EncryptedData(&enc_data);
-		continue;
-	    }
-
-	    ret = krb5_decrypt_EncryptedData (context,
-					      crypto,
-					      KRB5_KU_PA_ENC_TIMESTAMP,
-					      &enc_data,
-					      &ts_data);
-	    krb5_crypto_destroy(context, crypto);
-	    if(ret){
-		krb5_error_code ret2;
-		ret2 = krb5_enctype_to_string(context, 
-					      pa_key->key.keytype, &str);
-		if (ret2)
-		    str = NULL;
-		kdc_log(context, config, 5, 
-			"Failed to decrypt PA-DATA -- %s "
-			"(enctype %s) error %s",
-			client_name,
-			str ? str : "unknown enctype", 
-			krb5_get_err_text(context, ret));
-		free(str);
-
-		if(hdb_next_enctype2key(context, &client->entry, 
-					enc_data.etype, &pa_key) == 0)
-		    goto try_next_key;
-		e_text = "Failed to decrypt PA-DATA";
-
-		free_EncryptedData(&enc_data);
-		ret = KRB5KDC_ERR_PREAUTH_FAILED;
-		continue;
-	    }
-	    free_EncryptedData(&enc_data);
-	    ret = decode_PA_ENC_TS_ENC(ts_data.data,
-				       ts_data.length,
-				       &p,
-				       &len);
-	    krb5_data_free(&ts_data);
-	    if(ret){
-		e_text = "Failed to decode PA-ENC-TS-ENC";
-		ret = KRB5KDC_ERR_PREAUTH_FAILED;
-		kdc_log(context, config, 
-			5, "Failed to decode PA-ENC-TS_ENC -- %s",
-			client_name);
-		continue;
-	    }
-	    free_PA_ENC_TS_ENC(&p);
-	    if (abs(kdc_time - p.patimestamp) > context->max_skew) {
-		char client_time[100];
-		
-		krb5_format_time(context, p.patimestamp, 
-				 client_time, sizeof(client_time), TRUE); 
-
- 		ret = KRB5KRB_AP_ERR_SKEW;
- 		kdc_log(context, config, 0,
-			"Too large time skew, "
-			"client time %s is out by %u > %u seconds -- %s", 
-			client_time, 
-			(unsigned)abs(kdc_time - p.patimestamp), 
-			context->max_skew,
-			client_name);
-#if 0
-		/* This code is from samba, needs testing */
-		/* 
-		 * the following is needed to make windows clients
-		 * to retry using the timestamp in the error message
-		 *
-		 * this is maybe a bug in windows to not trying when e_text
-		 * is present...
-		 */
-		e_text = NULL;
-#else
-		e_text = "Too large time skew";
-#endif
-		goto out;
-	    }
-	    et.flags.pre_authent = 1;
-
-	    ret = krb5_enctype_to_string(context,pa_key->key.keytype, &str);
-	    if (ret)
-		str = NULL;
-
-	    kdc_log(context, config, 2,
-		    "ENC-TS Pre-authentication succeeded -- %s using %s", 
-		    client_name, str ? str : "unknown enctype");
-	    free(str);
-	    break;
-	}
-#ifdef PKINIT
-    preauth_done:
-#endif
-	if(found_pa == 0 && config->require_preauth)
-	    goto use_pa;
-	/* We come here if we found a pa-enc-timestamp, but if there
-           was some problem with it, other than too large skew */
-	if(found_pa && et.flags.pre_authent == 0){
-	    kdc_log(context, config, 0, "%s -- %s", e_text, client_name);
-	    e_text = NULL;
-	    goto out;
-	}
-    }else if (config->require_preauth
-	      || client->entry.flags.require_preauth
-	      || server->entry.flags.require_preauth) {
-	METHOD_DATA method_data;
-	PA_DATA *pa;
-	unsigned char *buf;
-	size_t len;
-
-    use_pa: 
-	method_data.len = 0;
-	method_data.val = NULL;
-
-	ret = realloc_method_data(&method_data);
-	pa = &method_data.val[method_data.len-1];
-	pa->padata_type		= KRB5_PADATA_ENC_TIMESTAMP;
-	pa->padata_value.length	= 0;
-	pa->padata_value.data	= NULL;
-
-#ifdef PKINIT
-	ret = realloc_method_data(&method_data);
-	pa = &method_data.val[method_data.len-1];
-	pa->padata_type		= KRB5_PADATA_PK_AS_REQ;
-	pa->padata_value.length	= 0;
-	pa->padata_value.data	= NULL;
-
-	ret = realloc_method_data(&method_data);
-	pa = &method_data.val[method_data.len-1];
-	pa->padata_type		= KRB5_PADATA_PK_AS_REQ_WIN;
-	pa->padata_value.length	= 0;
-	pa->padata_value.data	= NULL;
-#endif
-
-	/* 
-	 * RFC4120 requires: 
-	 * - If the client only knows about old enctypes, then send
-	 *   both info replies (we send 'info' first in the list).
-	 * - If the client is 'modern', because it knows about 'new'
-	 *   enctype types, then only send the 'info2' reply.
-	 */
-
-	/* XXX check ret */
-	if (only_older_enctype_p(req))
-	    ret = get_pa_etype_info(context, config,
-				    &method_data, &client->entry, 
-				    b->etype.val, b->etype.len); 
-	/* XXX check ret */
-	ret = get_pa_etype_info2(context, config, &method_data, 
-				 &client->entry, b->etype.val, b->etype.len);
-
-	
-	ASN1_MALLOC_ENCODE(METHOD_DATA, buf, len, &method_data, &len, ret);
-	free_METHOD_DATA(&method_data);
-
-	e_data.data   = buf;
-	e_data.length = len;
-	e_text ="Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ",
-
-	ret = KRB5KDC_ERR_PREAUTH_REQUIRED;
-
-	kdc_log(context, config, 0,
-		"No preauth found, returning PREAUTH-REQUIRED -- %s",
-		client_name);
-	goto out;
-    }
-    
-    /*
-     * Find the client key (for preauth ENC-TS verification and reply
-     * encryption).  Then the best encryption type for the KDC and
-     * last the best session key that shared between the client and
-     * KDC runtime enctypes.
-     */
-
-    ret = _kdc_find_etype(context, client, b->etype.val, b->etype.len,
-			  &ckey, &cetype);
-    if (ret) {
-	kdc_log(context, config, 0, 
-		"Client (%s) has no support for etypes", client_name);
-	goto out;
-    }
-	
-    ret = _kdc_get_preferred_key(context, config,
-				 server, server_name,
-				 &setype, &skey);
-    if(ret)
-	goto out;
-
-    /* 
-     * Select a session enctype from the list of the crypto systems
-     * supported enctype, is supported by the client and is one of the
-     * enctype of the enctype of the krbtgt.
-     *
-     * The later is used as a hint what enctype all KDC are supporting
-     * to make sure a newer version of KDC wont generate a session
-     * enctype that and older version of a KDC in the same realm can't
-     * decrypt.
-     *
-     * But if the KDC admin is paranoid and doesn't want to have "no
-     * the best" enctypes on the krbtgt, lets save the best pick from
-     * the client list and hope that that will work for any other
-     * KDCs.
-     */
-    {
-	const krb5_enctype *p;
-	krb5_enctype clientbest = ETYPE_NULL;
-	int i, j;
-
-	p = krb5_kerberos_enctypes(context);
-
-	sessionetype = ETYPE_NULL;
-
-	for (i = 0; p[i] != ETYPE_NULL && sessionetype == ETYPE_NULL; i++) {
-	    if (krb5_enctype_valid(context, p[i]) != 0)
-		continue;
-
-	    for (j = 0; j < b->etype.len && sessionetype == ETYPE_NULL; j++) {
-		Key *dummy;
-		/* check with client */
-		if (p[i] != b->etype.val[j])
-		    continue; 
-		/* save best of union of { client, crypto system } */
-		if (clientbest == ETYPE_NULL)
-		    clientbest = p[i];
-		/* check with krbtgt */
-		ret = hdb_enctype2key(context, &server->entry, p[i], &dummy);
-		if (ret) 
-		    continue;
-		sessionetype = p[i];
-	    }
-	}
-	/* if krbtgt had no shared keys with client, pick clients best */
-	if (clientbest != ETYPE_NULL && sessionetype == ETYPE_NULL) {
-	    sessionetype = clientbest;
-	} else if (sessionetype == ETYPE_NULL) {
-	    kdc_log(context, config, 0,
-		    "Client (%s) from %s has no common enctypes with KDC"
-		    "to use for the session key", 
-		    client_name, from); 
-	    goto out;
-	}
-    }
-
-    log_as_req(context, config, cetype, setype, b);
-
-    if(f.renew || f.validate || f.proxy || f.forwarded || f.enc_tkt_in_skey
-       || (f.request_anonymous && !config->allow_anonymous)) {
-	ret = KRB5KDC_ERR_BADOPTION;
-	kdc_log(context, config, 0, "Bad KDC options -- %s", client_name);
-	goto out;
-    }
-    
-    rep.pvno = 5;
-    rep.msg_type = krb_as_rep;
-    copy_Realm(&client->entry.principal->realm, &rep.crealm);
-    if (f.request_anonymous)
-	_kdc_make_anonymous_principalname (&rep.cname);
-    else
-	_krb5_principal2principalname(&rep.cname, 
-				      client->entry.principal);
-    rep.ticket.tkt_vno = 5;
-    copy_Realm(&server->entry.principal->realm, &rep.ticket.realm);
-    _krb5_principal2principalname(&rep.ticket.sname, 
-				  server->entry.principal);
-    /* java 1.6 expects the name to be the same type, lets allow that
-     * uncomplicated name-types. */
-#define CNT(sp,t) (((sp)->sname->name_type) == KRB5_NT_##t)
-    if (CNT(b, UNKNOWN) || CNT(b, PRINCIPAL) || CNT(b, SRV_INST) || CNT(b, SRV_HST) || CNT(b, SRV_XHST))
-	rep.ticket.sname.name_type = b->sname->name_type;
-#undef CNT
-
-    et.flags.initial = 1;
-    if(client->entry.flags.forwardable && server->entry.flags.forwardable)
-	et.flags.forwardable = f.forwardable;
-    else if (f.forwardable) {
-	ret = KRB5KDC_ERR_POLICY;
-	kdc_log(context, config, 0,
-		"Ticket may not be forwardable -- %s", client_name);
-	goto out;
-    }
-    if(client->entry.flags.proxiable && server->entry.flags.proxiable)
-	et.flags.proxiable = f.proxiable;
-    else if (f.proxiable) {
-	ret = KRB5KDC_ERR_POLICY;
-	kdc_log(context, config, 0, 
-		"Ticket may not be proxiable -- %s", client_name);
-	goto out;
-    }
-    if(client->entry.flags.postdate && server->entry.flags.postdate)
-	et.flags.may_postdate = f.allow_postdate;
-    else if (f.allow_postdate){
-	ret = KRB5KDC_ERR_POLICY;
-	kdc_log(context, config, 0,
-		"Ticket may not be postdatable -- %s", client_name);
-	goto out;
-    }
-
-    /* check for valid set of addresses */
-    if(!_kdc_check_addresses(context, config, b->addresses, from_addr)) {
-	ret = KRB5KRB_AP_ERR_BADADDR;
-	kdc_log(context, config, 0,
-		"Bad address list requested -- %s", client_name);
-	goto out;
-    }
-
-    ret = krb5_generate_random_keyblock(context, sessionetype, &et.key);
-    if (ret)
-	goto out;
-    copy_PrincipalName(&rep.cname, &et.cname);
-    copy_Realm(&rep.crealm, &et.crealm);
-    
-    {
-	time_t start;
-	time_t t;
-	
-	start = et.authtime = kdc_time;
-    
-	if(f.postdated && req->req_body.from){
-	    ALLOC(et.starttime);
-	    start = *et.starttime = *req->req_body.from;
-	    et.flags.invalid = 1;
-	    et.flags.postdated = 1; /* XXX ??? */
-	}
-	_kdc_fix_time(&b->till);
-	t = *b->till;
-
-	/* be careful not overflowing */
-
-	if(client->entry.max_life)
-	    t = start + min(t - start, *client->entry.max_life);
-	if(server->entry.max_life)
-	    t = start + min(t - start, *server->entry.max_life);
-#if 0
-	t = min(t, start + realm->max_life);
-#endif
-	et.endtime = t;
-	if(f.renewable_ok && et.endtime < *b->till){
-	    f.renewable = 1;
-	    if(b->rtime == NULL){
-		ALLOC(b->rtime);
-		*b->rtime = 0;
-	    }
-	    if(*b->rtime < *b->till)
-		*b->rtime = *b->till;
-	}
-	if(f.renewable && b->rtime){
-	    t = *b->rtime;
-	    if(t == 0)
-		t = MAX_TIME;
-	    if(client->entry.max_renew)
-		t = start + min(t - start, *client->entry.max_renew);
-	    if(server->entry.max_renew)
-		t = start + min(t - start, *server->entry.max_renew);
-#if 0
-	    t = min(t, start + realm->max_renew);
-#endif
-	    ALLOC(et.renew_till);
-	    *et.renew_till = t;
-	    et.flags.renewable = 1;
-	}
-    }
-
-    if (f.request_anonymous)
-	et.flags.anonymous = 1;
-    
-    if(b->addresses){
-	ALLOC(et.caddr);
-	copy_HostAddresses(b->addresses, et.caddr);
-    }
-    
-    et.transited.tr_type = DOMAIN_X500_COMPRESS;
-    krb5_data_zero(&et.transited.contents); 
-     
-    copy_EncryptionKey(&et.key, &ek.key);
-
-    /* The MIT ASN.1 library (obviously) doesn't tell lengths encoded
-     * as 0 and as 0x80 (meaning indefinite length) apart, and is thus
-     * incapable of correctly decoding SEQUENCE OF's of zero length.
-     *
-     * To fix this, always send at least one no-op last_req
-     *
-     * If there's a pw_end or valid_end we will use that,
-     * otherwise just a dummy lr.
-     */
-    ek.last_req.val = malloc(2 * sizeof(*ek.last_req.val));
-    if (ek.last_req.val == NULL) {
-	ret = ENOMEM;
-	goto out;
-    }
-    ek.last_req.len = 0;
-    if (client->entry.pw_end
-	&& (config->kdc_warn_pwexpire == 0
-	    || kdc_time + config->kdc_warn_pwexpire >= *client->entry.pw_end)) {
-	ek.last_req.val[ek.last_req.len].lr_type  = LR_PW_EXPTIME;
-	ek.last_req.val[ek.last_req.len].lr_value = *client->entry.pw_end;
-	++ek.last_req.len;
-    }
-    if (client->entry.valid_end) {
-	ek.last_req.val[ek.last_req.len].lr_type  = LR_ACCT_EXPTIME;
-	ek.last_req.val[ek.last_req.len].lr_value = *client->entry.valid_end;
-	++ek.last_req.len;
-    }
-    if (ek.last_req.len == 0) {
-	ek.last_req.val[ek.last_req.len].lr_type  = LR_NONE;
-	ek.last_req.val[ek.last_req.len].lr_value = 0;
-	++ek.last_req.len;
-    }
-    ek.nonce = b->nonce;
-    if (client->entry.valid_end || client->entry.pw_end) {
-	ALLOC(ek.key_expiration);
-	if (client->entry.valid_end) {
-	    if (client->entry.pw_end)
-		*ek.key_expiration = min(*client->entry.valid_end, 
-					 *client->entry.pw_end);
-	    else
-		*ek.key_expiration = *client->entry.valid_end;
-	} else
-	    *ek.key_expiration = *client->entry.pw_end;
-    } else
-	ek.key_expiration = NULL;
-    ek.flags = et.flags;
-    ek.authtime = et.authtime;
-    if (et.starttime) {
-	ALLOC(ek.starttime);
-	*ek.starttime = *et.starttime;
-    }
-    ek.endtime = et.endtime;
-    if (et.renew_till) {
-	ALLOC(ek.renew_till);
-	*ek.renew_till = *et.renew_till;
-    }
-    copy_Realm(&rep.ticket.realm, &ek.srealm);
-    copy_PrincipalName(&rep.ticket.sname, &ek.sname);
-    if(et.caddr){
-	ALLOC(ek.caddr);
-	copy_HostAddresses(et.caddr, ek.caddr);
-    }
-
-    ALLOC(rep.padata);
-    rep.padata->len = 0;
-    rep.padata->val = NULL;
-
-    reply_key = &ckey->key;
-#if PKINIT
-    if (pkp) {
-	ret = _kdc_pk_mk_pa_reply(context, config, pkp, client, 
-				  req, req_buffer, 
-				  &reply_key, rep.padata);
-	if (ret)
-	    goto out;
-	ret = _kdc_add_inital_verified_cas(context,
-					   config,
-					   pkp,
-					   &et);
-	if (ret)
-	    goto out;
-    }
-#endif
-
-    set_salt_padata (rep.padata, ckey->salt);
-
-    /* Add signing of alias referral */
-    if (f.canonicalize) {
-	PA_ClientCanonicalized canon;
-	krb5_data data;
-	PA_DATA pa;
-	krb5_crypto crypto;
-	size_t len;
-
-	memset(&canon, 0, sizeof(canon));
-
-	canon.names.requested_name = *b->cname;
-	canon.names.real_name = client->entry.principal->name;
-
-	ASN1_MALLOC_ENCODE(PA_ClientCanonicalizedNames, data.data, data.length,
-			   &canon.names, &len, ret);
-	if (ret) 
-	    goto out;
-	if (data.length != len)
-	    krb5_abortx(context, "internal asn.1 error");
-
-	/* sign using "returned session key" */
-	ret = krb5_crypto_init(context, &et.key, 0, &crypto);
-	if (ret) {
-	    free(data.data);
-	    goto out;
-	}
-
-	ret = krb5_create_checksum(context, crypto, 
-				   KRB5_KU_CANONICALIZED_NAMES, 0,
-				   data.data, data.length,
-				   &canon.canon_checksum);
-	free(data.data);
-	krb5_crypto_destroy(context, crypto);
-	if (ret)
-	    goto out;
-	  
-	ASN1_MALLOC_ENCODE(PA_ClientCanonicalized, data.data, data.length,
-			   &canon, &len, ret);
-	free_Checksum(&canon.canon_checksum);
-	if (ret) 
-	    goto out;
-	if (data.length != len)
-	    krb5_abortx(context, "internal asn.1 error");
-
-	pa.padata_type = KRB5_PADATA_CLIENT_CANONICALIZED;
-	pa.padata_value = data;
-	ret = add_METHOD_DATA(rep.padata, &pa);
-	free(data.data);
-	if (ret)
-	    goto out;
-    }
-
-    if (rep.padata->len == 0) {
-	free(rep.padata);
-	rep.padata = NULL;
-    }
-
-    /* Add the PAC */
-    if (send_pac_p(context, req)) {
-	krb5_pac p = NULL;
-	krb5_data data;
-
-	ret = _kdc_pac_generate(context, client, &p);
-	if (ret) {
-	    kdc_log(context, config, 0, "PAC generation failed for -- %s", 
-		    client_name);
-	    goto out;
-	}
-	if (p != NULL) {
-	    ret = _krb5_pac_sign(context, p, et.authtime,
-				 client->entry.principal,
-				 &skey->key, /* Server key */ 
-				 &skey->key, /* FIXME: should be krbtgt key */
-				 &data);
-	    krb5_pac_free(context, p);
-	    if (ret) {
-		kdc_log(context, config, 0, "PAC signing failed for -- %s", 
-			client_name);
-		goto out;
-	    }
-
-	    ret = _kdc_tkt_add_if_relevant_ad(context, &et,
-					      KRB5_AUTHDATA_WIN2K_PAC,
-					      &data);
-	    krb5_data_free(&data);
-	    if (ret)
-		goto out;
-	}
-    }
-
-    _kdc_log_timestamp(context, config, "AS-REQ", et.authtime, et.starttime, 
-		       et.endtime, et.renew_till);
-
-    /* do this as the last thing since this signs the EncTicketPart */
-    ret = _kdc_add_KRB5SignedPath(context,
-				  config,
-				  server,
-				  setype,
-				  NULL,
-				  NULL,
-				  &et);
-    if (ret)
-	goto out;
-
-    ret = _kdc_encode_reply(context, config, 
-			    &rep, &et, &ek, setype, server->entry.kvno, 
-			    &skey->key, client->entry.kvno, 
-			    reply_key, &e_text, reply);
-    free_EncTicketPart(&et);
-    free_EncKDCRepPart(&ek);
-    if (ret)
-	goto out;
-
-    /* */
-    if (datagram_reply && reply->length > config->max_datagram_reply_length) {
-	krb5_data_free(reply);
-	ret = KRB5KRB_ERR_RESPONSE_TOO_BIG;
-	e_text = "Reply packet too large";
-    }
-
-out:
-    free_AS_REP(&rep);
-    if(ret){
-	krb5_mk_error(context,
-		      ret,
-		      e_text,
-		      (e_data.data ? &e_data : NULL),
-		      client_princ,
-		      server_princ,
-		      NULL,
-		      NULL,
-		      reply);
-	ret = 0;
-    }
-#ifdef PKINIT
-    if (pkp)
-	_kdc_pk_free_client_param(context, pkp);
-#endif
-    if (e_data.data)
-        free(e_data.data);
-    if (client_princ)
-	krb5_free_principal(context, client_princ);
-    free(client_name);
-    if (server_princ)
-	krb5_free_principal(context, server_princ);
-    free(server_name);
-    if(client)
-	_kdc_free_ent(context, client);
-    if(server)
-	_kdc_free_ent(context, server);
-    return ret;
-}
-
-/*
- * Add the AuthorizationData `data� of `type� to the last element in
- * the sequence of authorization_data in `tkt� wrapped in an IF_RELEVANT
- */
-
-krb5_error_code
-_kdc_tkt_add_if_relevant_ad(krb5_context context,
-			    EncTicketPart *tkt,
-			    int type,
-			    const krb5_data *data)
-{
-    krb5_error_code ret;
-    size_t size;
-
-    if (tkt->authorization_data == NULL) {
-	tkt->authorization_data = calloc(1, sizeof(*tkt->authorization_data));
-	if (tkt->authorization_data == NULL) {
-	    krb5_set_error_string(context, "out of memory");
-	    return ENOMEM;
-	}
-    }
-	
-    /* add the entry to the last element */
-    {
-	AuthorizationData ad = { 0, NULL };
-	AuthorizationDataElement ade;
-
-	ade.ad_type = type;
-	ade.ad_data = *data;
-
-	ret = add_AuthorizationData(&ad, &ade);
-	if (ret) {
-	    krb5_set_error_string(context, "add AuthorizationData failed");
-	    return ret;
-	}
-
-	ade.ad_type = KRB5_AUTHDATA_IF_RELEVANT;
-
-	ASN1_MALLOC_ENCODE(AuthorizationData, 
-			   ade.ad_data.data, ade.ad_data.length, 
-			   &ad, &size, ret);
-	free_AuthorizationData(&ad);
-	if (ret) {
-	    krb5_set_error_string(context, "ASN.1 encode of "
-				  "AuthorizationData failed");
-	    return ret;
-	}
-	if (ade.ad_data.length != size)
-	    krb5_abortx(context, "internal asn.1 encoder error");
-	
-	ret = add_AuthorizationData(tkt->authorization_data, &ade);
-	der_free_octet_string(&ade.ad_data);
-	if (ret) {
-	    krb5_set_error_string(context, "add AuthorizationData failed");
-	    return ret;
-	}
-    }
-
-    return 0;
-}
diff --git a/crypto/heimdal/kdc/krb5tgs.c b/crypto/heimdal/kdc/krb5tgs.c
deleted file mode 100644
index 32bdee9799ca..000000000000
--- a/crypto/heimdal/kdc/krb5tgs.c
+++ /dev/null
@@ -1,1914 +0,0 @@
-/*
- * Copyright (c) 1997-2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kdc_locl.h"
-
-RCSID("$Id: krb5tgs.c 22071 2007-11-14 20:04:50Z lha $");
-
-/*
- * return the realm of a krbtgt-ticket or NULL
- */
-
-static Realm 
-get_krbtgt_realm(const PrincipalName *p)
-{
-    if(p->name_string.len == 2
-       && strcmp(p->name_string.val[0], KRB5_TGS_NAME) == 0)
-	return p->name_string.val[1];
-    else
-	return NULL;
-}
-
-/*
- * The KDC might add a signed path to the ticket authorization data
- * field. This is to avoid server impersonating clients and the
- * request constrained delegation.
- *
- * This is done by storing a KRB5_AUTHDATA_IF_RELEVANT with a single
- * entry of type KRB5SignedPath.
- */
-
-static krb5_error_code
-find_KRB5SignedPath(krb5_context context,
-		    const AuthorizationData *ad,
-		    krb5_data *data)
-{
-    AuthorizationData child;
-    krb5_error_code ret;
-    int pos;
-	
-    if (ad == NULL || ad->len == 0)
-	return KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
-
-    pos = ad->len - 1;
-
-    if (ad->val[pos].ad_type != KRB5_AUTHDATA_IF_RELEVANT)
-	return KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
-
-    ret = decode_AuthorizationData(ad->val[pos].ad_data.data,
-				   ad->val[pos].ad_data.length,
-				   &child,
-				   NULL);
-    if (ret) {
-	krb5_set_error_string(context, "Failed to decode "
-			      "IF_RELEVANT with %d", ret);
-	return ret;
-    }
-
-    if (child.len != 1) {
-	free_AuthorizationData(&child);
-	return KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
-    }
-
-    if (child.val[0].ad_type != KRB5_AUTHDATA_SIGNTICKET) {
-	free_AuthorizationData(&child);
-	return KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
-    }
-
-    if (data)
-	ret = der_copy_octet_string(&child.val[0].ad_data, data);
-    free_AuthorizationData(&child);
-    return ret;
-}
-
-krb5_error_code
-_kdc_add_KRB5SignedPath(krb5_context context,
-			krb5_kdc_configuration *config,
-			hdb_entry_ex *krbtgt,
-			krb5_enctype enctype,
-			krb5_const_principal server,
-			KRB5SignedPathPrincipals *principals,
-			EncTicketPart *tkt)
-{
-    krb5_error_code ret;
-    KRB5SignedPath sp;
-    krb5_data data;
-    krb5_crypto crypto = NULL;
-    size_t size;
-
-    if (server && principals) {
-	ret = add_KRB5SignedPathPrincipals(principals, server);
-	if (ret)
-	    return ret;
-    }
-
-    {
-	KRB5SignedPathData spd;
-	
-	spd.encticket = *tkt;
-	spd.delegated = principals;
-	
-	ASN1_MALLOC_ENCODE(KRB5SignedPathData, data.data, data.length,
-			   &spd, &size, ret);
-	if (ret)
-	    return ret;
-	if (data.length != size)
-	    krb5_abortx(context, "internal asn.1 encoder error");
-    }
-
-    {
-	Key *key;
-	ret = hdb_enctype2key(context, &krbtgt->entry, enctype, &key);
-	if (ret == 0)
-	    ret = krb5_crypto_init(context, &key->key, 0, &crypto);
-	if (ret) {
-	    free(data.data);
-	    return ret;
-	}
-    }
-
-    /*
-     * Fill in KRB5SignedPath
-     */
-
-    sp.etype = enctype;
-    sp.delegated = principals;
-
-    ret = krb5_create_checksum(context, crypto, KRB5_KU_KRB5SIGNEDPATH, 0,
-			       data.data, data.length, &sp.cksum);
-    krb5_crypto_destroy(context, crypto);
-    free(data.data);
-    if (ret)
-	return ret;
-
-    ASN1_MALLOC_ENCODE(KRB5SignedPath, data.data, data.length, &sp, &size, ret);
-    free_Checksum(&sp.cksum);
-    if (ret)
-	return ret;
-    if (data.length != size)
-	krb5_abortx(context, "internal asn.1 encoder error");
-
-    
-    /*
-     * Add IF-RELEVANT(KRB5SignedPath) to the last slot in
-     * authorization data field.
-     */
-
-    ret = _kdc_tkt_add_if_relevant_ad(context, tkt,
-				      KRB5_AUTHDATA_SIGNTICKET, &data);
-    krb5_data_free(&data);
-
-    return ret;
-}
-
-static krb5_error_code
-check_KRB5SignedPath(krb5_context context,
-		     krb5_kdc_configuration *config,
-		     hdb_entry_ex *krbtgt,
-		     EncTicketPart *tkt,
-		     KRB5SignedPathPrincipals **delegated,
-		     int require_signedpath)
-{
-    krb5_error_code ret;
-    krb5_data data;
-    krb5_crypto crypto = NULL;
-
-    *delegated = NULL;
-
-    ret = find_KRB5SignedPath(context, tkt->authorization_data, &data);
-    if (ret == 0) {
-	KRB5SignedPathData spd;
-	KRB5SignedPath sp;
-	AuthorizationData *ad;
-	size_t size;
-
-	ret = decode_KRB5SignedPath(data.data, data.length, &sp, NULL);
-	krb5_data_free(&data);
-	if (ret)
-	    return ret;
-
-	spd.encticket = *tkt;
-	/* the KRB5SignedPath is the last entry */
-	ad = spd.encticket.authorization_data;
-	if (--ad->len == 0)
-	    spd.encticket.authorization_data = NULL;
-	spd.delegated = sp.delegated;
-
-	ASN1_MALLOC_ENCODE(KRB5SignedPathData, data.data, data.length,
-			   &spd, &size, ret);
-	ad->len++;
-	spd.encticket.authorization_data = ad;
-	if (ret) {
-	    free_KRB5SignedPath(&sp);
-	    return ret;
-	}
-	if (data.length != size)
-	    krb5_abortx(context, "internal asn.1 encoder error");
-
-	{
-	    Key *key;
-	    ret = hdb_enctype2key(context, &krbtgt->entry, sp.etype, &key);
-	    if (ret == 0)
-		ret = krb5_crypto_init(context, &key->key, 0, &crypto);
-	    if (ret) {
-		free(data.data);
-		free_KRB5SignedPath(&sp);
-		return ret;
-	    }
-	}
-	ret = krb5_verify_checksum(context, crypto, KRB5_KU_KRB5SIGNEDPATH, 
-				   data.data, data.length, 
-				   &sp.cksum);
-	krb5_crypto_destroy(context, crypto);
-	free(data.data);
-	if (ret) {
-	    free_KRB5SignedPath(&sp);
-	    return ret;
-	}
-
-	if (sp.delegated) {
-
-	    *delegated = malloc(sizeof(*sp.delegated));
-	    if (*delegated == NULL) {
-		free_KRB5SignedPath(&sp);
-		return ENOMEM;
-	    }
-
-	    ret = copy_KRB5SignedPathPrincipals(*delegated, sp.delegated);
-	    if (ret) {
-		free_KRB5SignedPath(&sp);
-		free(*delegated);
-		*delegated = NULL;
-		return ret;
-	    }
-	}
-	free_KRB5SignedPath(&sp);
-	
-    } else {
-	if (require_signedpath)
-	    return KRB5KDC_ERR_BADOPTION;
-    }
-
-    return 0;
-}
-
-/*
- *
- */
-
-static krb5_error_code
-check_PAC(krb5_context context,
-	  krb5_kdc_configuration *config,
-	  const krb5_principal client_principal,
-	  hdb_entry_ex *client,
-	  hdb_entry_ex *server,
-	  const EncryptionKey *server_key,
-	  const EncryptionKey *krbtgt_key,
-	  EncTicketPart *tkt,
-	  krb5_data *rspac,
-	  int *require_signedpath)
-{
-    AuthorizationData *ad = tkt->authorization_data;
-    unsigned i, j;
-    krb5_error_code ret;
-
-    if (ad == NULL || ad->len == 0)
-	return 0;
-
-    for (i = 0; i < ad->len; i++) {
-	AuthorizationData child;
-
-	if (ad->val[i].ad_type != KRB5_AUTHDATA_IF_RELEVANT)
-	    continue;
-
-	ret = decode_AuthorizationData(ad->val[i].ad_data.data,
-				       ad->val[i].ad_data.length,
-				       &child,
-				       NULL);
-	if (ret) {
-	    krb5_set_error_string(context, "Failed to decode "
-				  "IF_RELEVANT with %d", ret);
-	    return ret;
-	}
-	for (j = 0; j < child.len; j++) {
-
-	    if (child.val[j].ad_type == KRB5_AUTHDATA_WIN2K_PAC) {
-		krb5_pac pac;
-
-		/* Found PAC */
-		ret = krb5_pac_parse(context,
-				     child.val[j].ad_data.data,
-				     child.val[j].ad_data.length,
-				     &pac);
-		free_AuthorizationData(&child);
-		if (ret)
-		    return ret;
-
-		ret = krb5_pac_verify(context, pac, tkt->authtime, 
-				      client_principal,
-				      krbtgt_key, NULL);
-		if (ret) {
-		    krb5_pac_free(context, pac);
-		    return ret;
-		}
-
-		ret = _kdc_pac_verify(context, client_principal, 
-				      client, server, &pac);
-		if (ret) {
-		    krb5_pac_free(context, pac);
-		    return ret;
-		}
-		*require_signedpath = 0;
-
-		ret = _krb5_pac_sign(context, pac, tkt->authtime,
-				     client_principal,
-				     server_key, krbtgt_key, rspac);
-
-		krb5_pac_free(context, pac);
-
-		return ret;
-	    }
-	}
-	free_AuthorizationData(&child);
-    }
-    return 0;
-}
-
-/*
- *
- */
-
-static krb5_error_code
-check_tgs_flags(krb5_context context,        
-		krb5_kdc_configuration *config,
-		KDC_REQ_BODY *b, const EncTicketPart *tgt, EncTicketPart *et)
-{
-    KDCOptions f = b->kdc_options;
-	
-    if(f.validate){
-	if(!tgt->flags.invalid || tgt->starttime == NULL){
-	    kdc_log(context, config, 0,
-		    "Bad request to validate ticket");
-	    return KRB5KDC_ERR_BADOPTION;
-	}
-	if(*tgt->starttime > kdc_time){
-	    kdc_log(context, config, 0,
-		    "Early request to validate ticket");
-	    return KRB5KRB_AP_ERR_TKT_NYV;
-	}
-	/* XXX  tkt = tgt */
-	et->flags.invalid = 0;
-    }else if(tgt->flags.invalid){
-	kdc_log(context, config, 0, 
-		"Ticket-granting ticket has INVALID flag set");
-	return KRB5KRB_AP_ERR_TKT_INVALID;
-    }
-
-    if(f.forwardable){
-	if(!tgt->flags.forwardable){
-	    kdc_log(context, config, 0,
-		    "Bad request for forwardable ticket");
-	    return KRB5KDC_ERR_BADOPTION;
-	}
-	et->flags.forwardable = 1;
-    }
-    if(f.forwarded){
-	if(!tgt->flags.forwardable){
-	    kdc_log(context, config, 0,
-		    "Request to forward non-forwardable ticket");
-	    return KRB5KDC_ERR_BADOPTION;
-	}
-	et->flags.forwarded = 1;
-	et->caddr = b->addresses;
-    }
-    if(tgt->flags.forwarded)
-	et->flags.forwarded = 1;
-	
-    if(f.proxiable){
-	if(!tgt->flags.proxiable){
-	    kdc_log(context, config, 0,
-		    "Bad request for proxiable ticket");
-	    return KRB5KDC_ERR_BADOPTION;
-	}
-	et->flags.proxiable = 1;
-    }
-    if(f.proxy){
-	if(!tgt->flags.proxiable){
-	    kdc_log(context, config, 0,
-		    "Request to proxy non-proxiable ticket");
-	    return KRB5KDC_ERR_BADOPTION;
-	}
-	et->flags.proxy = 1;
-	et->caddr = b->addresses;
-    }
-    if(tgt->flags.proxy)
-	et->flags.proxy = 1;
-
-    if(f.allow_postdate){
-	if(!tgt->flags.may_postdate){
-	    kdc_log(context, config, 0,
-		    "Bad request for post-datable ticket");
-	    return KRB5KDC_ERR_BADOPTION;
-	}
-	et->flags.may_postdate = 1;
-    }
-    if(f.postdated){
-	if(!tgt->flags.may_postdate){
-	    kdc_log(context, config, 0,
-		    "Bad request for postdated ticket");
-	    return KRB5KDC_ERR_BADOPTION;
-	}
-	if(b->from)
-	    *et->starttime = *b->from;
-	et->flags.postdated = 1;
-	et->flags.invalid = 1;
-    }else if(b->from && *b->from > kdc_time + context->max_skew){
-	kdc_log(context, config, 0, "Ticket cannot be postdated");
-	return KRB5KDC_ERR_CANNOT_POSTDATE;
-    }
-
-    if(f.renewable){
-	if(!tgt->flags.renewable){
-	    kdc_log(context, config, 0,
-		    "Bad request for renewable ticket");
-	    return KRB5KDC_ERR_BADOPTION;
-	}
-	et->flags.renewable = 1;
-	ALLOC(et->renew_till);
-	_kdc_fix_time(&b->rtime);
-	*et->renew_till = *b->rtime;
-    }
-    if(f.renew){
-	time_t old_life;
-	if(!tgt->flags.renewable || tgt->renew_till == NULL){
-	    kdc_log(context, config, 0,
-		    "Request to renew non-renewable ticket");
-	    return KRB5KDC_ERR_BADOPTION;
-	}
-	old_life = tgt->endtime;
-	if(tgt->starttime)
-	    old_life -= *tgt->starttime;
-	else
-	    old_life -= tgt->authtime;
-	et->endtime = *et->starttime + old_life;
-	if (et->renew_till != NULL)
-	    et->endtime = min(*et->renew_till, et->endtime);
-    }	    
-    
-#if 0
-    /* checks for excess flags */
-    if(f.request_anonymous && !config->allow_anonymous){
-	kdc_log(context, config, 0,
-		"Request for anonymous ticket");
-	return KRB5KDC_ERR_BADOPTION;
-    }
-#endif
-    return 0;
-}
-
-/*
- *
- */
-
-static krb5_error_code
-check_constrained_delegation(krb5_context context, 
-			     krb5_kdc_configuration *config,
-			     hdb_entry_ex *client,
-			     krb5_const_principal server)
-{
-    const HDB_Ext_Constrained_delegation_acl *acl;
-    krb5_error_code ret;
-    int i;
-
-    ret = hdb_entry_get_ConstrainedDelegACL(&client->entry, &acl);
-    if (ret) {
-	krb5_clear_error_string(context);
-	return ret;
-    }
-
-    if (acl) {
-	for (i = 0; i < acl->len; i++) {
-	    if (krb5_principal_compare(context, server, &acl->val[i]) == TRUE)
-		return 0;
-	}
-    }
-    kdc_log(context, config, 0,
-	    "Bad request for constrained delegation");
-    return KRB5KDC_ERR_BADOPTION;
-}
-
-/*
- *
- */
-
-static krb5_error_code
-verify_flags (krb5_context context, 
-	      krb5_kdc_configuration *config,
-	      const EncTicketPart *et,
-	      const char *pstr)
-{
-    if(et->endtime < kdc_time){
-	kdc_log(context, config, 0, "Ticket expired (%s)", pstr);
-	return KRB5KRB_AP_ERR_TKT_EXPIRED;
-    }
-    if(et->flags.invalid){
-	kdc_log(context, config, 0, "Ticket not valid (%s)", pstr);
-	return KRB5KRB_AP_ERR_TKT_NYV;
-    }
-    return 0;
-}
-
-/*
- *
- */
-
-static krb5_error_code
-fix_transited_encoding(krb5_context context, 
-		       krb5_kdc_configuration *config,
-		       krb5_boolean check_policy,
-		       const TransitedEncoding *tr, 
-		       EncTicketPart *et, 
-		       const char *client_realm, 
-		       const char *server_realm, 
-		       const char *tgt_realm)
-{
-    krb5_error_code ret = 0;
-    char **realms, **tmp;
-    int num_realms;
-    int i;
-
-    switch (tr->tr_type) {
-    case DOMAIN_X500_COMPRESS:
-	break;
-    case 0:
-	/*
-	 * Allow empty content of type 0 because that is was Microsoft
-	 * generates in their TGT.
-	 */
-	if (tr->contents.length == 0)
-	    break;
-	kdc_log(context, config, 0,
-		"Transited type 0 with non empty content");
-	return KRB5KDC_ERR_TRTYPE_NOSUPP;
-    default:
-	kdc_log(context, config, 0,
-		"Unknown transited type: %u", tr->tr_type);
-	return KRB5KDC_ERR_TRTYPE_NOSUPP;
-    }
-
-    ret = krb5_domain_x500_decode(context, 
-				  tr->contents,
-				  &realms, 
-				  &num_realms,
-				  client_realm,
-				  server_realm);
-    if(ret){
-	krb5_warn(context, ret,
-		  "Decoding transited encoding");
-	return ret;
-    }
-    if(strcmp(client_realm, tgt_realm) && strcmp(server_realm, tgt_realm)) {
-	/* not us, so add the previous realm to transited set */
-	if (num_realms < 0 || num_realms + 1 > UINT_MAX/sizeof(*realms)) {
-	    ret = ERANGE;
-	    goto free_realms;
-	}
-	tmp = realloc(realms, (num_realms + 1) * sizeof(*realms));
-	if(tmp == NULL){
-	    ret = ENOMEM;
-	    goto free_realms;
-	}
-	realms = tmp;
-	realms[num_realms] = strdup(tgt_realm);
-	if(realms[num_realms] == NULL){
-	    ret = ENOMEM;
-	    goto free_realms;
-	}
-	num_realms++;
-    }
-    if(num_realms == 0) {
-	if(strcmp(client_realm, server_realm)) 
-	    kdc_log(context, config, 0,
-		    "cross-realm %s -> %s", client_realm, server_realm);
-    } else {
-	size_t l = 0;
-	char *rs;
-	for(i = 0; i < num_realms; i++)
-	    l += strlen(realms[i]) + 2;
-	rs = malloc(l);
-	if(rs != NULL) {
-	    *rs = '\0';
-	    for(i = 0; i < num_realms; i++) {
-		if(i > 0)
-		    strlcat(rs, ", ", l);
-		strlcat(rs, realms[i], l);
-	    }
-	    kdc_log(context, config, 0,
-		    "cross-realm %s -> %s via [%s]",
-		    client_realm, server_realm, rs);
-	    free(rs);
-	}
-    }
-    if(check_policy) {
-	ret = krb5_check_transited(context, client_realm, 
-				   server_realm, 
-				   realms, num_realms, NULL);
-	if(ret) {
-	    krb5_warn(context, ret, "cross-realm %s -> %s", 
-		      client_realm, server_realm);
-	    goto free_realms;
-	}
-	et->flags.transited_policy_checked = 1;
-    }
-    et->transited.tr_type = DOMAIN_X500_COMPRESS;
-    ret = krb5_domain_x500_encode(realms, num_realms, &et->transited.contents);
-    if(ret)
-	krb5_warn(context, ret, "Encoding transited encoding");
-  free_realms:
-    for(i = 0; i < num_realms; i++)
-	free(realms[i]);
-    free(realms);
-    return ret;
-}
-
-
-static krb5_error_code
-tgs_make_reply(krb5_context context, 
-	       krb5_kdc_configuration *config,
-	       KDC_REQ_BODY *b, 
-	       krb5_const_principal tgt_name,
-	       const EncTicketPart *tgt, 
-	       const EncryptionKey *serverkey,
-	       const krb5_keyblock *sessionkey,
-	       krb5_kvno kvno,
-	       AuthorizationData *auth_data,
-	       hdb_entry_ex *server, 
-	       const char *server_name, 
-	       hdb_entry_ex *client, 
-	       krb5_principal client_principal, 
-	       hdb_entry_ex *krbtgt,
-	       krb5_enctype krbtgt_etype,
-	       KRB5SignedPathPrincipals *spp,
-	       const krb5_data *rspac,
-	       const char **e_text,
-	       krb5_data *reply)
-{
-    KDC_REP rep;
-    EncKDCRepPart ek;
-    EncTicketPart et;
-    KDCOptions f = b->kdc_options;
-    krb5_error_code ret;
-    
-    memset(&rep, 0, sizeof(rep));
-    memset(&et, 0, sizeof(et));
-    memset(&ek, 0, sizeof(ek));
-    
-    rep.pvno = 5;
-    rep.msg_type = krb_tgs_rep;
-
-    et.authtime = tgt->authtime;
-    _kdc_fix_time(&b->till);
-    et.endtime = min(tgt->endtime, *b->till);
-    ALLOC(et.starttime);
-    *et.starttime = kdc_time;
-    
-    ret = check_tgs_flags(context, config, b, tgt, &et);
-    if(ret)
-	goto out;
-
-    /* We should check the transited encoding if:
-       1) the request doesn't ask not to be checked
-       2) globally enforcing a check
-       3) principal requires checking
-       4) we allow non-check per-principal, but principal isn't marked as allowing this
-       5) we don't globally allow this
-    */
-
-#define GLOBAL_FORCE_TRANSITED_CHECK		\
-    (config->trpolicy == TRPOLICY_ALWAYS_CHECK)
-#define GLOBAL_ALLOW_PER_PRINCIPAL			\
-    (config->trpolicy == TRPOLICY_ALLOW_PER_PRINCIPAL)
-#define GLOBAL_ALLOW_DISABLE_TRANSITED_CHECK			\
-    (config->trpolicy == TRPOLICY_ALWAYS_HONOUR_REQUEST)
-
-/* these will consult the database in future release */
-#define PRINCIPAL_FORCE_TRANSITED_CHECK(P)		0
-#define PRINCIPAL_ALLOW_DISABLE_TRANSITED_CHECK(P)	0
-
-    ret = fix_transited_encoding(context, config, 
-				 !f.disable_transited_check ||
-				 GLOBAL_FORCE_TRANSITED_CHECK ||
-				 PRINCIPAL_FORCE_TRANSITED_CHECK(server) ||
-				 !((GLOBAL_ALLOW_PER_PRINCIPAL && 
-				    PRINCIPAL_ALLOW_DISABLE_TRANSITED_CHECK(server)) ||
-				   GLOBAL_ALLOW_DISABLE_TRANSITED_CHECK),
-				 &tgt->transited, &et,
-				 *krb5_princ_realm(context, client_principal),
-				 *krb5_princ_realm(context, server->entry.principal),
-				 *krb5_princ_realm(context, krbtgt->entry.principal));
-    if(ret)
-	goto out;
-
-    copy_Realm(krb5_princ_realm(context, server->entry.principal), 
-	       &rep.ticket.realm);
-    _krb5_principal2principalname(&rep.ticket.sname, server->entry.principal);
-    copy_Realm(&tgt_name->realm, &rep.crealm);
-/*
-    if (f.request_anonymous)
-	_kdc_make_anonymous_principalname (&rep.cname);
-    else */
-
-    copy_PrincipalName(&tgt_name->name, &rep.cname);
-    rep.ticket.tkt_vno = 5;
-
-    ek.caddr = et.caddr;
-    if(et.caddr == NULL)
-	et.caddr = tgt->caddr;
-
-    {
-	time_t life;
-	life = et.endtime - *et.starttime;
-	if(client && client->entry.max_life)
-	    life = min(life, *client->entry.max_life);
-	if(server->entry.max_life)
-	    life = min(life, *server->entry.max_life);
-	et.endtime = *et.starttime + life;
-    }
-    if(f.renewable_ok && tgt->flags.renewable && 
-       et.renew_till == NULL && et.endtime < *b->till){
-	et.flags.renewable = 1;
-	ALLOC(et.renew_till);
-	*et.renew_till = *b->till;
-    }
-    if(et.renew_till){
-	time_t renew;
-	renew = *et.renew_till - et.authtime;
-	if(client && client->entry.max_renew)
-	    renew = min(renew, *client->entry.max_renew);
-	if(server->entry.max_renew)
-	    renew = min(renew, *server->entry.max_renew);
-	*et.renew_till = et.authtime + renew;
-    }
-	    
-    if(et.renew_till){
-	*et.renew_till = min(*et.renew_till, *tgt->renew_till);
-	*et.starttime = min(*et.starttime, *et.renew_till);
-	et.endtime = min(et.endtime, *et.renew_till);
-    }
-    
-    *et.starttime = min(*et.starttime, et.endtime);
-
-    if(*et.starttime == et.endtime){
-	ret = KRB5KDC_ERR_NEVER_VALID;
-	goto out;
-    }
-    if(et.renew_till && et.endtime == *et.renew_till){
-	free(et.renew_till);
-	et.renew_till = NULL;
-	et.flags.renewable = 0;
-    }
-    
-    et.flags.pre_authent = tgt->flags.pre_authent;
-    et.flags.hw_authent  = tgt->flags.hw_authent;
-    et.flags.anonymous   = tgt->flags.anonymous;
-    et.flags.ok_as_delegate = server->entry.flags.ok_as_delegate;
-	    
-    if (auth_data) {
-	/* XXX Check enc-authorization-data */
-	et.authorization_data = calloc(1, sizeof(*et.authorization_data));
-	if (et.authorization_data == NULL) {
-	    ret = ENOMEM;
-	    goto out;
-	}
-	ret = copy_AuthorizationData(auth_data, et.authorization_data);
-	if (ret)
-	    goto out;
-
-	/* Filter out type KRB5SignedPath */
-	ret = find_KRB5SignedPath(context, et.authorization_data, NULL);
-	if (ret == 0) {
-	    if (et.authorization_data->len == 1) {
-		free_AuthorizationData(et.authorization_data);
-		free(et.authorization_data);
-		et.authorization_data = NULL;
-	    } else {
-		AuthorizationData *ad = et.authorization_data;
-		free_AuthorizationDataElement(&ad->val[ad->len - 1]);
-		ad->len--;
-	    }
-	}
-    }
-
-    if(rspac->length) {
-	/*
-	 * No not need to filter out the any PAC from the
-	 * auth_data since it's signed by the KDC.
-	 */
-	ret = _kdc_tkt_add_if_relevant_ad(context, &et,
-					  KRB5_AUTHDATA_WIN2K_PAC,
-					  rspac);
-	if (ret)
-	    goto out;
-    }
-
-    ret = krb5_copy_keyblock_contents(context, sessionkey, &et.key);
-    if (ret)
-	goto out;
-    et.crealm = tgt->crealm;
-    et.cname = tgt_name->name;
-	    
-    ek.key = et.key;
-    /* MIT must have at least one last_req */
-    ek.last_req.len = 1;
-    ek.last_req.val = calloc(1, sizeof(*ek.last_req.val));
-    if (ek.last_req.val == NULL) {
-	ret = ENOMEM;
-	goto out;
-    }
-    ek.nonce = b->nonce;
-    ek.flags = et.flags;
-    ek.authtime = et.authtime;
-    ek.starttime = et.starttime;
-    ek.endtime = et.endtime;
-    ek.renew_till = et.renew_till;
-    ek.srealm = rep.ticket.realm;
-    ek.sname = rep.ticket.sname;
-    
-    _kdc_log_timestamp(context, config, "TGS-REQ", et.authtime, et.starttime, 
-		       et.endtime, et.renew_till);
-
-    /* Don't sign cross realm tickets, they can't be checked anyway */
-    {
-	char *r = get_krbtgt_realm(&ek.sname);
-
-	if (r == NULL || strcmp(r, ek.srealm) == 0) {
-	    ret = _kdc_add_KRB5SignedPath(context,
-					  config,
-					  krbtgt,
-					  krbtgt_etype,
-					  NULL,
-					  spp,
-					  &et);
-	    if (ret)
-		goto out;
-	}
-    }
-
-    /* It is somewhat unclear where the etype in the following
-       encryption should come from. What we have is a session
-       key in the passed tgt, and a list of preferred etypes
-       *for the new ticket*. Should we pick the best possible
-       etype, given the keytype in the tgt, or should we look
-       at the etype list here as well?  What if the tgt
-       session key is DES3 and we want a ticket with a (say)
-       CAST session key. Should the DES3 etype be added to the
-       etype list, even if we don't want a session key with
-       DES3? */
-    ret = _kdc_encode_reply(context, config, 
-			    &rep, &et, &ek, et.key.keytype,
-			    kvno, 
-			    serverkey, 0, &tgt->key, e_text, reply);
-out:
-    free_TGS_REP(&rep);
-    free_TransitedEncoding(&et.transited);
-    if(et.starttime)
-	free(et.starttime);
-    if(et.renew_till)
-	free(et.renew_till);
-    if(et.authorization_data) {
-	free_AuthorizationData(et.authorization_data);
-	free(et.authorization_data);
-    }
-    free_LastReq(&ek.last_req);
-    memset(et.key.keyvalue.data, 0, et.key.keyvalue.length);
-    free_EncryptionKey(&et.key);
-    return ret;
-}
-
-static krb5_error_code
-tgs_check_authenticator(krb5_context context, 
-			krb5_kdc_configuration *config,
-	                krb5_auth_context ac,
-			KDC_REQ_BODY *b, 
-			const char **e_text,
-			krb5_keyblock *key)
-{
-    krb5_authenticator auth;
-    size_t len;
-    unsigned char *buf;
-    size_t buf_size;
-    krb5_error_code ret;
-    krb5_crypto crypto;
-    
-    krb5_auth_con_getauthenticator(context, ac, &auth);
-    if(auth->cksum == NULL){
-	kdc_log(context, config, 0, "No authenticator in request");
-	ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
-	goto out;
-    }
-    /*
-     * according to RFC1510 it doesn't need to be keyed,
-     * but according to the latest draft it needs to.
-     */
-    if (
-#if 0
-!krb5_checksum_is_keyed(context, auth->cksum->cksumtype)
-	||
-#endif
- !krb5_checksum_is_collision_proof(context, auth->cksum->cksumtype)) {
-	kdc_log(context, config, 0, "Bad checksum type in authenticator: %d", 
-		auth->cksum->cksumtype);
-	ret =  KRB5KRB_AP_ERR_INAPP_CKSUM;
-	goto out;
-    }
-		
-    /* XXX should not re-encode this */
-    ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, b, &len, ret);
-    if(ret){
-	kdc_log(context, config, 0, "Failed to encode KDC-REQ-BODY: %s", 
-		krb5_get_err_text(context, ret));
-	goto out;
-    }
-    if(buf_size != len) {
-	free(buf);
-	kdc_log(context, config, 0, "Internal error in ASN.1 encoder");
-	*e_text = "KDC internal error";
-	ret = KRB5KRB_ERR_GENERIC;
-	goto out;
-    }
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret) {
-	free(buf);
-	kdc_log(context, config, 0, "krb5_crypto_init failed: %s",
-		krb5_get_err_text(context, ret));
-	goto out;
-    }
-    ret = krb5_verify_checksum(context,
-			       crypto,
-			       KRB5_KU_TGS_REQ_AUTH_CKSUM,
-			       buf, 
-			       len,
-			       auth->cksum);
-    free(buf);
-    krb5_crypto_destroy(context, crypto);
-    if(ret){
-	kdc_log(context, config, 0,
-		"Failed to verify authenticator checksum: %s", 
-		krb5_get_err_text(context, ret));
-    }
-out:
-    free_Authenticator(auth);
-    free(auth);
-    return ret;
-}
-
-/*
- *
- */
-
-static const char *
-find_rpath(krb5_context context, Realm crealm, Realm srealm)
-{
-    const char *new_realm = krb5_config_get_string(context,
-						   NULL,
-						   "capaths", 
-						   crealm,
-						   srealm,
-						   NULL);
-    return new_realm;
-}
-	    
-
-static krb5_boolean
-need_referral(krb5_context context, krb5_principal server, krb5_realm **realms)
-{
-    if(server->name.name_type != KRB5_NT_SRV_INST ||
-       server->name.name_string.len != 2)
-	return FALSE;
- 
-    return _krb5_get_host_realm_int(context, server->name.name_string.val[1],
-				    FALSE, realms) == 0;
-}
-
-static krb5_error_code
-tgs_parse_request(krb5_context context, 
-		  krb5_kdc_configuration *config,
-		  KDC_REQ_BODY *b,
-		  const PA_DATA *tgs_req,
-		  hdb_entry_ex **krbtgt,
-		  krb5_enctype *krbtgt_etype,
-		  krb5_ticket **ticket,
-		  const char **e_text,
-		  const char *from,
-		  const struct sockaddr *from_addr,
-		  time_t **csec,
-		  int **cusec,
-		  AuthorizationData **auth_data)
-{
-    krb5_ap_req ap_req;
-    krb5_error_code ret;
-    krb5_principal princ;
-    krb5_auth_context ac = NULL;
-    krb5_flags ap_req_options;
-    krb5_flags verify_ap_req_flags;
-    krb5_crypto crypto;
-    Key *tkey;
-
-    *auth_data = NULL;
-    *csec  = NULL;
-    *cusec = NULL;
-
-    memset(&ap_req, 0, sizeof(ap_req));
-    ret = krb5_decode_ap_req(context, &tgs_req->padata_value, &ap_req);
-    if(ret){
-	kdc_log(context, config, 0, "Failed to decode AP-REQ: %s", 
-		krb5_get_err_text(context, ret));
-	goto out;
-    }
-
-    if(!get_krbtgt_realm(&ap_req.ticket.sname)){
-	/* XXX check for ticket.sname == req.sname */
-	kdc_log(context, config, 0, "PA-DATA is not a ticket-granting ticket");
-	ret = KRB5KDC_ERR_POLICY; /* ? */
-	goto out;
-    }
-    
-    _krb5_principalname2krb5_principal(context,
-				       &princ,
-				       ap_req.ticket.sname,
-				       ap_req.ticket.realm);
-    
-    ret = _kdc_db_fetch(context, config, princ, HDB_F_GET_KRBTGT, NULL, krbtgt);
-
-    if(ret) {
-	char *p;
-	ret = krb5_unparse_name(context, princ, &p);
-	if (ret != 0)
-	    p = "<unparse_name failed>";
-	krb5_free_principal(context, princ);
-	kdc_log(context, config, 0,
-		"Ticket-granting ticket not found in database: %s: %s",
-		p, krb5_get_err_text(context, ret));
-	if (ret == 0)
-	    free(p);
-	ret = KRB5KRB_AP_ERR_NOT_US;
-	goto out;
-    }
-    
-    if(ap_req.ticket.enc_part.kvno && 
-       *ap_req.ticket.enc_part.kvno != (*krbtgt)->entry.kvno){
-	char *p;
-
-	ret = krb5_unparse_name (context, princ, &p);
-	krb5_free_principal(context, princ);
-	if (ret != 0)
-	    p = "<unparse_name failed>";
-	kdc_log(context, config, 0,
-		"Ticket kvno = %d, DB kvno = %d (%s)", 
-		*ap_req.ticket.enc_part.kvno,
-		(*krbtgt)->entry.kvno,
-		p);
-	if (ret == 0)
-	    free (p);
-	ret = KRB5KRB_AP_ERR_BADKEYVER;
-	goto out;
-    }
-
-    *krbtgt_etype = ap_req.ticket.enc_part.etype;
-
-    ret = hdb_enctype2key(context, &(*krbtgt)->entry, 
-			  ap_req.ticket.enc_part.etype, &tkey);
-    if(ret){
-	char *str = NULL, *p = NULL;
-
-	krb5_enctype_to_string(context, ap_req.ticket.enc_part.etype, &str);
-	krb5_unparse_name(context, princ, &p);
- 	kdc_log(context, config, 0,
-		"No server key with enctype %s found for %s",
-		str ? str : "<unknown enctype>",
-		p ? p : "<unparse_name failed>");
-	free(str);
-	free(p);
-	ret = KRB5KRB_AP_ERR_BADKEYVER;
-	goto out;
-    }
-    
-    if (b->kdc_options.validate)
-	verify_ap_req_flags = KRB5_VERIFY_AP_REQ_IGNORE_INVALID;
-    else
-	verify_ap_req_flags = 0;
-
-    ret = krb5_verify_ap_req2(context,
-			      &ac,
-			      &ap_req,
-			      princ,
-			      &tkey->key,
-			      verify_ap_req_flags,
-			      &ap_req_options,
-			      ticket,
-			      KRB5_KU_TGS_REQ_AUTH);
-			     
-    krb5_free_principal(context, princ);
-    if(ret) {
-	kdc_log(context, config, 0, "Failed to verify AP-REQ: %s", 
-		krb5_get_err_text(context, ret));
-	goto out;
-    }
-
-    {
-	krb5_authenticator auth;
-
-	ret = krb5_auth_con_getauthenticator(context, ac, &auth);
-	if (ret == 0) {
-	    *csec   = malloc(sizeof(**csec));
-	    if (*csec == NULL) {
-		krb5_free_authenticator(context, &auth);
-		kdc_log(context, config, 0, "malloc failed");
-		goto out;
-	    }
-	    **csec  = auth->ctime;
-	    *cusec  = malloc(sizeof(**cusec));
-	    if (*cusec == NULL) {
-		krb5_free_authenticator(context, &auth);
-		kdc_log(context, config, 0, "malloc failed");
-		goto out;
-	    }
-	    **cusec  = auth->cusec;
-	    krb5_free_authenticator(context, &auth);
-	}
-    }
-
-    ret = tgs_check_authenticator(context, config, 
-				  ac, b, e_text, &(*ticket)->ticket.key);
-    if (ret) {
-	krb5_auth_con_free(context, ac);
-	goto out;
-    }
-
-    if (b->enc_authorization_data) {
-	unsigned usage = KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY;
-	krb5_keyblock *subkey;
-	krb5_data ad;
-
-	ret = krb5_auth_con_getremotesubkey(context,
-					    ac,
-					    &subkey);
-	if(ret){
-	    krb5_auth_con_free(context, ac);
-	    kdc_log(context, config, 0, "Failed to get remote subkey: %s", 
-		    krb5_get_err_text(context, ret));
-	    goto out;
-	}
-	if(subkey == NULL){
-	    usage = KRB5_KU_TGS_REQ_AUTH_DAT_SESSION;
-	    ret = krb5_auth_con_getkey(context, ac, &subkey);
-	    if(ret) {
-		krb5_auth_con_free(context, ac);
-		kdc_log(context, config, 0, "Failed to get session key: %s", 
-			krb5_get_err_text(context, ret));
-		goto out;
-	    }
-	}
-	if(subkey == NULL){
-	    krb5_auth_con_free(context, ac);
-	    kdc_log(context, config, 0,
-		    "Failed to get key for enc-authorization-data");
-	    ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; /* ? */
-	    goto out;
-	}
-	ret = krb5_crypto_init(context, subkey, 0, &crypto);
-	if (ret) {
-	    krb5_auth_con_free(context, ac);
-	    kdc_log(context, config, 0, "krb5_crypto_init failed: %s",
-		    krb5_get_err_text(context, ret));
-	    goto out;
-	}
-	ret = krb5_decrypt_EncryptedData (context,
-					  crypto,
-					  usage,
-					  b->enc_authorization_data,
-					  &ad);
-	krb5_crypto_destroy(context, crypto);
-	if(ret){
-	    krb5_auth_con_free(context, ac);
-	    kdc_log(context, config, 0, 
-		    "Failed to decrypt enc-authorization-data");
-	    ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; /* ? */
-	    goto out;
-	}
-	krb5_free_keyblock(context, subkey);
-	ALLOC(*auth_data);
-	if (*auth_data == NULL) {
-	    krb5_auth_con_free(context, ac);
-	    ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; /* ? */
-	    goto out;
-	}
-	ret = decode_AuthorizationData(ad.data, ad.length, *auth_data, NULL);
-	if(ret){
-	    krb5_auth_con_free(context, ac);
-	    free(*auth_data);
-	    *auth_data = NULL;
-	    kdc_log(context, config, 0, "Failed to decode authorization data");
-	    ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; /* ? */
-	    goto out;
-	}
-    }
-
-    krb5_auth_con_free(context, ac);
-    
-out:
-    free_AP_REQ(&ap_req);
-    
-    return ret;
-}
-
-static krb5_error_code
-tgs_build_reply(krb5_context context, 
-		krb5_kdc_configuration *config,
-		KDC_REQ *req, 
-		KDC_REQ_BODY *b,
-		hdb_entry_ex *krbtgt,
-		krb5_enctype krbtgt_etype,
-		krb5_ticket *ticket,
-		krb5_data *reply,
-		const char *from,
-		const char **e_text,
-		AuthorizationData *auth_data,
-		const struct sockaddr *from_addr,
-		int datagram_reply)
-{
-    krb5_error_code ret;
-    krb5_principal cp = NULL, sp = NULL;
-    krb5_principal client_principal = NULL;
-    char *spn = NULL, *cpn = NULL;
-    hdb_entry_ex *server = NULL, *client = NULL;
-    EncTicketPart *tgt = &ticket->ticket;
-    KRB5SignedPathPrincipals *spp = NULL;
-    const EncryptionKey *ekey;
-    krb5_keyblock sessionkey;
-    krb5_kvno kvno;
-    krb5_data rspac;
-    int cross_realm = 0;
-
-    PrincipalName *s;
-    Realm r;
-    int nloop = 0;
-    EncTicketPart adtkt;
-    char opt_str[128];
-    int require_signedpath = 0;
-
-    memset(&sessionkey, 0, sizeof(sessionkey));
-    memset(&adtkt, 0, sizeof(adtkt));
-    krb5_data_zero(&rspac);
-
-    s = b->sname;
-    r = b->realm;
-
-    if(b->kdc_options.enc_tkt_in_skey){
-	Ticket *t;
-	hdb_entry_ex *uu;
-	krb5_principal p;
-	Key *uukey;
-	    
-	if(b->additional_tickets == NULL || 
-	   b->additional_tickets->len == 0){
-	    ret = KRB5KDC_ERR_BADOPTION; /* ? */
-	    kdc_log(context, config, 0,
-		    "No second ticket present in request");
-	    goto out;
-	}
-	t = &b->additional_tickets->val[0];
-	if(!get_krbtgt_realm(&t->sname)){
-	    kdc_log(context, config, 0,
-		    "Additional ticket is not a ticket-granting ticket");
-	    ret = KRB5KDC_ERR_POLICY;
-	    goto out;
-	}
-	_krb5_principalname2krb5_principal(context, &p, t->sname, t->realm);
-	ret = _kdc_db_fetch(context, config, p, 
-			    HDB_F_GET_CLIENT|HDB_F_GET_SERVER, 
-			    NULL, &uu);
-	krb5_free_principal(context, p);
-	if(ret){
-	    if (ret == HDB_ERR_NOENTRY)
-		ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
-	    goto out;
-	}
-	ret = hdb_enctype2key(context, &uu->entry, 
-			      t->enc_part.etype, &uukey);
-	if(ret){
-	    _kdc_free_ent(context, uu);
-	    ret = KRB5KDC_ERR_ETYPE_NOSUPP; /* XXX */
-	    goto out;
-	}
-	ret = krb5_decrypt_ticket(context, t, &uukey->key, &adtkt, 0);
-	_kdc_free_ent(context, uu);
-	if(ret)
-	    goto out;
-
-	ret = verify_flags(context, config, &adtkt, spn);
-	if (ret)
-	    goto out;
-
-	s = &adtkt.cname;
-	r = adtkt.crealm;
-    }
-
-    _krb5_principalname2krb5_principal(context, &sp, *s, r);
-    ret = krb5_unparse_name(context, sp, &spn);	
-    if (ret)
-	goto out;
-    _krb5_principalname2krb5_principal(context, &cp, tgt->cname, tgt->crealm);
-    ret = krb5_unparse_name(context, cp, &cpn);
-    if (ret)
-	goto out;
-    unparse_flags (KDCOptions2int(b->kdc_options),
-		   asn1_KDCOptions_units(),
-		   opt_str, sizeof(opt_str));
-    if(*opt_str)
-	kdc_log(context, config, 0,
-		"TGS-REQ %s from %s for %s [%s]", 
-		cpn, from, spn, opt_str);
-    else
-	kdc_log(context, config, 0,
-		"TGS-REQ %s from %s for %s", cpn, from, spn);
-
-    /*
-     * Fetch server
-     */
-
-server_lookup:
-    ret = _kdc_db_fetch(context, config, sp, HDB_F_GET_SERVER, NULL, &server);
-
-    if(ret){
-	const char *new_rlm;
-	Realm req_rlm;
-	krb5_realm *realms;
-
-	if ((req_rlm = get_krbtgt_realm(&sp->name)) != NULL) {
-	    if(nloop++ < 2) {
-		new_rlm = find_rpath(context, tgt->crealm, req_rlm);
-		if(new_rlm) {
-		    kdc_log(context, config, 5, "krbtgt for realm %s "
-			    "not found, trying %s", 
-			    req_rlm, new_rlm);
-		    krb5_free_principal(context, sp);
-		    free(spn);
-		    krb5_make_principal(context, &sp, r, 
-					KRB5_TGS_NAME, new_rlm, NULL);
-		    ret = krb5_unparse_name(context, sp, &spn);	
-		    if (ret)
-			goto out;
-		    auth_data = NULL; /* ms don't handle AD in referals */
-		    goto server_lookup;
-		}
-	    }
-	} else if(need_referral(context, sp, &realms)) {
-	    if (strcmp(realms[0], sp->realm) != 0) {
-		kdc_log(context, config, 5,
-			"Returning a referral to realm %s for "
-			"server %s that was not found",
-			realms[0], spn);
-		krb5_free_principal(context, sp);
-		free(spn);
-		krb5_make_principal(context, &sp, r, KRB5_TGS_NAME,
-				    realms[0], NULL);
-		ret = krb5_unparse_name(context, sp, &spn);
-		if (ret)
-		    goto out;
-		krb5_free_host_realm(context, realms);
-		auth_data = NULL; /* ms don't handle AD in referals */
-		goto server_lookup;
-	    }
-	    krb5_free_host_realm(context, realms);
-	}
-	kdc_log(context, config, 0,
-		"Server not found in database: %s: %s", spn,
-		krb5_get_err_text(context, ret));
-	if (ret == HDB_ERR_NOENTRY)
-	    ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
-	goto out;
-    }
-
-    ret = _kdc_db_fetch(context, config, cp, HDB_F_GET_CLIENT, NULL, &client);
-    if(ret) {
-	const char *krbtgt_realm; 
-
-	/*
-	 * If the client belongs to the same realm as our krbtgt, it
-	 * should exist in the local database.
-	 *
-	 */
-
-	krbtgt_realm = 
-	    krb5_principal_get_comp_string(context, 
-					   krbtgt->entry.principal, 1);
-
-	if(strcmp(krb5_principal_get_realm(context, cp), krbtgt_realm) == 0) {
-	    if (ret == HDB_ERR_NOENTRY)
-		ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
-	    kdc_log(context, config, 1, "Client no longer in database: %s",
-		    cpn);
-	    goto out;
-	}
-	
-	kdc_log(context, config, 1, "Client not found in database: %s: %s",
-		cpn, krb5_get_err_text(context, ret));
-
-	cross_realm = 1;
-    }
-    
-    /*
-     * Check that service is in the same realm as the krbtgt. If it's
-     * not the same, it's someone that is using a uni-directional trust
-     * backward.
-     */
-    
-    if (strcmp(krb5_principal_get_realm(context, sp),
-	       krb5_principal_get_comp_string(context, 
-					      krbtgt->entry.principal, 
-					      1)) != 0) {
-	char *tpn;
-	ret = krb5_unparse_name(context, krbtgt->entry.principal, &tpn);
-	kdc_log(context, config, 0,
-		"Request with wrong krbtgt: %s",
-		(ret == 0) ? tpn : "<unknown>");
-	if(ret == 0)
-	    free(tpn);
-	ret = KRB5KRB_AP_ERR_NOT_US;
-	goto out;
-    }
-
-    /*
-     *
-     */
-
-    client_principal = cp;
-
-    if (client) {
-	const PA_DATA *sdata;
-	int i = 0;
-
-	sdata = _kdc_find_padata(req, &i, KRB5_PADATA_S4U2SELF);
-	if (sdata) {
-	    krb5_crypto crypto;
-	    krb5_data datack;
-	    PA_S4U2Self self;
-	    char *selfcpn = NULL;
-	    const char *str;
-
-	    ret = decode_PA_S4U2Self(sdata->padata_value.data, 
-				     sdata->padata_value.length,
-				     &self, NULL);
-	    if (ret) {
-		kdc_log(context, config, 0, "Failed to decode PA-S4U2Self");
-		goto out;
-	    }
-
-	    ret = _krb5_s4u2self_to_checksumdata(context, &self, &datack);
-	    if (ret)
-		goto out;
-
-	    ret = krb5_crypto_init(context, &tgt->key, 0, &crypto);
-	    if (ret) {
-		free_PA_S4U2Self(&self);
-		krb5_data_free(&datack);
-		kdc_log(context, config, 0, "krb5_crypto_init failed: %s",
-			krb5_get_err_text(context, ret));
-		goto out;
-	    }
-
-	    ret = krb5_verify_checksum(context,
-				       crypto,
-				       KRB5_KU_OTHER_CKSUM,
-				       datack.data, 
-				       datack.length, 
-				       &self.cksum);
-	    krb5_data_free(&datack);
-	    krb5_crypto_destroy(context, crypto);
-	    if (ret) {
-		free_PA_S4U2Self(&self);
-		kdc_log(context, config, 0, 
-			"krb5_verify_checksum failed for S4U2Self: %s",
-			krb5_get_err_text(context, ret));
-		goto out;
-	    }
-
-	    ret = _krb5_principalname2krb5_principal(context,
-						     &client_principal,
-						     self.name,
-						     self.realm);
-	    free_PA_S4U2Self(&self);
-	    if (ret)
-		goto out;
-
-	    ret = krb5_unparse_name(context, client_principal, &selfcpn);	
-	    if (ret)
-		goto out;
-
-	    /*
-	     * Check that service doing the impersonating is
-	     * requesting a ticket to it-self.
-	     */
-	    if (krb5_principal_compare(context, cp, sp) != TRUE) {
-		kdc_log(context, config, 0, "S4U2Self: %s is not allowed "
-			"to impersonate some other user "
-			"(tried for user %s to service %s)",
-			cpn, selfcpn, spn);
-		free(selfcpn);
-		ret = KRB5KDC_ERR_BADOPTION; /* ? */
-		goto out;
-	    }
-
-	    /*
-	     * If the service isn't trusted for authentication to
-	     * delegation, remove the forward flag.
-	     */
-
-	    if (client->entry.flags.trusted_for_delegation) {
-		str = "[forwardable]";
-	    } else {
-		b->kdc_options.forwardable = 0;
-		str = "";
-	    }
-	    kdc_log(context, config, 0, "s4u2self %s impersonating %s to "
-		    "service %s %s", cpn, selfcpn, spn, str);
-	    free(selfcpn);
-	}
-    }
-
-    /*
-     * Constrained delegation
-     */
-
-    if (client != NULL
-	&& b->additional_tickets != NULL
-	&& b->additional_tickets->len != 0
-	&& b->kdc_options.enc_tkt_in_skey == 0)
-    {
-	Key *clientkey;
-	Ticket *t;
-	char *str;
-
-	t = &b->additional_tickets->val[0];
-
-	ret = hdb_enctype2key(context, &client->entry, 
-			      t->enc_part.etype, &clientkey);
-	if(ret){
-	    ret = KRB5KDC_ERR_ETYPE_NOSUPP; /* XXX */
-	    goto out;
-	}
-
-	ret = krb5_decrypt_ticket(context, t, &clientkey->key, &adtkt, 0);
-	if (ret) {
-	    kdc_log(context, config, 0,
-		    "failed to decrypt ticket for "
-		    "constrained delegation from %s to %s ", spn, cpn);
-	    goto out;
-	}
-
-	/* check that ticket is valid */
-
-	if (adtkt.flags.forwardable == 0) {
-	    kdc_log(context, config, 0,
-		    "Missing forwardable flag on ticket for "
-		    "constrained delegation from %s to %s ", spn, cpn);
-	    ret = KRB5KDC_ERR_ETYPE_NOSUPP; /* XXX */
-	    goto out;
-	}
-
-	ret = check_constrained_delegation(context, config, client, sp);
-	if (ret) {
-	    kdc_log(context, config, 0,
-		    "constrained delegation from %s to %s not allowed", 
-		    spn, cpn);
-	    goto out;
-	}
-
-	ret = _krb5_principalname2krb5_principal(context,
-						 &client_principal,
-						 adtkt.cname,
-						 adtkt.crealm);
-	if (ret)
-	    goto out;
-
-	ret = krb5_unparse_name(context, client_principal, &str);
-	if (ret)
-	    goto out;
-
-	ret = verify_flags(context, config, &adtkt, str);
-	if (ret) {
-	    free(str);
-	    goto out;
-	}
-
-	/*
-	 * Check KRB5SignedPath in authorization data and add new entry to
-	 * make sure servers can't fake a ticket to us.
-	 */
-
-	ret = check_KRB5SignedPath(context,
-				   config,
-				   krbtgt,
-				   &adtkt,
-				   &spp,
-				   1);
-	if (ret) {
-	    kdc_log(context, config, 0,
-		    "KRB5SignedPath check from service %s failed "
-		    "for delegation to %s for client %s "
-		    "from %s failed with %s",
-		    spn, str, cpn, from, krb5_get_err_text(context, ret));
-	    free(str);
-	    goto out;
-	}
-
-	kdc_log(context, config, 0, "constrained delegation for %s "
-		"from %s to %s", str, cpn, spn);
-	free(str);
-
-	/* 
-	 * Also require that the KDC have issue the service's krbtgt
-	 * used to do the request. 
-	 */
-	require_signedpath = 1;
-    }
-
-    /*
-     * Check flags
-     */
-
-    ret = _kdc_check_flags(context, config, 
-			   client, cpn,
-			   server, spn,
-			   FALSE);
-    if(ret)
-	goto out;
-
-    if((b->kdc_options.validate || b->kdc_options.renew) && 
-       !krb5_principal_compare(context, 
-			       krbtgt->entry.principal,
-			       server->entry.principal)){
-	kdc_log(context, config, 0, "Inconsistent request.");
-	ret = KRB5KDC_ERR_SERVER_NOMATCH;
-	goto out;
-    }
-
-    /* check for valid set of addresses */
-    if(!_kdc_check_addresses(context, config, tgt->caddr, from_addr)) {
-	ret = KRB5KRB_AP_ERR_BADADDR;
-	kdc_log(context, config, 0, "Request from wrong address");
-	goto out;
-    }
-	
-    /*
-     * Select enctype, return key and kvno.
-     */
-
-    {
-	krb5_enctype etype;
-
-	if(b->kdc_options.enc_tkt_in_skey) {
-	    int i;
-	    ekey = &adtkt.key;
-	    for(i = 0; i < b->etype.len; i++)
-		if (b->etype.val[i] == adtkt.key.keytype)
-		    break;
-	    if(i == b->etype.len) {
-		krb5_clear_error_string(context);
-		return KRB5KDC_ERR_ETYPE_NOSUPP;
-	    }
-	    etype = b->etype.val[i];
-	    kvno = 0;
-	} else {
-	    Key *skey;
-	    
-	    ret = _kdc_find_etype(context, server, b->etype.val, b->etype.len,
-				  &skey, &etype);
-	    if(ret) {
-		kdc_log(context, config, 0, 
-			"Server (%s) has no support for etypes", spp);
-		return ret;
-	    }
-	    ekey = &skey->key;
-	    kvno = server->entry.kvno;
-	}
-	
-	ret = krb5_generate_random_keyblock(context, etype, &sessionkey);
-	if (ret)
-	    goto out;
-    }
-
-    /* check PAC if not cross realm and if there is one */
-    if (!cross_realm) {
-	Key *tkey;
-
-	ret = hdb_enctype2key(context, &krbtgt->entry, 
-			      krbtgt_etype, &tkey);
-	if(ret) {
-	    kdc_log(context, config, 0,
-		    "Failed to find key for krbtgt PAC check");
-	    goto out;
-	}
-
-	ret = check_PAC(context, config, client_principal, 
-			client, server, ekey, &tkey->key,
-			tgt, &rspac, &require_signedpath);
-	if (ret) {
-	    kdc_log(context, config, 0,
-		    "Verify PAC failed for %s (%s) from %s with %s",
-		    spn, cpn, from, krb5_get_err_text(context, ret));
-	    goto out;
-	}
-    }
-
-    /* also check the krbtgt for signature */
-    ret = check_KRB5SignedPath(context,
-			       config,
-			       krbtgt,
-			       tgt,
-			       &spp,
-			       require_signedpath);
-    if (ret) {
-	kdc_log(context, config, 0,
-		"KRB5SignedPath check failed for %s (%s) from %s with %s",
-		spn, cpn, from, krb5_get_err_text(context, ret));
-	goto out;
-    }
-
-    /*
-     *
-     */
-
-    ret = tgs_make_reply(context,
-			 config, 
-			 b, 
-			 client_principal,
-			 tgt, 
-			 ekey,
-			 &sessionkey,
-			 kvno,
-			 auth_data,
-			 server, 
-			 spn,
-			 client, 
-			 cp, 
-			 krbtgt, 
-			 krbtgt_etype,
-			 spp,
-			 &rspac,
-			 e_text,
-			 reply);
-	
-out:
-    free(spn);
-    free(cpn);
-	    
-    krb5_data_free(&rspac);
-    krb5_free_keyblock_contents(context, &sessionkey);
-    if(server)
-	_kdc_free_ent(context, server);
-    if(client)
-	_kdc_free_ent(context, client);
-
-    if (client_principal && client_principal != cp)
-	krb5_free_principal(context, client_principal);
-    if (cp)
-	krb5_free_principal(context, cp);
-    if (sp)
-	krb5_free_principal(context, sp);
-
-    free_EncTicketPart(&adtkt);
-
-    return ret;
-}
-
-/*
- *
- */
-
-krb5_error_code
-_kdc_tgs_rep(krb5_context context, 
-	     krb5_kdc_configuration *config,
-	     KDC_REQ *req, 
-	     krb5_data *data,
-	     const char *from,
-	     struct sockaddr *from_addr,
-	     int datagram_reply)
-{
-    AuthorizationData *auth_data = NULL;
-    krb5_error_code ret;
-    int i = 0;
-    const PA_DATA *tgs_req;
-
-    hdb_entry_ex *krbtgt = NULL;
-    krb5_ticket *ticket = NULL;
-    const char *e_text = NULL;
-    krb5_enctype krbtgt_etype = ETYPE_NULL;
-
-    time_t *csec = NULL;
-    int *cusec = NULL;
-
-    if(req->padata == NULL){
-	ret = KRB5KDC_ERR_PREAUTH_REQUIRED; /* XXX ??? */
-	kdc_log(context, config, 0,
-		"TGS-REQ from %s without PA-DATA", from);
-	goto out;
-    }
-    
-    tgs_req = _kdc_find_padata(req, &i, KRB5_PADATA_TGS_REQ);
-
-    if(tgs_req == NULL){
-	ret = KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
-	
-	kdc_log(context, config, 0, 
-		"TGS-REQ from %s without PA-TGS-REQ", from);
-	goto out;
-    }
-    ret = tgs_parse_request(context, config, 
-			    &req->req_body, tgs_req,
-			    &krbtgt,
-			    &krbtgt_etype,
-			    &ticket,
-			    &e_text,
-			    from, from_addr,
-			    &csec, &cusec,
-			    &auth_data);
-    if (ret) {
-	kdc_log(context, config, 0, 
-		"Failed parsing TGS-REQ from %s", from);
-	goto out;
-    }
-
-    ret = tgs_build_reply(context,
-			  config,
-			  req,
-			  &req->req_body,
-			  krbtgt,
-			  krbtgt_etype,
-			  ticket,
-			  data,
-			  from,
-			  &e_text,
-			  auth_data,
-			  from_addr,
-			  datagram_reply);
-    if (ret) {
-	kdc_log(context, config, 0, 
-		"Failed building TGS-REP to %s", from);
-	goto out;
-    }
-
-    /* */
-    if (datagram_reply && data->length > config->max_datagram_reply_length) {
-	krb5_data_free(data);
-	ret = KRB5KRB_ERR_RESPONSE_TOO_BIG;
-	e_text = "Reply packet too large";
-    }
-
-out:
-    if(ret && data->data == NULL){
-	krb5_mk_error(context,
-		      ret,
-		      NULL,
-		      NULL,
-		      NULL,
-		      NULL,
-		      csec,
-		      cusec,
-		      data);
-    }
-    free(csec);
-    free(cusec);
-    if (ticket)
-	krb5_free_ticket(context, ticket);
-    if(krbtgt)
-	_kdc_free_ent(context, krbtgt);
-
-    if (auth_data) {
-	free_AuthorizationData(auth_data);
-	free(auth_data);
-    }
-
-    return 0;
-}
diff --git a/crypto/heimdal/kdc/kstash.8 b/crypto/heimdal/kdc/kstash.8
deleted file mode 100644
index f30eac693d0a..000000000000
--- a/crypto/heimdal/kdc/kstash.8
+++ /dev/null
@@ -1,104 +0,0 @@
-.\" Copyright (c) 1997 - 2004 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\"
-.\" $Id: kstash.8 20316 2007-04-11 11:53:20Z lha $
-.\"
-.Dd April 10, 2007
-.Dt KSTASH 8
-.Os HEIMDAL
-.Sh NAME
-.Nm kstash
-.Nd "store the KDC master password in a file"
-.Sh SYNOPSIS
-.Nm
-.Bk -words
-.Oo Fl e Ar string \*(Ba Xo
-.Fl -enctype= Ns Ar string
-.Xc
-.Oc
-.Oo Fl k Ar file \*(Ba Xo
-.Fl -key-file= Ns Ar file
-.Xc
-.Oc
-.Op Fl -convert-file
-.Op Fl -random-key
-.Op Fl -master-key-fd= Ns Ar fd
-.Op Fl -random-key
-.Op Fl h | Fl -help
-.Op Fl -version
-.Ek
-.Sh DESCRIPTION
-.Nm
-reads the Kerberos master key and stores it in a file that will be
-used by the KDC.
-.Pp
-Supported options:
-.Bl -tag -width Ds
-.It Xo
-.Fl e Ar string ,
-.Fl -enctype= Ns Ar string
-.Xc
-the encryption type to use, defaults to DES3-CBC-SHA1.
-.It Xo
-.Fl k Ar file ,
-.Fl -key-file= Ns Ar file
-.Xc
-the name of the master key file.
-.It Xo
-.Fl -convert-file
-.Xc
-don't ask for a new master key, just read an old master key file, and
-write it back in the new keyfile format.
-.It Xo
-.Fl -random-key
-.Xc
-generate a random master key.
-.It Xo
-.Fl -master-key-fd= Ns Ar fd
-.Xc
-filedescriptor to read passphrase from, if not specified the
-passphrase will be read from the terminal.
-.El
-.\".Sh ENVIRONMENT
-.Sh FILES
-.Pa /var/heimdal/m-key
-is the default keyfile if no other keyfile is specified.
-The format of a Heimdal master key is the same as a keytab, so
-.Nm ktutil
-list can be used to list the content of the file.
-.\".Sh EXAMPLES
-.\".Sh DIAGNOSTICS
-.Sh SEE ALSO
-.Xr kdc 8
-.\".Sh STANDARDS
-.\".Sh HISTORY
-.\".Sh AUTHORS
-.\".Sh BUGS
diff --git a/crypto/heimdal/kdc/kstash.c b/crypto/heimdal/kdc/kstash.c
deleted file mode 100644
index 9e499a1093a2..000000000000
--- a/crypto/heimdal/kdc/kstash.c
+++ /dev/null
@@ -1,165 +0,0 @@
-/*
- * Copyright (c) 1997-2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "headers.h"
-
-RCSID("$Id: kstash.c 22244 2007-12-08 23:47:42Z lha $");
-
-krb5_context context;
-
-static char *keyfile;
-static int convert_flag;
-static int help_flag;
-static int version_flag;
-
-static int master_key_fd = -1;
-static int random_key_flag;
-
-static const char *enctype_str = "des3-cbc-sha1";
-
-static struct getargs args[] = {
-    { "enctype", 'e', arg_string, &enctype_str, "encryption type" },
-    { "key-file", 'k', arg_string, &keyfile, "master key file", "file" },
-    { "convert-file", 0, arg_flag, &convert_flag, 
-      "just convert keyfile to new format" },
-    { "master-key-fd", 0, arg_integer, &master_key_fd, 
-      "filedescriptor to read passphrase from", "fd" },
-    { "random-key", 0, arg_flag, &random_key_flag, "generate a random master key" },
-    { "help", 'h', arg_flag, &help_flag },
-    { "version", 0, arg_flag, &version_flag }
-};
-
-int num_args = sizeof(args) / sizeof(args[0]);
-
-int
-main(int argc, char **argv)
-{
-    char buf[1024];
-    krb5_error_code ret;
-    
-    krb5_enctype enctype;
-
-    hdb_master_key mkey;
-    
-    krb5_program_setup(&context, argc, argv, args, num_args, NULL);
-
-    if(help_flag)
-	krb5_std_usage(0, args, num_args);
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    if (master_key_fd != -1 && random_key_flag)
-	krb5_errx(context, 1, "random-key and master-key-fd "
-		  "is mutual exclusive");
-
-    if (keyfile == NULL)
-	asprintf(&keyfile, "%s/m-key", hdb_db_dir(context));
-
-    ret = krb5_string_to_enctype(context, enctype_str, &enctype);
-    if(ret)
-	krb5_err(context, 1, ret, "krb5_string_to_enctype");
-
-    ret = hdb_read_master_key(context, keyfile, &mkey);
-    if(ret && ret != ENOENT)
-	krb5_err(context, 1, ret, "reading master key from %s", keyfile);
-
-    if (convert_flag) {
-	if (ret)
-	    krb5_err(context, 1, ret, "reading master key from %s", keyfile);
-    } else {
-	krb5_keyblock key;
-	krb5_salt salt;
-	salt.salttype = KRB5_PW_SALT;
-	/* XXX better value? */
-	salt.saltvalue.data = NULL;
-	salt.saltvalue.length = 0;
-	if (random_key_flag) {
-	    ret = krb5_generate_random_keyblock(context, enctype, &key);
-	    if (ret)
-		krb5_err(context, 1, ret, "krb5_generate_random_keyblock");
-
-	} else {
-	    if(master_key_fd != -1) {
-		ssize_t n;
-		n = read(master_key_fd, buf, sizeof(buf));
-		if(n <= 0)
-		    krb5_err(context, 1, errno, "failed to read passphrase");
-		buf[n] = '\0';
-		buf[strcspn(buf, "\r\n")] = '\0';
-		
-	    } else {
-		if(UI_UTIL_read_pw_string(buf, sizeof(buf), "Master key: ", 1))
-		    exit(1);
-	    }
-	    krb5_string_to_key_salt(context, enctype, buf, salt, &key);
-	}
-	ret = hdb_add_master_key(context, &key, &mkey);
-	
-	krb5_free_keyblock_contents(context, &key);
-
-    }
-    
-    {
-	char *new, *old;
-	asprintf(&old, "%s.old", keyfile);
-	asprintf(&new, "%s.new", keyfile);
-	if(unlink(new) < 0 && errno != ENOENT) {
-	    ret = errno;
-	    goto out;
-	}
-	krb5_warnx(context, "writing key to `%s'", keyfile);
-	ret = hdb_write_master_key(context, new, mkey);
-	if(ret)
-	    unlink(new);
-	else {
-	    unlink(old);
-	    if(link(keyfile, old) < 0 && errno != ENOENT) {
-		ret = errno;
-		unlink(new);
-	    } else if(rename(new, keyfile) < 0) {
-		ret = errno;
-	    }
-	}
-    out:
-	free(old);
-	free(new);
-	if(ret)
-	    krb5_warn(context, errno, "writing master key file");
-    }
-
-    hdb_free_master_key(context, mkey);
-
-    exit(ret != 0);
-}
diff --git a/crypto/heimdal/kdc/kx509.c b/crypto/heimdal/kdc/kx509.c
deleted file mode 100644
index b1b861efef88..000000000000
--- a/crypto/heimdal/kdc/kx509.c
+++ /dev/null
@@ -1,460 +0,0 @@
-/*
- * Copyright (c) 2006 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kdc_locl.h"
-#include <hex.h>
-#include <rfc2459_asn1.h>
-#include <hx509.h>
-
-RCSID("$Id: kx509.c 21607 2007-07-17 07:04:52Z lha $");
-
-/*
- *
- */
-
-krb5_error_code
-_kdc_try_kx509_request(void *ptr, size_t len, Kx509Request *req, size_t *size)
-{
-    if (len < 4)
-	return -1;
-    if (memcmp("\x00\x00\x02\x00", ptr, 4) != 0)
-	return -1;
-    return decode_Kx509Request(((unsigned char *)ptr) + 4, len - 4, req, size);
-}
-
-/*
- *
- */
-
-static const unsigned char version_2_0[4] = {0 , 0, 2, 0};
-
-static krb5_error_code
-verify_req_hash(krb5_context context, 
-		const Kx509Request *req,
-		krb5_keyblock *key)
-{
-    unsigned char digest[SHA_DIGEST_LENGTH];
-    HMAC_CTX ctx;
-    
-    if (req->pk_hash.length != sizeof(digest)) {
-	krb5_set_error_string(context, "pk-hash have wrong length: %lu",
-			      (unsigned long)req->pk_hash.length);
-	return KRB5KDC_ERR_PREAUTH_FAILED;
-    }
-
-    HMAC_CTX_init(&ctx);
-    HMAC_Init_ex(&ctx, 
-		 key->keyvalue.data, key->keyvalue.length, 
-		 EVP_sha1(), NULL);
-    if (sizeof(digest) != HMAC_size(&ctx))
-	krb5_abortx(context, "runtime error, hmac buffer wrong size in kx509");
-    HMAC_Update(&ctx, version_2_0, sizeof(version_2_0));
-    HMAC_Update(&ctx, req->pk_key.data, req->pk_key.length);
-    HMAC_Final(&ctx, digest, 0);
-    HMAC_CTX_cleanup(&ctx);
-
-    if (memcmp(req->pk_hash.data, digest, sizeof(digest)) != 0) {
-	krb5_set_error_string(context, "pk-hash is not correct");
-	return KRB5KDC_ERR_PREAUTH_FAILED;
-    }
-    return 0;
-}
-
-static krb5_error_code
-calculate_reply_hash(krb5_context context,
-		     krb5_keyblock *key,
-		     Kx509Response *rep)
-{
-    HMAC_CTX ctx;
-    
-    HMAC_CTX_init(&ctx);
-
-    HMAC_Init_ex(&ctx, 
-		 key->keyvalue.data, key->keyvalue.length, 
-		 EVP_sha1(), NULL);
-    rep->hash->length = HMAC_size(&ctx);
-    rep->hash->data = malloc(rep->hash->length);
-    if (rep->hash->data == NULL) {
-	HMAC_CTX_cleanup(&ctx);
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-
-    HMAC_Update(&ctx, version_2_0, sizeof(version_2_0));
-    if (rep->error_code) {
-	int32_t t = *rep->error_code;
-	do {
-	    unsigned char p = (t & 0xff);
-	    HMAC_Update(&ctx, &p, 1);
-	    t >>= 8;
-	} while (t);
-    }
-    if (rep->certificate)
-	HMAC_Update(&ctx, rep->certificate->data, rep->certificate->length);
-    if (rep->e_text)
-	HMAC_Update(&ctx, (unsigned char *)*rep->e_text, strlen(*rep->e_text));
-
-    HMAC_Final(&ctx, rep->hash->data, 0);
-    HMAC_CTX_cleanup(&ctx);
-
-    return 0;
-}
-
-/*
- * Build a certifate for `principal� that will expire at `endtime�.
- */
-
-static krb5_error_code
-build_certificate(krb5_context context, 
-		  krb5_kdc_configuration *config,
-		  const krb5_data *key,
-		  time_t endtime,
-		  krb5_principal principal,
-		  krb5_data *certificate)
-{
-    hx509_context hxctx = NULL;
-    hx509_ca_tbs tbs = NULL;
-    hx509_env env = NULL;
-    hx509_cert cert = NULL;
-    hx509_cert signer = NULL;
-    int ret;
-
-    if (krb5_principal_get_comp_string(context, principal, 1) != NULL) {
-	kdc_log(context, config, 0, "Principal is not a user");
-	return EINVAL;
-    }
-
-    ret = hx509_context_init(&hxctx);
-    if (ret)
-	goto out;
-
-    ret = hx509_env_init(hxctx, &env);
-    if (ret)
-	goto out;
-
-    ret = hx509_env_add(hxctx, env, "principal-name", 
-			krb5_principal_get_comp_string(context, principal, 0));
-    if (ret)
-	goto out;
-
-    {
-	hx509_certs certs;
-	hx509_query *q;
-
-	ret = hx509_certs_init(hxctx, config->kx509_ca, 0,
-			       NULL, &certs);
-	if (ret) {
-	    kdc_log(context, config, 0, "Failed to load CA %s",
-		    config->kx509_ca);
-	    goto out;
-	}
-	ret = hx509_query_alloc(hxctx, &q);
-	if (ret) {
-	    hx509_certs_free(&certs);
-	    goto out;
-	}
-
-	hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
-	hx509_query_match_option(q, HX509_QUERY_OPTION_KU_KEYCERTSIGN);
-
-	ret = hx509_certs_find(hxctx, certs, q, &signer);
-	hx509_query_free(hxctx, q);
-	hx509_certs_free(&certs);
-	if (ret) {
-	    kdc_log(context, config, 0, "Failed to find a CA in %s",
-		    config->kx509_ca);
-	    goto out;
-	}
-    }
-
-    ret = hx509_ca_tbs_init(hxctx, &tbs);
-    if (ret)
-	goto out;
-
-    {
-	SubjectPublicKeyInfo spki;
-	heim_any any;
-
-	memset(&spki, 0, sizeof(spki));
-
-	spki.subjectPublicKey.data = key->data;
-	spki.subjectPublicKey.length = key->length * 8;
-
-	ret = der_copy_oid(oid_id_pkcs1_rsaEncryption(), 
-			   &spki.algorithm.algorithm);
-
-	any.data = "\x05\x00";
-	any.length = 2;
-	spki.algorithm.parameters = &any;
-
-	ret = hx509_ca_tbs_set_spki(hxctx, tbs, &spki);
-	der_free_oid(&spki.algorithm.algorithm);
-	if (ret)
-	    goto out;
-    }
-
-    {
-	hx509_certs certs;
-	hx509_cert template;
-
-	ret = hx509_certs_init(hxctx, config->kx509_template, 0,
-			       NULL, &certs);
-	if (ret) {
-	    kdc_log(context, config, 0, "Failed to load template %s",
-		    config->kx509_template);
-	    goto out;
-	}
-	ret = hx509_get_one_cert(hxctx, certs, &template);
-	hx509_certs_free(&certs);
-	if (ret) {
-	    kdc_log(context, config, 0, "Failed to find template in %s",
-		    config->kx509_template);
-	    goto out;
-	}
-	ret = hx509_ca_tbs_set_template(hxctx, tbs, 
-					HX509_CA_TEMPLATE_SUBJECT|
-					HX509_CA_TEMPLATE_KU|
-					HX509_CA_TEMPLATE_EKU,
-					template);
-	hx509_cert_free(template);
-	if (ret)
-	    goto out;
-    }
-
-    hx509_ca_tbs_set_notAfter(hxctx, tbs, endtime);
-
-    hx509_ca_tbs_subject_expand(hxctx, tbs, env);
-    hx509_env_free(&env);
-
-    ret = hx509_ca_sign(hxctx, tbs, signer, &cert);
-    hx509_cert_free(signer);
-    if (ret)
-	goto out;
-
-    hx509_ca_tbs_free(&tbs);
-
-    ret = hx509_cert_binary(hxctx, cert, certificate);
-    hx509_cert_free(cert);
-    if (ret)
-	goto out;
-		      
-    hx509_context_free(&hxctx);
-
-    return 0;
-out:
-    if (env)
-	hx509_env_free(&env);
-    if (tbs)
-	hx509_ca_tbs_free(&tbs);
-    if (signer)
-	hx509_cert_free(signer);
-    if (hxctx)
-	hx509_context_free(&hxctx);
-    krb5_set_error_string(context, "cert creation failed");
-    return ret;
-}
-
-/*
- *
- */
-
-krb5_error_code
-_kdc_do_kx509(krb5_context context, 
-	      krb5_kdc_configuration *config,
-	      const Kx509Request *req, krb5_data *reply,
-	      const char *from, struct sockaddr *addr)
-{
-    krb5_error_code ret;
-    krb5_ticket *ticket = NULL;
-    krb5_flags ap_req_options;
-    krb5_auth_context ac = NULL;
-    krb5_keytab id = NULL;
-    krb5_principal sprincipal = NULL, cprincipal = NULL;
-    char *cname = NULL;
-    Kx509Response rep;
-    size_t size;
-    krb5_keyblock *key = NULL;
-
-    krb5_data_zero(reply);
-    memset(&rep, 0, sizeof(rep));
-
-    if(!config->enable_kx509) {
-	kdc_log(context, config, 0, 
-		"Rejected kx509 request (disabled) from %s", from);
-	return KRB5KDC_ERR_POLICY;
-    }
-
-    kdc_log(context, config, 0, "Kx509 request from %s", from);
-
-    ret = krb5_kt_resolve(context, "HDB:", &id);
-    if (ret) {
-	kdc_log(context, config, 0, "Can't open database for digest");
-	goto out;
-    }
-
-    ret = krb5_rd_req(context, 
-		      &ac,
-		      &req->authenticator,
-		      NULL,
-		      id,
-		      &ap_req_options,
-		      &ticket);
-    if (ret)
-	goto out;
-
-    ret = krb5_ticket_get_client(context, ticket, &cprincipal);
-    if (ret)
-	goto out;
-
-    ret = krb5_unparse_name(context, cprincipal, &cname);
-    if (ret)
-	goto out;
-    
-    /* verify server principal */
-
-    ret = krb5_sname_to_principal(context, NULL, "kca_service",
-				  KRB5_NT_UNKNOWN, &sprincipal);
-    if (ret)
-	goto out;
-
-    {
-	krb5_principal principal = NULL;
-
-	ret = krb5_ticket_get_server(context, ticket, &principal);
-	if (ret)
-	    goto out;
-
-	ret = krb5_principal_compare(context, sprincipal, principal);
-	krb5_free_principal(context, principal);
-	if (ret != TRUE) {
-	    ret = KRB5KDC_ERR_SERVER_NOMATCH;
-	    krb5_set_error_string(context, 
-				  "User %s used wrong Kx509 service principal",
-				  cname);
-	    goto out;
-	}
-    }
-    
-    ret = krb5_auth_con_getkey(context, ac, &key);
-    if (ret || key == NULL) {
-	krb5_set_error_string(context, "Kx509 can't get session key");
-	goto out;
-    }
-    
-    ret = verify_req_hash(context, req, key);
-    if (ret)
-	goto out;
-
-    /* Verify that the key is encoded RSA key */
-    {
-	RSAPublicKey key;
-	size_t size;
-
-	ret = decode_RSAPublicKey(req->pk_key.data, req->pk_key.length,
-				  &key, &size);
-	if (ret)
-	    goto out;
-	free_RSAPublicKey(&key);
-	if (size != req->pk_key.length)
-	    ;
-    }
-
-    ALLOC(rep.certificate);
-    if (rep.certificate == NULL)
-	goto out;
-    krb5_data_zero(rep.certificate);
-    ALLOC(rep.hash);
-    if (rep.hash == NULL)
-	goto out;
-    krb5_data_zero(rep.hash);
-
-    ret = build_certificate(context, config, &req->pk_key, 
-			    krb5_ticket_get_endtime(context, ticket),
-			    cprincipal, rep.certificate);
-    if (ret)
-	goto out;
-
-    ret = calculate_reply_hash(context, key, &rep);
-    if (ret)
-	goto out;
-
-    /*
-     * Encode reply, [ version | Kx509Response ]
-     */
-
-    {
-	krb5_data data;
-
-	ASN1_MALLOC_ENCODE(Kx509Response, data.data, data.length, &rep,
-			   &size, ret);
-	if (ret) {
-	    krb5_set_error_string(context, "Failed to encode kx509 reply");
-	    goto out;
-	}
-	if (size != data.length)
-	    krb5_abortx(context, "ASN1 internal error");
-
-	ret = krb5_data_alloc(reply, data.length + sizeof(version_2_0));
-	if (ret) {
-	    free(data.data);
-	    goto out;
-	}
-	memcpy(reply->data, version_2_0, sizeof(version_2_0));
-	memcpy(((unsigned char *)reply->data) + sizeof(version_2_0),
-	       data.data, data.length);
-	free(data.data);
-    }
-
-    kdc_log(context, config, 0, "Successful Kx509 request for %s", cname);
-
-out:
-    if (ac)
-	krb5_auth_con_free(context, ac);
-    if (ret)
-	krb5_warn(context, ret, "Kx509 request from %s failed", from);
-    if (ticket)
-	krb5_free_ticket(context, ticket);
-    if (id)
-	krb5_kt_close(context, id);
-    if (sprincipal)
-	krb5_free_principal(context, sprincipal);
-    if (cprincipal)
-	krb5_free_principal(context, cprincipal);
-    if (key)
-	krb5_free_keyblock (context, key);
-    if (cname)
-	free(cname);
-    free_Kx509Response(&rep);
-
-    return 0;
-}
diff --git a/crypto/heimdal/kdc/log.c b/crypto/heimdal/kdc/log.c
deleted file mode 100644
index 8cf967fbfb8b..000000000000
--- a/crypto/heimdal/kdc/log.c
+++ /dev/null
@@ -1,93 +0,0 @@
-/*
- * Copyright (c) 1997, 1998, 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kdc_locl.h"
-RCSID("$Id: log.c 22254 2007-12-09 06:01:05Z lha $");
-
-void
-kdc_openlog(krb5_context context, 
-	    krb5_kdc_configuration *config)
-{
-    char **s = NULL, **p;
-    krb5_initlog(context, "kdc", &config->logf);
-    s = krb5_config_get_strings(context, NULL, "kdc", "logging", NULL);
-    if(s == NULL)
-	s = krb5_config_get_strings(context, NULL, "logging", "kdc", NULL);
-    if(s){
-	for(p = s; *p; p++)
-	    krb5_addlog_dest(context, config->logf, *p);
-	krb5_config_free_strings(s);
-    }else {
-	char *s;
-	asprintf(&s, "0-1/FILE:%s/%s", hdb_db_dir(context), KDC_LOG_FILE);
-	krb5_addlog_dest(context, config->logf, s);
-	free(s);
-    }
-    krb5_set_warn_dest(context, config->logf);
-}
-
-char*
-kdc_log_msg_va(krb5_context context, 
-	       krb5_kdc_configuration *config,
-	       int level, const char *fmt, va_list ap)
-{
-    char *msg;
-    krb5_vlog_msg(context, config->logf, &msg, level, fmt, ap);
-    return msg;
-}
-
-char*
-kdc_log_msg(krb5_context context, 
-	    krb5_kdc_configuration *config,
-	    int level, const char *fmt, ...)
-{
-    va_list ap;
-    char *s;
-    va_start(ap, fmt);
-    s = kdc_log_msg_va(context, config, level, fmt, ap);
-    va_end(ap);
-    return s;
-}
-
-void
-kdc_log(krb5_context context, 
-	krb5_kdc_configuration *config,
-	int level, const char *fmt, ...)
-{
-    va_list ap;
-    char *s;
-    va_start(ap, fmt);
-    s = kdc_log_msg_va(context, config, level, fmt, ap);
-    if(s) free(s);
-    va_end(ap);
-}
diff --git a/crypto/heimdal/kdc/main.c b/crypto/heimdal/kdc/main.c
deleted file mode 100644
index 9195b0488952..000000000000
--- a/crypto/heimdal/kdc/main.c
+++ /dev/null
@@ -1,99 +0,0 @@
-/*
- * Copyright (c) 1997-2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kdc_locl.h"
-#ifdef HAVE_UTIL_H
-#include <util.h>
-#endif
-
-RCSID("$Id: main.c 20454 2007-04-19 20:21:51Z lha $");
-
-sig_atomic_t exit_flag = 0;
-
-int detach_from_console = -1;
-
-static RETSIGTYPE
-sigterm(int sig)
-{
-    exit_flag = sig;
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_context context;
-    krb5_kdc_configuration *config;
-
-    setprogname(argv[0]);
-    
-    ret = krb5_init_context(&context);
-    if (ret == KRB5_CONFIG_BADFORMAT)
-	errx (1, "krb5_init_context failed to parse configuration file");
-    else if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    ret = krb5_kt_register(context, &hdb_kt_ops);
-    if (ret)
-	errx (1, "krb5_kt_register(HDB) failed: %d", ret);
-
-    config = configure(context, argc, argv);
-
-#ifdef HAVE_SIGACTION
-    {
-	struct sigaction sa;
-
-	sa.sa_flags = 0;
-	sa.sa_handler = sigterm;
-	sigemptyset(&sa.sa_mask);
-
-	sigaction(SIGINT, &sa, NULL);
-	sigaction(SIGTERM, &sa, NULL);
-	sigaction(SIGXCPU, &sa, NULL);
-
-	sa.sa_handler = SIG_IGN;
-	sigaction(SIGPIPE, &sa, NULL);
-    }
-#else
-    signal(SIGINT, sigterm);
-    signal(SIGTERM, sigterm);
-    signal(SIGXCPU, sigterm);
-    signal(SIGPIPE, SIG_IGN);
-#endif
-    if (detach_from_console)
-	daemon(0, 0);
-    pidfile(NULL);
-    loop(context, config);
-    krb5_free_context(context);
-    return 0;
-}
diff --git a/crypto/heimdal/kdc/misc.c b/crypto/heimdal/kdc/misc.c
deleted file mode 100644
index 072df4404297..000000000000
--- a/crypto/heimdal/kdc/misc.c
+++ /dev/null
@@ -1,122 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kdc_locl.h"
-
-RCSID("$Id: misc.c 21106 2007-06-18 10:18:11Z lha $");
-
-struct timeval _kdc_now;
-
-krb5_error_code
-_kdc_db_fetch(krb5_context context,
-	      krb5_kdc_configuration *config,
-	      krb5_const_principal principal,
-	      unsigned flags,
-	      HDB **db,
-	      hdb_entry_ex **h)
-{
-    hdb_entry_ex *ent;
-    krb5_error_code ret;
-    int i;
-
-    ent = calloc (1, sizeof (*ent));
-    if (ent == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-
-    for(i = 0; i < config->num_db; i++) {
-	ret = config->db[i]->hdb_open(context, config->db[i], O_RDONLY, 0);
-	if (ret) {
-	    kdc_log(context, config, 0, "Failed to open database: %s", 
-		    krb5_get_err_text(context, ret));
-	    continue;
-	}
-	ret = config->db[i]->hdb_fetch(context, 
-				       config->db[i],
-				       principal,
-				       flags | HDB_F_DECRYPT,
-				       ent);
-	config->db[i]->hdb_close(context, config->db[i]);
-	if(ret == 0) {
-	    if (db)
-		*db = config->db[i];
-	    *h = ent;
-	    return 0;
-	}
-    }
-    free(ent);
-    krb5_set_error_string(context, "no such entry found in hdb");
-    return  HDB_ERR_NOENTRY;
-}
-
-void
-_kdc_free_ent(krb5_context context, hdb_entry_ex *ent)
-{
-    hdb_free_entry (context, ent);
-    free (ent);
-}
-
-/*
- * Use the order list of preferred encryption types and sort the
- * available keys and return the most preferred key.
- */
-
-krb5_error_code
-_kdc_get_preferred_key(krb5_context context,
-		       krb5_kdc_configuration *config,
-		       hdb_entry_ex *h,
-		       const char *name,
-		       krb5_enctype *enctype,
-		       Key **key)
-{
-    const krb5_enctype *p;
-    krb5_error_code ret;
-    int i;
-
-    p = krb5_kerberos_enctypes(context);
-
-    for (i = 0; p[i] != ETYPE_NULL; i++) {
-	if (krb5_enctype_valid(context, p[i]) != 0)
-	    continue;
-	ret = hdb_enctype2key(context, &h->entry, p[i], key);
-	if (ret == 0) {
-	    *enctype = p[i];
-	    return 0;
-	}
-    }
-
-    krb5_set_error_string(context, "No valid kerberos key found for %s", name);
-    return EINVAL;
-}
-
diff --git a/crypto/heimdal/kdc/mit_dump.c b/crypto/heimdal/kdc/mit_dump.c
deleted file mode 100644
index dd2f5d78c8e9..000000000000
--- a/crypto/heimdal/kdc/mit_dump.c
+++ /dev/null
@@ -1,373 +0,0 @@
-/*
- * Copyright (c) 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "hprop.h"
-
-RCSID("$Id: mit_dump.c 21745 2007-07-31 16:11:25Z lha $");
-
-/*
-can have any number of princ stanzas.
-format is as follows (only \n indicates newlines)
-princ\t%d\t (%d is KRB5_KDB_V1_BASE_LENGTH, always 38)
-%d\t (strlen of principal e.g. shadow/foo@ANDREW.CMU.EDU)
-%d\t (number of tl_data)
-%d\t (number of key data, e.g. how many keys for this user)
-%d\t (extra data length) 
-%s\t (principal name)
-%d\t (attributes)
-%d\t (max lifetime, seconds)
-%d\t (max renewable life, seconds)
-%d\t (expiration, seconds since epoch or 2145830400 for never)
-%d\t (password expiration, seconds, 0 for never) 
-%d\t (last successful auth, seconds since epoch)
-%d\t (last failed auth, per above)
-%d\t (failed auth count)
-foreach tl_data 0 to number of tl_data - 1 as above
-  %d\t%d\t (data type, data length)
-  foreach tl_data 0 to length-1
-    %02x (tl data contents[element n])
-  except if tl_data length is 0
-    %d (always -1)
-  \t
-foreach key 0 to number of keys - 1 as above
-  %d\t%d\t (key data version, kvno)
-  foreach version 0 to key data version - 1 (a key or a salt)
-    %d\t%d\t(data type for this key, data length for this key)
-    foreach key data length 0 to length-1
-      %02x (key data contents[element n])
-    except if key_data length is 0
-      %d (always -1)
-    \t    
-foreach extra data length 0 to length - 1
-  %02x (extra data part)
-unless no extra data
-  %d (always -1)
-;\n
-
-*/
-
-static int
-hex_to_octet_string(const char *ptr, krb5_data *data)
-{
-    int i;
-    unsigned int v;
-    for(i = 0; i < data->length; i++) {
-	if(sscanf(ptr + 2 * i, "%02x", &v) != 1)
-	    return -1;
-	((unsigned char*)data->data)[i] = v;
-    }
-    return 2 * i;
-}
-
-static char *
-nexttoken(char **p)
-{
-    char *q;
-    do {
-	q = strsep(p, " \t");
-    } while(q && *q == '\0');
-    return q;
-}
-
-static size_t
-getdata(char **p, unsigned char *buf, size_t len)
-{
-    size_t i;
-    int v;
-    char *q = nexttoken(p);
-    i = 0;
-    while(*q && i < len) {
-	if(sscanf(q, "%02x", &v) != 1)
-	    break;
-	buf[i++] = v;
-	q += 2;
-    }
-    return i;
-}
-
-static int
-getint(char **p)
-{
-    int val;
-    char *q = nexttoken(p);
-    sscanf(q, "%d", &val);
-    return val;
-}
-
-#include <kadm5/admin.h>
-
-static void
-attr_to_flags(unsigned attr, HDBFlags *flags)
-{
-    flags->postdate =		!(attr & KRB5_KDB_DISALLOW_POSTDATED);
-    flags->forwardable =	!(attr & KRB5_KDB_DISALLOW_FORWARDABLE);
-    flags->initial =	       !!(attr & KRB5_KDB_DISALLOW_TGT_BASED);
-    flags->renewable =		!(attr & KRB5_KDB_DISALLOW_RENEWABLE);
-    flags->proxiable =		!(attr & KRB5_KDB_DISALLOW_PROXIABLE);
-    /* DUP_SKEY */
-    flags->invalid =	       !!(attr & KRB5_KDB_DISALLOW_ALL_TIX);
-    flags->require_preauth =   !!(attr & KRB5_KDB_REQUIRES_PRE_AUTH);
-    /* HW_AUTH */
-    flags->server =		!(attr & KRB5_KDB_DISALLOW_SVR);
-    flags->change_pw = 	       !!(attr & KRB5_KDB_PWCHANGE_SERVICE);
-    flags->client =	        1; /* XXX */
-}
-
-#define KRB5_KDB_SALTTYPE_NORMAL	0
-#define KRB5_KDB_SALTTYPE_V4		1
-#define KRB5_KDB_SALTTYPE_NOREALM	2
-#define KRB5_KDB_SALTTYPE_ONLYREALM	3
-#define KRB5_KDB_SALTTYPE_SPECIAL	4
-#define KRB5_KDB_SALTTYPE_AFS3		5
-
-static krb5_error_code
-fix_salt(krb5_context context, hdb_entry *ent, int key_num)
-{
-    krb5_error_code ret;
-    Salt *salt = ent->keys.val[key_num].salt;
-    /* fix salt type */
-    switch((int)salt->type) {
-    case KRB5_KDB_SALTTYPE_NORMAL:
-	salt->type = KRB5_PADATA_PW_SALT;
-	break;
-    case KRB5_KDB_SALTTYPE_V4:
-	krb5_data_free(&salt->salt);
-	salt->type = KRB5_PADATA_PW_SALT;
-	break;
-    case KRB5_KDB_SALTTYPE_NOREALM:
-    {
-	size_t len;
-	int i;
-	char *p;
-	    
-	len = 0;
-	for (i = 0; i < ent->principal->name.name_string.len; ++i)
-	    len += strlen(ent->principal->name.name_string.val[i]);
-	ret = krb5_data_alloc (&salt->salt, len);
-	if (ret)
-	    return ret;
-	p = salt->salt.data;
-	for (i = 0; i < ent->principal->name.name_string.len; ++i) {
-	    memcpy (p,
-		    ent->principal->name.name_string.val[i],
-		    strlen(ent->principal->name.name_string.val[i]));
-	    p += strlen(ent->principal->name.name_string.val[i]);
-	}
-
-	salt->type = KRB5_PADATA_PW_SALT;
-	break;
-    }
-    case KRB5_KDB_SALTTYPE_ONLYREALM:
-	krb5_data_free(&salt->salt);
-	ret = krb5_data_copy(&salt->salt, 
-			     ent->principal->realm, 
-			     strlen(ent->principal->realm));
-	if(ret)
-	    return ret;
-	salt->type = KRB5_PADATA_PW_SALT;
-	break;
-    case KRB5_KDB_SALTTYPE_SPECIAL:
-	salt->type = KRB5_PADATA_PW_SALT;
-	break;
-    case KRB5_KDB_SALTTYPE_AFS3:
-	krb5_data_free(&salt->salt);
-	ret = krb5_data_copy(&salt->salt, 
-		       ent->principal->realm, 
-		       strlen(ent->principal->realm));
-	if(ret)
-	    return ret;
-	salt->type = KRB5_PADATA_AFS3_SALT;
-	break;
-    default:
-	abort();
-    }
-    return 0;
-}
-
-int
-mit_prop_dump(void *arg, const char *file)
-{
-    krb5_error_code ret;
-    char line [2048];
-    FILE *f;
-    int lineno = 0;
-    struct hdb_entry_ex ent;
-
-    struct prop_data *pd = arg;
-
-    f = fopen(file, "r");
-    if(f == NULL)
-	return errno;
-    
-    while(fgets(line, sizeof(line), f)) {
-	char *p = line, *q;
-
-	int i;
-
-	int num_tl_data;
-	int num_key_data;
-	int extra_data_length;
-	int attributes;
-
-	int tmp;
-
-	lineno++;
-
-	memset(&ent, 0, sizeof(ent));
-
-	q = nexttoken(&p);
-	if(strcmp(q, "kdb5_util") == 0) {
-	    int major;
-	    q = nexttoken(&p); /* load_dump */
-	    if(strcmp(q, "load_dump"))
-		errx(1, "line %d: unknown version", lineno);
-	    q = nexttoken(&p); /* load_dump */
-	    if(strcmp(q, "version"))
-		errx(1, "line %d: unknown version", lineno);
-	    q = nexttoken(&p); /* x.0 */
-	    if(sscanf(q, "%d", &major) != 1)
-		errx(1, "line %d: unknown version", lineno);
-	    if(major != 4)
-		errx(1, "unknown dump file format, got %d, expected 4", major);
-	    continue;
-	} else if(strcmp(q, "princ") != 0) {
-	    warnx("line %d: not a principal", lineno);
-	    continue;
-	}
-	tmp = getint(&p);
-	if(tmp != 38) {
-	    warnx("line %d: bad base length %d != 38", lineno, tmp);
-	    continue;
-	}
-	q = nexttoken(&p); /* length of principal */
-	num_tl_data = getint(&p); /* number of tl-data */
-	num_key_data = getint(&p); /* number of key-data */
-	extra_data_length = getint(&p);  /* length of extra data */
-	q = nexttoken(&p); /* principal name */
-	krb5_parse_name(pd->context, q, &ent.entry.principal);
-	attributes = getint(&p); /* attributes */
-	attr_to_flags(attributes, &ent.entry.flags);
-	tmp = getint(&p); /* max life */
-	if(tmp != 0) {
-	    ALLOC(ent.entry.max_life);
-	    *ent.entry.max_life = tmp;
-	}
-	tmp = getint(&p); /* max renewable life */
-	if(tmp != 0) {
-	    ALLOC(ent.entry.max_renew);
-	    *ent.entry.max_renew = tmp;
-	}
-	tmp = getint(&p); /* expiration */
-	if(tmp != 0 && tmp != 2145830400) {
-	    ALLOC(ent.entry.valid_end);
-	    *ent.entry.valid_end = tmp;
-	}
-	tmp = getint(&p); /* pw expiration */
-	if(tmp != 0) {
-	    ALLOC(ent.entry.pw_end);
-	    *ent.entry.pw_end = tmp;
-	}
-	q = nexttoken(&p); /* last auth */
-	q = nexttoken(&p); /* last failed auth */
-	q = nexttoken(&p); /* fail auth count */
-	for(i = 0; i < num_tl_data; i++) {
-	    unsigned long val;
-	    int tl_type, tl_length;
-	    unsigned char *buf;
-	    krb5_principal princ;
-
-	    tl_type = getint(&p); /* data type */
-	    tl_length = getint(&p); /* data length */
-
-#define mit_KRB5_TL_LAST_PWD_CHANGE	1
-#define mit_KRB5_TL_MOD_PRINC		2
-	    switch(tl_type) {
-	    case mit_KRB5_TL_MOD_PRINC:
-		buf = malloc(tl_length);
-		if (buf == NULL)
-		    errx(ENOMEM, "malloc");
-		getdata(&p, buf, tl_length); /* data itself */
-		val = buf[0] | (buf[1] << 8) | (buf[2] << 16) | (buf[3] << 24);
-		ret = krb5_parse_name(pd->context, (char *)buf + 4, &princ);
-		free(buf);
-		ALLOC(ent.entry.modified_by);
-		ent.entry.modified_by->time = val;
-		ent.entry.modified_by->principal = princ;
-		break;
-	    default:
-		nexttoken(&p);
-		break;
-	    }
-	}
-	ALLOC_SEQ(&ent.entry.keys, num_key_data);
-	for(i = 0; i < num_key_data; i++) {
-	    int key_versions;
-	    key_versions = getint(&p); /* key data version */
-	    ent.entry.kvno = getint(&p); /* XXX kvno */
-	    
-	    ALLOC(ent.entry.keys.val[i].mkvno);
-	    *ent.entry.keys.val[i].mkvno = 0;
-	    
-	    /* key version 0 -- actual key */
-	    ent.entry.keys.val[i].key.keytype = getint(&p); /* key type */
-	    tmp = getint(&p); /* key length */
-	    /* the first two bytes of the key is the key length --
-	       skip it */
-	    krb5_data_alloc(&ent.entry.keys.val[i].key.keyvalue, tmp - 2);
-	    q = nexttoken(&p); /* key itself */
-	    hex_to_octet_string(q + 4, &ent.entry.keys.val[i].key.keyvalue);
-
-	    if(key_versions > 1) {
-		/* key version 1 -- optional salt */
-		ALLOC(ent.entry.keys.val[i].salt);
-		ent.entry.keys.val[i].salt->type = getint(&p); /* salt type */
-		tmp = getint(&p); /* salt length */
-		if(tmp > 0) {
-		    krb5_data_alloc(&ent.entry.keys.val[i].salt->salt, tmp - 2);
-		    q = nexttoken(&p); /* salt itself */
-		    hex_to_octet_string(q + 4,
-					&ent.entry.keys.val[i].salt->salt);
-		} else {
-		    ent.entry.keys.val[i].salt->salt.length = 0;
-		    ent.entry.keys.val[i].salt->salt.data = NULL;
-		    tmp = getint(&p);	/* -1, if no data. */
-		}
-		fix_salt(pd->context, &ent.entry, i);
-	    }
-	}
-	q = nexttoken(&p); /* extra data */
-	v5_prop(pd->context, NULL, &ent, arg);
-    }
-    fclose(f);
-    return 0;
-}
diff --git a/crypto/heimdal/kdc/pkinit.c b/crypto/heimdal/kdc/pkinit.c
deleted file mode 100644
index bf248af588fc..000000000000
--- a/crypto/heimdal/kdc/pkinit.c
+++ /dev/null
@@ -1,1673 +0,0 @@
-/*
- * Copyright (c) 2003 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kdc_locl.h"
-
-RCSID("$Id: pkinit.c 22243 2007-12-08 23:39:30Z lha $");
-
-#ifdef PKINIT
-
-#include <heim_asn1.h>
-#include <rfc2459_asn1.h>
-#include <cms_asn1.h>
-#include <pkinit_asn1.h>
-
-#include <hx509.h>
-#include "crypto-headers.h"
-
-/* XXX copied from lib/krb5/pkinit.c */
-struct krb5_pk_identity {
-    hx509_context hx509ctx;
-    hx509_verify_ctx verify_ctx;
-    hx509_certs certs;
-    hx509_certs anchors;
-    hx509_certs certpool;
-    hx509_revoke_ctx revoke;
-};
-
-enum pkinit_type {
-    PKINIT_COMPAT_WIN2K = 1,
-    PKINIT_COMPAT_27 = 3
-};
-
-struct pk_client_params {
-    enum pkinit_type type;
-    BIGNUM *dh_public_key;
-    hx509_cert cert;
-    unsigned nonce;
-    DH *dh;
-    EncryptionKey reply_key;
-    char *dh_group_name;
-    hx509_peer_info peer;
-    hx509_certs client_anchors;
-};
-
-struct pk_principal_mapping {
-    unsigned int len;
-    struct pk_allowed_princ {
-	krb5_principal principal;
-	char *subject;
-    } *val;
-};
-
-static struct krb5_pk_identity *kdc_identity;
-static struct pk_principal_mapping principal_mappings;
-static struct krb5_dh_moduli **moduli;
-
-static struct {
-    krb5_data data;
-    time_t expire;
-    time_t next_update;
-} ocsp;
-
-/*
- *
- */
-
-static krb5_error_code
-pk_check_pkauthenticator_win2k(krb5_context context,
-			       PKAuthenticator_Win2k *a,
-			       const KDC_REQ *req)
-{
-    krb5_timestamp now;
-
-    krb5_timeofday (context, &now);
-
-    /* XXX cusec */
-    if (a->ctime == 0 || abs(a->ctime - now) > context->max_skew) {
-	krb5_clear_error_string(context);
-	return KRB5KRB_AP_ERR_SKEW;
-    }
-    return 0;
-}
-
-static krb5_error_code
-pk_check_pkauthenticator(krb5_context context,
-			 PKAuthenticator *a,
-			 const KDC_REQ *req)
-{
-    u_char *buf = NULL;
-    size_t buf_size;
-    krb5_error_code ret;
-    size_t len;
-    krb5_timestamp now;
-    Checksum checksum;
-
-    krb5_timeofday (context, &now);
-
-    /* XXX cusec */
-    if (a->ctime == 0 || abs(a->ctime - now) > context->max_skew) {
-	krb5_clear_error_string(context);
-	return KRB5KRB_AP_ERR_SKEW;
-    }
-
-    ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, &req->req_body, &len, ret);
-    if (ret) {
-	krb5_clear_error_string(context);
-	return ret;
-    }
-    if (buf_size != len)
-	krb5_abortx(context, "Internal error in ASN.1 encoder");
-
-    ret = krb5_create_checksum(context,
-			       NULL,
-			       0,
-			       CKSUMTYPE_SHA1,
-			       buf,
-			       len,
-			       &checksum);
-    free(buf);
-    if (ret) {
-	krb5_clear_error_string(context);
-	return ret;
-    }
-	
-    if (a->paChecksum == NULL) {
-	krb5_clear_error_string(context);
-	ret = KRB5_KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED;
-	goto out;
-    }
-
-    if (der_heim_octet_string_cmp(a->paChecksum, &checksum.checksum) != 0) {
-	krb5_clear_error_string(context);
-	ret = KRB5KRB_ERR_GENERIC;
-    }
-
-out:
-    free_Checksum(&checksum);
-
-    return ret;
-}
-
-void
-_kdc_pk_free_client_param(krb5_context context, 
-			  pk_client_params *client_params)
-{
-    if (client_params->cert)
-	hx509_cert_free(client_params->cert);
-    if (client_params->dh)
-	DH_free(client_params->dh);
-    if (client_params->dh_public_key)
-	BN_free(client_params->dh_public_key);
-    krb5_free_keyblock_contents(context, &client_params->reply_key);
-    if (client_params->dh_group_name)
-	free(client_params->dh_group_name);
-    if (client_params->peer)
-	hx509_peer_info_free(client_params->peer);
-    if (client_params->client_anchors)
-	hx509_certs_free(&client_params->client_anchors);
-    memset(client_params, 0, sizeof(*client_params));
-    free(client_params);
-}
-
-static krb5_error_code
-generate_dh_keyblock(krb5_context context, pk_client_params *client_params,
-                     krb5_enctype enctype, krb5_keyblock *reply_key)
-{
-    unsigned char *dh_gen_key = NULL;
-    krb5_keyblock key;
-    krb5_error_code ret;
-    size_t dh_gen_keylen, size;
-
-    memset(&key, 0, sizeof(key));
-
-    if (!DH_generate_key(client_params->dh)) {
-	krb5_set_error_string(context, "Can't generate Diffie-Hellman keys");
-	ret = KRB5KRB_ERR_GENERIC;
-	goto out;
-    }
-    if (client_params->dh_public_key == NULL) {
-	krb5_set_error_string(context, "dh_public_key");
-	ret = KRB5KRB_ERR_GENERIC;
-	goto out;
-    }
-
-    dh_gen_keylen = DH_size(client_params->dh);
-    size = BN_num_bytes(client_params->dh->p);
-    if (size < dh_gen_keylen)
-	size = dh_gen_keylen;
-
-    dh_gen_key = malloc(size);
-    if (dh_gen_key == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	ret = ENOMEM;
-	goto out;
-    }
-    memset(dh_gen_key, 0, size - dh_gen_keylen);
-
-    dh_gen_keylen = DH_compute_key(dh_gen_key + (size - dh_gen_keylen),
-				   client_params->dh_public_key,
-				   client_params->dh);
-    if (dh_gen_keylen == -1) {
-	krb5_set_error_string(context, "Can't compute Diffie-Hellman key");
-	ret = KRB5KRB_ERR_GENERIC;
-	goto out;
-    }
-
-    ret = _krb5_pk_octetstring2key(context,
-				   enctype,
-				   dh_gen_key, dh_gen_keylen,
-				   NULL, NULL,
-				   reply_key);
-
- out:
-    if (dh_gen_key)
-	free(dh_gen_key);
-    if (key.keyvalue.data)
-	krb5_free_keyblock_contents(context, &key);
-
-    return ret;
-}
-
-static BIGNUM *
-integer_to_BN(krb5_context context, const char *field, heim_integer *f)
-{
-    BIGNUM *bn;
-
-    bn = BN_bin2bn((const unsigned char *)f->data, f->length, NULL);
-    if (bn == NULL) {
-	krb5_set_error_string(context, "PKINIT: parsing BN failed %s", field);
-	return NULL;
-    }
-    BN_set_negative(bn, f->negative);
-    return bn;
-}
-
-static krb5_error_code
-get_dh_param(krb5_context context,
-	     krb5_kdc_configuration *config,
-	     SubjectPublicKeyInfo *dh_key_info,
-	     pk_client_params *client_params)
-{
-    DomainParameters dhparam;
-    DH *dh = NULL;
-    krb5_error_code ret;
-
-    memset(&dhparam, 0, sizeof(dhparam));
-
-    if (der_heim_oid_cmp(&dh_key_info->algorithm.algorithm, oid_id_dhpublicnumber())) {
-	krb5_set_error_string(context,
-			      "PKINIT invalid oid in clientPublicValue");
-	return KRB5_BADMSGTYPE;
-    }
-
-    if (dh_key_info->algorithm.parameters == NULL) {
-	krb5_set_error_string(context, "PKINIT missing algorithm parameter "
-			      "in clientPublicValue");
-	return KRB5_BADMSGTYPE;
-    }
-
-    ret = decode_DomainParameters(dh_key_info->algorithm.parameters->data,
-				  dh_key_info->algorithm.parameters->length,
-				  &dhparam,
-				  NULL);
-    if (ret) {
-	krb5_set_error_string(context, "Can't decode algorithm "
-			      "parameters in clientPublicValue");
-	goto out;
-    }
-
-    if ((dh_key_info->subjectPublicKey.length % 8) != 0) {
-	ret = KRB5_BADMSGTYPE;
-	krb5_set_error_string(context, "PKINIT: subjectPublicKey not aligned "
-			      "to 8 bit boundary");
-	goto out;
-    }
-
-
-    ret = _krb5_dh_group_ok(context, config->pkinit_dh_min_bits, 
-			    &dhparam.p, &dhparam.g, &dhparam.q, moduli,
-			    &client_params->dh_group_name);
-    if (ret) {
-	/* XXX send back proposal of better group */
-	goto out;
-    }
-
-    dh = DH_new();
-    if (dh == NULL) {
-	krb5_set_error_string(context, "Cannot create DH structure");
-	ret = ENOMEM;
-	goto out;
-    }
-    ret = KRB5_BADMSGTYPE;
-    dh->p = integer_to_BN(context, "DH prime", &dhparam.p);
-    if (dh->p == NULL)
-	goto out;
-    dh->g = integer_to_BN(context, "DH base", &dhparam.g);
-    if (dh->g == NULL)
-	goto out;
-    dh->q = integer_to_BN(context, "DH p-1 factor", &dhparam.q);
-    if (dh->g == NULL)
-	goto out;
-
-    {
-	heim_integer glue;
-	size_t size;
-
-	ret = decode_DHPublicKey(dh_key_info->subjectPublicKey.data,
-				 dh_key_info->subjectPublicKey.length / 8,
-				 &glue,
-				 &size);
-	if (ret) {
-	    krb5_clear_error_string(context);
-	    return ret;
-	}
-
-	client_params->dh_public_key = integer_to_BN(context,
-						     "subjectPublicKey",
-						     &glue);
-	der_free_heim_integer(&glue);
-	if (client_params->dh_public_key == NULL)
-	    goto out;
-    }
-
-    client_params->dh = dh;
-    dh = NULL;
-    ret = 0;
-    
- out:
-    if (dh)
-	DH_free(dh);
-    free_DomainParameters(&dhparam);
-    return ret;
-}
-
-krb5_error_code
-_kdc_pk_rd_padata(krb5_context context,
-		  krb5_kdc_configuration *config,
-		  const KDC_REQ *req,
-		  const PA_DATA *pa,
-		  pk_client_params **ret_params)
-{
-    pk_client_params *client_params;
-    krb5_error_code ret;
-    heim_oid eContentType = { 0, NULL }, contentInfoOid = { 0, NULL };
-    krb5_data eContent = { 0, NULL };
-    krb5_data signed_content = { 0, NULL };
-    const char *type = "unknown type";
-    int have_data = 0;
-
-    *ret_params = NULL;
-    
-    if (!config->enable_pkinit) {
-	kdc_log(context, config, 0, "PK-INIT request but PK-INIT not enabled");
-	krb5_clear_error_string(context);
-	return 0;
-    }
-
-    hx509_verify_set_time(kdc_identity->verify_ctx, _kdc_now.tv_sec);
-
-    client_params = calloc(1, sizeof(*client_params));
-    if (client_params == NULL) {
-	krb5_clear_error_string(context);
-	ret = ENOMEM;
-	goto out;
-    }
-
-    if (pa->padata_type == KRB5_PADATA_PK_AS_REQ_WIN) {
-	PA_PK_AS_REQ_Win2k r;
-
-	type = "PK-INIT-Win2k";
-
-	ret = decode_PA_PK_AS_REQ_Win2k(pa->padata_value.data,
-					pa->padata_value.length,
-					&r,
-					NULL);
-	if (ret) {
-	    krb5_set_error_string(context, "Can't decode "
-				  "PK-AS-REQ-Win2k: %d", ret);
-	    goto out;
-	}
-	
-	ret = hx509_cms_unwrap_ContentInfo(&r.signed_auth_pack,
-					   &contentInfoOid,
-					   &signed_content,
-					   &have_data);
-	free_PA_PK_AS_REQ_Win2k(&r);
-	if (ret) {
-	    krb5_set_error_string(context, "Can't decode PK-AS-REQ: %d", ret);
-	    goto out;
-	}
-
-    } else if (pa->padata_type == KRB5_PADATA_PK_AS_REQ) {
-	PA_PK_AS_REQ r;
-
-	type = "PK-INIT-IETF";
-
-	ret = decode_PA_PK_AS_REQ(pa->padata_value.data,
-				  pa->padata_value.length,
-				  &r,
-				  NULL);
-	if (ret) {
-	    krb5_set_error_string(context, "Can't decode PK-AS-REQ: %d", ret);
-	    goto out;
-	}
-	
-	/* XXX look at r.kdcPkId */
-	if (r.trustedCertifiers) {
-	    ExternalPrincipalIdentifiers *edi = r.trustedCertifiers;
-	    unsigned int i;
-
-	    ret = hx509_certs_init(kdc_identity->hx509ctx,
-				   "MEMORY:client-anchors",
-				   0, NULL,
-				   &client_params->client_anchors);
-	    if (ret) {
-		krb5_set_error_string(context, "Can't allocate client anchors: %d", ret);
-		goto out;
-
-	    }
-	    for (i = 0; i < edi->len; i++) {
-		IssuerAndSerialNumber iasn;
-		hx509_query *q;
-		hx509_cert cert;
-		size_t size;
-
-		if (edi->val[i].issuerAndSerialNumber == NULL)
-		    continue;
-
-		ret = hx509_query_alloc(kdc_identity->hx509ctx, &q);
-		if (ret) {
-		    krb5_set_error_string(context, 
-					  "Failed to allocate hx509_query");
-		    goto out;
-		}
-		
-		ret = decode_IssuerAndSerialNumber(edi->val[i].issuerAndSerialNumber->data,
-						   edi->val[i].issuerAndSerialNumber->length,
-						   &iasn,
-						   &size);
-		if (ret) {
-		    hx509_query_free(kdc_identity->hx509ctx, q);
-		    continue;
-		}
-		ret = hx509_query_match_issuer_serial(q, &iasn.issuer, &iasn.serialNumber);
-		free_IssuerAndSerialNumber(&iasn);
-		if (ret)
-		    continue;
-
-		ret = hx509_certs_find(kdc_identity->hx509ctx,
-				       kdc_identity->certs,
-				       q,
-				       &cert);
-		hx509_query_free(kdc_identity->hx509ctx, q);
-		if (ret)
-		    continue;
-		hx509_certs_add(kdc_identity->hx509ctx, 
-				client_params->client_anchors, cert);
-		hx509_cert_free(cert);
-	    }
-	}
-
-	ret = hx509_cms_unwrap_ContentInfo(&r.signedAuthPack,
-					   &contentInfoOid,
-					   &signed_content,
-					   &have_data);
-	free_PA_PK_AS_REQ(&r);
-	if (ret) {
-	    krb5_set_error_string(context, "Can't unwrap ContentInfo: %d", ret);
-	    goto out;
-	}
-
-    } else { 
-	krb5_clear_error_string(context);
-	ret = KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
-	goto out;
-    }
-
-    ret = der_heim_oid_cmp(&contentInfoOid, oid_id_pkcs7_signedData());
-    if (ret != 0) {
-	krb5_set_error_string(context, "PK-AS-REQ-Win2k invalid content "
-			      "type oid");
-	ret = KRB5KRB_ERR_GENERIC;
-	goto out;
-    }
-	
-    if (!have_data) {
-	krb5_set_error_string(context,
-			      "PK-AS-REQ-Win2k no signed auth pack");
-	ret = KRB5KRB_ERR_GENERIC;
-	goto out;
-    }
-
-    {
-	hx509_certs signer_certs;
-
-	ret = hx509_cms_verify_signed(kdc_identity->hx509ctx,
-				      kdc_identity->verify_ctx,
-				      signed_content.data,
-				      signed_content.length,
-				      NULL,
-				      kdc_identity->certpool,
-				      &eContentType,
-				      &eContent,
-				      &signer_certs);
-	if (ret) {
-	    char *s = hx509_get_error_string(kdc_identity->hx509ctx, ret);
-	    krb5_warnx(context, "PKINIT: failed to verify signature: %s: %d",
-		       s, ret);
-	    free(s);
-	    goto out;
-	}
-
-	ret = hx509_get_one_cert(kdc_identity->hx509ctx, signer_certs,
-				 &client_params->cert);
-	hx509_certs_free(&signer_certs);
-	if (ret)
-	    goto out;
-    }
-
-    /* Signature is correct, now verify the signed message */
-    if (der_heim_oid_cmp(&eContentType, oid_id_pkcs7_data()) != 0 &&
-	der_heim_oid_cmp(&eContentType, oid_id_pkauthdata()) != 0)
-    {
-	krb5_set_error_string(context, "got wrong oid for pkauthdata");
-	ret = KRB5_BADMSGTYPE;
-	goto out;
-    }
-
-    if (pa->padata_type == KRB5_PADATA_PK_AS_REQ_WIN) {
-	AuthPack_Win2k ap;
-
-	ret = decode_AuthPack_Win2k(eContent.data,
-				    eContent.length,
-				    &ap,
-				    NULL);
-	if (ret) {
-	    krb5_set_error_string(context, "can't decode AuthPack: %d", ret);
-	    goto out;
-	}
-  
-	ret = pk_check_pkauthenticator_win2k(context, 
-					     &ap.pkAuthenticator,
-					     req);
-	if (ret) {
-	    free_AuthPack_Win2k(&ap);
-	    goto out;
-	}
-
-	client_params->type = PKINIT_COMPAT_WIN2K;
-	client_params->nonce = ap.pkAuthenticator.nonce;
-
-	if (ap.clientPublicValue) {
-	    krb5_set_error_string(context, "DH not supported for windows");
-	    ret = KRB5KRB_ERR_GENERIC;
-	    goto out;
-	}
-	free_AuthPack_Win2k(&ap);
-
-    } else if (pa->padata_type == KRB5_PADATA_PK_AS_REQ) {
-	AuthPack ap;
-
-	ret = decode_AuthPack(eContent.data,
-			      eContent.length,
-			      &ap,
-			      NULL);
-	if (ret) {
-	    krb5_set_error_string(context, "can't decode AuthPack: %d", ret);
-	    free_AuthPack(&ap);
-	    goto out;
-	}
-  
-	ret = pk_check_pkauthenticator(context, 
-				       &ap.pkAuthenticator,
-				       req);
-	if (ret) {
-	    free_AuthPack(&ap);
-	    goto out;
-	}
-
-	client_params->type = PKINIT_COMPAT_27;
-	client_params->nonce = ap.pkAuthenticator.nonce;
-
-	if (ap.clientPublicValue) {
-	    ret = get_dh_param(context, config, 
-			       ap.clientPublicValue, client_params);
-	    if (ret) {
-		free_AuthPack(&ap);
-		goto out;
-	    }
-	}
-
-	if (ap.supportedCMSTypes) {
-	    ret = hx509_peer_info_alloc(kdc_identity->hx509ctx,
-					&client_params->peer);
-	    if (ret) {
-		free_AuthPack(&ap);
-		goto out;
-	    }
-	    ret = hx509_peer_info_set_cms_algs(kdc_identity->hx509ctx,
-					       client_params->peer,
-					       ap.supportedCMSTypes->val,
-					       ap.supportedCMSTypes->len);
-	    if (ret) {
-		free_AuthPack(&ap);
-		goto out;
-	    }
-	}
-	free_AuthPack(&ap);
-    } else
-	krb5_abortx(context, "internal pkinit error");
-
-    kdc_log(context, config, 0, "PK-INIT request of type %s", type);
-
-out:
-    if (ret)
-	krb5_warn(context, ret, "PKINIT");
-
-    if (signed_content.data)
-	free(signed_content.data);
-    krb5_data_free(&eContent);
-    der_free_oid(&eContentType);
-    der_free_oid(&contentInfoOid);
-    if (ret)
-	_kdc_pk_free_client_param(context, client_params);
-    else
-	*ret_params = client_params;
-    return ret;
-}
-
-/*
- *
- */
-
-static krb5_error_code
-BN_to_integer(krb5_context context, BIGNUM *bn, heim_integer *integer)
-{
-    integer->length = BN_num_bytes(bn);
-    integer->data = malloc(integer->length);
-    if (integer->data == NULL) {
-	krb5_clear_error_string(context);
-	return ENOMEM;
-    }
-    BN_bn2bin(bn, integer->data);
-    integer->negative = BN_is_negative(bn);
-    return 0;
-}
-
-static krb5_error_code
-pk_mk_pa_reply_enckey(krb5_context context,
-		      krb5_kdc_configuration *config,
-		      pk_client_params *client_params,
-		      const KDC_REQ *req,
-		      const krb5_data *req_buffer,
-		      krb5_keyblock *reply_key,
-		      ContentInfo *content_info)
-{
-    const heim_oid *envelopedAlg = NULL, *sdAlg = NULL;
-    krb5_error_code ret;
-    krb5_data buf, signed_data;
-    size_t size;
-    int do_win2k = 0;
-
-    krb5_data_zero(&buf);
-    krb5_data_zero(&signed_data);
-
-    /*
-     * If the message client is a win2k-type but it send pa data
-     * 09-binding it expects a IETF (checksum) reply so there can be
-     * no replay attacks.
-     */
-
-    switch (client_params->type) {
-    case PKINIT_COMPAT_WIN2K: {
-	int i = 0;
-	if (_kdc_find_padata(req, &i, KRB5_PADATA_PK_AS_09_BINDING) == NULL
-	    && config->pkinit_require_binding == 0)
-	{
-	    do_win2k = 1;
-	}
-	break;
-    }
-    case PKINIT_COMPAT_27:
-	break;
-    default:
-	krb5_abortx(context, "internal pkinit error");
-    }	    
-
-    if (do_win2k) {
-	ReplyKeyPack_Win2k kp;
-	memset(&kp, 0, sizeof(kp));
-
-	envelopedAlg = oid_id_rsadsi_des_ede3_cbc();
-	sdAlg = oid_id_pkcs7_data();
-
-	ret = copy_EncryptionKey(reply_key, &kp.replyKey);
-	if (ret) {
-	    krb5_clear_error_string(context);
-	    goto out;
-	}
-	kp.nonce = client_params->nonce;
-	
-	ASN1_MALLOC_ENCODE(ReplyKeyPack_Win2k, 
-			   buf.data, buf.length,
-			   &kp, &size,ret);
-	free_ReplyKeyPack_Win2k(&kp);
-    } else {
-	krb5_crypto ascrypto;
-	ReplyKeyPack kp;
-	memset(&kp, 0, sizeof(kp));
-
-	sdAlg = oid_id_pkrkeydata();
-
-	ret = copy_EncryptionKey(reply_key, &kp.replyKey);
-	if (ret) {
-	    krb5_clear_error_string(context);
-	    goto out;
-	}
-
-	ret = krb5_crypto_init(context, reply_key, 0, &ascrypto);
-	if (ret) {
-	    krb5_clear_error_string(context);
-	    goto out;
-	}
-
-	ret = krb5_create_checksum(context, ascrypto, 6, 0,
-				   req_buffer->data, req_buffer->length,
-				   &kp.asChecksum);
-	if (ret) {
-	    krb5_clear_error_string(context);
-	    goto out;
-	}
-			     
-	ret = krb5_crypto_destroy(context, ascrypto);
-	if (ret) {
-	    krb5_clear_error_string(context);
-	    goto out;
-	}
-	ASN1_MALLOC_ENCODE(ReplyKeyPack, buf.data, buf.length, &kp, &size,ret);
-	free_ReplyKeyPack(&kp);
-    }
-    if (ret) {
-	krb5_set_error_string(context, "ASN.1 encoding of ReplyKeyPack "
-			      "failed (%d)", ret);
-	goto out;
-    }
-    if (buf.length != size)
-	krb5_abortx(context, "Internal ASN.1 encoder error");
-
-    {
-	hx509_query *q;
-	hx509_cert cert;
-	
-	ret = hx509_query_alloc(kdc_identity->hx509ctx, &q);
-	if (ret)
-	    goto out;
-	
-	hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
-	hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE);
-	
-	ret = hx509_certs_find(kdc_identity->hx509ctx, 
-			       kdc_identity->certs, 
-			       q, 
-			       &cert);
-	hx509_query_free(kdc_identity->hx509ctx, q);
-	if (ret)
-	    goto out;
-	
-	ret = hx509_cms_create_signed_1(kdc_identity->hx509ctx,
-					0,
-					sdAlg,
-					buf.data,
-					buf.length,
-					NULL,
-					cert,
-					client_params->peer,
-					client_params->client_anchors,
-					kdc_identity->certpool,
-					&signed_data);
-	hx509_cert_free(cert);
-    }
-
-    krb5_data_free(&buf);
-    if (ret) 
-	goto out;
-
-    if (client_params->type == PKINIT_COMPAT_WIN2K) {
-	ret = hx509_cms_wrap_ContentInfo(oid_id_pkcs7_signedData(),
-					 &signed_data,
-					 &buf);
-	if (ret)
-	    goto out;
-	krb5_data_free(&signed_data);
-	signed_data = buf;
-    }
-
-    ret = hx509_cms_envelope_1(kdc_identity->hx509ctx,
-			       0,
-			       client_params->cert,
-			       signed_data.data, signed_data.length, 
-			       envelopedAlg,
-			       oid_id_pkcs7_signedData(), &buf);
-    if (ret)
-	goto out;
-    
-    ret = _krb5_pk_mk_ContentInfo(context,
-				  &buf,
-				  oid_id_pkcs7_envelopedData(),
-				  content_info);
-out:
-    krb5_data_free(&buf);
-    krb5_data_free(&signed_data);
-    return ret;
-}
-
-/*
- *
- */
-
-static krb5_error_code
-pk_mk_pa_reply_dh(krb5_context context,
-                  DH *kdc_dh,
-      		  pk_client_params *client_params,
-                  krb5_keyblock *reply_key,
-		  ContentInfo *content_info,
-		  hx509_cert *kdc_cert)
-{
-    KDCDHKeyInfo dh_info;
-    krb5_data signed_data, buf;
-    ContentInfo contentinfo;
-    krb5_error_code ret;
-    size_t size;
-    heim_integer i;
-
-    memset(&contentinfo, 0, sizeof(contentinfo));
-    memset(&dh_info, 0, sizeof(dh_info));
-    krb5_data_zero(&buf);
-    krb5_data_zero(&signed_data);
-
-    *kdc_cert = NULL;
-
-    ret = BN_to_integer(context, kdc_dh->pub_key, &i);
-    if (ret)
-	return ret;
-
-    ASN1_MALLOC_ENCODE(DHPublicKey, buf.data, buf.length, &i, &size, ret);
-    if (ret) {
-	krb5_set_error_string(context, "ASN.1 encoding of "
-			      "DHPublicKey failed (%d)", ret);
-	krb5_clear_error_string(context);
-	return ret;
-    }
-    if (buf.length != size)
-	krb5_abortx(context, "Internal ASN.1 encoder error");
-
-    dh_info.subjectPublicKey.length = buf.length * 8;
-    dh_info.subjectPublicKey.data = buf.data;
-    
-    dh_info.nonce = client_params->nonce;
-
-    ASN1_MALLOC_ENCODE(KDCDHKeyInfo, buf.data, buf.length, &dh_info, &size, 
-		       ret);
-    if (ret) {
-	krb5_set_error_string(context, "ASN.1 encoding of "
-			      "KdcDHKeyInfo failed (%d)", ret);
-	goto out;
-    }
-    if (buf.length != size)
-	krb5_abortx(context, "Internal ASN.1 encoder error");
-
-    /* 
-     * Create the SignedData structure and sign the KdcDHKeyInfo
-     * filled in above
-     */
-
-    {
-	hx509_query *q;
-	hx509_cert cert;
-	
-	ret = hx509_query_alloc(kdc_identity->hx509ctx, &q);
-	if (ret)
-	    goto out;
-	
-	hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
-	hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE);
-	
-	ret = hx509_certs_find(kdc_identity->hx509ctx, 
-			       kdc_identity->certs, 
-			       q, 
-			       &cert);
-	hx509_query_free(kdc_identity->hx509ctx, q);
-	if (ret)
-	    goto out;
-	
-	ret = hx509_cms_create_signed_1(kdc_identity->hx509ctx,
-					0,
-					oid_id_pkdhkeydata(),
-					buf.data,
-					buf.length,
-					NULL,
-					cert,
-					client_params->peer,
-					client_params->client_anchors,
-					kdc_identity->certpool,
-					&signed_data);
-	*kdc_cert = cert;
-    }
-    if (ret)
-	goto out;
-
-    ret = _krb5_pk_mk_ContentInfo(context,
-				  &signed_data,
-				  oid_id_pkcs7_signedData(),
-				  content_info);
-    if (ret)
-	goto out;
-
- out:
-    if (ret && *kdc_cert) {
-	hx509_cert_free(*kdc_cert);
-	*kdc_cert = NULL;
-    }
-
-    krb5_data_free(&buf);
-    krb5_data_free(&signed_data);
-    free_KDCDHKeyInfo(&dh_info);
-
-    return ret;
-}
-
-/*
- *
- */
-
-krb5_error_code
-_kdc_pk_mk_pa_reply(krb5_context context,
-		    krb5_kdc_configuration *config,
-		    pk_client_params *client_params,
-		    const hdb_entry_ex *client,
-		    const KDC_REQ *req,
-		    const krb5_data *req_buffer,
-		    krb5_keyblock **reply_key,
-		    METHOD_DATA *md)
-{
-    krb5_error_code ret;
-    void *buf;
-    size_t len, size;
-    krb5_enctype enctype;
-    int pa_type;
-    hx509_cert kdc_cert = NULL;
-    int i;
-
-    if (!config->enable_pkinit) {
-	krb5_clear_error_string(context);
-	return 0;
-    }
-
-    if (req->req_body.etype.len > 0) {
-	for (i = 0; i < req->req_body.etype.len; i++)
-	    if (krb5_enctype_valid(context, req->req_body.etype.val[i]) == 0)
-		break;
-	if (req->req_body.etype.len <= i) {
-	    ret = KRB5KRB_ERR_GENERIC;
-	    krb5_set_error_string(context,
-				  "No valid enctype available from client");
-	    goto out;
-	}	
-	enctype = req->req_body.etype.val[i];
-    } else
-	enctype = ETYPE_DES3_CBC_SHA1;
-
-    if (client_params->type == PKINIT_COMPAT_27) {
-	PA_PK_AS_REP rep;
-	const char *type, *other = "";
-
-	memset(&rep, 0, sizeof(rep));
-
-	pa_type = KRB5_PADATA_PK_AS_REP;
-
-	if (client_params->dh == NULL) {
-	    ContentInfo info;
-
-	    type = "enckey";
-
-	    rep.element = choice_PA_PK_AS_REP_encKeyPack;
-
-	    ret = krb5_generate_random_keyblock(context, enctype, 
-						&client_params->reply_key);
-	    if (ret) {
-		free_PA_PK_AS_REP(&rep);
-		goto out;
-	    }
-	    ret = pk_mk_pa_reply_enckey(context,
-					config,
-					client_params,
-					req,
-					req_buffer,
-					&client_params->reply_key,
-					&info);
-	    if (ret) {
-		free_PA_PK_AS_REP(&rep);
-		goto out;
-	    }
-	    ASN1_MALLOC_ENCODE(ContentInfo, rep.u.encKeyPack.data, 
-			       rep.u.encKeyPack.length, &info, &size, 
-			       ret);
-	    free_ContentInfo(&info);
-	    if (ret) {
-		krb5_set_error_string(context, "encoding of Key ContentInfo "
-				      "failed %d", ret);
-		free_PA_PK_AS_REP(&rep);
-		goto out;
-	    }
-	    if (rep.u.encKeyPack.length != size)
-		krb5_abortx(context, "Internal ASN.1 encoder error");
-
-	} else {
-	    ContentInfo info;
-
-	    type = "dh";
-	    if (client_params->dh_group_name)
-		other = client_params->dh_group_name;
-
-	    rep.element = choice_PA_PK_AS_REP_dhInfo;
-
-	    ret = generate_dh_keyblock(context, client_params, enctype,
-				       &client_params->reply_key);
-	    if (ret)
-		return ret;
-
-	    ret = pk_mk_pa_reply_dh(context, client_params->dh,
-				    client_params, 
-				    &client_params->reply_key,
-				    &info,
-				    &kdc_cert);
-
-	    ASN1_MALLOC_ENCODE(ContentInfo, rep.u.dhInfo.dhSignedData.data,
-			       rep.u.dhInfo.dhSignedData.length, &info, &size,
-			       ret);
-	    free_ContentInfo(&info);
-	    if (ret) {
-		krb5_set_error_string(context, "encoding of Key ContentInfo "
-				      "failed %d", ret);
-		free_PA_PK_AS_REP(&rep);
-		goto out;
-	    }
-	    if (rep.u.encKeyPack.length != size)
-		krb5_abortx(context, "Internal ASN.1 encoder error");
-
-	}
-	if (ret) {
-	    free_PA_PK_AS_REP(&rep);
-	    goto out;
-	}
-
-	ASN1_MALLOC_ENCODE(PA_PK_AS_REP, buf, len, &rep, &size, ret);
-	free_PA_PK_AS_REP(&rep);
-	if (ret) {
-	    krb5_set_error_string(context, "encode PA-PK-AS-REP failed %d",
-				  ret);
-	    goto out;
-	}
-	if (len != size)
-	    krb5_abortx(context, "Internal ASN.1 encoder error");
-
-	kdc_log(context, config, 0, "PK-INIT using %s %s", type, other);
-
-    } else if (client_params->type == PKINIT_COMPAT_WIN2K) {
-	PA_PK_AS_REP_Win2k rep;
-	ContentInfo info;
-
-	if (client_params->dh) {
-	    krb5_set_error_string(context, "Windows PK-INIT doesn't support DH");
-	    ret = KRB5KRB_ERR_GENERIC;
-	    goto out;
-	}
-
-	memset(&rep, 0, sizeof(rep));
-
-	pa_type = KRB5_PADATA_PK_AS_REP_19;
-	rep.element = choice_PA_PK_AS_REP_encKeyPack;
-
-	ret = krb5_generate_random_keyblock(context, enctype, 
-					    &client_params->reply_key);
-	if (ret) {
-	    free_PA_PK_AS_REP_Win2k(&rep);
-	    goto out;
-	}
-	ret = pk_mk_pa_reply_enckey(context,
-				    config,
-				    client_params,
-				    req,
-				    req_buffer,
-				    &client_params->reply_key,
-				    &info);
-	if (ret) {
-	    free_PA_PK_AS_REP_Win2k(&rep);
-	    goto out;
-	}
-	ASN1_MALLOC_ENCODE(ContentInfo, rep.u.encKeyPack.data, 
-			   rep.u.encKeyPack.length, &info, &size, 
-			   ret);
-	free_ContentInfo(&info);
-	if (ret) {
-	    krb5_set_error_string(context, "encoding of Key ContentInfo "
-				  "failed %d", ret);
-	    free_PA_PK_AS_REP_Win2k(&rep);
-	    goto out;
-	}
-	if (rep.u.encKeyPack.length != size)
-	    krb5_abortx(context, "Internal ASN.1 encoder error");
-
-	ASN1_MALLOC_ENCODE(PA_PK_AS_REP_Win2k, buf, len, &rep, &size, ret);
-	free_PA_PK_AS_REP_Win2k(&rep);
-	if (ret) {
-	    krb5_set_error_string(context, 
-				  "encode PA-PK-AS-REP-Win2k failed %d", ret);
-	    goto out;
-	}
-	if (len != size)
-	    krb5_abortx(context, "Internal ASN.1 encoder error");
-
-    } else
-	krb5_abortx(context, "PK-INIT internal error");
-
-
-    ret = krb5_padata_add(context, md, pa_type, buf, len);
-    if (ret) {
-	krb5_set_error_string(context, "failed adding PA-PK-AS-REP %d", ret);
-	free(buf);
-	goto out;
-    }
-
-    if (config->pkinit_kdc_ocsp_file) {
-
-	if (ocsp.expire == 0 && ocsp.next_update > kdc_time) {
-	    struct stat sb;
-	    int fd;
-
-	    krb5_data_free(&ocsp.data);
-
-	    ocsp.expire = 0;
-	    ocsp.next_update = kdc_time + 60 * 5;
-
-	    fd = open(config->pkinit_kdc_ocsp_file, O_RDONLY);
-	    if (fd < 0) {
-		kdc_log(context, config, 0, 
-			"PK-INIT failed to open ocsp data file %d", errno);
-		goto out_ocsp;
-	    }
-	    ret = fstat(fd, &sb);
-	    if (ret) {
-		ret = errno;
-		close(fd);
-		kdc_log(context, config, 0, 
-			"PK-INIT failed to stat ocsp data %d", ret);
-		goto out_ocsp;
-	    }
-	    
-	    ret = krb5_data_alloc(&ocsp.data, sb.st_size);
-	    if (ret) {
-		close(fd);
-		kdc_log(context, config, 0, 
-			"PK-INIT failed to stat ocsp data %d", ret);
-		goto out_ocsp;
-	    }
-	    ocsp.data.length = sb.st_size;
-	    ret = read(fd, ocsp.data.data, sb.st_size);
-	    close(fd);
-	    if (ret != sb.st_size) {
-		kdc_log(context, config, 0, 
-			"PK-INIT failed to read ocsp data %d", errno);
-		goto out_ocsp;
-	    }
-
-	    ret = hx509_ocsp_verify(kdc_identity->hx509ctx,
-				    kdc_time,
-				    kdc_cert,
-				    0,
-				    ocsp.data.data, ocsp.data.length,
-				    &ocsp.expire);
-	    if (ret) {
-		kdc_log(context, config, 0, 
-			"PK-INIT failed to verify ocsp data %d", ret);
-		krb5_data_free(&ocsp.data);
-		ocsp.expire = 0;
-	    } else if (ocsp.expire > 180) {
-		ocsp.expire -= 180; /* refetch the ocsp before it expire */
-		ocsp.next_update = ocsp.expire;
-	    } else {
-		ocsp.next_update = kdc_time;
-	    }
-	out_ocsp:
-	    ret = 0;
-	}
-
-	if (ocsp.expire != 0 && ocsp.expire > kdc_time) {
-
-	    ret = krb5_padata_add(context, md, 
-				  KRB5_PADATA_PA_PK_OCSP_RESPONSE,
-				  ocsp.data.data, ocsp.data.length);
-	    if (ret) {
-		krb5_set_error_string(context, 
-				      "Failed adding OCSP response %d", ret);
-		goto out;
-	    }
-	}
-    }
-
-out:
-    if (kdc_cert)
-	hx509_cert_free(kdc_cert);
-
-    if (ret == 0)
-	*reply_key = &client_params->reply_key;
-    return ret;
-}
-
-static int
-match_rfc_san(krb5_context context, 
-	      krb5_kdc_configuration *config,
-	      hx509_context hx509ctx,
-	      hx509_cert client_cert, 
-	      krb5_const_principal match)
-{
-    hx509_octet_string_list list;
-    int ret, i, found = 0;
-
-    memset(&list, 0 , sizeof(list));
-
-    ret = hx509_cert_find_subjectAltName_otherName(hx509ctx,
-						   client_cert,
-						   oid_id_pkinit_san(),
-						   &list);
-    if (ret)
-	goto out;
-
-    for (i = 0; !found && i < list.len; i++) {
-	krb5_principal_data principal;
-	KRB5PrincipalName kn;
-	size_t size;
-
-	ret = decode_KRB5PrincipalName(list.val[i].data, 
-				       list.val[i].length,
-				       &kn, &size);
-	if (ret) {
-	    kdc_log(context, config, 0,
-		    "Decoding kerberos name in certificate failed: %s",
-		    krb5_get_err_text(context, ret));
-	    break;
-	}
-	if (size != list.val[i].length) {
-	    kdc_log(context, config, 0,
-		    "Decoding kerberos name have extra bits on the end");
-	    return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
-	}
-
-	principal.name = kn.principalName;
-	principal.realm = kn.realm;
-
-	if (krb5_principal_compare(context, &principal, match) == TRUE)
-	    found = 1;
-	free_KRB5PrincipalName(&kn);
-    }
-
-out:
-    hx509_free_octet_string_list(&list);    
-    if (ret)
-	return ret;
-
-    if (!found)
-	return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
-
-    return 0;
-}
-
-static int
-match_ms_upn_san(krb5_context context, 
-		 krb5_kdc_configuration *config,
-		 hx509_context hx509ctx,
-		 hx509_cert client_cert, 
-		 krb5_const_principal match)
-{
-    hx509_octet_string_list list;
-    krb5_principal principal = NULL;
-    int ret, found = 0;
-    MS_UPN_SAN upn;
-    size_t size;
-
-    memset(&list, 0 , sizeof(list));
-
-    ret = hx509_cert_find_subjectAltName_otherName(hx509ctx,
-						   client_cert,
-						   oid_id_pkinit_ms_san(),
-						   &list);
-    if (ret)
-	goto out;
-
-    if (list.len != 1) {
-	kdc_log(context, config, 0,
-		"More then one PK-INIT MS UPN SAN");
-	goto out;
-    }
-
-    ret = decode_MS_UPN_SAN(list.val[0].data, list.val[0].length, &upn, &size);
-    if (ret) {
-	kdc_log(context, config, 0, "Decode of MS-UPN-SAN failed");
-	goto out;
-    }
-
-    kdc_log(context, config, 0, "found MS UPN SAN: %s", upn);
-
-    ret = krb5_parse_name(context, upn, &principal);
-    free_MS_UPN_SAN(&upn);
-    if (ret) {
-	kdc_log(context, config, 0, "Failed to parse principal in MS UPN SAN");
-	goto out;
-    }
-
-    /* 
-     * This is very wrong, but will do for now, should really and a
-     * plugin to the windc layer to very this ACL.
-    */
-    strupr(principal->realm);
-
-    if (krb5_principal_compare(context, principal, match) == TRUE)
-	found = 1;
-
-out:
-    if (principal)
-	krb5_free_principal(context, principal);
-    hx509_free_octet_string_list(&list);    
-    if (ret)
-	return ret;
-
-    if (!found)
-	return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
-
-    return 0;
-}
-
-krb5_error_code
-_kdc_pk_check_client(krb5_context context,
-		     krb5_kdc_configuration *config,
-		     const hdb_entry_ex *client,
-		     pk_client_params *client_params,
-		     char **subject_name)
-{
-    const HDB_Ext_PKINIT_acl *acl;
-    krb5_error_code ret;
-    hx509_name name;
-    int i;
-
-    ret = hx509_cert_get_base_subject(kdc_identity->hx509ctx,
-				      client_params->cert,
-				      &name);
-    if (ret)
-	return ret;
-
-    ret = hx509_name_to_string(name, subject_name);
-    hx509_name_free(&name);
-    if (ret)
-	return ret;
-
-    kdc_log(context, config, 0,
-	    "Trying to authorize PK-INIT subject DN %s", 
-	    *subject_name);
-
-    if (config->pkinit_princ_in_cert) {
-	ret = match_rfc_san(context, config,
-			    kdc_identity->hx509ctx,
-			    client_params->cert,
-			    client->entry.principal);
-	if (ret == 0) {
-	    kdc_log(context, config, 5,
-		    "Found matching PK-INIT SAN in certificate");
-	    return 0;
-	}
-	ret = match_ms_upn_san(context, config,
-			       kdc_identity->hx509ctx,
-			       client_params->cert,
-			       client->entry.principal);
-	if (ret == 0) {
-	    kdc_log(context, config, 5,
-		    "Found matching MS UPN SAN in certificate");
-	    return 0;
-	}
-    }
-
-    ret = hdb_entry_get_pkinit_acl(&client->entry, &acl);
-    if (ret == 0 && acl != NULL) {
-	/*
-	 * Cheat here and compare the generated name with the string
-	 * and not the reverse.
-	 */
-	for (i = 0; i < acl->len; i++) {
-	    if (strcmp(*subject_name, acl->val[0].subject) != 0)
-		continue;
-
-	    /* Don't support isser and anchor checking right now */
-	    if (acl->val[0].issuer)
-		continue;
-	    if (acl->val[0].anchor)
-		continue;
-
-	    kdc_log(context, config, 5,
-		    "Found matching PK-INIT database ACL");
-	    return 0;
-	}
-    }
-
-    for (i = 0; i < principal_mappings.len; i++) {
-	krb5_boolean b;
-
-	b = krb5_principal_compare(context,
-				   client->entry.principal,
-				   principal_mappings.val[i].principal);
-	if (b == FALSE)
-	    continue;
-	if (strcmp(principal_mappings.val[i].subject, *subject_name) != 0)
-	    continue;
-	kdc_log(context, config, 5,
-		"Found matching PK-INIT FILE ACL");
-	return 0;
-    }
-
-    krb5_set_error_string(context,
-			  "PKINIT no matching principals for %s",
-			  *subject_name);
-
-    kdc_log(context, config, 5,
-	    "PKINIT no matching principals for %s",
-	    *subject_name);
-
-    free(*subject_name);
-    *subject_name = NULL;
-
-    return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
-}
-
-static krb5_error_code
-add_principal_mapping(krb5_context context, 
-		      const char *principal_name,
-		      const char * subject)
-{
-   struct pk_allowed_princ *tmp;
-   krb5_principal principal;
-   krb5_error_code ret;
-
-   tmp = realloc(principal_mappings.val,
-	         (principal_mappings.len + 1) * sizeof(*tmp));
-   if (tmp == NULL)
-       return ENOMEM;
-   principal_mappings.val = tmp;
-
-   ret = krb5_parse_name(context, principal_name, &principal);
-   if (ret)
-       return ret;
-
-   principal_mappings.val[principal_mappings.len].principal = principal;
-
-   principal_mappings.val[principal_mappings.len].subject = strdup(subject);
-   if (principal_mappings.val[principal_mappings.len].subject == NULL) {
-       krb5_free_principal(context, principal);
-       return ENOMEM;
-   }
-   principal_mappings.len++;
-
-   return 0;
-}
-
-krb5_error_code
-_kdc_add_inital_verified_cas(krb5_context context,
-			     krb5_kdc_configuration *config,
-			     pk_client_params *params,
-			     EncTicketPart *tkt)
-{
-    AD_INITIAL_VERIFIED_CAS cas;
-    krb5_error_code ret;
-    krb5_data data;
-    size_t size;
-
-    memset(&cas, 0, sizeof(cas));
-    
-    /* XXX add CAs to cas here */
-
-    ASN1_MALLOC_ENCODE(AD_INITIAL_VERIFIED_CAS, data.data, data.length,
-		       &cas, &size, ret);
-    if (ret)
-	return ret;
-    if (data.length != size)
-	krb5_abortx(context, "internal asn.1 encoder error");
-
-    ret = _kdc_tkt_add_if_relevant_ad(context, tkt, 
-				      KRB5_AUTHDATA_INITIAL_VERIFIED_CAS,
-				      &data);
-    krb5_data_free(&data);
-    return ret;
-}
-
-/*
- *
- */
-
-static void
-load_mappings(krb5_context context, const char *fn)
-{
-    krb5_error_code ret;
-    char buf[1024];
-    unsigned long lineno = 0;
-    FILE *f;
-
-    f = fopen(fn, "r");
-    if (f == NULL)
-	return;
-
-    while (fgets(buf, sizeof(buf), f) != NULL) {
-	char *subject_name, *p;
-    
-	buf[strcspn(buf, "\n")] = '\0';
-	lineno++;
-
-	p = buf + strspn(buf, " \t");
-
-	if (*p == '#' || *p == '\0')
-	    continue;
-
-	subject_name = strchr(p, ':');
-	if (subject_name == NULL) {
-	    krb5_warnx(context, "pkinit mapping file line %lu "
-		       "missing \":\" :%s",
-		       lineno, buf);
-	    continue;
-	}
-	*subject_name++ = '\0';
-
-	ret = add_principal_mapping(context, p, subject_name);
-	if (ret) {
-	    krb5_warn(context, ret, "failed to add line %lu \":\" :%s\n",
-		      lineno, buf);
-	    continue;
-	}
-    } 
-
-    fclose(f);
-}
-		   
-/*
- *
- */
-
-krb5_error_code
-_kdc_pk_initialize(krb5_context context,
-		   krb5_kdc_configuration *config,
-		   const char *user_id,
-		   const char *anchors,
-		   char **pool,
-		   char **revoke_list)
-{
-    const char *file;
-    char *fn = NULL;
-    krb5_error_code ret;
-
-    file = krb5_config_get_string(context, NULL,
-				  "libdefaults", "moduli", NULL);
-
-    ret = _krb5_parse_moduli(context, file, &moduli);
-    if (ret)
-	krb5_err(context, 1, ret, "PKINIT: failed to load modidi file");
-
-    principal_mappings.len = 0;
-    principal_mappings.val = NULL;
-
-    ret = _krb5_pk_load_id(context,
-			   &kdc_identity,
-			   user_id,
-			   anchors,
-			   pool,
-			   revoke_list,
-			   NULL,
-			   NULL,
-			   NULL);
-    if (ret) {
-	krb5_warn(context, ret, "PKINIT: ");
-	config->enable_pkinit = 0;
-	return ret;
-    }
-
-    {
-	hx509_query *q;
-	hx509_cert cert;
-	
-	ret = hx509_query_alloc(kdc_identity->hx509ctx, &q);
-	if (ret) {
-	    krb5_warnx(context, "PKINIT: out of memory");
-	    return ENOMEM;
-	}
-	
-	hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
-	hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE);
-	
-	ret = hx509_certs_find(kdc_identity->hx509ctx,
-			       kdc_identity->certs,
-			       q,
-			       &cert);
-	hx509_query_free(kdc_identity->hx509ctx, q);
-	if (ret == 0) {
-	    if (hx509_cert_check_eku(kdc_identity->hx509ctx, cert,
-				     oid_id_pkkdcekuoid(), 0))
-		krb5_warnx(context, "WARNING Found KDC certificate "
-			   "is missing the PK-INIT KDC EKU, this is bad for "
-			   "interoperability.");
-	    hx509_cert_free(cert);
-	} else
-	    krb5_warnx(context, "PKINIT: failed to find a signing "
-		       "certifiate with a public key");
-    }
-
-    ret = krb5_config_get_bool_default(context, 
-				       NULL,
-				       FALSE,
-				       "kdc",
-				       "pkinit_allow_proxy_certificate",
-				       NULL);
-    _krb5_pk_allow_proxy_certificate(kdc_identity, ret);
-
-    file = krb5_config_get_string(context, 
-				  NULL,
-				  "kdc",
-				  "pkinit_mappings_file",
-				  NULL);
-    if (file == NULL) {
-	asprintf(&fn, "%s/pki-mapping", hdb_db_dir(context));
-	file = fn;
-    }
-
-    load_mappings(context, file);
-    if (fn)
-	free(fn);
-
-    return 0;
-}
-
-#endif /* PKINIT */
diff --git a/crypto/heimdal/kdc/process.c b/crypto/heimdal/kdc/process.c
deleted file mode 100644
index 1d0a01a215d1..000000000000
--- a/crypto/heimdal/kdc/process.c
+++ /dev/null
@@ -1,219 +0,0 @@
-/*
- * Copyright (c) 1997-2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- *
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kdc_locl.h"
-
-RCSID("$Id: process.c 20959 2007-06-07 04:46:06Z lha $");
-
-/*
- *
- */
-
-void
-krb5_kdc_update_time(struct timeval *tv)
-{
-    if (tv == NULL)
-	gettimeofday(&_kdc_now, NULL);
-    else
-	_kdc_now = *tv;
-}
-
-/*
- * handle the request in `buf, len', from `addr' (or `from' as a string),
- * sending a reply in `reply'.
- */
-
-int
-krb5_kdc_process_request(krb5_context context, 
-			 krb5_kdc_configuration *config,
-			 unsigned char *buf, 
-			 size_t len, 
-			 krb5_data *reply,
-			 krb5_boolean *prependlength,
-			 const char *from,
-			 struct sockaddr *addr,
-			 int datagram_reply)
-{
-    KDC_REQ req;
-    Ticket ticket;
-    DigestREQ digestreq;
-    Kx509Request kx509req;
-    krb5_error_code ret;
-    size_t i;
-
-    if(decode_AS_REQ(buf, len, &req, &i) == 0){
-	krb5_data req_buffer;
-
-	req_buffer.data = buf;
-	req_buffer.length = len;
-
-	ret = _kdc_as_rep(context, config, &req, &req_buffer, 
-			  reply, from, addr, datagram_reply);
-	free_AS_REQ(&req);
-	return ret;
-    }else if(decode_TGS_REQ(buf, len, &req, &i) == 0){
-	ret = _kdc_tgs_rep(context, config, &req, reply, from, addr, datagram_reply);
-	free_TGS_REQ(&req);
-	return ret;
-    }else if(decode_Ticket(buf, len, &ticket, &i) == 0){
-	ret = _kdc_do_524(context, config, &ticket, reply, from, addr);
-	free_Ticket(&ticket);
-	return ret;
-    }else if(decode_DigestREQ(buf, len, &digestreq, &i) == 0){
-	ret = _kdc_do_digest(context, config, &digestreq, reply, from, addr);
-	free_DigestREQ(&digestreq);
-	return ret;
-    } else if (_kdc_try_kx509_request(buf, len, &kx509req, &i) == 0) {
-	ret = _kdc_do_kx509(context, config, &kx509req, reply, from, addr);
-	free_Kx509Request(&kx509req);
-	return ret;
-    } else if(_kdc_maybe_version4(buf, len)){
-	*prependlength = FALSE; /* elbitapmoc sdrawkcab XXX */
-	_kdc_do_version4(context, config, buf, len, reply, from, 
-			 (struct sockaddr_in*)addr);
-	return 0;
-    } else if (config->enable_kaserver) {
-	ret = _kdc_do_kaserver(context, config, buf, len, reply, from,
-			       (struct sockaddr_in*)addr);
-	return ret;
-    }
-			  
-    return -1;
-}
-
-/*
- * handle the request in `buf, len', from `addr' (or `from' as a string),
- * sending a reply in `reply'.
- *
- * This only processes krb5 requests
- */
-
-int
-krb5_kdc_process_krb5_request(krb5_context context, 
-			      krb5_kdc_configuration *config,
-			      unsigned char *buf, 
-			      size_t len, 
-			      krb5_data *reply,
-			      const char *from,
-			      struct sockaddr *addr,
-			      int datagram_reply)
-{
-    KDC_REQ req;
-    krb5_error_code ret;
-    size_t i;
-
-    if(decode_AS_REQ(buf, len, &req, &i) == 0){
-	krb5_data req_buffer;
-
-	req_buffer.data = buf;
-	req_buffer.length = len;
-
-	ret = _kdc_as_rep(context, config, &req, &req_buffer,
-			  reply, from, addr, datagram_reply);
-	free_AS_REQ(&req);
-	return ret;
-    }else if(decode_TGS_REQ(buf, len, &req, &i) == 0){
-	ret = _kdc_tgs_rep(context, config, &req, reply, from, addr, datagram_reply);
-	free_TGS_REQ(&req);
-	return ret;
-    }
-    return -1;
-}
-
-/*
- *
- */
-
-int
-krb5_kdc_save_request(krb5_context context, 
-		      const char *fn,
-		      const unsigned char *buf,
-		      size_t len,
-		      const krb5_data *reply,
-		      const struct sockaddr *sa)
-{
-    krb5_storage *sp;
-    krb5_address a;
-    int fd, ret;
-    uint32_t t;
-    krb5_data d;
-
-    memset(&a, 0, sizeof(a));
-
-    d.data = rk_UNCONST(buf);
-    d.length = len;
-    t = _kdc_now.tv_sec;
-
-    fd = open(fn, O_WRONLY|O_CREAT|O_APPEND, 0600);
-    if (fd < 0) {
-	krb5_set_error_string(context, "Failed to open: %s", fn);
-	return errno;
-    }
-    
-    sp = krb5_storage_from_fd(fd);
-    close(fd);
-    if (sp == NULL) {
-	krb5_set_error_string(context, "Storage failed to open fd");
-	return ENOMEM;
-    }
-
-    ret = krb5_sockaddr2address(context, sa, &a);
-    if (ret)
-	goto out;
-
-    krb5_store_uint32(sp, 1);
-    krb5_store_uint32(sp, t);
-    krb5_store_address(sp, a);
-    krb5_store_data(sp, d);
-    {
-	Der_class cl;
-	Der_type ty;
-	unsigned int tag;
-	ret = der_get_tag (reply->data, reply->length,
-			   &cl, &ty, &tag, NULL);
-	if (ret) {
-	    krb5_store_uint32(sp, 0xffffffff);
-	    krb5_store_uint32(sp, 0xffffffff);
-	} else {
-	    krb5_store_uint32(sp, MAKE_TAG(cl, ty, 0));
-	    krb5_store_uint32(sp, tag);
-	}
-    }
-
-    krb5_free_address(context, &a);
-out:
-    krb5_storage_free(sp);
-
-    return 0;
-}
diff --git a/crypto/heimdal/kdc/rx.h b/crypto/heimdal/kdc/rx.h
deleted file mode 100644
index 18806d79dae6..000000000000
--- a/crypto/heimdal/kdc/rx.h
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: rx.h 17447 2006-05-05 10:52:01Z lha $ */
-
-#ifndef __RX_H__
-#define __RX_H__
-
-/* header of a RPC packet */
-
-enum rx_header_type {
-     HT_DATA = 1,
-     HT_ACK = 2,
-     HT_BUSY = 3,
-     HT_ABORT = 4,
-     HT_ACKALL = 5,
-     HT_CHAL = 6,
-     HT_RESP = 7,
-     HT_DEBUG = 8
-};
-
-/* For flags in header */
-
-enum rx_header_flag {
-     HF_CLIENT_INITIATED = 1,
-     HF_REQ_ACK = 2,
-     HF_LAST = 4,
-     HF_MORE = 8
-};
-
-struct rx_header {
-     uint32_t epoch;
-     uint32_t connid;		/* And channel ID */
-     uint32_t callid;
-     uint32_t seqno;
-     uint32_t serialno;
-     u_char type;
-     u_char flags;
-     u_char status;
-     u_char secindex;
-     uint16_t reserved;	/* ??? verifier? */
-     uint16_t serviceid;
-/* This should be the other way around according to everything but */
-/* tcpdump */
-};
-
-#define RX_HEADER_SIZE 28
-
-#endif /* __RX_H__ */
diff --git a/crypto/heimdal/kdc/set_dbinfo.c b/crypto/heimdal/kdc/set_dbinfo.c
deleted file mode 100644
index 651f4c4a4b21..000000000000
--- a/crypto/heimdal/kdc/set_dbinfo.c
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- * Copyright (c) 1997-2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- *
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kdc_locl.h"
-
-RCSID("$Id: default_config.c 21296 2007-06-25 14:49:11Z lha $");
-
-krb5_error_code
-krb5_kdc_set_dbinfo(krb5_context context, struct krb5_kdc_configuration *c)
-{
-    struct hdb_dbinfo *info, *d;
-    krb5_error_code ret;
-    int i;
-
-    /* fetch the databases */
-    ret = hdb_get_dbinfo(context, &info);
-    if (ret)
-	return ret;
-    
-    d = NULL;
-    while ((d = hdb_dbinfo_get_next(info, d)) != NULL) {
-	void *ptr;
-	
-	ptr = realloc(c->db, (c->num_db + 1) * sizeof(*c->db));
-	if (ptr == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string(context, "out of memory");
-	    goto out;
-	}
-	c->db = ptr;
-	
-	ret = hdb_create(context, &c->db[c->num_db], 
-			 hdb_dbinfo_get_dbname(context, d));
-	if(ret)
-	    goto out;
-	
-	ret = hdb_set_master_keyfile(context, c->db[c->num_db], 
-				     hdb_dbinfo_get_mkey_file(context, d));
-	if (ret)
-	    goto out;
-	
-	c->num_db++;
-
-	kdc_log(context, c, 0, "label: %s",
-		hdb_dbinfo_get_label(context, d));
-	kdc_log(context, c, 0, "\tdbname: %s",
-		hdb_dbinfo_get_dbname(context, d));
-	kdc_log(context, c, 0, "\tmkey_file: %s",
-		hdb_dbinfo_get_mkey_file(context, d));
-	kdc_log(context, c, 0, "\tacl_file: %s",
-		hdb_dbinfo_get_acl_file(context, d));
-    }
-    hdb_free_dbinfo(context, &info);
-
-    return 0;
-out:
-    for (i = 0; i < c->num_db; i++)
-	if (c->db[i] && c->db[i]->hdb_destroy)
-	    (*c->db[i]->hdb_destroy)(context, c->db[i]);
-    c->num_db = 0;
-    free(c->db);
-    c->db = NULL;
- 
-    hdb_free_dbinfo(context, &info);
-
-    return ret;
-}
-
-
diff --git a/crypto/heimdal/kdc/string2key.8 b/crypto/heimdal/kdc/string2key.8
deleted file mode 100644
index 8f2d562cc809..000000000000
--- a/crypto/heimdal/kdc/string2key.8
+++ /dev/null
@@ -1,110 +0,0 @@
-.\" Copyright (c) 2000 - 2002 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: string2key.8 11648 2003-02-16 21:10:32Z lha $
-.\"
-.Dd March  4, 2000
-.Dt STRING2KEY 8
-.Os HEIMDAL
-.Sh NAME
-.Nm string2key
-.Nd map a password into a key
-.Sh SYNOPSIS
-.Nm
-.Op Fl 5 | Fl -version5
-.Op Fl 4 | Fl -version4
-.Op Fl a | Fl -afs
-.Oo Fl c Ar cell \*(Ba Xo
-.Fl -cell= Ns Ar cell
-.Xc
-.Oc
-.Oo Fl w Ar password \*(Ba Xo
-.Fl -password= Ns Ar password
-.Xc
-.Oc
-.Oo Fl p Ar principal \*(Ba Xo
-.Fl -principal= Ns Ar principal
-.Xc
-.Oc
-.Oo Fl k Ar string \*(Ba Xo
-.Fl -keytype= Ns Ar string
-.Xc
-.Oc
-.Ar password
-.Sh DESCRIPTION
-.Nm
-performs the string-to-key function.
-This is useful when you want to handle the raw key instead of the password.
-Supported options:
-.Bl -tag -width Ds
-.It Xo
-.Fl 5 ,
-.Fl -version5
-.Xc
-Output Kerberos v5 string-to-key
-.It Xo
-.Fl 4 ,
-.Fl -version4
-.Xc
-Output Kerberos v4 string-to-key
-.It Xo
-.Fl a ,
-.Fl -afs
-.Xc
-Output AFS string-to-key
-.It Xo
-.Fl c Ar cell ,
-.Fl -cell= Ns Ar cell
-.Xc
-AFS cell to use
-.It Xo
-.Fl w Ar password ,
-.Fl -password= Ns Ar password
-.Xc
-Password to use
-.It Xo
-.Fl p Ar principal ,
-.Fl -principal= Ns Ar principal
-.Xc
-Kerberos v5 principal to use
-.It Xo
-.Fl k Ar string ,
-.Fl -keytype= Ns Ar string
-.Xc
-Keytype
-.It Xo
-.Fl -version
-.Xc
-print version
-.It Xo
-.Fl -help
-.Xc
-.El
diff --git a/crypto/heimdal/kdc/string2key.c b/crypto/heimdal/kdc/string2key.c
deleted file mode 100644
index 4211bf7a93f5..000000000000
--- a/crypto/heimdal/kdc/string2key.c
+++ /dev/null
@@ -1,201 +0,0 @@
-/*
- * Copyright (c) 1997-2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "headers.h"
-#include <getarg.h>
-
-RCSID("$Id: string2key.c 19213 2006-12-04 23:36:36Z lha $");
-
-int version5;
-int version4;
-int afs;
-char *principal;
-char *cell;
-char *password;
-const char *keytype_str = "des3-cbc-sha1";
-int version;
-int help;
-
-struct getargs args[] = {
-    { "version5", '5', arg_flag,   &version5, "Output Kerberos v5 string-to-key" },
-    { "version4", '4', arg_flag,   &version4, "Output Kerberos v4 string-to-key" },
-    { "afs",      'a', arg_flag,   &afs, "Output AFS string-to-key" },
-    { "cell",     'c', arg_string, &cell, "AFS cell to use", "cell" },
-    { "password", 'w', arg_string, &password, "Password to use", "password" },
-    { "principal",'p', arg_string, &principal, "Kerberos v5 principal to use", "principal" },
-    { "keytype",  'k', arg_string, &keytype_str, "Keytype" },
-    { "version",    0, arg_flag,   &version, "print version" },
-    { "help",       0, arg_flag,   &help, NULL }
-};
-
-int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(int status)
-{
-    arg_printusage (args, num_args, NULL, "password");
-    exit(status);
-}
-
-static void
-tokey(krb5_context context, 
-      krb5_enctype enctype, 
-      const char *pw, 
-      krb5_salt salt, 
-      const char *label)
-{
-    krb5_error_code ret;
-    int i;
-    krb5_keyblock key;
-    char *e;
-
-    ret = krb5_string_to_key_salt(context, enctype, pw, salt, &key);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_string_to_key_salt");
-    ret = krb5_enctype_to_string(context, enctype, &e);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_enctype_to_string");
-    printf(label, e);
-    printf(": ");
-    for(i = 0; i < key.keyvalue.length; i++)
-	printf("%02x", ((unsigned char*)key.keyvalue.data)[i]);
-    printf("\n");
-    krb5_free_keyblock_contents(context, &key);
-    free(e);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_principal princ;
-    krb5_salt salt;
-    int optidx;
-    char buf[1024];
-    krb5_enctype etype;
-    krb5_error_code ret;
-
-    optidx = krb5_program_setup(&context, argc, argv, args, num_args, NULL);
-
-    if(help)
-	usage(0);
-    
-    if(version){
-	print_version (NULL);
-	return 0;
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    if (argc > 1)
-	usage(1);
-
-    if(!version5 && !version4 && !afs)
-	version5 = 1;
-
-    ret = krb5_string_to_enctype(context, keytype_str, &etype);
-    if(ret) {
-	krb5_keytype keytype;
-	int *etypes;
-	unsigned num;
-	char *str;
-	ret = krb5_string_to_keytype(context, keytype_str, &keytype);
-	if(ret)
-	    krb5_err(context, 1, ret, "%s", keytype_str);
-	ret = krb5_keytype_to_enctypes(context, keytype, &num, &etypes);
-	if(ret)
-	    krb5_err(context, 1, ret, "%s", keytype_str);
-	if(num == 0)
-	    krb5_errx(context, 1, "there are no encryption types for that keytype");
-	etype = etypes[0];
-	krb5_enctype_to_string(context, etype, &str);
-	keytype_str = str;
-	if(num > 1 && version5)
-	    krb5_warnx(context, "ambiguous keytype, using %s", keytype_str);
-    }
-    
-    if((etype != ETYPE_DES_CBC_CRC &&
-	etype != ETYPE_DES_CBC_MD4 &&
-	etype != ETYPE_DES_CBC_MD5) &&
-       (afs || version4)) {
-	if(!version5) {
-	    etype = ETYPE_DES_CBC_CRC;
-	} else {
-	    krb5_errx(context, 1, 
-		      "DES is the only valid keytype for AFS and Kerberos 4");
-	}
-    }
-
-    if(version5 && principal == NULL){
-	printf("Kerberos v5 principal: ");
-	if(fgets(buf, sizeof(buf), stdin) == NULL)
-	    return 1;
-	buf[strcspn(buf, "\r\n")] = '\0';
-	principal = estrdup(buf);
-    }
-    if(afs && cell == NULL){
-	printf("AFS cell: ");
-	if(fgets(buf, sizeof(buf), stdin) == NULL)
-	    return 1;
-	buf[strcspn(buf, "\r\n")] = '\0';
-	cell = estrdup(buf);
-    }
-    if(argv[0])
-	password = argv[0];
-    if(password == NULL){
-	if(UI_UTIL_read_pw_string(buf, sizeof(buf), "Password: ", 0))
-	    return 1;
-	password = buf;
-    }
-	
-    if(version5){
-	krb5_parse_name(context, principal, &princ);
-	krb5_get_pw_salt(context, princ, &salt);
-	tokey(context, etype, password, salt, "Kerberos 5 (%s)");
-	krb5_free_salt(context, salt);
-    }
-    if(version4){
-	salt.salttype = KRB5_PW_SALT;
-	salt.saltvalue.length = 0;
-	salt.saltvalue.data = NULL;
-	tokey(context, ETYPE_DES_CBC_MD5, password, salt, "Kerberos 4");
-    }
-    if(afs){
-	salt.salttype = KRB5_AFS3_SALT;
-	salt.saltvalue.length = strlen(cell);
-	salt.saltvalue.data = cell;
-	tokey(context, ETYPE_DES_CBC_MD5, password, salt, "AFS");
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/kdc/v4_dump.c b/crypto/heimdal/kdc/v4_dump.c
deleted file mode 100644
index 93c56f87f27f..000000000000
--- a/crypto/heimdal/kdc/v4_dump.c
+++ /dev/null
@@ -1,143 +0,0 @@
-/*
- * Copyright (c) 2000 - 2001, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "hprop.h"
-
-RCSID("$Id: v4_dump.c 17023 2006-04-09 17:41:47Z lha $");
-
-static time_t
-time_parse(const char *cp)
-{
-    char wbuf[5];
-    struct tm tp;
-    int local;
-
-    memset(&tp, 0, sizeof(tp));	/* clear out the struct */
-    
-    /* new format is YYYYMMDDHHMM UTC,
-       old format is YYMMDDHHMM local time */
-    if (strlen(cp) > 10) {		/* new format */
-	strlcpy(wbuf, cp, sizeof(wbuf));
-	tp.tm_year = atoi(wbuf) - 1900;
-	cp += 4;
-	local = 0;
-    } else {
-	wbuf[0] = *cp++;
-	wbuf[1] = *cp++;
-	wbuf[2] = '\0';
-	tp.tm_year = atoi(wbuf);
-	if(tp.tm_year < 38)
-	    tp.tm_year += 100;
-	local = 1;
-    }
-
-    wbuf[0] = *cp++;
-    wbuf[1] = *cp++;
-    wbuf[2] = 0;
-    tp.tm_mon = atoi(wbuf) - 1;
-
-    wbuf[0] = *cp++;
-    wbuf[1] = *cp++;
-    tp.tm_mday = atoi(wbuf);
-    
-    wbuf[0] = *cp++;
-    wbuf[1] = *cp++;
-    tp.tm_hour = atoi(wbuf);
-    
-    wbuf[0] = *cp++;
-    wbuf[1] = *cp++;
-    tp.tm_min = atoi(wbuf);
-    
-    return(tm2time(tp, local));
-}
-
-/* convert a version 4 dump file */
-int
-v4_prop_dump(void *arg, const char *file)
-{
-    char buf [1024];
-    FILE *f;
-    int lineno = 0;
-
-    f = fopen(file, "r");
-    if(f == NULL)
-	return errno;
-    
-    while(fgets(buf, sizeof(buf), f)) {
-	int ret;
-	unsigned long key[2]; /* yes, long */
-	char exp_date[64], mod_date[64];
-	struct v4_principal pr;
-	int attributes;
-    
-	memset(&pr, 0, sizeof(pr));
-	errno = 0;
-	lineno++;
-	ret = sscanf(buf, "%63s %63s %d %d %d %d %lx %lx %63s %63s %63s %63s",
-		     pr.name, pr.instance,
-		     &pr.max_life, &pr.mkvno, &pr.kvno,
-		     &attributes,
-		     &key[0], &key[1],
-		     exp_date, mod_date,
-		     pr.mod_name, pr.mod_instance);
-	if(ret != 12){
-	    warnx("Line %d malformed (ignored)", lineno);
-	    continue;
-	}
-	if(attributes != 0) {
-	    warnx("Line %d (%s.%s) has non-zero attributes - skipping", 
-		  lineno, pr.name, pr.instance);
-	    continue;
-	}
-	pr.key[0] = (key[0] >> 24) & 0xff;
-	pr.key[1] = (key[0] >> 16) & 0xff;
-	pr.key[2] = (key[0] >> 8) & 0xff;
-	pr.key[3] = (key[0] >> 0) & 0xff;
-	pr.key[4] = (key[1] >> 24) & 0xff;
-	pr.key[5] = (key[1] >> 16) & 0xff;
-	pr.key[6] = (key[1] >> 8) & 0xff;
-	pr.key[7] = (key[1] >> 0) & 0xff;
-	pr.exp_date = time_parse(exp_date);
-	pr.mod_date = time_parse(mod_date);
-	if (pr.instance[0] == '*')
-	    pr.instance[0] = '\0';
-	if (pr.mod_name[0] == '*')
-	    pr.mod_name[0] = '\0';
-	if (pr.mod_instance[0] == '*')
-	    pr.mod_instance[0] = '\0';
-	v4_prop(arg, &pr);
-	memset(&pr, 0, sizeof(pr));
-    }
-    fclose(f);
-    return 0;
-}
diff --git a/crypto/heimdal/kdc/version-script.map b/crypto/heimdal/kdc/version-script.map
deleted file mode 100644
index 2612b8ed261e..000000000000
--- a/crypto/heimdal/kdc/version-script.map
+++ /dev/null
@@ -1,18 +0,0 @@
-# $Id: version-script.map 21110 2007-06-18 10:52:20Z lha $
-
-HEIMDAL_KDC_1.0 {
-	global:
-		kdc_log;
-		kdc_log_msg;
-		kdc_log_msg_va;
-		kdc_openlog;
-		krb5_kdc_windc_init;
-		krb5_kdc_get_config;
-		krb5_kdc_set_dbinfo;
-		krb5_kdc_process_krb5_request;
-		krb5_kdc_process_request;
-		krb5_kdc_save_request;
-		krb5_kdc_update_time;
-	local:
-		*;
-};
diff --git a/crypto/heimdal/kdc/windc.c b/crypto/heimdal/kdc/windc.c
deleted file mode 100644
index 395ab7343284..000000000000
--- a/crypto/heimdal/kdc/windc.c
+++ /dev/null
@@ -1,109 +0,0 @@
-/*
- * Copyright (c) 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kdc_locl.h"
-
-RCSID("$Id: windc.c 20559 2007-04-24 16:00:07Z lha $");
-
-static krb5plugin_windc_ftable *windcft;
-static void *windcctx;
-
-/*
- * Pick the first WINDC module that we find.
- */
-
-krb5_error_code
-krb5_kdc_windc_init(krb5_context context)
-{
-    struct krb5_plugin *list = NULL, *e;
-    krb5_error_code ret;
-
-    ret = _krb5_plugin_find(context, PLUGIN_TYPE_DATA, "windc", &list);
-    if(ret != 0 || list == NULL)
-	return 0;
-
-    for (e = list; e != NULL; e = _krb5_plugin_get_next(e)) {
-
-	windcft = _krb5_plugin_get_symbol(e);
-	if (windcft->minor_version < KRB5_WINDC_PLUGING_MINOR)
-	    continue;
-	
-	(*windcft->init)(context, &windcctx);
-	break;
-    }
-    if (e == NULL) {
-	_krb5_plugin_free(list);
-	krb5_set_error_string(context, "Did not find any WINDC plugin");
-	windcft = NULL;
-	return ENOENT;
-    }
-
-    return 0;
-}
-
-
-krb5_error_code 
-_kdc_pac_generate(krb5_context context,
-		  hdb_entry_ex *client, 
-		  krb5_pac *pac)
-{
-    *pac = NULL;
-    if (windcft == NULL)
-	return 0;
-    return (windcft->pac_generate)(windcctx, context, client, pac);
-}
-
-krb5_error_code 
-_kdc_pac_verify(krb5_context context, 
-		const krb5_principal client_principal,
-		hdb_entry_ex *client,
-		hdb_entry_ex *server,
-		krb5_pac *pac)
-{
-    if (windcft == NULL) {
-	krb5_set_error_string(context, "Can't verify PAC, no function");
-	return EINVAL;
-    }
-    return (windcft->pac_verify)(windcctx, context, 
-				 client_principal, client, server, pac);
-}
-
-krb5_error_code
-_kdc_windc_client_access(krb5_context context,
-			 struct hdb_entry_ex *client,
-			 KDC_REQ *req)
-{
-    if (windcft == NULL)
-	return 0;
-    return (windcft->client_access)(windcctx, context, client, req);
-}
diff --git a/crypto/heimdal/kdc/windc_plugin.h b/crypto/heimdal/kdc/windc_plugin.h
deleted file mode 100644
index ec480cf950c6..000000000000
--- a/crypto/heimdal/kdc/windc_plugin.h
+++ /dev/null
@@ -1,82 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: windc_plugin.h 19798 2007-01-10 15:24:51Z lha $ */
-
-#ifndef HEIMDAL_KRB5_PAC_PLUGIN_H
-#define HEIMDAL_KRB5_PAC_PLUGIN_H 1
-
-#include <krb5.h>
-
-/*
- * The PAC generate function should allocate a krb5_pac using
- * krb5_pac_init and fill in the PAC structure for the principal using
- * krb5_pac_add_buffer.
- *
- * The PAC verify function should verify all components in the PAC
- * using krb5_pac_get_types and krb5_pac_get_buffer for all types.
- *
- * Check client access function check if the client is authorized.
- */
-
-struct hdb_entry_ex;
-
-typedef krb5_error_code 
-(*krb5plugin_windc_pac_generate)(void *, krb5_context,
-				 struct hdb_entry_ex *, krb5_pac *);
-
-typedef krb5_error_code 
-(*krb5plugin_windc_pac_verify)(void *, krb5_context,
-			       const krb5_principal,
-			       struct hdb_entry_ex *, 
-			       struct hdb_entry_ex *,
-			       krb5_pac *);
-
-typedef krb5_error_code 
-(*krb5plugin_windc_client_access)(
-    void *, krb5_context, struct hdb_entry_ex *, KDC_REQ *);
-
-
-#define KRB5_WINDC_PLUGING_MINOR		2
-
-typedef struct krb5plugin_windc_ftable {
-    int			minor_version;
-    krb5_error_code	(*init)(krb5_context, void **);
-    void		(*fini)(void *);
-    krb5plugin_windc_pac_generate	pac_generate;
-    krb5plugin_windc_pac_verify		pac_verify;
-    krb5plugin_windc_client_access	client_access;
-} krb5plugin_windc_ftable;
-
-#endif /* HEIMDAL_KRB5_PAC_PLUGIN_H */
-
diff --git a/crypto/heimdal/kpasswd/Makefile.am b/crypto/heimdal/kpasswd/Makefile.am
deleted file mode 100644
index ecfb752e39dd..000000000000
--- a/crypto/heimdal/kpasswd/Makefile.am
+++ /dev/null
@@ -1,33 +0,0 @@
-# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-AM_CPPFLAGS += $(INCLUDE_hcrypto)
-
-man_MANS = kpasswd.1 kpasswdd.8
-
-bin_PROGRAMS = kpasswd
-
-kpasswd_SOURCES = kpasswd.c kpasswd_locl.h
-
-libexec_PROGRAMS = kpasswdd
-
-noinst_PROGRAMS = kpasswd-generator
-
-kpasswdd_SOURCES = kpasswdd.c kpasswd_locl.h
-
-kpasswdd_LDADD = \
-	$(top_builddir)/lib/kadm5/libkadm5srv.la \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(LIB_openldap) \
-	$(LDADD) \
-	$(LIB_pidfile) \
-	$(LIB_dlopen) \
-	$(DBLIB)
-
-LDADD = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken)
-
-EXTRA_DIST = $(man_MANS)
diff --git a/crypto/heimdal/kpasswd/Makefile.in b/crypto/heimdal/kpasswd/Makefile.in
deleted file mode 100644
index 5c0e6db071db..000000000000
--- a/crypto/heimdal/kpasswd/Makefile.in
+++ /dev/null
@@ -1,956 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common
-bin_PROGRAMS = kpasswd$(EXEEXT)
-libexec_PROGRAMS = kpasswdd$(EXEEXT)
-noinst_PROGRAMS = kpasswd-generator$(EXEEXT)
-subdir = kpasswd
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" \
-	"$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)"
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS) $(noinst_PROGRAMS)
-am_kpasswd_OBJECTS = kpasswd.$(OBJEXT)
-kpasswd_OBJECTS = $(am_kpasswd_OBJECTS)
-kpasswd_LDADD = $(LDADD)
-am__DEPENDENCIES_1 =
-kpasswd_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
-	$(am__DEPENDENCIES_1)
-kpasswd_generator_SOURCES = kpasswd-generator.c
-kpasswd_generator_OBJECTS = kpasswd-generator.$(OBJEXT)
-kpasswd_generator_LDADD = $(LDADD)
-kpasswd_generator_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
-	$(am__DEPENDENCIES_1)
-am_kpasswdd_OBJECTS = kpasswdd.$(OBJEXT)
-kpasswdd_OBJECTS = $(am_kpasswdd_OBJECTS)
-am__DEPENDENCIES_2 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
-	$(am__DEPENDENCIES_1)
-kpasswdd_DEPENDENCIES = $(top_builddir)/lib/kadm5/libkadm5srv.la \
-	$(top_builddir)/lib/hdb/libhdb.la $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-SOURCES = $(kpasswd_SOURCES) kpasswd-generator.c $(kpasswdd_SOURCES)
-DIST_SOURCES = $(kpasswd_SOURCES) kpasswd-generator.c \
-	$(kpasswdd_SOURCES)
-man1dir = $(mandir)/man1
-man8dir = $(mandir)/man8
-MANS = $(man_MANS)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
-	$(INCLUDE_hcrypto)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-man_MANS = kpasswd.1 kpasswdd.8
-kpasswd_SOURCES = kpasswd.c kpasswd_locl.h
-kpasswdd_SOURCES = kpasswdd.c kpasswd_locl.h
-kpasswdd_LDADD = \
-	$(top_builddir)/lib/kadm5/libkadm5srv.la \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(LIB_openldap) \
-	$(LDADD) \
-	$(LIB_pidfile) \
-	$(LIB_dlopen) \
-	$(DBLIB)
-
-LDADD = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken)
-
-EXTRA_DIST = $(man_MANS)
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps kpasswd/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps kpasswd/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(bindir)/$$f"; \
-	done
-
-clean-binPROGRAMS:
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-install-libexecPROGRAMS: $(libexec_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)"
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(libexecdir)/$$f'"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(libexecdir)/$$f" || exit 1; \
-	  else :; fi; \
-	done
-
-uninstall-libexecPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f '$(DESTDIR)$(libexecdir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(libexecdir)/$$f"; \
-	done
-
-clean-libexecPROGRAMS:
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-
-clean-noinstPROGRAMS:
-	@list='$(noinst_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-kpasswd$(EXEEXT): $(kpasswd_OBJECTS) $(kpasswd_DEPENDENCIES) 
-	@rm -f kpasswd$(EXEEXT)
-	$(LINK) $(kpasswd_OBJECTS) $(kpasswd_LDADD) $(LIBS)
-kpasswd-generator$(EXEEXT): $(kpasswd_generator_OBJECTS) $(kpasswd_generator_DEPENDENCIES) 
-	@rm -f kpasswd-generator$(EXEEXT)
-	$(LINK) $(kpasswd_generator_OBJECTS) $(kpasswd_generator_LDADD) $(LIBS)
-kpasswdd$(EXEEXT): $(kpasswdd_OBJECTS) $(kpasswdd_DEPENDENCIES) 
-	@rm -f kpasswdd$(EXEEXT)
-	$(LINK) $(kpasswdd_OBJECTS) $(kpasswdd_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-man1: $(man1_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)"
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    1*) ;; \
-	    *) ext='1' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \
-	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \
-	done
-uninstall-man1:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    1*) ;; \
-	    *) ext='1' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \
-	  rm -f "$(DESTDIR)$(man1dir)/$$inst"; \
-	done
-install-man8: $(man8_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    8*) ;; \
-	    *) ext='8' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
-	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
-	done
-uninstall-man8:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    8*) ;; \
-	    *) ext='8' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
-	  rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-installdirs:
-	for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
-	clean-libtool clean-noinstPROGRAMS mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am: install-binPROGRAMS install-libexecPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man: install-man1 install-man8
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-binPROGRAMS uninstall-libexecPROGRAMS \
-	uninstall-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-uninstall-man: uninstall-man1 uninstall-man8
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
-	clean clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
-	clean-libtool clean-noinstPROGRAMS ctags dist-hook distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-binPROGRAMS install-data \
-	install-data-am install-data-hook install-dvi install-dvi-am \
-	install-exec install-exec-am install-exec-hook install-html \
-	install-html-am install-info install-info-am \
-	install-libexecPROGRAMS install-man install-man1 install-man8 \
-	install-pdf install-pdf-am install-ps install-ps-am \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
-	pdf pdf-am ps ps-am tags uninstall uninstall-am \
-	uninstall-binPROGRAMS uninstall-hook uninstall-libexecPROGRAMS \
-	uninstall-man uninstall-man1 uninstall-man8
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/kpasswd/kpasswd-generator.c b/crypto/heimdal/kpasswd/kpasswd-generator.c
deleted file mode 100644
index e37f86980fe6..000000000000
--- a/crypto/heimdal/kpasswd/kpasswd-generator.c
+++ /dev/null
@@ -1,202 +0,0 @@
-/*
- * Copyright (c) 2000 - 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kpasswd_locl.h"
-
-RCSID("$Id: kpasswd-generator.c 19233 2006-12-06 08:04:05Z lha $");
-
-static unsigned
-read_words (const char *filename, char ***ret_w)
-{
-    unsigned n, alloc;
-    FILE *f;
-    char buf[256];
-    char **w = NULL;
-
-    f = fopen (filename, "r");
-    if (f == NULL)
-	err (1, "cannot open %s", filename);
-    alloc = n = 0;
-    while (fgets (buf, sizeof(buf), f) != NULL) {
-	buf[strcspn(buf, "\r\n")] = '\0';
-	if (n >= alloc) {
-	    alloc += 16;
-	    w = erealloc (w, alloc * sizeof(char **));
-	}
-	w[n++] = estrdup (buf);
-    }
-    *ret_w = w;
-    if (n == 0)
-	errx(1, "%s is an empty file, no words to try", filename);
-    return n;
-}
-
-static int
-nop_prompter (krb5_context context,
-	      void *data,
-	      const char *name,
-	      const char *banner,
-	      int num_prompts,
-	      krb5_prompt prompts[])
-{
-    return 0;
-}
-
-static void
-generate_requests (const char *filename, unsigned nreq)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    int i;
-    char **words;
-    unsigned nwords;
-
-    ret = krb5_init_context (&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    nwords = read_words (filename, &words);
-
-    for (i = 0; i < nreq; ++i) {
-	char *name = words[rand() % nwords];
-	krb5_get_init_creds_opt *opt;
-	krb5_creds cred;
-	krb5_principal principal;
-	int result_code;
-	krb5_data result_code_string, result_string;
-	char *old_pwd, *new_pwd;
-
-	krb5_get_init_creds_opt_alloc (context, &opt);
-	krb5_get_init_creds_opt_set_tkt_life (opt, 300);
-	krb5_get_init_creds_opt_set_forwardable (opt, FALSE);
-	krb5_get_init_creds_opt_set_proxiable (opt, FALSE);
-
-	ret = krb5_parse_name (context, name, &principal);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_parse_name %s", name);
-
-	asprintf (&old_pwd, "%s", name);
-	asprintf (&new_pwd, "%s2", name);
-
-	ret = krb5_get_init_creds_password (context,
-					    &cred,
-					    principal,
-					    old_pwd,
-					    nop_prompter,
-					    NULL,
-					    0,
-					    "kadmin/changepw",
-					    opt);
-	if( ret == KRB5KRB_AP_ERR_BAD_INTEGRITY
-	    || ret == KRB5KRB_AP_ERR_MODIFIED) {
-	    char *tmp;
-
-	    tmp = new_pwd;
-	    new_pwd = old_pwd;
-	    old_pwd = tmp;
-
-	    ret = krb5_get_init_creds_password (context,
-						&cred,
-						principal,
-						old_pwd,
-						nop_prompter,
-						NULL,
-						0,
-						"kadmin/changepw",
-						opt);
-	}
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_get_init_creds_password");
-
-	krb5_free_principal (context, principal);
-
-	ret = krb5_change_password (context, &cred, new_pwd,
-				    &result_code,
-				    &result_code_string,
-				    &result_string);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_change_password");
-
-	free (old_pwd);
-	free (new_pwd);
-	krb5_free_cred_contents (context, &cred);
-	krb5_get_init_creds_opt_free(context, opt);
-    }
-}
-
-static int version_flag	= 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    { "version", 	0,   arg_flag, &version_flag },
-    { "help",		0,   arg_flag, &help_flag }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "file [number]");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    int optind = 0;
-    int nreq;
-    char *end;
-
-    setprogname(argv[0]);
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
-	usage(1);
-    if (help_flag)
-	usage (0);
-    if (version_flag) {
-	print_version(NULL);
-	return 0;
-    }
-    argc -= optind;
-    argv += optind;
-
-    if (argc != 2)
-	usage (1);
-    srand (0);
-    nreq = strtol (argv[1], &end, 0);
-    if (argv[1] == end || *end != '\0')
-	usage (1);
-    generate_requests (argv[0], nreq);
-    return 0;
-}
diff --git a/crypto/heimdal/kpasswd/kpasswd.1 b/crypto/heimdal/kpasswd/kpasswd.1
deleted file mode 100644
index 6d2c7c9227dc..000000000000
--- a/crypto/heimdal/kpasswd/kpasswd.1
+++ /dev/null
@@ -1,68 +0,0 @@
-.\" Copyright (c) 1997, 2000 - 2005 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: kpasswd.1 14478 2005-01-05 16:08:58Z lha $
-.\"
-.Dd January  5, 2005
-.Dt KPASSWD 1
-.Os HEIMDAL
-.Sh NAME
-.Nm kpasswd
-.Nd Kerberos 5 password changing program
-.Sh SYNOPSIS
-.Nm
-.Op Fl -admin-principal= Ns Ar principal
-.Oo Fl c Ar cache \*(Ba Xo
-.Fl -cache= Ns Ar cache
-.Xc
-.Oc
-.Op Ar principal ...
-.Sh DESCRIPTION
-.Nm
-is the client for changing passwords.
-.Pp
-If administrator principal is given that principal is used to change
-the password.
-.Pp
-Multiple passwords for different users can be changed at the same time,
-then the administrator principal will be used.
-If the administrator isn't specified on the command prompt, the
-principal of the default credential cache will be used.
-.Pp
-If a credential cache is given, the
-.Fl -admin-principal
-flag is ignored and use the default name of the credential cache is
-used instead.
-.Sh DIAGNOSTICS
-If the password quality check fails or some other error occurs, an
-explanation is printed.
-.Sh SEE ALSO
-.Xr kpasswdd 8
diff --git a/crypto/heimdal/kpasswd/kpasswd.c b/crypto/heimdal/kpasswd/kpasswd.c
deleted file mode 100644
index b844628f6f08..000000000000
--- a/crypto/heimdal/kpasswd/kpasswd.c
+++ /dev/null
@@ -1,247 +0,0 @@
-/*
- * Copyright (c) 1997-2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kpasswd_locl.h"
-RCSID("$Id: kpasswd.c 19078 2006-11-20 18:12:41Z lha $");
-
-static int version_flag;
-static int help_flag;
-static char *admin_principal_str;
-static char *cred_cache_str;
-
-static struct getargs args[] = {
-    { "admin-principal",	0,   arg_string, &admin_principal_str },
-    { "cache",			'c', arg_string, &cred_cache_str },
-    { "version", 		0,   arg_flag, &version_flag },
-    { "help",			0,   arg_flag, &help_flag }
-};
-
-static void
-usage (int ret, struct getargs *a, int num_args)
-{
-    arg_printusage (a, num_args, NULL, "[principal ...]");
-    exit (ret);
-}
-
-static int
-change_password(krb5_context context,
-		krb5_principal principal,
-		krb5_ccache id)
-{
-    krb5_data result_code_string, result_string;
-    int result_code;
-    krb5_error_code ret;
-    char pwbuf[BUFSIZ];
-    char *msg, *name;
-
-    krb5_data_zero (&result_code_string);
-    krb5_data_zero (&result_string);
-
-    name = msg = NULL;
-    if (principal == NULL)
-	asprintf(&msg, "New password: ");
-    else {
-	ret = krb5_unparse_name(context, principal, &name);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_unparse_name");
-
-	asprintf(&msg, "New password for %s: ", name);
-    }
-
-    if (msg == NULL)
-	krb5_errx (context, 1, "out of memory");
-
-    ret = UI_UTIL_read_pw_string (pwbuf, sizeof(pwbuf), msg, 1);
-    free(msg);
-    if (name)
-	free(name);
-    if (ret != 0) {
-	return 1;
-    }
-
-    ret = krb5_set_password_using_ccache (context, id, pwbuf,
-					  principal,
-					  &result_code,
-					  &result_code_string,
-					  &result_string);
-    if (ret) {
-	krb5_warn (context, ret, "krb5_set_password_using_ccache");
-	return 1;
-    }
-
-    printf ("%s%s%.*s\n", krb5_passwd_result_to_string(context, result_code),
-	    result_string.length > 0 ? " : " : "",
-	    (int)result_string.length,
-	    result_string.length > 0 ? (char *)result_string.data : "");
-
-    krb5_data_free (&result_code_string);
-    krb5_data_free (&result_string);
-
-    return ret != 0;
-}
-
-
-int
-main (int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_context context;
-    krb5_principal principal;
-    int optind = 0;
-    krb5_get_init_creds_opt *opt;
-    krb5_ccache id = NULL;
-    int exit_value;
-
-    optind = krb5_program_setup(&context, argc, argv,
-				args, sizeof(args) / sizeof(args[0]), usage);
-
-    if (help_flag)
-	usage (0, args, sizeof(args) / sizeof(args[0]));
-
-    if(version_flag){
-	print_version (NULL);
-	exit(0);
-    }
-
-    argc -= optind;
-    argv += optind;
-
-    ret = krb5_init_context (&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-  
-    ret = krb5_get_init_creds_opt_alloc (context, &opt);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_get_init_creds_opt_alloc");
-    
-    krb5_get_init_creds_opt_set_tkt_life (opt, 300);
-    krb5_get_init_creds_opt_set_forwardable (opt, FALSE);
-    krb5_get_init_creds_opt_set_proxiable (opt, FALSE);
-
-    if (cred_cache_str) {
-	ret = krb5_cc_resolve(context, cred_cache_str, &id);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_cc_resolve");
-    } else {
-	ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &id);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_cc_gen_new");
-    }
-
-    if (cred_cache_str == NULL) {
-	krb5_principal admin_principal = NULL;
-	krb5_creds cred;
-
-	if (admin_principal_str) {
-	    ret = krb5_parse_name (context, admin_principal_str,
-				   &admin_principal);
-	    if (ret)
-		krb5_err (context, 1, ret, "krb5_parse_name");
-	} else if (argc == 1) {
-	    ret = krb5_parse_name (context, argv[0], &admin_principal);
-	    if (ret)
-		krb5_err (context, 1, ret, "krb5_parse_name");
-	} else {
-	    ret = krb5_get_default_principal (context, &admin_principal);
-	    if (ret)
-		krb5_err (context, 1, ret, "krb5_get_default_principal");
-	}
-
-	ret = krb5_get_init_creds_password (context,
-					    &cred,
-					    admin_principal,
-					    NULL,
-					    krb5_prompter_posix,
-					    NULL,
-					    0,
-					    "kadmin/changepw",
-					    opt);
-	switch (ret) {
-	case 0:
-	    break;
-	case KRB5_LIBOS_PWDINTR :
-	    return 1;
-	case KRB5KRB_AP_ERR_BAD_INTEGRITY :
-	case KRB5KRB_AP_ERR_MODIFIED :
-	    krb5_errx(context, 1, "Password incorrect");
-	    break;
-	default:
-	    krb5_err(context, 1, ret, "krb5_get_init_creds");
-	}
-	
-	krb5_get_init_creds_opt_free(context, opt);
-	
-	ret = krb5_cc_initialize(context, id, admin_principal);
-	krb5_free_principal(context, admin_principal);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_cc_initialize");
-
-	ret = krb5_cc_store_cred(context, id, &cred);    
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_cc_store_cred");
-	
-	krb5_free_cred_contents (context, &cred);
-    }
-
-    if (argc == 0) {
-	exit_value = change_password(context, NULL, id);
-    } else {
-	exit_value = 0;
-
-	while (argc-- > 0) {
-
-	    ret = krb5_parse_name (context, argv[0], &principal);
-	    if (ret)
-		krb5_err (context, 1, ret, "krb5_parse_name");
-
-	    ret = change_password(context, principal, id);
-	    if (ret)
-		exit_value = 1;
-	    krb5_free_principal(context, principal);
-	    argv++;
-	}
-    }
-
-    if (cred_cache_str == NULL) {
-	ret = krb5_cc_destroy(context, id);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_cc_destroy");
-    } else {
-	ret = krb5_cc_close(context, id);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_cc_close");
-    }
-
-    krb5_free_context (context);
-    return ret;
-}
diff --git a/crypto/heimdal/kpasswd/kpasswd_locl.h b/crypto/heimdal/kpasswd/kpasswd_locl.h
deleted file mode 100644
index b797ceb26de9..000000000000
--- a/crypto/heimdal/kpasswd/kpasswd_locl.h
+++ /dev/null
@@ -1,104 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: kpasswd_locl.h 11444 2002-09-10 20:03:49Z joda $ */
-
-#ifndef __KPASSWD_LOCL_H__
-#define __KPASSWD_LOCL_H__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#ifdef HAVE_SYS_UIO_H
-#include <sys/uio.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_PWD_H
-#include <pwd.h>
-#endif
-#ifdef HAVE_SYS_TIME_H
-#include <sys/time.h>
-#endif
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-#ifdef HAVE_NETINET6_IN6_H
-#include <netinet6/in6.h>
-#endif
-
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef HAVE_ERRNO_H
-#include <errno.h>
-#endif
-#ifdef HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-#ifdef HAVE_UTIL_H
-#include <util.h>
-#endif
-#ifdef HAVE_LIBUTIL_H
-#include <libutil.h>
-#endif
-#include <err.h>
-#include <roken.h>
-#include <getarg.h>
-#include <krb5.h>
-#include "crypto-headers.h" /* for des_read_pw_string */
-
-#endif /* __KPASSWD_LOCL_H__ */
diff --git a/crypto/heimdal/kpasswd/kpasswdd.8 b/crypto/heimdal/kpasswd/kpasswdd.8
deleted file mode 100644
index ab750bd4993c..000000000000
--- a/crypto/heimdal/kpasswd/kpasswdd.8
+++ /dev/null
@@ -1,96 +0,0 @@
-.\" $Id: kpasswdd.8 14481 2005-01-05 18:07:44Z lha $
-.\"
-.Dd April 19, 1999
-.Dt KPASSWDD 8
-.Os HEIMDAL
-.Sh NAME
-.Nm kpasswdd
-.Nd Kerberos 5 password changing server
-.Sh SYNOPSIS
-.Nm
-.Bk -words
-.Op Fl -addresses= Ns Ar address
-.Op Fl -check-library= Ns Ar library
-.Op Fl -check-function= Ns Ar function
-.Oo Fl k Ar kspec \*(Ba Xo
-.Fl -keytab= Ns Ar kspec
-.Xc
-.Oc
-.Oo Fl r Ar realm \*(Ba Xo
-.Fl -realm= Ns Ar realm
-.Xc
-.Oc
-.Oo Fl p Ar string \*(Ba Xo
-.Fl -port= Ns Ar string
-.Xc
-.Oc
-.Op Fl -version
-.Op Fl -help
-.Ek
-.Sh DESCRIPTION
-.Nm
-serves request for password changes. It listens on UDP port 464
-(service kpasswd) and processes requests when they arrive. It changes
-the database directly and should thus only run on the master KDC.
-.Pp
-Supported options:
-.Bl -tag -width Ds
-.It Xo
-.Fl -addresses= Ns Ar address
-.Xc
-For each till the argument is given, add the address to what kpasswdd
-should listen too.
-.It Xo
-.Fl -check-library= Ns Ar library
-.Xc
-If your system has support for dynamic loading of shared libraries,
-you can use an external function to check password quality. This
-option specifies which library to load.
-.It Xo
-.Fl -check-function= Ns Ar function
-.Xc
-This is the function to call in the loaded library. The function
-should look like this:
-.Pp
-.Ft const char *
-.Fn passwd_check "krb5_context context" "krb5_principal principal" "krb5_data *password"
-.Pp
-.Fa context
-is an initialized context;
-.Fa principal
-is the one who tries to change passwords, and
-.Fa password
-is the new password. Note that the password (in
-.Fa password->data )
-is not zero terminated.
-.It Xo
-.Fl k Ar kspec ,
-.Fl -keytab= Ns Ar kspec
-.Xc
-Keytab to get authentication key from.
-.It Xo
-.Fl r Ar realm ,
-.Fl -realm= Ns Ar realm
-.Xc
-Default realm.
-.It Xo
-.Fl p Ar string ,
-.Fl -port= Ns Ar string
-.Xc
-Port to listen on (default service kpasswd - 464).
-.El
-.Sh DIAGNOSTICS
-If an error occurs, the error message is returned to the user and/or
-logged to syslog.
-.Sh BUGS
-The default password quality checks are too basic.
-.Sh SEE ALSO
-.Xr kpasswd 1 ,
-.Xr kdc 8
-.\".Sh ENVIRONMENT
-.\".Sh FILES
-.\".Sh EXAMPLES
-.\".Sh SEE ALSO
-.\".Sh STANDARDS
-.\".Sh HISTORY
-.\".Sh AUTHORS
diff --git a/crypto/heimdal/kpasswd/kpasswdd.c b/crypto/heimdal/kpasswd/kpasswdd.c
deleted file mode 100644
index 5b4119c897b5..000000000000
--- a/crypto/heimdal/kpasswd/kpasswdd.c
+++ /dev/null
@@ -1,859 +0,0 @@
-/*
- * Copyright (c) 1997-2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kpasswd_locl.h"
-RCSID("$Id: kpasswdd.c 22252 2007-12-09 05:59:34Z lha $");
-
-#include <kadm5/admin.h>
-#ifdef HAVE_SYS_UN_H
-#include <sys/un.h>
-#endif
-#include <hdb.h>
-#include <kadm5/private.h>
-
-static krb5_context context;
-static krb5_log_facility *log_facility;
-
-static struct getarg_strings addresses_str;
-krb5_addresses explicit_addresses;
-
-static sig_atomic_t exit_flag = 0;
-
-static void
-add_one_address (const char *str, int first)
-{
-    krb5_error_code ret;
-    krb5_addresses tmp;
-
-    ret = krb5_parse_address (context, str, &tmp);
-    if (ret)
-	krb5_err (context, 1, ret, "parse_address `%s'", str);
-    if (first)
-	krb5_copy_addresses(context, &tmp, &explicit_addresses);
-    else
-	krb5_append_addresses(context, &explicit_addresses, &tmp);
-    krb5_free_addresses (context, &tmp);
-}
-
-static void
-send_reply (int s,
-	    struct sockaddr *sa,
-	    int sa_size,
-	    krb5_data *ap_rep,
-	    krb5_data *rest)
-{
-    struct msghdr msghdr;
-    struct iovec iov[3];
-    uint16_t len, ap_rep_len;
-    u_char header[6];
-    u_char *p;
-
-    if (ap_rep)
-	ap_rep_len = ap_rep->length;
-    else
-	ap_rep_len = 0;
-
-    len = 6 + ap_rep_len + rest->length;
-    p = header;
-    *p++ = (len >> 8) & 0xFF;
-    *p++ = (len >> 0) & 0xFF;
-    *p++ = 0;
-    *p++ = 1;
-    *p++ = (ap_rep_len >> 8) & 0xFF;
-    *p++ = (ap_rep_len >> 0) & 0xFF;
-
-    memset (&msghdr, 0, sizeof(msghdr));
-    msghdr.msg_name       = (void *)sa;
-    msghdr.msg_namelen    = sa_size;
-    msghdr.msg_iov        = iov;
-    msghdr.msg_iovlen     = sizeof(iov)/sizeof(*iov);
-#if 0
-    msghdr.msg_control    = NULL;
-    msghdr.msg_controllen = 0;
-#endif
-
-    iov[0].iov_base       = (char *)header;
-    iov[0].iov_len        = 6;
-    if (ap_rep_len) {
-	iov[1].iov_base   = ap_rep->data;
-	iov[1].iov_len    = ap_rep->length;
-    } else {
-	iov[1].iov_base   = NULL;
-	iov[1].iov_len    = 0;
-    }
-    iov[2].iov_base       = rest->data;
-    iov[2].iov_len        = rest->length;
-
-    if (sendmsg (s, &msghdr, 0) < 0)
-	krb5_warn (context, errno, "sendmsg");
-}
-
-static int
-make_result (krb5_data *data,
-	     uint16_t result_code,
-	     const char *expl)
-{
-    char *str;
-    krb5_data_zero (data);
-
-    data->length = asprintf (&str,
-			     "%c%c%s",
-			     (result_code >> 8) & 0xFF,
-			     result_code & 0xFF,
-			     expl);
-
-    if (str == NULL) {
-	krb5_warnx (context, "Out of memory generating error reply");
-	return 1;
-    }
-    data->data = str;
-    return 0;
-}
-
-static void
-reply_error (krb5_realm realm,
-	     int s,
-	     struct sockaddr *sa,
-	     int sa_size,
-	     krb5_error_code error_code,
-	     uint16_t result_code,
-	     const char *expl)
-{
-    krb5_error_code ret;
-    krb5_data error_data;
-    krb5_data e_data;
-    krb5_principal server = NULL;
-
-    if (make_result(&e_data, result_code, expl))
-	return;
-
-    if (realm) {
-	ret = krb5_make_principal (context, &server, realm,
-				   "kadmin", "changepw", NULL);
-	if (ret) {
-	    krb5_data_free (&e_data);
-	    return;
-	}
-    }
-
-    ret = krb5_mk_error (context,
-			 error_code,
-			 NULL,
-			 &e_data,
-			 NULL,
-			 server,
-			 NULL,
-			 NULL,
-			 &error_data);
-    if (server)
-	krb5_free_principal(context, server);
-    krb5_data_free (&e_data);
-    if (ret) {
-	krb5_warn (context, ret, "Could not even generate error reply");
-	return;
-    }
-    send_reply (s, sa, sa_size, NULL, &error_data);
-    krb5_data_free (&error_data);
-}
-
-static void
-reply_priv (krb5_auth_context auth_context,
-	    int s,
-	    struct sockaddr *sa,
-	    int sa_size,
-	    uint16_t result_code,
-	    const char *expl)
-{
-    krb5_error_code ret;
-    krb5_data krb_priv_data;
-    krb5_data ap_rep_data;
-    krb5_data e_data;
-
-    ret = krb5_mk_rep (context,
-		       auth_context,
-		       &ap_rep_data);
-    if (ret) {
-	krb5_warn (context, ret, "Could not even generate error reply");
-	return;
-    }
-
-    if (make_result(&e_data, result_code, expl))
-	return;
-
-    ret = krb5_mk_priv (context,
-			auth_context,
-			&e_data,
-			&krb_priv_data,
-			NULL);
-    krb5_data_free (&e_data);
-    if (ret) {
-	krb5_warn (context, ret, "Could not even generate error reply");
-	return;
-    }
-    send_reply (s, sa, sa_size, &ap_rep_data, &krb_priv_data);
-    krb5_data_free (&ap_rep_data);
-    krb5_data_free (&krb_priv_data);
-}
-
-/*
- * Change the password for `principal', sending the reply back on `s'
- * (`sa', `sa_size') to `pwd_data'.
- */
-
-static void
-change (krb5_auth_context auth_context,
-	krb5_principal admin_principal,
-	uint16_t version,
-	int s,
-	struct sockaddr *sa,
-	int sa_size,
-	krb5_data *in_data)
-{
-    krb5_error_code ret;
-    char *client = NULL, *admin = NULL;
-    const char *pwd_reason;
-    kadm5_config_params conf;
-    void *kadm5_handle = NULL;
-    krb5_principal principal;
-    krb5_data *pwd_data = NULL;
-    char *tmp;
-    ChangePasswdDataMS chpw;
-
-    memset (&conf, 0, sizeof(conf));
-    memset(&chpw, 0, sizeof(chpw));
-    
-    if (version == KRB5_KPASSWD_VERS_CHANGEPW) {
-	ret = krb5_copy_data(context, in_data, &pwd_data);
-	if (ret) {
-	    krb5_warn (context, ret, "krb5_copy_data");
-	    reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_MALFORMED,
-			"out out memory copying password");
-	    return;
-	}
-	principal = admin_principal;
-    } else if (version == KRB5_KPASSWD_VERS_SETPW) {
-	size_t len;
-
-	ret = decode_ChangePasswdDataMS(in_data->data, in_data->length,
-					&chpw, &len);
-	if (ret) {
-	    krb5_warn (context, ret, "decode_ChangePasswdDataMS");
-	    reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_MALFORMED,
-			"malformed ChangePasswdData");
-	    return;
-	}
-	
-
-	ret = krb5_copy_data(context, &chpw.newpasswd, &pwd_data);
-	if (ret) {
-	    krb5_warn (context, ret, "krb5_copy_data");
-	    reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_MALFORMED,
-			"out out memory copying password");
-	    goto out;
-	}
-
-	if (chpw.targname == NULL && chpw.targrealm != NULL) {
-	    krb5_warn (context, ret, "kadm5_init_with_password_ctx");
-	    reply_priv (auth_context, s, sa, sa_size, 
-			KRB5_KPASSWD_MALFORMED,
-			"targrealm but not targname");
-	    goto out;
-	}
-
-	if (chpw.targname) {
-	    krb5_principal_data princ;
-
-	    princ.name = *chpw.targname;
-	    princ.realm = *chpw.targrealm;
-	    if (princ.realm == NULL) {
-		ret = krb5_get_default_realm(context, &princ.realm);
-
-		if (ret) {
-		    krb5_warnx (context, 
-				"kadm5_init_with_password_ctx: "
-				"failed to allocate realm");
-		    reply_priv (auth_context, s, sa, sa_size, 
-				KRB5_KPASSWD_SOFTERROR,
-				"failed to allocate realm");
-		    goto out;
-		}
-	    }
-	    ret = krb5_copy_principal(context, &princ, &principal);
-	    if (*chpw.targrealm == NULL)
-		free(princ.realm);
-	    if (ret) {
-		krb5_warn(context, ret, "krb5_copy_principal");
-		reply_priv(auth_context, s, sa, sa_size, 
-			   KRB5_KPASSWD_HARDERROR,
-			   "failed to allocate principal");
-		goto out;
-	    }
-	} else
-	    principal = admin_principal;
-    } else {
-	krb5_warnx (context, "kadm5_init_with_password_ctx: unknown proto");
-	reply_priv (auth_context, s, sa, sa_size, 
-		    KRB5_KPASSWD_HARDERROR,
-		    "Unknown protocol used");
-	return;
-    }
-
-    ret = krb5_unparse_name (context, admin_principal, &admin);
-    if (ret) {
-	krb5_warn (context, ret, "unparse_name failed");
-	reply_priv (auth_context, s, sa, sa_size, 
-		    KRB5_KPASSWD_HARDERROR, "out of memory error");
-	goto out;
-    }
-
-    conf.realm = principal->realm;
-    conf.mask |= KADM5_CONFIG_REALM;
-
-    ret = kadm5_init_with_password_ctx(context, 
-				       admin,
-				       NULL,
-				       KADM5_ADMIN_SERVICE,
-				       &conf, 0, 0, 
-				       &kadm5_handle);
-    if (ret) {
-	krb5_warn (context, ret, "kadm5_init_with_password_ctx");
-	reply_priv (auth_context, s, sa, sa_size, 2,
-		    "Internal error");
-	goto out;
-    }
-
-    ret = krb5_unparse_name(context, principal, &client);
-    if (ret) {
-	krb5_warn (context, ret, "unparse_name failed");
-	reply_priv (auth_context, s, sa, sa_size, 
-		    KRB5_KPASSWD_HARDERROR, "out of memory error");
-	goto out;
-    }
-
-    /*
-     * Check password quality if not changing as administrator
-     */
-
-    if (krb5_principal_compare(context, admin_principal, principal) == TRUE) {
-
-	pwd_reason = kadm5_check_password_quality (context, principal, 
-						   pwd_data);
-	if (pwd_reason != NULL ) {
-	    krb5_warnx (context, 
-			"%s didn't pass password quality check with error: %s",
-			client, pwd_reason);
-	    reply_priv (auth_context, s, sa, sa_size, 
-			KRB5_KPASSWD_SOFTERROR, pwd_reason);
-	    goto out;
-	}
-	krb5_warnx (context, "Changing password for %s", client);
-    } else {
-	ret = _kadm5_acl_check_permission(kadm5_handle, KADM5_PRIV_CPW, 
-					  principal);
-	if (ret) {
-	    krb5_warn (context, ret, 
-		       "Check ACL failed for %s for changing %s password",
-		       admin, client);
-	    reply_priv (auth_context, s, sa, sa_size, 
-			KRB5_KPASSWD_HARDERROR, "permission denied");
-	    goto out;
-	}
-	krb5_warnx (context, "%s is changing password for %s", admin, client);
-    }
-
-    ret = krb5_data_realloc(pwd_data, pwd_data->length + 1);
-    if (ret) {
-	krb5_warn (context, ret, "malloc: out of memory");
-	reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_HARDERROR,
-		    "Internal error");
-	goto out;
-    }
-    tmp = pwd_data->data;
-    tmp[pwd_data->length - 1] = '\0';
-
-    ret = kadm5_s_chpass_principal_cond (kadm5_handle, principal, tmp);
-    krb5_free_data (context, pwd_data);
-    pwd_data = NULL;
-    if (ret) {
-	char *str = krb5_get_error_message(context, ret);
-	krb5_warnx(context, "kadm5_s_chpass_principal_cond: %s", str);
-	reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_SOFTERROR,
-		    str ? str : "Internal error");
-	krb5_free_error_string(context, str);
-	goto out;
-    }
-    reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_SUCCESS,
-		"Password changed");
-out:
-    free_ChangePasswdDataMS(&chpw);
-    if (admin)
-	free(admin);
-    if (client)
-	free(client);
-    if (pwd_data)
-	krb5_free_data(context, pwd_data);
-    if (kadm5_handle)
-	kadm5_destroy (kadm5_handle);
-}
-
-static int
-verify (krb5_auth_context *auth_context,
-	krb5_realm *realms,
-	krb5_keytab keytab,
-	krb5_ticket **ticket,
-	krb5_data *out_data,
-	uint16_t *version,
-	int s,
-	struct sockaddr *sa,
-	int sa_size,
-	u_char *msg,
-	size_t len)
-{
-    krb5_error_code ret;
-    uint16_t pkt_len, pkt_ver, ap_req_len;
-    krb5_data ap_req_data;
-    krb5_data krb_priv_data;
-    krb5_realm *r;
-
-    pkt_len = (msg[0] << 8) | (msg[1]);
-    pkt_ver = (msg[2] << 8) | (msg[3]);
-    ap_req_len = (msg[4] << 8) | (msg[5]);
-    if (pkt_len != len) {
-	krb5_warnx (context, "Strange len: %ld != %ld", 
-		    (long)pkt_len, (long)len);
-	reply_error (NULL, s, sa, sa_size, 0, 1, "Bad request");
-	return 1;
-    }
-    if (pkt_ver != KRB5_KPASSWD_VERS_CHANGEPW &&
-	pkt_ver != KRB5_KPASSWD_VERS_SETPW) {
-	krb5_warnx (context, "Bad version (%d)", pkt_ver);
-	reply_error (NULL, s, sa, sa_size, 0, 1, "Wrong program version");
-	return 1;
-    }
-    *version = pkt_ver;
-
-    ap_req_data.data   = msg + 6;
-    ap_req_data.length = ap_req_len;
-
-    ret = krb5_rd_req (context,
-		       auth_context,
-		       &ap_req_data,
-		       NULL,
-		       keytab,
-		       NULL,
-		       ticket);
-    if (ret) {
-	krb5_warn (context, ret, "krb5_rd_req");
-	reply_error (NULL, s, sa, sa_size, ret, 3, "Authentication failed");
-	return 1;
-    }
-
-    /* verify realm and principal */
-    for (r = realms; *r != NULL; r++) {
-	krb5_principal principal;
-	krb5_boolean same;
-
-	ret = krb5_make_principal (context, 
-				   &principal,
-				   *r,
-				   "kadmin",
-				   "changepw",
-				   NULL);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_make_principal");
-
-	same = krb5_principal_compare(context, principal, (*ticket)->server);
-	krb5_free_principal(context, principal);
-	if (same == TRUE)
-	    break;
-    }
-    if (*r == NULL) {
-	char *str;
-	krb5_unparse_name(context, (*ticket)->server, &str);
-	krb5_warnx (context, "client used not valid principal %s", str);
-	free(str);
-	reply_error (NULL, s, sa, sa_size, ret, 1,
-		     "Bad request");
-	goto out;
-    }
-
-    if (strcmp((*ticket)->server->realm, (*ticket)->client->realm) != 0) {
-	krb5_warnx (context, "server realm (%s) not same a client realm (%s)",
-		    (*ticket)->server->realm, (*ticket)->client->realm);
-	reply_error ((*ticket)->server->realm, s, sa, sa_size, ret, 1,
-		     "Bad request");
-	goto out;
-    }
-
-    if (!(*ticket)->ticket.flags.initial) {
-	krb5_warnx (context, "initial flag not set");
-	reply_error ((*ticket)->server->realm, s, sa, sa_size, ret, 1,
-		     "Bad request");
-	goto out;
-    }
-    krb_priv_data.data   = msg + 6 + ap_req_len;
-    krb_priv_data.length = len - 6 - ap_req_len;
-
-    ret = krb5_rd_priv (context,
-			*auth_context,
-			&krb_priv_data,
-			out_data,
-			NULL);
-    
-    if (ret) {
-	krb5_warn (context, ret, "krb5_rd_priv");
-	reply_error ((*ticket)->server->realm, s, sa, sa_size, ret, 3, 
-		     "Bad request");
-	goto out;
-    }
-    return 0;
-out:
-    krb5_free_ticket (context, *ticket);
-    ticket = NULL;
-    return 1;
-}
-
-static void
-process (krb5_realm *realms,
-	 krb5_keytab keytab,
-	 int s,
-	 krb5_address *this_addr,
-	 struct sockaddr *sa,
-	 int sa_size,
-	 u_char *msg,
-	 int len)
-{
-    krb5_error_code ret;
-    krb5_auth_context auth_context = NULL;
-    krb5_data out_data;
-    krb5_ticket *ticket;
-    krb5_address other_addr;
-    uint16_t version;
-
-
-    krb5_data_zero (&out_data);
-
-    ret = krb5_auth_con_init (context, &auth_context);
-    if (ret) {
-	krb5_warn (context, ret, "krb5_auth_con_init");
-	return;
-    }
-
-    krb5_auth_con_setflags (context, auth_context,
-			    KRB5_AUTH_CONTEXT_DO_SEQUENCE);
-
-    ret = krb5_sockaddr2address (context, sa, &other_addr);
-    if (ret) {
-	krb5_warn (context, ret, "krb5_sockaddr2address");
-	goto out;
-    }
-
-    ret = krb5_auth_con_setaddrs (context,
-				  auth_context,
-				  this_addr,
-				  &other_addr);
-    krb5_free_address (context, &other_addr);
-    if (ret) {
-	krb5_warn (context, ret, "krb5_auth_con_setaddr");
-	goto out;
-    }
-
-    if (verify (&auth_context, realms, keytab, &ticket, &out_data,
-		&version, s, sa, sa_size, msg, len) == 0) {
-	change (auth_context,
-		ticket->client,
-		version,
-		s,
-		sa, sa_size,
-		&out_data);
-	memset (out_data.data, 0, out_data.length);
-	krb5_free_ticket (context, ticket);
-    }
-
-out:
-    krb5_data_free (&out_data);
-    krb5_auth_con_free (context, auth_context);
-}
-
-static int
-doit (krb5_keytab keytab, int port)
-{
-    krb5_error_code ret;
-    int *sockets;
-    int maxfd;
-    krb5_realm *realms;
-    krb5_addresses addrs;
-    unsigned n, i;
-    fd_set real_fdset;
-    struct sockaddr_storage __ss;
-    struct sockaddr *sa = (struct sockaddr *)&__ss;
-
-    ret = krb5_get_default_realms(context, &realms);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_get_default_realms");
-
-    if (explicit_addresses.len) {
-	addrs = explicit_addresses;
-    } else {
-	ret = krb5_get_all_server_addrs (context, &addrs);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_get_all_server_addrs");
-    }
-    n = addrs.len;
-
-    sockets = malloc (n * sizeof(*sockets));
-    if (sockets == NULL)
-	krb5_errx (context, 1, "out of memory");
-    maxfd = -1;
-    FD_ZERO(&real_fdset);
-    for (i = 0; i < n; ++i) {
-	krb5_socklen_t sa_size = sizeof(__ss);
-
-	krb5_addr2sockaddr (context, &addrs.val[i], sa, &sa_size, port);
-	
-	sockets[i] = socket (sa->sa_family, SOCK_DGRAM, 0);
-	if (sockets[i] < 0)
-	    krb5_err (context, 1, errno, "socket");
-	if (bind (sockets[i], sa, sa_size) < 0) {
-	    char str[128];
-	    size_t len;
-	    int save_errno = errno;
-
-	    ret = krb5_print_address (&addrs.val[i], str, sizeof(str), &len);
-	    if (ret)
-		strlcpy(str, "unknown address", sizeof(str));
-	    krb5_warn (context, save_errno, "bind(%s)", str);
-	    continue;
-	}
-	maxfd = max (maxfd, sockets[i]);
-	if (maxfd >= FD_SETSIZE)
-	    krb5_errx (context, 1, "fd too large");
-	FD_SET(sockets[i], &real_fdset);
-    }
-    if (maxfd == -1)
-	krb5_errx (context, 1, "No sockets!");
-
-    while(exit_flag == 0) {
-	int ret;
-	fd_set fdset = real_fdset;
-
-	ret = select (maxfd + 1, &fdset, NULL, NULL, NULL);
-	if (ret < 0) {
-	    if (errno == EINTR)
-		continue;
-	    else
-		krb5_err (context, 1, errno, "select");
-	}
-	for (i = 0; i < n; ++i)
-	    if (FD_ISSET(sockets[i], &fdset)) {
-		u_char buf[BUFSIZ];
-		socklen_t addrlen = sizeof(__ss);
-
-		ret = recvfrom (sockets[i], buf, sizeof(buf), 0,
-				sa, &addrlen);
-		if (ret < 0) {
-		    if(errno == EINTR)
-			break;
-		    else
-			krb5_err (context, 1, errno, "recvfrom");
-		}
-
-		process (realms, keytab, sockets[i],
-			 &addrs.val[i],
-			 sa, addrlen,
-			 buf, ret);
-	    }
-    }
-
-    for (i = 0; i < n; ++i)
-	close(sockets[i]);
-    free(sockets);
-
-    krb5_free_addresses (context, &addrs);
-    krb5_free_host_realm (context, realms);
-    krb5_free_context (context);
-    return 0;
-}
-
-static RETSIGTYPE
-sigterm(int sig)
-{
-    exit_flag = 1;
-}
-
-static const char *check_library  = NULL;
-static const char *check_function = NULL;
-static getarg_strings policy_libraries = { 0, NULL };
-static char *keytab_str = "HDB:";
-static char *realm_str;
-static int version_flag;
-static int help_flag;
-static char *port_str;
-static char *config_file;
-
-struct getargs args[] = {
-#ifdef HAVE_DLOPEN
-    { "check-library", 0, arg_string, &check_library, 
-      "library to load password check function from", "library" },
-    { "check-function", 0, arg_string, &check_function,
-      "password check function to load", "function" },
-    { "policy-libraries", 0, arg_strings, &policy_libraries,
-      "password check function to load", "function" },
-#endif
-    { "addresses",	0,	arg_strings, &addresses_str,
-      "addresses to listen on", "list of addresses" },
-    { "keytab", 'k', arg_string, &keytab_str, 
-      "keytab to get authentication key from", "kspec" },
-    { "config-file", 'c', arg_string, &config_file },
-    { "realm", 'r', arg_string, &realm_str, "default realm", "realm" },
-    { "port",  'p', arg_string, &port_str, "port" },
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 0, arg_flag, &help_flag }
-};
-int num_args = sizeof(args) / sizeof(args[0]);
-
-int
-main (int argc, char **argv)
-{
-    int optind;
-    krb5_keytab keytab;
-    krb5_error_code ret;
-    char **files;
-    int port, i;
-    
-    optind = krb5_program_setup(&context, argc, argv, args, num_args, NULL);
-    
-    if(help_flag)
-	krb5_std_usage(0, args, num_args);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    if (config_file == NULL) {
-	asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context));
-	if (config_file == NULL)
-	    errx(1, "out of memory");
-    }
-
-    ret = krb5_prepend_config_files_default(config_file, &files);
-    if (ret)
-	krb5_err(context, 1, ret, "getting configuration files");
-
-    ret = krb5_set_config_files(context, files);
-    krb5_free_config_files(files);
-    if (ret)
-	krb5_err(context, 1, ret, "reading configuration files");
-
-    if(realm_str)
-	krb5_set_default_realm(context, realm_str);
-    
-    krb5_openlog (context, "kpasswdd", &log_facility);
-    krb5_set_warn_dest(context, log_facility);
-
-    if (port_str != NULL) {
-	struct servent *s = roken_getservbyname (port_str, "udp");
-
-	if (s != NULL)
-	    port = s->s_port;
-	else {
-	    char *ptr;
-
-	    port = strtol (port_str, &ptr, 10);
-	    if (port == 0 && ptr == port_str)
-		krb5_errx (context, 1, "bad port `%s'", port_str);
-	    port = htons(port);
-	}
-    } else
-	port = krb5_getportbyname (context, "kpasswd", "udp", KPASSWD_PORT);
-
-    ret = krb5_kt_register(context, &hdb_kt_ops);
-    if(ret)
-	krb5_err(context, 1, ret, "krb5_kt_register");
-
-    ret = krb5_kt_resolve(context, keytab_str, &keytab);
-    if(ret)
-	krb5_err(context, 1, ret, "%s", keytab_str);
-    
-    kadm5_setup_passwd_quality_check (context, check_library, check_function);
-
-    for (i = 0; i < policy_libraries.num_strings; i++) {
-	ret = kadm5_add_passwd_quality_verifier(context, 
-						policy_libraries.strings[i]);
-	if (ret)
-	    krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
-    }
-    ret = kadm5_add_passwd_quality_verifier(context, NULL);
-    if (ret)
-	krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
-
-
-    explicit_addresses.len = 0;
-
-    if (addresses_str.num_strings) {
-	int i;
-
-	for (i = 0; i < addresses_str.num_strings; ++i)
-	    add_one_address (addresses_str.strings[i], i == 0);
-	free_getarg_strings (&addresses_str);
-    } else {
-	char **foo = krb5_config_get_strings (context, NULL,
-					      "kdc", "addresses", NULL);
-
-	if (foo != NULL) {
-	    add_one_address (*foo++, TRUE);
-	    while (*foo)
-		add_one_address (*foo++, FALSE);
-	}
-    }
-
-#ifdef HAVE_SIGACTION
-    {
-	struct sigaction sa;
-
-	sa.sa_flags = 0;
-	sa.sa_handler = sigterm;
-	sigemptyset(&sa.sa_mask);
-
-	sigaction(SIGINT,  &sa, NULL);
-	sigaction(SIGTERM, &sa, NULL);
-    }
-#else
-    signal(SIGINT,  sigterm);
-    signal(SIGTERM, sigterm);
-#endif
-
-    pidfile(NULL);
-
-    return doit (keytab, port);
-}
diff --git a/crypto/heimdal/krb5.conf b/crypto/heimdal/krb5.conf
deleted file mode 100644
index c9f4c44a5e4f..000000000000
--- a/crypto/heimdal/krb5.conf
+++ /dev/null
@@ -1,26 +0,0 @@
-[libdefaults]
-        default_realm = MY.REALM
-	clockskew = 300
-	v4_instance_resolve = false
-	v4_name_convert = {
-		host = {
-			rcmd = host
-			ftp = ftp
-		}
-		plain = {
-			something = something-else
-		}
-	}
-	
-[realms]
-	MY.REALM = {
-		kdc = MY.COMPUTER
-	}
-	OTHER.REALM = {
-		v4_instance_convert = {
-			kerberos = kerberos
-			computer = computer.some.other.domain
-		}
-	}
-[domain_realm]
-	.my.domain = MY.REALM
diff --git a/crypto/heimdal/kuser/Makefile.am b/crypto/heimdal/kuser/Makefile.am
deleted file mode 100644
index 619d8f8562dd..000000000000
--- a/crypto/heimdal/kuser/Makefile.am
+++ /dev/null
@@ -1,64 +0,0 @@
-# $Id: Makefile.am 22285 2007-12-13 20:40:57Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-AM_CPPFLAGS += $(INCLUDE_hcrypto) -I$(srcdir)/../lib/krb5
-
-man_MANS = \
-	kinit.1 \
-	klist.1 \
-	kdestroy.1 \
-	kgetcred.1 \
-	kimpersonate.1
-
-SLC = $(top_builddir)/lib/sl/slc
-
-bin_PROGRAMS = kinit klist kdestroy kgetcred
-libexec_PROGRAMS = kdigest kimpersonate
-
-noinst_PROGRAMS = kverify kdecode_ticket generate-requests copy_cred_cache
-
-kinit_LDADD = \
-	$(LIB_kafs) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/ntlm/libheimntlm.la \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken)
-
-kdestroy_LDADD	= $(kinit_LDADD)
-
-klist_LDADD	= $(kinit_LDADD)
-
-kimpersonate_LDADD = $(kinit_LDADD)
-
-dist_kdigest_SOURCES = kdigest.c
-nodist_kdigest_SOURCES = kdigest-commands.c
-
-kdigest_LDADD = \
-	$(top_builddir)/lib/ntlm/libheimntlm.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(top_builddir)/lib/sl/libsl.la \
-	$(LIB_roken)
-
-$(kdigest_OBJECTS): kdigest-commands.h
-
-CLEANFILES = kdigest-commands.h kdigest-commands.c
-
-kdigest-commands.c kdigest-commands.h: kdigest-commands.in
-	$(SLC) $(srcdir)/kdigest-commands.in
-
-LDADD = \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken)
-
-# make sure install-exec-hook doesn't have any commands in Makefile.am.common
-install-exec-hook:
-	(cd $(DESTDIR)$(bindir) && rm -f kauth && $(LN_S) kinit kauth)
-
-EXTRA_DIST = $(man_MANS) kuser_locl.h kdigest-commands.in copy_cred_cache.1
-
diff --git a/crypto/heimdal/kuser/Makefile.in b/crypto/heimdal/kuser/Makefile.in
deleted file mode 100644
index 8616bf3869ef..000000000000
--- a/crypto/heimdal/kuser/Makefile.in
+++ /dev/null
@@ -1,1002 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 22285 2007-12-13 20:40:57Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common
-bin_PROGRAMS = kinit$(EXEEXT) klist$(EXEEXT) kdestroy$(EXEEXT) \
-	kgetcred$(EXEEXT)
-libexec_PROGRAMS = kdigest$(EXEEXT) kimpersonate$(EXEEXT)
-noinst_PROGRAMS = kverify$(EXEEXT) kdecode_ticket$(EXEEXT) \
-	generate-requests$(EXEEXT) copy_cred_cache$(EXEEXT)
-subdir = kuser
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" \
-	"$(DESTDIR)$(man1dir)"
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS) $(noinst_PROGRAMS)
-copy_cred_cache_SOURCES = copy_cred_cache.c
-copy_cred_cache_OBJECTS = copy_cred_cache.$(OBJEXT)
-copy_cred_cache_LDADD = $(LDADD)
-am__DEPENDENCIES_1 =
-copy_cred_cache_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
-	$(am__DEPENDENCIES_1)
-generate_requests_SOURCES = generate-requests.c
-generate_requests_OBJECTS = generate-requests.$(OBJEXT)
-generate_requests_LDADD = $(LDADD)
-generate_requests_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
-	$(am__DEPENDENCIES_1)
-kdecode_ticket_SOURCES = kdecode_ticket.c
-kdecode_ticket_OBJECTS = kdecode_ticket.$(OBJEXT)
-kdecode_ticket_LDADD = $(LDADD)
-kdecode_ticket_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
-	$(am__DEPENDENCIES_1)
-kdestroy_SOURCES = kdestroy.c
-kdestroy_OBJECTS = kdestroy.$(OBJEXT)
-am__DEPENDENCIES_2 = $(top_builddir)/lib/kafs/libkafs.la \
-	$(am__DEPENDENCIES_1)
-am__DEPENDENCIES_3 = $(am__DEPENDENCIES_2) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/ntlm/libheimntlm.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-kdestroy_DEPENDENCIES = $(am__DEPENDENCIES_3)
-dist_kdigest_OBJECTS = kdigest.$(OBJEXT)
-nodist_kdigest_OBJECTS = kdigest-commands.$(OBJEXT)
-kdigest_OBJECTS = $(dist_kdigest_OBJECTS) $(nodist_kdigest_OBJECTS)
-kdigest_DEPENDENCIES = $(top_builddir)/lib/ntlm/libheimntlm.la \
-	$(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(top_builddir)/lib/sl/libsl.la $(am__DEPENDENCIES_1)
-kgetcred_SOURCES = kgetcred.c
-kgetcred_OBJECTS = kgetcred.$(OBJEXT)
-kgetcred_LDADD = $(LDADD)
-kgetcred_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
-	$(am__DEPENDENCIES_1)
-kimpersonate_SOURCES = kimpersonate.c
-kimpersonate_OBJECTS = kimpersonate.$(OBJEXT)
-kimpersonate_DEPENDENCIES = $(am__DEPENDENCIES_3)
-kinit_SOURCES = kinit.c
-kinit_OBJECTS = kinit.$(OBJEXT)
-kinit_DEPENDENCIES = $(am__DEPENDENCIES_2) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/ntlm/libheimntlm.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-klist_SOURCES = klist.c
-klist_OBJECTS = klist.$(OBJEXT)
-klist_DEPENDENCIES = $(am__DEPENDENCIES_3)
-kverify_SOURCES = kverify.c
-kverify_OBJECTS = kverify.$(OBJEXT)
-kverify_LDADD = $(LDADD)
-kverify_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
-	$(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-SOURCES = copy_cred_cache.c generate-requests.c kdecode_ticket.c \
-	kdestroy.c $(dist_kdigest_SOURCES) $(nodist_kdigest_SOURCES) \
-	kgetcred.c kimpersonate.c kinit.c klist.c kverify.c
-DIST_SOURCES = copy_cred_cache.c generate-requests.c kdecode_ticket.c \
-	kdestroy.c $(dist_kdigest_SOURCES) kgetcred.c kimpersonate.c \
-	kinit.c klist.c kverify.c
-man1dir = $(mandir)/man1
-MANS = $(man_MANS)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
-	$(INCLUDE_hcrypto) -I$(srcdir)/../lib/krb5
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-man_MANS = \
-	kinit.1 \
-	klist.1 \
-	kdestroy.1 \
-	kgetcred.1 \
-	kimpersonate.1
-
-SLC = $(top_builddir)/lib/sl/slc
-kinit_LDADD = \
-	$(LIB_kafs) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/ntlm/libheimntlm.la \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken)
-
-kdestroy_LDADD = $(kinit_LDADD)
-klist_LDADD = $(kinit_LDADD)
-kimpersonate_LDADD = $(kinit_LDADD)
-dist_kdigest_SOURCES = kdigest.c
-nodist_kdigest_SOURCES = kdigest-commands.c
-kdigest_LDADD = \
-	$(top_builddir)/lib/ntlm/libheimntlm.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(top_builddir)/lib/sl/libsl.la \
-	$(LIB_roken)
-
-CLEANFILES = kdigest-commands.h kdigest-commands.c
-LDADD = \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken)
-
-EXTRA_DIST = $(man_MANS) kuser_locl.h kdigest-commands.in copy_cred_cache.1
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps kuser/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps kuser/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(bindir)/$$f"; \
-	done
-
-clean-binPROGRAMS:
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-install-libexecPROGRAMS: $(libexec_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)"
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(libexecdir)/$$f'"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(libexecdir)/$$f" || exit 1; \
-	  else :; fi; \
-	done
-
-uninstall-libexecPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f '$(DESTDIR)$(libexecdir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(libexecdir)/$$f"; \
-	done
-
-clean-libexecPROGRAMS:
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-
-clean-noinstPROGRAMS:
-	@list='$(noinst_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-copy_cred_cache$(EXEEXT): $(copy_cred_cache_OBJECTS) $(copy_cred_cache_DEPENDENCIES) 
-	@rm -f copy_cred_cache$(EXEEXT)
-	$(LINK) $(copy_cred_cache_OBJECTS) $(copy_cred_cache_LDADD) $(LIBS)
-generate-requests$(EXEEXT): $(generate_requests_OBJECTS) $(generate_requests_DEPENDENCIES) 
-	@rm -f generate-requests$(EXEEXT)
-	$(LINK) $(generate_requests_OBJECTS) $(generate_requests_LDADD) $(LIBS)
-kdecode_ticket$(EXEEXT): $(kdecode_ticket_OBJECTS) $(kdecode_ticket_DEPENDENCIES) 
-	@rm -f kdecode_ticket$(EXEEXT)
-	$(LINK) $(kdecode_ticket_OBJECTS) $(kdecode_ticket_LDADD) $(LIBS)
-kdestroy$(EXEEXT): $(kdestroy_OBJECTS) $(kdestroy_DEPENDENCIES) 
-	@rm -f kdestroy$(EXEEXT)
-	$(LINK) $(kdestroy_OBJECTS) $(kdestroy_LDADD) $(LIBS)
-kdigest$(EXEEXT): $(kdigest_OBJECTS) $(kdigest_DEPENDENCIES) 
-	@rm -f kdigest$(EXEEXT)
-	$(LINK) $(kdigest_OBJECTS) $(kdigest_LDADD) $(LIBS)
-kgetcred$(EXEEXT): $(kgetcred_OBJECTS) $(kgetcred_DEPENDENCIES) 
-	@rm -f kgetcred$(EXEEXT)
-	$(LINK) $(kgetcred_OBJECTS) $(kgetcred_LDADD) $(LIBS)
-kimpersonate$(EXEEXT): $(kimpersonate_OBJECTS) $(kimpersonate_DEPENDENCIES) 
-	@rm -f kimpersonate$(EXEEXT)
-	$(LINK) $(kimpersonate_OBJECTS) $(kimpersonate_LDADD) $(LIBS)
-kinit$(EXEEXT): $(kinit_OBJECTS) $(kinit_DEPENDENCIES) 
-	@rm -f kinit$(EXEEXT)
-	$(LINK) $(kinit_OBJECTS) $(kinit_LDADD) $(LIBS)
-klist$(EXEEXT): $(klist_OBJECTS) $(klist_DEPENDENCIES) 
-	@rm -f klist$(EXEEXT)
-	$(LINK) $(klist_OBJECTS) $(klist_LDADD) $(LIBS)
-kverify$(EXEEXT): $(kverify_OBJECTS) $(kverify_DEPENDENCIES) 
-	@rm -f kverify$(EXEEXT)
-	$(LINK) $(kverify_OBJECTS) $(kverify_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-man1: $(man1_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)"
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    1*) ;; \
-	    *) ext='1' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \
-	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \
-	done
-uninstall-man1:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    1*) ;; \
-	    *) ext='1' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \
-	  rm -f "$(DESTDIR)$(man1dir)/$$inst"; \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-installdirs:
-	for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man1dir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
-	clean-libtool clean-noinstPROGRAMS mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am: install-binPROGRAMS install-libexecPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man: install-man1
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-binPROGRAMS uninstall-libexecPROGRAMS \
-	uninstall-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-uninstall-man: uninstall-man1
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
-	clean clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
-	clean-libtool clean-noinstPROGRAMS ctags dist-hook distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-binPROGRAMS install-data \
-	install-data-am install-data-hook install-dvi install-dvi-am \
-	install-exec install-exec-am install-exec-hook install-html \
-	install-html-am install-info install-info-am \
-	install-libexecPROGRAMS install-man install-man1 install-pdf \
-	install-pdf-am install-ps install-ps-am install-strip \
-	installcheck installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-binPROGRAMS \
-	uninstall-hook uninstall-libexecPROGRAMS uninstall-man \
-	uninstall-man1
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-$(kdigest_OBJECTS): kdigest-commands.h
-
-kdigest-commands.c kdigest-commands.h: kdigest-commands.in
-	$(SLC) $(srcdir)/kdigest-commands.in
-
-# make sure install-exec-hook doesn't have any commands in Makefile.am.common
-install-exec-hook:
-	(cd $(DESTDIR)$(bindir) && rm -f kauth && $(LN_S) kinit kauth)
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/kuser/copy_cred_cache.1 b/crypto/heimdal/kuser/copy_cred_cache.1
deleted file mode 100644
index b589735b7888..000000000000
--- a/crypto/heimdal/kuser/copy_cred_cache.1
+++ /dev/null
@@ -1,97 +0,0 @@
-.\" Copyright (c) 2004 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: copy_cred_cache.1 13783 2004-04-25 16:03:45Z joda $
-.\"
-.Dd April 24, 2004
-.Dt COPY_CRED_CACHE 1
-.Os HEIMDAL
-.Sh NAME
-.Nm copy_cred_cache
-.Nd
-copy credentials from one cache to another
-.Sh SYNOPSIS
-.Nm
-.Op Fl -krbtgt-only
-.Op Fl -service= Ns Ar principal
-.Op Fl -enctype= Ns Ar enctype
-.Op Fl -flags= Ns Ar ticketflags
-.Op Fl -valid-for= Ns Ar time
-.Op Fl -fcache-version= Ns Ar integer
-.Op Aq Ar from-cache
-.Aq Ar to-cache
-.Sh DESCRIPTION
-.Nm
-copies credentials from
-.Aq Ar from-cache
-(or the default cache) to
-.Aq Ar to-cache .
-.Pp
-Supported options:
-.Bl -tag -width Ds
-.It Fl -krbtgt-only
-Copies only krbtgt credentials for the client's realm. This is
-equivalent to
-.Fl -service= Ns Li krbtgt/ Ns Ao Ar CLIENTREALM Ac Ns Li @ Ns Ao Ar CLIENTREALM Ac .
-.It Fl -service= Ns Ar principal
-Copies only credentials matching this service principal.
-.It Fl -enctype= Ns Ar enctype
-Copies only credentials a matching enctype.
-.It Fl -flags= Ns Ar ticketflags
-Copies only credentials with these ticket flags set.
-.It Fl -valid-for= Ns Ar time
-Copies only credentials that are valid for at least this long. This
-does not take renewable creds into account.
-.It Fl -fcache-version= Ns Ar integer
-The created cache, If a standard
-.Li FILE
-cache is created, it will have this file format version.
-.El
-.\".Sh ENVIRONMENT
-.\".Sh FILES
-.Sh EXAMPLES
-To copy only credentials that are valid for at least one day and with
-the
-.Li initial
-flag set, try something like:
-.Bd -literal -offset indent
-$ copy_cred_cache --valid-for=1d --flags=initial FILE:/some/cache
-.Ed
-.Sh DIAGNOSTICS
-The
-.Nm
-utility exits 0 on success, and \*[Gt]0 if an error occurs, or of no
-credentials where actually copied.
-.\".Sh SEE ALSO
-.\".Sh STANDARDS
-.\".Sh HISTORY
-.\".Sh AUTHORS
-.\".Sh BUGS
diff --git a/crypto/heimdal/kuser/copy_cred_cache.c b/crypto/heimdal/kuser/copy_cred_cache.c
deleted file mode 100644
index 8faf82d41ff4..000000000000
--- a/crypto/heimdal/kuser/copy_cred_cache.c
+++ /dev/null
@@ -1,215 +0,0 @@
-/*
- * Copyright (c) 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: copy_cred_cache.c 15542 2005-07-01 07:20:54Z lha $");
-#endif
-
-#include <stdlib.h>
-#include <krb5.h>
-#include <roken.h>
-#include <getarg.h>
-#include <parse_units.h>
-#include <parse_time.h>
-
-static int krbtgt_only_flag;
-static char *service_string;
-static char *enctype_string;
-static char *flags_string;
-static char *valid_string;
-static int fcache_version;
-static int help_flag;
-static int version_flag;
-
-static struct getargs args[] = {
-    { "krbtgt-only", 0, arg_flag, &krbtgt_only_flag,
-      "only copy local krbtgt" },
-    { "service", 0, arg_string, &service_string,
-      "limit to this service", "principal" },
-    { "enctype", 0, arg_string, &enctype_string,
-      "limit to this enctype", "enctype" },
-    { "flags", 0, arg_string, &flags_string,
-      "limit to these flags", "ticketflags" },
-    { "valid-for", 0, arg_string, &valid_string, 
-      "limit to creds valid for at least this long", "time" },
-    { "fcache-version", 0, arg_integer, &fcache_version,
-      "file cache version to create" },
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 'h', arg_flag, &help_flag }
-};
-
-static void
-usage(int ret)
-{
-    arg_printusage(args,
-		   sizeof(args) / sizeof(*args),
-		   NULL,
-		   "[from-cache] to-cache");
-    exit(ret);
-}
-
-static int32_t
-bitswap32(int32_t b)
-{
-    int32_t r = 0;
-    int i;
-    for (i = 0; i < 32; i++) {
-	r = r << 1 | (b & 1);
-	b = b >> 1;
-    }
-    return r;
-}
-
-static void
-parse_ticket_flags(krb5_context context,
-		   const char *string, krb5_ticket_flags *ret_flags)
-{
-    TicketFlags ff;
-    int flags = parse_flags(string, asn1_TicketFlags_units(), 0);
-    if (flags == -1)	/* XXX */
-	krb5_errx(context, 1, "bad flags specified: \"%s\"", string);
-
-    memset(&ff, 0, sizeof(ff));
-    ff.proxy = 1;
-    if (parse_flags("proxy", asn1_TicketFlags_units(), 0) == TicketFlags2int(ff))
-	ret_flags->i = flags;
-    else
-	ret_flags->i = bitswap32(flags);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_context context;
-    int optidx = 0;
-    const char *from_name, *to_name;
-    krb5_ccache from_ccache, to_ccache;
-    krb5_flags whichfields = 0;
-    krb5_creds mcreds;
-    unsigned int matched;
-
-    setprogname(argv[0]);
-
-    memset(&mcreds, 0, sizeof(mcreds));
-
-    if (getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-
-    if (help_flag)
-	usage(0);
-
-    if (version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-    argc -= optidx;
-    argv += optidx;
-
-    if (argc < 1 || argc > 2)
-	usage(1);
-
-    if (krb5_init_context(&context))
-	errx(1, "krb5_init_context failed");
-
-    if (service_string) {
-	ret = krb5_parse_name(context, service_string, &mcreds.server);
-	if (ret)
-	    krb5_err(context, 1, ret, "%s", service_string);
-    }
-    if (enctype_string) {
-	krb5_enctype enctype;
-	ret = krb5_string_to_enctype(context, enctype_string, &enctype);
-	if (ret)
-	    krb5_err(context, 1, ret, "%s", enctype_string);
-	whichfields |= KRB5_TC_MATCH_KEYTYPE;
-	mcreds.session.keytype = enctype;
-    }
-    if (flags_string) {
-	parse_ticket_flags(context, flags_string, &mcreds.flags);
-	whichfields |= KRB5_TC_MATCH_FLAGS;
-    }
-    if (valid_string) {
-	time_t t = parse_time(valid_string, "s");
-	if(t < 0)
-	    errx(1, "unknown time \"%s\"", valid_string);
-	mcreds.times.endtime = time(NULL) + t;
-	whichfields |= KRB5_TC_MATCH_TIMES;
-    }
-    if (fcache_version)
-	krb5_set_fcache_version(context, fcache_version);
-
-    if (argc == 1) {
-	from_name = krb5_cc_default_name(context);
-	to_name = argv[0];
-    } else {
-	from_name = argv[0];
-	to_name = argv[1];
-    }
-
-    ret = krb5_cc_resolve(context, from_name, &from_ccache);
-    if (ret)
-	krb5_err(context, 1, ret, "%s", from_name);
-
-    if (krbtgt_only_flag) {
-	krb5_principal client;
-	ret = krb5_cc_get_principal(context, from_ccache, &client);
-	if (ret)
-	    krb5_err(context, 1, ret, "getting default principal");
-	ret = krb5_make_principal(context, &mcreds.server,
-				  krb5_principal_get_realm(context, client),
-				  KRB5_TGS_NAME,
-				  krb5_principal_get_realm(context, client),
-				  NULL);
-	if (ret)
-	    krb5_err(context, 1, ret, "constructing krbtgt principal");
-	krb5_free_principal(context, client);
-    }
-    ret = krb5_cc_resolve(context, to_name, &to_ccache);
-    if (ret)
-	krb5_err(context, 1, ret, "%s", to_name);
-
-    ret = krb5_cc_copy_cache_match(context, from_ccache, to_ccache,
-				   whichfields, &mcreds, &matched);
-    if (ret)
-	krb5_err(context, 1, ret, "copying cred cache");
-
-    krb5_cc_close(context, from_ccache);
-    if(matched == 0)
-	krb5_cc_destroy(context, to_ccache);
-    else
-	krb5_cc_close(context, to_ccache);
-    krb5_free_context(context);
-    return matched == 0;
-}
diff --git a/crypto/heimdal/kuser/generate-requests.c b/crypto/heimdal/kuser/generate-requests.c
deleted file mode 100644
index 95d8dc968bbf..000000000000
--- a/crypto/heimdal/kuser/generate-requests.c
+++ /dev/null
@@ -1,161 +0,0 @@
-/*
- * Copyright (c) 2000 - 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kuser_locl.h"
-
-RCSID("$Id: generate-requests.c 19233 2006-12-06 08:04:05Z lha $");
-
-static krb5_error_code
-null_key_proc (krb5_context context,
-	       krb5_enctype type,
-	       krb5_salt salt,
-	       krb5_const_pointer keyseed,
-	       krb5_keyblock **key)
-{
-    return ENOTTY;
-}
-
-static unsigned
-read_words (const char *filename, char ***ret_w)
-{
-    unsigned n, alloc;
-    FILE *f;
-    char buf[256];
-    char **w = NULL;
-
-    f = fopen (filename, "r");
-    if (f == NULL)
-	err (1, "cannot open %s", filename);
-    alloc = n = 0;
-    while (fgets (buf, sizeof(buf), f) != NULL) {
-	buf[strcspn(buf, "\r\n")] = '\0';
-	if (n >= alloc) {
-	    alloc += 16;
-	    w = erealloc (w, alloc * sizeof(char **));
-	}
-	w[n++] = estrdup (buf);
-    }
-    *ret_w = w;
-    if (n == 0)
-	errx(1, "%s is an empty file, no words to try", filename);
-    return n;
-}
-
-static void
-generate_requests (const char *filename, unsigned nreq)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    krb5_creds cred;
-    int i;
-    char **words;
-    unsigned nwords;
-
-    ret = krb5_init_context (&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    nwords = read_words (filename, &words);
-
-    for (i = 0; i < nreq; ++i) {
-	char *name = words[rand() % nwords];
-	krb5_realm *client_realm;
-
-	memset(&cred, 0, sizeof(cred));
-
-	ret = krb5_parse_name (context, name, &cred.client);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_parse_name %s", name);
-	client_realm = krb5_princ_realm (context, cred.client);
-
-	ret = krb5_make_principal(context, &cred.server, *client_realm,
-				  KRB5_TGS_NAME, *client_realm, NULL);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_make_principal");
-
-	ret = krb5_get_in_cred (context, 0, NULL, NULL, NULL, NULL,
-				null_key_proc, NULL, NULL, NULL,
-				&cred, NULL);
-	krb5_free_cred_contents (context, &cred);
-    }
-}
-
-static int version_flag	= 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    { "version", 	0,   arg_flag, &version_flag },
-    { "help",		0,   arg_flag, &help_flag }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "file number");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    int optidx = 0;
-    int nreq;
-    char *end;
-
-    setprogname(argv[0]);
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-
-    if (help_flag)
-	usage (0);
-
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    if (argc != 2)
-	usage (1);
-    srand (0);
-    nreq = strtol (argv[1], &end, 0);
-    if (argv[1] == end || *end != '\0')
-	usage (1);
-    generate_requests (argv[0], nreq);
-    return 0;
-}
diff --git a/crypto/heimdal/kuser/kauth_options.c b/crypto/heimdal/kuser/kauth_options.c
deleted file mode 100644
index c432d32ac14a..000000000000
--- a/crypto/heimdal/kuser/kauth_options.c
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Copyright (c) 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kuser_locl.h"
-RCSID("$Id: kauth_options.c,v 1.2 1999/12/02 17:05:00 joda Exp $");
-
-#ifdef KRB4
-int do_afslog		= 1;
-int get_v4_tgt		= 1;
-#endif
diff --git a/crypto/heimdal/kuser/kdecode_ticket.c b/crypto/heimdal/kuser/kdecode_ticket.c
deleted file mode 100644
index 968478d34779..000000000000
--- a/crypto/heimdal/kuser/kdecode_ticket.c
+++ /dev/null
@@ -1,162 +0,0 @@
-/*
- * Copyright (c) 1997 - 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kuser_locl.h"
-
-RCSID("$Id: kdecode_ticket.c 15541 2005-07-01 07:14:58Z lha $");
-
-static char *etype_str;
-static int version_flag;
-static int help_flag;
-
-static void
-print_and_decode_tkt (krb5_context context,
-		      krb5_data *ticket,
-		      krb5_principal server,
-		      krb5_enctype enctype)
-{
-    krb5_error_code ret;
-    krb5_crypto crypto;
-    krb5_data dec_data;
-    size_t len;
-    EncTicketPart decr_part;
-    krb5_keyblock key;
-    Ticket tkt;
-
-    ret = decode_Ticket (ticket->data, ticket->length, &tkt, &len);
-    if (ret)
-	krb5_err (context, 1, ret, "decode_Ticket");
-
-    ret = krb5_string_to_key (context, enctype, "foo", server, &key);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_string_to_key");
-
-    ret = krb5_crypto_init(context, &key, 0, &crypto);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_crypto_init");
-
-    ret = krb5_decrypt_EncryptedData (context, crypto, KRB5_KU_TICKET,
-				      &tkt.enc_part, &dec_data);
-    krb5_crypto_destroy (context, crypto);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_decrypt_EncryptedData");
-    ret = krb5_decode_EncTicketPart (context, dec_data.data, dec_data.length,
-				     &decr_part, &len);
-    krb5_data_free (&dec_data);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_decode_EncTicketPart");
-}
-
-struct getargs args[] = {
-    { "enctype",	'e', arg_string, &etype_str,
-      "encryption type to use", "enctype"},
-    { "version", 	0,   arg_flag, &version_flag },
-    { "help",		0,   arg_flag, &help_flag }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "service");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_context context;
-    krb5_ccache cache;
-    krb5_creds in, *out;
-    int optidx = 0;
-
-    setprogname (argv[0]);
-
-    ret = krb5_init_context (&context);
-    if (ret)
-	errx(1, "krb5_init_context failed: %d", ret);
-  
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    if (argc != 1)
-	usage (1);
-
-    ret = krb5_cc_default(context, &cache);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_cc_default");
-
-    memset(&in, 0, sizeof(in));
-
-    if (etype_str) {
-	krb5_enctype enctype;
-
-	ret = krb5_string_to_enctype(context, etype_str, &enctype);
-	if (ret)
-	    krb5_errx (context, 1, "unrecognized enctype: %s", etype_str);
-	in.session.keytype = enctype;
-    }
-
-    ret = krb5_cc_get_principal(context, cache, &in.client);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_cc_get_principal");
-
-    ret = krb5_parse_name(context, argv[0], &in.server);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_parse_name %s", argv[0]);
-
-    in.times.endtime = 0;
-    ret = krb5_get_credentials(context, 0, cache, &in, &out);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_get_credentials");
-
-    print_and_decode_tkt (context, &out->ticket, out->server,
-			  out->session.keytype);
-
-    krb5_free_cred_contents(context, out);
-    return 0;
-}
diff --git a/crypto/heimdal/kuser/kdestroy.1 b/crypto/heimdal/kuser/kdestroy.1
deleted file mode 100644
index 5e187019ba45..000000000000
--- a/crypto/heimdal/kuser/kdestroy.1
+++ /dev/null
@@ -1,71 +0,0 @@
-.\" Copyright (c) 1997, 1999, 2001, 2004, 2006 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: kdestroy.1 22071 2007-11-14 20:04:50Z lha $
-.\"
-.Dd April 27, 2006
-.Dt KDESTROY 1
-.Os HEIMDAL
-.Sh NAME
-.Nm kdestroy
-.Nd remove one credental or destroy the current ticket file
-.Sh SYNOPSIS
-.Nm
-.Bk -words
-.Op Fl c Ar cachefile
-.Op Fl -credential= Ns Ar principal
-.Op Fl -cache= Ns Ar cachefile
-.Op Fl -no-unlog
-.Op Fl -no-delete-v4
-.Op Fl -version
-.Op Fl -help
-.Ek
-.Sh DESCRIPTION
-.Nm
-remove one or the current set of tickets.
-.Pp
-Supported options:
-.Bl -tag -width Ds
-.It Fl credential= Ns Ar principal
-remove
-.Fa principal
-from the credential cache if it exists.
-.It Fl c Ar cachefile
-.It Fl cache= Ns Ar cachefile
-The cache file to remove.
-.It Fl -no-unlog
-Do not remove AFS tokens.
-.It Fl -no-delete-v4
-Do not remove v4 tickets.
-.El
-.Sh SEE ALSO
-.Xr kinit 1 ,
-.Xr klist 1
diff --git a/crypto/heimdal/kuser/kdestroy.c b/crypto/heimdal/kuser/kdestroy.c
deleted file mode 100644
index 5358fcd67d92..000000000000
--- a/crypto/heimdal/kuser/kdestroy.c
+++ /dev/null
@@ -1,150 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kuser_locl.h"
-RCSID("$Id: kdestroy.c 20458 2007-04-19 20:41:27Z lha $");
-
-static const char *cache;
-static const char *credential;
-static int help_flag;
-static int version_flag;
-static int unlog_flag = 1;
-static int dest_tkt_flag = 1;
-
-struct getargs args[] = {
-    { "credential",	0,   arg_string, &credential,
-      "remove one credential", "principal" },
-    { "cache",		'c', arg_string, &cache, "cache to destroy", "cache" },
-    { "unlog",		0,   arg_negative_flag, &unlog_flag,
-      "do not destroy tokens", NULL },
-    { "delete-v4",	0,   arg_negative_flag, &dest_tkt_flag,
-      "do not destroy v4 tickets", NULL },
-    { "version", 	0,   arg_flag, &version_flag, NULL, NULL },
-    { "help",		'h', arg_flag, &help_flag, NULL, NULL}
-};
-
-int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage (int status)
-{
-    arg_printusage (args, num_args, NULL, "");
-    exit (status);
-}
-
-int
-main (int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_context context;
-    krb5_ccache  ccache;
-    int optidx = 0;
-    int exit_val = 0;
-
-    setprogname (argv[0]);
-
-    if(getarg(args, num_args, argc, argv, &optidx))
-	usage(1);
-  
-    if (help_flag)
-	usage (0);
-  
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-  
-    argc -= optidx;
-    argv += optidx;
-
-    if (argc != 0)
-	usage (1);
-
-    ret = krb5_init_context (&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-  
-    if(cache == NULL) {
-	cache = krb5_cc_default_name(context);
-	if (cache == NULL) {
-	    warnx ("krb5_cc_default_name: %s", krb5_get_err_text(context, ret));
-	    exit(1);
-	}
-    }
-
-    ret =  krb5_cc_resolve(context,
-			   cache, 
-			   &ccache);
-
-    if (ret == 0) {
-	if (credential) {
-	    krb5_creds mcred;
-	    
-	    krb5_cc_clear_mcred(&mcred);
-
-	    ret = krb5_parse_name(context, credential, &mcred.server);
-	    if (ret)
-		krb5_err(context, 1, ret,
-			 "Can't parse principal %s", credential);
-
-	    ret = krb5_cc_remove_cred(context, ccache, 0, &mcred);
-	    if (ret)
-		krb5_err(context, 1, ret, 
-			 "Failed to remove principal %s", credential);
-
-	    krb5_cc_close(context, ccache);
-	    krb5_free_principal(context, mcred.server);
-	    krb5_free_context(context);
-	    return 0;
-	}
-
-	ret = krb5_cc_destroy (context, ccache);
-	if (ret) {
-	    warnx ("krb5_cc_destroy: %s", krb5_get_err_text(context, ret));
-	    exit_val = 1;
-	}
-    } else {
-	warnx ("krb5_cc_resolve(%s): %s", cache,
-	       krb5_get_err_text(context, ret));
-	exit_val = 1;
-    }
-
-    krb5_free_context (context);
-
-    if (unlog_flag && k_hasafs ()) {
-	if (k_unlog ())
-	    exit_val = 1;
-    }
-
-    return exit_val;
-}
diff --git a/crypto/heimdal/kuser/kdigest-commands.in b/crypto/heimdal/kuser/kdigest-commands.in
deleted file mode 100644
index c980b188eddd..000000000000
--- a/crypto/heimdal/kuser/kdigest-commands.in
+++ /dev/null
@@ -1,280 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-/* $Id: kdigest-commands.in 22157 2007-12-04 20:03:29Z lha $ */
-
-command = {
-	name = "digest-probe"
-	option = {
-		long = "realm"
-		type = "string"
-		help = "Kerberos realm to communicate with"
-	}
-	help = "probe what mech is allowed/supported for this server"
-}
-command = {
-	name = "digest-server-init"
-	option = {
-		long = "type"
-		type = "string"
-		help = "digest type"
-		default = "sasl"
-	}
-	option = {
-		long = "kerberos-realm"
-		type = "string"
-		argument = "realm"
-		help = ""
-	}
-	option = {
-		long = "digest"
-		type = "string"
-		argument = "digest-type"
-		help = "digest type to use in the algorithm"
-	}
-	option = {
-		long = "cb-type"
-		type = "string"
-		argument = "type"
-		help = "type of channel bindings"
-	}
-	option = {
-		long = "cb-value"
-		type = "string"
-		argument = "value"
-		help = "value of channel bindings"
-	}
-	option = {
-		long = "hostname"
-		type = "string"
-		argument = "hostname"
-		help = "hostname of the server"
-	}
-	option = {
-		long = "realm"
-		type = "string"
-		help = "Kerberos realm to communicate with"
-	}
-	help = "Sets up a digest context and return initial parameters"
-}
-command = {
-	name = "digest-server-request"
-	option = {
-		long = "type"
-		type = "string"
-		help = "digest type"
-		default = "sasl"
-	}
-	option = {
-		long = "kerberos-realm"
-		type = "string"
-		argument = "realm"
-		help = ""
-	}
-	option = {
-		long = "username"
-		type = "string"
-		argument = "name"
-		help = "digest type"
-	}
-	option = {
-		long = "server-nonce"
-		type = "string"
-		argument = "nonce"
-		help = ""
-	}
-	option = {
-		long = "server-identifier"
-		type = "string"
-		argument = "nonce"
-		help = ""
-	}
-	option = {
-		long = "client-nonce"
-		type = "string"
-		argument = "nonce"
-		help = ""
-	}
-	option = {
-		long = "client-response"
-		type = "string"
-		argument = "response"
-		help = ""
-	}
-	option = {
-		long = "opaque"
-		type = "string"
-		argument = "string"
-		help = ""
-	}
-	option = {
-		long = "authentication-name"
-		type = "string"
-		argument = "name"
-		help = ""
-	}
-	option = {
-		long = "realm"
-		type = "string"
-		argument = "realm"
-		help = ""
-	}
-	option = {
-		long = "method"
-		type = "string"
-		argument = "method"
-		help = ""
-	}
-	option = {
-		long = "uri"
-		type = "string"
-		argument = "uri"
-		help = ""
-	}
-	option = {
-		long = "nounce-count"
-		type = "string"
-		argument = "count"
-		help = ""
-	}
-	option = {
-		long = "qop"
-		type = "string"
-		argument = "qop"
-		help = ""
-	}
-	option = {
-		long = "ccache"
-		type = "string"
-		argument = "ccache"
-		help = "Where the the credential cache is created when the KDC returns tickets"
-	}
-	help = "Completes digest negotiation and return final parameters"
-}
-command = {
-	name = "digest-client-request"
-	option = {
-		long = "type"
-		type = "string"
-		help = "digest type"
-		default = "sasl"
-	}
-	option = {
-		long = "username"
-		type = "string"
-		argument = "name"
-		help = "digest type"
-	}
-	option = {
-		long = "password"
-		type = "string"
-		argument = "password"
-	}
-	option = {
-		long = "server-nonce"
-		type = "string"
-		argument = "nonce"
-		help = ""
-	}
-	option = {
-		long = "server-identifier"
-		type = "string"
-		argument = "nonce"
-		help = ""
-	}
-	option = {
-		long = "client-nonce"
-		type = "string"
-		argument = "nonce"
-		help = ""
-	}
-	option = {
-		long = "opaque"
-		type = "string"
-		argument = "string"
-		help = ""
-	}
-	option = {
-		long = "realm"
-		type = "string"
-		argument = "realm"
-		help = ""
-	}
-	option = {
-		long = "method"
-		type = "string"
-		argument = "method"
-		help = ""
-	}
-	option = {
-		long = "uri"
-		type = "string"
-		argument = "uri"
-		help = ""
-	}
-	option = {
-		long = "nounce-count"
-		type = "string"
-		argument = "count"
-		help = ""
-	}
-	option = {
-		long = "qop"
-		type = "string"
-		argument = "qop"
-		help = ""
-	}
-	help = "Client part of a digest exchange"
-}
-command = {
-	name = "ntlm-server-init"
-	option = {
-		long = "version"
-		type = "integer"
-		help = "ntlm version"
-		default = "1"
-	}
-	option = {
-		long = "kerberos-realm"
-		type = "string"
-		help = "Kerberos realm to communicate with"
-	}
-	help = "Sets up a digest context and return initial parameters"
-}
-command = {
-	name = "help"
-	name = "?"
-	argument = "[command]"
-	min_args = "0"
-	max_args = "1"
-	help = "Help! I need somebody."
-}
diff --git a/crypto/heimdal/kuser/kdigest.c b/crypto/heimdal/kuser/kdigest.c
deleted file mode 100644
index 418aedb71441..000000000000
--- a/crypto/heimdal/kuser/kdigest.c
+++ /dev/null
@@ -1,551 +0,0 @@
-/*
- * Copyright (c) 2006 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kuser_locl.h"
-RCSID("$Id: kdigest.c 22158 2007-12-04 20:04:01Z lha $");
-#include <kdigest-commands.h>
-#include <hex.h>
-#include <base64.h>
-#include <heimntlm.h>
-#include "crypto-headers.h"
-
-static int version_flag = 0;
-static int help_flag	= 0;
-static char *ccache_string;
-static krb5_ccache id;
-
-static struct getargs args[] = {
-    {"ccache",	0,	arg_string,	&ccache_string, "credential cache", NULL },
-    {"version",	0,	arg_flag,	&version_flag, "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,  NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args, sizeof(args)/sizeof(*args),
-		    NULL, "");
-    exit (ret);
-}
-
-static krb5_context context;
-
-int
-digest_probe(struct digest_probe_options *opt,
-	     int argc, char ** argv)
-{
-    krb5_error_code ret;
-    krb5_realm realm;
-    unsigned flags;
-
-    realm = opt->realm_string;
-
-    if (realm == NULL)
-	errx(1, "realm missing");
-
-    ret = krb5_digest_probe(context, realm, id, &flags);
-    if (ret)
-	krb5_err(context, 1, ret, "digest_probe");
-
-    printf("flags: %u\n", flags);
-
-    return 0;
-}
-
-int
-digest_server_init(struct digest_server_init_options *opt,
-		   int argc, char ** argv)
-{
-    krb5_error_code ret;
-    krb5_digest digest;
-
-    ret = krb5_digest_alloc(context, &digest);
-    if (ret)
-	krb5_err(context, 1, ret, "digest_alloc");
-
-    ret = krb5_digest_set_type(context, digest, opt->type_string);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_digest_set_type");
-
-    if (opt->cb_type_string && opt->cb_value_string) {
-	ret = krb5_digest_set_server_cb(context, digest, 
-					opt->cb_type_string,
-					opt->cb_value_string);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_digest_set_server_cb");
-    }
-    ret = krb5_digest_init_request(context,
-				   digest,
-				   opt->kerberos_realm_string,
-				   id);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_digest_init_request");
-
-    printf("type=%s\n", opt->type_string);
-    printf("server-nonce=%s\n", 
-	   krb5_digest_get_server_nonce(context, digest));
-    {
-	const char *s = krb5_digest_get_identifier(context, digest);
-	if (s)
-	    printf("identifier=%s\n", s);
-    }
-    printf("opaque=%s\n", krb5_digest_get_opaque(context, digest));
-
-    return 0;
-}
-
-int
-digest_server_request(struct digest_server_request_options *opt, 
-		      int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_digest digest;
-    const char *status, *rsp;
-    krb5_data session_key;
-
-    if (opt->server_nonce_string == NULL)
-	errx(1, "server nonce missing");
-    if (opt->type_string == NULL)
-	errx(1, "type missing");
-    if (opt->opaque_string == NULL)
-	errx(1, "opaque missing");
-    if (opt->client_response_string == NULL)
-	errx(1, "client response missing");
-
-    ret = krb5_digest_alloc(context, &digest);
-    if (ret)
-	krb5_err(context, 1, ret, "digest_alloc");
-
-    if (strcasecmp(opt->type_string, "CHAP") == 0) {
-	if (opt->server_identifier_string == NULL)
-	    errx(1, "server identifier missing");
-
-	ret = krb5_digest_set_identifier(context, digest, 
-					 opt->server_identifier_string);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_digest_set_type");
-    }
-
-    ret = krb5_digest_set_type(context, digest, opt->type_string);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_digest_set_type");
-
-    ret = krb5_digest_set_username(context, digest, opt->username_string);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_digest_set_username");
-
-    ret = krb5_digest_set_server_nonce(context, digest, 
-				       opt->server_nonce_string);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_digest_set_server_nonce");
-
-    if(opt->client_nonce_string) {
-	ret = krb5_digest_set_client_nonce(context, digest, 
-					   opt->client_nonce_string);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_digest_set_client_nonce");
-    }
-
-
-    ret = krb5_digest_set_opaque(context, digest, opt->opaque_string);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_digest_set_opaque");
-
-    ret = krb5_digest_set_responseData(context, digest, 
-				       opt->client_response_string);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_digest_set_responseData");
-
-    ret = krb5_digest_request(context, digest,
-			      opt->kerberos_realm_string, id);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_digest_request");
-
-    status = krb5_digest_rep_get_status(context, digest) ? "ok" : "failed";
-    rsp = krb5_digest_get_rsp(context, digest);
-
-    printf("status=%s\n", status);
-    if (rsp)
-	printf("rsp=%s\n", rsp);
-    printf("tickets=no\n");
-
-    ret = krb5_digest_get_session_key(context, digest, &session_key);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_digest_get_session_key");
-
-    if (session_key.length) {
-	char *key;
-	hex_encode(session_key.data, session_key.length, &key);
-	if (key == NULL)
-	    krb5_errx(context, 1, "hex_encode");
-	krb5_data_free(&session_key);
-	printf("session-key=%s\n", key);
-	free(key);
-    }
-
-    return 0;
-}
-
-static void
-client_chap(const void *server_nonce, size_t snoncelen,
-	    unsigned char server_identifier,
-	    const char *password)
-{
-    MD5_CTX ctx;
-    unsigned char md[MD5_DIGEST_LENGTH];
-    char *h;
-
-    MD5_Init(&ctx);
-    MD5_Update(&ctx, &server_identifier, 1);
-    MD5_Update(&ctx, password, strlen(password));
-    MD5_Update(&ctx, server_nonce, snoncelen);
-    MD5_Final(md, &ctx);
-
-    hex_encode(md, 16, &h);
-
-    printf("responseData=%s\n", h);
-    free(h);
-}
-
-static const unsigned char ms_chap_v2_magic1[39] = {
-    0x4D, 0x61, 0x67, 0x69, 0x63, 0x20, 0x73, 0x65, 0x72, 0x76,
-    0x65, 0x72, 0x20, 0x74, 0x6F, 0x20, 0x63, 0x6C, 0x69, 0x65,
-    0x6E, 0x74, 0x20, 0x73, 0x69, 0x67, 0x6E, 0x69, 0x6E, 0x67,
-    0x20, 0x63, 0x6F, 0x6E, 0x73, 0x74, 0x61, 0x6E, 0x74
-};
-static const unsigned char ms_chap_v2_magic2[41] = {
-    0x50, 0x61, 0x64, 0x20, 0x74, 0x6F, 0x20, 0x6D, 0x61, 0x6B,
-    0x65, 0x20, 0x69, 0x74, 0x20, 0x64, 0x6F, 0x20, 0x6D, 0x6F,
-    0x72, 0x65, 0x20, 0x74, 0x68, 0x61, 0x6E, 0x20, 0x6F, 0x6E,
-    0x65, 0x20, 0x69, 0x74, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6F,
-    0x6E
-};
-static const unsigned char ms_rfc3079_magic1[27] = {
-    0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74,
-    0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d,
-    0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79
-};
-
-static void
-client_mschapv2(const void *server_nonce, size_t snoncelen,
-		const void *client_nonce, size_t cnoncelen,
-		const char *username,
-		const char *password)
-{
-    SHA_CTX ctx;
-    MD4_CTX hctx;
-    unsigned char md[SHA_DIGEST_LENGTH], challange[SHA_DIGEST_LENGTH];
-    unsigned char hmd[MD4_DIGEST_LENGTH];
-    struct ntlm_buf answer;
-    int i, len, ret;
-    char *h;
-
-    SHA1_Init(&ctx);
-    SHA1_Update(&ctx, client_nonce, cnoncelen);
-    SHA1_Update(&ctx, server_nonce, snoncelen);
-    SHA1_Update(&ctx, username, strlen(username));
-    SHA1_Final(md, &ctx);
-
-    MD4_Init(&hctx);
-    len = strlen(password);
-    for (i = 0; i < len; i++) {
-	MD4_Update(&hctx, &password[i], 1);
-	MD4_Update(&hctx, &password[len], 1);
-    }	
-    MD4_Final(hmd, &hctx);
-
-    /* ChallengeResponse */
-    ret = heim_ntlm_calculate_ntlm1(hmd, sizeof(hmd), md, &answer);
-    if (ret)
-	errx(1, "heim_ntlm_calculate_ntlm1");
-
-    hex_encode(answer.data, answer.length, &h);
-    printf("responseData=%s\n", h);
-    free(h);
-
-    /* PasswordHash */
-    MD4_Init(&hctx);
-    MD4_Update(&hctx, hmd, sizeof(hmd));
-    MD4_Final(hmd, &hctx);
-
-    /* GenerateAuthenticatorResponse */
-    SHA1_Init(&ctx);
-    SHA1_Update(&ctx, hmd, sizeof(hmd));
-    SHA1_Update(&ctx, answer.data, answer.length);
-    SHA1_Update(&ctx, ms_chap_v2_magic1, sizeof(ms_chap_v2_magic1));
-    SHA1_Final(md, &ctx);
-    
-    /* ChallengeHash */
-    SHA1_Init(&ctx);
-    SHA1_Update(&ctx, client_nonce, cnoncelen);
-    SHA1_Update(&ctx, server_nonce, snoncelen);
-    SHA1_Update(&ctx, username, strlen(username));
-    SHA1_Final(challange, &ctx);
-
-    SHA1_Init(&ctx);
-    SHA1_Update(&ctx, md, sizeof(md));
-    SHA1_Update(&ctx, challange, 8);
-    SHA1_Update(&ctx, ms_chap_v2_magic2, sizeof(ms_chap_v2_magic2));
-    SHA1_Final(md, &ctx);
-
-    hex_encode(md, sizeof(md), &h);
-    printf("AuthenticatorResponse=%s\n", h);
-    free(h);
-
-    /* get_master, rfc 3079 3.4 */
-    SHA1_Init(&ctx);
-    SHA1_Update(&ctx, hmd, sizeof(hmd));
-    SHA1_Update(&ctx, answer.data, answer.length);
-    SHA1_Update(&ctx, ms_rfc3079_magic1, sizeof(ms_rfc3079_magic1));
-    SHA1_Final(md, &ctx);
-
-    free(answer.data);
-
-    hex_encode(md, 16, &h);
-    printf("session-key=%s\n", h);
-    free(h);
-}
-
-
-int
-digest_client_request(struct digest_client_request_options *opt, 
-		      int argc, char **argv)
-{
-    char *server_nonce, *client_nonce = NULL, server_identifier;
-    ssize_t snoncelen, cnoncelen = 0;
-
-    if (opt->server_nonce_string == NULL)
-	errx(1, "server nonce missing");
-    if (opt->password_string == NULL)
-	errx(1, "password missing");
-
-    if (opt->opaque_string == NULL)
-	errx(1, "opaque missing");
-
-    snoncelen = strlen(opt->server_nonce_string);
-    server_nonce = malloc(snoncelen);
-    if (server_nonce == NULL)
-	errx(1, "server_nonce");
-
-    snoncelen = hex_decode(opt->server_nonce_string, server_nonce, snoncelen);
-    if (snoncelen <= 0) 
-	errx(1, "server nonce wrong");
-
-    if (opt->client_nonce_string) {
-	cnoncelen = strlen(opt->client_nonce_string);
-	client_nonce = malloc(cnoncelen);
-	if (client_nonce == NULL)
-	    errx(1, "client_nonce");
-	
-	cnoncelen = hex_decode(opt->client_nonce_string, 
-			       client_nonce, cnoncelen);
-	if (cnoncelen <= 0) 
-	    errx(1, "client nonce wrong");
-    }
-
-    if (opt->server_identifier_string) {
-	int ret;
-
-	ret = hex_decode(opt->server_identifier_string, &server_identifier, 1);
-	if (ret != 1)
-	    errx(1, "server identifier wrong length");
-    }
-
-    if (strcasecmp(opt->type_string, "CHAP") == 0) {
-	if (opt->server_identifier_string == NULL)
-	    errx(1, "server identifier missing");
-
-	client_chap(server_nonce, snoncelen, server_identifier, 
-		    opt->password_string);
-
-    } else if (strcasecmp(opt->type_string, "MS-CHAP-V2") == 0) {
-	if (opt->client_nonce_string == NULL)
-	    errx(1, "client nonce missing");
-	if (opt->username_string == NULL)
-	    errx(1, "client nonce missing");
-
-	client_mschapv2(server_nonce, snoncelen,
-			client_nonce, cnoncelen, 
-			opt->username_string,
-			opt->password_string);
-    }
-	
-
-    return 0;
-}
-
-#include <heimntlm.h>
-
-int
-ntlm_server_init(struct ntlm_server_init_options *opt,
-		 int argc, char ** argv)
-{
-    krb5_error_code ret;
-    krb5_ntlm ntlm;
-    struct ntlm_type2 type2;
-    krb5_data challange, opaque;
-    struct ntlm_buf data;
-    char *s;
-
-    memset(&type2, 0, sizeof(type2));
-
-    ret = krb5_ntlm_alloc(context, &ntlm);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_ntlm_alloc");
-
-    ret = krb5_ntlm_init_request(context, 
-				 ntlm,
-				 opt->kerberos_realm_string,
-				 id,
-				 NTLM_NEG_UNICODE|NTLM_NEG_NTLM,
-				 "NUTCRACKER",
-				 "L");
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_ntlm_init_request");
-
-    /*
-     *
-     */
-
-    ret = krb5_ntlm_init_get_challange(context, ntlm, &challange);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_ntlm_init_get_challange");
-
-    if (challange.length != sizeof(type2.challange))
-	krb5_errx(context, 1, "ntlm challange have wrong length");
-    memcpy(type2.challange, challange.data, sizeof(type2.challange));
-    krb5_data_free(&challange);
-
-    ret = krb5_ntlm_init_get_flags(context, ntlm, &type2.flags);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_ntlm_init_get_flags");
-
-    krb5_ntlm_init_get_targetname(context, ntlm, &type2.targetname);
-    type2.targetinfo.data = "\x00\x00";
-    type2.targetinfo.length = 2;
-	
-    ret = heim_ntlm_encode_type2(&type2, &data);
-    if (ret)
-	krb5_errx(context, 1, "heim_ntlm_encode_type2");
-
-    free(type2.targetname);
-	
-    /*
-     *
-     */
-
-    base64_encode(data.data, data.length, &s);
-    free(data.data);
-    printf("type2=%s\n", s);
-    free(s);
-
-    /*
-     *
-     */
-
-    ret = krb5_ntlm_init_get_opaque(context, ntlm, &opaque);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_ntlm_init_get_opaque");
-
-    base64_encode(opaque.data, opaque.length, &s);
-    krb5_data_free(&opaque);
-    printf("opaque=%s\n", s);
-    free(s);
-
-    /*
-     *
-     */
-
-    krb5_ntlm_free(context, ntlm);
-
-    return 0;
-}
-
-
-/*
- *
- */
-
-int
-help(void *opt, int argc, char **argv)
-{
-    sl_slc_help(commands, argc, argv);
-    return 0;
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_error_code ret;
-    int optidx = 0;
-
-    setprogname(argv[0]);
-
-    ret = krb5_init_context (&context);
-    if (ret == KRB5_CONFIG_BADFORMAT)
-	errx (1, "krb5_init_context failed to parse configuration file");
-    else if (ret)
-	errx(1, "krb5_init_context failed: %d", ret);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    if (argc == 0) {
-	help(NULL, argc, argv);
-	return 1;
-    }
-
-    if (ccache_string) {
-	ret = krb5_cc_resolve(context, ccache_string, &id);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_cc_resolve");
-    }
-
-    ret = sl_command (commands, argc, argv);
-    if (ret == -1) {
-	help(NULL, argc, argv);
-	return 1;
-    }
-    return ret;
-}
diff --git a/crypto/heimdal/kuser/kgetcred.1 b/crypto/heimdal/kuser/kgetcred.1
deleted file mode 100644
index 1949ff7e0bbb..000000000000
--- a/crypto/heimdal/kuser/kgetcred.1
+++ /dev/null
@@ -1,91 +0,0 @@
-.\" Copyright (c) 1999, 2001 - 2002 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: kgetcred.1 14090 2004-08-05 18:49:47Z lha $
-.\"
-.Dd March 12, 2004
-.Dt KGETCRED 1
-.Os HEIMDAL
-.Sh NAME
-.Nm kgetcred
-.Nd "get a ticket for a particular service"
-.Sh SYNOPSIS
-.Nm
-.Op Fl -canonicalize
-.Oo Fl c cache \*(Ba Xo
-.Fl -cache= Ns Ar cache
-.Xc
-.Oc
-.Oo Fl e Ar enctype \*(Ba Xo
-.Fl -enctype= Ns Ar enctype
-.Xc
-.Oc
-.Op Fl -no-transit-check
-.Op Fl -version
-.Op Fl -help
-.Ar service
-.Sh DESCRIPTION
-.Nm
-obtains a ticket for a service.
-Usually tickets for services are obtained automatically when needed
-but sometimes for some odd reason you want to obtain a particular
-ticket or of a special type.
-.Pp
-Supported options:
-.Bl -tag -width Ds
-.It Xo
-.Fl -canonicalize
-.Xc
-requests that the KDC canonicalize the principal.
-.It Xo
-.Fl c Ar cache ,
-.Fl -cache= Ns Ar cache
-.Xc
-the credential cache to use.
-.It Xo
-.Fl e Ar enctype ,
-.Fl -enctype= Ns Ar enctype
-.Xc
-encryption type to use.
-.It Xo
-.Fl -no-transit-check
-.Xc
-requests that the KDC doesn't do trasnit checking.
-.It Xo
-.Fl -version
-.Xc
-.It Xo
-.Fl -help
-.Xc
-.El
-.Sh SEE ALSO
-.Xr kinit 1 ,
-.Xr klist 1
diff --git a/crypto/heimdal/kuser/kgetcred.c b/crypto/heimdal/kuser/kgetcred.c
deleted file mode 100644
index a842e002da54..000000000000
--- a/crypto/heimdal/kuser/kgetcred.c
+++ /dev/null
@@ -1,228 +0,0 @@
-/*
- * Copyright (c) 1997 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kuser_locl.h"
-
-RCSID("$Id: kgetcred.c 22276 2007-12-12 02:42:31Z lha $");
-
-static char *cache_str;
-static char *out_cache_str;
-static char *delegation_cred_str;
-static char *etype_str;
-static int transit_flag = 1;
-static int forwardable_flag;
-static char *impersonate_str;
-static char *nametype_str;
-static int version_flag;
-static int help_flag;
-
-struct getargs args[] = {
-    { "cache",		'c', arg_string, &cache_str,
-      "credential cache to use", "cache"},
-    { "out-cache",	0,   arg_string, &out_cache_str,
-      "credential cache to store credential in", "cache"},
-    { "delegation-credential-cache",0,arg_string, &delegation_cred_str,
-      "where to find the ticket use for delegation", "cache"},
-    { "forwardable",	0, arg_flag, &forwardable_flag,
-      "forwardable ticket requested"},
-    { "transit-check",	0,   arg_negative_flag, &transit_flag },
-    { "enctype",	'e', arg_string, &etype_str,
-      "encryption type to use", "enctype"},
-    { "impersonate",	0,   arg_string, &impersonate_str,
-      "client to impersonate", "principal"},
-    { "name-type",		0,   arg_string, &nametype_str },
-    { "version", 	0,   arg_flag, &version_flag },
-    { "help",		0,   arg_flag, &help_flag }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "service");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_context context;
-    krb5_ccache cache;
-    krb5_creds *out;
-    int optidx = 0;
-    krb5_get_creds_opt opt;
-    krb5_principal server;
-    krb5_principal impersonate = NULL;
-
-    setprogname (argv[0]);
-
-    ret = krb5_init_context (&context);
-    if (ret)
-	errx(1, "krb5_init_context failed: %d", ret);
-  
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    if (argc != 1)
-	usage (1);
-
-    if(cache_str) {
-	ret = krb5_cc_resolve(context, cache_str, &cache);
-	if (ret)
-	    krb5_err (context, 1, ret, "%s", cache_str);
-    } else {
-	ret = krb5_cc_default (context, &cache);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_cc_resolve");
-    }
-
-    ret = krb5_get_creds_opt_alloc(context, &opt);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_get_creds_opt_alloc");
-
-    if (etype_str) {
-	krb5_enctype enctype;
-
-	ret = krb5_string_to_enctype(context, etype_str, &enctype);
-	if (ret)
-	    krb5_errx (context, 1, "unrecognized enctype: %s", etype_str);
-	krb5_get_creds_opt_set_enctype(context, opt, enctype);
-    }
-
-    if (impersonate_str) {
-	ret = krb5_parse_name(context, impersonate_str, &impersonate);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_parse_name %s", impersonate_str);
-	krb5_get_creds_opt_set_impersonate(context, opt, impersonate);
-	krb5_get_creds_opt_add_options(context, opt, KRB5_GC_NO_STORE);
-    }
-
-    if (out_cache_str)
-	krb5_get_creds_opt_add_options(context, opt, KRB5_GC_NO_STORE);
-
-    if (forwardable_flag)
-	krb5_get_creds_opt_add_options(context, opt, KRB5_GC_FORWARDABLE);
-    if (!transit_flag)
-	krb5_get_creds_opt_add_options(context, opt, KRB5_GC_NO_TRANSIT_CHECK);
-
-    if (delegation_cred_str) {
-	krb5_ccache id;
-	krb5_creds c, mc;
-	Ticket ticket;
-
-	krb5_cc_clear_mcred(&mc);
-	ret = krb5_cc_get_principal(context, cache, &mc.server);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_cc_get_principal");
-
-	ret = krb5_cc_resolve(context, delegation_cred_str, &id);
-	if(ret)
-	    krb5_err (context, 1, ret, "krb5_cc_resolve");
-
-	ret = krb5_cc_retrieve_cred(context, id, 0, &mc, &c);
-	if(ret)
-	    krb5_err (context, 1, ret, "krb5_cc_retrieve_cred");
-
-	ret = decode_Ticket(c.ticket.data, c.ticket.length, &ticket, NULL);
-	if (ret) {
-	    krb5_clear_error_string(context);
-	    krb5_err (context, 1, ret, "decode_Ticket");
-	}
-	krb5_free_cred_contents(context, &c);
-
-	ret = krb5_get_creds_opt_set_ticket(context, opt, &ticket);
-	if(ret)
-	    krb5_err (context, 1, ret, "krb5_get_creds_opt_set_ticket");
-	free_Ticket(&ticket);
-
-	krb5_cc_close (context, id);
-	krb5_free_principal(context, mc.server);
-
-	krb5_get_creds_opt_add_options(context, opt, 
-				       KRB5_GC_CONSTRAINED_DELEGATION);
-    }
-
-    ret = krb5_parse_name(context, argv[0], &server);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_parse_name %s", argv[0]);
-
-    if (nametype_str) {
-	ret = krb5_parse_nametype(context, nametype_str,
-				  &server->name.name_type);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_parse_nametype");
-    }
-
-    ret = krb5_get_creds(context, opt, cache, server, &out);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_get_creds");
-
-    if (out_cache_str) {
-	krb5_ccache id;
-
-	ret = krb5_cc_resolve(context, out_cache_str, &id);
-	if(ret)
-	    krb5_err (context, 1, ret, "krb5_cc_resolve");
-
-	ret = krb5_cc_initialize(context, id, out->client);
-	if(ret)
-	    krb5_err (context, 1, ret, "krb5_cc_initialize");
-
-	ret = krb5_cc_store_cred(context, id, out);
-	if(ret)
-	    krb5_err (context, 1, ret, "krb5_cc_store_cred");
-	krb5_cc_close (context, id);
-    }
-
-    krb5_free_creds(context, out);
-    krb5_free_principal(context, server);
-    krb5_get_creds_opt_free(context, opt);
-    krb5_cc_close (context, cache);
-    krb5_free_context (context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/kuser/kimpersonate.1 b/crypto/heimdal/kuser/kimpersonate.1
deleted file mode 100644
index b9cd8d61488f..000000000000
--- a/crypto/heimdal/kuser/kimpersonate.1
+++ /dev/null
@@ -1,152 +0,0 @@
-.\" Copyright (c) 2002 - 2007 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: kimpersonate.1 20259 2007-02-17 23:49:54Z lha $
-.\"
-.Dd September 18, 2006
-.Dt KERBEROS 1
-.Os Heimdal
-.Sh NAME
-.Nm kimpersonate
-.Nd
-impersonate a user when there exist a srvtab, keyfile or KeyFile
-.Sh SYNOPSIS
-.Nm
-.Oo Fl s Ar string \*(Ba Xo
-.Fl -server= Ns Ar string Oc
-.Xc
-.Oo Fl c Ar string \*(Ba Xo
-.Fl -client= Ns Ar string Oc
-.Xc
-.Oo Fl k Ar string \*(Ba Xo
-.Fl -keytab= Ns Ar string Oc
-.Xc
-.Op Fl 5 | Fl -krb5
-.Oo Fl e Ar integer \*(Ba Xo
-.Fl -expire-time= Ns Ar integer Oc
-.Xc
-.Oo Fl a Ar string \*(Ba Xo
-.Fl -client-address= Ns Ar string Oc
-.Xc
-.Oo Fl t Ar string \*(Ba Xo
-.Fl -enc-type= Ns Ar string Oc
-.Xc
-.Oo Fl f Ar string \*(Ba Xo
-.Fl -ticket-flags= Ns Ar string Oc
-.Xc
-.Op Fl -verbose
-.Op Fl -version
-.Op Fl -help
-.Sh DESCRIPTION
-The
-.Nm
-program creates a "fake" ticket using the service-key of the service.
-The service key can be read from a Kerberos 5 keytab, AFS KeyFile or
-(if compiled with support for Kerberos 4) a Kerberos 4 srvtab.
-Supported options:
-.Bl -tag -width Ds
-.It Xo
-.Fl s Ar string Ns ,
-.Fl -server= Ns Ar string
-.Xc
-name of server principal
-.It Xo
-.Fl c Ar string Ns ,
-.Fl -client= Ns Ar string
-.Xc
-name of client principal
-.It Xo
-.Fl k Ar string Ns ,
-.Fl -keytab= Ns Ar string
-.Xc
-name of keytab file
-.It Xo
-.Fl 5 Ns ,
-.Fl -krb5
-.Xc
-create a Kerberos 5 ticket
-.It Xo
-.Fl e Ar integer Ns ,
-.Fl -expire-time= Ns Ar integer
-.Xc
-lifetime of ticket in seconds
-.It Xo
-.Fl a Ar string Ns ,
-.Fl -client-address= Ns Ar string
-.Xc
-address of client
-.It Xo
-.Fl t Ar string Ns ,
-.Fl -enc-type= Ns Ar string
-.Xc
-encryption type
-.It Xo
-.Fl f Ar string Ns ,
-.Fl -ticket-flags= Ns Ar string
-.Xc
-ticket flags for krb5 ticket
-.It Xo
-.Fl -verbose
-.Xc
-Verbose output
-.It Xo
-.Fl -version
-.Xc
-Print version
-.It Xo
-.Fl -help
-.Xc
-.El
-.Sh FILES
-Uses
-.Pa /etc/krb5.keytab,
-.Pa /etc/srvtab
-and
-.Pa /usr/afs/etc/KeyFile
-when avalible and the the
-.Fl k
-is used with appropriate prefix.
-.Sh EXAMPLES
-.Nm
-can be used in
-.Nm samba
-root preexec option
-or for debugging.
-.Nm
--s host/hummel.e.kth.se@E.KTH.SE -c lha@E.KTH.SE -5
-will create a Kerberos 5 ticket for lha@E.KTH.SE for the host
-hummel.e.kth.se if there exists a keytab entry for it in
-.Pa /etc/krb5.keytab .
-.Sh SEE ALSO
-.Xr kinit 1 ,
-.Xr klist 1
-.Sh AUTHORS
-Love Hornquist Astrand <lha@kth.se>
diff --git a/crypto/heimdal/kuser/kimpersonate.c b/crypto/heimdal/kuser/kimpersonate.c
deleted file mode 100644
index 9ef99aff9f11..000000000000
--- a/crypto/heimdal/kuser/kimpersonate.c
+++ /dev/null
@@ -1,330 +0,0 @@
-/*
- * Copyright (c) 2000 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kuser_locl.h"
-RCSID("$Id: kimpersonate.c 22117 2007-12-03 21:24:16Z lha $");
-#include <parse_units.h>
-
-static char *client_principal_str = NULL;
-static krb5_principal client_principal;
-static char *server_principal_str = NULL;
-static krb5_principal server_principal;
-
-static char *ccache_str = NULL;
-
-static char *ticket_flags_str = NULL;
-static TicketFlags ticket_flags;
-static char *keytab_file = NULL;
-static char *enc_type = "des-cbc-md5";
-static int   expiration_time = 3600;
-static struct getarg_strings client_addresses;
-static int   version_flag = 0;
-static int   help_flag = 0;
-static int   use_krb5 = 1;
-
-/*
- *
- */
-
-static void
-encode_ticket (krb5_context context, 
-	       EncryptionKey *skey,
-	       krb5_enctype etype,
-	       int skvno,
-	       krb5_creds *cred)
-{
-    size_t len, size;
-    char *buf;
-    krb5_error_code ret;
-    krb5_crypto crypto;
-    EncryptedData enc_part;
-    EncTicketPart et;    
-    Ticket ticket;
-
-    memset (&enc_part, 0, sizeof(enc_part));
-    memset (&ticket, 0, sizeof(ticket));
-    
-    /*
-     * Set up `enc_part'
-     */
-
-    et.flags = cred->flags.b;
-    et.key = cred->session;
-    et.crealm = *krb5_princ_realm (context, cred->client);
-    copy_PrincipalName(&cred->client->name, &et.cname);
-    {
-	krb5_data empty_string;
-	
-	krb5_data_zero(&empty_string); 
-	et.transited.tr_type = DOMAIN_X500_COMPRESS;
-	et.transited.contents = empty_string;
-    }
-    et.authtime = cred->times.authtime;
-    et.starttime = NULL;
-    et.endtime = cred->times.endtime;
-    et.renew_till = NULL;
-    et.caddr = &cred->addresses;
-    et.authorization_data = NULL; /* XXX allow random authorization_data */
-
-    /*
-     * Encrypt `enc_part' of ticket with service key
-     */
-
-    ASN1_MALLOC_ENCODE(EncTicketPart, buf, len, &et, &size, ret);
-    if (ret)
-	krb5_err(context, 1, ret, "EncTicketPart");
-
-    krb5_crypto_init(context, skey, etype, &crypto);
-    krb5_encrypt_EncryptedData (context, 
-				crypto,
-				KRB5_KU_TICKET,
-				buf,
-				len,
-				skvno,
-				&ticket.enc_part);
-    free(buf);
-    krb5_crypto_destroy(context, crypto);
-
-    /*
-     * Encode ticket
-     */
-
-    ticket.tkt_vno = 5;
-    ticket.realm = *krb5_princ_realm (context, cred->server);
-    copy_PrincipalName(&cred->server->name, &ticket.sname);
-    
-    ASN1_MALLOC_ENCODE(Ticket, buf, len, &ticket, &size, ret);
-    if(ret)
-	krb5_err (context, 1, ret, "encode_Ticket");
-
-    krb5_data_copy(&cred->ticket, buf, len);
-}
-
-/*
- *
- */
-
-static int
-create_krb5_tickets (krb5_context context, krb5_keytab kt)
-{
-    krb5_error_code ret;
-    krb5_keytab_entry entry;
-    krb5_creds cred;
-    krb5_enctype etype;
-    krb5_ccache ccache;
-    
-    memset (&cred, 0, sizeof(cred));
-    
-    ret = krb5_string_to_enctype (context, enc_type, &etype);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_string_to_enctype");
-    ret = krb5_kt_get_entry (context, kt, server_principal, 
-			     0, etype, &entry);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_kt_get_entry");
-
-    /*
-     * setup cred
-     */
-
-
-    ret = krb5_copy_principal (context, client_principal, &cred.client);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_copy_principal");
-    ret = krb5_copy_principal (context, server_principal, &cred.server);
-    if (ret) 
-	krb5_err (context, 1, ret, "krb5_copy_principal");
-    krb5_generate_random_keyblock(context, etype, &cred.session);    
-
-    cred.times.authtime = time(NULL);
-    cred.times.starttime = time(NULL);
-    cred.times.endtime = time(NULL) + expiration_time;
-    cred.times.renew_till = 0;
-    krb5_data_zero(&cred.second_ticket); 
-
-    ret = krb5_get_all_client_addrs (context, &cred.addresses);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_get_all_client_addrs");
-    cred.flags.b = ticket_flags;
-    
-    
-    /*
-     * Encode encrypted part of ticket
-     */
-
-    encode_ticket (context, &entry.keyblock, etype, entry.vno, &cred);    
-
-    /*
-     * Write to cc
-     */
-
-    if (ccache_str) {
-	ret = krb5_cc_resolve(context, ccache_str, &ccache);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_cc_resolve");
-    } else {
-	ret = krb5_cc_default (context, &ccache);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_cc_default");
-    }
-
-    ret = krb5_cc_initialize (context, ccache, cred.client);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_cc_initialize");
-    
-    ret = krb5_cc_store_cred (context, ccache, &cred);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_cc_store_cred");
-
-    krb5_free_cred_contents (context, &cred);
-    krb5_cc_close (context, ccache);
-    
-    return 0;
-}
-
-/*
- *
- */
-
-static void
-setup_env (krb5_context context, krb5_keytab *kt)
-{
-    krb5_error_code ret;
-
-    if (keytab_file)
-	ret = krb5_kt_resolve (context, keytab_file, kt);
-    else
-	ret = krb5_kt_default (context, kt);
-    if (ret)
-	krb5_err (context, 1, ret, "resolving keytab");
-
-    if (client_principal_str == NULL)
-	krb5_errx (context, 1, "missing client principal");
-    ret = krb5_parse_name (context, client_principal_str, &client_principal);
-    if (ret)
-	krb5_err (context, 1, ret, "resolvning client name");
-
-    if (server_principal_str == NULL)
-	krb5_errx (context, 1, "missing server principal");
-    ret = krb5_parse_name (context, server_principal_str, &server_principal);
-    if (ret)
-	krb5_err (context, 1, ret, "resolvning client name");
-
-    if (ticket_flags_str) {
-	int ticket_flags_int;
-
-	ticket_flags_int = parse_flags(ticket_flags_str, 
-				       asn1_TicketFlags_units(), 0);
-	if (ticket_flags_int <= 0) {
-	    krb5_warnx (context, "bad ticket flags: `%s'", ticket_flags_str);
-	    print_flags_table (asn1_TicketFlags_units(), stderr);
-	    exit (1);
-	}
-	if (ticket_flags_int)
-	    ticket_flags = int2TicketFlags (ticket_flags_int);
-    }
-}
-
-/*
- *
- */
-
-struct getargs args[] = {
-    { "ccache", 0, arg_string, &ccache_str,
-      "name of kerberos 5 credential cache", "cache-name"},
-    { "server", 's', arg_string, &server_principal_str, 
-      "name of server principal" },
-    { "client", 'c', arg_string, &client_principal_str, 
-      "name of client principal" },
-    { "keytab", 'k', arg_string, &keytab_file,
-      "name of keytab file" },
-    { "krb5", '5', arg_flag,	 &use_krb5,
-      "create a kerberos 5 ticket"},
-    { "expire-time", 'e', arg_integer, &expiration_time,
-      "lifetime of ticket in seconds" },
-    { "client-addresses", 'a', arg_strings, &client_addresses,
-      "addresses of client" },
-    { "enc-type", 't', arg_string, 	&enc_type,
-      "encryption type" },
-    { "ticket-flags", 'f', arg_string,   &ticket_flags_str,
-      "ticket flags for krb5 ticket" },
-    { "version", 0,  arg_flag,		&version_flag,	"Print version",
-      NULL },
-    { "help",	 0,  arg_flag,		&help_flag,	NULL,
-      NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args) / sizeof(args[0]),
-		    NULL,
-		    "");
-    exit (ret);
-}
-
-int
-main (int argc, char **argv)
-{
-    int optind = 0;
-    krb5_error_code ret;
-    krb5_context context;
-    krb5_keytab kt;
-
-    setprogname (argv[0]);
-
-    ret = krb5_init_context (&context);
-    if (ret)
-	errx(1, "krb5_init_context failed: %u", ret);
-
-    if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
-		&optind))
-	usage (1);
-
-    if (help_flag)
-	usage (0);
-
-    if (version_flag) {
-	print_version(NULL);
-	return 0;
-    }
-
-    setup_env (context, &kt);
-
-    if (use_krb5)
-	create_krb5_tickets (context, kt);
-
-    krb5_kt_close (context, kt);
-    return 0;
-}
diff --git a/crypto/heimdal/kuser/kinit.1 b/crypto/heimdal/kuser/kinit.1
deleted file mode 100644
index 01fac262a685..000000000000
--- a/crypto/heimdal/kuser/kinit.1
+++ /dev/null
@@ -1,291 +0,0 @@
-.\" Copyright (c) 1998 - 2003, 2006 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: kinit.1 17822 2006-07-10 14:46:58Z lha $
-.\"
-.Dd April 25, 2006
-.Dt KINIT 1
-.Os HEIMDAL
-.Sh NAME
-.Nm kinit
-.Nm kauth
-.Nd acquire initial tickets
-.Sh SYNOPSIS
-.Nm kinit
-.Op Fl 4 | Fl -524init
-.Op Fl 9 | Fl -524convert
-.Op Fl -afslog
-.Oo Fl c Ar cachename \*(Ba Xo
-.Fl -cache= Ns Ar cachename
-.Xc
-.Oc
-.Op Fl f | Fl -forwardable
-.Oo Fl t Ar keytabname \*(Ba Xo
-.Fl -keytab= Ns Ar keytabname
-.Xc
-.Oc
-.Oo Fl l Ar time \*(Ba Xo
-.Fl -lifetime= Ns Ar time
-.Xc
-.Oc
-.Op Fl p | Fl -proxiable
-.Op Fl R | Fl -renew
-.Op Fl -renewable
-.Oo Fl r Ar time \*(Ba Xo
-.Fl -renewable-life= Ns Ar time
-.Xc
-.Oc
-.Oo Fl S Ar principal \*(Ba Xo
-.Fl -server= Ns Ar principal
-.Xc
-.Oc
-.Oo Fl s Ar time \*(Ba Xo
-.Fl -start-time= Ns Ar time
-.Xc
-.Oc
-.Op Fl k | Fl -use-keytab
-.Op Fl v | Fl -validate
-.Oo Fl e Ar enctypes \*(Ba Xo
-.Fl -enctypes= Ns Ar enctypes
-.Xc
-.Oc
-.Oo Fl a Ar addresses \*(Ba Xo
-.Fl -extra-addresses= Ns Ar addresses
-.Xc
-.Oc
-.Op Fl -password-file= Ns Ar filename
-.Op Fl -fcache-version= Ns Ar version-number
-.Op Fl A | Fl -no-addresses
-.Op Fl -anonymous
-.Op Fl -version
-.Op Fl -help
-.Op Ar principal Op Ar command
-.Sh DESCRIPTION
-.Nm
-is used to authenticate to the Kerberos server as
-.Ar principal ,
-or if none is given, a system generated default (typically your login
-name at the default realm), and acquire a ticket granting ticket that
-can later be used to obtain tickets for other services.
-.Pp
-If you have compiled
-.Nm kinit
-with Kerberos 4 support and you have a
-Kerberos 4 server,
-.Nm
-will detect this and get you Kerberos 4 tickets.
-.Pp
-Supported options:
-.Bl -tag -width Ds
-.It Xo
-.Fl c Ar cachename
-.Fl -cache= Ns Ar cachename
-.Xc
-The credentials cache to put the acquired ticket in, if other than
-default.
-.It Xo
-.Fl f ,
-.Fl -forwardable
-.Xc
-Get ticket that can be forwarded to another host.
-.It Xo
-.Fl t Ar keytabname ,
-.Fl -keytab= Ns Ar keytabname
-.Xc
-Don't ask for a password, but instead get the key from the specified
-keytab.
-.It Xo
-.Fl l Ar time ,
-.Fl -lifetime= Ns Ar time
-.Xc
-Specifies the lifetime of the ticket.
-The argument can either be in seconds, or a more human readable string
-like
-.Sq 1h .
-.It Xo
-.Fl p ,
-.Fl -proxiable
-.Xc
-Request tickets with the proxiable flag set.
-.It Xo
-.Fl R ,
-.Fl -renew
-.Xc
-Try to renew ticket.
-The ticket must have the
-.Sq renewable
-flag set, and must not be expired.
-.It Fl -renewable
-The same as
-.Fl -renewable-life ,
-with an infinite time.
-.It Xo
-.Fl r Ar time ,
-.Fl -renewable-life= Ns Ar time
-.Xc
-The max renewable ticket life.
-.It Xo
-.Fl S Ar principal ,
-.Fl -server= Ns Ar principal
-.Xc
-Get a ticket for a service other than krbtgt/LOCAL.REALM.
-.It Xo
-.Fl s Ar time ,
-.Fl -start-time= Ns Ar time
-.Xc
-Obtain a ticket that starts to be valid
-.Ar time
-(which can really be a generic time specification, like
-.Sq 1h )
-seconds into the future.
-.It Xo
-.Fl k ,
-.Fl -use-keytab
-.Xc
-The same as
-.Fl -keytab ,
-but with the default keytab name (normally
-.Ar FILE:/etc/krb5.keytab ) .
-.It Xo
-.Fl v ,
-.Fl -validate
-.Xc
-Try to validate an invalid ticket.
-.It Xo
-.Fl e ,
-.Fl -enctypes= Ns Ar enctypes
-.Xc
-Request tickets with this particular enctype.
-.It Xo
-.Fl -password-file= Ns Ar filename
-.Xc
-read the password from the first line of
-.Ar filename .
-If the
-.Ar filename
-is
-.Ar STDIN ,
-the password will be read from the standard input.
-.It Xo
-.Fl -fcache-version= Ns Ar version-number
-.Xc
-Create a credentials cache of version
-.Ar version-number .
-.It Xo
-.Fl a ,
-.Fl -extra-addresses= Ns Ar enctypes
-.Xc
-Adds a set of addresses that will, in addition to the systems local
-addresses, be put in the ticket.
-This can be useful if all addresses a client can use can't be
-automatically figured out.
-One such example is if the client is behind a firewall.
-Also settable via
-.Li libdefaults/extra_addresses
-in
-.Xr krb5.conf 5 .
-.It Xo
-.Fl A ,
-.Fl -no-addresses
-.Xc
-Request a ticket with no addresses.
-.It Xo
-.Fl -anonymous
-.Xc
-Request an anonymous ticket (which means that the ticket will be
-issued to an anonymous principal, typically
-.Dq anonymous@REALM ) .
-.El
-.Pp
-The following options are only available if
-.Nm
-has been compiled with support for Kerberos 4.
-.Bl -tag -width Ds
-.It Xo
-.Fl 4 ,
-.Fl -524init
-.Xc
-Try to convert the obtained Kerberos 5 krbtgt to a version 4
-compatible ticket.
-It will store this ticket in the default Kerberos 4 ticket file.
-.It Xo
-.Fl 9 ,
-.Fl -524convert
-.Xc
-only convert ticket to version 4
-.It Fl -afslog
-Gets AFS tickets, converts them to version 4 format, and stores them
-in the kernel.
-Only useful if you have AFS.
-.El
-.Pp
-The
-.Ar forwardable ,
-.Ar proxiable ,
-.Ar ticket_life ,
-and
-.Ar renewable_life
-options can be set to a default value from the
-.Dv appdefaults
-section in krb5.conf, see
-.Xr krb5_appdefault 3 .
-.Pp
-If  a
-.Ar command
-is given,
-.Nm kinit
-will set up new credentials caches, and AFS PAG, and then run the given
-command.
-When it finishes the credentials will be removed.
-.Sh ENVIRONMENT
-.Bl -tag -width Ds
-.It Ev KRB5CCNAME
-Specifies the default credentials cache.
-.It Ev KRB5_CONFIG
-The file name of
-.Pa krb5.conf ,
-the default being
-.Pa /etc/krb5.conf .
-.It Ev KRBTKFILE
-Specifies the Kerberos 4 ticket file to store version 4 tickets in.
-.El
-.\".Sh FILES
-.\".Sh EXAMPLES
-.\".Sh DIAGNOSTICS
-.Sh SEE ALSO
-.Xr kdestroy 1 ,
-.Xr klist 1 ,
-.Xr krb5_appdefault 3 ,
-.Xr krb5.conf 5
-.\".Sh STANDARDS
-.\".Sh HISTORY
-.\".Sh AUTHORS
-.\".Sh BUGS
diff --git a/crypto/heimdal/kuser/kinit.c b/crypto/heimdal/kuser/kinit.c
deleted file mode 100644
index 267630985908..000000000000
--- a/crypto/heimdal/kuser/kinit.c
+++ /dev/null
@@ -1,852 +0,0 @@
-/*
- * Copyright (c) 1997-2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kuser_locl.h"
-RCSID("$Id: kinit.c 22116 2007-12-03 21:22:58Z lha $");
-
-#include "krb5-v4compat.h"
-
-#include "heimntlm.h"
-
-int forwardable_flag	= -1;
-int proxiable_flag	= -1;
-int renewable_flag	= -1;
-int renew_flag		= 0;
-int pac_flag		= -1;
-int validate_flag	= 0;
-int version_flag	= 0;
-int help_flag		= 0;
-int addrs_flag		= -1;
-struct getarg_strings extra_addresses;
-int anonymous_flag	= 0;
-char *lifetime 		= NULL;
-char *renew_life	= NULL;
-char *server_str	= NULL;
-char *cred_cache	= NULL;
-char *start_str		= NULL;
-struct getarg_strings etype_str;
-int use_keytab		= 0;
-char *keytab_str	= NULL;
-int do_afslog		= -1;
-int get_v4_tgt		= -1;
-int convert_524		= 0;
-int fcache_version;
-char *password_file	= NULL;
-char *pk_user_id	= NULL;
-char *pk_x509_anchors	= NULL;
-int pk_use_enckey	= 0;
-static int canonicalize_flag = 0;
-static char *ntlm_domain;
-
-static char *krb4_cc_name;
-
-static struct getargs args[] = {
-    /* 
-     * used by MIT
-     * a: ~A
-     * V: verbose
-     * F: ~f
-     * P: ~p
-     * C: v4 cache name?
-     * 5: 
-     */
-    { "524init", 	'4', arg_flag, &get_v4_tgt,
-      "obtain version 4 TGT" },
-
-    { "524convert", 	'9', arg_flag, &convert_524,
-      "only convert ticket to version 4" },
-
-    { "afslog", 	0  , arg_flag, &do_afslog,
-      "obtain afs tokens"  },
-
-    { "cache", 		'c', arg_string, &cred_cache,
-      "credentials cache", "cachename" },
-
-    { "forwardable",	'f', arg_flag, &forwardable_flag,
-      "get forwardable tickets"},
-
-    { "keytab",         't', arg_string, &keytab_str,
-      "keytab to use", "keytabname" },
-
-    { "lifetime",	'l', arg_string, &lifetime,
-      "lifetime of tickets", "time"},
-
-    { "proxiable",	'p', arg_flag, &proxiable_flag,
-      "get proxiable tickets" },
-
-    { "renew",          'R', arg_flag, &renew_flag,
-      "renew TGT" },
-
-    { "renewable",	0,   arg_flag, &renewable_flag,
-      "get renewable tickets" },
-
-    { "renewable-life",	'r', arg_string, &renew_life,
-      "renewable lifetime of tickets", "time" },
-
-    { "server", 	'S', arg_string, &server_str,
-      "server to get ticket for", "principal" },
-
-    { "start-time",	's', arg_string, &start_str,
-      "when ticket gets valid", "time" },
-
-    { "use-keytab",     'k', arg_flag, &use_keytab,
-      "get key from keytab" },
-
-    { "validate",	'v', arg_flag, &validate_flag,
-      "validate TGT" },
-
-    { "enctypes",	'e', arg_strings, &etype_str,
-      "encryption types to use", "enctypes" },
-
-    { "fcache-version", 0,   arg_integer, &fcache_version,
-      "file cache version to create" },
-
-    { "addresses",	'A',   arg_negative_flag,	&addrs_flag,
-      "request a ticket with no addresses" },
-
-    { "extra-addresses",'a', arg_strings,	&extra_addresses,
-      "include these extra addresses", "addresses" },
-
-    { "anonymous",	0,   arg_flag,	&anonymous_flag,
-      "request an anonymous ticket" },
-
-    { "request-pac",	0,   arg_flag,	&pac_flag,
-      "request a Windows PAC" },
-
-    { "password-file",	0,   arg_string, &password_file,
-      "read the password from a file" },
-
-    { "canonicalize",0,   arg_flag, &canonicalize_flag,
-      "canonicalize client principal" },
-#ifdef PKINIT
-    { "pk-user",	'C',	arg_string,	&pk_user_id,
-      "principal's public/private/certificate identifier", "id" },
-
-    { "x509-anchors",	'D',  arg_string, &pk_x509_anchors,
-      "directory with CA certificates", "directory" },
-
-    { "pk-use-enckey",	0,  arg_flag, &pk_use_enckey,
-      "Use RSA encrypted reply (instead of DH)" },
-#endif
-    { "ntlm-domain",	0,  arg_string, &ntlm_domain,
-      "NTLM domain", "domain" },
-
-    { "version", 	0,   arg_flag, &version_flag },
-    { "help",		0,   arg_flag, &help_flag }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "[principal [command]]");
-    exit (ret);
-}
-
-static krb5_error_code
-get_server(krb5_context context,
-	   krb5_principal client,
-	   const char *server,
-	   krb5_principal *princ)
-{
-    krb5_realm *client_realm;
-    if(server)
-	return krb5_parse_name(context, server, princ);
-
-    client_realm = krb5_princ_realm (context, client);
-    return krb5_make_principal(context, princ, *client_realm,
-			       KRB5_TGS_NAME, *client_realm, NULL);
-}
-
-static krb5_error_code
-do_524init(krb5_context context, krb5_ccache ccache, 
-	   krb5_creds *creds, const char *server)
-{
-    krb5_error_code ret;
-
-    struct credentials c;
-    krb5_creds in_creds, *real_creds;
-
-    if(creds != NULL)
-	real_creds = creds;
-    else {
-	krb5_principal client;
-	krb5_cc_get_principal(context, ccache, &client);
-	memset(&in_creds, 0, sizeof(in_creds));
-	ret = get_server(context, client, server, &in_creds.server);
-	if(ret) {
-	    krb5_free_principal(context, client);
-	    return ret;
-	}
-	in_creds.client = client;
-	ret = krb5_get_credentials(context, 0, ccache, &in_creds, &real_creds);
-	krb5_free_principal(context, client);
-	krb5_free_principal(context, in_creds.server);
-	if(ret)
-	    return ret;
-    }
-    ret = krb524_convert_creds_kdc_ccache(context, ccache, real_creds, &c);
-    if(ret)
-	krb5_warn(context, ret, "converting creds");
-    else {
-	krb5_error_code tret = _krb5_krb_tf_setup(context, &c, NULL, 0);
-	if(tret)
-	    krb5_warn(context, tret, "saving v4 creds");
-    }
-
-    if(creds == NULL)
-	krb5_free_creds(context, real_creds);
-    memset(&c, 0, sizeof(c));
-
-    return ret;
-}
-
-static int
-renew_validate(krb5_context context, 
-	       int renew,
-	       int validate,
-	       krb5_ccache cache, 
-	       const char *server,
-	       krb5_deltat life)
-{
-    krb5_error_code ret;
-    krb5_creds in, *out = NULL;
-    krb5_kdc_flags flags;
-
-    memset(&in, 0, sizeof(in));
-
-    ret = krb5_cc_get_principal(context, cache, &in.client);
-    if(ret) {
-	krb5_warn(context, ret, "krb5_cc_get_principal");
-	return ret;
-    }
-    ret = get_server(context, in.client, server, &in.server);
-    if(ret) {
-	krb5_warn(context, ret, "get_server");
-	goto out;
-    }
-
-    if (renew) {
-	/* 
-	 * no need to check the error here, it's only to be 
-	 * friendly to the user
-	 */
-	krb5_get_credentials(context, KRB5_GC_CACHED, cache, &in, &out);
-    }
-
-    flags.i = 0;
-    flags.b.renewable         = flags.b.renew = renew;
-    flags.b.validate          = validate;
-
-    if (forwardable_flag != -1)
-	flags.b.forwardable       = forwardable_flag;
-    else if (out)
-	flags.b.forwardable 	  = out->flags.b.forwardable;
-
-    if (proxiable_flag != -1)
-	flags.b.proxiable         = proxiable_flag;
-    else if (out)
-	flags.b.proxiable 	  = out->flags.b.proxiable;
-
-    if (anonymous_flag != -1)
-	flags.b.request_anonymous = anonymous_flag;
-    if(life)
-	in.times.endtime = time(NULL) + life;
-
-    if (out) {
-	krb5_free_creds (context, out);
-	out = NULL;
-    }
-
-
-    ret = krb5_get_kdc_cred(context,
-			    cache,
-			    flags,
-			    NULL,
-			    NULL,
-			    &in,
-			    &out);
-    if(ret) {
-	krb5_warn(context, ret, "krb5_get_kdc_cred");
-	goto out;
-    }
-    ret = krb5_cc_initialize(context, cache, in.client);
-    if(ret) {
-	krb5_free_creds (context, out);
-	krb5_warn(context, ret, "krb5_cc_initialize");
-	goto out;
-    }
-    ret = krb5_cc_store_cred(context, cache, out);
-
-    if(ret == 0 && server == NULL) {
-	/* only do this if it's a general renew-my-tgt request */
-	if(get_v4_tgt)
-	    do_524init(context, cache, out, NULL);
-	if(do_afslog && k_hasafs())
-	    krb5_afslog(context, cache, NULL, NULL);
-    }
-
-    krb5_free_creds (context, out);
-    if(ret) {
-	krb5_warn(context, ret, "krb5_cc_store_cred");
-	goto out;
-    }
-out:
-    krb5_free_cred_contents(context, &in);
-    return ret;
-}
-
-static krb5_error_code
-store_ntlmkey(krb5_context context, krb5_ccache id, 
-	      const char *domain, krb5_const_principal client,
-	      struct ntlm_buf *buf)
-{
-    krb5_error_code ret;
-    krb5_creds cred;
-    
-    memset(&cred, 0, sizeof(cred));
-
-    ret = krb5_make_principal(context, &cred.server,
-			      krb5_principal_get_realm(context, client),
-			      "@ntlm-key", domain, NULL);
-    if (ret)
-	goto out;
-    ret = krb5_copy_principal(context, client, &cred.client);
-    if (ret)
-	goto out;
-    
-    cred.times.authtime = time(NULL);
-    cred.times.endtime = time(NULL) + 3600 * 24 * 30; /* XXX */
-    cred.session.keytype = ENCTYPE_ARCFOUR_HMAC_MD5;
-    ret = krb5_data_copy(&cred.session.keyvalue, buf->data, buf->length);
-    if (ret)
-	goto out;
-
-    ret = krb5_cc_store_cred(context, id, &cred);
-
-out:
-    krb5_free_cred_contents (context, &cred);
-    return 0;
-}
-
-static krb5_error_code
-get_new_tickets(krb5_context context, 
-		krb5_principal principal,
-		krb5_ccache ccache,
-		krb5_deltat ticket_life,
-		int interactive)
-{
-    krb5_error_code ret;
-    krb5_get_init_creds_opt *opt;
-    krb5_creds cred;
-    char passwd[256];
-    krb5_deltat start_time = 0;
-    krb5_deltat renew = 0;
-    char *renewstr = NULL;
-    krb5_enctype *enctype = NULL;
-    struct ntlm_buf ntlmkey;
-    krb5_ccache tempccache;
-
-    memset(&ntlmkey, 0, sizeof(ntlmkey));
-    passwd[0] = '\0';
-
-    if (password_file) {
-	FILE *f;
-
-	if (strcasecmp("STDIN", password_file) == 0)
-	    f = stdin;
-	else
-	    f = fopen(password_file, "r");
-	if (f == NULL)
-	    krb5_errx(context, 1, "Failed to open the password file %s",
-		      password_file);
-
-	if (fgets(passwd, sizeof(passwd), f) == NULL)
-	    krb5_errx(context, 1, 
-		      "Failed to read password from file %s", password_file);
-	if (f != stdin)
-	    fclose(f);
-	passwd[strcspn(passwd, "\n")] = '\0';
-    }
-
-
-    memset(&cred, 0, sizeof(cred));
-
-    ret = krb5_get_init_creds_opt_alloc (context, &opt);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_get_init_creds_opt_alloc");
-    
-    krb5_get_init_creds_opt_set_default_flags(context, "kinit",
-	krb5_principal_get_realm(context, principal), opt);
-
-    if(forwardable_flag != -1)
-	krb5_get_init_creds_opt_set_forwardable (opt, forwardable_flag);
-    if(proxiable_flag != -1)
-	krb5_get_init_creds_opt_set_proxiable (opt, proxiable_flag);
-    if(anonymous_flag != -1)
-	krb5_get_init_creds_opt_set_anonymous (opt, anonymous_flag);
-    if (pac_flag != -1)
-	krb5_get_init_creds_opt_set_pac_request(context, opt, 
-						pac_flag ? TRUE : FALSE);
-    if (canonicalize_flag)
-	krb5_get_init_creds_opt_set_canonicalize(context, opt, TRUE);
-    if (pk_user_id) {
-	ret = krb5_get_init_creds_opt_set_pkinit(context, opt,
-						 principal,
-						 pk_user_id,
-						 pk_x509_anchors,
-						 NULL,
-						 NULL,
-						 pk_use_enckey ? 2 : 0,
-						 krb5_prompter_posix,
-						 NULL,
-						 passwd);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_get_init_creds_opt_set_pkinit");
-    }
-
-    if (addrs_flag != -1)
-	krb5_get_init_creds_opt_set_addressless(context, opt, 
-						addrs_flag ? FALSE : TRUE);
-
-    if (renew_life == NULL && renewable_flag)
-	renewstr = "1 month";
-    if (renew_life)
-	renewstr = renew_life;
-    if (renewstr) {
-	renew = parse_time (renewstr, "s");
-	if (renew < 0)
-	    errx (1, "unparsable time: %s", renewstr);
-	
-	krb5_get_init_creds_opt_set_renew_life (opt, renew);
-    }
-
-    if(ticket_life != 0)
-	krb5_get_init_creds_opt_set_tkt_life (opt, ticket_life);
-
-    if(start_str) {
-	int tmp = parse_time (start_str, "s");
-	if (tmp < 0)
-	    errx (1, "unparsable time: %s", start_str);
-
-	start_time = tmp;
-    }
-
-    if(etype_str.num_strings) {
-	int i;
-
-	enctype = malloc(etype_str.num_strings * sizeof(*enctype));
-	if(enctype == NULL)
-	    errx(1, "out of memory");
-	for(i = 0; i < etype_str.num_strings; i++) {
-	    ret = krb5_string_to_enctype(context, 
-					 etype_str.strings[i], 
-					 &enctype[i]);
-	    if(ret)
-		errx(1, "unrecognized enctype: %s", etype_str.strings[i]);
-	}
-	krb5_get_init_creds_opt_set_etype_list(opt, enctype, 
-					       etype_str.num_strings);
-    }
-
-    if(use_keytab || keytab_str) {
-	krb5_keytab kt;
-	if(keytab_str)
-	    ret = krb5_kt_resolve(context, keytab_str, &kt);
-	else
-	    ret = krb5_kt_default(context, &kt);
-	if (ret)
-	    krb5_err (context, 1, ret, "resolving keytab");
-	ret = krb5_get_init_creds_keytab (context,
-					  &cred,
-					  principal,
-					  kt,
-					  start_time,
-					  server_str,
-					  opt);
-	krb5_kt_close(context, kt);
-    } else if (pk_user_id) {
-	ret = krb5_get_init_creds_password (context,
-					    &cred,
-					    principal,
-					    passwd,
-					    krb5_prompter_posix,
-					    NULL,
-					    start_time,
-					    server_str,
-					    opt);
-    } else if (!interactive) {
-	krb5_warnx(context, "Not interactive, failed to get initial ticket");
-	krb5_get_init_creds_opt_free(context, opt);
-	return 0;
-    } else {
-
-	if (passwd[0] == '\0') {
-	    char *p, *prompt;
-	    
-	    krb5_unparse_name (context, principal, &p);
-	    asprintf (&prompt, "%s's Password: ", p);
-	    free (p);
-	    
-	    if (UI_UTIL_read_pw_string(passwd, sizeof(passwd)-1, prompt, 0)){
-		memset(passwd, 0, sizeof(passwd));
-		exit(1);
-	    }
-	    free (prompt);
-	}
-
-	
-	ret = krb5_get_init_creds_password (context,
-					    &cred,
-					    principal,
-					    passwd,
-					    krb5_prompter_posix,
-					    NULL,
-					    start_time,
-					    server_str,
-					    opt);
-    }
-    krb5_get_init_creds_opt_free(context, opt);
-    if (ntlm_domain && passwd[0])
-	heim_ntlm_nt_key(passwd, &ntlmkey);
-    memset(passwd, 0, sizeof(passwd));
-
-    switch(ret){
-    case 0:
-	break;
-    case KRB5_LIBOS_PWDINTR: /* don't print anything if it was just C-c:ed */
-	exit(1);
-    case KRB5KRB_AP_ERR_BAD_INTEGRITY:
-    case KRB5KRB_AP_ERR_MODIFIED:
-    case KRB5KDC_ERR_PREAUTH_FAILED:
-	krb5_errx(context, 1, "Password incorrect");
-	break;
-    case KRB5KRB_AP_ERR_V4_REPLY:
-	krb5_errx(context, 1, "Looks like a Kerberos 4 reply");
-	break;
-    default:
-	krb5_err(context, 1, ret, "krb5_get_init_creds");
-    }
-
-    if(ticket_life != 0) {
-	if(abs(cred.times.endtime - cred.times.starttime - ticket_life) > 30) {
-	    char life[64];
-	    unparse_time_approx(cred.times.endtime - cred.times.starttime, 
-				life, sizeof(life));
-	    krb5_warnx(context, "NOTICE: ticket lifetime is %s", life);
-	}
-    }
-    if(renew_life) {
-	if(abs(cred.times.renew_till - cred.times.starttime - renew) > 30) {
-	    char life[64];
-	    unparse_time_approx(cred.times.renew_till - cred.times.starttime, 
-				life, sizeof(life));
-	    krb5_warnx(context, "NOTICE: ticket renewable lifetime is %s", 
-		       life);
-	}
-    }
-
-    ret = krb5_cc_new_unique(context, krb5_cc_get_type(context, ccache), 
-			     NULL, &tempccache);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_cc_new_unique");
-
-    ret = krb5_cc_initialize (context, tempccache, cred.client);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_cc_initialize");
-    
-    ret = krb5_cc_store_cred (context, tempccache, &cred);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_cc_store_cred");
-
-    krb5_free_cred_contents (context, &cred);
-
-    ret = krb5_cc_move(context, tempccache, ccache);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_cc_move");
-
-    if (ntlm_domain && ntlmkey.data)
-	store_ntlmkey(context, ccache, ntlm_domain, principal, &ntlmkey);
-
-    if (enctype)
-	free(enctype);
-
-    return 0;
-}
-
-static time_t
-ticket_lifetime(krb5_context context, krb5_ccache cache, 
-		krb5_principal client, const char *server)
-{
-    krb5_creds in_cred, *cred;
-    krb5_error_code ret;
-    time_t timeout;
-
-    memset(&in_cred, 0, sizeof(in_cred));
-
-    ret = krb5_cc_get_principal(context, cache, &in_cred.client);
-    if(ret) {
-	krb5_warn(context, ret, "krb5_cc_get_principal");
-	return 0;
-    }
-    ret = get_server(context, in_cred.client, server, &in_cred.server);
-    if(ret) {
-	krb5_free_principal(context, in_cred.client);
-	krb5_warn(context, ret, "get_server");
-	return 0;
-    }
-
-    ret = krb5_get_credentials(context, KRB5_GC_CACHED,
-			       cache, &in_cred, &cred);
-    krb5_free_principal(context, in_cred.client);
-    krb5_free_principal(context, in_cred.server);
-    if(ret) {
-	krb5_warn(context, ret, "krb5_get_credentials");
-	return 0;
-    }
-    timeout = cred->times.endtime - cred->times.starttime;
-    if (timeout < 0)
-	timeout = 0;
-    krb5_free_creds(context, cred);
-    return timeout;
-}
-
-struct renew_ctx {
-    krb5_context context;
-    krb5_ccache  ccache;
-    krb5_principal principal;
-    krb5_deltat ticket_life;
-};
-
-static time_t
-renew_func(void *ptr)
-{
-    struct renew_ctx *ctx = ptr;
-    krb5_error_code ret;
-    time_t expire;
-    int new_tickets = 0;
-
-    if (renewable_flag) {
-	ret = renew_validate(ctx->context, renewable_flag, validate_flag,
-			     ctx->ccache, server_str, ctx->ticket_life);
-	if (ret)
-	    new_tickets = 1;
-    } else
-	new_tickets = 1;
-
-    if (new_tickets)
-	get_new_tickets(ctx->context, ctx->principal, 
-			ctx->ccache, ctx->ticket_life, 0);
-
-    if(get_v4_tgt || convert_524)
-	do_524init(ctx->context, ctx->ccache, NULL, server_str);
-    if(do_afslog && k_hasafs())
-	krb5_afslog(ctx->context, ctx->ccache, NULL, NULL);
-
-    expire = ticket_lifetime(ctx->context, ctx->ccache, ctx->principal,
-			     server_str) / 2;
-    return expire + 1;
-}
-
-int
-main (int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_context context;
-    krb5_ccache  ccache;
-    krb5_principal principal;
-    int optidx = 0;
-    krb5_deltat ticket_life = 0;
-    int parseflags = 0;
-
-    setprogname (argv[0]);
-    
-    ret = krb5_init_context (&context);
-    if (ret == KRB5_CONFIG_BADFORMAT)
-	errx (1, "krb5_init_context failed to parse configuration file");
-    else if (ret)
-	errx(1, "krb5_init_context failed: %d", ret);
-  
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    if (canonicalize_flag)
-	parseflags |= KRB5_PRINCIPAL_PARSE_ENTERPRISE;
-
-    if (argv[0]) {
-	ret = krb5_parse_name_flags (context, argv[0], parseflags, &principal);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_parse_name");
-    } else {
-	ret = krb5_get_default_principal (context, &principal);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_get_default_principal");
-    }
-
-    if(fcache_version)
-	krb5_set_fcache_version(context, fcache_version);
-
-    if(renewable_flag == -1)
-	/* this seems somewhat pointless, but whatever */
-	krb5_appdefault_boolean(context, "kinit",
-				krb5_principal_get_realm(context, principal),
-				"renewable", FALSE, &renewable_flag);
-    if(get_v4_tgt == -1)
-	krb5_appdefault_boolean(context, "kinit", 
-				krb5_principal_get_realm(context, principal), 
-				"krb4_get_tickets", FALSE, &get_v4_tgt);
-    if(do_afslog == -1)
-	krb5_appdefault_boolean(context, "kinit", 
-				krb5_principal_get_realm(context, principal), 
-				"afslog", TRUE, &do_afslog);
-
-    if(cred_cache) 
-	ret = krb5_cc_resolve(context, cred_cache, &ccache);
-    else {
-	if(argc > 1) {
-	    char s[1024];
-	    ret = krb5_cc_gen_new(context, &krb5_fcc_ops, &ccache);
-	    if(ret)
-		krb5_err(context, 1, ret, "creating cred cache");
-	    snprintf(s, sizeof(s), "%s:%s",
-		     krb5_cc_get_type(context, ccache),
-		     krb5_cc_get_name(context, ccache));
-	    setenv("KRB5CCNAME", s, 1);
-	    if (get_v4_tgt) {
-		int fd;
-		if (asprintf(&krb4_cc_name, "%s_XXXXXX", TKT_ROOT) < 0)
-		    krb5_errx(context, 1, "out of memory");
-		if((fd = mkstemp(krb4_cc_name)) >= 0) {
-		    close(fd);
-		    setenv("KRBTKFILE", krb4_cc_name, 1);
-		} else {
-		    free(krb4_cc_name);
-		    krb4_cc_name = NULL;
-		}
-	    }
-	} else {
-	    ret = krb5_cc_cache_match(context, principal, NULL, &ccache);
-	    if (ret)
-		ret = krb5_cc_default (context, &ccache);
-	}
-    }
-    if (ret)
-	krb5_err (context, 1, ret, "resolving credentials cache");
-
-    if(argc > 1 && k_hasafs ())
-	k_setpag();
-
-    if (lifetime) {
-	int tmp = parse_time (lifetime, "s");
-	if (tmp < 0)
-	    errx (1, "unparsable time: %s", lifetime);
-
-	ticket_life = tmp;
-    }
-
-    if(addrs_flag == 0 && extra_addresses.num_strings > 0)
-	krb5_errx(context, 1, "specifying both extra addresses and "
-		  "no addresses makes no sense");
-    {
-	int i;
-	krb5_addresses addresses;
-	memset(&addresses, 0, sizeof(addresses));
-	for(i = 0; i < extra_addresses.num_strings; i++) {
-	    ret = krb5_parse_address(context, extra_addresses.strings[i], 
-				     &addresses);
-	    if (ret == 0) {
-		krb5_add_extra_addresses(context, &addresses);
-		krb5_free_addresses(context, &addresses);
-	    }
-	}
-	free_getarg_strings(&extra_addresses);
-    }
-
-    if(renew_flag || validate_flag) {
-	ret = renew_validate(context, renew_flag, validate_flag, 
-			     ccache, server_str, ticket_life);
-	exit(ret != 0);
-    }
-
-    if(!convert_524)
-	get_new_tickets(context, principal, ccache, ticket_life, 1);
-
-    if(get_v4_tgt || convert_524)
-	do_524init(context, ccache, NULL, server_str);
-    if(do_afslog && k_hasafs())
-	krb5_afslog(context, ccache, NULL, NULL);
-    if(argc > 1) {
-	struct renew_ctx ctx;
-	time_t timeout;
-
-	timeout = ticket_lifetime(context, ccache, principal, server_str) / 2;
-
-	ctx.context = context;
-	ctx.ccache = ccache;
-	ctx.principal = principal;
-	ctx.ticket_life = ticket_life;
-
-	ret = simple_execvp_timed(argv[1], argv+1, 
-				  renew_func, &ctx, timeout);
-#define EX_NOEXEC	126
-#define EX_NOTFOUND	127
-	if(ret == EX_NOEXEC)
-	    krb5_warnx(context, "permission denied: %s", argv[1]);
-	else if(ret == EX_NOTFOUND)
-	    krb5_warnx(context, "command not found: %s", argv[1]);
-	
-	krb5_cc_destroy(context, ccache);
-	_krb5_krb_dest_tkt(context, krb4_cc_name);
-	if(k_hasafs())
-	    k_unlog();
-    } else {
-	krb5_cc_close (context, ccache);
-	ret = 0;
-    }
-    krb5_free_principal(context, principal);
-    krb5_free_context (context);
-    return ret;
-}
diff --git a/crypto/heimdal/kuser/kinit_options.c b/crypto/heimdal/kuser/kinit_options.c
deleted file mode 100644
index 5a7dcd98753d..000000000000
--- a/crypto/heimdal/kuser/kinit_options.c
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Copyright (c) 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kuser_locl.h"
-RCSID("$Id: kinit_options.c,v 1.2 1999/12/02 17:05:01 joda Exp $");
-
-#ifdef KRB4
-int do_afslog		= 0;
-int get_v4_tgt		= 0;
-#endif
diff --git a/crypto/heimdal/kuser/klist.1 b/crypto/heimdal/kuser/klist.1
deleted file mode 100644
index 65ed7d36aa17..000000000000
--- a/crypto/heimdal/kuser/klist.1
+++ /dev/null
@@ -1,154 +0,0 @@
-.\" Copyright (c) 2000 - 2005 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: klist.1 20458 2007-04-19 20:41:27Z lha $
-.\"
-.Dd October  6, 2005
-.Dt KLIST 1
-.Os HEIMDAL
-.Sh NAME
-.Nm klist
-.Nd list Kerberos credentials
-.Sh SYNOPSIS
-.Nm
-.Bk -words
-.Oo Fl c Ar cache \*(Ba Xo
-.Fl -cache= Ns Ar cache
-.Xc
-.Oc
-.Op Fl s | Fl t | Fl -test
-.Op Fl T | Fl -tokens
-.Op Fl 5 | Fl -v5
-.Op Fl v | Fl -verbose
-.Op Fl l | Fl -list-caches
-.Op Fl f
-.Op Fl -version
-.Op Fl -help
-.Ek
-.Sh DESCRIPTION
-.Nm
-reads and displays the current tickets in the credential cache (also
-known as the ticket file).
-.Pp
-Options supported:
-.Bl -tag -width Ds
-.It Xo
-.Fl c Ar cache ,
-.Fl -cache= Ns Ar cache
-.Xc
-credential cache to list
-.It Xo
-.Fl s ,
-.Fl t ,
-.Fl -test
-.Xc
-Test for there being an active and valid TGT for the local realm of
-the user in the credential cache.
-.It Xo
-.Fl T ,
-.Fl -tokens
-.Xc
-display AFS tokens
-.It Xo
-.Fl 5 ,
-.Fl -v5
-.Xc
-display v5 cred cache (this is the default)
-.It Fl f
-Include ticket flags in short form, each character stands for a
-specific flag, as follows:
-.Bl -tag -width  XXX -compact -offset indent
-.It F
-forwardable
-.It f
-forwarded
-.It P
-proxiable
-.It p
-proxied
-.It D
-postdate-able
-.It d
-postdated
-.It R
-renewable
-.It I
-initial
-.It i
-invalid
-.It A
-pre-authenticated
-.It H
-hardware authenticated
-.El
-.Pp
-This information is also output with the
-.Fl -verbose
-option, but in a more verbose way.
-.It Xo
-.Fl v ,
-.Fl -verbose
-.Xc
-Verbose output. Include all possible information:
-.Bl -tag -width XXXX -offset indent
-.It Server
-the principal the ticket is for
-.It Ticket etype
-the encryption type used in the ticket, followed by the key version of
-the ticket, if it is available
-.It Session key
-the encryption type of the session key, if it's different from the
-encryption type of the ticket
-.It Auth time
-the time the authentication exchange took place
-.It Start time
-the time that this ticket is valid from (only printed if it's
-different from the auth time)
-.It End time
-when the ticket expires, if it has already expired this is also noted
-.It Renew till
-the maximum possible end time of any ticket derived from this one
-.It Ticket flags
-the flags set on the ticket
-.It Addresses
-the set of addresses from which this ticket is valid
-.El
-.It Xo
-.Fl l ,
-.Fl -list-caches
-.Xc
-List the credential caches for the current users, not all cache types
-supports listing multiple caches.
-.Pp
-.El
-.Sh SEE ALSO
-.Xr kdestroy 1 ,
-.Xr kinit 1
diff --git a/crypto/heimdal/kuser/klist.c b/crypto/heimdal/kuser/klist.c
deleted file mode 100644
index 3148ddc275e2..000000000000
--- a/crypto/heimdal/kuser/klist.c
+++ /dev/null
@@ -1,639 +0,0 @@
-/*
- * Copyright (c) 1997-2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kuser_locl.h"
-#include "rtbl.h"
-
-RCSID("$Id: klist.c 20516 2007-04-22 10:40:41Z lha $");
-
-static char*
-printable_time(time_t t)
-{
-    static char s[128];
-    strlcpy(s, ctime(&t)+ 4, sizeof(s));
-    s[15] = 0;
-    return s;
-}
-
-static char*
-printable_time_long(time_t t)
-{
-    static char s[128];
-    strlcpy(s, ctime(&t)+ 4, sizeof(s));
-    s[20] = 0;
-    return s;
-}
-
-#define COL_ISSUED		"  Issued"
-#define COL_EXPIRES		"  Expires"
-#define COL_FLAGS		"Flags"
-#define COL_PRINCIPAL		"  Principal"
-#define COL_PRINCIPAL_KVNO	"  Principal (kvno)"
-#define COL_CACHENAME		"  Cache name"
-
-static void
-print_cred(krb5_context context, krb5_creds *cred, rtbl_t ct, int do_flags)
-{
-    char *str;
-    krb5_error_code ret;
-    krb5_timestamp sec;
-
-    krb5_timeofday (context, &sec);
-
-
-    if(cred->times.starttime)
-	rtbl_add_column_entry(ct, COL_ISSUED,
-			      printable_time(cred->times.starttime));
-    else
-	rtbl_add_column_entry(ct, COL_ISSUED,
-			      printable_time(cred->times.authtime));
-    
-    if(cred->times.endtime > sec)
-	rtbl_add_column_entry(ct, COL_EXPIRES,
-			      printable_time(cred->times.endtime));
-    else
-	rtbl_add_column_entry(ct, COL_EXPIRES, ">>>Expired<<<");
-    ret = krb5_unparse_name (context, cred->server, &str);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_unparse_name");
-    rtbl_add_column_entry(ct, COL_PRINCIPAL, str);
-    if(do_flags) {
-	char s[16], *sp = s;
-	if(cred->flags.b.forwardable)
-	    *sp++ = 'F';
-	if(cred->flags.b.forwarded)
-	    *sp++ = 'f';
-	if(cred->flags.b.proxiable)
-	    *sp++ = 'P';
-	if(cred->flags.b.proxy)
-	    *sp++ = 'p';
-	if(cred->flags.b.may_postdate)
-	    *sp++ = 'D';
-	if(cred->flags.b.postdated)
-	    *sp++ = 'd';
-	if(cred->flags.b.renewable)
-	    *sp++ = 'R';
-	if(cred->flags.b.initial)
-	    *sp++ = 'I';
-	if(cred->flags.b.invalid)
-	    *sp++ = 'i';
-	if(cred->flags.b.pre_authent)
-	    *sp++ = 'A';
-	if(cred->flags.b.hw_authent)
-	    *sp++ = 'H';
-	*sp++ = '\0';
-	rtbl_add_column_entry(ct, COL_FLAGS, s);
-    }
-    free(str);
-}
-
-static void
-print_cred_verbose(krb5_context context, krb5_creds *cred)
-{
-    int j;
-    char *str;
-    krb5_error_code ret;
-    int first_flag;
-    krb5_timestamp sec;
-
-    krb5_timeofday (context, &sec);
-
-    ret = krb5_unparse_name(context, cred->server, &str);
-    if(ret)
-	exit(1);
-    printf("Server: %s\n", str);
-    free (str);
-
-    ret = krb5_unparse_name(context, cred->client, &str);
-    if(ret)
-	exit(1);
-    printf("Client: %s\n", str);
-    free (str);
-
-    {
-	Ticket t;
-	size_t len;
-	char *s;
-
-	decode_Ticket(cred->ticket.data, cred->ticket.length, &t, &len);
-	ret = krb5_enctype_to_string(context, t.enc_part.etype, &s);
-	printf("Ticket etype: ");
-	if (ret == 0) {
-	    printf("%s", s);
-	    free(s);
-	} else {
-	    printf("unknown(%d)", t.enc_part.etype);
-	}
-	if(t.enc_part.kvno)
-	    printf(", kvno %d", *t.enc_part.kvno);
-	printf("\n");
-	if(cred->session.keytype != t.enc_part.etype) {
-	    ret = krb5_enctype_to_string(context, cred->session.keytype, &str);
-	    if(ret)
-		krb5_warn(context, ret, "session keytype");
-	    else {
-		printf("Session key: %s\n", str);
-		free(str);
-	    }
-	}
-	free_Ticket(&t);
-	printf("Ticket length: %lu\n", (unsigned long)cred->ticket.length);
-    }
-    printf("Auth time:  %s\n", printable_time_long(cred->times.authtime));
-    if(cred->times.authtime != cred->times.starttime)
-	printf("Start time: %s\n", printable_time_long(cred->times.starttime));
-    printf("End time:   %s", printable_time_long(cred->times.endtime));
-    if(sec > cred->times.endtime)
-	printf(" (expired)");
-    printf("\n");
-    if(cred->flags.b.renewable)
-	printf("Renew till: %s\n", 
-	       printable_time_long(cred->times.renew_till));
-    printf("Ticket flags: ");
-#define PRINT_FLAG2(f, s) if(cred->flags.b.f) { if(!first_flag) printf(", "); printf("%s", #s); first_flag = 0; }
-#define PRINT_FLAG(f) PRINT_FLAG2(f, f)
-    first_flag = 1;
-    PRINT_FLAG(forwardable);
-    PRINT_FLAG(forwarded);
-    PRINT_FLAG(proxiable);
-    PRINT_FLAG(proxy);
-    PRINT_FLAG2(may_postdate, may-postdate);
-    PRINT_FLAG(postdated);
-    PRINT_FLAG(invalid);
-    PRINT_FLAG(renewable);
-    PRINT_FLAG(initial);
-    PRINT_FLAG2(pre_authent, pre-authenticated);
-    PRINT_FLAG2(hw_authent, hw-authenticated);
-    PRINT_FLAG2(transited_policy_checked, transited-policy-checked);
-    PRINT_FLAG2(ok_as_delegate, ok-as-delegate);
-    PRINT_FLAG(anonymous);
-    printf("\n");
-    printf("Addresses: ");
-    if (cred->addresses.len != 0) {
-	for(j = 0; j < cred->addresses.len; j++){
-	    char buf[128];
-	    size_t len;
-	    if(j) printf(", ");
-	    ret = krb5_print_address(&cred->addresses.val[j], 
-				     buf, sizeof(buf), &len);
-	    
-	    if(ret == 0)
-		printf("%s", buf);
-	}
-    } else {
-	printf("addressless");
-    }
-    printf("\n\n");
-}
-
-/*
- * Print all tickets in `ccache' on stdout, verbosily iff do_verbose.
- */
-
-static void
-print_tickets (krb5_context context,
-	       krb5_ccache ccache,
-	       krb5_principal principal,
-	       int do_verbose,
-	       int do_flags,
-	       int do_hidden)
-{
-    krb5_error_code ret;
-    char *str;
-    krb5_cc_cursor cursor;
-    krb5_creds creds;
-    int32_t sec, usec;
-
-    rtbl_t ct = NULL;
-
-    ret = krb5_unparse_name (context, principal, &str);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_unparse_name");
-
-    printf ("%17s: %s:%s\n", 
-	    "Credentials cache",
-	    krb5_cc_get_type(context, ccache),
-	    krb5_cc_get_name(context, ccache));
-    printf ("%17s: %s\n", "Principal", str);
-    free (str);
-    
-    if(do_verbose)
-	printf ("%17s: %d\n", "Cache version",
-		krb5_cc_get_version(context, ccache));
-    
-    krb5_get_kdc_sec_offset(context, &sec, &usec);
-
-    if (do_verbose && sec != 0) {
-	char buf[BUFSIZ];
-	int val;
-	int sig;
-
-	val = sec;
-	sig = 1;
-	if (val < 0) {
-	    sig = -1;
-	    val = -val;
-	}
-	
-	unparse_time (val, buf, sizeof(buf));
-
-	printf ("%17s: %s%s\n", "KDC time offset",
-		sig == -1 ? "-" : "", buf);
-    }
-
-    printf("\n");
-
-    ret = krb5_cc_start_seq_get (context, ccache, &cursor);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_start_seq_get");
-
-    if(!do_verbose) {
-	ct = rtbl_create();
-	rtbl_add_column(ct, COL_ISSUED, 0);
-	rtbl_add_column(ct, COL_EXPIRES, 0);
-	if(do_flags)
-	    rtbl_add_column(ct, COL_FLAGS, 0);
-	rtbl_add_column(ct, COL_PRINCIPAL, 0);
-	rtbl_set_separator(ct, "  ");
-    }
-    while ((ret = krb5_cc_next_cred (context,
-				     ccache,
-				     &cursor,
-				     &creds)) == 0) {
-	const char *str;
-	str = krb5_principal_get_comp_string(context, creds.server, 0);
-	if (!do_hidden && str && str[0] == '@') {
-	    ;
-	}else if(do_verbose){
-	    print_cred_verbose(context, &creds);
-	}else{
-	    print_cred(context, &creds, ct, do_flags);
-	}
-	krb5_free_cred_contents (context, &creds);
-    }
-    if(ret != KRB5_CC_END)
-	krb5_err(context, 1, ret, "krb5_cc_get_next");
-    ret = krb5_cc_end_seq_get (context, ccache, &cursor);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_cc_end_seq_get");
-    if(!do_verbose) {
-	rtbl_format(ct, stdout);
-	rtbl_destroy(ct);
-    }
-}
-
-/*
- * Check if there's a tgt for the realm of `principal' and ccache and
- * if so return 0, else 1
- */
-
-static int
-check_for_tgt (krb5_context context,
-	       krb5_ccache ccache,
-	       krb5_principal principal,
-	       time_t *expiration)
-{
-    krb5_error_code ret;
-    krb5_creds pattern;
-    krb5_creds creds;
-    krb5_realm *client_realm;
-    int expired;
-
-    krb5_cc_clear_mcred(&pattern);
-
-    client_realm = krb5_princ_realm (context, principal);
-
-    ret = krb5_make_principal (context, &pattern.server,
-			       *client_realm, KRB5_TGS_NAME, *client_realm,
-			       NULL);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_make_principal");
-    pattern.client = principal;
-
-    ret = krb5_cc_retrieve_cred (context, ccache, 0, &pattern, &creds);
-    krb5_free_principal (context, pattern.server);
-    if (ret) {
-	if (ret == KRB5_CC_END)
-	    return 1;
-	krb5_err (context, 1, ret, "krb5_cc_retrieve_cred");
-    }
-
-    expired = time(NULL) > creds.times.endtime;
-
-    if (expiration)
-	*expiration = creds.times.endtime;
-
-    krb5_free_cred_contents (context, &creds);
-
-    return expired;
-}
-
-/*
- * Print a list of all AFS tokens
- */
-
-static void
-display_tokens(int do_verbose)
-{
-    uint32_t i;
-    unsigned char t[4096];
-    struct ViceIoctl parms;
-
-    parms.in = (void *)&i;
-    parms.in_size = sizeof(i);
-    parms.out = (void *)t;
-    parms.out_size = sizeof(t);
-
-    for (i = 0;; i++) {
-        int32_t size_secret_tok, size_public_tok;
-        unsigned char *cell;
-	struct ClearToken ct;
-	unsigned char *r = t;
-	struct timeval tv;
-	char buf1[20], buf2[20];
-
-	if(k_pioctl(NULL, VIOCGETTOK, &parms, 0) < 0) {
-	    if(errno == EDOM)
-		break;
-	    continue;
-	}
-	if(parms.out_size > sizeof(t))
-	    continue;
-	if(parms.out_size < sizeof(size_secret_tok))
-	    continue;
-	t[min(parms.out_size,sizeof(t)-1)] = 0;
-	memcpy(&size_secret_tok, r, sizeof(size_secret_tok));
-	/* dont bother about the secret token */
-	r += size_secret_tok + sizeof(size_secret_tok);
-	if (parms.out_size < (r - t) + sizeof(size_public_tok))
-	    continue;
-	memcpy(&size_public_tok, r, sizeof(size_public_tok));
-	r += sizeof(size_public_tok);
-	if (parms.out_size < (r - t) + size_public_tok + sizeof(int32_t))
-	    continue;
-	memcpy(&ct, r, size_public_tok);
-	r += size_public_tok;
-	/* there is a int32_t with length of cellname, but we dont read it */
-	r += sizeof(int32_t);
-	cell = r;
-
-	gettimeofday (&tv, NULL);
-	strlcpy (buf1, printable_time(ct.BeginTimestamp),
-		 sizeof(buf1));
-	if (do_verbose || tv.tv_sec < ct.EndTimestamp)
-	    strlcpy (buf2, printable_time(ct.EndTimestamp),
-		     sizeof(buf2));
-	else
-	    strlcpy (buf2, ">>> Expired <<<", sizeof(buf2));
-
-	printf("%s  %s  ", buf1, buf2);
-
-	if ((ct.EndTimestamp - ct.BeginTimestamp) & 1)
-	    printf("User's (AFS ID %d) tokens for %s", ct.ViceId, cell);
-	else
-	    printf("Tokens for %s", cell);
-	if (do_verbose)
-	    printf(" (%d)", ct.AuthHandle);
-	putchar('\n');
-    }
-}
-
-/*
- * display the ccache in `cred_cache'
- */
-
-static int
-display_v5_ccache (const char *cred_cache, int do_test, int do_verbose, 
-		   int do_flags, int do_hidden)
-{
-    krb5_error_code ret;
-    krb5_context context;
-    krb5_ccache ccache;
-    krb5_principal principal;
-    int exit_status = 0;
-
-    ret = krb5_init_context (&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    if(cred_cache) {
-	ret = krb5_cc_resolve(context, cred_cache, &ccache);
-	if (ret)
-	    krb5_err (context, 1, ret, "%s", cred_cache);
-    } else {
-	ret = krb5_cc_default (context, &ccache);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_cc_resolve");
-    }
-
-    ret = krb5_cc_get_principal (context, ccache, &principal);
-    if (ret) {
-	if(ret == ENOENT) {
-	    if (!do_test)
-		krb5_warnx(context, "No ticket file: %s",
-			   krb5_cc_get_name(context, ccache));
-	    return 1;
-	} else
-	    krb5_err (context, 1, ret, "krb5_cc_get_principal");
-    }
-    if (do_test)
-	exit_status = check_for_tgt (context, ccache, principal, NULL);
-    else
-	print_tickets (context, ccache, principal, do_verbose,
-		       do_flags, do_hidden);
-
-    ret = krb5_cc_close (context, ccache);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_cc_close");
-
-    krb5_free_principal (context, principal);
-    krb5_free_context (context);
-    return exit_status;
-}
-
-/*
- *
- */
-
-static int
-list_caches(void)
-{
-    krb5_cc_cache_cursor cursor;
-    krb5_context context;
-    krb5_error_code ret;
-    krb5_ccache id;
-    rtbl_t ct;
-    
-    ret = krb5_init_context (&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    ret = krb5_cc_cache_get_first (context, NULL, &cursor);
-    if (ret == KRB5_CC_NOSUPP)
-	return 0;
-    else if (ret)
-	krb5_err (context, 1, ret, "krb5_cc_cache_get_first");
-
-    ct = rtbl_create();
-    rtbl_add_column(ct, COL_PRINCIPAL, 0);
-    rtbl_add_column(ct, COL_CACHENAME, 0);
-    rtbl_add_column(ct, COL_EXPIRES, 0);
-    rtbl_set_prefix(ct, "   ");
-    rtbl_set_column_prefix(ct, COL_PRINCIPAL, "");
-
-    while ((ret = krb5_cc_cache_next (context, cursor, &id)) == 0) {
-	krb5_principal principal;
-	char *name;
-
-	ret = krb5_cc_get_principal(context, id, &principal);
-	if (ret == 0) {
-	    time_t t;
-	    int expired = check_for_tgt (context, id, principal, &t);
-
-	    ret = krb5_unparse_name(context, principal, &name);
-	    if (ret == 0) {
-		rtbl_add_column_entry(ct, COL_PRINCIPAL, name);
-		rtbl_add_column_entry(ct, COL_CACHENAME,
-				      krb5_cc_get_name(context, id));
-		rtbl_add_column_entry(ct, COL_EXPIRES,
-				      expired ? ">>> Expired <<<" : 
-				      printable_time(t));
-		free(name);
-		krb5_free_principal(context, principal);
-	    }
-	}
-	krb5_cc_close(context, id);
-    }
-
-    krb5_cc_cache_end_seq_get(context, cursor);
-
-    rtbl_format(ct, stdout);
-    rtbl_destroy(ct);
-    
-    return 0;
-}
-
-/*
- *
- */
-
-static int version_flag		= 0;
-static int help_flag		= 0;
-static int do_verbose		= 0;
-static int do_list_caches	= 0;
-static int do_test		= 0;
-static int do_tokens		= 0;
-static int do_v5		= 1;
-static char *cred_cache;
-static int do_flags	 	= 0;
-static int do_hidden	 	= 0;
-
-static struct getargs args[] = {
-    { NULL, 'f', arg_flag, &do_flags },
-    { "cache",			'c', arg_string, &cred_cache,
-      "credentials cache to list", "cache" },
-    { "test",			't', arg_flag, &do_test,
-      "test for having tickets", NULL },
-    { NULL,			's', arg_flag, &do_test },
-    { "tokens",			'T',   arg_flag, &do_tokens,
-      "display AFS tokens", NULL },
-    { "v5",			'5',	arg_flag, &do_v5,
-      "display v5 cred cache", NULL},
-    { "list-caches",		'l', arg_flag, &do_list_caches,
-      "verbose output", NULL },
-    { "verbose",		'v', arg_flag, &do_verbose,
-      "verbose output", NULL },
-    { "hidden",			0,   arg_flag, &do_hidden,
-      "display hidden credentials", NULL },
-    { NULL,			'a', arg_flag, &do_verbose },
-    { NULL,			'n', arg_flag, &do_verbose },
-    { "version", 		0,   arg_flag, &version_flag, 
-      "print version", NULL },
-    { "help",			0,   arg_flag, &help_flag, 
-      NULL, NULL}
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "");
-    exit (ret);
-}
-
-int
-main (int argc, char **argv)
-{
-    int optidx = 0;
-    int exit_status = 0;
-
-    setprogname (argv[0]);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    if (argc != 0)
-	usage (1);
-
-    if (do_list_caches) {
-	exit_status = list_caches();
-	return exit_status;
-    }
-
-    if (do_v5)
-	exit_status = display_v5_ccache (cred_cache, do_test, 
-					 do_verbose, do_flags, do_hidden);
-
-    if (!do_test) {
-	if (do_tokens && k_hasafs ()) {
-	    if (do_v5)
-		printf ("\n");
-	    display_tokens (do_verbose);
-	}
-    }
-
-    return exit_status;
-}
diff --git a/crypto/heimdal/kuser/kuser_locl.h b/crypto/heimdal/kuser/kuser_locl.h
deleted file mode 100644
index 36ea01a9a59f..000000000000
--- a/crypto/heimdal/kuser/kuser_locl.h
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: kuser_locl.h 20458 2007-04-19 20:41:27Z lha $ */
-
-#ifndef __KUSER_LOCL_H__
-#define __KUSER_LOCL_H__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_PWD_H
-#include <pwd.h>
-#endif
-#ifdef HAVE_SYS_TIME_H
-#include <sys/time.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-#ifdef HAVE_NETINET6_IN6_H
-#include <netinet6/in6.h>
-#endif
-
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#include <roken.h>
-#include <getarg.h>
-#include <parse_time.h>
-#include <err.h>
-#include <krb5.h>
-
-#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
-#include <sys/ioctl.h>
-#endif
-#ifdef HAVE_SYS_IOCCOM_H
-#include <sys/ioccom.h>
-#endif
-#include <kafs.h>
-#include "crypto-headers.h" /* for des_read_pw_string */
-
-#endif /* __KUSER_LOCL_H__ */
diff --git a/crypto/heimdal/kuser/kverify.c b/crypto/heimdal/kuser/kverify.c
deleted file mode 100644
index 888658d95294..000000000000
--- a/crypto/heimdal/kuser/kverify.c
+++ /dev/null
@@ -1,128 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005, 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kuser_locl.h"
-
-RCSID("$Id: kverify.c 19920 2007-01-15 23:21:32Z lha $");
-
-static int help_flag = 0;
-static int version_flag = 0;
-
-static struct getargs args[] = {
-    { "version", 	0,   arg_flag, &version_flag },
-    { "help",		0,   arg_flag, &help_flag }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "[principal]");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    krb5_creds cred;
-    krb5_preauthtype pre_auth_types[] = {KRB5_PADATA_ENC_TIMESTAMP};
-    krb5_get_init_creds_opt *get_options;
-    krb5_verify_init_creds_opt verify_options;
-    krb5_principal principal = NULL;
-    int optidx = 0;
-
-    setprogname (argv[0]);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-    
-    argc -= optidx;
-    argv += optidx;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    ret = krb5_get_init_creds_opt_alloc (context, &get_options);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_get_init_creds_opt_alloc");
-
-    krb5_get_init_creds_opt_set_preauth_list (get_options,
-					      pre_auth_types,
-					      1);
-
-    krb5_verify_init_creds_opt_init (&verify_options);
-    
-    if (argc) {
-	ret = krb5_parse_name(context, argv[0], &principal);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_parse_name: %s", argv[0]);
-    }
-
-    ret = krb5_get_init_creds_password (context,
-					&cred,
-					principal,
-					NULL,
-					krb5_prompter_posix,
-					NULL,
-					0,
-					NULL,
-					get_options);
-    if (ret)
-	errx (1, "krb5_get_init_creds: %s", krb5_get_err_text(context, ret));
-
-    ret = krb5_verify_init_creds (context,
-				  &cred,
-				  NULL,
-				  NULL,
-				  NULL,
-				  &verify_options);
-    if (ret)
-	errx (1, "krb5_verify_init_creds: %s",
-	      krb5_get_err_text(context, ret));
-    krb5_free_cred_contents (context, &cred);
-    krb5_free_context (context);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/45/45_locl.h b/crypto/heimdal/lib/45/45_locl.h
deleted file mode 100644
index 8104179d5bba..000000000000
--- a/crypto/heimdal/lib/45/45_locl.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifndef __45_LOCL_H__
-#define __45_LOCL_H__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <string.h>
-#include <stdlib.h>
-
-#ifdef HAVE_SYS_TIME_H
-#include <sys/time.h>
-#endif
-
-#include <krb5.h>
-#include <krb.h>
-#include <prot.h>
-
-#endif /* __45_LOCL_H__ */
diff --git a/crypto/heimdal/lib/45/Makefile.am b/crypto/heimdal/lib/45/Makefile.am
deleted file mode 100644
index 7ffa8c3ba67a..000000000000
--- a/crypto/heimdal/lib/45/Makefile.am
+++ /dev/null
@@ -1,11 +0,0 @@
-# $Id: Makefile.am 14164 2004-08-26 11:55:29Z joda $
-
-include $(top_srcdir)/Makefile.am.common
-
-AM_CPPFLAGS += $(INCLUDE_krb4)
-
-lib_LIBRARIES = @EXTRA_LIB45@
-
-EXTRA_LIBRARIES = lib45.a
-
-lib45_a_SOURCES = get_ad_tkt.c mk_req.c 45_locl.h
diff --git a/crypto/heimdal/lib/45/Makefile.in b/crypto/heimdal/lib/45/Makefile.in
deleted file mode 100644
index fc6ff540cd48..000000000000
--- a/crypto/heimdal/lib/45/Makefile.in
+++ /dev/null
@@ -1,787 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 14164 2004-08-26 11:55:29Z joda $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common
-subdir = lib/45
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
-    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
-    *) f=$$p;; \
-  esac;
-am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
-am__installdirs = "$(DESTDIR)$(libdir)"
-libLIBRARIES_INSTALL = $(INSTALL_DATA)
-LIBRARIES = $(lib_LIBRARIES)
-ARFLAGS = cru
-lib45_a_AR = $(AR) $(ARFLAGS)
-lib45_a_LIBADD =
-am_lib45_a_OBJECTS = get_ad_tkt.$(OBJEXT) mk_req.$(OBJEXT)
-lib45_a_OBJECTS = $(am_lib45_a_OBJECTS)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-SOURCES = $(lib45_a_SOURCES)
-DIST_SOURCES = $(lib45_a_SOURCES)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
-	$(INCLUDE_krb4)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-lib_LIBRARIES = @EXTRA_LIB45@
-EXTRA_LIBRARIES = lib45.a
-lib45_a_SOURCES = get_ad_tkt.c mk_req.c 45_locl.h
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps lib/45/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps lib/45/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-install-libLIBRARIES: $(lib_LIBRARIES)
-	@$(NORMAL_INSTALL)
-	test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
-	@list='$(lib_LIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f=$(am__strip_dir) \
-	    echo " $(libLIBRARIES_INSTALL) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
-	    $(libLIBRARIES_INSTALL) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
-	  else :; fi; \
-	done
-	@$(POST_INSTALL)
-	@list='$(lib_LIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    p=$(am__strip_dir) \
-	    echo " $(RANLIB) '$(DESTDIR)$(libdir)/$$p'"; \
-	    $(RANLIB) "$(DESTDIR)$(libdir)/$$p"; \
-	  else :; fi; \
-	done
-
-uninstall-libLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LIBRARIES)'; for p in $$list; do \
-	  p=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(libdir)/$$p'"; \
-	  rm -f "$(DESTDIR)$(libdir)/$$p"; \
-	done
-
-clean-libLIBRARIES:
-	-test -z "$(lib_LIBRARIES)" || rm -f $(lib_LIBRARIES)
-lib45.a: $(lib45_a_OBJECTS) $(lib45_a_DEPENDENCIES) 
-	-rm -f lib45.a
-	$(lib45_a_AR) lib45.a $(lib45_a_OBJECTS) $(lib45_a_LIBADD)
-	$(RANLIB) lib45.a
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(LIBRARIES) all-local
-installdirs:
-	for dir in "$(DESTDIR)$(libdir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libLIBRARIES clean-libtool \
-	mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am: install-libLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-libLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
-	clean clean-generic clean-libLIBRARIES clean-libtool ctags \
-	dist-hook distclean distclean-compile distclean-generic \
-	distclean-libtool distclean-tags distdir dvi dvi-am html \
-	html-am info info-am install install-am install-data \
-	install-data-am install-data-hook install-dvi install-dvi-am \
-	install-exec install-exec-am install-exec-hook install-html \
-	install-html-am install-info install-info-am \
-	install-libLIBRARIES install-man install-pdf install-pdf-am \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-hook \
-	uninstall-libLIBRARIES
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/45/get_ad_tkt.c b/crypto/heimdal/lib/45/get_ad_tkt.c
deleted file mode 100644
index 0d142353eb64..000000000000
--- a/crypto/heimdal/lib/45/get_ad_tkt.c
+++ /dev/null
@@ -1,116 +0,0 @@
-/*
- * Copyright (c) 1997, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "45_locl.h"
-
-RCSID("$Id: get_ad_tkt.c 10113 2001-06-18 13:11:33Z assar $");
-
-/* get an additional version 4 ticket via the 524 protocol */
-
-#ifndef NEVERDATE
-#define NEVERDATE ((unsigned long)0x7fffffffL)
-#endif
-
-int
-get_ad_tkt(char *service, char *sinstance, char *realm, int lifetime)
-{
-    krb5_error_code ret;
-    int code;
-    krb5_context context;
-    krb5_ccache id;
-    krb5_creds in_creds, *out_creds;
-    CREDENTIALS cred;
-    time_t now;
-    char pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ];
-    
-    ret = krb5_init_context(&context);
-    if(ret)
-	return KFAILURE;
-    ret = krb5_cc_default(context, &id);
-    if(ret){
-	krb5_free_context(context);
-	return KFAILURE;
-    }
-    memset(&in_creds, 0, sizeof(in_creds));
-    now = time(NULL);
-    in_creds.times.endtime = krb_life_to_time(time(NULL), lifetime);
-    if(in_creds.times.endtime == NEVERDATE)
-	in_creds.times.endtime = 0;
-    ret = krb5_cc_get_principal(context, id, &in_creds.client);
-    if(ret){
-	krb5_cc_close(context, id);
-	krb5_free_context(context);
-	return KFAILURE;
-    }
-    ret = krb5_524_conv_principal(context, in_creds.client, 
-				  pname, pinst, prealm);
-    if(ret){
-	krb5_free_principal(context, in_creds.client);
-	krb5_cc_close(context, id);
-	krb5_free_context(context);
-	return KFAILURE;
-    }
-    ret = krb5_425_conv_principal(context, service, sinstance, realm, 
-				  &in_creds.server);
-    if(ret){
-	krb5_free_principal(context, in_creds.client);
-	krb5_cc_close(context, id);
-	krb5_free_context(context);
-	return KFAILURE;
-    }
-    ret = krb5_get_credentials(context, 
-			       0, 
-			       id,
-			       &in_creds,
-			       &out_creds);
-    krb5_free_principal(context, in_creds.client);
-    krb5_free_principal(context, in_creds.server);
-    if(ret){
-	krb5_cc_close(context, id);
-	krb5_free_context(context);
-	return KFAILURE;
-    }
-    ret = krb524_convert_creds_kdc_ccache(context, id, out_creds, &cred);
-    krb5_cc_close(context, id);
-    krb5_free_context(context);
-    krb5_free_creds(context, out_creds);
-    if(ret)
-	return KFAILURE;
-    code = save_credentials(cred.service, cred.instance, cred.realm, 
-			    cred.session, cred.lifetime, cred.kvno, 
-			    &cred.ticket_st, now);
-    if(code == NO_TKT_FIL)
-	code = tf_setup(&cred, pname, pinst);
-    memset(&cred.session, 0, sizeof(cred.session));
-    return code;
-}
diff --git a/crypto/heimdal/lib/45/mk_req.c b/crypto/heimdal/lib/45/mk_req.c
deleted file mode 100644
index af63f0b653b8..000000000000
--- a/crypto/heimdal/lib/45/mk_req.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000, 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* implementation of krb_mk_req that uses 524 protocol */
-
-#include "45_locl.h"
-
-RCSID("$Id: mk_req.c 17445 2006-05-05 10:37:46Z lha $");
-
-static int lifetime = 255;
-
-static void
-build_request(KTEXT req,
-	      const char *name, const char *inst, const char *realm, 
-	      uint32_t checksum)
-{
-    struct timeval tv;
-    krb5_storage *sp;
-    krb5_data data;
-    sp = krb5_storage_emem();
-    krb5_store_stringz(sp, name);
-    krb5_store_stringz(sp, inst);
-    krb5_store_stringz(sp, realm);
-    krb5_store_int32(sp, checksum);
-    gettimeofday(&tv, NULL);
-    krb5_store_int8(sp, tv.tv_usec  / 5000);
-    krb5_store_int32(sp, tv.tv_sec);
-    krb5_storage_to_data(sp, &data);
-    krb5_storage_free(sp);
-    memcpy(req->dat, data.data, data.length);
-    req->length = (data.length + 7) & ~7;
-    krb5_data_free(&data);
-}
-
-#ifdef KRB_MK_REQ_CONST
-int
-krb_mk_req(KTEXT authent,
-	   const char *service, const char *instance, const char *realm, 
-	   int32_t checksum)
-#else
-int
-krb_mk_req(KTEXT authent,
-	   char *service, char *instance, char *realm, 
-	   int32_t checksum)
-
-#endif
-{
-    CREDENTIALS cr;
-    KTEXT_ST req;
-    krb5_storage *sp;
-    int code;
-    /* XXX get user realm */
-    const char *myrealm = realm;
-    krb5_data a;
-
-    code = krb_get_cred(service, instance, realm, &cr);
-    if(code || time(NULL) > krb_life_to_time(cr.issue_date, cr.lifetime)){
-	code = get_ad_tkt((char *)service,
-			  (char *)instance, (char *)realm, lifetime);
-	if(code == KSUCCESS)
-	    code = krb_get_cred(service, instance, realm, &cr);
-    }
-
-    if(code)
-	return code;
-
-    sp = krb5_storage_emem();
-
-    krb5_store_int8(sp, KRB_PROT_VERSION);
-    krb5_store_int8(sp, AUTH_MSG_APPL_REQUEST);
-    
-    krb5_store_int8(sp, cr.kvno);
-    krb5_store_stringz(sp, realm);
-    krb5_store_int8(sp, cr.ticket_st.length);
-
-    build_request(&req, cr.pname, cr.pinst, myrealm, checksum);
-    encrypt_ktext(&req, &cr.session, DES_ENCRYPT);
-
-    krb5_store_int8(sp, req.length);
-
-    krb5_storage_write(sp, cr.ticket_st.dat, cr.ticket_st.length);
-    krb5_storage_write(sp, req.dat, req.length);
-    krb5_storage_to_data(sp, &a);
-    krb5_storage_free(sp);
-    memcpy(authent->dat, a.data, a.length);
-    authent->length = a.length;
-    krb5_data_free(&a);
-
-    memset(&cr, 0, sizeof(cr));
-    memset(&req, 0, sizeof(req));
-
-    return KSUCCESS;
-}
-
-/* 
- * krb_set_lifetime sets the default lifetime for additional tickets
- * obtained via krb_mk_req().
- * 
- * It returns the previous value of the default lifetime.
- */
-
-int
-krb_set_lifetime(int newval)
-{
-    int olife = lifetime;
-
-    lifetime = newval;
-    return(olife);
-}
diff --git a/crypto/heimdal/lib/Makefile.am b/crypto/heimdal/lib/Makefile.am
deleted file mode 100644
index f1e26e1f2a05..000000000000
--- a/crypto/heimdal/lib/Makefile.am
+++ /dev/null
@@ -1,22 +0,0 @@
-# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-if KRB4
-dir_45 = 45
-endif
-if OTP
-dir_otp = otp
-endif
-if DCE
-dir_dce = kdfs
-endif
-if COM_ERR
-dir_com_err = com_err
-endif
-if !HAVE_OPENSSL
-dir_hcrypto = hcrypto
-endif
-
-SUBDIRS = roken vers editline $(dir_com_err) sl asn1 $(dir_hcrypto) hx509 \
-	krb5 ntlm kafs gssapi hdb kadm5 auth $(dir_45) $(dir_otp) $(dir_dce)
diff --git a/crypto/heimdal/lib/Makefile.in b/crypto/heimdal/lib/Makefile.in
deleted file mode 100644
index 6884c24a0e2b..000000000000
--- a/crypto/heimdal/lib/Makefile.in
+++ /dev/null
@@ -1,823 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common
-subdir = lib
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-SOURCES =
-DIST_SOURCES =
-RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
-	html-recursive info-recursive install-data-recursive \
-	install-dvi-recursive install-exec-recursive \
-	install-html-recursive install-info-recursive \
-	install-pdf-recursive install-ps-recursive install-recursive \
-	installcheck-recursive installdirs-recursive pdf-recursive \
-	ps-recursive uninstall-recursive
-RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive	\
-  distclean-recursive maintainer-clean-recursive
-ETAGS = etags
-CTAGS = ctags
-DIST_SUBDIRS = roken vers editline com_err sl asn1 hcrypto hx509 krb5 \
-	ntlm kafs gssapi hdb kadm5 auth 45 otp kdfs
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-@KRB4_TRUE@dir_45 = 45
-@OTP_TRUE@dir_otp = otp
-@DCE_TRUE@dir_dce = kdfs
-@COM_ERR_TRUE@dir_com_err = com_err
-@HAVE_OPENSSL_FALSE@dir_hcrypto = hcrypto
-SUBDIRS = roken vers editline $(dir_com_err) sl asn1 $(dir_hcrypto) hx509 \
-	krb5 ntlm kafs gssapi hdb kadm5 auth $(dir_45) $(dir_otp) $(dir_dce)
-
-all: all-recursive
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps lib/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps lib/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-# This directory's subdirectories are mostly independent; you can cd
-# into them and run `make' without going through this Makefile.
-# To change the values of `make' variables: instead of editing Makefiles,
-# (1) if the variable is set in `config.status', edit `config.status'
-#     (which will cause the Makefiles to be regenerated when you run `make');
-# (2) otherwise, pass the desired values on the `make' command line.
-$(RECURSIVE_TARGETS):
-	@failcom='exit 1'; \
-	for f in x $$MAKEFLAGS; do \
-	  case $$f in \
-	    *=* | --[!k]*);; \
-	    *k*) failcom='fail=yes';; \
-	  esac; \
-	done; \
-	dot_seen=no; \
-	target=`echo $@ | sed s/-recursive//`; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    dot_seen=yes; \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	  || eval $$failcom; \
-	done; \
-	if test "$$dot_seen" = "no"; then \
-	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
-	fi; test -z "$$fail"
-
-$(RECURSIVE_CLEAN_TARGETS):
-	@failcom='exit 1'; \
-	for f in x $$MAKEFLAGS; do \
-	  case $$f in \
-	    *=* | --[!k]*);; \
-	    *k*) failcom='fail=yes';; \
-	  esac; \
-	done; \
-	dot_seen=no; \
-	case "$@" in \
-	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
-	  *) list='$(SUBDIRS)' ;; \
-	esac; \
-	rev=''; for subdir in $$list; do \
-	  if test "$$subdir" = "."; then :; else \
-	    rev="$$subdir $$rev"; \
-	  fi; \
-	done; \
-	rev="$$rev ."; \
-	target=`echo $@ | sed s/-recursive//`; \
-	for subdir in $$rev; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	  || eval $$failcom; \
-	done && test -z "$$fail"
-tags-recursive:
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
-	done
-ctags-recursive:
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
-	  include_option=--etags-include; \
-	  empty_fix=.; \
-	else \
-	  include_option=--include; \
-	  empty_fix=; \
-	fi; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test ! -f $$subdir/TAGS || \
-	      tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \
-	  fi; \
-	done; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS: ctags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test -d "$(distdir)/$$subdir" \
-	    || $(MKDIR_P) "$(distdir)/$$subdir" \
-	    || exit 1; \
-	    distdir=`$(am__cd) $(distdir) && pwd`; \
-	    top_distdir=`$(am__cd) $(top_distdir) && pwd`; \
-	    (cd $$subdir && \
-	      $(MAKE) $(AM_MAKEFLAGS) \
-	        top_distdir="$$top_distdir" \
-	        distdir="$$distdir/$$subdir" \
-		am__remove_distdir=: \
-		am__skip_length_check=: \
-	        distdir) \
-	      || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-recursive
-all-am: Makefile all-local
-installdirs: installdirs-recursive
-installdirs-am:
-install: install-recursive
-install-exec: install-exec-recursive
-install-data: install-data-recursive
-uninstall: uninstall-recursive
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-recursive
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-recursive
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-recursive
-	-rm -f Makefile
-distclean-am: clean-am distclean-generic distclean-tags
-
-dvi: dvi-recursive
-
-dvi-am:
-
-html: html-recursive
-
-info: info-recursive
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-recursive
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-recursive
-
-install-info: install-info-recursive
-
-install-man:
-
-install-pdf: install-pdf-recursive
-
-install-ps: install-ps-recursive
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-recursive
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-recursive
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-pdf: pdf-recursive
-
-pdf-am:
-
-ps: ps-recursive
-
-ps-am:
-
-uninstall-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \
-	install-data-am install-exec-am install-strip uninstall-am
-
-.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
-	all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool ctags ctags-recursive dist-hook \
-	distclean distclean-generic distclean-libtool distclean-tags \
-	distdir dvi dvi-am html html-am info info-am install \
-	install-am install-data install-data-am install-data-hook \
-	install-dvi install-dvi-am install-exec install-exec-am \
-	install-exec-hook install-html install-html-am install-info \
-	install-info-am install-man install-pdf install-pdf-am \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs installdirs-am maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-generic \
-	mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \
-	uninstall uninstall-am uninstall-hook
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/asn1/CMS.asn1 b/crypto/heimdal/lib/asn1/CMS.asn1
deleted file mode 100644
index 685f0b189831..000000000000
--- a/crypto/heimdal/lib/asn1/CMS.asn1
+++ /dev/null
@@ -1,157 +0,0 @@
--- From RFC 3369 --
--- $Id: CMS.asn1 18054 2006-09-07 12:20:42Z lha $ --
-
-CMS DEFINITIONS ::= BEGIN
-
-IMPORTS CertificateSerialNumber, AlgorithmIdentifier, Name,
-	Attribute, Certificate, Name, SubjectKeyIdentifier FROM rfc2459
-	heim_any, heim_any_set FROM heim;
-
-id-pkcs7 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
-         us(840) rsadsi(113549) pkcs(1) pkcs7(7) }
-
-id-pkcs7-data OBJECT IDENTIFIER ::= 			{ id-pkcs7 1 }
-id-pkcs7-signedData OBJECT IDENTIFIER ::= 		{ id-pkcs7 2 }
-id-pkcs7-envelopedData OBJECT IDENTIFIER ::= 		{ id-pkcs7 3 }
-id-pkcs7-signedAndEnvelopedData OBJECT IDENTIFIER ::= 	{ id-pkcs7 4 }
-id-pkcs7-digestedData OBJECT IDENTIFIER ::= 		{ id-pkcs7 5 }
-id-pkcs7-encryptedData OBJECT IDENTIFIER ::= 		{ id-pkcs7 6 }
-
-CMSVersion ::= INTEGER {
-	   CMSVersion_v0(0), 
-	   CMSVersion_v1(1), 
-	   CMSVersion_v2(2),
-	   CMSVersion_v3(3),
-	   CMSVersion_v4(4)
-}
-
-DigestAlgorithmIdentifier ::= AlgorithmIdentifier
-DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
-SignatureAlgorithmIdentifier ::= AlgorithmIdentifier
-
-ContentType ::= OBJECT IDENTIFIER
-MessageDigest ::= OCTET STRING
-
-ContentInfo ::= SEQUENCE {
-	contentType ContentType,
-	content [0] EXPLICIT heim_any OPTIONAL --  DEFINED BY contentType 
-}
-
-EncapsulatedContentInfo ::= SEQUENCE {
-	eContentType ContentType,
-	eContent [0] EXPLICIT OCTET STRING OPTIONAL
-}
-
-CertificateSet ::= SET OF heim_any
-
-CertificateList ::= Certificate
-
-CertificateRevocationLists ::= SET OF CertificateList
-
-IssuerAndSerialNumber ::= SEQUENCE {
-	issuer Name,
-	serialNumber CertificateSerialNumber
-}
-
--- RecipientIdentifier is same as SignerIdentifier, 
--- lets glue them togheter and save some bytes and share code for them
-
-CMSIdentifier ::= CHOICE {
-	issuerAndSerialNumber IssuerAndSerialNumber,
-	subjectKeyIdentifier [0] SubjectKeyIdentifier
-}
-
-SignerIdentifier ::= CMSIdentifier
-RecipientIdentifier ::= CMSIdentifier
-
---- CMSAttributes are the combined UnsignedAttributes and SignedAttributes
---- to store space and share code
-
-CMSAttributes ::= SET OF Attribute		-- SIZE (1..MAX) 
-
-SignatureValue ::= OCTET STRING
-
-SignerInfo ::= SEQUENCE {
-	version CMSVersion,
-	sid SignerIdentifier,
-	digestAlgorithm DigestAlgorithmIdentifier,
-	signedAttrs [0] IMPLICIT -- CMSAttributes --
-		SET OF Attribute OPTIONAL,
-	signatureAlgorithm SignatureAlgorithmIdentifier,
-	signature SignatureValue,
-	unsignedAttrs [1] IMPLICIT -- CMSAttributes -- 
-		SET OF Attribute OPTIONAL
-}
-
-SignerInfos ::= SET OF SignerInfo
-
-SignedData ::= SEQUENCE {
-	version CMSVersion,
-	digestAlgorithms DigestAlgorithmIdentifiers,
-	encapContentInfo EncapsulatedContentInfo,
-	certificates [0] IMPLICIT -- CertificateSet --
-		SET OF heim_any OPTIONAL,
-	crls [1] IMPLICIT -- CertificateRevocationLists --
-		heim_any OPTIONAL,
-	signerInfos SignerInfos
-}
-
-OriginatorInfo ::= SEQUENCE {
-	certs [0] IMPLICIT -- CertificateSet --
-		SET OF heim_any OPTIONAL,
-	crls [1] IMPLICIT --CertificateRevocationLists --
-		heim_any OPTIONAL
-}
-
-KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
-ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
-
-EncryptedKey ::= OCTET STRING
-
-KeyTransRecipientInfo ::= SEQUENCE {
-	version CMSVersion,  -- always set to 0 or 2
-	rid RecipientIdentifier,
-	keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
-	encryptedKey EncryptedKey
-}
-
-RecipientInfo ::= KeyTransRecipientInfo
-
-RecipientInfos ::= SET OF RecipientInfo
-
-EncryptedContent ::= OCTET STRING
-
-EncryptedContentInfo ::= SEQUENCE {
-	contentType ContentType,
-	contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
-	encryptedContent [0] IMPLICIT OCTET STRING OPTIONAL
-}
-
-UnprotectedAttributes ::= SET OF Attribute	-- SIZE (1..MAX)
-
-CMSEncryptedData ::= SEQUENCE {
-	version CMSVersion,
-	encryptedContentInfo EncryptedContentInfo,
-        unprotectedAttrs [1] IMPLICIT -- UnprotectedAttributes --
-		heim_any OPTIONAL
-}
-
-EnvelopedData ::= SEQUENCE {
-	version CMSVersion,
-	originatorInfo [0] IMPLICIT -- OriginatorInfo -- heim_any OPTIONAL,
-	recipientInfos RecipientInfos,
-	encryptedContentInfo EncryptedContentInfo,
-	unprotectedAttrs [1] IMPLICIT -- UnprotectedAttributes --
-		heim_any OPTIONAL
-}
-
--- Data ::= OCTET STRING
-
-CMSRC2CBCParameter ::= SEQUENCE {
-	rc2ParameterVersion	INTEGER (0..4294967295),
-	iv			OCTET STRING -- exactly 8 octets
-}
-
-CMSCBCParameter ::= OCTET STRING
-
-END
diff --git a/crypto/heimdal/lib/asn1/ChangeLog b/crypto/heimdal/lib/asn1/ChangeLog
deleted file mode 100644
index 9039e253fedf..000000000000
--- a/crypto/heimdal/lib/asn1/ChangeLog
+++ /dev/null
@@ -1,1649 +0,0 @@
-2008-01-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* asn1-common.h gen.c der.c gen_encode.c: add and use der_{malloc,free}
-
-2007-12-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* libasn1.h: remove, not used.
-
-2007-12-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Add DigestTypes, add --seq to antoher type.
-
-	* digest.asn1: Add supportedMechs request.
-	
-2007-10-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* k5.asn1: Some "old" windows enctypes. From Andy Polyakov.
-	
-2007-07-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Fold in pk-init-alg-agilty.
-
-	* pkinit.asn1: Fold in pk-init-alg-agilty.
-
-2007-07-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* parse.y: Passe object id is its part of the module defintion
-	statement.
-
-2007-07-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-gen.c: test SEQ OF SIZE (...)
-
-	* Makefile.am: Include more sizeof tests.
-
-2007-07-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* try to avoid aliasing of pointers enum {} vs int
-
-2007-07-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test.asn1: Test SIZE attribute for SEQ and OCTET STRING
-
-	* parse.y (OctetStringType): add SIZE to OCTET STRING.
-
-	* Makefile.am: New library version.
-
-2007-07-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* rfc2459.asn1: Re-add size limits. 
-	
-	* k5.asn1: Add size limits from RFC 4120.
-
-	* gen_decode.c: Check range on SEQ OF and OCTET STRING.
-
-	* asn1_err.et (min|max|exact) constraints.
-
-	* parse.y: Parse size limitations to SEQ OF.
-
-2007-06-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Add AuthorityInfoAccessSyntax.
-
-	* rfc2459.asn1: Add AuthorityInfoAccessSyntax.
-
-	* rfc2459.asn1: Add authorityInfoAccess, rename proxyCertInfo.
-	
-	* Makefile.am: Add authorityInfoAccess, rename proxyCertInfo.
-
-2007-06-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* der_get.c (der_get_time): avoid using wrapping of octet_string
-	and realloc.
-
-	* der_get.c: No need to undef timetm, we don't use it any more.
-
-	* timegm.c: Fix spelling caused by too much query-replace.
-
-	* gen.c: Include <limits.h> for UINT_MAX.
-
-	* gen_decode.c: Check for multipication overrun.
-
-	* gen_encode.c: Paranoia check in buffer overun in output
-	function.
-
-	* check-der.c: Test boolean.
-
-	* check-der.c: test universal strings.
-
-	* check-der.c: Test failure cases for der_get_tag.
-
-	* check-der.c: test dates from last century.
-
-	* check-der.c: Move zero length integercheck to a better place.
-
-	* check-der.c: Test zero length integer.
-
-2007-06-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-der.c: Init data to something.
-
-2007-06-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* k5.asn1: Add KRB5-AUTHDATA-INITIAL-VERIFIED-CAS.
-
-2007-06-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* pkinit.asn1: Make the pkinit nonce signed (like the kerberos
-	nonce).
-
-2007-06-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-der.c: Free more memory.
-
-	* der_format.c: Don't accect zero length hex numbers.
-
-	* check-der.c: Also free right memory.
-
-	* main.c: Close asn1 file when done.
-
-	* check-der.c: more check for der_parse_hex_heim_integer
-
-	* der_format.c (der_parse_hex_heim_integer): check length before
-	reading data.
-	
-	* check-gen.c (test_authenticator): free memory
-	
-2007-05-31  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: add MS-UPN-SAN
-
-	* pkinit.asn1: add MS-UPN-SAN
-
-	* rfc2459.asn1: Do evil things to handle IMPLICIT encoded
-	structures.  Add id-ms-client-authentication.
-	
-2007-05-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Add asn1_id_ms_cert_enroll_domaincontroller.x
-	
-2007-05-10  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* gen.c: Add struct units; as a forward declaration. Pointed out
-	by Marcus Watts.
-
-	* rfc2459.asn1: Netscape extentions
-
-	* Makefile.am: add U.S. Federal PKI Common Policy Framework
-
-	* rfc2459.asn1: add U.S. Federal PKI Common Policy Framework
-	
-2007-04-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen_seq.c: Handle the case of resize to 0 and realloc that
-	returns NULL.
-
-	* check-gen.c (check_seq): free seq.
-	
-2007-04-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-der.c (test_heim_oid_format_same): avoid leaking memory in
-	the non failure case too
-	
-2007-04-16  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: remove extra ^Q
-	
-2007-04-11  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* der_get.c: Allow trailing NULs. We allow this since MIT Kerberos
-	sends an strings in the NEED_PREAUTH case that includes a trailing
-	NUL.
-	
-2007-02-17  Love H�rnquist �strand  <lha@it.su.se>
-	
-	
-	* Makefile.am: Add PA-ClientCanonicalized and friends.
-
-	* k5.asn1: Add PA-ClientCanonicalized and friends.
-	
-2007-02-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-der.c: Drop one over INT_MAX test-case.
-	
-2007-02-05  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* pkinit.asn1: add id-pkinit-ms-eku
-	
-	* pkinit.asn1: fill in more bits of id-pkinit-ms-san
-	
-2007-02-02  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* digest.asn1: rename hash-a1 to session key
-	
-2007-02-01  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* digest.asn1: Add elements to send in requestResponse to KDC and
-	get status of the request.
-	
-2007-01-31  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: seq rules for CRLDistributionPoints
-	
-2007-01-30  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: add CRLDistributionPoints and friends
-	
-2007-01-20  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* check-der.c: check BMPstring oddlength more
-
-	* check-der.c: Test for NUL char in string in GENERAL STRING.
-
-	* der_get.c: Check for NUL characters in string and return
-	ASN1_BAD_CHARACTER error-code if we find them.
-
-	* asn1_err.et: Add BAD_CHARACTER error.
-	
-2007-01-16  Love H�rnquist �strand <lha@it.su.se>
-	
-	* Makefile.am: Add id-at-streetAddress.
-
-	* rfc2459.asn1: Add id-at-streetAddress.
-	
-2007-01-12  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* rfc2459.asn1: Add PKIXXmppAddr and id-pkix-on-xmppAddr.
-	
-2006-12-30  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: Add id-pkix-kp oids.
-
-	* rfc2459.asn1: Add id-pkix-kp oids.
-	
-2006-12-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen_encode.c: Named bit strings have this horrible, disgusting,
-	compress bits until they are no longer really there but stuff in
-	an initial octet anyway encoding scheme. Try to get it right and
-	calculate the initial octet runtime instead of compiletime.
-
-	* check-gen.c: Check all other silly bitstring combinations.
-
-	* Makefile.am: Add --sequence=Extensions to rfc2459.
-	
-2006-12-28  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kx509.asn1: Add kx509.
-
-	* Makefile.am: Add kx509.
-
-	* Add VisibleString parsing
-
-2006-12-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Add ntlm files.
-
-	* digest.asn1: Add bits for handling NTLM.
-	
-2006-12-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: add pkix proxy cert policy lang oids
-
-	* rfc2459.asn1: add pkix proxy cert policy lang oids
-	
-2006-12-07  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* rfc2459.asn1: unbreak id-pe-proxyCertInfo
-
-	* rfc2459.asn1: Add id-pkix-on-dnsSRV and related oids
-
-2006-11-28  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: Add explicit depenency to LIB_roken for libasn1.la,
-	make AIX happy.
-	
-2006-11-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* der_format.c (der_print_heim_oid): oid with zero length is
-	invalid, fail to print.
-	
-2006-11-24  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* der_format.c (der_print_heim_oid): use delim when printing.
-	
-2006-11-21  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* k5.asn1: Make KRB5-PADATA-S4U2SELF pa type 129.
-	
-2006-10-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* asn1_err.et: add EXTRA_DATA
-	
-2006-10-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-gen.c: avoid leaking memory
-
-	* check-der.c: avoid leaking memory
-
-	* der_format.c (der_parse_heim_oid): avoid leaking memory
-
-	* check-common.c: Print size_t as (unsigned long) and cast.
-
-	* check-common.c: Try to align data, IA64's gets upset if its
-	unaligned.
-
-	* lex.l: add missing */
-	
-	* lex.c: need %e for hpux lex
-
-2006-10-20  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: remove dups from gen_files_test, add check-timegm.
-	
-	* Makefile.am: include more test.asn1 built files
-
-	* Makefile.am: More files, now for make check.
-	
-2006-10-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Add missing files
-
-	* Makefile.am (asn1_compile_SOURCES): add gen_locl.h
-
-	* check-timegm.c: Add check for _der_timegm.
-
-	* der_get.c (generalizedtime2time): always use _der_timegm.
-
-	* timegm.c: make more strict
-
-	* der_locl.h: Rename timegm to _der_timegm.
-	
-2006-10-17  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* timegm.c: vJust fail if tm_mon is out of range for now XXXX this
-	is wrong.
-	
-2006-10-16  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: extra depencies on der-protos.h
-	
-2006-10-14 Love H�rnquist �strand <lha@it.su.se>
-
-	* check-der.c: Prefix primitive types with der_.
-
-	* timegm.c: rename the buildin timegm to _der_timegm
-
-	* heim_asn1.h: move prototype away from here.
-
-	* der_format.c: Add der_parse_heim_oid
-	
-	* gen_free.c: prefix primitive types with der_
-
-	* der_copy.c: prefix primitive types with der_
-
-	* gen_length.c: prefix primitive types with der_
-
-	* der_length.c: prefix primitive types with der_
-
-	* der_cmp.c: prefix primitive types with der_
-
-	* gen_free.c: prefix primitive types with der_
-
-	* der_free.c: prefix primitive types with der_
-
-	* gen_copy.c: prefix primitive types with der_
-
-	* der_copy.c: rename copy_ to der_copy_
-
-	* Makefile.am: Add der-protos.h to nodist_include_HEADERS.
-	
-	* der.h: use newly built <der-protos.h>
-
-	* Makefile.am: Generate der prototypes.
-
-	* gen.c: move any definitions here.
-
-	* asn1-common.h: move any definitions here.
-
-	* der.h: remove der_parse_oid prototype, it was never implemented.
-
-	* der.h: New der_print_heim_oid signature.  Test
-	der_parse_heim_oid
-
-	* check-der.c: New der_print_heim_oid signature.  Test
-	der_parse_heim_oid
-	
-2006-10-07  Love H�rnquist �strand <lha@it.su.se>
-	
-	* lex.l: Grow an even larger output table size.
-
-	* Makefile.am: split build files into dist_ and noinst_ SOURCES
-	
-2006-10-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen_seq.c: In generation of remove_TYPE: if you just removed the
-	last element, you must not memmove memory beyond the array.  From
-	Andrew Bartlett
-	
-2006-10-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lex.l: Grow (%p, %a, %n) tables for Solaris 10 lex. From Harald
-	Barth.
-	
-2006-09-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen_decode.c (decode_type): drop unused variable realtype.
-	
-2006-09-11  Love H�rnquist �strand <lha@it.su.se>
-
-	* Makefile.am: Add KRB5SignedPath and friends.
-
-	* k5.asn1: Add KRB5SignedPath and friends.
-
-	* Makefile.am: Add new sequence generation for GeneralNames.
-
-2006-09-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* CMS.asn1 (CMSVersion): rename versions from v0 to CMSVersion_v0,
-	...
-	
-2006-09-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Add TESTSeqOf for testing sequence generation code.
-
-	* check-gen.c: Add sequence tests.
-
-	* test.asn1: Add TESTSeqOf for testing sequence generation code.
-
-	* gen_seq.c: fix warning.
-
-	* gen_seq.c: make generated data work
-
-	* setchgpw2.asn1: enctype is part of the krb5 module now, use that
-	instead of locally defining it.
-
-	* Makefile.am: asn1_compile += gen_seq.c
-
-	* gen_locl.h: add new prototypes, remove unused ones.
-
-	* gen.c: Generate sequence function.
-
-	* main.c: add --sequence
-
-	* gen_seq.c: Add generated add_ and remove_ for "SEQUENCE OF
-	TType". I'm tried of writing realloc(foo->data,
-	sizeof(foo->data[0]) + (foo->len + 1)); Only generated for those
-	type that is enabled by the command flag --sequence.
-	
-2006-08-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* digest.asn1 (DigestRequest): add authid
-
-	* digest.asn1: Comment describing on how to communicate the sasl
-	int/conf mode.
-	
-2006-08-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* digest.asn1: Add some missing fields needed for digest.
-	
-2006-08-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* digest.asn1: Tweak to make consisten and more easier to use.
-	
-2006-07-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Remove CMS symmetric encryption support.  Add
-	DigestProtocol.
-
-	* digest.asn1: DigestProtocol
-
-	* k5.asn1: Remove CMS symmetric encryption support.
-	
-2006-06-22  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* check-der.c (check_fail_heim_integer): disable test
-
-	* der_get.c (der_get_heim_integer): revert part of previous
-
-	* der_get.c (der_get_heim_integer): Add more checks
-
-	* asn1_print.c: Add printing of bignums and use der_print_heim_oid
-
-	* check-der.c (test_heim_oid_format_same): add printing on failure
-
-	* check-der.c: Add one check for heim_int, add checking for oid
-	printing
-	
-2006-06-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Impersonation support bits (and sort)
-
-	* k5.asn1: Impersonation support bits.
-	
-2006-05-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* der_format.c (der_parse_hex_heim_integer): avoid shadowing.
-	
-2006-04-29  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: Add ExternalPrincipalIdentifiers, shared between
-	several elements.
-
-	* pkinit.asn1: Add ExternalPrincipalIdentifiers, shared between
-	several elements.
-	
-2006-04-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* parse.y: Add missing ;'s, found by bison on a SuSE 8.2 machine.
-	
-2006-04-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Add definitions from RFC 3820, Proxy Certificate
-	Profile.
-
-	* rfc2459.asn1: Add definitions from RFC 3820, Proxy Certificate
-	Profile.
-	
-2006-04-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* rfc2459.asn1: Add id-Userid
-
-	* Makefile.am: Add UID and email
-
-	* pkcs9.asn1: Add id-pkcs9-emailAddress
-	
-	* Makefile.am: Add attribute type oids from X520 and RFC 2247 DC
-	oid
-
-	* rfc2459.asn1: Add attribute type oids from X520 and RFC 2247 DC
-	oid
-	
-2006-04-21  Love H�rnquist �strand <lha@it.su.se>
-
-	* Makefile.am: add sha-1 and sha-2
-
-	* rfc2459.asn1: add sha-1 and sha-2
-	
-2006-04-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Add id-pkcs1-sha256WithRSAEncryption and friends
-
-	* rfc2459.asn1: Add id-pkcs1-sha256WithRSAEncryption and friends
-
-	* CMS.asn1: Turn CMSRC2CBCParameter.rc2ParameterVersion into a
-	constrained integer
-	
-2006-04-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* hash.c (hashtabnew): check for NULL before setting structure.
-	Coverity, NetBSD CID#4
-	
-2006-03-31  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: gen_files_rfc2459 += asn1_ExtKeyUsage.x
-	
-	* rfc2459.asn1: Add ExtKeyUsage.
-
-	* gen.c (generate_header_of_codefile): remove unused variable.
-	
-2006-03-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen.c: Put all the IMPORTed headers into the headerfile to avoid
-	hidden depencies.
-	
-2006-03-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Add id-pkinit-ms-san.
-
-	* pkinit.asn1: Add id-pkinit-ms-san.
-
-	* k5.asn1 (PADATA-TYPE): Add KRB5-PADATA-PA-PK-OCSP-RESPONSE
-	
-2006-03-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Add pkinit-san.
-
-	* pkinit.asn1: Rename id-pksan to id-pkinit-san
-	
-2006-03-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen.c (init_generate): Nothing in the generated files needs
-	timegm(), so no need to provide a prototype for it.
-	
-2006-02-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* pkinit.asn1: paChecksum is now OPTIONAL so it can be upgraded to
-	something better then SHA1
-	
-2006-01-31  Love H�rnquist �strand  <lha@it.su.se>
-
-	* extra.c: Stub-generator now generates alloc statements for
-	tagless ANY OPTIONAL, remove workaround.
-
-	* check-gen.c: check for "tagless ANY OPTIONAL"
-
-	* test.asn1: check for "tagless ANY OPTIONAL"
-	
-2006-01-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* der.h: UniversalString and BMPString are both implemented.
-
-	* der.h: Remove , after the last element of enum.
-
-	* asn1_gen.c: Spelling.
-	
-2006-01-20  Love H�rnquist �strand <lha@it.su.se>
-	
-	* der_length.c (length_heim_integer): Try handle negative length
-	of integers better.
-
-	* der_get.c (der_get_heim_integer): handle negative integers.
-	
-	* check-der.c: check heim_integer.
-	
-2006-01-18  Love H�rnquist �strand <lha@it.su.se>
-
-	* Makefile.am: Its cRLReason, not cRLReasons
-
-	* canthandle.asn1: "Allocation is done on CONTEXT tags" works just
-	fine.
-
-	* rfc2459.asn1: Add CRL structures and OIDs.
-
-	* Makefile.am: Add CRL and TESTAlloc structures and OIDs.
-
-	* check-gen.c: Check OPTIONAL context-tagless elements.
-
-	* test.asn1: Check OPTIONAL context-tagless elements.
-
-	* der_cmp.c (heim_integer_cmp): make it work with negative
-	numbers.
-	
-2006-01-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-der.c: check that der_parse_hex_heim_integer() handles odd
-	length numbers.
-
-	* der_format.c (der_parse_hex_heim_integer): make more resiliant
-	to errors, handle odd length numbers.
-
-2006-01-13  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: Add RSAPrivateKey
-	
-	* rfc2459.asn1: Add RSAPrivateKey.
-	
-2006-01-05  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* der_copy.c (copy_heim_integer): copy the negative flag
-	
-2005-12-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* parse.y: Drop ExceptionSpec for now, its not used.
-	
-2005-12-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test.asn1: Add test string for constraints.
-
-	* symbol.h: Add support for part of the Constraint-s
-
-	* gen.c: Set new constraints pointer in Type to NULL for inline
-	constructed types.
-
-	* parse.y: Add support for parsing part of the Constraint-s
-	
-2005-10-29  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: Add some X9.57 (DSA) oids, sort lines
-
-	* rfc2459.asn1: Add some X9.57 (DSA) oids.
-	
-2005-10-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Remove pk-init-19 support.
-	
-	* pkinit.asn1: Fix comment
-	
-	* check-der.c: Add tests for parse and print functions for
-	heim_integer.
-
-	* Makefile.am: Add parse and print functions for heim_integer.
-	
-	* der_format.c: Add parse and print functions for heim_integer.
-
-	* der.h: Add parse and print functions for heim_integer.
-	
-2005-09-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am (gen_files_rfc2459) += asn1_DHPublicKey.x
-	
-	* rfc2459.asn1: Add DHPublicKey, and INTEGER to for storing the DH
-	public key in the SubjectPublicKeyInfo.subjectPublicKey BIT
-	STRING.
-	
-2005-09-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen_decode.c: TSequenceOf/TSetOf: Increase the length of the
-	array after successful decoding the next element, so that the
-	array don't contain heap-data.
-	
-2005-09-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-der.c: Avoid empty array initiators.
-	
-	* pkcs8.asn1 (PKCS8PrivateKeyInfo): Inline SET OF to avoid
-	compiler "feature"
-	
-	* check-common.c: Avoid signedness warnings.
-	
-	* check-common.h: Makes bytes native platform signed to avoid
-	casting everywhere
-	
-	* check-der.c: Don't depend on malloc(very-very-larger-value) will
-	fail.  Cast to unsigned long before printing size_t.
-	
-	* check-gen.c: Don't depend on malloc(very-very-larger-value) will
-	fail.
-	
-	* check-gen.c: Fix signedness warnings.
-	
-	* lex.l: unput() have to hanppen in actions for flex 2.5.31, can
-	do them in user code sesction, so move up handle_comment and
-	handle_string into action, not much sharing was done anyway.
-	
-2005-09-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-der.c (test_one_int): len and len_len is size_t
-
-2005-08-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen_encode.c: Change name of oldret for each instance its used
-	to avoid shadow warning. From: Stefan Metzmacher
-	<metze@samba.org>.
-
-	* gen_length.c: Change name of oldret for each instance its used
-	to avoid shadow warning. From: Stefan Metzmacher
-	<metze@samba.org>.
-
-	* gen_decode.c: Change name of oldret for each instance its used
-	to avoid shadow warning. From: Stefan Metzmacher
-	<metze@samba.org>.
-	
-	* parse.y: Const poision yyerror.
-
-	* gen.c: Const poision.
-	
-2005-08-22 Love H�rnquist �strand  <lha@it.su.se>
-
-	* k5.asn1: Add KRB5-PADATA-PK-AS-09-BINDING, client send
-	this (with an empty pa-data.padata-value) to tell the KDC that the
-	client support the binding the PA-REP to the AS-REQ packet. This
-	is to fix the problem lack of binding the AS-REQ to the PK-AS-REP
-	in pre PK-INIT-27. The nonce is replaced with a asCheckSum.
-	
-2005-08-11 Love H�rnquist �strand  <lha@it.su.se>
-
-	* canthandle.asn1: Allocation is done on CONTEXT tags.
-
-	* asn1_gen.c: rename optind to optidx to avoid shadow warnings
-
-2005-07-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* rfc2459.asn1: add id-rsadsi-rc2-cbc
-
-	* Makefile.am: add another oid for rc2
-
-2005-07-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-der.c: Make variable initiation constant by moving them to
-	global context
-
-	* check-gen.c: change to c89 comment
-
-2005-07-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: remove duplicate asn1_CMSAttributes.x
-
-2005-07-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* asn1_print.c: rename optind to optidx
-
-	* Makefile.am: Update to pkinit-27
-
-	* pkinit.asn1: Update to pkinit-27
-	
-2005-07-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-der.c: make it work for non c99 compilers too
-	
-	* check-der.c: start testing BIT STRING
-
-	* der_cmp.c (heim_bit_string_cmp): try handle corner cases better
-	
-	* gen_free.c (free_type): free bignum integers
-
-2005-07-23   Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: add PKCS12-OctetString
-
-	* pkcs12.asn1: add PKCS12-OctetString
-
-	* Makefile.am: add new files
-
-	* rfc2459.asn1: include SET OF in Attribute to make the type more
-	useful
-
-	* CMS.asn1: handle IMPLICIT and share some common structures
-
-2005-07-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* rfc2459.asn1: Include enough workarounds that this even might
-	work.
-
-	* check-gen.c: Two implicit tests, one with all structures inlined
-	
-	* test.asn1: fix workaround for IMPLICIT CONS case
-	
-	* canthandle.asn1: fix workaround for IMPLICIT CONS case
-	
-	* asn1_print.c: hint that there are IMPLICIT content when we find
-	it
-
-	* check-gen.c: Added #ifdef out test for IMPLICIT tagging.
-
-	* Makefile.am: test several IMPLICIT tag level deep
-	
-	* test.asn1: test several IMPLICIT tag level deep
-
-	* test.asn1: tests for IMPLICIT
-
-	* Makefile.am: tests for IMPLICIT
-
-	* canthandle.asn1: Expand on what is wrong with the IMPLICIT
-	tagging
-
-	* rfc2459.asn1: some of the structure are in the IMPLICIT TAGS
-	module
-
-2005-07-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* asn1_print.c: print size_t by casting to unsigned long and use
-	right printf format tags are unsigned integers
-
-	* gen.c (generate_constant): oid elements are unsigned
-
-	* gen_decode.c (decode_type): tagdatalen should be an size_t.
-
-	* extra.c (decode_heim_any): tag is unsigned int.
-
-	* der_get.c (der_match_tag): tag is unsigned int.
-
-	* gen_length.c (length_type): cast size_t argument to unsigned
-	long and use appropriate printf format
-
-	* check-der.c (check_fail_bitstring): check for length overflow
-
-	* der_get.c: rewrite integer overflow tests w/o SIZE_T_MAX
-
-	* check-common.c (generic_decode_fail): only copy in if checklen
-	its less then 0xffffff and larger than 0.
-
-	* gen_decode.c (find_tag): find external references, we can't
-	handle those, so tell user that instead of crashing
-
-2005-07-18  Dave Love  <fx@gnu.org>
-
-	* extra.c (free_heim_any_set): Fix return.
-
-	* gen_decode.c (find_tag): Fix return in TType case.
-
-2005-07-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen_encode.c (TChoice): add () to make sure variable expression
-	is evaluated correctly
-
-	* gen_length.c (TChoice): add () to make sure variable expression
-	is evaluated correctly
-
-	* k5.asn1: reapply 1.43 that got lost in the merge: rename pvno to
-	krb5-pvno
-
-2005-07-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen_decode.c (decode_type): TChoice: set the label
-
-	* check-gen.c (cmp_Name): do at least some checking
-
-	* gen_locl.h: rename function filename() to get_filename() to
-	avoid shadowing
-
-	* lex.l: rename function filename() to get_filename() to avoid
-	shadowing
-
-	* gen.c: rename function filename() to get_filename() to avoid
-	shadowing
-
-	* check-der.c: add failure checks for large oid elements
-
-	* check-gen.c: add failure checks for tag (and large tags)
-
-	* der_get.c: Check for integer overflows in tags and oid elements.
-
-2005-07-10  Assar Westerlund  <assar@kth.se>
-
-	* gen_decode.c: Fix decoding of choices to select which branch to
-	try based on the tag and return an error if that branch fails.
-
-	* check-gen.c: Fix short choice test cases.
-
-2005-07-09  Assar Westerlund  <assar@kth.se>
-
-	* symbol.c:
-	* parse.y:
-	* main.c:
-	* lex.l:
-	* gen_length.c:
-	* gen_free.c:
-	* gen_encode.c:
-	* gen_decode.c:
-	* gen_copy.c:
-	* gen.c:
-	* extra.c:
-	* check-gen.c:
-	* check-der.c:
-	* check-common.c:
-	* asn1_print.c:
-	* asn1_gen.c:
-	Use emalloc, ecalloc, and estrdup.
-	Check return value from asprintf.
-	Make sure that malloc(0) returning NULL is not treated as an
-	error.
-
-2005-07-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-gen.c: test cases for CHOICE, its too liberal right now,
-	it don't fail hard on failure on after it successfully decoded the
-	first tag in a choice branch
-
-	* asn1_gen.c: calculate the basename for the output file,
-	pretty-print tag number
-
-	* test.gen: sample for asn1_gen
-
-	* check-gen.c: check errors in SEQUENCE
-
-	* Makefile.am: build asn1_gen, TESTSeq and new, and class/type/tag
-	string<->num converter.
-
-	* test.asn1: TESTSeq, for testing SEQUENCE
-
-	* asn1_gen.c: generator for asn1 data
-
-	* asn1_print.c: use class/type/tag string<->num converter.
-
-	* der.c: Add class/type/tag string<->num converter.
-
-	* der.h: Add class/type/tag string<->num converter.
-	Prototypes/structures for new time bits.
-
-2005-07-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* der_get.c (der_get_unsigned) check for length overflow
-	(der_get_integer) ditto
-	(der_get_general_string) ditto
-
-	* der_get.c: check for overruns using SIZE_T_MAX
-
-	* check-der.c: check BIT STRING and OBJECT IDENTIFIER error cases
-
-	* check-common.c (generic_decode_fail): allocate 4K for the over
-	sized memory test
-
-	* der_get.c (der_get_oid): check for integer overruns and
-	unterminated oid correctly
-
-	* check-common.h (map_alloc, generic_decode_fail): prototypes
-
-	* check-common.c (map_alloc): make input buffer const
-	(generic_decode_fail): verify decoding failures
-
-2005-07-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen_encode.c: split up the printf for SET OF, also use the
-	generate name for the symbol in the SET OF, if not, the name might
-	contain non valid variable name characters (like -)
-
-2005-07-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: move pkcs12 defines into their own namespace
-
-	* pkcs12.asn1: move pkcs12 defines into their own namespace
-
-	* pkcs9.asn1: add PKCS9-friendlyName with workaround for SET OF
-	bug
-
-	* heim_asn1.h: reuse heim_octet_string for heim_any types
-
-	* main.c: use optidx, handle the case where name is missing and
-	use base of filename then
-
-	* asn1-common.h: include ASN1_MALLOC_ENCODE
-
-	* gen_decode.c: use less context so lower indentention level, add
-	missing {} where needed
-
-2005-07-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen_copy.c: Use a global variable to keep track of if the 'goto
-	fail' was used, and use that to only generate the label if needed.
-
-	* asn1_print.c: do indefinite form loop detection and stop after
-	10000 recursive indefinite forms, stops crashing due to running
-	out of stack
-
-	* asn1_print.c: catch badly formated indefinite length data
-	(missing EndOfContent tag) add (negative) indent flag to speed up
-	testing
-
-2005-07-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* canthandle.asn1: Can't handle primitives in CHOICE
-
-	* gen_decode.c: Check if malloc failes
-
-	* gen_copy.c: Make sure to free memory on failure
-
-	* gen_decode.c: Check if malloc failes, rename "reallen" to
-	tagdatalen since that is what it is.
-
-2005-05-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* prefix Der_class with ASN1_C_ to avoid problems with system
-	headerfiles that pollute the name space
-
-2005-05-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* pkcs12.asn1: add PKCS12CertBag
-
-	* pkcs9.asn1: add pkcs9 certtype x509 certificate
-
-	* Makefile.am: add pkcs12 certbag and pkcs9 certtype x509
-	certificate
-
-	* pkcs12.asn1: split off PKCS12Attributes from SafeBag so it can
-	be reused
-
-	* Makefile.am: add PKCS12Attributes
-
-2005-05-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* canthandle.asn1: fix tags in example
-
-2005-05-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* pkinit.asn1: Let the Windows nonce be an int32 (signed), if not
-	it will fail when using Windows PK-INIT.
-
-2005-05-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: add pkcs12-PBEParams
-
-	* pkcs12.asn1: add pkcs12-PBEParams
-
-	* parse.y: objid_element: exit when the condition fails
-
-2005-04-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen_glue.c: 1.8: switch the units variable to a
-	function. gcc-4.1 needs the size of the structure if its defined
-	as extern struct units foo_units[] an we don't want to include
-	<parse_units.h> in the generate headerfile
-
-2005-03-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: add the des-ede3-cbc oid that ansi x9.52 uses
-
-	* rfc2459.asn1: add the des-ede3-cbc oid that ansi x9.52 uses
-
-	* Makefile.am: add oids for x509
-
-	* rfc2459.asn1: add oids now when the compiler can handle them
-
-2005-03-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: add pkcs9 files
-
-	* pkcs9.asn1: add small number of oids from pkcs9
-
-2005-03-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: add a bunch of pkcs1/pkcs2/pkcs3/aes oids
-
-	* rfc2459.asn1: add a bunch of pkcs1/pkcs2/pkcs3/aes oids
-
-2005-03-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* k5.asn1: merge pa-numbers
-
-2005-03-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: add oid's
-
-	* rfc2459.asn1: add encryption oids
-
-	* CMS.asn1: add signedAndEnvelopedData oid
-
-	* pkcs12.asn1: add pkcs12 oids
-
-	* CMS.asn1: add pkcs7 oids
-
-2005-03-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen.c (generate_header_of_codefile): break out the header
-	section generation
-	(generate_constant): generate a function that return the oid
-	inside a heim_oid
-
-	* parse.y: fix the ordering of the oid's
-
-	* parse.y: handle OBJECT IDENTIFIER as value construct
-
-2005-02-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Preserve content of CHOICE element that is unknown if ellipsis
-	was used when defining the structure
-
-2005-02-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* parse.y: use ANS1_TAILQ macros
-
-	* *.[ch]: use ASN1_TAILQ macros
-
-	* asn1_queue.h: inline bsd sys/queue.h and rename TAILQ to
-	ASN1_TAILQ to avoid problems with name polluting headerfiles
-
-2005-01-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen.c: pull in <krb5-types.h>
-
-2005-01-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Add BMPString and UniversalString
-
-	* k5.asn1 (EtypeList): make INTEGER constrained (use krb5int32)
-
-2005-01-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* rfc2459.asn1: add GeneralNames
-
-2004-11-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen.c: use unsigned integer for len of SequenceOf/SetOf and
-	bitstring names
-
-2004-11-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: switch to krb5int32 and krb5uint32
-
-	* Unify that three integer types TInteger TUInteger and TBigInteger.
-	Start to use constrained integers where appropriate.
-
-2004-10-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* CMS.asn1: remove no longer used commented out elements
-
-	* gen_glue.c: make units structures const
-
-2004-10-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lex.l: handle hex number with [a-fA-F] in them
-
-2004-10-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen_free.c: free _save for CHOICE too
-
-	* rfc2459.asn1: use Name and not heim_any
-
-	* gen_decode.c: if malloc for _save failes, goto fail so we free
-	the structure
-
-	* gen_copy.c: copy _save for CHOICE too
-
-	* gen.c: add _save for CHOICE too
-
-	* CMS.asn1: RecipientIdentifier and SignerIdentifier is the same
-	name is CMSIdentifier and add glue for that so we can share code
-	use Name and not heim_any
-
-2004-10-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: drop AlgorithmIdentifierNonOpt add
-	{RC2CBC,}CBCParameter here where they belong
-
-	* CMS.asn1: add {RC2CBC,}CBCParameter here where they belong
-
-	* rfc2459.asn1: drop AlgorithmIdentifierNonOpt
-
-	* rfc2459.asn1: stop using AlgorithmIdentifierNonOpt hint that we
-	really want to use Name and some MS stuff
-
-2004-09-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* asn1_print.c: handle end of content, this is part BER support,
-	however, OCTET STRING need some tweeking too.
-
-	* der.h: add UT_EndOfContent
-
-	* test.asn1: test asn1 spec file
-
-	* check-gen.c: check larget tags
-
-	* Makefile.am: add test asn1 spec file that we can use for testing
-	constructs that doesn't exists in already existing spec (like
-	large tags)
-
-	* der_put.c (der_put_tag): make sure there are space for the head
-	tag when we are dealing with large tags (>30)
-
-	* check-gen.c: add test for tag length
-
-	* check-common.c: export the map_ functions for OVERRUN/UNDERRUN
-	detection restore the SIGSEGV handler when test is done
-
-	* check-common.h: export the map_ functions for OVERRUN/UNDERRUN
-	detection
-
-	* gen_decode.c: check that the tag-length is not longer the length
-	use forwstr on some more places
-
-	* parse.y: revert part of 1.14.2.21, multiple IMPORT isn't allowed
-
-	* pkinit.asn1: correct usage of IMPORT
-
-	* CMS.asn1: correct usage of IMPORT
-
-	* pkcs8.asn1: pkcs8, encrypting private key
-
-	* pkcs12.asn1: pkcs12, key/crl/certificate file transport PDU
-
-	* Makefile.am: add pkcs8 and pkcs12
-
-	* der_free.c: reset length when freing primitives
-
-	* CMS.asn1: add EncryptedData
-
-2004-08-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen_decode.c (decode_type): if the entry is already optional
-	when parsing a tag and we allocate the structure, not pass down
-	optional since that will case the subtype's decode_type also to
-	allocate an entry. and we'll leak an entry. Bug from Luke Howard
-	<lukeh@padl.com>. While here, use calloc.
-
-2004-04-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* k5.asn1: shift the last added etypes one step so rc2 doesn't
-	stomp on cram-md5
-
-2004-04-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* k5.asn1: add ETYPE_AESNNN_CBC_NONE
-
-	* CMS.asn1: add CMS symmetrical parameters moved to k5.asn1
-
-	* k5.asn1: add CMS symmetrical parameters here, more nametypes
-	enctype rc2-cbc
-
-2004-04-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen_decode.c: free data on decode failure
-
-2004-04-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: add CBCParameter and RC2CBCParameter
-
-	* CMS.asn1: add CBCParameter and RC2CBCParameter
-
-2004-04-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-der.c: add simple test for oid's, used to trigger malloc
-	bugs in you have picky malloc (like valgrind/purify/third)
-
-	* der_get.c (der_get_oid): handle all oid components being smaller
-	then 127 and allocate one extra element since first byte is split
-	to to elements.
-
-2004-04-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* canthandle.asn1: one thing handled
-
-	* gen_decode.c: handle OPTIONAL CONS-tag-less elements
-
-	* der_length.c (length_len): since length is no longer the same as
-	an unsigned, do the length counting here. ("unsigned" is zero
-	padded when most significate bit is set, length is not)
-
-2004-04-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* canthandle.asn1: document by example what the encoder can't
-	handle right now
-
-	* Makefile.am: add more stuff needed whem implementing x509
-	preserve TBSCertificate
-
-	* rfc2459.asn1: add more stuff needed whem implementing x509
-
-	* CMS.asn1: move some type to rfc2459.asn1 where they belong (and
-	import them)
-
-	* gen.c: preserve the raw data when asked too
-
-	* gen_decode.c: preserve the raw data when asked too
-
-	* gen_copy.c: preserve the raw data when asked too
-
-	* gen_free.c: preserve the raw data when asked too
-
-	* gen_locl.h: add preserve_type
-
-	* heim_asn1.h: add heim_any_cmp
-
-	* main.c: add flag --preserve-binary=Symbol1,Symbol2,... that make
-	the compiler generate stubs to save the raw data, its not used
-	right now when generating the stat
-
-	* k5.asn1: Windows uses PADATA 15 for the request too
-
-	* extra.c: add heim_any_cmp
-
-	* der_put.c: implement UTCtime correctly
-
-	* der_locl.h: remove #ifdef HAVE_TIMEGM\ntimegm\n#endif here from
-	der.h so one day der.h can get installed
-
-	* der_length.c: implement UTCtime correctly
-
-	* der_get.c: implement UTCtime correctly, prefix dce_fix with
-	_heim_fix
-
-	* der_copy.c: make copy_bit_string work again
-
-	* der_cmp.c: add octet_string, integer, bit_string cmp functions
-
-	* der.h: hide away more symbols, add more _cmp functions
-
-2004-03-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: add more pkix types make k5 use rfc150 bitstrings,
-	everything else use der bitstrings
-
-	* main.c: as a compile time option, handle no rfc1510 bitstrings
-
-	* gen_locl.h: rfc1510 bitstrings flag
-
-	* gen_length.c: as a compile time option, handle no rfc1510
-	bitstrings
-
-	* gen_encode.c: as a compile time option, handle no rfc1510
-	bitstrings
-
-	* gen_decode.c: handle no rfc1510 bitstrings
-
-	* check-gen.c: test for bitstrings
-
-	* rfc2459.asn1: add Certificates and KeyUsage
-
-2004-02-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* pkinit.asn1: use Name from PKIX
-
-	* rfc2459.asn1: add more silly string types to DirectoryString
-
-	* gen_encode.c: add checks for data overflow when encoding
-	TBitString with members encode SET OF correctly by bytewise
-	sorting the members
-
-	* gen_decode.c: add checks for data overrun when encoding
-	TBitString with members
-
-	* der_put.c: add _heim_der_set_sort
-
-	* der_cmp.c: rename oid_cmp to heim_oid_cmp
-
-	* der.h: rename oid_cmp to heim_oid_cmp, add _heim_der_set_sort
-
-	* check-gen.c: add check for Name and (commented out) heim_integer
-
-	* check-der.c: test for "der_length.c: Fix len_unsigned for
-	certain negative integers, it got the length wrong" , from
-	Panasas, Inc.
-
-	* der_length.c: Fix len_unsigned for certain negative integers, it
-	got the length wrong, fix from Panasas, Inc.
-
-	rename len_int and len_unsigned to _heim_\&
-
-	* gen_length.c: 1.14: (length_type): TSequenceOf: add up the size
-	of all the elements, don't use just the size of the last element.
-
-2004-02-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* rfc2459.asn1: include defintion of Name
-
-	* pkinit.asn1: no need for ContentType, its cms internal
-
-	* CMS.asn1: move ContentInfo to CMS
-
-	* pkinit.asn1: update to pk-init-18, move ContentInfo to CMS
-
-	* Makefile.am: align with pk-init-18, move contentinfo to cms
-
-2004-02-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* der_get.c: rewrite previous commit
-
-	* der_get.c (der_get_heim_integer): handle positive integer
-	starting with 0
-
-	* der_length.c (der_put_heim_integer): try handle negative
-	integers better (?)
-
-	* der_put.c (der_put_heim_integer): try handle negative integers
-	better
-
-	* der_get.c (der_get_heim_integer): dont abort on negative integer just
-	return ASN1_OVERRUN for now
-
-	* parse.y: add ia5string, and printablestring
-
-	* gen_length.c: add ia5string, and printablestring
-
-	* gen_free.c: add ia5string, and printablestring
-
-	* gen_decode.c: add ia5string, and printablestring
-
-	* gen_copy.c: add ia5string, and printablestring
-
-	* gen.c: add ia5string, printablestring, and utf8string change
-	implemetation of heim_integer and store the data as bigendian byte
-	array with a external flag for signedness
-
-	* der_put.c: add ia5string, printablestring, and utf8string change
-	implemetation of heim_integer and store the data as bigendian byte
-	array with a external flag for signedness
-
-	* der_length.c: add ia5string, printablestring, and utf8string
-	change implemetation of heim_integer and store the data as
-	bigendian byte array with a external flag for signedness
-
-	* der_get.c: add ia5string, printablestring, and utf8string change
-	implemetation of heim_integer and store the data as bigendian byte
-	array with a external flag for signedness
-
-	* der_free.c: add ia5string, printablestring, and utf8string
-
-	* der_copy.c: add ia5string, printablestring, and utf8string
-
-	* der.h: add ia5string, printablestring, and utf8string
-
-	* asn1-common.h: add signedness flag to heim_integer, add
-	ia5string and printablestring
-
-2004-02-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* rfc2459.asn1: use BIGINTEGER where appropriate
-
-	* setchgpw2.asn1: spelling and add op-req again
-
-2004-02-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: clean up better
-
-2004-02-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen_decode.c (decode_type): TTag, don't overshare the reallen
-	variable
-
-	* Makefile.am: adapt to log file name change
-
-	* gen.c: genereate log file name based on base name
-
-2003-11-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: += asn1_AlgorithmIdentifierNonOpt.x
-
-	* rfc2459.asn1: add AlgorithmIdentifierNonOpt and use it where
-	it's needed, make DomainParameters.validationParms heim_any as a
-	hack. Both are workarounds for the problem with heimdal's asn1
-	compiler have with decoing context tagless OPTIONALs.
-
-	* pkinit.asn1: don't import AlgorithmIdentifier
-
-2003-11-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* der_put.c (der_put_bit_string): make it work somewhat better
-	(should really prune off all trailing zeros)
-
-	* gen_encode.c (encode_type): bit string is not a constructed type
-
-	* der_length.c (length_bit_string): calculate right length for
-	bitstrings
-
-2003-11-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* der_cmp.c (oid_cmp): compare the whole array, not just
-	length/sizeof(component)
-
-	* check-common.c: mmap the scratch areas, mprotect before and
-	after, align data to the edge of the mprotect()ed area to provoke
-	bugs
-
-	* Makefile.am: add DomainParameters, ValidationParms
-
-	* rfc2459.asn1: add DomainParameters, ValidationParms
-
-	* check-der.c: add free function
-
-	* check-common.h: add free function
-
-	* check-common.c: add free function
-
-	* check-gen.c: check KRB-ERROR
-
-	* asn1_print.c: check end of tag_names loop into APPL class tags
-
-2003-11-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* der_put.c (der_put_generalized_time): check size, not *size
-
-2003-11-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen_decode.c (decode_type/TBitString): skip over
-	skipped-bits-in-last-octet octet
-
-	* gen_glue.c (generate_units): generate units in reverse order to
-	keep unparse_units happy
-
-2003-11-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: generate all silly pkinit files
-
-	* pkinit.asn1: make it work again, add strange ms structures
-
-	* k5.asn1: PROV-SRV-LOCATION, PacketCable provisioning server
-	location, PKT-SP-SEC-I09-030728
-
-	* asn1-common.h: add bit string
-
-	* der_put.c: add bit string and utctime
-
-	* gen.c: add bit string and utctime
-
-	* gen_copy.c: add bit string and utctime
-
-	* der_copy.c: add bit string
-
-	* gen_decode.c: add utctime and bitstring
-
-	* gen_encode.c: add utctime and bitstring
-
-	* gen_free.c: add utctime and bitstring
-
-	* gen_glue.c: don't generate glue for member-less bit strings
-
-	* der_cmp.c: compare function for oids
-
-	* gen_length.c: add utc time, make bit string work for bits
-	strings w/o any members
-
-	* der_cmp.c: compare function for oids
-
-	* der.h: update boolean prototypes add utctime and bit_string
-
-	* der_free.c: add free_bit_string
-
-	* der_get.c: add bit string and utctime
-
-	* der_length.c: add bit string and utctime, fix memory leak in
-	length_generalized_time
-
-	* CMS.asn1: make EncryptedContentInfo.encryptedContent a OCTET
-	STRING to make the generator do the right thing with IMPLICIT
-	mumble OPTIONAL, make CertificateSet a heim_any_set
-
-	* extra.c, heim_asn1.h: add any_set, instead of just consuming one
-	der object, its consumes the rest of the data avaible
-
-	* extra.c, heim_asn1.h: extern implementation of ANY, decoder
-	needs to have hack removed when generator handles tagless optional
-	data
-
-	* pkinit.asn1: add KdcDHKeyInfo-Win2k
-
-2003-11-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* der_copy.c (copy_oid): copy all components
-
-	* parse.y: parse UTCTime, allow multiple IMPORT
-
-	* symbol.h: add TUTCTime
-
-	* rfc2459.asn1: update
-
-	* x509.asn1: update
-
-	* pkinit.asn1: update
-
-	* CMS.asn1: new file
-
-	* asn1_print.c: print some more lengths, check length before
-	steping out in the void, parse SET, only go down CONTEXT of type
-	CONS (not PRIM)
-
-2003-09-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen_encode.c (TChoice, TSequence): code element in reverse
-	order...
-
-2003-09-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen.c: store NULL's as int's for now
-
-	* parse.y: remove dup of type def of UsefulType
-
-2003-09-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen_decode.c (decode_type): if malloc failes, return ENOMEM
-
-2003-09-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* parse.y: kw_UTF8String is a token put tag around the OID
-
-	* asn1_print.c (UT_Integer): when the integer is larger then int
-	can handle, just print BIG INT and its size
-
-2003-09-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gen_decode.c (decode_type): TTag, try to generate prettier code
-	in the non optional case, also remember to update length
-
-2003-01-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* gen_decode.c: add flag to decode broken DCE BER encoding
-
-	* gen_locl.h: add flag to decode broken DCE BER encoding
-
-	* main.c: add flag to decode broken DCE BER encoding
-
diff --git a/crypto/heimdal/lib/asn1/Makefile.am b/crypto/heimdal/lib/asn1/Makefile.am
deleted file mode 100644
index af300f0679cd..000000000000
--- a/crypto/heimdal/lib/asn1/Makefile.am
+++ /dev/null
@@ -1,610 +0,0 @@
-# $Id: Makefile.am 22445 2008-01-14 21:23:36Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-YFLAGS = -d -t
-
-lib_LTLIBRARIES = libasn1.la
-libasn1_la_LDFLAGS = -version-info 8:0:0
-
-libasn1_la_LIBADD = \
-	@LIB_com_err@ \
-	$(LIBADD_roken)
-
-BUILT_SOURCES =				\
-	$(gen_files_rfc2459:.x=.c)	\
-	$(gen_files_cms:.x=.c)		\
-	$(gen_files_k5:.x=.c)		\
-	$(gen_files_pkinit:.x=.c)	\
-	$(gen_files_pkcs8:.x=.c)	\
-	$(gen_files_pkcs9:.x=.c)	\
-	$(gen_files_pkcs12:.x=.c)	\
-	$(gen_files_digest:.x=.c)	\
-	$(gen_files_kx509:.x=.c)	\
-	asn1_err.h			\
-	asn1_err.c
-
-gen_files_k5 =						\
-	asn1_AD_AND_OR.x				\
-	asn1_AD_IF_RELEVANT.x				\
-	asn1_AD_KDCIssued.x				\
-	asn1_AD_MANDATORY_FOR_KDC.x			\
-	asn1_AD_LoginAlias.x				\
-	asn1_APOptions.x				\
-	asn1_AP_REP.x					\
-	asn1_AP_REQ.x					\
-	asn1_AS_REP.x					\
-	asn1_AS_REQ.x					\
-	asn1_AUTHDATA_TYPE.x				\
-	asn1_Authenticator.x				\
-	asn1_AuthorizationData.x			\
-	asn1_AuthorizationDataElement.x			\
-	asn1_CKSUMTYPE.x				\
-	asn1_ChangePasswdDataMS.x			\
-	asn1_Checksum.x					\
-	asn1_ENCTYPE.x					\
-	asn1_ETYPE_INFO.x				\
-	asn1_ETYPE_INFO2.x				\
-	asn1_ETYPE_INFO2_ENTRY.x			\
-	asn1_ETYPE_INFO_ENTRY.x				\
-	asn1_EncAPRepPart.x				\
-	asn1_EncASRepPart.x				\
-	asn1_EncKDCRepPart.x				\
-	asn1_EncKrbCredPart.x				\
-	asn1_EncKrbPrivPart.x				\
-	asn1_EncTGSRepPart.x				\
-	asn1_EncTicketPart.x				\
-	asn1_EncryptedData.x				\
-	asn1_EncryptionKey.x				\
-	asn1_EtypeList.x				\
-	asn1_HostAddress.x				\
-	asn1_HostAddresses.x				\
-	asn1_KDCOptions.x				\
-	asn1_KDC_REP.x					\
-	asn1_KDC_REQ.x					\
-	asn1_KDC_REQ_BODY.x				\
-	asn1_KRB_CRED.x					\
-	asn1_KRB_ERROR.x				\
-	asn1_KRB_PRIV.x					\
-	asn1_KRB_SAFE.x					\
-	asn1_KRB_SAFE_BODY.x				\
-	asn1_KerberosString.x				\
-	asn1_KerberosTime.x				\
-	asn1_KrbCredInfo.x				\
-	asn1_LR_TYPE.x					\
-	asn1_LastReq.x					\
-	asn1_MESSAGE_TYPE.x				\
-	asn1_METHOD_DATA.x				\
-	asn1_NAME_TYPE.x				\
-	asn1_PADATA_TYPE.x				\
-	asn1_PA_DATA.x					\
-	asn1_PA_ENC_SAM_RESPONSE_ENC.x         		\
-	asn1_PA_ENC_TS_ENC.x				\
-	asn1_PA_PAC_REQUEST.x				\
-	asn1_PA_S4U2Self.x				\
-	asn1_PA_SAM_CHALLENGE_2.x               	\
-	asn1_PA_SAM_CHALLENGE_2_BODY.x 			\
-	asn1_PA_SAM_REDIRECT.x				\
-	asn1_PA_SAM_RESPONSE_2.x			\
-	asn1_PA_SAM_TYPE.x				\
-	asn1_PA_ClientCanonicalized.x			\
-	asn1_PA_ClientCanonicalizedNames.x		\
-	asn1_PA_SvrReferralData.x			\
-	asn1_PROV_SRV_LOCATION.x			\
-	asn1_Principal.x				\
-	asn1_PrincipalName.x				\
-	asn1_Realm.x					\
-	asn1_SAMFlags.x					\
-	asn1_TGS_REP.x					\
-	asn1_TGS_REQ.x					\
-	asn1_TYPED_DATA.x				\
-	asn1_Ticket.x					\
-	asn1_TicketFlags.x				\
-	asn1_TransitedEncoding.x			\
-	asn1_TypedData.x				\
-	asn1_krb5int32.x				\
-	asn1_krb5uint32.x				\
-	asn1_KRB5SignedPathData.x			\
-	asn1_KRB5SignedPathPrincipals.x			\
-	asn1_KRB5SignedPath.x
-
-gen_files_cms =						\
-	asn1_CMSAttributes.x				\
-	asn1_CMSCBCParameter.x				\
-	asn1_CMSEncryptedData.x				\
-	asn1_CMSIdentifier.x				\
-	asn1_CMSRC2CBCParameter.x			\
-	asn1_CMSVersion.x				\
-	asn1_CertificateList.x				\
-	asn1_CertificateRevocationLists.x		\
-	asn1_CertificateSet.x				\
-	asn1_ContentEncryptionAlgorithmIdentifier.x	\
-	asn1_ContentInfo.x				\
-	asn1_ContentType.x				\
-	asn1_DigestAlgorithmIdentifier.x		\
-	asn1_DigestAlgorithmIdentifiers.x		\
-	asn1_EncapsulatedContentInfo.x			\
-	asn1_EncryptedContent.x				\
-	asn1_EncryptedContentInfo.x			\
-	asn1_EncryptedKey.x				\
-	asn1_EnvelopedData.x				\
-	asn1_IssuerAndSerialNumber.x			\
-	asn1_KeyEncryptionAlgorithmIdentifier.x		\
-	asn1_KeyTransRecipientInfo.x			\
-	asn1_MessageDigest.x				\
-	asn1_OriginatorInfo.x				\
-	asn1_RecipientIdentifier.x			\
-	asn1_RecipientInfo.x				\
-	asn1_RecipientInfos.x				\
-	asn1_SignatureAlgorithmIdentifier.x		\
-	asn1_SignatureValue.x				\
-	asn1_SignedData.x				\
-	asn1_SignerIdentifier.x				\
-	asn1_SignerInfo.x				\
-	asn1_SignerInfos.x				\
-	asn1_id_pkcs7.x					\
-	asn1_id_pkcs7_data.x				\
-	asn1_id_pkcs7_digestedData.x			\
-	asn1_id_pkcs7_encryptedData.x			\
-	asn1_id_pkcs7_envelopedData.x			\
-	asn1_id_pkcs7_signedAndEnvelopedData.x		\
-	asn1_id_pkcs7_signedData.x			\
-	asn1_UnprotectedAttributes.x
-
-gen_files_rfc2459 =					\
-	asn1_Version.x					\
-	asn1_id_pkcs_1.x				\
-	asn1_id_pkcs1_rsaEncryption.x			\
-	asn1_id_pkcs1_md2WithRSAEncryption.x		\
-	asn1_id_pkcs1_md5WithRSAEncryption.x		\
-	asn1_id_pkcs1_sha1WithRSAEncryption.x		\
-	asn1_id_pkcs1_sha256WithRSAEncryption.x		\
-	asn1_id_pkcs1_sha384WithRSAEncryption.x		\
-	asn1_id_pkcs1_sha512WithRSAEncryption.x		\
-	asn1_id_heim_rsa_pkcs1_x509.x			\
-	asn1_id_pkcs_2.x				\
-	asn1_id_pkcs2_md2.x				\
-	asn1_id_pkcs2_md4.x				\
-	asn1_id_pkcs2_md5.x				\
-	asn1_id_rsa_digestAlgorithm.x			\
-	asn1_id_rsa_digest_md2.x			\
-	asn1_id_rsa_digest_md4.x			\
-	asn1_id_rsa_digest_md5.x			\
-	asn1_id_pkcs_3.x				\
-	asn1_id_pkcs3_rc2_cbc.x				\
-	asn1_id_pkcs3_rc4.x				\
-	asn1_id_pkcs3_des_ede3_cbc.x			\
-	asn1_id_rsadsi_encalg.x				\
-	asn1_id_rsadsi_rc2_cbc.x			\
-	asn1_id_rsadsi_des_ede3_cbc.x			\
-	asn1_id_secsig_sha_1.x				\
-	asn1_id_nistAlgorithm.x				\
-	asn1_id_nist_aes_algs.x				\
-	asn1_id_aes_128_cbc.x				\
-	asn1_id_aes_192_cbc.x				\
-	asn1_id_aes_256_cbc.x				\
-	asn1_id_nist_sha_algs.x				\
-	asn1_id_sha256.x				\
-	asn1_id_sha224.x				\
-	asn1_id_sha384.x				\
-	asn1_id_sha512.x				\
-	asn1_id_dhpublicnumber.x			\
-	asn1_id_x9_57.x					\
-	asn1_id_dsa.x					\
-	asn1_id_dsa_with_sha1.x				\
-	asn1_id_x520_at.x				\
-	asn1_id_at_commonName.x				\
-	asn1_id_at_surname.x				\
-	asn1_id_at_serialNumber.x			\
-	asn1_id_at_countryName.x			\
-	asn1_id_at_localityName.x			\
-	asn1_id_at_streetAddress.x			\
-	asn1_id_at_stateOrProvinceName.x		\
-	asn1_id_at_organizationName.x			\
-	asn1_id_at_organizationalUnitName.x		\
-	asn1_id_at_name.x				\
-	asn1_id_at_givenName.x				\
-	asn1_id_at_initials.x				\
-	asn1_id_at_generationQualifier.x		\
-	asn1_id_at_pseudonym.x				\
-	asn1_id_Userid.x				\
-	asn1_id_domainComponent.x			\
-	asn1_id_x509_ce.x				\
-	asn1_id_uspkicommon_card_id.x			\
-	asn1_id_uspkicommon_piv_interim.x		\
-	asn1_id_netscape.x				\
-	asn1_id_netscape_cert_comment.x			\
-	asn1_id_ms_cert_enroll_domaincontroller.x	\
-	asn1_id_ms_client_authentication.x		\
-	asn1_AlgorithmIdentifier.x			\
-	asn1_AttributeType.x				\
-	asn1_AttributeValue.x				\
-	asn1_TeletexStringx.x				\
-	asn1_DirectoryString.x				\
-	asn1_Attribute.x				\
-	asn1_AttributeTypeAndValue.x			\
-	asn1_AuthorityInfoAccessSyntax.x		\
-	asn1_AccessDescription.x			\
-	asn1_RelativeDistinguishedName.x		\
-	asn1_RDNSequence.x				\
-	asn1_Name.x					\
-	asn1_CertificateSerialNumber.x			\
-	asn1_Time.x					\
-	asn1_Validity.x					\
-	asn1_UniqueIdentifier.x				\
-	asn1_SubjectPublicKeyInfo.x			\
-	asn1_Extension.x				\
-	asn1_Extensions.x				\
-	asn1_TBSCertificate.x				\
-	asn1_Certificate.x				\
-	asn1_Certificates.x				\
-	asn1_ValidationParms.x				\
-	asn1_DomainParameters.x				\
-	asn1_DHPublicKey.x				\
-	asn1_OtherName.x				\
-	asn1_GeneralName.x				\
-	asn1_GeneralNames.x				\
-	asn1_id_x509_ce_keyUsage.x			\
-	asn1_KeyUsage.x					\
-	asn1_id_x509_ce_authorityKeyIdentifier.x	\
-	asn1_KeyIdentifier.x				\
-	asn1_AuthorityKeyIdentifier.x			\
-	asn1_id_x509_ce_subjectKeyIdentifier.x		\
-	asn1_SubjectKeyIdentifier.x			\
-	asn1_id_x509_ce_basicConstraints.x		\
-	asn1_BasicConstraints.x				\
-	asn1_id_x509_ce_nameConstraints.x		\
-	asn1_BaseDistance.x				\
-	asn1_GeneralSubtree.x				\
-	asn1_GeneralSubtrees.x				\
-	asn1_NameConstraints.x				\
-	asn1_id_x509_ce_privateKeyUsagePeriod.x		\
-	asn1_id_x509_ce_certificatePolicies.x		\
-	asn1_id_x509_ce_policyMappings.x		\
-	asn1_id_x509_ce_subjectAltName.x		\
-	asn1_id_x509_ce_issuerAltName.x			\
-	asn1_id_x509_ce_subjectDirectoryAttributes.x	\
-	asn1_id_x509_ce_policyConstraints.x		\
-	asn1_id_x509_ce_extKeyUsage.x			\
-	asn1_ExtKeyUsage.x				\
-	asn1_id_x509_ce_cRLDistributionPoints.x		\
-	asn1_id_x509_ce_deltaCRLIndicator.x		\
-	asn1_id_x509_ce_issuingDistributionPoint.x	\
-	asn1_id_x509_ce_holdInstructionCode.x		\
-	asn1_id_x509_ce_invalidityDate.x		\
-	asn1_id_x509_ce_certificateIssuer.x		\
-	asn1_id_x509_ce_inhibitAnyPolicy.x		\
-	asn1_DistributionPointReasonFlags.x		\
-	asn1_DistributionPointName.x			\
-	asn1_DistributionPoint.x			\
-	asn1_CRLDistributionPoints.x			\
-	asn1_DSASigValue.x				\
-	asn1_DSAPublicKey.x				\
-	asn1_DSAParams.x				\
-	asn1_RSAPublicKey.x				\
-	asn1_RSAPrivateKey.x				\
-	asn1_DigestInfo.x				\
-	asn1_TBSCRLCertList.x				\
-	asn1_CRLCertificateList.x			\
-	asn1_id_x509_ce_cRLNumber.x			\
-	asn1_id_x509_ce_freshestCRL.x			\
-	asn1_id_x509_ce_cRLReason.x			\
-	asn1_CRLReason.x				\
-	asn1_PKIXXmppAddr.x				\
-	asn1_id_pkix.x					\
-	asn1_id_pkix_on.x				\
-	asn1_id_pkix_on_dnsSRV.x			\
-	asn1_id_pkix_on_xmppAddr.x			\
-	asn1_id_pkix_kp.x				\
-	asn1_id_pkix_kp_serverAuth.x			\
-	asn1_id_pkix_kp_clientAuth.x			\
-	asn1_id_pkix_kp_emailProtection.x		\
-	asn1_id_pkix_kp_timeStamping.x			\
-	asn1_id_pkix_kp_OCSPSigning.x			\
-	asn1_id_pkix_pe.x				\
-	asn1_id_pkix_pe_authorityInfoAccess.x		\
-	asn1_id_pkix_pe_proxyCertInfo.x			\
-	asn1_id_pkix_ppl.x				\
-	asn1_id_pkix_ppl_anyLanguage.x			\
-	asn1_id_pkix_ppl_inheritAll.x			\
-	asn1_id_pkix_ppl_independent.x			\
-	asn1_ProxyPolicy.x				\
-	asn1_ProxyCertInfo.x 
-
-gen_files_pkinit =					\
-	asn1_id_pkinit.x				\
-	asn1_id_pkauthdata.x				\
-	asn1_id_pkdhkeydata.x				\
-	asn1_id_pkrkeydata.x				\
-	asn1_id_pkekuoid.x				\
-	asn1_id_pkkdcekuoid.x				\
-	asn1_id_pkinit_san.x				\
-	asn1_id_pkinit_ms_eku.x				\
-	asn1_id_pkinit_ms_san.x				\
-	asn1_MS_UPN_SAN.x				\
-	asn1_DHNonce.x					\
-	asn1_KDFAlgorithmId.x				\
-	asn1_TrustedCA.x				\
-	asn1_ExternalPrincipalIdentifier.x		\
-	asn1_ExternalPrincipalIdentifiers.x		\
-	asn1_PA_PK_AS_REQ.x				\
-	asn1_PKAuthenticator.x				\
-	asn1_AuthPack.x					\
-	asn1_TD_TRUSTED_CERTIFIERS.x			\
-	asn1_TD_INVALID_CERTIFICATES.x			\
-	asn1_KRB5PrincipalName.x			\
-	asn1_AD_INITIAL_VERIFIED_CAS.x			\
-	asn1_DHRepInfo.x				\
-	asn1_PA_PK_AS_REP.x				\
-	asn1_KDCDHKeyInfo.x				\
-	asn1_ReplyKeyPack.x				\
-	asn1_TD_DH_PARAMETERS.x				\
-	asn1_PKAuthenticator_Win2k.x			\
-	asn1_AuthPack_Win2k.x				\
-	asn1_TrustedCA_Win2k.x				\
-	asn1_PA_PK_AS_REQ_Win2k.x			\
-	asn1_PA_PK_AS_REP_Win2k.x			\
-	asn1_KDCDHKeyInfo_Win2k.x			\
-	asn1_ReplyKeyPack_Win2k.x			\
-	asn1_PkinitSuppPubInfo.x 
-
-gen_files_pkcs12 =					\
-	asn1_id_pkcs_12.x				\
-	asn1_id_pkcs_12PbeIds.x				\
-	asn1_id_pbeWithSHAAnd128BitRC4.x		\
-	asn1_id_pbeWithSHAAnd40BitRC4.x			\
-	asn1_id_pbeWithSHAAnd3_KeyTripleDES_CBC.x	\
-	asn1_id_pbeWithSHAAnd2_KeyTripleDES_CBC.x	\
-	asn1_id_pbeWithSHAAnd128BitRC2_CBC.x		\
-	asn1_id_pbewithSHAAnd40BitRC2_CBC.x		\
-	asn1_id_pkcs12_bagtypes.x			\
-	asn1_id_pkcs12_keyBag.x				\
-	asn1_id_pkcs12_pkcs8ShroudedKeyBag.x		\
-	asn1_id_pkcs12_certBag.x			\
-	asn1_id_pkcs12_crlBag.x				\
-	asn1_id_pkcs12_secretBag.x			\
-	asn1_id_pkcs12_safeContentsBag.x		\
-	asn1_PKCS12_MacData.x				\
-	asn1_PKCS12_PFX.x				\
-	asn1_PKCS12_AuthenticatedSafe.x			\
-	asn1_PKCS12_CertBag.x				\
-	asn1_PKCS12_Attribute.x				\
-	asn1_PKCS12_Attributes.x			\
-	asn1_PKCS12_SafeBag.x				\
-	asn1_PKCS12_SafeContents.x			\
-	asn1_PKCS12_OctetString.x			\
-	asn1_PKCS12_PBEParams.x
-
-gen_files_pkcs8 =					\
-	asn1_PKCS8PrivateKeyAlgorithmIdentifier.x	\
-	asn1_PKCS8PrivateKey.x				\
-	asn1_PKCS8PrivateKeyInfo.x			\
-	asn1_PKCS8Attributes.x				\
-	asn1_PKCS8EncryptedPrivateKeyInfo.x		\
-	asn1_PKCS8EncryptedData.x
-
-gen_files_pkcs9 =					\
-	asn1_id_pkcs_9.x				\
-	asn1_id_pkcs9_contentType.x			\
-	asn1_id_pkcs9_emailAddress.x			\
-	asn1_id_pkcs9_messageDigest.x			\
-	asn1_id_pkcs9_signingTime.x			\
-	asn1_id_pkcs9_countersignature.x		\
-	asn1_id_pkcs_9_at_friendlyName.x		\
-	asn1_id_pkcs_9_at_localKeyId.x			\
-	asn1_id_pkcs_9_at_certTypes.x			\
-	asn1_id_pkcs_9_at_certTypes_x509.x		\
-	asn1_PKCS9_BMPString.x				\
-	asn1_PKCS9_friendlyName.x
-
-gen_files_test =					\
-	asn1_TESTAlloc.x				\
-	asn1_TESTAllocInner.x				\
-	asn1_TESTCONTAINING.x				\
-	asn1_TESTCONTAININGENCODEDBY.x			\
-	asn1_TESTCONTAININGENCODEDBY2.x			\
-	asn1_TESTChoice1.x				\
-	asn1_TESTChoice2.x				\
-	asn1_TESTDer.x					\
-	asn1_TESTENCODEDBY.x				\
-	asn1_TESTImplicit.x				\
-	asn1_TESTImplicit2.x				\
-	asn1_TESTInteger.x				\
-	asn1_TESTInteger2.x				\
-	asn1_TESTInteger3.x				\
-	asn1_TESTLargeTag.x				\
-	asn1_TESTSeq.x					\
-	asn1_TESTUSERCONSTRAINED.x			\
-	asn1_TESTSeqOf.x				\
-	asn1_TESTOSSize1.x				\
-	asn1_TESTSeqSizeOf1.x				\
-	asn1_TESTSeqSizeOf2.x				\
-	asn1_TESTSeqSizeOf3.x				\
-	asn1_TESTSeqSizeOf4.x
-
-gen_files_digest =					\
-	asn1_DigestError.x				\
-	asn1_DigestInit.x				\
-	asn1_DigestInitReply.x				\
-	asn1_DigestREP.x				\
-	asn1_DigestREQ.x				\
-	asn1_DigestRepInner.x				\
-	asn1_DigestReqInner.x				\
-	asn1_DigestRequest.x				\
-	asn1_DigestResponse.x				\
-	asn1_DigestTypes.x				\
-	asn1_NTLMInit.x					\
-	asn1_NTLMInitReply.x				\
-	asn1_NTLMRequest.x				\
-	asn1_NTLMResponse.x
-
-gen_files_kx509 =					\
-	asn1_Kx509Response.x				\
-	asn1_Kx509Request.x
-
-noinst_PROGRAMS = asn1_compile asn1_print asn1_gen
-
-TESTS = check-der check-gen check-timegm
-check_PROGRAMS = $(TESTS)
-
-asn1_gen_SOURCES = asn1_gen.c
-asn1_print_SOURCES = asn1_print.c
-check_der_SOURCES = check-der.c check-common.c check-common.h
-
-dist_check_gen_SOURCES = check-gen.c check-common.c check-common.h
-nodist_check_gen_SOURCES = $(gen_files_test:.x=.c)
-
-asn1_compile_SOURCES = 				\
-	asn1-common.h				\
-	asn1_queue.h				\
-	der.h					\
-	gen.c					\
-	gen_copy.c				\
-	gen_decode.c				\
-	gen_encode.c				\
-	gen_free.c				\
-	gen_glue.c				\
-	gen_length.c				\
-	gen_locl.h				\
-	gen_seq.c				\
-	hash.c					\
-	hash.h					\
-	lex.l					\
-	lex.h					\
-	main.c					\
-	parse.y					\
-	symbol.c				\
-	symbol.h
-
-dist_libasn1_la_SOURCES =			\
-	der-protos.h 				\
-	der_locl.h 				\
-	der.c					\
-	der.h					\
-	der_get.c				\
-	der_put.c				\
-	der_free.c				\
-	der_length.c				\
-	der_copy.c				\
-	der_cmp.c				\
-	der_format.c				\
-	heim_asn1.h				\
-	extra.c					\
-	timegm.c
-
-nodist_libasn1_la_SOURCES = $(BUILT_SOURCES)
-
-asn1_compile_LDADD = \
-	$(LIB_roken) $(LEXLIB)
-
-check_der_LDADD = \
-	libasn1.la \
-	$(LIB_roken)
-
-check_gen_LDADD = $(check_der_LDADD)
-asn1_print_LDADD = $(check_der_LDADD)
-asn1_gen_LDADD = $(check_der_LDADD)
-check_timegm_LDADD = $(check_der_LDADD)
-
-CLEANFILES = \
-	$(BUILT_SOURCES) \
-	$(gen_files_rfc2459) \
-	$(gen_files_cms) \
-	$(gen_files_k5) \
-	$(gen_files_pkinit) \
-	$(gen_files_pkcs8) \
-	$(gen_files_pkcs9) \
-	$(gen_files_pkcs12) \
-	$(gen_files_digest) \
-	$(gen_files_kx509) \
-	$(gen_files_test) $(nodist_check_gen_SOURCES) \
-	rfc2459_asn1_files rfc2459_asn1.h \
-	cms_asn1_files cms_asn1.h \
-	krb5_asn1_files krb5_asn1.h \
-	pkinit_asn1_files pkinit_asn1.h \
-	pkcs8_asn1_files pkcs8_asn1.h \
-	pkcs9_asn1_files pkcs9_asn1.h \
-	pkcs12_asn1_files pkcs12_asn1.h \
-	digest_asn1_files digest_asn1.h \
-	kx509_asn1_files kx509_asn1.h \
-	test_asn1_files test_asn1.h
-
-dist_include_HEADERS = der.h heim_asn1.h der-protos.h
-
-nodist_include_HEADERS = asn1_err.h
-nodist_include_HEADERS += krb5_asn1.h
-nodist_include_HEADERS += pkinit_asn1.h
-nodist_include_HEADERS += cms_asn1.h
-nodist_include_HEADERS += rfc2459_asn1.h
-nodist_include_HEADERS += pkcs8_asn1.h
-nodist_include_HEADERS += pkcs9_asn1.h
-nodist_include_HEADERS += pkcs12_asn1.h
-nodist_include_HEADERS += digest_asn1.h
-nodist_include_HEADERS += kx509_asn1.h
-
-$(asn1_compile_OBJECTS): parse.h parse.c $(srcdir)/der-protos.h
-$(libasn1_la_OBJECTS): krb5_asn1.h asn1_err.h $(srcdir)/der-protos.h
-$(check_gen_OBJECTS): test_asn1.h
-$(asn1_print_OBJECTS): krb5_asn1.h
-
-parse.h: parse.c
-
-$(gen_files_k5) krb5_asn1.h: krb5_asn1_files
-$(gen_files_pkinit) pkinit_asn1.h: pkinit_asn1_files
-$(gen_files_pkcs8) pkcs8_asn1.h: pkcs8_asn1_files
-$(gen_files_pkcs9) pkcs9_asn1.h: pkcs9_asn1_files
-$(gen_files_pkcs12) pkcs12_asn1.h: pkcs12_asn1_files
-$(gen_files_digest) digest_asn1.h: digest_asn1_files
-$(gen_files_kx509) kx509_asn1.h: kx509_asn1_files
-$(gen_files_rfc2459) rfc2459_asn1.h: rfc2459_asn1_files
-$(gen_files_cms) cms_asn1.h: cms_asn1_files
-$(gen_files_test) test_asn1.h: test_asn1_files
-
-rfc2459_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/rfc2459.asn1
-	./asn1_compile$(EXEEXT) --preserve-binary=TBSCertificate --preserve-binary=TBSCRLCertList --preserve-binary=Name --sequence=GeneralNames --sequence=Extensions --sequence=CRLDistributionPoints $(srcdir)/rfc2459.asn1 rfc2459_asn1 || (rm -f rfc2459_asn1_files ; exit 1)
-
-cms_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/CMS.asn1
-	./asn1_compile$(EXEEXT) $(srcdir)/CMS.asn1 cms_asn1 || (rm -f cms_asn1_files ; exit 1)
-
-krb5_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/k5.asn1
-	./asn1_compile$(EXEEXT) --encode-rfc1510-bit-string --sequence=KRB5SignedPathPrincipals --sequence=AuthorizationData --sequence=METHOD-DATA --sequence=ETYPE-INFO --sequence=ETYPE-INFO2 $(srcdir)/k5.asn1 krb5_asn1 || (rm -f krb5_asn1_files ; exit 1)
-
-pkinit_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/pkinit.asn1
-	./asn1_compile$(EXEEXT) $(srcdir)/pkinit.asn1 pkinit_asn1 || (rm -f pkinit_asn1_files ; exit 1)
-
-pkcs8_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/pkcs8.asn1
-	./asn1_compile$(EXEEXT) $(srcdir)/pkcs8.asn1 pkcs8_asn1 || (rm -f pkcs8_asn1_files ; exit 1)
-
-pkcs9_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/pkcs9.asn1
-	./asn1_compile$(EXEEXT) $(srcdir)/pkcs9.asn1 pkcs9_asn1 || (rm -f pkcs9_asn1_files ; exit 1)
-
-pkcs12_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/pkcs12.asn1
-	./asn1_compile$(EXEEXT) $(srcdir)/pkcs12.asn1 pkcs12_asn1 || (rm -f pkcs12_asn1_files ; exit 1)
-
-digest_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/digest.asn1
-	./asn1_compile$(EXEEXT) $(srcdir)/digest.asn1 digest_asn1 || (rm -f digest_asn1_files ; exit 1)
-
-kx509_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/kx509.asn1
-	./asn1_compile$(EXEEXT) $(srcdir)/kx509.asn1 kx509_asn1 || (rm -f kx509_asn1_files ; exit 1)
-
-test_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/test.asn1
-	./asn1_compile$(EXEEXT) --sequence=TESTSeqOf $(srcdir)/test.asn1 test_asn1 || (rm -f test_asn1_files ; exit 1)
-
-EXTRA_DIST =		\
-	asn1_err.et	\
-	canthandle.asn1	\
-	CMS.asn1	\
-	digest.asn1	\
-	k5.asn1		\
-	kx509.asn1	\
-	test.asn1	\
-	setchgpw2.asn1	\
-	pkcs12.asn1	\
-	pkcs8.asn1	\
-	pkcs9.asn1	\
-	pkinit.asn1	\
-	rfc2459.asn1	\
-	test.gen
-
-$(srcdir)/der-protos.h:
-	cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -o der-protos.h $(dist_libasn1_la_SOURCES) || rm -f der-protos.h
diff --git a/crypto/heimdal/lib/asn1/Makefile.in b/crypto/heimdal/lib/asn1/Makefile.in
deleted file mode 100644
index 0a3783a9b601..000000000000
--- a/crypto/heimdal/lib/asn1/Makefile.in
+++ /dev/null
@@ -1,1801 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 22445 2008-01-14 21:23:36Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(dist_include_HEADERS) $(srcdir)/Makefile.am \
-	$(srcdir)/Makefile.in $(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common ChangeLog lex.c parse.c \
-	parse.h
-noinst_PROGRAMS = asn1_compile$(EXEEXT) asn1_print$(EXEEXT) \
-	asn1_gen$(EXEEXT)
-TESTS = check-der$(EXEEXT) check-gen$(EXEEXT) check-timegm$(EXEEXT)
-check_PROGRAMS = $(am__EXEEXT_1)
-subdir = lib/asn1
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
-    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
-    *) f=$$p;; \
-  esac;
-am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
-am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)" \
-	"$(DESTDIR)$(includedir)"
-libLTLIBRARIES_INSTALL = $(INSTALL)
-LTLIBRARIES = $(lib_LTLIBRARIES)
-am__DEPENDENCIES_1 =
-libasn1_la_DEPENDENCIES = $(am__DEPENDENCIES_1)
-dist_libasn1_la_OBJECTS = der.lo der_get.lo der_put.lo der_free.lo \
-	der_length.lo der_copy.lo der_cmp.lo der_format.lo extra.lo \
-	timegm.lo
-am__objects_1 = asn1_Version.lo asn1_id_pkcs_1.lo \
-	asn1_id_pkcs1_rsaEncryption.lo \
-	asn1_id_pkcs1_md2WithRSAEncryption.lo \
-	asn1_id_pkcs1_md5WithRSAEncryption.lo \
-	asn1_id_pkcs1_sha1WithRSAEncryption.lo \
-	asn1_id_pkcs1_sha256WithRSAEncryption.lo \
-	asn1_id_pkcs1_sha384WithRSAEncryption.lo \
-	asn1_id_pkcs1_sha512WithRSAEncryption.lo \
-	asn1_id_heim_rsa_pkcs1_x509.lo asn1_id_pkcs_2.lo \
-	asn1_id_pkcs2_md2.lo asn1_id_pkcs2_md4.lo asn1_id_pkcs2_md5.lo \
-	asn1_id_rsa_digestAlgorithm.lo asn1_id_rsa_digest_md2.lo \
-	asn1_id_rsa_digest_md4.lo asn1_id_rsa_digest_md5.lo \
-	asn1_id_pkcs_3.lo asn1_id_pkcs3_rc2_cbc.lo \
-	asn1_id_pkcs3_rc4.lo asn1_id_pkcs3_des_ede3_cbc.lo \
-	asn1_id_rsadsi_encalg.lo asn1_id_rsadsi_rc2_cbc.lo \
-	asn1_id_rsadsi_des_ede3_cbc.lo asn1_id_secsig_sha_1.lo \
-	asn1_id_nistAlgorithm.lo asn1_id_nist_aes_algs.lo \
-	asn1_id_aes_128_cbc.lo asn1_id_aes_192_cbc.lo \
-	asn1_id_aes_256_cbc.lo asn1_id_nist_sha_algs.lo \
-	asn1_id_sha256.lo asn1_id_sha224.lo asn1_id_sha384.lo \
-	asn1_id_sha512.lo asn1_id_dhpublicnumber.lo asn1_id_x9_57.lo \
-	asn1_id_dsa.lo asn1_id_dsa_with_sha1.lo asn1_id_x520_at.lo \
-	asn1_id_at_commonName.lo asn1_id_at_surname.lo \
-	asn1_id_at_serialNumber.lo asn1_id_at_countryName.lo \
-	asn1_id_at_localityName.lo asn1_id_at_streetAddress.lo \
-	asn1_id_at_stateOrProvinceName.lo \
-	asn1_id_at_organizationName.lo \
-	asn1_id_at_organizationalUnitName.lo asn1_id_at_name.lo \
-	asn1_id_at_givenName.lo asn1_id_at_initials.lo \
-	asn1_id_at_generationQualifier.lo asn1_id_at_pseudonym.lo \
-	asn1_id_Userid.lo asn1_id_domainComponent.lo \
-	asn1_id_x509_ce.lo asn1_id_uspkicommon_card_id.lo \
-	asn1_id_uspkicommon_piv_interim.lo asn1_id_netscape.lo \
-	asn1_id_netscape_cert_comment.lo \
-	asn1_id_ms_cert_enroll_domaincontroller.lo \
-	asn1_id_ms_client_authentication.lo \
-	asn1_AlgorithmIdentifier.lo asn1_AttributeType.lo \
-	asn1_AttributeValue.lo asn1_TeletexStringx.lo \
-	asn1_DirectoryString.lo asn1_Attribute.lo \
-	asn1_AttributeTypeAndValue.lo \
-	asn1_AuthorityInfoAccessSyntax.lo asn1_AccessDescription.lo \
-	asn1_RelativeDistinguishedName.lo asn1_RDNSequence.lo \
-	asn1_Name.lo asn1_CertificateSerialNumber.lo asn1_Time.lo \
-	asn1_Validity.lo asn1_UniqueIdentifier.lo \
-	asn1_SubjectPublicKeyInfo.lo asn1_Extension.lo \
-	asn1_Extensions.lo asn1_TBSCertificate.lo asn1_Certificate.lo \
-	asn1_Certificates.lo asn1_ValidationParms.lo \
-	asn1_DomainParameters.lo asn1_DHPublicKey.lo asn1_OtherName.lo \
-	asn1_GeneralName.lo asn1_GeneralNames.lo \
-	asn1_id_x509_ce_keyUsage.lo asn1_KeyUsage.lo \
-	asn1_id_x509_ce_authorityKeyIdentifier.lo \
-	asn1_KeyIdentifier.lo asn1_AuthorityKeyIdentifier.lo \
-	asn1_id_x509_ce_subjectKeyIdentifier.lo \
-	asn1_SubjectKeyIdentifier.lo \
-	asn1_id_x509_ce_basicConstraints.lo asn1_BasicConstraints.lo \
-	asn1_id_x509_ce_nameConstraints.lo asn1_BaseDistance.lo \
-	asn1_GeneralSubtree.lo asn1_GeneralSubtrees.lo \
-	asn1_NameConstraints.lo \
-	asn1_id_x509_ce_privateKeyUsagePeriod.lo \
-	asn1_id_x509_ce_certificatePolicies.lo \
-	asn1_id_x509_ce_policyMappings.lo \
-	asn1_id_x509_ce_subjectAltName.lo \
-	asn1_id_x509_ce_issuerAltName.lo \
-	asn1_id_x509_ce_subjectDirectoryAttributes.lo \
-	asn1_id_x509_ce_policyConstraints.lo \
-	asn1_id_x509_ce_extKeyUsage.lo asn1_ExtKeyUsage.lo \
-	asn1_id_x509_ce_cRLDistributionPoints.lo \
-	asn1_id_x509_ce_deltaCRLIndicator.lo \
-	asn1_id_x509_ce_issuingDistributionPoint.lo \
-	asn1_id_x509_ce_holdInstructionCode.lo \
-	asn1_id_x509_ce_invalidityDate.lo \
-	asn1_id_x509_ce_certificateIssuer.lo \
-	asn1_id_x509_ce_inhibitAnyPolicy.lo \
-	asn1_DistributionPointReasonFlags.lo \
-	asn1_DistributionPointName.lo asn1_DistributionPoint.lo \
-	asn1_CRLDistributionPoints.lo asn1_DSASigValue.lo \
-	asn1_DSAPublicKey.lo asn1_DSAParams.lo asn1_RSAPublicKey.lo \
-	asn1_RSAPrivateKey.lo asn1_DigestInfo.lo \
-	asn1_TBSCRLCertList.lo asn1_CRLCertificateList.lo \
-	asn1_id_x509_ce_cRLNumber.lo asn1_id_x509_ce_freshestCRL.lo \
-	asn1_id_x509_ce_cRLReason.lo asn1_CRLReason.lo \
-	asn1_PKIXXmppAddr.lo asn1_id_pkix.lo asn1_id_pkix_on.lo \
-	asn1_id_pkix_on_dnsSRV.lo asn1_id_pkix_on_xmppAddr.lo \
-	asn1_id_pkix_kp.lo asn1_id_pkix_kp_serverAuth.lo \
-	asn1_id_pkix_kp_clientAuth.lo \
-	asn1_id_pkix_kp_emailProtection.lo \
-	asn1_id_pkix_kp_timeStamping.lo asn1_id_pkix_kp_OCSPSigning.lo \
-	asn1_id_pkix_pe.lo asn1_id_pkix_pe_authorityInfoAccess.lo \
-	asn1_id_pkix_pe_proxyCertInfo.lo asn1_id_pkix_ppl.lo \
-	asn1_id_pkix_ppl_anyLanguage.lo asn1_id_pkix_ppl_inheritAll.lo \
-	asn1_id_pkix_ppl_independent.lo asn1_ProxyPolicy.lo \
-	asn1_ProxyCertInfo.lo
-am__objects_2 = asn1_CMSAttributes.lo asn1_CMSCBCParameter.lo \
-	asn1_CMSEncryptedData.lo asn1_CMSIdentifier.lo \
-	asn1_CMSRC2CBCParameter.lo asn1_CMSVersion.lo \
-	asn1_CertificateList.lo asn1_CertificateRevocationLists.lo \
-	asn1_CertificateSet.lo \
-	asn1_ContentEncryptionAlgorithmIdentifier.lo \
-	asn1_ContentInfo.lo asn1_ContentType.lo \
-	asn1_DigestAlgorithmIdentifier.lo \
-	asn1_DigestAlgorithmIdentifiers.lo \
-	asn1_EncapsulatedContentInfo.lo asn1_EncryptedContent.lo \
-	asn1_EncryptedContentInfo.lo asn1_EncryptedKey.lo \
-	asn1_EnvelopedData.lo asn1_IssuerAndSerialNumber.lo \
-	asn1_KeyEncryptionAlgorithmIdentifier.lo \
-	asn1_KeyTransRecipientInfo.lo asn1_MessageDigest.lo \
-	asn1_OriginatorInfo.lo asn1_RecipientIdentifier.lo \
-	asn1_RecipientInfo.lo asn1_RecipientInfos.lo \
-	asn1_SignatureAlgorithmIdentifier.lo asn1_SignatureValue.lo \
-	asn1_SignedData.lo asn1_SignerIdentifier.lo asn1_SignerInfo.lo \
-	asn1_SignerInfos.lo asn1_id_pkcs7.lo asn1_id_pkcs7_data.lo \
-	asn1_id_pkcs7_digestedData.lo asn1_id_pkcs7_encryptedData.lo \
-	asn1_id_pkcs7_envelopedData.lo \
-	asn1_id_pkcs7_signedAndEnvelopedData.lo \
-	asn1_id_pkcs7_signedData.lo asn1_UnprotectedAttributes.lo
-am__objects_3 = asn1_AD_AND_OR.lo asn1_AD_IF_RELEVANT.lo \
-	asn1_AD_KDCIssued.lo asn1_AD_MANDATORY_FOR_KDC.lo \
-	asn1_AD_LoginAlias.lo asn1_APOptions.lo asn1_AP_REP.lo \
-	asn1_AP_REQ.lo asn1_AS_REP.lo asn1_AS_REQ.lo \
-	asn1_AUTHDATA_TYPE.lo asn1_Authenticator.lo \
-	asn1_AuthorizationData.lo asn1_AuthorizationDataElement.lo \
-	asn1_CKSUMTYPE.lo asn1_ChangePasswdDataMS.lo asn1_Checksum.lo \
-	asn1_ENCTYPE.lo asn1_ETYPE_INFO.lo asn1_ETYPE_INFO2.lo \
-	asn1_ETYPE_INFO2_ENTRY.lo asn1_ETYPE_INFO_ENTRY.lo \
-	asn1_EncAPRepPart.lo asn1_EncASRepPart.lo \
-	asn1_EncKDCRepPart.lo asn1_EncKrbCredPart.lo \
-	asn1_EncKrbPrivPart.lo asn1_EncTGSRepPart.lo \
-	asn1_EncTicketPart.lo asn1_EncryptedData.lo \
-	asn1_EncryptionKey.lo asn1_EtypeList.lo asn1_HostAddress.lo \
-	asn1_HostAddresses.lo asn1_KDCOptions.lo asn1_KDC_REP.lo \
-	asn1_KDC_REQ.lo asn1_KDC_REQ_BODY.lo asn1_KRB_CRED.lo \
-	asn1_KRB_ERROR.lo asn1_KRB_PRIV.lo asn1_KRB_SAFE.lo \
-	asn1_KRB_SAFE_BODY.lo asn1_KerberosString.lo \
-	asn1_KerberosTime.lo asn1_KrbCredInfo.lo asn1_LR_TYPE.lo \
-	asn1_LastReq.lo asn1_MESSAGE_TYPE.lo asn1_METHOD_DATA.lo \
-	asn1_NAME_TYPE.lo asn1_PADATA_TYPE.lo asn1_PA_DATA.lo \
-	asn1_PA_ENC_SAM_RESPONSE_ENC.lo asn1_PA_ENC_TS_ENC.lo \
-	asn1_PA_PAC_REQUEST.lo asn1_PA_S4U2Self.lo \
-	asn1_PA_SAM_CHALLENGE_2.lo asn1_PA_SAM_CHALLENGE_2_BODY.lo \
-	asn1_PA_SAM_REDIRECT.lo asn1_PA_SAM_RESPONSE_2.lo \
-	asn1_PA_SAM_TYPE.lo asn1_PA_ClientCanonicalized.lo \
-	asn1_PA_ClientCanonicalizedNames.lo asn1_PA_SvrReferralData.lo \
-	asn1_PROV_SRV_LOCATION.lo asn1_Principal.lo \
-	asn1_PrincipalName.lo asn1_Realm.lo asn1_SAMFlags.lo \
-	asn1_TGS_REP.lo asn1_TGS_REQ.lo asn1_TYPED_DATA.lo \
-	asn1_Ticket.lo asn1_TicketFlags.lo asn1_TransitedEncoding.lo \
-	asn1_TypedData.lo asn1_krb5int32.lo asn1_krb5uint32.lo \
-	asn1_KRB5SignedPathData.lo asn1_KRB5SignedPathPrincipals.lo \
-	asn1_KRB5SignedPath.lo
-am__objects_4 = asn1_id_pkinit.lo asn1_id_pkauthdata.lo \
-	asn1_id_pkdhkeydata.lo asn1_id_pkrkeydata.lo \
-	asn1_id_pkekuoid.lo asn1_id_pkkdcekuoid.lo \
-	asn1_id_pkinit_san.lo asn1_id_pkinit_ms_eku.lo \
-	asn1_id_pkinit_ms_san.lo asn1_MS_UPN_SAN.lo asn1_DHNonce.lo \
-	asn1_KDFAlgorithmId.lo asn1_TrustedCA.lo \
-	asn1_ExternalPrincipalIdentifier.lo \
-	asn1_ExternalPrincipalIdentifiers.lo asn1_PA_PK_AS_REQ.lo \
-	asn1_PKAuthenticator.lo asn1_AuthPack.lo \
-	asn1_TD_TRUSTED_CERTIFIERS.lo asn1_TD_INVALID_CERTIFICATES.lo \
-	asn1_KRB5PrincipalName.lo asn1_AD_INITIAL_VERIFIED_CAS.lo \
-	asn1_DHRepInfo.lo asn1_PA_PK_AS_REP.lo asn1_KDCDHKeyInfo.lo \
-	asn1_ReplyKeyPack.lo asn1_TD_DH_PARAMETERS.lo \
-	asn1_PKAuthenticator_Win2k.lo asn1_AuthPack_Win2k.lo \
-	asn1_TrustedCA_Win2k.lo asn1_PA_PK_AS_REQ_Win2k.lo \
-	asn1_PA_PK_AS_REP_Win2k.lo asn1_KDCDHKeyInfo_Win2k.lo \
-	asn1_ReplyKeyPack_Win2k.lo asn1_PkinitSuppPubInfo.lo
-am__objects_5 = asn1_PKCS8PrivateKeyAlgorithmIdentifier.lo \
-	asn1_PKCS8PrivateKey.lo asn1_PKCS8PrivateKeyInfo.lo \
-	asn1_PKCS8Attributes.lo asn1_PKCS8EncryptedPrivateKeyInfo.lo \
-	asn1_PKCS8EncryptedData.lo
-am__objects_6 = asn1_id_pkcs_9.lo asn1_id_pkcs9_contentType.lo \
-	asn1_id_pkcs9_emailAddress.lo asn1_id_pkcs9_messageDigest.lo \
-	asn1_id_pkcs9_signingTime.lo asn1_id_pkcs9_countersignature.lo \
-	asn1_id_pkcs_9_at_friendlyName.lo \
-	asn1_id_pkcs_9_at_localKeyId.lo asn1_id_pkcs_9_at_certTypes.lo \
-	asn1_id_pkcs_9_at_certTypes_x509.lo asn1_PKCS9_BMPString.lo \
-	asn1_PKCS9_friendlyName.lo
-am__objects_7 = asn1_id_pkcs_12.lo asn1_id_pkcs_12PbeIds.lo \
-	asn1_id_pbeWithSHAAnd128BitRC4.lo \
-	asn1_id_pbeWithSHAAnd40BitRC4.lo \
-	asn1_id_pbeWithSHAAnd3_KeyTripleDES_CBC.lo \
-	asn1_id_pbeWithSHAAnd2_KeyTripleDES_CBC.lo \
-	asn1_id_pbeWithSHAAnd128BitRC2_CBC.lo \
-	asn1_id_pbewithSHAAnd40BitRC2_CBC.lo \
-	asn1_id_pkcs12_bagtypes.lo asn1_id_pkcs12_keyBag.lo \
-	asn1_id_pkcs12_pkcs8ShroudedKeyBag.lo \
-	asn1_id_pkcs12_certBag.lo asn1_id_pkcs12_crlBag.lo \
-	asn1_id_pkcs12_secretBag.lo asn1_id_pkcs12_safeContentsBag.lo \
-	asn1_PKCS12_MacData.lo asn1_PKCS12_PFX.lo \
-	asn1_PKCS12_AuthenticatedSafe.lo asn1_PKCS12_CertBag.lo \
-	asn1_PKCS12_Attribute.lo asn1_PKCS12_Attributes.lo \
-	asn1_PKCS12_SafeBag.lo asn1_PKCS12_SafeContents.lo \
-	asn1_PKCS12_OctetString.lo asn1_PKCS12_PBEParams.lo
-am__objects_8 = asn1_DigestError.lo asn1_DigestInit.lo \
-	asn1_DigestInitReply.lo asn1_DigestREP.lo asn1_DigestREQ.lo \
-	asn1_DigestRepInner.lo asn1_DigestReqInner.lo \
-	asn1_DigestRequest.lo asn1_DigestResponse.lo \
-	asn1_DigestTypes.lo asn1_NTLMInit.lo asn1_NTLMInitReply.lo \
-	asn1_NTLMRequest.lo asn1_NTLMResponse.lo
-am__objects_9 = asn1_Kx509Response.lo asn1_Kx509Request.lo
-am__objects_10 = $(am__objects_1) $(am__objects_2) $(am__objects_3) \
-	$(am__objects_4) $(am__objects_5) $(am__objects_6) \
-	$(am__objects_7) $(am__objects_8) $(am__objects_9) asn1_err.lo
-nodist_libasn1_la_OBJECTS = $(am__objects_10)
-libasn1_la_OBJECTS = $(dist_libasn1_la_OBJECTS) \
-	$(nodist_libasn1_la_OBJECTS)
-libasn1_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(libasn1_la_LDFLAGS) $(LDFLAGS) -o $@
-am__EXEEXT_1 = check-der$(EXEEXT) check-gen$(EXEEXT) \
-	check-timegm$(EXEEXT)
-PROGRAMS = $(noinst_PROGRAMS)
-am_asn1_compile_OBJECTS = gen.$(OBJEXT) gen_copy.$(OBJEXT) \
-	gen_decode.$(OBJEXT) gen_encode.$(OBJEXT) gen_free.$(OBJEXT) \
-	gen_glue.$(OBJEXT) gen_length.$(OBJEXT) gen_seq.$(OBJEXT) \
-	hash.$(OBJEXT) lex.$(OBJEXT) main.$(OBJEXT) parse.$(OBJEXT) \
-	symbol.$(OBJEXT)
-asn1_compile_OBJECTS = $(am_asn1_compile_OBJECTS)
-asn1_compile_DEPENDENCIES = $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1)
-am_asn1_gen_OBJECTS = asn1_gen.$(OBJEXT)
-asn1_gen_OBJECTS = $(am_asn1_gen_OBJECTS)
-am__DEPENDENCIES_2 = libasn1.la $(am__DEPENDENCIES_1)
-asn1_gen_DEPENDENCIES = $(am__DEPENDENCIES_2)
-am_asn1_print_OBJECTS = asn1_print.$(OBJEXT)
-asn1_print_OBJECTS = $(am_asn1_print_OBJECTS)
-asn1_print_DEPENDENCIES = $(am__DEPENDENCIES_2)
-am_check_der_OBJECTS = check-der.$(OBJEXT) check-common.$(OBJEXT)
-check_der_OBJECTS = $(am_check_der_OBJECTS)
-check_der_DEPENDENCIES = libasn1.la $(am__DEPENDENCIES_1)
-dist_check_gen_OBJECTS = check-gen.$(OBJEXT) check-common.$(OBJEXT)
-am__objects_11 = asn1_TESTAlloc.$(OBJEXT) \
-	asn1_TESTAllocInner.$(OBJEXT) asn1_TESTCONTAINING.$(OBJEXT) \
-	asn1_TESTCONTAININGENCODEDBY.$(OBJEXT) \
-	asn1_TESTCONTAININGENCODEDBY2.$(OBJEXT) \
-	asn1_TESTChoice1.$(OBJEXT) asn1_TESTChoice2.$(OBJEXT) \
-	asn1_TESTDer.$(OBJEXT) asn1_TESTENCODEDBY.$(OBJEXT) \
-	asn1_TESTImplicit.$(OBJEXT) asn1_TESTImplicit2.$(OBJEXT) \
-	asn1_TESTInteger.$(OBJEXT) asn1_TESTInteger2.$(OBJEXT) \
-	asn1_TESTInteger3.$(OBJEXT) asn1_TESTLargeTag.$(OBJEXT) \
-	asn1_TESTSeq.$(OBJEXT) asn1_TESTUSERCONSTRAINED.$(OBJEXT) \
-	asn1_TESTSeqOf.$(OBJEXT) asn1_TESTOSSize1.$(OBJEXT) \
-	asn1_TESTSeqSizeOf1.$(OBJEXT) asn1_TESTSeqSizeOf2.$(OBJEXT) \
-	asn1_TESTSeqSizeOf3.$(OBJEXT) asn1_TESTSeqSizeOf4.$(OBJEXT)
-nodist_check_gen_OBJECTS = $(am__objects_11)
-check_gen_OBJECTS = $(dist_check_gen_OBJECTS) \
-	$(nodist_check_gen_OBJECTS)
-check_gen_DEPENDENCIES = $(am__DEPENDENCIES_2)
-check_timegm_SOURCES = check-timegm.c
-check_timegm_OBJECTS = check-timegm.$(OBJEXT)
-check_timegm_DEPENDENCIES = $(am__DEPENDENCIES_2)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-@MAINTAINER_MODE_FALSE@am__skiplex = test -f $@ ||
-LEXCOMPILE = $(LEX) $(LFLAGS) $(AM_LFLAGS)
-LTLEXCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(LEX) $(LFLAGS) $(AM_LFLAGS)
-YLWRAP = $(top_srcdir)/ylwrap
-@MAINTAINER_MODE_FALSE@am__skipyacc = test -f $@ ||
-YACCCOMPILE = $(YACC) $(YFLAGS) $(AM_YFLAGS)
-LTYACCCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(YACC) $(YFLAGS) $(AM_YFLAGS)
-SOURCES = $(dist_libasn1_la_SOURCES) $(nodist_libasn1_la_SOURCES) \
-	$(asn1_compile_SOURCES) $(asn1_gen_SOURCES) \
-	$(asn1_print_SOURCES) $(check_der_SOURCES) \
-	$(dist_check_gen_SOURCES) $(nodist_check_gen_SOURCES) \
-	check-timegm.c
-DIST_SOURCES = $(dist_libasn1_la_SOURCES) $(asn1_compile_SOURCES) \
-	$(asn1_gen_SOURCES) $(asn1_print_SOURCES) $(check_der_SOURCES) \
-	$(dist_check_gen_SOURCES) check-timegm.c
-dist_includeHEADERS_INSTALL = $(INSTALL_HEADER)
-nodist_includeHEADERS_INSTALL = $(INSTALL_HEADER)
-HEADERS = $(dist_include_HEADERS) $(nodist_include_HEADERS)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = -d -t
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-lib_LTLIBRARIES = libasn1.la
-libasn1_la_LDFLAGS = -version-info 8:0:0
-libasn1_la_LIBADD = \
-	@LIB_com_err@ \
-	$(LIBADD_roken)
-
-BUILT_SOURCES = \
-	$(gen_files_rfc2459:.x=.c)	\
-	$(gen_files_cms:.x=.c)		\
-	$(gen_files_k5:.x=.c)		\
-	$(gen_files_pkinit:.x=.c)	\
-	$(gen_files_pkcs8:.x=.c)	\
-	$(gen_files_pkcs9:.x=.c)	\
-	$(gen_files_pkcs12:.x=.c)	\
-	$(gen_files_digest:.x=.c)	\
-	$(gen_files_kx509:.x=.c)	\
-	asn1_err.h			\
-	asn1_err.c
-
-gen_files_k5 = \
-	asn1_AD_AND_OR.x				\
-	asn1_AD_IF_RELEVANT.x				\
-	asn1_AD_KDCIssued.x				\
-	asn1_AD_MANDATORY_FOR_KDC.x			\
-	asn1_AD_LoginAlias.x				\
-	asn1_APOptions.x				\
-	asn1_AP_REP.x					\
-	asn1_AP_REQ.x					\
-	asn1_AS_REP.x					\
-	asn1_AS_REQ.x					\
-	asn1_AUTHDATA_TYPE.x				\
-	asn1_Authenticator.x				\
-	asn1_AuthorizationData.x			\
-	asn1_AuthorizationDataElement.x			\
-	asn1_CKSUMTYPE.x				\
-	asn1_ChangePasswdDataMS.x			\
-	asn1_Checksum.x					\
-	asn1_ENCTYPE.x					\
-	asn1_ETYPE_INFO.x				\
-	asn1_ETYPE_INFO2.x				\
-	asn1_ETYPE_INFO2_ENTRY.x			\
-	asn1_ETYPE_INFO_ENTRY.x				\
-	asn1_EncAPRepPart.x				\
-	asn1_EncASRepPart.x				\
-	asn1_EncKDCRepPart.x				\
-	asn1_EncKrbCredPart.x				\
-	asn1_EncKrbPrivPart.x				\
-	asn1_EncTGSRepPart.x				\
-	asn1_EncTicketPart.x				\
-	asn1_EncryptedData.x				\
-	asn1_EncryptionKey.x				\
-	asn1_EtypeList.x				\
-	asn1_HostAddress.x				\
-	asn1_HostAddresses.x				\
-	asn1_KDCOptions.x				\
-	asn1_KDC_REP.x					\
-	asn1_KDC_REQ.x					\
-	asn1_KDC_REQ_BODY.x				\
-	asn1_KRB_CRED.x					\
-	asn1_KRB_ERROR.x				\
-	asn1_KRB_PRIV.x					\
-	asn1_KRB_SAFE.x					\
-	asn1_KRB_SAFE_BODY.x				\
-	asn1_KerberosString.x				\
-	asn1_KerberosTime.x				\
-	asn1_KrbCredInfo.x				\
-	asn1_LR_TYPE.x					\
-	asn1_LastReq.x					\
-	asn1_MESSAGE_TYPE.x				\
-	asn1_METHOD_DATA.x				\
-	asn1_NAME_TYPE.x				\
-	asn1_PADATA_TYPE.x				\
-	asn1_PA_DATA.x					\
-	asn1_PA_ENC_SAM_RESPONSE_ENC.x         		\
-	asn1_PA_ENC_TS_ENC.x				\
-	asn1_PA_PAC_REQUEST.x				\
-	asn1_PA_S4U2Self.x				\
-	asn1_PA_SAM_CHALLENGE_2.x               	\
-	asn1_PA_SAM_CHALLENGE_2_BODY.x 			\
-	asn1_PA_SAM_REDIRECT.x				\
-	asn1_PA_SAM_RESPONSE_2.x			\
-	asn1_PA_SAM_TYPE.x				\
-	asn1_PA_ClientCanonicalized.x			\
-	asn1_PA_ClientCanonicalizedNames.x		\
-	asn1_PA_SvrReferralData.x			\
-	asn1_PROV_SRV_LOCATION.x			\
-	asn1_Principal.x				\
-	asn1_PrincipalName.x				\
-	asn1_Realm.x					\
-	asn1_SAMFlags.x					\
-	asn1_TGS_REP.x					\
-	asn1_TGS_REQ.x					\
-	asn1_TYPED_DATA.x				\
-	asn1_Ticket.x					\
-	asn1_TicketFlags.x				\
-	asn1_TransitedEncoding.x			\
-	asn1_TypedData.x				\
-	asn1_krb5int32.x				\
-	asn1_krb5uint32.x				\
-	asn1_KRB5SignedPathData.x			\
-	asn1_KRB5SignedPathPrincipals.x			\
-	asn1_KRB5SignedPath.x
-
-gen_files_cms = \
-	asn1_CMSAttributes.x				\
-	asn1_CMSCBCParameter.x				\
-	asn1_CMSEncryptedData.x				\
-	asn1_CMSIdentifier.x				\
-	asn1_CMSRC2CBCParameter.x			\
-	asn1_CMSVersion.x				\
-	asn1_CertificateList.x				\
-	asn1_CertificateRevocationLists.x		\
-	asn1_CertificateSet.x				\
-	asn1_ContentEncryptionAlgorithmIdentifier.x	\
-	asn1_ContentInfo.x				\
-	asn1_ContentType.x				\
-	asn1_DigestAlgorithmIdentifier.x		\
-	asn1_DigestAlgorithmIdentifiers.x		\
-	asn1_EncapsulatedContentInfo.x			\
-	asn1_EncryptedContent.x				\
-	asn1_EncryptedContentInfo.x			\
-	asn1_EncryptedKey.x				\
-	asn1_EnvelopedData.x				\
-	asn1_IssuerAndSerialNumber.x			\
-	asn1_KeyEncryptionAlgorithmIdentifier.x		\
-	asn1_KeyTransRecipientInfo.x			\
-	asn1_MessageDigest.x				\
-	asn1_OriginatorInfo.x				\
-	asn1_RecipientIdentifier.x			\
-	asn1_RecipientInfo.x				\
-	asn1_RecipientInfos.x				\
-	asn1_SignatureAlgorithmIdentifier.x		\
-	asn1_SignatureValue.x				\
-	asn1_SignedData.x				\
-	asn1_SignerIdentifier.x				\
-	asn1_SignerInfo.x				\
-	asn1_SignerInfos.x				\
-	asn1_id_pkcs7.x					\
-	asn1_id_pkcs7_data.x				\
-	asn1_id_pkcs7_digestedData.x			\
-	asn1_id_pkcs7_encryptedData.x			\
-	asn1_id_pkcs7_envelopedData.x			\
-	asn1_id_pkcs7_signedAndEnvelopedData.x		\
-	asn1_id_pkcs7_signedData.x			\
-	asn1_UnprotectedAttributes.x
-
-gen_files_rfc2459 = \
-	asn1_Version.x					\
-	asn1_id_pkcs_1.x				\
-	asn1_id_pkcs1_rsaEncryption.x			\
-	asn1_id_pkcs1_md2WithRSAEncryption.x		\
-	asn1_id_pkcs1_md5WithRSAEncryption.x		\
-	asn1_id_pkcs1_sha1WithRSAEncryption.x		\
-	asn1_id_pkcs1_sha256WithRSAEncryption.x		\
-	asn1_id_pkcs1_sha384WithRSAEncryption.x		\
-	asn1_id_pkcs1_sha512WithRSAEncryption.x		\
-	asn1_id_heim_rsa_pkcs1_x509.x			\
-	asn1_id_pkcs_2.x				\
-	asn1_id_pkcs2_md2.x				\
-	asn1_id_pkcs2_md4.x				\
-	asn1_id_pkcs2_md5.x				\
-	asn1_id_rsa_digestAlgorithm.x			\
-	asn1_id_rsa_digest_md2.x			\
-	asn1_id_rsa_digest_md4.x			\
-	asn1_id_rsa_digest_md5.x			\
-	asn1_id_pkcs_3.x				\
-	asn1_id_pkcs3_rc2_cbc.x				\
-	asn1_id_pkcs3_rc4.x				\
-	asn1_id_pkcs3_des_ede3_cbc.x			\
-	asn1_id_rsadsi_encalg.x				\
-	asn1_id_rsadsi_rc2_cbc.x			\
-	asn1_id_rsadsi_des_ede3_cbc.x			\
-	asn1_id_secsig_sha_1.x				\
-	asn1_id_nistAlgorithm.x				\
-	asn1_id_nist_aes_algs.x				\
-	asn1_id_aes_128_cbc.x				\
-	asn1_id_aes_192_cbc.x				\
-	asn1_id_aes_256_cbc.x				\
-	asn1_id_nist_sha_algs.x				\
-	asn1_id_sha256.x				\
-	asn1_id_sha224.x				\
-	asn1_id_sha384.x				\
-	asn1_id_sha512.x				\
-	asn1_id_dhpublicnumber.x			\
-	asn1_id_x9_57.x					\
-	asn1_id_dsa.x					\
-	asn1_id_dsa_with_sha1.x				\
-	asn1_id_x520_at.x				\
-	asn1_id_at_commonName.x				\
-	asn1_id_at_surname.x				\
-	asn1_id_at_serialNumber.x			\
-	asn1_id_at_countryName.x			\
-	asn1_id_at_localityName.x			\
-	asn1_id_at_streetAddress.x			\
-	asn1_id_at_stateOrProvinceName.x		\
-	asn1_id_at_organizationName.x			\
-	asn1_id_at_organizationalUnitName.x		\
-	asn1_id_at_name.x				\
-	asn1_id_at_givenName.x				\
-	asn1_id_at_initials.x				\
-	asn1_id_at_generationQualifier.x		\
-	asn1_id_at_pseudonym.x				\
-	asn1_id_Userid.x				\
-	asn1_id_domainComponent.x			\
-	asn1_id_x509_ce.x				\
-	asn1_id_uspkicommon_card_id.x			\
-	asn1_id_uspkicommon_piv_interim.x		\
-	asn1_id_netscape.x				\
-	asn1_id_netscape_cert_comment.x			\
-	asn1_id_ms_cert_enroll_domaincontroller.x	\
-	asn1_id_ms_client_authentication.x		\
-	asn1_AlgorithmIdentifier.x			\
-	asn1_AttributeType.x				\
-	asn1_AttributeValue.x				\
-	asn1_TeletexStringx.x				\
-	asn1_DirectoryString.x				\
-	asn1_Attribute.x				\
-	asn1_AttributeTypeAndValue.x			\
-	asn1_AuthorityInfoAccessSyntax.x		\
-	asn1_AccessDescription.x			\
-	asn1_RelativeDistinguishedName.x		\
-	asn1_RDNSequence.x				\
-	asn1_Name.x					\
-	asn1_CertificateSerialNumber.x			\
-	asn1_Time.x					\
-	asn1_Validity.x					\
-	asn1_UniqueIdentifier.x				\
-	asn1_SubjectPublicKeyInfo.x			\
-	asn1_Extension.x				\
-	asn1_Extensions.x				\
-	asn1_TBSCertificate.x				\
-	asn1_Certificate.x				\
-	asn1_Certificates.x				\
-	asn1_ValidationParms.x				\
-	asn1_DomainParameters.x				\
-	asn1_DHPublicKey.x				\
-	asn1_OtherName.x				\
-	asn1_GeneralName.x				\
-	asn1_GeneralNames.x				\
-	asn1_id_x509_ce_keyUsage.x			\
-	asn1_KeyUsage.x					\
-	asn1_id_x509_ce_authorityKeyIdentifier.x	\
-	asn1_KeyIdentifier.x				\
-	asn1_AuthorityKeyIdentifier.x			\
-	asn1_id_x509_ce_subjectKeyIdentifier.x		\
-	asn1_SubjectKeyIdentifier.x			\
-	asn1_id_x509_ce_basicConstraints.x		\
-	asn1_BasicConstraints.x				\
-	asn1_id_x509_ce_nameConstraints.x		\
-	asn1_BaseDistance.x				\
-	asn1_GeneralSubtree.x				\
-	asn1_GeneralSubtrees.x				\
-	asn1_NameConstraints.x				\
-	asn1_id_x509_ce_privateKeyUsagePeriod.x		\
-	asn1_id_x509_ce_certificatePolicies.x		\
-	asn1_id_x509_ce_policyMappings.x		\
-	asn1_id_x509_ce_subjectAltName.x		\
-	asn1_id_x509_ce_issuerAltName.x			\
-	asn1_id_x509_ce_subjectDirectoryAttributes.x	\
-	asn1_id_x509_ce_policyConstraints.x		\
-	asn1_id_x509_ce_extKeyUsage.x			\
-	asn1_ExtKeyUsage.x				\
-	asn1_id_x509_ce_cRLDistributionPoints.x		\
-	asn1_id_x509_ce_deltaCRLIndicator.x		\
-	asn1_id_x509_ce_issuingDistributionPoint.x	\
-	asn1_id_x509_ce_holdInstructionCode.x		\
-	asn1_id_x509_ce_invalidityDate.x		\
-	asn1_id_x509_ce_certificateIssuer.x		\
-	asn1_id_x509_ce_inhibitAnyPolicy.x		\
-	asn1_DistributionPointReasonFlags.x		\
-	asn1_DistributionPointName.x			\
-	asn1_DistributionPoint.x			\
-	asn1_CRLDistributionPoints.x			\
-	asn1_DSASigValue.x				\
-	asn1_DSAPublicKey.x				\
-	asn1_DSAParams.x				\
-	asn1_RSAPublicKey.x				\
-	asn1_RSAPrivateKey.x				\
-	asn1_DigestInfo.x				\
-	asn1_TBSCRLCertList.x				\
-	asn1_CRLCertificateList.x			\
-	asn1_id_x509_ce_cRLNumber.x			\
-	asn1_id_x509_ce_freshestCRL.x			\
-	asn1_id_x509_ce_cRLReason.x			\
-	asn1_CRLReason.x				\
-	asn1_PKIXXmppAddr.x				\
-	asn1_id_pkix.x					\
-	asn1_id_pkix_on.x				\
-	asn1_id_pkix_on_dnsSRV.x			\
-	asn1_id_pkix_on_xmppAddr.x			\
-	asn1_id_pkix_kp.x				\
-	asn1_id_pkix_kp_serverAuth.x			\
-	asn1_id_pkix_kp_clientAuth.x			\
-	asn1_id_pkix_kp_emailProtection.x		\
-	asn1_id_pkix_kp_timeStamping.x			\
-	asn1_id_pkix_kp_OCSPSigning.x			\
-	asn1_id_pkix_pe.x				\
-	asn1_id_pkix_pe_authorityInfoAccess.x		\
-	asn1_id_pkix_pe_proxyCertInfo.x			\
-	asn1_id_pkix_ppl.x				\
-	asn1_id_pkix_ppl_anyLanguage.x			\
-	asn1_id_pkix_ppl_inheritAll.x			\
-	asn1_id_pkix_ppl_independent.x			\
-	asn1_ProxyPolicy.x				\
-	asn1_ProxyCertInfo.x 
-
-gen_files_pkinit = \
-	asn1_id_pkinit.x				\
-	asn1_id_pkauthdata.x				\
-	asn1_id_pkdhkeydata.x				\
-	asn1_id_pkrkeydata.x				\
-	asn1_id_pkekuoid.x				\
-	asn1_id_pkkdcekuoid.x				\
-	asn1_id_pkinit_san.x				\
-	asn1_id_pkinit_ms_eku.x				\
-	asn1_id_pkinit_ms_san.x				\
-	asn1_MS_UPN_SAN.x				\
-	asn1_DHNonce.x					\
-	asn1_KDFAlgorithmId.x				\
-	asn1_TrustedCA.x				\
-	asn1_ExternalPrincipalIdentifier.x		\
-	asn1_ExternalPrincipalIdentifiers.x		\
-	asn1_PA_PK_AS_REQ.x				\
-	asn1_PKAuthenticator.x				\
-	asn1_AuthPack.x					\
-	asn1_TD_TRUSTED_CERTIFIERS.x			\
-	asn1_TD_INVALID_CERTIFICATES.x			\
-	asn1_KRB5PrincipalName.x			\
-	asn1_AD_INITIAL_VERIFIED_CAS.x			\
-	asn1_DHRepInfo.x				\
-	asn1_PA_PK_AS_REP.x				\
-	asn1_KDCDHKeyInfo.x				\
-	asn1_ReplyKeyPack.x				\
-	asn1_TD_DH_PARAMETERS.x				\
-	asn1_PKAuthenticator_Win2k.x			\
-	asn1_AuthPack_Win2k.x				\
-	asn1_TrustedCA_Win2k.x				\
-	asn1_PA_PK_AS_REQ_Win2k.x			\
-	asn1_PA_PK_AS_REP_Win2k.x			\
-	asn1_KDCDHKeyInfo_Win2k.x			\
-	asn1_ReplyKeyPack_Win2k.x			\
-	asn1_PkinitSuppPubInfo.x 
-
-gen_files_pkcs12 = \
-	asn1_id_pkcs_12.x				\
-	asn1_id_pkcs_12PbeIds.x				\
-	asn1_id_pbeWithSHAAnd128BitRC4.x		\
-	asn1_id_pbeWithSHAAnd40BitRC4.x			\
-	asn1_id_pbeWithSHAAnd3_KeyTripleDES_CBC.x	\
-	asn1_id_pbeWithSHAAnd2_KeyTripleDES_CBC.x	\
-	asn1_id_pbeWithSHAAnd128BitRC2_CBC.x		\
-	asn1_id_pbewithSHAAnd40BitRC2_CBC.x		\
-	asn1_id_pkcs12_bagtypes.x			\
-	asn1_id_pkcs12_keyBag.x				\
-	asn1_id_pkcs12_pkcs8ShroudedKeyBag.x		\
-	asn1_id_pkcs12_certBag.x			\
-	asn1_id_pkcs12_crlBag.x				\
-	asn1_id_pkcs12_secretBag.x			\
-	asn1_id_pkcs12_safeContentsBag.x		\
-	asn1_PKCS12_MacData.x				\
-	asn1_PKCS12_PFX.x				\
-	asn1_PKCS12_AuthenticatedSafe.x			\
-	asn1_PKCS12_CertBag.x				\
-	asn1_PKCS12_Attribute.x				\
-	asn1_PKCS12_Attributes.x			\
-	asn1_PKCS12_SafeBag.x				\
-	asn1_PKCS12_SafeContents.x			\
-	asn1_PKCS12_OctetString.x			\
-	asn1_PKCS12_PBEParams.x
-
-gen_files_pkcs8 = \
-	asn1_PKCS8PrivateKeyAlgorithmIdentifier.x	\
-	asn1_PKCS8PrivateKey.x				\
-	asn1_PKCS8PrivateKeyInfo.x			\
-	asn1_PKCS8Attributes.x				\
-	asn1_PKCS8EncryptedPrivateKeyInfo.x		\
-	asn1_PKCS8EncryptedData.x
-
-gen_files_pkcs9 = \
-	asn1_id_pkcs_9.x				\
-	asn1_id_pkcs9_contentType.x			\
-	asn1_id_pkcs9_emailAddress.x			\
-	asn1_id_pkcs9_messageDigest.x			\
-	asn1_id_pkcs9_signingTime.x			\
-	asn1_id_pkcs9_countersignature.x		\
-	asn1_id_pkcs_9_at_friendlyName.x		\
-	asn1_id_pkcs_9_at_localKeyId.x			\
-	asn1_id_pkcs_9_at_certTypes.x			\
-	asn1_id_pkcs_9_at_certTypes_x509.x		\
-	asn1_PKCS9_BMPString.x				\
-	asn1_PKCS9_friendlyName.x
-
-gen_files_test = \
-	asn1_TESTAlloc.x				\
-	asn1_TESTAllocInner.x				\
-	asn1_TESTCONTAINING.x				\
-	asn1_TESTCONTAININGENCODEDBY.x			\
-	asn1_TESTCONTAININGENCODEDBY2.x			\
-	asn1_TESTChoice1.x				\
-	asn1_TESTChoice2.x				\
-	asn1_TESTDer.x					\
-	asn1_TESTENCODEDBY.x				\
-	asn1_TESTImplicit.x				\
-	asn1_TESTImplicit2.x				\
-	asn1_TESTInteger.x				\
-	asn1_TESTInteger2.x				\
-	asn1_TESTInteger3.x				\
-	asn1_TESTLargeTag.x				\
-	asn1_TESTSeq.x					\
-	asn1_TESTUSERCONSTRAINED.x			\
-	asn1_TESTSeqOf.x				\
-	asn1_TESTOSSize1.x				\
-	asn1_TESTSeqSizeOf1.x				\
-	asn1_TESTSeqSizeOf2.x				\
-	asn1_TESTSeqSizeOf3.x				\
-	asn1_TESTSeqSizeOf4.x
-
-gen_files_digest = \
-	asn1_DigestError.x				\
-	asn1_DigestInit.x				\
-	asn1_DigestInitReply.x				\
-	asn1_DigestREP.x				\
-	asn1_DigestREQ.x				\
-	asn1_DigestRepInner.x				\
-	asn1_DigestReqInner.x				\
-	asn1_DigestRequest.x				\
-	asn1_DigestResponse.x				\
-	asn1_DigestTypes.x				\
-	asn1_NTLMInit.x					\
-	asn1_NTLMInitReply.x				\
-	asn1_NTLMRequest.x				\
-	asn1_NTLMResponse.x
-
-gen_files_kx509 = \
-	asn1_Kx509Response.x				\
-	asn1_Kx509Request.x
-
-asn1_gen_SOURCES = asn1_gen.c
-asn1_print_SOURCES = asn1_print.c
-check_der_SOURCES = check-der.c check-common.c check-common.h
-dist_check_gen_SOURCES = check-gen.c check-common.c check-common.h
-nodist_check_gen_SOURCES = $(gen_files_test:.x=.c)
-asn1_compile_SOURCES = \
-	asn1-common.h				\
-	asn1_queue.h				\
-	der.h					\
-	gen.c					\
-	gen_copy.c				\
-	gen_decode.c				\
-	gen_encode.c				\
-	gen_free.c				\
-	gen_glue.c				\
-	gen_length.c				\
-	gen_locl.h				\
-	gen_seq.c				\
-	hash.c					\
-	hash.h					\
-	lex.l					\
-	lex.h					\
-	main.c					\
-	parse.y					\
-	symbol.c				\
-	symbol.h
-
-dist_libasn1_la_SOURCES = \
-	der-protos.h 				\
-	der_locl.h 				\
-	der.c					\
-	der.h					\
-	der_get.c				\
-	der_put.c				\
-	der_free.c				\
-	der_length.c				\
-	der_copy.c				\
-	der_cmp.c				\
-	der_format.c				\
-	heim_asn1.h				\
-	extra.c					\
-	timegm.c
-
-nodist_libasn1_la_SOURCES = $(BUILT_SOURCES)
-asn1_compile_LDADD = \
-	$(LIB_roken) $(LEXLIB)
-
-check_der_LDADD = \
-	libasn1.la \
-	$(LIB_roken)
-
-check_gen_LDADD = $(check_der_LDADD)
-asn1_print_LDADD = $(check_der_LDADD)
-asn1_gen_LDADD = $(check_der_LDADD)
-check_timegm_LDADD = $(check_der_LDADD)
-CLEANFILES = \
-	$(BUILT_SOURCES) \
-	$(gen_files_rfc2459) \
-	$(gen_files_cms) \
-	$(gen_files_k5) \
-	$(gen_files_pkinit) \
-	$(gen_files_pkcs8) \
-	$(gen_files_pkcs9) \
-	$(gen_files_pkcs12) \
-	$(gen_files_digest) \
-	$(gen_files_kx509) \
-	$(gen_files_test) $(nodist_check_gen_SOURCES) \
-	rfc2459_asn1_files rfc2459_asn1.h \
-	cms_asn1_files cms_asn1.h \
-	krb5_asn1_files krb5_asn1.h \
-	pkinit_asn1_files pkinit_asn1.h \
-	pkcs8_asn1_files pkcs8_asn1.h \
-	pkcs9_asn1_files pkcs9_asn1.h \
-	pkcs12_asn1_files pkcs12_asn1.h \
-	digest_asn1_files digest_asn1.h \
-	kx509_asn1_files kx509_asn1.h \
-	test_asn1_files test_asn1.h
-
-dist_include_HEADERS = der.h heim_asn1.h der-protos.h
-nodist_include_HEADERS = asn1_err.h krb5_asn1.h pkinit_asn1.h \
-	cms_asn1.h rfc2459_asn1.h pkcs8_asn1.h pkcs9_asn1.h \
-	pkcs12_asn1.h digest_asn1.h kx509_asn1.h
-EXTRA_DIST = \
-	asn1_err.et	\
-	canthandle.asn1	\
-	CMS.asn1	\
-	digest.asn1	\
-	k5.asn1		\
-	kx509.asn1	\
-	test.asn1	\
-	setchgpw2.asn1	\
-	pkcs12.asn1	\
-	pkcs8.asn1	\
-	pkcs9.asn1	\
-	pkinit.asn1	\
-	rfc2459.asn1	\
-	test.gen
-
-all: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .l .lo .o .obj .y
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps lib/asn1/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps lib/asn1/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f=$(am__strip_dir) \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  p=$(am__strip_dir) \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
-	  $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test "$$dir" != "$$p" || dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-libasn1.la: $(libasn1_la_OBJECTS) $(libasn1_la_DEPENDENCIES) 
-	$(libasn1_la_LINK) -rpath $(libdir) $(libasn1_la_OBJECTS) $(libasn1_la_LIBADD) $(LIBS)
-
-clean-checkPROGRAMS:
-	@list='$(check_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-
-clean-noinstPROGRAMS:
-	@list='$(noinst_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-asn1_compile$(EXEEXT): $(asn1_compile_OBJECTS) $(asn1_compile_DEPENDENCIES) 
-	@rm -f asn1_compile$(EXEEXT)
-	$(LINK) $(asn1_compile_OBJECTS) $(asn1_compile_LDADD) $(LIBS)
-asn1_gen$(EXEEXT): $(asn1_gen_OBJECTS) $(asn1_gen_DEPENDENCIES) 
-	@rm -f asn1_gen$(EXEEXT)
-	$(LINK) $(asn1_gen_OBJECTS) $(asn1_gen_LDADD) $(LIBS)
-asn1_print$(EXEEXT): $(asn1_print_OBJECTS) $(asn1_print_DEPENDENCIES) 
-	@rm -f asn1_print$(EXEEXT)
-	$(LINK) $(asn1_print_OBJECTS) $(asn1_print_LDADD) $(LIBS)
-check-der$(EXEEXT): $(check_der_OBJECTS) $(check_der_DEPENDENCIES) 
-	@rm -f check-der$(EXEEXT)
-	$(LINK) $(check_der_OBJECTS) $(check_der_LDADD) $(LIBS)
-check-gen$(EXEEXT): $(check_gen_OBJECTS) $(check_gen_DEPENDENCIES) 
-	@rm -f check-gen$(EXEEXT)
-	$(LINK) $(check_gen_OBJECTS) $(check_gen_LDADD) $(LIBS)
-check-timegm$(EXEEXT): $(check_timegm_OBJECTS) $(check_timegm_DEPENDENCIES) 
-	@rm -f check-timegm$(EXEEXT)
-	$(LINK) $(check_timegm_OBJECTS) $(check_timegm_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-.l.c:
-	$(am__skiplex) $(SHELL) $(YLWRAP) $< $(LEX_OUTPUT_ROOT).c $@ -- $(LEXCOMPILE)
-
-.y.c:
-	$(am__skipyacc) $(SHELL) $(YLWRAP) $< y.tab.c $@ y.tab.h $*.h y.output $*.output -- $(YACCCOMPILE)
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-dist_includeHEADERS: $(dist_include_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
-	@list='$(dist_include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(dist_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
-	  $(dist_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-uninstall-dist_includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(dist_include_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(includedir)/$$f"; \
-	done
-install-nodist_includeHEADERS: $(nodist_include_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
-	@list='$(nodist_include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(nodist_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
-	  $(nodist_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-uninstall-nodist_includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(nodist_include_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-check-TESTS: $(TESTS)
-	@failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[	 ]'; \
-	srcdir=$(srcdir); export srcdir; \
-	list=' $(TESTS) '; \
-	if test -n "$$list"; then \
-	  for tst in $$list; do \
-	    if test -f ./$$tst; then dir=./; \
-	    elif test -f $$tst; then dir=; \
-	    else dir="$(srcdir)/"; fi; \
-	    if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xpass=`expr $$xpass + 1`; \
-		failed=`expr $$failed + 1`; \
-		echo "XPASS: $$tst"; \
-	      ;; \
-	      *) \
-		echo "PASS: $$tst"; \
-	      ;; \
-	      esac; \
-	    elif test $$? -ne 77; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xfail=`expr $$xfail + 1`; \
-		echo "XFAIL: $$tst"; \
-	      ;; \
-	      *) \
-		failed=`expr $$failed + 1`; \
-		echo "FAIL: $$tst"; \
-	      ;; \
-	      esac; \
-	    else \
-	      skip=`expr $$skip + 1`; \
-	      echo "SKIP: $$tst"; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    if test "$$xfail" -eq 0; then \
-	      banner="All $$all tests passed"; \
-	    else \
-	      banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
-	    fi; \
-	  else \
-	    if test "$$xpass" -eq 0; then \
-	      banner="$$failed of $$all tests failed"; \
-	    else \
-	      banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
-	    fi; \
-	  fi; \
-	  dashes="$$banner"; \
-	  skipped=""; \
-	  if test "$$skip" -ne 0; then \
-	    skipped="($$skip tests were not run)"; \
-	    test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$skipped"; \
-	  fi; \
-	  report=""; \
-	  if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
-	    report="Please report to $(PACKAGE_BUGREPORT)"; \
-	    test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$report"; \
-	  fi; \
-	  dashes=`echo "$$dashes" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  test -z "$$skipped" || echo "$$skipped"; \
-	  test -z "$$report" || echo "$$report"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	else :; fi
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
-	$(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
-check: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(HEADERS) all-local
-installdirs:
-	for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)" "$(DESTDIR)$(includedir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-	-rm -f lex.c
-	-rm -f parse.c
-	-rm -f parse.h
-	-test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
-clean: clean-am
-
-clean-am: clean-checkPROGRAMS clean-generic clean-libLTLIBRARIES \
-	clean-libtool clean-noinstPROGRAMS mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-dist_includeHEADERS \
-	install-nodist_includeHEADERS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am: install-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-dist_includeHEADERS uninstall-libLTLIBRARIES \
-	uninstall-nodist_includeHEADERS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-TESTS check-am \
-	check-local clean clean-checkPROGRAMS clean-generic \
-	clean-libLTLIBRARIES clean-libtool clean-noinstPROGRAMS ctags \
-	dist-hook distclean distclean-compile distclean-generic \
-	distclean-libtool distclean-tags distdir dvi dvi-am html \
-	html-am info info-am install install-am install-data \
-	install-data-am install-data-hook install-dist_includeHEADERS \
-	install-dvi install-dvi-am install-exec install-exec-am \
-	install-exec-hook install-html install-html-am install-info \
-	install-info-am install-libLTLIBRARIES install-man \
-	install-nodist_includeHEADERS install-pdf install-pdf-am \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-dist_includeHEADERS \
-	uninstall-hook uninstall-libLTLIBRARIES \
-	uninstall-nodist_includeHEADERS
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-$(asn1_compile_OBJECTS): parse.h parse.c $(srcdir)/der-protos.h
-$(libasn1_la_OBJECTS): krb5_asn1.h asn1_err.h $(srcdir)/der-protos.h
-$(check_gen_OBJECTS): test_asn1.h
-$(asn1_print_OBJECTS): krb5_asn1.h
-
-parse.h: parse.c
-
-$(gen_files_k5) krb5_asn1.h: krb5_asn1_files
-$(gen_files_pkinit) pkinit_asn1.h: pkinit_asn1_files
-$(gen_files_pkcs8) pkcs8_asn1.h: pkcs8_asn1_files
-$(gen_files_pkcs9) pkcs9_asn1.h: pkcs9_asn1_files
-$(gen_files_pkcs12) pkcs12_asn1.h: pkcs12_asn1_files
-$(gen_files_digest) digest_asn1.h: digest_asn1_files
-$(gen_files_kx509) kx509_asn1.h: kx509_asn1_files
-$(gen_files_rfc2459) rfc2459_asn1.h: rfc2459_asn1_files
-$(gen_files_cms) cms_asn1.h: cms_asn1_files
-$(gen_files_test) test_asn1.h: test_asn1_files
-
-rfc2459_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/rfc2459.asn1
-	./asn1_compile$(EXEEXT) --preserve-binary=TBSCertificate --preserve-binary=TBSCRLCertList --preserve-binary=Name --sequence=GeneralNames --sequence=Extensions --sequence=CRLDistributionPoints $(srcdir)/rfc2459.asn1 rfc2459_asn1 || (rm -f rfc2459_asn1_files ; exit 1)
-
-cms_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/CMS.asn1
-	./asn1_compile$(EXEEXT) $(srcdir)/CMS.asn1 cms_asn1 || (rm -f cms_asn1_files ; exit 1)
-
-krb5_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/k5.asn1
-	./asn1_compile$(EXEEXT) --encode-rfc1510-bit-string --sequence=KRB5SignedPathPrincipals --sequence=AuthorizationData --sequence=METHOD-DATA --sequence=ETYPE-INFO --sequence=ETYPE-INFO2 $(srcdir)/k5.asn1 krb5_asn1 || (rm -f krb5_asn1_files ; exit 1)
-
-pkinit_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/pkinit.asn1
-	./asn1_compile$(EXEEXT) $(srcdir)/pkinit.asn1 pkinit_asn1 || (rm -f pkinit_asn1_files ; exit 1)
-
-pkcs8_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/pkcs8.asn1
-	./asn1_compile$(EXEEXT) $(srcdir)/pkcs8.asn1 pkcs8_asn1 || (rm -f pkcs8_asn1_files ; exit 1)
-
-pkcs9_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/pkcs9.asn1
-	./asn1_compile$(EXEEXT) $(srcdir)/pkcs9.asn1 pkcs9_asn1 || (rm -f pkcs9_asn1_files ; exit 1)
-
-pkcs12_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/pkcs12.asn1
-	./asn1_compile$(EXEEXT) $(srcdir)/pkcs12.asn1 pkcs12_asn1 || (rm -f pkcs12_asn1_files ; exit 1)
-
-digest_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/digest.asn1
-	./asn1_compile$(EXEEXT) $(srcdir)/digest.asn1 digest_asn1 || (rm -f digest_asn1_files ; exit 1)
-
-kx509_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/kx509.asn1
-	./asn1_compile$(EXEEXT) $(srcdir)/kx509.asn1 kx509_asn1 || (rm -f kx509_asn1_files ; exit 1)
-
-test_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/test.asn1
-	./asn1_compile$(EXEEXT) --sequence=TESTSeqOf $(srcdir)/test.asn1 test_asn1 || (rm -f test_asn1_files ; exit 1)
-
-$(srcdir)/der-protos.h:
-	cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -o der-protos.h $(dist_libasn1_la_SOURCES) || rm -f der-protos.h
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/asn1/asn1-common.h b/crypto/heimdal/lib/asn1/asn1-common.h
deleted file mode 100644
index 5789e0f22dfb..000000000000
--- a/crypto/heimdal/lib/asn1/asn1-common.h
+++ /dev/null
@@ -1,66 +0,0 @@
-/* $Id: asn1-common.h 22429 2008-01-13 10:25:50Z lha $ */
-
-#include <stddef.h>
-#include <time.h>
-
-#ifndef __asn1_common_definitions__
-#define __asn1_common_definitions__
-
-typedef struct heim_integer {
-    size_t length;
-    void *data;
-    int negative;
-} heim_integer;
-
-typedef struct heim_octet_string {
-    size_t length;
-    void *data;
-} heim_octet_string;
-
-typedef char *heim_general_string;
-typedef char *heim_utf8_string;
-typedef char *heim_printable_string;
-typedef char *heim_ia5_string;
-
-typedef struct heim_bmp_string {
-    size_t length;
-    uint16_t *data;
-} heim_bmp_string;
-
-typedef struct heim_universal_string {
-    size_t length;
-    uint32_t *data;
-} heim_universal_string;
-
-typedef char *heim_visible_string;
-
-typedef struct heim_oid {
-    size_t length;
-    unsigned *components;
-} heim_oid;
-
-typedef struct heim_bit_string {
-    size_t length;
-    void *data;
-} heim_bit_string;
-
-typedef struct heim_octet_string heim_any;
-typedef struct heim_octet_string heim_any_set;
-
-#define ASN1_MALLOC_ENCODE(T, B, BL, S, L, R)                  \
-  do {                                                         \
-    (BL) = length_##T((S));                                    \
-    (B) = malloc((BL));                                        \
-    if((B) == NULL) {                                          \
-      (R) = ENOMEM;                                            \
-    } else {                                                   \
-      (R) = encode_##T(((unsigned char*)(B)) + (BL) - 1, (BL), \
-                       (S), (L));                              \
-      if((R) != 0) {                                           \
-        free((B));                                             \
-        (B) = NULL;                                            \
-      }                                                        \
-    }                                                          \
-  } while (0)
-
-#endif
diff --git a/crypto/heimdal/lib/asn1/asn1_err.et b/crypto/heimdal/lib/asn1/asn1_err.et
deleted file mode 100644
index c624e218e7cc..000000000000
--- a/crypto/heimdal/lib/asn1/asn1_err.et
+++ /dev/null
@@ -1,25 +0,0 @@
-#
-# Error messages for the asn.1 library
-#
-# This might look like a com_err file, but is not
-#
-id "$Id: asn1_err.et 21394 2007-07-02 10:14:43Z lha $"
-
-error_table asn1
-prefix ASN1
-error_code BAD_TIMEFORMAT,	"ASN.1 failed call to system time library"
-error_code MISSING_FIELD,	"ASN.1 structure is missing a required field"
-error_code MISPLACED_FIELD,	"ASN.1 unexpected field number"
-error_code TYPE_MISMATCH,	"ASN.1 type numbers are inconsistent"
-error_code OVERFLOW,		"ASN.1 value too large"
-error_code OVERRUN,		"ASN.1 encoding ended unexpectedly"
-error_code BAD_ID,		"ASN.1 identifier doesn't match expected value"
-error_code BAD_LENGTH,		"ASN.1 length doesn't match expected value"
-error_code BAD_FORMAT,		"ASN.1 badly-formatted encoding"
-error_code PARSE_ERROR,		"ASN.1 parse error"
-error_code EXTRA_DATA,		"ASN.1 extra data past end of end structure"
-error_code BAD_CHARACTER,	"ASN.1 invalid character in string"
-error_code MIN_CONSTRAINT,	"ASN.1 too few elements"
-error_code MAX_CONSTRAINT,	"ASN.1 too many elements"
-error_code EXACT_CONSTRAINT,	"ASN.1 wrong number of elements"
-end
diff --git a/crypto/heimdal/lib/asn1/asn1_gen.c b/crypto/heimdal/lib/asn1/asn1_gen.c
deleted file mode 100644
index 65b382e6daf0..000000000000
--- a/crypto/heimdal/lib/asn1/asn1_gen.c
+++ /dev/null
@@ -1,187 +0,0 @@
-/*
- * Copyright (c) 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "der_locl.h"
-#include <com_err.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <ctype.h>
-#include <getarg.h>
-#include <hex.h>
-#include <err.h>
-
-RCSID("$Id: asn1_gen.c 16666 2006-01-30 15:06:03Z lha $");
-
-static int
-doit(const char *fn)
-{
-    char buf[2048];
-    char *fnout;
-    const char *bname;
-    unsigned long line = 0;
-    FILE *f, *fout;
-    size_t offset = 0;
-
-    f = fopen(fn, "r");
-    if (f == NULL)
-	err(1, "fopen");
-
-    bname = strrchr(fn, '/');
-    if (bname)
-	bname++;
-    else
-	bname = fn;
-
-    asprintf(&fnout, "%s.out", bname);
-    if (fnout == NULL)
-	errx(1, "malloc");
-
-    fout = fopen(fnout, "w");
-    if (fout == NULL)
-	err(1, "fopen: output file");
-
-    while (fgets(buf, sizeof(buf), f) != NULL) {
-	char *ptr, *class, *type, *tag, *length, *data, *foo;
-	int ret, l, c, ty, ta;
-	unsigned char p[6], *pdata;
-	size_t sz;
-
-	line++;
-
-	buf[strcspn(buf, "\r\n")] = '\0';
-	if (buf[0] == '#' || buf[0] == '\0')
-	    continue;
-
-	ptr = buf;
-	while (isspace((unsigned char)*ptr))
-	       ptr++;
-
-	class = strtok_r(ptr, " \t\n", &foo);
-	if (class == NULL) errx(1, "class missing on line %lu", line);
-	type = strtok_r(NULL, " \t\n", &foo);
-	if (type == NULL) errx(1, "type missing on line %lu", line);
-	tag = strtok_r(NULL, " \t\n", &foo);
-	if (tag == NULL) errx(1, "tag missing on line %lu", line);
-	length = strtok_r(NULL, " \t\n", &foo);
-	if (length == NULL) errx(1, "length missing on line %lu", line);
-	data = strtok_r(NULL, " \t\n", &foo);
-
-	c = der_get_class_num(class);
-	if (c == -1) errx(1, "no valid class on line %lu", line);
-	ty = der_get_type_num(type);
-	if (ty == -1) errx(1, "no valid type on line %lu", line);
-	ta = der_get_tag_num(tag);
-	if (ta == -1)
-	    ta = atoi(tag);
-
-	l = atoi(length);
-
-	printf("line: %3lu offset: %3lu class: %d type: %d "
-	       "tag: %3d length: %3d %s\n", 
-	       line, (unsigned long)offset, c, ty, ta, l, 
-	       data ? "<have data>" : "<no data>");
-
-	ret = der_put_length_and_tag(p + sizeof(p) - 1, sizeof(p),
-				     l,
-				     c,
-				     ty,
-				     ta,
-				     &sz);
-	if (ret)
-	    errx(1, "der_put_length_and_tag: %d", ret);
-	
-	if (fwrite(p + sizeof(p) - sz , sz, 1, fout) != 1)
-	    err(1, "fwrite length/tag failed");
-	offset += sz;
-	
-	if (data) {
-	    size_t datalen;
-	    
-	    datalen = strlen(data) / 2;
-	    pdata = emalloc(sz);
-	    
-	    if (hex_decode(data, pdata, datalen) != datalen)
-		errx(1, "failed to decode data");
-	    
-	    if (fwrite(pdata, datalen, 1, fout) != 1)
-		err(1, "fwrite data failed");
-	    offset += datalen;
-	    
-	    free(pdata);
-	}
-    }
-    printf("line: eof offset: %lu\n", (unsigned long)offset);
-    
-    fclose(fout);
-    fclose(f);
-    return 0;
-}
-
-
-static int version_flag;
-static int help_flag;
-struct getargs args[] = {
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 0, arg_flag, &help_flag }
-};
-int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(int code)
-{
-    arg_printusage(args, num_args, NULL, "parse-file");
-    exit(code);
-}
-
-int
-main(int argc, char **argv)
-{
-    int optidx = 0;
-
-    setprogname (argv[0]);
-
-    if(getarg(args, num_args, argc, argv, &optidx))
-	usage(1);
-    if(help_flag)
-	usage(0);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-    argv += optidx;
-    argc -= optidx;
-    if (argc != 1)
-	usage (1);
-
-    return doit (argv[0]);
-}
diff --git a/crypto/heimdal/lib/asn1/asn1_print.c b/crypto/heimdal/lib/asn1/asn1_print.c
deleted file mode 100644
index e00bf10c80f4..000000000000
--- a/crypto/heimdal/lib/asn1/asn1_print.c
+++ /dev/null
@@ -1,304 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "der_locl.h"
-#include <com_err.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <getarg.h>
-#include <err.h>
-#include <der.h>
-
-RCSID("$Id: asn1_print.c 19539 2006-12-28 17:15:05Z lha $");
-
-static int indent_flag = 1;
-
-static unsigned long indefinite_form_loop;
-static unsigned long indefinite_form_loop_max = 10000;
-
-static size_t
-loop (unsigned char *buf, size_t len, int indent)
-{
-    unsigned char *start_buf = buf;
-
-    while (len > 0) {
-	int ret;
-	Der_class class;
-	Der_type type;
-	unsigned int tag;
-	size_t sz;
-	size_t length;
-	size_t loop_length = 0;
-	int end_tag = 0;
-	const char *tagname;
-
-	ret = der_get_tag (buf, len, &class, &type, &tag, &sz);
-	if (ret)
-	    errx (1, "der_get_tag: %s", error_message (ret));
-	if (sz > len)
-	    errx (1, "unreasonable length (%u) > %u",
-		  (unsigned)sz, (unsigned)len);
-	buf += sz;
-	len -= sz;
-	if (indent_flag) {
-	    int i;
-	    for (i = 0; i < indent; ++i)
-		printf (" ");
-	}
-	printf ("%s %s ", der_get_class_name(class), der_get_type_name(type));
-	tagname = der_get_tag_name(tag);
-	if (class == ASN1_C_UNIV && tagname != NULL)
-	    printf ("%s = ", tagname);
-	else
-	    printf ("tag %d = ", tag);
-	ret = der_get_length (buf, len, &length, &sz);
-	if (ret)
-	    errx (1, "der_get_tag: %s", error_message (ret));
-	if (sz > len)
-	    errx (1, "unreasonable tag length (%u) > %u",
-		  (unsigned)sz, (unsigned)len);
-	buf += sz;
-	len -= sz;
-	if (length == ASN1_INDEFINITE) {
-	    if ((class == ASN1_C_UNIV && type == PRIM && tag == UT_OctetString) ||
-		(class == ASN1_C_CONTEXT && type == CONS) ||
-		(class == ASN1_C_UNIV && type == CONS && tag == UT_Sequence) ||
-		(class == ASN1_C_UNIV && type == CONS && tag == UT_Set)) {
-		printf("*INDEFINITE FORM*");
-	    } else {
-		fflush(stdout);
-		errx(1, "indef form used on unsupported object");
-	    }
-	    end_tag = 1;
-	    if (indefinite_form_loop > indefinite_form_loop_max)
-		errx(1, "indefinite form used recursively more then %lu "
-		     "times, aborting", indefinite_form_loop_max);
-	    indefinite_form_loop++;
-	    length = len;
-	} else if (length > len) {
-	    printf("\n");
-	    fflush(stdout);
-	    errx (1, "unreasonable inner length (%u) > %u",
-		  (unsigned)length, (unsigned)len);
-	}
-	if (class == ASN1_C_CONTEXT || class == ASN1_C_APPL) {
-	    printf ("%lu bytes [%u]", (unsigned long)length, tag);
-	    if (type == CONS) {
-		printf("\n");
-		loop_length = loop (buf, length, indent + 2);
-	    } else {
-		printf(" IMPLICIT content\n");
-	    }
-	} else if (class == ASN1_C_UNIV) {
-	    switch (tag) {
-	    case UT_EndOfContent:
-		printf (" INDEFINITE length was %lu\n",
-			(unsigned long)(buf - start_buf));
-		break;
-	    case UT_Set :
-	    case UT_Sequence :
-		printf ("%lu bytes {\n", (unsigned long)length);
-		loop_length = loop (buf, length, indent + 2);
-		if (indent_flag) {
-		    int i;
-		    for (i = 0; i < indent; ++i)
-			printf (" ");
-		    printf ("}\n");
-		} else
-		    printf ("} indent = %d\n", indent / 2);
-		break;
-	    case UT_Integer : {
-		int val;
-
-		if (length <= sizeof(val)) {
-		    ret = der_get_integer (buf, length, &val, NULL);
-		    if (ret)
-			errx (1, "der_get_integer: %s", error_message (ret));
-		    printf ("integer %d\n", val);
-		} else {
-		    heim_integer vali;
-		    char *p;
-
-		    ret = der_get_heim_integer(buf, length, &vali, NULL);
-		    if (ret)
-			errx (1, "der_get_heim_integer: %s", 
-			      error_message (ret));
-		    ret = der_print_hex_heim_integer(&vali, &p);
-		    if (ret)
-			errx (1, "der_print_hex_heim_integer: %s", 
-			      error_message (ret));
-		    printf ("BIG NUM integer: length %lu %s\n", 
-			    (unsigned long)length, p);
-		    free(p);
-		}
-		break;
-	    }
-	    case UT_OctetString : {
-		heim_octet_string str;
-		int i;
-		unsigned char *uc;
-
-		ret = der_get_octet_string (buf, length, &str, NULL);
-		if (ret)
-		    errx (1, "der_get_octet_string: %s", error_message (ret));
-		printf ("(length %lu), ", (unsigned long)length);
-		uc = (unsigned char *)str.data;
-		for (i = 0; i < min(16,length); ++i)
-		    printf ("%02x", uc[i]);
-		printf ("\n");
-		free (str.data);
-		break;
-	    }
-	    case UT_GeneralizedTime :
-	    case UT_GeneralString :
-	    case UT_PrintableString :
-	    case UT_VisibleString : {
-		heim_general_string str;
-
-		ret = der_get_general_string (buf, length, &str, NULL);
-		if (ret)
-		    errx (1, "der_get_general_string: %s",
-			  error_message (ret));
-		printf ("\"%s\"\n", str);
-		free (str);
-		break;
-	    }
-	    case UT_OID: {
-		heim_oid o;
-		char *p;
-
-		ret = der_get_oid(buf, length, &o, NULL);
-		if (ret)
-		    errx (1, "der_get_oid: %s", error_message (ret));
-		ret = der_print_heim_oid(&o, '.', &p);
-		der_free_oid(&o);
-		if (ret)
-		    errx (1, "der_print_heim_oid: %s", error_message (ret));
-		printf("%s\n", p);
-		free(p);
-
-		break;
-	    }
-	    case UT_Enumerated: {
-		int num;
-
-		ret = der_get_integer (buf, length, &num, NULL);
-		if (ret)
-		    errx (1, "der_get_enum: %s", error_message (ret));
-		
-		printf("%u\n", num);
-		break;
-	    }
-	    default :
-		printf ("%lu bytes\n", (unsigned long)length);
-		break;
-	    }
-	}
-	if (end_tag) {
-	    if (loop_length == 0)
-		errx(1, "zero length INDEFINITE data ? indent = %d\n", 
-		     indent / 2);
-	    if (loop_length < length)
-		length = loop_length;
-	    if (indefinite_form_loop == 0)
-		errx(1, "internal error in indefinite form loop detection");
-	    indefinite_form_loop--;
-	} else if (loop_length)
-	    errx(1, "internal error for INDEFINITE form");
-	buf += length;
-	len -= length;
-    }
-    return 0;
-}
-
-static int
-doit (const char *filename)
-{
-    int fd = open (filename, O_RDONLY);
-    struct stat sb;
-    unsigned char *buf;
-    size_t len;
-    int ret;
-
-    if(fd < 0)
-	err (1, "opening %s for read", filename);
-    if (fstat (fd, &sb) < 0)
-	err (1, "stat %s", filename);
-    len = sb.st_size;
-    buf = emalloc (len);
-    if (read (fd, buf, len) != len)
-	errx (1, "read failed");
-    close (fd);
-    ret = loop (buf, len, 0);
-    free (buf);
-    return 0;
-}
-
-
-static int version_flag;
-static int help_flag;
-struct getargs args[] = {
-    { "indent", 0, arg_negative_flag, &indent_flag },
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 0, arg_flag, &help_flag }
-};
-int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(int code)
-{
-    arg_printusage(args, num_args, NULL, "dump-file");
-    exit(code);
-}
-
-int
-main(int argc, char **argv)
-{
-    int optidx = 0;
-
-    setprogname (argv[0]);
-    initialize_asn1_error_table ();
-    if(getarg(args, num_args, argc, argv, &optidx))
-	usage(1);
-    if(help_flag)
-	usage(0);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-    argv += optidx;
-    argc -= optidx;
-    if (argc != 1)
-	usage (1);
-    return doit (argv[0]);
-}
diff --git a/crypto/heimdal/lib/asn1/asn1_queue.h b/crypto/heimdal/lib/asn1/asn1_queue.h
deleted file mode 100644
index 3659b3859d0d..000000000000
--- a/crypto/heimdal/lib/asn1/asn1_queue.h
+++ /dev/null
@@ -1,167 +0,0 @@
-/*	$NetBSD: queue.h,v 1.38 2004/04/18 14:12:05 lukem Exp $	*/
-/*	$Id: asn1_queue.h 15617 2005-07-12 06:27:42Z lha $ */
-
-/*
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)queue.h	8.5 (Berkeley) 8/20/94
- */
-
-#ifndef	_ASN1_QUEUE_H_
-#define	_ASN1_QUEUE_H_
-
-/*
- * Tail queue definitions.
- */
-#define	ASN1_TAILQ_HEAD(name, type)					\
-struct name {								\
-	struct type *tqh_first;	/* first element */			\
-	struct type **tqh_last;	/* addr of last next element */		\
-}
-
-#define	ASN1_TAILQ_HEAD_INITIALIZER(head)				\
-	{ NULL, &(head).tqh_first }
-#define	ASN1_TAILQ_ENTRY(type)						\
-struct {								\
-	struct type *tqe_next;	/* next element */			\
-	struct type **tqe_prev;	/* address of previous next element */	\
-}
-
-/*
- * Tail queue functions.
- */
-#if defined(_KERNEL) && defined(QUEUEDEBUG)
-#define	QUEUEDEBUG_ASN1_TAILQ_INSERT_HEAD(head, elm, field)		\
-	if ((head)->tqh_first &&					\
-	    (head)->tqh_first->field.tqe_prev != &(head)->tqh_first)	\
-		panic("ASN1_TAILQ_INSERT_HEAD %p %s:%d", (head), __FILE__, __LINE__);
-#define	QUEUEDEBUG_ASN1_TAILQ_INSERT_TAIL(head, elm, field)		\
-	if (*(head)->tqh_last != NULL)					\
-		panic("ASN1_TAILQ_INSERT_TAIL %p %s:%d", (head), __FILE__, __LINE__);
-#define	QUEUEDEBUG_ASN1_TAILQ_OP(elm, field)				\
-	if ((elm)->field.tqe_next &&					\
-	    (elm)->field.tqe_next->field.tqe_prev !=			\
-	    &(elm)->field.tqe_next)					\
-		panic("ASN1_TAILQ_* forw %p %s:%d", (elm), __FILE__, __LINE__);\
-	if (*(elm)->field.tqe_prev != (elm))				\
-		panic("ASN1_TAILQ_* back %p %s:%d", (elm), __FILE__, __LINE__);
-#define	QUEUEDEBUG_ASN1_TAILQ_PREREMOVE(head, elm, field)		\
-	if ((elm)->field.tqe_next == NULL &&				\
-	    (head)->tqh_last != &(elm)->field.tqe_next)			\
-		panic("ASN1_TAILQ_PREREMOVE head %p elm %p %s:%d",	\
-		      (head), (elm), __FILE__, __LINE__);
-#define	QUEUEDEBUG_ASN1_TAILQ_POSTREMOVE(elm, field)			\
-	(elm)->field.tqe_next = (void *)1L;				\
-	(elm)->field.tqe_prev = (void *)1L;
-#else
-#define	QUEUEDEBUG_ASN1_TAILQ_INSERT_HEAD(head, elm, field)
-#define	QUEUEDEBUG_ASN1_TAILQ_INSERT_TAIL(head, elm, field)
-#define	QUEUEDEBUG_ASN1_TAILQ_OP(elm, field)
-#define	QUEUEDEBUG_ASN1_TAILQ_PREREMOVE(head, elm, field)
-#define	QUEUEDEBUG_ASN1_TAILQ_POSTREMOVE(elm, field)
-#endif
-
-#define	ASN1_TAILQ_INIT(head) do {					\
-	(head)->tqh_first = NULL;					\
-	(head)->tqh_last = &(head)->tqh_first;				\
-} while (/*CONSTCOND*/0)
-
-#define	ASN1_TAILQ_INSERT_HEAD(head, elm, field) do {			\
-	QUEUEDEBUG_ASN1_TAILQ_INSERT_HEAD((head), (elm), field)		\
-	if (((elm)->field.tqe_next = (head)->tqh_first) != NULL)	\
-		(head)->tqh_first->field.tqe_prev =			\
-		    &(elm)->field.tqe_next;				\
-	else								\
-		(head)->tqh_last = &(elm)->field.tqe_next;		\
-	(head)->tqh_first = (elm);					\
-	(elm)->field.tqe_prev = &(head)->tqh_first;			\
-} while (/*CONSTCOND*/0)
-
-#define	ASN1_TAILQ_INSERT_TAIL(head, elm, field) do {			\
-	QUEUEDEBUG_ASN1_TAILQ_INSERT_TAIL((head), (elm), field)		\
-	(elm)->field.tqe_next = NULL;					\
-	(elm)->field.tqe_prev = (head)->tqh_last;			\
-	*(head)->tqh_last = (elm);					\
-	(head)->tqh_last = &(elm)->field.tqe_next;			\
-} while (/*CONSTCOND*/0)
-
-#define	ASN1_TAILQ_INSERT_AFTER(head, listelm, elm, field) do {		\
-	QUEUEDEBUG_ASN1_TAILQ_OP((listelm), field)			\
-	if (((elm)->field.tqe_next = (listelm)->field.tqe_next) != NULL)\
-		(elm)->field.tqe_next->field.tqe_prev = 		\
-		    &(elm)->field.tqe_next;				\
-	else								\
-		(head)->tqh_last = &(elm)->field.tqe_next;		\
-	(listelm)->field.tqe_next = (elm);				\
-	(elm)->field.tqe_prev = &(listelm)->field.tqe_next;		\
-} while (/*CONSTCOND*/0)
-
-#define	ASN1_TAILQ_INSERT_BEFORE(listelm, elm, field) do {		\
-	QUEUEDEBUG_ASN1_TAILQ_OP((listelm), field)			\
-	(elm)->field.tqe_prev = (listelm)->field.tqe_prev;		\
-	(elm)->field.tqe_next = (listelm);				\
-	*(listelm)->field.tqe_prev = (elm);				\
-	(listelm)->field.tqe_prev = &(elm)->field.tqe_next;		\
-} while (/*CONSTCOND*/0)
-
-#define	ASN1_TAILQ_REMOVE(head, elm, field) do {			\
-	QUEUEDEBUG_ASN1_TAILQ_PREREMOVE((head), (elm), field)		\
-	QUEUEDEBUG_ASN1_TAILQ_OP((elm), field)				\
-	if (((elm)->field.tqe_next) != NULL)				\
-		(elm)->field.tqe_next->field.tqe_prev = 		\
-		    (elm)->field.tqe_prev;				\
-	else								\
-		(head)->tqh_last = (elm)->field.tqe_prev;		\
-	*(elm)->field.tqe_prev = (elm)->field.tqe_next;			\
-	QUEUEDEBUG_ASN1_TAILQ_POSTREMOVE((elm), field);			\
-} while (/*CONSTCOND*/0)
-
-#define	ASN1_TAILQ_FOREACH(var, head, field)				\
-	for ((var) = ((head)->tqh_first);				\
-		(var);							\
-		(var) = ((var)->field.tqe_next))
-
-#define	ASN1_TAILQ_FOREACH_REVERSE(var, head, headname, field)		\
-	for ((var) = (*(((struct headname *)((head)->tqh_last))->tqh_last)); \
-		(var);							\
-		(var) = (*(((struct headname *)((var)->field.tqe_prev))->tqh_last)))
-
-/*
- * Tail queue access methods.
- */
-#define	ASN1_TAILQ_EMPTY(head)		((head)->tqh_first == NULL)
-#define	ASN1_TAILQ_FIRST(head)		((head)->tqh_first)
-#define	ASN1_TAILQ_NEXT(elm, field)		((elm)->field.tqe_next)
-
-#define	ASN1_TAILQ_LAST(head, headname) \
-	(*(((struct headname *)((head)->tqh_last))->tqh_last))
-#define	ASN1_TAILQ_PREV(elm, headname, field) \
-	(*(((struct headname *)((elm)->field.tqe_prev))->tqh_last))
-
-
-#endif	/* !_ASN1_QUEUE_H_ */
diff --git a/crypto/heimdal/lib/asn1/canthandle.asn1 b/crypto/heimdal/lib/asn1/canthandle.asn1
deleted file mode 100644
index 5ba3e3880c2e..000000000000
--- a/crypto/heimdal/lib/asn1/canthandle.asn1
+++ /dev/null
@@ -1,34 +0,0 @@
--- $Id: canthandle.asn1 22071 2007-11-14 20:04:50Z lha $ --
-
-CANTHANDLE DEFINITIONS ::= BEGIN
-
--- Code the tag [1] but not the [ CONTEXT CONS UT_Sequence ] for Kaka2
--- Workaround: use inline the structure directly
--- Code the tag [2] but it should be primitive since KAKA3 is
--- Workaround: use the INTEGER type directly
-
-Kaka2  ::= SEQUENCE { 
-        kaka2-1 [0] INTEGER
-}
-
-Kaka3  ::= INTEGER
-
-Foo ::= SEQUENCE {
-        kaka1 [0] IMPLICIT INTEGER OPTIONAL,
-        kaka2 [1] IMPLICIT Kaka2 OPTIONAL,
-        kaka3 [2] IMPLICIT Kaka3 OPTIONAL
-}
-
--- Don't code kaka if it's 1
--- Workaround is to use OPTIONAL and check for in the encoder stubs
-
-Bar ::= SEQUENCE {
-        kaka [0] INTEGER DEFAULT 1
-}
-
---  Can't handle primitives in SET OF
---  Workaround is to define a type that is only an integer and use that
-
-Baz ::= SET OF INTEGER
-
-END
diff --git a/crypto/heimdal/lib/asn1/check-common.c b/crypto/heimdal/lib/asn1/check-common.c
deleted file mode 100644
index adf95f6a9f63..000000000000
--- a/crypto/heimdal/lib/asn1/check-common.c
+++ /dev/null
@@ -1,376 +0,0 @@
-/*
- * Copyright (c) 1999 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#ifdef HAVE_SYS_MMAN_H
-#include <sys/mman.h>
-#endif
-#include <stdio.h>
-#include <string.h>
-#include <err.h>
-#include <roken.h>
-
-#include "check-common.h"
-
-RCSID("$Id: check-common.c 18751 2006-10-21 14:49:13Z lha $");
-
-struct map_page {
-    void *start;
-    size_t size;
-    void *data_start;
-    size_t data_size;
-    enum map_type type;
-};
-
-/* #undef HAVE_MMAP */
-
-void *
-map_alloc(enum map_type type, const void *buf, 
-	  size_t size, struct map_page **map)
-{
-#ifndef HAVE_MMAP
-    unsigned char *p;
-    size_t len = size + sizeof(long) * 2;
-    int i;
-    
-    *map = ecalloc(1, sizeof(**map));
-
-    p = emalloc(len);
-    (*map)->type = type;
-    (*map)->start = p;
-    (*map)->size = len;
-    (*map)->data_start = p + sizeof(long);
-    for (i = sizeof(long); i > 0; i--)
-	p[sizeof(long) - i] = 0xff - i;
-    for (i = sizeof(long); i > 0; i--)
-	p[len - i] = 0xff - i;
-#else
-    unsigned char *p;
-    int flags, ret, fd;
-    size_t pagesize = getpagesize();
-
-    *map = ecalloc(1, sizeof(**map));
-
-    (*map)->type = type;
-
-#ifdef MAP_ANON
-    flags = MAP_ANON;
-    fd = -1;
-#else
-    flags = 0;
-    fd = open ("/dev/zero", O_RDONLY);
-    if(fd < 0)
-	err (1, "open /dev/zero");
-#endif
-    flags |= MAP_PRIVATE;
-
-    (*map)->size = size + pagesize - (size % pagesize) + pagesize * 2;
-
-    p = (unsigned char *)mmap(0, (*map)->size, PROT_READ | PROT_WRITE,
-			      flags, fd, 0);
-    if (p == (unsigned char *)MAP_FAILED)
-	err (1, "mmap");
-
-    (*map)->start = p;
-
-    ret = mprotect (p, pagesize, 0);
-    if (ret < 0)
-	err (1, "mprotect");
-
-    ret = mprotect (p + (*map)->size - pagesize, pagesize, 0);
-    if (ret < 0)
-	err (1, "mprotect");
-
-    switch (type) {
-    case OVERRUN:
-	(*map)->data_start = p + (*map)->size - pagesize - size;
-	break;
-    case UNDERRUN:
-	(*map)->data_start = p + pagesize;
-	break;
-   default:
-	abort();
-    }
-#endif
-    (*map)->data_size = size;
-    if (buf)
-	memcpy((*map)->data_start, buf, size);
-    return (*map)->data_start;
-}
-
-void
-map_free(struct map_page *map, const char *test_name, const char *map_name)
-{
-#ifndef HAVE_MMAP
-    unsigned char *p = map->start;
-    int i;
-    
-    for (i = sizeof(long); i > 0; i--)
-	if (p[sizeof(long) - i] != 0xff - i)
-	    errx(1, "%s: %s underrun %d\n", test_name, map_name, i);
-    for (i = sizeof(long); i > 0; i--)
-	if (p[map->size - i] != 0xff - i)
-	    errx(1, "%s: %s overrun %lu\n", test_name, map_name, 
-		 (unsigned long)map->size - i);
-    free(map->start);
-#else
-    int ret;
-    
-    ret = munmap (map->start, map->size);
-    if (ret < 0)
-	err (1, "munmap");
-#endif
-    free(map);
-}
-
-static void
-print_bytes (unsigned const char *buf, size_t len)
-{
-    int i;
-
-    for (i = 0; i < len; ++i)
-	printf ("%02x ", buf[i]);
-}
-
-#ifndef MAP_FAILED
-#define MAP_FAILED (-1)
-#endif
-
-static char *current_test = "<uninit>";
-static char *current_state = "<uninit>";
-
-static RETSIGTYPE
-segv_handler(int sig)
-{
-    int fd;
-    char msg[] = "SIGSEGV i current test: ";
-    
-    fd = open("/dev/stdout", O_WRONLY, 0600);
-    if (fd >= 0) {
-	write(fd, msg, sizeof(msg));
-	write(fd, current_test, strlen(current_test));
-	write(fd, " ", 1);
-	write(fd, current_state, strlen(current_state));
-	write(fd, "\n", 1);
-	close(fd);
-    }
-    _exit(1);
-}
-
-int
-generic_test (const struct test_case *tests,
-	      unsigned ntests,
-	      size_t data_size,
-	      int (*encode)(unsigned char *, size_t, void *, size_t *),
-	      int (*length)(void *),
-	      int (*decode)(unsigned char *, size_t, void *, size_t *),
-	      int (*free_data)(void *),
-	      int (*cmp)(void *a, void *b))
-{
-    unsigned char *buf, *buf2;
-    int i;
-    int failures = 0;
-    void *data;
-    struct map_page *data_map, *buf_map, *buf2_map;
-
-    struct sigaction sa, osa;
-
-    for (i = 0; i < ntests; ++i) {
-	int ret;
-	size_t sz, consumed_sz, length_sz, buf_sz;
-
-	current_test = tests[i].name;
-
-	current_state = "init";
-
-	sigemptyset (&sa.sa_mask);
-	sa.sa_flags = 0;
-#ifdef SA_RESETHAND
-	sa.sa_flags |= SA_RESETHAND;
-#endif
-	sa.sa_handler = segv_handler;
-	sigaction (SIGSEGV, &sa, &osa);
-
-	data = map_alloc(OVERRUN, NULL, data_size, &data_map);
-
-	buf_sz = tests[i].byte_len;
-	buf = map_alloc(UNDERRUN, NULL, buf_sz, &buf_map);
-
-	current_state = "encode";
-	ret = (*encode) (buf + buf_sz - 1, buf_sz,
-			 tests[i].val, &sz);
-	if (ret != 0) {
-	    printf ("encoding of %s failed %d\n", tests[i].name, ret);
-	    ++failures;
-	    continue;
-	}
-	if (sz != tests[i].byte_len) {
-	    printf ("encoding of %s has wrong len (%lu != %lu)\n",
-		    tests[i].name, 
-		    (unsigned long)sz, (unsigned long)tests[i].byte_len);
-	    ++failures;
-	    continue;
-	}
-
-	current_state = "length";
-	length_sz = (*length) (tests[i].val);
-	if (sz != length_sz) {
-	    printf ("length for %s is bad (%lu != %lu)\n",
-		    tests[i].name, (unsigned long)length_sz, (unsigned long)sz);
-	    ++failures;
-	    continue;
-	}
-
-	current_state = "memcmp";
-	if (memcmp (buf, tests[i].bytes, tests[i].byte_len) != 0) {
-	    printf ("encoding of %s has bad bytes:\n"
-		    "correct: ", tests[i].name);
-	    print_bytes ((unsigned char *)tests[i].bytes, tests[i].byte_len);
-	    printf ("\nactual:  ");
-	    print_bytes (buf, sz);
-	    printf ("\n");
-	    ++failures;
-	    continue;
-	}
-
-	buf2 = map_alloc(OVERRUN, buf, sz, &buf2_map);
-
-	current_state = "decode";
-	ret = (*decode) (buf2, sz, data, &consumed_sz);
-	if (ret != 0) {
-	    printf ("decoding of %s failed %d\n", tests[i].name, ret);
-	    ++failures;
-	    continue;
-	}
-	if (sz != consumed_sz) {
-	    printf ("different length decoding %s (%ld != %ld)\n",
-		    tests[i].name, 
-		    (unsigned long)sz, (unsigned long)consumed_sz);
-	    ++failures;
-	    continue;
-	}
-	current_state = "cmp";
-	if ((*cmp)(data, tests[i].val) != 0) {
-	    printf ("%s: comparison failed\n", tests[i].name);
-	    ++failures;
-	    continue;
-	}
-	current_state = "free";
-	if (free_data)
-	    (*free_data)(data);
-
-	current_state = "free";
-	map_free(buf_map, tests[i].name, "encode");
-	map_free(buf2_map, tests[i].name, "decode");
-	map_free(data_map, tests[i].name, "data");
-
-	sigaction (SIGSEGV, &osa, NULL);
-    }
-    current_state = "done";
-    return failures;
-}
-
-/*
- * check for failures
- * 
- * a test size (byte_len) of -1 means that the test tries to trigger a
- * integer overflow (and later a malloc of to little memory), just
- * allocate some memory and hope that is enough for that test.
- */
-
-int
-generic_decode_fail (const struct test_case *tests,
-		     unsigned ntests,
-		     size_t data_size,
-		     int (*decode)(unsigned char *, size_t, void *, size_t *))
-{
-    unsigned char *buf;
-    int i;
-    int failures = 0;
-    void *data;
-    struct map_page *data_map, *buf_map;
-
-    struct sigaction sa, osa;
-
-    for (i = 0; i < ntests; ++i) {
-	int ret;
-	size_t sz;
-	const void *bytes;
-	
-	current_test = tests[i].name;
-
-	current_state = "init";
-
-	sigemptyset (&sa.sa_mask);
-	sa.sa_flags = 0;
-#ifdef SA_RESETHAND
-	sa.sa_flags |= SA_RESETHAND;
-#endif
-	sa.sa_handler = segv_handler;
-	sigaction (SIGSEGV, &sa, &osa);
-
-	data = map_alloc(OVERRUN, NULL, data_size, &data_map);
-
-	if (tests[i].byte_len < 0xffffff && tests[i].byte_len >= 0) {
-	    sz = tests[i].byte_len;
-	    bytes = tests[i].bytes;
-	} else {
-	    sz = 4096;
-	    bytes = NULL;
-	}
-		
-	buf = map_alloc(OVERRUN, bytes, sz, &buf_map);
-
-	if (tests[i].byte_len == -1)
-	    memset(buf, 0, sz);
-
-	current_state = "decode";
-	ret = (*decode) (buf, tests[i].byte_len, data, &sz);
-	if (ret == 0) {
-	    printf ("sucessfully decoded %s\n", tests[i].name);
-	    ++failures;
-	    continue;
-	}
-
-	current_state = "free";
-	if (buf)
-	    map_free(buf_map, tests[i].name, "encode");
-	map_free(data_map, tests[i].name, "data");
-
-	sigaction (SIGSEGV, &osa, NULL);
-    }
-    current_state = "done";
-    return failures;
-}
diff --git a/crypto/heimdal/lib/asn1/check-common.h b/crypto/heimdal/lib/asn1/check-common.h
deleted file mode 100644
index b1cb647e6ab6..000000000000
--- a/crypto/heimdal/lib/asn1/check-common.h
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright (c) 1999 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-struct test_case {
-    void *val;
-    int byte_len;
-    const char *bytes;
-    char *name;
-};
-
-typedef int (*generic_encode)(unsigned char *, size_t, void *, size_t *);
-typedef int (*generic_length)(void *);
-typedef int (*generic_decode)(unsigned char *, size_t, void *, size_t *);
-typedef int (*generic_free)(void *);
-
-int
-generic_test (const struct test_case *tests,
-	      unsigned ntests,
-	      size_t data_size,
-	      int (*encode)(unsigned char *, size_t, void *, size_t *),
-	      int (*length)(void *),
-	      int (*decode)(unsigned char *, size_t, void *, size_t *),
-	      int (*free_data)(void *),
-	      int (*cmp)(void *a, void *b));
-
-int
-generic_decode_fail(const struct test_case *tests,
-		    unsigned ntests,
-		    size_t data_size,
-		    int (*decode)(unsigned char *, size_t, void *, size_t *));
-
-
-struct map_page;
-
-enum map_type { OVERRUN, UNDERRUN };
-
-struct map_page;
-
-void *	map_alloc(enum map_type, const void *, size_t, struct map_page **);
-void	map_free(struct map_page *, const char *, const char *);
diff --git a/crypto/heimdal/lib/asn1/check-der.c b/crypto/heimdal/lib/asn1/check-der.c
deleted file mode 100644
index 9ba260145e1d..000000000000
--- a/crypto/heimdal/lib/asn1/check-der.c
+++ /dev/null
@@ -1,1089 +0,0 @@
-/*
- * Copyright (c) 1999 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "der_locl.h"
-#include <err.h>
-#include <roken.h>
-
-#include <asn1-common.h>
-#include <asn1_err.h>
-#include <der.h>
-
-#include "check-common.h"
-
-RCSID("$Id: check-der.c 21359 2007-06-27 08:15:41Z lha $");
-
-static int
-cmp_integer (void *a, void *b)
-{
-    int *ia = (int *)a;
-    int *ib = (int *)b;
-
-    return *ib - *ia;
-}
-
-static int
-test_integer (void)
-{
-    struct test_case tests[] = {
-	{NULL, 1, "\x00"},
-	{NULL, 1, "\x7f"},
-	{NULL, 2, "\x00\x80"},
-	{NULL, 2, "\x01\x00"},
-	{NULL, 1, "\x80"},
-	{NULL, 2, "\xff\x7f"},
-	{NULL, 1, "\xff"},
-	{NULL, 2, "\xff\x01"},
-	{NULL, 2, "\x00\xff"},
-	{NULL, 4, "\x7f\xff\xff\xff"}
-    };
-
-    int values[] = {0, 127, 128, 256, -128, -129, -1, -255, 255,
-		    0x7fffffff};
-    int i, ret;
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    for (i = 0; i < ntests; ++i) {
-	tests[i].val = &values[i];
-	asprintf (&tests[i].name, "integer %d", values[i]);
-	if (tests[i].name == NULL)
-	    errx(1, "malloc");
-    }
-
-    ret = generic_test (tests, ntests, sizeof(int),
-			(generic_encode)der_put_integer,
-			 (generic_length) der_length_integer,
-			 (generic_decode)der_get_integer,
-			 (generic_free)NULL,
-			 cmp_integer);
-
-    for (i = 0; i < ntests; ++i)
-	free (tests[i].name);
-    return ret;
-}
-
-static int
-test_one_int(int val)
-{
-    int ret, dval;
-    unsigned char *buf;
-    size_t len_len, len;
-
-    len = _heim_len_int(val);
-
-    buf = emalloc(len + 2);
-
-    buf[0] = '\xff';
-    buf[len + 1] = '\xff';
-    memset(buf + 1, 0, len);
-
-    ret = der_put_integer(buf + 1 + len - 1, len, &val, &len_len);
-    if (ret) {
-	printf("integer %d encode failed %d\n", val, ret);
-	return 1;
-    }
-    if (len != len_len) {
-	printf("integer %d encode fail with %d len %lu, result len %lu\n",
-	       val, ret, (unsigned long)len, (unsigned long)len_len);
-	return 1;
-    }
-
-    ret = der_get_integer(buf + 1, len, &dval, &len_len);
-    if (ret) {
-	printf("integer %d decode failed %d\n", val, ret);
-	return 1;
-    }
-    if (len != len_len) {
-	printf("integer %d decoded diffrent len %lu != %lu",
-	       val, (unsigned long)len, (unsigned long)len_len);
-	return 1;
-    }
-    if (val != dval) {
-	printf("decode decoded to diffrent value %d != %d",
-	       val, dval);
-	return 1;
-    }
-
-    if (buf[0] != (unsigned char)'\xff') {
-	printf("precanary dead %d\n", val);
-	return 1;
-    }
-    if (buf[len + 1] != (unsigned char)'\xff') {
-	printf("postecanary dead %d\n", val);
-	return 1;
-    }
-    free(buf);
-    return 0;
-}
-
-static int
-test_integer_more (void)
-{
-    int i, n1, n2, n3, n4, n5, n6;
-
-    n2 = 0;
-    for (i = 0; i < (sizeof(int) * 8); i++) {
-	n1 = 0x01 << i;
-	n2 = n2 | n1;
-	n3 = ~n1;
-	n4 = ~n2;
-	n5 = (-1) & ~(0x3f << i);
-	n6 = (-1) & ~(0x7f << i);
-
-	test_one_int(n1);
-	test_one_int(n2);
-	test_one_int(n3);
-	test_one_int(n4);
-	test_one_int(n5);
-	test_one_int(n6);
-    }
-    return 0;
-}
-
-static int
-cmp_unsigned (void *a, void *b)
-{
-    return *(unsigned int*)b - *(unsigned int*)a;
-}
-
-static int
-test_unsigned (void)
-{
-    struct test_case tests[] = {
-	{NULL, 1, "\x00"},
-	{NULL, 1, "\x7f"},
-	{NULL, 2, "\x00\x80"},
-	{NULL, 2, "\x01\x00"},
-	{NULL, 2, "\x02\x00"},
-	{NULL, 3, "\x00\x80\x00"},
-	{NULL, 5, "\x00\x80\x00\x00\x00"},
-	{NULL, 4, "\x7f\xff\xff\xff"}
-    };
-
-    unsigned int values[] = {0, 127, 128, 256, 512, 32768, 
-			     0x80000000, 0x7fffffff};
-    int i, ret;
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    for (i = 0; i < ntests; ++i) {
-	tests[i].val = &values[i];
-	asprintf (&tests[i].name, "unsigned %u", values[i]);
-	if (tests[i].name == NULL)
-	    errx(1, "malloc");
-    }
-
-    ret = generic_test (tests, ntests, sizeof(int),
-			(generic_encode)der_put_unsigned,
-			(generic_length)der_length_unsigned,
-			(generic_decode)der_get_unsigned,
-			(generic_free)NULL,
-			cmp_unsigned);
-    for (i = 0; i < ntests; ++i) 
-	free (tests[i].name);
-    return ret;
-}
-
-static int
-cmp_octet_string (void *a, void *b)
-{
-    heim_octet_string *oa = (heim_octet_string *)a;
-    heim_octet_string *ob = (heim_octet_string *)b;
-
-    if (oa->length != ob->length)
-	return ob->length - oa->length;
-
-    return (memcmp (oa->data, ob->data, oa->length));
-}
-
-static int
-test_octet_string (void)
-{
-    heim_octet_string s1 = {8, "\x01\x23\x45\x67\x89\xab\xcd\xef"};
-
-    struct test_case tests[] = {
-	{NULL, 8, "\x01\x23\x45\x67\x89\xab\xcd\xef"}
-    };
-    int ntests = sizeof(tests) / sizeof(*tests);
-    int ret;
-
-    tests[0].val = &s1;
-    asprintf (&tests[0].name, "a octet string");
-    if (tests[0].name == NULL)
-	errx(1, "malloc");
-
-    ret = generic_test (tests, ntests, sizeof(heim_octet_string),
-			(generic_encode)der_put_octet_string,
-			(generic_length)der_length_octet_string,
-			(generic_decode)der_get_octet_string,
-			(generic_free)der_free_octet_string,
-			cmp_octet_string);
-    free(tests[0].name);
-    return ret;
-}
-
-static int
-cmp_bmp_string (void *a, void *b)
-{
-    heim_bmp_string *oa = (heim_bmp_string *)a;
-    heim_bmp_string *ob = (heim_bmp_string *)b;
-
-    return der_heim_bmp_string_cmp(oa, ob);
-}
-
-static uint16_t bmp_d1[] = { 32 };
-static uint16_t bmp_d2[] = { 32, 32 };
-
-static int
-test_bmp_string (void)
-{
-    heim_bmp_string s1 = { 1, bmp_d1 };
-    heim_bmp_string s2 = { 2, bmp_d2 };
-
-    struct test_case tests[] = {
-	{NULL, 2, "\x00\x20"},
-	{NULL, 4, "\x00\x20\x00\x20"}
-    };
-    int ntests = sizeof(tests) / sizeof(*tests);
-    int ret;
-
-    tests[0].val = &s1;
-    asprintf (&tests[0].name, "a bmp string");
-    if (tests[0].name == NULL)
-	errx(1, "malloc");
-    tests[1].val = &s2;
-    asprintf (&tests[1].name, "second bmp string");
-    if (tests[1].name == NULL)
-	errx(1, "malloc");
-
-    ret = generic_test (tests, ntests, sizeof(heim_bmp_string),
-			(generic_encode)der_put_bmp_string,
-			(generic_length)der_length_bmp_string,
-			(generic_decode)der_get_bmp_string,
-			(generic_free)der_free_bmp_string,
-			cmp_bmp_string);
-    free(tests[0].name);
-    free(tests[1].name);
-    return ret;
-}
-
-static int
-cmp_universal_string (void *a, void *b)
-{
-    heim_universal_string *oa = (heim_universal_string *)a;
-    heim_universal_string *ob = (heim_universal_string *)b;
-
-    return der_heim_universal_string_cmp(oa, ob);
-}
-
-static uint32_t universal_d1[] = { 32 };
-static uint32_t universal_d2[] = { 32, 32 };
-
-static int
-test_universal_string (void)
-{
-    heim_universal_string s1 = { 1, universal_d1 };
-    heim_universal_string s2 = { 2, universal_d2 };
-
-    struct test_case tests[] = {
-	{NULL, 4, "\x00\x00\x00\x20"},
-	{NULL, 8, "\x00\x00\x00\x20\x00\x00\x00\x20"}
-    };
-    int ntests = sizeof(tests) / sizeof(*tests);
-    int ret;
-
-    tests[0].val = &s1;
-    asprintf (&tests[0].name, "a universal string");
-    if (tests[0].name == NULL)
-	errx(1, "malloc");
-    tests[1].val = &s2;
-    asprintf (&tests[1].name, "second universal string");
-    if (tests[1].name == NULL)
-	errx(1, "malloc");
-
-    ret = generic_test (tests, ntests, sizeof(heim_universal_string),
-			(generic_encode)der_put_universal_string,
-			(generic_length)der_length_universal_string,
-			(generic_decode)der_get_universal_string,
-			(generic_free)der_free_universal_string,
-			cmp_universal_string);
-    free(tests[0].name);
-    free(tests[1].name);
-    return ret;
-}
-
-static int
-cmp_general_string (void *a, void *b)
-{
-    char **sa = (char **)a;
-    char **sb = (char **)b;
-
-    return strcmp (*sa, *sb);
-}
-
-static int
-test_general_string (void)
-{
-    char *s1 = "Test User 1";
-
-    struct test_case tests[] = {
-	{NULL, 11, "\x54\x65\x73\x74\x20\x55\x73\x65\x72\x20\x31"}
-    };
-    int ret, ntests = sizeof(tests) / sizeof(*tests);
-
-    tests[0].val = &s1;
-    asprintf (&tests[0].name, "the string \"%s\"", s1);
-    if (tests[0].name == NULL)
-	errx(1, "malloc");
-
-    ret = generic_test (tests, ntests, sizeof(unsigned char *),
-			(generic_encode)der_put_general_string,
-			(generic_length)der_length_general_string,
-			(generic_decode)der_get_general_string,
-			(generic_free)der_free_general_string,
-			cmp_general_string);
-    free(tests[0].name);
-    return ret;
-}
-
-static int
-cmp_generalized_time (void *a, void *b)
-{
-    time_t *ta = (time_t *)a;
-    time_t *tb = (time_t *)b;
-
-    return *tb - *ta;
-}
-
-static int
-test_generalized_time (void)
-{
-    struct test_case tests[] = {
-	{NULL, 15, "19700101000000Z"},
-	{NULL, 15, "19851106210627Z"}
-    };
-    time_t values[] = {0, 500159187};
-    int i, ret;
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    for (i = 0; i < ntests; ++i) {
-	tests[i].val = &values[i];
-	asprintf (&tests[i].name, "time %d", (int)values[i]);
-	if (tests[i].name == NULL)
-	    errx(1, "malloc");
-    }
-
-    ret = generic_test (tests, ntests, sizeof(time_t),
-			(generic_encode)der_put_generalized_time,
-			(generic_length)der_length_generalized_time,
-			(generic_decode)der_get_generalized_time,
-			(generic_free)NULL,
-			cmp_generalized_time);
-    for (i = 0; i < ntests; ++i)
-	free(tests[i].name);
-    return ret;
-}
-
-static int
-test_cmp_oid (void *a, void *b)
-{
-    return der_heim_oid_cmp((heim_oid *)a, (heim_oid *)b);
-}
-
-static unsigned oid_comp1[] = { 1, 1, 1 };
-static unsigned oid_comp2[] = { 1, 1 };
-static unsigned oid_comp3[] = { 6, 15, 1 };
-static unsigned oid_comp4[] = { 6, 15 };
-
-static int
-test_oid (void)
-{
-    struct test_case tests[] = {
-	{NULL, 2, "\x29\x01"},
-	{NULL, 1, "\x29"},
-	{NULL, 2, "\xff\x01"},
-	{NULL, 1, "\xff"}
-    };
-    heim_oid values[] = {
-	{ 3, oid_comp1 },
-	{ 2, oid_comp2 },
-	{ 3, oid_comp3 },
-	{ 2, oid_comp4 }
-    };
-    int i, ret;
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    for (i = 0; i < ntests; ++i) {
-	tests[i].val = &values[i];
-	asprintf (&tests[i].name, "oid %d", i);
-	if (tests[i].name == NULL)
-	    errx(1, "malloc");
-    }
-
-    ret = generic_test (tests, ntests, sizeof(heim_oid),
-			(generic_encode)der_put_oid,
-			(generic_length)der_length_oid,
-			(generic_decode)der_get_oid,
-			(generic_free)der_free_oid,
-			test_cmp_oid);
-    for (i = 0; i < ntests; ++i)
-	free(tests[i].name);
-    return ret;
-}
-
-static int
-test_cmp_bit_string (void *a, void *b)
-{
-    return der_heim_bit_string_cmp((heim_bit_string *)a, (heim_bit_string *)b);
-}
-
-static int
-test_bit_string (void)
-{
-    struct test_case tests[] = {
-	{NULL, 1, "\x00"}
-    };
-    heim_bit_string values[] = {
-	{ 0, "" }
-    };
-    int i, ret;
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    for (i = 0; i < ntests; ++i) {
-	tests[i].val = &values[i];
-	asprintf (&tests[i].name, "bit_string %d", i);
-	if (tests[i].name == NULL)
-	    errx(1, "malloc");
-    }
-
-    ret = generic_test (tests, ntests, sizeof(heim_bit_string),
-			(generic_encode)der_put_bit_string,
-			(generic_length)der_length_bit_string,
-			(generic_decode)der_get_bit_string,
-			(generic_free)der_free_bit_string,
-			test_cmp_bit_string);
-    for (i = 0; i < ntests; ++i)
-	free(tests[i].name);
-    return ret;
-}
-
-static int
-test_cmp_heim_integer (void *a, void *b)
-{
-    return der_heim_integer_cmp((heim_integer *)a, (heim_integer *)b);
-}
-
-static int
-test_heim_integer (void)
-{
-    struct test_case tests[] = {
-	{NULL, 2, "\xfe\x01"},
-	{NULL, 2, "\xef\x01"},
-	{NULL, 3, "\xff\x00\xff"},
-	{NULL, 3, "\xff\x01\x00"},
-	{NULL, 1, "\x00"},
-	{NULL, 1, "\x01"},
-	{NULL, 2, "\x00\x80"}
-    };
-
-    heim_integer values[] = {
-	{ 2, "\x01\xff", 1 },
-	{ 2, "\x10\xff", 1 },
-	{ 2, "\xff\x01", 1 },
-	{ 2, "\xff\x00", 1 },
-	{ 0, "", 0 },
-	{ 1, "\x01", 0 },
-	{ 1, "\x80", 0 }
-    };
-    int i, ret;
-    int ntests = sizeof(tests) / sizeof(tests[0]);
-    size_t size;
-    heim_integer i2;
-
-    for (i = 0; i < ntests; ++i) {
-	tests[i].val = &values[i];
-	asprintf (&tests[i].name, "heim_integer %d", i);
-	if (tests[i].name == NULL)
-	    errx(1, "malloc");
-    }
-
-    ret = generic_test (tests, ntests, sizeof(heim_integer),
-			(generic_encode)der_put_heim_integer,
-			(generic_length)der_length_heim_integer,
-			(generic_decode)der_get_heim_integer,
-			(generic_free)der_free_heim_integer,
-			test_cmp_heim_integer);
-    for (i = 0; i < ntests; ++i) 
-	free (tests[i].name);
-    if (ret)
-	return ret;
-
-    /* test zero length integer (BER format) */
-    ret = der_get_heim_integer(NULL, 0, &i2, &size);
-    if (ret)
-	errx(1, "der_get_heim_integer");
-    if (i2.length != 0)
-	errx(1, "der_get_heim_integer wrong length");
-    der_free_heim_integer(&i2);
-
-    return 0;
-}
-
-static int
-test_cmp_boolean (void *a, void *b)
-{
-    return !!*(int *)a != !!*(int *)b;
-}
-
-static int
-test_boolean (void)
-{
-    struct test_case tests[] = {
-	{NULL, 1, "\xff"},
-	{NULL, 1, "\x00"}
-    };
-
-    int values[] = { 1, 0 };
-    int i, ret;
-    int ntests = sizeof(tests) / sizeof(tests[0]);
-    size_t size;
-    heim_integer i2;
-
-    for (i = 0; i < ntests; ++i) {
-	tests[i].val = &values[i];
-	asprintf (&tests[i].name, "heim_boolean %d", i);
-	if (tests[i].name == NULL)
-	    errx(1, "malloc");
-    }
-
-    ret = generic_test (tests, ntests, sizeof(int),
-			(generic_encode)der_put_boolean,
-			(generic_length)der_length_boolean,
-			(generic_decode)der_get_boolean,
-			(generic_free)NULL,
-			test_cmp_boolean);
-    for (i = 0; i < ntests; ++i) 
-	free (tests[i].name);
-    if (ret)
-	return ret;
-
-    /* test zero length integer (BER format) */
-    ret = der_get_heim_integer(NULL, 0, &i2, &size);
-    if (ret)
-	errx(1, "der_get_heim_integer");
-    if (i2.length != 0)
-	errx(1, "der_get_heim_integer wrong length");
-    der_free_heim_integer(&i2);
-
-    return 0;
-}
-
-static int
-check_fail_unsigned(void)
-{
-    struct test_case tests[] = {
-	{NULL, sizeof(unsigned) + 1,
-	 "\x01\x01\x01\x01\x01\x01\x01\x01\x01", "data overrun" }
-    };
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    return generic_decode_fail(tests, ntests, sizeof(unsigned),
-			       (generic_decode)der_get_unsigned);
-}
-
-static int
-check_fail_integer(void)
-{
-    struct test_case tests[] = {
-	{NULL, sizeof(int) + 1,
-	 "\x01\x01\x01\x01\x01\x01\x01\x01\x01", "data overrun" }
-    };
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    return generic_decode_fail(tests, ntests, sizeof(int),
-			       (generic_decode)der_get_integer);
-}
-
-static int
-check_fail_length(void)
-{
-    struct test_case tests[] = {
-	{NULL, 0, "", "empty input data"},
-	{NULL, 1, "\x82", "internal length overrun" }
-    };
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    return generic_decode_fail(tests, ntests, sizeof(size_t),
-			       (generic_decode)der_get_length);
-}
-
-static int
-check_fail_boolean(void)
-{
-    struct test_case tests[] = {
-	{NULL, 0, "", "empty input data"}
-    };
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    return generic_decode_fail(tests, ntests, sizeof(int),
-			       (generic_decode)der_get_boolean);
-}
-
-static int
-check_fail_general_string(void)
-{
-    struct test_case tests[] = {
-	{ NULL, 3, "A\x00i", "NUL char in string"}
-    };
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    return generic_decode_fail(tests, ntests, sizeof(heim_general_string),
-			       (generic_decode)der_get_general_string);
-}
-
-static int
-check_fail_bmp_string(void)
-{
-    struct test_case tests[] = {
-	{NULL, 1, "\x00", "odd (1) length bmpstring"},
-	{NULL, 3, "\x00\x00\x00", "odd (3) length bmpstring"}
-    };
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    return generic_decode_fail(tests, ntests, sizeof(heim_bmp_string),
-			       (generic_decode)der_get_bmp_string);
-}
-
-static int
-check_fail_universal_string(void)
-{
-    struct test_case tests[] = {
-	{NULL, 1, "\x00", "x & 3 == 1 universal string"},
-	{NULL, 2, "\x00\x00", "x & 3 == 2 universal string"},
-	{NULL, 3, "\x00\x00\x00", "x & 3 == 3 universal string"},
-	{NULL, 5, "\x00\x00\x00\x00\x00", "x & 3 == 1 universal string"},
-	{NULL, 6, "\x00\x00\x00\x00\x00\x00", "x & 3 == 2 universal string"},
-	{NULL, 7, "\x00\x00\x00\x00\x00\x00\x00", "x & 3 == 3 universal string"}
-    };
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    return generic_decode_fail(tests, ntests, sizeof(heim_universal_string),
-			       (generic_decode)der_get_universal_string);
-}
-
-static int
-check_fail_heim_integer(void)
-{
-#if 0
-    struct test_case tests[] = {
-    };
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    return generic_decode_fail(tests, ntests, sizeof(heim_integer),
-			       (generic_decode)der_get_heim_integer);
-#else
-    return 0;
-#endif
-}
-
-static int
-check_fail_generalized_time(void)
-{
-    struct test_case tests[] = {
-	{NULL, 1, "\x00", "no time"}
-    };
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    return generic_decode_fail(tests, ntests, sizeof(time_t),
-			       (generic_decode)der_get_generalized_time);
-}
-
-static int
-check_fail_oid(void)
-{
-    struct test_case tests[] = {
-	{NULL, 0, "", "empty input data"},
-	{NULL, 2, "\x00\x80", "last byte continuation" },
-	{NULL, 11, "\x00\x81\x80\x80\x80\x80\x80\x80\x80\x80\x00", 
-	"oid element overflow" }
-    };
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    return generic_decode_fail(tests, ntests, sizeof(heim_oid),
-			       (generic_decode)der_get_oid);
-}
-
-static int
-check_fail_bitstring(void)
-{
-    struct test_case tests[] = {
-	{NULL, 0, "", "empty input data"},
-	{NULL, 1, "\x08", "larger then 8 bits trailer"},
-	{NULL, 1, "\x01", "to few bytes for bits"},
-	{NULL, -2, "\x00", "length overrun"},
-	{NULL, -1, "", "length to short"}
-    };
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    return generic_decode_fail(tests, ntests, sizeof(heim_bit_string),
-			       (generic_decode)der_get_bit_string);
-}
-
-static int
-check_heim_integer_same(const char *p, const char *norm_p, heim_integer *i)
-{
-    heim_integer i2;
-    char *str;
-    int ret;
-
-    ret = der_print_hex_heim_integer(i, &str);
-    if (ret)
-	errx(1, "der_print_hex_heim_integer: %d", ret);
-
-    if (strcmp(str, norm_p) != 0)
-	errx(1, "der_print_hex_heim_integer: %s != %s", str, p);
-
-    ret = der_parse_hex_heim_integer(str, &i2);
-    if (ret)
-	errx(1, "der_parse_hex_heim_integer: %d", ret);
-
-    if (der_heim_integer_cmp(i, &i2) != 0)
-	errx(1, "der_heim_integer_cmp: p %s", p);
-
-    der_free_heim_integer(&i2);
-    free(str);
-
-    ret = der_parse_hex_heim_integer(p, &i2);
-    if (ret)
-	errx(1, "der_parse_hex_heim_integer: %d", ret);
-
-    if (der_heim_integer_cmp(i, &i2) != 0)
-	errx(1, "der_heim_integer_cmp: norm");
-
-    der_free_heim_integer(&i2);
-
-    return 0;
-}
-
-static int
-test_heim_int_format(void)
-{
-    heim_integer i = { 1, "\x10", 0 };
-    heim_integer i2 = { 1, "\x10", 1 };
-    heim_integer i3 = { 1, "\01", 0 };
-    char *p =
-	"FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
-	"29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
-	"EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"
-	"E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED"
-	"EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE65381"
-	"FFFFFFFF" "FFFFFFFF";
-    heim_integer bni = {
-	128, 
-	"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xC9\x0F\xDA\xA2"
-	"\x21\x68\xC2\x34\xC4\xC6\x62\x8B\x80\xDC\x1C\xD1"
-	"\x29\x02\x4E\x08\x8A\x67\xCC\x74\x02\x0B\xBE\xA6"
-	"\x3B\x13\x9B\x22\x51\x4A\x08\x79\x8E\x34\x04\xDD"
-	"\xEF\x95\x19\xB3\xCD\x3A\x43\x1B\x30\x2B\x0A\x6D"
-	"\xF2\x5F\x14\x37\x4F\xE1\x35\x6D\x6D\x51\xC2\x45"
-	"\xE4\x85\xB5\x76\x62\x5E\x7E\xC6\xF4\x4C\x42\xE9"
-	"\xA6\x37\xED\x6B\x0B\xFF\x5C\xB6\xF4\x06\xB7\xED"
-	"\xEE\x38\x6B\xFB\x5A\x89\x9F\xA5\xAE\x9F\x24\x11"
-	"\x7C\x4B\x1F\xE6\x49\x28\x66\x51\xEC\xE6\x53\x81"
-	"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF",
-	0
-    };
-    heim_integer f;
-    int ret = 0;
-
-    ret += check_heim_integer_same(p, p, &bni);
-    ret += check_heim_integer_same("10", "10", &i);
-    ret += check_heim_integer_same("00000010", "10", &i);
-    ret += check_heim_integer_same("-10", "-10", &i2);
-    ret += check_heim_integer_same("-00000010", "-10", &i2);
-    ret += check_heim_integer_same("01", "01", &i3);
-    ret += check_heim_integer_same("1", "01", &i3);
-
-    {
-	int r;
-	r = der_parse_hex_heim_integer("-", &f);
-	if (r == 0) {
-	    der_free_heim_integer(&f);
-	    ret++;
-	}
-	/* used to cause UMR */
-	r = der_parse_hex_heim_integer("00", &f);
-	if (r == 0)
-	    der_free_heim_integer(&f);
-	else
-	    ret++;
-    }
-
-    return ret;
-}
-
-static int
-test_heim_oid_format_same(const char *str, const heim_oid *oid)
-{
-    int ret;
-    char *p;
-    heim_oid o2;
-
-    ret = der_print_heim_oid(oid, ' ', &p);
-    if (ret) {
-	printf("fail to print oid: %s\n", str);
-	return 1;
-    }
-    ret = strcmp(p, str);
-    if (ret) {
-	printf("oid %s != formated oid %s\n", str, p);
-	free(p);
-	return ret;
-    }
-
-    ret = der_parse_heim_oid(p, " ", &o2);
-    if (ret) {
-	printf("failed to parse %s\n", p);
-	free(p);
-	return ret;
-    }
-    free(p);
-    ret = der_heim_oid_cmp(&o2, oid);
-    der_free_oid(&o2);
-
-    return ret;
-}
-
-static unsigned sha1_oid_tree[] = { 1, 3, 14, 3, 2, 26 };
-
-static int
-test_heim_oid_format(void)
-{
-    heim_oid sha1 = { 6, sha1_oid_tree };
-    int ret = 0;
-
-    ret += test_heim_oid_format_same("1 3 14 3 2 26", &sha1);
-
-    return ret;
-}
-
-static int
-check_trailing_nul(void)
-{
-    int i, ret;
-    struct {
-	int fail;
-	const unsigned char *p;
-	size_t len;
-	const char *s;
-	size_t size;
-    } foo[] = {
-	{ 1, (const unsigned char *)"foo\x00o", 5, NULL, 0 },
-	{ 1, (const unsigned char *)"\x00o", 2, NULL, 0 },
-	{ 0, (const unsigned char *)"\x00\x00\x00\x00\x00", 5, "", 5 },
-	{ 0, (const unsigned char *)"\x00", 1, "", 1 },
-	{ 0, (const unsigned char *)"", 0, "", 0 },
-	{ 0, (const unsigned char *)"foo\x00\x00", 5, "foo", 5 },
-	{ 0, (const unsigned char *)"foo\0", 4, "foo", 4 },
-	{ 0, (const unsigned char *)"foo", 3, "foo", 3 }
-    };
-    
-    for (i = 0; i < sizeof(foo)/sizeof(foo[0]); i++) {
-	char *s;
-	size_t size;
-	ret = der_get_general_string(foo[i].p, foo[i].len, &s, &size);
-	if (foo[i].fail) {
-	    if (ret == 0)
-		errx(1, "check %d NULL didn't fail", i);
-	    continue;
-	}
-	if (ret)
-	    errx(1, "NULL check %d der_get_general_string failed", i);
-	if (foo[i].size != size)
-	    errx(1, "NUL check i = %d size failed", i);
-	if (strcmp(foo[i].s, s) != 0)
-	    errx(1, "NUL check i = %d content failed", i);
-	free(s);
-    }
-    return 0;
-}
-
-static int
-test_misc_cmp(void)
-{
-    int ret;
-
-    /* diffrent lengths are diffrent */
-    {
-	const heim_octet_string os1 = { 1, "a" } , os2 = { 0, NULL };
-	ret = der_heim_octet_string_cmp(&os1, &os2);
-	if (ret == 0)
-	    return 1;
-    }
-    /* diffrent data are diffrent */
-    {
-	const heim_octet_string os1 = { 1, "a" } , os2 = { 1, "b" };
-	ret = der_heim_octet_string_cmp(&os1, &os2);
-	if (ret == 0)
-	    return 1;
-    }
-    /* diffrent lengths are diffrent */
-    {
-	const heim_bit_string bs1 = { 8, "a" } , bs2 = { 7, "a" };
-	ret = der_heim_bit_string_cmp(&bs1, &bs2);
-	if (ret == 0)
-	    return 1;
-    }
-    /* diffrent data are diffrent */
-    {
-	const heim_bit_string bs1 = { 7, "\x0f" } , bs2 = { 7, "\x02" };
-	ret = der_heim_bit_string_cmp(&bs1, &bs2);
-	if (ret == 0)
-	    return 1;
-    }
-    /* diffrent lengths are diffrent */
-    {
-	uint16_t data = 1;
-	heim_bmp_string bs1 = { 1, NULL } , bs2 = { 0, NULL };
-	bs1.data = &data;
-	ret = der_heim_bmp_string_cmp(&bs1, &bs2);
-	if (ret == 0)
-	    return 1;
-    }
-    /* diffrent lengths are diffrent */
-    {
-	uint32_t data;
-	heim_universal_string us1 = { 1, NULL } , us2 = { 0, NULL };
-	us1.data = &data;
-	ret = der_heim_universal_string_cmp(&us1, &us2);
-	if (ret == 0)
-	    return 1;
-    }
-    /* same */
-    {
-	uint32_t data = (uint32_t)'a';
-	heim_universal_string us1 = { 1, NULL } , us2 = { 1, NULL };
-	us1.data = &data;
-	us2.data = &data;
-	ret = der_heim_universal_string_cmp(&us1, &us2);
-	if (ret != 0)
-	    return 1;
-    }
-
-    return 0;
-}
-
-static int
-corner_generalized_time(void)
-{
-    const char *str = "760520140000Z";
-    size_t size;
-    time_t t;
-    int ret;
-
-    ret = der_get_generalized_time((const unsigned char*)str, strlen(str),
-				   &t, &size);
-    if (ret)
-	return 1;
-    return 0;
-}
-
-static int
-corner_tag(void)
-{
-    struct {
-	int ok;
-	const char *ptr;
-	size_t len;
-    } tests[] = { 
-	{ 1, "\x00", 1 },
-	{ 0, "\xff", 1 },
-	{ 0, "\xff\xff\xff\xff\xff\xff\xff\xff", 8 }
-    };
-    int i, ret;
-    Der_class cl;
-    Der_type ty;
-    unsigned int tag;
-    size_t size;
-
-    for (i = 0; i < sizeof(tests)/sizeof(tests[0]); i++) {
-	ret = der_get_tag((const unsigned char*)tests[i].ptr, 
-			  tests[i].len, &cl, &ty, &tag, &size);
-	if (ret) {
-	    if (tests[i].ok)
-		errx(1, "failed while shouldn't");
-	} else {
-	    if (!tests[i].ok)
-		errx(1, "passed while shouldn't");
-	}
-    }
-    return 0;
-}
-
-int
-main(int argc, char **argv)
-{
-    int ret = 0;
-
-    ret += test_integer ();
-    ret += test_integer_more();
-    ret += test_unsigned ();
-    ret += test_octet_string ();
-    ret += test_bmp_string ();
-    ret += test_universal_string ();
-    ret += test_general_string ();
-    ret += test_generalized_time ();
-    ret += test_oid ();
-    ret += test_bit_string();
-    ret += test_heim_integer();
-    ret += test_boolean();
-
-    ret += check_fail_unsigned();
-    ret += check_fail_integer();
-    ret += check_fail_length();
-    ret += check_fail_boolean();
-    ret += check_fail_general_string();
-    ret += check_fail_bmp_string();
-    ret += check_fail_universal_string();
-    ret += check_fail_heim_integer();
-    ret += check_fail_generalized_time();
-    ret += check_fail_oid();
-    ret += check_fail_bitstring();
-    ret += test_heim_int_format();
-    ret += test_heim_oid_format();
-    ret += check_trailing_nul();
-    ret += test_misc_cmp();
-    ret += corner_generalized_time();
-    ret += corner_tag();
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/asn1/check-gen.c b/crypto/heimdal/lib/asn1/check-gen.c
deleted file mode 100644
index a18a21d087e5..000000000000
--- a/crypto/heimdal/lib/asn1/check-gen.c
+++ /dev/null
@@ -1,955 +0,0 @@
-/*
- * Copyright (c) 1999 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <stdio.h>
-#include <string.h>
-#include <err.h>
-#include <roken.h>
-
-#include <asn1-common.h>
-#include <asn1_err.h>
-#include <der.h>
-#include <krb5_asn1.h>
-#include <heim_asn1.h>
-#include <rfc2459_asn1.h>
-#include <test_asn1.h>
-
-#include "check-common.h"
-
-RCSID("$Id: check-gen.c 21539 2007-07-14 16:12:04Z lha $");
-
-static char *lha_principal[] = { "lha" };
-static char *lharoot_princ[] = { "lha", "root" };
-static char *datan_princ[] = { "host", "nutcracker.e.kth.se" };
-static char *nada_tgt_principal[] = { "krbtgt", "NADA.KTH.SE" };
-
-
-#define IF_OPT_COMPARE(ac,bc,e) \
-	if (((ac)->e == NULL && (bc)->e != NULL) || (((ac)->e != NULL && (bc)->e == NULL))) return 1; if ((ab)->e)
-#define COMPARE_OPT_STRING(ac,bc,e) \
-	do { if (strcmp(*(ac)->e, *(bc)->e) != 0) return 1; } while(0)
-#define COMPARE_OPT_OCTECT_STRING(ac,bc,e) \
-	do { if ((ac)->e->length != (bc)->e->length || memcmp((ac)->e->data, (bc)->e->data, (ac)->e->length) != 0) return 1; } while(0)
-#define COMPARE_STRING(ac,bc,e) \
-	do { if (strcmp((ac)->e, (bc)->e) != 0) return 1; } while(0)
-#define COMPARE_INTEGER(ac,bc,e) \
-	do { if ((ac)->e != (bc)->e) return 1; } while(0)
-#define COMPARE_MEM(ac,bc,e,len) \
-	do { if (memcmp((ac)->e, (bc)->e,len) != 0) return 1; } while(0)
-
-static int
-cmp_principal (void *a, void *b)
-{
-    Principal *pa = a;
-    Principal *pb = b;
-    int i;
-
-    COMPARE_STRING(pa,pb,realm);
-    COMPARE_INTEGER(pa,pb,name.name_type);
-    COMPARE_INTEGER(pa,pb,name.name_string.len);
-
-    for (i = 0; i < pa->name.name_string.len; i++)
-	COMPARE_STRING(pa,pb,name.name_string.val[i]);
-
-    return 0;
-}
-
-static int
-test_principal (void)
-{
-
-    struct test_case tests[] = {
-	{ NULL, 29, 
-	  "\x30\x1b\xa0\x10\x30\x0e\xa0\x03\x02\x01\x01\xa1\x07\x30\x05\x1b"
-	  "\x03\x6c\x68\x61\xa1\x07\x1b\x05\x53\x55\x2e\x53\x45"
-	},
-	{ NULL, 35,
-	  "\x30\x21\xa0\x16\x30\x14\xa0\x03\x02\x01\x01\xa1\x0d\x30\x0b\x1b"
-	  "\x03\x6c\x68\x61\x1b\x04\x72\x6f\x6f\x74\xa1\x07\x1b\x05\x53\x55"
-	  "\x2e\x53\x45"
-	},
-	{ NULL, 54, 
-	  "\x30\x34\xa0\x26\x30\x24\xa0\x03\x02\x01\x03\xa1\x1d\x30\x1b\x1b"
-	  "\x04\x68\x6f\x73\x74\x1b\x13\x6e\x75\x74\x63\x72\x61\x63\x6b\x65"
-	  "\x72\x2e\x65\x2e\x6b\x74\x68\x2e\x73\x65\xa1\x0a\x1b\x08\x45\x2e"
-	  "\x4b\x54\x48\x2e\x53\x45"
-	}
-    };
-
-
-    Principal values[] = { 
-	{ { KRB5_NT_PRINCIPAL, { 1, lha_principal } },  "SU.SE" },
-	{ { KRB5_NT_PRINCIPAL, { 2, lharoot_princ } },  "SU.SE" },
-	{ { KRB5_NT_SRV_HST, { 2, datan_princ } },  "E.KTH.SE" }
-    };
-    int i, ret;
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    for (i = 0; i < ntests; ++i) {
-	tests[i].val = &values[i];
-	asprintf (&tests[i].name, "Principal %d", i);
-    }
-
-    ret = generic_test (tests, ntests, sizeof(Principal),
-			(generic_encode)encode_Principal,
-			(generic_length)length_Principal,
-			(generic_decode)decode_Principal,
-			(generic_free)free_Principal,
-			cmp_principal);
-    for (i = 0; i < ntests; ++i)
-	free (tests[i].name);
-
-    return ret;
-}
-
-static int
-cmp_authenticator (void *a, void *b)
-{
-    Authenticator *aa = a;
-    Authenticator *ab = b;
-    int i;
-
-    COMPARE_INTEGER(aa,ab,authenticator_vno);
-    COMPARE_STRING(aa,ab,crealm);
-
-    COMPARE_INTEGER(aa,ab,cname.name_type);
-    COMPARE_INTEGER(aa,ab,cname.name_string.len);
-
-    for (i = 0; i < aa->cname.name_string.len; i++)
-	COMPARE_STRING(aa,ab,cname.name_string.val[i]);
-
-    return 0;
-}
-
-static int
-test_authenticator (void)
-{
-    struct test_case tests[] = {
-	{ NULL, 63, 
-	  "\x62\x3d\x30\x3b\xa0\x03\x02\x01\x05\xa1\x0a\x1b\x08"
-	  "\x45\x2e\x4b\x54\x48\x2e\x53\x45\xa2\x10\x30\x0e\xa0"
-	  "\x03\x02\x01\x01\xa1\x07\x30\x05\x1b\x03\x6c\x68\x61"
-	  "\xa4\x03\x02\x01\x0a\xa5\x11\x18\x0f\x31\x39\x37\x30"
-	  "\x30\x31\x30\x31\x30\x30\x30\x31\x33\x39\x5a"
-	},
-	{ NULL, 67, 
-	  "\x62\x41\x30\x3f\xa0\x03\x02\x01\x05\xa1\x07\x1b\x05"
-	  "\x53\x55\x2e\x53\x45\xa2\x16\x30\x14\xa0\x03\x02\x01"
-	  "\x01\xa1\x0d\x30\x0b\x1b\x03\x6c\x68\x61\x1b\x04\x72"
-	  "\x6f\x6f\x74\xa4\x04\x02\x02\x01\x24\xa5\x11\x18\x0f"
-	  "\x31\x39\x37\x30\x30\x31\x30\x31\x30\x30\x31\x36\x33"
-	  "\x39\x5a"
-	}
-    };
-
-    Authenticator values[] = {
-	{ 5, "E.KTH.SE", { KRB5_NT_PRINCIPAL, { 1, lha_principal } },
-	  NULL, 10, 99, NULL, NULL, NULL },
-	{ 5, "SU.SE", { KRB5_NT_PRINCIPAL, { 2, lharoot_princ } },
-	  NULL, 292, 999, NULL, NULL, NULL }
-    };
-    int i, ret;
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    for (i = 0; i < ntests; ++i) {
-	tests[i].val = &values[i];
-	asprintf (&tests[i].name, "Authenticator %d", i);
-    }
-
-    ret = generic_test (tests, ntests, sizeof(Authenticator),
-			(generic_encode)encode_Authenticator,
-			(generic_length)length_Authenticator,
-			(generic_decode)decode_Authenticator,
-			(generic_free)free_Authenticator,
-			cmp_authenticator);
-    for (i = 0; i < ntests; ++i)
-	free(tests[i].name);
-
-    return ret;
-}
-
-static int
-cmp_KRB_ERROR (void *a, void *b)
-{
-    KRB_ERROR *aa = a;
-    KRB_ERROR *ab = b;
-    int i;
-
-    COMPARE_INTEGER(aa,ab,pvno);
-    COMPARE_INTEGER(aa,ab,msg_type);
-
-    IF_OPT_COMPARE(aa,ab,ctime) {
-	COMPARE_INTEGER(aa,ab,ctime);
-    }
-    IF_OPT_COMPARE(aa,ab,cusec) {
-	COMPARE_INTEGER(aa,ab,cusec);
-    }
-    COMPARE_INTEGER(aa,ab,stime);
-    COMPARE_INTEGER(aa,ab,susec);
-    COMPARE_INTEGER(aa,ab,error_code);
-
-    IF_OPT_COMPARE(aa,ab,crealm) {
-	COMPARE_OPT_STRING(aa,ab,crealm);
-    }
-#if 0
-    IF_OPT_COMPARE(aa,ab,cname) {
-	COMPARE_OPT_STRING(aa,ab,cname);
-    }
-#endif
-    COMPARE_STRING(aa,ab,realm);
-
-    COMPARE_INTEGER(aa,ab,sname.name_string.len);
-    for (i = 0; i < aa->sname.name_string.len; i++)
-	COMPARE_STRING(aa,ab,sname.name_string.val[i]);
-
-    IF_OPT_COMPARE(aa,ab,e_text) {
-	COMPARE_OPT_STRING(aa,ab,e_text);
-    }
-    IF_OPT_COMPARE(aa,ab,e_data) {
-	/* COMPARE_OPT_OCTECT_STRING(aa,ab,e_data); */
-    }
-
-    return 0;
-}
-
-static int
-test_krb_error (void)
-{
-    struct test_case tests[] = {
-	{ NULL, 127, 
-	  "\x7e\x7d\x30\x7b\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x1e\xa4\x11"
-	  "\x18\x0f\x32\x30\x30\x33\x31\x31\x32\x34\x30\x30\x31\x31\x31\x39"
-	  "\x5a\xa5\x05\x02\x03\x04\xed\xa5\xa6\x03\x02\x01\x1f\xa7\x0d\x1b"
-	  "\x0b\x4e\x41\x44\x41\x2e\x4b\x54\x48\x2e\x53\x45\xa8\x10\x30\x0e"
-	  "\xa0\x03\x02\x01\x01\xa1\x07\x30\x05\x1b\x03\x6c\x68\x61\xa9\x0d"
-	  "\x1b\x0b\x4e\x41\x44\x41\x2e\x4b\x54\x48\x2e\x53\x45\xaa\x20\x30"
-	  "\x1e\xa0\x03\x02\x01\x01\xa1\x17\x30\x15\x1b\x06\x6b\x72\x62\x74"
-	  "\x67\x74\x1b\x0b\x4e\x41\x44\x41\x2e\x4b\x54\x48\x2e\x53\x45",
-	  "KRB-ERROR Test 1"
-	}
-    };
-    int ntests = sizeof(tests) / sizeof(*tests);
-    KRB_ERROR e1;
-    PrincipalName lhaprincipalname = { 1, { 1, lha_principal } };
-    PrincipalName tgtprincipalname = { 1, { 2, nada_tgt_principal } };
-    char *realm = "NADA.KTH.SE";
-
-    e1.pvno = 5;
-    e1.msg_type = 30;
-    e1.ctime = NULL;
-    e1.cusec = NULL;
-    e1.stime = 1069632679;
-    e1.susec = 322981;
-    e1.error_code = 31;
-    e1.crealm = &realm;
-    e1.cname = &lhaprincipalname;
-    e1.realm = "NADA.KTH.SE";
-    e1.sname = tgtprincipalname;
-    e1.e_text = NULL;
-    e1.e_data = NULL;
-
-    tests[0].val = &e1;
-
-    return generic_test (tests, ntests, sizeof(KRB_ERROR),
-			 (generic_encode)encode_KRB_ERROR,
-			 (generic_length)length_KRB_ERROR,
-			 (generic_decode)decode_KRB_ERROR,
-			 (generic_free)free_KRB_ERROR,
-			 cmp_KRB_ERROR);
-}
-
-static int
-cmp_Name (void *a, void *b)
-{
-    Name *aa = a;
-    Name *ab = b;
-
-    COMPARE_INTEGER(aa,ab,element);
-
-    return 0;
-}
-
-static int
-test_Name (void)
-{
-    struct test_case tests[] = {
-	{ NULL, 35, 
-	  "\x30\x21\x31\x1f\x30\x0b\x06\x03\x55\x04\x03\x13\x04\x4c\x6f\x76"
-	  "\x65\x30\x10\x06\x03\x55\x04\x07\x13\x09\x53\x54\x4f\x43\x4b\x48"
-	  "\x4f\x4c\x4d",
-	  "Name CN=Love+L=STOCKHOLM"
-	},
-	{ NULL, 35, 
-	  "\x30\x21\x31\x1f\x30\x0b\x06\x03\x55\x04\x03\x13\x04\x4c\x6f\x76"
-	  "\x65\x30\x10\x06\x03\x55\x04\x07\x13\x09\x53\x54\x4f\x43\x4b\x48"
-	  "\x4f\x4c\x4d",
-	  "Name L=STOCKHOLM+CN=Love"
-	}
-    };
-
-    int ntests = sizeof(tests) / sizeof(*tests);
-    Name n1, n2;
-    RelativeDistinguishedName rdn1[1];
-    RelativeDistinguishedName rdn2[1];
-    AttributeTypeAndValue atv1[2];
-    AttributeTypeAndValue atv2[2];
-    unsigned cmp_CN[] = { 2, 5, 4, 3 };
-    unsigned cmp_L[] = { 2, 5, 4, 7 };
-
-    /* n1 */
-    n1.element = choice_Name_rdnSequence;
-    n1.u.rdnSequence.val = rdn1;
-    n1.u.rdnSequence.len = sizeof(rdn1)/sizeof(rdn1[0]);
-    rdn1[0].val = atv1;
-    rdn1[0].len = sizeof(atv1)/sizeof(atv1[0]);
-
-    atv1[0].type.length = sizeof(cmp_CN)/sizeof(cmp_CN[0]);
-    atv1[0].type.components = cmp_CN;
-    atv1[0].value.element = choice_DirectoryString_printableString;
-    atv1[0].value.u.printableString = "Love";
-
-    atv1[1].type.length = sizeof(cmp_L)/sizeof(cmp_L[0]);
-    atv1[1].type.components = cmp_L;
-    atv1[1].value.element = choice_DirectoryString_printableString;
-    atv1[1].value.u.printableString = "STOCKHOLM";
-
-    /* n2 */
-    n2.element = choice_Name_rdnSequence;
-    n2.u.rdnSequence.val = rdn2;
-    n2.u.rdnSequence.len = sizeof(rdn2)/sizeof(rdn2[0]);
-    rdn2[0].val = atv2;
-    rdn2[0].len = sizeof(atv2)/sizeof(atv2[0]);
-
-    atv2[0].type.length = sizeof(cmp_L)/sizeof(cmp_L[0]);
-    atv2[0].type.components = cmp_L;
-    atv2[0].value.element = choice_DirectoryString_printableString;
-    atv2[0].value.u.printableString = "STOCKHOLM";
-
-    atv2[1].type.length = sizeof(cmp_CN)/sizeof(cmp_CN[0]);
-    atv2[1].type.components = cmp_CN;
-    atv2[1].value.element = choice_DirectoryString_printableString;
-    atv2[1].value.u.printableString = "Love";
-
-    /* */
-    tests[0].val = &n1;
-    tests[1].val = &n2;
-
-    return generic_test (tests, ntests, sizeof(Name),
-			 (generic_encode)encode_Name,
-			 (generic_length)length_Name,
-			 (generic_decode)decode_Name,
-			 (generic_free)free_Name,
-			 cmp_Name);
-}
-
-static int
-cmp_KeyUsage (void *a, void *b)
-{
-    KeyUsage *aa = a;
-    KeyUsage *ab = b;
-
-    return KeyUsage2int(*aa) != KeyUsage2int(*ab);
-}
-
-static int
-test_bit_string (void)
-{
-    struct test_case tests[] = {
-	{ NULL, 4,
-	  "\x03\x02\x07\x80",
-	  "bitstring 1"
-	},
-	{ NULL, 4,
-	  "\x03\x02\x05\xa0",
-	  "bitstring 2"
-	},
-	{ NULL, 5,
-	  "\x03\x03\x07\x00\x80",
-	  "bitstring 3"
-	},
-	{ NULL, 3,
-	  "\x03\x01\x00",
-	  "bitstring 4"
-	}
-    };
-
-    int ntests = sizeof(tests) / sizeof(*tests);
-    KeyUsage ku1, ku2, ku3, ku4;
-
-    memset(&ku1, 0, sizeof(ku1));
-    ku1.digitalSignature = 1;
-    tests[0].val = &ku1;
-
-    memset(&ku2, 0, sizeof(ku2));
-    ku2.digitalSignature = 1;
-    ku2.keyEncipherment = 1;
-    tests[1].val = &ku2;
-
-    memset(&ku3, 0, sizeof(ku3));
-    ku3.decipherOnly = 1;
-    tests[2].val = &ku3;
-
-    memset(&ku4, 0, sizeof(ku4));
-    tests[3].val = &ku4;
-
-
-    return generic_test (tests, ntests, sizeof(KeyUsage),
-			 (generic_encode)encode_KeyUsage,
-			 (generic_length)length_KeyUsage,
-			 (generic_decode)decode_KeyUsage,
-			 (generic_free)free_KeyUsage,
-			 cmp_KeyUsage);
-}
-
-static int
-cmp_TESTLargeTag (void *a, void *b)
-{
-    TESTLargeTag *aa = a;
-    TESTLargeTag *ab = b;
-
-    COMPARE_INTEGER(aa,ab,foo);
-    return 0;
-}
-
-static int
-test_large_tag (void)
-{
-    struct test_case tests[] = {
-	{ NULL,  8,  "\x30\x06\xbf\x7f\x03\x02\x01\x01", "large tag 1" }
-    };
-
-    int ntests = sizeof(tests) / sizeof(*tests);
-    TESTLargeTag lt1;
-
-    memset(&lt1, 0, sizeof(lt1));
-    lt1.foo = 1;
-
-    tests[0].val = &lt1;
-
-    return generic_test (tests, ntests, sizeof(TESTLargeTag),
-			 (generic_encode)encode_TESTLargeTag,
-			 (generic_length)length_TESTLargeTag,
-			 (generic_decode)decode_TESTLargeTag,
-			 (generic_free)free_TESTLargeTag,
-			 cmp_TESTLargeTag);
-}
-
-struct test_data {
-    int ok;
-    size_t len;
-    size_t expected_len;
-    void *data;
-};
-
-static int
-check_tag_length(void)
-{
-    struct test_data td[] = {
-	{ 1, 3, 3, "\x02\x01\x00"},
-	{ 1, 3, 3, "\x02\x01\x7f"},
-	{ 1, 4, 4, "\x02\x02\x00\x80"},
-	{ 1, 4, 4, "\x02\x02\x01\x00"},
-	{ 1, 4, 4, "\x02\x02\x02\x00"},
-	{ 0, 3, 0, "\x02\x02\x00"},
-	{ 0, 3, 0, "\x02\x7f\x7f"},
-	{ 0, 4, 0, "\x02\x03\x00\x80"},
-	{ 0, 4, 0, "\x02\x7f\x01\x00"},
-	{ 0, 5, 0, "\x02\xff\x7f\x02\x00"}
-    };
-    size_t sz;
-    krb5uint32 values[] = {0, 127, 128, 256, 512,
-			 0, 127, 128, 256, 512 };
-    krb5uint32 u;
-    int i, ret, failed = 0;
-    void *buf;
-
-    for (i = 0; i < sizeof(td)/sizeof(td[0]); i++) {
-	struct map_page *page;
-
-	buf = map_alloc(OVERRUN, td[i].data, td[i].len, &page);
-
-	ret = decode_krb5uint32(buf, td[i].len, &u, &sz);
-	if (ret) {
-	    if (td[i].ok) {
-		printf("failed with tag len test %d\n", i);
-		failed = 1;
-	    }
-	} else {
-	    if (td[i].ok == 0) {
-		printf("failed with success for tag len test %d\n", i);
-		failed = 1;
-	    }
-	    if (td[i].expected_len != sz) {
-		printf("wrong expected size for tag test %d\n", i);
-		failed = 1;
-	    }
-	    if (values[i] != u) {
-		printf("wrong value for tag test %d\n", i);
-		failed = 1;
-	    }
-	}
-	map_free(page, "test", "decode");
-    }
-    return failed;
-}
-
-static int
-cmp_TESTChoice (void *a, void *b)
-{
-    return 0;
-}
-
-static int
-test_choice (void)
-{
-    struct test_case tests[] = {
-	{ NULL,  5,  "\xa1\x03\x02\x01\x01", "large choice 1" },
-	{ NULL,  5,  "\xa2\x03\x02\x01\x02", "large choice 2" }
-    };
-
-    int ret = 0, ntests = sizeof(tests) / sizeof(*tests);
-    TESTChoice1 c1;
-    TESTChoice1 c2_1;
-    TESTChoice2 c2_2;
-
-    memset(&c1, 0, sizeof(c1));
-    c1.element = choice_TESTChoice1_i1;
-    c1.u.i1 = 1;
-    tests[0].val = &c1;
-
-    memset(&c2_1, 0, sizeof(c2_1));
-    c2_1.element = choice_TESTChoice1_i2;
-    c2_1.u.i2 = 2;
-    tests[1].val = &c2_1;
-
-    ret += generic_test (tests, ntests, sizeof(TESTChoice1),
-			 (generic_encode)encode_TESTChoice1,
-			 (generic_length)length_TESTChoice1,
-			 (generic_decode)decode_TESTChoice1,
-			 (generic_free)free_TESTChoice1,
-			 cmp_TESTChoice);
-
-    memset(&c2_2, 0, sizeof(c2_2));
-    c2_2.element = choice_TESTChoice2_asn1_ellipsis;
-    c2_2.u.asn1_ellipsis.data = "\xa2\x03\x02\x01\x02";
-    c2_2.u.asn1_ellipsis.length = 5;
-    tests[1].val = &c2_2;
-
-    ret += generic_test (tests, ntests, sizeof(TESTChoice2),
-			 (generic_encode)encode_TESTChoice2,
-			 (generic_length)length_TESTChoice2,
-			 (generic_decode)decode_TESTChoice2,
-			 (generic_free)free_TESTChoice2,
-			 cmp_TESTChoice);
-
-    return ret;
-}
-
-static int
-cmp_TESTImplicit (void *a, void *b)
-{
-    TESTImplicit *aa = a;
-    TESTImplicit *ab = b;
-
-    COMPARE_INTEGER(aa,ab,ti1);
-    COMPARE_INTEGER(aa,ab,ti2.foo);
-    COMPARE_INTEGER(aa,ab,ti3);
-    return 0;
-}
-
-/*
-UNIV CONS Sequence 14
-  CONTEXT PRIM 0 1 00
-  CONTEXT CONS 1 6
-   CONTEXT CONS 127 3
-     UNIV PRIM Integer 1 02
-  CONTEXT PRIM 2 1 03
-*/
-
-static int
-test_implicit (void)
-{
-    struct test_case tests[] = {
-	{ NULL,  16,  
-	  "\x30\x0e\x80\x01\x00\xa1\x06\xbf"
-	  "\x7f\x03\x02\x01\x02\x82\x01\x03", 
-	  "implicit 1" }
-    };
-
-    int ret = 0, ntests = sizeof(tests) / sizeof(*tests);
-    TESTImplicit c0;
-
-    memset(&c0, 0, sizeof(c0));
-    c0.ti1 = 0;
-    c0.ti2.foo = 2;
-    c0.ti3 = 3;
-    tests[0].val = &c0;
-
-    ret += generic_test (tests, ntests, sizeof(TESTImplicit),
-			 (generic_encode)encode_TESTImplicit,
-			 (generic_length)length_TESTImplicit,
-			 (generic_decode)decode_TESTImplicit,
-			 (generic_free)free_TESTImplicit,
-			 cmp_TESTImplicit);
-
-#ifdef IMPLICIT_TAGGING_WORKS
-    ret += generic_test (tests, ntests, sizeof(TESTImplicit2),
-			 (generic_encode)encode_TESTImplicit2,
-			 (generic_length)length_TESTImplicit2,
-			 (generic_decode)decode_TESTImplicit2,
-			 (generic_free)free_TESTImplicit2,
-			 cmp_TESTImplicit);
-
-#endif /* IMPLICIT_TAGGING_WORKS */
-    return ret;
-}
-
-static int
-cmp_TESTAlloc (void *a, void *b)
-{
-    TESTAlloc *aa = a;
-    TESTAlloc *ab = b;
-
-    IF_OPT_COMPARE(aa,ab,tagless) {
-	COMPARE_INTEGER(aa,ab,tagless->ai);
-    }
-
-    COMPARE_INTEGER(aa,ab,three);
-
-    IF_OPT_COMPARE(aa,ab,tagless2) {
-	COMPARE_OPT_OCTECT_STRING(aa, ab, tagless2);
-    }
-
-    return 0;
-}
-
-/*
-UNIV CONS Sequence 12
-  UNIV CONS Sequence 5
-    CONTEXT CONS 0 3
-      UNIV PRIM Integer 1 01
-  CONTEXT CONS 1 3
-    UNIV PRIM Integer 1 03
-
-UNIV CONS Sequence 5
-  CONTEXT CONS 1 3
-    UNIV PRIM Integer 1 03
-
-UNIV CONS Sequence 8
-  CONTEXT CONS 1 3
-    UNIV PRIM Integer 1 04
-  UNIV PRIM Integer 1 05
-
-*/
-
-static int
-test_taglessalloc (void)
-{
-    struct test_case tests[] = {
-	{ NULL,  14,  
-	  "\x30\x0c\x30\x05\xa0\x03\x02\x01\x01\xa1\x03\x02\x01\x03", 
-	  "alloc 1" },
-	{ NULL,  7,  
-	  "\x30\x05\xa1\x03\x02\x01\x03", 
-	  "alloc 2" },
-	{ NULL,  10,  
-	  "\x30\x08\xa1\x03\x02\x01\x04\x02\x01\x05", 
-	  "alloc 3" }
-    };
-
-    int ret = 0, ntests = sizeof(tests) / sizeof(*tests);
-    TESTAlloc c1, c2, c3;
-    heim_any any3;
-
-    memset(&c1, 0, sizeof(c1));
-    c1.tagless = ecalloc(1, sizeof(*c1.tagless));
-    c1.tagless->ai = 1;
-    c1.three = 3;
-    tests[0].val = &c1;
-
-    memset(&c2, 0, sizeof(c2));
-    c2.tagless = NULL;
-    c2.three = 3;
-    tests[1].val = &c2;
-
-    memset(&c3, 0, sizeof(c3));
-    c3.tagless = NULL;
-    c3.three = 4;
-    c3.tagless2 = &any3;
-    any3.data = "\x02\x01\x05";
-    any3.length = 3;
-    tests[2].val = &c3;
-
-    ret += generic_test (tests, ntests, sizeof(TESTAlloc),
-			 (generic_encode)encode_TESTAlloc,
-			 (generic_length)length_TESTAlloc,
-			 (generic_decode)decode_TESTAlloc,
-			 (generic_free)free_TESTAlloc,
-			 cmp_TESTAlloc);
-
-    free(c1.tagless);
-
-    return ret;
-}
-
-
-static int
-check_fail_largetag(void)
-{
-    struct test_case tests[] = {
-	{NULL, 14, "\x30\x0c\xbf\x87\xff\xff\xff\xff\xff\x7f\x03\x02\x01\x01",
-	 "tag overflow"},
-	{NULL, 0, "", "empty buffer"},
-	{NULL, 7, "\x30\x05\xa1\x03\x02\x02\x01",
-	 "one too short" },
-	{NULL, 7, "\x30\x04\xa1\x03\x02\x02\x01"
-	 "two too short" },
-	{NULL, 7, "\x30\x03\xa1\x03\x02\x02\x01",
-	 "three too short" },
-	{NULL, 7, "\x30\x02\xa1\x03\x02\x02\x01",
-	 "four too short" },
-	{NULL, 7, "\x30\x01\xa1\x03\x02\x02\x01",
-	 "five too short" },
-	{NULL, 7, "\x30\x00\xa1\x03\x02\x02\x01",
-	 "six too short" },
-	{NULL, 7, "\x30\x05\xa1\x04\x02\x02\x01",
-	 "inner one too long" },
-	{NULL, 7, "\x30\x00\xa1\x02\x02\x02\x01",
-	 "inner one too short" },
-	{NULL, 8, "\x30\x05\xbf\x7f\x03\x02\x02\x01",
-	 "inner one too short"},
-	{NULL, 8, "\x30\x06\xbf\x64\x03\x02\x01\x01",
-	 "wrong tag"},
-	{NULL, 10, "\x30\x08\xbf\x9a\x9b\x38\x03\x02\x01\x01",
-	 "still wrong tag"}
-    };
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    return generic_decode_fail(tests, ntests, sizeof(TESTLargeTag),
-			       (generic_decode)decode_TESTLargeTag);
-}
-
-
-static int
-check_fail_sequence(void)
-{
-    struct test_case tests[] = {
-	{NULL, 0, "", "empty buffer"},
-	{NULL, 24, 
-	 "\x30\x16\xa0\x03\x02\x01\x01\xa1\x08\x30\x06\xbf\x7f\x03\x02\x01\x01"
-	 "\x02\x01\x01\xa2\x03\x02\x01\x01"
-	 "missing one byte from the end, internal length ok"},
-	{NULL, 25,
-	 "\x30\x18\xa0\x03\x02\x01\x01\xa1\x08\x30\x06\xbf\x7f\x03\x02\x01\x01"
-	 "\x02\x01\x01\xa2\x03\x02\x01\x01",
-	 "inner length one byte too long"},
-	{NULL, 24, 
-	 "\x30\x17\xa0\x03\x02\x01\x01\xa1\x08\x30\x06\xbf\x7f\x03\x02\x01"
-	 "\x01\x02\x01\x01\xa2\x03\x02\x01\x01",
-	 "correct buffer but missing one too short"}
-    };
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    return generic_decode_fail(tests, ntests, sizeof(TESTSeq),
-			       (generic_decode)decode_TESTSeq);
-}
-
-static int
-check_fail_choice(void)
-{
-    struct test_case tests[] = {
-	{NULL, 6,
-	 "\xa1\x02\x02\x01\x01",
-	 "one too short"},
-	{NULL, 6,
-	 "\xa1\x03\x02\x02\x01",
-	 "one too short inner"}
-    };
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    return generic_decode_fail(tests, ntests, sizeof(TESTChoice1),
-			       (generic_decode)decode_TESTChoice1);
-}
-
-static int
-check_seq(void)
-{
-    TESTSeqOf seq;
-    TESTInteger i;
-    int ret;
-
-    seq.val = NULL;
-    seq.len = 0;
-
-    ret = add_TESTSeqOf(&seq, &i);
-    if (ret) { printf("failed adding\n"); goto out; }
-    ret = add_TESTSeqOf(&seq, &i);
-    if (ret) { printf("failed adding\n"); goto out; }
-    ret = add_TESTSeqOf(&seq, &i);
-    if (ret) { printf("failed adding\n"); goto out; }
-    ret = add_TESTSeqOf(&seq, &i);
-    if (ret) { printf("failed adding\n"); goto out; }
-
-    ret = remove_TESTSeqOf(&seq, seq.len - 1);
-    if (ret) { printf("failed removing\n"); goto out; }
-    ret = remove_TESTSeqOf(&seq, 2);
-    if (ret) { printf("failed removing\n"); goto out; }
-    ret = remove_TESTSeqOf(&seq, 0);
-    if (ret) { printf("failed removing\n"); goto out; }
-    ret = remove_TESTSeqOf(&seq, 0);
-    if (ret) { printf("failed removing\n"); goto out; }
-    ret = remove_TESTSeqOf(&seq, 0);
-    if (ret == 0) {
-	printf("can remove from empty list");
-	return 1;
-    }
-
-    if (seq.len != 0) {
-	printf("seq not empty!");
-	return 1;
-    }
-    free_TESTSeqOf(&seq);
-    ret = 0;
-
-out:
-
-    return ret;
-}
-
-#define test_seq_of(type, ok, ptr)					\
-{									\
-    heim_octet_string os;						\
-    size_t size;							\
-    type decode;							\
-    ASN1_MALLOC_ENCODE(type, os.data, os.length, ptr, &size, ret);	\
-    if (ret)								\
-	return ret;							\
-    if (os.length != size)						\
-	abort();							\
-    ret = decode_##type(os.data, os.length, &decode, &size);		\
-    free(os.data);							\
-    if (ret) {								\
-	if (ok)								\
-	    return 1;							\
-    } else {								\
-	free_##type(&decode);						\
-	if (!ok)							\
-	    return 1;							\
-	if (size != 0)							\
-            return 1;							\
-    }									\
-    return 0;								\
-}
-
-static int
-check_seq_of_size(void)
-{
-    TESTInteger integers[4] = { 1, 2, 3, 4 };
-    int ret;
-
-    {
-	TESTSeqSizeOf1 ssof1f1 = { 1, integers };
-	TESTSeqSizeOf1 ssof1ok1 = { 2, integers };
-	TESTSeqSizeOf1 ssof1f2 = { 3, integers };
-
-	test_seq_of(TESTSeqSizeOf1, 0, &ssof1f1);
-	test_seq_of(TESTSeqSizeOf1, 1, &ssof1ok1);
-	test_seq_of(TESTSeqSizeOf1, 0, &ssof1f2);
-    }
-    {
-	TESTSeqSizeOf2 ssof2f1 = { 0, NULL };
-	TESTSeqSizeOf2 ssof2ok1 = { 1, integers };
-	TESTSeqSizeOf2 ssof2ok2 = { 2, integers };
-	TESTSeqSizeOf2 ssof2f2 = { 3, integers };
-	
-	test_seq_of(TESTSeqSizeOf2, 0, &ssof2f1);
-	test_seq_of(TESTSeqSizeOf2, 1, &ssof2ok1);
-	test_seq_of(TESTSeqSizeOf2, 1, &ssof2ok2);
-	test_seq_of(TESTSeqSizeOf2, 0, &ssof2f2);
-    }
-    {
-	TESTSeqSizeOf3 ssof3f1 = { 0, NULL };
-	TESTSeqSizeOf3 ssof3ok1 = { 1, integers };
-	TESTSeqSizeOf3 ssof3ok2 = { 2, integers };
-	
-	test_seq_of(TESTSeqSizeOf3, 0, &ssof3f1);
-	test_seq_of(TESTSeqSizeOf3, 1, &ssof3ok1);
-	test_seq_of(TESTSeqSizeOf3, 1, &ssof3ok2);
-    }
-    {
-	TESTSeqSizeOf4 ssof4ok1 = { 0, NULL };
-	TESTSeqSizeOf4 ssof4ok2 = { 1, integers };
-	TESTSeqSizeOf4 ssof4ok3 = { 2, integers };
-	TESTSeqSizeOf4 ssof4f1  = { 3, integers };
-	
-	test_seq_of(TESTSeqSizeOf4, 1, &ssof4ok1);
-	test_seq_of(TESTSeqSizeOf4, 1, &ssof4ok2); 
-	test_seq_of(TESTSeqSizeOf4, 1, &ssof4ok3);
-	test_seq_of(TESTSeqSizeOf4, 0, &ssof4f1);
-   }
-
-    return 0;
-}
-
-
-
-int
-main(int argc, char **argv)
-{
-    int ret = 0;
-
-    ret += test_principal ();
-    ret += test_authenticator();
-    ret += test_krb_error();
-    ret += test_Name();
-    ret += test_bit_string();
-
-    ret += check_tag_length();
-    ret += test_large_tag();
-    ret += test_choice();
-
-    ret += test_implicit();
-    ret += test_taglessalloc();
-
-    ret += check_fail_largetag();
-    ret += check_fail_sequence();
-    ret += check_fail_choice();
-
-    ret += check_seq();
-    ret += check_seq_of_size();
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/asn1/check-timegm.c b/crypto/heimdal/lib/asn1/check-timegm.c
deleted file mode 100644
index 7d33455a3c56..000000000000
--- a/crypto/heimdal/lib/asn1/check-timegm.c
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <der_locl.h>
-
-RCSID("$Id: check-timegm.c 18610 2006-10-19 16:33:24Z lha $");
-
-static int
-test_timegm(void)
-{
-    int ret = 0;
-    struct tm tm;
-    time_t t;
-
-    memset(&tm, 0, sizeof(tm));
-    tm.tm_year = 106;
-    tm.tm_mon = 9;
-    tm.tm_mday = 1;
-    tm.tm_hour = 10;
-    tm.tm_min = 3;
-
-    t = _der_timegm(&tm);
-    if (t != 1159696980)
-	ret += 1;
-
-    tm.tm_mday = 0;
-    t = _der_timegm(&tm);
-    if (t != -1)
-	ret += 1;
-
-    return ret;
-}
-
-int
-main(int argc, char **argv)
-{
-    int ret = 0;
-
-    ret += test_timegm();
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/asn1/der-protos.h b/crypto/heimdal/lib/asn1/der-protos.h
deleted file mode 100644
index 7bfe02ebb449..000000000000
--- a/crypto/heimdal/lib/asn1/der-protos.h
+++ /dev/null
@@ -1,567 +0,0 @@
-/* This is a generated file */
-#ifndef __der_protos_h__
-#define __der_protos_h__
-
-#include <stdarg.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-int
-copy_heim_any (
-	const heim_any */*from*/,
-	heim_any */*to*/);
-
-int
-copy_heim_any_set (
-	const heim_any_set */*from*/,
-	heim_any_set */*to*/);
-
-int
-decode_heim_any (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	heim_any */*data*/,
-	size_t */*size*/);
-
-int
-decode_heim_any_set (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	heim_any_set */*data*/,
-	size_t */*size*/);
-
-int
-der_copy_bit_string (
-	const heim_bit_string */*from*/,
-	heim_bit_string */*to*/);
-
-int
-der_copy_bmp_string (
-	const heim_bmp_string */*from*/,
-	heim_bmp_string */*to*/);
-
-int
-der_copy_general_string (
-	const heim_general_string */*from*/,
-	heim_general_string */*to*/);
-
-int
-der_copy_heim_integer (
-	const heim_integer */*from*/,
-	heim_integer */*to*/);
-
-int
-der_copy_ia5_string (
-	const heim_printable_string */*from*/,
-	heim_printable_string */*to*/);
-
-int
-der_copy_octet_string (
-	const heim_octet_string */*from*/,
-	heim_octet_string */*to*/);
-
-int
-der_copy_oid (
-	const heim_oid */*from*/,
-	heim_oid */*to*/);
-
-int
-der_copy_printable_string (
-	const heim_printable_string */*from*/,
-	heim_printable_string */*to*/);
-
-int
-der_copy_universal_string (
-	const heim_universal_string */*from*/,
-	heim_universal_string */*to*/);
-
-int
-der_copy_utf8string (
-	const heim_utf8_string */*from*/,
-	heim_utf8_string */*to*/);
-
-int
-der_copy_visible_string (
-	const heim_visible_string */*from*/,
-	heim_visible_string */*to*/);
-
-void
-der_free_bit_string (heim_bit_string */*k*/);
-
-void
-der_free_bmp_string (heim_bmp_string */*k*/);
-
-void
-der_free_general_string (heim_general_string */*str*/);
-
-void
-der_free_heim_integer (heim_integer */*k*/);
-
-void
-der_free_ia5_string (heim_ia5_string */*str*/);
-
-void
-der_free_octet_string (heim_octet_string */*k*/);
-
-void
-der_free_oid (heim_oid */*k*/);
-
-void
-der_free_printable_string (heim_printable_string */*str*/);
-
-void
-der_free_universal_string (heim_universal_string */*k*/);
-
-void
-der_free_utf8string (heim_utf8_string */*str*/);
-
-void
-der_free_visible_string (heim_visible_string */*str*/);
-
-int
-der_get_bit_string (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	heim_bit_string */*data*/,
-	size_t */*size*/);
-
-int
-der_get_bmp_string (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	heim_bmp_string */*data*/,
-	size_t */*size*/);
-
-int
-der_get_boolean (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	int */*data*/,
-	size_t */*size*/);
-
-const char *
-der_get_class_name (unsigned /*num*/);
-
-int
-der_get_class_num (const char */*name*/);
-
-int
-der_get_general_string (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	heim_general_string */*str*/,
-	size_t */*size*/);
-
-int
-der_get_generalized_time (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	time_t */*data*/,
-	size_t */*size*/);
-
-int
-der_get_heim_integer (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	heim_integer */*data*/,
-	size_t */*size*/);
-
-int
-der_get_ia5_string (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	heim_ia5_string */*str*/,
-	size_t */*size*/);
-
-int
-der_get_integer (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	int */*ret*/,
-	size_t */*size*/);
-
-int
-der_get_length (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	size_t */*val*/,
-	size_t */*size*/);
-
-int
-der_get_octet_string (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	heim_octet_string */*data*/,
-	size_t */*size*/);
-
-int
-der_get_oid (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	heim_oid */*data*/,
-	size_t */*size*/);
-
-int
-der_get_printable_string (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	heim_printable_string */*str*/,
-	size_t */*size*/);
-
-int
-der_get_tag (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	Der_class */*class*/,
-	Der_type */*type*/,
-	unsigned int */*tag*/,
-	size_t */*size*/);
-
-const char *
-der_get_tag_name (unsigned /*num*/);
-
-int
-der_get_tag_num (const char */*name*/);
-
-const char *
-der_get_type_name (unsigned /*num*/);
-
-int
-der_get_type_num (const char */*name*/);
-
-int
-der_get_universal_string (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	heim_universal_string */*data*/,
-	size_t */*size*/);
-
-int
-der_get_unsigned (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	unsigned */*ret*/,
-	size_t */*size*/);
-
-int
-der_get_utctime (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	time_t */*data*/,
-	size_t */*size*/);
-
-int
-der_get_utf8string (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	heim_utf8_string */*str*/,
-	size_t */*size*/);
-
-int
-der_get_visible_string (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	heim_visible_string */*str*/,
-	size_t */*size*/);
-
-int
-der_heim_bit_string_cmp (
-	const heim_bit_string */*p*/,
-	const heim_bit_string */*q*/);
-
-int
-der_heim_bmp_string_cmp (
-	const heim_bmp_string */*p*/,
-	const heim_bmp_string */*q*/);
-
-int
-der_heim_integer_cmp (
-	const heim_integer */*p*/,
-	const heim_integer */*q*/);
-
-int
-der_heim_octet_string_cmp (
-	const heim_octet_string */*p*/,
-	const heim_octet_string */*q*/);
-
-int
-der_heim_oid_cmp (
-	const heim_oid */*p*/,
-	const heim_oid */*q*/);
-
-int
-der_heim_universal_string_cmp (
-	const heim_universal_string */*p*/,
-	const heim_universal_string */*q*/);
-
-size_t
-der_length_bit_string (const heim_bit_string */*k*/);
-
-size_t
-der_length_bmp_string (const heim_bmp_string */*data*/);
-
-size_t
-der_length_boolean (const int */*k*/);
-
-size_t
-der_length_enumerated (const unsigned */*data*/);
-
-size_t
-der_length_general_string (const heim_general_string */*data*/);
-
-size_t
-der_length_generalized_time (const time_t */*t*/);
-
-size_t
-der_length_heim_integer (const heim_integer */*k*/);
-
-size_t
-der_length_ia5_string (const heim_ia5_string */*data*/);
-
-size_t
-der_length_integer (const int */*data*/);
-
-size_t
-der_length_len (size_t /*len*/);
-
-size_t
-der_length_octet_string (const heim_octet_string */*k*/);
-
-size_t
-der_length_oid (const heim_oid */*k*/);
-
-size_t
-der_length_printable_string (const heim_printable_string */*data*/);
-
-size_t
-der_length_universal_string (const heim_universal_string */*data*/);
-
-size_t
-der_length_unsigned (const unsigned */*data*/);
-
-size_t
-der_length_utctime (const time_t */*t*/);
-
-size_t
-der_length_utf8string (const heim_utf8_string */*data*/);
-
-size_t
-der_length_visible_string (const heim_visible_string */*data*/);
-
-int
-der_match_tag (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	Der_class /*class*/,
-	Der_type /*type*/,
-	unsigned int /*tag*/,
-	size_t */*size*/);
-
-int
-der_match_tag_and_length (
-	const unsigned char */*p*/,
-	size_t /*len*/,
-	Der_class /*class*/,
-	Der_type /*type*/,
-	unsigned int /*tag*/,
-	size_t */*length_ret*/,
-	size_t */*size*/);
-
-int
-der_parse_heim_oid (
-	const char */*str*/,
-	const char */*sep*/,
-	heim_oid */*data*/);
-
-int
-der_parse_hex_heim_integer (
-	const char */*p*/,
-	heim_integer */*data*/);
-
-int
-der_print_heim_oid (
-	const heim_oid */*oid*/,
-	char /*delim*/,
-	char **/*str*/);
-
-int
-der_print_hex_heim_integer (
-	const heim_integer */*data*/,
-	char **/*p*/);
-
-int
-der_put_bit_string (
-	unsigned char */*p*/,
-	size_t /*len*/,
-	const heim_bit_string */*data*/,
-	size_t */*size*/);
-
-int
-der_put_bmp_string (
-	unsigned char */*p*/,
-	size_t /*len*/,
-	const heim_bmp_string */*data*/,
-	size_t */*size*/);
-
-int
-der_put_boolean (
-	unsigned char */*p*/,
-	size_t /*len*/,
-	const int */*data*/,
-	size_t */*size*/);
-
-int
-der_put_general_string (
-	unsigned char */*p*/,
-	size_t /*len*/,
-	const heim_general_string */*str*/,
-	size_t */*size*/);
-
-int
-der_put_generalized_time (
-	unsigned char */*p*/,
-	size_t /*len*/,
-	const time_t */*data*/,
-	size_t */*size*/);
-
-int
-der_put_heim_integer (
-	unsigned char */*p*/,
-	size_t /*len*/,
-	const heim_integer */*data*/,
-	size_t */*size*/);
-
-int
-der_put_ia5_string (
-	unsigned char */*p*/,
-	size_t /*len*/,
-	const heim_ia5_string */*str*/,
-	size_t */*size*/);
-
-int
-der_put_integer (
-	unsigned char */*p*/,
-	size_t /*len*/,
-	const int */*v*/,
-	size_t */*size*/);
-
-int
-der_put_length (
-	unsigned char */*p*/,
-	size_t /*len*/,
-	size_t /*val*/,
-	size_t */*size*/);
-
-int
-der_put_length_and_tag (
-	unsigned char */*p*/,
-	size_t /*len*/,
-	size_t /*len_val*/,
-	Der_class /*class*/,
-	Der_type /*type*/,
-	unsigned int /*tag*/,
-	size_t */*size*/);
-
-int
-der_put_octet_string (
-	unsigned char */*p*/,
-	size_t /*len*/,
-	const heim_octet_string */*data*/,
-	size_t */*size*/);
-
-int
-der_put_oid (
-	unsigned char */*p*/,
-	size_t /*len*/,
-	const heim_oid */*data*/,
-	size_t */*size*/);
-
-int
-der_put_printable_string (
-	unsigned char */*p*/,
-	size_t /*len*/,
-	const heim_printable_string */*str*/,
-	size_t */*size*/);
-
-int
-der_put_tag (
-	unsigned char */*p*/,
-	size_t /*len*/,
-	Der_class /*class*/,
-	Der_type /*type*/,
-	unsigned int /*tag*/,
-	size_t */*size*/);
-
-int
-der_put_universal_string (
-	unsigned char */*p*/,
-	size_t /*len*/,
-	const heim_universal_string */*data*/,
-	size_t */*size*/);
-
-int
-der_put_unsigned (
-	unsigned char */*p*/,
-	size_t /*len*/,
-	const unsigned */*v*/,
-	size_t */*size*/);
-
-int
-der_put_utctime (
-	unsigned char */*p*/,
-	size_t /*len*/,
-	const time_t */*data*/,
-	size_t */*size*/);
-
-int
-der_put_utf8string (
-	unsigned char */*p*/,
-	size_t /*len*/,
-	const heim_utf8_string */*str*/,
-	size_t */*size*/);
-
-int
-der_put_visible_string (
-	unsigned char */*p*/,
-	size_t /*len*/,
-	const heim_visible_string */*str*/,
-	size_t */*size*/);
-
-int
-encode_heim_any (
-	unsigned char */*p*/,
-	size_t /*len*/,
-	const heim_any */*data*/,
-	size_t */*size*/);
-
-int
-encode_heim_any_set (
-	unsigned char */*p*/,
-	size_t /*len*/,
-	const heim_any_set */*data*/,
-	size_t */*size*/);
-
-void
-free_heim_any (heim_any */*data*/);
-
-void
-free_heim_any_set (heim_any_set */*data*/);
-
-int
-heim_any_cmp (
-	const heim_any_set */*p*/,
-	const heim_any_set */*q*/);
-
-size_t
-length_heim_any (const heim_any */*data*/);
-
-size_t
-length_heim_any_set (const heim_any */*data*/);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __der_protos_h__ */
diff --git a/crypto/heimdal/lib/asn1/der.c b/crypto/heimdal/lib/asn1/der.c
deleted file mode 100644
index 120dc086afc9..000000000000
--- a/crypto/heimdal/lib/asn1/der.c
+++ /dev/null
@@ -1,142 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "der_locl.h"
-#include <com_err.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <getarg.h>
-#include <err.h>
-
-RCSID("$Id: der.c 22429 2008-01-13 10:25:50Z lha $");
-
-
-static const char *class_names[] = {
-    "UNIV",			/* 0 */
-    "APPL",			/* 1 */
-    "CONTEXT",			/* 2 */
-    "PRIVATE"			/* 3 */
-};
-
-static const char *type_names[] = {
-    "PRIM",			/* 0 */
-    "CONS"			/* 1 */
-};
-
-static const char *tag_names[] = {
-    "EndOfContent",		/* 0 */
-    "Boolean",			/* 1 */
-    "Integer",			/* 2 */
-    "BitString",		/* 3 */
-    "OctetString",		/* 4 */
-    "Null",			/* 5 */
-    "ObjectID",			/* 6 */
-    NULL,			/* 7 */
-    NULL,			/* 8 */
-    NULL,			/* 9 */
-    "Enumerated",		/* 10 */
-    NULL,			/* 11 */
-    NULL,			/* 12 */
-    NULL,			/* 13 */
-    NULL,			/* 14 */
-    NULL,			/* 15 */
-    "Sequence",			/* 16 */
-    "Set",			/* 17 */
-    NULL,			/* 18 */
-    "PrintableString",		/* 19 */
-    NULL,			/* 20 */
-    NULL,			/* 21 */
-    "IA5String",		/* 22 */
-    "UTCTime",			/* 23 */
-    "GeneralizedTime",		/* 24 */
-    NULL,			/* 25 */
-    "VisibleString",		/* 26 */
-    "GeneralString",		/* 27 */
-    NULL,			/* 28 */
-    NULL,			/* 29 */
-    "BMPString"			/* 30 */
-};
-
-static int
-get_type(const char *name, const char *list[], unsigned len)
-{
-    unsigned i;
-    for (i = 0; i < len; i++)
-	if (list[i] && strcasecmp(list[i], name) == 0)
-	    return i;
-    return -1;
-}
-
-#define SIZEOF_ARRAY(a) (sizeof((a))/sizeof((a)[0]))
-
-const char *
-der_get_class_name(unsigned num)
-{
-    if (num >= SIZEOF_ARRAY(class_names))
-	return NULL;
-    return class_names[num];
-}
-
-int
-der_get_class_num(const char *name)
-{
-    return get_type(name, class_names, SIZEOF_ARRAY(class_names));
-}
-
-const char *
-der_get_type_name(unsigned num)
-{
-    if (num >= SIZEOF_ARRAY(type_names))
-	return NULL;
-    return type_names[num];
-}
-
-int
-der_get_type_num(const char *name)
-{
-    return get_type(name, type_names, SIZEOF_ARRAY(type_names));
-}
-
-const char *
-der_get_tag_name(unsigned num)
-{
-    if (num >= SIZEOF_ARRAY(tag_names))
-	return NULL;
-    return tag_names[num];
-}
-
-int
-der_get_tag_num(const char *name)
-{
-    return get_type(name, tag_names, SIZEOF_ARRAY(tag_names));
-}
diff --git a/crypto/heimdal/lib/asn1/der.h b/crypto/heimdal/lib/asn1/der.h
deleted file mode 100644
index 13e39320d4ec..000000000000
--- a/crypto/heimdal/lib/asn1/der.h
+++ /dev/null
@@ -1,103 +0,0 @@
-/*
- * Copyright (c) 1997 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: der.h 18437 2006-10-14 05:16:08Z lha $ */
-
-#ifndef __DER_H__
-#define __DER_H__
-
-typedef enum {
-    ASN1_C_UNIV = 0,
-    ASN1_C_APPL = 1,
-    ASN1_C_CONTEXT = 2,
-    ASN1_C_PRIVATE = 3
-} Der_class;
-
-typedef enum {PRIM = 0, CONS = 1} Der_type;
-
-#define MAKE_TAG(CLASS, TYPE, TAG)  (((CLASS) << 6) | ((TYPE) << 5) | (TAG))
-
-/* Universal tags */
-
-enum {
-    UT_EndOfContent	= 0,
-    UT_Boolean		= 1,
-    UT_Integer		= 2,	
-    UT_BitString	= 3,
-    UT_OctetString	= 4,
-    UT_Null		= 5,
-    UT_OID		= 6,
-    UT_Enumerated	= 10,
-    UT_UTF8String	= 12,
-    UT_Sequence		= 16,
-    UT_Set		= 17,
-    UT_PrintableString	= 19,
-    UT_IA5String	= 22,
-    UT_UTCTime		= 23,
-    UT_GeneralizedTime	= 24,
-    UT_UniversalString	= 25,
-    UT_VisibleString	= 26,
-    UT_GeneralString	= 27,
-    UT_BMPString	= 30,
-    /* unsupported types */
-    UT_ObjectDescriptor = 7,
-    UT_External		= 8,
-    UT_Real		= 9,
-    UT_EmbeddedPDV	= 11,
-    UT_RelativeOID	= 13,
-    UT_NumericString	= 18,
-    UT_TeletexString	= 20,
-    UT_VideotexString	= 21,
-    UT_GraphicString	= 25
-};
-
-#define ASN1_INDEFINITE 0xdce0deed
-
-typedef struct heim_der_time_t {
-    time_t dt_sec;
-    unsigned long dt_nsec;
-} heim_der_time_t;
-
-typedef struct heim_ber_time_t {
-    time_t bt_sec;
-    unsigned bt_nsec;
-    int bt_zone;
-} heim_ber_time_t;
-
-#include <der-protos.h>
-
-int _heim_fix_dce(size_t reallen, size_t *len);
-int _heim_der_set_sort(const void *, const void *);
-int _heim_time2generalizedtime (time_t, heim_octet_string *, int);
-
-#endif /* __DER_H__ */
diff --git a/crypto/heimdal/lib/asn1/der_cmp.c b/crypto/heimdal/lib/asn1/der_cmp.c
deleted file mode 100644
index f27f03c02bd3..000000000000
--- a/crypto/heimdal/lib/asn1/der_cmp.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * Copyright (c) 2003-2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "der_locl.h"
-
-int
-der_heim_oid_cmp(const heim_oid *p, const heim_oid *q)
-{
-    if (p->length != q->length)
-	return p->length - q->length;
-    return memcmp(p->components, 
-		  q->components,
-		  p->length * sizeof(*p->components));
-}
-
-int
-der_heim_octet_string_cmp(const heim_octet_string *p, 
-			  const heim_octet_string *q)
-{
-    if (p->length != q->length)
-	return p->length - q->length;
-    return memcmp(p->data, q->data, p->length);
-}
-
-int
-der_heim_bit_string_cmp(const heim_bit_string *p,
-			const heim_bit_string *q)
-{
-    int i, r1, r2;
-    if (p->length != q->length)
-	return p->length - q->length;
-    i = memcmp(p->data, q->data, p->length / 8);
-    if (i)
-	return i;
-    if ((p->length % 8) == 0)
-	return 0;
-    i = (p->length / 8);
-    r1 = ((unsigned char *)p->data)[i];
-    r2 = ((unsigned char *)q->data)[i];
-    i = 8 - (p->length % 8);
-    r1 = r1 >> i;
-    r2 = r2 >> i;
-    return r1 - r2;
-}
-
-int
-der_heim_integer_cmp(const heim_integer *p,
-		     const heim_integer *q)
-{
-    if (p->negative != q->negative)
-	return q->negative - p->negative;
-    if (p->length != q->length)
-	return p->length - q->length;
-    return memcmp(p->data, q->data, p->length);
-}
-
-int
-der_heim_bmp_string_cmp(const heim_bmp_string *p, const heim_bmp_string *q)
-{
-    if (p->length != q->length)
-	return p->length - q->length;
-    return memcmp(p->data, q->data, q->length * sizeof(q->data[0]));
-}
-
-int
-der_heim_universal_string_cmp(const heim_universal_string *p, 
-			      const heim_universal_string *q)
-{
-    if (p->length != q->length)
-	return p->length - q->length;
-    return memcmp(p->data, q->data, q->length * sizeof(q->data[0]));
-}
diff --git a/crypto/heimdal/lib/asn1/der_copy.c b/crypto/heimdal/lib/asn1/der_copy.c
deleted file mode 100644
index 04c4531ca578..000000000000
--- a/crypto/heimdal/lib/asn1/der_copy.c
+++ /dev/null
@@ -1,145 +0,0 @@
-/*
- * Copyright (c) 1997 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "der_locl.h"
-
-RCSID("$Id: der_copy.c 19539 2006-12-28 17:15:05Z lha $");
-
-int
-der_copy_general_string (const heim_general_string *from, 
-			 heim_general_string *to)
-{
-    *to = strdup(*from);
-    if(*to == NULL)
-	return ENOMEM;
-    return 0;
-}
-
-int
-der_copy_utf8string (const heim_utf8_string *from, heim_utf8_string *to)
-{
-    return der_copy_general_string(from, to);
-}
-
-int
-der_copy_printable_string (const heim_printable_string *from, 
-		       heim_printable_string *to)
-{
-    return der_copy_general_string(from, to);
-}
-
-int
-der_copy_ia5_string (const heim_printable_string *from, 
-		     heim_printable_string *to)
-{
-    return der_copy_general_string(from, to);
-}
-
-int
-der_copy_bmp_string (const heim_bmp_string *from, heim_bmp_string *to)
-{
-    to->length = from->length;
-    to->data   = malloc(to->length * sizeof(to->data[0]));
-    if(to->length != 0 && to->data == NULL)
-	return ENOMEM;
-    memcpy(to->data, from->data, to->length * sizeof(to->data[0]));
-    return 0;
-}
-
-int
-der_copy_universal_string (const heim_universal_string *from,
-			   heim_universal_string *to)
-{
-    to->length = from->length;
-    to->data   = malloc(to->length * sizeof(to->data[0]));
-    if(to->length != 0 && to->data == NULL)
-	return ENOMEM;
-    memcpy(to->data, from->data, to->length * sizeof(to->data[0]));
-    return 0;
-}
-
-int
-der_copy_visible_string (const heim_visible_string *from, 
-			 heim_visible_string *to)
-{
-    return der_copy_general_string(from, to);
-}
-
-int
-der_copy_octet_string (const heim_octet_string *from, heim_octet_string *to)
-{
-    to->length = from->length;
-    to->data   = malloc(to->length);
-    if(to->length != 0 && to->data == NULL)
-	return ENOMEM;
-    memcpy(to->data, from->data, to->length);
-    return 0;
-}
-
-int
-der_copy_heim_integer (const heim_integer *from, heim_integer *to)
-{
-    to->length = from->length;
-    to->data   = malloc(to->length);
-    if(to->length != 0 && to->data == NULL)
-	return ENOMEM;
-    memcpy(to->data, from->data, to->length);
-    to->negative = from->negative;
-    return 0;
-}
-
-int
-der_copy_oid (const heim_oid *from, heim_oid *to)
-{
-    to->length     = from->length;
-    to->components = malloc(to->length * sizeof(*to->components));
-    if (to->length != 0 && to->components == NULL)
-	return ENOMEM;
-    memcpy(to->components, from->components,
-	   to->length * sizeof(*to->components));
-    return 0;
-}
-
-int
-der_copy_bit_string (const heim_bit_string *from, heim_bit_string *to)
-{
-    size_t len;
-
-    len = (from->length + 7) / 8;
-    to->length = from->length;
-    to->data   = malloc(len);
-    if(len != 0 && to->data == NULL)
-	return ENOMEM;
-    memcpy(to->data, from->data, len);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/asn1/der_format.c b/crypto/heimdal/lib/asn1/der_format.c
deleted file mode 100644
index 6908bddcc26e..000000000000
--- a/crypto/heimdal/lib/asn1/der_format.c
+++ /dev/null
@@ -1,170 +0,0 @@
-/*
- * Copyright (c) 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "der_locl.h"
-#include <hex.h>
-
-RCSID("$Id: der_format.c 20861 2007-06-03 20:18:29Z lha $");
-
-int
-der_parse_hex_heim_integer (const char *p, heim_integer *data)
-{
-    ssize_t len;
-
-    data->length = 0;
-    data->negative = 0;
-    data->data = NULL;
-
-    if (*p == '-') {
-	p++;
-	data->negative = 1;
-    }
-
-    len = strlen(p);
-    if (len <= 0) {
-	data->data = NULL;
-	data->length = 0;
-	return EINVAL;
-    }
-    
-    data->length = (len / 2) + 1;
-    data->data = malloc(data->length);
-    if (data->data == NULL) {
-	data->length = 0;
-	return ENOMEM;
-    }
-
-    len = hex_decode(p, data->data, data->length);
-    if (len < 0) {
-	free(data->data);
-	data->data = NULL;
-	data->length = 0;
-	return EINVAL;
-    }
-
-    {
-	unsigned char *q = data->data;
-	while(len > 0 && *q == 0) {
-	    q++;
-	    len--;
-	}
-	data->length = len;
-	memmove(data->data, q, len);
-    }
-    return 0;
-}
-
-int
-der_print_hex_heim_integer (const heim_integer *data, char **p)
-{
-    ssize_t len;
-    char *q;
-
-    len = hex_encode(data->data, data->length, p);
-    if (len < 0)
-	return ENOMEM;
-
-    if (data->negative) {
-	len = asprintf(&q, "-%s", *p);
-	free(*p);
-	if (len < 0)
-	    return ENOMEM;
-	*p = q;
-    }
-    return 0;
-}
-
-int
-der_print_heim_oid (const heim_oid *oid, char delim, char **str)
-{
-    struct rk_strpool *p = NULL;
-    int i;
-
-    if (oid->length == 0)
-	return EINVAL;
-
-    for (i = 0; i < oid->length ; i++) {
-	p = rk_strpoolprintf(p, "%d", oid->components[i]);
-	if (p && i < oid->length - 1)
-	    p = rk_strpoolprintf(p, "%c", delim);
-	if (p == NULL) {
-	    *str = NULL;
-	    return ENOMEM;
-	}
-    }
-
-    *str = rk_strpoolcollect(p);
-    if (*str == NULL)
-	return ENOMEM;
-    return 0;
-}
-
-int
-der_parse_heim_oid (const char *str, const char *sep, heim_oid *data)
-{
-    char *s, *w, *brkt, *endptr;
-    unsigned int *c;
-    long l;
-
-    data->length = 0;
-    data->components = NULL;
-
-    if (sep == NULL)
-	sep = ".";
-
-    s = strdup(str);
-
-    for (w = strtok_r(s, sep, &brkt); 
-	 w != NULL; 
-	 w = strtok_r(NULL, sep, &brkt)) {
-
-	c = realloc(data->components,
-		    (data->length + 1) * sizeof(data->components[0]));
-	if (c == NULL) {
-	    der_free_oid(data);
-	    free(s);
-	    return ENOMEM;
-	}
-	data->components = c;
-
-	l = strtol(w, &endptr, 10);
-	if (*endptr != '\0' || l < 0 || l > INT_MAX) {
-	    der_free_oid(data);
-	    free(s);
-	    return EINVAL;
-	}
-	data->components[data->length++] = l;
-    }
-    free(s);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/asn1/der_free.c b/crypto/heimdal/lib/asn1/der_free.c
deleted file mode 100644
index 851cb1d40775..000000000000
--- a/crypto/heimdal/lib/asn1/der_free.c
+++ /dev/null
@@ -1,119 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "der_locl.h"
-
-RCSID("$Id: der_free.c 19539 2006-12-28 17:15:05Z lha $");
-
-void
-der_free_general_string (heim_general_string *str)
-{
-    free(*str);
-    *str = NULL;
-}
-
-void
-der_free_utf8string (heim_utf8_string *str)
-{
-    free(*str);
-    *str = NULL;
-}
-
-void
-der_free_printable_string (heim_printable_string *str)
-{
-    free(*str);
-    *str = NULL;
-}
-
-void
-der_free_ia5_string (heim_ia5_string *str)
-{
-    free(*str);
-    *str = NULL;
-}
-
-void
-der_free_bmp_string (heim_bmp_string *k)
-{
-    free(k->data);
-    k->data = NULL;
-    k->length = 0;
-}
-
-void
-der_free_universal_string (heim_universal_string *k)
-{
-    free(k->data);
-    k->data = NULL;
-    k->length = 0;
-}
-
-void
-der_free_visible_string (heim_visible_string *str)
-{
-    free(*str);
-    *str = NULL;
-}
-
-void
-der_free_octet_string (heim_octet_string *k)
-{
-    free(k->data);
-    k->data = NULL;
-    k->length = 0;
-}
-
-void
-der_free_heim_integer (heim_integer *k)
-{
-    free(k->data);
-    k->data = NULL;
-    k->length = 0;
-}
-
-void
-der_free_oid (heim_oid *k)
-{
-    free(k->components);
-    k->components = NULL;
-    k->length = 0;
-}
-
-void
-der_free_bit_string (heim_bit_string *k)
-{
-    free(k->data);
-    k->data = NULL;
-    k->length = 0;
-}
diff --git a/crypto/heimdal/lib/asn1/der_get.c b/crypto/heimdal/lib/asn1/der_get.c
deleted file mode 100644
index f232ce9a296d..000000000000
--- a/crypto/heimdal/lib/asn1/der_get.c
+++ /dev/null
@@ -1,546 +0,0 @@
-/*
- * Copyright (c) 1997 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "der_locl.h"
-
-RCSID("$Id: der_get.c 21369 2007-06-27 10:14:39Z lha $");
-
-#include <version.h>
-
-/* 
- * All decoding functions take a pointer `p' to first position in
- * which to read, from the left, `len' which means the maximum number
- * of characters we are able to read, `ret' were the value will be
- * returned and `size' where the number of used bytes is stored.
- * Either 0 or an error code is returned.
- */
-
-int
-der_get_unsigned (const unsigned char *p, size_t len,
-		  unsigned *ret, size_t *size)
-{
-    unsigned val = 0;
-    size_t oldlen = len;
-
-    if (len == sizeof(unsigned) + 1 && p[0] == 0)
-	;
-    else if (len > sizeof(unsigned))
-	return ASN1_OVERRUN;
-
-    while (len--)
-	val = val * 256 + *p++;
-    *ret = val;
-    if(size) *size = oldlen;
-    return 0;
-}
-
-int
-der_get_integer (const unsigned char *p, size_t len,
-		 int *ret, size_t *size)
-{
-    int val = 0;
-    size_t oldlen = len;
-
-    if (len > sizeof(int))
-	return ASN1_OVERRUN;
-
-    if (len > 0) {
-	val = (signed char)*p++;
-	while (--len)
-	    val = val * 256 + *p++;
-    }
-    *ret = val;
-    if(size) *size = oldlen;
-    return 0;
-}
-
-int
-der_get_length (const unsigned char *p, size_t len,
-		size_t *val, size_t *size)
-{
-    size_t v;
-
-    if (len <= 0)
-	return ASN1_OVERRUN;
-    --len;
-    v = *p++;
-    if (v < 128) {
-	*val = v;
-	if(size) *size = 1;
-    } else {
-	int e;
-	size_t l;
-	unsigned tmp;
-
-	if(v == 0x80){
-	    *val = ASN1_INDEFINITE;
-	    if(size) *size = 1;
-	    return 0;
-	}
-	v &= 0x7F;
-	if (len < v)
-	    return ASN1_OVERRUN;
-	e = der_get_unsigned (p, v, &tmp, &l);
-	if(e) return e;
-	*val = tmp;
-	if(size) *size = l + 1;
-    }
-    return 0;
-}
-
-int
-der_get_boolean(const unsigned char *p, size_t len, int *data, size_t *size)
-{
-    if(len < 1)
-	return ASN1_OVERRUN;
-    if(*p != 0)
-	*data = 1;
-    else
-	*data = 0;
-    *size = 1;
-    return 0;
-}
-
-int
-der_get_general_string (const unsigned char *p, size_t len, 
-			heim_general_string *str, size_t *size)
-{
-    const unsigned char *p1;
-    char *s;
-
-    p1 = memchr(p, 0, len);
-    if (p1 != NULL) {
-	/* 
-	 * Allow trailing NULs. We allow this since MIT Kerberos sends
-	 * an strings in the NEED_PREAUTH case that includes a
-	 * trailing NUL.
-	 */
-	while (p1 - p < len && *p1 == '\0')
-	    p1++;
-       if (p1 - p != len)
-	    return ASN1_BAD_CHARACTER;
-    }
-    if (len > len + 1)
-	return ASN1_BAD_LENGTH;
-
-    s = malloc (len + 1);
-    if (s == NULL)
-	return ENOMEM;
-    memcpy (s, p, len);
-    s[len] = '\0';
-    *str = s;
-    if(size) *size = len;
-    return 0;
-}
-
-int
-der_get_utf8string (const unsigned char *p, size_t len, 
-		    heim_utf8_string *str, size_t *size)
-{
-    return der_get_general_string(p, len, str, size);
-}
-
-int
-der_get_printable_string (const unsigned char *p, size_t len, 
-			  heim_printable_string *str, size_t *size)
-{
-    return der_get_general_string(p, len, str, size);
-}
-
-int
-der_get_ia5_string (const unsigned char *p, size_t len, 
-		    heim_ia5_string *str, size_t *size)
-{
-    return der_get_general_string(p, len, str, size);
-}
-
-int
-der_get_bmp_string (const unsigned char *p, size_t len, 
-		    heim_bmp_string *data, size_t *size)
-{
-    size_t i;
-
-    if (len & 1)
-	return ASN1_BAD_FORMAT;
-    data->length = len / 2;
-    if (data->length > UINT_MAX/sizeof(data->data[0]))
-	return ERANGE;
-    data->data = malloc(data->length * sizeof(data->data[0]));
-    if (data->data == NULL && data->length != 0)
-	return ENOMEM;
-
-    for (i = 0; i < data->length; i++) {
-	data->data[i] = (p[0] << 8) | p[1];
-	p += 2;
-    }
-    if (size) *size = len;
-
-    return 0;
-}
-
-int
-der_get_universal_string (const unsigned char *p, size_t len, 
-			  heim_universal_string *data, size_t *size)
-{
-    size_t i;
-
-    if (len & 3)
-	return ASN1_BAD_FORMAT;
-    data->length = len / 4;
-    if (data->length > UINT_MAX/sizeof(data->data[0]))
-	return ERANGE;
-    data->data = malloc(data->length * sizeof(data->data[0]));
-    if (data->data == NULL && data->length != 0)
-	return ENOMEM;
-
-    for (i = 0; i < data->length; i++) {
-	data->data[i] = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
-	p += 4;
-    }
-    if (size) *size = len;
-    return 0;
-}
-
-int
-der_get_visible_string (const unsigned char *p, size_t len, 
-			heim_visible_string *str, size_t *size)
-{
-    return der_get_general_string(p, len, str, size);
-}
-
-int
-der_get_octet_string (const unsigned char *p, size_t len, 
-		      heim_octet_string *data, size_t *size)
-{
-    data->length = len;
-    data->data = malloc(len);
-    if (data->data == NULL && data->length != 0)
-	return ENOMEM;
-    memcpy (data->data, p, len);
-    if(size) *size = len;
-    return 0;
-}
-
-int
-der_get_heim_integer (const unsigned char *p, size_t len, 
-		      heim_integer *data, size_t *size)
-{
-    data->length = 0;
-    data->negative = 0;
-    data->data = NULL;
-
-    if (len == 0) {
-	if (size)
-	    *size = 0;
-	return 0;
-    }
-    if (p[0] & 0x80) {
-	unsigned char *q;
-	int carry = 1;
-	data->negative = 1;
-
-	data->length = len;
-
-	if (p[0] == 0xff) {
-	    p++;
-	    data->length--;
-	}
-	data->data = malloc(data->length);
-	if (data->data == NULL) {
-	    data->length = 0;
-	    if (size)
-		*size = 0;
-	    return ENOMEM;
-	}
-	q = &((unsigned char*)data->data)[data->length - 1];
-	p += data->length - 1;
-	while (q >= (unsigned char*)data->data) {
-	    *q = *p ^ 0xff;
-	    if (carry)
-		carry = !++*q;
-	    p--;
-	    q--;
-	}
-    } else {
-	data->negative = 0;
-	data->length = len;
-
-	if (p[0] == 0) {
-	    p++;
-	    data->length--;
-	}
-	data->data = malloc(data->length);
-	if (data->data == NULL && data->length != 0) {
-	    data->length = 0;
-	    if (size)
-		*size = 0;
-	    return ENOMEM;
-	}
-	memcpy(data->data, p, data->length);
-    }
-    if (size)
-	*size = len;
-    return 0;
-}
-
-static int
-generalizedtime2time (const char *s, time_t *t)
-{
-    struct tm tm;
-
-    memset(&tm, 0, sizeof(tm));
-    if (sscanf (s, "%04d%02d%02d%02d%02d%02dZ",
-		&tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour,
-		&tm.tm_min, &tm.tm_sec) != 6) {
-	if (sscanf (s, "%02d%02d%02d%02d%02d%02dZ",
-		    &tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour,
-		    &tm.tm_min, &tm.tm_sec) != 6)
-	    return ASN1_BAD_TIMEFORMAT;
-	if (tm.tm_year < 50)
-	    tm.tm_year += 2000;
-	else
-	    tm.tm_year += 1900;
-    }
-    tm.tm_year -= 1900;
-    tm.tm_mon -= 1;
-    *t = _der_timegm (&tm);
-    return 0;
-}
-
-static int
-der_get_time (const unsigned char *p, size_t len, 
-	      time_t *data, size_t *size)
-{
-    char *times;
-    int e;
-
-    if (len > len + 1 || len == 0)
-	return ASN1_BAD_LENGTH;
-
-    times = malloc(len + 1);
-    if (times == NULL)
-	return ENOMEM;
-    memcpy(times, p, len);
-    times[len] = '\0';
-    e = generalizedtime2time(times, data);
-    free (times);
-    if(size) *size = len;
-    return e;
-}
-
-int
-der_get_generalized_time (const unsigned char *p, size_t len, 
-			  time_t *data, size_t *size)
-{
-    return der_get_time(p, len, data, size);
-}
-
-int
-der_get_utctime (const unsigned char *p, size_t len, 
-			  time_t *data, size_t *size)
-{
-    return der_get_time(p, len, data, size);
-}
-
-int
-der_get_oid (const unsigned char *p, size_t len,
-	     heim_oid *data, size_t *size)
-{
-    size_t n;
-    size_t oldlen = len;
-
-    if (len < 1)
-	return ASN1_OVERRUN;
-
-    if (len > len + 1)
-	return ASN1_BAD_LENGTH;
-
-    if (len + 1 > UINT_MAX/sizeof(data->components[0]))
-	return ERANGE;
-
-    data->components = malloc((len + 1) * sizeof(data->components[0]));
-    if (data->components == NULL)
-	return ENOMEM;
-    data->components[0] = (*p) / 40;
-    data->components[1] = (*p) % 40;
-    --len;
-    ++p;
-    for (n = 2; len > 0; ++n) {
-	unsigned u = 0, u1;
-	
-	do {
-	    --len;
-	    u1 = u * 128 + (*p++ % 128);
-	    /* check that we don't overflow the element */
-	    if (u1 < u) {
-		der_free_oid(data);
-		return ASN1_OVERRUN;
-	    }
-	    u = u1;
-	} while (len > 0 && p[-1] & 0x80);
-	data->components[n] = u;
-    }
-    if (n > 2 && p[-1] & 0x80) {
-	der_free_oid (data);
-	return ASN1_OVERRUN;
-    }
-    data->length = n;
-    if (size)
-	*size = oldlen;
-    return 0;
-}
-
-int
-der_get_tag (const unsigned char *p, size_t len,
-	     Der_class *class, Der_type *type,
-	     unsigned int *tag, size_t *size)
-{
-    size_t ret = 0;
-    if (len < 1)
-	return ASN1_OVERRUN;
-    *class = (Der_class)(((*p) >> 6) & 0x03);
-    *type = (Der_type)(((*p) >> 5) & 0x01);
-    *tag = (*p) & 0x1f;
-    p++; len--; ret++;
-    if(*tag == 0x1f) {
-	unsigned int continuation;
-	unsigned int tag1;
-	*tag = 0;
-	do {
-	    if(len < 1)
-		return ASN1_OVERRUN;
-	    continuation = *p & 128;
-	    tag1 = *tag * 128 + (*p % 128);
-	    /* check that we don't overflow the tag */
-	    if (tag1 < *tag)
-		return ASN1_OVERFLOW;
-	    *tag = tag1;
-	    p++; len--; ret++;
-	} while(continuation);
-    }
-    if(size) *size = ret;
-    return 0;
-}
-
-int
-der_match_tag (const unsigned char *p, size_t len,
-	       Der_class class, Der_type type,
-	       unsigned int tag, size_t *size)
-{
-    size_t l;
-    Der_class thisclass;
-    Der_type thistype;
-    unsigned int thistag;
-    int e;
-
-    e = der_get_tag (p, len, &thisclass, &thistype, &thistag, &l);
-    if (e) return e;
-    if (class != thisclass || type != thistype)
-	return ASN1_BAD_ID;
-    if(tag > thistag)
-	return ASN1_MISPLACED_FIELD;
-    if(tag < thistag)
-	return ASN1_MISSING_FIELD;
-    if(size) *size = l;
-    return 0;
-}
-
-int
-der_match_tag_and_length (const unsigned char *p, size_t len,
-			  Der_class class, Der_type type, unsigned int tag,
-			  size_t *length_ret, size_t *size)
-{
-    size_t l, ret = 0;
-    int e;
-
-    e = der_match_tag (p, len, class, type, tag, &l);
-    if (e) return e;
-    p += l;
-    len -= l;
-    ret += l;
-    e = der_get_length (p, len, length_ret, &l);
-    if (e) return e;
-    p += l;
-    len -= l;
-    ret += l;
-    if(size) *size = ret;
-    return 0;
-}
-
-/* 
- * Old versions of DCE was based on a very early beta of the MIT code,
- * which used MAVROS for ASN.1 encoding. MAVROS had the interesting
- * feature that it encoded data in the forward direction, which has
- * it's problems, since you have no idea how long the data will be
- * until after you're done. MAVROS solved this by reserving one byte
- * for length, and later, if the actual length was longer, it reverted
- * to indefinite, BER style, lengths. The version of MAVROS used by
- * the DCE people could apparently generate correct X.509 DER encodings, and
- * did this by making space for the length after encoding, but
- * unfortunately this feature wasn't used with Kerberos. 
- */
-
-int
-_heim_fix_dce(size_t reallen, size_t *len)
-{
-    if(reallen == ASN1_INDEFINITE)
-	return 1;
-    if(*len < reallen)
-	return -1;
-    *len = reallen;
-    return 0;
-}
-
-int
-der_get_bit_string (const unsigned char *p, size_t len, 
-		    heim_bit_string *data, size_t *size)
-{
-    if (len < 1)
-	return ASN1_OVERRUN;
-    if (p[0] > 7)
-	return ASN1_BAD_FORMAT;
-    if (len - 1 == 0 && p[0] != 0)
-	return ASN1_BAD_FORMAT;
-    /* check if any of the three upper bits are set
-     * any of them will cause a interger overrun */
-    if ((len - 1) >> (sizeof(len) * 8 - 3))
-	return ASN1_OVERRUN;
-    data->length = (len - 1) * 8;
-    data->data = malloc(len - 1);
-    if (data->data == NULL && (len - 1) != 0)
-	return ENOMEM;
-    memcpy (data->data, p + 1, len - 1);
-    data->length -= p[0];
-    if(size) *size = len;
-    return 0;
-}
diff --git a/crypto/heimdal/lib/asn1/der_length.c b/crypto/heimdal/lib/asn1/der_length.c
deleted file mode 100644
index a7f8f593a20e..000000000000
--- a/crypto/heimdal/lib/asn1/der_length.c
+++ /dev/null
@@ -1,232 +0,0 @@
-/*
- * Copyright (c) 1997-2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "der_locl.h"
-
-RCSID("$Id: der_length.c 19539 2006-12-28 17:15:05Z lha $");
-
-size_t
-_heim_len_unsigned (unsigned val)
-{
-    size_t ret = 0;
-    int last_val_gt_128;
-    
-    do {
-	++ret;
-	last_val_gt_128 = (val >= 128);
-	val /= 256;
-    } while (val);
-
-    if(last_val_gt_128)
-	ret++;
-
-    return ret;
-}
-
-size_t
-_heim_len_int (int val)
-{
-    unsigned char q;
-    size_t ret = 0;
-
-    if (val >= 0) {
-	do {
-	    q = val % 256;
-	    ret++;
-	    val /= 256;
-	} while(val);
-	if(q >= 128)
-	    ret++;
-    } else {
-	val = ~val;
-	do {
-	    q = ~(val % 256);
-	    ret++;
-	    val /= 256;
-	} while(val);
-	if(q < 128)
-	    ret++;
-    }
-    return ret;
-}
-
-static size_t
-len_oid (const heim_oid *oid)
-{
-    size_t ret = 1;
-    int n;
-
-    for (n = 2; n < oid->length; ++n) {
-	unsigned u = oid->components[n];
-
-	do {
-	    ++ret;
-	    u /= 128;
-	} while(u > 0);
-    }
-    return ret;
-}
-
-size_t
-der_length_len (size_t len)
-{
-    if (len < 128)
-	return 1;
-    else {
-	int ret = 0;
-	do {
-	    ++ret;
-	    len /= 256;
-	} while (len);
-	return ret + 1;
-    }
-}
-
-size_t
-der_length_integer (const int *data)
-{
-    return _heim_len_int (*data);
-}
-
-size_t
-der_length_unsigned (const unsigned *data)
-{
-    return _heim_len_unsigned(*data);
-}
-
-size_t
-der_length_enumerated (const unsigned *data)
-{
-  return _heim_len_int (*data);
-}
-
-size_t
-der_length_general_string (const heim_general_string *data)
-{
-    return strlen(*data);
-}
-
-size_t
-der_length_utf8string (const heim_utf8_string *data)
-{
-    return strlen(*data);
-}
-
-size_t
-der_length_printable_string (const heim_printable_string *data)
-{
-    return strlen(*data);
-}
-
-size_t
-der_length_ia5_string (const heim_ia5_string *data)
-{
-    return strlen(*data);
-}
-
-size_t
-der_length_bmp_string (const heim_bmp_string *data)
-{
-    return data->length * 2;
-}
-
-size_t
-der_length_universal_string (const heim_universal_string *data)
-{
-    return data->length * 4;
-}
-
-size_t
-der_length_visible_string (const heim_visible_string *data)
-{
-    return strlen(*data);
-}
-
-size_t
-der_length_octet_string (const heim_octet_string *k)
-{
-    return k->length;
-}
-
-size_t
-der_length_heim_integer (const heim_integer *k)
-{
-    if (k->length == 0)
-	return 1;
-    if (k->negative)
-	return k->length + (((~(((unsigned char *)k->data)[0])) & 0x80) ? 0 : 1);
-    else
-	return k->length + ((((unsigned char *)k->data)[0] & 0x80) ? 1 : 0);
-}
-
-size_t
-der_length_oid (const heim_oid *k)
-{
-    return len_oid (k);
-}
-
-size_t
-der_length_generalized_time (const time_t *t)
-{
-    heim_octet_string k;
-    size_t ret;
-
-    _heim_time2generalizedtime (*t, &k, 1);
-    ret = k.length;
-    free(k.data);
-    return ret;
-}
-
-size_t
-der_length_utctime (const time_t *t)
-{
-    heim_octet_string k;
-    size_t ret;
-
-    _heim_time2generalizedtime (*t, &k, 0);
-    ret = k.length;
-    free(k.data);
-    return ret;
-}
-
-size_t
-der_length_boolean (const int *k)
-{
-    return 1;
-}
-
-size_t
-der_length_bit_string (const heim_bit_string *k)
-{
-    return (k->length + 7) / 8 + 1;
-}
diff --git a/crypto/heimdal/lib/asn1/der_locl.h b/crypto/heimdal/lib/asn1/der_locl.h
deleted file mode 100644
index 5b97557d74a3..000000000000
--- a/crypto/heimdal/lib/asn1/der_locl.h
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002, 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: der_locl.h 18608 2006-10-19 16:24:02Z lha $ */
-
-#ifndef __DER_LOCL_H__
-#define __DER_LOCL_H__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <limits.h>
-#include <ctype.h>
-#include <time.h>
-#include <errno.h>
-#include <roken.h>
-
-#include <asn1-common.h>
-#include <asn1_err.h>
-#include <der.h>
-
-time_t _der_timegm (struct tm *);
-size_t _heim_len_unsigned (unsigned);
-size_t _heim_len_int (int);
-
-#endif /* __DER_LOCL_H__ */
diff --git a/crypto/heimdal/lib/asn1/der_put.c b/crypto/heimdal/lib/asn1/der_put.c
deleted file mode 100644
index 1fdbfe1305d6..000000000000
--- a/crypto/heimdal/lib/asn1/der_put.c
+++ /dev/null
@@ -1,483 +0,0 @@
-/*
- * Copyright (c) 1997-2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "der_locl.h"
-
-RCSID("$Id: der_put.c 19539 2006-12-28 17:15:05Z lha $");
-
-/*
- * All encoding functions take a pointer `p' to first position in
- * which to write, from the right, `len' which means the maximum
- * number of characters we are able to write.  The function returns
- * the number of characters written in `size' (if non-NULL).
- * The return value is 0 or an error.
- */
-
-int
-der_put_unsigned (unsigned char *p, size_t len, const unsigned *v, size_t *size)
-{
-    unsigned char *base = p;
-    unsigned val = *v;
-
-    if (val) {
-	while (len > 0 && val) {
-	    *p-- = val % 256;
-	    val /= 256;
-	    --len;
-	}
-	if (val != 0)
-	    return ASN1_OVERFLOW;
-	else {
-	    if(p[1] >= 128) {
-		if(len < 1)
-		    return ASN1_OVERFLOW;
-		*p-- = 0;
-	    }
-	    *size = base - p;
-	    return 0;
-	}
-    } else if (len < 1)
-	return ASN1_OVERFLOW;
-    else {
-	*p    = 0;
-	*size = 1;
-	return 0;
-    }
-}
-
-int
-der_put_integer (unsigned char *p, size_t len, const int *v, size_t *size)
-{
-    unsigned char *base = p;
-    int val = *v;
-
-    if(val >= 0) {
-	do {
-	    if(len < 1)
-		return ASN1_OVERFLOW;
-	    *p-- = val % 256;
-	    len--;
-	    val /= 256;
-	} while(val);
-	if(p[1] >= 128) {
-	    if(len < 1)
-		return ASN1_OVERFLOW;
-	    *p-- = 0;
-	    len--;
-	}
-    } else {
-	val = ~val;
-	do {
-	    if(len < 1)
-		return ASN1_OVERFLOW;
-	    *p-- = ~(val % 256);
-	    len--;
-	    val /= 256;
-	} while(val);
-	if(p[1] < 128) {
-	    if(len < 1)
-		return ASN1_OVERFLOW;
-	    *p-- = 0xff;
-	    len--;
-	}
-    }
-    *size = base - p;
-    return 0;
-}
-
-
-int
-der_put_length (unsigned char *p, size_t len, size_t val, size_t *size)
-{
-    if (len < 1)
-	return ASN1_OVERFLOW;
-
-    if (val < 128) {
-	*p = val;
-	*size = 1;
-    } else {
-	size_t l = 0;
-
-	while(val > 0) {
-	    if(len < 2)
-		return ASN1_OVERFLOW;
-	    *p-- = val % 256;
-	    val /= 256;
-	    len--;
-	    l++;
-	}
-	*p = 0x80 | l;
-	if(size)
-	    *size = l + 1;
-    }
-    return 0;
-}
-
-int
-der_put_boolean(unsigned char *p, size_t len, const int *data, size_t *size)
-{
-    if(len < 1)
-	return ASN1_OVERFLOW;
-    if(*data != 0)
-	*p = 0xff;
-    else
-	*p = 0;
-    *size = 1;
-    return 0;
-}
-
-int
-der_put_general_string (unsigned char *p, size_t len, 
-			const heim_general_string *str, size_t *size)
-{
-    size_t slen = strlen(*str);
-
-    if (len < slen)
-	return ASN1_OVERFLOW;
-    p -= slen;
-    len -= slen;
-    memcpy (p+1, *str, slen);
-    *size = slen;
-    return 0;
-}
-
-int
-der_put_utf8string (unsigned char *p, size_t len, 
-		    const heim_utf8_string *str, size_t *size)
-{
-    return der_put_general_string(p, len, str, size);
-}
-
-int
-der_put_printable_string (unsigned char *p, size_t len, 
-			  const heim_printable_string *str, size_t *size)
-{
-    return der_put_general_string(p, len, str, size);
-}
-
-int
-der_put_ia5_string (unsigned char *p, size_t len, 
-		    const heim_ia5_string *str, size_t *size)
-{
-    return der_put_general_string(p, len, str, size);
-}
-
-int
-der_put_bmp_string (unsigned char *p, size_t len, 
-		    const heim_bmp_string *data, size_t *size)
-{
-    size_t i;
-    if (len / 2 < data->length)
-	return ASN1_OVERFLOW;
-    p -= data->length * 2;
-    len -= data->length * 2;
-    for (i = 0; i < data->length; i++) {
-	p[1] = (data->data[i] >> 8) & 0xff;
-	p[2] = data->data[i] & 0xff;
-	p += 2;
-    }
-    if (size) *size = data->length * 2;
-    return 0;
-}
-
-int
-der_put_universal_string (unsigned char *p, size_t len, 
-			  const heim_universal_string *data, size_t *size)
-{
-    size_t i;
-    if (len / 4 < data->length)
-	return ASN1_OVERFLOW;
-    p -= data->length * 4;
-    len -= data->length * 4;
-    for (i = 0; i < data->length; i++) {
-	p[1] = (data->data[i] >> 24) & 0xff;
-	p[2] = (data->data[i] >> 16) & 0xff;
-	p[3] = (data->data[i] >> 8) & 0xff;
-	p[4] = data->data[i] & 0xff;
-	p += 4;
-    }
-    if (size) *size = data->length * 4;
-    return 0;
-}
-
-int
-der_put_visible_string (unsigned char *p, size_t len, 
-			 const heim_visible_string *str, size_t *size)
-{
-    return der_put_general_string(p, len, str, size);
-}
-
-int
-der_put_octet_string (unsigned char *p, size_t len, 
-		      const heim_octet_string *data, size_t *size)
-{
-    if (len < data->length)
-	return ASN1_OVERFLOW;
-    p -= data->length;
-    len -= data->length;
-    memcpy (p+1, data->data, data->length);
-    *size = data->length;
-    return 0;
-}
-
-int
-der_put_heim_integer (unsigned char *p, size_t len, 
-		     const heim_integer *data, size_t *size)
-{
-    unsigned char *buf = data->data;
-    int hibitset = 0;
-
-    if (data->length == 0) {
-	if (len < 1)
-	    return ASN1_OVERFLOW;
-	*p-- = 0;
-	if (size)
-	    *size = 1;
-	return 0;
-    }
-    if (len < data->length)
-	return ASN1_OVERFLOW;
-
-    len -= data->length;
-
-    if (data->negative) {
-	int i, carry;
-	for (i = data->length - 1, carry = 1; i >= 0; i--) {
-	    *p = buf[i] ^ 0xff;
-	    if (carry)
-		carry = !++*p;
-	    p--;
-	}
-	if (p[1] < 128) {
-	    if (len < 1)
-		return ASN1_OVERFLOW;
-	    *p-- = 0xff;
-	    len--;
-	    hibitset = 1;
-	}
-    } else {
-	p -= data->length;
-	memcpy(p + 1, buf, data->length);
-
-	if (p[1] >= 128) {
-	    if (len < 1)
-		return ASN1_OVERFLOW;
-	    p[0] = 0;
-	    len--;
-	    hibitset = 1;
-	}
-    }
-    if (size)
-	*size = data->length + hibitset;
-    return 0;
-}
-
-int
-der_put_generalized_time (unsigned char *p, size_t len, 
-			  const time_t *data, size_t *size)
-{
-    heim_octet_string k;
-    size_t l;
-    int e;
-
-    e = _heim_time2generalizedtime (*data, &k, 1);
-    if (e)
-	return e;
-    e = der_put_octet_string(p, len, &k, &l);
-    free(k.data);
-    if(e)
-	return e;
-    if(size)
-	*size = l;
-    return 0;
-}
-
-int
-der_put_utctime (unsigned char *p, size_t len, 
-		 const time_t *data, size_t *size)
-{
-    heim_octet_string k;
-    size_t l;
-    int e;
-
-    e = _heim_time2generalizedtime (*data, &k, 0);
-    if (e)
-	return e;
-    e = der_put_octet_string(p, len, &k, &l);
-    free(k.data);
-    if(e)
-	return e;
-    if(size)
-	*size = l;
-    return 0;
-}
-
-int
-der_put_oid (unsigned char *p, size_t len,
-	     const heim_oid *data, size_t *size)
-{
-    unsigned char *base = p;
-    int n;
-
-    for (n = data->length - 1; n >= 2; --n) {
-	unsigned u = data->components[n];
-
-	if (len < 1)
-	    return ASN1_OVERFLOW;
-	*p-- = u % 128;
-	u /= 128;
-	--len;
-	while (u > 0) {
-	    if (len < 1)
-		return ASN1_OVERFLOW;
-	    *p-- = 128 + u % 128;
-	    u /= 128;
-	    --len;
-	}
-    }
-    if (len < 1)
-	return ASN1_OVERFLOW;
-    *p-- = 40 * data->components[0] + data->components[1];
-    *size = base - p;
-    return 0;
-}
-
-int
-der_put_tag (unsigned char *p, size_t len, Der_class class, Der_type type,
-	     unsigned int tag, size_t *size)
-{
-    if (tag <= 30) {
-	if (len < 1)
-	    return ASN1_OVERFLOW;
-	*p = MAKE_TAG(class, type, tag);
-	*size = 1;
-    } else {
-	size_t ret = 0;
-	unsigned int continuation = 0;
-	
-	do {
-	    if (len < 1)
-		return ASN1_OVERFLOW;
-	    *p-- = tag % 128 | continuation;
-	    len--;
-	    ret++;
-	    tag /= 128;
-	    continuation = 0x80;
-	} while(tag > 0);
-	if (len < 1)
-	    return ASN1_OVERFLOW;
-	*p-- = MAKE_TAG(class, type, 0x1f);
-	ret++;
-	*size = ret;
-    }
-    return 0;
-}
-
-int
-der_put_length_and_tag (unsigned char *p, size_t len, size_t len_val,
-			Der_class class, Der_type type, 
-			unsigned int tag, size_t *size)
-{
-    size_t ret = 0;
-    size_t l;
-    int e;
-
-    e = der_put_length (p, len, len_val, &l);
-    if(e)
-	return e;
-    p -= l;
-    len -= l;
-    ret += l;
-    e = der_put_tag (p, len, class, type, tag, &l);
-    if(e)
-	return e;
-    p -= l;
-    len -= l;
-    ret += l;
-    *size = ret;
-    return 0;
-}
-
-int
-_heim_time2generalizedtime (time_t t, heim_octet_string *s, int gtimep)
-{
-     struct tm *tm;
-     const size_t len = gtimep ? 15 : 13;
-
-     s->data = malloc(len + 1);
-     if (s->data == NULL)
-	 return ENOMEM;
-     s->length = len;
-     tm = gmtime (&t);
-     if (gtimep)
-	 snprintf (s->data, len + 1, "%04d%02d%02d%02d%02d%02dZ", 
-		   tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, 
-		   tm->tm_hour, tm->tm_min, tm->tm_sec);
-     else
-	 snprintf (s->data, len + 1, "%02d%02d%02d%02d%02d%02dZ", 
-		   tm->tm_year % 100, tm->tm_mon + 1, tm->tm_mday, 
-		   tm->tm_hour, tm->tm_min, tm->tm_sec);
-
-     return 0;
-}
-
-int
-der_put_bit_string (unsigned char *p, size_t len, 
-		    const heim_bit_string *data, size_t *size)
-{
-    size_t data_size = (data->length + 7) / 8;
-    if (len < data_size + 1)
-	return ASN1_OVERFLOW;
-    p -= data_size + 1;
-    len -= data_size + 1;
-    memcpy (p+2, data->data, data_size);
-    if (data->length && (data->length % 8) != 0)
-	p[1] = 8 - (data->length % 8);
-    else
-	p[1] = 0;
-    *size = data_size + 1;
-    return 0;
-}
-
-int 
-_heim_der_set_sort(const void *a1, const void *a2)
-{
-    const struct heim_octet_string *s1 = a1, *s2 = a2;
-    int ret;
-
-    ret = memcmp(s1->data, s2->data, 
-		 s1->length < s2->length ? s1->length : s2->length);
-    if(ret)
-	return ret;
-    return s1->length - s2->length;
-}
diff --git a/crypto/heimdal/lib/asn1/digest.asn1 b/crypto/heimdal/lib/asn1/digest.asn1
deleted file mode 100644
index eafe48ea5aee..000000000000
--- a/crypto/heimdal/lib/asn1/digest.asn1
+++ /dev/null
@@ -1,164 +0,0 @@
--- $Id: digest.asn1 22152 2007-12-04 19:59:18Z lha $
-
-DIGEST DEFINITIONS ::=
-BEGIN
-
-IMPORTS EncryptedData, Principal FROM krb5;
-
-DigestTypes ::= BIT STRING {
-	ntlm-v1(0),
-	ntlm-v1-session(1),
-	ntlm-v2(2),
-	digest-md5(3),
-	chap-md5(4),
-	ms-chap-v2(5)
-}
-
-DigestInit ::= SEQUENCE {
-    type		UTF8String, -- http, sasl, chap, cram-md5 --
-    channel		[0] SEQUENCE {
-    	cb-type		UTF8String,
-    	cb-binding	UTF8String
-    } OPTIONAL,
-    hostname		[1] UTF8String OPTIONAL -- for chap/cram-md5
-}
-
-DigestInitReply ::= SEQUENCE {
-    nonce		UTF8String,	-- service nonce/challange
-    opaque		UTF8String,	-- server state
-    identifier		[0] UTF8String OPTIONAL
-}
-
-
-DigestRequest ::= SEQUENCE  {
-    type		UTF8String, -- http, sasl-md5, chap, cram-md5 --
-    digest		UTF8String, -- http:md5/md5-sess sasl:clear/int/conf --
-    username		UTF8String, -- username user used
-    responseData	UTF8String, -- client response
-    authid		[0] UTF8String OPTIONAL,
-    authentication-user	[1] Principal OPTIONAL, -- principal to get key from
-    realm		[2] UTF8String OPTIONAL,
-    method		[3] UTF8String OPTIONAL,
-    uri			[4] UTF8String OPTIONAL,
-    serverNonce		UTF8String, -- same as "DigestInitReply.nonce"
-    clientNonce		[5] UTF8String OPTIONAL,
-    nonceCount		[6] UTF8String OPTIONAL,
-    qop			[7] UTF8String OPTIONAL,
-    identifier		[8] UTF8String OPTIONAL,
-    hostname		[9] UTF8String OPTIONAL,
-    opaque		UTF8String -- same as "DigestInitReply.opaque"
-}
--- opaque = hex(cksum(type|serverNonce|identifier|hostname,digest-key))
--- serverNonce = hex(time[4bytes]random[12bytes])(-cbType:cbBinding)
-
-
-DigestError ::= SEQUENCE {
-    reason		UTF8String,
-    code		INTEGER (-2147483648..2147483647)
-}
-
-DigestResponse ::= SEQUENCE  {
-    success		BOOLEAN,
-    rsp			[0] UTF8String OPTIONAL,
-    tickets		[1] SEQUENCE OF OCTET STRING OPTIONAL,
-    channel		[2] SEQUENCE {
-    	cb-type		UTF8String,
-    	cb-binding	UTF8String
-    } OPTIONAL,
-    session-key		[3] OCTET STRING OPTIONAL
-}
-
-NTLMInit ::= SEQUENCE {
-    flags		[0] INTEGER (0..4294967295),
-    hostname		[1] UTF8String OPTIONAL,
-    domain		[1] UTF8String OPTIONAL
-}
-
-NTLMInitReply ::= SEQUENCE {
-    flags		[0] INTEGER (0..4294967295),
-    opaque		[1] OCTET STRING,
-    targetname		[2] UTF8String,
-    challange		[3] OCTET STRING,
-    targetinfo		[4] OCTET STRING OPTIONAL
-}
-
-NTLMRequest ::= SEQUENCE {
-    flags		[0] INTEGER (0..4294967295),
-    opaque		[1] OCTET STRING,
-    username		[2] UTF8String,
-    targetname		[3] UTF8String,
-    targetinfo		[4] OCTET STRING OPTIONAL,
-    lm			[5] OCTET STRING,
-    ntlm		[6] OCTET STRING,
-    sessionkey		[7] OCTET STRING OPTIONAL
-}
-
-NTLMResponse ::= SEQUENCE {
-    success		[0] BOOLEAN,
-    flags		[1] INTEGER (0..4294967295),
-    sessionkey		[2] OCTET STRING OPTIONAL,
-    tickets		[3] SEQUENCE OF OCTET STRING OPTIONAL
-}
-
-DigestReqInner ::= CHOICE {
-    init		[0] DigestInit,
-    digestRequest	[1] DigestRequest,
-    ntlmInit		[2] NTLMInit,
-    ntlmRequest		[3] NTLMRequest,
-    supportedMechs	[4] NULL
-}
-
-DigestREQ ::= [APPLICATION 128] SEQUENCE {
-    apReq		[0] OCTET STRING,
-    innerReq		[1] EncryptedData
-}
-
-DigestRepInner ::= CHOICE {
-    error		[0] DigestError,
-    initReply		[1] DigestInitReply,
-    response		[2] DigestResponse,
-    ntlmInitReply	[3] NTLMInitReply,
-    ntlmResponse	[4] NTLMResponse,
-    supportedMechs	[5] DigestTypes,
-    ...
-}
-
-DigestREP ::= [APPLICATION 129] SEQUENCE {
-    apRep		[0] OCTET STRING,
-    innerRep		[1] EncryptedData
-}
-
-
--- HTTP
-
--- md5
--- A1 = unq(username-value) ":" unq(realm-value) ":" passwd
--- md5-sess
--- A1 = HEX(H(unq(username-value) ":" unq(realm-value) ":" passwd ) ":" unq(nonce-value) ":" unq(cnonce-value))
-
--- qop == auth
--- A2 = Method ":" digest-uri-value
--- qop == auth-int
--- A2 = Method ":" digest-uri-value ":" H(entity-body) 
-
--- request-digest  = HEX(KD(HEX(H(A1)),
---    unq(nonce-value) ":" nc-value ":" unq(cnonce-value) ":" unq(qop-value) ":" HEX(H(A2))))
--- no "qop"
--- request-digest  = HEX(KD(HEX(H(A1)), unq(nonce-value) ":" HEX(H(A2))))
-
-
--- SASL:
--- SS = H( { unq(username-value), ":", unq(realm-value), ":", password } )
--- A1 = { SS, ":", unq(nonce-value), ":", unq(cnonce-value) }
--- A1 = { SS, ":", unq(nonce-value), ":", unq(cnonce-value), ":", unq(authzid-value) }
-
--- A2 = "AUTHENTICATE:", ":", digest-uri-value
--- qop == auth-int,auth-conf
--- A2 = "AUTHENTICATE:", ":", digest-uri-value, ":00000000000000000000000000000000"
-
--- response-value = HEX( KD ( HEX(H(A1)),
---                 { unq(nonce-value), ":" nc-value, ":",
---                   unq(cnonce-value), ":", qop-value, ":",
---                   HEX(H(A2)) }))
-
-END
diff --git a/crypto/heimdal/lib/asn1/extra.c b/crypto/heimdal/lib/asn1/extra.c
deleted file mode 100644
index e29a43787851..000000000000
--- a/crypto/heimdal/lib/asn1/extra.c
+++ /dev/null
@@ -1,155 +0,0 @@
-/*
- * Copyright (c) 2003 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "der_locl.h"
-#include "heim_asn1.h"
-
-RCSID("$Id: extra.c 16672 2006-01-31 09:44:54Z lha $");
-
-int
-encode_heim_any(unsigned char *p, size_t len, 
-		const heim_any *data, size_t *size)
-{
-    if (data->length > len)
-	return ASN1_OVERFLOW;
-    p -= data->length;
-    len -= data->length;
-    memcpy (p+1, data->data, data->length);
-    *size = data->length;
-    return 0;
-}
-
-int
-decode_heim_any(const unsigned char *p, size_t len, 
-		heim_any *data, size_t *size)
-{
-    size_t len_len, length, l;
-    Der_class thisclass;
-    Der_type thistype;
-    unsigned int thistag;
-    int e;
-
-    memset(data, 0, sizeof(*data));
-
-    e = der_get_tag (p, len, &thisclass, &thistype, &thistag, &l);
-    if (e) return e;
-    if (l > len)
-	return ASN1_OVERFLOW;
-    e = der_get_length(p + l, len - l, &length, &len_len);
-    if (e) return e;
-    if (length + len_len + l > len)
-	return ASN1_OVERFLOW;
-
-    data->data = malloc(length + len_len + l);
-    if (data->data == NULL)
-	return ENOMEM;
-    data->length = length + len_len + l;
-    memcpy(data->data, p, length + len_len + l);
-
-    if (size)
-	*size = length + len_len + l;
-
-    return 0;
-}
-
-void
-free_heim_any(heim_any *data)
-{
-    free(data->data);
-    data->data = NULL;
-}
-
-size_t
-length_heim_any(const heim_any *data)
-{
-    return data->length;
-}
-
-int
-copy_heim_any(const heim_any *from, heim_any *to)
-{
-    to->data = malloc(from->length);
-    if (to->data == NULL && from->length != 0)
-	return ENOMEM;
-    memcpy(to->data, from->data, from->length);
-    to->length = from->length;
-    return 0;
-}
-
-int
-encode_heim_any_set(unsigned char *p, size_t len, 
-		    const heim_any_set *data, size_t *size)
-{
-    return encode_heim_any(p, len, data, size);
-}
-
-
-int
-decode_heim_any_set(const unsigned char *p, size_t len, 
-		heim_any_set *data, size_t *size)
-{
-    memset(data, 0, sizeof(*data));
-    data->data = malloc(len);
-    if (data->data == NULL && len != 0)
-	return ENOMEM;
-    data->length = len;
-    memcpy(data->data, p, len);
-    if (size) *size = len;
-    return 0;
-}
-
-void
-free_heim_any_set(heim_any_set *data)
-{
-    free_heim_any(data);
-}
-
-size_t
-length_heim_any_set(const heim_any *data)
-{
-    return length_heim_any(data);
-}
-
-int
-copy_heim_any_set(const heim_any_set *from, heim_any_set *to)
-{
-    return copy_heim_any(from, to);
-}
-
-int
-heim_any_cmp(const heim_any_set *p, const heim_any_set *q)
-{
-    if (p->length != q->length)
-	return p->length - q->length;
-    return memcmp(p->data, q->data, p->length);
-}
diff --git a/crypto/heimdal/lib/asn1/gen.c b/crypto/heimdal/lib/asn1/gen.c
deleted file mode 100644
index 499f8eab363b..000000000000
--- a/crypto/heimdal/lib/asn1/gen.c
+++ /dev/null
@@ -1,797 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gen_locl.h"
-
-RCSID("$Id: gen.c 22429 2008-01-13 10:25:50Z lha $");
-
-FILE *headerfile, *codefile, *logfile;
-
-#define STEM "asn1"
-
-static const char *orig_filename;
-static char *header;
-static const char *headerbase = STEM;
-
-/*
- * list of all IMPORTs
- */
-
-struct import {
-    const char *module;
-    struct import *next;
-};
-
-static struct import *imports = NULL;
-
-void
-add_import (const char *module)
-{
-    struct import *tmp = emalloc (sizeof(*tmp));
-
-    tmp->module = module;
-    tmp->next   = imports;
-    imports     = tmp;
-
-    fprintf (headerfile, "#include <%s_asn1.h>\n", module);
-}
-
-const char *
-get_filename (void)
-{
-    return orig_filename;
-}
-
-void
-init_generate (const char *filename, const char *base)
-{
-    char *fn;
-
-    orig_filename = filename;
-    if (base != NULL) {
-	headerbase = strdup(base);
-	if (headerbase == NULL)
-	    errx(1, "strdup");
-    }
-    asprintf(&header, "%s.h", headerbase);
-    if (header == NULL)
-	errx(1, "malloc");
-    headerfile = fopen (header, "w");
-    if (headerfile == NULL)
-	err (1, "open %s", header);
-    fprintf (headerfile,
-	     "/* Generated from %s */\n"
-	     "/* Do not edit */\n\n",
-	     filename);
-    fprintf (headerfile, 
-	     "#ifndef __%s_h__\n"
-	     "#define __%s_h__\n\n", headerbase, headerbase);
-    fprintf (headerfile, 
-	     "#include <stddef.h>\n"
-	     "#include <time.h>\n\n");
-    fprintf (headerfile,
-	     "#ifndef __asn1_common_definitions__\n"
-	     "#define __asn1_common_definitions__\n\n");
-    fprintf (headerfile,
-	     "typedef struct heim_integer {\n"
-	     "  size_t length;\n"
-	     "  void *data;\n"
-	     "  int negative;\n"
-	     "} heim_integer;\n\n");
-    fprintf (headerfile,
-	     "typedef struct heim_octet_string {\n"
-	     "  size_t length;\n"
-	     "  void *data;\n"
-	     "} heim_octet_string;\n\n");
-    fprintf (headerfile,
-	     "typedef char *heim_general_string;\n\n"
-	     );
-    fprintf (headerfile,
-	     "typedef char *heim_utf8_string;\n\n"
-	     );
-    fprintf (headerfile,
-	     "typedef char *heim_printable_string;\n\n"
-	     );
-    fprintf (headerfile,
-	     "typedef char *heim_ia5_string;\n\n"
-	     );
-    fprintf (headerfile,
-	     "typedef struct heim_bmp_string {\n"
-	     "  size_t length;\n"
-	     "  uint16_t *data;\n"
-	     "} heim_bmp_string;\n\n");
-    fprintf (headerfile,
-	     "typedef struct heim_universal_string {\n"
-	     "  size_t length;\n"
-	     "  uint32_t *data;\n"
-	     "} heim_universal_string;\n\n");
-    fprintf (headerfile,
-	     "typedef char *heim_visible_string;\n\n"
-	     );
-    fprintf (headerfile,
-	     "typedef struct heim_oid {\n"
-	     "  size_t length;\n"
-	     "  unsigned *components;\n"
-	     "} heim_oid;\n\n");
-    fprintf (headerfile,
-	     "typedef struct heim_bit_string {\n"
-	     "  size_t length;\n"
-	     "  void *data;\n"
-	     "} heim_bit_string;\n\n");
-    fprintf (headerfile,
-	     "typedef struct heim_octet_string heim_any;\n"
-	     "typedef struct heim_octet_string heim_any_set;\n\n");
-    fputs("#define ASN1_MALLOC_ENCODE(T, B, BL, S, L, R)                  \\\n"
-	  "  do {                                                         \\\n"
-	  "    (BL) = length_##T((S));                                    \\\n"
-	  "    (B) = malloc((BL));                                        \\\n"
-	  "    if((B) == NULL) {                                          \\\n"
-	  "      (R) = ENOMEM;                                            \\\n"
-	  "    } else {                                                   \\\n"
-	  "      (R) = encode_##T(((unsigned char*)(B)) + (BL) - 1, (BL), \\\n"
-	  "                       (S), (L));                              \\\n"
-	  "      if((R) != 0) {                                           \\\n"
-	  "        free((B));                                             \\\n"
-	  "        (B) = NULL;                                            \\\n"
-	  "      }                                                        \\\n"
-	  "    }                                                          \\\n"
-	  "  } while (0)\n\n",
-	  headerfile);
-    fprintf (headerfile, "struct units;\n\n");
-    fprintf (headerfile, "#endif\n\n");
-    asprintf(&fn, "%s_files", base);
-    if (fn == NULL)
-	errx(1, "malloc");
-    logfile = fopen(fn, "w");
-    if (logfile == NULL)
-	err (1, "open %s", fn);
-}
-
-void
-close_generate (void)
-{
-    fprintf (headerfile, "#endif /* __%s_h__ */\n", headerbase);
-
-    fclose (headerfile);
-    fprintf (logfile, "\n");
-    fclose (logfile);
-}
-
-void
-gen_assign_defval(const char *var, struct value *val)
-{
-    switch(val->type) {
-    case stringvalue:
-	fprintf(codefile, "if((%s = strdup(\"%s\")) == NULL)\nreturn ENOMEM;\n", var, val->u.stringvalue);
-	break;
-    case integervalue:
-	fprintf(codefile, "%s = %d;\n", var, val->u.integervalue);
-	break;
-    case booleanvalue:
-	if(val->u.booleanvalue)
-	    fprintf(codefile, "%s = TRUE;\n", var);
-	else
-	    fprintf(codefile, "%s = FALSE;\n", var);
-	break;
-    default:
-	abort();
-    }
-}
-
-void
-gen_compare_defval(const char *var, struct value *val)
-{
-    switch(val->type) {
-    case stringvalue:
-	fprintf(codefile, "if(strcmp(%s, \"%s\") != 0)\n", var, val->u.stringvalue);
-	break;
-    case integervalue:
-	fprintf(codefile, "if(%s != %d)\n", var, val->u.integervalue);
-	break;
-    case booleanvalue:
-	if(val->u.booleanvalue)
-	    fprintf(codefile, "if(!%s)\n", var);
-	else
-	    fprintf(codefile, "if(%s)\n", var);
-	break;
-    default:
-	abort();
-    }
-}
-
-static void
-generate_header_of_codefile(const char *name)
-{
-    char *filename;
-
-    if (codefile != NULL)
-	abort();
-
-    asprintf (&filename, "%s_%s.x", STEM, name);
-    if (filename == NULL)
-	errx(1, "malloc");
-    codefile = fopen (filename, "w");
-    if (codefile == NULL)
-	err (1, "fopen %s", filename);
-    fprintf(logfile, "%s ", filename);
-    free(filename);
-    fprintf (codefile, 
-	     "/* Generated from %s */\n"
-	     "/* Do not edit */\n\n"
-	     "#include <stdio.h>\n"
-	     "#include <stdlib.h>\n"
-	     "#include <time.h>\n"
-	     "#include <string.h>\n"
-	     "#include <errno.h>\n"
-	     "#include <limits.h>\n"
-	     "#include <krb5-types.h>\n",
-	     orig_filename);
-
-    fprintf (codefile,
-	     "#include <%s.h>\n",
-	     headerbase);
-    fprintf (codefile,
-	     "#include <asn1_err.h>\n"
-	     "#include <der.h>\n"
-	     "#include <parse_units.h>\n\n");
-
-}
-
-static void
-close_codefile(void)
-{
-    if (codefile == NULL)
-	abort();
-
-    fclose(codefile);
-    codefile = NULL;
-}
-
-
-void
-generate_constant (const Symbol *s)
-{
-    switch(s->value->type) {
-    case booleanvalue:
-	break;
-    case integervalue:
-	fprintf (headerfile, "enum { %s = %d };\n\n",
-		 s->gen_name, s->value->u.integervalue);
-	break;
-    case nullvalue:
-	break;
-    case stringvalue:
-	break;
-    case objectidentifiervalue: {
-	struct objid *o, **list;
-	int i, len;
-
-	generate_header_of_codefile(s->gen_name);
-
-	len = 0;
-	for (o = s->value->u.objectidentifiervalue; o != NULL; o = o->next)
-	    len++;
-	list = emalloc(sizeof(*list) * len);
-
-	i = 0;
-	for (o = s->value->u.objectidentifiervalue; o != NULL; o = o->next)
-	    list[i++] = o;
-
-	fprintf (headerfile, "/* OBJECT IDENTIFIER %s ::= { ", s->name);
-	for (i = len - 1 ; i >= 0; i--) {
-	    o = list[i];
-	    fprintf(headerfile, "%s(%d) ",
-		    o->label ? o->label : "label-less", o->value);
-	}
-
-	fprintf (headerfile, "} */\n");
-	fprintf (headerfile, "const heim_oid *oid_%s(void);\n\n",
-		 s->gen_name);
-
-	fprintf (codefile, "static unsigned oid_%s_variable_num[%d] =  {",
-		 s->gen_name, len);
-	for (i = len - 1 ; i >= 0; i--) {
-	    fprintf(codefile, "%d%s ", list[i]->value, i > 0 ? "," : "");
-	}
-	fprintf(codefile, "};\n");
-
-	fprintf (codefile, "static const heim_oid oid_%s_variable = "
-		 "{ %d, oid_%s_variable_num };\n\n", 
-		 s->gen_name, len, s->gen_name);
-
-	fprintf (codefile, "const heim_oid *oid_%s(void)\n"
-		 "{\n"
-		 "return &oid_%s_variable;\n"
-		 "}\n\n",
-		 s->gen_name, s->gen_name);
-
-	close_codefile();
-
-	break;
-    }
-    default:
-	abort();
-    }
-}
-
-static void
-space(int level)
-{
-    while(level-- > 0)
-	fprintf(headerfile, "  ");
-}
-
-static const char *
-last_member_p(struct member *m)
-{
-    struct member *n = ASN1_TAILQ_NEXT(m, members);
-    if (n == NULL)
-	return "";
-    if (n->ellipsis && ASN1_TAILQ_NEXT(n, members) == NULL)
-	return "";
-    return ",";
-}
-
-static struct member *
-have_ellipsis(Type *t)
-{
-    struct member *m;
-    ASN1_TAILQ_FOREACH(m, t->members, members) {
-	if (m->ellipsis)
-	    return m;
-    }
-    return NULL;
-}
-
-static void
-define_asn1 (int level, Type *t)
-{
-    switch (t->type) {
-    case TType:
-	fprintf (headerfile, "%s", t->symbol->name);
-	break;
-    case TInteger:
-	if(t->members == NULL) {
-            fprintf (headerfile, "INTEGER");
-	    if (t->range)
-		fprintf (headerfile, " (%d..%d)",
-			 t->range->min, t->range->max);
-        } else {
-	    Member *m;
-            fprintf (headerfile, "INTEGER {\n");
-	    ASN1_TAILQ_FOREACH(m, t->members, members) {
-                space (level + 1);
-		fprintf(headerfile, "%s(%d)%s\n", m->gen_name, m->val, 
-			last_member_p(m));
-            }
-	    space(level);
-            fprintf (headerfile, "}");
-        }
-	break;
-    case TBoolean:
-	fprintf (headerfile, "BOOLEAN");
-	break;
-    case TOctetString:
-	fprintf (headerfile, "OCTET STRING");
-	break;
-    case TEnumerated :
-    case TBitString: {
-	Member *m;
-
-	space(level);
-	if(t->type == TBitString)
-	    fprintf (headerfile, "BIT STRING {\n");
-	else
-	    fprintf (headerfile, "ENUMERATED {\n");
-	ASN1_TAILQ_FOREACH(m, t->members, members) {
-	    space(level + 1);
-	    fprintf (headerfile, "%s(%d)%s\n", m->name, m->val, 
-		     last_member_p(m));
-	}
-	space(level);
-	fprintf (headerfile, "}");
-	break;
-    }
-    case TChoice:
-    case TSet:
-    case TSequence: {
-	Member *m;
-	int max_width = 0;
-
-	if(t->type == TChoice)
-	    fprintf(headerfile, "CHOICE {\n");
-	else if(t->type == TSet)
-	    fprintf(headerfile, "SET {\n");
-	else
-	    fprintf(headerfile, "SEQUENCE {\n");
-	ASN1_TAILQ_FOREACH(m, t->members, members) {
-	    if(strlen(m->name) > max_width)
-		max_width = strlen(m->name);
-	}
-	max_width += 3;
-	if(max_width < 16) max_width = 16;
-	ASN1_TAILQ_FOREACH(m, t->members, members) {
-	    int width = max_width;
-	    space(level + 1);
-	    if (m->ellipsis) {
-		fprintf (headerfile, "...");
-	    } else {
-		width -= fprintf(headerfile, "%s", m->name);
-		fprintf(headerfile, "%*s", width, "");
-		define_asn1(level + 1, m->type);
-		if(m->optional)
-		    fprintf(headerfile, " OPTIONAL");
-	    }
-	    if(last_member_p(m))
-		fprintf (headerfile, ",");
-	    fprintf (headerfile, "\n");
-	}
-	space(level);
-	fprintf (headerfile, "}");
-	break;
-    }
-    case TSequenceOf:
-	fprintf (headerfile, "SEQUENCE OF ");
-	define_asn1 (0, t->subtype);
-	break;
-    case TSetOf:
-	fprintf (headerfile, "SET OF ");
-	define_asn1 (0, t->subtype);
-	break;
-    case TGeneralizedTime:
-	fprintf (headerfile, "GeneralizedTime");
-	break;
-    case TGeneralString:
-	fprintf (headerfile, "GeneralString");
-	break;
-    case TTag: {
-	const char *classnames[] = { "UNIVERSAL ", "APPLICATION ", 
-				     "" /* CONTEXT */, "PRIVATE " };
-	if(t->tag.tagclass != ASN1_C_UNIV)
-	    fprintf (headerfile, "[%s%d] ", 
-		     classnames[t->tag.tagclass],
-		     t->tag.tagvalue);
-	if(t->tag.tagenv == TE_IMPLICIT)
-	    fprintf (headerfile, "IMPLICIT ");
-	define_asn1 (level, t->subtype);
-	break;
-    }
-    case TUTCTime:
-	fprintf (headerfile, "UTCTime");
-	break;
-    case TUTF8String:
-	space(level);
-	fprintf (headerfile, "UTF8String");
-	break;
-    case TPrintableString:
-	space(level);
-	fprintf (headerfile, "PrintableString");
-	break;
-    case TIA5String:
-	space(level);
-	fprintf (headerfile, "IA5String");
-	break;
-    case TBMPString:
-	space(level);
-	fprintf (headerfile, "BMPString");
-	break;
-    case TUniversalString:
-	space(level);
-	fprintf (headerfile, "UniversalString");
-	break;
-    case TVisibleString:
-	space(level);
-	fprintf (headerfile, "VisibleString");
-	break;
-    case TOID :
-	space(level);
-	fprintf(headerfile, "OBJECT IDENTIFIER");
-	break;
-    case TNull:
-	space(level);
-	fprintf (headerfile, "NULL");
-	break;
-    default:
-	abort ();
-    }
-}
-
-static void
-define_type (int level, const char *name, Type *t, int typedefp, int preservep)
-{
-    switch (t->type) {
-    case TType:
-	space(level);
-	fprintf (headerfile, "%s %s;\n", t->symbol->gen_name, name);
-	break;
-    case TInteger:
-	space(level);
-	if(t->members) {
-            Member *m;
-            fprintf (headerfile, "enum %s {\n", typedefp ? name : "");
-	    ASN1_TAILQ_FOREACH(m, t->members, members) {
-                space (level + 1);
-                fprintf(headerfile, "%s = %d%s\n", m->gen_name, m->val, 
-                        last_member_p(m));
-            }
-            fprintf (headerfile, "} %s;\n", name);
-	} else if (t->range == NULL) {
-	    fprintf (headerfile, "heim_integer %s;\n", name);
-	} else if (t->range->min == INT_MIN && t->range->max == INT_MAX) {
-	    fprintf (headerfile, "int %s;\n", name);
-	} else if (t->range->min == 0 && t->range->max == UINT_MAX) {
-	    fprintf (headerfile, "unsigned int %s;\n", name);
-	} else if (t->range->min == 0 && t->range->max == INT_MAX) {
-	    fprintf (headerfile, "unsigned int %s;\n", name);
-	} else
-	    errx(1, "%s: unsupported range %d -> %d", 
-		 name, t->range->min, t->range->max);
-	break;
-    case TBoolean:
-	space(level);
-	fprintf (headerfile, "int %s;\n", name);
-	break;
-    case TOctetString:
-	space(level);
-	fprintf (headerfile, "heim_octet_string %s;\n", name);
-	break;
-    case TBitString: {
-	Member *m;
-	Type i;
-	struct range range = { 0, INT_MAX };
-
-	i.type = TInteger;
-	i.range = &range;
-	i.members = NULL;
-	i.constraint = NULL;
-
-	space(level);
-	if(ASN1_TAILQ_EMPTY(t->members)) 
-	    fprintf (headerfile, "heim_bit_string %s;\n", name);
-	else {
-	    fprintf (headerfile, "struct %s {\n", typedefp ? name : "");
-	    ASN1_TAILQ_FOREACH(m, t->members, members) {
-		char *n;
-		
-		asprintf (&n, "%s:1", m->gen_name);
-		if (n == NULL)
-		    errx(1, "malloc");
-		define_type (level + 1, n, &i, FALSE, FALSE);
-		free (n);
-	    }
-	    space(level);
-	    fprintf (headerfile, "} %s;\n\n", name);
-	}
-	break;
-    }
-    case TEnumerated: {
-	Member *m;
-
-	space(level);
-	fprintf (headerfile, "enum %s {\n", typedefp ? name : "");
-	ASN1_TAILQ_FOREACH(m, t->members, members) {
-	    space(level + 1);
-	    if (m->ellipsis)
-		fprintf (headerfile, "/* ... */\n");
-	    else
-		fprintf (headerfile, "%s = %d%s\n", m->gen_name, m->val,
-			 last_member_p(m));
-	}
-	space(level);
-	fprintf (headerfile, "} %s;\n\n", name);
-	break;
-    }
-    case TSet:
-    case TSequence: {
-	Member *m;
-
-	space(level);
-	fprintf (headerfile, "struct %s {\n", typedefp ? name : "");
-	if (t->type == TSequence && preservep) {
-	    space(level + 1);
-	    fprintf(headerfile, "heim_octet_string _save;\n");
-	}
-	ASN1_TAILQ_FOREACH(m, t->members, members) {
-	    if (m->ellipsis) {
-		;
-	    } else if (m->optional) {
-		char *n;
-
-		asprintf (&n, "*%s", m->gen_name);
-		if (n == NULL)
-		    errx(1, "malloc");
-		define_type (level + 1, n, m->type, FALSE, FALSE);
-		free (n);
-	    } else
-		define_type (level + 1, m->gen_name, m->type, FALSE, FALSE);
-	}
-	space(level);
-	fprintf (headerfile, "} %s;\n", name);
-	break;
-    }
-    case TSetOf:
-    case TSequenceOf: {
-	Type i;
-	struct range range = { 0, INT_MAX };
-
-	i.type = TInteger;
-	i.range = &range;
-	i.members = NULL;
-	i.constraint = NULL;
-
-	space(level);
-	fprintf (headerfile, "struct %s {\n", typedefp ? name : "");
-	define_type (level + 1, "len", &i, FALSE, FALSE);
-	define_type (level + 1, "*val", t->subtype, FALSE, FALSE);
-	space(level);
-	fprintf (headerfile, "} %s;\n", name);
-	break;
-    }
-    case TGeneralizedTime:
-	space(level);
-	fprintf (headerfile, "time_t %s;\n", name);
-	break;
-    case TGeneralString:
-	space(level);
-	fprintf (headerfile, "heim_general_string %s;\n", name);
-	break;
-    case TTag:
-	define_type (level, name, t->subtype, typedefp, preservep);
-	break;
-    case TChoice: {
-	int first = 1;
-	Member *m;
-
-	space(level);
-	fprintf (headerfile, "struct %s {\n", typedefp ? name : "");
-	if (preservep) {
-	    space(level + 1);
-	    fprintf(headerfile, "heim_octet_string _save;\n");
-	}
-	space(level + 1);
-	fprintf (headerfile, "enum {\n");
-	m = have_ellipsis(t);
-	if (m) {
-	    space(level + 2);
-	    fprintf (headerfile, "%s = 0,\n", m->label); 
-	    first = 0;
-	}
-	ASN1_TAILQ_FOREACH(m, t->members, members) {
-	    space(level + 2);
-	    if (m->ellipsis)
-		fprintf (headerfile, "/* ... */\n");
-	    else
-		fprintf (headerfile, "%s%s%s\n", m->label, 
-			 first ? " = 1" : "", 
-			 last_member_p(m));
-	    first = 0;
-	}
-	space(level + 1);
-	fprintf (headerfile, "} element;\n");
-	space(level + 1);
-	fprintf (headerfile, "union {\n");
-	ASN1_TAILQ_FOREACH(m, t->members, members) {
-	    if (m->ellipsis) {
-		space(level + 2);
-		fprintf(headerfile, "heim_octet_string asn1_ellipsis;\n");
-	    } else if (m->optional) {
-		char *n;
-
-		asprintf (&n, "*%s", m->gen_name);
-		if (n == NULL)
-		    errx(1, "malloc");
-		define_type (level + 2, n, m->type, FALSE, FALSE);
-		free (n);
-	    } else
-		define_type (level + 2, m->gen_name, m->type, FALSE, FALSE);
-	}
-	space(level + 1);
-	fprintf (headerfile, "} u;\n");
-	space(level);
-	fprintf (headerfile, "} %s;\n", name);
-	break;
-    }
-    case TUTCTime:
-	space(level);
-	fprintf (headerfile, "time_t %s;\n", name);
-	break;
-    case TUTF8String:
-	space(level);
-	fprintf (headerfile, "heim_utf8_string %s;\n", name);
-	break;
-    case TPrintableString:
-	space(level);
-	fprintf (headerfile, "heim_printable_string %s;\n", name);
-	break;
-    case TIA5String:
-	space(level);
-	fprintf (headerfile, "heim_ia5_string %s;\n", name);
-	break;
-    case TBMPString:
-	space(level);
-	fprintf (headerfile, "heim_bmp_string %s;\n", name);
-	break;
-    case TUniversalString:
-	space(level);
-	fprintf (headerfile, "heim_universal_string %s;\n", name);
-	break;
-    case TVisibleString:
-	space(level);
-	fprintf (headerfile, "heim_visible_string %s;\n", name);
-	break;
-    case TOID :
-	space(level);
-	fprintf (headerfile, "heim_oid %s;\n", name);
-	break;
-    case TNull:
-	space(level);
-	fprintf (headerfile, "int %s;\n", name);
-	break;
-    default:
-	abort ();
-    }
-}
-
-static void
-generate_type_header (const Symbol *s)
-{
-    int preservep = preserve_type(s->name) ? TRUE : FALSE;
-
-    fprintf (headerfile, "/*\n");
-    fprintf (headerfile, "%s ::= ", s->name);
-    define_asn1 (0, s->type);
-    fprintf (headerfile, "\n*/\n\n");
-
-    fprintf (headerfile, "typedef ");
-    define_type (0, s->gen_name, s->type, TRUE, preservep);
-
-    fprintf (headerfile, "\n");
-}
-
-
-void
-generate_type (const Symbol *s)
-{
-    generate_header_of_codefile(s->gen_name);
-
-    generate_type_header (s);
-    generate_type_encode (s);
-    generate_type_decode (s);
-    generate_type_free (s);
-    generate_type_length (s);
-    generate_type_copy (s);
-    generate_type_seq (s);
-    generate_glue (s->type, s->gen_name);
-    fprintf(headerfile, "\n\n");
-    close_codefile();
-}
diff --git a/crypto/heimdal/lib/asn1/gen.h b/crypto/heimdal/lib/asn1/gen.h
deleted file mode 100644
index 369b6e392acd..000000000000
--- a/crypto/heimdal/lib/asn1/gen.h
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: gen.h,v 1.4 1999/12/02 17:05:02 joda Exp $ */
-
-#include <stdio.h>
-#include "symbol.h"
-
diff --git a/crypto/heimdal/lib/asn1/gen_copy.c b/crypto/heimdal/lib/asn1/gen_copy.c
deleted file mode 100644
index abf11859d5f4..000000000000
--- a/crypto/heimdal/lib/asn1/gen_copy.c
+++ /dev/null
@@ -1,249 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gen_locl.h"
-
-RCSID("$Id: gen_copy.c 19539 2006-12-28 17:15:05Z lha $");
-
-static int used_fail;
-
-static void
-copy_primitive (const char *typename, const char *from, const char *to)
-{
-    fprintf (codefile, "if(der_copy_%s(%s, %s)) goto fail;\n", 
-	     typename, from, to);
-    used_fail++;
-}
-
-static void
-copy_type (const char *from, const char *to, const Type *t, int preserve)
-{
-    switch (t->type) {
-    case TType:
-#if 0
-	copy_type (from, to, t->symbol->type, preserve);
-#endif
-	fprintf (codefile, "if(copy_%s(%s, %s)) goto fail;\n", 
-		 t->symbol->gen_name, from, to);
-	used_fail++;
-	break;
-    case TInteger:
-	if (t->range == NULL && t->members == NULL) {
-	    copy_primitive ("heim_integer", from, to);
-	    break;
-	}
-    case TBoolean:
-    case TEnumerated :
-	fprintf(codefile, "*(%s) = *(%s);\n", to, from);
-	break;
-    case TOctetString:
-	copy_primitive ("octet_string", from, to);
-	break;
-    case TBitString:
-	if (ASN1_TAILQ_EMPTY(t->members))
-	    copy_primitive ("bit_string", from, to);
-	else
-	    fprintf(codefile, "*(%s) = *(%s);\n", to, from);
-	break;
-    case TSet:
-    case TSequence:
-    case TChoice: {
-	Member *m, *have_ellipsis = NULL;
-
-	if(t->members == NULL)
-	    break;
-      
-	if ((t->type == TSequence || t->type == TChoice) && preserve) {
-	    fprintf(codefile,
-		    "{ int ret;\n"
-		    "ret = der_copy_octet_string(&(%s)->_save, &(%s)->_save);\n"
-		    "if (ret) goto fail;\n"
-		    "}\n",
-		    from, to);
-	    used_fail++;
-	}
-
-	if(t->type == TChoice) {
-	    fprintf(codefile, "(%s)->element = (%s)->element;\n", to, from);
-	    fprintf(codefile, "switch((%s)->element) {\n", from);
-	}
-
-	ASN1_TAILQ_FOREACH(m, t->members, members) {
-	    char *fs;
-	    char *ts;
-
-	    if (m->ellipsis) {
-		have_ellipsis = m;
-		continue;
-	    }
-
-	    if(t->type == TChoice)
-		fprintf(codefile, "case %s:\n", m->label);
-
-	    asprintf (&fs, "%s(%s)->%s%s",
-		      m->optional ? "" : "&", from, 
-		      t->type == TChoice ? "u." : "", m->gen_name);
-	    if (fs == NULL)
-		errx(1, "malloc");
-	    asprintf (&ts, "%s(%s)->%s%s",
-		      m->optional ? "" : "&", to, 
-		      t->type == TChoice ? "u." : "", m->gen_name);
-	    if (ts == NULL)
-		errx(1, "malloc");
-	    if(m->optional){
-		fprintf(codefile, "if(%s) {\n", fs);
-		fprintf(codefile, "%s = malloc(sizeof(*%s));\n", ts, ts);
-		fprintf(codefile, "if(%s == NULL) goto fail;\n", ts);
-		used_fail++;
-	    }
-	    copy_type (fs, ts, m->type, FALSE);
-	    if(m->optional){
-		fprintf(codefile, "}else\n");
-		fprintf(codefile, "%s = NULL;\n", ts);
-	    }
-	    free (fs);
-	    free (ts);
-	    if(t->type == TChoice)
-		fprintf(codefile, "break;\n");
-	}
-	if(t->type == TChoice) {
-	    if (have_ellipsis) {
-		fprintf(codefile, "case %s: {\n"
-			"int ret;\n"
-			"ret=der_copy_octet_string(&(%s)->u.%s, &(%s)->u.%s);\n"
-			"if (ret) goto fail;\n"
-			"break;\n"
-			"}\n",
-			have_ellipsis->label,
-			from, have_ellipsis->gen_name, 
-			to, have_ellipsis->gen_name);
-		used_fail++;
-	    }
-	    fprintf(codefile, "}\n");	
-	}
-	break;
-    }
-    case TSetOf:
-    case TSequenceOf: {
-	char *f;
-	char *T;
-
-	fprintf (codefile, "if(((%s)->val = "
-		 "malloc((%s)->len * sizeof(*(%s)->val))) == NULL && (%s)->len != 0)\n", 
-		 to, from, to, from);
-	fprintf (codefile, "goto fail;\n");
-	used_fail++;
-	fprintf(codefile,
-		"for((%s)->len = 0; (%s)->len < (%s)->len; (%s)->len++){\n",
-		to, to, from, to);
-	asprintf(&f, "&(%s)->val[(%s)->len]", from, to);
-	if (f == NULL)
-	    errx(1, "malloc");
-	asprintf(&T, "&(%s)->val[(%s)->len]", to, to);
-	if (T == NULL)
-	    errx(1, "malloc");
-	copy_type(f, T, t->subtype, FALSE);
-	fprintf(codefile, "}\n");
-	free(f);
-	free(T);
-	break;
-    }
-    case TGeneralizedTime:
-	fprintf(codefile, "*(%s) = *(%s);\n", to, from);
-	break;
-    case TGeneralString:
-	copy_primitive ("general_string", from, to);
-	break;
-    case TUTCTime:
-	fprintf(codefile, "*(%s) = *(%s);\n", to, from);
-	break;
-    case TUTF8String:
-	copy_primitive ("utf8string", from, to);
-	break;
-    case TPrintableString:
-	copy_primitive ("printable_string", from, to);
-	break;
-    case TIA5String:
-	copy_primitive ("ia5_string", from, to);
-	break;
-    case TBMPString:
-	copy_primitive ("bmp_string", from, to);
-	break;
-    case TUniversalString:
-	copy_primitive ("universal_string", from, to);
-	break;
-    case TVisibleString:
-	copy_primitive ("visible_string", from, to);
-	break;
-    case TTag:
-	copy_type (from, to, t->subtype, preserve);
-	break;
-    case TOID:
-	copy_primitive ("oid", from, to);
-	break;
-    case TNull:
-	break;
-    default :
-	abort ();
-    }
-}
-
-void
-generate_type_copy (const Symbol *s)
-{
-  int preserve = preserve_type(s->name) ? TRUE : FALSE;
-
-  used_fail = 0;
-
-  fprintf (headerfile,
-	   "int    copy_%s  (const %s *, %s *);\n",
-	   s->gen_name, s->gen_name, s->gen_name);
-
-  fprintf (codefile, "int\n"
-	   "copy_%s(const %s *from, %s *to)\n"
-	   "{\n"
-	   "memset(to, 0, sizeof(*to));\n",
-	   s->gen_name, s->gen_name, s->gen_name);
-  copy_type ("from", "to", s->type, preserve);
-  fprintf (codefile, "return 0;\n");
-
-  if (used_fail)
-      fprintf (codefile, "fail:\n"
-	       "free_%s(to);\n"
-	       "return ENOMEM;\n",
-	       s->gen_name);
-
-  fprintf(codefile,
-	  "}\n\n");
-}
-
diff --git a/crypto/heimdal/lib/asn1/gen_decode.c b/crypto/heimdal/lib/asn1/gen_decode.c
deleted file mode 100644
index face9ba47a04..000000000000
--- a/crypto/heimdal/lib/asn1/gen_decode.c
+++ /dev/null
@@ -1,720 +0,0 @@
-/*
- * Copyright (c) 1997 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gen_locl.h"
-#include "lex.h"
-
-RCSID("$Id: gen_decode.c 21503 2007-07-12 11:57:19Z lha $");
-
-static void
-decode_primitive (const char *typename, const char *name, const char *forwstr)
-{
-#if 0
-    fprintf (codefile,
-	     "e = decode_%s(p, len, %s, &l);\n"
-	     "%s;\n",
-	     typename,
-	     name,
-	     forwstr);
-#else
-    fprintf (codefile,
-	     "e = der_get_%s(p, len, %s, &l);\n"
-	     "if(e) %s;\np += l; len -= l; ret += l;\n",
-	     typename,
-	     name,
-	     forwstr);
-#endif
-}
-
-static int
-is_primitive_type(int type)
-{
-    switch(type) {
-    case TInteger:
-    case TBoolean:
-    case TOctetString:
-    case TBitString:
-    case TEnumerated:
-    case TGeneralizedTime:
-    case TGeneralString:
-    case TOID:
-    case TUTCTime:
-    case TUTF8String:
-    case TPrintableString:
-    case TIA5String:
-    case TBMPString:
-    case TUniversalString:
-    case TVisibleString:
-    case TNull:
-	return 1;
-    default:
-	return 0;
-    }
-}
-
-static void
-find_tag (const Type *t,
-	  Der_class *cl, Der_type *ty, unsigned *tag)
-{
-    switch (t->type) {
-    case TBitString:
-	*cl  = ASN1_C_UNIV;
-	*ty  = PRIM;
-	*tag = UT_BitString;
-	break;
-    case TBoolean:
-	*cl  = ASN1_C_UNIV;
-	*ty  = PRIM;
-	*tag = UT_Boolean;
-	break;
-    case TChoice: 
-	errx(1, "Cannot have recursive CHOICE");
-    case TEnumerated:
-	*cl  = ASN1_C_UNIV;
-	*ty  = PRIM;
-	*tag = UT_Enumerated;
-	break;
-    case TGeneralString: 
-	*cl  = ASN1_C_UNIV;
-	*ty  = PRIM;
-	*tag = UT_GeneralString;
-	break;
-    case TGeneralizedTime: 
-	*cl  = ASN1_C_UNIV;
-	*ty  = PRIM;
-	*tag = UT_GeneralizedTime;
-	break;
-    case TIA5String:
-	*cl  = ASN1_C_UNIV;
-	*ty  = PRIM;
-	*tag = UT_IA5String;
-	break;
-    case TInteger: 
-	*cl  = ASN1_C_UNIV;
-	*ty  = PRIM;
-	*tag = UT_Integer;
-	break;
-    case TNull:
-	*cl  = ASN1_C_UNIV;
-	*ty  = PRIM;
-	*tag = UT_Null;
-	break;
-    case TOID: 
-	*cl  = ASN1_C_UNIV;
-	*ty  = PRIM;
-	*tag = UT_OID;
-	break;
-    case TOctetString: 
-	*cl  = ASN1_C_UNIV;
-	*ty  = PRIM;
-	*tag = UT_OctetString;
-	break;
-    case TPrintableString:
-	*cl  = ASN1_C_UNIV;
-	*ty  = PRIM;
-	*tag = UT_PrintableString;
-	break;
-    case TSequence: 
-    case TSequenceOf:
-	*cl  = ASN1_C_UNIV;
-	*ty  = CONS;
-	*tag = UT_Sequence;
-	break;
-    case TSet: 
-    case TSetOf:
-	*cl  = ASN1_C_UNIV;
-	*ty  = CONS;
-	*tag = UT_Set;
-	break;
-    case TTag: 
-	*cl  = t->tag.tagclass;
-	*ty  = is_primitive_type(t->subtype->type) ? PRIM : CONS;
-	*tag = t->tag.tagvalue;
-	break;
-    case TType: 
-	if ((t->symbol->stype == Stype && t->symbol->type == NULL)
-	    || t->symbol->stype == SUndefined) {
-	    error_message("%s is imported or still undefined, "
-			  " can't generate tag checking data in CHOICE "
-			  "without this information",
-			  t->symbol->name);
-	    exit(1);
-	}
-	find_tag(t->symbol->type, cl, ty, tag);
-	return;
-    case TUTCTime: 
-	*cl  = ASN1_C_UNIV;
-	*ty  = PRIM;
-	*tag = UT_UTCTime;
-	break;
-    case TUTF8String:
-	*cl  = ASN1_C_UNIV;
-	*ty  = PRIM;
-	*tag = UT_UTF8String;
-	break;
-    case TBMPString:
-	*cl  = ASN1_C_UNIV;
-	*ty  = PRIM;
-	*tag = UT_BMPString;
-	break;
-    case TUniversalString:
-	*cl  = ASN1_C_UNIV;
-	*ty  = PRIM;
-	*tag = UT_UniversalString;
-	break;
-    case TVisibleString:
-	*cl  = ASN1_C_UNIV;
-	*ty  = PRIM;
-	*tag = UT_VisibleString;
-	break;
-    default:
-	abort();
-    }
-}
-
-static void
-range_check(const char *name,
-	    const char *length,
-	    const char *forwstr, 
-	    struct range *r)
-{
-    if (r->min == r->max + 2 || r->min < r->max)
-	fprintf (codefile,
-		 "if ((%s)->%s > %d) {\n"
-		 "e = ASN1_MAX_CONSTRAINT; %s;\n"
-		 "}\n",
-		 name, length, r->max, forwstr);
-    if (r->min - 1 == r->max || r->min < r->max)
-	fprintf (codefile,
-		 "if ((%s)->%s < %d) {\n"
-		 "e = ASN1_MIN_CONSTRAINT; %s;\n"
-		 "}\n",
-		 name, length, r->min, forwstr);
-    if (r->max == r->min)
-	fprintf (codefile,
-		 "if ((%s)->%s != %d) {\n"
-		 "e = ASN1_EXACT_CONSTRAINT; %s;\n"
-		 "}\n",
-		 name, length, r->min, forwstr);
-}
-
-static int
-decode_type (const char *name, const Type *t, int optional, 
-	     const char *forwstr, const char *tmpstr)
-{
-    switch (t->type) {
-    case TType: {
-	if (optional)
-	    fprintf(codefile, 
-		    "%s = calloc(1, sizeof(*%s));\n"
-		    "if (%s == NULL) %s;\n",
-		    name, name, name, forwstr);
-	fprintf (codefile,
-		 "e = decode_%s(p, len, %s, &l);\n",
-		 t->symbol->gen_name, name);
-	if (optional) {
-	    fprintf (codefile,
-		     "if(e) {\n"
-		     "free(%s);\n"
-		     "%s = NULL;\n"
-		     "} else {\n"
-		     "p += l; len -= l; ret += l;\n"
-		     "}\n",
-		     name, name);
-	} else {
-	    fprintf (codefile,
-		     "if(e) %s;\n",
-		     forwstr);
-	    fprintf (codefile,
-		     "p += l; len -= l; ret += l;\n");
-	}
-	break;
-    }
-    case TInteger:
-	if(t->members) {
-	    fprintf(codefile,
-		    "{\n"
-		    "int enumint;\n");
-	    decode_primitive ("integer", "&enumint", forwstr);
-	    fprintf(codefile,
-		    "*%s = enumint;\n"
-		    "}\n",
-		    name);
-	} else if (t->range == NULL) {
-	    decode_primitive ("heim_integer", name, forwstr);
-	} else if (t->range->min == INT_MIN && t->range->max == INT_MAX) {
-	    decode_primitive ("integer", name, forwstr);
-	} else if (t->range->min == 0 && t->range->max == UINT_MAX) {
-	    decode_primitive ("unsigned", name, forwstr);
-	} else if (t->range->min == 0 && t->range->max == INT_MAX) {
-	    decode_primitive ("unsigned", name, forwstr);
-	} else
-	    errx(1, "%s: unsupported range %d -> %d", 
-		 name, t->range->min, t->range->max);
-	break;
-    case TBoolean:
-      decode_primitive ("boolean", name, forwstr);
-      break;
-    case TEnumerated:
-	decode_primitive ("enumerated", name, forwstr);
-	break;
-    case TOctetString:
-	decode_primitive ("octet_string", name, forwstr);
-	if (t->range)
-	    range_check(name, "length", forwstr, t->range);
-	break;
-    case TBitString: {
-	Member *m;
-	int pos = 0;
-
-	if (ASN1_TAILQ_EMPTY(t->members)) {
-	    decode_primitive ("bit_string", name, forwstr);
-	    break;
-	}
-	fprintf(codefile,
-		"if (len < 1) return ASN1_OVERRUN;\n"
-		"p++; len--; ret++;\n");
-	fprintf(codefile,
-		"do {\n"
-		"if (len < 1) break;\n");
-	ASN1_TAILQ_FOREACH(m, t->members, members) {
-	    while (m->val / 8 > pos / 8) {
-		fprintf (codefile,
-			 "p++; len--; ret++;\n"
-			 "if (len < 1) break;\n");
-		pos += 8;
-	    }
-	    fprintf (codefile,
-		     "(%s)->%s = (*p >> %d) & 1;\n",
-		     name, m->gen_name, 7 - m->val % 8);
-	}
-	fprintf(codefile,
-		"} while(0);\n");
-	fprintf (codefile,
-		 "p += len; ret += len;\n");
-	break;
-    }
-    case TSequence: {
-	Member *m;
-
-	if (t->members == NULL)
-	    break;
-
-	ASN1_TAILQ_FOREACH(m, t->members, members) {
-	    char *s;
-
-	    if (m->ellipsis)
-		continue;
-
-	    asprintf (&s, "%s(%s)->%s", m->optional ? "" : "&",
-		      name, m->gen_name);
-	    if (s == NULL)
-		errx(1, "malloc");
-	    decode_type (s, m->type, m->optional, forwstr, m->gen_name);
-	    free (s);
-	}
-	
-	break;
-    }
-    case TSet: {
-	Member *m;
-	unsigned int memno;
-
-	if(t->members == NULL)
-	    break;
-
-	fprintf(codefile, "{\n");
-	fprintf(codefile, "unsigned int members = 0;\n");
-	fprintf(codefile, "while(len > 0) {\n");
-	fprintf(codefile, 
-		"Der_class class;\n"
-		"Der_type type;\n"
-		"int tag;\n"
-		"e = der_get_tag (p, len, &class, &type, &tag, NULL);\n"
-		"if(e) %s;\n", forwstr);
-	fprintf(codefile, "switch (MAKE_TAG(class, type, tag)) {\n");
-	memno = 0;
-	ASN1_TAILQ_FOREACH(m, t->members, members) {
-	    char *s;
-
-	    assert(m->type->type == TTag);
-
-	    fprintf(codefile, "case MAKE_TAG(%s, %s, %s):\n",
-		    classname(m->type->tag.tagclass),
-		    is_primitive_type(m->type->subtype->type) ? "PRIM" : "CONS",
-		    valuename(m->type->tag.tagclass, m->type->tag.tagvalue));
-
-	    asprintf (&s, "%s(%s)->%s", m->optional ? "" : "&", name, m->gen_name);
-	    if (s == NULL)
-		errx(1, "malloc");
-	    if(m->optional)
-		fprintf(codefile, 
-			"%s = calloc(1, sizeof(*%s));\n"
-			"if (%s == NULL) { e = ENOMEM; %s; }\n",
-			s, s, s, forwstr);
-	    decode_type (s, m->type, 0, forwstr, m->gen_name);
-	    free (s);
-
-	    fprintf(codefile, "members |= (1 << %d);\n", memno);
-	    memno++;
-	    fprintf(codefile, "break;\n");
-	}
-	fprintf(codefile, 
-		"default:\n"
-		"return ASN1_MISPLACED_FIELD;\n"
-		"break;\n");
-	fprintf(codefile, "}\n");
-	fprintf(codefile, "}\n");
-	memno = 0;
-	ASN1_TAILQ_FOREACH(m, t->members, members) {
-	    char *s;
-
-	    asprintf (&s, "%s->%s", name, m->gen_name);
-	    if (s == NULL)
-		errx(1, "malloc");
-	    fprintf(codefile, "if((members & (1 << %d)) == 0)\n", memno);
-	    if(m->optional)
-		fprintf(codefile, "%s = NULL;\n", s);
-	    else if(m->defval)
-		gen_assign_defval(s, m->defval);
-	    else
-		fprintf(codefile, "return ASN1_MISSING_FIELD;\n");
-	    free(s);
-	    memno++;
-	}
-	fprintf(codefile, "}\n");
-	break;
-    }
-    case TSetOf:
-    case TSequenceOf: {
-	char *n;
-	char *sname;
-
-	fprintf (codefile,
-		 "{\n"
-		 "size_t %s_origlen = len;\n"
-		 "size_t %s_oldret = ret;\n"
-		 "size_t %s_olen = 0;\n"
-		 "void *%s_tmp;\n"
-		 "ret = 0;\n"
-		 "(%s)->len = 0;\n"
-		 "(%s)->val = NULL;\n",
-		 tmpstr,
-		 tmpstr,
-		 tmpstr,
-		 tmpstr,
-		 name,
-		 name);
-
-	fprintf (codefile,
-		 "while(ret < %s_origlen) {\n"
-		 "size_t %s_nlen = %s_olen + sizeof(*((%s)->val));\n"
-		 "if (%s_olen > %s_nlen) { e = ASN1_OVERFLOW; %s; }\n"
-		 "%s_olen = %s_nlen;\n"
-		 "%s_tmp = realloc((%s)->val, %s_olen);\n"
-		 "if (%s_tmp == NULL) { e = ENOMEM; %s; }\n"
-		 "(%s)->val = %s_tmp;\n",
-		 tmpstr,
-		 tmpstr, tmpstr, name,
-		 tmpstr, tmpstr, forwstr,
-		 tmpstr, tmpstr,
-		 tmpstr, name, tmpstr,
-		 tmpstr, forwstr, 
-		 name, tmpstr);
-
-	asprintf (&n, "&(%s)->val[(%s)->len]", name, name);
-	if (n == NULL)
-	    errx(1, "malloc");
-	asprintf (&sname, "%s_s_of", tmpstr);
-	if (sname == NULL)
-	    errx(1, "malloc");
-	decode_type (n, t->subtype, 0, forwstr, sname);
-	fprintf (codefile, 
-		 "(%s)->len++;\n"
-		 "len = %s_origlen - ret;\n"
-		 "}\n"
-		 "ret += %s_oldret;\n"
-		 "}\n",
-		 name,
-		 tmpstr, tmpstr);
-	if (t->range)
-	    range_check(name, "len", forwstr, t->range);
-	free (n);
-	free (sname);
-	break;
-    }
-    case TGeneralizedTime:
-	decode_primitive ("generalized_time", name, forwstr);
-	break;
-    case TGeneralString:
-	decode_primitive ("general_string", name, forwstr);
-	break;
-    case TTag:{
-    	char *tname;
-
-	fprintf(codefile, 
-		"{\n"
-		"size_t %s_datalen, %s_oldlen;\n",
-		tmpstr, tmpstr);
-	if(dce_fix)
-	    fprintf(codefile, 
-		    "int dce_fix;\n");
-	fprintf(codefile, "e = der_match_tag_and_length(p, len, %s, %s, %s, "
-		"&%s_datalen, &l);\n",
-		classname(t->tag.tagclass),
-		is_primitive_type(t->subtype->type) ? "PRIM" : "CONS",
-		valuename(t->tag.tagclass, t->tag.tagvalue),
-		tmpstr);
-	if(optional) {
-	    fprintf(codefile, 
-		    "if(e) {\n"
-		    "%s = NULL;\n"
-		    "} else {\n"
-		     "%s = calloc(1, sizeof(*%s));\n"
-		     "if (%s == NULL) { e = ENOMEM; %s; }\n",
-		     name, name, name, name, forwstr);
-	} else {
-	    fprintf(codefile, "if(e) %s;\n", forwstr);
-	}
-	fprintf (codefile,
-		 "p += l; len -= l; ret += l;\n"
-		 "%s_oldlen = len;\n",
-		 tmpstr);
-	if(dce_fix)
-	    fprintf (codefile,
-		     "if((dce_fix = _heim_fix_dce(%s_datalen, &len)) < 0)\n"
-		     "{ e = ASN1_BAD_FORMAT; %s; }\n",
-		     tmpstr, forwstr);
-	else
-	    fprintf(codefile, 
-		    "if (%s_datalen > len) { e = ASN1_OVERRUN; %s; }\n"
-		    "len = %s_datalen;\n", tmpstr, forwstr, tmpstr);
-	asprintf (&tname, "%s_Tag", tmpstr);
-	if (tname == NULL)
-	    errx(1, "malloc");
-	decode_type (name, t->subtype, 0, forwstr, tname);
-	if(dce_fix)
-	    fprintf(codefile,
-		    "if(dce_fix){\n"
-		    "e = der_match_tag_and_length (p, len, "
-		    "(Der_class)0,(Der_type)0, UT_EndOfContent, "
-		    "&%s_datalen, &l);\n"
-		    "if(e) %s;\np += l; len -= l; ret += l;\n"
-		    "} else \n", tmpstr, forwstr);
-	fprintf(codefile, 
-		"len = %s_oldlen - %s_datalen;\n",
-		tmpstr, tmpstr);
-	if(optional)
-	    fprintf(codefile, 
-		    "}\n");
-	fprintf(codefile, 
-		"}\n");
-	free(tname);
-	break;
-    }
-    case TChoice: {
-	Member *m, *have_ellipsis = NULL;
-	const char *els = "";
-
-	if (t->members == NULL)
-	    break;
-
-	ASN1_TAILQ_FOREACH(m, t->members, members) {
-	    const Type *tt = m->type;
-	    char *s;
-	    Der_class cl;
-	    Der_type  ty;
-	    unsigned  tag;
-	    
-	    if (m->ellipsis) {
-		have_ellipsis = m;
-		continue;
-	    }
-
-	    find_tag(tt, &cl, &ty, &tag);
-
-	    fprintf(codefile,
-		    "%sif (der_match_tag(p, len, %s, %s, %s, NULL) == 0) {\n",
-		    els,
-		    classname(cl),
-		    ty ? "CONS" : "PRIM",
-		    valuename(cl, tag));
-	    asprintf (&s, "%s(%s)->u.%s", m->optional ? "" : "&",
-		      name, m->gen_name);
-	    if (s == NULL)
-		errx(1, "malloc");
-	    decode_type (s, m->type, m->optional, forwstr, m->gen_name);
-	    fprintf(codefile,
-		    "(%s)->element = %s;\n",
-		    name, m->label);
-	    free(s);
-	    fprintf(codefile,
-		    "}\n");
-	    els = "else ";
-	}
-	if (have_ellipsis) {
-	    fprintf(codefile,
-		    "else {\n"
-		    "(%s)->u.%s.data = calloc(1, len);\n"
-		    "if ((%s)->u.%s.data == NULL) {\n"
-		    "e = ENOMEM; %s;\n"
-		    "}\n"
-		    "(%s)->u.%s.length = len;\n"
-		    "memcpy((%s)->u.%s.data, p, len);\n"
-		    "(%s)->element = %s;\n"
-		    "p += len;\n"
-		    "ret += len;\n"
-		    "len -= len;\n"
-		    "}\n",
-		    name, have_ellipsis->gen_name,
-		    name, have_ellipsis->gen_name,
-		    forwstr, 
-		    name, have_ellipsis->gen_name,
-		    name, have_ellipsis->gen_name,
-		    name, have_ellipsis->label);
-	} else {
-	    fprintf(codefile,
-		    "else {\n"
-		    "e = ASN1_PARSE_ERROR;\n"
-		    "%s;\n"
-		    "}\n",
-		    forwstr);
-	}
-	break;
-    }
-    case TUTCTime:
-	decode_primitive ("utctime", name, forwstr);
-	break;
-    case TUTF8String:
-	decode_primitive ("utf8string", name, forwstr);
-	break;
-    case TPrintableString:
-	decode_primitive ("printable_string", name, forwstr);
-	break;
-    case TIA5String:
-	decode_primitive ("ia5_string", name, forwstr);
-	break;
-    case TBMPString:
-	decode_primitive ("bmp_string", name, forwstr);
-	break;
-    case TUniversalString:
-	decode_primitive ("universal_string", name, forwstr);
-	break;
-    case TVisibleString:
-	decode_primitive ("visible_string", name, forwstr);
-	break;
-    case TNull:
-	fprintf (codefile, "/* NULL */\n");
-	break;
-    case TOID:
-	decode_primitive ("oid", name, forwstr);
-	break;
-    default :
-	abort ();
-    }
-    return 0;
-}
-
-void
-generate_type_decode (const Symbol *s)
-{
-    int preserve = preserve_type(s->name) ? TRUE : FALSE;
-
-    fprintf (headerfile,
-	     "int    "
-	     "decode_%s(const unsigned char *, size_t, %s *, size_t *);\n",
-	     s->gen_name, s->gen_name);
-
-    fprintf (codefile, "int\n"
-	     "decode_%s(const unsigned char *p,"
-	     " size_t len, %s *data, size_t *size)\n"
-	     "{\n",
-	     s->gen_name, s->gen_name);
-
-    switch (s->type->type) {
-    case TInteger:
-    case TBoolean:
-    case TOctetString:
-    case TOID:
-    case TGeneralizedTime:
-    case TGeneralString:
-    case TUTF8String:
-    case TPrintableString:
-    case TIA5String:
-    case TBMPString:
-    case TUniversalString:
-    case TVisibleString:
-    case TUTCTime:
-    case TNull:
-    case TEnumerated:
-    case TBitString:
-    case TSequence:
-    case TSequenceOf:
-    case TSet:
-    case TSetOf:
-    case TTag:
-    case TType:
-    case TChoice:
-	fprintf (codefile,
-		 "size_t ret = 0;\n"
-		 "size_t l;\n"
-		 "int e;\n");
-	if (preserve)
-	    fprintf (codefile, "const unsigned char *begin = p;\n");
-
-	fprintf (codefile, "\n");
-	fprintf (codefile, "memset(data, 0, sizeof(*data));\n"); /* hack to avoid `unused variable' */
-
-	decode_type ("data", s->type, 0, "goto fail", "Top");
-	if (preserve)
-	    fprintf (codefile,
-		     "data->_save.data = calloc(1, ret);\n"
-		     "if (data->_save.data == NULL) { \n"
-		     "e = ENOMEM; goto fail; \n"
-		     "}\n"
-		     "data->_save.length = ret;\n"
-		     "memcpy(data->_save.data, begin, ret);\n");
-	fprintf (codefile, 
-		 "if(size) *size = ret;\n"
-		 "return 0;\n");
-	fprintf (codefile,
-		 "fail:\n"
-		 "free_%s(data);\n"
-		 "return e;\n",
-		 s->gen_name);
-	break;
-    default:
-	abort ();
-    }
-    fprintf (codefile, "}\n\n");
-}
diff --git a/crypto/heimdal/lib/asn1/gen_encode.c b/crypto/heimdal/lib/asn1/gen_encode.c
deleted file mode 100644
index 08f1a9449f8b..000000000000
--- a/crypto/heimdal/lib/asn1/gen_encode.c
+++ /dev/null
@@ -1,557 +0,0 @@
-/*
- * Copyright (c) 1997 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gen_locl.h"
-
-RCSID("$Id: gen_encode.c 22429 2008-01-13 10:25:50Z lha $");
-
-static void
-encode_primitive (const char *typename, const char *name)
-{
-    fprintf (codefile,
-	     "e = der_put_%s(p, len, %s, &l);\n"
-	     "if (e) return e;\np -= l; len -= l; ret += l;\n\n",
-	     typename,
-	     name);
-}
-
-const char *
-classname(Der_class class)
-{
-    const char *cn[] = { "ASN1_C_UNIV", "ASN1_C_APPL",
-			 "ASN1_C_CONTEXT", "ASN1_C_PRIV" };
-    if(class < ASN1_C_UNIV || class > ASN1_C_PRIVATE)
-	return "???";
-    return cn[class];
-}
-
-
-const char *
-valuename(Der_class class, int value)
-{
-    static char s[32];
-    struct { 
-	int value;
-	const char *s;
-    } *p, values[] = {
-#define X(Y) { Y, #Y }
-	X(UT_BMPString),
-	X(UT_BitString),
-	X(UT_Boolean),
-	X(UT_EmbeddedPDV),
-	X(UT_Enumerated),
-	X(UT_External),
-	X(UT_GeneralString),
-	X(UT_GeneralizedTime),
-	X(UT_GraphicString),
-	X(UT_IA5String),
-	X(UT_Integer),
-	X(UT_Null),
-	X(UT_NumericString),
-	X(UT_OID),
-	X(UT_ObjectDescriptor),
-	X(UT_OctetString),
-	X(UT_PrintableString),
-	X(UT_Real),
-	X(UT_RelativeOID),
-	X(UT_Sequence),
-	X(UT_Set),
-	X(UT_TeletexString),
-	X(UT_UTCTime),
-	X(UT_UTF8String),
-	X(UT_UniversalString),
-	X(UT_VideotexString),
-	X(UT_VisibleString),
-#undef X
-	{ -1, NULL }
-    };
-    if(class == ASN1_C_UNIV) {
-	for(p = values; p->value != -1; p++)
-	    if(p->value == value)
-		return p->s;
-    }
-    snprintf(s, sizeof(s), "%d", value);
-    return s;
-}
-
-static int
-encode_type (const char *name, const Type *t, const char *tmpstr)
-{
-    int constructed = 1;
-
-    switch (t->type) {
-    case TType:
-#if 0
-	encode_type (name, t->symbol->type);
-#endif
-	fprintf (codefile,
-		 "e = encode_%s(p, len, %s, &l);\n"
-		 "if (e) return e;\np -= l; len -= l; ret += l;\n\n",
-		 t->symbol->gen_name, name);
-	break;
-    case TInteger:
-	if(t->members) {
-	    fprintf(codefile,
-		    "{\n"
-		    "int enumint = (int)*%s;\n",
-		    name);
-	    encode_primitive ("integer", "&enumint");
-	    fprintf(codefile, "}\n;");
-	} else if (t->range == NULL) {
-	    encode_primitive ("heim_integer", name);
-	} else if (t->range->min == INT_MIN && t->range->max == INT_MAX) {
-	    encode_primitive ("integer", name);
-	} else if (t->range->min == 0 && t->range->max == UINT_MAX) {
-	    encode_primitive ("unsigned", name);
-	} else if (t->range->min == 0 && t->range->max == INT_MAX) {
-	    encode_primitive ("unsigned", name);
-	} else
-	    errx(1, "%s: unsupported range %d -> %d", 
-		 name, t->range->min, t->range->max);
-	constructed = 0;
-	break;
-    case TBoolean:
-	encode_primitive ("boolean", name);
-	constructed = 0;
-	break;
-    case TOctetString:
-	encode_primitive ("octet_string", name);
-	constructed = 0;
-	break;
-    case TBitString: {
-	Member *m;
-	int pos;
-
-	if (ASN1_TAILQ_EMPTY(t->members)) {
-	    encode_primitive("bit_string", name);
-	    constructed = 0;
-	    break;
-	}
-
-	fprintf (codefile, "{\n"
-		 "unsigned char c = 0;\n");
-	if (!rfc1510_bitstring)
-	    fprintf (codefile,
-		     "int rest = 0;\n"
-		     "int bit_set = 0;\n");
-#if 0
-	pos = t->members->prev->val;
-	/* fix for buggy MIT (and OSF?) code */
-	if (pos > 31)
-	    abort ();
-#endif
-	/*
-	 * It seems that if we do not always set pos to 31 here, the MIT
-	 * code will do the wrong thing.
-	 *
-	 * I hate ASN.1 (and DER), but I hate it even more when everybody
-	 * has to screw it up differently.
-	 */
-	pos = ASN1_TAILQ_LAST(t->members, memhead)->val;
-	if (rfc1510_bitstring) {
-	    if (pos < 31)
-		pos = 31;
-	}
-
-	ASN1_TAILQ_FOREACH_REVERSE(m, t->members, memhead, members) {
-	    while (m->val / 8 < pos / 8) {
-		if (!rfc1510_bitstring)
-		    fprintf (codefile,
-			     "if (c != 0 || bit_set) {\n");
-		fprintf (codefile,
-			 "if (len < 1) return ASN1_OVERFLOW;\n"
-			 "*p-- = c; len--; ret++;\n");
-		if (!rfc1510_bitstring)
-		    fprintf (codefile,
-			     "if (!bit_set) {\n"
-			     "rest = 0;\n"
-			     "while(c) { \n"
-			     "if (c & 1) break;\n"
-			     "c = c >> 1;\n"
-			     "rest++;\n"
-			     "}\n"
-			     "bit_set = 1;\n"
-			     "}\n"
-			     "}\n");
-		fprintf (codefile,
-			 "c = 0;\n");
-		pos -= 8;
-	    }
-	    fprintf (codefile,
-		     "if((%s)->%s) {\n"
-		     "c |= 1<<%d;\n", 
-		     name, m->gen_name, 7 - m->val % 8);
-	    fprintf (codefile,
-		     "}\n");
-	}
-
-	if (!rfc1510_bitstring)
-	    fprintf (codefile,
-		     "if (c != 0 || bit_set) {\n");
-	fprintf (codefile, 
-		 "if (len < 1) return ASN1_OVERFLOW;\n"
-		 "*p-- = c; len--; ret++;\n");
-	if (!rfc1510_bitstring)
-	    fprintf (codefile,
-		     "if (!bit_set) {\n"
-		     "rest = 0;\n"
-		     "if(c) { \n"
-		     "while(c) { \n"
-		     "if (c & 1) break;\n"
-		     "c = c >> 1;\n"
-		     "rest++;\n"
-		     "}\n"
-		     "}\n"
-		     "}\n"
-		     "}\n");
-
-	fprintf (codefile, 
-		 "if (len < 1) return ASN1_OVERFLOW;\n"
-		 "*p-- = %s;\n"
-		 "len -= 1;\n"
-		 "ret += 1;\n"
-		 "}\n\n",
-		 rfc1510_bitstring ? "0" : "rest");
-	constructed = 0;
-	break;
-    }
-    case TEnumerated : {
-	encode_primitive ("enumerated", name);
-	constructed = 0;
-	break;
-    }
-
-    case TSet:
-    case TSequence: {
-	Member *m;
-
-	if (t->members == NULL)
-	    break;
-	
-	ASN1_TAILQ_FOREACH_REVERSE(m, t->members, memhead, members) {
-	    char *s;
-
-	    if (m->ellipsis)
-		continue;
-
-	    asprintf (&s, "%s(%s)->%s", m->optional ? "" : "&", name, m->gen_name);
-	    if (s == NULL)
-		errx(1, "malloc");
-	    fprintf(codefile, "/* %s */\n", m->name);
-	    if (m->optional)
-		fprintf (codefile,
-			 "if(%s) ",
-			 s);
-	    else if(m->defval)
-		gen_compare_defval(s + 1, m->defval);
-	    fprintf (codefile, "{\n");
-	    fprintf (codefile, "size_t %s_oldret = ret;\n", tmpstr);
-	    fprintf (codefile, "ret = 0;\n");
-	    encode_type (s, m->type, m->gen_name);
-	    fprintf (codefile, "ret += %s_oldret;\n", tmpstr);
-	    fprintf (codefile, "}\n");
-	    free (s);
-	}
-	break;
-    }
-    case TSetOf: {
-
-	fprintf(codefile,
-		"{\n"
-		"struct heim_octet_string *val;\n"
-		"size_t elen, totallen = 0;\n"
-		"int eret;\n");
-
-	fprintf(codefile,
-		"if ((%s)->len > UINT_MAX/sizeof(val[0]))\n"
-		"return ERANGE;\n",
-		name);
-
-	fprintf(codefile,
-		"val = malloc(sizeof(val[0]) * (%s)->len);\n"
-		"if (val == NULL && (%s)->len != 0) return ENOMEM;\n",
-		name, name);
-
-	fprintf(codefile,
-		"for(i = 0; i < (%s)->len; i++) {\n",
-		name);
-
-	fprintf(codefile,
-		"ASN1_MALLOC_ENCODE(%s, val[i].data, "
-		"val[i].length, &(%s)->val[i], &elen, eret);\n",
-		t->subtype->symbol->gen_name,
-		name);
-
-	fprintf(codefile,
-		"if(eret) {\n"
-		"i--;\n"
-		"while (i >= 0) {\n"
-		"free(val[i].data);\n"
-		"i--;\n"
-		"}\n"
-		"free(val);\n"
-		"return eret;\n"
-		"}\n"
-		"totallen += elen;\n"
-		"}\n");
-
-	fprintf(codefile,
-		"if (totallen > len) {\n"
-		"for (i = 0; i < (%s)->len; i++) {\n"
-		"free(val[i].data);\n"
-		"}\n"
-		"free(val);\n"
-		"return ASN1_OVERFLOW;\n"
-		"}\n",
-		name);
-
-	fprintf(codefile,
-		"qsort(val, (%s)->len, sizeof(val[0]), _heim_der_set_sort);\n",
-		name);
-
-	fprintf (codefile,
-		 "for(i = (%s)->len - 1; i >= 0; --i) {\n"
-		 "p -= val[i].length;\n"
-		 "ret += val[i].length;\n"
-		 "memcpy(p + 1, val[i].data, val[i].length);\n"
-		 "free(val[i].data);\n"
-		 "}\n"
-		 "free(val);\n"
-		 "}\n",
-		 name);
-	break;
-    }
-    case TSequenceOf: {
-	char *n;
-	char *sname;
-
-	fprintf (codefile,
-		 "for(i = (%s)->len - 1; i >= 0; --i) {\n"
-		 "size_t %s_for_oldret = ret;\n"
-		 "ret = 0;\n",
-		 name, tmpstr);
-	asprintf (&n, "&(%s)->val[i]", name);
-	if (n == NULL)
-	    errx(1, "malloc");
-	asprintf (&sname, "%s_S_Of", tmpstr);
-	if (sname == NULL)
-	    errx(1, "malloc");
-	encode_type (n, t->subtype, sname);
-	fprintf (codefile,
-		 "ret += %s_for_oldret;\n"
-		 "}\n",
-		 tmpstr);
-	free (n);
-	free (sname);
-	break;
-    }
-    case TGeneralizedTime:
-	encode_primitive ("generalized_time", name);
-	constructed = 0;
-	break;
-    case TGeneralString:
-	encode_primitive ("general_string", name);
-	constructed = 0;
-	break;
-    case TTag: {
-    	char *tname;
-	int c;
-	asprintf (&tname, "%s_tag", tmpstr);
-	if (tname == NULL)
-	    errx(1, "malloc");	
-	c = encode_type (name, t->subtype, tname);
-	fprintf (codefile,
-		 "e = der_put_length_and_tag (p, len, ret, %s, %s, %s, &l);\n"
-		 "if (e) return e;\np -= l; len -= l; ret += l;\n\n",
-		 classname(t->tag.tagclass),
-		 c ? "CONS" : "PRIM", 
-		 valuename(t->tag.tagclass, t->tag.tagvalue));
-	free (tname);
-	break;
-    }
-    case TChoice:{
-	Member *m, *have_ellipsis = NULL;
-	char *s;
-
-	if (t->members == NULL)
-	    break;
-
-	fprintf(codefile, "\n");
-
-	asprintf (&s, "(%s)", name);
-	if (s == NULL)
-	    errx(1, "malloc");
-	fprintf(codefile, "switch(%s->element) {\n", s);
-
-	ASN1_TAILQ_FOREACH_REVERSE(m, t->members, memhead, members) {
-	    char *s2;
-
-	    if (m->ellipsis) {
-		have_ellipsis = m;
-		continue;
-	    }
-
-	    fprintf (codefile, "case %s: {", m->label); 
-	    asprintf(&s2, "%s(%s)->u.%s", m->optional ? "" : "&", 
-		     s, m->gen_name);
-	    if (s2 == NULL)
-		errx(1, "malloc");
-	    if (m->optional)
-		fprintf (codefile, "if(%s) {\n", s2);
-	    fprintf (codefile, "size_t %s_oldret = ret;\n", tmpstr);
-	    fprintf (codefile, "ret = 0;\n");
-	    constructed = encode_type (s2, m->type, m->gen_name);
-	    fprintf (codefile, "ret += %s_oldret;\n", tmpstr);
-	    if(m->optional)
-		fprintf (codefile, "}\n");
-	    fprintf(codefile, "break;\n");
-	    fprintf(codefile, "}\n");
-	    free (s2);
-	}
-	free (s);
-	if (have_ellipsis) {
-	    fprintf(codefile,
-		    "case %s: {\n"
-		    "if (len < (%s)->u.%s.length)\n"
-		    "return ASN1_OVERFLOW;\n"
-		    "p -= (%s)->u.%s.length;\n"
-		    "ret += (%s)->u.%s.length;\n"
-		    "memcpy(p + 1, (%s)->u.%s.data, (%s)->u.%s.length);\n"
-		    "break;\n"
-		    "}\n",
-		    have_ellipsis->label,
-		    name, have_ellipsis->gen_name,
-		    name, have_ellipsis->gen_name,
-		    name, have_ellipsis->gen_name,
-		    name, have_ellipsis->gen_name,
-		    name, have_ellipsis->gen_name);
-	}
-	fprintf(codefile, "};\n");
-	break;
-    }
-    case TOID:
-	encode_primitive ("oid", name);
-	constructed = 0;
-	break;
-    case TUTCTime:
-	encode_primitive ("utctime", name);
-	constructed = 0;
-	break;
-    case TUTF8String:
-	encode_primitive ("utf8string", name);
-	constructed = 0;
-	break;
-    case TPrintableString:
-	encode_primitive ("printable_string", name);
-	constructed = 0;
-	break;
-    case TIA5String:
-	encode_primitive ("ia5_string", name);
-	constructed = 0;
-	break;
-    case TBMPString:
-	encode_primitive ("bmp_string", name);
-	constructed = 0;
-	break;
-    case TUniversalString:
-	encode_primitive ("universal_string", name);
-	constructed = 0;
-	break;
-    case TVisibleString:
-	encode_primitive ("visible_string", name);
-	constructed = 0;
-	break;
-    case TNull:
-	fprintf (codefile, "/* NULL */\n");
-	constructed = 0;
-	break;
-    default:
-	abort ();
-    }
-    return constructed;
-}
-
-void
-generate_type_encode (const Symbol *s)
-{
-    fprintf (headerfile,
-	     "int    "
-	     "encode_%s(unsigned char *, size_t, const %s *, size_t *);\n",
-	     s->gen_name, s->gen_name);
-
-    fprintf (codefile, "int\n"
-	     "encode_%s(unsigned char *p, size_t len,"
-	     " const %s *data, size_t *size)\n"
-	     "{\n",
-	     s->gen_name, s->gen_name);
-
-    switch (s->type->type) {
-    case TInteger:
-    case TBoolean:
-    case TOctetString:
-    case TGeneralizedTime:
-    case TGeneralString:
-    case TUTCTime:
-    case TUTF8String:
-    case TPrintableString:
-    case TIA5String:
-    case TBMPString:
-    case TUniversalString:
-    case TVisibleString:
-    case TNull:
-    case TBitString:
-    case TEnumerated:
-    case TOID:
-    case TSequence:
-    case TSequenceOf:
-    case TSet:
-    case TSetOf:
-    case TTag:
-    case TType:
-    case TChoice:
-	fprintf (codefile,
-		 "size_t ret = 0;\n"
-		 "size_t l;\n"
-		 "int i, e;\n\n");
-	fprintf(codefile, "i = 0;\n"); /* hack to avoid `unused variable' */
-    
-	encode_type("data", s->type, "Top");
-
-	fprintf (codefile, "*size = ret;\n"
-		 "return 0;\n");
-	break;
-    default:
-	abort ();
-    }
-    fprintf (codefile, "}\n\n");
-}
diff --git a/crypto/heimdal/lib/asn1/gen_free.c b/crypto/heimdal/lib/asn1/gen_free.c
deleted file mode 100644
index d667c5d31aad..000000000000
--- a/crypto/heimdal/lib/asn1/gen_free.c
+++ /dev/null
@@ -1,194 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gen_locl.h"
-
-RCSID("$Id: gen_free.c 19539 2006-12-28 17:15:05Z lha $");
-
-static void
-free_primitive (const char *typename, const char *name)
-{
-    fprintf (codefile, "der_free_%s(%s);\n", typename, name);
-}
-
-static void
-free_type (const char *name, const Type *t, int preserve)
-{
-    switch (t->type) {
-    case TType:
-#if 0
-	free_type (name, t->symbol->type, preserve);
-#endif
-	fprintf (codefile, "free_%s(%s);\n", t->symbol->gen_name, name);
-	break;
-    case TInteger:
-	if (t->range == NULL && t->members == NULL) {
-	    free_primitive ("heim_integer", name);
-	    break;
-	}
-    case TBoolean:
-    case TEnumerated :
-    case TNull:
-    case TGeneralizedTime:
-    case TUTCTime:
-	break;
-    case TBitString:
-	if (ASN1_TAILQ_EMPTY(t->members))
-	    free_primitive("bit_string", name);
-	break;
-    case TOctetString:
-	free_primitive ("octet_string", name);
-	break;
-    case TChoice:
-    case TSet:
-    case TSequence: {
-	Member *m, *have_ellipsis = NULL;
-
-	if (t->members == NULL)
-	    break;
-
-	if ((t->type == TSequence || t->type == TChoice) && preserve)
-	    fprintf(codefile, "der_free_octet_string(&data->_save);\n");
-
-	if(t->type == TChoice)
-	    fprintf(codefile, "switch((%s)->element) {\n", name);
-      
-	ASN1_TAILQ_FOREACH(m, t->members, members) {
-	    char *s;
-
-	    if (m->ellipsis){
-		have_ellipsis = m;
-		continue;
-	    }
-
-	    if(t->type == TChoice)
-		fprintf(codefile, "case %s:\n", m->label);
-	    asprintf (&s, "%s(%s)->%s%s",
-		      m->optional ? "" : "&", name, 
-		      t->type == TChoice ? "u." : "", m->gen_name);
-	    if (s == NULL)
-		errx(1, "malloc");
-	    if(m->optional)
-		fprintf(codefile, "if(%s) {\n", s);
-	    free_type (s, m->type, FALSE);
-	    if(m->optional)
-		fprintf(codefile, 
-			"free(%s);\n"
-			"%s = NULL;\n"
-			"}\n",s, s);
-	    free (s);
-	    if(t->type == TChoice)
-		fprintf(codefile, "break;\n");
-	}
-	
-	if(t->type == TChoice) {
-	    if (have_ellipsis)
-		fprintf(codefile,
-			"case %s:\n"
-			"der_free_octet_string(&(%s)->u.%s);\n"
-			"break;",
-			have_ellipsis->label,
-			name, have_ellipsis->gen_name);
-	    fprintf(codefile, "}\n");
-	}
-	break;
-    }
-    case TSetOf:
-    case TSequenceOf: {
-	char *n;
-
-	fprintf (codefile, "while((%s)->len){\n", name);
-	asprintf (&n, "&(%s)->val[(%s)->len-1]", name, name);
-	if (n == NULL)
-	    errx(1, "malloc");
-	free_type(n, t->subtype, FALSE);
-	fprintf(codefile, 
-		"(%s)->len--;\n"
-		"}\n",
-		name);
-	fprintf(codefile,
-		"free((%s)->val);\n"
-		"(%s)->val = NULL;\n", name, name);
-	free(n);
-	break;
-    }
-    case TGeneralString:
-	free_primitive ("general_string", name);
-	break;
-    case TUTF8String:
-	free_primitive ("utf8string", name);
-	break;
-    case TPrintableString:
-	free_primitive ("printable_string", name);
-	break;
-    case TIA5String:
-	free_primitive ("ia5_string", name);
-	break;
-    case TBMPString:
-	free_primitive ("bmp_string", name);
-	break;
-    case TUniversalString:
-	free_primitive ("universal_string", name);
-	break;
-    case TVisibleString:
-	free_primitive ("visible_string", name);
-	break;
-    case TTag:
-	free_type (name, t->subtype, preserve);
-	break;
-    case TOID :
-	free_primitive ("oid", name);
-	break;
-    default :
-	abort ();
-    }
-}
-
-void
-generate_type_free (const Symbol *s)
-{
-  int preserve = preserve_type(s->name) ? TRUE : FALSE;
-
-  fprintf (headerfile,
-	   "void   free_%s  (%s *);\n",
-	   s->gen_name, s->gen_name);
-
-  fprintf (codefile, "void\n"
-	   "free_%s(%s *data)\n"
-	   "{\n",
-	   s->gen_name, s->gen_name);
-
-  free_type ("data", s->type, preserve);
-  fprintf (codefile, "}\n\n");
-}
-
diff --git a/crypto/heimdal/lib/asn1/gen_glue.c b/crypto/heimdal/lib/asn1/gen_glue.c
deleted file mode 100644
index 8d8bd152a3b7..000000000000
--- a/crypto/heimdal/lib/asn1/gen_glue.c
+++ /dev/null
@@ -1,140 +0,0 @@
-/*
- * Copyright (c) 1997, 1999, 2000, 2003 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gen_locl.h"
-
-RCSID("$Id: gen_glue.c 15617 2005-07-12 06:27:42Z lha $");
-
-static void
-generate_2int (const Type *t, const char *gen_name)
-{
-    Member *m;
-
-    fprintf (headerfile,
-	     "unsigned %s2int(%s);\n",
-	     gen_name, gen_name);
-
-    fprintf (codefile,
-	     "unsigned %s2int(%s f)\n"
-	     "{\n"
-	     "unsigned r = 0;\n",
-	     gen_name, gen_name);
-
-    ASN1_TAILQ_FOREACH(m, t->members, members) {
-	fprintf (codefile, "if(f.%s) r |= (1U << %d);\n",
-		 m->gen_name, m->val);
-    }
-    fprintf (codefile, "return r;\n"
-	     "}\n\n");
-}
-
-static void
-generate_int2 (const Type *t, const char *gen_name)
-{
-    Member *m;
-
-    fprintf (headerfile,
-	     "%s int2%s(unsigned);\n",
-	     gen_name, gen_name);
-
-    fprintf (codefile,
-	     "%s int2%s(unsigned n)\n"
-	     "{\n"
-	     "\t%s flags;\n\n",
-	     gen_name, gen_name, gen_name);
-
-    if(t->members) {
-	ASN1_TAILQ_FOREACH(m, t->members, members) {
-	    fprintf (codefile, "\tflags.%s = (n >> %d) & 1;\n",
-		     m->gen_name, m->val);
-	}
-    }
-    fprintf (codefile, "\treturn flags;\n"
-	     "}\n\n");
-}
-
-/*
- * This depends on the bit string being declared in increasing order
- */
-
-static void
-generate_units (const Type *t, const char *gen_name)
-{
-    Member *m;
-
-    fprintf (headerfile,
-	     "const struct units * asn1_%s_units(void);",
-	     gen_name);
-
-    fprintf (codefile,
-	     "static struct units %s_units[] = {\n",
-	     gen_name);
-
-    if(t->members) {
-	ASN1_TAILQ_FOREACH_REVERSE(m, t->members, memhead, members) {
-	    fprintf (codefile,
-		     "\t{\"%s\",\t1U << %d},\n", m->gen_name, m->val);
-	}
-    }
-
-    fprintf (codefile,
-	     "\t{NULL,\t0}\n"
-	     "};\n\n");
-
-    fprintf (codefile,
-	     "const struct units * asn1_%s_units(void){\n"
-	     "return %s_units;\n"
-	     "}\n\n",
-	     gen_name, gen_name);
-
-
-}
-
-void
-generate_glue (const Type *t, const char *gen_name)
-{
-    switch(t->type) {
-    case TTag:
-	generate_glue(t->subtype, gen_name);
-	break;
-    case TBitString :
-	if (!ASN1_TAILQ_EMPTY(t->members)) {
-	    generate_2int (t, gen_name);
-	    generate_int2 (t, gen_name);
-	    generate_units (t, gen_name);
-	}
-	break;
-    default :
-	break;
-    }
-}
diff --git a/crypto/heimdal/lib/asn1/gen_length.c b/crypto/heimdal/lib/asn1/gen_length.c
deleted file mode 100644
index 4cb5d45089f5..000000000000
--- a/crypto/heimdal/lib/asn1/gen_length.c
+++ /dev/null
@@ -1,283 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gen_locl.h"
-
-RCSID("$Id: gen_length.c 21503 2007-07-12 11:57:19Z lha $");
-
-static void
-length_primitive (const char *typename,
-		  const char *name,
-		  const char *variable)
-{
-    fprintf (codefile, "%s += der_length_%s(%s);\n", variable, typename, name);
-}
-
-static size_t
-length_tag(unsigned int tag)
-{
-    size_t len = 0;
-    
-    if(tag <= 30)
-	return 1;
-    while(tag) {
-	tag /= 128;
-	len++;
-    }
-    return len + 1;
-}
-
-
-static int
-length_type (const char *name, const Type *t, 
-	     const char *variable, const char *tmpstr)
-{
-    switch (t->type) {
-    case TType:
-#if 0
-	length_type (name, t->symbol->type);
-#endif
-	fprintf (codefile, "%s += length_%s(%s);\n",
-		 variable, t->symbol->gen_name, name);
-	break;
-    case TInteger:
-	if(t->members) {
-	    fprintf(codefile,
-		    "{\n"
-		    "int enumint = *%s;\n", name);
-	    length_primitive ("integer", "&enumint", variable);
-	    fprintf(codefile, "}\n");
-	} else if (t->range == NULL) {
-	    length_primitive ("heim_integer", name, variable);
-	} else if (t->range->min == INT_MIN && t->range->max == INT_MAX) {
-	    length_primitive ("integer", name, variable);
-	} else if (t->range->min == 0 && t->range->max == UINT_MAX) {
-	    length_primitive ("unsigned", name, variable);
-	} else if (t->range->min == 0 && t->range->max == INT_MAX) {
-	    length_primitive ("unsigned", name, variable);
-	} else
-	    errx(1, "%s: unsupported range %d -> %d", 
-		 name, t->range->min, t->range->max);
-
-	break;
-    case TBoolean:
-	fprintf (codefile, "%s += 1;\n", variable);
-	break;
-    case TEnumerated :
-	length_primitive ("enumerated", name, variable);
-	break;
-    case TOctetString:
-	length_primitive ("octet_string", name, variable);
-	break;
-    case TBitString: {
-	if (ASN1_TAILQ_EMPTY(t->members))
-	    length_primitive("bit_string", name, variable);
-	else {
-	    if (!rfc1510_bitstring) {
-		Member *m;
-		int pos = ASN1_TAILQ_LAST(t->members, memhead)->val;
-
-		fprintf(codefile,
-			"do {\n");
-		ASN1_TAILQ_FOREACH_REVERSE(m, t->members, memhead, members) {
-		    while (m->val / 8 < pos / 8) {
-			pos -= 8;
-		    }
-		    fprintf (codefile,
-			     "if((%s)->%s) { %s += %d; break; }\n",
-			     name, m->gen_name, variable, (pos + 8) / 8);
-		}
-		fprintf(codefile,
-			"} while(0);\n");
-		fprintf (codefile, "%s += 1;\n", variable);
-	    } else {
-		fprintf (codefile, "%s += 5;\n", variable);
-	    }
-	}
-	break;
-    }
-    case TSet:
-    case TSequence:
-    case TChoice: {
-	Member *m, *have_ellipsis = NULL;
-
-	if (t->members == NULL)
-	    break;
-      
-	if(t->type == TChoice)
-	    fprintf (codefile, "switch((%s)->element) {\n", name);
-
-	ASN1_TAILQ_FOREACH(m, t->members, members) {
-	    char *s;
-	    
-	    if (m->ellipsis) {
-		have_ellipsis = m;
-		continue;
-	    }
-
-	    if(t->type == TChoice)
-		fprintf(codefile, "case %s:\n", m->label);
-
-	    asprintf (&s, "%s(%s)->%s%s",
-		      m->optional ? "" : "&", name, 
-		      t->type == TChoice ? "u." : "", m->gen_name);
-	    if (s == NULL)
-		errx(1, "malloc");
-	    if (m->optional)
-		fprintf (codefile, "if(%s)", s);
-	    else if(m->defval)
-		gen_compare_defval(s + 1, m->defval);
-	    fprintf (codefile, "{\n"
-		     "size_t %s_oldret = %s;\n"
-		     "%s = 0;\n", tmpstr, variable, variable);
-	    length_type (s, m->type, "ret", m->gen_name);
-	    fprintf (codefile, "ret += %s_oldret;\n", tmpstr);
-	    fprintf (codefile, "}\n");
-	    free (s);
-	    if(t->type == TChoice)
-		fprintf(codefile, "break;\n");
-	}
-	if(t->type == TChoice) {
-	    if (have_ellipsis)
-		fprintf(codefile,
-			"case %s:\n"
-			"ret += (%s)->u.%s.length;\n"
-			"break;\n",
-			have_ellipsis->label,
-			name,
-			have_ellipsis->gen_name);
-	    fprintf (codefile, "}\n"); /* switch */
-	}
-	break;
-    }
-    case TSetOf:
-    case TSequenceOf: {
-	char *n;
-	char *sname;
-
-	fprintf (codefile,
-		 "{\n"
-		 "int %s_oldret = %s;\n"
-		 "int i;\n"
-		 "%s = 0;\n",
-		 tmpstr, variable, variable);
-
-	fprintf (codefile, "for(i = (%s)->len - 1; i >= 0; --i){\n", name);
-	fprintf (codefile, "int %s_for_oldret = %s;\n"
-		 "%s = 0;\n", tmpstr, variable, variable);
-	asprintf (&n, "&(%s)->val[i]", name);
-	if (n == NULL)
-	    errx(1, "malloc");
-	asprintf (&sname, "%s_S_Of", tmpstr);
-	if (sname == NULL)
-	    errx(1, "malloc");
-	length_type(n, t->subtype, variable, sname);
-	fprintf (codefile, "%s += %s_for_oldret;\n",
-		 variable, tmpstr);
-	fprintf (codefile, "}\n");
-
-	fprintf (codefile,
-		 "%s += %s_oldret;\n"
-		 "}\n", variable, tmpstr);
-	free(n);
-	free(sname);
-	break;
-    }
-    case TGeneralizedTime:
-	length_primitive ("generalized_time", name, variable);
-	break;
-    case TGeneralString:
-	length_primitive ("general_string", name, variable);
-	break;
-    case TUTCTime:
-	length_primitive ("utctime", name, variable);
-	break;
-    case TUTF8String:
-	length_primitive ("utf8string", name, variable);
-	break;
-    case TPrintableString:
-	length_primitive ("printable_string", name, variable);
-	break;
-    case TIA5String:
-	length_primitive ("ia5_string", name, variable);
-	break;
-    case TBMPString:
-	length_primitive ("bmp_string", name, variable);
-	break;
-    case TUniversalString:
-	length_primitive ("universal_string", name, variable);
-	break;
-    case TVisibleString:
-	length_primitive ("visible_string", name, variable);
-	break;
-    case TNull:
-	fprintf (codefile, "/* NULL */\n");
-	break;
-    case TTag:{
-    	char *tname;
-	asprintf(&tname, "%s_tag", tmpstr);
-	if (tname == NULL)
-	    errx(1, "malloc");
-	length_type (name, t->subtype, variable, tname);
-	fprintf (codefile, "ret += %lu + der_length_len (ret);\n", 
-		 (unsigned long)length_tag(t->tag.tagvalue));
-	free(tname);
-	break;
-    }
-    case TOID:
-	length_primitive ("oid", name, variable);
-	break;
-    default :
-	abort ();
-    }
-    return 0;
-}
-
-void
-generate_type_length (const Symbol *s)
-{
-    fprintf (headerfile,
-	     "size_t length_%s(const %s *);\n",
-	     s->gen_name, s->gen_name);
-    
-    fprintf (codefile,
-	     "size_t\n"
-	     "length_%s(const %s *data)\n"
-	     "{\n"
-	     "size_t ret = 0;\n",
-	     s->gen_name, s->gen_name);
-    
-    length_type ("data", s->type, "ret", "Top");
-    fprintf (codefile, "return ret;\n}\n\n");
-}
-
diff --git a/crypto/heimdal/lib/asn1/gen_locl.h b/crypto/heimdal/lib/asn1/gen_locl.h
deleted file mode 100644
index 8cd4dbad5a84..000000000000
--- a/crypto/heimdal/lib/asn1/gen_locl.h
+++ /dev/null
@@ -1,89 +0,0 @@
-/*
- * Copyright (c) 1997-2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: gen_locl.h 18008 2006-09-05 12:29:18Z lha $ */
-
-#ifndef __GEN_LOCL_H__
-#define __GEN_LOCL_H__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <limits.h>
-#include <ctype.h>
-#include <time.h>
-#include <errno.h>
-#include <err.h>
-#include <roken.h>
-#include "hash.h"
-#include "symbol.h"
-#include "asn1-common.h"
-#include "der.h"
-
-void generate_type (const Symbol *);
-void generate_constant (const Symbol *);
-void generate_type_encode (const Symbol *);
-void generate_type_decode (const Symbol *);
-void generate_type_free (const Symbol *);
-void generate_type_length (const Symbol *);
-void generate_type_copy (const Symbol *);
-void generate_type_seq (const Symbol *);
-void generate_glue (const Type *, const char*);
-
-const char *classname(Der_class);
-const char *valuename(Der_class, int);
-
-void gen_compare_defval(const char *, struct value *);
-void gen_assign_defval(const char *, struct value *);
-
-
-void init_generate (const char *, const char *);
-const char *get_filename (void);
-void close_generate(void);
-void add_import(const char *);
-int yyparse(void);
-
-int preserve_type(const char *);
-int seq_type(const char *);
-
-extern FILE *headerfile, *codefile, *logfile;
-extern int dce_fix;
-extern int rfc1510_bitstring;
-
-extern int error_flag;
-
-#endif /* __GEN_LOCL_H__ */
diff --git a/crypto/heimdal/lib/asn1/gen_seq.c b/crypto/heimdal/lib/asn1/gen_seq.c
deleted file mode 100644
index 54776752c2e3..000000000000
--- a/crypto/heimdal/lib/asn1/gen_seq.c
+++ /dev/null
@@ -1,119 +0,0 @@
-/*
- * Copyright (c) 1997 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gen_locl.h"
-
-RCSID("$Id: gen_seq.c 20561 2007-04-24 16:14:30Z lha $");
-
-void
-generate_type_seq (const Symbol *s)
-{
-    char *subname;
-    Type *type;
-
-    if (!seq_type(s->name))
-	return;
-    type = s->type;
-    while(type->type == TTag)
-	type = type->subtype;
-
-    if (type->type != TSequenceOf) {
-	printf("%s not seq of %d\n", s->name, (int)type->type);
-	return;
-    }
-
-    /*
-     * Require the subtype to be a type so we can name it and use
-     * copy_/free_
-     */
-    
-    if (type->subtype->type != TType) {
-	fprintf(stderr, "%s subtype is not a type, can't generate "
-	       "sequence code for this case: %d\n",
-		s->name, (int)type->subtype->type);
-	exit(1);
-    }
-
-    subname = type->subtype->symbol->gen_name;
-
-    fprintf (headerfile,
-	     "int   add_%s  (%s *, const %s *);\n"
-	     "int   remove_%s  (%s *, unsigned int);\n",
-	     s->gen_name, s->gen_name, subname,
-	     s->gen_name, s->gen_name);
-
-    fprintf (codefile, "int\n"
-	     "add_%s(%s *data, const %s *element)\n"
-	     "{\n",
-	     s->gen_name, s->gen_name, subname);
-
-    fprintf (codefile, 
-	     "int ret;\n"
-	     "void *ptr;\n"
-	     "\n"
-	     "ptr = realloc(data->val, \n"
-	     "\t(data->len + 1) * sizeof(data->val[0]));\n"
-	     "if (ptr == NULL) return ENOMEM;\n"
-	     "data->val = ptr;\n\n"
-	     "ret = copy_%s(element, &data->val[data->len]);\n"
-	     "if (ret) return ret;\n"
-	     "data->len++;\n"
-	     "return 0;\n",
-	     subname);
-
-    fprintf (codefile, "}\n\n");
-    
-    fprintf (codefile, "int\n"
-	     "remove_%s(%s *data, unsigned int element)\n"
-	     "{\n",
-	     s->gen_name, s->gen_name);
-
-    fprintf (codefile, 
-	     "void *ptr;\n"
-	     "\n"
-	     "if (data->len == 0 || element >= data->len)\n"
-	     "\treturn ASN1_OVERRUN;\n"
-	     "free_%s(&data->val[element]);\n"
-	     "data->len--;\n"
-	     /* don't move if its the last element */
-	     "if (element < data->len)\n"
-	     "\tmemmove(&data->val[element], &data->val[element + 1], \n"
-	     "\t\tsizeof(data->val[0]) * data->len);\n"
-	     /* resize but don't care about failures since it doesn't matter */
-	     "ptr = realloc(data->val, data->len * sizeof(data->val[0]));\n"
-	     "if (ptr != NULL || data->len == 0) data->val = ptr;\n"
-	     "return 0;\n",
-	     subname);
-
-    fprintf (codefile, "}\n\n");
-}
diff --git a/crypto/heimdal/lib/asn1/hash.c b/crypto/heimdal/lib/asn1/hash.c
deleted file mode 100644
index eeb6b6d63dc9..000000000000
--- a/crypto/heimdal/lib/asn1/hash.c
+++ /dev/null
@@ -1,206 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/*
- * Hash table functions
- */
-
-#include "gen_locl.h"
-
-RCSID("$Id: hash.c 17016 2006-04-07 22:16:00Z lha $");
-
-static Hashentry *_search(Hashtab * htab,	/* The hash table */
-			  void *ptr);	/* And key */
-
-Hashtab *
-hashtabnew(int sz,
-	   int (*cmp) (void *, void *),
-	   unsigned (*hash) (void *))
-{
-    Hashtab *htab;
-    int i;
-
-    assert(sz > 0);
-
-    htab = (Hashtab *) malloc(sizeof(Hashtab) + (sz - 1) * sizeof(Hashentry *));
-    if (htab == NULL)
-	return NULL;
-
-    for (i = 0; i < sz; ++i)
-	htab->tab[i] = NULL;
-
-    htab->cmp = cmp;
-    htab->hash = hash;
-    htab->sz = sz;
-    return htab;
-}
-
-/* Intern search function */
-
-static Hashentry *
-_search(Hashtab * htab, void *ptr)
-{
-    Hashentry *hptr;
-
-    assert(htab && ptr);
-
-    for (hptr = htab->tab[(*htab->hash) (ptr) % htab->sz];
-	 hptr;
-	 hptr = hptr->next)
-	if ((*htab->cmp) (ptr, hptr->ptr) == 0)
-	    break;
-    return hptr;
-}
-
-/* Search for element in hash table */
-
-void *
-hashtabsearch(Hashtab * htab, void *ptr)
-{
-    Hashentry *tmp;
-
-    tmp = _search(htab, ptr);
-    return tmp ? tmp->ptr : tmp;
-}
-
-/* add element to hash table */
-/* if already there, set new value */
-/* !NULL if succesful */
-
-void *
-hashtabadd(Hashtab * htab, void *ptr)
-{
-    Hashentry *h = _search(htab, ptr);
-    Hashentry **tabptr;
-
-    assert(htab && ptr);
-
-    if (h)
-	free((void *) h->ptr);
-    else {
-	h = (Hashentry *) malloc(sizeof(Hashentry));
-	if (h == NULL) {
-	    return NULL;
-	}
-	tabptr = &htab->tab[(*htab->hash) (ptr) % htab->sz];
-	h->next = *tabptr;
-	*tabptr = h;
-	h->prev = tabptr;
-	if (h->next)
-	    h->next->prev = &h->next;
-    }
-    h->ptr = ptr;
-    return h;
-}
-
-/* delete element with key key. Iff freep, free Hashentry->ptr */
-
-int
-_hashtabdel(Hashtab * htab, void *ptr, int freep)
-{
-    Hashentry *h;
-
-    assert(htab && ptr);
-
-    h = _search(htab, ptr);
-    if (h) {
-	if (freep)
-	    free(h->ptr);
-	if ((*(h->prev) = h->next))
-	    h->next->prev = h->prev;
-	free(h);
-	return 0;
-    } else
-	return -1;
-}
-
-/* Do something for each element */
-
-void
-hashtabforeach(Hashtab * htab, int (*func) (void *ptr, void *arg),
-	       void *arg)
-{
-    Hashentry **h, *g;
-
-    assert(htab);
-
-    for (h = htab->tab; h < &htab->tab[htab->sz]; ++h)
-	for (g = *h; g; g = g->next)
-	    if ((*func) (g->ptr, arg))
-		return;
-}
-
-/* standard hash-functions for strings */
-
-unsigned
-hashadd(const char *s)
-{				/* Standard hash function */
-    unsigned i;
-
-    assert(s);
-
-    for (i = 0; *s; ++s)
-	i += *s;
-    return i;
-}
-
-unsigned
-hashcaseadd(const char *s)
-{				/* Standard hash function */
-    unsigned i;
-
-    assert(s);
-
-    for (i = 0; *s; ++s)
-	i += toupper((unsigned char)*s);
-    return i;
-}
-
-#define TWELVE (sizeof(unsigned))
-#define SEVENTYFIVE (6*sizeof(unsigned))
-#define HIGH_BITS (~((unsigned)(~0) >> TWELVE))
-
-unsigned
-hashjpw(const char *ss)
-{				/* another hash function */
-    unsigned h = 0;
-    unsigned g;
-    const unsigned char *s = (const unsigned char *)ss;
-
-    for (; *s; ++s) {
-	h = (h << TWELVE) + *s;
-	if ((g = h & HIGH_BITS))
-	    h = (h ^ (g >> SEVENTYFIVE)) & ~HIGH_BITS;
-    }
-    return h;
-}
diff --git a/crypto/heimdal/lib/asn1/hash.h b/crypto/heimdal/lib/asn1/hash.h
deleted file mode 100644
index 10d8ce99b0b5..000000000000
--- a/crypto/heimdal/lib/asn1/hash.h
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/*
- * hash.h. Header file for hash table functions
- */
-
-/* $Id: hash.h 7464 1999-12-02 17:05:13Z joda $ */
-
-struct hashentry {		/* Entry in bucket */
-     struct hashentry **prev;
-     struct hashentry *next;
-     void *ptr;
-};
-
-typedef struct hashentry Hashentry;
-
-struct hashtab {		/* Hash table */
-     int (*cmp)(void *, void *); /* Compare function */
-     unsigned (*hash)(void *);	/* hash function */
-     int sz;			/* Size */
-     Hashentry *tab[1];		/* The table */
-};
-
-typedef struct hashtab Hashtab;
-
-/* prototypes */
-
-Hashtab *hashtabnew(int sz, 
-		    int (*cmp)(void *, void *),
-		    unsigned (*hash)(void *));	/* Make new hash table */
-
-void *hashtabsearch(Hashtab *htab, /* The hash table */
-		    void *ptr);	/*  The key */
-
-
-void *hashtabadd(Hashtab *htab,	/* The hash table */
-	       void *ptr);	/* The element */
-
-int _hashtabdel(Hashtab *htab,	/* The table */
-		void *ptr,	/* Key */
-		int freep);	/* Free data part? */
-
-void hashtabforeach(Hashtab *htab,
-		    int (*func)(void *ptr, void *arg),
-		    void *arg);
-
-unsigned hashadd(const char *s);		/* Standard hash function */
-unsigned hashcaseadd(const char *s);		/* Standard hash function */
-unsigned hashjpw(const char *s);		/* another hash function */
-
-/* macros */
-
- /* Don't free space */
-#define hashtabdel(htab,key)  _hashtabdel(htab,key,FALSE)
-
-#define hashtabfree(htab,key) _hashtabdel(htab,key,TRUE) /* Do! */
diff --git a/crypto/heimdal/lib/asn1/heim_asn1.h b/crypto/heimdal/lib/asn1/heim_asn1.h
deleted file mode 100644
index afee6f421886..000000000000
--- a/crypto/heimdal/lib/asn1/heim_asn1.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright (c) 2003-2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifndef __HEIM_ANY_H__
-#define __HEIM_ANY_H__ 1
-
-int	encode_heim_any(unsigned char *, size_t, const heim_any *, size_t *);
-int	decode_heim_any(const unsigned char *, size_t, heim_any *, size_t *);
-void	free_heim_any(heim_any *);
-size_t	length_heim_any(const heim_any *);
-int	copy_heim_any(const heim_any *, heim_any *);
-
-int	encode_heim_any_set(unsigned char *, size_t,
-			    const heim_any_set *, size_t *);
-int	decode_heim_any_set(const unsigned char *, size_t,
-			    heim_any_set *,size_t *);
-void	free_heim_any_set(heim_any_set *);
-size_t	length_heim_any_set(const heim_any_set *);
-int	copy_heim_any_set(const heim_any_set *, heim_any_set *);
-int	heim_any_cmp(const heim_any_set *, const heim_any_set *);
-
-#endif /* __HEIM_ANY_H__ */
diff --git a/crypto/heimdal/lib/asn1/k5.asn1 b/crypto/heimdal/lib/asn1/k5.asn1
deleted file mode 100644
index 18f1e1541b5f..000000000000
--- a/crypto/heimdal/lib/asn1/k5.asn1
+++ /dev/null
@@ -1,659 +0,0 @@
--- $Id: k5.asn1 21965 2007-10-18 18:24:36Z lha $
-
-KERBEROS5 DEFINITIONS ::=
-BEGIN
-
-NAME-TYPE ::= INTEGER {
-	KRB5_NT_UNKNOWN(0),	-- Name type not known
-	KRB5_NT_PRINCIPAL(1),	-- Just the name of the principal as in
-	KRB5_NT_SRV_INST(2),	-- Service and other unique instance (krbtgt)
-	KRB5_NT_SRV_HST(3),	-- Service with host name as instance
-	KRB5_NT_SRV_XHST(4),	-- Service with host as remaining components
-	KRB5_NT_UID(5),		-- Unique ID
-	KRB5_NT_X500_PRINCIPAL(6), -- PKINIT
-	KRB5_NT_SMTP_NAME(7),	-- Name in form of SMTP email name
-	KRB5_NT_ENTERPRISE_PRINCIPAL(10), -- Windows 2000 UPN
-	KRB5_NT_ENT_PRINCIPAL_AND_ID(-130), -- Windows 2000 UPN and SID
-	KRB5_NT_MS_PRINCIPAL(-128), -- NT 4 style name
-	KRB5_NT_MS_PRINCIPAL_AND_ID(-129) -- NT style name and SID
-}
-
--- message types
-
-MESSAGE-TYPE ::= INTEGER {
-	krb-as-req(10), -- Request for initial authentication
-	krb-as-rep(11), -- Response to KRB_AS_REQ request
-	krb-tgs-req(12), -- Request for authentication based on TGT
-	krb-tgs-rep(13), -- Response to KRB_TGS_REQ request
-	krb-ap-req(14), -- application request to server
-	krb-ap-rep(15), -- Response to KRB_AP_REQ_MUTUAL
-	krb-safe(20), -- Safe (checksummed) application message
-	krb-priv(21), -- Private (encrypted) application message
-	krb-cred(22), -- Private (encrypted) message to forward credentials
-	krb-error(30) -- Error response
-}
-
-
--- pa-data types
-
-PADATA-TYPE ::= INTEGER {
-	KRB5-PADATA-NONE(0),
-	KRB5-PADATA-TGS-REQ(1),
-	KRB5-PADATA-AP-REQ(1),
-	KRB5-PADATA-ENC-TIMESTAMP(2),
-	KRB5-PADATA-PW-SALT(3),
-	KRB5-PADATA-ENC-UNIX-TIME(5),
-	KRB5-PADATA-SANDIA-SECUREID(6),
-	KRB5-PADATA-SESAME(7),
-	KRB5-PADATA-OSF-DCE(8),
-	KRB5-PADATA-CYBERSAFE-SECUREID(9),
-	KRB5-PADATA-AFS3-SALT(10),
-	KRB5-PADATA-ETYPE-INFO(11),
-	KRB5-PADATA-SAM-CHALLENGE(12), -- (sam/otp)
-	KRB5-PADATA-SAM-RESPONSE(13), -- (sam/otp)
-	KRB5-PADATA-PK-AS-REQ-19(14), -- (PKINIT-19)
-	KRB5-PADATA-PK-AS-REP-19(15), -- (PKINIT-19)
-	KRB5-PADATA-PK-AS-REQ-WIN(15), -- (PKINIT - old number)
-	KRB5-PADATA-PK-AS-REQ(16), -- (PKINIT-25)
-	KRB5-PADATA-PK-AS-REP(17), -- (PKINIT-25)
-	KRB5-PADATA-PA-PK-OCSP-RESPONSE(18),
-	KRB5-PADATA-ETYPE-INFO2(19),
-	KRB5-PADATA-USE-SPECIFIED-KVNO(20),
-	KRB5-PADATA-SVR-REFERRAL-INFO(20), --- old ms referral number
-	KRB5-PADATA-SAM-REDIRECT(21), -- (sam/otp)
-	KRB5-PADATA-GET-FROM-TYPED-DATA(22),
-	KRB5-PADATA-SAM-ETYPE-INFO(23),
-	KRB5-PADATA-SERVER-REFERRAL(25),
-	KRB5-PADATA-TD-KRB-PRINCIPAL(102),	-- PrincipalName
-	KRB5-PADATA-PK-TD-TRUSTED-CERTIFIERS(104), -- PKINIT
-	KRB5-PADATA-PK-TD-CERTIFICATE-INDEX(105), -- PKINIT
-	KRB5-PADATA-TD-APP-DEFINED-ERROR(106),	-- application specific
-	KRB5-PADATA-TD-REQ-NONCE(107),		-- INTEGER
-	KRB5-PADATA-TD-REQ-SEQ(108),		-- INTEGER
-	KRB5-PADATA-PA-PAC-REQUEST(128),	-- jbrezak@exchange.microsoft.com
-	KRB5-PADATA-S4U2SELF(129),
-	KRB5-PADATA-PK-AS-09-BINDING(132),	-- client send this to 
-						-- tell KDC that is supports 
-						-- the asCheckSum in the
-						--  PK-AS-REP
-	KRB5-PADATA-CLIENT-CANONICALIZED(133)	-- 
-}
-
-AUTHDATA-TYPE ::= INTEGER {
-	KRB5-AUTHDATA-IF-RELEVANT(1),
-	KRB5-AUTHDATA-INTENDED-FOR_SERVER(2),
-	KRB5-AUTHDATA-INTENDED-FOR-APPLICATION-CLASS(3),
-	KRB5-AUTHDATA-KDC-ISSUED(4),
-	KRB5-AUTHDATA-AND-OR(5),
-	KRB5-AUTHDATA-MANDATORY-TICKET-EXTENSIONS(6),
-	KRB5-AUTHDATA-IN-TICKET-EXTENSIONS(7),
-	KRB5-AUTHDATA-MANDATORY-FOR-KDC(8),
-	KRB5-AUTHDATA-INITIAL-VERIFIED-CAS(9),
-	KRB5-AUTHDATA-OSF-DCE(64),
-	KRB5-AUTHDATA-SESAME(65),
-	KRB5-AUTHDATA-OSF-DCE-PKI-CERTID(66),
-	KRB5-AUTHDATA-WIN2K-PAC(128),
-	KRB5-AUTHDATA-GSS-API-ETYPE-NEGOTIATION(129), -- Authenticator only
-	KRB5-AUTHDATA-SIGNTICKET(-17)
-}
-
--- checksumtypes
-
-CKSUMTYPE ::= INTEGER {
-	CKSUMTYPE_NONE(0),
-	CKSUMTYPE_CRC32(1),
-	CKSUMTYPE_RSA_MD4(2),
-	CKSUMTYPE_RSA_MD4_DES(3),
-	CKSUMTYPE_DES_MAC(4),
-	CKSUMTYPE_DES_MAC_K(5),
-	CKSUMTYPE_RSA_MD4_DES_K(6),
-	CKSUMTYPE_RSA_MD5(7),
-	CKSUMTYPE_RSA_MD5_DES(8),
-	CKSUMTYPE_RSA_MD5_DES3(9),
-	CKSUMTYPE_SHA1_OTHER(10),
-	CKSUMTYPE_HMAC_SHA1_DES3(12),
-	CKSUMTYPE_SHA1(14),
-	CKSUMTYPE_HMAC_SHA1_96_AES_128(15),
-	CKSUMTYPE_HMAC_SHA1_96_AES_256(16),
-	CKSUMTYPE_GSSAPI(0x8003),
-	CKSUMTYPE_HMAC_MD5(-138),	-- unofficial microsoft number
-	CKSUMTYPE_HMAC_MD5_ENC(-1138)	-- even more unofficial
-}
-
---enctypes
-ENCTYPE ::= INTEGER {
-	ETYPE_NULL(0),
-	ETYPE_DES_CBC_CRC(1),
-	ETYPE_DES_CBC_MD4(2),
-	ETYPE_DES_CBC_MD5(3),
-	ETYPE_DES3_CBC_MD5(5),
-	ETYPE_OLD_DES3_CBC_SHA1(7),
-	ETYPE_SIGN_DSA_GENERATE(8),
-	ETYPE_ENCRYPT_RSA_PRIV(9),
-	ETYPE_ENCRYPT_RSA_PUB(10),
-	ETYPE_DES3_CBC_SHA1(16),	-- with key derivation
-	ETYPE_AES128_CTS_HMAC_SHA1_96(17),
-	ETYPE_AES256_CTS_HMAC_SHA1_96(18),
-	ETYPE_ARCFOUR_HMAC_MD5(23),
-	ETYPE_ARCFOUR_HMAC_MD5_56(24),
-	ETYPE_ENCTYPE_PK_CROSS(48),
--- some "old" windows types
-	ETYPE_ARCFOUR_MD4(-128),
-	ETYPE_ARCFOUR_HMAC_OLD(-133),
-	ETYPE_ARCFOUR_HMAC_OLD_EXP(-135),
--- these are for Heimdal internal use
-	ETYPE_DES_CBC_NONE(-0x1000),
-	ETYPE_DES3_CBC_NONE(-0x1001),
-	ETYPE_DES_CFB64_NONE(-0x1002),
-	ETYPE_DES_PCBC_NONE(-0x1003),
-	ETYPE_DIGEST_MD5_NONE(-0x1004),		-- private use, lukeh@padl.com
-	ETYPE_CRAM_MD5_NONE(-0x1005)		-- private use, lukeh@padl.com
-}
-
-
-
-
--- this is sugar to make something ASN1 does not have: unsigned
-
-krb5uint32 ::= INTEGER (0..4294967295)
-krb5int32 ::= INTEGER (-2147483648..2147483647)
-
-KerberosString  ::= GeneralString
-
-Realm ::= GeneralString
-PrincipalName ::= SEQUENCE {
-	name-type[0]		NAME-TYPE,
-	name-string[1]		SEQUENCE OF GeneralString
-}
-
--- this is not part of RFC1510
-Principal ::= SEQUENCE {
-	name[0]			PrincipalName,
-	realm[1]		Realm
-}
-
-HostAddress ::= SEQUENCE  {
-	addr-type[0]		krb5int32,
-	address[1]		OCTET STRING
-}
-
--- This is from RFC1510.
---
--- HostAddresses ::= SEQUENCE OF SEQUENCE {
--- 	addr-type[0]		krb5int32,
---	address[1]		OCTET STRING
--- }
-
--- This seems much better.
-HostAddresses ::= SEQUENCE OF HostAddress
-
-
-KerberosTime ::= GeneralizedTime -- Specifying UTC time zone (Z)
-
-AuthorizationDataElement ::= SEQUENCE {
-	ad-type[0]		krb5int32,
-	ad-data[1]		OCTET STRING
-}
-
-AuthorizationData ::= SEQUENCE OF AuthorizationDataElement
-
-APOptions ::= BIT STRING {
-	reserved(0),
-	use-session-key(1),
-	mutual-required(2)
-}
-
-TicketFlags ::= BIT STRING {
-	reserved(0),
-	forwardable(1),
-	forwarded(2),
-	proxiable(3),
-	proxy(4),
-	may-postdate(5),
-	postdated(6),
-	invalid(7),
-	renewable(8),
-	initial(9),
-	pre-authent(10),
-	hw-authent(11),
-	transited-policy-checked(12),
-	ok-as-delegate(13),
-	anonymous(14)
-}
-
-KDCOptions ::= BIT STRING {
-	reserved(0),
-	forwardable(1),
-	forwarded(2),
-	proxiable(3),
-	proxy(4),
-	allow-postdate(5),
-	postdated(6),
-	unused7(7),
-	renewable(8),
-	unused9(9),
-	unused10(10),
-	unused11(11),
-	request-anonymous(14),
-	canonicalize(15),
-	constrained-delegation(16), -- ms extension
-	disable-transited-check(26),
-	renewable-ok(27),
-	enc-tkt-in-skey(28),
-	renew(30),
-	validate(31)
-}
-
-LR-TYPE ::= INTEGER {
-	LR_NONE(0),		-- no information
-	LR_INITIAL_TGT(1),	-- last initial TGT request
-	LR_INITIAL(2),		-- last initial request
-	LR_ISSUE_USE_TGT(3),	-- time of newest TGT used
-	LR_RENEWAL(4),		-- time of last renewal
-	LR_REQUEST(5),		-- time of last request (of any type)
-	LR_PW_EXPTIME(6),	-- expiration time of password
-	LR_ACCT_EXPTIME(7)	-- expiration time of account
-}
-
-LastReq ::= SEQUENCE OF SEQUENCE {
-	lr-type[0]		LR-TYPE,
-	lr-value[1]		KerberosTime
-}
-
-
-EncryptedData ::= SEQUENCE {
-	etype[0] 		ENCTYPE, -- EncryptionType
-	kvno[1]			krb5int32 OPTIONAL,
-	cipher[2]		OCTET STRING -- ciphertext
-}
-
-EncryptionKey ::= SEQUENCE {
-	keytype[0]		krb5int32,
-	keyvalue[1]		OCTET STRING
-}
-
--- encoded Transited field
-TransitedEncoding ::= SEQUENCE {
-	tr-type[0]		krb5int32, -- must be registered
-	contents[1]		OCTET STRING
-}
-
-Ticket ::= [APPLICATION 1] SEQUENCE {
-	tkt-vno[0]		krb5int32,
-	realm[1]		Realm,
-	sname[2]		PrincipalName,
-	enc-part[3]		EncryptedData
-}
--- Encrypted part of ticket
-EncTicketPart ::= [APPLICATION 3] SEQUENCE {
-	flags[0]		TicketFlags,
-	key[1]			EncryptionKey,
-	crealm[2]		Realm,
-	cname[3]		PrincipalName,
-	transited[4]		TransitedEncoding,
-	authtime[5]		KerberosTime,
-	starttime[6]		KerberosTime OPTIONAL,
-	endtime[7]		KerberosTime,
-	renew-till[8]		KerberosTime OPTIONAL,
-	caddr[9]		HostAddresses OPTIONAL,
-	authorization-data[10]	AuthorizationData OPTIONAL
-}
-
-Checksum ::= SEQUENCE {
-	cksumtype[0]		CKSUMTYPE,
-	checksum[1]		OCTET STRING
-}
-
-Authenticator ::= [APPLICATION 2] SEQUENCE    {
-	authenticator-vno[0]	krb5int32,
-	crealm[1]		Realm,
-	cname[2]		PrincipalName,
-	cksum[3]		Checksum OPTIONAL,
-	cusec[4]		krb5int32,
-	ctime[5]		KerberosTime,
-	subkey[6]		EncryptionKey OPTIONAL,
-	seq-number[7]		krb5uint32 OPTIONAL,
-	authorization-data[8]	AuthorizationData OPTIONAL
-}
-
-PA-DATA ::= SEQUENCE {
-	-- might be encoded AP-REQ
-	padata-type[1]		PADATA-TYPE,
-	padata-value[2]		OCTET STRING
-}
-
-ETYPE-INFO-ENTRY ::= SEQUENCE {
-	etype[0]		ENCTYPE,
-	salt[1]			OCTET STRING OPTIONAL,
-	salttype[2]		krb5int32 OPTIONAL
-}
-
-ETYPE-INFO ::= SEQUENCE OF ETYPE-INFO-ENTRY
-
-ETYPE-INFO2-ENTRY ::= SEQUENCE {
-	etype[0]		ENCTYPE,
-	salt[1]			KerberosString OPTIONAL,
-	s2kparams[2]		OCTET STRING OPTIONAL
-}
-
-ETYPE-INFO2 ::= SEQUENCE SIZE (1..MAX) OF ETYPE-INFO2-ENTRY
-
-METHOD-DATA ::= SEQUENCE OF PA-DATA
-
-TypedData ::=   SEQUENCE {
-	data-type[0]		krb5int32,
-	data-value[1]		OCTET STRING OPTIONAL
-}
-
-TYPED-DATA ::= SEQUENCE SIZE (1..MAX) OF TypedData
-
-KDC-REQ-BODY ::= SEQUENCE {
-	kdc-options[0]		KDCOptions,
-	cname[1]		PrincipalName OPTIONAL, -- Used only in AS-REQ
-	realm[2]		Realm,	-- Server's realm
-					-- Also client's in AS-REQ
-	sname[3]		PrincipalName OPTIONAL,
-	from[4]			KerberosTime OPTIONAL,
-	till[5]			KerberosTime OPTIONAL,
-	rtime[6]		KerberosTime OPTIONAL,
-	nonce[7]		krb5int32,
-	etype[8]		SEQUENCE OF ENCTYPE, -- EncryptionType,
-					-- in preference order
-	addresses[9]		HostAddresses OPTIONAL,
-	enc-authorization-data[10] EncryptedData OPTIONAL,
-					-- Encrypted AuthorizationData encoding
-	additional-tickets[11]	SEQUENCE OF Ticket OPTIONAL
-}
-
-KDC-REQ ::= SEQUENCE {
-	pvno[1]			krb5int32,
-	msg-type[2]		MESSAGE-TYPE,
-	padata[3]		METHOD-DATA OPTIONAL,
-	req-body[4]		KDC-REQ-BODY
-}
-
-AS-REQ ::= [APPLICATION 10] KDC-REQ
-TGS-REQ ::= [APPLICATION 12] KDC-REQ
-
--- padata-type ::= PA-ENC-TIMESTAMP
--- padata-value ::= EncryptedData - PA-ENC-TS-ENC
-
-PA-ENC-TS-ENC ::= SEQUENCE {
-	patimestamp[0]		KerberosTime, -- client's time
-	pausec[1]		krb5int32 OPTIONAL
-}
-
--- draft-brezak-win2k-krb-authz-01
-PA-PAC-REQUEST ::= SEQUENCE {
-	include-pac[0]		BOOLEAN -- Indicates whether a PAC 
-					-- should be included or not
-}
-
--- PacketCable provisioning server location, PKT-SP-SEC-I09-030728.pdf
-PROV-SRV-LOCATION ::= GeneralString
-
-KDC-REP ::= SEQUENCE {
-	pvno[0]			krb5int32,
-	msg-type[1]		MESSAGE-TYPE,
-	padata[2]		METHOD-DATA OPTIONAL,
-	crealm[3]		Realm,
-	cname[4]		PrincipalName,
-	ticket[5]		Ticket,
-	enc-part[6]		EncryptedData
-}
-
-AS-REP ::= [APPLICATION 11] KDC-REP
-TGS-REP ::= [APPLICATION 13] KDC-REP
-
-EncKDCRepPart ::= SEQUENCE {
-	key[0]			EncryptionKey,
-	last-req[1]		LastReq,
-	nonce[2]		krb5int32,
-	key-expiration[3]	KerberosTime OPTIONAL,
-	flags[4]		TicketFlags,
-	authtime[5]		KerberosTime,
-	starttime[6]		KerberosTime OPTIONAL,
-	endtime[7]		KerberosTime,
-	renew-till[8]		KerberosTime OPTIONAL,
-	srealm[9]		Realm,
-	sname[10]		PrincipalName,
-	caddr[11]		HostAddresses OPTIONAL,
-	encrypted-pa-data[12]	METHOD-DATA OPTIONAL
-}
-
-EncASRepPart ::= [APPLICATION 25] EncKDCRepPart
-EncTGSRepPart ::= [APPLICATION 26] EncKDCRepPart
-
-AP-REQ ::= [APPLICATION 14] SEQUENCE {
-	pvno[0]			krb5int32,
-	msg-type[1]		MESSAGE-TYPE,
-	ap-options[2]		APOptions,
-	ticket[3]		Ticket,
-	authenticator[4]	EncryptedData
-}
-
-AP-REP ::= [APPLICATION 15] SEQUENCE {
-	pvno[0]			krb5int32,
-	msg-type[1]		MESSAGE-TYPE,
-	enc-part[2]		EncryptedData
-}
-
-EncAPRepPart ::= [APPLICATION 27]     SEQUENCE {
-	ctime[0]		KerberosTime,
-	cusec[1]		krb5int32,
-	subkey[2]		EncryptionKey OPTIONAL,
-	seq-number[3]		krb5uint32 OPTIONAL
-}
-
-KRB-SAFE-BODY ::= SEQUENCE {
-	user-data[0]		OCTET STRING,
-	timestamp[1]		KerberosTime OPTIONAL,
-	usec[2]			krb5int32 OPTIONAL,
-	seq-number[3]		krb5uint32 OPTIONAL,
-	s-address[4]		HostAddress OPTIONAL,
-	r-address[5]		HostAddress OPTIONAL
-}
-
-KRB-SAFE ::= [APPLICATION 20] SEQUENCE {
-	pvno[0]			krb5int32,
-	msg-type[1]		MESSAGE-TYPE,
-	safe-body[2]		KRB-SAFE-BODY,
-	cksum[3]		Checksum
-}
-
-KRB-PRIV ::= [APPLICATION 21] SEQUENCE {
-	pvno[0]			krb5int32,
-	msg-type[1]		MESSAGE-TYPE,
-	enc-part[3]		EncryptedData
-}
-EncKrbPrivPart ::= [APPLICATION 28] SEQUENCE {
-	user-data[0]		OCTET STRING,
-	timestamp[1]		KerberosTime OPTIONAL,
-	usec[2]			krb5int32 OPTIONAL,
-	seq-number[3]		krb5uint32 OPTIONAL,
-	s-address[4]		HostAddress OPTIONAL, -- sender's addr
-	r-address[5]		HostAddress OPTIONAL  -- recip's addr
-}
-
-KRB-CRED ::= [APPLICATION 22]   SEQUENCE {
-	pvno[0]			krb5int32,
-	msg-type[1]		MESSAGE-TYPE, -- KRB_CRED
-	tickets[2]		SEQUENCE OF Ticket,
-	enc-part[3]		EncryptedData
-}
-
-KrbCredInfo ::= SEQUENCE {
-	key[0]			EncryptionKey,
-	prealm[1]		Realm OPTIONAL,
-	pname[2]		PrincipalName OPTIONAL,
-	flags[3]		TicketFlags OPTIONAL,
-	authtime[4]		KerberosTime OPTIONAL,
-	starttime[5]		KerberosTime OPTIONAL,
-	endtime[6] 		KerberosTime OPTIONAL,
-	renew-till[7]		KerberosTime OPTIONAL,
-	srealm[8]		Realm OPTIONAL,
-	sname[9]		PrincipalName OPTIONAL,
-	caddr[10]		HostAddresses OPTIONAL
-}
-
-EncKrbCredPart ::= [APPLICATION 29]   SEQUENCE {
-	ticket-info[0]		SEQUENCE OF KrbCredInfo,
-	nonce[1]		krb5int32 OPTIONAL,
-	timestamp[2]		KerberosTime OPTIONAL,
-	usec[3]			krb5int32 OPTIONAL,
-	s-address[4]		HostAddress OPTIONAL,
-	r-address[5]		HostAddress OPTIONAL
-}
-
-KRB-ERROR ::= [APPLICATION 30] SEQUENCE {
-	pvno[0]			krb5int32,
-	msg-type[1]		MESSAGE-TYPE,
-	ctime[2]		KerberosTime OPTIONAL,
-	cusec[3]		krb5int32 OPTIONAL,
-	stime[4]		KerberosTime,
-	susec[5]		krb5int32,
-	error-code[6]		krb5int32,
-	crealm[7]		Realm OPTIONAL,
-	cname[8]		PrincipalName OPTIONAL,
-	realm[9]		Realm, -- Correct realm
-	sname[10]		PrincipalName, -- Correct name
-	e-text[11]		GeneralString OPTIONAL,
-	e-data[12]		OCTET STRING OPTIONAL
-}
-
-ChangePasswdDataMS ::= SEQUENCE {
-	newpasswd[0]		OCTET STRING,
-	targname[1]		PrincipalName OPTIONAL,
-	targrealm[2]		Realm OPTIONAL
-}
-
-EtypeList ::= SEQUENCE OF krb5int32
-	-- the client's proposed enctype list in
-	-- decreasing preference order, favorite choice first
-
-krb5-pvno krb5int32 ::= 5 -- current Kerberos protocol version number
-
--- transited encodings
-
-DOMAIN-X500-COMPRESS	krb5int32 ::= 1
-
--- authorization data primitives
-
-AD-IF-RELEVANT ::= AuthorizationData
-
-AD-KDCIssued ::= SEQUENCE {
-	ad-checksum[0]		Checksum,
-	i-realm[1]		Realm OPTIONAL,
-	i-sname[2]		PrincipalName OPTIONAL,
-	elements[3]		AuthorizationData
-}
-
-AD-AND-OR ::= SEQUENCE {
-	condition-count[0]	INTEGER,
-	elements[1]		AuthorizationData
-}
-
-AD-MANDATORY-FOR-KDC ::= AuthorizationData
-
--- PA-SAM-RESPONSE-2/PA-SAM-RESPONSE-2
-
-PA-SAM-TYPE ::= INTEGER {
-	PA_SAM_TYPE_ENIGMA(1),		-- Enigma Logic
-	PA_SAM_TYPE_DIGI_PATH(2),	-- Digital Pathways
-	PA_SAM_TYPE_SKEY_K0(3),		-- S/key where  KDC has key 0
-	PA_SAM_TYPE_SKEY(4),		-- Traditional S/Key
-	PA_SAM_TYPE_SECURID(5),		-- Security Dynamics
-	PA_SAM_TYPE_CRYPTOCARD(6)	-- CRYPTOCard
-}
-
-PA-SAM-REDIRECT ::= HostAddresses
-
-SAMFlags ::= BIT STRING {
-	use-sad-as-key(0),
-	send-encrypted-sad(1),
-	must-pk-encrypt-sad(2)
-}
-
-PA-SAM-CHALLENGE-2-BODY ::= SEQUENCE {
-	sam-type[0]		krb5int32,
-	sam-flags[1]		SAMFlags,
-	sam-type-name[2]	GeneralString OPTIONAL,
-	sam-track-id[3]		GeneralString OPTIONAL,
-	sam-challenge-label[4]	GeneralString OPTIONAL,
-	sam-challenge[5]	GeneralString OPTIONAL,
-	sam-response-prompt[6]	GeneralString OPTIONAL,
-	sam-pk-for-sad[7]	EncryptionKey OPTIONAL,
-	sam-nonce[8]		krb5int32,
-	sam-etype[9]		krb5int32,
-	...
-}
-
-PA-SAM-CHALLENGE-2 ::= SEQUENCE {
-	sam-body[0]		PA-SAM-CHALLENGE-2-BODY,
-	sam-cksum[1]		SEQUENCE OF Checksum, -- (1..MAX)
-	...
-}
-
-PA-SAM-RESPONSE-2 ::= SEQUENCE {
-	sam-type[0]		krb5int32,
-	sam-flags[1]		SAMFlags,
-	sam-track-id[2]		GeneralString OPTIONAL,
-	sam-enc-nonce-or-sad[3]	EncryptedData, -- PA-ENC-SAM-RESPONSE-ENC
-	sam-nonce[4]		krb5int32,
-	...
-}
-
-PA-ENC-SAM-RESPONSE-ENC ::= SEQUENCE {
-	sam-nonce[0]		krb5int32,
-	sam-sad[1]		GeneralString OPTIONAL,
-	...
-}
-
-PA-S4U2Self ::= SEQUENCE {
-	name[0]		PrincipalName,
-        realm[1]	Realm,
-        cksum[2]	Checksum,
-        auth[3]		GeneralString
-}
-
-KRB5SignedPathPrincipals ::= SEQUENCE OF Principal
-
--- never encoded on the wire, just used to checksum over
-KRB5SignedPathData ::= SEQUENCE {
-	encticket[0]	EncTicketPart,
-	delegated[1]	KRB5SignedPathPrincipals OPTIONAL
-}
-
-KRB5SignedPath ::= SEQUENCE {
-	-- DERcoded KRB5SignedPathData
-	-- krbtgt key (etype), KeyUsage = XXX 
-	etype[0]	ENCTYPE,
-	cksum[1]	Checksum,
-	-- srvs delegated though
-	delegated[2]	KRB5SignedPathPrincipals OPTIONAL
-}
-
-PA-ClientCanonicalizedNames ::= SEQUENCE{
-	requested-name [0] PrincipalName,
-	real-name      [1] PrincipalName
-}
-
-PA-ClientCanonicalized ::= SEQUENCE {
-	names          [0] PA-ClientCanonicalizedNames,
-	canon-checksum [1] Checksum
-}
-
-AD-LoginAlias ::= SEQUENCE { -- ad-type number TBD --
-	login-alias  [0] PrincipalName,
-	checksum     [1] Checksum
-}
-
--- old ms referral
-PA-SvrReferralData ::= SEQUENCE {
-	referred-name   [1] PrincipalName OPTIONAL,
-	referred-realm  [0] Realm
-}
-
-END
-
--- etags -r '/\([A-Za-z][-A-Za-z0-9]*\).*::=/\1/' k5.asn1
diff --git a/crypto/heimdal/lib/asn1/kx509.asn1 b/crypto/heimdal/lib/asn1/kx509.asn1
deleted file mode 100644
index fc6a696dab3a..000000000000
--- a/crypto/heimdal/lib/asn1/kx509.asn1
+++ /dev/null
@@ -1,20 +0,0 @@
--- $Id: kx509.asn1 19546 2006-12-28 21:05:23Z lha $
-
-KX509 DEFINITIONS ::=
-BEGIN
-
-Kx509Request ::= SEQUENCE {
-	authenticator OCTET STRING,
-	pk-hash OCTET STRING,
-	pk-key OCTET STRING
-}
-
-Kx509Response ::= SEQUENCE {
-	error-code[0]	INTEGER (-2147483648..2147483647)
-	      OPTIONAL -- DEFAULT 0 --,
-	hash[1]		OCTET STRING OPTIONAL,
-	certificate[2]	OCTET STRING OPTIONAL,
-	e-text[3]	VisibleString OPTIONAL
-}
-
-END
diff --git a/crypto/heimdal/lib/asn1/lex.c b/crypto/heimdal/lib/asn1/lex.c
deleted file mode 100644
index 812bce16acb9..000000000000
--- a/crypto/heimdal/lib/asn1/lex.c
+++ /dev/null
@@ -1,2693 +0,0 @@
-
-#line 3 "lex.c"
-
-#define  YY_INT_ALIGNED short int
-
-/* A lexical scanner generated by flex */
-
-#define FLEX_SCANNER
-#define YY_FLEX_MAJOR_VERSION 2
-#define YY_FLEX_MINOR_VERSION 5
-#define YY_FLEX_SUBMINOR_VERSION 33
-#if YY_FLEX_SUBMINOR_VERSION > 0
-#define FLEX_BETA
-#endif
-
-/* First, we deal with  platform-specific or compiler-specific issues. */
-
-/* begin standard C headers. */
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-#include <stdlib.h>
-
-/* end standard C headers. */
-
-/* flex integer type definitions */
-
-#ifndef FLEXINT_H
-#define FLEXINT_H
-
-/* C99 systems have <inttypes.h>. Non-C99 systems may or may not. */
-
-#if __STDC_VERSION__ >= 199901L
-
-/* C99 says to define __STDC_LIMIT_MACROS before including stdint.h,
- * if you want the limit (max/min) macros for int types. 
- */
-#ifndef __STDC_LIMIT_MACROS
-#define __STDC_LIMIT_MACROS 1
-#endif
-
-#include <inttypes.h>
-typedef int8_t flex_int8_t;
-typedef uint8_t flex_uint8_t;
-typedef int16_t flex_int16_t;
-typedef uint16_t flex_uint16_t;
-typedef int32_t flex_int32_t;
-typedef uint32_t flex_uint32_t;
-#else
-typedef signed char flex_int8_t;
-typedef short int flex_int16_t;
-typedef int flex_int32_t;
-typedef unsigned char flex_uint8_t; 
-typedef unsigned short int flex_uint16_t;
-typedef unsigned int flex_uint32_t;
-#endif /* ! C99 */
-
-/* Limits of integral types. */
-#ifndef INT8_MIN
-#define INT8_MIN               (-128)
-#endif
-#ifndef INT16_MIN
-#define INT16_MIN              (-32767-1)
-#endif
-#ifndef INT32_MIN
-#define INT32_MIN              (-2147483647-1)
-#endif
-#ifndef INT8_MAX
-#define INT8_MAX               (127)
-#endif
-#ifndef INT16_MAX
-#define INT16_MAX              (32767)
-#endif
-#ifndef INT32_MAX
-#define INT32_MAX              (2147483647)
-#endif
-#ifndef UINT8_MAX
-#define UINT8_MAX              (255U)
-#endif
-#ifndef UINT16_MAX
-#define UINT16_MAX             (65535U)
-#endif
-#ifndef UINT32_MAX
-#define UINT32_MAX             (4294967295U)
-#endif
-
-#endif /* ! FLEXINT_H */
-
-#ifdef __cplusplus
-
-/* The "const" storage-class-modifier is valid. */
-#define YY_USE_CONST
-
-#else	/* ! __cplusplus */
-
-#if __STDC__
-
-#define YY_USE_CONST
-
-#endif	/* __STDC__ */
-#endif	/* ! __cplusplus */
-
-#ifdef YY_USE_CONST
-#define yyconst const
-#else
-#define yyconst
-#endif
-
-/* Returned upon end-of-file. */
-#define YY_NULL 0
-
-/* Promotes a possibly negative, possibly signed char to an unsigned
- * integer for use as an array index.  If the signed char is negative,
- * we want to instead treat it as an 8-bit unsigned char, hence the
- * double cast.
- */
-#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c)
-
-/* Enter a start condition.  This macro really ought to take a parameter,
- * but we do it the disgusting crufty way forced on us by the ()-less
- * definition of BEGIN.
- */
-#define BEGIN (yy_start) = 1 + 2 *
-
-/* Translate the current start state into a value that can be later handed
- * to BEGIN to return to the state.  The YYSTATE alias is for lex
- * compatibility.
- */
-#define YY_START (((yy_start) - 1) / 2)
-#define YYSTATE YY_START
-
-/* Action number for EOF rule of a given start state. */
-#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1)
-
-/* Special action meaning "start processing a new file". */
-#define YY_NEW_FILE yyrestart(yyin  )
-
-#define YY_END_OF_BUFFER_CHAR 0
-
-/* Size of default input buffer. */
-#ifndef YY_BUF_SIZE
-#define YY_BUF_SIZE 16384
-#endif
-
-/* The state buf must be large enough to hold one state per character in the main buffer.
- */
-#define YY_STATE_BUF_SIZE   ((YY_BUF_SIZE + 2) * sizeof(yy_state_type))
-
-#ifndef YY_TYPEDEF_YY_BUFFER_STATE
-#define YY_TYPEDEF_YY_BUFFER_STATE
-typedef struct yy_buffer_state *YY_BUFFER_STATE;
-#endif
-
-extern int yyleng;
-
-extern FILE *yyin, *yyout;
-
-#define EOB_ACT_CONTINUE_SCAN 0
-#define EOB_ACT_END_OF_FILE 1
-#define EOB_ACT_LAST_MATCH 2
-
-    #define YY_LESS_LINENO(n)
-    
-/* Return all but the first "n" matched characters back to the input stream. */
-#define yyless(n) \
-	do \
-		{ \
-		/* Undo effects of setting up yytext. */ \
-        int yyless_macro_arg = (n); \
-        YY_LESS_LINENO(yyless_macro_arg);\
-		*yy_cp = (yy_hold_char); \
-		YY_RESTORE_YY_MORE_OFFSET \
-		(yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \
-		YY_DO_BEFORE_ACTION; /* set up yytext again */ \
-		} \
-	while ( 0 )
-
-#define unput(c) yyunput( c, (yytext_ptr)  )
-
-/* The following is because we cannot portably get our hands on size_t
- * (without autoconf's help, which isn't available because we want
- * flex-generated scanners to compile on their own).
- */
-
-#ifndef YY_TYPEDEF_YY_SIZE_T
-#define YY_TYPEDEF_YY_SIZE_T
-typedef unsigned int yy_size_t;
-#endif
-
-#ifndef YY_STRUCT_YY_BUFFER_STATE
-#define YY_STRUCT_YY_BUFFER_STATE
-struct yy_buffer_state
-	{
-	FILE *yy_input_file;
-
-	char *yy_ch_buf;		/* input buffer */
-	char *yy_buf_pos;		/* current position in input buffer */
-
-	/* Size of input buffer in bytes, not including room for EOB
-	 * characters.
-	 */
-	yy_size_t yy_buf_size;
-
-	/* Number of characters read into yy_ch_buf, not including EOB
-	 * characters.
-	 */
-	int yy_n_chars;
-
-	/* Whether we "own" the buffer - i.e., we know we created it,
-	 * and can realloc() it to grow it, and should free() it to
-	 * delete it.
-	 */
-	int yy_is_our_buffer;
-
-	/* Whether this is an "interactive" input source; if so, and
-	 * if we're using stdio for input, then we want to use getc()
-	 * instead of fread(), to make sure we stop fetching input after
-	 * each newline.
-	 */
-	int yy_is_interactive;
-
-	/* Whether we're considered to be at the beginning of a line.
-	 * If so, '^' rules will be active on the next match, otherwise
-	 * not.
-	 */
-	int yy_at_bol;
-
-    int yy_bs_lineno; /**< The line count. */
-    int yy_bs_column; /**< The column count. */
-    
-	/* Whether to try to fill the input buffer when we reach the
-	 * end of it.
-	 */
-	int yy_fill_buffer;
-
-	int yy_buffer_status;
-
-#define YY_BUFFER_NEW 0
-#define YY_BUFFER_NORMAL 1
-	/* When an EOF's been seen but there's still some text to process
-	 * then we mark the buffer as YY_EOF_PENDING, to indicate that we
-	 * shouldn't try reading from the input source any more.  We might
-	 * still have a bunch of tokens to match, though, because of
-	 * possible backing-up.
-	 *
-	 * When we actually see the EOF, we change the status to "new"
-	 * (via yyrestart()), so that the user can continue scanning by
-	 * just pointing yyin at a new input file.
-	 */
-#define YY_BUFFER_EOF_PENDING 2
-
-	};
-#endif /* !YY_STRUCT_YY_BUFFER_STATE */
-
-/* Stack of input buffers. */
-static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */
-static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */
-static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */
-
-/* We provide macros for accessing buffer states in case in the
- * future we want to put the buffer states in a more general
- * "scanner state".
- *
- * Returns the top of the stack, or NULL.
- */
-#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \
-                          ? (yy_buffer_stack)[(yy_buffer_stack_top)] \
-                          : NULL)
-
-/* Same as previous macro, but useful when we know that the buffer stack is not
- * NULL or when we need an lvalue. For internal use only.
- */
-#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)]
-
-/* yy_hold_char holds the character lost when yytext is formed. */
-static char yy_hold_char;
-static int yy_n_chars;		/* number of characters read into yy_ch_buf */
-int yyleng;
-
-/* Points to current character in buffer. */
-static char *yy_c_buf_p = (char *) 0;
-static int yy_init = 0;		/* whether we need to initialize */
-static int yy_start = 0;	/* start state number */
-
-/* Flag which is used to allow yywrap()'s to do buffer switches
- * instead of setting up a fresh yyin.  A bit of a hack ...
- */
-static int yy_did_buffer_switch_on_eof;
-
-void yyrestart (FILE *input_file  );
-void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer  );
-YY_BUFFER_STATE yy_create_buffer (FILE *file,int size  );
-void yy_delete_buffer (YY_BUFFER_STATE b  );
-void yy_flush_buffer (YY_BUFFER_STATE b  );
-void yypush_buffer_state (YY_BUFFER_STATE new_buffer  );
-void yypop_buffer_state (void );
-
-static void yyensure_buffer_stack (void );
-static void yy_load_buffer_state (void );
-static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file  );
-
-#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER )
-
-YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size  );
-YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str  );
-YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len  );
-
-void *yyalloc (yy_size_t  );
-void *yyrealloc (void *,yy_size_t  );
-void yyfree (void *  );
-
-#define yy_new_buffer yy_create_buffer
-
-#define yy_set_interactive(is_interactive) \
-	{ \
-	if ( ! YY_CURRENT_BUFFER ){ \
-        yyensure_buffer_stack (); \
-		YY_CURRENT_BUFFER_LVALUE =    \
-            yy_create_buffer(yyin,YY_BUF_SIZE ); \
-	} \
-	YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \
-	}
-
-#define yy_set_bol(at_bol) \
-	{ \
-	if ( ! YY_CURRENT_BUFFER ){\
-        yyensure_buffer_stack (); \
-		YY_CURRENT_BUFFER_LVALUE =    \
-            yy_create_buffer(yyin,YY_BUF_SIZE ); \
-	} \
-	YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \
-	}
-
-#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol)
-
-/* Begin user sect3 */
-
-typedef unsigned char YY_CHAR;
-
-FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0;
-
-typedef int yy_state_type;
-
-extern int yylineno;
-
-int yylineno = 1;
-
-extern char *yytext;
-#define yytext_ptr yytext
-
-static yy_state_type yy_get_previous_state (void );
-static yy_state_type yy_try_NUL_trans (yy_state_type current_state  );
-static int yy_get_next_buffer (void );
-static void yy_fatal_error (yyconst char msg[]  );
-
-/* Done after the current pattern has been matched and before the
- * corresponding action - sets up yytext.
- */
-#define YY_DO_BEFORE_ACTION \
-	(yytext_ptr) = yy_bp; \
-	yyleng = (size_t) (yy_cp - yy_bp); \
-	(yy_hold_char) = *yy_cp; \
-	*yy_cp = '\0'; \
-	(yy_c_buf_p) = yy_cp;
-
-#define YY_NUM_RULES 95
-#define YY_END_OF_BUFFER 96
-/* This struct is not used in this scanner,
-   but its presence is necessary. */
-struct yy_trans_info
-	{
-	flex_int32_t yy_verify;
-	flex_int32_t yy_nxt;
-	};
-static yyconst flex_int16_t yy_accept[568] =
-    {   0,
-        0,    0,   96,   94,   90,   91,   87,   81,   81,   94,
-       94,   88,   88,   94,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   82,   83,   85,   88,   88,   93,   86,
-        0,    0,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   10,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   89,   51,   89,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,   92,   88,   84,
-
-       89,    3,   89,   89,   89,    7,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   22,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   44,   45,   89,   89,   89,   89,   89,   89,
-       89,   55,   89,   89,   89,   89,   89,   89,   89,   63,
-       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,   89,   30,   89,
-       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-
-       47,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   60,   89,   89,   64,   89,   89,   89,   68,   69,
-       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       80,   89,   89,   89,   89,    6,   89,   89,   89,   89,
-       13,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   89,   29,   89,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,   89,   89,   50,
-       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   89,   72,   89,   89,   89,   89,   89,
-       89,   89,    1,   89,   89,   89,   89,   89,   89,   12,
-
-       89,   89,   89,   89,   89,   89,   89,   89,   24,   89,
-       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,   49,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,   65,   66,   89,
-       89,   89,   73,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,    9,   89,   89,   89,   89,   18,   89,
-       89,   21,   89,   89,   26,   89,   89,   89,   89,   89,
-       89,   89,   37,   38,   89,   89,   41,   89,   89,   89,
-       89,   89,   89,   54,   89,   57,   58,   89,   89,   89,
-       89,   89,   89,   89,   75,   89,   89,   89,   89,   89,
-
-       89,   89,   89,   89,   89,   89,   89,   89,   20,   89,
-       25,   89,   28,   89,   89,   89,   89,   89,   36,   39,
-       40,   89,   89,   89,   89,   52,   89,   89,   89,   89,
-       62,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,    5,    8,   11,   14,   89,   89,   89,   89,   89,
-       89,   89,   89,   34,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   67,   89,   89,   74,   89,   89,   89,
-       89,   89,   89,   15,   89,   17,   89,   23,   89,   89,
-       89,   89,   35,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   76,   89,   89,   89,   89,    4,   16,
-
-       19,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   42,   43,   89,   89,   89,   89,   89,
-       61,   89,   89,   89,   89,   89,   89,   27,   31,   89,
-       33,   89,   48,   89,   56,   89,   89,   71,   89,   89,
-       79,   89,   89,   46,   89,   89,   89,   89,   78,    2,
-       32,   89,   59,   70,   77,   53,    0
-    } ;
-
-static yyconst flex_int32_t yy_ec[256] =
-    {   0,
-        1,    1,    1,    1,    1,    1,    1,    1,    2,    3,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    2,    1,    4,    1,    1,    1,    1,    1,    5,
-        5,    6,    1,    5,    7,    8,    9,   10,   11,   12,
-       12,   13,   14,   15,   12,   16,   12,   17,    5,    1,
-       18,    1,    1,    1,   19,   20,   21,   22,   23,   24,
-       25,   26,   27,   28,   29,   30,   31,   32,   33,   34,
-       35,   36,   37,   38,   39,   40,   41,   42,   43,   44,
-       45,    1,   46,    1,   47,    1,   48,   49,   50,   51,
-
-       52,   53,   54,   55,   56,   57,   29,   58,   59,   60,
-       61,   62,   29,   63,   64,   65,   66,   67,   29,   68,
-       29,   69,    5,    5,    5,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1
-    } ;
-
-static yyconst flex_int32_t yy_meta[70] =
-    {   0,
-        1,    1,    1,    1,    1,    1,    2,    1,    1,    3,
-        3,    3,    3,    3,    3,    3,    1,    1,    3,    3,
-        3,    3,    3,    3,    2,    2,    2,    2,    2,    2,
-        2,    2,    2,    2,    2,    2,    2,    2,    2,    2,
-        2,    2,    2,    2,    1,    1,    2,    3,    3,    3,
-        3,    3,    3,    2,    2,    2,    2,    2,    2,    2,
-        2,    2,    2,    2,    2,    2,    2,    2,    2
-    } ;
-
-static yyconst flex_int16_t yy_base[570] =
-    {   0,
-        0,    0,  636,  637,  637,  637,  637,  637,   63,  627,
-      628,   70,   77,  616,   74,   72,   76,  609,   65,   81,
-       49,    0,   92,   91,   32,  101,   97,  608,  103,  113,
-       99,  574,  602,  637,  637,  637,  156,  163,  620,  637,
-        0,  609,    0,  589,  595,  590,  585,  597,  583,  586,
-      586,    0,  101,  599,  108,  593,  596,  122,  124,  585,
-      581,  553,  564,  597,  587,  575,  115,  575,  565,  574,
-      575,  545,  575,  564,    0,  563,  543,  561,  558,  558,
-      124,  540,  161,  119,  551,  558,  561,  581,  566,  551,
-      555,  530,  560,  160,  530,   91,  547,  637,    0,  637,
-
-      125,    0,  554,  550,  555,    0,  544,  550,  543,  551,
-      540,  542,  145,  166,  552,  541,    0,  542,  549,  156,
-      548,  533,  538,  516,  505,  529,  533,  157,  534,  525,
-      539,  546,    0,  521,  529,  506,  534,  533,  528,  502,
-      515,    0,  515,  514,  510,  489,  518,  528,  507,    0,
-      522,  517,  505,  505,  504,  517,  516,  486,  159,  499,
-      520,  468,  482,  477,  506,  499,  494,  502,  497,  495,
-      461,  502,  505,  502,  485,  488,  482,  500,  479,  485,
-      494,  493,  491,  479,  485,  475,  164,  487,    0,  446,
-      453,  442,  468,  478,  468,  464,  483,  170,  488,  463,
-
-        0,  436,  477,  459,  463,  445,  471,  486,  469,  472,
-      425,    0,  451,  465,    0,  455,  467,  420,    0,    0,
-      477,  418,  450,  442,  457,  423,  441,  425,  415,  426,
-        0,  436,  454,  451,  452,    0,  407,  450,  447,  444,
-        0,  434,  429,  437,  433,  435,  439,  437,  423,  420,
-      436,  418,  418,  422,    0,  405,  396,  388,  423,  180,
-      411,  426,  415,  423,  408,  429,  436,  386,  403,    0,
-      408,  374,  402,  410,  404,  397,  386,  406,  400,  406,
-      388,  366,  401,  375,    0,  403,  389,  365,  358,  359,
-      356,  362,    0,  398,  399,  379,  360,  383,  376,    0,
-
-      390,  393,  379,  372,  371,  385,  385,  387,    0,  378,
-      367,  376,  383,  343,  350,  343,  374,  370,  374,  358,
-      371,  372,  356,  368,  353,  362,  338,    0,  368,  364,
-      353,  352,  345,  359,  332,  340,  358,    0,    0,  322,
-      355,  308,    0,  338,  322,  310,  308,  319,  318,  331,
-      330,  340,  306,    0,  342,  332,  336,  335,    0,  334,
-      338,    0,  321,  320,    0,  337,  326,  151,  318,  294,
-      326,  314,    0,    0,  314,  327,    0,  328,  283,  315,
-      309,  315,  292,    0,  319,    0,    0,  284,  318,  317,
-      279,  315,  300,  317,    0,  279,  286,  265,  295,  324,
-
-      303,  308,  274,  291,  288,  293,  292,  290,    0,  299,
-        0,  294,    0,  255,  250,  253,  263,  293,    0,    0,
-        0,  277,  251,  289,  247,    0,  247,  283,  257,  261,
-        0,  253,  274,  240,  274,  243,  244,  264,  235,  262,
-      265,    0,    0,    0,  260,  273,  270,  262,  271,  262,
-      228,  238,  226,    0,  252,  260,  230,  258,  221,  233,
-      250,  244,  247,    0,  241,  215,    0,  223,  239,  210,
-      211,  230,  240,    0,  249,    0,  233,    0,  242,  212,
-      216,  210,    0,  232,  204,  231,  206,  198,  233,  194,
-      231,  230,  200,    0,  190,  191,  197,  220,    0,    0,
-
-        0,  213,  190,  211,  188,  215,  192,  218,  184,  187,
-      204,  178,  218,  215,  178,  174,  180,  175,  196,  190,
-      178,  175,  176,    0,    0,  191,  174,  165,  180,  166,
-        0,  194,  166,  163,  158,  163,  197,    0,    0,  156,
-        0,  171,    0,  148,    0,  152,  188,    0,  150,  155,
-        0,  166,  153,    0,  143,  148,  162,  143,    0,    0,
-        0,  101,    0,    0,    0,    0,  637,  223,   69
-    } ;
-
-static yyconst flex_int16_t yy_def[570] =
-    {   0,
-      567,    1,  567,  567,  567,  567,  567,  567,  567,  567,
-      567,  567,  567,  567,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  567,  567,  567,  567,  567,  567,  567,
-      569,  567,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  567,  569,  567,
-
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,  568,  568,  568,  568,
-      568,  568,  568,  568,  568,  568,    0,  567,  567
-    } ;
-
-static yyconst flex_int16_t yy_nxt[707] =
-    {   0,
-        4,    5,    6,    7,    8,    4,    9,   10,   11,   12,
-       13,   13,   13,   13,   13,   13,   14,    4,   15,   16,
-       17,   18,   19,   20,   21,   22,   23,   22,   22,   22,
-       24,   25,   26,   27,   22,   28,   29,   30,   31,   32,
-       33,   22,   22,   22,   34,   35,    4,   22,   22,   22,
-       22,   22,   22,   22,   22,   22,   22,   22,   22,   22,
-       22,   22,   22,   22,   22,   22,   22,   22,   22,   36,
-       71,   99,   37,   38,   38,   38,   38,   38,   38,   38,
-       38,   38,   38,   38,   38,   38,   38,   38,   38,   38,
-       38,   38,   38,   44,   48,   57,   58,   72,   49,   60,
-
-       62,   53,   50,   45,   51,   54,   59,   46,   55,   69,
-       64,   63,   47,   65,   52,   78,   61,   70,   79,  109,
-       73,   74,   66,   67,   75,   84,   80,   88,   68,   85,
-       93,   89,   81,  110,   76,  129,   94,   41,  112,  113,
-       86,  163,  116,  117,  119,   87,  144,  166,   90,   77,
-      145,  130,  131,  149,  164,   91,  150,  120,   95,   82,
-      118,  121,  167,  566,   92,   38,   38,   38,   38,   38,
-       38,   38,   38,   38,   38,   38,   38,   38,   38,  147,
-      160,  177,  178,  161,  179,  185,  194,  414,  186,  195,
-      148,  223,  180,  224,  264,  253,  565,  564,  225,  254,
-
-      318,  563,  319,  562,  561,  265,  415,  560,  559,  558,
-      557,  556,  555,  554,  553,  552,  551,  550,  549,  548,
-      547,  546,  545,   41,   43,   43,  544,  543,  542,  541,
-      540,  539,  538,  537,  536,  535,  534,  533,  532,  531,
-      530,  529,  528,  527,  526,  525,  524,  523,  522,  521,
-      520,  519,  518,  517,  516,  515,  514,  513,  512,  511,
-      510,  509,  508,  507,  506,  505,  504,  503,  502,  501,
-      500,  499,  498,  497,  496,  495,  494,  493,  492,  491,
-      490,  489,  488,  487,  486,  485,  484,  483,  482,  481,
-      480,  479,  478,  477,  476,  475,  474,  473,  472,  471,
-
-      470,  469,  468,  467,  466,  465,  464,  463,  462,  461,
-      460,  459,  458,  457,  456,  455,  454,  453,  452,  451,
-      450,  449,  448,  447,  446,  445,  444,  443,  442,  441,
-      440,  439,  438,  437,  436,  435,  434,  433,  432,  431,
-      430,  429,  428,  427,  426,  425,  424,  423,  422,  421,
-      420,  419,  418,  417,  416,  413,  412,  411,  410,  409,
-      408,  407,  406,  405,  404,  403,  402,  401,  400,  399,
-      398,  397,  396,  395,  394,  393,  392,  391,  390,  389,
-      388,  387,  386,  385,  384,  383,  382,  381,  380,  379,
-      378,  377,  376,  375,  374,  373,  372,  371,  370,  369,
-
-      368,  367,  366,  365,  364,  363,  362,  361,  360,  359,
-      358,  357,  356,  355,  354,  353,  352,  351,  350,  349,
-      348,  347,  346,  345,  344,  343,  342,  341,  340,  339,
-      338,  337,  336,  335,  334,  333,  332,  331,  330,  329,
-      328,  327,  326,  325,  324,  323,  322,  321,  320,  317,
-      316,  315,  314,  313,  312,  311,  310,  309,  308,  307,
-      306,  305,  304,  303,  302,  301,  300,  299,  298,  297,
-      296,  295,  294,  293,  292,  291,  290,  289,  288,  287,
-      286,  285,  284,  283,  282,  281,  280,  279,  278,  277,
-      276,  275,  274,  273,  272,  271,  270,  269,  268,  267,
-
-      266,  263,  262,  261,  260,  259,  258,  257,  256,  255,
-      252,  251,  250,  249,  248,  247,  246,  245,  244,  243,
-      242,  241,  240,  239,  238,  237,  236,  235,  234,  233,
-      232,  231,  230,  229,  228,  227,  226,  222,  221,  220,
-      219,  218,  217,  216,  215,  214,  213,  212,  211,  210,
-      209,  208,  207,  206,  205,  204,  203,  202,  201,  200,
-      199,  198,  197,  196,  193,  192,  191,  190,  189,  188,
-      187,  184,  183,  182,  181,  176,  175,  174,  173,  172,
-      171,  170,  169,  168,  165,  162,  159,  158,  157,  156,
-      155,  154,  153,  152,  151,  146,  143,  142,  141,  140,
-
-      139,  138,  137,  136,  135,  134,  133,  132,  128,  127,
-      126,  125,  124,  123,  122,  115,  114,  111,  108,  107,
-      106,  105,  104,  103,  102,  101,  100,   98,   97,   96,
-       83,   56,   42,   40,   39,  567,    3,  567,  567,  567,
-      567,  567,  567,  567,  567,  567,  567,  567,  567,  567,
-      567,  567,  567,  567,  567,  567,  567,  567,  567,  567,
-      567,  567,  567,  567,  567,  567,  567,  567,  567,  567,
-      567,  567,  567,  567,  567,  567,  567,  567,  567,  567,
-      567,  567,  567,  567,  567,  567,  567,  567,  567,  567,
-      567,  567,  567,  567,  567,  567,  567,  567,  567,  567,
-
-      567,  567,  567,  567,  567,  567
-    } ;
-
-static yyconst flex_int16_t yy_chk[707] =
-    {   0,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    9,
-       25,  569,    9,    9,    9,    9,    9,    9,    9,   12,
-       12,   12,   12,   12,   12,   12,   13,   13,   13,   13,
-       13,   13,   13,   15,   16,   19,   19,   25,   16,   20,
-
-       21,   17,   16,   15,   16,   17,   19,   15,   17,   24,
-       23,   21,   15,   23,   16,   27,   20,   24,   27,   53,
-       26,   26,   23,   23,   26,   29,   27,   30,   23,   29,
-       31,   30,   27,   53,   26,   67,   31,   12,   55,   55,
-       29,   96,   58,   58,   59,   29,   81,  101,   30,   26,
-       81,   67,   67,   84,   96,   30,   84,   59,   31,   27,
-       58,   59,  101,  562,   30,   37,   37,   37,   37,   37,
-       37,   37,   38,   38,   38,   38,   38,   38,   38,   83,
-       94,  113,  113,   94,  114,  120,  128,  368,  120,  128,
-       83,  159,  114,  159,  198,  187,  558,  557,  159,  187,
-
-      260,  556,  260,  555,  553,  198,  368,  552,  550,  549,
-      547,  546,  544,  542,  540,  537,  536,  535,  534,  533,
-      532,  530,  529,   37,  568,  568,  528,  527,  526,  523,
-      522,  521,  520,  519,  518,  517,  516,  515,  514,  513,
-      512,  511,  510,  509,  508,  507,  506,  505,  504,  503,
-      502,  498,  497,  496,  495,  493,  492,  491,  490,  489,
-      488,  487,  486,  485,  484,  482,  481,  480,  479,  477,
-      475,  473,  472,  471,  470,  469,  468,  466,  465,  463,
-      462,  461,  460,  459,  458,  457,  456,  455,  453,  452,
-      451,  450,  449,  448,  447,  446,  445,  441,  440,  439,
-
-      438,  437,  436,  435,  434,  433,  432,  430,  429,  428,
-      427,  425,  424,  423,  422,  418,  417,  416,  415,  414,
-      412,  410,  408,  407,  406,  405,  404,  403,  402,  401,
-      400,  399,  398,  397,  396,  394,  393,  392,  391,  390,
-      389,  388,  385,  383,  382,  381,  380,  379,  378,  376,
-      375,  372,  371,  370,  369,  367,  366,  364,  363,  361,
-      360,  358,  357,  356,  355,  353,  352,  351,  350,  349,
-      348,  347,  346,  345,  344,  342,  341,  340,  337,  336,
-      335,  334,  333,  332,  331,  330,  329,  327,  326,  325,
-      324,  323,  322,  321,  320,  319,  318,  317,  316,  315,
-
-      314,  313,  312,  311,  310,  308,  307,  306,  305,  304,
-      303,  302,  301,  299,  298,  297,  296,  295,  294,  292,
-      291,  290,  289,  288,  287,  286,  284,  283,  282,  281,
-      280,  279,  278,  277,  276,  275,  274,  273,  272,  271,
-      269,  268,  267,  266,  265,  264,  263,  262,  261,  259,
-      258,  257,  256,  254,  253,  252,  251,  250,  249,  248,
-      247,  246,  245,  244,  243,  242,  240,  239,  238,  237,
-      235,  234,  233,  232,  230,  229,  228,  227,  226,  225,
-      224,  223,  222,  221,  218,  217,  216,  214,  213,  211,
-      210,  209,  208,  207,  206,  205,  204,  203,  202,  200,
-
-      199,  197,  196,  195,  194,  193,  192,  191,  190,  188,
-      186,  185,  184,  183,  182,  181,  180,  179,  178,  177,
-      176,  175,  174,  173,  172,  171,  170,  169,  168,  167,
-      166,  165,  164,  163,  162,  161,  160,  158,  157,  156,
-      155,  154,  153,  152,  151,  149,  148,  147,  146,  145,
-      144,  143,  141,  140,  139,  138,  137,  136,  135,  134,
-      132,  131,  130,  129,  127,  126,  125,  124,  123,  122,
-      121,  119,  118,  116,  115,  112,  111,  110,  109,  108,
-      107,  105,  104,  103,   97,   95,   93,   92,   91,   90,
-       89,   88,   87,   86,   85,   82,   80,   79,   78,   77,
-
-       76,   74,   73,   72,   71,   70,   69,   68,   66,   65,
-       64,   63,   62,   61,   60,   57,   56,   54,   51,   50,
-       49,   48,   47,   46,   45,   44,   42,   39,   33,   32,
-       28,   18,   14,   11,   10,    3,  567,  567,  567,  567,
-      567,  567,  567,  567,  567,  567,  567,  567,  567,  567,
-      567,  567,  567,  567,  567,  567,  567,  567,  567,  567,
-      567,  567,  567,  567,  567,  567,  567,  567,  567,  567,
-      567,  567,  567,  567,  567,  567,  567,  567,  567,  567,
-      567,  567,  567,  567,  567,  567,  567,  567,  567,  567,
-      567,  567,  567,  567,  567,  567,  567,  567,  567,  567,
-
-      567,  567,  567,  567,  567,  567
-    } ;
-
-static yy_state_type yy_last_accepting_state;
-static char *yy_last_accepting_cpos;
-
-extern int yy_flex_debug;
-int yy_flex_debug = 0;
-
-/* The intent behind this definition is that it'll catch
- * any uses of REJECT which flex missed.
- */
-#define REJECT reject_used_but_not_detected
-#define yymore() yymore_used_but_not_detected
-#define YY_MORE_ADJ 0
-#define YY_RESTORE_YY_MORE_OFFSET
-char *yytext;
-#line 1 "lex.l"
-#line 2 "lex.l"
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: lex.l 18738 2006-10-21 11:57:22Z lha $ */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <stdio.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <string.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#undef ECHO
-#include "symbol.h"
-#include "parse.h"
-#include "lex.h"
-#include "gen_locl.h"
-
-static unsigned lineno = 1;
-
-#undef ECHO
-
-static void unterminated(const char *, unsigned);
-
-/* This is for broken old lexes (solaris 10 and hpux) */
-#line 855 "lex.c"
-
-#define INITIAL 0
-
-#ifndef YY_NO_UNISTD_H
-/* Special case for "unistd.h", since it is non-ANSI. We include it way
- * down here because we want the user's section 1 to have been scanned first.
- * The user has a chance to override it with an option.
- */
-#include <unistd.h>
-#endif
-
-#ifndef YY_EXTRA_TYPE
-#define YY_EXTRA_TYPE void *
-#endif
-
-static int yy_init_globals (void );
-
-/* Macros after this point can all be overridden by user definitions in
- * section 1.
- */
-
-#ifndef YY_SKIP_YYWRAP
-#ifdef __cplusplus
-extern "C" int yywrap (void );
-#else
-extern int yywrap (void );
-#endif
-#endif
-
-    static void yyunput (int c,char *buf_ptr  );
-    
-#ifndef yytext_ptr
-static void yy_flex_strncpy (char *,yyconst char *,int );
-#endif
-
-#ifdef YY_NEED_STRLEN
-static int yy_flex_strlen (yyconst char * );
-#endif
-
-#ifndef YY_NO_INPUT
-
-#ifdef __cplusplus
-static int yyinput (void );
-#else
-static int input (void );
-#endif
-
-#endif
-
-/* Amount of stuff to slurp up with each read. */
-#ifndef YY_READ_BUF_SIZE
-#define YY_READ_BUF_SIZE 8192
-#endif
-
-/* Copy whatever the last rule matched to the standard output. */
-#ifndef ECHO
-/* This used to be an fputs(), but since the string might contain NUL's,
- * we now use fwrite().
- */
-#define ECHO (void) fwrite( yytext, yyleng, 1, yyout )
-#endif
-
-/* Gets input and stuffs it into "buf".  number of characters read, or YY_NULL,
- * is returned in "result".
- */
-#ifndef YY_INPUT
-#define YY_INPUT(buf,result,max_size) \
-	if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \
-		{ \
-		int c = '*'; \
-		size_t n; \
-		for ( n = 0; n < max_size && \
-			     (c = getc( yyin )) != EOF && c != '\n'; ++n ) \
-			buf[n] = (char) c; \
-		if ( c == '\n' ) \
-			buf[n++] = (char) c; \
-		if ( c == EOF && ferror( yyin ) ) \
-			YY_FATAL_ERROR( "input in flex scanner failed" ); \
-		result = n; \
-		} \
-	else \
-		{ \
-		errno=0; \
-		while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \
-			{ \
-			if( errno != EINTR) \
-				{ \
-				YY_FATAL_ERROR( "input in flex scanner failed" ); \
-				break; \
-				} \
-			errno=0; \
-			clearerr(yyin); \
-			} \
-		}\
-\
-
-#endif
-
-/* No semi-colon after return; correct usage is to write "yyterminate();" -
- * we don't want an extra ';' after the "return" because that will cause
- * some compilers to complain about unreachable statements.
- */
-#ifndef yyterminate
-#define yyterminate() return YY_NULL
-#endif
-
-/* Number of entries by which start-condition stack grows. */
-#ifndef YY_START_STACK_INCR
-#define YY_START_STACK_INCR 25
-#endif
-
-/* Report a fatal error. */
-#ifndef YY_FATAL_ERROR
-#define YY_FATAL_ERROR(msg) yy_fatal_error( msg )
-#endif
-
-/* end tables serialization structures and prototypes */
-
-/* Default declaration of generated scanner - a define so the user can
- * easily add parameters.
- */
-#ifndef YY_DECL
-#define YY_DECL_IS_OURS 1
-
-extern int yylex (void);
-
-#define YY_DECL int yylex (void)
-#endif /* !YY_DECL */
-
-/* Code executed at the beginning of each rule, after yytext and yyleng
- * have been set up.
- */
-#ifndef YY_USER_ACTION
-#define YY_USER_ACTION
-#endif
-
-/* Code executed at the end of each rule. */
-#ifndef YY_BREAK
-#define YY_BREAK break;
-#endif
-
-#define YY_RULE_SETUP \
-	YY_USER_ACTION
-
-/** The main scanner function which does all the work.
- */
-YY_DECL
-{
-	register yy_state_type yy_current_state;
-	register char *yy_cp, *yy_bp;
-	register int yy_act;
-    
-#line 68 "lex.l"
-
-#line 1010 "lex.c"
-
-	if ( !(yy_init) )
-		{
-		(yy_init) = 1;
-
-#ifdef YY_USER_INIT
-		YY_USER_INIT;
-#endif
-
-		if ( ! (yy_start) )
-			(yy_start) = 1;	/* first start state */
-
-		if ( ! yyin )
-			yyin = stdin;
-
-		if ( ! yyout )
-			yyout = stdout;
-
-		if ( ! YY_CURRENT_BUFFER ) {
-			yyensure_buffer_stack ();
-			YY_CURRENT_BUFFER_LVALUE =
-				yy_create_buffer(yyin,YY_BUF_SIZE );
-		}
-
-		yy_load_buffer_state( );
-		}
-
-	while ( 1 )		/* loops until end-of-file is reached */
-		{
-		yy_cp = (yy_c_buf_p);
-
-		/* Support of yytext. */
-		*yy_cp = (yy_hold_char);
-
-		/* yy_bp points to the position in yy_ch_buf of the start of
-		 * the current run.
-		 */
-		yy_bp = yy_cp;
-
-		yy_current_state = (yy_start);
-yy_match:
-		do
-			{
-			register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)];
-			if ( yy_accept[yy_current_state] )
-				{
-				(yy_last_accepting_state) = yy_current_state;
-				(yy_last_accepting_cpos) = yy_cp;
-				}
-			while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
-				{
-				yy_current_state = (int) yy_def[yy_current_state];
-				if ( yy_current_state >= 568 )
-					yy_c = yy_meta[(unsigned int) yy_c];
-				}
-			yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
-			++yy_cp;
-			}
-		while ( yy_base[yy_current_state] != 637 );
-
-yy_find_action:
-		yy_act = yy_accept[yy_current_state];
-		if ( yy_act == 0 )
-			{ /* have to back up */
-			yy_cp = (yy_last_accepting_cpos);
-			yy_current_state = (yy_last_accepting_state);
-			yy_act = yy_accept[yy_current_state];
-			}
-
-		YY_DO_BEFORE_ACTION;
-
-do_action:	/* This label is used only to access EOF actions. */
-
-		switch ( yy_act )
-	{ /* beginning of action switch */
-			case 0: /* must back up */
-			/* undo the effects of YY_DO_BEFORE_ACTION */
-			*yy_cp = (yy_hold_char);
-			yy_cp = (yy_last_accepting_cpos);
-			yy_current_state = (yy_last_accepting_state);
-			goto yy_find_action;
-
-case 1:
-YY_RULE_SETUP
-#line 69 "lex.l"
-{ return kw_ABSENT; }
-	YY_BREAK
-case 2:
-YY_RULE_SETUP
-#line 70 "lex.l"
-{ return kw_ABSTRACT_SYNTAX; }
-	YY_BREAK
-case 3:
-YY_RULE_SETUP
-#line 71 "lex.l"
-{ return kw_ALL; }
-	YY_BREAK
-case 4:
-YY_RULE_SETUP
-#line 72 "lex.l"
-{ return kw_APPLICATION; }
-	YY_BREAK
-case 5:
-YY_RULE_SETUP
-#line 73 "lex.l"
-{ return kw_AUTOMATIC; }
-	YY_BREAK
-case 6:
-YY_RULE_SETUP
-#line 74 "lex.l"
-{ return kw_BEGIN; }
-	YY_BREAK
-case 7:
-YY_RULE_SETUP
-#line 75 "lex.l"
-{ return kw_BIT; }
-	YY_BREAK
-case 8:
-YY_RULE_SETUP
-#line 76 "lex.l"
-{ return kw_BMPString; }
-	YY_BREAK
-case 9:
-YY_RULE_SETUP
-#line 77 "lex.l"
-{ return kw_BOOLEAN; }
-	YY_BREAK
-case 10:
-YY_RULE_SETUP
-#line 78 "lex.l"
-{ return kw_BY; }
-	YY_BREAK
-case 11:
-YY_RULE_SETUP
-#line 79 "lex.l"
-{ return kw_CHARACTER; }
-	YY_BREAK
-case 12:
-YY_RULE_SETUP
-#line 80 "lex.l"
-{ return kw_CHOICE; }
-	YY_BREAK
-case 13:
-YY_RULE_SETUP
-#line 81 "lex.l"
-{ return kw_CLASS; }
-	YY_BREAK
-case 14:
-YY_RULE_SETUP
-#line 82 "lex.l"
-{ return kw_COMPONENT; }
-	YY_BREAK
-case 15:
-YY_RULE_SETUP
-#line 83 "lex.l"
-{ return kw_COMPONENTS; }
-	YY_BREAK
-case 16:
-YY_RULE_SETUP
-#line 84 "lex.l"
-{ return kw_CONSTRAINED; }
-	YY_BREAK
-case 17:
-YY_RULE_SETUP
-#line 85 "lex.l"
-{ return kw_CONTAINING; }
-	YY_BREAK
-case 18:
-YY_RULE_SETUP
-#line 86 "lex.l"
-{ return kw_DEFAULT; }
-	YY_BREAK
-case 19:
-YY_RULE_SETUP
-#line 87 "lex.l"
-{ return kw_DEFINITIONS; }
-	YY_BREAK
-case 20:
-YY_RULE_SETUP
-#line 88 "lex.l"
-{ return kw_EMBEDDED; }
-	YY_BREAK
-case 21:
-YY_RULE_SETUP
-#line 89 "lex.l"
-{ return kw_ENCODED; }
-	YY_BREAK
-case 22:
-YY_RULE_SETUP
-#line 90 "lex.l"
-{ return kw_END; }
-	YY_BREAK
-case 23:
-YY_RULE_SETUP
-#line 91 "lex.l"
-{ return kw_ENUMERATED; }
-	YY_BREAK
-case 24:
-YY_RULE_SETUP
-#line 92 "lex.l"
-{ return kw_EXCEPT; }
-	YY_BREAK
-case 25:
-YY_RULE_SETUP
-#line 93 "lex.l"
-{ return kw_EXPLICIT; }
-	YY_BREAK
-case 26:
-YY_RULE_SETUP
-#line 94 "lex.l"
-{ return kw_EXPORTS; }
-	YY_BREAK
-case 27:
-YY_RULE_SETUP
-#line 95 "lex.l"
-{ return kw_EXTENSIBILITY; }
-	YY_BREAK
-case 28:
-YY_RULE_SETUP
-#line 96 "lex.l"
-{ return kw_EXTERNAL; }
-	YY_BREAK
-case 29:
-YY_RULE_SETUP
-#line 97 "lex.l"
-{ return kw_FALSE; }
-	YY_BREAK
-case 30:
-YY_RULE_SETUP
-#line 98 "lex.l"
-{ return kw_FROM; }
-	YY_BREAK
-case 31:
-YY_RULE_SETUP
-#line 99 "lex.l"
-{ return kw_GeneralString; }
-	YY_BREAK
-case 32:
-YY_RULE_SETUP
-#line 100 "lex.l"
-{ return kw_GeneralizedTime; }
-	YY_BREAK
-case 33:
-YY_RULE_SETUP
-#line 101 "lex.l"
-{ return kw_GraphicString; }
-	YY_BREAK
-case 34:
-YY_RULE_SETUP
-#line 102 "lex.l"
-{ return kw_IA5String; }
-	YY_BREAK
-case 35:
-YY_RULE_SETUP
-#line 103 "lex.l"
-{ return kw_IDENTIFIER; }
-	YY_BREAK
-case 36:
-YY_RULE_SETUP
-#line 104 "lex.l"
-{ return kw_IMPLICIT; }
-	YY_BREAK
-case 37:
-YY_RULE_SETUP
-#line 105 "lex.l"
-{ return kw_IMPLIED; }
-	YY_BREAK
-case 38:
-YY_RULE_SETUP
-#line 106 "lex.l"
-{ return kw_IMPORTS; }
-	YY_BREAK
-case 39:
-YY_RULE_SETUP
-#line 107 "lex.l"
-{ return kw_INCLUDES; }
-	YY_BREAK
-case 40:
-YY_RULE_SETUP
-#line 108 "lex.l"
-{ return kw_INSTANCE; }
-	YY_BREAK
-case 41:
-YY_RULE_SETUP
-#line 109 "lex.l"
-{ return kw_INTEGER; }
-	YY_BREAK
-case 42:
-YY_RULE_SETUP
-#line 110 "lex.l"
-{ return kw_INTERSECTION; }
-	YY_BREAK
-case 43:
-YY_RULE_SETUP
-#line 111 "lex.l"
-{ return kw_ISO646String; }
-	YY_BREAK
-case 44:
-YY_RULE_SETUP
-#line 112 "lex.l"
-{ return kw_MAX; }
-	YY_BREAK
-case 45:
-YY_RULE_SETUP
-#line 113 "lex.l"
-{ return kw_MIN; }
-	YY_BREAK
-case 46:
-YY_RULE_SETUP
-#line 114 "lex.l"
-{ return kw_MINUS_INFINITY; }
-	YY_BREAK
-case 47:
-YY_RULE_SETUP
-#line 115 "lex.l"
-{ return kw_NULL; }
-	YY_BREAK
-case 48:
-YY_RULE_SETUP
-#line 116 "lex.l"
-{ return kw_NumericString; }
-	YY_BREAK
-case 49:
-YY_RULE_SETUP
-#line 117 "lex.l"
-{ return kw_OBJECT; }
-	YY_BREAK
-case 50:
-YY_RULE_SETUP
-#line 118 "lex.l"
-{ return kw_OCTET; }
-	YY_BREAK
-case 51:
-YY_RULE_SETUP
-#line 119 "lex.l"
-{ return kw_OF; }
-	YY_BREAK
-case 52:
-YY_RULE_SETUP
-#line 120 "lex.l"
-{ return kw_OPTIONAL; }
-	YY_BREAK
-case 53:
-YY_RULE_SETUP
-#line 121 "lex.l"
-{ return kw_ObjectDescriptor; }
-	YY_BREAK
-case 54:
-YY_RULE_SETUP
-#line 122 "lex.l"
-{ return kw_PATTERN; }
-	YY_BREAK
-case 55:
-YY_RULE_SETUP
-#line 123 "lex.l"
-{ return kw_PDV; }
-	YY_BREAK
-case 56:
-YY_RULE_SETUP
-#line 124 "lex.l"
-{ return kw_PLUS_INFINITY; }
-	YY_BREAK
-case 57:
-YY_RULE_SETUP
-#line 125 "lex.l"
-{ return kw_PRESENT; }
-	YY_BREAK
-case 58:
-YY_RULE_SETUP
-#line 126 "lex.l"
-{ return kw_PRIVATE; }
-	YY_BREAK
-case 59:
-YY_RULE_SETUP
-#line 127 "lex.l"
-{ return kw_PrintableString; }
-	YY_BREAK
-case 60:
-YY_RULE_SETUP
-#line 128 "lex.l"
-{ return kw_REAL; }
-	YY_BREAK
-case 61:
-YY_RULE_SETUP
-#line 129 "lex.l"
-{ return kw_RELATIVE_OID; }
-	YY_BREAK
-case 62:
-YY_RULE_SETUP
-#line 130 "lex.l"
-{ return kw_SEQUENCE; }
-	YY_BREAK
-case 63:
-YY_RULE_SETUP
-#line 131 "lex.l"
-{ return kw_SET; }
-	YY_BREAK
-case 64:
-YY_RULE_SETUP
-#line 132 "lex.l"
-{ return kw_SIZE; }
-	YY_BREAK
-case 65:
-YY_RULE_SETUP
-#line 133 "lex.l"
-{ return kw_STRING; }
-	YY_BREAK
-case 66:
-YY_RULE_SETUP
-#line 134 "lex.l"
-{ return kw_SYNTAX; }
-	YY_BREAK
-case 67:
-YY_RULE_SETUP
-#line 135 "lex.l"
-{ return kw_T61String; }
-	YY_BREAK
-case 68:
-YY_RULE_SETUP
-#line 136 "lex.l"
-{ return kw_TAGS; }
-	YY_BREAK
-case 69:
-YY_RULE_SETUP
-#line 137 "lex.l"
-{ return kw_TRUE; }
-	YY_BREAK
-case 70:
-YY_RULE_SETUP
-#line 138 "lex.l"
-{ return kw_TYPE_IDENTIFIER; }
-	YY_BREAK
-case 71:
-YY_RULE_SETUP
-#line 139 "lex.l"
-{ return kw_TeletexString; }
-	YY_BREAK
-case 72:
-YY_RULE_SETUP
-#line 140 "lex.l"
-{ return kw_UNION; }
-	YY_BREAK
-case 73:
-YY_RULE_SETUP
-#line 141 "lex.l"
-{ return kw_UNIQUE; }
-	YY_BREAK
-case 74:
-YY_RULE_SETUP
-#line 142 "lex.l"
-{ return kw_UNIVERSAL; }
-	YY_BREAK
-case 75:
-YY_RULE_SETUP
-#line 143 "lex.l"
-{ return kw_UTCTime; }
-	YY_BREAK
-case 76:
-YY_RULE_SETUP
-#line 144 "lex.l"
-{ return kw_UTF8String; }
-	YY_BREAK
-case 77:
-YY_RULE_SETUP
-#line 145 "lex.l"
-{ return kw_UniversalString; }
-	YY_BREAK
-case 78:
-YY_RULE_SETUP
-#line 146 "lex.l"
-{ return kw_VideotexString; }
-	YY_BREAK
-case 79:
-YY_RULE_SETUP
-#line 147 "lex.l"
-{ return kw_VisibleString; }
-	YY_BREAK
-case 80:
-YY_RULE_SETUP
-#line 148 "lex.l"
-{ return kw_WITH; }
-	YY_BREAK
-case 81:
-YY_RULE_SETUP
-#line 149 "lex.l"
-{ return *yytext; }
-	YY_BREAK
-case 82:
-YY_RULE_SETUP
-#line 150 "lex.l"
-{ return *yytext; }
-	YY_BREAK
-case 83:
-YY_RULE_SETUP
-#line 151 "lex.l"
-{ return *yytext; }
-	YY_BREAK
-case 84:
-YY_RULE_SETUP
-#line 152 "lex.l"
-{ return EEQUAL; }
-	YY_BREAK
-case 85:
-YY_RULE_SETUP
-#line 153 "lex.l"
-{ 
-			    int c, start_lineno = lineno;
-			    int f = 0;
-			    while((c = input()) != EOF) {
-				if(f && c == '-')
-				    break;
-				if(c == '-') {
-				    f = 1;
-				    continue;
-				}
-				if(c == '\n') {
-				    lineno++;
-				    break;
-				}
-				f = 0;
-			    }
-			    if(c == EOF)
-				unterminated("comment", start_lineno);
-			}
-	YY_BREAK
-case 86:
-YY_RULE_SETUP
-#line 172 "lex.l"
-{ 
-			    int c, start_lineno = lineno;
-			    int level = 1;
-			    int seen_star = 0;
-			    int seen_slash = 0;
-			    while((c = input()) != EOF) {
-				if(c == '/') {
-				    if(seen_star) {
-					if(--level == 0)
-					    break;
-					seen_star = 0;
-					continue;
-				    }
-				    seen_slash = 1;
-				    continue;
-				}
-				if(seen_star && c == '/') {
-				    if(--level == 0)
-					break;
-				    seen_star = 0;
-				    continue;
-				}
-				if(c == '*') {
-				    if(seen_slash) {
-					level++;
-					seen_star = seen_slash = 0;
-					continue;
-				    } 
-				    seen_star = 1;
-				    continue;
-				}
-				seen_star = seen_slash = 0;
-				if(c == '\n') {
-				    lineno++;
-				    continue;
-				}
-			    }
-			    if(c == EOF)
-				unterminated("comment", start_lineno);
-			}
-	YY_BREAK
-case 87:
-YY_RULE_SETUP
-#line 212 "lex.l"
-{ 
-			    int start_lineno = lineno;
-			    int c;
-			    char buf[1024];
-			    char *p = buf;
-			    int f = 0;
-			    int skip_ws = 0;
-			    
-			    while((c = input()) != EOF) {
-				if(isspace(c) && skip_ws) {
-				    if(c == '\n')
-					lineno++;
-				    continue;
-				}
-				skip_ws = 0;
-				
-				if(c == '"') {
-				    if(f) {
-					*p++ = '"';
-					f = 0;
-				    } else
-					f = 1;
-				    continue;
-				}
-				if(f == 1) {
-				    unput(c);
-				    break;
-				}
-				if(c == '\n') {
-				    lineno++;
-				    while(p > buf && isspace((unsigned char)p[-1]))
-					p--;
-				    skip_ws = 1;
-				    continue;
-				}
-				*p++ = c;
-			    }
-			    if(c == EOF)
-				unterminated("string", start_lineno);
-			    *p++ = '\0';
-			    fprintf(stderr, "string -- %s\n", buf);
-			    yylval.name = estrdup(buf);
-			    return STRING; 
-			}
-	YY_BREAK
-case 88:
-YY_RULE_SETUP
-#line 257 "lex.l"
-{ char *e, *y = yytext;
-			  yylval.constant = strtol((const char *)yytext,
-						   &e, 0);
-			  if(e == y) 
-			    error_message("malformed constant (%s)", yytext); 
-			  else
-			    return NUMBER;
-			}
-	YY_BREAK
-case 89:
-YY_RULE_SETUP
-#line 265 "lex.l"
-{
-			  yylval.name =  estrdup ((const char *)yytext);
-			  return IDENTIFIER;
-			}
-	YY_BREAK
-case 90:
-YY_RULE_SETUP
-#line 269 "lex.l"
-;
-	YY_BREAK
-case 91:
-/* rule 91 can match eol */
-YY_RULE_SETUP
-#line 270 "lex.l"
-{ ++lineno; }
-	YY_BREAK
-case 92:
-YY_RULE_SETUP
-#line 271 "lex.l"
-{ return ELLIPSIS; }
-	YY_BREAK
-case 93:
-YY_RULE_SETUP
-#line 272 "lex.l"
-{ return RANGE; }
-	YY_BREAK
-case 94:
-YY_RULE_SETUP
-#line 273 "lex.l"
-{ error_message("Ignoring char(%c)\n", *yytext); }
-	YY_BREAK
-case 95:
-YY_RULE_SETUP
-#line 274 "lex.l"
-ECHO;
-	YY_BREAK
-#line 1679 "lex.c"
-case YY_STATE_EOF(INITIAL):
-	yyterminate();
-
-	case YY_END_OF_BUFFER:
-		{
-		/* Amount of text matched not including the EOB char. */
-		int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1;
-
-		/* Undo the effects of YY_DO_BEFORE_ACTION. */
-		*yy_cp = (yy_hold_char);
-		YY_RESTORE_YY_MORE_OFFSET
-
-		if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW )
-			{
-			/* We're scanning a new file or input source.  It's
-			 * possible that this happened because the user
-			 * just pointed yyin at a new source and called
-			 * yylex().  If so, then we have to assure
-			 * consistency between YY_CURRENT_BUFFER and our
-			 * globals.  Here is the right place to do so, because
-			 * this is the first action (other than possibly a
-			 * back-up) that will match for the new input source.
-			 */
-			(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
-			YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin;
-			YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL;
-			}
-
-		/* Note that here we test for yy_c_buf_p "<=" to the position
-		 * of the first EOB in the buffer, since yy_c_buf_p will
-		 * already have been incremented past the NUL character
-		 * (since all states make transitions on EOB to the
-		 * end-of-buffer state).  Contrast this with the test
-		 * in input().
-		 */
-		if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
-			{ /* This was really a NUL. */
-			yy_state_type yy_next_state;
-
-			(yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text;
-
-			yy_current_state = yy_get_previous_state(  );
-
-			/* Okay, we're now positioned to make the NUL
-			 * transition.  We couldn't have
-			 * yy_get_previous_state() go ahead and do it
-			 * for us because it doesn't know how to deal
-			 * with the possibility of jamming (and we don't
-			 * want to build jamming into it because then it
-			 * will run more slowly).
-			 */
-
-			yy_next_state = yy_try_NUL_trans( yy_current_state );
-
-			yy_bp = (yytext_ptr) + YY_MORE_ADJ;
-
-			if ( yy_next_state )
-				{
-				/* Consume the NUL. */
-				yy_cp = ++(yy_c_buf_p);
-				yy_current_state = yy_next_state;
-				goto yy_match;
-				}
-
-			else
-				{
-				yy_cp = (yy_c_buf_p);
-				goto yy_find_action;
-				}
-			}
-
-		else switch ( yy_get_next_buffer(  ) )
-			{
-			case EOB_ACT_END_OF_FILE:
-				{
-				(yy_did_buffer_switch_on_eof) = 0;
-
-				if ( yywrap( ) )
-					{
-					/* Note: because we've taken care in
-					 * yy_get_next_buffer() to have set up
-					 * yytext, we can now set up
-					 * yy_c_buf_p so that if some total
-					 * hoser (like flex itself) wants to
-					 * call the scanner after we return the
-					 * YY_NULL, it'll still work - another
-					 * YY_NULL will get returned.
-					 */
-					(yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ;
-
-					yy_act = YY_STATE_EOF(YY_START);
-					goto do_action;
-					}
-
-				else
-					{
-					if ( ! (yy_did_buffer_switch_on_eof) )
-						YY_NEW_FILE;
-					}
-				break;
-				}
-
-			case EOB_ACT_CONTINUE_SCAN:
-				(yy_c_buf_p) =
-					(yytext_ptr) + yy_amount_of_matched_text;
-
-				yy_current_state = yy_get_previous_state(  );
-
-				yy_cp = (yy_c_buf_p);
-				yy_bp = (yytext_ptr) + YY_MORE_ADJ;
-				goto yy_match;
-
-			case EOB_ACT_LAST_MATCH:
-				(yy_c_buf_p) =
-				&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)];
-
-				yy_current_state = yy_get_previous_state(  );
-
-				yy_cp = (yy_c_buf_p);
-				yy_bp = (yytext_ptr) + YY_MORE_ADJ;
-				goto yy_find_action;
-			}
-		break;
-		}
-
-	default:
-		YY_FATAL_ERROR(
-			"fatal flex scanner internal error--no action found" );
-	} /* end of action switch */
-		} /* end of scanning one token */
-} /* end of yylex */
-
-/* yy_get_next_buffer - try to read in a new buffer
- *
- * Returns a code representing an action:
- *	EOB_ACT_LAST_MATCH -
- *	EOB_ACT_CONTINUE_SCAN - continue scanning from current position
- *	EOB_ACT_END_OF_FILE - end of file
- */
-static int yy_get_next_buffer (void)
-{
-    	register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf;
-	register char *source = (yytext_ptr);
-	register int number_to_move, i;
-	int ret_val;
-
-	if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] )
-		YY_FATAL_ERROR(
-		"fatal flex scanner internal error--end of buffer missed" );
-
-	if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 )
-		{ /* Don't try to fill the buffer, so this is an EOF. */
-		if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 )
-			{
-			/* We matched a single character, the EOB, so
-			 * treat this as a final EOF.
-			 */
-			return EOB_ACT_END_OF_FILE;
-			}
-
-		else
-			{
-			/* We matched some text prior to the EOB, first
-			 * process it.
-			 */
-			return EOB_ACT_LAST_MATCH;
-			}
-		}
-
-	/* Try to read more data. */
-
-	/* First move last chars to start of buffer. */
-	number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1;
-
-	for ( i = 0; i < number_to_move; ++i )
-		*(dest++) = *(source++);
-
-	if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING )
-		/* don't do the read, it's not guaranteed to return an EOF,
-		 * just force an EOF
-		 */
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0;
-
-	else
-		{
-			int num_to_read =
-			YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
-
-		while ( num_to_read <= 0 )
-			{ /* Not enough room in the buffer - grow it. */
-
-			/* just a shorter name for the current buffer */
-			YY_BUFFER_STATE b = YY_CURRENT_BUFFER;
-
-			int yy_c_buf_p_offset =
-				(int) ((yy_c_buf_p) - b->yy_ch_buf);
-
-			if ( b->yy_is_our_buffer )
-				{
-				int new_size = b->yy_buf_size * 2;
-
-				if ( new_size <= 0 )
-					b->yy_buf_size += b->yy_buf_size / 8;
-				else
-					b->yy_buf_size *= 2;
-
-				b->yy_ch_buf = (char *)
-					/* Include room in for 2 EOB chars. */
-					yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2  );
-				}
-			else
-				/* Can't grow it, we don't own it. */
-				b->yy_ch_buf = 0;
-
-			if ( ! b->yy_ch_buf )
-				YY_FATAL_ERROR(
-				"fatal error - scanner input buffer overflow" );
-
-			(yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset];
-
-			num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size -
-						number_to_move - 1;
-
-			}
-
-		if ( num_to_read > YY_READ_BUF_SIZE )
-			num_to_read = YY_READ_BUF_SIZE;
-
-		/* Read in more data. */
-		YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]),
-			(yy_n_chars), num_to_read );
-
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
-		}
-
-	if ( (yy_n_chars) == 0 )
-		{
-		if ( number_to_move == YY_MORE_ADJ )
-			{
-			ret_val = EOB_ACT_END_OF_FILE;
-			yyrestart(yyin  );
-			}
-
-		else
-			{
-			ret_val = EOB_ACT_LAST_MATCH;
-			YY_CURRENT_BUFFER_LVALUE->yy_buffer_status =
-				YY_BUFFER_EOF_PENDING;
-			}
-		}
-
-	else
-		ret_val = EOB_ACT_CONTINUE_SCAN;
-
-	(yy_n_chars) += number_to_move;
-	YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR;
-	YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR;
-
-	(yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0];
-
-	return ret_val;
-}
-
-/* yy_get_previous_state - get the state just before the EOB char was reached */
-
-    static yy_state_type yy_get_previous_state (void)
-{
-	register yy_state_type yy_current_state;
-	register char *yy_cp;
-    
-	yy_current_state = (yy_start);
-
-	for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp )
-		{
-		register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1);
-		if ( yy_accept[yy_current_state] )
-			{
-			(yy_last_accepting_state) = yy_current_state;
-			(yy_last_accepting_cpos) = yy_cp;
-			}
-		while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
-			{
-			yy_current_state = (int) yy_def[yy_current_state];
-			if ( yy_current_state >= 568 )
-				yy_c = yy_meta[(unsigned int) yy_c];
-			}
-		yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
-		}
-
-	return yy_current_state;
-}
-
-/* yy_try_NUL_trans - try to make a transition on the NUL character
- *
- * synopsis
- *	next_state = yy_try_NUL_trans( current_state );
- */
-    static yy_state_type yy_try_NUL_trans  (yy_state_type yy_current_state )
-{
-	register int yy_is_jam;
-    	register char *yy_cp = (yy_c_buf_p);
-
-	register YY_CHAR yy_c = 1;
-	if ( yy_accept[yy_current_state] )
-		{
-		(yy_last_accepting_state) = yy_current_state;
-		(yy_last_accepting_cpos) = yy_cp;
-		}
-	while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
-		{
-		yy_current_state = (int) yy_def[yy_current_state];
-		if ( yy_current_state >= 568 )
-			yy_c = yy_meta[(unsigned int) yy_c];
-		}
-	yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
-	yy_is_jam = (yy_current_state == 567);
-
-	return yy_is_jam ? 0 : yy_current_state;
-}
-
-    static void yyunput (int c, register char * yy_bp )
-{
-	register char *yy_cp;
-    
-    yy_cp = (yy_c_buf_p);
-
-	/* undo effects of setting up yytext */
-	*yy_cp = (yy_hold_char);
-
-	if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
-		{ /* need to shift things up to make room */
-		/* +2 for EOB chars. */
-		register int number_to_move = (yy_n_chars) + 2;
-		register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[
-					YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2];
-		register char *source =
-				&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move];
-
-		while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf )
-			*--dest = *--source;
-
-		yy_cp += (int) (dest - source);
-		yy_bp += (int) (dest - source);
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars =
-			(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size;
-
-		if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
-			YY_FATAL_ERROR( "flex scanner push-back overflow" );
-		}
-
-	*--yy_cp = (char) c;
-
-	(yytext_ptr) = yy_bp;
-	(yy_hold_char) = *yy_cp;
-	(yy_c_buf_p) = yy_cp;
-}
-
-#ifndef YY_NO_INPUT
-#ifdef __cplusplus
-    static int yyinput (void)
-#else
-    static int input  (void)
-#endif
-
-{
-	int c;
-    
-	*(yy_c_buf_p) = (yy_hold_char);
-
-	if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR )
-		{
-		/* yy_c_buf_p now points to the character we want to return.
-		 * If this occurs *before* the EOB characters, then it's a
-		 * valid NUL; if not, then we've hit the end of the buffer.
-		 */
-		if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
-			/* This was really a NUL. */
-			*(yy_c_buf_p) = '\0';
-
-		else
-			{ /* need more input */
-			int offset = (yy_c_buf_p) - (yytext_ptr);
-			++(yy_c_buf_p);
-
-			switch ( yy_get_next_buffer(  ) )
-				{
-				case EOB_ACT_LAST_MATCH:
-					/* This happens because yy_g_n_b()
-					 * sees that we've accumulated a
-					 * token and flags that we need to
-					 * try matching the token before
-					 * proceeding.  But for input(),
-					 * there's no matching to consider.
-					 * So convert the EOB_ACT_LAST_MATCH
-					 * to EOB_ACT_END_OF_FILE.
-					 */
-
-					/* Reset buffer status. */
-					yyrestart(yyin );
-
-					/*FALLTHROUGH*/
-
-				case EOB_ACT_END_OF_FILE:
-					{
-					if ( yywrap( ) )
-						return 0;
-
-					if ( ! (yy_did_buffer_switch_on_eof) )
-						YY_NEW_FILE;
-#ifdef __cplusplus
-					return yyinput();
-#else
-					return input();
-#endif
-					}
-
-				case EOB_ACT_CONTINUE_SCAN:
-					(yy_c_buf_p) = (yytext_ptr) + offset;
-					break;
-				}
-			}
-		}
-
-	c = *(unsigned char *) (yy_c_buf_p);	/* cast for 8-bit char's */
-	*(yy_c_buf_p) = '\0';	/* preserve yytext */
-	(yy_hold_char) = *++(yy_c_buf_p);
-
-	return c;
-}
-#endif	/* ifndef YY_NO_INPUT */
-
-/** Immediately switch to a different input stream.
- * @param input_file A readable stream.
- * 
- * @note This function does not reset the start condition to @c INITIAL .
- */
-    void yyrestart  (FILE * input_file )
-{
-    
-	if ( ! YY_CURRENT_BUFFER ){
-        yyensure_buffer_stack ();
-		YY_CURRENT_BUFFER_LVALUE =
-            yy_create_buffer(yyin,YY_BUF_SIZE );
-	}
-
-	yy_init_buffer(YY_CURRENT_BUFFER,input_file );
-	yy_load_buffer_state( );
-}
-
-/** Switch to a different input buffer.
- * @param new_buffer The new input buffer.
- * 
- */
-    void yy_switch_to_buffer  (YY_BUFFER_STATE  new_buffer )
-{
-    
-	/* TODO. We should be able to replace this entire function body
-	 * with
-	 *		yypop_buffer_state();
-	 *		yypush_buffer_state(new_buffer);
-     */
-	yyensure_buffer_stack ();
-	if ( YY_CURRENT_BUFFER == new_buffer )
-		return;
-
-	if ( YY_CURRENT_BUFFER )
-		{
-		/* Flush out information for old buffer. */
-		*(yy_c_buf_p) = (yy_hold_char);
-		YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
-		}
-
-	YY_CURRENT_BUFFER_LVALUE = new_buffer;
-	yy_load_buffer_state( );
-
-	/* We don't actually know whether we did this switch during
-	 * EOF (yywrap()) processing, but the only time this flag
-	 * is looked at is after yywrap() is called, so it's safe
-	 * to go ahead and always set it.
-	 */
-	(yy_did_buffer_switch_on_eof) = 1;
-}
-
-static void yy_load_buffer_state  (void)
-{
-    	(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
-	(yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos;
-	yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file;
-	(yy_hold_char) = *(yy_c_buf_p);
-}
-
-/** Allocate and initialize an input buffer state.
- * @param file A readable stream.
- * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE.
- * 
- * @return the allocated buffer state.
- */
-    YY_BUFFER_STATE yy_create_buffer  (FILE * file, int  size )
-{
-	YY_BUFFER_STATE b;
-    
-	b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state )  );
-	if ( ! b )
-		YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
-
-	b->yy_buf_size = size;
-
-	/* yy_ch_buf has to be 2 characters longer than the size given because
-	 * we need to put in 2 end-of-buffer characters.
-	 */
-	b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2  );
-	if ( ! b->yy_ch_buf )
-		YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
-
-	b->yy_is_our_buffer = 1;
-
-	yy_init_buffer(b,file );
-
-	return b;
-}
-
-/** Destroy the buffer.
- * @param b a buffer created with yy_create_buffer()
- * 
- */
-    void yy_delete_buffer (YY_BUFFER_STATE  b )
-{
-    
-	if ( ! b )
-		return;
-
-	if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */
-		YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0;
-
-	if ( b->yy_is_our_buffer )
-		yyfree((void *) b->yy_ch_buf  );
-
-	yyfree((void *) b  );
-}
-
-#ifndef __cplusplus
-extern int isatty (int );
-#endif /* __cplusplus */
-    
-/* Initializes or reinitializes a buffer.
- * This function is sometimes called more than once on the same buffer,
- * such as during a yyrestart() or at EOF.
- */
-    static void yy_init_buffer  (YY_BUFFER_STATE  b, FILE * file )
-
-{
-	int oerrno = errno;
-    
-	yy_flush_buffer(b );
-
-	b->yy_input_file = file;
-	b->yy_fill_buffer = 1;
-
-    /* If b is the current buffer, then yy_init_buffer was _probably_
-     * called from yyrestart() or through yy_get_next_buffer.
-     * In that case, we don't want to reset the lineno or column.
-     */
-    if (b != YY_CURRENT_BUFFER){
-        b->yy_bs_lineno = 1;
-        b->yy_bs_column = 0;
-    }
-
-        b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0;
-    
-	errno = oerrno;
-}
-
-/** Discard all buffered characters. On the next scan, YY_INPUT will be called.
- * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER.
- * 
- */
-    void yy_flush_buffer (YY_BUFFER_STATE  b )
-{
-    	if ( ! b )
-		return;
-
-	b->yy_n_chars = 0;
-
-	/* We always need two end-of-buffer characters.  The first causes
-	 * a transition to the end-of-buffer state.  The second causes
-	 * a jam in that state.
-	 */
-	b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR;
-	b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR;
-
-	b->yy_buf_pos = &b->yy_ch_buf[0];
-
-	b->yy_at_bol = 1;
-	b->yy_buffer_status = YY_BUFFER_NEW;
-
-	if ( b == YY_CURRENT_BUFFER )
-		yy_load_buffer_state( );
-}
-
-/** Pushes the new state onto the stack. The new state becomes
- *  the current state. This function will allocate the stack
- *  if necessary.
- *  @param new_buffer The new state.
- *  
- */
-void yypush_buffer_state (YY_BUFFER_STATE new_buffer )
-{
-    	if (new_buffer == NULL)
-		return;
-
-	yyensure_buffer_stack();
-
-	/* This block is copied from yy_switch_to_buffer. */
-	if ( YY_CURRENT_BUFFER )
-		{
-		/* Flush out information for old buffer. */
-		*(yy_c_buf_p) = (yy_hold_char);
-		YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
-		}
-
-	/* Only push if top exists. Otherwise, replace top. */
-	if (YY_CURRENT_BUFFER)
-		(yy_buffer_stack_top)++;
-	YY_CURRENT_BUFFER_LVALUE = new_buffer;
-
-	/* copied from yy_switch_to_buffer. */
-	yy_load_buffer_state( );
-	(yy_did_buffer_switch_on_eof) = 1;
-}
-
-/** Removes and deletes the top of the stack, if present.
- *  The next element becomes the new top.
- *  
- */
-void yypop_buffer_state (void)
-{
-    	if (!YY_CURRENT_BUFFER)
-		return;
-
-	yy_delete_buffer(YY_CURRENT_BUFFER );
-	YY_CURRENT_BUFFER_LVALUE = NULL;
-	if ((yy_buffer_stack_top) > 0)
-		--(yy_buffer_stack_top);
-
-	if (YY_CURRENT_BUFFER) {
-		yy_load_buffer_state( );
-		(yy_did_buffer_switch_on_eof) = 1;
-	}
-}
-
-/* Allocates the stack if it does not exist.
- *  Guarantees space for at least one push.
- */
-static void yyensure_buffer_stack (void)
-{
-	int num_to_alloc;
-    
-	if (!(yy_buffer_stack)) {
-
-		/* First allocation is just for 2 elements, since we don't know if this
-		 * scanner will even need a stack. We use 2 instead of 1 to avoid an
-		 * immediate realloc on the next call.
-         */
-		num_to_alloc = 1;
-		(yy_buffer_stack) = (struct yy_buffer_state**)yyalloc
-								(num_to_alloc * sizeof(struct yy_buffer_state*)
-								);
-		
-		memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*));
-				
-		(yy_buffer_stack_max) = num_to_alloc;
-		(yy_buffer_stack_top) = 0;
-		return;
-	}
-
-	if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){
-
-		/* Increase the buffer to prepare for a possible push. */
-		int grow_size = 8 /* arbitrary grow size */;
-
-		num_to_alloc = (yy_buffer_stack_max) + grow_size;
-		(yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc
-								((yy_buffer_stack),
-								num_to_alloc * sizeof(struct yy_buffer_state*)
-								);
-
-		/* zero only the new slots.*/
-		memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*));
-		(yy_buffer_stack_max) = num_to_alloc;
-	}
-}
-
-/** Setup the input buffer state to scan directly from a user-specified character buffer.
- * @param base the character buffer
- * @param size the size in bytes of the character buffer
- * 
- * @return the newly allocated buffer state object. 
- */
-YY_BUFFER_STATE yy_scan_buffer  (char * base, yy_size_t  size )
-{
-	YY_BUFFER_STATE b;
-    
-	if ( size < 2 ||
-	     base[size-2] != YY_END_OF_BUFFER_CHAR ||
-	     base[size-1] != YY_END_OF_BUFFER_CHAR )
-		/* They forgot to leave room for the EOB's. */
-		return 0;
-
-	b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state )  );
-	if ( ! b )
-		YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" );
-
-	b->yy_buf_size = size - 2;	/* "- 2" to take care of EOB's */
-	b->yy_buf_pos = b->yy_ch_buf = base;
-	b->yy_is_our_buffer = 0;
-	b->yy_input_file = 0;
-	b->yy_n_chars = b->yy_buf_size;
-	b->yy_is_interactive = 0;
-	b->yy_at_bol = 1;
-	b->yy_fill_buffer = 0;
-	b->yy_buffer_status = YY_BUFFER_NEW;
-
-	yy_switch_to_buffer(b  );
-
-	return b;
-}
-
-/** Setup the input buffer state to scan a string. The next call to yylex() will
- * scan from a @e copy of @a str.
- * @param str a NUL-terminated string to scan
- * 
- * @return the newly allocated buffer state object.
- * @note If you want to scan bytes that may contain NUL values, then use
- *       yy_scan_bytes() instead.
- */
-YY_BUFFER_STATE yy_scan_string (yyconst char * yystr )
-{
-    
-	return yy_scan_bytes(yystr,strlen(yystr) );
-}
-
-/** Setup the input buffer state to scan the given bytes. The next call to yylex() will
- * scan from a @e copy of @a bytes.
- * @param bytes the byte buffer to scan
- * @param len the number of bytes in the buffer pointed to by @a bytes.
- * 
- * @return the newly allocated buffer state object.
- */
-YY_BUFFER_STATE yy_scan_bytes  (yyconst char * yybytes, int  _yybytes_len )
-{
-	YY_BUFFER_STATE b;
-	char *buf;
-	yy_size_t n;
-	int i;
-    
-	/* Get memory for full buffer, including space for trailing EOB's. */
-	n = _yybytes_len + 2;
-	buf = (char *) yyalloc(n  );
-	if ( ! buf )
-		YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" );
-
-	for ( i = 0; i < _yybytes_len; ++i )
-		buf[i] = yybytes[i];
-
-	buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR;
-
-	b = yy_scan_buffer(buf,n );
-	if ( ! b )
-		YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" );
-
-	/* It's okay to grow etc. this buffer, and we should throw it
-	 * away when we're done.
-	 */
-	b->yy_is_our_buffer = 1;
-
-	return b;
-}
-
-#ifndef YY_EXIT_FAILURE
-#define YY_EXIT_FAILURE 2
-#endif
-
-static void yy_fatal_error (yyconst char* msg )
-{
-    	(void) fprintf( stderr, "%s\n", msg );
-	exit( YY_EXIT_FAILURE );
-}
-
-/* Redefine yyless() so it works in section 3 code. */
-
-#undef yyless
-#define yyless(n) \
-	do \
-		{ \
-		/* Undo effects of setting up yytext. */ \
-        int yyless_macro_arg = (n); \
-        YY_LESS_LINENO(yyless_macro_arg);\
-		yytext[yyleng] = (yy_hold_char); \
-		(yy_c_buf_p) = yytext + yyless_macro_arg; \
-		(yy_hold_char) = *(yy_c_buf_p); \
-		*(yy_c_buf_p) = '\0'; \
-		yyleng = yyless_macro_arg; \
-		} \
-	while ( 0 )
-
-/* Accessor  methods (get/set functions) to struct members. */
-
-/** Get the current line number.
- * 
- */
-int yyget_lineno  (void)
-{
-        
-    return yylineno;
-}
-
-/** Get the input stream.
- * 
- */
-FILE *yyget_in  (void)
-{
-        return yyin;
-}
-
-/** Get the output stream.
- * 
- */
-FILE *yyget_out  (void)
-{
-        return yyout;
-}
-
-/** Get the length of the current token.
- * 
- */
-int yyget_leng  (void)
-{
-        return yyleng;
-}
-
-/** Get the current token.
- * 
- */
-
-char *yyget_text  (void)
-{
-        return yytext;
-}
-
-/** Set the current line number.
- * @param line_number
- * 
- */
-void yyset_lineno (int  line_number )
-{
-    
-    yylineno = line_number;
-}
-
-/** Set the input stream. This does not discard the current
- * input buffer.
- * @param in_str A readable stream.
- * 
- * @see yy_switch_to_buffer
- */
-void yyset_in (FILE *  in_str )
-{
-        yyin = in_str ;
-}
-
-void yyset_out (FILE *  out_str )
-{
-        yyout = out_str ;
-}
-
-int yyget_debug  (void)
-{
-        return yy_flex_debug;
-}
-
-void yyset_debug (int  bdebug )
-{
-        yy_flex_debug = bdebug ;
-}
-
-static int yy_init_globals (void)
-{
-        /* Initialization is the same as for the non-reentrant scanner.
-     * This function is called from yylex_destroy(), so don't allocate here.
-     */
-
-    (yy_buffer_stack) = 0;
-    (yy_buffer_stack_top) = 0;
-    (yy_buffer_stack_max) = 0;
-    (yy_c_buf_p) = (char *) 0;
-    (yy_init) = 0;
-    (yy_start) = 0;
-
-/* Defined in main.c */
-#ifdef YY_STDINIT
-    yyin = stdin;
-    yyout = stdout;
-#else
-    yyin = (FILE *) 0;
-    yyout = (FILE *) 0;
-#endif
-
-    /* For future reference: Set errno on error, since we are called by
-     * yylex_init()
-     */
-    return 0;
-}
-
-/* yylex_destroy is for both reentrant and non-reentrant scanners. */
-int yylex_destroy  (void)
-{
-    
-    /* Pop the buffer stack, destroying each element. */
-	while(YY_CURRENT_BUFFER){
-		yy_delete_buffer(YY_CURRENT_BUFFER  );
-		YY_CURRENT_BUFFER_LVALUE = NULL;
-		yypop_buffer_state();
-	}
-
-	/* Destroy the stack itself. */
-	yyfree((yy_buffer_stack) );
-	(yy_buffer_stack) = NULL;
-
-    /* Reset the globals. This is important in a non-reentrant scanner so the next time
-     * yylex() is called, initialization will occur. */
-    yy_init_globals( );
-
-    return 0;
-}
-
-/*
- * Internal utility routines.
- */
-
-#ifndef yytext_ptr
-static void yy_flex_strncpy (char* s1, yyconst char * s2, int n )
-{
-	register int i;
-	for ( i = 0; i < n; ++i )
-		s1[i] = s2[i];
-}
-#endif
-
-#ifdef YY_NEED_STRLEN
-static int yy_flex_strlen (yyconst char * s )
-{
-	register int n;
-	for ( n = 0; s[n]; ++n )
-		;
-
-	return n;
-}
-#endif
-
-void *yyalloc (yy_size_t  size )
-{
-	return (void *) malloc( size );
-}
-
-void *yyrealloc  (void * ptr, yy_size_t  size )
-{
-	/* The cast to (char *) in the following accommodates both
-	 * implementations that use char* generic pointers, and those
-	 * that use void* generic pointers.  It works with the latter
-	 * because both ANSI C and C++ allow castless assignment from
-	 * any pointer type to void*, and deal with argument conversions
-	 * as though doing an assignment.
-	 */
-	return (void *) realloc( (char *) ptr, size );
-}
-
-void yyfree (void * ptr )
-{
-	free( (char *) ptr );	/* see yyrealloc() for (char *) cast */
-}
-
-#define YYTABLES_NAME "yytables"
-
-#line 274 "lex.l"
-
-
-
-#ifndef yywrap /* XXX */
-int
-yywrap () 
-{
-     return 1;
-}
-#endif
-
-void
-error_message (const char *format, ...)
-{
-    va_list args;
-
-    va_start (args, format);
-    fprintf (stderr, "%s:%d: ", get_filename(), lineno);
-    vfprintf (stderr, format, args);
-    va_end (args);
-    error_flag++;
-}
-
-static void
-unterminated(const char *type, unsigned start_lineno)
-{
-    error_message("unterminated %s, possibly started on line %d\n", type, start_lineno);
-}
-
diff --git a/crypto/heimdal/lib/asn1/lex.h b/crypto/heimdal/lib/asn1/lex.h
deleted file mode 100644
index 7aececf6d7a0..000000000000
--- a/crypto/heimdal/lib/asn1/lex.h
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: lex.h 15617 2005-07-12 06:27:42Z lha $ */
-
-#include <roken.h>
-
-void error_message (const char *, ...)
-__attribute__ ((format (printf, 1, 2)));
-extern int error_flag;
-
-int yylex(void);
diff --git a/crypto/heimdal/lib/asn1/lex.l b/crypto/heimdal/lib/asn1/lex.l
deleted file mode 100644
index ec744220e9c0..000000000000
--- a/crypto/heimdal/lib/asn1/lex.l
+++ /dev/null
@@ -1,300 +0,0 @@
-%{
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: lex.l 18738 2006-10-21 11:57:22Z lha $ */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <stdio.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <string.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#undef ECHO
-#include "symbol.h"
-#include "parse.h"
-#include "lex.h"
-#include "gen_locl.h"
-
-static unsigned lineno = 1;
-
-#undef ECHO
-
-static void unterminated(const char *, unsigned);
-
-%}
-
-/* This is for broken old lexes (solaris 10 and hpux) */
-%e 2000
-%p 5000
-%a 5000
-%n 1000
-%o 10000
-
-%%
-ABSENT			{ return kw_ABSENT; }
-ABSTRACT-SYNTAX		{ return kw_ABSTRACT_SYNTAX; }
-ALL			{ return kw_ALL; }
-APPLICATION		{ return kw_APPLICATION; }
-AUTOMATIC		{ return kw_AUTOMATIC; }
-BEGIN			{ return kw_BEGIN; }
-BIT			{ return kw_BIT; }
-BMPString		{ return kw_BMPString; }
-BOOLEAN			{ return kw_BOOLEAN; }
-BY			{ return kw_BY; }
-CHARACTER		{ return kw_CHARACTER; }
-CHOICE			{ return kw_CHOICE; }
-CLASS			{ return kw_CLASS; }
-COMPONENT		{ return kw_COMPONENT; }
-COMPONENTS		{ return kw_COMPONENTS; }
-CONSTRAINED		{ return kw_CONSTRAINED; }
-CONTAINING		{ return kw_CONTAINING; }
-DEFAULT			{ return kw_DEFAULT; }
-DEFINITIONS		{ return kw_DEFINITIONS; }
-EMBEDDED		{ return kw_EMBEDDED; }
-ENCODED			{ return kw_ENCODED; }
-END			{ return kw_END; }
-ENUMERATED		{ return kw_ENUMERATED; }
-EXCEPT			{ return kw_EXCEPT; }
-EXPLICIT		{ return kw_EXPLICIT; }
-EXPORTS			{ return kw_EXPORTS; }
-EXTENSIBILITY		{ return kw_EXTENSIBILITY; }
-EXTERNAL		{ return kw_EXTERNAL; }
-FALSE			{ return kw_FALSE; }
-FROM			{ return kw_FROM; }
-GeneralString		{ return kw_GeneralString; }
-GeneralizedTime		{ return kw_GeneralizedTime; }
-GraphicString		{ return kw_GraphicString; }
-IA5String		{ return kw_IA5String; }
-IDENTIFIER		{ return kw_IDENTIFIER; }
-IMPLICIT		{ return kw_IMPLICIT; }
-IMPLIED			{ return kw_IMPLIED; }
-IMPORTS			{ return kw_IMPORTS; }
-INCLUDES		{ return kw_INCLUDES; }
-INSTANCE		{ return kw_INSTANCE; }
-INTEGER			{ return kw_INTEGER; }
-INTERSECTION		{ return kw_INTERSECTION; }
-ISO646String		{ return kw_ISO646String; }
-MAX			{ return kw_MAX; }
-MIN			{ return kw_MIN; }
-MINUS-INFINITY		{ return kw_MINUS_INFINITY; }
-NULL			{ return kw_NULL; }
-NumericString		{ return kw_NumericString; }
-OBJECT			{ return kw_OBJECT; }
-OCTET			{ return kw_OCTET; }
-OF			{ return kw_OF; }
-OPTIONAL		{ return kw_OPTIONAL; }
-ObjectDescriptor	{ return kw_ObjectDescriptor; }
-PATTERN			{ return kw_PATTERN; }
-PDV			{ return kw_PDV; }
-PLUS-INFINITY		{ return kw_PLUS_INFINITY; }
-PRESENT			{ return kw_PRESENT; }
-PRIVATE			{ return kw_PRIVATE; }
-PrintableString		{ return kw_PrintableString; }
-REAL			{ return kw_REAL; }
-RELATIVE_OID		{ return kw_RELATIVE_OID; }
-SEQUENCE		{ return kw_SEQUENCE; }
-SET			{ return kw_SET; }
-SIZE			{ return kw_SIZE; }
-STRING			{ return kw_STRING; }
-SYNTAX			{ return kw_SYNTAX; }
-T61String		{ return kw_T61String; }
-TAGS			{ return kw_TAGS; }
-TRUE			{ return kw_TRUE; }
-TYPE-IDENTIFIER		{ return kw_TYPE_IDENTIFIER; }
-TeletexString		{ return kw_TeletexString; }
-UNION			{ return kw_UNION; }
-UNIQUE			{ return kw_UNIQUE; }
-UNIVERSAL		{ return kw_UNIVERSAL; }
-UTCTime			{ return kw_UTCTime; }
-UTF8String		{ return kw_UTF8String; }
-UniversalString		{ return kw_UniversalString; }
-VideotexString		{ return kw_VideotexString; }
-VisibleString		{ return kw_VisibleString; }
-WITH			{ return kw_WITH; }
-[-,;{}()|]		{ return *yytext; }
-"["			{ return *yytext; }
-"]"			{ return *yytext; }
-::=			{ return EEQUAL; }
---			{ 
-			    int c, start_lineno = lineno;
-			    int f = 0;
-			    while((c = input()) != EOF) {
-				if(f && c == '-')
-				    break;
-				if(c == '-') {
-				    f = 1;
-				    continue;
-				}
-				if(c == '\n') {
-				    lineno++;
-				    break;
-				}
-				f = 0;
-			    }
-			    if(c == EOF)
-				unterminated("comment", start_lineno);
-			}
-\/\*			{ 
-			    int c, start_lineno = lineno;
-			    int level = 1;
-			    int seen_star = 0;
-			    int seen_slash = 0;
-			    while((c = input()) != EOF) {
-				if(c == '/') {
-				    if(seen_star) {
-					if(--level == 0)
-					    break;
-					seen_star = 0;
-					continue;
-				    }
-				    seen_slash = 1;
-				    continue;
-				}
-				if(seen_star && c == '/') {
-				    if(--level == 0)
-					break;
-				    seen_star = 0;
-				    continue;
-				}
-				if(c == '*') {
-				    if(seen_slash) {
-					level++;
-					seen_star = seen_slash = 0;
-					continue;
-				    } 
-				    seen_star = 1;
-				    continue;
-				}
-				seen_star = seen_slash = 0;
-				if(c == '\n') {
-				    lineno++;
-				    continue;
-				}
-			    }
-			    if(c == EOF)
-				unterminated("comment", start_lineno);
-			}
-"\""			{ 
-			    int start_lineno = lineno;
-			    int c;
-			    char buf[1024];
-			    char *p = buf;
-			    int f = 0;
-			    int skip_ws = 0;
-			    
-			    while((c = input()) != EOF) {
-				if(isspace(c) && skip_ws) {
-				    if(c == '\n')
-					lineno++;
-				    continue;
-				}
-				skip_ws = 0;
-				
-				if(c == '"') {
-				    if(f) {
-					*p++ = '"';
-					f = 0;
-				    } else
-					f = 1;
-				    continue;
-				}
-				if(f == 1) {
-				    unput(c);
-				    break;
-				}
-				if(c == '\n') {
-				    lineno++;
-				    while(p > buf && isspace((unsigned char)p[-1]))
-					p--;
-				    skip_ws = 1;
-				    continue;
-				}
-				*p++ = c;
-			    }
-			    if(c == EOF)
-				unterminated("string", start_lineno);
-			    *p++ = '\0';
-			    fprintf(stderr, "string -- %s\n", buf);
-			    yylval.name = estrdup(buf);
-			    return STRING; 
-			}
-
--?0x[0-9A-Fa-f]+|-?[0-9]+ { char *e, *y = yytext;
-			  yylval.constant = strtol((const char *)yytext,
-						   &e, 0);
-			  if(e == y) 
-			    error_message("malformed constant (%s)", yytext); 
-			  else
-			    return NUMBER;
-			}
-[A-Za-z][-A-Za-z0-9_]*	{
-			  yylval.name =  estrdup ((const char *)yytext);
-			  return IDENTIFIER;
-			}
-[ \t]			;
-\n			{ ++lineno; }
-\.\.\.			{ return ELLIPSIS; }
-\.\.			{ return RANGE; }
-.			{ error_message("Ignoring char(%c)\n", *yytext); }
-%%
-
-#ifndef yywrap /* XXX */
-int
-yywrap () 
-{
-     return 1;
-}
-#endif
-
-void
-error_message (const char *format, ...)
-{
-    va_list args;
-
-    va_start (args, format);
-    fprintf (stderr, "%s:%d: ", get_filename(), lineno);
-    vfprintf (stderr, format, args);
-    va_end (args);
-    error_flag++;
-}
-
-static void
-unterminated(const char *type, unsigned start_lineno)
-{
-    error_message("unterminated %s, possibly started on line %d\n", type, start_lineno);
-}
diff --git a/crypto/heimdal/lib/asn1/main.c b/crypto/heimdal/lib/asn1/main.c
deleted file mode 100644
index 3b4a8122cada..000000000000
--- a/crypto/heimdal/lib/asn1/main.c
+++ /dev/null
@@ -1,133 +0,0 @@
-/*
- * Copyright (c) 1997-2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gen_locl.h"
-#include <getarg.h>
-#include "lex.h"
-
-RCSID("$Id: main.c 20858 2007-06-03 18:56:41Z lha $");
-
-extern FILE *yyin;
-
-static getarg_strings preserve;
-static getarg_strings seq;
-
-int
-preserve_type(const char *p)
-{
-    int i;
-    for (i = 0; i < preserve.num_strings; i++)
-	if (strcmp(preserve.strings[i], p) == 0)
-	    return 1;
-    return 0;
-}
-
-int
-seq_type(const char *p)
-{
-    int i;
-    for (i = 0; i < seq.num_strings; i++)
-	if (strcmp(seq.strings[i], p) == 0)
-	    return 1;
-    return 0;
-}
-
-int dce_fix;
-int rfc1510_bitstring;
-int version_flag;
-int help_flag;
-struct getargs args[] = {
-    { "encode-rfc1510-bit-string", 0, arg_flag, &rfc1510_bitstring },
-    { "decode-dce-ber", 0, arg_flag, &dce_fix },
-    { "preserve-binary", 0, arg_strings, &preserve },
-    { "sequence", 0, arg_strings, &seq },
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 0, arg_flag, &help_flag }
-};
-int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(int code)
-{
-    arg_printusage(args, num_args, NULL, "[asn1-file [name]]");
-    exit(code);
-}
-
-int error_flag;
-
-int
-main(int argc, char **argv)
-{
-    int ret;
-    const char *file;
-    const char *name = NULL;
-    int optidx = 0;
-
-    setprogname(argv[0]);
-    if(getarg(args, num_args, argc, argv, &optidx))
-	usage(1);
-    if(help_flag)
-	usage(0);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-    if (argc == optidx) {
-	file = "stdin";
-	name = "stdin";
-	yyin = stdin;
-    } else {
-	file = argv[optidx];
-	yyin = fopen (file, "r");
-	if (yyin == NULL)
-	    err (1, "open %s", file);
-	if (argc == optidx + 1) {
-	    char *p;
-	    name = estrdup(file);
-	    p = strrchr(name, '.');
-	    if (p)
-		*p = '\0';
-	} else
-	    name = argv[optidx + 1];
-    }
-
-    init_generate (file, name);
-    initsym ();
-    ret = yyparse ();
-    if(ret != 0 || error_flag != 0)
-	exit(1);
-    close_generate ();
-    if (argc != optidx)
-	fclose(yyin);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/asn1/parse.c b/crypto/heimdal/lib/asn1/parse.c
deleted file mode 100644
index 9800d54de838..000000000000
--- a/crypto/heimdal/lib/asn1/parse.c
+++ /dev/null
@@ -1,2831 +0,0 @@
-/* A Bison parser, made by GNU Bison 2.3.  */
-
-/* Skeleton implementation for Bison's Yacc-like parsers in C
-
-   Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
-   Free Software Foundation, Inc.
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2, or (at your option)
-   any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 51 Franklin Street, Fifth Floor,
-   Boston, MA 02110-1301, USA.  */
-
-/* As a special exception, you may create a larger work that contains
-   part or all of the Bison parser skeleton and distribute that work
-   under terms of your choice, so long as that work isn't itself a
-   parser generator using the skeleton or a modified version thereof
-   as a parser skeleton.  Alternatively, if you modify or redistribute
-   the parser skeleton itself, you may (at your option) remove this
-   special exception, which will cause the skeleton and the resulting
-   Bison output files to be licensed under the GNU General Public
-   License without this special exception.
-
-   This special exception was added by the Free Software Foundation in
-   version 2.2 of Bison.  */
-
-/* C LALR(1) parser skeleton written by Richard Stallman, by
-   simplifying the original so-called "semantic" parser.  */
-
-/* All symbols defined below should begin with yy or YY, to avoid
-   infringing on user name space.  This should be done even for local
-   variables, as they might otherwise be expanded by user macros.
-   There are some unavoidable exceptions within include files to
-   define necessary library symbols; they are noted "INFRINGES ON
-   USER NAME SPACE" below.  */
-
-/* Identify Bison output.  */
-#define YYBISON 1
-
-/* Bison version.  */
-#define YYBISON_VERSION "2.3"
-
-/* Skeleton name.  */
-#define YYSKELETON_NAME "yacc.c"
-
-/* Pure parsers.  */
-#define YYPURE 0
-
-/* Using locations.  */
-#define YYLSP_NEEDED 0
-
-
-
-/* Tokens.  */
-#ifndef YYTOKENTYPE
-# define YYTOKENTYPE
-   /* Put the tokens into the symbol table, so that GDB and other debuggers
-      know about them.  */
-   enum yytokentype {
-     kw_ABSENT = 258,
-     kw_ABSTRACT_SYNTAX = 259,
-     kw_ALL = 260,
-     kw_APPLICATION = 261,
-     kw_AUTOMATIC = 262,
-     kw_BEGIN = 263,
-     kw_BIT = 264,
-     kw_BMPString = 265,
-     kw_BOOLEAN = 266,
-     kw_BY = 267,
-     kw_CHARACTER = 268,
-     kw_CHOICE = 269,
-     kw_CLASS = 270,
-     kw_COMPONENT = 271,
-     kw_COMPONENTS = 272,
-     kw_CONSTRAINED = 273,
-     kw_CONTAINING = 274,
-     kw_DEFAULT = 275,
-     kw_DEFINITIONS = 276,
-     kw_EMBEDDED = 277,
-     kw_ENCODED = 278,
-     kw_END = 279,
-     kw_ENUMERATED = 280,
-     kw_EXCEPT = 281,
-     kw_EXPLICIT = 282,
-     kw_EXPORTS = 283,
-     kw_EXTENSIBILITY = 284,
-     kw_EXTERNAL = 285,
-     kw_FALSE = 286,
-     kw_FROM = 287,
-     kw_GeneralString = 288,
-     kw_GeneralizedTime = 289,
-     kw_GraphicString = 290,
-     kw_IA5String = 291,
-     kw_IDENTIFIER = 292,
-     kw_IMPLICIT = 293,
-     kw_IMPLIED = 294,
-     kw_IMPORTS = 295,
-     kw_INCLUDES = 296,
-     kw_INSTANCE = 297,
-     kw_INTEGER = 298,
-     kw_INTERSECTION = 299,
-     kw_ISO646String = 300,
-     kw_MAX = 301,
-     kw_MIN = 302,
-     kw_MINUS_INFINITY = 303,
-     kw_NULL = 304,
-     kw_NumericString = 305,
-     kw_OBJECT = 306,
-     kw_OCTET = 307,
-     kw_OF = 308,
-     kw_OPTIONAL = 309,
-     kw_ObjectDescriptor = 310,
-     kw_PATTERN = 311,
-     kw_PDV = 312,
-     kw_PLUS_INFINITY = 313,
-     kw_PRESENT = 314,
-     kw_PRIVATE = 315,
-     kw_PrintableString = 316,
-     kw_REAL = 317,
-     kw_RELATIVE_OID = 318,
-     kw_SEQUENCE = 319,
-     kw_SET = 320,
-     kw_SIZE = 321,
-     kw_STRING = 322,
-     kw_SYNTAX = 323,
-     kw_T61String = 324,
-     kw_TAGS = 325,
-     kw_TRUE = 326,
-     kw_TYPE_IDENTIFIER = 327,
-     kw_TeletexString = 328,
-     kw_UNION = 329,
-     kw_UNIQUE = 330,
-     kw_UNIVERSAL = 331,
-     kw_UTCTime = 332,
-     kw_UTF8String = 333,
-     kw_UniversalString = 334,
-     kw_VideotexString = 335,
-     kw_VisibleString = 336,
-     kw_WITH = 337,
-     RANGE = 338,
-     EEQUAL = 339,
-     ELLIPSIS = 340,
-     IDENTIFIER = 341,
-     referencename = 342,
-     STRING = 343,
-     NUMBER = 344
-   };
-#endif
-/* Tokens.  */
-#define kw_ABSENT 258
-#define kw_ABSTRACT_SYNTAX 259
-#define kw_ALL 260
-#define kw_APPLICATION 261
-#define kw_AUTOMATIC 262
-#define kw_BEGIN 263
-#define kw_BIT 264
-#define kw_BMPString 265
-#define kw_BOOLEAN 266
-#define kw_BY 267
-#define kw_CHARACTER 268
-#define kw_CHOICE 269
-#define kw_CLASS 270
-#define kw_COMPONENT 271
-#define kw_COMPONENTS 272
-#define kw_CONSTRAINED 273
-#define kw_CONTAINING 274
-#define kw_DEFAULT 275
-#define kw_DEFINITIONS 276
-#define kw_EMBEDDED 277
-#define kw_ENCODED 278
-#define kw_END 279
-#define kw_ENUMERATED 280
-#define kw_EXCEPT 281
-#define kw_EXPLICIT 282
-#define kw_EXPORTS 283
-#define kw_EXTENSIBILITY 284
-#define kw_EXTERNAL 285
-#define kw_FALSE 286
-#define kw_FROM 287
-#define kw_GeneralString 288
-#define kw_GeneralizedTime 289
-#define kw_GraphicString 290
-#define kw_IA5String 291
-#define kw_IDENTIFIER 292
-#define kw_IMPLICIT 293
-#define kw_IMPLIED 294
-#define kw_IMPORTS 295
-#define kw_INCLUDES 296
-#define kw_INSTANCE 297
-#define kw_INTEGER 298
-#define kw_INTERSECTION 299
-#define kw_ISO646String 300
-#define kw_MAX 301
-#define kw_MIN 302
-#define kw_MINUS_INFINITY 303
-#define kw_NULL 304
-#define kw_NumericString 305
-#define kw_OBJECT 306
-#define kw_OCTET 307
-#define kw_OF 308
-#define kw_OPTIONAL 309
-#define kw_ObjectDescriptor 310
-#define kw_PATTERN 311
-#define kw_PDV 312
-#define kw_PLUS_INFINITY 313
-#define kw_PRESENT 314
-#define kw_PRIVATE 315
-#define kw_PrintableString 316
-#define kw_REAL 317
-#define kw_RELATIVE_OID 318
-#define kw_SEQUENCE 319
-#define kw_SET 320
-#define kw_SIZE 321
-#define kw_STRING 322
-#define kw_SYNTAX 323
-#define kw_T61String 324
-#define kw_TAGS 325
-#define kw_TRUE 326
-#define kw_TYPE_IDENTIFIER 327
-#define kw_TeletexString 328
-#define kw_UNION 329
-#define kw_UNIQUE 330
-#define kw_UNIVERSAL 331
-#define kw_UTCTime 332
-#define kw_UTF8String 333
-#define kw_UniversalString 334
-#define kw_VideotexString 335
-#define kw_VisibleString 336
-#define kw_WITH 337
-#define RANGE 338
-#define EEQUAL 339
-#define ELLIPSIS 340
-#define IDENTIFIER 341
-#define referencename 342
-#define STRING 343
-#define NUMBER 344
-
-
-
-
-/* Copy the first part of user declarations.  */
-#line 36 "parse.y"
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "symbol.h"
-#include "lex.h"
-#include "gen_locl.h"
-#include "der.h"
-
-RCSID("$Id: parse.y 21597 2007-07-16 18:48:58Z lha $");
-
-static Type *new_type (Typetype t);
-static struct constraint_spec *new_constraint_spec(enum ctype);
-static Type *new_tag(int tagclass, int tagvalue, int tagenv, Type *oldtype);
-void yyerror (const char *);
-static struct objid *new_objid(const char *label, int value);
-static void add_oid_to_tail(struct objid *, struct objid *);
-static void fix_labels(Symbol *s);
-
-struct string_list {
-    char *string;
-    struct string_list *next;
-};
-
-
-
-/* Enabling traces.  */
-#ifndef YYDEBUG
-# define YYDEBUG 1
-#endif
-
-/* Enabling verbose error messages.  */
-#ifdef YYERROR_VERBOSE
-# undef YYERROR_VERBOSE
-# define YYERROR_VERBOSE 1
-#else
-# define YYERROR_VERBOSE 0
-#endif
-
-/* Enabling the token table.  */
-#ifndef YYTOKEN_TABLE
-# define YYTOKEN_TABLE 0
-#endif
-
-#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
-typedef union YYSTYPE
-#line 65 "parse.y"
-{
-    int constant;
-    struct value *value;
-    struct range *range;
-    char *name;
-    Type *type;
-    Member *member;
-    struct objid *objid;
-    char *defval;
-    struct string_list *sl;
-    struct tagtype tag;
-    struct memhead *members;
-    struct constraint_spec *constraint_spec;
-}
-/* Line 193 of yacc.c.  */
-#line 318 "parse.c"
-	YYSTYPE;
-# define yystype YYSTYPE /* obsolescent; will be withdrawn */
-# define YYSTYPE_IS_DECLARED 1
-# define YYSTYPE_IS_TRIVIAL 1
-#endif
-
-
-
-/* Copy the second part of user declarations.  */
-
-
-/* Line 216 of yacc.c.  */
-#line 331 "parse.c"
-
-#ifdef short
-# undef short
-#endif
-
-#ifdef YYTYPE_UINT8
-typedef YYTYPE_UINT8 yytype_uint8;
-#else
-typedef unsigned char yytype_uint8;
-#endif
-
-#ifdef YYTYPE_INT8
-typedef YYTYPE_INT8 yytype_int8;
-#elif (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-typedef signed char yytype_int8;
-#else
-typedef short int yytype_int8;
-#endif
-
-#ifdef YYTYPE_UINT16
-typedef YYTYPE_UINT16 yytype_uint16;
-#else
-typedef unsigned short int yytype_uint16;
-#endif
-
-#ifdef YYTYPE_INT16
-typedef YYTYPE_INT16 yytype_int16;
-#else
-typedef short int yytype_int16;
-#endif
-
-#ifndef YYSIZE_T
-# ifdef __SIZE_TYPE__
-#  define YYSIZE_T __SIZE_TYPE__
-# elif defined size_t
-#  define YYSIZE_T size_t
-# elif ! defined YYSIZE_T && (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-#  include <stddef.h> /* INFRINGES ON USER NAME SPACE */
-#  define YYSIZE_T size_t
-# else
-#  define YYSIZE_T unsigned int
-# endif
-#endif
-
-#define YYSIZE_MAXIMUM ((YYSIZE_T) -1)
-
-#ifndef YY_
-# if defined YYENABLE_NLS && YYENABLE_NLS
-#  if ENABLE_NLS
-#   include <libintl.h> /* INFRINGES ON USER NAME SPACE */
-#   define YY_(msgid) dgettext ("bison-runtime", msgid)
-#  endif
-# endif
-# ifndef YY_
-#  define YY_(msgid) msgid
-# endif
-#endif
-
-/* Suppress unused-variable warnings by "using" E.  */
-#if ! defined lint || defined __GNUC__
-# define YYUSE(e) ((void) (e))
-#else
-# define YYUSE(e) /* empty */
-#endif
-
-/* Identity function, used to suppress warnings about constant conditions.  */
-#ifndef lint
-# define YYID(n) (n)
-#else
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static int
-YYID (int i)
-#else
-static int
-YYID (i)
-    int i;
-#endif
-{
-  return i;
-}
-#endif
-
-#if ! defined yyoverflow || YYERROR_VERBOSE
-
-/* The parser invokes alloca or malloc; define the necessary symbols.  */
-
-# ifdef YYSTACK_USE_ALLOCA
-#  if YYSTACK_USE_ALLOCA
-#   ifdef __GNUC__
-#    define YYSTACK_ALLOC __builtin_alloca
-#   elif defined __BUILTIN_VA_ARG_INCR
-#    include <alloca.h> /* INFRINGES ON USER NAME SPACE */
-#   elif defined _AIX
-#    define YYSTACK_ALLOC __alloca
-#   elif defined _MSC_VER
-#    include <malloc.h> /* INFRINGES ON USER NAME SPACE */
-#    define alloca _alloca
-#   else
-#    define YYSTACK_ALLOC alloca
-#    if ! defined _ALLOCA_H && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-#     include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
-#     ifndef _STDLIB_H
-#      define _STDLIB_H 1
-#     endif
-#    endif
-#   endif
-#  endif
-# endif
-
-# ifdef YYSTACK_ALLOC
-   /* Pacify GCC's `empty if-body' warning.  */
-#  define YYSTACK_FREE(Ptr) do { /* empty */; } while (YYID (0))
-#  ifndef YYSTACK_ALLOC_MAXIMUM
-    /* The OS might guarantee only one guard page at the bottom of the stack,
-       and a page size can be as small as 4096 bytes.  So we cannot safely
-       invoke alloca (N) if N exceeds 4096.  Use a slightly smaller number
-       to allow for a few compiler-allocated temporary stack slots.  */
-#   define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2006 */
-#  endif
-# else
-#  define YYSTACK_ALLOC YYMALLOC
-#  define YYSTACK_FREE YYFREE
-#  ifndef YYSTACK_ALLOC_MAXIMUM
-#   define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM
-#  endif
-#  if (defined __cplusplus && ! defined _STDLIB_H \
-       && ! ((defined YYMALLOC || defined malloc) \
-	     && (defined YYFREE || defined free)))
-#   include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
-#   ifndef _STDLIB_H
-#    define _STDLIB_H 1
-#   endif
-#  endif
-#  ifndef YYMALLOC
-#   define YYMALLOC malloc
-#   if ! defined malloc && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */
-#   endif
-#  endif
-#  ifndef YYFREE
-#   define YYFREE free
-#   if ! defined free && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-void free (void *); /* INFRINGES ON USER NAME SPACE */
-#   endif
-#  endif
-# endif
-#endif /* ! defined yyoverflow || YYERROR_VERBOSE */
-
-
-#if (! defined yyoverflow \
-     && (! defined __cplusplus \
-	 || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL)))
-
-/* A type that is properly aligned for any stack member.  */
-union yyalloc
-{
-  yytype_int16 yyss;
-  YYSTYPE yyvs;
-  };
-
-/* The size of the maximum gap between one aligned stack and the next.  */
-# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1)
-
-/* The size of an array large to enough to hold all stacks, each with
-   N elements.  */
-# define YYSTACK_BYTES(N) \
-     ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \
-      + YYSTACK_GAP_MAXIMUM)
-
-/* Copy COUNT objects from FROM to TO.  The source and destination do
-   not overlap.  */
-# ifndef YYCOPY
-#  if defined __GNUC__ && 1 < __GNUC__
-#   define YYCOPY(To, From, Count) \
-      __builtin_memcpy (To, From, (Count) * sizeof (*(From)))
-#  else
-#   define YYCOPY(To, From, Count)		\
-      do					\
-	{					\
-	  YYSIZE_T yyi;				\
-	  for (yyi = 0; yyi < (Count); yyi++)	\
-	    (To)[yyi] = (From)[yyi];		\
-	}					\
-      while (YYID (0))
-#  endif
-# endif
-
-/* Relocate STACK from its old location to the new one.  The
-   local variables YYSIZE and YYSTACKSIZE give the old and new number of
-   elements in the stack, and YYPTR gives the new location of the
-   stack.  Advance YYPTR to a properly aligned location for the next
-   stack.  */
-# define YYSTACK_RELOCATE(Stack)					\
-    do									\
-      {									\
-	YYSIZE_T yynewbytes;						\
-	YYCOPY (&yyptr->Stack, Stack, yysize);				\
-	Stack = &yyptr->Stack;						\
-	yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \
-	yyptr += yynewbytes / sizeof (*yyptr);				\
-      }									\
-    while (YYID (0))
-
-#endif
-
-/* YYFINAL -- State number of the termination state.  */
-#define YYFINAL  6
-/* YYLAST -- Last index in YYTABLE.  */
-#define YYLAST   195
-
-/* YYNTOKENS -- Number of terminals.  */
-#define YYNTOKENS  98
-/* YYNNTS -- Number of nonterminals.  */
-#define YYNNTS  68
-/* YYNRULES -- Number of rules.  */
-#define YYNRULES  136
-/* YYNRULES -- Number of states.  */
-#define YYNSTATES  214
-
-/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX.  */
-#define YYUNDEFTOK  2
-#define YYMAXUTOK   344
-
-#define YYTRANSLATE(YYX)						\
-  ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK)
-
-/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX.  */
-static const yytype_uint8 yytranslate[] =
-{
-       0,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-      92,    93,     2,     2,    91,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,    90,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,    96,     2,    97,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,    94,     2,    95,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     1,     2,     3,     4,
-       5,     6,     7,     8,     9,    10,    11,    12,    13,    14,
-      15,    16,    17,    18,    19,    20,    21,    22,    23,    24,
-      25,    26,    27,    28,    29,    30,    31,    32,    33,    34,
-      35,    36,    37,    38,    39,    40,    41,    42,    43,    44,
-      45,    46,    47,    48,    49,    50,    51,    52,    53,    54,
-      55,    56,    57,    58,    59,    60,    61,    62,    63,    64,
-      65,    66,    67,    68,    69,    70,    71,    72,    73,    74,
-      75,    76,    77,    78,    79,    80,    81,    82,    83,    84,
-      85,    86,    87,    88,    89
-};
-
-#if YYDEBUG
-/* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in
-   YYRHS.  */
-static const yytype_uint16 yyprhs[] =
-{
-       0,     0,     3,    13,    16,    19,    22,    23,    26,    27,
-      30,    31,    35,    36,    38,    39,    41,    44,    49,    51,
-      54,    56,    58,    62,    64,    68,    70,    72,    74,    76,
-      78,    80,    82,    84,    86,    88,    90,    92,    94,    96,
-      98,   100,   102,   104,   110,   116,   122,   126,   128,   131,
-     136,   138,   142,   146,   151,   156,   158,   161,   167,   170,
-     174,   176,   177,   180,   185,   189,   194,   199,   203,   207,
-     212,   214,   216,   218,   220,   222,   225,   229,   231,   233,
-     235,   238,   242,   248,   253,   257,   262,   263,   265,   267,
-     269,   270,   272,   274,   279,   281,   283,   285,   287,   289,
-     291,   293,   295,   297,   301,   305,   308,   310,   313,   317,
-     319,   323,   328,   330,   331,   335,   336,   339,   344,   346,
-     348,   350,   352,   354,   356,   358,   360,   362,   364,   366,
-     368,   370,   372,   374,   376,   378,   380
-};
-
-/* YYRHS -- A `-1'-separated list of the rules' RHS.  */
-static const yytype_int16 yyrhs[] =
-{
-      99,     0,    -1,    86,   151,    21,   100,   101,    84,     8,
-     102,    24,    -1,    27,    70,    -1,    38,    70,    -1,     7,
-      70,    -1,    -1,    29,    39,    -1,    -1,   103,   107,    -1,
-      -1,    40,   104,    90,    -1,    -1,   105,    -1,    -1,   106,
-      -1,   105,   106,    -1,   109,    32,    86,   151,    -1,   108,
-      -1,   108,   107,    -1,   110,    -1,   143,    -1,    86,    91,
-     109,    -1,    86,    -1,    86,    84,   111,    -1,   112,    -1,
-     130,    -1,   133,    -1,   120,    -1,   113,    -1,   144,    -1,
-     129,    -1,   118,    -1,   115,    -1,   123,    -1,   121,    -1,
-     122,    -1,   125,    -1,   126,    -1,   127,    -1,   128,    -1,
-     139,    -1,    11,    -1,    92,   155,    83,   155,    93,    -1,
-      92,   155,    83,    46,    93,    -1,    92,    47,    83,   155,
-      93,    -1,    92,   155,    93,    -1,    43,    -1,    43,   114,
-      -1,    43,    94,   116,    95,    -1,   117,    -1,   116,    91,
-     117,    -1,   116,    91,    85,    -1,    86,    92,   163,    93,
-      -1,    25,    94,   119,    95,    -1,   116,    -1,     9,    67,
-      -1,     9,    67,    94,   149,    95,    -1,    51,    37,    -1,
-      52,    67,   124,    -1,    49,    -1,    -1,    66,   114,    -1,
-      64,    94,   146,    95,    -1,    64,    94,    95,    -1,    64,
-     124,    53,   111,    -1,    65,    94,   146,    95,    -1,    65,
-      94,    95,    -1,    65,    53,   111,    -1,    14,    94,   146,
-      95,    -1,   131,    -1,   132,    -1,    86,    -1,    34,    -1,
-      77,    -1,   111,   134,    -1,    92,   135,    93,    -1,   136,
-      -1,   137,    -1,   138,    -1,    19,   111,    -1,    23,    12,
-     155,    -1,    19,   111,    23,    12,   155,    -1,    18,    12,
-      94,    95,    -1,   140,   142,   111,    -1,    96,   141,    89,
-      97,    -1,    -1,    76,    -1,     6,    -1,    60,    -1,    -1,
-      27,    -1,    38,    -1,    86,   111,    84,   155,    -1,   145,
-      -1,    33,    -1,    78,    -1,    61,    -1,    81,    -1,    36,
-      -1,    10,    -1,    79,    -1,   148,    -1,   146,    91,   148,
-      -1,   146,    91,    85,    -1,    86,   111,    -1,   147,    -1,
-     147,    54,    -1,   147,    20,   155,    -1,   150,    -1,   149,
-      91,   150,    -1,    86,    92,    89,    93,    -1,   152,    -1,
-      -1,    94,   153,    95,    -1,    -1,   154,   153,    -1,    86,
-      92,    89,    93,    -1,    86,    -1,    89,    -1,   156,    -1,
-     157,    -1,   161,    -1,   160,    -1,   162,    -1,   165,    -1,
-     164,    -1,   158,    -1,   159,    -1,    86,    -1,    88,    -1,
-      71,    -1,    31,    -1,   163,    -1,    89,    -1,    49,    -1,
-     152,    -1
-};
-
-/* YYRLINE[YYN] -- source line where rule number YYN was defined.  */
-static const yytype_uint16 yyrline[] =
-{
-       0,   233,   233,   240,   241,   243,   245,   248,   250,   253,
-     254,   257,   258,   261,   262,   265,   266,   269,   280,   281,
-     284,   285,   288,   294,   302,   312,   313,   314,   317,   318,
-     319,   320,   321,   322,   323,   324,   325,   326,   327,   328,
-     329,   330,   333,   340,   350,   358,   366,   377,   382,   388,
-     396,   402,   407,   411,   424,   432,   435,   442,   450,   456,
-     465,   473,   474,   479,   485,   493,   502,   508,   516,   524,
-     531,   532,   535,   546,   551,   558,   574,   580,   583,   584,
-     587,   593,   601,   611,   617,   630,   639,   642,   646,   650,
-     657,   660,   664,   671,   682,   685,   690,   695,   700,   705,
-     710,   715,   723,   729,   734,   745,   756,   762,   768,   776,
-     782,   789,   802,   803,   806,   813,   816,   827,   831,   842,
-     848,   849,   852,   853,   854,   855,   856,   859,   862,   865,
-     876,   884,   890,   898,   906,   909,   914
-};
-#endif
-
-#if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE
-/* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM.
-   First, the terminals, then, starting at YYNTOKENS, nonterminals.  */
-static const char *const yytname[] =
-{
-  "$end", "error", "$undefined", "kw_ABSENT", "kw_ABSTRACT_SYNTAX",
-  "kw_ALL", "kw_APPLICATION", "kw_AUTOMATIC", "kw_BEGIN", "kw_BIT",
-  "kw_BMPString", "kw_BOOLEAN", "kw_BY", "kw_CHARACTER", "kw_CHOICE",
-  "kw_CLASS", "kw_COMPONENT", "kw_COMPONENTS", "kw_CONSTRAINED",
-  "kw_CONTAINING", "kw_DEFAULT", "kw_DEFINITIONS", "kw_EMBEDDED",
-  "kw_ENCODED", "kw_END", "kw_ENUMERATED", "kw_EXCEPT", "kw_EXPLICIT",
-  "kw_EXPORTS", "kw_EXTENSIBILITY", "kw_EXTERNAL", "kw_FALSE", "kw_FROM",
-  "kw_GeneralString", "kw_GeneralizedTime", "kw_GraphicString",
-  "kw_IA5String", "kw_IDENTIFIER", "kw_IMPLICIT", "kw_IMPLIED",
-  "kw_IMPORTS", "kw_INCLUDES", "kw_INSTANCE", "kw_INTEGER",
-  "kw_INTERSECTION", "kw_ISO646String", "kw_MAX", "kw_MIN",
-  "kw_MINUS_INFINITY", "kw_NULL", "kw_NumericString", "kw_OBJECT",
-  "kw_OCTET", "kw_OF", "kw_OPTIONAL", "kw_ObjectDescriptor", "kw_PATTERN",
-  "kw_PDV", "kw_PLUS_INFINITY", "kw_PRESENT", "kw_PRIVATE",
-  "kw_PrintableString", "kw_REAL", "kw_RELATIVE_OID", "kw_SEQUENCE",
-  "kw_SET", "kw_SIZE", "kw_STRING", "kw_SYNTAX", "kw_T61String", "kw_TAGS",
-  "kw_TRUE", "kw_TYPE_IDENTIFIER", "kw_TeletexString", "kw_UNION",
-  "kw_UNIQUE", "kw_UNIVERSAL", "kw_UTCTime", "kw_UTF8String",
-  "kw_UniversalString", "kw_VideotexString", "kw_VisibleString", "kw_WITH",
-  "RANGE", "EEQUAL", "ELLIPSIS", "IDENTIFIER", "referencename", "STRING",
-  "NUMBER", "';'", "','", "'('", "')'", "'{'", "'}'", "'['", "']'",
-  "$accept", "ModuleDefinition", "TagDefault", "ExtensionDefault",
-  "ModuleBody", "Imports", "SymbolsImported", "SymbolsFromModuleList",
-  "SymbolsFromModule", "AssignmentList", "Assignment", "referencenames",
-  "TypeAssignment", "Type", "BuiltinType", "BooleanType", "range",
-  "IntegerType", "NamedNumberList", "NamedNumber", "EnumeratedType",
-  "Enumerations", "BitStringType", "ObjectIdentifierType",
-  "OctetStringType", "NullType", "size", "SequenceType", "SequenceOfType",
-  "SetType", "SetOfType", "ChoiceType", "ReferencedType", "DefinedType",
-  "UsefulType", "ConstrainedType", "Constraint", "ConstraintSpec",
-  "GeneralConstraint", "ContentsConstraint", "UserDefinedConstraint",
-  "TaggedType", "Tag", "Class", "tagenv", "ValueAssignment",
-  "CharacterStringType", "RestrictedCharactedStringType",
-  "ComponentTypeList", "NamedType", "ComponentType", "NamedBitList",
-  "NamedBit", "objid_opt", "objid", "objid_list", "objid_element", "Value",
-  "BuiltinValue", "ReferencedValue", "DefinedValue", "Valuereference",
-  "CharacterStringValue", "BooleanValue", "IntegerValue", "SignedNumber",
-  "NullValue", "ObjectIdentifierValue", 0
-};
-#endif
-
-# ifdef YYPRINT
-/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to
-   token YYLEX-NUM.  */
-static const yytype_uint16 yytoknum[] =
-{
-       0,   256,   257,   258,   259,   260,   261,   262,   263,   264,
-     265,   266,   267,   268,   269,   270,   271,   272,   273,   274,
-     275,   276,   277,   278,   279,   280,   281,   282,   283,   284,
-     285,   286,   287,   288,   289,   290,   291,   292,   293,   294,
-     295,   296,   297,   298,   299,   300,   301,   302,   303,   304,
-     305,   306,   307,   308,   309,   310,   311,   312,   313,   314,
-     315,   316,   317,   318,   319,   320,   321,   322,   323,   324,
-     325,   326,   327,   328,   329,   330,   331,   332,   333,   334,
-     335,   336,   337,   338,   339,   340,   341,   342,   343,   344,
-      59,    44,    40,    41,   123,   125,    91,    93
-};
-# endif
-
-/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives.  */
-static const yytype_uint8 yyr1[] =
-{
-       0,    98,    99,   100,   100,   100,   100,   101,   101,   102,
-     102,   103,   103,   104,   104,   105,   105,   106,   107,   107,
-     108,   108,   109,   109,   110,   111,   111,   111,   112,   112,
-     112,   112,   112,   112,   112,   112,   112,   112,   112,   112,
-     112,   112,   113,   114,   114,   114,   114,   115,   115,   115,
-     116,   116,   116,   117,   118,   119,   120,   120,   121,   122,
-     123,   124,   124,   125,   125,   126,   127,   127,   128,   129,
-     130,   130,   131,   132,   132,   133,   134,   135,   136,   136,
-     137,   137,   137,   138,   139,   140,   141,   141,   141,   141,
-     142,   142,   142,   143,   144,   145,   145,   145,   145,   145,
-     145,   145,   146,   146,   146,   147,   148,   148,   148,   149,
-     149,   150,   151,   151,   152,   153,   153,   154,   154,   154,
-     155,   155,   156,   156,   156,   156,   156,   157,   158,   159,
-     160,   161,   161,   162,   163,   164,   165
-};
-
-/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN.  */
-static const yytype_uint8 yyr2[] =
-{
-       0,     2,     9,     2,     2,     2,     0,     2,     0,     2,
-       0,     3,     0,     1,     0,     1,     2,     4,     1,     2,
-       1,     1,     3,     1,     3,     1,     1,     1,     1,     1,
-       1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
-       1,     1,     1,     5,     5,     5,     3,     1,     2,     4,
-       1,     3,     3,     4,     4,     1,     2,     5,     2,     3,
-       1,     0,     2,     4,     3,     4,     4,     3,     3,     4,
-       1,     1,     1,     1,     1,     2,     3,     1,     1,     1,
-       2,     3,     5,     4,     3,     4,     0,     1,     1,     1,
-       0,     1,     1,     4,     1,     1,     1,     1,     1,     1,
-       1,     1,     1,     3,     3,     2,     1,     2,     3,     1,
-       3,     4,     1,     0,     3,     0,     2,     4,     1,     1,
-       1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
-       1,     1,     1,     1,     1,     1,     1
-};
-
-/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state
-   STATE-NUM when YYTABLE doesn't specify something else to do.  Zero
-   means the default is an error.  */
-static const yytype_uint8 yydefact[] =
-{
-       0,   113,     0,   115,     0,   112,     1,   118,   119,     0,
-     115,     6,     0,   114,   116,     0,     0,     0,     8,     0,
-       5,     3,     4,     0,     0,   117,     7,     0,    10,    14,
-       0,     0,    23,     0,    13,    15,     0,     2,     0,     9,
-      18,    20,    21,     0,    11,    16,     0,     0,   100,    42,
-       0,     0,    95,    73,    99,    47,    60,     0,     0,    97,
-      61,     0,    74,    96,   101,    98,     0,    72,    86,     0,
-      25,    29,    33,    32,    28,    35,    36,    34,    37,    38,
-      39,    40,    31,    26,    70,    71,    27,    41,    90,    30,
-      94,    19,    22,   113,    56,     0,     0,     0,     0,    48,
-      58,    61,     0,     0,     0,     0,     0,    24,    88,    89,
-      87,     0,     0,     0,    75,    91,    92,     0,    17,     0,
-       0,     0,   106,   102,     0,    55,    50,     0,   132,     0,
-     135,   131,   129,   130,   134,   136,     0,   120,   121,   127,
-     128,   123,   122,   124,   133,   126,   125,     0,    59,    62,
-      64,     0,     0,    68,    67,     0,     0,    93,     0,     0,
-       0,     0,    77,    78,    79,    84,     0,     0,   109,   105,
-       0,    69,     0,   107,     0,     0,    54,     0,     0,    46,
-      49,    63,    65,    66,    85,     0,    80,     0,    76,     0,
-       0,    57,   104,   103,   108,     0,    52,    51,     0,     0,
-       0,     0,     0,    81,     0,   110,    53,    45,    44,    43,
-      83,     0,   111,    82
-};
-
-/* YYDEFGOTO[NTERM-NUM].  */
-static const yytype_int16 yydefgoto[] =
-{
-      -1,     2,    18,    24,    30,    31,    33,    34,    35,    39,
-      40,    36,    41,    69,    70,    71,    99,    72,   125,   126,
-      73,   127,    74,    75,    76,    77,   104,    78,    79,    80,
-      81,    82,    83,    84,    85,    86,   114,   161,   162,   163,
-     164,    87,    88,   111,   117,    42,    89,    90,   121,   122,
-     123,   167,   168,     4,   135,     9,    10,   136,   137,   138,
-     139,   140,   141,   142,   143,   144,   145,   146
-};
-
-/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing
-   STATE-NUM.  */
-#define YYPACT_NINF -113
-static const yytype_int16 yypact[] =
-{
-     -74,   -67,    38,   -69,    23,  -113,  -113,   -44,  -113,   -41,
-     -69,     4,   -26,  -113,  -113,    -3,     1,    10,    52,   -10,
-    -113,  -113,  -113,    45,    13,  -113,  -113,    77,   -35,    15,
-      64,    19,    17,    20,    15,  -113,    85,  -113,    25,  -113,
-      19,  -113,  -113,    15,  -113,  -113,    27,    47,  -113,  -113,
-      26,    29,  -113,  -113,  -113,   -30,  -113,    89,    61,  -113,
-     -57,   -47,  -113,  -113,  -113,  -113,    82,  -113,    -4,   -68,
-    -113,  -113,  -113,  -113,  -113,  -113,  -113,  -113,  -113,  -113,
-    -113,  -113,  -113,  -113,  -113,  -113,  -113,  -113,   -17,  -113,
-    -113,  -113,  -113,   -67,    35,    33,    46,    51,    46,  -113,
-    -113,    69,    44,   -73,    88,    82,   -72,    56,  -113,  -113,
-    -113,    49,    93,     7,  -113,  -113,  -113,    82,  -113,    58,
-      82,   -76,   -13,  -113,    57,    59,  -113,    60,  -113,    68,
-    -113,  -113,  -113,  -113,  -113,  -113,   -75,  -113,  -113,  -113,
-    -113,  -113,  -113,  -113,  -113,  -113,  -113,   -63,  -113,  -113,
-    -113,   -62,    82,    56,  -113,   -46,    65,  -113,   141,    82,
-     142,    63,  -113,  -113,  -113,    56,    66,   -38,  -113,    56,
-     -16,  -113,    93,  -113,    76,    -7,  -113,    93,    81,  -113,
-    -113,  -113,    56,  -113,  -113,    72,   -19,    93,  -113,    83,
-      58,  -113,  -113,  -113,  -113,    78,  -113,  -113,    80,    84,
-      87,    62,   162,  -113,    90,  -113,  -113,  -113,  -113,  -113,
-    -113,    93,  -113,  -113
-};
-
-/* YYPGOTO[NTERM-NUM].  */
-static const yytype_int16 yypgoto[] =
-{
-    -113,  -113,  -113,  -113,  -113,  -113,  -113,  -113,   150,   136,
-    -113,   143,  -113,   -65,  -113,  -113,    86,  -113,    91,    16,
-    -113,  -113,  -113,  -113,  -113,  -113,    92,  -113,  -113,  -113,
-    -113,  -113,  -113,  -113,  -113,  -113,  -113,  -113,  -113,  -113,
-    -113,  -113,  -113,  -113,  -113,  -113,  -113,  -113,   -60,  -113,
-      22,  -113,    -5,    97,     2,   184,  -113,  -112,  -113,  -113,
-    -113,  -113,  -113,  -113,  -113,    21,  -113,  -113
-};
-
-/* YYTABLE[YYPACT[STATE-NUM]].  What to do in state STATE-NUM.  If
-   positive, shift that token.  If negative, reduce the rule which
-   number is the opposite.  If zero, do what YYDEFACT says.
-   If YYTABLE_NINF, syntax error.  */
-#define YYTABLE_NINF -13
-static const yytype_int16 yytable[] =
-{
-     157,   107,   108,     5,   202,    29,   105,   172,   178,   102,
-     115,    15,     1,   120,   120,   170,   112,     7,   179,   171,
-       8,   116,   150,   154,   113,   158,   159,     3,   175,   170,
-     160,    16,   180,   181,    47,    48,    49,   103,     6,    50,
-     153,   173,    17,   151,    11,   170,   155,   106,    12,   183,
-      51,   -12,   165,   190,    13,   169,   109,   191,    52,    53,
-     194,    54,    97,    19,    98,   198,   200,    20,    55,   192,
-     120,    21,   110,   113,    56,   203,    57,    58,   196,   124,
-      22,    23,   128,    25,    26,    28,    59,   182,    37,    60,
-      61,    47,    48,    49,   186,     5,    50,    27,   129,   213,
-     130,    32,    62,    63,    64,    38,    65,    51,    43,    66,
-      44,    67,   128,    93,    94,    52,    53,    46,    54,   120,
-      95,    68,   131,    96,   128,    55,   100,   199,   101,   119,
-     130,    56,   124,    57,    58,   102,    97,   132,   156,   133,
-     134,   152,   130,    59,   166,     3,    60,    61,   113,   174,
-     175,   177,   131,   185,   187,   176,   188,   210,   189,    62,
-      63,    64,   184,    65,   131,   134,   201,   132,    67,   133,
-     134,   206,   204,   207,   211,     3,    91,   208,    68,   132,
-     209,   133,   134,   212,    45,   205,    92,     3,   149,   147,
-     118,   197,   193,   148,    14,   195
-};
-
-static const yytype_uint8 yycheck[] =
-{
-     112,    66,     6,     1,    23,    40,    53,    20,    83,    66,
-      27,     7,    86,    86,    86,    91,    84,    86,    93,    95,
-      89,    38,    95,    95,    92,    18,    19,    94,    91,    91,
-      23,    27,    95,    95,     9,    10,    11,    94,     0,    14,
-     105,    54,    38,   103,    21,    91,   106,    94,    92,    95,
-      25,    86,   117,    91,    95,   120,    60,    95,    33,    34,
-     172,    36,    92,    89,    94,   177,   178,    70,    43,    85,
-      86,    70,    76,    92,    49,   187,    51,    52,    85,    86,
-      70,    29,    31,    93,    39,     8,    61,   152,    24,    64,
-      65,     9,    10,    11,   159,    93,    14,    84,    47,   211,
-      49,    86,    77,    78,    79,    86,    81,    25,    91,    84,
-      90,    86,    31,    86,    67,    33,    34,    32,    36,    86,
-      94,    96,    71,    94,    31,    43,    37,    46,    67,    94,
-      49,    49,    86,    51,    52,    66,    92,    86,    89,    88,
-      89,    53,    49,    61,    86,    94,    64,    65,    92,    92,
-      91,    83,    71,    12,    12,    95,    93,    95,    92,    77,
-      78,    79,    97,    81,    71,    89,    94,    86,    86,    88,
-      89,    93,    89,    93,    12,    94,    40,    93,    96,    86,
-      93,    88,    89,    93,    34,   190,    43,    94,   102,    98,
-      93,   175,   170,   101,    10,   174
-};
-
-/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
-   symbol of state STATE-NUM.  */
-static const yytype_uint8 yystos[] =
-{
-       0,    86,    99,    94,   151,   152,     0,    86,    89,   153,
-     154,    21,    92,    95,   153,     7,    27,    38,   100,    89,
-      70,    70,    70,    29,   101,    93,    39,    84,     8,    40,
-     102,   103,    86,   104,   105,   106,   109,    24,    86,   107,
-     108,   110,   143,    91,    90,   106,    32,     9,    10,    11,
-      14,    25,    33,    34,    36,    43,    49,    51,    52,    61,
-      64,    65,    77,    78,    79,    81,    84,    86,    96,   111,
-     112,   113,   115,   118,   120,   121,   122,   123,   125,   126,
-     127,   128,   129,   130,   131,   132,   133,   139,   140,   144,
-     145,   107,   109,    86,    67,    94,    94,    92,    94,   114,
-      37,    67,    66,    94,   124,    53,    94,   111,     6,    60,
-      76,   141,    84,    92,   134,    27,    38,   142,   151,    94,
-      86,   146,   147,   148,    86,   116,   117,   119,    31,    47,
-      49,    71,    86,    88,    89,   152,   155,   156,   157,   158,
-     159,   160,   161,   162,   163,   164,   165,   116,   124,   114,
-      95,   146,    53,   111,    95,   146,    89,   155,    18,    19,
-      23,   135,   136,   137,   138,   111,    86,   149,   150,   111,
-      91,    95,    20,    54,    92,    91,    95,    83,    83,    93,
-      95,    95,   111,    95,    97,    12,   111,    12,    93,    92,
-      91,    95,    85,   148,   155,   163,    85,   117,   155,    46,
-     155,    94,    23,   155,    89,   150,    93,    93,    93,    93,
-      95,    12,    93,   155
-};
-
-#define yyerrok		(yyerrstatus = 0)
-#define yyclearin	(yychar = YYEMPTY)
-#define YYEMPTY		(-2)
-#define YYEOF		0
-
-#define YYACCEPT	goto yyacceptlab
-#define YYABORT		goto yyabortlab
-#define YYERROR		goto yyerrorlab
-
-
-/* Like YYERROR except do call yyerror.  This remains here temporarily
-   to ease the transition to the new meaning of YYERROR, for GCC.
-   Once GCC version 2 has supplanted version 1, this can go.  */
-
-#define YYFAIL		goto yyerrlab
-
-#define YYRECOVERING()  (!!yyerrstatus)
-
-#define YYBACKUP(Token, Value)					\
-do								\
-  if (yychar == YYEMPTY && yylen == 1)				\
-    {								\
-      yychar = (Token);						\
-      yylval = (Value);						\
-      yytoken = YYTRANSLATE (yychar);				\
-      YYPOPSTACK (1);						\
-      goto yybackup;						\
-    }								\
-  else								\
-    {								\
-      yyerror (YY_("syntax error: cannot back up")); \
-      YYERROR;							\
-    }								\
-while (YYID (0))
-
-
-#define YYTERROR	1
-#define YYERRCODE	256
-
-
-/* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N].
-   If N is 0, then set CURRENT to the empty location which ends
-   the previous symbol: RHS[0] (always defined).  */
-
-#define YYRHSLOC(Rhs, K) ((Rhs)[K])
-#ifndef YYLLOC_DEFAULT
-# define YYLLOC_DEFAULT(Current, Rhs, N)				\
-    do									\
-      if (YYID (N))                                                    \
-	{								\
-	  (Current).first_line   = YYRHSLOC (Rhs, 1).first_line;	\
-	  (Current).first_column = YYRHSLOC (Rhs, 1).first_column;	\
-	  (Current).last_line    = YYRHSLOC (Rhs, N).last_line;		\
-	  (Current).last_column  = YYRHSLOC (Rhs, N).last_column;	\
-	}								\
-      else								\
-	{								\
-	  (Current).first_line   = (Current).last_line   =		\
-	    YYRHSLOC (Rhs, 0).last_line;				\
-	  (Current).first_column = (Current).last_column =		\
-	    YYRHSLOC (Rhs, 0).last_column;				\
-	}								\
-    while (YYID (0))
-#endif
-
-
-/* YY_LOCATION_PRINT -- Print the location on the stream.
-   This macro was not mandated originally: define only if we know
-   we won't break user code: when these are the locations we know.  */
-
-#ifndef YY_LOCATION_PRINT
-# if defined YYLTYPE_IS_TRIVIAL && YYLTYPE_IS_TRIVIAL
-#  define YY_LOCATION_PRINT(File, Loc)			\
-     fprintf (File, "%d.%d-%d.%d",			\
-	      (Loc).first_line, (Loc).first_column,	\
-	      (Loc).last_line,  (Loc).last_column)
-# else
-#  define YY_LOCATION_PRINT(File, Loc) ((void) 0)
-# endif
-#endif
-
-
-/* YYLEX -- calling `yylex' with the right arguments.  */
-
-#ifdef YYLEX_PARAM
-# define YYLEX yylex (YYLEX_PARAM)
-#else
-# define YYLEX yylex ()
-#endif
-
-/* Enable debugging if requested.  */
-#if YYDEBUG
-
-# ifndef YYFPRINTF
-#  include <stdio.h> /* INFRINGES ON USER NAME SPACE */
-#  define YYFPRINTF fprintf
-# endif
-
-# define YYDPRINTF(Args)			\
-do {						\
-  if (yydebug)					\
-    YYFPRINTF Args;				\
-} while (YYID (0))
-
-# define YY_SYMBOL_PRINT(Title, Type, Value, Location)			  \
-do {									  \
-  if (yydebug)								  \
-    {									  \
-      YYFPRINTF (stderr, "%s ", Title);					  \
-      yy_symbol_print (stderr,						  \
-		  Type, Value); \
-      YYFPRINTF (stderr, "\n");						  \
-    }									  \
-} while (YYID (0))
-
-
-/*--------------------------------.
-| Print this symbol on YYOUTPUT.  |
-`--------------------------------*/
-
-/*ARGSUSED*/
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yy_symbol_value_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
-#else
-static void
-yy_symbol_value_print (yyoutput, yytype, yyvaluep)
-    FILE *yyoutput;
-    int yytype;
-    YYSTYPE const * const yyvaluep;
-#endif
-{
-  if (!yyvaluep)
-    return;
-# ifdef YYPRINT
-  if (yytype < YYNTOKENS)
-    YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep);
-# else
-  YYUSE (yyoutput);
-# endif
-  switch (yytype)
-    {
-      default:
-	break;
-    }
-}
-
-
-/*--------------------------------.
-| Print this symbol on YYOUTPUT.  |
-`--------------------------------*/
-
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yy_symbol_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
-#else
-static void
-yy_symbol_print (yyoutput, yytype, yyvaluep)
-    FILE *yyoutput;
-    int yytype;
-    YYSTYPE const * const yyvaluep;
-#endif
-{
-  if (yytype < YYNTOKENS)
-    YYFPRINTF (yyoutput, "token %s (", yytname[yytype]);
-  else
-    YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]);
-
-  yy_symbol_value_print (yyoutput, yytype, yyvaluep);
-  YYFPRINTF (yyoutput, ")");
-}
-
-/*------------------------------------------------------------------.
-| yy_stack_print -- Print the state stack from its BOTTOM up to its |
-| TOP (included).                                                   |
-`------------------------------------------------------------------*/
-
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yy_stack_print (yytype_int16 *bottom, yytype_int16 *top)
-#else
-static void
-yy_stack_print (bottom, top)
-    yytype_int16 *bottom;
-    yytype_int16 *top;
-#endif
-{
-  YYFPRINTF (stderr, "Stack now");
-  for (; bottom <= top; ++bottom)
-    YYFPRINTF (stderr, " %d", *bottom);
-  YYFPRINTF (stderr, "\n");
-}
-
-# define YY_STACK_PRINT(Bottom, Top)				\
-do {								\
-  if (yydebug)							\
-    yy_stack_print ((Bottom), (Top));				\
-} while (YYID (0))
-
-
-/*------------------------------------------------.
-| Report that the YYRULE is going to be reduced.  |
-`------------------------------------------------*/
-
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yy_reduce_print (YYSTYPE *yyvsp, int yyrule)
-#else
-static void
-yy_reduce_print (yyvsp, yyrule)
-    YYSTYPE *yyvsp;
-    int yyrule;
-#endif
-{
-  int yynrhs = yyr2[yyrule];
-  int yyi;
-  unsigned long int yylno = yyrline[yyrule];
-  YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n",
-	     yyrule - 1, yylno);
-  /* The symbols being reduced.  */
-  for (yyi = 0; yyi < yynrhs; yyi++)
-    {
-      fprintf (stderr, "   $%d = ", yyi + 1);
-      yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi],
-		       &(yyvsp[(yyi + 1) - (yynrhs)])
-		       		       );
-      fprintf (stderr, "\n");
-    }
-}
-
-# define YY_REDUCE_PRINT(Rule)		\
-do {					\
-  if (yydebug)				\
-    yy_reduce_print (yyvsp, Rule); \
-} while (YYID (0))
-
-/* Nonzero means print parse trace.  It is left uninitialized so that
-   multiple parsers can coexist.  */
-int yydebug;
-#else /* !YYDEBUG */
-# define YYDPRINTF(Args)
-# define YY_SYMBOL_PRINT(Title, Type, Value, Location)
-# define YY_STACK_PRINT(Bottom, Top)
-# define YY_REDUCE_PRINT(Rule)
-#endif /* !YYDEBUG */
-
-
-/* YYINITDEPTH -- initial size of the parser's stacks.  */
-#ifndef	YYINITDEPTH
-# define YYINITDEPTH 200
-#endif
-
-/* YYMAXDEPTH -- maximum size the stacks can grow to (effective only
-   if the built-in stack extension method is used).
-
-   Do not make this value too large; the results are undefined if
-   YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH)
-   evaluated with infinite-precision integer arithmetic.  */
-
-#ifndef YYMAXDEPTH
-# define YYMAXDEPTH 10000
-#endif
-
-
-
-#if YYERROR_VERBOSE
-
-# ifndef yystrlen
-#  if defined __GLIBC__ && defined _STRING_H
-#   define yystrlen strlen
-#  else
-/* Return the length of YYSTR.  */
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static YYSIZE_T
-yystrlen (const char *yystr)
-#else
-static YYSIZE_T
-yystrlen (yystr)
-    const char *yystr;
-#endif
-{
-  YYSIZE_T yylen;
-  for (yylen = 0; yystr[yylen]; yylen++)
-    continue;
-  return yylen;
-}
-#  endif
-# endif
-
-# ifndef yystpcpy
-#  if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE
-#   define yystpcpy stpcpy
-#  else
-/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in
-   YYDEST.  */
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static char *
-yystpcpy (char *yydest, const char *yysrc)
-#else
-static char *
-yystpcpy (yydest, yysrc)
-    char *yydest;
-    const char *yysrc;
-#endif
-{
-  char *yyd = yydest;
-  const char *yys = yysrc;
-
-  while ((*yyd++ = *yys++) != '\0')
-    continue;
-
-  return yyd - 1;
-}
-#  endif
-# endif
-
-# ifndef yytnamerr
-/* Copy to YYRES the contents of YYSTR after stripping away unnecessary
-   quotes and backslashes, so that it's suitable for yyerror.  The
-   heuristic is that double-quoting is unnecessary unless the string
-   contains an apostrophe, a comma, or backslash (other than
-   backslash-backslash).  YYSTR is taken from yytname.  If YYRES is
-   null, do not copy; instead, return the length of what the result
-   would have been.  */
-static YYSIZE_T
-yytnamerr (char *yyres, const char *yystr)
-{
-  if (*yystr == '"')
-    {
-      YYSIZE_T yyn = 0;
-      char const *yyp = yystr;
-
-      for (;;)
-	switch (*++yyp)
-	  {
-	  case '\'':
-	  case ',':
-	    goto do_not_strip_quotes;
-
-	  case '\\':
-	    if (*++yyp != '\\')
-	      goto do_not_strip_quotes;
-	    /* Fall through.  */
-	  default:
-	    if (yyres)
-	      yyres[yyn] = *yyp;
-	    yyn++;
-	    break;
-
-	  case '"':
-	    if (yyres)
-	      yyres[yyn] = '\0';
-	    return yyn;
-	  }
-    do_not_strip_quotes: ;
-    }
-
-  if (! yyres)
-    return yystrlen (yystr);
-
-  return yystpcpy (yyres, yystr) - yyres;
-}
-# endif
-
-/* Copy into YYRESULT an error message about the unexpected token
-   YYCHAR while in state YYSTATE.  Return the number of bytes copied,
-   including the terminating null byte.  If YYRESULT is null, do not
-   copy anything; just return the number of bytes that would be
-   copied.  As a special case, return 0 if an ordinary "syntax error"
-   message will do.  Return YYSIZE_MAXIMUM if overflow occurs during
-   size calculation.  */
-static YYSIZE_T
-yysyntax_error (char *yyresult, int yystate, int yychar)
-{
-  int yyn = yypact[yystate];
-
-  if (! (YYPACT_NINF < yyn && yyn <= YYLAST))
-    return 0;
-  else
-    {
-      int yytype = YYTRANSLATE (yychar);
-      YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]);
-      YYSIZE_T yysize = yysize0;
-      YYSIZE_T yysize1;
-      int yysize_overflow = 0;
-      enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 };
-      char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
-      int yyx;
-
-# if 0
-      /* This is so xgettext sees the translatable formats that are
-	 constructed on the fly.  */
-      YY_("syntax error, unexpected %s");
-      YY_("syntax error, unexpected %s, expecting %s");
-      YY_("syntax error, unexpected %s, expecting %s or %s");
-      YY_("syntax error, unexpected %s, expecting %s or %s or %s");
-      YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s");
-# endif
-      char *yyfmt;
-      char const *yyf;
-      static char const yyunexpected[] = "syntax error, unexpected %s";
-      static char const yyexpecting[] = ", expecting %s";
-      static char const yyor[] = " or %s";
-      char yyformat[sizeof yyunexpected
-		    + sizeof yyexpecting - 1
-		    + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2)
-		       * (sizeof yyor - 1))];
-      char const *yyprefix = yyexpecting;
-
-      /* Start YYX at -YYN if negative to avoid negative indexes in
-	 YYCHECK.  */
-      int yyxbegin = yyn < 0 ? -yyn : 0;
-
-      /* Stay within bounds of both yycheck and yytname.  */
-      int yychecklim = YYLAST - yyn + 1;
-      int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS;
-      int yycount = 1;
-
-      yyarg[0] = yytname[yytype];
-      yyfmt = yystpcpy (yyformat, yyunexpected);
-
-      for (yyx = yyxbegin; yyx < yyxend; ++yyx)
-	if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR)
-	  {
-	    if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM)
-	      {
-		yycount = 1;
-		yysize = yysize0;
-		yyformat[sizeof yyunexpected - 1] = '\0';
-		break;
-	      }
-	    yyarg[yycount++] = yytname[yyx];
-	    yysize1 = yysize + yytnamerr (0, yytname[yyx]);
-	    yysize_overflow |= (yysize1 < yysize);
-	    yysize = yysize1;
-	    yyfmt = yystpcpy (yyfmt, yyprefix);
-	    yyprefix = yyor;
-	  }
-
-      yyf = YY_(yyformat);
-      yysize1 = yysize + yystrlen (yyf);
-      yysize_overflow |= (yysize1 < yysize);
-      yysize = yysize1;
-
-      if (yysize_overflow)
-	return YYSIZE_MAXIMUM;
-
-      if (yyresult)
-	{
-	  /* Avoid sprintf, as that infringes on the user's name space.
-	     Don't have undefined behavior even if the translation
-	     produced a string with the wrong number of "%s"s.  */
-	  char *yyp = yyresult;
-	  int yyi = 0;
-	  while ((*yyp = *yyf) != '\0')
-	    {
-	      if (*yyp == '%' && yyf[1] == 's' && yyi < yycount)
-		{
-		  yyp += yytnamerr (yyp, yyarg[yyi++]);
-		  yyf += 2;
-		}
-	      else
-		{
-		  yyp++;
-		  yyf++;
-		}
-	    }
-	}
-      return yysize;
-    }
-}
-#endif /* YYERROR_VERBOSE */
-
-
-/*-----------------------------------------------.
-| Release the memory associated to this symbol.  |
-`-----------------------------------------------*/
-
-/*ARGSUSED*/
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep)
-#else
-static void
-yydestruct (yymsg, yytype, yyvaluep)
-    const char *yymsg;
-    int yytype;
-    YYSTYPE *yyvaluep;
-#endif
-{
-  YYUSE (yyvaluep);
-
-  if (!yymsg)
-    yymsg = "Deleting";
-  YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp);
-
-  switch (yytype)
-    {
-
-      default:
-	break;
-    }
-}
-
-
-/* Prevent warnings from -Wmissing-prototypes.  */
-
-#ifdef YYPARSE_PARAM
-#if defined __STDC__ || defined __cplusplus
-int yyparse (void *YYPARSE_PARAM);
-#else
-int yyparse ();
-#endif
-#else /* ! YYPARSE_PARAM */
-#if defined __STDC__ || defined __cplusplus
-int yyparse (void);
-#else
-int yyparse ();
-#endif
-#endif /* ! YYPARSE_PARAM */
-
-
-
-/* The look-ahead symbol.  */
-int yychar;
-
-/* The semantic value of the look-ahead symbol.  */
-YYSTYPE yylval;
-
-/* Number of syntax errors so far.  */
-int yynerrs;
-
-
-
-/*----------.
-| yyparse.  |
-`----------*/
-
-#ifdef YYPARSE_PARAM
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-int
-yyparse (void *YYPARSE_PARAM)
-#else
-int
-yyparse (YYPARSE_PARAM)
-    void *YYPARSE_PARAM;
-#endif
-#else /* ! YYPARSE_PARAM */
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-int
-yyparse (void)
-#else
-int
-yyparse ()
-
-#endif
-#endif
-{
-  
-  int yystate;
-  int yyn;
-  int yyresult;
-  /* Number of tokens to shift before error messages enabled.  */
-  int yyerrstatus;
-  /* Look-ahead token as an internal (translated) token number.  */
-  int yytoken = 0;
-#if YYERROR_VERBOSE
-  /* Buffer for error messages, and its allocated size.  */
-  char yymsgbuf[128];
-  char *yymsg = yymsgbuf;
-  YYSIZE_T yymsg_alloc = sizeof yymsgbuf;
-#endif
-
-  /* Three stacks and their tools:
-     `yyss': related to states,
-     `yyvs': related to semantic values,
-     `yyls': related to locations.
-
-     Refer to the stacks thru separate pointers, to allow yyoverflow
-     to reallocate them elsewhere.  */
-
-  /* The state stack.  */
-  yytype_int16 yyssa[YYINITDEPTH];
-  yytype_int16 *yyss = yyssa;
-  yytype_int16 *yyssp;
-
-  /* The semantic value stack.  */
-  YYSTYPE yyvsa[YYINITDEPTH];
-  YYSTYPE *yyvs = yyvsa;
-  YYSTYPE *yyvsp;
-
-
-
-#define YYPOPSTACK(N)   (yyvsp -= (N), yyssp -= (N))
-
-  YYSIZE_T yystacksize = YYINITDEPTH;
-
-  /* The variables used to return semantic value and location from the
-     action routines.  */
-  YYSTYPE yyval;
-
-
-  /* The number of symbols on the RHS of the reduced rule.
-     Keep to zero when no symbol should be popped.  */
-  int yylen = 0;
-
-  YYDPRINTF ((stderr, "Starting parse\n"));
-
-  yystate = 0;
-  yyerrstatus = 0;
-  yynerrs = 0;
-  yychar = YYEMPTY;		/* Cause a token to be read.  */
-
-  /* Initialize stack pointers.
-     Waste one element of value and location stack
-     so that they stay on the same level as the state stack.
-     The wasted elements are never initialized.  */
-
-  yyssp = yyss;
-  yyvsp = yyvs;
-
-  goto yysetstate;
-
-/*------------------------------------------------------------.
-| yynewstate -- Push a new state, which is found in yystate.  |
-`------------------------------------------------------------*/
- yynewstate:
-  /* In all cases, when you get here, the value and location stacks
-     have just been pushed.  So pushing a state here evens the stacks.  */
-  yyssp++;
-
- yysetstate:
-  *yyssp = yystate;
-
-  if (yyss + yystacksize - 1 <= yyssp)
-    {
-      /* Get the current used size of the three stacks, in elements.  */
-      YYSIZE_T yysize = yyssp - yyss + 1;
-
-#ifdef yyoverflow
-      {
-	/* Give user a chance to reallocate the stack.  Use copies of
-	   these so that the &'s don't force the real ones into
-	   memory.  */
-	YYSTYPE *yyvs1 = yyvs;
-	yytype_int16 *yyss1 = yyss;
-
-
-	/* Each stack pointer address is followed by the size of the
-	   data in use in that stack, in bytes.  This used to be a
-	   conditional around just the two extra args, but that might
-	   be undefined if yyoverflow is a macro.  */
-	yyoverflow (YY_("memory exhausted"),
-		    &yyss1, yysize * sizeof (*yyssp),
-		    &yyvs1, yysize * sizeof (*yyvsp),
-
-		    &yystacksize);
-
-	yyss = yyss1;
-	yyvs = yyvs1;
-      }
-#else /* no yyoverflow */
-# ifndef YYSTACK_RELOCATE
-      goto yyexhaustedlab;
-# else
-      /* Extend the stack our own way.  */
-      if (YYMAXDEPTH <= yystacksize)
-	goto yyexhaustedlab;
-      yystacksize *= 2;
-      if (YYMAXDEPTH < yystacksize)
-	yystacksize = YYMAXDEPTH;
-
-      {
-	yytype_int16 *yyss1 = yyss;
-	union yyalloc *yyptr =
-	  (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize));
-	if (! yyptr)
-	  goto yyexhaustedlab;
-	YYSTACK_RELOCATE (yyss);
-	YYSTACK_RELOCATE (yyvs);
-
-#  undef YYSTACK_RELOCATE
-	if (yyss1 != yyssa)
-	  YYSTACK_FREE (yyss1);
-      }
-# endif
-#endif /* no yyoverflow */
-
-      yyssp = yyss + yysize - 1;
-      yyvsp = yyvs + yysize - 1;
-
-
-      YYDPRINTF ((stderr, "Stack size increased to %lu\n",
-		  (unsigned long int) yystacksize));
-
-      if (yyss + yystacksize - 1 <= yyssp)
-	YYABORT;
-    }
-
-  YYDPRINTF ((stderr, "Entering state %d\n", yystate));
-
-  goto yybackup;
-
-/*-----------.
-| yybackup.  |
-`-----------*/
-yybackup:
-
-  /* Do appropriate processing given the current state.  Read a
-     look-ahead token if we need one and don't already have one.  */
-
-  /* First try to decide what to do without reference to look-ahead token.  */
-  yyn = yypact[yystate];
-  if (yyn == YYPACT_NINF)
-    goto yydefault;
-
-  /* Not known => get a look-ahead token if don't already have one.  */
-
-  /* YYCHAR is either YYEMPTY or YYEOF or a valid look-ahead symbol.  */
-  if (yychar == YYEMPTY)
-    {
-      YYDPRINTF ((stderr, "Reading a token: "));
-      yychar = YYLEX;
-    }
-
-  if (yychar <= YYEOF)
-    {
-      yychar = yytoken = YYEOF;
-      YYDPRINTF ((stderr, "Now at end of input.\n"));
-    }
-  else
-    {
-      yytoken = YYTRANSLATE (yychar);
-      YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc);
-    }
-
-  /* If the proper action on seeing token YYTOKEN is to reduce or to
-     detect an error, take that action.  */
-  yyn += yytoken;
-  if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken)
-    goto yydefault;
-  yyn = yytable[yyn];
-  if (yyn <= 0)
-    {
-      if (yyn == 0 || yyn == YYTABLE_NINF)
-	goto yyerrlab;
-      yyn = -yyn;
-      goto yyreduce;
-    }
-
-  if (yyn == YYFINAL)
-    YYACCEPT;
-
-  /* Count tokens shifted since error; after three, turn off error
-     status.  */
-  if (yyerrstatus)
-    yyerrstatus--;
-
-  /* Shift the look-ahead token.  */
-  YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc);
-
-  /* Discard the shifted token unless it is eof.  */
-  if (yychar != YYEOF)
-    yychar = YYEMPTY;
-
-  yystate = yyn;
-  *++yyvsp = yylval;
-
-  goto yynewstate;
-
-
-/*-----------------------------------------------------------.
-| yydefault -- do the default action for the current state.  |
-`-----------------------------------------------------------*/
-yydefault:
-  yyn = yydefact[yystate];
-  if (yyn == 0)
-    goto yyerrlab;
-  goto yyreduce;
-
-
-/*-----------------------------.
-| yyreduce -- Do a reduction.  |
-`-----------------------------*/
-yyreduce:
-  /* yyn is the number of a rule to reduce with.  */
-  yylen = yyr2[yyn];
-
-  /* If YYLEN is nonzero, implement the default value of the action:
-     `$$ = $1'.
-
-     Otherwise, the following line sets YYVAL to garbage.
-     This behavior is undocumented and Bison
-     users should not rely upon it.  Assigning to YYVAL
-     unconditionally makes the parser a bit smaller, and it avoids a
-     GCC warning that YYVAL may be used uninitialized.  */
-  yyval = yyvsp[1-yylen];
-
-
-  YY_REDUCE_PRINT (yyn);
-  switch (yyn)
-    {
-        case 2:
-#line 235 "parse.y"
-    {
-			checkundefined();
-		}
-    break;
-
-  case 4:
-#line 242 "parse.y"
-    { error_message("implicit tagging is not supported"); }
-    break;
-
-  case 5:
-#line 244 "parse.y"
-    { error_message("automatic tagging is not supported"); }
-    break;
-
-  case 7:
-#line 249 "parse.y"
-    { error_message("no extensibility options supported"); }
-    break;
-
-  case 17:
-#line 270 "parse.y"
-    { 
-		    struct string_list *sl;
-		    for(sl = (yyvsp[(1) - (4)].sl); sl != NULL; sl = sl->next) {
-			Symbol *s = addsym(sl->string);
-			s->stype = Stype;
-		    }
-		    add_import((yyvsp[(3) - (4)].name));
-		}
-    break;
-
-  case 22:
-#line 289 "parse.y"
-    {
-		    (yyval.sl) = emalloc(sizeof(*(yyval.sl)));
-		    (yyval.sl)->string = (yyvsp[(1) - (3)].name);
-		    (yyval.sl)->next = (yyvsp[(3) - (3)].sl);
-		}
-    break;
-
-  case 23:
-#line 295 "parse.y"
-    {
-		    (yyval.sl) = emalloc(sizeof(*(yyval.sl)));
-		    (yyval.sl)->string = (yyvsp[(1) - (1)].name);
-		    (yyval.sl)->next = NULL;
-		}
-    break;
-
-  case 24:
-#line 303 "parse.y"
-    {
-		    Symbol *s = addsym ((yyvsp[(1) - (3)].name));
-		    s->stype = Stype;
-		    s->type = (yyvsp[(3) - (3)].type);
-		    fix_labels(s);
-		    generate_type (s);
-		}
-    break;
-
-  case 42:
-#line 334 "parse.y"
-    {
-			(yyval.type) = new_tag(ASN1_C_UNIV, UT_Boolean, 
-				     TE_EXPLICIT, new_type(TBoolean));
-		}
-    break;
-
-  case 43:
-#line 341 "parse.y"
-    {
-		    if((yyvsp[(2) - (5)].value)->type != integervalue)
-			error_message("Non-integer used in first part of range");
-		    if((yyvsp[(2) - (5)].value)->type != integervalue)
-			error_message("Non-integer in second part of range");
-		    (yyval.range) = ecalloc(1, sizeof(*(yyval.range)));
-		    (yyval.range)->min = (yyvsp[(2) - (5)].value)->u.integervalue;
-		    (yyval.range)->max = (yyvsp[(4) - (5)].value)->u.integervalue;
-		}
-    break;
-
-  case 44:
-#line 351 "parse.y"
-    {		
-		    if((yyvsp[(2) - (5)].value)->type != integervalue)
-			error_message("Non-integer in first part of range");
-		    (yyval.range) = ecalloc(1, sizeof(*(yyval.range)));
-		    (yyval.range)->min = (yyvsp[(2) - (5)].value)->u.integervalue;
-		    (yyval.range)->max = (yyvsp[(2) - (5)].value)->u.integervalue - 1;
-		}
-    break;
-
-  case 45:
-#line 359 "parse.y"
-    {		
-		    if((yyvsp[(4) - (5)].value)->type != integervalue)
-			error_message("Non-integer in second part of range");
-		    (yyval.range) = ecalloc(1, sizeof(*(yyval.range)));
-		    (yyval.range)->min = (yyvsp[(4) - (5)].value)->u.integervalue + 2;
-		    (yyval.range)->max = (yyvsp[(4) - (5)].value)->u.integervalue;
-		}
-    break;
-
-  case 46:
-#line 367 "parse.y"
-    {
-		    if((yyvsp[(2) - (3)].value)->type != integervalue)
-			error_message("Non-integer used in limit");
-		    (yyval.range) = ecalloc(1, sizeof(*(yyval.range)));
-		    (yyval.range)->min = (yyvsp[(2) - (3)].value)->u.integervalue;
-		    (yyval.range)->max = (yyvsp[(2) - (3)].value)->u.integervalue;
-		}
-    break;
-
-  case 47:
-#line 378 "parse.y"
-    {
-			(yyval.type) = new_tag(ASN1_C_UNIV, UT_Integer, 
-				     TE_EXPLICIT, new_type(TInteger));
-		}
-    break;
-
-  case 48:
-#line 383 "parse.y"
-    {
-			(yyval.type) = new_type(TInteger);
-			(yyval.type)->range = (yyvsp[(2) - (2)].range);
-			(yyval.type) = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, (yyval.type));
-		}
-    break;
-
-  case 49:
-#line 389 "parse.y"
-    {
-		  (yyval.type) = new_type(TInteger);
-		  (yyval.type)->members = (yyvsp[(3) - (4)].members);
-		  (yyval.type) = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, (yyval.type));
-		}
-    break;
-
-  case 50:
-#line 397 "parse.y"
-    {
-			(yyval.members) = emalloc(sizeof(*(yyval.members)));
-			ASN1_TAILQ_INIT((yyval.members));
-			ASN1_TAILQ_INSERT_HEAD((yyval.members), (yyvsp[(1) - (1)].member), members);
-		}
-    break;
-
-  case 51:
-#line 403 "parse.y"
-    {
-			ASN1_TAILQ_INSERT_TAIL((yyvsp[(1) - (3)].members), (yyvsp[(3) - (3)].member), members);
-			(yyval.members) = (yyvsp[(1) - (3)].members);
-		}
-    break;
-
-  case 52:
-#line 408 "parse.y"
-    { (yyval.members) = (yyvsp[(1) - (3)].members); }
-    break;
-
-  case 53:
-#line 412 "parse.y"
-    {
-			(yyval.member) = emalloc(sizeof(*(yyval.member)));
-			(yyval.member)->name = (yyvsp[(1) - (4)].name);
-			(yyval.member)->gen_name = estrdup((yyvsp[(1) - (4)].name));
-			output_name ((yyval.member)->gen_name);
-			(yyval.member)->val = (yyvsp[(3) - (4)].constant);
-			(yyval.member)->optional = 0;
-			(yyval.member)->ellipsis = 0;
-			(yyval.member)->type = NULL;
-		}
-    break;
-
-  case 54:
-#line 425 "parse.y"
-    {
-		  (yyval.type) = new_type(TInteger);
-		  (yyval.type)->members = (yyvsp[(3) - (4)].members);
-		  (yyval.type) = new_tag(ASN1_C_UNIV, UT_Enumerated, TE_EXPLICIT, (yyval.type));
-		}
-    break;
-
-  case 56:
-#line 436 "parse.y"
-    {
-		  (yyval.type) = new_type(TBitString);
-		  (yyval.type)->members = emalloc(sizeof(*(yyval.type)->members));
-		  ASN1_TAILQ_INIT((yyval.type)->members);
-		  (yyval.type) = new_tag(ASN1_C_UNIV, UT_BitString, TE_EXPLICIT, (yyval.type));
-		}
-    break;
-
-  case 57:
-#line 443 "parse.y"
-    {
-		  (yyval.type) = new_type(TBitString);
-		  (yyval.type)->members = (yyvsp[(4) - (5)].members);
-		  (yyval.type) = new_tag(ASN1_C_UNIV, UT_BitString, TE_EXPLICIT, (yyval.type));
-		}
-    break;
-
-  case 58:
-#line 451 "parse.y"
-    {
-			(yyval.type) = new_tag(ASN1_C_UNIV, UT_OID, 
-				     TE_EXPLICIT, new_type(TOID));
-		}
-    break;
-
-  case 59:
-#line 457 "parse.y"
-    {
-		    Type *t = new_type(TOctetString);
-		    t->range = (yyvsp[(3) - (3)].range);
-		    (yyval.type) = new_tag(ASN1_C_UNIV, UT_OctetString, 
-				 TE_EXPLICIT, t);
-		}
-    break;
-
-  case 60:
-#line 466 "parse.y"
-    {
-			(yyval.type) = new_tag(ASN1_C_UNIV, UT_Null, 
-				     TE_EXPLICIT, new_type(TNull));
-		}
-    break;
-
-  case 61:
-#line 473 "parse.y"
-    { (yyval.range) = NULL; }
-    break;
-
-  case 62:
-#line 475 "parse.y"
-    { (yyval.range) = (yyvsp[(2) - (2)].range); }
-    break;
-
-  case 63:
-#line 480 "parse.y"
-    {
-		  (yyval.type) = new_type(TSequence);
-		  (yyval.type)->members = (yyvsp[(3) - (4)].members);
-		  (yyval.type) = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, (yyval.type));
-		}
-    break;
-
-  case 64:
-#line 486 "parse.y"
-    {
-		  (yyval.type) = new_type(TSequence);
-		  (yyval.type)->members = NULL;
-		  (yyval.type) = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, (yyval.type));
-		}
-    break;
-
-  case 65:
-#line 494 "parse.y"
-    {
-		  (yyval.type) = new_type(TSequenceOf);
-		  (yyval.type)->range = (yyvsp[(2) - (4)].range);
-		  (yyval.type)->subtype = (yyvsp[(4) - (4)].type);
-		  (yyval.type) = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, (yyval.type));
-		}
-    break;
-
-  case 66:
-#line 503 "parse.y"
-    {
-		  (yyval.type) = new_type(TSet);
-		  (yyval.type)->members = (yyvsp[(3) - (4)].members);
-		  (yyval.type) = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, (yyval.type));
-		}
-    break;
-
-  case 67:
-#line 509 "parse.y"
-    {
-		  (yyval.type) = new_type(TSet);
-		  (yyval.type)->members = NULL;
-		  (yyval.type) = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, (yyval.type));
-		}
-    break;
-
-  case 68:
-#line 517 "parse.y"
-    {
-		  (yyval.type) = new_type(TSetOf);
-		  (yyval.type)->subtype = (yyvsp[(3) - (3)].type);
-		  (yyval.type) = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, (yyval.type));
-		}
-    break;
-
-  case 69:
-#line 525 "parse.y"
-    {
-		  (yyval.type) = new_type(TChoice);
-		  (yyval.type)->members = (yyvsp[(3) - (4)].members);
-		}
-    break;
-
-  case 72:
-#line 536 "parse.y"
-    {
-		  Symbol *s = addsym((yyvsp[(1) - (1)].name));
-		  (yyval.type) = new_type(TType);
-		  if(s->stype != Stype && s->stype != SUndefined)
-		    error_message ("%s is not a type\n", (yyvsp[(1) - (1)].name));
-		  else
-		    (yyval.type)->symbol = s;
-		}
-    break;
-
-  case 73:
-#line 547 "parse.y"
-    {
-			(yyval.type) = new_tag(ASN1_C_UNIV, UT_GeneralizedTime, 
-				     TE_EXPLICIT, new_type(TGeneralizedTime));
-		}
-    break;
-
-  case 74:
-#line 552 "parse.y"
-    {
-			(yyval.type) = new_tag(ASN1_C_UNIV, UT_UTCTime, 
-				     TE_EXPLICIT, new_type(TUTCTime));
-		}
-    break;
-
-  case 75:
-#line 559 "parse.y"
-    {
-		    /* if (Constraint.type == contentConstrant) {
-		       assert(Constraint.u.constraint.type == octetstring|bitstring-w/o-NamedBitList); // remember to check type reference too
-		       if (Constraint.u.constraint.type) {
-		         assert((Constraint.u.constraint.type.length % 8) == 0);
-		       }
-		      }
-		      if (Constraint.u.constraint.encoding) {
-		        type == der-oid|ber-oid
-		      }
-		    */
-		}
-    break;
-
-  case 76:
-#line 575 "parse.y"
-    {
-		    (yyval.constraint_spec) = (yyvsp[(2) - (3)].constraint_spec);
-		}
-    break;
-
-  case 80:
-#line 588 "parse.y"
-    {
-		    (yyval.constraint_spec) = new_constraint_spec(CT_CONTENTS);
-		    (yyval.constraint_spec)->u.content.type = (yyvsp[(2) - (2)].type);
-		    (yyval.constraint_spec)->u.content.encoding = NULL;
-		}
-    break;
-
-  case 81:
-#line 594 "parse.y"
-    {
-		    if ((yyvsp[(3) - (3)].value)->type != objectidentifiervalue)
-			error_message("Non-OID used in ENCODED BY constraint");
-		    (yyval.constraint_spec) = new_constraint_spec(CT_CONTENTS);
-		    (yyval.constraint_spec)->u.content.type = NULL;
-		    (yyval.constraint_spec)->u.content.encoding = (yyvsp[(3) - (3)].value);
-		}
-    break;
-
-  case 82:
-#line 602 "parse.y"
-    {
-		    if ((yyvsp[(5) - (5)].value)->type != objectidentifiervalue)
-			error_message("Non-OID used in ENCODED BY constraint");
-		    (yyval.constraint_spec) = new_constraint_spec(CT_CONTENTS);
-		    (yyval.constraint_spec)->u.content.type = (yyvsp[(2) - (5)].type);
-		    (yyval.constraint_spec)->u.content.encoding = (yyvsp[(5) - (5)].value);
-		}
-    break;
-
-  case 83:
-#line 612 "parse.y"
-    {
-		    (yyval.constraint_spec) = new_constraint_spec(CT_USER);
-		}
-    break;
-
-  case 84:
-#line 618 "parse.y"
-    {
-			(yyval.type) = new_type(TTag);
-			(yyval.type)->tag = (yyvsp[(1) - (3)].tag);
-			(yyval.type)->tag.tagenv = (yyvsp[(2) - (3)].constant);
-			if((yyvsp[(3) - (3)].type)->type == TTag && (yyvsp[(2) - (3)].constant) == TE_IMPLICIT) {
-				(yyval.type)->subtype = (yyvsp[(3) - (3)].type)->subtype;
-				free((yyvsp[(3) - (3)].type));
-			} else
-				(yyval.type)->subtype = (yyvsp[(3) - (3)].type);
-		}
-    break;
-
-  case 85:
-#line 631 "parse.y"
-    {
-			(yyval.tag).tagclass = (yyvsp[(2) - (4)].constant);
-			(yyval.tag).tagvalue = (yyvsp[(3) - (4)].constant);
-			(yyval.tag).tagenv = TE_EXPLICIT;
-		}
-    break;
-
-  case 86:
-#line 639 "parse.y"
-    {
-			(yyval.constant) = ASN1_C_CONTEXT;
-		}
-    break;
-
-  case 87:
-#line 643 "parse.y"
-    {
-			(yyval.constant) = ASN1_C_UNIV;
-		}
-    break;
-
-  case 88:
-#line 647 "parse.y"
-    {
-			(yyval.constant) = ASN1_C_APPL;
-		}
-    break;
-
-  case 89:
-#line 651 "parse.y"
-    {
-			(yyval.constant) = ASN1_C_PRIVATE;
-		}
-    break;
-
-  case 90:
-#line 657 "parse.y"
-    {
-			(yyval.constant) = TE_EXPLICIT;
-		}
-    break;
-
-  case 91:
-#line 661 "parse.y"
-    {
-			(yyval.constant) = TE_EXPLICIT;
-		}
-    break;
-
-  case 92:
-#line 665 "parse.y"
-    {
-			(yyval.constant) = TE_IMPLICIT;
-		}
-    break;
-
-  case 93:
-#line 672 "parse.y"
-    {
-			Symbol *s;
-			s = addsym ((yyvsp[(1) - (4)].name));
-
-			s->stype = SValue;
-			s->value = (yyvsp[(4) - (4)].value);
-			generate_constant (s);
-		}
-    break;
-
-  case 95:
-#line 686 "parse.y"
-    {
-			(yyval.type) = new_tag(ASN1_C_UNIV, UT_GeneralString, 
-				     TE_EXPLICIT, new_type(TGeneralString));
-		}
-    break;
-
-  case 96:
-#line 691 "parse.y"
-    {
-			(yyval.type) = new_tag(ASN1_C_UNIV, UT_UTF8String, 
-				     TE_EXPLICIT, new_type(TUTF8String));
-		}
-    break;
-
-  case 97:
-#line 696 "parse.y"
-    {
-			(yyval.type) = new_tag(ASN1_C_UNIV, UT_PrintableString, 
-				     TE_EXPLICIT, new_type(TPrintableString));
-		}
-    break;
-
-  case 98:
-#line 701 "parse.y"
-    {
-			(yyval.type) = new_tag(ASN1_C_UNIV, UT_VisibleString, 
-				     TE_EXPLICIT, new_type(TVisibleString));
-		}
-    break;
-
-  case 99:
-#line 706 "parse.y"
-    {
-			(yyval.type) = new_tag(ASN1_C_UNIV, UT_IA5String, 
-				     TE_EXPLICIT, new_type(TIA5String));
-		}
-    break;
-
-  case 100:
-#line 711 "parse.y"
-    {
-			(yyval.type) = new_tag(ASN1_C_UNIV, UT_BMPString, 
-				     TE_EXPLICIT, new_type(TBMPString));
-		}
-    break;
-
-  case 101:
-#line 716 "parse.y"
-    {
-			(yyval.type) = new_tag(ASN1_C_UNIV, UT_UniversalString, 
-				     TE_EXPLICIT, new_type(TUniversalString));
-		}
-    break;
-
-  case 102:
-#line 724 "parse.y"
-    {
-			(yyval.members) = emalloc(sizeof(*(yyval.members)));
-			ASN1_TAILQ_INIT((yyval.members));
-			ASN1_TAILQ_INSERT_HEAD((yyval.members), (yyvsp[(1) - (1)].member), members);
-		}
-    break;
-
-  case 103:
-#line 730 "parse.y"
-    {
-			ASN1_TAILQ_INSERT_TAIL((yyvsp[(1) - (3)].members), (yyvsp[(3) - (3)].member), members);
-			(yyval.members) = (yyvsp[(1) - (3)].members);
-		}
-    break;
-
-  case 104:
-#line 735 "parse.y"
-    {
-		        struct member *m = ecalloc(1, sizeof(*m));
-			m->name = estrdup("...");
-			m->gen_name = estrdup("asn1_ellipsis");
-			m->ellipsis = 1;
-			ASN1_TAILQ_INSERT_TAIL((yyvsp[(1) - (3)].members), m, members);
-			(yyval.members) = (yyvsp[(1) - (3)].members);
-		}
-    break;
-
-  case 105:
-#line 746 "parse.y"
-    {
-		  (yyval.member) = emalloc(sizeof(*(yyval.member)));
-		  (yyval.member)->name = (yyvsp[(1) - (2)].name);
-		  (yyval.member)->gen_name = estrdup((yyvsp[(1) - (2)].name));
-		  output_name ((yyval.member)->gen_name);
-		  (yyval.member)->type = (yyvsp[(2) - (2)].type);
-		  (yyval.member)->ellipsis = 0;
-		}
-    break;
-
-  case 106:
-#line 757 "parse.y"
-    {
-			(yyval.member) = (yyvsp[(1) - (1)].member);
-			(yyval.member)->optional = 0;
-			(yyval.member)->defval = NULL;
-		}
-    break;
-
-  case 107:
-#line 763 "parse.y"
-    {
-			(yyval.member) = (yyvsp[(1) - (2)].member);
-			(yyval.member)->optional = 1;
-			(yyval.member)->defval = NULL;
-		}
-    break;
-
-  case 108:
-#line 769 "parse.y"
-    {
-			(yyval.member) = (yyvsp[(1) - (3)].member);
-			(yyval.member)->optional = 0;
-			(yyval.member)->defval = (yyvsp[(3) - (3)].value);
-		}
-    break;
-
-  case 109:
-#line 777 "parse.y"
-    {
-			(yyval.members) = emalloc(sizeof(*(yyval.members)));
-			ASN1_TAILQ_INIT((yyval.members));
-			ASN1_TAILQ_INSERT_HEAD((yyval.members), (yyvsp[(1) - (1)].member), members);
-		}
-    break;
-
-  case 110:
-#line 783 "parse.y"
-    {
-			ASN1_TAILQ_INSERT_TAIL((yyvsp[(1) - (3)].members), (yyvsp[(3) - (3)].member), members);
-			(yyval.members) = (yyvsp[(1) - (3)].members);
-		}
-    break;
-
-  case 111:
-#line 790 "parse.y"
-    {
-		  (yyval.member) = emalloc(sizeof(*(yyval.member)));
-		  (yyval.member)->name = (yyvsp[(1) - (4)].name);
-		  (yyval.member)->gen_name = estrdup((yyvsp[(1) - (4)].name));
-		  output_name ((yyval.member)->gen_name);
-		  (yyval.member)->val = (yyvsp[(3) - (4)].constant);
-		  (yyval.member)->optional = 0;
-		  (yyval.member)->ellipsis = 0;
-		  (yyval.member)->type = NULL;
-		}
-    break;
-
-  case 113:
-#line 803 "parse.y"
-    { (yyval.objid) = NULL; }
-    break;
-
-  case 114:
-#line 807 "parse.y"
-    {
-			(yyval.objid) = (yyvsp[(2) - (3)].objid);
-		}
-    break;
-
-  case 115:
-#line 813 "parse.y"
-    {
-			(yyval.objid) = NULL;
-		}
-    break;
-
-  case 116:
-#line 817 "parse.y"
-    {
-		        if ((yyvsp[(2) - (2)].objid)) {
-				(yyval.objid) = (yyvsp[(2) - (2)].objid);
-				add_oid_to_tail((yyvsp[(2) - (2)].objid), (yyvsp[(1) - (2)].objid));
-			} else {
-				(yyval.objid) = (yyvsp[(1) - (2)].objid);
-			}
-		}
-    break;
-
-  case 117:
-#line 828 "parse.y"
-    {
-			(yyval.objid) = new_objid((yyvsp[(1) - (4)].name), (yyvsp[(3) - (4)].constant));
-		}
-    break;
-
-  case 118:
-#line 832 "parse.y"
-    {
-		    Symbol *s = addsym((yyvsp[(1) - (1)].name));
-		    if(s->stype != SValue ||
-		       s->value->type != objectidentifiervalue) {
-			error_message("%s is not an object identifier\n", 
-				      s->name);
-			exit(1);
-		    }
-		    (yyval.objid) = s->value->u.objectidentifiervalue;
-		}
-    break;
-
-  case 119:
-#line 843 "parse.y"
-    {
-		    (yyval.objid) = new_objid(NULL, (yyvsp[(1) - (1)].constant));
-		}
-    break;
-
-  case 129:
-#line 866 "parse.y"
-    {
-			Symbol *s = addsym((yyvsp[(1) - (1)].name));
-			if(s->stype != SValue)
-				error_message ("%s is not a value\n",
-						s->name);
-			else
-				(yyval.value) = s->value;
-		}
-    break;
-
-  case 130:
-#line 877 "parse.y"
-    {
-			(yyval.value) = emalloc(sizeof(*(yyval.value)));
-			(yyval.value)->type = stringvalue;
-			(yyval.value)->u.stringvalue = (yyvsp[(1) - (1)].name);
-		}
-    break;
-
-  case 131:
-#line 885 "parse.y"
-    {
-			(yyval.value) = emalloc(sizeof(*(yyval.value)));
-			(yyval.value)->type = booleanvalue;
-			(yyval.value)->u.booleanvalue = 0;
-		}
-    break;
-
-  case 132:
-#line 891 "parse.y"
-    {
-			(yyval.value) = emalloc(sizeof(*(yyval.value)));
-			(yyval.value)->type = booleanvalue;
-			(yyval.value)->u.booleanvalue = 0;
-		}
-    break;
-
-  case 133:
-#line 899 "parse.y"
-    {
-			(yyval.value) = emalloc(sizeof(*(yyval.value)));
-			(yyval.value)->type = integervalue;
-			(yyval.value)->u.integervalue = (yyvsp[(1) - (1)].constant);
-		}
-    break;
-
-  case 135:
-#line 910 "parse.y"
-    {
-		}
-    break;
-
-  case 136:
-#line 915 "parse.y"
-    {
-			(yyval.value) = emalloc(sizeof(*(yyval.value)));
-			(yyval.value)->type = objectidentifiervalue;
-			(yyval.value)->u.objectidentifiervalue = (yyvsp[(1) - (1)].objid);
-		}
-    break;
-
-
-/* Line 1267 of yacc.c.  */
-#line 2523 "parse.c"
-      default: break;
-    }
-  YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc);
-
-  YYPOPSTACK (yylen);
-  yylen = 0;
-  YY_STACK_PRINT (yyss, yyssp);
-
-  *++yyvsp = yyval;
-
-
-  /* Now `shift' the result of the reduction.  Determine what state
-     that goes to, based on the state we popped back to and the rule
-     number reduced by.  */
-
-  yyn = yyr1[yyn];
-
-  yystate = yypgoto[yyn - YYNTOKENS] + *yyssp;
-  if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp)
-    yystate = yytable[yystate];
-  else
-    yystate = yydefgoto[yyn - YYNTOKENS];
-
-  goto yynewstate;
-
-
-/*------------------------------------.
-| yyerrlab -- here on detecting error |
-`------------------------------------*/
-yyerrlab:
-  /* If not already recovering from an error, report this error.  */
-  if (!yyerrstatus)
-    {
-      ++yynerrs;
-#if ! YYERROR_VERBOSE
-      yyerror (YY_("syntax error"));
-#else
-      {
-	YYSIZE_T yysize = yysyntax_error (0, yystate, yychar);
-	if (yymsg_alloc < yysize && yymsg_alloc < YYSTACK_ALLOC_MAXIMUM)
-	  {
-	    YYSIZE_T yyalloc = 2 * yysize;
-	    if (! (yysize <= yyalloc && yyalloc <= YYSTACK_ALLOC_MAXIMUM))
-	      yyalloc = YYSTACK_ALLOC_MAXIMUM;
-	    if (yymsg != yymsgbuf)
-	      YYSTACK_FREE (yymsg);
-	    yymsg = (char *) YYSTACK_ALLOC (yyalloc);
-	    if (yymsg)
-	      yymsg_alloc = yyalloc;
-	    else
-	      {
-		yymsg = yymsgbuf;
-		yymsg_alloc = sizeof yymsgbuf;
-	      }
-	  }
-
-	if (0 < yysize && yysize <= yymsg_alloc)
-	  {
-	    (void) yysyntax_error (yymsg, yystate, yychar);
-	    yyerror (yymsg);
-	  }
-	else
-	  {
-	    yyerror (YY_("syntax error"));
-	    if (yysize != 0)
-	      goto yyexhaustedlab;
-	  }
-      }
-#endif
-    }
-
-
-
-  if (yyerrstatus == 3)
-    {
-      /* If just tried and failed to reuse look-ahead token after an
-	 error, discard it.  */
-
-      if (yychar <= YYEOF)
-	{
-	  /* Return failure if at end of input.  */
-	  if (yychar == YYEOF)
-	    YYABORT;
-	}
-      else
-	{
-	  yydestruct ("Error: discarding",
-		      yytoken, &yylval);
-	  yychar = YYEMPTY;
-	}
-    }
-
-  /* Else will try to reuse look-ahead token after shifting the error
-     token.  */
-  goto yyerrlab1;
-
-
-/*---------------------------------------------------.
-| yyerrorlab -- error raised explicitly by YYERROR.  |
-`---------------------------------------------------*/
-yyerrorlab:
-
-  /* Pacify compilers like GCC when the user code never invokes
-     YYERROR and the label yyerrorlab therefore never appears in user
-     code.  */
-  if (/*CONSTCOND*/ 0)
-     goto yyerrorlab;
-
-  /* Do not reclaim the symbols of the rule which action triggered
-     this YYERROR.  */
-  YYPOPSTACK (yylen);
-  yylen = 0;
-  YY_STACK_PRINT (yyss, yyssp);
-  yystate = *yyssp;
-  goto yyerrlab1;
-
-
-/*-------------------------------------------------------------.
-| yyerrlab1 -- common code for both syntax error and YYERROR.  |
-`-------------------------------------------------------------*/
-yyerrlab1:
-  yyerrstatus = 3;	/* Each real token shifted decrements this.  */
-
-  for (;;)
-    {
-      yyn = yypact[yystate];
-      if (yyn != YYPACT_NINF)
-	{
-	  yyn += YYTERROR;
-	  if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR)
-	    {
-	      yyn = yytable[yyn];
-	      if (0 < yyn)
-		break;
-	    }
-	}
-
-      /* Pop the current state because it cannot handle the error token.  */
-      if (yyssp == yyss)
-	YYABORT;
-
-
-      yydestruct ("Error: popping",
-		  yystos[yystate], yyvsp);
-      YYPOPSTACK (1);
-      yystate = *yyssp;
-      YY_STACK_PRINT (yyss, yyssp);
-    }
-
-  if (yyn == YYFINAL)
-    YYACCEPT;
-
-  *++yyvsp = yylval;
-
-
-  /* Shift the error token.  */
-  YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp);
-
-  yystate = yyn;
-  goto yynewstate;
-
-
-/*-------------------------------------.
-| yyacceptlab -- YYACCEPT comes here.  |
-`-------------------------------------*/
-yyacceptlab:
-  yyresult = 0;
-  goto yyreturn;
-
-/*-----------------------------------.
-| yyabortlab -- YYABORT comes here.  |
-`-----------------------------------*/
-yyabortlab:
-  yyresult = 1;
-  goto yyreturn;
-
-#ifndef yyoverflow
-/*-------------------------------------------------.
-| yyexhaustedlab -- memory exhaustion comes here.  |
-`-------------------------------------------------*/
-yyexhaustedlab:
-  yyerror (YY_("memory exhausted"));
-  yyresult = 2;
-  /* Fall through.  */
-#endif
-
-yyreturn:
-  if (yychar != YYEOF && yychar != YYEMPTY)
-     yydestruct ("Cleanup: discarding lookahead",
-		 yytoken, &yylval);
-  /* Do not reclaim the symbols of the rule which action triggered
-     this YYABORT or YYACCEPT.  */
-  YYPOPSTACK (yylen);
-  YY_STACK_PRINT (yyss, yyssp);
-  while (yyssp != yyss)
-    {
-      yydestruct ("Cleanup: popping",
-		  yystos[*yyssp], yyvsp);
-      YYPOPSTACK (1);
-    }
-#ifndef yyoverflow
-  if (yyss != yyssa)
-    YYSTACK_FREE (yyss);
-#endif
-#if YYERROR_VERBOSE
-  if (yymsg != yymsgbuf)
-    YYSTACK_FREE (yymsg);
-#endif
-  /* Make sure YYID is used.  */
-  return YYID (yyresult);
-}
-
-
-#line 922 "parse.y"
-
-
-void
-yyerror (const char *s)
-{
-     error_message ("%s\n", s);
-}
-
-static Type *
-new_tag(int tagclass, int tagvalue, int tagenv, Type *oldtype)
-{
-    Type *t;
-    if(oldtype->type == TTag && oldtype->tag.tagenv == TE_IMPLICIT) {
-	t = oldtype;
-	oldtype = oldtype->subtype; /* XXX */
-    } else
-	t = new_type (TTag);
-    
-    t->tag.tagclass = tagclass;
-    t->tag.tagvalue = tagvalue;
-    t->tag.tagenv = tagenv;
-    t->subtype = oldtype;
-    return t;
-}
-
-static struct objid *
-new_objid(const char *label, int value)
-{
-    struct objid *s;
-    s = emalloc(sizeof(*s));
-    s->label = label;
-    s->value = value;
-    s->next = NULL;
-    return s;
-}
-
-static void
-add_oid_to_tail(struct objid *head, struct objid *tail)
-{
-    struct objid *o;
-    o = head;
-    while (o->next)
-	o = o->next;
-    o->next = tail;
-}
-
-static Type *
-new_type (Typetype tt)
-{
-    Type *t = ecalloc(1, sizeof(*t));
-    t->type = tt;
-    return t;
-}
-
-static struct constraint_spec *
-new_constraint_spec(enum ctype ct)
-{
-    struct constraint_spec *c = ecalloc(1, sizeof(*c));
-    c->ctype = ct;
-    return c;
-}
-
-static void fix_labels2(Type *t, const char *prefix);
-static void fix_labels1(struct memhead *members, const char *prefix)
-{
-    Member *m;
-
-    if(members == NULL)
-	return;
-    ASN1_TAILQ_FOREACH(m, members, members) {
-	asprintf(&m->label, "%s_%s", prefix, m->gen_name);
-	if (m->label == NULL)
-	    errx(1, "malloc");
-	if(m->type != NULL)
-	    fix_labels2(m->type, m->label);
-    }
-}
-
-static void fix_labels2(Type *t, const char *prefix)
-{
-    for(; t; t = t->subtype)
-	fix_labels1(t->members, prefix);
-}
-
-static void
-fix_labels(Symbol *s)
-{
-    char *p;
-    asprintf(&p, "choice_%s", s->gen_name);
-    if (p == NULL)
-	errx(1, "malloc");
-    fix_labels2(s->type, p);
-    free(p);
-}
-
diff --git a/crypto/heimdal/lib/asn1/parse.h b/crypto/heimdal/lib/asn1/parse.h
deleted file mode 100644
index 45b06c59d5d6..000000000000
--- a/crypto/heimdal/lib/asn1/parse.h
+++ /dev/null
@@ -1,249 +0,0 @@
-/* A Bison parser, made by GNU Bison 2.3.  */
-
-/* Skeleton interface for Bison's Yacc-like parsers in C
-
-   Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
-   Free Software Foundation, Inc.
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2, or (at your option)
-   any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 51 Franklin Street, Fifth Floor,
-   Boston, MA 02110-1301, USA.  */
-
-/* As a special exception, you may create a larger work that contains
-   part or all of the Bison parser skeleton and distribute that work
-   under terms of your choice, so long as that work isn't itself a
-   parser generator using the skeleton or a modified version thereof
-   as a parser skeleton.  Alternatively, if you modify or redistribute
-   the parser skeleton itself, you may (at your option) remove this
-   special exception, which will cause the skeleton and the resulting
-   Bison output files to be licensed under the GNU General Public
-   License without this special exception.
-
-   This special exception was added by the Free Software Foundation in
-   version 2.2 of Bison.  */
-
-/* Tokens.  */
-#ifndef YYTOKENTYPE
-# define YYTOKENTYPE
-   /* Put the tokens into the symbol table, so that GDB and other debuggers
-      know about them.  */
-   enum yytokentype {
-     kw_ABSENT = 258,
-     kw_ABSTRACT_SYNTAX = 259,
-     kw_ALL = 260,
-     kw_APPLICATION = 261,
-     kw_AUTOMATIC = 262,
-     kw_BEGIN = 263,
-     kw_BIT = 264,
-     kw_BMPString = 265,
-     kw_BOOLEAN = 266,
-     kw_BY = 267,
-     kw_CHARACTER = 268,
-     kw_CHOICE = 269,
-     kw_CLASS = 270,
-     kw_COMPONENT = 271,
-     kw_COMPONENTS = 272,
-     kw_CONSTRAINED = 273,
-     kw_CONTAINING = 274,
-     kw_DEFAULT = 275,
-     kw_DEFINITIONS = 276,
-     kw_EMBEDDED = 277,
-     kw_ENCODED = 278,
-     kw_END = 279,
-     kw_ENUMERATED = 280,
-     kw_EXCEPT = 281,
-     kw_EXPLICIT = 282,
-     kw_EXPORTS = 283,
-     kw_EXTENSIBILITY = 284,
-     kw_EXTERNAL = 285,
-     kw_FALSE = 286,
-     kw_FROM = 287,
-     kw_GeneralString = 288,
-     kw_GeneralizedTime = 289,
-     kw_GraphicString = 290,
-     kw_IA5String = 291,
-     kw_IDENTIFIER = 292,
-     kw_IMPLICIT = 293,
-     kw_IMPLIED = 294,
-     kw_IMPORTS = 295,
-     kw_INCLUDES = 296,
-     kw_INSTANCE = 297,
-     kw_INTEGER = 298,
-     kw_INTERSECTION = 299,
-     kw_ISO646String = 300,
-     kw_MAX = 301,
-     kw_MIN = 302,
-     kw_MINUS_INFINITY = 303,
-     kw_NULL = 304,
-     kw_NumericString = 305,
-     kw_OBJECT = 306,
-     kw_OCTET = 307,
-     kw_OF = 308,
-     kw_OPTIONAL = 309,
-     kw_ObjectDescriptor = 310,
-     kw_PATTERN = 311,
-     kw_PDV = 312,
-     kw_PLUS_INFINITY = 313,
-     kw_PRESENT = 314,
-     kw_PRIVATE = 315,
-     kw_PrintableString = 316,
-     kw_REAL = 317,
-     kw_RELATIVE_OID = 318,
-     kw_SEQUENCE = 319,
-     kw_SET = 320,
-     kw_SIZE = 321,
-     kw_STRING = 322,
-     kw_SYNTAX = 323,
-     kw_T61String = 324,
-     kw_TAGS = 325,
-     kw_TRUE = 326,
-     kw_TYPE_IDENTIFIER = 327,
-     kw_TeletexString = 328,
-     kw_UNION = 329,
-     kw_UNIQUE = 330,
-     kw_UNIVERSAL = 331,
-     kw_UTCTime = 332,
-     kw_UTF8String = 333,
-     kw_UniversalString = 334,
-     kw_VideotexString = 335,
-     kw_VisibleString = 336,
-     kw_WITH = 337,
-     RANGE = 338,
-     EEQUAL = 339,
-     ELLIPSIS = 340,
-     IDENTIFIER = 341,
-     referencename = 342,
-     STRING = 343,
-     NUMBER = 344
-   };
-#endif
-/* Tokens.  */
-#define kw_ABSENT 258
-#define kw_ABSTRACT_SYNTAX 259
-#define kw_ALL 260
-#define kw_APPLICATION 261
-#define kw_AUTOMATIC 262
-#define kw_BEGIN 263
-#define kw_BIT 264
-#define kw_BMPString 265
-#define kw_BOOLEAN 266
-#define kw_BY 267
-#define kw_CHARACTER 268
-#define kw_CHOICE 269
-#define kw_CLASS 270
-#define kw_COMPONENT 271
-#define kw_COMPONENTS 272
-#define kw_CONSTRAINED 273
-#define kw_CONTAINING 274
-#define kw_DEFAULT 275
-#define kw_DEFINITIONS 276
-#define kw_EMBEDDED 277
-#define kw_ENCODED 278
-#define kw_END 279
-#define kw_ENUMERATED 280
-#define kw_EXCEPT 281
-#define kw_EXPLICIT 282
-#define kw_EXPORTS 283
-#define kw_EXTENSIBILITY 284
-#define kw_EXTERNAL 285
-#define kw_FALSE 286
-#define kw_FROM 287
-#define kw_GeneralString 288
-#define kw_GeneralizedTime 289
-#define kw_GraphicString 290
-#define kw_IA5String 291
-#define kw_IDENTIFIER 292
-#define kw_IMPLICIT 293
-#define kw_IMPLIED 294
-#define kw_IMPORTS 295
-#define kw_INCLUDES 296
-#define kw_INSTANCE 297
-#define kw_INTEGER 298
-#define kw_INTERSECTION 299
-#define kw_ISO646String 300
-#define kw_MAX 301
-#define kw_MIN 302
-#define kw_MINUS_INFINITY 303
-#define kw_NULL 304
-#define kw_NumericString 305
-#define kw_OBJECT 306
-#define kw_OCTET 307
-#define kw_OF 308
-#define kw_OPTIONAL 309
-#define kw_ObjectDescriptor 310
-#define kw_PATTERN 311
-#define kw_PDV 312
-#define kw_PLUS_INFINITY 313
-#define kw_PRESENT 314
-#define kw_PRIVATE 315
-#define kw_PrintableString 316
-#define kw_REAL 317
-#define kw_RELATIVE_OID 318
-#define kw_SEQUENCE 319
-#define kw_SET 320
-#define kw_SIZE 321
-#define kw_STRING 322
-#define kw_SYNTAX 323
-#define kw_T61String 324
-#define kw_TAGS 325
-#define kw_TRUE 326
-#define kw_TYPE_IDENTIFIER 327
-#define kw_TeletexString 328
-#define kw_UNION 329
-#define kw_UNIQUE 330
-#define kw_UNIVERSAL 331
-#define kw_UTCTime 332
-#define kw_UTF8String 333
-#define kw_UniversalString 334
-#define kw_VideotexString 335
-#define kw_VisibleString 336
-#define kw_WITH 337
-#define RANGE 338
-#define EEQUAL 339
-#define ELLIPSIS 340
-#define IDENTIFIER 341
-#define referencename 342
-#define STRING 343
-#define NUMBER 344
-
-
-
-
-#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
-typedef union YYSTYPE
-#line 65 "parse.y"
-{
-    int constant;
-    struct value *value;
-    struct range *range;
-    char *name;
-    Type *type;
-    Member *member;
-    struct objid *objid;
-    char *defval;
-    struct string_list *sl;
-    struct tagtype tag;
-    struct memhead *members;
-    struct constraint_spec *constraint_spec;
-}
-/* Line 1529 of yacc.c.  */
-#line 242 "parse.h"
-	YYSTYPE;
-# define yystype YYSTYPE /* obsolescent; will be withdrawn */
-# define YYSTYPE_IS_DECLARED 1
-# define YYSTYPE_IS_TRIVIAL 1
-#endif
-
-extern YYSTYPE yylval;
-
diff --git a/crypto/heimdal/lib/asn1/parse.y b/crypto/heimdal/lib/asn1/parse.y
deleted file mode 100644
index 772f2b1bc1c3..000000000000
--- a/crypto/heimdal/lib/asn1/parse.y
+++ /dev/null
@@ -1,1015 +0,0 @@
-/*
- * Copyright (c) 1997 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: parse.y 21597 2007-07-16 18:48:58Z lha $ */
-
-%{
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "symbol.h"
-#include "lex.h"
-#include "gen_locl.h"
-#include "der.h"
-
-RCSID("$Id: parse.y 21597 2007-07-16 18:48:58Z lha $");
-
-static Type *new_type (Typetype t);
-static struct constraint_spec *new_constraint_spec(enum ctype);
-static Type *new_tag(int tagclass, int tagvalue, int tagenv, Type *oldtype);
-void yyerror (const char *);
-static struct objid *new_objid(const char *label, int value);
-static void add_oid_to_tail(struct objid *, struct objid *);
-static void fix_labels(Symbol *s);
-
-struct string_list {
-    char *string;
-    struct string_list *next;
-};
-
-%}
-
-%union {
-    int constant;
-    struct value *value;
-    struct range *range;
-    char *name;
-    Type *type;
-    Member *member;
-    struct objid *objid;
-    char *defval;
-    struct string_list *sl;
-    struct tagtype tag;
-    struct memhead *members;
-    struct constraint_spec *constraint_spec;
-}
-
-%token kw_ABSENT
-%token kw_ABSTRACT_SYNTAX
-%token kw_ALL
-%token kw_APPLICATION
-%token kw_AUTOMATIC
-%token kw_BEGIN
-%token kw_BIT
-%token kw_BMPString
-%token kw_BOOLEAN
-%token kw_BY
-%token kw_CHARACTER
-%token kw_CHOICE
-%token kw_CLASS
-%token kw_COMPONENT
-%token kw_COMPONENTS
-%token kw_CONSTRAINED
-%token kw_CONTAINING
-%token kw_DEFAULT
-%token kw_DEFINITIONS
-%token kw_EMBEDDED
-%token kw_ENCODED
-%token kw_END
-%token kw_ENUMERATED
-%token kw_EXCEPT
-%token kw_EXPLICIT
-%token kw_EXPORTS
-%token kw_EXTENSIBILITY
-%token kw_EXTERNAL
-%token kw_FALSE
-%token kw_FROM
-%token kw_GeneralString
-%token kw_GeneralizedTime
-%token kw_GraphicString
-%token kw_IA5String
-%token kw_IDENTIFIER
-%token kw_IMPLICIT
-%token kw_IMPLIED
-%token kw_IMPORTS
-%token kw_INCLUDES
-%token kw_INSTANCE
-%token kw_INTEGER
-%token kw_INTERSECTION
-%token kw_ISO646String
-%token kw_MAX
-%token kw_MIN
-%token kw_MINUS_INFINITY
-%token kw_NULL
-%token kw_NumericString
-%token kw_OBJECT
-%token kw_OCTET
-%token kw_OF
-%token kw_OPTIONAL
-%token kw_ObjectDescriptor
-%token kw_PATTERN
-%token kw_PDV
-%token kw_PLUS_INFINITY
-%token kw_PRESENT
-%token kw_PRIVATE
-%token kw_PrintableString
-%token kw_REAL
-%token kw_RELATIVE_OID
-%token kw_SEQUENCE
-%token kw_SET
-%token kw_SIZE
-%token kw_STRING
-%token kw_SYNTAX
-%token kw_T61String
-%token kw_TAGS
-%token kw_TRUE
-%token kw_TYPE_IDENTIFIER
-%token kw_TeletexString
-%token kw_UNION
-%token kw_UNIQUE
-%token kw_UNIVERSAL
-%token kw_UTCTime
-%token kw_UTF8String
-%token kw_UniversalString
-%token kw_VideotexString
-%token kw_VisibleString
-%token kw_WITH
-
-%token RANGE
-%token EEQUAL
-%token ELLIPSIS
-
-%token <name> IDENTIFIER  referencename
-%token <name> STRING
-
-%token <constant> NUMBER
-%type <constant> SignedNumber
-%type <constant> Class tagenv
-
-%type <value> Value
-%type <value> BuiltinValue
-%type <value> IntegerValue
-%type <value> BooleanValue
-%type <value> ObjectIdentifierValue
-%type <value> CharacterStringValue
-%type <value> NullValue
-%type <value> DefinedValue
-%type <value> ReferencedValue
-%type <value> Valuereference
-
-%type <type> Type
-%type <type> BuiltinType
-%type <type> BitStringType
-%type <type> BooleanType
-%type <type> ChoiceType
-%type <type> ConstrainedType
-%type <type> EnumeratedType
-%type <type> IntegerType
-%type <type> NullType
-%type <type> OctetStringType
-%type <type> SequenceType
-%type <type> SequenceOfType
-%type <type> SetType
-%type <type> SetOfType
-%type <type> TaggedType
-%type <type> ReferencedType
-%type <type> DefinedType
-%type <type> UsefulType
-%type <type> ObjectIdentifierType
-%type <type> CharacterStringType
-%type <type> RestrictedCharactedStringType
-
-%type <tag> Tag
-
-%type <member> ComponentType
-%type <member> NamedBit
-%type <member> NamedNumber
-%type <member> NamedType
-%type <members> ComponentTypeList 
-%type <members> Enumerations
-%type <members> NamedBitList
-%type <members> NamedNumberList
-
-%type <objid> objid objid_list objid_element objid_opt
-%type <range> range size
-
-%type <sl> referencenames
-
-%type <constraint_spec> Constraint
-%type <constraint_spec> ConstraintSpec
-%type <constraint_spec> GeneralConstraint
-%type <constraint_spec> ContentsConstraint
-%type <constraint_spec> UserDefinedConstraint
-
-
-
-%start ModuleDefinition
-
-%%
-
-ModuleDefinition: IDENTIFIER objid_opt kw_DEFINITIONS TagDefault ExtensionDefault
-			EEQUAL kw_BEGIN ModuleBody kw_END
-		{
-			checkundefined();
-		}
-		;
-
-TagDefault	: kw_EXPLICIT kw_TAGS
-		| kw_IMPLICIT kw_TAGS
-		      { error_message("implicit tagging is not supported"); }
-		| kw_AUTOMATIC kw_TAGS
-		      { error_message("automatic tagging is not supported"); }
-		| /* empty */
-		;
-
-ExtensionDefault: kw_EXTENSIBILITY kw_IMPLIED
-		      { error_message("no extensibility options supported"); }
-		| /* empty */
-		;
-
-ModuleBody	: /* Exports */ Imports AssignmentList
-		| /* empty */
-		;
-
-Imports		: kw_IMPORTS SymbolsImported ';'
-		| /* empty */
-		;
-
-SymbolsImported	: SymbolsFromModuleList
-		| /* empty */
-		;
-
-SymbolsFromModuleList: SymbolsFromModule
-		| SymbolsFromModuleList SymbolsFromModule
-		;
-
-SymbolsFromModule: referencenames kw_FROM IDENTIFIER objid_opt
-		{ 
-		    struct string_list *sl;
-		    for(sl = $1; sl != NULL; sl = sl->next) {
-			Symbol *s = addsym(sl->string);
-			s->stype = Stype;
-		    }
-		    add_import($3);
-		}
-		;
-
-AssignmentList	: Assignment
-		| Assignment AssignmentList
-		;
-
-Assignment	: TypeAssignment
-		| ValueAssignment
-		;
-
-referencenames	: IDENTIFIER ',' referencenames
-		{
-		    $$ = emalloc(sizeof(*$$));
-		    $$->string = $1;
-		    $$->next = $3;
-		}
-		| IDENTIFIER
-		{
-		    $$ = emalloc(sizeof(*$$));
-		    $$->string = $1;
-		    $$->next = NULL;
-		}
-		;
-
-TypeAssignment	: IDENTIFIER EEQUAL Type
-		{
-		    Symbol *s = addsym ($1);
-		    s->stype = Stype;
-		    s->type = $3;
-		    fix_labels(s);
-		    generate_type (s);
-		}
-		;
-
-Type		: BuiltinType
-		| ReferencedType
-		| ConstrainedType
-		;
-
-BuiltinType	: BitStringType
-		| BooleanType
-		| CharacterStringType
-		| ChoiceType
-		| EnumeratedType
-		| IntegerType
-		| NullType
-		| ObjectIdentifierType
-		| OctetStringType
-		| SequenceType
-		| SequenceOfType
-		| SetType
-		| SetOfType
-		| TaggedType
-		;
-
-BooleanType	: kw_BOOLEAN
-		{
-			$$ = new_tag(ASN1_C_UNIV, UT_Boolean, 
-				     TE_EXPLICIT, new_type(TBoolean));
-		}
-		;
-
-range		: '(' Value RANGE Value ')'
-		{
-		    if($2->type != integervalue)
-			error_message("Non-integer used in first part of range");
-		    if($2->type != integervalue)
-			error_message("Non-integer in second part of range");
-		    $$ = ecalloc(1, sizeof(*$$));
-		    $$->min = $2->u.integervalue;
-		    $$->max = $4->u.integervalue;
-		}
-		| '(' Value RANGE kw_MAX ')'
-		{		
-		    if($2->type != integervalue)
-			error_message("Non-integer in first part of range");
-		    $$ = ecalloc(1, sizeof(*$$));
-		    $$->min = $2->u.integervalue;
-		    $$->max = $2->u.integervalue - 1;
-		}
-		| '(' kw_MIN RANGE Value ')'
-		{		
-		    if($4->type != integervalue)
-			error_message("Non-integer in second part of range");
-		    $$ = ecalloc(1, sizeof(*$$));
-		    $$->min = $4->u.integervalue + 2;
-		    $$->max = $4->u.integervalue;
-		}
-		| '(' Value ')'
-		{
-		    if($2->type != integervalue)
-			error_message("Non-integer used in limit");
-		    $$ = ecalloc(1, sizeof(*$$));
-		    $$->min = $2->u.integervalue;
-		    $$->max = $2->u.integervalue;
-		}
-		;
-
-
-IntegerType	: kw_INTEGER
-		{
-			$$ = new_tag(ASN1_C_UNIV, UT_Integer, 
-				     TE_EXPLICIT, new_type(TInteger));
-		}
-		| kw_INTEGER range
-		{
-			$$ = new_type(TInteger);
-			$$->range = $2;
-			$$ = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, $$);
-		}
-		| kw_INTEGER '{' NamedNumberList '}'
-		{
-		  $$ = new_type(TInteger);
-		  $$->members = $3;
-		  $$ = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, $$);
-		}
-		;
-
-NamedNumberList	: NamedNumber
-		{
-			$$ = emalloc(sizeof(*$$));
-			ASN1_TAILQ_INIT($$);
-			ASN1_TAILQ_INSERT_HEAD($$, $1, members);
-		}
-		| NamedNumberList ',' NamedNumber
-		{
-			ASN1_TAILQ_INSERT_TAIL($1, $3, members);
-			$$ = $1;
-		}
-		| NamedNumberList ',' ELLIPSIS
-			{ $$ = $1; } /* XXX used for Enumerations */
-		;
-
-NamedNumber	: IDENTIFIER '(' SignedNumber ')'
-		{
-			$$ = emalloc(sizeof(*$$));
-			$$->name = $1;
-			$$->gen_name = estrdup($1);
-			output_name ($$->gen_name);
-			$$->val = $3;
-			$$->optional = 0;
-			$$->ellipsis = 0;
-			$$->type = NULL;
-		}
-		;
-
-EnumeratedType	: kw_ENUMERATED '{' Enumerations '}'
-		{
-		  $$ = new_type(TInteger);
-		  $$->members = $3;
-		  $$ = new_tag(ASN1_C_UNIV, UT_Enumerated, TE_EXPLICIT, $$);
-		}
-		;
-
-Enumerations	: NamedNumberList /* XXX */
-		;
-
-BitStringType	: kw_BIT kw_STRING
-		{
-		  $$ = new_type(TBitString);
-		  $$->members = emalloc(sizeof(*$$->members));
-		  ASN1_TAILQ_INIT($$->members);
-		  $$ = new_tag(ASN1_C_UNIV, UT_BitString, TE_EXPLICIT, $$);
-		}
-		| kw_BIT kw_STRING '{' NamedBitList '}'
-		{
-		  $$ = new_type(TBitString);
-		  $$->members = $4;
-		  $$ = new_tag(ASN1_C_UNIV, UT_BitString, TE_EXPLICIT, $$);
-		}
-		;
-
-ObjectIdentifierType: kw_OBJECT kw_IDENTIFIER
-		{
-			$$ = new_tag(ASN1_C_UNIV, UT_OID, 
-				     TE_EXPLICIT, new_type(TOID));
-		}
-		;
-OctetStringType	: kw_OCTET kw_STRING size
-		{
-		    Type *t = new_type(TOctetString);
-		    t->range = $3;
-		    $$ = new_tag(ASN1_C_UNIV, UT_OctetString, 
-				 TE_EXPLICIT, t);
-		}
-		;
-
-NullType	: kw_NULL
-		{
-			$$ = new_tag(ASN1_C_UNIV, UT_Null, 
-				     TE_EXPLICIT, new_type(TNull));
-		}
-		;
-
-size		:
-		{ $$ = NULL; }
-		| kw_SIZE range
-		{ $$ = $2; }
-		;
-
-
-SequenceType	: kw_SEQUENCE '{' /* ComponentTypeLists */ ComponentTypeList '}'
-		{
-		  $$ = new_type(TSequence);
-		  $$->members = $3;
-		  $$ = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, $$);
-		}
-		| kw_SEQUENCE '{' '}'
-		{
-		  $$ = new_type(TSequence);
-		  $$->members = NULL;
-		  $$ = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, $$);
-		}
-		;
-
-SequenceOfType	: kw_SEQUENCE size kw_OF Type
-		{
-		  $$ = new_type(TSequenceOf);
-		  $$->range = $2;
-		  $$->subtype = $4;
-		  $$ = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, $$);
-		}
-		;
-
-SetType		: kw_SET '{' /* ComponentTypeLists */ ComponentTypeList '}'
-		{
-		  $$ = new_type(TSet);
-		  $$->members = $3;
-		  $$ = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, $$);
-		}
-		| kw_SET '{' '}'
-		{
-		  $$ = new_type(TSet);
-		  $$->members = NULL;
-		  $$ = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, $$);
-		}
-		;
-
-SetOfType	: kw_SET kw_OF Type
-		{
-		  $$ = new_type(TSetOf);
-		  $$->subtype = $3;
-		  $$ = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, $$);
-		}
-		;
-
-ChoiceType	: kw_CHOICE '{' /* AlternativeTypeLists */ ComponentTypeList '}'
-		{
-		  $$ = new_type(TChoice);
-		  $$->members = $3;
-		}
-		;
-
-ReferencedType	: DefinedType
-		| UsefulType
-		;
-
-DefinedType	: IDENTIFIER
-		{
-		  Symbol *s = addsym($1);
-		  $$ = new_type(TType);
-		  if(s->stype != Stype && s->stype != SUndefined)
-		    error_message ("%s is not a type\n", $1);
-		  else
-		    $$->symbol = s;
-		}
-		;
-
-UsefulType	: kw_GeneralizedTime
-		{
-			$$ = new_tag(ASN1_C_UNIV, UT_GeneralizedTime, 
-				     TE_EXPLICIT, new_type(TGeneralizedTime));
-		}
-		| kw_UTCTime
-		{
-			$$ = new_tag(ASN1_C_UNIV, UT_UTCTime, 
-				     TE_EXPLICIT, new_type(TUTCTime));
-		}
-		;
-
-ConstrainedType	: Type Constraint
-		{
-		    /* if (Constraint.type == contentConstrant) {
-		       assert(Constraint.u.constraint.type == octetstring|bitstring-w/o-NamedBitList); // remember to check type reference too
-		       if (Constraint.u.constraint.type) {
-		         assert((Constraint.u.constraint.type.length % 8) == 0);
-		       }
-		      }
-		      if (Constraint.u.constraint.encoding) {
-		        type == der-oid|ber-oid
-		      }
-		    */
-		}
-		;
-
-
-Constraint	: '(' ConstraintSpec ')'
-		{
-		    $$ = $2;
-		}
-		;
-
-ConstraintSpec	: GeneralConstraint
-		;
-
-GeneralConstraint: ContentsConstraint
-		| UserDefinedConstraint
-		;
-
-ContentsConstraint: kw_CONTAINING Type
-		{
-		    $$ = new_constraint_spec(CT_CONTENTS);
-		    $$->u.content.type = $2;
-		    $$->u.content.encoding = NULL;
-		}
-		| kw_ENCODED kw_BY Value
-		{
-		    if ($3->type != objectidentifiervalue)
-			error_message("Non-OID used in ENCODED BY constraint");
-		    $$ = new_constraint_spec(CT_CONTENTS);
-		    $$->u.content.type = NULL;
-		    $$->u.content.encoding = $3;
-		}
-		| kw_CONTAINING Type kw_ENCODED kw_BY Value
-		{
-		    if ($5->type != objectidentifiervalue)
-			error_message("Non-OID used in ENCODED BY constraint");
-		    $$ = new_constraint_spec(CT_CONTENTS);
-		    $$->u.content.type = $2;
-		    $$->u.content.encoding = $5;
-		}
-		;
-
-UserDefinedConstraint: kw_CONSTRAINED kw_BY '{' '}'
-		{
-		    $$ = new_constraint_spec(CT_USER);
-		}
-		;
-
-TaggedType	: Tag tagenv Type
-		{
-			$$ = new_type(TTag);
-			$$->tag = $1;
-			$$->tag.tagenv = $2;
-			if($3->type == TTag && $2 == TE_IMPLICIT) {
-				$$->subtype = $3->subtype;
-				free($3);
-			} else
-				$$->subtype = $3;
-		}
-		;
-
-Tag		: '[' Class NUMBER ']'
-		{
-			$$.tagclass = $2;
-			$$.tagvalue = $3;
-			$$.tagenv = TE_EXPLICIT;
-		}
-		;
-
-Class		: /* */
-		{
-			$$ = ASN1_C_CONTEXT;
-		}
-		| kw_UNIVERSAL
-		{
-			$$ = ASN1_C_UNIV;
-		}
-		| kw_APPLICATION
-		{
-			$$ = ASN1_C_APPL;
-		}
-		| kw_PRIVATE
-		{
-			$$ = ASN1_C_PRIVATE;
-		}
-		;
-
-tagenv		: /* */
-		{
-			$$ = TE_EXPLICIT;
-		}
-		| kw_EXPLICIT
-		{
-			$$ = TE_EXPLICIT;
-		}
-		| kw_IMPLICIT
-		{
-			$$ = TE_IMPLICIT;
-		}
-		;
-
-
-ValueAssignment	: IDENTIFIER Type EEQUAL Value
-		{
-			Symbol *s;
-			s = addsym ($1);
-
-			s->stype = SValue;
-			s->value = $4;
-			generate_constant (s);
-		}
-		;
-
-CharacterStringType: RestrictedCharactedStringType
-		;
-
-RestrictedCharactedStringType: kw_GeneralString
-		{
-			$$ = new_tag(ASN1_C_UNIV, UT_GeneralString, 
-				     TE_EXPLICIT, new_type(TGeneralString));
-		}
-		| kw_UTF8String
-		{
-			$$ = new_tag(ASN1_C_UNIV, UT_UTF8String, 
-				     TE_EXPLICIT, new_type(TUTF8String));
-		}
-		| kw_PrintableString
-		{
-			$$ = new_tag(ASN1_C_UNIV, UT_PrintableString, 
-				     TE_EXPLICIT, new_type(TPrintableString));
-		}
-		| kw_VisibleString
-		{
-			$$ = new_tag(ASN1_C_UNIV, UT_VisibleString, 
-				     TE_EXPLICIT, new_type(TVisibleString));
-		}
-		| kw_IA5String
-		{
-			$$ = new_tag(ASN1_C_UNIV, UT_IA5String, 
-				     TE_EXPLICIT, new_type(TIA5String));
-		}
-		| kw_BMPString
-		{
-			$$ = new_tag(ASN1_C_UNIV, UT_BMPString, 
-				     TE_EXPLICIT, new_type(TBMPString));
-		}
-		| kw_UniversalString
-		{
-			$$ = new_tag(ASN1_C_UNIV, UT_UniversalString, 
-				     TE_EXPLICIT, new_type(TUniversalString));
-		}
-
-		;
-
-ComponentTypeList: ComponentType
-		{
-			$$ = emalloc(sizeof(*$$));
-			ASN1_TAILQ_INIT($$);
-			ASN1_TAILQ_INSERT_HEAD($$, $1, members);
-		}
-		| ComponentTypeList ',' ComponentType
-		{
-			ASN1_TAILQ_INSERT_TAIL($1, $3, members);
-			$$ = $1;
-		}
-		| ComponentTypeList ',' ELLIPSIS
-		{
-		        struct member *m = ecalloc(1, sizeof(*m));
-			m->name = estrdup("...");
-			m->gen_name = estrdup("asn1_ellipsis");
-			m->ellipsis = 1;
-			ASN1_TAILQ_INSERT_TAIL($1, m, members);
-			$$ = $1;
-		}
-		;
-
-NamedType	: IDENTIFIER Type
-		{
-		  $$ = emalloc(sizeof(*$$));
-		  $$->name = $1;
-		  $$->gen_name = estrdup($1);
-		  output_name ($$->gen_name);
-		  $$->type = $2;
-		  $$->ellipsis = 0;
-		}
-		;
-
-ComponentType	: NamedType
-		{
-			$$ = $1;
-			$$->optional = 0;
-			$$->defval = NULL;
-		}
-		| NamedType kw_OPTIONAL
-		{
-			$$ = $1;
-			$$->optional = 1;
-			$$->defval = NULL;
-		}
-		| NamedType kw_DEFAULT Value
-		{
-			$$ = $1;
-			$$->optional = 0;
-			$$->defval = $3;
-		}
-		;
-
-NamedBitList	: NamedBit
-		{
-			$$ = emalloc(sizeof(*$$));
-			ASN1_TAILQ_INIT($$);
-			ASN1_TAILQ_INSERT_HEAD($$, $1, members);
-		}
-		| NamedBitList ',' NamedBit
-		{
-			ASN1_TAILQ_INSERT_TAIL($1, $3, members);
-			$$ = $1;
-		}
-		;
-
-NamedBit	: IDENTIFIER '(' NUMBER ')'
-		{
-		  $$ = emalloc(sizeof(*$$));
-		  $$->name = $1;
-		  $$->gen_name = estrdup($1);
-		  output_name ($$->gen_name);
-		  $$->val = $3;
-		  $$->optional = 0;
-		  $$->ellipsis = 0;
-		  $$->type = NULL;
-		}
-		;
-
-objid_opt	: objid
-		| /* empty */ { $$ = NULL; }
-		;
-
-objid		: '{' objid_list '}'
-		{
-			$$ = $2;
-		}
-		;
-
-objid_list	:  /* empty */
-		{
-			$$ = NULL;
-		}
-		| objid_element objid_list
-		{
-		        if ($2) {
-				$$ = $2;
-				add_oid_to_tail($2, $1);
-			} else {
-				$$ = $1;
-			}
-		}
-		;
-
-objid_element	: IDENTIFIER '(' NUMBER ')'
-		{
-			$$ = new_objid($1, $3);
-		}
-		| IDENTIFIER
-		{
-		    Symbol *s = addsym($1);
-		    if(s->stype != SValue ||
-		       s->value->type != objectidentifiervalue) {
-			error_message("%s is not an object identifier\n", 
-				      s->name);
-			exit(1);
-		    }
-		    $$ = s->value->u.objectidentifiervalue;
-		}
-		| NUMBER
-		{
-		    $$ = new_objid(NULL, $1);
-		}
-		;
-
-Value		: BuiltinValue
-		| ReferencedValue
-		;
-
-BuiltinValue	: BooleanValue
-		| CharacterStringValue
-		| IntegerValue
-		| ObjectIdentifierValue
-		| NullValue
-		;
-
-ReferencedValue	: DefinedValue
-		;
-
-DefinedValue	: Valuereference
-		;
-
-Valuereference	: IDENTIFIER
-		{
-			Symbol *s = addsym($1);
-			if(s->stype != SValue)
-				error_message ("%s is not a value\n",
-						s->name);
-			else
-				$$ = s->value;
-		}
-		;
-
-CharacterStringValue: STRING
-		{
-			$$ = emalloc(sizeof(*$$));
-			$$->type = stringvalue;
-			$$->u.stringvalue = $1;
-		}
-		;
-
-BooleanValue	: kw_TRUE
-		{
-			$$ = emalloc(sizeof(*$$));
-			$$->type = booleanvalue;
-			$$->u.booleanvalue = 0;
-		}
-		| kw_FALSE
-		{
-			$$ = emalloc(sizeof(*$$));
-			$$->type = booleanvalue;
-			$$->u.booleanvalue = 0;
-		}
-		;
-
-IntegerValue	: SignedNumber
-		{
-			$$ = emalloc(sizeof(*$$));
-			$$->type = integervalue;
-			$$->u.integervalue = $1;
-		}
-		;
-
-SignedNumber	: NUMBER
-		;
-
-NullValue	: kw_NULL
-		{
-		}
-		;
-
-ObjectIdentifierValue: objid
-		{
-			$$ = emalloc(sizeof(*$$));
-			$$->type = objectidentifiervalue;
-			$$->u.objectidentifiervalue = $1;
-		}
-		;
-
-%%
-
-void
-yyerror (const char *s)
-{
-     error_message ("%s\n", s);
-}
-
-static Type *
-new_tag(int tagclass, int tagvalue, int tagenv, Type *oldtype)
-{
-    Type *t;
-    if(oldtype->type == TTag && oldtype->tag.tagenv == TE_IMPLICIT) {
-	t = oldtype;
-	oldtype = oldtype->subtype; /* XXX */
-    } else
-	t = new_type (TTag);
-    
-    t->tag.tagclass = tagclass;
-    t->tag.tagvalue = tagvalue;
-    t->tag.tagenv = tagenv;
-    t->subtype = oldtype;
-    return t;
-}
-
-static struct objid *
-new_objid(const char *label, int value)
-{
-    struct objid *s;
-    s = emalloc(sizeof(*s));
-    s->label = label;
-    s->value = value;
-    s->next = NULL;
-    return s;
-}
-
-static void
-add_oid_to_tail(struct objid *head, struct objid *tail)
-{
-    struct objid *o;
-    o = head;
-    while (o->next)
-	o = o->next;
-    o->next = tail;
-}
-
-static Type *
-new_type (Typetype tt)
-{
-    Type *t = ecalloc(1, sizeof(*t));
-    t->type = tt;
-    return t;
-}
-
-static struct constraint_spec *
-new_constraint_spec(enum ctype ct)
-{
-    struct constraint_spec *c = ecalloc(1, sizeof(*c));
-    c->ctype = ct;
-    return c;
-}
-
-static void fix_labels2(Type *t, const char *prefix);
-static void fix_labels1(struct memhead *members, const char *prefix)
-{
-    Member *m;
-
-    if(members == NULL)
-	return;
-    ASN1_TAILQ_FOREACH(m, members, members) {
-	asprintf(&m->label, "%s_%s", prefix, m->gen_name);
-	if (m->label == NULL)
-	    errx(1, "malloc");
-	if(m->type != NULL)
-	    fix_labels2(m->type, m->label);
-    }
-}
-
-static void fix_labels2(Type *t, const char *prefix)
-{
-    for(; t; t = t->subtype)
-	fix_labels1(t->members, prefix);
-}
-
-static void
-fix_labels(Symbol *s)
-{
-    char *p;
-    asprintf(&p, "choice_%s", s->gen_name);
-    if (p == NULL)
-	errx(1, "malloc");
-    fix_labels2(s->type, p);
-    free(p);
-}
diff --git a/crypto/heimdal/lib/asn1/pkcs12.asn1 b/crypto/heimdal/lib/asn1/pkcs12.asn1
deleted file mode 100644
index 37fe03e58e8a..000000000000
--- a/crypto/heimdal/lib/asn1/pkcs12.asn1
+++ /dev/null
@@ -1,81 +0,0 @@
--- $Id: pkcs12.asn1 15715 2005-07-23 11:08:47Z lha $ --
-
-PKCS12 DEFINITIONS ::=
-
-BEGIN
-
-IMPORTS ContentInfo FROM cms
-	DigestInfo FROM rfc2459
-	heim_any, heim_any_set FROM heim;
-
--- The PFX PDU
-
-id-pkcs-12 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
-	rsadsi(113549) pkcs(1) pkcs-12(12) }
-
-id-pkcs-12PbeIds                   OBJECT IDENTIFIER ::= { id-pkcs-12 1}
-id-pbeWithSHAAnd128BitRC4          OBJECT IDENTIFIER ::= { id-pkcs-12PbeIds 1}
-id-pbeWithSHAAnd40BitRC4           OBJECT IDENTIFIER ::= { id-pkcs-12PbeIds 2}
-id-pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= { id-pkcs-12PbeIds 3}
-id-pbeWithSHAAnd2-KeyTripleDES-CBC OBJECT IDENTIFIER ::= { id-pkcs-12PbeIds 4}
-id-pbeWithSHAAnd128BitRC2-CBC      OBJECT IDENTIFIER ::= { id-pkcs-12PbeIds 5}
-id-pbewithSHAAnd40BitRC2-CBC       OBJECT IDENTIFIER ::= { id-pkcs-12PbeIds 6}
-
-id-pkcs12-bagtypes		OBJECT IDENTIFIER ::= { id-pkcs-12 10 1}
-
-id-pkcs12-keyBag		OBJECT IDENTIFIER ::= { id-pkcs12-bagtypes 1 }
-id-pkcs12-pkcs8ShroudedKeyBag	OBJECT IDENTIFIER ::= { id-pkcs12-bagtypes 2 }
-id-pkcs12-certBag		OBJECT IDENTIFIER ::= { id-pkcs12-bagtypes 3 }
-id-pkcs12-crlBag		OBJECT IDENTIFIER ::= { id-pkcs12-bagtypes 4 }
-id-pkcs12-secretBag		OBJECT IDENTIFIER ::= { id-pkcs12-bagtypes 5 }
-id-pkcs12-safeContentsBag	OBJECT IDENTIFIER ::= { id-pkcs12-bagtypes 6 }
-
-
-PKCS12-MacData ::= SEQUENCE {
-    	mac 		DigestInfo,
-	macSalt	        OCTET STRING,
-	iterations	INTEGER OPTIONAL
-}
-
-PKCS12-PFX ::= SEQUENCE {
-    	version		INTEGER,
-    	authSafe	ContentInfo,
-    	macData    	PKCS12-MacData OPTIONAL
-}
-
-PKCS12-AuthenticatedSafe ::= SEQUENCE OF ContentInfo
-	-- Data if unencrypted
-	-- EncryptedData if password-encrypted
-	-- EnvelopedData if public key-encrypted
-
-PKCS12-Attribute ::= SEQUENCE {
-	attrId	   	OBJECT IDENTIFIER,
-	attrValues 	-- SET OF -- heim_any_set 
-}
-
-PKCS12-Attributes ::= SET OF PKCS12-Attribute
-
-PKCS12-SafeBag ::= SEQUENCE {
-  	bagId	      	OBJECT IDENTIFIER,
-  	bagValue      	[0] heim_any,
-  	bagAttributes 	PKCS12-Attributes OPTIONAL
-}
-
-PKCS12-SafeContents ::= SEQUENCE OF PKCS12-SafeBag
-
-PKCS12-CertBag ::= SEQUENCE {
-	certType	OBJECT IDENTIFIER,
-  	certValue      	[0] heim_any
-}
-
-PKCS12-PBEParams ::= SEQUENCE {
-	salt		OCTET STRING,
-	iterations	INTEGER (0..4294967295) OPTIONAL
-}
-
-PKCS12-OctetString ::= OCTET STRING
-
--- KeyBag ::= PrivateKeyInfo
--- PKCS8ShroudedKeyBag ::= EncryptedPrivateKeyInfo
-
-END
diff --git a/crypto/heimdal/lib/asn1/pkcs8.asn1 b/crypto/heimdal/lib/asn1/pkcs8.asn1
deleted file mode 100644
index 911e727c7085..000000000000
--- a/crypto/heimdal/lib/asn1/pkcs8.asn1
+++ /dev/null
@@ -1,30 +0,0 @@
--- $Id: pkcs8.asn1 16060 2005-09-13 19:41:29Z lha $ --
-
-PKCS8 DEFINITIONS ::=
-
-BEGIN
-
-IMPORTS	Attribute, AlgorithmIdentifier FROM rfc2459
-	heim_any, heim_any_set FROM heim;
-
-PKCS8PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
-
-PKCS8PrivateKey ::= OCTET STRING
-
-PKCS8Attributes ::= SET OF Attribute
-
-PKCS8PrivateKeyInfo ::= SEQUENCE {
-  version INTEGER,
-  privateKeyAlgorithm PKCS8PrivateKeyAlgorithmIdentifier,
-  privateKey PKCS8PrivateKey,
-  attributes [0] IMPLICIT SET OF Attribute OPTIONAL
-}
-
-PKCS8EncryptedData ::= OCTET STRING
-
-PKCS8EncryptedPrivateKeyInfo ::= SEQUENCE {
-    encryptionAlgorithm AlgorithmIdentifier,
-    encryptedData PKCS8EncryptedData 
-}
-
-END
diff --git a/crypto/heimdal/lib/asn1/pkcs9.asn1 b/crypto/heimdal/lib/asn1/pkcs9.asn1
deleted file mode 100644
index d985e91f3c03..000000000000
--- a/crypto/heimdal/lib/asn1/pkcs9.asn1
+++ /dev/null
@@ -1,28 +0,0 @@
--- $Id: pkcs9.asn1 17202 2006-04-24 08:59:10Z lha $ --
-
-PKCS9 DEFINITIONS ::=
-
-BEGIN
-
--- The PFX PDU
-
-id-pkcs-9 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
-	rsadsi(113549) pkcs(1) pkcs-9(9) }
-
-id-pkcs9-emailAddress		OBJECT IDENTIFIER ::= {id-pkcs-9 1 }
-id-pkcs9-contentType		OBJECT IDENTIFIER ::= {id-pkcs-9 3 }
-id-pkcs9-messageDigest		OBJECT IDENTIFIER ::= {id-pkcs-9 4 }
-id-pkcs9-signingTime		OBJECT IDENTIFIER ::= {id-pkcs-9 5 }
-id-pkcs9-countersignature	OBJECT IDENTIFIER ::= {id-pkcs-9 6 }
-
-id-pkcs-9-at-friendlyName	OBJECT IDENTIFIER ::= {id-pkcs-9 20}
-id-pkcs-9-at-localKeyId		OBJECT IDENTIFIER ::= {id-pkcs-9 21}
-id-pkcs-9-at-certTypes		OBJECT IDENTIFIER ::= {id-pkcs-9 22}
-id-pkcs-9-at-certTypes-x509	OBJECT IDENTIFIER ::= {id-pkcs-9-at-certTypes 1}
-
-PKCS9-BMPString ::= BMPString
-
-PKCS9-friendlyName ::= SET OF PKCS9-BMPString
-
-END
-
diff --git a/crypto/heimdal/lib/asn1/pkinit.asn1 b/crypto/heimdal/lib/asn1/pkinit.asn1
deleted file mode 100644
index 989b26581b3a..000000000000
--- a/crypto/heimdal/lib/asn1/pkinit.asn1
+++ /dev/null
@@ -1,182 +0,0 @@
--- $Id$ --
-
-PKINIT DEFINITIONS ::= BEGIN
-
-IMPORTS EncryptionKey, PrincipalName, Realm, KerberosTime, Checksum, Ticket FROM krb5
-	IssuerAndSerialNumber, ContentInfo FROM cms
-	SubjectPublicKeyInfo, AlgorithmIdentifier FROM rfc2459
-	heim_any FROM heim;
-
-id-pkinit OBJECT IDENTIFIER ::=
-  { iso (1) org (3) dod (6) internet (1) security (5)
-    kerberosv5 (2) pkinit (3) }
-
-id-pkauthdata  OBJECT IDENTIFIER  ::= { id-pkinit 1 }
-id-pkdhkeydata OBJECT IDENTIFIER  ::= { id-pkinit 2 }
-id-pkrkeydata  OBJECT IDENTIFIER  ::= { id-pkinit 3 }
-id-pkekuoid    OBJECT IDENTIFIER  ::= { id-pkinit 4 }
-id-pkkdcekuoid OBJECT IDENTIFIER  ::= { id-pkinit 5 }
-
-id-pkinit-san	OBJECT IDENTIFIER ::=
-  { iso(1) org(3) dod(6) internet(1) security(5) kerberosv5(2)
-    x509-sanan(2) }
-
-id-pkinit-ms-eku OBJECT IDENTIFIER ::=
-  { iso(1) org(3) dod(6) internet(1) private(4) 
-    enterprise(1) microsoft(311) 20 2 2 }
-
-id-pkinit-ms-san OBJECT IDENTIFIER ::=
-  { iso(1) org(3) dod(6) internet(1) private(4) 
-    enterprise(1) microsoft(311) 20 2 3 }
-
-MS-UPN-SAN ::= UTF8String
-
-pa-pk-as-req INTEGER ::=                  16
-pa-pk-as-rep INTEGER ::=                  17
-
-td-trusted-certifiers INTEGER ::=        104
-td-invalid-certificates INTEGER ::=      105
-td-dh-parameters INTEGER ::=             109
-
-DHNonce ::= OCTET STRING
-
-KDFAlgorithmId ::= SEQUENCE {
-       kdf-id            [0] OBJECT IDENTIFIER,
-       ...
-}
-
-TrustedCA ::= SEQUENCE {
-	caName                  [0] IMPLICIT OCTET STRING,
-	certificateSerialNumber [1] INTEGER OPTIONAL,
-	subjectKeyIdentifier    [2] OCTET STRING OPTIONAL,
-	...
-}
-
-ExternalPrincipalIdentifier ::= SEQUENCE {
-	subjectName		[0] IMPLICIT OCTET STRING OPTIONAL,
-	issuerAndSerialNumber	[1] IMPLICIT OCTET STRING OPTIONAL,
-	subjectKeyIdentifier	[2] IMPLICIT OCTET STRING OPTIONAL,
-	...
-}
-
-ExternalPrincipalIdentifiers ::= SEQUENCE OF ExternalPrincipalIdentifier
-
-PA-PK-AS-REQ ::= SEQUENCE {
-        signedAuthPack          [0] IMPLICIT OCTET STRING,
-        trustedCertifiers       [1] ExternalPrincipalIdentifiers OPTIONAL,
-	kdcPkId                 [2] IMPLICIT OCTET STRING OPTIONAL,
-	...
-}
-
-PKAuthenticator ::= SEQUENCE {
-	cusec                   [0] INTEGER -- (0..999999) --,
-	ctime                   [1] KerberosTime,
-	nonce                   [2] INTEGER (0..4294967295),
-	paChecksum              [3] OCTET STRING OPTIONAL,
-	...
-}
-
-AuthPack ::= SEQUENCE {
-	pkAuthenticator         [0] PKAuthenticator,
-	clientPublicValue       [1] SubjectPublicKeyInfo OPTIONAL,
-	supportedCMSTypes       [2] SEQUENCE OF AlgorithmIdentifier OPTIONAL,
-	clientDHNonce           [3] DHNonce OPTIONAL,
-	...,
-	supportedKDFs		[4] SEQUENCE OF KDFAlgorithmId OPTIONAL,
-	...
-}
-
-TD-TRUSTED-CERTIFIERS ::= ExternalPrincipalIdentifiers
-TD-INVALID-CERTIFICATES ::= ExternalPrincipalIdentifiers
-
-KRB5PrincipalName ::= SEQUENCE {
-	realm                   [0] Realm,
-	principalName           [1] PrincipalName
-}
-
-AD-INITIAL-VERIFIED-CAS ::= SEQUENCE OF ExternalPrincipalIdentifier
-
-DHRepInfo ::= SEQUENCE {
-	dhSignedData            [0] IMPLICIT OCTET STRING,
-	serverDHNonce           [1] DHNonce OPTIONAL,
-	...,
-	kdf			[2] KDFAlgorithmId OPTIONAL,
-	...
-}
-
-PA-PK-AS-REP ::= CHOICE {
-	dhInfo                  [0] DHRepInfo,
-	encKeyPack              [1] IMPLICIT OCTET STRING,
-	...
-}
-
-KDCDHKeyInfo ::= SEQUENCE {
-	subjectPublicKey        [0] BIT STRING,
-	nonce                   [1] INTEGER (0..4294967295),
-	dhKeyExpiration         [2] KerberosTime OPTIONAL,
-	...
-}
-
-ReplyKeyPack ::= SEQUENCE {
-	replyKey                [0] EncryptionKey,
-	asChecksum		[1] Checksum,
-	...
-}
-
-TD-DH-PARAMETERS ::= SEQUENCE OF AlgorithmIdentifier
-
-
--- Windows compat glue --
-
-PKAuthenticator-Win2k ::= SEQUENCE {
-	kdcName			[0] PrincipalName,
-	kdcRealm		[1] Realm,
-	cusec			[2] INTEGER (0..4294967295),
-	ctime			[3] KerberosTime,
-	nonce                   [4] INTEGER (-2147483648..2147483647)
-}
-
-AuthPack-Win2k ::= SEQUENCE {
-	pkAuthenticator         [0] PKAuthenticator-Win2k,
-	clientPublicValue       [1] SubjectPublicKeyInfo OPTIONAL
-}
-
-
-TrustedCA-Win2k ::= CHOICE {
-	caName                  [1] heim_any,
-	issuerAndSerial         [2] IssuerAndSerialNumber
-}
-
-PA-PK-AS-REQ-Win2k ::= SEQUENCE { 
-	signed-auth-pack	[0] IMPLICIT OCTET STRING, 
-	trusted-certifiers	[2] SEQUENCE OF TrustedCA-Win2k OPTIONAL, 
-	kdc-cert		[3] IMPLICIT OCTET STRING OPTIONAL, 
-	encryption-cert		[4] IMPLICIT OCTET STRING OPTIONAL
-}
-
-PA-PK-AS-REP-Win2k ::= CHOICE {
-	dhSignedData		[0] IMPLICIT OCTET STRING, 
-	encKeyPack		[1] IMPLICIT OCTET STRING
-}
-
-
-KDCDHKeyInfo-Win2k ::= SEQUENCE {
-	nonce			[0] INTEGER (-2147483648..2147483647),
-	subjectPublicKey	[2] BIT STRING
-}
-
-ReplyKeyPack-Win2k ::= SEQUENCE {
-        replyKey                [0] EncryptionKey,
-        nonce                   [1] INTEGER (-2147483648..2147483647),
-	...
-}
-
-PkinitSuppPubInfo ::= SEQUENCE {
-       enctype           [0] INTEGER (-2147483648..2147483647),
-       as-REQ            [1] OCTET STRING,
-       pk-as-rep         [2] OCTET STRING,
-       ticket            [3] Ticket,
-       ...
-}
-
-END
diff --git a/crypto/heimdal/lib/asn1/rfc2459.asn1 b/crypto/heimdal/lib/asn1/rfc2459.asn1
deleted file mode 100644
index 8e24f0740b8a..000000000000
--- a/crypto/heimdal/lib/asn1/rfc2459.asn1
+++ /dev/null
@@ -1,506 +0,0 @@
--- $Id$ --
--- Definitions from rfc2459/rfc3280
-
-RFC2459 DEFINITIONS ::= BEGIN
-
-IMPORTS heim_any FROM heim;
-
-Version ::=  INTEGER {
-	rfc3280_version_1(0), 
-	rfc3280_version_2(1),
-	rfc3280_version_3(2)
-}
-
-id-pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
-	rsadsi(113549) pkcs(1) 1 }
-id-pkcs1-rsaEncryption OBJECT IDENTIFIER ::=		{ id-pkcs-1 1 }
-id-pkcs1-md2WithRSAEncryption OBJECT IDENTIFIER ::=	{ id-pkcs-1 2 }
-id-pkcs1-md5WithRSAEncryption OBJECT IDENTIFIER ::=	{ id-pkcs-1 4 }
-id-pkcs1-sha1WithRSAEncryption OBJECT IDENTIFIER ::=	{ id-pkcs-1 5 }
-id-pkcs1-sha256WithRSAEncryption OBJECT IDENTIFIER ::=	{ id-pkcs-1 11 }
-id-pkcs1-sha384WithRSAEncryption OBJECT IDENTIFIER ::=	{ id-pkcs-1 12 }
-id-pkcs1-sha512WithRSAEncryption OBJECT IDENTIFIER ::=	{ id-pkcs-1 13 }
-
-id-heim-rsa-pkcs1-x509 OBJECT IDENTIFIER ::= { 1  2 752 43 16 1 }
-
-id-pkcs-2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
-	rsadsi(113549) pkcs(1) 2 }
-id-pkcs2-md2 OBJECT IDENTIFIER ::=		{ id-pkcs-2 2 }
-id-pkcs2-md4 OBJECT IDENTIFIER ::=		{ id-pkcs-2 4 }
-id-pkcs2-md5 OBJECT IDENTIFIER ::=		{ id-pkcs-2 5 }
-
-id-rsa-digestAlgorithm OBJECT IDENTIFIER ::= 
-{ iso(1) member-body(2) us(840) rsadsi(113549) 2 }
-
-id-rsa-digest-md2 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 2 }
-id-rsa-digest-md4 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 4 }
-id-rsa-digest-md5 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 5 }
-
-id-pkcs-3 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
-	rsadsi(113549) pkcs(1) 3 }
-
-id-pkcs3-rc2-cbc OBJECT IDENTIFIER ::=		{ id-pkcs-3 2 }
-id-pkcs3-rc4     OBJECT IDENTIFIER ::=		{ id-pkcs-3 4 }
-id-pkcs3-des-ede3-cbc OBJECT IDENTIFIER ::=	{ id-pkcs-3 7 }
-
-id-rsadsi-encalg OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
-	rsadsi(113549) 3 }
-
-id-rsadsi-rc2-cbc OBJECT IDENTIFIER ::=		{ id-rsadsi-encalg 2 }
-id-rsadsi-des-ede3-cbc OBJECT IDENTIFIER ::=	{ id-rsadsi-encalg 7 }
-
-id-secsig-sha-1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
-	oiw(14) secsig(3) algorithm(2) 26 }
-
-id-nistAlgorithm OBJECT IDENTIFIER ::= {
-   joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) 4 }
-   
-id-nist-aes-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 1 }
-
-id-aes-128-cbc OBJECT IDENTIFIER ::=		{ id-nist-aes-algs 2 }
-id-aes-192-cbc OBJECT IDENTIFIER ::=		{ id-nist-aes-algs 22 }
-id-aes-256-cbc OBJECT IDENTIFIER ::=		{ id-nist-aes-algs 42 }
-
-id-nist-sha-algs OBJECT IDENTIFIER ::=		{ id-nistAlgorithm 2 }
-
-id-sha256 OBJECT IDENTIFIER ::=			{ id-nist-sha-algs 1 }
-id-sha224 OBJECT IDENTIFIER ::=			{ id-nist-sha-algs 4 }
-id-sha384 OBJECT IDENTIFIER ::=			{ id-nist-sha-algs 2 }
-id-sha512 OBJECT IDENTIFIER ::=			{ id-nist-sha-algs 3 }
-
-id-dhpublicnumber OBJECT IDENTIFIER ::= {
-        iso(1) member-body(2) us(840) ansi-x942(10046)
-        number-type(2) 1 }
-
-id-x9-57 OBJECT IDENTIFIER ::= {
-        iso(1) member-body(2) us(840) ansi-x942(10046)
-	4 }
-
-id-dsa OBJECT IDENTIFIER ::=		{ id-x9-57 1 }
-id-dsa-with-sha1 OBJECT IDENTIFIER ::=		{ id-x9-57 3 }
-
--- x.520 names types
-
-id-x520-at 	OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 }
-
-id-at-commonName		OBJECT IDENTIFIER ::= { id-x520-at 3 }
-id-at-surname			OBJECT IDENTIFIER ::= { id-x520-at 4 }
-id-at-serialNumber		OBJECT IDENTIFIER ::= { id-x520-at 5 }
-id-at-countryName		OBJECT IDENTIFIER ::= { id-x520-at 6 }
-id-at-localityName		OBJECT IDENTIFIER ::= { id-x520-at 7 }
-id-at-stateOrProvinceName	OBJECT IDENTIFIER ::= { id-x520-at 8 }
-id-at-streetAddress		OBJECT IDENTIFIER ::= { id-x520-at 9 }
-id-at-organizationName		OBJECT IDENTIFIER ::= { id-x520-at 10 }
-id-at-organizationalUnitName	OBJECT IDENTIFIER ::= { id-x520-at 11 }
-id-at-name			OBJECT IDENTIFIER ::= { id-x520-at 41 }
-id-at-givenName			OBJECT IDENTIFIER ::= { id-x520-at 42 }
-id-at-initials			OBJECT IDENTIFIER ::= { id-x520-at 43 }
-id-at-generationQualifier	OBJECT IDENTIFIER ::= { id-x520-at 44 }
-id-at-pseudonym			OBJECT IDENTIFIER ::= { id-x520-at 65 }
--- RFC 2247
-id-Userid		      	OBJECT IDENTIFIER ::=
-                          { 0 9 2342 19200300 100 1 1 }
-id-domainComponent      	OBJECT IDENTIFIER ::=
-                          { 0 9 2342 19200300 100 1 25 }
-
-
--- rfc3280
-
-id-x509-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29}
-
-AlgorithmIdentifier ::= SEQUENCE {
-	algorithm	OBJECT IDENTIFIER,
-	parameters	heim_any OPTIONAL
-}
-
-AttributeType ::=   OBJECT IDENTIFIER
-
-AttributeValue ::=   heim_any
-
-TeletexStringx ::= [UNIVERSAL 20] IMPLICIT OCTET STRING
-
-DirectoryString ::= CHOICE {
-	ia5String	IA5String,
-	teletexString	TeletexStringx,
-	printableString	PrintableString,
-	universalString UniversalString,
-	utf8String	UTF8String,
-	bmpString	BMPString
-}
-
-Attribute ::= SEQUENCE {
-        type    AttributeType,
-        value   SET OF -- AttributeValue -- heim_any
-}
-
-AttributeTypeAndValue ::= SEQUENCE {
-        type    AttributeType,
-        value   DirectoryString
-}
-
-RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
-
-RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
-
-Name ::= CHOICE {
-	rdnSequence  RDNSequence
-}
-
-CertificateSerialNumber ::= INTEGER
-
-Time ::= CHOICE {
-     utcTime        UTCTime,
-     generalTime    GeneralizedTime
-}
-
-Validity ::= SEQUENCE {
-     notBefore      Time,
-     notAfter       Time
-}
-
-UniqueIdentifier  ::=  BIT STRING
-
-SubjectPublicKeyInfo  ::=  SEQUENCE  {
-     algorithm            AlgorithmIdentifier,
-     subjectPublicKey     BIT STRING
-}
-
-Extension  ::=  SEQUENCE  {
-     extnID      OBJECT IDENTIFIER,
-     critical    BOOLEAN OPTIONAL, -- DEFAULT FALSE XXX
-     extnValue   OCTET STRING
-}
-
-Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
-
-TBSCertificate  ::=  SEQUENCE  {
-     version         [0]  Version OPTIONAL, -- EXPLICIT nnn DEFAULT 1,
-     serialNumber         CertificateSerialNumber,
-     signature            AlgorithmIdentifier,
-     issuer               Name,
-     validity             Validity,
-     subject              Name,
-     subjectPublicKeyInfo SubjectPublicKeyInfo,
-     issuerUniqueID  [1]  IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL,
-                          -- If present, version shall be v2 or v3
-     subjectUniqueID [2]  IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL,
-                          -- If present, version shall be v2 or v3
-     extensions      [3]  EXPLICIT Extensions OPTIONAL
-                          -- If present, version shall be v3
-}
-
-Certificate  ::=  SEQUENCE  {
-     tbsCertificate       TBSCertificate,
-     signatureAlgorithm   AlgorithmIdentifier,
-     signatureValue       BIT STRING
-}
-
-Certificates ::= SEQUENCE OF Certificate
-
-ValidationParms ::= SEQUENCE {
-	seed		BIT STRING,
-	pgenCounter	INTEGER
-}
-
-DomainParameters ::= SEQUENCE {
-	p		INTEGER, -- odd prime, p=jq +1
-	g		INTEGER, -- generator, g
-	q		INTEGER, -- factor of p-1
-	j		INTEGER OPTIONAL, -- subgroup factor
-	validationParms	ValidationParms OPTIONAL -- ValidationParms
-}
-
-DHPublicKey ::= INTEGER
-
-OtherName ::= SEQUENCE {
-	type-id    OBJECT IDENTIFIER,
-	value      [0] EXPLICIT heim_any
-}
-
-GeneralName ::= CHOICE {
-	otherName			[0]     IMPLICIT -- OtherName -- SEQUENCE {
-		type-id    OBJECT IDENTIFIER,
-		value      [0] EXPLICIT heim_any
-	},
-	rfc822Name			[1]     IMPLICIT IA5String,
-	dNSName				[2]     IMPLICIT IA5String,
---	x400Address			[3]     IMPLICIT ORAddress,--
-	directoryName			[4]     IMPLICIT -- Name -- CHOICE {
-		rdnSequence  RDNSequence
-	},
---	ediPartyName			[5]     IMPLICIT EDIPartyName, --
-	uniformResourceIdentifier	[6]     IMPLICIT IA5String,
-	iPAddress			[7]     IMPLICIT OCTET STRING,
-	registeredID			[8]     IMPLICIT OBJECT IDENTIFIER
-}
-
-GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
-
-id-x509-ce-keyUsage OBJECT IDENTIFIER ::=  { id-x509-ce 15 }
-
-KeyUsage ::= BIT STRING {
-	digitalSignature	(0),
-	nonRepudiation		(1),
-	keyEncipherment		(2),
-	dataEncipherment	(3),
-	keyAgreement		(4),
-	keyCertSign		(5),
-	cRLSign			(6),
-	encipherOnly		(7),
-	decipherOnly		(8)
-}
-
-id-x509-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-x509-ce 35 }
-
-KeyIdentifier ::= OCTET STRING
-
-AuthorityKeyIdentifier ::= SEQUENCE {
-	keyIdentifier             [0] IMPLICIT OCTET STRING OPTIONAL,
-	authorityCertIssuer       [1] IMPLICIT -- GeneralName -- 
-		SEQUENCE -- SIZE (1..MAX) -- OF GeneralName OPTIONAL, 
-	authorityCertSerialNumber [2] IMPLICIT INTEGER OPTIONAL
-}
-
-id-x509-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::=  { id-x509-ce 14 }
-
-SubjectKeyIdentifier ::= KeyIdentifier
-
-id-x509-ce-basicConstraints OBJECT IDENTIFIER ::=  { id-x509-ce 19 }
-
-BasicConstraints ::= SEQUENCE {
-	cA                      BOOLEAN OPTIONAL -- DEFAULT FALSE --,
-	pathLenConstraint	INTEGER (0..4294967295) OPTIONAL 
-}
-
-id-x509-ce-nameConstraints OBJECT IDENTIFIER ::=  { id-x509-ce 30 }
-
-BaseDistance ::= INTEGER -- (0..MAX) --
-
-GeneralSubtree ::= SEQUENCE {
-	base			GeneralName,
-	minimum		[0]	IMPLICIT -- BaseDistance -- INTEGER OPTIONAL -- DEFAULT 0 --,
-	maximum		[1]	IMPLICIT -- BaseDistance -- INTEGER OPTIONAL
-}
-
-GeneralSubtrees ::= SEQUENCE -- SIZE (1..MAX) -- OF GeneralSubtree
-
-NameConstraints ::= SEQUENCE {
-	permittedSubtrees       [0]     IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL,
-	excludedSubtrees        [1]     IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL
-}
-
-id-x509-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::=  { id-x509-ce 16 }
-id-x509-ce-certificatePolicies OBJECT IDENTIFIER ::=  { id-x509-ce 32 }
-id-x509-ce-policyMappings OBJECT IDENTIFIER ::=  { id-x509-ce 33 }
-id-x509-ce-subjectAltName OBJECT IDENTIFIER ::=  { id-x509-ce 17 }
-id-x509-ce-issuerAltName OBJECT IDENTIFIER ::=  { id-x509-ce 18 }
-id-x509-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::=  { id-x509-ce 9 }
-id-x509-ce-policyConstraints OBJECT IDENTIFIER ::=  { id-x509-ce 36 }
-
-id-x509-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-x509-ce 37}
-
-ExtKeyUsage ::= SEQUENCE OF OBJECT IDENTIFIER
-
-id-x509-ce-cRLDistributionPoints OBJECT IDENTIFIER ::=  { id-x509-ce 31 }
-id-x509-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-x509-ce 27 }
-id-x509-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-x509-ce 28 }
-id-x509-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-x509-ce 23 }
-id-x509-ce-invalidityDate OBJECT IDENTIFIER ::= { id-x509-ce 24 }
-id-x509-ce-certificateIssuer   OBJECT IDENTIFIER ::= { id-x509-ce 29 }
-id-x509-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::=  { id-x509-ce 54 }
-
-DistributionPointReasonFlags ::= BIT STRING {
-	unused                  (0),
-	keyCompromise           (1),
-	cACompromise            (2),
-	affiliationChanged      (3),
-	superseded              (4),
-	cessationOfOperation    (5),
-	certificateHold         (6),
-	privilegeWithdrawn      (7),
-	aACompromise            (8)
-}
-
-DistributionPointName ::= CHOICE {
-	fullName                [0]     IMPLICIT -- GeneralNames --  SEQUENCE SIZE (1..MAX) OF GeneralName,
-	nameRelativeToCRLIssuer [1]     RelativeDistinguishedName
-}
-
-DistributionPoint ::= SEQUENCE {
-	distributionPoint       [0]     IMPLICIT heim_any -- DistributionPointName -- OPTIONAL,
-	reasons                 [1]     IMPLICIT heim_any -- DistributionPointReasonFlags -- OPTIONAL,
-	cRLIssuer               [2]     IMPLICIT heim_any -- GeneralNames -- OPTIONAL
-}
-
-CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
-
-
--- rfc3279
-
-DSASigValue  ::=  SEQUENCE {
-	r	INTEGER,
-	s	INTEGER
-}
-
-DSAPublicKey ::= INTEGER
-
-DSAParams  ::=  SEQUENCE {
-	p	INTEGER,
-	q	INTEGER,
-	g	INTEGER
-}
-
--- really pkcs1
-
-RSAPublicKey ::= SEQUENCE {
-	modulus INTEGER, -- n
-	publicExponent INTEGER -- e
-}
-
-RSAPrivateKey ::= SEQUENCE {
-	version INTEGER (0..4294967295),
-	modulus INTEGER, -- n
-	publicExponent INTEGER, -- e
-	privateExponent INTEGER, -- d
-	prime1 INTEGER, -- p
-	prime2 INTEGER, -- q
-	exponent1 INTEGER, -- d mod (p-1)
-	exponent2 INTEGER, -- d mod (q-1)
-	coefficient INTEGER -- (inverse of q) mod p
-}
-
-DigestInfo ::= SEQUENCE {
-	digestAlgorithm AlgorithmIdentifier,
-	digest OCTET STRING
-}
-
--- some ms ext
-
--- szOID_ENROLL_CERTTYPE_EXTENSION "1.3.6.1.4.1.311.20.2" is Encoded as a
-
--- UNICODESTRING (0x1E tag)
-
--- szOID_CERTIFICATE_TEMPLATE "1.3.6.1.4.1.311.21.7" is Encoded as:
-
--- TemplateVersion ::= INTEGER (0..4294967295) 
-
--- CertificateTemplate ::= SEQUENCE {
---	templateID OBJECT IDENTIFIER,
---	templateMajorVersion TemplateVersion,
---	templateMinorVersion TemplateVersion OPTIONAL
--- }
-
-
---
--- CRL
--- 
-
-TBSCRLCertList ::=  SEQUENCE  {
-	version			Version OPTIONAL, -- if present, MUST be v2
-	signature		AlgorithmIdentifier,
-	issuer			Name,
-	thisUpdate		Time,
-	nextUpdate		Time OPTIONAL,
-	revokedCertificates     SEQUENCE OF SEQUENCE  {
-		userCertificate         CertificateSerialNumber,
-		revocationDate          Time,
-		crlEntryExtensions      Extensions OPTIONAL
-						-- if present, MUST be v2
-	} OPTIONAL,
-	crlExtensions		[0] EXPLICIT Extensions OPTIONAL
-						-- if present, MUST be v2
-}
-
-
-CRLCertificateList ::=  SEQUENCE  {
-	tbsCertList          TBSCRLCertList,
-	signatureAlgorithm   AlgorithmIdentifier,
-	signatureValue       BIT STRING
-}
-
-id-x509-ce-cRLNumber OBJECT IDENTIFIER ::= { id-x509-ce 20 }
-id-x509-ce-freshestCRL OBJECT IDENTIFIER ::=  { id-x509-ce 46 }
-id-x509-ce-cRLReason OBJECT IDENTIFIER ::= { id-x509-ce 21 }
-
-CRLReason ::= ENUMERATED {
-	unspecified             (0),
-	keyCompromise           (1),
-	cACompromise            (2),
-	affiliationChanged      (3),
-	superseded              (4),
-	cessationOfOperation    (5),
-	certificateHold         (6),
-	removeFromCRL           (8),
-	privilegeWithdrawn      (9),
-	aACompromise           (10)
-}
-
-PKIXXmppAddr ::= UTF8String
-
-id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
-            dod(6) internet(1) security(5) mechanisms(5) pkix(7) }
-
-id-pkix-on OBJECT IDENTIFIER ::= { id-pkix 8 }
-id-pkix-on-xmppAddr OBJECT IDENTIFIER ::= { id-pkix-on 5 }
-id-pkix-on-dnsSRV OBJECT IDENTIFIER ::= { id-pkix-on 7 }
-
-id-pkix-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
-id-pkix-kp-serverAuth OBJECT IDENTIFIER ::= { id-pkix-kp 1 }
-id-pkix-kp-clientAuth OBJECT IDENTIFIER ::= { id-pkix-kp 2 }
-id-pkix-kp-emailProtection OBJECT IDENTIFIER ::= { id-pkix-kp 4 }
-id-pkix-kp-timeStamping OBJECT IDENTIFIER ::= { id-pkix-kp 8 }
-id-pkix-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-pkix-kp 9 }
-
-id-pkix-pe OBJECT IDENTIFIER ::= { id-pkix 1 }
-
-id-pkix-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pkix-pe 1 }
-
-AccessDescription  ::=  SEQUENCE {
-	accessMethod          OBJECT IDENTIFIER,
-	accessLocation        GeneralName
-}
-
-AuthorityInfoAccessSyntax ::= SEQUENCE SIZE (1..MAX) OF AccessDescription
-
--- RFC 3820 Proxy Certificate Profile
-
-id-pkix-pe-proxyCertInfo OBJECT IDENTIFIER ::= { id-pkix-pe 14 }
-
-id-pkix-ppl  OBJECT IDENTIFIER ::= { id-pkix 21 }
-
-id-pkix-ppl-anyLanguage     OBJECT IDENTIFIER ::= { id-pkix-ppl 0 }
-id-pkix-ppl-inheritAll      OBJECT IDENTIFIER ::= { id-pkix-ppl 1 }
-id-pkix-ppl-independent     OBJECT IDENTIFIER ::= { id-pkix-ppl 2 }
-
-ProxyPolicy ::= SEQUENCE {
-	policyLanguage		OBJECT IDENTIFIER,
-	policy			OCTET STRING OPTIONAL
-}
-
-ProxyCertInfo ::= SEQUENCE {
-	pCPathLenConstraint	INTEGER (0..4294967295) OPTIONAL, -- really MAX
-	proxyPolicy		ProxyPolicy
-}
-
---- U.S. Federal PKI Common Policy Framework
--- Card Authentication key
-id-uspkicommon-card-id OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 6 }
-id-uspkicommon-piv-interim OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 9 1 }
-
---- Netscape extentions
-
-id-netscape OBJECT IDENTIFIER ::= 
-    { joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730) }
-id-netscape-cert-comment OBJECT IDENTIFIER ::= { id-netscape 1 13 }
-
---- MS extentions
-
-id-ms-cert-enroll-domaincontroller OBJECT IDENTIFIER ::= 
-    { 1 3 6 1 4 1 311 20 2 }
-
-id-ms-client-authentication OBJECT IDENTIFIER ::= 
- { 1 3 6 1 5 5 7 3 2 }
-
--- DER:1e:20:00:44:00:6f:00:6d:00:61:00:69:00:6e:00:43:00:6f:00:6e:00:74:00:72:00:6f:00:6c:00:6c:00:65:00:72
-
-END
diff --git a/crypto/heimdal/lib/asn1/setchgpw2.asn1 b/crypto/heimdal/lib/asn1/setchgpw2.asn1
deleted file mode 100644
index 7db385423383..000000000000
--- a/crypto/heimdal/lib/asn1/setchgpw2.asn1
+++ /dev/null
@@ -1,193 +0,0 @@
--- $Id: setchgpw2.asn1 18010 2006-09-05 12:31:59Z lha $
-
-SETCHGPW2 DEFINITIONS ::=
-BEGIN
-
-IMPORTS PrincipalName, Realm, ENCTYPE FROM krb5;
-
-ProtocolErrorCode ::= ENUMERATED {
-	generic-error(0),
-	unsupported-major-version(1),
-	unsupported-minor-version(2),
-	unsupported-operation(3),
-	authorization-failed(4),
-	initial-ticket-required(5),
-	target-principal-unknown(6),
-	...
-}
-
-Key	::= SEQUENCE {
-	enc-type[0]	INTEGER,
-	key[1]		OCTET STRING,
-	...
-}
-
-Language-Tag	::= UTF8String    -- Constrained by RFC3066
-
-LangTaggedText	::= SEQUENCE {
-	language[0]	Language-Tag OPTIONAL,
-	text[1]		UTF8String,
-	...
-}
-
--- NULL Op
-
-Req-null ::= NULL
-Rep-null ::= NULL
-Err-null ::= NULL
-
--- Change password
-Req-change-pw ::= SEQUENCE {
-	old-pw[0]	UTF8String,
-	new-pw[1]	UTF8String OPTIONAL,
-	etypes[2]	SEQUENCE OF ENCTYPE OPTIONAL,
-	...
-}
-
-Rep-change-pw ::= SEQUENCE {
-	info-text[0]	UTF8String OPTIONAL,
-	new-pw[1]	UTF8String OPTIONAL,
-	etypes[2]	SEQUENCE OF ENCTYPE OPTIONAL
-}
-
-Err-change-pw ::= SEQUENCE {
-	help-text[0]		UTF8String OPTIONAL,
-	code[1]			ENUMERATED {
-		generic(0),
-		wont-generate-new-pw(1),
-		old-pw-incorrect(2),
-		new-pw-rejected-geneneric(3),
-		pw-change-too-short(4),
-		...
-	},
-	suggested-new-pw[2]	UTF8String OPTIONAL,
-	...
-}
-
--- Change/Set keys
-Req-set-keys ::= SEQUENCE {
-	etypes[0]	SEQUENCE OF ENCTYPE,
-	entropy[1]	OCTET STRING,
-	...
-}
-
-Rep-set-keys ::= SEQUENCE {
-	info-text[0]		UTF8String OPTIONAL,
-	kvno[1]			INTEGER,
-	keys[2]			SEQUENCE OF Key,
-	aliases[3]	SEQUENCE OF SEQUENCE {
-		name[0] PrincipalName,
-		realm[1] Realm OPTIONAL,
-		...
-	},
-	...
-}
-
-Err-set-keys ::= SEQUENCE {
-	help-text[0]		UTF8String OPTIONAL,
-	enctypes[1]		SEQUENCE OF ENCTYPE OPTIONAL,
-	code[1]		ENUMERATED {
-		etype-no-support(0),
-		...
-	},
-	...
-}
-
--- Get password policy
-Req-get-pw-policy ::= NULL
-
-Rep-get-pw-policy ::= SEQUENCE {
-	help-text[0]		UTF8String OPTIONAL,
-	policy-name[1]		UTF8String OPTIONAL,
-	description[2]		UTF8String OPTIONAL,
-	...
-}
-
-Err-get-pw-policy ::= NULL
-
--- Get principal aliases
-Req-get-princ-aliases ::= NULL
-
-Rep-get-princ-aliases ::= SEQUENCE {
-	help-text[0]		UTF8String OPTIONAL,
-	aliases[1]	SEQUENCE OF SEQUENCE {
-		name[0]		PrincipalName,
-		realm[1]	Realm OPTIONAL,
-		...
-	} OPTIONAL,
-	...
-}
-
-Err-get-princ-aliases ::= NULL
-
--- Get list of encryption types supported by KDC for new types
-Req-get-supported-etypes ::= NULL
-
-Rep-get-supported-etypes ::= SEQUENCE OF ENCTYPE
-
-Err-get-supported-etypes ::= NULL
-
--- Choice switch
-
-Op-req ::= CHOICE {
-	null[0]			Req-null,
-	change-pw[1]		Req-change-pw,
-	set-keys[2]		Req-set-keys,
-	get-pw-policy[3]	Req-get-pw-policy,
-	get-princ-aliases[4]	Req-get-princ-aliases,
-	get-supported-etypes[5]	Req-get-supported-etypes,
-	...
-}
- 
-Op-rep ::= CHOICE {
-	null[0]			Rep-null,
-	change-pw[1]		Rep-change-pw,
-	set-keys[2]		Rep-set-keys,
-	get-pw-policy[3]	Rep-get-pw-policy,
-	get-princ-aliases[4]	Rep-get-princ-aliases,
-	get-supported-etypes[5]	Rep-get-supported-etypes,
-	...
-}
-
-Op-error ::= CHOICE {
-	null[0]			Err-null,
-	change-pw[1]		Err-change-pw,
-	set-keys[2]		Err-set-keys,
-	get-pw-policy[3]	Err-get-pw-policy,
-	get-princ-aliases[4]	Err-get-princ-aliases,
-	get-supported-etypes[5]	Err-get-supported-etypes,
-	...
-}
-
-
-Request ::= [ APPLICATION 0 ] SEQUENCE {
-	pvno-major[0]	INTEGER DEFAULT 2,
-	pvno-minor[1]	INTEGER DEFAULT 0,
-	languages[2]	SEQUENCE OF Language-Tag OPTIONAL,
-	targ-name[3]	PrincipalName OPTIONAL,
-	targ-realm[4]	Realm OPTIONAL,
-	operation[5]	Op-Req,
-	...
-}
-
-Response ::= [ APPLICATION 1 ] SEQUENCE {
-	pvno-major[0]	INTEGER DEFAULT 2,
-	pvno-minor[1]	INTEGER DEFAULT 0,
-	language[2]	Language-Tag DEFAULT "i-default",
-	result[3]	Op-rep OPTIONAL,
-	...
-}
-
-Error-Response ::= [ APPLICATION 2 ] SEQUENCE {
-	pvno-major[0]	INTEGER DEFAULT 2,
-	pvno-minor[1]	INTEGER DEFAULT 0,
-	language[2]	Language-Tag DEFAULT "i-default",
-	error-code[3]	ProtocolErrorCode,
-	help-text[4]	UTF8String OPTIONAL,
-	op-error[5]	Op-error OP-ERROR,
-	...
-}
-
-END
-
--- etags -r '/\([A-Za-z][-A-Za-z0-9]*\).*::=/\1/' setchgpw2.asn1
diff --git a/crypto/heimdal/lib/asn1/symbol.c b/crypto/heimdal/lib/asn1/symbol.c
deleted file mode 100644
index 9407915c19b7..000000000000
--- a/crypto/heimdal/lib/asn1/symbol.c
+++ /dev/null
@@ -1,110 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gen_locl.h"
-#include "lex.h"
-
-RCSID("$Id: symbol.c 15617 2005-07-12 06:27:42Z lha $");
-
-static Hashtab *htab;
-
-static int
-cmp(void *a, void *b)
-{
-    Symbol *s1 = (Symbol *) a;
-    Symbol *s2 = (Symbol *) b;
-
-    return strcmp(s1->name, s2->name);
-}
-
-static unsigned
-hash(void *a)
-{
-    Symbol *s = (Symbol *) a;
-
-    return hashjpw(s->name);
-}
-
-void
-initsym(void)
-{
-    htab = hashtabnew(101, cmp, hash);
-}
-
-
-void
-output_name(char *s)
-{
-    char *p;
-
-    for (p = s; *p; ++p)
-	if (*p == '-')
-	    *p = '_';
-}
-
-Symbol *
-addsym(char *name)
-{
-    Symbol key, *s;
-
-    key.name = name;
-    s = (Symbol *) hashtabsearch(htab, (void *) &key);
-    if (s == NULL) {
-	s = (Symbol *) emalloc(sizeof(*s));
-	s->name = name;
-	s->gen_name = estrdup(name);
-	output_name(s->gen_name);
-	s->stype = SUndefined;
-	hashtabadd(htab, s);
-    }
-    return s;
-}
-
-static int
-checkfunc(void *ptr, void *arg)
-{
-    Symbol *s = ptr;
-    if (s->stype == SUndefined) {
-	error_message("%s is still undefined\n", s->name);
-	*(int *) arg = 1;
-    }
-    return 0;
-}
-
-int
-checkundefined(void)
-{
-    int f = 0;
-    hashtabforeach(htab, checkfunc, &f);
-    return f;
-}
diff --git a/crypto/heimdal/lib/asn1/symbol.h b/crypto/heimdal/lib/asn1/symbol.h
deleted file mode 100644
index d07caf559042..000000000000
--- a/crypto/heimdal/lib/asn1/symbol.h
+++ /dev/null
@@ -1,161 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: symbol.h 19539 2006-12-28 17:15:05Z lha $ */
-
-#ifndef _SYMBOL_H
-#define _SYMBOL_H
-
-#include "asn1_queue.h"
-
-enum typetype { 
-    TBitString,
-    TBoolean,
-    TChoice, 
-    TEnumerated,
-    TGeneralString, 
-    TGeneralizedTime, 
-    TIA5String,
-    TInteger, 
-    TNull,
-    TOID, 
-    TOctetString, 
-    TPrintableString,
-    TSequence, 
-    TSequenceOf,
-    TSet, 
-    TSetOf,
-    TTag, 
-    TType, 
-    TUTCTime, 
-    TUTF8String,
-    TBMPString,
-    TUniversalString,
-    TVisibleString
-};
-
-typedef enum typetype Typetype;
-
-struct type;
-
-struct value {
-    enum { booleanvalue, 
-	   nullvalue, 
-	   integervalue, 
-	   stringvalue, 
-	   objectidentifiervalue
-    } type;
-    union {
-	int booleanvalue;
-	int integervalue;
-	char *stringvalue;
-	struct objid *objectidentifiervalue;
-    } u;
-};
-
-struct member {
-    char *name;
-    char *gen_name;
-    char *label;
-    int val;
-    int optional;
-    int ellipsis;
-    struct type *type;
-    ASN1_TAILQ_ENTRY(member) members;
-    struct value *defval;
-};
-
-typedef struct member Member;
-
-ASN1_TAILQ_HEAD(memhead, member);
-
-struct symbol;
-
-struct tagtype {
-    int tagclass;
-    int tagvalue;
-    enum { TE_IMPLICIT, TE_EXPLICIT } tagenv;
-};
-
-struct range {
-    int min;
-    int max;
-};
-
-enum ctype { CT_CONTENTS, CT_USER } ;
-
-struct constraint_spec;
-
-struct type {
-    Typetype type;
-    struct memhead *members;
-    struct symbol *symbol;
-    struct type *subtype;
-    struct tagtype tag;
-    struct range *range;
-    struct constraint_spec *constraint;
-};
-
-typedef struct type Type;
-
-struct constraint_spec {
-    enum ctype ctype;
-    union {
-	struct {
-	    Type *type;
-	    struct value *encoding;
-	} content;
-    } u;
-};
-
-struct objid {
-    const char *label;
-    int value;
-    struct objid *next;
-};
-
-struct symbol {
-    char *name;
-    char *gen_name;
-    enum { SUndefined, SValue, Stype } stype;
-    struct value *value;
-    Type *type;
-};
-
-typedef struct symbol Symbol;
-
-void initsym (void);
-Symbol *addsym (char *);
-void output_name (char *);
-int checkundefined(void);
-#endif
diff --git a/crypto/heimdal/lib/asn1/test.asn1 b/crypto/heimdal/lib/asn1/test.asn1
deleted file mode 100644
index b2f58a20c2ce..000000000000
--- a/crypto/heimdal/lib/asn1/test.asn1
+++ /dev/null
@@ -1,95 +0,0 @@
--- $Id: test.asn1 21455 2007-07-10 12:51:19Z lha $ --
-
-TEST DEFINITIONS ::=
-
-BEGIN
-
-IMPORTS heim_any FROM heim;
-
-TESTLargeTag ::= SEQUENCE {
-	foo[127] INTEGER (-2147483648..2147483647)
-}
-
-TESTSeq ::= SEQUENCE {
-	tag0[0] INTEGER (-2147483648..2147483647),
-	tag1[1] TESTLargeTag,
-	tagless INTEGER (-2147483648..2147483647),
-	tag3[2] INTEGER (-2147483648..2147483647)
-}
-
-TESTChoice1 ::= CHOICE {
-	i1[1]	INTEGER (-2147483648..2147483647),
-	i2[2]	INTEGER (-2147483648..2147483647),
-	...	
-}
-
-TESTChoice2 ::= CHOICE {
-	i1[1]	INTEGER (-2147483648..2147483647),
-	...	
-}
-
-TESTInteger ::= INTEGER (-2147483648..2147483647)
-
-TESTInteger2 ::= [4] IMPLICIT TESTInteger
-TESTInteger3 ::= [5] IMPLICIT TESTInteger2
-
-TESTImplicit ::= SEQUENCE {
-	ti1[0] IMPLICIT INTEGER (-2147483648..2147483647),
-	ti2[1] IMPLICIT SEQUENCE { 
-		foo[127] INTEGER (-2147483648..2147483647)
-	},
-	ti3[2] IMPLICIT [5] IMPLICIT [4] IMPLICIT INTEGER (-2147483648..2147483647)
-}
-
-TESTImplicit2 ::= SEQUENCE {
-	ti1[0] IMPLICIT TESTInteger,
-	ti2[1] IMPLICIT TESTLargeTag,
-	ti3[2] IMPLICIT TESTInteger3
-}
-
-TESTAllocInner ::= SEQUENCE {
-	ai[0] TESTInteger
-}
-
-TESTAlloc ::= SEQUENCE {
-	  tagless TESTAllocInner OPTIONAL,
-	  three [1] INTEGER (-2147483648..2147483647),
-	  tagless2 heim_any OPTIONAL
-}
-
-
-TESTCONTAINING ::= OCTET STRING ( CONTAINING INTEGER )
-TESTENCODEDBY ::= OCTET STRING ( ENCODED BY 
-  { joint-iso-itu-t(2) asn(1) ber-derived(2) distinguished-encoding(1) }
-)
-
-TESTDer OBJECT IDENTIFIER ::= { 
-	joint-iso-itu-t(2) asn(1) ber-derived(2) distinguished-encoding(1)
-}
-
-TESTCONTAININGENCODEDBY ::= OCTET STRING ( CONTAINING INTEGER ENCODED BY 
-  { joint-iso-itu-t(2) asn(1) ber-derived(2) distinguished-encoding(1) }
-)
-
-TESTCONTAININGENCODEDBY2 ::= OCTET STRING ( 
-	CONTAINING INTEGER ENCODED BY TESTDer
-)
-
-
-TESTValue1 INTEGER ::= 1
-
-TESTUSERCONSTRAINED ::= OCTET STRING (CONSTRAINED BY { -- meh -- })
--- TESTUSERCONSTRAINED2 ::= OCTET STRING (CONSTRAINED BY { TESTInteger })
--- TESTUSERCONSTRAINED3 ::= OCTET STRING (CONSTRAINED BY { INTEGER })
--- TESTUSERCONSTRAINED4 ::= OCTET STRING (CONSTRAINED BY { INTEGER : 1 })
-
-TESTSeqOf ::= SEQUENCE OF TESTInteger
-
-TESTSeqSizeOf1 ::= SEQUENCE SIZE (2) OF TESTInteger
-TESTSeqSizeOf2 ::= SEQUENCE SIZE (1..2) OF TESTInteger
-TESTSeqSizeOf3 ::= SEQUENCE SIZE (1..MAX) OF TESTInteger
-TESTSeqSizeOf4 ::= SEQUENCE SIZE (MIN..2) OF TESTInteger
-
-TESTOSSize1 ::= OCTET STRING SIZE (1..2)
-
-END
diff --git a/crypto/heimdal/lib/asn1/test.gen b/crypto/heimdal/lib/asn1/test.gen
deleted file mode 100644
index d0fc7d98a44b..000000000000
--- a/crypto/heimdal/lib/asn1/test.gen
+++ /dev/null
@@ -1,14 +0,0 @@
-# $Id: test.gen 15617 2005-07-12 06:27:42Z lha $
-# Sample for TESTSeq in test.asn1
-#
-
-UNIV CONS Sequence 23
-  CONTEXT CONS 0 3
-    UNIV PRIM Integer 1 01
-   CONTEXT CONS 1 8
-     UNIV CONS Sequence 6
-       CONTEXT CONS 127 3
-         UNIV PRIM Integer 1 01
-   UNIV PRIM Integer 1 01
-   CONTEXT CONS 2 3
-     UNIV PRIM Integer 1 01
diff --git a/crypto/heimdal/lib/asn1/timegm.c b/crypto/heimdal/lib/asn1/timegm.c
deleted file mode 100644
index 33b9684a5d87..000000000000
--- a/crypto/heimdal/lib/asn1/timegm.c
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "der_locl.h"
-
-RCSID("$Id: timegm.c 21366 2007-06-27 10:06:22Z lha $");
-
-static int
-is_leap(unsigned y)
-{
-    y += 1900;
-    return (y % 4) == 0 && ((y % 100) != 0 || (y % 400) == 0);
-}
-
-/* 
- * This is a simplifed version of timegm(3) that doesn't accept out of
- * bound values that timegm(3) normally accepts but those are not
- * valid in asn1 encodings.
- */
-
-time_t
-_der_timegm (struct tm *tm)
-{
-  static const unsigned ndays[2][12] ={
-    {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31},
-    {31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}};
-  time_t res = 0;
-  unsigned i;
-
-  if (tm->tm_year < 0) 
-      return -1;
-  if (tm->tm_mon < 0 || tm->tm_mon > 11) 
-      return -1;
-  if (tm->tm_mday < 1 || tm->tm_mday > ndays[is_leap(tm->tm_year)][tm->tm_mon])
-      return -1;
-  if (tm->tm_hour < 0 || tm->tm_hour > 23) 
-      return -1;
-  if (tm->tm_min < 0 || tm->tm_min > 59) 
-      return -1;
-  if (tm->tm_sec < 0 || tm->tm_sec > 59) 
-      return -1;
-
-  for (i = 70; i < tm->tm_year; ++i)
-    res += is_leap(i) ? 366 : 365;
-
-  for (i = 0; i < tm->tm_mon; ++i)
-    res += ndays[is_leap(tm->tm_year)][i];
-  res += tm->tm_mday - 1;
-  res *= 24;
-  res += tm->tm_hour;
-  res *= 60;
-  res += tm->tm_min;
-  res *= 60;
-  res += tm->tm_sec;
-  return res;
-}
diff --git a/crypto/heimdal/lib/asn1/x509.asn1 b/crypto/heimdal/lib/asn1/x509.asn1
deleted file mode 100644
index 4a15844c8563..000000000000
--- a/crypto/heimdal/lib/asn1/x509.asn1
+++ /dev/null
@@ -1,23 +0,0 @@
-X509 DEFINITIONS ::= BEGIN
-
-CertificateSerialNumber ::= INTEGER -- X.509 '97
-
-AttributeType ::= OBJECT-IDENTIFIER
-
-AttributeValue ::= OCTET STRING --ANY DEFINED BY AttributeType
-
-AttributeTypeAndValue ::= SEQUENCE {
-	type AttributeType,
-	value AttributeValue
-}
-
-RelativeDistinguishedName ::= --SET
-SEQUENCE OF AttributeTypeAndValue
-
-RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
-
-Name ::= CHOICE { -- RFC2459
-	x RDNSequence
-}
-
-END
-\ No newline at end of file
diff --git a/crypto/heimdal/lib/auth/ChangeLog b/crypto/heimdal/lib/auth/ChangeLog
deleted file mode 100644
index 1ef62c092f49..000000000000
--- a/crypto/heimdal/lib/auth/ChangeLog
+++ /dev/null
@@ -1,206 +0,0 @@
-2007-12-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* sia/Makefile.am: One EXTRA_DIST is enought, from dave love.
-
-	* pam/Makefile.am: Add SRCS to EXTRA_DIST
-
-	* afskauthlib/Makefile.am: SRCS
-
-2006-10-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* pam/Makefile.am: use libtool to build binaries
-	
-2005-05-02  Dave Love  <fx@gnu.org>
-	
-	* afskauthlib/Makefile.am (afskauthlib.so): Use libtool.
-	(.c.o): Use CC (like SIA module), not COMPILE.
-
-2005-04-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* sia/sia.c: fix getpw*_r calls, they return 0 even when the entry
-	isn't found and instead make it with setting return pointer to
-	NULL.  From Luke Mewburn <lukem@NetBSD.org>
-
-2004-09-08  Johan Danielsson  <joda@pdc.kth.se>
-
-	* afskauthlib/verify.c: use krb5_appdefault_boolean instead of
-	krb5_config_get_bool
-
-2003-09-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* sia/sia.c: Add support for AFS when using Kerberos 5, From:
-	Sergio.Gelato@astro.su.se
-	
-2003-07-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* pam/Makefile.am: XXX inline COMPILE since automake wont add it
-	
-	* afskauthlib/verify.c (verify_krb5): use krb5_cc_clear_mcred
-	
-2003-05-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* sia/Makefile.am: inline COMPILE since (modern) automake doesn't
-	add it by itself for some reason
-
-2003-04-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* afskauthlib/Makefile.am: always includes kafs now that its built
-	
-2003-03-27  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* sia/Makefile.am: libkafs is always built now, lets include it
-	
-2002-05-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* pam/Makefile.am: set SUFFIXES with +=
-
-2001-10-27  Assar Westerlund  <assar@sics.se>
-
-	* pam/Makefile.am: actually build the pam module
-
-2001-09-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* sia/Makefile.am: also don't compress krb5 library, at least
-	siacfg fails with compressed libraries
-
-2001-09-13  Assar Westerlund  <assar@sics.se>
-
-	* sia/sia.c: move krb5_error_code inside a ifdef KRB5
-	* sia/sia_locl.h: move roken.h earlier to grab definition of
-	socklen_t
-
-2001-08-28  Johan Danielsson  <joda@pdc.kth.se>
-
-	* sia/krb5_matrix.conf: athena -> heimdal
-
-2001-07-17  Assar Westerlund  <assar@sics.se>
-
-	* sia/Makefile.am: use make-rpath to sort rpath arguments
-
-2001-07-15  Assar Westerlund  <assar@sics.se>
-
-	* afskauthlib/Makefile.am: use LIB_des, so that we link with
-	libcrypto/libdes from krb4
-
-2001-07-12  Assar Westerlund  <assar@sics.se>
-
-	* sia/Makefile.am: use $(CC) instead of ld for linking
-
-2001-07-06  Assar Westerlund  <assar@sics.se>
-
-	* sia/Makefile.am: use LDFLAGS, and conditional libdes
-
-2001-03-06  Assar Westerlund  <assar@sics.se>
-
-	* sia/Makefile.am: make sure of using -rpath and not -R when
-	calling ld
-
-2001-02-15  Assar Westerlund  <assar@sics.se>
-
-	* pam/pam.c (psyslog): do not log to console
-
-2001-01-29  Assar Westerlund  <assar@sics.se>
-
-	* sia/Makefile.am (libsia_krb5.so): actually run ld in the case
-	shared library case
-
-2000-12-31  Assar Westerlund  <assar@sics.se>
-
-	* sia/sia.c (siad_ses_init): handle krb5_init_context failure
-	consistently
-	* afskauthlib/verify.c (verify_krb5): handle krb5_init_context
-	failure consistently
-
-2000-11-30  Johan Danielsson  <joda@pdc.kth.se>
-
-	* afskauthlib/Makefile.am: use libtool
-
-	* afskauthlib/Makefile.am: work with krb4 only
-
-2000-07-30  Johan Danielsson  <joda@pdc.kth.se>
-
-	* sia/Makefile.am: don't compress library, since 5.0 seems to have
-	a problem with this
-
-2000-07-02  Assar Westerlund  <assar@sics.se>
-
-	* afskauthlib/verify.c: fixes for pag setting
-
-1999-12-30  Assar Westerlund  <assar@sics.se>
-
-	* sia/Makefile.am: try to link with shared libraries if we don't
- 	find any static ones
-
-1999-12-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* sia/sia.c: don't use string concatenation with TKT_ROOT
-
-1999-11-15  Assar Westerlund  <assar@sics.se>
-
-	* */lib/Makefile.in: set LIBNAME.  From Enrico Scholz
- 	<Enrico.Scholz@informatik.tu-chemnitz.de>
-
-1999-10-17  Assar Westerlund  <assar@sics.se>
-
-	* afskauthlib/verify.c (verify_krb5): need realm for v5 -> v4
-
-1999-10-03  Assar Westerlund  <assar@sics.se>
-
-	* afskauthlib/verify.c (verify_krb5): update to new
- 	krb524_convert_creds_kdc
-
-1999-09-28  Assar Westerlund  <assar@sics.se>
-
-	* sia/sia.c (doauth): use krb5_get_local_realms and
- 	krb5_verify_user_lrealm
-
-	* afskauthlib/verify.c (verify_krb5): remove krb5_kuserok.  use
- 	krb5_verify_user_lrealm
-
-1999-08-27  Johan Danielsson  <joda@pdc.kth.se>
-
-	* pam/Makefile.in: link with res_search/dn_expand libraries
-
-1999-08-11  Johan Danielsson  <joda@pdc.kth.se>
-
-	* afskauthlib/verify.c: make this compile w/o krb4
-
-1999-08-04  Assar Westerlund  <assar@sics.se>
-
-	* afskauthlib/verify.c: incorporate patches from Miroslav Ruda
- 	<ruda@ics.muni.cz>
-
-Thu Apr  8 14:35:34 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* sia/sia.c: remove definition of KRB_VERIFY_USER (moved to
- 	config.h)
-
-	* sia/Makefile.am: make it build w/o krb4
-
-	* afskauthlib/verify.c: add krb5 support
-
-	* afskauthlib/Makefile.am: build afskauthlib.so
-
-Wed Apr  7 14:06:22 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* sia/sia.c: make it compile w/o krb4
-
-	* sia/Makefile.am: make it compile w/o krb4
-
-Thu Apr  1 18:09:23 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* sia/sia_locl.h: POSIX_GETPWNAM_R is defined in config.h
-
-Sun Mar 21 14:08:30 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* sia/Makefile.in: add posix_getpw.c
-	  
-	* sia/Makefile.am: makefile for sia
-	  
-	* sia/posix_getpw.c: move from sia.c
-	  
-	* sia/sia_locl.h: merge with krb5 version
-	  
-	* sia/sia.c: merge with krb5 version
-	  
-	* sia/sia5.c: remove unused variables
diff --git a/crypto/heimdal/lib/auth/Makefile.am b/crypto/heimdal/lib/auth/Makefile.am
deleted file mode 100644
index c62903c7d1b3..000000000000
--- a/crypto/heimdal/lib/auth/Makefile.am
+++ /dev/null
@@ -1,6 +0,0 @@
-# $Id: Makefile.am 5683 1999-03-21 17:11:08Z joda $
-
-include $(top_srcdir)/Makefile.am.common
-
-SUBDIRS = @LIB_AUTH_SUBDIRS@
-DIST_SUBDIRS = afskauthlib pam sia
diff --git a/crypto/heimdal/lib/auth/Makefile.in b/crypto/heimdal/lib/auth/Makefile.in
deleted file mode 100644
index d7200ce6a3b9..000000000000
--- a/crypto/heimdal/lib/auth/Makefile.in
+++ /dev/null
@@ -1,815 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 5683 1999-03-21 17:11:08Z joda $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common ChangeLog
-subdir = lib/auth
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-SOURCES =
-DIST_SOURCES =
-RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
-	html-recursive info-recursive install-data-recursive \
-	install-dvi-recursive install-exec-recursive \
-	install-html-recursive install-info-recursive \
-	install-pdf-recursive install-ps-recursive install-recursive \
-	installcheck-recursive installdirs-recursive pdf-recursive \
-	ps-recursive uninstall-recursive
-RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive	\
-  distclean-recursive maintainer-clean-recursive
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-SUBDIRS = @LIB_AUTH_SUBDIRS@
-DIST_SUBDIRS = afskauthlib pam sia
-all: all-recursive
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps lib/auth/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps lib/auth/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-# This directory's subdirectories are mostly independent; you can cd
-# into them and run `make' without going through this Makefile.
-# To change the values of `make' variables: instead of editing Makefiles,
-# (1) if the variable is set in `config.status', edit `config.status'
-#     (which will cause the Makefiles to be regenerated when you run `make');
-# (2) otherwise, pass the desired values on the `make' command line.
-$(RECURSIVE_TARGETS):
-	@failcom='exit 1'; \
-	for f in x $$MAKEFLAGS; do \
-	  case $$f in \
-	    *=* | --[!k]*);; \
-	    *k*) failcom='fail=yes';; \
-	  esac; \
-	done; \
-	dot_seen=no; \
-	target=`echo $@ | sed s/-recursive//`; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    dot_seen=yes; \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	  || eval $$failcom; \
-	done; \
-	if test "$$dot_seen" = "no"; then \
-	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
-	fi; test -z "$$fail"
-
-$(RECURSIVE_CLEAN_TARGETS):
-	@failcom='exit 1'; \
-	for f in x $$MAKEFLAGS; do \
-	  case $$f in \
-	    *=* | --[!k]*);; \
-	    *k*) failcom='fail=yes';; \
-	  esac; \
-	done; \
-	dot_seen=no; \
-	case "$@" in \
-	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
-	  *) list='$(SUBDIRS)' ;; \
-	esac; \
-	rev=''; for subdir in $$list; do \
-	  if test "$$subdir" = "."; then :; else \
-	    rev="$$subdir $$rev"; \
-	  fi; \
-	done; \
-	rev="$$rev ."; \
-	target=`echo $@ | sed s/-recursive//`; \
-	for subdir in $$rev; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	  || eval $$failcom; \
-	done && test -z "$$fail"
-tags-recursive:
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
-	done
-ctags-recursive:
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
-	  include_option=--etags-include; \
-	  empty_fix=.; \
-	else \
-	  include_option=--include; \
-	  empty_fix=; \
-	fi; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test ! -f $$subdir/TAGS || \
-	      tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \
-	  fi; \
-	done; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS: ctags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test -d "$(distdir)/$$subdir" \
-	    || $(MKDIR_P) "$(distdir)/$$subdir" \
-	    || exit 1; \
-	    distdir=`$(am__cd) $(distdir) && pwd`; \
-	    top_distdir=`$(am__cd) $(top_distdir) && pwd`; \
-	    (cd $$subdir && \
-	      $(MAKE) $(AM_MAKEFLAGS) \
-	        top_distdir="$$top_distdir" \
-	        distdir="$$distdir/$$subdir" \
-		am__remove_distdir=: \
-		am__skip_length_check=: \
-	        distdir) \
-	      || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-recursive
-all-am: Makefile all-local
-installdirs: installdirs-recursive
-installdirs-am:
-install: install-recursive
-install-exec: install-exec-recursive
-install-data: install-data-recursive
-uninstall: uninstall-recursive
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-recursive
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-recursive
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-recursive
-	-rm -f Makefile
-distclean-am: clean-am distclean-generic distclean-tags
-
-dvi: dvi-recursive
-
-dvi-am:
-
-html: html-recursive
-
-info: info-recursive
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-recursive
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-recursive
-
-install-info: install-info-recursive
-
-install-man:
-
-install-pdf: install-pdf-recursive
-
-install-ps: install-ps-recursive
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-recursive
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-recursive
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-pdf: pdf-recursive
-
-pdf-am:
-
-ps: ps-recursive
-
-ps-am:
-
-uninstall-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \
-	install-data-am install-exec-am install-strip uninstall-am
-
-.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
-	all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool ctags ctags-recursive dist-hook \
-	distclean distclean-generic distclean-libtool distclean-tags \
-	distdir dvi dvi-am html html-am info info-am install \
-	install-am install-data install-data-am install-data-hook \
-	install-dvi install-dvi-am install-exec install-exec-am \
-	install-exec-hook install-html install-html-am install-info \
-	install-info-am install-man install-pdf install-pdf-am \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs installdirs-am maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-generic \
-	mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \
-	uninstall uninstall-am uninstall-hook
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/auth/afskauthlib/Makefile.am b/crypto/heimdal/lib/auth/afskauthlib/Makefile.am
deleted file mode 100644
index 1eec4f5d1633..000000000000
--- a/crypto/heimdal/lib/auth/afskauthlib/Makefile.am
+++ /dev/null
@@ -1,51 +0,0 @@
-# $Id: Makefile.am 22298 2007-12-14 06:38:06Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-AM_CPPFLAGS += $(INCLUDE_krb4)
-
-DEFS = @DEFS@
-
-foodir = $(libdir)
-foo_DATA = afskauthlib.so
-
-SUFFIXES += .c .o
-
-SRCS = verify.c
-OBJS = verify.o
-
-CLEANFILES = $(foo_DATA) $(OBJS) so_locations
-
-afskauthlib.so: $(OBJS)
-	$(LIBTOOL) --mode=link $(CC) -shared -o $@ $(OBJS) $(L) $(LDFLAGS)
-
-.c.o:
-	$(CC) $(DEFS) $(DEFAULT_AM_CPPFLAGS) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) \
-	-c `test -f '$<' || echo '$(srcdir)/'`$<
-
-KAFS = $(top_builddir)/lib/kafs/libkafs.la
-
-if KRB5
-L = \
-	$(KAFS)	\
-	$(top_builddir)/lib/krb5/libkrb5.la	\
-	$(top_builddir)/lib/asn1/libasn1.la	\
-	$(LIB_krb4)				\
-	$(LIB_hcrypto)				\
-	$(top_builddir)/lib/roken/libroken.la	\
-	-lc
-
-else
-
-L = \
-	$(KAFS)	\
-	$(LIB_krb4)				\
-	$(LIB_hcrypto)				\
-	$(top_builddir)/lib/roken/libroken.la	\
-	-lc
-endif
-
-$(OBJS): $(top_builddir)/include/config.h
-
-EXTRA_DIST = $(SRCS)
diff --git a/crypto/heimdal/lib/auth/afskauthlib/Makefile.in b/crypto/heimdal/lib/auth/afskauthlib/Makefile.in
deleted file mode 100644
index 89c966ad8137..000000000000
--- a/crypto/heimdal/lib/auth/afskauthlib/Makefile.in
+++ /dev/null
@@ -1,723 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 22298 2007-12-14 06:38:06Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common
-subdir = lib/auth/afskauthlib
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-SOURCES =
-DIST_SOURCES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
-    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
-    *) f=$$p;; \
-  esac;
-am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
-am__installdirs = "$(DESTDIR)$(foodir)"
-fooDATA_INSTALL = $(INSTALL_DATA)
-DATA = $(foo_DATA)
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
-	$(INCLUDE_krb4)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-foodir = $(libdir)
-foo_DATA = afskauthlib.so
-SRCS = verify.c
-OBJS = verify.o
-CLEANFILES = $(foo_DATA) $(OBJS) so_locations
-KAFS = $(top_builddir)/lib/kafs/libkafs.la
-@KRB5_FALSE@L = \
-@KRB5_FALSE@	$(KAFS)	\
-@KRB5_FALSE@	$(LIB_krb4)				\
-@KRB5_FALSE@	$(LIB_hcrypto)				\
-@KRB5_FALSE@	$(top_builddir)/lib/roken/libroken.la	\
-@KRB5_FALSE@	-lc
-
-@KRB5_TRUE@L = \
-@KRB5_TRUE@	$(KAFS)	\
-@KRB5_TRUE@	$(top_builddir)/lib/krb5/libkrb5.la	\
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la	\
-@KRB5_TRUE@	$(LIB_krb4)				\
-@KRB5_TRUE@	$(LIB_hcrypto)				\
-@KRB5_TRUE@	$(top_builddir)/lib/roken/libroken.la	\
-@KRB5_TRUE@	-lc
-
-EXTRA_DIST = $(SRCS)
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps lib/auth/afskauthlib/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps lib/auth/afskauthlib/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-fooDATA: $(foo_DATA)
-	@$(NORMAL_INSTALL)
-	test -z "$(foodir)" || $(MKDIR_P) "$(DESTDIR)$(foodir)"
-	@list='$(foo_DATA)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(fooDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(foodir)/$$f'"; \
-	  $(fooDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(foodir)/$$f"; \
-	done
-
-uninstall-fooDATA:
-	@$(NORMAL_UNINSTALL)
-	@list='$(foo_DATA)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(foodir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(foodir)/$$f"; \
-	done
-tags: TAGS
-TAGS:
-
-ctags: CTAGS
-CTAGS:
-
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(DATA) all-local
-installdirs:
-	for dir in "$(DESTDIR)$(foodir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-generic
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-fooDATA
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-fooDATA
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool dist-hook distclean \
-	distclean-generic distclean-libtool distdir dvi dvi-am html \
-	html-am info info-am install install-am install-data \
-	install-data-am install-data-hook install-dvi install-dvi-am \
-	install-exec install-exec-am install-exec-hook install-fooDATA \
-	install-html install-html-am install-info install-info-am \
-	install-man install-pdf install-pdf-am install-ps \
-	install-ps-am install-strip installcheck installcheck-am \
-	installdirs maintainer-clean maintainer-clean-generic \
-	mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
-	ps ps-am uninstall uninstall-am uninstall-fooDATA \
-	uninstall-hook
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-afskauthlib.so: $(OBJS)
-	$(LIBTOOL) --mode=link $(CC) -shared -o $@ $(OBJS) $(L) $(LDFLAGS)
-
-.c.o:
-	$(CC) $(DEFS) $(DEFAULT_AM_CPPFLAGS) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) \
-	-c `test -f '$<' || echo '$(srcdir)/'`$<
-
-$(OBJS): $(top_builddir)/include/config.h
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/auth/afskauthlib/verify.c b/crypto/heimdal/lib/auth/afskauthlib/verify.c
deleted file mode 100644
index ff0141b2f6b2..000000000000
--- a/crypto/heimdal/lib/auth/afskauthlib/verify.c
+++ /dev/null
@@ -1,307 +0,0 @@
-/*
- * Copyright (c) 1995-2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: verify.c 14203 2004-09-08 09:02:59Z joda $");
-#endif
-#include <unistd.h>
-#include <sys/types.h>
-#include <pwd.h>
-#ifdef KRB5
-#include <krb5.h>
-#endif
-#ifdef KRB4
-#include <krb.h>
-#include <kafs.h>
-#endif
-#include <roken.h>
-
-#ifdef KRB5
-static char krb5ccname[128];
-#endif
-#ifdef KRB4
-static char krbtkfile[128];
-#endif
-
-/* 
-   In some cases is afs_gettktstring called twice (once before
-   afs_verify and once after afs_verify).
-   In some cases (rlogin with access allowed via .rhosts) 
-   afs_verify is not called!
-   So we can't rely on correct value in krbtkfile in some
-   cases!
-*/
-
-static int correct_tkfilename=0;
-static int pag_set=0;
-
-#ifdef KRB4
-static void
-set_krbtkfile(uid_t uid)
-{
-    snprintf (krbtkfile, sizeof(krbtkfile), "%s%d", TKT_ROOT, (unsigned)uid);
-    krb_set_tkt_string (krbtkfile);
-    correct_tkfilename = 1;
-}
-#endif
-
-/* XXX this has to be the default cache name, since the KRB5CCNAME
- * environment variable isn't exported by login/xdm
- */
-
-#ifdef KRB5
-static void
-set_krb5ccname(uid_t uid)
-{
-    snprintf (krb5ccname, sizeof(krb5ccname), "FILE:/tmp/krb5cc_%d", uid);
-#ifdef KRB4
-    snprintf (krbtkfile, sizeof(krbtkfile), "%s%d", TKT_ROOT, (unsigned)uid);
-#endif
-    correct_tkfilename = 1;
-}
-#endif
-
-static void
-set_spec_krbtkfile(void)
-{
-    int fd;
-#ifdef KRB4
-    snprintf (krbtkfile, sizeof(krbtkfile), "%s_XXXXXX", TKT_ROOT);
-    fd = mkstemp(krbtkfile);
-    close(fd);
-    unlink(krbtkfile); 
-    krb_set_tkt_string (krbtkfile);
-#endif
-#ifdef KRB5
-    snprintf(krb5ccname, sizeof(krb5ccname),"FILE:/tmp/krb5cc_XXXXXX");
-    fd=mkstemp(krb5ccname+5);
-    close(fd);
-    unlink(krb5ccname+5);
-#endif
-}
-
-#ifdef KRB5
-static int
-verify_krb5(struct passwd *pwd,
-	    char *password,
-	    int32_t *exp,
-	    int quiet)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    krb5_ccache ccache;
-    krb5_principal principal;
-    
-    ret = krb5_init_context(&context);
-    if (ret) {
-	syslog(LOG_AUTH|LOG_DEBUG, "krb5_init_context failed: %d", ret);
-	goto out;
-    }
-
-    ret = krb5_parse_name (context, pwd->pw_name, &principal);
-    if (ret) {
-	syslog(LOG_AUTH|LOG_DEBUG, "krb5_parse_name: %s", 
-	       krb5_get_err_text(context, ret));
-	goto out;
-    }
-
-    set_krb5ccname(pwd->pw_uid);
-    ret = krb5_cc_resolve(context, krb5ccname, &ccache);
-    if(ret) {
-	syslog(LOG_AUTH|LOG_DEBUG, "krb5_cc_resolve: %s", 
-	       krb5_get_err_text(context, ret));
-	goto out;
-    }
-
-    ret = krb5_verify_user_lrealm(context,
-				  principal,
-				  ccache,
-				  password,
-				  TRUE,
-				  NULL);
-    if(ret) {
-	syslog(LOG_AUTH|LOG_DEBUG, "krb5_verify_user: %s", 
-	       krb5_get_err_text(context, ret));
-	goto out;
-    }
-
-    if(chown(krb5_cc_get_name(context, ccache), pwd->pw_uid, pwd->pw_gid)) {
-	syslog(LOG_AUTH|LOG_DEBUG, "chown: %s", 
-	       krb5_get_err_text(context, errno));
-	goto out;
-    }
-
-#ifdef KRB4
-    {
-	krb5_realm realm = NULL;
-	krb5_boolean get_v4_tgt;
-
-	krb5_get_default_realm(context, &realm);
-	krb5_appdefault_boolean(context, "afskauthlib", 
-				realm,
-				"krb4_get_tickets", FALSE, &get_v4_tgt);
-	if (get_v4_tgt) {
-	    CREDENTIALS c;
-	    krb5_creds mcred, cred;
-
-	    krb5_cc_clear_mcred(&mcred);
-
-	    krb5_make_principal(context, &mcred.server, realm,
-				"krbtgt",
-				realm,
-				NULL);
-	    ret = krb5_cc_retrieve_cred(context, ccache, 0, &mcred, &cred);
-	    if(ret == 0) {
-		ret = krb524_convert_creds_kdc_ccache(context, ccache, &cred, &c);
-		if(ret)
-		    krb5_warn(context, ret, "converting creds");
-		else {
-		    set_krbtkfile(pwd->pw_uid);
-		    tf_setup(&c, c.pname, c.pinst); 
-		}
-		memset(&c, 0, sizeof(c));
-		krb5_free_cred_contents(context, &cred);
-	    } else
-		syslog(LOG_AUTH|LOG_DEBUG, "krb5_cc_retrieve_cred: %s", 
-		       krb5_get_err_text(context, ret));
-	    
-	    krb5_free_principal(context, mcred.server);
-	}
-	free (realm);
-	if (!pag_set && k_hasafs()) {
-	    k_setpag();
-	    pag_set = 1;
-	}
-
-	if (pag_set)
-	    krb5_afslog_uid_home(context, ccache, NULL, NULL, 
-				 pwd->pw_uid, pwd->pw_dir);
-    }
-#endif
- out:
-    if(ret && !quiet)
-	printf ("%s\n", krb5_get_err_text (context, ret));
-    return ret;
-}
-#endif
-
-#ifdef KRB4
-static int
-verify_krb4(struct passwd *pwd,
-	    char *password,
-	    int32_t *exp,
-	    int quiet)
-{
-    int ret = 1;
-    char lrealm[REALM_SZ];
-    
-    if (krb_get_lrealm (lrealm, 1) != KFAILURE) {
-	set_krbtkfile(pwd->pw_uid);
-	ret = krb_verify_user (pwd->pw_name, "", lrealm, password,
-			       KRB_VERIFY_SECURE, NULL);
-	if (ret == KSUCCESS) {
-	    if (!pag_set && k_hasafs()) {
-		k_setpag ();
-		pag_set = 1;
-            }
-            if (pag_set)
-		krb_afslog_uid_home (0, 0, pwd->pw_uid, pwd->pw_dir);
-	} else if (!quiet)
-	    printf ("%s\n", krb_get_err_text (ret));
-    }
-    return ret;
-}
-#endif
-
-int
-afs_verify(char *name,
-	   char *password,
-	   int32_t *exp,
-	   int quiet)
-{
-    int ret = 1;
-    struct passwd *pwd = k_getpwnam (name);
-
-    if(pwd == NULL)
-	return 1;
-
-    if (!pag_set && k_hasafs()) {
-        k_setpag();
-        pag_set=1;
-    }
-
-    if (ret)
-	ret = unix_verify_user (name, password);
-#ifdef KRB5
-    if (ret)
-	ret = verify_krb5(pwd, password, exp, quiet);
-#endif
-#ifdef KRB4
-    if(ret)
-	ret = verify_krb4(pwd, password, exp, quiet);
-#endif
-    return ret;
-}
-
-char *
-afs_gettktstring (void)
-{
-    char *ptr;
-    struct passwd *pwd;
-
-    if (!correct_tkfilename) {
-	ptr = getenv("LOGNAME"); 
-	if (ptr != NULL && ((pwd = getpwnam(ptr)) != NULL)) {
-	    set_krb5ccname(pwd->pw_uid);
-#ifdef KRB4
-	    set_krbtkfile(pwd->pw_uid);
-	    if (!pag_set && k_hasafs()) {
-                k_setpag();
-                pag_set=1;
-	    }
-#endif
-	} else {
-	    set_spec_krbtkfile();
-	}
-    }
-#ifdef KRB5
-    esetenv("KRB5CCNAME",krb5ccname,1);
-#endif
-#ifdef KRB4
-    esetenv("KRBTKFILE",krbtkfile,1);
-    return krbtkfile;
-#else
-    return "";
-#endif
-}
diff --git a/crypto/heimdal/lib/auth/pam/Makefile.am b/crypto/heimdal/lib/auth/pam/Makefile.am
deleted file mode 100644
index c4d0eb545b7e..000000000000
--- a/crypto/heimdal/lib/auth/pam/Makefile.am
+++ /dev/null
@@ -1,69 +0,0 @@
-# $Id: Makefile.am 22299 2007-12-14 06:39:19Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-AM_CPPFLAGS += $(INCLUDE_krb4)
-
-WFLAGS += $(WFLAGS_NOIMPLICITINT)
-
-DEFS = @DEFS@
-
-## this is horribly ugly, but automake/libtool doesn't allow us to
-## unconditionally build shared libraries, and it does not allow us to
-## link with non-installed libraries
-
-if KRB4
-KAFS=$(top_builddir)/lib/kafs/.libs/libkafs.a
-KAFS_S=$(top_builddir)/lib/kafs/.libs/libkafs.so
-
-L = \
-	$(KAFS)						\
-	$(top_builddir)/lib/krb/.libs/libkrb.a		\
-	$(LIB_hcrypto_a)		\
-	$(top_builddir)/lib/roken/.libs/libroken.a	\
-	-lc
-
-L_shared = \
-	$(KAFS_S)					\
-	$(top_builddir)/lib/krb/.libs/libkrb.so		\
-	$(LIB_hcrypto_so)		\
-	$(top_builddir)/lib/roken/.libs/libroken.so	\
-	$(LIB_getpwnam_r)				\
-	-lc
-
-MOD = pam_krb4.so
-
-endif
-
-foodir = $(libdir)
-foo_DATA = $(MOD)
-
-LDFLAGS = @LDFLAGS@
-
-SRCS = pam.c
-OBJS = pam.o
-
-pam_krb4.so: $(OBJS)
-	@if test -f $(top_builddir)/lib/krb/.libs/libkrb.a; then \
-		echo "$(LIBTOOL) --mode=link --tag=CC $(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L)"; \
-		$(LIBTOOL) --mode=link --tag=CC $(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L); \
-	elif test -f $(top_builddir)/lib/krb/.libs/libkrb.so; then \
-		echo "$(LIBTOOL) --mode=link --tag=CC $(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L_shared)"; \
-		$(LIBTOOL) --mode=link --tag=CC $(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L_shared); \
-	else \
-		echo "missing libraries"; exit 1; \
-	fi
-
-CLEANFILES = $(MOD) $(OBJS)
-
-SUFFIXES += .c .o
-
-# XXX inline COMPILE since automake wont add it
-
-.c.o:
-	$(LIBTOOL) --mode=compile --tag=CC $(CC) \
-	$(DEFS) $(DEFAULT_AM_CPPFLAGS) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) \
-	-c `test -f '$<' || echo '$(srcdir)/'`$<
-
-EXTRA_DIST = pam.conf.add $(SRCS)
diff --git a/crypto/heimdal/lib/auth/pam/Makefile.in b/crypto/heimdal/lib/auth/pam/Makefile.in
deleted file mode 100644
index 0f9e084267b5..000000000000
--- a/crypto/heimdal/lib/auth/pam/Makefile.in
+++ /dev/null
@@ -1,733 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 22299 2007-12-14 06:39:19Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common
-subdir = lib/auth/pam
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-SOURCES =
-DIST_SOURCES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
-    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
-    *) f=$$p;; \
-  esac;
-am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
-am__installdirs = "$(DESTDIR)$(foodir)"
-fooDATA_INSTALL = $(INSTALL_DATA)
-DATA = $(foo_DATA)
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@ $(WFLAGS_NOIMPLICITINT)
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
-	$(INCLUDE_krb4)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-@KRB4_TRUE@KAFS = $(top_builddir)/lib/kafs/.libs/libkafs.a
-@KRB4_TRUE@KAFS_S = $(top_builddir)/lib/kafs/.libs/libkafs.so
-@KRB4_TRUE@L = \
-@KRB4_TRUE@	$(KAFS)						\
-@KRB4_TRUE@	$(top_builddir)/lib/krb/.libs/libkrb.a		\
-@KRB4_TRUE@	$(LIB_hcrypto_a)		\
-@KRB4_TRUE@	$(top_builddir)/lib/roken/.libs/libroken.a	\
-@KRB4_TRUE@	-lc
-
-@KRB4_TRUE@L_shared = \
-@KRB4_TRUE@	$(KAFS_S)					\
-@KRB4_TRUE@	$(top_builddir)/lib/krb/.libs/libkrb.so		\
-@KRB4_TRUE@	$(LIB_hcrypto_so)		\
-@KRB4_TRUE@	$(top_builddir)/lib/roken/.libs/libroken.so	\
-@KRB4_TRUE@	$(LIB_getpwnam_r)				\
-@KRB4_TRUE@	-lc
-
-@KRB4_TRUE@MOD = pam_krb4.so
-foodir = $(libdir)
-foo_DATA = $(MOD)
-SRCS = pam.c
-OBJS = pam.o
-CLEANFILES = $(MOD) $(OBJS)
-EXTRA_DIST = pam.conf.add $(SRCS)
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps lib/auth/pam/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps lib/auth/pam/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-fooDATA: $(foo_DATA)
-	@$(NORMAL_INSTALL)
-	test -z "$(foodir)" || $(MKDIR_P) "$(DESTDIR)$(foodir)"
-	@list='$(foo_DATA)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(fooDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(foodir)/$$f'"; \
-	  $(fooDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(foodir)/$$f"; \
-	done
-
-uninstall-fooDATA:
-	@$(NORMAL_UNINSTALL)
-	@list='$(foo_DATA)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(foodir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(foodir)/$$f"; \
-	done
-tags: TAGS
-TAGS:
-
-ctags: CTAGS
-CTAGS:
-
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(DATA) all-local
-installdirs:
-	for dir in "$(DESTDIR)$(foodir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-generic
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-fooDATA
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-fooDATA
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool dist-hook distclean \
-	distclean-generic distclean-libtool distdir dvi dvi-am html \
-	html-am info info-am install install-am install-data \
-	install-data-am install-data-hook install-dvi install-dvi-am \
-	install-exec install-exec-am install-exec-hook install-fooDATA \
-	install-html install-html-am install-info install-info-am \
-	install-man install-pdf install-pdf-am install-ps \
-	install-ps-am install-strip installcheck installcheck-am \
-	installdirs maintainer-clean maintainer-clean-generic \
-	mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
-	ps ps-am uninstall uninstall-am uninstall-fooDATA \
-	uninstall-hook
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-pam_krb4.so: $(OBJS)
-	@if test -f $(top_builddir)/lib/krb/.libs/libkrb.a; then \
-		echo "$(LIBTOOL) --mode=link --tag=CC $(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L)"; \
-		$(LIBTOOL) --mode=link --tag=CC $(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L); \
-	elif test -f $(top_builddir)/lib/krb/.libs/libkrb.so; then \
-		echo "$(LIBTOOL) --mode=link --tag=CC $(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L_shared)"; \
-		$(LIBTOOL) --mode=link --tag=CC $(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L_shared); \
-	else \
-		echo "missing libraries"; exit 1; \
-	fi
-
-# XXX inline COMPILE since automake wont add it
-
-.c.o:
-	$(LIBTOOL) --mode=compile --tag=CC $(CC) \
-	$(DEFS) $(DEFAULT_AM_CPPFLAGS) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) \
-	-c `test -f '$<' || echo '$(srcdir)/'`$<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/auth/pam/pam.c b/crypto/heimdal/lib/auth/pam/pam.c
deleted file mode 100644
index ed5071b78851..000000000000
--- a/crypto/heimdal/lib/auth/pam/pam.c
+++ /dev/null
@@ -1,443 +0,0 @@
-/*
- * Copyright (c) 1995 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include<config.h>
-RCSID("$Id: pam.c 11417 2002-09-09 15:57:24Z joda $");
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <pwd.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <syslog.h>
-
-#include <security/pam_appl.h>
-#include <security/pam_modules.h>
-#ifndef PAM_AUTHTOK_RECOVERY_ERR /* Fix linsux typo. */
-#define PAM_AUTHTOK_RECOVERY_ERR PAM_AUTHTOK_RECOVER_ERR
-#endif
-
-#include <netinet/in.h>
-#include <krb.h>
-#include <kafs.h>
-
-#if 0
-/* Debugging PAM modules is a royal pain, truss helps. */
-#define DEBUG(msg) (access(msg " at line", __LINE__))
-#endif
-
-static void
-psyslog(int level, const char *format, ...)
-{
-  va_list args;
-  va_start(args, format);
-  openlog("pam_krb4", LOG_PID, LOG_AUTH);
-  vsyslog(level, format, args);
-  va_end(args);
-  closelog();
-}
-
-enum {
-  KRB4_DEBUG,
-  KRB4_USE_FIRST_PASS,
-  KRB4_TRY_FIRST_PASS,
-  KRB4_IGNORE_ROOT,
-  KRB4_NO_VERIFY,
-  KRB4_REAFSLOG,
-  KRB4_CTRLS			/* Number of ctrl arguments defined. */
-};
-
-#define KRB4_DEFAULTS  0
-
-static int ctrl_flags = KRB4_DEFAULTS;
-#define ctrl_on(x)  (krb4_args[x].flag & ctrl_flags)
-#define ctrl_off(x) (!ctrl_on(x))
-
-typedef struct
-{
-  const char *token;
-  unsigned int flag;
-} krb4_ctrls_t;
-
-static krb4_ctrls_t krb4_args[KRB4_CTRLS] =
-{
-  /* KRB4_DEBUG          */ { "debug",          0x01 },
-  /* KRB4_USE_FIRST_PASS */ { "use_first_pass", 0x02 },
-  /* KRB4_TRY_FIRST_PASS */ { "try_first_pass", 0x04 },
-  /* KRB4_IGNORE_ROOT    */ { "ignore_root",    0x08 },
-  /* KRB4_NO_VERIFY      */ { "no_verify",      0x10 },
-  /* KRB4_REAFSLOG       */ { "reafslog",       0x20 },
-};
-
-static void
-parse_ctrl(int argc, const char **argv)
-{
-  int i, j;
-
-  ctrl_flags = KRB4_DEFAULTS;
-  for (i = 0; i < argc; i++)
-    {
-      for (j = 0; j < KRB4_CTRLS; j++)
-	if (strcmp(argv[i], krb4_args[j].token) == 0)
-	  break;
-    
-      if (j >= KRB4_CTRLS)
-	psyslog(LOG_ALERT, "unrecognized option [%s]", *argv);
-      else
-	ctrl_flags |= krb4_args[j].flag;
-    }
-}
-
-static void
-pdeb(const char *format, ...)
-{
-  va_list args;
-  if (ctrl_off(KRB4_DEBUG))
-    return;
-  va_start(args, format);
-  openlog("pam_krb4", LOG_PID, LOG_AUTH);
-  vsyslog(LOG_DEBUG, format, args);
-  va_end(args);
-  closelog();
-}
-
-#define ENTRY(func) pdeb("%s() flags = %d ruid = %d euid = %d", func, flags, getuid(), geteuid())
-
-static void
-set_tkt_string(uid_t uid)
-{
-  char buf[128];
-
-  snprintf(buf, sizeof(buf), "%s%u", TKT_ROOT, (unsigned)uid);
-  krb_set_tkt_string(buf);
-
-#if 0
-  /* pam_set_data+pam_get_data are not guaranteed to work, grr. */
-  pam_set_data(pamh, "KRBTKFILE", strdup(t), cleanup);
-  if (pam_get_data(pamh, "KRBTKFILE", (const void**)&tkt) == PAM_SUCCESS)
-    {
-      pam_putenv(pamh, var);
-    }
-#endif
-
-  /* We don't want to inherit this variable.
-   * If we still do, it must have a sane value. */
-  if (getenv("KRBTKFILE") != 0)
-    {
-      char *var = malloc(sizeof(buf));
-      snprintf(var, sizeof(buf), "KRBTKFILE=%s", tkt_string());
-      putenv(var);
-      /* free(var); XXX */
-    }
-}
-
-static int
-verify_pass(pam_handle_t *pamh,
-	    const char *name,
-	    const char *inst,
-	    const char *pass)
-{
-  char realm[REALM_SZ];
-  int ret, krb_verify, old_euid, old_ruid;
-
-  krb_get_lrealm(realm, 1);
-  if (ctrl_on(KRB4_NO_VERIFY))
-    krb_verify = KRB_VERIFY_SECURE_FAIL;
-  else
-    krb_verify = KRB_VERIFY_SECURE;
-  old_ruid = getuid();
-  old_euid = geteuid();
-  setreuid(0, 0);
-  ret = krb_verify_user(name, inst, realm, pass, krb_verify, NULL);
-  pdeb("krb_verify_user(`%s', `%s', `%s', pw, %d, NULL) returns %s",
-       name, inst, realm, krb_verify,
-       krb_get_err_text(ret));
-  setreuid(old_ruid, old_euid);
-  if (getuid() != old_ruid || geteuid() != old_euid)
-    {
-      psyslog(LOG_ALERT , "setreuid(%d, %d) failed at line %d",
-	      old_ruid, old_euid, __LINE__);
-      exit(1);
-    }
-    
-  switch(ret) {
-  case KSUCCESS:
-    return PAM_SUCCESS;
-  case KDC_PR_UNKNOWN:
-    return PAM_USER_UNKNOWN;
-  case SKDC_CANT:
-  case SKDC_RETRY:
-  case RD_AP_TIME:
-    return PAM_AUTHINFO_UNAVAIL;
-  default:
-    return PAM_AUTH_ERR;
-  }
-}
-
-static int
-krb4_auth(pam_handle_t *pamh,
-	  int flags,
-	  const char *name,
-	  const char *inst,
-	  struct pam_conv *conv)
-{
-  struct pam_response *resp;
-  char prompt[128];
-  struct pam_message msg, *pmsg = &msg;
-  int ret;
-
-  if (ctrl_on(KRB4_TRY_FIRST_PASS) || ctrl_on(KRB4_USE_FIRST_PASS))
-    {
-      char *pass = 0;
-      ret = pam_get_item(pamh, PAM_AUTHTOK, (void **) &pass);
-      if (ret != PAM_SUCCESS)
-        {
-          psyslog(LOG_ERR , "pam_get_item returned error to get-password");
-          return ret;
-        }
-      else if (pass != 0 && verify_pass(pamh, name, inst, pass) == PAM_SUCCESS)
-	return PAM_SUCCESS;
-      else if (ctrl_on(KRB4_USE_FIRST_PASS))
-	return PAM_AUTHTOK_RECOVERY_ERR;       /* Wrong password! */
-      else
-	/* We tried the first password but it didn't work, cont. */;
-    }
-
-  msg.msg_style = PAM_PROMPT_ECHO_OFF;
-  if (*inst == 0)
-    snprintf(prompt, sizeof(prompt), "%s's Password: ", name);
-  else
-    snprintf(prompt, sizeof(prompt), "%s.%s's Password: ", name, inst);
-  msg.msg = prompt;
-
-  ret = conv->conv(1, &pmsg, &resp, conv->appdata_ptr);
-  if (ret != PAM_SUCCESS)
-    return ret;
-
-  ret = verify_pass(pamh, name, inst, resp->resp);
-  if (ret == PAM_SUCCESS)
-    {
-      memset(resp->resp, 0, strlen(resp->resp)); /* Erase password! */
-      free(resp->resp);
-      free(resp);
-    }
-  else
-    {
-      pam_set_item(pamh, PAM_AUTHTOK, resp->resp); /* Save password. */
-      /* free(resp->resp); XXX */
-      /* free(resp); XXX */
-    }
-  
-  return ret;
-}
-
-int
-pam_sm_authenticate(pam_handle_t *pamh,
-		    int flags,
-		    int argc,
-		    const char **argv)
-{
-  char *user;
-  int ret;
-  struct pam_conv *conv;
-  struct passwd *pw;
-  uid_t uid = -1;
-  const char *name, *inst;
-  char realm[REALM_SZ];
-  realm[0] = 0;
-
-  parse_ctrl(argc, argv);
-  ENTRY("pam_sm_authenticate");
-
-  ret = pam_get_user(pamh, &user, "login: ");
-  if (ret != PAM_SUCCESS)
-    return ret;
-
-  if (ctrl_on(KRB4_IGNORE_ROOT) && strcmp(user, "root") == 0)
-    return PAM_AUTHINFO_UNAVAIL;
-
-  ret = pam_get_item(pamh, PAM_CONV, (void*)&conv);
-  if (ret != PAM_SUCCESS)
-    return ret;
-
-  pw = getpwnam(user);
-  if (pw != 0)
-    {
-      uid = pw->pw_uid;
-      set_tkt_string(uid);
-    }
-    
-  if (strcmp(user, "root") == 0 && getuid() != 0)
-    {
-      pw = getpwuid(getuid());
-      if (pw != 0)
-	{
-	  name = strdup(pw->pw_name);
-	  inst = "root";
-	}
-    }
-  else
-    {
-      name = user;
-      inst = "";
-    }
-
-  ret = krb4_auth(pamh, flags, name, inst, conv);
-
-  /*
-   * The realm was lost inside krb_verify_user() so we can't simply do
-   * a krb_kuserok() when inst != "".
-   */
-  if (ret == PAM_SUCCESS && inst[0] != 0)
-    {
-      uid_t old_euid = geteuid();
-      uid_t old_ruid = getuid();
-
-      setreuid(0, 0);		/* To read ticket file. */
-      if (krb_get_tf_fullname(tkt_string(), 0, 0, realm) != KSUCCESS)
-	ret = PAM_SERVICE_ERR;
-      else if (krb_kuserok(name, inst, realm, user) != KSUCCESS)
-	{
-	  setreuid(0, uid);	/*  To read ~/.klogin. */
-	  if (krb_kuserok(name, inst, realm, user) != KSUCCESS)
-	    ret = PAM_PERM_DENIED;
-	}
-
-      if (ret != PAM_SUCCESS)
-	{
-	  dest_tkt();		/* Passwd known, ok to kill ticket. */
-	  psyslog(LOG_NOTICE,
-		  "%s.%s@%s is not allowed to log in as %s",
-		  name, inst, realm, user);
-	}
-
-      setreuid(old_ruid, old_euid);
-      if (getuid() != old_ruid || geteuid() != old_euid)
-	{
-	  psyslog(LOG_ALERT , "setreuid(%d, %d) failed at line %d",
-		  old_ruid, old_euid, __LINE__);
-	  exit(1);
-	}
-    }
-
-  if (ret == PAM_SUCCESS)
-    {
-      psyslog(LOG_INFO,
-	      "%s.%s@%s authenticated as user %s",
-	      name, inst, realm, user);
-      if (chown(tkt_string(), uid, -1) == -1)
-	{
-	  dest_tkt();
-	  psyslog(LOG_ALERT , "chown(%s, %d, -1) failed", tkt_string(), uid);
-	  exit(1);
-	}
-    }
-
-  /*
-   * Kludge alert!!! Sun dtlogin unlock screen fails to call
-   * pam_setcred(3) with PAM_REFRESH_CRED after a successful
-   * authentication attempt, sic.
-   *
-   * This hack is designed as a workaround to that problem.
-   */
-  if (ctrl_on(KRB4_REAFSLOG))
-    if (ret == PAM_SUCCESS)
-      pam_sm_setcred(pamh, PAM_REFRESH_CRED, argc, argv);
-  
-  return ret;
-}
-
-int 
-pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
-{
-  parse_ctrl(argc, argv);
-  ENTRY("pam_sm_setcred");
-
-  switch (flags & ~PAM_SILENT) {
-  case 0:
-  case PAM_ESTABLISH_CRED:
-    if (k_hasafs())
-      k_setpag();
-    /* Fall through, fill PAG with credentials below. */
-  case PAM_REINITIALIZE_CRED:
-  case PAM_REFRESH_CRED:
-    if (k_hasafs())
-      {
-	void *user = 0;
-
-	if (pam_get_item(pamh, PAM_USER, &user) == PAM_SUCCESS)
-	  {
-	    struct passwd *pw = getpwnam((char *)user);
-	    if (pw != 0)
-	      krb_afslog_uid_home(/*cell*/ 0,/*realm_hint*/ 0,
-				  pw->pw_uid, pw->pw_dir);
-	  }
-      }
-    break;
-  case PAM_DELETE_CRED:
-    dest_tkt();
-    if (k_hasafs())
-      k_unlog();
-    break;
-  default:
-    psyslog(LOG_ALERT , "pam_sm_setcred: unknown flags 0x%x", flags);
-    break;
-  }
-  
-  return PAM_SUCCESS;
-}
-
-int
-pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
-{
-  parse_ctrl(argc, argv);
-  ENTRY("pam_sm_open_session");
-
-  return PAM_SUCCESS;
-}
-
-
-int
-pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char**argv)
-{
-  parse_ctrl(argc, argv);
-  ENTRY("pam_sm_close_session");
-
-  /* This isn't really kosher, but it's handy. */
-  pam_sm_setcred(pamh, PAM_DELETE_CRED, argc, argv);
-
-  return PAM_SUCCESS;
-}
diff --git a/crypto/heimdal/lib/auth/pam/pam.conf.add b/crypto/heimdal/lib/auth/pam/pam.conf.add
deleted file mode 100644
index 7db3e3d85a30..000000000000
--- a/crypto/heimdal/lib/auth/pam/pam.conf.add
+++ /dev/null
@@ -1,97 +0,0 @@
-To enable PAM in dtlogin and /bin/login under SunOS 5.6 apply this patch:
-
---- /etc/pam.conf.DIST	Mon Jul 20 15:37:46 1998
-+++ /etc/pam.conf	Tue Feb 15 19:39:12 2000
-@@ -4,15 +4,19 @@
- #
- # Authentication management
- #
-+login	auth sufficient	/usr/athena/lib/pam_krb4.so
- login	auth required 	/usr/lib/security/pam_unix.so.1 
- login	auth required 	/usr/lib/security/pam_dial_auth.so.1 
- #
- rlogin  auth sufficient /usr/lib/security/pam_rhosts_auth.so.1
- rlogin	auth required 	/usr/lib/security/pam_unix.so.1
- #
-+dtlogin	auth sufficient	/usr/athena/lib/pam_krb4.so
- dtlogin	auth required 	/usr/lib/security/pam_unix.so.1 
- #
- rsh	auth required	/usr/lib/security/pam_rhosts_auth.so.1
-+# Reafslog is for dtlogin lock display
-+other	auth sufficient	/usr/athena/lib/pam_krb4.so reafslog
- other	auth required	/usr/lib/security/pam_unix.so.1
- #
- # Account management
-@@ -24,6 +28,8 @@
- #
- # Session management
- #
-+dtlogin	session required	/usr/athena/lib/pam_krb4.so
-+login	session required	/usr/athena/lib/pam_krb4.so
- other	session required	/usr/lib/security/pam_unix.so.1 
- #
- # Password management
----------------------------------------------------------------------------
-To enable PAM in /bin/login and xdm under Red Hat 6.? apply these patches:
-
---- /etc/pam.d/login~	Tue Dec  7 12:01:35 1999
-+++ /etc/pam.d/login	Wed May 31 16:27:55 2000
-@@ -1,9 +1,12 @@
- #%PAM-1.0
-+# Updated to work with kerberos
-+auth       sufficient   /usr/athena/lib/pam_krb4.so.1.0.1
- auth       required	/lib/security/pam_securetty.so
- auth       required	/lib/security/pam_pwdb.so shadow nullok
- auth       required	/lib/security/pam_nologin.so
- account    required	/lib/security/pam_pwdb.so
- password   required	/lib/security/pam_cracklib.so
- password   required	/lib/security/pam_pwdb.so nullok use_authtok md5 shadow
-+session    required     /usr/athena/lib/pam_krb4.so.1.0.1
- session    required	/lib/security/pam_pwdb.so
- session    optional	/lib/security/pam_console.so
---- /etc/pam.d/xdm~	Wed May 31 16:33:54 2000
-+++ /etc/pam.d/xdm	Wed May 31 16:28:29 2000
-@@ -1,8 +1,11 @@
- #%PAM-1.0
-+# Updated to work with kerberos
-+auth       sufficient   /usr/athena/lib/pam_krb4.so.1.0.1
- auth       required	/lib/security/pam_pwdb.so shadow nullok
- auth       required	/lib/security/pam_nologin.so
- account    required	/lib/security/pam_pwdb.so
- password   required	/lib/security/pam_cracklib.so
- password   required	/lib/security/pam_pwdb.so shadow nullok use_authtok
-+session    required     /usr/athena/lib/pam_krb4.so.1.0.1
- session    required	/lib/security/pam_pwdb.so
- session    optional     /lib/security/pam_console.so
---- /etc/pam.d/gdm~	Wed May 31 16:33:54 2000
-+++ /etc/pam.d/gdm	Wed May 31 16:34:28 2000
-@@ -1,8 +1,11 @@
- #%PAM-1.0
-+# Updated to work with kerberos
-+auth       sufficient   /usr/athena/lib/pam_krb4.so.1.0.1
- auth       required	/lib/security/pam_pwdb.so shadow nullok
- auth       required	/lib/security/pam_nologin.so
- account    required	/lib/security/pam_pwdb.so
- password   required	/lib/security/pam_cracklib.so
- password   required	/lib/security/pam_pwdb.so shadow nullok use_authtok
-+session    required     /usr/athena/lib/pam_krb4.so.1.0.1
- session    required	/lib/security/pam_pwdb.so
- session    optional     /lib/security/pam_console.so
-
---------------------------------------------------------------------------
-
-This stuff may work under some other system.
-
-# To get this to work, you will have to add entries to /etc/pam.conf
-#
-# To make login kerberos-aware, you might change pam.conf to look
-# like:
-
-# login authorization
-login   auth       sufficient   /lib/security/pam_krb4.so
-login   auth       required     /lib/security/pam_securetty.so
-login   auth       required     /lib/security/pam_unix_auth.so
-login   account    required     /lib/security/pam_unix_acct.so
-login   password   required     /lib/security/pam_unix_passwd.so
-login   session    required     /lib/security/pam_krb4.so
-login   session    required     /lib/security/pam_unix_session.so
diff --git a/crypto/heimdal/lib/auth/sia/Makefile.am b/crypto/heimdal/lib/auth/sia/Makefile.am
deleted file mode 100644
index 7b6aeddf2f6a..000000000000
--- a/crypto/heimdal/lib/auth/sia/Makefile.am
+++ /dev/null
@@ -1,116 +0,0 @@
-# $Id: Makefile.am 22304 2007-12-14 12:18:18Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-AM_CPPFLAGS += $(INCLUDE_krb4)
-
-WFLAGS += $(WFLAGS_NOIMPLICITINT)
-
-DEFS = @DEFS@
-
-## this is horribly ugly, but automake/libtool doesn't allow us to
-## unconditionally build shared libraries, and it does not allow us to
-## link with non-installed libraries
-
-KAFS=$(top_builddir)/lib/kafs/.libs/libkafs.a
-KAFS_S=$(top_builddir)/lib/kafs/.libs/libkafs.so
-
-if KRB5
-L = \
-	$(KAFS)						\
-	$(top_builddir)/lib/krb5/.libs/libkrb5.a	\
-	$(top_builddir)/lib/asn1/.libs/libasn1.a	\
-	$(LIB_krb4)					\
-	$(LIB_hcrypto_a)					\
-	$(LIB_com_err_a)				\
-	$(top_builddir)/lib/roken/.libs/libroken.a	\
-	$(LIB_getpwnam_r)				\
-	-lc
-
-L_shared = \
-	$(KAFS_S)					\
-	$(top_builddir)/lib/krb5/.libs/libkrb5.so	\
-	$(top_builddir)/lib/asn1/.libs/libasn1.so	\
-	$(LIB_krb4)					\
-	$(LIB_hcrypto_so)					\
-	$(LIB_com_err_so)				\
-	$(top_builddir)/lib/roken/.libs/libroken.so	\
-	$(LIB_getpwnam_r)				\
-	-lc
-
-MOD = libsia_krb5.so
-
-else
-
-L = \
-	$(KAFS)						\
-	$(top_builddir)/lib/kadm/.libs/libkadm.a	\
-	$(top_builddir)/lib/krb/.libs/libkrb.a		\
-	$(LIB_hcrypto_a)		\
-	$(top_builddir)/lib/com_err/.libs/libcom_err.a	\
-	$(top_builddir)/lib/roken/.libs/libroken.a	\
-	$(LIB_getpwnam_r)				\
-	-lc
-
-L_shared = \
-	$(KAFS_S)					\
-	$(top_builddir)/lib/kadm/.libs/libkadm.so	\
-	$(top_builddir)/lib/krb/.libs/libkrb.so		\
-	$(LIB_hcrypto_so)		\
-	$(top_builddir)/lib/com_err/.libs/libcom_err.so	\
-	$(top_builddir)/lib/roken/.libs/libroken.so	\
-	$(LIB_getpwnam_r)				\
-	-lc
-
-MOD = libsia_krb4.so
-
-endif
-
-foodir = $(libdir)
-foo_DATA = $(MOD)
-
-LDFLAGS = @LDFLAGS@ -rpath $(libdir) -Wl,-hidden -Wl,-exported_symbol -Wl,siad_\* 
-
-SRCS = sia.c posix_getpw.c sia_locl.h
-OBJS = sia.o posix_getpw.o
-
-libsia_krb5.so: $(OBJS)
-	@if test -f $(top_builddir)/lib/krb5/.libs/libkrb5.a; then \
-		echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`"; \
-		$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`; \
-	elif test -f $(top_builddir)/lib/krb5/.libs/libkrb5.so; then \
-		echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`"; \
-		$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`; \
-	else \
-		echo "missing libraries"; exit 1; \
-	fi
-	ostrip -x $@
-
-libsia_krb4.so: $(OBJS)
-	@if test -f $(top_builddir)/lib/krb/.libs/libkrb.a; then \
-		echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`"; \
-		$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`; \
-	elif test -f $(top_builddir)/lib/krb/.libs/libkrb.so; then \
-		echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`"; \
-		$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`; \
-	else \
-		echo "missing libraries"; exit 1; \
-	fi
-	ostrip -x $@
-
-CLEANFILES = $(MOD) $(OBJS) so_locations
-
-SUFFIXES += .c .o
-
-# XXX inline COMPILE since automake wont add it
-
-.c.o:
-	$(CC) $(DEFS) $(DEFAULT_AM_CPPFLAGS) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) \
-	-c `test -f '$<' || echo '$(srcdir)/'`$<
-
-EXTRA_DIST = sia.c sia_locl.h posix_getpw.c \
-	krb4_matrix.conf krb4+c2_matrix.conf \
-	krb5_matrix.conf krb5+c2_matrix.conf \
-	security.patch \
-	make-rpath $(SRCS)
diff --git a/crypto/heimdal/lib/auth/sia/Makefile.in b/crypto/heimdal/lib/auth/sia/Makefile.in
deleted file mode 100644
index 88f62579821b..000000000000
--- a/crypto/heimdal/lib/auth/sia/Makefile.in
+++ /dev/null
@@ -1,778 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 22304 2007-12-14 12:18:18Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common
-subdir = lib/auth/sia
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-SOURCES =
-DIST_SOURCES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
-    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
-    *) f=$$p;; \
-  esac;
-am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
-am__installdirs = "$(DESTDIR)$(foodir)"
-fooDATA_INSTALL = $(INSTALL_DATA)
-DATA = $(foo_DATA)
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@ -rpath $(libdir) -Wl,-hidden -Wl,-exported_symbol -Wl,siad_\* 
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@ $(WFLAGS_NOIMPLICITINT)
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
-	$(INCLUDE_krb4)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-KAFS = $(top_builddir)/lib/kafs/.libs/libkafs.a
-KAFS_S = $(top_builddir)/lib/kafs/.libs/libkafs.so
-@KRB5_FALSE@L = \
-@KRB5_FALSE@	$(KAFS)						\
-@KRB5_FALSE@	$(top_builddir)/lib/kadm/.libs/libkadm.a	\
-@KRB5_FALSE@	$(top_builddir)/lib/krb/.libs/libkrb.a		\
-@KRB5_FALSE@	$(LIB_hcrypto_a)		\
-@KRB5_FALSE@	$(top_builddir)/lib/com_err/.libs/libcom_err.a	\
-@KRB5_FALSE@	$(top_builddir)/lib/roken/.libs/libroken.a	\
-@KRB5_FALSE@	$(LIB_getpwnam_r)				\
-@KRB5_FALSE@	-lc
-
-@KRB5_TRUE@L = \
-@KRB5_TRUE@	$(KAFS)						\
-@KRB5_TRUE@	$(top_builddir)/lib/krb5/.libs/libkrb5.a	\
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/.libs/libasn1.a	\
-@KRB5_TRUE@	$(LIB_krb4)					\
-@KRB5_TRUE@	$(LIB_hcrypto_a)					\
-@KRB5_TRUE@	$(LIB_com_err_a)				\
-@KRB5_TRUE@	$(top_builddir)/lib/roken/.libs/libroken.a	\
-@KRB5_TRUE@	$(LIB_getpwnam_r)				\
-@KRB5_TRUE@	-lc
-
-@KRB5_FALSE@L_shared = \
-@KRB5_FALSE@	$(KAFS_S)					\
-@KRB5_FALSE@	$(top_builddir)/lib/kadm/.libs/libkadm.so	\
-@KRB5_FALSE@	$(top_builddir)/lib/krb/.libs/libkrb.so		\
-@KRB5_FALSE@	$(LIB_hcrypto_so)		\
-@KRB5_FALSE@	$(top_builddir)/lib/com_err/.libs/libcom_err.so	\
-@KRB5_FALSE@	$(top_builddir)/lib/roken/.libs/libroken.so	\
-@KRB5_FALSE@	$(LIB_getpwnam_r)				\
-@KRB5_FALSE@	-lc
-
-@KRB5_TRUE@L_shared = \
-@KRB5_TRUE@	$(KAFS_S)					\
-@KRB5_TRUE@	$(top_builddir)/lib/krb5/.libs/libkrb5.so	\
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/.libs/libasn1.so	\
-@KRB5_TRUE@	$(LIB_krb4)					\
-@KRB5_TRUE@	$(LIB_hcrypto_so)					\
-@KRB5_TRUE@	$(LIB_com_err_so)				\
-@KRB5_TRUE@	$(top_builddir)/lib/roken/.libs/libroken.so	\
-@KRB5_TRUE@	$(LIB_getpwnam_r)				\
-@KRB5_TRUE@	-lc
-
-@KRB5_FALSE@MOD = libsia_krb4.so
-@KRB5_TRUE@MOD = libsia_krb5.so
-foodir = $(libdir)
-foo_DATA = $(MOD)
-SRCS = sia.c posix_getpw.c sia_locl.h
-OBJS = sia.o posix_getpw.o
-CLEANFILES = $(MOD) $(OBJS) so_locations
-EXTRA_DIST = sia.c sia_locl.h posix_getpw.c \
-	krb4_matrix.conf krb4+c2_matrix.conf \
-	krb5_matrix.conf krb5+c2_matrix.conf \
-	security.patch \
-	make-rpath $(SRCS)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps lib/auth/sia/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps lib/auth/sia/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-fooDATA: $(foo_DATA)
-	@$(NORMAL_INSTALL)
-	test -z "$(foodir)" || $(MKDIR_P) "$(DESTDIR)$(foodir)"
-	@list='$(foo_DATA)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(fooDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(foodir)/$$f'"; \
-	  $(fooDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(foodir)/$$f"; \
-	done
-
-uninstall-fooDATA:
-	@$(NORMAL_UNINSTALL)
-	@list='$(foo_DATA)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(foodir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(foodir)/$$f"; \
-	done
-tags: TAGS
-TAGS:
-
-ctags: CTAGS
-CTAGS:
-
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(DATA) all-local
-installdirs:
-	for dir in "$(DESTDIR)$(foodir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-generic
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-fooDATA
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-fooDATA
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool dist-hook distclean \
-	distclean-generic distclean-libtool distdir dvi dvi-am html \
-	html-am info info-am install install-am install-data \
-	install-data-am install-data-hook install-dvi install-dvi-am \
-	install-exec install-exec-am install-exec-hook install-fooDATA \
-	install-html install-html-am install-info install-info-am \
-	install-man install-pdf install-pdf-am install-ps \
-	install-ps-am install-strip installcheck installcheck-am \
-	installdirs maintainer-clean maintainer-clean-generic \
-	mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
-	ps ps-am uninstall uninstall-am uninstall-fooDATA \
-	uninstall-hook
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-libsia_krb5.so: $(OBJS)
-	@if test -f $(top_builddir)/lib/krb5/.libs/libkrb5.a; then \
-		echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`"; \
-		$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`; \
-	elif test -f $(top_builddir)/lib/krb5/.libs/libkrb5.so; then \
-		echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`"; \
-		$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`; \
-	else \
-		echo "missing libraries"; exit 1; \
-	fi
-	ostrip -x $@
-
-libsia_krb4.so: $(OBJS)
-	@if test -f $(top_builddir)/lib/krb/.libs/libkrb.a; then \
-		echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`"; \
-		$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`; \
-	elif test -f $(top_builddir)/lib/krb/.libs/libkrb.so; then \
-		echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`"; \
-		$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`; \
-	else \
-		echo "missing libraries"; exit 1; \
-	fi
-	ostrip -x $@
-
-# XXX inline COMPILE since automake wont add it
-
-.c.o:
-	$(CC) $(DEFS) $(DEFAULT_AM_CPPFLAGS) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) \
-	-c `test -f '$<' || echo '$(srcdir)/'`$<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/auth/sia/krb4+c2_matrix.conf b/crypto/heimdal/lib/auth/sia/krb4+c2_matrix.conf
deleted file mode 100644
index 47b5cd4fba2e..000000000000
--- a/crypto/heimdal/lib/auth/sia/krb4+c2_matrix.conf
+++ /dev/null
@@ -1,58 +0,0 @@
-# Copyright (c) 1998 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-
-# $Id: krb4+c2_matrix.conf 7463 1999-12-02 16:58:55Z joda $
-
-# sia matrix configuration file (Kerberos 4 + C2)
-
-siad_init=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
-siad_chk_invoker=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_ses_init=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_ses_authent=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_ses_estab=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_ses_launch=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_ses_suauthent=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_ses_reauthent=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_chg_finger=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_chg_password=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_chg_shell=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_getpwent=(BSD,libc.so)
-siad_getpwuid=(BSD,libc.so)
-siad_getpwnam=(BSD,libc.so)
-siad_setpwent=(BSD,libc.so)
-siad_endpwent=(BSD,libc.so)
-siad_getgrent=(BSD,libc.so)
-siad_getgrgid=(BSD,libc.so)
-siad_getgrnam=(BSD,libc.so)
-siad_setgrent=(BSD,libc.so)
-siad_endgrent=(BSD,libc.so)
-siad_ses_release=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_chk_user=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
diff --git a/crypto/heimdal/lib/auth/sia/krb4_matrix.conf b/crypto/heimdal/lib/auth/sia/krb4_matrix.conf
deleted file mode 100644
index 17d6d13978af..000000000000
--- a/crypto/heimdal/lib/auth/sia/krb4_matrix.conf
+++ /dev/null
@@ -1,59 +0,0 @@
-# Copyright (c) 1998 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-
-# $Id: krb4_matrix.conf 7463 1999-12-02 16:58:55Z joda $
-
-# sia matrix configuration file (Kerberos 4 + BSD)
-
-siad_init=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so) 
-siad_chk_invoker=(BSD,libc.so)
-siad_ses_init=(KRB4,/usr/athena/lib/libsia_krb4.so)
-siad_ses_authent=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
-siad_ses_estab=(BSD,libc.so)
-siad_ses_launch=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
-siad_ses_suauthent=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
-siad_ses_reauthent=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
-siad_chg_finger=(BSD,libc.so)
-siad_chg_password=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
-siad_chg_shell=(BSD,libc.so)
-siad_getpwent=(BSD,libc.so)
-siad_getpwuid=(BSD,libc.so)
-siad_getpwnam=(BSD,libc.so)
-siad_setpwent=(BSD,libc.so)
-siad_endpwent=(BSD,libc.so)
-siad_getgrent=(BSD,libc.so)
-siad_getgrgid=(BSD,libc.so)
-siad_getgrnam=(BSD,libc.so)
-siad_setgrent=(BSD,libc.so)
-siad_endgrent=(BSD,libc.so)
-siad_ses_release=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
-siad_chk_user=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
-
diff --git a/crypto/heimdal/lib/auth/sia/krb5+c2_matrix.conf b/crypto/heimdal/lib/auth/sia/krb5+c2_matrix.conf
deleted file mode 100644
index ada8ba507abb..000000000000
--- a/crypto/heimdal/lib/auth/sia/krb5+c2_matrix.conf
+++ /dev/null
@@ -1,27 +0,0 @@
-# $Id: krb5+c2_matrix.conf 5254 1998-11-26 20:58:18Z assar $
-
-# sia matrix configuration file (Kerberos 5 + C2)
-
-siad_init=(KRB5,/usr/athena/lib/libsia_krb5.so)(BSD,libc.so)
-siad_chk_invoker=(OSFC2,/usr/shlib/libsecurity.so)
-siad_ses_init=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_ses_authent=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_ses_estab=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_ses_launch=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_ses_suauthent=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_ses_reauthent=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_chg_finger=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_chg_password=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_chg_shell=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_getpwent=(BSD,libc.so)
-siad_getpwuid=(BSD,libc.so)
-siad_getpwnam=(BSD,libc.so)
-siad_setpwent=(BSD,libc.so)
-siad_endpwent=(BSD,libc.so)
-siad_getgrent=(BSD,libc.so)
-siad_getgrgid=(BSD,libc.so)
-siad_getgrnam=(BSD,libc.so)
-siad_setgrent=(BSD,libc.so)
-siad_endgrent=(BSD,libc.so)
-siad_ses_release=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_chk_user=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
diff --git a/crypto/heimdal/lib/auth/sia/krb5_matrix.conf b/crypto/heimdal/lib/auth/sia/krb5_matrix.conf
deleted file mode 100644
index ab07956fb9ce..000000000000
--- a/crypto/heimdal/lib/auth/sia/krb5_matrix.conf
+++ /dev/null
@@ -1,27 +0,0 @@
-# $Id: krb5_matrix.conf 10576 2001-08-28 08:49:20Z joda $
-
-# sia matrix configuration file (Kerberos 5 + BSD)
-
-siad_init=(KRB5,/usr/heimdal/lib/libsia_krb5.so)(BSD,libc.so) 
-siad_chk_invoker=(BSD,libc.so)
-siad_ses_init=(KRB5,/usr/heimdal/lib/libsia_krb5.so)
-siad_ses_authent=(KRB5,/usr/heimdal/lib/libsia_krb5.so)(BSD,libc.so)
-siad_ses_estab=(BSD,libc.so)
-siad_ses_launch=(KRB5,/usr/heimdal/lib/libsia_krb5.so)(BSD,libc.so)
-siad_ses_suauthent=(KRB5,/usr/heimdal/lib/libsia_krb5.so)(BSD,libc.so)
-siad_ses_reauthent=(BSD,libc.so)
-siad_chg_finger=(BSD,libc.so)
-siad_chg_password=(BSD,libc.so)
-siad_chg_shell=(BSD,libc.so)
-siad_getpwent=(BSD,libc.so)
-siad_getpwuid=(BSD,libc.so)
-siad_getpwnam=(BSD,libc.so)
-siad_setpwent=(BSD,libc.so)
-siad_endpwent=(BSD,libc.so)
-siad_getgrent=(BSD,libc.so)
-siad_getgrgid=(BSD,libc.so)
-siad_getgrnam=(BSD,libc.so)
-siad_setgrent=(BSD,libc.so)
-siad_endgrent=(BSD,libc.so)
-siad_ses_release=(KRB5,/usr/heimdal/lib/libsia_krb5.so)(BSD,libc.so)
-siad_chk_user=(BSD,libc.so)
diff --git a/crypto/heimdal/lib/auth/sia/make-rpath b/crypto/heimdal/lib/auth/sia/make-rpath
deleted file mode 100755
index 4aa297eeeb62..000000000000
--- a/crypto/heimdal/lib/auth/sia/make-rpath
+++ /dev/null
@@ -1,34 +0,0 @@
-#!/bin/sh
-# $Id: make-rpath 10345 2001-07-17 15:15:31Z assar $
-rlist=
-rest=
-while test $# -gt 0; do
-case $1 in
--R|-rpath)
-  if test "$rlist"; then
-    rlist="${rlist}:$2"
-  else
-    rlist="$2"
-  fi
-  shift 2
-  ;;
--R*) 
-  d=`echo $1 | sed 's,^-R,,'`
-  if test "$rlist"; then
-    rlist="${rlist}:${d}"
-  else
-    rlist="${d}"
-  fi
-  shift
-  ;;
-*)
-  rest="${rest} $1"
-  shift
-  ;;
-esac
-done
-rpath=
-if test "$rlist"; then
-  rpath="-rpath $rlist "
-fi
-echo "${rpath}${rest}"
diff --git a/crypto/heimdal/lib/auth/sia/posix_getpw.c b/crypto/heimdal/lib/auth/sia/posix_getpw.c
deleted file mode 100644
index 65d7a2ef1d3c..000000000000
--- a/crypto/heimdal/lib/auth/sia/posix_getpw.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "sia_locl.h"
-
-RCSID("$Id: posix_getpw.c 5680 1999-03-21 17:07:02Z joda $");
-
-#ifndef POSIX_GETPWNAM_R
-/* 
- * These functions translate from the old Digital UNIX 3.x interface
- * to POSIX.1c.
- */
-
-int
-posix_getpwnam_r(const char *name, struct passwd *pwd, 
-		 char *buffer, int len, struct passwd **result)
-{
-    int ret = getpwnam_r(name, pwd, buffer, len);
-    if(ret == 0)
-	*result = pwd;
-    else{
-	*result = NULL;
-	ret = _Geterrno();
-	if(ret == 0){
-	    ret = ERANGE;
-	    _Seterrno(ret);
-	}
-    }
-    return ret;
-}
-
-int
-posix_getpwuid_r(uid_t uid, struct passwd *pwd, 
-		 char *buffer, int len, struct passwd **result)
-{
-    int ret = getpwuid_r(uid, pwd, buffer, len);
-    if(ret == 0)
-	*result = pwd;
-    else{
-	*result = NULL;
-	ret = _Geterrno();
-	if(ret == 0){
-	    ret = ERANGE;
-	    _Seterrno(ret);
-	}
-    }
-    return ret;
-}
-#endif /* POSIX_GETPWNAM_R */
diff --git a/crypto/heimdal/lib/auth/sia/security.patch b/crypto/heimdal/lib/auth/sia/security.patch
deleted file mode 100644
index c407876d6362..000000000000
--- a/crypto/heimdal/lib/auth/sia/security.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- /sbin/init.d/security~      Tue Aug 20 22:44:09 1996
-+++ /sbin/init.d/security       Fri Nov  1 14:52:56 1996
-@@ -49,7 +49,7 @@
-                    SECURITY=BASE
-                fi
-                ;;
--       BASE)
-+       BASE|KRB4)
-                ;;
-        *)
-                echo "security configuration set to default (BASE)."
diff --git a/crypto/heimdal/lib/auth/sia/sia.c b/crypto/heimdal/lib/auth/sia/sia.c
deleted file mode 100644
index 640b868cb61a..000000000000
--- a/crypto/heimdal/lib/auth/sia/sia.c
+++ /dev/null
@@ -1,703 +0,0 @@
-/*
- * Copyright (c) 1995-2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "sia_locl.h"
-
-RCSID("$Id: sia.c 14838 2005-04-19 04:41:07Z lha $");
-
-int 
-siad_init(void)
-{
-    return SIADSUCCESS;
-}
-
-int 
-siad_chk_invoker(void)
-{
-    SIA_DEBUG(("DEBUG", "siad_chk_invoker"));
-    return SIADFAIL;
-}
-
-int 
-siad_ses_init(SIAENTITY *entity, int pkgind)
-{
-    struct state *s = malloc(sizeof(*s));
-
-    SIA_DEBUG(("DEBUG", "siad_ses_init"));
-    if(s == NULL)
-	return SIADFAIL;
-    memset(s, 0, sizeof(*s));
-#ifdef SIA_KRB5
-    {
-      krb5_error_code ret;
-      ret = krb5_init_context(&s->context);
-      if (ret)
-	return SIADFAIL;
-    }
-#endif
-    entity->mech[pkgind] = (int*)s;
-    return SIADSUCCESS;
-}
-
-static int
-setup_name(SIAENTITY *e, prompt_t *p)
-{
-    SIA_DEBUG(("DEBUG", "setup_name"));
-    e->name = malloc(SIANAMEMIN + 1);
-    if(e->name == NULL){
-	SIA_DEBUG(("DEBUG", "failed to malloc %u bytes", SIANAMEMIN+1));
-	return SIADFAIL;
-    }
-    p->prompt = (unsigned char*)"login: ";
-    p->result = (unsigned char*)e->name;
-    p->min_result_length = 1;
-    p->max_result_length = SIANAMEMIN;
-    p->control_flags = 0;
-    return SIADSUCCESS;
-}
-
-static int
-setup_password(SIAENTITY *e, prompt_t *p)
-{
-    SIA_DEBUG(("DEBUG", "setup_password"));
-    e->password = malloc(SIAMXPASSWORD + 1);
-    if(e->password == NULL){
-	SIA_DEBUG(("DEBUG", "failed to malloc %u bytes", SIAMXPASSWORD+1));
-	return SIADFAIL;
-    }
-    p->prompt = (unsigned char*)"Password: ";
-    p->result = (unsigned char*)e->password;
-    p->min_result_length = 0;
-    p->max_result_length = SIAMXPASSWORD;
-    p->control_flags = SIARESINVIS;
-    return SIADSUCCESS;
-}
-
-
-static int
-doauth(SIAENTITY *entity, int pkgind, char *name)
-{
-    struct passwd pw, *pwd;
-    char pwbuf[1024];
-    struct state *s = (struct state*)entity->mech[pkgind];
-#ifdef SIA_KRB5
-    krb5_realm *realms, *r;
-    krb5_principal principal;
-    krb5_ccache ccache;
-    krb5_error_code ret;
-#endif
-#ifdef SIA_KRB4
-    char realm[REALM_SZ];
-    char *toname, *toinst;
-    int ret;
-    struct passwd fpw, *fpwd;
-    char fpwbuf[1024];
-    int secure;
-#endif
-	
-    if(getpwnam_r(name, &pw, pwbuf, sizeof(pwbuf), &pwd) != 0 || pwd == NULL){
-	SIA_DEBUG(("DEBUG", "failed to getpwnam(%s)", name));
-	return SIADFAIL;
-    }
-
-#ifdef SIA_KRB5
-    ret = krb5_get_default_realms(s->context, &realms);
-
-    for (r = realms; *r != NULL; ++r) {
-	krb5_make_principal (s->context, &principal, *r, entity->name, NULL);
-
-	if(krb5_kuserok(s->context, principal, entity->name))
-	    break;
-    }
-    krb5_free_host_realm (s->context, realms);
-    if (*r == NULL)
-	return SIADFAIL;
-
-    sprintf(s->ticket, "FILE:/tmp/krb5_cc%d_%d", pwd->pw_uid, getpid());
-    ret = krb5_cc_resolve(s->context, s->ticket, &ccache);
-    if(ret)
-	return SIADFAIL;
-#endif
-	
-#ifdef SIA_KRB4
-    snprintf(s->ticket, sizeof(s->ticket),
-	     "%s%u_%u", TKT_ROOT, (unsigned)pwd->pw_uid, (unsigned)getpid());
-    krb_get_lrealm(realm, 1);
-    toname = name;
-    toinst = "";
-    if(entity->authtype == SIA_A_SUAUTH){
-	uid_t ouid;
-#ifdef HAVE_SIAENTITY_OUID
-	ouid = entity->ouid;
-#else
-	ouid = getuid();
-#endif
-	if(getpwuid_r(ouid, &fpw, fpwbuf, sizeof(fpwbuf), &fpwd) != 0 || fpwd == NULL){
-	    SIA_DEBUG(("DEBUG", "failed to getpwuid(%u)", ouid));
-	    return SIADFAIL;
-	}
-	snprintf(s->ticket, sizeof(s->ticket), "%s_%s_to_%s_%d", 
-		 TKT_ROOT, fpwd->pw_name, pwd->pw_name, getpid());
-	if(strcmp(pwd->pw_name, "root") == 0){
-	    toname = fpwd->pw_name;
-	    toinst = pwd->pw_name;
-	}
-    }
-    if(entity->authtype == SIA_A_REAUTH) 
-	snprintf(s->ticket, sizeof(s->ticket), "%s", tkt_string());
-    
-    krb_set_tkt_string(s->ticket);
-	
-    setuid(0); /* XXX fix for fix in tf_util.c */
-    if(krb_kuserok(toname, toinst, realm, name)){
-	SIA_DEBUG(("DEBUG", "%s.%s@%s is not allowed to login as %s", 
-		   toname, toinst, realm, name));
-	return SIADFAIL;
-    }
-#endif
-#ifdef SIA_KRB5
-    ret = krb5_verify_user_lrealm(s->context, principal, ccache,
-				  entity->password, 1, NULL);
-    if(ret){
-	/* if this is most likely a local user (such as
-	   root), just silently return failure when the
-	   principal doesn't exist */
-	if(ret != KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN && 
-	   ret != KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN)
-	    SIALOG("WARNING", "krb5_verify_user(%s): %s", 
-		   entity->name, error_message(ret));
-	return SIADFAIL;
-    }
-#endif
-#ifdef SIA_KRB4
-    if (getuid () == 0)
-	secure = KRB_VERIFY_SECURE;
-    else
-	secure = KRB_VERIFY_NOT_SECURE;
-	
-    ret = krb_verify_user(toname, toinst, realm,
-			  entity->password, secure, NULL);
-    if(ret){
-	SIA_DEBUG(("DEBUG", "krb_verify_user: %s", krb_get_err_text(ret)));
-	if(ret != KDC_PR_UNKNOWN)
-	    /* since this is most likely a local user (such as
-	       root), just silently return failure when the
-	       principal doesn't exist */
-	    SIALOG("WARNING", "krb_verify_user(%s.%s): %s", 
-		   toname, toinst, krb_get_err_text(ret));
-	return SIADFAIL;
-    }
-#endif
-    if(sia_make_entity_pwd(pwd, entity) == SIAFAIL)
-	return SIADFAIL;
-    s->valid = 1;
-    return SIADSUCCESS;
-}
-
-
-static int 
-common_auth(sia_collect_func_t *collect, 
-	    SIAENTITY *entity, 
-	    int siastat,
-	    int pkgind)
-{
-    prompt_t prompts[2], *pr;
-    char *name;
-
-    SIA_DEBUG(("DEBUG", "common_auth"));
-    if((siastat == SIADSUCCESS) && (geteuid() == 0))
-	return SIADSUCCESS;
-    if(entity == NULL) {
-	SIA_DEBUG(("DEBUG", "entity == NULL"));
-	return SIADFAIL | SIADSTOP;
-    }
-    name = entity->name;
-    if(entity->acctname)
-	name = entity->acctname;
-    
-    if((collect != NULL) && entity->colinput) {
-	int num;
-	pr = prompts;
-	if(name == NULL){
-	    if(setup_name(entity, pr) != SIADSUCCESS)
-		return SIADFAIL;
-	    pr++;
-	}
-	if(entity->password == NULL){
-	    if(setup_password(entity, pr) != SIADSUCCESS)
-		return SIADFAIL;
-	    pr++;
-	}
-	num = pr - prompts;
-	if(num == 1){
-	    if((*collect)(240, SIAONELINER, (unsigned char*)"", num, 
-			  prompts) != SIACOLSUCCESS){
-		SIA_DEBUG(("DEBUG", "collect failed"));
-		return SIADFAIL | SIADSTOP;
-	    }
-	} else if(num > 0){
-	    if((*collect)(0, SIAFORM, (unsigned char*)"", num, 
-			  prompts) != SIACOLSUCCESS){
-		SIA_DEBUG(("DEBUG", "collect failed"));
-		return SIADFAIL | SIADSTOP;
-	    }
-	}
-    }
-    if(name == NULL)
-	name = entity->name;
-    if(name == NULL || name[0] == '\0'){
-	SIA_DEBUG(("DEBUG", "name is null"));
-	return SIADFAIL;
-    }
-
-    if(entity->password == NULL || strlen(entity->password) > SIAMXPASSWORD){
-	SIA_DEBUG(("DEBUG", "entity->password is null"));
-	return SIADFAIL;
-    }
-    
-    return doauth(entity, pkgind, name);
-}
-
-
-int 
-siad_ses_authent(sia_collect_func_t *collect, 
-		 SIAENTITY *entity, 
-		 int siastat,
-		 int pkgind)
-{
-    SIA_DEBUG(("DEBUG", "siad_ses_authent"));
-    return common_auth(collect, entity, siastat, pkgind);
-}
-
-int 
-siad_ses_estab(sia_collect_func_t *collect, 
-	       SIAENTITY *entity, int pkgind)
-{
-    SIA_DEBUG(("DEBUG", "siad_ses_estab"));
-    return SIADFAIL;
-}
-
-int 
-siad_ses_launch(sia_collect_func_t *collect,
-		SIAENTITY *entity,
-		int pkgind)
-{
-    static char env[MaxPathLen];
-    struct state *s = (struct state*)entity->mech[pkgind];
-    SIA_DEBUG(("DEBUG", "siad_ses_launch"));
-    if(s->valid){
-#ifdef SIA_KRB5
-	chown(s->ticket + sizeof("FILE:") - 1, 
-	      entity->pwd->pw_uid, 
-	      entity->pwd->pw_gid);
-	snprintf(env, sizeof(env), "KRB5CCNAME=%s", s->ticket);
-#endif
-#ifdef SIA_KRB4
-	chown(s->ticket, entity->pwd->pw_uid, entity->pwd->pw_gid);
-	snprintf(env, sizeof(env), "KRBTKFILE=%s", s->ticket);
-#endif
-	putenv(env);
-    }
-#ifdef SIA_KRB5
-    if (k_hasafs()) {
-	char cell[64];
-	krb5_ccache ccache;
-	if(krb5_cc_resolve(s->context, s->ticket, &ccache) == 0) {
-	    k_setpag();
-	    if(k_afs_cell_of_file(entity->pwd->pw_dir, cell, sizeof(cell)) == 0)
-		krb5_afslog(s->context, ccache, cell, 0);
-	    krb5_afslog_home(s->context, ccache, 0, 0, entity->pwd->pw_dir);
-	}
-    }
-#endif
-#ifdef SIA_KRB4
-    if (k_hasafs()) {
-	char cell[64];
-	k_setpag();
-	if(k_afs_cell_of_file(entity->pwd->pw_dir, cell, sizeof(cell)) == 0)
-	    krb_afslog(cell, 0);
-	krb_afslog_home(0, 0, entity->pwd->pw_dir);
-    }
-#endif
-    return SIADSUCCESS;
-}
-
-int 
-siad_ses_release(SIAENTITY *entity, int pkgind)
-{
-    SIA_DEBUG(("DEBUG", "siad_ses_release"));
-    if(entity->mech[pkgind]){
-#ifdef SIA_KRB5
-	struct state *s = (struct state*)entity->mech[pkgind];
-	krb5_free_context(s->context);
-#endif
-	free(entity->mech[pkgind]);
-    }
-    return SIADSUCCESS;
-}
-
-int 
-siad_ses_suauthent(sia_collect_func_t *collect,
-		   SIAENTITY *entity,
-		   int siastat,
-		   int pkgind)
-{
-    SIA_DEBUG(("DEBUG", "siad_ses_suauth"));
-    if(geteuid() != 0)
-	return SIADFAIL;
-    if(entity->name == NULL)
-	return SIADFAIL;
-    if(entity->name[0] == '\0') {
-	free(entity->name);
-	entity->name = strdup("root");
-	if (entity->name == NULL)
-	    return SIADFAIL;
-    }
-    return common_auth(collect, entity, siastat, pkgind);
-}
-
-int
-siad_ses_reauthent (sia_collect_func_t *collect,
-		    SIAENTITY *entity,
-		    int siastat,
-		    int pkgind)
-{
-    int ret;
-    SIA_DEBUG(("DEBUG", "siad_ses_reauthent"));
-    if(entity == NULL || entity->name == NULL)
-	return SIADFAIL;
-    ret = common_auth(collect, entity, siastat, pkgind);
-    if((ret & SIADSUCCESS)){
-	/* launch isn't (always?) called when doing reauth, so we must
-           duplicate some code here... */
-	struct state *s = (struct state*)entity->mech[pkgind];
-	chown(s->ticket, entity->pwd->pw_uid, entity->pwd->pw_gid);
-#ifdef SIA_KRB5
-	if (k_hasafs()) {
-	    char cell[64];
-	    krb5_ccache ccache;
-	    if(krb5_cc_resolve(s->context, s->ticket, &ccache) == 0) {
-		k_setpag();
-		if(k_afs_cell_of_file(entity->pwd->pw_dir, 
-				      cell, sizeof(cell)) == 0)
-		    krb5_afslog(s->context, ccache, cell, 0);
-		krb5_afslog_home(s->context, ccache, 0, 0, entity->pwd->pw_dir);
-	    }
-	}
-#endif
-#ifdef SIA_KRB4
-	if(k_hasafs()) {
-	    char cell[64];
-	    if(k_afs_cell_of_file(entity->pwd->pw_dir, 
-				  cell, sizeof(cell)) == 0)
-		krb_afslog(cell, 0);
-	    krb_afslog_home(0, 0, entity->pwd->pw_dir);
-	}
-#endif
-    }
-    return ret;
-}
-
-int
-siad_chg_finger (sia_collect_func_t *collect,
-		     const char *username, 
-		     int argc, 
-		     char *argv[])
-{
-    SIA_DEBUG(("DEBUG", "siad_chg_finger"));
-    return SIADFAIL;
-}
-
-#ifdef SIA_KRB5
-int
-siad_chg_password (sia_collect_func_t *collect,
-		     const char *username, 
-		     int argc, 
-		     char *argv[])
-{
-    return SIADFAIL;
-}
-#endif
-
-#ifdef SIA_KRB4
-static void
-sia_message(sia_collect_func_t *collect, int rendition, 
-	    const char *title, const char *message)
-{
-    prompt_t prompt;
-    prompt.prompt = (unsigned char*)message;
-    (*collect)(0, rendition, (unsigned char*)title, 1, &prompt);
-}
-
-static int
-init_change(sia_collect_func_t *collect, krb_principal *princ)
-{
-    prompt_t prompt;
-    char old_pw[MAX_KPW_LEN+1];
-    char *msg;
-    char tktstring[128];
-    int ret;
-    
-    SIA_DEBUG(("DEBUG", "init_change"));
-    prompt.prompt = (unsigned char*)"Old password: ";
-    prompt.result = (unsigned char*)old_pw;
-    prompt.min_result_length = 0;
-    prompt.max_result_length = sizeof(old_pw) - 1;
-    prompt.control_flags = SIARESINVIS;
-    asprintf(&msg, "Changing password for %s", krb_unparse_name(princ));
-    if(msg == NULL){
-	SIA_DEBUG(("DEBUG", "out of memory"));
-	return SIADFAIL;
-    }
-    ret = (*collect)(60, SIAONELINER, (unsigned char*)msg, 1, &prompt);
-    free(msg);
-    SIA_DEBUG(("DEBUG", "ret = %d", ret));
-    if(ret != SIACOLSUCCESS)
-	return SIADFAIL;
-    snprintf(tktstring, sizeof(tktstring), 
-	     "%s_cpw_%u", TKT_ROOT, (unsigned)getpid());
-    krb_set_tkt_string(tktstring);
-    
-    ret = krb_get_pw_in_tkt(princ->name, princ->instance, princ->realm, 
-			    PWSERV_NAME, KADM_SINST, 1, old_pw);
-    if (ret != KSUCCESS) {
-	SIA_DEBUG(("DEBUG", "krb_get_pw_in_tkt: %s", krb_get_err_text(ret)));
-	if (ret == INTK_BADPW)
-	    sia_message(collect, SIAWARNING, "", "Incorrect old password.");
-	else
-	    sia_message(collect, SIAWARNING, "", "Kerberos error.");
-	memset(old_pw, 0, sizeof(old_pw));
-	return SIADFAIL;
-    }
-    if(chown(tktstring, getuid(), -1) < 0){
-	dest_tkt();
-	return SIADFAIL;
-    }
-    memset(old_pw, 0, sizeof(old_pw));
-    return SIADSUCCESS;
-}
-
-int
-siad_chg_password (sia_collect_func_t *collect,
-		   const char *username, 
-		   int argc, 
-		   char *argv[])
-{
-    prompt_t prompts[2];
-    krb_principal princ;
-    int ret;
-    char new_pw1[MAX_KPW_LEN+1];
-    char new_pw2[MAX_KPW_LEN+1];
-    static struct et_list *et_list;
-
-    setprogname(argv[0]);
-
-    SIA_DEBUG(("DEBUG", "siad_chg_password"));
-    if(collect == NULL)
-	return SIADFAIL;
-
-    if(username == NULL)
-	username = getlogin();
-
-    ret = krb_parse_name(username, &princ);
-    if(ret)
-	return SIADFAIL;
-    if(princ.realm[0] == '\0')
-	krb_get_lrealm(princ.realm, 1);
-
-    if(et_list == NULL) {
-	initialize_kadm_error_table_r(&et_list);
-	initialize_krb_error_table_r(&et_list);
-    }
-
-    ret = init_change(collect, &princ);
-    if(ret != SIADSUCCESS)
-	return ret;
-
-again:
-    prompts[0].prompt = (unsigned char*)"New password: ";
-    prompts[0].result = (unsigned char*)new_pw1;
-    prompts[0].min_result_length = MIN_KPW_LEN;
-    prompts[0].max_result_length = sizeof(new_pw1) - 1;
-    prompts[0].control_flags = SIARESINVIS;
-    prompts[1].prompt = (unsigned char*)"Verify new password: ";
-    prompts[1].result = (unsigned char*)new_pw2;
-    prompts[1].min_result_length = MIN_KPW_LEN;
-    prompts[1].max_result_length = sizeof(new_pw2) - 1;
-    prompts[1].control_flags = SIARESINVIS;
-    if((*collect)(120, SIAFORM, (unsigned char*)"", 2, prompts) != 
-       SIACOLSUCCESS) {
-	dest_tkt();
-	return SIADFAIL;
-    }
-    if(strcmp(new_pw1, new_pw2) != 0){
-	sia_message(collect, SIAWARNING, "", "Password mismatch.");
-	goto again;
-    }
-    ret = kadm_check_pw(new_pw1);
-    if(ret) {
-	sia_message(collect, SIAWARNING, "", com_right(et_list, ret));
-	goto again;
-    }
-    
-    memset(new_pw2, 0, sizeof(new_pw2));
-    ret = kadm_init_link (PWSERV_NAME, KRB_MASTER, princ.realm);
-    if (ret != KADM_SUCCESS)
-	sia_message(collect, SIAWARNING, "Error initing kadmin connection", 
-		    com_right(et_list, ret));
-    else {
-	des_cblock newkey;
-	char *pw_msg; /* message from server */
-
-	des_string_to_key(new_pw1, &newkey);
-	ret = kadm_change_pw_plain((unsigned char*)&newkey, new_pw1, &pw_msg);
-	memset(newkey, 0, sizeof(newkey));
-      
-	if (ret == KADM_INSECURE_PW)
-	    sia_message(collect, SIAWARNING, "Insecure password", pw_msg);
-	else if (ret != KADM_SUCCESS)
-	    sia_message(collect, SIAWARNING, "Error changing password", 
-			com_right(et_list, ret));
-    }
-    memset(new_pw1, 0, sizeof(new_pw1));
-
-    if (ret != KADM_SUCCESS)
-	sia_message(collect, SIAWARNING, "", "Password NOT changed.");
-    else
-	sia_message(collect, SIAINFO, "", "Password changed.");
-    
-    dest_tkt();
-    if(ret)
-	return SIADFAIL;
-    return SIADSUCCESS;
-}
-#endif
-
-int
-siad_chg_shell (sia_collect_func_t *collect,
-		     const char *username, 
-		     int argc, 
-		     char *argv[])
-{
-    return SIADFAIL;
-}
-
-int
-siad_getpwent(struct passwd *result, 
-	      char *buf, 
-	      int bufsize, 
-	      struct sia_context *context)
-{
-    return SIADFAIL;
-}
-
-int
-siad_getpwuid (uid_t uid, 
-	       struct passwd *result, 
-	       char *buf, 
-	       int bufsize, 
-	       struct sia_context *context)
-{
-    return SIADFAIL;
-}
-
-int
-siad_getpwnam (const char *name, 
-	       struct passwd *result, 
-	       char *buf, 
-	       int bufsize, 
-	       struct sia_context *context)
-{
-    return SIADFAIL;
-}
-
-int
-siad_setpwent (struct sia_context *context)
-{
-    return SIADFAIL;
-}
-
-int
-siad_endpwent (struct sia_context *context)
-{
-    return SIADFAIL;
-}
-
-int
-siad_getgrent(struct group *result, 
-	      char *buf, 
-	      int bufsize, 
-	      struct sia_context *context)
-{
-    return SIADFAIL;
-}
-
-int
-siad_getgrgid (gid_t gid, 
-	       struct group *result, 
-	       char *buf, 
-	       int bufsize, 
-	       struct sia_context *context)
-{
-    return SIADFAIL;
-}
-
-int
-siad_getgrnam (const char *name, 
-	       struct group *result, 
-	       char *buf, 
-	       int bufsize, 
-	       struct sia_context *context)
-{
-    return SIADFAIL;
-}
-
-int
-siad_setgrent (struct sia_context *context)
-{
-    return SIADFAIL;
-}
-
-int
-siad_endgrent (struct sia_context *context)
-{
-    return SIADFAIL;
-}
-
-int
-siad_chk_user (const char *logname, int checkflag)
-{
-    if(checkflag != CHGPASSWD)
-	return SIADFAIL;
-    return SIADSUCCESS;
-}
diff --git a/crypto/heimdal/lib/auth/sia/sia_locl.h b/crypto/heimdal/lib/auth/sia/sia_locl.h
deleted file mode 100644
index 81e84395792c..000000000000
--- a/crypto/heimdal/lib/auth/sia/sia_locl.h
+++ /dev/null
@@ -1,93 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-/* $Id: sia_locl.h 10688 2001-09-13 01:15:34Z assar $ */
-
-#ifndef __sia_locl_h__
-#define __sia_locl_h__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <ctype.h>
-#include <stdio.h>
-#include <string.h>
-#include <siad.h>
-#include <pwd.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <roken.h>
-
-#ifdef KRB5
-#define SIA_KRB5
-#elif defined(KRB4)
-#define SIA_KRB4
-#endif
-
-#ifdef SIA_KRB5
-#include <krb5.h>
-#include <com_err.h>
-#endif
-#ifdef SIA_KRB4
-#include <krb.h>
-#include <krb_err.h>
-#include <kadm.h>
-#include <kadm_err.h>
-#endif
-#ifdef KRB4
-#include <kafs.h>
-#endif
-
-#ifndef POSIX_GETPWNAM_R
-
-#define getpwnam_r posix_getpwnam_r
-#define getpwuid_r posix_getpwuid_r
-
-#endif /* POSIX_GETPWNAM_R */
-
-#ifndef DEBUG
-#define SIA_DEBUG(X)
-#else
-#define SIA_DEBUG(X) SIALOG X
-#endif
-
-struct state{
-#ifdef SIA_KRB5
-    krb5_context context;
-    krb5_auth_context auth_context;
-#endif
-    char ticket[MaxPathLen];
-    int valid;
-};
-
-#endif /* __sia_locl_h__ */
diff --git a/crypto/heimdal/lib/com_err/ChangeLog b/crypto/heimdal/lib/com_err/ChangeLog
deleted file mode 100644
index dbeb8fb6bedd..000000000000
--- a/crypto/heimdal/lib/com_err/ChangeLog
+++ /dev/null
@@ -1,235 +0,0 @@
-2007-07-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: split source files in dist and nodist.
-
-2007-07-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Only do roken rename for the library.
-
-2007-07-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: use version script.
-	
-	* version-script.map: use version script.
-
-2007-07-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: New library version.
-	
-2006-10-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am (compile_et_SOURCES): add lex.h
-	
-2005-12-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* com_err.3: Document the _r functions.
-	
-2005-07-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* com_err.h: Include <stdarg.h> for va_list to help AIX 5.2.
-	
-2005-06-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* parse.y: rename base to base_id since flex defines a function
-	with the argument base
-
-	* compile_et.h: rename base to base_id since flex defines a
-	function with the argument base
-
-	* compile_et.c: rename base to base_id since flex defines a
-	function with the argument base
-
-	* parse.y (name2number): rename base to num to avoid shadowing
-	
-	* compile_et.c: rename optind to optidx
-	
-2005-05-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* parse.y: check allocation errors
-
-	* lex.l: check allocation errors correctly
-	
-	* compile_et.h: include <err.h>
-	
-	* (main): compile_et.c: use strlcpy
-	
-2005-04-29  Dave Love  <fx@gnu.org>
-
-	* Makefile.am (LDADD): Add libcom_err.la
-
-2005-04-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* include strlcpy and *printf and use them
-
-2005-02-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* com_right.h: de-__P
-
-	* com_err.h: de-__P
-
-2002-08-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* compile_et.c: don't add comma after last enum member
-
-2002-08-12  Johan Danielsson  <joda@pdc.kth.se>
-
-	* compile_et.c: just declare er_list directly instead of including
-	com_right in generated header files
-
-2002-03-11  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libcom_err_la_LDFLAGS): set version to 2:1:1
-
-2002-03-10  Assar Westerlund  <assar@sics.se>
-
-	* com_err.c (error_message): do not call strerror with a negative error
-
-2001-05-17  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump version to 2:0:1
-
-2001-05-11  Assar Westerlund  <assar@sics.se>
-
-	* com_err.h (add_to_error_table): add prototype
-	* com_err.c (add_to_error_table): new function, from Derrick J
-	Brashear <shadow@dementia.org>
-
-2001-05-06  Assar Westerlund  <assar@sics.se>
-
-	* com_err.h: add printf formats for gcc
-
-2001-02-28  Johan Danielsson  <joda@pdc.kth.se>
-
-	* error.c (initialize_error_table_r): put table at end of the list
-
-2001-02-15  Assar Westerlund  <assar@sics.se>
-
-	* com_err.c (default_proc): add printf attributes
-
-2000-08-16  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump version to 1:1:0
-
-2000-07-31  Assar Westerlund  <assar@sics.se>
-
-	* com_right.h (initialize_error_table_r): fix prototype
-
-2000-04-05  Assar Westerlund  <assar@sics.se>
-
-	* com_err.c (_et_lit): explicitly initialize it to NULL to make
-	dyld on Darwin/MacOS X happy
-
-2000-01-16  Assar Westerlund  <assar@sics.se>
-
-	* com_err.h: remove __P definition (now in com_right.h).  this
-	file always includes com_right.h so that's where it should reside.
-	* com_right.h: moved __P here and added it to the function
-	prototypes
-	* com_err.h (error_table_name): add __P
-
-1999-07-03  Assar Westerlund  <assar@sics.se>
-
-	* parse.y (statement): use asprintf
-
-1999-06-13  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in: make it solaris make vpath-safe
-
-Thu Apr  1 11:13:53 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* compile_et.c: use getargs
-
-Sat Mar 20 00:16:30 1999  Assar Westerlund  <assar@sics.se>
-
-	* compile_et.c: static-ize
-
-Thu Mar 18 11:22:13 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: include Makefile.am.common
-
-Tue Mar 16 22:30:05 1999  Assar Westerlund  <assar@sics.se>
-
-	* parse.y: use YYACCEPT instead of return
-
-Sat Mar 13 22:22:56 1999  Assar Westerlund  <assar@sics.se>
-
-	* compile_et.c (generate_h): cast when calling is* to get rid of a
- 	warning
-
-Thu Mar 11 15:00:51 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* parse.y: prototype for error_message
-
-Sun Nov 22 10:39:02 1998  Assar Westerlund  <assar@sics.se>
-
-	* compile_et.h: include ctype and roken
-
-	* compile_et.c: include err.h
-	(generate_h): remove unused variable
-
-	* Makefile.in (WFLAGS): set
-
-Fri Nov 20 06:58:59 1998  Assar Westerlund  <assar@sics.se>
-
-	* lex.l: undef ECHO to work around AIX lex bug
-
-Sun Sep 27 02:23:59 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* com_err.c (error_message): try to pass code to strerror, to see
- 	if it might be an errno code (this if broken, but some MIT code
- 	seems to expect this behaviour)
-
-Sat Sep 26 17:42:39 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* compile_et.c: <foo_err.h> -> "foo_err.h"
-
-Tue Jun 30 17:17:36 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in: add str{cpy,cat}_truncate
-
-Mon May 25 05:24:39 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (clean): try to remove shared library debris
-
-Sun Apr 19 09:50:17 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in: add symlink magic for linux
-
-Sun Apr  5 09:22:11 1998  Assar Westerlund  <assar@sics.se>
-
-	* parse.y: define alloca to malloc in case we're using bison but
- 	don't have alloca
-
-Tue Mar 24 05:13:01 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in: link with snprintf (From Derrick J Brashear
- 	<shadow@dementia.org>)
-
-Fri Feb 27 05:01:42 1998  Assar Westerlund  <assar@sics.se>
-
-	* parse.y: initialize ec->next
-
-Thu Feb 26 02:22:25 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: @LEXLIB@
-
-Sat Feb 21 15:18:54 1998  assar westerlund  <assar@sics.se>
-
-	* Makefile.in: set YACC and LEX
-
-Tue Feb 17 22:20:27 1998  Bjoern Groenvall  <bg@sics.se>
-
-	* com_right.h: Change typedefs so that one may mix MIT compile_et
- 	generated code with krb4 dito.
-
-Tue Feb 17 16:30:55 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* compile_et.c (generate): Always return a value.
-
-	* parse.y: Files don't have to end with `end'.
-
-Mon Feb 16 16:09:20 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lex.l (getstring): Replace getc() with input().
-
-	* Makefile.am: Fixes for new compile_et.
diff --git a/crypto/heimdal/lib/com_err/Makefile.am b/crypto/heimdal/lib/com_err/Makefile.am
deleted file mode 100644
index 64d497656fec..000000000000
--- a/crypto/heimdal/lib/com_err/Makefile.am
+++ /dev/null
@@ -1,39 +0,0 @@
-# $Id: Makefile.am 21619 2007-07-17 07:34:00Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-YFLAGS = -d
-
-lib_LTLIBRARIES = libcom_err.la
-libcom_err_la_LDFLAGS = -version-info 2:3:1
-
-if versionscript
-libcom_err_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
-endif
-
-bin_PROGRAMS = compile_et
-
-include_HEADERS = com_err.h com_right.h
-
-compile_et_SOURCES = compile_et.c compile_et.h parse.y lex.l lex.h
-
-libcom_err_la_CPPFLAGS = $(ROKEN_RENAME)
-dist_libcom_err_la_SOURCES = error.c com_err.c roken_rename.h
-
-if do_roken_rename
-nodist_libcom_err_la_SOURCES = snprintf.c strlcpy.c
-endif
-
-$(compile_et_OBJECTS): parse.h parse.c ## XXX broken automake 1.4s
-
-compile_et_LDADD = \
-	libcom_err.la \
-	$(LIB_roken) \
-	$(LEXLIB)
-
-snprintf.c:
-	$(LN_S) $(srcdir)/../roken/snprintf.c .
-strlcpy.c:
-	$(LN_S) $(srcdir)/../roken/strlcpy.c .
-
-EXTRA_DIST = version-script.map
diff --git a/crypto/heimdal/lib/com_err/Makefile.in b/crypto/heimdal/lib/com_err/Makefile.in
deleted file mode 100644
index 2581001abd20..000000000000
--- a/crypto/heimdal/lib/com_err/Makefile.in
+++ /dev/null
@@ -1,910 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 21619 2007-07-17 07:34:00Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(include_HEADERS) $(srcdir)/Makefile.am \
-	$(srcdir)/Makefile.in $(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common ChangeLog lex.c parse.c \
-	parse.h
-@versionscript_TRUE@am__append_1 = $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
-bin_PROGRAMS = compile_et$(EXEEXT)
-subdir = lib/com_err
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
-    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
-    *) f=$$p;; \
-  esac;
-am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
-am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" \
-	"$(DESTDIR)$(includedir)"
-libLTLIBRARIES_INSTALL = $(INSTALL)
-LTLIBRARIES = $(lib_LTLIBRARIES)
-libcom_err_la_LIBADD =
-dist_libcom_err_la_OBJECTS = libcom_err_la-error.lo \
-	libcom_err_la-com_err.lo
-@do_roken_rename_TRUE@nodist_libcom_err_la_OBJECTS =  \
-@do_roken_rename_TRUE@	libcom_err_la-snprintf.lo \
-@do_roken_rename_TRUE@	libcom_err_la-strlcpy.lo
-libcom_err_la_OBJECTS = $(dist_libcom_err_la_OBJECTS) \
-	$(nodist_libcom_err_la_OBJECTS)
-libcom_err_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(libcom_err_la_LDFLAGS) $(LDFLAGS) -o $@
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-PROGRAMS = $(bin_PROGRAMS)
-am_compile_et_OBJECTS = compile_et.$(OBJEXT) parse.$(OBJEXT) \
-	lex.$(OBJEXT)
-compile_et_OBJECTS = $(am_compile_et_OBJECTS)
-am__DEPENDENCIES_1 =
-compile_et_DEPENDENCIES = libcom_err.la $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-@MAINTAINER_MODE_FALSE@am__skiplex = test -f $@ ||
-LEXCOMPILE = $(LEX) $(LFLAGS) $(AM_LFLAGS)
-LTLEXCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(LEX) $(LFLAGS) $(AM_LFLAGS)
-YLWRAP = $(top_srcdir)/ylwrap
-@MAINTAINER_MODE_FALSE@am__skipyacc = test -f $@ ||
-YACCCOMPILE = $(YACC) $(YFLAGS) $(AM_YFLAGS)
-LTYACCCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(YACC) $(YFLAGS) $(AM_YFLAGS)
-SOURCES = $(dist_libcom_err_la_SOURCES) \
-	$(nodist_libcom_err_la_SOURCES) $(compile_et_SOURCES)
-DIST_SOURCES = $(dist_libcom_err_la_SOURCES) $(compile_et_SOURCES)
-includeHEADERS_INSTALL = $(INSTALL_HEADER)
-HEADERS = $(include_HEADERS)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = -d
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-lib_LTLIBRARIES = libcom_err.la
-libcom_err_la_LDFLAGS = -version-info 2:3:1 $(am__append_1)
-include_HEADERS = com_err.h com_right.h
-compile_et_SOURCES = compile_et.c compile_et.h parse.y lex.l lex.h
-libcom_err_la_CPPFLAGS = $(ROKEN_RENAME)
-dist_libcom_err_la_SOURCES = error.c com_err.c roken_rename.h
-@do_roken_rename_TRUE@nodist_libcom_err_la_SOURCES = snprintf.c strlcpy.c
-compile_et_LDADD = \
-	libcom_err.la \
-	$(LIB_roken) \
-	$(LEXLIB)
-
-EXTRA_DIST = version-script.map
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .l .lo .o .obj .y
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps lib/com_err/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps lib/com_err/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f=$(am__strip_dir) \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  p=$(am__strip_dir) \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
-	  $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test "$$dir" != "$$p" || dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-libcom_err.la: $(libcom_err_la_OBJECTS) $(libcom_err_la_DEPENDENCIES) 
-	$(libcom_err_la_LINK) -rpath $(libdir) $(libcom_err_la_OBJECTS) $(libcom_err_la_LIBADD) $(LIBS)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(bindir)/$$f"; \
-	done
-
-clean-binPROGRAMS:
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-parse.h: parse.c
-	@if test ! -f $@; then \
-	  rm -f parse.c; \
-	  $(MAKE) $(AM_MAKEFLAGS) parse.c; \
-	else :; fi
-compile_et$(EXEEXT): $(compile_et_OBJECTS) $(compile_et_DEPENDENCIES) 
-	@rm -f compile_et$(EXEEXT)
-	$(LINK) $(compile_et_OBJECTS) $(compile_et_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-libcom_err_la-error.lo: error.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcom_err_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libcom_err_la-error.lo `test -f 'error.c' || echo '$(srcdir)/'`error.c
-
-libcom_err_la-com_err.lo: com_err.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcom_err_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libcom_err_la-com_err.lo `test -f 'com_err.c' || echo '$(srcdir)/'`com_err.c
-
-libcom_err_la-snprintf.lo: snprintf.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcom_err_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libcom_err_la-snprintf.lo `test -f 'snprintf.c' || echo '$(srcdir)/'`snprintf.c
-
-libcom_err_la-strlcpy.lo: strlcpy.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcom_err_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libcom_err_la-strlcpy.lo `test -f 'strlcpy.c' || echo '$(srcdir)/'`strlcpy.c
-
-.l.c:
-	$(am__skiplex) $(SHELL) $(YLWRAP) $< $(LEX_OUTPUT_ROOT).c $@ -- $(LEXCOMPILE)
-
-.y.c:
-	$(am__skipyacc) $(SHELL) $(YLWRAP) $< y.tab.c $@ y.tab.h $*.h y.output $*.output -- $(YACCCOMPILE)
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-includeHEADERS: $(include_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
-	  $(includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-uninstall-includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(HEADERS) all-local
-install-binPROGRAMS: install-libLTLIBRARIES
-
-installdirs:
-	for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" "$(DESTDIR)$(includedir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-	-rm -f lex.c
-	-rm -f parse.c
-	-rm -f parse.h
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libLTLIBRARIES \
-	clean-libtool mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-includeHEADERS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am: install-binPROGRAMS install-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-binPROGRAMS uninstall-includeHEADERS \
-	uninstall-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
-	clean clean-binPROGRAMS clean-generic clean-libLTLIBRARIES \
-	clean-libtool ctags dist-hook distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-binPROGRAMS install-data install-data-am \
-	install-data-hook install-dvi install-dvi-am install-exec \
-	install-exec-am install-exec-hook install-html install-html-am \
-	install-includeHEADERS install-info install-info-am \
-	install-libLTLIBRARIES install-man install-pdf install-pdf-am \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-binPROGRAMS \
-	uninstall-hook uninstall-includeHEADERS \
-	uninstall-libLTLIBRARIES
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-$(compile_et_OBJECTS): parse.h parse.c ## XXX broken automake 1.4s
-
-snprintf.c:
-	$(LN_S) $(srcdir)/../roken/snprintf.c .
-strlcpy.c:
-	$(LN_S) $(srcdir)/../roken/strlcpy.c .
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/com_err/com_err.c b/crypto/heimdal/lib/com_err/com_err.c
deleted file mode 100644
index faf4294cdd8f..000000000000
--- a/crypto/heimdal/lib/com_err/com_err.c
+++ /dev/null
@@ -1,172 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: com_err.c 14930 2005-04-24 19:43:06Z lha $");
-#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <roken.h>
-#include "com_err.h"
-
-struct et_list *_et_list = NULL;
-
-
-const char *
-error_message (long code)
-{
-    static char msg[128];
-    const char *p = com_right(_et_list, code);
-    if (p == NULL) {
-	if (code < 0)
-	    snprintf(msg, sizeof(msg), "Unknown error %ld", code);
-	else
-	    p = strerror(code);
-    }
-    if (p != NULL && *p != '\0') {
-	strlcpy(msg, p, sizeof(msg));
-    } else 
-	snprintf(msg, sizeof(msg), "Unknown error %ld", code);
-    return msg;
-}
-
-int
-init_error_table(const char **msgs, long base, int count)
-{
-    initialize_error_table_r(&_et_list, msgs, count, base);
-    return 0;
-}
-
-static void
-default_proc (const char *whoami, long code, const char *fmt, va_list args)
-    __attribute__((__format__(__printf__, 3, 0)));
- 
-static void
-default_proc (const char *whoami, long code, const char *fmt, va_list args)
-{
-    if (whoami)
-      fprintf(stderr, "%s: ", whoami);
-    if (code)
-      fprintf(stderr, "%s ", error_message(code));
-    if (fmt)
-      vfprintf(stderr, fmt, args);
-    fprintf(stderr, "\r\n");	/* ??? */
-}
-
-static errf com_err_hook = default_proc;
-
-void 
-com_err_va (const char *whoami, 
-	    long code, 
-	    const char *fmt, 
-	    va_list args)
-{
-    (*com_err_hook) (whoami, code, fmt, args);
-}
-
-void
-com_err (const char *whoami,
-	 long code,
-	 const char *fmt, 
-	 ...)
-{
-    va_list ap;
-    va_start(ap, fmt);
-    com_err_va (whoami, code, fmt, ap);
-    va_end(ap);
-}
-
-errf
-set_com_err_hook (errf new)
-{
-    errf old = com_err_hook;
-
-    if (new)
-	com_err_hook = new;
-    else
-	com_err_hook = default_proc;
-    
-    return old;
-}
-
-errf
-reset_com_err_hook (void) 
-{
-    return set_com_err_hook(NULL);
-}
-
-#define ERRCODE_RANGE   8       /* # of bits to shift table number */
-#define BITS_PER_CHAR   6       /* # bits to shift per character in name */
-
-static const char char_set[] =
-        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_";
-
-static char buf[6];
-
-const char *
-error_table_name(int num)
-{
-    int ch;
-    int i;
-    char *p;
-
-    /* num = aa aaa abb bbb bcc ccc cdd ddd d?? ??? ??? */
-    p = buf;
-    num >>= ERRCODE_RANGE;
-    /* num = ?? ??? ??? aaa aaa bbb bbb ccc ccc ddd ddd */
-    num &= 077777777;
-    /* num = 00 000 000 aaa aaa bbb bbb ccc ccc ddd ddd */
-    for (i = 4; i >= 0; i--) {
-        ch = (num >> BITS_PER_CHAR * i) & ((1 << BITS_PER_CHAR) - 1);
-        if (ch != 0)
-            *p++ = char_set[ch-1];
-    }
-    *p = '\0';
-    return(buf);
-}
-
-void
-add_to_error_table(struct et_list *new_table)
-{
-    struct et_list *et;
-
-    for (et = _et_list; et; et = et->next) {
-	if (et->table->base == new_table->table->base)
-	    return;
-    }
-
-    new_table->next = _et_list;
-    _et_list = new_table;
-}
diff --git a/crypto/heimdal/lib/com_err/com_err.h b/crypto/heimdal/lib/com_err/com_err.h
deleted file mode 100644
index bdd764f7e982..000000000000
--- a/crypto/heimdal/lib/com_err/com_err.h
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: com_err.h 15566 2005-07-07 14:58:07Z lha $ */
-
-/* MIT compatible com_err library */
-
-#ifndef __COM_ERR_H__
-#define __COM_ERR_H__
-
-#include <com_right.h>
-#include <stdarg.h>
-
-#if !defined(__GNUC__) && !defined(__attribute__)
-#define __attribute__(X)
-#endif
-
-typedef void (*errf) (const char *, long, const char *, va_list);
-
-const char * error_message (long);
-int init_error_table (const char**, long, int);
-
-void com_err_va (const char *, long, const char *, va_list)
-    __attribute__((format(printf, 3, 0)));
-
-void com_err (const char *, long, const char *, ...)
-    __attribute__((format(printf, 3, 4)));
-
-errf set_com_err_hook (errf);
-errf reset_com_err_hook (void);
-
-const char *error_table_name  (int num);
-
-void add_to_error_table (struct et_list *new_table);
-
-#endif /* __COM_ERR_H__ */
diff --git a/crypto/heimdal/lib/com_err/com_right.h b/crypto/heimdal/lib/com_err/com_right.h
deleted file mode 100644
index 4d929da866b3..000000000000
--- a/crypto/heimdal/lib/com_err/com_right.h
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: com_right.h 14551 2005-02-03 08:45:13Z lha $ */
-
-#ifndef __COM_RIGHT_H__
-#define __COM_RIGHT_H__
-
-#ifdef __STDC__
-#include <stdarg.h>
-#endif
-
-struct error_table {
-    char const * const * msgs;
-    long base;
-    int n_msgs;
-};
-struct et_list {
-    struct et_list *next;
-    struct error_table *table;
-};
-extern struct et_list *_et_list;
-
-const char *com_right (struct et_list *list, long code);
-void initialize_error_table_r (struct et_list **, const char **, int, long);
-void free_error_table (struct et_list *);
-
-#endif /* __COM_RIGHT_H__ */
diff --git a/crypto/heimdal/lib/com_err/compile_et.c b/crypto/heimdal/lib/com_err/compile_et.c
deleted file mode 100644
index 105765482265..000000000000
--- a/crypto/heimdal/lib/com_err/compile_et.c
+++ /dev/null
@@ -1,236 +0,0 @@
-/*
- * Copyright (c) 1998-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#undef ROKEN_RENAME
-#include "compile_et.h"
-#include <getarg.h>
-
-RCSID("$Id: compile_et.c 15426 2005-06-16 19:21:42Z lha $");
-
-#include <roken.h>
-#include <err.h>
-#include "parse.h"
-
-int numerror;
-extern FILE *yyin;
-
-extern void yyparse(void);
-
-long base_id;
-int number;
-char *prefix;
-char *id_str;
-
-char name[128];
-char Basename[128];
-
-#ifdef YYDEBUG
-extern int yydebug = 1;
-#endif
-
-char *filename;
-char hfn[128];
-char cfn[128];
-
-struct error_code *codes = NULL;
-
-static int
-generate_c(void)
-{
-    int n;
-    struct error_code *ec;
-
-    FILE *c_file = fopen(cfn, "w");
-    if(c_file == NULL)
-	return 1;
-
-    fprintf(c_file, "/* Generated from %s */\n", filename);
-    if(id_str) 
-	fprintf(c_file, "/* %s */\n", id_str);
-    fprintf(c_file, "\n");
-    fprintf(c_file, "#include <stddef.h>\n");
-    fprintf(c_file, "#include <com_err.h>\n");
-    fprintf(c_file, "#include \"%s\"\n", hfn);
-    fprintf(c_file, "\n");
-
-    fprintf(c_file, "static const char *%s_error_strings[] = {\n", name);
-
-    for(ec = codes, n = 0; ec; ec = ec->next, n++) {
-	while(n < ec->number) {
-	    fprintf(c_file, "\t/* %03d */ \"Reserved %s error (%d)\",\n",
-		    n, name, n);
-	    n++;
-	    
-	}
-	fprintf(c_file, "\t/* %03d */ \"%s\",\n", ec->number, ec->string);
-    }
-
-    fprintf(c_file, "\tNULL\n");
-    fprintf(c_file, "};\n");
-    fprintf(c_file, "\n");
-    fprintf(c_file, "#define num_errors %d\n", number);
-    fprintf(c_file, "\n");
-    fprintf(c_file, 
-	    "void initialize_%s_error_table_r(struct et_list **list)\n", 
-	    name);
-    fprintf(c_file, "{\n");
-    fprintf(c_file, 
-	    "    initialize_error_table_r(list, %s_error_strings, "
-	    "num_errors, ERROR_TABLE_BASE_%s);\n", name, name);
-    fprintf(c_file, "}\n");
-    fprintf(c_file, "\n");
-    fprintf(c_file, "void initialize_%s_error_table(void)\n", name);
-    fprintf(c_file, "{\n");
-    fprintf(c_file,
-	    "    init_error_table(%s_error_strings, ERROR_TABLE_BASE_%s, "
-	    "num_errors);\n", name, name);
-    fprintf(c_file, "}\n");
-
-    fclose(c_file);
-    return 0;
-}
-
-static int
-generate_h(void)
-{
-    struct error_code *ec;
-    char fn[128];
-    FILE *h_file = fopen(hfn, "w");
-    char *p;
-
-    if(h_file == NULL)
-	return 1;
-
-    snprintf(fn, sizeof(fn), "__%s__", hfn);
-    for(p = fn; *p; p++)
-	if(!isalnum((unsigned char)*p))
-	    *p = '_';
-    
-    fprintf(h_file, "/* Generated from %s */\n", filename);
-    if(id_str) 
-	fprintf(h_file, "/* %s */\n", id_str);
-    fprintf(h_file, "\n");
-    fprintf(h_file, "#ifndef %s\n", fn);
-    fprintf(h_file, "#define %s\n", fn);
-    fprintf(h_file, "\n");
-    fprintf(h_file, "struct et_list;\n");
-    fprintf(h_file, "\n");
-    fprintf(h_file, 
-	    "void initialize_%s_error_table_r(struct et_list **);\n",
-	    name);
-    fprintf(h_file, "\n");
-    fprintf(h_file, "void initialize_%s_error_table(void);\n", name);
-    fprintf(h_file, "#define init_%s_err_tbl initialize_%s_error_table\n", 
-	    name, name);
-    fprintf(h_file, "\n");
-    fprintf(h_file, "typedef enum %s_error_number{\n", name);
-
-    for(ec = codes; ec; ec = ec->next) {
-	fprintf(h_file, "\t%s = %ld%s\n", ec->name, base_id + ec->number, 
-		(ec->next != NULL) ? "," : "");
-    }
-
-    fprintf(h_file, "} %s_error_number;\n", name);
-    fprintf(h_file, "\n");
-    fprintf(h_file, "#define ERROR_TABLE_BASE_%s %ld\n", name, base_id);
-    fprintf(h_file, "\n");
-    fprintf(h_file, "#endif /* %s */\n", fn);
-
-
-    fclose(h_file);
-    return 0;
-}
-
-static int
-generate(void)
-{
-    return generate_c() || generate_h();
-}
-
-int version_flag;
-int help_flag;
-struct getargs args[] = {
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 0, arg_flag, &help_flag }
-};
-int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(int code)
-{
-    arg_printusage(args, num_args, NULL, "error-table");
-    exit(code);
-}
-
-int
-main(int argc, char **argv)
-{
-    char *p;
-    int optidx = 0;
-
-    setprogname(argv[0]);
-    if(getarg(args, num_args, argc, argv, &optidx))
-	usage(1);
-    if(help_flag)
-	usage(0);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    if(optidx == argc) 
-	usage(1);
-    filename = argv[optidx];
-    yyin = fopen(filename, "r");
-    if(yyin == NULL)
-	err(1, "%s", filename);
-	
-    
-    p = strrchr(filename, '/');
-    if(p)
-	p++;
-    else
-	p = filename;
-    strlcpy(Basename, p, sizeof(Basename));
-    
-    Basename[strcspn(Basename, ".")] = '\0';
-    
-    snprintf(hfn, sizeof(hfn), "%s.h", Basename);
-    snprintf(cfn, sizeof(cfn), "%s.c", Basename);
-    
-    yyparse();
-    if(numerror)
-	return 1;
-
-    return generate();
-}
diff --git a/crypto/heimdal/lib/com_err/compile_et.h b/crypto/heimdal/lib/com_err/compile_et.h
deleted file mode 100644
index 1c7de5a08b69..000000000000
--- a/crypto/heimdal/lib/com_err/compile_et.h
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Copyright (c) 1998 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: compile_et.h 15426 2005-06-16 19:21:42Z lha $ */
-
-#ifndef __COMPILE_ET_H__
-#define __COMPILE_ET_H__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <err.h>
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <stdarg.h>
-#include <ctype.h>
-#include <roken.h>
-
-extern long base_id;
-extern int number;
-extern char *prefix;
-extern char name[128];
-extern char *id_str;
-extern char *filename;
-extern int numerror;
-
-struct error_code {
-    unsigned number;
-    char *name;
-    char *string;
-    struct error_code *next, **tail;
-};
-
-extern struct error_code *codes;
-
-#define APPEND(L, V) 				\
-do {						\
-    if((L) == NULL) {				\
-	(L) = (V);				\
-	(L)->tail = &(V)->next;			\
-	(L)->next = NULL;			\
-    }else{					\
-	*(L)->tail = (V);			\
-	(L)->tail = &(V)->next;			\
-    }						\
-}while(0)
-
-#endif /* __COMPILE_ET_H__ */
diff --git a/crypto/heimdal/lib/com_err/error.c b/crypto/heimdal/lib/com_err/error.c
deleted file mode 100644
index 051078025c56..000000000000
--- a/crypto/heimdal/lib/com_err/error.c
+++ /dev/null
@@ -1,91 +0,0 @@
-/*
- * Copyright (c) 1997, 1998, 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: error.c 9724 2001-02-28 20:00:13Z joda $");
-#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <com_right.h>
-
-const char *
-com_right(struct et_list *list, long code)
-{
-    struct et_list *p;
-    for (p = list; p; p = p->next) {
-	if (code >= p->table->base && code < p->table->base + p->table->n_msgs)
-	    return p->table->msgs[code - p->table->base];
-    }
-    return NULL;
-}
-
-struct foobar {
-    struct et_list etl;
-    struct error_table et;
-};
-
-void
-initialize_error_table_r(struct et_list **list, 
-			 const char **messages, 
-			 int num_errors,
-			 long base)
-{
-    struct et_list *et, **end;
-    struct foobar *f;
-    for (end = list, et = *list; et; end = &et->next, et = et->next)
-        if (et->table->msgs == messages)
-            return;
-    f = malloc(sizeof(*f));
-    if (f == NULL)
-        return;
-    et = &f->etl;
-    et->table = &f->et;
-    et->table->msgs = messages;
-    et->table->n_msgs = num_errors;
-    et->table->base = base;
-    et->next = NULL;
-    *end = et;
-}
-			
-
-void
-free_error_table(struct et_list *et)
-{
-    while(et){
-	struct et_list *p = et;
-	et = et->next;
-	free(p);
-    }
-}
diff --git a/crypto/heimdal/lib/com_err/lex.c b/crypto/heimdal/lib/com_err/lex.c
deleted file mode 100644
index 8f756d39c998..000000000000
--- a/crypto/heimdal/lib/com_err/lex.c
+++ /dev/null
@@ -1,1896 +0,0 @@
-
-#line 3 "lex.c"
-
-#define  YY_INT_ALIGNED short int
-
-/* A lexical scanner generated by flex */
-
-#define FLEX_SCANNER
-#define YY_FLEX_MAJOR_VERSION 2
-#define YY_FLEX_MINOR_VERSION 5
-#define YY_FLEX_SUBMINOR_VERSION 33
-#if YY_FLEX_SUBMINOR_VERSION > 0
-#define FLEX_BETA
-#endif
-
-/* First, we deal with  platform-specific or compiler-specific issues. */
-
-/* begin standard C headers. */
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-#include <stdlib.h>
-
-/* end standard C headers. */
-
-/* flex integer type definitions */
-
-#ifndef FLEXINT_H
-#define FLEXINT_H
-
-/* C99 systems have <inttypes.h>. Non-C99 systems may or may not. */
-
-#if __STDC_VERSION__ >= 199901L
-
-/* C99 says to define __STDC_LIMIT_MACROS before including stdint.h,
- * if you want the limit (max/min) macros for int types. 
- */
-#ifndef __STDC_LIMIT_MACROS
-#define __STDC_LIMIT_MACROS 1
-#endif
-
-#include <inttypes.h>
-typedef int8_t flex_int8_t;
-typedef uint8_t flex_uint8_t;
-typedef int16_t flex_int16_t;
-typedef uint16_t flex_uint16_t;
-typedef int32_t flex_int32_t;
-typedef uint32_t flex_uint32_t;
-#else
-typedef signed char flex_int8_t;
-typedef short int flex_int16_t;
-typedef int flex_int32_t;
-typedef unsigned char flex_uint8_t; 
-typedef unsigned short int flex_uint16_t;
-typedef unsigned int flex_uint32_t;
-#endif /* ! C99 */
-
-/* Limits of integral types. */
-#ifndef INT8_MIN
-#define INT8_MIN               (-128)
-#endif
-#ifndef INT16_MIN
-#define INT16_MIN              (-32767-1)
-#endif
-#ifndef INT32_MIN
-#define INT32_MIN              (-2147483647-1)
-#endif
-#ifndef INT8_MAX
-#define INT8_MAX               (127)
-#endif
-#ifndef INT16_MAX
-#define INT16_MAX              (32767)
-#endif
-#ifndef INT32_MAX
-#define INT32_MAX              (2147483647)
-#endif
-#ifndef UINT8_MAX
-#define UINT8_MAX              (255U)
-#endif
-#ifndef UINT16_MAX
-#define UINT16_MAX             (65535U)
-#endif
-#ifndef UINT32_MAX
-#define UINT32_MAX             (4294967295U)
-#endif
-
-#endif /* ! FLEXINT_H */
-
-#ifdef __cplusplus
-
-/* The "const" storage-class-modifier is valid. */
-#define YY_USE_CONST
-
-#else	/* ! __cplusplus */
-
-#if __STDC__
-
-#define YY_USE_CONST
-
-#endif	/* __STDC__ */
-#endif	/* ! __cplusplus */
-
-#ifdef YY_USE_CONST
-#define yyconst const
-#else
-#define yyconst
-#endif
-
-/* Returned upon end-of-file. */
-#define YY_NULL 0
-
-/* Promotes a possibly negative, possibly signed char to an unsigned
- * integer for use as an array index.  If the signed char is negative,
- * we want to instead treat it as an 8-bit unsigned char, hence the
- * double cast.
- */
-#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c)
-
-/* Enter a start condition.  This macro really ought to take a parameter,
- * but we do it the disgusting crufty way forced on us by the ()-less
- * definition of BEGIN.
- */
-#define BEGIN (yy_start) = 1 + 2 *
-
-/* Translate the current start state into a value that can be later handed
- * to BEGIN to return to the state.  The YYSTATE alias is for lex
- * compatibility.
- */
-#define YY_START (((yy_start) - 1) / 2)
-#define YYSTATE YY_START
-
-/* Action number for EOF rule of a given start state. */
-#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1)
-
-/* Special action meaning "start processing a new file". */
-#define YY_NEW_FILE yyrestart(yyin  )
-
-#define YY_END_OF_BUFFER_CHAR 0
-
-/* Size of default input buffer. */
-#ifndef YY_BUF_SIZE
-#define YY_BUF_SIZE 16384
-#endif
-
-/* The state buf must be large enough to hold one state per character in the main buffer.
- */
-#define YY_STATE_BUF_SIZE   ((YY_BUF_SIZE + 2) * sizeof(yy_state_type))
-
-#ifndef YY_TYPEDEF_YY_BUFFER_STATE
-#define YY_TYPEDEF_YY_BUFFER_STATE
-typedef struct yy_buffer_state *YY_BUFFER_STATE;
-#endif
-
-extern int yyleng;
-
-extern FILE *yyin, *yyout;
-
-#define EOB_ACT_CONTINUE_SCAN 0
-#define EOB_ACT_END_OF_FILE 1
-#define EOB_ACT_LAST_MATCH 2
-
-    #define YY_LESS_LINENO(n)
-    
-/* Return all but the first "n" matched characters back to the input stream. */
-#define yyless(n) \
-	do \
-		{ \
-		/* Undo effects of setting up yytext. */ \
-        int yyless_macro_arg = (n); \
-        YY_LESS_LINENO(yyless_macro_arg);\
-		*yy_cp = (yy_hold_char); \
-		YY_RESTORE_YY_MORE_OFFSET \
-		(yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \
-		YY_DO_BEFORE_ACTION; /* set up yytext again */ \
-		} \
-	while ( 0 )
-
-#define unput(c) yyunput( c, (yytext_ptr)  )
-
-/* The following is because we cannot portably get our hands on size_t
- * (without autoconf's help, which isn't available because we want
- * flex-generated scanners to compile on their own).
- */
-
-#ifndef YY_TYPEDEF_YY_SIZE_T
-#define YY_TYPEDEF_YY_SIZE_T
-typedef unsigned int yy_size_t;
-#endif
-
-#ifndef YY_STRUCT_YY_BUFFER_STATE
-#define YY_STRUCT_YY_BUFFER_STATE
-struct yy_buffer_state
-	{
-	FILE *yy_input_file;
-
-	char *yy_ch_buf;		/* input buffer */
-	char *yy_buf_pos;		/* current position in input buffer */
-
-	/* Size of input buffer in bytes, not including room for EOB
-	 * characters.
-	 */
-	yy_size_t yy_buf_size;
-
-	/* Number of characters read into yy_ch_buf, not including EOB
-	 * characters.
-	 */
-	int yy_n_chars;
-
-	/* Whether we "own" the buffer - i.e., we know we created it,
-	 * and can realloc() it to grow it, and should free() it to
-	 * delete it.
-	 */
-	int yy_is_our_buffer;
-
-	/* Whether this is an "interactive" input source; if so, and
-	 * if we're using stdio for input, then we want to use getc()
-	 * instead of fread(), to make sure we stop fetching input after
-	 * each newline.
-	 */
-	int yy_is_interactive;
-
-	/* Whether we're considered to be at the beginning of a line.
-	 * If so, '^' rules will be active on the next match, otherwise
-	 * not.
-	 */
-	int yy_at_bol;
-
-    int yy_bs_lineno; /**< The line count. */
-    int yy_bs_column; /**< The column count. */
-    
-	/* Whether to try to fill the input buffer when we reach the
-	 * end of it.
-	 */
-	int yy_fill_buffer;
-
-	int yy_buffer_status;
-
-#define YY_BUFFER_NEW 0
-#define YY_BUFFER_NORMAL 1
-	/* When an EOF's been seen but there's still some text to process
-	 * then we mark the buffer as YY_EOF_PENDING, to indicate that we
-	 * shouldn't try reading from the input source any more.  We might
-	 * still have a bunch of tokens to match, though, because of
-	 * possible backing-up.
-	 *
-	 * When we actually see the EOF, we change the status to "new"
-	 * (via yyrestart()), so that the user can continue scanning by
-	 * just pointing yyin at a new input file.
-	 */
-#define YY_BUFFER_EOF_PENDING 2
-
-	};
-#endif /* !YY_STRUCT_YY_BUFFER_STATE */
-
-/* Stack of input buffers. */
-static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */
-static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */
-static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */
-
-/* We provide macros for accessing buffer states in case in the
- * future we want to put the buffer states in a more general
- * "scanner state".
- *
- * Returns the top of the stack, or NULL.
- */
-#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \
-                          ? (yy_buffer_stack)[(yy_buffer_stack_top)] \
-                          : NULL)
-
-/* Same as previous macro, but useful when we know that the buffer stack is not
- * NULL or when we need an lvalue. For internal use only.
- */
-#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)]
-
-/* yy_hold_char holds the character lost when yytext is formed. */
-static char yy_hold_char;
-static int yy_n_chars;		/* number of characters read into yy_ch_buf */
-int yyleng;
-
-/* Points to current character in buffer. */
-static char *yy_c_buf_p = (char *) 0;
-static int yy_init = 0;		/* whether we need to initialize */
-static int yy_start = 0;	/* start state number */
-
-/* Flag which is used to allow yywrap()'s to do buffer switches
- * instead of setting up a fresh yyin.  A bit of a hack ...
- */
-static int yy_did_buffer_switch_on_eof;
-
-void yyrestart (FILE *input_file  );
-void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer  );
-YY_BUFFER_STATE yy_create_buffer (FILE *file,int size  );
-void yy_delete_buffer (YY_BUFFER_STATE b  );
-void yy_flush_buffer (YY_BUFFER_STATE b  );
-void yypush_buffer_state (YY_BUFFER_STATE new_buffer  );
-void yypop_buffer_state (void );
-
-static void yyensure_buffer_stack (void );
-static void yy_load_buffer_state (void );
-static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file  );
-
-#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER )
-
-YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size  );
-YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str  );
-YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len  );
-
-void *yyalloc (yy_size_t  );
-void *yyrealloc (void *,yy_size_t  );
-void yyfree (void *  );
-
-#define yy_new_buffer yy_create_buffer
-
-#define yy_set_interactive(is_interactive) \
-	{ \
-	if ( ! YY_CURRENT_BUFFER ){ \
-        yyensure_buffer_stack (); \
-		YY_CURRENT_BUFFER_LVALUE =    \
-            yy_create_buffer(yyin,YY_BUF_SIZE ); \
-	} \
-	YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \
-	}
-
-#define yy_set_bol(at_bol) \
-	{ \
-	if ( ! YY_CURRENT_BUFFER ){\
-        yyensure_buffer_stack (); \
-		YY_CURRENT_BUFFER_LVALUE =    \
-            yy_create_buffer(yyin,YY_BUF_SIZE ); \
-	} \
-	YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \
-	}
-
-#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol)
-
-/* Begin user sect3 */
-
-typedef unsigned char YY_CHAR;
-
-FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0;
-
-typedef int yy_state_type;
-
-extern int yylineno;
-
-int yylineno = 1;
-
-extern char *yytext;
-#define yytext_ptr yytext
-
-static yy_state_type yy_get_previous_state (void );
-static yy_state_type yy_try_NUL_trans (yy_state_type current_state  );
-static int yy_get_next_buffer (void );
-static void yy_fatal_error (yyconst char msg[]  );
-
-/* Done after the current pattern has been matched and before the
- * corresponding action - sets up yytext.
- */
-#define YY_DO_BEFORE_ACTION \
-	(yytext_ptr) = yy_bp; \
-	yyleng = (size_t) (yy_cp - yy_bp); \
-	(yy_hold_char) = *yy_cp; \
-	*yy_cp = '\0'; \
-	(yy_c_buf_p) = yy_cp;
-
-#define YY_NUM_RULES 16
-#define YY_END_OF_BUFFER 17
-/* This struct is not used in this scanner,
-   but its presence is necessary. */
-struct yy_trans_info
-	{
-	flex_int32_t yy_verify;
-	flex_int32_t yy_nxt;
-	};
-static yyconst flex_int16_t yy_accept[46] =
-    {   0,
-        0,    0,   17,   15,   11,   12,   13,   10,    9,   14,
-       14,   14,   14,   10,    9,   14,    3,   14,   14,    1,
-        7,   14,   14,    8,   14,   14,   14,   14,   14,   14,
-       14,    6,   14,   14,    5,   14,   14,   14,   14,   14,
-       14,    4,   14,    2,    0
-    } ;
-
-static yyconst flex_int32_t yy_ec[256] =
-    {   0,
-        1,    1,    1,    1,    1,    1,    1,    1,    2,    3,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    2,    1,    4,    5,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    6,    6,    6,
-        6,    6,    6,    6,    6,    6,    6,    1,    1,    1,
-        1,    1,    1,    1,    7,    7,    7,    7,    7,    7,
-        7,    7,    7,    7,    7,    7,    7,    7,    7,    7,
-        7,    7,    7,    7,    7,    7,    7,    7,    7,    7,
-        1,    1,    1,    1,    8,    1,    9,   10,   11,   12,
-
-       13,   14,    7,    7,   15,    7,    7,   16,    7,   17,
-       18,   19,    7,   20,    7,   21,    7,    7,    7,   22,
-        7,    7,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1
-    } ;
-
-static yyconst flex_int32_t yy_meta[23] =
-    {   0,
-        1,    1,    2,    1,    1,    3,    3,    3,    3,    3,
-        3,    3,    3,    3,    3,    3,    3,    3,    3,    3,
-        3,    3
-    } ;
-
-static yyconst flex_int16_t yy_base[48] =
-    {   0,
-        0,    0,   56,   57,   57,   57,   57,    0,   49,    0,
-       12,   13,   34,    0,   47,    0,    0,   40,   31,    0,
-        0,   38,   36,    0,   30,   34,   32,   25,   22,   28,
-       34,    0,   19,   13,    0,   22,   30,   26,   26,   18,
-       12,    0,   14,    0,   57,   34,   23
-    } ;
-
-static yyconst flex_int16_t yy_def[48] =
-    {   0,
-       45,    1,   45,   45,   45,   45,   45,   46,   47,   47,
-       47,   47,   47,   46,   47,   47,   47,   47,   47,   47,
-       47,   47,   47,   47,   47,   47,   47,   47,   47,   47,
-       47,   47,   47,   47,   47,   47,   47,   47,   47,   47,
-       47,   47,   47,   47,    0,   45,   45
-    } ;
-
-static yyconst flex_int16_t yy_nxt[80] =
-    {   0,
-        4,    5,    6,    7,    8,    9,   10,   10,   10,   10,
-       10,   10,   11,   10,   12,   10,   10,   10,   13,   10,
-       10,   10,   17,   36,   21,   16,   44,   43,   18,   22,
-       42,   19,   20,   37,   14,   41,   14,   40,   39,   38,
-       35,   34,   33,   32,   31,   30,   29,   28,   27,   26,
-       25,   24,   15,   23,   15,   45,    3,   45,   45,   45,
-       45,   45,   45,   45,   45,   45,   45,   45,   45,   45,
-       45,   45,   45,   45,   45,   45,   45,   45,   45
-    } ;
-
-static yyconst flex_int16_t yy_chk[80] =
-    {   0,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,   11,   34,   12,   47,   43,   41,   11,   12,
-       40,   11,   11,   34,   46,   39,   46,   38,   37,   36,
-       33,   31,   30,   29,   28,   27,   26,   25,   23,   22,
-       19,   18,   15,   13,    9,    3,   45,   45,   45,   45,
-       45,   45,   45,   45,   45,   45,   45,   45,   45,   45,
-       45,   45,   45,   45,   45,   45,   45,   45,   45
-    } ;
-
-static yy_state_type yy_last_accepting_state;
-static char *yy_last_accepting_cpos;
-
-extern int yy_flex_debug;
-int yy_flex_debug = 0;
-
-/* The intent behind this definition is that it'll catch
- * any uses of REJECT which flex missed.
- */
-#define REJECT reject_used_but_not_detected
-#define yymore() yymore_used_but_not_detected
-#define YY_MORE_ADJ 0
-#define YY_RESTORE_YY_MORE_OFFSET
-char *yytext;
-#line 1 "lex.l"
-#line 2 "lex.l"
-/*
- * Copyright (c) 1998 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/*
- * This is to handle the definition of this symbol in some AIX
- * headers, which will conflict with the definition that lex will
- * generate for it.  It's only a problem for AIX lex.
- */
-
-#undef ECHO
-
-#include "compile_et.h"
-#include "parse.h"
-#include "lex.h"
-
-RCSID("$Id: lex.l 15143 2005-05-16 08:52:54Z lha $");
-
-static unsigned lineno = 1;
-static int getstring(void);
-
-#define YY_NO_UNPUT
-
-#undef ECHO
-
-#line 536 "lex.c"
-
-#define INITIAL 0
-
-#ifndef YY_NO_UNISTD_H
-/* Special case for "unistd.h", since it is non-ANSI. We include it way
- * down here because we want the user's section 1 to have been scanned first.
- * The user has a chance to override it with an option.
- */
-#include <unistd.h>
-#endif
-
-#ifndef YY_EXTRA_TYPE
-#define YY_EXTRA_TYPE void *
-#endif
-
-static int yy_init_globals (void );
-
-/* Macros after this point can all be overridden by user definitions in
- * section 1.
- */
-
-#ifndef YY_SKIP_YYWRAP
-#ifdef __cplusplus
-extern "C" int yywrap (void );
-#else
-extern int yywrap (void );
-#endif
-#endif
-
-    static void yyunput (int c,char *buf_ptr  );
-    
-#ifndef yytext_ptr
-static void yy_flex_strncpy (char *,yyconst char *,int );
-#endif
-
-#ifdef YY_NEED_STRLEN
-static int yy_flex_strlen (yyconst char * );
-#endif
-
-#ifndef YY_NO_INPUT
-
-#ifdef __cplusplus
-static int yyinput (void );
-#else
-static int input (void );
-#endif
-
-#endif
-
-/* Amount of stuff to slurp up with each read. */
-#ifndef YY_READ_BUF_SIZE
-#define YY_READ_BUF_SIZE 8192
-#endif
-
-/* Copy whatever the last rule matched to the standard output. */
-#ifndef ECHO
-/* This used to be an fputs(), but since the string might contain NUL's,
- * we now use fwrite().
- */
-#define ECHO (void) fwrite( yytext, yyleng, 1, yyout )
-#endif
-
-/* Gets input and stuffs it into "buf".  number of characters read, or YY_NULL,
- * is returned in "result".
- */
-#ifndef YY_INPUT
-#define YY_INPUT(buf,result,max_size) \
-	if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \
-		{ \
-		int c = '*'; \
-		size_t n; \
-		for ( n = 0; n < max_size && \
-			     (c = getc( yyin )) != EOF && c != '\n'; ++n ) \
-			buf[n] = (char) c; \
-		if ( c == '\n' ) \
-			buf[n++] = (char) c; \
-		if ( c == EOF && ferror( yyin ) ) \
-			YY_FATAL_ERROR( "input in flex scanner failed" ); \
-		result = n; \
-		} \
-	else \
-		{ \
-		errno=0; \
-		while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \
-			{ \
-			if( errno != EINTR) \
-				{ \
-				YY_FATAL_ERROR( "input in flex scanner failed" ); \
-				break; \
-				} \
-			errno=0; \
-			clearerr(yyin); \
-			} \
-		}\
-\
-
-#endif
-
-/* No semi-colon after return; correct usage is to write "yyterminate();" -
- * we don't want an extra ';' after the "return" because that will cause
- * some compilers to complain about unreachable statements.
- */
-#ifndef yyterminate
-#define yyterminate() return YY_NULL
-#endif
-
-/* Number of entries by which start-condition stack grows. */
-#ifndef YY_START_STACK_INCR
-#define YY_START_STACK_INCR 25
-#endif
-
-/* Report a fatal error. */
-#ifndef YY_FATAL_ERROR
-#define YY_FATAL_ERROR(msg) yy_fatal_error( msg )
-#endif
-
-/* end tables serialization structures and prototypes */
-
-/* Default declaration of generated scanner - a define so the user can
- * easily add parameters.
- */
-#ifndef YY_DECL
-#define YY_DECL_IS_OURS 1
-
-extern int yylex (void);
-
-#define YY_DECL int yylex (void)
-#endif /* !YY_DECL */
-
-/* Code executed at the beginning of each rule, after yytext and yyleng
- * have been set up.
- */
-#ifndef YY_USER_ACTION
-#define YY_USER_ACTION
-#endif
-
-/* Code executed at the end of each rule. */
-#ifndef YY_BREAK
-#define YY_BREAK break;
-#endif
-
-#define YY_RULE_SETUP \
-	YY_USER_ACTION
-
-/** The main scanner function which does all the work.
- */
-YY_DECL
-{
-	register yy_state_type yy_current_state;
-	register char *yy_cp, *yy_bp;
-	register int yy_act;
-    
-#line 59 "lex.l"
-
-#line 691 "lex.c"
-
-	if ( !(yy_init) )
-		{
-		(yy_init) = 1;
-
-#ifdef YY_USER_INIT
-		YY_USER_INIT;
-#endif
-
-		if ( ! (yy_start) )
-			(yy_start) = 1;	/* first start state */
-
-		if ( ! yyin )
-			yyin = stdin;
-
-		if ( ! yyout )
-			yyout = stdout;
-
-		if ( ! YY_CURRENT_BUFFER ) {
-			yyensure_buffer_stack ();
-			YY_CURRENT_BUFFER_LVALUE =
-				yy_create_buffer(yyin,YY_BUF_SIZE );
-		}
-
-		yy_load_buffer_state( );
-		}
-
-	while ( 1 )		/* loops until end-of-file is reached */
-		{
-		yy_cp = (yy_c_buf_p);
-
-		/* Support of yytext. */
-		*yy_cp = (yy_hold_char);
-
-		/* yy_bp points to the position in yy_ch_buf of the start of
-		 * the current run.
-		 */
-		yy_bp = yy_cp;
-
-		yy_current_state = (yy_start);
-yy_match:
-		do
-			{
-			register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)];
-			if ( yy_accept[yy_current_state] )
-				{
-				(yy_last_accepting_state) = yy_current_state;
-				(yy_last_accepting_cpos) = yy_cp;
-				}
-			while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
-				{
-				yy_current_state = (int) yy_def[yy_current_state];
-				if ( yy_current_state >= 46 )
-					yy_c = yy_meta[(unsigned int) yy_c];
-				}
-			yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
-			++yy_cp;
-			}
-		while ( yy_base[yy_current_state] != 57 );
-
-yy_find_action:
-		yy_act = yy_accept[yy_current_state];
-		if ( yy_act == 0 )
-			{ /* have to back up */
-			yy_cp = (yy_last_accepting_cpos);
-			yy_current_state = (yy_last_accepting_state);
-			yy_act = yy_accept[yy_current_state];
-			}
-
-		YY_DO_BEFORE_ACTION;
-
-do_action:	/* This label is used only to access EOF actions. */
-
-		switch ( yy_act )
-	{ /* beginning of action switch */
-			case 0: /* must back up */
-			/* undo the effects of YY_DO_BEFORE_ACTION */
-			*yy_cp = (yy_hold_char);
-			yy_cp = (yy_last_accepting_cpos);
-			yy_current_state = (yy_last_accepting_state);
-			goto yy_find_action;
-
-case 1:
-YY_RULE_SETUP
-#line 60 "lex.l"
-{ return ET; }
-	YY_BREAK
-case 2:
-YY_RULE_SETUP
-#line 61 "lex.l"
-{ return ET; }
-	YY_BREAK
-case 3:
-YY_RULE_SETUP
-#line 62 "lex.l"
-{ return EC; }
-	YY_BREAK
-case 4:
-YY_RULE_SETUP
-#line 63 "lex.l"
-{ return EC; }
-	YY_BREAK
-case 5:
-YY_RULE_SETUP
-#line 64 "lex.l"
-{ return PREFIX; }
-	YY_BREAK
-case 6:
-YY_RULE_SETUP
-#line 65 "lex.l"
-{ return INDEX; }
-	YY_BREAK
-case 7:
-YY_RULE_SETUP
-#line 66 "lex.l"
-{ return ID; }
-	YY_BREAK
-case 8:
-YY_RULE_SETUP
-#line 67 "lex.l"
-{ return END; }
-	YY_BREAK
-case 9:
-YY_RULE_SETUP
-#line 68 "lex.l"
-{ yylval.number = atoi(yytext); return NUMBER; }
-	YY_BREAK
-case 10:
-YY_RULE_SETUP
-#line 69 "lex.l"
-;
-	YY_BREAK
-case 11:
-YY_RULE_SETUP
-#line 70 "lex.l"
-;
-	YY_BREAK
-case 12:
-/* rule 12 can match eol */
-YY_RULE_SETUP
-#line 71 "lex.l"
-{ lineno++; }
-	YY_BREAK
-case 13:
-YY_RULE_SETUP
-#line 72 "lex.l"
-{ return getstring(); }
-	YY_BREAK
-case 14:
-YY_RULE_SETUP
-#line 73 "lex.l"
-{ yylval.string = strdup(yytext); return STRING; }
-	YY_BREAK
-case 15:
-YY_RULE_SETUP
-#line 74 "lex.l"
-{ return *yytext; }
-	YY_BREAK
-case 16:
-YY_RULE_SETUP
-#line 75 "lex.l"
-ECHO;
-	YY_BREAK
-#line 855 "lex.c"
-case YY_STATE_EOF(INITIAL):
-	yyterminate();
-
-	case YY_END_OF_BUFFER:
-		{
-		/* Amount of text matched not including the EOB char. */
-		int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1;
-
-		/* Undo the effects of YY_DO_BEFORE_ACTION. */
-		*yy_cp = (yy_hold_char);
-		YY_RESTORE_YY_MORE_OFFSET
-
-		if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW )
-			{
-			/* We're scanning a new file or input source.  It's
-			 * possible that this happened because the user
-			 * just pointed yyin at a new source and called
-			 * yylex().  If so, then we have to assure
-			 * consistency between YY_CURRENT_BUFFER and our
-			 * globals.  Here is the right place to do so, because
-			 * this is the first action (other than possibly a
-			 * back-up) that will match for the new input source.
-			 */
-			(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
-			YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin;
-			YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL;
-			}
-
-		/* Note that here we test for yy_c_buf_p "<=" to the position
-		 * of the first EOB in the buffer, since yy_c_buf_p will
-		 * already have been incremented past the NUL character
-		 * (since all states make transitions on EOB to the
-		 * end-of-buffer state).  Contrast this with the test
-		 * in input().
-		 */
-		if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
-			{ /* This was really a NUL. */
-			yy_state_type yy_next_state;
-
-			(yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text;
-
-			yy_current_state = yy_get_previous_state(  );
-
-			/* Okay, we're now positioned to make the NUL
-			 * transition.  We couldn't have
-			 * yy_get_previous_state() go ahead and do it
-			 * for us because it doesn't know how to deal
-			 * with the possibility of jamming (and we don't
-			 * want to build jamming into it because then it
-			 * will run more slowly).
-			 */
-
-			yy_next_state = yy_try_NUL_trans( yy_current_state );
-
-			yy_bp = (yytext_ptr) + YY_MORE_ADJ;
-
-			if ( yy_next_state )
-				{
-				/* Consume the NUL. */
-				yy_cp = ++(yy_c_buf_p);
-				yy_current_state = yy_next_state;
-				goto yy_match;
-				}
-
-			else
-				{
-				yy_cp = (yy_c_buf_p);
-				goto yy_find_action;
-				}
-			}
-
-		else switch ( yy_get_next_buffer(  ) )
-			{
-			case EOB_ACT_END_OF_FILE:
-				{
-				(yy_did_buffer_switch_on_eof) = 0;
-
-				if ( yywrap( ) )
-					{
-					/* Note: because we've taken care in
-					 * yy_get_next_buffer() to have set up
-					 * yytext, we can now set up
-					 * yy_c_buf_p so that if some total
-					 * hoser (like flex itself) wants to
-					 * call the scanner after we return the
-					 * YY_NULL, it'll still work - another
-					 * YY_NULL will get returned.
-					 */
-					(yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ;
-
-					yy_act = YY_STATE_EOF(YY_START);
-					goto do_action;
-					}
-
-				else
-					{
-					if ( ! (yy_did_buffer_switch_on_eof) )
-						YY_NEW_FILE;
-					}
-				break;
-				}
-
-			case EOB_ACT_CONTINUE_SCAN:
-				(yy_c_buf_p) =
-					(yytext_ptr) + yy_amount_of_matched_text;
-
-				yy_current_state = yy_get_previous_state(  );
-
-				yy_cp = (yy_c_buf_p);
-				yy_bp = (yytext_ptr) + YY_MORE_ADJ;
-				goto yy_match;
-
-			case EOB_ACT_LAST_MATCH:
-				(yy_c_buf_p) =
-				&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)];
-
-				yy_current_state = yy_get_previous_state(  );
-
-				yy_cp = (yy_c_buf_p);
-				yy_bp = (yytext_ptr) + YY_MORE_ADJ;
-				goto yy_find_action;
-			}
-		break;
-		}
-
-	default:
-		YY_FATAL_ERROR(
-			"fatal flex scanner internal error--no action found" );
-	} /* end of action switch */
-		} /* end of scanning one token */
-} /* end of yylex */
-
-/* yy_get_next_buffer - try to read in a new buffer
- *
- * Returns a code representing an action:
- *	EOB_ACT_LAST_MATCH -
- *	EOB_ACT_CONTINUE_SCAN - continue scanning from current position
- *	EOB_ACT_END_OF_FILE - end of file
- */
-static int yy_get_next_buffer (void)
-{
-    	register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf;
-	register char *source = (yytext_ptr);
-	register int number_to_move, i;
-	int ret_val;
-
-	if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] )
-		YY_FATAL_ERROR(
-		"fatal flex scanner internal error--end of buffer missed" );
-
-	if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 )
-		{ /* Don't try to fill the buffer, so this is an EOF. */
-		if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 )
-			{
-			/* We matched a single character, the EOB, so
-			 * treat this as a final EOF.
-			 */
-			return EOB_ACT_END_OF_FILE;
-			}
-
-		else
-			{
-			/* We matched some text prior to the EOB, first
-			 * process it.
-			 */
-			return EOB_ACT_LAST_MATCH;
-			}
-		}
-
-	/* Try to read more data. */
-
-	/* First move last chars to start of buffer. */
-	number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1;
-
-	for ( i = 0; i < number_to_move; ++i )
-		*(dest++) = *(source++);
-
-	if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING )
-		/* don't do the read, it's not guaranteed to return an EOF,
-		 * just force an EOF
-		 */
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0;
-
-	else
-		{
-			int num_to_read =
-			YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
-
-		while ( num_to_read <= 0 )
-			{ /* Not enough room in the buffer - grow it. */
-
-			/* just a shorter name for the current buffer */
-			YY_BUFFER_STATE b = YY_CURRENT_BUFFER;
-
-			int yy_c_buf_p_offset =
-				(int) ((yy_c_buf_p) - b->yy_ch_buf);
-
-			if ( b->yy_is_our_buffer )
-				{
-				int new_size = b->yy_buf_size * 2;
-
-				if ( new_size <= 0 )
-					b->yy_buf_size += b->yy_buf_size / 8;
-				else
-					b->yy_buf_size *= 2;
-
-				b->yy_ch_buf = (char *)
-					/* Include room in for 2 EOB chars. */
-					yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2  );
-				}
-			else
-				/* Can't grow it, we don't own it. */
-				b->yy_ch_buf = 0;
-
-			if ( ! b->yy_ch_buf )
-				YY_FATAL_ERROR(
-				"fatal error - scanner input buffer overflow" );
-
-			(yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset];
-
-			num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size -
-						number_to_move - 1;
-
-			}
-
-		if ( num_to_read > YY_READ_BUF_SIZE )
-			num_to_read = YY_READ_BUF_SIZE;
-
-		/* Read in more data. */
-		YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]),
-			(yy_n_chars), num_to_read );
-
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
-		}
-
-	if ( (yy_n_chars) == 0 )
-		{
-		if ( number_to_move == YY_MORE_ADJ )
-			{
-			ret_val = EOB_ACT_END_OF_FILE;
-			yyrestart(yyin  );
-			}
-
-		else
-			{
-			ret_val = EOB_ACT_LAST_MATCH;
-			YY_CURRENT_BUFFER_LVALUE->yy_buffer_status =
-				YY_BUFFER_EOF_PENDING;
-			}
-		}
-
-	else
-		ret_val = EOB_ACT_CONTINUE_SCAN;
-
-	(yy_n_chars) += number_to_move;
-	YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR;
-	YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR;
-
-	(yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0];
-
-	return ret_val;
-}
-
-/* yy_get_previous_state - get the state just before the EOB char was reached */
-
-    static yy_state_type yy_get_previous_state (void)
-{
-	register yy_state_type yy_current_state;
-	register char *yy_cp;
-    
-	yy_current_state = (yy_start);
-
-	for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp )
-		{
-		register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1);
-		if ( yy_accept[yy_current_state] )
-			{
-			(yy_last_accepting_state) = yy_current_state;
-			(yy_last_accepting_cpos) = yy_cp;
-			}
-		while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
-			{
-			yy_current_state = (int) yy_def[yy_current_state];
-			if ( yy_current_state >= 46 )
-				yy_c = yy_meta[(unsigned int) yy_c];
-			}
-		yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
-		}
-
-	return yy_current_state;
-}
-
-/* yy_try_NUL_trans - try to make a transition on the NUL character
- *
- * synopsis
- *	next_state = yy_try_NUL_trans( current_state );
- */
-    static yy_state_type yy_try_NUL_trans  (yy_state_type yy_current_state )
-{
-	register int yy_is_jam;
-    	register char *yy_cp = (yy_c_buf_p);
-
-	register YY_CHAR yy_c = 1;
-	if ( yy_accept[yy_current_state] )
-		{
-		(yy_last_accepting_state) = yy_current_state;
-		(yy_last_accepting_cpos) = yy_cp;
-		}
-	while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
-		{
-		yy_current_state = (int) yy_def[yy_current_state];
-		if ( yy_current_state >= 46 )
-			yy_c = yy_meta[(unsigned int) yy_c];
-		}
-	yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
-	yy_is_jam = (yy_current_state == 45);
-
-	return yy_is_jam ? 0 : yy_current_state;
-}
-
-    static void yyunput (int c, register char * yy_bp )
-{
-	register char *yy_cp;
-    
-    yy_cp = (yy_c_buf_p);
-
-	/* undo effects of setting up yytext */
-	*yy_cp = (yy_hold_char);
-
-	if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
-		{ /* need to shift things up to make room */
-		/* +2 for EOB chars. */
-		register int number_to_move = (yy_n_chars) + 2;
-		register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[
-					YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2];
-		register char *source =
-				&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move];
-
-		while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf )
-			*--dest = *--source;
-
-		yy_cp += (int) (dest - source);
-		yy_bp += (int) (dest - source);
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars =
-			(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size;
-
-		if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
-			YY_FATAL_ERROR( "flex scanner push-back overflow" );
-		}
-
-	*--yy_cp = (char) c;
-
-	(yytext_ptr) = yy_bp;
-	(yy_hold_char) = *yy_cp;
-	(yy_c_buf_p) = yy_cp;
-}
-
-#ifndef YY_NO_INPUT
-#ifdef __cplusplus
-    static int yyinput (void)
-#else
-    static int input  (void)
-#endif
-
-{
-	int c;
-    
-	*(yy_c_buf_p) = (yy_hold_char);
-
-	if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR )
-		{
-		/* yy_c_buf_p now points to the character we want to return.
-		 * If this occurs *before* the EOB characters, then it's a
-		 * valid NUL; if not, then we've hit the end of the buffer.
-		 */
-		if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
-			/* This was really a NUL. */
-			*(yy_c_buf_p) = '\0';
-
-		else
-			{ /* need more input */
-			int offset = (yy_c_buf_p) - (yytext_ptr);
-			++(yy_c_buf_p);
-
-			switch ( yy_get_next_buffer(  ) )
-				{
-				case EOB_ACT_LAST_MATCH:
-					/* This happens because yy_g_n_b()
-					 * sees that we've accumulated a
-					 * token and flags that we need to
-					 * try matching the token before
-					 * proceeding.  But for input(),
-					 * there's no matching to consider.
-					 * So convert the EOB_ACT_LAST_MATCH
-					 * to EOB_ACT_END_OF_FILE.
-					 */
-
-					/* Reset buffer status. */
-					yyrestart(yyin );
-
-					/*FALLTHROUGH*/
-
-				case EOB_ACT_END_OF_FILE:
-					{
-					if ( yywrap( ) )
-						return 0;
-
-					if ( ! (yy_did_buffer_switch_on_eof) )
-						YY_NEW_FILE;
-#ifdef __cplusplus
-					return yyinput();
-#else
-					return input();
-#endif
-					}
-
-				case EOB_ACT_CONTINUE_SCAN:
-					(yy_c_buf_p) = (yytext_ptr) + offset;
-					break;
-				}
-			}
-		}
-
-	c = *(unsigned char *) (yy_c_buf_p);	/* cast for 8-bit char's */
-	*(yy_c_buf_p) = '\0';	/* preserve yytext */
-	(yy_hold_char) = *++(yy_c_buf_p);
-
-	return c;
-}
-#endif	/* ifndef YY_NO_INPUT */
-
-/** Immediately switch to a different input stream.
- * @param input_file A readable stream.
- * 
- * @note This function does not reset the start condition to @c INITIAL .
- */
-    void yyrestart  (FILE * input_file )
-{
-    
-	if ( ! YY_CURRENT_BUFFER ){
-        yyensure_buffer_stack ();
-		YY_CURRENT_BUFFER_LVALUE =
-            yy_create_buffer(yyin,YY_BUF_SIZE );
-	}
-
-	yy_init_buffer(YY_CURRENT_BUFFER,input_file );
-	yy_load_buffer_state( );
-}
-
-/** Switch to a different input buffer.
- * @param new_buffer The new input buffer.
- * 
- */
-    void yy_switch_to_buffer  (YY_BUFFER_STATE  new_buffer )
-{
-    
-	/* TODO. We should be able to replace this entire function body
-	 * with
-	 *		yypop_buffer_state();
-	 *		yypush_buffer_state(new_buffer);
-     */
-	yyensure_buffer_stack ();
-	if ( YY_CURRENT_BUFFER == new_buffer )
-		return;
-
-	if ( YY_CURRENT_BUFFER )
-		{
-		/* Flush out information for old buffer. */
-		*(yy_c_buf_p) = (yy_hold_char);
-		YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
-		}
-
-	YY_CURRENT_BUFFER_LVALUE = new_buffer;
-	yy_load_buffer_state( );
-
-	/* We don't actually know whether we did this switch during
-	 * EOF (yywrap()) processing, but the only time this flag
-	 * is looked at is after yywrap() is called, so it's safe
-	 * to go ahead and always set it.
-	 */
-	(yy_did_buffer_switch_on_eof) = 1;
-}
-
-static void yy_load_buffer_state  (void)
-{
-    	(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
-	(yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos;
-	yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file;
-	(yy_hold_char) = *(yy_c_buf_p);
-}
-
-/** Allocate and initialize an input buffer state.
- * @param file A readable stream.
- * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE.
- * 
- * @return the allocated buffer state.
- */
-    YY_BUFFER_STATE yy_create_buffer  (FILE * file, int  size )
-{
-	YY_BUFFER_STATE b;
-    
-	b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state )  );
-	if ( ! b )
-		YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
-
-	b->yy_buf_size = size;
-
-	/* yy_ch_buf has to be 2 characters longer than the size given because
-	 * we need to put in 2 end-of-buffer characters.
-	 */
-	b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2  );
-	if ( ! b->yy_ch_buf )
-		YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
-
-	b->yy_is_our_buffer = 1;
-
-	yy_init_buffer(b,file );
-
-	return b;
-}
-
-/** Destroy the buffer.
- * @param b a buffer created with yy_create_buffer()
- * 
- */
-    void yy_delete_buffer (YY_BUFFER_STATE  b )
-{
-    
-	if ( ! b )
-		return;
-
-	if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */
-		YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0;
-
-	if ( b->yy_is_our_buffer )
-		yyfree((void *) b->yy_ch_buf  );
-
-	yyfree((void *) b  );
-}
-
-#ifndef __cplusplus
-extern int isatty (int );
-#endif /* __cplusplus */
-    
-/* Initializes or reinitializes a buffer.
- * This function is sometimes called more than once on the same buffer,
- * such as during a yyrestart() or at EOF.
- */
-    static void yy_init_buffer  (YY_BUFFER_STATE  b, FILE * file )
-
-{
-	int oerrno = errno;
-    
-	yy_flush_buffer(b );
-
-	b->yy_input_file = file;
-	b->yy_fill_buffer = 1;
-
-    /* If b is the current buffer, then yy_init_buffer was _probably_
-     * called from yyrestart() or through yy_get_next_buffer.
-     * In that case, we don't want to reset the lineno or column.
-     */
-    if (b != YY_CURRENT_BUFFER){
-        b->yy_bs_lineno = 1;
-        b->yy_bs_column = 0;
-    }
-
-        b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0;
-    
-	errno = oerrno;
-}
-
-/** Discard all buffered characters. On the next scan, YY_INPUT will be called.
- * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER.
- * 
- */
-    void yy_flush_buffer (YY_BUFFER_STATE  b )
-{
-    	if ( ! b )
-		return;
-
-	b->yy_n_chars = 0;
-
-	/* We always need two end-of-buffer characters.  The first causes
-	 * a transition to the end-of-buffer state.  The second causes
-	 * a jam in that state.
-	 */
-	b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR;
-	b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR;
-
-	b->yy_buf_pos = &b->yy_ch_buf[0];
-
-	b->yy_at_bol = 1;
-	b->yy_buffer_status = YY_BUFFER_NEW;
-
-	if ( b == YY_CURRENT_BUFFER )
-		yy_load_buffer_state( );
-}
-
-/** Pushes the new state onto the stack. The new state becomes
- *  the current state. This function will allocate the stack
- *  if necessary.
- *  @param new_buffer The new state.
- *  
- */
-void yypush_buffer_state (YY_BUFFER_STATE new_buffer )
-{
-    	if (new_buffer == NULL)
-		return;
-
-	yyensure_buffer_stack();
-
-	/* This block is copied from yy_switch_to_buffer. */
-	if ( YY_CURRENT_BUFFER )
-		{
-		/* Flush out information for old buffer. */
-		*(yy_c_buf_p) = (yy_hold_char);
-		YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
-		}
-
-	/* Only push if top exists. Otherwise, replace top. */
-	if (YY_CURRENT_BUFFER)
-		(yy_buffer_stack_top)++;
-	YY_CURRENT_BUFFER_LVALUE = new_buffer;
-
-	/* copied from yy_switch_to_buffer. */
-	yy_load_buffer_state( );
-	(yy_did_buffer_switch_on_eof) = 1;
-}
-
-/** Removes and deletes the top of the stack, if present.
- *  The next element becomes the new top.
- *  
- */
-void yypop_buffer_state (void)
-{
-    	if (!YY_CURRENT_BUFFER)
-		return;
-
-	yy_delete_buffer(YY_CURRENT_BUFFER );
-	YY_CURRENT_BUFFER_LVALUE = NULL;
-	if ((yy_buffer_stack_top) > 0)
-		--(yy_buffer_stack_top);
-
-	if (YY_CURRENT_BUFFER) {
-		yy_load_buffer_state( );
-		(yy_did_buffer_switch_on_eof) = 1;
-	}
-}
-
-/* Allocates the stack if it does not exist.
- *  Guarantees space for at least one push.
- */
-static void yyensure_buffer_stack (void)
-{
-	int num_to_alloc;
-    
-	if (!(yy_buffer_stack)) {
-
-		/* First allocation is just for 2 elements, since we don't know if this
-		 * scanner will even need a stack. We use 2 instead of 1 to avoid an
-		 * immediate realloc on the next call.
-         */
-		num_to_alloc = 1;
-		(yy_buffer_stack) = (struct yy_buffer_state**)yyalloc
-								(num_to_alloc * sizeof(struct yy_buffer_state*)
-								);
-		
-		memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*));
-				
-		(yy_buffer_stack_max) = num_to_alloc;
-		(yy_buffer_stack_top) = 0;
-		return;
-	}
-
-	if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){
-
-		/* Increase the buffer to prepare for a possible push. */
-		int grow_size = 8 /* arbitrary grow size */;
-
-		num_to_alloc = (yy_buffer_stack_max) + grow_size;
-		(yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc
-								((yy_buffer_stack),
-								num_to_alloc * sizeof(struct yy_buffer_state*)
-								);
-
-		/* zero only the new slots.*/
-		memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*));
-		(yy_buffer_stack_max) = num_to_alloc;
-	}
-}
-
-/** Setup the input buffer state to scan directly from a user-specified character buffer.
- * @param base the character buffer
- * @param size the size in bytes of the character buffer
- * 
- * @return the newly allocated buffer state object. 
- */
-YY_BUFFER_STATE yy_scan_buffer  (char * base, yy_size_t  size )
-{
-	YY_BUFFER_STATE b;
-    
-	if ( size < 2 ||
-	     base[size-2] != YY_END_OF_BUFFER_CHAR ||
-	     base[size-1] != YY_END_OF_BUFFER_CHAR )
-		/* They forgot to leave room for the EOB's. */
-		return 0;
-
-	b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state )  );
-	if ( ! b )
-		YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" );
-
-	b->yy_buf_size = size - 2;	/* "- 2" to take care of EOB's */
-	b->yy_buf_pos = b->yy_ch_buf = base;
-	b->yy_is_our_buffer = 0;
-	b->yy_input_file = 0;
-	b->yy_n_chars = b->yy_buf_size;
-	b->yy_is_interactive = 0;
-	b->yy_at_bol = 1;
-	b->yy_fill_buffer = 0;
-	b->yy_buffer_status = YY_BUFFER_NEW;
-
-	yy_switch_to_buffer(b  );
-
-	return b;
-}
-
-/** Setup the input buffer state to scan a string. The next call to yylex() will
- * scan from a @e copy of @a str.
- * @param str a NUL-terminated string to scan
- * 
- * @return the newly allocated buffer state object.
- * @note If you want to scan bytes that may contain NUL values, then use
- *       yy_scan_bytes() instead.
- */
-YY_BUFFER_STATE yy_scan_string (yyconst char * yystr )
-{
-    
-	return yy_scan_bytes(yystr,strlen(yystr) );
-}
-
-/** Setup the input buffer state to scan the given bytes. The next call to yylex() will
- * scan from a @e copy of @a bytes.
- * @param bytes the byte buffer to scan
- * @param len the number of bytes in the buffer pointed to by @a bytes.
- * 
- * @return the newly allocated buffer state object.
- */
-YY_BUFFER_STATE yy_scan_bytes  (yyconst char * yybytes, int  _yybytes_len )
-{
-	YY_BUFFER_STATE b;
-	char *buf;
-	yy_size_t n;
-	int i;
-    
-	/* Get memory for full buffer, including space for trailing EOB's. */
-	n = _yybytes_len + 2;
-	buf = (char *) yyalloc(n  );
-	if ( ! buf )
-		YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" );
-
-	for ( i = 0; i < _yybytes_len; ++i )
-		buf[i] = yybytes[i];
-
-	buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR;
-
-	b = yy_scan_buffer(buf,n );
-	if ( ! b )
-		YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" );
-
-	/* It's okay to grow etc. this buffer, and we should throw it
-	 * away when we're done.
-	 */
-	b->yy_is_our_buffer = 1;
-
-	return b;
-}
-
-#ifndef YY_EXIT_FAILURE
-#define YY_EXIT_FAILURE 2
-#endif
-
-static void yy_fatal_error (yyconst char* msg )
-{
-    	(void) fprintf( stderr, "%s\n", msg );
-	exit( YY_EXIT_FAILURE );
-}
-
-/* Redefine yyless() so it works in section 3 code. */
-
-#undef yyless
-#define yyless(n) \
-	do \
-		{ \
-		/* Undo effects of setting up yytext. */ \
-        int yyless_macro_arg = (n); \
-        YY_LESS_LINENO(yyless_macro_arg);\
-		yytext[yyleng] = (yy_hold_char); \
-		(yy_c_buf_p) = yytext + yyless_macro_arg; \
-		(yy_hold_char) = *(yy_c_buf_p); \
-		*(yy_c_buf_p) = '\0'; \
-		yyleng = yyless_macro_arg; \
-		} \
-	while ( 0 )
-
-/* Accessor  methods (get/set functions) to struct members. */
-
-/** Get the current line number.
- * 
- */
-int yyget_lineno  (void)
-{
-        
-    return yylineno;
-}
-
-/** Get the input stream.
- * 
- */
-FILE *yyget_in  (void)
-{
-        return yyin;
-}
-
-/** Get the output stream.
- * 
- */
-FILE *yyget_out  (void)
-{
-        return yyout;
-}
-
-/** Get the length of the current token.
- * 
- */
-int yyget_leng  (void)
-{
-        return yyleng;
-}
-
-/** Get the current token.
- * 
- */
-
-char *yyget_text  (void)
-{
-        return yytext;
-}
-
-/** Set the current line number.
- * @param line_number
- * 
- */
-void yyset_lineno (int  line_number )
-{
-    
-    yylineno = line_number;
-}
-
-/** Set the input stream. This does not discard the current
- * input buffer.
- * @param in_str A readable stream.
- * 
- * @see yy_switch_to_buffer
- */
-void yyset_in (FILE *  in_str )
-{
-        yyin = in_str ;
-}
-
-void yyset_out (FILE *  out_str )
-{
-        yyout = out_str ;
-}
-
-int yyget_debug  (void)
-{
-        return yy_flex_debug;
-}
-
-void yyset_debug (int  bdebug )
-{
-        yy_flex_debug = bdebug ;
-}
-
-static int yy_init_globals (void)
-{
-        /* Initialization is the same as for the non-reentrant scanner.
-     * This function is called from yylex_destroy(), so don't allocate here.
-     */
-
-    (yy_buffer_stack) = 0;
-    (yy_buffer_stack_top) = 0;
-    (yy_buffer_stack_max) = 0;
-    (yy_c_buf_p) = (char *) 0;
-    (yy_init) = 0;
-    (yy_start) = 0;
-
-/* Defined in main.c */
-#ifdef YY_STDINIT
-    yyin = stdin;
-    yyout = stdout;
-#else
-    yyin = (FILE *) 0;
-    yyout = (FILE *) 0;
-#endif
-
-    /* For future reference: Set errno on error, since we are called by
-     * yylex_init()
-     */
-    return 0;
-}
-
-/* yylex_destroy is for both reentrant and non-reentrant scanners. */
-int yylex_destroy  (void)
-{
-    
-    /* Pop the buffer stack, destroying each element. */
-	while(YY_CURRENT_BUFFER){
-		yy_delete_buffer(YY_CURRENT_BUFFER  );
-		YY_CURRENT_BUFFER_LVALUE = NULL;
-		yypop_buffer_state();
-	}
-
-	/* Destroy the stack itself. */
-	yyfree((yy_buffer_stack) );
-	(yy_buffer_stack) = NULL;
-
-    /* Reset the globals. This is important in a non-reentrant scanner so the next time
-     * yylex() is called, initialization will occur. */
-    yy_init_globals( );
-
-    return 0;
-}
-
-/*
- * Internal utility routines.
- */
-
-#ifndef yytext_ptr
-static void yy_flex_strncpy (char* s1, yyconst char * s2, int n )
-{
-	register int i;
-	for ( i = 0; i < n; ++i )
-		s1[i] = s2[i];
-}
-#endif
-
-#ifdef YY_NEED_STRLEN
-static int yy_flex_strlen (yyconst char * s )
-{
-	register int n;
-	for ( n = 0; s[n]; ++n )
-		;
-
-	return n;
-}
-#endif
-
-void *yyalloc (yy_size_t  size )
-{
-	return (void *) malloc( size );
-}
-
-void *yyrealloc  (void * ptr, yy_size_t  size )
-{
-	/* The cast to (char *) in the following accommodates both
-	 * implementations that use char* generic pointers, and those
-	 * that use void* generic pointers.  It works with the latter
-	 * because both ANSI C and C++ allow castless assignment from
-	 * any pointer type to void*, and deal with argument conversions
-	 * as though doing an assignment.
-	 */
-	return (void *) realloc( (char *) ptr, size );
-}
-
-void yyfree (void * ptr )
-{
-	free( (char *) ptr );	/* see yyrealloc() for (char *) cast */
-}
-
-#define YYTABLES_NAME "yytables"
-
-#line 75 "lex.l"
-
-
-
-#ifndef yywrap /* XXX */
-int
-yywrap () 
-{
-     return 1;
-}
-#endif
-
-static int
-getstring(void)
-{
-    char x[128];
-    int i = 0;
-    int c;
-    int quote = 0;
-    while(i < sizeof(x) - 1 && (c = input()) != EOF){
-	if(quote) {
-	    x[i++] = c;
-	    quote = 0;
-	    continue;
-	}
-	if(c == '\n'){
-	    error_message("unterminated string");
-	    lineno++;
-	    break;
-	}
-	if(c == '\\'){
-	    quote++;
-	    continue;
-	}
-	if(c == '\"')
-	    break;
-	x[i++] = c;
-    }
-    x[i] = '\0';
-    yylval.string = strdup(x);
-    if (yylval.string == NULL)
-        err(1, "malloc");
-    return STRING;
-}
-
-void
-error_message (const char *format, ...)
-{
-     va_list args;
-
-     va_start (args, format);
-     fprintf (stderr, "%s:%d:", filename, lineno);
-     vfprintf (stderr, format, args);
-     va_end (args);
-     numerror++;
-}
-
diff --git a/crypto/heimdal/lib/com_err/lex.h b/crypto/heimdal/lib/com_err/lex.h
deleted file mode 100644
index 89f0387655f4..000000000000
--- a/crypto/heimdal/lib/com_err/lex.h
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: lex.h 8451 2000-06-22 00:42:52Z assar $ */
-
-void error_message (const char *, ...)
-__attribute__ ((format (printf, 1, 2)));
-
-int yylex(void);
diff --git a/crypto/heimdal/lib/com_err/lex.l b/crypto/heimdal/lib/com_err/lex.l
deleted file mode 100644
index 08aef516b304..000000000000
--- a/crypto/heimdal/lib/com_err/lex.l
+++ /dev/null
@@ -1,128 +0,0 @@
-%{
-/*
- * Copyright (c) 1998 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/*
- * This is to handle the definition of this symbol in some AIX
- * headers, which will conflict with the definition that lex will
- * generate for it.  It's only a problem for AIX lex.
- */
-
-#undef ECHO
-
-#include "compile_et.h"
-#include "parse.h"
-#include "lex.h"
-
-RCSID("$Id: lex.l 15143 2005-05-16 08:52:54Z lha $");
-
-static unsigned lineno = 1;
-static int getstring(void);
-
-#define YY_NO_UNPUT
-
-#undef ECHO
-
-%}
-
-
-%%
-et			{ return ET; }
-error_table		{ return ET; }
-ec			{ return EC; }
-error_code		{ return EC; }
-prefix			{ return PREFIX; }
-index			{ return INDEX; }
-id			{ return ID; }
-end			{ return END; }
-[0-9]+			{ yylval.number = atoi(yytext); return NUMBER; }
-#[^\n]*			;
-[ \t]			;
-\n			{ lineno++; }
-\"			{ return getstring(); }
-[a-zA-Z0-9_]+		{ yylval.string = strdup(yytext); return STRING; }
-.			{ return *yytext; }
-%%
-
-#ifndef yywrap /* XXX */
-int
-yywrap () 
-{
-     return 1;
-}
-#endif
-
-static int
-getstring(void)
-{
-    char x[128];
-    int i = 0;
-    int c;
-    int quote = 0;
-    while(i < sizeof(x) - 1 && (c = input()) != EOF){
-	if(quote) {
-	    x[i++] = c;
-	    quote = 0;
-	    continue;
-	}
-	if(c == '\n'){
-	    error_message("unterminated string");
-	    lineno++;
-	    break;
-	}
-	if(c == '\\'){
-	    quote++;
-	    continue;
-	}
-	if(c == '\"')
-	    break;
-	x[i++] = c;
-    }
-    x[i] = '\0';
-    yylval.string = strdup(x);
-    if (yylval.string == NULL)
-        err(1, "malloc");
-    return STRING;
-}
-
-void
-error_message (const char *format, ...)
-{
-     va_list args;
-
-     va_start (args, format);
-     fprintf (stderr, "%s:%d:", filename, lineno);
-     vfprintf (stderr, format, args);
-     va_end (args);
-     numerror++;
-}
diff --git a/crypto/heimdal/lib/com_err/parse.c b/crypto/heimdal/lib/com_err/parse.c
deleted file mode 100644
index 32cff630d407..000000000000
--- a/crypto/heimdal/lib/com_err/parse.c
+++ /dev/null
@@ -1,1716 +0,0 @@
-/* A Bison parser, made by GNU Bison 2.3.  */
-
-/* Skeleton implementation for Bison's Yacc-like parsers in C
-
-   Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
-   Free Software Foundation, Inc.
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2, or (at your option)
-   any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 51 Franklin Street, Fifth Floor,
-   Boston, MA 02110-1301, USA.  */
-
-/* As a special exception, you may create a larger work that contains
-   part or all of the Bison parser skeleton and distribute that work
-   under terms of your choice, so long as that work isn't itself a
-   parser generator using the skeleton or a modified version thereof
-   as a parser skeleton.  Alternatively, if you modify or redistribute
-   the parser skeleton itself, you may (at your option) remove this
-   special exception, which will cause the skeleton and the resulting
-   Bison output files to be licensed under the GNU General Public
-   License without this special exception.
-
-   This special exception was added by the Free Software Foundation in
-   version 2.2 of Bison.  */
-
-/* C LALR(1) parser skeleton written by Richard Stallman, by
-   simplifying the original so-called "semantic" parser.  */
-
-/* All symbols defined below should begin with yy or YY, to avoid
-   infringing on user name space.  This should be done even for local
-   variables, as they might otherwise be expanded by user macros.
-   There are some unavoidable exceptions within include files to
-   define necessary library symbols; they are noted "INFRINGES ON
-   USER NAME SPACE" below.  */
-
-/* Identify Bison output.  */
-#define YYBISON 1
-
-/* Bison version.  */
-#define YYBISON_VERSION "2.3"
-
-/* Skeleton name.  */
-#define YYSKELETON_NAME "yacc.c"
-
-/* Pure parsers.  */
-#define YYPURE 0
-
-/* Using locations.  */
-#define YYLSP_NEEDED 0
-
-
-
-/* Tokens.  */
-#ifndef YYTOKENTYPE
-# define YYTOKENTYPE
-   /* Put the tokens into the symbol table, so that GDB and other debuggers
-      know about them.  */
-   enum yytokentype {
-     ET = 258,
-     INDEX = 259,
-     PREFIX = 260,
-     EC = 261,
-     ID = 262,
-     END = 263,
-     STRING = 264,
-     NUMBER = 265
-   };
-#endif
-/* Tokens.  */
-#define ET 258
-#define INDEX 259
-#define PREFIX 260
-#define EC 261
-#define ID 262
-#define END 263
-#define STRING 264
-#define NUMBER 265
-
-
-
-
-/* Copy the first part of user declarations.  */
-#line 1 "parse.y"
-
-/*
- * Copyright (c) 1998 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "compile_et.h"
-#include "lex.h"
-
-RCSID("$Id: parse.y 15426 2005-06-16 19:21:42Z lha $");
-
-void yyerror (char *s);
-static long name2number(const char *str);
-
-extern char *yytext;
-
-/* This is for bison */
-
-#if !defined(alloca) && !defined(HAVE_ALLOCA)
-#define alloca(x) malloc(x)
-#endif
-
-
-
-/* Enabling traces.  */
-#ifndef YYDEBUG
-# define YYDEBUG 0
-#endif
-
-/* Enabling verbose error messages.  */
-#ifdef YYERROR_VERBOSE
-# undef YYERROR_VERBOSE
-# define YYERROR_VERBOSE 1
-#else
-# define YYERROR_VERBOSE 0
-#endif
-
-/* Enabling the token table.  */
-#ifndef YYTOKEN_TABLE
-# define YYTOKEN_TABLE 0
-#endif
-
-#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
-typedef union YYSTYPE
-#line 53 "parse.y"
-{
-  char *string;
-  int number;
-}
-/* Line 193 of yacc.c.  */
-#line 173 "parse.c"
-	YYSTYPE;
-# define yystype YYSTYPE /* obsolescent; will be withdrawn */
-# define YYSTYPE_IS_DECLARED 1
-# define YYSTYPE_IS_TRIVIAL 1
-#endif
-
-
-
-/* Copy the second part of user declarations.  */
-
-
-/* Line 216 of yacc.c.  */
-#line 186 "parse.c"
-
-#ifdef short
-# undef short
-#endif
-
-#ifdef YYTYPE_UINT8
-typedef YYTYPE_UINT8 yytype_uint8;
-#else
-typedef unsigned char yytype_uint8;
-#endif
-
-#ifdef YYTYPE_INT8
-typedef YYTYPE_INT8 yytype_int8;
-#elif (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-typedef signed char yytype_int8;
-#else
-typedef short int yytype_int8;
-#endif
-
-#ifdef YYTYPE_UINT16
-typedef YYTYPE_UINT16 yytype_uint16;
-#else
-typedef unsigned short int yytype_uint16;
-#endif
-
-#ifdef YYTYPE_INT16
-typedef YYTYPE_INT16 yytype_int16;
-#else
-typedef short int yytype_int16;
-#endif
-
-#ifndef YYSIZE_T
-# ifdef __SIZE_TYPE__
-#  define YYSIZE_T __SIZE_TYPE__
-# elif defined size_t
-#  define YYSIZE_T size_t
-# elif ! defined YYSIZE_T && (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-#  include <stddef.h> /* INFRINGES ON USER NAME SPACE */
-#  define YYSIZE_T size_t
-# else
-#  define YYSIZE_T unsigned int
-# endif
-#endif
-
-#define YYSIZE_MAXIMUM ((YYSIZE_T) -1)
-
-#ifndef YY_
-# if defined YYENABLE_NLS && YYENABLE_NLS
-#  if ENABLE_NLS
-#   include <libintl.h> /* INFRINGES ON USER NAME SPACE */
-#   define YY_(msgid) dgettext ("bison-runtime", msgid)
-#  endif
-# endif
-# ifndef YY_
-#  define YY_(msgid) msgid
-# endif
-#endif
-
-/* Suppress unused-variable warnings by "using" E.  */
-#if ! defined lint || defined __GNUC__
-# define YYUSE(e) ((void) (e))
-#else
-# define YYUSE(e) /* empty */
-#endif
-
-/* Identity function, used to suppress warnings about constant conditions.  */
-#ifndef lint
-# define YYID(n) (n)
-#else
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static int
-YYID (int i)
-#else
-static int
-YYID (i)
-    int i;
-#endif
-{
-  return i;
-}
-#endif
-
-#if ! defined yyoverflow || YYERROR_VERBOSE
-
-/* The parser invokes alloca or malloc; define the necessary symbols.  */
-
-# ifdef YYSTACK_USE_ALLOCA
-#  if YYSTACK_USE_ALLOCA
-#   ifdef __GNUC__
-#    define YYSTACK_ALLOC __builtin_alloca
-#   elif defined __BUILTIN_VA_ARG_INCR
-#    include <alloca.h> /* INFRINGES ON USER NAME SPACE */
-#   elif defined _AIX
-#    define YYSTACK_ALLOC __alloca
-#   elif defined _MSC_VER
-#    include <malloc.h> /* INFRINGES ON USER NAME SPACE */
-#    define alloca _alloca
-#   else
-#    define YYSTACK_ALLOC alloca
-#    if ! defined _ALLOCA_H && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-#     include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
-#     ifndef _STDLIB_H
-#      define _STDLIB_H 1
-#     endif
-#    endif
-#   endif
-#  endif
-# endif
-
-# ifdef YYSTACK_ALLOC
-   /* Pacify GCC's `empty if-body' warning.  */
-#  define YYSTACK_FREE(Ptr) do { /* empty */; } while (YYID (0))
-#  ifndef YYSTACK_ALLOC_MAXIMUM
-    /* The OS might guarantee only one guard page at the bottom of the stack,
-       and a page size can be as small as 4096 bytes.  So we cannot safely
-       invoke alloca (N) if N exceeds 4096.  Use a slightly smaller number
-       to allow for a few compiler-allocated temporary stack slots.  */
-#   define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2006 */
-#  endif
-# else
-#  define YYSTACK_ALLOC YYMALLOC
-#  define YYSTACK_FREE YYFREE
-#  ifndef YYSTACK_ALLOC_MAXIMUM
-#   define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM
-#  endif
-#  if (defined __cplusplus && ! defined _STDLIB_H \
-       && ! ((defined YYMALLOC || defined malloc) \
-	     && (defined YYFREE || defined free)))
-#   include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
-#   ifndef _STDLIB_H
-#    define _STDLIB_H 1
-#   endif
-#  endif
-#  ifndef YYMALLOC
-#   define YYMALLOC malloc
-#   if ! defined malloc && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */
-#   endif
-#  endif
-#  ifndef YYFREE
-#   define YYFREE free
-#   if ! defined free && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-void free (void *); /* INFRINGES ON USER NAME SPACE */
-#   endif
-#  endif
-# endif
-#endif /* ! defined yyoverflow || YYERROR_VERBOSE */
-
-
-#if (! defined yyoverflow \
-     && (! defined __cplusplus \
-	 || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL)))
-
-/* A type that is properly aligned for any stack member.  */
-union yyalloc
-{
-  yytype_int16 yyss;
-  YYSTYPE yyvs;
-  };
-
-/* The size of the maximum gap between one aligned stack and the next.  */
-# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1)
-
-/* The size of an array large to enough to hold all stacks, each with
-   N elements.  */
-# define YYSTACK_BYTES(N) \
-     ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \
-      + YYSTACK_GAP_MAXIMUM)
-
-/* Copy COUNT objects from FROM to TO.  The source and destination do
-   not overlap.  */
-# ifndef YYCOPY
-#  if defined __GNUC__ && 1 < __GNUC__
-#   define YYCOPY(To, From, Count) \
-      __builtin_memcpy (To, From, (Count) * sizeof (*(From)))
-#  else
-#   define YYCOPY(To, From, Count)		\
-      do					\
-	{					\
-	  YYSIZE_T yyi;				\
-	  for (yyi = 0; yyi < (Count); yyi++)	\
-	    (To)[yyi] = (From)[yyi];		\
-	}					\
-      while (YYID (0))
-#  endif
-# endif
-
-/* Relocate STACK from its old location to the new one.  The
-   local variables YYSIZE and YYSTACKSIZE give the old and new number of
-   elements in the stack, and YYPTR gives the new location of the
-   stack.  Advance YYPTR to a properly aligned location for the next
-   stack.  */
-# define YYSTACK_RELOCATE(Stack)					\
-    do									\
-      {									\
-	YYSIZE_T yynewbytes;						\
-	YYCOPY (&yyptr->Stack, Stack, yysize);				\
-	Stack = &yyptr->Stack;						\
-	yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \
-	yyptr += yynewbytes / sizeof (*yyptr);				\
-      }									\
-    while (YYID (0))
-
-#endif
-
-/* YYFINAL -- State number of the termination state.  */
-#define YYFINAL  9
-/* YYLAST -- Last index in YYTABLE.  */
-#define YYLAST   23
-
-/* YYNTOKENS -- Number of terminals.  */
-#define YYNTOKENS  12
-/* YYNNTS -- Number of nonterminals.  */
-#define YYNNTS  7
-/* YYNRULES -- Number of rules.  */
-#define YYNRULES  15
-/* YYNRULES -- Number of states.  */
-#define YYNSTATES  24
-
-/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX.  */
-#define YYUNDEFTOK  2
-#define YYMAXUTOK   265
-
-#define YYTRANSLATE(YYX)						\
-  ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK)
-
-/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX.  */
-static const yytype_uint8 yytranslate[] =
-{
-       0,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,    11,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     1,     2,     3,     4,
-       5,     6,     7,     8,     9,    10
-};
-
-#if YYDEBUG
-/* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in
-   YYRHS.  */
-static const yytype_uint8 yyprhs[] =
-{
-       0,     0,     3,     4,     7,    10,    12,    15,    18,    22,
-      24,    27,    30,    33,    35,    40
-};
-
-/* YYRHS -- A `-1'-separated list of the rules' RHS.  */
-static const yytype_int8 yyrhs[] =
-{
-      13,     0,    -1,    -1,    14,    17,    -1,    15,    16,    -1,
-      16,    -1,     7,     9,    -1,     3,     9,    -1,     3,     9,
-       9,    -1,    18,    -1,    17,    18,    -1,     4,    10,    -1,
-       5,     9,    -1,     5,    -1,     6,     9,    11,     9,    -1,
-       8,    -1
-};
-
-/* YYRLINE[YYN] -- source line where rule number YYN was defined.  */
-static const yytype_uint8 yyrline[] =
-{
-       0,    64,    64,    65,    68,    69,    72,    78,    84,    93,
-      94,    97,   101,   109,   116,   136
-};
-#endif
-
-#if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE
-/* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM.
-   First, the terminals, then, starting at YYNTOKENS, nonterminals.  */
-static const char *const yytname[] =
-{
-  "$end", "error", "$undefined", "ET", "INDEX", "PREFIX", "EC", "ID",
-  "END", "STRING", "NUMBER", "','", "$accept", "file", "header", "id",
-  "et", "statements", "statement", 0
-};
-#endif
-
-# ifdef YYPRINT
-/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to
-   token YYLEX-NUM.  */
-static const yytype_uint16 yytoknum[] =
-{
-       0,   256,   257,   258,   259,   260,   261,   262,   263,   264,
-     265,    44
-};
-# endif
-
-/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives.  */
-static const yytype_uint8 yyr1[] =
-{
-       0,    12,    13,    13,    14,    14,    15,    16,    16,    17,
-      17,    18,    18,    18,    18,    18
-};
-
-/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN.  */
-static const yytype_uint8 yyr2[] =
-{
-       0,     2,     0,     2,     2,     1,     2,     2,     3,     1,
-       2,     2,     2,     1,     4,     1
-};
-
-/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state
-   STATE-NUM when YYTABLE doesn't specify something else to do.  Zero
-   means the default is an error.  */
-static const yytype_uint8 yydefact[] =
-{
-       2,     0,     0,     0,     0,     0,     5,     7,     6,     1,
-       0,    13,     0,    15,     3,     9,     4,     8,    11,    12,
-       0,    10,     0,    14
-};
-
-/* YYDEFGOTO[NTERM-NUM].  */
-static const yytype_int8 yydefgoto[] =
-{
-      -1,     3,     4,     5,     6,    14,    15
-};
-
-/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing
-   STATE-NUM.  */
-#define YYPACT_NINF -5
-static const yytype_int8 yypact[] =
-{
-       0,    -3,    -1,     5,    -4,     6,    -5,     1,    -5,    -5,
-       2,     4,     7,    -5,    -4,    -5,    -5,    -5,    -5,    -5,
-       3,    -5,     8,    -5
-};
-
-/* YYPGOTO[NTERM-NUM].  */
-static const yytype_int8 yypgoto[] =
-{
-      -5,    -5,    -5,    -5,    10,    -5,     9
-};
-
-/* YYTABLE[YYPACT[STATE-NUM]].  What to do in state STATE-NUM.  If
-   positive, shift that token.  If negative, reduce the rule which
-   number is the opposite.  If zero, do what YYDEFACT says.
-   If YYTABLE_NINF, syntax error.  */
-#define YYTABLE_NINF -1
-static const yytype_uint8 yytable[] =
-{
-      10,    11,    12,     1,    13,     9,     7,     2,     8,     1,
-      17,     0,    18,    19,    22,    16,    20,    23,     0,     0,
-       0,     0,     0,    21
-};
-
-static const yytype_int8 yycheck[] =
-{
-       4,     5,     6,     3,     8,     0,     9,     7,     9,     3,
-       9,    -1,    10,     9,    11,     5,     9,     9,    -1,    -1,
-      -1,    -1,    -1,    14
-};
-
-/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
-   symbol of state STATE-NUM.  */
-static const yytype_uint8 yystos[] =
-{
-       0,     3,     7,    13,    14,    15,    16,     9,     9,     0,
-       4,     5,     6,     8,    17,    18,    16,     9,    10,     9,
-       9,    18,    11,     9
-};
-
-#define yyerrok		(yyerrstatus = 0)
-#define yyclearin	(yychar = YYEMPTY)
-#define YYEMPTY		(-2)
-#define YYEOF		0
-
-#define YYACCEPT	goto yyacceptlab
-#define YYABORT		goto yyabortlab
-#define YYERROR		goto yyerrorlab
-
-
-/* Like YYERROR except do call yyerror.  This remains here temporarily
-   to ease the transition to the new meaning of YYERROR, for GCC.
-   Once GCC version 2 has supplanted version 1, this can go.  */
-
-#define YYFAIL		goto yyerrlab
-
-#define YYRECOVERING()  (!!yyerrstatus)
-
-#define YYBACKUP(Token, Value)					\
-do								\
-  if (yychar == YYEMPTY && yylen == 1)				\
-    {								\
-      yychar = (Token);						\
-      yylval = (Value);						\
-      yytoken = YYTRANSLATE (yychar);				\
-      YYPOPSTACK (1);						\
-      goto yybackup;						\
-    }								\
-  else								\
-    {								\
-      yyerror (YY_("syntax error: cannot back up")); \
-      YYERROR;							\
-    }								\
-while (YYID (0))
-
-
-#define YYTERROR	1
-#define YYERRCODE	256
-
-
-/* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N].
-   If N is 0, then set CURRENT to the empty location which ends
-   the previous symbol: RHS[0] (always defined).  */
-
-#define YYRHSLOC(Rhs, K) ((Rhs)[K])
-#ifndef YYLLOC_DEFAULT
-# define YYLLOC_DEFAULT(Current, Rhs, N)				\
-    do									\
-      if (YYID (N))                                                    \
-	{								\
-	  (Current).first_line   = YYRHSLOC (Rhs, 1).first_line;	\
-	  (Current).first_column = YYRHSLOC (Rhs, 1).first_column;	\
-	  (Current).last_line    = YYRHSLOC (Rhs, N).last_line;		\
-	  (Current).last_column  = YYRHSLOC (Rhs, N).last_column;	\
-	}								\
-      else								\
-	{								\
-	  (Current).first_line   = (Current).last_line   =		\
-	    YYRHSLOC (Rhs, 0).last_line;				\
-	  (Current).first_column = (Current).last_column =		\
-	    YYRHSLOC (Rhs, 0).last_column;				\
-	}								\
-    while (YYID (0))
-#endif
-
-
-/* YY_LOCATION_PRINT -- Print the location on the stream.
-   This macro was not mandated originally: define only if we know
-   we won't break user code: when these are the locations we know.  */
-
-#ifndef YY_LOCATION_PRINT
-# if defined YYLTYPE_IS_TRIVIAL && YYLTYPE_IS_TRIVIAL
-#  define YY_LOCATION_PRINT(File, Loc)			\
-     fprintf (File, "%d.%d-%d.%d",			\
-	      (Loc).first_line, (Loc).first_column,	\
-	      (Loc).last_line,  (Loc).last_column)
-# else
-#  define YY_LOCATION_PRINT(File, Loc) ((void) 0)
-# endif
-#endif
-
-
-/* YYLEX -- calling `yylex' with the right arguments.  */
-
-#ifdef YYLEX_PARAM
-# define YYLEX yylex (YYLEX_PARAM)
-#else
-# define YYLEX yylex ()
-#endif
-
-/* Enable debugging if requested.  */
-#if YYDEBUG
-
-# ifndef YYFPRINTF
-#  include <stdio.h> /* INFRINGES ON USER NAME SPACE */
-#  define YYFPRINTF fprintf
-# endif
-
-# define YYDPRINTF(Args)			\
-do {						\
-  if (yydebug)					\
-    YYFPRINTF Args;				\
-} while (YYID (0))
-
-# define YY_SYMBOL_PRINT(Title, Type, Value, Location)			  \
-do {									  \
-  if (yydebug)								  \
-    {									  \
-      YYFPRINTF (stderr, "%s ", Title);					  \
-      yy_symbol_print (stderr,						  \
-		  Type, Value); \
-      YYFPRINTF (stderr, "\n");						  \
-    }									  \
-} while (YYID (0))
-
-
-/*--------------------------------.
-| Print this symbol on YYOUTPUT.  |
-`--------------------------------*/
-
-/*ARGSUSED*/
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yy_symbol_value_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
-#else
-static void
-yy_symbol_value_print (yyoutput, yytype, yyvaluep)
-    FILE *yyoutput;
-    int yytype;
-    YYSTYPE const * const yyvaluep;
-#endif
-{
-  if (!yyvaluep)
-    return;
-# ifdef YYPRINT
-  if (yytype < YYNTOKENS)
-    YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep);
-# else
-  YYUSE (yyoutput);
-# endif
-  switch (yytype)
-    {
-      default:
-	break;
-    }
-}
-
-
-/*--------------------------------.
-| Print this symbol on YYOUTPUT.  |
-`--------------------------------*/
-
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yy_symbol_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
-#else
-static void
-yy_symbol_print (yyoutput, yytype, yyvaluep)
-    FILE *yyoutput;
-    int yytype;
-    YYSTYPE const * const yyvaluep;
-#endif
-{
-  if (yytype < YYNTOKENS)
-    YYFPRINTF (yyoutput, "token %s (", yytname[yytype]);
-  else
-    YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]);
-
-  yy_symbol_value_print (yyoutput, yytype, yyvaluep);
-  YYFPRINTF (yyoutput, ")");
-}
-
-/*------------------------------------------------------------------.
-| yy_stack_print -- Print the state stack from its BOTTOM up to its |
-| TOP (included).                                                   |
-`------------------------------------------------------------------*/
-
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yy_stack_print (yytype_int16 *bottom, yytype_int16 *top)
-#else
-static void
-yy_stack_print (bottom, top)
-    yytype_int16 *bottom;
-    yytype_int16 *top;
-#endif
-{
-  YYFPRINTF (stderr, "Stack now");
-  for (; bottom <= top; ++bottom)
-    YYFPRINTF (stderr, " %d", *bottom);
-  YYFPRINTF (stderr, "\n");
-}
-
-# define YY_STACK_PRINT(Bottom, Top)				\
-do {								\
-  if (yydebug)							\
-    yy_stack_print ((Bottom), (Top));				\
-} while (YYID (0))
-
-
-/*------------------------------------------------.
-| Report that the YYRULE is going to be reduced.  |
-`------------------------------------------------*/
-
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yy_reduce_print (YYSTYPE *yyvsp, int yyrule)
-#else
-static void
-yy_reduce_print (yyvsp, yyrule)
-    YYSTYPE *yyvsp;
-    int yyrule;
-#endif
-{
-  int yynrhs = yyr2[yyrule];
-  int yyi;
-  unsigned long int yylno = yyrline[yyrule];
-  YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n",
-	     yyrule - 1, yylno);
-  /* The symbols being reduced.  */
-  for (yyi = 0; yyi < yynrhs; yyi++)
-    {
-      fprintf (stderr, "   $%d = ", yyi + 1);
-      yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi],
-		       &(yyvsp[(yyi + 1) - (yynrhs)])
-		       		       );
-      fprintf (stderr, "\n");
-    }
-}
-
-# define YY_REDUCE_PRINT(Rule)		\
-do {					\
-  if (yydebug)				\
-    yy_reduce_print (yyvsp, Rule); \
-} while (YYID (0))
-
-/* Nonzero means print parse trace.  It is left uninitialized so that
-   multiple parsers can coexist.  */
-int yydebug;
-#else /* !YYDEBUG */
-# define YYDPRINTF(Args)
-# define YY_SYMBOL_PRINT(Title, Type, Value, Location)
-# define YY_STACK_PRINT(Bottom, Top)
-# define YY_REDUCE_PRINT(Rule)
-#endif /* !YYDEBUG */
-
-
-/* YYINITDEPTH -- initial size of the parser's stacks.  */
-#ifndef	YYINITDEPTH
-# define YYINITDEPTH 200
-#endif
-
-/* YYMAXDEPTH -- maximum size the stacks can grow to (effective only
-   if the built-in stack extension method is used).
-
-   Do not make this value too large; the results are undefined if
-   YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH)
-   evaluated with infinite-precision integer arithmetic.  */
-
-#ifndef YYMAXDEPTH
-# define YYMAXDEPTH 10000
-#endif
-
-
-
-#if YYERROR_VERBOSE
-
-# ifndef yystrlen
-#  if defined __GLIBC__ && defined _STRING_H
-#   define yystrlen strlen
-#  else
-/* Return the length of YYSTR.  */
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static YYSIZE_T
-yystrlen (const char *yystr)
-#else
-static YYSIZE_T
-yystrlen (yystr)
-    const char *yystr;
-#endif
-{
-  YYSIZE_T yylen;
-  for (yylen = 0; yystr[yylen]; yylen++)
-    continue;
-  return yylen;
-}
-#  endif
-# endif
-
-# ifndef yystpcpy
-#  if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE
-#   define yystpcpy stpcpy
-#  else
-/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in
-   YYDEST.  */
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static char *
-yystpcpy (char *yydest, const char *yysrc)
-#else
-static char *
-yystpcpy (yydest, yysrc)
-    char *yydest;
-    const char *yysrc;
-#endif
-{
-  char *yyd = yydest;
-  const char *yys = yysrc;
-
-  while ((*yyd++ = *yys++) != '\0')
-    continue;
-
-  return yyd - 1;
-}
-#  endif
-# endif
-
-# ifndef yytnamerr
-/* Copy to YYRES the contents of YYSTR after stripping away unnecessary
-   quotes and backslashes, so that it's suitable for yyerror.  The
-   heuristic is that double-quoting is unnecessary unless the string
-   contains an apostrophe, a comma, or backslash (other than
-   backslash-backslash).  YYSTR is taken from yytname.  If YYRES is
-   null, do not copy; instead, return the length of what the result
-   would have been.  */
-static YYSIZE_T
-yytnamerr (char *yyres, const char *yystr)
-{
-  if (*yystr == '"')
-    {
-      YYSIZE_T yyn = 0;
-      char const *yyp = yystr;
-
-      for (;;)
-	switch (*++yyp)
-	  {
-	  case '\'':
-	  case ',':
-	    goto do_not_strip_quotes;
-
-	  case '\\':
-	    if (*++yyp != '\\')
-	      goto do_not_strip_quotes;
-	    /* Fall through.  */
-	  default:
-	    if (yyres)
-	      yyres[yyn] = *yyp;
-	    yyn++;
-	    break;
-
-	  case '"':
-	    if (yyres)
-	      yyres[yyn] = '\0';
-	    return yyn;
-	  }
-    do_not_strip_quotes: ;
-    }
-
-  if (! yyres)
-    return yystrlen (yystr);
-
-  return yystpcpy (yyres, yystr) - yyres;
-}
-# endif
-
-/* Copy into YYRESULT an error message about the unexpected token
-   YYCHAR while in state YYSTATE.  Return the number of bytes copied,
-   including the terminating null byte.  If YYRESULT is null, do not
-   copy anything; just return the number of bytes that would be
-   copied.  As a special case, return 0 if an ordinary "syntax error"
-   message will do.  Return YYSIZE_MAXIMUM if overflow occurs during
-   size calculation.  */
-static YYSIZE_T
-yysyntax_error (char *yyresult, int yystate, int yychar)
-{
-  int yyn = yypact[yystate];
-
-  if (! (YYPACT_NINF < yyn && yyn <= YYLAST))
-    return 0;
-  else
-    {
-      int yytype = YYTRANSLATE (yychar);
-      YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]);
-      YYSIZE_T yysize = yysize0;
-      YYSIZE_T yysize1;
-      int yysize_overflow = 0;
-      enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 };
-      char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
-      int yyx;
-
-# if 0
-      /* This is so xgettext sees the translatable formats that are
-	 constructed on the fly.  */
-      YY_("syntax error, unexpected %s");
-      YY_("syntax error, unexpected %s, expecting %s");
-      YY_("syntax error, unexpected %s, expecting %s or %s");
-      YY_("syntax error, unexpected %s, expecting %s or %s or %s");
-      YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s");
-# endif
-      char *yyfmt;
-      char const *yyf;
-      static char const yyunexpected[] = "syntax error, unexpected %s";
-      static char const yyexpecting[] = ", expecting %s";
-      static char const yyor[] = " or %s";
-      char yyformat[sizeof yyunexpected
-		    + sizeof yyexpecting - 1
-		    + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2)
-		       * (sizeof yyor - 1))];
-      char const *yyprefix = yyexpecting;
-
-      /* Start YYX at -YYN if negative to avoid negative indexes in
-	 YYCHECK.  */
-      int yyxbegin = yyn < 0 ? -yyn : 0;
-
-      /* Stay within bounds of both yycheck and yytname.  */
-      int yychecklim = YYLAST - yyn + 1;
-      int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS;
-      int yycount = 1;
-
-      yyarg[0] = yytname[yytype];
-      yyfmt = yystpcpy (yyformat, yyunexpected);
-
-      for (yyx = yyxbegin; yyx < yyxend; ++yyx)
-	if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR)
-	  {
-	    if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM)
-	      {
-		yycount = 1;
-		yysize = yysize0;
-		yyformat[sizeof yyunexpected - 1] = '\0';
-		break;
-	      }
-	    yyarg[yycount++] = yytname[yyx];
-	    yysize1 = yysize + yytnamerr (0, yytname[yyx]);
-	    yysize_overflow |= (yysize1 < yysize);
-	    yysize = yysize1;
-	    yyfmt = yystpcpy (yyfmt, yyprefix);
-	    yyprefix = yyor;
-	  }
-
-      yyf = YY_(yyformat);
-      yysize1 = yysize + yystrlen (yyf);
-      yysize_overflow |= (yysize1 < yysize);
-      yysize = yysize1;
-
-      if (yysize_overflow)
-	return YYSIZE_MAXIMUM;
-
-      if (yyresult)
-	{
-	  /* Avoid sprintf, as that infringes on the user's name space.
-	     Don't have undefined behavior even if the translation
-	     produced a string with the wrong number of "%s"s.  */
-	  char *yyp = yyresult;
-	  int yyi = 0;
-	  while ((*yyp = *yyf) != '\0')
-	    {
-	      if (*yyp == '%' && yyf[1] == 's' && yyi < yycount)
-		{
-		  yyp += yytnamerr (yyp, yyarg[yyi++]);
-		  yyf += 2;
-		}
-	      else
-		{
-		  yyp++;
-		  yyf++;
-		}
-	    }
-	}
-      return yysize;
-    }
-}
-#endif /* YYERROR_VERBOSE */
-
-
-/*-----------------------------------------------.
-| Release the memory associated to this symbol.  |
-`-----------------------------------------------*/
-
-/*ARGSUSED*/
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep)
-#else
-static void
-yydestruct (yymsg, yytype, yyvaluep)
-    const char *yymsg;
-    int yytype;
-    YYSTYPE *yyvaluep;
-#endif
-{
-  YYUSE (yyvaluep);
-
-  if (!yymsg)
-    yymsg = "Deleting";
-  YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp);
-
-  switch (yytype)
-    {
-
-      default:
-	break;
-    }
-}
-
-
-/* Prevent warnings from -Wmissing-prototypes.  */
-
-#ifdef YYPARSE_PARAM
-#if defined __STDC__ || defined __cplusplus
-int yyparse (void *YYPARSE_PARAM);
-#else
-int yyparse ();
-#endif
-#else /* ! YYPARSE_PARAM */
-#if defined __STDC__ || defined __cplusplus
-int yyparse (void);
-#else
-int yyparse ();
-#endif
-#endif /* ! YYPARSE_PARAM */
-
-
-
-/* The look-ahead symbol.  */
-int yychar;
-
-/* The semantic value of the look-ahead symbol.  */
-YYSTYPE yylval;
-
-/* Number of syntax errors so far.  */
-int yynerrs;
-
-
-
-/*----------.
-| yyparse.  |
-`----------*/
-
-#ifdef YYPARSE_PARAM
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-int
-yyparse (void *YYPARSE_PARAM)
-#else
-int
-yyparse (YYPARSE_PARAM)
-    void *YYPARSE_PARAM;
-#endif
-#else /* ! YYPARSE_PARAM */
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-int
-yyparse (void)
-#else
-int
-yyparse ()
-
-#endif
-#endif
-{
-  
-  int yystate;
-  int yyn;
-  int yyresult;
-  /* Number of tokens to shift before error messages enabled.  */
-  int yyerrstatus;
-  /* Look-ahead token as an internal (translated) token number.  */
-  int yytoken = 0;
-#if YYERROR_VERBOSE
-  /* Buffer for error messages, and its allocated size.  */
-  char yymsgbuf[128];
-  char *yymsg = yymsgbuf;
-  YYSIZE_T yymsg_alloc = sizeof yymsgbuf;
-#endif
-
-  /* Three stacks and their tools:
-     `yyss': related to states,
-     `yyvs': related to semantic values,
-     `yyls': related to locations.
-
-     Refer to the stacks thru separate pointers, to allow yyoverflow
-     to reallocate them elsewhere.  */
-
-  /* The state stack.  */
-  yytype_int16 yyssa[YYINITDEPTH];
-  yytype_int16 *yyss = yyssa;
-  yytype_int16 *yyssp;
-
-  /* The semantic value stack.  */
-  YYSTYPE yyvsa[YYINITDEPTH];
-  YYSTYPE *yyvs = yyvsa;
-  YYSTYPE *yyvsp;
-
-
-
-#define YYPOPSTACK(N)   (yyvsp -= (N), yyssp -= (N))
-
-  YYSIZE_T yystacksize = YYINITDEPTH;
-
-  /* The variables used to return semantic value and location from the
-     action routines.  */
-  YYSTYPE yyval;
-
-
-  /* The number of symbols on the RHS of the reduced rule.
-     Keep to zero when no symbol should be popped.  */
-  int yylen = 0;
-
-  YYDPRINTF ((stderr, "Starting parse\n"));
-
-  yystate = 0;
-  yyerrstatus = 0;
-  yynerrs = 0;
-  yychar = YYEMPTY;		/* Cause a token to be read.  */
-
-  /* Initialize stack pointers.
-     Waste one element of value and location stack
-     so that they stay on the same level as the state stack.
-     The wasted elements are never initialized.  */
-
-  yyssp = yyss;
-  yyvsp = yyvs;
-
-  goto yysetstate;
-
-/*------------------------------------------------------------.
-| yynewstate -- Push a new state, which is found in yystate.  |
-`------------------------------------------------------------*/
- yynewstate:
-  /* In all cases, when you get here, the value and location stacks
-     have just been pushed.  So pushing a state here evens the stacks.  */
-  yyssp++;
-
- yysetstate:
-  *yyssp = yystate;
-
-  if (yyss + yystacksize - 1 <= yyssp)
-    {
-      /* Get the current used size of the three stacks, in elements.  */
-      YYSIZE_T yysize = yyssp - yyss + 1;
-
-#ifdef yyoverflow
-      {
-	/* Give user a chance to reallocate the stack.  Use copies of
-	   these so that the &'s don't force the real ones into
-	   memory.  */
-	YYSTYPE *yyvs1 = yyvs;
-	yytype_int16 *yyss1 = yyss;
-
-
-	/* Each stack pointer address is followed by the size of the
-	   data in use in that stack, in bytes.  This used to be a
-	   conditional around just the two extra args, but that might
-	   be undefined if yyoverflow is a macro.  */
-	yyoverflow (YY_("memory exhausted"),
-		    &yyss1, yysize * sizeof (*yyssp),
-		    &yyvs1, yysize * sizeof (*yyvsp),
-
-		    &yystacksize);
-
-	yyss = yyss1;
-	yyvs = yyvs1;
-      }
-#else /* no yyoverflow */
-# ifndef YYSTACK_RELOCATE
-      goto yyexhaustedlab;
-# else
-      /* Extend the stack our own way.  */
-      if (YYMAXDEPTH <= yystacksize)
-	goto yyexhaustedlab;
-      yystacksize *= 2;
-      if (YYMAXDEPTH < yystacksize)
-	yystacksize = YYMAXDEPTH;
-
-      {
-	yytype_int16 *yyss1 = yyss;
-	union yyalloc *yyptr =
-	  (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize));
-	if (! yyptr)
-	  goto yyexhaustedlab;
-	YYSTACK_RELOCATE (yyss);
-	YYSTACK_RELOCATE (yyvs);
-
-#  undef YYSTACK_RELOCATE
-	if (yyss1 != yyssa)
-	  YYSTACK_FREE (yyss1);
-      }
-# endif
-#endif /* no yyoverflow */
-
-      yyssp = yyss + yysize - 1;
-      yyvsp = yyvs + yysize - 1;
-
-
-      YYDPRINTF ((stderr, "Stack size increased to %lu\n",
-		  (unsigned long int) yystacksize));
-
-      if (yyss + yystacksize - 1 <= yyssp)
-	YYABORT;
-    }
-
-  YYDPRINTF ((stderr, "Entering state %d\n", yystate));
-
-  goto yybackup;
-
-/*-----------.
-| yybackup.  |
-`-----------*/
-yybackup:
-
-  /* Do appropriate processing given the current state.  Read a
-     look-ahead token if we need one and don't already have one.  */
-
-  /* First try to decide what to do without reference to look-ahead token.  */
-  yyn = yypact[yystate];
-  if (yyn == YYPACT_NINF)
-    goto yydefault;
-
-  /* Not known => get a look-ahead token if don't already have one.  */
-
-  /* YYCHAR is either YYEMPTY or YYEOF or a valid look-ahead symbol.  */
-  if (yychar == YYEMPTY)
-    {
-      YYDPRINTF ((stderr, "Reading a token: "));
-      yychar = YYLEX;
-    }
-
-  if (yychar <= YYEOF)
-    {
-      yychar = yytoken = YYEOF;
-      YYDPRINTF ((stderr, "Now at end of input.\n"));
-    }
-  else
-    {
-      yytoken = YYTRANSLATE (yychar);
-      YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc);
-    }
-
-  /* If the proper action on seeing token YYTOKEN is to reduce or to
-     detect an error, take that action.  */
-  yyn += yytoken;
-  if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken)
-    goto yydefault;
-  yyn = yytable[yyn];
-  if (yyn <= 0)
-    {
-      if (yyn == 0 || yyn == YYTABLE_NINF)
-	goto yyerrlab;
-      yyn = -yyn;
-      goto yyreduce;
-    }
-
-  if (yyn == YYFINAL)
-    YYACCEPT;
-
-  /* Count tokens shifted since error; after three, turn off error
-     status.  */
-  if (yyerrstatus)
-    yyerrstatus--;
-
-  /* Shift the look-ahead token.  */
-  YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc);
-
-  /* Discard the shifted token unless it is eof.  */
-  if (yychar != YYEOF)
-    yychar = YYEMPTY;
-
-  yystate = yyn;
-  *++yyvsp = yylval;
-
-  goto yynewstate;
-
-
-/*-----------------------------------------------------------.
-| yydefault -- do the default action for the current state.  |
-`-----------------------------------------------------------*/
-yydefault:
-  yyn = yydefact[yystate];
-  if (yyn == 0)
-    goto yyerrlab;
-  goto yyreduce;
-
-
-/*-----------------------------.
-| yyreduce -- Do a reduction.  |
-`-----------------------------*/
-yyreduce:
-  /* yyn is the number of a rule to reduce with.  */
-  yylen = yyr2[yyn];
-
-  /* If YYLEN is nonzero, implement the default value of the action:
-     `$$ = $1'.
-
-     Otherwise, the following line sets YYVAL to garbage.
-     This behavior is undocumented and Bison
-     users should not rely upon it.  Assigning to YYVAL
-     unconditionally makes the parser a bit smaller, and it avoids a
-     GCC warning that YYVAL may be used uninitialized.  */
-  yyval = yyvsp[1-yylen];
-
-
-  YY_REDUCE_PRINT (yyn);
-  switch (yyn)
-    {
-        case 6:
-#line 73 "parse.y"
-    {
-		    id_str = (yyvsp[(2) - (2)].string);
-		}
-    break;
-
-  case 7:
-#line 79 "parse.y"
-    {
-		    base_id = name2number((yyvsp[(2) - (2)].string));
-		    strlcpy(name, (yyvsp[(2) - (2)].string), sizeof(name));
-		    free((yyvsp[(2) - (2)].string));
-		}
-    break;
-
-  case 8:
-#line 85 "parse.y"
-    {
-		    base_id = name2number((yyvsp[(2) - (3)].string));
-		    strlcpy(name, (yyvsp[(3) - (3)].string), sizeof(name));
-		    free((yyvsp[(2) - (3)].string));
-		    free((yyvsp[(3) - (3)].string));
-		}
-    break;
-
-  case 11:
-#line 98 "parse.y"
-    {
-			number = (yyvsp[(2) - (2)].number);
-		}
-    break;
-
-  case 12:
-#line 102 "parse.y"
-    {
-		    free(prefix);
-		    asprintf (&prefix, "%s_", (yyvsp[(2) - (2)].string));
-		    if (prefix == NULL)
-			errx(1, "malloc");
-		    free((yyvsp[(2) - (2)].string));
-		}
-    break;
-
-  case 13:
-#line 110 "parse.y"
-    {
-		    prefix = realloc(prefix, 1);
-		    if (prefix == NULL)
-			errx(1, "malloc");
-		    *prefix = '\0';
-		}
-    break;
-
-  case 14:
-#line 117 "parse.y"
-    {
-		    struct error_code *ec = malloc(sizeof(*ec));
-		    
-		    if (ec == NULL)
-			errx(1, "malloc");
-
-		    ec->next = NULL;
-		    ec->number = number;
-		    if(prefix && *prefix != '\0') {
-			asprintf (&ec->name, "%s%s", prefix, (yyvsp[(2) - (4)].string));
-			if (ec->name == NULL)
-			    errx(1, "malloc");
-			free((yyvsp[(2) - (4)].string));
-		    } else
-			ec->name = (yyvsp[(2) - (4)].string);
-		    ec->string = (yyvsp[(4) - (4)].string);
-		    APPEND(codes, ec);
-		    number++;
-		}
-    break;
-
-  case 15:
-#line 137 "parse.y"
-    {
-			YYACCEPT;
-		}
-    break;
-
-
-/* Line 1267 of yacc.c.  */
-#line 1470 "parse.c"
-      default: break;
-    }
-  YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc);
-
-  YYPOPSTACK (yylen);
-  yylen = 0;
-  YY_STACK_PRINT (yyss, yyssp);
-
-  *++yyvsp = yyval;
-
-
-  /* Now `shift' the result of the reduction.  Determine what state
-     that goes to, based on the state we popped back to and the rule
-     number reduced by.  */
-
-  yyn = yyr1[yyn];
-
-  yystate = yypgoto[yyn - YYNTOKENS] + *yyssp;
-  if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp)
-    yystate = yytable[yystate];
-  else
-    yystate = yydefgoto[yyn - YYNTOKENS];
-
-  goto yynewstate;
-
-
-/*------------------------------------.
-| yyerrlab -- here on detecting error |
-`------------------------------------*/
-yyerrlab:
-  /* If not already recovering from an error, report this error.  */
-  if (!yyerrstatus)
-    {
-      ++yynerrs;
-#if ! YYERROR_VERBOSE
-      yyerror (YY_("syntax error"));
-#else
-      {
-	YYSIZE_T yysize = yysyntax_error (0, yystate, yychar);
-	if (yymsg_alloc < yysize && yymsg_alloc < YYSTACK_ALLOC_MAXIMUM)
-	  {
-	    YYSIZE_T yyalloc = 2 * yysize;
-	    if (! (yysize <= yyalloc && yyalloc <= YYSTACK_ALLOC_MAXIMUM))
-	      yyalloc = YYSTACK_ALLOC_MAXIMUM;
-	    if (yymsg != yymsgbuf)
-	      YYSTACK_FREE (yymsg);
-	    yymsg = (char *) YYSTACK_ALLOC (yyalloc);
-	    if (yymsg)
-	      yymsg_alloc = yyalloc;
-	    else
-	      {
-		yymsg = yymsgbuf;
-		yymsg_alloc = sizeof yymsgbuf;
-	      }
-	  }
-
-	if (0 < yysize && yysize <= yymsg_alloc)
-	  {
-	    (void) yysyntax_error (yymsg, yystate, yychar);
-	    yyerror (yymsg);
-	  }
-	else
-	  {
-	    yyerror (YY_("syntax error"));
-	    if (yysize != 0)
-	      goto yyexhaustedlab;
-	  }
-      }
-#endif
-    }
-
-
-
-  if (yyerrstatus == 3)
-    {
-      /* If just tried and failed to reuse look-ahead token after an
-	 error, discard it.  */
-
-      if (yychar <= YYEOF)
-	{
-	  /* Return failure if at end of input.  */
-	  if (yychar == YYEOF)
-	    YYABORT;
-	}
-      else
-	{
-	  yydestruct ("Error: discarding",
-		      yytoken, &yylval);
-	  yychar = YYEMPTY;
-	}
-    }
-
-  /* Else will try to reuse look-ahead token after shifting the error
-     token.  */
-  goto yyerrlab1;
-
-
-/*---------------------------------------------------.
-| yyerrorlab -- error raised explicitly by YYERROR.  |
-`---------------------------------------------------*/
-yyerrorlab:
-
-  /* Pacify compilers like GCC when the user code never invokes
-     YYERROR and the label yyerrorlab therefore never appears in user
-     code.  */
-  if (/*CONSTCOND*/ 0)
-     goto yyerrorlab;
-
-  /* Do not reclaim the symbols of the rule which action triggered
-     this YYERROR.  */
-  YYPOPSTACK (yylen);
-  yylen = 0;
-  YY_STACK_PRINT (yyss, yyssp);
-  yystate = *yyssp;
-  goto yyerrlab1;
-
-
-/*-------------------------------------------------------------.
-| yyerrlab1 -- common code for both syntax error and YYERROR.  |
-`-------------------------------------------------------------*/
-yyerrlab1:
-  yyerrstatus = 3;	/* Each real token shifted decrements this.  */
-
-  for (;;)
-    {
-      yyn = yypact[yystate];
-      if (yyn != YYPACT_NINF)
-	{
-	  yyn += YYTERROR;
-	  if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR)
-	    {
-	      yyn = yytable[yyn];
-	      if (0 < yyn)
-		break;
-	    }
-	}
-
-      /* Pop the current state because it cannot handle the error token.  */
-      if (yyssp == yyss)
-	YYABORT;
-
-
-      yydestruct ("Error: popping",
-		  yystos[yystate], yyvsp);
-      YYPOPSTACK (1);
-      yystate = *yyssp;
-      YY_STACK_PRINT (yyss, yyssp);
-    }
-
-  if (yyn == YYFINAL)
-    YYACCEPT;
-
-  *++yyvsp = yylval;
-
-
-  /* Shift the error token.  */
-  YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp);
-
-  yystate = yyn;
-  goto yynewstate;
-
-
-/*-------------------------------------.
-| yyacceptlab -- YYACCEPT comes here.  |
-`-------------------------------------*/
-yyacceptlab:
-  yyresult = 0;
-  goto yyreturn;
-
-/*-----------------------------------.
-| yyabortlab -- YYABORT comes here.  |
-`-----------------------------------*/
-yyabortlab:
-  yyresult = 1;
-  goto yyreturn;
-
-#ifndef yyoverflow
-/*-------------------------------------------------.
-| yyexhaustedlab -- memory exhaustion comes here.  |
-`-------------------------------------------------*/
-yyexhaustedlab:
-  yyerror (YY_("memory exhausted"));
-  yyresult = 2;
-  /* Fall through.  */
-#endif
-
-yyreturn:
-  if (yychar != YYEOF && yychar != YYEMPTY)
-     yydestruct ("Cleanup: discarding lookahead",
-		 yytoken, &yylval);
-  /* Do not reclaim the symbols of the rule which action triggered
-     this YYABORT or YYACCEPT.  */
-  YYPOPSTACK (yylen);
-  YY_STACK_PRINT (yyss, yyssp);
-  while (yyssp != yyss)
-    {
-      yydestruct ("Cleanup: popping",
-		  yystos[*yyssp], yyvsp);
-      YYPOPSTACK (1);
-    }
-#ifndef yyoverflow
-  if (yyss != yyssa)
-    YYSTACK_FREE (yyss);
-#endif
-#if YYERROR_VERBOSE
-  if (yymsg != yymsgbuf)
-    YYSTACK_FREE (yymsg);
-#endif
-  /* Make sure YYID is used.  */
-  return YYID (yyresult);
-}
-
-
-#line 142 "parse.y"
-
-
-static long
-name2number(const char *str)
-{
-    const char *p;
-    long num = 0;
-    const char *x = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
-	"abcdefghijklmnopqrstuvwxyz0123456789_";
-    if(strlen(str) > 4) {
-	yyerror("table name too long");
-	return 0;
-    }
-    for(p = str; *p; p++){
-	char *q = strchr(x, *p);
-	if(q == NULL) {
-	    yyerror("invalid character in table name");
-	    return 0;
-	}
-	num = (num << 6) + (q - x) + 1;
-    }
-    num <<= 8;
-    if(num > 0x7fffffff)
-	num = -(0xffffffff - num + 1);
-    return num;
-}
-
-void
-yyerror (char *s)
-{
-     error_message ("%s\n", s);
-}
-
diff --git a/crypto/heimdal/lib/com_err/parse.h b/crypto/heimdal/lib/com_err/parse.h
deleted file mode 100644
index 23d7e0c7d98c..000000000000
--- a/crypto/heimdal/lib/com_err/parse.h
+++ /dev/null
@@ -1,81 +0,0 @@
-/* A Bison parser, made by GNU Bison 2.3.  */
-
-/* Skeleton interface for Bison's Yacc-like parsers in C
-
-   Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
-   Free Software Foundation, Inc.
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2, or (at your option)
-   any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 51 Franklin Street, Fifth Floor,
-   Boston, MA 02110-1301, USA.  */
-
-/* As a special exception, you may create a larger work that contains
-   part or all of the Bison parser skeleton and distribute that work
-   under terms of your choice, so long as that work isn't itself a
-   parser generator using the skeleton or a modified version thereof
-   as a parser skeleton.  Alternatively, if you modify or redistribute
-   the parser skeleton itself, you may (at your option) remove this
-   special exception, which will cause the skeleton and the resulting
-   Bison output files to be licensed under the GNU General Public
-   License without this special exception.
-
-   This special exception was added by the Free Software Foundation in
-   version 2.2 of Bison.  */
-
-/* Tokens.  */
-#ifndef YYTOKENTYPE
-# define YYTOKENTYPE
-   /* Put the tokens into the symbol table, so that GDB and other debuggers
-      know about them.  */
-   enum yytokentype {
-     ET = 258,
-     INDEX = 259,
-     PREFIX = 260,
-     EC = 261,
-     ID = 262,
-     END = 263,
-     STRING = 264,
-     NUMBER = 265
-   };
-#endif
-/* Tokens.  */
-#define ET 258
-#define INDEX 259
-#define PREFIX 260
-#define EC 261
-#define ID 262
-#define END 263
-#define STRING 264
-#define NUMBER 265
-
-
-
-
-#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
-typedef union YYSTYPE
-#line 53 "parse.y"
-{
-  char *string;
-  int number;
-}
-/* Line 1529 of yacc.c.  */
-#line 74 "parse.h"
-	YYSTYPE;
-# define yystype YYSTYPE /* obsolescent; will be withdrawn */
-# define YYSTYPE_IS_DECLARED 1
-# define YYSTYPE_IS_TRIVIAL 1
-#endif
-
-extern YYSTYPE yylval;
-
diff --git a/crypto/heimdal/lib/com_err/parse.y b/crypto/heimdal/lib/com_err/parse.y
deleted file mode 100644
index 315931389fe4..000000000000
--- a/crypto/heimdal/lib/com_err/parse.y
+++ /dev/null
@@ -1,173 +0,0 @@
-%{
-/*
- * Copyright (c) 1998 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "compile_et.h"
-#include "lex.h"
-
-RCSID("$Id: parse.y 15426 2005-06-16 19:21:42Z lha $");
-
-void yyerror (char *s);
-static long name2number(const char *str);
-
-extern char *yytext;
-
-/* This is for bison */
-
-#if !defined(alloca) && !defined(HAVE_ALLOCA)
-#define alloca(x) malloc(x)
-#endif
-
-%}
-
-%union {
-  char *string;
-  int number;
-}
-
-%token ET INDEX PREFIX EC ID END
-%token <string> STRING
-%token <number> NUMBER
-
-%%
-
-file		: /* */ 
-		| header statements
-		;
-
-header		: id et
-		| et
-		;
-
-id		: ID STRING
-		{
-		    id_str = $2;
-		}
-		;
-
-et		: ET STRING
-		{
-		    base_id = name2number($2);
-		    strlcpy(name, $2, sizeof(name));
-		    free($2);
-		}
-		| ET STRING STRING
-		{
-		    base_id = name2number($2);
-		    strlcpy(name, $3, sizeof(name));
-		    free($2);
-		    free($3);
-		}
-		;
-
-statements	: statement
-		| statements statement
-		;
-
-statement	: INDEX NUMBER 
-		{
-			number = $2;
-		}
-		| PREFIX STRING
-		{
-		    free(prefix);
-		    asprintf (&prefix, "%s_", $2);
-		    if (prefix == NULL)
-			errx(1, "malloc");
-		    free($2);
-		}
-		| PREFIX
-		{
-		    prefix = realloc(prefix, 1);
-		    if (prefix == NULL)
-			errx(1, "malloc");
-		    *prefix = '\0';
-		}
-		| EC STRING ',' STRING
-		{
-		    struct error_code *ec = malloc(sizeof(*ec));
-		    
-		    if (ec == NULL)
-			errx(1, "malloc");
-
-		    ec->next = NULL;
-		    ec->number = number;
-		    if(prefix && *prefix != '\0') {
-			asprintf (&ec->name, "%s%s", prefix, $2);
-			if (ec->name == NULL)
-			    errx(1, "malloc");
-			free($2);
-		    } else
-			ec->name = $2;
-		    ec->string = $4;
-		    APPEND(codes, ec);
-		    number++;
-		}
-		| END
-		{
-			YYACCEPT;
-		}
-		;
-
-%%
-
-static long
-name2number(const char *str)
-{
-    const char *p;
-    long num = 0;
-    const char *x = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
-	"abcdefghijklmnopqrstuvwxyz0123456789_";
-    if(strlen(str) > 4) {
-	yyerror("table name too long");
-	return 0;
-    }
-    for(p = str; *p; p++){
-	char *q = strchr(x, *p);
-	if(q == NULL) {
-	    yyerror("invalid character in table name");
-	    return 0;
-	}
-	num = (num << 6) + (q - x) + 1;
-    }
-    num <<= 8;
-    if(num > 0x7fffffff)
-	num = -(0xffffffff - num + 1);
-    return num;
-}
-
-void
-yyerror (char *s)
-{
-     error_message ("%s\n", s);
-}
diff --git a/crypto/heimdal/lib/com_err/roken_rename.h b/crypto/heimdal/lib/com_err/roken_rename.h
deleted file mode 100644
index 7c9b0ee10e94..000000000000
--- a/crypto/heimdal/lib/com_err/roken_rename.h
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Copyright (c) 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: roken_rename.h 14930 2005-04-24 19:43:06Z lha $ */
-
-#ifndef __roken_rename_h__
-#define __roken_rename_h__
-
-#ifndef HAVE_SNPRINTF
-#define snprintf _com_err_snprintf
-#endif
-#ifndef HAVE_VSNPRINTF
-#define vsnprintf _com_err_vsnprintf
-#endif
-#ifndef HAVE_ASPRINTF
-#define asprintf _com_err_asprintf
-#endif
-#ifndef HAVE_ASNPRINTF
-#define asnprintf _com_err_asnprintf
-#endif
-#ifndef HAVE_VASPRINTF
-#define vasprintf _com_err_vasprintf
-#endif
-#ifndef HAVE_VASNPRINTF
-#define vasnprintf _com_err_vasnprintf
-#endif
-#ifndef HAVE_STRLCPY
-#define strlcpy _com_err_strlcpy
-#endif
-
-
-#endif /* __roken_rename_h__ */
diff --git a/crypto/heimdal/lib/com_err/version-script.map b/crypto/heimdal/lib/com_err/version-script.map
deleted file mode 100644
index 43e2e020c0ce..000000000000
--- a/crypto/heimdal/lib/com_err/version-script.map
+++ /dev/null
@@ -1,18 +0,0 @@
-# $Id$
-
-HEIMDAL_COM_ERR_1.0 {
-	global:
-		com_right;
-		free_error_table;
-		initialize_error_table_r;
-		add_to_error_table;
-		com_err;
-		com_err_va;
-		error_message;
-		error_table_name;
-		init_error_table;
-		reset_com_err_hook;
-		set_com_err_hook;
-	local:
-		*;
-};
diff --git a/crypto/heimdal/lib/gssapi/8003.c b/crypto/heimdal/lib/gssapi/8003.c
deleted file mode 100644
index 3b481822b8cd..000000000000
--- a/crypto/heimdal/lib/gssapi/8003.c
+++ /dev/null
@@ -1,251 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: 8003.c,v 1.12.2.2 2003/09/18 21:30:57 lha Exp $");
-
-krb5_error_code
-gssapi_encode_om_uint32(OM_uint32 n, u_char *p)
-{
-  p[0] = (n >> 0)  & 0xFF;
-  p[1] = (n >> 8)  & 0xFF;
-  p[2] = (n >> 16) & 0xFF;
-  p[3] = (n >> 24) & 0xFF;
-  return 0;
-}
-
-krb5_error_code
-gssapi_encode_be_om_uint32(OM_uint32 n, u_char *p)
-{
-  p[0] = (n >> 24) & 0xFF;
-  p[1] = (n >> 16) & 0xFF;
-  p[2] = (n >> 8)  & 0xFF;
-  p[3] = (n >> 0)  & 0xFF;
-  return 0;
-}
-
-krb5_error_code
-gssapi_decode_om_uint32(u_char *p, OM_uint32 *n)
-{
-    *n = (p[0] << 0) | (p[1] << 8) | (p[2] << 16) | (p[3] << 24);
-    return 0;
-}
-
-krb5_error_code
-gssapi_decode_be_om_uint32(u_char *p, OM_uint32 *n)
-{
-    *n = (p[0] <<24) | (p[1] << 16) | (p[2] << 8) | (p[3] << 0);
-    return 0;
-}
-
-static krb5_error_code
-hash_input_chan_bindings (const gss_channel_bindings_t b,
-			  u_char *p)
-{
-  u_char num[4];
-  MD5_CTX md5;
-
-  MD5_Init(&md5);
-  gssapi_encode_om_uint32 (b->initiator_addrtype, num);
-  MD5_Update (&md5, num, sizeof(num));
-  gssapi_encode_om_uint32 (b->initiator_address.length, num);
-  MD5_Update (&md5, num, sizeof(num));
-  if (b->initiator_address.length)
-    MD5_Update (&md5,
-		b->initiator_address.value,
-		b->initiator_address.length);
-  gssapi_encode_om_uint32 (b->acceptor_addrtype, num);
-  MD5_Update (&md5, num, sizeof(num));
-  gssapi_encode_om_uint32 (b->acceptor_address.length, num);
-  MD5_Update (&md5, num, sizeof(num));
-  if (b->acceptor_address.length)
-    MD5_Update (&md5,
-		b->acceptor_address.value,
-		b->acceptor_address.length);
-  gssapi_encode_om_uint32 (b->application_data.length, num);
-  MD5_Update (&md5, num, sizeof(num));
-  if (b->application_data.length)
-    MD5_Update (&md5,
-		b->application_data.value,
-		b->application_data.length);
-  MD5_Final (p, &md5);
-  return 0;
-}
-
-/*
- * create a checksum over the chanel bindings in
- * `input_chan_bindings', `flags' and `fwd_data' and return it in
- * `result'
- */
-
-OM_uint32
-gssapi_krb5_create_8003_checksum (
-		      OM_uint32 *minor_status,    
-		      const gss_channel_bindings_t input_chan_bindings,
-		      OM_uint32 flags,
-		      const krb5_data *fwd_data,
-		      Checksum *result)
-{
-    u_char *p;
-
-    /* 
-     * see rfc1964 (section 1.1.1 (Initial Token), and the checksum value 
-     * field's format) */
-    result->cksumtype = 0x8003;
-    if (fwd_data->length > 0 && (flags & GSS_C_DELEG_FLAG))
-	result->checksum.length = 24 + 4 + fwd_data->length;
-    else 
-	result->checksum.length = 24;
-    result->checksum.data   = malloc (result->checksum.length);
-    if (result->checksum.data == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-  
-    p = result->checksum.data;
-    gssapi_encode_om_uint32 (16, p);
-    p += 4;
-    if (input_chan_bindings == GSS_C_NO_CHANNEL_BINDINGS) {
-	memset (p, 0, 16);
-    } else {
-	hash_input_chan_bindings (input_chan_bindings, p);
-    }
-    p += 16;
-    gssapi_encode_om_uint32 (flags, p);
-    p += 4;
-
-    if (fwd_data->length > 0 && (flags & GSS_C_DELEG_FLAG)) {
-#if 0
-	u_char *tmp;
-
-	result->checksum.length = 28 + fwd_data->length;
-	tmp = realloc(result->checksum.data, result->checksum.length);
-	if (tmp == NULL)
-	    return ENOMEM;
-	result->checksum.data = tmp;
-
-	p = (u_char*)result->checksum.data + 24;  
-#endif
-	*p++ = (1 >> 0) & 0xFF;                   /* DlgOpt */ /* == 1 */
-	*p++ = (1 >> 8) & 0xFF;                   /* DlgOpt */ /* == 0 */
-	*p++ = (fwd_data->length >> 0) & 0xFF;    /* Dlgth  */
-	*p++ = (fwd_data->length >> 8) & 0xFF;    /* Dlgth  */
-	memcpy(p, (unsigned char *) fwd_data->data, fwd_data->length);
-
-	p += fwd_data->length;
-    }
-     
-    return GSS_S_COMPLETE;
-}
-
-/*
- * verify the checksum in `cksum' over `input_chan_bindings'
- * returning  `flags' and `fwd_data'
- */
-
-OM_uint32
-gssapi_krb5_verify_8003_checksum(
-		      OM_uint32 *minor_status,    
-		      const gss_channel_bindings_t input_chan_bindings,
-		      const Checksum *cksum,
-		      OM_uint32 *flags,
-		      krb5_data *fwd_data)
-{
-    unsigned char hash[16];
-    unsigned char *p;
-    OM_uint32 length;
-    int DlgOpt;
-    static unsigned char zeros[16];
-
-    /* XXX should handle checksums > 24 bytes */
-    if(cksum->cksumtype != 0x8003 || cksum->checksum.length < 24) {
-	*minor_status = 0;
-	return GSS_S_BAD_BINDINGS;
-    }
-    
-    p = cksum->checksum.data;
-    gssapi_decode_om_uint32(p, &length);
-    if(length != sizeof(hash)) {
-	*minor_status = 0;
-	return GSS_S_BAD_BINDINGS;
-    }
-    
-    p += 4;
-    
-    if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS
-	&& memcmp(p, zeros, sizeof(zeros)) != 0) {
-	if(hash_input_chan_bindings(input_chan_bindings, hash) != 0) {
-	    *minor_status = 0;
-	    return GSS_S_BAD_BINDINGS;
-	}
-	if(memcmp(hash, p, sizeof(hash)) != 0) {
-	    *minor_status = 0;
-	    return GSS_S_BAD_BINDINGS;
-	}
-    }
-    
-    p += sizeof(hash);
-    
-    gssapi_decode_om_uint32(p, flags);
-    p += 4;
-
-    if (cksum->checksum.length > 24 && (*flags & GSS_C_DELEG_FLAG)) {
-	if(cksum->checksum.length < 28) {
-	    *minor_status = 0;
-	    return GSS_S_BAD_BINDINGS;
-	}
-    
-	DlgOpt = (p[0] << 0) | (p[1] << 8);
-	p += 2;
-	if (DlgOpt != 1) {
-	    *minor_status = 0;
-	    return GSS_S_BAD_BINDINGS;
-	}
-
-	fwd_data->length = (p[0] << 0) | (p[1] << 8);
-	p += 2;
-	if(cksum->checksum.length < 28 + fwd_data->length) {
-	    *minor_status = 0;
-	    return GSS_S_BAD_BINDINGS;
-	}
-	fwd_data->data = malloc(fwd_data->length);
-	if (fwd_data->data == NULL) {
-	    *minor_status = ENOMEM;
-	    return GSS_S_FAILURE;
-	}
-	memcpy(fwd_data->data, p, fwd_data->length);
-    }
-    
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/ChangeLog b/crypto/heimdal/lib/gssapi/ChangeLog
deleted file mode 100644
index 3a0c39f8763b..000000000000
--- a/crypto/heimdal/lib/gssapi/ChangeLog
+++ /dev/null
@@ -1,2863 +0,0 @@
-2008-01-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_ntlm.c: Test source name (and make the acceptor in ntlm gss
-	mech useful).
-
-2007-12-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ntlm/init_sec_context.c: Don't confuse target name and source
-	name, make regressiont tests pass again.
-	
-2007-12-29  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ntlm: clean up name handling
-
-2007-12-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ntlm/init_sec_context.c: Use credential if it was passed in.
-
-	* ntlm/acquire_cred.c: Check if there is initial creds with
-	_gss_ntlm_get_user_cred().
-
-	* ntlm/init_sec_context.c: Add _gss_ntlm_get_user_info() that
-	return the user info so it can be used by external modules.
-
-	* ntlm/inquire_cred.c: use the right error code.
-
-	* ntlm/inquire_cred.c: Return GSS_C_NO_CREDENTIAL if there is no
-	credential, ntlm have (not yet) a default credential.
-	
-	* mech/gss_release_oid_set.c: Avoid trying to deref NULL, from
-	Phil Fisher.
-
-2007-12-03  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* test_acquire_cred.c: Always try to fetch cred (even with
-	GSS_C_NO_NAME).
-
-2007-08-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* mech/gss_krb5.c: Readd gss_krb5_get_tkt_flags.
-
-2007-08-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* spnego/compat.c (_gss_spnego_internal_delete_sec_context):
-	release ctx->target_name too From Rafal Malinowski.
-
-2007-07-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* mech/gss_mech_switch.c: Don't try to do dlopen if system doesn't
-	have dlopen. From Rune of Chalmers.
-
-2007-07-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* mech/gss_duplicate_name.c: New signature of _gss_find_mn.
-
-	* mech/gss_init_sec_context.c: New signature of _gss_find_mn.
-
-	* mech/gss_acquire_cred.c: New signature of _gss_find_mn.
-
-	* mech/name.h: New signature of _gss_find_mn.
-
-	* mech/gss_canonicalize_name.c: New signature of _gss_find_mn.
-
-	* mech/gss_compare_name.c: New signature of _gss_find_mn.
-
-	* mech/gss_add_cred.c: New signature of _gss_find_mn.
-
-	* mech/gss_names.c (_gss_find_mn): Return an error code for
-	caller.
-
-	* spnego/accept_sec_context.c: remove checks that are done by the
-	previous function.
-
-	* Makefile.am: New library version.
-
-2007-07-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* mech/gss_oid_to_str.c: Refuse to print GSS_C_NULL_OID, from
-	Rafal Malinowski.
-
-	* spnego/spnego.asn1: Indent and make NegTokenInit and
-	NegTokenResp extendable.
-
-2007-06-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ntlm/inquire_cred.c: Implement _gss_ntlm_inquire_cred.
-
-	* mech/gss_display_status.c: Provide message for GSS_S_COMPLETE.
-	
-	* mech/context.c: If the canned string is "", its no use to the
-	user, make it fall back to the default error string.
-	
-2007-06-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* mech/gss_display_name.c (gss_display_name): no name ->
-	fail. From Rafal Malinswski.
-
-	* spnego/accept_sec_context.c: Wrap name in a spnego_name instead
-	of just a copy of the underlaying object. From Rafal Malinswski.
-
-	* spnego/accept_sec_context.c: Handle underlaying mech not
-	returning mn.
-
-	* mech/gss_accept_sec_context.c: Handle underlaying mech not
-	returning mn.
-
-	* spnego/accept_sec_context.c: Make sure src_name is always set to
-	GSS_C_NO_NAME when returning.
-
-	* krb5/acquire_cred.c (acquire_acceptor_cred): don't claim
-	everything is well on failure.  From Phil Fisher.
-
-	* mech/gss_duplicate_name.c: catch error (and ignore it)
-
-	* ntlm/init_sec_context.c: Use heim_ntlm_calculate_ntlm2_sess.
-
-	* mech/gss_accept_sec_context.c: Only wrap the delegated cred if
-	we got a delegated mech cred.  From Rafal Malinowski.
-
-	* spnego/accept_sec_context.c: Only wrap the delegated cred if we
-	are going to return it to the consumer.  From Rafal Malinowski.
-
-	* spnego/accept_sec_context.c: Fixed memory leak pointed out by
-	Rafal Malinowski, also while here moved to use NegotiationToken
-	for decoding.
-
-2007-06-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* krb5/prf.c (_gsskrb5_pseudo_random): add missing break.
-
-	* krb5/release_name.c: Set *minor_status unconditionallty, its
-	done later anyway.
-
-	* spnego/accept_sec_context.c: Init get_mic to 0.
-
-	* mech/gss_set_cred_option.c: Free memory in failure case, found
-	by beam.
-
-	* mech/gss_inquire_context.c: Handle mech_type being NULL.
-
-	* mech/gss_inquire_cred_by_mech.c: Handle cred_name being NULL.
-
-	* mech/gss_krb5.c: Free memory in error case, found by beam.
-
-2007-06-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ntlm/inquire_context.c: Use ctx->gssflags for flags.
-
-	* krb5/display_name.c: Use KRB5_PRINCIPAL_UNPARSE_DISPLAY, this is
-	not ment for machine consumption.
-
-2007-06-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ntlm/digest.c (kdc_alloc): free memory on failure, pointed out
-	by Rafal Malinowski.
-	
-	* ntlm/digest.c (kdc_destroy): free context when done, pointed out
-	by Rafal Malinowski.
-
-	* spnego/context_stubs.c (_gss_spnego_display_name): if input_name
-	is null, fail.  From Rafal Malinowski.
-	
-2007-06-04  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ntlm/digest.c: Free memory when done.
-	
-2007-06-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_ntlm.c: Test both with and without keyex.
-
-	* ntlm/digest.c: If we didn't set session key, don't expect one
-	back.
-
-	* test_ntlm.c: Set keyex flag and calculate session key.
-	
-2007-05-31  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* spnego/accept_sec_context.c: Use the return value before is
-	overwritten by later calls.  From Rafal Malinowski
-
-	* krb5/release_cred.c: Give an minor_status argument to
-	gss_release_oid_set.  From Rafal Malinowski
-	
-2007-05-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ntlm/accept_sec_context.c: Catch errors and return the up the
-	stack.
-
-	* test_kcred.c: more testing of lifetimes
-	
-2007-05-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Drop the gss oid_set function for the krb5 mech,
-	use the mech glue versions instead. Pointed out by Rafal
-	Malinowski.
-
-	* krb5: Use gss oid_set functions from mechglue
-
-2007-05-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ntlm/accept_sec_context.c: Set session key only if we are
-	returned a session key. Found by David Love.
-	
-2007-05-13  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* krb5/prf.c: switched MIN to min to make compile on solaris,
-	pointed out by David Love.
-	
-2007-05-09 Love H�rnquist �strand <lha@it.su.se>
-
-	* krb5/inquire_cred_by_mech.c: Fill in all of the variables if
-	they are passed in. Pointed out by Phil Fisher.
-	
-2007-05-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* krb5/inquire_cred.c: Fix copy and paste error, bug spotted by
-	from Phil Fisher.
-
-	* mech: dont keep track of gc_usage, just figure it out at
-	gss_inquire_cred() time
-
-	* mech/gss_mech_switch.c (add_builtin): ok for
-	__gss_mech_initialize() to return NULL
-
-	* test_kcred.c: more correct tests
-
-	* spnego/cred_stubs.c (gss_inquire_cred*): wrap the name with a
-	spnego_name.
-
-	* ntlm/inquire_cred.c: make ntlm gss_inquire_cred fail for now,
-	need to find default cred and friends.
-
-	* krb5/inquire_cred_by_mech.c: reimplement
-	
-2007-05-07  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ntlm/acquire_cred.c: drop unused variable.
-
-	* ntlm/acquire_cred.c: Reimplement.
-
-	* Makefile.am: add ntlm/digest.c
-
-	* ntlm: split out backend ntlm server processing
-
-2007-04-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ntlm/delete_sec_context.c (_gss_ntlm_delete_sec_context): free
-	credcache when done
-	
-2007-04-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ntlm/init_sec_context.c: ntlm-key credential entry is prefix with @
-	
-	* ntlm/init_sec_context.c (get_user_ccache): pick up the ntlm
-	creds from the krb5 credential cache.
-	
-2007-04-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ntlm/delete_sec_context.c: free the key stored in the context
-
-	* ntlm/ntlm.h: switch password for a key
-
-	* test_oid.c: Switch oid to one that is exported.
-	
-2007-04-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ntlm/init_sec_context.c: move where hash is calculated to make
-	it easier to add ccache support.
-
-	* Makefile.am: Add version-script.map to EXTRA_DIST.
-	
-2007-04-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Unconfuse newer versions of automake that doesn't
-	know the diffrence between depenences and setting variables. foo:
-	vs foo=.
-
-	* test_ntlm.c: delete sec context when done.
-
-	* version-script.map: export more symbols.
-	
-	* Makefile.am: add version script if ld supports it
-	
-	* version-script.map: add version script if ld supports it
-	
-2007-04-18  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: test_acquire_cred need test_common.[ch]
-
-	* test_acquire_cred.c: add more test options.
-
-	* krb5/external.c: add GSS_KRB5_CCACHE_NAME_X
-
-	* gssapi/gssapi_krb5.h: add GSS_KRB5_CCACHE_NAME_X
-
-	* krb5/set_sec_context_option.c: refactor code, implement
-	GSS_KRB5_CCACHE_NAME_X
-
-	* mech/gss_krb5.c: reimplement gss_krb5_ccache_name
-	
-2007-04-17  Love H�rnquist �strand <lha@it.su.se>
-	
-	* spnego/cred_stubs.c: Need to import spnego name before we can
-	use it as a gss_name_t.
-
-	* test_acquire_cred.c: use this test as part of the regression
-	suite.
-
-	* mech/gss_acquire_cred.c (gss_acquire_cred): dont init
-	cred->gc_mc every time in the loop.
-	
-2007-04-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: add test_common.h
-	
-2007-02-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss_acquire_cred.3: Add link for
-	gsskrb5_register_acceptor_identity.
-
-2007-02-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* krb5/copy_ccache.c: Try to leak less memory in the failure case.
-	
-2007-01-31  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* mech/gss_display_status.c: Use right printf formater.
-
-	* test_*.[ch]: split out the error printing function and try to
-	return better errors
-
-2007-01-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* krb5/init_sec_context.c: revert 1.75: (init_auth): only turn on
-	GSS_C_CONF_FLAG and GSS_C_INT_FLAG if the caller requseted it.
-	
-	This is because Kerberos always support INT|CONF, matches behavior
-	with MS and MIT. The creates problems for the GSS-SPNEGO mech.
-	
-2007-01-24  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* krb5/prf.c: constrain desired_output_len
-
-	* krb5/external.c (krb5_mech): add _gsskrb5_pseudo_random
-
-	* mech/gss_pseudo_random.c: Catch error from underlaying mech on
-	failure.
-
-	* Makefile.am: Add krb5/prf.c
-
-	* krb5/prf.c: gss_pseudo_random for krb5
-
-	* test_context.c: Checks for gss_pseudo_random.
-
-	* krb5/gkrb5_err.et: add KG_INPUT_TOO_LONG
-
-	* Makefile.am: Add mech/gss_pseudo_random.c
-
-	* gssapi/gssapi.h: try to load pseudo_random
-
-	* mech/gss_mech_switch.c: try to load pseudo_random
-
-	* mech/gss_pseudo_random.c: Add gss_pseudo_random.
-
-	* gssapi_mech.h: Add hook for gm_pseudo_random.
-	
-2007-01-17  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* test_context.c: Don't assume bufer from gss_display_status is
-	ok.
-
-	* mech/gss_wrap_size_limit.c: Reset out variables.
-
-	* mech/gss_wrap.c: Reset out variables.
-
-	* mech/gss_verify_mic.c: Reset out variables.
-
-	* mech/gss_utils.c: Reset out variables.
-
-	* mech/gss_release_oid_set.c: Reset out variables.
-
-	* mech/gss_release_cred.c: Reset out variables.
-
-	* mech/gss_release_buffer.c: Reset variables.
-
-	* mech/gss_oid_to_str.c: Reset out variables.
-
-	* mech/gss_inquire_sec_context_by_oid.c: Fix reset out variables.
-
-	* mech/gss_mech_switch.c: Reset out variables.
-
-	* mech/gss_inquire_sec_context_by_oid.c: Reset out variables.
-
-	* mech/gss_inquire_names_for_mech.c: Reset out variables.
-
-	* mech/gss_inquire_cred_by_oid.c: Reset out variables.
-
-	* mech/gss_inquire_cred_by_oid.c: Reset out variables.
-
-	* mech/gss_inquire_cred_by_mech.c: Reset out variables.
-
-	* mech/gss_inquire_cred.c: Reset out variables, fix memory leak.
-
-	* mech/gss_inquire_context.c: Reset out variables.
-
-	* mech/gss_init_sec_context.c: Zero out outbuffer on failure.
-
-	* mech/gss_import_name.c: Reset out variables.
-
-	* mech/gss_import_name.c: Reset out variables.
-
-	* mech/gss_get_mic.c: Reset out variables.
-
-	* mech/gss_export_name.c: Reset out variables.
-
-	* mech/gss_encapsulate_token.c: Reset out variables.
-
-	* mech/gss_duplicate_oid.c: Reset out variables.
-
-	* mech/gss_duplicate_oid.c: Reset out variables.
-
-	* mech/gss_duplicate_name.c: Reset out variables.
-
-	* mech/gss_display_status.c: Reset out variables.
-
-	* mech/gss_display_name.c: Reset out variables.
-
-	* mech/gss_delete_sec_context.c: Reset out variables using propper
-	macros.
-
-	* mech/gss_decapsulate_token.c: Reset out variables using propper
-	macros.
-
-	* mech/gss_add_cred.c: Reset out variables.
-
-	* mech/gss_acquire_cred.c: Reset out variables.
-
-	* mech/gss_accept_sec_context.c: Reset out variables using propper
-	macros.
-
-	* mech/gss_init_sec_context.c: Reset out variables.
-
-	* mech/mech_locl.h (_mg_buffer_zero): new macro that zaps a
-	gss_buffer_t
-
-2007-01-16  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* mech: sprinkel _gss_mg_error
-
-	* mech/gss_display_status.c (gss_display_status): use
-	_gss_mg_get_error to fetch the error from underlaying mech, if it
-	failes, let do the regular dance for GSS-CODE version and a
-	generic print-the-error code for MECH-CODE.
-
-	* mech/gss_oid_to_str.c: Don't include the NUL in the length of
-	the string.
-
-	* mech/context.h: Protoypes for _gss_mg_.
-
-	* mech/context.c: Glue to catch the error from the lower gss-api
-	layer and save that for later so gss_display_status() can show the
-	error.
-
-	* gss.c: Detect NTLM.
-	
-2007-01-11  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* mech/gss_accept_sec_context.c: spelling
-	
-2007-01-04  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: Include build (private) prototypes header files.
-
-	* Makefile.am (ntlmsrc): add ntlm/ntlm-private.h
-	
-2006-12-28  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ntlm/accept_sec_context.c: Pass signseal argument to
-	_gss_ntlm_set_key.
-
-	* ntlm/init_sec_context.c: Pass signseal argument to
-	_gss_ntlm_set_key.
-
-	* ntlm/crypto.c (_gss_ntlm_set_key): add signseal argument
-
-	* test_ntlm.c: add ntlmv2 test
-
-	* ntlm/ntlm.h: break out struct ntlmv2_key;
-
-	* ntlm/crypto.c (_gss_ntlm_set_key): set ntlm v2 keys.
-
-	* ntlm/accept_sec_context.c: Set dummy ntlmv2 keys and Check TI.
-
-	* ntlm/ntlm.h: NTLMv2 keys.
-
-	* ntlm/crypto.c: NTLMv2 sign and verify.
-	
-2006-12-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ntlm/accept_sec_context.c: Don't send targetinfo now.
-	
-	* ntlm/init_sec_context.c: Build ntlmv2 answer buffer.
-
-	* ntlm/init_sec_context.c: Leak less memory.
-
-	* ntlm/init_sec_context.c: Announce that we support key exchange.
-
-	* ntlm/init_sec_context.c: Add NTLM_NEG_NTLM2_SESSION, NTLMv2
-	session security (disable because missing sign and seal).
-	
-2006-12-19  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ntlm/accept_sec_context.c: split RC4 send and recv keystreams
-
-	* ntlm/init_sec_context.c: split RC4 send and recv keystreams
-
-	* ntlm/ntlm.h: split RC4 send and recv keystreams
-
-	* ntlm/crypto.c: Implement SEAL.
-
-	* ntlm/crypto.c: move gss_wrap/gss_unwrap here
-
-	* test_context.c: request INT and CONF from the gss layer, test
-	get and verify MIC.
-
-	* ntlm/ntlm.h: add crypto bits.
-
-	* ntlm/accept_sec_context.c: Save session master key.
-
-	* Makefile.am: Move get and verify mic to the same file (crypto.c)
-	since they share code.
-
-	* ntlm/crypto.c: Move get and verify mic to the same file since
-	they share code, implement NTLM v1 and dummy signatures.
-
-	* ntlm/init_sec_context.c: pass on GSS_C_CONF_FLAG and
-	GSS_C_INTEG_FLAG, save the session master key
-	
-	* spnego/accept_sec_context.c: try using gss_accept_sec_context()
-	on the opportunistic token instead of guessing the acceptor name
-	and do gss_acquire_cred, this make SPNEGO work like before.
-	
-2006-12-18  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ntlm/init_sec_context.c: Calculate the NTLM version 1 "master"
-	key.
-
-	* spnego/accept_sec_context.c: Resurect negHints for the acceptor
-	sends first packet.
-	
-	* Makefile.am: Add "windows" versions of the NegTokenInitWin and
-	friends.
-
-	* test_context.c: add --wrapunwrap flag
-
-	* spnego/compat.c: move _gss_spnego_indicate_mechtypelist() to
-	compat.c, use the sequence types of MechTypeList, make
-	add_mech_type() static.
-
-	* spnego/accept_sec_context.c: move
-	_gss_spnego_indicate_mechtypelist() to compat.c
-
-	* Makefile.am: Generate sequence code for MechTypeList
-
-	* spnego: check that the generated acceptor mechlist is acceptable too
-
-	* spnego/init_sec_context.c: Abstract out the initiator filter
-	function, it will be needed for the acceptor too.
-
-	* spnego/accept_sec_context.c: Abstract out the initiator filter
-	function, it will be needed for the acceptor too. Remove negHints.
-
-	* test_context.c: allow asserting return mech
-
-	* ntlm/accept_sec_context.c: add _gss_ntlm_allocate_ctx
-
-	* ntlm/acquire_cred.c: Check that the KDC seem to there and
-	answering us, we can't do better then that wen checking if we will
-	accept the credential.
-
-	* ntlm/get_mic.c: return GSS_S_UNAVAILABLE
-
-	* mech/utils.h: add _gss_free_oid, reverse of _gss_copy_oid
-
-	* mech/gss_utils.c: add _gss_free_oid, reverse of _gss_copy_oid
-
-	* spnego/spnego.asn1: Its very sad, but NegHints its are not part
-	of the NegTokenInit, this makes SPNEGO acceptor life a lot harder.
-	
-	* spnego: try harder to handle names better. handle missing
-	acceptor and initator creds better (ie dont propose/accept mech
-	that there are no credentials for) split NegTokenInit and
-	NegTokenResp in acceptor
-
-2006-12-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ntlm/import_name.c: Allocate the buffer from the right length.
-	
-2006-12-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ntlm/init_sec_context.c (init_sec_context): Tell the other side
-	what domain we think we are talking to.
-
-	* ntlm/delete_sec_context.c: free username and password
-
-	* ntlm/release_name.c (_gss_ntlm_release_name): free name.
-
-	* ntlm/import_name.c (_gss_ntlm_import_name): add support for
-	GSS_C_NT_HOSTBASED_SERVICE names
-
-	* ntlm/ntlm.h: Add ntlm_name.
-
-	* test_context.c: allow testing of ntlm.
-
-	* gssapi_mech.h: add __gss_ntlm_initialize
-
-	* ntlm/accept_sec_context.c (handle_type3): verify that the kdc
-	approved of the ntlm exchange too
-
-	* mech/gss_mech_switch.c: Add the builtin ntlm mech
-
-	* test_ntlm.c: NTLM test app.
-
-	* mech/gss_accept_sec_context.c: Add detection of NTLMSSP.
-
-	* gssapi/gssapi.h: add ntlm mech oid
-
-	* ntlm/external.c: Switch OID to the ms ntlmssp oid
-
-	* Makefile.am: Add ntlm gss-api module.
-
-	* ntlm/accept_sec_context.c: Catch more error errors.
-
-	* ntlm/accept_sec_context.c: Check after a credential to use.
-	
-2006-12-14  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* krb5/set_sec_context_option.c (GSS_KRB5_SET_DEFAULT_REALM_X):
-	don't fail on success.  Bug report from Stefan Metzmacher.
-	
-2006-12-13  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* krb5/init_sec_context.c (init_auth): only turn on
-	GSS_C_CONF_FLAG and GSS_C_INT_FLAG if the caller requseted it.
-	From Stefan Metzmacher.
-	
-2006-12-11  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am (libgssapi_la_OBJECTS): depends on gssapi_asn1.h
-	spnego_asn1.h.
-
-2006-11-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* krb5/acquire_cred.c: Make krb5_get_init_creds_opt_free take a
-	context argument.
-	
-2006-11-16  Love H�rnquist �strand <lha@it.su.se>
-	
-	* test_context.c: Test that token keys are the same, return
-	actual_mech.
-	
-2006-11-15  Love H�rnquist �strand <lha@it.su.se>
-
-	* spnego/spnego_locl.h: Make bitfields unsigned, add maybe_open.
-
-	* spnego/accept_sec_context.c: Use ASN.1 encoder functions to
-	encode CHOICE structure now that we can handle it.
-
-	* spnego/init_sec_context.c: Use ASN.1 encoder functions to encode
-	CHOICE structure now that we can handle it.
-
-	* spnego/accept_sec_context.c (_gss_spnego_accept_sec_context):
-	send back ad accept_completed when the security context is ->open,
-	w/o this the client doesn't know that the server have completed
-	the transaction.
-
-	* test_context.c: Add delegate flag and check that the delegated
-	cred works.
-
-	* spnego/init_sec_context.c: Keep track of the opportunistic token
-	in the inital message, it might be a complete gss-api context, in
-	that case we'll get back accept_completed without any token. With
-	this change, krb5 w/o mutual authentication works.
-
-	* spnego/accept_sec_context.c: Use ASN.1 encoder functions to
-	encode CHOICE structure now that we can handle it.
-
-	* spnego/accept_sec_context.c: Filter out SPNEGO from the out
-	supported mechs list and make sure we don't select that for the
-	preferred mechamism.
-	
-2006-11-14  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* mech/gss_init_sec_context.c (_gss_mech_cred_find): break out the
-	cred finding to its own function
-
-	* krb5/wrap.c: Better error strings, from Andrew Bartlet.
-	
-2006-11-13  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* test_context.c: Create our own krb5_context.
-
-	* krb5: Switch from using a specific error message context in the
-	TLS to have a whole krb5_context in TLS. This have some
-	interestion side-effekts for the configruration setting options
-	since they operate on per-thread basis now.
-
-	* mech/gss_set_cred_option.c: When calling ->gm_set_cred_option
-	and checking for success, use GSS_S_COMPLETE. From Andrew Bartlet.
-	
-2006-11-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Help solaris make even more.
-
-	* Makefile.am: Help solaris make.
-	
-2006-11-09  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: remove include $(srcdir)/Makefile-digest.am for now
-
-	* mech/gss_accept_sec_context.c: Try better guessing what is mech
-	we are going to select by looking harder at the input_token, idea
-	from Luke Howard's mechglue branch.
-
-	* Makefile.am: libgssapi_la_OBJECTS: add depency on gkrb5_err.h
-
-	* gssapi/gssapi_krb5.h: add GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X
-
-	* mech/gss_krb5.c: implement gss_krb5_set_allowable_enctypes
-
-	* gssapi/gssapi.h: GSS_KRB5_S_
-
-	* krb5/gsskrb5_locl.h: Include <gkrb5_err.h>.
-
-	* gssapi/gssapi_krb5.h: Add gss_krb5_set_allowable_enctypes.
-
-	* Makefile.am: Build and install gkrb5_err.h
-
-	* krb5/gkrb5_err.et: Move the GSS_KRB5_S error here.
-	
-2006-11-08  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* mech/gss_krb5.c: Add gsskrb5_set_default_realm.
-
-	* krb5/set_sec_context_option.c: Support
-	GSS_KRB5_SET_DEFAULT_REALM_X.
-
-	* gssapi/gssapi_krb5.h: add GSS_KRB5_SET_DEFAULT_REALM_X
-
-	* krb5/external.c: add GSS_KRB5_SET_DEFAULT_REALM_X
-	
-2006-11-07  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* test_context.c: rename krb5_[gs]et_time_wrap to
-	krb5_[gs]et_max_time_skew
-
-	* krb5/copy_ccache.c: _gsskrb5_extract_authz_data_from_sec_context
-	no longer used, bye bye
-
-	* mech/gss_krb5.c: No depenency of the krb5 gssapi mech.
-
-	* mech/gss_krb5.c (gsskrb5_extract_authtime_from_sec_context): use
-	_gsskrb5_decode_om_uint32. From Andrew Bartlet.
-
-	* mech/gss_krb5.c: Add dummy gss_krb5_set_allowable_enctypes for
-	now.
-
-	* spnego/spnego_locl.h: Include <roken.h> for compatiblity.
-
-	* krb5/arcfour.c: Use IS_DCE_STYLE flag. There is no padding in
-	DCE-STYLE, don't try to use to.  From Andrew Bartlett.
-
-	* test_context.c: test wrap/unwrap, add flag for dce-style and
-	mutual auth, also support multi-roundtrip sessions
-
-	* krb5/gsskrb5_locl.h: Add IS_DCE_STYLE macro.
-
-	* krb5/accept_sec_context.c (gsskrb5_acceptor_start): use
-	krb5_rd_req_ctx
-
-	* mech/gss_krb5.c (gsskrb5_get_subkey): return the per message
-	token subkey
-
-	* krb5/inquire_sec_context_by_oid.c: check if there is any key at
-	all
-	
-2006-11-06  Love H�rnquist �strand <lha@it.su.se>
-	
-	* krb5/inquire_sec_context_by_oid.c: Set more error strings, use
-	right enum for acceptor subkey.  From Andrew Bartlett.
-	
-2006-11-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_context.c: Test gsskrb5_extract_service_keyblock, needed in
-	PAC valication.  From Andrew Bartlett
-
-	* mech/gss_krb5.c: Add gsskrb5_extract_authz_data_from_sec_context
-	and keyblock extraction functions.
-
-	* gssapi/gssapi_krb5.h: Add extraction of keyblock function, from
-	Andrew Bartlett.
-
-	* krb5/external.c: Add GSS_KRB5_GET_SERVICE_KEYBLOCK_X
-	
-2006-11-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_context.c: Rename various routines and constants from
-	canonize to canonicalize.  From Andrew Bartlett
-
-	* mech/gss_krb5.c: Rename various routines and constants from
-	canonize to canonicalize.  From Andrew Bartlett
-
-	* krb5/set_sec_context_option.c: Rename various routines and
-	constants from canonize to canonicalize.  From Andrew Bartlett
-
-	* krb5/external.c: Rename various routines and constants from
-	canonize to canonicalize.  From Andrew Bartlett
-	
-	* gssapi/gssapi_krb5.h: Rename various routines and constants from
-	canonize to canonicalize.  From Andrew Bartlett
-	
-2006-10-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* krb5/accept_sec_context.c (gsskrb5_accept_delegated_token): need
-	to free ccache
-	
-2006-10-24  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* test_context.c (loop): free target_name
-
-	* mech/gss_accept_sec_context.c: SLIST_INIT the ->gc_mc'
-	
-	* mech/gss_acquire_cred.c : SLIST_INIT the ->gc_mc' 
-
-	* krb5/init_sec_context.c: Avoid leaking memory.
-
-	* mech/gss_buffer_set.c (gss_release_buffer_set): don't leak the
-	->elements memory.
-
-	* test_context.c: make compile
-
-	* krb5/cfx.c (_gssapi_verify_mic_cfx): always free crypto context.
-
-	* krb5/set_cred_option.c (import_cred): free sp
-	
-2006-10-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* mech/gss_add_oid_set_member.c: Use old implementation of
-	gss_add_oid_set_member, it leaks less memory.
-
-	* krb5/test_cfx.c: free krb5_crypto.
-
-	* krb5/test_cfx.c: free krb5_context
-
-	* mech/gss_release_name.c (gss_release_name): free input_name
-	it-self.
-	
-2006-10-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_context.c: Call setprogname.
-
-	* mech/gss_krb5.c: Add gsskrb5_extract_authtime_from_sec_context.
-
-	* gssapi/gssapi_krb5.h: add
-	gsskrb5_extract_authtime_from_sec_context
-	
-2006-10-20  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* krb5/inquire_sec_context_by_oid.c: Add get_authtime.
-
-	* krb5/external.c: add GSS_KRB5_GET_AUTHTIME_X
-
-	* gssapi/gssapi_krb5.h: add GSS_KRB5_GET_AUTHTIME_X
-
-	* krb5/set_sec_context_option.c: Implement GSS_KRB5_SEND_TO_KDC_X.
-
-	* mech/gss_krb5.c: Add gsskrb5_set_send_to_kdc
-
-	* gssapi/gssapi_krb5.h: Add GSS_KRB5_SEND_TO_KDC_X and
-	gsskrb5_set_send_to_kdc
-
-	* krb5/external.c: add GSS_KRB5_SEND_TO_KDC_X
-
-	* Makefile.am: more files
-	
-2006-10-19  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: remove spnego/gssapi_spnego.h, its now in gssapi/
-
-	* test_context.c: Allow specifing mech.
-
-	* krb5/external.c: add GSS_SASL_DIGEST_MD5_MECHANISM (for now)
-
-	* gssapi/gssapi.h: Rename GSS_DIGEST_MECHANISM to
-	GSS_SASL_DIGEST_MD5_MECHANISM
-	
-2006-10-18  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* mech/gssapi.asn1: Make it into a heim_any_set, its doesn't
-	except a tag.
-
-	* mech/gssapi.asn1: GSSAPIContextToken is IMPLICIT SEQUENCE
-
-	* gssapi/gssapi_krb5.h: add GSS_KRB5_GET_ACCEPTOR_SUBKEY_X
-
-	* krb5/external.c: Add GSS_KRB5_GET_ACCEPTOR_SUBKEY_X.
-
-	* gssapi/gssapi_krb5.h: add GSS_KRB5_GET_INITIATOR_SUBKEY_X and
-	GSS_KRB5_GET_SUBKEY_X
-
-	* krb5/external.c: add GSS_KRB5_GET_INITIATOR_SUBKEY_X,
-	GSS_KRB5_GET_SUBKEY_X
-	
-2006-10-17  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* test_context.c: Support switching on name type oid's
-
-	* test_context.c: add test for dns canon flag
-
-	* mech/gss_krb5.c: Add gsskrb5_set_dns_canonlize.
-
-	* gssapi/gssapi_krb5.h: remove gss_krb5_compat_des3_mic
-
-	* gssapi/gssapi_krb5.h: Add gsskrb5_set_dns_canonlize.
-
-	* krb5/set_sec_context_option.c: implement
-	GSS_KRB5_SET_DNS_CANONIZE_X
-
-	* gssapi/gssapi_krb5.h: add GSS_KRB5_SET_DNS_CANONIZE_X
-
-	* krb5/external.c: add GSS_KRB5_SET_DNS_CANONIZE_X
-
-	* mech/gss_krb5.c: add bits to make lucid context work
-	
-2006-10-14  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* mech/gss_oid_to_str.c: Prefix der primitives with der_.
-
-	* krb5/inquire_sec_context_by_oid.c: Prefix der primitives with
-	der_.
-
-	* krb5/encapsulate.c: Prefix der primitives with der_.
-
-	* mech/gss_oid_to_str.c: New der_print_heim_oid signature.
-	
-2006-10-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: add test_context
-
-	* krb5/inquire_sec_context_by_oid.c: Make it work.
-
-	* test_oid.c: Test lucid oid.
-
-	* gssapi/gssapi.h: Add OM_uint64_t.
-
-	* krb5/inquire_sec_context_by_oid.c: Add lucid interface.
-
-	* krb5/external.c: Add lucid interface, renumber oids to my
-	delegated space.
-
-	* mech/gss_krb5.c: Add lucid interface.
-
-	* gssapi/gssapi_krb5.h: Add lucid interface.
-
-	* spnego/spnego_locl.h: Maybe include <netdb.h>.
-	
-2006-10-09  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* mech/gss_mech_switch.c: define RTLD_LOCAL to 0 if not defined.
-	
-2006-10-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: install gssapi_krb5.H and gssapi_spnego.h
-
-	* gssapi/gssapi_krb5.h: Move krb5 stuff to <gssapi/gssapi_krb5.h>.
-
-	* gssapi/gssapi.h: Move krb5 stuff to <gssapi/gssapi_krb5.h>.
-
-	* Makefile.am: Drop some -I no longer needed.
-
-	* gssapi/gssapi_spnego.h: Move gssapi_spengo.h over here.
-
-	* krb5: reference all include files using 'krb5/'
-
-2006-10-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gssapi.h: Add file inclusion protection.
-
-	* gssapi/gssapi.h: Correct header file inclusion protection.
-
-	* gssapi/gssapi.h: Move the gssapi.h from lib/gssapi/ to
-	lib/gssapi/gssapi/ to please automake.
-	
-	* spnego/spnego_locl.h: Maybe include <sys/types.h>.
-
-	* mech/mech_locl.h: Include <roken.h>.
-
-	* Makefile.am: split build files into dist_ and noinst_ SOURCES
-	
-2006-10-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss.c: #if 0 out unused code.
-
-	* mech/gss_mech_switch.c: Cast argument to ctype(3) functions
-	to (unsigned char).
-	
-2006-10-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* mech/name.h: remove <sys/queue.h>
-
-	* mech/mech_switch.h: remove <sys/queue.h>
-	
-	* mech/cred.h: remove <sys/queue.h>
-
-2006-10-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* krb5/arcfour.c: Thinker more with header lengths.
-
-	* krb5/arcfour.c: Improve the calcucation of header
-	lengths. DCE-STYLE data is also padded so remove if (1 || ...)
-	code.
-
-	* krb5/wrap.c (_gsskrb5_wrap_size_limit): use
-	_gssapi_wrap_size_arcfour for arcfour
-
-	* krb5/arcfour.c: Move _gssapi_wrap_size_arcfour here.
-
-	* Makefile.am: Split all mech to diffrent mechsrc variables.
-
-	* spnego/context_stubs.c: Make internal function static (and
-	rename).
-	
-2006-10-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* krb5/inquire_cred.c: Fix "if (x) lock(y)" bug. From Harald
-	Barth.
-
-	* spnego/spnego_locl.h: Include <sys/param.h> for MAXHOSTNAMELEN.
-	
-2006-09-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* krb5/arcfour.c: Add wrap support, interrop with itself but not
-	w2k3s-sp1
-
-	* krb5/gsskrb5_locl.h: move the arcfour specific stuff to the
-	arcfour header.
-
-	* krb5/arcfour.c: Support DCE-style unwrap, tested with
-	w2k3server-sp1.
-
-	* mech/gss_accept_sec_context.c (gss_accept_sec_context): if the
-	token doesn't start with [APPLICATION 0] SEQUENCE, lets assume its
-	a DCE-style kerberos 5 connection. XXX this needs to be made
-	better in cause we get another GSS-API protocol violating
-	protocol. It should be possible to detach the Kerberos DCE-style
-	since it starts with a AP-REQ PDU, but that have to wait for now.
-	
-2006-09-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gssapi.h: Add GSS_C flags from
-	draft-brezak-win2k-krb-rc4-hmac-04.txt.
-
-	* krb5/delete_sec_context.c: Free service_keyblock and fwd_data,
-	indent.
-
-	* krb5/accept_sec_context.c: Merge of the acceptor part from the
-	samba patch by Stefan Metzmacher and Andrew Bartlet.
-
-	* krb5/init_sec_context.c: Add GSS_C_DCE_STYLE.
-
-	* krb5/{init_sec_context.c,gsskrb5_locl.h}: merge most of the
-	initiator part from the samba patch by Stefan Metzmacher and
-	Andrew Bartlet (still missing DCE/RPC support)
-
-2006-08-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss.c (help): use sl_slc_help().
-	
-2006-07-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss-commands.in: rename command to supported-mechanisms
-
-	* Makefile.am: Make gss objects depend on the slc built
-	gss-commands.h
-	
-2006-07-20  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* gss-commands.in: add slc commands for gss
-
-	* krb5/gsskrb5_locl.h: Remove dup prototype of _gsskrb5_init()
-
-	* Makefile.am: Add test_cfx
-
-	* krb5/external.c: add GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X
-
-	* krb5/set_sec_context_option.c: catch
-	GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X
-
-	* krb5/accept_sec_context.c: reimplement
-	gsskrb5_register_acceptor_identity
-
-	* mech/gss_krb5.c: implement gsskrb5_register_acceptor_identity
-
-	* mech/gss_inquire_mechs_for_name.c: call _gss_load_mech
-
-	* mech/gss_inquire_cred.c (gss_inquire_cred): call _gss_load_mech
-
-	* mech/gss_mech_switch.c: Make _gss_load_mech() atomic and run
-	only once, this have the side effect that _gss_mechs and
-	_gss_mech_oids is only initialized once, so if just the users of
-	these two global variables calls _gss_load_mech() first, it will
-	act as a barrier and make sure the variables are never changed and
-	we don't need to lock them.
-
-	* mech/utils.h: no need to mark functions extern.
-
-	* mech/name.h: no need to mark _gss_find_mn extern.
-	
-2006-07-19  Love H�rnquist �strand <lha@it.su.se>
-	
-	* krb5/cfx.c: Redo the wrap length calculations.
-
-	* krb5/test_cfx.c: test max_wrap_size in cfx.c
-
-	* mech/gss_display_status.c: Handle more error codes.
-	
-2006-07-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* mech/mech_locl.h: Include <krb5-types.h> and "mechqueue.h"
-
-	* mech/mechqueue.h: Add SLIST macros.
-
-	* krb5/inquire_context.c: Don't free return values on success.
-
-	* krb5/inquire_cred.c (_gsskrb5_inquire_cred): When cred provided
-	is the default cred, acquire the acceptor cred and initator cred
-	in two diffrent steps and then query them for the information,
-	this way, the code wont fail if there are no keytab, but there is
-	a credential cache.
-
-	* mech/gss_inquire_cred.c: move the check if we found any cred
-	where it matter for both cases
-	(default cred and provided cred)
-
-	* mech/gss_init_sec_context.c: If the desired mechanism can't
-	convert the name to a MN, fail with GSS_S_BAD_NAME rather then a
-	NULL de-reference.
-	
-2006-07-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* spnego/external.c: readd gss_spnego_inquire_names_for_mech
-
-	* spnego/spnego_locl.h: reimplement
-	gss_spnego_inquire_names_for_mech add support function
-	_gss_spnego_supported_mechs
-
-	* spnego/context_stubs.h: reimplement
-	gss_spnego_inquire_names_for_mech add support function
-	_gss_spnego_supported_mechs
-
-	* spnego/context_stubs.c: drop gss_spnego_indicate_mechs
-	
-	* mech/gss_indicate_mechs.c: if the underlaying mech doesn't
-	support gss_indicate_mechs, use the oid in the mechswitch
-	structure
-
-	* spnego/external.c: let the mech glue layer implement
-	gss_indicate_mechs
-
-	* spnego/cred_stubs.c (gss_spnego_acquire_cred): don't care about
-	desired_mechs, get our own list with indicate_mechs and remove
-	ourself.
-	
-2006-07-05 Love H�rnquist �strand <lha@it.su.se>
-
-	* spnego/external.c: remove gss_spnego_inquire_names_for_mech, let
-	the mechglue layer implement it
-	
-	* spnego/context_stubs.c: remove gss_spnego_inquire_names_for_mech, let
-	the mechglue layer implement it
-
-	* spnego/spnego_locl.c: remove gss_spnego_inquire_names_for_mech, let
-	the mechglue layer implement it
-
-2006-07-01  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* mech/gss_set_cred_option.c: fix argument to gss_release_cred
-	
-2006-06-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* krb5/init_sec_context.c: Make work on compilers that are
-	somewhat more picky then gcc4 (like gcc2.95)
-
-	* krb5/init_sec_context.c (do_delegation): use KDCOptions2int to
-	convert fwd_flags to an integer, since otherwise int2KDCOptions in
-	krb5_get_forwarded_creds wont do the right thing.
-
-	* mech/gss_set_cred_option.c (gss_set_cred_option): free memory on
-	failure
-
-	* krb5/set_sec_context_option.c (_gsskrb5_set_sec_context_option):
-	init global kerberos context
-
-	* krb5/set_cred_option.c (_gsskrb5_set_cred_option): init global
-	kerberos context
-
-	* mech/gss_accept_sec_context.c: Insert the delegated sub cred on
-	the delegated cred handle, not cred handle
-
-	* mech/gss_accept_sec_context.c (gss_accept_sec_context): handle
-	the case where ret_flags == NULL
-
-	* mech/gss_mech_switch.c (add_builtin): set
-	_gss_mech_switch->gm_mech_oid
-
-	* mech/gss_set_cred_option.c (gss_set_cred_option): laod mechs
-
-	* test_cred.c (gss_print_errors): don't try to print error when
-	gss_display_status failed
-
-	* Makefile.am: Add mech/gss_release_oid.c
-	
-	* mech/gss_release_oid.c: Add gss_release_oid, reverse of
-	gss_duplicate_oid
-
-	* spnego/compat.c: preferred_mech_type was allocated with
-	gss_duplicate_oid in one place and assigned static varianbles a
-	the second place. change that static assignement to
-	gss_duplicate_oid and bring back gss_release_oid.
-
-	* spnego/compat.c (_gss_spnego_delete_sec_context): don't release
-	preferred_mech_type and negotiated_mech_type, they where never
-	allocated from the begining.
-	
-2006-06-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* mech/gss_import_name.c (gss_import_name): avoid
-	type-punned/strict aliasing rules
-
-	* mech/gss_add_cred.c: avoid type-punned/strict aliasing rules
-
-	* gssapi.h: Make gss_name_t an opaque type.
-	
-	* krb5: make gss_name_t an opaque type
-
-	* krb5/set_cred_option.c: Add
-
-	* mech/gss_set_cred_option.c (gss_set_cred_option): support the
-	case where *cred_handle == NULL
-
-	* mech/gss_krb5.c (gss_krb5_import_cred): make sure cred is
-	GSS_C_NO_CREDENTIAL on failure.
-
-	* mech/gss_acquire_cred.c (gss_acquire_cred): if desired_mechs is
-	NO_OID_SET, there is a need to load the mechs, so always do that.
-	
-2006-06-28  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* krb5/inquire_cred_by_oid.c: Reimplement GSS_KRB5_COPY_CCACHE_X
-	to instead pass a fullname to the credential, then resolve and
-	copy out the content, and then close the cred.
-
-	* mech/gss_krb5.c: Reimplement GSS_KRB5_COPY_CCACHE_X to instead
-	pass a fullname to the credential, then resolve and copy out the
-	content, and then close the cred.
-	
-	* krb5/inquire_cred_by_oid.c: make "work", GSS_KRB5_COPY_CCACHE_X
-	interface needs to be re-done, currently its utterly broken.
-
-	* mech/gss_set_cred_option.c: Make work.
-
-	* krb5/external.c: Add _gsskrb5_set_{sec_context,cred}_option
-
-	* mech/gss_krb5.c (gss_krb5_import_cred): implement
-
-	* Makefile.am: Add gss_set_{sec_context,cred}_option and sort
-	
-	* mech/gss_set_{sec_context,cred}_option.c: add
-
-	* gssapi.h: Add GSS_KRB5_IMPORT_CRED_X
-
-	* test_*.c: make compile again
-
-	* Makefile.am: Add lib dependencies and test programs
-
-	* spnego: remove dependency on libkrb5
-
-	* mech: Bug fixes, cleanup, compiler warnings, restructure code.
-
-	* spnego: Rename gss_context_id_t and gss_cred_id_t to local names
-
-	* krb5: repro copy the krb5 files here
-
-	* mech: import Doug Rabson mechglue from freebsd
-	
-	* spnego: Import Luke Howard's SPNEGO from the mechglue branch
-
-2006-06-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gssapi.h: Add oid_to_str.
-
-	* Makefile.am: add oid_to_str and test_oid
-	
-	* oid_to_str.c: Add gss_oid_to_str
-
-	* test_oid.c: Add test for gss_oid_to_str()
-	
-2006-05-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* verify_mic.c: Less pointer signedness warnings.
-
-	* unwrap.c: Less pointer signedness warnings.
-
-	* arcfour.c: Less pointer signedness warnings.
-
-	* gssapi_locl.h: Use const void * to instead of unsigned char * to
-	avoid pointer signedness warnings.
-
-	* encapsulate.c: Use const void * to instead of unsigned char * to
-	avoid pointer signedness warnings.
-
-	* decapsulate.c: Use const void * to instead of unsigned char * to
-	avoid pointer signedness warnings.
-
-	* decapsulate.c: Less pointer signedness warnings.
-
-	* cfx.c: Less pointer signedness warnings.
-
-	* init_sec_context.c: Less pointer signedness warnings (partly by
-	using the new asn.1 CHOICE decoder)
-
-	* import_sec_context.c: Less pointer signedness warnings.
-
-2006-05-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* accept_sec_context.c (gsskrb5_is_cfx): always set is_cfx. From
-	Andrew Abartlet.
-	
-2006-05-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* get_mic.c (mic_des3): make sure message_buffer doesn't point to
-	free()ed memory on failure. Pointed out by IBM checker.
-	
-2006-05-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Rename u_intXX_t to uintXX_t
-	
-2006-05-04 Love H�rnquist �strand <lha@it.su.se>
-
-	* cfx.c: Less pointer signedness warnings.
-
-	* arcfour.c: Avoid pointer signedness warnings.
-
-	* gssapi_locl.h (gssapi_decode_*): make data argument const void *
-	
-	* 8003.c (gssapi_decode_*): make data argument const void *
-	
-2006-04-12  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* export_sec_context.c: Export sequence order element. From Wynn
-	Wilkes <wynn.wilkes@quest.com>.
-
-	* import_sec_context.c: Import sequence order element. From Wynn
-	Wilkes <wynn.wilkes@quest.com>.
-
-	* sequence.c (_gssapi_msg_order_import,_gssapi_msg_order_export):
-	New functions, used by {import,export}_sec_context.  From Wynn
-	Wilkes <wynn.wilkes@quest.com>.
-
-	* test_sequence.c: Add test for import/export sequence.
-	
-2006-04-09  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* add_cred.c: Check that cred != GSS_C_NO_CREDENTIAL, this is a
-	standard conformance failure, but much better then a crash.
-	
-2006-04-02  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* get_mic.c (get_mic*)_: make sure message_token is cleaned on
-	error, found by IBM checker.
-
-	* wrap.c (wrap*): Reset output_buffer on error, found by IBM
-	checker.
-	
-2006-02-15  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* import_name.c: Accept both GSS_C_NT_HOSTBASED_SERVICE and
-	GSS_C_NT_HOSTBASED_SERVICE_X as nametype for hostbased names.
-	
-2006-01-16  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* delete_sec_context.c (gss_delete_sec_context): if the context
-	handle is GSS_C_NO_CONTEXT, don't fall over.
-
-2005-12-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss_acquire_cred.3: Replace gss_krb5_import_ccache with
-	gss_krb5_import_cred and add more references
-	
-2005-12-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gssapi.h: Change gss_krb5_import_ccache to gss_krb5_import_cred,
-	it can handle keytabs too.
-
-	* add_cred.c (gss_add_cred): avoid deadlock
-
-	* context_time.c (gssapi_lifetime_left): define the 0 lifetime as
-	GSS_C_INDEFINITE.
-	
-2005-12-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* acquire_cred.c (acquire_acceptor_cred): only check if principal
-	exists if we got called with principal as an argument.
-
-	* acquire_cred.c (acquire_acceptor_cred): check that the acceptor
-	exists in the keytab before returning ok.
-	
-2005-11-29  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* copy_ccache.c (gss_krb5_import_cred): fix buglet, from Andrew
-	Bartlett.
-	
-2005-11-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_kcred.c: Rename gss_krb5_import_ccache to
-	gss_krb5_import_cred.
-	
-	* copy_ccache.c: Rename gss_krb5_import_ccache to
-	gss_krb5_import_cred and let it grow code to handle keytabs too.
-	
-2005-11-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* init_sec_context.c: Change sematics of ok-as-delegate to match
-	windows if
-	[gssapi]realm/ok-as-delegate=true is set, otherwise keep old
-	sematics.
-	
-	* release_cred.c (gss_release_cred): use
-	GSS_CF_DESTROY_CRED_ON_RELEASE to decide if the cache should be
-	krb5_cc_destroy-ed
-	
-	* acquire_cred.c (acquire_initiator_cred):
-	GSS_CF_DESTROY_CRED_ON_RELEASE on created credentials.
-
-	* accept_sec_context.c (gsskrb5_accept_delegated_token): rewrite
-	to use gss_krb5_import_ccache
-	
-2005-11-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* arcfour.c: Remove signedness warnings.
-	
-2005-10-31  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss_acquire_cred.3: Document that gss_krb5_import_ccache is copy
-	by reference.
-
-	* copy_ccache.c (gss_krb5_import_ccache): Instead of making a copy
-	of the ccache, make a reference by getting the name and resolving
-	the name. This way the cache is shared, this flipp side is of
-	course that if someone calls krb5_cc_destroy the cache is lost for
-	everyone.
-	
-	* test_kcred.c: Remove memory leaks.
-	
-2005-10-26  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: build test_kcred
-	
-	* gss_acquire_cred.3: Document gss_krb5_import_ccache
-
-	* gssapi.3: Sort and add gss_krb5_import_ccache.
-	
-	* acquire_cred.c (_gssapi_krb5_ccache_lifetime): break out code
-	used to extract lifetime from a credential cache
-
-	* gssapi_locl.h: Add _gssapi_krb5_ccache_lifetime, used to extract
-	lifetime from a credential cache.
-
-	* gssapi.h: add gss_krb5_import_ccache, reverse of
-	gss_krb5_copy_ccache
-
-	* copy_ccache.c: add gss_krb5_import_ccache, reverse of
-	gss_krb5_copy_ccache
-
-	* test_kcred.c: test gss_krb5_import_ccache
-	
-2005-10-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* acquire_cred.c (acquire_initiator_cred): use krb5_cc_cache_match
-	to find a matching creditial cache, if that failes, fallback to
-	the default cache.
-	
-2005-10-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gssapi_locl.h: Add gssapi_krb5_set_status and
-	gssapi_krb5_clear_status
-	
-	* init_sec_context.c (spnego_reply): Don't pass back raw Kerberos
-	errors, use GSS-API errors instead. From Michael B Allen.
-
-	* display_status.c: Add gssapi_krb5_clear_status,
-	gssapi_krb5_set_status for handling error messages.
-	
-2005-08-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* external.c: Use rk_UNCONST to avoid const warning.
-	
-	* display_status.c: Constify strings to avoid warnings.
-	
-2005-08-11 Love H�rnquist �strand  <lha@it.su.se>
-
-	* init_sec_context.c: avoid warnings, update (c)
-
-2005-07-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* init_sec_context.c (spnego_initial): use NegotiationToken
-	encoder now that we have one with the new asn1. compiler.
-	
-	* Makefile.am: the new asn.1 compiler includes the modules name in
-	the depend file
-
-2005-06-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* decapsulate.c: use rk_UNCONST
-
-	* ccache_name.c: rename to avoid shadowing
-
-	* gssapi_locl.h: give kret in GSSAPI_KRB5_INIT a more unique name
-	
-	* process_context_token.c: use rk_UNCONST to unconstify
-	
-	* test_cred.c: rename optind to optidx
-
-2005-05-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* init_sec_context.c (init_auth): honor ok-as-delegate if local
-	configuration approves
-
-	* gssapi_locl.h: prototype for _gss_check_compat
-
-	* compat.c: export check_compat as _gss_check_compat
-
-2005-05-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* init_sec_context.c: Prefix Der_class with ASN1_C_ to avoid
-	problems with system headerfiles that pollute the name space.
-
-	* accept_sec_context.c: Prefix Der_class with ASN1_C_ to avoid
-	problems with system headerfiles that pollute the name space.
-
-2005-05-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* init_sec_context.c (init_auth): set
-	KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED (for java compatibility),
-	also while here, use krb5_auth_con_addflags
-
-2005-05-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* arcfour.c (_gssapi_wrap_arcfour): fix calculating the encap
-	length. From: Tom Maher <tmaher@eecs.berkeley.edu>
-
-2005-05-02  Dave Love  <fx@gnu.org>
-
-	* test_cred.c (main): Call setprogname.
-
-2005-04-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* prefix all sequence symbols with _, they are not part of the
-	GSS-API api. By comment from Wynn Wilkes <wynnw@vintela.com>
-
-2005-04-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* accept_sec_context.c: break out the processing of the delegated
-	credential to a separate function to make error handling easier,
-	move the credential handling to after other setup is done
-	
-	* test_sequence.c: make less verbose in case of success
-
-	* Makefile.am: add test_sequence to TESTS
-
-2005-04-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* 8003.c (gssapi_krb5_verify_8003_checksum): check that cksum
-	isn't NULL From: Nicolas Pouvesle <npouvesle@tenablesecurity.com>
-
-2005-03-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: use $(LIB_roken)
-
-2005-03-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* display_status.c (gssapi_krb5_set_error_string): pass in the
-	krb5_context to krb5_free_error_string
-	
-2005-03-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* display_status.c (gssapi_krb5_set_error_string): don't misuse
-	the krb5_get_error_string api
-
-2005-03-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* compat.c (_gss_DES3_get_mic_compat): don't unlock mutex
-	here. Bug reported by Stefan Metzmacher <metze@samba.org>
-
-2005-02-21  Luke Howard  <lukeh@padl.com>
-
-	* init_sec_context.c: don't call krb5_get_credentials() with
-	  KRB5_TC_MATCH_KEYTYPE, it can lead to the credentials cache
-	  growing indefinitely as no key is found with KEYTYPE_NULL
-
-	* compat.c: remove GSS_C_EXPECTING_MECH_LIST_MIC_FLAG, it is
-	  no longer used (however the mechListMIC behaviour is broken,
-	  rfc2478bis support requires the code in the mechglue branch)
-
-	* init_sec_context.c: remove GSS_C_EXPECTING_MECH_LIST_MIC_FLAG
-
-	* gssapi.h: remove GSS_C_EXPECTING_MECH_LIST_MIC_FLAG
-
-2005-01-05  Luke Howard  <lukeh@padl.com>
-
-	* 8003.c: use symbolic name for checksum type
-
-	* accept_sec_context.c: allow client to indicate
-	  that subkey should be used
-
-	* acquire_cred.c: plug leak
-
-	* get_mic.c: use gss_krb5_get_subkey() instead
-	  of gss_krb5_get_{local,remote}key(), support
-	  KEYTYPE_ARCFOUR_56
-
-	* gssapi_local.c: use gss_krb5_get_subkey(),
-	  support KEYTYPE_ARCFOUR_56
-
-	* import_sec_context.c: plug leak
-
-	* unwrap.c: use gss_krb5_get_subkey(),
-	  support KEYTYPE_ARCFOUR_56
-
-	* verify_mic.c: use gss_krb5_get_subkey(),
-	  support KEYTYPE_ARCFOUR_56
-
-	* wrap.c: use gss_krb5_get_subkey(),
-	  support KEYTYPE_ARCFOUR_56
-
-2004-11-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* inquire_cred.c: Reverse order of HEIMDAL_MUTEX_unlock and
-	gss_release_cred to avoid deadlock, from Luke Howard
-	<lukeh@padl.com>.
-
-2004-09-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss_acquire_cred.3: gss_krb5_extract_authz_data_from_sec_context
-	was renamed to gsskrb5_extract_authz_data_from_sec_context
-	
-2004-08-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* unwrap.c: mutex buglet, From: Luke Howard <lukeh@PADL.COM>
-	
-	* arcfour.c: mutex buglet, From: Luke Howard <lukeh@PADL.COM>
-	
-2004-05-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gssapi.3: spelling from Josef El-Rayes <josef@FreeBSD.org> while
-	here, write some text about the SPNEGO situation
-	
-2004-04-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cfx.c: s/CTXAcceptorSubkey/CFXAcceptorSubkey/
-	
-2004-04-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gssapi.h: add GSS_C_EXPECTING_MECH_LIST_MIC_FLAG From: Luke
-	Howard <lukeh@padl.com>
-	
-	* init_sec_context.c (spnego_reply): use
-	_gss_spnego_require_mechlist_mic to figure out if we need to check
-	MechListMIC; From: Luke Howard <lukeh@padl.com>
-
-	* accept_sec_context.c (send_accept): use
-	_gss_spnego_require_mechlist_mic to figure out if we need to send
-	MechListMIC; From: Luke Howard <lukeh@padl.com>
-
-	* gssapi_locl.h: add _gss_spnego_require_mechlist_mic
-	From: Luke Howard <lukeh@padl.com>
-
-	* compat.c: add _gss_spnego_require_mechlist_mic for compatibility
-	with MS SPNEGO, From: Luke Howard <lukeh@padl.com>
-	
-2004-04-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* accept_sec_context.c (gsskrb5_is_cfx): krb5_keyblock->keytype is
-	an enctype, not keytype
-
-	* accept_sec_context.c: use ASN1_MALLOC_ENCODE
-	
-	* init_sec_context.c: avoid the malloc loop and just allocate the
-	propper amount of data
-
-	* init_sec_context.c (spnego_initial): handle mech_token better
-	
-2004-03-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gssapi.h: add gss_krb5_get_tkt_flags
-	
-	* Makefile.am: add ticket_flags.c
-	
-	* ticket_flags.c: Get ticket-flags from acceptor ticket From: Luke
-	Howard <lukeh@PADL.COM>
-	
-	* gss_acquire_cred.3: document gss_krb5_get_tkt_flags
-	
-2004-03-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* acquire_cred.c (gss_acquire_cred): check usage before even
-	bothering to process it, add both keytab and initial tgt if
-	requested
-
-	* wrap.c: support cfx, try to handle acceptor asserted subkey
-	
-	* unwrap.c: support cfx, try to handle acceptor asserted subkey
-	
-	* verify_mic.c: support cfx
-	
-	* get_mic.c: support cfx
-	
-	* test_sequence.c: handle changed signature of
-	gssapi_msg_order_create
-
-	* import_sec_context.c: handle acceptor asserted subkey
-	
-	* init_sec_context.c: handle acceptor asserted subkey
-	
-	* accept_sec_context.c: handle acceptor asserted subkey
-	
-	* sequence.c: add dummy use_64 argument to gssapi_msg_order_create
-	
-	* gssapi_locl.h: add partial support for CFX
-	
-	* Makefile.am (noinst_PROGRAMS) += test_cred
-	
-	* test_cred.c: gssapi credential testing
-
-	* test_acquire_cred.c: fix comment
-	
-2004-03-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* arcfour.h: drop structures for message formats, no longer used
-	
-	* arcfour.c: comment describing message formats
-
-	* accept_sec_context.c (spnego_accept_sec_context): make sure the
-	length of the choice element doesn't overrun us
-	
-	* init_sec_context.c (spnego_reply): make sure the length of the
-	choice element doesn't overrun us
-	
-	* spnego.asn1: move NegotiationToken to avoid warning
-	
-	* spnego.asn1: uncomment NegotiationToken
-	
-	* Makefile.am: spnego_files += asn1_NegotiationToken.x
-	
-2004-01-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gssapi.h: add gss_krb5_ccache_name
-	
-	* Makefile.am (libgssapi_la_SOURCES): += ccache_name.c
-	
-	* ccache_name.c (gss_krb5_ccache_name): help function enable to
-	set krb5 name, using out_name argument makes function no longer
-	thread-safe
-
-	* gssapi.3: add missing gss_krb5_ references
-	
-	* gss_acquire_cred.3: document gss_krb5_ccache_name
-	
-2003-12-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cfx.c: make rrc a modulus operation if its longer then the
-	length of the message, noticed by Sam Hartman
-
-2003-12-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* accept_sec_context.c: use krb5_auth_con_addflags
-	
-2003-12-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cfx.c: Wrap token id was in wrong order, found by Sam Hartman
-	
-2003-12-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cfx.c: add AcceptorSubkey (but no code understand it yet) ignore
-	unknown token flags
-	
-2003-11-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* accept_sec_context.c: Don't require timestamp to be set on
-	delegated token, its already protected by the outer token (and
-	windows doesn't alway send it) Pointed out by Zi-Bin Yang
-	<zbyang@decru.com> on heimdal-discuss
-
-2003-11-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cfx.c: fix {} error, pointed out by Liqiang Zhu
-	
-2003-11-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cfx.c: Sequence number should be stored in bigendian order From:
-	Luke Howard <lukeh@padl.com>
-	
-2003-11-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* delete_sec_context.c (gss_delete_sec_context): don't free
-	ticket, krb5_free_ticket does that now
-
-2003-11-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cfx.c: checksum the header last in MIC token, update to -03
-	From: Luke Howard <lukeh@padl.com>
-	
-2003-10-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* add_cred.c: If its a MEMORY cc, make a copy. We need to do this
-	since now gss_release_cred will destroy the cred. This should be
-	really be solved a better way.
-
-	* acquire_cred.c (gss_release_cred): if its a mcc, destroy it
-	rather the just release it Found by: "Zi-Bin Yang"
-	<zbyang@decru.com>
-
-	* acquire_cred.c (acquire_initiator_cred): use kret instead of ret
-	where appropriate
-
-2003-09-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss_acquire_cred.3: spelling
-	From: jmc <jmc@prioris.mini.pw.edu.pl>
-	
-2003-09-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cfx.c: - EC and RRC are big-endian, not little-endian - The
-	default is now to rotate regardless of GSS_C_DCE_STYLE. There are
-	no longer any references to GSS_C_DCE_STYLE.  - rrc_rotate()
-	avoids allocating memory on the heap if rrc <= 256
-	From: Luke Howard <lukeh@padl.com>
-	
-2003-09-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cfx.[ch]: rrc_rotate() was untested and broken, fix it.
-	Set and verify wrap Token->Filler.
-	Correct token ID for wrap tokens, 
-	were accidentally swapped with delete tokens.
-	From: Luke Howard <lukeh@PADL.COM>
-
-2003-09-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cfx.[ch]: no ASN.1-ish header on per-message tokens
-	From: Luke Howard <lukeh@PADL.COM>
-	
-2003-09-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* arcfour.h: remove depenency on gss_arcfour_mic_token and
-	gss_arcfour_warp_token
-
-	* arcfour.c: remove depenency on gss_arcfour_mic_token and
-	gss_arcfour_warp_token
-
-2003-09-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* 8003.c: remove #if 0'ed code
-	
-2003-09-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* accept_sec_context.c (gsskrb5_accept_sec_context): set sequence
-	number when not requesting mutual auth From: Luke Howard
-	<lukeh@PADL.COM>
-
-	* init_sec_context.c (init_auth): set sequence number when not
-	requesting mutual auth From: Luke Howard <lukeh@PADL.COM>
-	
-2003-09-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* arcfour.c (*): set minor_status
-	(gss_wrap): set conf_state to conf_req_flags on success
-	From: Luke Howard <lukeh@PADL.COM>
-	
-	* wrap.c (gss_wrap_size_limit): use existing function From: Luke
-	Howard <lukeh@PADL.COM>
-	
-2003-09-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* indicate_mechs.c (gss_indicate_mechs): in case of error, free
-	mech_set
-
-	* indicate_mechs.c (gss_indicate_mechs): add SPNEGO
-
-2003-09-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* init_sec_context.c (spnego_initial): catch errors and return
-	them
-
-	* init_sec_context.c (spnego_initial): add #if 0 out version of
-	the CHOICE branch encoding, also where here, free no longer used
-	memory
-
-2003-09-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss_acquire_cred.3: support GSS_SPNEGO_MECHANISM
-	
-	* accept_sec_context.c: SPNEGO doesn't include gss wrapping on
-	SubsequentContextToken like the Kerberos 5 mech does.
-	
-	* init_sec_context.c (spnego_reply): SPNEGO doesn't include gss
-	wrapping on SubsequentContextToken like the Kerberos 5 mech
-	does. Lets check for it anyway.
-	
-	* accept_sec_context.c: Add support for SPNEGO on the initator
-	side.  Implementation initially from Assar Westerlund, passes
-	though quite a lot of hands before I commited it.
-	
-	* init_sec_context.c: Add support for SPNEGO on the initator side.
-	Tested with ldap server on a Windows 2000 DC. Implementation
-	initially from Assar Westerlund, passes though quite a lot of
-	hands before I commited it.
-	
-	* gssapi.h: export GSS_SPNEGO_MECHANISM
-	
-	* gssapi_locl.h: include spnego_as.h add prototype for
-	gssapi_krb5_get_mech
-	
-	* decapsulate.c (gssapi_krb5_get_mech): make non static
-	
-	* Makefile.am: build SPNEGO file
-	
-2003-09-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* external.c: SPENGO and IAKERB oids
-	
-	* spnego.asn1: SPENGO ASN1
-	
-2003-09-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cfx.c: RRC also need to be zero before wraping them
-	From: Luke Howard <lukeh@PADL.COM>
-	
-2003-09-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* encapsulate.c (gssapi_krb5_encap_length): don't return void
-	
-2003-09-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* verify_mic.c: switch from the des_ to the DES_ api
-	
-	* get_mic.c: switch from the des_ to the DES_ api
-	
-	* unwrap.c: switch from the des_ to the DES_ api
-	
-	* wrap.c: switch from the des_ to the DES_ api
-	
-	* cfx.c: EC is not included in the checksum since the length might
-	change depending on the data.  From: Luke Howard <lukeh@PADL.COM>
-	
-	* acquire_cred.c: use
-	krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free
-
-2003-09-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* copy_ccache.c: rename
-	gss_krb5_extract_authz_data_from_sec_context to
-	gsskrb5_extract_authz_data_from_sec_context
-
-	* gssapi.h: rename gss_krb5_extract_authz_data_from_sec_context to
-	gsskrb5_extract_authz_data_from_sec_context
-	
-2003-08-31  Love H�rnquist �strand  <lha@it.su.se>
-
-	* copy_ccache.c (gss_krb5_extract_authz_data_from_sec_context):
-	check that we have a ticket before we start to use it
-	
-	* gss_acquire_cred.3: document
-	gss_krb5_extract_authz_data_from_sec_context
-	
-	* gssapi.h (gss_krb5_extract_authz_data_from_sec_context):
-	return the kerberos authorizationdata, from idea of Luke Howard
-
-	* copy_ccache.c (gss_krb5_extract_authz_data_from_sec_context):
-	return the kerberos authorizationdata, from idea of Luke Howard
-	
-	* verify_mic.c (gss_verify_mic_internal): switch type and key
-	argument
-
-2003-08-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cfx.[ch]: draft-ietf-krb-wg-gssapi-cfx-01.txt implemetation
-	From: Luke Howard <lukeh@PADL.COM>
-	
-2003-08-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* arcfour.c (arcfour_mic_cksum): use free_Checksum to free the
-	checksum
-
-	* arcfour.h: swap two last arguments to verify_mic for consistency
-	with des3
-
-	* wrap.c,unwrap.c,get_mic.c,verify_mic.c,cfx.c,cfx.h:
-	prefix cfx symbols with _gssapi_
-
-	* arcfour.c: release the right buffer
-	
-	* arcfour.c: rename token structure in consistency with rest of
-	GSS-API From: Luke Howard <lukeh@PADL.COM>
-	
-	* unwrap.c (unwrap_des3): use _gssapi_verify_pad
-	(unwrap_des): use _gssapi_verify_pad
-
-	* arcfour.c (_gssapi_wrap_arcfour): set the correct padding
-	(_gssapi_unwrap_arcfour): verify and strip padding
-
-	* gssapi_locl.h: added _gssapi_verify_pad
-	
-	* decapsulate.c (_gssapi_verify_pad): verify padding of a gss
-	wrapped message and return its length
-	
-	* arcfour.c: support KEYTYPE_ARCFOUR_56 keys, from Luke Howard
-	<lukeh@PADL.COM>
-	
-	* arcfour.c: use right seal alg, inherit keytype from parent key
-	
-	* arcfour.c: include the confounder in the checksum use the right
-	key usage number for warped/unwraped tokens
-	
-	* gssapi.h: add gss_krb5_nt_general_name as an mit compat glue
-	(same as GSS_KRB5_NT_PRINCIPAL_NAME)
-
-	* unwrap.c: hook in arcfour unwrap
-	
-	* wrap.c: hook in arcfour wrap
-	
-	* verify_mic.c: hook in arcfour verify_mic
-	
-	* get_mic.c: hook in arcfour get_mic
-	
-	* arcfour.c: implement wrap/unwarp
-	
-	* gssapi_locl.h: add gssapi_{en,de}code_be_om_uint32
-	
-	* 8003.c: add gssapi_{en,de}code_be_om_uint32
-	
-2003-08-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* arcfour.c (_gssapi_verify_mic_arcfour): Do the checksum on right
-	area. Swap filler check, it was reversed.
-	
-	* Makefile.am (libgssapi_la_SOURCES): += arcfour.c
-	
-	* gssapi_locl.h: include "arcfour.h"
-	
-	* arcfour.c: arcfour gss-api mech, get_mic/verify_mic working
-
-	* arcfour.h: arcfour gss-api mech, get_mic/verify_mic working
-	
-2003-08-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gssapi_locl.h: always include cfx.h add prototype for
-	_gssapi_decapsulate
-
-	* cfx.[ch]: Implementation of draft-ietf-krb-wg-gssapi-cfx-00.txt
-	from Luke Howard <lukeh@PADL.COM>
-
-	* decapsulate.c: add _gssapi_decapsulate, from Luke Howard
-	<lukeh@PADL.COM>
-	
-2003-08-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* unwrap.c: encap/decap now takes a oid if the enctype/keytype is
-	arcfour, return error add hook for cfx
-	
-	* verify_mic.c: encap/decap now takes a oid if the enctype/keytype
-	is arcfour, return error add hook for cfx
-	
-	* get_mic.c: encap/decap now takes a oid if the enctype/keytype is
-	arcfour, return error add hook for cfx
-	
-	* accept_sec_context.c: encap/decap now takes a oid
-	
-	* init_sec_context.c: encap/decap now takes a oid
-	
-	* gssapi_locl.h: include cfx.h if we need it lifetime is a
-	OM_uint32, depend on gssapi interface add all new encap/decap
-	functions
-	
-	* decapsulate.c: add decap functions that doesn't take the token
-	type also make all decap function take the oid mech that they
-	should use
-
-	* encapsulate.c: add encap functions that doesn't take the token
-	type also make all encap function take the oid mech that they
-	should use
-
-	* sequence.c (elem_insert): fix a off by one index counter
-	
-	* inquire_cred.c (gss_inquire_cred): handle cred_handle being
-	GSS_C_NO_CREDENTIAL and use the default cred then.
-	
-2003-08-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss_acquire_cred.3: break out extensions and document
-	gsskrb5_register_acceptor_identity
-
-2003-08-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_acquire_cred.c (print_time): time is returned in seconds
-	from now, not unix time
-
-2003-08-17  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* compat.c (check_compat): avoid leaking principal when finding a
-	match
-
-	* address_to_krb5addr.c: sa_size argument to krb5_addr2sockaddr is
-	a krb5_socklen_t
-
-	* acquire_cred.c (gss_acquire_cred): 4th argument to
-	gss_test_oid_set_member is a int
-
-2003-07-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* init_sec_context.c (repl_mutual): don't set kerberos error where
-	there was no kerberos error
-
-	* gssapi_locl.h: Add destruction/creation prototypes and structure
-	for the thread specific storage.
-
-	* display_status.c: use thread specific storage to set/get the
-	kerberos error message
-
-	* init.c: Provide locking around the creation of the global
-	krb5_context. Add destruction/creation functions for the thread
-	specific storage that the error string handling is using.
-	
-2003-07-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss_acquire_cred.3: add missing prototype and missing .Ft
-	arguments
-
-2003-06-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* verify_mic.c: reorder code so sequence numbers can can be used
-	
-	* unwrap.c: reorder code so sequence numbers can can be used
-	
-	* sequence.c: remove unused function, indent, add
-	gssapi_msg_order_f that filter gss flags to gss_msg_order flags
-	
-	* gssapi_locl.h: prototypes for
-	gssapi_{encode_om_uint32,decode_om_uint32} add sequence number
-	verifier prototypes
-
-	* delete_sec_context.c: destroy sequence number verifier
-	
-	* init_sec_context.c: remember to free data use sequence number
-	verifier
-	
-	* accept_sec_context.c: don't clear output_token twice remember to
-	free data use sequence number verifier
-	
-	* 8003.c: export and rename encode_om_uint32/decode_om_uint32 and
-	start to use them
-
-2003-06-09  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: can't have sequence.c in two different places
-
-2003-06-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_sequence.c: check rollover, print summery
-	
-	* wrap.c (sub_wrap_size): gss_wrap_size_limit() has
-	req_output_size and max_input_size around the wrong way -- it
-	returns the output token size for a given input size, rather than
-	the maximum input size for a given output token size.
-	
-	From: Luke Howard <lukeh@PADL.COM>
-	
-2003-06-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gssapi_locl.h: add prototypes for sequence.c
-	
-	* Makefile.am (libgssapi_la_SOURCES): add sequence.c
-	(test_sequence): build
-
-	* sequence.c: sequence number checks, order and replay
-	* test_sequence.c: sequence number checks, order and replay
-
-2003-06-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* accept_sec_context.c (gss_accept_sec_context): make sure time is
-	returned in seconds from now, not in kerberos time
-	
-	* acquire_cred.c (gss_aquire_cred): make sure time is returned in
-	seconds from now, not in kerberos time
-	
-	* init_sec_context.c (init_auth): if the cred is expired before we
-	tries to create a token, fail so the peer doesn't need reject us
-	(*): make sure time is returned in seconds from now, 
-	not in kerberos time
-	(repl_mutual): remember to unlock the context mutex
-
-	* context_time.c (gss_context_time): remove unused variable
-	
-	* verify_mic.c: make sure minor_status is always set, pointed out
-	by Luke Howard <lukeh@PADL.COM>
-
-2003-05-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* *.[ch]: do some basic locking (no reference counting so contexts 
-	  can be removed while still used)
-	- don't export gss_ctx_id_t_desc_struct and gss_cred_id_t_desc_struct
-	- make sure all lifetime are returned in seconds left until expired,
-	  not in unix epoch
-
-	* gss_acquire_cred.3: document argument lifetime_rec to function
-	gss_inquire_context
-
-2003-05-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_acquire_cred.c: test gss_add_cred more then once
-	
-2003-05-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gssapi.h: if __cplusplus, wrap the extern variable (just to be
-	safe) and functions in extern "C" { }
-	
-2003-04-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gssapi.3: more about the des3 mic mess
-	
-	* verify_mic.c (verify_mic_des3): always check if the mic is the
-	correct mic or the mic that old heimdal would have generated
-	
-2003-04-28  Jacques Vidrine  <nectar@kth.se>
-
-	* verify_mic.c (verify_mic_des3): If MIC verification fails,
-	retry using the `old' MIC computation (with zero IV).
-
-2003-04-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss_acquire_cred.3: more about difference between comparing IN
-	and MN
-
-	* gss_acquire_cred.3: more about name type and access control
-	
-2003-04-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss_acquire_cred.3: document gss_context_time
-	
-	* context_time.c: if lifetime of context have expired, set
-	time_rec to 0 and return GSS_S_CONTEXT_EXPIRED
-	
-	* gssapi.3: document [gssapi]correct_des3_mic
-	[gssapi]broken_des3_mic
-
-	* gss_acquire_cred.3: document gss_krb5_compat_des3_mic
-	
-	* compat.c (gss_krb5_compat_des3_mic): enable turning on/off des3
-	mic compat
-	(_gss_DES3_get_mic_compat): handle [gssapi]correct_des3_mic too
-
-	* gssapi.h (gss_krb5_compat_des3_mic): new function, turn on/off
-	des3 mic compat
-	(GSS_C_KRB5_COMPAT_DES3_MIC): cpp symbol that exists if
-	gss_krb5_compat_des3_mic exists
-	
-2003-04-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am:  (libgssapi_la_LDFLAGS): update major
-	version of gssapi for incompatiblity in 3des getmic support
-	
-2003-04-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: test_acquire_cred_LDADD: use libgssapi.la not
-	./libgssapi.la (make make -jN work)
-
-2003-04-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gssapi.3: spelling
-	
-	* gss_acquire_cred.3: Change .Fd #include <header.h> to .In
-	header.h, from Thomas Klausner <wiz@netbsd.org>
-
-	
-2003-04-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss_acquire_cred.3: spelling
-	
-	* Makefile.am: remove stuff that sneaked in with last commit
-	
-	* acquire_cred.c (acquire_initiator_cred): if the requested name
-	isn't in the ccache, also check keytab.  Extact the krbtgt for the
-	default realm to check how long the credentials will last.
-	
-	* add_cred.c (gss_add_cred): don't create a new ccache, just open
-	the old one; better check if output handle is compatible with new
-	(copied) handle
-
-	* test_acquire_cred.c: test gss_add_cred too
-	
-2003-04-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: build test_acquire_cred
-	
-	* test_acquire_cred.c: simple gss_acquire_cred test
-	
-2003-04-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss_acquire_cred.3: s/gssapi/GSS-API/
-	
-2003-03-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss_acquire_cred.3: document v1 interface (and that they are
-	obsolete)
-
-2003-03-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss_acquire_cred.3: list supported mechanism and nametypes
-	
-2003-03-16  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* gss_acquire_cred.3: text about gss_display_name
-
-	* Makefile.am (libgssapi_la_LDFLAGS): bump to 3:6:2
-	(libgssapi_la_SOURCES): add all new functions
-
-	* gssapi.3: now that we have a functions, uncomment the missing
-	ones
-
-	* gss_acquire_cred.3: now that we have a functions, uncomment the
-	missing ones
-
-	* process_context_token.c: implement gss_process_context_token
-	
-	* inquire_names_for_mech.c: implement gss_inquire_names_for_mech
-	
-	* inquire_mechs_for_name.c: implement gss_inquire_mechs_for_name
-	
-	* inquire_cred_by_mech.c: implement gss_inquire_cred_by_mech
-	
-	* add_cred.c: implement gss_add_cred
-	
-	* acquire_cred.c (gss_acquire_cred): more testing of input
-	argument, make sure output arguments are ok, since we don't know
-	the time_rec (for now), set it to time_req
-	
-	* export_sec_context.c: send lifetime, also set minor_status
-	
-	* get_mic.c: set minor_status
-	
-	* import_sec_context.c (gss_import_sec_context): add error
-	checking, pick up lifetime (if there is no lifetime, use
-	GSS_C_INDEFINITE)
-
-	* init_sec_context.c: take care to set export value to something
-	sane before we start so caller will have harmless values in them
-	if then function fails
-
-	* release_buffer.c (gss_release_buffer): set minor_status
-	
-	* wrap.c: make sure minor_status get set
-	
-	* verify_mic.c (gss_verify_mic_internal): rename verify_mic to
-	gss_verify_mic_internal and let it take the type as an argument,
-	(gss_verify_mic): call gss_verify_mic_internal
-	set minor_status
-	
-	* unwrap.c: set minor_status
-	
-	* test_oid_set_member.c (gss_test_oid_set_member): use
-	gss_oid_equal
-
-	* release_oid_set.c (gss_release_oid_set): set minor_status
-	
-	* release_name.c (gss_release_name): set minor_status
-	
-	* release_cred.c (gss_release_cred): set minor_status
-	
-	* add_oid_set_member.c (gss_add_oid_set_member): set minor_status
-	
-	* compare_name.c (gss_compare_name): set minor_status
-	
-	* compat.c (check_compat): make sure ret have a defined value
-	
-	* context_time.c (gss_context_time): set minor_status
-	
-	* copy_ccache.c (gss_krb5_copy_ccache): set minor_status
-	
-	* create_emtpy_oid_set.c (gss_create_empty_oid_set): set
-	minor_status
-
-	* delete_sec_context.c (gss_delete_sec_context): set minor_status
-	
-	* display_name.c (gss_display_name): set minor_status
-	
-	* display_status.c (gss_display_status): use gss_oid_equal, handle
-	supplementary errors
-
-	* duplicate_name.c (gss_duplicate_name): set minor_status
-	
-	* inquire_context.c (gss_inquire_context): set lifetime_rec now
-	when we know it, set minor_status
-
-	* inquire_cred.c (gss_inquire_cred): take care to set export value
-	to something sane before we start so caller will have harmless
-	values in them if the function fails
-	
-	* accept_sec_context.c (gss_accept_sec_context): take care to set
-	export value to something sane before we start so caller will have
-	harmless values in them if then function fails, set lifetime from
-	ticket expiration date
-
-	* indicate_mechs.c (gss_indicate_mechs): use
-	gss_create_empty_oid_set and gss_add_oid_set_member
-
-	* gssapi.h (gss_ctx_id_t_desc): store the lifetime in the cred,
-	since there is no ticket transfered in the exported context
-	
-	* export_name.c (gss_export_name): export name with
-	GSS_C_NT_EXPORT_NAME wrapping, not just the principal
-	
-	* import_name.c (import_export_name): new function, parses a
-	GSS_C_NT_EXPORT_NAME
-	(import_krb5_name): factor out common code of parsing krb5 name
-	(gss_oid_equal): rename from oid_equal
-
-	* gssapi_locl.h: add prototypes for gss_oid_equal and
-	gss_verify_mic_internal
-
-	* gssapi.h: comment out the argument names
-	
-2003-03-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gssapi.3: add LIST OF FUNCTIONS and copyright/license
-
-	* Makefile.am: s/gss_aquire_cred.3/gss_acquire_cred.3/
-	
-	* Makefile.am: man_MANS += gss_aquire_cred.3
-	
-2003-03-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss_aquire_cred.3: the gssapi api manpage
-	
-2003-03-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* inquire_context.c: (gss_inquire_context): rename argument open
-	to open_context
-
-	* gssapi.h (gss_inquire_context): rename argument open to open_context
-
-2003-02-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* init_sec_context.c (do_delegation): remove unused variable
-	subkey
-
-	* gssapi.3: all 0.5.x version had broken token delegation
-	
-2003-02-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* (init_auth): only generate one subkey
-
-2003-01-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* verify_mic.c (verify_mic_des3): fix 3des verify_mic to conform
-	to rfc (and mit kerberos), provide backward compat hook
-	
-	* get_mic.c (mic_des3): fix 3des get_mic to conform to rfc (and
-	mit kerberos), provide backward compat hook
-	
-	* init_sec_context.c (init_auth): check if we need compat for
-	older get_mic/verify_mic
-
-	* gssapi_locl.h: add prototype for _gss_DES3_get_mic_compat
-	
-	* gssapi.h (more_flags): add COMPAT_OLD_DES3
-	
-	* Makefile.am: add gssapi.3 and compat.c
-	
-	* gssapi.3: add gssapi COMPATIBILITY documentation
-	
-	* accept_sec_context.c (gss_accept_sec_context): check if we need
-	compat for older get_mic/verify_mic
-
-	* compat.c: check for compatiblity with other heimdal's 3des
-	get_mic/verify_mic
-
-2002-10-31  Johan Danielsson  <joda@pdc.kth.se>
-
-	* check return value from gssapi_krb5_init
-	
-	* 8003.c (gssapi_krb5_verify_8003_checksum): check size of input
-
-2002-09-03  Johan Danielsson  <joda@pdc.kth.se>
-
-	* wrap.c (wrap_des3): use ETYPE_DES3_CBC_NONE
-
-	* unwrap.c (unwrap_des3): use ETYPE_DES3_CBC_NONE
-
-2002-09-02  Johan Danielsson  <joda@pdc.kth.se>
-
-	* init_sec_context.c: we need to generate a local subkey here
-
-2002-08-20  Jacques Vidrine <n@nectar.com>
-
-	* acquire_cred.c, inquire_cred.c, release_cred.c: Use default
-	  credential resolution if gss_acquire_cred is called with
-	  GSS_C_NO_NAME.
-
-2002-06-20  Jacques Vidrine <n@nectar.com>
-
-	* import_name.c: Compare name types by value if pointers do
-	  not match.  Reported by: "Douglas E. Engert" <deengert@anl.gov>
-
-2002-05-20  Jacques Vidrine <n@nectar.com>
-
-	* verify_mic.c (gss_verify_mic), unwrap.c (gss_unwrap): initialize
-	  the qop_state parameter.  from Doug Rabson <dfr@nlsystems.com>
-
-2002-05-09  Jacques Vidrine <n@nectar.com>
-
-	* acquire_cred.c: handle GSS_C_INITIATE/GSS_C_ACCEPT/GSS_C_BOTH
-
-2002-05-08  Jacques Vidrine <n@nectar.com>
-
-	* acquire_cred.c: initialize gssapi; handle null desired_name
-
-2002-03-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: remove non-functional stuff accidentally committed
-
-2002-03-11  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libgssapi_la_LDFLAGS): bump version to 3:5:2
-	* 8003.c (gssapi_krb5_verify_8003_checksum): handle zero channel
-	bindings
-
-2001-10-31  Jacques Vidrine <n@nectar.com>
-
-	* get_mic.c (mic_des3): MIC computation using DES3/SHA1
-	was bogusly appending the message buffer to the result,
-	overwriting a heap buffer in the process.
-
-2001-08-29  Assar Westerlund  <assar@sics.se>
-
-	* 8003.c (gssapi_krb5_verify_8003_checksum,
-	gssapi_krb5_create_8003_checksum): make more consistent by always
-	returning an gssapi error and setting minor status.  update
-	callers
-
-2001-08-28  Jacques Vidrine  <n@nectar.com>
-
-	* accept_sec_context.c: Create a cache for delegated credentials
-	  when needed.
-
-2001-08-28  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libgssapi_la_LDFLAGS): set version to 3:4:2
-
-2001-08-23  Assar Westerlund  <assar@sics.se>
-
-	*  *.c: handle minor_status more consistently
-
-	* display_status.c (gss_display_status): handle krb5_get_err_text
-	failing
-
-2001-08-15  Johan Danielsson  <joda@pdc.kth.se>
-
-	* gssapi_locl.h: fix prototype for gssapi_krb5_init
-
-2001-08-13  Johan Danielsson  <joda@pdc.kth.se>
-
-	* accept_sec_context.c (gsskrb5_register_acceptor_identity): init
-	context and check return value from kt_resolve
-
-	* init.c: return error code
-
-2001-07-19  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libgssapi_la_LDFLAGS): update to 3:3:2
-
-2001-07-12  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libgssapi_la_LIBADD): add required library
-	dependencies
-
-2001-07-06  Assar Westerlund  <assar@sics.se>
-
-	* accept_sec_context.c (gsskrb5_register_acceptor_identity): set
-	the keytab to be used for gss_acquire_cred too'
-
-2001-07-03  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libgssapi_la_LDFLAGS): set version to 3:2:2
-
-2001-06-18  Assar Westerlund  <assar@sics.se>
-
-	* wrap.c: replace gss_krb5_getsomekey with gss_krb5_get_localkey
-	and gss_krb5_get_remotekey
-	* verify_mic.c: update krb5_auth_con function names use
-	gss_krb5_get_remotekey
-	* unwrap.c: replace gss_krb5_getsomekey with gss_krb5_get_localkey
-	and gss_krb5_get_remotekey
-	* gssapi_locl.h (gss_krb5_get_remotekey, gss_krb5_get_localkey):
-	add prototypes
-	* get_mic.c: update krb5_auth_con function names. use
-	gss_krb5_get_localkey
-	* accept_sec_context.c: update krb5_auth_con function names
-
-2001-05-17  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump version to 3:1:2
-
-2001-05-14  Assar Westerlund  <assar@sics.se>
-
-	* address_to_krb5addr.c: adapt to new address functions
-
-2001-05-11  Assar Westerlund  <assar@sics.se>
-
-	* try to return the error string from libkrb5 where applicable
-
-2001-05-08  Assar Westerlund  <assar@sics.se>
-
-	* delete_sec_context.c (gss_delete_sec_context): remember to free
-	the memory used by the ticket itself. from <tmartin@mirapoint.com>
-
-2001-05-04  Assar Westerlund  <assar@sics.se>
-
-	* gssapi_locl.h: add config.h for completeness
-	* gssapi.h: remove config.h, this is an installed header file
-	sys/types.h is not needed either
-	
-2001-03-12  Assar Westerlund  <assar@sics.se>
-
-	* acquire_cred.c (gss_acquire_cred): remove memory leaks.  from
-	Jason R Thorpe <thorpej@zembu.com>
-
-2001-02-18  Assar Westerlund  <assar@sics.se>
-
-	* accept_sec_context.c (gss_accept_sec_context): either return
-	gss_name NULL-ed or set
-
-	* import_name.c: set minor_status in some cases where it was not
-	done
-
-2001-02-15  Assar Westerlund  <assar@sics.se>
-
-	* wrap.c: use krb5_generate_random_block for the confounders
-
-2001-01-30  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libgssapi_la_LDFLAGS): bump version to 3:0:2
-	* acquire_cred.c, init_sec_context.c, release_cred.c: add support
-	for getting creds from a keytab, from fvdl@netbsd.org
-
-	* copy_ccache.c: add gss_krb5_copy_ccache
-
-2001-01-27  Assar Westerlund  <assar@sics.se>
-
-	* get_mic.c: cast parameters to des function to non-const pointers
- 	to handle the case where these functions actually take non-const
- 	des_cblock *
-
-2001-01-09  Assar Westerlund  <assar@sics.se>
-
-	* accept_sec_context.c (gss_accept_sec_context): use krb5_rd_cred2
-	instead of krb5_rd_cred
-
-2000-12-11  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libgssapi_la_LDFLAGS): bump to 2:3:1
-
-2000-12-08  Assar Westerlund  <assar@sics.se>
-
-	* wrap.c (wrap_des3): use the checksum as ivec when encrypting the
-	sequence number
-	* unwrap.c (unwrap_des3): use the checksum as ivec when encrypting
-	the sequence number
-	* init_sec_context.c (init_auth): always zero fwd_data
-
-2000-12-06  Johan Danielsson  <joda@pdc.kth.se>
-
-	* accept_sec_context.c: de-pointerise auth_context parameter to
-	krb5_mk_rep
-
-2000-11-15  Assar Westerlund  <assar@sics.se>
-
-	* init_sec_context.c (init_auth): update to new
-	krb5_build_authenticator
-
-2000-09-19  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libgssapi_la_LDFLAGS): bump to 2:2:1
-
-2000-08-27  Assar Westerlund  <assar@sics.se>
-
-	* init_sec_context.c: actually pay attention to `time_req'
-	* init_sec_context.c: re-organize.  leak less memory.
-	* gssapi_locl.h (gssapi_krb5_encapsulate, gss_krb5_getsomekey):
-	update prototypes add assert.h
-	* gssapi.h (GSS_KRB5_CONF_C_QOP_DES, GSS_KRB5_CONF_C_QOP_DES3_KD):
-	add
-	* verify_mic.c: re-organize and add 3DES code
-	* wrap.c: re-organize and add 3DES code
-	* unwrap.c: re-organize and add 3DES code
-	* get_mic.c: re-organize and add 3DES code
-	* encapsulate.c (gssapi_krb5_encapsulate): do not free `in_data',
-	let the caller do that.  fix the callers.
-
-2000-08-16  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump version to 2:1:1
-
-2000-07-29  Assar Westerlund  <assar@sics.se>
-
-	* decapsulate.c (gssapi_krb5_verify_header): sanity-check length
-
-2000-07-25  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: bump version to 2:0:1
-
-2000-07-22  Assar Westerlund  <assar@sics.se>
-
-	* gssapi.h: update OID for GSS_C_NT_HOSTBASED_SERVICE and other
-	details from rfc2744
-
-2000-06-29  Assar Westerlund  <assar@sics.se>
-
-	* address_to_krb5addr.c (gss_address_to_krb5addr): actually use
-	`int' instead of `sa_family_t' for the address family.
-
-2000-06-21  Assar Westerlund  <assar@sics.se>
-
-	* add support for token delegation.  From Daniel Kouril
-	<kouril@ics.muni.cz> and Miroslav Ruda <ruda@ics.muni.cz>
-
-2000-05-15  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libgssapi_la_LDFLAGS): set version to 1:1:1
-
-2000-04-12  Assar Westerlund  <assar@sics.se>
-
-	* release_oid_set.c (gss_release_oid_set): clear set for
-	robustness.  From GOMBAS Gabor <gombasg@inf.elte.hu>
-	* release_name.c (gss_release_name): reset input_name for
-	robustness.  From GOMBAS Gabor <gombasg@inf.elte.hu>
-	* release_buffer.c (gss_release_buffer): set value to NULL to be
-	more robust.  From GOMBAS Gabor <gombasg@inf.elte.hu>
-	* add_oid_set_member.c (gss_add_oid_set_member): actually check if
-	the oid is a member first.  leave the oid_set unchanged if realloc
-	fails.
-
-2000-02-13  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 1:0:1
-
-2000-02-12  Assar Westerlund  <assar@sics.se>
-
-	* gssapi_locl.h: add flags for import/export
-	* import_sec_context.c (import_sec_context: add flags for what
-	fields are included.  do not include the authenticator for now.
-	* export_sec_context.c (export_sec_context: add flags for what
-	fields are included.  do not include the authenticator for now.
-	* accept_sec_context.c (gss_accept_sec_context): set target in
-	context_handle
-
-2000-02-11  Assar Westerlund  <assar@sics.se>
-
-	* delete_sec_context.c (gss_delete_sec_context): set context to
-	GSS_C_NO_CONTEXT
-
-	* Makefile.am: add {export,import}_sec_context.c
-	* export_sec_context.c: new file
-	* import_sec_context.c: new file
-	* accept_sec_context.c (gss_accept_sec_context): set trans flag
-
-2000-02-07  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 0:5:0
-
-2000-01-26  Assar Westerlund  <assar@sics.se>
-
-	* delete_sec_context.c (gss_delete_sec_context): handle a NULL
-	output_token
-
-	* wrap.c: update to pseudo-standard APIs for md4,md5,sha.  some
-	changes to libdes calls to make them more portable.
-	* verify_mic.c: update to pseudo-standard APIs for md4,md5,sha.
-	some changes to libdes calls to make them more portable.
-	* unwrap.c: update to pseudo-standard APIs for md4,md5,sha.  some
-	changes to libdes calls to make them more portable.
-	* get_mic.c: update to pseudo-standard APIs for md4,md5,sha.  some
-	changes to libdes calls to make them more portable.
-	* 8003.c: update to pseudo-standard APIs for md4,md5,sha.
-
-2000-01-06  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 0:4:0
-
-1999-12-26  Assar Westerlund  <assar@sics.se>
-
-	* accept_sec_context.c (gss_accept_sec_context): always set
- 	`output_token'
-	* init_sec_context.c (init_auth): always initialize `output_token'
-	* delete_sec_context.c (gss_delete_sec_context): always set
- 	`output_token'
-
-1999-12-06  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump version to 0:3:0
-
-1999-10-20  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 0:2:0
-
-1999-09-21  Assar Westerlund  <assar@sics.se>
-
-	* init_sec_context.c (gss_init_sec_context): initialize `ticket'
-
-	* gssapi.h (gss_ctx_id_t_desc): add ticket in here.  ick.
-
-	* delete_sec_context.c (gss_delete_sec_context): free ticket
-
-	* accept_sec_context.c (gss_accept_sec_context): stove away
- 	`krb5_ticket' in context so that ugly programs such as
- 	gss_nt_server can get at it.  uck.
-
-1999-09-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* accept_sec_context.c: set minor_status
-
-1999-08-04  Assar Westerlund  <assar@sics.se>
-
-	* display_status.c (calling_error, routine_error): right shift the
- 	code to make it possible to index into the arrays
-
-1999-07-28  Assar Westerlund  <assar@sics.se>
-
-	* gssapi.h (GSS_C_AF_INET6): add
-
-	* import_name.c (import_hostbased_name): set minor_status
-
-1999-07-26  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 0:1:0
-
-Wed Apr  7 14:05:15 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* display_status.c: set minor_status
-
-	* init_sec_context.c: set minor_status
-
-	* lib/gssapi/init.c: remove donep (check gssapi_krb5_context
- 	directly)
-
diff --git a/crypto/heimdal/lib/gssapi/Makefile.am b/crypto/heimdal/lib/gssapi/Makefile.am
deleted file mode 100644
index 23264828221c..000000000000
--- a/crypto/heimdal/lib/gssapi/Makefile.am
+++ /dev/null
@@ -1,313 +0,0 @@
-# $Id: Makefile.am 22399 2008-01-11 14:25:47Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-AUTOMAKE_OPTIONS = subdir-objects
-
-AM_CPPFLAGS += -I$(srcdir)/../krb5 \
-	-I$(srcdir) \
-	-I$(srcdir)/mech \
-	$(INCLUDE_hcrypto) \
-	$(INCLUDE_krb4)
-
-lib_LTLIBRARIES = libgssapi.la
-
-krb5src = \
-	krb5/8003.c \
-	krb5/accept_sec_context.c \
-	krb5/acquire_cred.c \
-	krb5/add_cred.c \
-	krb5/address_to_krb5addr.c \
-	krb5/arcfour.c \
-	krb5/canonicalize_name.c \
-	krb5/ccache_name.c \
-	krb5/cfx.c \
-	krb5/cfx.h \
-	krb5/compare_name.c \
-	krb5/compat.c \
-	krb5/context_time.c \
-	krb5/copy_ccache.c \
-	krb5/decapsulate.c \
-	krb5/delete_sec_context.c \
-	krb5/display_name.c \
-	krb5/display_status.c \
-	krb5/duplicate_name.c \
-	krb5/encapsulate.c \
-	krb5/export_name.c \
-	krb5/export_sec_context.c \
-	krb5/external.c \
-	krb5/get_mic.c \
-	krb5/gsskrb5_locl.h \
-	krb5/gsskrb5-private.h \
-	krb5/import_name.c \
-	krb5/import_sec_context.c \
-	krb5/indicate_mechs.c \
-	krb5/init.c \
-	krb5/init_sec_context.c \
-	krb5/inquire_context.c \
-	krb5/inquire_cred.c \
-	krb5/inquire_cred_by_mech.c \
-	krb5/inquire_cred_by_oid.c \
-	krb5/inquire_mechs_for_name.c \
-	krb5/inquire_names_for_mech.c \
-	krb5/inquire_sec_context_by_oid.c \
-	krb5/process_context_token.c \
-	krb5/prf.c \
-	krb5/release_buffer.c \
-	krb5/release_cred.c \
-	krb5/release_name.c \
-	krb5/sequence.c \
-	krb5/set_cred_option.c \
-	krb5/set_sec_context_option.c \
-	krb5/ticket_flags.c \
-	krb5/unwrap.c \
-	krb5/v1.c \
-	krb5/verify_mic.c \
-	krb5/wrap.c
-
-mechsrc = \
-	mech/context.h \
-	mech/context.c \
-	mech/cred.h \
-	mech/gss_accept_sec_context.c \
-	mech/gss_acquire_cred.c \
-	mech/gss_add_cred.c \
-	mech/gss_add_oid_set_member.c \
-	mech/gss_buffer_set.c \
-	mech/gss_canonicalize_name.c \
-	mech/gss_compare_name.c \
-	mech/gss_context_time.c \
-	mech/gss_create_empty_oid_set.c \
-	mech/gss_decapsulate_token.c \
-	mech/gss_delete_sec_context.c \
-	mech/gss_display_name.c \
-	mech/gss_display_status.c \
-	mech/gss_duplicate_name.c \
-	mech/gss_duplicate_oid.c \
-	mech/gss_encapsulate_token.c \
-	mech/gss_export_name.c \
-	mech/gss_export_sec_context.c \
-	mech/gss_get_mic.c \
-	mech/gss_import_name.c \
-	mech/gss_import_sec_context.c \
-	mech/gss_indicate_mechs.c \
-	mech/gss_init_sec_context.c \
-	mech/gss_inquire_context.c \
-	mech/gss_inquire_cred.c \
-	mech/gss_inquire_cred_by_mech.c \
-	mech/gss_inquire_cred_by_oid.c \
-	mech/gss_inquire_mechs_for_name.c \
-	mech/gss_inquire_names_for_mech.c \
-	mech/gss_krb5.c \
-	mech/gss_mech_switch.c \
-	mech/gss_names.c \
-	mech/gss_oid_equal.c \
-	mech/gss_oid_to_str.c \
-	mech/gss_process_context_token.c \
-	mech/gss_pseudo_random.c \
-	mech/gss_release_buffer.c \
-	mech/gss_release_cred.c \
-	mech/gss_release_name.c \
-	mech/gss_release_oid.c \
-	mech/gss_release_oid_set.c \
-	mech/gss_seal.c \
-	mech/gss_set_cred_option.c \
-	mech/gss_set_sec_context_option.c \
-	mech/gss_sign.c \
-	mech/gss_test_oid_set_member.c \
-	mech/gss_unseal.c \
-	mech/gss_unwrap.c \
-	mech/gss_utils.c \
-	mech/gss_verify.c \
-	mech/gss_verify_mic.c \
-	mech/gss_wrap.c \
-	mech/gss_wrap_size_limit.c \
-	mech/gss_inquire_sec_context_by_oid.c \
-	mech/mech_switch.h \
-	mech/mechqueue.h \
-	mech/mech_locl.h \
-	mech/name.h \
-	mech/utils.h
-
-spnegosrc = \
-	spnego/accept_sec_context.c \
-	spnego/compat.c \
-	spnego/context_stubs.c \
-	spnego/cred_stubs.c \
-	spnego/external.c \
-	spnego/init_sec_context.c \
-	spnego/spnego_locl.h \
-	spnego/spnego-private.h
-
-ntlmsrc = \
-	ntlm/accept_sec_context.c \
-	ntlm/acquire_cred.c \
-	ntlm/add_cred.c \
-	ntlm/canonicalize_name.c \
-	ntlm/compare_name.c \
-	ntlm/context_time.c \
-	ntlm/crypto.c \
-	ntlm/delete_sec_context.c \
-	ntlm/display_name.c \
-	ntlm/display_status.c \
-	ntlm/duplicate_name.c \
-	ntlm/export_name.c \
-	ntlm/export_sec_context.c \
-	ntlm/external.c \
-	ntlm/ntlm.h \
-	ntlm/ntlm-private.h \
-	ntlm/import_name.c \
-	ntlm/import_sec_context.c \
-	ntlm/indicate_mechs.c \
-	ntlm/init_sec_context.c \
-	ntlm/inquire_context.c \
-	ntlm/inquire_cred.c \
-	ntlm/inquire_cred_by_mech.c \
-	ntlm/inquire_mechs_for_name.c \
-	ntlm/inquire_names_for_mech.c \
-	ntlm/process_context_token.c \
-	ntlm/release_cred.c \
-	ntlm/release_name.c \
-	ntlm/digest.c
-
-$(srcdir)/ntlm/ntlm-private.h:
-	cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p ntlm/ntlm-private.h $(ntlmsrc) || rm -f ntlm/ntlm-private.h
-
-dist_libgssapi_la_SOURCES  = \
-	$(krb5src) \
-	$(mechsrc) \
-	$(ntlmsrc) \
-	$(spnegosrc)
-
-nodist_libgssapi_la_SOURCES  = \
-	gkrb5_err.c \
-	gkrb5_err.h \
-	$(BUILT_SOURCES)
-
-libgssapi_la_LDFLAGS = -version-info 2:0:0
-
-if versionscript
-libgssapi_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
-endif
-
-libgssapi_la_LIBADD = \
-	$(top_builddir)/lib/ntlm/libheimntlm.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_com_err) \
-	$(LIB_hcrypto) \
-	$(LIBADD_roken)
-
-man_MANS = gssapi.3 gss_acquire_cred.3 mech/mech.5
-
-include_HEADERS = gssapi.h
-noinst_HEADERS = \
-	gssapi_mech.h \
-	ntlm/ntlm-private.h \
-	spnego/spnego-private.h \
-	krb5/gsskrb5-private.h
-nobase_include_HEADERS = \
-	gssapi/gssapi.h \
-	gssapi/gssapi_krb5.h \
-	gssapi/gssapi_spnego.h
-
-gssapidir = $(includedir)/gssapi
-nodist_gssapi_HEADERS = gkrb5_err.h
-
-gssapi_files = asn1_GSSAPIContextToken.x
-
-spnego_files =					\
-	asn1_ContextFlags.x			\
-	asn1_MechType.x				\
-	asn1_MechTypeList.x			\
-	asn1_NegotiationToken.x			\
-	asn1_NegotiationTokenWin.x		\
-	asn1_NegHints.x				\
-	asn1_NegTokenInit.x			\
-	asn1_NegTokenInitWin.x			\
-	asn1_NegTokenResp.x
-
-$(libgssapi_la_OBJECTS): $(srcdir)/krb5/gsskrb5-private.h
-$(libgssapi_la_OBJECTS): $(srcdir)/spnego/spnego-private.h
-$(libgssapi_la_OBJECTS): $(srcdir)/ntlm/ntlm-private.h
-
-$(libgssapi_la_OBJECTS): $(srcdir)/version-script.map
-
-BUILT_SOURCES = $(spnego_files:.x=.c) $(gssapi_files:.x=.c)
-
-CLEANFILES = $(BUILT_SOURCES) \
-	gkrb5_err.h gkrb5_err.c \
-	$(spnego_files) spnego_asn1.h spnego_asn1_files \
-	$(gssapi_files) gssapi_asn1.h gssapi_asn1_files \
-	gss-commands.h gss-commands.c
-
-$(spnego_files) spnego_asn1.h: spnego_asn1_files
-$(gssapi_files) gssapi_asn1.h: gssapi_asn1_files
-
-spnego_asn1_files: ../asn1/asn1_compile$(EXEEXT) $(srcdir)/spnego/spnego.asn1
-	../asn1/asn1_compile$(EXEEXT) --sequence=MechTypeList $(srcdir)/spnego/spnego.asn1 spnego_asn1
-
-gssapi_asn1_files: ../asn1/asn1_compile$(EXEEXT) $(srcdir)/mech/gssapi.asn1
-	../asn1/asn1_compile$(EXEEXT) $(srcdir)/mech/gssapi.asn1 gssapi_asn1
-
-$(srcdir)/krb5/gsskrb5-private.h:
-	cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p krb5/gsskrb5-private.h $(krb5src) || rm -f krb5/gsskrb5-private.h
-
-$(srcdir)/spnego/spnego-private.h:
-	cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p spnego/spnego-private.h $(spnegosrc) || rm -f spnego/spnego-private.h
-
-
-TESTS = test_oid test_names test_cfx
-# test_sequence 
-
-test_cfx_SOURCES = krb5/test_cfx.c
-
-check_PROGRAMS = test_acquire_cred $(TESTS)
-
-bin_PROGRAMS = gss
-noinst_PROGRAMS = test_cred test_kcred test_context test_ntlm
-
-test_context_SOURCES = test_context.c test_common.c test_common.h
-test_ntlm_SOURCES = test_ntlm.c test_common.c test_common.h
-test_acquire_cred_SOURCES = test_acquire_cred.c test_common.c test_common.h
-
-test_ntlm_LDADD = \
-	$(top_builddir)/lib/ntlm/libheimntlm.la \
-	$(LDADD)
-
-LDADD = libgssapi.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_roken)
-
-# gss
-
-dist_gss_SOURCES = gss.c
-nodist_gss_SOURCES = gss-commands.c gss-commands.h
-
-gss_LDADD = libgssapi.la \
-	$(top_builddir)/lib/sl/libsl.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_readline) \
-	$(LIB_roken)
-
-SLC = $(top_builddir)/lib/sl/slc
-
-gss-commands.c gss-commands.h: gss-commands.in
-	$(SLC) $(srcdir)/gss-commands.in
-
-$(gss_OBJECTS): gss-commands.h
-
-EXTRA_DIST = \
-	$(man_MANS) \
-	krb5/gkrb5_err.et \
-	mech/gssapi.asn1 \
-	spnego/spnego.asn1 \
-	version-script.map \
-	gss-commands.in
-
-# to help stupid solaris make
-
-$(libgssapi_la_OBJECTS): gkrb5_err.h gssapi_asn1.h spnego_asn1.h
-
-gkrb5_err.h gkrb5_err.c: $(srcdir)/krb5/gkrb5_err.et
-	$(COMPILE_ET) $(srcdir)/krb5/gkrb5_err.et
diff --git a/crypto/heimdal/lib/gssapi/Makefile.in b/crypto/heimdal/lib/gssapi/Makefile.in
deleted file mode 100644
index 9886d49b185b..000000000000
--- a/crypto/heimdal/lib/gssapi/Makefile.in
+++ /dev/null
@@ -1,1960 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 22399 2008-01-11 14:25:47Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(include_HEADERS) $(nobase_include_HEADERS) \
-	$(noinst_HEADERS) $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common ChangeLog
-@versionscript_TRUE@am__append_1 = $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
-TESTS = test_oid$(EXEEXT) test_names$(EXEEXT) test_cfx$(EXEEXT)
-check_PROGRAMS = test_acquire_cred$(EXEEXT) $(am__EXEEXT_1)
-bin_PROGRAMS = gss$(EXEEXT)
-noinst_PROGRAMS = test_cred$(EXEEXT) test_kcred$(EXEEXT) \
-	test_context$(EXEEXT) test_ntlm$(EXEEXT)
-subdir = lib/gssapi
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
-    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
-    *) f=$$p;; \
-  esac;
-am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
-am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" \
-	"$(DESTDIR)$(man3dir)" "$(DESTDIR)$(man5dir)" \
-	"$(DESTDIR)$(includedir)" "$(DESTDIR)$(includedir)" \
-	"$(DESTDIR)$(gssapidir)"
-libLTLIBRARIES_INSTALL = $(INSTALL)
-LTLIBRARIES = $(lib_LTLIBRARIES)
-am__DEPENDENCIES_1 =
-libgssapi_la_DEPENDENCIES = $(top_builddir)/lib/ntlm/libheimntlm.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
-am__dirstamp = $(am__leading_dot)dirstamp
-am__objects_1 = krb5/8003.lo krb5/accept_sec_context.lo \
-	krb5/acquire_cred.lo krb5/add_cred.lo \
-	krb5/address_to_krb5addr.lo krb5/arcfour.lo \
-	krb5/canonicalize_name.lo krb5/ccache_name.lo krb5/cfx.lo \
-	krb5/compare_name.lo krb5/compat.lo krb5/context_time.lo \
-	krb5/copy_ccache.lo krb5/decapsulate.lo \
-	krb5/delete_sec_context.lo krb5/display_name.lo \
-	krb5/display_status.lo krb5/duplicate_name.lo \
-	krb5/encapsulate.lo krb5/export_name.lo \
-	krb5/export_sec_context.lo krb5/external.lo krb5/get_mic.lo \
-	krb5/import_name.lo krb5/import_sec_context.lo \
-	krb5/indicate_mechs.lo krb5/init.lo krb5/init_sec_context.lo \
-	krb5/inquire_context.lo krb5/inquire_cred.lo \
-	krb5/inquire_cred_by_mech.lo krb5/inquire_cred_by_oid.lo \
-	krb5/inquire_mechs_for_name.lo krb5/inquire_names_for_mech.lo \
-	krb5/inquire_sec_context_by_oid.lo \
-	krb5/process_context_token.lo krb5/prf.lo \
-	krb5/release_buffer.lo krb5/release_cred.lo \
-	krb5/release_name.lo krb5/sequence.lo krb5/set_cred_option.lo \
-	krb5/set_sec_context_option.lo krb5/ticket_flags.lo \
-	krb5/unwrap.lo krb5/v1.lo krb5/verify_mic.lo krb5/wrap.lo
-am__objects_2 = mech/context.lo mech/gss_accept_sec_context.lo \
-	mech/gss_acquire_cred.lo mech/gss_add_cred.lo \
-	mech/gss_add_oid_set_member.lo mech/gss_buffer_set.lo \
-	mech/gss_canonicalize_name.lo mech/gss_compare_name.lo \
-	mech/gss_context_time.lo mech/gss_create_empty_oid_set.lo \
-	mech/gss_decapsulate_token.lo mech/gss_delete_sec_context.lo \
-	mech/gss_display_name.lo mech/gss_display_status.lo \
-	mech/gss_duplicate_name.lo mech/gss_duplicate_oid.lo \
-	mech/gss_encapsulate_token.lo mech/gss_export_name.lo \
-	mech/gss_export_sec_context.lo mech/gss_get_mic.lo \
-	mech/gss_import_name.lo mech/gss_import_sec_context.lo \
-	mech/gss_indicate_mechs.lo mech/gss_init_sec_context.lo \
-	mech/gss_inquire_context.lo mech/gss_inquire_cred.lo \
-	mech/gss_inquire_cred_by_mech.lo \
-	mech/gss_inquire_cred_by_oid.lo \
-	mech/gss_inquire_mechs_for_name.lo \
-	mech/gss_inquire_names_for_mech.lo mech/gss_krb5.lo \
-	mech/gss_mech_switch.lo mech/gss_names.lo \
-	mech/gss_oid_equal.lo mech/gss_oid_to_str.lo \
-	mech/gss_process_context_token.lo mech/gss_pseudo_random.lo \
-	mech/gss_release_buffer.lo mech/gss_release_cred.lo \
-	mech/gss_release_name.lo mech/gss_release_oid.lo \
-	mech/gss_release_oid_set.lo mech/gss_seal.lo \
-	mech/gss_set_cred_option.lo mech/gss_set_sec_context_option.lo \
-	mech/gss_sign.lo mech/gss_test_oid_set_member.lo \
-	mech/gss_unseal.lo mech/gss_unwrap.lo mech/gss_utils.lo \
-	mech/gss_verify.lo mech/gss_verify_mic.lo mech/gss_wrap.lo \
-	mech/gss_wrap_size_limit.lo \
-	mech/gss_inquire_sec_context_by_oid.lo
-am__objects_3 = ntlm/accept_sec_context.lo ntlm/acquire_cred.lo \
-	ntlm/add_cred.lo ntlm/canonicalize_name.lo \
-	ntlm/compare_name.lo ntlm/context_time.lo ntlm/crypto.lo \
-	ntlm/delete_sec_context.lo ntlm/display_name.lo \
-	ntlm/display_status.lo ntlm/duplicate_name.lo \
-	ntlm/export_name.lo ntlm/export_sec_context.lo \
-	ntlm/external.lo ntlm/import_name.lo \
-	ntlm/import_sec_context.lo ntlm/indicate_mechs.lo \
-	ntlm/init_sec_context.lo ntlm/inquire_context.lo \
-	ntlm/inquire_cred.lo ntlm/inquire_cred_by_mech.lo \
-	ntlm/inquire_mechs_for_name.lo ntlm/inquire_names_for_mech.lo \
-	ntlm/process_context_token.lo ntlm/release_cred.lo \
-	ntlm/release_name.lo ntlm/digest.lo
-am__objects_4 = spnego/accept_sec_context.lo spnego/compat.lo \
-	spnego/context_stubs.lo spnego/cred_stubs.lo \
-	spnego/external.lo spnego/init_sec_context.lo
-dist_libgssapi_la_OBJECTS = $(am__objects_1) $(am__objects_2) \
-	$(am__objects_3) $(am__objects_4)
-am__objects_5 = asn1_ContextFlags.lo asn1_MechType.lo \
-	asn1_MechTypeList.lo asn1_NegotiationToken.lo \
-	asn1_NegotiationTokenWin.lo asn1_NegHints.lo \
-	asn1_NegTokenInit.lo asn1_NegTokenInitWin.lo \
-	asn1_NegTokenResp.lo
-am__objects_6 = asn1_GSSAPIContextToken.lo
-am__objects_7 = $(am__objects_5) $(am__objects_6)
-nodist_libgssapi_la_OBJECTS = gkrb5_err.lo $(am__objects_7)
-libgssapi_la_OBJECTS = $(dist_libgssapi_la_OBJECTS) \
-	$(nodist_libgssapi_la_OBJECTS)
-libgssapi_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(libgssapi_la_LDFLAGS) $(LDFLAGS) -o $@
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-am__EXEEXT_1 = test_oid$(EXEEXT) test_names$(EXEEXT) test_cfx$(EXEEXT)
-PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS)
-dist_gss_OBJECTS = gss.$(OBJEXT)
-nodist_gss_OBJECTS = gss-commands.$(OBJEXT)
-gss_OBJECTS = $(dist_gss_OBJECTS) $(nodist_gss_OBJECTS)
-gss_DEPENDENCIES = libgssapi.la $(top_builddir)/lib/sl/libsl.la \
-	$(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1)
-am_test_acquire_cred_OBJECTS = test_acquire_cred.$(OBJEXT) \
-	test_common.$(OBJEXT)
-test_acquire_cred_OBJECTS = $(am_test_acquire_cred_OBJECTS)
-test_acquire_cred_LDADD = $(LDADD)
-test_acquire_cred_DEPENDENCIES = libgssapi.la \
-	$(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1)
-am_test_cfx_OBJECTS = krb5/test_cfx.$(OBJEXT)
-test_cfx_OBJECTS = $(am_test_cfx_OBJECTS)
-test_cfx_LDADD = $(LDADD)
-test_cfx_DEPENDENCIES = libgssapi.la \
-	$(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1)
-am_test_context_OBJECTS = test_context.$(OBJEXT) test_common.$(OBJEXT)
-test_context_OBJECTS = $(am_test_context_OBJECTS)
-test_context_LDADD = $(LDADD)
-test_context_DEPENDENCIES = libgssapi.la \
-	$(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1)
-test_cred_SOURCES = test_cred.c
-test_cred_OBJECTS = test_cred.$(OBJEXT)
-test_cred_LDADD = $(LDADD)
-test_cred_DEPENDENCIES = libgssapi.la \
-	$(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1)
-test_kcred_SOURCES = test_kcred.c
-test_kcred_OBJECTS = test_kcred.$(OBJEXT)
-test_kcred_LDADD = $(LDADD)
-test_kcred_DEPENDENCIES = libgssapi.la \
-	$(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1)
-test_names_SOURCES = test_names.c
-test_names_OBJECTS = test_names.$(OBJEXT)
-test_names_LDADD = $(LDADD)
-test_names_DEPENDENCIES = libgssapi.la \
-	$(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1)
-am_test_ntlm_OBJECTS = test_ntlm.$(OBJEXT) test_common.$(OBJEXT)
-test_ntlm_OBJECTS = $(am_test_ntlm_OBJECTS)
-am__DEPENDENCIES_2 = libgssapi.la $(top_builddir)/lib/krb5/libkrb5.la \
-	$(am__DEPENDENCIES_1)
-test_ntlm_DEPENDENCIES = $(top_builddir)/lib/ntlm/libheimntlm.la \
-	$(am__DEPENDENCIES_2)
-test_oid_SOURCES = test_oid.c
-test_oid_OBJECTS = test_oid.$(OBJEXT)
-test_oid_LDADD = $(LDADD)
-test_oid_DEPENDENCIES = libgssapi.la \
-	$(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-SOURCES = $(dist_libgssapi_la_SOURCES) $(nodist_libgssapi_la_SOURCES) \
-	$(dist_gss_SOURCES) $(nodist_gss_SOURCES) \
-	$(test_acquire_cred_SOURCES) $(test_cfx_SOURCES) \
-	$(test_context_SOURCES) test_cred.c test_kcred.c test_names.c \
-	$(test_ntlm_SOURCES) test_oid.c
-DIST_SOURCES = $(dist_libgssapi_la_SOURCES) $(dist_gss_SOURCES) \
-	$(test_acquire_cred_SOURCES) $(test_cfx_SOURCES) \
-	$(test_context_SOURCES) test_cred.c test_kcred.c test_names.c \
-	$(test_ntlm_SOURCES) test_oid.c
-man3dir = $(mandir)/man3
-man5dir = $(mandir)/man5
-MANS = $(man_MANS)
-includeHEADERS_INSTALL = $(INSTALL_HEADER)
-nobase_includeHEADERS_INSTALL = $(install_sh_DATA)
-nodist_gssapiHEADERS_INSTALL = $(INSTALL_HEADER)
-HEADERS = $(include_HEADERS) $(nobase_include_HEADERS) \
-	$(nodist_gssapi_HEADERS) $(noinst_HEADERS)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
-	-I$(srcdir)/../krb5 -I$(srcdir) -I$(srcdir)/mech \
-	$(INCLUDE_hcrypto) $(INCLUDE_krb4)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-AUTOMAKE_OPTIONS = subdir-objects
-lib_LTLIBRARIES = libgssapi.la
-krb5src = \
-	krb5/8003.c \
-	krb5/accept_sec_context.c \
-	krb5/acquire_cred.c \
-	krb5/add_cred.c \
-	krb5/address_to_krb5addr.c \
-	krb5/arcfour.c \
-	krb5/canonicalize_name.c \
-	krb5/ccache_name.c \
-	krb5/cfx.c \
-	krb5/cfx.h \
-	krb5/compare_name.c \
-	krb5/compat.c \
-	krb5/context_time.c \
-	krb5/copy_ccache.c \
-	krb5/decapsulate.c \
-	krb5/delete_sec_context.c \
-	krb5/display_name.c \
-	krb5/display_status.c \
-	krb5/duplicate_name.c \
-	krb5/encapsulate.c \
-	krb5/export_name.c \
-	krb5/export_sec_context.c \
-	krb5/external.c \
-	krb5/get_mic.c \
-	krb5/gsskrb5_locl.h \
-	krb5/gsskrb5-private.h \
-	krb5/import_name.c \
-	krb5/import_sec_context.c \
-	krb5/indicate_mechs.c \
-	krb5/init.c \
-	krb5/init_sec_context.c \
-	krb5/inquire_context.c \
-	krb5/inquire_cred.c \
-	krb5/inquire_cred_by_mech.c \
-	krb5/inquire_cred_by_oid.c \
-	krb5/inquire_mechs_for_name.c \
-	krb5/inquire_names_for_mech.c \
-	krb5/inquire_sec_context_by_oid.c \
-	krb5/process_context_token.c \
-	krb5/prf.c \
-	krb5/release_buffer.c \
-	krb5/release_cred.c \
-	krb5/release_name.c \
-	krb5/sequence.c \
-	krb5/set_cred_option.c \
-	krb5/set_sec_context_option.c \
-	krb5/ticket_flags.c \
-	krb5/unwrap.c \
-	krb5/v1.c \
-	krb5/verify_mic.c \
-	krb5/wrap.c
-
-mechsrc = \
-	mech/context.h \
-	mech/context.c \
-	mech/cred.h \
-	mech/gss_accept_sec_context.c \
-	mech/gss_acquire_cred.c \
-	mech/gss_add_cred.c \
-	mech/gss_add_oid_set_member.c \
-	mech/gss_buffer_set.c \
-	mech/gss_canonicalize_name.c \
-	mech/gss_compare_name.c \
-	mech/gss_context_time.c \
-	mech/gss_create_empty_oid_set.c \
-	mech/gss_decapsulate_token.c \
-	mech/gss_delete_sec_context.c \
-	mech/gss_display_name.c \
-	mech/gss_display_status.c \
-	mech/gss_duplicate_name.c \
-	mech/gss_duplicate_oid.c \
-	mech/gss_encapsulate_token.c \
-	mech/gss_export_name.c \
-	mech/gss_export_sec_context.c \
-	mech/gss_get_mic.c \
-	mech/gss_import_name.c \
-	mech/gss_import_sec_context.c \
-	mech/gss_indicate_mechs.c \
-	mech/gss_init_sec_context.c \
-	mech/gss_inquire_context.c \
-	mech/gss_inquire_cred.c \
-	mech/gss_inquire_cred_by_mech.c \
-	mech/gss_inquire_cred_by_oid.c \
-	mech/gss_inquire_mechs_for_name.c \
-	mech/gss_inquire_names_for_mech.c \
-	mech/gss_krb5.c \
-	mech/gss_mech_switch.c \
-	mech/gss_names.c \
-	mech/gss_oid_equal.c \
-	mech/gss_oid_to_str.c \
-	mech/gss_process_context_token.c \
-	mech/gss_pseudo_random.c \
-	mech/gss_release_buffer.c \
-	mech/gss_release_cred.c \
-	mech/gss_release_name.c \
-	mech/gss_release_oid.c \
-	mech/gss_release_oid_set.c \
-	mech/gss_seal.c \
-	mech/gss_set_cred_option.c \
-	mech/gss_set_sec_context_option.c \
-	mech/gss_sign.c \
-	mech/gss_test_oid_set_member.c \
-	mech/gss_unseal.c \
-	mech/gss_unwrap.c \
-	mech/gss_utils.c \
-	mech/gss_verify.c \
-	mech/gss_verify_mic.c \
-	mech/gss_wrap.c \
-	mech/gss_wrap_size_limit.c \
-	mech/gss_inquire_sec_context_by_oid.c \
-	mech/mech_switch.h \
-	mech/mechqueue.h \
-	mech/mech_locl.h \
-	mech/name.h \
-	mech/utils.h
-
-spnegosrc = \
-	spnego/accept_sec_context.c \
-	spnego/compat.c \
-	spnego/context_stubs.c \
-	spnego/cred_stubs.c \
-	spnego/external.c \
-	spnego/init_sec_context.c \
-	spnego/spnego_locl.h \
-	spnego/spnego-private.h
-
-ntlmsrc = \
-	ntlm/accept_sec_context.c \
-	ntlm/acquire_cred.c \
-	ntlm/add_cred.c \
-	ntlm/canonicalize_name.c \
-	ntlm/compare_name.c \
-	ntlm/context_time.c \
-	ntlm/crypto.c \
-	ntlm/delete_sec_context.c \
-	ntlm/display_name.c \
-	ntlm/display_status.c \
-	ntlm/duplicate_name.c \
-	ntlm/export_name.c \
-	ntlm/export_sec_context.c \
-	ntlm/external.c \
-	ntlm/ntlm.h \
-	ntlm/ntlm-private.h \
-	ntlm/import_name.c \
-	ntlm/import_sec_context.c \
-	ntlm/indicate_mechs.c \
-	ntlm/init_sec_context.c \
-	ntlm/inquire_context.c \
-	ntlm/inquire_cred.c \
-	ntlm/inquire_cred_by_mech.c \
-	ntlm/inquire_mechs_for_name.c \
-	ntlm/inquire_names_for_mech.c \
-	ntlm/process_context_token.c \
-	ntlm/release_cred.c \
-	ntlm/release_name.c \
-	ntlm/digest.c
-
-dist_libgssapi_la_SOURCES = \
-	$(krb5src) \
-	$(mechsrc) \
-	$(ntlmsrc) \
-	$(spnegosrc)
-
-nodist_libgssapi_la_SOURCES = \
-	gkrb5_err.c \
-	gkrb5_err.h \
-	$(BUILT_SOURCES)
-
-libgssapi_la_LDFLAGS = -version-info 2:0:0 $(am__append_1)
-libgssapi_la_LIBADD = \
-	$(top_builddir)/lib/ntlm/libheimntlm.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_com_err) \
-	$(LIB_hcrypto) \
-	$(LIBADD_roken)
-
-man_MANS = gssapi.3 gss_acquire_cred.3 mech/mech.5
-include_HEADERS = gssapi.h
-noinst_HEADERS = \
-	gssapi_mech.h \
-	ntlm/ntlm-private.h \
-	spnego/spnego-private.h \
-	krb5/gsskrb5-private.h
-
-nobase_include_HEADERS = \
-	gssapi/gssapi.h \
-	gssapi/gssapi_krb5.h \
-	gssapi/gssapi_spnego.h
-
-gssapidir = $(includedir)/gssapi
-nodist_gssapi_HEADERS = gkrb5_err.h
-gssapi_files = asn1_GSSAPIContextToken.x
-spnego_files = \
-	asn1_ContextFlags.x			\
-	asn1_MechType.x				\
-	asn1_MechTypeList.x			\
-	asn1_NegotiationToken.x			\
-	asn1_NegotiationTokenWin.x		\
-	asn1_NegHints.x				\
-	asn1_NegTokenInit.x			\
-	asn1_NegTokenInitWin.x			\
-	asn1_NegTokenResp.x
-
-BUILT_SOURCES = $(spnego_files:.x=.c) $(gssapi_files:.x=.c)
-CLEANFILES = $(BUILT_SOURCES) \
-	gkrb5_err.h gkrb5_err.c \
-	$(spnego_files) spnego_asn1.h spnego_asn1_files \
-	$(gssapi_files) gssapi_asn1.h gssapi_asn1_files \
-	gss-commands.h gss-commands.c
-
-# test_sequence 
-test_cfx_SOURCES = krb5/test_cfx.c
-test_context_SOURCES = test_context.c test_common.c test_common.h
-test_ntlm_SOURCES = test_ntlm.c test_common.c test_common.h
-test_acquire_cred_SOURCES = test_acquire_cred.c test_common.c test_common.h
-test_ntlm_LDADD = \
-	$(top_builddir)/lib/ntlm/libheimntlm.la \
-	$(LDADD)
-
-LDADD = libgssapi.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_roken)
-
-
-# gss
-dist_gss_SOURCES = gss.c
-nodist_gss_SOURCES = gss-commands.c gss-commands.h
-gss_LDADD = libgssapi.la \
-	$(top_builddir)/lib/sl/libsl.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_readline) \
-	$(LIB_roken)
-
-SLC = $(top_builddir)/lib/sl/slc
-EXTRA_DIST = \
-	$(man_MANS) \
-	krb5/gkrb5_err.et \
-	mech/gssapi.asn1 \
-	spnego/spnego.asn1 \
-	version-script.map \
-	gss-commands.in
-
-all: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps lib/gssapi/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps lib/gssapi/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f=$(am__strip_dir) \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  p=$(am__strip_dir) \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
-	  $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test "$$dir" != "$$p" || dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-krb5/$(am__dirstamp):
-	@$(MKDIR_P) krb5
-	@: > krb5/$(am__dirstamp)
-krb5/8003.lo: krb5/$(am__dirstamp)
-krb5/accept_sec_context.lo: krb5/$(am__dirstamp)
-krb5/acquire_cred.lo: krb5/$(am__dirstamp)
-krb5/add_cred.lo: krb5/$(am__dirstamp)
-krb5/address_to_krb5addr.lo: krb5/$(am__dirstamp)
-krb5/arcfour.lo: krb5/$(am__dirstamp)
-krb5/canonicalize_name.lo: krb5/$(am__dirstamp)
-krb5/ccache_name.lo: krb5/$(am__dirstamp)
-krb5/cfx.lo: krb5/$(am__dirstamp)
-krb5/compare_name.lo: krb5/$(am__dirstamp)
-krb5/compat.lo: krb5/$(am__dirstamp)
-krb5/context_time.lo: krb5/$(am__dirstamp)
-krb5/copy_ccache.lo: krb5/$(am__dirstamp)
-krb5/decapsulate.lo: krb5/$(am__dirstamp)
-krb5/delete_sec_context.lo: krb5/$(am__dirstamp)
-krb5/display_name.lo: krb5/$(am__dirstamp)
-krb5/display_status.lo: krb5/$(am__dirstamp)
-krb5/duplicate_name.lo: krb5/$(am__dirstamp)
-krb5/encapsulate.lo: krb5/$(am__dirstamp)
-krb5/export_name.lo: krb5/$(am__dirstamp)
-krb5/export_sec_context.lo: krb5/$(am__dirstamp)
-krb5/external.lo: krb5/$(am__dirstamp)
-krb5/get_mic.lo: krb5/$(am__dirstamp)
-krb5/import_name.lo: krb5/$(am__dirstamp)
-krb5/import_sec_context.lo: krb5/$(am__dirstamp)
-krb5/indicate_mechs.lo: krb5/$(am__dirstamp)
-krb5/init.lo: krb5/$(am__dirstamp)
-krb5/init_sec_context.lo: krb5/$(am__dirstamp)
-krb5/inquire_context.lo: krb5/$(am__dirstamp)
-krb5/inquire_cred.lo: krb5/$(am__dirstamp)
-krb5/inquire_cred_by_mech.lo: krb5/$(am__dirstamp)
-krb5/inquire_cred_by_oid.lo: krb5/$(am__dirstamp)
-krb5/inquire_mechs_for_name.lo: krb5/$(am__dirstamp)
-krb5/inquire_names_for_mech.lo: krb5/$(am__dirstamp)
-krb5/inquire_sec_context_by_oid.lo: krb5/$(am__dirstamp)
-krb5/process_context_token.lo: krb5/$(am__dirstamp)
-krb5/prf.lo: krb5/$(am__dirstamp)
-krb5/release_buffer.lo: krb5/$(am__dirstamp)
-krb5/release_cred.lo: krb5/$(am__dirstamp)
-krb5/release_name.lo: krb5/$(am__dirstamp)
-krb5/sequence.lo: krb5/$(am__dirstamp)
-krb5/set_cred_option.lo: krb5/$(am__dirstamp)
-krb5/set_sec_context_option.lo: krb5/$(am__dirstamp)
-krb5/ticket_flags.lo: krb5/$(am__dirstamp)
-krb5/unwrap.lo: krb5/$(am__dirstamp)
-krb5/v1.lo: krb5/$(am__dirstamp)
-krb5/verify_mic.lo: krb5/$(am__dirstamp)
-krb5/wrap.lo: krb5/$(am__dirstamp)
-mech/$(am__dirstamp):
-	@$(MKDIR_P) mech
-	@: > mech/$(am__dirstamp)
-mech/context.lo: mech/$(am__dirstamp)
-mech/gss_accept_sec_context.lo: mech/$(am__dirstamp)
-mech/gss_acquire_cred.lo: mech/$(am__dirstamp)
-mech/gss_add_cred.lo: mech/$(am__dirstamp)
-mech/gss_add_oid_set_member.lo: mech/$(am__dirstamp)
-mech/gss_buffer_set.lo: mech/$(am__dirstamp)
-mech/gss_canonicalize_name.lo: mech/$(am__dirstamp)
-mech/gss_compare_name.lo: mech/$(am__dirstamp)
-mech/gss_context_time.lo: mech/$(am__dirstamp)
-mech/gss_create_empty_oid_set.lo: mech/$(am__dirstamp)
-mech/gss_decapsulate_token.lo: mech/$(am__dirstamp)
-mech/gss_delete_sec_context.lo: mech/$(am__dirstamp)
-mech/gss_display_name.lo: mech/$(am__dirstamp)
-mech/gss_display_status.lo: mech/$(am__dirstamp)
-mech/gss_duplicate_name.lo: mech/$(am__dirstamp)
-mech/gss_duplicate_oid.lo: mech/$(am__dirstamp)
-mech/gss_encapsulate_token.lo: mech/$(am__dirstamp)
-mech/gss_export_name.lo: mech/$(am__dirstamp)
-mech/gss_export_sec_context.lo: mech/$(am__dirstamp)
-mech/gss_get_mic.lo: mech/$(am__dirstamp)
-mech/gss_import_name.lo: mech/$(am__dirstamp)
-mech/gss_import_sec_context.lo: mech/$(am__dirstamp)
-mech/gss_indicate_mechs.lo: mech/$(am__dirstamp)
-mech/gss_init_sec_context.lo: mech/$(am__dirstamp)
-mech/gss_inquire_context.lo: mech/$(am__dirstamp)
-mech/gss_inquire_cred.lo: mech/$(am__dirstamp)
-mech/gss_inquire_cred_by_mech.lo: mech/$(am__dirstamp)
-mech/gss_inquire_cred_by_oid.lo: mech/$(am__dirstamp)
-mech/gss_inquire_mechs_for_name.lo: mech/$(am__dirstamp)
-mech/gss_inquire_names_for_mech.lo: mech/$(am__dirstamp)
-mech/gss_krb5.lo: mech/$(am__dirstamp)
-mech/gss_mech_switch.lo: mech/$(am__dirstamp)
-mech/gss_names.lo: mech/$(am__dirstamp)
-mech/gss_oid_equal.lo: mech/$(am__dirstamp)
-mech/gss_oid_to_str.lo: mech/$(am__dirstamp)
-mech/gss_process_context_token.lo: mech/$(am__dirstamp)
-mech/gss_pseudo_random.lo: mech/$(am__dirstamp)
-mech/gss_release_buffer.lo: mech/$(am__dirstamp)
-mech/gss_release_cred.lo: mech/$(am__dirstamp)
-mech/gss_release_name.lo: mech/$(am__dirstamp)
-mech/gss_release_oid.lo: mech/$(am__dirstamp)
-mech/gss_release_oid_set.lo: mech/$(am__dirstamp)
-mech/gss_seal.lo: mech/$(am__dirstamp)
-mech/gss_set_cred_option.lo: mech/$(am__dirstamp)
-mech/gss_set_sec_context_option.lo: mech/$(am__dirstamp)
-mech/gss_sign.lo: mech/$(am__dirstamp)
-mech/gss_test_oid_set_member.lo: mech/$(am__dirstamp)
-mech/gss_unseal.lo: mech/$(am__dirstamp)
-mech/gss_unwrap.lo: mech/$(am__dirstamp)
-mech/gss_utils.lo: mech/$(am__dirstamp)
-mech/gss_verify.lo: mech/$(am__dirstamp)
-mech/gss_verify_mic.lo: mech/$(am__dirstamp)
-mech/gss_wrap.lo: mech/$(am__dirstamp)
-mech/gss_wrap_size_limit.lo: mech/$(am__dirstamp)
-mech/gss_inquire_sec_context_by_oid.lo: mech/$(am__dirstamp)
-ntlm/$(am__dirstamp):
-	@$(MKDIR_P) ntlm
-	@: > ntlm/$(am__dirstamp)
-ntlm/accept_sec_context.lo: ntlm/$(am__dirstamp)
-ntlm/acquire_cred.lo: ntlm/$(am__dirstamp)
-ntlm/add_cred.lo: ntlm/$(am__dirstamp)
-ntlm/canonicalize_name.lo: ntlm/$(am__dirstamp)
-ntlm/compare_name.lo: ntlm/$(am__dirstamp)
-ntlm/context_time.lo: ntlm/$(am__dirstamp)
-ntlm/crypto.lo: ntlm/$(am__dirstamp)
-ntlm/delete_sec_context.lo: ntlm/$(am__dirstamp)
-ntlm/display_name.lo: ntlm/$(am__dirstamp)
-ntlm/display_status.lo: ntlm/$(am__dirstamp)
-ntlm/duplicate_name.lo: ntlm/$(am__dirstamp)
-ntlm/export_name.lo: ntlm/$(am__dirstamp)
-ntlm/export_sec_context.lo: ntlm/$(am__dirstamp)
-ntlm/external.lo: ntlm/$(am__dirstamp)
-ntlm/import_name.lo: ntlm/$(am__dirstamp)
-ntlm/import_sec_context.lo: ntlm/$(am__dirstamp)
-ntlm/indicate_mechs.lo: ntlm/$(am__dirstamp)
-ntlm/init_sec_context.lo: ntlm/$(am__dirstamp)
-ntlm/inquire_context.lo: ntlm/$(am__dirstamp)
-ntlm/inquire_cred.lo: ntlm/$(am__dirstamp)
-ntlm/inquire_cred_by_mech.lo: ntlm/$(am__dirstamp)
-ntlm/inquire_mechs_for_name.lo: ntlm/$(am__dirstamp)
-ntlm/inquire_names_for_mech.lo: ntlm/$(am__dirstamp)
-ntlm/process_context_token.lo: ntlm/$(am__dirstamp)
-ntlm/release_cred.lo: ntlm/$(am__dirstamp)
-ntlm/release_name.lo: ntlm/$(am__dirstamp)
-ntlm/digest.lo: ntlm/$(am__dirstamp)
-spnego/$(am__dirstamp):
-	@$(MKDIR_P) spnego
-	@: > spnego/$(am__dirstamp)
-spnego/accept_sec_context.lo: spnego/$(am__dirstamp)
-spnego/compat.lo: spnego/$(am__dirstamp)
-spnego/context_stubs.lo: spnego/$(am__dirstamp)
-spnego/cred_stubs.lo: spnego/$(am__dirstamp)
-spnego/external.lo: spnego/$(am__dirstamp)
-spnego/init_sec_context.lo: spnego/$(am__dirstamp)
-libgssapi.la: $(libgssapi_la_OBJECTS) $(libgssapi_la_DEPENDENCIES) 
-	$(libgssapi_la_LINK) -rpath $(libdir) $(libgssapi_la_OBJECTS) $(libgssapi_la_LIBADD) $(LIBS)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(bindir)/$$f"; \
-	done
-
-clean-binPROGRAMS:
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-
-clean-checkPROGRAMS:
-	@list='$(check_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-
-clean-noinstPROGRAMS:
-	@list='$(noinst_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-gss$(EXEEXT): $(gss_OBJECTS) $(gss_DEPENDENCIES) 
-	@rm -f gss$(EXEEXT)
-	$(LINK) $(gss_OBJECTS) $(gss_LDADD) $(LIBS)
-test_acquire_cred$(EXEEXT): $(test_acquire_cred_OBJECTS) $(test_acquire_cred_DEPENDENCIES) 
-	@rm -f test_acquire_cred$(EXEEXT)
-	$(LINK) $(test_acquire_cred_OBJECTS) $(test_acquire_cred_LDADD) $(LIBS)
-krb5/test_cfx.$(OBJEXT): krb5/$(am__dirstamp)
-test_cfx$(EXEEXT): $(test_cfx_OBJECTS) $(test_cfx_DEPENDENCIES) 
-	@rm -f test_cfx$(EXEEXT)
-	$(LINK) $(test_cfx_OBJECTS) $(test_cfx_LDADD) $(LIBS)
-test_context$(EXEEXT): $(test_context_OBJECTS) $(test_context_DEPENDENCIES) 
-	@rm -f test_context$(EXEEXT)
-	$(LINK) $(test_context_OBJECTS) $(test_context_LDADD) $(LIBS)
-test_cred$(EXEEXT): $(test_cred_OBJECTS) $(test_cred_DEPENDENCIES) 
-	@rm -f test_cred$(EXEEXT)
-	$(LINK) $(test_cred_OBJECTS) $(test_cred_LDADD) $(LIBS)
-test_kcred$(EXEEXT): $(test_kcred_OBJECTS) $(test_kcred_DEPENDENCIES) 
-	@rm -f test_kcred$(EXEEXT)
-	$(LINK) $(test_kcred_OBJECTS) $(test_kcred_LDADD) $(LIBS)
-test_names$(EXEEXT): $(test_names_OBJECTS) $(test_names_DEPENDENCIES) 
-	@rm -f test_names$(EXEEXT)
-	$(LINK) $(test_names_OBJECTS) $(test_names_LDADD) $(LIBS)
-test_ntlm$(EXEEXT): $(test_ntlm_OBJECTS) $(test_ntlm_DEPENDENCIES) 
-	@rm -f test_ntlm$(EXEEXT)
-	$(LINK) $(test_ntlm_OBJECTS) $(test_ntlm_LDADD) $(LIBS)
-test_oid$(EXEEXT): $(test_oid_OBJECTS) $(test_oid_DEPENDENCIES) 
-	@rm -f test_oid$(EXEEXT)
-	$(LINK) $(test_oid_OBJECTS) $(test_oid_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-	-rm -f krb5/8003.$(OBJEXT)
-	-rm -f krb5/8003.lo
-	-rm -f krb5/accept_sec_context.$(OBJEXT)
-	-rm -f krb5/accept_sec_context.lo
-	-rm -f krb5/acquire_cred.$(OBJEXT)
-	-rm -f krb5/acquire_cred.lo
-	-rm -f krb5/add_cred.$(OBJEXT)
-	-rm -f krb5/add_cred.lo
-	-rm -f krb5/address_to_krb5addr.$(OBJEXT)
-	-rm -f krb5/address_to_krb5addr.lo
-	-rm -f krb5/arcfour.$(OBJEXT)
-	-rm -f krb5/arcfour.lo
-	-rm -f krb5/canonicalize_name.$(OBJEXT)
-	-rm -f krb5/canonicalize_name.lo
-	-rm -f krb5/ccache_name.$(OBJEXT)
-	-rm -f krb5/ccache_name.lo
-	-rm -f krb5/cfx.$(OBJEXT)
-	-rm -f krb5/cfx.lo
-	-rm -f krb5/compare_name.$(OBJEXT)
-	-rm -f krb5/compare_name.lo
-	-rm -f krb5/compat.$(OBJEXT)
-	-rm -f krb5/compat.lo
-	-rm -f krb5/context_time.$(OBJEXT)
-	-rm -f krb5/context_time.lo
-	-rm -f krb5/copy_ccache.$(OBJEXT)
-	-rm -f krb5/copy_ccache.lo
-	-rm -f krb5/decapsulate.$(OBJEXT)
-	-rm -f krb5/decapsulate.lo
-	-rm -f krb5/delete_sec_context.$(OBJEXT)
-	-rm -f krb5/delete_sec_context.lo
-	-rm -f krb5/display_name.$(OBJEXT)
-	-rm -f krb5/display_name.lo
-	-rm -f krb5/display_status.$(OBJEXT)
-	-rm -f krb5/display_status.lo
-	-rm -f krb5/duplicate_name.$(OBJEXT)
-	-rm -f krb5/duplicate_name.lo
-	-rm -f krb5/encapsulate.$(OBJEXT)
-	-rm -f krb5/encapsulate.lo
-	-rm -f krb5/export_name.$(OBJEXT)
-	-rm -f krb5/export_name.lo
-	-rm -f krb5/export_sec_context.$(OBJEXT)
-	-rm -f krb5/export_sec_context.lo
-	-rm -f krb5/external.$(OBJEXT)
-	-rm -f krb5/external.lo
-	-rm -f krb5/get_mic.$(OBJEXT)
-	-rm -f krb5/get_mic.lo
-	-rm -f krb5/import_name.$(OBJEXT)
-	-rm -f krb5/import_name.lo
-	-rm -f krb5/import_sec_context.$(OBJEXT)
-	-rm -f krb5/import_sec_context.lo
-	-rm -f krb5/indicate_mechs.$(OBJEXT)
-	-rm -f krb5/indicate_mechs.lo
-	-rm -f krb5/init.$(OBJEXT)
-	-rm -f krb5/init.lo
-	-rm -f krb5/init_sec_context.$(OBJEXT)
-	-rm -f krb5/init_sec_context.lo
-	-rm -f krb5/inquire_context.$(OBJEXT)
-	-rm -f krb5/inquire_context.lo
-	-rm -f krb5/inquire_cred.$(OBJEXT)
-	-rm -f krb5/inquire_cred.lo
-	-rm -f krb5/inquire_cred_by_mech.$(OBJEXT)
-	-rm -f krb5/inquire_cred_by_mech.lo
-	-rm -f krb5/inquire_cred_by_oid.$(OBJEXT)
-	-rm -f krb5/inquire_cred_by_oid.lo
-	-rm -f krb5/inquire_mechs_for_name.$(OBJEXT)
-	-rm -f krb5/inquire_mechs_for_name.lo
-	-rm -f krb5/inquire_names_for_mech.$(OBJEXT)
-	-rm -f krb5/inquire_names_for_mech.lo
-	-rm -f krb5/inquire_sec_context_by_oid.$(OBJEXT)
-	-rm -f krb5/inquire_sec_context_by_oid.lo
-	-rm -f krb5/prf.$(OBJEXT)
-	-rm -f krb5/prf.lo
-	-rm -f krb5/process_context_token.$(OBJEXT)
-	-rm -f krb5/process_context_token.lo
-	-rm -f krb5/release_buffer.$(OBJEXT)
-	-rm -f krb5/release_buffer.lo
-	-rm -f krb5/release_cred.$(OBJEXT)
-	-rm -f krb5/release_cred.lo
-	-rm -f krb5/release_name.$(OBJEXT)
-	-rm -f krb5/release_name.lo
-	-rm -f krb5/sequence.$(OBJEXT)
-	-rm -f krb5/sequence.lo
-	-rm -f krb5/set_cred_option.$(OBJEXT)
-	-rm -f krb5/set_cred_option.lo
-	-rm -f krb5/set_sec_context_option.$(OBJEXT)
-	-rm -f krb5/set_sec_context_option.lo
-	-rm -f krb5/test_cfx.$(OBJEXT)
-	-rm -f krb5/ticket_flags.$(OBJEXT)
-	-rm -f krb5/ticket_flags.lo
-	-rm -f krb5/unwrap.$(OBJEXT)
-	-rm -f krb5/unwrap.lo
-	-rm -f krb5/v1.$(OBJEXT)
-	-rm -f krb5/v1.lo
-	-rm -f krb5/verify_mic.$(OBJEXT)
-	-rm -f krb5/verify_mic.lo
-	-rm -f krb5/wrap.$(OBJEXT)
-	-rm -f krb5/wrap.lo
-	-rm -f mech/context.$(OBJEXT)
-	-rm -f mech/context.lo
-	-rm -f mech/gss_accept_sec_context.$(OBJEXT)
-	-rm -f mech/gss_accept_sec_context.lo
-	-rm -f mech/gss_acquire_cred.$(OBJEXT)
-	-rm -f mech/gss_acquire_cred.lo
-	-rm -f mech/gss_add_cred.$(OBJEXT)
-	-rm -f mech/gss_add_cred.lo
-	-rm -f mech/gss_add_oid_set_member.$(OBJEXT)
-	-rm -f mech/gss_add_oid_set_member.lo
-	-rm -f mech/gss_buffer_set.$(OBJEXT)
-	-rm -f mech/gss_buffer_set.lo
-	-rm -f mech/gss_canonicalize_name.$(OBJEXT)
-	-rm -f mech/gss_canonicalize_name.lo
-	-rm -f mech/gss_compare_name.$(OBJEXT)
-	-rm -f mech/gss_compare_name.lo
-	-rm -f mech/gss_context_time.$(OBJEXT)
-	-rm -f mech/gss_context_time.lo
-	-rm -f mech/gss_create_empty_oid_set.$(OBJEXT)
-	-rm -f mech/gss_create_empty_oid_set.lo
-	-rm -f mech/gss_decapsulate_token.$(OBJEXT)
-	-rm -f mech/gss_decapsulate_token.lo
-	-rm -f mech/gss_delete_sec_context.$(OBJEXT)
-	-rm -f mech/gss_delete_sec_context.lo
-	-rm -f mech/gss_display_name.$(OBJEXT)
-	-rm -f mech/gss_display_name.lo
-	-rm -f mech/gss_display_status.$(OBJEXT)
-	-rm -f mech/gss_display_status.lo
-	-rm -f mech/gss_duplicate_name.$(OBJEXT)
-	-rm -f mech/gss_duplicate_name.lo
-	-rm -f mech/gss_duplicate_oid.$(OBJEXT)
-	-rm -f mech/gss_duplicate_oid.lo
-	-rm -f mech/gss_encapsulate_token.$(OBJEXT)
-	-rm -f mech/gss_encapsulate_token.lo
-	-rm -f mech/gss_export_name.$(OBJEXT)
-	-rm -f mech/gss_export_name.lo
-	-rm -f mech/gss_export_sec_context.$(OBJEXT)
-	-rm -f mech/gss_export_sec_context.lo
-	-rm -f mech/gss_get_mic.$(OBJEXT)
-	-rm -f mech/gss_get_mic.lo
-	-rm -f mech/gss_import_name.$(OBJEXT)
-	-rm -f mech/gss_import_name.lo
-	-rm -f mech/gss_import_sec_context.$(OBJEXT)
-	-rm -f mech/gss_import_sec_context.lo
-	-rm -f mech/gss_indicate_mechs.$(OBJEXT)
-	-rm -f mech/gss_indicate_mechs.lo
-	-rm -f mech/gss_init_sec_context.$(OBJEXT)
-	-rm -f mech/gss_init_sec_context.lo
-	-rm -f mech/gss_inquire_context.$(OBJEXT)
-	-rm -f mech/gss_inquire_context.lo
-	-rm -f mech/gss_inquire_cred.$(OBJEXT)
-	-rm -f mech/gss_inquire_cred.lo
-	-rm -f mech/gss_inquire_cred_by_mech.$(OBJEXT)
-	-rm -f mech/gss_inquire_cred_by_mech.lo
-	-rm -f mech/gss_inquire_cred_by_oid.$(OBJEXT)
-	-rm -f mech/gss_inquire_cred_by_oid.lo
-	-rm -f mech/gss_inquire_mechs_for_name.$(OBJEXT)
-	-rm -f mech/gss_inquire_mechs_for_name.lo
-	-rm -f mech/gss_inquire_names_for_mech.$(OBJEXT)
-	-rm -f mech/gss_inquire_names_for_mech.lo
-	-rm -f mech/gss_inquire_sec_context_by_oid.$(OBJEXT)
-	-rm -f mech/gss_inquire_sec_context_by_oid.lo
-	-rm -f mech/gss_krb5.$(OBJEXT)
-	-rm -f mech/gss_krb5.lo
-	-rm -f mech/gss_mech_switch.$(OBJEXT)
-	-rm -f mech/gss_mech_switch.lo
-	-rm -f mech/gss_names.$(OBJEXT)
-	-rm -f mech/gss_names.lo
-	-rm -f mech/gss_oid_equal.$(OBJEXT)
-	-rm -f mech/gss_oid_equal.lo
-	-rm -f mech/gss_oid_to_str.$(OBJEXT)
-	-rm -f mech/gss_oid_to_str.lo
-	-rm -f mech/gss_process_context_token.$(OBJEXT)
-	-rm -f mech/gss_process_context_token.lo
-	-rm -f mech/gss_pseudo_random.$(OBJEXT)
-	-rm -f mech/gss_pseudo_random.lo
-	-rm -f mech/gss_release_buffer.$(OBJEXT)
-	-rm -f mech/gss_release_buffer.lo
-	-rm -f mech/gss_release_cred.$(OBJEXT)
-	-rm -f mech/gss_release_cred.lo
-	-rm -f mech/gss_release_name.$(OBJEXT)
-	-rm -f mech/gss_release_name.lo
-	-rm -f mech/gss_release_oid.$(OBJEXT)
-	-rm -f mech/gss_release_oid.lo
-	-rm -f mech/gss_release_oid_set.$(OBJEXT)
-	-rm -f mech/gss_release_oid_set.lo
-	-rm -f mech/gss_seal.$(OBJEXT)
-	-rm -f mech/gss_seal.lo
-	-rm -f mech/gss_set_cred_option.$(OBJEXT)
-	-rm -f mech/gss_set_cred_option.lo
-	-rm -f mech/gss_set_sec_context_option.$(OBJEXT)
-	-rm -f mech/gss_set_sec_context_option.lo
-	-rm -f mech/gss_sign.$(OBJEXT)
-	-rm -f mech/gss_sign.lo
-	-rm -f mech/gss_test_oid_set_member.$(OBJEXT)
-	-rm -f mech/gss_test_oid_set_member.lo
-	-rm -f mech/gss_unseal.$(OBJEXT)
-	-rm -f mech/gss_unseal.lo
-	-rm -f mech/gss_unwrap.$(OBJEXT)
-	-rm -f mech/gss_unwrap.lo
-	-rm -f mech/gss_utils.$(OBJEXT)
-	-rm -f mech/gss_utils.lo
-	-rm -f mech/gss_verify.$(OBJEXT)
-	-rm -f mech/gss_verify.lo
-	-rm -f mech/gss_verify_mic.$(OBJEXT)
-	-rm -f mech/gss_verify_mic.lo
-	-rm -f mech/gss_wrap.$(OBJEXT)
-	-rm -f mech/gss_wrap.lo
-	-rm -f mech/gss_wrap_size_limit.$(OBJEXT)
-	-rm -f mech/gss_wrap_size_limit.lo
-	-rm -f ntlm/accept_sec_context.$(OBJEXT)
-	-rm -f ntlm/accept_sec_context.lo
-	-rm -f ntlm/acquire_cred.$(OBJEXT)
-	-rm -f ntlm/acquire_cred.lo
-	-rm -f ntlm/add_cred.$(OBJEXT)
-	-rm -f ntlm/add_cred.lo
-	-rm -f ntlm/canonicalize_name.$(OBJEXT)
-	-rm -f ntlm/canonicalize_name.lo
-	-rm -f ntlm/compare_name.$(OBJEXT)
-	-rm -f ntlm/compare_name.lo
-	-rm -f ntlm/context_time.$(OBJEXT)
-	-rm -f ntlm/context_time.lo
-	-rm -f ntlm/crypto.$(OBJEXT)
-	-rm -f ntlm/crypto.lo
-	-rm -f ntlm/delete_sec_context.$(OBJEXT)
-	-rm -f ntlm/delete_sec_context.lo
-	-rm -f ntlm/digest.$(OBJEXT)
-	-rm -f ntlm/digest.lo
-	-rm -f ntlm/display_name.$(OBJEXT)
-	-rm -f ntlm/display_name.lo
-	-rm -f ntlm/display_status.$(OBJEXT)
-	-rm -f ntlm/display_status.lo
-	-rm -f ntlm/duplicate_name.$(OBJEXT)
-	-rm -f ntlm/duplicate_name.lo
-	-rm -f ntlm/export_name.$(OBJEXT)
-	-rm -f ntlm/export_name.lo
-	-rm -f ntlm/export_sec_context.$(OBJEXT)
-	-rm -f ntlm/export_sec_context.lo
-	-rm -f ntlm/external.$(OBJEXT)
-	-rm -f ntlm/external.lo
-	-rm -f ntlm/import_name.$(OBJEXT)
-	-rm -f ntlm/import_name.lo
-	-rm -f ntlm/import_sec_context.$(OBJEXT)
-	-rm -f ntlm/import_sec_context.lo
-	-rm -f ntlm/indicate_mechs.$(OBJEXT)
-	-rm -f ntlm/indicate_mechs.lo
-	-rm -f ntlm/init_sec_context.$(OBJEXT)
-	-rm -f ntlm/init_sec_context.lo
-	-rm -f ntlm/inquire_context.$(OBJEXT)
-	-rm -f ntlm/inquire_context.lo
-	-rm -f ntlm/inquire_cred.$(OBJEXT)
-	-rm -f ntlm/inquire_cred.lo
-	-rm -f ntlm/inquire_cred_by_mech.$(OBJEXT)
-	-rm -f ntlm/inquire_cred_by_mech.lo
-	-rm -f ntlm/inquire_mechs_for_name.$(OBJEXT)
-	-rm -f ntlm/inquire_mechs_for_name.lo
-	-rm -f ntlm/inquire_names_for_mech.$(OBJEXT)
-	-rm -f ntlm/inquire_names_for_mech.lo
-	-rm -f ntlm/process_context_token.$(OBJEXT)
-	-rm -f ntlm/process_context_token.lo
-	-rm -f ntlm/release_cred.$(OBJEXT)
-	-rm -f ntlm/release_cred.lo
-	-rm -f ntlm/release_name.$(OBJEXT)
-	-rm -f ntlm/release_name.lo
-	-rm -f spnego/accept_sec_context.$(OBJEXT)
-	-rm -f spnego/accept_sec_context.lo
-	-rm -f spnego/compat.$(OBJEXT)
-	-rm -f spnego/compat.lo
-	-rm -f spnego/context_stubs.$(OBJEXT)
-	-rm -f spnego/context_stubs.lo
-	-rm -f spnego/cred_stubs.$(OBJEXT)
-	-rm -f spnego/cred_stubs.lo
-	-rm -f spnego/external.$(OBJEXT)
-	-rm -f spnego/external.lo
-	-rm -f spnego/init_sec_context.$(OBJEXT)
-	-rm -f spnego/init_sec_context.lo
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c -o $@ $<
-
-.c.obj:
-	$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-	-rm -rf krb5/.libs krb5/_libs
-	-rm -rf mech/.libs mech/_libs
-	-rm -rf ntlm/.libs ntlm/_libs
-	-rm -rf spnego/.libs spnego/_libs
-install-man3: $(man3_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	test -z "$(man3dir)" || $(MKDIR_P) "$(DESTDIR)$(man3dir)"
-	@list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.3*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    3*) ;; \
-	    *) ext='3' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \
-	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst"; \
-	done
-uninstall-man3:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.3*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    3*) ;; \
-	    *) ext='3' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f '$(DESTDIR)$(man3dir)/$$inst'"; \
-	  rm -f "$(DESTDIR)$(man3dir)/$$inst"; \
-	done
-install-man5: $(man5_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)"
-	@list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.5*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    5*) ;; \
-	    *) ext='5' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \
-	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst"; \
-	done
-uninstall-man5:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.5*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    5*) ;; \
-	    *) ext='5' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f '$(DESTDIR)$(man5dir)/$$inst'"; \
-	  rm -f "$(DESTDIR)$(man5dir)/$$inst"; \
-	done
-install-includeHEADERS: $(include_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
-	  $(includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-uninstall-includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(includedir)/$$f"; \
-	done
-install-nobase_includeHEADERS: $(nobase_include_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
-	@$(am__vpath_adj_setup) \
-	list='$(nobase_include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  $(am__vpath_adj) \
-	  echo " $(nobase_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
-	  $(nobase_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-uninstall-nobase_includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@$(am__vpath_adj_setup) \
-	list='$(nobase_include_HEADERS)'; for p in $$list; do \
-	  $(am__vpath_adj) \
-	  echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(includedir)/$$f"; \
-	done
-install-nodist_gssapiHEADERS: $(nodist_gssapi_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(gssapidir)" || $(MKDIR_P) "$(DESTDIR)$(gssapidir)"
-	@list='$(nodist_gssapi_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(nodist_gssapiHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(gssapidir)/$$f'"; \
-	  $(nodist_gssapiHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(gssapidir)/$$f"; \
-	done
-
-uninstall-nodist_gssapiHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(nodist_gssapi_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(gssapidir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(gssapidir)/$$f"; \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-check-TESTS: $(TESTS)
-	@failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[	 ]'; \
-	srcdir=$(srcdir); export srcdir; \
-	list=' $(TESTS) '; \
-	if test -n "$$list"; then \
-	  for tst in $$list; do \
-	    if test -f ./$$tst; then dir=./; \
-	    elif test -f $$tst; then dir=; \
-	    else dir="$(srcdir)/"; fi; \
-	    if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xpass=`expr $$xpass + 1`; \
-		failed=`expr $$failed + 1`; \
-		echo "XPASS: $$tst"; \
-	      ;; \
-	      *) \
-		echo "PASS: $$tst"; \
-	      ;; \
-	      esac; \
-	    elif test $$? -ne 77; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xfail=`expr $$xfail + 1`; \
-		echo "XFAIL: $$tst"; \
-	      ;; \
-	      *) \
-		failed=`expr $$failed + 1`; \
-		echo "FAIL: $$tst"; \
-	      ;; \
-	      esac; \
-	    else \
-	      skip=`expr $$skip + 1`; \
-	      echo "SKIP: $$tst"; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    if test "$$xfail" -eq 0; then \
-	      banner="All $$all tests passed"; \
-	    else \
-	      banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
-	    fi; \
-	  else \
-	    if test "$$xpass" -eq 0; then \
-	      banner="$$failed of $$all tests failed"; \
-	    else \
-	      banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
-	    fi; \
-	  fi; \
-	  dashes="$$banner"; \
-	  skipped=""; \
-	  if test "$$skip" -ne 0; then \
-	    skipped="($$skip tests were not run)"; \
-	    test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$skipped"; \
-	  fi; \
-	  report=""; \
-	  if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
-	    report="Please report to $(PACKAGE_BUGREPORT)"; \
-	    test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$report"; \
-	  fi; \
-	  dashes=`echo "$$dashes" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  test -z "$$skipped" || echo "$$skipped"; \
-	  test -z "$$report" || echo "$$report"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	else :; fi
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
-	$(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
-check: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(MANS) $(HEADERS) \
-		all-local
-install-binPROGRAMS: install-libLTLIBRARIES
-
-installdirs:
-	for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man3dir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(includedir)" "$(DESTDIR)$(includedir)" "$(DESTDIR)$(gssapidir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-	-rm -f krb5/$(am__dirstamp)
-	-rm -f mech/$(am__dirstamp)
-	-rm -f ntlm/$(am__dirstamp)
-	-rm -f spnego/$(am__dirstamp)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-	-test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-checkPROGRAMS clean-generic \
-	clean-libLTLIBRARIES clean-libtool clean-noinstPROGRAMS \
-	mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-includeHEADERS install-man \
-	install-nobase_includeHEADERS install-nodist_gssapiHEADERS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am: install-binPROGRAMS install-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man: install-man3 install-man5
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-binPROGRAMS uninstall-includeHEADERS \
-	uninstall-libLTLIBRARIES uninstall-man \
-	uninstall-nobase_includeHEADERS uninstall-nodist_gssapiHEADERS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-uninstall-man: uninstall-man3 uninstall-man5
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-TESTS check-am \
-	check-local clean clean-binPROGRAMS clean-checkPROGRAMS \
-	clean-generic clean-libLTLIBRARIES clean-libtool \
-	clean-noinstPROGRAMS ctags dist-hook distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-binPROGRAMS install-data \
-	install-data-am install-data-hook install-dvi install-dvi-am \
-	install-exec install-exec-am install-exec-hook install-html \
-	install-html-am install-includeHEADERS install-info \
-	install-info-am install-libLTLIBRARIES install-man \
-	install-man3 install-man5 install-nobase_includeHEADERS \
-	install-nodist_gssapiHEADERS install-pdf install-pdf-am \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-binPROGRAMS \
-	uninstall-hook uninstall-includeHEADERS \
-	uninstall-libLTLIBRARIES uninstall-man uninstall-man3 \
-	uninstall-man5 uninstall-nobase_includeHEADERS \
-	uninstall-nodist_gssapiHEADERS
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-$(srcdir)/ntlm/ntlm-private.h:
-	cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p ntlm/ntlm-private.h $(ntlmsrc) || rm -f ntlm/ntlm-private.h
-
-$(libgssapi_la_OBJECTS): $(srcdir)/krb5/gsskrb5-private.h
-$(libgssapi_la_OBJECTS): $(srcdir)/spnego/spnego-private.h
-$(libgssapi_la_OBJECTS): $(srcdir)/ntlm/ntlm-private.h
-
-$(libgssapi_la_OBJECTS): $(srcdir)/version-script.map
-
-$(spnego_files) spnego_asn1.h: spnego_asn1_files
-$(gssapi_files) gssapi_asn1.h: gssapi_asn1_files
-
-spnego_asn1_files: ../asn1/asn1_compile$(EXEEXT) $(srcdir)/spnego/spnego.asn1
-	../asn1/asn1_compile$(EXEEXT) --sequence=MechTypeList $(srcdir)/spnego/spnego.asn1 spnego_asn1
-
-gssapi_asn1_files: ../asn1/asn1_compile$(EXEEXT) $(srcdir)/mech/gssapi.asn1
-	../asn1/asn1_compile$(EXEEXT) $(srcdir)/mech/gssapi.asn1 gssapi_asn1
-
-$(srcdir)/krb5/gsskrb5-private.h:
-	cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p krb5/gsskrb5-private.h $(krb5src) || rm -f krb5/gsskrb5-private.h
-
-$(srcdir)/spnego/spnego-private.h:
-	cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p spnego/spnego-private.h $(spnegosrc) || rm -f spnego/spnego-private.h
-
-gss-commands.c gss-commands.h: gss-commands.in
-	$(SLC) $(srcdir)/gss-commands.in
-
-$(gss_OBJECTS): gss-commands.h
-
-# to help stupid solaris make
-
-$(libgssapi_la_OBJECTS): gkrb5_err.h gssapi_asn1.h spnego_asn1.h
-
-gkrb5_err.h gkrb5_err.c: $(srcdir)/krb5/gkrb5_err.et
-	$(COMPILE_ET) $(srcdir)/krb5/gkrb5_err.et
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/gssapi/accept_sec_context.c b/crypto/heimdal/lib/gssapi/accept_sec_context.c
deleted file mode 100644
index d923c36fd574..000000000000
--- a/crypto/heimdal/lib/gssapi/accept_sec_context.c
+++ /dev/null
@@ -1,445 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: accept_sec_context.c,v 1.33.2.2 2003/12/19 00:37:06 lha Exp $");
-
-krb5_keytab gssapi_krb5_keytab;
-
-OM_uint32
-gsskrb5_register_acceptor_identity (const char *identity)
-{
-    krb5_error_code ret;
-    char *p;
-
-    ret = gssapi_krb5_init();
-    if(ret)
-	return GSS_S_FAILURE;
-    
-    if(gssapi_krb5_keytab != NULL) {
-	krb5_kt_close(gssapi_krb5_context, gssapi_krb5_keytab);
-	gssapi_krb5_keytab = NULL;
-    }
-    asprintf(&p, "FILE:%s", identity);
-    if(p == NULL)
-	return GSS_S_FAILURE;
-    ret = krb5_kt_resolve(gssapi_krb5_context, p, &gssapi_krb5_keytab);
-    free(p);
-    if(ret)
-	return GSS_S_FAILURE;
-    return GSS_S_COMPLETE;
-}
-
-OM_uint32
-gss_accept_sec_context
-           (OM_uint32 * minor_status,
-            gss_ctx_id_t * context_handle,
-            const gss_cred_id_t acceptor_cred_handle,
-            const gss_buffer_t input_token_buffer,
-            const gss_channel_bindings_t input_chan_bindings,
-            gss_name_t * src_name,
-            gss_OID * mech_type,
-            gss_buffer_t output_token,
-            OM_uint32 * ret_flags,
-            OM_uint32 * time_rec,
-            gss_cred_id_t * delegated_cred_handle
-           )
-{
-    krb5_error_code kret;
-    OM_uint32 ret = GSS_S_COMPLETE;
-    krb5_data indata;
-    krb5_flags ap_options;
-    OM_uint32 flags;
-    krb5_ticket *ticket = NULL;
-    krb5_keytab keytab = NULL;
-    krb5_data fwd_data;
-    OM_uint32 minor;
-
-    GSSAPI_KRB5_INIT();
-
-    krb5_data_zero (&fwd_data);
-    output_token->length = 0;
-    output_token->value   = NULL;
-
-    if (src_name != NULL)
-	*src_name = NULL;
-    if (mech_type)
-	*mech_type = GSS_KRB5_MECHANISM;
-
-    if (*context_handle == GSS_C_NO_CONTEXT) {
-	*context_handle = malloc(sizeof(**context_handle));
-	if (*context_handle == GSS_C_NO_CONTEXT) {
-	    *minor_status = ENOMEM;
-	    return GSS_S_FAILURE;
-	}
-    }
-
-    (*context_handle)->auth_context =  NULL;
-    (*context_handle)->source = NULL;
-    (*context_handle)->target = NULL;
-    (*context_handle)->flags = 0;
-    (*context_handle)->more_flags = 0;
-    (*context_handle)->ticket = NULL;
-    (*context_handle)->lifetime = GSS_C_INDEFINITE;
-
-    kret = krb5_auth_con_init (gssapi_krb5_context,
-			       &(*context_handle)->auth_context);
-    if (kret) {
-	ret = GSS_S_FAILURE;
-	*minor_status = kret;
-	gssapi_krb5_set_error_string ();
-	goto failure;
-    }
-
-    if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS
-	&& input_chan_bindings->application_data.length ==
-	2 * sizeof((*context_handle)->auth_context->local_port)
-	) {
-     
-	/* Port numbers are expected to be in application_data.value,
-	 * initator's port first */
-     
-	krb5_address initiator_addr, acceptor_addr;
-     
-	memset(&initiator_addr, 0, sizeof(initiator_addr));
-	memset(&acceptor_addr, 0, sizeof(acceptor_addr));
-
-	(*context_handle)->auth_context->remote_port = 
-	    *(int16_t *) input_chan_bindings->application_data.value; 
-     
-	(*context_handle)->auth_context->local_port =
-	    *((int16_t *) input_chan_bindings->application_data.value + 1);
-
-     
-	kret = gss_address_to_krb5addr(input_chan_bindings->acceptor_addrtype,
-				       &input_chan_bindings->acceptor_address,
-				       (*context_handle)->auth_context->local_port,
-				       &acceptor_addr); 
-	if (kret) {
-	    gssapi_krb5_set_error_string ();
-	    ret = GSS_S_BAD_BINDINGS;
-	    *minor_status = kret;
-	    goto failure;
-	}
-                             
-	kret = gss_address_to_krb5addr(input_chan_bindings->initiator_addrtype,
-				       &input_chan_bindings->initiator_address, 
-				       (*context_handle)->auth_context->remote_port,
-				       &initiator_addr); 
-	if (kret) {
-	    krb5_free_address (gssapi_krb5_context, &acceptor_addr);
-	    gssapi_krb5_set_error_string ();
-	    ret = GSS_S_BAD_BINDINGS;
-	    *minor_status = kret;
-	    goto failure;
-	}
-     
-	kret = krb5_auth_con_setaddrs(gssapi_krb5_context,
-				      (*context_handle)->auth_context,
-				      &acceptor_addr,    /* local address */
-				      &initiator_addr);  /* remote address */
-     
-	krb5_free_address (gssapi_krb5_context, &initiator_addr);
-	krb5_free_address (gssapi_krb5_context, &acceptor_addr);
-     
-#if 0
-	free(input_chan_bindings->application_data.value);
-	input_chan_bindings->application_data.value = NULL;
-	input_chan_bindings->application_data.length = 0;
-#endif
-     
-	if (kret) {
-	    gssapi_krb5_set_error_string ();
-	    ret = GSS_S_BAD_BINDINGS;
-	    *minor_status = kret;
-	    goto failure;
-	}
-    }
-  
-
-
-    {
-	int32_t tmp;
-
-	krb5_auth_con_getflags(gssapi_krb5_context,
-			       (*context_handle)->auth_context,
-			       &tmp);
-	tmp |= KRB5_AUTH_CONTEXT_DO_SEQUENCE;
-	krb5_auth_con_setflags(gssapi_krb5_context,
-			       (*context_handle)->auth_context,
-			       tmp);
-    }
-
-    ret = gssapi_krb5_decapsulate (minor_status,
-				   input_token_buffer,
-				   &indata,
-				   "\x01\x00");
-    if (ret)
-	goto failure;
-
-    if (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) {
-	if (gssapi_krb5_keytab != NULL) {
-	    keytab = gssapi_krb5_keytab;
-	}
-    } else if (acceptor_cred_handle->keytab != NULL) {
-	keytab = acceptor_cred_handle->keytab;
-    }
-
-    kret = krb5_rd_req (gssapi_krb5_context,
-			&(*context_handle)->auth_context,
-			&indata,
-			(acceptor_cred_handle == GSS_C_NO_CREDENTIAL) ? NULL 
-			: acceptor_cred_handle->principal,
-			keytab,
-			&ap_options,
-			&ticket);
-    if (kret) {
-	ret = GSS_S_FAILURE;
-	*minor_status = kret;
-	gssapi_krb5_set_error_string ();
-	goto failure;
-    }
-
-    kret = krb5_copy_principal (gssapi_krb5_context,
-				ticket->client,
-				&(*context_handle)->source);
-    if (kret) {
-	ret = GSS_S_FAILURE;
-	*minor_status = kret;
-	gssapi_krb5_set_error_string ();
-	goto failure;
-    }
-
-    kret = krb5_copy_principal (gssapi_krb5_context,
-				ticket->server,
-				&(*context_handle)->target);
-    if (kret) {
-	ret = GSS_S_FAILURE;
-	*minor_status = kret;
-	gssapi_krb5_set_error_string ();
-	goto failure;
-    }
-
-    ret = _gss_DES3_get_mic_compat(minor_status, *context_handle);
-    if (ret)
-	goto failure;
-
-    if (src_name != NULL) {
-	kret = krb5_copy_principal (gssapi_krb5_context,
-				    ticket->client,
-				    src_name);
-	if (kret) {
-	    ret = GSS_S_FAILURE;
-	    *minor_status = kret;
-	    gssapi_krb5_set_error_string ();
-	    goto failure;
-	}
-    }
-
-    {
-	krb5_authenticator authenticator;
-      
-	kret = krb5_auth_con_getauthenticator(gssapi_krb5_context,
-					      (*context_handle)->auth_context,
-					      &authenticator);
-	if(kret) {
-	    ret = GSS_S_FAILURE;
-	    *minor_status = kret;
-	    gssapi_krb5_set_error_string ();
-	    goto failure;
-	}
-
-	ret = gssapi_krb5_verify_8003_checksum(minor_status,
-					       input_chan_bindings,
-					       authenticator->cksum,
-					       &flags,
-					       &fwd_data);
-	krb5_free_authenticator(gssapi_krb5_context, &authenticator);
-	if (ret)
-	    goto failure;
-    }
-
-    if (fwd_data.length > 0 && (flags & GSS_C_DELEG_FLAG)) {
-	krb5_ccache ccache;
-	int32_t ac_flags;
-      
-	if (delegated_cred_handle == NULL)
-	    /* XXX Create a new delegated_cred_handle? */
-	    kret = krb5_cc_default (gssapi_krb5_context, &ccache);
-	else if (*delegated_cred_handle == NULL) {
-	    if ((*delegated_cred_handle =
-		 calloc(1, sizeof(**delegated_cred_handle))) == NULL) {
-		ret = GSS_S_FAILURE;
-		*minor_status = ENOMEM;
-		krb5_set_error_string(gssapi_krb5_context, "out of memory");
-		gssapi_krb5_set_error_string();
-		goto failure;
-	    }
-	    if ((ret = gss_duplicate_name(minor_status, ticket->client,
-					  &(*delegated_cred_handle)->principal)) != 0) {
-		flags &= ~GSS_C_DELEG_FLAG;
-		free(*delegated_cred_handle);
-		*delegated_cred_handle = NULL;
-		goto end_fwd;
-	    }
-	}
-	if (delegated_cred_handle != NULL &&
-	    (*delegated_cred_handle)->ccache == NULL) {
-            kret = krb5_cc_gen_new (gssapi_krb5_context,
-                                    &krb5_mcc_ops,
-                                    &(*delegated_cred_handle)->ccache);
-	    ccache = (*delegated_cred_handle)->ccache;
-	}
-	if (delegated_cred_handle != NULL &&
-	    (*delegated_cred_handle)->mechanisms == NULL) {
-	    ret = gss_create_empty_oid_set(minor_status, 
-					   &(*delegated_cred_handle)->mechanisms);
-            if (ret)
-		goto failure;
-	    ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
-					 &(*delegated_cred_handle)->mechanisms);
-	    if (ret)
-		goto failure;
-	}
-
-	if (kret) {
-	    flags &= ~GSS_C_DELEG_FLAG;
-	    goto end_fwd;
-	}
-      
-	kret = krb5_cc_initialize(gssapi_krb5_context,
-				  ccache,
-				  *src_name);
-	if (kret) {
-	    flags &= ~GSS_C_DELEG_FLAG;
-	    goto end_fwd;
-	}
-      
-	krb5_auth_con_getflags(gssapi_krb5_context,
-			       (*context_handle)->auth_context,
-			       &ac_flags);
-	krb5_auth_con_setflags(gssapi_krb5_context,
-			       (*context_handle)->auth_context,
-			       ac_flags & ~KRB5_AUTH_CONTEXT_DO_TIME);
-	kret = krb5_rd_cred2(gssapi_krb5_context,
-			     (*context_handle)->auth_context,
-			     ccache,
-			     &fwd_data);
-	krb5_auth_con_setflags(gssapi_krb5_context,
-			       (*context_handle)->auth_context,
-			       ac_flags);
-	if (kret) {
-	    flags &= ~GSS_C_DELEG_FLAG;
-	    goto end_fwd;
-	}
-
-      end_fwd:
-	free(fwd_data.data);
-    }
-         
-
-    flags |= GSS_C_TRANS_FLAG;
-
-    if (ret_flags)
-	*ret_flags = flags;
-    (*context_handle)->lifetime = ticket->ticket.endtime;
-    (*context_handle)->flags = flags;
-    (*context_handle)->more_flags |= OPEN;
-
-    if (mech_type)
-	*mech_type = GSS_KRB5_MECHANISM;
-
-    if (time_rec) {
-	ret = gssapi_lifetime_left(minor_status,
-				   (*context_handle)->lifetime,
-				   time_rec);
-	if (ret)
-	    goto failure;
-    }
-
-    if(flags & GSS_C_MUTUAL_FLAG) {
-	krb5_data outbuf;
-
-	kret = krb5_mk_rep (gssapi_krb5_context,
-			    (*context_handle)->auth_context,
-			    &outbuf);
-	if (kret) {
-	    ret = GSS_S_FAILURE;
-	    *minor_status = kret;
-	    gssapi_krb5_set_error_string ();
-	    goto failure;
-	}
-	ret = gssapi_krb5_encapsulate (minor_status,
-				       &outbuf,
-				       output_token,
-				       "\x02\x00");
-	krb5_data_free (&outbuf);
-	if (ret)
-	    goto failure;
-    } else {
-	output_token->length = 0;
-	output_token->value = NULL;
-    }
-
-    (*context_handle)->ticket = ticket;
-    ticket = NULL;
-
-#if 0
-    krb5_free_ticket (context, ticket);
-#endif
-
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-
-  failure:
-    if (fwd_data.length > 0)
-	free(fwd_data.data);
-    if (ticket != NULL)
-	krb5_free_ticket (gssapi_krb5_context, ticket);
-    krb5_auth_con_free (gssapi_krb5_context,
-			(*context_handle)->auth_context);
-    if((*context_handle)->source)
-	krb5_free_principal (gssapi_krb5_context,
-			     (*context_handle)->source);
-    if((*context_handle)->target)
-	krb5_free_principal (gssapi_krb5_context,
-			     (*context_handle)->target);
-    free (*context_handle);
-    if (src_name != NULL) {
-	gss_release_name (&minor, src_name);
-	*src_name = NULL;
-    }
-    *context_handle = GSS_C_NO_CONTEXT;
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/acquire_cred.c b/crypto/heimdal/lib/gssapi/acquire_cred.c
deleted file mode 100644
index dfe2b4cca5cb..000000000000
--- a/crypto/heimdal/lib/gssapi/acquire_cred.c
+++ /dev/null
@@ -1,309 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: acquire_cred.c,v 1.13.2.1 2003/08/15 14:18:24 lha Exp $");
-
-static krb5_error_code
-get_keytab(krb5_keytab *keytab)
-{
-    char kt_name[256];
-    krb5_error_code kret;
-
-    if (gssapi_krb5_keytab != NULL) {
-	kret = krb5_kt_get_name(gssapi_krb5_context,
-				gssapi_krb5_keytab,
-				kt_name, sizeof(kt_name));
-	if (kret == 0)
-	    kret = krb5_kt_resolve(gssapi_krb5_context, kt_name, keytab);
-    } else
-	kret = krb5_kt_default(gssapi_krb5_context, keytab);
-    return (kret);
-}
-
-static OM_uint32 acquire_initiator_cred
-		  (OM_uint32 * minor_status,
-		   const gss_name_t desired_name,
-		   OM_uint32 time_req,
-		   const gss_OID_set desired_mechs,
-		   gss_cred_usage_t cred_usage,
-		   gss_cred_id_t handle,
-		   gss_OID_set * actual_mechs,
-		   OM_uint32 * time_rec
-		  )
-{
-    OM_uint32 ret;
-    krb5_creds cred;
-    krb5_principal def_princ;
-    krb5_get_init_creds_opt opt;
-    krb5_ccache ccache;
-    krb5_keytab keytab;
-    krb5_error_code kret;
-
-    keytab = NULL;
-    ccache = NULL;
-    def_princ = NULL;
-    ret = GSS_S_FAILURE;
-    memset(&cred, 0, sizeof(cred));
-
-    kret = krb5_cc_default(gssapi_krb5_context, &ccache);
-    if (kret)
-	goto end;
-    kret = krb5_cc_get_principal(gssapi_krb5_context, ccache,
-	&def_princ);
-    if (kret != 0) {
-	/* we'll try to use a keytab below */
-	krb5_cc_destroy(gssapi_krb5_context, ccache);
-	ccache = NULL;
-	kret = 0;
-    } else if (handle->principal == NULL)  {
-	kret = krb5_copy_principal(gssapi_krb5_context, def_princ,
-	    &handle->principal);
-	if (kret)
-	    goto end;
-    } else if (handle->principal != NULL &&
-	krb5_principal_compare(gssapi_krb5_context, handle->principal,
-	def_princ) == FALSE) {
-	/* Before failing, lets check the keytab */
-	krb5_free_principal(gssapi_krb5_context, def_princ);
-	def_princ = NULL;
-    }
-    if (def_princ == NULL) {
-	/* We have no existing credentials cache,
-	 * so attempt to get a TGT using a keytab.
-	 */
-	if (handle->principal == NULL) {
-	    kret = krb5_get_default_principal(gssapi_krb5_context,
-		&handle->principal);
-	    if (kret)
-		goto end;
-	}
-	kret = get_keytab(&keytab);
-	if (kret)
-	    goto end;
-	krb5_get_init_creds_opt_init(&opt);
-	kret = krb5_get_init_creds_keytab(gssapi_krb5_context, &cred,
-	    handle->principal, keytab, 0, NULL, &opt);
-	if (kret)
-	    goto end;
-	kret = krb5_cc_gen_new(gssapi_krb5_context, &krb5_mcc_ops,
-		&ccache);
-	if (kret)
-	    goto end;
-	kret = krb5_cc_initialize(gssapi_krb5_context, ccache, cred.client);
-	if (kret)
-	    goto end;
-	kret = krb5_cc_store_cred(gssapi_krb5_context, ccache, &cred);
-	if (kret)
-	    goto end;
-	handle->lifetime = cred.times.endtime;
-    } else {
-	krb5_creds in_cred, *out_cred;
-	krb5_const_realm realm;
-
-	memset(&in_cred, 0, sizeof(in_cred));
-	in_cred.client = handle->principal;
-	
-	realm = krb5_principal_get_realm(gssapi_krb5_context, 
-					 handle->principal);
-	if (realm == NULL) {
-	    kret = KRB5_PRINC_NOMATCH; /* XXX */
-	    goto end;
-	}
-
-	kret = krb5_make_principal(gssapi_krb5_context, &in_cred.server, 
-				   realm, KRB5_TGS_NAME, realm, NULL);
-	if (kret)
-	    goto end;
-
-	kret = krb5_get_credentials(gssapi_krb5_context, 0, 
-				    ccache, &in_cred, &out_cred);
-	krb5_free_principal(gssapi_krb5_context, in_cred.server);
-	if (kret)
-	    goto end;
-
-	handle->lifetime = out_cred->times.endtime;
-	krb5_free_creds(gssapi_krb5_context, out_cred);
-    }
-
-    handle->ccache = ccache;
-    ret = GSS_S_COMPLETE;
-
-end:
-    if (cred.client != NULL)
-	krb5_free_creds_contents(gssapi_krb5_context, &cred);
-    if (def_princ != NULL)
-	krb5_free_principal(gssapi_krb5_context, def_princ);
-    if (keytab != NULL)
-	krb5_kt_close(gssapi_krb5_context, keytab);
-    if (ret != GSS_S_COMPLETE) {
-	if (ccache != NULL)
-	    krb5_cc_close(gssapi_krb5_context, ccache);
-	if (kret != 0) {
-	    *minor_status = kret;
-	    gssapi_krb5_set_error_string ();
-	}
-    }
-    return (ret);
-}
-
-static OM_uint32 acquire_acceptor_cred
-		  (OM_uint32 * minor_status,
-		   const gss_name_t desired_name,
-		   OM_uint32 time_req,
-		   const gss_OID_set desired_mechs,
-		   gss_cred_usage_t cred_usage,
-		   gss_cred_id_t handle,
-		   gss_OID_set * actual_mechs,
-		   OM_uint32 * time_rec
-		  )
-{
-    OM_uint32 ret;
-    krb5_error_code kret;
-
-    kret = 0;
-    ret = GSS_S_FAILURE;
-    kret = get_keytab(&handle->keytab);
-    if (kret)
-	goto end;
-    ret = GSS_S_COMPLETE;
- 
-end:
-    if (ret != GSS_S_COMPLETE) {
-	if (handle->keytab != NULL)
-	    krb5_kt_close(gssapi_krb5_context, handle->keytab);
-	if (kret != 0) {
-	    *minor_status = kret;
-	    gssapi_krb5_set_error_string ();
-	}
-    }
-    return (ret);
-}
-
-OM_uint32 gss_acquire_cred
-           (OM_uint32 * minor_status,
-            const gss_name_t desired_name,
-            OM_uint32 time_req,
-            const gss_OID_set desired_mechs,
-            gss_cred_usage_t cred_usage,
-            gss_cred_id_t * output_cred_handle,
-            gss_OID_set * actual_mechs,
-            OM_uint32 * time_rec
-           )
-{
-    gss_cred_id_t handle;
-    OM_uint32 ret;
-
-    GSSAPI_KRB5_INIT ();
-
-    *output_cred_handle = NULL;
-    if (time_rec)
-	*time_rec = 0;
-    if (actual_mechs)
-	*actual_mechs = GSS_C_NO_OID_SET;
-
-    if (desired_mechs) {
-	OM_uint32 present = 0;
-
-	ret = gss_test_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
-				      desired_mechs, &present); 
-	if (ret)
-	    return ret;
-	if (!present) {
-	    *minor_status = 0;
-	    return GSS_S_BAD_MECH;
-	}
-    }
-
-    handle = (gss_cred_id_t)malloc(sizeof(*handle));
-    if (handle == GSS_C_NO_CREDENTIAL) {
-	*minor_status = ENOMEM;
-        return (GSS_S_FAILURE);
-    }
-
-    memset(handle, 0, sizeof (*handle));
-
-    if (desired_name != GSS_C_NO_NAME) {
-	ret = gss_duplicate_name(minor_status, desired_name,
-	    &handle->principal);
-	if (ret != GSS_S_COMPLETE) {
-	    free(handle);
-	    return (ret);
-	}
-    }
-    if (cred_usage == GSS_C_INITIATE || cred_usage == GSS_C_BOTH) {
-	ret = acquire_initiator_cred(minor_status, desired_name, time_req,
-	    desired_mechs, cred_usage, handle, actual_mechs, time_rec);
-    	if (ret != GSS_S_COMPLETE) {
-	    free(handle);
-	    return (ret);
-	}
-    } else if (cred_usage == GSS_C_ACCEPT || cred_usage == GSS_C_BOTH) {
-	ret = acquire_acceptor_cred(minor_status, desired_name, time_req,
-	    desired_mechs, cred_usage, handle, actual_mechs, time_rec);
-	if (ret != GSS_S_COMPLETE) {
-	    free(handle);
-	    return (ret);
-	}
-    } else {
-	free(handle);
-	*minor_status = GSS_KRB5_S_G_BAD_USAGE;
-	return GSS_S_FAILURE;
-    }
-    ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms);
-    if (ret == GSS_S_COMPLETE)
-    	ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
-				 &handle->mechanisms);
-    if (ret == GSS_S_COMPLETE)
-    	ret = gss_inquire_cred(minor_status, handle, NULL, time_rec, NULL,
-			   actual_mechs);
-    if (ret != GSS_S_COMPLETE) {
-	if (handle->mechanisms != NULL)
-		gss_release_oid_set(NULL, &handle->mechanisms);
-	free(handle);
-	return (ret);
-    } 
-    *minor_status = 0;
-    if (time_rec) {
-	ret = gssapi_lifetime_left(minor_status,
-				   handle->lifetime,
-				   time_rec);
-
-	if (ret)
-	    return ret;
-    }
-    handle->usage = cred_usage;
-    *output_cred_handle = handle;
-    return (GSS_S_COMPLETE);
-}
diff --git a/crypto/heimdal/lib/gssapi/add_cred.c b/crypto/heimdal/lib/gssapi/add_cred.c
deleted file mode 100644
index 53d4f3370696..000000000000
--- a/crypto/heimdal/lib/gssapi/add_cred.c
+++ /dev/null
@@ -1,234 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: add_cred.c,v 1.2.2.1 2003/10/21 21:00:47 lha Exp $");
-
-OM_uint32 gss_add_cred (
-     OM_uint32           *minor_status,
-     const gss_cred_id_t input_cred_handle,
-     const gss_name_t    desired_name,
-     const gss_OID       desired_mech,
-     gss_cred_usage_t    cred_usage,
-     OM_uint32           initiator_time_req,
-     OM_uint32           acceptor_time_req,
-     gss_cred_id_t       *output_cred_handle,
-     gss_OID_set         *actual_mechs,
-     OM_uint32           *initiator_time_rec,
-     OM_uint32           *acceptor_time_rec)
-{
-    OM_uint32 ret, lifetime;
-    gss_cred_id_t cred, handle;
-
-    handle = NULL;
-    cred = input_cred_handle;
-
-    if (gss_oid_equal(desired_mech, GSS_KRB5_MECHANISM) == 0) {
-	*minor_status = 0;
-	return GSS_S_BAD_MECH;
-    }
-
-    if (cred == GSS_C_NO_CREDENTIAL && output_cred_handle == NULL) {
-	*minor_status = 0;
-	return GSS_S_NO_CRED;
-    }
-
-    /* check if requested output usage is compatible with output usage */ 
-    if (output_cred_handle != NULL &&
-	(cred->usage != cred_usage && cred->usage != GSS_C_BOTH)) {
-	*minor_status = GSS_KRB5_S_G_BAD_USAGE;
-	return(GSS_S_FAILURE);
-    }
-	
-    /* check that we have the same name */
-    if (desired_name != GSS_C_NO_NAME &&
-	krb5_principal_compare(gssapi_krb5_context, desired_name,
-			       cred->principal) != FALSE) {
-	*minor_status = 0;
-	return GSS_S_BAD_NAME;
-    }
-
-    /* make a copy */
-    if (output_cred_handle) {
-
-	handle = (gss_cred_id_t)malloc(sizeof(*handle));
-	if (handle == GSS_C_NO_CREDENTIAL) {
-	    *minor_status = ENOMEM;
-	    return (GSS_S_FAILURE);
-	}
-
-	memset(handle, 0, sizeof (*handle));
-
-	handle->usage = cred_usage;
-	handle->lifetime = cred->lifetime;
-	handle->principal = NULL;
-	handle->keytab = NULL;
-	handle->ccache = NULL;
-	handle->mechanisms = NULL;
-	
-	ret = GSS_S_FAILURE;
-
-	ret = gss_duplicate_name(minor_status, cred->principal,
-				 &handle->principal);
-	if (ret) {
-	    free(handle);
-	    *minor_status = ENOMEM;
-	    return GSS_S_FAILURE;
-	}
-
-	if (cred->keytab) {
-	    krb5_error_code kret;
-	    char name[KRB5_KT_PREFIX_MAX_LEN + MAXPATHLEN];
-	    int len;
-	    
-	    ret = GSS_S_FAILURE;
-
-	    kret = krb5_kt_get_type(gssapi_krb5_context, cred->keytab,
-				    name, KRB5_KT_PREFIX_MAX_LEN);
-	    if (kret) {
-		*minor_status = kret;
-		goto failure;
-	    }
-	    len = strlen(name);
-	    name[len++] = ':';
-
-	    kret = krb5_kt_get_name(gssapi_krb5_context, cred->keytab,
-				    name + len, 
-				    sizeof(name) - len);
-	    if (kret) {
-		*minor_status = kret;
-		goto failure;
-	    }
-
-	    kret = krb5_kt_resolve(gssapi_krb5_context, name,
-				   &handle->keytab);
-	    if (kret){
-		*minor_status = kret;
-		goto failure;
-	    }
-	}
-
-	if (cred->ccache) {
-	    krb5_error_code kret;
-	    const char *type, *name;
-	    char *type_name;
-
-	    ret = GSS_S_FAILURE;
-
-	    type = krb5_cc_get_type(gssapi_krb5_context, cred->ccache);
-	    if (type == NULL){
-		*minor_status = ENOMEM;
-		goto failure;
-	    }
-
-	    if (strcmp(type, "MEMORY") == 0) {
-		ret = krb5_cc_gen_new(gssapi_krb5_context, &krb5_mcc_ops,
-				      &handle->ccache);
-		if (ret) {
-		    *minor_status = ret;
-		    goto failure;
-		}
-
-		ret = krb5_cc_copy_cache(gssapi_krb5_context, cred->ccache,
-					 handle->ccache);
-		if (ret) {
-		    *minor_status = ret;
-		    goto failure;
-		}
-
-	    } else {
-
-		name = krb5_cc_get_name(gssapi_krb5_context, cred->ccache);
-		if (name == NULL) {
-		    *minor_status = ENOMEM;
-		    goto failure;
-		}
-		
-		asprintf(&type_name, "%s:%s", type, name);
-		if (type_name == NULL) {
-		    *minor_status = ENOMEM;
-		    goto failure;
-		}
-		
-		kret = krb5_cc_resolve(gssapi_krb5_context, type_name,
-				       &handle->ccache);
-		free(type_name);
-		if (kret) {
-		    *minor_status = kret;
-		    goto failure;
-		}	    
-	    }
-	}
-
-	ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms);
-	if (ret)
-	    goto failure;
-
-	ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
-				     &handle->mechanisms);
-	if (ret)
-	    goto failure;
-    }
-
-    ret = gss_inquire_cred(minor_status, cred, NULL, &lifetime,
-			   NULL, actual_mechs);
-    if (ret)
-	goto failure;
-
-    if (initiator_time_rec)
-	*initiator_time_rec = lifetime;
-    if (acceptor_time_rec)
-	*acceptor_time_rec = lifetime;
-
-    if (output_cred_handle)
-	*output_cred_handle = handle;
-
-    *minor_status = 0;
-    return ret;
-
- failure:
-
-    if (handle) {
-	if (handle->principal)
-	    gss_release_name(NULL, &handle->principal);
-	if (handle->keytab)
-	    krb5_kt_close(gssapi_krb5_context, handle->keytab);
-	if (handle->ccache)
-	    krb5_cc_destroy(gssapi_krb5_context, handle->ccache);
-	if (handle->mechanisms)
-	    gss_release_oid_set(NULL, &handle->mechanisms);
-	free(handle);
-    }
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/add_oid_set_member.c b/crypto/heimdal/lib/gssapi/add_oid_set_member.c
deleted file mode 100644
index ed654fc8c5b8..000000000000
--- a/crypto/heimdal/lib/gssapi/add_oid_set_member.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: add_oid_set_member.c,v 1.8 2003/03/16 17:50:49 lha Exp $");
-
-OM_uint32 gss_add_oid_set_member (
-            OM_uint32 * minor_status,
-            const gss_OID member_oid,
-            gss_OID_set * oid_set
-           )
-{
-  gss_OID tmp;
-  size_t n;
-  OM_uint32 res;
-  int present;
-
-  res = gss_test_oid_set_member(minor_status, member_oid, *oid_set, &present);
-  if (res != GSS_S_COMPLETE)
-    return res;
-
-  if (present) {
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-  }
-
-  n = (*oid_set)->count + 1;
-  tmp = realloc ((*oid_set)->elements, n * sizeof(gss_OID_desc));
-  if (tmp == NULL) {
-    *minor_status = ENOMEM;
-    return GSS_S_FAILURE;
-  }
-  (*oid_set)->elements = tmp;
-  (*oid_set)->count = n;
-  (*oid_set)->elements[n-1] = *member_oid;
-  *minor_status = 0;
-  return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/address_to_krb5addr.c b/crypto/heimdal/lib/gssapi/address_to_krb5addr.c
deleted file mode 100644
index c8041aa93626..000000000000
--- a/crypto/heimdal/lib/gssapi/address_to_krb5addr.c
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * Copyright (c) 2000 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-#include <roken.h>
-
-krb5_error_code
-gss_address_to_krb5addr(OM_uint32 gss_addr_type,
-                        gss_buffer_desc *gss_addr,
-                        int16_t port,
-                        krb5_address *address)
-{
-   int addr_type;
-   struct sockaddr sa;
-   int sa_size = sizeof(sa);
-   krb5_error_code problem;
-   
-   if (gss_addr == NULL)
-      return GSS_S_FAILURE; 
-   
-   switch (gss_addr_type) {
-#ifdef HAVE_IPV6
-      case GSS_C_AF_INET6: addr_type = AF_INET6;
-                           break;
-#endif /* HAVE_IPV6 */
-                           
-      case GSS_C_AF_INET:  addr_type = AF_INET;
-                           break;
-      default:
-                           return GSS_S_FAILURE;
-   }
-                      
-   problem = krb5_h_addr2sockaddr (gssapi_krb5_context,
-				   addr_type,
-                                   gss_addr->value, 
-                                   &sa, 
-                                   &sa_size, 
-                                   port);
-   if (problem)
-      return GSS_S_FAILURE;
-
-   problem = krb5_sockaddr2address (gssapi_krb5_context, &sa, address);
-
-   return problem;  
-}
diff --git a/crypto/heimdal/lib/gssapi/arcfour.c b/crypto/heimdal/lib/gssapi/arcfour.c
deleted file mode 100644
index 66d688ca0b58..000000000000
--- a/crypto/heimdal/lib/gssapi/arcfour.c
+++ /dev/null
@@ -1,623 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-/*
- * Implements draft-brezak-win2k-krb-rc4-hmac-04.txt
- */
-
-RCSID("$Id: arcfour.c,v 1.12.2.3 2003/09/19 15:15:11 lha Exp $");
-
-static krb5_error_code
-arcfour_mic_key(krb5_context context, krb5_keyblock *key,
-		void *cksum_data, size_t cksum_size,
-		void *key6_data, size_t key6_size)
-{
-    krb5_error_code ret;
-    
-    Checksum cksum_k5;
-    krb5_keyblock key5;
-    char k5_data[16];
-    
-    Checksum cksum_k6;
-    
-    char T[4];
-
-    memset(T, 0, 4);
-    cksum_k5.checksum.data = k5_data;
-    cksum_k5.checksum.length = sizeof(k5_data);
-
-    if (key->keytype == KEYTYPE_ARCFOUR_56) {
-	char L40[14] = "fortybits";
-
-	memcpy(L40 + 10, T, sizeof(T));
-	ret = krb5_hmac(context, CKSUMTYPE_RSA_MD5,
-			L40, 14, 0, key, &cksum_k5);
-	memset(&k5_data[7], 0xAB, 9);
-    } else {
-	ret = krb5_hmac(context, CKSUMTYPE_RSA_MD5,
-			T, 4, 0, key, &cksum_k5);
-    }
-    if (ret)
-	return ret;
-
-    key5.keytype = KEYTYPE_ARCFOUR;
-    key5.keyvalue = cksum_k5.checksum;
-
-    cksum_k6.checksum.data = key6_data;
-    cksum_k6.checksum.length = key6_size;
-
-    return krb5_hmac(context, CKSUMTYPE_RSA_MD5,
-		     cksum_data, cksum_size, 0, &key5, &cksum_k6);
-}
-
-
-static krb5_error_code
-arcfour_mic_cksum(krb5_keyblock *key, unsigned usage,
-		  u_char *sgn_cksum, size_t sgn_cksum_sz,
-		  const char *v1, size_t l1,
-		  const void *v2, size_t l2,
-		  const void *v3, size_t l3)
-{
-    Checksum CKSUM;
-    u_char *ptr;
-    size_t len;
-    krb5_crypto crypto;
-    krb5_error_code ret;
-    
-    assert(sgn_cksum_sz == 8);
-
-    len = l1 + l2 + l3;
-
-    ptr = malloc(len);
-    if (ptr == NULL)
-	return ENOMEM;
-
-    memcpy(ptr, v1, l1);
-    memcpy(ptr + l1, v2, l2);
-    memcpy(ptr + l1 + l2, v3, l3);
-    
-    ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto);
-    if (ret) {
-	free(ptr);
-	return ret;
-    }
-    
-    ret = krb5_create_checksum(gssapi_krb5_context,
-			       crypto,
-			       usage,
-			       0,
-			       ptr, len,
-			       &CKSUM);
-    free(ptr);
-    if (ret == 0) {
-	memcpy(sgn_cksum, CKSUM.checksum.data, sgn_cksum_sz);
-	free_Checksum(&CKSUM);
-    }
-    krb5_crypto_destroy(gssapi_krb5_context, crypto);
-
-    return ret;
-}
-
-
-OM_uint32
-_gssapi_get_mic_arcfour(OM_uint32 * minor_status,
-			const gss_ctx_id_t context_handle,
-			gss_qop_t qop_req,
-			const gss_buffer_t message_buffer,
-			gss_buffer_t message_token,
-			krb5_keyblock *key)
-{
-    krb5_error_code ret;
-    int32_t seq_number;
-    size_t len, total_len;
-    u_char k6_data[16], *p0, *p;
-    RC4_KEY rc4_key;
-    
-    gssapi_krb5_encap_length (22, &len, &total_len);
-    
-    message_token->length = total_len;
-    message_token->value  = malloc (total_len);
-    if (message_token->value == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    
-    p0 = _gssapi_make_mech_header(message_token->value,
-				  len);
-    p = p0;
-    
-    *p++ = 0x01; /* TOK_ID */
-    *p++ = 0x01;
-    *p++ = 0x11; /* SGN_ALG */
-    *p++ = 0x00;
-    *p++ = 0xff; /* Filler */
-    *p++ = 0xff;
-    *p++ = 0xff;
-    *p++ = 0xff;
-
-    p = NULL;
-
-    ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SIGN,
-			    p0 + 16, 8,  /* SGN_CKSUM */
-			    p0, 8, /* TOK_ID, SGN_ALG, Filer */
-			    message_buffer->value, message_buffer->length,
-			    NULL, 0);
-    if (ret) {
-	gss_release_buffer(minor_status, message_token);
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    ret = arcfour_mic_key(gssapi_krb5_context, key,
-			  p0 + 16, 8, /* SGN_CKSUM */
-			  k6_data, sizeof(k6_data));
-    if (ret) {
-	gss_release_buffer(minor_status, message_token);
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
-				     context_handle->auth_context,
-				     &seq_number);
-    p = p0 + 8; /* SND_SEQ */
-    gssapi_encode_be_om_uint32(seq_number, p);
-    
-    krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
-				     context_handle->auth_context,
-				     ++seq_number);
-    
-    memset (p + 4, (context_handle->more_flags & LOCAL) ? 0 : 0xff, 4);
-
-    RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
-    RC4 (&rc4_key, 8, p, p);
-	
-    memset(&rc4_key, 0, sizeof(rc4_key));
-    memset(k6_data, 0, sizeof(k6_data));
-    
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
-
-
-OM_uint32
-_gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
-			   const gss_ctx_id_t context_handle,
-			   const gss_buffer_t message_buffer,
-			   const gss_buffer_t token_buffer,
-			   gss_qop_t * qop_state,
-			   krb5_keyblock *key,
-			   char *type)
-{
-    krb5_error_code ret;
-    int32_t seq_number, seq_number2;
-    OM_uint32 omret;
-    char cksum_data[8], k6_data[16], SND_SEQ[8];
-    u_char *p;
-    int cmp;
-    
-    if (qop_state)
-	*qop_state = 0;
-
-    p = token_buffer->value;
-    omret = gssapi_krb5_verify_header (&p,
-				       token_buffer->length,
-				       type);
-    if (omret)
-	return omret;
-    
-    if (memcmp(p, "\x11\x00", 2) != 0) /* SGN_ALG = HMAC MD5 ARCFOUR */
-	return GSS_S_BAD_SIG;
-    p += 2;
-    if (memcmp (p, "\xff\xff\xff\xff", 4) != 0)
-	return GSS_S_BAD_MIC;
-    p += 4;
-
-    ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SIGN,
-			    cksum_data, sizeof(cksum_data),
-			    p - 8, 8,
-			    message_buffer->value, message_buffer->length,
-			    NULL, 0);
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    ret = arcfour_mic_key(gssapi_krb5_context, key,
-			  cksum_data, sizeof(cksum_data),
-			  k6_data, sizeof(k6_data));
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    cmp = memcmp(cksum_data, p + 8, 8);
-    if (cmp) {
-	*minor_status = 0;
-	return GSS_S_BAD_MIC;
-    }
-
-    {
-	RC4_KEY rc4_key;
-	
-	RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
-	RC4 (&rc4_key, 8, p, SND_SEQ);
-	
-	memset(&rc4_key, 0, sizeof(rc4_key));
-	memset(k6_data, 0, sizeof(k6_data));
-    }
-
-    gssapi_decode_be_om_uint32(SND_SEQ, &seq_number);
-
-    if (context_handle->more_flags & LOCAL)
-	cmp = memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4);
-    else
-	cmp = memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4);
-
-    memset(SND_SEQ, 0, sizeof(SND_SEQ));
-    if (cmp != 0) {
-	*minor_status = 0;
-	return GSS_S_BAD_MIC;
-    }
-    
-    krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
-				      context_handle->auth_context,
-				      &seq_number2);
-
-    if (seq_number != seq_number2) {
-	*minor_status = 0;
-	return GSS_S_UNSEQ_TOKEN;
-    }
-
-    krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
-				      context_handle->auth_context,
-				      ++seq_number2);
-
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
-
-OM_uint32
-_gssapi_wrap_arcfour(OM_uint32 * minor_status,
-		     const gss_ctx_id_t context_handle,
-		     int conf_req_flag,
-		     gss_qop_t qop_req,
-		     const gss_buffer_t input_message_buffer,
-		     int * conf_state,
-		     gss_buffer_t output_message_buffer,
-		     krb5_keyblock *key)
-{
-    u_char Klocaldata[16], k6_data[16], *p, *p0;
-    size_t len, total_len, datalen;
-    krb5_keyblock Klocal;
-    krb5_error_code ret;
-    int32_t seq_number;
-
-    if (conf_state)
-	*conf_state = 0;
-
-    datalen = input_message_buffer->length + 1 /* padding */;
-    len = datalen + 30;
-    gssapi_krb5_encap_length (len, &len, &total_len);
-
-    output_message_buffer->length = total_len;
-    output_message_buffer->value  = malloc (total_len);
-    if (output_message_buffer->value == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    
-    p0 = _gssapi_make_mech_header(output_message_buffer->value,
-				  len);
-    p = p0;
-
-    *p++ = 0x02; /* TOK_ID */
-    *p++ = 0x01;
-    *p++ = 0x11; /* SGN_ALG */
-    *p++ = 0x00;
-    if (conf_req_flag) {
-	*p++ = 0x10; /* SEAL_ALG */
-	*p++ = 0x00;
-    } else {
-	*p++ = 0xff; /* SEAL_ALG */
-	*p++ = 0xff;
-    }
-    *p++ = 0xff; /* Filler */
-    *p++ = 0xff;
-
-    p = NULL;
-
-    krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
-				     context_handle->auth_context,
-				     &seq_number);
-
-    gssapi_encode_be_om_uint32(seq_number, p0 + 8);
-
-    krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
-				     context_handle->auth_context,
-				     ++seq_number);
-
-    memset (p0 + 8 + 4,
-	    (context_handle->more_flags & LOCAL) ? 0 : 0xff,
-	    4);
-
-    krb5_generate_random_block(p0 + 24, 8); /* fill in Confounder */
-    
-    /* p points to data */
-    p = p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE;
-    memcpy(p, input_message_buffer->value, input_message_buffer->length);
-    p[input_message_buffer->length] = 1; /* PADDING */
-
-    ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SEAL,
-			    p0 + 16, 8, /* SGN_CKSUM */ 
-			    p0, 8, /* TOK_ID, SGN_ALG, SEAL_ALG, Filler */
-			    p0 + 24, 8, /* Confounder */
-			    p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE, 
-			    datalen);
-    if (ret) {
-	*minor_status = ret;
-	gss_release_buffer(minor_status, output_message_buffer);
-	return GSS_S_FAILURE;
-    }
-
-    {
-	int i;
-
-	Klocal.keytype = key->keytype;
-	Klocal.keyvalue.data = Klocaldata;
-	Klocal.keyvalue.length = sizeof(Klocaldata);
-
-	for (i = 0; i < 16; i++)
-	    Klocaldata[i] = ((u_char *)key->keyvalue.data)[i] ^ 0xF0;
-    }
-    ret = arcfour_mic_key(gssapi_krb5_context, &Klocal,
-			  p0 + 8, 4, /* SND_SEQ */
-			  k6_data, sizeof(k6_data));
-    memset(Klocaldata, 0, sizeof(Klocaldata));
-    if (ret) {
-	gss_release_buffer(minor_status, output_message_buffer);
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-
-    if(conf_req_flag) {
-	RC4_KEY rc4_key;
-
-	RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
-	/* XXX ? */
-	RC4 (&rc4_key, 8 + datalen, p0 + 24, p0 + 24); /* Confounder + data */
-	memset(&rc4_key, 0, sizeof(rc4_key));
-    }
-    memset(k6_data, 0, sizeof(k6_data));
-
-    ret = arcfour_mic_key(gssapi_krb5_context, key,
-			  p0 + 16, 8, /* SGN_CKSUM */
-			  k6_data, sizeof(k6_data));
-    if (ret) {
-	gss_release_buffer(minor_status, output_message_buffer);
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    {
-	RC4_KEY rc4_key;
-	
-	RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
-	RC4 (&rc4_key, 8, p0 + 8, p0 + 8); /* SND_SEQ */
-	memset(&rc4_key, 0, sizeof(rc4_key));
-	memset(k6_data, 0, sizeof(k6_data));
-    }
-
-    if (conf_state)
-	*conf_state = conf_req_flag;
-
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
-
-OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
-				 const gss_ctx_id_t context_handle,
-				 const gss_buffer_t input_message_buffer,
-				 gss_buffer_t output_message_buffer,
-				 int *conf_state,
-				 gss_qop_t *qop_state,
-				 krb5_keyblock *key)
-{
-    u_char Klocaldata[16];
-    krb5_keyblock Klocal;
-    krb5_error_code ret;
-    int32_t seq_number, seq_number2;
-    size_t datalen;
-    OM_uint32 omret;
-    char k6_data[16], SND_SEQ[8], Confounder[8];
-    char cksum_data[8];
-    u_char *p, *p0;
-    int cmp;
-    int conf_flag;
-    size_t padlen;
-    
-    if (conf_state)
-	*conf_state = 0;
-    if (qop_state)
-	*qop_state = 0;
-
-    p0 = input_message_buffer->value;
-    omret = _gssapi_verify_mech_header(&p0,
-				       input_message_buffer->length);
-    if (omret)
-	return omret;
-    p = p0;
-
-    datalen = input_message_buffer->length -
-	(p - ((u_char *)input_message_buffer->value)) - 
-	GSS_ARCFOUR_WRAP_TOKEN_SIZE;
-
-    if (memcmp(p, "\x02\x01", 2) != 0)
-	return GSS_S_BAD_SIG;
-    p += 2;
-    if (memcmp(p, "\x11\x00", 2) != 0) /* SGN_ALG = HMAC MD5 ARCFOUR */
-	return GSS_S_BAD_SIG;
-    p += 2;
-
-    if (memcmp (p, "\x10\x00", 2) == 0)
-	conf_flag = 1;
-    else if (memcmp (p, "\xff\xff", 2) == 0)
-	conf_flag = 0;
-    else
-	return GSS_S_BAD_SIG;
-
-    p += 2;
-    if (memcmp (p, "\xff\xff", 2) != 0)
-	return GSS_S_BAD_MIC;
-    p = NULL;
-
-    ret = arcfour_mic_key(gssapi_krb5_context, key,
-			  p0 + 16, 8, /* SGN_CKSUM */
-			  k6_data, sizeof(k6_data));
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    {
-	RC4_KEY rc4_key;
-	
-	RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
-	RC4 (&rc4_key, 8, p0 + 8, SND_SEQ); /* SND_SEQ */
-	memset(&rc4_key, 0, sizeof(rc4_key));
-	memset(k6_data, 0, sizeof(k6_data));
-    }
-
-    gssapi_decode_be_om_uint32(SND_SEQ, &seq_number);
-
-    if (context_handle->more_flags & LOCAL)
-	cmp = memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4);
-    else
-	cmp = memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4);
-
-    if (cmp != 0) {
-	*minor_status = 0;
-	return GSS_S_BAD_MIC;
-    }
-
-    {
-	int i;
-
-	Klocal.keytype = key->keytype;
-	Klocal.keyvalue.data = Klocaldata;
-	Klocal.keyvalue.length = sizeof(Klocaldata);
-
-	for (i = 0; i < 16; i++)
-	    Klocaldata[i] = ((u_char *)key->keyvalue.data)[i] ^ 0xF0;
-    }
-    ret = arcfour_mic_key(gssapi_krb5_context, &Klocal,
-			  SND_SEQ, 4,
-			  k6_data, sizeof(k6_data));
-    memset(Klocaldata, 0, sizeof(Klocaldata));
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    output_message_buffer->value = malloc(datalen);
-    if (output_message_buffer->value == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    output_message_buffer->length = datalen;
-
-    if(conf_flag) {
-	RC4_KEY rc4_key;
-
-	RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
-	RC4 (&rc4_key, 8, p0 + 24, Confounder); /* Confounder */
-	RC4 (&rc4_key, datalen, p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE,
-	     output_message_buffer->value);
-	memset(&rc4_key, 0, sizeof(rc4_key));
-    } else {
-	memcpy(Confounder, p0 + 24, 8); /* Confounder */
-	memcpy(output_message_buffer->value, 
-	       p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE,
-	       datalen);
-    }
-    memset(k6_data, 0, sizeof(k6_data));
-
-    ret = _gssapi_verify_pad(output_message_buffer, datalen, &padlen);
-    if (ret) {
-	gss_release_buffer(minor_status, output_message_buffer);
-	*minor_status = 0;
-	return ret;
-    }
-    output_message_buffer->length -= padlen;
-
-    ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SEAL,
-			    cksum_data, sizeof(cksum_data),
-			    p0, 8, 
-			    Confounder, sizeof(Confounder),
-			    output_message_buffer->value, 
-			    output_message_buffer->length + padlen);
-    if (ret) {
-	gss_release_buffer(minor_status, output_message_buffer);
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    cmp = memcmp(cksum_data, p0 + 16, 8); /* SGN_CKSUM */
-    if (cmp) {
-	gss_release_buffer(minor_status, output_message_buffer);
-	*minor_status = 0;
-	return GSS_S_BAD_MIC;
-    }
-
-    krb5_auth_getremoteseqnumber (gssapi_krb5_context,
-				  context_handle->auth_context,
-				  &seq_number2);
-
-    if (seq_number != seq_number2) {
-	*minor_status = 0;
-	return GSS_S_UNSEQ_TOKEN;
-    }
-
-    krb5_auth_con_setremoteseqnumber (gssapi_krb5_context,
-				      context_handle->auth_context,
-				      ++seq_number2);
-
-    if (conf_state)
-	*conf_state = conf_flag;
-
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/arcfour.h b/crypto/heimdal/lib/gssapi/arcfour.h
deleted file mode 100644
index 88bdfb119f44..000000000000
--- a/crypto/heimdal/lib/gssapi/arcfour.h
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: arcfour.h,v 1.3.2.2 2003/09/19 15:14:14 lha Exp $ */
-
-#ifndef GSSAPI_ARCFOUR_H_
-#define GSSAPI_ARCFOUR_H_ 1
-
-/*
- * The arcfour message have the following formats, these are only here
- * for reference and is not used.
- */
-
-#if 0
-typedef struct gss_arcfour_mic_token {
-    u_char TOK_ID[2]; /* 01 01 */
-    u_char SGN_ALG[2]; /* 11 00 */
-    u_char Filler[4];
-    u_char SND_SEQ[8];
-    u_char SGN_CKSUM[8];
-} gss_arcfour_mic_token_desc, *gss_arcfour_mic_token;
-
-typedef struct gss_arcfour_wrap_token {
-    u_char TOK_ID[2]; /* 02 01 */
-    u_char SGN_ALG[2];
-    u_char SEAL_ALG[2];
-    u_char Filler[2];
-    u_char SND_SEQ[8];
-    u_char SGN_CKSUM[8];
-    u_char Confounder[8];
-} gss_arcfour_wrap_token_desc, *gss_arcfour_wrap_token;
-#endif
-
-#define GSS_ARCFOUR_WRAP_TOKEN_SIZE 32
-
-OM_uint32 _gssapi_wrap_arcfour(OM_uint32 *minor_status,
-			       const gss_ctx_id_t context_handle,
-			       int conf_req_flag,
-			       gss_qop_t qop_req,
-			       const gss_buffer_t input_message_buffer,
-			       int *conf_state,
-			       gss_buffer_t output_message_buffer,
-			       krb5_keyblock *key);
-
-OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
-				 const gss_ctx_id_t context_handle,
-				 const gss_buffer_t input_message_buffer,
-				 gss_buffer_t output_message_buffer,
-				 int *conf_state,
-				 gss_qop_t *qop_state,
-				 krb5_keyblock *key);
-
-OM_uint32 _gssapi_get_mic_arcfour(OM_uint32 *minor_status,
-				  const gss_ctx_id_t context_handle,
-				  gss_qop_t qop_req,
-				  const gss_buffer_t message_buffer,
-				  gss_buffer_t message_token,
-				  krb5_keyblock *key);
-
-OM_uint32 _gssapi_verify_mic_arcfour(OM_uint32 *minor_status,
-				     const gss_ctx_id_t context_handle,
-				     const gss_buffer_t message_buffer,
-				     const gss_buffer_t token_buffer,
-				     gss_qop_t *qop_state,
-				     krb5_keyblock *key,
-				     char *type);
-
-#endif /* GSSAPI_ARCFOUR_H_ */
diff --git a/crypto/heimdal/lib/gssapi/canonicalize_name.c b/crypto/heimdal/lib/gssapi/canonicalize_name.c
deleted file mode 100644
index afa39f3a4f96..000000000000
--- a/crypto/heimdal/lib/gssapi/canonicalize_name.c
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: canonicalize_name.c,v 1.2 1999/12/02 17:05:03 joda Exp $");
-
-OM_uint32 gss_canonicalize_name (
-            OM_uint32 * minor_status,
-            const gss_name_t input_name,
-            const gss_OID mech_type,
-            gss_name_t * output_name
-           )
-{
-    return gss_duplicate_name (minor_status, input_name, output_name);
-}
diff --git a/crypto/heimdal/lib/gssapi/compare_name.c b/crypto/heimdal/lib/gssapi/compare_name.c
deleted file mode 100644
index da494b0d10b4..000000000000
--- a/crypto/heimdal/lib/gssapi/compare_name.c
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * Copyright (c) 1997-2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: compare_name.c,v 1.4 2003/03/16 17:50:07 lha Exp $");
-
-OM_uint32 gss_compare_name
-           (OM_uint32 * minor_status,
-            const gss_name_t name1,
-            const gss_name_t name2,
-            int * name_equal
-           )
-{
-    GSSAPI_KRB5_INIT();
-
-    *name_equal = krb5_principal_compare (gssapi_krb5_context,
-					  name1, name2);
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/compat.c b/crypto/heimdal/lib/gssapi/compat.c
deleted file mode 100644
index 311b1cb71a1e..000000000000
--- a/crypto/heimdal/lib/gssapi/compat.c
+++ /dev/null
@@ -1,113 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: compat.c,v 1.2.2.2 2003/04/28 13:58:09 lha Exp $");
-
-
-static krb5_error_code
-check_compat(OM_uint32 *minor_status, gss_name_t name, 
-	     const char *option, krb5_boolean *compat, 
-	     krb5_boolean match_val)
-{
-    krb5_error_code ret = 0;
-    char **p, **q;
-    krb5_principal match;
-
-
-    p = krb5_config_get_strings(gssapi_krb5_context, NULL, "gssapi",
-				option, NULL);
-    if(p == NULL)
-	return 0;
-
-    for(q = p; *q; q++) {
-
-	ret = krb5_parse_name(gssapi_krb5_context, *q, &match);
-	if (ret)
-	    break;
-
-	if (krb5_principal_match(gssapi_krb5_context, name, match)) {
-	    *compat = match_val;
-	    break;
-	}
-	
-	krb5_free_principal(gssapi_krb5_context, match);
-    }
-    krb5_config_free_strings(p);
-
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    return 0;
-}
-
-OM_uint32
-_gss_DES3_get_mic_compat(OM_uint32 *minor_status, gss_ctx_id_t ctx)
-{
-    krb5_boolean use_compat = TRUE;
-    OM_uint32 ret;
-
-    if ((ctx->more_flags & COMPAT_OLD_DES3_SELECTED) == 0) {
-	ret = check_compat(minor_status, ctx->target, 
-			   "broken_des3_mic", &use_compat, TRUE);
-	if (ret)
-	    return ret;
-	ret = check_compat(minor_status, ctx->target, 
-			   "correct_des3_mic", &use_compat, FALSE);
-	if (ret)
-	    return ret;
-
-	if (use_compat)
-	    ctx->more_flags |= COMPAT_OLD_DES3;
-	ctx->more_flags |= COMPAT_OLD_DES3_SELECTED;
-    }
-    return 0;
-}
-
-OM_uint32
-gss_krb5_compat_des3_mic(OM_uint32 *minor_status, gss_ctx_id_t ctx, int on)
-{
-    *minor_status = 0;
-
-    if (on) {
-	ctx->more_flags |= COMPAT_OLD_DES3;
-    } else {
-	ctx->more_flags &= ~COMPAT_OLD_DES3;
-    }
-    ctx->more_flags |= COMPAT_OLD_DES3_SELECTED;
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/gssapi/context_time.c b/crypto/heimdal/lib/gssapi/context_time.c
deleted file mode 100644
index daeb25f26d00..000000000000
--- a/crypto/heimdal/lib/gssapi/context_time.c
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: context_time.c,v 1.7.2.1 2003/08/15 14:25:50 lha Exp $");
-
-OM_uint32
-gssapi_lifetime_left(OM_uint32 *minor_status, 
-		     OM_uint32 lifetime,
-		     OM_uint32 *lifetime_rec)
-{
-    krb5_timestamp timeret;
-    krb5_error_code kret;
-
-    kret = krb5_timeofday(gssapi_krb5_context, &timeret);
-    if (kret) {
-	*minor_status = kret;
-	gssapi_krb5_set_error_string ();
-	return GSS_S_FAILURE;
-    }
-
-    if (lifetime < timeret) 
-	*lifetime_rec = 0;
-    else
-	*lifetime_rec = lifetime - timeret;
-
-    return GSS_S_COMPLETE;
-}
-
-
-OM_uint32 gss_context_time
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            OM_uint32 * time_rec
-           )
-{
-    OM_uint32 lifetime;
-    OM_uint32 major_status;
-
-    GSSAPI_KRB5_INIT ();
-
-    lifetime = context_handle->lifetime;
-
-    major_status = gssapi_lifetime_left(minor_status, lifetime, time_rec);
-    if (major_status != GSS_S_COMPLETE)
-	return major_status;
-
-    *minor_status = 0;
-
-    if (*time_rec == 0)
-	return GSS_S_CONTEXT_EXPIRED;
-	
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/copy_ccache.c b/crypto/heimdal/lib/gssapi/copy_ccache.c
deleted file mode 100644
index 2ffe0656d8cb..000000000000
--- a/crypto/heimdal/lib/gssapi/copy_ccache.c
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- * Copyright (c) 2000 - 2001, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: copy_ccache.c,v 1.3 2003/03/16 17:47:44 lha Exp $");
-
-OM_uint32
-gss_krb5_copy_ccache(OM_uint32 *minor_status,
-		     gss_cred_id_t cred,
-		     krb5_ccache out)
-{
-    krb5_error_code kret;
-
-    if (cred->ccache == NULL) {
-	*minor_status = EINVAL;
-	return GSS_S_FAILURE;
-    }
-
-    kret = krb5_cc_copy_cache(gssapi_krb5_context, cred->ccache, out);
-    if (kret) {
-	*minor_status = kret;
-	gssapi_krb5_set_error_string ();
-	return GSS_S_FAILURE;
-    }
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/create_emtpy_oid_set.c b/crypto/heimdal/lib/gssapi/create_emtpy_oid_set.c
deleted file mode 100644
index 1a25e0d7815e..000000000000
--- a/crypto/heimdal/lib/gssapi/create_emtpy_oid_set.c
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: create_emtpy_oid_set.c,v 1.5 2003/03/16 17:47:07 lha Exp $");
-
-OM_uint32 gss_create_empty_oid_set (
-            OM_uint32 * minor_status,
-            gss_OID_set * oid_set
-           )
-{
-  *oid_set = malloc(sizeof(**oid_set));
-  if (*oid_set == NULL) {
-    *minor_status = ENOMEM;
-    return GSS_S_FAILURE;
-  }
-  (*oid_set)->count = 0;
-  (*oid_set)->elements = NULL;
-  *minor_status = 0;
-  return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/decapsulate.c b/crypto/heimdal/lib/gssapi/decapsulate.c
deleted file mode 100644
index 242545352880..000000000000
--- a/crypto/heimdal/lib/gssapi/decapsulate.c
+++ /dev/null
@@ -1,184 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: decapsulate.c,v 1.7.6.1 2003/09/18 22:00:41 lha Exp $");
-
-OM_uint32
-gssapi_krb5_verify_header(u_char **str,
-			  size_t total_len,
-			  char *type)
-{
-    size_t len, len_len, mech_len, foo;
-    int e;
-    u_char *p = *str;
-
-    if (total_len < 1)
-	return GSS_S_DEFECTIVE_TOKEN;
-    if (*p++ != 0x60)
-	return GSS_S_DEFECTIVE_TOKEN;
-    e = der_get_length (p, total_len - 1, &len, &len_len);
-    if (e || 1 + len_len + len != total_len)
-	return GSS_S_DEFECTIVE_TOKEN;
-    p += len_len;
-    if (*p++ != 0x06)
-	return GSS_S_DEFECTIVE_TOKEN;
-    e = der_get_length (p, total_len - 1 - len_len - 1,
-			&mech_len, &foo);
-    if (e)
-	return GSS_S_DEFECTIVE_TOKEN;
-    p += foo;
-    if (mech_len != GSS_KRB5_MECHANISM->length)
-	return GSS_S_BAD_MECH;
-    if (memcmp(p,
-	       GSS_KRB5_MECHANISM->elements,
-	       GSS_KRB5_MECHANISM->length) != 0)
-	return GSS_S_BAD_MECH;
-    p += mech_len;
-    if (memcmp (p, type, 2) != 0)
-	return GSS_S_DEFECTIVE_TOKEN;
-    p += 2;
-    *str = p;
-    return GSS_S_COMPLETE;
-}
-
-static ssize_t
-gssapi_krb5_get_mech (const u_char *ptr,
-		      size_t total_len,
-		      const u_char **mech_ret)
-{
-    size_t len, len_len, mech_len, foo;
-    const u_char *p = ptr;
-    int e;
-
-    if (total_len < 1)
-	return -1;
-    if (*p++ != 0x60)
-	return -1;
-    e = der_get_length (p, total_len - 1, &len, &len_len);
-    if (e || 1 + len_len + len != total_len)
-	return -1;
-    p += len_len;
-    if (*p++ != 0x06)
-	return -1;
-    e = der_get_length (p, total_len - 1 - len_len - 1,
-			&mech_len, &foo);
-    if (e)
-	return -1;
-    p += foo;
-    *mech_ret = p;
-    return mech_len;
-}
-
-OM_uint32
-_gssapi_verify_mech_header(u_char **str,
-			   size_t total_len)
-{
-    const u_char *p;
-    ssize_t mech_len;
-
-    mech_len = gssapi_krb5_get_mech (*str, total_len, &p);
-    if (mech_len < 0)
-	return GSS_S_DEFECTIVE_TOKEN;
-
-    if (mech_len != GSS_KRB5_MECHANISM->length)
-	return GSS_S_BAD_MECH;
-    if (memcmp(p,
-	       GSS_KRB5_MECHANISM->elements,
-	       GSS_KRB5_MECHANISM->length) != 0)
-	return GSS_S_BAD_MECH;
-    p += mech_len;
-    *str = (char *)p;
-    return GSS_S_COMPLETE;
-}
-
-/*
- * Remove the GSS-API wrapping from `in_token' giving `out_data.
- * Does not copy data, so just free `in_token'.
- */
-
-OM_uint32
-gssapi_krb5_decapsulate(
-			OM_uint32 *minor_status,    
-			gss_buffer_t input_token_buffer,
-			krb5_data *out_data,
-			char *type
-)
-{
-    u_char *p;
-    OM_uint32 ret;
-
-    p = input_token_buffer->value;
-    ret = gssapi_krb5_verify_header(&p,
-				    input_token_buffer->length,
-				    type);
-    if (ret) {
-	*minor_status = 0;
-	return ret;
-    }
-
-    out_data->length = input_token_buffer->length -
-	(p - (u_char *)input_token_buffer->value);
-    out_data->data   = p;
-    return GSS_S_COMPLETE;
-}
-
-/*
- * Verify padding of a gss wrapped message and return its length.
- */
-
-OM_uint32
-_gssapi_verify_pad(gss_buffer_t wrapped_token, 
-		   size_t datalen,
-		   size_t *padlen)
-{
-    u_char *pad;
-    size_t padlength;
-    int i;
-
-    pad = (u_char *)wrapped_token->value + wrapped_token->length - 1;
-    padlength = *pad;
-
-    if (padlength > datalen)
-	return GSS_S_BAD_MECH;
-
-    for (i = padlength; i > 0 && *pad == padlength; i--, pad--)
-	;
-    if (i != 0)
-	return GSS_S_BAD_MIC;
-
-    *padlen = padlength;
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/gssapi/delete_sec_context.c b/crypto/heimdal/lib/gssapi/delete_sec_context.c
deleted file mode 100644
index 2df1f39749c8..000000000000
--- a/crypto/heimdal/lib/gssapi/delete_sec_context.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: delete_sec_context.c,v 1.11 2003/03/16 17:46:40 lha Exp $");
-
-OM_uint32 gss_delete_sec_context
-           (OM_uint32 * minor_status,
-            gss_ctx_id_t * context_handle,
-            gss_buffer_t output_token
-           )
-{
-    GSSAPI_KRB5_INIT ();
-
-    if (output_token) {
-	output_token->length = 0;
-	output_token->value  = NULL;
-    }
-
-    krb5_auth_con_free (gssapi_krb5_context,
-			(*context_handle)->auth_context);
-    if((*context_handle)->source)
-	krb5_free_principal (gssapi_krb5_context,
-			     (*context_handle)->source);
-    if((*context_handle)->target)
-	krb5_free_principal (gssapi_krb5_context,
-			     (*context_handle)->target);
-    if ((*context_handle)->ticket) {
-	krb5_free_ticket (gssapi_krb5_context,
-			  (*context_handle)->ticket);
-	free((*context_handle)->ticket);
-    }
-
-    free (*context_handle);
-    *context_handle = GSS_C_NO_CONTEXT;
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/display_name.c b/crypto/heimdal/lib/gssapi/display_name.c
deleted file mode 100644
index 27a232fd3cf6..000000000000
--- a/crypto/heimdal/lib/gssapi/display_name.c
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: display_name.c,v 1.9 2003/03/16 17:46:11 lha Exp $");
-
-OM_uint32 gss_display_name
-           (OM_uint32 * minor_status,
-            const gss_name_t input_name,
-            gss_buffer_t output_name_buffer,
-            gss_OID * output_name_type
-           )
-{
-    krb5_error_code kret;
-    char *buf;
-    size_t len;
-
-    GSSAPI_KRB5_INIT ();
-    kret = krb5_unparse_name (gssapi_krb5_context,
-			      input_name,
-			      &buf);
-    if (kret) {
-	*minor_status = kret;
-	gssapi_krb5_set_error_string ();
-	return GSS_S_FAILURE;
-    }
-    len = strlen (buf);
-    output_name_buffer->length = len;
-    output_name_buffer->value  = malloc(len + 1);
-    if (output_name_buffer->value == NULL) {
-	free (buf);
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    memcpy (output_name_buffer->value, buf, len);
-    ((char *)output_name_buffer->value)[len] = '\0';
-    free (buf);
-    if (output_name_type)
-	*output_name_type = GSS_KRB5_NT_PRINCIPAL_NAME;
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/display_status.c b/crypto/heimdal/lib/gssapi/display_status.c
deleted file mode 100644
index d266fa46bf93..000000000000
--- a/crypto/heimdal/lib/gssapi/display_status.c
+++ /dev/null
@@ -1,187 +0,0 @@
-/*
- * Copyright (c) 1998 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: display_status.c,v 1.9 2003/03/16 17:45:36 lha Exp $");
-
-static char *krb5_error_string;
-
-static char *
-calling_error(OM_uint32 v)
-{
-    static char *msgs[] = {
-	NULL,			/* 0 */
-	"A required input parameter could not be read.", /*  */
-	"A required output parameter could not be written.", /*  */
-	"A parameter was malformed"
-    };
-
-    v >>= GSS_C_CALLING_ERROR_OFFSET;
-
-    if (v == 0)
-	return "";
-    else if (v >= sizeof(msgs)/sizeof(*msgs))
-	return "unknown calling error";
-    else
-	return msgs[v];
-}
-
-static char *
-routine_error(OM_uint32 v)
-{
-    static char *msgs[] = {
-	NULL,			/* 0 */
-	"An unsupported mechanism was requested",
-	"An invalid name was supplied",
-	"A supplied name was of an unsupported type",
-	"Incorrect channel bindings were supplied",
-	"An invalid status code was supplied",
-	"A token had an invalid MIC",
-	"No credentials were supplied, "
-	"or the credentials were unavailable or inaccessible.",
-	"No context has been established",
-	"A token was invalid",
-	"A credential was invalid",
-	"The referenced credentials have expired",
-	"The context has expired",
-	"Miscellaneous failure (see text)",
-	"The quality-of-protection requested could not be provide",
-	"The operation is forbidden by local security policy",
-	"The operation or option is not available",
-	"The requested credential element already exists",
-	"The provided name was not a mechanism name.",
-    };
-
-    v >>= GSS_C_ROUTINE_ERROR_OFFSET;
-
-    if (v == 0)
-	return "";
-    else if (v >= sizeof(msgs)/sizeof(*msgs))
-	return "unknown routine error";
-    else
-	return msgs[v];
-}
-
-static char *
-supplementary_error(OM_uint32 v)
-{
-    static char *msgs[] = {
-	"normal completion",
-	"continuation call to routine required",
-	"duplicate per-message token detected",
-	"timed-out per-message token detected",
-	"reordered (early) per-message token detected",
-	"skipped predecessor token(s) detected"
-    };
-
-    v >>= GSS_C_SUPPLEMENTARY_OFFSET;
-
-    if (v >= sizeof(msgs)/sizeof(*msgs))
-	return "unknown routine error";
-    else
-	return msgs[v];
-}
-
-void
-gssapi_krb5_set_error_string (void)
-{
-    krb5_error_string = krb5_get_error_string(gssapi_krb5_context);
-}
-
-char *
-gssapi_krb5_get_error_string (void)
-{
-    char *ret = krb5_error_string;
-    krb5_error_string = NULL;
-    return ret;
-}
-
-OM_uint32 gss_display_status
-           (OM_uint32		*minor_status,
-	    OM_uint32		 status_value,
-	    int			 status_type,
-	    const gss_OID	 mech_type,
-	    OM_uint32		*message_context,
-	    gss_buffer_t	 status_string)
-{
-  char *buf;
-
-  GSSAPI_KRB5_INIT ();
-
-  status_string->length = 0;
-  status_string->value = NULL;
-
-  if (gss_oid_equal(mech_type, GSS_C_NO_OID) == 0 &&
-      gss_oid_equal(mech_type, GSS_KRB5_MECHANISM) == 0) {
-      *minor_status = 0;
-      return GSS_C_GSS_CODE;
-  }
-
-  if (status_type == GSS_C_GSS_CODE) {
-      if (GSS_SUPPLEMENTARY_INFO(status_value))
-	  asprintf(&buf, "%s", 
-		   supplementary_error(GSS_SUPPLEMENTARY_INFO(status_value)));
-      else
-	  asprintf (&buf, "%s %s",
-		    calling_error(GSS_CALLING_ERROR(status_value)),
-		    routine_error(GSS_ROUTINE_ERROR(status_value)));
-  } else if (status_type == GSS_C_MECH_CODE) {
-      buf = gssapi_krb5_get_error_string ();
-      if (buf == NULL) {
-	  const char *tmp = krb5_get_err_text (gssapi_krb5_context,
-					       status_value);
-	  if (tmp == NULL)
-	      asprintf(&buf, "unknown mech error-code %u",
-		       (unsigned)status_value);
-	  else
-	      buf = strdup(tmp);
-      }
-  } else {
-      *minor_status = EINVAL;
-      return GSS_S_BAD_STATUS;
-  }
-
-  if (buf == NULL) {
-      *minor_status = ENOMEM;
-      return GSS_S_FAILURE;
-  }
-
-  *message_context = 0;
-  *minor_status = 0;
-
-  status_string->length = strlen(buf);
-  status_string->value  = buf;
-  
-  return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/duplicate_name.c b/crypto/heimdal/lib/gssapi/duplicate_name.c
deleted file mode 100644
index 2b54e90ec89d..000000000000
--- a/crypto/heimdal/lib/gssapi/duplicate_name.c
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: duplicate_name.c,v 1.7 2003/03/16 17:44:26 lha Exp $");
-
-OM_uint32 gss_duplicate_name (
-            OM_uint32 * minor_status,
-            const gss_name_t src_name,
-            gss_name_t * dest_name
-           )
-{
-    krb5_error_code kret;
-
-    GSSAPI_KRB5_INIT ();
-
-    kret = krb5_copy_principal (gssapi_krb5_context,
-				src_name,
-				dest_name);
-    if (kret) {
-	*minor_status = kret;
-	gssapi_krb5_set_error_string ();
-	return GSS_S_FAILURE;
-    } else {
-	*minor_status = 0;
-	return GSS_S_COMPLETE;
-    }
-}
diff --git a/crypto/heimdal/lib/gssapi/encapsulate.c b/crypto/heimdal/lib/gssapi/encapsulate.c
deleted file mode 100644
index f3cd1e49f42b..000000000000
--- a/crypto/heimdal/lib/gssapi/encapsulate.c
+++ /dev/null
@@ -1,122 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: encapsulate.c,v 1.6.6.1 2003/09/18 21:47:44 lha Exp $");
-
-void
-gssapi_krb5_encap_length (size_t data_len,
-			  size_t *len,
-			  size_t *total_len)
-{
-    size_t len_len;
-
-    *len = 1 + 1 + GSS_KRB5_MECHANISM->length + 2 + data_len;
-
-    len_len = length_len(*len);
-
-    *total_len = 1 + len_len + *len;
-}
-
-u_char *
-gssapi_krb5_make_header (u_char *p,
-			 size_t len,
-			 u_char *type)
-{
-    int e;
-    size_t len_len, foo;
-
-    *p++ = 0x60;
-    len_len = length_len(len);
-    e = der_put_length (p + len_len - 1, len_len, len, &foo);
-    if(e || foo != len_len)
-	abort ();
-    p += len_len;
-    *p++ = 0x06;
-    *p++ = GSS_KRB5_MECHANISM->length;
-    memcpy (p, GSS_KRB5_MECHANISM->elements, GSS_KRB5_MECHANISM->length);
-    p += GSS_KRB5_MECHANISM->length;
-    memcpy (p, type, 2);
-    p += 2;
-    return p;
-}
-
-u_char *
-_gssapi_make_mech_header(u_char *p,
-			 size_t len)
-{
-    int e;
-    size_t len_len, foo;
-
-    *p++ = 0x60;
-    len_len = length_len(len);
-    e = der_put_length (p + len_len - 1, len_len, len, &foo);
-    if(e || foo != len_len)
-	abort ();
-    p += len_len;
-    *p++ = 0x06;
-    *p++ = GSS_KRB5_MECHANISM->length;
-    memcpy (p, GSS_KRB5_MECHANISM->elements, GSS_KRB5_MECHANISM->length);
-    p += GSS_KRB5_MECHANISM->length;
-    return p;
-}
-
-/*
- * Give it a krb5_data and it will encapsulate with extra GSS-API wrappings.
- */
-
-OM_uint32
-gssapi_krb5_encapsulate(
-			OM_uint32 *minor_status,    
-			const krb5_data *in_data,
-			gss_buffer_t output_token,
-			u_char *type
-)
-{
-    size_t len, outer_len;
-    u_char *p;
-
-    gssapi_krb5_encap_length (in_data->length, &len, &outer_len);
-    
-    output_token->length = outer_len;
-    output_token->value  = malloc (outer_len);
-    if (output_token->value == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }	
-
-    p = gssapi_krb5_make_header (output_token->value, len, type);
-    memcpy (p, in_data->data, in_data->length);
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/export_name.c b/crypto/heimdal/lib/gssapi/export_name.c
deleted file mode 100644
index c5fcbd4fd0cf..000000000000
--- a/crypto/heimdal/lib/gssapi/export_name.c
+++ /dev/null
@@ -1,94 +0,0 @@
-/*
- * Copyright (c) 1997, 1999, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: export_name.c,v 1.5 2003/03/16 17:34:46 lha Exp $");
-
-OM_uint32 gss_export_name
-           (OM_uint32  * minor_status,
-            const gss_name_t input_name,
-            gss_buffer_t exported_name
-           )
-{
-    krb5_error_code kret;
-    char *buf, *name;
-    size_t len;
-
-    GSSAPI_KRB5_INIT ();
-    kret = krb5_unparse_name (gssapi_krb5_context,
-			      input_name,
-			      &name);
-    if (kret) {
-	*minor_status = kret;
-	gssapi_krb5_set_error_string ();
-	return GSS_S_FAILURE;
-    }
-    len = strlen (name);
-
-    exported_name->length = 10 + len + GSS_KRB5_MECHANISM->length;
-    exported_name->value  = malloc(exported_name->length);
-    if (exported_name->value == NULL) {
-	free (name);
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-
-    /* TOK, MECH_OID_LEN, DER(MECH_OID), NAME_LEN, NAME */
-
-    buf = exported_name->value;
-    memcpy(buf, "\x04\x01", 2);
-    buf += 2;
-    buf[0] = ((GSS_KRB5_MECHANISM->length + 2) >> 8) & 0xff;
-    buf[1] = (GSS_KRB5_MECHANISM->length + 2) & 0xff;
-    buf+= 2;
-    buf[0] = 0x06;
-    buf[1] = (GSS_KRB5_MECHANISM->length) & 0xFF;
-    buf+= 2;
-
-    memcpy(buf, GSS_KRB5_MECHANISM->elements, GSS_KRB5_MECHANISM->length);
-    buf += GSS_KRB5_MECHANISM->length;
-
-    buf[0] = (len >> 24) & 0xff;
-    buf[1] = (len >> 16) & 0xff;
-    buf[2] = (len >> 8) & 0xff;
-    buf[3] = (len) & 0xff;
-    buf += 4;
-
-    memcpy (buf, name, len);
-
-    free (name);
-
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/export_sec_context.c b/crypto/heimdal/lib/gssapi/export_sec_context.c
deleted file mode 100644
index c7e626524282..000000000000
--- a/crypto/heimdal/lib/gssapi/export_sec_context.c
+++ /dev/null
@@ -1,223 +0,0 @@
-/*
- * Copyright (c) 1999 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: export_sec_context.c,v 1.6 2003/03/16 18:02:52 lha Exp $");
-
-OM_uint32
-gss_export_sec_context (
-    OM_uint32 * minor_status,
-    gss_ctx_id_t * context_handle,
-    gss_buffer_t interprocess_token
-    )
-{
-    krb5_storage *sp;
-    krb5_auth_context ac;
-    OM_uint32 ret = GSS_S_COMPLETE;
-    krb5_data data;
-    gss_buffer_desc buffer;
-    int flags;
-    OM_uint32 minor;
-    krb5_error_code kret;
-
-    GSSAPI_KRB5_INIT ();
-    if (!((*context_handle)->flags & GSS_C_TRANS_FLAG)) {
-	*minor_status = 0;
-	return GSS_S_UNAVAILABLE;
-    }
-
-    sp = krb5_storage_emem ();
-    if (sp == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    ac = (*context_handle)->auth_context;
-
-    /* flagging included fields */
-
-    flags = 0;
-    if (ac->local_address)
-	flags |= SC_LOCAL_ADDRESS;
-    if (ac->remote_address)
-	flags |= SC_REMOTE_ADDRESS;
-    if (ac->keyblock)
-	flags |= SC_KEYBLOCK;
-    if (ac->local_subkey)
-	flags |= SC_LOCAL_SUBKEY;
-    if (ac->remote_subkey)
-	flags |= SC_REMOTE_SUBKEY;
-
-    kret = krb5_store_int32 (sp, flags);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-
-    /* marshall auth context */
-
-    kret = krb5_store_int32 (sp, ac->flags);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-    if (ac->local_address) {
-	kret = krb5_store_address (sp, *ac->local_address);
-	if (kret) {
-	    *minor_status = kret;
-	    goto failure;
-	}
-    }
-    if (ac->remote_address) {
-	kret = krb5_store_address (sp, *ac->remote_address);
-	if (kret) {
-	    *minor_status = kret;
-	    goto failure;
-	}
-    }
-    kret = krb5_store_int16 (sp, ac->local_port);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-    kret = krb5_store_int16 (sp, ac->remote_port);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-    if (ac->keyblock) {
-	kret = krb5_store_keyblock (sp, *ac->keyblock);
-	if (kret) {
-	    *minor_status = kret;
-	    goto failure;
-	}
-    }
-    if (ac->local_subkey) {
-	kret = krb5_store_keyblock (sp, *ac->local_subkey);
-	if (kret) {
-	    *minor_status = kret;
-	    goto failure;
-	}
-    }
-    if (ac->remote_subkey) {
-	kret = krb5_store_keyblock (sp, *ac->remote_subkey);
-	if (kret) {
-	    *minor_status = kret;
-	    goto failure;
-	}
-    }
-    kret = krb5_store_int32 (sp, ac->local_seqnumber);
-	if (kret) {
-	    *minor_status = kret;
-	    goto failure;
-	}
-    kret = krb5_store_int32 (sp, ac->remote_seqnumber);
-	if (kret) {
-	    *minor_status = kret;
-	    goto failure;
-	}
-
-    kret = krb5_store_int32 (sp, ac->keytype);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-    kret = krb5_store_int32 (sp, ac->cksumtype);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-
-    /* names */
-
-    ret = gss_export_name (minor_status, (*context_handle)->source, &buffer);
-    if (ret)
-	goto failure;
-    data.data   = buffer.value;
-    data.length = buffer.length;
-    kret = krb5_store_data (sp, data);
-    gss_release_buffer (&minor, &buffer);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-
-    ret = gss_export_name (minor_status, (*context_handle)->target, &buffer);
-    if (ret)
-	goto failure;
-    data.data   = buffer.value;
-    data.length = buffer.length;
-
-    ret = GSS_S_FAILURE;
-
-    kret = krb5_store_data (sp, data);
-    gss_release_buffer (&minor, &buffer);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-
-    kret = krb5_store_int32 (sp, (*context_handle)->flags);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-    kret = krb5_store_int32 (sp, (*context_handle)->more_flags);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-    kret = krb5_store_int32 (sp, (*context_handle)->lifetime);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-
-    kret = krb5_storage_to_data (sp, &data);
-    krb5_storage_free (sp);
-    if (kret) {
-	*minor_status = kret;
-	return GSS_S_FAILURE;
-    }
-    interprocess_token->length = data.length;
-    interprocess_token->value  = data.data;
-    ret = gss_delete_sec_context (minor_status, context_handle,
-				  GSS_C_NO_BUFFER);
-    if (ret != GSS_S_COMPLETE)
-	gss_release_buffer (NULL, interprocess_token);
-    *minor_status = 0;
-    return ret;
- failure:
-    krb5_storage_free (sp);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/external.c b/crypto/heimdal/lib/gssapi/external.c
deleted file mode 100644
index dca35ea94318..000000000000
--- a/crypto/heimdal/lib/gssapi/external.c
+++ /dev/null
@@ -1,235 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: external.c,v 1.5 2000/07/22 03:45:28 assar Exp $");
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- *              "\x01\x02\x01\x01"},
- * corresponding to an object-identifier value of
- * {iso(1) member-body(2) United States(840) mit(113554)
- *  infosys(1) gssapi(2) generic(1) user_name(1)}.  The constant
- * GSS_C_NT_USER_NAME should be initialized to point
- * to that gss_OID_desc.
- */
-
-static gss_OID_desc gss_c_nt_user_name_oid_desc =
-{10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- "\x01\x02\x01\x01"};
-
-gss_OID GSS_C_NT_USER_NAME = &gss_c_nt_user_name_oid_desc;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- *              "\x01\x02\x01\x02"},
- * corresponding to an object-identifier value of
- * {iso(1) member-body(2) United States(840) mit(113554)
- *  infosys(1) gssapi(2) generic(1) machine_uid_name(2)}.
- * The constant GSS_C_NT_MACHINE_UID_NAME should be
- * initialized to point to that gss_OID_desc.
- */
-
-static gss_OID_desc gss_c_nt_machine_uid_name_oid_desc =
-{10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- "\x01\x02\x01\x02"};
-
-gss_OID GSS_C_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- *              "\x01\x02\x01\x03"},
- * corresponding to an object-identifier value of
- * {iso(1) member-body(2) United States(840) mit(113554)
- *  infosys(1) gssapi(2) generic(1) string_uid_name(3)}.
- * The constant GSS_C_NT_STRING_UID_NAME should be
- * initialized to point to that gss_OID_desc.
- */
-
-static gss_OID_desc gss_c_nt_string_uid_name_oid_desc =
-{10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- "\x01\x02\x01\x03"};
-
-gss_OID GSS_C_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {6, (void *)"\x2b\x06\x01\x05\x06\x02"},
- * corresponding to an object-identifier value of
- * {iso(1) org(3) dod(6) internet(1) security(5)
- * nametypes(6) gss-host-based-services(2)).  The constant
- * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point
- * to that gss_OID_desc.  This is a deprecated OID value, and
- * implementations wishing to support hostbased-service names
- * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID,
- * defined below, to identify such names;
- * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym
- * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input
- * parameter, but should not be emitted by GSS-API
- * implementations
- */
-
-static gss_OID_desc gss_c_nt_hostbased_service_x_oid_desc =
-{6, (void *)"\x2b\x06\x01\x05\x06\x02"};
-
-gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = &gss_c_nt_hostbased_service_x_oid_desc;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- *              "\x01\x02\x01\x04"}, corresponding to an
- * object-identifier value of {iso(1) member-body(2)
- * Unites States(840) mit(113554) infosys(1) gssapi(2)
- * generic(1) service_name(4)}.  The constant
- * GSS_C_NT_HOSTBASED_SERVICE should be initialized
- * to point to that gss_OID_desc.
- */
-static gss_OID_desc gss_c_nt_hostbased_service_oid_desc =
-{10, (void *)"\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x04"};
-
-gss_OID GSS_C_NT_HOSTBASED_SERVICE = &gss_c_nt_hostbased_service_oid_desc;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {6, (void *)"\x2b\x06\01\x05\x06\x03"},
- * corresponding to an object identifier value of
- * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
- * 6(nametypes), 3(gss-anonymous-name)}.  The constant
- * and GSS_C_NT_ANONYMOUS should be initialized to point
- * to that gss_OID_desc.
- */
-
-static gss_OID_desc gss_c_nt_anonymous_oid_desc =
-{6, (void *)"\x2b\x06\01\x05\x06\x03"};
-
-gss_OID GSS_C_NT_ANONYMOUS = &gss_c_nt_anonymous_oid_desc;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {6, (void *)"\x2b\x06\x01\x05\x06\x04"},
- * corresponding to an object-identifier value of
- * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
- * 6(nametypes), 4(gss-api-exported-name)}.  The constant
- * GSS_C_NT_EXPORT_NAME should be initialized to point
- * to that gss_OID_desc.
- */
-
-static gss_OID_desc gss_c_nt_export_name_oid_desc =
-{6, (void *)"\x2b\x06\x01\x05\x06\x04"};
-
-gss_OID GSS_C_NT_EXPORT_NAME = &gss_c_nt_export_name_oid_desc;
-
-/*
- *   This name form shall be represented by the Object Identifier {iso(1)
- *   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- *   krb5(2) krb5_name(1)}.  The recommended symbolic name for this type
- *   is "GSS_KRB5_NT_PRINCIPAL_NAME".
- */
-
-static gss_OID_desc gss_krb5_nt_principal_name_oid_desc =
-{10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01"};
-
-gss_OID GSS_KRB5_NT_PRINCIPAL_NAME = &gss_krb5_nt_principal_name_oid_desc;
-
-/*
- *   This name form shall be represented by the Object Identifier {iso(1)
- *   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- *   generic(1) user_name(1)}.  The recommended symbolic name for this
- *   type is "GSS_KRB5_NT_USER_NAME".
- */
-
-gss_OID GSS_KRB5_NT_USER_NAME = &gss_c_nt_user_name_oid_desc;
-
-/*
- *   This name form shall be represented by the Object Identifier {iso(1)
- *   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- *   generic(1) machine_uid_name(2)}.  The recommended symbolic name for
- *   this type is "GSS_KRB5_NT_MACHINE_UID_NAME".
- */
-
-gss_OID GSS_KRB5_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc;
-
-/*
- *   This name form shall be represented by the Object Identifier {iso(1)
- *   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- *   generic(1) string_uid_name(3)}.  The recommended symbolic name for
- *   this type is "GSS_KRB5_NT_STRING_UID_NAME".
- */
-
-gss_OID GSS_KRB5_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc;
-
-/*
- *   To support ongoing experimentation, testing, and evolution of the
- *   specification, the Kerberos V5 GSS-API mechanism as defined in this
- *   and any successor memos will be identified with the following Object
- *   Identifier, as defined in RFC-1510, until the specification is
- *   advanced to the level of Proposed Standard RFC:
- *
- *   {iso(1), org(3), dod(5), internet(1), security(5), kerberosv5(2)}
- *
- *   Upon advancement to the level of Proposed Standard RFC, the Kerberos
- *   V5 GSS-API mechanism will be identified by an Object Identifier
- *   having the value:
- *
- *   {iso(1) member-body(2) United States(840) mit(113554) infosys(1)
- *   gssapi(2) krb5(2)}
- */
-
-#if 0 /* This is the old OID */
-
-static gss_OID_desc gss_krb5_mechanism_oid_desc =
-{5, (void *)"\x2b\x05\x01\x05\x02"};
-
-#endif
-
-static gss_OID_desc gss_krb5_mechanism_oid_desc =
-{9, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"};
-
-gss_OID GSS_KRB5_MECHANISM = &gss_krb5_mechanism_oid_desc;
-
-/*
- * Context for krb5 calls.
- */
-
-krb5_context gssapi_krb5_context;
diff --git a/crypto/heimdal/lib/gssapi/get_mic.c b/crypto/heimdal/lib/gssapi/get_mic.c
deleted file mode 100644
index 7f5b37e02572..000000000000
--- a/crypto/heimdal/lib/gssapi/get_mic.c
+++ /dev/null
@@ -1,295 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: get_mic.c,v 1.21.2.1 2003/09/18 22:05:12 lha Exp $");
-
-static OM_uint32
-mic_des
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            gss_qop_t qop_req,
-            const gss_buffer_t message_buffer,
-            gss_buffer_t message_token,
-	    krb5_keyblock *key
-           )
-{
-  u_char *p;
-  MD5_CTX md5;
-  u_char hash[16];
-  des_key_schedule schedule;
-  des_cblock deskey;
-  des_cblock zero;
-  int32_t seq_number;
-  size_t len, total_len;
-
-  gssapi_krb5_encap_length (22, &len, &total_len);
-
-  message_token->length = total_len;
-  message_token->value  = malloc (total_len);
-  if (message_token->value == NULL) {
-    *minor_status = ENOMEM;
-    return GSS_S_FAILURE;
-  }
-
-  p = gssapi_krb5_make_header(message_token->value,
-			      len,
-			      "\x01\x01"); /* TOK_ID */
-
-  memcpy (p, "\x00\x00", 2);	/* SGN_ALG = DES MAC MD5 */
-  p += 2;
-
-  memcpy (p, "\xff\xff\xff\xff", 4); /* Filler */
-  p += 4;
-
-  /* Fill in later (SND-SEQ) */
-  memset (p, 0, 16);
-  p += 16;
-
-  /* checksum */
-  MD5_Init (&md5);
-  MD5_Update (&md5, p - 24, 8);
-  MD5_Update (&md5, message_buffer->value, message_buffer->length);
-  MD5_Final (hash, &md5);
-
-  memset (&zero, 0, sizeof(zero));
-  memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
-  des_set_key (&deskey, schedule);
-  des_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
-		 schedule, &zero);
-  memcpy (p - 8, hash, 8);	/* SGN_CKSUM */
-
-  /* sequence number */
-  krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
-			       context_handle->auth_context,
-			       &seq_number);
-
-  p -= 16;			/* SND_SEQ */
-  p[0] = (seq_number >> 0)  & 0xFF;
-  p[1] = (seq_number >> 8)  & 0xFF;
-  p[2] = (seq_number >> 16) & 0xFF;
-  p[3] = (seq_number >> 24) & 0xFF;
-  memset (p + 4,
-	  (context_handle->more_flags & LOCAL) ? 0 : 0xFF,
-	  4);
-
-  des_set_key (&deskey, schedule);
-  des_cbc_encrypt ((void *)p, (void *)p, 8,
-		   schedule, (des_cblock *)(p + 8), DES_ENCRYPT);
-
-  krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
-			       context_handle->auth_context,
-			       ++seq_number);
-  
-  memset (deskey, 0, sizeof(deskey));
-  memset (schedule, 0, sizeof(schedule));
-  
-  *minor_status = 0;
-  return GSS_S_COMPLETE;
-}
-
-static OM_uint32
-mic_des3
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            gss_qop_t qop_req,
-            const gss_buffer_t message_buffer,
-            gss_buffer_t message_token,
-	    krb5_keyblock *key
-           )
-{
-  u_char *p;
-  Checksum cksum;
-  u_char seq[8];
-
-  int32_t seq_number;
-  size_t len, total_len;
-
-  krb5_crypto crypto;
-  krb5_error_code kret;
-  krb5_data encdata;
-  char *tmp;
-  char ivec[8];
-
-  gssapi_krb5_encap_length (36, &len, &total_len);
-
-  message_token->length = total_len;
-  message_token->value  = malloc (total_len);
-  if (message_token->value == NULL) {
-      *minor_status = ENOMEM;
-      return GSS_S_FAILURE;
-  }
-
-  p = gssapi_krb5_make_header(message_token->value,
-			      len,
-			      "\x01\x01"); /* TOK-ID */
-
-  memcpy (p, "\x04\x00", 2);	/* SGN_ALG = HMAC SHA1 DES3-KD */
-  p += 2;
-
-  memcpy (p, "\xff\xff\xff\xff", 4); /* filler */
-  p += 4;
-
-  /* this should be done in parts */
-
-  tmp = malloc (message_buffer->length + 8);
-  if (tmp == NULL) {
-      free (message_token->value);
-      *minor_status = ENOMEM;
-      return GSS_S_FAILURE;
-  }
-  memcpy (tmp, p - 8, 8);
-  memcpy (tmp + 8, message_buffer->value, message_buffer->length);
-
-  kret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto);
-  if (kret) {
-      free (message_token->value);
-      free (tmp);
-      gssapi_krb5_set_error_string ();
-      *minor_status = kret;
-      return GSS_S_FAILURE;
-  }
-
-  kret = krb5_create_checksum (gssapi_krb5_context,
-			       crypto,
-			       KRB5_KU_USAGE_SIGN,
-			       0,
-			       tmp,
-			       message_buffer->length + 8,
-			       &cksum);
-  free (tmp);
-  krb5_crypto_destroy (gssapi_krb5_context, crypto);
-  if (kret) {
-      free (message_token->value);
-      gssapi_krb5_set_error_string ();
-      *minor_status = kret;
-      return GSS_S_FAILURE;
-  }
-
-  memcpy (p + 8, cksum.checksum.data, cksum.checksum.length);
-
-  /* sequence number */
-  krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
-			       context_handle->auth_context,
-			       &seq_number);
-
-  seq[0] = (seq_number >> 0)  & 0xFF;
-  seq[1] = (seq_number >> 8)  & 0xFF;
-  seq[2] = (seq_number >> 16) & 0xFF;
-  seq[3] = (seq_number >> 24) & 0xFF;
-  memset (seq + 4,
-	  (context_handle->more_flags & LOCAL) ? 0 : 0xFF,
-	  4);
-
-  kret = krb5_crypto_init(gssapi_krb5_context, key,
-			  ETYPE_DES3_CBC_NONE, &crypto);
-  if (kret) {
-      free (message_token->value);
-      gssapi_krb5_set_error_string ();
-      *minor_status = kret;
-      return GSS_S_FAILURE;
-  }
-
-  if (context_handle->more_flags & COMPAT_OLD_DES3)
-      memset(ivec, 0, 8);
-  else
-      memcpy(ivec, p + 8, 8);
-
-  kret = krb5_encrypt_ivec (gssapi_krb5_context,
-			    crypto,
-			    KRB5_KU_USAGE_SEQ,
-			    seq, 8, &encdata, ivec);
-  krb5_crypto_destroy (gssapi_krb5_context, crypto);
-  if (kret) {
-      free (message_token->value);
-      gssapi_krb5_set_error_string ();
-      *minor_status = kret;
-      return GSS_S_FAILURE;
-  }
-  
-  assert (encdata.length == 8);
-
-  memcpy (p, encdata.data, encdata.length);
-  krb5_data_free (&encdata);
-
-  krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
-			       context_handle->auth_context,
-			       ++seq_number);
-  
-  free_Checksum (&cksum);
-  *minor_status = 0;
-  return GSS_S_COMPLETE;
-}
-
-OM_uint32 gss_get_mic
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            gss_qop_t qop_req,
-            const gss_buffer_t message_buffer,
-            gss_buffer_t message_token
-           )
-{
-  krb5_keyblock *key;
-  OM_uint32 ret;
-  krb5_keytype keytype;
-
-  ret = gss_krb5_get_localkey(context_handle, &key);
-  if (ret) {
-      gssapi_krb5_set_error_string ();
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-  krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype);
-
-  switch (keytype) {
-  case KEYTYPE_DES :
-      ret = mic_des (minor_status, context_handle, qop_req,
-		     message_buffer, message_token, key);
-      break;
-  case KEYTYPE_DES3 :
-      ret = mic_des3 (minor_status, context_handle, qop_req,
-		      message_buffer, message_token, key);
-      break;
-  case KEYTYPE_ARCFOUR:
-      ret = _gssapi_get_mic_arcfour (minor_status, context_handle, qop_req,
-				     message_buffer, message_token, key);
-      break;
-  default :
-      *minor_status = KRB5_PROG_ETYPE_NOSUPP;
-      ret = GSS_S_FAILURE;
-      break;
-  }
-  krb5_free_keyblock (gssapi_krb5_context, key);
-  return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/gss-commands.in b/crypto/heimdal/lib/gssapi/gss-commands.in
deleted file mode 100644
index 2204f2afa89a..000000000000
--- a/crypto/heimdal/lib/gssapi/gss-commands.in
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-/* $Id: gss-commands.in 17870 2006-07-22 14:48:58Z lha $ */
-
-command = {
-	name = "supported-mechanisms"
-	help = "Print the supported mechanisms"
-}
-command = {
-	name = "help"
-	name = "?"
-	argument = "[command]"
-	min_args = "0"
-	max_args = "1"
-	help = "Help! I need somebody."
-}
diff --git a/crypto/heimdal/lib/gssapi/gss.c b/crypto/heimdal/lib/gssapi/gss.c
deleted file mode 100644
index 739e8306363b..000000000000
--- a/crypto/heimdal/lib/gssapi/gss.c
+++ /dev/null
@@ -1,205 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <gssapi.h>
-#include <err.h>
-#include <roken.h>
-#include <getarg.h>
-#include <rtbl.h>
-#include <gss-commands.h>
-#include <krb5.h>
-
-RCSID("$Id: gss.c 19922 2007-01-16 09:32:03Z lha $");
-
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    {"version",	0,	arg_flag,	&version_flag, "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,  NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args, sizeof(args)/sizeof(*args),
-		    NULL, "service@host");
-    exit (ret);
-}
-
-#define COL_OID		"OID"
-#define COL_NAME	"Name"
-
-int
-supported_mechanisms(void *argptr, int argc, char **argv)
-{
-    OM_uint32 maj_stat, min_stat;
-    gss_OID_set mechs;
-    rtbl_t ct;
-    size_t i;
-
-    maj_stat = gss_indicate_mechs(&min_stat, &mechs);
-    if (maj_stat != GSS_S_COMPLETE)
-	errx(1, "gss_indicate_mechs failed");
-
-    printf("Supported mechanisms:\n");
-
-    ct = rtbl_create();
-    if (ct == NULL)
-	errx(1, "rtbl_create");
-
-    rtbl_set_separator(ct, "  ");
-    rtbl_add_column(ct, COL_OID, 0);
-    rtbl_add_column(ct, COL_NAME, 0);
-
-    for (i = 0; i < mechs->count; i++) {
-	gss_buffer_desc name;
-
-	maj_stat = gss_oid_to_str(&min_stat, &mechs->elements[i], &name);
-	if (maj_stat != GSS_S_COMPLETE)
-	    errx(1, "gss_oid_to_str failed");
-
-	rtbl_add_column_entryv(ct, COL_OID, "%.*s",
-			       (int)name.length, (char *)name.value);
-	gss_release_buffer(&min_stat, &name);
-
-	if (gss_oid_equal(&mechs->elements[i], GSS_KRB5_MECHANISM))
-	    rtbl_add_column_entry(ct, COL_NAME, "Kerberos 5");
-	else if (gss_oid_equal(&mechs->elements[i], GSS_SPNEGO_MECHANISM))
-	    rtbl_add_column_entry(ct, COL_NAME, "SPNEGO");
-	else if (gss_oid_equal(&mechs->elements[i], GSS_NTLM_MECHANISM))
-	    rtbl_add_column_entry(ct, COL_NAME, "NTLM");
-    }
-    gss_release_oid_set(&min_stat, &mechs);
-
-    rtbl_format(ct, stdout);
-    rtbl_destroy(ct);
-
-    return 0;
-}
-
-#if 0
-/*
- *
- */
-
-#define DOVEDOT_MAJOR_VERSION 1
-#define DOVEDOT_MINOR_VERSION 0
-
-/*
-	S: MECH mech mech-parameters
-	S: MECH mech mech-parameters
-	S: VERSION major minor
-	S: CPID pid
-	S: CUID pid
-	S: ...
-	S: DONE
-	C: VERSION major minor
-	C: CPID pid
-
-	C: AUTH id method service= resp=
-	C: CONT id message
-
-	S: OK id user=
-	S: FAIL id reason=
-	S: CONTINUE id message
-*/
-
-int
-dovecot_server(void *argptr, int argc, char **argv)
-{
-    krb5_storage *sp;
-    int fd = 0;
-
-    sp = krb5_storage_from_fd(fd);
-    if (sp == NULL)
-	errx(1, "krb5_storage_from_fd");
-
-    krb5_store_stringnl(sp, "MECH\tGSSAPI");
-    krb5_store_stringnl(sp, "VERSION\t1\t0");
-    krb5_store_stringnl(sp, "DONE");
-
-    while (1) {
-	char *cmd;
-	if (krb5_ret_stringnl(sp, &cmd) != 0)
-	    break;
-	printf("cmd: %s\n", cmd);
-	free(cmd);
-    }
-    return 0;
-}
-#endif
-
-/*
- *
- */
-
-int
-help(void *opt, int argc, char **argv)
-{
-    sl_slc_help(commands, argc, argv);
-    return 0;
-}
-
-int
-main(int argc, char **argv)
-{
-    int optidx = 0;
-
-    setprogname(argv[0]);
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    if (argc == 0) {
-	help(NULL, argc, argv);
-	return 1;
-    }
-
-    return sl_command (commands, argc, argv);
-}
diff --git a/crypto/heimdal/lib/gssapi/gss_acquire_cred.3 b/crypto/heimdal/lib/gssapi/gss_acquire_cred.3
deleted file mode 100644
index d2a04d93fbb4..000000000000
--- a/crypto/heimdal/lib/gssapi/gss_acquire_cred.3
+++ /dev/null
@@ -1,688 +0,0 @@
-.\" Copyright (c) 2003 - 2007 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: gss_acquire_cred.3 20235 2007-02-16 11:19:03Z lha $
-.\"
-.Dd October 26, 2005
-.Dt GSS_ACQUIRE_CRED 3
-.Os HEIMDAL
-.Sh NAME
-.Nm gss_accept_sec_context ,
-.Nm gss_acquire_cred ,
-.Nm gss_add_cred ,
-.Nm gss_add_oid_set_member ,
-.Nm gss_canonicalize_name ,
-.Nm gss_compare_name ,
-.Nm gss_context_time ,
-.Nm gss_create_empty_oid_set ,
-.Nm gss_delete_sec_context ,
-.Nm gss_display_name ,
-.Nm gss_display_status ,
-.Nm gss_duplicate_name ,
-.Nm gss_export_name ,
-.Nm gss_export_sec_context ,
-.Nm gss_get_mic ,
-.Nm gss_import_name ,
-.Nm gss_import_sec_context ,
-.Nm gss_indicate_mechs ,
-.Nm gss_init_sec_context ,
-.Nm gss_inquire_context ,
-.Nm gss_inquire_cred ,
-.Nm gss_inquire_cred_by_mech ,
-.Nm gss_inquire_mechs_for_name ,
-.Nm gss_inquire_names_for_mech ,
-.Nm gss_krb5_ccache_name ,
-.Nm gss_krb5_compat_des3_mic ,
-.Nm gss_krb5_copy_ccache ,
-.Nm gss_krb5_import_cred
-.Nm gsskrb5_extract_authz_data_from_sec_context ,
-.Nm gsskrb5_register_acceptor_identity ,
-.Nm gss_krb5_import_ccache ,
-.Nm gss_krb5_get_tkt_flags ,
-.Nm gss_process_context_token ,
-.Nm gss_release_buffer ,
-.Nm gss_release_cred ,
-.Nm gss_release_name ,
-.Nm gss_release_oid_set ,
-.Nm gss_seal ,
-.Nm gss_sign ,
-.Nm gss_test_oid_set_member ,
-.Nm gss_unseal ,
-.Nm gss_unwrap ,
-.Nm gss_verify ,
-.Nm gss_verify_mic ,
-.Nm gss_wrap ,
-.Nm gss_wrap_size_limit
-.Nd Generic Security Service Application Program Interface library
-.Sh LIBRARY
-GSS-API library (libgssapi, -lgssapi)
-.Sh SYNOPSIS
-.In gssapi.h
-.Pp
-.Ft OM_uint32
-.Fo gss_accept_sec_context
-.Fa "OM_uint32 * minor_status"
-.Fa "gss_ctx_id_t * context_handle"
-.Fa "const gss_cred_id_t acceptor_cred_handle"
-.Fa "const gss_buffer_t input_token_buffer"
-.Fa "const gss_channel_bindings_t input_chan_bindings"
-.Fa "gss_name_t * src_name"
-.Fa "gss_OID * mech_type"
-.Fa "gss_buffer_t output_token"
-.Fa "OM_uint32 * ret_flags"
-.Fa "OM_uint32 * time_rec"
-.Fa "gss_cred_id_t * delegated_cred_handle"
-.Fc
-.Pp
-.Ft OM_uint32
-.Fo gss_acquire_cred
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_name_t desired_name"
-.Fa "OM_uint32 time_req"
-.Fa "const gss_OID_set desired_mechs"
-.Fa "gss_cred_usage_t cred_usage"
-.Fa "gss_cred_id_t * output_cred_handle"
-.Fa "gss_OID_set * actual_mechs"
-.Fa "OM_uint32 * time_rec"
-.Fc
-.Ft OM_uint32
-.Fo gss_add_cred
-.Fa "OM_uint32 *minor_status"
-.Fa "const gss_cred_id_t input_cred_handle"
-.Fa "const gss_name_t desired_name"
-.Fa "const gss_OID desired_mech"
-.Fa "gss_cred_usage_t cred_usage"
-.Fa "OM_uint32 initiator_time_req"
-.Fa "OM_uint32 acceptor_time_req"
-.Fa "gss_cred_id_t *output_cred_handle"
-.Fa "gss_OID_set *actual_mechs"
-.Fa "OM_uint32 *initiator_time_rec"
-.Fa "OM_uint32 *acceptor_time_rec"
-.Fc
-.Ft OM_uint32
-.Fo gss_add_oid_set_member
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_OID member_oid"
-.Fa "gss_OID_set * oid_set"
-.Fc
-.Ft OM_uint32
-.Fo gss_canonicalize_name
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_name_t input_name"
-.Fa "const gss_OID mech_type"
-.Fa "gss_name_t * output_name"
-.Fc
-.Ft OM_uint32
-.Fo gss_compare_name
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_name_t name1"
-.Fa "const gss_name_t name2"
-.Fa "int * name_equal"
-.Fc
-.Ft OM_uint32
-.Fo gss_context_time
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_ctx_id_t context_handle"
-.Fa "OM_uint32 * time_rec"
-.Fc
-.Ft OM_uint32
-.Fo gss_create_empty_oid_set
-.Fa "OM_uint32 * minor_status"
-.Fa "gss_OID_set * oid_set"
-.Fc
-.Ft OM_uint32
-.Fo gss_delete_sec_context
-.Fa "OM_uint32 * minor_status"
-.Fa "gss_ctx_id_t * context_handle"
-.Fa "gss_buffer_t output_token"
-.Fc
-.Ft OM_uint32
-.Fo gss_display_name
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_name_t input_name"
-.Fa "gss_buffer_t output_name_buffer"
-.Fa "gss_OID * output_name_type"
-.Fc
-.Ft OM_uint32
-.Fo gss_display_status
-.Fa "OM_uint32 *minor_status"
-.Fa "OM_uint32 status_value"
-.Fa "int status_type"
-.Fa "const gss_OID mech_type"
-.Fa "OM_uint32 *message_context"
-.Fa "gss_buffer_t status_string"
-.Fc
-.Ft OM_uint32
-.Fo gss_duplicate_name
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_name_t src_name"
-.Fa "gss_name_t * dest_name"
-.Fc
-.Ft OM_uint32
-.Fo gss_export_name
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_name_t input_name"
-.Fa "gss_buffer_t exported_name"
-.Fc
-.Ft OM_uint32
-.Fo gss_export_sec_context
-.Fa "OM_uint32 * minor_status"
-.Fa "gss_ctx_id_t * context_handle"
-.Fa "gss_buffer_t interprocess_token"
-.Fc
-.Ft OM_uint32
-.Fo gss_get_mic
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_ctx_id_t context_handle"
-.Fa "gss_qop_t qop_req"
-.Fa "const gss_buffer_t message_buffer"
-.Fa "gss_buffer_t message_token"
-.Fc
-.Ft OM_uint32
-.Fo gss_import_name
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_buffer_t input_name_buffer"
-.Fa "const gss_OID input_name_type"
-.Fa "gss_name_t * output_name"
-.Fc
-.Ft OM_uint32
-.Fo gss_import_sec_context
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_buffer_t interprocess_token"
-.Fa "gss_ctx_id_t * context_handle"
-.Fc
-.Ft OM_uint32
-.Fo gss_indicate_mechs
-.Fa "OM_uint32 * minor_status"
-.Fa "gss_OID_set * mech_set"
-.Fc
-.Ft OM_uint32
-.Fo gss_init_sec_context
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_cred_id_t initiator_cred_handle"
-.Fa "gss_ctx_id_t * context_handle"
-.Fa "const gss_name_t target_name"
-.Fa "const gss_OID mech_type"
-.Fa "OM_uint32 req_flags"
-.Fa "OM_uint32 time_req"
-.Fa "const gss_channel_bindings_t input_chan_bindings"
-.Fa "const gss_buffer_t input_token"
-.Fa "gss_OID * actual_mech_type"
-.Fa "gss_buffer_t output_token"
-.Fa "OM_uint32 * ret_flags"
-.Fa "OM_uint32 * time_rec"
-.Fc
-.Ft OM_uint32
-.Fo gss_inquire_context
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_ctx_id_t context_handle"
-.Fa "gss_name_t * src_name"
-.Fa "gss_name_t * targ_name"
-.Fa "OM_uint32 * lifetime_rec"
-.Fa "gss_OID * mech_type"
-.Fa "OM_uint32 * ctx_flags"
-.Fa "int * locally_initiated"
-.Fa "int * open_context"
-.Fc
-.Ft OM_uint32
-.Fo gss_inquire_cred
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_cred_id_t cred_handle"
-.Fa "gss_name_t * name"
-.Fa "OM_uint32 * lifetime"
-.Fa "gss_cred_usage_t * cred_usage"
-.Fa "gss_OID_set * mechanisms"
-.Fc
-.Ft OM_uint32
-.Fo gss_inquire_cred_by_mech
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_cred_id_t cred_handle"
-.Fa "const gss_OID mech_type"
-.Fa "gss_name_t * name"
-.Fa "OM_uint32 * initiator_lifetime"
-.Fa "OM_uint32 * acceptor_lifetime"
-.Fa "gss_cred_usage_t * cred_usage"
-.Fc
-.Ft OM_uint32
-.Fo gss_inquire_mechs_for_name
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_name_t input_name"
-.Fa "gss_OID_set * mech_types"
-.Fc
-.Ft OM_uint32
-.Fo gss_inquire_names_for_mech
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_OID mechanism"
-.Fa "gss_OID_set * name_types"
-.Fc
-.Ft OM_uint32
-.Fo gss_krb5_ccache_name
-.Fa "OM_uint32 *minor"
-.Fa "const char *name"
-.Fa "const char **old_name"
-.Fc
-.Ft OM_uint32
-.Fo gss_krb5_copy_ccache
-.Fa "OM_uint32 *minor"
-.Fa "gss_cred_id_t cred"
-.Fa "krb5_ccache out"
-.Fc
-.Ft OM_uint32
-.Fo gss_krb5_import_cred
-.Fa "OM_uint32 *minor_status"
-.Fa "krb5_ccache id"
-.Fa "krb5_principal keytab_principal"
-.Fa "krb5_keytab keytab"
-.Fa "gss_cred_id_t *cred"
-.Fc
-.Ft OM_uint32
-.Fo gss_krb5_compat_des3_mic
-.Fa "OM_uint32 * minor_status"
-.Fa "gss_ctx_id_t context_handle"
-.Fa "int onoff"
-.Fc
-.Ft OM_uint32
-.Fo gsskrb5_extract_authz_data_from_sec_context
-.Fa "OM_uint32 *minor_status"
-.Fa "gss_ctx_id_t context_handle"
-.Fa "int ad_type"
-.Fa "gss_buffer_t ad_data"
-.Fc
-.Ft OM_uint32
-.Fo gsskrb5_register_acceptor_identity
-.Fa "const char *identity"
-.Fc
-.Ft OM_uint32
-.Fo gss_krb5_import_cache
-.Fa "OM_uint32 *minor"
-.Fa "krb5_ccache id"
-.Fa "krb5_keytab keytab"
-.Fa "gss_cred_id_t *cred"
-.Fc
-.Ft OM_uint32
-.Fo gss_krb5_get_tkt_flags
-.Fa "OM_uint32 *minor_status"
-.Fa "gss_ctx_id_t context_handle"
-.Fa "OM_uint32 *tkt_flags"
-.Fc
-.Ft OM_uint32
-.Fo gss_process_context_token
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_ctx_id_t context_handle"
-.Fa "const gss_buffer_t token_buffer"
-.Fc
-.Ft OM_uint32
-.Fo gss_release_buffer
-.Fa "OM_uint32 * minor_status"
-.Fa "gss_buffer_t buffer"
-.Fc
-.Ft OM_uint32
-.Fo gss_release_cred
-.Fa "OM_uint32 * minor_status"
-.Fa "gss_cred_id_t * cred_handle"
-.Fc
-.Ft OM_uint32
-.Fo gss_release_name
-.Fa "OM_uint32 * minor_status"
-.Fa "gss_name_t * input_name"
-.Fc
-.Ft OM_uint32
-.Fo gss_release_oid_set
-.Fa "OM_uint32 * minor_status"
-.Fa "gss_OID_set * set"
-.Fc
-.Ft OM_uint32
-.Fo gss_seal
-.Fa "OM_uint32 * minor_status"
-.Fa "gss_ctx_id_t context_handle"
-.Fa "int conf_req_flag"
-.Fa "int qop_req"
-.Fa "gss_buffer_t input_message_buffer"
-.Fa "int * conf_state"
-.Fa "gss_buffer_t output_message_buffer"
-.Fc
-.Ft OM_uint32
-.Fo gss_sign
-.Fa "OM_uint32 * minor_status"
-.Fa "gss_ctx_id_t context_handle"
-.Fa "int qop_req"
-.Fa "gss_buffer_t message_buffer"
-.Fa "gss_buffer_t message_token"
-.Fc
-.Ft OM_uint32
-.Fo gss_test_oid_set_member
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_OID member"
-.Fa "const gss_OID_set set"
-.Fa "int * present"
-.Fc
-.Ft OM_uint32
-.Fo gss_unseal
-.Fa "OM_uint32 * minor_status"
-.Fa "gss_ctx_id_t context_handle"
-.Fa "gss_buffer_t input_message_buffer"
-.Fa "gss_buffer_t output_message_buffer"
-.Fa "int * conf_state"
-.Fa "int * qop_state"
-.Fc
-.Ft OM_uint32
-.Fo gss_unwrap
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_ctx_id_t context_handle"
-.Fa "const gss_buffer_t input_message_buffer"
-.Fa "gss_buffer_t output_message_buffer"
-.Fa "int * conf_state"
-.Fa "gss_qop_t * qop_state"
-.Fc
-.Ft OM_uint32
-.Fo gss_verify
-.Fa "OM_uint32 * minor_status"
-.Fa "gss_ctx_id_t context_handle"
-.Fa "gss_buffer_t message_buffer"
-.Fa "gss_buffer_t token_buffer"
-.Fa "int * qop_state"
-.Fc
-.Ft OM_uint32
-.Fo gss_verify_mic
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_ctx_id_t context_handle"
-.Fa "const gss_buffer_t message_buffer"
-.Fa "const gss_buffer_t token_buffer"
-.Fa "gss_qop_t * qop_state"
-.Fc
-.Ft OM_uint32
-.Fo gss_wrap
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_ctx_id_t context_handle"
-.Fa "int conf_req_flag"
-.Fa "gss_qop_t qop_req"
-.Fa "const gss_buffer_t input_message_buffer"
-.Fa "int * conf_state"
-.Fa "gss_buffer_t output_message_buffer"
-.Fc
-.Ft OM_uint32
-.Fo gss_wrap_size_limit
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_ctx_id_t context_handle"
-.Fa "int conf_req_flag"
-.Fa "gss_qop_t qop_req"
-.Fa "OM_uint32 req_output_size"
-.Fa "OM_uint32 * max_input_size"
-.Fc
-.Sh DESCRIPTION
-Generic Security Service API (GSS-API) version 2, and its C binding,
-is described in
-.Li RFC2743
-and
-.Li RFC2744 .
-Version 1 (deprecated) of the C binding is described in
-.Li RFC1509 .
-.Pp
-Heimdals GSS-API implementation supports the following mechanisms
-.Bl -bullet
-.It
-.Li GSS_KRB5_MECHANISM
-.It
-.Li GSS_SPNEGO_MECHANISM
-.El
-.Pp
-GSS-API have generic name types that all mechanism are supposed to
-implement (if possible):
-.Bl -bullet
-.It
-.Li GSS_C_NT_USER_NAME
-.It
-.Li GSS_C_NT_MACHINE_UID_NAME
-.It
-.Li GSS_C_NT_STRING_UID_NAME
-.It
-.Li GSS_C_NT_HOSTBASED_SERVICE
-.It
-.Li GSS_C_NT_ANONYMOUS
-.It
-.Li GSS_C_NT_EXPORT_NAME
-.El
-.Pp
-GSS-API implementations that supports Kerberos 5 have some additional
-name types:
-.Bl -bullet
-.It
-.Li GSS_KRB5_NT_PRINCIPAL_NAME
-.It
-.Li GSS_KRB5_NT_USER_NAME
-.It
-.Li GSS_KRB5_NT_MACHINE_UID_NAME
-.It
-.Li GSS_KRB5_NT_STRING_UID_NAME
-.El
-.Pp
-In GSS-API, names have two forms, internal names and contiguous string
-names.
-.Bl -bullet
-.It
-.Li Internal name and mechanism name
-.Pp
-Internal names are implementation specific representation of
-a GSS-API name.
-.Li Mechanism names
-special form of internal names corresponds to one and only one mechanism.
-.Pp
-In GSS-API an internal name is stored in a
-.Dv gss_name_t .
-.It
-.Li Contiguous string name and exported name
-.Pp
-Contiguous string names are gssapi names stored in a
-.Dv OCTET STRING
-that together with a name type identifier (OID) uniquely specifies a
-gss-name.
-A special form of the contiguous string name is the exported name that
-have a OID embedded in the string to make it unique.
-Exported name have the nametype
-.Dv GSS_C_NT_EXPORT_NAME .
-.Pp
-In GSS-API an contiguous string name is stored in a
-.Dv gss_buffer_t .
-.Pp
-Exported names also have the property that they are specified by the
-mechanism itself and compatible between diffrent GSS-API
-implementations.
-.El
-.Sh ACCESS CONTROL
-There are two ways of comparing GSS-API names, either comparing two
-internal names with each other or two contiguous string names with
-either other.
-.Pp
-To compare two internal names with each other, import (if needed) the
-names with
-.Fn gss_import_name
-into the GSS-API implementation and the compare the imported name with
-.Fn gss_compare_name .
-.Pp
-Importing names can be slow, so when its possible to store exported
-names in the access control list, comparing contiguous string name
-might be better.
-.Pp
-when comparing contiguous string name, first export them into a
-.Dv GSS_C_NT_EXPORT_NAME
-name with
-.Fn gss_export_name
-and then compare with
-.Xr memcmp 3 .
-.Pp
-Note that there are might be a difference between the two methods of
-comparing names.
-The first (using
-.Fn gss_compare_name )
-will compare to (unauthenticated) names are the same.
-The second will compare if a mechanism will authenticate them as the
-same principal.
-.Pp
-For example, if
-.Fn gss_import_name
-name was used with
-.Dv GSS_C_NO_OID
-the default syntax is used for all mechanism the GSS-API
-implementation supports.
-When compare the imported name of
-.Dv GSS_C_NO_OID
-it may match serveral mechanism names (MN).
-.Pp
-The resulting name from
-.Fn gss_display_name
-must not be used for acccess control.
-.Sh FUNCTIONS
-.Fn gss_display_name
-takes the gss name in
-.Fa input_name
-and puts a printable form in
-.Fa output_name_buffer .
-.Fa output_name_buffer
-should be freed when done using
-.Fn gss_release_buffer .
-.Fa output_name_type
-can either be
-.Dv NULL
-or a pointer to a
-.Li gss_OID
-and will in the latter case contain the OID type of the name.
-The name must only be used for printing.
-If access control is needed, see section
-.Sx ACCESS CONTROL .
-.Pp
-.Fn gss_inquire_context
-returns information about the context.
-Information is available even after the context have expired.
-.Fa lifetime_rec
-argument is set to
-.Dv GSS_C_INDEFINITE
-(dont expire) or the number of seconds that the context is still valid.
-A value of 0 means that the context is expired.
-.Fa mech_type
-argument should be considered readonly and must not be released.
-.Fa src_name
-and
-.Fn dest_name
-are both mechanims names and must be released with
-.Fn gss_release_name
-when no longer used.
-.Pp
-.Nm gss_context_time
-will return the amount of time (in seconds) of the context is still
-valid.
-If its expired
-.Fa time_rec
-will be set to 0 and
-.Dv GSS_S_CONTEXT_EXPIRED
-returned.
-.Pp
-.Fn gss_sign ,
-.Fn gss_verify ,
-.Fn gss_seal ,
-and
-.Fn gss_unseal
-are part of the GSS-API V1 interface and are obsolete.
-The functions should not be used for new applications.
-They are provided so that version 1 applications can link against the
-library.
-.Sh EXTENSIONS
-.Fn gss_krb5_ccache_name
-sets the internal kerberos 5 credential cache name to
-.Fa name .
-The old name is returned in
-.Fa old_name ,
-and must not be freed.
-The data allocated for
-.Fa old_name
-is free upon next call to
-.Fn gss_krb5_ccache_name .
-This function is not threadsafe if
-.Fa old_name
-argument is used.
-.Pp
-.Fn gss_krb5_copy_ccache
-will extract the krb5 credentials that are transferred from the
-initiator to the acceptor when using token delegation in the Kerberos
-mechanism.
-The acceptor receives the delegated token in the last argument to
-.Fn gss_accept_sec_context .
-.Pp
-.Fn gss_krb5_import_cred
-will import the krb5 credentials (both keytab and/or credential cache)
-into gss credential so it can be used withing GSS-API.
-The
-.Fa ccache
-is copied by reference and thus shared, so if the credential is destroyed
-with
-.Fa krb5_cc_destroy ,
-all users of thep
-.Fa gss_cred_id_t
-returned by
-.Fn gss_krb5_import_ccache
-will fail.
-.Pp
-.Fn gsskrb5_register_acceptor_identity
-sets the Kerberos 5 filebased keytab that the acceptor will use.  The
-.Fa identifier
-is the file name.
-.Pp
-.Fn gsskrb5_extract_authz_data_from_sec_context
-extracts the Kerberos authorizationdata that may be stored within the
-context.
-Tha caller must free the returned buffer
-.Fa ad_data
-with
-.Fn gss_release_buffer
-upon success.
-.Pp
-.Fn gss_krb5_get_tkt_flags
-return the ticket flags for the kerberos ticket receive when
-authenticating the initiator.
-Only valid on the acceptor context.
-.Pp
-.Fn gss_krb5_compat_des3_mic
-turns on or off the compatibility with older version of Heimdal using
-des3 get and verify mic, this is way to programmatically set the
-[gssapi]broken_des3_mic and [gssapi]correct_des3_mic flags (see
-COMPATIBILITY section in
-.Xr gssapi 3 ) .
-If the CPP symbol
-.Dv GSS_C_KRB5_COMPAT_DES3_MIC
-is present,
-.Fn gss_krb5_compat_des3_mic
-exists.
-.Fn gss_krb5_compat_des3_mic
-will be removed in a later version of the GSS-API library.
-.Sh SEE ALSO
-.Xr gssapi 3 ,
-.Xr krb5 3 ,
-.Xr krb5_ccache 3 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/gssapi/gssapi.3 b/crypto/heimdal/lib/gssapi/gssapi.3
deleted file mode 100644
index 0241ee786a16..000000000000
--- a/crypto/heimdal/lib/gssapi/gssapi.3
+++ /dev/null
@@ -1,177 +0,0 @@
-.\" Copyright (c) 2003 - 2005 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: gssapi.3 22071 2007-11-14 20:04:50Z lha $
-.\"
-.Dd April 20, 2005
-.Dt GSSAPI 3
-.Os
-.Sh NAME
-.Nm gssapi
-.Nd Generic Security Service Application Program Interface library
-.Sh LIBRARY
-GSS-API Library (libgssapi, -lgssapi)
-.Sh DESCRIPTION
-The Generic Security Service Application Program Interface (GSS-API)
-provides security services to callers in a generic fashion,
-supportable with a range of underlying mechanisms and technologies and
-hence allowing source-level portability of applications to different
-environments.
-.Pp
-The GSS-API implementation in Heimdal implements the Kerberos 5 and
-the SPNEGO GSS-API security mechanisms.
-.Sh LIST OF FUNCTIONS
-These functions constitute the gssapi library,
-.Em libgssapi .
-Declarations for these functions may be obtained from the include file
-.Pa gssapi.h .
-.sp 2
-.nf
-.ta \w'gss_inquire_names_for_mech'u+2n +\w'Description goes here'u
-\fIName/Page\fP	\fIDescription\fP
-.ta \w'gss_inquire_names_for_mech'u+2n +\w'Description goes here'u+6nC
-.sp 5p
-gss_accept_sec_context.3
-gss_acquire_cred.3
-gss_add_cred.3
-gss_add_oid_set_member.3
-gss_canonicalize_name.3
-gss_compare_name.3
-gss_context_time.3
-gss_create_empty_oid_set.3
-gss_delete_sec_context.3
-gss_display_name.3
-gss_display_status.3
-gss_duplicate_name.3
-gss_export_name.3
-gss_export_sec_context.3
-gss_get_mic.3
-gss_import_name.3
-gss_import_sec_context.3
-gss_indicate_mechs.3
-gss_init_sec_context.3
-gss_inquire_context.3
-gss_inquire_cred.3
-gss_inquire_cred_by_mech.3
-gss_inquire_mechs_for_name.3
-gss_inquire_names_for_mech.3
-gss_krb5_ccache_name.3
-gss_krb5_compat_des3_mic.3
-gss_krb5_copy_ccache.3
-gss_krb5_extract_authz_data_from_sec_context.3
-gss_krb5_import_ccache.3
-gss_process_context_token.3
-gss_release_buffer.3
-gss_release_cred.3
-gss_release_name.3
-gss_release_oid_set.3
-gss_seal.3
-gss_sign.3
-gss_test_oid_set_member.3
-gss_unseal.3
-gss_unwrap.3
-gss_verify.3
-gss_verify_mic.3
-gss_wrap.3
-gss_wrap_size_limit.3
-.ta
-.Fi
-.Sh COMPATIBILITY
-The
-.Nm Heimdal
-GSS-API implementation had a bug in releases before 0.6 that made it
-fail to inter-operate when using DES3 with other GSS-API
-implementations when using
-.Fn gss_get_mic
-/
-.Fn gss_verify_mic .
-It is possible to modify the behavior of the generator of the MIC with
-the
-.Pa krb5.conf
-configuration file so that old clients/servers will still
-work.
-.Pp
-New clients/servers will try both the old and new MIC in Heimdal 0.6.
-In 0.7 it will check only if configured - the compatibility code will
-be removed in 0.8.
-.Pp
-Heimdal 0.6 still generates by default the broken GSS-API DES3 mic,
-this will change in 0.7 to generate correct des3 mic.
-.Pp
-To turn on compatibility with older clients and servers, change the
-.Nm [gssapi]
-.Ar broken_des3_mic
-in
-.Pa krb5.conf
-that contains a list of globbing expressions that will be matched
-against the server name.
-To turn off generation of the old (incompatible) mic of the MIC use
-.Nm [gssapi]
-.Ar correct_des3_mic .
-.Pp
-If a match for a entry is in both
-.Nm [gssapi]
-.Ar correct_des3_mic
-and
-.Nm [gssapi]
-.Ar broken_des3_mic ,
-the later will override.
-.Pp
-This config option modifies behaviour for both clients and servers.
-.Pp
-Microsoft implemented SPNEGO to Windows2000, however, they manage to
-get it wrong, their implementation didn't fill in the MechListMIC in
-the reply token with the right content.
-There is a work around for this problem, but not all implementation
-support it.
-.Pp
-Heimdal defaults to correct SPNEGO when the the kerberos
-implementation uses CFX, or when it is configured by the user.
-To turn on compatibility with peers, use option
-.Nm [gssapi]
-.Ar require_mechlist_mic .
-.Sh EXAMPLES
-.Bd -literal -offset indent
-[gssapi]
-	broken_des3_mic = cvs/*@SU.SE
-	broken_des3_mic = host/*@E.KTH.SE
-	correct_des3_mic = host/*@SU.SE
-	require_mechlist_mic = host/*@SU.SE
-.Ed
-.Sh BUGS
-All of 0.5.x versions of
-.Nm heimdal
-had broken token delegations in the client side, the server side was
-correct.
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5.conf 5 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/gssapi/gssapi.h b/crypto/heimdal/lib/gssapi/gssapi.h
deleted file mode 100644
index ae0274fd6bba..000000000000
--- a/crypto/heimdal/lib/gssapi/gssapi.h
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: gssapi.h 18332 2006-10-07 20:57:15Z lha $ */
-
-#ifndef GSSAPI_H_
-#define GSSAPI_H_
-
-#include <gssapi/gssapi.h>
-
-#endif
diff --git a/crypto/heimdal/lib/gssapi/gssapi/gssapi.h b/crypto/heimdal/lib/gssapi/gssapi/gssapi.h
deleted file mode 100644
index fbc638c48fca..000000000000
--- a/crypto/heimdal/lib/gssapi/gssapi/gssapi.h
+++ /dev/null
@@ -1,809 +0,0 @@
-/*
- * Copyright (c) 1997 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: gssapi.h 21004 2007-06-08 01:53:10Z lha $ */
-
-#ifndef GSSAPI_GSSAPI_H_
-#define GSSAPI_GSSAPI_H_
-
-/*
- * First, include stddef.h to get size_t defined.
- */
-#include <stddef.h>
-
-#include <krb5-types.h>
-
-/*
- * Now define the three implementation-dependent types.
- */
-
-typedef uint32_t OM_uint32;
-typedef uint64_t OM_uint64;
-
-typedef uint32_t gss_uint32;
-
-struct gss_name_t_desc_struct;
-typedef struct gss_name_t_desc_struct *gss_name_t;
-
-struct gss_ctx_id_t_desc_struct;
-typedef struct gss_ctx_id_t_desc_struct *gss_ctx_id_t;
-
-typedef struct gss_OID_desc_struct {
-      OM_uint32 length;
-      void      *elements;
-} gss_OID_desc, *gss_OID;
-
-typedef struct gss_OID_set_desc_struct  {
-      size_t     count;
-      gss_OID    elements;
-} gss_OID_set_desc, *gss_OID_set;
-
-typedef int gss_cred_usage_t;
-
-struct gss_cred_id_t_desc_struct;
-typedef struct gss_cred_id_t_desc_struct *gss_cred_id_t;
-
-typedef struct gss_buffer_desc_struct {
-      size_t length;
-      void *value;
-} gss_buffer_desc, *gss_buffer_t;
-
-typedef struct gss_channel_bindings_struct {
-      OM_uint32 initiator_addrtype;
-      gss_buffer_desc initiator_address;
-      OM_uint32 acceptor_addrtype;
-      gss_buffer_desc acceptor_address;
-      gss_buffer_desc application_data;
-} *gss_channel_bindings_t;
-
-/* GGF extension data types */
-typedef struct gss_buffer_set_desc_struct {
-      size_t count;
-      gss_buffer_desc *elements;
-} gss_buffer_set_desc, *gss_buffer_set_t;
-
-/*
- * For now, define a QOP-type as an OM_uint32
- */
-typedef OM_uint32 gss_qop_t;
-
-/*
- * Flag bits for context-level services.
- */
-#define GSS_C_DELEG_FLAG 1
-#define GSS_C_MUTUAL_FLAG 2
-#define GSS_C_REPLAY_FLAG 4
-#define GSS_C_SEQUENCE_FLAG 8
-#define GSS_C_CONF_FLAG 16
-#define GSS_C_INTEG_FLAG 32
-#define GSS_C_ANON_FLAG 64
-#define GSS_C_PROT_READY_FLAG 128
-#define GSS_C_TRANS_FLAG 256
-
-#define GSS_C_DCE_STYLE 4096
-#define GSS_C_IDENTIFY_FLAG 8192
-#define GSS_C_EXTENDED_ERROR_FLAG 16384
-
-/*
- * Credential usage options
- */
-#define GSS_C_BOTH 0
-#define GSS_C_INITIATE 1
-#define GSS_C_ACCEPT 2
-
-/*
- * Status code types for gss_display_status
- */
-#define GSS_C_GSS_CODE 1
-#define GSS_C_MECH_CODE 2
-
-/*
- * The constant definitions for channel-bindings address families
- */
-#define GSS_C_AF_UNSPEC     0
-#define GSS_C_AF_LOCAL      1
-#define GSS_C_AF_INET       2
-#define GSS_C_AF_IMPLINK    3
-#define GSS_C_AF_PUP        4
-#define GSS_C_AF_CHAOS      5
-#define GSS_C_AF_NS         6
-#define GSS_C_AF_NBS        7
-#define GSS_C_AF_ECMA       8
-#define GSS_C_AF_DATAKIT    9
-#define GSS_C_AF_CCITT      10
-#define GSS_C_AF_SNA        11
-#define GSS_C_AF_DECnet     12
-#define GSS_C_AF_DLI        13
-#define GSS_C_AF_LAT        14
-#define GSS_C_AF_HYLINK     15
-#define GSS_C_AF_APPLETALK  16
-#define GSS_C_AF_BSC        17
-#define GSS_C_AF_DSS        18
-#define GSS_C_AF_OSI        19
-#define GSS_C_AF_X25        21
-#define GSS_C_AF_INET6	    24
-
-#define GSS_C_AF_NULLADDR   255
-
-/*
- * Various Null values
- */
-#define GSS_C_NO_NAME ((gss_name_t) 0)
-#define GSS_C_NO_BUFFER ((gss_buffer_t) 0)
-#define GSS_C_NO_BUFFER_SET ((gss_buffer_set_t) 0)
-#define GSS_C_NO_OID ((gss_OID) 0)
-#define GSS_C_NO_OID_SET ((gss_OID_set) 0)
-#define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0)
-#define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0)
-#define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0)
-#define GSS_C_EMPTY_BUFFER {0, NULL}
-
-/*
- * Some alternate names for a couple of the above
- * values.  These are defined for V1 compatibility.
- */
-#define GSS_C_NULL_OID GSS_C_NO_OID
-#define GSS_C_NULL_OID_SET GSS_C_NO_OID_SET
-
-/*
- * Define the default Quality of Protection for per-message
- * services.  Note that an implementation that offers multiple
- * levels of QOP may define GSS_C_QOP_DEFAULT to be either zero
- * (as done here) to mean "default protection", or to a specific
- * explicit QOP value.  However, a value of 0 should always be
- * interpreted by a GSSAPI implementation as a request for the
- * default protection level.
- */
-#define GSS_C_QOP_DEFAULT 0
-
-#define GSS_KRB5_CONF_C_QOP_DES		0x0100
-#define GSS_KRB5_CONF_C_QOP_DES3_KD	0x0200
-
-/*
- * Expiration time of 2^32-1 seconds means infinite lifetime for a
- * credential or security context
- */
-#define GSS_C_INDEFINITE 0xfffffffful
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- *              "\x01\x02\x01\x01"},
- * corresponding to an object-identifier value of
- * {iso(1) member-body(2) United States(840) mit(113554)
- *  infosys(1) gssapi(2) generic(1) user_name(1)}.  The constant
- * GSS_C_NT_USER_NAME should be initialized to point
- * to that gss_OID_desc.
- */
-extern gss_OID GSS_C_NT_USER_NAME;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- *              "\x01\x02\x01\x02"},
- * corresponding to an object-identifier value of
- * {iso(1) member-body(2) United States(840) mit(113554)
- *  infosys(1) gssapi(2) generic(1) machine_uid_name(2)}.
- * The constant GSS_C_NT_MACHINE_UID_NAME should be
- * initialized to point to that gss_OID_desc.
- */
-extern gss_OID GSS_C_NT_MACHINE_UID_NAME;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- *              "\x01\x02\x01\x03"},
- * corresponding to an object-identifier value of
- * {iso(1) member-body(2) United States(840) mit(113554)
- *  infosys(1) gssapi(2) generic(1) string_uid_name(3)}.
- * The constant GSS_C_NT_STRING_UID_NAME should be
- * initialized to point to that gss_OID_desc.
- */
-extern gss_OID GSS_C_NT_STRING_UID_NAME;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {6, (void *)"\x2b\x06\x01\x05\x06\x02"},
- * corresponding to an object-identifier value of
- * {iso(1) org(3) dod(6) internet(1) security(5)
- * nametypes(6) gss-host-based-services(2)).  The constant
- * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point
- * to that gss_OID_desc.  This is a deprecated OID value, and
- * implementations wishing to support hostbased-service names
- * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID,
- * defined below, to identify such names;
- * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym
- * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input
- * parameter, but should not be emitted by GSS-API
- * implementations
- */
-extern gss_OID GSS_C_NT_HOSTBASED_SERVICE_X;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- *              "\x01\x02\x01\x04"}, corresponding to an
- * object-identifier value of {iso(1) member-body(2)
- * Unites States(840) mit(113554) infosys(1) gssapi(2)
- * generic(1) service_name(4)}.  The constant
- * GSS_C_NT_HOSTBASED_SERVICE should be initialized
- * to point to that gss_OID_desc.
- */
-extern gss_OID GSS_C_NT_HOSTBASED_SERVICE;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {6, (void *)"\x2b\x06\01\x05\x06\x03"},
- * corresponding to an object identifier value of
- * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
- * 6(nametypes), 3(gss-anonymous-name)}.  The constant
- * and GSS_C_NT_ANONYMOUS should be initialized to point
- * to that gss_OID_desc.
- */
-extern gss_OID GSS_C_NT_ANONYMOUS;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {6, (void *)"\x2b\x06\x01\x05\x06\x04"},
- * corresponding to an object-identifier value of
- * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
- * 6(nametypes), 4(gss-api-exported-name)}.  The constant
- * GSS_C_NT_EXPORT_NAME should be initialized to point
- * to that gss_OID_desc.
- */
-extern gss_OID GSS_C_NT_EXPORT_NAME;
-
-/*
- * Digest mechanism
- */
-
-extern gss_OID GSS_SASL_DIGEST_MD5_MECHANISM;
-
-/*
- * NTLM mechanism
- */
-
-extern gss_OID GSS_NTLM_MECHANISM;
-
-/* Major status codes */
-
-#define GSS_S_COMPLETE 0
-
-/*
- * Some "helper" definitions to make the status code macros obvious.
- */
-#define GSS_C_CALLING_ERROR_OFFSET 24
-#define GSS_C_ROUTINE_ERROR_OFFSET 16
-#define GSS_C_SUPPLEMENTARY_OFFSET 0
-#define GSS_C_CALLING_ERROR_MASK 0377ul
-#define GSS_C_ROUTINE_ERROR_MASK 0377ul
-#define GSS_C_SUPPLEMENTARY_MASK 0177777ul
-
-/*
- * The macros that test status codes for error conditions.
- * Note that the GSS_ERROR() macro has changed slightly from
- * the V1 GSSAPI so that it now evaluates its argument
- * only once.
- */
-#define GSS_CALLING_ERROR(x) \
-  (x & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET))
-#define GSS_ROUTINE_ERROR(x) \
-  (x & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))
-#define GSS_SUPPLEMENTARY_INFO(x) \
-  (x & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET))
-#define GSS_ERROR(x) \
-  (x & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \
-        (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)))
-
-/*
- * Now the actual status code definitions
- */
-
-/*
- * Calling errors:
- */
-#define GSS_S_CALL_INACCESSIBLE_READ \
-                             (1ul << GSS_C_CALLING_ERROR_OFFSET)
-#define GSS_S_CALL_INACCESSIBLE_WRITE \
-                             (2ul << GSS_C_CALLING_ERROR_OFFSET)
-#define GSS_S_CALL_BAD_STRUCTURE \
-                             (3ul << GSS_C_CALLING_ERROR_OFFSET)
-
-/*
- * Routine errors:
- */
-#define GSS_S_BAD_MECH (1ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_BAD_NAME (2ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_BAD_NAMETYPE (3ul << GSS_C_ROUTINE_ERROR_OFFSET)
-
-#define GSS_S_BAD_BINDINGS (4ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_BAD_STATUS (5ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_BAD_SIG (6ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_BAD_MIC GSS_S_BAD_SIG
-#define GSS_S_NO_CRED (7ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_NO_CONTEXT (8ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_DEFECTIVE_TOKEN (9ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_DEFECTIVE_CREDENTIAL (10ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_CREDENTIALS_EXPIRED (11ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_CONTEXT_EXPIRED (12ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_FAILURE (13ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_BAD_QOP (14ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_UNAUTHORIZED (15ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_UNAVAILABLE (16ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_DUPLICATE_ELEMENT (17ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_NAME_NOT_MN (18ul << GSS_C_ROUTINE_ERROR_OFFSET)
-
-/*
- * Supplementary info bits:
- */
-#define GSS_S_CONTINUE_NEEDED (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 0))
-#define GSS_S_DUPLICATE_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 1))
-#define GSS_S_OLD_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 2))
-#define GSS_S_UNSEQ_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 3))
-#define GSS_S_GAP_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 4))
-
-/*
- * Finally, function prototypes for the GSS-API routines.
- */
-
-OM_uint32 gss_acquire_cred
-           (OM_uint32 * /*minor_status*/,
-            const gss_name_t /*desired_name*/,
-            OM_uint32 /*time_req*/,
-            const gss_OID_set /*desired_mechs*/,
-            gss_cred_usage_t /*cred_usage*/,
-            gss_cred_id_t * /*output_cred_handle*/,
-            gss_OID_set * /*actual_mechs*/,
-            OM_uint32 * /*time_rec*/
-           );
-
-OM_uint32 gss_release_cred
-           (OM_uint32 * /*minor_status*/,
-            gss_cred_id_t * /*cred_handle*/
-           );
-
-OM_uint32 gss_init_sec_context
-           (OM_uint32 * /*minor_status*/,
-            const gss_cred_id_t /*initiator_cred_handle*/,
-            gss_ctx_id_t * /*context_handle*/,
-            const gss_name_t /*target_name*/,
-            const gss_OID /*mech_type*/,
-            OM_uint32 /*req_flags*/,
-            OM_uint32 /*time_req*/,
-            const gss_channel_bindings_t /*input_chan_bindings*/,
-            const gss_buffer_t /*input_token*/,
-            gss_OID * /*actual_mech_type*/,
-            gss_buffer_t /*output_token*/,
-            OM_uint32 * /*ret_flags*/,
-            OM_uint32 * /*time_rec*/
-           );
-
-OM_uint32 gss_accept_sec_context
-           (OM_uint32 * /*minor_status*/,
-            gss_ctx_id_t * /*context_handle*/,
-            const gss_cred_id_t /*acceptor_cred_handle*/,
-            const gss_buffer_t /*input_token_buffer*/,
-            const gss_channel_bindings_t /*input_chan_bindings*/,
-            gss_name_t * /*src_name*/,
-            gss_OID * /*mech_type*/,
-            gss_buffer_t /*output_token*/,
-            OM_uint32 * /*ret_flags*/,
-            OM_uint32 * /*time_rec*/,
-            gss_cred_id_t * /*delegated_cred_handle*/
-           );
-
-OM_uint32 gss_process_context_token
-           (OM_uint32 * /*minor_status*/,
-            const gss_ctx_id_t /*context_handle*/,
-            const gss_buffer_t /*token_buffer*/
-           );
-
-OM_uint32 gss_delete_sec_context
-           (OM_uint32 * /*minor_status*/,
-            gss_ctx_id_t * /*context_handle*/,
-            gss_buffer_t /*output_token*/
-           );
-
-OM_uint32 gss_context_time
-           (OM_uint32 * /*minor_status*/,
-            const gss_ctx_id_t /*context_handle*/,
-            OM_uint32 * /*time_rec*/
-           );
-
-OM_uint32 gss_get_mic
-           (OM_uint32 * /*minor_status*/,
-            const gss_ctx_id_t /*context_handle*/,
-            gss_qop_t /*qop_req*/,
-            const gss_buffer_t /*message_buffer*/,
-            gss_buffer_t /*message_token*/
-           );
-
-OM_uint32 gss_verify_mic
-           (OM_uint32 * /*minor_status*/,
-            const gss_ctx_id_t /*context_handle*/,
-            const gss_buffer_t /*message_buffer*/,
-            const gss_buffer_t /*token_buffer*/,
-            gss_qop_t * /*qop_state*/
-           );
-
-OM_uint32 gss_wrap
-           (OM_uint32 * /*minor_status*/,
-            const gss_ctx_id_t /*context_handle*/,
-            int /*conf_req_flag*/,
-            gss_qop_t /*qop_req*/,
-            const gss_buffer_t /*input_message_buffer*/,
-            int * /*conf_state*/,
-            gss_buffer_t /*output_message_buffer*/
-           );
-
-OM_uint32 gss_unwrap
-           (OM_uint32 * /*minor_status*/,
-            const gss_ctx_id_t /*context_handle*/,
-            const gss_buffer_t /*input_message_buffer*/,
-            gss_buffer_t /*output_message_buffer*/,
-            int * /*conf_state*/,
-            gss_qop_t * /*qop_state*/
-           );
-
-OM_uint32 gss_display_status
-           (OM_uint32 * /*minor_status*/,
-            OM_uint32 /*status_value*/,
-            int /*status_type*/,
-            const gss_OID /*mech_type*/,
-            OM_uint32 * /*message_context*/,
-            gss_buffer_t /*status_string*/
-           );
-
-OM_uint32 gss_indicate_mechs
-           (OM_uint32 * /*minor_status*/,
-            gss_OID_set * /*mech_set*/
-           );
-
-OM_uint32 gss_compare_name
-           (OM_uint32 * /*minor_status*/,
-            const gss_name_t /*name1*/,
-            const gss_name_t /*name2*/,
-            int * /*name_equal*/
-           );
-
-OM_uint32 gss_display_name
-           (OM_uint32 * /*minor_status*/,
-            const gss_name_t /*input_name*/,
-            gss_buffer_t /*output_name_buffer*/,
-            gss_OID * /*output_name_type*/
-           );
-
-OM_uint32 gss_import_name
-           (OM_uint32 * /*minor_status*/,
-            const gss_buffer_t /*input_name_buffer*/,
-            const gss_OID /*input_name_type*/,
-            gss_name_t * /*output_name*/
-           );
-
-OM_uint32 gss_export_name
-           (OM_uint32  * /*minor_status*/,
-            const gss_name_t /*input_name*/,
-            gss_buffer_t /*exported_name*/
-           );
-
-OM_uint32 gss_release_name
-           (OM_uint32 * /*minor_status*/,
-            gss_name_t * /*input_name*/
-           );
-
-OM_uint32 gss_release_buffer
-           (OM_uint32 * /*minor_status*/,
-            gss_buffer_t /*buffer*/
-           );
-
-OM_uint32 gss_release_oid_set
-           (OM_uint32 * /*minor_status*/,
-            gss_OID_set * /*set*/
-           );
-
-OM_uint32 gss_inquire_cred
-           (OM_uint32 * /*minor_status*/,
-            const gss_cred_id_t /*cred_handle*/,
-            gss_name_t * /*name*/,
-            OM_uint32 * /*lifetime*/,
-            gss_cred_usage_t * /*cred_usage*/,
-            gss_OID_set * /*mechanisms*/
-           );
-
-OM_uint32 gss_inquire_context (
-            OM_uint32 * /*minor_status*/,
-            const gss_ctx_id_t /*context_handle*/,
-            gss_name_t * /*src_name*/,
-            gss_name_t * /*targ_name*/,
-            OM_uint32 * /*lifetime_rec*/,
-            gss_OID * /*mech_type*/,
-            OM_uint32 * /*ctx_flags*/,
-            int * /*locally_initiated*/,
-            int * /*open_context*/
-           );
-
-OM_uint32 gss_wrap_size_limit (
-            OM_uint32 * /*minor_status*/,
-            const gss_ctx_id_t /*context_handle*/,
-            int /*conf_req_flag*/,
-            gss_qop_t /*qop_req*/,
-            OM_uint32 /*req_output_size*/,
-            OM_uint32 * /*max_input_size*/
-           );
-
-OM_uint32 gss_add_cred (
-            OM_uint32 * /*minor_status*/,
-            const gss_cred_id_t /*input_cred_handle*/,
-            const gss_name_t /*desired_name*/,
-            const gss_OID /*desired_mech*/,
-            gss_cred_usage_t /*cred_usage*/,
-            OM_uint32 /*initiator_time_req*/,
-            OM_uint32 /*acceptor_time_req*/,
-            gss_cred_id_t * /*output_cred_handle*/,
-            gss_OID_set * /*actual_mechs*/,
-            OM_uint32 * /*initiator_time_rec*/,
-            OM_uint32 * /*acceptor_time_rec*/
-           );
-
-OM_uint32 gss_inquire_cred_by_mech (
-            OM_uint32 * /*minor_status*/,
-            const gss_cred_id_t /*cred_handle*/,
-            const gss_OID /*mech_type*/,
-            gss_name_t * /*name*/,
-            OM_uint32 * /*initiator_lifetime*/,
-            OM_uint32 * /*acceptor_lifetime*/,
-            gss_cred_usage_t * /*cred_usage*/
-           );
-
-OM_uint32 gss_export_sec_context (
-            OM_uint32 * /*minor_status*/,
-            gss_ctx_id_t * /*context_handle*/,
-            gss_buffer_t /*interprocess_token*/
-           );
-
-OM_uint32 gss_import_sec_context (
-            OM_uint32 * /*minor_status*/,
-            const gss_buffer_t /*interprocess_token*/,
-            gss_ctx_id_t * /*context_handle*/
-           );
-
-OM_uint32 gss_create_empty_oid_set (
-            OM_uint32 * /*minor_status*/,
-            gss_OID_set * /*oid_set*/
-           );
-
-OM_uint32 gss_add_oid_set_member (
-            OM_uint32 * /*minor_status*/,
-            const gss_OID /*member_oid*/,
-            gss_OID_set * /*oid_set*/
-           );
-
-OM_uint32 gss_test_oid_set_member (
-            OM_uint32 * /*minor_status*/,
-            const gss_OID /*member*/,
-            const gss_OID_set /*set*/,
-            int * /*present*/
-           );
-
-OM_uint32 gss_inquire_names_for_mech (
-            OM_uint32 * /*minor_status*/,
-            const gss_OID /*mechanism*/,
-            gss_OID_set * /*name_types*/
-           );
-
-OM_uint32 gss_inquire_mechs_for_name (
-            OM_uint32 * /*minor_status*/,
-            const gss_name_t /*input_name*/,
-            gss_OID_set * /*mech_types*/
-           );
-
-OM_uint32 gss_canonicalize_name (
-            OM_uint32 * /*minor_status*/,
-            const gss_name_t /*input_name*/,
-            const gss_OID /*mech_type*/,
-            gss_name_t * /*output_name*/
-           );
-
-OM_uint32 gss_duplicate_name (
-            OM_uint32 * /*minor_status*/,
-            const gss_name_t /*src_name*/,
-            gss_name_t * /*dest_name*/
-           );
-
-OM_uint32 gss_duplicate_oid (
-	    OM_uint32 * /* minor_status */,
-	    gss_OID /* src_oid */,
-	    gss_OID * /* dest_oid */
-           );
-OM_uint32
-gss_release_oid
-	(OM_uint32 * /*minor_status*/,
-	 gss_OID * /* oid */
-	);
-
-OM_uint32
-gss_oid_to_str(
-	    OM_uint32 * /*minor_status*/,
-	    gss_OID /* oid */,
-	    gss_buffer_t /* str */
-           );
-
-OM_uint32
-gss_inquire_sec_context_by_oid(
-	    OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            const gss_OID desired_object,
-            gss_buffer_set_t *data_set
-           );
-
-OM_uint32
-gss_set_sec_context_option (OM_uint32 *minor_status,
-			    gss_ctx_id_t *context_handle,
-			    const gss_OID desired_object,
-			    const gss_buffer_t value);
-
-OM_uint32
-gss_set_cred_option (OM_uint32 *minor_status,
-		     gss_cred_id_t *cred_handle,
-		     const gss_OID object,
-		     const gss_buffer_t value);
-
-int
-gss_oid_equal(const gss_OID a, const gss_OID b);
-
-OM_uint32 
-gss_create_empty_buffer_set
-	   (OM_uint32 * minor_status,
-	    gss_buffer_set_t *buffer_set);
-
-OM_uint32
-gss_add_buffer_set_member
-	   (OM_uint32 * minor_status,
-	    const gss_buffer_t member_buffer,
-	    gss_buffer_set_t *buffer_set);
-
-OM_uint32
-gss_release_buffer_set
-	   (OM_uint32 * minor_status,
-	    gss_buffer_set_t *buffer_set);
-
-OM_uint32
-gss_inquire_cred_by_oid(OM_uint32 *minor_status,
-	                const gss_cred_id_t cred_handle,
-	                const gss_OID desired_object,
-	                gss_buffer_set_t *data_set);
-
-/*
- * RFC 4401
- */
-
-#define GSS_C_PRF_KEY_FULL 0
-#define GSS_C_PRF_KEY_PARTIAL 1
-
-OM_uint32
-gss_pseudo_random
-	(OM_uint32 *minor_status,
-	 gss_ctx_id_t context,
-	 int prf_key,
-	 const gss_buffer_t prf_in,
-	 ssize_t desired_output_len,
-	 gss_buffer_t prf_out
-	);
-
-/*
- * The following routines are obsolete variants of gss_get_mic,
- * gss_verify_mic, gss_wrap and gss_unwrap.  They should be
- * provided by GSSAPI V2 implementations for backwards
- * compatibility with V1 applications.  Distinct entrypoints
- * (as opposed to #defines) should be provided, both to allow
- * GSSAPI V1 applications to link against GSSAPI V2 implementations,
- * and to retain the slight parameter type differences between the
- * obsolete versions of these routines and their current forms.
- */
-
-OM_uint32 gss_sign
-           (OM_uint32 * /*minor_status*/,
-            gss_ctx_id_t /*context_handle*/,
-            int /*qop_req*/,
-            gss_buffer_t /*message_buffer*/,
-            gss_buffer_t /*message_token*/
-           );
-
-OM_uint32 gss_verify
-           (OM_uint32 * /*minor_status*/,
-            gss_ctx_id_t /*context_handle*/,
-            gss_buffer_t /*message_buffer*/,
-            gss_buffer_t /*token_buffer*/,
-            int * /*qop_state*/
-           );
-
-OM_uint32 gss_seal
-           (OM_uint32 * /*minor_status*/,
-            gss_ctx_id_t /*context_handle*/,
-            int /*conf_req_flag*/,
-            int /*qop_req*/,
-            gss_buffer_t /*input_message_buffer*/,
-            int * /*conf_state*/,
-            gss_buffer_t /*output_message_buffer*/
-           );
-
-OM_uint32 gss_unseal
-           (OM_uint32 * /*minor_status*/,
-            gss_ctx_id_t /*context_handle*/,
-            gss_buffer_t /*input_message_buffer*/,
-            gss_buffer_t /*output_message_buffer*/,
-            int * /*conf_state*/,
-            int * /*qop_state*/
-           );
-
-/*
- *
- */
-
-OM_uint32
-gss_inquire_sec_context_by_oid (OM_uint32 *minor_status,
-	                        const gss_ctx_id_t context_handle,
-	                        const gss_OID desired_object,
-	                        gss_buffer_set_t *data_set);
-
-OM_uint32
-gss_encapsulate_token(gss_buffer_t /* input_token */,
-		      gss_OID /* oid */,
-		      gss_buffer_t /* output_token */);
-
-OM_uint32
-gss_decapsulate_token(gss_buffer_t /* input_token */,
-		      gss_OID /* oid */,
-		      gss_buffer_t /* output_token */);
-
-
-
-#ifdef __cplusplus
-}
-#endif
-
-#include <gssapi/gssapi_krb5.h>
-#include <gssapi/gssapi_spnego.h>
-
-#endif /* GSSAPI_GSSAPI_H_ */
diff --git a/crypto/heimdal/lib/gssapi/gssapi/gssapi_krb5.h b/crypto/heimdal/lib/gssapi/gssapi/gssapi_krb5.h
deleted file mode 100644
index cca529fe26ff..000000000000
--- a/crypto/heimdal/lib/gssapi/gssapi/gssapi_krb5.h
+++ /dev/null
@@ -1,220 +0,0 @@
-/*
- * Copyright (c) 1997 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: gssapi_krb5.h 20385 2007-04-18 08:51:32Z lha $ */
-
-#ifndef GSSAPI_KRB5_H_
-#define GSSAPI_KRB5_H_
-
-#include <gssapi/gssapi.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * This is for kerberos5 names.
- */
-
-extern gss_OID GSS_KRB5_NT_PRINCIPAL_NAME;
-extern gss_OID GSS_KRB5_NT_USER_NAME;
-extern gss_OID GSS_KRB5_NT_MACHINE_UID_NAME;
-extern gss_OID GSS_KRB5_NT_STRING_UID_NAME;
-
-extern gss_OID GSS_KRB5_MECHANISM;
-
-/* for compatibility with MIT api */
-
-#define gss_mech_krb5 GSS_KRB5_MECHANISM
-#define gss_krb5_nt_general_name GSS_KRB5_NT_PRINCIPAL_NAME
-
-/* Extensions set contexts options */
-extern gss_OID GSS_KRB5_COPY_CCACHE_X;
-extern gss_OID GSS_KRB5_COMPAT_DES3_MIC_X;
-extern gss_OID GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X;
-extern gss_OID GSS_KRB5_SET_DNS_CANONICALIZE_X;
-extern gss_OID GSS_KRB5_SEND_TO_KDC_X;
-extern gss_OID GSS_KRB5_SET_DEFAULT_REALM_X;
-extern gss_OID GSS_KRB5_CCACHE_NAME_X;
-/* Extensions inquire context */
-extern gss_OID GSS_KRB5_GET_TKT_FLAGS_X;
-extern gss_OID GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X;
-extern gss_OID GSS_C_PEER_HAS_UPDATED_SPNEGO;
-extern gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_X;
-extern gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X;
-extern gss_OID GSS_KRB5_GET_SUBKEY_X;
-extern gss_OID GSS_KRB5_GET_INITIATOR_SUBKEY_X;
-extern gss_OID GSS_KRB5_GET_ACCEPTOR_SUBKEY_X;
-extern gss_OID GSS_KRB5_GET_AUTHTIME_X;
-extern gss_OID GSS_KRB5_GET_SERVICE_KEYBLOCK_X;
-/* Extensions creds */
-extern gss_OID GSS_KRB5_IMPORT_CRED_X;
-extern gss_OID GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X;
-
-/*
- * kerberos mechanism specific functions
- */
-
-struct krb5_keytab_data;
-struct krb5_ccache_data;
-struct Principal;
-
-OM_uint32
-gss_krb5_ccache_name(OM_uint32 * /*minor_status*/, 
-		     const char * /*name */,
-		     const char ** /*out_name */);
-
-OM_uint32 gsskrb5_register_acceptor_identity
-        (const char */*identity*/);
-
-OM_uint32 gss_krb5_copy_ccache
-	(OM_uint32 */*minor*/,
-	 gss_cred_id_t /*cred*/,
-	 struct krb5_ccache_data */*out*/);
-
-OM_uint32
-gss_krb5_import_cred(OM_uint32 */*minor*/,
-		     struct krb5_ccache_data * /*in*/,
-		     struct Principal * /*keytab_principal*/,
-		     struct krb5_keytab_data * /*keytab*/,
-		     gss_cred_id_t */*out*/);
-
-OM_uint32 gss_krb5_get_tkt_flags
-	(OM_uint32 */*minor*/,
-	 gss_ctx_id_t /*context_handle*/,
-	 OM_uint32 */*tkt_flags*/);
-
-OM_uint32
-gsskrb5_extract_authz_data_from_sec_context
-	(OM_uint32 * /*minor_status*/,
-	 gss_ctx_id_t /*context_handle*/,
-	 int /*ad_type*/,
-	 gss_buffer_t /*ad_data*/);
-
-OM_uint32
-gsskrb5_set_dns_canonicalize(int);
-
-struct gsskrb5_send_to_kdc {
-    void *func;
-    void *ptr;
-};
-
-OM_uint32
-gsskrb5_set_send_to_kdc(struct gsskrb5_send_to_kdc *);
-
-OM_uint32
-gsskrb5_set_default_realm(const char *);
-
-OM_uint32
-gsskrb5_extract_authtime_from_sec_context(OM_uint32 *, gss_ctx_id_t, time_t *);
-
-struct EncryptionKey;
-
-OM_uint32 
-gsskrb5_extract_service_keyblock(OM_uint32 *minor_status,
-				 gss_ctx_id_t context_handle,
-				 struct EncryptionKey **out);
-OM_uint32 
-gsskrb5_get_initiator_subkey(OM_uint32 *minor_status,
-				 gss_ctx_id_t context_handle,
-				 struct EncryptionKey **out);
-OM_uint32 
-gsskrb5_get_subkey(OM_uint32 *minor_status,
-		   gss_ctx_id_t context_handle,
-		   struct EncryptionKey **out);
-
-/*
- * Lucid - NFSv4 interface to GSS-API KRB5 to expose key material to
- * do GSS content token handling in-kernel.
- */
-
-typedef struct gss_krb5_lucid_key {
-	OM_uint32	type;
-	OM_uint32	length;
-	void *		data;
-} gss_krb5_lucid_key_t;
-
-typedef struct gss_krb5_rfc1964_keydata {
-	OM_uint32		sign_alg;
-	OM_uint32		seal_alg;
-	gss_krb5_lucid_key_t	ctx_key;
-} gss_krb5_rfc1964_keydata_t;
-
-typedef struct gss_krb5_cfx_keydata {
-	OM_uint32		have_acceptor_subkey;
-	gss_krb5_lucid_key_t	ctx_key;
-	gss_krb5_lucid_key_t	acceptor_subkey;
-} gss_krb5_cfx_keydata_t;
-
-typedef struct gss_krb5_lucid_context_v1 {
-	OM_uint32	version;
-	OM_uint32	initiate;
-	OM_uint32	endtime;
-	OM_uint64	send_seq;
-	OM_uint64	recv_seq;
-	OM_uint32	protocol;
-	gss_krb5_rfc1964_keydata_t rfc1964_kd;
-	gss_krb5_cfx_keydata_t	   cfx_kd;
-} gss_krb5_lucid_context_v1_t;
-
-typedef struct gss_krb5_lucid_context_version {
-	OM_uint32	version;	/* Structure version number */
-} gss_krb5_lucid_context_version_t;
-
-/*
- * Function declarations
- */
-
-OM_uint32
-gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status,
-				  gss_ctx_id_t *context_handle,
-				  OM_uint32 version,
-				  void **kctx);
-
-
-OM_uint32
-gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status,
-				void *kctx);
-
-
-OM_uint32
-gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status, 
-				gss_cred_id_t cred,
-				OM_uint32 num_enctypes,
-				int32_t *enctypes);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* GSSAPI_SPNEGO_H_ */
diff --git a/crypto/heimdal/lib/gssapi/gssapi/gssapi_spnego.h b/crypto/heimdal/lib/gssapi/gssapi/gssapi_spnego.h
deleted file mode 100644
index fbb7906369be..000000000000
--- a/crypto/heimdal/lib/gssapi/gssapi/gssapi_spnego.h
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- * Copyright (c) 1997 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: gssapi_spnego.h 18335 2006-10-07 22:26:21Z lha $ */
-
-#ifndef GSSAPI_SPNEGO_H_
-#define GSSAPI_SPNEGO_H_
-
-#include <gssapi.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * RFC2478, SPNEGO:
- *  The security mechanism of the initial
- *  negotiation token is identified by the Object Identifier
- *  iso.org.dod.internet.security.mechanism.snego (1.3.6.1.5.5.2).
- */
-extern gss_OID GSS_SPNEGO_MECHANISM;
-#define gss_mech_spnego GSS_SPNEGO_MECHANISM
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* GSSAPI_SPNEGO_H_ */
diff --git a/crypto/heimdal/lib/gssapi/gssapi_locl.h b/crypto/heimdal/lib/gssapi/gssapi_locl.h
deleted file mode 100644
index 154c4b120d4c..000000000000
--- a/crypto/heimdal/lib/gssapi/gssapi_locl.h
+++ /dev/null
@@ -1,179 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: gssapi_locl.h,v 1.24.2.5 2003/09/18 22:01:52 lha Exp $ */
-
-#ifndef GSSAPI_LOCL_H
-#define GSSAPI_LOCL_H
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <krb5_locl.h>
-#include <gssapi.h>
-#include <assert.h>
-
-#include "arcfour.h"
-
-extern krb5_context gssapi_krb5_context;
-
-extern krb5_keytab gssapi_krb5_keytab;
-
-krb5_error_code gssapi_krb5_init (void);
-
-#define GSSAPI_KRB5_INIT() do {					\
-    krb5_error_code kret;					\
-    if((kret = gssapi_krb5_init ()) != 0) {	\
-	*minor_status = kret;					\
-	return GSS_S_FAILURE;					\
-    }								\
-} while (0)
-
-OM_uint32
-gssapi_krb5_create_8003_checksum (
-		      OM_uint32 *minor_status,
-		      const gss_channel_bindings_t input_chan_bindings,
-		      OM_uint32 flags,
-                      const krb5_data *fwd_data,
-		      Checksum *result);
-
-OM_uint32
-gssapi_krb5_verify_8003_checksum (
-		      OM_uint32 *minor_status,
-		      const gss_channel_bindings_t input_chan_bindings,
-		      const Checksum *cksum,
-		      OM_uint32 *flags,
-                      krb5_data *fwd_data);
-
-OM_uint32
-gssapi_krb5_encapsulate(
-			OM_uint32 *minor_status,
-			const krb5_data *in_data,
-			gss_buffer_t output_token,
-			u_char *type);
-
-u_char *
-_gssapi_make_mech_header(u_char *p,
-			 size_t len);
-
-OM_uint32
-gssapi_krb5_decapsulate(
-			OM_uint32 *minor_status,
-			gss_buffer_t input_token_buffer,
-			krb5_data *out_data,
-			char *type);
-
-void
-gssapi_krb5_encap_length (size_t data_len,
-			  size_t *len,
-			  size_t *total_len);
-
-u_char *
-gssapi_krb5_make_header (u_char *p,
-			 size_t len,
-			 u_char *type);
-
-OM_uint32
-gssapi_krb5_verify_header(u_char **str,
-			  size_t total_len,
-			  char *type);
-
-
-OM_uint32
-_gssapi_verify_mech_header(u_char **str,
-			   size_t total_len);
-
-OM_uint32
-_gssapi_verify_pad(gss_buffer_t, size_t, size_t *);
-
-OM_uint32
-gss_verify_mic_internal(OM_uint32 * minor_status,
-			const gss_ctx_id_t context_handle,
-			const gss_buffer_t message_buffer,
-			const gss_buffer_t token_buffer,
-			gss_qop_t * qop_state,
-			char * type);
-
-OM_uint32
-gss_krb5_get_remotekey(const gss_ctx_id_t context_handle,
-		       krb5_keyblock **key);
-
-OM_uint32
-gss_krb5_get_localkey(const gss_ctx_id_t context_handle,
-		      krb5_keyblock **key);
-
-krb5_error_code
-gss_address_to_krb5addr(OM_uint32 gss_addr_type,
-                        gss_buffer_desc *gss_addr,
-                        int16_t port,
-                        krb5_address *address);
-
-/* sec_context flags */
-
-#define SC_LOCAL_ADDRESS  0x01
-#define SC_REMOTE_ADDRESS 0x02
-#define SC_KEYBLOCK	  0x04
-#define SC_LOCAL_SUBKEY	  0x08
-#define SC_REMOTE_SUBKEY  0x10
-
-int
-gss_oid_equal(const gss_OID a, const gss_OID b);
-
-void
-gssapi_krb5_set_error_string (void);
-
-char *
-gssapi_krb5_get_error_string (void);
-
-OM_uint32
-_gss_DES3_get_mic_compat(OM_uint32 *minor_status, gss_ctx_id_t ctx);
-
-OM_uint32
-gssapi_lifetime_left(OM_uint32 *, OM_uint32, OM_uint32 *);
-
-/* 8003 */
-
-krb5_error_code
-gssapi_encode_om_uint32(OM_uint32, u_char *);
-
-krb5_error_code
-gssapi_encode_be_om_uint32(OM_uint32, u_char *);
-
-krb5_error_code
-gssapi_decode_om_uint32(u_char *, OM_uint32 *);
-
-krb5_error_code
-gssapi_decode_be_om_uint32(u_char *, OM_uint32 *);
-
-#endif
diff --git a/crypto/heimdal/lib/gssapi/gssapi_mech.h b/crypto/heimdal/lib/gssapi/gssapi_mech.h
deleted file mode 100644
index 3704099e0f7c..000000000000
--- a/crypto/heimdal/lib/gssapi/gssapi_mech.h
+++ /dev/null
@@ -1,359 +0,0 @@
-/*-
- * Copyright (c) 2005 Doug Rabson
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	$FreeBSD$
- */
-
-#ifndef GSSAPI_MECH_H
-#define GSSAPI_MECH_H 1
-
-#include <gssapi.h>
-
-typedef OM_uint32 _gss_acquire_cred_t
-	      (OM_uint32 *,            /* minor_status */
-	       const gss_name_t,       /* desired_name */
-	       OM_uint32,              /* time_req */
-	       const gss_OID_set,      /* desired_mechs */
-	       gss_cred_usage_t,       /* cred_usage */
-	       gss_cred_id_t *,        /* output_cred_handle */
-	       gss_OID_set *,          /* actual_mechs */
-	       OM_uint32 *             /* time_rec */
-	      );
-
-typedef OM_uint32 _gss_release_cred_t
-	      (OM_uint32 *,            /* minor_status */
-	       gss_cred_id_t *         /* cred_handle */
-	      );
-
-typedef OM_uint32 _gss_init_sec_context_t
-	      (OM_uint32 *,            /* minor_status */
-	       const gss_cred_id_t,    /* initiator_cred_handle */
-	       gss_ctx_id_t *,         /* context_handle */
-	       const gss_name_t,       /* target_name */
-	       const gss_OID,          /* mech_type */
-	       OM_uint32,              /* req_flags */
-	       OM_uint32,              /* time_req */
-	       const gss_channel_bindings_t,
-				       /* input_chan_bindings */
-	       const gss_buffer_t,     /* input_token */
-	       gss_OID *,              /* actual_mech_type */
-	       gss_buffer_t,           /* output_token */
-	       OM_uint32 *,            /* ret_flags */
-	       OM_uint32 *             /* time_rec */
-	      );
-
-typedef OM_uint32 _gss_accept_sec_context_t
-	      (OM_uint32 *,            /* minor_status */
-	       gss_ctx_id_t *,         /* context_handle */
-	       const gss_cred_id_t,    /* acceptor_cred_handle */
-	       const gss_buffer_t,     /* input_token_buffer */
-	       const gss_channel_bindings_t,
-				       /* input_chan_bindings */
-	       gss_name_t *,           /* src_name */
-	       gss_OID *,              /* mech_type */
-	       gss_buffer_t,           /* output_token */
-	       OM_uint32 *,            /* ret_flags */
-	       OM_uint32 *,            /* time_rec */
-	       gss_cred_id_t *         /* delegated_cred_handle */
-	      );
-
-typedef OM_uint32 _gss_process_context_token_t
-	      (OM_uint32 *,            /* minor_status */
-	       const gss_ctx_id_t,     /* context_handle */
-	       const gss_buffer_t      /* token_buffer */
-	      );
-
-typedef OM_uint32 _gss_delete_sec_context_t
-	      (OM_uint32 *,            /* minor_status */
-	       gss_ctx_id_t *,         /* context_handle */
-	       gss_buffer_t            /* output_token */
-	      );
-
-typedef OM_uint32 _gss_context_time_t
-	      (OM_uint32 *,            /* minor_status */
-	       const gss_ctx_id_t,     /* context_handle */
-	       OM_uint32 *             /* time_rec */
-	      );
-
-typedef OM_uint32 _gss_get_mic_t
-	      (OM_uint32 *,            /* minor_status */
-	       const gss_ctx_id_t,     /* context_handle */
-	       gss_qop_t,              /* qop_req */
-	       const gss_buffer_t,     /* message_buffer */
-	       gss_buffer_t            /* message_token */
-	      );
-
-typedef OM_uint32 _gss_verify_mic_t
-	      (OM_uint32 *,            /* minor_status */
-	       const gss_ctx_id_t,     /* context_handle */
-	       const gss_buffer_t,     /* message_buffer */
-	       const gss_buffer_t,     /* token_buffer */
-	       gss_qop_t *             /* qop_state */
-	      );
-
-typedef OM_uint32 _gss_wrap_t
-	      (OM_uint32 *,            /* minor_status */
-	       const gss_ctx_id_t,     /* context_handle */
-	       int,                    /* conf_req_flag */
-	       gss_qop_t,              /* qop_req */
-	       const gss_buffer_t,     /* input_message_buffer */
-	       int *,                  /* conf_state */
-	       gss_buffer_t            /* output_message_buffer */
-	      );
-
-typedef OM_uint32 _gss_unwrap_t
-	      (OM_uint32 *,            /* minor_status */
-	       const gss_ctx_id_t,     /* context_handle */
-	       const gss_buffer_t,     /* input_message_buffer */
-	       gss_buffer_t,           /* output_message_buffer */
-	       int *,                  /* conf_state */
-	       gss_qop_t *             /* qop_state */
-	      );
-
-typedef OM_uint32 _gss_display_status_t
-	      (OM_uint32 *,            /* minor_status */
-	       OM_uint32,              /* status_value */
-	       int,                    /* status_type */
-	       const gss_OID,          /* mech_type */
-	       OM_uint32 *,            /* message_context */
-	       gss_buffer_t            /* status_string */
-	      );
-
-typedef OM_uint32 _gss_indicate_mechs_t
-	      (OM_uint32 *,            /* minor_status */
-	       gss_OID_set *           /* mech_set */
-	      );
-
-typedef OM_uint32 _gss_compare_name_t
-	      (OM_uint32 *,            /* minor_status */
-	       const gss_name_t,       /* name1 */
-	       const gss_name_t,       /* name2 */
-	       int *                   /* name_equal */
-	      );
-
-typedef OM_uint32 _gss_display_name_t
-	      (OM_uint32 *,            /* minor_status */
-	       const gss_name_t,       /* input_name */
-	       gss_buffer_t,           /* output_name_buffer */
-	       gss_OID *               /* output_name_type */
-	      );
-
-typedef OM_uint32 _gss_import_name_t
-	      (OM_uint32 *,            /* minor_status */
-	       const gss_buffer_t,     /* input_name_buffer */
-	       const gss_OID,          /* input_name_type */
-	       gss_name_t *            /* output_name */
-	      );
-
-typedef OM_uint32 _gss_export_name_t
-	      (OM_uint32 *,            /* minor_status */
-	       const gss_name_t,       /* input_name */
-	       gss_buffer_t            /* exported_name */
-	      );
-
-typedef OM_uint32 _gss_release_name_t
-	      (OM_uint32 *,            /* minor_status */
-	       gss_name_t *            /* input_name */
-	      );
-
-typedef OM_uint32 _gss_inquire_cred_t
-	      (OM_uint32 *,            /* minor_status */
-	       const gss_cred_id_t,    /* cred_handle */
-	       gss_name_t *,           /* name */
-	       OM_uint32 *,            /* lifetime */
-	       gss_cred_usage_t *,     /* cred_usage */
-	       gss_OID_set *           /* mechanisms */
-	      );
-
-typedef OM_uint32 _gss_inquire_context_t
-	      (OM_uint32 *,            /* minor_status */
-	       const gss_ctx_id_t,     /* context_handle */
-	       gss_name_t *,           /* src_name */
-	       gss_name_t *,           /* targ_name */
-	       OM_uint32 *,            /* lifetime_rec */
-	       gss_OID *,              /* mech_type */
-	       OM_uint32 *,            /* ctx_flags */
-	       int *,                  /* locally_initiated */
-	       int *                   /* open */
-	      );
-
-typedef OM_uint32 _gss_wrap_size_limit_t
-	      (OM_uint32 *,            /* minor_status */
-	       const gss_ctx_id_t,     /* context_handle */
-	       int,                    /* conf_req_flag */
-	       gss_qop_t,              /* qop_req */
-	       OM_uint32,              /* req_output_size */
-	       OM_uint32 *             /* max_input_size */
-	      );
-
-typedef OM_uint32 _gss_add_cred_t (
-	       OM_uint32 *,            /* minor_status */
-	       const gss_cred_id_t,    /* input_cred_handle */
-	       const gss_name_t,       /* desired_name */
-	       const gss_OID,          /* desired_mech */
-	       gss_cred_usage_t,       /* cred_usage */
-	       OM_uint32,              /* initiator_time_req */
-	       OM_uint32,              /* acceptor_time_req */
-	       gss_cred_id_t *,        /* output_cred_handle */
-	       gss_OID_set *,          /* actual_mechs */
-	       OM_uint32 *,            /* initiator_time_rec */
-	       OM_uint32 *             /* acceptor_time_rec */
-	      );
-
-typedef OM_uint32 _gss_inquire_cred_by_mech_t (
-	       OM_uint32 *,            /* minor_status */
-	       const gss_cred_id_t,    /* cred_handle */
-	       const gss_OID,          /* mech_type */
-	       gss_name_t *,           /* name */
-	       OM_uint32 *,            /* initiator_lifetime */
-	       OM_uint32 *,            /* acceptor_lifetime */
-	       gss_cred_usage_t *      /* cred_usage */
-	      );
-
-typedef OM_uint32 _gss_export_sec_context_t (
-	       OM_uint32 *,            /* minor_status */
-	       gss_ctx_id_t *,         /* context_handle */
-	       gss_buffer_t            /* interprocess_token */
-	      );
-
-typedef OM_uint32 _gss_import_sec_context_t (
-	       OM_uint32 *,            /* minor_status */
-	       const gss_buffer_t,     /* interprocess_token */
-	       gss_ctx_id_t *          /* context_handle */
-	      );
-
-typedef OM_uint32 _gss_inquire_names_for_mech_t (
-	       OM_uint32 *,            /* minor_status */
-	       const gss_OID,          /* mechanism */
-	       gss_OID_set *           /* name_types */
-	      );
-
-typedef OM_uint32 _gss_inquire_mechs_for_name_t (
-	       OM_uint32 *,            /* minor_status */
-	       const gss_name_t,       /* input_name */
-	       gss_OID_set *           /* mech_types */
-	      );
-
-typedef OM_uint32 _gss_canonicalize_name_t (
-	       OM_uint32 *,            /* minor_status */
-	       const gss_name_t,       /* input_name */
-	       const gss_OID,          /* mech_type */
-	       gss_name_t *            /* output_name */
-	      );
-
-typedef OM_uint32 _gss_duplicate_name_t (
-	       OM_uint32 *,            /* minor_status */
-	       const gss_name_t,       /* src_name */
-	       gss_name_t *            /* dest_name */
-	      );
-
-typedef OM_uint32 _gss_inquire_sec_context_by_oid (
-	       OM_uint32 *minor_status,
-	       const gss_ctx_id_t context_handle,
-	       const gss_OID desired_object,
-	       gss_buffer_set_t *data_set
-	      );
-
-typedef OM_uint32 _gss_inquire_cred_by_oid (
-	       OM_uint32 *minor_status,
-	       const gss_cred_id_t cred,
-	       const gss_OID desired_object,
-	       gss_buffer_set_t *data_set
-	      );
-
-typedef OM_uint32 _gss_set_sec_context_option (
-	       OM_uint32 *minor_status,
-	       gss_ctx_id_t *cred_handle,
-	       const gss_OID desired_object,
-	       const gss_buffer_t value
- 	      );
-
-typedef OM_uint32 _gss_set_cred_option (
-	       OM_uint32 *minor_status,
-	       gss_cred_id_t *cred_handle,
-	       const gss_OID desired_object,
-	       const gss_buffer_t value
- 	      );
-
-
-typedef OM_uint32 _gss_pseudo_random(
-    	       OM_uint32 *minor_status,
-	       gss_ctx_id_t context,
-	       int prf_key,
-	       const gss_buffer_t prf_in,
-	       ssize_t desired_output_len,
-	       gss_buffer_t prf_out
-              );
-
-#define GMI_VERSION 1
-
-typedef struct gssapi_mech_interface_desc {
-	unsigned			gm_version;
-	const char			*gm_name;
-	gss_OID_desc			gm_mech_oid;
-	_gss_acquire_cred_t		*gm_acquire_cred;
-	_gss_release_cred_t		*gm_release_cred;
-	_gss_init_sec_context_t		*gm_init_sec_context;
-	_gss_accept_sec_context_t	*gm_accept_sec_context;
-	_gss_process_context_token_t	*gm_process_context_token;
-	_gss_delete_sec_context_t	*gm_delete_sec_context;
-	_gss_context_time_t		*gm_context_time;
-	_gss_get_mic_t			*gm_get_mic;
-	_gss_verify_mic_t		*gm_verify_mic;
-	_gss_wrap_t			*gm_wrap;
-	_gss_unwrap_t			*gm_unwrap;
-	_gss_display_status_t		*gm_display_status;
-	_gss_indicate_mechs_t		*gm_indicate_mechs;
-	_gss_compare_name_t		*gm_compare_name;
-	_gss_display_name_t		*gm_display_name;
-	_gss_import_name_t		*gm_import_name;
-	_gss_export_name_t		*gm_export_name;
-	_gss_release_name_t		*gm_release_name;
-	_gss_inquire_cred_t		*gm_inquire_cred;
-	_gss_inquire_context_t		*gm_inquire_context;
-	_gss_wrap_size_limit_t		*gm_wrap_size_limit;
-	_gss_add_cred_t			*gm_add_cred;
-	_gss_inquire_cred_by_mech_t	*gm_inquire_cred_by_mech;
-	_gss_export_sec_context_t	*gm_export_sec_context;
-	_gss_import_sec_context_t	*gm_import_sec_context;
-	_gss_inquire_names_for_mech_t	*gm_inquire_names_for_mech;
-	_gss_inquire_mechs_for_name_t	*gm_inquire_mechs_for_name;
-	_gss_canonicalize_name_t	*gm_canonicalize_name;
-	_gss_duplicate_name_t		*gm_duplicate_name;
-	_gss_inquire_sec_context_by_oid	*gm_inquire_sec_context_by_oid;
-	_gss_inquire_cred_by_oid	*gm_inquire_cred_by_oid;
-	_gss_set_sec_context_option	*gm_set_sec_context_option;
-	_gss_set_cred_option		*gm_set_cred_option;
-	_gss_pseudo_random		*gm_pseudo_random;
-} gssapi_mech_interface_desc, *gssapi_mech_interface;
-
-gssapi_mech_interface
-__gss_get_mechanism(gss_OID /* oid */);
-
-gssapi_mech_interface __gss_spnego_initialize(void);
-gssapi_mech_interface __gss_krb5_initialize(void);
-gssapi_mech_interface __gss_ntlm_initialize(void);
-
-#endif /* GSSAPI_MECH_H */
diff --git a/crypto/heimdal/lib/gssapi/import_name.c b/crypto/heimdal/lib/gssapi/import_name.c
deleted file mode 100644
index 423e75714664..000000000000
--- a/crypto/heimdal/lib/gssapi/import_name.c
+++ /dev/null
@@ -1,229 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: import_name.c,v 1.13 2003/03/16 17:33:31 lha Exp $");
-
-static OM_uint32
-parse_krb5_name (OM_uint32 *minor_status,
-		 const char *name,
-		 gss_name_t *output_name)
-{
-    krb5_error_code kerr;
-
-    kerr = krb5_parse_name (gssapi_krb5_context, name, output_name);
-
-    if (kerr == 0)
-	return GSS_S_COMPLETE;
-    else if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) {
-	gssapi_krb5_set_error_string ();
-	*minor_status = kerr;
-	return GSS_S_BAD_NAME;
-    } else {
-	gssapi_krb5_set_error_string ();
-	*minor_status = kerr;
-	return GSS_S_FAILURE;
-    }
-}
-
-static OM_uint32
-import_krb5_name (OM_uint32 *minor_status,
-		  const gss_buffer_t input_name_buffer,
-		  gss_name_t *output_name)
-{
-    OM_uint32 ret;
-    char *tmp;
-
-    tmp = malloc (input_name_buffer->length + 1);
-    if (tmp == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    memcpy (tmp,
-	    input_name_buffer->value,
-	    input_name_buffer->length);
-    tmp[input_name_buffer->length] = '\0';
-
-    ret = parse_krb5_name(minor_status, tmp, output_name);
-    free(tmp);
-
-    return ret;
-}
-
-static OM_uint32
-import_hostbased_name (OM_uint32 *minor_status,
-		       const gss_buffer_t input_name_buffer,
-		       gss_name_t *output_name)
-{
-    krb5_error_code kerr;
-    char *tmp;
-    char *p;
-    char *host;
-    char local_hostname[MAXHOSTNAMELEN];
-
-    *output_name = NULL;
-
-    tmp = malloc (input_name_buffer->length + 1);
-    if (tmp == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    memcpy (tmp,
-	    input_name_buffer->value,
-	    input_name_buffer->length);
-    tmp[input_name_buffer->length] = '\0';
-
-    p = strchr (tmp, '@');
-    if (p != NULL) {
-	*p = '\0';
-	host = p + 1;
-    } else {
-	if (gethostname(local_hostname, sizeof(local_hostname)) < 0) {
-	    *minor_status = errno;
-	    free (tmp);
-	    return GSS_S_FAILURE;
-	}
-	host = local_hostname;
-    }
-
-    kerr = krb5_sname_to_principal (gssapi_krb5_context,
-				    host,
-				    tmp,
-				    KRB5_NT_SRV_HST,
-				    output_name);
-    free (tmp);
-    *minor_status = kerr;
-    if (kerr == 0)
-	return GSS_S_COMPLETE;
-    else if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) {
-	gssapi_krb5_set_error_string ();
-	*minor_status = kerr;
-	return GSS_S_BAD_NAME;
-    } else {
-	gssapi_krb5_set_error_string ();
-	*minor_status = kerr;
-	return GSS_S_FAILURE;
-    }
-}
-
-static OM_uint32
-import_export_name (OM_uint32 *minor_status,
-		    const gss_buffer_t input_name_buffer,
-		    gss_name_t *output_name)
-{
-    unsigned char *p;
-    uint32_t length;
-    OM_uint32 ret;
-    char *name;
-
-    if (input_name_buffer->length < 10 + GSS_KRB5_MECHANISM->length)
-	return GSS_S_BAD_NAME;
-
-    /* TOK, MECH_OID_LEN, DER(MECH_OID), NAME_LEN, NAME */
-
-    p = input_name_buffer->value;
-
-    if (memcmp(&p[0], "\x04\x01\x00", 3) != 0 ||
-	p[3] != GSS_KRB5_MECHANISM->length + 2 ||
-	p[4] != 0x06 ||
-	p[5] != GSS_KRB5_MECHANISM->length ||
-	memcmp(&p[6], GSS_KRB5_MECHANISM->elements, 
-	       GSS_KRB5_MECHANISM->length) != 0)
-	return GSS_S_BAD_NAME;
-
-    p += 6 + GSS_KRB5_MECHANISM->length;
-
-    length = p[0] << 24 | p[1] << 16 | p[2] << 8 | p[3];
-    p += 4;
-
-    if (length > input_name_buffer->length - 10 - GSS_KRB5_MECHANISM->length)
-	return GSS_S_BAD_NAME;
-
-    name = malloc(length + 1);
-    if (name == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    memcpy(name, p, length);
-    name[length] = '\0';
-
-    ret = parse_krb5_name(minor_status, name, output_name);
-    free(name);
-
-    return ret;
-}
-
-int
-gss_oid_equal(const gss_OID a, const gss_OID b)
-{
-	if (a == b)
-		return 1;
-	else if (a == GSS_C_NO_OID || b == GSS_C_NO_OID || a->length != b->length)
-		return 0;
-	else
-		return memcmp(a->elements, b->elements, a->length) == 0;
-}
-
-OM_uint32 gss_import_name
-           (OM_uint32 * minor_status,
-            const gss_buffer_t input_name_buffer,
-            const gss_OID input_name_type,
-            gss_name_t * output_name
-           )
-{
-    GSSAPI_KRB5_INIT ();
-
-    *minor_status = 0;
-    *output_name = GSS_C_NO_NAME;
-    
-    if (gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE))
-	return import_hostbased_name (minor_status,
-				      input_name_buffer,
-				      output_name);
-    else if (gss_oid_equal(input_name_type, GSS_C_NO_OID)
-	     || gss_oid_equal(input_name_type, GSS_C_NT_USER_NAME)
-	     || gss_oid_equal(input_name_type, GSS_KRB5_NT_PRINCIPAL_NAME))
- 	/* default printable syntax */
-	return import_krb5_name (minor_status,
-				 input_name_buffer,
-				 output_name);
-    else if (gss_oid_equal(input_name_type, GSS_C_NT_EXPORT_NAME)) {
-	return import_export_name(minor_status,
-				  input_name_buffer, 
-				  output_name);
-    } else {
-	*minor_status = 0;
-	return GSS_S_BAD_NAMETYPE;
-    }
-}
diff --git a/crypto/heimdal/lib/gssapi/import_sec_context.c b/crypto/heimdal/lib/gssapi/import_sec_context.c
deleted file mode 100644
index 2daa5736ca8d..000000000000
--- a/crypto/heimdal/lib/gssapi/import_sec_context.c
+++ /dev/null
@@ -1,212 +0,0 @@
-/*
- * Copyright (c) 1999 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: import_sec_context.c,v 1.7 2003/03/16 18:01:32 lha Exp $");
-
-OM_uint32
-gss_import_sec_context (
-    OM_uint32 * minor_status,
-    const gss_buffer_t interprocess_token,
-    gss_ctx_id_t * context_handle
-    )
-{
-    OM_uint32 ret = GSS_S_FAILURE;
-    krb5_error_code kret;
-    krb5_storage *sp;
-    krb5_auth_context ac;
-    krb5_address local, remote;
-    krb5_address *localp, *remotep;
-    krb5_data data;
-    gss_buffer_desc buffer;
-    krb5_keyblock keyblock;
-    int32_t tmp;
-    int32_t flags;
-    OM_uint32 minor;
-
-    GSSAPI_KRB5_INIT ();
-
-    localp = remotep = NULL;
-
-    sp = krb5_storage_from_mem (interprocess_token->value,
-				interprocess_token->length);
-    if (sp == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-
-    *context_handle = malloc(sizeof(**context_handle));
-    if (*context_handle == NULL) {
-	*minor_status = ENOMEM;
-	krb5_storage_free (sp);
-	return GSS_S_FAILURE;
-    }
-    memset (*context_handle, 0, sizeof(**context_handle));
-
-    kret = krb5_auth_con_init (gssapi_krb5_context,
-			       &(*context_handle)->auth_context);
-    if (kret) {
-	gssapi_krb5_set_error_string ();
-	*minor_status = kret;
-	ret = GSS_S_FAILURE;
-	goto failure;
-    }
-
-    /* flags */
-
-    *minor_status = 0;
-
-    if (krb5_ret_int32 (sp, &flags) != 0)
-	goto failure;
-
-    /* retrieve the auth context */
-
-    ac = (*context_handle)->auth_context;
-    krb5_ret_int32 (sp, &ac->flags);
-    if (flags & SC_LOCAL_ADDRESS) {
-	if (krb5_ret_address (sp, localp = &local) != 0)
-	    goto failure;
-    }
-
-    if (flags & SC_REMOTE_ADDRESS) {
-	if (krb5_ret_address (sp, remotep = &remote) != 0)
-	    goto failure;
-    }
-
-    krb5_auth_con_setaddrs (gssapi_krb5_context, ac, localp, remotep);
-    if (localp)
-	krb5_free_address (gssapi_krb5_context, localp);
-    if (remotep)
-	krb5_free_address (gssapi_krb5_context, remotep);
-    localp = remotep = NULL;
-
-    if (krb5_ret_int16 (sp, &ac->local_port) != 0)
-	goto failure;
-
-    if (krb5_ret_int16 (sp, &ac->remote_port) != 0)
-	goto failure;
-    if (flags & SC_KEYBLOCK) {
-	if (krb5_ret_keyblock (sp, &keyblock) != 0)
-	    goto failure;
-	krb5_auth_con_setkey (gssapi_krb5_context, ac, &keyblock);
-	krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock);
-    }
-    if (flags & SC_LOCAL_SUBKEY) {
-	if (krb5_ret_keyblock (sp, &keyblock) != 0)
-	    goto failure;
-	krb5_auth_con_setlocalsubkey (gssapi_krb5_context, ac, &keyblock);
-	krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock);
-    }
-    if (flags & SC_REMOTE_SUBKEY) {
-	if (krb5_ret_keyblock (sp, &keyblock) != 0)
-	    goto failure;
-	krb5_auth_con_setremotesubkey (gssapi_krb5_context, ac, &keyblock);
-	krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock);
-    }
-    if (krb5_ret_int32 (sp, &ac->local_seqnumber))
-	goto failure;
-    if (krb5_ret_int32 (sp, &ac->remote_seqnumber))
-	goto failure;
-
-    if (krb5_ret_int32 (sp, &tmp) != 0)
-	goto failure;
-    ac->keytype = tmp;
-    if (krb5_ret_int32 (sp, &tmp) != 0)
-	goto failure;
-    ac->cksumtype = tmp;
-
-    /* names */
-
-    if (krb5_ret_data (sp, &data))
-	goto failure;
-    buffer.value  = data.data;
-    buffer.length = data.length;
-
-    ret = gss_import_name (minor_status, &buffer, GSS_C_NT_EXPORT_NAME,
-			   &(*context_handle)->source);
-    if (ret) {
-	ret = gss_import_name (minor_status, &buffer, GSS_C_NO_OID,
-			       &(*context_handle)->source);
-	if (ret) {
-	    krb5_data_free (&data);
-	    goto failure;
-	}
-    }
-    krb5_data_free (&data);
-
-    if (krb5_ret_data (sp, &data) != 0)
-	goto failure;
-    buffer.value  = data.data;
-    buffer.length = data.length;
-
-    ret = gss_import_name (minor_status, &buffer, GSS_C_NT_EXPORT_NAME,
-			   &(*context_handle)->target);
-    if (ret) {
-	ret = gss_import_name (minor_status, &buffer, GSS_C_NO_OID,
-			       &(*context_handle)->target);
-	if (ret) {
-	    krb5_data_free (&data);
-	    goto failure;
-	}
-    }    
-    krb5_data_free (&data);
-
-    if (krb5_ret_int32 (sp, &tmp))
-	goto failure;
-    (*context_handle)->flags = tmp;
-    if (krb5_ret_int32 (sp, &tmp))
-	goto failure;
-    (*context_handle)->more_flags = tmp;
-    if (krb5_ret_int32 (sp, &tmp) == 0)
-	(*context_handle)->lifetime = tmp;
-    else
-	(*context_handle)->lifetime = GSS_C_INDEFINITE;
-
-    return GSS_S_COMPLETE;
-
-failure:
-    krb5_auth_con_free (gssapi_krb5_context,
-			(*context_handle)->auth_context);
-    if ((*context_handle)->source != NULL)
-	gss_release_name(&minor, &(*context_handle)->source);
-    if ((*context_handle)->target != NULL)
-	gss_release_name(&minor, &(*context_handle)->target);
-    if (localp)
-	krb5_free_address (gssapi_krb5_context, localp);
-    if (remotep)
-	krb5_free_address (gssapi_krb5_context, remotep);
-    free (*context_handle);
-    *context_handle = GSS_C_NO_CONTEXT;
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/indicate_mechs.c b/crypto/heimdal/lib/gssapi/indicate_mechs.c
deleted file mode 100644
index 89191bb93514..000000000000
--- a/crypto/heimdal/lib/gssapi/indicate_mechs.c
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: indicate_mechs.c,v 1.5 2003/03/16 17:38:20 lha Exp $");
-
-OM_uint32 gss_indicate_mechs
-           (OM_uint32 * minor_status,
-            gss_OID_set * mech_set
-           )
-{
-  OM_uint32 ret;
-
-  ret = gss_create_empty_oid_set(minor_status, mech_set);
-  if (ret)
-      return ret;
-
-  ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, mech_set);
-  if (ret)
-      return ret;
-
-  *minor_status = 0;
-  return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/init.c b/crypto/heimdal/lib/gssapi/init.c
deleted file mode 100644
index ddc0d7090a92..000000000000
--- a/crypto/heimdal/lib/gssapi/init.c
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: init.c,v 1.6 2001/08/13 13:14:07 joda Exp $");
-
-krb5_error_code
-gssapi_krb5_init (void)
-{
-    if(gssapi_krb5_context == NULL)
-	return krb5_init_context (&gssapi_krb5_context);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/gssapi/init_sec_context.c b/crypto/heimdal/lib/gssapi/init_sec_context.c
deleted file mode 100644
index 72286a399fbf..000000000000
--- a/crypto/heimdal/lib/gssapi/init_sec_context.c
+++ /dev/null
@@ -1,578 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: init_sec_context.c,v 1.36.2.1 2003/08/15 14:21:18 lha Exp $");
-
-/*
- * copy the addresses from `input_chan_bindings' (if any) to
- * the auth context `ac'
- */
-
-static OM_uint32
-set_addresses (krb5_auth_context ac,
-	       const gss_channel_bindings_t input_chan_bindings)	       
-{
-    /* Port numbers are expected to be in application_data.value, 
-     * initator's port first */ 
-
-    krb5_address initiator_addr, acceptor_addr;
-    krb5_error_code kret;
-       
-    if (input_chan_bindings == GSS_C_NO_CHANNEL_BINDINGS
-	|| input_chan_bindings->application_data.length !=
-	2 * sizeof(ac->local_port))
-	return 0;
-
-    memset(&initiator_addr, 0, sizeof(initiator_addr));
-    memset(&acceptor_addr, 0, sizeof(acceptor_addr));
-       
-    ac->local_port =
-	*(int16_t *) input_chan_bindings->application_data.value;
-       
-    ac->remote_port =
-	*((int16_t *) input_chan_bindings->application_data.value + 1);
-       
-    kret = gss_address_to_krb5addr(input_chan_bindings->acceptor_addrtype,
-				   &input_chan_bindings->acceptor_address,
-				   ac->remote_port,
-				   &acceptor_addr);
-    if (kret)
-	return kret;
-           
-    kret = gss_address_to_krb5addr(input_chan_bindings->initiator_addrtype,
-				   &input_chan_bindings->initiator_address,
-				   ac->local_port,
-				   &initiator_addr);
-    if (kret) {
-	krb5_free_address (gssapi_krb5_context, &acceptor_addr);
-	return kret;
-    }
-       
-    kret = krb5_auth_con_setaddrs(gssapi_krb5_context,
-				  ac,
-				  &initiator_addr,  /* local address */
-				  &acceptor_addr);  /* remote address */
-       
-    krb5_free_address (gssapi_krb5_context, &initiator_addr);
-    krb5_free_address (gssapi_krb5_context, &acceptor_addr);
-       
-#if 0
-    free(input_chan_bindings->application_data.value);
-    input_chan_bindings->application_data.value = NULL;
-    input_chan_bindings->application_data.length = 0;
-#endif
-
-    return kret;
-}
-
-/*
- * handle delegated creds in init-sec-context
- */
-
-static void
-do_delegation (krb5_auth_context ac,
-	       krb5_ccache ccache,
-	       krb5_creds *cred,
-	       const gss_name_t target_name,
-	       krb5_data *fwd_data,
-	       int *flags)
-{
-    krb5_creds creds;
-    krb5_kdc_flags fwd_flags;
-    krb5_error_code kret;
-       
-    memset (&creds, 0, sizeof(creds));
-    krb5_data_zero (fwd_data);
-       
-    kret = krb5_cc_get_principal(gssapi_krb5_context, ccache, &creds.client);
-    if (kret) 
-	goto out;
-       
-    kret = krb5_build_principal(gssapi_krb5_context,
-				&creds.server,
-				strlen(creds.client->realm),
-				creds.client->realm,
-				KRB5_TGS_NAME,
-				creds.client->realm,
-				NULL);
-    if (kret)
-	goto out; 
-       
-    creds.times.endtime = 0;
-       
-    fwd_flags.i = 0;
-    fwd_flags.b.forwarded = 1;
-    fwd_flags.b.forwardable = 1;
-       
-    if ( /*target_name->name.name_type != KRB5_NT_SRV_HST ||*/
-	target_name->name.name_string.len < 2) 
-	goto out;
-       
-    kret = krb5_get_forwarded_creds(gssapi_krb5_context,
-				    ac,
-				    ccache,
-				    fwd_flags.i,
-				    target_name->name.name_string.val[1],
-				    &creds,
-				    fwd_data);
-       
- out:
-    if (kret)
-	*flags &= ~GSS_C_DELEG_FLAG;
-    else
-	*flags |= GSS_C_DELEG_FLAG;
-       
-    if (creds.client)
-	krb5_free_principal(gssapi_krb5_context, creds.client);
-    if (creds.server)
-	krb5_free_principal(gssapi_krb5_context, creds.server);
-}
-
-/*
- * first stage of init-sec-context
- */
-
-static OM_uint32
-init_auth
-(OM_uint32 * minor_status,
- const gss_cred_id_t initiator_cred_handle,
- gss_ctx_id_t * context_handle,
- const gss_name_t target_name,
- const gss_OID mech_type,
- OM_uint32 req_flags,
- OM_uint32 time_req,
- const gss_channel_bindings_t input_chan_bindings,
- const gss_buffer_t input_token,
- gss_OID * actual_mech_type,
- gss_buffer_t output_token,
- OM_uint32 * ret_flags,
- OM_uint32 * time_rec
-    )
-{
-    OM_uint32 ret = GSS_S_FAILURE;
-    krb5_error_code kret;
-    krb5_flags ap_options;
-    krb5_creds this_cred, *cred;
-    krb5_data outbuf;
-    krb5_ccache ccache;
-    u_int32_t flags;
-    Authenticator *auth;
-    krb5_data authenticator;
-    Checksum cksum;
-    krb5_enctype enctype;
-    krb5_data fwd_data;
-    OM_uint32 lifetime_rec;
-
-    krb5_data_zero(&outbuf);
-    krb5_data_zero(&fwd_data);
-
-    *minor_status = 0;
-
-    *context_handle = malloc(sizeof(**context_handle));
-    if (*context_handle == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-
-    (*context_handle)->auth_context = NULL;
-    (*context_handle)->source       = NULL;
-    (*context_handle)->target       = NULL;
-    (*context_handle)->flags        = 0;
-    (*context_handle)->more_flags   = 0;
-    (*context_handle)->ticket       = NULL;
-    (*context_handle)->lifetime     = GSS_C_INDEFINITE;
-
-    kret = krb5_auth_con_init (gssapi_krb5_context,
-			       &(*context_handle)->auth_context);
-    if (kret) {
-	gssapi_krb5_set_error_string ();
-	*minor_status = kret;
-	ret = GSS_S_FAILURE;
-	goto failure;
-    }
-
-    kret = set_addresses ((*context_handle)->auth_context,
-			  input_chan_bindings);
-    if (kret) {
-	*minor_status = kret;
-	ret = GSS_S_BAD_BINDINGS;
-	goto failure;
-    }
-       
-    {
-	int32_t tmp;
-
-	krb5_auth_con_getflags(gssapi_krb5_context,
-			       (*context_handle)->auth_context,
-			       &tmp);
-	tmp |= KRB5_AUTH_CONTEXT_DO_SEQUENCE;
-	krb5_auth_con_setflags(gssapi_krb5_context,
-			       (*context_handle)->auth_context,
-			       tmp);
-    }
-
-    if (actual_mech_type)
-	*actual_mech_type = GSS_KRB5_MECHANISM;
-
-    if (initiator_cred_handle == GSS_C_NO_CREDENTIAL) {
-	kret = krb5_cc_default (gssapi_krb5_context, &ccache);
-	if (kret) {
-	    gssapi_krb5_set_error_string ();
-	    *minor_status = kret;
-	    ret = GSS_S_FAILURE;
-	    goto failure;
-	}
-    } else
-	ccache = initiator_cred_handle->ccache;
-
-    kret = krb5_cc_get_principal (gssapi_krb5_context,
-				  ccache,
-				  &(*context_handle)->source);
-    if (kret) {
-	gssapi_krb5_set_error_string ();
-	*minor_status = kret;
-	ret = GSS_S_FAILURE;
-	goto failure;
-    }
-
-    kret = krb5_copy_principal (gssapi_krb5_context,
-				target_name,
-				&(*context_handle)->target);
-    if (kret) {
-	gssapi_krb5_set_error_string ();
-	*minor_status = kret;
-	ret = GSS_S_FAILURE;
-	goto failure;
-    }
-
-    ret = _gss_DES3_get_mic_compat(minor_status, *context_handle);
-    if (ret)
-	goto failure;
-
-
-    memset(&this_cred, 0, sizeof(this_cred));
-    this_cred.client          = (*context_handle)->source;
-    this_cred.server          = (*context_handle)->target;
-    if (time_req && time_req != GSS_C_INDEFINITE) {
-	krb5_timestamp ts;
-
-	krb5_timeofday (gssapi_krb5_context, &ts);
-	this_cred.times.endtime = ts + time_req;
-    } else
-	this_cred.times.endtime   = 0;
-    this_cred.session.keytype = 0;
-
-    kret = krb5_get_credentials (gssapi_krb5_context,
-				 KRB5_TC_MATCH_KEYTYPE,
-				 ccache,
-				 &this_cred,
-				 &cred);
-
-    if (kret) {
-	gssapi_krb5_set_error_string ();
-	*minor_status = kret;
-	ret = GSS_S_FAILURE;
-	goto failure;
-    }
-
-    (*context_handle)->lifetime = cred->times.endtime;
-
-    ret = gssapi_lifetime_left(minor_status,
-			       (*context_handle)->lifetime,
-			       &lifetime_rec);
-    if (ret) {
-	goto failure;
-    }
-
-    if (lifetime_rec == 0) {
-	*minor_status = 0;
-	ret = GSS_S_CONTEXT_EXPIRED;
-	goto failure;
-    }
-
-    krb5_auth_con_setkey(gssapi_krb5_context, 
-			 (*context_handle)->auth_context, 
-			 &cred->session);
-
-    kret = krb5_auth_con_generatelocalsubkey(gssapi_krb5_context, 
-					     (*context_handle)->auth_context,
-					     &cred->session);
-    if(kret) {
-	gssapi_krb5_set_error_string ();
-	*minor_status = kret;
-	ret = GSS_S_FAILURE;
-	goto failure;
-    }
-    
-    flags = 0;
-    ap_options = 0;
-    if (req_flags & GSS_C_DELEG_FLAG)
-	do_delegation ((*context_handle)->auth_context,
-		       ccache, cred, target_name, &fwd_data, &flags);
-    
-    if (req_flags & GSS_C_MUTUAL_FLAG) {
-	flags |= GSS_C_MUTUAL_FLAG;
-	ap_options |= AP_OPTS_MUTUAL_REQUIRED;
-    }
-    
-    if (req_flags & GSS_C_REPLAY_FLAG)
-	;                               /* XXX */
-    if (req_flags & GSS_C_SEQUENCE_FLAG)
-	;                               /* XXX */
-    if (req_flags & GSS_C_ANON_FLAG)
-	;                               /* XXX */
-    flags |= GSS_C_CONF_FLAG;
-    flags |= GSS_C_INTEG_FLAG;
-    flags |= GSS_C_SEQUENCE_FLAG;
-    flags |= GSS_C_TRANS_FLAG;
-    
-    if (ret_flags)
-	*ret_flags = flags;
-    (*context_handle)->flags = flags;
-    (*context_handle)->more_flags |= LOCAL;
-    
-    ret = gssapi_krb5_create_8003_checksum (minor_status,
-					    input_chan_bindings,
-					    flags,
-					    &fwd_data,
-					    &cksum);
-    krb5_data_free (&fwd_data);
-    if (ret)
-	goto failure;
-
-#if 1
-    enctype = (*context_handle)->auth_context->keyblock->keytype;
-#else
-    if ((*context_handle)->auth_context->enctype)
-	enctype = (*context_handle)->auth_context->enctype;
-    else {
-	kret = krb5_keytype_to_enctype(gssapi_krb5_context,
-				       (*context_handle)->auth_context->keyblock->keytype,
-				       &enctype);
-	if (kret)
-	    return kret;
-    }
-#endif
-
-    kret = krb5_build_authenticator (gssapi_krb5_context,
-				     (*context_handle)->auth_context,
-				     enctype,
-				     cred,
-				     &cksum,
-				     &auth,
-				     &authenticator,
-				     KRB5_KU_AP_REQ_AUTH);
-
-    if (kret) {
-	gssapi_krb5_set_error_string ();
-	*minor_status = kret;
-	ret = GSS_S_FAILURE;
-	goto failure;
-    }
-
-    kret = krb5_build_ap_req (gssapi_krb5_context,
-			      enctype,
-			      cred,
-			      ap_options,
-			      authenticator,
-			      &outbuf);
-
-    if (kret) {
-	gssapi_krb5_set_error_string ();
-	*minor_status = kret;
-	ret = GSS_S_FAILURE;
-	goto failure;
-    }
-
-    ret = gssapi_krb5_encapsulate (minor_status, &outbuf, output_token,
-				   "\x01\x00");
-    if (ret)
-	goto failure;
-
-    krb5_data_free (&outbuf);
-
-    if (flags & GSS_C_MUTUAL_FLAG) {
-	return GSS_S_CONTINUE_NEEDED;
-    } else {
-	if (time_rec)
-	    *time_rec = lifetime_rec;
-
-	(*context_handle)->more_flags |= OPEN;
-	return GSS_S_COMPLETE;
-    }
-
- failure:
-    krb5_auth_con_free (gssapi_krb5_context,
-			(*context_handle)->auth_context);
-    if((*context_handle)->source)
-	krb5_free_principal (gssapi_krb5_context,
-			     (*context_handle)->source);
-    if((*context_handle)->target)
-	krb5_free_principal (gssapi_krb5_context,
-			     (*context_handle)->target);
-    free (*context_handle);
-    krb5_data_free (&outbuf);
-    *context_handle = GSS_C_NO_CONTEXT;
-    return ret;
-}
-
-static OM_uint32
-repl_mutual
-           (OM_uint32 * minor_status,
-            const gss_cred_id_t initiator_cred_handle,
-            gss_ctx_id_t * context_handle,
-            const gss_name_t target_name,
-            const gss_OID mech_type,
-            OM_uint32 req_flags,
-            OM_uint32 time_req,
-            const gss_channel_bindings_t input_chan_bindings,
-            const gss_buffer_t input_token,
-            gss_OID * actual_mech_type,
-            gss_buffer_t output_token,
-            OM_uint32 * ret_flags,
-            OM_uint32 * time_rec
-           )
-{
-    OM_uint32 ret;
-    krb5_error_code kret;
-    krb5_data indata;
-    krb5_ap_rep_enc_part *repl;
-
-    output_token->length = 0;
-    output_token->value = NULL;
-
-    if (actual_mech_type)
-	*actual_mech_type = GSS_KRB5_MECHANISM;
-
-    ret = gssapi_krb5_decapsulate (minor_status, input_token, &indata,
-				   "\x02\x00");
-    if (ret)
-				/* XXX - Handle AP_ERROR */
-	return ret;
-
-    kret = krb5_rd_rep (gssapi_krb5_context,
-			(*context_handle)->auth_context,
-			&indata,
-			&repl);
-    if (kret) {
-	gssapi_krb5_set_error_string ();
-	*minor_status = kret;
-	return GSS_S_FAILURE;
-    }
-    krb5_free_ap_rep_enc_part (gssapi_krb5_context,
-			       repl);
-    
-    (*context_handle)->more_flags |= OPEN;
-
-    *minor_status = 0;
-    if (time_rec) {
-	ret = gssapi_lifetime_left(minor_status,
-				   (*context_handle)->lifetime,
-				   time_rec);
-    } else {
-	ret = GSS_S_COMPLETE;
-    }
-    if (ret_flags)
-	*ret_flags = (*context_handle)->flags;
-
-    return ret;
-}
-
-/*
- * gss_init_sec_context
- */
-
-OM_uint32 gss_init_sec_context
-           (OM_uint32 * minor_status,
-            const gss_cred_id_t initiator_cred_handle,
-            gss_ctx_id_t * context_handle,
-            const gss_name_t target_name,
-            const gss_OID mech_type,
-            OM_uint32 req_flags,
-            OM_uint32 time_req,
-            const gss_channel_bindings_t input_chan_bindings,
-            const gss_buffer_t input_token,
-            gss_OID * actual_mech_type,
-            gss_buffer_t output_token,
-            OM_uint32 * ret_flags,
-            OM_uint32 * time_rec
-           )
-{
-    GSSAPI_KRB5_INIT ();
-
-    output_token->length = 0;
-    output_token->value  = NULL;
-
-    if (ret_flags)
-	*ret_flags = 0;
-    if (time_rec)
-	*time_rec = 0;
-
-    if (target_name == GSS_C_NO_NAME) {
-	if (actual_mech_type)
-	    *actual_mech_type = GSS_C_NO_OID;
-	*minor_status = 0;
-	return GSS_S_BAD_NAME;
-    }
-
-    if (input_token == GSS_C_NO_BUFFER || input_token->length == 0)
-	return init_auth (minor_status,
-			  initiator_cred_handle,
-			  context_handle,
-			  target_name,
-			  mech_type,
-			  req_flags,
-			  time_req,
-			  input_chan_bindings,
-			  input_token,
-			  actual_mech_type,
-			  output_token,
-			  ret_flags,
-			  time_rec);
-    else
-	return repl_mutual(minor_status,
-			   initiator_cred_handle,
-			   context_handle,
-			   target_name,
-			   mech_type,
-			   req_flags,
-			   time_req,
-			   input_chan_bindings,
-			   input_token,
-			   actual_mech_type,
-			   output_token,
-			   ret_flags,
-			   time_rec);
-}
diff --git a/crypto/heimdal/lib/gssapi/inquire_context.c b/crypto/heimdal/lib/gssapi/inquire_context.c
deleted file mode 100644
index 95cd2c576e6b..000000000000
--- a/crypto/heimdal/lib/gssapi/inquire_context.c
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * Copyright (c) 1997, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: inquire_context.c,v 1.5 2003/03/16 17:43:30 lha Exp $");
-
-OM_uint32 gss_inquire_context (
-            OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            gss_name_t * src_name,
-            gss_name_t * targ_name,
-            OM_uint32 * lifetime_rec,
-            gss_OID * mech_type,
-            OM_uint32 * ctx_flags,
-            int * locally_initiated,
-            int * open_context
-           )
-{
-  OM_uint32 ret;
-
-  if (src_name) {
-    ret = gss_duplicate_name (minor_status,
-			      context_handle->source,
-			      src_name);
-    if (ret)
-      return ret;
-  }
-
-  if (targ_name) {
-    ret = gss_duplicate_name (minor_status,
-			      context_handle->target,
-			      targ_name);
-    if (ret)
-      return ret;
-  }
-
-  if (lifetime_rec)
-    *lifetime_rec = context_handle->lifetime;
-
-  if (mech_type)
-    *mech_type = GSS_KRB5_MECHANISM;
-
-  if (ctx_flags)
-    *ctx_flags = context_handle->flags;
-
-  if (locally_initiated)
-    *locally_initiated = context_handle->more_flags & LOCAL;
-
-  if (open_context)
-    *open_context = context_handle->more_flags & OPEN;
-
-  *minor_status = 0;
-  return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/inquire_cred.c b/crypto/heimdal/lib/gssapi/inquire_cred.c
deleted file mode 100644
index 4938d564e587..000000000000
--- a/crypto/heimdal/lib/gssapi/inquire_cred.c
+++ /dev/null
@@ -1,97 +0,0 @@
-/*
- * Copyright (c) 1997, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: inquire_cred.c,v 1.4 2003/03/16 17:42:14 lha Exp $");
-
-OM_uint32 gss_inquire_cred
-           (OM_uint32 * minor_status,
-            const gss_cred_id_t cred_handle,
-            gss_name_t * name,
-            OM_uint32 * lifetime,
-            gss_cred_usage_t * cred_usage,
-            gss_OID_set * mechanisms
-           )
-{
-    OM_uint32 ret;
-
-    *minor_status = 0;
-
-    if (name)
-	*name = NULL;
-    if (mechanisms)
-	*mechanisms = GSS_C_NO_OID_SET;
-
-    if (cred_handle == GSS_C_NO_CREDENTIAL) {
-        return GSS_S_FAILURE;
-    }
-
-    if (name != NULL) {
-	if (cred_handle->principal != NULL) {
-            ret = gss_duplicate_name(minor_status, cred_handle->principal,
-		name);
-            if (ret)
-        	return ret;
-	} else if (cred_handle->usage == GSS_C_ACCEPT) {
-	    *minor_status = krb5_sname_to_principal(gssapi_krb5_context, NULL,
-		NULL, KRB5_NT_SRV_HST, name);
-	    if (*minor_status)
-		return GSS_S_FAILURE;
-	} else {
-	    *minor_status = krb5_get_default_principal(gssapi_krb5_context,
-		name);
-	    if (*minor_status)
-		return GSS_S_FAILURE;
-	}
-    }
-    if (lifetime != NULL) {
-        *lifetime = cred_handle->lifetime;
-    }
-    if (cred_usage != NULL) {
-        *cred_usage = cred_handle->usage;
-    }
-    if (mechanisms != NULL) {
-        ret = gss_create_empty_oid_set(minor_status, mechanisms);
-        if (ret) {
-            return ret;
-        }
-        ret = gss_add_oid_set_member(minor_status,
-				     &cred_handle->mechanisms->elements[0],
-				     mechanisms);
-        if (ret) {
-            return ret;
-        }
-    }
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/inquire_cred_by_mech.c b/crypto/heimdal/lib/gssapi/inquire_cred_by_mech.c
deleted file mode 100644
index b09d1e1d5f6c..000000000000
--- a/crypto/heimdal/lib/gssapi/inquire_cred_by_mech.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: inquire_cred_by_mech.c,v 1.1 2003/03/16 18:11:16 lha Exp $");
-
-OM_uint32 gss_inquire_cred_by_mech (
-            OM_uint32 * minor_status,
-            const gss_cred_id_t cred_handle,
-            const gss_OID mech_type,
-            gss_name_t * name,
-            OM_uint32 * initiator_lifetime,
-            OM_uint32 * acceptor_lifetime,
-            gss_cred_usage_t * cred_usage
-    )
-{
-    OM_uint32 ret;
-    OM_uint32 lifetime;
-
-    if (gss_oid_equal(mech_type, GSS_C_NO_OID) == 0 &&
-	gss_oid_equal(mech_type, GSS_KRB5_MECHANISM) == 0) {
-	*minor_status = EINVAL;
-	return GSS_S_BAD_MECH;
-    }    
-
-    ret = gss_inquire_cred (minor_status,
-			    cred_handle,
-			    name,
-			    &lifetime,
-			    cred_usage,
-			    NULL);
-    
-    if (ret == 0 && cred_handle != GSS_C_NO_CREDENTIAL) {
-	gss_cred_usage_t usage;
-
-	usage = cred_handle->usage;
-
-	if (initiator_lifetime) {
-	    if (usage == GSS_C_INITIATE || usage == GSS_C_BOTH)
-		*initiator_lifetime = lifetime;
-	}
-	if (acceptor_lifetime) {
-	    if (usage == GSS_C_ACCEPT || usage == GSS_C_BOTH)
-		*acceptor_lifetime = lifetime;
-	}
-    }
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/inquire_mechs_for_name.c b/crypto/heimdal/lib/gssapi/inquire_mechs_for_name.c
deleted file mode 100644
index 67ebb04db4de..000000000000
--- a/crypto/heimdal/lib/gssapi/inquire_mechs_for_name.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: inquire_mechs_for_name.c,v 1.1 2003/03/16 18:12:33 lha Exp $");
-
-OM_uint32 gss_inquire_mechs_for_name (
-            OM_uint32 * minor_status,
-            const gss_name_t input_name,
-            gss_OID_set * mech_types
-           )
-{
-    OM_uint32 ret;
-
-    ret = gss_create_empty_oid_set(minor_status, mech_types);
-    if (ret)
-	return ret;
-
-    ret = gss_add_oid_set_member(minor_status,
-				 GSS_KRB5_MECHANISM,
-				 mech_types);
-    if (ret)
-	gss_release_oid_set(NULL, mech_types);
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/inquire_names_for_mech.c b/crypto/heimdal/lib/gssapi/inquire_names_for_mech.c
deleted file mode 100644
index 0e93de685444..000000000000
--- a/crypto/heimdal/lib/gssapi/inquire_names_for_mech.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: inquire_names_for_mech.c,v 1.1 2003/03/16 18:15:29 lha Exp $");
-
-
-static gss_OID *name_list[] = {
-    &GSS_C_NT_HOSTBASED_SERVICE,
-    &GSS_C_NT_USER_NAME,
-    &GSS_KRB5_NT_PRINCIPAL_NAME,
-    &GSS_C_NT_EXPORT_NAME,
-    NULL
-};
-
-OM_uint32 gss_inquire_names_for_mech (
-            OM_uint32 * minor_status,
-            const gss_OID mechanism,
-            gss_OID_set * name_types
-           )
-{
-    OM_uint32 ret;
-    int i;
-
-    *minor_status = 0;
-
-    if (gss_oid_equal(mechanism, GSS_KRB5_MECHANISM) == 0 &&
-	gss_oid_equal(mechanism, GSS_C_NULL_OID) == 0) {
-	*name_types = GSS_C_NO_OID_SET;
-	return GSS_S_BAD_MECH;
-    }
-
-    ret = gss_create_empty_oid_set(minor_status, name_types);
-    if (ret != GSS_S_COMPLETE)
-	return ret;
-    
-    for (i = 0; name_list[i] != NULL; i++) {
-	ret = gss_add_oid_set_member(minor_status, 
-				     *(name_list[i]),
-				     name_types);
-	if (ret != GSS_S_COMPLETE)
-	    break;
-    }
-
-    if (ret != GSS_S_COMPLETE)
-	gss_release_oid_set(NULL, name_types);
-	
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/8003.c b/crypto/heimdal/lib/gssapi/krb5/8003.c
deleted file mode 100644
index 619cbf97fcbd..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/8003.c
+++ /dev/null
@@ -1,248 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: 8003.c 18334 2006-10-07 22:16:04Z lha $");
-
-krb5_error_code
-_gsskrb5_encode_om_uint32(OM_uint32 n, u_char *p)
-{
-  p[0] = (n >> 0)  & 0xFF;
-  p[1] = (n >> 8)  & 0xFF;
-  p[2] = (n >> 16) & 0xFF;
-  p[3] = (n >> 24) & 0xFF;
-  return 0;
-}
-
-krb5_error_code
-_gsskrb5_encode_be_om_uint32(OM_uint32 n, u_char *p)
-{
-  p[0] = (n >> 24) & 0xFF;
-  p[1] = (n >> 16) & 0xFF;
-  p[2] = (n >> 8)  & 0xFF;
-  p[3] = (n >> 0)  & 0xFF;
-  return 0;
-}
-
-krb5_error_code
-_gsskrb5_decode_om_uint32(const void *ptr, OM_uint32 *n)
-{
-    const u_char *p = ptr;
-    *n = (p[0] << 0) | (p[1] << 8) | (p[2] << 16) | (p[3] << 24);
-    return 0;
-}
-
-krb5_error_code
-_gsskrb5_decode_be_om_uint32(const void *ptr, OM_uint32 *n)
-{
-    const u_char *p = ptr;
-    *n = (p[0] <<24) | (p[1] << 16) | (p[2] << 8) | (p[3] << 0);
-    return 0;
-}
-
-static krb5_error_code
-hash_input_chan_bindings (const gss_channel_bindings_t b,
-			  u_char *p)
-{
-  u_char num[4];
-  MD5_CTX md5;
-
-  MD5_Init(&md5);
-  _gsskrb5_encode_om_uint32 (b->initiator_addrtype, num);
-  MD5_Update (&md5, num, sizeof(num));
-  _gsskrb5_encode_om_uint32 (b->initiator_address.length, num);
-  MD5_Update (&md5, num, sizeof(num));
-  if (b->initiator_address.length)
-    MD5_Update (&md5,
-		b->initiator_address.value,
-		b->initiator_address.length);
-  _gsskrb5_encode_om_uint32 (b->acceptor_addrtype, num);
-  MD5_Update (&md5, num, sizeof(num));
-  _gsskrb5_encode_om_uint32 (b->acceptor_address.length, num);
-  MD5_Update (&md5, num, sizeof(num));
-  if (b->acceptor_address.length)
-    MD5_Update (&md5,
-		b->acceptor_address.value,
-		b->acceptor_address.length);
-  _gsskrb5_encode_om_uint32 (b->application_data.length, num);
-  MD5_Update (&md5, num, sizeof(num));
-  if (b->application_data.length)
-    MD5_Update (&md5,
-		b->application_data.value,
-		b->application_data.length);
-  MD5_Final (p, &md5);
-  return 0;
-}
-
-/*
- * create a checksum over the chanel bindings in
- * `input_chan_bindings', `flags' and `fwd_data' and return it in
- * `result'
- */
-
-OM_uint32
-_gsskrb5_create_8003_checksum (
-		      OM_uint32 *minor_status,    
-		      const gss_channel_bindings_t input_chan_bindings,
-		      OM_uint32 flags,
-		      const krb5_data *fwd_data,
-		      Checksum *result)
-{
-    u_char *p;
-
-    /* 
-     * see rfc1964 (section 1.1.1 (Initial Token), and the checksum value 
-     * field's format) */
-    result->cksumtype = CKSUMTYPE_GSSAPI;
-    if (fwd_data->length > 0 && (flags & GSS_C_DELEG_FLAG))
-	result->checksum.length = 24 + 4 + fwd_data->length;
-    else 
-	result->checksum.length = 24;
-    result->checksum.data   = malloc (result->checksum.length);
-    if (result->checksum.data == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-  
-    p = result->checksum.data;
-    _gsskrb5_encode_om_uint32 (16, p);
-    p += 4;
-    if (input_chan_bindings == GSS_C_NO_CHANNEL_BINDINGS) {
-	memset (p, 0, 16);
-    } else {
-	hash_input_chan_bindings (input_chan_bindings, p);
-    }
-    p += 16;
-    _gsskrb5_encode_om_uint32 (flags, p);
-    p += 4;
-
-    if (fwd_data->length > 0 && (flags & GSS_C_DELEG_FLAG)) {
-
-	*p++ = (1 >> 0) & 0xFF;                   /* DlgOpt */ /* == 1 */
-	*p++ = (1 >> 8) & 0xFF;                   /* DlgOpt */ /* == 0 */
-	*p++ = (fwd_data->length >> 0) & 0xFF;    /* Dlgth  */
-	*p++ = (fwd_data->length >> 8) & 0xFF;    /* Dlgth  */
-	memcpy(p, (unsigned char *) fwd_data->data, fwd_data->length);
-
-	p += fwd_data->length;
-    }
-     
-    return GSS_S_COMPLETE;
-}
-
-/*
- * verify the checksum in `cksum' over `input_chan_bindings'
- * returning  `flags' and `fwd_data'
- */
-
-OM_uint32
-_gsskrb5_verify_8003_checksum(
-		      OM_uint32 *minor_status,    
-		      const gss_channel_bindings_t input_chan_bindings,
-		      const Checksum *cksum,
-		      OM_uint32 *flags,
-		      krb5_data *fwd_data)
-{
-    unsigned char hash[16];
-    unsigned char *p;
-    OM_uint32 length;
-    int DlgOpt;
-    static unsigned char zeros[16];
-
-    if (cksum == NULL) {
-	*minor_status = 0;
-	return GSS_S_BAD_BINDINGS;
-    }
-
-    /* XXX should handle checksums > 24 bytes */
-    if(cksum->cksumtype != CKSUMTYPE_GSSAPI || cksum->checksum.length < 24) {
-	*minor_status = 0;
-	return GSS_S_BAD_BINDINGS;
-    }
-    
-    p = cksum->checksum.data;
-    _gsskrb5_decode_om_uint32(p, &length);
-    if(length != sizeof(hash)) {
-	*minor_status = 0;
-	return GSS_S_BAD_BINDINGS;
-    }
-    
-    p += 4;
-    
-    if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS
-	&& memcmp(p, zeros, sizeof(zeros)) != 0) {
-	if(hash_input_chan_bindings(input_chan_bindings, hash) != 0) {
-	    *minor_status = 0;
-	    return GSS_S_BAD_BINDINGS;
-	}
-	if(memcmp(hash, p, sizeof(hash)) != 0) {
-	    *minor_status = 0;
-	    return GSS_S_BAD_BINDINGS;
-	}
-    }
-    
-    p += sizeof(hash);
-    
-    _gsskrb5_decode_om_uint32(p, flags);
-    p += 4;
-
-    if (cksum->checksum.length > 24 && (*flags & GSS_C_DELEG_FLAG)) {
-	if(cksum->checksum.length < 28) {
-	    *minor_status = 0;
-	    return GSS_S_BAD_BINDINGS;
-	}
-    
-	DlgOpt = (p[0] << 0) | (p[1] << 8);
-	p += 2;
-	if (DlgOpt != 1) {
-	    *minor_status = 0;
-	    return GSS_S_BAD_BINDINGS;
-	}
-
-	fwd_data->length = (p[0] << 0) | (p[1] << 8);
-	p += 2;
-	if(cksum->checksum.length < 28 + fwd_data->length) {
-	    *minor_status = 0;
-	    return GSS_S_BAD_BINDINGS;
-	}
-	fwd_data->data = malloc(fwd_data->length);
-	if (fwd_data->data == NULL) {
-	    *minor_status = ENOMEM;
-	    return GSS_S_FAILURE;
-	}
-	memcpy(fwd_data->data, p, fwd_data->length);
-    }
-    
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/accept_sec_context.c b/crypto/heimdal/lib/gssapi/krb5/accept_sec_context.c
deleted file mode 100644
index 73b93ceba4c6..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/accept_sec_context.c
+++ /dev/null
@@ -1,801 +0,0 @@
-/*
- * Copyright (c) 1997 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: accept_sec_context.c 20199 2007-02-07 22:36:39Z lha $");
-
-HEIMDAL_MUTEX gssapi_keytab_mutex = HEIMDAL_MUTEX_INITIALIZER;
-krb5_keytab _gsskrb5_keytab;
-
-OM_uint32
-_gsskrb5_register_acceptor_identity (const char *identity)
-{
-    krb5_context context;
-    krb5_error_code ret;
-
-    ret = _gsskrb5_init(&context);
-    if(ret)
-	return GSS_S_FAILURE;
-    
-    HEIMDAL_MUTEX_lock(&gssapi_keytab_mutex);
-
-    if(_gsskrb5_keytab != NULL) {
-	krb5_kt_close(context, _gsskrb5_keytab);
-	_gsskrb5_keytab = NULL;
-    }
-    if (identity == NULL) {
-	ret = krb5_kt_default(context, &_gsskrb5_keytab);
-    } else {
-	char *p;
-
-	asprintf(&p, "FILE:%s", identity);
-	if(p == NULL) {
-	    HEIMDAL_MUTEX_unlock(&gssapi_keytab_mutex);
-	    return GSS_S_FAILURE;
-	}
-	ret = krb5_kt_resolve(context, p, &_gsskrb5_keytab);
-	free(p);
-    }
-    HEIMDAL_MUTEX_unlock(&gssapi_keytab_mutex);
-    if(ret)
-	return GSS_S_FAILURE;
-    return GSS_S_COMPLETE;
-}
-
-void
-_gsskrb5i_is_cfx(gsskrb5_ctx ctx, int *is_cfx)
-{
-    krb5_keyblock *key;
-    int acceptor = (ctx->more_flags & LOCAL) == 0;
-
-    *is_cfx = 0;
-
-    if (acceptor) {
-	if (ctx->auth_context->local_subkey)
-	    key = ctx->auth_context->local_subkey;
-	else
-	    key = ctx->auth_context->remote_subkey;
-    } else {
-	if (ctx->auth_context->remote_subkey)
-	    key = ctx->auth_context->remote_subkey;
-	else
-	    key = ctx->auth_context->local_subkey;
-    }
-    if (key == NULL)
-	key = ctx->auth_context->keyblock;
-
-    if (key == NULL)
-	return;
-	    
-    switch (key->keytype) {
-    case ETYPE_DES_CBC_CRC:
-    case ETYPE_DES_CBC_MD4:
-    case ETYPE_DES_CBC_MD5:
-    case ETYPE_DES3_CBC_MD5:
-    case ETYPE_DES3_CBC_SHA1:
-    case ETYPE_ARCFOUR_HMAC_MD5:
-    case ETYPE_ARCFOUR_HMAC_MD5_56:
-	break;
-    default :
-	*is_cfx = 1;
-	if ((acceptor && ctx->auth_context->local_subkey) ||
-	    (!acceptor && ctx->auth_context->remote_subkey))
-	    ctx->more_flags |= ACCEPTOR_SUBKEY;
-	break;
-    }
-}
-
-
-static OM_uint32
-gsskrb5_accept_delegated_token
-(OM_uint32 * minor_status,
- gsskrb5_ctx ctx,
- krb5_context context,
- gss_cred_id_t * delegated_cred_handle
-    )
-{
-    krb5_ccache ccache = NULL;
-    krb5_error_code kret;
-    int32_t ac_flags, ret = GSS_S_COMPLETE;
-      
-    *minor_status = 0;
-
-    /* XXX Create a new delegated_cred_handle? */
-    if (delegated_cred_handle == NULL) {
-	kret = krb5_cc_default (context, &ccache);
-    } else {
-	*delegated_cred_handle = NULL;
-	kret = krb5_cc_gen_new (context, &krb5_mcc_ops, &ccache);
-    }
-    if (kret) {
-	ctx->flags &= ~GSS_C_DELEG_FLAG;
-	goto out;
-    }
-
-    kret = krb5_cc_initialize(context, ccache, ctx->source);
-    if (kret) {
-	ctx->flags &= ~GSS_C_DELEG_FLAG;
-	goto out;
-    }
-      
-    krb5_auth_con_removeflags(context,
-			      ctx->auth_context,
-			      KRB5_AUTH_CONTEXT_DO_TIME,
-			      &ac_flags);
-    kret = krb5_rd_cred2(context,
-			 ctx->auth_context,
-			 ccache,
-			 &ctx->fwd_data);
-    krb5_auth_con_setflags(context,
-			   ctx->auth_context,
-			   ac_flags);
-    if (kret) {
-	ctx->flags &= ~GSS_C_DELEG_FLAG;
-	ret = GSS_S_FAILURE;
-	*minor_status = kret;
-	goto out;
-    }
-
-    if (delegated_cred_handle) {
-	gsskrb5_cred handle;
-
-	ret = _gsskrb5_import_cred(minor_status,
-				   ccache,
-				   NULL,
-				   NULL,
-				   delegated_cred_handle);
-	if (ret != GSS_S_COMPLETE)
-	    goto out;
-
-	handle = (gsskrb5_cred) *delegated_cred_handle;
-    
-	handle->cred_flags |= GSS_CF_DESTROY_CRED_ON_RELEASE;
-	krb5_cc_close(context, ccache);
-	ccache = NULL;
-    }
-
-out:
-    if (ccache) {
-	/* Don't destroy the default cred cache */
-	if (delegated_cred_handle == NULL)
-	    krb5_cc_close(context, ccache);
-	else
-	    krb5_cc_destroy(context, ccache);
-    }
-    return ret;
-}
-
-static OM_uint32
-gsskrb5_acceptor_ready(OM_uint32 * minor_status,
-		       gsskrb5_ctx ctx,
-		       krb5_context context,
-		       gss_cred_id_t *delegated_cred_handle)
-{
-    OM_uint32 ret;
-    int32_t seq_number;
-    int is_cfx = 0;
-
-    krb5_auth_getremoteseqnumber (context,
-				  ctx->auth_context,
-				  &seq_number);
-
-    _gsskrb5i_is_cfx(ctx, &is_cfx);
-
-    ret = _gssapi_msg_order_create(minor_status,
-				   &ctx->order,
-				   _gssapi_msg_order_f(ctx->flags),
-				   seq_number, 0, is_cfx);
-    if (ret)
-	return ret;
-
-    /* 
-     * If requested, set local sequence num to remote sequence if this
-     * isn't a mutual authentication context
-     */
-    if (!(ctx->flags & GSS_C_MUTUAL_FLAG) && _gssapi_msg_order_f(ctx->flags)) {
-	krb5_auth_con_setlocalseqnumber(context,
-					ctx->auth_context,
-					seq_number);
-    }
-
-    /*
-     * We should handle the delegation ticket, in case it's there
-     */
-    if (ctx->fwd_data.length > 0 && (ctx->flags & GSS_C_DELEG_FLAG)) {
-	ret = gsskrb5_accept_delegated_token(minor_status,
-					     ctx,
-					     context,
-					     delegated_cred_handle);
-	if (ret)
-	    return ret;
-    } else {
-	/* Well, looks like it wasn't there after all */
-	ctx->flags &= ~GSS_C_DELEG_FLAG;
-    }
-
-    ctx->state = ACCEPTOR_READY;
-    ctx->more_flags |= OPEN;
-
-    return GSS_S_COMPLETE;
-}
-
-static OM_uint32
-gsskrb5_acceptor_start(OM_uint32 * minor_status,
-		       gsskrb5_ctx ctx,
-		       krb5_context context,
-		       const gss_cred_id_t acceptor_cred_handle,
-		       const gss_buffer_t input_token_buffer,
-		       const gss_channel_bindings_t input_chan_bindings,
-		       gss_name_t * src_name,
-		       gss_OID * mech_type,
-		       gss_buffer_t output_token,
-		       OM_uint32 * ret_flags,
-		       OM_uint32 * time_rec,
-		       gss_cred_id_t * delegated_cred_handle)
-{
-    krb5_error_code kret;
-    OM_uint32 ret = GSS_S_COMPLETE;
-    krb5_data indata;
-    krb5_flags ap_options;
-    krb5_keytab keytab = NULL;
-    int is_cfx = 0;
-    const gsskrb5_cred acceptor_cred = (gsskrb5_cred)acceptor_cred_handle;
-
-    /*
-     * We may, or may not, have an escapsulation.
-     */
-    ret = _gsskrb5_decapsulate (minor_status,
-				input_token_buffer,
-				&indata,
-				"\x01\x00",
-				GSS_KRB5_MECHANISM);
-
-    if (ret) {
-	/* Assume that there is no OID wrapping. */
-	indata.length	= input_token_buffer->length;
-	indata.data	= input_token_buffer->value;
-    }
-
-    /*
-     * We need to get our keytab
-     */
-    if (acceptor_cred == NULL) {
-	if (_gsskrb5_keytab != NULL)
-	    keytab = _gsskrb5_keytab;
-    } else if (acceptor_cred->keytab != NULL) {
-	keytab = acceptor_cred->keytab;
-    }
-    
-    /*
-     * We need to check the ticket and create the AP-REP packet
-     */
-
-    {
-	krb5_rd_req_in_ctx in = NULL;
-	krb5_rd_req_out_ctx out = NULL;
-
-	kret = krb5_rd_req_in_ctx_alloc(context, &in);
-	if (kret == 0)
-	    kret = krb5_rd_req_in_set_keytab(context, in, keytab);
-	if (kret) {
-	    if (in)
-		krb5_rd_req_in_ctx_free(context, in);
-	    ret = GSS_S_FAILURE;
-	    *minor_status = kret;
-	    return ret;
-	}
-
-	kret = krb5_rd_req_ctx(context,
-			       &ctx->auth_context,
-			       &indata,
-			       (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) ? NULL : acceptor_cred->principal,
-			       in, &out);
-	krb5_rd_req_in_ctx_free(context, in);
-	if (kret) {
-	    ret = GSS_S_FAILURE;
-	    *minor_status = kret;
-	    return ret;
-	}
-
-	/*
-	 * We need to remember some data on the context_handle.
-	 */
-	kret = krb5_rd_req_out_get_ap_req_options(context, out,
-						  &ap_options);
-	if (kret == 0)
-	    kret = krb5_rd_req_out_get_ticket(context, out, 
-					      &ctx->ticket);
-	if (kret == 0)
-	    kret = krb5_rd_req_out_get_keyblock(context, out,
-						&ctx->service_keyblock);
-	ctx->lifetime = ctx->ticket->ticket.endtime;
-
-	krb5_rd_req_out_ctx_free(context, out);
-	if (kret) {
-	    ret = GSS_S_FAILURE;
-	    *minor_status = kret;
-	    return ret;
-	}
-    }
-    
-    
-    /*
-     * We need to copy the principal names to the context and the
-     * calling layer.
-     */
-    kret = krb5_copy_principal(context,
-			       ctx->ticket->client,
-			       &ctx->source);
-    if (kret) {
-	ret = GSS_S_FAILURE;
-	*minor_status = kret;
-    }
-
-    kret = krb5_copy_principal(context, 
-			       ctx->ticket->server,
-			       &ctx->target);
-    if (kret) {
-	ret = GSS_S_FAILURE;
-	*minor_status = kret;
-	return ret;
-    }
-    
-    /*
-     * We need to setup some compat stuff, this assumes that
-     * context_handle->target is already set.
-     */
-    ret = _gss_DES3_get_mic_compat(minor_status, ctx, context);
-    if (ret)
-	return ret;
-
-    if (src_name != NULL) {
-	kret = krb5_copy_principal (context,
-				    ctx->ticket->client,
-				    (gsskrb5_name*)src_name);
-	if (kret) {
-	    ret = GSS_S_FAILURE;
-	    *minor_status = kret;
-	    return ret;
-	}
-    }
-
-    /*
-     * We need to get the flags out of the 8003 checksum.
-     */
-    {
-	krb5_authenticator authenticator;
-      
-	kret = krb5_auth_con_getauthenticator(context,
-					      ctx->auth_context,
-					      &authenticator);
-	if(kret) {
-	    ret = GSS_S_FAILURE;
-	    *minor_status = kret;
-	    return ret;
-	}
-
-        if (authenticator->cksum->cksumtype == CKSUMTYPE_GSSAPI) {
-            ret = _gsskrb5_verify_8003_checksum(minor_status,
-						input_chan_bindings,
-						authenticator->cksum,
-						&ctx->flags,
-						&ctx->fwd_data);
-
-	    krb5_free_authenticator(context, &authenticator);
-	    if (ret) {
-		return ret;
-	    }
-        } else {
-	    krb5_crypto crypto;
-
-	    kret = krb5_crypto_init(context, 
-				    ctx->auth_context->keyblock, 
-				    0, &crypto);
-	    if(kret) {
-		krb5_free_authenticator(context, &authenticator);
-
-		ret = GSS_S_FAILURE;
-		*minor_status = kret;
-		return ret;
-	    }
-
-	    /* 
-	     * Windows accepts Samba3's use of a kerberos, rather than
-	     * GSSAPI checksum here 
-	     */
-
-	    kret = krb5_verify_checksum(context,
-					crypto, KRB5_KU_AP_REQ_AUTH_CKSUM, NULL, 0,
-					authenticator->cksum);
-	    krb5_free_authenticator(context, &authenticator);
-	    krb5_crypto_destroy(context, crypto);
-
-	    if(kret) {
-		ret = GSS_S_BAD_SIG;
-		*minor_status = kret;
-		return ret;
-	    }
-
-	    /* 
-	     * Samba style get some flags (but not DCE-STYLE)
-	     */
-	    ctx->flags = 
-		GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
-        }
-    }
-    
-    if(ctx->flags & GSS_C_MUTUAL_FLAG) {
-	krb5_data outbuf;
-	    
-	_gsskrb5i_is_cfx(ctx, &is_cfx);
-	    
-	if (is_cfx != 0 
-	    || (ap_options & AP_OPTS_USE_SUBKEY)) {
-	    kret = krb5_auth_con_addflags(context,
-					  ctx->auth_context,
-					  KRB5_AUTH_CONTEXT_USE_SUBKEY,
-					  NULL);
-	    ctx->more_flags |= ACCEPTOR_SUBKEY;
-	}
-	    
-	kret = krb5_mk_rep(context,
-			   ctx->auth_context,
-			   &outbuf);
-	if (kret) {
-	    *minor_status = kret;
-	    return GSS_S_FAILURE;
-	}
-	    
-	if (IS_DCE_STYLE(ctx)) {
-	    output_token->length = outbuf.length;
-	    output_token->value = outbuf.data;
-	} else {
-	    ret = _gsskrb5_encapsulate(minor_status,
-				       &outbuf,
-				       output_token,
-				       "\x02\x00",
-				       GSS_KRB5_MECHANISM);
-	    krb5_data_free (&outbuf);
-	    if (ret)
-		return ret;
-	}
-    }
-    
-    ctx->flags |= GSS_C_TRANS_FLAG;
-
-    /* Remember the flags */
-    
-    ctx->lifetime = ctx->ticket->ticket.endtime;
-    ctx->more_flags |= OPEN;
-    
-    if (mech_type)
-	*mech_type = GSS_KRB5_MECHANISM;
-    
-    if (time_rec) {
-	ret = _gsskrb5_lifetime_left(minor_status,
-				     context,
-				     ctx->lifetime,
-				     time_rec);
-	if (ret) {
-	    return ret;
-	}
-    }
-
-    /*
-     * When GSS_C_DCE_STYLE is in use, we need ask for a AP-REP from
-     * the client.
-     */
-    if (IS_DCE_STYLE(ctx)) {
-	/*
-	 * Return flags to caller, but we haven't processed
-	 * delgations yet
-	 */
-	if (ret_flags)
-	    *ret_flags = (ctx->flags & ~GSS_C_DELEG_FLAG);
-
-	ctx->state = ACCEPTOR_WAIT_FOR_DCESTYLE;
-	return GSS_S_CONTINUE_NEEDED;
-    }
-
-    ret = gsskrb5_acceptor_ready(minor_status, ctx, context, 
-				 delegated_cred_handle);
-
-    if (ret_flags)
-	*ret_flags = ctx->flags;
-
-    return ret;
-}
-
-static OM_uint32
-acceptor_wait_for_dcestyle(OM_uint32 * minor_status,
-			   gsskrb5_ctx ctx,
-			   krb5_context context,
-			   const gss_cred_id_t acceptor_cred_handle,
-			   const gss_buffer_t input_token_buffer,
-			   const gss_channel_bindings_t input_chan_bindings,
-			   gss_name_t * src_name,
-			   gss_OID * mech_type,
-			   gss_buffer_t output_token,
-			   OM_uint32 * ret_flags,
-			   OM_uint32 * time_rec,
-			   gss_cred_id_t * delegated_cred_handle)
-{
-    OM_uint32 ret;
-    krb5_error_code kret;
-    krb5_data inbuf;
-    int32_t r_seq_number, l_seq_number;
-	
-    /* 
-     * We know it's GSS_C_DCE_STYLE so we don't need to decapsulate the AP_REP
-     */
-
-    inbuf.length = input_token_buffer->length;
-    inbuf.data = input_token_buffer->value;
-
-    /* 
-     * We need to remeber the old remote seq_number, then check if the
-     * client has replied with our local seq_number, and then reset
-     * the remote seq_number to the old value
-     */
-    {
-	kret = krb5_auth_con_getlocalseqnumber(context,
-					       ctx->auth_context,
-					       &l_seq_number);
-	if (kret) {
-	    *minor_status = kret;
-	    return GSS_S_FAILURE;
-	}
-
-	kret = krb5_auth_getremoteseqnumber(context,
-					    ctx->auth_context,
-					    &r_seq_number);
-	if (kret) {
-	    *minor_status = kret;
-	    return GSS_S_FAILURE;
-	}
-
-	kret = krb5_auth_con_setremoteseqnumber(context,
-						ctx->auth_context,
-						l_seq_number);
-	if (kret) {
-	    *minor_status = kret;
-	    return GSS_S_FAILURE;
-	}
-    }
-
-    /* 
-     * We need to verify the AP_REP, but we need to flag that this is
-     * DCE_STYLE, so don't check the timestamps this time, but put the
-     * flag DO_TIME back afterward.
-    */ 
-    {
-	krb5_ap_rep_enc_part *repl;
-	int32_t auth_flags;
-		
-	krb5_auth_con_removeflags(context,
-				  ctx->auth_context,
-				  KRB5_AUTH_CONTEXT_DO_TIME,
-				  &auth_flags);
-
-	kret = krb5_rd_rep(context, ctx->auth_context, &inbuf, &repl);
-	if (kret) {
-	    *minor_status = kret;
-	    return GSS_S_FAILURE;
-	}
-	krb5_free_ap_rep_enc_part(context, repl);
-	krb5_auth_con_setflags(context, ctx->auth_context, auth_flags);
-    }
-
-    /* We need to check the liftime */
-    {
-	OM_uint32 lifetime_rec;
-
-	ret = _gsskrb5_lifetime_left(minor_status,
-				     context,
-				     ctx->lifetime,
-				     &lifetime_rec);
-	if (ret) {
-	    return ret;
-	}
-	if (lifetime_rec == 0) {
-	    return GSS_S_CONTEXT_EXPIRED;
-	}
-	
-	if (time_rec) *time_rec = lifetime_rec;
-    }
-
-    /* We need to give the caller the flags which are in use */
-    if (ret_flags) *ret_flags = ctx->flags;
-
-    if (src_name) {
-	kret = krb5_copy_principal(context,
-				   ctx->source,
-				   (gsskrb5_name*)src_name);
-	if (kret) {
-	    *minor_status = kret;
-	    return GSS_S_FAILURE;
-	}
-    }
-
-    /*
-     * After the krb5_rd_rep() the remote and local seq_number should
-     * be the same, because the client just replies the seq_number
-     * from our AP-REP in its AP-REP, but then the client uses the
-     * seq_number from its AP-REQ for GSS_wrap()
-     */
-    {
-	int32_t tmp_r_seq_number, tmp_l_seq_number;
-
-	kret = krb5_auth_getremoteseqnumber(context,
-					    ctx->auth_context,
-					    &tmp_r_seq_number);
-	if (kret) {
-	    *minor_status = kret;
-	    return GSS_S_FAILURE;
-	}
-
-	kret = krb5_auth_con_getlocalseqnumber(context,
-					       ctx->auth_context,
-					       &tmp_l_seq_number);
-	if (kret) {
-
-	    *minor_status = kret;
-	    return GSS_S_FAILURE;
-	}
-
-	/*
-	 * Here we check if the client has responsed with our local seq_number,
-	 */
-	if (tmp_r_seq_number != tmp_l_seq_number) {
-	    return GSS_S_UNSEQ_TOKEN;
-	}
-    }
-
-    /*
-     * We need to reset the remote seq_number, because the client will use,
-     * the old one for the GSS_wrap() calls
-     */
-    {
-	kret = krb5_auth_con_setremoteseqnumber(context,
-						ctx->auth_context,
-						r_seq_number);	
-	if (kret) {
-	    *minor_status = kret;
-	    return GSS_S_FAILURE;
-	}
-    }
-
-    return gsskrb5_acceptor_ready(minor_status, ctx, context, 
-				  delegated_cred_handle);
-}
-
-
-OM_uint32
-_gsskrb5_accept_sec_context(OM_uint32 * minor_status,
-			    gss_ctx_id_t * context_handle,
-			    const gss_cred_id_t acceptor_cred_handle,
-			    const gss_buffer_t input_token_buffer,
-			    const gss_channel_bindings_t input_chan_bindings,
-			    gss_name_t * src_name,
-			    gss_OID * mech_type,
-			    gss_buffer_t output_token,
-			    OM_uint32 * ret_flags,
-			    OM_uint32 * time_rec,
-			    gss_cred_id_t * delegated_cred_handle)
-{
-    krb5_context context;
-    OM_uint32 ret;
-    gsskrb5_ctx ctx;
-
-    GSSAPI_KRB5_INIT(&context);
-
-    output_token->length = 0;
-    output_token->value = NULL;
-
-    if (src_name != NULL)
-	*src_name = NULL;
-    if (mech_type)
-	*mech_type = GSS_KRB5_MECHANISM;
-
-    if (*context_handle == GSS_C_NO_CONTEXT) {
-	ret = _gsskrb5_create_ctx(minor_status,
-				  context_handle,
-				  context,
-				  input_chan_bindings,
-				  ACCEPTOR_START);
-	if (ret)
-	    return ret;
-    }
-    
-    ctx = (gsskrb5_ctx)*context_handle;
-
-    
-    /*
-     * TODO: check the channel_bindings 
-     * (above just sets them to krb5 layer)
-     */
-
-    HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-    
-    switch (ctx->state) {
-    case ACCEPTOR_START:
-	ret = gsskrb5_acceptor_start(minor_status,
-				     ctx,
-				     context,
-				     acceptor_cred_handle,
-				     input_token_buffer,
-				     input_chan_bindings,
-				     src_name,
-				     mech_type,
-				     output_token,
-				     ret_flags,
-				     time_rec,
-				     delegated_cred_handle);
-	break;
-    case ACCEPTOR_WAIT_FOR_DCESTYLE:
-	ret = acceptor_wait_for_dcestyle(minor_status,
-					 ctx,
-					 context,
-					 acceptor_cred_handle,
-					 input_token_buffer,
-					 input_chan_bindings,
-					 src_name,
-					 mech_type,
-					 output_token,
-					 ret_flags,
-					 time_rec,
-					 delegated_cred_handle);
-	break;
-    case ACCEPTOR_READY:
-	/* 
-	 * If we get there, the caller have called
-	 * gss_accept_sec_context() one time too many.
-	 */
-	ret =  GSS_S_BAD_STATUS;
-	break;
-    default:
-	/* TODO: is this correct here? --metze */
-	ret =  GSS_S_BAD_STATUS;
-	break;
-    }
-    
-    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-    
-    if (GSS_ERROR(ret)) {
-	OM_uint32 min2;
-	_gsskrb5_delete_sec_context(&min2, context_handle, GSS_C_NO_BUFFER);
-    }
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/acquire_cred.c b/crypto/heimdal/lib/gssapi/krb5/acquire_cred.c
deleted file mode 100644
index 6e13a4287b62..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/acquire_cred.c
+++ /dev/null
@@ -1,398 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: acquire_cred.c 22124 2007-12-04 00:03:52Z lha $");
-
-OM_uint32
-__gsskrb5_ccache_lifetime(OM_uint32 *minor_status,
-			  krb5_context context,
-			  krb5_ccache id,
-			  krb5_principal principal,
-			  OM_uint32 *lifetime)
-{
-    krb5_creds in_cred, *out_cred;
-    krb5_const_realm realm;
-    krb5_error_code kret;
-
-    memset(&in_cred, 0, sizeof(in_cred));
-    in_cred.client = principal;
-	
-    realm = krb5_principal_get_realm(context,  principal);
-    if (realm == NULL) {
-	_gsskrb5_clear_status ();
-	*minor_status = KRB5_PRINC_NOMATCH; /* XXX */
-	return GSS_S_FAILURE;
-    }
-
-    kret = krb5_make_principal(context, &in_cred.server, 
-			       realm, KRB5_TGS_NAME, realm, NULL);
-    if (kret) {
-	*minor_status = kret;
-	return GSS_S_FAILURE;
-    }
-
-    kret = krb5_get_credentials(context, 0, 
-				id, &in_cred, &out_cred);
-    krb5_free_principal(context, in_cred.server);
-    if (kret) {
-	*minor_status = kret;
-	return GSS_S_FAILURE;
-    }
-
-    *lifetime = out_cred->times.endtime;
-    krb5_free_creds(context, out_cred);
-
-    return GSS_S_COMPLETE;
-}
-
-
-
-
-static krb5_error_code
-get_keytab(krb5_context context, krb5_keytab *keytab)
-{
-    char kt_name[256];
-    krb5_error_code kret;
-
-    HEIMDAL_MUTEX_lock(&gssapi_keytab_mutex);
-
-    if (_gsskrb5_keytab != NULL) {
-	kret = krb5_kt_get_name(context,
-				_gsskrb5_keytab,
-				kt_name, sizeof(kt_name));
-	if (kret == 0)
-	    kret = krb5_kt_resolve(context, kt_name, keytab);
-    } else
-	kret = krb5_kt_default(context, keytab);
-
-    HEIMDAL_MUTEX_unlock(&gssapi_keytab_mutex);
-
-    return (kret);
-}
-
-static OM_uint32 acquire_initiator_cred
-		  (OM_uint32 * minor_status,
-		   krb5_context context,
-		   const gss_name_t desired_name,
-		   OM_uint32 time_req,
-		   const gss_OID_set desired_mechs,
-		   gss_cred_usage_t cred_usage,
-		   gsskrb5_cred handle,
-		   gss_OID_set * actual_mechs,
-		   OM_uint32 * time_rec
-		  )
-{
-    OM_uint32 ret;
-    krb5_creds cred;
-    krb5_principal def_princ;
-    krb5_get_init_creds_opt *opt;
-    krb5_ccache ccache;
-    krb5_keytab keytab;
-    krb5_error_code kret;
-
-    keytab = NULL;
-    ccache = NULL;
-    def_princ = NULL;
-    ret = GSS_S_FAILURE;
-    memset(&cred, 0, sizeof(cred));
-
-    /* If we have a preferred principal, lets try to find it in all
-     * caches, otherwise, fall back to default cache.  Ignore
-     * errors. */
-    if (handle->principal)
-	kret = krb5_cc_cache_match (context,
-				    handle->principal,
-				    NULL,
-				    &ccache);
-    
-    if (ccache == NULL) {
-	kret = krb5_cc_default(context, &ccache);
-	if (kret)
-	    goto end;
-    }
-    kret = krb5_cc_get_principal(context, ccache,
-	&def_princ);
-    if (kret != 0) {
-	/* we'll try to use a keytab below */
-	krb5_cc_destroy(context, ccache);
-	ccache = NULL;
-	kret = 0;
-    } else if (handle->principal == NULL)  {
-	kret = krb5_copy_principal(context, def_princ,
-	    &handle->principal);
-	if (kret)
-	    goto end;
-    } else if (handle->principal != NULL &&
-	krb5_principal_compare(context, handle->principal,
-	def_princ) == FALSE) {
-	/* Before failing, lets check the keytab */
-	krb5_free_principal(context, def_princ);
-	def_princ = NULL;
-    }
-    if (def_princ == NULL) {
-	/* We have no existing credentials cache,
-	 * so attempt to get a TGT using a keytab.
-	 */
-	if (handle->principal == NULL) {
-	    kret = krb5_get_default_principal(context,
-		&handle->principal);
-	    if (kret)
-		goto end;
-	}
-	kret = get_keytab(context, &keytab);
-	if (kret)
-	    goto end;
-	kret = krb5_get_init_creds_opt_alloc(context, &opt);
-	if (kret)
-	    goto end;
-	kret = krb5_get_init_creds_keytab(context, &cred,
-	    handle->principal, keytab, 0, NULL, opt);
-	krb5_get_init_creds_opt_free(context, opt);
-	if (kret)
-	    goto end;
-	kret = krb5_cc_gen_new(context, &krb5_mcc_ops,
-		&ccache);
-	if (kret)
-	    goto end;
-	kret = krb5_cc_initialize(context, ccache, cred.client);
-	if (kret)
-	    goto end;
-	kret = krb5_cc_store_cred(context, ccache, &cred);
-	if (kret)
-	    goto end;
-	handle->lifetime = cred.times.endtime;
-	handle->cred_flags |= GSS_CF_DESTROY_CRED_ON_RELEASE;
-    } else {
-
-	ret = __gsskrb5_ccache_lifetime(minor_status,
-					context,
-					ccache,
-					handle->principal,
-					&handle->lifetime);
-	if (ret != GSS_S_COMPLETE)
-	    goto end;
-	kret = 0;
-    }
-
-    handle->ccache = ccache;
-    ret = GSS_S_COMPLETE;
-
-end:
-    if (cred.client != NULL)
-	krb5_free_cred_contents(context, &cred);
-    if (def_princ != NULL)
-	krb5_free_principal(context, def_princ);
-    if (keytab != NULL)
-	krb5_kt_close(context, keytab);
-    if (ret != GSS_S_COMPLETE) {
-	if (ccache != NULL)
-	    krb5_cc_close(context, ccache);
-	if (kret != 0) {
-	    *minor_status = kret;
-	}
-    }
-    return (ret);
-}
-
-static OM_uint32 acquire_acceptor_cred
-		  (OM_uint32 * minor_status,
-		   krb5_context context,
-		   const gss_name_t desired_name,
-		   OM_uint32 time_req,
-		   const gss_OID_set desired_mechs,
-		   gss_cred_usage_t cred_usage,
-		   gsskrb5_cred handle,
-		   gss_OID_set * actual_mechs,
-		   OM_uint32 * time_rec
-		  )
-{
-    OM_uint32 ret;
-    krb5_error_code kret;
-
-    kret = 0;
-    ret = GSS_S_FAILURE;
-    kret = get_keytab(context, &handle->keytab);
-    if (kret)
-	goto end;
-    
-    /* check that the requested principal exists in the keytab */
-    if (handle->principal) {
-	krb5_keytab_entry entry;
-
-	kret = krb5_kt_get_entry(context, handle->keytab, 
-				 handle->principal, 0, 0, &entry);
-	if (kret)
-	    goto end;
-	krb5_kt_free_entry(context, &entry);
-	ret = GSS_S_COMPLETE;
-    } else {
-	/* 
-	 * Check if there is at least one entry in the keytab before
-	 * declaring it as an useful keytab.
-	 */
-	krb5_keytab_entry tmp;
-	krb5_kt_cursor c;
-
-	kret = krb5_kt_start_seq_get (context, handle->keytab, &c);
-	if (kret)
-	    goto end;
-	if (krb5_kt_next_entry(context, handle->keytab, &tmp, &c) == 0) {
-	    krb5_kt_free_entry(context, &tmp);
-	    ret = GSS_S_COMPLETE; /* ok found one entry */
-	}
-	krb5_kt_end_seq_get (context, handle->keytab, &c);
-    } 
-end:
-    if (ret != GSS_S_COMPLETE) {
-	if (handle->keytab != NULL)
-	    krb5_kt_close(context, handle->keytab);
-	if (kret != 0) {
-	    *minor_status = kret;
-	}
-    }
-    return (ret);
-}
-
-OM_uint32 _gsskrb5_acquire_cred
-(OM_uint32 * minor_status,
- const gss_name_t desired_name,
- OM_uint32 time_req,
- const gss_OID_set desired_mechs,
- gss_cred_usage_t cred_usage,
- gss_cred_id_t * output_cred_handle,
- gss_OID_set * actual_mechs,
- OM_uint32 * time_rec
-    )
-{
-    krb5_context context;
-    gsskrb5_cred handle;
-    OM_uint32 ret;
-
-    if (cred_usage != GSS_C_ACCEPT && cred_usage != GSS_C_INITIATE && cred_usage != GSS_C_BOTH) {
-	*minor_status = GSS_KRB5_S_G_BAD_USAGE;
-	return GSS_S_FAILURE;
-    }
-
-    GSSAPI_KRB5_INIT(&context);
-
-    *output_cred_handle = NULL;
-    if (time_rec)
-	*time_rec = 0;
-    if (actual_mechs)
-	*actual_mechs = GSS_C_NO_OID_SET;
-
-    if (desired_mechs) {
-	int present = 0;
-
-	ret = gss_test_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
-				      desired_mechs, &present); 
-	if (ret)
-	    return ret;
-	if (!present) {
-	    *minor_status = 0;
-	    return GSS_S_BAD_MECH;
-	}
-    }
-
-    handle = calloc(1, sizeof(*handle));
-    if (handle == NULL) {
-	*minor_status = ENOMEM;
-        return (GSS_S_FAILURE);
-    }
-
-    HEIMDAL_MUTEX_init(&handle->cred_id_mutex);
-
-    if (desired_name != GSS_C_NO_NAME) {
-	krb5_principal name = (krb5_principal)desired_name;
-	ret = krb5_copy_principal(context, name, &handle->principal);
-	if (ret) {
-	    HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
-	    *minor_status = ret;
-	    free(handle);
-	    return GSS_S_FAILURE;
-	}
-    }
-    if (cred_usage == GSS_C_INITIATE || cred_usage == GSS_C_BOTH) {
-	ret = acquire_initiator_cred(minor_status, context,
-				     desired_name, time_req,
-				     desired_mechs, cred_usage, handle,
-				     actual_mechs, time_rec);
-    	if (ret != GSS_S_COMPLETE) {
-	    HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
-	    krb5_free_principal(context, handle->principal);
-	    free(handle);
-	    return (ret);
-	}
-    }
-    if (cred_usage == GSS_C_ACCEPT || cred_usage == GSS_C_BOTH) {
-	ret = acquire_acceptor_cred(minor_status, context,
-				    desired_name, time_req,
-				    desired_mechs, cred_usage, handle, actual_mechs, time_rec);
-	if (ret != GSS_S_COMPLETE) {
-	    HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
-	    krb5_free_principal(context, handle->principal);
-	    free(handle);
-	    return (ret);
-	}
-    }
-    ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms);
-    if (ret == GSS_S_COMPLETE)
-    	ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
-				     &handle->mechanisms);
-    if (ret == GSS_S_COMPLETE)
-    	ret = _gsskrb5_inquire_cred(minor_status, (gss_cred_id_t)handle, 
-				    NULL, time_rec, NULL, actual_mechs);
-    if (ret != GSS_S_COMPLETE) {
-	if (handle->mechanisms != NULL)
-	    gss_release_oid_set(NULL, &handle->mechanisms);
-	HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
-	krb5_free_principal(context, handle->principal);
-	free(handle);
-	return (ret);
-    } 
-    *minor_status = 0;
-    if (time_rec) {
-	ret = _gsskrb5_lifetime_left(minor_status,
-				     context,
-				     handle->lifetime,
-				     time_rec);
-
-	if (ret)
-	    return ret;
-    }
-    handle->usage = cred_usage;
-    *output_cred_handle = (gss_cred_id_t)handle;
-    return (GSS_S_COMPLETE);
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/add_cred.c b/crypto/heimdal/lib/gssapi/krb5/add_cred.c
deleted file mode 100644
index 9a1045a889f6..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/add_cred.c
+++ /dev/null
@@ -1,252 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: add_cred.c 20688 2007-05-17 18:44:31Z lha $");
-
-OM_uint32 _gsskrb5_add_cred (
-     OM_uint32           *minor_status,
-     const gss_cred_id_t input_cred_handle,
-     const gss_name_t    desired_name,
-     const gss_OID       desired_mech,
-     gss_cred_usage_t    cred_usage,
-     OM_uint32           initiator_time_req,
-     OM_uint32           acceptor_time_req,
-     gss_cred_id_t       *output_cred_handle,
-     gss_OID_set         *actual_mechs,
-     OM_uint32           *initiator_time_rec,
-     OM_uint32           *acceptor_time_rec)
-{
-    krb5_context context;
-    OM_uint32 ret, lifetime;
-    gsskrb5_cred cred, handle;
-    krb5_const_principal dname;
-
-    handle = NULL;
-    cred = (gsskrb5_cred)input_cred_handle;
-    dname = (krb5_const_principal)desired_name;
-
-    GSSAPI_KRB5_INIT (&context);
-
-    if (gss_oid_equal(desired_mech, GSS_KRB5_MECHANISM) == 0) {
-	*minor_status = 0;
-	return GSS_S_BAD_MECH;
-    }
-
-    if (cred == NULL && output_cred_handle == NULL) {
-	*minor_status = 0;
-	return GSS_S_NO_CRED;
-    }
-
-    if (cred == NULL) { /* XXX standard conformance failure */
-	*minor_status = 0;
-	return GSS_S_NO_CRED;
-    }
-
-    /* check if requested output usage is compatible with output usage */ 
-    if (output_cred_handle != NULL) {
-	HEIMDAL_MUTEX_lock(&cred->cred_id_mutex);
-	if (cred->usage != cred_usage && cred->usage != GSS_C_BOTH) {
-	    HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
-	    *minor_status = GSS_KRB5_S_G_BAD_USAGE;
-	    return(GSS_S_FAILURE);
-	}
-    }
-	
-    /* check that we have the same name */
-    if (dname != NULL &&
-	krb5_principal_compare(context, dname, 
-			       cred->principal) != FALSE) {
-	if (output_cred_handle)
-	    HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
-	*minor_status = 0;
-	return GSS_S_BAD_NAME;
-    }
-
-    /* make a copy */
-    if (output_cred_handle) {
-	krb5_error_code kret;
-
-	handle = calloc(1, sizeof(*handle));
-	if (handle == NULL) {
-	    HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
-	    *minor_status = ENOMEM;
-	    return (GSS_S_FAILURE);
-	}
-
-	handle->usage = cred_usage;
-	handle->lifetime = cred->lifetime;
-	handle->principal = NULL;
-	handle->keytab = NULL;
-	handle->ccache = NULL;
-	handle->mechanisms = NULL;
-	HEIMDAL_MUTEX_init(&handle->cred_id_mutex);
-	
-	ret = GSS_S_FAILURE;
-
-	kret = krb5_copy_principal(context, cred->principal,
-				  &handle->principal);
-	if (kret) {
-	    HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
-	    free(handle);
-	    *minor_status = kret;
-	    return GSS_S_FAILURE;
-	}
-
-	if (cred->keytab) {
-	    char name[KRB5_KT_PREFIX_MAX_LEN + MAXPATHLEN];
-	    int len;
-	    
-	    ret = GSS_S_FAILURE;
-
-	    kret = krb5_kt_get_type(context, cred->keytab,
-				    name, KRB5_KT_PREFIX_MAX_LEN);
-	    if (kret) {
-		*minor_status = kret;
-		goto failure;
-	    }
-	    len = strlen(name);
-	    name[len++] = ':';
-
-	    kret = krb5_kt_get_name(context, cred->keytab,
-				    name + len, 
-				    sizeof(name) - len);
-	    if (kret) {
-		*minor_status = kret;
-		goto failure;
-	    }
-
-	    kret = krb5_kt_resolve(context, name,
-				   &handle->keytab);
-	    if (kret){
-		*minor_status = kret;
-		goto failure;
-	    }
-	}
-
-	if (cred->ccache) {
-	    const char *type, *name;
-	    char *type_name;
-
-	    ret = GSS_S_FAILURE;
-
-	    type = krb5_cc_get_type(context, cred->ccache);
-	    if (type == NULL){
-		*minor_status = ENOMEM;
-		goto failure;
-	    }
-
-	    if (strcmp(type, "MEMORY") == 0) {
-		ret = krb5_cc_gen_new(context, &krb5_mcc_ops,
-				      &handle->ccache);
-		if (ret) {
-		    *minor_status = ret;
-		    goto failure;
-		}
-
-		ret = krb5_cc_copy_cache(context, cred->ccache,
-					 handle->ccache);
-		if (ret) {
-		    *minor_status = ret;
-		    goto failure;
-		}
-
-	    } else {
-		name = krb5_cc_get_name(context, cred->ccache);
-		if (name == NULL) {
-		    *minor_status = ENOMEM;
-		    goto failure;
-		}
-		
-		asprintf(&type_name, "%s:%s", type, name);
-		if (type_name == NULL) {
-		    *minor_status = ENOMEM;
-		    goto failure;
-		}
-		
-		kret = krb5_cc_resolve(context, type_name,
-				       &handle->ccache);
-		free(type_name);
-		if (kret) {
-		    *minor_status = kret;
-		    goto failure;
-		}	    
-	    }
-	}
-	ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms);
-	if (ret)
-	    goto failure;
-
-	ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
-				     &handle->mechanisms);
-	if (ret)
-	    goto failure;
-    }
-
-    HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
-
-    ret = _gsskrb5_inquire_cred(minor_status, (gss_cred_id_t)cred, 
-				NULL, &lifetime, NULL, actual_mechs);
-    if (ret)
-	goto failure;
-
-    if (initiator_time_rec)
-	*initiator_time_rec = lifetime;
-    if (acceptor_time_rec)
-	*acceptor_time_rec = lifetime;
-
-    if (output_cred_handle) {
-	*output_cred_handle = (gss_cred_id_t)handle;
-    }
-
-    *minor_status = 0;
-    return ret;
-
- failure:
-
-    if (handle) {
-	if (handle->principal)
-	    krb5_free_principal(context, handle->principal);
-	if (handle->keytab)
-	    krb5_kt_close(context, handle->keytab);
-	if (handle->ccache)
-	    krb5_cc_destroy(context, handle->ccache);
-	if (handle->mechanisms)
-	    gss_release_oid_set(NULL, &handle->mechanisms);
-	free(handle);
-    }
-    if (output_cred_handle)
-	HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/address_to_krb5addr.c b/crypto/heimdal/lib/gssapi/krb5/address_to_krb5addr.c
deleted file mode 100644
index 18a90fe9a762..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/address_to_krb5addr.c
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- * Copyright (c) 2000 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-#include <roken.h>
-
-krb5_error_code
-_gsskrb5i_address_to_krb5addr(krb5_context context,
-			      OM_uint32 gss_addr_type,
-			      gss_buffer_desc *gss_addr,
-			      int16_t port,
-			      krb5_address *address)
-{
-   int addr_type;
-   struct sockaddr sa;
-   krb5_socklen_t sa_size = sizeof(sa);
-   krb5_error_code problem;
-   
-   if (gss_addr == NULL)
-      return GSS_S_FAILURE; 
-   
-   switch (gss_addr_type) {
-#ifdef HAVE_IPV6
-      case GSS_C_AF_INET6: addr_type = AF_INET6;
-                           break;
-#endif /* HAVE_IPV6 */
-                           
-      case GSS_C_AF_INET:  addr_type = AF_INET;
-                           break;
-      default:
-                           return GSS_S_FAILURE;
-   }
-                      
-   problem = krb5_h_addr2sockaddr (context,
-				   addr_type,
-                                   gss_addr->value, 
-                                   &sa, 
-                                   &sa_size, 
-                                   port);
-   if (problem)
-      return GSS_S_FAILURE;
-
-   problem = krb5_sockaddr2address (context, &sa, address);
-
-   return problem;  
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/arcfour.c b/crypto/heimdal/lib/gssapi/krb5/arcfour.c
deleted file mode 100644
index 032da36ebc86..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/arcfour.c
+++ /dev/null
@@ -1,760 +0,0 @@
-/*
- * Copyright (c) 2003 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: arcfour.c 19031 2006-11-13 18:02:57Z lha $");
-
-/*
- * Implements draft-brezak-win2k-krb-rc4-hmac-04.txt
- *
- * The arcfour message have the following formats:
- *
- * MIC token
- * 	TOK_ID[2] = 01 01
- *	SGN_ALG[2] = 11 00
- *	Filler[4]
- *	SND_SEQ[8]
- *	SGN_CKSUM[8]
- *
- * WRAP token
- *	TOK_ID[2] = 02 01
- *	SGN_ALG[2];
- *	SEAL_ALG[2]
- *	Filler[2]
- *	SND_SEQ[2]
- *	SGN_CKSUM[8]
- *	Confounder[8]
- */
-
-/*
- * WRAP in DCE-style have a fixed size header, the oid and length over
- * the WRAP header is a total of
- * GSS_ARCFOUR_WRAP_TOKEN_DCE_DER_HEADER_SIZE +
- * GSS_ARCFOUR_WRAP_TOKEN_SIZE byte (ie total of 45 bytes overhead,
- * remember the 2 bytes from APPL [0] SEQ).
- */
-
-#define GSS_ARCFOUR_WRAP_TOKEN_SIZE 32
-#define GSS_ARCFOUR_WRAP_TOKEN_DCE_DER_HEADER_SIZE 13
-
-
-static krb5_error_code
-arcfour_mic_key(krb5_context context, krb5_keyblock *key,
-		void *cksum_data, size_t cksum_size,
-		void *key6_data, size_t key6_size)
-{
-    krb5_error_code ret;
-    
-    Checksum cksum_k5;
-    krb5_keyblock key5;
-    char k5_data[16];
-    
-    Checksum cksum_k6;
-    
-    char T[4];
-
-    memset(T, 0, 4);
-    cksum_k5.checksum.data = k5_data;
-    cksum_k5.checksum.length = sizeof(k5_data);
-
-    if (key->keytype == KEYTYPE_ARCFOUR_56) {
-	char L40[14] = "fortybits";
-
-	memcpy(L40 + 10, T, sizeof(T));
-	ret = krb5_hmac(context, CKSUMTYPE_RSA_MD5,
-			L40, 14, 0, key, &cksum_k5);
-	memset(&k5_data[7], 0xAB, 9);
-    } else {
-	ret = krb5_hmac(context, CKSUMTYPE_RSA_MD5,
-			T, 4, 0, key, &cksum_k5);
-    }
-    if (ret)
-	return ret;
-
-    key5.keytype = KEYTYPE_ARCFOUR;
-    key5.keyvalue = cksum_k5.checksum;
-
-    cksum_k6.checksum.data = key6_data;
-    cksum_k6.checksum.length = key6_size;
-
-    return krb5_hmac(context, CKSUMTYPE_RSA_MD5,
-		     cksum_data, cksum_size, 0, &key5, &cksum_k6);
-}
-
-
-static krb5_error_code
-arcfour_mic_cksum(krb5_context context,
-		  krb5_keyblock *key, unsigned usage,
-		  u_char *sgn_cksum, size_t sgn_cksum_sz,
-		  const u_char *v1, size_t l1,
-		  const void *v2, size_t l2,
-		  const void *v3, size_t l3)
-{
-    Checksum CKSUM;
-    u_char *ptr;
-    size_t len;
-    krb5_crypto crypto;
-    krb5_error_code ret;
-    
-    assert(sgn_cksum_sz == 8);
-
-    len = l1 + l2 + l3;
-
-    ptr = malloc(len);
-    if (ptr == NULL)
-	return ENOMEM;
-
-    memcpy(ptr, v1, l1);
-    memcpy(ptr + l1, v2, l2);
-    memcpy(ptr + l1 + l2, v3, l3);
-    
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret) {
-	free(ptr);
-	return ret;
-    }
-    
-    ret = krb5_create_checksum(context,
-			       crypto,
-			       usage,
-			       0,
-			       ptr, len,
-			       &CKSUM);
-    free(ptr);
-    if (ret == 0) {
-	memcpy(sgn_cksum, CKSUM.checksum.data, sgn_cksum_sz);
-	free_Checksum(&CKSUM);
-    }
-    krb5_crypto_destroy(context, crypto);
-
-    return ret;
-}
-
-
-OM_uint32
-_gssapi_get_mic_arcfour(OM_uint32 * minor_status,
-			const gsskrb5_ctx context_handle,
-			krb5_context context,
-			gss_qop_t qop_req,
-			const gss_buffer_t message_buffer,
-			gss_buffer_t message_token,
-			krb5_keyblock *key)
-{
-    krb5_error_code ret;
-    int32_t seq_number;
-    size_t len, total_len;
-    u_char k6_data[16], *p0, *p;
-    RC4_KEY rc4_key;
-    
-    _gsskrb5_encap_length (22, &len, &total_len, GSS_KRB5_MECHANISM);
-    
-    message_token->length = total_len;
-    message_token->value  = malloc (total_len);
-    if (message_token->value == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    
-    p0 = _gssapi_make_mech_header(message_token->value,
-				  len,
-				  GSS_KRB5_MECHANISM);
-    p = p0;
-    
-    *p++ = 0x01; /* TOK_ID */
-    *p++ = 0x01;
-    *p++ = 0x11; /* SGN_ALG */
-    *p++ = 0x00;
-    *p++ = 0xff; /* Filler */
-    *p++ = 0xff;
-    *p++ = 0xff;
-    *p++ = 0xff;
-
-    p = NULL;
-
-    ret = arcfour_mic_cksum(context,
-			    key, KRB5_KU_USAGE_SIGN,
-			    p0 + 16, 8,  /* SGN_CKSUM */
-			    p0, 8, /* TOK_ID, SGN_ALG, Filer */
-			    message_buffer->value, message_buffer->length,
-			    NULL, 0);
-    if (ret) {
-	_gsskrb5_release_buffer(minor_status, message_token);
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    ret = arcfour_mic_key(context, key,
-			  p0 + 16, 8, /* SGN_CKSUM */
-			  k6_data, sizeof(k6_data));
-    if (ret) {
-	_gsskrb5_release_buffer(minor_status, message_token);
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
-    krb5_auth_con_getlocalseqnumber (context,
-				     context_handle->auth_context,
-				     &seq_number);
-    p = p0 + 8; /* SND_SEQ */
-    _gsskrb5_encode_be_om_uint32(seq_number, p);
-    
-    krb5_auth_con_setlocalseqnumber (context,
-				     context_handle->auth_context,
-				     ++seq_number);
-    HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-    
-    memset (p + 4, (context_handle->more_flags & LOCAL) ? 0 : 0xff, 4);
-
-    RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
-    RC4 (&rc4_key, 8, p, p);
-	
-    memset(&rc4_key, 0, sizeof(rc4_key));
-    memset(k6_data, 0, sizeof(k6_data));
-    
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
-
-
-OM_uint32
-_gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
-			   const gsskrb5_ctx context_handle,
-			   krb5_context context,
-			   const gss_buffer_t message_buffer,
-			   const gss_buffer_t token_buffer,
-			   gss_qop_t * qop_state,
-			   krb5_keyblock *key,
-			   char *type)
-{
-    krb5_error_code ret;
-    uint32_t seq_number;
-    OM_uint32 omret;
-    u_char SND_SEQ[8], cksum_data[8], *p;
-    char k6_data[16];
-    int cmp;
-    
-    if (qop_state)
-	*qop_state = 0;
-
-    p = token_buffer->value;
-    omret = _gsskrb5_verify_header (&p,
-				       token_buffer->length,
-				       (u_char *)type,
-				       GSS_KRB5_MECHANISM);
-    if (omret)
-	return omret;
-    
-    if (memcmp(p, "\x11\x00", 2) != 0) /* SGN_ALG = HMAC MD5 ARCFOUR */
-	return GSS_S_BAD_SIG;
-    p += 2;
-    if (memcmp (p, "\xff\xff\xff\xff", 4) != 0)
-	return GSS_S_BAD_MIC;
-    p += 4;
-
-    ret = arcfour_mic_cksum(context,
-			    key, KRB5_KU_USAGE_SIGN,
-			    cksum_data, sizeof(cksum_data),
-			    p - 8, 8,
-			    message_buffer->value, message_buffer->length,
-			    NULL, 0);
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    ret = arcfour_mic_key(context, key,
-			  cksum_data, sizeof(cksum_data),
-			  k6_data, sizeof(k6_data));
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    cmp = memcmp(cksum_data, p + 8, 8);
-    if (cmp) {
-	*minor_status = 0;
-	return GSS_S_BAD_MIC;
-    }
-
-    {
-	RC4_KEY rc4_key;
-	
-	RC4_set_key (&rc4_key, sizeof(k6_data), (void*)k6_data);
-	RC4 (&rc4_key, 8, p, SND_SEQ);
-	
-	memset(&rc4_key, 0, sizeof(rc4_key));
-	memset(k6_data, 0, sizeof(k6_data));
-    }
-
-    _gsskrb5_decode_be_om_uint32(SND_SEQ, &seq_number);
-
-    if (context_handle->more_flags & LOCAL)
-	cmp = memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4);
-    else
-	cmp = memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4);
-
-    memset(SND_SEQ, 0, sizeof(SND_SEQ));
-    if (cmp != 0) {
-	*minor_status = 0;
-	return GSS_S_BAD_MIC;
-    }
-    
-    HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
-    omret = _gssapi_msg_order_check(context_handle->order, seq_number);
-    HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-    if (omret)
-	return omret;
-
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
-
-OM_uint32
-_gssapi_wrap_arcfour(OM_uint32 * minor_status,
-		     const gsskrb5_ctx context_handle,
-		     krb5_context context,
-		     int conf_req_flag,
-		     gss_qop_t qop_req,
-		     const gss_buffer_t input_message_buffer,
-		     int * conf_state,
-		     gss_buffer_t output_message_buffer,
-		     krb5_keyblock *key)
-{
-    u_char Klocaldata[16], k6_data[16], *p, *p0;
-    size_t len, total_len, datalen;
-    krb5_keyblock Klocal;
-    krb5_error_code ret;
-    int32_t seq_number;
-
-    if (conf_state)
-	*conf_state = 0;
-
-    datalen = input_message_buffer->length;
-
-    if (IS_DCE_STYLE(context_handle)) {
-	len = GSS_ARCFOUR_WRAP_TOKEN_SIZE;
-	_gssapi_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM);
-	total_len += datalen;
-    } else {
-	datalen += 1; /* padding */
-	len = datalen + GSS_ARCFOUR_WRAP_TOKEN_SIZE;
-	_gssapi_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM);
-    }
-
-    output_message_buffer->length = total_len;
-    output_message_buffer->value  = malloc (total_len);
-    if (output_message_buffer->value == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    
-    p0 = _gssapi_make_mech_header(output_message_buffer->value,
-				  len,
-				  GSS_KRB5_MECHANISM);
-    p = p0;
-
-    *p++ = 0x02; /* TOK_ID */
-    *p++ = 0x01;
-    *p++ = 0x11; /* SGN_ALG */
-    *p++ = 0x00;
-    if (conf_req_flag) {
-	*p++ = 0x10; /* SEAL_ALG */
-	*p++ = 0x00;
-    } else {
-	*p++ = 0xff; /* SEAL_ALG */
-	*p++ = 0xff;
-    }
-    *p++ = 0xff; /* Filler */
-    *p++ = 0xff;
-
-    p = NULL;
-
-    HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
-    krb5_auth_con_getlocalseqnumber (context,
-				     context_handle->auth_context,
-				     &seq_number);
-
-    _gsskrb5_encode_be_om_uint32(seq_number, p0 + 8);
-
-    krb5_auth_con_setlocalseqnumber (context,
-				     context_handle->auth_context,
-				     ++seq_number);
-    HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-
-    memset (p0 + 8 + 4,
-	    (context_handle->more_flags & LOCAL) ? 0 : 0xff,
-	    4);
-
-    krb5_generate_random_block(p0 + 24, 8); /* fill in Confounder */
-    
-    /* p points to data */
-    p = p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE;
-    memcpy(p, input_message_buffer->value, input_message_buffer->length);
-
-    if (!IS_DCE_STYLE(context_handle))
-	p[input_message_buffer->length] = 1; /* padding */
-
-    ret = arcfour_mic_cksum(context,
-			    key, KRB5_KU_USAGE_SEAL,
-			    p0 + 16, 8, /* SGN_CKSUM */ 
-			    p0, 8, /* TOK_ID, SGN_ALG, SEAL_ALG, Filler */
-			    p0 + 24, 8, /* Confounder */
-			    p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE, 
-			    datalen);
-    if (ret) {
-	*minor_status = ret;
-	_gsskrb5_release_buffer(minor_status, output_message_buffer);
-	return GSS_S_FAILURE;
-    }
-
-    {
-	int i;
-
-	Klocal.keytype = key->keytype;
-	Klocal.keyvalue.data = Klocaldata;
-	Klocal.keyvalue.length = sizeof(Klocaldata);
-
-	for (i = 0; i < 16; i++)
-	    Klocaldata[i] = ((u_char *)key->keyvalue.data)[i] ^ 0xF0;
-    }
-    ret = arcfour_mic_key(context, &Klocal,
-			  p0 + 8, 4, /* SND_SEQ */
-			  k6_data, sizeof(k6_data));
-    memset(Klocaldata, 0, sizeof(Klocaldata));
-    if (ret) {
-	_gsskrb5_release_buffer(minor_status, output_message_buffer);
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-
-    if(conf_req_flag) {
-	RC4_KEY rc4_key;
-
-	RC4_set_key (&rc4_key, sizeof(k6_data), (void *)k6_data);
-	/* XXX ? */
-	RC4 (&rc4_key, 8 + datalen, p0 + 24, p0 + 24); /* Confounder + data */
-	memset(&rc4_key, 0, sizeof(rc4_key));
-    }
-    memset(k6_data, 0, sizeof(k6_data));
-
-    ret = arcfour_mic_key(context, key,
-			  p0 + 16, 8, /* SGN_CKSUM */
-			  k6_data, sizeof(k6_data));
-    if (ret) {
-	_gsskrb5_release_buffer(minor_status, output_message_buffer);
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    {
-	RC4_KEY rc4_key;
-	
-	RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
-	RC4 (&rc4_key, 8, p0 + 8, p0 + 8); /* SND_SEQ */
-	memset(&rc4_key, 0, sizeof(rc4_key));
-	memset(k6_data, 0, sizeof(k6_data));
-    }
-
-    if (conf_state)
-	*conf_state = conf_req_flag;
-
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
-
-OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
-				 const gsskrb5_ctx context_handle,
-				 krb5_context context,
-				 const gss_buffer_t input_message_buffer,
-				 gss_buffer_t output_message_buffer,
-				 int *conf_state,
-				 gss_qop_t *qop_state,
-				 krb5_keyblock *key)
-{
-    u_char Klocaldata[16];
-    krb5_keyblock Klocal;
-    krb5_error_code ret;
-    uint32_t seq_number;
-    size_t datalen;
-    OM_uint32 omret;
-    u_char k6_data[16], SND_SEQ[8], Confounder[8];
-    u_char cksum_data[8];
-    u_char *p, *p0;
-    int cmp;
-    int conf_flag;
-    size_t padlen = 0, len;
-    
-    if (conf_state)
-	*conf_state = 0;
-    if (qop_state)
-	*qop_state = 0;
-
-    p0 = input_message_buffer->value;
-
-    if (IS_DCE_STYLE(context_handle)) {
-	len = GSS_ARCFOUR_WRAP_TOKEN_SIZE + 
-	    GSS_ARCFOUR_WRAP_TOKEN_DCE_DER_HEADER_SIZE;
-	if (input_message_buffer->length < len)
-	    return GSS_S_BAD_MECH;
-    } else {
-	len = input_message_buffer->length;
-    }
-
-    omret = _gssapi_verify_mech_header(&p0,
-				       len,
-				       GSS_KRB5_MECHANISM);
-    if (omret)
-	return omret;
-
-    /* length of mech header */
-    len = (p0 - (u_char *)input_message_buffer->value) + 
-	GSS_ARCFOUR_WRAP_TOKEN_SIZE;
-
-    if (len > input_message_buffer->length)
-	return GSS_S_BAD_MECH;
-
-    /* length of data */
-    datalen = input_message_buffer->length - len;
-
-    p = p0;
-
-    if (memcmp(p, "\x02\x01", 2) != 0)
-	return GSS_S_BAD_SIG;
-    p += 2;
-    if (memcmp(p, "\x11\x00", 2) != 0) /* SGN_ALG = HMAC MD5 ARCFOUR */
-	return GSS_S_BAD_SIG;
-    p += 2;
-
-    if (memcmp (p, "\x10\x00", 2) == 0)
-	conf_flag = 1;
-    else if (memcmp (p, "\xff\xff", 2) == 0)
-	conf_flag = 0;
-    else
-	return GSS_S_BAD_SIG;
-
-    p += 2;
-    if (memcmp (p, "\xff\xff", 2) != 0)
-	return GSS_S_BAD_MIC;
-    p = NULL;
-
-    ret = arcfour_mic_key(context, key,
-			  p0 + 16, 8, /* SGN_CKSUM */
-			  k6_data, sizeof(k6_data));
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    {
-	RC4_KEY rc4_key;
-	
-	RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
-	RC4 (&rc4_key, 8, p0 + 8, SND_SEQ); /* SND_SEQ */
-	memset(&rc4_key, 0, sizeof(rc4_key));
-	memset(k6_data, 0, sizeof(k6_data));
-    }
-
-    _gsskrb5_decode_be_om_uint32(SND_SEQ, &seq_number);
-
-    if (context_handle->more_flags & LOCAL)
-	cmp = memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4);
-    else
-	cmp = memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4);
-
-    if (cmp != 0) {
-	*minor_status = 0;
-	return GSS_S_BAD_MIC;
-    }
-
-    {
-	int i;
-
-	Klocal.keytype = key->keytype;
-	Klocal.keyvalue.data = Klocaldata;
-	Klocal.keyvalue.length = sizeof(Klocaldata);
-
-	for (i = 0; i < 16; i++)
-	    Klocaldata[i] = ((u_char *)key->keyvalue.data)[i] ^ 0xF0;
-    }
-    ret = arcfour_mic_key(context, &Klocal,
-			  SND_SEQ, 4,
-			  k6_data, sizeof(k6_data));
-    memset(Klocaldata, 0, sizeof(Klocaldata));
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    output_message_buffer->value = malloc(datalen);
-    if (output_message_buffer->value == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    output_message_buffer->length = datalen;
-
-    if(conf_flag) {
-	RC4_KEY rc4_key;
-
-	RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
-	RC4 (&rc4_key, 8, p0 + 24, Confounder); /* Confounder */
-	RC4 (&rc4_key, datalen, p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE,
-	     output_message_buffer->value);
-	memset(&rc4_key, 0, sizeof(rc4_key));
-    } else {
-	memcpy(Confounder, p0 + 24, 8); /* Confounder */
-	memcpy(output_message_buffer->value, 
-	       p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE,
-	       datalen);
-    }
-    memset(k6_data, 0, sizeof(k6_data));
-
-    if (!IS_DCE_STYLE(context_handle)) {
-	ret = _gssapi_verify_pad(output_message_buffer, datalen, &padlen);
-	if (ret) {
-	    _gsskrb5_release_buffer(minor_status, output_message_buffer);
-	    *minor_status = 0;
-	    return ret;
-	}
-	output_message_buffer->length -= padlen;
-    }
-
-    ret = arcfour_mic_cksum(context,
-			    key, KRB5_KU_USAGE_SEAL,
-			    cksum_data, sizeof(cksum_data),
-			    p0, 8, 
-			    Confounder, sizeof(Confounder),
-			    output_message_buffer->value, 
-			    output_message_buffer->length + padlen);
-    if (ret) {
-	_gsskrb5_release_buffer(minor_status, output_message_buffer);
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    cmp = memcmp(cksum_data, p0 + 16, 8); /* SGN_CKSUM */
-    if (cmp) {
-	_gsskrb5_release_buffer(minor_status, output_message_buffer);
-	*minor_status = 0;
-	return GSS_S_BAD_MIC;
-    }
-
-    HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
-    omret = _gssapi_msg_order_check(context_handle->order, seq_number);
-    HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-    if (omret)
-	return omret;
-
-    if (conf_state)
-	*conf_state = conf_flag;
-
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
-
-static OM_uint32
-max_wrap_length_arcfour(const gsskrb5_ctx ctx,
-			krb5_crypto crypto,
-			size_t input_length,
-			OM_uint32 *max_input_size)
-{
-    /* 
-     * if GSS_C_DCE_STYLE is in use:
-     *  - we only need to encapsulate the WRAP token
-     * However, since this is a fixed since, we just 
-     */
-    if (IS_DCE_STYLE(ctx)) {
-	size_t len, total_len;
-
-	len = GSS_ARCFOUR_WRAP_TOKEN_SIZE;
-	_gssapi_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM);
-
-	if (input_length < len)
-	    *max_input_size = 0;
-	else
-	    *max_input_size = input_length - len;
-
-    } else {
-	size_t extrasize = GSS_ARCFOUR_WRAP_TOKEN_SIZE;
-	size_t blocksize = 8;
-	size_t len, total_len;
-
-	len = 8 + input_length + blocksize + extrasize;
-
-	_gsskrb5_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM);
-
-	total_len -= input_length; /* token length */
-	if (total_len < input_length) {
-	    *max_input_size = (input_length - total_len);
-	    (*max_input_size) &= (~(OM_uint32)(blocksize - 1));
-	} else {
-	    *max_input_size = 0;
-	}
-    }
-
-    return GSS_S_COMPLETE;
-}
-
-OM_uint32
-_gssapi_wrap_size_arcfour(OM_uint32 *minor_status,
-			  const gsskrb5_ctx ctx,
-			  krb5_context context,
-			  int conf_req_flag,
-			  gss_qop_t qop_req,
-			  OM_uint32 req_output_size,
-			  OM_uint32 *max_input_size,
-			  krb5_keyblock *key)
-{
-    krb5_error_code ret;
-    krb5_crypto crypto;
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret != 0) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    ret = max_wrap_length_arcfour(ctx, crypto,
-				  req_output_size, max_input_size);
-    if (ret != 0) {
-	*minor_status = ret;
-	krb5_crypto_destroy(context, crypto);
-	return GSS_S_FAILURE;
-    }
-
-    krb5_crypto_destroy(context, crypto);
-
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/canonicalize_name.c b/crypto/heimdal/lib/gssapi/krb5/canonicalize_name.c
deleted file mode 100644
index c1744abd3bec..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/canonicalize_name.c
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: canonicalize_name.c 18334 2006-10-07 22:16:04Z lha $");
-
-OM_uint32 _gsskrb5_canonicalize_name (
-            OM_uint32 * minor_status,
-            const gss_name_t input_name,
-            const gss_OID mech_type,
-            gss_name_t * output_name
-           )
-{
-    return _gsskrb5_duplicate_name (minor_status, input_name, output_name);
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/ccache_name.c b/crypto/heimdal/lib/gssapi/krb5/ccache_name.c
deleted file mode 100644
index 6f332463553c..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/ccache_name.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * Copyright (c) 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: ccache_name.c 19031 2006-11-13 18:02:57Z lha $");
-
-char *last_out_name;
-
-OM_uint32
-_gsskrb5_krb5_ccache_name(OM_uint32 *minor_status, 
-			  const char *name,
-			  const char **out_name)
-{
-    krb5_context context;
-    krb5_error_code kret;
-
-    *minor_status = 0;
-
-    GSSAPI_KRB5_INIT(&context);
-
-    if (out_name) {
-	const char *n;
-
-	if (last_out_name) {
-	    free(last_out_name);
-	    last_out_name = NULL;
-	}
-
-	n = krb5_cc_default_name(context);
-	if (n == NULL) {
-	    *minor_status = ENOMEM;
-	    return GSS_S_FAILURE;
-	}
-	last_out_name = strdup(n);
-	if (last_out_name == NULL) {
-	    *minor_status = ENOMEM;
-	    return GSS_S_FAILURE;
-	}
-	*out_name = last_out_name;
-    }
-
-    kret = krb5_cc_set_default_name(context, name);
-    if (kret) {
-	*minor_status = kret;
-	return GSS_S_FAILURE;
-    }
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/cfx.c b/crypto/heimdal/lib/gssapi/krb5/cfx.c
deleted file mode 100644
index 6452f802ab84..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/cfx.c
+++ /dev/null
@@ -1,878 +0,0 @@
-/*
- * Copyright (c) 2003, PADL Software Pty Ltd.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of PADL Software nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: cfx.c 19031 2006-11-13 18:02:57Z lha $");
-
-/*
- * Implementation of draft-ietf-krb-wg-gssapi-cfx-06.txt
- */
-
-#define CFXSentByAcceptor	(1 << 0)
-#define CFXSealed		(1 << 1)
-#define CFXAcceptorSubkey	(1 << 2)
-
-krb5_error_code
-_gsskrb5cfx_wrap_length_cfx(krb5_context context,
-			    krb5_crypto crypto,
-			    int conf_req_flag,
-			    size_t input_length,
-			    size_t *output_length,
-			    size_t *cksumsize,
-			    uint16_t *padlength)
-{
-    krb5_error_code ret;
-    krb5_cksumtype type;
-
-    /* 16-byte header is always first */
-    *output_length = sizeof(gss_cfx_wrap_token_desc);
-    *padlength = 0;
-
-    ret = krb5_crypto_get_checksum_type(context, crypto, &type);
-    if (ret)
-	return ret;
-
-    ret = krb5_checksumsize(context, type, cksumsize);
-    if (ret)
-	return ret;
-
-    if (conf_req_flag) {
-	size_t padsize;
-
-	/* Header is concatenated with data before encryption */
-	input_length += sizeof(gss_cfx_wrap_token_desc);
-
-	ret = krb5_crypto_getpadsize(context, crypto, &padsize);
-	if (ret) {
-	    return ret;
-	}
-	if (padsize > 1) {
-	    /* XXX check this */
-	    *padlength = padsize - (input_length % padsize);
-
-	    /* We add the pad ourselves (noted here for completeness only) */
-	    input_length += *padlength;
-	}
-
-	*output_length += krb5_get_wrapped_length(context,
-						  crypto, input_length);
-    } else {
-	/* Checksum is concatenated with data */
-	*output_length += input_length + *cksumsize;
-    }
-
-    assert(*output_length > input_length);
-
-    return 0;
-}
-
-krb5_error_code
-_gsskrb5cfx_max_wrap_length_cfx(krb5_context context,
-				krb5_crypto crypto,
-				int conf_req_flag,
-				size_t input_length,
-				OM_uint32 *output_length)
-{
-    krb5_error_code ret;
-
-    *output_length = 0;
-
-    /* 16-byte header is always first */
-    if (input_length < 16)
-	return 0;
-    input_length -= 16;
-
-    if (conf_req_flag) {
-	size_t wrapped_size, sz;
-
-	wrapped_size = input_length + 1;
-	do {
-	    wrapped_size--;
-	    sz = krb5_get_wrapped_length(context, 
-					 crypto, wrapped_size);
-	} while (wrapped_size && sz > input_length);
-	if (wrapped_size == 0) {
-	    *output_length = 0;
-	    return 0;
-	}
-
-	/* inner header */
-	if (wrapped_size < 16) {
-	    *output_length = 0;
-	    return 0;
-	}
-	wrapped_size -= 16;
-
-	*output_length = wrapped_size;
-    } else {
-	krb5_cksumtype type;
-	size_t cksumsize;
-
-	ret = krb5_crypto_get_checksum_type(context, crypto, &type);
-	if (ret)
-	    return ret;
-
-	ret = krb5_checksumsize(context, type, &cksumsize);
-	if (ret)
-	    return ret;
-
-	if (input_length < cksumsize)
-	    return 0;
-
-	/* Checksum is concatenated with data */
-	*output_length = input_length - cksumsize;
-    }
-
-    return 0;
-}
-
-
-OM_uint32 _gssapi_wrap_size_cfx(OM_uint32 *minor_status,
-				const gsskrb5_ctx context_handle,
-				krb5_context context,
-				int conf_req_flag,
-				gss_qop_t qop_req,
-				OM_uint32 req_output_size,
-				OM_uint32 *max_input_size,
-				krb5_keyblock *key)
-{
-    krb5_error_code ret;
-    krb5_crypto crypto;
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret != 0) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    ret = _gsskrb5cfx_max_wrap_length_cfx(context, crypto, conf_req_flag, 
-					  req_output_size, max_input_size);
-    if (ret != 0) {
-	*minor_status = ret;
-	krb5_crypto_destroy(context, crypto);
-	return GSS_S_FAILURE;
-    }
-
-    krb5_crypto_destroy(context, crypto);
-
-    return GSS_S_COMPLETE;
-}
-
-/*
- * Rotate "rrc" bytes to the front or back
- */
-
-static krb5_error_code
-rrc_rotate(void *data, size_t len, uint16_t rrc, krb5_boolean unrotate)
-{
-    u_char *tmp, buf[256];
-    size_t left;
-
-    if (len == 0)
-	return 0;
-
-    rrc %= len;
-
-    if (rrc == 0)
-	return 0;
-
-    left = len - rrc;
-
-    if (rrc <= sizeof(buf)) {
-	tmp = buf;
-    } else {
-	tmp = malloc(rrc);
-	if (tmp == NULL) 
-	    return ENOMEM;
-    }
- 
-    if (unrotate) {
-	memcpy(tmp, data, rrc);
-	memmove(data, (u_char *)data + rrc, left);
-	memcpy((u_char *)data + left, tmp, rrc);
-    } else {
-	memcpy(tmp, (u_char *)data + left, rrc);
-	memmove((u_char *)data + rrc, data, left);
-	memcpy(data, tmp, rrc);
-    }
-
-    if (rrc > sizeof(buf)) 
-	free(tmp);
-
-    return 0;
-}
-
-OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status,
-			   const gsskrb5_ctx context_handle,
-			   krb5_context context,
-			   int conf_req_flag,
-			   gss_qop_t qop_req,
-			   const gss_buffer_t input_message_buffer,
-			   int *conf_state,
-			   gss_buffer_t output_message_buffer,
-			   krb5_keyblock *key)
-{
-    krb5_crypto crypto;
-    gss_cfx_wrap_token token;
-    krb5_error_code ret;
-    unsigned usage;
-    krb5_data cipher;
-    size_t wrapped_len, cksumsize;
-    uint16_t padlength, rrc = 0;
-    int32_t seq_number;
-    u_char *p;
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret != 0) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    ret = _gsskrb5cfx_wrap_length_cfx(context,
-				      crypto, conf_req_flag, 
-				      input_message_buffer->length,
-				      &wrapped_len, &cksumsize, &padlength);
-    if (ret != 0) {
-	*minor_status = ret;
-	krb5_crypto_destroy(context, crypto);
-	return GSS_S_FAILURE;
-    }
-
-    /* Always rotate encrypted token (if any) and checksum to header */
-    rrc = (conf_req_flag ? sizeof(*token) : 0) + (uint16_t)cksumsize;
-
-    output_message_buffer->length = wrapped_len;
-    output_message_buffer->value = malloc(output_message_buffer->length);
-    if (output_message_buffer->value == NULL) {
-	*minor_status = ENOMEM;
-	krb5_crypto_destroy(context, crypto);
-	return GSS_S_FAILURE;
-    }
-
-    p = output_message_buffer->value;
-    token = (gss_cfx_wrap_token)p;
-    token->TOK_ID[0] = 0x05;
-    token->TOK_ID[1] = 0x04;
-    token->Flags     = 0;
-    token->Filler    = 0xFF;
-    if ((context_handle->more_flags & LOCAL) == 0)
-	token->Flags |= CFXSentByAcceptor;
-    if (context_handle->more_flags & ACCEPTOR_SUBKEY)
-	token->Flags |= CFXAcceptorSubkey;
-    if (conf_req_flag) {
-	/*
-	 * In Wrap tokens with confidentiality, the EC field is
-	 * used to encode the size (in bytes) of the random filler.
-	 */
-	token->Flags |= CFXSealed;
-	token->EC[0] = (padlength >> 8) & 0xFF;
-	token->EC[1] = (padlength >> 0) & 0xFF;
-    } else {
-	/*
-	 * In Wrap tokens without confidentiality, the EC field is
-	 * used to encode the size (in bytes) of the trailing
-	 * checksum.
-	 *
-	 * This is not used in the checksum calcuation itself,
-	 * because the checksum length could potentially vary
-	 * depending on the data length.
-	 */
-	token->EC[0] = 0;
-	token->EC[1] = 0;
-    }
-
-    /*
-     * In Wrap tokens that provide for confidentiality, the RRC
-     * field in the header contains the hex value 00 00 before
-     * encryption.
-     *
-     * In Wrap tokens that do not provide for confidentiality,
-     * both the EC and RRC fields in the appended checksum
-     * contain the hex value 00 00 for the purpose of calculating
-     * the checksum.
-     */
-    token->RRC[0] = 0;
-    token->RRC[1] = 0;
-
-    HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
-    krb5_auth_con_getlocalseqnumber(context,
-				    context_handle->auth_context,
-				    &seq_number);
-    _gsskrb5_encode_be_om_uint32(0,          &token->SND_SEQ[0]);
-    _gsskrb5_encode_be_om_uint32(seq_number, &token->SND_SEQ[4]);
-    krb5_auth_con_setlocalseqnumber(context,
-				    context_handle->auth_context,
-				    ++seq_number);
-    HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-
-    /*
-     * If confidentiality is requested, the token header is
-     * appended to the plaintext before encryption; the resulting
-     * token is {"header" | encrypt(plaintext | pad | "header")}.
-     *
-     * If no confidentiality is requested, the checksum is
-     * calculated over the plaintext concatenated with the
-     * token header.
-     */
-    if (context_handle->more_flags & LOCAL) {
-	usage = KRB5_KU_USAGE_INITIATOR_SEAL;
-    } else {
-	usage = KRB5_KU_USAGE_ACCEPTOR_SEAL;
-    }
-
-    if (conf_req_flag) {
-	/*
-	 * Any necessary padding is added here to ensure that the
-	 * encrypted token header is always at the end of the
-	 * ciphertext.
-	 *
-	 * The specification does not require that the padding
-	 * bytes are initialized.
-	 */
-	p += sizeof(*token);
-	memcpy(p, input_message_buffer->value, input_message_buffer->length);
-	memset(p + input_message_buffer->length, 0xFF, padlength);
-	memcpy(p + input_message_buffer->length + padlength,
-	       token, sizeof(*token));
-
-	ret = krb5_encrypt(context, crypto,
-			   usage, p,
-			   input_message_buffer->length + padlength +
-				sizeof(*token),
-			   &cipher);
-	if (ret != 0) {
-	    *minor_status = ret;
-	    krb5_crypto_destroy(context, crypto);
-	    _gsskrb5_release_buffer(minor_status, output_message_buffer);
-	    return GSS_S_FAILURE;
-	}
-	assert(sizeof(*token) + cipher.length == wrapped_len);
-	token->RRC[0] = (rrc >> 8) & 0xFF;  
-	token->RRC[1] = (rrc >> 0) & 0xFF;
-
-	ret = rrc_rotate(cipher.data, cipher.length, rrc, FALSE);
-	if (ret != 0) {
-	    *minor_status = ret;
-	    krb5_crypto_destroy(context, crypto);
-	    _gsskrb5_release_buffer(minor_status, output_message_buffer);
-	    return GSS_S_FAILURE;
-	}
-	memcpy(p, cipher.data, cipher.length);
-	krb5_data_free(&cipher);
-    } else {
-	char *buf;
-	Checksum cksum;
-
-	buf = malloc(input_message_buffer->length + sizeof(*token));
-	if (buf == NULL) {
-	    *minor_status = ENOMEM;
-	    krb5_crypto_destroy(context, crypto);
-	    _gsskrb5_release_buffer(minor_status, output_message_buffer);
-	    return GSS_S_FAILURE;
-	}
-	memcpy(buf, input_message_buffer->value, input_message_buffer->length);
-	memcpy(buf + input_message_buffer->length, token, sizeof(*token));
-
-	ret = krb5_create_checksum(context, crypto,
-				   usage, 0, buf, 
-				   input_message_buffer->length +
-					sizeof(*token), 
-				   &cksum);
-	if (ret != 0) {
-	    *minor_status = ret;
-	    krb5_crypto_destroy(context, crypto);
-	    _gsskrb5_release_buffer(minor_status, output_message_buffer);
-	    free(buf);
-	    return GSS_S_FAILURE;
-	}
-
-	free(buf);
-
-	assert(cksum.checksum.length == cksumsize);
-	token->EC[0] =  (cksum.checksum.length >> 8) & 0xFF;
-	token->EC[1] =  (cksum.checksum.length >> 0) & 0xFF;
-	token->RRC[0] = (rrc >> 8) & 0xFF;  
-	token->RRC[1] = (rrc >> 0) & 0xFF;
-
-	p += sizeof(*token);
-	memcpy(p, input_message_buffer->value, input_message_buffer->length);
-	memcpy(p + input_message_buffer->length,
-	       cksum.checksum.data, cksum.checksum.length);
-
-	ret = rrc_rotate(p,
-	    input_message_buffer->length + cksum.checksum.length, rrc, FALSE);
-	if (ret != 0) {
-	    *minor_status = ret;
-	    krb5_crypto_destroy(context, crypto);
-	    _gsskrb5_release_buffer(minor_status, output_message_buffer);
-	    free_Checksum(&cksum);
-	    return GSS_S_FAILURE;
-	}
-	free_Checksum(&cksum);
-    }
-
-    krb5_crypto_destroy(context, crypto);
-
-    if (conf_state != NULL) {
-	*conf_state = conf_req_flag;
-    }
-
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
-
-OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status,
-			     const gsskrb5_ctx context_handle,
-			     krb5_context context,
-			     const gss_buffer_t input_message_buffer,
-			     gss_buffer_t output_message_buffer,
-			     int *conf_state,
-			     gss_qop_t *qop_state,
-			     krb5_keyblock *key)
-{
-    krb5_crypto crypto;
-    gss_cfx_wrap_token token;
-    u_char token_flags;
-    krb5_error_code ret;
-    unsigned usage;
-    krb5_data data;
-    uint16_t ec, rrc;
-    OM_uint32 seq_number_lo, seq_number_hi;
-    size_t len;
-    u_char *p;
-
-    *minor_status = 0;
-
-    if (input_message_buffer->length < sizeof(*token)) {
-	return GSS_S_DEFECTIVE_TOKEN;
-    }
-
-    p = input_message_buffer->value;
-
-    token = (gss_cfx_wrap_token)p;
-
-    if (token->TOK_ID[0] != 0x05 || token->TOK_ID[1] != 0x04) {
-	return GSS_S_DEFECTIVE_TOKEN;
-    }
-
-    /* Ignore unknown flags */
-    token_flags = token->Flags &
-	(CFXSentByAcceptor | CFXSealed | CFXAcceptorSubkey);
-
-    if (token_flags & CFXSentByAcceptor) {
-	if ((context_handle->more_flags & LOCAL) == 0)
-	    return GSS_S_DEFECTIVE_TOKEN;
-    }
-
-    if (context_handle->more_flags & ACCEPTOR_SUBKEY) {
-	if ((token_flags & CFXAcceptorSubkey) == 0)
-	    return GSS_S_DEFECTIVE_TOKEN;
-    } else {
-	if (token_flags & CFXAcceptorSubkey)
-	    return GSS_S_DEFECTIVE_TOKEN;
-    }
-
-    if (token->Filler != 0xFF) {
-	return GSS_S_DEFECTIVE_TOKEN;
-    }
-
-    if (conf_state != NULL) {
-	*conf_state = (token_flags & CFXSealed) ? 1 : 0;
-    }
-
-    ec  = (token->EC[0]  << 8) | token->EC[1];
-    rrc = (token->RRC[0] << 8) | token->RRC[1];
-
-    /*
-     * Check sequence number
-     */
-    _gsskrb5_decode_be_om_uint32(&token->SND_SEQ[0], &seq_number_hi);
-    _gsskrb5_decode_be_om_uint32(&token->SND_SEQ[4], &seq_number_lo);
-    if (seq_number_hi) {
-	/* no support for 64-bit sequence numbers */
-	*minor_status = ERANGE;
-	return GSS_S_UNSEQ_TOKEN;
-    }
-
-    HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
-    ret = _gssapi_msg_order_check(context_handle->order, seq_number_lo);
-    if (ret != 0) {
-	*minor_status = 0;
-	HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-	_gsskrb5_release_buffer(minor_status, output_message_buffer);
-	return ret;
-    }
-    HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-
-    /*
-     * Decrypt and/or verify checksum
-     */
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret != 0) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    if (context_handle->more_flags & LOCAL) {
-	usage = KRB5_KU_USAGE_ACCEPTOR_SEAL;
-    } else {
-	usage = KRB5_KU_USAGE_INITIATOR_SEAL;
-    }
-
-    p += sizeof(*token);
-    len = input_message_buffer->length;
-    len -= (p - (u_char *)input_message_buffer->value);
-
-    /* Rotate by RRC; bogus to do this in-place XXX */
-    *minor_status = rrc_rotate(p, len, rrc, TRUE);
-    if (*minor_status != 0) {
-	krb5_crypto_destroy(context, crypto);
-	return GSS_S_FAILURE;
-    }
-
-    if (token_flags & CFXSealed) {
-	ret = krb5_decrypt(context, crypto, usage,
-	    p, len, &data);
-	if (ret != 0) {
-	    *minor_status = ret;
-	    krb5_crypto_destroy(context, crypto);
-	    return GSS_S_BAD_MIC;
-	}
-
-	/* Check that there is room for the pad and token header */
-	if (data.length < ec + sizeof(*token)) {
-	    krb5_crypto_destroy(context, crypto);
-	    krb5_data_free(&data);
-	    return GSS_S_DEFECTIVE_TOKEN;
-	}
-	p = data.data;
-	p += data.length - sizeof(*token);
-
-	/* RRC is unprotected; don't modify input buffer */
-	((gss_cfx_wrap_token)p)->RRC[0] = token->RRC[0];
-	((gss_cfx_wrap_token)p)->RRC[1] = token->RRC[1];
-
-	/* Check the integrity of the header */
-	if (memcmp(p, token, sizeof(*token)) != 0) {
-	    krb5_crypto_destroy(context, crypto);
-	    krb5_data_free(&data);
-	    return GSS_S_BAD_MIC;
-	}
-
-	output_message_buffer->value = data.data;
-	output_message_buffer->length = data.length - ec - sizeof(*token);
-    } else {
-	Checksum cksum;
-
-	/* Determine checksum type */
-	ret = krb5_crypto_get_checksum_type(context,
-					    crypto, &cksum.cksumtype);
-	if (ret != 0) {
-	    *minor_status = ret;
-	    krb5_crypto_destroy(context, crypto);
-	    return GSS_S_FAILURE;
-	}
-
-	cksum.checksum.length = ec;
-
-	/* Check we have at least as much data as the checksum */
-	if (len < cksum.checksum.length) {
-	    *minor_status = ERANGE;
-	    krb5_crypto_destroy(context, crypto);
-	    return GSS_S_BAD_MIC;
-	}
-
-	/* Length now is of the plaintext only, no checksum */
-	len -= cksum.checksum.length;
-	cksum.checksum.data = p + len;
-
-	output_message_buffer->length = len; /* for later */
-	output_message_buffer->value = malloc(len + sizeof(*token));
-	if (output_message_buffer->value == NULL) {
-	    *minor_status = ENOMEM;
-	    krb5_crypto_destroy(context, crypto);
-	    return GSS_S_FAILURE;
-	}
-
-	/* Checksum is over (plaintext-data | "header") */
-	memcpy(output_message_buffer->value, p, len);
-	memcpy((u_char *)output_message_buffer->value + len, 
-	       token, sizeof(*token));
-
-	/* EC is not included in checksum calculation */
-	token = (gss_cfx_wrap_token)((u_char *)output_message_buffer->value +
-				     len);
-	token->EC[0]  = 0;
-	token->EC[1]  = 0;
-	token->RRC[0] = 0;
-	token->RRC[1] = 0;
-
-	ret = krb5_verify_checksum(context, crypto,
-				   usage,
-				   output_message_buffer->value,
-				   len + sizeof(*token),
-				   &cksum);
-	if (ret != 0) {
-	    *minor_status = ret;
-	    krb5_crypto_destroy(context, crypto);
-	    _gsskrb5_release_buffer(minor_status, output_message_buffer);
-	    return GSS_S_BAD_MIC;
-	}
-    }
-
-    krb5_crypto_destroy(context, crypto);
-
-    if (qop_state != NULL) {
-	*qop_state = GSS_C_QOP_DEFAULT;
-    }
-
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
-
-OM_uint32 _gssapi_mic_cfx(OM_uint32 *minor_status,
-			  const gsskrb5_ctx context_handle,
-			  krb5_context context,
-			  gss_qop_t qop_req,
-			  const gss_buffer_t message_buffer,
-			  gss_buffer_t message_token,
-			  krb5_keyblock *key)
-{
-    krb5_crypto crypto;
-    gss_cfx_mic_token token;
-    krb5_error_code ret;
-    unsigned usage;
-    Checksum cksum;
-    u_char *buf;
-    size_t len;
-    int32_t seq_number;
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret != 0) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    len = message_buffer->length + sizeof(*token);
-    buf = malloc(len);
-    if (buf == NULL) {
-	*minor_status = ENOMEM;
-	krb5_crypto_destroy(context, crypto);
-	return GSS_S_FAILURE;
-    }
-
-    memcpy(buf, message_buffer->value, message_buffer->length);
-
-    token = (gss_cfx_mic_token)(buf + message_buffer->length);
-    token->TOK_ID[0] = 0x04;
-    token->TOK_ID[1] = 0x04;
-    token->Flags = 0;
-    if ((context_handle->more_flags & LOCAL) == 0)
-	token->Flags |= CFXSentByAcceptor;
-    if (context_handle->more_flags & ACCEPTOR_SUBKEY)
-	token->Flags |= CFXAcceptorSubkey;
-    memset(token->Filler, 0xFF, 5);
-
-    HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
-    krb5_auth_con_getlocalseqnumber(context,
-				    context_handle->auth_context,
-				    &seq_number);
-    _gsskrb5_encode_be_om_uint32(0,          &token->SND_SEQ[0]);
-    _gsskrb5_encode_be_om_uint32(seq_number, &token->SND_SEQ[4]);
-    krb5_auth_con_setlocalseqnumber(context,
-				    context_handle->auth_context,
-				    ++seq_number);
-    HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-
-    if (context_handle->more_flags & LOCAL) {
-	usage = KRB5_KU_USAGE_INITIATOR_SIGN;
-    } else {
-	usage = KRB5_KU_USAGE_ACCEPTOR_SIGN;
-    }
-
-    ret = krb5_create_checksum(context, crypto,
-	usage, 0, buf, len, &cksum);
-    if (ret != 0) {
-	*minor_status = ret;
-	krb5_crypto_destroy(context, crypto);
-	free(buf);
-	return GSS_S_FAILURE;
-    }
-    krb5_crypto_destroy(context, crypto);
-
-    /* Determine MIC length */
-    message_token->length = sizeof(*token) + cksum.checksum.length;
-    message_token->value = malloc(message_token->length);
-    if (message_token->value == NULL) {
-	*minor_status = ENOMEM;
-	free_Checksum(&cksum);
-	free(buf);
-	return GSS_S_FAILURE;
-    }
-
-    /* Token is { "header" | get_mic("header" | plaintext-data) } */
-    memcpy(message_token->value, token, sizeof(*token));
-    memcpy((u_char *)message_token->value + sizeof(*token),
-	   cksum.checksum.data, cksum.checksum.length);
-
-    free_Checksum(&cksum);
-    free(buf);
-
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
-
-OM_uint32 _gssapi_verify_mic_cfx(OM_uint32 *minor_status,
-				 const gsskrb5_ctx context_handle,
-				 krb5_context context,
-				 const gss_buffer_t message_buffer,
-				 const gss_buffer_t token_buffer,
-				 gss_qop_t *qop_state,
-				 krb5_keyblock *key)
-{
-    krb5_crypto crypto;
-    gss_cfx_mic_token token;
-    u_char token_flags;
-    krb5_error_code ret;
-    unsigned usage;
-    OM_uint32 seq_number_lo, seq_number_hi;
-    u_char *buf, *p;
-    Checksum cksum;
-
-    *minor_status = 0;
-
-    if (token_buffer->length < sizeof(*token)) {
-	return GSS_S_DEFECTIVE_TOKEN;
-    }
-
-    p = token_buffer->value;
-
-    token = (gss_cfx_mic_token)p;
-
-    if (token->TOK_ID[0] != 0x04 || token->TOK_ID[1] != 0x04) {
-	return GSS_S_DEFECTIVE_TOKEN;
-    }
-
-    /* Ignore unknown flags */
-    token_flags = token->Flags & (CFXSentByAcceptor | CFXAcceptorSubkey);
-
-    if (token_flags & CFXSentByAcceptor) {
-	if ((context_handle->more_flags & LOCAL) == 0)
-	    return GSS_S_DEFECTIVE_TOKEN;
-    }
-    if (context_handle->more_flags & ACCEPTOR_SUBKEY) {
-	if ((token_flags & CFXAcceptorSubkey) == 0)
-	    return GSS_S_DEFECTIVE_TOKEN;
-    } else {
-	if (token_flags & CFXAcceptorSubkey)
-	    return GSS_S_DEFECTIVE_TOKEN;
-    }
-
-    if (memcmp(token->Filler, "\xff\xff\xff\xff\xff", 5) != 0) {
-	return GSS_S_DEFECTIVE_TOKEN;
-    }
-
-    /*
-     * Check sequence number
-     */
-    _gsskrb5_decode_be_om_uint32(&token->SND_SEQ[0], &seq_number_hi);
-    _gsskrb5_decode_be_om_uint32(&token->SND_SEQ[4], &seq_number_lo);
-    if (seq_number_hi) {
-	*minor_status = ERANGE;
-	return GSS_S_UNSEQ_TOKEN;
-    }
-
-    HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
-    ret = _gssapi_msg_order_check(context_handle->order, seq_number_lo);
-    if (ret != 0) {
-	*minor_status = 0;
-	HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-	return ret;
-    }
-    HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-
-    /*
-     * Verify checksum
-     */
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret != 0) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    ret = krb5_crypto_get_checksum_type(context, crypto,
-					&cksum.cksumtype);
-    if (ret != 0) {
-	*minor_status = ret;
-	krb5_crypto_destroy(context, crypto);
-	return GSS_S_FAILURE;
-    }
-
-    cksum.checksum.data = p + sizeof(*token);
-    cksum.checksum.length = token_buffer->length - sizeof(*token);
-
-    if (context_handle->more_flags & LOCAL) {
-	usage = KRB5_KU_USAGE_ACCEPTOR_SIGN;
-    } else {
-	usage = KRB5_KU_USAGE_INITIATOR_SIGN;
-    }
-
-    buf = malloc(message_buffer->length + sizeof(*token));
-    if (buf == NULL) {
-	*minor_status = ENOMEM;
-	krb5_crypto_destroy(context, crypto);
-	return GSS_S_FAILURE;
-    }
-    memcpy(buf, message_buffer->value, message_buffer->length);
-    memcpy(buf + message_buffer->length, token, sizeof(*token));
-
-    ret = krb5_verify_checksum(context, crypto,
-			       usage,
-			       buf,
-			       sizeof(*token) + message_buffer->length,
-			       &cksum);
-    krb5_crypto_destroy(context, crypto);
-    if (ret != 0) {
-	*minor_status = ret;
-	free(buf);
-	return GSS_S_BAD_MIC;
-    }
-
-    free(buf);
-
-    if (qop_state != NULL) {
-	*qop_state = GSS_C_QOP_DEFAULT;
-    }
-
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/cfx.h b/crypto/heimdal/lib/gssapi/krb5/cfx.h
deleted file mode 100644
index 672704a8418d..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/cfx.h
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Copyright (c) 2003, PADL Software Pty Ltd.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of PADL Software nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: cfx.h 19031 2006-11-13 18:02:57Z lha $ */
-
-#ifndef GSSAPI_CFX_H_
-#define GSSAPI_CFX_H_ 1
-
-/*
- * Implementation of draft-ietf-krb-wg-gssapi-cfx-01.txt
- */
-
-typedef struct gss_cfx_mic_token_desc_struct {
-	u_char TOK_ID[2]; /* 04 04 */
-	u_char Flags;
-	u_char Filler[5];
-	u_char SND_SEQ[8];
-} gss_cfx_mic_token_desc, *gss_cfx_mic_token;
-
-typedef struct gss_cfx_wrap_token_desc_struct {
-	u_char TOK_ID[2]; /* 04 05 */
-	u_char Flags;
-	u_char Filler;
-	u_char EC[2];
-	u_char RRC[2];
-	u_char SND_SEQ[8];
-} gss_cfx_wrap_token_desc, *gss_cfx_wrap_token;
-
-typedef struct gss_cfx_delete_token_desc_struct {
-	u_char TOK_ID[2]; /* 05 04 */
-	u_char Flags;
-	u_char Filler[5];
-	u_char SND_SEQ[8];
-} gss_cfx_delete_token_desc, *gss_cfx_delete_token;
-
-#endif /* GSSAPI_CFX_H_ */
diff --git a/crypto/heimdal/lib/gssapi/krb5/compare_name.c b/crypto/heimdal/lib/gssapi/krb5/compare_name.c
deleted file mode 100644
index 3f3b59d11621..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/compare_name.c
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (c) 1997-2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: compare_name.c 19031 2006-11-13 18:02:57Z lha $");
-
-OM_uint32 _gsskrb5_compare_name
-           (OM_uint32 * minor_status,
-            const gss_name_t name1,
-            const gss_name_t name2,
-            int * name_equal
-           )
-{
-    krb5_const_principal princ1 = (krb5_const_principal)name1;
-    krb5_const_principal princ2 = (krb5_const_principal)name2;
-    krb5_context context;
-
-    GSSAPI_KRB5_INIT(&context);
-
-    *name_equal = krb5_principal_compare (context,
-					  princ1, princ2);
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/compat.c b/crypto/heimdal/lib/gssapi/krb5/compat.c
deleted file mode 100644
index a0f075621a49..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/compat.c
+++ /dev/null
@@ -1,128 +0,0 @@
-/*
- * Copyright (c) 2003 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: compat.c 19031 2006-11-13 18:02:57Z lha $");
-
-
-static krb5_error_code
-check_compat(OM_uint32 *minor_status, 
-	     krb5_context context, krb5_const_principal name, 
-	     const char *option, krb5_boolean *compat, 
-	     krb5_boolean match_val)
-{
-    krb5_error_code ret = 0;
-    char **p, **q;
-    krb5_principal match;
-
-
-    p = krb5_config_get_strings(context, NULL, "gssapi",
-				option, NULL);
-    if(p == NULL)
-	return 0;
-
-    match = NULL;
-    for(q = p; *q; q++) {
-	ret = krb5_parse_name(context, *q, &match);
-	if (ret)
-	    break;
-
-	if (krb5_principal_match(context, name, match)) {
-	    *compat = match_val;
-	    break;
-	}
-	
-	krb5_free_principal(context, match);
-	match = NULL;
-    }
-    if (match)
-	krb5_free_principal(context, match);
-    krb5_config_free_strings(p);
-
-    if (ret) {
-	if (minor_status)
-	    *minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    return 0;
-}
-
-/*
- * ctx->ctx_id_mutex is assumed to be locked
- */
-
-OM_uint32
-_gss_DES3_get_mic_compat(OM_uint32 *minor_status,
-			 gsskrb5_ctx ctx,
-			 krb5_context context)
-{
-    krb5_boolean use_compat = FALSE;
-    OM_uint32 ret;
-
-    if ((ctx->more_flags & COMPAT_OLD_DES3_SELECTED) == 0) {
-	ret = check_compat(minor_status, context, ctx->target, 
-			   "broken_des3_mic", &use_compat, TRUE);
-	if (ret)
-	    return ret;
-	ret = check_compat(minor_status, context, ctx->target, 
-			   "correct_des3_mic", &use_compat, FALSE);
-	if (ret)
-	    return ret;
-
-	if (use_compat)
-	    ctx->more_flags |= COMPAT_OLD_DES3;
-	ctx->more_flags |= COMPAT_OLD_DES3_SELECTED;
-    }
-    return 0;
-}
-
-#if 0
-OM_uint32
-gss_krb5_compat_des3_mic(OM_uint32 *minor_status, gss_ctx_id_t ctx, int on)
-{
-    *minor_status = 0;
-
-    HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-    if (on) {
-	ctx->more_flags |= COMPAT_OLD_DES3;
-    } else {
-	ctx->more_flags &= ~COMPAT_OLD_DES3;
-    }
-    ctx->more_flags |= COMPAT_OLD_DES3_SELECTED;
-    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-
-    return 0;
-}
-#endif
diff --git a/crypto/heimdal/lib/gssapi/krb5/context_time.c b/crypto/heimdal/lib/gssapi/krb5/context_time.c
deleted file mode 100644
index b57ac7854e69..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/context_time.c
+++ /dev/null
@@ -1,95 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: context_time.c 19031 2006-11-13 18:02:57Z lha $");
-
-OM_uint32
-_gsskrb5_lifetime_left(OM_uint32 *minor_status, 
-		       krb5_context context,
-		       OM_uint32 lifetime,
-		       OM_uint32 *lifetime_rec)
-{
-    krb5_timestamp timeret;
-    krb5_error_code kret;
-
-    if (lifetime == 0) {
-	*lifetime_rec = GSS_C_INDEFINITE;
-	return GSS_S_COMPLETE;
-    }
-
-    kret = krb5_timeofday(context, &timeret);
-    if (kret) {
-	*minor_status = kret;
-	return GSS_S_FAILURE;
-    }
-
-    if (lifetime < timeret) 
-	*lifetime_rec = 0;
-    else
-	*lifetime_rec = lifetime - timeret;
-
-    return GSS_S_COMPLETE;
-}
-
-
-OM_uint32 _gsskrb5_context_time
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            OM_uint32 * time_rec
-           )
-{
-    krb5_context context;
-    OM_uint32 lifetime;
-    OM_uint32 major_status;
-    const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
-
-    GSSAPI_KRB5_INIT (&context);
-
-    HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-    lifetime = ctx->lifetime;
-    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-
-    major_status = _gsskrb5_lifetime_left(minor_status, context,
-					  lifetime, time_rec);
-    if (major_status != GSS_S_COMPLETE)
-	return major_status;
-
-    *minor_status = 0;
-
-    if (*time_rec == 0)
-	return GSS_S_CONTEXT_EXPIRED;
-	
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/copy_ccache.c b/crypto/heimdal/lib/gssapi/krb5/copy_ccache.c
deleted file mode 100644
index 66d797c19933..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/copy_ccache.c
+++ /dev/null
@@ -1,195 +0,0 @@
-/*
- * Copyright (c) 2000 - 2001, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: copy_ccache.c 20688 2007-05-17 18:44:31Z lha $");
-
-#if 0
-OM_uint32
-gss_krb5_copy_ccache(OM_uint32 *minor_status,
-		     krb5_context context,
-		     gss_cred_id_t cred,
-		     krb5_ccache out)
-{
-    krb5_error_code kret;
-
-    HEIMDAL_MUTEX_lock(&cred->cred_id_mutex);
-
-    if (cred->ccache == NULL) {
-	HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
-	*minor_status = EINVAL;
-	return GSS_S_FAILURE;
-    }
-
-    kret = krb5_cc_copy_cache(context, cred->ccache, out);
-    HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
-    if (kret) {
-	*minor_status = kret;
-	return GSS_S_FAILURE;
-    }
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
-#endif
-
-
-OM_uint32
-_gsskrb5_import_cred(OM_uint32 *minor_status,
-		     krb5_ccache id,
-		     krb5_principal keytab_principal,
-		     krb5_keytab keytab,
-		     gss_cred_id_t *cred)
-{
-    krb5_context context;
-    krb5_error_code kret;
-    gsskrb5_cred handle;
-    OM_uint32 ret;
-
-    *cred = NULL;
-
-    GSSAPI_KRB5_INIT (&context);
-
-    handle = calloc(1, sizeof(*handle));
-    if (handle == NULL) {
-	_gsskrb5_clear_status ();
-	*minor_status = ENOMEM;
-        return (GSS_S_FAILURE);
-    }
-    HEIMDAL_MUTEX_init(&handle->cred_id_mutex);
-
-    handle->usage = 0;
-
-    if (id) {
-	char *str;
-
-	handle->usage |= GSS_C_INITIATE;
-
-	kret = krb5_cc_get_principal(context, id,
-				     &handle->principal);
-	if (kret) {
-	    free(handle);
-	    *minor_status = kret;
-	    return GSS_S_FAILURE;
-	}
-	
-	if (keytab_principal) {
-	    krb5_boolean match;
-
-	    match = krb5_principal_compare(context,
-					   handle->principal,
-					   keytab_principal);
-	    if (match == FALSE) {
-		krb5_free_principal(context, handle->principal);
-		free(handle);
-		_gsskrb5_clear_status ();
-		*minor_status = EINVAL;
-		return GSS_S_FAILURE;
-	    }
-	}
-
-	ret = __gsskrb5_ccache_lifetime(minor_status,
-					context,
-					id,
-					handle->principal,
-					&handle->lifetime);
-	if (ret != GSS_S_COMPLETE) {
-	    krb5_free_principal(context, handle->principal);
-	    free(handle);
-	    return ret;
-	}
-
-
-	kret = krb5_cc_get_full_name(context, id, &str);
-	if (kret)
-	    goto out;
-
-	kret = krb5_cc_resolve(context, str, &handle->ccache);
-	free(str);
-	if (kret)
-	    goto out;
-    }
-
-
-    if (keytab) {
-	char *str;
-
-	handle->usage |= GSS_C_ACCEPT;
-
-	if (keytab_principal && handle->principal == NULL) {
-	    kret = krb5_copy_principal(context, 
-				       keytab_principal, 
-				       &handle->principal);
-	    if (kret)
-		goto out;
-	}
-
-	kret = krb5_kt_get_full_name(context, keytab, &str);
-	if (kret)
-	    goto out;
-
-	kret = krb5_kt_resolve(context, str, &handle->keytab);
-	free(str);
-	if (kret)
-	    goto out;
-    }
-
-
-    if (id || keytab) {
-	ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms);
-	if (ret == GSS_S_COMPLETE)
-	    ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
-					 &handle->mechanisms);
-	if (ret != GSS_S_COMPLETE) {
-	    kret = *minor_status;
-	    goto out;
-	}
-    }
-
-    *minor_status = 0;
-    *cred = (gss_cred_id_t)handle;
-    return GSS_S_COMPLETE;
-
-out:
-    gss_release_oid_set(minor_status, &handle->mechanisms);
-    if (handle->ccache)
-	krb5_cc_close(context, handle->ccache);
-    if (handle->keytab)
-	krb5_kt_close(context, handle->keytab);
-    if (handle->principal)
-	krb5_free_principal(context, handle->principal);
-    HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
-    free(handle);
-    *minor_status = kret;
-    return GSS_S_FAILURE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/decapsulate.c b/crypto/heimdal/lib/gssapi/krb5/decapsulate.c
deleted file mode 100644
index 39176faff442..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/decapsulate.c
+++ /dev/null
@@ -1,209 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: decapsulate.c 18334 2006-10-07 22:16:04Z lha $");
-
-/*
- * return the length of the mechanism in token or -1
- * (which implies that the token was bad - GSS_S_DEFECTIVE_TOKEN
- */
-
-ssize_t
-_gsskrb5_get_mech (const u_char *ptr,
-		      size_t total_len,
-		      const u_char **mech_ret)
-{
-    size_t len, len_len, mech_len, foo;
-    const u_char *p = ptr;
-    int e;
-
-    if (total_len < 1)
-	return -1;
-    if (*p++ != 0x60)
-	return -1;
-    e = der_get_length (p, total_len - 1, &len, &len_len);
-    if (e || 1 + len_len + len != total_len)
-	return -1;
-    p += len_len;
-    if (*p++ != 0x06)
-	return -1;
-    e = der_get_length (p, total_len - 1 - len_len - 1,
-			&mech_len, &foo);
-    if (e)
-	return -1;
-    p += foo;
-    *mech_ret = p;
-    return mech_len;
-}
-
-OM_uint32
-_gssapi_verify_mech_header(u_char **str,
-			   size_t total_len,
-			   gss_OID mech)
-{
-    const u_char *p;
-    ssize_t mech_len;
-
-    mech_len = _gsskrb5_get_mech (*str, total_len, &p);
-    if (mech_len < 0)
-	return GSS_S_DEFECTIVE_TOKEN;
-
-    if (mech_len != mech->length)
-	return GSS_S_BAD_MECH;
-    if (memcmp(p,
-	       mech->elements,
-	       mech->length) != 0)
-	return GSS_S_BAD_MECH;
-    p += mech_len;
-    *str = rk_UNCONST(p);
-    return GSS_S_COMPLETE;
-}
-
-OM_uint32
-_gsskrb5_verify_header(u_char **str,
-			  size_t total_len,
-			  const void *type,
-			  gss_OID oid)
-{
-    OM_uint32 ret;
-    size_t len;
-    u_char *p = *str;
-
-    ret = _gssapi_verify_mech_header(str, total_len, oid);
-    if (ret)
-	return ret;
-
-    len = total_len - (*str - p);
-
-    if (len < 2)
-	return GSS_S_DEFECTIVE_TOKEN;
-
-    if (memcmp (*str, type, 2) != 0)
-	return GSS_S_DEFECTIVE_TOKEN;
-    *str += 2;
-
-    return 0;
-}
-
-/*
- * Remove the GSS-API wrapping from `in_token' giving `out_data.
- * Does not copy data, so just free `in_token'.
- */
-
-OM_uint32
-_gssapi_decapsulate(
-    OM_uint32 *minor_status,
-    gss_buffer_t input_token_buffer,
-    krb5_data *out_data,
-    const gss_OID mech
-)
-{
-    u_char *p;
-    OM_uint32 ret;
-
-    p = input_token_buffer->value;
-    ret = _gssapi_verify_mech_header(&p,
-				    input_token_buffer->length,
-				    mech);
-    if (ret) {
-	*minor_status = 0;
-	return ret;
-    }
-
-    out_data->length = input_token_buffer->length -
-	(p - (u_char *)input_token_buffer->value);
-    out_data->data   = p;
-    return GSS_S_COMPLETE;
-}
-
-/*
- * Remove the GSS-API wrapping from `in_token' giving `out_data.
- * Does not copy data, so just free `in_token'.
- */
-
-OM_uint32
-_gsskrb5_decapsulate(OM_uint32 *minor_status,    
-			gss_buffer_t input_token_buffer,
-			krb5_data *out_data,
-			const void *type,
-			gss_OID oid)
-{
-    u_char *p;
-    OM_uint32 ret;
-
-    p = input_token_buffer->value;
-    ret = _gsskrb5_verify_header(&p,
-				    input_token_buffer->length,
-				    type,
-				    oid);
-    if (ret) {
-	*minor_status = 0;
-	return ret;
-    }
-
-    out_data->length = input_token_buffer->length -
-	(p - (u_char *)input_token_buffer->value);
-    out_data->data   = p;
-    return GSS_S_COMPLETE;
-}
-
-/*
- * Verify padding of a gss wrapped message and return its length.
- */
-
-OM_uint32
-_gssapi_verify_pad(gss_buffer_t wrapped_token, 
-		   size_t datalen,
-		   size_t *padlen)
-{
-    u_char *pad;
-    size_t padlength;
-    int i;
-
-    pad = (u_char *)wrapped_token->value + wrapped_token->length - 1;
-    padlength = *pad;
-
-    if (padlength > datalen)
-	return GSS_S_BAD_MECH;
-
-    for (i = padlength; i > 0 && *pad == padlength; i--, pad--)
-	;
-    if (i != 0)
-	return GSS_S_BAD_MIC;
-
-    *padlen = padlength;
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/delete_sec_context.c b/crypto/heimdal/lib/gssapi/krb5/delete_sec_context.c
deleted file mode 100644
index abad98655026..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/delete_sec_context.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: delete_sec_context.c 19031 2006-11-13 18:02:57Z lha $");
-
-OM_uint32
-_gsskrb5_delete_sec_context(OM_uint32 * minor_status,
-			    gss_ctx_id_t * context_handle,
-			    gss_buffer_t output_token)
-{
-    krb5_context context;
-    gsskrb5_ctx ctx;
-
-    GSSAPI_KRB5_INIT (&context);
-
-    *minor_status = 0;
-
-    if (output_token) {
-	output_token->length = 0;
-	output_token->value  = NULL;
-    }
-
-    if (*context_handle == GSS_C_NO_CONTEXT)
-	return GSS_S_COMPLETE;
-
-    ctx = (gsskrb5_ctx) *context_handle;
-    *context_handle = GSS_C_NO_CONTEXT;
-
-    HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-
-    krb5_auth_con_free (context, ctx->auth_context);
-    if(ctx->source)
-	krb5_free_principal (context, ctx->source);
-    if(ctx->target)
-	krb5_free_principal (context, ctx->target);
-    if (ctx->ticket)
-	krb5_free_ticket (context, ctx->ticket);
-    if(ctx->order)
-	_gssapi_msg_order_destroy(&ctx->order);
-    if (ctx->service_keyblock)
-	krb5_free_keyblock (context, ctx->service_keyblock);
-    krb5_data_free(&ctx->fwd_data);
-
-    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-    HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex);
-    memset(ctx, 0, sizeof(*ctx));
-    free (ctx);
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/display_name.c b/crypto/heimdal/lib/gssapi/krb5/display_name.c
deleted file mode 100644
index 727c447d2a06..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/display_name.c
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: display_name.c 21077 2007-06-12 22:42:56Z lha $");
-
-OM_uint32 _gsskrb5_display_name
-           (OM_uint32 * minor_status,
-            const gss_name_t input_name,
-            gss_buffer_t output_name_buffer,
-            gss_OID * output_name_type
-           )
-{
-    krb5_context context;
-    krb5_const_principal name = (krb5_const_principal)input_name;
-    krb5_error_code kret;
-    char *buf;
-    size_t len;
-
-    GSSAPI_KRB5_INIT (&context);
-
-    kret = krb5_unparse_name_flags (context, name,
-				    KRB5_PRINCIPAL_UNPARSE_DISPLAY, &buf);
-    if (kret) {
-	*minor_status = kret;
-	return GSS_S_FAILURE;
-    }
-    len = strlen (buf);
-    output_name_buffer->length = len;
-    output_name_buffer->value  = malloc(len + 1);
-    if (output_name_buffer->value == NULL) {
-	free (buf);
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    memcpy (output_name_buffer->value, buf, len);
-    ((char *)output_name_buffer->value)[len] = '\0';
-    free (buf);
-    if (output_name_type)
-	*output_name_type = GSS_KRB5_NT_PRINCIPAL_NAME;
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/display_status.c b/crypto/heimdal/lib/gssapi/krb5/display_status.c
deleted file mode 100644
index c0192522a72a..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/display_status.c
+++ /dev/null
@@ -1,200 +0,0 @@
-/*
- * Copyright (c) 1998 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: display_status.c 19031 2006-11-13 18:02:57Z lha $");
-
-static const char *
-calling_error(OM_uint32 v)
-{
-    static const char *msgs[] = {
-	NULL,			/* 0 */
-	"A required input parameter could not be read.", /*  */
-	"A required output parameter could not be written.", /*  */
-	"A parameter was malformed"
-    };
-
-    v >>= GSS_C_CALLING_ERROR_OFFSET;
-
-    if (v == 0)
-	return "";
-    else if (v >= sizeof(msgs)/sizeof(*msgs))
-	return "unknown calling error";
-    else
-	return msgs[v];
-}
-
-static const char *
-routine_error(OM_uint32 v)
-{
-    static const char *msgs[] = {
-	NULL,			/* 0 */
-	"An unsupported mechanism was requested",
-	"An invalid name was supplied",
-	"A supplied name was of an unsupported type",
-	"Incorrect channel bindings were supplied",
-	"An invalid status code was supplied",
-	"A token had an invalid MIC",
-	"No credentials were supplied, "
-	"or the credentials were unavailable or inaccessible.",
-	"No context has been established",
-	"A token was invalid",
-	"A credential was invalid",
-	"The referenced credentials have expired",
-	"The context has expired",
-	"Miscellaneous failure (see text)",
-	"The quality-of-protection requested could not be provide",
-	"The operation is forbidden by local security policy",
-	"The operation or option is not available",
-	"The requested credential element already exists",
-	"The provided name was not a mechanism name.",
-    };
-
-    v >>= GSS_C_ROUTINE_ERROR_OFFSET;
-
-    if (v == 0)
-	return "";
-    else if (v >= sizeof(msgs)/sizeof(*msgs))
-	return "unknown routine error";
-    else
-	return msgs[v];
-}
-
-static const char *
-supplementary_error(OM_uint32 v)
-{
-    static const char *msgs[] = {
-	"normal completion",
-	"continuation call to routine required",
-	"duplicate per-message token detected",
-	"timed-out per-message token detected",
-	"reordered (early) per-message token detected",
-	"skipped predecessor token(s) detected"
-    };
-
-    v >>= GSS_C_SUPPLEMENTARY_OFFSET;
-
-    if (v >= sizeof(msgs)/sizeof(*msgs))
-	return "unknown routine error";
-    else
-	return msgs[v];
-}
-
-void
-_gsskrb5_clear_status (void)
-{
-    krb5_context context;
-
-    if (_gsskrb5_init (&context) != 0)
-	return;
-    krb5_clear_error_string(context);
-}
-
-void
-_gsskrb5_set_status (const char *fmt, ...)
-{
-    krb5_context context;
-    va_list args;
-    char *str;
-
-    if (_gsskrb5_init (&context) != 0)
-	return;
-
-    va_start(args, fmt);
-    vasprintf(&str, fmt, args);
-    va_end(args);
-    if (str) {
-	krb5_set_error_string(context, str);
-	free(str);
-    }
-}
-
-OM_uint32 _gsskrb5_display_status
-(OM_uint32		*minor_status,
- OM_uint32		 status_value,
- int			 status_type,
- const gss_OID	 mech_type,
- OM_uint32		*message_context,
- gss_buffer_t	 status_string)
-{
-    krb5_context context;
-    char *buf;
-
-    GSSAPI_KRB5_INIT (&context);
-
-    status_string->length = 0;
-    status_string->value = NULL;
-
-    if (gss_oid_equal(mech_type, GSS_C_NO_OID) == 0 &&
-	gss_oid_equal(mech_type, GSS_KRB5_MECHANISM) == 0) {
-	*minor_status = 0;
-	return GSS_C_GSS_CODE;
-    }
-
-    if (status_type == GSS_C_GSS_CODE) {
-	if (GSS_SUPPLEMENTARY_INFO(status_value))
-	    asprintf(&buf, "%s", 
-		     supplementary_error(GSS_SUPPLEMENTARY_INFO(status_value)));
-	else
-	    asprintf (&buf, "%s %s",
-		      calling_error(GSS_CALLING_ERROR(status_value)),
-		      routine_error(GSS_ROUTINE_ERROR(status_value)));
-    } else if (status_type == GSS_C_MECH_CODE) {
-	buf = krb5_get_error_string(context);
-	if (buf == NULL) {
-	    const char *tmp = krb5_get_err_text (context, status_value);
-	    if (tmp == NULL)
-		asprintf(&buf, "unknown mech error-code %u",
-			 (unsigned)status_value);
-	    else
-		buf = strdup(tmp);
-	}
-    } else {
-	*minor_status = EINVAL;
-	return GSS_S_BAD_STATUS;
-    }
-
-    if (buf == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-
-    *message_context = 0;
-    *minor_status = 0;
-
-    status_string->length = strlen(buf);
-    status_string->value  = buf;
-  
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/duplicate_name.c b/crypto/heimdal/lib/gssapi/krb5/duplicate_name.c
deleted file mode 100644
index 7337f1ab72b8..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/duplicate_name.c
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: duplicate_name.c 19031 2006-11-13 18:02:57Z lha $");
-
-OM_uint32 _gsskrb5_duplicate_name (
-            OM_uint32 * minor_status,
-            const gss_name_t src_name,
-            gss_name_t * dest_name
-           )
-{
-    krb5_context context;
-    krb5_const_principal src = (krb5_const_principal)src_name;
-    krb5_principal *dest = (krb5_principal *)dest_name;
-    krb5_error_code kret;
-
-    GSSAPI_KRB5_INIT (&context);
-
-    kret = krb5_copy_principal (context, src, dest);
-    if (kret) {
-	*minor_status = kret;
-	return GSS_S_FAILURE;
-    } else {
-	*minor_status = 0;
-	return GSS_S_COMPLETE;
-    }
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/encapsulate.c b/crypto/heimdal/lib/gssapi/krb5/encapsulate.c
deleted file mode 100644
index 58dcb5c9c4b2..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/encapsulate.c
+++ /dev/null
@@ -1,155 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: encapsulate.c 18459 2006-10-14 10:12:16Z lha $");
-
-void
-_gssapi_encap_length (size_t data_len,
-		      size_t *len,
-		      size_t *total_len,
-		      const gss_OID mech)
-{
-    size_t len_len;
-
-    *len = 1 + 1 + mech->length + data_len;
-
-    len_len = der_length_len(*len);
-
-    *total_len = 1 + len_len + *len;
-}
-
-void
-_gsskrb5_encap_length (size_t data_len,
-			  size_t *len,
-			  size_t *total_len,
-			  const gss_OID mech)
-{
-    _gssapi_encap_length(data_len + 2, len, total_len, mech);
-}
-
-void *
-_gsskrb5_make_header (void *ptr,
-			 size_t len,
-			 const void *type,
-			 const gss_OID mech)
-{
-    u_char *p = ptr;
-    p = _gssapi_make_mech_header(p, len, mech);
-    memcpy (p, type, 2);
-    p += 2;
-    return p;
-}
-
-void *
-_gssapi_make_mech_header(void *ptr,
-			 size_t len,
-			 const gss_OID mech)
-{
-    u_char *p = ptr;
-    int e;
-    size_t len_len, foo;
-
-    *p++ = 0x60;
-    len_len = der_length_len(len);
-    e = der_put_length (p + len_len - 1, len_len, len, &foo);
-    if(e || foo != len_len)
-	abort ();
-    p += len_len;
-    *p++ = 0x06;
-    *p++ = mech->length;
-    memcpy (p, mech->elements, mech->length);
-    p += mech->length;
-    return p;
-}
-
-/*
- * Give it a krb5_data and it will encapsulate with extra GSS-API wrappings.
- */
-
-OM_uint32
-_gssapi_encapsulate(
-    OM_uint32 *minor_status,
-    const krb5_data *in_data,
-    gss_buffer_t output_token,
-    const gss_OID mech
-)
-{
-    size_t len, outer_len;
-    void *p;
-
-    _gssapi_encap_length (in_data->length, &len, &outer_len, mech);
-    
-    output_token->length = outer_len;
-    output_token->value  = malloc (outer_len);
-    if (output_token->value == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }	
-
-    p = _gssapi_make_mech_header (output_token->value, len, mech);
-    memcpy (p, in_data->data, in_data->length);
-    return GSS_S_COMPLETE;
-}
-
-/*
- * Give it a krb5_data and it will encapsulate with extra GSS-API krb5
- * wrappings.
- */
-
-OM_uint32
-_gsskrb5_encapsulate(
-			OM_uint32 *minor_status,    
-			const krb5_data *in_data,
-			gss_buffer_t output_token,
-			const void *type,
-			const gss_OID mech
-)
-{
-    size_t len, outer_len;
-    u_char *p;
-
-    _gsskrb5_encap_length (in_data->length, &len, &outer_len, mech);
-    
-    output_token->length = outer_len;
-    output_token->value  = malloc (outer_len);
-    if (output_token->value == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }	
-
-    p = _gsskrb5_make_header (output_token->value, len, type, mech);
-    memcpy (p, in_data->data, in_data->length);
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/export_name.c b/crypto/heimdal/lib/gssapi/krb5/export_name.c
deleted file mode 100644
index efa45a2638bf..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/export_name.c
+++ /dev/null
@@ -1,94 +0,0 @@
-/*
- * Copyright (c) 1997, 1999, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: export_name.c 19031 2006-11-13 18:02:57Z lha $");
-
-OM_uint32 _gsskrb5_export_name
-           (OM_uint32  * minor_status,
-            const gss_name_t input_name,
-            gss_buffer_t exported_name
-           )
-{
-    krb5_context context;
-    krb5_const_principal princ = (krb5_const_principal)input_name;
-    krb5_error_code kret;
-    char *buf, *name;
-    size_t len;
-
-    GSSAPI_KRB5_INIT (&context);
-
-    kret = krb5_unparse_name (context, princ, &name);
-    if (kret) {
-	*minor_status = kret;
-	return GSS_S_FAILURE;
-    }
-    len = strlen (name);
-
-    exported_name->length = 10 + len + GSS_KRB5_MECHANISM->length;
-    exported_name->value  = malloc(exported_name->length);
-    if (exported_name->value == NULL) {
-	free (name);
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-
-    /* TOK, MECH_OID_LEN, DER(MECH_OID), NAME_LEN, NAME */
-
-    buf = exported_name->value;
-    memcpy(buf, "\x04\x01", 2);
-    buf += 2;
-    buf[0] = ((GSS_KRB5_MECHANISM->length + 2) >> 8) & 0xff;
-    buf[1] = (GSS_KRB5_MECHANISM->length + 2) & 0xff;
-    buf+= 2;
-    buf[0] = 0x06;
-    buf[1] = (GSS_KRB5_MECHANISM->length) & 0xFF;
-    buf+= 2;
-
-    memcpy(buf, GSS_KRB5_MECHANISM->elements, GSS_KRB5_MECHANISM->length);
-    buf += GSS_KRB5_MECHANISM->length;
-
-    buf[0] = (len >> 24) & 0xff;
-    buf[1] = (len >> 16) & 0xff;
-    buf[2] = (len >> 8) & 0xff;
-    buf[3] = (len) & 0xff;
-    buf += 4;
-
-    memcpy (buf, name, len);
-
-    free (name);
-
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/export_sec_context.c b/crypto/heimdal/lib/gssapi/krb5/export_sec_context.c
deleted file mode 100644
index 00218617a07b..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/export_sec_context.c
+++ /dev/null
@@ -1,240 +0,0 @@
-/*
- * Copyright (c) 1999 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: export_sec_context.c 19031 2006-11-13 18:02:57Z lha $");
-
-OM_uint32
-_gsskrb5_export_sec_context (
-    OM_uint32 * minor_status,
-    gss_ctx_id_t * context_handle,
-    gss_buffer_t interprocess_token
-    )
-{
-    krb5_context context;
-    const gsskrb5_ctx ctx = (const gsskrb5_ctx) *context_handle;
-    krb5_storage *sp;
-    krb5_auth_context ac;
-    OM_uint32 ret = GSS_S_COMPLETE;
-    krb5_data data;
-    gss_buffer_desc buffer;
-    int flags;
-    OM_uint32 minor;
-    krb5_error_code kret;
-
-    GSSAPI_KRB5_INIT (&context);
-
-    HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-
-    if (!(ctx->flags & GSS_C_TRANS_FLAG)) {
-	HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-	*minor_status = 0;
-	return GSS_S_UNAVAILABLE;
-    }
-
-    sp = krb5_storage_emem ();
-    if (sp == NULL) {
-	HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    ac = ctx->auth_context;
-
-    /* flagging included fields */
-
-    flags = 0;
-    if (ac->local_address)
-	flags |= SC_LOCAL_ADDRESS;
-    if (ac->remote_address)
-	flags |= SC_REMOTE_ADDRESS;
-    if (ac->keyblock)
-	flags |= SC_KEYBLOCK;
-    if (ac->local_subkey)
-	flags |= SC_LOCAL_SUBKEY;
-    if (ac->remote_subkey)
-	flags |= SC_REMOTE_SUBKEY;
-
-    kret = krb5_store_int32 (sp, flags);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-
-    /* marshall auth context */
-
-    kret = krb5_store_int32 (sp, ac->flags);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-    if (ac->local_address) {
-	kret = krb5_store_address (sp, *ac->local_address);
-	if (kret) {
-	    *minor_status = kret;
-	    goto failure;
-	}
-    }
-    if (ac->remote_address) {
-	kret = krb5_store_address (sp, *ac->remote_address);
-	if (kret) {
-	    *minor_status = kret;
-	    goto failure;
-	}
-    }
-    kret = krb5_store_int16 (sp, ac->local_port);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-    kret = krb5_store_int16 (sp, ac->remote_port);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-    if (ac->keyblock) {
-	kret = krb5_store_keyblock (sp, *ac->keyblock);
-	if (kret) {
-	    *minor_status = kret;
-	    goto failure;
-	}
-    }
-    if (ac->local_subkey) {
-	kret = krb5_store_keyblock (sp, *ac->local_subkey);
-	if (kret) {
-	    *minor_status = kret;
-	    goto failure;
-	}
-    }
-    if (ac->remote_subkey) {
-	kret = krb5_store_keyblock (sp, *ac->remote_subkey);
-	if (kret) {
-	    *minor_status = kret;
-	    goto failure;
-	}
-    }
-    kret = krb5_store_int32 (sp, ac->local_seqnumber);
-	if (kret) {
-	    *minor_status = kret;
-	    goto failure;
-	}
-    kret = krb5_store_int32 (sp, ac->remote_seqnumber);
-	if (kret) {
-	    *minor_status = kret;
-	    goto failure;
-	}
-
-    kret = krb5_store_int32 (sp, ac->keytype);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-    kret = krb5_store_int32 (sp, ac->cksumtype);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-
-    /* names */
-
-    ret = _gsskrb5_export_name (minor_status,
-				(gss_name_t)ctx->source, &buffer);
-    if (ret)
-	goto failure;
-    data.data   = buffer.value;
-    data.length = buffer.length;
-    kret = krb5_store_data (sp, data);
-    _gsskrb5_release_buffer (&minor, &buffer);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-
-    ret = _gsskrb5_export_name (minor_status,
-				(gss_name_t)ctx->target, &buffer);
-    if (ret)
-	goto failure;
-    data.data   = buffer.value;
-    data.length = buffer.length;
-
-    ret = GSS_S_FAILURE;
-
-    kret = krb5_store_data (sp, data);
-    _gsskrb5_release_buffer (&minor, &buffer);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-
-    kret = krb5_store_int32 (sp, ctx->flags);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-    kret = krb5_store_int32 (sp, ctx->more_flags);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-    kret = krb5_store_int32 (sp, ctx->lifetime);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-    kret = _gssapi_msg_order_export(sp, ctx->order);
-    if (kret ) {
-        *minor_status = kret;
-        goto failure;
-    }
-
-    kret = krb5_storage_to_data (sp, &data);
-    krb5_storage_free (sp);
-    if (kret) {
-	HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-	*minor_status = kret;
-	return GSS_S_FAILURE;
-    }
-    interprocess_token->length = data.length;
-    interprocess_token->value  = data.data;
-    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-    ret = _gsskrb5_delete_sec_context (minor_status, context_handle,
-				       GSS_C_NO_BUFFER);
-    if (ret != GSS_S_COMPLETE)
-	_gsskrb5_release_buffer (NULL, interprocess_token);
-    *minor_status = 0;
-    return ret;
- failure:
-    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-    krb5_storage_free (sp);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/external.c b/crypto/heimdal/lib/gssapi/krb5/external.c
deleted file mode 100644
index 03fe61dc5744..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/external.c
+++ /dev/null
@@ -1,425 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-#include <gssapi_mech.h>
-
-RCSID("$Id: external.c 22128 2007-12-04 00:56:55Z lha $");
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- *              "\x01\x02\x01\x01"},
- * corresponding to an object-identifier value of
- * {iso(1) member-body(2) United States(840) mit(113554)
- *  infosys(1) gssapi(2) generic(1) user_name(1)}.  The constant
- * GSS_C_NT_USER_NAME should be initialized to point
- * to that gss_OID_desc.
- */
-
-static gss_OID_desc gss_c_nt_user_name_oid_desc =
-{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x01")};
-
-gss_OID GSS_C_NT_USER_NAME = &gss_c_nt_user_name_oid_desc;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- *              "\x01\x02\x01\x02"},
- * corresponding to an object-identifier value of
- * {iso(1) member-body(2) United States(840) mit(113554)
- *  infosys(1) gssapi(2) generic(1) machine_uid_name(2)}.
- * The constant GSS_C_NT_MACHINE_UID_NAME should be
- * initialized to point to that gss_OID_desc.
- */
-
-static gss_OID_desc gss_c_nt_machine_uid_name_oid_desc =
-{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x02")};
-
-gss_OID GSS_C_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- *              "\x01\x02\x01\x03"},
- * corresponding to an object-identifier value of
- * {iso(1) member-body(2) United States(840) mit(113554)
- *  infosys(1) gssapi(2) generic(1) string_uid_name(3)}.
- * The constant GSS_C_NT_STRING_UID_NAME should be
- * initialized to point to that gss_OID_desc.
- */
-
-static gss_OID_desc gss_c_nt_string_uid_name_oid_desc =
-{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x03")};
-
-gss_OID GSS_C_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {6, (void *)"\x2b\x06\x01\x05\x06\x02"},
- * corresponding to an object-identifier value of
- * {iso(1) org(3) dod(6) internet(1) security(5)
- * nametypes(6) gss-host-based-services(2)).  The constant
- * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point
- * to that gss_OID_desc.  This is a deprecated OID value, and
- * implementations wishing to support hostbased-service names
- * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID,
- * defined below, to identify such names;
- * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym
- * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input
- * parameter, but should not be emitted by GSS-API
- * implementations
- */
-
-static gss_OID_desc gss_c_nt_hostbased_service_x_oid_desc =
-{6, rk_UNCONST("\x2b\x06\x01\x05\x06\x02")};
-
-gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = &gss_c_nt_hostbased_service_x_oid_desc;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- *              "\x01\x02\x01\x04"}, corresponding to an
- * object-identifier value of {iso(1) member-body(2)
- * Unites States(840) mit(113554) infosys(1) gssapi(2)
- * generic(1) service_name(4)}.  The constant
- * GSS_C_NT_HOSTBASED_SERVICE should be initialized
- * to point to that gss_OID_desc.
- */
-static gss_OID_desc gss_c_nt_hostbased_service_oid_desc =
-{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x04")};
-
-gss_OID GSS_C_NT_HOSTBASED_SERVICE = &gss_c_nt_hostbased_service_oid_desc;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {6, (void *)"\x2b\x06\01\x05\x06\x03"},
- * corresponding to an object identifier value of
- * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
- * 6(nametypes), 3(gss-anonymous-name)}.  The constant
- * and GSS_C_NT_ANONYMOUS should be initialized to point
- * to that gss_OID_desc.
- */
-
-static gss_OID_desc gss_c_nt_anonymous_oid_desc =
-{6, rk_UNCONST("\x2b\x06\01\x05\x06\x03")};
-
-gss_OID GSS_C_NT_ANONYMOUS = &gss_c_nt_anonymous_oid_desc;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {6, (void *)"\x2b\x06\x01\x05\x06\x04"},
- * corresponding to an object-identifier value of
- * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
- * 6(nametypes), 4(gss-api-exported-name)}.  The constant
- * GSS_C_NT_EXPORT_NAME should be initialized to point
- * to that gss_OID_desc.
- */
-
-static gss_OID_desc gss_c_nt_export_name_oid_desc =
-{6, rk_UNCONST("\x2b\x06\x01\x05\x06\x04") };
-
-gss_OID GSS_C_NT_EXPORT_NAME = &gss_c_nt_export_name_oid_desc;
-
-/*
- *   This name form shall be represented by the Object Identifier {iso(1)
- *   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- *   krb5(2) krb5_name(1)}.  The recommended symbolic name for this type
- *   is "GSS_KRB5_NT_PRINCIPAL_NAME".
- */
-
-static gss_OID_desc gss_krb5_nt_principal_name_oid_desc =
-{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01") };
-
-gss_OID GSS_KRB5_NT_PRINCIPAL_NAME = &gss_krb5_nt_principal_name_oid_desc;
-
-/*
- *   This name form shall be represented by the Object Identifier {iso(1)
- *   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- *   generic(1) user_name(1)}.  The recommended symbolic name for this
- *   type is "GSS_KRB5_NT_USER_NAME".
- */
-
-gss_OID GSS_KRB5_NT_USER_NAME = &gss_c_nt_user_name_oid_desc;
-
-/*
- *   This name form shall be represented by the Object Identifier {iso(1)
- *   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- *   generic(1) machine_uid_name(2)}.  The recommended symbolic name for
- *   this type is "GSS_KRB5_NT_MACHINE_UID_NAME".
- */
-
-gss_OID GSS_KRB5_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc;
-
-/*
- *   This name form shall be represented by the Object Identifier {iso(1)
- *   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- *   generic(1) string_uid_name(3)}.  The recommended symbolic name for
- *   this type is "GSS_KRB5_NT_STRING_UID_NAME".
- */
-
-gss_OID GSS_KRB5_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc;
-
-/*
- *   To support ongoing experimentation, testing, and evolution of the
- *   specification, the Kerberos V5 GSS-API mechanism as defined in this
- *   and any successor memos will be identified with the following Object
- *   Identifier, as defined in RFC-1510, until the specification is
- *   advanced to the level of Proposed Standard RFC:
- *
- *   {iso(1), org(3), dod(5), internet(1), security(5), kerberosv5(2)}
- *
- *   Upon advancement to the level of Proposed Standard RFC, the Kerberos
- *   V5 GSS-API mechanism will be identified by an Object Identifier
- *   having the value:
- *
- *   {iso(1) member-body(2) United States(840) mit(113554) infosys(1)
- *   gssapi(2) krb5(2)}
- */
-
-#if 0 /* This is the old OID */
-
-static gss_OID_desc gss_krb5_mechanism_oid_desc =
-{5, rk_UNCONST("\x2b\x05\x01\x05\x02")};
-
-#endif
-
-static gss_OID_desc gss_krb5_mechanism_oid_desc =
-{9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") };
-
-gss_OID GSS_KRB5_MECHANISM = &gss_krb5_mechanism_oid_desc;
-
-/*
- * draft-ietf-cat-iakerb-09, IAKERB:
- *   The mechanism ID for IAKERB proxy GSS-API Kerberos, in accordance
- *   with the mechanism proposed by SPNEGO [7] for negotiating protocol
- *   variations, is:  {iso(1) org(3) dod(6) internet(1) security(5)
- *   mechanisms(5) iakerb(10) iakerbProxyProtocol(1)}.  The proposed
- *   mechanism ID for IAKERB minimum messages GSS-API Kerberos, in
- *   accordance with the mechanism proposed by SPNEGO for negotiating
- *   protocol variations, is: {iso(1) org(3) dod(6) internet(1)
- *   security(5) mechanisms(5) iakerb(10)
- *   iakerbMinimumMessagesProtocol(2)}.
- */
-
-static gss_OID_desc gss_iakerb_proxy_mechanism_oid_desc =
-{7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x01")};
-
-gss_OID GSS_IAKERB_PROXY_MECHANISM = &gss_iakerb_proxy_mechanism_oid_desc;
-
-static gss_OID_desc gss_iakerb_min_msg_mechanism_oid_desc =
-{7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x02") };
-
-gss_OID GSS_IAKERB_MIN_MSG_MECHANISM = &gss_iakerb_min_msg_mechanism_oid_desc;
-
-/*
- *
- */
-
-static gss_OID_desc gss_c_peer_has_updated_spnego_oid_desc =
-{9, (void *)"\x2b\x06\x01\x04\x01\xa9\x4a\x13\x05"};
-
-gss_OID GSS_C_PEER_HAS_UPDATED_SPNEGO = &gss_c_peer_has_updated_spnego_oid_desc;
-
-/*
- * 1.2.752.43.13 Heimdal GSS-API Extentions
- */
-
-/* 1.2.752.43.13.1 */
-static gss_OID_desc gss_krb5_copy_ccache_x_oid_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x01")};
-
-gss_OID GSS_KRB5_COPY_CCACHE_X = &gss_krb5_copy_ccache_x_oid_desc;
-
-/* 1.2.752.43.13.2 */
-static gss_OID_desc gss_krb5_get_tkt_flags_x_oid_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x02")};
-
-gss_OID GSS_KRB5_GET_TKT_FLAGS_X = &gss_krb5_get_tkt_flags_x_oid_desc;
-
-/* 1.2.752.43.13.3 */
-static gss_OID_desc gss_krb5_extract_authz_data_from_sec_context_x_oid_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x03")};
-
-gss_OID GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X = &gss_krb5_extract_authz_data_from_sec_context_x_oid_desc;
-
-/* 1.2.752.43.13.4 */
-static gss_OID_desc gss_krb5_compat_des3_mic_x_oid_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x04")};
-
-gss_OID GSS_KRB5_COMPAT_DES3_MIC_X = &gss_krb5_compat_des3_mic_x_oid_desc;
-
-/* 1.2.752.43.13.5 */
-static gss_OID_desc gss_krb5_register_acceptor_identity_x_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x05")};
-
-gss_OID GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X = &gss_krb5_register_acceptor_identity_x_desc;
-
-/* 1.2.752.43.13.6 */
-static gss_OID_desc gss_krb5_export_lucid_context_x_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06")};
-
-gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_X = &gss_krb5_export_lucid_context_x_desc;
-
-/* 1.2.752.43.13.6.1 */
-static gss_OID_desc gss_krb5_export_lucid_context_v1_x_desc =
-{7, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06\x01")};
-
-gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X = &gss_krb5_export_lucid_context_v1_x_desc;
-
-/* 1.2.752.43.13.7 */
-static gss_OID_desc gss_krb5_set_dns_canonicalize_x_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x07")};
-
-gss_OID GSS_KRB5_SET_DNS_CANONICALIZE_X = &gss_krb5_set_dns_canonicalize_x_desc;
-
-/* 1.2.752.43.13.8 */
-static gss_OID_desc gss_krb5_get_subkey_x_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x08")};
-
-gss_OID GSS_KRB5_GET_SUBKEY_X = &gss_krb5_get_subkey_x_desc;
-
-/* 1.2.752.43.13.9 */
-static gss_OID_desc gss_krb5_get_initiator_subkey_x_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x09")};
-
-gss_OID GSS_KRB5_GET_INITIATOR_SUBKEY_X = &gss_krb5_get_initiator_subkey_x_desc;
-
-/* 1.2.752.43.13.10 */
-static gss_OID_desc gss_krb5_get_acceptor_subkey_x_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0a")};
-
-gss_OID GSS_KRB5_GET_ACCEPTOR_SUBKEY_X = &gss_krb5_get_acceptor_subkey_x_desc;
-
-/* 1.2.752.43.13.11 */
-static gss_OID_desc gss_krb5_send_to_kdc_x_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0b")};
-
-gss_OID GSS_KRB5_SEND_TO_KDC_X = &gss_krb5_send_to_kdc_x_desc;
-
-/* 1.2.752.43.13.12 */
-static gss_OID_desc gss_krb5_get_authtime_x_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0c")};
-
-gss_OID GSS_KRB5_GET_AUTHTIME_X = &gss_krb5_get_authtime_x_desc;
-
-/* 1.2.752.43.13.13 */
-static gss_OID_desc gss_krb5_get_service_keyblock_x_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0d")};
-
-gss_OID GSS_KRB5_GET_SERVICE_KEYBLOCK_X = &gss_krb5_get_service_keyblock_x_desc;
-
-/* 1.2.752.43.13.14 */
-static gss_OID_desc gss_krb5_set_allowable_enctypes_x_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0e")};
-
-gss_OID GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X = &gss_krb5_set_allowable_enctypes_x_desc;
-
-/* 1.2.752.43.13.15 */
-static gss_OID_desc gss_krb5_set_default_realm_x_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0f")};
-
-gss_OID GSS_KRB5_SET_DEFAULT_REALM_X = &gss_krb5_set_default_realm_x_desc;
-
-/* 1.2.752.43.13.16 */
-static gss_OID_desc gss_krb5_ccache_name_x_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x10")};
-
-gss_OID GSS_KRB5_CCACHE_NAME_X = &gss_krb5_ccache_name_x_desc;
-
-/* 1.2.752.43.14.1 */
-static gss_OID_desc gss_sasl_digest_md5_mechanism_desc =
-{6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x01") };
-
-gss_OID GSS_SASL_DIGEST_MD5_MECHANISM = &gss_sasl_digest_md5_mechanism_desc;
-
-/*
- * Context for krb5 calls.
- */
-
-/*
- *
- */
-
-static gssapi_mech_interface_desc krb5_mech = {
-    GMI_VERSION,
-    "kerberos 5",
-    {9, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" },
-    _gsskrb5_acquire_cred,
-    _gsskrb5_release_cred,
-    _gsskrb5_init_sec_context,
-    _gsskrb5_accept_sec_context,
-    _gsskrb5_process_context_token,
-    _gsskrb5_delete_sec_context,
-    _gsskrb5_context_time,
-    _gsskrb5_get_mic,
-    _gsskrb5_verify_mic,
-    _gsskrb5_wrap,
-    _gsskrb5_unwrap,
-    _gsskrb5_display_status,
-    _gsskrb5_indicate_mechs,
-    _gsskrb5_compare_name,
-    _gsskrb5_display_name,
-    _gsskrb5_import_name,
-    _gsskrb5_export_name,
-    _gsskrb5_release_name,
-    _gsskrb5_inquire_cred,
-    _gsskrb5_inquire_context,
-    _gsskrb5_wrap_size_limit,
-    _gsskrb5_add_cred,
-    _gsskrb5_inquire_cred_by_mech,
-    _gsskrb5_export_sec_context,
-    _gsskrb5_import_sec_context,
-    _gsskrb5_inquire_names_for_mech,
-    _gsskrb5_inquire_mechs_for_name,
-    _gsskrb5_canonicalize_name,
-    _gsskrb5_duplicate_name,
-    _gsskrb5_inquire_sec_context_by_oid,
-    _gsskrb5_inquire_cred_by_oid,
-    _gsskrb5_set_sec_context_option,
-    _gsskrb5_set_cred_option,
-    _gsskrb5_pseudo_random
-};
-
-gssapi_mech_interface
-__gss_krb5_initialize(void)
-{
-    return &krb5_mech;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/get_mic.c b/crypto/heimdal/lib/gssapi/krb5/get_mic.c
deleted file mode 100644
index 133481ffe173..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/get_mic.c
+++ /dev/null
@@ -1,317 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: get_mic.c 19031 2006-11-13 18:02:57Z lha $");
-
-static OM_uint32
-mic_des
-           (OM_uint32 * minor_status,
-            const gsskrb5_ctx ctx,
-	    krb5_context context,
-            gss_qop_t qop_req,
-            const gss_buffer_t message_buffer,
-            gss_buffer_t message_token,
-	    krb5_keyblock *key
-           )
-{
-  u_char *p;
-  MD5_CTX md5;
-  u_char hash[16];
-  DES_key_schedule schedule;
-  DES_cblock deskey;
-  DES_cblock zero;
-  int32_t seq_number;
-  size_t len, total_len;
-
-  _gsskrb5_encap_length (22, &len, &total_len, GSS_KRB5_MECHANISM);
-
-  message_token->length = total_len;
-  message_token->value  = malloc (total_len);
-  if (message_token->value == NULL) {
-    message_token->length = 0;
-    *minor_status = ENOMEM;
-    return GSS_S_FAILURE;
-  }
-
-  p = _gsskrb5_make_header(message_token->value,
-			      len,
-			      "\x01\x01", /* TOK_ID */
-			      GSS_KRB5_MECHANISM); 
-
-  memcpy (p, "\x00\x00", 2);	/* SGN_ALG = DES MAC MD5 */
-  p += 2;
-
-  memcpy (p, "\xff\xff\xff\xff", 4); /* Filler */
-  p += 4;
-
-  /* Fill in later (SND-SEQ) */
-  memset (p, 0, 16);
-  p += 16;
-
-  /* checksum */
-  MD5_Init (&md5);
-  MD5_Update (&md5, p - 24, 8);
-  MD5_Update (&md5, message_buffer->value, message_buffer->length);
-  MD5_Final (hash, &md5);
-
-  memset (&zero, 0, sizeof(zero));
-  memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
-  DES_set_key (&deskey, &schedule);
-  DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
-		 &schedule, &zero);
-  memcpy (p - 8, hash, 8);	/* SGN_CKSUM */
-
-  HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-  /* sequence number */
-  krb5_auth_con_getlocalseqnumber (context,
-				   ctx->auth_context,
-				   &seq_number);
-
-  p -= 16;			/* SND_SEQ */
-  p[0] = (seq_number >> 0)  & 0xFF;
-  p[1] = (seq_number >> 8)  & 0xFF;
-  p[2] = (seq_number >> 16) & 0xFF;
-  p[3] = (seq_number >> 24) & 0xFF;
-  memset (p + 4,
-	  (ctx->more_flags & LOCAL) ? 0 : 0xFF,
-	  4);
-
-  DES_set_key (&deskey, &schedule);
-  DES_cbc_encrypt ((void *)p, (void *)p, 8,
-		   &schedule, (DES_cblock *)(p + 8), DES_ENCRYPT);
-
-  krb5_auth_con_setlocalseqnumber (context,
-			       ctx->auth_context,
-			       ++seq_number);
-  HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-  
-  memset (deskey, 0, sizeof(deskey));
-  memset (&schedule, 0, sizeof(schedule));
-  
-  *minor_status = 0;
-  return GSS_S_COMPLETE;
-}
-
-static OM_uint32
-mic_des3
-           (OM_uint32 * minor_status,
-            const gsskrb5_ctx ctx,
-	    krb5_context context,
-            gss_qop_t qop_req,
-            const gss_buffer_t message_buffer,
-            gss_buffer_t message_token,
-	    krb5_keyblock *key
-           )
-{
-  u_char *p;
-  Checksum cksum;
-  u_char seq[8];
-
-  int32_t seq_number;
-  size_t len, total_len;
-
-  krb5_crypto crypto;
-  krb5_error_code kret;
-  krb5_data encdata;
-  char *tmp;
-  char ivec[8];
-
-  _gsskrb5_encap_length (36, &len, &total_len, GSS_KRB5_MECHANISM);
-
-  message_token->length = total_len;
-  message_token->value  = malloc (total_len);
-  if (message_token->value == NULL) {
-      message_token->length = 0;
-      *minor_status = ENOMEM;
-      return GSS_S_FAILURE;
-  }
-
-  p = _gsskrb5_make_header(message_token->value,
-			      len,
-			      "\x01\x01", /* TOK-ID */
-			      GSS_KRB5_MECHANISM);
-
-  memcpy (p, "\x04\x00", 2);	/* SGN_ALG = HMAC SHA1 DES3-KD */
-  p += 2;
-
-  memcpy (p, "\xff\xff\xff\xff", 4); /* filler */
-  p += 4;
-
-  /* this should be done in parts */
-
-  tmp = malloc (message_buffer->length + 8);
-  if (tmp == NULL) {
-      free (message_token->value);
-      message_token->value = NULL;
-      message_token->length = 0;
-      *minor_status = ENOMEM;
-      return GSS_S_FAILURE;
-  }
-  memcpy (tmp, p - 8, 8);
-  memcpy (tmp + 8, message_buffer->value, message_buffer->length);
-
-  kret = krb5_crypto_init(context, key, 0, &crypto);
-  if (kret) {
-      free (message_token->value);
-      message_token->value = NULL;
-      message_token->length = 0;
-      free (tmp);
-      *minor_status = kret;
-      return GSS_S_FAILURE;
-  }
-
-  kret = krb5_create_checksum (context,
-			       crypto,
-			       KRB5_KU_USAGE_SIGN,
-			       0,
-			       tmp,
-			       message_buffer->length + 8,
-			       &cksum);
-  free (tmp);
-  krb5_crypto_destroy (context, crypto);
-  if (kret) {
-      free (message_token->value);
-      message_token->value = NULL;
-      message_token->length = 0;
-      *minor_status = kret;
-      return GSS_S_FAILURE;
-  }
-
-  memcpy (p + 8, cksum.checksum.data, cksum.checksum.length);
-
-  HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-  /* sequence number */
-  krb5_auth_con_getlocalseqnumber (context,
-			       ctx->auth_context,
-			       &seq_number);
-
-  seq[0] = (seq_number >> 0)  & 0xFF;
-  seq[1] = (seq_number >> 8)  & 0xFF;
-  seq[2] = (seq_number >> 16) & 0xFF;
-  seq[3] = (seq_number >> 24) & 0xFF;
-  memset (seq + 4,
-	  (ctx->more_flags & LOCAL) ? 0 : 0xFF,
-	  4);
-
-  kret = krb5_crypto_init(context, key,
-			  ETYPE_DES3_CBC_NONE, &crypto);
-  if (kret) {
-      free (message_token->value);
-      message_token->value = NULL;
-      message_token->length = 0;
-      *minor_status = kret;
-      return GSS_S_FAILURE;
-  }
-
-  if (ctx->more_flags & COMPAT_OLD_DES3)
-      memset(ivec, 0, 8);
-  else
-      memcpy(ivec, p + 8, 8);
-
-  kret = krb5_encrypt_ivec (context,
-			    crypto,
-			    KRB5_KU_USAGE_SEQ,
-			    seq, 8, &encdata, ivec);
-  krb5_crypto_destroy (context, crypto);
-  if (kret) {
-      free (message_token->value);
-      message_token->value = NULL;
-      message_token->length = 0;
-      *minor_status = kret;
-      return GSS_S_FAILURE;
-  }
-  
-  assert (encdata.length == 8);
-
-  memcpy (p, encdata.data, encdata.length);
-  krb5_data_free (&encdata);
-
-  krb5_auth_con_setlocalseqnumber (context,
-			       ctx->auth_context,
-			       ++seq_number);
-  HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-  
-  free_Checksum (&cksum);
-  *minor_status = 0;
-  return GSS_S_COMPLETE;
-}
-
-OM_uint32 _gsskrb5_get_mic
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            gss_qop_t qop_req,
-            const gss_buffer_t message_buffer,
-            gss_buffer_t message_token
-           )
-{
-  krb5_context context;
-  const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
-  krb5_keyblock *key;
-  OM_uint32 ret;
-  krb5_keytype keytype;
-
-  GSSAPI_KRB5_INIT (&context);
-
-  HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-  ret = _gsskrb5i_get_token_key(ctx, context, &key);
-  HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-  if (ret) {
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-  krb5_enctype_to_keytype (context, key->keytype, &keytype);
-
-  switch (keytype) {
-  case KEYTYPE_DES :
-      ret = mic_des (minor_status, ctx, context, qop_req,
-		     message_buffer, message_token, key);
-      break;
-  case KEYTYPE_DES3 :
-      ret = mic_des3 (minor_status, ctx, context, qop_req,
-		      message_buffer, message_token, key);
-      break;
-  case KEYTYPE_ARCFOUR:
-  case KEYTYPE_ARCFOUR_56:
-      ret = _gssapi_get_mic_arcfour (minor_status, ctx, context, qop_req,
-				     message_buffer, message_token, key);
-      break;
-  default :
-      ret = _gssapi_mic_cfx (minor_status, ctx, context, qop_req,
-			     message_buffer, message_token, key);
-      break;
-  }
-  krb5_free_keyblock (context, key);
-  return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/gkrb5_err.et b/crypto/heimdal/lib/gssapi/krb5/gkrb5_err.et
deleted file mode 100644
index dbfdbdf2f122..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/gkrb5_err.et
+++ /dev/null
@@ -1,31 +0,0 @@
-#
-# extended gss krb5 error messages
-#
-
-id "$Id: gkrb5_err.et 20049 2007-01-24 00:14:24Z lha $"
-
-error_table gk5
-
-prefix GSS_KRB5_S
-
-error_code G_BAD_SERVICE_NAME, "No @ in SERVICE-NAME name string"
-error_code G_BAD_STRING_UID, "STRING-UID-NAME contains nondigits"
-error_code G_NOUSER, "UID does not resolve to username"
-error_code G_VALIDATE_FAILED, "Validation error"
-error_code G_BUFFER_ALLOC, "Couldn't allocate gss_buffer_t data"
-error_code G_BAD_MSG_CTX, "Message context invalid"
-error_code G_WRONG_SIZE, "Buffer is the wrong size"
-error_code G_BAD_USAGE, "Credential usage type is unknown"
-error_code G_UNKNOWN_QOP, "Unknown quality of protection specified"
-
-index 128
-
-error_code KG_CCACHE_NOMATCH, "Principal in credential cache does not match desired name"
-error_code KG_KEYTAB_NOMATCH, "No principal in keytab matches desired name"
-error_code KG_TGT_MISSING, "Credential cache has no TGT"
-error_code KG_NO_SUBKEY, "Authenticator has no subkey"
-error_code KG_CONTEXT_ESTABLISHED, "Context is already fully established"
-error_code KG_BAD_SIGN_TYPE, "Unknown signature type in token"
-error_code KG_BAD_LENGTH, "Invalid field length in token"
-error_code KG_CTX_INCOMPLETE, "Attempt to use incomplete security context"
-error_code KG_INPUT_TOO_LONG, "Input too long"
diff --git a/crypto/heimdal/lib/gssapi/krb5/gsskrb5-private.h b/crypto/heimdal/lib/gssapi/krb5/gsskrb5-private.h
deleted file mode 100644
index c2239f134625..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/gsskrb5-private.h
+++ /dev/null
@@ -1,703 +0,0 @@
-/* This is a generated file */
-#ifndef __gsskrb5_private_h__
-#define __gsskrb5_private_h__
-
-#include <stdarg.h>
-
-gssapi_mech_interface
-__gss_krb5_initialize (void);
-
-OM_uint32
-__gsskrb5_ccache_lifetime (
-	OM_uint32 */*minor_status*/,
-	krb5_context /*context*/,
-	krb5_ccache /*id*/,
-	krb5_principal /*principal*/,
-	OM_uint32 */*lifetime*/);
-
-OM_uint32
-_gss_DES3_get_mic_compat (
-	OM_uint32 */*minor_status*/,
-	gsskrb5_ctx /*ctx*/,
-	krb5_context /*context*/);
-
-OM_uint32
-_gssapi_decapsulate (
-	 OM_uint32 */*minor_status*/,
-	gss_buffer_t /*input_token_buffer*/,
-	krb5_data */*out_data*/,
-	const gss_OID mech );
-
-void
-_gssapi_encap_length (
-	size_t /*data_len*/,
-	size_t */*len*/,
-	size_t */*total_len*/,
-	const gss_OID /*mech*/);
-
-OM_uint32
-_gssapi_encapsulate (
-	 OM_uint32 */*minor_status*/,
-	const krb5_data */*in_data*/,
-	gss_buffer_t /*output_token*/,
-	const gss_OID mech );
-
-OM_uint32
-_gssapi_get_mic_arcfour (
-	OM_uint32 * /*minor_status*/,
-	const gsskrb5_ctx /*context_handle*/,
-	krb5_context /*context*/,
-	gss_qop_t /*qop_req*/,
-	const gss_buffer_t /*message_buffer*/,
-	gss_buffer_t /*message_token*/,
-	krb5_keyblock */*key*/);
-
-void *
-_gssapi_make_mech_header (
-	void */*ptr*/,
-	size_t /*len*/,
-	const gss_OID /*mech*/);
-
-OM_uint32
-_gssapi_mic_cfx (
-	OM_uint32 */*minor_status*/,
-	const gsskrb5_ctx /*context_handle*/,
-	krb5_context /*context*/,
-	gss_qop_t /*qop_req*/,
-	const gss_buffer_t /*message_buffer*/,
-	gss_buffer_t /*message_token*/,
-	krb5_keyblock */*key*/);
-
-OM_uint32
-_gssapi_msg_order_check (
-	struct gss_msg_order */*o*/,
-	OM_uint32 /*seq_num*/);
-
-OM_uint32
-_gssapi_msg_order_create (
-	OM_uint32 */*minor_status*/,
-	struct gss_msg_order **/*o*/,
-	OM_uint32 /*flags*/,
-	OM_uint32 /*seq_num*/,
-	OM_uint32 /*jitter_window*/,
-	int /*use_64*/);
-
-OM_uint32
-_gssapi_msg_order_destroy (struct gss_msg_order **/*m*/);
-
-krb5_error_code
-_gssapi_msg_order_export (
-	krb5_storage */*sp*/,
-	struct gss_msg_order */*o*/);
-
-OM_uint32
-_gssapi_msg_order_f (OM_uint32 /*flags*/);
-
-OM_uint32
-_gssapi_msg_order_import (
-	OM_uint32 */*minor_status*/,
-	krb5_storage */*sp*/,
-	struct gss_msg_order **/*o*/);
-
-OM_uint32
-_gssapi_unwrap_arcfour (
-	OM_uint32 */*minor_status*/,
-	const gsskrb5_ctx /*context_handle*/,
-	krb5_context /*context*/,
-	const gss_buffer_t /*input_message_buffer*/,
-	gss_buffer_t /*output_message_buffer*/,
-	int */*conf_state*/,
-	gss_qop_t */*qop_state*/,
-	krb5_keyblock */*key*/);
-
-OM_uint32
-_gssapi_unwrap_cfx (
-	OM_uint32 */*minor_status*/,
-	const gsskrb5_ctx /*context_handle*/,
-	krb5_context /*context*/,
-	const gss_buffer_t /*input_message_buffer*/,
-	gss_buffer_t /*output_message_buffer*/,
-	int */*conf_state*/,
-	gss_qop_t */*qop_state*/,
-	krb5_keyblock */*key*/);
-
-OM_uint32
-_gssapi_verify_mech_header (
-	u_char **/*str*/,
-	size_t /*total_len*/,
-	gss_OID /*mech*/);
-
-OM_uint32
-_gssapi_verify_mic_arcfour (
-	OM_uint32 * /*minor_status*/,
-	const gsskrb5_ctx /*context_handle*/,
-	krb5_context /*context*/,
-	const gss_buffer_t /*message_buffer*/,
-	const gss_buffer_t /*token_buffer*/,
-	gss_qop_t * /*qop_state*/,
-	krb5_keyblock */*key*/,
-	char */*type*/);
-
-OM_uint32
-_gssapi_verify_mic_cfx (
-	OM_uint32 */*minor_status*/,
-	const gsskrb5_ctx /*context_handle*/,
-	krb5_context /*context*/,
-	const gss_buffer_t /*message_buffer*/,
-	const gss_buffer_t /*token_buffer*/,
-	gss_qop_t */*qop_state*/,
-	krb5_keyblock */*key*/);
-
-OM_uint32
-_gssapi_verify_pad (
-	gss_buffer_t /*wrapped_token*/,
-	size_t /*datalen*/,
-	size_t */*padlen*/);
-
-OM_uint32
-_gssapi_wrap_arcfour (
-	OM_uint32 * /*minor_status*/,
-	const gsskrb5_ctx /*context_handle*/,
-	krb5_context /*context*/,
-	int /*conf_req_flag*/,
-	gss_qop_t /*qop_req*/,
-	const gss_buffer_t /*input_message_buffer*/,
-	int * /*conf_state*/,
-	gss_buffer_t /*output_message_buffer*/,
-	krb5_keyblock */*key*/);
-
-OM_uint32
-_gssapi_wrap_cfx (
-	OM_uint32 */*minor_status*/,
-	const gsskrb5_ctx /*context_handle*/,
-	krb5_context /*context*/,
-	int /*conf_req_flag*/,
-	gss_qop_t /*qop_req*/,
-	const gss_buffer_t /*input_message_buffer*/,
-	int */*conf_state*/,
-	gss_buffer_t /*output_message_buffer*/,
-	krb5_keyblock */*key*/);
-
-OM_uint32
-_gssapi_wrap_size_arcfour (
-	OM_uint32 */*minor_status*/,
-	const gsskrb5_ctx /*ctx*/,
-	krb5_context /*context*/,
-	int /*conf_req_flag*/,
-	gss_qop_t /*qop_req*/,
-	OM_uint32 /*req_output_size*/,
-	OM_uint32 */*max_input_size*/,
-	krb5_keyblock */*key*/);
-
-OM_uint32
-_gssapi_wrap_size_cfx (
-	OM_uint32 */*minor_status*/,
-	const gsskrb5_ctx /*context_handle*/,
-	krb5_context /*context*/,
-	int /*conf_req_flag*/,
-	gss_qop_t /*qop_req*/,
-	OM_uint32 /*req_output_size*/,
-	OM_uint32 */*max_input_size*/,
-	krb5_keyblock */*key*/);
-
-OM_uint32
-_gsskrb5_accept_sec_context (
-	OM_uint32 * /*minor_status*/,
-	gss_ctx_id_t * /*context_handle*/,
-	const gss_cred_id_t /*acceptor_cred_handle*/,
-	const gss_buffer_t /*input_token_buffer*/,
-	const gss_channel_bindings_t /*input_chan_bindings*/,
-	gss_name_t * /*src_name*/,
-	gss_OID * /*mech_type*/,
-	gss_buffer_t /*output_token*/,
-	OM_uint32 * /*ret_flags*/,
-	OM_uint32 * /*time_rec*/,
-	gss_cred_id_t * /*delegated_cred_handle*/);
-
-OM_uint32
-_gsskrb5_acquire_cred (
-	OM_uint32 * /*minor_status*/,
-	const gss_name_t /*desired_name*/,
-	OM_uint32 /*time_req*/,
-	const gss_OID_set /*desired_mechs*/,
-	gss_cred_usage_t /*cred_usage*/,
-	gss_cred_id_t * /*output_cred_handle*/,
-	gss_OID_set * /*actual_mechs*/,
-	OM_uint32 * time_rec );
-
-OM_uint32
-_gsskrb5_add_cred (
-	 OM_uint32 */*minor_status*/,
-	const gss_cred_id_t /*input_cred_handle*/,
-	const gss_name_t /*desired_name*/,
-	const gss_OID /*desired_mech*/,
-	gss_cred_usage_t /*cred_usage*/,
-	OM_uint32 /*initiator_time_req*/,
-	OM_uint32 /*acceptor_time_req*/,
-	gss_cred_id_t */*output_cred_handle*/,
-	gss_OID_set */*actual_mechs*/,
-	OM_uint32 */*initiator_time_rec*/,
-	OM_uint32 */*acceptor_time_rec*/);
-
-OM_uint32
-_gsskrb5_canonicalize_name (
-	 OM_uint32 * /*minor_status*/,
-	const gss_name_t /*input_name*/,
-	const gss_OID /*mech_type*/,
-	gss_name_t * output_name );
-
-void
-_gsskrb5_clear_status (void);
-
-OM_uint32
-_gsskrb5_compare_name (
-	OM_uint32 * /*minor_status*/,
-	const gss_name_t /*name1*/,
-	const gss_name_t /*name2*/,
-	int * name_equal );
-
-OM_uint32
-_gsskrb5_context_time (
-	OM_uint32 * /*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	OM_uint32 * time_rec );
-
-OM_uint32
-_gsskrb5_create_8003_checksum (
-	 OM_uint32 */*minor_status*/,
-	const gss_channel_bindings_t /*input_chan_bindings*/,
-	OM_uint32 /*flags*/,
-	const krb5_data */*fwd_data*/,
-	Checksum */*result*/);
-
-OM_uint32
-_gsskrb5_create_ctx (
-	 OM_uint32 * /*minor_status*/,
-	gss_ctx_id_t * /*context_handle*/,
-	krb5_context /*context*/,
-	const gss_channel_bindings_t /*input_chan_bindings*/,
-	enum gss_ctx_id_t_state /*state*/);
-
-OM_uint32
-_gsskrb5_decapsulate (
-	OM_uint32 */*minor_status*/,
-	gss_buffer_t /*input_token_buffer*/,
-	krb5_data */*out_data*/,
-	const void */*type*/,
-	gss_OID /*oid*/);
-
-krb5_error_code
-_gsskrb5_decode_be_om_uint32 (
-	const void */*ptr*/,
-	OM_uint32 */*n*/);
-
-krb5_error_code
-_gsskrb5_decode_om_uint32 (
-	const void */*ptr*/,
-	OM_uint32 */*n*/);
-
-OM_uint32
-_gsskrb5_delete_sec_context (
-	OM_uint32 * /*minor_status*/,
-	gss_ctx_id_t * /*context_handle*/,
-	gss_buffer_t /*output_token*/);
-
-OM_uint32
-_gsskrb5_display_name (
-	OM_uint32 * /*minor_status*/,
-	const gss_name_t /*input_name*/,
-	gss_buffer_t /*output_name_buffer*/,
-	gss_OID * output_name_type );
-
-OM_uint32
-_gsskrb5_display_status (
-	OM_uint32 */*minor_status*/,
-	OM_uint32 /*status_value*/,
-	int /*status_type*/,
-	const gss_OID /*mech_type*/,
-	OM_uint32 */*message_context*/,
-	gss_buffer_t /*status_string*/);
-
-OM_uint32
-_gsskrb5_duplicate_name (
-	 OM_uint32 * /*minor_status*/,
-	const gss_name_t /*src_name*/,
-	gss_name_t * dest_name );
-
-void
-_gsskrb5_encap_length (
-	size_t /*data_len*/,
-	size_t */*len*/,
-	size_t */*total_len*/,
-	const gss_OID /*mech*/);
-
-OM_uint32
-_gsskrb5_encapsulate (
-	 OM_uint32 */*minor_status*/,
-	const krb5_data */*in_data*/,
-	gss_buffer_t /*output_token*/,
-	const void */*type*/,
-	const gss_OID mech );
-
-krb5_error_code
-_gsskrb5_encode_be_om_uint32 (
-	OM_uint32 /*n*/,
-	u_char */*p*/);
-
-krb5_error_code
-_gsskrb5_encode_om_uint32 (
-	OM_uint32 /*n*/,
-	u_char */*p*/);
-
-OM_uint32
-_gsskrb5_export_name (
-	OM_uint32 * /*minor_status*/,
-	const gss_name_t /*input_name*/,
-	gss_buffer_t exported_name );
-
-OM_uint32
-_gsskrb5_export_sec_context (
-	 OM_uint32 * /*minor_status*/,
-	gss_ctx_id_t * /*context_handle*/,
-	gss_buffer_t interprocess_token );
-
-ssize_t
-_gsskrb5_get_mech (
-	const u_char */*ptr*/,
-	size_t /*total_len*/,
-	const u_char **/*mech_ret*/);
-
-OM_uint32
-_gsskrb5_get_mic (
-	OM_uint32 * /*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	gss_qop_t /*qop_req*/,
-	const gss_buffer_t /*message_buffer*/,
-	gss_buffer_t message_token );
-
-OM_uint32
-_gsskrb5_get_tkt_flags (
-	OM_uint32 */*minor_status*/,
-	gsskrb5_ctx /*ctx*/,
-	OM_uint32 */*tkt_flags*/);
-
-OM_uint32
-_gsskrb5_import_cred (
-	OM_uint32 */*minor_status*/,
-	krb5_ccache /*id*/,
-	krb5_principal /*keytab_principal*/,
-	krb5_keytab /*keytab*/,
-	gss_cred_id_t */*cred*/);
-
-OM_uint32
-_gsskrb5_import_name (
-	OM_uint32 * /*minor_status*/,
-	const gss_buffer_t /*input_name_buffer*/,
-	const gss_OID /*input_name_type*/,
-	gss_name_t * output_name );
-
-OM_uint32
-_gsskrb5_import_sec_context (
-	 OM_uint32 * /*minor_status*/,
-	const gss_buffer_t /*interprocess_token*/,
-	gss_ctx_id_t * context_handle );
-
-OM_uint32
-_gsskrb5_indicate_mechs (
-	OM_uint32 * /*minor_status*/,
-	gss_OID_set * mech_set );
-
-krb5_error_code
-_gsskrb5_init (krb5_context */*context*/);
-
-OM_uint32
-_gsskrb5_init_sec_context (
-	OM_uint32 * /*minor_status*/,
-	const gss_cred_id_t /*initiator_cred_handle*/,
-	gss_ctx_id_t * /*context_handle*/,
-	const gss_name_t /*target_name*/,
-	const gss_OID /*mech_type*/,
-	OM_uint32 /*req_flags*/,
-	OM_uint32 /*time_req*/,
-	const gss_channel_bindings_t /*input_chan_bindings*/,
-	const gss_buffer_t /*input_token*/,
-	gss_OID * /*actual_mech_type*/,
-	gss_buffer_t /*output_token*/,
-	OM_uint32 * /*ret_flags*/,
-	OM_uint32 * time_rec );
-
-OM_uint32
-_gsskrb5_inquire_context (
-	 OM_uint32 * /*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	gss_name_t * /*src_name*/,
-	gss_name_t * /*targ_name*/,
-	OM_uint32 * /*lifetime_rec*/,
-	gss_OID * /*mech_type*/,
-	OM_uint32 * /*ctx_flags*/,
-	int * /*locally_initiated*/,
-	int * open_context );
-
-OM_uint32
-_gsskrb5_inquire_cred (
-	OM_uint32 * /*minor_status*/,
-	const gss_cred_id_t /*cred_handle*/,
-	gss_name_t * /*output_name*/,
-	OM_uint32 * /*lifetime*/,
-	gss_cred_usage_t * /*cred_usage*/,
-	gss_OID_set * mechanisms );
-
-OM_uint32
-_gsskrb5_inquire_cred_by_mech (
-	 OM_uint32 * /*minor_status*/,
-	const gss_cred_id_t /*cred_handle*/,
-	const gss_OID /*mech_type*/,
-	gss_name_t * /*name*/,
-	OM_uint32 * /*initiator_lifetime*/,
-	OM_uint32 * /*acceptor_lifetime*/,
-	gss_cred_usage_t * cred_usage );
-
-OM_uint32
-_gsskrb5_inquire_cred_by_oid (
-	OM_uint32 * /*minor_status*/,
-	const gss_cred_id_t /*cred_handle*/,
-	const gss_OID /*desired_object*/,
-	gss_buffer_set_t */*data_set*/);
-
-OM_uint32
-_gsskrb5_inquire_mechs_for_name (
-	 OM_uint32 * /*minor_status*/,
-	const gss_name_t /*input_name*/,
-	gss_OID_set * mech_types );
-
-OM_uint32
-_gsskrb5_inquire_names_for_mech (
-	 OM_uint32 * /*minor_status*/,
-	const gss_OID /*mechanism*/,
-	gss_OID_set * name_types );
-
-OM_uint32
-_gsskrb5_inquire_sec_context_by_oid (
-	OM_uint32 */*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	const gss_OID /*desired_object*/,
-	gss_buffer_set_t */*data_set*/);
-
-OM_uint32
-_gsskrb5_krb5_ccache_name (
-	OM_uint32 */*minor_status*/,
-	const char */*name*/,
-	const char **/*out_name*/);
-
-OM_uint32
-_gsskrb5_lifetime_left (
-	OM_uint32 */*minor_status*/,
-	krb5_context /*context*/,
-	OM_uint32 /*lifetime*/,
-	OM_uint32 */*lifetime_rec*/);
-
-void *
-_gsskrb5_make_header (
-	void */*ptr*/,
-	size_t /*len*/,
-	const void */*type*/,
-	const gss_OID /*mech*/);
-
-OM_uint32
-_gsskrb5_process_context_token (
-	 OM_uint32 */*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	const gss_buffer_t token_buffer );
-
-OM_uint32
-_gsskrb5_pseudo_random (
-	OM_uint32 */*minor_status*/,
-	gss_ctx_id_t /*context_handle*/,
-	int /*prf_key*/,
-	const gss_buffer_t /*prf_in*/,
-	ssize_t /*desired_output_len*/,
-	gss_buffer_t /*prf_out*/);
-
-OM_uint32
-_gsskrb5_register_acceptor_identity (const char */*identity*/);
-
-OM_uint32
-_gsskrb5_release_buffer (
-	OM_uint32 * /*minor_status*/,
-	gss_buffer_t buffer );
-
-OM_uint32
-_gsskrb5_release_cred (
-	OM_uint32 * /*minor_status*/,
-	gss_cred_id_t * cred_handle );
-
-OM_uint32
-_gsskrb5_release_name (
-	OM_uint32 * /*minor_status*/,
-	gss_name_t * input_name );
-
-OM_uint32
-_gsskrb5_seal (
-	OM_uint32 * /*minor_status*/,
-	gss_ctx_id_t /*context_handle*/,
-	int /*conf_req_flag*/,
-	int /*qop_req*/,
-	gss_buffer_t /*input_message_buffer*/,
-	int * /*conf_state*/,
-	gss_buffer_t output_message_buffer );
-
-OM_uint32
-_gsskrb5_set_cred_option (
-	OM_uint32 */*minor_status*/,
-	gss_cred_id_t */*cred_handle*/,
-	const gss_OID /*desired_object*/,
-	const gss_buffer_t /*value*/);
-
-OM_uint32
-_gsskrb5_set_sec_context_option (
-	OM_uint32 */*minor_status*/,
-	gss_ctx_id_t */*context_handle*/,
-	const gss_OID /*desired_object*/,
-	const gss_buffer_t /*value*/);
-
-void
-_gsskrb5_set_status (
-	const char */*fmt*/,
-	...);
-
-OM_uint32
-_gsskrb5_sign (
-	OM_uint32 * /*minor_status*/,
-	gss_ctx_id_t /*context_handle*/,
-	int /*qop_req*/,
-	gss_buffer_t /*message_buffer*/,
-	gss_buffer_t message_token );
-
-OM_uint32
-_gsskrb5_unseal (
-	OM_uint32 * /*minor_status*/,
-	gss_ctx_id_t /*context_handle*/,
-	gss_buffer_t /*input_message_buffer*/,
-	gss_buffer_t /*output_message_buffer*/,
-	int * /*conf_state*/,
-	int * qop_state );
-
-OM_uint32
-_gsskrb5_unwrap (
-	OM_uint32 * /*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	const gss_buffer_t /*input_message_buffer*/,
-	gss_buffer_t /*output_message_buffer*/,
-	int * /*conf_state*/,
-	gss_qop_t * qop_state );
-
-OM_uint32
-_gsskrb5_verify (
-	OM_uint32 * /*minor_status*/,
-	gss_ctx_id_t /*context_handle*/,
-	gss_buffer_t /*message_buffer*/,
-	gss_buffer_t /*token_buffer*/,
-	int * qop_state );
-
-OM_uint32
-_gsskrb5_verify_8003_checksum (
-	 OM_uint32 */*minor_status*/,
-	const gss_channel_bindings_t /*input_chan_bindings*/,
-	const Checksum */*cksum*/,
-	OM_uint32 */*flags*/,
-	krb5_data */*fwd_data*/);
-
-OM_uint32
-_gsskrb5_verify_header (
-	u_char **/*str*/,
-	size_t /*total_len*/,
-	const void */*type*/,
-	gss_OID /*oid*/);
-
-OM_uint32
-_gsskrb5_verify_mic (
-	OM_uint32 * /*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	const gss_buffer_t /*message_buffer*/,
-	const gss_buffer_t /*token_buffer*/,
-	gss_qop_t * qop_state );
-
-OM_uint32
-_gsskrb5_verify_mic_internal (
-	OM_uint32 * /*minor_status*/,
-	const gsskrb5_ctx /*context_handle*/,
-	krb5_context /*context*/,
-	const gss_buffer_t /*message_buffer*/,
-	const gss_buffer_t /*token_buffer*/,
-	gss_qop_t * /*qop_state*/,
-	char * type );
-
-OM_uint32
-_gsskrb5_wrap (
-	OM_uint32 * /*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	int /*conf_req_flag*/,
-	gss_qop_t /*qop_req*/,
-	const gss_buffer_t /*input_message_buffer*/,
-	int * /*conf_state*/,
-	gss_buffer_t output_message_buffer );
-
-OM_uint32
-_gsskrb5_wrap_size_limit (
-	 OM_uint32 * /*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	int /*conf_req_flag*/,
-	gss_qop_t /*qop_req*/,
-	OM_uint32 /*req_output_size*/,
-	OM_uint32 * max_input_size );
-
-krb5_error_code
-_gsskrb5cfx_max_wrap_length_cfx (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/,
-	int /*conf_req_flag*/,
-	size_t /*input_length*/,
-	OM_uint32 */*output_length*/);
-
-krb5_error_code
-_gsskrb5cfx_wrap_length_cfx (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/,
-	int /*conf_req_flag*/,
-	size_t /*input_length*/,
-	size_t */*output_length*/,
-	size_t */*cksumsize*/,
-	uint16_t */*padlength*/);
-
-krb5_error_code
-_gsskrb5i_address_to_krb5addr (
-	krb5_context /*context*/,
-	OM_uint32 /*gss_addr_type*/,
-	gss_buffer_desc */*gss_addr*/,
-	int16_t /*port*/,
-	krb5_address */*address*/);
-
-krb5_error_code
-_gsskrb5i_get_acceptor_subkey (
-	const gsskrb5_ctx /*ctx*/,
-	krb5_context /*context*/,
-	krb5_keyblock **/*key*/);
-
-krb5_error_code
-_gsskrb5i_get_initiator_subkey (
-	const gsskrb5_ctx /*ctx*/,
-	krb5_context /*context*/,
-	krb5_keyblock **/*key*/);
-
-OM_uint32
-_gsskrb5i_get_token_key (
-	const gsskrb5_ctx /*ctx*/,
-	krb5_context /*context*/,
-	krb5_keyblock **/*key*/);
-
-void
-_gsskrb5i_is_cfx (
-	gsskrb5_ctx /*ctx*/,
-	int */*is_cfx*/);
-
-#endif /* __gsskrb5_private_h__ */
diff --git a/crypto/heimdal/lib/gssapi/krb5/gsskrb5_locl.h b/crypto/heimdal/lib/gssapi/krb5/gsskrb5_locl.h
deleted file mode 100644
index 6ffb6070352f..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/gsskrb5_locl.h
+++ /dev/null
@@ -1,134 +0,0 @@
-/*
- * Copyright (c) 1997 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: gsskrb5_locl.h 20324 2007-04-12 16:46:01Z lha $ */
-
-#ifndef GSSKRB5_LOCL_H
-#define GSSKRB5_LOCL_H
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <krb5_locl.h>
-#include <gkrb5_err.h>
-#include <gssapi.h>
-#include <gssapi_mech.h>
-#include <assert.h>
-
-#include "cfx.h"
-
-/*
- *
- */
-
-struct gss_msg_order;
-
-typedef struct {
-  struct krb5_auth_context_data *auth_context;
-  krb5_principal source, target;
-#define IS_DCE_STYLE(ctx) (((ctx)->flags & GSS_C_DCE_STYLE) != 0)
-  OM_uint32 flags;
-  enum { LOCAL = 1, OPEN = 2, 
-	 COMPAT_OLD_DES3 = 4,
-         COMPAT_OLD_DES3_SELECTED = 8,
-	 ACCEPTOR_SUBKEY = 16
-  } more_flags;
-  enum gss_ctx_id_t_state {
-      /* initiator states */
-      INITIATOR_START,
-      INITIATOR_WAIT_FOR_MUTAL,
-      INITIATOR_READY,
-      /* acceptor states */
-      ACCEPTOR_START,
-      ACCEPTOR_WAIT_FOR_DCESTYLE,
-      ACCEPTOR_READY
-  } state;
-  struct krb5_ticket *ticket;
-  OM_uint32 lifetime;
-  HEIMDAL_MUTEX ctx_id_mutex;
-  struct gss_msg_order *order;
-  krb5_keyblock *service_keyblock;
-  krb5_data fwd_data;
-} *gsskrb5_ctx;
-
-typedef struct {
-  krb5_principal principal;
-  int cred_flags;
-#define GSS_CF_DESTROY_CRED_ON_RELEASE	1
-  struct krb5_keytab_data *keytab;
-  OM_uint32 lifetime;
-  gss_cred_usage_t usage;
-  gss_OID_set mechanisms;
-  struct krb5_ccache_data *ccache;
-  HEIMDAL_MUTEX cred_id_mutex;
-  krb5_enctype *enctypes;
-} *gsskrb5_cred;
-
-typedef struct Principal *gsskrb5_name;
-
-/*
- *
- */
-
-extern krb5_keytab _gsskrb5_keytab;
-extern HEIMDAL_MUTEX gssapi_keytab_mutex;
-
-struct gssapi_thr_context {
-    HEIMDAL_MUTEX mutex;
-    char *error_string;
-};
-
-/*
- * Prototypes
- */
-
-#include <krb5/gsskrb5-private.h>
-
-#define GSSAPI_KRB5_INIT(ctx) do {				\
-    krb5_error_code kret_gss_init;				\
-    if((kret_gss_init = _gsskrb5_init (ctx)) != 0) {		\
-	*minor_status = kret_gss_init;				\
-	return GSS_S_FAILURE;					\
-    }								\
-} while (0)
-
-/* sec_context flags */
-
-#define SC_LOCAL_ADDRESS  0x01
-#define SC_REMOTE_ADDRESS 0x02
-#define SC_KEYBLOCK	  0x04
-#define SC_LOCAL_SUBKEY	  0x08
-#define SC_REMOTE_SUBKEY  0x10
-
-#endif
diff --git a/crypto/heimdal/lib/gssapi/krb5/import_name.c b/crypto/heimdal/lib/gssapi/krb5/import_name.c
deleted file mode 100644
index bf31db923256..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/import_name.c
+++ /dev/null
@@ -1,225 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: import_name.c 19031 2006-11-13 18:02:57Z lha $");
-
-static OM_uint32
-parse_krb5_name (OM_uint32 *minor_status,
-		 krb5_context context,
-		 const char *name,
-		 gss_name_t *output_name)
-{
-    krb5_principal princ;
-    krb5_error_code kerr;
-
-    kerr = krb5_parse_name (context, name, &princ);
-
-    if (kerr == 0) {
-	*output_name = (gss_name_t)princ;
-	return GSS_S_COMPLETE;
-    }
-    *minor_status = kerr;
-
-    if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED)
-	return GSS_S_BAD_NAME;
-
-    return GSS_S_FAILURE;
-}
-
-static OM_uint32
-import_krb5_name (OM_uint32 *minor_status,
-		  krb5_context context,
-		  const gss_buffer_t input_name_buffer,
-		  gss_name_t *output_name)
-{
-    OM_uint32 ret;
-    char *tmp;
-
-    tmp = malloc (input_name_buffer->length + 1);
-    if (tmp == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    memcpy (tmp,
-	    input_name_buffer->value,
-	    input_name_buffer->length);
-    tmp[input_name_buffer->length] = '\0';
-
-    ret = parse_krb5_name(minor_status, context, tmp, output_name);
-    free(tmp);
-
-    return ret;
-}
-
-static OM_uint32
-import_hostbased_name (OM_uint32 *minor_status,
-		       krb5_context context,
-		       const gss_buffer_t input_name_buffer,
-		       gss_name_t *output_name)
-{
-    krb5_error_code kerr;
-    char *tmp;
-    char *p;
-    char *host;
-    char local_hostname[MAXHOSTNAMELEN];
-    krb5_principal princ = NULL;
-
-    tmp = malloc (input_name_buffer->length + 1);
-    if (tmp == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    memcpy (tmp,
-	    input_name_buffer->value,
-	    input_name_buffer->length);
-    tmp[input_name_buffer->length] = '\0';
-
-    p = strchr (tmp, '@');
-    if (p != NULL) {
-	*p = '\0';
-	host = p + 1;
-    } else {
-	if (gethostname(local_hostname, sizeof(local_hostname)) < 0) {
-	    *minor_status = errno;
-	    free (tmp);
-	    return GSS_S_FAILURE;
-	}
-	host = local_hostname;
-    }
-
-    kerr = krb5_sname_to_principal (context,
-				    host,
-				    tmp,
-				    KRB5_NT_SRV_HST,
-				    &princ);
-    free (tmp);
-    *minor_status = kerr;
-    if (kerr == 0) {
-	*output_name = (gss_name_t)princ;
-	return GSS_S_COMPLETE;
-    }
-
-    if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED)
-	return GSS_S_BAD_NAME;
-
-    return GSS_S_FAILURE;
-}
-
-static OM_uint32
-import_export_name (OM_uint32 *minor_status,
-		    krb5_context context,
-		    const gss_buffer_t input_name_buffer,
-		    gss_name_t *output_name)
-{
-    unsigned char *p;
-    uint32_t length;
-    OM_uint32 ret;
-    char *name;
-
-    if (input_name_buffer->length < 10 + GSS_KRB5_MECHANISM->length)
-	return GSS_S_BAD_NAME;
-
-    /* TOK, MECH_OID_LEN, DER(MECH_OID), NAME_LEN, NAME */
-
-    p = input_name_buffer->value;
-
-    if (memcmp(&p[0], "\x04\x01\x00", 3) != 0 ||
-	p[3] != GSS_KRB5_MECHANISM->length + 2 ||
-	p[4] != 0x06 ||
-	p[5] != GSS_KRB5_MECHANISM->length ||
-	memcmp(&p[6], GSS_KRB5_MECHANISM->elements, 
-	       GSS_KRB5_MECHANISM->length) != 0)
-	return GSS_S_BAD_NAME;
-
-    p += 6 + GSS_KRB5_MECHANISM->length;
-
-    length = p[0] << 24 | p[1] << 16 | p[2] << 8 | p[3];
-    p += 4;
-
-    if (length > input_name_buffer->length - 10 - GSS_KRB5_MECHANISM->length)
-	return GSS_S_BAD_NAME;
-
-    name = malloc(length + 1);
-    if (name == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    memcpy(name, p, length);
-    name[length] = '\0';
-
-    ret = parse_krb5_name(minor_status, context, name, output_name);
-    free(name);
-
-    return ret;
-}
-
-OM_uint32 _gsskrb5_import_name
-           (OM_uint32 * minor_status,
-            const gss_buffer_t input_name_buffer,
-            const gss_OID input_name_type,
-            gss_name_t * output_name
-           )
-{
-    krb5_context context;
-
-    *minor_status = 0;
-    *output_name = GSS_C_NO_NAME;
-    
-    GSSAPI_KRB5_INIT (&context);
-
-    if (gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE) ||
-	gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE_X))
-	return import_hostbased_name (minor_status,
-				      context,
-				      input_name_buffer,
-				      output_name);
-    else if (gss_oid_equal(input_name_type, GSS_C_NO_OID)
-	     || gss_oid_equal(input_name_type, GSS_C_NT_USER_NAME)
-	     || gss_oid_equal(input_name_type, GSS_KRB5_NT_PRINCIPAL_NAME))
- 	/* default printable syntax */
-	return import_krb5_name (minor_status,
-				 context,
-				 input_name_buffer,
-				 output_name);
-    else if (gss_oid_equal(input_name_type, GSS_C_NT_EXPORT_NAME)) {
-	return import_export_name(minor_status,
-				  context,
-				  input_name_buffer, 
-				  output_name);
-    } else {
-	*minor_status = 0;
-	return GSS_S_BAD_NAMETYPE;
-    }
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/import_sec_context.c b/crypto/heimdal/lib/gssapi/krb5/import_sec_context.c
deleted file mode 100644
index 3300036a81b3..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/import_sec_context.c
+++ /dev/null
@@ -1,229 +0,0 @@
-/*
- * Copyright (c) 1999 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: import_sec_context.c 19031 2006-11-13 18:02:57Z lha $");
-
-OM_uint32
-_gsskrb5_import_sec_context (
-    OM_uint32 * minor_status,
-    const gss_buffer_t interprocess_token,
-    gss_ctx_id_t * context_handle
-    )
-{
-    OM_uint32 ret = GSS_S_FAILURE;
-    krb5_context context;
-    krb5_error_code kret;
-    krb5_storage *sp;
-    krb5_auth_context ac;
-    krb5_address local, remote;
-    krb5_address *localp, *remotep;
-    krb5_data data;
-    gss_buffer_desc buffer;
-    krb5_keyblock keyblock;
-    int32_t tmp;
-    int32_t flags;
-    gsskrb5_ctx ctx;
-    gss_name_t name;
-
-    GSSAPI_KRB5_INIT (&context);
-
-    *context_handle = GSS_C_NO_CONTEXT;
-
-    localp = remotep = NULL;
-
-    sp = krb5_storage_from_mem (interprocess_token->value,
-				interprocess_token->length);
-    if (sp == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-
-    ctx = calloc(1, sizeof(*ctx));
-    if (ctx == NULL) {
-	*minor_status = ENOMEM;
-	krb5_storage_free (sp);
-	return GSS_S_FAILURE;
-    }
-    HEIMDAL_MUTEX_init(&ctx->ctx_id_mutex);
-
-    kret = krb5_auth_con_init (context,
-			       &ctx->auth_context);
-    if (kret) {
-	*minor_status = kret;
-	ret = GSS_S_FAILURE;
-	goto failure;
-    }
-
-    /* flags */
-
-    *minor_status = 0;
-
-    if (krb5_ret_int32 (sp, &flags) != 0)
-	goto failure;
-
-    /* retrieve the auth context */
-
-    ac = ctx->auth_context;
-    if (krb5_ret_uint32 (sp, &ac->flags) != 0)
-	goto failure;
-    if (flags & SC_LOCAL_ADDRESS) {
-	if (krb5_ret_address (sp, localp = &local) != 0)
-	    goto failure;
-    }
-
-    if (flags & SC_REMOTE_ADDRESS) {
-	if (krb5_ret_address (sp, remotep = &remote) != 0)
-	    goto failure;
-    }
-
-    krb5_auth_con_setaddrs (context, ac, localp, remotep);
-    if (localp)
-	krb5_free_address (context, localp);
-    if (remotep)
-	krb5_free_address (context, remotep);
-    localp = remotep = NULL;
-
-    if (krb5_ret_int16 (sp, &ac->local_port) != 0)
-	goto failure;
-
-    if (krb5_ret_int16 (sp, &ac->remote_port) != 0)
-	goto failure;
-    if (flags & SC_KEYBLOCK) {
-	if (krb5_ret_keyblock (sp, &keyblock) != 0)
-	    goto failure;
-	krb5_auth_con_setkey (context, ac, &keyblock);
-	krb5_free_keyblock_contents (context, &keyblock);
-    }
-    if (flags & SC_LOCAL_SUBKEY) {
-	if (krb5_ret_keyblock (sp, &keyblock) != 0)
-	    goto failure;
-	krb5_auth_con_setlocalsubkey (context, ac, &keyblock);
-	krb5_free_keyblock_contents (context, &keyblock);
-    }
-    if (flags & SC_REMOTE_SUBKEY) {
-	if (krb5_ret_keyblock (sp, &keyblock) != 0)
-	    goto failure;
-	krb5_auth_con_setremotesubkey (context, ac, &keyblock);
-	krb5_free_keyblock_contents (context, &keyblock);
-    }
-    if (krb5_ret_uint32 (sp, &ac->local_seqnumber))
-	goto failure;
-    if (krb5_ret_uint32 (sp, &ac->remote_seqnumber))
-	goto failure;
-
-    if (krb5_ret_int32 (sp, &tmp) != 0)
-	goto failure;
-    ac->keytype = tmp;
-    if (krb5_ret_int32 (sp, &tmp) != 0)
-	goto failure;
-    ac->cksumtype = tmp;
-
-    /* names */
-
-    if (krb5_ret_data (sp, &data))
-	goto failure;
-    buffer.value  = data.data;
-    buffer.length = data.length;
-
-    ret = _gsskrb5_import_name (minor_status, &buffer, GSS_C_NT_EXPORT_NAME,
-				&name);
-    if (ret) {
-	ret = _gsskrb5_import_name (minor_status, &buffer, GSS_C_NO_OID,
-				    &name);
-	if (ret) {
-	    krb5_data_free (&data);
-	    goto failure;
-	}
-    }
-    ctx->source = (krb5_principal)name;
-    krb5_data_free (&data);
-
-    if (krb5_ret_data (sp, &data) != 0)
-	goto failure;
-    buffer.value  = data.data;
-    buffer.length = data.length;
-
-    ret = _gsskrb5_import_name (minor_status, &buffer, GSS_C_NT_EXPORT_NAME,
-				&name);
-    if (ret) {
-	ret = _gsskrb5_import_name (minor_status, &buffer, GSS_C_NO_OID,
-				    &name);
-	if (ret) {
-	    krb5_data_free (&data);
-	    goto failure;
-	}
-    }    
-    ctx->target = (krb5_principal)name;
-    krb5_data_free (&data);
-
-    if (krb5_ret_int32 (sp, &tmp))
-	goto failure;
-    ctx->flags = tmp;
-    if (krb5_ret_int32 (sp, &tmp))
-	goto failure;
-    ctx->more_flags = tmp;
-    if (krb5_ret_int32 (sp, &tmp))
-	goto failure;
-    ctx->lifetime = tmp;
-
-    ret = _gssapi_msg_order_import(minor_status, sp, &ctx->order);
-    if (ret)
-        goto failure;    
-    
-    krb5_storage_free (sp);
-
-    *context_handle = (gss_ctx_id_t)ctx;
-
-    return GSS_S_COMPLETE;
-
-failure:
-    krb5_auth_con_free (context,
-			ctx->auth_context);
-    if (ctx->source != NULL)
-	krb5_free_principal(context, ctx->source);
-    if (ctx->target != NULL)
-	krb5_free_principal(context, ctx->target);
-    if (localp)
-	krb5_free_address (context, localp);
-    if (remotep)
-	krb5_free_address (context, remotep);
-    if(ctx->order)
-	_gssapi_msg_order_destroy(&ctx->order);
-    HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex);
-    krb5_storage_free (sp);
-    free (ctx);
-    *context_handle = GSS_C_NO_CONTEXT;
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/indicate_mechs.c b/crypto/heimdal/lib/gssapi/krb5/indicate_mechs.c
deleted file mode 100644
index eb886c24d347..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/indicate_mechs.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: indicate_mechs.c 20688 2007-05-17 18:44:31Z lha $");
-
-OM_uint32 _gsskrb5_indicate_mechs
-           (OM_uint32 * minor_status,
-            gss_OID_set * mech_set
-           )
-{
-  OM_uint32 ret, junk;
-
-  ret = gss_create_empty_oid_set(minor_status, mech_set);
-  if (ret)
-      return ret;
-
-  ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, mech_set);
-  if (ret) {
-      gss_release_oid_set(&junk, mech_set);
-      return ret;
-  }
-
-  *minor_status = 0;
-  return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/init.c b/crypto/heimdal/lib/gssapi/krb5/init.c
deleted file mode 100644
index 3bbdcc8ff1a2..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/init.c
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001, 2003, 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: init.c 19031 2006-11-13 18:02:57Z lha $");
-
-static HEIMDAL_MUTEX context_mutex = HEIMDAL_MUTEX_INITIALIZER;
-static int created_key;
-static HEIMDAL_thread_key context_key;
-
-static void
-destroy_context(void *ptr)
-{
-    krb5_context context = ptr;
-
-    if (context == NULL)
-	return;
-    krb5_free_context(context);
-}
-
-krb5_error_code
-_gsskrb5_init (krb5_context *context)
-{
-    krb5_error_code ret = 0;
-
-    HEIMDAL_MUTEX_lock(&context_mutex);
-
-    if (!created_key) {
-	HEIMDAL_key_create(&context_key, destroy_context, ret);
-	if (ret) {
-	    HEIMDAL_MUTEX_unlock(&context_mutex);
-	    return ret;
-	}
-	created_key = 1;
-    }
-    HEIMDAL_MUTEX_unlock(&context_mutex);
-
-    *context = HEIMDAL_getspecific(context_key);
-    if (*context == NULL) {
-
-	ret = krb5_init_context(context);
-	if (ret == 0) {
-	    HEIMDAL_setspecific(context_key, *context, ret);
-	    if (ret) {
-		krb5_free_context(*context);
-		*context = NULL;
-	    }
-	}
-    }
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/init_sec_context.c b/crypto/heimdal/lib/gssapi/krb5/init_sec_context.c
deleted file mode 100644
index 05f7978e4337..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/init_sec_context.c
+++ /dev/null
@@ -1,811 +0,0 @@
-/*
- * Copyright (c) 1997 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: init_sec_context.c 22071 2007-11-14 20:04:50Z lha $");
-
-/*
- * copy the addresses from `input_chan_bindings' (if any) to
- * the auth context `ac'
- */
-
-static OM_uint32
-set_addresses (krb5_context context,
-	       krb5_auth_context ac,
-	       const gss_channel_bindings_t input_chan_bindings)	       
-{
-    /* Port numbers are expected to be in application_data.value, 
-     * initator's port first */ 
-
-    krb5_address initiator_addr, acceptor_addr;
-    krb5_error_code kret;
-       
-    if (input_chan_bindings == GSS_C_NO_CHANNEL_BINDINGS
-	|| input_chan_bindings->application_data.length !=
-	2 * sizeof(ac->local_port))
-	return 0;
-
-    memset(&initiator_addr, 0, sizeof(initiator_addr));
-    memset(&acceptor_addr, 0, sizeof(acceptor_addr));
-       
-    ac->local_port =
-	*(int16_t *) input_chan_bindings->application_data.value;
-       
-    ac->remote_port =
-	*((int16_t *) input_chan_bindings->application_data.value + 1);
-       
-    kret = _gsskrb5i_address_to_krb5addr(context,
-					 input_chan_bindings->acceptor_addrtype,
-					 &input_chan_bindings->acceptor_address,
-					 ac->remote_port,
-					 &acceptor_addr);
-    if (kret)
-	return kret;
-           
-    kret = _gsskrb5i_address_to_krb5addr(context,
-					 input_chan_bindings->initiator_addrtype,
-					 &input_chan_bindings->initiator_address,
-					 ac->local_port,
-					 &initiator_addr);
-    if (kret) {
-	krb5_free_address (context, &acceptor_addr);
-	return kret;
-    }
-       
-    kret = krb5_auth_con_setaddrs(context,
-				  ac,
-				  &initiator_addr,  /* local address */
-				  &acceptor_addr);  /* remote address */
-       
-    krb5_free_address (context, &initiator_addr);
-    krb5_free_address (context, &acceptor_addr);
-       
-#if 0
-    free(input_chan_bindings->application_data.value);
-    input_chan_bindings->application_data.value = NULL;
-    input_chan_bindings->application_data.length = 0;
-#endif
-
-    return kret;
-}
-
-OM_uint32
-_gsskrb5_create_ctx(
-        OM_uint32 * minor_status,
-	gss_ctx_id_t * context_handle,
-	krb5_context context,
- 	const gss_channel_bindings_t input_chan_bindings,
- 	enum gss_ctx_id_t_state state)
-{
-    krb5_error_code kret;
-    gsskrb5_ctx ctx;
-
-    *context_handle = NULL;
-
-    ctx = malloc(sizeof(*ctx));
-    if (ctx == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    ctx->auth_context		= NULL;
-    ctx->source			= NULL;
-    ctx->target			= NULL;
-    ctx->state			= state;
-    ctx->flags			= 0;
-    ctx->more_flags		= 0;
-    ctx->service_keyblock	= NULL;
-    ctx->ticket			= NULL;
-    krb5_data_zero(&ctx->fwd_data);
-    ctx->lifetime		= GSS_C_INDEFINITE;
-    ctx->order			= NULL;
-    HEIMDAL_MUTEX_init(&ctx->ctx_id_mutex);
-
-    kret = krb5_auth_con_init (context, &ctx->auth_context);
-    if (kret) {
-	*minor_status = kret;
-
-	HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex);
-		
-	return GSS_S_FAILURE;
-    }
-
-    kret = set_addresses(context, ctx->auth_context, input_chan_bindings);
-    if (kret) {
-	*minor_status = kret;
-
-	HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex);
-
-	krb5_auth_con_free(context, ctx->auth_context);
-
-	return GSS_S_BAD_BINDINGS;
-    }
-
-    /*
-     * We need a sequence number
-     */
-
-    krb5_auth_con_addflags(context,
-			   ctx->auth_context,
-			   KRB5_AUTH_CONTEXT_DO_SEQUENCE |
-			   KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED,
-			   NULL);
-
-    *context_handle = (gss_ctx_id_t)ctx;
-
-    return GSS_S_COMPLETE;
-}
-
-
-static OM_uint32
-gsskrb5_get_creds(
-        OM_uint32 * minor_status,
-	krb5_context context,
-	krb5_ccache ccache,
-	gsskrb5_ctx ctx,
-	krb5_const_principal target_name,
-	OM_uint32 time_req,
-	OM_uint32 * time_rec,
-	krb5_creds ** cred)
-{
-    OM_uint32 ret;
-    krb5_error_code kret;
-    krb5_creds this_cred;
-    OM_uint32 lifetime_rec;
-
-    *cred = NULL;
-
-    memset(&this_cred, 0, sizeof(this_cred));
-    this_cred.client = ctx->source;
-    this_cred.server = ctx->target;
-
-    if (time_req && time_req != GSS_C_INDEFINITE) {
-	krb5_timestamp ts;
-
-	krb5_timeofday (context, &ts);
-	this_cred.times.endtime = ts + time_req;
-    } else {
-	this_cred.times.endtime   = 0;
-    }
-
-    this_cred.session.keytype = KEYTYPE_NULL;
-
-    kret = krb5_get_credentials(context,
-				0,
-				ccache,
-				&this_cred,
-				cred);
-    if (kret) {
-	*minor_status = kret;
-	return GSS_S_FAILURE;
-    }
-
-    ctx->lifetime = (*cred)->times.endtime;
-
-    ret = _gsskrb5_lifetime_left(minor_status, context,
-				 ctx->lifetime, &lifetime_rec);
-    if (ret) return ret;
-
-    if (lifetime_rec == 0) {
-	*minor_status = 0;
-	return GSS_S_CONTEXT_EXPIRED;
-    }
-
-    if (time_rec) *time_rec = lifetime_rec;
-
-    return GSS_S_COMPLETE;
-}
-
-static OM_uint32
-gsskrb5_initiator_ready(
-	OM_uint32 * minor_status,
-	gsskrb5_ctx ctx,
-	krb5_context context)
-{
-	OM_uint32 ret;
-	int32_t seq_number;
-	int is_cfx = 0;
-	OM_uint32 flags = ctx->flags;
-
-	krb5_auth_getremoteseqnumber (context,
-				      ctx->auth_context,
-				      &seq_number);
-
-	_gsskrb5i_is_cfx(ctx, &is_cfx);
-
-	ret = _gssapi_msg_order_create(minor_status,
-				       &ctx->order,
-				       _gssapi_msg_order_f(flags),
-				       seq_number, 0, is_cfx);
-	if (ret) return ret;
-
-	ctx->state	= INITIATOR_READY;
-	ctx->more_flags	|= OPEN;
-
-	return GSS_S_COMPLETE;
-}
-
-/*
- * handle delegated creds in init-sec-context
- */
-
-static void
-do_delegation (krb5_context context,
-	       krb5_auth_context ac,
-	       krb5_ccache ccache,
-	       krb5_creds *cred,
-	       krb5_const_principal name,
-	       krb5_data *fwd_data,
-	       uint32_t *flags)
-{
-    krb5_creds creds;
-    KDCOptions fwd_flags;
-    krb5_error_code kret;
-       
-    memset (&creds, 0, sizeof(creds));
-    krb5_data_zero (fwd_data);
-       
-    kret = krb5_cc_get_principal(context, ccache, &creds.client);
-    if (kret) 
-	goto out;
-       
-    kret = krb5_build_principal(context,
-				&creds.server,
-				strlen(creds.client->realm),
-				creds.client->realm,
-				KRB5_TGS_NAME,
-				creds.client->realm,
-				NULL);
-    if (kret)
-	goto out; 
-       
-    creds.times.endtime = 0;
-       
-    memset(&fwd_flags, 0, sizeof(fwd_flags));
-    fwd_flags.forwarded = 1;
-    fwd_flags.forwardable = 1;
-       
-    if ( /*target_name->name.name_type != KRB5_NT_SRV_HST ||*/
-	name->name.name_string.len < 2) 
-	goto out;
-       
-    kret = krb5_get_forwarded_creds(context,
-				    ac,
-				    ccache,
-				    KDCOptions2int(fwd_flags),
-				    name->name.name_string.val[1],
-				    &creds,
-				    fwd_data);
-       
- out:
-    if (kret)
-	*flags &= ~GSS_C_DELEG_FLAG;
-    else
-	*flags |= GSS_C_DELEG_FLAG;
-       
-    if (creds.client)
-	krb5_free_principal(context, creds.client);
-    if (creds.server)
-	krb5_free_principal(context, creds.server);
-}
-
-/*
- * first stage of init-sec-context
- */
-
-static OM_uint32
-init_auth
-(OM_uint32 * minor_status,
- gsskrb5_cred initiator_cred_handle,
- gsskrb5_ctx ctx,
- krb5_context context,
- krb5_const_principal name,
- const gss_OID mech_type,
- OM_uint32 req_flags,
- OM_uint32 time_req,
- const gss_channel_bindings_t input_chan_bindings,
- const gss_buffer_t input_token,
- gss_OID * actual_mech_type,
- gss_buffer_t output_token,
- OM_uint32 * ret_flags,
- OM_uint32 * time_rec
-    )
-{
-    OM_uint32 ret = GSS_S_FAILURE;
-    krb5_error_code kret;
-    krb5_flags ap_options;
-    krb5_creds *cred = NULL;
-    krb5_data outbuf;
-    krb5_ccache ccache = NULL;
-    uint32_t flags;
-    krb5_data authenticator;
-    Checksum cksum;
-    krb5_enctype enctype;
-    krb5_data fwd_data;
-    OM_uint32 lifetime_rec;
-
-    krb5_data_zero(&outbuf);
-    krb5_data_zero(&fwd_data);
-
-    *minor_status = 0;
-
-    if (actual_mech_type)
-	*actual_mech_type = GSS_KRB5_MECHANISM;
-
-    if (initiator_cred_handle == NULL) {
-	kret = krb5_cc_default (context, &ccache);
-	if (kret) {
-	    *minor_status = kret;
-	    ret = GSS_S_FAILURE;
-	    goto failure;
-	}
-    } else
-	ccache = initiator_cred_handle->ccache;
-
-    kret = krb5_cc_get_principal (context, ccache, &ctx->source);
-    if (kret) {
-	*minor_status = kret;
-	ret = GSS_S_FAILURE;
-	goto failure;
-    }
-
-    kret = krb5_copy_principal (context, name, &ctx->target);
-    if (kret) {
-	*minor_status = kret;
-	ret = GSS_S_FAILURE;
-	goto failure;
-    }
-
-    ret = _gss_DES3_get_mic_compat(minor_status, ctx, context);
-    if (ret)
-	goto failure;
-
-
-    /*
-     * This is hideous glue for (NFS) clients that wants to limit the
-     * available enctypes to what it can support (encryption in
-     * kernel). If there is no enctypes selected for this credential,
-     * reset it to the default set of enctypes.
-     */
-    {
-	krb5_enctype *enctypes = NULL;
-
-	if (initiator_cred_handle && initiator_cred_handle->enctypes)
-	    enctypes = initiator_cred_handle->enctypes;
-	krb5_set_default_in_tkt_etypes(context, enctypes);
-    }
-
-    ret = gsskrb5_get_creds(minor_status,
-			    context,
-			    ccache,
-			    ctx,
-			    ctx->target,
-			    time_req,
-			    time_rec,
-			    &cred);
-    if (ret)
-	goto failure;
-
-    ctx->lifetime = cred->times.endtime;
-
-    ret = _gsskrb5_lifetime_left(minor_status,
-				 context,
-				 ctx->lifetime,
-				 &lifetime_rec);
-    if (ret) {
-	goto failure;
-    }
-
-    if (lifetime_rec == 0) {
-	*minor_status = 0;
-	ret = GSS_S_CONTEXT_EXPIRED;
-	goto failure;
-    }
-
-    krb5_auth_con_setkey(context, 
-			 ctx->auth_context, 
-			 &cred->session);
-
-    kret = krb5_auth_con_generatelocalsubkey(context, 
-					     ctx->auth_context,
-					     &cred->session);
-    if(kret) {
-	*minor_status = kret;
-	ret = GSS_S_FAILURE;
-	goto failure;
-    }
-    
-    /* 
-     * If the credential doesn't have ok-as-delegate, check what local
-     * policy say about ok-as-delegate, default is FALSE that makes
-     * code ignore the KDC setting and follow what the application
-     * requested. If it is TRUE, strip of the GSS_C_DELEG_FLAG if the
-     * KDC doesn't set ok-as-delegate.
-     */
-    if (!cred->flags.b.ok_as_delegate) {
-	krb5_boolean delegate;
-    
-	krb5_appdefault_boolean(context,
-				"gssapi", name->realm,
-				"ok-as-delegate", FALSE, &delegate);
-	if (delegate)
-	    req_flags &= ~GSS_C_DELEG_FLAG;
-    }
-
-    flags = 0;
-    ap_options = 0;
-    if (req_flags & GSS_C_DELEG_FLAG)
-	do_delegation (context,
-		       ctx->auth_context,
-		       ccache, cred, name, &fwd_data, &flags);
-    
-    if (req_flags & GSS_C_MUTUAL_FLAG) {
-	flags |= GSS_C_MUTUAL_FLAG;
-	ap_options |= AP_OPTS_MUTUAL_REQUIRED;
-    }
-    
-    if (req_flags & GSS_C_REPLAY_FLAG)
-	flags |= GSS_C_REPLAY_FLAG;
-    if (req_flags & GSS_C_SEQUENCE_FLAG)
-	flags |= GSS_C_SEQUENCE_FLAG;
-    if (req_flags & GSS_C_ANON_FLAG)
-	;                               /* XXX */
-    if (req_flags & GSS_C_DCE_STYLE) {
-	/* GSS_C_DCE_STYLE implies GSS_C_MUTUAL_FLAG */
-	flags |= GSS_C_DCE_STYLE | GSS_C_MUTUAL_FLAG;
-	ap_options |= AP_OPTS_MUTUAL_REQUIRED;
-    }
-    if (req_flags & GSS_C_IDENTIFY_FLAG)
-	flags |= GSS_C_IDENTIFY_FLAG;
-    if (req_flags & GSS_C_EXTENDED_ERROR_FLAG)
-	flags |= GSS_C_EXTENDED_ERROR_FLAG;
-
-    flags |= GSS_C_CONF_FLAG;
-    flags |= GSS_C_INTEG_FLAG;
-    flags |= GSS_C_TRANS_FLAG;
-    
-    if (ret_flags)
-	*ret_flags = flags;
-    ctx->flags = flags;
-    ctx->more_flags |= LOCAL;
-    
-    ret = _gsskrb5_create_8003_checksum (minor_status,
-					 input_chan_bindings,
-					 flags,
-					 &fwd_data,
-					 &cksum);
-    krb5_data_free (&fwd_data);
-    if (ret)
-	goto failure;
-
-    enctype = ctx->auth_context->keyblock->keytype;
-
-    kret = krb5_build_authenticator (context,
-				     ctx->auth_context,
-				     enctype,
-				     cred,
-				     &cksum,
-				     NULL,
-				     &authenticator,
-				     KRB5_KU_AP_REQ_AUTH);
-
-    if (kret) {
-	*minor_status = kret;
-	ret = GSS_S_FAILURE;
-	goto failure;
-    }
-
-    kret = krb5_build_ap_req (context,
-			      enctype,
-			      cred,
-			      ap_options,
-			      authenticator,
-			      &outbuf);
-
-    if (kret) {
-	*minor_status = kret;
-	ret = GSS_S_FAILURE;
-	goto failure;
-    }
-
-    ret = _gsskrb5_encapsulate (minor_status, &outbuf, output_token,
-				   (u_char *)"\x01\x00", GSS_KRB5_MECHANISM);
-    if (ret)
-	goto failure;
-
-    krb5_data_free (&outbuf);
-    krb5_free_creds(context, cred);
-    free_Checksum(&cksum);
-    if (initiator_cred_handle == NULL)
-	krb5_cc_close(context, ccache);
-
-    if (flags & GSS_C_MUTUAL_FLAG) {
-	ctx->state = INITIATOR_WAIT_FOR_MUTAL;
-	return GSS_S_CONTINUE_NEEDED;
-    }
-
-    return gsskrb5_initiator_ready(minor_status, ctx, context);
-failure:
-    if(cred)
-	krb5_free_creds(context, cred);
-    if (ccache && initiator_cred_handle == NULL)
-	krb5_cc_close(context, ccache);
-
-    return ret;
-
-}
-
-static OM_uint32
-repl_mutual
-(OM_uint32 * minor_status,
- gsskrb5_ctx ctx,
- krb5_context context,
- const gss_OID mech_type,
- OM_uint32 req_flags,
- OM_uint32 time_req,
- const gss_channel_bindings_t input_chan_bindings,
- const gss_buffer_t input_token,
- gss_OID * actual_mech_type,
- gss_buffer_t output_token,
- OM_uint32 * ret_flags,
- OM_uint32 * time_rec
-    )
-{
-    OM_uint32 ret;
-    krb5_error_code kret;
-    krb5_data indata;
-    krb5_ap_rep_enc_part *repl;
-    int is_cfx = 0;
-
-    output_token->length = 0;
-    output_token->value = NULL;
-
-    if (actual_mech_type)
-	*actual_mech_type = GSS_KRB5_MECHANISM;
-
-    if (ctx->flags & GSS_C_DCE_STYLE) {
-	/* There is no OID wrapping. */
-	indata.length	= input_token->length;
-	indata.data	= input_token->value;
-    } else {
-	ret = _gsskrb5_decapsulate (minor_status,
-				    input_token,
-				    &indata,
-				    "\x02\x00",
-				    GSS_KRB5_MECHANISM);
-	if (ret) {
-	    /* XXX - Handle AP_ERROR */
-	    return ret;
-	}
-    }
-
-    kret = krb5_rd_rep (context,
-			ctx->auth_context,
-			&indata,
-			&repl);
-    if (kret) {
-	*minor_status = kret;
-	return GSS_S_FAILURE;
-    }
-    krb5_free_ap_rep_enc_part (context,
-			       repl);
-    
-    _gsskrb5i_is_cfx(ctx, &is_cfx);
-    if (is_cfx) {
-	krb5_keyblock *key = NULL;
-
-	kret = krb5_auth_con_getremotesubkey(context,
-					     ctx->auth_context, 
-					     &key);
-	if (kret == 0 && key != NULL) {
-    	    ctx->more_flags |= ACCEPTOR_SUBKEY;
-	    krb5_free_keyblock (context, key);
-	}
-    }
-
-
-    *minor_status = 0;
-    if (time_rec) {
-	ret = _gsskrb5_lifetime_left(minor_status,
-				     context,
-				     ctx->lifetime,
-				     time_rec);
-    } else {
-	ret = GSS_S_COMPLETE;
-    }
-    if (ret_flags)
-	*ret_flags = ctx->flags;
-
-    if (req_flags & GSS_C_DCE_STYLE) {
-	int32_t con_flags;
-	krb5_data outbuf;
-
-	/* Do don't do sequence number for the mk-rep */
-	krb5_auth_con_removeflags(context,
-				  ctx->auth_context,
-				  KRB5_AUTH_CONTEXT_DO_SEQUENCE,
-				  &con_flags);
-
-	kret = krb5_mk_rep(context,
-			   ctx->auth_context,
-			   &outbuf);
-	if (kret) {
-	    *minor_status = kret;
-	    return GSS_S_FAILURE;
-	}
-	
-	output_token->length = outbuf.length;
-	output_token->value  = outbuf.data;
-
-	krb5_auth_con_removeflags(context,
-				  ctx->auth_context,
-				  KRB5_AUTH_CONTEXT_DO_SEQUENCE,
-				  NULL);
-    }
-
-    return gsskrb5_initiator_ready(minor_status, ctx, context);
-}
-
-/*
- * gss_init_sec_context
- */
-
-OM_uint32 _gsskrb5_init_sec_context
-(OM_uint32 * minor_status,
- const gss_cred_id_t initiator_cred_handle,
- gss_ctx_id_t * context_handle,
- const gss_name_t target_name,
- const gss_OID mech_type,
- OM_uint32 req_flags,
- OM_uint32 time_req,
- const gss_channel_bindings_t input_chan_bindings,
- const gss_buffer_t input_token,
- gss_OID * actual_mech_type,
- gss_buffer_t output_token,
- OM_uint32 * ret_flags,
- OM_uint32 * time_rec
-    )
-{
-    krb5_context context;
-    gsskrb5_cred cred = (gsskrb5_cred)initiator_cred_handle;
-    krb5_const_principal name = (krb5_const_principal)target_name;
-    gsskrb5_ctx ctx;
-    OM_uint32 ret;
-
-    GSSAPI_KRB5_INIT (&context);
-
-    output_token->length = 0;
-    output_token->value  = NULL;
-
-    if (context_handle == NULL) {
-	*minor_status = 0;
-	return GSS_S_FAILURE | GSS_S_CALL_BAD_STRUCTURE;
-    }
-
-    if (ret_flags)
-	*ret_flags = 0;
-    if (time_rec)
-	*time_rec = 0;
-
-    if (target_name == GSS_C_NO_NAME) {
-	if (actual_mech_type)
-	    *actual_mech_type = GSS_C_NO_OID;
-	*minor_status = 0;
-	return GSS_S_BAD_NAME;
-    }
-
-    if (mech_type != GSS_C_NO_OID && 
-	!gss_oid_equal(mech_type, GSS_KRB5_MECHANISM))
-	return GSS_S_BAD_MECH;
-
-    if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) {
-	OM_uint32 ret;
-
-	if (*context_handle != GSS_C_NO_CONTEXT) {
-	    *minor_status = 0;
-	    return GSS_S_FAILURE | GSS_S_CALL_BAD_STRUCTURE;
-	}
-    
-	ret = _gsskrb5_create_ctx(minor_status,
-				  context_handle,
-				  context,
-				  input_chan_bindings,
-				  INITIATOR_START);
-	if (ret)
-	    return ret;
-    }
-
-    if (*context_handle == GSS_C_NO_CONTEXT) {
-	*minor_status = 0;
-	return GSS_S_FAILURE | GSS_S_CALL_BAD_STRUCTURE;
-    }
-
-    ctx = (gsskrb5_ctx) *context_handle;
-
-    HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-
-    switch (ctx->state) {
-    case INITIATOR_START:
-	ret = init_auth(minor_status,
-			cred,
-			ctx,
-			context,
-			name,
-			mech_type,
-			req_flags,
-			time_req,
-			input_chan_bindings,
-			input_token,
-			actual_mech_type,
-			output_token,
-			ret_flags,
-			time_rec);
-	break;
-    case INITIATOR_WAIT_FOR_MUTAL:
-	ret = repl_mutual(minor_status,
-			  ctx,
-			  context,
-			  mech_type,
-			  req_flags,
-			  time_req,
-			  input_chan_bindings,
-			  input_token,
-			  actual_mech_type,
-			  output_token,
-			  ret_flags,
-			  time_rec);
-	break;
-    case INITIATOR_READY:
-	/* 
-	 * If we get there, the caller have called
-	 * gss_init_sec_context() one time too many.
-	 */
-	*minor_status = 0;
-	ret = GSS_S_BAD_STATUS;
-	break;
-    default:
-	*minor_status = 0;
-	ret = GSS_S_BAD_STATUS;
-	break;
-    }
-    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-
-    /* destroy context in case of error */
-    if (GSS_ERROR(ret)) {
-	OM_uint32 min2;
-	_gsskrb5_delete_sec_context(&min2, context_handle, GSS_C_NO_BUFFER);
-    }
-
-    return ret;
-
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/inquire_context.c b/crypto/heimdal/lib/gssapi/krb5/inquire_context.c
deleted file mode 100644
index 41430568b005..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/inquire_context.c
+++ /dev/null
@@ -1,112 +0,0 @@
-/*
- * Copyright (c) 1997, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: inquire_context.c 19031 2006-11-13 18:02:57Z lha $");
-
-OM_uint32 _gsskrb5_inquire_context (
-    OM_uint32 * minor_status,
-	const gss_ctx_id_t context_handle,
-	gss_name_t * src_name,
-	gss_name_t * targ_name,
-	OM_uint32 * lifetime_rec,
-	gss_OID * mech_type,
-	OM_uint32 * ctx_flags,
-	int * locally_initiated,
-	int * open_context
-    )
-{
-    krb5_context context;
-    OM_uint32 ret;
-    gsskrb5_ctx ctx = (gsskrb5_ctx)context_handle;
-    gss_name_t name;
-
-    if (src_name)
-	*src_name = GSS_C_NO_NAME;
-    if (targ_name)
-	*targ_name = GSS_C_NO_NAME;
-
-    GSSAPI_KRB5_INIT (&context);
-
-    HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-
-    if (src_name) {
-	name = (gss_name_t)ctx->source;
-	ret = _gsskrb5_duplicate_name (minor_status, name, src_name);
-	if (ret)
-	    goto failed;
-    }
-
-    if (targ_name) {
-	name = (gss_name_t)ctx->target;
-	ret = _gsskrb5_duplicate_name (minor_status, name, targ_name);
-	if (ret)
-	    goto failed;
-    }
-
-    if (lifetime_rec) {
-	ret = _gsskrb5_lifetime_left(minor_status, 
-				     context,
-				     ctx->lifetime,
-				     lifetime_rec);
-	if (ret)
-	    goto failed;
-    }
-
-    if (mech_type)
-	*mech_type = GSS_KRB5_MECHANISM;
-
-    if (ctx_flags)
-	*ctx_flags = ctx->flags;
-
-    if (locally_initiated)
-	*locally_initiated = ctx->more_flags & LOCAL;
-
-    if (open_context)
-	*open_context = ctx->more_flags & OPEN;
-
-    *minor_status = 0;
-
-    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-    return GSS_S_COMPLETE;
-
-failed:
-    if (src_name)
-	_gsskrb5_release_name(NULL, src_name);
-    if (targ_name)
-	_gsskrb5_release_name(NULL, targ_name);
-
-    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/inquire_cred.c b/crypto/heimdal/lib/gssapi/krb5/inquire_cred.c
deleted file mode 100644
index 47bf71e686ff..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/inquire_cred.c
+++ /dev/null
@@ -1,182 +0,0 @@
-/*
- * Copyright (c) 1997, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: inquire_cred.c 20688 2007-05-17 18:44:31Z lha $");
-
-OM_uint32 _gsskrb5_inquire_cred
-(OM_uint32 * minor_status,
- const gss_cred_id_t cred_handle,
- gss_name_t * output_name,
- OM_uint32 * lifetime,
- gss_cred_usage_t * cred_usage,
- gss_OID_set * mechanisms
-    )
-{
-    krb5_context context;
-    gss_cred_id_t aqcred_init = GSS_C_NO_CREDENTIAL;
-    gss_cred_id_t aqcred_accept = GSS_C_NO_CREDENTIAL;
-    gsskrb5_cred acred = NULL, icred = NULL;
-    OM_uint32 ret;
-
-    *minor_status = 0;
-
-    if (output_name)
-	*output_name = NULL;
-    if (mechanisms)
-	*mechanisms = GSS_C_NO_OID_SET;
-
-    GSSAPI_KRB5_INIT (&context);
-
-    if (cred_handle == GSS_C_NO_CREDENTIAL) {
-	ret = _gsskrb5_acquire_cred(minor_status, 
-				    GSS_C_NO_NAME,
-				    GSS_C_INDEFINITE,
-				    GSS_C_NO_OID_SET,
-				    GSS_C_ACCEPT,
-				    &aqcred_accept,
-				    NULL,
-				    NULL);
-	if (ret == GSS_S_COMPLETE)
-	    acred = (gsskrb5_cred)aqcred_accept;
-
-	ret = _gsskrb5_acquire_cred(minor_status, 
-				    GSS_C_NO_NAME,
-				    GSS_C_INDEFINITE,
-				    GSS_C_NO_OID_SET,
-				    GSS_C_INITIATE,
-				    &aqcred_init,
-				    NULL,
-				    NULL);
-	if (ret == GSS_S_COMPLETE)
-	    icred = (gsskrb5_cred)aqcred_init;
-
-	if (icred == NULL && acred == NULL) {
-	    *minor_status = 0;
-	    return GSS_S_NO_CRED;
-	}
-    } else
-	acred = (gsskrb5_cred)cred_handle;
-
-    if (acred)
-	HEIMDAL_MUTEX_lock(&acred->cred_id_mutex);
-    if (icred)
-	HEIMDAL_MUTEX_lock(&icred->cred_id_mutex);
-
-    if (output_name != NULL) {
-	if (icred && icred->principal != NULL) {
-	    gss_name_t name;
-	    
-	    if (acred && acred->principal)
-		name = (gss_name_t)acred->principal;
-	    else
-		name = (gss_name_t)icred->principal;
-		
-            ret = _gsskrb5_duplicate_name(minor_status, name, output_name);
-            if (ret)
-		goto out;
-	} else if (acred && acred->usage == GSS_C_ACCEPT) {
-	    krb5_principal princ;
-	    *minor_status = krb5_sname_to_principal(context, NULL,
-						    NULL, KRB5_NT_SRV_HST, 
-						    &princ);
-	    if (*minor_status) {
-		ret = GSS_S_FAILURE;
-		goto out;
-	    }
-	    *output_name = (gss_name_t)princ;
-	} else {
-	    krb5_principal princ;
-	    *minor_status = krb5_get_default_principal(context,
-						       &princ);
-	    if (*minor_status) {
-		ret = GSS_S_FAILURE;
-		goto out;
-	    }
-	    *output_name = (gss_name_t)princ;
-	}
-    }
-    if (lifetime != NULL) {
-	OM_uint32 alife = GSS_C_INDEFINITE, ilife = GSS_C_INDEFINITE;
-
-	if (acred) alife = acred->lifetime;
-	if (icred) ilife = icred->lifetime;
-
-	ret = _gsskrb5_lifetime_left(minor_status, 
-				     context,
-				     min(alife,ilife),
-				     lifetime);
-	if (ret)
-	    goto out;
-    }
-    if (cred_usage != NULL) {
-	if (acred && icred)
-	    *cred_usage = GSS_C_BOTH;
-	else if (acred)
-	    *cred_usage = GSS_C_ACCEPT;
-	else if (icred)
-	    *cred_usage = GSS_C_INITIATE;
-	else
-	    abort();
-    }
-
-    if (mechanisms != NULL) {
-        ret = gss_create_empty_oid_set(minor_status, mechanisms);
-        if (ret)
-	    goto out;
-	if (acred)
-	    ret = gss_add_oid_set_member(minor_status,
-					 &acred->mechanisms->elements[0],
-					 mechanisms);
-	if (ret == GSS_S_COMPLETE && icred)
-	    ret = gss_add_oid_set_member(minor_status,
-					 &icred->mechanisms->elements[0],
-					 mechanisms);
-        if (ret)
-	    goto out;
-    }
-    ret = GSS_S_COMPLETE;
-out:
-    if (acred)
-	HEIMDAL_MUTEX_unlock(&acred->cred_id_mutex);
-    if (icred)
-	HEIMDAL_MUTEX_unlock(&icred->cred_id_mutex);
-
-    if (aqcred_init != GSS_C_NO_CREDENTIAL)
-	ret = _gsskrb5_release_cred(minor_status, &aqcred_init);
-    if (aqcred_accept != GSS_C_NO_CREDENTIAL)
-	ret = _gsskrb5_release_cred(minor_status, &aqcred_accept);
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/inquire_cred_by_mech.c b/crypto/heimdal/lib/gssapi/krb5/inquire_cred_by_mech.c
deleted file mode 100644
index a8af2145bea8..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/inquire_cred_by_mech.c
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * Copyright (c) 2003, 2006, 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: inquire_cred_by_mech.c 20634 2007-05-09 15:33:01Z lha $");
-
-OM_uint32 _gsskrb5_inquire_cred_by_mech (
-    OM_uint32 * minor_status,
-	const gss_cred_id_t cred_handle,
-	const gss_OID mech_type,
-	gss_name_t * name,
-	OM_uint32 * initiator_lifetime,
-	OM_uint32 * acceptor_lifetime,
-	gss_cred_usage_t * cred_usage
-    )
-{
-    gss_cred_usage_t usage;
-    OM_uint32 maj_stat;
-    OM_uint32 lifetime;
-
-    maj_stat = 
-	_gsskrb5_inquire_cred (minor_status, cred_handle,
-			       name, &lifetime, &usage, NULL);
-    if (maj_stat)
-	return maj_stat;
-
-    if (initiator_lifetime) {
-	if (usage == GSS_C_INITIATE || usage == GSS_C_BOTH)
-	    *initiator_lifetime = lifetime;
-	else
-	    *initiator_lifetime = 0;
-    }
-   
-    if (acceptor_lifetime) {
-	if (usage == GSS_C_ACCEPT || usage == GSS_C_BOTH)
-	    *acceptor_lifetime = lifetime;
-	else
-	    *acceptor_lifetime = 0;
-    }
-
-    if (cred_usage)
-	*cred_usage = usage;
-
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/inquire_cred_by_oid.c b/crypto/heimdal/lib/gssapi/krb5/inquire_cred_by_oid.c
deleted file mode 100644
index da50b11d934a..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/inquire_cred_by_oid.c
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * Copyright (c) 2004, PADL Software Pty Ltd.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of PADL Software nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: inquire_cred_by_oid.c 19031 2006-11-13 18:02:57Z lha $");
-
-OM_uint32 _gsskrb5_inquire_cred_by_oid
-	   (OM_uint32 * minor_status,
-	    const gss_cred_id_t cred_handle,
-	    const gss_OID desired_object,
-	    gss_buffer_set_t *data_set)
-{
-    krb5_context context;
-    gsskrb5_cred cred = (gsskrb5_cred)cred_handle;
-    krb5_error_code ret;
-    gss_buffer_desc buffer;
-    char *str;
-
-    GSSAPI_KRB5_INIT (&context);
-
-    if (gss_oid_equal(desired_object, GSS_KRB5_COPY_CCACHE_X) == 0) {
-	*minor_status = EINVAL;
-	return GSS_S_FAILURE;
-    }
-
-    HEIMDAL_MUTEX_lock(&cred->cred_id_mutex);
-
-    if (cred->ccache == NULL) {
-	HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
-	*minor_status = EINVAL;
-	return GSS_S_FAILURE;
-    }
-
-    ret = krb5_cc_get_full_name(context, cred->ccache, &str);
-    HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    buffer.value = str;
-    buffer.length = strlen(str);
-
-    ret = gss_add_buffer_set_member(minor_status, &buffer, data_set);
-    if (ret != GSS_S_COMPLETE)
-	_gsskrb5_clear_status ();
-
-    free(str);
-
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
-
diff --git a/crypto/heimdal/lib/gssapi/krb5/inquire_mechs_for_name.c b/crypto/heimdal/lib/gssapi/krb5/inquire_mechs_for_name.c
deleted file mode 100644
index 0ce051f19c0c..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/inquire_mechs_for_name.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: inquire_mechs_for_name.c 20688 2007-05-17 18:44:31Z lha $");
-
-OM_uint32 _gsskrb5_inquire_mechs_for_name (
-            OM_uint32 * minor_status,
-            const gss_name_t input_name,
-            gss_OID_set * mech_types
-           )
-{
-    OM_uint32 ret;
-
-    ret = gss_create_empty_oid_set(minor_status, mech_types);
-    if (ret)
-	return ret;
-
-    ret = gss_add_oid_set_member(minor_status,
-				 GSS_KRB5_MECHANISM,
-				 mech_types);
-    if (ret)
-	gss_release_oid_set(NULL, mech_types);
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/inquire_names_for_mech.c b/crypto/heimdal/lib/gssapi/krb5/inquire_names_for_mech.c
deleted file mode 100644
index 64abd3c34a9f..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/inquire_names_for_mech.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: inquire_names_for_mech.c 20688 2007-05-17 18:44:31Z lha $");
-
-
-static gss_OID *name_list[] = {
-    &GSS_C_NT_HOSTBASED_SERVICE,
-    &GSS_C_NT_USER_NAME,
-    &GSS_KRB5_NT_PRINCIPAL_NAME,
-    &GSS_C_NT_EXPORT_NAME,
-    NULL
-};
-
-OM_uint32 _gsskrb5_inquire_names_for_mech (
-            OM_uint32 * minor_status,
-            const gss_OID mechanism,
-            gss_OID_set * name_types
-           )
-{
-    OM_uint32 ret;
-    int i;
-
-    *minor_status = 0;
-
-    if (gss_oid_equal(mechanism, GSS_KRB5_MECHANISM) == 0 &&
-	gss_oid_equal(mechanism, GSS_C_NULL_OID) == 0) {
-	*name_types = GSS_C_NO_OID_SET;
-	return GSS_S_BAD_MECH;
-    }
-
-    ret = gss_create_empty_oid_set(minor_status, name_types);
-    if (ret != GSS_S_COMPLETE)
-	return ret;
-    
-    for (i = 0; name_list[i] != NULL; i++) {
-	ret = gss_add_oid_set_member(minor_status, 
-				     *(name_list[i]),
-				     name_types);
-	if (ret != GSS_S_COMPLETE)
-	    break;
-    }
-
-    if (ret != GSS_S_COMPLETE)
-	gss_release_oid_set(NULL, name_types);
-	
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c b/crypto/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c
deleted file mode 100644
index 5ca7536e6a39..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c
+++ /dev/null
@@ -1,557 +0,0 @@
-/*
- * Copyright (c) 2004, PADL Software Pty Ltd.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of PADL Software nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: inquire_sec_context_by_oid.c 19031 2006-11-13 18:02:57Z lha $");
-
-static int
-oid_prefix_equal(gss_OID oid_enc, gss_OID prefix_enc, unsigned *suffix)
-{
-    int ret;
-    heim_oid oid;
-    heim_oid prefix;
- 
-    *suffix = 0;
-
-    ret = der_get_oid(oid_enc->elements, oid_enc->length,
-		      &oid, NULL);
-    if (ret) {
-	return 0;
-    }
-
-    ret = der_get_oid(prefix_enc->elements, prefix_enc->length,
-		      &prefix, NULL);
-    if (ret) {
-	der_free_oid(&oid);
-	return 0;
-    }
-
-    ret = 0;
-
-    if (oid.length - 1 == prefix.length) {
-	*suffix = oid.components[oid.length - 1];
-	oid.length--;
-	ret = (der_heim_oid_cmp(&oid, &prefix) == 0);
-	oid.length++;
-    }
-
-    der_free_oid(&oid);
-    der_free_oid(&prefix);
-
-    return ret;
-}
-
-static OM_uint32 inquire_sec_context_tkt_flags
-           (OM_uint32 *minor_status,
-            const gsskrb5_ctx context_handle,
-            gss_buffer_set_t *data_set)
-{
-    OM_uint32 tkt_flags;
-    unsigned char buf[4];
-    gss_buffer_desc value;
-
-    HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
-
-    if (context_handle->ticket == NULL) {
-	HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-	_gsskrb5_set_status("No ticket from which to obtain flags");
-	*minor_status = EINVAL;
-	return GSS_S_BAD_MECH;
-    }
-
-    tkt_flags = TicketFlags2int(context_handle->ticket->ticket.flags);
-    HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-
-    _gsskrb5_encode_om_uint32(tkt_flags, buf);
-    value.length = sizeof(buf);
-    value.value = buf;
-
-    return gss_add_buffer_set_member(minor_status,
-				     &value,
-				     data_set);
-}
-
-enum keytype { ACCEPTOR_KEY, INITIATOR_KEY, TOKEN_KEY };
-
-static OM_uint32 inquire_sec_context_get_subkey
-           (OM_uint32 *minor_status,
-            const gsskrb5_ctx context_handle,
-	    krb5_context context,
-	    enum keytype keytype,
-            gss_buffer_set_t *data_set)
-{
-    krb5_keyblock *key = NULL;
-    krb5_storage *sp = NULL;
-    krb5_data data;
-    OM_uint32 maj_stat = GSS_S_COMPLETE;
-    krb5_error_code ret;
-
-    krb5_data_zero(&data);
-
-    sp = krb5_storage_emem();
-    if (sp == NULL) {
-	_gsskrb5_clear_status();
-	ret = ENOMEM;
-	goto out;
-    }
-
-    HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
-    switch(keytype) {
-    case ACCEPTOR_KEY:
-	ret = _gsskrb5i_get_acceptor_subkey(context_handle, context, &key);
-	break;
-    case INITIATOR_KEY:
-	ret = _gsskrb5i_get_initiator_subkey(context_handle, context, &key);
-	break;
-    case TOKEN_KEY:
-	ret = _gsskrb5i_get_token_key(context_handle, context, &key);
-	break;
-    default:
-	_gsskrb5_set_status("%d is not a valid subkey type", keytype);
-	ret = EINVAL;
-	break;
-   }
-    HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-    if (ret) 
-	goto out;
-    if (key == NULL) {
-	_gsskrb5_set_status("have no subkey of type %d", keytype);
-	ret = EINVAL;
-	goto out;
-    }
-
-    ret = krb5_store_keyblock(sp, *key);
-    krb5_free_keyblock (context, key);
-    if (ret)
-	goto out;
-
-    ret = krb5_storage_to_data(sp, &data);
-    if (ret)
-	goto out;
-
-    {
-	gss_buffer_desc value;
-	
-	value.length = data.length;
-	value.value = data.data;
-	
-	maj_stat = gss_add_buffer_set_member(minor_status,
-					     &value,
-					     data_set);
-    }
-
-out:
-    krb5_data_free(&data);
-    if (sp)
-	krb5_storage_free(sp);
-    if (ret) {
-	*minor_status = ret;
-	maj_stat = GSS_S_FAILURE;
-    }
-    return maj_stat;
-}
-
-static OM_uint32 inquire_sec_context_authz_data
-           (OM_uint32 *minor_status,
-            const gsskrb5_ctx context_handle,
-	    krb5_context context,
-            unsigned ad_type,
-            gss_buffer_set_t *data_set)
-{
-    krb5_data data;
-    gss_buffer_desc ad_data;
-    OM_uint32 ret;
-
-    *minor_status = 0;
-    *data_set = GSS_C_NO_BUFFER_SET;
-
-    HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
-    if (context_handle->ticket == NULL) {
-	HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-	*minor_status = EINVAL;
-	_gsskrb5_set_status("No ticket to obtain authz data from");
-	return GSS_S_NO_CONTEXT;
-    }
-
-    ret = krb5_ticket_get_authorization_data_type(context,
-						  context_handle->ticket,
-						  ad_type,
-						  &data);
-    HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    ad_data.value = data.data;
-    ad_data.length = data.length;
-
-    ret = gss_add_buffer_set_member(minor_status,
-				    &ad_data,
-				    data_set);
-
-    krb5_data_free(&data);
-
-    return ret;
-}
-
-static OM_uint32 inquire_sec_context_has_updated_spnego
-           (OM_uint32 *minor_status,
-            const gsskrb5_ctx context_handle,
-            gss_buffer_set_t *data_set)
-{
-    int is_updated = 0;
-
-    *minor_status = 0;
-    *data_set = GSS_C_NO_BUFFER_SET;
-
-    /*
-     * For Windows SPNEGO implementations, both the initiator and the
-     * acceptor are assumed to have been updated if a "newer" [CLAR] or
-     * different enctype is negotiated for use by the Kerberos GSS-API
-     * mechanism.
-     */
-    HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
-    _gsskrb5i_is_cfx(context_handle, &is_updated);
-    if (is_updated == 0) {
-	krb5_keyblock *acceptor_subkey;
-
-	if (context_handle->more_flags & LOCAL)
-	    acceptor_subkey = context_handle->auth_context->remote_subkey;
-	else
-	    acceptor_subkey = context_handle->auth_context->local_subkey;
-
-	if (acceptor_subkey != NULL)
-	    is_updated = (acceptor_subkey->keytype !=
-			  context_handle->auth_context->keyblock->keytype);
-    }
-    HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-
-    return is_updated ? GSS_S_COMPLETE : GSS_S_FAILURE;
-}
-
-/*
- *
- */
-
-static OM_uint32
-export_lucid_sec_context_v1(OM_uint32 *minor_status,
-			    gsskrb5_ctx context_handle,
-			    krb5_context context,
-			    gss_buffer_set_t *data_set)
-{
-    krb5_storage *sp = NULL;
-    OM_uint32 major_status = GSS_S_COMPLETE;
-    krb5_error_code ret;
-    krb5_keyblock *key = NULL;
-    int32_t number;
-    int is_cfx;
-    krb5_data data;
-    
-    *minor_status = 0;
-
-    HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
-
-    _gsskrb5i_is_cfx(context_handle, &is_cfx);
-
-    sp = krb5_storage_emem();
-    if (sp == NULL) {
-	_gsskrb5_clear_status();
-	ret = ENOMEM;
-	goto out;
-    }
-
-    ret = krb5_store_int32(sp, 1);
-    if (ret) goto out;
-    ret = krb5_store_int32(sp, (context_handle->more_flags & LOCAL) ? 1 : 0);
-    if (ret) goto out;
-    ret = krb5_store_int32(sp, context_handle->lifetime);
-    if (ret) goto out;
-    krb5_auth_con_getlocalseqnumber (context,
-				     context_handle->auth_context,
-				     &number);
-    ret = krb5_store_uint32(sp, (uint32_t)0); /* store top half as zero */
-    ret = krb5_store_uint32(sp, (uint32_t)number);
-    krb5_auth_getremoteseqnumber (context,
-				  context_handle->auth_context,
-				  &number);
-    ret = krb5_store_uint32(sp, (uint32_t)0); /* store top half as zero */
-    ret = krb5_store_uint32(sp, (uint32_t)number);
-    ret = krb5_store_int32(sp, (is_cfx) ? 1 : 0);
-    if (ret) goto out;
-
-    ret = _gsskrb5i_get_token_key(context_handle, context, &key);
-    if (ret) goto out;
-
-    if (is_cfx == 0) {
-	int sign_alg, seal_alg;
-
-	switch (key->keytype) {
-	case ETYPE_DES_CBC_CRC:
-	case ETYPE_DES_CBC_MD4:
-	case ETYPE_DES_CBC_MD5:
-	    sign_alg = 0;
-	    seal_alg = 0;
-	    break;
-	case ETYPE_DES3_CBC_MD5:
-	case ETYPE_DES3_CBC_SHA1:
-	    sign_alg = 4;
-	    seal_alg = 2;
-	    break;
-	case ETYPE_ARCFOUR_HMAC_MD5:
-	case ETYPE_ARCFOUR_HMAC_MD5_56:
-	    sign_alg = 17;
-	    seal_alg = 16;
-	    break;
-	default:
-	    sign_alg = -1;
-	    seal_alg = -1;
-	    break;
-	}
-	ret = krb5_store_int32(sp, sign_alg);
-	if (ret) goto out;
-	ret = krb5_store_int32(sp, seal_alg);
-	if (ret) goto out;
-	/* ctx_key */
-	ret = krb5_store_keyblock(sp, *key);
-	if (ret) goto out;
-    } else {
-	int subkey_p = (context_handle->more_flags & ACCEPTOR_SUBKEY) ? 1 : 0;
-
-	/* have_acceptor_subkey */
-	ret = krb5_store_int32(sp, subkey_p);
-	if (ret) goto out;
-	/* ctx_key */
-	ret = krb5_store_keyblock(sp, *key);
-	if (ret) goto out;
-	/* acceptor_subkey */
-	if (subkey_p) {
-	    ret = krb5_store_keyblock(sp, *key);
-	    if (ret) goto out;
-	}
-    }
-    ret = krb5_storage_to_data(sp, &data);
-    if (ret) goto out;
-
-    {
-	gss_buffer_desc ad_data;
-
-	ad_data.value = data.data;
-	ad_data.length = data.length;
-
-	ret = gss_add_buffer_set_member(minor_status, &ad_data, data_set);
-	krb5_data_free(&data);
-	if (ret)
-	    goto out;
-    }
-
-out:
-    if (key)
-	krb5_free_keyblock (context, key);
-    if (sp)
-	krb5_storage_free(sp);
-    if (ret) {
-	*minor_status = ret;
-	major_status = GSS_S_FAILURE;
-    }
-    HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-    return major_status;
-}
-
-static OM_uint32
-get_authtime(OM_uint32 *minor_status,
-	     gsskrb5_ctx ctx, 
-	     gss_buffer_set_t *data_set)
-
-{
-    gss_buffer_desc value;
-    unsigned char buf[4];
-    OM_uint32 authtime;
-
-    HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-    if (ctx->ticket == NULL) {
-	HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-	_gsskrb5_set_status("No ticket to obtain auth time from");
-	*minor_status = EINVAL;
-	return GSS_S_FAILURE;
-    }
-    
-    authtime = ctx->ticket->ticket.authtime;
-    
-    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-
-    _gsskrb5_encode_om_uint32(authtime, buf);
-    value.length = sizeof(buf);
-    value.value = buf;
-
-    return gss_add_buffer_set_member(minor_status,
-				     &value,
-				     data_set);
-}
-
-
-static OM_uint32 
-get_service_keyblock
-        (OM_uint32 *minor_status,
-	 gsskrb5_ctx ctx, 
-	 gss_buffer_set_t *data_set)
-{
-    krb5_storage *sp = NULL;
-    krb5_data data;
-    OM_uint32 maj_stat = GSS_S_COMPLETE;
-    krb5_error_code ret = EINVAL;
-    
-    sp = krb5_storage_emem();
-    if (sp == NULL) {
-	_gsskrb5_clear_status();
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-
-    HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-    if (ctx->service_keyblock == NULL) {
-	HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-	_gsskrb5_set_status("No service keyblock on gssapi context");
-	*minor_status = EINVAL;
-	return GSS_S_FAILURE; 
-    }
-
-    krb5_data_zero(&data);
-
-    ret = krb5_store_keyblock(sp, *ctx->service_keyblock);
-
-    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-
-    if (ret)
-	goto out;
-
-    ret = krb5_storage_to_data(sp, &data);
-    if (ret)
-	goto out;
-
-    {
-	gss_buffer_desc value;
-	
-	value.length = data.length;
-	value.value = data.data;
-	
-	maj_stat = gss_add_buffer_set_member(minor_status,
-					     &value,
-					     data_set);
-    }
-
-out:
-    krb5_data_free(&data);
-    if (sp)
-	krb5_storage_free(sp);
-    if (ret) {
-	*minor_status = ret;
-	maj_stat = GSS_S_FAILURE;
-    }
-    return maj_stat;
-}
-/*
- *
- */
-
-OM_uint32 _gsskrb5_inquire_sec_context_by_oid
-           (OM_uint32 *minor_status,
-            const gss_ctx_id_t context_handle,
-            const gss_OID desired_object,
-            gss_buffer_set_t *data_set)
-{
-    krb5_context context;
-    const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
-    unsigned suffix;
-
-    if (ctx == NULL) {
-	*minor_status = EINVAL;
-	return GSS_S_NO_CONTEXT;
-    }
-
-    GSSAPI_KRB5_INIT (&context);
-
-    if (gss_oid_equal(desired_object, GSS_KRB5_GET_TKT_FLAGS_X)) {
-	return inquire_sec_context_tkt_flags(minor_status,
-					     ctx,
-					     data_set);
-    } else if (gss_oid_equal(desired_object, GSS_C_PEER_HAS_UPDATED_SPNEGO)) {
-	return inquire_sec_context_has_updated_spnego(minor_status,
-						      ctx,
-						      data_set);
-    } else if (gss_oid_equal(desired_object, GSS_KRB5_GET_SUBKEY_X)) {
-	return inquire_sec_context_get_subkey(minor_status,
-					      ctx,
-					      context,
-					      TOKEN_KEY,
-					      data_set);
-    } else if (gss_oid_equal(desired_object, GSS_KRB5_GET_INITIATOR_SUBKEY_X)) {
-	return inquire_sec_context_get_subkey(minor_status,
-					      ctx,
-					      context,
-					      INITIATOR_KEY,
-					      data_set);
-    } else if (gss_oid_equal(desired_object, GSS_KRB5_GET_ACCEPTOR_SUBKEY_X)) {
-	return inquire_sec_context_get_subkey(minor_status,
-					      ctx,
-					      context,
-					      ACCEPTOR_KEY,
-					      data_set);
-    } else if (gss_oid_equal(desired_object, GSS_KRB5_GET_AUTHTIME_X)) {
-	return get_authtime(minor_status, ctx, data_set);
-    } else if (oid_prefix_equal(desired_object,
-				GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X,
-				&suffix)) {
-	return inquire_sec_context_authz_data(minor_status,
-					      ctx,
-					      context,
-					      suffix,
-					      data_set);
-    } else if (oid_prefix_equal(desired_object,
-				GSS_KRB5_EXPORT_LUCID_CONTEXT_X,
-				&suffix)) {
-	if (suffix == 1)
-	    return export_lucid_sec_context_v1(minor_status,
-					       ctx,
-					       context,
-					       data_set);
-	*minor_status = 0;
-	return GSS_S_FAILURE;
-    } else if (gss_oid_equal(desired_object, GSS_KRB5_GET_SERVICE_KEYBLOCK_X)) {
-	return get_service_keyblock(minor_status, ctx, data_set);
-    } else {
-	*minor_status = 0;
-	return GSS_S_FAILURE;
-    }
-}
-
diff --git a/crypto/heimdal/lib/gssapi/krb5/prf.c b/crypto/heimdal/lib/gssapi/krb5/prf.c
deleted file mode 100644
index f79c9374a9c7..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/prf.c
+++ /dev/null
@@ -1,143 +0,0 @@
-/*
- * Copyright (c) 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: prf.c 21129 2007-06-18 20:28:44Z lha $");
-
-OM_uint32
-_gsskrb5_pseudo_random(OM_uint32 *minor_status,
-		       gss_ctx_id_t context_handle,
-		       int prf_key,
-		       const gss_buffer_t prf_in,
-		       ssize_t desired_output_len,
-		       gss_buffer_t prf_out)
-{
-    gsskrb5_ctx ctx = (gsskrb5_ctx)context_handle;
-    krb5_context context;
-    krb5_error_code ret;
-    krb5_crypto crypto;
-    krb5_data input, output;
-    uint32_t num;
-    unsigned char *p;
-    krb5_keyblock *key = NULL;
-
-    if (ctx == NULL) {
-	*minor_status = 0;
-	return GSS_S_NO_CONTEXT;
-    }
-
-    if (desired_output_len <= 0) {
-	*minor_status = 0;
-	return GSS_S_FAILURE;
-    }
-
-    GSSAPI_KRB5_INIT (&context);
-
-    switch(prf_key) {
-    case GSS_C_PRF_KEY_FULL:
-	_gsskrb5i_get_acceptor_subkey(ctx, context, &key);
-	break;
-    case GSS_C_PRF_KEY_PARTIAL:
-	_gsskrb5i_get_initiator_subkey(ctx, context, &key);
-	break;
-    default:
-	_gsskrb5_set_status("unknown kerberos prf_key");
-	*minor_status = 0;
-	return GSS_S_FAILURE;
-    }
-
-    if (key == NULL) {
-	_gsskrb5_set_status("no prf_key found");
-	*minor_status = 0;
-	return GSS_S_FAILURE;
-    }
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    krb5_free_keyblock (context, key);
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    prf_out->value = malloc(desired_output_len);
-    if (prf_out->value == NULL) {
-	_gsskrb5_set_status("Out of memory");
-	*minor_status = GSS_KRB5_S_KG_INPUT_TOO_LONG;
-	krb5_crypto_destroy(context, crypto);
-	return GSS_S_FAILURE;
-    }
-    prf_out->length = desired_output_len;
-
-    HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-
-    input.length = prf_in->length + 4;
-    input.data = malloc(prf_in->length + 4);
-    if (input.data == NULL) {
-	OM_uint32 junk;
-	_gsskrb5_set_status("Out of memory");
-	*minor_status = GSS_KRB5_S_KG_INPUT_TOO_LONG;
-	gss_release_buffer(&junk, prf_out);
-	krb5_crypto_destroy(context, crypto);
-	HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-	return GSS_S_FAILURE;
-    }
-    memcpy(((unsigned char *)input.data) + 4, prf_in->value, prf_in->length);
-
-    num = 0;
-    p = prf_out->value;
-    while(desired_output_len > 0) {
-	_gsskrb5_encode_om_uint32(num, input.data);
-	ret = krb5_crypto_prf(context, crypto, &input, &output);
-	if (ret) {
-	    OM_uint32 junk;
-	    *minor_status = ret;
-	    free(input.data);
-	    gss_release_buffer(&junk, prf_out);
-	    krb5_crypto_destroy(context, crypto);
-	    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-	    return GSS_S_FAILURE;
-	}
-	memcpy(p, output.data, min(desired_output_len, output.length));
-	p += output.length;
-	desired_output_len -= output.length;
-	krb5_data_free(&output);
-	num++;
-    }
-
-    krb5_crypto_destroy(context, crypto);
-
-    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/process_context_token.c b/crypto/heimdal/lib/gssapi/krb5/process_context_token.c
deleted file mode 100644
index 15638f57fcc5..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/process_context_token.c
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: process_context_token.c 19031 2006-11-13 18:02:57Z lha $");
-
-OM_uint32 _gsskrb5_process_context_token (
-	OM_uint32          *minor_status,
-	const gss_ctx_id_t context_handle,
-	const gss_buffer_t token_buffer
-    )
-{
-    krb5_context context;
-    OM_uint32 ret = GSS_S_FAILURE;
-    gss_buffer_desc empty_buffer;
-    gss_qop_t qop_state;
-
-    empty_buffer.length = 0;
-    empty_buffer.value = NULL;
-
-    GSSAPI_KRB5_INIT (&context);
-
-    qop_state = GSS_C_QOP_DEFAULT;
-
-    ret = _gsskrb5_verify_mic_internal(minor_status, 
-				       (gsskrb5_ctx)context_handle,
-				       context,
-				       token_buffer, &empty_buffer,
-				       GSS_C_QOP_DEFAULT, "\x01\x02");
-
-    if (ret == GSS_S_COMPLETE)
-	ret = _gsskrb5_delete_sec_context(minor_status,
-					  rk_UNCONST(&context_handle),
-					  GSS_C_NO_BUFFER);
-    if (ret == GSS_S_COMPLETE)
-	*minor_status = 0;
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/release_buffer.c b/crypto/heimdal/lib/gssapi/krb5/release_buffer.c
deleted file mode 100644
index 5dff62631ab4..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/release_buffer.c
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: release_buffer.c 18334 2006-10-07 22:16:04Z lha $");
-
-OM_uint32 _gsskrb5_release_buffer
-           (OM_uint32 * minor_status,
-            gss_buffer_t buffer
-           )
-{
-  *minor_status = 0;
-  free (buffer->value);
-  buffer->value  = NULL;
-  buffer->length = 0;
-  return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/release_cred.c b/crypto/heimdal/lib/gssapi/krb5/release_cred.c
deleted file mode 100644
index ab5695b097b1..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/release_cred.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Copyright (c) 1997-2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: release_cred.c 20753 2007-05-31 22:50:06Z lha $");
-
-OM_uint32 _gsskrb5_release_cred
-           (OM_uint32 * minor_status,
-            gss_cred_id_t * cred_handle
-           )
-{
-    krb5_context context;
-    gsskrb5_cred cred;
-    OM_uint32 junk;
-
-    *minor_status = 0;
-
-    if (*cred_handle == NULL) 
-        return GSS_S_COMPLETE;
-
-    cred = (gsskrb5_cred)*cred_handle;
-    *cred_handle = GSS_C_NO_CREDENTIAL;
-
-    GSSAPI_KRB5_INIT (&context);
-
-    HEIMDAL_MUTEX_lock(&cred->cred_id_mutex);
-
-    if (cred->principal != NULL)
-        krb5_free_principal(context, cred->principal);
-    if (cred->keytab != NULL)
-	krb5_kt_close(context, cred->keytab);
-    if (cred->ccache != NULL) {
-	const krb5_cc_ops *ops;
-	ops = krb5_cc_get_ops(context, cred->ccache);
-	if (cred->cred_flags & GSS_CF_DESTROY_CRED_ON_RELEASE)
-	    krb5_cc_destroy(context, cred->ccache);
-	else 
-	    krb5_cc_close(context, cred->ccache);
-    }
-    gss_release_oid_set(&junk, &cred->mechanisms);
-    if (cred->enctypes)
-	free(cred->enctypes);
-    HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
-    HEIMDAL_MUTEX_destroy(&cred->cred_id_mutex);
-    memset(cred, 0, sizeof(*cred));
-    free(cred);
-    return GSS_S_COMPLETE;
-}
-
diff --git a/crypto/heimdal/lib/gssapi/krb5/release_name.c b/crypto/heimdal/lib/gssapi/krb5/release_name.c
deleted file mode 100644
index 80b91930fd37..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/release_name.c
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: release_name.c 21128 2007-06-18 20:26:50Z lha $");
-
-OM_uint32 _gsskrb5_release_name
-           (OM_uint32 * minor_status,
-            gss_name_t * input_name
-           )
-{
-    krb5_context context;
-    krb5_principal name = (krb5_principal)*input_name;
-
-    *minor_status = 0;
-
-    GSSAPI_KRB5_INIT (&context);
-
-    *input_name = GSS_C_NO_NAME;
-
-    krb5_free_principal(context, name);
-
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/sequence.c b/crypto/heimdal/lib/gssapi/krb5/sequence.c
deleted file mode 100644
index 677a3c8d0778..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/sequence.c
+++ /dev/null
@@ -1,294 +0,0 @@
-/*
- * Copyright (c) 2003 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: sequence.c 18334 2006-10-07 22:16:04Z lha $");
-
-#define DEFAULT_JITTER_WINDOW 20
-
-struct gss_msg_order {
-    OM_uint32 flags;
-    OM_uint32 start;
-    OM_uint32 length;
-    OM_uint32 jitter_window;
-    OM_uint32 first_seq;
-    OM_uint32 elem[1];
-};
-
-
-/*
- *
- */
-
-static OM_uint32
-msg_order_alloc(OM_uint32 *minor_status,
-		struct gss_msg_order **o,
-		OM_uint32 jitter_window)
-{
-    size_t len;
-    
-    len = jitter_window * sizeof((*o)->elem[0]);
-    len += sizeof(**o);
-    len -= sizeof((*o)->elem[0]);
-    
-    *o = calloc(1, len);
-    if (*o == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }	
-    
-    *minor_status = 0;
-    return GSS_S_COMPLETE;    
-}
-
-/*
- *
- */
-
-OM_uint32
-_gssapi_msg_order_create(OM_uint32 *minor_status,
-			 struct gss_msg_order **o, 
-			 OM_uint32 flags, 
-			 OM_uint32 seq_num, 
-			 OM_uint32 jitter_window,
-			 int use_64)
-{
-    OM_uint32 ret;
-
-    if (jitter_window == 0)
-	jitter_window = DEFAULT_JITTER_WINDOW;
-
-    ret = msg_order_alloc(minor_status, o, jitter_window);
-    if(ret != GSS_S_COMPLETE)
-        return ret;
-
-    (*o)->flags = flags;
-    (*o)->length = 0;
-    (*o)->first_seq = seq_num;
-    (*o)->jitter_window = jitter_window;
-    (*o)->elem[0] = seq_num - 1;
-
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
-
-OM_uint32
-_gssapi_msg_order_destroy(struct gss_msg_order **m)
-{
-    free(*m);
-    *m = NULL;
-    return GSS_S_COMPLETE;
-}
-
-static void
-elem_set(struct gss_msg_order *o, unsigned int slot, OM_uint32 val)
-{
-    o->elem[slot % o->jitter_window] = val;
-}
-
-static void
-elem_insert(struct gss_msg_order *o, 
-	    unsigned int after_slot,
-	    OM_uint32 seq_num)
-{
-    assert(o->jitter_window > after_slot);
-
-    if (o->length > after_slot)
-	memmove(&o->elem[after_slot + 1], &o->elem[after_slot],
-		(o->length - after_slot - 1) * sizeof(o->elem[0]));
-
-    elem_set(o, after_slot, seq_num);
-
-    if (o->length < o->jitter_window)
-	o->length++;
-}
-
-/* rule 1: expected sequence number */
-/* rule 2: > expected sequence number */
-/* rule 3: seqnum < seqnum(first) */
-/* rule 4+5: seqnum in [seqnum(first),seqnum(last)]  */
-
-OM_uint32
-_gssapi_msg_order_check(struct gss_msg_order *o, OM_uint32 seq_num)
-{
-    OM_uint32 r;
-    int i;
-
-    if (o == NULL)
-	return GSS_S_COMPLETE;
-
-    if ((o->flags & (GSS_C_REPLAY_FLAG|GSS_C_SEQUENCE_FLAG)) == 0)
-	return GSS_S_COMPLETE;
-
-    /* check if the packet is the next in order */
-    if (o->elem[0] == seq_num - 1) {
-	elem_insert(o, 0, seq_num);
-	return GSS_S_COMPLETE;
-    }
-
-    r = (o->flags & (GSS_C_REPLAY_FLAG|GSS_C_SEQUENCE_FLAG))==GSS_C_REPLAY_FLAG;
-
-    /* sequence number larger then largest sequence number 
-     * or smaller then the first sequence number */
-    if (seq_num > o->elem[0]
-	|| seq_num < o->first_seq
-	|| o->length == 0) 
-    {
-	elem_insert(o, 0, seq_num);
-	if (r) {
-	    return GSS_S_COMPLETE;
-	} else {
-	    return GSS_S_GAP_TOKEN;
-	}
-    }
-
-    assert(o->length > 0);
-
-    /* sequence number smaller the first sequence number */
-    if (seq_num < o->elem[o->length - 1]) {
-	if (r)
-	    return(GSS_S_OLD_TOKEN);
-	else
-	    return(GSS_S_UNSEQ_TOKEN);
-    }
-
-    if (seq_num == o->elem[o->length - 1]) {
-	return GSS_S_DUPLICATE_TOKEN;
-    }
-
-    for (i = 0; i < o->length - 1; i++) {
-	if (o->elem[i] == seq_num)
-	    return GSS_S_DUPLICATE_TOKEN;
-	if (o->elem[i + 1] < seq_num && o->elem[i] < seq_num) {
-	    elem_insert(o, i, seq_num);
-	    if (r)
-		return GSS_S_COMPLETE;
-	    else
-		return GSS_S_UNSEQ_TOKEN;
-	}
-    }
-
-    return GSS_S_FAILURE;
-}
-
-OM_uint32
-_gssapi_msg_order_f(OM_uint32 flags)
-{
-    return flags & (GSS_C_SEQUENCE_FLAG|GSS_C_REPLAY_FLAG);
-}
-
-/*
- * Translate `o` into inter-process format and export in to `sp'.
- */
-
-krb5_error_code
-_gssapi_msg_order_export(krb5_storage *sp, struct gss_msg_order *o)
-{
-    krb5_error_code kret;
-    OM_uint32 i;
-    
-    kret = krb5_store_int32(sp, o->flags);
-    if (kret)
-        return kret;
-    kret = krb5_store_int32(sp, o->start);
-    if (kret)
-        return kret;
-    kret = krb5_store_int32(sp, o->length);
-    if (kret)
-        return kret;
-    kret = krb5_store_int32(sp, o->jitter_window);
-    if (kret)
-        return kret;
-    kret = krb5_store_int32(sp, o->first_seq);
-    if (kret)
-        return kret;
-    
-    for (i = 0; i < o->jitter_window; i++) {
-        kret = krb5_store_int32(sp, o->elem[i]);
-	if (kret)
-	    return kret;
-    }
-    
-    return 0;
-}
-
-OM_uint32
-_gssapi_msg_order_import(OM_uint32 *minor_status,
-			 krb5_storage *sp, 
-			 struct gss_msg_order **o)
-{
-    OM_uint32 ret;
-    krb5_error_code kret;
-    int32_t i, flags, start, length, jitter_window, first_seq;
-    
-    kret = krb5_ret_int32(sp, &flags);
-    if (kret)
-	goto failed;
-    ret = krb5_ret_int32(sp, &start);
-    if (kret)
-	goto failed;
-    ret = krb5_ret_int32(sp, &length);
-    if (kret)
-	goto failed;
-    ret = krb5_ret_int32(sp, &jitter_window);
-    if (kret)
-	goto failed;
-    ret = krb5_ret_int32(sp, &first_seq);
-    if (kret)
-	goto failed;
-    
-    ret = msg_order_alloc(minor_status, o, jitter_window);
-    if (ret != GSS_S_COMPLETE)
-        return ret;
-    
-    (*o)->flags = flags;
-    (*o)->start = start;
-    (*o)->length = length;
-    (*o)->jitter_window = jitter_window;
-    (*o)->first_seq = first_seq;
-    
-    for( i = 0; i < jitter_window; i++ ) {
-        kret = krb5_ret_int32(sp, (int32_t*)&((*o)->elem[i]));
-	if (kret)
-	    goto failed;
-    }
-
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-
-failed:
-    _gssapi_msg_order_destroy(o);
-    *minor_status = kret;
-    return GSS_S_FAILURE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/set_cred_option.c b/crypto/heimdal/lib/gssapi/krb5/set_cred_option.c
deleted file mode 100644
index d0ca1c4d95dd..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/set_cred_option.c
+++ /dev/null
@@ -1,229 +0,0 @@
-/*
- * Copyright (c) 2004, PADL Software Pty Ltd.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of PADL Software nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: set_cred_option.c 20325 2007-04-12 16:49:17Z lha $");
-
-static gss_OID_desc gss_krb5_import_cred_x_oid_desc =
-{9, (void *)"\x2b\x06\x01\x04\x01\xa9\x4a\x13\x04"}; /* XXX */
-
-gss_OID GSS_KRB5_IMPORT_CRED_X = &gss_krb5_import_cred_x_oid_desc;
-
-static OM_uint32
-import_cred(OM_uint32 *minor_status,
-	    krb5_context context,
-            gss_cred_id_t *cred_handle,
-            const gss_buffer_t value)
-{
-    OM_uint32 major_stat;
-    krb5_error_code ret;
-    krb5_principal keytab_principal = NULL;
-    krb5_keytab keytab = NULL;
-    krb5_storage *sp = NULL;
-    krb5_ccache id = NULL;
-    char *str;
-
-    if (cred_handle == NULL || *cred_handle != GSS_C_NO_CREDENTIAL) {
-	*minor_status = 0;
-	return GSS_S_FAILURE;
-    }
-
-    sp = krb5_storage_from_mem(value->value, value->length);
-    if (sp == NULL) {
-	*minor_status = 0;
-	return GSS_S_FAILURE;
-    }
-
-    /* credential cache name */
-    ret = krb5_ret_string(sp, &str);
-    if (ret) {
-	*minor_status = ret;
-	major_stat =  GSS_S_FAILURE;
-	goto out;
-    }
-    if (str[0]) {
-	ret = krb5_cc_resolve(context, str, &id);
-	if (ret) {
-	    *minor_status = ret;
-	    major_stat =  GSS_S_FAILURE;
-	    goto out;
-	}
-    }
-    free(str);
-    str = NULL;
-
-    /* keytab principal name */
-    ret = krb5_ret_string(sp, &str);
-    if (ret == 0 && str[0])
-	ret = krb5_parse_name(context, str, &keytab_principal);
-    if (ret) {
-	*minor_status = ret;
-	major_stat = GSS_S_FAILURE;
-	goto out;
-    }
-    free(str);
-    str = NULL;
-
-    /* keytab principal */
-    ret = krb5_ret_string(sp, &str);
-    if (ret) {
-	*minor_status = ret;
-	major_stat =  GSS_S_FAILURE;
-	goto out;
-    }
-    if (str[0]) {
-	ret = krb5_kt_resolve(context, str, &keytab);
-	if (ret) {
-	    *minor_status = ret;
-	    major_stat =  GSS_S_FAILURE;
-	    goto out;
-	}
-    }
-    free(str);
-    str = NULL;
-
-    major_stat = _gsskrb5_import_cred(minor_status, id, keytab_principal,
-				      keytab, cred_handle);
-out:
-    if (id)
-	krb5_cc_close(context, id);
-    if (keytab_principal)
-	krb5_free_principal(context, keytab_principal);
-    if (keytab)
-	krb5_kt_close(context, keytab);
-    if (str)
-	free(str);
-    if (sp)
-	krb5_storage_free(sp);
-
-    return major_stat;
-}
-
-
-static OM_uint32
-allowed_enctypes(OM_uint32 *minor_status,
-		 krb5_context context,
-		 gss_cred_id_t *cred_handle,
-		 const gss_buffer_t value)
-{
-    OM_uint32 major_stat;
-    krb5_error_code ret;
-    size_t len, i;
-    krb5_enctype *enctypes = NULL;
-    krb5_storage *sp = NULL;
-    gsskrb5_cred cred;
-
-    if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL) {
-	*minor_status = 0;
-	return GSS_S_FAILURE;
-    }
-
-    cred = (gsskrb5_cred)*cred_handle;
-
-    if ((value->length % 4) != 0) {
-	*minor_status = 0;
-	major_stat = GSS_S_FAILURE;
-	goto out;
-    }
-
-    len = value->length / 4;
-    enctypes = malloc((len + 1) * 4);
-    if (enctypes == NULL) {
-	*minor_status = ENOMEM;
-	major_stat = GSS_S_FAILURE;
-	goto out;
-    }
-
-    sp = krb5_storage_from_mem(value->value, value->length);
-    if (sp == NULL) {
-	*minor_status = ENOMEM;
-	major_stat = GSS_S_FAILURE;
-	goto out;
-    }
-
-    for (i = 0; i < len; i++) {
-	uint32_t e;
-
-	ret = krb5_ret_uint32(sp, &e);
-	if (ret) {
-	    *minor_status = ret;
-	    major_stat =  GSS_S_FAILURE;
-	    goto out;
-	}
-	enctypes[i] = e;
-    }
-    enctypes[i] = 0;
-
-    if (cred->enctypes)
-	free(cred->enctypes);
-    cred->enctypes = enctypes;
-
-    krb5_storage_free(sp);
-
-    return GSS_S_COMPLETE;
-
-out:
-    if (sp)
-	krb5_storage_free(sp);
-    if (enctypes)
-	free(enctypes);
-
-    return major_stat;
-}
-
-
-OM_uint32
-_gsskrb5_set_cred_option
-           (OM_uint32 *minor_status,
-            gss_cred_id_t *cred_handle,
-            const gss_OID desired_object,
-            const gss_buffer_t value)
-{
-    krb5_context context;
-
-    GSSAPI_KRB5_INIT (&context);
-
-    if (value == GSS_C_NO_BUFFER) {
-	*minor_status = EINVAL;
-	return GSS_S_FAILURE;
-    }
-
-    if (gss_oid_equal(desired_object, GSS_KRB5_IMPORT_CRED_X))
-	return import_cred(minor_status, context, cred_handle, value);
-
-    if (gss_oid_equal(desired_object, GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X))
-	return allowed_enctypes(minor_status, context, cred_handle, value);
-
-    *minor_status = EINVAL;
-    return GSS_S_FAILURE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/set_sec_context_option.c b/crypto/heimdal/lib/gssapi/krb5/set_sec_context_option.c
deleted file mode 100644
index 50441a11ad3c..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/set_sec_context_option.c
+++ /dev/null
@@ -1,192 +0,0 @@
-/*
- * Copyright (c) 2004, PADL Software Pty Ltd.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of PADL Software nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/*
- *  glue routine for _gsskrb5_inquire_sec_context_by_oid
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: set_sec_context_option.c 20384 2007-04-18 08:51:06Z lha $");
-
-static OM_uint32
-get_bool(OM_uint32 *minor_status,
-	 const gss_buffer_t value,
-	 int *flag)
-{
-    if (value->value == NULL || value->length != 1) {
-	*minor_status = EINVAL;
-	return GSS_S_FAILURE;
-    }
-    *flag = *((const char *)value->value) != 0;
-    return GSS_S_COMPLETE;
-}
-
-static OM_uint32
-get_string(OM_uint32 *minor_status,
-	   const gss_buffer_t value,
-	   char **str)
-{
-    if (value == NULL || value->length == 0) {
-	*str = NULL;
-    } else {
-	*str = malloc(value->length + 1);
-	if (*str == NULL) {
-	    *minor_status = 0;
-	    return GSS_S_UNAVAILABLE;
-	}
-	memcpy(*str, value->value, value->length);
-	(*str)[value->length] = '\0';
-    }
-    return GSS_S_COMPLETE;
-}
-
-OM_uint32
-_gsskrb5_set_sec_context_option
-           (OM_uint32 *minor_status,
-            gss_ctx_id_t *context_handle,
-            const gss_OID desired_object,
-            const gss_buffer_t value)
-{
-    krb5_context context;
-    OM_uint32 maj_stat;
-
-    GSSAPI_KRB5_INIT (&context);
-
-    if (value == GSS_C_NO_BUFFER) {
-	*minor_status = EINVAL;
-	return GSS_S_FAILURE;
-    }
-
-    if (gss_oid_equal(desired_object, GSS_KRB5_COMPAT_DES3_MIC_X)) {
-	gsskrb5_ctx ctx;
-	int flag;
-
-	if (*context_handle == GSS_C_NO_CONTEXT) {
-	    *minor_status = EINVAL;
-	    return GSS_S_NO_CONTEXT;
-	}
-
-	maj_stat = get_bool(minor_status, value, &flag);
-	if (maj_stat != GSS_S_COMPLETE)
-	    return maj_stat;
-
-	ctx = (gsskrb5_ctx)*context_handle;
-	HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-	if (flag)
-	    ctx->more_flags |= COMPAT_OLD_DES3;
-	else
-	    ctx->more_flags &= ~COMPAT_OLD_DES3;
-	ctx->more_flags |= COMPAT_OLD_DES3_SELECTED;
-	HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-	return GSS_S_COMPLETE;
-    } else if (gss_oid_equal(desired_object, GSS_KRB5_SET_DNS_CANONICALIZE_X)) {
-	int flag;
-
-	maj_stat = get_bool(minor_status, value, &flag);
-	if (maj_stat != GSS_S_COMPLETE)
-	    return maj_stat;
-
-	krb5_set_dns_canonicalize_hostname(context, flag);
-	return GSS_S_COMPLETE;
-
-    } else if (gss_oid_equal(desired_object, GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X)) {
-	char *str;
-
-	maj_stat = get_string(minor_status, value, &str);
-	if (maj_stat != GSS_S_COMPLETE)
-	    return maj_stat;
-
-	_gsskrb5_register_acceptor_identity(str);
-	free(str);
-
-	*minor_status = 0;
-	return GSS_S_COMPLETE;
-
-    } else if (gss_oid_equal(desired_object, GSS_KRB5_SET_DEFAULT_REALM_X)) {
-	char *str;
-
-	maj_stat = get_string(minor_status, value, &str);
-	if (maj_stat != GSS_S_COMPLETE)
-	    return maj_stat;
-	if (str == NULL) {
-	    *minor_status = 0;
-	    return GSS_S_CALL_INACCESSIBLE_READ;
-	}
-
-	krb5_set_default_realm(context, str);
-	free(str);
-
-	*minor_status = 0;
-	return GSS_S_COMPLETE;
-
-    } else if (gss_oid_equal(desired_object, GSS_KRB5_SEND_TO_KDC_X)) {
-
-	if (value == NULL || value->length == 0) {
-	    krb5_set_send_to_kdc_func(context, NULL, NULL);
-	} else {
-	    struct gsskrb5_send_to_kdc c;
-
-	    if (value->length != sizeof(c)) {
-		*minor_status = EINVAL;
-		return GSS_S_FAILURE;
-	    }
-	    memcpy(&c, value->value, sizeof(c));
-	    krb5_set_send_to_kdc_func(context,
-				      (krb5_send_to_kdc_func)c.func, 
-				      c.ptr);
-	}
-
-	*minor_status = 0;
-	return GSS_S_COMPLETE;
-    } else if (gss_oid_equal(desired_object, GSS_KRB5_CCACHE_NAME_X)) {
-	char *str;
-
-	maj_stat = get_string(minor_status, value, &str);
-	if (maj_stat != GSS_S_COMPLETE)
-	    return maj_stat;
-	if (str == NULL) {
-	    *minor_status = 0;
-	    return GSS_S_CALL_INACCESSIBLE_READ;
-	}
-
-	*minor_status = krb5_cc_set_default_name(context, str);
-	free(str);
-	if (*minor_status)
-	    return GSS_S_FAILURE;
-
-	return GSS_S_COMPLETE;
-    }
-
-    *minor_status = EINVAL;
-    return GSS_S_FAILURE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/test_cfx.c b/crypto/heimdal/lib/gssapi/krb5/test_cfx.c
deleted file mode 100644
index b4536228a6e1..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/test_cfx.c
+++ /dev/null
@@ -1,159 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: test_cfx.c 19031 2006-11-13 18:02:57Z lha $");
-
-struct range {
-    size_t lower;
-    size_t upper;
-};
-
-struct range tests[] = {
-    { 0, 1040 },
-    { 2040, 2080 },
-    { 4080, 5000 },
-    { 8180, 8292 },
-    { 9980, 10010 }
-};
-
-static void
-test_range(const struct range *r, int integ, 
-	   krb5_context context, krb5_crypto crypto)
-{
-    krb5_error_code ret;
-    size_t size, rsize;
-
-    for (size = r->lower; size < r->upper; size++) {
-	OM_uint32 max_wrap_size;
-	size_t cksumsize;
-	uint16_t padsize;
-
-	ret = _gsskrb5cfx_max_wrap_length_cfx(context,
-					      crypto,
-					      integ,
-					      size,
-					      &max_wrap_size);
-	if (ret)
-	    krb5_errx(context, 1, "_gsskrb5cfx_max_wrap_length_cfx: %d", ret);
-	if (max_wrap_size == 0)
-	    continue;
-
-	ret = _gsskrb5cfx_wrap_length_cfx(context,
-					  crypto,
-					  integ,
-					  max_wrap_size,
-					  &rsize, &cksumsize, &padsize);
-	if (ret)
-	    krb5_errx(context, 1, "_gsskrb5cfx_wrap_length_cfx: %d", ret);
-
-	if (size < rsize)
-	    krb5_errx(context, 1, 
-		      "size (%d) < rsize (%d) for max_wrap_size %d",
-		      (int)size, (int)rsize, (int)max_wrap_size);
-    }
-}
-
-static void
-test_special(krb5_context context, krb5_crypto crypto,
-	     int integ, size_t testsize)
-{
-    krb5_error_code ret;
-    size_t rsize;
-    OM_uint32 max_wrap_size;
-    size_t cksumsize;
-    uint16_t padsize;
-
-    ret = _gsskrb5cfx_max_wrap_length_cfx(context,
-					  crypto,
-					  integ,
-					  testsize,
-					  &max_wrap_size);
-    if (ret)
-	krb5_errx(context, 1, "_gsskrb5cfx_max_wrap_length_cfx: %d", ret);
-    
-    ret = _gsskrb5cfx_wrap_length_cfx(context,
-				      crypto,
-				      integ,
-				      max_wrap_size,
-				      &rsize, &cksumsize, &padsize);
-    if (ret)
-	krb5_errx(context, 1, "_gsskrb5cfx_wrap_length_cfx: %d", ret);
-    
-    if (testsize < rsize)
-	krb5_errx(context, 1, 
-		  "testsize (%d) < rsize (%d) for max_wrap_size %d",
-		  (int)testsize, (int)rsize, (int)max_wrap_size);
-}
-
-
-
-
-int
-main(int argc, char **argv)
-{
-    krb5_keyblock keyblock;
-    krb5_error_code ret;
-    krb5_context context;
-    krb5_crypto crypto;
-    int i;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx(1, "krb5_context_init: %d", ret);
-    
-    ret = krb5_generate_random_keyblock(context, 
-					ENCTYPE_AES256_CTS_HMAC_SHA1_96,
-					&keyblock);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_generate_random_keyblock");
-
-    ret = krb5_crypto_init(context, &keyblock, 0, &crypto);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_crypto_init");
-
-    test_special(context, crypto, 1, 60);
-    test_special(context, crypto, 0, 60);
-
-    for (i = 0; i < sizeof(tests)/sizeof(tests[0]); i++) {
-	test_range(&tests[i], 1, context, crypto);
-	test_range(&tests[i], 0, context, crypto);
-    }
-
-    krb5_free_keyblock_contents(context, &keyblock);
-    krb5_crypto_destroy(context, crypto);
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/ticket_flags.c b/crypto/heimdal/lib/gssapi/krb5/ticket_flags.c
deleted file mode 100644
index 51d8159262af..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/ticket_flags.c
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Copyright (c) 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: ticket_flags.c 18334 2006-10-07 22:16:04Z lha $");
-
-OM_uint32
-_gsskrb5_get_tkt_flags(OM_uint32 *minor_status,
-		       gsskrb5_ctx ctx,
-		       OM_uint32 *tkt_flags)
-{
-    if (ctx == NULL) {
-	*minor_status = EINVAL;
-	return GSS_S_NO_CONTEXT;
-    }
-    HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-
-    if (ctx->ticket == NULL) {
-	HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-	*minor_status = EINVAL;
-	return GSS_S_BAD_MECH;
-    }
-
-    *tkt_flags = TicketFlags2int(ctx->ticket->ticket.flags);
-    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/unwrap.c b/crypto/heimdal/lib/gssapi/krb5/unwrap.c
deleted file mode 100644
index d0a33d86fbfc..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/unwrap.c
+++ /dev/null
@@ -1,413 +0,0 @@
-/*
- * Copyright (c) 1997 - 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: unwrap.c 19031 2006-11-13 18:02:57Z lha $");
-
-static OM_uint32
-unwrap_des
-           (OM_uint32 * minor_status,
-            const gsskrb5_ctx context_handle,
-            const gss_buffer_t input_message_buffer,
-            gss_buffer_t output_message_buffer,
-            int * conf_state,
-            gss_qop_t * qop_state,
-	    krb5_keyblock *key
-           )
-{
-  u_char *p, *seq;
-  size_t len;
-  MD5_CTX md5;
-  u_char hash[16];
-  DES_key_schedule schedule;
-  DES_cblock deskey;
-  DES_cblock zero;
-  int i;
-  uint32_t seq_number;
-  size_t padlength;
-  OM_uint32 ret;
-  int cstate;
-  int cmp;
-
-  p = input_message_buffer->value;
-  ret = _gsskrb5_verify_header (&p,
-				   input_message_buffer->length,
-				   "\x02\x01",
-				   GSS_KRB5_MECHANISM);
-  if (ret)
-      return ret;
-
-  if (memcmp (p, "\x00\x00", 2) != 0)
-    return GSS_S_BAD_SIG;
-  p += 2;
-  if (memcmp (p, "\x00\x00", 2) == 0) {
-      cstate = 1;
-  } else if (memcmp (p, "\xFF\xFF", 2) == 0) {
-      cstate = 0;
-  } else
-      return GSS_S_BAD_MIC;
-  p += 2;
-  if(conf_state != NULL)
-      *conf_state = cstate;
-  if (memcmp (p, "\xff\xff", 2) != 0)
-    return GSS_S_DEFECTIVE_TOKEN;
-  p += 2;
-  p += 16;
-
-  len = p - (u_char *)input_message_buffer->value;
-
-  if(cstate) {
-      /* decrypt data */
-      memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
-
-      for (i = 0; i < sizeof(deskey); ++i)
-	  deskey[i] ^= 0xf0;
-      DES_set_key (&deskey, &schedule);
-      memset (&zero, 0, sizeof(zero));
-      DES_cbc_encrypt ((void *)p,
-		       (void *)p,
-		       input_message_buffer->length - len,
-		       &schedule,
-		       &zero,
-		       DES_DECRYPT);
-      
-      memset (deskey, 0, sizeof(deskey));
-      memset (&schedule, 0, sizeof(schedule));
-  }
-  /* check pad */
-  ret = _gssapi_verify_pad(input_message_buffer, 
-			   input_message_buffer->length - len,
-			   &padlength);
-  if (ret)
-      return ret;
-
-  MD5_Init (&md5);
-  MD5_Update (&md5, p - 24, 8);
-  MD5_Update (&md5, p, input_message_buffer->length - len);
-  MD5_Final (hash, &md5);
-
-  memset (&zero, 0, sizeof(zero));
-  memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
-  DES_set_key (&deskey, &schedule);
-  DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
-		 &schedule, &zero);
-  if (memcmp (p - 8, hash, 8) != 0)
-    return GSS_S_BAD_MIC;
-
-  /* verify sequence number */
-  
-  HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
-
-  p -= 16;
-  DES_set_key (&deskey, &schedule);
-  DES_cbc_encrypt ((void *)p, (void *)p, 8,
-		   &schedule, (DES_cblock *)hash, DES_DECRYPT);
-
-  memset (deskey, 0, sizeof(deskey));
-  memset (&schedule, 0, sizeof(schedule));
-
-  seq = p;
-  _gsskrb5_decode_om_uint32(seq, &seq_number);
-
-  if (context_handle->more_flags & LOCAL)
-      cmp = memcmp(&seq[4], "\xff\xff\xff\xff", 4);
-  else
-      cmp = memcmp(&seq[4], "\x00\x00\x00\x00", 4);
-
-  if (cmp != 0) {
-    HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-    return GSS_S_BAD_MIC;
-  }
-
-  ret = _gssapi_msg_order_check(context_handle->order, seq_number);
-  if (ret) {
-    HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-    return ret;
-  }
-
-  HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-
-  /* copy out data */
-
-  output_message_buffer->length = input_message_buffer->length
-    - len - padlength - 8;
-  output_message_buffer->value  = malloc(output_message_buffer->length);
-  if(output_message_buffer->length != 0 && output_message_buffer->value == NULL)
-      return GSS_S_FAILURE;
-  memcpy (output_message_buffer->value,
-	  p + 24,
-	  output_message_buffer->length);
-  return GSS_S_COMPLETE;
-}
-
-static OM_uint32
-unwrap_des3
-           (OM_uint32 * minor_status,
-            const gsskrb5_ctx context_handle,
-	    krb5_context context,
-            const gss_buffer_t input_message_buffer,
-            gss_buffer_t output_message_buffer,
-            int * conf_state,
-            gss_qop_t * qop_state,
-	    krb5_keyblock *key
-           )
-{
-  u_char *p;
-  size_t len;
-  u_char *seq;
-  krb5_data seq_data;
-  u_char cksum[20];
-  uint32_t seq_number;
-  size_t padlength;
-  OM_uint32 ret;
-  int cstate;
-  krb5_crypto crypto;
-  Checksum csum;
-  int cmp;
-
-  p = input_message_buffer->value;
-  ret = _gsskrb5_verify_header (&p,
-				   input_message_buffer->length,
-				   "\x02\x01",
-				   GSS_KRB5_MECHANISM);
-  if (ret)
-      return ret;
-
-  if (memcmp (p, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */
-    return GSS_S_BAD_SIG;
-  p += 2;
-  if (memcmp (p, "\x02\x00", 2) == 0) {
-    cstate = 1;
-  } else if (memcmp (p, "\xff\xff", 2) == 0) {
-    cstate = 0;
-  } else
-    return GSS_S_BAD_MIC;
-  p += 2;
-  if(conf_state != NULL)
-    *conf_state = cstate;
-  if (memcmp (p, "\xff\xff", 2) != 0)
-    return GSS_S_DEFECTIVE_TOKEN;
-  p += 2;
-  p += 28;
-
-  len = p - (u_char *)input_message_buffer->value;
-
-  if(cstate) {
-      /* decrypt data */
-      krb5_data tmp;
-
-      ret = krb5_crypto_init(context, key,
-			     ETYPE_DES3_CBC_NONE, &crypto);
-      if (ret) {
-	  *minor_status = ret;
-	  return GSS_S_FAILURE;
-      }
-      ret = krb5_decrypt(context, crypto, KRB5_KU_USAGE_SEAL,
-			 p, input_message_buffer->length - len, &tmp);
-      krb5_crypto_destroy(context, crypto);
-      if (ret) {
-	  *minor_status = ret;
-	  return GSS_S_FAILURE;
-      }
-      assert (tmp.length == input_message_buffer->length - len);
-
-      memcpy (p, tmp.data, tmp.length);
-      krb5_data_free(&tmp);
-  }
-  /* check pad */
-  ret = _gssapi_verify_pad(input_message_buffer, 
-			   input_message_buffer->length - len,
-			   &padlength);
-  if (ret)
-      return ret;
-
-  /* verify sequence number */
-  
-  HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
-
-  p -= 28;
-
-  ret = krb5_crypto_init(context, key,
-			 ETYPE_DES3_CBC_NONE, &crypto);
-  if (ret) {
-      *minor_status = ret;
-      HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-      return GSS_S_FAILURE;
-  }
-  {
-      DES_cblock ivec;
-
-      memcpy(&ivec, p + 8, 8);
-      ret = krb5_decrypt_ivec (context,
-			       crypto,
-			       KRB5_KU_USAGE_SEQ,
-			       p, 8, &seq_data,
-			       &ivec);
-  }
-  krb5_crypto_destroy (context, crypto);
-  if (ret) {
-      *minor_status = ret;
-      HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-      return GSS_S_FAILURE;
-  }
-  if (seq_data.length != 8) {
-      krb5_data_free (&seq_data);
-      *minor_status = 0;
-      HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-      return GSS_S_BAD_MIC;
-  }
-
-  seq = seq_data.data;
-  _gsskrb5_decode_om_uint32(seq, &seq_number);
-
-  if (context_handle->more_flags & LOCAL)
-      cmp = memcmp(&seq[4], "\xff\xff\xff\xff", 4);
-  else
-      cmp = memcmp(&seq[4], "\x00\x00\x00\x00", 4);
-  
-  krb5_data_free (&seq_data);
-  if (cmp != 0) {
-      *minor_status = 0;
-      HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-      return GSS_S_BAD_MIC;
-  }
-
-  ret = _gssapi_msg_order_check(context_handle->order, seq_number);
-  if (ret) {
-      *minor_status = 0;
-      HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-      return ret;
-  }
-
-  HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-
-  /* verify checksum */
-
-  memcpy (cksum, p + 8, 20);
-
-  memcpy (p + 20, p - 8, 8);
-
-  csum.cksumtype = CKSUMTYPE_HMAC_SHA1_DES3;
-  csum.checksum.length = 20;
-  csum.checksum.data   = cksum;
-
-  ret = krb5_crypto_init(context, key, 0, &crypto);
-  if (ret) {
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-
-  ret = krb5_verify_checksum (context, crypto,
-			      KRB5_KU_USAGE_SIGN,
-			      p + 20,
-			      input_message_buffer->length - len + 8,
-			      &csum);
-  krb5_crypto_destroy (context, crypto);
-  if (ret) {
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-
-  /* copy out data */
-
-  output_message_buffer->length = input_message_buffer->length
-    - len - padlength - 8;
-  output_message_buffer->value  = malloc(output_message_buffer->length);
-  if(output_message_buffer->length != 0 && output_message_buffer->value == NULL)
-      return GSS_S_FAILURE;
-  memcpy (output_message_buffer->value,
-	  p + 36,
-	  output_message_buffer->length);
-  return GSS_S_COMPLETE;
-}
-
-OM_uint32 _gsskrb5_unwrap
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            const gss_buffer_t input_message_buffer,
-            gss_buffer_t output_message_buffer,
-            int * conf_state,
-            gss_qop_t * qop_state
-           )
-{
-  krb5_keyblock *key;
-  krb5_context context;
-  OM_uint32 ret;
-  krb5_keytype keytype;
-  gsskrb5_ctx ctx = (gsskrb5_ctx) context_handle;
-
-  output_message_buffer->value = NULL;
-  output_message_buffer->length = 0;
-
-  GSSAPI_KRB5_INIT (&context);
-
-  if (qop_state != NULL)
-      *qop_state = GSS_C_QOP_DEFAULT;
-  HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-  ret = _gsskrb5i_get_token_key(ctx, context, &key);
-  HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-  if (ret) {
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-  krb5_enctype_to_keytype (context, key->keytype, &keytype);
-
-  *minor_status = 0;
-
-  switch (keytype) {
-  case KEYTYPE_DES :
-      ret = unwrap_des (minor_status, ctx,
-			input_message_buffer, output_message_buffer,
-			conf_state, qop_state, key);
-      break;
-  case KEYTYPE_DES3 :
-      ret = unwrap_des3 (minor_status, ctx, context,
-			 input_message_buffer, output_message_buffer,
-			 conf_state, qop_state, key);
-      break;
-  case KEYTYPE_ARCFOUR:
-  case KEYTYPE_ARCFOUR_56:
-      ret = _gssapi_unwrap_arcfour (minor_status, ctx, context,
-				    input_message_buffer, output_message_buffer,
-				    conf_state, qop_state, key);
-      break;
-  default :
-      ret = _gssapi_unwrap_cfx (minor_status, ctx, context,
-				input_message_buffer, output_message_buffer,
-				conf_state, qop_state, key);
-      break;
-  }
-  krb5_free_keyblock (context, key);
-  return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/v1.c b/crypto/heimdal/lib/gssapi/krb5/v1.c
deleted file mode 100644
index c5ebeb9dd77e..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/v1.c
+++ /dev/null
@@ -1,104 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: v1.c 18334 2006-10-07 22:16:04Z lha $");
-
-/* These functions are for V1 compatibility */
-
-OM_uint32 _gsskrb5_sign
-           (OM_uint32 * minor_status,
-            gss_ctx_id_t context_handle,
-            int qop_req,
-            gss_buffer_t message_buffer,
-            gss_buffer_t message_token
-           )
-{
-  return _gsskrb5_get_mic(minor_status,
-	context_handle,
-	(gss_qop_t)qop_req,
-	message_buffer,
-	message_token);
-}
-
-OM_uint32 _gsskrb5_verify
-           (OM_uint32 * minor_status,
-            gss_ctx_id_t context_handle,
-            gss_buffer_t message_buffer,
-            gss_buffer_t token_buffer,
-            int * qop_state
-           )
-{
-  return _gsskrb5_verify_mic(minor_status,
-	context_handle,
-	message_buffer,
-	token_buffer,
-	(gss_qop_t *)qop_state);
-}
-
-OM_uint32 _gsskrb5_seal
-           (OM_uint32 * minor_status,
-            gss_ctx_id_t context_handle,
-            int conf_req_flag,
-            int qop_req,
-            gss_buffer_t input_message_buffer,
-            int * conf_state,
-            gss_buffer_t output_message_buffer
-           )
-{
-  return _gsskrb5_wrap(minor_status,
-	context_handle,
-	conf_req_flag,
-	(gss_qop_t)qop_req,
-	input_message_buffer,
-	conf_state,
-	output_message_buffer);
-}
-
-OM_uint32 _gsskrb5_unseal
-           (OM_uint32 * minor_status,
-            gss_ctx_id_t context_handle,
-            gss_buffer_t input_message_buffer,
-            gss_buffer_t output_message_buffer,
-            int * conf_state,
-            int * qop_state
-           )
-{
-  return _gsskrb5_unwrap(minor_status,
-	context_handle,
-	input_message_buffer,
-	output_message_buffer,
-	conf_state,
-	(gss_qop_t *)qop_state);
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/verify_mic.c b/crypto/heimdal/lib/gssapi/krb5/verify_mic.c
deleted file mode 100644
index 52381afcc28a..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/verify_mic.c
+++ /dev/null
@@ -1,344 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: verify_mic.c 19031 2006-11-13 18:02:57Z lha $");
-
-static OM_uint32
-verify_mic_des
-           (OM_uint32 * minor_status,
-            const gsskrb5_ctx context_handle,
-	    krb5_context context,
-            const gss_buffer_t message_buffer,
-            const gss_buffer_t token_buffer,
-            gss_qop_t * qop_state,
-	    krb5_keyblock *key,
-	    char *type
-	    )
-{
-  u_char *p;
-  MD5_CTX md5;
-  u_char hash[16], *seq;
-  DES_key_schedule schedule;
-  DES_cblock zero;
-  DES_cblock deskey;
-  uint32_t seq_number;
-  OM_uint32 ret;
-  int cmp;
-
-  p = token_buffer->value;
-  ret = _gsskrb5_verify_header (&p,
-				   token_buffer->length,
-				   type,
-				   GSS_KRB5_MECHANISM);
-  if (ret)
-      return ret;
-
-  if (memcmp(p, "\x00\x00", 2) != 0)
-      return GSS_S_BAD_SIG;
-  p += 2;
-  if (memcmp (p, "\xff\xff\xff\xff", 4) != 0)
-    return GSS_S_BAD_MIC;
-  p += 4;
-  p += 16;
-
-  /* verify checksum */
-  MD5_Init (&md5);
-  MD5_Update (&md5, p - 24, 8);
-  MD5_Update (&md5, message_buffer->value,
-	     message_buffer->length);
-  MD5_Final (hash, &md5);
-
-  memset (&zero, 0, sizeof(zero));
-  memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
-
-  DES_set_key (&deskey, &schedule);
-  DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
-		 &schedule, &zero);
-  if (memcmp (p - 8, hash, 8) != 0) {
-    memset (deskey, 0, sizeof(deskey));
-    memset (&schedule, 0, sizeof(schedule));
-    return GSS_S_BAD_MIC;
-  }
-
-  /* verify sequence number */
-  
-  HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
-
-  p -= 16;
-  DES_set_key (&deskey, &schedule);
-  DES_cbc_encrypt ((void *)p, (void *)p, 8,
-		   &schedule, (DES_cblock *)hash, DES_DECRYPT);
-
-  memset (deskey, 0, sizeof(deskey));
-  memset (&schedule, 0, sizeof(schedule));
-
-  seq = p;
-  _gsskrb5_decode_om_uint32(seq, &seq_number);
-
-  if (context_handle->more_flags & LOCAL)
-      cmp = memcmp(&seq[4], "\xff\xff\xff\xff", 4);
-  else
-      cmp = memcmp(&seq[4], "\x00\x00\x00\x00", 4);
-
-  if (cmp != 0) {
-    HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-    return GSS_S_BAD_MIC;
-  }
-
-  ret = _gssapi_msg_order_check(context_handle->order, seq_number);
-  if (ret) {
-      HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-      return ret;
-  }
-
-  HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-
-  return GSS_S_COMPLETE;
-}
-
-static OM_uint32
-verify_mic_des3
-           (OM_uint32 * minor_status,
-            const gsskrb5_ctx context_handle,
-	    krb5_context context,
-            const gss_buffer_t message_buffer,
-            const gss_buffer_t token_buffer,
-            gss_qop_t * qop_state,
-	    krb5_keyblock *key,
-	    char *type
-	    )
-{
-  u_char *p;
-  u_char *seq;
-  uint32_t seq_number;
-  OM_uint32 ret;
-  krb5_crypto crypto;
-  krb5_data seq_data;
-  int cmp, docompat;
-  Checksum csum;
-  char *tmp;
-  char ivec[8];
-  
-  p = token_buffer->value;
-  ret = _gsskrb5_verify_header (&p,
-				   token_buffer->length,
-				   type,
-				   GSS_KRB5_MECHANISM);
-  if (ret)
-      return ret;
-
-  if (memcmp(p, "\x04\x00", 2) != 0) /* SGN_ALG = HMAC SHA1 DES3-KD */
-      return GSS_S_BAD_SIG;
-  p += 2;
-  if (memcmp (p, "\xff\xff\xff\xff", 4) != 0)
-    return GSS_S_BAD_MIC;
-  p += 4;
-
-  ret = krb5_crypto_init(context, key,
-			 ETYPE_DES3_CBC_NONE, &crypto);
-  if (ret){
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-
-  /* verify sequence number */
-  docompat = 0;
-retry:
-  if (docompat)
-      memset(ivec, 0, 8);
-  else
-      memcpy(ivec, p + 8, 8);
-
-  ret = krb5_decrypt_ivec (context,
-			   crypto,
-			   KRB5_KU_USAGE_SEQ,
-			   p, 8, &seq_data, ivec);
-  if (ret) {
-      if (docompat++) {
-	  krb5_crypto_destroy (context, crypto);
-	  *minor_status = ret;
-	  return GSS_S_FAILURE;
-      } else
-	  goto retry;
-  }
-
-  if (seq_data.length != 8) {
-      krb5_data_free (&seq_data);
-      if (docompat++) {
-	  krb5_crypto_destroy (context, crypto);
-	  return GSS_S_BAD_MIC;
-      } else
-	  goto retry;
-  }
-
-  HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
-
-  seq = seq_data.data;
-  _gsskrb5_decode_om_uint32(seq, &seq_number);
-
-  if (context_handle->more_flags & LOCAL)
-      cmp = memcmp(&seq[4], "\xff\xff\xff\xff", 4);
-  else
-      cmp = memcmp(&seq[4], "\x00\x00\x00\x00", 4);
-
-  krb5_data_free (&seq_data);
-  if (cmp != 0) {
-      krb5_crypto_destroy (context, crypto);
-      *minor_status = 0;
-      HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-      return GSS_S_BAD_MIC;
-  }
-
-  ret = _gssapi_msg_order_check(context_handle->order, seq_number);
-  if (ret) {
-      krb5_crypto_destroy (context, crypto);
-      *minor_status = 0;
-      HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-      return ret;
-  }
-
-  /* verify checksum */
-
-  tmp = malloc (message_buffer->length + 8);
-  if (tmp == NULL) {
-      krb5_crypto_destroy (context, crypto);
-      HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-      *minor_status = ENOMEM;
-      return GSS_S_FAILURE;
-  }
-
-  memcpy (tmp, p - 8, 8);
-  memcpy (tmp + 8, message_buffer->value, message_buffer->length);
-
-  csum.cksumtype = CKSUMTYPE_HMAC_SHA1_DES3;
-  csum.checksum.length = 20;
-  csum.checksum.data   = p + 8;
-
-  ret = krb5_verify_checksum (context, crypto,
-			      KRB5_KU_USAGE_SIGN,
-			      tmp, message_buffer->length + 8,
-			      &csum);
-  free (tmp);
-  if (ret) {
-      krb5_crypto_destroy (context, crypto);
-      *minor_status = ret;
-      HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-      return GSS_S_BAD_MIC;
-  }
-  HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-
-  krb5_crypto_destroy (context, crypto);
-  return GSS_S_COMPLETE;
-}
-
-OM_uint32
-_gsskrb5_verify_mic_internal
-           (OM_uint32 * minor_status,
-            const gsskrb5_ctx context_handle,
-	    krb5_context context,
-            const gss_buffer_t message_buffer,
-            const gss_buffer_t token_buffer,
-            gss_qop_t * qop_state,
-	    char * type
-	    )
-{
-    krb5_keyblock *key;
-    OM_uint32 ret;
-    krb5_keytype keytype;
-
-    HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
-    ret = _gsskrb5i_get_token_key(context_handle, context, &key);
-    HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-    *minor_status = 0;
-    krb5_enctype_to_keytype (context, key->keytype, &keytype);
-    switch (keytype) {
-    case KEYTYPE_DES :
-	ret = verify_mic_des (minor_status, context_handle, context,
-			      message_buffer, token_buffer, qop_state, key,
-			      type);
-	break;
-    case KEYTYPE_DES3 :
-	ret = verify_mic_des3 (minor_status, context_handle, context,
-			       message_buffer, token_buffer, qop_state, key,
-			       type);
-	break;
-    case KEYTYPE_ARCFOUR :
-    case KEYTYPE_ARCFOUR_56 :
-	ret = _gssapi_verify_mic_arcfour (minor_status, context_handle,
-					  context,
-					  message_buffer, token_buffer,
-					  qop_state, key, type);
-	break;
-    default :
-	ret = _gssapi_verify_mic_cfx (minor_status, context_handle,
-				      context,
-				      message_buffer, token_buffer, qop_state,
-				      key);
-	break;
-    }
-    krb5_free_keyblock (context, key);
-    
-    return ret;
-}
-
-OM_uint32
-_gsskrb5_verify_mic
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            const gss_buffer_t message_buffer,
-            const gss_buffer_t token_buffer,
-            gss_qop_t * qop_state
-	    )
-{
-    krb5_context context;
-    OM_uint32 ret;
-
-    GSSAPI_KRB5_INIT (&context);
-
-    if (qop_state != NULL)
-	*qop_state = GSS_C_QOP_DEFAULT;
-
-    ret = _gsskrb5_verify_mic_internal(minor_status, 
-				       (gsskrb5_ctx)context_handle,
-				       context,
-				       message_buffer, token_buffer,
-				       qop_state, "\x01\x01");
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/krb5/wrap.c b/crypto/heimdal/lib/gssapi/krb5/wrap.c
deleted file mode 100644
index d41379870ae9..000000000000
--- a/crypto/heimdal/lib/gssapi/krb5/wrap.c
+++ /dev/null
@@ -1,551 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5/gsskrb5_locl.h"
-
-RCSID("$Id: wrap.c 19035 2006-11-14 09:49:56Z lha $");
-
-/*
- * Return initiator subkey, or if that doesn't exists, the subkey.
- */
-
-krb5_error_code
-_gsskrb5i_get_initiator_subkey(const gsskrb5_ctx ctx,
-			       krb5_context context,
-			       krb5_keyblock **key)
-{
-    krb5_error_code ret;
-    *key = NULL;
-
-    if (ctx->more_flags & LOCAL) {
-	ret = krb5_auth_con_getlocalsubkey(context,
-				     ctx->auth_context, 
-				     key);
-    } else {
-	ret = krb5_auth_con_getremotesubkey(context,
-				      ctx->auth_context, 
-				      key);
-    }
-    if (ret == 0 && *key == NULL)
-	ret = krb5_auth_con_getkey(context,
-				   ctx->auth_context, 
-				   key);
-    if (ret == 0 && *key == NULL) {
-	krb5_set_error_string(context, "No initiator subkey available");
-	return GSS_KRB5_S_KG_NO_SUBKEY;
-    }
-    return ret;
-}
-
-krb5_error_code
-_gsskrb5i_get_acceptor_subkey(const gsskrb5_ctx ctx,
-			      krb5_context context,
-			      krb5_keyblock **key)
-{
-    krb5_error_code ret;
-    *key = NULL;
-
-    if (ctx->more_flags & LOCAL) {
-	ret = krb5_auth_con_getremotesubkey(context,
-				      ctx->auth_context, 
-				      key);
-    } else {
-	ret = krb5_auth_con_getlocalsubkey(context,
-				     ctx->auth_context, 
-				     key);
-    }
-    if (ret == 0 && *key == NULL) {
-	krb5_set_error_string(context, "No acceptor subkey available");
-	return GSS_KRB5_S_KG_NO_SUBKEY;
-    }
-    return ret;
-}
-
-OM_uint32
-_gsskrb5i_get_token_key(const gsskrb5_ctx ctx,
-			krb5_context context,
-			krb5_keyblock **key)
-{
-    _gsskrb5i_get_acceptor_subkey(ctx, context, key);
-    if(*key == NULL) {
-	/*
-	 * Only use the initiator subkey or ticket session key if an
-	 * acceptor subkey was not required.
-	 */
-	if ((ctx->more_flags & ACCEPTOR_SUBKEY) == 0)
-	    _gsskrb5i_get_initiator_subkey(ctx, context, key);
-    }
-    if (*key == NULL) {
-	krb5_set_error_string(context, "No token key available");
-	return GSS_KRB5_S_KG_NO_SUBKEY;
-    }
-    return 0;
-}
-
-static OM_uint32
-sub_wrap_size (
-            OM_uint32 req_output_size,
-            OM_uint32 * max_input_size,
-	    int blocksize,
-	    int extrasize
-           )
-{
-    size_t len, total_len; 
-
-    len = 8 + req_output_size + blocksize + extrasize;
-
-    _gsskrb5_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM);
-
-    total_len -= req_output_size; /* token length */
-    if (total_len < req_output_size) {
-        *max_input_size = (req_output_size - total_len);
-        (*max_input_size) &= (~(OM_uint32)(blocksize - 1));
-    } else {
-        *max_input_size = 0;
-    }
-    return GSS_S_COMPLETE;
-}
-
-OM_uint32
-_gsskrb5_wrap_size_limit (
-            OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            int conf_req_flag,
-            gss_qop_t qop_req,
-            OM_uint32 req_output_size,
-            OM_uint32 * max_input_size
-           )
-{
-  krb5_context context;
-  krb5_keyblock *key;
-  OM_uint32 ret;
-  krb5_keytype keytype;
-  const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
-
-  GSSAPI_KRB5_INIT (&context);
-
-  HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-  ret = _gsskrb5i_get_token_key(ctx, context, &key);
-  HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-  if (ret) {
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-  krb5_enctype_to_keytype (context, key->keytype, &keytype);
-
-  switch (keytype) {
-  case KEYTYPE_DES :
-      ret = sub_wrap_size(req_output_size, max_input_size, 8, 22);
-      break;
-  case KEYTYPE_ARCFOUR:
-  case KEYTYPE_ARCFOUR_56:
-      ret = _gssapi_wrap_size_arcfour(minor_status, ctx, context,
-				      conf_req_flag, qop_req, 
-				      req_output_size, max_input_size, key);
-      break;
-  case KEYTYPE_DES3 :
-      ret = sub_wrap_size(req_output_size, max_input_size, 8, 34);
-      break;
-  default :
-      ret = _gssapi_wrap_size_cfx(minor_status, ctx, context,
-				  conf_req_flag, qop_req, 
-				  req_output_size, max_input_size, key);
-      break;
-  }
-  krb5_free_keyblock (context, key);
-  *minor_status = 0;
-  return ret;
-}
-
-static OM_uint32
-wrap_des
-           (OM_uint32 * minor_status,
-            const gsskrb5_ctx ctx,
-	    krb5_context context,
-            int conf_req_flag,
-            gss_qop_t qop_req,
-            const gss_buffer_t input_message_buffer,
-            int * conf_state,
-            gss_buffer_t output_message_buffer,
-	    krb5_keyblock *key
-           )
-{
-  u_char *p;
-  MD5_CTX md5;
-  u_char hash[16];
-  DES_key_schedule schedule;
-  DES_cblock deskey;
-  DES_cblock zero;
-  int i;
-  int32_t seq_number;
-  size_t len, total_len, padlength, datalen;
-
-  padlength = 8 - (input_message_buffer->length % 8);
-  datalen = input_message_buffer->length + padlength + 8;
-  len = datalen + 22;
-  _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM);
-
-  output_message_buffer->length = total_len;
-  output_message_buffer->value  = malloc (total_len);
-  if (output_message_buffer->value == NULL) {
-    output_message_buffer->length = 0;
-    *minor_status = ENOMEM;
-    return GSS_S_FAILURE;
-  }
-
-  p = _gsskrb5_make_header(output_message_buffer->value,
-			      len,
-			      "\x02\x01", /* TOK_ID */
-			      GSS_KRB5_MECHANISM);
-
-  /* SGN_ALG */
-  memcpy (p, "\x00\x00", 2);
-  p += 2;
-  /* SEAL_ALG */
-  if(conf_req_flag)
-      memcpy (p, "\x00\x00", 2);
-  else
-      memcpy (p, "\xff\xff", 2);
-  p += 2;
-  /* Filler */
-  memcpy (p, "\xff\xff", 2);
-  p += 2;
-
-  /* fill in later */
-  memset (p, 0, 16);
-  p += 16;
-
-  /* confounder + data + pad */
-  krb5_generate_random_block(p, 8);
-  memcpy (p + 8, input_message_buffer->value,
-	  input_message_buffer->length);
-  memset (p + 8 + input_message_buffer->length, padlength, padlength);
-
-  /* checksum */
-  MD5_Init (&md5);
-  MD5_Update (&md5, p - 24, 8);
-  MD5_Update (&md5, p, datalen);
-  MD5_Final (hash, &md5);
-
-  memset (&zero, 0, sizeof(zero));
-  memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
-  DES_set_key (&deskey, &schedule);
-  DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
-		 &schedule, &zero);
-  memcpy (p - 8, hash, 8);
-
-  /* sequence number */
-  HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-  krb5_auth_con_getlocalseqnumber (context,
-				   ctx->auth_context,
-				   &seq_number);
-
-  p -= 16;
-  p[0] = (seq_number >> 0)  & 0xFF;
-  p[1] = (seq_number >> 8)  & 0xFF;
-  p[2] = (seq_number >> 16) & 0xFF;
-  p[3] = (seq_number >> 24) & 0xFF;
-  memset (p + 4,
-	  (ctx->more_flags & LOCAL) ? 0 : 0xFF,
-	  4);
-
-  DES_set_key (&deskey, &schedule);
-  DES_cbc_encrypt ((void *)p, (void *)p, 8,
-		   &schedule, (DES_cblock *)(p + 8), DES_ENCRYPT);
-
-  krb5_auth_con_setlocalseqnumber (context,
-			       ctx->auth_context,
-			       ++seq_number);
-  HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-
-  /* encrypt the data */
-  p += 16;
-
-  if(conf_req_flag) {
-      memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
-
-      for (i = 0; i < sizeof(deskey); ++i)
-	  deskey[i] ^= 0xf0;
-      DES_set_key (&deskey, &schedule);
-      memset (&zero, 0, sizeof(zero));
-      DES_cbc_encrypt ((void *)p,
-		       (void *)p,
-		       datalen,
-		       &schedule,
-		       &zero,
-		       DES_ENCRYPT);
-  }
-  memset (deskey, 0, sizeof(deskey));
-  memset (&schedule, 0, sizeof(schedule));
-
-  if(conf_state != NULL)
-      *conf_state = conf_req_flag;
-  *minor_status = 0;
-  return GSS_S_COMPLETE;
-}
-
-static OM_uint32
-wrap_des3
-           (OM_uint32 * minor_status,
-            const gsskrb5_ctx ctx,
-	    krb5_context context,
-            int conf_req_flag,
-            gss_qop_t qop_req,
-            const gss_buffer_t input_message_buffer,
-            int * conf_state,
-            gss_buffer_t output_message_buffer,
-	    krb5_keyblock *key
-           )
-{
-  u_char *p;
-  u_char seq[8];
-  int32_t seq_number;
-  size_t len, total_len, padlength, datalen;
-  uint32_t ret;
-  krb5_crypto crypto;
-  Checksum cksum;
-  krb5_data encdata;
-
-  padlength = 8 - (input_message_buffer->length % 8);
-  datalen = input_message_buffer->length + padlength + 8;
-  len = datalen + 34;
-  _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM);
-
-  output_message_buffer->length = total_len;
-  output_message_buffer->value  = malloc (total_len);
-  if (output_message_buffer->value == NULL) {
-    output_message_buffer->length = 0;
-    *minor_status = ENOMEM;
-    return GSS_S_FAILURE;
-  }
-
-  p = _gsskrb5_make_header(output_message_buffer->value,
-			      len,
-			      "\x02\x01", /* TOK_ID */
-			      GSS_KRB5_MECHANISM); 
-
-  /* SGN_ALG */
-  memcpy (p, "\x04\x00", 2);	/* HMAC SHA1 DES3-KD */
-  p += 2;
-  /* SEAL_ALG */
-  if(conf_req_flag)
-      memcpy (p, "\x02\x00", 2); /* DES3-KD */
-  else
-      memcpy (p, "\xff\xff", 2);
-  p += 2;
-  /* Filler */
-  memcpy (p, "\xff\xff", 2);
-  p += 2;
-
-  /* calculate checksum (the above + confounder + data + pad) */
-
-  memcpy (p + 20, p - 8, 8);
-  krb5_generate_random_block(p + 28, 8);
-  memcpy (p + 28 + 8, input_message_buffer->value,
-	  input_message_buffer->length);
-  memset (p + 28 + 8 + input_message_buffer->length, padlength, padlength);
-
-  ret = krb5_crypto_init(context, key, 0, &crypto);
-  if (ret) {
-      free (output_message_buffer->value);
-      output_message_buffer->length = 0;
-      output_message_buffer->value = NULL;
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-
-  ret = krb5_create_checksum (context,
-			      crypto,
-			      KRB5_KU_USAGE_SIGN,
-			      0,
-			      p + 20,
-			      datalen + 8,
-			      &cksum);
-  krb5_crypto_destroy (context, crypto);
-  if (ret) {
-      free (output_message_buffer->value);
-      output_message_buffer->length = 0;
-      output_message_buffer->value = NULL;
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-
-  /* zero out SND_SEQ + SGN_CKSUM in case */
-  memset (p, 0, 28);
-
-  memcpy (p + 8, cksum.checksum.data, cksum.checksum.length);
-  free_Checksum (&cksum);
-
-  HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-  /* sequence number */
-  krb5_auth_con_getlocalseqnumber (context,
-			       ctx->auth_context,
-			       &seq_number);
-
-  seq[0] = (seq_number >> 0)  & 0xFF;
-  seq[1] = (seq_number >> 8)  & 0xFF;
-  seq[2] = (seq_number >> 16) & 0xFF;
-  seq[3] = (seq_number >> 24) & 0xFF;
-  memset (seq + 4,
-	  (ctx->more_flags & LOCAL) ? 0 : 0xFF,
-	  4);
-
-
-  ret = krb5_crypto_init(context, key, ETYPE_DES3_CBC_NONE,
-			 &crypto);
-  if (ret) {
-      free (output_message_buffer->value);
-      output_message_buffer->length = 0;
-      output_message_buffer->value = NULL;
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-
-  {
-      DES_cblock ivec;
-
-      memcpy (&ivec, p + 8, 8);
-      ret = krb5_encrypt_ivec (context,
-			       crypto,
-			       KRB5_KU_USAGE_SEQ,
-			       seq, 8, &encdata,
-			       &ivec);
-  }
-  krb5_crypto_destroy (context, crypto);
-  if (ret) {
-      free (output_message_buffer->value);
-      output_message_buffer->length = 0;
-      output_message_buffer->value = NULL;
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-  
-  assert (encdata.length == 8);
-
-  memcpy (p, encdata.data, encdata.length);
-  krb5_data_free (&encdata);
-
-  krb5_auth_con_setlocalseqnumber (context,
-			       ctx->auth_context,
-			       ++seq_number);
-  HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-
-  /* encrypt the data */
-  p += 28;
-
-  if(conf_req_flag) {
-      krb5_data tmp;
-
-      ret = krb5_crypto_init(context, key,
-			     ETYPE_DES3_CBC_NONE, &crypto);
-      if (ret) {
-	  free (output_message_buffer->value);
-	  output_message_buffer->length = 0;
-	  output_message_buffer->value = NULL;
-	  *minor_status = ret;
-	  return GSS_S_FAILURE;
-      }
-      ret = krb5_encrypt(context, crypto, KRB5_KU_USAGE_SEAL,
-			 p, datalen, &tmp);
-      krb5_crypto_destroy(context, crypto);
-      if (ret) {
-	  free (output_message_buffer->value);
-	  output_message_buffer->length = 0;
-	  output_message_buffer->value = NULL;
-	  *minor_status = ret;
-	  return GSS_S_FAILURE;
-      }
-      assert (tmp.length == datalen);
-
-      memcpy (p, tmp.data, datalen);
-      krb5_data_free(&tmp);
-  }
-  if(conf_state != NULL)
-      *conf_state = conf_req_flag;
-  *minor_status = 0;
-  return GSS_S_COMPLETE;
-}
-
-OM_uint32 _gsskrb5_wrap
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            int conf_req_flag,
-            gss_qop_t qop_req,
-            const gss_buffer_t input_message_buffer,
-            int * conf_state,
-            gss_buffer_t output_message_buffer
-           )
-{
-  krb5_context context;
-  krb5_keyblock *key;
-  OM_uint32 ret;
-  krb5_keytype keytype;
-  const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
-
-  GSSAPI_KRB5_INIT (&context);
-
-  HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-  ret = _gsskrb5i_get_token_key(ctx, context, &key);
-  HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-  if (ret) {
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-  krb5_enctype_to_keytype (context, key->keytype, &keytype);
-
-  switch (keytype) {
-  case KEYTYPE_DES :
-      ret = wrap_des (minor_status, ctx, context, conf_req_flag,
-		      qop_req, input_message_buffer, conf_state,
-		      output_message_buffer, key);
-      break;
-  case KEYTYPE_DES3 :
-      ret = wrap_des3 (minor_status, ctx, context, conf_req_flag,
-		       qop_req, input_message_buffer, conf_state,
-		       output_message_buffer, key);
-      break;
-  case KEYTYPE_ARCFOUR:
-  case KEYTYPE_ARCFOUR_56:
-      ret = _gssapi_wrap_arcfour (minor_status, ctx, context, conf_req_flag,
-				  qop_req, input_message_buffer, conf_state,
-				  output_message_buffer, key);
-      break;
-  default :
-      ret = _gssapi_wrap_cfx (minor_status, ctx, context, conf_req_flag,
-			      qop_req, input_message_buffer, conf_state,
-			      output_message_buffer, key);
-      break;
-  }
-  krb5_free_keyblock (context, key);
-  return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/accept_sec_context.c b/crypto/heimdal/lib/gssapi/ntlm/accept_sec_context.c
deleted file mode 100644
index 79fc53826dec..000000000000
--- a/crypto/heimdal/lib/gssapi/ntlm/accept_sec_context.c
+++ /dev/null
@@ -1,257 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: accept_sec_context.c 22521 2008-01-24 11:53:18Z lha $");
-
-/*
- *
- */
-
-OM_uint32
-_gss_ntlm_allocate_ctx(OM_uint32 *minor_status, ntlm_ctx *ctx)
-{
-    OM_uint32 maj_stat;
-
-    *ctx = calloc(1, sizeof(**ctx));
-
-    (*ctx)->server = &ntlmsspi_kdc_digest;
-
-    maj_stat = (*(*ctx)->server->nsi_init)(minor_status, &(*ctx)->ictx);
-    if (maj_stat != GSS_S_COMPLETE)
-	return maj_stat;
-
-    return GSS_S_COMPLETE;
-}
-
-/*
- *
- */
-
-OM_uint32
-_gss_ntlm_accept_sec_context
-(OM_uint32 * minor_status,
- gss_ctx_id_t * context_handle,
- const gss_cred_id_t acceptor_cred_handle,
- const gss_buffer_t input_token_buffer,
- const gss_channel_bindings_t input_chan_bindings,
- gss_name_t * src_name,
- gss_OID * mech_type,
- gss_buffer_t output_token,
- OM_uint32 * ret_flags,
- OM_uint32 * time_rec,
- gss_cred_id_t * delegated_cred_handle
-    )
-{
-    krb5_error_code ret;
-    struct ntlm_buf data;
-    ntlm_ctx ctx;
-
-    output_token->value = NULL;
-    output_token->length = 0;
-
-    *minor_status = 0;
-
-    if (context_handle == NULL)
-	return GSS_S_FAILURE;
-	
-    if (input_token_buffer == GSS_C_NO_BUFFER)
-	return GSS_S_FAILURE;
-
-    if (src_name)
-	*src_name = GSS_C_NO_NAME;
-    if (mech_type)
-	*mech_type = GSS_C_NO_OID;
-    if (ret_flags)
-	*ret_flags = 0;
-    if (time_rec)
-	*time_rec = 0;
-    if (delegated_cred_handle)
-	*delegated_cred_handle = GSS_C_NO_CREDENTIAL;
-
-    if (*context_handle == GSS_C_NO_CONTEXT) {
-	struct ntlm_type1 type1;
-	OM_uint32 major_status;
-	OM_uint32 retflags;
-	struct ntlm_buf out;
-
-	major_status = _gss_ntlm_allocate_ctx(minor_status, &ctx);
-	if (major_status)
-	    return major_status;
-	*context_handle = (gss_ctx_id_t)ctx;
-	
-	/* check if the mechs is allowed by remote service */
-	major_status = (*ctx->server->nsi_probe)(minor_status, ctx->ictx, NULL);
-	if (major_status) {
-	    _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
-	    return major_status;
-	}
-
-	data.data = input_token_buffer->value;
-	data.length = input_token_buffer->length;
-	
-	ret = heim_ntlm_decode_type1(&data, &type1);
-	if (ret) {
-	    _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
-	    *minor_status = ret;
-	    return GSS_S_FAILURE;
-	}
-
-	if ((type1.flags & NTLM_NEG_UNICODE) == 0) {
-	    heim_ntlm_free_type1(&type1);
-	    _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
-	    *minor_status = EINVAL;
-	    return GSS_S_FAILURE;
-	}
-
-	if (type1.flags & NTLM_NEG_SIGN)
-	    ctx->gssflags |= GSS_C_CONF_FLAG;
-	if (type1.flags & NTLM_NEG_SIGN)
-	    ctx->gssflags |= GSS_C_INTEG_FLAG;
-
-	major_status = (*ctx->server->nsi_type2)(minor_status,
-						 ctx->ictx,
-						 type1.flags,
-						 type1.hostname,
-						 type1.domain,
-						 &retflags,
-						 &out);
-	heim_ntlm_free_type1(&type1);
-	if (major_status != GSS_S_COMPLETE) {
-	    OM_uint32 junk;
-	    _gss_ntlm_delete_sec_context(&junk, context_handle, NULL);
-	    return major_status;
-	}
-
-	output_token->value = malloc(out.length);
-	if (output_token->value == NULL) {
-	    OM_uint32 junk;
-	    _gss_ntlm_delete_sec_context(&junk, context_handle, NULL);
-	    *minor_status = ENOMEM;
-	    return GSS_S_FAILURE;
-	}
-	memcpy(output_token->value, out.data, out.length);
-	output_token->length = out.length;
-
-	ctx->flags = retflags;
-
-	return GSS_S_CONTINUE_NEEDED;
-    } else {
-	OM_uint32 maj_stat;
-	struct ntlm_type3 type3;
-	struct ntlm_buf session;
-
-	ctx = (ntlm_ctx)*context_handle;
-
-	data.data = input_token_buffer->value;
-	data.length = input_token_buffer->length;
-
-	ret = heim_ntlm_decode_type3(&data, 1, &type3);
-	if (ret) {
-	    _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
-	    *minor_status = ret;
-	    return GSS_S_FAILURE;
-	}
-
-	maj_stat = (*ctx->server->nsi_type3)(minor_status,
-					     ctx->ictx,
-					     &type3,
-					     &session);
-	if (maj_stat) {
-	    heim_ntlm_free_type3(&type3);
-	    _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
-	    return maj_stat;
-	}
-
-	if (src_name) {
-	    ntlm_name n = calloc(1, sizeof(*n));
-	    if (n) {
-		n->user = strdup(type3.username);
-		n->domain = strdup(type3.targetname);
-	    }
-	    if (n == NULL || n->user == NULL || n->domain == NULL) {
-		heim_ntlm_free_type3(&type3);
-		_gss_ntlm_delete_sec_context(minor_status, 
-					     context_handle, NULL);
-		return maj_stat;
-	    }
-	    *src_name = (gss_name_t)n;
-	}	    
-
-	heim_ntlm_free_type3(&type3);
-
-	ret = krb5_data_copy(&ctx->sessionkey, 
-			     session.data, session.length);
-	if (ret) {	
-	    _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
-	    *minor_status = ret;
-	    return GSS_S_FAILURE;
-	}
-	
-	if (session.length != 0) {
-
-	    ctx->status |= STATUS_SESSIONKEY; 
-
-	    if (ctx->flags & NTLM_NEG_NTLM2_SESSION) {
-		_gss_ntlm_set_key(&ctx->u.v2.send, 1,
-				  (ctx->flags & NTLM_NEG_KEYEX),
-				  ctx->sessionkey.data,
-				  ctx->sessionkey.length);
-		_gss_ntlm_set_key(&ctx->u.v2.recv, 0,
-				  (ctx->flags & NTLM_NEG_KEYEX),
-				  ctx->sessionkey.data,
-				  ctx->sessionkey.length);
-	    } else {
-		RC4_set_key(&ctx->u.v1.crypto_send.key, 
-			    ctx->sessionkey.length,
-			    ctx->sessionkey.data);
-		RC4_set_key(&ctx->u.v1.crypto_recv.key, 
-			    ctx->sessionkey.length,
-			    ctx->sessionkey.data);
-	    }
-	}
-
-	if (mech_type)
-	    *mech_type = GSS_NTLM_MECHANISM;
-	if (time_rec)
-	    *time_rec = GSS_C_INDEFINITE;
-
-	ctx->status |= STATUS_OPEN;
-
-	if (ret_flags)
-	    *ret_flags = ctx->gssflags;
-
-	return GSS_S_COMPLETE;
-    }
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/acquire_cred.c b/crypto/heimdal/lib/gssapi/ntlm/acquire_cred.c
deleted file mode 100644
index 8e17d4fb182b..000000000000
--- a/crypto/heimdal/lib/gssapi/ntlm/acquire_cred.c
+++ /dev/null
@@ -1,94 +0,0 @@
-/*
- * Copyright (c) 1997 - 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: acquire_cred.c 22380 2007-12-29 18:42:56Z lha $");
-
-OM_uint32 _gss_ntlm_acquire_cred
-           (OM_uint32 * min_stat,
-            const gss_name_t desired_name,
-            OM_uint32 time_req,
-            const gss_OID_set desired_mechs,
-            gss_cred_usage_t cred_usage,
-            gss_cred_id_t * output_cred_handle,
-            gss_OID_set * actual_mechs,
-            OM_uint32 * time_rec
-           )
-{
-    ntlm_name name = (ntlm_name) desired_name;
-    OM_uint32 maj_stat;
-    ntlm_ctx ctx;
-
-    *min_stat = 0;
-    if (output_cred_handle)
-	*output_cred_handle = GSS_C_NO_CREDENTIAL;
-    if (actual_mechs)
-	*actual_mechs = GSS_C_NO_OID_SET;
-    if (time_rec)
-	*time_rec = GSS_C_INDEFINITE;
-
-    if (desired_name == NULL)
-	return GSS_S_NO_CRED;
-
-    if (cred_usage == GSS_C_BOTH || cred_usage == GSS_C_ACCEPT) {
-
-	maj_stat = _gss_ntlm_allocate_ctx(min_stat, &ctx);
-	if (maj_stat != GSS_S_COMPLETE)
-	    return maj_stat;
-	
-	maj_stat = (*ctx->server->nsi_probe)(min_stat, ctx->ictx, 
-					     name->domain);
-
-	if (maj_stat)
-	    return maj_stat;
-
-	{
-	    gss_ctx_id_t context = (gss_ctx_id_t)ctx;
-	    _gss_ntlm_delete_sec_context(min_stat, &context, NULL);
-	    *min_stat = 0;
-	}
-    }	
-    if (cred_usage == GSS_C_BOTH || cred_usage == GSS_C_INITIATE) {
-	ntlm_cred cred;
-
-	*min_stat = _gss_ntlm_get_user_cred(name, &cred);
-	if (*min_stat)
-	    return GSS_S_FAILURE;
-	cred->usage = cred_usage;
-
-	*output_cred_handle = (gss_cred_id_t)cred;
-    }
-
-    return (GSS_S_COMPLETE);
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/add_cred.c b/crypto/heimdal/lib/gssapi/ntlm/add_cred.c
deleted file mode 100644
index 11a25811116a..000000000000
--- a/crypto/heimdal/lib/gssapi/ntlm/add_cred.c
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: add_cred.c 19334 2006-12-14 12:17:34Z lha $");
-
-OM_uint32 _gss_ntlm_add_cred (
-     OM_uint32           *minor_status,
-     const gss_cred_id_t input_cred_handle,
-     const gss_name_t    desired_name,
-     const gss_OID       desired_mech,
-     gss_cred_usage_t    cred_usage,
-     OM_uint32           initiator_time_req,
-     OM_uint32           acceptor_time_req,
-     gss_cred_id_t       *output_cred_handle,
-     gss_OID_set         *actual_mechs,
-     OM_uint32           *initiator_time_rec,
-     OM_uint32           *acceptor_time_rec)
-{
-    if (minor_status)
-	*minor_status = 0;
-    if (output_cred_handle)
-	*output_cred_handle = GSS_C_NO_CREDENTIAL;
-    if (actual_mechs)
-	*actual_mechs = GSS_C_NO_OID_SET;
-    if (initiator_time_rec)
-	*initiator_time_rec = 0;
-    if (acceptor_time_rec)
-	*acceptor_time_rec = 0;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/canonicalize_name.c b/crypto/heimdal/lib/gssapi/ntlm/canonicalize_name.c
deleted file mode 100644
index 8eaa8702fb8e..000000000000
--- a/crypto/heimdal/lib/gssapi/ntlm/canonicalize_name.c
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: canonicalize_name.c 19334 2006-12-14 12:17:34Z lha $");
-
-OM_uint32 _gss_ntlm_canonicalize_name (
-            OM_uint32 * minor_status,
-            const gss_name_t input_name,
-            const gss_OID mech_type,
-            gss_name_t * output_name
-           )
-{
-    return gss_duplicate_name (minor_status, input_name, output_name);
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/compare_name.c b/crypto/heimdal/lib/gssapi/ntlm/compare_name.c
deleted file mode 100644
index d2c2d8b21327..000000000000
--- a/crypto/heimdal/lib/gssapi/ntlm/compare_name.c
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright (c) 1997-2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: compare_name.c 19334 2006-12-14 12:17:34Z lha $");
-
-OM_uint32 _gss_ntlm_compare_name
-           (OM_uint32 * minor_status,
-            const gss_name_t name1,
-            const gss_name_t name2,
-            int * name_equal
-           )
-{
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/context_time.c b/crypto/heimdal/lib/gssapi/ntlm/context_time.c
deleted file mode 100644
index a6895cbe8727..000000000000
--- a/crypto/heimdal/lib/gssapi/ntlm/context_time.c
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: context_time.c 19334 2006-12-14 12:17:34Z lha $");
-
-OM_uint32 _gss_ntlm_context_time
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            OM_uint32 * time_rec
-           )
-{
-    if (time_rec)
-	*time_rec = GSS_C_INDEFINITE;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/crypto.c b/crypto/heimdal/lib/gssapi/ntlm/crypto.c
deleted file mode 100644
index b05246ca52f4..000000000000
--- a/crypto/heimdal/lib/gssapi/ntlm/crypto.c
+++ /dev/null
@@ -1,595 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: crypto.c 19535 2006-12-28 14:49:01Z lha $");
-
-uint32_t
-_krb5_crc_update (const char *p, size_t len, uint32_t res);
-void
-_krb5_crc_init_table(void);
-
-/*
- *
- */
-
-static void
-encode_le_uint32(uint32_t n, unsigned char *p)
-{
-  p[0] = (n >> 0)  & 0xFF;
-  p[1] = (n >> 8)  & 0xFF;
-  p[2] = (n >> 16) & 0xFF;
-  p[3] = (n >> 24) & 0xFF;
-}
-
-
-static void
-decode_le_uint32(const void *ptr, uint32_t *n)
-{
-    const unsigned char *p = ptr;
-    *n = (p[0] << 0) | (p[1] << 8) | (p[2] << 16) | (p[3] << 24);
-}
-
-/*
- *
- */
-
-const char a2i_signmagic[] =
-    "session key to server-to-client signing key magic constant";
-const char a2i_sealmagic[] =
-    "session key to server-to-client sealing key magic constant";
-const char i2a_signmagic[] =
-    "session key to client-to-server signing key magic constant";
-const char i2a_sealmagic[] =
-    "session key to client-to-server sealing key magic constant";
-
-
-void
-_gss_ntlm_set_key(struct ntlmv2_key *key, int acceptor, int sealsign,
-		  unsigned char *data, size_t len)
-{
-    unsigned char out[16];
-    MD5_CTX ctx;
-    const char *signmagic;
-    const char *sealmagic;
-
-    if (acceptor) {
-	signmagic = a2i_signmagic;
-	sealmagic = a2i_sealmagic;
-    } else {
-	signmagic = i2a_signmagic;
-	sealmagic = i2a_sealmagic;
-    }
-
-    key->seq = 0;
-
-    MD5_Init(&ctx);
-    MD5_Update(&ctx, data, len);
-    MD5_Update(&ctx, signmagic, strlen(signmagic) + 1);
-    MD5_Final(key->signkey, &ctx);
-
-    MD5_Init(&ctx);
-    MD5_Update(&ctx, data, len);
-    MD5_Update(&ctx, sealmagic, strlen(sealmagic) + 1);
-    MD5_Final(out, &ctx);
-
-    RC4_set_key(&key->sealkey, 16, out);
-    if (sealsign)
-	key->signsealkey = &key->sealkey;
-}
-
-/*
- *
- */
-
-static OM_uint32
-v1_sign_message(gss_buffer_t in,
-		RC4_KEY *signkey,
-		uint32_t seq,
-		unsigned char out[16])
-{
-    unsigned char sigature[12];
-    uint32_t crc;
-    
-    _krb5_crc_init_table();
-    crc = _krb5_crc_update(in->value, in->length, 0);
-    
-    encode_le_uint32(0, &sigature[0]);
-    encode_le_uint32(crc, &sigature[4]);
-    encode_le_uint32(seq, &sigature[8]);
-    
-    encode_le_uint32(1, out); /* version */
-    RC4(signkey, sizeof(sigature), sigature, out + 4);
-    
-    if (RAND_bytes(out + 4, 4) != 1)
-	return GSS_S_UNAVAILABLE;
-    
-    return 0;
-}
-
-
-static OM_uint32
-v2_sign_message(gss_buffer_t in,
-		unsigned char signkey[16],
-		RC4_KEY *sealkey,
-		uint32_t seq,
-		unsigned char out[16])
-{
-    unsigned char hmac[16];
-    unsigned int hmaclen;
-    HMAC_CTX c;
-
-    HMAC_CTX_init(&c);
-    HMAC_Init_ex(&c, signkey, 16, EVP_md5(), NULL);
-    
-    encode_le_uint32(seq, hmac);
-    HMAC_Update(&c, hmac, 4);
-    HMAC_Update(&c, in->value, in->length);
-    HMAC_Final(&c, hmac, &hmaclen);
-    HMAC_CTX_cleanup(&c);
-
-    encode_le_uint32(1, &out[0]);
-    if (sealkey)
-	RC4(sealkey, 8, hmac, &out[4]);
-    else
-	memcpy(&out[4], hmac, 8);
-
-    memset(&out[12], 0, 4);
-
-    return GSS_S_COMPLETE;
-}
-
-static OM_uint32
-v2_verify_message(gss_buffer_t in,
-		  unsigned char signkey[16],
-		  RC4_KEY *sealkey,
-		  uint32_t seq,
-		  const unsigned char checksum[16])
-{
-    OM_uint32 ret;
-    unsigned char out[16];
-
-    ret = v2_sign_message(in, signkey, sealkey, seq, out);
-    if (ret)
-	return ret;
-
-    if (memcmp(checksum, out, 16) != 0)
-	return GSS_S_BAD_MIC;
-
-    return GSS_S_COMPLETE;
-}    
-
-static OM_uint32
-v2_seal_message(const gss_buffer_t in,
-		unsigned char signkey[16],
-		uint32_t seq,
-		RC4_KEY *sealkey,
-		gss_buffer_t out)
-{
-    unsigned char *p;
-    OM_uint32 ret;
-
-    if (in->length + 16 < in->length)
-	return EINVAL;
-
-    p = malloc(in->length + 16);
-    if (p == NULL)
-	return ENOMEM;
-
-    RC4(sealkey, in->length, in->value, p);
-
-    ret = v2_sign_message(in, signkey, sealkey, seq, &p[in->length]);
-    if (ret) {
-	free(p);
-	return ret;
-    }
-
-    out->value = p;
-    out->length = in->length + 16;
-
-    return 0;
-}
-
-static OM_uint32
-v2_unseal_message(gss_buffer_t in,
-		  unsigned char signkey[16],
-		  uint32_t seq,
-		  RC4_KEY *sealkey,
-		  gss_buffer_t out)
-{
-    OM_uint32 ret;
-
-    if (in->length < 16)
-	return GSS_S_BAD_MIC;
-
-    out->length = in->length - 16;
-    out->value = malloc(out->length);
-    if (out->value == NULL)
-	return GSS_S_BAD_MIC;
-
-    RC4(sealkey, out->length, in->value, out->value);
-
-    ret = v2_verify_message(out, signkey, sealkey, seq,
-			    ((const unsigned char *)in->value) + out->length);
-    if (ret) {
-	OM_uint32 junk;
-	gss_release_buffer(&junk, out);
-    }
-    return ret;
-}
-
-/*
- *
- */
-
-#define CTX_FLAGS_ISSET(_ctx,_flags) \
-    (((_ctx)->flags & (_flags)) == (_flags))
-
-/*
- *
- */
- 
-OM_uint32 _gss_ntlm_get_mic
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            gss_qop_t qop_req,
-            const gss_buffer_t message_buffer,
-            gss_buffer_t message_token
-           )
-{
-    ntlm_ctx ctx = (ntlm_ctx)context_handle;
-    OM_uint32 junk;
-
-    if (minor_status)
-	*minor_status = 0;
-    if (message_token) {
-	message_token->length = 0;
-	message_token->value = NULL;
-    }
-
-    message_token->value = malloc(16);
-    message_token->length = 16;
-    if (message_token->value == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-
-    if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_SIGN|NTLM_NEG_NTLM2_SESSION)) {
-	OM_uint32 ret;
-
-	if ((ctx->status & STATUS_SESSIONKEY) == 0) {
-	    gss_release_buffer(&junk, message_token);
-	    return GSS_S_UNAVAILABLE;
-	}
-
-	ret = v2_sign_message(message_buffer,
-			      ctx->u.v2.send.signkey,
-			      ctx->u.v2.send.signsealkey,
-			      ctx->u.v2.send.seq++,
-			      message_token->value);
-	if (ret)
-	    gss_release_buffer(&junk, message_token);
-        return ret;
-
-    } else if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_SIGN)) {
-	OM_uint32 ret;
-
-	if ((ctx->status & STATUS_SESSIONKEY) == 0) {
-	    gss_release_buffer(&junk, message_token);
-	    return GSS_S_UNAVAILABLE;
-	}
-
-	ret = v1_sign_message(message_buffer,
-			      &ctx->u.v1.crypto_send.key,
-			      ctx->u.v1.crypto_send.seq++,
-			      message_token->value);
-	if (ret)
-	    gss_release_buffer(&junk, message_token);
-        return ret;
-
-    } else if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_ALWAYS_SIGN)) {
-	unsigned char *sigature;
-
-	sigature = message_token->value;
-
-	encode_le_uint32(1, &sigature[0]); /* version */
-	encode_le_uint32(0, &sigature[4]);
-	encode_le_uint32(0, &sigature[8]);
-	encode_le_uint32(0, &sigature[12]);
-
-        return GSS_S_COMPLETE;
-    }
-    gss_release_buffer(&junk, message_token);
-
-    return GSS_S_UNAVAILABLE;
-}
-
-/*
- *
- */
-
-OM_uint32
-_gss_ntlm_verify_mic
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            const gss_buffer_t message_buffer,
-            const gss_buffer_t token_buffer,
-            gss_qop_t * qop_state
-	    )
-{
-    ntlm_ctx ctx = (ntlm_ctx)context_handle;
-
-    if (qop_state != NULL)
-	*qop_state = GSS_C_QOP_DEFAULT;
-    *minor_status = 0;
-
-    if (token_buffer->length != 16)
-	return GSS_S_BAD_MIC;
-
-    if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_SIGN|NTLM_NEG_NTLM2_SESSION)) {
-	OM_uint32 ret;
-
-	if ((ctx->status & STATUS_SESSIONKEY) == 0)
-	    return GSS_S_UNAVAILABLE;
-
-	ret = v2_verify_message(message_buffer,
-				ctx->u.v2.recv.signkey,
-				ctx->u.v2.recv.signsealkey,
-				ctx->u.v2.recv.seq++,
-				token_buffer->value);
-	if (ret)
-	    return ret;
-
-	return GSS_S_COMPLETE;
-    } else if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_SIGN)) {
-
-	unsigned char sigature[12];
-	uint32_t crc, num;
-
-	if ((ctx->status & STATUS_SESSIONKEY) == 0)
-	    return GSS_S_UNAVAILABLE;
-
-	decode_le_uint32(token_buffer->value, &num);
-	if (num != 1)
-	    return GSS_S_BAD_MIC;
-
-	RC4(&ctx->u.v1.crypto_recv.key, sizeof(sigature),
-	    ((unsigned char *)token_buffer->value) + 4, sigature);
-
-	_krb5_crc_init_table();
-	crc = _krb5_crc_update(message_buffer->value, 
-			       message_buffer->length, 0);
-	/* skip first 4 bytes in the encrypted checksum */
-	decode_le_uint32(&sigature[4], &num);
-	if (num != crc)
-	    return GSS_S_BAD_MIC;
-	decode_le_uint32(&sigature[8], &num);
-	if (ctx->u.v1.crypto_recv.seq != num)
-	    return GSS_S_BAD_MIC;
-	ctx->u.v1.crypto_recv.seq++;
-
-        return GSS_S_COMPLETE;
-    } else if (ctx->flags & NTLM_NEG_ALWAYS_SIGN) {
-	uint32_t num;
-	unsigned char *p;
-
-	p = (unsigned char*)(token_buffer->value);
-
-	decode_le_uint32(&p[0], &num); /* version */
-	if (num != 1) return GSS_S_BAD_MIC;
-	decode_le_uint32(&p[4], &num);
-	if (num != 0) return GSS_S_BAD_MIC;
-	decode_le_uint32(&p[8], &num);
-	if (num != 0) return GSS_S_BAD_MIC;
-	decode_le_uint32(&p[12], &num);
-	if (num != 0) return GSS_S_BAD_MIC;
-
-        return GSS_S_COMPLETE;
-    }
-
-    return GSS_S_UNAVAILABLE;
-}
-
-/*
- *
- */
-
-OM_uint32
-_gss_ntlm_wrap_size_limit (
-            OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            int conf_req_flag,
-            gss_qop_t qop_req,
-            OM_uint32 req_output_size,
-            OM_uint32 * max_input_size
-           )
-{
-    ntlm_ctx ctx = (ntlm_ctx)context_handle;
-
-    *minor_status = 0;
-
-    if(ctx->flags & NTLM_NEG_SEAL) {
-
-	if (req_output_size < 16)
-	    *max_input_size = 0;
-	else
-	    *max_input_size = req_output_size - 16;
-
-	return GSS_S_COMPLETE;
-    }
-
-    return GSS_S_UNAVAILABLE;
-}
-
-/*
- *
- */
-
-OM_uint32 _gss_ntlm_wrap
-(OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
- int conf_req_flag,
- gss_qop_t qop_req,
- const gss_buffer_t input_message_buffer,
- int * conf_state,
- gss_buffer_t output_message_buffer
-    )
-{
-    ntlm_ctx ctx = (ntlm_ctx)context_handle;
-    OM_uint32 ret;
-
-    if (minor_status)
-	*minor_status = 0;
-    if (conf_state)
-	*conf_state = 0;
-    if (output_message_buffer == GSS_C_NO_BUFFER)
-	return GSS_S_FAILURE;
-
-    
-    if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_SEAL|NTLM_NEG_NTLM2_SESSION)) {
-
-	return v2_seal_message(input_message_buffer,
-			       ctx->u.v2.send.signkey,
-			       ctx->u.v2.send.seq++,
-			       &ctx->u.v2.send.sealkey,
-			       output_message_buffer);
-
-    } else if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_SEAL)) {
-	gss_buffer_desc trailer;
-	OM_uint32 junk;
-
-	output_message_buffer->length = input_message_buffer->length + 16;
-	output_message_buffer->value = malloc(output_message_buffer->length);
-	if (output_message_buffer->value == NULL) {
-	    output_message_buffer->length = 0;
-	    return GSS_S_FAILURE;
-	}
-
-
-	RC4(&ctx->u.v1.crypto_send.key, input_message_buffer->length,
-	    input_message_buffer->value, output_message_buffer->value);
-	
-	ret = _gss_ntlm_get_mic(minor_status, context_handle,
-				0, input_message_buffer,
-				&trailer);
-	if (ret) {
-	    gss_release_buffer(&junk, output_message_buffer);
-	    return ret;
-	}
-	if (trailer.length != 16) {
-	    gss_release_buffer(&junk, output_message_buffer);
-	    gss_release_buffer(&junk, &trailer);
-	    return GSS_S_FAILURE;
-	}
-	memcpy(((unsigned char *)output_message_buffer->value) + 
-	       input_message_buffer->length,
-	       trailer.value, trailer.length);
-	gss_release_buffer(&junk, &trailer);
-
-	return GSS_S_COMPLETE;
-    }
-
-    return GSS_S_UNAVAILABLE;
-}
-
-/*
- *
- */
-
-OM_uint32 _gss_ntlm_unwrap
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            const gss_buffer_t input_message_buffer,
-            gss_buffer_t output_message_buffer,
-            int * conf_state,
-            gss_qop_t * qop_state
-           )
-{
-    ntlm_ctx ctx = (ntlm_ctx)context_handle;
-    OM_uint32 ret;
-
-    if (minor_status)
-	*minor_status = 0;
-    if (output_message_buffer) {
-	output_message_buffer->value = NULL;
-	output_message_buffer->length = 0;
-    }
-    if (conf_state)
-	*conf_state = 0;
-    if (qop_state)
-	*qop_state = 0;
-
-    if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_SEAL|NTLM_NEG_NTLM2_SESSION)) {
-
-	return v2_unseal_message(input_message_buffer,
-				 ctx->u.v2.recv.signkey,
-				 ctx->u.v2.recv.seq++,
-				 &ctx->u.v2.recv.sealkey,
-				 output_message_buffer);
-
-    } else if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_SEAL)) {
-
-	gss_buffer_desc trailer;
-	OM_uint32 junk;
-
-	if (input_message_buffer->length < 16)
-	    return GSS_S_BAD_MIC;
-
-	output_message_buffer->length = input_message_buffer->length - 16;
-	output_message_buffer->value = malloc(output_message_buffer->length);
-	if (output_message_buffer->value == NULL) {
-	    output_message_buffer->length = 0;
-	    return GSS_S_FAILURE;
-	}
-	
-	RC4(&ctx->u.v1.crypto_recv.key, output_message_buffer->length,
-	    input_message_buffer->value, output_message_buffer->value);
-	
-	trailer.value = ((unsigned char *)input_message_buffer->value) +
-	    output_message_buffer->length;
-	trailer.length = 16;
-
-	ret = _gss_ntlm_verify_mic(minor_status, context_handle,
-				   output_message_buffer,
-				   &trailer, NULL);
-	if (ret) {
-	    gss_release_buffer(&junk, output_message_buffer);
-	    return ret;
-	}
-
-	return GSS_S_COMPLETE;
-    }
-
-    return GSS_S_UNAVAILABLE;
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/delete_sec_context.c b/crypto/heimdal/lib/gssapi/ntlm/delete_sec_context.c
deleted file mode 100644
index c51f227051fe..000000000000
--- a/crypto/heimdal/lib/gssapi/ntlm/delete_sec_context.c
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: delete_sec_context.c 22163 2007-12-04 21:25:06Z lha $");
-
-OM_uint32 _gss_ntlm_delete_sec_context
-           (OM_uint32 * minor_status,
-            gss_ctx_id_t * context_handle,
-            gss_buffer_t output_token
-           )
-{
-    if (context_handle) {
-	ntlm_ctx ctx = (ntlm_ctx)*context_handle;
-	gss_cred_id_t cred = (gss_cred_id_t)ctx->client;
-
-	*context_handle = GSS_C_NO_CONTEXT;
-
-	if (ctx->server)
-	    (*ctx->server->nsi_destroy)(minor_status, ctx->ictx);
-
-	_gss_ntlm_release_cred(NULL, &cred);
-
-	memset(ctx, 0, sizeof(*ctx));
-	free(ctx);
-    }
-    if (output_token) {
-	output_token->length = 0;
-	output_token->value  = NULL;
-    }
-
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/digest.c b/crypto/heimdal/lib/gssapi/ntlm/digest.c
deleted file mode 100644
index fecf4a5b2799..000000000000
--- a/crypto/heimdal/lib/gssapi/ntlm/digest.c
+++ /dev/null
@@ -1,435 +0,0 @@
-/*
- * Copyright (c) 2006 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: digest.c 22169 2007-12-04 22:19:16Z lha $");
-
-/*
- *
- */
-
-struct ntlmkrb5 {
-    krb5_context context;
-    krb5_ntlm ntlm;
-    krb5_realm kerberos_realm;
-    krb5_ccache id;
-    krb5_data opaque;
-    int destroy;
-    OM_uint32 flags;
-    struct ntlm_buf key;
-    krb5_data sessionkey;
-};
-
-static OM_uint32 kdc_destroy(OM_uint32 *, void *);
-
-/*
- * Get credential cache that the ntlm code can use to talk to the KDC
- * using the digest API.
- */
-
-static krb5_error_code
-get_ccache(krb5_context context, int *destroy, krb5_ccache *id)
-{
-    krb5_principal principal = NULL;
-    krb5_error_code ret;
-    krb5_keytab kt = NULL;
-
-    *id = NULL;
-    
-    if (!issuid()) {
-	const char *cache;
-
-	cache = getenv("NTLM_ACCEPTOR_CCACHE");
-	if (cache) {
-	    ret = krb5_cc_resolve(context, cache, id);
-	    if (ret)
-		goto out;
-	    return 0;
-	}
-    }
-
-    ret = krb5_sname_to_principal(context, NULL, "host", 
-				  KRB5_NT_SRV_HST, &principal);
-    if (ret)
-	goto out;
-    
-    ret = krb5_cc_cache_match(context, principal, NULL, id);
-    if (ret == 0)
-	return 0;
-    
-    /* did not find in default credcache, lets try default keytab */
-    ret = krb5_kt_default(context, &kt);
-    if (ret)
-	goto out;
-
-    /* XXX check in keytab */
-    {
-	krb5_get_init_creds_opt *opt;
-	krb5_creds cred;
-
-	memset(&cred, 0, sizeof(cred));
-
-	ret = krb5_cc_new_unique(context, "MEMORY", NULL, id);
-	if (ret)
-	    goto out;
-	*destroy = 1;
-	ret = krb5_get_init_creds_opt_alloc(context, &opt);
-	if (ret)
-	    goto out;
-	ret = krb5_get_init_creds_keytab (context,
-					  &cred,
-					  principal,
-					  kt,
-					  0,
-					  NULL,
-					  opt);
-	krb5_get_init_creds_opt_free(context, opt);
-	if (ret)
-	    goto out;
-	ret = krb5_cc_initialize (context, *id, cred.client);
-	if (ret) {
-	    krb5_free_cred_contents (context, &cred);
-	    goto out;
-	}
-	ret = krb5_cc_store_cred (context, *id, &cred);
-	krb5_free_cred_contents (context, &cred);
-	if (ret)
-	    goto out;
-    }
-
-    krb5_kt_close(context, kt);
-    
-    return 0;
-
-out:
-    if (*destroy)
-	krb5_cc_destroy(context, *id);
-    else
-	krb5_cc_close(context, *id);
-
-    *id = NULL;
-
-    if (kt)
-	krb5_kt_close(context, kt);
-
-    if (principal)
-	krb5_free_principal(context, principal);
-    return ret;
-}
-
-/*
- *
- */
-
-static OM_uint32
-kdc_alloc(OM_uint32 *minor, void **ctx)
-{
-    krb5_error_code ret;
-    struct ntlmkrb5 *c;
-    OM_uint32 junk;
-
-    c = calloc(1, sizeof(*c));
-    if (c == NULL) {
-	*minor = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-
-    ret = krb5_init_context(&c->context);
-    if (ret) {
-	kdc_destroy(&junk, c);
-	*minor = ret;
-	return GSS_S_FAILURE;
-    }
-
-    ret = get_ccache(c->context, &c->destroy, &c->id);
-    if (ret) {
-	kdc_destroy(&junk, c);
-	*minor = ret;
-	return GSS_S_FAILURE;
-    }
-
-    ret = krb5_ntlm_alloc(c->context, &c->ntlm);
-    if (ret) {
-	kdc_destroy(&junk, c);
-	*minor = ret;
-	return GSS_S_FAILURE;
-    }
-
-    *ctx = c;
-
-    return GSS_S_COMPLETE;
-}
-
-static int
-kdc_probe(OM_uint32 *minor, void *ctx, const char *realm)
-{
-    struct ntlmkrb5 *c = ctx;
-    krb5_error_code ret;
-    unsigned flags;
-
-    ret = krb5_digest_probe(c->context, rk_UNCONST(realm), c->id, &flags);
-    if (ret)
-	return ret;
-    
-    if ((flags & (1|2|4)) == 0)
-	return EINVAL;
-
-    return 0;
-}
-
-/*
- *
- */
-
-static OM_uint32
-kdc_destroy(OM_uint32 *minor, void *ctx)
-{
-    struct ntlmkrb5 *c = ctx;
-    krb5_data_free(&c->opaque);
-    krb5_data_free(&c->sessionkey);
-    if (c->ntlm)
-	krb5_ntlm_free(c->context, c->ntlm);
-    if (c->id) {
-	if (c->destroy)
-	    krb5_cc_destroy(c->context, c->id);
-	else
-	    krb5_cc_close(c->context, c->id);
-    }
-    if (c->context)
-	krb5_free_context(c->context);
-    memset(c, 0, sizeof(*c));
-    free(c);
-
-    return GSS_S_COMPLETE;
-}
-
-/*
- *
- */
-
-static OM_uint32
-kdc_type2(OM_uint32 *minor_status,
-	  void *ctx,
-	  uint32_t flags,
-	  const char *hostname,
-	  const char *domain,
-	  uint32_t *ret_flags,
-	  struct ntlm_buf *out)
-{
-    struct ntlmkrb5 *c = ctx;
-    krb5_error_code ret;
-    struct ntlm_type2 type2;
-    krb5_data challange;
-    struct ntlm_buf data;
-    krb5_data ti;
-    
-    memset(&type2, 0, sizeof(type2));
-    
-    /*
-     * Request data for type 2 packet from the KDC.
-     */
-    ret = krb5_ntlm_init_request(c->context, 
-				 c->ntlm,
-				 NULL,
-				 c->id,
-				 flags,
-				 hostname,
-				 domain);
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    /*
-     *
-     */
-
-    ret = krb5_ntlm_init_get_opaque(c->context, c->ntlm, &c->opaque);
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    /*
-     *
-     */
-
-    ret = krb5_ntlm_init_get_flags(c->context, c->ntlm, &type2.flags);
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-    *ret_flags = type2.flags;
-
-    ret = krb5_ntlm_init_get_challange(c->context, c->ntlm, &challange);
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    if (challange.length != sizeof(type2.challange)) {
-	*minor_status = EINVAL;
-	return GSS_S_FAILURE;
-    }
-    memcpy(type2.challange, challange.data, sizeof(type2.challange));
-    krb5_data_free(&challange);
-
-    ret = krb5_ntlm_init_get_targetname(c->context, c->ntlm,
-					&type2.targetname);
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    ret = krb5_ntlm_init_get_targetinfo(c->context, c->ntlm, &ti);
-    if (ret) {
-	free(type2.targetname);
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    type2.targetinfo.data = ti.data;
-    type2.targetinfo.length = ti.length;
-	
-    ret = heim_ntlm_encode_type2(&type2, &data);
-    free(type2.targetname);
-    krb5_data_free(&ti);
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-	
-    out->data = data.data;
-    out->length = data.length;
-
-    return GSS_S_COMPLETE;
-}
-
-/*
- *
- */
-
-static OM_uint32
-kdc_type3(OM_uint32 *minor_status,
-	  void *ctx,
-	  const struct ntlm_type3 *type3,
-	  struct ntlm_buf *sessionkey)
-{
-    struct ntlmkrb5 *c = ctx;
-    krb5_error_code ret;
-
-    sessionkey->data = NULL;
-    sessionkey->length = 0;
-
-    ret = krb5_ntlm_req_set_flags(c->context, c->ntlm, type3->flags);
-    if (ret) goto out;
-    ret = krb5_ntlm_req_set_username(c->context, c->ntlm, type3->username);
-    if (ret) goto out;
-    ret = krb5_ntlm_req_set_targetname(c->context, c->ntlm, 
-				       type3->targetname);
-    if (ret) goto out;
-    ret = krb5_ntlm_req_set_lm(c->context, c->ntlm, 
-			       type3->lm.data, type3->lm.length);
-    if (ret) goto out;
-    ret = krb5_ntlm_req_set_ntlm(c->context, c->ntlm, 
-				 type3->ntlm.data, type3->ntlm.length);
-    if (ret) goto out;
-    ret = krb5_ntlm_req_set_opaque(c->context, c->ntlm, &c->opaque);
-    if (ret) goto out;
-
-    if (type3->sessionkey.length) {
-	ret = krb5_ntlm_req_set_session(c->context, c->ntlm,
-					type3->sessionkey.data,
-					type3->sessionkey.length);
-	if (ret) goto out;
-    }
-
-    /*
-     * Verify with the KDC the type3 packet is ok
-     */
-    ret = krb5_ntlm_request(c->context, 
-			    c->ntlm,
-			    NULL,
-			    c->id);
-    if (ret)
-	goto out;
-
-    if (krb5_ntlm_rep_get_status(c->context, c->ntlm) != TRUE) {
-	ret = EINVAL;
-	goto out;
-    }
-
-    if (type3->sessionkey.length) {
-	ret = krb5_ntlm_rep_get_sessionkey(c->context, 
-					   c->ntlm,
-					   &c->sessionkey);
-	if (ret)
-	    goto out;
-
-	sessionkey->data = c->sessionkey.data;
-	sessionkey->length = c->sessionkey.length;
-    }
-
-    return 0;
-
- out:
-    *minor_status = ret;
-    return GSS_S_FAILURE;
-}
-
-/*
- *
- */
-
-static void
-kdc_free_buffer(struct ntlm_buf *sessionkey)
-{
-    if (sessionkey->data)
-	free(sessionkey->data);
-    sessionkey->data = NULL;
-    sessionkey->length = 0;
-}
-
-/*
- *
- */
-
-struct ntlm_server_interface ntlmsspi_kdc_digest = {
-    kdc_alloc,
-    kdc_destroy,
-    kdc_probe,
-    kdc_type2,
-    kdc_type3,
-    kdc_free_buffer
-};
diff --git a/crypto/heimdal/lib/gssapi/ntlm/display_name.c b/crypto/heimdal/lib/gssapi/ntlm/display_name.c
deleted file mode 100644
index a04d96c4510f..000000000000
--- a/crypto/heimdal/lib/gssapi/ntlm/display_name.c
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: display_name.c 22373 2007-12-28 18:36:06Z lha $");
-
-OM_uint32 _gss_ntlm_display_name
-           (OM_uint32 * minor_status,
-            const gss_name_t input_name,
-            gss_buffer_t output_name_buffer,
-            gss_OID * output_name_type
-           )
-{
-    *minor_status = 0;
-
-    if (output_name_type)
-	*output_name_type = GSS_NTLM_MECHANISM;
-
-    if (output_name_buffer) {
-	ntlm_name n = (ntlm_name)input_name;
-	char *str;
-	int len;
-	
-	output_name_buffer->length = 0;
-	output_name_buffer->value = NULL;
-
-	if (n == NULL) {
-	    *minor_status = 0;
-	    return GSS_S_BAD_NAME;
-	}
-
-	len = asprintf(&str, "%s@%s", n->user, n->domain);
-	if (str == NULL) {
-	    *minor_status = ENOMEM;
-	    return GSS_S_FAILURE;
-	}
-	output_name_buffer->length = len;
-	output_name_buffer->value = str;
-    }
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/display_status.c b/crypto/heimdal/lib/gssapi/ntlm/display_status.c
deleted file mode 100644
index 70be5ebe4985..000000000000
--- a/crypto/heimdal/lib/gssapi/ntlm/display_status.c
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (c) 1998 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: display_status.c 19334 2006-12-14 12:17:34Z lha $");
-
-OM_uint32 _gss_ntlm_display_status
-           (OM_uint32		*minor_status,
-	    OM_uint32		 status_value,
-	    int			 status_type,
-	    const gss_OID	 mech_type,
-	    OM_uint32		*message_context,
-	    gss_buffer_t	 status_string)
-{
-    if (minor_status)
-	*minor_status = 0;
-    if (status_string) {
-	status_string->length = 0;
-	status_string->value = NULL;
-    }
-    if (message_context)
-	*message_context = 0;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/duplicate_name.c b/crypto/heimdal/lib/gssapi/ntlm/duplicate_name.c
deleted file mode 100644
index 2b2f7dd65fe1..000000000000
--- a/crypto/heimdal/lib/gssapi/ntlm/duplicate_name.c
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: duplicate_name.c 19334 2006-12-14 12:17:34Z lha $");
-
-OM_uint32 _gss_ntlm_duplicate_name (
-            OM_uint32 * minor_status,
-            const gss_name_t src_name,
-            gss_name_t * dest_name
-           )
-{
-    if (minor_status)
-	*minor_status = 0;
-    if (dest_name)
-	*dest_name = NULL;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/export_name.c b/crypto/heimdal/lib/gssapi/ntlm/export_name.c
deleted file mode 100644
index f0941b1ce625..000000000000
--- a/crypto/heimdal/lib/gssapi/ntlm/export_name.c
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * Copyright (c) 1997, 1999, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: export_name.c 19334 2006-12-14 12:17:34Z lha $");
-
-OM_uint32 _gss_ntlm_export_name
-           (OM_uint32  * minor_status,
-            const gss_name_t input_name,
-            gss_buffer_t exported_name
-           )
-{
-    if (minor_status)
-	*minor_status = 0;
-    if (exported_name) {
-	exported_name->length = 0;
-	exported_name->value = NULL;
-    }
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/export_sec_context.c b/crypto/heimdal/lib/gssapi/ntlm/export_sec_context.c
deleted file mode 100644
index 99a7be19ab27..000000000000
--- a/crypto/heimdal/lib/gssapi/ntlm/export_sec_context.c
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright (c) 1999 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: export_sec_context.c 19334 2006-12-14 12:17:34Z lha $");
-
-OM_uint32
-_gss_ntlm_export_sec_context (
-    OM_uint32 * minor_status,
-    gss_ctx_id_t * context_handle,
-    gss_buffer_t interprocess_token
-    )
-{
-    if (minor_status)
-	*minor_status = 0;
-    if (interprocess_token) {
-	interprocess_token->length = 0;
-	interprocess_token->value = NULL;
-    }
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/external.c b/crypto/heimdal/lib/gssapi/ntlm/external.c
deleted file mode 100644
index 8f86032796a9..000000000000
--- a/crypto/heimdal/lib/gssapi/ntlm/external.c
+++ /dev/null
@@ -1,82 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: external.c 19359 2006-12-15 20:01:48Z lha $");
-
-static gssapi_mech_interface_desc ntlm_mech = {
-    GMI_VERSION,
-    "ntlm",
-    {10, rk_UNCONST("\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a") },
-    _gss_ntlm_acquire_cred,
-    _gss_ntlm_release_cred,
-    _gss_ntlm_init_sec_context,
-    _gss_ntlm_accept_sec_context,
-    _gss_ntlm_process_context_token,
-    _gss_ntlm_delete_sec_context,
-    _gss_ntlm_context_time,
-    _gss_ntlm_get_mic,
-    _gss_ntlm_verify_mic,
-    _gss_ntlm_wrap,
-    _gss_ntlm_unwrap,
-    _gss_ntlm_display_status,
-    NULL,
-    _gss_ntlm_compare_name,
-    _gss_ntlm_display_name,
-    _gss_ntlm_import_name,
-    _gss_ntlm_export_name,
-    _gss_ntlm_release_name,
-    _gss_ntlm_inquire_cred,
-    _gss_ntlm_inquire_context,
-    _gss_ntlm_wrap_size_limit,
-    _gss_ntlm_add_cred,
-    _gss_ntlm_inquire_cred_by_mech,
-    _gss_ntlm_export_sec_context,
-    _gss_ntlm_import_sec_context,
-    _gss_ntlm_inquire_names_for_mech,
-    _gss_ntlm_inquire_mechs_for_name,
-    _gss_ntlm_canonicalize_name,
-    _gss_ntlm_duplicate_name
-};
-
-gssapi_mech_interface
-__gss_ntlm_initialize(void)
-{
-	return &ntlm_mech;
-}
-
-static gss_OID_desc _gss_ntlm_mechanism_desc = 
-{10, rk_UNCONST("\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a") };
-
-gss_OID GSS_NTLM_MECHANISM = &_gss_ntlm_mechanism_desc;
diff --git a/crypto/heimdal/lib/gssapi/ntlm/import_name.c b/crypto/heimdal/lib/gssapi/ntlm/import_name.c
deleted file mode 100644
index 91cba082eadf..000000000000
--- a/crypto/heimdal/lib/gssapi/ntlm/import_name.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: import_name.c 22373 2007-12-28 18:36:06Z lha $");
-
-OM_uint32 _gss_ntlm_import_name
-           (OM_uint32 * minor_status,
-            const gss_buffer_t input_name_buffer,
-            const gss_OID input_name_type,
-            gss_name_t * output_name
-           )
-{
-    char *name, *p, *p2;
-    ntlm_name n;
-
-    *minor_status = 0;
-
-    if (output_name)
-	*output_name = GSS_C_NO_NAME;
-
-    if (!gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE))
-	return GSS_S_BAD_NAMETYPE;
-
-    name = malloc(input_name_buffer->length + 1);
-    if (name == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    memcpy(name, input_name_buffer->value, input_name_buffer->length);
-    name[input_name_buffer->length] = '\0';
-
-    /* find "domain" part of the name and uppercase it */
-    p = strchr(name, '@');
-    if (p == NULL)
-	return GSS_S_BAD_NAME;
-    p[0] = '\0';
-    p++;
-    p2 = strchr(p, '.');
-    if (p2 && p2[1] != '\0') {
-	p = p2 + 1;
-	p2 = strchr(p, '.');
-	if (p2)
-	    *p2 = '\0';
-    }
-    strupr(p);
-    
-    n = calloc(1, sizeof(*n));
-    if (name == NULL) {
-	free(name);
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-
-    n->user = strdup(name);
-    n->domain = strdup(p);
-
-    free(name);
-
-    if (n->user == NULL || n->domain == NULL) {
-	free(n->user);
-	free(n->domain);
-	free(n);
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-
-    *output_name = (gss_name_t)n;
-
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/import_sec_context.c b/crypto/heimdal/lib/gssapi/ntlm/import_sec_context.c
deleted file mode 100644
index cde0a011f0ce..000000000000
--- a/crypto/heimdal/lib/gssapi/ntlm/import_sec_context.c
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright (c) 1999 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: import_sec_context.c 19334 2006-12-14 12:17:34Z lha $");
-
-OM_uint32
-_gss_ntlm_import_sec_context (
-    OM_uint32 * minor_status,
-    const gss_buffer_t interprocess_token,
-    gss_ctx_id_t * context_handle
-    )
-{
-    if (minor_status)
-	*minor_status = 0;
-    if (context_handle)
-	*context_handle = GSS_C_NO_CONTEXT;
-    return GSS_S_FAILURE;
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/indicate_mechs.c b/crypto/heimdal/lib/gssapi/ntlm/indicate_mechs.c
deleted file mode 100644
index 64171631edc9..000000000000
--- a/crypto/heimdal/lib/gssapi/ntlm/indicate_mechs.c
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: indicate_mechs.c 19334 2006-12-14 12:17:34Z lha $");
-
-OM_uint32 _gss_ntlm_indicate_mechs
-(OM_uint32 * minor_status,
- gss_OID_set * mech_set
-    )
-{
-    if (minor_status)
-	*minor_status = 0;
-    if (mech_set)
-	*mech_set = GSS_C_NO_OID_SET;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/init_sec_context.c b/crypto/heimdal/lib/gssapi/ntlm/init_sec_context.c
deleted file mode 100644
index 140dbece8435..000000000000
--- a/crypto/heimdal/lib/gssapi/ntlm/init_sec_context.c
+++ /dev/null
@@ -1,508 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: init_sec_context.c 22382 2007-12-30 12:13:17Z lha $");
-
-static int
-from_file(const char *fn, const char *target_domain, 
-	  char **username, struct ntlm_buf *key)
-{	  
-    char *str, buf[1024];
-    FILE *f;
-
-    f = fopen(fn, "r");
-    if (f == NULL)
-	return ENOENT;
-
-    while (fgets(buf, sizeof(buf), f) != NULL) {
-	char *d, *u, *p;
-	buf[strcspn(buf, "\r\n")] = '\0';
-	if (buf[0] == '#')
-	    continue;
-	str = NULL;
-	d = strtok_r(buf, ":", &str);
-	if (d && strcasecmp(target_domain, d) != 0)
-	    continue;
-	u = strtok_r(NULL, ":", &str);
-	p = strtok_r(NULL, ":", &str);
-	if (u == NULL || p == NULL)
-	    continue;
-
-	*username = strdup(u);
-
-	heim_ntlm_nt_key(p, key);
-
-	memset(buf, 0, sizeof(buf));
-	fclose(f);
-	return 0;
-    }
-    memset(buf, 0, sizeof(buf));
-    fclose(f);
-    return ENOENT;
-}
-
-static int
-get_user_file(const ntlm_name target_name, 
-	      char **username, struct ntlm_buf *key)
-{
-    const char *fn;
-
-    if (issuid())
-	return ENOENT;
-
-    fn = getenv("NTLM_USER_FILE");
-    if (fn == NULL)
-	return ENOENT;
-    if (from_file(fn, target_name->domain, username, key) == 0)
-	return 0;
-
-    return ENOENT;
-}
-
-/*
- * Pick up the ntlm cred from the default krb5 credential cache.
- */
-
-static int
-get_user_ccache(const ntlm_name name, char **username, struct ntlm_buf *key)
-{
-    krb5_principal client;
-    krb5_context context = NULL;
-    krb5_error_code ret;
-    krb5_ccache id = NULL;
-    krb5_creds mcreds, creds;
-
-    *username = NULL;
-    key->length = 0;
-    key->data = NULL;
-
-    memset(&creds, 0, sizeof(creds));
-    memset(&mcreds, 0, sizeof(mcreds));
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	return ret;
-
-    ret = krb5_cc_default(context, &id);
-    if (ret)
-	goto out;
-
-    ret = krb5_cc_get_principal(context, id, &client);
-    if (ret)
-	goto out;
-
-    ret = krb5_unparse_name_flags(context, client,
-				  KRB5_PRINCIPAL_UNPARSE_NO_REALM,
-				  username);
-    if (ret)
-	goto out;
-
-    ret = krb5_make_principal(context, &mcreds.server,
-			      krb5_principal_get_realm(context, client),
-			      "@ntlm-key", name->domain, NULL);
-    krb5_free_principal(context, client);
-    if (ret)
-	goto out;
-
-    mcreds.session.keytype = ENCTYPE_ARCFOUR_HMAC_MD5;
-    ret = krb5_cc_retrieve_cred(context, id, KRB5_TC_MATCH_KEYTYPE, 
-				&mcreds, &creds);
-    if (ret) {
-	char *s = krb5_get_error_message(context, ret);
-	krb5_free_error_string(context, s);
-	goto out;
-    }
-
-    key->data = malloc(creds.session.keyvalue.length);
-    if (key->data == NULL)
-	goto out;
-    key->length = creds.session.keyvalue.length;
-    memcpy(key->data, creds.session.keyvalue.data, key->length);
-
-    krb5_free_cred_contents(context, &creds);
-
-    return 0;
-
-out:
-    if (*username) {
-	free(*username);
-	*username = NULL;
-    }
-    krb5_free_cred_contents(context, &creds);
-    if (mcreds.server)
-	krb5_free_principal(context, mcreds.server);
-    if (id)
-	krb5_cc_close(context, id);
-    if (context)
-	krb5_free_context(context);
-
-    return ret;
-}
-
-int
-_gss_ntlm_get_user_cred(const ntlm_name target_name,
-			ntlm_cred *rcred)
-{
-    ntlm_cred cred;
-    int ret;
- 
-    cred = calloc(1, sizeof(*cred));
-    if (cred == NULL)
-	return ENOMEM;
-    
-    ret = get_user_file(target_name, &cred->username, &cred->key);
-    if (ret)
-	ret = get_user_ccache(target_name, &cred->username, &cred->key);
-    if (ret) {
-	free(cred);
-	return ret;
-    }
-    
-    cred->domain = strdup(target_name->domain);
-    *rcred = cred;
-
-    return ret;
-}
-
-static int
-_gss_copy_cred(ntlm_cred from, ntlm_cred *to)
-{
-    *to = calloc(1, sizeof(*to));
-    if (*to == NULL)
-	return ENOMEM;
-    (*to)->username = strdup(from->username);
-    if ((*to)->username == NULL) {
-	free(*to);
-	return ENOMEM;
-    }
-    (*to)->domain = strdup(from->domain);
-    if ((*to)->domain == NULL) {
-	free((*to)->username);
-	free(*to);
-	return ENOMEM;
-    }
-    (*to)->key.data = malloc(from->key.length);
-    if ((*to)->key.data == NULL) {
-	free((*to)->domain);
-	free((*to)->username);
-	free(*to);
-	return ENOMEM;
-    }
-    memcpy((*to)->key.data, from->key.data, from->key.length);
-    (*to)->key.length = from->key.length;
-
-    return 0;
-}
-
-OM_uint32
-_gss_ntlm_init_sec_context
-           (OM_uint32 * minor_status,
-            const gss_cred_id_t initiator_cred_handle,
-            gss_ctx_id_t * context_handle,
-            const gss_name_t target_name,
-            const gss_OID mech_type,
-            OM_uint32 req_flags,
-            OM_uint32 time_req,
-            const gss_channel_bindings_t input_chan_bindings,
-            const gss_buffer_t input_token,
-            gss_OID * actual_mech_type,
-            gss_buffer_t output_token,
-            OM_uint32 * ret_flags,
-            OM_uint32 * time_rec
-	   )
-{
-    ntlm_ctx ctx;
-    ntlm_name name = (ntlm_name)target_name;
-
-    *minor_status = 0;
-
-    if (ret_flags)
-	*ret_flags = 0;
-    if (time_rec)
-	*time_rec = 0;
-    if (actual_mech_type)
-	*actual_mech_type = GSS_C_NO_OID;
-
-    if (*context_handle == GSS_C_NO_CONTEXT) {
-	struct ntlm_type1 type1;
-	struct ntlm_buf data;
-	uint32_t flags = 0;
-	int ret;
-	
-	ctx = calloc(1, sizeof(*ctx));
-	if (ctx == NULL) {
-	    *minor_status = EINVAL;
-	    return GSS_S_FAILURE;
-	}
-	*context_handle = (gss_ctx_id_t)ctx;
-
-	if (initiator_cred_handle != GSS_C_NO_CREDENTIAL) {
-	    ntlm_cred cred = (ntlm_cred)initiator_cred_handle;
-	    ret = _gss_copy_cred(cred, &ctx->client);
-	} else
-	    ret = _gss_ntlm_get_user_cred(name, &ctx->client);
-
-	if (ret) {
-	    _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
-	    *minor_status = ret;
-	    return GSS_S_FAILURE;
-	}
-
-	if (req_flags & GSS_C_CONF_FLAG)
-	    flags |= NTLM_NEG_SEAL;
-	if (req_flags & GSS_C_INTEG_FLAG)
-	    flags |= NTLM_NEG_SIGN;
-	else
-	    flags |= NTLM_NEG_ALWAYS_SIGN;
-
-	flags |= NTLM_NEG_UNICODE;
-	flags |= NTLM_NEG_NTLM;
-	flags |= NTLM_NEG_NTLM2_SESSION;
-	flags |= NTLM_NEG_KEYEX;
-
-	memset(&type1, 0, sizeof(type1));
-	
-	type1.flags = flags;
-	type1.domain = name->domain;
-	type1.hostname = NULL;
-	type1.os[0] = 0;
-	type1.os[1] = 0;
-	
-	ret = heim_ntlm_encode_type1(&type1, &data);
-	if (ret) {
-	    _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
-	    *minor_status = ret;
-	    return GSS_S_FAILURE;
-	}
-	
-	output_token->value = data.data;
-	output_token->length = data.length;
-	
-	return GSS_S_CONTINUE_NEEDED;
-    } else {
-	krb5_error_code ret;
-	struct ntlm_type2 type2;
-	struct ntlm_type3 type3;
-	struct ntlm_buf data;
-
-	ctx = (ntlm_ctx)*context_handle;
-
-	data.data = input_token->value;
-	data.length = input_token->length;
-
-	ret = heim_ntlm_decode_type2(&data, &type2);
-	if (ret) {
-	    _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
-	    *minor_status = ret;
-	    return GSS_S_FAILURE;
-	}
-
-	ctx->flags = type2.flags;
-
-	/* XXX check that type2.targetinfo matches `target_name� */
-	/* XXX check verify targetinfo buffer */
-
-	memset(&type3, 0, sizeof(type3));
-
-	type3.username = ctx->client->username;
-	type3.flags = type2.flags;
-	type3.targetname = type2.targetname;
-	type3.ws = rk_UNCONST("workstation");
-
-	/*
-	 * NTLM Version 1 if no targetinfo buffer.
-	 */
-
-	if (1 || type2.targetinfo.length == 0) {
-	    struct ntlm_buf sessionkey;
-
-	    if (type2.flags & NTLM_NEG_NTLM2_SESSION) {
-		unsigned char nonce[8];
-
-		if (RAND_bytes(nonce, sizeof(nonce)) != 1) {
-		    _gss_ntlm_delete_sec_context(minor_status, 
-						 context_handle, NULL);
-		    *minor_status = EINVAL;
-		    return GSS_S_FAILURE;
-		}
-
-		ret = heim_ntlm_calculate_ntlm2_sess(nonce,
-						     type2.challange,
-						     ctx->client->key.data,
-						     &type3.lm,
-						     &type3.ntlm);
-	    } else {
-		ret = heim_ntlm_calculate_ntlm1(ctx->client->key.data, 
-						ctx->client->key.length,
-						type2.challange,
-						&type3.ntlm);
-
-	    }
-	    if (ret) {
-		_gss_ntlm_delete_sec_context(minor_status,context_handle,NULL);
-		*minor_status = ret;
-		return GSS_S_FAILURE;
-	    }
-
-	    ret = heim_ntlm_build_ntlm1_master(ctx->client->key.data, 
-					       ctx->client->key.length,
-					       &sessionkey,
-					       &type3.sessionkey);
-	    if (ret) {
-		if (type3.lm.data)
-		    free(type3.lm.data);
-		if (type3.ntlm.data)
-		    free(type3.ntlm.data);
-		_gss_ntlm_delete_sec_context(minor_status,context_handle,NULL);
-		*minor_status = ret;
-		return GSS_S_FAILURE;
-	    }
-
-	    ret = krb5_data_copy(&ctx->sessionkey, 
-				 sessionkey.data, sessionkey.length);
-	    free(sessionkey.data);
-	    if (ret) {
-		if (type3.lm.data)
-		    free(type3.lm.data);
-		if (type3.ntlm.data)
-		    free(type3.ntlm.data);
-		_gss_ntlm_delete_sec_context(minor_status,context_handle,NULL);
-		*minor_status = ret;
-		return GSS_S_FAILURE;
-	    }
-	    ctx->status |= STATUS_SESSIONKEY; 
-
-	} else {
-	    struct ntlm_buf sessionkey;
-	    unsigned char ntlmv2[16];
-	    struct ntlm_targetinfo ti;
-
-	    /* verify infotarget */
-	    
-	    ret = heim_ntlm_decode_targetinfo(&type2.targetinfo, 1, &ti);
-	    if(ret) {
-		_gss_ntlm_delete_sec_context(minor_status, 
-					     context_handle, NULL);
-		*minor_status = ret;
-		return GSS_S_FAILURE;
-	    }
-
-	    if (ti.domainname && strcmp(ti.domainname, name->domain) != 0) {
-		_gss_ntlm_delete_sec_context(minor_status, 
-					     context_handle, NULL);
-		*minor_status = EINVAL;
-		return GSS_S_FAILURE;
-	    }
-
-	    ret = heim_ntlm_calculate_ntlm2(ctx->client->key.data,
-					    ctx->client->key.length,
-					    ctx->client->username,
-					    name->domain,
-					    type2.challange,
-					    &type2.targetinfo,
-					    ntlmv2,
-					    &type3.ntlm);
-	    if (ret) {
-		_gss_ntlm_delete_sec_context(minor_status, 
-					     context_handle, NULL);
-		*minor_status = ret;
-		return GSS_S_FAILURE;
-	    }
-
-	    ret = heim_ntlm_build_ntlm1_master(ntlmv2, sizeof(ntlmv2),
-					       &sessionkey,
-					       &type3.sessionkey);
-	    memset(ntlmv2, 0, sizeof(ntlmv2));
-	    if (ret) {
-		_gss_ntlm_delete_sec_context(minor_status, 
-					     context_handle, NULL);
-		*minor_status = ret;
-		return GSS_S_FAILURE;
-	    }
-	    
-	    ctx->flags |= NTLM_NEG_NTLM2_SESSION;
-
-	    ret = krb5_data_copy(&ctx->sessionkey, 
-				 sessionkey.data, sessionkey.length);
-	    free(sessionkey.data);
-	}
-
-	if (ctx->flags & NTLM_NEG_NTLM2_SESSION) {
-	    ctx->status |= STATUS_SESSIONKEY; 
-	    _gss_ntlm_set_key(&ctx->u.v2.send, 0, (ctx->flags & NTLM_NEG_KEYEX),
-			      ctx->sessionkey.data,
-			      ctx->sessionkey.length);
-	    _gss_ntlm_set_key(&ctx->u.v2.recv, 1, (ctx->flags & NTLM_NEG_KEYEX),
-			      ctx->sessionkey.data,
-			      ctx->sessionkey.length);
-	} else {
-	    ctx->status |= STATUS_SESSIONKEY; 
-	    RC4_set_key(&ctx->u.v1.crypto_recv.key, 
-			ctx->sessionkey.length,
-			ctx->sessionkey.data);
-	    RC4_set_key(&ctx->u.v1.crypto_send.key, 
-			ctx->sessionkey.length,
-			ctx->sessionkey.data);
-	}
-	
-
-
-	ret = heim_ntlm_encode_type3(&type3, &data);
-	free(type3.sessionkey.data);
-	if (type3.lm.data)
-	    free(type3.lm.data);
-	if (type3.ntlm.data)
-	    free(type3.ntlm.data);
-	if (ret) {
-	    _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
-	    *minor_status = ret;
-	    return GSS_S_FAILURE;
-	}
-
-	output_token->length = data.length;
-	output_token->value = data.data;
-
-	if (actual_mech_type)
-	    *actual_mech_type = GSS_NTLM_MECHANISM;
-	if (ret_flags)
-	    *ret_flags = 0;
-	if (time_rec)
-	    *time_rec = GSS_C_INDEFINITE;
-
-	ctx->status |= STATUS_OPEN;
-
-	return GSS_S_COMPLETE;
-    }
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/inquire_context.c b/crypto/heimdal/lib/gssapi/ntlm/inquire_context.c
deleted file mode 100644
index fe6b32272f70..000000000000
--- a/crypto/heimdal/lib/gssapi/ntlm/inquire_context.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: inquire_context.c 21079 2007-06-13 00:25:25Z lha $");
-
-OM_uint32 _gss_ntlm_inquire_context (
-            OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            gss_name_t * src_name,
-            gss_name_t * targ_name,
-            OM_uint32 * lifetime_rec,
-            gss_OID * mech_type,
-            OM_uint32 * ctx_flags,
-            int * locally_initiated,
-            int * open_context
-           )
-{
-    ntlm_ctx ctx = (ntlm_ctx)context_handle;
-
-    *minor_status = 0;
-    if (src_name)
-	*src_name = GSS_C_NO_NAME;
-    if (targ_name)
-	*targ_name = GSS_C_NO_NAME;
-    if (lifetime_rec)
-	*lifetime_rec = GSS_C_INDEFINITE;
-    if (mech_type)
-	*mech_type = GSS_NTLM_MECHANISM;
-    if (ctx_flags)
-	*ctx_flags = ctx->gssflags;
-    if (locally_initiated)
-	*locally_initiated = (ctx->status & STATUS_CLIENT) ? 1 : 0;
-    if (open_context)
-	*open_context = (ctx->status & STATUS_OPEN) ? 1 : 0;
-
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/inquire_cred.c b/crypto/heimdal/lib/gssapi/ntlm/inquire_cred.c
deleted file mode 100644
index 1d49b5070d87..000000000000
--- a/crypto/heimdal/lib/gssapi/ntlm/inquire_cred.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: inquire_cred.c 22148 2007-12-04 17:59:29Z lha $");
-
-OM_uint32 _gss_ntlm_inquire_cred
-           (OM_uint32 * minor_status,
-            const gss_cred_id_t cred_handle,
-            gss_name_t * name,
-            OM_uint32 * lifetime,
-            gss_cred_usage_t * cred_usage,
-            gss_OID_set * mechanisms
-           )
-{
-    OM_uint32 ret, junk;
-
-    if (minor_status)
-	*minor_status = 0;
-    if (name)
-	*name = GSS_C_NO_NAME;
-    if (lifetime)
-	*lifetime = GSS_C_INDEFINITE;
-    if (cred_usage)
-	*cred_usage = 0;
-    if (mechanisms)
-	*mechanisms = GSS_C_NO_OID_SET;
-
-    if (cred_handle == GSS_C_NO_CREDENTIAL)
-	return GSS_S_NO_CRED;
-
-    if (mechanisms) {
-        ret = gss_create_empty_oid_set(minor_status, mechanisms);
-        if (ret)
-	    goto out;
-	ret = gss_add_oid_set_member(minor_status,
-				     GSS_NTLM_MECHANISM,
-				     mechanisms);
-        if (ret)
-	    goto out;
-    }
-
-    return GSS_S_COMPLETE;
-out:
-    gss_release_oid_set(&junk, mechanisms);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/inquire_cred_by_mech.c b/crypto/heimdal/lib/gssapi/ntlm/inquire_cred_by_mech.c
deleted file mode 100644
index 572c6fef759c..000000000000
--- a/crypto/heimdal/lib/gssapi/ntlm/inquire_cred_by_mech.c
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: inquire_cred_by_mech.c 19334 2006-12-14 12:17:34Z lha $");
-
-OM_uint32 _gss_ntlm_inquire_cred_by_mech (
-            OM_uint32 * minor_status,
-            const gss_cred_id_t cred_handle,
-            const gss_OID mech_type,
-            gss_name_t * name,
-            OM_uint32 * initiator_lifetime,
-            OM_uint32 * acceptor_lifetime,
-            gss_cred_usage_t * cred_usage
-    )
-{
-    if (minor_status)
-	*minor_status = 0;
-    if (name)
-	*name = GSS_C_NO_NAME;
-    if (initiator_lifetime)
-	*initiator_lifetime = 0;
-    if (acceptor_lifetime)
-	*acceptor_lifetime = 0;
-    if (cred_usage)
-	*cred_usage = 0;
-    return GSS_S_UNAVAILABLE;
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/inquire_mechs_for_name.c b/crypto/heimdal/lib/gssapi/ntlm/inquire_mechs_for_name.c
deleted file mode 100644
index 8bee4836d3fb..000000000000
--- a/crypto/heimdal/lib/gssapi/ntlm/inquire_mechs_for_name.c
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: inquire_mechs_for_name.c 19334 2006-12-14 12:17:34Z lha $");
-
-OM_uint32 _gss_ntlm_inquire_mechs_for_name (
-            OM_uint32 * minor_status,
-            const gss_name_t input_name,
-            gss_OID_set * mech_types
-           )
-{
-    if (minor_status)
-	*minor_status = 0;
-    if (mech_types)
-	*mech_types = GSS_C_NO_OID_SET;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/inquire_names_for_mech.c b/crypto/heimdal/lib/gssapi/ntlm/inquire_names_for_mech.c
deleted file mode 100644
index ebf624de7628..000000000000
--- a/crypto/heimdal/lib/gssapi/ntlm/inquire_names_for_mech.c
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: inquire_names_for_mech.c 19334 2006-12-14 12:17:34Z lha $");
-
-
-OM_uint32 _gss_ntlm_inquire_names_for_mech (
-            OM_uint32 * minor_status,
-            const gss_OID mechanism,
-            gss_OID_set * name_types
-           )
-{
-    OM_uint32 ret;
-
-    ret = gss_create_empty_oid_set(minor_status, name_types);
-    if (ret != GSS_S_COMPLETE)
-	return ret;
-
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/ntlm-private.h b/crypto/heimdal/lib/gssapi/ntlm/ntlm-private.h
deleted file mode 100644
index cc6c4007856d..000000000000
--- a/crypto/heimdal/lib/gssapi/ntlm/ntlm-private.h
+++ /dev/null
@@ -1,264 +0,0 @@
-/* This is a generated file */
-#ifndef __ntlm_private_h__
-#define __ntlm_private_h__
-
-#include <stdarg.h>
-
-gssapi_mech_interface
-__gss_ntlm_initialize (void);
-
-OM_uint32
-_gss_ntlm_accept_sec_context (
-	OM_uint32 * /*minor_status*/,
-	gss_ctx_id_t * /*context_handle*/,
-	const gss_cred_id_t /*acceptor_cred_handle*/,
-	const gss_buffer_t /*input_token_buffer*/,
-	const gss_channel_bindings_t /*input_chan_bindings*/,
-	gss_name_t * /*src_name*/,
-	gss_OID * /*mech_type*/,
-	gss_buffer_t /*output_token*/,
-	OM_uint32 * /*ret_flags*/,
-	OM_uint32 * /*time_rec*/,
-	gss_cred_id_t * delegated_cred_handle );
-
-OM_uint32
-_gss_ntlm_acquire_cred (
-	OM_uint32 * /*min_stat*/,
-	const gss_name_t /*desired_name*/,
-	OM_uint32 /*time_req*/,
-	const gss_OID_set /*desired_mechs*/,
-	gss_cred_usage_t /*cred_usage*/,
-	gss_cred_id_t * /*output_cred_handle*/,
-	gss_OID_set * /*actual_mechs*/,
-	OM_uint32 * time_rec );
-
-OM_uint32
-_gss_ntlm_add_cred (
-	 OM_uint32 */*minor_status*/,
-	const gss_cred_id_t /*input_cred_handle*/,
-	const gss_name_t /*desired_name*/,
-	const gss_OID /*desired_mech*/,
-	gss_cred_usage_t /*cred_usage*/,
-	OM_uint32 /*initiator_time_req*/,
-	OM_uint32 /*acceptor_time_req*/,
-	gss_cred_id_t */*output_cred_handle*/,
-	gss_OID_set */*actual_mechs*/,
-	OM_uint32 */*initiator_time_rec*/,
-	OM_uint32 */*acceptor_time_rec*/);
-
-OM_uint32
-_gss_ntlm_allocate_ctx (
-	OM_uint32 */*minor_status*/,
-	ntlm_ctx */*ctx*/);
-
-OM_uint32
-_gss_ntlm_canonicalize_name (
-	 OM_uint32 * /*minor_status*/,
-	const gss_name_t /*input_name*/,
-	const gss_OID /*mech_type*/,
-	gss_name_t * output_name );
-
-OM_uint32
-_gss_ntlm_compare_name (
-	OM_uint32 * /*minor_status*/,
-	const gss_name_t /*name1*/,
-	const gss_name_t /*name2*/,
-	int * name_equal );
-
-OM_uint32
-_gss_ntlm_context_time (
-	OM_uint32 * /*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	OM_uint32 * time_rec );
-
-OM_uint32
-_gss_ntlm_delete_sec_context (
-	OM_uint32 * /*minor_status*/,
-	gss_ctx_id_t * /*context_handle*/,
-	gss_buffer_t output_token );
-
-OM_uint32
-_gss_ntlm_display_name (
-	OM_uint32 * /*minor_status*/,
-	const gss_name_t /*input_name*/,
-	gss_buffer_t /*output_name_buffer*/,
-	gss_OID * output_name_type );
-
-OM_uint32
-_gss_ntlm_display_status (
-	OM_uint32 */*minor_status*/,
-	OM_uint32 /*status_value*/,
-	int /*status_type*/,
-	const gss_OID /*mech_type*/,
-	OM_uint32 */*message_context*/,
-	gss_buffer_t /*status_string*/);
-
-OM_uint32
-_gss_ntlm_duplicate_name (
-	 OM_uint32 * /*minor_status*/,
-	const gss_name_t /*src_name*/,
-	gss_name_t * dest_name );
-
-OM_uint32
-_gss_ntlm_export_name (
-	OM_uint32 * /*minor_status*/,
-	const gss_name_t /*input_name*/,
-	gss_buffer_t exported_name );
-
-OM_uint32
-_gss_ntlm_export_sec_context (
-	 OM_uint32 * /*minor_status*/,
-	gss_ctx_id_t * /*context_handle*/,
-	gss_buffer_t interprocess_token );
-
-OM_uint32
-_gss_ntlm_get_mic (
-	OM_uint32 * /*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	gss_qop_t /*qop_req*/,
-	const gss_buffer_t /*message_buffer*/,
-	gss_buffer_t message_token );
-
-int
-_gss_ntlm_get_user_cred (
-	const ntlm_name /*target_name*/,
-	ntlm_cred */*rcred*/);
-
-OM_uint32
-_gss_ntlm_import_name (
-	OM_uint32 * /*minor_status*/,
-	const gss_buffer_t /*input_name_buffer*/,
-	const gss_OID /*input_name_type*/,
-	gss_name_t * output_name );
-
-OM_uint32
-_gss_ntlm_import_sec_context (
-	 OM_uint32 * /*minor_status*/,
-	const gss_buffer_t /*interprocess_token*/,
-	gss_ctx_id_t * context_handle );
-
-OM_uint32
-_gss_ntlm_indicate_mechs (
-	OM_uint32 * /*minor_status*/,
-	gss_OID_set * mech_set );
-
-OM_uint32
-_gss_ntlm_init_sec_context (
-	OM_uint32 * /*minor_status*/,
-	const gss_cred_id_t /*initiator_cred_handle*/,
-	gss_ctx_id_t * /*context_handle*/,
-	const gss_name_t /*target_name*/,
-	const gss_OID /*mech_type*/,
-	OM_uint32 /*req_flags*/,
-	OM_uint32 /*time_req*/,
-	const gss_channel_bindings_t /*input_chan_bindings*/,
-	const gss_buffer_t /*input_token*/,
-	gss_OID * /*actual_mech_type*/,
-	gss_buffer_t /*output_token*/,
-	OM_uint32 * /*ret_flags*/,
-	OM_uint32 * time_rec );
-
-OM_uint32
-_gss_ntlm_inquire_context (
-	 OM_uint32 * /*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	gss_name_t * /*src_name*/,
-	gss_name_t * /*targ_name*/,
-	OM_uint32 * /*lifetime_rec*/,
-	gss_OID * /*mech_type*/,
-	OM_uint32 * /*ctx_flags*/,
-	int * /*locally_initiated*/,
-	int * open_context );
-
-OM_uint32
-_gss_ntlm_inquire_cred (
-	OM_uint32 * /*minor_status*/,
-	const gss_cred_id_t /*cred_handle*/,
-	gss_name_t * /*name*/,
-	OM_uint32 * /*lifetime*/,
-	gss_cred_usage_t * /*cred_usage*/,
-	gss_OID_set * mechanisms );
-
-OM_uint32
-_gss_ntlm_inquire_cred_by_mech (
-	 OM_uint32 * /*minor_status*/,
-	const gss_cred_id_t /*cred_handle*/,
-	const gss_OID /*mech_type*/,
-	gss_name_t * /*name*/,
-	OM_uint32 * /*initiator_lifetime*/,
-	OM_uint32 * /*acceptor_lifetime*/,
-	gss_cred_usage_t * cred_usage );
-
-OM_uint32
-_gss_ntlm_inquire_mechs_for_name (
-	 OM_uint32 * /*minor_status*/,
-	const gss_name_t /*input_name*/,
-	gss_OID_set * mech_types );
-
-OM_uint32
-_gss_ntlm_inquire_names_for_mech (
-	 OM_uint32 * /*minor_status*/,
-	const gss_OID /*mechanism*/,
-	gss_OID_set * name_types );
-
-OM_uint32
-_gss_ntlm_process_context_token (
-	 OM_uint32 */*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	const gss_buffer_t token_buffer );
-
-OM_uint32
-_gss_ntlm_release_cred (
-	OM_uint32 * /*minor_status*/,
-	gss_cred_id_t * cred_handle );
-
-OM_uint32
-_gss_ntlm_release_name (
-	OM_uint32 * /*minor_status*/,
-	gss_name_t * input_name );
-
-void
-_gss_ntlm_set_key (
-	struct ntlmv2_key */*key*/,
-	int /*acceptor*/,
-	int /*sealsign*/,
-	unsigned char */*data*/,
-	size_t /*len*/);
-
-OM_uint32
-_gss_ntlm_unwrap (
-	OM_uint32 * /*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	const gss_buffer_t /*input_message_buffer*/,
-	gss_buffer_t /*output_message_buffer*/,
-	int * /*conf_state*/,
-	gss_qop_t * qop_state );
-
-OM_uint32
-_gss_ntlm_verify_mic (
-	OM_uint32 * /*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	const gss_buffer_t /*message_buffer*/,
-	const gss_buffer_t /*token_buffer*/,
-	gss_qop_t * qop_state );
-
-OM_uint32
-_gss_ntlm_wrap (
-	OM_uint32 * /*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	int /*conf_req_flag*/,
-	gss_qop_t /*qop_req*/,
-	const gss_buffer_t /*input_message_buffer*/,
-	int * /*conf_state*/,
-	gss_buffer_t output_message_buffer );
-
-OM_uint32
-_gss_ntlm_wrap_size_limit (
-	 OM_uint32 * /*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	int /*conf_req_flag*/,
-	gss_qop_t /*qop_req*/,
-	OM_uint32 /*req_output_size*/,
-	OM_uint32 * max_input_size );
-
-#endif /* __ntlm_private_h__ */
diff --git a/crypto/heimdal/lib/gssapi/ntlm/ntlm.h b/crypto/heimdal/lib/gssapi/ntlm/ntlm.h
deleted file mode 100644
index 5713b72e2b33..000000000000
--- a/crypto/heimdal/lib/gssapi/ntlm/ntlm.h
+++ /dev/null
@@ -1,139 +0,0 @@
-/*
- * Copyright (c) 2006 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: ntlm.h 22373 2007-12-28 18:36:06Z lha $ */
-
-#ifndef NTLM_NTLM_H
-#define NTLM_NTLM_H
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <assert.h>
-#include <string.h>
-#include <errno.h>
-
-#include <gssapi.h>
-#include <gssapi_mech.h>
-
-#include <krb5.h>
-#include <roken.h>
-#include <heim_threads.h>
-
-#include <heimntlm.h>
-
-#include "crypto-headers.h"
-
-typedef OM_uint32
-(*ntlm_interface_init)(OM_uint32 *, void **);
-
-typedef OM_uint32
-(*ntlm_interface_destroy)(OM_uint32 *, void *);
-
-typedef int
-(*ntlm_interface_probe)(OM_uint32 *, void *, const char *);
-
-typedef OM_uint32
-(*ntlm_interface_type2)(OM_uint32 *, void *, uint32_t, const char *,
-			const char *, uint32_t *, struct ntlm_buf *);
-
-typedef OM_uint32
-(*ntlm_interface_type3)(OM_uint32 *, void *, const struct ntlm_type3 *,
-			struct ntlm_buf *);
-
-typedef void
-(*ntlm_interface_free_buffer)(struct ntlm_buf *);
-
-struct ntlm_server_interface {
-    ntlm_interface_init nsi_init;
-    ntlm_interface_destroy nsi_destroy;
-    ntlm_interface_probe nsi_probe;
-    ntlm_interface_type2 nsi_type2;
-    ntlm_interface_type3 nsi_type3;
-    ntlm_interface_free_buffer nsi_free_buffer;
-};
-
-
-struct ntlmv2_key {
-    uint32_t seq;
-    RC4_KEY sealkey;
-    RC4_KEY *signsealkey;
-    unsigned char signkey[16];
-};
-
-extern struct ntlm_server_interface ntlmsspi_kdc_digest;
-
-typedef struct ntlm_cred {
-    gss_cred_usage_t usage;
-    char *username;
-    char *domain;
-    struct ntlm_buf key;
-} *ntlm_cred;
-
-typedef struct {
-    struct ntlm_server_interface *server;
-    void *ictx;
-    ntlm_cred client;
-    OM_uint32 gssflags;
-    uint32_t flags;
-    uint32_t status;
-#define STATUS_OPEN 1
-#define STATUS_CLIENT 2
-#define STATUS_SESSIONKEY 4
-    krb5_data sessionkey;
-
-    union {
-	struct {
-	    struct {
-		uint32_t seq;
-		RC4_KEY key;
-	    } crypto_send, crypto_recv;
-	} v1;
-	struct {
-	    struct ntlmv2_key send, recv;
-	} v2;
-    } u;
-} *ntlm_ctx;
-
-typedef struct {
-    char *user;
-    char *domain;
-} *ntlm_name;
-
-#include <ntlm/ntlm-private.h>
-
-
-#endif /* NTLM_NTLM_H */
diff --git a/crypto/heimdal/lib/gssapi/ntlm/process_context_token.c b/crypto/heimdal/lib/gssapi/ntlm/process_context_token.c
deleted file mode 100644
index 33c1072208a4..000000000000
--- a/crypto/heimdal/lib/gssapi/ntlm/process_context_token.c
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: process_context_token.c 19334 2006-12-14 12:17:34Z lha $");
-
-OM_uint32 _gss_ntlm_process_context_token (
-	OM_uint32          *minor_status,
-	const gss_ctx_id_t context_handle,
-	const gss_buffer_t token_buffer
-    )
-{
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/ntlm/release_cred.c b/crypto/heimdal/lib/gssapi/ntlm/release_cred.c
deleted file mode 100644
index a63e5687408e..000000000000
--- a/crypto/heimdal/lib/gssapi/ntlm/release_cred.c
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: release_cred.c 22163 2007-12-04 21:25:06Z lha $");
-
-OM_uint32 _gss_ntlm_release_cred
-           (OM_uint32 * minor_status,
-            gss_cred_id_t * cred_handle
-           )
-{
-    ntlm_cred cred;
-
-    if (minor_status)
-	*minor_status = 0;
-
-    if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL)
-	return GSS_S_COMPLETE;
-
-    cred = (ntlm_cred)*cred_handle;
-    *cred_handle = GSS_C_NO_CREDENTIAL;
-
-    if (cred->username)
-	free(cred->username);
-    if (cred->domain)
-	free(cred->domain);
-    if (cred->key.data) {
-	memset(cred->key.data, 0, cred->key.length);
-	free(cred->key.data);
-    }
-
-    return GSS_S_COMPLETE;
-}
-
diff --git a/crypto/heimdal/lib/gssapi/ntlm/release_name.c b/crypto/heimdal/lib/gssapi/ntlm/release_name.c
deleted file mode 100644
index 687d9fde50c5..000000000000
--- a/crypto/heimdal/lib/gssapi/ntlm/release_name.c
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ntlm/ntlm.h"
-
-RCSID("$Id: release_name.c 22373 2007-12-28 18:36:06Z lha $");
-
-OM_uint32 _gss_ntlm_release_name
-           (OM_uint32 * minor_status,
-            gss_name_t * input_name
-           )
-{
-    if (minor_status)
-	*minor_status = 0;
-    if (input_name) {
-	ntlm_name n = (ntlm_name)*input_name;
-	*input_name = GSS_C_NO_NAME;
-	free(n->user);
-	free(n->domain);
-	free(n);
-    }
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/process_context_token.c b/crypto/heimdal/lib/gssapi/process_context_token.c
deleted file mode 100644
index 0cec33cc3e6f..000000000000
--- a/crypto/heimdal/lib/gssapi/process_context_token.c
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: process_context_token.c,v 1.1 2003/03/16 18:19:05 lha Exp $");
-
-OM_uint32 gss_process_context_token (
-	OM_uint32          *minor_status,
-	const gss_ctx_id_t context_handle,
-	const gss_buffer_t token_buffer
-    )
-{
-    OM_uint32 ret = GSS_S_FAILURE;
-    gss_buffer_desc empty_buffer;
-    gss_qop_t qop_state;
-
-    empty_buffer.length = 0;
-    empty_buffer.value = NULL;
-
-    qop_state = GSS_C_QOP_DEFAULT;
-
-    ret = gss_verify_mic_internal(minor_status, context_handle,
-				  token_buffer, &empty_buffer,
-				  GSS_C_QOP_DEFAULT, "\x01\x02");
-
-    if (ret == GSS_S_COMPLETE)
-	ret = gss_delete_sec_context(minor_status,
-				     (gss_ctx_id_t *)&context_handle,
-				     GSS_C_NO_BUFFER);
-    if (ret == GSS_S_COMPLETE)
-	*minor_status = 0;
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/release_buffer.c b/crypto/heimdal/lib/gssapi/release_buffer.c
deleted file mode 100644
index 258b76f62768..000000000000
--- a/crypto/heimdal/lib/gssapi/release_buffer.c
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: release_buffer.c,v 1.5 2003/03/16 17:58:20 lha Exp $");
-
-OM_uint32 gss_release_buffer
-           (OM_uint32 * minor_status,
-            gss_buffer_t buffer
-           )
-{
-  *minor_status = 0;
-  free (buffer->value);
-  buffer->value  = NULL;
-  buffer->length = 0;
-  return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/release_cred.c b/crypto/heimdal/lib/gssapi/release_cred.c
deleted file mode 100644
index 01cbb6a0f9d9..000000000000
--- a/crypto/heimdal/lib/gssapi/release_cred.c
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Copyright (c) 1997-2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: release_cred.c,v 1.8.2.1 2003/10/07 01:08:21 lha Exp $");
-
-OM_uint32 gss_release_cred
-           (OM_uint32 * minor_status,
-            gss_cred_id_t * cred_handle
-           )
-{
-    *minor_status = 0;
-
-    if (*cred_handle == GSS_C_NO_CREDENTIAL) {
-        return GSS_S_COMPLETE;
-    }
-
-    GSSAPI_KRB5_INIT ();
-
-    if ((*cred_handle)->principal != NULL)
-        krb5_free_principal(gssapi_krb5_context, (*cred_handle)->principal);
-    if ((*cred_handle)->keytab != NULL)
-	krb5_kt_close(gssapi_krb5_context, (*cred_handle)->keytab);
-    if ((*cred_handle)->ccache != NULL) {
-	const krb5_cc_ops *ops;
-	ops = krb5_cc_get_ops(gssapi_krb5_context, (*cred_handle)->ccache);
-	if (ops == &krb5_mcc_ops)
-	    krb5_cc_destroy(gssapi_krb5_context, (*cred_handle)->ccache);
-	else 
-	    krb5_cc_close(gssapi_krb5_context, (*cred_handle)->ccache);
-    }
-    gss_release_oid_set(NULL, &(*cred_handle)->mechanisms);
-    free(*cred_handle);
-    *cred_handle = GSS_C_NO_CREDENTIAL;
-    return GSS_S_COMPLETE;
-}
-
diff --git a/crypto/heimdal/lib/gssapi/release_name.c b/crypto/heimdal/lib/gssapi/release_name.c
deleted file mode 100644
index 6894ffae49c2..000000000000
--- a/crypto/heimdal/lib/gssapi/release_name.c
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: release_name.c,v 1.7 2003/03/16 17:52:48 lha Exp $");
-
-OM_uint32 gss_release_name
-           (OM_uint32 * minor_status,
-            gss_name_t * input_name
-           )
-{
-    GSSAPI_KRB5_INIT ();
-    if (minor_status)
-      *minor_status = 0;
-    krb5_free_principal(gssapi_krb5_context,
-			*input_name);
-    *input_name = GSS_C_NO_NAME;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/release_oid_set.c b/crypto/heimdal/lib/gssapi/release_oid_set.c
deleted file mode 100644
index 04eb01565f79..000000000000
--- a/crypto/heimdal/lib/gssapi/release_oid_set.c
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: release_oid_set.c,v 1.5 2003/03/16 17:53:25 lha Exp $");
-
-OM_uint32 gss_release_oid_set
-           (OM_uint32 * minor_status,
-            gss_OID_set * set
-           )
-{
-  if (minor_status)
-      *minor_status = 0;
-  free ((*set)->elements);
-  free (*set);
-  *set = GSS_C_NO_OID_SET;
-  return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/spnego/accept_sec_context.c b/crypto/heimdal/lib/gssapi/spnego/accept_sec_context.c
deleted file mode 100644
index 1afe26f1e39d..000000000000
--- a/crypto/heimdal/lib/gssapi/spnego/accept_sec_context.c
+++ /dev/null
@@ -1,1024 +0,0 @@
-/*
- * Copyright (c) 1997 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * Portions Copyright (c) 2004 PADL Software Pty Ltd.
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "spnego/spnego_locl.h"
-
-RCSID("$Id: accept_sec_context.c 21461 2007-07-10 14:01:13Z lha $");
-
-static OM_uint32
-send_reject (OM_uint32 *minor_status,
-	     gss_buffer_t output_token)
-{
-    NegotiationToken nt;
-    size_t size;
-
-    nt.element = choice_NegotiationToken_negTokenResp;
-
-    ALLOC(nt.u.negTokenResp.negResult, 1);
-    if (nt.u.negTokenResp.negResult == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    *(nt.u.negTokenResp.negResult)  = reject;
-    nt.u.negTokenResp.supportedMech = NULL;
-    nt.u.negTokenResp.responseToken = NULL;
-    nt.u.negTokenResp.mechListMIC   = NULL;
-    
-    ASN1_MALLOC_ENCODE(NegotiationToken,
-		       output_token->value, output_token->length, &nt,
-		       &size, *minor_status);
-    free_NegotiationToken(&nt);
-    if (*minor_status != 0)
-	return GSS_S_FAILURE;
-
-    return GSS_S_BAD_MECH;
-}
-
-static OM_uint32
-acceptor_approved(gss_name_t target_name, gss_OID mech)
-{
-    gss_cred_id_t cred = GSS_C_NO_CREDENTIAL;
-    gss_OID_set oidset;
-    OM_uint32 junk, ret;
-
-    if (target_name == GSS_C_NO_NAME)
-	return GSS_S_COMPLETE;
-
-    gss_create_empty_oid_set(&junk, &oidset);
-    gss_add_oid_set_member(&junk, mech, &oidset);
-    
-    ret = gss_acquire_cred(&junk, target_name, GSS_C_INDEFINITE, oidset,
-			   GSS_C_ACCEPT, &cred, NULL, NULL);
-    gss_release_oid_set(&junk, &oidset);
-    if (ret != GSS_S_COMPLETE)
-	return ret;
-    gss_release_cred(&junk, &cred);
-    
-    return GSS_S_COMPLETE;
-}
-
-static OM_uint32
-send_supported_mechs (OM_uint32 *minor_status,
-		      gss_buffer_t output_token)
-{
-    NegotiationTokenWin nt;
-    char hostname[MAXHOSTNAMELEN + 1], *p;
-    gss_buffer_desc name_buf;
-    gss_OID name_type;
-    gss_name_t target_princ;
-    gss_name_t canon_princ;
-    OM_uint32 minor;
-    size_t buf_len;
-    gss_buffer_desc data;
-    OM_uint32 ret;
-
-    memset(&nt, 0, sizeof(nt));
-
-    nt.element = choice_NegotiationTokenWin_negTokenInit;
-    nt.u.negTokenInit.reqFlags = NULL;
-    nt.u.negTokenInit.mechToken = NULL;
-    nt.u.negTokenInit.negHints = NULL;
-
-    ret = _gss_spnego_indicate_mechtypelist(minor_status, GSS_C_NO_NAME,
-					    acceptor_approved, 1, NULL,
-					    &nt.u.negTokenInit.mechTypes, NULL);
-    if (ret != GSS_S_COMPLETE) {
-	return ret;
-    }
-
-    memset(&target_princ, 0, sizeof(target_princ));
-    if (gethostname(hostname, sizeof(hostname) - 2) != 0) {
-	*minor_status = errno;
-	free_NegotiationTokenWin(&nt);
-	return GSS_S_FAILURE;
-    }
-    hostname[sizeof(hostname) - 1] = '\0';
-
-    /* Send the constructed SAM name for this host */
-    for (p = hostname; *p != '\0' && *p != '.'; p++) {
-	*p = toupper((unsigned char)*p);
-    }
-    *p++ = '$';
-    *p = '\0';
-
-    name_buf.length = strlen(hostname);
-    name_buf.value = hostname;
-
-    ret = gss_import_name(minor_status, &name_buf,
-			  GSS_C_NO_OID,
-			  &target_princ);
-    if (ret != GSS_S_COMPLETE) {
-	free_NegotiationTokenWin(&nt);
-	return ret;
-    }
-
-    name_buf.length = 0;
-    name_buf.value = NULL;
-
-    /* Canonicalize the name using the preferred mechanism */
-    ret = gss_canonicalize_name(minor_status,
-				target_princ,
-				GSS_C_NO_OID,
-				&canon_princ);
-    if (ret != GSS_S_COMPLETE) {
-	free_NegotiationTokenWin(&nt);
-	gss_release_name(&minor, &target_princ);
-	return ret;
-    }
-
-    ret = gss_display_name(minor_status, canon_princ,
-			   &name_buf, &name_type);
-    if (ret != GSS_S_COMPLETE) {
-	free_NegotiationTokenWin(&nt);
-	gss_release_name(&minor, &canon_princ);
-	gss_release_name(&minor, &target_princ);
-	return ret;
-    }
-
-    gss_release_name(&minor, &canon_princ);
-    gss_release_name(&minor, &target_princ);
-
-    ALLOC(nt.u.negTokenInit.negHints, 1);
-    if (nt.u.negTokenInit.negHints == NULL) {
-	*minor_status = ENOMEM;
-	gss_release_buffer(&minor, &name_buf);
-	free_NegotiationTokenWin(&nt);
-	return GSS_S_FAILURE;
-    }
-
-    ALLOC(nt.u.negTokenInit.negHints->hintName, 1);
-    if (nt.u.negTokenInit.negHints->hintName == NULL) {
-	*minor_status = ENOMEM;
-	gss_release_buffer(&minor, &name_buf);
-	free_NegotiationTokenWin(&nt);
-	return GSS_S_FAILURE;
-    }
-
-    *(nt.u.negTokenInit.negHints->hintName) = name_buf.value;
-    name_buf.value = NULL;
-    nt.u.negTokenInit.negHints->hintAddress = NULL;
-
-    ASN1_MALLOC_ENCODE(NegotiationTokenWin, 
-		       data.value, data.length, &nt, &buf_len, ret);
-    free_NegotiationTokenWin(&nt);
-    if (ret) {
-	return ret;
-    }
-    if (data.length != buf_len)
-	abort();
-
-    ret = gss_encapsulate_token(&data, GSS_SPNEGO_MECHANISM, output_token);
-
-    free (data.value);
-
-    if (ret != GSS_S_COMPLETE)
-	return ret;
-
-    *minor_status = 0;
-
-    return GSS_S_CONTINUE_NEEDED;
-}
-
-static OM_uint32
-send_accept (OM_uint32 *minor_status,
-	     gssspnego_ctx context_handle,
-	     gss_buffer_t mech_token,
-	     int initial_response,
-	     gss_buffer_t mech_buf,
-	     gss_buffer_t output_token)
-{
-    NegotiationToken nt;
-    OM_uint32 ret;
-    gss_buffer_desc mech_mic_buf;
-    size_t size;
-
-    memset(&nt, 0, sizeof(nt));
-
-    nt.element = choice_NegotiationToken_negTokenResp;
-
-    ALLOC(nt.u.negTokenResp.negResult, 1);
-    if (nt.u.negTokenResp.negResult == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-
-    if (context_handle->open) {
-	if (mech_token != GSS_C_NO_BUFFER
-	    && mech_token->length != 0
-	    && mech_buf != GSS_C_NO_BUFFER)
-	    *(nt.u.negTokenResp.negResult)  = accept_incomplete;
-	else
-	    *(nt.u.negTokenResp.negResult)  = accept_completed;
-    } else {
-	if (initial_response && context_handle->require_mic)
-	    *(nt.u.negTokenResp.negResult)  = request_mic;
-	else
-	    *(nt.u.negTokenResp.negResult)  = accept_incomplete;
-    }
-
-    if (initial_response) {
-	ALLOC(nt.u.negTokenResp.supportedMech, 1);
-	if (nt.u.negTokenResp.supportedMech == NULL) {
-	    free_NegotiationToken(&nt);
-	    *minor_status = ENOMEM;
-	    return GSS_S_FAILURE;
-	}
-
-	ret = der_get_oid(context_handle->preferred_mech_type->elements,
-			  context_handle->preferred_mech_type->length,
-			  nt.u.negTokenResp.supportedMech,
-			  NULL);
-	if (ret) {
-	    free_NegotiationToken(&nt);
-	    *minor_status = ENOMEM;
-	    return GSS_S_FAILURE;
-	}
-    } else {
-	nt.u.negTokenResp.supportedMech = NULL;
-    }
-
-    if (mech_token != GSS_C_NO_BUFFER && mech_token->length != 0) {
-	ALLOC(nt.u.negTokenResp.responseToken, 1);
-	if (nt.u.negTokenResp.responseToken == NULL) {
-	    free_NegotiationToken(&nt);
-	    *minor_status = ENOMEM;
-	    return GSS_S_FAILURE;
-	}
-	nt.u.negTokenResp.responseToken->length = mech_token->length;
-	nt.u.negTokenResp.responseToken->data   = mech_token->value;
-	mech_token->length = 0;
-	mech_token->value  = NULL;
-    } else {
-	nt.u.negTokenResp.responseToken = NULL;
-    }
-
-    if (mech_buf != GSS_C_NO_BUFFER) {
-	ret = gss_get_mic(minor_status,
-			  context_handle->negotiated_ctx_id,
-			  0,
-			  mech_buf,
-			  &mech_mic_buf);
-	if (ret == GSS_S_COMPLETE) {
-	    ALLOC(nt.u.negTokenResp.mechListMIC, 1);
-	    if (nt.u.negTokenResp.mechListMIC == NULL) {
-		gss_release_buffer(minor_status, &mech_mic_buf);
-		free_NegotiationToken(&nt);
-		*minor_status = ENOMEM;
-		return GSS_S_FAILURE;
-	    }
-	    nt.u.negTokenResp.mechListMIC->length = mech_mic_buf.length;
-	    nt.u.negTokenResp.mechListMIC->data   = mech_mic_buf.value;
-	} else if (ret == GSS_S_UNAVAILABLE) {
-	    nt.u.negTokenResp.mechListMIC = NULL;
-	} else {
-	    free_NegotiationToken(&nt);
-	    return ret;
-	}
-
-    } else
-	nt.u.negTokenResp.mechListMIC = NULL;
- 
-    ASN1_MALLOC_ENCODE(NegotiationToken,
-		       output_token->value, output_token->length,
-		       &nt, &size, ret);
-    if (ret) {
-	free_NegotiationToken(&nt);
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    /*
-     * The response should not be encapsulated, because
-     * it is a SubsequentContextToken (note though RFC 1964
-     * specifies encapsulation for all _Kerberos_ tokens).
-     */
-
-    if (*(nt.u.negTokenResp.negResult) == accept_completed)
-	ret = GSS_S_COMPLETE;
-    else
-	ret = GSS_S_CONTINUE_NEEDED;
-    free_NegotiationToken(&nt);
-    return ret;
-}
-
-
-static OM_uint32
-verify_mechlist_mic
-	   (OM_uint32 *minor_status,
-	    gssspnego_ctx context_handle,
-	    gss_buffer_t mech_buf,
-	    heim_octet_string *mechListMIC
-	   )
-{
-    OM_uint32 ret;
-    gss_buffer_desc mic_buf;
-
-    if (context_handle->verified_mic) {
-	/* This doesn't make sense, we've already verified it? */
-	*minor_status = 0;
-	return GSS_S_DUPLICATE_TOKEN;
-    }
-
-    if (mechListMIC == NULL) {
-	*minor_status = 0;
-	return GSS_S_DEFECTIVE_TOKEN;
-    }
-
-    mic_buf.length = mechListMIC->length;
-    mic_buf.value  = mechListMIC->data;
-
-    ret = gss_verify_mic(minor_status,
-			 context_handle->negotiated_ctx_id,
-			 mech_buf,
-			 &mic_buf,
-			 NULL);
-
-    if (ret != GSS_S_COMPLETE)
-	ret = GSS_S_DEFECTIVE_TOKEN;
-
-    return ret;
-}
-
-static OM_uint32
-select_mech(OM_uint32 *minor_status, MechType *mechType, int verify_p,
-	    gss_OID *mech_p)
-{
-    char mechbuf[64];
-    size_t mech_len;
-    gss_OID_desc oid;
-    OM_uint32 ret, junk;
-
-    ret = der_put_oid ((unsigned char *)mechbuf + sizeof(mechbuf) - 1,
-		       sizeof(mechbuf),
-		       mechType,
-		       &mech_len);
-    if (ret) {
-	return GSS_S_DEFECTIVE_TOKEN;
-    }
-
-    oid.length   = mech_len;
-    oid.elements = mechbuf + sizeof(mechbuf) - mech_len;
-
-    if (gss_oid_equal(&oid, GSS_SPNEGO_MECHANISM)) {
-	return GSS_S_BAD_MECH;
-    }
-
-    *minor_status = 0;
-
-    /* Translate broken MS Kebreros OID */
-    if (gss_oid_equal(&oid, &_gss_spnego_mskrb_mechanism_oid_desc)) {
-	gssapi_mech_interface mech;
-
-	mech = __gss_get_mechanism(&_gss_spnego_krb5_mechanism_oid_desc);
-	if (mech == NULL)
-	    return GSS_S_BAD_MECH;
-
-	ret = gss_duplicate_oid(minor_status,
-				&_gss_spnego_mskrb_mechanism_oid_desc,
-				mech_p);
-    } else {
-	gssapi_mech_interface mech;
-
-	mech = __gss_get_mechanism(&oid);
-	if (mech == NULL)
-	    return GSS_S_BAD_MECH;
-
-	ret = gss_duplicate_oid(minor_status,
-				&mech->gm_mech_oid,
-				mech_p);
-    }
-
-    if (verify_p) {
-	gss_name_t name = GSS_C_NO_NAME;
-	gss_buffer_desc namebuf;
-	char *str = NULL, *host, hostname[MAXHOSTNAMELEN];
-
-	host = getenv("GSSAPI_SPNEGO_NAME");
-	if (host == NULL || issuid()) {
-	    if (gethostname(hostname, sizeof(hostname)) != 0) {
-		*minor_status = errno;
-		return GSS_S_FAILURE;
-	    }
-	    asprintf(&str, "host@%s", hostname);
-	    host = str;
-	}
-
-	namebuf.length = strlen(host);
-	namebuf.value = host;
-
-	ret = gss_import_name(minor_status, &namebuf,
-			      GSS_C_NT_HOSTBASED_SERVICE, &name);
-	if (str)
-	    free(str);
-	if (ret != GSS_S_COMPLETE)
-	    return ret;
-
-	ret = acceptor_approved(name, *mech_p);
-	gss_release_name(&junk, &name);
-    }
-
-    return ret;
-}
-
-
-static OM_uint32
-acceptor_complete(OM_uint32 * minor_status,
-		  gssspnego_ctx ctx,
-		  int *get_mic,
-		  gss_buffer_t mech_buf,
-		  gss_buffer_t mech_input_token,
-		  gss_buffer_t mech_output_token,
-		  heim_octet_string *mic,
-		  gss_buffer_t output_token)
-{
-    OM_uint32 ret;
-    int require_mic, verify_mic;
-    gss_buffer_desc buf;
-
-    buf.length = 0;
-    buf.value = NULL;
-
-    ret = _gss_spnego_require_mechlist_mic(minor_status, ctx, &require_mic);
-    if (ret)
-	return ret;
-    
-    ctx->require_mic = require_mic;
-
-    if (mic != NULL)
-	require_mic = 1;
-    
-    if (ctx->open && require_mic) {
-	if (mech_input_token == GSS_C_NO_BUFFER) { /* Even/One */
-	    verify_mic = 1;
-	    *get_mic = 0;
-	} else if (mech_output_token != GSS_C_NO_BUFFER &&
-		   mech_output_token->length == 0) { /* Odd */
-	    *get_mic = verify_mic = 1;
-	} else { /* Even/One */
-	    verify_mic = 0;
-	    *get_mic = 1;
-	}
-	
-	if (verify_mic || get_mic) {
-	    int eret;
-	    size_t buf_len;
-	    
-	    ASN1_MALLOC_ENCODE(MechTypeList, 
-			       mech_buf->value, mech_buf->length,
-			       &ctx->initiator_mech_types, &buf_len, eret);
-	    if (eret) {
-		*minor_status = eret;
-		return GSS_S_FAILURE;
-	    }
-	    if (buf.length != buf_len)
-		abort();
-	}
-	
-	if (verify_mic) {
-	    ret = verify_mechlist_mic(minor_status, ctx, mech_buf, mic);
-	    if (ret) {
-		if (get_mic)
-		    send_reject (minor_status, output_token);
-		if (buf.value)
-		    free(buf.value);
-		return ret;
-	    }
-	    ctx->verified_mic = 1;
-	}
-	if (buf.value)
-	    free(buf.value);
-
-    } else
-	*get_mic = verify_mic = 0;
-    
-    return GSS_S_COMPLETE;
-}
-
-
-static OM_uint32
-acceptor_start
-	   (OM_uint32 * minor_status,
-	    gss_ctx_id_t * context_handle,
-	    const gss_cred_id_t acceptor_cred_handle,
-	    const gss_buffer_t input_token_buffer,
-	    const gss_channel_bindings_t input_chan_bindings,
-	    gss_name_t * src_name,
-	    gss_OID * mech_type,
-	    gss_buffer_t output_token,
-	    OM_uint32 * ret_flags,
-	    OM_uint32 * time_rec,
-	    gss_cred_id_t *delegated_cred_handle
-	   )
-{
-    OM_uint32 ret, junk, minor;
-    NegotiationToken nt;
-    size_t nt_len;
-    NegTokenInit *ni;
-    int i;
-    gss_buffer_desc data;
-    gss_buffer_t mech_input_token = GSS_C_NO_BUFFER;
-    gss_buffer_desc mech_output_token;
-    gss_buffer_desc mech_buf;
-    gss_OID preferred_mech_type = GSS_C_NO_OID;
-    gssspnego_ctx ctx;
-    gssspnego_cred acceptor_cred = (gssspnego_cred)acceptor_cred_handle;
-    int get_mic = 0;
-    int first_ok = 0;
-
-    mech_output_token.value = NULL;
-    mech_output_token.length = 0;
-    mech_buf.value = NULL;
-
-    if (input_token_buffer->length == 0)
-	return send_supported_mechs (minor_status, output_token);
-	
-    ret = _gss_spnego_alloc_sec_context(minor_status, context_handle);
-    if (ret != GSS_S_COMPLETE)
-	return ret;
-
-    ctx = (gssspnego_ctx)*context_handle;
-
-    /*
-     * The GSS-API encapsulation is only present on the initial
-     * context token (negTokenInit).
-     */
-    ret = gss_decapsulate_token (input_token_buffer,
-				 GSS_SPNEGO_MECHANISM,
-				 &data);
-    if (ret)
-	return ret;
-
-    ret = decode_NegotiationToken(data.value, data.length, &nt, &nt_len);
-    gss_release_buffer(minor_status, &data);
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_DEFECTIVE_TOKEN;
-    }
-    if (nt.element != choice_NegotiationToken_negTokenInit) {
-	*minor_status = 0;
-	return GSS_S_DEFECTIVE_TOKEN;
-    }
-    ni = &nt.u.negTokenInit;
-
-    if (ni->mechTypes.len < 1) {
-	free_NegotiationToken(&nt);
-	*minor_status = 0;
-	return GSS_S_DEFECTIVE_TOKEN;
-    }
-
-    HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-
-    ret = copy_MechTypeList(&ni->mechTypes, &ctx->initiator_mech_types);
-    if (ret) {
-	HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-	free_NegotiationToken(&nt);
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    /*
-     * First we try the opportunistic token if we have support for it,
-     * don't try to verify we have credential for the token,
-     * gss_accept_sec_context will (hopefully) tell us that.
-     * If that failes, 
-     */
-
-    ret = select_mech(minor_status,
-		      &ni->mechTypes.val[0], 
-		      0,
-		      &preferred_mech_type);
-
-    if (ret == 0 && ni->mechToken != NULL) {
-	gss_cred_id_t mech_delegated_cred = GSS_C_NO_CREDENTIAL;
-	gss_cred_id_t mech_cred;
-	gss_buffer_desc ibuf;
-
-	ibuf.length = ni->mechToken->length;
-	ibuf.value = ni->mechToken->data;
-	mech_input_token = &ibuf;
-
-	if (acceptor_cred != NULL)
-	    mech_cred = acceptor_cred->negotiated_cred_id;
-	else
-	    mech_cred = GSS_C_NO_CREDENTIAL;
-	
-	if (ctx->mech_src_name != GSS_C_NO_NAME)
-	    gss_release_name(&minor, &ctx->mech_src_name);
-	
-	if (ctx->delegated_cred_id != GSS_C_NO_CREDENTIAL)
-	    _gss_spnego_release_cred(&minor, &ctx->delegated_cred_id);
-	
-	ret = gss_accept_sec_context(&minor,
-				     &ctx->negotiated_ctx_id,
-				     mech_cred,
-				     mech_input_token,
-				     input_chan_bindings,
-				     &ctx->mech_src_name,
-				     &ctx->negotiated_mech_type,
-				     &mech_output_token,
-				     &ctx->mech_flags,
-				     &ctx->mech_time_rec,
-				     &mech_delegated_cred);
-	if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) {
-	    ctx->preferred_mech_type = preferred_mech_type;
-	    ctx->negotiated_mech_type = preferred_mech_type;
-	    if (ret == GSS_S_COMPLETE)
-		ctx->open = 1;
-
-	    if (mech_delegated_cred && delegated_cred_handle)
-		ret = _gss_spnego_alloc_cred(minor_status,
-					     mech_delegated_cred,
-					     delegated_cred_handle);
-	    else
-		gss_release_cred(&junk, &mech_delegated_cred);
-
-	    ret = acceptor_complete(minor_status,
-				    ctx,
-				    &get_mic,
-				    &mech_buf,
-				    mech_input_token,
-				    &mech_output_token,
-				    ni->mechListMIC,
-				    output_token);
-	    if (ret != GSS_S_COMPLETE)
-		goto out;
-
-	    first_ok = 1;
-	}
-    }
-
-    /*
-     * If opportunistic token failed, lets try the other mechs.
-     */
-
-    if (!first_ok) {
-
-	/* Call glue layer to find first mech we support */
-	for (i = 1; i < ni->mechTypes.len; ++i) {
-	    ret = select_mech(minor_status,
-			      &ni->mechTypes.val[i],
-			      1,
-			      &preferred_mech_type);
-	    if (ret == 0)
-		break;
-	}
-	if (preferred_mech_type == GSS_C_NO_OID) {
-	    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-	    free_NegotiationToken(&nt);
-	    return GSS_S_BAD_MECH;
-	}
-
-	ctx->preferred_mech_type = preferred_mech_type;
-	ctx->negotiated_mech_type = preferred_mech_type;
-    }
-
-    /*
-     * The initial token always have a response
-     */
-
-    ret = send_accept (minor_status,
-		       ctx,
-		       &mech_output_token,
-		       1,
-		       get_mic ? &mech_buf : NULL,
-		       output_token);
-    if (ret)
-	goto out;
-    
-out:
-    if (mech_output_token.value != NULL)
-	gss_release_buffer(&minor, &mech_output_token);
-    if (mech_buf.value != NULL) {
-	free(mech_buf.value);
-	mech_buf.value = NULL;
-    }
-    free_NegotiationToken(&nt);
-
-
-    if (ret == GSS_S_COMPLETE) {
-	if (src_name != NULL && ctx->mech_src_name != NULL) {
-	    spnego_name name;
-
-	    name = calloc(1, sizeof(*name));
-	    if (name) {
-		name->mech = ctx->mech_src_name;
-		ctx->mech_src_name = NULL;
-		*src_name = (gss_name_t)name;
-	    }
-	}
-        if (delegated_cred_handle != NULL) {
-	    *delegated_cred_handle = ctx->delegated_cred_id;
-	    ctx->delegated_cred_id = GSS_C_NO_CREDENTIAL;
-	}
-    }
-    
-    if (mech_type != NULL)
-	*mech_type = ctx->negotiated_mech_type;
-    if (ret_flags != NULL)
-	*ret_flags = ctx->mech_flags;
-    if (time_rec != NULL)
-	*time_rec = ctx->mech_time_rec;
-
-    if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) {
-	HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
- 	return ret;
-    }
-
-    _gss_spnego_internal_delete_sec_context(&minor, context_handle,
-					    GSS_C_NO_BUFFER);
-    
-    return ret;
-}
-
-
-static OM_uint32
-acceptor_continue
-	   (OM_uint32 * minor_status,
-	    gss_ctx_id_t * context_handle,
-	    const gss_cred_id_t acceptor_cred_handle,
-	    const gss_buffer_t input_token_buffer,
-	    const gss_channel_bindings_t input_chan_bindings,
-	    gss_name_t * src_name,
-	    gss_OID * mech_type,
-	    gss_buffer_t output_token,
-	    OM_uint32 * ret_flags,
-	    OM_uint32 * time_rec,
-	    gss_cred_id_t *delegated_cred_handle
-	   )
-{
-    OM_uint32 ret, ret2, minor;
-    NegotiationToken nt;
-    size_t nt_len;
-    NegTokenResp *na;
-    unsigned int negResult = accept_incomplete;
-    gss_buffer_t mech_input_token = GSS_C_NO_BUFFER;
-    gss_buffer_t mech_output_token = GSS_C_NO_BUFFER;
-    gss_buffer_desc mech_buf;
-    gssspnego_ctx ctx;
-    gssspnego_cred acceptor_cred = (gssspnego_cred)acceptor_cred_handle;
-
-    mech_buf.value = NULL;
-
-    ctx = (gssspnego_ctx)*context_handle;
-
-    /*
-     * The GSS-API encapsulation is only present on the initial
-     * context token (negTokenInit).
-     */
-
-    ret = decode_NegotiationToken(input_token_buffer->value, 
-				  input_token_buffer->length,
-				  &nt, &nt_len);
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_DEFECTIVE_TOKEN;
-    }
-    if (nt.element != choice_NegotiationToken_negTokenResp) {
-	*minor_status = 0;
-	return GSS_S_DEFECTIVE_TOKEN;
-    }
-    na = &nt.u.negTokenResp;
-
-    if (na->negResult != NULL) {
-	negResult = *(na->negResult);
-    }
-
-    HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-
-    {
-	gss_buffer_desc ibuf, obuf;
-	int require_mic, get_mic = 0;
-	int require_response;
-	heim_octet_string *mic;
-
-	if (na->responseToken != NULL) {
-	    ibuf.length = na->responseToken->length;
-	    ibuf.value = na->responseToken->data;
-	    mech_input_token = &ibuf;
-	} else {
-	    ibuf.value = NULL;
-	    ibuf.length = 0;
-	}
-
-	if (mech_input_token != GSS_C_NO_BUFFER) {
-	    gss_cred_id_t mech_cred;
-	    gss_cred_id_t mech_delegated_cred;
-	    gss_cred_id_t *mech_delegated_cred_p;
-
-	    if (acceptor_cred != NULL)
-		mech_cred = acceptor_cred->negotiated_cred_id;
-	    else
-		mech_cred = GSS_C_NO_CREDENTIAL;
-
-	    if (delegated_cred_handle != NULL) {
-		mech_delegated_cred = GSS_C_NO_CREDENTIAL;
-		mech_delegated_cred_p = &mech_delegated_cred;
-	    } else {
-		mech_delegated_cred_p = NULL;
-	    }
-
-	    if (ctx->mech_src_name != GSS_C_NO_NAME)
-		gss_release_name(&minor, &ctx->mech_src_name);
-
-	    if (ctx->delegated_cred_id != GSS_C_NO_CREDENTIAL)
-		_gss_spnego_release_cred(&minor, &ctx->delegated_cred_id);
-
-	    ret = gss_accept_sec_context(&minor,
-					 &ctx->negotiated_ctx_id,
-					 mech_cred,
-					 mech_input_token,
-					 input_chan_bindings,
-					 &ctx->mech_src_name,
-					 &ctx->negotiated_mech_type,
-					 &obuf,
-					 &ctx->mech_flags,
-					 &ctx->mech_time_rec,
-					 mech_delegated_cred_p);
-	    if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) {
-		if (mech_delegated_cred_p != NULL &&
-		    mech_delegated_cred != GSS_C_NO_CREDENTIAL) {
-		    ret2 = _gss_spnego_alloc_cred(minor_status,
-						  mech_delegated_cred,
-						  &ctx->delegated_cred_id);
-		    if (ret2 != GSS_S_COMPLETE)
-			ret = ret2;
-		}
-		mech_output_token = &obuf;
-	    }
-	    if (ret != GSS_S_COMPLETE && ret != GSS_S_CONTINUE_NEEDED) {
-		free_NegotiationToken(&nt);
-		send_reject (minor_status, output_token);
-		HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-		return ret;
-	    }
-	    if (ret == GSS_S_COMPLETE)
-		ctx->open = 1;
-	} else
-	    ret = GSS_S_COMPLETE;
-
-	ret2 = _gss_spnego_require_mechlist_mic(minor_status, 
-						ctx,
-						&require_mic);
-	if (ret2)
-	    goto out;
-
-	ctx->require_mic = require_mic;
-
-	mic = na->mechListMIC;
-	if (mic != NULL)
-	    require_mic = 1;
-
-	if (ret == GSS_S_COMPLETE)
-	    ret = acceptor_complete(minor_status,
-				    ctx,
-				    &get_mic,
-				    &mech_buf,
-				    mech_input_token,
-				    mech_output_token,
-				    na->mechListMIC,
-				    output_token);
-
-	if (ctx->mech_flags & GSS_C_DCE_STYLE)
-	    require_response = (negResult != accept_completed);
-	else
-	    require_response = 0;
-
-	/*
-	 * Check whether we need to send a result: there should be only
-	 * one accept_completed response sent in the entire negotiation
-	 */
-	if ((mech_output_token != GSS_C_NO_BUFFER &&
-	     mech_output_token->length != 0)
-	    || (ctx->open && negResult == accept_incomplete)
-	    || require_response
-	    || get_mic) {
-	    ret2 = send_accept (minor_status,
-				ctx,
-				mech_output_token,
-				0,
-				get_mic ? &mech_buf : NULL,
-				output_token);
-	    if (ret2)
-		goto out;
-	}
-
-     out:
-	if (ret2 != GSS_S_COMPLETE)
-	    ret = ret2;
-	if (mech_output_token != NULL)
-	    gss_release_buffer(&minor, mech_output_token);
-	if (mech_buf.value != NULL)
-	    free(mech_buf.value);
-	free_NegotiationToken(&nt);
-    }
-
-    if (ret == GSS_S_COMPLETE) {
-	if (src_name != NULL && ctx->mech_src_name != NULL) {
-	    spnego_name name;
-
-	    name = calloc(1, sizeof(*name));
-	    if (name) {
-		name->mech = ctx->mech_src_name;
-		ctx->mech_src_name = NULL;
-		*src_name = (gss_name_t)name;
-	    }
-	}
-        if (delegated_cred_handle != NULL) {
-	    *delegated_cred_handle = ctx->delegated_cred_id;
-	    ctx->delegated_cred_id = GSS_C_NO_CREDENTIAL;
-	}
-    }
-
-    if (mech_type != NULL)
-	*mech_type = ctx->negotiated_mech_type;
-    if (ret_flags != NULL)
-	*ret_flags = ctx->mech_flags;
-    if (time_rec != NULL)
-	*time_rec = ctx->mech_time_rec;
-
-    if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) {
-	HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
- 	return ret;
-    }
-
-    _gss_spnego_internal_delete_sec_context(&minor, context_handle,
-				   GSS_C_NO_BUFFER);
-
-    return ret;
-}
-
-OM_uint32
-_gss_spnego_accept_sec_context
-	   (OM_uint32 * minor_status,
-	    gss_ctx_id_t * context_handle,
-	    const gss_cred_id_t acceptor_cred_handle,
-	    const gss_buffer_t input_token_buffer,
-	    const gss_channel_bindings_t input_chan_bindings,
-	    gss_name_t * src_name,
-	    gss_OID * mech_type,
-	    gss_buffer_t output_token,
-	    OM_uint32 * ret_flags,
-	    OM_uint32 * time_rec,
-	    gss_cred_id_t *delegated_cred_handle
-	   )
-{
-    _gss_accept_sec_context_t *func;
-
-    *minor_status = 0;
-
-    output_token->length = 0;
-    output_token->value  = NULL;
-
-    if (src_name != NULL)
-	*src_name = GSS_C_NO_NAME;
-    if (mech_type != NULL)
-	*mech_type = GSS_C_NO_OID;
-    if (ret_flags != NULL)
-	*ret_flags = 0;
-    if (time_rec != NULL)
-	*time_rec = 0;
-    if (delegated_cred_handle != NULL)
-	*delegated_cred_handle = GSS_C_NO_CREDENTIAL;
-
-
-    if (*context_handle == GSS_C_NO_CONTEXT) 
-	func = acceptor_start;
-    else
-	func = acceptor_continue;
-    
-
-    return (*func)(minor_status, context_handle, acceptor_cred_handle,
-		   input_token_buffer, input_chan_bindings,
-		   src_name, mech_type, output_token, ret_flags,
-		   time_rec, delegated_cred_handle);
-}
diff --git a/crypto/heimdal/lib/gssapi/spnego/compat.c b/crypto/heimdal/lib/gssapi/spnego/compat.c
deleted file mode 100644
index 287f4f760ed7..000000000000
--- a/crypto/heimdal/lib/gssapi/spnego/compat.c
+++ /dev/null
@@ -1,322 +0,0 @@
-/*
- * Copyright (c) 2004, PADL Software Pty Ltd.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of PADL Software nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "spnego/spnego_locl.h"
-
-RCSID("$Id: compat.c 21866 2007-08-08 11:31:29Z lha $");
-
-/*
- * Apparently Microsoft got the OID wrong, and used
- * 1.2.840.48018.1.2.2 instead. We need both this and
- * the correct Kerberos OID here in order to deal with
- * this. Because this is manifest in SPNEGO only I'd
- * prefer to deal with this here rather than inside the
- * Kerberos mechanism.
- */
-gss_OID_desc _gss_spnego_mskrb_mechanism_oid_desc =
-	{9, (void *)"\x2a\x86\x48\x82\xf7\x12\x01\x02\x02"};
-
-gss_OID_desc _gss_spnego_krb5_mechanism_oid_desc =
-	{9, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"};
-
-/*
- * Allocate a SPNEGO context handle
- */
-OM_uint32 _gss_spnego_alloc_sec_context (OM_uint32 * minor_status,
-					 gss_ctx_id_t *context_handle)
-{
-    gssspnego_ctx ctx;
-
-    ctx = calloc(1, sizeof(*ctx));
-    if (ctx == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-
-    ctx->initiator_mech_types.len = 0;
-    ctx->initiator_mech_types.val = NULL;
-    ctx->preferred_mech_type = GSS_C_NO_OID;
-    ctx->negotiated_mech_type = GSS_C_NO_OID;
-    ctx->negotiated_ctx_id = GSS_C_NO_CONTEXT;
-
-    /*
-     * Cache these so we can return them before returning
-     * GSS_S_COMPLETE, even if the mechanism has itself
-     * completed earlier
-     */
-    ctx->mech_flags = 0;
-    ctx->mech_time_rec = 0;
-    ctx->mech_src_name = GSS_C_NO_NAME;
-    ctx->delegated_cred_id = GSS_C_NO_CREDENTIAL;
-
-    ctx->open = 0;
-    ctx->local = 0;
-    ctx->require_mic = 0;
-    ctx->verified_mic = 0;
-
-    HEIMDAL_MUTEX_init(&ctx->ctx_id_mutex);
-
-    *context_handle = (gss_ctx_id_t)ctx;
-
-    return GSS_S_COMPLETE;
-}
-
-/*
- * Free a SPNEGO context handle. The caller must have acquired
- * the lock before this is called.
- */
-OM_uint32 _gss_spnego_internal_delete_sec_context
-           (OM_uint32 *minor_status,
-            gss_ctx_id_t *context_handle,
-            gss_buffer_t output_token
-           )
-{
-    gssspnego_ctx ctx;
-    OM_uint32 ret, minor;
-
-    *minor_status = 0;
-
-    if (context_handle == NULL) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    if (output_token != GSS_C_NO_BUFFER) {
-	output_token->length = 0;
-	output_token->value = NULL;
-    }
-
-    ctx = (gssspnego_ctx)*context_handle;
-    *context_handle = GSS_C_NO_CONTEXT;
-
-    if (ctx == NULL) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    if (ctx->initiator_mech_types.val != NULL)
-	free_MechTypeList(&ctx->initiator_mech_types);
-
-    _gss_spnego_release_cred(&minor, &ctx->delegated_cred_id);
-
-    gss_release_oid(&minor, &ctx->preferred_mech_type);
-    ctx->negotiated_mech_type = GSS_C_NO_OID;
-
-    gss_release_name(&minor, &ctx->target_name);
-    gss_release_name(&minor, &ctx->mech_src_name);
-
-    if (ctx->negotiated_ctx_id != GSS_C_NO_CONTEXT) {
-	ret = gss_delete_sec_context(minor_status,
-				     &ctx->negotiated_ctx_id,
-				     output_token);
-	ctx->negotiated_ctx_id = GSS_C_NO_CONTEXT;
-    } else {
-	ret = GSS_S_COMPLETE;
-    }
-
-    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-    HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex);
-
-    free(ctx);
-    *context_handle = NULL;
-
-    return ret;
-}
-
-/*
- * For compatability with the Windows SPNEGO implementation, the
- * default is to ignore the mechListMIC unless CFX is used and
- * a non-preferred mechanism was negotiated
- */
-
-OM_uint32
-_gss_spnego_require_mechlist_mic(OM_uint32 *minor_status,
-				 gssspnego_ctx ctx,
-				 int *require_mic)
-{
-    gss_buffer_set_t buffer_set = GSS_C_NO_BUFFER_SET;
-    OM_uint32 minor;
-
-    *minor_status = 0;
-    *require_mic = 0;
-
-    if (ctx == NULL) {
-	return GSS_S_COMPLETE;
-    }
-
-    if (ctx->require_mic) {
-	/* Acceptor requested it: mandatory to honour */
-	*require_mic = 1;
-	return GSS_S_COMPLETE;
-    }
-
-    /*
-     * Check whether peer indicated implicit support for updated SPNEGO
-     * (eg. in the Kerberos case by using CFX)
-     */
-    if (gss_inquire_sec_context_by_oid(&minor, ctx->negotiated_ctx_id,
-				       GSS_C_PEER_HAS_UPDATED_SPNEGO,
-				       &buffer_set) == GSS_S_COMPLETE) {
-	*require_mic = 1;
-	gss_release_buffer_set(&minor, &buffer_set);
-    }
-
-    /* Safe-to-omit MIC rules follow */
-    if (*require_mic) {
-	if (gss_oid_equal(ctx->negotiated_mech_type, ctx->preferred_mech_type)) {
-	    *require_mic = 0;
-	} else if (gss_oid_equal(ctx->negotiated_mech_type, &_gss_spnego_krb5_mechanism_oid_desc) &&
-		   gss_oid_equal(ctx->preferred_mech_type, &_gss_spnego_mskrb_mechanism_oid_desc)) {
-	    *require_mic = 0;
-	}
-    }
-
-    return GSS_S_COMPLETE;
-}
-
-static int
-add_mech_type(gss_OID mech_type,
-	      int includeMSCompatOID,
-	      MechTypeList *mechtypelist)
-{
-    MechType mech;
-    int ret;
-
-    if (gss_oid_equal(mech_type, GSS_SPNEGO_MECHANISM))
-	return 0;
-
-    if (includeMSCompatOID &&
-	gss_oid_equal(mech_type, &_gss_spnego_krb5_mechanism_oid_desc)) {
-	ret = der_get_oid(_gss_spnego_mskrb_mechanism_oid_desc.elements,
-			  _gss_spnego_mskrb_mechanism_oid_desc.length,
-			  &mech,
-			  NULL);
-	if (ret)
-	    return ret;
-	ret = add_MechTypeList(mechtypelist, &mech);
-	free_MechType(&mech);
-	if (ret)
-	    return ret;
-    }
-    ret = der_get_oid(mech_type->elements, mech_type->length, &mech, NULL);
-    if (ret)
-	return ret;
-    ret = add_MechTypeList(mechtypelist, &mech);
-    free_MechType(&mech);
-    return ret;
-}
-
-
-OM_uint32
-_gss_spnego_indicate_mechtypelist (OM_uint32 *minor_status,
-				   gss_name_t target_name,
-				   OM_uint32 (*func)(gss_name_t, gss_OID),
-				   int includeMSCompatOID,
-				   const gssspnego_cred cred_handle,
-				   MechTypeList *mechtypelist,
-				   gss_OID *preferred_mech)
-{
-    gss_OID_set supported_mechs = GSS_C_NO_OID_SET;
-    gss_OID first_mech = GSS_C_NO_OID;
-    OM_uint32 ret;
-    int i;
-
-    mechtypelist->len = 0;
-    mechtypelist->val = NULL;
-
-    if (cred_handle != NULL) {
-	ret = gss_inquire_cred(minor_status,
-			       cred_handle->negotiated_cred_id,
-			       NULL,
-			       NULL,
-			       NULL,
-			       &supported_mechs);
-    } else {
-	ret = gss_indicate_mechs(minor_status, &supported_mechs);
-    }
-
-    if (ret != GSS_S_COMPLETE) {
-	return ret;
-    }
-
-    if (supported_mechs->count == 0) {
-	*minor_status = ENOENT;
-	gss_release_oid_set(minor_status, &supported_mechs);
-	return GSS_S_FAILURE;
-    }
-
-    ret = (*func)(target_name, GSS_KRB5_MECHANISM);
-    if (ret == GSS_S_COMPLETE) {
-	ret = add_mech_type(GSS_KRB5_MECHANISM,
-			    includeMSCompatOID,
-			    mechtypelist);
-	if (!GSS_ERROR(ret))
-	    first_mech = GSS_KRB5_MECHANISM;
-    }
-    ret = GSS_S_COMPLETE;
-
-    for (i = 0; i < supported_mechs->count; i++) {
-	OM_uint32 subret;
-	if (gss_oid_equal(&supported_mechs->elements[i], GSS_SPNEGO_MECHANISM))
-	    continue;
-	if (gss_oid_equal(&supported_mechs->elements[i], GSS_KRB5_MECHANISM))
-	    continue;
-
-	subret = (*func)(target_name, &supported_mechs->elements[i]);
-	if (subret != GSS_S_COMPLETE)
-	    continue;
-
-	ret = add_mech_type(&supported_mechs->elements[i],
-			    includeMSCompatOID,
-			    mechtypelist);
-	if (ret != 0) {
-	    *minor_status = ret;
-	    ret = GSS_S_FAILURE;
-	    break;
-	}
-	if (first_mech == GSS_C_NO_OID)
-	    first_mech = &supported_mechs->elements[i];
-    }
-
-    if (mechtypelist->len == 0) {
-	gss_release_oid_set(minor_status, &supported_mechs);
-	*minor_status = 0;
-	return GSS_S_BAD_MECH;
-    }
-
-    if (preferred_mech != NULL) {
-	ret = gss_duplicate_oid(minor_status, first_mech, preferred_mech);
-	if (ret != GSS_S_COMPLETE)
-	    free_MechTypeList(mechtypelist);
-    }
-    gss_release_oid_set(minor_status, &supported_mechs);
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/spnego/context_stubs.c b/crypto/heimdal/lib/gssapi/spnego/context_stubs.c
deleted file mode 100644
index 3535c7bb3596..000000000000
--- a/crypto/heimdal/lib/gssapi/spnego/context_stubs.c
+++ /dev/null
@@ -1,903 +0,0 @@
-/*
- * Copyright (c) 2004, PADL Software Pty Ltd.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of PADL Software nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "spnego/spnego_locl.h"
-
-RCSID("$Id: context_stubs.c 21035 2007-06-09 15:32:47Z lha $");
-
-static OM_uint32
-spnego_supported_mechs(OM_uint32 *minor_status, gss_OID_set *mechs)
-{
-    OM_uint32 ret, junk;
-    gss_OID_set m;
-    int i;
-
-    ret = gss_indicate_mechs(minor_status, &m);
-    if (ret != GSS_S_COMPLETE)
-	return ret;
-
-    ret = gss_create_empty_oid_set(minor_status, mechs);
-    if (ret != GSS_S_COMPLETE) {
-	gss_release_oid_set(&junk, &m);
-	return ret;
-    }
-
-    for (i = 0; i < m->count; i++) {
-	if (gss_oid_equal(&m->elements[i], GSS_SPNEGO_MECHANISM))
-	    continue;
-
-	ret = gss_add_oid_set_member(minor_status, &m->elements[i], mechs);
-	if (ret) {
-	    gss_release_oid_set(&junk, &m);
-	    gss_release_oid_set(&junk, mechs);
-	    return ret;
-	}
-    }
-    return ret;
-}
-
-
-
-OM_uint32 _gss_spnego_process_context_token
-           (OM_uint32 *minor_status,
-            const gss_ctx_id_t context_handle,
-            const gss_buffer_t token_buffer
-           )
-{
-    gss_ctx_id_t context ;
-    gssspnego_ctx ctx;
-    OM_uint32 ret;
-
-    if (context_handle == GSS_C_NO_CONTEXT)
-	return GSS_S_NO_CONTEXT;
-
-    context = context_handle;
-    ctx = (gssspnego_ctx)context_handle;
-
-    HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-
-    ret = gss_process_context_token(minor_status,
-				    ctx->negotiated_ctx_id,
-				    token_buffer);
-    if (ret != GSS_S_COMPLETE) {
-	HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-	return ret;
-    }
-
-    ctx->negotiated_ctx_id = GSS_C_NO_CONTEXT;
-
-    return _gss_spnego_internal_delete_sec_context(minor_status,
-					   &context,
-					   GSS_C_NO_BUFFER);
-}
-
-OM_uint32 _gss_spnego_delete_sec_context
-           (OM_uint32 *minor_status,
-            gss_ctx_id_t *context_handle,
-            gss_buffer_t output_token
-           )
-{
-    gssspnego_ctx ctx;
-
-    if (context_handle == NULL || *context_handle == GSS_C_NO_CONTEXT)
-	return GSS_S_NO_CONTEXT;
-
-    ctx = (gssspnego_ctx)*context_handle;
-
-    HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-
-    return _gss_spnego_internal_delete_sec_context(minor_status,
-						   context_handle,
-						   output_token);
-}
-
-OM_uint32 _gss_spnego_context_time
-           (OM_uint32 *minor_status,
-            const gss_ctx_id_t context_handle,
-            OM_uint32 *time_rec
-           )
-{
-    gssspnego_ctx ctx;
-    *minor_status = 0;
-
-    if (context_handle == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    ctx = (gssspnego_ctx)context_handle;
-
-    if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    return gss_context_time(minor_status,
-			    ctx->negotiated_ctx_id,
-			    time_rec);
-}
-
-OM_uint32 _gss_spnego_get_mic
-           (OM_uint32 *minor_status,
-            const gss_ctx_id_t context_handle,
-            gss_qop_t qop_req,
-            const gss_buffer_t message_buffer,
-            gss_buffer_t message_token
-           )
-{
-    gssspnego_ctx ctx;
-
-    *minor_status = 0;
-
-    if (context_handle == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    ctx = (gssspnego_ctx)context_handle;
-
-    if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    return gss_get_mic(minor_status, ctx->negotiated_ctx_id,
-		       qop_req, message_buffer, message_token);
-}
-
-OM_uint32 _gss_spnego_verify_mic
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            const gss_buffer_t message_buffer,
-            const gss_buffer_t token_buffer,
-            gss_qop_t * qop_state
-           )
-{
-    gssspnego_ctx ctx;
-
-    *minor_status = 0;
-
-    if (context_handle == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    ctx = (gssspnego_ctx)context_handle;
-
-    if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    return gss_verify_mic(minor_status,
-			  ctx->negotiated_ctx_id,
-			  message_buffer,
-			  token_buffer,
-			  qop_state);
-}
-
-OM_uint32 _gss_spnego_wrap
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            int conf_req_flag,
-            gss_qop_t qop_req,
-            const gss_buffer_t input_message_buffer,
-            int * conf_state,
-            gss_buffer_t output_message_buffer
-           )
-{
-    gssspnego_ctx ctx;
-
-    *minor_status = 0;
-
-    if (context_handle == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    ctx = (gssspnego_ctx)context_handle;
-
-    if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    return gss_wrap(minor_status,
-		    ctx->negotiated_ctx_id,
-		    conf_req_flag,
-		    qop_req,
-		    input_message_buffer,
-		    conf_state,
-		    output_message_buffer);
-}
-
-OM_uint32 _gss_spnego_unwrap
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            const gss_buffer_t input_message_buffer,
-            gss_buffer_t output_message_buffer,
-            int * conf_state,
-            gss_qop_t * qop_state
-           )
-{
-    gssspnego_ctx ctx;
-
-    *minor_status = 0;
-
-    if (context_handle == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    ctx = (gssspnego_ctx)context_handle;
-
-    if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    return gss_unwrap(minor_status,
-		      ctx->negotiated_ctx_id,
-		      input_message_buffer,
-		      output_message_buffer,
-		      conf_state,
-		      qop_state);
-}
-
-OM_uint32 _gss_spnego_display_status
-           (OM_uint32 * minor_status,
-            OM_uint32 status_value,
-            int status_type,
-            const gss_OID mech_type,
-            OM_uint32 * message_context,
-            gss_buffer_t status_string
-           )
-{
-    return GSS_S_FAILURE;
-}
-
-OM_uint32 _gss_spnego_compare_name
-           (OM_uint32 *minor_status,
-            const gss_name_t name1,
-            const gss_name_t name2,
-            int * name_equal
-           )
-{
-    spnego_name n1 = (spnego_name)name1;
-    spnego_name n2 = (spnego_name)name2;
-
-    *name_equal = 0;
-
-    if (!gss_oid_equal(&n1->type, &n2->type))
-	return GSS_S_COMPLETE;
-    if (n1->value.length != n2->value.length)
-	return GSS_S_COMPLETE;
-    if (memcmp(n1->value.value, n2->value.value, n2->value.length) != 0)
-	return GSS_S_COMPLETE;
-
-    *name_equal = 1;
-
-    return GSS_S_COMPLETE;
-}
-
-OM_uint32 _gss_spnego_display_name
-           (OM_uint32 * minor_status,
-            const gss_name_t input_name,
-            gss_buffer_t output_name_buffer,
-            gss_OID * output_name_type
-           )
-{
-    spnego_name name = (spnego_name)input_name;
-
-    *minor_status = 0;
-
-    if (name == NULL || name->mech == GSS_C_NO_NAME)
-	return GSS_S_FAILURE;
-
-    return gss_display_name(minor_status, name->mech,
-			    output_name_buffer, output_name_type);
-}
-
-OM_uint32 _gss_spnego_import_name
-           (OM_uint32 * minor_status,
-            const gss_buffer_t name_buffer,
-            const gss_OID name_type,
-            gss_name_t * output_name
-           )
-{
-    spnego_name name;
-    OM_uint32 maj_stat;
-
-    *minor_status = 0;
-
-    name = calloc(1, sizeof(*name));
-    if (name == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    
-    maj_stat = _gss_copy_oid(minor_status, name_type, &name->type);
-    if (maj_stat) {
-	free(name);
-	return GSS_S_FAILURE;
-    }
-    
-    maj_stat = _gss_copy_buffer(minor_status, name_buffer, &name->value);
-    if (maj_stat) {
-	gss_name_t rname = (gss_name_t)name;
-	_gss_spnego_release_name(minor_status, &rname);
-	return GSS_S_FAILURE;
-    }
-    name->mech = GSS_C_NO_NAME;
-    *output_name = (gss_name_t)name;
-
-    return GSS_S_COMPLETE;
-}
-
-OM_uint32 _gss_spnego_export_name
-           (OM_uint32  * minor_status,
-            const gss_name_t input_name,
-            gss_buffer_t exported_name
-           )
-{
-    spnego_name name;
-    *minor_status = 0;
-
-    if (input_name == GSS_C_NO_NAME)
-	return GSS_S_BAD_NAME;
-
-    name = (spnego_name)input_name;
-    if (name->mech == GSS_C_NO_NAME)
-	return GSS_S_BAD_NAME;
-
-    return gss_export_name(minor_status, name->mech, exported_name);
-}
-
-OM_uint32 _gss_spnego_release_name
-           (OM_uint32 * minor_status,
-            gss_name_t * input_name
-           )
-{
-    *minor_status = 0;
-
-    if (*input_name != GSS_C_NO_NAME) {
-	OM_uint32 junk;
-	spnego_name name = (spnego_name)*input_name;
-	_gss_free_oid(&junk, &name->type);
-	gss_release_buffer(&junk, &name->value);
-	if (name->mech != GSS_C_NO_NAME)
-	    gss_release_name(&junk, &name->mech);
-	free(name);
-
-	*input_name = GSS_C_NO_NAME;
-    }
-    return GSS_S_COMPLETE;
-}
-
-OM_uint32 _gss_spnego_inquire_context (
-            OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            gss_name_t * src_name,
-            gss_name_t * targ_name,
-            OM_uint32 * lifetime_rec,
-            gss_OID * mech_type,
-            OM_uint32 * ctx_flags,
-            int * locally_initiated,
-            int * open_context
-           )
-{
-    gssspnego_ctx ctx;
-
-    *minor_status = 0;
-
-    if (context_handle == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    ctx = (gssspnego_ctx)context_handle;
-
-    if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    return gss_inquire_context(minor_status,
-			       ctx->negotiated_ctx_id,
-			       src_name,
-			       targ_name,
-			       lifetime_rec,
-			       mech_type,
-			       ctx_flags,
-			       locally_initiated,
-			       open_context);
-}
-
-OM_uint32 _gss_spnego_wrap_size_limit (
-            OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            int conf_req_flag,
-            gss_qop_t qop_req,
-            OM_uint32 req_output_size,
-            OM_uint32 * max_input_size
-           )
-{
-    gssspnego_ctx ctx;
-
-    *minor_status = 0;
-
-    if (context_handle == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    ctx = (gssspnego_ctx)context_handle;
-
-    if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    return gss_wrap_size_limit(minor_status,
-			       ctx->negotiated_ctx_id,
-			       conf_req_flag,
-			       qop_req,
-			       req_output_size,
-			       max_input_size);
-}
-
-OM_uint32 _gss_spnego_export_sec_context (
-            OM_uint32 * minor_status,
-            gss_ctx_id_t * context_handle,
-            gss_buffer_t interprocess_token
-           )
-{
-    gssspnego_ctx ctx;
-    OM_uint32 ret;
-
-    *minor_status = 0;
-
-    if (context_handle == NULL) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    ctx = (gssspnego_ctx)*context_handle;
-
-    if (ctx == NULL)
-	return GSS_S_NO_CONTEXT;
-
-    HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-
-    if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
-	HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-	return GSS_S_NO_CONTEXT;
-    }
-
-    ret = gss_export_sec_context(minor_status,
-				 &ctx->negotiated_ctx_id,
-				 interprocess_token);
-    if (ret == GSS_S_COMPLETE) {
-	ret = _gss_spnego_internal_delete_sec_context(minor_status,
-					     context_handle,
-					     GSS_C_NO_BUFFER);
-	if (ret == GSS_S_COMPLETE)
-	    return GSS_S_COMPLETE;
-    }
-
-    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-
-    return ret;
-}
-
-OM_uint32 _gss_spnego_import_sec_context (
-            OM_uint32 * minor_status,
-            const gss_buffer_t interprocess_token,
-            gss_ctx_id_t *context_handle
-           )
-{
-    OM_uint32 ret, minor;
-    gss_ctx_id_t context;
-    gssspnego_ctx ctx;
-
-    ret = _gss_spnego_alloc_sec_context(minor_status, &context);
-    if (ret != GSS_S_COMPLETE) {
-	return ret;
-    }
-    ctx = (gssspnego_ctx)context;
-
-    HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-
-    ret = gss_import_sec_context(minor_status,
-				 interprocess_token,
-				 &ctx->negotiated_ctx_id);
-    if (ret != GSS_S_COMPLETE) {
-	_gss_spnego_internal_delete_sec_context(&minor, context_handle, GSS_C_NO_BUFFER);
-	return ret;
-    }
-
-    ctx->open = 1;
-    /* don't bother filling in the rest of the fields */
-
-    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-
-    *context_handle = (gss_ctx_id_t)ctx;
-
-    return GSS_S_COMPLETE;
-}
-
-OM_uint32 _gss_spnego_inquire_names_for_mech (
-            OM_uint32 * minor_status,
-            const gss_OID mechanism,
-            gss_OID_set * name_types
-           )
-{
-    gss_OID_set mechs, names, n;
-    OM_uint32 ret, junk;
-    int i, j;
-
-    *name_types = NULL;
-
-    ret = spnego_supported_mechs(minor_status, &mechs);
-    if (ret != GSS_S_COMPLETE)
-	return ret;
-
-    ret = gss_create_empty_oid_set(minor_status, &names);
-    if (ret != GSS_S_COMPLETE)
-	goto out;
-
-    for (i = 0; i < mechs->count; i++) {
-	ret = gss_inquire_names_for_mech(minor_status,
-					 &mechs->elements[i],
-					 &n);
-	if (ret)
-	    continue;
-
-	for (j = 0; j < n->count; j++)
-	    gss_add_oid_set_member(minor_status,
-				   &n->elements[j],
-				   &names);
-	gss_release_oid_set(&junk, &n);
-    }
-
-    ret = GSS_S_COMPLETE;
-    *name_types = names;
-out:
-
-    gss_release_oid_set(&junk, &mechs);
-
-    return GSS_S_COMPLETE;
-}
-
-OM_uint32 _gss_spnego_inquire_mechs_for_name (
-            OM_uint32 * minor_status,
-            const gss_name_t input_name,
-            gss_OID_set * mech_types
-           )
-{
-    OM_uint32 ret, junk;
-
-    ret = gss_create_empty_oid_set(minor_status, mech_types);
-    if (ret)
-	return ret;
-
-    ret = gss_add_oid_set_member(minor_status,
-				 GSS_SPNEGO_MECHANISM,
-				 mech_types);
-    if (ret)
-	gss_release_oid_set(&junk, mech_types);
-
-    return ret;
-}
-
-OM_uint32 _gss_spnego_canonicalize_name (
-            OM_uint32 * minor_status,
-            const gss_name_t input_name,
-            const gss_OID mech_type,
-            gss_name_t * output_name
-           )
-{
-    /* XXX */
-    return gss_duplicate_name(minor_status, input_name, output_name);
-}
-
-OM_uint32 _gss_spnego_duplicate_name (
-            OM_uint32 * minor_status,
-            const gss_name_t src_name,
-            gss_name_t * dest_name
-           )
-{
-    return gss_duplicate_name(minor_status, src_name, dest_name);
-}
-
-OM_uint32 _gss_spnego_sign
-           (OM_uint32 * minor_status,
-            gss_ctx_id_t context_handle,
-            int qop_req,
-            gss_buffer_t message_buffer,
-            gss_buffer_t message_token
-           )
-{
-    gssspnego_ctx ctx;
-
-    *minor_status = 0;
-
-    if (context_handle == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    ctx = (gssspnego_ctx)context_handle;
-
-    if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    return gss_sign(minor_status,
-		    ctx->negotiated_ctx_id,
-		    qop_req,
-		    message_buffer,
-		    message_token);
-}
-
-OM_uint32 _gss_spnego_verify
-           (OM_uint32 * minor_status,
-            gss_ctx_id_t context_handle,
-            gss_buffer_t message_buffer,
-            gss_buffer_t token_buffer,
-            int * qop_state
-           )
-{
-    gssspnego_ctx ctx;
-
-    *minor_status = 0;
-
-    if (context_handle == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    ctx = (gssspnego_ctx)context_handle;
-
-    if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    return gss_verify(minor_status,
-		      ctx->negotiated_ctx_id,
-		      message_buffer,
-		      token_buffer,
-		      qop_state);
-}
-
-OM_uint32 _gss_spnego_seal
-           (OM_uint32 * minor_status,
-            gss_ctx_id_t context_handle,
-            int conf_req_flag,
-            int qop_req,
-            gss_buffer_t input_message_buffer,
-            int * conf_state,
-            gss_buffer_t output_message_buffer
-           )
-{
-    gssspnego_ctx ctx;
-
-    *minor_status = 0;
-
-    if (context_handle == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    ctx = (gssspnego_ctx)context_handle;
-
-    if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    return gss_seal(minor_status,
-		    ctx->negotiated_ctx_id,
-		    conf_req_flag,
-		    qop_req,
-		    input_message_buffer,
-		    conf_state,
-		    output_message_buffer);
-}
-
-OM_uint32 _gss_spnego_unseal
-           (OM_uint32 * minor_status,
-            gss_ctx_id_t context_handle,
-            gss_buffer_t input_message_buffer,
-            gss_buffer_t output_message_buffer,
-            int * conf_state,
-            int * qop_state
-           )
-{
-    gssspnego_ctx ctx;
-
-    *minor_status = 0;
-
-    if (context_handle == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    ctx = (gssspnego_ctx)context_handle;
-
-    if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    return gss_unseal(minor_status,
-		      ctx->negotiated_ctx_id,
-		      input_message_buffer,
-		      output_message_buffer,
-		      conf_state,
-		      qop_state);
-}
-
-#if 0
-OM_uint32 _gss_spnego_unwrap_ex
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-	    const gss_buffer_t token_header_buffer,
-	    const gss_buffer_t associated_data_buffer,
-	    const gss_buffer_t input_message_buffer,
-	    gss_buffer_t output_message_buffer,
-	    int * conf_state,
-	    gss_qop_t * qop_state)
-{
-    gssspnego_ctx ctx;
-
-    *minor_status = 0;
-
-    if (context_handle == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    ctx = (gssspnego_ctx)context_handle;
-
-    if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    return gss_unwrap_ex(minor_status,
-			 ctx->negotiated_ctx_id,
-			 token_header_buffer,
-			 associated_data_buffer,
-			 input_message_buffer,
-			 output_message_buffer,
-			 conf_state,
-			 qop_state);
-}
-
-OM_uint32 _gss_spnego_wrap_ex
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            int conf_req_flag,
-            gss_qop_t qop_req,
-            const gss_buffer_t associated_data_buffer,
-            const gss_buffer_t input_message_buffer,
-            int * conf_state,
-            gss_buffer_t output_token_buffer,
-            gss_buffer_t output_message_buffer
-	   )
-{
-    gssspnego_ctx ctx;
-
-    *minor_status = 0;
-
-    if (context_handle == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    ctx = (gssspnego_ctx)context_handle;
-
-    if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    if ((ctx->mech_flags & GSS_C_DCE_STYLE) == 0 &&
-	associated_data_buffer->length != input_message_buffer->length) {
-	*minor_status = EINVAL;
-	return GSS_S_BAD_QOP;
-    }
-
-    return gss_wrap_ex(minor_status,
-		       ctx->negotiated_ctx_id,
-		       conf_req_flag,
-		       qop_req,
-		       associated_data_buffer,
-		       input_message_buffer,
-		       conf_state,
-		       output_token_buffer,
-		       output_message_buffer);
-}
-
-OM_uint32 _gss_spnego_complete_auth_token
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-	    gss_buffer_t input_message_buffer)
-{
-    gssspnego_ctx ctx;
-
-    *minor_status = 0;
-
-    if (context_handle == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    ctx = (gssspnego_ctx)context_handle;
-
-    if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    return gss_complete_auth_token(minor_status,
-				   ctx->negotiated_ctx_id,
-				   input_message_buffer);
-}
-#endif
-
-OM_uint32 _gss_spnego_inquire_sec_context_by_oid
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            const gss_OID desired_object,
-            gss_buffer_set_t *data_set)
-{
-    gssspnego_ctx ctx;
-
-    *minor_status = 0;
-
-    if (context_handle == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    ctx = (gssspnego_ctx)context_handle;
-
-    if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    return gss_inquire_sec_context_by_oid(minor_status,
-					  ctx->negotiated_ctx_id,
-					  desired_object,
-					  data_set);
-}
-
-OM_uint32 _gss_spnego_set_sec_context_option
-           (OM_uint32 * minor_status,
-            gss_ctx_id_t * context_handle,
-            const gss_OID desired_object,
-            const gss_buffer_t value)
-{
-    gssspnego_ctx ctx;
-
-    *minor_status = 0;
-
-    if (context_handle == NULL || *context_handle == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    ctx = (gssspnego_ctx)context_handle;
-
-    if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
-	return GSS_S_NO_CONTEXT;
-    }
-
-    return gss_set_sec_context_option(minor_status,
-				      &ctx->negotiated_ctx_id,
-				      desired_object,
-				      value);
-}
-
diff --git a/crypto/heimdal/lib/gssapi/spnego/cred_stubs.c b/crypto/heimdal/lib/gssapi/spnego/cred_stubs.c
deleted file mode 100644
index 2362e9901963..000000000000
--- a/crypto/heimdal/lib/gssapi/spnego/cred_stubs.c
+++ /dev/null
@@ -1,336 +0,0 @@
-/*
- * Copyright (c) 2004, PADL Software Pty Ltd.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of PADL Software nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "spnego/spnego_locl.h"
-
-RCSID("$Id: cred_stubs.c 20619 2007-05-08 13:43:45Z lha $");
-
-OM_uint32
-_gss_spnego_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle)
-{
-    gssspnego_cred cred;
-    OM_uint32 ret;
-    
-    *minor_status = 0;
-
-    if (*cred_handle == GSS_C_NO_CREDENTIAL) {
-	return GSS_S_COMPLETE;
-    }
-    cred = (gssspnego_cred)*cred_handle;
-
-    ret = gss_release_cred(minor_status, &cred->negotiated_cred_id);
-
-    free(cred);
-    *cred_handle = GSS_C_NO_CREDENTIAL;
-
-    return ret;
-}
-
-OM_uint32
-_gss_spnego_alloc_cred(OM_uint32 *minor_status,
-		       gss_cred_id_t mech_cred_handle,
-		       gss_cred_id_t *cred_handle)
-{
-    gssspnego_cred cred;
-
-    if (*cred_handle != GSS_C_NO_CREDENTIAL) {
-	*minor_status = EINVAL;
-	return GSS_S_FAILURE;
-    }
-
-    cred = calloc(1, sizeof(*cred));
-    if (cred == NULL) {
-	*cred_handle = GSS_C_NO_CREDENTIAL;
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-
-    cred->negotiated_cred_id = mech_cred_handle;
-
-    *cred_handle = (gss_cred_id_t)cred;
-
-    return GSS_S_COMPLETE; 
-}
-
-/*
- * For now, just a simple wrapper that avoids recursion. When
- * we support gss_{get,set}_neg_mechs() we will need to expose
- * more functionality.
- */
-OM_uint32 _gss_spnego_acquire_cred
-(OM_uint32 *minor_status,
- const gss_name_t desired_name,
- OM_uint32 time_req,
- const gss_OID_set desired_mechs,
- gss_cred_usage_t cred_usage,
- gss_cred_id_t * output_cred_handle,
- gss_OID_set * actual_mechs,
- OM_uint32 * time_rec
-    )
-{
-    const spnego_name dname = (const spnego_name)desired_name;
-    gss_name_t name = GSS_C_NO_NAME;
-    OM_uint32 ret, tmp;
-    gss_OID_set_desc actual_desired_mechs;
-    gss_OID_set mechs;
-    int i, j;
-    gss_cred_id_t cred_handle = GSS_C_NO_CREDENTIAL;
-    gssspnego_cred cred;
-
-    *output_cred_handle = GSS_C_NO_CREDENTIAL;
-
-    if (dname) {
-	ret = gss_import_name(minor_status, &dname->value, &dname->type, &name);
-	if (ret) {
-	    return ret;
-	}
-    }
-    
-    ret = gss_indicate_mechs(minor_status, &mechs);
-    if (ret != GSS_S_COMPLETE) {
-	gss_release_name(minor_status, &name);
-	return ret;
-    }
-
-    /* Remove ourselves from this list */
-    actual_desired_mechs.count = mechs->count;
-    actual_desired_mechs.elements = malloc(actual_desired_mechs.count *
-					   sizeof(gss_OID_desc));
-    if (actual_desired_mechs.elements == NULL) {
-	*minor_status = ENOMEM;
-	ret = GSS_S_FAILURE;
-	goto out;
-    }
-
-    for (i = 0, j = 0; i < mechs->count; i++) {
-	if (gss_oid_equal(&mechs->elements[i], GSS_SPNEGO_MECHANISM))
-	    continue;
-
-	actual_desired_mechs.elements[j] = mechs->elements[i];
-	j++;
-    }
-    actual_desired_mechs.count = j;
-
-    ret = _gss_spnego_alloc_cred(minor_status, GSS_C_NO_CREDENTIAL,
-				 &cred_handle);
-    if (ret != GSS_S_COMPLETE)
-	goto out;
-
-    cred = (gssspnego_cred)cred_handle;
-    ret = gss_acquire_cred(minor_status, name,
-			   time_req, &actual_desired_mechs,
-			   cred_usage,
-			   &cred->negotiated_cred_id,
-			   actual_mechs, time_rec);
-    if (ret != GSS_S_COMPLETE)
-	goto out;
-
-    *output_cred_handle = cred_handle;
-
-out:
-    gss_release_name(minor_status, &name);
-    gss_release_oid_set(&tmp, &mechs);
-    if (actual_desired_mechs.elements != NULL) {
-	free(actual_desired_mechs.elements);
-    }
-    if (ret != GSS_S_COMPLETE) {
-	_gss_spnego_release_cred(&tmp, &cred_handle);
-    }
-
-    return ret;
-}
-
-OM_uint32 _gss_spnego_inquire_cred
-           (OM_uint32 * minor_status,
-            const gss_cred_id_t cred_handle,
-            gss_name_t * name,
-            OM_uint32 * lifetime,
-            gss_cred_usage_t * cred_usage,
-            gss_OID_set * mechanisms
-           )
-{
-    gssspnego_cred cred;
-    spnego_name sname = NULL;
-    OM_uint32 ret;
-
-    if (cred_handle == GSS_C_NO_CREDENTIAL) {
-	*minor_status = 0;
-	return GSS_S_NO_CRED;
-    }
-
-    if (name) {
-	sname = calloc(1, sizeof(*sname));
-	if (sname == NULL) {
-	    *minor_status = ENOMEM;
-	    return GSS_S_FAILURE;
-	}
-    }
-
-    cred = (gssspnego_cred)cred_handle;
-
-    ret = gss_inquire_cred(minor_status,
-			   cred->negotiated_cred_id,
-			   sname ? &sname->mech : NULL,
-			   lifetime,
-			   cred_usage,
-			   mechanisms);
-    if (ret) {
-	if (sname)
-	    free(sname);
-	return ret;
-    }
-    if (name)
-	*name = (gss_name_t)sname;
-
-    return ret;
-}
-
-OM_uint32 _gss_spnego_add_cred (
-            OM_uint32 * minor_status,
-            const gss_cred_id_t input_cred_handle,
-            const gss_name_t desired_name,
-            const gss_OID desired_mech,
-            gss_cred_usage_t cred_usage,
-            OM_uint32 initiator_time_req,
-            OM_uint32 acceptor_time_req,
-            gss_cred_id_t * output_cred_handle,
-            gss_OID_set * actual_mechs,
-            OM_uint32 * initiator_time_rec,
-            OM_uint32 * acceptor_time_rec
-           )
-{
-    gss_cred_id_t spnego_output_cred_handle = GSS_C_NO_CREDENTIAL;
-    OM_uint32 ret, tmp;
-    gssspnego_cred input_cred, output_cred;
-
-    *output_cred_handle = GSS_C_NO_CREDENTIAL;
-
-    ret = _gss_spnego_alloc_cred(minor_status, GSS_C_NO_CREDENTIAL,
-				 &spnego_output_cred_handle);
-    if (ret)
-	return ret;
-
-    input_cred = (gssspnego_cred)input_cred_handle;
-    output_cred = (gssspnego_cred)spnego_output_cred_handle;
-
-    ret = gss_add_cred(minor_status,
-		       input_cred->negotiated_cred_id,
-		       desired_name,
-		       desired_mech,
-		       cred_usage,
-		       initiator_time_req,
-		       acceptor_time_req,
-		       &output_cred->negotiated_cred_id,
-		       actual_mechs,
-		       initiator_time_rec,
-		       acceptor_time_rec);
-    if (ret) {
-	_gss_spnego_release_cred(&tmp, &spnego_output_cred_handle);
-	return ret;
-    }
-
-    *output_cred_handle = spnego_output_cred_handle;
-
-    return GSS_S_COMPLETE;
-}
-
-OM_uint32 _gss_spnego_inquire_cred_by_mech (
-            OM_uint32 * minor_status,
-            const gss_cred_id_t cred_handle,
-            const gss_OID mech_type,
-            gss_name_t * name,
-            OM_uint32 * initiator_lifetime,
-            OM_uint32 * acceptor_lifetime,
-            gss_cred_usage_t * cred_usage
-           )
-{
-    gssspnego_cred cred;
-    spnego_name sname = NULL;
-    OM_uint32 ret;
-
-    if (cred_handle == GSS_C_NO_CREDENTIAL) {
-	*minor_status = 0;
-	return GSS_S_NO_CRED;
-    }
-
-    if (name) {
-	sname = calloc(1, sizeof(*sname));
-	if (sname == NULL) {
-	    *minor_status = ENOMEM;
-	    return GSS_S_FAILURE;
-	}
-    }
-
-    cred = (gssspnego_cred)cred_handle;
-
-    ret = gss_inquire_cred_by_mech(minor_status,
-				   cred->negotiated_cred_id,
-				   mech_type,
-				   sname ? &sname->mech : NULL,
-				   initiator_lifetime,
-				   acceptor_lifetime,
-				   cred_usage);
-
-    if (ret) {
-	if (sname)
-	    free(sname);
-	return ret;
-    }
-    if (name)
-	*name = (gss_name_t)sname;
-
-    return GSS_S_COMPLETE;
-}
-
-OM_uint32 _gss_spnego_inquire_cred_by_oid
-           (OM_uint32 * minor_status,
-            const gss_cred_id_t cred_handle,
-            const gss_OID desired_object,
-            gss_buffer_set_t *data_set)
-{
-    gssspnego_cred cred;
-    OM_uint32 ret;
-
-    if (cred_handle == GSS_C_NO_CREDENTIAL) {
-	*minor_status = 0;
-	return GSS_S_NO_CRED;
-    }
-    cred = (gssspnego_cred)cred_handle;
-
-    ret = gss_inquire_cred_by_oid(minor_status,
-				  cred->negotiated_cred_id,
-				  desired_object,
-				  data_set);
-
-    return ret;
-}
-
diff --git a/crypto/heimdal/lib/gssapi/spnego/external.c b/crypto/heimdal/lib/gssapi/spnego/external.c
deleted file mode 100644
index fbc231f3aebb..000000000000
--- a/crypto/heimdal/lib/gssapi/spnego/external.c
+++ /dev/null
@@ -1,89 +0,0 @@
-/*
- * Copyright (c) 2004, PADL Software Pty Ltd.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of PADL Software nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "spnego/spnego_locl.h"
-#include <gssapi_mech.h>
-
-RCSID("$Id: external.c 18336 2006-10-07 22:27:13Z lha $");
-
-/*
- * RFC2478, SPNEGO:
- *  The security mechanism of the initial
- *  negotiation token is identified by the Object Identifier
- *  iso.org.dod.internet.security.mechanism.snego (1.3.6.1.5.5.2).
- */
-
-static gssapi_mech_interface_desc spnego_mech = {
-    GMI_VERSION,
-    "spnego",
-    {6, (void *)"\x2b\x06\x01\x05\x05\x02"},
-    _gss_spnego_acquire_cred,
-    _gss_spnego_release_cred,
-    _gss_spnego_init_sec_context,
-    _gss_spnego_accept_sec_context,
-    _gss_spnego_process_context_token,
-    _gss_spnego_internal_delete_sec_context,
-    _gss_spnego_context_time,
-    _gss_spnego_get_mic,
-    _gss_spnego_verify_mic,
-    _gss_spnego_wrap,
-    _gss_spnego_unwrap,
-    _gss_spnego_display_status,
-    NULL,
-    _gss_spnego_compare_name,
-    _gss_spnego_display_name,
-    _gss_spnego_import_name,
-    _gss_spnego_export_name,
-    _gss_spnego_release_name,
-    _gss_spnego_inquire_cred,
-    _gss_spnego_inquire_context,
-    _gss_spnego_wrap_size_limit,
-    _gss_spnego_add_cred,
-    _gss_spnego_inquire_cred_by_mech,
-    _gss_spnego_export_sec_context,
-    _gss_spnego_import_sec_context,
-    _gss_spnego_inquire_names_for_mech,
-    _gss_spnego_inquire_mechs_for_name,
-    _gss_spnego_canonicalize_name,
-    _gss_spnego_duplicate_name
-};
-
-gssapi_mech_interface
-__gss_spnego_initialize(void)
-{
-	return &spnego_mech;
-}
-
-static gss_OID_desc _gss_spnego_mechanism_desc = 
-    {6, (void *)"\x2b\x06\x01\x05\x05\x02"};
-
-gss_OID GSS_SPNEGO_MECHANISM = &_gss_spnego_mechanism_desc;
diff --git a/crypto/heimdal/lib/gssapi/spnego/init_sec_context.c b/crypto/heimdal/lib/gssapi/spnego/init_sec_context.c
deleted file mode 100644
index 7c74981e664e..000000000000
--- a/crypto/heimdal/lib/gssapi/spnego/init_sec_context.c
+++ /dev/null
@@ -1,663 +0,0 @@
-/*
- * Copyright (c) 1997 - 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * Portions Copyright (c) 2004 PADL Software Pty Ltd.
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "spnego/spnego_locl.h"
-
-RCSID("$Id: init_sec_context.c 19411 2006-12-18 15:42:03Z lha $");
-
-/*
- * Is target_name an sane target for `mech�.
- */
-
-static OM_uint32
-initiator_approved(gss_name_t target_name, gss_OID mech)
-{
-    OM_uint32 min_stat, maj_stat;
-    gss_ctx_id_t ctx = GSS_C_NO_CONTEXT;
-    gss_buffer_desc out;
-    
-    maj_stat = gss_init_sec_context(&min_stat,
-				    GSS_C_NO_CREDENTIAL,
-				    &ctx,
-				    target_name,
-				    mech,
-				    0,
-				    GSS_C_INDEFINITE,
-				    GSS_C_NO_CHANNEL_BINDINGS,
-				    GSS_C_NO_BUFFER,
-				    NULL,
-				    &out,
-				    NULL,
-				    NULL);
-    if (GSS_ERROR(maj_stat))
-	return GSS_S_BAD_MECH;
-    gss_release_buffer(&min_stat, &out);
-    gss_delete_sec_context(&min_stat, &ctx, NULL);
-
-    return GSS_S_COMPLETE;
-}
-
-/*
- * Send a reply. Note that we only need to send a reply if we
- * need to send a MIC or a mechanism token. Otherwise, we can
- * return an empty buffer.
- *
- * The return value of this will be returned to the API, so it
- * must return GSS_S_CONTINUE_NEEDED if a token was generated.
- */
-static OM_uint32
-spnego_reply_internal(OM_uint32 *minor_status,
-		      gssspnego_ctx context_handle,
-		      const gss_buffer_t mech_buf,
-		      gss_buffer_t mech_token,
-		      gss_buffer_t output_token)
-{
-    NegotiationToken nt;
-    gss_buffer_desc mic_buf;
-    OM_uint32 ret;
-    size_t size;
-
-    if (mech_buf == GSS_C_NO_BUFFER && mech_token->length == 0) {
-	output_token->length = 0;
-	output_token->value = NULL;
-
-	return context_handle->open ? GSS_S_COMPLETE : GSS_S_FAILURE;
-    }
-
-    memset(&nt, 0, sizeof(nt));
-
-    nt.element = choice_NegotiationToken_negTokenResp;
-
-    ALLOC(nt.u.negTokenResp.negResult, 1);
-    if (nt.u.negTokenResp.negResult == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-
-    nt.u.negTokenResp.supportedMech = NULL;
-
-    output_token->length = 0;
-    output_token->value = NULL;
-
-    if (mech_token->length == 0) {
-	nt.u.negTokenResp.responseToken = NULL;
-	*(nt.u.negTokenResp.negResult)  = accept_completed;
-    } else {
-	ALLOC(nt.u.negTokenResp.responseToken, 1);
-	if (nt.u.negTokenResp.responseToken == NULL) {
-	    free_NegotiationToken(&nt);
-	    *minor_status = ENOMEM;
-	    return GSS_S_FAILURE;
-	}
-	nt.u.negTokenResp.responseToken->length = mech_token->length;
-	nt.u.negTokenResp.responseToken->data   = mech_token->value;
-	mech_token->length = 0;
-	mech_token->value  = NULL;
-
-	*(nt.u.negTokenResp.negResult)  = accept_incomplete;
-    }
-
-    if (mech_buf != GSS_C_NO_BUFFER) {
-
-	ret = gss_get_mic(minor_status,
-			  context_handle->negotiated_ctx_id,
-			  0,
-			  mech_buf,
-			  &mic_buf);
-	if (ret == GSS_S_COMPLETE) {
-	    ALLOC(nt.u.negTokenResp.mechListMIC, 1);
-	    if (nt.u.negTokenResp.mechListMIC == NULL) {
-		gss_release_buffer(minor_status, &mic_buf);
-		free_NegotiationToken(&nt);
-		*minor_status = ENOMEM;
-		return GSS_S_FAILURE;
-	    }
-
-	    nt.u.negTokenResp.mechListMIC->length = mic_buf.length;
-	    nt.u.negTokenResp.mechListMIC->data   = mic_buf.value;
-	} else if (ret == GSS_S_UNAVAILABLE) {
-	    nt.u.negTokenResp.mechListMIC = NULL;
-	} if (ret) {
-	    free_NegotiationToken(&nt);
-	    *minor_status = ENOMEM;
-	    return GSS_S_FAILURE;
-	}
-    } else {
-	nt.u.negTokenResp.mechListMIC = NULL;
-    }
-
-    ASN1_MALLOC_ENCODE(NegotiationToken,
-		       output_token->value, output_token->length,
-		       &nt, &size, ret);
-    if (ret) {
-	free_NegotiationToken(&nt);
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    if (*(nt.u.negTokenResp.negResult) == accept_completed)
-	ret = GSS_S_COMPLETE;
-    else
-	ret = GSS_S_CONTINUE_NEEDED;
-
-    free_NegotiationToken(&nt);
-    return ret;
-}
-
-static OM_uint32
-spnego_initial
-           (OM_uint32 * minor_status,
-	    gssspnego_cred cred,
-            gss_ctx_id_t * context_handle,
-            const gss_name_t target_name,
-            const gss_OID mech_type,
-            OM_uint32 req_flags,
-            OM_uint32 time_req,
-            const gss_channel_bindings_t input_chan_bindings,
-            const gss_buffer_t input_token,
-            gss_OID * actual_mech_type,
-            gss_buffer_t output_token,
-            OM_uint32 * ret_flags,
-            OM_uint32 * time_rec
-    )
-{
-    NegTokenInit ni;
-    int ret;
-    OM_uint32 sub, minor;
-    gss_buffer_desc mech_token;
-    u_char *buf;
-    size_t buf_size, buf_len;
-    gss_buffer_desc data;
-    size_t ni_len;
-    gss_ctx_id_t context;
-    gssspnego_ctx ctx;
-    spnego_name name = (spnego_name)target_name;
-
-    *minor_status = 0;
-
-    memset (&ni, 0, sizeof(ni));
-
-    *context_handle = GSS_C_NO_CONTEXT;
-
-    if (target_name == GSS_C_NO_NAME)
-	return GSS_S_BAD_NAME;
-
-    sub = _gss_spnego_alloc_sec_context(&minor, &context);
-    if (GSS_ERROR(sub)) {
-	*minor_status = minor;
-	return sub;
-    }
-    ctx = (gssspnego_ctx)context;
-
-    HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-
-    ctx->local = 1;
-
-    sub = gss_import_name(&minor, &name->value, &name->type, &ctx->target_name);
-    if (GSS_ERROR(sub)) {
-	*minor_status = minor;
-	_gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
-	return sub;
-    }
-
-    sub = _gss_spnego_indicate_mechtypelist(&minor, 
-					    ctx->target_name,
-					    initiator_approved,
-					    0,
-					    cred,
-					    &ni.mechTypes,
-					    &ctx->preferred_mech_type);
-    if (GSS_ERROR(sub)) {
-	*minor_status = minor;
-	_gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
-	return sub;
-    }
-
-    ni.reqFlags = NULL;
-
-    /*
-     * If we have a credential handle, use it to select the mechanism
-     * that we will use
-     */
-
-    /* generate optimistic token */
-    sub = gss_init_sec_context(&minor,
-			       (cred != NULL) ? cred->negotiated_cred_id :
-			          GSS_C_NO_CREDENTIAL,
-			       &ctx->negotiated_ctx_id,
-			       ctx->target_name,
-			       ctx->preferred_mech_type,
-			       req_flags,
-			       time_req,
-			       input_chan_bindings,
-			       input_token,
-			       &ctx->negotiated_mech_type,
-			       &mech_token,
-			       &ctx->mech_flags,
-			       &ctx->mech_time_rec);
-    if (GSS_ERROR(sub)) {
-	free_NegTokenInit(&ni);
-	*minor_status = minor;
-	_gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
-	return sub;
-    }
-    if (sub == GSS_S_COMPLETE)
-	ctx->maybe_open = 1;
-
-    if (mech_token.length != 0) {
-	ALLOC(ni.mechToken, 1);
-	if (ni.mechToken == NULL) {
-	    free_NegTokenInit(&ni);
-	    gss_release_buffer(&minor, &mech_token);
-	    _gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
-	    *minor_status = ENOMEM;
-	    return GSS_S_FAILURE;
-	}
-	ni.mechToken->length = mech_token.length;
-	ni.mechToken->data = malloc(mech_token.length);
-	if (ni.mechToken->data == NULL && mech_token.length != 0) {
-	    free_NegTokenInit(&ni);
-	    gss_release_buffer(&minor, &mech_token);
-	    *minor_status = ENOMEM;
-	    _gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
-	    return GSS_S_FAILURE;
-	}
-	memcpy(ni.mechToken->data, mech_token.value, mech_token.length);
-	gss_release_buffer(&minor, &mech_token);
-    } else
-	ni.mechToken = NULL;
-
-    ni.mechListMIC = NULL;
-
-    ni_len = length_NegTokenInit(&ni);
-    buf_size = 1 + der_length_len(ni_len) + ni_len;
-
-    buf = malloc(buf_size);
-    if (buf == NULL) {
-	free_NegTokenInit(&ni);
-	*minor_status = ENOMEM;
-	_gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
-	return GSS_S_FAILURE;
-    }
-
-    ret = encode_NegTokenInit(buf + buf_size - 1,
-			      ni_len,
-			      &ni, &buf_len);
-    if (ret == 0 && ni_len != buf_len)
-	abort();
-
-    if (ret == 0) {
-	size_t tmp;
-
-	ret = der_put_length_and_tag(buf + buf_size - buf_len - 1,
-				     buf_size - buf_len,
-				     buf_len,
-				     ASN1_C_CONTEXT,
-				     CONS,
-				     0,
-				     &tmp);
-	if (ret == 0 && tmp + buf_len != buf_size)
-	    abort();
-    }
-    if (ret) {
-	*minor_status = ret;
-	free(buf);
-	free_NegTokenInit(&ni);
-	_gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
-	return GSS_S_FAILURE;
-    }
-
-    data.value  = buf;
-    data.length = buf_size;
-
-    ctx->initiator_mech_types.len = ni.mechTypes.len;
-    ctx->initiator_mech_types.val = ni.mechTypes.val;
-    ni.mechTypes.len = 0;
-    ni.mechTypes.val = NULL;
- 
-    free_NegTokenInit(&ni);
-
-    sub = gss_encapsulate_token(&data,
-				GSS_SPNEGO_MECHANISM,
-				output_token);
-    free (buf);
-
-    if (sub) {
-	_gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
-	return sub;
-    }
-
-    if (actual_mech_type)
-	*actual_mech_type = ctx->negotiated_mech_type;
-    if (ret_flags)
-	*ret_flags = ctx->mech_flags;
-    if (time_rec)
-	*time_rec = ctx->mech_time_rec;
-
-    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-
-    *context_handle = context;
-
-    return GSS_S_CONTINUE_NEEDED;
-}
-
-static OM_uint32
-spnego_reply
-           (OM_uint32 * minor_status,
-	    const gssspnego_cred cred,
-            gss_ctx_id_t * context_handle,
-            const gss_name_t target_name,
-            const gss_OID mech_type,
-            OM_uint32 req_flags,
-            OM_uint32 time_req,
-            const gss_channel_bindings_t input_chan_bindings,
-            const gss_buffer_t input_token,
-            gss_OID * actual_mech_type,
-            gss_buffer_t output_token,
-            OM_uint32 * ret_flags,
-            OM_uint32 * time_rec
-    )
-{
-    OM_uint32 ret, minor;
-    NegTokenResp resp;
-    size_t len, taglen;
-    gss_OID_desc mech;
-    int require_mic;
-    size_t buf_len;
-    gss_buffer_desc mic_buf, mech_buf;
-    gss_buffer_desc mech_output_token;
-    gssspnego_ctx ctx;
-
-    *minor_status = 0;
-
-    ctx = (gssspnego_ctx)*context_handle;
-
-    output_token->length = 0;
-    output_token->value  = NULL;
-
-    mech_output_token.length = 0;
-    mech_output_token.value = NULL;
-
-    mech_buf.value = NULL;
-    mech_buf.length = 0;
-
-    ret = der_match_tag_and_length(input_token->value, input_token->length,
-				   ASN1_C_CONTEXT, CONS, 1, &len, &taglen);
-    if (ret)
-	return ret;
-
-    if (len > input_token->length - taglen)
-	return ASN1_OVERRUN;
-
-    ret = decode_NegTokenResp((const unsigned char *)input_token->value+taglen,
-			      len, &resp, NULL);
-    if (ret) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-
-    if (resp.negResult == NULL
-	|| *(resp.negResult) == reject
-	/* || resp.supportedMech == NULL */
-	)
-    {
-	free_NegTokenResp(&resp);
-	return GSS_S_BAD_MECH;
-    }
-
-    /*
-     * Pick up the mechanism that the acceptor selected, only allow it
-     * to be sent in packet.
-     */
-
-    HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-
-    if (resp.supportedMech) {
-
-	if (ctx->oidlen) {
-	    free_NegTokenResp(&resp);
-	    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-	    return GSS_S_BAD_MECH;
-	}
-	ret = der_put_oid(ctx->oidbuf + sizeof(ctx->oidbuf) - 1,
-			  sizeof(ctx->oidbuf),
-			  resp.supportedMech,
-			  &ctx->oidlen);
-	/* Avoid recursively embedded SPNEGO */
-	if (ret || (ctx->oidlen == GSS_SPNEGO_MECHANISM->length &&
-		    memcmp(ctx->oidbuf + sizeof(ctx->oidbuf) - ctx->oidlen,
-			   GSS_SPNEGO_MECHANISM->elements,
-			   ctx->oidlen) == 0))
-	{
-	    free_NegTokenResp(&resp);
-	    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-	    return GSS_S_BAD_MECH;
-	}
-
-	/* check if the acceptor took our optimistic token */
-	if (ctx->oidlen != ctx->preferred_mech_type->length ||
-	    memcmp(ctx->oidbuf + sizeof(ctx->oidbuf) - ctx->oidlen,
-		   ctx->preferred_mech_type->elements,
-		   ctx->oidlen) != 0)
-	{
-	    gss_delete_sec_context(&minor, &ctx->negotiated_ctx_id, 
-				   GSS_C_NO_BUFFER);
-	    ctx->negotiated_ctx_id = GSS_C_NO_CONTEXT;
-	}
-    } else if (ctx->oidlen == 0) {
-	free_NegTokenResp(&resp);
-	HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-	return GSS_S_BAD_MECH;
-    }
-
-    if (resp.responseToken != NULL || 
-	ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
-	gss_buffer_desc mech_input_token;
-
-	if (resp.responseToken) {
-	    mech_input_token.length = resp.responseToken->length;
-	    mech_input_token.value  = resp.responseToken->data;
-	} else {
-	    mech_input_token.length = 0;
-	    mech_input_token.value = NULL;
-	}
-
-
-	mech.length = ctx->oidlen;
-	mech.elements = ctx->oidbuf + sizeof(ctx->oidbuf) - ctx->oidlen;
-
-	/* Fall through as if the negotiated mechanism
-	   was requested explicitly */
-	ret = gss_init_sec_context(&minor,
-				   (cred != NULL) ? cred->negotiated_cred_id :
-				       GSS_C_NO_CREDENTIAL,
-				   &ctx->negotiated_ctx_id,
-				   ctx->target_name,
-				   &mech,
-				   req_flags,
-				   time_req,
-				   input_chan_bindings,
-				   &mech_input_token,
-				   &ctx->negotiated_mech_type,
-				   &mech_output_token,
-				   &ctx->mech_flags,
-				   &ctx->mech_time_rec);
-	if (GSS_ERROR(ret)) {
-	    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-	    free_NegTokenResp(&resp);
-	    *minor_status = minor;
-	    return ret;
-	}
-	if (ret == GSS_S_COMPLETE) {
-	    ctx->open = 1;
-	}
-    } else if (*(resp.negResult) == accept_completed) {
-	if (ctx->maybe_open)
-	    ctx->open = 1;
-    }
-
-    if (*(resp.negResult) == request_mic) {
-	ctx->require_mic = 1;
-    }
-
-    if (ctx->open) {
-	/*
-	 * Verify the mechListMIC if one was provided or CFX was
-	 * used and a non-preferred mechanism was selected
-	 */
-	if (resp.mechListMIC != NULL) {
-	    require_mic = 1;
-	} else {
-	    ret = _gss_spnego_require_mechlist_mic(minor_status, ctx,
-						   &require_mic);
-	    if (ret) {
-		HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-		free_NegTokenResp(&resp);
-		gss_release_buffer(&minor, &mech_output_token);
-		return ret;
-	    }
-	}
-    } else {
-	require_mic = 0;
-    }
-
-    if (require_mic) {
-	ASN1_MALLOC_ENCODE(MechTypeList, mech_buf.value, mech_buf.length,
-			   &ctx->initiator_mech_types, &buf_len, ret);
-	if (ret) {
-	    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-	    free_NegTokenResp(&resp);
-	    gss_release_buffer(&minor, &mech_output_token);
-	    *minor_status = ret;
-	    return GSS_S_FAILURE;
-	}
-	if (mech_buf.length != buf_len)
-	    abort();
-
-	if (resp.mechListMIC == NULL) {
-	    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-	    free(mech_buf.value);
-	    free_NegTokenResp(&resp);
-	    *minor_status = 0;
-	    return GSS_S_DEFECTIVE_TOKEN;
-	}
-	mic_buf.length = resp.mechListMIC->length;
-	mic_buf.value  = resp.mechListMIC->data;
-
-	if (mech_output_token.length == 0) {
-	    ret = gss_verify_mic(minor_status,
-				 ctx->negotiated_ctx_id,
-				 &mech_buf,
-				 &mic_buf,
-				 NULL);
-	   if (ret) {
-		HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-		free(mech_buf.value);
-		gss_release_buffer(&minor, &mech_output_token);
-		free_NegTokenResp(&resp);
-		return GSS_S_DEFECTIVE_TOKEN;
-	    }
-	    ctx->verified_mic = 1;
-	}
-    }
-
-    ret = spnego_reply_internal(minor_status, ctx,
-				require_mic ? &mech_buf : NULL,
-				&mech_output_token,
-				output_token);
-
-    if (mech_buf.value != NULL)
-	free(mech_buf.value);
-
-    free_NegTokenResp(&resp);
-    gss_release_buffer(&minor, &mech_output_token);
-
-    if (actual_mech_type)
-	*actual_mech_type = ctx->negotiated_mech_type;
-    if (ret_flags)
-	*ret_flags = ctx->mech_flags;
-    if (time_rec)
-	*time_rec = ctx->mech_time_rec;
-
-    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-    return ret;
-}
-
-OM_uint32 _gss_spnego_init_sec_context
-           (OM_uint32 * minor_status,
-            const gss_cred_id_t initiator_cred_handle,
-            gss_ctx_id_t * context_handle,
-            const gss_name_t target_name,
-            const gss_OID mech_type,
-            OM_uint32 req_flags,
-            OM_uint32 time_req,
-            const gss_channel_bindings_t input_chan_bindings,
-            const gss_buffer_t input_token,
-            gss_OID * actual_mech_type,
-            gss_buffer_t output_token,
-            OM_uint32 * ret_flags,
-            OM_uint32 * time_rec
-           )
-{
-    gssspnego_cred cred = (gssspnego_cred)initiator_cred_handle;
-
-    if (*context_handle == GSS_C_NO_CONTEXT)
-	return spnego_initial (minor_status,
-			       cred,
-			       context_handle,
-			       target_name,
-			       mech_type,
-			       req_flags,
-			       time_req,
-			       input_chan_bindings,
-			       input_token,
-			       actual_mech_type,
-			       output_token,
-			       ret_flags,
-			       time_rec);
-    else
-	return spnego_reply (minor_status,
-			     cred,
-			     context_handle,
-			     target_name,
-			     mech_type,
-			     req_flags,
-			     time_req,
-			     input_chan_bindings,
-			     input_token,
-			     actual_mech_type,
-			     output_token,
-			     ret_flags,
-			     time_rec);
-}
-
diff --git a/crypto/heimdal/lib/gssapi/spnego/spnego-private.h b/crypto/heimdal/lib/gssapi/spnego/spnego-private.h
deleted file mode 100644
index d80db0018adf..000000000000
--- a/crypto/heimdal/lib/gssapi/spnego/spnego-private.h
+++ /dev/null
@@ -1,330 +0,0 @@
-/* This is a generated file */
-#ifndef __spnego_private_h__
-#define __spnego_private_h__
-
-#include <stdarg.h>
-
-gssapi_mech_interface
-__gss_spnego_initialize (void);
-
-OM_uint32
-_gss_spnego_accept_sec_context (
-	OM_uint32 * /*minor_status*/,
-	gss_ctx_id_t * /*context_handle*/,
-	const gss_cred_id_t /*acceptor_cred_handle*/,
-	const gss_buffer_t /*input_token_buffer*/,
-	const gss_channel_bindings_t /*input_chan_bindings*/,
-	gss_name_t * /*src_name*/,
-	gss_OID * /*mech_type*/,
-	gss_buffer_t /*output_token*/,
-	OM_uint32 * /*ret_flags*/,
-	OM_uint32 * /*time_rec*/,
-	gss_cred_id_t *delegated_cred_handle );
-
-OM_uint32
-_gss_spnego_acquire_cred (
-	OM_uint32 */*minor_status*/,
-	const gss_name_t /*desired_name*/,
-	OM_uint32 /*time_req*/,
-	const gss_OID_set /*desired_mechs*/,
-	gss_cred_usage_t /*cred_usage*/,
-	gss_cred_id_t * /*output_cred_handle*/,
-	gss_OID_set * /*actual_mechs*/,
-	OM_uint32 * time_rec );
-
-OM_uint32
-_gss_spnego_add_cred (
-	 OM_uint32 * /*minor_status*/,
-	const gss_cred_id_t /*input_cred_handle*/,
-	const gss_name_t /*desired_name*/,
-	const gss_OID /*desired_mech*/,
-	gss_cred_usage_t /*cred_usage*/,
-	OM_uint32 /*initiator_time_req*/,
-	OM_uint32 /*acceptor_time_req*/,
-	gss_cred_id_t * /*output_cred_handle*/,
-	gss_OID_set * /*actual_mechs*/,
-	OM_uint32 * /*initiator_time_rec*/,
-	OM_uint32 * acceptor_time_rec );
-
-OM_uint32
-_gss_spnego_alloc_cred (
-	OM_uint32 */*minor_status*/,
-	gss_cred_id_t /*mech_cred_handle*/,
-	gss_cred_id_t */*cred_handle*/);
-
-OM_uint32
-_gss_spnego_alloc_sec_context (
-	OM_uint32 * /*minor_status*/,
-	gss_ctx_id_t */*context_handle*/);
-
-OM_uint32
-_gss_spnego_canonicalize_name (
-	 OM_uint32 * /*minor_status*/,
-	const gss_name_t /*input_name*/,
-	const gss_OID /*mech_type*/,
-	gss_name_t * output_name );
-
-OM_uint32
-_gss_spnego_compare_name (
-	OM_uint32 */*minor_status*/,
-	const gss_name_t /*name1*/,
-	const gss_name_t /*name2*/,
-	int * name_equal );
-
-OM_uint32
-_gss_spnego_context_time (
-	OM_uint32 */*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	OM_uint32 *time_rec );
-
-OM_uint32
-_gss_spnego_delete_sec_context (
-	OM_uint32 */*minor_status*/,
-	gss_ctx_id_t */*context_handle*/,
-	gss_buffer_t output_token );
-
-OM_uint32
-_gss_spnego_display_name (
-	OM_uint32 * /*minor_status*/,
-	const gss_name_t /*input_name*/,
-	gss_buffer_t /*output_name_buffer*/,
-	gss_OID * output_name_type );
-
-OM_uint32
-_gss_spnego_display_status (
-	OM_uint32 * /*minor_status*/,
-	OM_uint32 /*status_value*/,
-	int /*status_type*/,
-	const gss_OID /*mech_type*/,
-	OM_uint32 * /*message_context*/,
-	gss_buffer_t status_string );
-
-OM_uint32
-_gss_spnego_duplicate_name (
-	 OM_uint32 * /*minor_status*/,
-	const gss_name_t /*src_name*/,
-	gss_name_t * dest_name );
-
-OM_uint32
-_gss_spnego_export_name (
-	OM_uint32 * /*minor_status*/,
-	const gss_name_t /*input_name*/,
-	gss_buffer_t exported_name );
-
-OM_uint32
-_gss_spnego_export_sec_context (
-	 OM_uint32 * /*minor_status*/,
-	gss_ctx_id_t * /*context_handle*/,
-	gss_buffer_t interprocess_token );
-
-OM_uint32
-_gss_spnego_get_mic (
-	OM_uint32 */*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	gss_qop_t /*qop_req*/,
-	const gss_buffer_t /*message_buffer*/,
-	gss_buffer_t message_token );
-
-OM_uint32
-_gss_spnego_import_name (
-	OM_uint32 * /*minor_status*/,
-	const gss_buffer_t /*name_buffer*/,
-	const gss_OID /*name_type*/,
-	gss_name_t * output_name );
-
-OM_uint32
-_gss_spnego_import_sec_context (
-	 OM_uint32 * /*minor_status*/,
-	const gss_buffer_t /*interprocess_token*/,
-	gss_ctx_id_t *context_handle );
-
-OM_uint32
-_gss_spnego_indicate_mechtypelist (
-	OM_uint32 */*minor_status*/,
-	gss_name_t /*target_name*/,
-	OM_uint32 (*/*func*/)(gss_name_t, gss_OID),
-	int /*includeMSCompatOID*/,
-	const gssspnego_cred /*cred_handle*/,
-	MechTypeList */*mechtypelist*/,
-	gss_OID */*preferred_mech*/);
-
-OM_uint32
-_gss_spnego_init_sec_context (
-	OM_uint32 * /*minor_status*/,
-	const gss_cred_id_t /*initiator_cred_handle*/,
-	gss_ctx_id_t * /*context_handle*/,
-	const gss_name_t /*target_name*/,
-	const gss_OID /*mech_type*/,
-	OM_uint32 /*req_flags*/,
-	OM_uint32 /*time_req*/,
-	const gss_channel_bindings_t /*input_chan_bindings*/,
-	const gss_buffer_t /*input_token*/,
-	gss_OID * /*actual_mech_type*/,
-	gss_buffer_t /*output_token*/,
-	OM_uint32 * /*ret_flags*/,
-	OM_uint32 * time_rec );
-
-OM_uint32
-_gss_spnego_inquire_context (
-	 OM_uint32 * /*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	gss_name_t * /*src_name*/,
-	gss_name_t * /*targ_name*/,
-	OM_uint32 * /*lifetime_rec*/,
-	gss_OID * /*mech_type*/,
-	OM_uint32 * /*ctx_flags*/,
-	int * /*locally_initiated*/,
-	int * open_context );
-
-OM_uint32
-_gss_spnego_inquire_cred (
-	OM_uint32 * /*minor_status*/,
-	const gss_cred_id_t /*cred_handle*/,
-	gss_name_t * /*name*/,
-	OM_uint32 * /*lifetime*/,
-	gss_cred_usage_t * /*cred_usage*/,
-	gss_OID_set * mechanisms );
-
-OM_uint32
-_gss_spnego_inquire_cred_by_mech (
-	 OM_uint32 * /*minor_status*/,
-	const gss_cred_id_t /*cred_handle*/,
-	const gss_OID /*mech_type*/,
-	gss_name_t * /*name*/,
-	OM_uint32 * /*initiator_lifetime*/,
-	OM_uint32 * /*acceptor_lifetime*/,
-	gss_cred_usage_t * cred_usage );
-
-OM_uint32
-_gss_spnego_inquire_cred_by_oid (
-	OM_uint32 * /*minor_status*/,
-	const gss_cred_id_t /*cred_handle*/,
-	const gss_OID /*desired_object*/,
-	gss_buffer_set_t */*data_set*/);
-
-OM_uint32
-_gss_spnego_inquire_mechs_for_name (
-	 OM_uint32 * /*minor_status*/,
-	const gss_name_t /*input_name*/,
-	gss_OID_set * mech_types );
-
-OM_uint32
-_gss_spnego_inquire_names_for_mech (
-	 OM_uint32 * /*minor_status*/,
-	const gss_OID /*mechanism*/,
-	gss_OID_set * name_types );
-
-OM_uint32
-_gss_spnego_inquire_sec_context_by_oid (
-	OM_uint32 * /*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	const gss_OID /*desired_object*/,
-	gss_buffer_set_t */*data_set*/);
-
-OM_uint32
-_gss_spnego_internal_delete_sec_context (
-	OM_uint32 */*minor_status*/,
-	gss_ctx_id_t */*context_handle*/,
-	gss_buffer_t output_token );
-
-OM_uint32
-_gss_spnego_process_context_token (
-	OM_uint32 */*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	const gss_buffer_t token_buffer );
-
-OM_uint32
-_gss_spnego_release_cred (
-	OM_uint32 */*minor_status*/,
-	gss_cred_id_t */*cred_handle*/);
-
-OM_uint32
-_gss_spnego_release_name (
-	OM_uint32 * /*minor_status*/,
-	gss_name_t * input_name );
-
-OM_uint32
-_gss_spnego_require_mechlist_mic (
-	OM_uint32 */*minor_status*/,
-	gssspnego_ctx /*ctx*/,
-	int */*require_mic*/);
-
-OM_uint32
-_gss_spnego_seal (
-	OM_uint32 * /*minor_status*/,
-	gss_ctx_id_t /*context_handle*/,
-	int /*conf_req_flag*/,
-	int /*qop_req*/,
-	gss_buffer_t /*input_message_buffer*/,
-	int * /*conf_state*/,
-	gss_buffer_t output_message_buffer );
-
-OM_uint32
-_gss_spnego_set_sec_context_option (
-	OM_uint32 * /*minor_status*/,
-	gss_ctx_id_t * /*context_handle*/,
-	const gss_OID /*desired_object*/,
-	const gss_buffer_t /*value*/);
-
-OM_uint32
-_gss_spnego_sign (
-	OM_uint32 * /*minor_status*/,
-	gss_ctx_id_t /*context_handle*/,
-	int /*qop_req*/,
-	gss_buffer_t /*message_buffer*/,
-	gss_buffer_t message_token );
-
-OM_uint32
-_gss_spnego_unseal (
-	OM_uint32 * /*minor_status*/,
-	gss_ctx_id_t /*context_handle*/,
-	gss_buffer_t /*input_message_buffer*/,
-	gss_buffer_t /*output_message_buffer*/,
-	int * /*conf_state*/,
-	int * qop_state );
-
-OM_uint32
-_gss_spnego_unwrap (
-	OM_uint32 * /*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	const gss_buffer_t /*input_message_buffer*/,
-	gss_buffer_t /*output_message_buffer*/,
-	int * /*conf_state*/,
-	gss_qop_t * qop_state );
-
-OM_uint32
-_gss_spnego_verify (
-	OM_uint32 * /*minor_status*/,
-	gss_ctx_id_t /*context_handle*/,
-	gss_buffer_t /*message_buffer*/,
-	gss_buffer_t /*token_buffer*/,
-	int * qop_state );
-
-OM_uint32
-_gss_spnego_verify_mic (
-	OM_uint32 * /*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	const gss_buffer_t /*message_buffer*/,
-	const gss_buffer_t /*token_buffer*/,
-	gss_qop_t * qop_state );
-
-OM_uint32
-_gss_spnego_wrap (
-	OM_uint32 * /*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	int /*conf_req_flag*/,
-	gss_qop_t /*qop_req*/,
-	const gss_buffer_t /*input_message_buffer*/,
-	int * /*conf_state*/,
-	gss_buffer_t output_message_buffer );
-
-OM_uint32
-_gss_spnego_wrap_size_limit (
-	 OM_uint32 * /*minor_status*/,
-	const gss_ctx_id_t /*context_handle*/,
-	int /*conf_req_flag*/,
-	gss_qop_t /*qop_req*/,
-	OM_uint32 /*req_output_size*/,
-	OM_uint32 * max_input_size );
-
-#endif /* __spnego_private_h__ */
diff --git a/crypto/heimdal/lib/gssapi/spnego/spnego.asn1 b/crypto/heimdal/lib/gssapi/spnego/spnego.asn1
deleted file mode 100644
index 058f10ba3ad1..000000000000
--- a/crypto/heimdal/lib/gssapi/spnego/spnego.asn1
+++ /dev/null
@@ -1,63 +0,0 @@
--- $Id: spnego.asn1 21403 2007-07-04 08:13:12Z lha $
-
-SPNEGO DEFINITIONS ::=
-BEGIN
-
-MechType::= OBJECT IDENTIFIER
-
-MechTypeList ::= SEQUENCE OF MechType
-
-ContextFlags ::= BIT STRING {
-    delegFlag       (0),
-    mutualFlag      (1),
-    replayFlag      (2),
-    sequenceFlag    (3),
-    anonFlag        (4),
-    confFlag        (5),
-    integFlag       (6)
-}
-
-NegHints ::= SEQUENCE {
-    hintName       [0]  GeneralString	OPTIONAL,
-    hintAddress    [1]  OCTET STRING	OPTIONAL
-} 
-
-NegTokenInitWin ::= SEQUENCE {
-    mechTypes       [0] MechTypeList,
-    reqFlags        [1] ContextFlags   OPTIONAL,
-    mechToken       [2] OCTET STRING   OPTIONAL,
-    negHints        [3] NegHints       OPTIONAL
-}
-
-NegTokenInit ::= SEQUENCE {
-    mechTypes       [0] MechTypeList,
-    reqFlags        [1] ContextFlags   OPTIONAL,
-    mechToken       [2] OCTET STRING   OPTIONAL,
-    mechListMIC	    [3] OCTET STRING   OPTIONAL,
-    ...
-}
-
--- NB: negResult is not OPTIONAL in the new SPNEGO spec but
--- Windows clients do not always send it
-NegTokenResp ::= SEQUENCE {
-    negResult      [0] ENUMERATED {
-                            accept_completed    (0),
-                            accept_incomplete   (1),
-                            reject              (2),
-                            request-mic         (3) }          OPTIONAL,
-    supportedMech  [1] MechType                                OPTIONAL,
-    responseToken  [2] OCTET STRING                            OPTIONAL,
-    mechListMIC    [3] OCTET STRING                            OPTIONAL,
-    ...
-}
-
-NegotiationToken ::= CHOICE {
-	negTokenInit[0]		NegTokenInit,
-	negTokenResp[1]		NegTokenResp
-}
-
-NegotiationTokenWin ::= CHOICE {
-	negTokenInit[0]		NegTokenInitWin
-}
-
-END
diff --git a/crypto/heimdal/lib/gssapi/spnego/spnego_locl.h b/crypto/heimdal/lib/gssapi/spnego/spnego_locl.h
deleted file mode 100644
index 44b24688e18f..000000000000
--- a/crypto/heimdal/lib/gssapi/spnego/spnego_locl.h
+++ /dev/null
@@ -1,115 +0,0 @@
-/*
- * Copyright (c) 2004, PADL Software Pty Ltd.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of PADL Software nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: spnego_locl.h 19411 2006-12-18 15:42:03Z lha $ */
-
-#ifndef SPNEGO_LOCL_H
-#define SPNEGO_LOCL_H
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-
-#ifdef HAVE_PTHREAD_H
-#include <pthread.h>
-#endif
-
-#include <gssapi/gssapi_spnego.h>
-#include <gssapi.h>
-#include <assert.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include <ctype.h>
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-
-#include <heim_threads.h>
-#include <asn1_err.h>
-
-#include <gssapi_mech.h>
-
-#include "spnego_asn1.h"
-#include "mech/utils.h"
-#include <der.h>
-
-#include <roken.h>
-
-#define ALLOC(X, N) (X) = calloc((N), sizeof(*(X)))
-
-typedef struct {
-	gss_cred_id_t		negotiated_cred_id;
-} *gssspnego_cred;
-
-typedef struct {
-	MechTypeList		initiator_mech_types;
-	gss_OID			preferred_mech_type;
-	gss_OID			negotiated_mech_type;
-	gss_ctx_id_t		negotiated_ctx_id;
-	OM_uint32		mech_flags;
-	OM_uint32		mech_time_rec;
-	gss_name_t		mech_src_name;
-	gss_cred_id_t		delegated_cred_id;
-	unsigned int		open : 1;
-	unsigned int		local : 1;
-	unsigned int		require_mic : 1;
-	unsigned int		verified_mic : 1;
-	unsigned int		maybe_open : 1;
-	HEIMDAL_MUTEX		ctx_id_mutex;
-
-	gss_name_t		target_name;
-
-	u_char			oidbuf[17];
- 	size_t			oidlen;
-
-} *gssspnego_ctx;
-
-typedef struct {
-	gss_OID_desc		type;
-	gss_buffer_desc		value;
-	gss_name_t		mech;
-} *spnego_name;
-
-extern gss_OID_desc _gss_spnego_mskrb_mechanism_oid_desc;
-extern gss_OID_desc _gss_spnego_krb5_mechanism_oid_desc;
-
-#include <spnego/spnego-private.h>
-
-#endif /* SPNEGO_LOCL_H */
diff --git a/crypto/heimdal/lib/gssapi/test_acquire_cred.c b/crypto/heimdal/lib/gssapi/test_acquire_cred.c
deleted file mode 100644
index fd2bc32dd52b..000000000000
--- a/crypto/heimdal/lib/gssapi/test_acquire_cred.c
+++ /dev/null
@@ -1,253 +0,0 @@
-/*
- * Copyright (c) 2003-2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <stdarg.h>
-#include <gssapi.h>
-#include <err.h>
-#include <roken.h>
-#include <getarg.h>
-
-#include "test_common.h"
-
-RCSID("$Id: test_acquire_cred.c 22129 2007-12-04 01:13:13Z lha $");
-
-static void
-print_time(OM_uint32 time_rec)
-{
-    if (time_rec == GSS_C_INDEFINITE) {
-	printf("cred never expire\n");
-    } else {
-	time_t t = time_rec + time(NULL);
-	printf("expiration time: %s", ctime(&t));
-    }
-}
-
-#if 0
-
-static void
-test_add(gss_cred_id_t cred_handle)
-{
-    OM_uint32 major_status, minor_status;
-    gss_cred_id_t copy_cred;
-    OM_uint32 time_rec;
-
-    major_status = gss_add_cred (&minor_status,
-				 cred_handle,
-				 GSS_C_NO_NAME,
-				 GSS_KRB5_MECHANISM,
-				 GSS_C_INITIATE,
-				 0,
-				 0,
-				 &copy_cred,
-				 NULL,
-				 &time_rec,
-				 NULL);
-			    
-    if (GSS_ERROR(major_status))
-	errx(1, "add_cred failed");
-
-    print_time(time_rec);
-
-    major_status = gss_release_cred(&minor_status,
-				    &copy_cred);
-    if (GSS_ERROR(major_status))
-	errx(1, "release_cred failed");
-}
-
-static void
-copy_cred(void)
-{
-    OM_uint32 major_status, minor_status;
-    gss_cred_id_t cred_handle;
-    OM_uint32 time_rec;
-
-    major_status = gss_acquire_cred(&minor_status, 
-				    GSS_C_NO_NAME,
-				    0,
-				    NULL,
-				    GSS_C_INITIATE,
-				    &cred_handle,
-				    NULL,
-				    &time_rec);
-    if (GSS_ERROR(major_status))
-	errx(1, "acquire_cred failed");
-	
-    print_time(time_rec);
-
-    test_add(cred_handle);
-    test_add(cred_handle);
-    test_add(cred_handle);
-
-    major_status = gss_release_cred(&minor_status,
-				    &cred_handle);
-    if (GSS_ERROR(major_status))
-	errx(1, "release_cred failed");
-}
-#endif
-
-static void
-acquire_cred_service(const char *service,
-		     gss_OID nametype,
-		     int flags)
-{
-    OM_uint32 major_status, minor_status;
-    gss_cred_id_t cred_handle;
-    OM_uint32 time_rec;
-    gss_buffer_desc name_buffer;
-    gss_name_t name = GSS_C_NO_NAME;
-
-    if (service) {
-	name_buffer.value = rk_UNCONST(service);
-	name_buffer.length = strlen(service);
-	
-	major_status = gss_import_name(&minor_status,
-				       &name_buffer,
-				       nametype,
-				       &name);
-	if (GSS_ERROR(major_status))
-	    errx(1, "import_name failed");
-    }
-
-    major_status = gss_acquire_cred(&minor_status, 
-				    name,
-				    0,
-				    NULL,
-				    flags,
-				    &cred_handle,
-				    NULL,
-				    &time_rec);
-    if (GSS_ERROR(major_status)) {
-	warnx("acquire_cred failed: %s", 
-	     gssapi_err(major_status, minor_status, GSS_C_NO_OID));
-    } else {    
-	print_time(time_rec);
-	gss_release_cred(&minor_status, &cred_handle);
-    }
-
-    if (name != GSS_C_NO_NAME)
-	gss_release_name(&minor_status, &name);
-
-    if (GSS_ERROR(major_status))
-	exit(1);
-}
-
-static int version_flag = 0;
-static int help_flag	= 0;
-static char *acquire_name;
-static char *acquire_type;
-static char *name_type;
-static char *ccache;
-
-static struct getargs args[] = {
-    {"acquire-name", 0,	arg_string,	&acquire_name, "name", NULL },
-    {"acquire-type", 0,	arg_string,	&acquire_type, "type", NULL },
-    {"ccache", 0,	arg_string,	&ccache, "name", NULL },
-    {"name-type", 0,	arg_string,	&name_type, "type", NULL },
-    {"version",	0,	arg_flag,	&version_flag, "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,  NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args, sizeof(args)/sizeof(*args), NULL, "");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    int optidx = 0;
-    OM_uint32 flag;
-    gss_OID type;
-
-    setprogname(argv[0]);
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    if (argc != 0)
-	usage(1);
-
-    if (acquire_type) {
-	if (strcasecmp(acquire_type, "both") == 0)
-	    flag = GSS_C_BOTH;
-	else if (strcasecmp(acquire_type, "accept") == 0)
-	    flag = GSS_C_ACCEPT;
-	else if (strcasecmp(acquire_type, "initiate") == 0)
-	    flag = GSS_C_INITIATE;
-	else
-	    errx(1, "unknown type %s", acquire_type);
-    } else
-	flag = GSS_C_ACCEPT;
-	
-    if (name_type) {
-	if (strcasecmp("hostbased-service", name_type) == 0)
-	    type = GSS_C_NT_HOSTBASED_SERVICE;
-	else if (strcasecmp("user-name", name_type) == 0)
-	    type = GSS_C_NT_USER_NAME;
-	else
-	    errx(1, "unknown name type %s", name_type);
-    } else
-	type = GSS_C_NT_HOSTBASED_SERVICE;
-
-    if (ccache) {
-	OM_uint32 major_status, minor_status;
-	major_status = gss_krb5_ccache_name(&minor_status,
-					    ccache, NULL);
-	if (GSS_ERROR(major_status))
-	    errx(1, "gss_krb5_ccache_name %s", 
-		 gssapi_err(major_status, minor_status, GSS_C_NO_OID));
-    }
-
-    acquire_cred_service(acquire_name, type, flag);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/gssapi/test_common.c b/crypto/heimdal/lib/gssapi/test_common.c
deleted file mode 100644
index 329180f23387..000000000000
--- a/crypto/heimdal/lib/gssapi/test_common.c
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "krb5/gsskrb5_locl.h"
-#include <err.h>
-#include "test_common.h"
-
-RCSID("$Id: test_common.c 20075 2007-01-31 06:05:19Z lha $");
-
-char *
-gssapi_err(OM_uint32 maj_stat, OM_uint32 min_stat, gss_OID mech)
-{
-	OM_uint32 disp_min_stat, disp_maj_stat;
-	gss_buffer_desc maj_error_message;
-	gss_buffer_desc min_error_message;
-	OM_uint32 msg_ctx = 0;
-
-	char *ret = NULL;
-
-	maj_error_message.length = 0;
-	maj_error_message.value = NULL;
-	min_error_message.length = 0;
-	min_error_message.value = NULL;
-	
-	disp_maj_stat = gss_display_status(&disp_min_stat, maj_stat, 
-					   GSS_C_GSS_CODE,
-					   mech, &msg_ctx, &maj_error_message);
-	disp_maj_stat = gss_display_status(&disp_min_stat, min_stat,
-					   GSS_C_MECH_CODE,
-					   mech, &msg_ctx, &min_error_message);
-	asprintf(&ret, "gss-code: %lu %.*s\nmech-code: %lu %.*s", 
-		 (unsigned long)maj_stat,
-		 (int)maj_error_message.length, 
-		 (char *)maj_error_message.value, 
-		 (unsigned long)min_stat,
-		 (int)min_error_message.length, 
-		 (char *)min_error_message.value);
-
-	gss_release_buffer(&disp_min_stat, &maj_error_message);
-	gss_release_buffer(&disp_min_stat, &min_error_message);
-
-	return ret;
-}
-
diff --git a/crypto/heimdal/lib/gssapi/test_common.h b/crypto/heimdal/lib/gssapi/test_common.h
deleted file mode 100644
index 8e78a5d30ec4..000000000000
--- a/crypto/heimdal/lib/gssapi/test_common.h
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Copyright (c) 2006 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/* $Id: test_common.h 20075 2007-01-31 06:05:19Z lha $ */
-
-char * gssapi_err(OM_uint32, OM_uint32, gss_OID);
diff --git a/crypto/heimdal/lib/gssapi/test_context.c b/crypto/heimdal/lib/gssapi/test_context.c
deleted file mode 100644
index e02535aec22a..000000000000
--- a/crypto/heimdal/lib/gssapi/test_context.c
+++ /dev/null
@@ -1,542 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "krb5/gsskrb5_locl.h"
-#include <err.h>
-#include <getarg.h>
-#include "test_common.h"
-
-RCSID("$Id: test_context.c 20075 2007-01-31 06:05:19Z lha $");
-
-static char *type_string;
-static char *mech_string;
-static char *ret_mech_string;
-static int dns_canon_flag = -1;
-static int mutual_auth_flag = 0;
-static int dce_style_flag = 0;
-static int wrapunwrap_flag = 0;
-static int getverifymic_flag = 0;
-static int deleg_flag = 0;
-static int version_flag = 0;
-static int verbose_flag = 0;
-static int help_flag	= 0;
-
-static struct {
-    const char *name;
-    gss_OID *oid;
-} o2n[] = {
-    { "krb5", &GSS_KRB5_MECHANISM },
-    { "spnego", &GSS_SPNEGO_MECHANISM },
-    { "ntlm", &GSS_NTLM_MECHANISM },
-    { "sasl-digest-md5", &GSS_SASL_DIGEST_MD5_MECHANISM }
-};
-
-static gss_OID
-string_to_oid(const char *name)
-{
-    int i;
-    for (i = 0; i < sizeof(o2n)/sizeof(o2n[0]); i++)
-	if (strcasecmp(name, o2n[i].name) == 0)
-	    return *o2n[i].oid;
-    errx(1, "name %s not unknown", name);
-}
-
-static const char *
-oid_to_string(const gss_OID oid)
-{
-    int i;
-    for (i = 0; i < sizeof(o2n)/sizeof(o2n[0]); i++)
-	if (gss_oid_equal(oid, *o2n[i].oid))
-	    return o2n[i].name;
-    return "unknown oid";
-}
-
-static void
-loop(gss_OID mechoid,
-     gss_OID nameoid, const char *target,
-     gss_cred_id_t init_cred,
-     gss_ctx_id_t *sctx, gss_ctx_id_t *cctx,
-     gss_OID *actual_mech, 
-     gss_cred_id_t *deleg_cred)
-{
-    int server_done = 0, client_done = 0;
-    OM_uint32 maj_stat, min_stat;
-    gss_name_t gss_target_name;
-    gss_buffer_desc input_token, output_token;
-    OM_uint32 flags = 0, ret_cflags, ret_sflags;
-    gss_OID actual_mech_client; 
-    gss_OID actual_mech_server; 
-
-    *actual_mech = GSS_C_NO_OID;
-
-    flags |= GSS_C_INTEG_FLAG;
-    flags |= GSS_C_CONF_FLAG;
-
-    if (mutual_auth_flag)
-	flags |= GSS_C_MUTUAL_FLAG;
-    if (dce_style_flag)
-	flags |= GSS_C_DCE_STYLE;
-    if (deleg_flag)
-	flags |= GSS_C_DELEG_FLAG;
-
-    input_token.value = rk_UNCONST(target);
-    input_token.length = strlen(target);
-
-    maj_stat = gss_import_name(&min_stat,
-			       &input_token,
-			       nameoid,
-			       &gss_target_name);
-    if (GSS_ERROR(maj_stat))
-	err(1, "import name creds failed with: %d", maj_stat);
-
-    input_token.length = 0;
-    input_token.value = NULL;
-
-    while (!server_done || !client_done) {
-
-	maj_stat = gss_init_sec_context(&min_stat,
-					init_cred,
-					cctx,
-					gss_target_name,
-					mechoid, 
-					flags,
-					0, 
-					NULL,
-					&input_token,
-					&actual_mech_client,
-					&output_token,
-					&ret_cflags,
-					NULL);
-	if (GSS_ERROR(maj_stat))
-	    errx(1, "init_sec_context: %s",
-		 gssapi_err(maj_stat, min_stat, mechoid));
-	if (maj_stat & GSS_S_CONTINUE_NEEDED)
-	    ;
-	else
-	    client_done = 1;
-
-	if (client_done && server_done)
-	    break;
-
-	if (input_token.length != 0)
-	    gss_release_buffer(&min_stat, &input_token);
-
-	maj_stat = gss_accept_sec_context(&min_stat,
-					  sctx,
-					  GSS_C_NO_CREDENTIAL,
-					  &output_token,
-					  GSS_C_NO_CHANNEL_BINDINGS,
-					  NULL,
-					  &actual_mech_server,
-					  &input_token,
-					  &ret_sflags,
-					  NULL,
-					  deleg_cred);
-	if (GSS_ERROR(maj_stat))
-		errx(1, "accept_sec_context: %s",
-		     gssapi_err(maj_stat, min_stat, actual_mech_server));
-
-	if (verbose_flag)
-	    printf("%.*s", (int)input_token.length, (char *)input_token.value);
-
-	if (output_token.length != 0)
-	    gss_release_buffer(&min_stat, &output_token);
-
-	if (maj_stat & GSS_S_CONTINUE_NEEDED)
-	    ;
-	else
-	    server_done = 1;
-    }	
-    if (output_token.length != 0)
-	gss_release_buffer(&min_stat, &output_token);
-    if (input_token.length != 0)
-	gss_release_buffer(&min_stat, &input_token);
-    gss_release_name(&min_stat, &gss_target_name);
-
-    if (gss_oid_equal(actual_mech_server, actual_mech_client) == 0)
-	errx(1, "mech mismatch");
-    *actual_mech = actual_mech_server;
-}
-
-static void
-wrapunwrap(gss_ctx_id_t cctx, gss_ctx_id_t sctx, gss_OID mechoid)
-{
-    gss_buffer_desc input_token, output_token, output_token2;
-    OM_uint32 min_stat, maj_stat;
-    int32_t flags = 0;
-    gss_qop_t qop_state;
-    int conf_state;
-
-    input_token.value = "foo";
-    input_token.length = 3;
-
-    maj_stat = gss_wrap(&min_stat, cctx, flags, 0, &input_token,
-			&conf_state, &output_token);
-    if (maj_stat != GSS_S_COMPLETE)
-	errx(1, "gss_wrap failed: %s",
-	     gssapi_err(maj_stat, min_stat, mechoid));
-
-    maj_stat = gss_unwrap(&min_stat, sctx, &output_token,
-			  &output_token2, &conf_state, &qop_state);
-    if (maj_stat != GSS_S_COMPLETE)
-	errx(1, "gss_unwrap failed: %s",
-	     gssapi_err(maj_stat, min_stat, mechoid));
-}
-
-static void
-getverifymic(gss_ctx_id_t cctx, gss_ctx_id_t sctx, gss_OID mechoid)
-{
-    gss_buffer_desc input_token, output_token;
-    OM_uint32 min_stat, maj_stat;
-    gss_qop_t qop_state;
-
-    input_token.value = "bar";
-    input_token.length = 3;
-
-    maj_stat = gss_get_mic(&min_stat, cctx, 0, &input_token,
-			   &output_token);
-    if (maj_stat != GSS_S_COMPLETE)
-	errx(1, "gss_get_mic failed: %s",
-	     gssapi_err(maj_stat, min_stat, mechoid));
-
-    maj_stat = gss_verify_mic(&min_stat, sctx, &input_token,
-			      &output_token, &qop_state);
-    if (maj_stat != GSS_S_COMPLETE)
-	errx(1, "gss_verify_mic failed: %s",
-	     gssapi_err(maj_stat, min_stat, mechoid));
-}
-
-
-/*
- *
- */
-
-static struct getargs args[] = {
-    {"name-type",0,	arg_string, &type_string,  "type of name", NULL },
-    {"mech-type",0,	arg_string, &mech_string,  "type of mech", NULL },
-    {"ret-mech-type",0,	arg_string, &ret_mech_string,
-     "type of return mech", NULL },
-    {"dns-canonicalize",0,arg_negative_flag, &dns_canon_flag, 
-     "use dns to canonicalize", NULL },
-    {"mutual-auth",0,	arg_flag,	&mutual_auth_flag,"mutual auth", NULL },
-    {"dce-style",0,	arg_flag,	&dce_style_flag, "dce-style", NULL },
-    {"wrapunwrap",0,	arg_flag,	&wrapunwrap_flag, "wrap/unwrap", NULL },
-    {"getverifymic",0,	arg_flag,	&getverifymic_flag, 
-     "get and verify mic", NULL },
-    {"delegate",0,	arg_flag,	&deleg_flag, "delegate credential", NULL },
-    {"version",	0,	arg_flag,	&version_flag, "print version", NULL },
-    {"verbose",	'v',	arg_flag,	&verbose_flag, "verbose", NULL },
-    {"help",	0,	arg_flag,	&help_flag,  NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args, sizeof(args)/sizeof(*args),
-		    NULL, "service@host");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    int optind = 0;
-    OM_uint32 min_stat, maj_stat;
-    gss_ctx_id_t cctx, sctx;
-    void *ctx;
-    gss_OID nameoid, mechoid, actual_mech;
-    gss_cred_id_t deleg_cred = GSS_C_NO_CREDENTIAL;
-
-    setprogname(argv[0]);
-
-    cctx = sctx = GSS_C_NO_CONTEXT;
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optind;
-    argv += optind;
-
-    if (argc != 1)
-	usage(1);
-
-    if (dns_canon_flag != -1)
-	gsskrb5_set_dns_canonicalize(dns_canon_flag);
-
-    if (type_string == NULL)
-	nameoid = GSS_C_NT_HOSTBASED_SERVICE;
-    else if (strcmp(type_string, "hostbased-service") == 0)
-	nameoid = GSS_C_NT_HOSTBASED_SERVICE;
-    else if (strcmp(type_string, "krb5-principal-name") == 0)
-	nameoid = GSS_KRB5_NT_PRINCIPAL_NAME;
-    else
-	errx(1, "%s not suppported", type_string);
-
-    if (mech_string == NULL)
-	mechoid = GSS_KRB5_MECHANISM;
-    else 
-	mechoid = string_to_oid(mech_string);
-
-    loop(mechoid, nameoid, argv[0], GSS_C_NO_CREDENTIAL,
-	 &sctx, &cctx, &actual_mech, &deleg_cred);
-    
-    if (verbose_flag)
-	printf("resulting mech: %s\n", oid_to_string(actual_mech));
-
-    if (ret_mech_string) {
-	gss_OID retoid;
-
-	retoid = string_to_oid(ret_mech_string);
-
-	if (gss_oid_equal(retoid, actual_mech) == 0)
-	    errx(1, "actual_mech mech is not the expected type %s", 
-		 ret_mech_string);
-    }
-
-    /* XXX should be actual_mech */
-    if (gss_oid_equal(mechoid, GSS_KRB5_MECHANISM)) { 
-	krb5_context context;
-	time_t time, skew;
-	gss_buffer_desc authz_data;
-	gss_buffer_desc in, out1, out2;
-	krb5_keyblock *keyblock, *keyblock2;
-	krb5_timestamp now;
-	krb5_error_code ret;
-
-	ret = krb5_init_context(&context);
-	if (ret)
-	    errx(1, "krb5_init_context");
-
-	ret = krb5_timeofday(context, &now);
-	if (ret) 
-		errx(1, "krb5_timeofday failed");
-	
-	/* client */
-	maj_stat = gss_krb5_export_lucid_sec_context(&min_stat,
-						     &cctx,
-						     1, /* version */
-						     &ctx);
-	if (maj_stat != GSS_S_COMPLETE)
-		errx(1, "gss_krb5_export_lucid_sec_context failed: %s",
-		     gssapi_err(maj_stat, min_stat, actual_mech));
-	
-	
-	maj_stat = gss_krb5_free_lucid_sec_context(&maj_stat, ctx);
-	if (maj_stat != GSS_S_COMPLETE)
-	    errx(1, "gss_krb5_free_lucid_sec_context failed: %s",
-		     gssapi_err(maj_stat, min_stat, actual_mech));
-	
-	/* server */
-	maj_stat = gss_krb5_export_lucid_sec_context(&min_stat,
-						     &sctx,
-						     1, /* version */
-						     &ctx);
-	if (maj_stat != GSS_S_COMPLETE)
-	    errx(1, "gss_krb5_export_lucid_sec_context failed: %s",
-		     gssapi_err(maj_stat, min_stat, actual_mech));
-	maj_stat = gss_krb5_free_lucid_sec_context(&min_stat, ctx);
-	if (maj_stat != GSS_S_COMPLETE)
-	    errx(1, "gss_krb5_free_lucid_sec_context failed: %s",
-		     gssapi_err(maj_stat, min_stat, actual_mech));
-
- 	maj_stat = gsskrb5_extract_authtime_from_sec_context(&min_stat,
-							     sctx,
-							     &time);
-	if (maj_stat != GSS_S_COMPLETE)
-	    errx(1, "gsskrb5_extract_authtime_from_sec_context failed: %s",
-		     gssapi_err(maj_stat, min_stat, actual_mech));
-
-	skew = abs(time - now);
-	if (skew > krb5_get_max_time_skew(context)) {
-	    errx(1, "gsskrb5_extract_authtime_from_sec_context failed: "
-		 "time skew too great %llu > %llu", 
-		 (unsigned long long)skew, 
-		 (unsigned long long)krb5_get_max_time_skew(context));
-	}
-
- 	maj_stat = gsskrb5_extract_service_keyblock(&min_stat,
-						    sctx,
-						    &keyblock);
-	if (maj_stat != GSS_S_COMPLETE)
-	    errx(1, "gsskrb5_export_service_keyblock failed: %s",
-		     gssapi_err(maj_stat, min_stat, actual_mech));
-
-	krb5_free_keyblock(context, keyblock);
-
- 	maj_stat = gsskrb5_get_subkey(&min_stat,
-				      sctx,
-				      &keyblock);
-	if (maj_stat != GSS_S_COMPLETE 
-	    && (!(maj_stat == GSS_S_FAILURE && min_stat == GSS_KRB5_S_KG_NO_SUBKEY)))
-	    errx(1, "gsskrb5_get_subkey server failed: %s",
-		     gssapi_err(maj_stat, min_stat, actual_mech));
-
-	if (maj_stat != GSS_S_COMPLETE)
-	    keyblock = NULL;
-	
- 	maj_stat = gsskrb5_get_subkey(&min_stat,
-				      cctx,
-				      &keyblock2);
-	if (maj_stat != GSS_S_COMPLETE 
-	    && (!(maj_stat == GSS_S_FAILURE && min_stat == GSS_KRB5_S_KG_NO_SUBKEY)))
-	    errx(1, "gsskrb5_get_subkey client failed: %s",
-		     gssapi_err(maj_stat, min_stat, actual_mech));
-
-	if (maj_stat != GSS_S_COMPLETE)
-	    keyblock2 = NULL;
-
-	if (keyblock || keyblock2) {
-	    if (keyblock == NULL)
-		errx(1, "server missing token keyblock");
-	    if (keyblock2 == NULL)
-		errx(1, "client missing token keyblock");
-
-	    if (keyblock->keytype != keyblock2->keytype)
-		errx(1, "enctype mismatch");
-	    if (keyblock->keyvalue.length != keyblock2->keyvalue.length)
-		errx(1, "key length mismatch");
-	    if (memcmp(keyblock->keyvalue.data, keyblock2->keyvalue.data, 
-		       keyblock2->keyvalue.length) != 0)
-		errx(1, "key data mismatch");
-	}
-
-	if (keyblock)
-	    krb5_free_keyblock(context, keyblock);
-	if (keyblock2)
-	    krb5_free_keyblock(context, keyblock2);
-
- 	maj_stat = gsskrb5_get_initiator_subkey(&min_stat,
-						sctx,
-						&keyblock);
-	if (maj_stat != GSS_S_COMPLETE 
-	    && (!(maj_stat == GSS_S_FAILURE && min_stat == GSS_KRB5_S_KG_NO_SUBKEY)))
-	    errx(1, "gsskrb5_get_initiator_subkey failed: %s",
-		     gssapi_err(maj_stat, min_stat, actual_mech));
-
-	if (maj_stat == GSS_S_COMPLETE)
-	    krb5_free_keyblock(context, keyblock);
-
- 	maj_stat = gsskrb5_extract_authz_data_from_sec_context(&min_stat,
-							       sctx,
-							       128,
-							       &authz_data);
-	if (maj_stat == GSS_S_COMPLETE)
-	    gss_release_buffer(&min_stat, &authz_data);
-
-	krb5_free_context(context);
-
-
-	memset(&out1, 0, sizeof(out1));
-	memset(&out2, 0, sizeof(out2));
-
-	in.value = "foo";
-	in.length = 3;
-
-	gss_pseudo_random(&min_stat, sctx, GSS_C_PRF_KEY_FULL, &in, 
-			  100, &out1);
-	gss_pseudo_random(&min_stat, cctx, GSS_C_PRF_KEY_FULL, &in, 
-			  100, &out2);
-
-	if (out1.length != out2.length)
-	    errx(1, "prf len mismatch");
-	if (memcmp(out1.value, out2.value, out1.length) != 0)
-	    errx(1, "prf data mismatch");
-	
-	gss_release_buffer(&min_stat, &out1);
-
-	gss_pseudo_random(&min_stat, sctx, GSS_C_PRF_KEY_FULL, &in, 
-			  100, &out1);
-
-	if (out1.length != out2.length)
-	    errx(1, "prf len mismatch");
-	if (memcmp(out1.value, out2.value, out1.length) != 0)
-	    errx(1, "prf data mismatch");
-
-	gss_release_buffer(&min_stat, &out1);
-	gss_release_buffer(&min_stat, &out2);
-
-	in.value = "bar";
-	in.length = 3;
-
-	gss_pseudo_random(&min_stat, sctx, GSS_C_PRF_KEY_PARTIAL, &in, 
-			  100, &out1);
-	gss_pseudo_random(&min_stat, cctx, GSS_C_PRF_KEY_PARTIAL, &in, 
-			  100, &out2);
-
-	if (out1.length != out2.length)
-	    errx(1, "prf len mismatch");
-	if (memcmp(out1.value, out2.value, out1.length) != 0)
-	    errx(1, "prf data mismatch");
-
-	gss_release_buffer(&min_stat, &out1);
-	gss_release_buffer(&min_stat, &out2);
-
-	wrapunwrap_flag = 1;
-	getverifymic_flag = 1;
-    }
-
-    if (wrapunwrap_flag) {
-	wrapunwrap(cctx, sctx, actual_mech);
-	wrapunwrap(cctx, sctx, actual_mech);
-	wrapunwrap(sctx, cctx, actual_mech);
-	wrapunwrap(sctx, cctx, actual_mech);
-    }
-    if (getverifymic_flag) {
-	getverifymic(cctx, sctx, actual_mech);
-	getverifymic(cctx, sctx, actual_mech);
-	getverifymic(sctx, cctx, actual_mech);
-	getverifymic(sctx, cctx, actual_mech);
-    }
-
-    gss_delete_sec_context(&min_stat, &cctx, NULL);
-    gss_delete_sec_context(&min_stat, &sctx, NULL);
-
-    if (deleg_cred != GSS_C_NO_CREDENTIAL) {
-
-	loop(mechoid, nameoid, argv[0], deleg_cred, &cctx, &sctx, &actual_mech, NULL);
-
-	gss_delete_sec_context(&min_stat, &cctx, NULL);
-	gss_delete_sec_context(&min_stat, &sctx, NULL);
-
-    }
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/gssapi/test_cred.c b/crypto/heimdal/lib/gssapi/test_cred.c
deleted file mode 100644
index 5ecc89f360f9..000000000000
--- a/crypto/heimdal/lib/gssapi/test_cred.c
+++ /dev/null
@@ -1,229 +0,0 @@
-/*
- * Copyright (c) 2003-2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <stdarg.h>
-#include <gssapi.h>
-#include <err.h>
-#include <roken.h>
-#include <getarg.h>
-
-RCSID("$Id: test_cred.c 17750 2006-06-30 11:55:28Z lha $");
-
-static void
-gss_print_errors (int min_stat)
-{
-    OM_uint32 new_stat;
-    OM_uint32 msg_ctx = 0;
-    gss_buffer_desc status_string;
-    OM_uint32 ret;
-
-    do {
-	ret = gss_display_status (&new_stat,
-				  min_stat,
-				  GSS_C_MECH_CODE,
-				  GSS_C_NO_OID,
-				  &msg_ctx,
-				  &status_string);
-	if (!GSS_ERROR(ret)) {
-	    fprintf (stderr, "%s\n", (char *)status_string.value);
-	    gss_release_buffer (&new_stat, &status_string);
-	}
-    } while (!GSS_ERROR(ret) && msg_ctx != 0);
-}
-
-static void
-gss_err(int exitval, int status, const char *fmt, ...)
-{
-    va_list args;
-
-    va_start(args, fmt);
-    vwarnx (fmt, args);
-    gss_print_errors (status);
-    va_end(args);
-    exit (exitval);
-}
-
-static void
-acquire_release_loop(gss_name_t name, int counter, gss_cred_usage_t usage)
-{
-    OM_uint32 maj_stat, min_stat;
-    gss_cred_id_t cred;
-    int i;
-
-    for (i = 0; i < counter; i++) {
-	maj_stat = gss_acquire_cred(&min_stat, name,
-				    GSS_C_INDEFINITE,
-				    GSS_C_NO_OID_SET,
-				    usage,
-				    &cred,
-				    NULL,
-				    NULL);
-	if (maj_stat != GSS_S_COMPLETE)
-	    gss_err(1, min_stat, "aquire %d %d != GSS_S_COMPLETE", 
-		    i, (int)maj_stat);
-				    
-	maj_stat = gss_release_cred(&min_stat, &cred);
-	if (maj_stat != GSS_S_COMPLETE)
-	    gss_err(1, min_stat, "release %d %d != GSS_S_COMPLETE", 
-		    i, (int)maj_stat);
-    }
-}
-
-
-static void
-acquire_add_release_add(gss_name_t name, gss_cred_usage_t usage)
-{
-    OM_uint32 maj_stat, min_stat;
-    gss_cred_id_t cred, cred2, cred3;
-
-    maj_stat = gss_acquire_cred(&min_stat, name,
-				GSS_C_INDEFINITE,
-				GSS_C_NO_OID_SET,
-				usage,
-				&cred,
-				NULL,
-				NULL);
-    if (maj_stat != GSS_S_COMPLETE)
-	gss_err(1, min_stat, "aquire %d != GSS_S_COMPLETE", (int)maj_stat);
-    
-    maj_stat = gss_add_cred(&min_stat,
-			    cred,
-			    GSS_C_NO_NAME,
-			    GSS_KRB5_MECHANISM,
-			    usage,
-			    GSS_C_INDEFINITE,
-			    GSS_C_INDEFINITE,
-			    &cred2,
-			    NULL,
-			    NULL,
-			    NULL);
-			    
-    if (maj_stat != GSS_S_COMPLETE)
-	gss_err(1, min_stat, "add_cred %d != GSS_S_COMPLETE", (int)maj_stat);
-
-    maj_stat = gss_release_cred(&min_stat, &cred);
-    if (maj_stat != GSS_S_COMPLETE)
-	gss_err(1, min_stat, "release %d != GSS_S_COMPLETE", (int)maj_stat);
-
-    maj_stat = gss_add_cred(&min_stat,
-			    cred2,
-			    GSS_C_NO_NAME,
-			    GSS_KRB5_MECHANISM,
-			    GSS_C_BOTH,
-			    GSS_C_INDEFINITE,
-			    GSS_C_INDEFINITE,
-			    &cred3,
-			    NULL,
-			    NULL,
-			    NULL);
-
-    maj_stat = gss_release_cred(&min_stat, &cred2);
-    if (maj_stat != GSS_S_COMPLETE)
-	gss_err(1, min_stat, "release 2 %d != GSS_S_COMPLETE", (int)maj_stat);
-
-    maj_stat = gss_release_cred(&min_stat, &cred3);
-    if (maj_stat != GSS_S_COMPLETE)
-	gss_err(1, min_stat, "release 2 %d != GSS_S_COMPLETE", (int)maj_stat);
-}
-
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    {"version",	0,	arg_flag,	&version_flag, "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,  NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args, sizeof(args)/sizeof(*args),
-		    NULL, "service@host");
-    exit (ret);
-}
-
-
-int
-main(int argc, char **argv)
-{
-    struct gss_buffer_desc_struct name_buffer;
-    OM_uint32 maj_stat, min_stat;
-    gss_name_t name;
-    int optidx = 0;
-
-    setprogname(argv[0]);
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    if (argc < 1)
-	errx(1, "argc < 1");
-
-    name_buffer.value = argv[0];
-    name_buffer.length = strlen(argv[0]);
-
-    maj_stat = gss_import_name(&min_stat, &name_buffer,
-			       GSS_C_NT_HOSTBASED_SERVICE,
-			       &name);
-    if (maj_stat != GSS_S_COMPLETE)
-	errx(1, "import name error");
-
-    acquire_release_loop(name, 100, GSS_C_ACCEPT);
-    acquire_release_loop(name, 100, GSS_C_INITIATE);
-    acquire_release_loop(name, 100, GSS_C_BOTH);
-
-    acquire_add_release_add(name, GSS_C_ACCEPT);
-    acquire_add_release_add(name, GSS_C_INITIATE);
-    acquire_add_release_add(name, GSS_C_BOTH);
-
-    gss_release_name(&min_stat, &name);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/gssapi/test_kcred.c b/crypto/heimdal/lib/gssapi/test_kcred.c
deleted file mode 100644
index b774b0431ff9..000000000000
--- a/crypto/heimdal/lib/gssapi/test_kcred.c
+++ /dev/null
@@ -1,186 +0,0 @@
-/*
- * Copyright (c) 2003-2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <stdarg.h>
-#include <gssapi.h>
-#include <krb5.h>
-#include <err.h>
-#include <roken.h>
-#include <getarg.h>
-
-RCSID("$Id: test_kcred.c 20694 2007-05-30 13:58:46Z lha $");
-
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static void
-copy_import(void)
-{
-    gss_cred_id_t cred1, cred2;
-    OM_uint32 maj_stat, min_stat;
-    gss_name_t name1, name2;
-    OM_uint32 lifetime1, lifetime2;
-    gss_cred_usage_t usage1, usage2;
-    gss_OID_set mechs1, mechs2;
-    krb5_ccache id;
-    krb5_error_code ret;
-    krb5_context context;
-    int equal;
-
-    maj_stat = gss_acquire_cred(&min_stat, GSS_C_NO_NAME, GSS_C_INDEFINITE,
-				GSS_C_NO_OID_SET, GSS_C_INITIATE,
-				&cred1, NULL, NULL);
-    if (maj_stat != GSS_S_COMPLETE)
-	errx(1, "gss_acquire_cred");
-
-    maj_stat = gss_inquire_cred(&min_stat, cred1, &name1, &lifetime1,
-				&usage1, &mechs1);
-    if (maj_stat != GSS_S_COMPLETE)
-	errx(1, "gss_inquire_cred");
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx(1, "krb5_init_context");
-
-    ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &id);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_gen_new");
-
-    maj_stat = gss_krb5_copy_ccache(&min_stat, cred1, id);
-    if (maj_stat != GSS_S_COMPLETE)
-	errx(1, "gss_krb5_copy_ccache");
-
-    maj_stat = gss_krb5_import_cred(&min_stat, id, NULL, NULL, &cred2);
-    if (maj_stat != GSS_S_COMPLETE)
-	errx(1, "gss_krb5_import_cred");
-
-    maj_stat = gss_inquire_cred(&min_stat, cred2, &name2, &lifetime2,
-				&usage2, &mechs2);
-    if (maj_stat != GSS_S_COMPLETE)
-	errx(1, "gss_inquire_cred 2");
-
-    maj_stat = gss_compare_name(&min_stat, name1, name2, &equal);
-    if (maj_stat != GSS_S_COMPLETE)
-	errx(1, "gss_compare_name");
-    if (!equal)
-	errx(1, "names not equal");
-	
-    if (lifetime1 != lifetime2)
-	errx(1, "lifetime not equal %lu != %lu",
-	     (unsigned long)lifetime1, (unsigned long)lifetime2);
-
-    if (usage1 != usage2) {
-	/* as long any of them is both are everything it ok */
-	if (usage1 != GSS_C_BOTH && usage2 != GSS_C_BOTH)
-	    errx(1, "usages disjoined");
-    }
-
-    gss_release_name(&min_stat, &name2);
-    gss_release_oid_set(&min_stat, &mechs2);
-
-    maj_stat = gss_inquire_cred(&min_stat, cred2, &name2, &lifetime2,
-				&usage2, &mechs2);
-    if (maj_stat != GSS_S_COMPLETE)
-	errx(1, "gss_inquire_cred");
-
-    maj_stat = gss_compare_name(&min_stat, name1, name2, &equal);
-    if (maj_stat != GSS_S_COMPLETE)
-	errx(1, "gss_compare_name");
-    if (!equal)
-	errx(1, "names not equal");
-	
-    if (lifetime1 != lifetime2)
-	errx(1, "lifetime not equal %lu != %lu",
-	     (unsigned long)lifetime1, (unsigned long)lifetime2);
-
-    gss_release_cred(&min_stat, &cred1);
-    gss_release_cred(&min_stat, &cred2);
-
-    gss_release_name(&min_stat, &name1);
-    gss_release_name(&min_stat, &name2);
-
-#if 0
-    compare(mechs1, mechs2);
-#endif
-
-    gss_release_oid_set(&min_stat, &mechs1);
-    gss_release_oid_set(&min_stat, &mechs2);
-
-    krb5_cc_destroy(context, id);
-    krb5_free_context(context);
-}
-
-static struct getargs args[] = {
-    {"version",	0,	arg_flag,	&version_flag, "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,  NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args, sizeof(args)/sizeof(*args),
-		    NULL, "");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    int optidx = 0;
-
-    setprogname(argv[0]);
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    copy_import();
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/gssapi/test_names.c b/crypto/heimdal/lib/gssapi/test_names.c
deleted file mode 100644
index abc47690b008..000000000000
--- a/crypto/heimdal/lib/gssapi/test_names.c
+++ /dev/null
@@ -1,233 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <stdarg.h>
-#include <gssapi.h>
-#include <err.h>
-#include <roken.h>
-#include <getarg.h>
-
-RCSID("$Id: test_names.c 17856 2006-07-20 05:13:25Z lha $");
-
-static void
-gss_print_errors (int min_stat)
-{
-    OM_uint32 new_stat;
-    OM_uint32 msg_ctx = 0;
-    gss_buffer_desc status_string;
-    OM_uint32 ret;
-
-    do {
-	ret = gss_display_status (&new_stat,
-				  min_stat,
-				  GSS_C_MECH_CODE,
-				  GSS_C_NO_OID,
-				  &msg_ctx,
-				  &status_string);
-	if (!GSS_ERROR(ret)) {
-	    fprintf (stderr, "%s\n", (char *)status_string.value);
-	    gss_release_buffer (&new_stat, &status_string);
-	}
-    } while (!GSS_ERROR(ret) && msg_ctx != 0);
-}
-
-static void
-gss_err(int exitval, int status, const char *fmt, ...)
-{
-    va_list args;
-
-    va_start(args, fmt);
-    vwarnx (fmt, args);
-    gss_print_errors (status);
-    va_end(args);
-    exit (exitval);
-}
-
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    {"version",	0,	arg_flag,	&version_flag, "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,  NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args, sizeof(args)/sizeof(*args),
-		    NULL, "service@host");
-    exit (ret);
-}
-
-
-int
-main(int argc, char **argv)
-{
-    gss_buffer_desc name_buffer;
-    OM_uint32 maj_stat, min_stat;
-    gss_name_t name, MNname, MNname2;
-    int optidx = 0;
-    char *str;
-    int len, equal;
-
-    setprogname(argv[0]);
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    /*
-     * test import/export
-     */
-
-    len = asprintf(&str, "ftp@freeze-arrow.mit.edu");
-    if (len == -1)
-	errx(1, "asprintf");
-
-    name_buffer.value = str;
-    name_buffer.length = len;
-
-    maj_stat = gss_import_name(&min_stat, &name_buffer,
-			       GSS_C_NT_HOSTBASED_SERVICE,
-			       &name);
-    if (maj_stat != GSS_S_COMPLETE)
-	gss_err(1, min_stat, "import name error");
-    free(str);
-
-    maj_stat = gss_canonicalize_name (&min_stat,
-				      name,
-				      GSS_KRB5_MECHANISM,
-				      &MNname);
-    if (maj_stat != GSS_S_COMPLETE)
-	gss_err(1, min_stat, "canonicalize name error");
-
-    maj_stat = gss_export_name(&min_stat,
-			       MNname,
-			       &name_buffer);
-    if (maj_stat != GSS_S_COMPLETE)
-	gss_err(1, min_stat, "export name error (KRB5)");
-
-    /*
-     * Import the exported name and compare
-     */
-
-    maj_stat = gss_import_name(&min_stat, &name_buffer,
-			       GSS_C_NT_EXPORT_NAME,
-			       &MNname2);
-    if (maj_stat != GSS_S_COMPLETE)
-	gss_err(1, min_stat, "import name error (exported KRB5 name)");
-
-
-    maj_stat = gss_compare_name(&min_stat, MNname, MNname2, &equal);
-    if (maj_stat != GSS_S_COMPLETE)
-	errx(1, "gss_compare_name");
-    if (!equal)
-	errx(1, "names not equal");
-
-    gss_release_name(&min_stat, &MNname2);
-    gss_release_buffer(&min_stat, &name_buffer);
-    gss_release_name(&min_stat, &MNname);
-    gss_release_name(&min_stat, &name);
-
-    /*
-     * Import oid less name and compare to mech name.
-     * Dovecot SASL lib does this.
-     */
-
-    len = asprintf(&str, "lha");
-    if (len == -1)
-	errx(1, "asprintf");
-
-    name_buffer.value = str;
-    name_buffer.length = len;
-
-    maj_stat = gss_import_name(&min_stat, &name_buffer,
-			       GSS_C_NO_OID,
-			       &name);
-    if (maj_stat != GSS_S_COMPLETE)
-	gss_err(1, min_stat, "import (no oid) name error");
-
-    maj_stat = gss_import_name(&min_stat, &name_buffer,
-			       GSS_KRB5_NT_USER_NAME,
-			       &MNname);
-    if (maj_stat != GSS_S_COMPLETE)
-	gss_err(1, min_stat, "import (krb5 mn) name error");
-
-    free(str);
-
-    maj_stat = gss_compare_name(&min_stat, name, MNname, &equal);
-    if (maj_stat != GSS_S_COMPLETE)
-	errx(1, "gss_compare_name");
-    if (!equal)
-	errx(1, "names not equal");
-
-    gss_release_name(&min_stat, &MNname);
-    gss_release_name(&min_stat, &name);
-
-#if 0
-    maj_stat = gss_canonicalize_name (&min_stat,
-				      name,
-				      GSS_SPNEGO_MECHANISM,
-				      &MNname);
-    if (maj_stat != GSS_S_COMPLETE)
-	gss_err(1, min_stat, "canonicalize name error");
-
-
-    maj_stat = gss_export_name(&maj_stat,
-			       MNname,
-			       &name_buffer);
-    if (maj_stat != GSS_S_COMPLETE)
-	gss_err(1, min_stat, "export name error (SPNEGO)");
-
-    gss_release_name(&min_stat, &MNname);
-    gss_release_buffer(&min_stat, &name_buffer);
-#endif
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/gssapi/test_ntlm.c b/crypto/heimdal/lib/gssapi/test_ntlm.c
deleted file mode 100644
index 9bd0d1ee1cf0..000000000000
--- a/crypto/heimdal/lib/gssapi/test_ntlm.c
+++ /dev/null
@@ -1,339 +0,0 @@
-/*
- * Copyright (c) 2006 - 2008 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "config.h"
-
-#include <stdio.h>
-#include <gssapi.h>
-#include <err.h>
-#include <roken.h>
-#include <getarg.h>
-#include "test_common.h"
-
-RCSID("$Id: test_ntlm.c 22423 2008-01-13 09:45:03Z lha $");
-
-#include <krb5.h>
-#include <heimntlm.h>
-
-static int
-test_libntlm_v1(int flags)
-{
-    const char *user = "foo", 
-	*domain = "mydomain",
-	*password = "digestpassword";
-    OM_uint32 maj_stat, min_stat;
-    gss_ctx_id_t ctx = GSS_C_NO_CONTEXT;
-    gss_buffer_desc input, output;
-    struct ntlm_type1 type1;
-    struct ntlm_type2 type2;
-    struct ntlm_type3 type3;
-    struct ntlm_buf data;
-    krb5_error_code ret;
-    gss_name_t src_name = GSS_C_NO_NAME;
-    
-    memset(&type1, 0, sizeof(type1));
-    memset(&type2, 0, sizeof(type2));
-    memset(&type3, 0, sizeof(type3));
-
-    type1.flags = NTLM_NEG_UNICODE|NTLM_NEG_TARGET|NTLM_NEG_NTLM|flags;
-    type1.domain = strdup(domain);
-    type1.hostname = NULL;
-    type1.os[0] = 0;
-    type1.os[1] = 0;
-
-    ret = heim_ntlm_encode_type1(&type1, &data);
-    if (ret)
-	errx(1, "heim_ntlm_encode_type1");
-
-    input.value = data.data;
-    input.length = data.length;
-
-    output.length = 0;
-    output.value = NULL;
-
-    maj_stat = gss_accept_sec_context(&min_stat,
-				      &ctx,
-				      GSS_C_NO_CREDENTIAL,
-				      &input,
-				      GSS_C_NO_CHANNEL_BINDINGS,
-				      NULL,
-				      NULL,
-				      &output,
-				      NULL,
-				      NULL,
-				      NULL);
-    free(data.data);
-    if (GSS_ERROR(maj_stat))
-	errx(1, "accept_sec_context v1: %s",
-	     gssapi_err(maj_stat, min_stat, GSS_C_NO_OID));
-
-    if (output.length == 0)
-	errx(1, "output.length == 0");
-
-    data.data = output.value;
-    data.length = output.length;
-
-    ret = heim_ntlm_decode_type2(&data, &type2);
-    if (ret)
-	errx(1, "heim_ntlm_decode_type2");
-
-    gss_release_buffer(&min_stat, &output);
-
-    type3.flags = type2.flags;
-    type3.username = rk_UNCONST(user);
-    type3.targetname = type2.targetname;
-    type3.ws = rk_UNCONST("workstation");
-
-    {
-	struct ntlm_buf key;
-
-	heim_ntlm_nt_key(password, &key);
-
-	heim_ntlm_calculate_ntlm1(key.data, key.length,
-				  type2.challange,
-				  &type3.ntlm);
-
-	if (flags & NTLM_NEG_KEYEX) {
-	    struct ntlm_buf sessionkey;
-	    heim_ntlm_build_ntlm1_master(key.data, key.length,
-					 &sessionkey,
-				     &type3.sessionkey);
-	    free(sessionkey.data);
-	}
-	free(key.data);
-    }
-
-    ret = heim_ntlm_encode_type3(&type3, &data);
-    if (ret)
-	errx(1, "heim_ntlm_encode_type3");
-
-    input.length = data.length;
-    input.value = data.data;
-
-    maj_stat = gss_accept_sec_context(&min_stat,
-				      &ctx,
-				      GSS_C_NO_CREDENTIAL,
-				      &input,
-				      GSS_C_NO_CHANNEL_BINDINGS,
-				      &src_name,
-				      NULL,
-				      &output,
-				      NULL,
-				      NULL,
-				      NULL);
-    free(input.value);
-    if (maj_stat != GSS_S_COMPLETE)
-	errx(1, "accept_sec_context v1 2 %s",
-	     gssapi_err(maj_stat, min_stat, GSS_C_NO_OID));
-
-    gss_release_buffer(&min_stat, &output);
-    gss_delete_sec_context(&min_stat, &ctx, NULL);
-
-    if (src_name == GSS_C_NO_NAME)
-	errx(1, "no source name!");
-
-    gss_display_name(&min_stat, src_name, &output, NULL);
-
-    printf("src_name: %.*s\n", (int)output.length, (char*)output.value);
-
-    gss_release_name(&min_stat, &src_name);
-    gss_release_buffer(&min_stat, &output);
-
-    return 0;
-}
-
-static int
-test_libntlm_v2(int flags)
-{
-    const char *user = "foo", 
-	*domain = "mydomain",
-	*password = "digestpassword";
-    OM_uint32 maj_stat, min_stat;
-    gss_ctx_id_t ctx = GSS_C_NO_CONTEXT;
-    gss_buffer_desc input, output;
-    struct ntlm_type1 type1;
-    struct ntlm_type2 type2;
-    struct ntlm_type3 type3;
-    struct ntlm_buf data;
-    krb5_error_code ret;
-    
-    memset(&type1, 0, sizeof(type1));
-    memset(&type2, 0, sizeof(type2));
-    memset(&type3, 0, sizeof(type3));
-
-    type1.flags = NTLM_NEG_UNICODE|NTLM_NEG_NTLM|flags;
-    type1.domain = strdup(domain);
-    type1.hostname = NULL;
-    type1.os[0] = 0;
-    type1.os[1] = 0;
-
-    ret = heim_ntlm_encode_type1(&type1, &data);
-    if (ret)
-	errx(1, "heim_ntlm_encode_type1");
-
-    input.value = data.data;
-    input.length = data.length;
-
-    output.length = 0;
-    output.value = NULL;
-
-    maj_stat = gss_accept_sec_context(&min_stat,
-				      &ctx,
-				      GSS_C_NO_CREDENTIAL,
-				      &input,
-				      GSS_C_NO_CHANNEL_BINDINGS,
-				      NULL,
-				      NULL,
-				      &output,
-				      NULL,
-				      NULL,
-				      NULL);
-    free(data.data);
-    if (GSS_ERROR(maj_stat))
-	errx(1, "accept_sec_context v2 %s",
-	     gssapi_err(maj_stat, min_stat, GSS_C_NO_OID));
-
-    if (output.length == 0)
-	errx(1, "output.length == 0");
-
-    data.data = output.value;
-    data.length = output.length;
-
-    ret = heim_ntlm_decode_type2(&data, &type2);
-    if (ret)
-	errx(1, "heim_ntlm_decode_type2");
-
-    type3.flags = type2.flags;
-    type3.username = rk_UNCONST(user);
-    type3.targetname = type2.targetname;
-    type3.ws = rk_UNCONST("workstation");
-
-    {
-	struct ntlm_buf key;
-	unsigned char ntlmv2[16];
-
-	heim_ntlm_nt_key(password, &key);
-
-	heim_ntlm_calculate_ntlm2(key.data, key.length,
-				  user,
-				  type2.targetname,
-				  type2.challange,
-				  &type2.targetinfo,
-				  ntlmv2,
-				  &type3.ntlm);
-	free(key.data);
-
-	if (flags & NTLM_NEG_KEYEX) {
-	    struct ntlm_buf sessionkey;
-	    heim_ntlm_build_ntlm1_master(ntlmv2, sizeof(ntlmv2),
-					 &sessionkey,
-					 &type3.sessionkey);
-	    free(sessionkey.data);
-	}
-    }
-
-    ret = heim_ntlm_encode_type3(&type3, &data);
-    if (ret)
-	errx(1, "heim_ntlm_encode_type3");
-
-    input.length = data.length;
-    input.value = data.data;
-
-    maj_stat = gss_accept_sec_context(&min_stat,
-				      &ctx,
-				      GSS_C_NO_CREDENTIAL,
-				      &input,
-				      GSS_C_NO_CHANNEL_BINDINGS,
-				      NULL,
-				      NULL,
-				      &output,
-				      NULL,
-				      NULL,
-				      NULL);
-    free(input.value);
-    if (maj_stat != GSS_S_COMPLETE)
-	errx(1, "accept_sec_context v2 2 %s",
-	     gssapi_err(maj_stat, min_stat, GSS_C_NO_OID));
-
-    gss_delete_sec_context(&min_stat, &ctx, NULL);
-
-    return 0;
-}
-
-
-
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    {"version",	0,	arg_flag,	&version_flag, "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,  NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args, sizeof(args)/sizeof(*args),
-		    NULL, "");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    int ret = 0, optind = 0;
-
-    setprogname(argv[0]);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optind;
-    argv += optind;
-
-    ret += test_libntlm_v1(0);
-    ret += test_libntlm_v1(NTLM_NEG_KEYEX);
-
-    ret += test_libntlm_v2(0);
-    ret += test_libntlm_v2(NTLM_NEG_KEYEX);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/gssapi/test_oid.c b/crypto/heimdal/lib/gssapi/test_oid.c
deleted file mode 100644
index 3beb30cb0a21..000000000000
--- a/crypto/heimdal/lib/gssapi/test_oid.c
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <gssapi.h>
-#include <err.h>
-#include <roken.h>
-
-RCSID("$Id: test_oid.c 20488 2007-04-21 06:29:11Z lha $");
-
-int
-main(int argc, char **argv)
-{
-    OM_uint32 minor_status, maj_stat;
-    gss_buffer_desc data;
-    int ret;
-
-    maj_stat = gss_oid_to_str(&minor_status, GSS_KRB5_MECHANISM, &data);
-    if (GSS_ERROR(maj_stat))
-	errx(1, "gss_oid_to_str failed");
-
-    ret = strcmp(data.value, "1 2 840 113554 1 2 2");
-    gss_release_buffer(&maj_stat, &data);
-    if (ret)
-	return 1;
-
-    maj_stat = gss_oid_to_str(&minor_status, GSS_C_NT_EXPORT_NAME, &data);
-    if (GSS_ERROR(maj_stat))
-	errx(1, "gss_oid_to_str failed");
-
-    ret = strcmp(data.value, "1 3 6 1 5 6 4");
-    gss_release_buffer(&maj_stat, &data);
-    if (ret)
-	return 1;
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/gssapi/test_oid_set_member.c b/crypto/heimdal/lib/gssapi/test_oid_set_member.c
deleted file mode 100644
index e747c5acc108..000000000000
--- a/crypto/heimdal/lib/gssapi/test_oid_set_member.c
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (c) 1997, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: test_oid_set_member.c,v 1.5 2003/03/16 17:54:06 lha Exp $");
-
-OM_uint32 gss_test_oid_set_member (
-            OM_uint32 * minor_status,
-            const gss_OID member,
-            const gss_OID_set set,
-            int * present
-           )
-{
-  size_t i;
-
-  *minor_status = 0;
-  *present = 0;
-  for (i = 0; i < set->count; ++i)
-      if (gss_oid_equal(member, &set->elements[i]) != 0) {
-	  *present = 1;
-	  break;
-      }
-  return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/unwrap.c b/crypto/heimdal/lib/gssapi/unwrap.c
deleted file mode 100644
index b798438dc614..000000000000
--- a/crypto/heimdal/lib/gssapi/unwrap.c
+++ /dev/null
@@ -1,422 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: unwrap.c,v 1.22.2.1 2003/09/18 22:05:22 lha Exp $");
-
-OM_uint32
-gss_krb5_get_remotekey(const gss_ctx_id_t context_handle,
-		       krb5_keyblock **key)
-{
-    krb5_keyblock *skey;
-
-    krb5_auth_con_getremotesubkey(gssapi_krb5_context,
-				  context_handle->auth_context, 
-				  &skey);
-    if(skey == NULL)
-	krb5_auth_con_getlocalsubkey(gssapi_krb5_context,
-				     context_handle->auth_context, 
-				     &skey);
-    if(skey == NULL)
-	krb5_auth_con_getkey(gssapi_krb5_context,
-			     context_handle->auth_context, 
-			     &skey);
-    if(skey == NULL)
-	return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */
-    *key = skey;
-    return 0;
-}
-
-static OM_uint32
-unwrap_des
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            const gss_buffer_t input_message_buffer,
-            gss_buffer_t output_message_buffer,
-            int * conf_state,
-            gss_qop_t * qop_state,
-	    krb5_keyblock *key
-           )
-{
-  u_char *p, *pad;
-  size_t len;
-  MD5_CTX md5;
-  u_char hash[16], seq_data[8];
-  des_key_schedule schedule;
-  des_cblock deskey;
-  des_cblock zero;
-  int i;
-  int32_t seq_number;
-  size_t padlength;
-  OM_uint32 ret;
-  int cstate;
-
-  p = input_message_buffer->value;
-  ret = gssapi_krb5_verify_header (&p,
-				   input_message_buffer->length,
-				   "\x02\x01");
-  if (ret)
-      return ret;
-
-  if (memcmp (p, "\x00\x00", 2) != 0)
-    return GSS_S_BAD_SIG;
-  p += 2;
-  if (memcmp (p, "\x00\x00", 2) == 0) {
-      cstate = 1;
-  } else if (memcmp (p, "\xFF\xFF", 2) == 0) {
-      cstate = 0;
-  } else
-      return GSS_S_BAD_MIC;
-  p += 2;
-  if(conf_state != NULL)
-      *conf_state = cstate;
-  if (memcmp (p, "\xff\xff", 2) != 0)
-    return GSS_S_DEFECTIVE_TOKEN;
-  p += 2;
-  p += 16;
-
-  len = p - (u_char *)input_message_buffer->value;
-
-  if(cstate) {
-      /* decrypt data */
-      memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
-
-      for (i = 0; i < sizeof(deskey); ++i)
-	  deskey[i] ^= 0xf0;
-      des_set_key (&deskey, schedule);
-      memset (&zero, 0, sizeof(zero));
-      des_cbc_encrypt ((void *)p,
-		       (void *)p,
-		       input_message_buffer->length - len,
-		       schedule,
-		       &zero,
-		       DES_DECRYPT);
-      
-      memset (deskey, 0, sizeof(deskey));
-      memset (schedule, 0, sizeof(schedule));
-  }
-  /* check pad */
-
-  pad = (u_char *)input_message_buffer->value + input_message_buffer->length - 1;
-  padlength = *pad;
-
-  for (i = padlength; i > 0 && *pad == padlength; i--, pad--)
-    ;
-  if (i != 0)
-    return GSS_S_BAD_MIC;
-
-  MD5_Init (&md5);
-  MD5_Update (&md5, p - 24, 8);
-  MD5_Update (&md5, p, input_message_buffer->length - len);
-  MD5_Final (hash, &md5);
-
-  memset (&zero, 0, sizeof(zero));
-  memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
-  des_set_key (&deskey, schedule);
-  des_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
-		 schedule, &zero);
-  if (memcmp (p - 8, hash, 8) != 0)
-    return GSS_S_BAD_MIC;
-
-  /* verify sequence number */
-  
-  krb5_auth_getremoteseqnumber (gssapi_krb5_context,
-				context_handle->auth_context,
-				&seq_number);
-  seq_data[0] = (seq_number >> 0)  & 0xFF;
-  seq_data[1] = (seq_number >> 8)  & 0xFF;
-  seq_data[2] = (seq_number >> 16) & 0xFF;
-  seq_data[3] = (seq_number >> 24) & 0xFF;
-  memset (seq_data + 4,
-	  (context_handle->more_flags & LOCAL) ? 0xFF : 0,
-	  4);
-
-  p -= 16;
-  des_set_key (&deskey, schedule);
-  des_cbc_encrypt ((void *)p, (void *)p, 8,
-		   schedule, (des_cblock *)hash, DES_DECRYPT);
-
-  memset (deskey, 0, sizeof(deskey));
-  memset (schedule, 0, sizeof(schedule));
-
-  if (memcmp (p, seq_data, 8) != 0) {
-    return GSS_S_BAD_MIC;
-  }
-
-  krb5_auth_con_setremoteseqnumber (gssapi_krb5_context,
-				context_handle->auth_context,
-				++seq_number);
-
-  /* copy out data */
-
-  output_message_buffer->length = input_message_buffer->length
-    - len - padlength - 8;
-  output_message_buffer->value  = malloc(output_message_buffer->length);
-  if(output_message_buffer->length != 0 && output_message_buffer->value == NULL)
-      return GSS_S_FAILURE;
-  memcpy (output_message_buffer->value,
-	  p + 24,
-	  output_message_buffer->length);
-  return GSS_S_COMPLETE;
-}
-
-static OM_uint32
-unwrap_des3
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            const gss_buffer_t input_message_buffer,
-            gss_buffer_t output_message_buffer,
-            int * conf_state,
-            gss_qop_t * qop_state,
-	    krb5_keyblock *key
-           )
-{
-  u_char *p, *pad;
-  size_t len;
-  u_char seq[8];
-  krb5_data seq_data;
-  u_char cksum[20];
-  int i;
-  int32_t seq_number;
-  size_t padlength;
-  OM_uint32 ret;
-  int cstate;
-  krb5_crypto crypto;
-  Checksum csum;
-  int cmp;
-
-  p = input_message_buffer->value;
-  ret = gssapi_krb5_verify_header (&p,
-				   input_message_buffer->length,
-				   "\x02\x01");
-  if (ret)
-      return ret;
-
-  if (memcmp (p, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */
-    return GSS_S_BAD_SIG;
-  p += 2;
-  if (memcmp (p, "\x02\x00", 2) == 0) {
-    cstate = 1;
-  } else if (memcmp (p, "\xff\xff", 2) == 0) {
-    cstate = 0;
-  } else
-    return GSS_S_BAD_MIC;
-  p += 2;
-  if(conf_state != NULL)
-    *conf_state = cstate;
-  if (memcmp (p, "\xff\xff", 2) != 0)
-    return GSS_S_DEFECTIVE_TOKEN;
-  p += 2;
-  p += 28;
-
-  len = p - (u_char *)input_message_buffer->value;
-
-  if(cstate) {
-      /* decrypt data */
-      krb5_data tmp;
-
-      ret = krb5_crypto_init(gssapi_krb5_context, key,
-			     ETYPE_DES3_CBC_NONE, &crypto);
-      if (ret) {
-	  gssapi_krb5_set_error_string ();
-	  *minor_status = ret;
-	  return GSS_S_FAILURE;
-      }
-      ret = krb5_decrypt(gssapi_krb5_context, crypto, KRB5_KU_USAGE_SEAL,
-			 p, input_message_buffer->length - len, &tmp);
-      krb5_crypto_destroy(gssapi_krb5_context, crypto);
-      if (ret) {
-	  gssapi_krb5_set_error_string ();
-	  *minor_status = ret;
-	  return GSS_S_FAILURE;
-      }
-      assert (tmp.length == input_message_buffer->length - len);
-
-      memcpy (p, tmp.data, tmp.length);
-      krb5_data_free(&tmp);
-  }
-  /* check pad */
-
-  pad = (u_char *)input_message_buffer->value + input_message_buffer->length - 1;
-  padlength = *pad;
-
-  for (i = padlength; i > 0 && *pad == padlength; i--, pad--)
-    ;
-  if (i != 0)
-    return GSS_S_BAD_MIC;
-
-  /* verify sequence number */
-  
-  krb5_auth_getremoteseqnumber (gssapi_krb5_context,
-				context_handle->auth_context,
-				&seq_number);
-  seq[0] = (seq_number >> 0)  & 0xFF;
-  seq[1] = (seq_number >> 8)  & 0xFF;
-  seq[2] = (seq_number >> 16) & 0xFF;
-  seq[3] = (seq_number >> 24) & 0xFF;
-  memset (seq + 4,
-	  (context_handle->more_flags & LOCAL) ? 0xFF : 0,
-	  4);
-
-  p -= 28;
-
-  ret = krb5_crypto_init(gssapi_krb5_context, key,
-			 ETYPE_DES3_CBC_NONE, &crypto);
-  if (ret) {
-      gssapi_krb5_set_error_string ();
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-  {
-      des_cblock ivec;
-
-      memcpy(&ivec, p + 8, 8);
-      ret = krb5_decrypt_ivec (gssapi_krb5_context,
-			       crypto,
-			       KRB5_KU_USAGE_SEQ,
-			       p, 8, &seq_data,
-			       &ivec);
-  }
-  krb5_crypto_destroy (gssapi_krb5_context, crypto);
-  if (ret) {
-      gssapi_krb5_set_error_string ();
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-  if (seq_data.length != 8) {
-      krb5_data_free (&seq_data);
-      return GSS_S_BAD_MIC;
-  }
-
-  cmp = memcmp (seq, seq_data.data, seq_data.length);
-  krb5_data_free (&seq_data);
-  if (cmp != 0) {
-      return GSS_S_BAD_MIC;
-  }
-
-  krb5_auth_con_setremoteseqnumber (gssapi_krb5_context,
-				context_handle->auth_context,
-				++seq_number);
-
-  /* verify checksum */
-
-  memcpy (cksum, p + 8, 20);
-
-  memcpy (p + 20, p - 8, 8);
-
-  csum.cksumtype = CKSUMTYPE_HMAC_SHA1_DES3;
-  csum.checksum.length = 20;
-  csum.checksum.data   = cksum;
-
-  ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto);
-  if (ret) {
-      gssapi_krb5_set_error_string ();
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-
-  ret = krb5_verify_checksum (gssapi_krb5_context, crypto,
-			      KRB5_KU_USAGE_SIGN,
-			      p + 20,
-			      input_message_buffer->length - len + 8,
-			      &csum);
-  krb5_crypto_destroy (gssapi_krb5_context, crypto);
-  if (ret) {
-      gssapi_krb5_set_error_string ();
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-
-  /* copy out data */
-
-  output_message_buffer->length = input_message_buffer->length
-    - len - padlength - 8;
-  output_message_buffer->value  = malloc(output_message_buffer->length);
-  if(output_message_buffer->length != 0 && output_message_buffer->value == NULL)
-      return GSS_S_FAILURE;
-  memcpy (output_message_buffer->value,
-	  p + 36,
-	  output_message_buffer->length);
-  return GSS_S_COMPLETE;
-}
-
-OM_uint32 gss_unwrap
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            const gss_buffer_t input_message_buffer,
-            gss_buffer_t output_message_buffer,
-            int * conf_state,
-            gss_qop_t * qop_state
-           )
-{
-  krb5_keyblock *key;
-  OM_uint32 ret;
-  krb5_keytype keytype;
-
-  if (qop_state != NULL)
-      *qop_state = GSS_C_QOP_DEFAULT;
-  ret = gss_krb5_get_remotekey(context_handle, &key);
-  if (ret) {
-      gssapi_krb5_set_error_string ();
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-  krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype);
-
-  *minor_status = 0;
-
-  switch (keytype) {
-  case KEYTYPE_DES :
-      ret = unwrap_des (minor_status, context_handle,
-			input_message_buffer, output_message_buffer,
-			conf_state, qop_state, key);
-      break;
-  case KEYTYPE_DES3 :
-      ret = unwrap_des3 (minor_status, context_handle,
-			 input_message_buffer, output_message_buffer,
-			 conf_state, qop_state, key);
-      break;
-  case KEYTYPE_ARCFOUR:
-      ret = _gssapi_unwrap_arcfour (minor_status, context_handle,
-				    input_message_buffer, output_message_buffer,
-				    conf_state, qop_state, key);
-      break;
-  default :
-      *minor_status = KRB5_PROG_ETYPE_NOSUPP;
-      ret = GSS_S_FAILURE;
-      break;
-  }
-  krb5_free_keyblock (gssapi_krb5_context, key);
-  return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/v1.c b/crypto/heimdal/lib/gssapi/v1.c
deleted file mode 100644
index 34091ea71572..000000000000
--- a/crypto/heimdal/lib/gssapi/v1.c
+++ /dev/null
@@ -1,104 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: v1.c,v 1.2 1999/12/02 17:05:04 joda Exp $");
-
-/* These functions are for V1 compatibility */
-
-OM_uint32 gss_sign
-           (OM_uint32 * minor_status,
-            gss_ctx_id_t context_handle,
-            int qop_req,
-            gss_buffer_t message_buffer,
-            gss_buffer_t message_token
-           )
-{
-  return gss_get_mic(minor_status,
-	context_handle,
-	(gss_qop_t)qop_req,
-	message_buffer,
-	message_token);
-}
-
-OM_uint32 gss_verify
-           (OM_uint32 * minor_status,
-            gss_ctx_id_t context_handle,
-            gss_buffer_t message_buffer,
-            gss_buffer_t token_buffer,
-            int * qop_state
-           )
-{
-  return gss_verify_mic(minor_status,
-	context_handle,
-	message_buffer,
-	token_buffer,
-	(gss_qop_t *)qop_state);
-}
-
-OM_uint32 gss_seal
-           (OM_uint32 * minor_status,
-            gss_ctx_id_t context_handle,
-            int conf_req_flag,
-            int qop_req,
-            gss_buffer_t input_message_buffer,
-            int * conf_state,
-            gss_buffer_t output_message_buffer
-           )
-{
-  return gss_wrap(minor_status,
-	context_handle,
-	conf_req_flag,
-	(gss_qop_t)qop_req,
-	input_message_buffer,
-	conf_state,
-	output_message_buffer);
-}
-
-OM_uint32 gss_unseal
-           (OM_uint32 * minor_status,
-            gss_ctx_id_t context_handle,
-            gss_buffer_t input_message_buffer,
-            gss_buffer_t output_message_buffer,
-            int * conf_state,
-            int * qop_state
-           )
-{
-  return gss_unwrap(minor_status,
-	context_handle,
-	input_message_buffer,
-	output_message_buffer,
-	conf_state,
-	(gss_qop_t *)qop_state);
-}
diff --git a/crypto/heimdal/lib/gssapi/verify_mic.c b/crypto/heimdal/lib/gssapi/verify_mic.c
deleted file mode 100644
index aef2d07da6bf..000000000000
--- a/crypto/heimdal/lib/gssapi/verify_mic.c
+++ /dev/null
@@ -1,322 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: verify_mic.c,v 1.18.2.4 2003/09/18 22:05:34 lha Exp $");
-
-static OM_uint32
-verify_mic_des
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            const gss_buffer_t message_buffer,
-            const gss_buffer_t token_buffer,
-            gss_qop_t * qop_state,
-	    krb5_keyblock *key,
-	    char *type
-	    )
-{
-  u_char *p;
-  MD5_CTX md5;
-  u_char hash[16], seq_data[8];
-  des_key_schedule schedule;
-  des_cblock zero;
-  des_cblock deskey;
-  int32_t seq_number;
-  OM_uint32 ret;
-
-  p = token_buffer->value;
-  ret = gssapi_krb5_verify_header (&p,
-				   token_buffer->length,
-				   type);
-  if (ret)
-      return ret;
-
-  if (memcmp(p, "\x00\x00", 2) != 0)
-      return GSS_S_BAD_SIG;
-  p += 2;
-  if (memcmp (p, "\xff\xff\xff\xff", 4) != 0)
-    return GSS_S_BAD_MIC;
-  p += 4;
-  p += 16;
-
-  /* verify checksum */
-  MD5_Init (&md5);
-  MD5_Update (&md5, p - 24, 8);
-  MD5_Update (&md5, message_buffer->value,
-	     message_buffer->length);
-  MD5_Final (hash, &md5);
-
-  memset (&zero, 0, sizeof(zero));
-  memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
-
-  des_set_key (&deskey, schedule);
-  des_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
-		 schedule, &zero);
-  if (memcmp (p - 8, hash, 8) != 0) {
-    memset (deskey, 0, sizeof(deskey));
-    memset (schedule, 0, sizeof(schedule));
-    return GSS_S_BAD_MIC;
-  }
-
-  /* verify sequence number */
-  
-  krb5_auth_getremoteseqnumber (gssapi_krb5_context,
-				context_handle->auth_context,
-				&seq_number);
-  seq_data[0] = (seq_number >> 0)  & 0xFF;
-  seq_data[1] = (seq_number >> 8)  & 0xFF;
-  seq_data[2] = (seq_number >> 16) & 0xFF;
-  seq_data[3] = (seq_number >> 24) & 0xFF;
-  memset (seq_data + 4,
-	  (context_handle->more_flags & LOCAL) ? 0xFF : 0,
-	  4);
-
-  p -= 16;
-  des_set_key (&deskey, schedule);
-  des_cbc_encrypt ((void *)p, (void *)p, 8,
-		   schedule, (des_cblock *)hash, DES_DECRYPT);
-
-  memset (deskey, 0, sizeof(deskey));
-  memset (schedule, 0, sizeof(schedule));
-
-  if (memcmp (p, seq_data, 8) != 0) {
-    return GSS_S_BAD_MIC;
-  }
-
-  krb5_auth_con_setremoteseqnumber (gssapi_krb5_context,
-				context_handle->auth_context,
-				++seq_number);
-
-  return GSS_S_COMPLETE;
-}
-
-static OM_uint32
-verify_mic_des3
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            const gss_buffer_t message_buffer,
-            const gss_buffer_t token_buffer,
-            gss_qop_t * qop_state,
-	    krb5_keyblock *key,
-	    char *type
-	    )
-{
-  u_char *p;
-  u_char seq[8];
-  int32_t seq_number;
-  OM_uint32 ret;
-  krb5_crypto crypto;
-  krb5_data seq_data;
-  int cmp, docompat;
-  Checksum csum;
-  char *tmp;
-  char ivec[8];
-  
-  p = token_buffer->value;
-  ret = gssapi_krb5_verify_header (&p,
-				   token_buffer->length,
-				   type);
-  if (ret)
-      return ret;
-
-  if (memcmp(p, "\x04\x00", 2) != 0) /* SGN_ALG = HMAC SHA1 DES3-KD */
-      return GSS_S_BAD_SIG;
-  p += 2;
-  if (memcmp (p, "\xff\xff\xff\xff", 4) != 0)
-    return GSS_S_BAD_MIC;
-  p += 4;
-
-  ret = krb5_crypto_init(gssapi_krb5_context, key,
-			 ETYPE_DES3_CBC_NONE, &crypto);
-  if (ret){
-      gssapi_krb5_set_error_string ();
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-
-  /* verify sequence number */
-  docompat = 0;
-retry:
-  if (docompat)
-      memset(ivec, 0, 8);
-  else
-      memcpy(ivec, p + 8, 8);
-
-  ret = krb5_decrypt_ivec (gssapi_krb5_context,
-			   crypto,
-			   KRB5_KU_USAGE_SEQ,
-			   p, 8, &seq_data, ivec);
-  if (ret) {
-      if (docompat++) {
-	  gssapi_krb5_set_error_string ();
-	  krb5_crypto_destroy (gssapi_krb5_context, crypto);
-	  *minor_status = ret;
-	  return GSS_S_FAILURE;
-      } else
-	  goto retry;
-  }
-
-  if (seq_data.length != 8) {
-      krb5_data_free (&seq_data);
-      if (docompat++) {
-	  krb5_crypto_destroy (gssapi_krb5_context, crypto);
-	  return GSS_S_BAD_MIC;
-      } else
-	  goto retry;
-  }
-
-  krb5_auth_getremoteseqnumber (gssapi_krb5_context,
-				context_handle->auth_context,
-				&seq_number);
-  seq[0] = (seq_number >> 0)  & 0xFF;
-  seq[1] = (seq_number >> 8)  & 0xFF;
-  seq[2] = (seq_number >> 16) & 0xFF;
-  seq[3] = (seq_number >> 24) & 0xFF;
-  memset (seq + 4,
-	  (context_handle->more_flags & LOCAL) ? 0xFF : 0,
-	  4);
-  cmp = memcmp (seq, seq_data.data, seq_data.length);
-  krb5_data_free (&seq_data);
-  if (cmp != 0) {
-      if (docompat++) {
-	  krb5_crypto_destroy (gssapi_krb5_context, crypto);
-	  return GSS_S_BAD_MIC;
-      } else
-	  goto retry;
-  }
-
-  /* verify checksum */
-
-  tmp = malloc (message_buffer->length + 8);
-  if (tmp == NULL) {
-      krb5_crypto_destroy (gssapi_krb5_context, crypto);
-      *minor_status = ENOMEM;
-      return GSS_S_FAILURE;
-  }
-
-  memcpy (tmp, p - 8, 8);
-  memcpy (tmp + 8, message_buffer->value, message_buffer->length);
-
-  csum.cksumtype = CKSUMTYPE_HMAC_SHA1_DES3;
-  csum.checksum.length = 20;
-  csum.checksum.data   = p + 8;
-
-  ret = krb5_verify_checksum (gssapi_krb5_context, crypto,
-			      KRB5_KU_USAGE_SIGN,
-			      tmp, message_buffer->length + 8,
-			      &csum);
-  free (tmp);
-  if (ret) {
-      gssapi_krb5_set_error_string ();
-      krb5_crypto_destroy (gssapi_krb5_context, crypto);
-      *minor_status = ret;
-      return GSS_S_BAD_MIC;
-  }
-
-  krb5_auth_con_setremoteseqnumber (gssapi_krb5_context,
-				context_handle->auth_context,
-				++seq_number);
-
-  krb5_crypto_destroy (gssapi_krb5_context, crypto);
-  return GSS_S_COMPLETE;
-}
-
-OM_uint32
-gss_verify_mic_internal
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            const gss_buffer_t message_buffer,
-            const gss_buffer_t token_buffer,
-            gss_qop_t * qop_state,
-	    char * type
-	    )
-{
-    krb5_keyblock *key;
-    OM_uint32 ret;
-    krb5_keytype keytype;
-
-    ret = gss_krb5_get_remotekey(context_handle, &key);
-    if (ret) {
-	gssapi_krb5_set_error_string ();
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-    *minor_status = 0;
-    krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype);
-    switch (keytype) {
-    case KEYTYPE_DES :
-	ret = verify_mic_des (minor_status, context_handle,
-			      message_buffer, token_buffer, qop_state, key,
-			      type);
-	break;
-    case KEYTYPE_DES3 :
-	ret = verify_mic_des3 (minor_status, context_handle,
-			       message_buffer, token_buffer, qop_state, key,
-			       type);
-	break;
-    case KEYTYPE_ARCFOUR :
-	ret = _gssapi_verify_mic_arcfour (minor_status, context_handle,
-					  message_buffer, token_buffer,
-					  qop_state, key, type);
-	break;
-    default :
-	*minor_status = KRB5_PROG_ETYPE_NOSUPP;
-	ret = GSS_S_FAILURE;
-	break;
-    }
-    krb5_free_keyblock (gssapi_krb5_context, key);
-    
-    return ret;
-}
-
-OM_uint32
-gss_verify_mic
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            const gss_buffer_t message_buffer,
-            const gss_buffer_t token_buffer,
-            gss_qop_t * qop_state
-	    )
-{
-    OM_uint32 ret;
-
-    if (qop_state != NULL)
-	*qop_state = GSS_C_QOP_DEFAULT;
-
-    ret = gss_verify_mic_internal(minor_status, context_handle, 
-				  message_buffer, token_buffer,
-				  qop_state, "\x01\x01");
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/version-script.map b/crypto/heimdal/lib/gssapi/version-script.map
deleted file mode 100644
index 43ea73fdb094..000000000000
--- a/crypto/heimdal/lib/gssapi/version-script.map
+++ /dev/null
@@ -1,97 +0,0 @@
-# $Id: version-script.map 20493 2007-04-21 07:56:20Z lha $
-
-HEIMDAL_GSS_1.0 {
-	global:
-		GSS_KRB5_MECHANISM;
-		GSS_NTLM_MECHANISM;
-		GSS_SPNEGO_MECHANISM;
-		GSS_SASL_DIGEST_MD5_MECHANISM;
-		GSS_C_NT_ANONYMOUS;
-		GSS_C_NT_EXPORT_NAME;
-		GSS_C_NT_HOSTBASED_SERVICE;
-		GSS_C_NT_HOSTBASED_SERVICE_X;
-		GSS_C_NT_MACHINE_UID_NAME;
-		GSS_C_NT_STRING_UID_NAME;
-		GSS_C_NT_USER_NAME;
-		GSS_KRB5_NT_PRINCIPAL_NAME;
-		GSS_KRB5_NT_USER_NAME;
-		GSS_KRB5_NT_MACHINE_UID_NAME;
-		GSS_KRB5_NT_STRING_UID_NAME;
-		gss_acquire_cred;
-		gss_release_cred;
-		gss_init_sec_context;
-		gss_accept_sec_context;
-		gss_process_context_token;
-		gss_delete_sec_context;
-		gss_context_time;
-		gss_get_mic;
-		gss_verify_mic;
-		gss_wrap;
-		gss_unwrap;
-		gss_display_status;
-		gss_indicate_mechs;
-		gss_compare_name;
-		gss_display_name;
-		gss_import_name;
-		gss_export_name;
-		gss_release_name;
-		gss_release_buffer;
-		gss_release_oid_set;
-		gss_inquire_cred;
-		gss_inquire_context;
-		gss_wrap_size_limit;
-		gss_add_cred;
-		gss_inquire_cred_by_mech;
-		gss_export_sec_context;
-		gss_import_sec_context;
-		gss_create_empty_oid_set;
-		gss_add_oid_set_member;
-		gss_test_oid_set_member;
-		gss_inquire_names_for_mech;
-		gss_inquire_mechs_for_name;
-		gss_canonicalize_name;
-		gss_duplicate_name;
-		gss_duplicate_oid;
-		gss_release_oid;
-		gss_oid_to_str;
-		gss_inquire_sec_context_by_oid;
-		gss_set_sec_context_option;
-		gss_set_cred_option;
-		gss_oid_equal;
-		gss_create_empty_buffer_set;
-		gss_add_buffer_set_member;
-		gss_release_buffer_set;
-		gss_inquire_cred_by_oid;
-		gss_pseudo_random;
-		gss_sign;
-		gss_verify;
-		gss_seal;
-		gss_unseal;
-		gss_inquire_sec_context_by_oid;
-		gss_encapsulate_token;
-		gss_decapsulate_token;
-		gss_krb5_ccache_name;
-		gsskrb5_register_acceptor_identity;
-		gss_krb5_copy_ccache;
-		gss_krb5_import_cred;
-		gss_krb5_get_tkt_flags;
-		gsskrb5_extract_authz_data_from_sec_context;
-		gsskrb5_set_dns_canonicalize;
-		gsskrb5_set_send_to_kdc;
-		gsskrb5_set_default_realm;
-		gsskrb5_extract_authtime_from_sec_context;
-		gsskrb5_extract_service_keyblock;
-		gsskrb5_get_initiator_subkey;
-		gsskrb5_get_subkey;
-		gss_krb5_export_lucid_sec_context;
-		gss_krb5_free_lucid_sec_context;
-		gss_krb5_set_allowable_enctypes;
-
-		# _gsskrb5cfx_ are really internal symbols, but export
-		# then now to make testing easier.
-		_gsskrb5cfx_max_wrap_length_cfx;
-		_gsskrb5cfx_wrap_length_cfx;
-
-	local:
-		*;
-};
diff --git a/crypto/heimdal/lib/gssapi/wrap.c b/crypto/heimdal/lib/gssapi/wrap.c
deleted file mode 100644
index a0f9d2ff52ea..000000000000
--- a/crypto/heimdal/lib/gssapi/wrap.c
+++ /dev/null
@@ -1,454 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: wrap.c,v 1.21.2.1 2003/09/18 22:05:45 lha Exp $");
-
-OM_uint32
-gss_krb5_get_localkey(const gss_ctx_id_t context_handle,
-		       krb5_keyblock **key)
-{
-    krb5_keyblock *skey;
-
-    krb5_auth_con_getlocalsubkey(gssapi_krb5_context,
-				 context_handle->auth_context, 
-				 &skey);
-    if(skey == NULL)
-	krb5_auth_con_getremotesubkey(gssapi_krb5_context,
-				      context_handle->auth_context, 
-				      &skey);
-    if(skey == NULL)
-	krb5_auth_con_getkey(gssapi_krb5_context,
-			     context_handle->auth_context, 
-			     &skey);
-    if(skey == NULL)
-	return GSS_S_FAILURE;
-    *key = skey;
-    return 0;
-}
-
-static OM_uint32
-sub_wrap_size (
-            OM_uint32 req_output_size,
-            OM_uint32 * max_input_size,
-	    int blocksize,
-	    int extrasize
-           )
-{
-  size_t len, total_len, padlength;
-  padlength = blocksize - (req_output_size % blocksize);
-  len = req_output_size + 8 + padlength + extrasize;
-  gssapi_krb5_encap_length(len, &len, &total_len);
-  *max_input_size = (OM_uint32)total_len;
-  return GSS_S_COMPLETE;
-}
-
-OM_uint32
-gss_wrap_size_limit (
-            OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            int conf_req_flag,
-            gss_qop_t qop_req,
-            OM_uint32 req_output_size,
-            OM_uint32 * max_input_size
-           )
-{
-  krb5_keyblock *key;
-  OM_uint32 ret;
-  krb5_keytype keytype;
-
-  ret = gss_krb5_get_localkey(context_handle, &key);
-  if (ret) {
-      gssapi_krb5_set_error_string ();
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-  krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype);
-
-  switch (keytype) {
-  case KEYTYPE_DES :
-  case KEYTYPE_ARCFOUR:
-      ret = sub_wrap_size(req_output_size, max_input_size, 8, 22);
-      break;
-  case KEYTYPE_DES3 :
-      ret = sub_wrap_size(req_output_size, max_input_size, 8, 34);
-      break;
-  default :
-      *minor_status = KRB5_PROG_ETYPE_NOSUPP;
-      ret = GSS_S_FAILURE;
-      break;
-  }
-  krb5_free_keyblock (gssapi_krb5_context, key);
-  *minor_status = 0;
-  return ret;
-}
-
-static OM_uint32
-wrap_des
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            int conf_req_flag,
-            gss_qop_t qop_req,
-            const gss_buffer_t input_message_buffer,
-            int * conf_state,
-            gss_buffer_t output_message_buffer,
-	    krb5_keyblock *key
-           )
-{
-  u_char *p;
-  MD5_CTX md5;
-  u_char hash[16];
-  des_key_schedule schedule;
-  des_cblock deskey;
-  des_cblock zero;
-  int i;
-  int32_t seq_number;
-  size_t len, total_len, padlength, datalen;
-
-  padlength = 8 - (input_message_buffer->length % 8);
-  datalen = input_message_buffer->length + padlength + 8;
-  len = datalen + 22;
-  gssapi_krb5_encap_length (len, &len, &total_len);
-
-  output_message_buffer->length = total_len;
-  output_message_buffer->value  = malloc (total_len);
-  if (output_message_buffer->value == NULL) {
-    *minor_status = ENOMEM;
-    return GSS_S_FAILURE;
-  }
-
-  p = gssapi_krb5_make_header(output_message_buffer->value,
-			      len,
-			      "\x02\x01"); /* TOK_ID */
-
-  /* SGN_ALG */
-  memcpy (p, "\x00\x00", 2);
-  p += 2;
-  /* SEAL_ALG */
-  if(conf_req_flag)
-      memcpy (p, "\x00\x00", 2);
-  else
-      memcpy (p, "\xff\xff", 2);
-  p += 2;
-  /* Filler */
-  memcpy (p, "\xff\xff", 2);
-  p += 2;
-
-  /* fill in later */
-  memset (p, 0, 16);
-  p += 16;
-
-  /* confounder + data + pad */
-  krb5_generate_random_block(p, 8);
-  memcpy (p + 8, input_message_buffer->value,
-	  input_message_buffer->length);
-  memset (p + 8 + input_message_buffer->length, padlength, padlength);
-
-  /* checksum */
-  MD5_Init (&md5);
-  MD5_Update (&md5, p - 24, 8);
-  MD5_Update (&md5, p, datalen);
-  MD5_Final (hash, &md5);
-
-  memset (&zero, 0, sizeof(zero));
-  memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
-  des_set_key (&deskey, schedule);
-  des_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
-		 schedule, &zero);
-  memcpy (p - 8, hash, 8);
-
-  /* sequence number */
-  krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
-			       context_handle->auth_context,
-			       &seq_number);
-
-  p -= 16;
-  p[0] = (seq_number >> 0)  & 0xFF;
-  p[1] = (seq_number >> 8)  & 0xFF;
-  p[2] = (seq_number >> 16) & 0xFF;
-  p[3] = (seq_number >> 24) & 0xFF;
-  memset (p + 4,
-	  (context_handle->more_flags & LOCAL) ? 0 : 0xFF,
-	  4);
-
-  des_set_key (&deskey, schedule);
-  des_cbc_encrypt ((void *)p, (void *)p, 8,
-		   schedule, (des_cblock *)(p + 8), DES_ENCRYPT);
-
-  krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
-			       context_handle->auth_context,
-			       ++seq_number);
-
-  /* encrypt the data */
-  p += 16;
-
-  if(conf_req_flag) {
-      memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
-
-      for (i = 0; i < sizeof(deskey); ++i)
-	  deskey[i] ^= 0xf0;
-      des_set_key (&deskey, schedule);
-      memset (&zero, 0, sizeof(zero));
-      des_cbc_encrypt ((void *)p,
-		       (void *)p,
-		       datalen,
-		       schedule,
-		       &zero,
-		       DES_ENCRYPT);
-      
-      memset (deskey, 0, sizeof(deskey));
-      memset (schedule, 0, sizeof(schedule));
-  }
-  if(conf_state != NULL)
-      *conf_state = conf_req_flag;
-  *minor_status = 0;
-  return GSS_S_COMPLETE;
-}
-
-static OM_uint32
-wrap_des3
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            int conf_req_flag,
-            gss_qop_t qop_req,
-            const gss_buffer_t input_message_buffer,
-            int * conf_state,
-            gss_buffer_t output_message_buffer,
-	    krb5_keyblock *key
-           )
-{
-  u_char *p;
-  u_char seq[8];
-  int32_t seq_number;
-  size_t len, total_len, padlength, datalen;
-  u_int32_t ret;
-  krb5_crypto crypto;
-  Checksum cksum;
-  krb5_data encdata;
-
-  padlength = 8 - (input_message_buffer->length % 8);
-  datalen = input_message_buffer->length + padlength + 8;
-  len = datalen + 34;
-  gssapi_krb5_encap_length (len, &len, &total_len);
-
-  output_message_buffer->length = total_len;
-  output_message_buffer->value  = malloc (total_len);
-  if (output_message_buffer->value == NULL) {
-    *minor_status = ENOMEM;
-    return GSS_S_FAILURE;
-  }
-
-  p = gssapi_krb5_make_header(output_message_buffer->value,
-			      len,
-			      "\x02\x01"); /* TOK_ID */
-
-  /* SGN_ALG */
-  memcpy (p, "\x04\x00", 2);	/* HMAC SHA1 DES3-KD */
-  p += 2;
-  /* SEAL_ALG */
-  if(conf_req_flag)
-      memcpy (p, "\x02\x00", 2); /* DES3-KD */
-  else
-      memcpy (p, "\xff\xff", 2);
-  p += 2;
-  /* Filler */
-  memcpy (p, "\xff\xff", 2);
-  p += 2;
-
-  /* calculate checksum (the above + confounder + data + pad) */
-
-  memcpy (p + 20, p - 8, 8);
-  krb5_generate_random_block(p + 28, 8);
-  memcpy (p + 28 + 8, input_message_buffer->value,
-	  input_message_buffer->length);
-  memset (p + 28 + 8 + input_message_buffer->length, padlength, padlength);
-
-  ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto);
-  if (ret) {
-      gssapi_krb5_set_error_string ();
-      free (output_message_buffer->value);
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-
-  ret = krb5_create_checksum (gssapi_krb5_context,
-			      crypto,
-			      KRB5_KU_USAGE_SIGN,
-			      0,
-			      p + 20,
-			      datalen + 8,
-			      &cksum);
-  krb5_crypto_destroy (gssapi_krb5_context, crypto);
-  if (ret) {
-      gssapi_krb5_set_error_string ();
-      free (output_message_buffer->value);
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-
-  /* zero out SND_SEQ + SGN_CKSUM in case */
-  memset (p, 0, 28);
-
-  memcpy (p + 8, cksum.checksum.data, cksum.checksum.length);
-  free_Checksum (&cksum);
-
-  /* sequence number */
-  krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
-			       context_handle->auth_context,
-			       &seq_number);
-
-  seq[0] = (seq_number >> 0)  & 0xFF;
-  seq[1] = (seq_number >> 8)  & 0xFF;
-  seq[2] = (seq_number >> 16) & 0xFF;
-  seq[3] = (seq_number >> 24) & 0xFF;
-  memset (seq + 4,
-	  (context_handle->more_flags & LOCAL) ? 0 : 0xFF,
-	  4);
-
-
-  ret = krb5_crypto_init(gssapi_krb5_context, key, ETYPE_DES3_CBC_NONE,
-			 &crypto);
-  if (ret) {
-      free (output_message_buffer->value);
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-
-  {
-      des_cblock ivec;
-
-      memcpy (&ivec, p + 8, 8);
-      ret = krb5_encrypt_ivec (gssapi_krb5_context,
-			       crypto,
-			       KRB5_KU_USAGE_SEQ,
-			       seq, 8, &encdata,
-			       &ivec);
-  }
-  krb5_crypto_destroy (gssapi_krb5_context, crypto);
-  if (ret) {
-      gssapi_krb5_set_error_string ();
-      free (output_message_buffer->value);
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-  
-  assert (encdata.length == 8);
-
-  memcpy (p, encdata.data, encdata.length);
-  krb5_data_free (&encdata);
-
-  krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
-			       context_handle->auth_context,
-			       ++seq_number);
-
-  /* encrypt the data */
-  p += 28;
-
-  if(conf_req_flag) {
-      krb5_data tmp;
-
-      ret = krb5_crypto_init(gssapi_krb5_context, key,
-			     ETYPE_DES3_CBC_NONE, &crypto);
-      if (ret) {
-	  gssapi_krb5_set_error_string ();
-	  free (output_message_buffer->value);
-	  *minor_status = ret;
-	  return GSS_S_FAILURE;
-      }
-      ret = krb5_encrypt(gssapi_krb5_context, crypto, KRB5_KU_USAGE_SEAL,
-			 p, datalen, &tmp);
-      krb5_crypto_destroy(gssapi_krb5_context, crypto);
-      if (ret) {
-	  gssapi_krb5_set_error_string ();
-	  free (output_message_buffer->value);
-	  *minor_status = ret;
-	  return GSS_S_FAILURE;
-      }
-      assert (tmp.length == datalen);
-
-      memcpy (p, tmp.data, datalen);
-      krb5_data_free(&tmp);
-  }
-  if(conf_state != NULL)
-      *conf_state = conf_req_flag;
-  *minor_status = 0;
-  return GSS_S_COMPLETE;
-}
-
-OM_uint32 gss_wrap
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            int conf_req_flag,
-            gss_qop_t qop_req,
-            const gss_buffer_t input_message_buffer,
-            int * conf_state,
-            gss_buffer_t output_message_buffer
-           )
-{
-  krb5_keyblock *key;
-  OM_uint32 ret;
-  krb5_keytype keytype;
-
-  ret = gss_krb5_get_localkey(context_handle, &key);
-  if (ret) {
-      gssapi_krb5_set_error_string ();
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-  krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype);
-
-  switch (keytype) {
-  case KEYTYPE_DES :
-      ret = wrap_des (minor_status, context_handle, conf_req_flag,
-		      qop_req, input_message_buffer, conf_state,
-		      output_message_buffer, key);
-      break;
-  case KEYTYPE_DES3 :
-      ret = wrap_des3 (minor_status, context_handle, conf_req_flag,
-		       qop_req, input_message_buffer, conf_state,
-		       output_message_buffer, key);
-      break;
-  case KEYTYPE_ARCFOUR:
-      ret = _gssapi_wrap_arcfour (minor_status, context_handle, conf_req_flag,
-				  qop_req, input_message_buffer, conf_state,
-				  output_message_buffer, key);
-      break;
-  default :
-      *minor_status = KRB5_PROG_ETYPE_NOSUPP;
-      ret = GSS_S_FAILURE;
-      break;
-  }
-  krb5_free_keyblock (gssapi_krb5_context, key);
-  return ret;
-}
diff --git a/crypto/heimdal/lib/hdb/Makefile.am b/crypto/heimdal/lib/hdb/Makefile.am
deleted file mode 100644
index f66cd06fec05..000000000000
--- a/crypto/heimdal/lib/hdb/Makefile.am
+++ /dev/null
@@ -1,115 +0,0 @@
-# $Id: Makefile.am 22490 2008-01-21 11:49:33Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-AM_CPPFLAGS += -I../asn1 -I$(srcdir)/../asn1 $(INCLUDE_hcrypto)
-
-BUILT_SOURCES = \
-	$(gen_files_hdb:.x=.c)	\
-	hdb_err.c \
-	hdb_err.h
-
-gen_files_hdb = \
-	asn1_Salt.x \
-	asn1_Key.x \
-	asn1_Event.x \
-	asn1_HDBFlags.x \
-	asn1_GENERATION.x \
-	asn1_HDB_Ext_PKINIT_acl.x \
-	asn1_HDB_Ext_PKINIT_hash.x \
-	asn1_HDB_Ext_Constrained_delegation_acl.x \
-	asn1_HDB_Ext_Lan_Manager_OWF.x \
-	asn1_HDB_Ext_Password.x \
-	asn1_HDB_Ext_Aliases.x \
-	asn1_HDB_extension.x \
-	asn1_HDB_extensions.x \
-	asn1_hdb_entry.x \
-	asn1_hdb_entry_alias.x
-
-CLEANFILES = $(BUILT_SOURCES) $(gen_files_hdb) hdb_asn1.h hdb_asn1_files
-
-LDADD = libhdb.la \
-	$(LIB_openldap) \
-	../krb5/libkrb5.la \
-	../asn1/libasn1.la \
-	$(LIB_hcrypto) \
-	$(LIB_roken) \
-	$(LIB_ldopen)
-
-if OPENLDAP_MODULE
-
-ldap_so = hdb_ldap.la
-hdb_ldap_la_SOURCES = hdb-ldap.c
-hdb_ldap_la_LDFLAGS = -module
-
-else
-
-ldap = hdb-ldap.c
-
-endif
-
-
-lib_LTLIBRARIES = libhdb.la $(ldap_so)
-libhdb_la_LDFLAGS = -version-info 11:0:2
-
-noinst_PROGRAMS = test_dbinfo
-
-dist_libhdb_la_SOURCES =			\
-	common.c				\
-	db.c					\
-	db3.c					\
-	ext.c					\
-	$(ldap)					\
-	hdb.c					\
-	hdb_locl.h				\
-	hdb-private.h				\
-	keys.c					\
-	keytab.c				\
-	dbinfo.c				\
-	mkey.c					\
-	ndbm.c					\
-	print.c
-
-nodist_libhdb_la_SOURCES = $(BUILT_SOURCES)
-
-AM_CPPFLAGS += $(INCLUDE_openldap)
-
-include_HEADERS = hdb.h hdb-protos.h
-nodist_include_HEADERS =  hdb_err.h hdb_asn1.h
-
-libhdb_la_CPPFLAGS = -DHDB_DB_DIR=\"$(DIR_hdbdir)\"
-
-libhdb_la_LIBADD = \
-	$(LIB_com_err) \
-	../krb5/libkrb5.la \
-	../asn1/libasn1.la \
-	$(LIBADD_roken) \
-	$(LIB_openldap) \
-	$(LIB_dlopen) \
-	$(DBLIB) \
-	$(LIB_NDBM)
-
-$(libhdb_la_OBJECTS): $(srcdir)/hdb-protos.h $(srcdir)/hdb-private.h
-
-$(srcdir)/hdb-protos.h:
-	cd $(srcdir); perl ../../cf/make-proto.pl -q -P comment -o hdb-protos.h $(dist_libhdb_la_SOURCES) || rm -f hdb-protos.h
-
-$(srcdir)/hdb-private.h:
-	cd $(srcdir); perl ../../cf/make-proto.pl -q -P comment -p hdb-private.h $(dist_libhdb_la_SOURCES) || rm -f hdb-private.h
-
-$(gen_files_hdb) hdb_asn1.h: hdb_asn1_files
-
-hdb_asn1_files: ../asn1/asn1_compile$(EXEEXT) $(srcdir)/hdb.asn1
-	../asn1/asn1_compile$(EXEEXT) $(srcdir)/hdb.asn1 hdb_asn1
-
-$(libhdb_la_OBJECTS): hdb_asn1.h hdb_err.h
-
-test_dbinfo_SOURCES = test_dbinfo.c
-
-test_dbinfo_LIBS = libhdb.la
-
-# to help stupid solaris make
-
-hdb_err.h: hdb_err.et
-
-EXTRA_DIST = hdb.asn1 hdb_err.et hdb.schema
diff --git a/crypto/heimdal/lib/hdb/Makefile.in b/crypto/heimdal/lib/hdb/Makefile.in
deleted file mode 100644
index cb0f9169c42d..000000000000
--- a/crypto/heimdal/lib/hdb/Makefile.in
+++ /dev/null
@@ -1,1060 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 22490 2008-01-21 11:49:33Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(include_HEADERS) $(srcdir)/Makefile.am \
-	$(srcdir)/Makefile.in $(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common
-noinst_PROGRAMS = test_dbinfo$(EXEEXT)
-subdir = lib/hdb
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
-    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
-    *) f=$$p;; \
-  esac;
-am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
-am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)" \
-	"$(DESTDIR)$(includedir)"
-libLTLIBRARIES_INSTALL = $(INSTALL)
-LTLIBRARIES = $(lib_LTLIBRARIES)
-hdb_ldap_la_LIBADD =
-am__hdb_ldap_la_SOURCES_DIST = hdb-ldap.c
-@OPENLDAP_MODULE_TRUE@am_hdb_ldap_la_OBJECTS = hdb-ldap.lo
-hdb_ldap_la_OBJECTS = $(am_hdb_ldap_la_OBJECTS)
-hdb_ldap_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(hdb_ldap_la_LDFLAGS) $(LDFLAGS) -o $@
-@OPENLDAP_MODULE_TRUE@am_hdb_ldap_la_rpath = -rpath $(libdir)
-am__DEPENDENCIES_1 =
-libhdb_la_DEPENDENCIES = $(am__DEPENDENCIES_1) ../krb5/libkrb5.la \
-	../asn1/libasn1.la $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1)
-am__dist_libhdb_la_SOURCES_DIST = common.c db.c db3.c ext.c hdb-ldap.c \
-	hdb.c hdb_locl.h hdb-private.h keys.c keytab.c dbinfo.c mkey.c \
-	ndbm.c print.c
-@OPENLDAP_MODULE_FALSE@am__objects_1 = libhdb_la-hdb-ldap.lo
-dist_libhdb_la_OBJECTS = libhdb_la-common.lo libhdb_la-db.lo \
-	libhdb_la-db3.lo libhdb_la-ext.lo $(am__objects_1) \
-	libhdb_la-hdb.lo libhdb_la-keys.lo libhdb_la-keytab.lo \
-	libhdb_la-dbinfo.lo libhdb_la-mkey.lo libhdb_la-ndbm.lo \
-	libhdb_la-print.lo
-am__objects_2 = libhdb_la-asn1_Salt.lo libhdb_la-asn1_Key.lo \
-	libhdb_la-asn1_Event.lo libhdb_la-asn1_HDBFlags.lo \
-	libhdb_la-asn1_GENERATION.lo \
-	libhdb_la-asn1_HDB_Ext_PKINIT_acl.lo \
-	libhdb_la-asn1_HDB_Ext_PKINIT_hash.lo \
-	libhdb_la-asn1_HDB_Ext_Constrained_delegation_acl.lo \
-	libhdb_la-asn1_HDB_Ext_Lan_Manager_OWF.lo \
-	libhdb_la-asn1_HDB_Ext_Password.lo \
-	libhdb_la-asn1_HDB_Ext_Aliases.lo \
-	libhdb_la-asn1_HDB_extension.lo \
-	libhdb_la-asn1_HDB_extensions.lo libhdb_la-asn1_hdb_entry.lo \
-	libhdb_la-asn1_hdb_entry_alias.lo
-am__objects_3 = $(am__objects_2) libhdb_la-hdb_err.lo
-nodist_libhdb_la_OBJECTS = $(am__objects_3)
-libhdb_la_OBJECTS = $(dist_libhdb_la_OBJECTS) \
-	$(nodist_libhdb_la_OBJECTS)
-libhdb_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(libhdb_la_LDFLAGS) $(LDFLAGS) -o $@
-PROGRAMS = $(noinst_PROGRAMS)
-am_test_dbinfo_OBJECTS = test_dbinfo.$(OBJEXT)
-test_dbinfo_OBJECTS = $(am_test_dbinfo_OBJECTS)
-test_dbinfo_LDADD = $(LDADD)
-test_dbinfo_DEPENDENCIES = libhdb.la $(am__DEPENDENCIES_1) \
-	../krb5/libkrb5.la ../asn1/libasn1.la $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-SOURCES = $(hdb_ldap_la_SOURCES) $(dist_libhdb_la_SOURCES) \
-	$(nodist_libhdb_la_SOURCES) $(test_dbinfo_SOURCES)
-DIST_SOURCES = $(am__hdb_ldap_la_SOURCES_DIST) \
-	$(am__dist_libhdb_la_SOURCES_DIST) $(test_dbinfo_SOURCES)
-includeHEADERS_INSTALL = $(INSTALL_HEADER)
-nodist_includeHEADERS_INSTALL = $(INSTALL_HEADER)
-HEADERS = $(include_HEADERS) $(nodist_include_HEADERS)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) -I../asn1 \
-	-I$(srcdir)/../asn1 $(INCLUDE_hcrypto) $(INCLUDE_openldap)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-BUILT_SOURCES = \
-	$(gen_files_hdb:.x=.c)	\
-	hdb_err.c \
-	hdb_err.h
-
-gen_files_hdb = \
-	asn1_Salt.x \
-	asn1_Key.x \
-	asn1_Event.x \
-	asn1_HDBFlags.x \
-	asn1_GENERATION.x \
-	asn1_HDB_Ext_PKINIT_acl.x \
-	asn1_HDB_Ext_PKINIT_hash.x \
-	asn1_HDB_Ext_Constrained_delegation_acl.x \
-	asn1_HDB_Ext_Lan_Manager_OWF.x \
-	asn1_HDB_Ext_Password.x \
-	asn1_HDB_Ext_Aliases.x \
-	asn1_HDB_extension.x \
-	asn1_HDB_extensions.x \
-	asn1_hdb_entry.x \
-	asn1_hdb_entry_alias.x
-
-CLEANFILES = $(BUILT_SOURCES) $(gen_files_hdb) hdb_asn1.h hdb_asn1_files
-LDADD = libhdb.la \
-	$(LIB_openldap) \
-	../krb5/libkrb5.la \
-	../asn1/libasn1.la \
-	$(LIB_hcrypto) \
-	$(LIB_roken) \
-	$(LIB_ldopen)
-
-@OPENLDAP_MODULE_TRUE@ldap_so = hdb_ldap.la
-@OPENLDAP_MODULE_TRUE@hdb_ldap_la_SOURCES = hdb-ldap.c
-@OPENLDAP_MODULE_TRUE@hdb_ldap_la_LDFLAGS = -module
-@OPENLDAP_MODULE_FALSE@ldap = hdb-ldap.c
-lib_LTLIBRARIES = libhdb.la $(ldap_so)
-libhdb_la_LDFLAGS = -version-info 11:0:2
-dist_libhdb_la_SOURCES = \
-	common.c				\
-	db.c					\
-	db3.c					\
-	ext.c					\
-	$(ldap)					\
-	hdb.c					\
-	hdb_locl.h				\
-	hdb-private.h				\
-	keys.c					\
-	keytab.c				\
-	dbinfo.c				\
-	mkey.c					\
-	ndbm.c					\
-	print.c
-
-nodist_libhdb_la_SOURCES = $(BUILT_SOURCES)
-include_HEADERS = hdb.h hdb-protos.h
-nodist_include_HEADERS = hdb_err.h hdb_asn1.h
-libhdb_la_CPPFLAGS = -DHDB_DB_DIR=\"$(DIR_hdbdir)\"
-libhdb_la_LIBADD = \
-	$(LIB_com_err) \
-	../krb5/libkrb5.la \
-	../asn1/libasn1.la \
-	$(LIBADD_roken) \
-	$(LIB_openldap) \
-	$(LIB_dlopen) \
-	$(DBLIB) \
-	$(LIB_NDBM)
-
-test_dbinfo_SOURCES = test_dbinfo.c
-test_dbinfo_LIBS = libhdb.la
-EXTRA_DIST = hdb.asn1 hdb_err.et hdb.schema
-all: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps lib/hdb/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps lib/hdb/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f=$(am__strip_dir) \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  p=$(am__strip_dir) \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
-	  $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test "$$dir" != "$$p" || dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-hdb_ldap.la: $(hdb_ldap_la_OBJECTS) $(hdb_ldap_la_DEPENDENCIES) 
-	$(hdb_ldap_la_LINK) $(am_hdb_ldap_la_rpath) $(hdb_ldap_la_OBJECTS) $(hdb_ldap_la_LIBADD) $(LIBS)
-libhdb.la: $(libhdb_la_OBJECTS) $(libhdb_la_DEPENDENCIES) 
-	$(libhdb_la_LINK) -rpath $(libdir) $(libhdb_la_OBJECTS) $(libhdb_la_LIBADD) $(LIBS)
-
-clean-noinstPROGRAMS:
-	@list='$(noinst_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-test_dbinfo$(EXEEXT): $(test_dbinfo_OBJECTS) $(test_dbinfo_DEPENDENCIES) 
-	@rm -f test_dbinfo$(EXEEXT)
-	$(LINK) $(test_dbinfo_OBJECTS) $(test_dbinfo_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-libhdb_la-common.lo: common.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-common.lo `test -f 'common.c' || echo '$(srcdir)/'`common.c
-
-libhdb_la-db.lo: db.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-db.lo `test -f 'db.c' || echo '$(srcdir)/'`db.c
-
-libhdb_la-db3.lo: db3.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-db3.lo `test -f 'db3.c' || echo '$(srcdir)/'`db3.c
-
-libhdb_la-ext.lo: ext.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-ext.lo `test -f 'ext.c' || echo '$(srcdir)/'`ext.c
-
-libhdb_la-hdb-ldap.lo: hdb-ldap.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-hdb-ldap.lo `test -f 'hdb-ldap.c' || echo '$(srcdir)/'`hdb-ldap.c
-
-libhdb_la-hdb.lo: hdb.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-hdb.lo `test -f 'hdb.c' || echo '$(srcdir)/'`hdb.c
-
-libhdb_la-keys.lo: keys.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-keys.lo `test -f 'keys.c' || echo '$(srcdir)/'`keys.c
-
-libhdb_la-keytab.lo: keytab.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-keytab.lo `test -f 'keytab.c' || echo '$(srcdir)/'`keytab.c
-
-libhdb_la-dbinfo.lo: dbinfo.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-dbinfo.lo `test -f 'dbinfo.c' || echo '$(srcdir)/'`dbinfo.c
-
-libhdb_la-mkey.lo: mkey.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-mkey.lo `test -f 'mkey.c' || echo '$(srcdir)/'`mkey.c
-
-libhdb_la-ndbm.lo: ndbm.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-ndbm.lo `test -f 'ndbm.c' || echo '$(srcdir)/'`ndbm.c
-
-libhdb_la-print.lo: print.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-print.lo `test -f 'print.c' || echo '$(srcdir)/'`print.c
-
-libhdb_la-asn1_Salt.lo: asn1_Salt.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_Salt.lo `test -f 'asn1_Salt.c' || echo '$(srcdir)/'`asn1_Salt.c
-
-libhdb_la-asn1_Key.lo: asn1_Key.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_Key.lo `test -f 'asn1_Key.c' || echo '$(srcdir)/'`asn1_Key.c
-
-libhdb_la-asn1_Event.lo: asn1_Event.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_Event.lo `test -f 'asn1_Event.c' || echo '$(srcdir)/'`asn1_Event.c
-
-libhdb_la-asn1_HDBFlags.lo: asn1_HDBFlags.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDBFlags.lo `test -f 'asn1_HDBFlags.c' || echo '$(srcdir)/'`asn1_HDBFlags.c
-
-libhdb_la-asn1_GENERATION.lo: asn1_GENERATION.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_GENERATION.lo `test -f 'asn1_GENERATION.c' || echo '$(srcdir)/'`asn1_GENERATION.c
-
-libhdb_la-asn1_HDB_Ext_PKINIT_acl.lo: asn1_HDB_Ext_PKINIT_acl.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDB_Ext_PKINIT_acl.lo `test -f 'asn1_HDB_Ext_PKINIT_acl.c' || echo '$(srcdir)/'`asn1_HDB_Ext_PKINIT_acl.c
-
-libhdb_la-asn1_HDB_Ext_PKINIT_hash.lo: asn1_HDB_Ext_PKINIT_hash.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDB_Ext_PKINIT_hash.lo `test -f 'asn1_HDB_Ext_PKINIT_hash.c' || echo '$(srcdir)/'`asn1_HDB_Ext_PKINIT_hash.c
-
-libhdb_la-asn1_HDB_Ext_Constrained_delegation_acl.lo: asn1_HDB_Ext_Constrained_delegation_acl.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDB_Ext_Constrained_delegation_acl.lo `test -f 'asn1_HDB_Ext_Constrained_delegation_acl.c' || echo '$(srcdir)/'`asn1_HDB_Ext_Constrained_delegation_acl.c
-
-libhdb_la-asn1_HDB_Ext_Lan_Manager_OWF.lo: asn1_HDB_Ext_Lan_Manager_OWF.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDB_Ext_Lan_Manager_OWF.lo `test -f 'asn1_HDB_Ext_Lan_Manager_OWF.c' || echo '$(srcdir)/'`asn1_HDB_Ext_Lan_Manager_OWF.c
-
-libhdb_la-asn1_HDB_Ext_Password.lo: asn1_HDB_Ext_Password.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDB_Ext_Password.lo `test -f 'asn1_HDB_Ext_Password.c' || echo '$(srcdir)/'`asn1_HDB_Ext_Password.c
-
-libhdb_la-asn1_HDB_Ext_Aliases.lo: asn1_HDB_Ext_Aliases.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDB_Ext_Aliases.lo `test -f 'asn1_HDB_Ext_Aliases.c' || echo '$(srcdir)/'`asn1_HDB_Ext_Aliases.c
-
-libhdb_la-asn1_HDB_extension.lo: asn1_HDB_extension.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDB_extension.lo `test -f 'asn1_HDB_extension.c' || echo '$(srcdir)/'`asn1_HDB_extension.c
-
-libhdb_la-asn1_HDB_extensions.lo: asn1_HDB_extensions.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDB_extensions.lo `test -f 'asn1_HDB_extensions.c' || echo '$(srcdir)/'`asn1_HDB_extensions.c
-
-libhdb_la-asn1_hdb_entry.lo: asn1_hdb_entry.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_hdb_entry.lo `test -f 'asn1_hdb_entry.c' || echo '$(srcdir)/'`asn1_hdb_entry.c
-
-libhdb_la-asn1_hdb_entry_alias.lo: asn1_hdb_entry_alias.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_hdb_entry_alias.lo `test -f 'asn1_hdb_entry_alias.c' || echo '$(srcdir)/'`asn1_hdb_entry_alias.c
-
-libhdb_la-hdb_err.lo: hdb_err.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-hdb_err.lo `test -f 'hdb_err.c' || echo '$(srcdir)/'`hdb_err.c
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-includeHEADERS: $(include_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
-	  $(includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-uninstall-includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(includedir)/$$f"; \
-	done
-install-nodist_includeHEADERS: $(nodist_include_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
-	@list='$(nodist_include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(nodist_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
-	  $(nodist_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-uninstall-nodist_includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(nodist_include_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(HEADERS) all-local
-installdirs:
-	for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)" "$(DESTDIR)$(includedir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-	-test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
-clean: clean-am
-
-clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
-	clean-noinstPROGRAMS mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-includeHEADERS install-nodist_includeHEADERS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am: install-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-includeHEADERS uninstall-libLTLIBRARIES \
-	uninstall-nodist_includeHEADERS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
-	clean clean-generic clean-libLTLIBRARIES clean-libtool \
-	clean-noinstPROGRAMS ctags dist-hook distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am \
-	install-data-hook install-dvi install-dvi-am install-exec \
-	install-exec-am install-exec-hook install-html install-html-am \
-	install-includeHEADERS install-info install-info-am \
-	install-libLTLIBRARIES install-man \
-	install-nodist_includeHEADERS install-pdf install-pdf-am \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-hook \
-	uninstall-includeHEADERS uninstall-libLTLIBRARIES \
-	uninstall-nodist_includeHEADERS
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-$(libhdb_la_OBJECTS): $(srcdir)/hdb-protos.h $(srcdir)/hdb-private.h
-
-$(srcdir)/hdb-protos.h:
-	cd $(srcdir); perl ../../cf/make-proto.pl -q -P comment -o hdb-protos.h $(dist_libhdb_la_SOURCES) || rm -f hdb-protos.h
-
-$(srcdir)/hdb-private.h:
-	cd $(srcdir); perl ../../cf/make-proto.pl -q -P comment -p hdb-private.h $(dist_libhdb_la_SOURCES) || rm -f hdb-private.h
-
-$(gen_files_hdb) hdb_asn1.h: hdb_asn1_files
-
-hdb_asn1_files: ../asn1/asn1_compile$(EXEEXT) $(srcdir)/hdb.asn1
-	../asn1/asn1_compile$(EXEEXT) $(srcdir)/hdb.asn1 hdb_asn1
-
-$(libhdb_la_OBJECTS): hdb_asn1.h hdb_err.h
-
-# to help stupid solaris make
-
-hdb_err.h: hdb_err.et
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/hdb/common.c b/crypto/heimdal/lib/hdb/common.c
deleted file mode 100644
index 680b666564b8..000000000000
--- a/crypto/heimdal/lib/hdb/common.c
+++ /dev/null
@@ -1,283 +0,0 @@
-/*
- * Copyright (c) 1997-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hdb_locl.h"
-
-RCSID("$Id: common.c 20236 2007-02-16 23:52:29Z lha $");
-
-int
-hdb_principal2key(krb5_context context, krb5_const_principal p, krb5_data *key)
-{
-    Principal new;
-    size_t len;
-    int ret;
-
-    ret = copy_Principal(p, &new);
-    if(ret) 
-	return ret;
-    new.name.name_type = 0;
-
-    ASN1_MALLOC_ENCODE(Principal, key->data, key->length, &new, &len, ret);
-    if (ret == 0 && key->length != len)
-	krb5_abortx(context, "internal asn.1 encoder error");
-    free_Principal(&new);
-    return ret;
-}
-
-int
-hdb_key2principal(krb5_context context, krb5_data *key, krb5_principal p)
-{
-    return decode_Principal(key->data, key->length, p, NULL);
-}
-
-int
-hdb_entry2value(krb5_context context, const hdb_entry *ent, krb5_data *value)
-{
-    size_t len;
-    int ret;
-    
-    ASN1_MALLOC_ENCODE(hdb_entry, value->data, value->length, ent, &len, ret);
-    if (ret == 0 && value->length != len)
-	krb5_abortx(context, "internal asn.1 encoder error");
-    return ret;
-}
-
-int
-hdb_value2entry(krb5_context context, krb5_data *value, hdb_entry *ent)
-{
-    return decode_hdb_entry(value->data, value->length, ent, NULL);
-}
-
-int
-hdb_entry_alias2value(krb5_context context, 
-		      const hdb_entry_alias *alias,
-		      krb5_data *value)
-{
-    size_t len;
-    int ret;
-    
-    ASN1_MALLOC_ENCODE(hdb_entry_alias, value->data, value->length, 
-		       alias, &len, ret);
-    if (ret == 0 && value->length != len)
-	krb5_abortx(context, "internal asn.1 encoder error");
-    return ret;
-}
-
-int
-hdb_value2entry_alias(krb5_context context, krb5_data *value, 
-		      hdb_entry_alias *ent)
-{
-    return decode_hdb_entry_alias(value->data, value->length, ent, NULL);
-}
-
-krb5_error_code
-_hdb_fetch(krb5_context context, HDB *db, krb5_const_principal principal,
-	   unsigned flags, hdb_entry_ex *entry)
-{
-    krb5_data key, value;
-    int code;
-
-    hdb_principal2key(context, principal, &key);
-    code = db->hdb__get(context, db, key, &value);
-    krb5_data_free(&key);
-    if(code)
-	return code;
-    code = hdb_value2entry(context, &value, &entry->entry);
-    if (code == ASN1_BAD_ID && (flags & HDB_F_CANON) == 0) {
-	krb5_data_free(&value);
-	return HDB_ERR_NOENTRY;
-    } else if (code == ASN1_BAD_ID) {
-	hdb_entry_alias alias;
-
-	code = hdb_value2entry_alias(context, &value, &alias);
-	if (code) {
-	    krb5_data_free(&value);
-	    return code;
-	}
-	hdb_principal2key(context, alias.principal, &key);
-	krb5_data_free(&value);
-	free_hdb_entry_alias(&alias);
-
-	code = db->hdb__get(context, db, key, &value);
-	krb5_data_free(&key);
-	if (code)
-	    return code;
-	code = hdb_value2entry(context, &value, &entry->entry);
-	if (code) {
-	    krb5_data_free(&value);
-	    return code;
-	}
-    }
-    krb5_data_free(&value);
-    if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
-	code = hdb_unseal_keys (context, db, &entry->entry);
-	if (code)
-	    hdb_free_entry(context, entry);
-    }
-    return code;
-}
-
-static krb5_error_code
-hdb_remove_aliases(krb5_context context, HDB *db, krb5_data *key)
-{
-    const HDB_Ext_Aliases *aliases;
-    krb5_error_code code;
-    hdb_entry oldentry;
-    krb5_data value;
-    int i;
-
-    code = db->hdb__get(context, db, *key, &value);
-    if (code == HDB_ERR_NOENTRY)
-	return 0;
-    else if (code)
-	return code;
-	    
-    code = hdb_value2entry(context, &value, &oldentry);
-    krb5_data_free(&value);
-    if (code)
-	return code;
-
-    code = hdb_entry_get_aliases(&oldentry, &aliases);
-    if (code || aliases == NULL) {
-	free_hdb_entry(&oldentry);
-	return code;
-    }
-    for (i = 0; i < aliases->aliases.len; i++) {
-	krb5_data akey;
-
-	hdb_principal2key(context, &aliases->aliases.val[i], &akey);
-	code = db->hdb__del(context, db, akey);
-	krb5_data_free(&akey);
-	if (code) {
-	    free_hdb_entry(&oldentry);
-	    return code;
-	}
-    }
-    free_hdb_entry(&oldentry);
-    return 0;
-}
-
-static krb5_error_code
-hdb_add_aliases(krb5_context context, HDB *db, 
-		unsigned flags, hdb_entry_ex *entry)
-{
-    const HDB_Ext_Aliases *aliases;
-    krb5_error_code code;
-    krb5_data key, value;
-    int i;
-    
-    code = hdb_entry_get_aliases(&entry->entry, &aliases);
-    if (code || aliases == NULL)
-	return code;
-    
-    for (i = 0; i < aliases->aliases.len; i++) {
-	hdb_entry_alias entryalias;
-	entryalias.principal = entry->entry.principal;
-	
-	hdb_principal2key(context, &aliases->aliases.val[i], &key);
-	code = hdb_entry_alias2value(context, &entryalias, &value);
-	if (code) {
-	    krb5_data_free(&key);
-	    return code;
-	}
-	code = db->hdb__put(context, db, flags, key, value);
-	krb5_data_free(&key);
-	krb5_data_free(&value);
-	if (code)
-	    return code;
-    }
-    return 0;
-}
-
-krb5_error_code
-_hdb_store(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
-{
-    krb5_data key, value;
-    int code;
-
-    if(entry->entry.generation == NULL) {
-	struct timeval t;
-	entry->entry.generation = malloc(sizeof(*entry->entry.generation));
-	if(entry->entry.generation == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	gettimeofday(&t, NULL);
-	entry->entry.generation->time = t.tv_sec;
-	entry->entry.generation->usec = t.tv_usec;
-	entry->entry.generation->gen = 0;
-    } else
-	entry->entry.generation->gen++;
-    hdb_principal2key(context, entry->entry.principal, &key);
-    code = hdb_seal_keys(context, db, &entry->entry);
-    if (code) {
-	krb5_data_free(&key);
-	return code;
-    }
-
-    /* remove aliases */
-    code = hdb_remove_aliases(context, db, &key);
-    if (code) {
-	krb5_data_free(&key);
-	return code;
-    }
-    hdb_entry2value(context, &entry->entry, &value);
-    code = db->hdb__put(context, db, flags & HDB_F_REPLACE, key, value);
-    krb5_data_free(&value);
-    krb5_data_free(&key);
-    if (code)
-	return code;
-
-    code = hdb_add_aliases(context, db, flags, entry);
-
-    return code;
-}
-
-krb5_error_code
-_hdb_remove(krb5_context context, HDB *db, krb5_const_principal principal)
-{
-    krb5_data key;
-    int code;
-
-    hdb_principal2key(context, principal, &key);
-
-    code = hdb_remove_aliases(context, db, &key);
-    if (code) {
-	krb5_data_free(&key);
-	return code;
-    }
-    code = db->hdb__del(context, db, key);
-    krb5_data_free(&key);
-    return code;
-}
-
diff --git a/crypto/heimdal/lib/hdb/convert_db.c b/crypto/heimdal/lib/hdb/convert_db.c
deleted file mode 100644
index 0b300a55fcce..000000000000
--- a/crypto/heimdal/lib/hdb/convert_db.c
+++ /dev/null
@@ -1,213 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-/* Converts a database from version 0.0* to 0.1. This is done by
- * making three copies of each DES key (DES-CBC-CRC, DES-CBC-MD4, and
- * DES-CBC-MD5).
- *
- * Use with care. 
- */
-
-#include "hdb_locl.h"
-#include <getarg.h>
-#include <err.h>
-
-RCSID("$Id: convert_db.c,v 1.12 2001/02/20 01:44:53 assar Exp $");
-
-static krb5_error_code
-update_keytypes(krb5_context context, HDB *db, hdb_entry *entry, void *data)
-{
-    int i;
-    int n = 0;
-    Key *k;
-    int save_len;
-    Key *save_val;
-    HDB *new = data;
-    krb5_error_code ret;
-
-    for(i = 0; i < entry->keys.len; i++) 
-	if(entry->keys.val[i].key.keytype == KEYTYPE_DES)
-	    n += 2;
-	else if(entry->keys.val[i].key.keytype == KEYTYPE_DES3)
-	    n += 1;
-    k = malloc(sizeof(*k) * (entry->keys.len + n));
-    n = 0;
-    for(i = 0; i < entry->keys.len; i++) {
-	copy_Key(&entry->keys.val[i], &k[n]);
-	if(entry->keys.val[i].key.keytype == KEYTYPE_DES) {
-	    copy_Key(&entry->keys.val[i], &k[n+1]);
-	    k[n+1].key.keytype = ETYPE_DES_CBC_MD4;
-	    copy_Key(&entry->keys.val[i], &k[n+2]);
-	    k[n+2].key.keytype = ETYPE_DES_CBC_MD5;
-	    n += 2;
-	}
-	else if(entry->keys.val[i].key.keytype == KEYTYPE_DES3) {
-	    copy_Key(&entry->keys.val[i], &k[n+1]);
-	    k[n+1].key.keytype = ETYPE_DES3_CBC_MD5;
-	    n += 1;
-	}
-	n++;
-    }
-    save_len = entry->keys.len;
-    save_val = entry->keys.val;
-    entry->keys.len = n;
-    entry->keys.val = k;
-    ret = new->store(context, new, HDB_F_REPLACE, entry);
-    entry->keys.len = save_len;
-    entry->keys.val = save_val;
-    for(i = 0; i < n; i++) 
-	free_Key(&k[i]);
-    free(k);
-    return 0;
-}
-
-static krb5_error_code
-update_version2(krb5_context context, HDB *db, hdb_entry *entry, void *data)
-{
-    HDB *new = data;
-    if(!db->master_key_set) {
-	int i;
-	for(i = 0; i < entry->keys.len; i++) {
-	    free(entry->keys.val[i].mkvno);
-	    entry->keys.val[i].mkvno = NULL;
-	}
-    }
-    new->store(context, new, HDB_F_REPLACE, entry);
-    return 0;
-}
-
-char *old_database = HDB_DEFAULT_DB;
-char *new_database = HDB_DEFAULT_DB ".new";
-char *mkeyfile;
-int update_version;
-int help_flag;
-int version_flag;
-
-struct getargs args[] = {
-    { "old-database",	0,	arg_string, &old_database,
-      "name of database to convert", "file" },
-    { "new-database",	0,	arg_string, &new_database,
-      "name of converted database", "file" },
-    { "master-key",	0,	arg_string, &mkeyfile, 
-      "v5 master key file", "file" },
-    { "update-version", 0, 	arg_flag, &update_version,
-      "update the database to the current version" },
-    { "help",		'h',	arg_flag,   &help_flag },
-    { "version",	0,	arg_flag,   &version_flag }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-int
-main(int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_context context;
-    HDB *db, *new;
-    int optind = 0;
-    int master_key_set = 0;
-    
-    setprogname(argv[0]);
-
-    if(getarg(args, num_args, argc, argv, &optind))
-	krb5_std_usage(1, args, num_args);
-
-    if(help_flag)
-	krb5_std_usage(0, args, num_args);
-    
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    ret = krb5_init_context(&context);
-    if(ret != 0)
-	errx(1, "krb5_init_context failed: %d", ret);
-    
-    ret = hdb_create(context, &db, old_database);
-    if(ret != 0)
-	krb5_err(context, 1, ret, "hdb_create");
-
-    ret = hdb_set_master_keyfile(context, db, mkeyfile);
-    if (ret)
-	krb5_err(context, 1, ret, "hdb_set_master_keyfile");
-    master_key_set = 1;
-    ret = hdb_create(context, &new, new_database);
-    if(ret != 0)
-	krb5_err(context, 1, ret, "hdb_create");
-    if (master_key_set) {
-	ret = hdb_set_master_keyfile(context, new, mkeyfile);
-	if (ret)
-	    krb5_err(context, 1, ret, "hdb_set_master_keyfile");
-    }
-    ret = db->open(context, db, O_RDONLY, 0);
-    if(ret == HDB_ERR_BADVERSION) {
-	krb5_data tag;
-	krb5_data version;
-	int foo;
-	unsigned ver;
-	tag.data = HDB_DB_FORMAT_ENTRY;
-	tag.length = strlen(tag.data);
-	ret = (*db->_get)(context, db, tag, &version);
-	if(ret)
-	    krb5_errx(context, 1, "database is wrong version, "
-		      "but couldn't find version key (%s)", 
-		      HDB_DB_FORMAT_ENTRY);
-	foo = sscanf(version.data, "%u", &ver);
-	krb5_data_free (&version);
-	if(foo != 1)
-	    krb5_errx(context, 1, "database version is not a number");
-	if(ver == 1 && HDB_DB_FORMAT == 2) {
-	    krb5_warnx(context, "will upgrade database from version %d to %d", 
-		       ver, HDB_DB_FORMAT);
-	    krb5_warnx(context, "rerun to do other conversions");
-	    update_version = 1;
-	} else
-	    krb5_errx(context, 1, 
-		      "don't know how to upgrade from version %d to %d", 
-		      ver, HDB_DB_FORMAT);
-    } else if(ret)
-	krb5_err(context, 1, ret, "%s", old_database);
-    ret = new->open(context, new, O_CREAT|O_EXCL|O_RDWR, 0600);
-    if(ret)
-	krb5_err(context, 1, ret, "%s", new_database);
-    if(update_version)
-	ret = hdb_foreach(context, db, 0, update_version2, new);
-    else
-	ret = hdb_foreach(context, db, 0, update_keytypes, new);
-    if(ret != 0)
-	krb5_err(context, 1, ret, "hdb_foreach");
-    db->close(context, db);
-    new->close(context, new);
-    krb5_warnx(context, "wrote converted database to `%s'", new_database);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/hdb/db.c b/crypto/heimdal/lib/hdb/db.c
deleted file mode 100644
index 870f0431cf3a..000000000000
--- a/crypto/heimdal/lib/hdb/db.c
+++ /dev/null
@@ -1,337 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hdb_locl.h"
-
-RCSID("$Id: db.c 20215 2007-02-09 21:59:53Z lha $");
-
-#if HAVE_DB1
-
-#if defined(HAVE_DB_185_H)
-#include <db_185.h>
-#elif defined(HAVE_DB_H)
-#include <db.h>
-#endif
-
-static krb5_error_code
-DB_close(krb5_context context, HDB *db)
-{
-    DB *d = (DB*)db->hdb_db;
-    (*d->close)(d);
-    return 0;
-}
-
-static krb5_error_code
-DB_destroy(krb5_context context, HDB *db)
-{
-    krb5_error_code ret;
-
-    ret = hdb_clear_master_key (context, db);
-    free(db->hdb_name);
-    free(db);
-    return ret;
-}
-
-static krb5_error_code
-DB_lock(krb5_context context, HDB *db, int operation)
-{
-    DB *d = (DB*)db->hdb_db;
-    int fd = (*d->fd)(d);
-    if(fd < 0) {
-	krb5_set_error_string(context,
-			      "Can't lock database: %s", db->hdb_name);
-	return HDB_ERR_CANT_LOCK_DB;
-    }
-    return hdb_lock(fd, operation);
-}
-
-static krb5_error_code
-DB_unlock(krb5_context context, HDB *db)
-{
-    DB *d = (DB*)db->hdb_db;
-    int fd = (*d->fd)(d);
-    if(fd < 0) {
-	krb5_set_error_string(context, 
-			      "Can't unlock database: %s", db->hdb_name);
-	return HDB_ERR_CANT_LOCK_DB;
-    }
-    return hdb_unlock(fd);
-}
-
-
-static krb5_error_code
-DB_seq(krb5_context context, HDB *db,
-       unsigned flags, hdb_entry_ex *entry, int flag)
-{
-    DB *d = (DB*)db->hdb_db;
-    DBT key, value;
-    krb5_data key_data, data;
-    int code;
-
-    code = db->hdb_lock(context, db, HDB_RLOCK);
-    if(code == -1) {
-	krb5_set_error_string(context, "Database %s in use", db->hdb_name);
-	return HDB_ERR_DB_INUSE;
-    }
-    code = (*d->seq)(d, &key, &value, flag);
-    db->hdb_unlock(context, db); /* XXX check value */
-    if(code == -1) {
-	code = errno;
-	krb5_set_error_string(context, "Database %s seq error: %s", 
-			      db->hdb_name, strerror(code));
-	return code;
-    }
-    if(code == 1) {
-	krb5_clear_error_string(context);
-	return HDB_ERR_NOENTRY;
-    }
-
-    key_data.data = key.data;
-    key_data.length = key.size;
-    data.data = value.data;
-    data.length = value.size;
-    memset(entry, 0, sizeof(*entry));
-    if (hdb_value2entry(context, &data, &entry->entry))
-	return DB_seq(context, db, flags, entry, R_NEXT);
-    if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
-	code = hdb_unseal_keys (context, db, &entry->entry);
-	if (code)
-	    hdb_free_entry (context, entry);
-    }
-    if (code == 0 && entry->entry.principal == NULL) {
-	entry->entry.principal = malloc(sizeof(*entry->entry.principal));
-	if (entry->entry.principal == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    code = ENOMEM;
-	    hdb_free_entry (context, entry);
-	} else {
-	    hdb_key2principal(context, &key_data, entry->entry.principal);
-	}
-    }
-    return code;
-}
-
-
-static krb5_error_code
-DB_firstkey(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
-{
-    return DB_seq(context, db, flags, entry, R_FIRST);
-}
-
-
-static krb5_error_code
-DB_nextkey(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
-{
-    return DB_seq(context, db, flags, entry, R_NEXT);
-}
-
-static krb5_error_code
-DB_rename(krb5_context context, HDB *db, const char *new_name)
-{
-    int ret;
-    char *old, *new;
-
-    asprintf(&old, "%s.db", db->hdb_name);
-    asprintf(&new, "%s.db", new_name);
-    ret = rename(old, new);
-    free(old);
-    free(new);
-    if(ret)
-	return errno;
-    
-    free(db->hdb_name);
-    db->hdb_name = strdup(new_name);
-    return 0;
-}
-
-static krb5_error_code
-DB__get(krb5_context context, HDB *db, krb5_data key, krb5_data *reply)
-{
-    DB *d = (DB*)db->hdb_db;
-    DBT k, v;
-    int code;
-
-    k.data = key.data;
-    k.size = key.length;
-    code = db->hdb_lock(context, db, HDB_RLOCK);
-    if(code)
-	return code;
-    code = (*d->get)(d, &k, &v, 0);
-    db->hdb_unlock(context, db);
-    if(code < 0) {
-	code = errno;
-	krb5_set_error_string(context, "Database %s get error: %s", 
-			      db->hdb_name, strerror(code));
-	return code;
-    }
-    if(code == 1) {
-	krb5_clear_error_string(context);
-	return HDB_ERR_NOENTRY;
-    }
-    
-    krb5_data_copy(reply, v.data, v.size);
-    return 0;
-}
-
-static krb5_error_code
-DB__put(krb5_context context, HDB *db, int replace, 
-	krb5_data key, krb5_data value)
-{
-    DB *d = (DB*)db->hdb_db;
-    DBT k, v;
-    int code;
-
-    k.data = key.data;
-    k.size = key.length;
-    v.data = value.data;
-    v.size = value.length;
-    code = db->hdb_lock(context, db, HDB_WLOCK);
-    if(code)
-	return code;
-    code = (*d->put)(d, &k, &v, replace ? 0 : R_NOOVERWRITE);
-    db->hdb_unlock(context, db);
-    if(code < 0) {
-	code = errno;
-	krb5_set_error_string(context, "Database %s put error: %s", 
-			      db->hdb_name, strerror(code));
-	return code;
-    }
-    if(code == 1) {
-	krb5_clear_error_string(context);
-	return HDB_ERR_EXISTS;
-    }
-    return 0;
-}
-
-static krb5_error_code
-DB__del(krb5_context context, HDB *db, krb5_data key)
-{
-    DB *d = (DB*)db->hdb_db;
-    DBT k;
-    krb5_error_code code;
-    k.data = key.data;
-    k.size = key.length;
-    code = db->hdb_lock(context, db, HDB_WLOCK);
-    if(code)
-	return code;
-    code = (*d->del)(d, &k, 0);
-    db->hdb_unlock(context, db);
-    if(code == 1) {
-	code = errno;
-	krb5_set_error_string(context, "Database %s put error: %s", 
-			      db->hdb_name, strerror(code));
-	return code;
-    }
-    if(code < 0)
-	return errno;
-    return 0;
-}
-
-static krb5_error_code
-DB_open(krb5_context context, HDB *db, int flags, mode_t mode)
-{
-    char *fn;
-    krb5_error_code ret;
-
-    asprintf(&fn, "%s.db", db->hdb_name);
-    if (fn == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    db->hdb_db = dbopen(fn, flags, mode, DB_BTREE, NULL);
-    free(fn);
-    /* try to open without .db extension */
-    if(db->hdb_db == NULL && errno == ENOENT)
-	db->hdb_db = dbopen(db->hdb_name, flags, mode, DB_BTREE, NULL);
-    if(db->hdb_db == NULL) {
-	ret = errno;
-	krb5_set_error_string(context, "dbopen (%s): %s",
-			      db->hdb_name, strerror(ret));
-	return ret;
-    }
-    if((flags & O_ACCMODE) == O_RDONLY)
-	ret = hdb_check_db_format(context, db);
-    else
-	ret = hdb_init_db(context, db);
-    if(ret == HDB_ERR_NOENTRY) {
-	krb5_clear_error_string(context);
-	return 0;
-    }
-    if (ret) {
-	DB_close(context, db);
-	krb5_set_error_string(context, "hdb_open: failed %s database %s",
-			      (flags & O_ACCMODE) == O_RDONLY ? 
-			      "checking format of" : "initialize", 
-			      db->hdb_name);
-    }
-    return ret;
-}
-
-krb5_error_code
-hdb_db_create(krb5_context context, HDB **db, 
-	      const char *filename)
-{
-    *db = calloc(1, sizeof(**db));
-    if (*db == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    (*db)->hdb_db = NULL;
-    (*db)->hdb_name = strdup(filename);
-    if ((*db)->hdb_name == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	free(*db);
-	*db = NULL;
-	return ENOMEM;
-    }
-    (*db)->hdb_master_key_set = 0;
-    (*db)->hdb_openp = 0;
-    (*db)->hdb_open = DB_open;
-    (*db)->hdb_close = DB_close;
-    (*db)->hdb_fetch = _hdb_fetch;
-    (*db)->hdb_store = _hdb_store;
-    (*db)->hdb_remove = _hdb_remove;
-    (*db)->hdb_firstkey = DB_firstkey;
-    (*db)->hdb_nextkey= DB_nextkey;
-    (*db)->hdb_lock = DB_lock;
-    (*db)->hdb_unlock = DB_unlock;
-    (*db)->hdb_rename = DB_rename;
-    (*db)->hdb__get = DB__get;
-    (*db)->hdb__put = DB__put;
-    (*db)->hdb__del = DB__del;
-    (*db)->hdb_destroy = DB_destroy;
-    return 0;
-}
-
-#endif /* HAVE_DB1 */
diff --git a/crypto/heimdal/lib/hdb/db3.c b/crypto/heimdal/lib/hdb/db3.c
deleted file mode 100644
index 45ccbef79198..000000000000
--- a/crypto/heimdal/lib/hdb/db3.c
+++ /dev/null
@@ -1,358 +0,0 @@
-/*
- * Copyright (c) 1997 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hdb_locl.h"
-
-RCSID("$Id: db3.c 21610 2007-07-17 07:10:45Z lha $");
-
-#if HAVE_DB3
-
-#ifdef HAVE_DB4_DB_H
-#include <db4/db.h>
-#elif defined(HAVE_DB3_DB_H)
-#include <db3/db.h>
-#else
-#include <db.h>
-#endif
-
-static krb5_error_code
-DB_close(krb5_context context, HDB *db)
-{
-    DB *d = (DB*)db->hdb_db;
-    DBC *dbcp = (DBC*)db->hdb_dbc;
-
-    (*dbcp->c_close)(dbcp);
-    db->hdb_dbc = 0;
-    (*d->close)(d, 0);
-    return 0;
-}
-
-static krb5_error_code
-DB_destroy(krb5_context context, HDB *db)
-{
-    krb5_error_code ret;
-
-    ret = hdb_clear_master_key (context, db);
-    free(db->hdb_name);
-    free(db);
-    return ret;
-}
-
-static krb5_error_code
-DB_lock(krb5_context context, HDB *db, int operation)
-{
-    DB *d = (DB*)db->hdb_db;
-    int fd;
-    if ((*d->fd)(d, &fd))
-	return HDB_ERR_CANT_LOCK_DB;
-    return hdb_lock(fd, operation);
-}
-
-static krb5_error_code
-DB_unlock(krb5_context context, HDB *db)
-{
-    DB *d = (DB*)db->hdb_db;
-    int fd;
-    if ((*d->fd)(d, &fd))
-	return HDB_ERR_CANT_LOCK_DB;
-    return hdb_unlock(fd);
-}
-
-
-static krb5_error_code
-DB_seq(krb5_context context, HDB *db,
-       unsigned flags, hdb_entry_ex *entry, int flag)
-{
-    DBT key, value;
-    DBC *dbcp = db->hdb_dbc;
-    krb5_data key_data, data;
-    int code;
-
-    memset(&key, 0, sizeof(DBT));
-    memset(&value, 0, sizeof(DBT));
-    if ((*db->hdb_lock)(context, db, HDB_RLOCK))
-	return HDB_ERR_DB_INUSE;
-    code = (*dbcp->c_get)(dbcp, &key, &value, flag);
-    (*db->hdb_unlock)(context, db); /* XXX check value */
-    if (code == DB_NOTFOUND)
-	return HDB_ERR_NOENTRY;
-    if (code)
-	return code;
-
-    key_data.data = key.data;
-    key_data.length = key.size;
-    data.data = value.data;
-    data.length = value.size;
-    memset(entry, 0, sizeof(*entry));
-    if (hdb_value2entry(context, &data, &entry->entry))
-	return DB_seq(context, db, flags, entry, DB_NEXT);
-    if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
-	code = hdb_unseal_keys (context, db, &entry->entry);
-	if (code)
-	    hdb_free_entry (context, entry);
-    }
-    if (entry->entry.principal == NULL) {
-	entry->entry.principal = malloc(sizeof(*entry->entry.principal));
-	if (entry->entry.principal == NULL) {
-	    hdb_free_entry (context, entry);
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	} else {
-	    hdb_key2principal(context, &key_data, entry->entry.principal);
-	}
-    }
-    return 0;
-}
-
-
-static krb5_error_code
-DB_firstkey(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
-{
-    return DB_seq(context, db, flags, entry, DB_FIRST);
-}
-
-
-static krb5_error_code
-DB_nextkey(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
-{
-    return DB_seq(context, db, flags, entry, DB_NEXT);
-}
-
-static krb5_error_code
-DB_rename(krb5_context context, HDB *db, const char *new_name)
-{
-    int ret;
-    char *old, *new;
-
-    asprintf(&old, "%s.db", db->hdb_name);
-    asprintf(&new, "%s.db", new_name);
-    ret = rename(old, new);
-    free(old);
-    free(new);
-    if(ret)
-	return errno;
-    
-    free(db->hdb_name);
-    db->hdb_name = strdup(new_name);
-    return 0;
-}
-
-static krb5_error_code
-DB__get(krb5_context context, HDB *db, krb5_data key, krb5_data *reply)
-{
-    DB *d = (DB*)db->hdb_db;
-    DBT k, v;
-    int code;
-
-    memset(&k, 0, sizeof(DBT));
-    memset(&v, 0, sizeof(DBT));
-    k.data = key.data;
-    k.size = key.length;
-    k.flags = 0;
-    if ((code = (*db->hdb_lock)(context, db, HDB_RLOCK)))
-	return code;
-    code = (*d->get)(d, NULL, &k, &v, 0);
-    (*db->hdb_unlock)(context, db);
-    if(code == DB_NOTFOUND)
-	return HDB_ERR_NOENTRY;
-    if(code)
-	return code;
-
-    krb5_data_copy(reply, v.data, v.size);
-    return 0;
-}
-
-static krb5_error_code
-DB__put(krb5_context context, HDB *db, int replace, 
-	krb5_data key, krb5_data value)
-{
-    DB *d = (DB*)db->hdb_db;
-    DBT k, v;
-    int code;
-
-    memset(&k, 0, sizeof(DBT));
-    memset(&v, 0, sizeof(DBT));
-    k.data = key.data;
-    k.size = key.length;
-    k.flags = 0;
-    v.data = value.data;
-    v.size = value.length;
-    v.flags = 0;
-    if ((code = (*db->hdb_lock)(context, db, HDB_WLOCK)))
-	return code;
-    code = (*d->put)(d, NULL, &k, &v, replace ? 0 : DB_NOOVERWRITE);
-    (*db->hdb_unlock)(context, db);
-    if(code == DB_KEYEXIST)
-	return HDB_ERR_EXISTS;
-    if(code)
-	return errno;
-    return 0;
-}
-
-static krb5_error_code
-DB__del(krb5_context context, HDB *db, krb5_data key)
-{
-    DB *d = (DB*)db->hdb_db;
-    DBT k;
-    krb5_error_code code;
-    memset(&k, 0, sizeof(DBT));
-    k.data = key.data;
-    k.size = key.length;
-    k.flags = 0;
-    code = (*db->hdb_lock)(context, db, HDB_WLOCK);
-    if(code)
-	return code;
-    code = (*d->del)(d, NULL, &k, 0);
-    (*db->hdb_unlock)(context, db);
-    if(code == DB_NOTFOUND)
-	return HDB_ERR_NOENTRY;
-    if(code)
-	return code;
-    return 0;
-}
-
-static krb5_error_code
-DB_open(krb5_context context, HDB *db, int flags, mode_t mode)
-{
-    DBC *dbc = NULL;
-    char *fn;
-    krb5_error_code ret;
-    DB *d;
-    int myflags = 0;
-
-    if (flags & O_CREAT)
-      myflags |= DB_CREATE;
-
-    if (flags & O_EXCL)
-      myflags |= DB_EXCL;
-
-    if((flags & O_ACCMODE) == O_RDONLY)
-      myflags |= DB_RDONLY;
-
-    if (flags & O_TRUNC)
-      myflags |= DB_TRUNCATE;
-
-    asprintf(&fn, "%s.db", db->hdb_name);
-    if (fn == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    db_create(&d, NULL, 0);
-    db->hdb_db = d;
-
-#if (DB_VERSION_MAJOR >= 4) && (DB_VERSION_MINOR >= 1)
-    ret = (*d->open)(db->hdb_db, NULL, fn, NULL, DB_BTREE, myflags, mode);
-#else
-    ret = (*d->open)(db->hdb_db, fn, NULL, DB_BTREE, myflags, mode);
-#endif
-
-    if (ret == ENOENT) {
-	/* try to open without .db extension */
-#if (DB_VERSION_MAJOR >= 4) && (DB_VERSION_MINOR >= 1)
-	ret = (*d->open)(db->hdb_db, NULL, db->hdb_name, NULL, DB_BTREE,
-			 myflags, mode);
-#else
-	ret = (*d->open)(db->hdb_db, db->hdb_name, NULL, DB_BTREE, 
-			 myflags, mode);
-#endif
-    }
-
-    if (ret) {
-	free(fn);
-	krb5_set_error_string(context, "opening %s: %s",
-			      db->hdb_name, strerror(ret));
-	return ret;
-    }
-    free(fn);
-
-    ret = (*d->cursor)(d, NULL, &dbc, 0);
-    if (ret) {
-	krb5_set_error_string(context, "d->cursor: %s", strerror(ret));
-        return ret;
-    }
-    db->hdb_dbc = dbc;
-
-    if((flags & O_ACCMODE) == O_RDONLY)
-	ret = hdb_check_db_format(context, db);
-    else
-	ret = hdb_init_db(context, db);
-    if(ret == HDB_ERR_NOENTRY)
-	return 0;
-    if (ret) {
-	DB_close(context, db);
-	krb5_set_error_string(context, "hdb_open: failed %s database %s",
-			      (flags & O_ACCMODE) == O_RDONLY ? 
-			      "checking format of" : "initialize", 
-			      db->hdb_name);
-    }
-
-    return ret;
-}
-
-krb5_error_code
-hdb_db_create(krb5_context context, HDB **db, 
-	      const char *filename)
-{
-    *db = calloc(1, sizeof(**db));
-    if (*db == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    (*db)->hdb_db = NULL;
-    (*db)->hdb_name = strdup(filename);
-    if ((*db)->hdb_name == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	free(*db);
-	*db = NULL;
-	return ENOMEM;
-    }
-    (*db)->hdb_master_key_set = 0;
-    (*db)->hdb_openp = 0;
-    (*db)->hdb_open  = DB_open;
-    (*db)->hdb_close = DB_close;
-    (*db)->hdb_fetch = _hdb_fetch;
-    (*db)->hdb_store = _hdb_store;
-    (*db)->hdb_remove = _hdb_remove;
-    (*db)->hdb_firstkey = DB_firstkey;
-    (*db)->hdb_nextkey= DB_nextkey;
-    (*db)->hdb_lock = DB_lock;
-    (*db)->hdb_unlock = DB_unlock;
-    (*db)->hdb_rename = DB_rename;
-    (*db)->hdb__get = DB__get;
-    (*db)->hdb__put = DB__put;
-    (*db)->hdb__del = DB__del;
-    (*db)->hdb_destroy = DB_destroy;
-    return 0;
-}
-#endif /* HAVE_DB3 */
diff --git a/crypto/heimdal/lib/hdb/dbinfo.c b/crypto/heimdal/lib/hdb/dbinfo.c
deleted file mode 100644
index d43e31b39ad3..000000000000
--- a/crypto/heimdal/lib/hdb/dbinfo.c
+++ /dev/null
@@ -1,266 +0,0 @@
-/*
- * Copyright (c) 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hdb_locl.h"
-
-RCSID("$Id: dbinfo.c 22306 2007-12-14 12:22:38Z lha $");
-
-struct hdb_dbinfo {
-    char *label;
-    char *realm;
-    char *dbname;
-    char *mkey_file;
-    char *acl_file;
-    char *log_file;
-    const krb5_config_binding *binding;
-    struct hdb_dbinfo *next;
-};
-
-static int
-get_dbinfo(krb5_context context,
-	   const krb5_config_binding *db_binding,
-	   const char *label,
-	   struct hdb_dbinfo **db)
-{
-    struct hdb_dbinfo *di;
-    const char *p;
-
-    *db = NULL;
-
-    p = krb5_config_get_string(context, db_binding, "dbname", NULL);
-    if(p == NULL)
-	return 0;
-
-    di = calloc(1, sizeof(*di));
-    if (di == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    di->label = strdup(label);
-    di->dbname = strdup(p);
-
-    p = krb5_config_get_string(context, db_binding, "realm", NULL);
-    if(p)
-	di->realm = strdup(p);
-    p = krb5_config_get_string(context, db_binding, "mkey_file", NULL);
-    if(p)
-	di->mkey_file = strdup(p);
-    p = krb5_config_get_string(context, db_binding, "acl_file", NULL);
-    if(p)
-	di->acl_file = strdup(p);
-    p = krb5_config_get_string(context, db_binding, "log_file", NULL);
-    if(p)
-	di->log_file = strdup(p);
-
-    di->binding = db_binding;
-
-    *db = di;
-    return 0;
-}
-
-
-int
-hdb_get_dbinfo(krb5_context context, struct hdb_dbinfo **dbp)
-{
-    const krb5_config_binding *db_binding;
-    struct hdb_dbinfo *di, **dt, *databases;
-    const char *default_dbname = HDB_DEFAULT_DB;
-    const char *default_mkey = HDB_DB_DIR "/m-key";
-    const char *default_acl = HDB_DB_DIR "/kadmind.acl";
-    const char *p;
-    int ret;
-
-    *dbp = NULL;
-    dt = NULL;
-    databases = NULL;
-
-    db_binding = krb5_config_get(context, NULL, krb5_config_list,
-				 "kdc", 
-				 "database",
-				 NULL);
-    if (db_binding) {
-
-	ret = get_dbinfo(context, db_binding, "default", &di);
-	if (ret == 0 && di) {
-	    databases = di;
-	    dt = &di->next;
-	}		
-
-	for ( ; db_binding != NULL; db_binding = db_binding->next) {
-
-	    if (db_binding->type != krb5_config_list)
-		continue;
-
-	    ret = get_dbinfo(context, db_binding->u.list, 
-			     db_binding->name, &di);
-	    if (ret)
-		krb5_err(context, 1, ret, "failed getting realm");
-
-	    if (di == NULL)
-		continue;
-
-	    if (dt)
-		*dt = di;
-	    else
-		databases = di;
-	    dt = &di->next;
-
-	}
-    }
-
-    if(databases == NULL) {
-	/* if there are none specified, create one and use defaults */
-	di = calloc(1, sizeof(*di));
-	databases = di;
-	di->label = strdup("default");
-    }
-
-    for(di = databases; di; di = di->next) {
-	if(di->dbname == NULL) {
-	    di->dbname = strdup(default_dbname);
-	    if (di->mkey_file == NULL)
-		di->mkey_file = strdup(default_mkey);
-	}
-	if(di->mkey_file == NULL) {
-	    p = strrchr(di->dbname, '.');
-	    if(p == NULL || strchr(p, '/') != NULL)
-		/* final pathname component does not contain a . */
-		asprintf(&di->mkey_file, "%s.mkey", di->dbname);
-	    else
-		/* the filename is something.else, replace .else with
-                   .mkey */
-		asprintf(&di->mkey_file, "%.*s.mkey", 
-			 (int)(p - di->dbname), di->dbname);
-	}
-	if(di->acl_file == NULL)
-	    di->acl_file = strdup(default_acl);
-    }
-    *dbp = databases;
-    return 0;
-}
-
-
-struct hdb_dbinfo *
-hdb_dbinfo_get_next(struct hdb_dbinfo *dbp, struct hdb_dbinfo *dbprevp)
-{
-    if (dbprevp == NULL)
-	return dbp;
-    else
-	return dbprevp->next;
-}
-
-const char *
-hdb_dbinfo_get_label(krb5_context context, struct hdb_dbinfo *dbp)
-{
-    return dbp->label;
-}
-
-const char *
-hdb_dbinfo_get_realm(krb5_context context, struct hdb_dbinfo *dbp)
-{
-    return dbp->realm;
-}
-
-const char *
-hdb_dbinfo_get_dbname(krb5_context context, struct hdb_dbinfo *dbp)
-{
-    return dbp->dbname;
-}
-
-const char *
-hdb_dbinfo_get_mkey_file(krb5_context context, struct hdb_dbinfo *dbp)
-{
-    return dbp->mkey_file;
-}
-
-const char *
-hdb_dbinfo_get_acl_file(krb5_context context, struct hdb_dbinfo *dbp)
-{
-    return dbp->acl_file;
-}
-
-const char *
-hdb_dbinfo_get_log_file(krb5_context context, struct hdb_dbinfo *dbp)
-{
-    return dbp->log_file;
-}
-
-const krb5_config_binding *
-hdb_dbinfo_get_binding(krb5_context context, struct hdb_dbinfo *dbp)
-{
-    return dbp->binding;
-}
-
-void
-hdb_free_dbinfo(krb5_context context, struct hdb_dbinfo **dbp)
-{
-    struct hdb_dbinfo *di, *ndi;
-
-    for(di = *dbp; di != NULL; di = ndi) {
-	ndi = di->next;
-	free (di->realm);
-	free (di->dbname);
-	if (di->mkey_file)
-	    free (di->mkey_file);
-	free(di);
-    }
-    *dbp = NULL;
-}
-
-/**
- * Return the directory where the hdb database resides.
- *
- * @param context Kerberos 5 context.
- *
- * @return string pointing to directory.
- */
-
-const char *
-hdb_db_dir(krb5_context context)
-{
-    return HDB_DB_DIR;
-}
-
-/**
- * Return the default hdb database resides.
- *
- * @param context Kerberos 5 context.
- *
- * @return string pointing to directory.
- */
-
-const char *
-hdb_default_db(krb5_context context)
-{
-    return HDB_DEFAULT_DB;
-}
diff --git a/crypto/heimdal/lib/hdb/ext.c b/crypto/heimdal/lib/hdb/ext.c
deleted file mode 100644
index 5f60999946b8..000000000000
--- a/crypto/heimdal/lib/hdb/ext.c
+++ /dev/null
@@ -1,418 +0,0 @@
-/*
- * Copyright (c) 2004 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hdb_locl.h"
-#include <der.h>
-
-RCSID("$Id: ext.c 21113 2007-06-18 12:59:32Z lha $");
-
-krb5_error_code
-hdb_entry_check_mandatory(krb5_context context, const hdb_entry *ent)
-{
-    int i;
-
-    if (ent->extensions == NULL)
-	return 0;
-
-    /* 
-     * check for unknown extensions and if they where tagged mandatory
-     */
-
-    for (i = 0; i < ent->extensions->len; i++) {
-	if (ent->extensions->val[i].data.element != 
-	    choice_HDB_extension_data_asn1_ellipsis)
-	    continue;
-	if (ent->extensions->val[i].mandatory) {
-	    krb5_set_error_string(context,  "Principal have unknown "
-				  "mandatory extension");
-	    return HDB_ERR_MANDATORY_OPTION;
-	}
-    }
-    return 0;
-}
-
-HDB_extension *
-hdb_find_extension(const hdb_entry *entry, int type)
-{
-    int i;
-
-    if (entry->extensions == NULL)
-	return NULL;
-
-    for (i = 0; i < entry->extensions->len; i++)
-	if (entry->extensions->val[i].data.element == type)
-	    return &entry->extensions->val[i];
-    return NULL;
-}
-
-/*
- * Replace the extension `ext' in `entry'. Make a copy of the
- * extension, so the caller must still free `ext' on both success and
- * failure. Returns 0 or error code.
- */
-
-krb5_error_code
-hdb_replace_extension(krb5_context context, 
-		      hdb_entry *entry, 
-		      const HDB_extension *ext)
-{
-    HDB_extension *ext2;
-    HDB_extension *es;
-    int ret;
-
-    ext2 = NULL;
-
-    if (entry->extensions == NULL) {
-	entry->extensions = calloc(1, sizeof(*entry->extensions));
-	if (entry->extensions == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-    } else if (ext->data.element != choice_HDB_extension_data_asn1_ellipsis) {
-	ext2 = hdb_find_extension(entry, ext->data.element);
-    } else {
-	/* 
-	 * This is an unknown extention, and we are asked to replace a
-	 * possible entry in `entry' that is of the same type. This
-	 * might seem impossible, but ASN.1 CHOICE comes to our
-	 * rescue. The first tag in each branch in the CHOICE is
-	 * unique, so just find the element in the list that have the
-	 * same tag was we are putting into the list.
-	 */
-	Der_class replace_class, list_class;
-	Der_type replace_type, list_type;
-	unsigned int replace_tag, list_tag;
-	size_t size;
-	int i;
-
-	ret = der_get_tag(ext->data.u.asn1_ellipsis.data,
-			  ext->data.u.asn1_ellipsis.length,
-			  &replace_class, &replace_type, &replace_tag,
-			  &size);
-	if (ret) {
-	    krb5_set_error_string(context, "hdb: failed to decode "
-				  "replacement hdb extention");
-	    return ret;
-	}
-
-	for (i = 0; i < entry->extensions->len; i++) {
-	    HDB_extension *ext3 = &entry->extensions->val[i];
-
-	    if (ext3->data.element != choice_HDB_extension_data_asn1_ellipsis)
-		continue;
-
-	    ret = der_get_tag(ext3->data.u.asn1_ellipsis.data,
-			      ext3->data.u.asn1_ellipsis.length,
-			      &list_class, &list_type, &list_tag,
-			      &size);
-	    if (ret) {
-		krb5_set_error_string(context, "hdb: failed to decode "
-				      "present hdb extention");
-		return ret;
-	    }
-
-	    if (MAKE_TAG(replace_class,replace_type,replace_type) ==
-		MAKE_TAG(list_class,list_type,list_type)) {
-		ext2 = ext3;
-		break;
-	    }
-	}
-    }
-
-    if (ext2) {
-	free_HDB_extension(ext2);
-	ret = copy_HDB_extension(ext, ext2);
-	if (ret)
-	    krb5_set_error_string(context, "hdb: failed to copy replacement "
-				  "hdb extention");
-	return ret;
-    }
-
-    es = realloc(entry->extensions->val, 
-		 (entry->extensions->len+1)*sizeof(entry->extensions->val[0]));
-    if (es == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    entry->extensions->val = es;
-
-    ret = copy_HDB_extension(ext,
-			     &entry->extensions->val[entry->extensions->len]);
-    if (ret == 0)
-	entry->extensions->len++;
-    else
-	krb5_set_error_string(context, "hdb: failed to copy new extension");
-
-    return ret;
-}
-
-krb5_error_code
-hdb_clear_extension(krb5_context context, 
-		    hdb_entry *entry, 
-		    int type)
-{
-    int i;
-
-    if (entry->extensions == NULL)
-	return 0;
-
-    for (i = 0; i < entry->extensions->len; i++) {
-	if (entry->extensions->val[i].data.element == type) {
-	    free_HDB_extension(&entry->extensions->val[i]);
-	    memmove(&entry->extensions->val[i],
-		    &entry->extensions->val[i + 1],
-		    sizeof(entry->extensions->val[i]) * (entry->extensions->len - i - 1));
-	    entry->extensions->len--;
-	}
-    }
-    if (entry->extensions->len == 0) {
-	free(entry->extensions->val);
-	free(entry->extensions);
-	entry->extensions = NULL;
-    }
-
-    return 0;
-}
-
-
-krb5_error_code
-hdb_entry_get_pkinit_acl(const hdb_entry *entry, const HDB_Ext_PKINIT_acl **a)
-{
-    const HDB_extension *ext;
-
-    ext = hdb_find_extension(entry, choice_HDB_extension_data_pkinit_acl);
-    if (ext)
-	*a = &ext->data.u.pkinit_acl;
-    else
-	*a = NULL;
-
-    return 0;
-}
-
-krb5_error_code
-hdb_entry_get_pkinit_hash(const hdb_entry *entry, const HDB_Ext_PKINIT_hash **a)
-{
-    const HDB_extension *ext;
-
-    ext = hdb_find_extension(entry, choice_HDB_extension_data_pkinit_cert_hash);
-    if (ext)
-	*a = &ext->data.u.pkinit_cert_hash;
-    else
-	*a = NULL;
-
-    return 0;
-}
-
-krb5_error_code
-hdb_entry_get_pw_change_time(const hdb_entry *entry, time_t *t)
-{
-    const HDB_extension *ext;
-
-    ext = hdb_find_extension(entry, choice_HDB_extension_data_last_pw_change);
-    if (ext)
-	*t = ext->data.u.last_pw_change;
-    else
-	*t = 0;
-
-    return 0;
-}
-
-krb5_error_code
-hdb_entry_set_pw_change_time(krb5_context context, 
-			     hdb_entry *entry,
-			     time_t t)
-{
-    HDB_extension ext;
-
-    ext.mandatory = FALSE;
-    ext.data.element = choice_HDB_extension_data_last_pw_change;
-    if (t == 0)
-	t = time(NULL);
-    ext.data.u.last_pw_change = t;
-
-    return hdb_replace_extension(context, entry, &ext);
-}
-
-int
-hdb_entry_get_password(krb5_context context, HDB *db, 
-		       const hdb_entry *entry, char **p)
-{
-    HDB_extension *ext;
-    char *str;
-    int ret;
-
-    ext = hdb_find_extension(entry, choice_HDB_extension_data_password);
-    if (ext) {
-	heim_utf8_string str;
-	heim_octet_string pw;
-
-	if (db->hdb_master_key_set && ext->data.u.password.mkvno) {
-	    hdb_master_key key;
-
-	    key = _hdb_find_master_key(ext->data.u.password.mkvno, 
-				       db->hdb_master_key);
-
-	    if (key == NULL) {
-		krb5_set_error_string(context, "master key %d missing",
-				      *ext->data.u.password.mkvno);
-		return HDB_ERR_NO_MKEY;
-	    }
-
-	    ret = _hdb_mkey_decrypt(context, key, HDB_KU_MKEY,
-				    ext->data.u.password.password.data,
-				    ext->data.u.password.password.length,
-				    &pw);
-	} else {
-	    ret = der_copy_octet_string(&ext->data.u.password.password, &pw);
-	}
-	if (ret) {
-	    krb5_clear_error_string(context);
-	    return ret;
-	}
-
-	str = pw.data;
-	if (str[pw.length - 1] != '\0') {
-	    krb5_set_error_string(context, "password malformated");
-	    return EINVAL;
-	}
-
-	*p = strdup(str);
-
-	der_free_octet_string(&pw);
-	if (*p == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	return 0;
-    }
-
-    ret = krb5_unparse_name(context, entry->principal, &str);
-    if (ret == 0) {
-	krb5_set_error_string(context, "no password attributefor %s", str);
-	free(str);
-    } else 
-	krb5_clear_error_string(context);
-
-    return ENOENT;
-}
-
-int
-hdb_entry_set_password(krb5_context context, HDB *db, 
-		       hdb_entry *entry, const char *p)
-{
-    HDB_extension ext;
-    hdb_master_key key;
-    int ret;
-
-    ext.mandatory = FALSE;
-    ext.data.element = choice_HDB_extension_data_password;
-
-    if (db->hdb_master_key_set) {
-
-	key = _hdb_find_master_key(NULL, db->hdb_master_key);
-	if (key == NULL) {
-	    krb5_set_error_string(context, "hdb_entry_set_password: "
-				  "failed to find masterkey");
-	    return HDB_ERR_NO_MKEY;
-	}
-
-	ret = _hdb_mkey_encrypt(context, key, HDB_KU_MKEY,
-				p, strlen(p) + 1, 
-				&ext.data.u.password.password);
-	if (ret)
-	    return ret;
-
-	ext.data.u.password.mkvno = 
-	    malloc(sizeof(*ext.data.u.password.mkvno));
-	if (ext.data.u.password.mkvno == NULL) {
-	    free_HDB_extension(&ext);
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	*ext.data.u.password.mkvno = _hdb_mkey_version(key);
-
-    } else {
-	ext.data.u.password.mkvno = NULL;
-
-	ret = krb5_data_copy(&ext.data.u.password.password, 
-			     p, strlen(p) + 1);
-	if (ret) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    free_HDB_extension(&ext);
-	    return ret;
-	}
-    }
-
-    ret = hdb_replace_extension(context, entry, &ext);
-
-    free_HDB_extension(&ext);
-
-    return ret;
-}
-
-int
-hdb_entry_clear_password(krb5_context context, hdb_entry *entry)
-{
-    return hdb_clear_extension(context, entry, 
-			       choice_HDB_extension_data_password);
-}
-
-krb5_error_code
-hdb_entry_get_ConstrainedDelegACL(const hdb_entry *entry, 
-				  const HDB_Ext_Constrained_delegation_acl **a)
-{
-    const HDB_extension *ext;
-
-    ext = hdb_find_extension(entry, 
-			     choice_HDB_extension_data_allowed_to_delegate_to);
-    if (ext)
-	*a = &ext->data.u.allowed_to_delegate_to;
-    else
-	*a = NULL;
-
-    return 0;
-}
-
-krb5_error_code
-hdb_entry_get_aliases(const hdb_entry *entry, const HDB_Ext_Aliases **a)
-{
-    const HDB_extension *ext;
-
-    ext = hdb_find_extension(entry, choice_HDB_extension_data_aliases);
-    if (ext)
-	*a = &ext->data.u.aliases;
-    else
-	*a = NULL;
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/hdb/hdb-ldap.c b/crypto/heimdal/lib/hdb/hdb-ldap.c
deleted file mode 100644
index c9f3d37cd339..000000000000
--- a/crypto/heimdal/lib/hdb/hdb-ldap.c
+++ /dev/null
@@ -1,1829 +0,0 @@
-/*
- * Copyright (c) 1999-2001, 2003, PADL Software Pty Ltd.
- * Copyright (c) 2004, Andrew Bartlett.
- * Copyright (c) 2003 - 2007, Kungliga Tekniska H�gskolan.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of PADL Software  nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "hdb_locl.h"
-
-RCSID("$Id: hdb-ldap.c 22071 2007-11-14 20:04:50Z lha $");
-
-#ifdef OPENLDAP
-
-#include <lber.h>
-#include <ldap.h>
-#include <sys/un.h>
-#include <hex.h>
-
-static krb5_error_code LDAP__connect(krb5_context context, HDB *);
-static krb5_error_code LDAP_close(krb5_context context, HDB *);
-
-static krb5_error_code
-LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
-		   hdb_entry_ex * ent);
-
-static const char *default_structural_object = "account";
-static char *structural_object;
-static krb5_boolean samba_forwardable;
-
-struct hdbldapdb {
-    LDAP *h_lp;
-    int   h_msgid;
-    char *h_base;
-    char *h_url;
-    char *h_createbase;
-};
-
-#define HDB2LDAP(db) (((struct hdbldapdb *)(db)->hdb_db)->h_lp)
-#define HDB2MSGID(db) (((struct hdbldapdb *)(db)->hdb_db)->h_msgid)
-#define HDBSETMSGID(db,msgid) \
-	do { ((struct hdbldapdb *)(db)->hdb_db)->h_msgid = msgid; } while(0)
-#define HDB2BASE(dn) (((struct hdbldapdb *)(db)->hdb_db)->h_base)
-#define HDB2URL(dn) (((struct hdbldapdb *)(db)->hdb_db)->h_url)
-#define HDB2CREATE(db) (((struct hdbldapdb *)(db)->hdb_db)->h_createbase)
-
-/*
- *
- */
-
-static char * krb5kdcentry_attrs[] = { 
-    "cn",
-    "createTimestamp",
-    "creatorsName",
-    "krb5EncryptionType",
-    "krb5KDCFlags",
-    "krb5Key",
-    "krb5KeyVersionNumber",
-    "krb5MaxLife",
-    "krb5MaxRenew",
-    "krb5PasswordEnd",
-    "krb5PrincipalName",
-    "krb5PrincipalRealm",
-    "krb5ValidEnd",
-    "krb5ValidStart",
-    "modifiersName",
-    "modifyTimestamp",
-    "objectClass",
-    "sambaAcctFlags",
-    "sambaKickoffTime",
-    "sambaNTPassword",
-    "sambaPwdLastSet",
-    "sambaPwdMustChange",
-    "uid",
-    NULL
-};
-
-static char *krb5principal_attrs[] = {
-    "cn",
-    "createTimestamp",
-    "creatorsName",
-    "krb5PrincipalName",
-    "krb5PrincipalRealm",
-    "modifiersName",
-    "modifyTimestamp",
-    "objectClass",
-    "uid",
-    NULL
-};
-
-static int
-LDAP_no_size_limit(krb5_context context, LDAP *lp)
-{
-    int ret, limit = LDAP_NO_LIMIT;
-
-    ret = ldap_set_option(lp, LDAP_OPT_SIZELIMIT, (const void *)&limit);
-    if (ret != LDAP_SUCCESS) {
-	krb5_set_error_string(context, "ldap_set_option: %s",
-			      ldap_err2string(ret));
-	return HDB_ERR_BADVERSION;
-    }
-    return 0;
-}
-
-static int
-check_ldap(krb5_context context, HDB *db, int ret)
-{
-    switch (ret) {
-    case LDAP_SUCCESS:
-	return 0;
-    case LDAP_SERVER_DOWN:
-	LDAP_close(context, db);
-	return 1;
-    default:
-	return 1;
-    }
-}
-
-static krb5_error_code
-LDAP__setmod(LDAPMod *** modlist, int modop, const char *attribute,
-	     int *pIndex)
-{
-    int cMods;
-
-    if (*modlist == NULL) {
-	*modlist = (LDAPMod **)ber_memcalloc(1, sizeof(LDAPMod *));
-	if (*modlist == NULL)
-	    return ENOMEM;
-    }
-
-    for (cMods = 0; (*modlist)[cMods] != NULL; cMods++) {
-	if ((*modlist)[cMods]->mod_op == modop &&
-	    strcasecmp((*modlist)[cMods]->mod_type, attribute) == 0) {
-	    break;
-	}
-    }
-
-    *pIndex = cMods;
-
-    if ((*modlist)[cMods] == NULL) {
-	LDAPMod *mod;
-
-	*modlist = (LDAPMod **)ber_memrealloc(*modlist,
-					      (cMods + 2) * sizeof(LDAPMod *));
-	if (*modlist == NULL)
-	    return ENOMEM;
-
-	(*modlist)[cMods] = (LDAPMod *)ber_memalloc(sizeof(LDAPMod));
-	if ((*modlist)[cMods] == NULL)
-	    return ENOMEM;
-
-	mod = (*modlist)[cMods];
-	mod->mod_op = modop;
-	mod->mod_type = ber_strdup(attribute);
-	if (mod->mod_type == NULL) {
-	    ber_memfree(mod);
-	    (*modlist)[cMods] = NULL;
-	    return ENOMEM;
-	}
-
-	if (modop & LDAP_MOD_BVALUES) {
-	    mod->mod_bvalues = NULL;
-	} else {
-	    mod->mod_values = NULL;
-	}
-
-	(*modlist)[cMods + 1] = NULL;
-    }
-
-    return 0;
-}
-
-static krb5_error_code
-LDAP_addmod_len(LDAPMod *** modlist, int modop, const char *attribute,
-		unsigned char *value, size_t len)
-{
-    krb5_error_code ret;
-    int cMods, i = 0;
-
-    ret = LDAP__setmod(modlist, modop | LDAP_MOD_BVALUES, attribute, &cMods);
-    if (ret)
-	return ret;
-
-    if (value != NULL) {
-	struct berval **bv;
-
-	bv = (*modlist)[cMods]->mod_bvalues;
-	if (bv != NULL) {
-	    for (i = 0; bv[i] != NULL; i++)
-		;
-	    bv = ber_memrealloc(bv, (i + 2) * sizeof(*bv));
-	} else
-	    bv = ber_memalloc(2 * sizeof(*bv));
-	if (bv == NULL)
-	    return ENOMEM;
-
-	(*modlist)[cMods]->mod_bvalues = bv;
-
-	bv[i] = ber_memalloc(sizeof(*bv));;
-	if (bv[i] == NULL)
-	    return ENOMEM;
-
-	bv[i]->bv_val = (void *)value;
-	bv[i]->bv_len = len;
-
-	bv[i + 1] = NULL;
-    }
-
-    return 0;
-}
-
-static krb5_error_code
-LDAP_addmod(LDAPMod *** modlist, int modop, const char *attribute,
-	    const char *value)
-{
-    int cMods, i = 0;
-    krb5_error_code ret;
-
-    ret = LDAP__setmod(modlist, modop, attribute, &cMods);
-    if (ret)
-	return ret;
-
-    if (value != NULL) {
-	char **bv;
-
-	bv = (*modlist)[cMods]->mod_values;
-	if (bv != NULL) {
-	    for (i = 0; bv[i] != NULL; i++)
-		;
-	    bv = ber_memrealloc(bv, (i + 2) * sizeof(*bv));
-	} else
-	    bv = ber_memalloc(2 * sizeof(*bv));
-	if (bv == NULL)
-	    return ENOMEM;
-
-	(*modlist)[cMods]->mod_values = bv;
-
-	bv[i] = ber_strdup(value);
-	if (bv[i] == NULL)
-	    return ENOMEM;
-
-	bv[i + 1] = NULL;
-    }
-
-    return 0;
-}
-
-static krb5_error_code
-LDAP_addmod_generalized_time(LDAPMod *** mods, int modop,
-			     const char *attribute, KerberosTime * time)
-{
-    char buf[22];
-    struct tm *tm;
-
-    /* XXX not threadsafe */
-    tm = gmtime(time);
-    strftime(buf, sizeof(buf), "%Y%m%d%H%M%SZ", tm);
-
-    return LDAP_addmod(mods, modop, attribute, buf);
-}
-
-static krb5_error_code
-LDAP_addmod_integer(krb5_context context,
-		    LDAPMod *** mods, int modop,
-		    const char *attribute, unsigned long l)
-{
-    krb5_error_code ret;
-    char *buf;
-
-    ret = asprintf(&buf, "%ld", l);
-    if (ret < 0) {
-	krb5_set_error_string(context, "asprintf: out of memory:");
-	return ret;
-    }
-    ret = LDAP_addmod(mods, modop, attribute, buf);
-    free (buf);
-    return ret;
-}
-
-static krb5_error_code
-LDAP_get_string_value(HDB * db, LDAPMessage * entry,
-		      const char *attribute, char **ptr)
-{
-    char **vals;
-    int ret;
-
-    vals = ldap_get_values(HDB2LDAP(db), entry, (char *) attribute);
-    if (vals == NULL) {
-	*ptr = NULL;
-	return HDB_ERR_NOENTRY;
-    }
-
-    *ptr = strdup(vals[0]);
-    if (*ptr == NULL)
-	ret = ENOMEM;
-    else
-	ret = 0;
-
-    ldap_value_free(vals);
-
-    return ret;
-}
-
-static krb5_error_code
-LDAP_get_integer_value(HDB * db, LDAPMessage * entry,
-		       const char *attribute, int *ptr)
-{
-    char **vals;
-
-    vals = ldap_get_values(HDB2LDAP(db), entry, (char *) attribute);
-    if (vals == NULL)
-	return HDB_ERR_NOENTRY;
-
-    *ptr = atoi(vals[0]);
-    ldap_value_free(vals);
-    return 0;
-}
-
-static krb5_error_code
-LDAP_get_generalized_time_value(HDB * db, LDAPMessage * entry,
-				const char *attribute, KerberosTime * kt)
-{
-    char *tmp, *gentime;
-    struct tm tm;
-    int ret;
-
-    *kt = 0;
-
-    ret = LDAP_get_string_value(db, entry, attribute, &gentime);
-    if (ret)
-	return ret;
-
-    tmp = strptime(gentime, "%Y%m%d%H%M%SZ", &tm);
-    if (tmp == NULL) {
-	free(gentime);
-	return HDB_ERR_NOENTRY;
-    }
-
-    free(gentime);
-
-    *kt = timegm(&tm);
-
-    return 0;
-}
-
-static krb5_error_code
-LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent,
-		LDAPMessage * msg, LDAPMod *** pmods)
-{
-    krb5_error_code ret;
-    krb5_boolean is_new_entry;
-    char *tmp = NULL;
-    LDAPMod **mods = NULL;
-    hdb_entry_ex orig;
-    unsigned long oflags, nflags;
-    int i;
-
-    krb5_boolean is_samba_account = FALSE;
-    krb5_boolean is_account = FALSE;
-    krb5_boolean is_heimdal_entry = FALSE;
-    krb5_boolean is_heimdal_principal = FALSE;
-
-    char **values;
-
-    *pmods = NULL;
-
-    if (msg != NULL) {
-
-	ret = LDAP_message2entry(context, db, msg, &orig);
-	if (ret)
-	    goto out;
-
-	is_new_entry = FALSE;
-	    
-	values = ldap_get_values(HDB2LDAP(db), msg, "objectClass");
-	if (values) {
-	    int num_objectclasses = ldap_count_values(values);
-	    for (i=0; i < num_objectclasses; i++) {
-		if (strcasecmp(values[i], "sambaSamAccount") == 0) {
-		    is_samba_account = TRUE;
-		} else if (strcasecmp(values[i], structural_object) == 0) {
-		    is_account = TRUE;
-		} else if (strcasecmp(values[i], "krb5Principal") == 0) {
-		    is_heimdal_principal = TRUE;
-		} else if (strcasecmp(values[i], "krb5KDCEntry") == 0) {
-		    is_heimdal_entry = TRUE;
-		}
-	    }
-	    ldap_value_free(values);
-	}
-
-	/*
-	 * If this is just a "account" entry and no other objectclass
-	 * is hanging on this entry, it's really a new entry.
-	 */
-	if (is_samba_account == FALSE && is_heimdal_principal == FALSE && 
-	    is_heimdal_entry == FALSE) {
-	    if (is_account == TRUE) {
-		is_new_entry = TRUE;
-	    } else {
-		ret = HDB_ERR_NOENTRY;
-		goto out;
-	    }
-	}
-    } else
-	is_new_entry = TRUE;
-
-    if (is_new_entry) {
-
-	/* to make it perfectly obvious we're depending on
-	 * orig being intiialized to zero */
-	memset(&orig, 0, sizeof(orig));
-
-	ret = LDAP_addmod(&mods, LDAP_MOD_ADD, "objectClass", "top");
-	if (ret)
-	    goto out;
-	
-	/* account is the structural object class */
-	if (is_account == FALSE) {
-	    ret = LDAP_addmod(&mods, LDAP_MOD_ADD, "objectClass", 
-			      structural_object);
-	    is_account = TRUE;
-	    if (ret)
-		goto out;
-	}
-
-	ret = LDAP_addmod(&mods, LDAP_MOD_ADD, "objectClass", "krb5Principal");
-	is_heimdal_principal = TRUE;
-	if (ret)
-	    goto out;
-
-	ret = LDAP_addmod(&mods, LDAP_MOD_ADD, "objectClass", "krb5KDCEntry");
-	is_heimdal_entry = TRUE;
-	if (ret)
-	    goto out;
-    }
-
-    if (is_new_entry || 
-	krb5_principal_compare(context, ent->entry.principal, orig.entry.principal)
-	== FALSE)
-    {
-	if (is_heimdal_principal || is_heimdal_entry) {
-
-	    ret = krb5_unparse_name(context, ent->entry.principal, &tmp);
-	    if (ret)
-		goto out;
-
-	    ret = LDAP_addmod(&mods, LDAP_MOD_REPLACE,
-			      "krb5PrincipalName", tmp);
-	    if (ret) {
-		free(tmp);
-		goto out;
-	    }
-	    free(tmp);
-	}
-
-	if (is_account || is_samba_account) {
-	    ret = krb5_unparse_name_short(context, ent->entry.principal, &tmp);
-	    if (ret)
-		goto out;
-	    ret = LDAP_addmod(&mods, LDAP_MOD_REPLACE, "uid", tmp);
-	    if (ret) {
-		free(tmp);
-		goto out;
-	    }
-	    free(tmp);
-	}
-    }
-
-    if (is_heimdal_entry && (ent->entry.kvno != orig.entry.kvno || is_new_entry)) {
-	ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_REPLACE,
-			    "krb5KeyVersionNumber", 
-			    ent->entry.kvno);
-	if (ret)
-	    goto out;
-    }
-
-    if (is_heimdal_entry && ent->entry.valid_start) {
-	if (orig.entry.valid_end == NULL
-	    || (*(ent->entry.valid_start) != *(orig.entry.valid_start))) {
-	    ret = LDAP_addmod_generalized_time(&mods, LDAP_MOD_REPLACE,
-					       "krb5ValidStart",
-					       ent->entry.valid_start);
-	    if (ret)
-		goto out;
-	}
-    }
-
-    if (ent->entry.valid_end) {
- 	if (orig.entry.valid_end == NULL || (*(ent->entry.valid_end) != *(orig.entry.valid_end))) {
-	    if (is_heimdal_entry) { 
-		ret = LDAP_addmod_generalized_time(&mods, LDAP_MOD_REPLACE,
-						   "krb5ValidEnd",
-						   ent->entry.valid_end);
-		if (ret)
-		    goto out;
-            }
-	    if (is_samba_account) {
-		ret = LDAP_addmod_integer(context, &mods,  LDAP_MOD_REPLACE,
-					  "sambaKickoffTime", 
-					  *(ent->entry.valid_end));
-		if (ret)
-		    goto out;
-	    }
-   	}
-    }
-
-    if (ent->entry.pw_end) {
-	if (orig.entry.pw_end == NULL || (*(ent->entry.pw_end) != *(orig.entry.pw_end))) {
-	    if (is_heimdal_entry) {
-		ret = LDAP_addmod_generalized_time(&mods, LDAP_MOD_REPLACE,
-						   "krb5PasswordEnd",
-						   ent->entry.pw_end);
-		if (ret)
-		    goto out;
-	    }
-
-	    if (is_samba_account) {
-		ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_REPLACE,
-					  "sambaPwdMustChange", 
-					  *(ent->entry.pw_end));
-		if (ret)
-		    goto out;
-	    }
-	}
-    }
-
-
-#if 0 /* we we have last_pw_change */
-    if (is_samba_account && ent->entry.last_pw_change) {
-	if (orig.entry.last_pw_change == NULL || (*(ent->entry.last_pw_change) != *(orig.entry.last_pw_change))) {
-	    ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_REPLACE,
-				      "sambaPwdLastSet", 
-				      *(ent->entry.last_pw_change));
-	    if (ret)
-		goto out;
-	}
-    }
-#endif
-
-    if (is_heimdal_entry && ent->entry.max_life) {
-	if (orig.entry.max_life == NULL
-	    || (*(ent->entry.max_life) != *(orig.entry.max_life))) {
-
-	    ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_REPLACE,
-				      "krb5MaxLife", 
-				      *(ent->entry.max_life));
-	    if (ret)
-		goto out;
-	}
-    }
-
-    if (is_heimdal_entry && ent->entry.max_renew) {
-	if (orig.entry.max_renew == NULL
-	    || (*(ent->entry.max_renew) != *(orig.entry.max_renew))) {
-
-	    ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_REPLACE,
-				      "krb5MaxRenew",
-				      *(ent->entry.max_renew));
-	    if (ret)
-		goto out;
-	}
-    }
-
-    oflags = HDBFlags2int(orig.entry.flags);
-    nflags = HDBFlags2int(ent->entry.flags);
-
-    if (is_heimdal_entry && oflags != nflags) {
-
-	ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_REPLACE,
-				  "krb5KDCFlags",
-				  nflags);
-	if (ret)
-	    goto out;
-    }
-
-    /* Remove keys if they exists, and then replace keys. */
-    if (!is_new_entry && orig.entry.keys.len > 0) {
-	values = ldap_get_values(HDB2LDAP(db), msg, "krb5Key");
-	if (values) {
-	    ldap_value_free(values);
-
-	    ret = LDAP_addmod(&mods, LDAP_MOD_DELETE, "krb5Key", NULL);
-	    if (ret)
-		goto out;
-	}
-    }
-
-    for (i = 0; i < ent->entry.keys.len; i++) {
-
-	if (is_samba_account
-	    && ent->entry.keys.val[i].key.keytype == ETYPE_ARCFOUR_HMAC_MD5) {
-	    char *ntHexPassword;
-	    char *nt;
-		    
-	    /* the key might have been 'sealed', but samba passwords
-	       are clear in the directory */
-	    ret = hdb_unseal_key(context, db, &ent->entry.keys.val[i]);
-	    if (ret)
-		goto out;
-		    
-	    nt = ent->entry.keys.val[i].key.keyvalue.data;
-	    /* store in ntPassword, not krb5key */
-	    ret = hex_encode(nt, 16, &ntHexPassword);
-	    if (ret < 0) {
-		krb5_set_error_string(context, "hdb-ldap: failed to "
-				      "hex encode key");
-		ret = ENOMEM;
-		goto out;
-	    }
-	    ret = LDAP_addmod(&mods, LDAP_MOD_REPLACE, "sambaNTPassword", 
-			      ntHexPassword);
-	    free(ntHexPassword);
-	    if (ret)
-		goto out;
-		    
-	    /* have to kill the LM passwod if it exists */
-	    values = ldap_get_values(HDB2LDAP(db), msg, "sambaLMPassword");
-	    if (values) {
-		ldap_value_free(values);
-		ret = LDAP_addmod(&mods, LDAP_MOD_DELETE,
-				  "sambaLMPassword", NULL);
-		if (ret)
-		    goto out;
-	    }
-		    
-	} else if (is_heimdal_entry) {
-	    unsigned char *buf;
-	    size_t len, buf_size;
-
-	    ASN1_MALLOC_ENCODE(Key, buf, buf_size, &ent->entry.keys.val[i], &len, ret);
-	    if (ret)
-		goto out;
-	    if(buf_size != len)
-		krb5_abortx(context, "internal error in ASN.1 encoder");
-
-	    /* addmod_len _owns_ the key, doesn't need to copy it */
-	    ret = LDAP_addmod_len(&mods, LDAP_MOD_ADD, "krb5Key", buf, len);
-	    if (ret)
-		goto out;
-	}
-    }
-
-    if (ent->entry.etypes) {
-	int add_krb5EncryptionType = 0;
-
-	/* 
-	 * Only add/modify krb5EncryptionType if it's a new heimdal
-	 * entry or krb5EncryptionType already exists on the entry.
-	 */
-
-	if (!is_new_entry) {
-	    values = ldap_get_values(HDB2LDAP(db), msg, "krb5EncryptionType");
-	    if (values) {
-		ldap_value_free(values);
-		ret = LDAP_addmod(&mods, LDAP_MOD_DELETE, "krb5EncryptionType",
-				  NULL);
-		if (ret)
-		    goto out;
-		add_krb5EncryptionType = 1;
-	    }
-	} else if (is_heimdal_entry)
-	    add_krb5EncryptionType = 1;
-
-	if (add_krb5EncryptionType) {
-	    for (i = 0; i < ent->entry.etypes->len; i++) {
-		if (is_samba_account && 
-		    ent->entry.keys.val[i].key.keytype == ETYPE_ARCFOUR_HMAC_MD5)
-		{
-		    ;
-		} else if (is_heimdal_entry) {
-		    ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_ADD,
-					      "krb5EncryptionType",
-					      ent->entry.etypes->val[i]);
-		    if (ret)
-			goto out;
-		}
-	    }
-	}
-    }
-
-    /* for clarity */
-    ret = 0;
-
- out:
-
-    if (ret == 0)
-	*pmods = mods;
-    else if (mods != NULL) {
-	ldap_mods_free(mods, 1);
-	*pmods = NULL;
-    }
-
-    if (msg)
-	hdb_free_entry(context, &orig);
-
-    return ret;
-}
-
-static krb5_error_code
-LDAP_dn2principal(krb5_context context, HDB * db, const char *dn,
-		  krb5_principal * principal)
-{
-    krb5_error_code ret;
-    int rc;
-    const char *filter = "(objectClass=krb5Principal)";
-    char **values;
-    LDAPMessage *res = NULL, *e;
-
-    ret = LDAP_no_size_limit(context, HDB2LDAP(db));
-    if (ret)
-	goto out;
-
-    rc = ldap_search_s(HDB2LDAP(db), dn, LDAP_SCOPE_SUBTREE,
-		       filter, krb5principal_attrs,
-		       0, &res);
-    if (check_ldap(context, db, rc)) {
-	krb5_set_error_string(context, "ldap_search_s: filter: %s error: %s",
-			      filter, ldap_err2string(rc));
-	ret = HDB_ERR_NOENTRY;
-	goto out;
-    }
-
-    e = ldap_first_entry(HDB2LDAP(db), res);
-    if (e == NULL) {
-	ret = HDB_ERR_NOENTRY;
-	goto out;
-    }
-
-    values = ldap_get_values(HDB2LDAP(db), e, "krb5PrincipalName");
-    if (values == NULL) {
-	ret = HDB_ERR_NOENTRY;
-	goto out;
-    }
-
-    ret = krb5_parse_name(context, values[0], principal);
-    ldap_value_free(values);
-
-  out:
-    if (res)
-	ldap_msgfree(res);
-
-    return ret;
-}
-
-static krb5_error_code
-LDAP__lookup_princ(krb5_context context,
-		   HDB *db,
-		   const char *princname,
-		   const char *userid,
-		   LDAPMessage **msg)
-{
-    krb5_error_code ret;
-    int rc;
-    char *filter = NULL;
-
-    ret = LDAP__connect(context, db);
-    if (ret)
-	return ret;
-
-    rc = asprintf(&filter,
-		  "(&(objectClass=krb5Principal)(krb5PrincipalName=%s))",
-		  princname);
-    if (rc < 0) {
-	krb5_set_error_string(context, "asprintf: out of memory");
-	ret = ENOMEM;
-	goto out;
-    }
-
-    ret = LDAP_no_size_limit(context, HDB2LDAP(db));
-    if (ret)
-	goto out;
-
-    rc = ldap_search_s(HDB2LDAP(db), HDB2BASE(db), LDAP_SCOPE_SUBTREE, filter, 
-		       krb5kdcentry_attrs, 0, msg);
-    if (check_ldap(context, db, rc)) {
-	krb5_set_error_string(context, "ldap_search_s: filter: %s - error: %s",
-			      filter, ldap_err2string(rc));
-	ret = HDB_ERR_NOENTRY;
-	goto out;
-    }
-
-    if (userid && ldap_count_entries(HDB2LDAP(db), *msg) == 0) {
-	free(filter);
-	filter = NULL;
-	ldap_msgfree(*msg);
-	*msg = NULL;
-	
-	rc = asprintf(&filter,
-	    "(&(|(objectClass=sambaSamAccount)(objectClass=%s))(uid=%s))",
-		      structural_object, userid);
-	if (rc < 0) {
-	    krb5_set_error_string(context, "asprintf: out of memory");
-	    ret = ENOMEM;
-	    goto out;
-	}
-	    
-	ret = LDAP_no_size_limit(context, HDB2LDAP(db));
-	if (ret)
-	    goto out;
-
-	rc = ldap_search_s(HDB2LDAP(db), HDB2BASE(db), LDAP_SCOPE_SUBTREE, 
-			   filter, krb5kdcentry_attrs, 0, msg);
-	if (check_ldap(context, db, rc)) {
-	    krb5_set_error_string(context, 
-				  "ldap_search_s: filter: %s error: %s",
-				  filter, ldap_err2string(rc));
-	    ret = HDB_ERR_NOENTRY;
-	    goto out;
-	}
-    }
-
-    ret = 0;
-
-  out:
-    if (filter)
-	free(filter);
-
-    return ret;
-}
-
-static krb5_error_code
-LDAP_principal2message(krb5_context context, HDB * db,
-		       krb5_const_principal princ, LDAPMessage ** msg)
-{
-    char *name, *name_short = NULL;
-    krb5_error_code ret;
-    krb5_realm *r, *r0;
-
-    *msg = NULL;
-
-    ret = krb5_unparse_name(context, princ, &name);
-    if (ret)
-	return ret;
-
-    ret = krb5_get_default_realms(context, &r0);
-    if(ret) {
-	free(name);
-	return ret;
-    }
-    for (r = r0; *r != NULL; r++) {
-	if(strcmp(krb5_principal_get_realm(context, princ), *r) == 0) {
-	    ret = krb5_unparse_name_short(context, princ, &name_short);
-	    if (ret) {
-		krb5_free_host_realm(context, r0);
-		free(name);
-		return ret;
-	    }
-	    break;
-	}
-    }
-    krb5_free_host_realm(context, r0);
-
-    ret = LDAP__lookup_princ(context, db, name, name_short, msg);
-    free(name);
-    free(name_short);
-
-    return ret;
-}
-
-/*
- * Construct an hdb_entry from a directory entry.
- */
-static krb5_error_code
-LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
-		   hdb_entry_ex * ent)
-{
-    char *unparsed_name = NULL, *dn = NULL, *ntPasswordIN = NULL;
-    char *samba_acct_flags = NULL;
-    unsigned long tmp;
-    struct berval **keys;
-    char **values;
-    int tmp_time, i, ret, have_arcfour = 0;
-
-    memset(ent, 0, sizeof(*ent));
-    ent->entry.flags = int2HDBFlags(0);
-
-    ret = LDAP_get_string_value(db, msg, "krb5PrincipalName", &unparsed_name);
-    if (ret == 0) {
-	ret = krb5_parse_name(context, unparsed_name, &ent->entry.principal);
-	if (ret)
-	    goto out;
-    } else {
-	ret = LDAP_get_string_value(db, msg, "uid",
-				    &unparsed_name);
-	if (ret == 0) {
-	    ret = krb5_parse_name(context, unparsed_name, &ent->entry.principal);
-	    if (ret)
-		goto out;
-	} else {
-	    krb5_set_error_string(context, "hdb-ldap: ldap entry missing"
-				  "principal name");
-	    return HDB_ERR_NOENTRY;
-	}
-    }
-
-    {
-	int integer;
-	ret = LDAP_get_integer_value(db, msg, "krb5KeyVersionNumber",
-				     &integer);
-	if (ret)
-	    ent->entry.kvno = 0;
-	else
-	    ent->entry.kvno = integer;
-    }
-
-    keys = ldap_get_values_len(HDB2LDAP(db), msg, "krb5Key");
-    if (keys != NULL) {
-	int i;
-	size_t l;
-
-	ent->entry.keys.len = ldap_count_values_len(keys);
-	ent->entry.keys.val = (Key *) calloc(ent->entry.keys.len, sizeof(Key));
-	if (ent->entry.keys.val == NULL) {
-	    krb5_set_error_string(context, "calloc: out of memory");
-	    ret = ENOMEM;
-	    goto out;
-	}
-	for (i = 0; i < ent->entry.keys.len; i++) {
-	    decode_Key((unsigned char *) keys[i]->bv_val,
-		       (size_t) keys[i]->bv_len, &ent->entry.keys.val[i], &l);
-	}
-	ber_bvecfree(keys);
-    } else {
-#if 1
-	/*
-	 * This violates the ASN1 but it allows a principal to
-	 * be related to a general directory entry without creating
-	 * the keys. Hopefully it's OK.
-	 */
-	ent->entry.keys.len = 0;
-	ent->entry.keys.val = NULL;
-#else
-	ret = HDB_ERR_NOENTRY;
-	goto out;
-#endif
-    }
-
-    values = ldap_get_values(HDB2LDAP(db), msg, "krb5EncryptionType");
-    if (values != NULL) {
-	int i;
-
-	ent->entry.etypes = malloc(sizeof(*(ent->entry.etypes)));
-	if (ent->entry.etypes == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    ret = ENOMEM;
-	    goto out;
-	}
-	ent->entry.etypes->len = ldap_count_values(values);
-	ent->entry.etypes->val = calloc(ent->entry.etypes->len, sizeof(int));
-	if (ent->entry.etypes->val == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    ret = ENOMEM;
-	    goto out;
-	}
-	for (i = 0; i < ent->entry.etypes->len; i++) {
-	    ent->entry.etypes->val[i] = atoi(values[i]);
-	}
-	ldap_value_free(values);
-    }
-
-    for (i = 0; i < ent->entry.keys.len; i++) {
-	if (ent->entry.keys.val[i].key.keytype == ETYPE_ARCFOUR_HMAC_MD5) {
-	    have_arcfour = 1;
-	    break;
-	}
-    }
-
-    /* manually construct the NT (type 23) key */
-    ret = LDAP_get_string_value(db, msg, "sambaNTPassword", &ntPasswordIN);
-    if (ret == 0 && have_arcfour == 0) {
-	unsigned *etypes;
-	Key *keys;
-	int i;
-
-	keys = realloc(ent->entry.keys.val,
-		       (ent->entry.keys.len + 1) * sizeof(ent->entry.keys.val[0]));
-	if (keys == NULL) {
-	    free(ntPasswordIN);
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    ret = ENOMEM;
-	    goto out;
-	}
-	ent->entry.keys.val = keys;
-	memset(&ent->entry.keys.val[ent->entry.keys.len], 0, sizeof(Key));
-	ent->entry.keys.val[ent->entry.keys.len].key.keytype = ETYPE_ARCFOUR_HMAC_MD5;
-	ret = krb5_data_alloc (&ent->entry.keys.val[ent->entry.keys.len].key.keyvalue, 16);
-	if (ret) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    free(ntPasswordIN);
-	    ret = ENOMEM;
-	    goto out;
-	}
-	ret = hex_decode(ntPasswordIN,
-			 ent->entry.keys.val[ent->entry.keys.len].key.keyvalue.data, 16);
-	ent->entry.keys.len++;
-
-	if (ent->entry.etypes == NULL) {
-	    ent->entry.etypes = malloc(sizeof(*(ent->entry.etypes)));
-	    if (ent->entry.etypes == NULL) {
-		krb5_set_error_string(context, "malloc: out of memory");
-		ret = ENOMEM;
-		goto out;
-	    }
-	    ent->entry.etypes->val = NULL;
-	    ent->entry.etypes->len = 0;
-	}
-
-	for (i = 0; i < ent->entry.etypes->len; i++)
-	    if (ent->entry.etypes->val[i] == ETYPE_ARCFOUR_HMAC_MD5)
-		break;
-	/* If there is no ARCFOUR enctype, add one */
-	if (i == ent->entry.etypes->len) {
-	    etypes = realloc(ent->entry.etypes->val, 
-			     (ent->entry.etypes->len + 1) * 
-			     sizeof(ent->entry.etypes->val[0]));
-	    if (etypes == NULL) {
-		krb5_set_error_string(context, "malloc: out of memory");
-		ret = ENOMEM;
-		goto out;			    
-	    }
-	    ent->entry.etypes->val = etypes;
-	    ent->entry.etypes->val[ent->entry.etypes->len] = 
-		ETYPE_ARCFOUR_HMAC_MD5;
-	    ent->entry.etypes->len++;
-	}
-    }
-
-    ret = LDAP_get_generalized_time_value(db, msg, "createTimestamp",
-					  &ent->entry.created_by.time);
-    if (ret)
-	ent->entry.created_by.time = time(NULL);
-
-    ent->entry.created_by.principal = NULL;
-
-    ret = LDAP_get_string_value(db, msg, "creatorsName", &dn);
-    if (ret == 0) {
-	if (LDAP_dn2principal(context, db, dn, &ent->entry.created_by.principal)
-	    != 0) {
-	    ent->entry.created_by.principal = NULL;
-	}
-	free(dn);
-    }
-
-    ent->entry.modified_by = (Event *) malloc(sizeof(Event));
-    if (ent->entry.modified_by == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	ret = ENOMEM;
-	goto out;
-    }
-    ret = LDAP_get_generalized_time_value(db, msg, "modifyTimestamp",
-					  &ent->entry.modified_by->time);
-    if (ret == 0) {
-	ret = LDAP_get_string_value(db, msg, "modifiersName", &dn);
-	if (LDAP_dn2principal(context, db, dn, &ent->entry.modified_by->principal))
-	    ent->entry.modified_by->principal = NULL;
-	free(dn);
-    } else {
-	free(ent->entry.modified_by);
-	ent->entry.modified_by = NULL;
-    }
-
-    ent->entry.valid_start = malloc(sizeof(*ent->entry.valid_start));
-    if (ent->entry.valid_start == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	ret = ENOMEM;
-	goto out;
-    }
-    ret = LDAP_get_generalized_time_value(db, msg, "krb5ValidStart",
-					  ent->entry.valid_start);
-    if (ret) {
-	/* OPTIONAL */
-	free(ent->entry.valid_start);
-	ent->entry.valid_start = NULL;
-    }
-    
-    ent->entry.valid_end = malloc(sizeof(*ent->entry.valid_end));
-    if (ent->entry.valid_end == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	ret = ENOMEM;
-	goto out;
-    }
-    ret = LDAP_get_generalized_time_value(db, msg, "krb5ValidEnd",
-					  ent->entry.valid_end);
-    if (ret) {
-	/* OPTIONAL */
-	free(ent->entry.valid_end);
-	ent->entry.valid_end = NULL;
-    }
-
-    ret = LDAP_get_integer_value(db, msg, "sambaKickoffTime", &tmp_time);
-    if (ret == 0) {
- 	if (ent->entry.valid_end == NULL) {
- 	    ent->entry.valid_end = malloc(sizeof(*ent->entry.valid_end));
- 	    if (ent->entry.valid_end == NULL) {
- 		krb5_set_error_string(context, "malloc: out of memory");
- 		ret = ENOMEM;
- 		goto out;
- 	    }
- 	}
- 	*ent->entry.valid_end = tmp_time;
-    }
-
-    ent->entry.pw_end = malloc(sizeof(*ent->entry.pw_end));
-    if (ent->entry.pw_end == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	ret = ENOMEM;
-	goto out;
-    }
-    ret = LDAP_get_generalized_time_value(db, msg, "krb5PasswordEnd",
-					  ent->entry.pw_end);
-    if (ret) {
-	/* OPTIONAL */
-	free(ent->entry.pw_end);
-	ent->entry.pw_end = NULL;
-    }
-
-    ret = LDAP_get_integer_value(db, msg, "sambaPwdMustChange", &tmp_time);
-    if (ret == 0) {
-	if (ent->entry.pw_end == NULL) {
-	    ent->entry.pw_end = malloc(sizeof(*ent->entry.pw_end));
-	    if (ent->entry.pw_end == NULL) {
-		krb5_set_error_string(context, "malloc: out of memory");
-		ret = ENOMEM;
-		goto out;
-	    }
-	}
-	*ent->entry.pw_end = tmp_time;
-    }
-
-    /* OPTIONAL */
-    ret = LDAP_get_integer_value(db, msg, "sambaPwdLastSet", &tmp_time);
-    if (ret == 0)
-	hdb_entry_set_pw_change_time(context, &ent->entry, tmp_time);
-
-    {
-	int max_life;
-
-	ent->entry.max_life = malloc(sizeof(*ent->entry.max_life));
-	if (ent->entry.max_life == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    ret = ENOMEM;
-	    goto out;
-	}
-	ret = LDAP_get_integer_value(db, msg, "krb5MaxLife", &max_life);
-	if (ret) {
-	    free(ent->entry.max_life);
-	    ent->entry.max_life = NULL;
-	} else
-	    *ent->entry.max_life = max_life;
-    }
-
-    {
-	int max_renew;
-
-	ent->entry.max_renew = malloc(sizeof(*ent->entry.max_renew));
-	if (ent->entry.max_renew == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    ret = ENOMEM;
-	    goto out;
-	}
-	ret = LDAP_get_integer_value(db, msg, "krb5MaxRenew", &max_renew);
-	if (ret) {
-	    free(ent->entry.max_renew);
-	    ent->entry.max_renew = NULL;
-	} else
-	    *ent->entry.max_renew = max_renew;
-    }
-
-    values = ldap_get_values(HDB2LDAP(db), msg, "krb5KDCFlags");
-    if (values != NULL) {
-	errno = 0;
-	tmp = strtoul(values[0], (char **) NULL, 10);
-	if (tmp == ULONG_MAX && errno == ERANGE) {
-	    krb5_set_error_string(context, "strtoul: could not convert flag");
-	    ret = ERANGE;
-	    goto out;
-	}
-    } else {
-	tmp = 0;
-    }
-
-    ent->entry.flags = int2HDBFlags(tmp);
-
-    /* Try and find Samba flags to put into the mix */
-    ret = LDAP_get_string_value(db, msg, "sambaAcctFlags", &samba_acct_flags);
-    if (ret == 0) {
-	/* parse the [UXW...] string:
-	       
-	   'N'    No password	 
-	   'D'    Disabled	 
-	   'H'    Homedir required	 
-	   'T'    Temp account.	 
-	   'U'    User account (normal) 	 
-	   'M'    MNS logon user account - what is this ? 	 
-	   'W'    Workstation account	 
-	   'S'    Server account 	 
-	   'L'    Locked account	 
-	   'X'    No Xpiry on password 	 
-	   'I'    Interdomain trust account	 
-	    
-	*/	 
-	    
-	int i;
-	int flags_len = strlen(samba_acct_flags);
-
-	if (flags_len < 2)
-	    goto out2;
-
-	if (samba_acct_flags[0] != '[' 
-	    || samba_acct_flags[flags_len - 1] != ']') 
-	    goto out2;
-
-	/* Allow forwarding */
-	if (samba_forwardable)
-	    ent->entry.flags.forwardable = TRUE;
-
-	for (i=0; i < flags_len; i++) {
-	    switch (samba_acct_flags[i]) {
-	    case ' ':
-	    case '[':
-	    case ']':
-		break;
-	    case 'N':
-		/* how to handle no password in kerberos? */
-		break;
-	    case 'D':
-		ent->entry.flags.invalid = TRUE;
-		break;
-	    case 'H':
-		break;
-	    case 'T':
-		/* temp duplicate */
-		ent->entry.flags.invalid = TRUE;
-		break;
-	    case 'U':
-		ent->entry.flags.client = TRUE;
-		break;
-	    case 'M':
-		break;
-	    case 'W':
-	    case 'S':
-		ent->entry.flags.server = TRUE;
-		ent->entry.flags.client = TRUE;
-		break;
-	    case 'L':
-		ent->entry.flags.invalid = TRUE;
-		break;
-	    case 'X':
-		if (ent->entry.pw_end) {
-		    free(ent->entry.pw_end);
-		    ent->entry.pw_end = NULL;
-		}
-		break;
-	    case 'I':
-		ent->entry.flags.server = TRUE;
-		ent->entry.flags.client = TRUE;
-		break;
-	    }
-	}
-    out2:
-	free(samba_acct_flags);
-    }
-
-    ret = 0;
-
-out:
-    if (unparsed_name)
-	free(unparsed_name);
-
-    if (ret)
-	hdb_free_entry(context, ent);
-
-    return ret;
-}
-
-static krb5_error_code
-LDAP_close(krb5_context context, HDB * db)
-{
-    if (HDB2LDAP(db)) {
-	ldap_unbind_ext(HDB2LDAP(db), NULL, NULL);
-	((struct hdbldapdb *)db->hdb_db)->h_lp = NULL;
-    }
-    
-    return 0;
-}
-
-static krb5_error_code
-LDAP_lock(krb5_context context, HDB * db, int operation)
-{
-    return 0;
-}
-
-static krb5_error_code
-LDAP_unlock(krb5_context context, HDB * db)
-{
-    return 0;
-}
-
-static krb5_error_code
-LDAP_seq(krb5_context context, HDB * db, unsigned flags, hdb_entry_ex * entry)
-{
-    int msgid, rc, parserc;
-    krb5_error_code ret;
-    LDAPMessage *e;
-
-    msgid = HDB2MSGID(db);
-    if (msgid < 0)
-	return HDB_ERR_NOENTRY;
-
-    do {
-	rc = ldap_result(HDB2LDAP(db), msgid, LDAP_MSG_ONE, NULL, &e);
-	switch (rc) {
-	case LDAP_RES_SEARCH_REFERENCE:
-	    ldap_msgfree(e);
-	    ret = 0;
-	    break;
-	case LDAP_RES_SEARCH_ENTRY:
-	    /* We have an entry. Parse it. */
-	    ret = LDAP_message2entry(context, db, e, entry);
-	    ldap_msgfree(e);
-	    break;
-	case LDAP_RES_SEARCH_RESULT:
-	    /* We're probably at the end of the results. If not, abandon. */
-	    parserc =
-		ldap_parse_result(HDB2LDAP(db), e, NULL, NULL, NULL,
-				  NULL, NULL, 1);
-	    if (parserc != LDAP_SUCCESS
-		&& parserc != LDAP_MORE_RESULTS_TO_RETURN) {
-	        krb5_set_error_string(context, "ldap_parse_result: %s",
-				      ldap_err2string(parserc));
-		ldap_abandon(HDB2LDAP(db), msgid);
-	    }
-	    ret = HDB_ERR_NOENTRY;
-	    HDBSETMSGID(db, -1);
-	    break;
-	case LDAP_SERVER_DOWN:
-	    ldap_msgfree(e);
-	    LDAP_close(context, db);
-	    HDBSETMSGID(db, -1);
-	    ret = ENETDOWN;
-	    break;
-	default:
-	    /* Some unspecified error (timeout?). Abandon. */
-	    ldap_msgfree(e);
-	    ldap_abandon(HDB2LDAP(db), msgid);
-	    ret = HDB_ERR_NOENTRY;
-	    HDBSETMSGID(db, -1);
-	    break;
-	}
-    } while (rc == LDAP_RES_SEARCH_REFERENCE);
-
-    if (ret == 0) {
-	if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
-	    ret = hdb_unseal_keys(context, db, &entry->entry);
-	    if (ret)
-		hdb_free_entry(context, entry);
-	}
-    }
-
-    return ret;
-}
-
-static krb5_error_code
-LDAP_firstkey(krb5_context context, HDB *db, unsigned flags,
-	      hdb_entry_ex *entry)
-{
-    krb5_error_code ret;
-    int msgid;
-
-    ret = LDAP__connect(context, db);
-    if (ret)
-	return ret;
-
-    ret = LDAP_no_size_limit(context, HDB2LDAP(db));
-    if (ret)
-	return ret;
-
-    msgid = ldap_search(HDB2LDAP(db), HDB2BASE(db),
-			LDAP_SCOPE_SUBTREE,
-			"(|(objectClass=krb5Principal)(objectClass=sambaSamAccount))",
-			krb5kdcentry_attrs, 0);
-    if (msgid < 0)
-	return HDB_ERR_NOENTRY;
-
-    HDBSETMSGID(db, msgid);
-
-    return LDAP_seq(context, db, flags, entry);
-}
-
-static krb5_error_code
-LDAP_nextkey(krb5_context context, HDB * db, unsigned flags,
-	     hdb_entry_ex * entry)
-{
-    return LDAP_seq(context, db, flags, entry);
-}
-
-static krb5_error_code
-LDAP__connect(krb5_context context, HDB * db)
-{
-    int rc, version = LDAP_VERSION3;
-    /*
-     * Empty credentials to do a SASL bind with LDAP. Note that empty
-     * different from NULL credentials. If you provide NULL
-     * credentials instead of empty credentials you will get a SASL
-     * bind in progress message.
-     */
-    struct berval bv = { 0, "" };
-
-    if (HDB2LDAP(db)) {
-	/* connection has been opened. ping server. */
-	struct sockaddr_un addr;
-	socklen_t len = sizeof(addr);
-	int sd;
-
-	if (ldap_get_option(HDB2LDAP(db), LDAP_OPT_DESC, &sd) == 0 &&
-	    getpeername(sd, (struct sockaddr *) &addr, &len) < 0) {
-	    /* the other end has died. reopen. */
-	    LDAP_close(context, db);
-	}
-    }
-
-    if (HDB2LDAP(db) != NULL) /* server is UP */
-	return 0;
-
-    rc = ldap_initialize(&((struct hdbldapdb *)db->hdb_db)->h_lp, HDB2URL(db));
-    if (rc != LDAP_SUCCESS) {
-	krb5_set_error_string(context, "ldap_initialize: %s", 
-			      ldap_err2string(rc));
-	return HDB_ERR_NOENTRY;
-    }
-
-    rc = ldap_set_option(HDB2LDAP(db), LDAP_OPT_PROTOCOL_VERSION,
-			 (const void *)&version);
-    if (rc != LDAP_SUCCESS) {
-	krb5_set_error_string(context, "ldap_set_option: %s",
-			      ldap_err2string(rc));
-	LDAP_close(context, db);
-	return HDB_ERR_BADVERSION;
-    }
-
-    rc = ldap_sasl_bind_s(HDB2LDAP(db), NULL, "EXTERNAL", &bv,
-			  NULL, NULL, NULL);
-    if (rc != LDAP_SUCCESS) {
-	krb5_set_error_string(context, "ldap_sasl_bind_s: %s",
-			      ldap_err2string(rc));
-	LDAP_close(context, db);
-	return HDB_ERR_BADVERSION;
-    }
-
-    return 0;
-}
-
-static krb5_error_code
-LDAP_open(krb5_context context, HDB * db, int flags, mode_t mode)
-{
-    /* Not the right place for this. */
-#ifdef HAVE_SIGACTION
-    struct sigaction sa;
-
-    sa.sa_flags = 0;
-    sa.sa_handler = SIG_IGN;
-    sigemptyset(&sa.sa_mask);
-
-    sigaction(SIGPIPE, &sa, NULL);
-#else
-    signal(SIGPIPE, SIG_IGN);
-#endif /* HAVE_SIGACTION */
-
-    return LDAP__connect(context, db);
-}
-
-static krb5_error_code
-LDAP_fetch(krb5_context context, HDB * db, krb5_const_principal principal,
-	   unsigned flags, hdb_entry_ex * entry)
-{
-    LDAPMessage *msg, *e;
-    krb5_error_code ret;
-
-    ret = LDAP_principal2message(context, db, principal, &msg);
-    if (ret)
-	return ret;
-
-    e = ldap_first_entry(HDB2LDAP(db), msg);
-    if (e == NULL) {
-	ret = HDB_ERR_NOENTRY;
-	goto out;
-    }
-
-    ret = LDAP_message2entry(context, db, e, entry);
-    if (ret == 0) {
-	if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
-	    ret = hdb_unseal_keys(context, db, &entry->entry);
-	    if (ret)
-		hdb_free_entry(context, entry);
-	}
-    }
-
-  out:
-    ldap_msgfree(msg);
-
-    return ret;
-}
-
-static krb5_error_code
-LDAP_store(krb5_context context, HDB * db, unsigned flags,
-	   hdb_entry_ex * entry)
-{
-    LDAPMod **mods = NULL;
-    krb5_error_code ret;
-    const char *errfn;
-    int rc;
-    LDAPMessage *msg = NULL, *e = NULL;
-    char *dn = NULL, *name = NULL;
-
-    ret = LDAP_principal2message(context, db, entry->entry.principal, &msg);
-    if (ret == 0)
-	e = ldap_first_entry(HDB2LDAP(db), msg);
-
-    ret = krb5_unparse_name(context, entry->entry.principal, &name);
-    if (ret) {
-	free(name);
-	return ret;
-    }
-
-    ret = hdb_seal_keys(context, db, &entry->entry);
-    if (ret)
-	goto out;
-
-    /* turn new entry into LDAPMod array */
-    ret = LDAP_entry2mods(context, db, entry, e, &mods);
-    if (ret)
-	goto out;
-
-    if (e == NULL) {
-	ret = asprintf(&dn, "krb5PrincipalName=%s,%s", name, HDB2CREATE(db));
-	if (ret < 0) {
-	    krb5_set_error_string(context, "asprintf: out of memory");
-	    ret = ENOMEM;
-	    goto out;
-	}
-    } else if (flags & HDB_F_REPLACE) {
-	/* Entry exists, and we're allowed to replace it. */
-	dn = ldap_get_dn(HDB2LDAP(db), e);
-    } else {
-	/* Entry exists, but we're not allowed to replace it. Bail. */
-	ret = HDB_ERR_EXISTS;
-	goto out;
-    }
-
-    /* write entry into directory */
-    if (e == NULL) {
-	/* didn't exist before */
-	rc = ldap_add_s(HDB2LDAP(db), dn, mods);
-	errfn = "ldap_add_s";
-    } else {
-	/* already existed, send deltas only */
-	rc = ldap_modify_s(HDB2LDAP(db), dn, mods);
-	errfn = "ldap_modify_s";
-    }
-
-    if (check_ldap(context, db, rc)) {
-	char *ld_error = NULL;
-	ldap_get_option(HDB2LDAP(db), LDAP_OPT_ERROR_STRING,
-			&ld_error);
-	krb5_set_error_string(context, "%s: %s (DN=%s) %s: %s", 
-			      errfn, name, dn, ldap_err2string(rc), ld_error);
-	ret = HDB_ERR_CANT_LOCK_DB;
-    } else
-	ret = 0;
-
-  out:
-    /* free stuff */
-    if (dn)
-	free(dn);
-    if (msg)
-	ldap_msgfree(msg);
-    if (mods)
-	ldap_mods_free(mods, 1);
-    if (name)
-	free(name);
-
-    return ret;
-}
-
-static krb5_error_code
-LDAP_remove(krb5_context context, HDB *db, krb5_const_principal principal)
-{
-    krb5_error_code ret;
-    LDAPMessage *msg, *e;
-    char *dn = NULL;
-    int rc, limit = LDAP_NO_LIMIT;
-
-    ret = LDAP_principal2message(context, db, principal, &msg);
-    if (ret)
-	goto out;
-
-    e = ldap_first_entry(HDB2LDAP(db), msg);
-    if (e == NULL) {
-	ret = HDB_ERR_NOENTRY;
-	goto out;
-    }
-
-    dn = ldap_get_dn(HDB2LDAP(db), e);
-    if (dn == NULL) {
-	ret = HDB_ERR_NOENTRY;
-	goto out;
-    }
-
-    rc = ldap_set_option(HDB2LDAP(db), LDAP_OPT_SIZELIMIT, (const void *)&limit);
-    if (rc != LDAP_SUCCESS) {
-	krb5_set_error_string(context, "ldap_set_option: %s",
-			      ldap_err2string(rc));
-	ret = HDB_ERR_BADVERSION;
-	goto out;
-    }
-
-    rc = ldap_delete_s(HDB2LDAP(db), dn);
-    if (check_ldap(context, db, rc)) {
-	krb5_set_error_string(context, "ldap_delete_s: %s", 
-			      ldap_err2string(rc));
-	ret = HDB_ERR_CANT_LOCK_DB;
-    } else
-	ret = 0;
-
-  out:
-    if (dn != NULL)
-	free(dn);
-    if (msg != NULL)
-	ldap_msgfree(msg);
-
-    return ret;
-}
-
-static krb5_error_code
-LDAP_destroy(krb5_context context, HDB * db)
-{
-    krb5_error_code ret;
-
-    LDAP_close(context, db);
-
-    ret = hdb_clear_master_key(context, db);
-    if (HDB2BASE(db))
-	free(HDB2BASE(db));
-    if (HDB2CREATE(db))
-	free(HDB2CREATE(db));
-    if (HDB2URL(db))
-	free(HDB2URL(db));
-    if (db->hdb_name)
-	free(db->hdb_name);
-    free(db->hdb_db);
-    free(db);
-
-    return ret;
-}
-
-krb5_error_code
-hdb_ldap_common(krb5_context context,
-		HDB ** db,
-		const char *search_base,
-		const char *url)
-{
-    struct hdbldapdb *h;
-    const char *create_base = NULL;
-
-    if (search_base == NULL && search_base[0] == '\0') {
-	krb5_set_error_string(context, "ldap search base not configured");
-	return ENOMEM; /* XXX */
-    }
-
-    if (structural_object == NULL) {
-	const char *p;
-
-	p = krb5_config_get_string(context, NULL, "kdc", 
-				   "hdb-ldap-structural-object", NULL);
-	if (p == NULL)
-	    p = default_structural_object;
-	structural_object = strdup(p);
-	if (structural_object == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-    }
-
-    samba_forwardable = 
-	krb5_config_get_bool_default(context, NULL, TRUE,
-				     "kdc", "hdb-samba-forwardable", NULL);
-
-    *db = calloc(1, sizeof(**db));
-    if (*db == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    memset(*db, 0, sizeof(**db));
-
-    h = calloc(1, sizeof(*h));
-    if (h == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	free(*db);
-	*db = NULL;
-	return ENOMEM;
-    }
-    (*db)->hdb_db = h;
-
-    /* XXX */
-    if (asprintf(&(*db)->hdb_name, "ldap:%s", search_base) == -1) {
-	LDAP_destroy(context, *db);
-	krb5_set_error_string(context, "strdup: out of memory");
-	*db = NULL;
-	return ENOMEM;
-    }
-
-    h->h_url = strdup(url);
-    h->h_base = strdup(search_base);
-    if (h->h_url == NULL || h->h_base == NULL) {
-	LDAP_destroy(context, *db);
-	krb5_set_error_string(context, "strdup: out of memory");
-	*db = NULL;
-	return ENOMEM;
-    }
-
-    create_base = krb5_config_get_string(context, NULL, "kdc", 
-					 "hdb-ldap-create-base", NULL);
-    if (create_base == NULL)
-	create_base = h->h_base;
-
-    h->h_createbase = strdup(create_base);
-    if (h->h_createbase == NULL) {
-	LDAP_destroy(context, *db);
-	krb5_set_error_string(context, "strdup: out of memory");
-	*db = NULL;
-	return ENOMEM;
-    }
-
-    (*db)->hdb_master_key_set = 0;
-    (*db)->hdb_openp = 0;
-    (*db)->hdb_open = LDAP_open;
-    (*db)->hdb_close = LDAP_close;
-    (*db)->hdb_fetch = LDAP_fetch;
-    (*db)->hdb_store = LDAP_store;
-    (*db)->hdb_remove = LDAP_remove;
-    (*db)->hdb_firstkey = LDAP_firstkey;
-    (*db)->hdb_nextkey = LDAP_nextkey;
-    (*db)->hdb_lock = LDAP_lock;
-    (*db)->hdb_unlock = LDAP_unlock;
-    (*db)->hdb_rename = NULL;
-    (*db)->hdb__get = NULL;
-    (*db)->hdb__put = NULL;
-    (*db)->hdb__del = NULL;
-    (*db)->hdb_destroy = LDAP_destroy;
-
-    return 0;
-}
-
-krb5_error_code
-hdb_ldap_create(krb5_context context, HDB ** db, const char *arg)
-{
-    return hdb_ldap_common(context, db, arg, "ldapi:///");
-}
-
-krb5_error_code
-hdb_ldapi_create(krb5_context context, HDB ** db, const char *arg)
-{
-    krb5_error_code ret;
-    char *search_base, *p;
-
-    asprintf(&p, "ldapi:%s", arg);
-    if (p == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	*db = NULL;
-	return ENOMEM;
-    }
-    search_base = strchr(p + strlen("ldapi://"), ':');
-    if (search_base == NULL) {
-	krb5_set_error_string(context, "search base missing");
-	*db = NULL;
-	return HDB_ERR_BADVERSION;
-    }
-    *search_base = '\0';
-    search_base++;
-
-    ret = hdb_ldap_common(context, db, search_base, p);
-    free(p);
-    return ret;
-}
-
-#ifdef OPENLDAP_MODULE
-
-struct hdb_so_method hdb_ldap_interface = {
-    HDB_INTERFACE_VERSION,
-    "ldap",
-    hdb_ldap_create
-};
-
-struct hdb_so_method hdb_ldapi_interface = {
-    HDB_INTERFACE_VERSION,
-    "ldapi",
-    hdb_ldapi_create
-};
-
-#endif
-
-#endif				/* OPENLDAP */
diff --git a/crypto/heimdal/lib/hdb/hdb-private.h b/crypto/heimdal/lib/hdb/hdb-private.h
deleted file mode 100644
index 5147d8b90bd5..000000000000
--- a/crypto/heimdal/lib/hdb/hdb-private.h
+++ /dev/null
@@ -1,54 +0,0 @@
-/* This is a generated file */
-#ifndef __hdb_private_h__
-#define __hdb_private_h__
-
-#include <stdarg.h>
-
-krb5_error_code
-_hdb_fetch (
-	krb5_context /*context*/,
-	HDB */*db*/,
-	krb5_const_principal /*principal*/,
-	unsigned /*flags*/,
-	hdb_entry_ex */*entry*/);
-
-hdb_master_key
-_hdb_find_master_key (
-	uint32_t */*mkvno*/,
-	hdb_master_key /*mkey*/);
-
-int
-_hdb_mkey_decrypt (
-	krb5_context /*context*/,
-	hdb_master_key /*key*/,
-	krb5_key_usage /*usage*/,
-	void */*ptr*/,
-	size_t /*size*/,
-	krb5_data */*res*/);
-
-int
-_hdb_mkey_encrypt (
-	krb5_context /*context*/,
-	hdb_master_key /*key*/,
-	krb5_key_usage /*usage*/,
-	const void */*ptr*/,
-	size_t /*size*/,
-	krb5_data */*res*/);
-
-int
-_hdb_mkey_version (hdb_master_key /*mkey*/);
-
-krb5_error_code
-_hdb_remove (
-	krb5_context /*context*/,
-	HDB */*db*/,
-	krb5_const_principal /*principal*/);
-
-krb5_error_code
-_hdb_store (
-	krb5_context /*context*/,
-	HDB */*db*/,
-	unsigned /*flags*/,
-	hdb_entry_ex */*entry*/);
-
-#endif /* __hdb_private_h__ */
diff --git a/crypto/heimdal/lib/hdb/hdb-protos.h b/crypto/heimdal/lib/hdb/hdb-protos.h
deleted file mode 100644
index 4c3d3eb1ab14..000000000000
--- a/crypto/heimdal/lib/hdb/hdb-protos.h
+++ /dev/null
@@ -1,400 +0,0 @@
-/* This is a generated file */
-#ifndef __hdb_protos_h__
-#define __hdb_protos_h__
-
-#include <stdarg.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-krb5_error_code
-hdb_add_master_key (
-	krb5_context /*context*/,
-	krb5_keyblock */*key*/,
-	hdb_master_key */*inout*/);
-
-krb5_error_code
-hdb_check_db_format (
-	krb5_context /*context*/,
-	HDB */*db*/);
-
-krb5_error_code
-hdb_clear_extension (
-	krb5_context /*context*/,
-	hdb_entry */*entry*/,
-	int /*type*/);
-
-krb5_error_code
-hdb_clear_master_key (
-	krb5_context /*context*/,
-	HDB */*db*/);
-
-krb5_error_code
-hdb_create (
-	krb5_context /*context*/,
-	HDB **/*db*/,
-	const char */*filename*/);
-
-krb5_error_code
-hdb_db_create (
-	krb5_context /*context*/,
-	HDB **/*db*/,
-	const char */*filename*/);
-
-const char *
-hdb_db_dir (krb5_context /*context*/);
-
-const char *
-hdb_dbinfo_get_acl_file (
-	krb5_context /*context*/,
-	struct hdb_dbinfo */*dbp*/);
-
-const krb5_config_binding *
-hdb_dbinfo_get_binding (
-	krb5_context /*context*/,
-	struct hdb_dbinfo */*dbp*/);
-
-const char *
-hdb_dbinfo_get_dbname (
-	krb5_context /*context*/,
-	struct hdb_dbinfo */*dbp*/);
-
-const char *
-hdb_dbinfo_get_label (
-	krb5_context /*context*/,
-	struct hdb_dbinfo */*dbp*/);
-
-const char *
-hdb_dbinfo_get_log_file (
-	krb5_context /*context*/,
-	struct hdb_dbinfo */*dbp*/);
-
-const char *
-hdb_dbinfo_get_mkey_file (
-	krb5_context /*context*/,
-	struct hdb_dbinfo */*dbp*/);
-
-struct hdb_dbinfo *
-hdb_dbinfo_get_next (
-	struct hdb_dbinfo */*dbp*/,
-	struct hdb_dbinfo */*dbprevp*/);
-
-const char *
-hdb_dbinfo_get_realm (
-	krb5_context /*context*/,
-	struct hdb_dbinfo */*dbp*/);
-
-const char *
-hdb_default_db (krb5_context /*context*/);
-
-krb5_error_code
-hdb_enctype2key (
-	krb5_context /*context*/,
-	hdb_entry */*e*/,
-	krb5_enctype /*enctype*/,
-	Key **/*key*/);
-
-krb5_error_code
-hdb_entry2string (
-	krb5_context /*context*/,
-	hdb_entry */*ent*/,
-	char **/*str*/);
-
-int
-hdb_entry2value (
-	krb5_context /*context*/,
-	const hdb_entry */*ent*/,
-	krb5_data */*value*/);
-
-int
-hdb_entry_alias2value (
-	krb5_context /*context*/,
-	const hdb_entry_alias */*alias*/,
-	krb5_data */*value*/);
-
-krb5_error_code
-hdb_entry_check_mandatory (
-	krb5_context /*context*/,
-	const hdb_entry */*ent*/);
-
-int
-hdb_entry_clear_password (
-	krb5_context /*context*/,
-	hdb_entry */*entry*/);
-
-krb5_error_code
-hdb_entry_get_ConstrainedDelegACL (
-	const hdb_entry */*entry*/,
-	const HDB_Ext_Constrained_delegation_acl **/*a*/);
-
-krb5_error_code
-hdb_entry_get_aliases (
-	const hdb_entry */*entry*/,
-	const HDB_Ext_Aliases **/*a*/);
-
-int
-hdb_entry_get_password (
-	krb5_context /*context*/,
-	HDB */*db*/,
-	const hdb_entry */*entry*/,
-	char **/*p*/);
-
-krb5_error_code
-hdb_entry_get_pkinit_acl (
-	const hdb_entry */*entry*/,
-	const HDB_Ext_PKINIT_acl **/*a*/);
-
-krb5_error_code
-hdb_entry_get_pkinit_hash (
-	const hdb_entry */*entry*/,
-	const HDB_Ext_PKINIT_hash **/*a*/);
-
-krb5_error_code
-hdb_entry_get_pw_change_time (
-	const hdb_entry */*entry*/,
-	time_t */*t*/);
-
-int
-hdb_entry_set_password (
-	krb5_context /*context*/,
-	HDB */*db*/,
-	hdb_entry */*entry*/,
-	const char */*p*/);
-
-krb5_error_code
-hdb_entry_set_pw_change_time (
-	krb5_context /*context*/,
-	hdb_entry */*entry*/,
-	time_t /*t*/);
-
-HDB_extension *
-hdb_find_extension (
-	const hdb_entry */*entry*/,
-	int /*type*/);
-
-krb5_error_code
-hdb_foreach (
-	krb5_context /*context*/,
-	HDB */*db*/,
-	unsigned /*flags*/,
-	hdb_foreach_func_t /*func*/,
-	void */*data*/);
-
-void
-hdb_free_dbinfo (
-	krb5_context /*context*/,
-	struct hdb_dbinfo **/*dbp*/);
-
-void
-hdb_free_entry (
-	krb5_context /*context*/,
-	hdb_entry_ex */*ent*/);
-
-void
-hdb_free_key (Key */*key*/);
-
-void
-hdb_free_keys (
-	krb5_context /*context*/,
-	int /*len*/,
-	Key */*keys*/);
-
-void
-hdb_free_master_key (
-	krb5_context /*context*/,
-	hdb_master_key /*mkey*/);
-
-krb5_error_code
-hdb_generate_key_set (
-	krb5_context /*context*/,
-	krb5_principal /*principal*/,
-	Key **/*ret_key_set*/,
-	size_t */*nkeyset*/,
-	int /*no_salt*/);
-
-krb5_error_code
-hdb_generate_key_set_password (
-	krb5_context /*context*/,
-	krb5_principal /*principal*/,
-	const char */*password*/,
-	Key **/*keys*/,
-	size_t */*num_keys*/);
-
-int
-hdb_get_dbinfo (
-	krb5_context /*context*/,
-	struct hdb_dbinfo **/*dbp*/);
-
-krb5_error_code
-hdb_init_db (
-	krb5_context /*context*/,
-	HDB */*db*/);
-
-int
-hdb_key2principal (
-	krb5_context /*context*/,
-	krb5_data */*key*/,
-	krb5_principal /*p*/);
-
-krb5_error_code
-hdb_ldap_common (
-	krb5_context /*context*/,
-	HDB ** /*db*/,
-	const char */*search_base*/,
-	const char */*url*/);
-
-krb5_error_code
-hdb_ldap_create (
-	krb5_context /*context*/,
-	HDB ** /*db*/,
-	const char */*arg*/);
-
-krb5_error_code
-hdb_ldapi_create (
-	krb5_context /*context*/,
-	HDB ** /*db*/,
-	const char */*arg*/);
-
-krb5_error_code
-hdb_list_builtin (
-	krb5_context /*context*/,
-	char **/*list*/);
-
-krb5_error_code
-hdb_lock (
-	int /*fd*/,
-	int /*operation*/);
-
-krb5_error_code
-hdb_ndbm_create (
-	krb5_context /*context*/,
-	HDB **/*db*/,
-	const char */*filename*/);
-
-krb5_error_code
-hdb_next_enctype2key (
-	krb5_context /*context*/,
-	const hdb_entry */*e*/,
-	krb5_enctype /*enctype*/,
-	Key **/*key*/);
-
-int
-hdb_principal2key (
-	krb5_context /*context*/,
-	krb5_const_principal /*p*/,
-	krb5_data */*key*/);
-
-krb5_error_code
-hdb_print_entry (
-	krb5_context /*context*/,
-	HDB */*db*/,
-	hdb_entry_ex */*entry*/,
-	void */*data*/);
-
-krb5_error_code
-hdb_process_master_key (
-	krb5_context /*context*/,
-	int /*kvno*/,
-	krb5_keyblock */*key*/,
-	krb5_enctype /*etype*/,
-	hdb_master_key */*mkey*/);
-
-krb5_error_code
-hdb_read_master_key (
-	krb5_context /*context*/,
-	const char */*filename*/,
-	hdb_master_key */*mkey*/);
-
-krb5_error_code
-hdb_replace_extension (
-	krb5_context /*context*/,
-	hdb_entry */*entry*/,
-	const HDB_extension */*ext*/);
-
-krb5_error_code
-hdb_seal_key (
-	krb5_context /*context*/,
-	HDB */*db*/,
-	Key */*k*/);
-
-krb5_error_code
-hdb_seal_key_mkey (
-	krb5_context /*context*/,
-	Key */*k*/,
-	hdb_master_key /*mkey*/);
-
-krb5_error_code
-hdb_seal_keys (
-	krb5_context /*context*/,
-	HDB */*db*/,
-	hdb_entry */*ent*/);
-
-krb5_error_code
-hdb_seal_keys_mkey (
-	krb5_context /*context*/,
-	hdb_entry */*ent*/,
-	hdb_master_key /*mkey*/);
-
-krb5_error_code
-hdb_set_master_key (
-	krb5_context /*context*/,
-	HDB */*db*/,
-	krb5_keyblock */*key*/);
-
-krb5_error_code
-hdb_set_master_keyfile (
-	krb5_context /*context*/,
-	HDB */*db*/,
-	const char */*keyfile*/);
-
-krb5_error_code
-hdb_unlock (int /*fd*/);
-
-krb5_error_code
-hdb_unseal_key (
-	krb5_context /*context*/,
-	HDB */*db*/,
-	Key */*k*/);
-
-krb5_error_code
-hdb_unseal_key_mkey (
-	krb5_context /*context*/,
-	Key */*k*/,
-	hdb_master_key /*mkey*/);
-
-krb5_error_code
-hdb_unseal_keys (
-	krb5_context /*context*/,
-	HDB */*db*/,
-	hdb_entry */*ent*/);
-
-krb5_error_code
-hdb_unseal_keys_mkey (
-	krb5_context /*context*/,
-	hdb_entry */*ent*/,
-	hdb_master_key /*mkey*/);
-
-int
-hdb_value2entry (
-	krb5_context /*context*/,
-	krb5_data */*value*/,
-	hdb_entry */*ent*/);
-
-int
-hdb_value2entry_alias (
-	krb5_context /*context*/,
-	krb5_data */*value*/,
-	hdb_entry_alias */*ent*/);
-
-krb5_error_code
-hdb_write_master_key (
-	krb5_context /*context*/,
-	const char */*filename*/,
-	hdb_master_key /*mkey*/);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __hdb_protos_h__ */
diff --git a/crypto/heimdal/lib/hdb/hdb.asn1 b/crypto/heimdal/lib/hdb/hdb.asn1
deleted file mode 100644
index acd8f61d7e8f..000000000000
--- a/crypto/heimdal/lib/hdb/hdb.asn1
+++ /dev/null
@@ -1,127 +0,0 @@
--- $Id: hdb.asn1 20236 2007-02-16 23:52:29Z lha $
-HDB DEFINITIONS ::=
-BEGIN
-
-IMPORTS EncryptionKey, KerberosTime, Principal FROM krb5;
-
-HDB_DB_FORMAT INTEGER ::= 2	-- format of database, 
-				-- update when making changes
-
--- these must have the same value as the pa-* counterparts
-hdb-pw-salt	INTEGER	::= 3
-hdb-afs3-salt	INTEGER	::= 10
-
-Salt ::= SEQUENCE {
-	type[0]		INTEGER (0..4294967295),
-	salt[1]		OCTET STRING
-}
-
-Key ::= SEQUENCE {
-	mkvno[0]	INTEGER (0..4294967295) OPTIONAL, -- master key version number
-	key[1]		EncryptionKey,
-	salt[2]		Salt OPTIONAL
-}
-
-Event ::= SEQUENCE {
-	time[0]		KerberosTime,
-	principal[1]	Principal OPTIONAL
-}
-
-HDBFlags ::= BIT STRING {
-	initial(0),			-- require as-req
-	forwardable(1),			-- may issue forwardable
-	proxiable(2),			-- may issue proxiable
-	renewable(3),			-- may issue renewable
-	postdate(4),			-- may issue postdatable
-	server(5),			-- may be server
-	client(6),			-- may be client
-	invalid(7),			-- entry is invalid
-	require-preauth(8),		-- must use preauth
-	change-pw(9),			-- change password service
-	require-hwauth(10),		-- must use hwauth
-	ok-as-delegate(11),		-- as in TicketFlags
-	user-to-user(12),		-- may use user-to-user auth
-	immutable(13),			-- may not be deleted
-	trusted-for-delegation(14),	-- Trusted to print forwardabled tickets
-	allow-kerberos4(15),		-- Allow Kerberos 4 requests
-	allow-digest(16)		-- Allow digest requests
-}
-
-GENERATION ::= SEQUENCE {
-	time[0]		KerberosTime,			-- timestamp
-	usec[1]		INTEGER (0..4294967295),	-- microseconds
-	gen[2]		INTEGER (0..4294967295)		-- generation number
-}
-
-HDB-Ext-PKINIT-acl ::= SEQUENCE OF SEQUENCE {
-	subject[0]	UTF8String,
-	issuer[1]	UTF8String OPTIONAL,
-	anchor[2]	UTF8String OPTIONAL
-}
-
-HDB-Ext-PKINIT-hash ::= SEQUENCE OF SEQUENCE {
-	digest-type[0] OBJECT IDENTIFIER,
-	digest[1] OCTET STRING
-}
-
-HDB-Ext-Constrained-delegation-acl ::= SEQUENCE OF Principal
-
--- hdb-ext-referrals ::= PA-SERVER-REFERRAL-DATA
-
-HDB-Ext-Lan-Manager-OWF ::= OCTET STRING
-
-HDB-Ext-Password ::= SEQUENCE {
-	mkvno[0]	INTEGER (0..4294967295) OPTIONAL, -- master key version number
-	password	OCTET STRING
-}
-
-HDB-Ext-Aliases ::= SEQUENCE {
-	case-insensitive[0]	BOOLEAN, -- case insensitive name allowed
-	aliases[1]		SEQUENCE OF Principal -- all names, inc primary
-}
-
-
-HDB-extension ::= SEQUENCE {
-        mandatory[0]    BOOLEAN,        -- kdc MUST understand this extension,
-                                        --   if not the whole entry must
-                                        --   be rejected
-        data[1]          CHOICE {
-	        pkinit-acl[0]			HDB-Ext-PKINIT-acl,
-	        pkinit-cert-hash[1]  		HDB-Ext-PKINIT-hash,
-		allowed-to-delegate-to[2]   HDB-Ext-Constrained-delegation-acl,
---		referral-info[3]		HDB-Ext-Referrals,
-		lm-owf[4]			HDB-Ext-Lan-Manager-OWF,
-		password[5]			HDB-Ext-Password,
-		aliases[6]			HDB-Ext-Aliases,
-		last-pw-change[7]		KerberosTime,
-		...
-	},
-	...
-}
-
-HDB-extensions ::= SEQUENCE OF HDB-extension
-
-
-hdb_entry ::= SEQUENCE {
-	principal[0]	Principal  OPTIONAL, -- this is optional only 
-					     -- for compatibility with libkrb5
-	kvno[1]		INTEGER (0..4294967295),
-	keys[2]		SEQUENCE OF Key,
-	created-by[3]	Event,
-	modified-by[4]	Event OPTIONAL,
-	valid-start[5]	KerberosTime OPTIONAL,
-	valid-end[6]	KerberosTime OPTIONAL,
-	pw-end[7]	KerberosTime OPTIONAL,
-	max-life[8]	INTEGER (0..4294967295) OPTIONAL,
-	max-renew[9]	INTEGER (0..4294967295) OPTIONAL,
-	flags[10]	HDBFlags,
-	etypes[11]	SEQUENCE OF INTEGER (0..4294967295) OPTIONAL,
-	generation[12]	GENERATION OPTIONAL,
-        extensions[13]  HDB-extensions OPTIONAL
-}
-
-hdb_entry_alias ::= [APPLICATION 0] SEQUENCE {
-	principal[0]	Principal  OPTIONAL
-}
-
-END
diff --git a/crypto/heimdal/lib/hdb/hdb.c b/crypto/heimdal/lib/hdb/hdb.c
deleted file mode 100644
index a515709639c4..000000000000
--- a/crypto/heimdal/lib/hdb/hdb.c
+++ /dev/null
@@ -1,412 +0,0 @@
-/*
- * Copyright (c) 1997 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hdb_locl.h"
-
-RCSID("$Id: hdb.c 20214 2007-02-09 21:51:10Z lha $");
-
-#ifdef HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-struct hdb_method {
-    const char *prefix;
-    krb5_error_code (*create)(krb5_context, HDB **, const char *filename);
-};
-
-static struct hdb_method methods[] = {
-#if HAVE_DB1 || HAVE_DB3
-    {"db:",	hdb_db_create},
-#endif
-#if HAVE_NDBM
-    {"ndbm:",	hdb_ndbm_create},
-#endif
-#if defined(OPENLDAP) && !defined(OPENLDAP_MODULE)
-    {"ldap:",	hdb_ldap_create},
-    {"ldapi:",	hdb_ldapi_create},
-#endif
-#ifdef HAVE_LDB /* Used for integrated samba build */
-    {"ldb:",	hdb_ldb_create},
-#endif
-    {NULL,	NULL}
-};
-
-#if HAVE_DB1 || HAVE_DB3
-static struct hdb_method dbmetod = {"",	hdb_db_create };
-#elif defined(HAVE_NDBM)
-static struct hdb_method dbmetod = {"",	hdb_ndbm_create };
-#endif
-
-
-krb5_error_code
-hdb_next_enctype2key(krb5_context context,
-		     const hdb_entry *e,
-		     krb5_enctype enctype,
-		     Key **key)
-{
-    Key *k;
-    
-    for (k = *key ? (*key) + 1 : e->keys.val;
-	 k < e->keys.val + e->keys.len; 
-	 k++) 
-    {
-	if(k->key.keytype == enctype){
-	    *key = k;
-	    return 0;
-	}
-    }
-    krb5_set_error_string(context, "No next enctype %d for hdb-entry", 
-			  (int)enctype);
-    return KRB5_PROG_ETYPE_NOSUPP; /* XXX */
-}
-
-krb5_error_code
-hdb_enctype2key(krb5_context context, 
-		hdb_entry *e, 
-		krb5_enctype enctype, 
-		Key **key)
-{
-    *key = NULL;
-    return hdb_next_enctype2key(context, e, enctype, key);
-}
-
-void
-hdb_free_key(Key *key)
-{
-    memset(key->key.keyvalue.data, 
-	   0,
-	   key->key.keyvalue.length);
-    free_Key(key);
-    free(key);
-}
-
-
-krb5_error_code
-hdb_lock(int fd, int operation)
-{
-    int i, code = 0;
-
-    for(i = 0; i < 3; i++){
-	code = flock(fd, (operation == HDB_RLOCK ? LOCK_SH : LOCK_EX) | LOCK_NB);
-	if(code == 0 || errno != EWOULDBLOCK)
-	    break;
-	sleep(1);
-    }
-    if(code == 0)
-	return 0;
-    if(errno == EWOULDBLOCK)
-	return HDB_ERR_DB_INUSE;
-    return HDB_ERR_CANT_LOCK_DB;
-}
-
-krb5_error_code
-hdb_unlock(int fd)
-{
-    int code;
-    code = flock(fd, LOCK_UN);
-    if(code)
-	return 4711 /* XXX */;
-    return 0;
-}
-
-void
-hdb_free_entry(krb5_context context, hdb_entry_ex *ent)
-{
-    int i;
-
-    if (ent->free_entry)
-	(*ent->free_entry)(context, ent);
-
-    for(i = 0; i < ent->entry.keys.len; ++i) {
-	Key *k = &ent->entry.keys.val[i];
-
-	memset (k->key.keyvalue.data, 0, k->key.keyvalue.length);
-    }
-    free_hdb_entry(&ent->entry);
-}
-
-krb5_error_code
-hdb_foreach(krb5_context context,
-	    HDB *db,
-	    unsigned flags,
-	    hdb_foreach_func_t func,
-	    void *data)
-{
-    krb5_error_code ret;
-    hdb_entry_ex entry;
-    ret = db->hdb_firstkey(context, db, flags, &entry);
-    if (ret == 0)
-	krb5_clear_error_string(context);
-    while(ret == 0){
-	ret = (*func)(context, db, &entry, data);
-	hdb_free_entry(context, &entry);
-	if(ret == 0)
-	    ret = db->hdb_nextkey(context, db, flags, &entry);
-    }
-    if(ret == HDB_ERR_NOENTRY)
-	ret = 0;
-    return ret;
-}
-
-krb5_error_code
-hdb_check_db_format(krb5_context context, HDB *db)
-{
-    krb5_data tag;
-    krb5_data version;
-    krb5_error_code ret, ret2;
-    unsigned ver;
-    int foo;
-
-    ret = db->hdb_lock(context, db, HDB_RLOCK);
-    if (ret)
-	return ret;
-
-    tag.data = HDB_DB_FORMAT_ENTRY;
-    tag.length = strlen(tag.data);
-    ret = (*db->hdb__get)(context, db, tag, &version);
-    ret2 = db->hdb_unlock(context, db);
-    if(ret)
-	return ret;
-    if (ret2)
-	return ret2;
-    foo = sscanf(version.data, "%u", &ver);
-    krb5_data_free (&version);
-    if (foo != 1)
-	return HDB_ERR_BADVERSION;
-    if(ver != HDB_DB_FORMAT)
-	return HDB_ERR_BADVERSION;
-    return 0;
-}
-
-krb5_error_code
-hdb_init_db(krb5_context context, HDB *db)
-{
-    krb5_error_code ret, ret2;
-    krb5_data tag;
-    krb5_data version;
-    char ver[32];
-    
-    ret = hdb_check_db_format(context, db);
-    if(ret != HDB_ERR_NOENTRY)
-	return ret;
-    
-    ret = db->hdb_lock(context, db, HDB_WLOCK);
-    if (ret)
-	return ret;
-
-    tag.data = HDB_DB_FORMAT_ENTRY;
-    tag.length = strlen(tag.data);
-    snprintf(ver, sizeof(ver), "%u", HDB_DB_FORMAT);
-    version.data = ver;
-    version.length = strlen(version.data) + 1; /* zero terminated */
-    ret = (*db->hdb__put)(context, db, 0, tag, version);
-    ret2 = db->hdb_unlock(context, db);
-    if (ret) {
-	if (ret2)
-	    krb5_clear_error_string(context);
-	return ret;
-    }
-    return ret2;
-}
-
-#ifdef HAVE_DLOPEN
-
- /*
- * Load a dynamic backend from /usr/heimdal/lib/hdb_NAME.so,
- * looking for the hdb_NAME_create symbol.
- */
-
-static const struct hdb_method *
-find_dynamic_method (krb5_context context,
-		     const char *filename, 
-		     const char **rest)
-{
-    static struct hdb_method method;
-    struct hdb_so_method *mso;
-    char *prefix, *path, *symbol;
-    const char *p;
-    void *dl;
-    size_t len;
-    
-    p = strchr(filename, ':');
-
-    /* if no prefix, don't know what module to load, just ignore it */
-    if (p == NULL)
-	return NULL;
-
-    len = p - filename;
-    *rest = filename + len + 1;
-    
-    prefix = strndup(filename, len);
-    if (prefix == NULL)
-	krb5_errx(context, 1, "out of memory");
-    
-    if (asprintf(&path, LIBDIR "/hdb_%s.so", prefix) == -1)
-	krb5_errx(context, 1, "out of memory");
-
-#ifndef RTLD_NOW
-#define RTLD_NOW 0
-#endif
-#ifndef RTLD_GLOBAL
-#define RTLD_GLOBAL 0
-#endif
-
-    dl = dlopen(path, RTLD_NOW | RTLD_GLOBAL);
-    if (dl == NULL) {
-	krb5_warnx(context, "error trying to load dynamic module %s: %s\n",
-		   path, dlerror());
-	free(prefix);
-	free(path);
-	return NULL;
-    }
-    
-    if (asprintf(&symbol, "hdb_%s_interface", prefix) == -1)
-	krb5_errx(context, 1, "out of memory");
-	
-    mso = dlsym(dl, symbol);
-    if (mso == NULL) {
-	krb5_warnx(context, "error finding symbol %s in %s: %s\n", 
-		   symbol, path, dlerror());
-	dlclose(dl);
-	free(symbol);
-	free(prefix);
-	free(path);
-	return NULL;
-    }
-    free(path);
-    free(symbol);
-
-    if (mso->version != HDB_INTERFACE_VERSION) {
-	krb5_warnx(context, 
-		   "error wrong version in shared module %s "
-		   "version: %d should have been %d\n", 
-		   prefix, mso->version, HDB_INTERFACE_VERSION);
-	dlclose(dl);
-	free(prefix);
-	return NULL;
-    }
-
-    if (mso->create == NULL) {
-	krb5_errx(context, 1,
-		  "no entry point function in shared mod %s ",
-		   prefix);
-	dlclose(dl);
-	free(prefix);
-	return NULL;
-    }
-
-    method.create = mso->create;
-    method.prefix = prefix;
-
-    return &method;
-}
-#endif /* HAVE_DLOPEN */
-
-/*
- * find the relevant method for `filename', returning a pointer to the
- * rest in `rest'.
- * return NULL if there's no such method.
- */
-
-static const struct hdb_method *
-find_method (const char *filename, const char **rest)
-{
-    const struct hdb_method *h;
-
-    for (h = methods; h->prefix != NULL; ++h) {
-	if (strncmp (filename, h->prefix, strlen(h->prefix)) == 0) {
-	    *rest = filename + strlen(h->prefix);
-	    return h;
-	}
-    }
-#if defined(HAVE_DB1) || defined(HAVE_DB3) || defined(HAVE_NDBM)
-    if (strncmp(filename, "/", 1) == 0
-	|| strncmp(filename, "./", 2) == 0
-	|| strncmp(filename, "../", 3) == 0)
-    {
-	*rest = filename;
-	return &dbmetod;
-    }
-#endif
-
-    return NULL;
-}
-
-krb5_error_code
-hdb_list_builtin(krb5_context context, char **list)
-{
-    const struct hdb_method *h;
-    size_t len = 0;
-    char *buf = NULL;
-
-    for (h = methods; h->prefix != NULL; ++h) {
-	if (h->prefix[0] == '\0')
-	    continue;
-	len += strlen(h->prefix) + 2;
-    }
-
-    len += 1;
-    buf = malloc(len);
-    if (buf == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    buf[0] = '\0';
-
-    for (h = methods; h->prefix != NULL; ++h) {
-	if (h != methods)
-	    strlcat(buf, ", ", len);
-	strlcat(buf, h->prefix, len);
-    }
-    *list = buf;
-    return 0;
-}
-
-krb5_error_code
-hdb_create(krb5_context context, HDB **db, const char *filename)
-{
-    const struct hdb_method *h;
-    const char *residual;
-
-    if(filename == NULL)
-	filename = HDB_DEFAULT_DB;
-    krb5_add_et_list(context, initialize_hdb_error_table_r);
-    h = find_method (filename, &residual);
-#ifdef HAVE_DLOPEN
-    if (h == NULL)
-	h = find_dynamic_method (context, filename, &residual);
-#endif
-    if (h == NULL)
-	krb5_errx(context, 1, "No database support for %s", filename);
-    return (*h->create)(context, db, residual);
-}
diff --git a/crypto/heimdal/lib/hdb/hdb.h b/crypto/heimdal/lib/hdb/hdb.h
deleted file mode 100644
index 742b92405d45..000000000000
--- a/crypto/heimdal/lib/hdb/hdb.h
+++ /dev/null
@@ -1,144 +0,0 @@
-/*
- * Copyright (c) 1997 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: hdb.h 22198 2007-12-07 13:09:25Z lha $ */
-
-#ifndef __HDB_H__
-#define __HDB_H__
-
-#include <hdb_err.h>
-
-#include <heim_asn1.h>
-#include <hdb_asn1.h>
-
-struct hdb_dbinfo;
-
-enum hdb_lockop{ HDB_RLOCK, HDB_WLOCK };
-
-/* flags for various functions */
-#define HDB_F_DECRYPT		1	/* decrypt keys */
-#define HDB_F_REPLACE		2	/* replace entry */
-#define HDB_F_GET_CLIENT	4	/* fetch client */
-#define HDB_F_GET_SERVER	8	/* fetch server */
-#define HDB_F_GET_KRBTGT	16	/* fetch krbtgt */
-#define HDB_F_GET_ANY		28	/* fetch any of client,server,krbtgt */
-#define HDB_F_CANON		32	/* want canonicalition */
-
-/* key usage for master key */
-#define HDB_KU_MKEY	0x484442
-
-typedef struct hdb_master_key_data *hdb_master_key;
-
-typedef struct hdb_entry_ex {
-    void *ctx;
-    hdb_entry entry;
-    void (*free_entry)(krb5_context, struct hdb_entry_ex *);
-} hdb_entry_ex;
-
-
-typedef struct HDB{
-    void *hdb_db;
-    void *hdb_dbc;
-    char *hdb_name;
-    int hdb_master_key_set;
-    hdb_master_key hdb_master_key;
-    int hdb_openp;
-
-    krb5_error_code (*hdb_open)(krb5_context,
-				struct HDB*,
-				int,
-				mode_t);
-    krb5_error_code (*hdb_close)(krb5_context, 
-				 struct HDB*);
-    void	    (*hdb_free)(krb5_context,
-				struct HDB*,
-				hdb_entry_ex*);
-    krb5_error_code (*hdb_fetch)(krb5_context,
-				 struct HDB*,
-				 krb5_const_principal,
-				 unsigned,
-				 hdb_entry_ex*);
-    krb5_error_code (*hdb_store)(krb5_context,
-				 struct HDB*,
-				 unsigned,
-				 hdb_entry_ex*);
-    krb5_error_code (*hdb_remove)(krb5_context,
-				  struct HDB*,
-				  krb5_const_principal);
-    krb5_error_code (*hdb_firstkey)(krb5_context,
-				    struct HDB*,
-				    unsigned,
-				    hdb_entry_ex*);
-    krb5_error_code (*hdb_nextkey)(krb5_context,
-				   struct HDB*,
-				   unsigned,
-				   hdb_entry_ex*);
-    krb5_error_code (*hdb_lock)(krb5_context,
-				struct HDB*,
-				int operation);
-    krb5_error_code (*hdb_unlock)(krb5_context,
-				  struct HDB*);
-    krb5_error_code (*hdb_rename)(krb5_context,
-				  struct HDB*,
-				  const char*);
-    krb5_error_code (*hdb__get)(krb5_context,
-				struct HDB*,
-				krb5_data,
-				krb5_data*);
-    krb5_error_code (*hdb__put)(krb5_context,
-				struct HDB*,
-				int, 
-				krb5_data,
-				krb5_data);
-    krb5_error_code (*hdb__del)(krb5_context, 
-				struct HDB*,
-				krb5_data);
-    krb5_error_code (*hdb_destroy)(krb5_context,
-				   struct HDB*);
-}HDB;
-
-#define HDB_INTERFACE_VERSION	4
-
-struct hdb_so_method {
-    int version;
-    const char *prefix;
-    krb5_error_code (*create)(krb5_context, HDB **, const char *filename);
-};
-
-typedef krb5_error_code (*hdb_foreach_func_t)(krb5_context, HDB*,
-					      hdb_entry_ex*, void*);
-extern krb5_kt_ops hdb_kt_ops;
-
-#include <hdb-protos.h>
-
-#endif /* __HDB_H__ */
diff --git a/crypto/heimdal/lib/hdb/hdb.schema b/crypto/heimdal/lib/hdb/hdb.schema
deleted file mode 100644
index 6e5c0f7fd879..000000000000
--- a/crypto/heimdal/lib/hdb/hdb.schema
+++ /dev/null
@@ -1,139 +0,0 @@
-# Definitions for a Kerberos V KDC schema
-#
-# $Id: hdb.schema 14958 2005-04-25 17:33:40Z lha $
-#
-# This version is compatible with OpenLDAP 1.8
-#
-# OID Base is iso(1) org(3) dod(6) internet(1) private(4) enterprise(1) padl(5322) kdcSchema(10)
-#
-# Syntaxes are under 1.3.6.1.4.1.5322.10.0
-# Attributes types are under 1.3.6.1.4.1.5322.10.1
-# Object classes are under 1.3.6.1.4.1.5322.10.2
-
-# Syntax definitions
-
-#krb5KDCFlagsSyntax SYNTAX ::= {
-#   WITH SYNTAX            INTEGER
-#--        initial(0),             -- require as-req
-#--        forwardable(1),         -- may issue forwardable
-#--        proxiable(2),           -- may issue proxiable
-#--        renewable(3),           -- may issue renewable
-#--        postdate(4),            -- may issue postdatable
-#--        server(5),              -- may be server
-#--        client(6),              -- may be client
-#--        invalid(7),             -- entry is invalid
-#--        require-preauth(8),     -- must use preauth
-#--        change-pw(9),           -- change password service
-#--        require-hwauth(10),     -- must use hwauth
-#--        ok-as-delegate(11),     -- as in TicketFlags
-#--        user-to-user(12),       -- may use user-to-user auth
-#--        immutable(13)           -- may not be deleted         
-#   ID                     { 1.3.6.1.4.1.5322.10.0.1 }
-#}
-
-#krb5PrincipalNameSyntax SYNTAX ::= {
-#   WITH SYNTAX            OCTET STRING
-#-- String representations of distinguished names as per RFC1510
-#   ID                     { 1.3.6.1.4.1.5322.10.0.2 }
-#}
-
-# Attribute type definitions
- 
-attributetype ( 1.3.6.1.4.1.5322.10.1.1
-	NAME 'krb5PrincipalName'
-	DESC 'The unparsed Kerberos principal name'
-	EQUALITY caseExactIA5Match
-	SINGLE-VALUE
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributetype ( 1.3.6.1.4.1.5322.10.1.2
-	NAME 'krb5KeyVersionNumber'
-	EQUALITY integerMatch
-	SINGLE-VALUE
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
-
-attributetype ( 1.3.6.1.4.1.5322.10.1.3
-	NAME 'krb5MaxLife'
-	EQUALITY integerMatch
-	SINGLE-VALUE
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
-
-attributetype ( 1.3.6.1.4.1.5322.10.1.4
-	NAME 'krb5MaxRenew'
-	EQUALITY integerMatch
-	SINGLE-VALUE
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
-
-attributetype ( 1.3.6.1.4.1.5322.10.1.5
-	NAME 'krb5KDCFlags'
-	EQUALITY integerMatch
-	SINGLE-VALUE
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
-
-attributetype ( 1.3.6.1.4.1.5322.10.1.6
-	NAME 'krb5EncryptionType'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
-
-attributetype ( 1.3.6.1.4.1.5322.10.1.7
-	NAME 'krb5ValidStart'
-	EQUALITY generalizedTimeMatch
-	ORDERING generalizedTimeOrderingMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
-	SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.5322.10.1.8
-	NAME 'krb5ValidEnd'
-	EQUALITY generalizedTimeMatch
-	ORDERING generalizedTimeOrderingMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
-	SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.5322.10.1.9
-	NAME 'krb5PasswordEnd'
-	EQUALITY generalizedTimeMatch
-	ORDERING generalizedTimeOrderingMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
-	SINGLE-VALUE )
-
-# this is temporary; keys will eventually
-# be child entries or compound attributes.
-attributetype ( 1.3.6.1.4.1.5322.10.1.10
-	NAME 'krb5Key'
-	DESC 'Encoded ASN1 Key as an octet string'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
-
-attributetype ( 1.3.6.1.4.1.5322.10.1.11
-	NAME 'krb5PrincipalRealm'
-	DESC 'Distinguished name of krb5Realm entry'
-	SUP distinguishedName )
-
-attributetype ( 1.3.6.1.4.1.5322.10.1.12
-	NAME 'krb5RealmName'
-	EQUALITY octetStringMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
-
-# Object class definitions
-
-objectclass ( 1.3.6.1.4.1.5322.10.2.1
-	NAME 'krb5Principal'
-	SUP top
-	AUXILIARY
-	MUST ( krb5PrincipalName )
-	MAY ( cn $ krb5PrincipalRealm ) )
-
-objectclass ( 1.3.6.1.4.1.5322.10.2.2
-	NAME 'krb5KDCEntry'
-	SUP krb5Principal
-	AUXILIARY
-	MUST ( krb5KeyVersionNumber )
-	MAY ( krb5ValidStart $ krb5ValidEnd $ krb5PasswordEnd $
-              krb5MaxLife $ krb5MaxRenew $ krb5KDCFlags $
-              krb5EncryptionType $ krb5Key ) )
-
-objectclass ( 1.3.6.1.4.1.5322.10.2.3
-	NAME 'krb5Realm'
-	SUP top
-	AUXILIARY
-	MUST ( krb5RealmName ) )
-
diff --git a/crypto/heimdal/lib/hdb/hdb_err.et b/crypto/heimdal/lib/hdb/hdb_err.et
deleted file mode 100644
index 5c5b80bb3660..000000000000
--- a/crypto/heimdal/lib/hdb/hdb_err.et
+++ /dev/null
@@ -1,28 +0,0 @@
-#
-# Error messages for the hdb library
-#
-# This might look like a com_err file, but is not
-#
-id "$Id: hdb_err.et 15878 2005-08-11 13:17:22Z lha $"
-
-error_table hdb
-
-prefix HDB_ERR
-
-index 1
-#error_code INUSE,		"Entry already exists in database"
-error_code UK_SERROR,		"Database store error"
-error_code UK_RERROR,		"Database read error"
-error_code NOENTRY,		"No such entry in the database"
-error_code DB_INUSE,		"Database is locked or in use--try again later"
-error_code DB_CHANGED,		"Database was modified during read"
-error_code RECURSIVELOCK,	"Attempt to lock database twice"
-error_code NOTLOCKED,		"Attempt to unlock database when not locked"
-error_code BADLOCKMODE,		"Invalid kdb lock mode"
-error_code CANT_LOCK_DB,	"Insufficient access to lock database"
-error_code EXISTS,		"Entry already exists in database"
-error_code BADVERSION,		"Wrong database version"
-error_code NO_MKEY,		"No correct master key"
-error_code MANDATORY_OPTION,	"Entry contains unknown mandatory extension"
-
-end
diff --git a/crypto/heimdal/lib/hdb/hdb_locl.h b/crypto/heimdal/lib/hdb/hdb_locl.h
deleted file mode 100644
index abb4cd45d045..000000000000
--- a/crypto/heimdal/lib/hdb/hdb_locl.h
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright (c) 1997-2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: hdb_locl.h 22209 2007-12-07 19:03:41Z lha $ */
-
-#ifndef __HDB_LOCL_H__
-#define __HDB_LOCL_H__
-
-#include <config.h>
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <errno.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#ifdef HAVE_SYS_FILE_H
-#include <sys/file.h>
-#endif
-#ifdef HAVE_LIMITS_H
-#include <limits.h>
-#endif
-#include <roken.h>
-
-#include "crypto-headers.h"
-#include <krb5.h>
-#include <hdb.h>
-#include <hdb-private.h>
-
-#define HDB_DEFAULT_DB HDB_DB_DIR "/heimdal"
-#define HDB_DB_FORMAT_ENTRY "hdb/db-format"
-
-#endif /* __HDB_LOCL_H__ */
diff --git a/crypto/heimdal/lib/hdb/keys.c b/crypto/heimdal/lib/hdb/keys.c
deleted file mode 100644
index 60a58677fef9..000000000000
--- a/crypto/heimdal/lib/hdb/keys.c
+++ /dev/null
@@ -1,398 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001, 2003 - 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hdb_locl.h"
-
-RCSID("$Id: keys.c 22071 2007-11-14 20:04:50Z lha $");
-
-/*
- * free all the memory used by (len, keys)
- */
-
-void
-hdb_free_keys (krb5_context context, int len, Key *keys)
-{
-    int i;
-
-    for (i = 0; i < len; i++) {
-	free(keys[i].mkvno);
-	keys[i].mkvno = NULL;
-	if (keys[i].salt != NULL) {
-	    free_Salt(keys[i].salt);
-	    free(keys[i].salt);
-	    keys[i].salt = NULL;
-	}
-	krb5_free_keyblock_contents(context, &keys[i].key);
-    }
-    free (keys);
-}
-
-/* 
- * for each entry in `default_keys' try to parse it as a sequence
- * of etype:salttype:salt, syntax of this if something like:
- * [(des|des3|etype):](pw-salt|afs3)[:string], if etype is omitted it
- *      means all etypes, and if string is omitted is means the default
- * string (for that principal). Additional special values:
- *	v5 == pw-salt, and
- *	v4 == des:pw-salt:
- *	afs or afs3 == des:afs3-salt
- */
-
-/* the 3 DES types must be first */
-static const krb5_enctype all_etypes[] = { 
-    ETYPE_DES_CBC_MD5,
-    ETYPE_DES_CBC_MD4,
-    ETYPE_DES_CBC_CRC,
-    ETYPE_AES256_CTS_HMAC_SHA1_96,
-    ETYPE_ARCFOUR_HMAC_MD5,
-    ETYPE_DES3_CBC_SHA1
-};
-
-static krb5_error_code
-parse_key_set(krb5_context context, const char *key, 
-	      krb5_enctype **ret_enctypes, size_t *ret_num_enctypes, 
-	      krb5_salt *salt, krb5_principal principal)
-{
-    const char *p;
-    char buf[3][256];
-    int num_buf = 0;
-    int i, num_enctypes = 0;
-    krb5_enctype e;
-    const krb5_enctype *enctypes = NULL;
-    krb5_error_code ret;
-    
-    p = key;
-
-    *ret_enctypes = NULL;
-    *ret_num_enctypes = 0;
-
-    /* split p in a list of :-separated strings */
-    for(num_buf = 0; num_buf < 3; num_buf++)
-	if(strsep_copy(&p, ":", buf[num_buf], sizeof(buf[num_buf])) == -1)
-	    break;
-
-    salt->saltvalue.data = NULL;
-    salt->saltvalue.length = 0;
-
-    for(i = 0; i < num_buf; i++) {
-	if(enctypes == NULL && num_buf > 1) {
-	    /* this might be a etype specifier */
-	    /* XXX there should be a string_to_etypes handling
-	       special cases like `des' and `all' */
-	    if(strcmp(buf[i], "des") == 0) {
-		enctypes = all_etypes;
-		num_enctypes = 3;
-	    } else if(strcmp(buf[i], "des3") == 0) {
-		e = ETYPE_DES3_CBC_SHA1;
-		enctypes = &e;
-		num_enctypes = 1;
-	    } else {
-		ret = krb5_string_to_enctype(context, buf[i], &e);
-		if (ret == 0) {
-		    enctypes = &e;
-		    num_enctypes = 1;
-		} else
-		    return ret;
-	    }
-	    continue;
-	}
-	if(salt->salttype == 0) {
-	    /* interpret string as a salt specifier, if no etype
-	       is set, this sets default values */
-	    /* XXX should perhaps use string_to_salttype, but that
-	       interface sucks */
-	    if(strcmp(buf[i], "pw-salt") == 0) {
-		if(enctypes == NULL) {
-		    enctypes = all_etypes;
-		    num_enctypes = sizeof(all_etypes)/sizeof(all_etypes[0]);
-		}
-		salt->salttype = KRB5_PW_SALT;
-	    } else if(strcmp(buf[i], "afs3-salt") == 0) {
-		if(enctypes == NULL) {
-		    enctypes = all_etypes;
-		    num_enctypes = 3;
-		}
-		salt->salttype = KRB5_AFS3_SALT;
-	    }
-	    continue;
-	}
-
-	{
-	    /* if there is a final string, use it as the string to
-	       salt with, this is mostly useful with null salt for
-	       v4 compat, and a cell name for afs compat */
-	    salt->saltvalue.data = strdup(buf[i]);
-	    if (salt->saltvalue.data == NULL) {
-		krb5_set_error_string(context, "out of memory");
-		return ENOMEM;
-	    }
-	    salt->saltvalue.length = strlen(buf[i]);
-	}
-    }
-    
-    if(enctypes == NULL || salt->salttype == 0) {
-	krb5_set_error_string(context, "bad value for default_keys `%s'", key);
-	return EINVAL;
-    }
-    
-    /* if no salt was specified make up default salt */
-    if(salt->saltvalue.data == NULL) {
-	if(salt->salttype == KRB5_PW_SALT)
-	    ret = krb5_get_pw_salt(context, principal, salt);
-	else if(salt->salttype == KRB5_AFS3_SALT) {
-	    krb5_realm *realm = krb5_princ_realm(context, principal);
-	    salt->saltvalue.data = strdup(*realm);
-	    if(salt->saltvalue.data == NULL) {
-		krb5_set_error_string(context, "out of memory while "
-				      "parsing salt specifiers");
-		return ENOMEM;
-	    }
-	    strlwr(salt->saltvalue.data);
-	    salt->saltvalue.length = strlen(*realm);
-	}
-    }
-
-    *ret_enctypes = malloc(sizeof(enctypes[0]) * num_enctypes);
-    if (*ret_enctypes == NULL) {
-	krb5_free_salt(context, *salt);
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    memcpy(*ret_enctypes, enctypes, sizeof(enctypes[0]) * num_enctypes);
-    *ret_num_enctypes = num_enctypes;
-
-    return 0;
-}
-
-static krb5_error_code
-add_enctype_to_key_set(Key **key_set, size_t *nkeyset, 
-		       krb5_enctype enctype, krb5_salt *salt)
-{
-    krb5_error_code ret;
-    Key key, *tmp;
-
-    memset(&key, 0, sizeof(key));
-
-    tmp = realloc(*key_set, (*nkeyset + 1) * sizeof((*key_set)[0]));
-    if (tmp == NULL)
-	return ENOMEM;
-    
-    *key_set = tmp;
-
-    key.key.keytype = enctype;
-    key.key.keyvalue.length = 0;
-    key.key.keyvalue.data = NULL;
-    
-    if (salt) {
-	key.salt = malloc(sizeof(*key.salt));
-	if (key.salt == NULL) {
-	    free_Key(&key);
-	    return ENOMEM;
-	}
-	
-	key.salt->type = salt->salttype;
-	krb5_data_zero (&key.salt->salt);
-	
-	ret = krb5_data_copy(&key.salt->salt, 
-			     salt->saltvalue.data, 
-			     salt->saltvalue.length);
-	if (ret) {
-	    free_Key(&key);
-	    return ret;
-	}
-    } else
-	key.salt = NULL;
-    
-    (*key_set)[*nkeyset] = key;
-    
-    *nkeyset += 1;
-
-    return 0;
-}
-
-
-/*
- * Generate the `key_set' from the [kadmin]default_keys statement. If
- * `no_salt' is set, salt is not important (and will not be set) since
- * it's random keys that is going to be created.
- */
-
-krb5_error_code
-hdb_generate_key_set(krb5_context context, krb5_principal principal,
-		     Key **ret_key_set, size_t *nkeyset, int no_salt)
-{
-    char **ktypes, **kp;
-    krb5_error_code ret;
-    Key *k, *key_set;
-    int i, j;
-    char *default_keytypes[] = {
-	"des:pw-salt",
-	"aes256-cts-hmac-sha1-96:pw-salt",
-	"des3-cbc-sha1:pw-salt",
-	"arcfour-hmac-md5:pw-salt",
-	NULL
-    };
-    
-    ktypes = krb5_config_get_strings(context, NULL, "kadmin",
-				     "default_keys", NULL);
-    if (ktypes == NULL)
-	ktypes = default_keytypes;
-
-    if (ktypes == NULL)
-	abort();
-
-    *ret_key_set = key_set = NULL;
-    *nkeyset = 0;
-
-    ret = 0;
- 
-    for(kp = ktypes; kp && *kp; kp++) {
-	const char *p;
-	krb5_salt salt;
-	krb5_enctype *enctypes;
-	size_t num_enctypes;
-
-	p = *kp;
-	/* check alias */
-	if(strcmp(p, "v5") == 0)
-	    p = "pw-salt";
-	else if(strcmp(p, "v4") == 0)
-	    p = "des:pw-salt:";
-	else if(strcmp(p, "afs") == 0 || strcmp(p, "afs3") == 0)
-	    p = "des:afs3-salt";
-	else if (strcmp(p, "arcfour-hmac-md5") == 0)
-	    p = "arcfour-hmac-md5:pw-salt";
-	    
-	memset(&salt, 0, sizeof(salt));
-
-	ret = parse_key_set(context, p,
-			    &enctypes, &num_enctypes, &salt, principal);
-	if (ret) {
-	    krb5_warn(context, ret, "bad value for default_keys `%s'", *kp);
-	    ret = 0;
-	    continue;
-	}
-
-	for (i = 0; i < num_enctypes; i++) {
-	    /* find duplicates */
-	    for (j = 0; j < *nkeyset; j++) {
-
-		k = &key_set[j];
-
-		if (k->key.keytype == enctypes[i]) {
-		    if (no_salt)
-			break;
-		    if (k->salt == NULL && salt.salttype == KRB5_PW_SALT)
-			break;
-		    if (k->salt->type == salt.salttype &&
-			k->salt->salt.length == salt.saltvalue.length &&
-			memcmp(k->salt->salt.data, salt.saltvalue.data, 
-			       salt.saltvalue.length) == 0)
-			break;
-		}
-	    }
-	    /* not a duplicate, lets add it */
-	    if (j == *nkeyset) {
-		ret = add_enctype_to_key_set(&key_set, nkeyset, enctypes[i], 
-					     no_salt ? NULL : &salt);
-		if (ret) {
-		    free(enctypes);
-		    krb5_free_salt(context, salt);
-		    goto out;
-		}
-	    }
-	}
-	free(enctypes);
-	krb5_free_salt(context, salt);
-    }
-    
-    *ret_key_set = key_set;
-
- out:
-    if (ktypes != default_keytypes)
-	krb5_config_free_strings(ktypes);
-
-    if (ret) {
-	krb5_warn(context, ret, 
-		  "failed to parse the [kadmin]default_keys values");
-
-	for (i = 0; i < *nkeyset; i++)
-	    free_Key(&key_set[i]);
-	free(key_set);
-    } else if (*nkeyset == 0) {
-	krb5_warnx(context, 
-		   "failed to parse any of the [kadmin]default_keys values");
-	ret = EINVAL; /* XXX */
-    }
-
-    return ret;
-}
-
-
-krb5_error_code
-hdb_generate_key_set_password(krb5_context context, 
-			      krb5_principal principal, 
-			      const char *password, 
-			      Key **keys, size_t *num_keys) 
-{
-    krb5_error_code ret;
-    int i;
-
-    ret = hdb_generate_key_set(context, principal,
-				keys, num_keys, 0);
-    if (ret)
-	return ret;
-
-    for (i = 0; i < (*num_keys); i++) {
-	krb5_salt salt;
-
-	salt.salttype = (*keys)[i].salt->type;
-	salt.saltvalue.length = (*keys)[i].salt->salt.length;
-	salt.saltvalue.data = (*keys)[i].salt->salt.data;
-
-	ret = krb5_string_to_key_salt (context,
-				       (*keys)[i].key.keytype,
-				       password,
-				       salt,
-				       &(*keys)[i].key);
-
-	if(ret)
-	    break;
-    }
-
-    if(ret) {
-	hdb_free_keys (context, *num_keys, *keys);
-	return ret;
-    }
-    return ret;
-}
diff --git a/crypto/heimdal/lib/hdb/keytab.c b/crypto/heimdal/lib/hdb/keytab.c
deleted file mode 100644
index e319bb503155..000000000000
--- a/crypto/heimdal/lib/hdb/keytab.c
+++ /dev/null
@@ -1,272 +0,0 @@
-/*
- * Copyright (c) 1999 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hdb_locl.h"
-
-/* keytab backend for HDB databases */
-
-RCSID("$Id: keytab.c 18380 2006-10-09 12:36:40Z lha $");
-
-struct hdb_data {
-    char *dbname;
-    char *mkey;
-};
-
-/*
- * the format for HDB keytabs is:
- * HDB:[database:file:mkey]
- */
-
-static krb5_error_code
-hdb_resolve(krb5_context context, const char *name, krb5_keytab id)
-{
-    struct hdb_data *d;
-    const char *db, *mkey;
-
-    d = malloc(sizeof(*d));
-    if(d == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    db = name;
-    mkey = strchr(name, ':');
-    if(mkey == NULL || mkey[1] == '\0') {
-	if(*name == '\0')
-	    d->dbname = NULL;
-	else {
-	    d->dbname = strdup(name);
-	    if(d->dbname == NULL) {
-		free(d);
-		krb5_set_error_string(context, "malloc: out of memory");
-		return ENOMEM;
-	    }
-	}
-	d->mkey = NULL;
-    } else {
-	if((mkey - db) == 0) {
-	    d->dbname = NULL;
-	} else {
-	    d->dbname = malloc(mkey - db + 1);
-	    if(d->dbname == NULL) {
-		free(d);
-		krb5_set_error_string(context, "malloc: out of memory");
-		return ENOMEM;
-	    }
-	    memmove(d->dbname, db, mkey - db);
-	    d->dbname[mkey - db] = '\0';
-	}
-	d->mkey = strdup(mkey + 1);
-	if(d->mkey == NULL) {
-	    free(d->dbname);
-	    free(d);
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-    }
-    id->data = d;
-    return 0;
-}
-
-static krb5_error_code
-hdb_close(krb5_context context, krb5_keytab id)
-{
-    struct hdb_data *d = id->data;
-
-    free(d->dbname);
-    free(d->mkey);
-    free(d);
-    return 0;
-}
-
-static krb5_error_code 
-hdb_get_name(krb5_context context, 
-	     krb5_keytab id, 
-	     char *name, 
-	     size_t namesize)
-{
-    struct hdb_data *d = id->data;
-
-    snprintf(name, namesize, "%s%s%s", 
-	     d->dbname ? d->dbname : "",
-	     (d->dbname || d->mkey) ? ":" : "",
-	     d->mkey ? d->mkey : "");
-    return 0;
-}
-
-static void
-set_config (krb5_context context,
-	    const krb5_config_binding *binding,
-	    const char **dbname,
-	    const char **mkey)
-{
-    *dbname = krb5_config_get_string(context, binding, "dbname", NULL);
-    *mkey   = krb5_config_get_string(context, binding, "mkey_file", NULL);
-}
-
-/*
- * try to figure out the database (`dbname') and master-key (`mkey')
- * that should be used for `principal'.
- */
-
-static void
-find_db (krb5_context context,
-	 const char **dbname,
-	 const char **mkey,
-	 krb5_const_principal principal)
-{
-    const krb5_config_binding *top_bind = NULL;
-    const krb5_config_binding *default_binding = NULL;
-    const krb5_config_binding *db;
-    krb5_realm *prealm = krb5_princ_realm(context, rk_UNCONST(principal));
-
-    *dbname = *mkey = NULL;
-
-    while ((db =
-	    krb5_config_get_next(context,
-				 NULL,
-				 &top_bind,
-				 krb5_config_list,
-				 "kdc",
-				 "database",
-				 NULL)) != NULL) {
-	const char *p;
-	
-	p = krb5_config_get_string (context, db, "realm", NULL);
-	if (p == NULL) {
-	    if(default_binding) {
-		krb5_warnx(context, "WARNING: more than one realm-less "
-			   "database specification");
-		krb5_warnx(context, "WARNING: using the first encountered");
-	    } else
-		default_binding = db;
-	} else if (strcmp (*prealm, p) == 0) {
-	    set_config (context, db, dbname, mkey);
-	    break;
-	}
-    }
-    if (*dbname == NULL && default_binding != NULL)
-	set_config (context, default_binding, dbname, mkey);
-    if (*dbname == NULL)
-	*dbname = HDB_DEFAULT_DB;
-}
-
-/*
- * find the keytab entry in `id' for `principal, kvno, enctype' and return
- * it in `entry'.  return 0 or an error code
- */
-
-static krb5_error_code
-hdb_get_entry(krb5_context context,
-	      krb5_keytab id,
-	      krb5_const_principal principal,
-	      krb5_kvno kvno,
-	      krb5_enctype enctype,
-	      krb5_keytab_entry *entry)
-{
-    hdb_entry_ex ent;
-    krb5_error_code ret;
-    struct hdb_data *d = id->data;
-    int i;
-    HDB *db;
-    const char *dbname = d->dbname;
-    const char *mkey   = d->mkey;
-
-    memset(&ent, 0, sizeof(ent));
-
-    if (dbname == NULL)
-	find_db (context, &dbname, &mkey, principal);
-
-    ret = hdb_create (context, &db, dbname);
-    if (ret)
-	return ret;
-    ret = hdb_set_master_keyfile (context, db, mkey);
-    if (ret) {
-	(*db->hdb_destroy)(context, db);
-	return ret;
-    }
-	
-    ret = (*db->hdb_open)(context, db, O_RDONLY, 0);
-    if (ret) {
-	(*db->hdb_destroy)(context, db);
-	return ret;
-    }
-    ret = (*db->hdb_fetch)(context, db, principal, 
-			   HDB_F_DECRYPT|
-			   HDB_F_GET_CLIENT|HDB_F_GET_SERVER|HDB_F_GET_KRBTGT,
-			   &ent);
-
-    if(ret == HDB_ERR_NOENTRY) {
-	ret = KRB5_KT_NOTFOUND;
-	goto out;
-    }else if(ret)
-	goto out;
-
-    if(kvno && ent.entry.kvno != kvno) {
-	hdb_free_entry(context, &ent);
- 	ret = KRB5_KT_NOTFOUND;
-	goto out;
-    }
-    if(enctype == 0)
-	if(ent.entry.keys.len > 0)
-	    enctype = ent.entry.keys.val[0].key.keytype;
-    ret = KRB5_KT_NOTFOUND;
-    for(i = 0; i < ent.entry.keys.len; i++) {
-	if(ent.entry.keys.val[i].key.keytype == enctype) {
-	    krb5_copy_principal(context, principal, &entry->principal);
-	    entry->vno = ent.entry.kvno;
-	    krb5_copy_keyblock_contents(context, 
-					&ent.entry.keys.val[i].key, 
-					&entry->keyblock);
-	    ret = 0;
-	    break;
-	}
-    }
-    hdb_free_entry(context, &ent);
-out:
-    (*db->hdb_close)(context, db);
-    (*db->hdb_destroy)(context, db);
-    return ret;
-}
-
-krb5_kt_ops hdb_kt_ops = {
-    "HDB",
-    hdb_resolve,
-    hdb_get_name,
-    hdb_close,
-    hdb_get_entry,
-    NULL,		/* start_seq_get */
-    NULL,		/* next_entry */
-    NULL,		/* end_seq_get */
-    NULL,		/* add */
-    NULL		/* remove */
-};
diff --git a/crypto/heimdal/lib/hdb/mkey.c b/crypto/heimdal/lib/hdb/mkey.c
deleted file mode 100644
index 05cf71c59311..000000000000
--- a/crypto/heimdal/lib/hdb/mkey.c
+++ /dev/null
@@ -1,603 +0,0 @@
-/*
- * Copyright (c) 2000 - 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hdb_locl.h"
-#ifndef O_BINARY
-#define O_BINARY 0
-#endif
-
-RCSID("$Id: mkey.c 21745 2007-07-31 16:11:25Z lha $");
-
-struct hdb_master_key_data {
-    krb5_keytab_entry keytab;
-    krb5_crypto crypto;
-    struct hdb_master_key_data *next;
-};
-
-void
-hdb_free_master_key(krb5_context context, hdb_master_key mkey)
-{
-    struct hdb_master_key_data *ptr;
-    while(mkey) {
-	krb5_kt_free_entry(context, &mkey->keytab);
-	if (mkey->crypto)
-	    krb5_crypto_destroy(context, mkey->crypto);
-	ptr = mkey;
-	mkey = mkey->next;
-	free(ptr);
-    }
-}
-
-krb5_error_code
-hdb_process_master_key(krb5_context context,
-		       int kvno, krb5_keyblock *key, krb5_enctype etype,
-		       hdb_master_key *mkey)
-{
-    krb5_error_code ret;
-
-    *mkey = calloc(1, sizeof(**mkey));
-    if(*mkey == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    (*mkey)->keytab.vno = kvno;
-    ret = krb5_parse_name(context, "K/M", &(*mkey)->keytab.principal);
-    if(ret)
-	goto fail;
-    ret = krb5_copy_keyblock_contents(context, key, &(*mkey)->keytab.keyblock);
-    if(ret)
-	goto fail;
-    if(etype != 0)
-	(*mkey)->keytab.keyblock.keytype = etype;
-    (*mkey)->keytab.timestamp = time(NULL);
-    ret = krb5_crypto_init(context, key, etype, &(*mkey)->crypto);
-    if(ret)
-	goto fail;
-    return 0;
- fail:
-    hdb_free_master_key(context, *mkey);
-    *mkey = NULL;
-    return ret;
-}
-
-krb5_error_code
-hdb_add_master_key(krb5_context context, krb5_keyblock *key,
-		   hdb_master_key *inout)
-{
-    int vno = 0;
-    hdb_master_key p;
-    krb5_error_code ret;
-
-    for(p = *inout; p; p = p->next)
-	vno = max(vno, p->keytab.vno);
-    vno++;
-    ret = hdb_process_master_key(context, vno, key, 0, &p);
-    if(ret)
-	return ret;
-    p->next = *inout;
-    *inout = p;
-    return 0;
-}
-
-static krb5_error_code
-read_master_keytab(krb5_context context, const char *filename, 
-		   hdb_master_key *mkey)
-{
-    krb5_error_code ret;
-    krb5_keytab id;
-    krb5_kt_cursor cursor;
-    krb5_keytab_entry entry;
-    hdb_master_key p;
-    
-    ret = krb5_kt_resolve(context, filename, &id);
-    if(ret)
-	return ret;
-
-    ret = krb5_kt_start_seq_get(context, id, &cursor);
-    if(ret)
-	goto out;
-    *mkey = NULL;
-    while(krb5_kt_next_entry(context, id, &entry, &cursor) == 0) {
-	p = calloc(1, sizeof(*p));
-	if(p == NULL) {
-	    krb5_kt_end_seq_get(context, id, &cursor);
-	    ret = ENOMEM;
-	    goto out;
-	}
-	p->keytab = entry;
-	ret = krb5_crypto_init(context, &p->keytab.keyblock, 0, &p->crypto);
-	p->next = *mkey;
-	*mkey = p;
-    }
-    krb5_kt_end_seq_get(context, id, &cursor);
-  out:
-    krb5_kt_close(context, id);
-    return ret;
-}
-
-/* read a MIT master keyfile */
-static krb5_error_code
-read_master_mit(krb5_context context, const char *filename, 
-		hdb_master_key *mkey)
-{
-    int fd;
-    krb5_error_code ret;
-    krb5_storage *sp;
-    int16_t enctype;
-    krb5_keyblock key;
-	       
-    fd = open(filename, O_RDONLY | O_BINARY);
-    if(fd < 0) {
-	int save_errno = errno;
-	krb5_set_error_string(context, "failed to open %s: %s", filename,
-			      strerror(save_errno));
-	return save_errno;
-    }
-    sp = krb5_storage_from_fd(fd);
-    if(sp == NULL) {
-	close(fd);
-	return errno;
-    }
-    krb5_storage_set_flags(sp, KRB5_STORAGE_HOST_BYTEORDER);
-#if 0
-    /* could possibly use ret_keyblock here, but do it with more
-       checks for now */
-    ret = krb5_ret_keyblock(sp, &key);
-#else
-    ret = krb5_ret_int16(sp, &enctype);
-    if((htons(enctype) & 0xff00) == 0x3000) {
-	krb5_set_error_string(context, "unknown keytype in %s: %#x, expected %#x", 
-			      filename, htons(enctype), 0x3000);
-	ret = HEIM_ERR_BAD_MKEY;
-	goto out;
-    }
-    key.keytype = enctype;
-    ret = krb5_ret_data(sp, &key.keyvalue);
-    if(ret)
-	goto out;
-#endif
-    ret = hdb_process_master_key(context, 0, &key, 0, mkey);
-    krb5_free_keyblock_contents(context, &key);
-  out:
-    krb5_storage_free(sp);
-    close(fd);
-    return ret;
-}
-
-/* read an old master key file */
-static krb5_error_code
-read_master_encryptionkey(krb5_context context, const char *filename, 
-			  hdb_master_key *mkey)
-{
-    int fd;
-    krb5_keyblock key;
-    krb5_error_code ret;
-    unsigned char buf[256];
-    ssize_t len;
-    size_t ret_len;
-	       
-    fd = open(filename, O_RDONLY | O_BINARY);
-    if(fd < 0) {
-	int save_errno = errno;
-	krb5_set_error_string(context, "failed to open %s: %s", 
-			      filename, strerror(save_errno));
-	return save_errno;
-    }
-    
-    len = read(fd, buf, sizeof(buf));
-    close(fd);
-    if(len < 0) {
-	int save_errno = errno;
-	krb5_set_error_string(context, "error reading %s: %s", 
-			      filename, strerror(save_errno));
-	return save_errno;
-    }
-
-    ret = decode_EncryptionKey(buf, len, &key, &ret_len);
-    memset(buf, 0, sizeof(buf));
-    if(ret)
-	return ret;
-
-    /* Originally, the keytype was just that, and later it got changed
-       to des-cbc-md5, but we always used des in cfb64 mode. This
-       should cover all cases, but will break if someone has hacked
-       this code to really use des-cbc-md5 -- but then that's not my
-       problem. */
-    if(key.keytype == KEYTYPE_DES || key.keytype == ETYPE_DES_CBC_MD5)
-	key.keytype = ETYPE_DES_CFB64_NONE;
-    
-    ret = hdb_process_master_key(context, 0, &key, 0, mkey);
-    krb5_free_keyblock_contents(context, &key);
-    return ret;
-}
-
-/* read a krb4 /.k style file */
-static krb5_error_code
-read_master_krb4(krb5_context context, const char *filename, 
-		 hdb_master_key *mkey)
-{
-    int fd;
-    krb5_keyblock key;
-    krb5_error_code ret;
-    unsigned char buf[256];
-    ssize_t len;
-	       
-    fd = open(filename, O_RDONLY | O_BINARY);
-    if(fd < 0) {
-	int save_errno = errno;
-	krb5_set_error_string(context, "failed to open %s: %s", 
-			      filename, strerror(save_errno));
-	return save_errno;
-    }
-    
-    len = read(fd, buf, sizeof(buf));
-    close(fd);
-    if(len < 0) {
-	int save_errno = errno;
-	krb5_set_error_string(context, "error reading %s: %s", 
-			      filename, strerror(save_errno));
-	return save_errno;
-    }
-    if(len != 8) {
-	krb5_set_error_string(context, "bad contents of %s", filename);
-	return HEIM_ERR_EOF; /* XXX file might be too large */
-    }
-
-    memset(&key, 0, sizeof(key));
-    key.keytype = ETYPE_DES_PCBC_NONE;
-    ret = krb5_data_copy(&key.keyvalue, buf, len);
-    memset(buf, 0, sizeof(buf));
-    if(ret) 
-	return ret;
-
-    ret = hdb_process_master_key(context, 0, &key, 0, mkey);
-    krb5_free_keyblock_contents(context, &key);
-    return ret;
-}
-
-krb5_error_code
-hdb_read_master_key(krb5_context context, const char *filename, 
-		    hdb_master_key *mkey)
-{
-    FILE *f;
-    unsigned char buf[16];
-    krb5_error_code ret;
-
-    off_t len;
-
-    *mkey = NULL;
-
-    if(filename == NULL)
-	filename = HDB_DB_DIR "/m-key";
-
-    f = fopen(filename, "r");
-    if(f == NULL) {
-	int save_errno = errno;
-	krb5_set_error_string(context, "failed to open %s: %s", 
-			      filename, strerror(save_errno));
-	return save_errno;
-    }
-    
-    if(fread(buf, 1, 2, f) != 2) {
-	krb5_set_error_string(context, "end of file reading %s", filename);
-	fclose(f);
-	return HEIM_ERR_EOF;
-    }
-    
-    fseek(f, 0, SEEK_END);
-    len = ftell(f);
-
-    if(fclose(f) != 0)
-	return errno;
-    
-    if(len < 0)
-	return errno;
-    
-    if(len == 8) {
-	ret = read_master_krb4(context, filename, mkey);
-    } else if(buf[0] == 0x30 && len <= 127 && buf[1] == len - 2) {
-	ret = read_master_encryptionkey(context, filename, mkey);
-    } else if(buf[0] == 5 && buf[1] >= 1 && buf[1] <= 2) {
-	ret = read_master_keytab(context, filename, mkey);
-    } else {
-	ret = read_master_mit(context, filename, mkey);
-    }
-    return ret;
-}
-
-krb5_error_code
-hdb_write_master_key(krb5_context context, const char *filename, 
-		     hdb_master_key mkey)
-{
-    krb5_error_code ret;
-    hdb_master_key p;
-    krb5_keytab kt;
-
-    if(filename == NULL)
-	filename = HDB_DB_DIR "/m-key";
-
-    ret = krb5_kt_resolve(context, filename, &kt);
-    if(ret)
-	return ret;
-
-    for(p = mkey; p; p = p->next) {
-	ret = krb5_kt_add_entry(context, kt, &p->keytab);
-    }
-
-    krb5_kt_close(context, kt);
-
-    return ret;
-}
-
-hdb_master_key
-_hdb_find_master_key(uint32_t *mkvno, hdb_master_key mkey)
-{
-    hdb_master_key ret = NULL;
-    while(mkey) {
-	if(ret == NULL && mkey->keytab.vno == 0)
-	    ret = mkey;
-	if(mkvno == NULL) {
-	    if(ret == NULL || mkey->keytab.vno > ret->keytab.vno)
-		ret = mkey;
-	} else if(mkey->keytab.vno == *mkvno)
-	    return mkey;
-	mkey = mkey->next;
-    }
-    return ret;
-}
-
-int
-_hdb_mkey_version(hdb_master_key mkey)
-{
-    return mkey->keytab.vno;
-}
-
-int
-_hdb_mkey_decrypt(krb5_context context, hdb_master_key key,
-		  krb5_key_usage usage,
-		  void *ptr, size_t size, krb5_data *res)
-{
-    return krb5_decrypt(context, key->crypto, usage,
-			ptr, size, res);
-}
-
-int
-_hdb_mkey_encrypt(krb5_context context, hdb_master_key key,
-		  krb5_key_usage usage,
-		  const void *ptr, size_t size, krb5_data *res)
-{
-    return krb5_encrypt(context, key->crypto, usage,
-			ptr, size, res);
-}
-
-krb5_error_code
-hdb_unseal_key_mkey(krb5_context context, Key *k, hdb_master_key mkey) 
-{
-	
-    krb5_error_code ret;
-    krb5_data res;
-    size_t keysize;
-
-    hdb_master_key key;
-
-    if(k->mkvno == NULL)
-	return 0;
-	
-    key = _hdb_find_master_key(k->mkvno, mkey);
-
-    if (key == NULL)
-	return HDB_ERR_NO_MKEY;
-
-    ret = _hdb_mkey_decrypt(context, key, HDB_KU_MKEY,
-			    k->key.keyvalue.data,
-			    k->key.keyvalue.length,
-			    &res);
-    if(ret == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
-	/* try to decrypt with MIT key usage */
-	ret = _hdb_mkey_decrypt(context, key, 0,
-				k->key.keyvalue.data,
-				k->key.keyvalue.length,
-				&res);
-    }    
-    if (ret)
-	return ret;
-
-    /* fixup keylength if the key got padded when encrypting it */
-    ret = krb5_enctype_keysize(context, k->key.keytype, &keysize);
-    if (ret) {
-	krb5_data_free(&res);
-	return ret;
-    }
-    if (keysize > res.length) {
-	krb5_data_free(&res);
-	return KRB5_BAD_KEYSIZE;
-    }
-
-    memset(k->key.keyvalue.data, 0, k->key.keyvalue.length);
-    free(k->key.keyvalue.data);
-    k->key.keyvalue = res;
-    k->key.keyvalue.length = keysize;
-    free(k->mkvno);
-    k->mkvno = NULL;
-
-    return 0;
-}
-
-krb5_error_code
-hdb_unseal_keys_mkey(krb5_context context, hdb_entry *ent, hdb_master_key mkey)
-{
-    int i;
-
-    for(i = 0; i < ent->keys.len; i++){
-	krb5_error_code ret;
-
-	ret = hdb_unseal_key_mkey(context, &ent->keys.val[i], mkey);
-	if (ret) 
-	    return ret;
-    }
-    return 0;
-}
-
-krb5_error_code
-hdb_unseal_keys(krb5_context context, HDB *db, hdb_entry *ent)
-{
-    if (db->hdb_master_key_set == 0)
-	return 0;
-    return hdb_unseal_keys_mkey(context, ent, db->hdb_master_key);
-}
-
-krb5_error_code
-hdb_unseal_key(krb5_context context, HDB *db, Key *k)
-{
-    if (db->hdb_master_key_set == 0)
-	return 0;
-    return hdb_unseal_key_mkey(context, k, db->hdb_master_key);
-}
-
-krb5_error_code
-hdb_seal_key_mkey(krb5_context context, Key *k, hdb_master_key mkey)
-{
-    krb5_error_code ret;
-    krb5_data res;
-    hdb_master_key key;
-
-    if(k->mkvno != NULL)
-	return 0;
-
-    key = _hdb_find_master_key(k->mkvno, mkey);
-
-    if (key == NULL)
-	return HDB_ERR_NO_MKEY;
-
-    ret = _hdb_mkey_encrypt(context, key, HDB_KU_MKEY,
-			    k->key.keyvalue.data,
-			    k->key.keyvalue.length,
-			    &res);
-    if (ret)
-	return ret;
-
-    memset(k->key.keyvalue.data, 0, k->key.keyvalue.length);
-    free(k->key.keyvalue.data);
-    k->key.keyvalue = res;
-
-    if (k->mkvno == NULL) {
-	k->mkvno = malloc(sizeof(*k->mkvno));
-	if (k->mkvno == NULL)
-	    return ENOMEM;
-    }
-    *k->mkvno = key->keytab.vno;
-	
-    return 0;
-}
-
-krb5_error_code
-hdb_seal_keys_mkey(krb5_context context, hdb_entry *ent, hdb_master_key mkey)
-{
-    int i;
-    for(i = 0; i < ent->keys.len; i++){
-	krb5_error_code ret;
-
-	ret = hdb_seal_key_mkey(context, &ent->keys.val[i], mkey);
-	if (ret)
-	    return ret;
-    }
-    return 0;
-}
-
-krb5_error_code
-hdb_seal_keys(krb5_context context, HDB *db, hdb_entry *ent)
-{
-    if (db->hdb_master_key_set == 0)
-	return 0;
-    
-    return hdb_seal_keys_mkey(context, ent, db->hdb_master_key);
-}
-
-krb5_error_code
-hdb_seal_key(krb5_context context, HDB *db, Key *k)
-{
-    if (db->hdb_master_key_set == 0)
-	return 0;
-    
-    return hdb_seal_key_mkey(context, k, db->hdb_master_key);
-}
-
-krb5_error_code
-hdb_set_master_key (krb5_context context,
-		    HDB *db,
-		    krb5_keyblock *key)
-{
-    krb5_error_code ret;
-    hdb_master_key mkey;
-
-    ret = hdb_process_master_key(context, 0, key, 0, &mkey);
-    if (ret)
-	return ret;
-    db->hdb_master_key = mkey;
-#if 0 /* XXX - why? */
-    des_set_random_generator_seed(key.keyvalue.data);
-#endif
-    db->hdb_master_key_set = 1;
-    return 0;
-}
-
-krb5_error_code
-hdb_set_master_keyfile (krb5_context context,
-			HDB *db,
-			const char *keyfile)
-{
-    hdb_master_key key;
-    krb5_error_code ret;
-
-    ret = hdb_read_master_key(context, keyfile, &key);
-    if (ret) {
-	if (ret != ENOENT)
-	    return ret;
-	krb5_clear_error_string(context);
-	return 0;
-    }
-    db->hdb_master_key = key;
-    db->hdb_master_key_set = 1;
-    return ret;
-}
-
-krb5_error_code
-hdb_clear_master_key (krb5_context context,
-		      HDB *db)
-{
-    if (db->hdb_master_key_set) {
-	hdb_free_master_key(context, db->hdb_master_key);
-	db->hdb_master_key_set = 0;
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/lib/hdb/ndbm.c b/crypto/heimdal/lib/hdb/ndbm.c
deleted file mode 100644
index 6575b8a4171c..000000000000
--- a/crypto/heimdal/lib/hdb/ndbm.c
+++ /dev/null
@@ -1,370 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hdb_locl.h"
-
-RCSID("$Id: ndbm.c 16395 2005-12-13 11:54:10Z lha $");
-
-#if HAVE_NDBM
-
-#if defined(HAVE_GDBM_NDBM_H)
-#include <gdbm/ndbm.h>
-#elif defined(HAVE_NDBM_H)
-#include <ndbm.h>
-#elif defined(HAVE_DBM_H)
-#include <dbm.h>
-#endif
-
-struct ndbm_db {
-    DBM *db;
-    int lock_fd;
-};
-
-static krb5_error_code
-NDBM_destroy(krb5_context context, HDB *db)
-{
-    krb5_error_code ret;
-
-    ret = hdb_clear_master_key (context, db);
-    free(db->hdb_name);
-    free(db);
-    return 0;
-}
-
-static krb5_error_code
-NDBM_lock(krb5_context context, HDB *db, int operation)
-{
-    struct ndbm_db *d = db->hdb_db;
-    return hdb_lock(d->lock_fd, operation);
-}
-
-static krb5_error_code
-NDBM_unlock(krb5_context context, HDB *db)
-{
-    struct ndbm_db *d = db->hdb_db;
-    return hdb_unlock(d->lock_fd);
-}
-
-static krb5_error_code
-NDBM_seq(krb5_context context, HDB *db, 
-	 unsigned flags, hdb_entry_ex *entry, int first)
-
-{
-    struct ndbm_db *d = (struct ndbm_db *)db->hdb_db;
-    datum key, value;
-    krb5_data key_data, data;
-    krb5_error_code ret = 0;
-
-    if(first)
-	key = dbm_firstkey(d->db);
-    else
-	key = dbm_nextkey(d->db);
-    if(key.dptr == NULL)
-	return HDB_ERR_NOENTRY;
-    key_data.data = key.dptr;
-    key_data.length = key.dsize;
-    ret = db->hdb_lock(context, db, HDB_RLOCK);
-    if(ret) return ret;
-    value = dbm_fetch(d->db, key);
-    db->hdb_unlock(context, db);
-    data.data = value.dptr;
-    data.length = value.dsize;
-    memset(entry, 0, sizeof(*entry));
-    if(hdb_value2entry(context, &data, &entry->entry))
-	return NDBM_seq(context, db, flags, entry, 0);
-    if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
-	ret = hdb_unseal_keys (context, db, &entry->entry);
-	if (ret)
-	    hdb_free_entry (context, entry);
-    }
-    if (ret == 0 && entry->entry.principal == NULL) {
-	entry->entry.principal = malloc (sizeof(*entry->entry.principal));
-	if (entry->entry.principal == NULL) {
-	    ret = ENOMEM;
-	    hdb_free_entry (context, entry);
-	    krb5_set_error_string(context, "malloc: out of memory");
-	} else {
-	    hdb_key2principal (context, &key_data, entry->entry.principal);
-	}
-    }
-    return ret;
-}
-
-
-static krb5_error_code
-NDBM_firstkey(krb5_context context, HDB *db,unsigned flags,hdb_entry_ex *entry)
-{
-    return NDBM_seq(context, db, flags, entry, 1);
-}
-
-
-static krb5_error_code
-NDBM_nextkey(krb5_context context, HDB *db, unsigned flags,hdb_entry_ex *entry)
-{
-    return NDBM_seq(context, db, flags, entry, 0);
-}
-
-static krb5_error_code
-NDBM_rename(krb5_context context, HDB *db, const char *new_name)
-{
-    /* XXX this function will break */
-    struct ndbm_db *d = db->hdb_db;
-
-    int ret;
-    char *old_dir, *old_pag, *new_dir, *new_pag;
-    char *new_lock;
-    int lock_fd;
-
-    /* lock old and new databases */
-    ret = db->hdb_lock(context, db, HDB_WLOCK);
-    if(ret)
-	return ret;
-    asprintf(&new_lock, "%s.lock", new_name);
-    if(new_lock == NULL) {
-	db->hdb_unlock(context, db);
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    lock_fd = open(new_lock, O_RDWR | O_CREAT, 0600);
-    if(lock_fd < 0) {
-	ret = errno;
-	db->hdb_unlock(context, db);
-	krb5_set_error_string(context, "open(%s): %s", new_lock,
-			      strerror(ret));
-	free(new_lock);
-	return ret;
-    }
-    free(new_lock);
-    ret = hdb_lock(lock_fd, HDB_WLOCK);
-    if(ret) {
-	db->hdb_unlock(context, db);
-	close(lock_fd);
-	return ret;
-    }
-
-    asprintf(&old_dir, "%s.dir", db->hdb_name);
-    asprintf(&old_pag, "%s.pag", db->hdb_name);
-    asprintf(&new_dir, "%s.dir", new_name);
-    asprintf(&new_pag, "%s.pag", new_name);
-
-    ret = rename(old_dir, new_dir) || rename(old_pag, new_pag);
-    free(old_dir);
-    free(old_pag);
-    free(new_dir);
-    free(new_pag);
-    hdb_unlock(lock_fd);
-    db->hdb_unlock(context, db);
-
-    if(ret) {
-	ret = errno;
-	close(lock_fd);
-	krb5_set_error_string(context, "rename: %s", strerror(ret));
-	return ret;
-    }
-
-    close(d->lock_fd);
-    d->lock_fd = lock_fd;
-    
-    free(db->hdb_name);
-    db->hdb_name = strdup(new_name);
-    return 0;
-}
-
-static krb5_error_code
-NDBM__get(krb5_context context, HDB *db, krb5_data key, krb5_data *reply)
-{
-    struct ndbm_db *d = (struct ndbm_db *)db->hdb_db;
-    datum k, v;
-    int code;
-
-    k.dptr  = key.data;
-    k.dsize = key.length;
-    code = db->hdb_lock(context, db, HDB_RLOCK);
-    if(code)
-	return code;
-    v = dbm_fetch(d->db, k);
-    db->hdb_unlock(context, db);
-    if(v.dptr == NULL)
-	return HDB_ERR_NOENTRY;
-
-    krb5_data_copy(reply, v.dptr, v.dsize);
-    return 0;
-}
-
-static krb5_error_code
-NDBM__put(krb5_context context, HDB *db, int replace, 
-	krb5_data key, krb5_data value)
-{
-    struct ndbm_db *d = (struct ndbm_db *)db->hdb_db;
-    datum k, v;
-    int code;
-
-    k.dptr  = key.data;
-    k.dsize = key.length;
-    v.dptr  = value.data;
-    v.dsize = value.length;
-
-    code = db->hdb_lock(context, db, HDB_WLOCK);
-    if(code)
-	return code;
-    code = dbm_store(d->db, k, v, replace ? DBM_REPLACE : DBM_INSERT);
-    db->hdb_unlock(context, db);
-    if(code == 1)
-	return HDB_ERR_EXISTS;
-    if (code < 0)
-	return code;
-    return 0;
-}
-
-static krb5_error_code
-NDBM__del(krb5_context context, HDB *db, krb5_data key)
-{
-    struct ndbm_db *d = (struct ndbm_db *)db->hdb_db;
-    datum k;
-    int code;
-    krb5_error_code ret;
-
-    k.dptr = key.data;
-    k.dsize = key.length;
-    ret = db->hdb_lock(context, db, HDB_WLOCK);
-    if(ret) return ret;
-    code = dbm_delete(d->db, k);
-    db->hdb_unlock(context, db);
-    if(code < 0)
-	return errno;
-    return 0;
-}
-
-
-static krb5_error_code
-NDBM_close(krb5_context context, HDB *db)
-{
-    struct ndbm_db *d = db->hdb_db;
-    dbm_close(d->db);
-    close(d->lock_fd);
-    free(d);
-    return 0;
-}
-
-static krb5_error_code
-NDBM_open(krb5_context context, HDB *db, int flags, mode_t mode)
-{
-    krb5_error_code ret;
-    struct ndbm_db *d = malloc(sizeof(*d));
-    char *lock_file;
-
-    if(d == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    asprintf(&lock_file, "%s.lock", (char*)db->hdb_name);
-    if(lock_file == NULL) {
-	free(d);
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    d->db = dbm_open((char*)db->hdb_name, flags, mode);
-    if(d->db == NULL){
-	ret = errno;
-	free(d);
-	free(lock_file);
-	krb5_set_error_string(context, "dbm_open(%s): %s", db->hdb_name,
-			      strerror(ret));
-	return ret;
-    }
-    d->lock_fd = open(lock_file, O_RDWR | O_CREAT, 0600);
-    if(d->lock_fd < 0){
-	ret = errno;
-	dbm_close(d->db);
-	free(d);
-	krb5_set_error_string(context, "open(%s): %s", lock_file,
-			      strerror(ret));
-	free(lock_file);
-	return ret;
-    }
-    free(lock_file);
-    db->hdb_db = d;
-    if((flags & O_ACCMODE) == O_RDONLY)
-	ret = hdb_check_db_format(context, db);
-    else
-	ret = hdb_init_db(context, db);
-    if(ret == HDB_ERR_NOENTRY)
-	return 0;
-    if (ret) {
-	NDBM_close(context, db);
-	krb5_set_error_string(context, "hdb_open: failed %s database %s",
-			      (flags & O_ACCMODE) == O_RDONLY ? 
-			      "checking format of" : "initialize", 
-			      db->hdb_name);
-    }
-    return ret;
-}
-
-krb5_error_code
-hdb_ndbm_create(krb5_context context, HDB **db, 
-		const char *filename)
-{
-    *db = calloc(1, sizeof(**db));
-    if (*db == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    (*db)->hdb_db = NULL;
-    (*db)->hdb_name = strdup(filename);
-    if ((*db)->hdb_name == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	free(*db);
-	*db = NULL;
-	return ENOMEM;
-    }
-    (*db)->hdb_master_key_set = 0;
-    (*db)->hdb_openp = 0;
-    (*db)->hdb_open = NDBM_open;
-    (*db)->hdb_close = NDBM_close;
-    (*db)->hdb_fetch = _hdb_fetch;
-    (*db)->hdb_store = _hdb_store;
-    (*db)->hdb_remove = _hdb_remove;
-    (*db)->hdb_firstkey = NDBM_firstkey;
-    (*db)->hdb_nextkey= NDBM_nextkey;
-    (*db)->hdb_lock = NDBM_lock;
-    (*db)->hdb_unlock = NDBM_unlock;
-    (*db)->hdb_rename = NDBM_rename;
-    (*db)->hdb__get = NDBM__get;
-    (*db)->hdb__put = NDBM__put;
-    (*db)->hdb__del = NDBM__del;
-    (*db)->hdb_destroy = NDBM_destroy;
-    return 0;
-}
-
-#endif /* HAVE_NDBM */
diff --git a/crypto/heimdal/lib/hdb/print.c b/crypto/heimdal/lib/hdb/print.c
deleted file mode 100644
index 60b7e8db7b60..000000000000
--- a/crypto/heimdal/lib/hdb/print.c
+++ /dev/null
@@ -1,294 +0,0 @@
-/*
- * Copyright (c) 1999-2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "hdb_locl.h"
-#include <hex.h>
-#include <ctype.h>
-
-RCSID("$Id: print.c 16378 2005-12-12 12:40:12Z lha $");
-
-/* 
-   This is the present contents of a dump line. This might change at
-   any time. Fields are separated by white space.
-
-  principal
-  keyblock
-  	kvno
-	keys...
-		mkvno
-		enctype
-		keyvalue
-		salt (- means use normal salt)
-  creation date and principal
-  modification date and principal
-  principal valid from date (not used)
-  principal valid end date (not used)
-  principal key expires (not used)
-  max ticket life
-  max renewable life
-  flags
-  generation number
-  */
-
-static krb5_error_code
-append_string(krb5_context context, krb5_storage *sp, const char *fmt, ...)
-{
-    krb5_error_code ret;
-    char *s;
-    va_list ap;
-    va_start(ap, fmt);
-    vasprintf(&s, fmt, ap);
-    va_end(ap);
-    if(s == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    ret = krb5_storage_write(sp, s, strlen(s));
-    free(s);
-    return ret;
-}
-
-static krb5_error_code
-append_hex(krb5_context context, krb5_storage *sp, krb5_data *data)
-{
-    int i, printable = 1;
-    char *p;
-
-    p = data->data;
-    for(i = 0; i < data->length; i++)
-	if(!isalnum((unsigned char)p[i]) && p[i] != '.'){
-	    printable = 0;
-	    break;
-	}
-    if(printable)
-	return append_string(context, sp, "\"%.*s\"",
-			     data->length, data->data);
-    hex_encode(data->data, data->length, &p);
-    append_string(context, sp, "%s", p);
-    free(p);
-    return 0;
-}
-
-static char *
-time2str(time_t t)
-{
-    static char buf[128];
-    strftime(buf, sizeof(buf), "%Y%m%d%H%M%S", gmtime(&t));
-    return buf;
-}
-
-static krb5_error_code
-append_event(krb5_context context, krb5_storage *sp, Event *ev)
-{
-    char *pr = NULL;
-    krb5_error_code ret;
-    if(ev == NULL)
-	return append_string(context, sp, "- ");
-    if (ev->principal != NULL) {
-       ret = krb5_unparse_name(context, ev->principal, &pr);
-       if(ret)
-           return ret;
-    }
-    ret = append_string(context, sp, "%s:%s ",
-			time2str(ev->time), pr ? pr : "UNKNOWN");
-    free(pr);
-    return ret;
-}
-
-static krb5_error_code
-entry2string_int (krb5_context context, krb5_storage *sp, hdb_entry *ent)
-{
-    char *p;
-    int i;
-    krb5_error_code ret;
-
-    /* --- principal */
-    ret = krb5_unparse_name(context, ent->principal, &p);
-    if(ret)
-	return ret;
-    append_string(context, sp, "%s ", p);
-    free(p);
-    /* --- kvno */
-    append_string(context, sp, "%d", ent->kvno);
-    /* --- keys */
-    for(i = 0; i < ent->keys.len; i++){
-	/* --- mkvno, keytype */
-	if(ent->keys.val[i].mkvno)
-	    append_string(context, sp, ":%d:%d:", 
-			  *ent->keys.val[i].mkvno, 
-			  ent->keys.val[i].key.keytype);
-	else
-	    append_string(context, sp, "::%d:", 
-			  ent->keys.val[i].key.keytype);
-	/* --- keydata */
-	append_hex(context, sp, &ent->keys.val[i].key.keyvalue);
-	append_string(context, sp, ":");
-	/* --- salt */
-	if(ent->keys.val[i].salt){
-	    append_string(context, sp, "%u/", ent->keys.val[i].salt->type);
-	    append_hex(context, sp, &ent->keys.val[i].salt->salt);
-	}else
-	    append_string(context, sp, "-");
-    }
-    append_string(context, sp, " ");
-    /* --- created by */
-    append_event(context, sp, &ent->created_by);
-    /* --- modified by */
-    append_event(context, sp, ent->modified_by);
-
-    /* --- valid start */
-    if(ent->valid_start)
-	append_string(context, sp, "%s ", time2str(*ent->valid_start));
-    else
-	append_string(context, sp, "- ");
-
-    /* --- valid end */
-    if(ent->valid_end)
-	append_string(context, sp, "%s ", time2str(*ent->valid_end));
-    else
-	append_string(context, sp, "- ");
-    
-    /* --- password ends */
-    if(ent->pw_end)
-	append_string(context, sp, "%s ", time2str(*ent->pw_end));
-    else
-	append_string(context, sp, "- ");
-
-    /* --- max life */
-    if(ent->max_life)
-	append_string(context, sp, "%d ", *ent->max_life);
-    else
-	append_string(context, sp, "- ");
-
-    /* --- max renewable life */
-    if(ent->max_renew)
-	append_string(context, sp, "%d ", *ent->max_renew);
-    else
-	append_string(context, sp, "- ");
-    
-    /* --- flags */
-    append_string(context, sp, "%d ", HDBFlags2int(ent->flags));
-
-    /* --- generation number */
-    if(ent->generation) {
-	append_string(context, sp, "%s:%d:%d ", time2str(ent->generation->time),
-		      ent->generation->usec,
-		      ent->generation->gen);
-    } else
-	append_string(context, sp, "- ");
-
-    /* --- extensions */
-    if(ent->extensions && ent->extensions->len > 0) {
-	for(i = 0; i < ent->extensions->len; i++) {
-	    void *d;
-	    size_t size, sz;
-
-	    ASN1_MALLOC_ENCODE(HDB_extension, d, size,
-			       &ent->extensions->val[i], &sz, ret);
-	    if (ret) {
-		krb5_clear_error_string(context);
-		return ret;
-	    }
-	    if(size != sz)
-		krb5_abortx(context, "internal asn.1 encoder error");
-
-	    if (hex_encode(d, size, &p) < 0) {
-		free(d);
-		krb5_set_error_string(context, "malloc: out of memory");
-		return ENOMEM;
-	    }
-
-	    free(d);
-	    append_string(context, sp, "%s%s", p, 
-			  ent->extensions->len - 1 != i ? ":" : "");
-	    free(p);
-	}
-    } else
-	append_string(context, sp, "-");
-
-    
-    return 0;
-}
-
-krb5_error_code
-hdb_entry2string (krb5_context context, hdb_entry *ent, char **str)
-{
-    krb5_error_code ret;
-    krb5_data data;
-    krb5_storage *sp;
-
-    sp = krb5_storage_emem();
-    if(sp == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    
-    ret = entry2string_int(context, sp, ent);
-    if(ret) {
-	krb5_storage_free(sp);
-	return ret;
-    }
-
-    krb5_storage_write(sp, "\0", 1);
-    krb5_storage_to_data(sp, &data);
-    krb5_storage_free(sp);
-    *str = data.data;
-    return 0;
-}
-
-/* print a hdb_entry to (FILE*)data; suitable for hdb_foreach */
-
-krb5_error_code
-hdb_print_entry(krb5_context context, HDB *db, hdb_entry_ex *entry, void *data)
-{
-    krb5_error_code ret;
-    krb5_storage *sp;
-
-    FILE *f = data;
-
-    fflush(f);
-    sp = krb5_storage_from_fd(fileno(f));
-    if(sp == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    
-    ret = entry2string_int(context, sp, &entry->entry);
-    if(ret) {
-	krb5_storage_free(sp);
-	return ret;
-    }
-
-    krb5_storage_write(sp, "\n", 1);
-    krb5_storage_free(sp);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/hdb/test_dbinfo.c b/crypto/heimdal/lib/hdb/test_dbinfo.c
deleted file mode 100644
index d92a5381b3a1..000000000000
--- a/crypto/heimdal/lib/hdb/test_dbinfo.c
+++ /dev/null
@@ -1,91 +0,0 @@
-/*
- * Copyright (c) 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hdb_locl.h"
-#include <getarg.h>
-
-RCSID("$Id: test_dbinfo.c 20575 2007-04-27 20:20:32Z lha $");
-
-static int help_flag;
-static int version_flag;
-
-struct getargs args[] = {
-    { "help",		'h',	arg_flag,   &help_flag },
-    { "version",	0,	arg_flag,   &version_flag }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-int
-main(int argc, char **argv)
-{
-    struct hdb_dbinfo *info, *d;
-    krb5_context context;
-    int ret, o = 0;
-
-    setprogname(argv[0]);
-
-    if(getarg(args, num_args, argc, argv, &o))
-	krb5_std_usage(1, args, num_args);
-
-    if(help_flag)
-	krb5_std_usage(0, args, num_args);
-    
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    ret = hdb_get_dbinfo(context, &info);
-    if (ret)
-	krb5_err(context, 1, ret, "hdb_get_dbinfo");
-
-    d = NULL;
-    while ((d = hdb_dbinfo_get_next(info, d)) != NULL) {
-	printf("label: %s\n", hdb_dbinfo_get_label(context, d));
-	printf("\trealm: %s\n", hdb_dbinfo_get_realm(context, d));
-	printf("\tdbname: %s\n", hdb_dbinfo_get_dbname(context, d));
-	printf("\tmkey_file: %s\n", hdb_dbinfo_get_mkey_file(context, d));
-	printf("\tacl_file: %s\n", hdb_dbinfo_get_acl_file(context, d));
-    }
-
-    hdb_free_dbinfo(context, &info);
-
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/hx509/ChangeLog b/crypto/heimdal/lib/hx509/ChangeLog
deleted file mode 100644
index cb29cee4e18c..000000000000
--- a/crypto/heimdal/lib/hx509/ChangeLog
+++ /dev/null
@@ -1,2641 +0,0 @@
-2008-01-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_soft_pkcs11.c: use func for more C_ functions.
-	
-2008-01-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* version-script.map: Export hx509_free_error_string().
-
-2008-01-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* version-script.map: only export C_GetFunctionList
-
-	* test_soft_pkcs11.c: use C_GetFunctionList
-
-	* softp11.c: fix comment, remove label.
-
-	* softp11.c: Add option app-fatal to control if softtoken should
-	abort() on erroneous input from applications.
-
-2008-01-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_pkcs11.in: Test password less certificates too
-
-	* keyset.c: document HX509_CERTS_UNPROTECT_ALL
-
-	* ks_file.c: Support HX509_CERTS_UNPROTECT_ALL.
-
-	* hx509.h: Add HX509_CERTS_UNPROTECT_ALL.
-
-	* test_soft_pkcs11.c: Only log in if needed.
-
-2008-01-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* softp11.c: Support PINs to login to the store.
-
-	* Makefile.am: add java pkcs11 test
-
-	* test_java_pkcs11.in: first version of disable java test
-
-	* softp11.c: Drop unused stuff.
-
-	* cert.c: Spelling, Add hx509_cert_get_SPKI_AlgorithmIdentifier,
-	remove unused stuff, add hx509_context to some functions.
-	
-	* softp11.c: Add more glue to figure out what keytype this
-	certificate is using.
-
-2008-01-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_pkcs11.in: test debug
-
-	* Add a PKCS11 provider supporting signing and verifing sigatures.
-
-2008-01-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* version-script.map: Replace hx509_name_to_der_name with
-	hx509_name_binary.
-
-	* print.c: make print_func static
-
-2007-12-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* print.c: doxygen
-
-	* env.c: doxygen
-
-	* doxygen.c: add more groups
-
-	* ca.c: doxygen.
-
-2007-12-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ca.c: doxygen
-
-2007-12-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* error.c: doxygen
-	
-2007-12-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* More documentation
-	
-	* lock.c: Add page referance
-
-	* keyset.c: some more documentation.
-
-	* cms.c: Doxygen documentation.
-
-2007-12-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* *.[ch]: More documentation
-
-2007-12-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* handle refcount on NULL.
-
-	* test_nist_pkcs12.in: drop echo -n, doesn't work with posix sh
-
-2007-12-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_nist2.in: Print that this is version 2 of the tests
-
-	* test_nist.in: Drop printing of $id.
-
-	* hx509.h: Add HX509_VHN_F_ALLOW_NO_MATCH.
-
-	* name.c: spelling.
-
-	* cert.c: make work the doxygen.
-
-	* name.c: fix doxygen compiling.
-
-	* Makefile.am: add doxygen.c
-
-	* doxygen.c: Add doxygen main page.
-
-	* cert.c: Add doxygen.
-
-	* revoke.c (_hx509_revoke_ref): new function.
-
-2007-11-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ks_keychain.c: Check if SecKeyGetCSPHandle needs prototype.
-
-2007-08-16  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* data/nist-data: Make work on case senstive filesystems too.
-	
-2007-08-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cert.c: match rfc822 contrains better, provide better error
-	strings.
-
-2007-08-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cert.c: "self-signed doesn't count" doesn't apply to trust
-	anchor certificate.  make trust anchor check consistant.
-
-	* revoke.c: make compile.
-
-	* revoke.c (verify_crl): set error strings.
-	
-	* revoke.c (verify_crl): handle with the signer is the
-	CRLsigner (shortcut).
-
-	* cert.c: Fix NC, comment on how to use _hx509_check_key_usage.
-
-2007-08-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_nist2.in, Makefile, test/nist*: Add nist pkits tests. 
-
-	* revoke.c: Update to use CERT_REVOKED error, shortcut out of OCSP
-	checking when OCSP reply is a revocation reply.
-
-	* hx509_err.et: Make CERT_REVOKED error OCSP/CRL agnostic.
-
-	* name.c (_hx509_Name_to_string): make printableString handle
-	space (0x20) diffrences as required by rfc3280.
-
-	* revoke.c: Search for the right issuer when looking for the
-	issuer of the CRL signer.
-
-2007-08-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* revoke.c: Handle CRL signing certificate better, try to not
-	revalidate invalid CRLs over and over.
-
-2007-08-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cms.c: remove stale comment.
-
-	* test_nist.in: Unpack PKITS_data.zip and run tests.
-	
-	* test_nist_cert.in: Adapt to new nist pkits framework.
-
-	* test_nist_pkcs12.in: Adapt to new nist pkits framework.
-
-	* Makefile.am: clean PKITS_data
-
-2007-07-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Add version-script.map to EXTRA_DIST
-
-2007-07-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Add depenency on asn1_compile for asn1 built files.
-	
-2007-07-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* peer.c: update (c), indent.
-
-	* Makefile.am: New library version.
-
-2007-06-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ks_p11.c: Add sha2 types.
-
-	* ref/pkcs11.h: Sync with scute.
-
-	* ref/pkcs11.h: Add sha2 CKM's.
-
-	* print.c: Print authorityInfoAccess.
-
-	* cert.c: Rename proxyCertInfo oid.
-
-	* ca.c: Rename proxyCertInfo oid.
-
-	* print.c: Rename proxyCertInfo oid.
-	
-2007-06-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_ca.in: Adapt to new request handling.
-
-	* req.c: Allow export some of the request parameters.
-
-	* hxtool-commands.in: Adapt to new request handling.
-
-	* hxtool.c: Adapt to new request handling.
-
-	* test_req.in: Adapt to new request handling.
-
-	* version-script.map: Add initialize_hx_error_table_r.
-
-	* req.c: Move _hx509_request_print here.
-
-	* hxtool.c: use _hx509_request_print
-
-	* version-script.map: Export more crap^W semiprivate functions.
-
-	* hxtool.c: don't _hx509_abort
-
-	* version-script.map: add missing ;
-
-2007-06-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cms.c: Use hx509_crypto_random_iv.
-
-	* crypto.c: Split out the iv creation from hx509_crypto_encrypt
-	since _hx509_pbe_encrypt needs to use the iv from the s2k
-	function.
-
-	* test_cert.in: Test PEM and DER FILE writing functionallity.
-
-	* ks_file.c: Add writing DER certificates.
-
-	* hxtool.c: Update to new hx509_pem_write().
-
-	* test_cms.in: test creation of PEM signeddata.
-
-	* hx509.h: PEM struct/function declarations.
-
-	* ks_file.c: Use PEM encoding/decoding functions.
-
-	* file.c: PEM encode/decoding functions.
-
-	* ks_file.c: Use hx509_pem_write.
-
-	* version-script.map: Export some semi-private functions.
-
-	* hxtool.c: Enable writing out signed data as a pem attachment.
-
-	* hxtool-commands.in (cms-create-signed): add --pem
-
-	* file.c (hx509_pem_write): Add.
-
-	* test_ca.in: Issue and test null subject cert.
-
-	* cert.c: Match is first component is in a CN=.
-
-	* test_ca.in: Test hostname if first CN.
-
-	* Makefile.am: Add version script.
-
-	* version-script.map: Limited exported symbols.
-
-	* test_ca.in: test --hostname.
-
-	* test_chain.in: test max-depth
-
-	* hx509.h: fixate HX509_HN_HOSTNAME at 0.
-
-	* hxtool-commands.in: add --hostname add --max-depth
-
-	* cert.c: Verify hostname and max-depth.
-
-	* hxtool.c: Verify hostname and test max-depth.
-
-2007-06-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_cms.in: Test --id-by-name.
-
-	* hxtool-commands.in: add cms-create-sd --id-by-name
-
-	* hxtool.c: Use HX509_CMS_SIGATURE_ID_NAME.
-
-	* cms.c: Implement and use HX509_CMS_SIGATURE_ID_NAME.
-
-	* hx509.h: Add HX509_CMS_SIGATURE_ID_NAME, use subject name for
-	CMS.Identifier.  hx509_hostname_type: add hostname type for
-	matching.
-
-	* cert.c (match_general_name): more strict rfc822Name matching.
-	(hx509_verify_hostname): add hostname type for matching.
-
-2007-06-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* hxtool.c: Make compile again.
-
-	* hxtool.c: Added peap-server for to make windows peap clients
-	happy.
-
-	* hxtool.c: Unify parse_oid code.
-
-	* hxtool.c: Implement --content-type.
-
-	* hxtool-commands.in: Add content-type.
-
-	* test_cert.in: more cert and keyset tests.
-
-2007-06-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* revoke.c: Avoid stomping on NULL.
-
-	* revoke.c: Avoid reusing i.
-
-	* cert.c: Provide __attribute__ for _hx509_abort.
-
-	* ks_file.c: Fail if not finding iv.
-
-	* keyset.c: Avoid useing freed memory.
-
-	* crypto.c: Free memory in failure case.
-
-	* crypto.c: Free memory in failure case.
-
-2007-06-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* *.c: Add hx509_cert_init_data and use everywhere
-
-	* hx_locl.h: Now that KEYCHAIN:system-anchors is fast again, use
-	that.
-
-	* ks_keychain.c: Implement trust anchor support with
-	SecTrustCopyAnchorCertificates.
-
-	* keyset.c: Set ref to 1 for the new object.
-
-	* cert.c: Fix logic for allow_default_trust_anchors
-
-	* keyset.c: Add refcounting to keystores.
-
-	* cert.c: Change logic for default trust anchors, make it be
-	either default trust anchor, the user supplied, or non at all.
-
-2007-06-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Add data/j.pem.
-
-	* Makefile.am: Add test_windows.in.
-	
-2007-06-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ks_keychain.c: rename functions, leaks less memory and more
-	paranoia.
-
-	* test_cms.in: Test cms peer-alg.
-
-	* crypto.c (rsa_create_signature): make oid_id_pkcs1_rsaEncryption
-	mean rsa-with-sha1 but oid oid_id_pkcs1_rsaEncryption in algorithm
-	field.  XXX should probably use another algorithmIdentifier for
-	this.
-
-	* peer.c: Make free function return void.
-
-	* cms.c (hx509_cms_create_signed_1): Use hx509_peer_info to select
-	the signature algorithm too.
-
-	* hxtool-commands.in: Add cms-create-sd --peer-alg.
-
-	* req.c: Use _hx509_crypto_default_sig_alg.
-
-	* test_windows.in: Create crl, because everyone needs one.
-
-	* Makefile.am: add wcrl.crl
-	
-2007-06-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* hx_locl.h: Disable KEYCHAIN for now, its slow.
-
-	* cms.c: When we are not using pkcs7-data, avoid seing
-	signedAttributes since some clients get upset by that (pkcs7 based
-	or just plain broken).
-
-	* ks_keychain.c: Provide rsa signatures.
-
-	* ks_keychain.c: Limit the searches to the selected keychain.
-
-	* ks_keychain.c: include -framework Security specific header files
-	after #ifdef
-
-	* ks_keychain.c: Find and attach private key (does not provide
-	operations yet though).
-
-	* ks_p11.c: Prefix rsa method with p11_
-
-	* ks_keychain.c: Allow opening a specific chain, making "system"
-	special and be the system X509Anchors file. By not specifing any
-	keychain ("KEYCHAIN:"), all keychains are probed.
-	
-2007-06-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* hxtool.c (verify): Friendlier error message.
-
-	* cert.c: Read in and use default trust anchors if they exists.
-
-	* hx_locl.h: Add concept of default_trust_anchors.
-
-	* ks_keychain.c: Remove err(), remove extra empty comment, fix
-	_iter function.
-
-	* error.c (hx509_get_error_string): if the error code is not the
-	one we expect, punt and use the default com_err/strerror string
-	instead.
-
-	* keyset.c (hx509_certs_merge): its ok to merge in the NULL set of
-	certs.
-
-	* test_windows.in: Fix status string.
-
-	* ks_p12.c (store_func): free whole CertBag, not just the data
-	part.
-	
-	* print.c: Check that the self-signed cert is really self-signed.
-
-	* print.c: Use selfsigned for CRL DP whine, tell if its a
-	self-signed.
-
-	* print.c: Whine if its a non CA/proxy and doesn't have CRL DP.
-
-	* ca.c: Add cRLSign to CA certs.
-
-	* cert.c: Register NULL and KEYCHAIN.
-
-	* ks_null.c: register the NULL keystore.
-
-	* Makefile.am: Add ks_keychain.c and related libs.
-
-	* test_crypto.in: Print certificate with utf8.
-
-	* print.c: Leak less memory.
-
-	* hxtool.c: Leak less memory.
-
-	* print.c: Leak less memory, use functions that does same but
-	more.
-
-	* name.c (quote_string): don't sign extend the (signed) char to
-	avoid printing too much, add an assert to check that we didn't
-	overrun the buffer.
-
-	* name.c: Use right element out of the CHOICE for printableString
-	and utf8String
-
-	* ks_keychain.c: Certificate only KeyChain backend.
-
-	* name.c: Reset name before parsing it.
-	
-2007-06-03  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* revoke.c (hx509_crl_*): fix sizeof() mistakes to fix memory
-	corruption.
-
-	* hxtool.c: Add lifetime to crls.
-
-	* hxtool-commands.in: Add lifetime to crls.
-
-	* revoke.c: Add lifetime to crls.
-
-	* test_ca.in: More crl checks.
-
-	* revoke.c: Add revoking certs.
-
-	* hxtool-commands.in: argument is certificates.. for crl-sign
-
-	* hxtool.c (certificate_copy): free lock
-
-	* revoke.c: Fix hx509_set_error_string calls, add
-	hx509_crl_add_revoked_certs(), implement hx509_crl_{alloc,free}.
-
-	* hxtool.c (crl_sign): free lock
-
-	* cert.c (hx509_context_free): free querystat
-	
-2007-06-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_chain.in: test ocsp-verify
-	
-	* revoke.c (hx509_ocsp_verify): explain what its useful for and
-	provide sane error message.
-
-	* hx509_err.et: New error code, CERT_NOT_IN_OCSP
-
-	* hxtool.c: New command ocsp-verify, check if ocsp contains all
-	certs and are valid (exist and non expired).
-
-	* hxtool-commands.in: New command ocsp-verify.
-	
-2007-06-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_ca.in: Create crl and verify that is works.
-
-	* hxtool.c: Sign CRL command.
-
-	* hx509.h: Add hx509_crl.
-
-	* hxtool-commands.in: Add crl-sign commands.
-
-	* revoke.c: Support to generate an empty CRL.
-
-	* tst-crypto-select2: Switched default types.
-
-	* tst-crypto-select1: Switched default types.
-
-	* ca.c: Use default AlgorithmIdentifier.
-
-	* cms.c: Use default AlgorithmIdentifier.
-
-	* crypto.c: Provide default AlgorithmIdentifier and use them.
-
-	* hx_locl.h: Provide default AlgorithmIdentifier.
-
-	* keyset.c (hx509_certs_find): collects stats for queries.
-
-	* cert.c: Sort and print more info.
-
-	* hx_locl.h: Add querystat to hx509_context.
-
-	* test_*.in: sprinle stat saveing
-
-	* Makefile.am: Add stat and objdir.
-
-	* collector.c (_hx509_collector_alloc): return error code instead
-	of pointer.
-
-	* hxtool.c: Add statistic hook.
-
-	* ks_file.c: Update _hx509_collector_alloc prototype.
-
-	* ks_p12.c: Update _hx509_collector_alloc prototype.
-
-	* ks_p11.c: Update _hx509_collector_alloc prototype.
-
-	* hxtool-commands.in: Add statistics hook.
-
-	* cert.c: Statistics printing.
-
-	* ks_p12.c: plug memory leak
-
-	* ca.c (hx509_ca_tbs_add_crl_dp_uri): plug memory leak
-	
-2007-05-31  Love H�rnquist �strand  <lha@it.su.se>
-
-	* print.c: print utf8 type SAN's
-
-	* Makefile.am: Fix windows client cert name.
-
-	* test_windows.in: Add crl-uri for the ee certs.
-
-	* print.c: Printf formating.
-
-	* ca.c: Add glue for adding CRL dps.
-
-	* test_ca.in: Readd the crl adding code, it works (somewhat) now.
-
-	* print.c: Fix printing of CRL DPnames (I hate IMPLICIT encoded
-	structures).
-
-	* hxtool-commands.in: make ca and alias of certificate-sign
-	
-2007-05-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* crypto.c (hx509_crypto_select): copy AI to the right place.
-
-	* hxtool-commands.in: Add ca --ms-upn.
-
-	* hxtool.c: add --ms-upn and add more EKU's for pk-init client.
-
-	* ca.c: Add hx509_ca_tbs_add_san_ms_upn and refactor code.
-
-	* test_crypto.in: Resurect killed e.
-
-	* test_crypto.in: check for aes256-cbc
-
-	* tst-crypto-select7: check for aes256-cbc
-
-	* test_windows.in: test windows stuff
-
-	* hxtool.c: add ca --domain-controller option, add secret key
-	option to avaible.
-
-	* ca.c: Add hx509_ca_tbs_set_domaincontroller.
-
-	* hxtool-commands.in: add ca --domain-controller
-
-	* hxtool.c: hook for testing secrety key algs
-
-	* crypto.c: Add selection code for secret key crypto.
-
-	* hx509.h: Add HX509_SELECT_SECRET_ENC.
-	
-2007-05-13  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ks_p11.c: add more mechtypes
-	
-2007-05-10  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* print.c: Indent.
-
-	* hxtool-commands.in: add test-crypto command
-
-	* hxtool.c: test crypto command
-
-	* cms.c (hx509_cms_create_signed_1): if no eContentType is given,
-	use pkcs7-data.
-
-	* print.c: add Netscape cert comment
-
-	* crypto.c: Try both the empty password and the NULL
-	password (nothing vs the octet string \x00\x00).
-
-	* print.c: Add some US Fed PKI oids.
-
-	* ks_p11.c: Add some more hashes.
-	
-2007-04-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* hxtool.c (crypto_select): stop memory leak
-	
-2007-04-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* peer.c (hx509_peer_info_free): free memory used too
-
-	* hxtool.c (crypto_select): only free peer if it was used.
-	
-2007-04-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* hxtool.c: free template
-
-	* ks_mem.c (mem_free): free key array too
-
-	* hxtool.c: free private key and tbs
-
-	* hxtool.c (hxtool_ca): free signer
-
-	* hxtool.c (crypto_available): free peer too.
-
-	* ca.c (get_AuthorityKeyIdentifier): leak less memory
-
-	* hxtool.c (hxtool_ca): free SPKI
-
-	* hxtool.c (hxtool_ca): free cert
-
-	* ks_mem.c (mem_getkeys): allocate one more the we have elements
-	so its possible to store the NULL pointer at the end.
-	
-2007-04-16  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: CLEANFILES += cert-null.pem cert-sub-ca2.pem
-	
-2007-02-05  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ca.c: Disable CRLDistributionPoints for now, its IMPLICIT code
-	in the asn1 parser.
-
-	* print.c: Add some more \n's.
-	
-2007-02-03  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* file.c: Allow mapping using heim_octet_string.
-
-	* hxtool.c: Add options to generate detached signatures.
-
-	* cms.c: Add flags to generate detached signatures.
-
-	* hx509.h: Flag to generate detached signatures.
-
-	* test_cms.in: Support detached sigatures.
-
-	* name.c (hx509_general_name_unparse): unparse the other
-	GeneralName nametypes.
-
-	* print.c: Use less printf. Use hx509_general_name_unparse.
-
-	* cert.c: Fix printing and plug leak-on-error.
-	
-2007-01-31  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* test_ca.in: Add test for ca --crl-uri.
-
-	* hxtool.c: Add ca --crl-uri.
-
-	* hxtool-commands.in: add ca --crl-uri
-
-	* ca.c: Code to set CRLDistributionPoints in certificates.
-
-	* print.c: Check CRLDistributionPointNames.
-
-	* name.c (hx509_general_name_unparse): function for unparsing
-	GeneralName, only supports GeneralName.URI
-
-	* cert.c (is_proxy_cert): free info if we wont return it.
-	
-2007-01-30  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* hxtool.c: Try to help how to use this command.
-	
-2007-01-21  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* switch to sha256 as default digest for signing
-
-2007-01-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_ca.in: Really test sub-ca code, add basic constraints tests
-	
-2007-01-17  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: Fix makefile problem.
-	
-2007-01-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* hxtool.c: Set num of bits before we generate the key.
-	
-2007-01-15  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* cms.c (hx509_cms_create_signed_1): use hx509_cert_binary
-
-	* ks_p12.c (store_func): use hx509_cert_binary
-
-	* ks_file.c (store_func): use hx509_cert_binary
-
-	* cert.c (hx509_cert_binary): return binary encoded
-	certificate (DER format)
-	
-2007-01-14  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ca.c (hx509_ca_tbs_subject_expand): new function.
-
-	* name.c (hx509_name_expand): if env is NULL, return directly
-
-	* test_ca.in: test template handling
-
-	* hx509.h: Add template flags.
-
-	* Makefile.am: clean out new files
-
-	* hxtool.c: Add certificate template processing, fix hx509_err
-	usage.
-
-	* hxtool-commands.in: Add certificate template processing.
-
-	* ca.c: Add certificate template processing. Fix return messages
-	from hx509_ca_tbs_add_eku.
-
-	* cert.c: Export more stuff from certificate.
-	
-2007-01-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ca.c: update (c)
-
-	* ca.c: (hx509_ca_tbs_add_eku): filter out dups.
-	
-	* hxtool.c: Add type email and add email eku when using option
-	--email.
-
-	* Makefile.am: add env.c
-
-	* name.c: Remove abort, add error handling.
-
-	* test_name.c: test name expansion
-
-	* name.c: add hx509_name_expand
-
-	* env.c: key-value pair help functions
-	
-2007-01-12  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ca.c: Don't issue certs with subject DN that is NULL and have no
-	SANs
-
-	* print.c: Fix previous test.
-
-	* print.c: Check there is a SAN if subject DN is NULL.
-
-	* test_ca.in: test email, null subject dn
-
-	* hxtool.c: Allow setting parameters to private key generation.
-
-	* hx_locl.h: Allow setting parameters to private key generation.
-
-	* crypto.c: Allow setting parameters to private key generation.
-
-	* hxtool.c (eval_types): add jid if user gave one
-
-	* hxtool-commands.in (certificate-sign): add --jid
-
-	* ca.c (hx509_ca_tbs_add_san_jid): Allow adding
-	id-pkix-on-xmppAddr OtherName.
-
-	* print.c: Print id-pkix-on-xmppAddr OtherName.
-	
-2007-01-11  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* no random, no RSA/DH tests
-
-	* hxtool.c (info): print status of random generator
-
-	* Makefile.am: remove files created by tests
-
-	* error.c: constify
-
-	* name.c: constify
-
-	* revoke.c: constify
-
-	* hx_locl.h: constify
-
-	* keyset.c: constify
-
-	* ks_p11.c: constify
-
-	* hx_locl.h: make printinfo char * argument const.
-
-	* cms.c: move _hx509_set_digest_alg from cms.c to crypto.c since
-	its only used there.
-
-	* crypto.c: remove no longer used stuff, move set_digest_alg here
-	from cms.c since its only used here.
-
-	* Makefile.am: add data/test-nopw.p12 to EXTRA_DIST
-	
-2007-01-10  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* print.c: BasicConstraints vs criticality bit is complicated and
-	not really possible to evaluate on its own, silly RFC3280.
-
-	* ca.c: Make basicConstraints critical if this is a CA.
-
-	* print.c: fix the version vs extension test
-
-	* print.c: More validation checks.
-
-	* name.c (hx509_name_cmp): add
-	
-2007-01-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ks_p11.c (collect_private_key): Missing CKA_MODULUS is ok
-	too (XXX why should these be fetched given they are not used).
-
-	* test_ca.in: rename all files to PEM files, since that is what
-	they are.
-
-	* hxtool.c: copy out the key with the self signed CA cert
-
-	* Factor out private key operation out of the signing, operations,
-	support import, export, and generation of private keys. Add
-	support for writing PEM and PKCS12 files with private keys in them.
- 
-	* data/gen-req.sh: Generate a no password pkcs12 file.
-	
-2007-01-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cms.c: Check for internal ASN1 encoder error.
-	
-2007-01-05  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: Drop most of the pkcs11 files.
-
-	* test_ca.in: test reissueing ca certificate (xxx time
-	validAfter).
-
-	* hxtool.c: Allow setting serialNumber (needed for reissuing
-	certificates) Change --key argument to --out-key.
-
-	* hxtool-commands.in (issue-certificate): Allow setting
-	serialNumber (needed for reissuing certificates), Change --key
-	argument to --out-key.
-
-	* ref: Replace with Marcus Brinkmann of g10 Code GmbH pkcs11
-	headerfile that is compatible with GPL (file taken from scute)
-
-2007-01-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_ca.in: Test to generate key and use them.
-
-	* hxtool.c: handle other keys the pkcs10 requested keys
-
-	* hxtool-commands.in: add generate key commands
-
-	* req.c (_hx509_request_to_pkcs10): PKCS10 needs to have a subject
-
-	* hxtool-commands.in: Spelling.
-
-	* ca.c (hx509_ca_tbs_set_proxy): allow negative pathLenConstraint
-	to signal no limit
-
-	* ks_file.c: Try all formats on the binary file before giving up,
-	this way we can handle binary rsa keys too.
-
-	* data/key2.der: new test key
-
-2007-01-04  David Love  <fx@gnu.org>
-
-	* Makefile.am (hxtool_LDADD): Add libasn1.la
-
-	* hxtool.c (pcert_verify): Fix format string.
-
-2006-12-31  Love H�rnquist �strand  <lha@it.su.se>
-
-	* hxtool.c: Allow setting path length
-
-	* cert.c: Fix test for proxy certs chain length, it was too
-	restrictive.
-	
-	* data: regen
-	
-	* data/openssl.cnf: (proxy_cert) make length 0
-
-	* test_ca.in: Issue a long living cert.
-
-	* hxtool.c: add --lifetime to ca command.
-
-	* hxtool-commands.in: add --lifetime to ca command.
-
-	* ca.c: allow setting notBefore and notAfter.
-
-	* test_ca.in: Test generation of proxy certificates.
-
-	* ca.c: Allow generation of proxy certificates, always include
-	BasicConstraints, fix error codes.
-
-	* hxtool.c: Allow generation of proxy certificates.
-
-	* test_name.c: make hx509_parse_name take a hx509_context.
-
-	* name.c: Split building RDN to a separate function.
-	
-2006-12-30  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: clean test_ca files.
-
-	* test_ca.in: test issuing self-signed and CA certificates.
-
-	* hxtool.c: Add bits to allow issuing self-signed and CA
-	certificates.
-
-	* hxtool-commands.in: Add bits to allow issuing self-signed and CA
-	certificates.
-
-	* ca.c: Add bits to allow issuing CA certificates.
-
-	* revoke.c: use new OCSPSigning.
-
-	* ca.c: Add Subject Key Identifier.
-
-	* ca.c: Add Authority Key Identifier.
-	
-	* cert.c: Locally export _hx509_find_extension_subject_key_id.
-	Handle AuthorityKeyIdentifier where only authorityCertSerialNumber
-	and authorityCertSerialNumber is set.
-
-	* hxtool-commands.in: Add dnsname and rfc822 SANs.
-
-	* test_ca.in: Test dnsname and rfc822 SANs.
-
-	* ca.c: Add dnsname and rfc822 SANs.
-
-	* hxtool.c: Add dnsname and rfc822 SANs.
-
-	* test_ca.in: test adding eku, ku and san to the
-	certificate (https and pk-init)
-
-	* hxtool.c: Add eku, ku and san to the certificate.
-
-	* ca.c: Add eku, ku and san to the certificate.
-
-	* hxtool-commands.in: Add --type and --pk-init-principal
-
-	* ocsp.asn1: remove id-kp-OCSPSigning, its in rfc2459.asn1 now
-	
-2006-12-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ca.c: Add KeyUsage extension.
-
-	* Makefile.am: add ca.c, add sign-certificate tests.
-
-	* crypto.c: Add _hx509_create_signature_bitstring.
-
-	* hxtool-commands.in: Add the sign-certificate tool.
-
-	* hxtool.c: Add the sign-certificate tool.
-
-	* cert.c: Add HX509_QUERY_OPTION_KU_KEYCERTSIGN.
-
-	* hx509.h: Add hx509_ca_tbs and HX509_QUERY_OPTION_KU_KEYCERTSIGN.
-
-	* test_ca.in: Basic test of generating a pkcs10 request, signing
-	it and verifying the chain.
-
-	* ca.c: Naive certificate signer.
-	
-2006-12-28  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* hxtool.c: add hxtool_hex
-	
-2006-12-22  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: use top_builddir for libasn1.la
-	
-2006-12-11  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* hxtool.c (print_certificate): print serial number.
-
-	* name.c (no): add S=stateOrProvinceName
-	
-2006-12-09  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* crypto.c (_hx509_private_key_assign_rsa): set a default sig alg
-
-	* ks_file.c (try_decrypt): pass down AlgorithmIdentifier that key
-	uses to do sigatures so there is no need to hardcode RSA into this
-	function.
-	
-2006-12-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ks_file.c: Pass filename to the parse functions and use it in
-	the error messages
-
-	* test_chain.in: test proxy cert (third level)
-	
-	* hx509_err.et: fix errorstring for PROXY_CERT_NAME_WRONG
-
-	* data: regen
-
-	* Makefile.am: EXTRA_DIST: add
-	data/proxy10-child-child-test.{key,crt}
-
-	* data/gen-req.sh: Fix names and restrictions on the proxy
-	certificates
-
-	* cert.c: Clairfy and make proxy cert handling work for multiple
-	levels, before it was too restrictive. More helpful error message.
-	
-2006-12-07  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* cert.c (check_key_usage): tell what keyusages are missing
-
-	* print.c: Split OtherName printing code to a oid lookup and print
-	function.
-
-	* print.c (Time2string): print hour as hour not min
-
-	* Makefile.am: CLEANFILES += test
-	
-2006-12-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am (EXTRA_DIST): add data/pkinit-proxy* files
-
-	* Makefile.am (EXTRA_DIST): add tst-crypto* files
-
-	* cert.c (hx509_query_match_issuer_serial): make a copy of the
-	data
-
-	* cert.c (hx509_query_match_issuer_serial): allow matching on
-	issuer and serial num
-
-	* cert.c (_hx509_calculate_path): add flag to allow leaving out
-	trust anchor
-
-	* cms.c (hx509_cms_create_signed_1): when building the path, omit
-	the trust anchors.
-
-	* crypto.c (rsa_create_signature): Abort when signature is longer,
-	not shorter.
-
-	* cms.c: Provide time to _hx509_calculate_path so we don't send no
-	longer valid certs to our peer.
-
-	* cert.c (find_parent): when checking for certs and its not a
-	trust anchor, require time be in range.
-	(_hx509_query_match_cert): Add time validity-testing to query mask
-
-	* hx_locl.h: add time validity-testing to query mask
-
-	* test_cms.in: Tests for CMS SignedData with incomplete chain from
-	the signer.
-	
-2006-11-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cms.c (hx509_cms_verify_signed): specify what signature we
-	failed to verify
-	
-	* Makefile.am: Depend on LIB_com_err for AIX.
-
-	* keyset.c: Remove anther strndup that causes AIX to fall over.
-
-	* cert.c: Don't check the trust anchors expiration time since they
-	are transported out of band, from RFC3820.
-
-	* cms.c: sprinkle more error strings
-
-	* crypto.c: sprinkle more error strings
-
-	* hxtool.c: use unsigned int as counter to fit better with the
-	asn1 compiler
-
-	* crypto.c: use unsigned int as counter to fit better with the
-	asn1 compiler
-	
-2006-11-27  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* cms.c: Remove trailing white space.
-
-	* crypto.c: rewrite comment to make more sense
-
-	* crypto.c (hx509_crypto_select): check sig_algs[j]->key_oid
-
-	* hxtool-commands.in (crypto-available): add --type
-
-	* crypto.c (hx509_crypto_available): let alg pass if its keyless
-
-	* hxtool-commands.in: Expand crypto-select
-
-	* cms.c: Rename hx509_select to hx509_crypto_select.
-
-	* hxtool-commands.in: Add crypto-select and crypto-available.
-
-	* hxtool.c: Add crypto-select and crypto-available.
-
-	* crypto.c (hx509_crypto_available): use right index.
-	(hx509_crypto_free_algs): new function
-
-	* crypto.c (hx509_crypto_select): improve
-	(hx509_crypto_available): new function
-	
-2006-11-26  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* cert.c: Sprinkle more error string and hx509_contexts.
-
-	* cms.c: Sprinkle more error strings.
-
-	* crypto.c: Sprinkle error string and hx509_contexts.
-
-	* crypto.c: Add some more comments about how this works.
-
-	* crypto.c (hx509_select): new function.
-	
-	* Makefile.am: add peer.c
-
-	* hxtool.c: Update hx509_cms_create_signed_1.
-
-	* hx_locl.h: add struct hx509_peer_info
-
-	* peer.c: Allow selection of digest/sig-alg
-
-	* cms.c: Allow selection of a better digest using hx509_peer_info.
-
-	* revoke.c: Handle that _hx509_verify_signature takes a context.
-	
-	* cert.c: Handle that _hx509_verify_signature takes a context.
-	
-2006-11-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cms.c: Sprinkle error strings.
-
-	* crypto.c: Sprinkle context and error strings.
-	
-2006-11-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* name.c: Handle printing and parsing raw oids in name.
-
-2006-11-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cert.c (_hx509_calculate_path): allow to calculate optimistic
-	path when we don't know the trust anchors, just follow the chain
-	upward until we no longer find a parent or we hit the max limit.
-
-	* cms.c (hx509_cms_create_signed_1): provide a best effort path to
-	the trust anchors to be stored in the SignedData packet, if find
-	parents until trust anchor or max length.
-
-	* data: regen
-
-	* data/gen-req.sh: Build pk-init proxy cert.
-	
-2006-11-16  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* error.c (hx509_get_error_string): Put ", " between strings in
-	error message.
-	
-2006-11-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* data/openssl.cnf: Change realm to TEST.H5L.SE
-	
-2006-11-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* revoke.c: Sprinkle error strings.
-	
-2006-11-04  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* hx_locl.h: add context variable to cmp function.
-
-	* cert.c (hx509_query_match_cmp_func): allow setting the match
-	function.
-	
-2006-10-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ks_p11.c: Return less EINVAL.
-
-	* hx509_err.et: add more pkcs11 errors
-
-	* hx509_err.et: more error-codes
-
-	* revoke.c: Return less EINVAL.
-
-	* ks_dir.c: sprinkel more hx509_set_error_string
-
-	* ks_file.c: Return less EINVAL.
-
-	* hxtool.c: Pass in context to _hx509_parse_private_key.
-
-	* ks_file.c: Sprinkle more hx509_context so we can return propper
-	errors.
-
-	* hx509_err.et: add HX509_PARSING_KEY_FAILED
-
-	* crypto.c: Sprinkle more hx509_context so we can return propper
-	errors.
-
-	* collector.c: No more EINVAL.
-
-	* hx509_err.et: add HX509_LOCAL_ATTRIBUTE_MISSING
-
-	* cert.c (hx509_cert_get_base_subject): one less EINVAL
-	(_hx509_cert_private_decrypt): one less EINVAL
-	
-2006-10-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* collector.c: indent
-
-	* hxtool.c: Try to not leak memory.
-
-	* req.c: clean memory before free
-
-	* crypto.c (_hx509_private_key2SPKI): indent
-
-	* req.c: Try to not leak memory.
-	
-2006-10-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_crypto.in: Read 50 kilobyte random data
-	
-	* revoke.c: Try to not leak memory.
-
-	* hxtool.c: Try to not leak memory.
-
-	* crypto.c (hx509_crypto_destroy): free oid.
-
-	* error.c: Clean error string on failure just to make sure.
-
-	* cms.c: Try to not leak memory (again).
-
-	* hxtool.c: use a sensable content type
-
-	* cms.c: Try harder to free certificate.
-	
-2006-10-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Add make check data.
-	
-2006-10-19  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ks_p11.c (p11_list_keys): make element of search_data[0]
-	constants and set them later
-
-	* Makefile.am: Add more files.
-	
-2006-10-17  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ks_file.c: set ret, remember to free ivdata
-	
-2006-10-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* hx_locl.h: Include <parse_bytes.h>.
-
-	* test_crypto.in: Test random-data.
-
-	* hxtool.c: RAND_bytes() return 1 for cryptographic strong data,
-	check for that.
-
-	* Makefile.am: clean random-data
-
-	* hxtool.c: Add random-data command, use sl_slc_help.
-
-	* hxtool-commands.in: Add random-data.
-
-	* ks_p12.c: Remember to release certs.
-
-	* ks_p11.c: Remember to release certs.
-	
-2006-10-14  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* prefix der primitives with der_
-
-	* lock.c: Match the prompt type PROMPT exact.
-
-	* hx_locl.h: Drop heim_any.h
-	
-2006-10-11  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ks_p11.c (p11_release_module): j needs to be used as inter loop
-	index. From Douglas Engert.
-
-	* ks_file.c (parse_rsa_private_key): try all passwords and
-	prompter.
-	
-2006-10-10  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* test_*.in: Parameterise the invocation of hxtool, so we can make
-	it run under TESTS_ENVIRONMENT. From Andrew Bartlett
-
-2006-10-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_crypto.in: Put all test stuck at 2006-09-25 since all their
-	chains where valied then.
-
-	* hxtool.c: Implement --time= option.
-
-	* hxtool-commands.in: Add option time.
-
-	* Makefile.am: test_name is a PROGRAM_TESTS
-
-	* ks_p11.c: Return HX509_PKCS11_NO_SLOT when there are no slots
-	and HX509_PKCS11_NO_TOKEN when there are no token. For use in PAM
-	modules that want to detect when to use smartcard login and when
-	not to. Patched based on code from Douglas Engert.
-
-	* hx509_err.et: Add new pkcs11 related errors in a new section:
-	keystore related error.  Patched based on code from Douglas
-	Engert.
-	
-2006-10-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Make depenency for slc built files just like
-	everywhere else.
-
-	* cert.c: Add all openssl algs and init asn1 et
-	
-2006-10-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ks_file.c (parse_rsa_private_key): free type earlier.
-
-	* ks_file.c (parse_rsa_private_key): free type after use
-
-	* name.c (_hx509_Name_to_string): remove dup const
-	
-2006-10-02  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: Add more libs to libhx509
-	
-2006-10-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ks_p11.c: Fix double free's, NULL ptr de-reference, and conform
-	better to pkcs11.  From Douglas Engert.
-
-	* ref: remove ^M, it breaks solaris 10s cc. From Harald Barth
-
-2006-09-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_crypto.in: Bleichenbacher bad cert from Ralf-Philipp
-	Weinmann and Andrew Pyshkin, pad right.
-
-	* data: starfield test root cert and Ralf-Philipp and Andreis
-	correctly padded bad cert
-
-2006-09-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_crypto.in: Add test for yutaka certs.
-
-	* cert.c: Add a strict rfc3280 verification flag. rfc3280 requires
-	certificates to have KeyUsage.keyCertSign if they are to be used
-	for signing of certificates, but the step in the verifiation is
-	optional.
-
-	* hxtool.c: Improve printing and error reporting.
-	
-2006-09-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_crypto.in,Makefile.am,data/bleichenbacher-{bad,good}.pem:
-	test bleichenbacher from eay
-
-2006-09-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* hxtool.c: Make common function for all getarg_strings and
-	hx509_certs_append commonly used.
-
-	* cms.c: HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT is a negative
-	flag, treat it was such.
-	
-2006-09-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* req.c: Use the new add_GeneralNames function.
-
-	* hx509.h: Add HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT.
-
-	* ks_p12.c: Adapt to new signature of hx509_cms_unenvelope.
-
-	* hxtool.c: Adapt to new signature of hx509_cms_unenvelope.
-
-	* cms.c: Allow passing in encryptedContent and flag.  Add new flag
-	HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT.
-	
-2006-09-08  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ks_p11.c: cast void * to char * when using it for %s formating
-	in printf.
-
-	* name.c: New function _hx509_Name_to_string.
-	
-2006-09-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ks_file.c: Sprinkle error messages.
-
-	* cms.c: Sprinkle even more error messages.
-	
-	* cms.c: Sprinkle some error messages.
-
-	* cms.c (find_CMSIdentifier): only free string when we allocated
-	one.
-
-	* ks_p11.c: Don't build most of the pkcs11 module if there are no
-	dlopen().
-	
-2006-09-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cms.c (hx509_cms_unenvelope): try to save the error string from
-	find_CMSIdentifier so we have one more bit of information what
-	went wrong.
-
-	* hxtool.c: More pretty printing, make verify_signed return the
-	error string from the library.
-
-	* cms.c: Try returning what certificates failed to parse or be
-	found.
-
-	* ks_p11.c (p11_list_keys): fetch CKA_LABEL and use it to set the
-	friendlyname for the certificate.
-	
-2006-09-05  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* crypto.c: check that there are no extra bytes in the checksum
-	and that the parameters are NULL or the NULL-type. All to avoid
-	having excess data that can be used to fake the signature.
-
-	* hxtool.c: print keyusage
-
-	* print.c: add hx509_cert_keyusage_print, simplify oid printing
-
-	* cert.c: add _hx509_cert_get_keyusage
-
-	* ks_p11.c: keep one session around for the whole life of the keyset
-
-	* test_query.in: tests more selection
-
-	* hxtool.c: improve pretty printing in print and query
-
-	* hxtool{.c,-commands.in}: add selection on KU and printing to query
-
-	* test_cms.in: Add cms test for digitalSignature and
-	keyEncipherment certs.
-
-	* name.c (no): Add serialNumber
-
-	* ks_p11.c (p11_get_session): return better error messages
-	
-2006-09-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ref: update to pkcs11 reference files 2.20
-
-	* ks_p11.c: add more mechflags
-
-	* name.c (no): add OU and sort
-
-	* revoke.c: pass context to _hx509_create_signature
-
-	* ks_p11.c (p11_printinfo): print proper plural s
-
-	* ks_p11.c: save the mechs supported when initing the token, print
-	them in printinfo.
-
-	* hx_locl.h: Include <parse_units.h>.
-
-	* cms.c: pass context to _hx509_create_signature
-
-	* req.c: pass context to _hx509_create_signature
-
-	* keyset.c (hx509_certs_info): print information about the keyset.
-
-	* hxtool.c (pcert_print) print keystore info when --info flag is
-	given.
-
-	* hxtool-commands.in: Add hxtool print --info.
-
-	* test_query.in: Test hxtool print --info.
-
-	* hx_locl.h (hx509_keyset_ops): add printinfo
-
-	* crypto.c: Start to hang the private key operations of the
-	private key, pass hx509_context to create_checksum.
-	
-2006-05-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ks_p11.c: Iterate over all slots, not just the first/selected
-	one.
-	
-2006-05-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cert.c: Add release function for certifiates so backend knowns
-	when its no longer used.
-
-	* ks_p11.c: Add reference counting on certifiates, push out
-	CK_SESSION_HANDLE from slot.
-
-	* cms.c: sprinkle more hx509_clear_error_string
-
-2006-05-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ks_p11.c: Sprinkle some hx509_set_error_strings
-	
-2006-05-13  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* hxtool.c: Avoid shadowing.
-
-	* revoke.c: Avoid shadowing.
-
-	* ks_file.c: Avoid shadowing.
-
-	* cert.c: Avoid shadowing.
-	
-2006-05-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lock.c (hx509_prompt_hidden): reshuffle to avoid gcc warning
-	
-	* hx509.h: Reshuffle the prompter types, remove the hidden field.
-
-	* lock.c (hx509_prompt_hidden): return if the prompt should be
-	hidden or not
-
-	* revoke.c (hx509_revoke_free): allow free of NULL.
-	
-2006-05-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ks_file.c (file_init): Avoid shadowing ret (and thus avoiding
-	crashing).
-
-	* ks_dir.c: Implement DIR: caches useing FILE: caches.
-
-	* ks_p11.c: Catch more errors.
-	
-2006-05-08  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* crypto.c (hx509_crypto_encrypt): free correctly in error
-	path. From Andrew Bartlett.
-
-	* crypto.c: If RAND_bytes fails, then we will attempt to
-	double-free crypt->key.data.  From Andrew Bartlett.
-	
-2006-05-05  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* name.c: Rename u_intXX_t to uintXX_t
-	
-2006-05-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* TODO: More to do about the about the PKCS11 code.
-
-	* ks_p11.c: Use the prompter from the lock function.
-
-	* lock.c: Deal with that hx509_prompt.reply is no longer a
-	pointer.
-
-	* hx509.h: Make hx509_prompt.reply not a pointer.
-	
-2006-05-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* keyset.c: Sprinkle setting error strings.
-
-	* crypto.c: Sprinkle setting error strings.
-
-	* collector.c: Sprinkle setting error strings.
-
-	* cms.c: Sprinkle setting error strings.
-	
-2006-05-01  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* test_name.c: renamed one error code
-
-	* name.c: renamed one error code
-
-	* ks_p11.c: _hx509_set_cert_attribute changed signature
-
-	* hxtool.c (pcert_print): use hx509_err so I can test it
-
-	* error.c (hx509_set_error_stringv): clear errors on malloc
-	failure
-
-	* hx509_err.et: Add some more errors
-
-	* cert.c: Sprinkle setting error strings.
-
-	* cms.c: _hx509_path_append changed signature.
-
-	* revoke.c: changed signature of _hx509_check_key_usage
-
-	* keyset.c: changed signature of _hx509_query_match_cert
-
-	* hx509.h: Add support for error strings.
-
-	* cms.c: changed signature of _hx509_check_key_usage
-
-	* Makefile.am: ibhx509_la_files += error.c
-
-	* ks_file.c: Sprinkel setting error strings.
-
-	* cert.c: Sprinkel setting error strings.
-
-	* hx_locl.h: Add support for error strings.
-
-	* error.c: Add string error handling functions.
-
-	* keyset.c (hx509_certs_init): pass the right error code back
-	
-2006-04-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* revoke.c: Revert previous patch.
-	(hx509_ocsp_verify): new function that returns the expiration of
-	certificate in ocsp data-blob
-
-	* cert.c: Reverse previous patch, lets do it another way.
-
-	* cert.c (hx509_revoke_verify): update usage
-
-	* revoke.c: Make compile.
-
-	* revoke.c: Add the expiration time the crl/ocsp info expire
-
-	* name.c: Add hx509_name_is_null_p
-
-	* cert.c: remove _hx509_cert_private_sigature
-	
-2006-04-29  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* name.c: Expose more of Name.
-
-	* hxtool.c (main): add missing argument to printf
-
-	* data/openssl.cnf: Add EKU for the KDC certificate
-
-	* cert.c (hx509_cert_get_base_subject): reject un-canon proxy
-	certs, not the reverse
-	(add_to_list): constify and fix argument order to
-	copy_octet_string
-	(hx509_cert_find_subjectAltName_otherName): make work
-	
-2006-04-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* data/{pkinit,kdc}.{crt,key}: pkinit certificates
-
-	* data/gen-req.sh: Generate pkinit certificates.
-
-	* data/openssl.cnf: Add pkinit glue.
-
-	* cert.c (hx509_verify_hostname): implement stub function
-	
-2006-04-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* TODO: CRL delta support
-
-2006-04-26 Love H�rnquist �strand <lha@it.su.se>
-	
-	* data/.cvsignore: ignore leftover from OpenSSL cert generation
-
-	* hx509_err.et: Add name malformated error
-
-	* name.c (hx509_parse_name): don't abort on error, rather return
-	error
-
-	* test_name.c: Test failure parsing name.
-
-	* cert.c: When verifying certificates, store subject basename for
-	later consumption.
-
-	* test_name.c: test to parse and print name and check that they
-	are the same.
-
-	* name.c (hx509_parse_name): fix length argument to printf string
-
-	* name.c (hx509_parse_name): fix length argument to stringtooid, 1
-	too short.
-
-	* cert.c: remove debug printf's
-
-	* name.c (hx509_parse_name): make compile pre c99
-
-	* data/gen-req.sh: OpenSSL have a serious issue of user confusion
-	-subj in -ca takes the arguments in LDAP order. -subj for x509
-	takes it in x509 order.
-
-	* cert.c (hx509_verify_path): handle the case where the where two
-	proxy certs in a chain.
-
-	* test_chain.in: enable two proxy certificates in a chain test
-
-	* test_chain.in: tests proxy certificates
-
-	* data: re-gen
-
-	* data/gen-req.sh: build proxy certificates
-	
-	* data/openssl.cnf: add def for proxy10_cert
-
-	* hx509_err.et: Add another proxy certificate error.
-
-	* cert.c (hx509_verify_path): Need to mangle name to remove the CN
-	of the subject, copying issuer only works for one level but is
-	better then doing no checking at all.
-
-	* hxtool.c: Add verify --allow-proxy-certificate.
-
-	* hxtool-commands.in: add verify --allow-proxy-certificate
-
-	* hx509_err.et: Add proxy certificate errors.
-
-	* cert.c: Fix comment about subject name of proxy certificate.
-
-	* test_chain.in: tests for proxy certs
-
-	* data/gen-req.sh: gen proxy and non-proxy tests certificates
-
-	* data/openssl.cnf: Add definition for proxy certs
-
-	* data/*proxy-test.*: Add proxy certificates
-
-	* cert.c (hx509_verify_path): verify proxy certificate have no san
-	or ian
-
-	* cert.c (hx509_verify_set_proxy_certificate): Add
-	(*): rename policy cert to proxy cert
-
-	* cert.c: Initial support for proxy certificates.
-	
-2006-04-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* hxtool.c: some error checking
-
-	* name.c: Switch over to asn1 generaed oids.
-
-	* TODO: merge with old todo file
-	
-2006-04-23 Love H�rnquist �strand <lha@it.su.se>
-
-	* test_query.in: make quiet
-
-	* test_req.in: SKIP test if there is no RSA support.
-
-	* hxtool.c: print dh method too
-
-	* test_chain.in: SKIP test if there is no RSA support.
-	
-	* test_cms.in: SKIP test if there is no RSA support.
-
-	* test_nist.in: SKIP test if there is no RSA support.
-	
-2006-04-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* hxtool-commands.in: Allow passing in pool and anchor to
-	signedData
-
-	* hxtool.c: Allow passing in pool and anchor to signedData
-
-	* test_cms.in: Test that certs in signed data is picked up.
-
-	* hx_locl.h: Expose the path building function to internal
-	functions.
-
-	* cert.c: Expose the path building function to internal functions.
-
-	* hxtool-commands.in: cms-envelope: Add support for choosing the
-	encryption type
-
-	* hxtool.c (cms_create_enveloped): Add support for choosing the
-	encryption type
-
-	* test_cms.in: Test generating des-ede3 aes-128 aes-256 enveloped
-	data
-
-	* crypto.c: Add names to cipher types.
-
-	* cert.c (hx509_query_match_friendly_name): fix return value
-
-	* data/gen-req.sh: generate tests for enveloped data using
-	des-ede3 and aes256
-
-	* test_cms.in: add tests for enveloped data using des-ede3 and
-	aes256
-
-	* cert.c (hx509_query_match_friendly_name): New function.
-	
-2006-04-21  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ks_p11.c: Add support for parsing slot-number.
-
-	* crypto.c (oid_private_rc2_40): simply
-
-	* crypto.c: Use oids from asn1 generator.
-
-	* ks_file.c (file_init): reset length when done with a part
-
-	* test_cms.in: check with test.combined.crt.
-
-	* data/gen-req.sh: Create test.combined.crt.
-
-	* test_cms.in: Test signed data using keyfile that is encrypted.
-
-	* ks_file.c: Remove (commented out) debug printf
-
-	* ks_file.c (parse_rsa_private_key): use EVP_get_cipherbyname
-
-	* ks_file.c (parse_rsa_private_key): make working for one
-	password.
-
-	* ks_file.c (parse_rsa_private_key): Implement enought for
-	testing.
-
-	* hx_locl.h: Add <ctype.h>
-
-	* ks_file.c: Add glue code for PEM encrypted password files.
-
-	* test_cms.in: Add commeted out password protected PEM file,
-	remove password for those tests that doesn't need it.
-
-	* test_cms.in: adapt test now that we can use any certificate and
-	trust anchor
-
-	* collector.c: handle PEM RSA PRIVATE KEY files
-
-	* cert.c: Remove unused function.
-
-	* ks_dir.c: move code here from ks_file.c now that its no longer
-	used.
-
-	* ks_file.c: Add support for parsing unencrypted RSA PRIVATE KEY
-
-	* crypto.c: Handle rsa private keys better.
-	
-2006-04-20  Love H�rnquist �strand <lha@it.su.se>
-
-	* hxtool.c: Use hx509_cms_{,un}wrap_ContentInfo
-
-	* cms.c: Make hx509_cms_{,un}wrap_ContentInfo usable in asn1
-	un-aware code.
-
-	* cert.c (hx509_verify_path): if trust anchor is not self signed,
-	don't check sig From Douglas Engert.
-
-	* test_chain.in: test "sub-cert -> sub-ca"
-	
-	* crypto.c: Use the right length for the sha256 checksums.
-	
-2006-04-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* crypto.c: Fix breakage from sha256 code.
-
-	* crypto.c: Add SHA256 support, and symbols for the other new
-	SHA-2 types.
-	
-2006-04-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_cms.in: test rc2-40 rc2-64 rc2-128 enveloped data
-	
-	* data/test-enveloped-rc2-{40,64,128}: add tests cases for rc2
-
-	* cms.c: Update prototypes changes for hx509_crypto_[gs]et_params.
-
-	* crypto.c: Break out the parameter handling code for encrypting
-	data to handle RC2.  Needed for Windows 2k pk-init support.
-	
-2006-04-04  Love H�rnquist �strand <lha@it.su.se>
-
-	* Makefile.am: Split libhx509_la_SOURCES into build file and
-	distributed files so we can avoid building prototypes for
-	build-files.
-	
-2006-04-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* TODO: split certificate request into pkcs10 and CRMF
-
-	* hxtool-commands.in: Add nonce flag to ocsp-fetch
-
-	* hxtool.c: control sending nonce
-
-	* hxtool.c (request_create): store the request in a file, no in
-	bitbucket.
-
-	* cert.c: expose print_cert_subject internally
-
-	* hxtool.c: Add ocsp_print.
-
-	* hxtool-commands.in: New command "ocsp-print".
-
-	* hx_locl.h: Include <hex.h>.
-
-	* revoke.c (verify_ocsp): require issuer to match too.
-	(free_ocsp): new function
-	(hx509_revoke_ocsp_print): new function, print ocsp reply
-
-	* Makefile.am: build CRMF files
-
-	* data/key.der: needed for cert request test
-
-	* test_req.in: adapt to rename of pkcs10-create to request-create
-
-	* hxtool.c: adapt to rename of pkcs10-create to request-create
-
-	* hxtool-commands.in: Rename pkcs10-create to request-create
-
-	* crypto.c: (_hx509_parse_private_key): Avoid crashing on bad input.
-
-	* hxtool.c (pkcs10_create): use opt->subject_string
-
-	* hxtool-commands.in: Add pkcs10-create --subject
-
-	* Makefile.am: Add test_req to tests.
-	
-	* test_req.in: Test for pkcs10 commands.
-
-	* name.c (hx509_parse_name): new function.
-
-	* hxtool.c (pkcs10_create): implement
-
-	* hxtool-commands.in (pkcs10-create): Add arguments
-
-	* crypto.c: Add _hx509_private_key2SPKI and support
-	functions (only support RSA for now).
-	
-2006-04-02  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* hxtool-commands.in: Add pkcs10-create command.
-
-	* hx509.h: Add hx509_request.
-
-	* TODO: more stuff
-
-	* Makefile.am: Add req.c
-
-	* req.c: Create certificate requests, prototype converts the
-	request in a pkcs10 packet.
-
-	* hxtool.c: Add pkcs10_create
-
-	* name.c (hx509_name_copy): new function.
-	
-2006-04-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* TODO: fill out what do
-
-	* hxtool-commands.in: add pkcs10-print
-
-	* hx_locl.h: Include <pkcs10_asn1.h>.
-
-	* pkcs10.asn1: PKCS#10
-
-	* hxtool.c (pkcs10_print): new function.
-
-	* test_chain.in: test ocsp keyhash
-
-	* data: generate ocsp keyhash version too
-
-	* revoke.c (load_ocsp): test that we got back a BasicReponse
-
-	* ocsp.asn1: Add asn1_id_pkix_ocsp*.
-
-	* Makefile.am: Add asn1_id_pkix_ocsp*.
-
-	* cert.c: Add HX509_QUERY_MATCH_KEY_HASH_SHA1
-
-	* hx_locl.h: Add HX509_QUERY_MATCH_KEY_HASH_SHA1
-
-	* revoke.c: Support OCSPResponderID.byKey, indent.
-
-	* revoke.c (hx509_ocsp_request): Add nonce to ocsp request.
-
-	* hxtool.c: Add nonce to ocsp request.
-
-	* test_chain.in: Added crl tests
-	
-	* data/nist-data: rename missing-crl to missing-revoke
-
-	* data: make ca use openssl ca command so we can add ocsp tests,
-	and regen certs
-
-	* test_chain.in: Add revoked ocsp cert test
-
-	* cert.c: rename missing-crl to missing-revoke
-
-	* revoke.c: refactor code, fix a un-init-ed variable
-	
-	* test_chain.in: rename missing-crl to missing-revoke add ocsp
-	tests
-
-	* test_cms.in: rename missing-crl to missing-revoke
-
-	* hxtool.c: rename missing-crl to missing-revoke
-
-	* hxtool-commands.in: rename missing-crl to missing-revoke
-	
-	* revoke.c: Plug one memory leak.
-
-	* revoke.c: Renamed generic CRL related errors.
-	
-	* hx509_err.et: Comments and renamed generic CRL related errors
-	
-	* revoke.c: Add ocsp checker.
-
-	* ocsp.asn1: Add id-kp-OCSPSigning
-
-	* hxtool-commands.in: add url-path argument to ocsp-fetch
-
-	* hxtool.c: implement ocsp-fetch
-
-	* cert.c: Use HX509_DEFAULT_OCSP_TIME_DIFF.
-	
-	* hx_locl.h: Add ocsp_time_diff to hx509_context
-
-	* crypto.c (_hx509_verify_signature_bitstring): new function,
-	commonly use when checking certificates
-
-	* cms.c (hx509_cms_envelope_1): check for internal ASN.1 encoder
-	error
-
-	* cert.c: Add ocsp glue, use new
-	_hx509_verify_signature_bitstring, add eku checking function.
-	
-2006-03-31  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: add id_kp_OCSPSigning.x
-
-	* revoke.c: Pick out certs in ocsp response
-
-	* TODO: list of stuff to verify
-
-	* revoke.c: Add code to load OCSPBasicOCSPResponse files, reload
-	crl when its changed on disk.
-
-	* cert.c: Update for ocsp merge. handle building path w/o
-	subject (using subject key id)
-
-	* ks_p12.c: _hx509_map_file changed prototype.
-
-	* file.c: _hx509_map_file changed prototype, returns struct stat
-	if requested.
-
-	* ks_file.c: _hx509_map_file changed prototype.
-
-	* hxtool.c: Add stub for ocsp-fetch, _hx509_map_file changed
-	prototype, add ocsp parsing to verify command.
-
-	* hx_locl.h: rename HX509_CTX_CRL_MISSING_OK to
-	HX509_CTX_VERIFY_MISSING_OK now that we have OCSP glue
-	
-2006-03-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* hx_locl.h: Add <krb5-types.h> to make it compile on Solaris,
-	from Alex V. Labuta.
-	
-2006-03-28  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* crypto.c (_hx509_pbe_decrypt): try all passwords, not just the
-	first one.
-	
-2006-03-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* print.c (check_altName): Print the othername oid.
-
-	* crypto.c: Manual page claims RSA_public_decrypt will return -1
-	on error, lets check for that
-	
-	* crypto.c (_hx509_pbe_decrypt): also try the empty password
-
-	* collector.c (match_localkeyid): no need to add back the cert to
-	the cert pool, its already there.
-
-	* crypto.c: Add REQUIRE_SIGNER
-
-	* cert.c (hx509_cert_free): ok to free NULL
-
-	* hx509_err.et: Add new error code SIGNATURE_WITHOUT_SIGNER.
-
-	* name.c (_hx509_name_ds_cmp): make DirectoryString case
-	insenstive
-	(hx509_name_to_string): less spacing
-
-	* cms.c: Check for signature error, check consitency of error
-	
-2006-03-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* collector.c (_hx509_collector_alloc): handle errors
-
-	* cert.c (hx509_query_alloc): allocate slight more more then a
-	sizeof(pointer)
-
-	* crypto.c (_hx509_private_key_assign_key_file): ask for password
-	if nothing matches.
-
-	* cert.c: Expose more of the hx509_query interface.
-
-	* collector.c: hx509_certs_find is now exposed.
-
-	* cms.c: hx509_certs_find is now exposed.
-
-	* revoke.c: hx509_certs_find is now exposed.
-
-	* keyset.c (hx509_certs_free): allow free-ing NULL
-	(hx509_certs_find): expose
-	(hx509_get_one_cert): new function
-
-	* hxtool.c: hx509_certs_find is now exposed.
-
-	* hx_locl.h: Remove hx509_query, its exposed now.
-
-	* hx509.h: Add hx509_query.
-	
-2006-02-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cert.c: Add exceptions for null (empty) subjectNames
-
-	* data/nist-data: Add some more name constraints tests.
-
-	* data/nist-data: Add some of the test from 4.13 Name Constraints.
-
-	* cert.c: Name constraits needs to be evaluated in block as they
-	appear in the certificates, they can not be joined to one
-	list. One example of this is:
-	
-	- cert is cn=foo,dc=bar,dc=baz
-	- subca is dc=foo,dc=baz with name restriction dc=kaka,dc=baz
-	- ca is dc=baz with name restriction dc=baz
-	
-	If the name restrictions are merged to a list, the certificate
-	will pass this test.
-
-2006-02-14 Love H�rnquist �strand <lha@it.su.se>
-
-	* cert.c: Handle more name constraints cases.
-
-	* crypto.c (dsa_verify_signature): if test if malloc failed
-
-2006-01-31  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cms.c: Drop partial pkcs12 string2key implementation.
-	
-2006-01-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* data/nist-data: Add commited out DSA tests (they fail).
-
-	* data/nist-data: Add 4.2 Validity Periods.
-
-	* test_nist.in: Make less verbose to use.
-
-	* Makefile.am: Add test_nist_cert.
-
-	* data/nist-data: Add some more CRL-tests.
-
-	* test_nist.in: Print $id instead of . when running the tests.
-
-	* test_nist.in: Drop verifying certifiates, its done in another
-	test now.
-
-	* data/nist-data: fixup kill-rectangle leftovers
-
-	* data/nist-data: Drop verifying certifiates, its done in another
-	test now.  Add more crl tests. comment out all unused tests.
-
-	* test_nist_cert.in: test parse all nist certs
-	
-2006-01-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* hx509_err.et: Add HX509_CRL_UNKNOWN_EXTENSION.
-
-	* revoke.c: Check for unknown extentions in CRLs and CRLEntries.
-
-	* test_nist.in: Parse new format to handle CRL info.
-
-	* test_chain.in: Add --missing-crl.
-
-	* name.c (hx509_unparse_der_name): Rename from hx509_parse_name.
-	(_hx509_unparse_Name): Add.
-
-	* hxtool-commands.in: Add --missing-crl to verify commands.
-
-	* hx509_err.et: Add CRL errors.
-
-	* cert.c (hx509_context_set_missing_crl): new function Add CRL
-	handling.
-
-	* hx_locl.h: Add HX509_CTX_CRL_MISSING_OK.
-
-	* revoke.c: Parse and verify CRLs (simplistic).
-
-	* hxtool.c: Parse CRL info.
-
-	* data/nist-data: Change format so we can deal with CRLs, also
-	note the test-id from PKITS.
-
-	* data: regenerate test
-	
-	* data/gen-req.sh: use static-file to generate tests
-	
-	* data/static-file: new file to use for commited tests
-
-	* test_cms.in: Use static file, add --missing-crl.
-	
-2006-01-18  Love H�rnquist �strand <lha@it.su.se>
-
-	* print.c: Its cRLReason, not cRLReasons.
-
-	* hxtool.c: Attach revoke context to verify context.
-
-	* data/nist-data: change syntax to make match better with crl
-	checks
-
-	* cert.c: Verify no certificates has been revoked with the new
-	revoke interface.
-
-	* Makefile.am: libhx509_la_SOURCES += revoke.c
-
-	* revoke.c: Add framework for handling CRLs.
-
-	* hx509.h: Add hx509_revoke_ctx.
-	
-2006-01-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* delete crypto_headers.h, use global file instead.
-
-	* crypto.c (PBE_string2key): libdes now supports PKCS12_key_gen
-	
-2006-01-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* crypto_headers.h: Need BN_is_negative too.
-	
-2006-01-11  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ks_p11.c (p11_rsa_public_decrypt): since is wrong, don't provide
-	it. PKCS11 can't do public_decrypt, it support verify though. All
-	this doesn't matter, since the code never go though this path.
-
-	* crypto_headers.h: Provide glue to compile with less warnings
-	with OpenSSL
-	
-2006-01-08  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: Depend on LIB_des
-
-	* lock.c: Use "crypto_headers.h".
-
-	* crypto_headers.h: Include the two diffrent implementation of
-	crypto headers.
-
-	* cert.c: Use "crypto-headers.h". Load ENGINE configuration.
-
-	* crypto.c: Make compile with both OpenSSL and heimdal libdes.
-
-	* ks_p11.c: Add code for public key decryption (not supported yet)
-	and use "crypto-headers.h".
-	
-
-2006-01-04 Love H�rnquist �strand <lha@it.su.se>
-	
-	* add a hx509_context where we can store configuration
-
-	* p11.c,Makefile.am: pkcs11 is now supported by library, remove
-	old files.
-
-	* ks_p11.c: more paranoid on refcount, set refcounter ealier,
-	reset pointers after free
-
-	* collector.c (struct private_key): remove temporary key data
-	storage, convert directly to a key
-	(match_localkeyid): match certificate and key using localkeyid
-	(match_keys): match certificate and key using _hx509_match_keys
-	(_hx509_collector_collect): rewrite to use match_keys and
-	match_localkeyid
-
-	* crypto.c (_hx509_match_keys): function that determins if a
-	private key matches a certificate, used when there is no
-	localkeyid.
-	(*) reset free pointer
-
-	* ks_file.c: Rewrite to use collector and mapping support
-	function.
-
-	* ks_p11.c (rsa_pkcs1_method): constify
-
-	* ks_p11.c: drop extra wrapping of p11_init
-
-	* crypto.c (_hx509_private_key_assign_key_file): use function to
-	extact rsa key
-
-	* cert.c: Revert previous, refcounter is unsigned, so it can never
-	be negative.
-
-	* cert.c (hx509_cert_ref): more refcount paranoia
-
-	* ks_p11.c: Implement rsa_private_decrypt and add stubs for public
-	ditto.
-
-	* ks_p11.c: Less printf, less memory leaks.
-
-	* ks_p11.c: Implement signing using pkcs11.
-	
-	* ks_p11.c: Partly assign private key, enough to complete
-	collection, but not any crypto functionallity.
-
-	* collector.c: Use hx509_private_key to assign private keys.
-
-	* crypto.c: Remove most of the EVP_PKEY code, and use RSA
-	directly, this temporary removes DSA support.
-
-	* hxtool.c (print_f): print if there is a friendly name and if
-	there is a private key
-	
-2006-01-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* name.c: Avoid warning from missing __attribute__((noreturn))
-
-	* lock.c (_hx509_lock_unlock_certs): return unlock certificates
-
-	* crypto.c (_hx509_private_key_assign_ptr): new function, exposes
-	EVP_PKEY
-	(_hx509_private_key_assign_key_file): remember to free private key
-	if there is one.
-
-	* cert.c (_hx509_abort): add newline to output and flush stdout
-
-	* Makefile.am: libhx509_la_SOURCES += collector.c
-
-	* hx_locl.h: forward type declaration of struct hx509_collector.
-
-	* collector.c: Support functions to collect certificates and
-	private keys and then match them.
-
-	* ks_p12.c: Use the new hx509_collector support functions.
-
-	* ks_p11.c: Add enough glue to support certificate iteration.
-
-	* test_nist_pkcs12.in: Less verbose.
-
-	* cert.c (hx509_cert_free): if there is a private key assosited
-	with this cert, free it
-
-	* print.c: Use _hx509_abort.
-
-	* ks_p12.c: Use _hx509_abort.
-
-	* hxtool.c: Use _hx509_abort.
-
-	* crypto.c: Use _hx509_abort.
-
-	* cms.c: Use _hx509_abort.
-
-	* cert.c: Use _hx509_abort.
-
-	* name.c: use _hx509_abort
-	
-2006-01-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* name.c (hx509_name_to_string): don't cut bmpString in half.
-
-	* name.c (hx509_name_to_string): don't overwrite with 1 byte with
-	bmpString.
-
-	* ks_file.c (parse_certificate): avoid stomping before array
-
-	* name.c (oidtostring): avoid leaking memory
-
-	* keyset.c: Add _hx509_ks_dir_register.
-
-	* Makefile.am (libhx509_la_SOURCES): += ks_dir.c
-
-	* hxtool-commands.in: Remove pkcs11.
-
-	* hxtool.c: Remove pcert_pkcs11.
-
-	* ks_file.c: Factor out certificate parsing code.
-
-	* ks_dir.c: Add new keystore that treats all files in a directory
-	a keystore, useful for regression tests.
-	
-2005-12-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_nist_pkcs12.in: Test parse PKCS12 files from NIST.
-
-	* data/nist-data: Can handle DSA certificate.
-	
-	* hxtool.c: Print error code on failure.
-	
-2005-10-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* crypto.c: Support DSA signature operations.
-	
-2005-10-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* print.c: Validate that issuerAltName and subjectAltName isn't
-	empty.
-	
-2005-09-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* p11.c: Cast to unsigned char to avoid warning.
-
-	* keyset.c: Register pkcs11 module.
-
-	* Makefile.am: Add ks_p11.c, install hxtool.
-	
-	* ks_p11.c: Starting point of a pkcs11 module.
-	
-2005-09-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lock.c: Implement prompter.
-
-	* hxtool-commands.in: add --content to print
-
-	* hxtool.c: Split verify and print.
-
-	* cms.c: _hx509_pbe_decrypt now takes a hx509_lock.
-
-	* crypto.c: Make _hx509_pbe_decrypt take a hx509_lock, workaround
-	for empty password.
-
-	* name.c: Add DC, handle all Directory strings, fix signless
-	problems.
-	
-2005-09-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_query.in: Pass in --pass to all commands.
-
-	* hxtool.c: Use option --pass.
-
-	* hxtool-commands.in: Add --pass to all commands.
-
-	* hx509_err.et: add UNKNOWN_LOCK_COMMAND and CRYPTO_NO_PROMPTER
-
-	* test_cms.in: pass in password to cms-create-sd
-
-	* crypto.c: Abstract out PBE_string2key so I can add PBE2 s2k
-	later.  Avoid signess warnings with OpenSSL.
-
-	* cms.c: Use void * instead of char * for to avoid signedness
-	issues
-
-	* cert.c (hx509_cert_get_attribute): remove const, its not
-
-	* ks_p12.c: Cast size_t to unsigned long when print.
-
-	* name.c: Fix signedness warning.
-
-	* test_query.in: Use echo, the function check isn't defined here.
-	
-2005-08-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* hxtool-commands.in: Add more options that was missing.
-
-2005-07-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_cms.in: Use --certificate= for enveloped/unenvelope.
-
-	* hxtool.c: Use --certificate= for enveloped/unenvelope.  Clean
-	up.
-
-	* test_cms.in: add EnvelopeData tests
-	
-	* hxtool.c: use id-envelopedData for ContentInfo
-	
-	* hxtool-commands.in: add contentinfo wrapping for create/unwrap
-	enveloped data
-
-	* hxtool.c: add contentinfo wrapping for create/unwrap enveloped
-	data
-
-	* data/gen-req.sh: add enveloped data (aes128)
-	
-	* crypto.c: add "new" RC2 oid
-	
-2005-07-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* hx_locl.h, cert.c: Add HX509_QUERY_MATCH_FUNCTION that allows
-	caller to match by function, note that this doesn't not work
-	directly for backends that implements ->query, they must do their
-	own processing. (I'm running out of flags, only 12 left now)
-
-	* test_cms.in: verify ContentInfo wrapping code in hxtool
-	
-	* hxtool-commands.in (cms_create_sd): support wrapping in content
-	info spelling
-
-	* hxtool.c (cms_create_sd): support wrapping in content info
-
-	* test_cms.in: test more cms signeddata messages
-	
-	* data/gen-req.sh: generate SignedData
-	
-	* hxtool.c (cms_create_sd): support certificate store, add support
-	to unwrap a ContentInfo the SignedData inside.
-
-	* crypto.c: sprinkel rk_UNCONST
-
-	* crypto.c: add DER NULL to the digest oid's
-
-	* hxtool-commands.in: add --content-info to cms-verify-sd
-
-	* cms.c (hx509_cms_create_signed_1): pass in a full
-	AlgorithmIdentifier instead of heim_oid for digest_alg
-
-	* crypto.c: make digest_alg a digest_oid, it's not needed right
-	now
-
-	* hx509_err.et: add CERT_NOT_FOUND
-	
-	* keyset.c (_hx509_certs_find): add error code for cert not
-	found
-
-	* cms.c (hx509_cms_verify_signed): add external store of
-	certificates, use the right digest algorithm identifier.
-
-	* cert.c: fix const warning
-
-	* ks_p12.c: slightly less verbose
-	
-	* cert.c: add hx509_cert_find_subjectAltName_otherName, add
-	HX509_QUERY_MATCH_FRIENDLY_NAME
-	
-	* hx509.h: add hx509_octet_string_list, remove bad comment
-	
-	* hx_locl.h: add HX509_QUERY_MATCH_FRIENDLY_NAME
-
-	* keyset.c (hx509_certs_append): needs a hx509_lock, add one
-
-	* Makefile.am: add test cases tempfiles to CLEANFILES
-	
-	* Makefile.am: add test_query to TESTS, fix dependency on hxtool
-	sources on hxtool-commands.h
-
-	* hxtool-commands.in: explain what signer is for create-sd
-
-	* hxtool.c: add query, add more options to verify-sd and create-sd
-
-	* test_cms.in: add more cms tests
-	
-	* hxtool-commands.in: add query, add more options to verify-sd
-
-	* test_query.in: test query interface
-	
-	* data: fix filenames for ds/ke files, add pkcs12 files, regen
-	
-	* hxtool.c,Makefile.am,hxtool-commands.in: switch to slc
-
-2005-07-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cert.c (hx509_verify_destroy_ctx): add
-	
-	* hxtool.c: free hx509_verify_ctx
-	
-	* name.c (_hx509_name_ds_cmp): make sure all strings are not equal
-
-2005-07-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* hxtool.c: return error
-	
-	* keyset.c: return errors from iterations
-	
-	* test_chain.in: clean up checks
-	
-	* ks_file.c (parse_certificate): return errno's not 1 in case of
-	error
-	
-	* ks_file.c (file_iter): make sure endpointer is NULL
-
-	* ks_mem.c (mem_iter): follow conversion and return NULL when we
-	get to the end, not ENOENT.
-	
-	* Makefile.am: test_chain depends on hxtool
-	
-	* data: test certs that lasts 10 years
-	
-	* data/gen-req.sh: script to generate test certs
-	
-	* Makefile.am: Add regression tests.
-
-	* data: test certificate and keys
-
-	* test_chain.in: test chain
-
-	* hxtool.c (cms_create_sd): add KU digitalSigature as a
-	requirement to the query
-
-	* hx_locl.h: add KeyUsage query bits
-
-	* hx509_err.et: add KeyUsage error
-
-	* cms.c: add checks for KeyUsage
-
-	* cert.c: more checks on KeyUsage, allow to query on them too
-
-2005-07-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* cms.c: Add missing break.
-	
-	* hx_locl.h,cms.c,cert.c: allow matching on SubjectKeyId
-
-	* hxtool.c: Use _hx509_map_file, _hx509_unmap_file and
-	_hx509_write_file.
-
-	* file.c (_hx509_write_file): in case of write error, return errno
-
-	* file.c (_hx509_write_file): add a function that write a data
-	blob to disk too
-
-	* Fix id-tags
-
-	* Import mostly complete X.509 and CMS library. Handles, PEM, DER,
-	PKCS12 encoded certicates.  Verificate RSA chains and handled
-	CMS's SignedData, and EnvelopedData.
-
-
diff --git a/crypto/heimdal/lib/hx509/Makefile.am b/crypto/heimdal/lib/hx509/Makefile.am
deleted file mode 100644
index 3144a71676ad..000000000000
--- a/crypto/heimdal/lib/hx509/Makefile.am
+++ /dev/null
@@ -1,388 +0,0 @@
-# $Id: Makefile.am 22459 2008-01-15 21:46:20Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-lib_LTLIBRARIES = libhx509.la
-libhx509_la_LDFLAGS = -version-info 3:0:0
-
-BUILT_SOURCES =				\
-	$(gen_files_ocsp:.x=.c)		\
-	$(gen_files_pkcs10:.x=.c)	\
-	hx509_err.c			\
-	hx509_err.h
-
-gen_files_ocsp = 			\
-	asn1_OCSPBasicOCSPResponse.x	\
-	asn1_OCSPCertID.x		\
-	asn1_OCSPCertStatus.x		\
-	asn1_OCSPInnerRequest.x		\
-	asn1_OCSPKeyHash.x		\
-	asn1_OCSPRequest.x		\
-	asn1_OCSPResponderID.x		\
-	asn1_OCSPResponse.x		\
-	asn1_OCSPResponseBytes.x	\
-	asn1_OCSPResponseData.x		\
-	asn1_OCSPResponseStatus.x	\
-	asn1_OCSPSignature.x		\
-	asn1_OCSPSingleResponse.x	\
-	asn1_OCSPTBSRequest.x		\
-	asn1_OCSPVersion.x		\
-	asn1_id_pkix_ocsp.x		\
-	asn1_id_pkix_ocsp_basic.x	\
-	asn1_id_pkix_ocsp_nonce.x
-
-gen_files_pkcs10 = 			\
-	asn1_CertificationRequestInfo.x	\
-	asn1_CertificationRequest.x
-
-gen_files_crmf = 			\
-	asn1_CRMFRDNSequence.x		\
-	asn1_CertReqMessages.x		\
-	asn1_CertReqMsg.x		\
-	asn1_CertRequest.x		\
-	asn1_CertTemplate.x		\
-	asn1_Controls.x			\
-	asn1_PBMParameter.x		\
-	asn1_PKMACValue.x		\
-	asn1_POPOPrivKey.x		\
-	asn1_POPOSigningKey.x		\
-	asn1_POPOSigningKeyInput.x	\
-	asn1_ProofOfPossession.x	\
-	asn1_SubsequentMessage.x	
-
-dist_libhx509_la_SOURCES = \
-	ca.c \
-	cert.c \
-	cms.c \
-	collector.c \
-	crypto.c \
-	doxygen.c \
-	error.c \
-	env.c \
-	file.c \
-	hx509-private.h \
-	hx509-protos.h \
-	hx509.h \
-	hx_locl.h \
-	keyset.c \
-	ks_dir.c \
-	ks_file.c \
-	ks_mem.c \
-	ks_null.c \
-	ks_p11.c \
-	ks_p12.c \
-	ks_keychain.c \
-	lock.c \
-	name.c \
-	peer.c \
-	print.c \
-	softp11.c \
-	ref/pkcs11.h \
-	req.c \
-	revoke.c
-
-libhx509_la_LIBADD = \
-	$(LIB_com_err) \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIBADD_roken) \
-	$(LIB_dlopen)
-
-if FRAMEWORK_SECURITY
-libhx509_la_LDFLAGS += -framework Security -framework CoreFoundation
-endif
-
-if versionscript
-libhx509_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
-endif
-$(libhx509_la_OBJECTS): $(srcdir)/version-script.map
-
-libhx509_la_CPPFLAGS = -I$(srcdir)/ref $(INCLUDE_hcrypto)
-nodist_libhx509_la_SOURCES = $(BUILT_SOURCES)
-
-$(gen_files_ocsp) ocsp_asn1.h: ocsp_asn1_files
-$(gen_files_pkcs10) pkcs10_asn1.h: pkcs10_asn1_files
-$(gen_files_crmf) crmf_asn1.h: crmf_asn1_files
-
-asn1_compile = ../asn1/asn1_compile$(EXEEXT)
-
-ocsp_asn1_files: $(asn1_compile) $(srcdir)/ocsp.asn1
-	$(asn1_compile) --preserve-binary=OCSPTBSRequest --preserve-binary=OCSPResponseData $(srcdir)/ocsp.asn1 ocsp_asn1 || (rm -f ocsp_asn1_files ; exit 1)
-
-pkcs10_asn1_files: $(asn1_compile) $(srcdir)/pkcs10.asn1
-	$(asn1_compile) --preserve-binary=CertificationRequestInfo $(srcdir)/pkcs10.asn1 pkcs10_asn1 || (rm -f pkcs10_asn1_files ; exit 1)
-
-crmf_asn1_files: $(asn1_compile) $(srcdir)/crmf.asn1
-	$(asn1_compile) $(srcdir)/crmf.asn1 crmf_asn1 || (rm -f crmf_asn1_files ; exit 1)
-
-$(libhx509_la_OBJECTS): $(srcdir)/hx509-protos.h $(srcdir)/hx509-private.h
-
-$(srcdir)/hx509-protos.h:
-	cd $(srcdir) && perl ../../cf/make-proto.pl -R '^(_|^C)' -E HX509_LIB_FUNCTION -q -P comment -o hx509-protos.h $(dist_libhx509_la_SOURCES) || rm -f hx509-protos.h
-
-$(srcdir)/hx509-private.h:
-	cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p hx509-private.h $(dist_libhx509_la_SOURCES) || rm -f hx509-private.h
-
-dist_include_HEADERS = hx509.h hx509-protos.h
-nodist_include_HEADERS = hx509_err.h
-
-SLC = $(top_builddir)/lib/sl/slc
-
-bin_PROGRAMS = hxtool
-
-hxtool-commands.c hxtool-commands.h: hxtool-commands.in $(SLC)
-	$(SLC) $(srcdir)/hxtool-commands.in
-
-dist_hxtool_SOURCES = hxtool.c
-nodist_hxtool_SOURCES = hxtool-commands.c hxtool-commands.h
-
-$(hxtool_OBJECTS): hxtool-commands.h
-
-hxtool_CPPFLAGS = $(INCLUDE_hcrypto)
-hxtool_LDADD = \
-	libhx509.la \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_hcrypto) \
-	$(LIB_roken) \
-	$(top_builddir)/lib/sl/libsl.la
-
-CLEANFILES = $(BUILT_SOURCES) \
-	$(gen_files_ocsp) ocsp_asn1_files ocsp_asn1.h \
-	$(gen_files_pkcs10) pkcs10_asn1_files pkcs10_asn1.h \
-	$(gen_files_crmf) crmf_asn1_files crmf_asn1.h \
-	$(TESTS) \
-	hxtool-commands.c hxtool-commands.h *.tmp \
-	request.out \
-	out.pem out2.pem \
-	sd.data sd.data.out \
-	ev.data ev.data.out \
-	cert-null.pem cert-sub-ca2.pem \
-	cert-ee.pem cert-ca.pem \
-	cert-sub-ee.pem cert-sub-ca.pem \
-	cert-proxy.der cert-ca.der cert-ee.der pkcs10-request.der \
-	wca.pem wuser.pem wdc.pem wcrl.crl \
-	random-data statfile crl.crl \
-	test p11dbg.log pkcs11.cfg \
-	test-rc-file.rc
-
-clean-local:
-	@echo "cleaning PKITS" ; rm -rf PKITS_data
-
-#
-# regression tests
-#
-
-check_SCRIPTS = $(SCRIPT_TESTS)
-check_PROGRAMS = $(PROGRAM_TESTS) test_soft_pkcs11
-
-LDADD = libhx509.la
-
-test_soft_pkcs11_LDADD = libhx509.la
-test_soft_pkcs11_CPPFLAGS = -I$(srcdir)/ref
-
-TESTS = $(SCRIPT_TESTS) $(PROGRAM_TESTS)
-
-PROGRAM_TESTS = 		\
-	test_name
-
-SCRIPT_TESTS = 			\
-	test_ca			\
-	test_cert		\
-	test_chain		\
-	test_cms		\
-	test_crypto		\
-	test_nist		\
-	test_nist2		\
-	test_pkcs11		\
-	test_java_pkcs11	\
-	test_nist_cert		\
-	test_nist_pkcs12	\
-	test_req		\
-	test_windows		\
-	test_query
-
-do_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \
-	-e 's,[@]objdir[@],$(top_builddir)/lib/hx509,g'
-
-test_ca: test_ca.in Makefile
-	$(do_subst) < $(srcdir)/test_ca.in > test_ca.tmp
-	chmod +x test_ca.tmp
-	mv test_ca.tmp test_ca
-
-test_cert: test_cert.in Makefile
-	$(do_subst) < $(srcdir)/test_cert.in > test_cert.tmp
-	chmod +x test_cert.tmp
-	mv test_cert.tmp test_cert
-
-test_chain: test_chain.in Makefile
-	$(do_subst) < $(srcdir)/test_chain.in > test_chain.tmp
-	chmod +x test_chain.tmp
-	mv test_chain.tmp test_chain
-
-test_cms: test_cms.in Makefile
-	$(do_subst) < $(srcdir)/test_cms.in > test_cms.tmp
-	chmod +x test_cms.tmp
-	mv test_cms.tmp test_cms
-
-test_crypto: test_crypto.in Makefile
-	$(do_subst) < $(srcdir)/test_crypto.in > test_crypto.tmp
-	chmod +x test_crypto.tmp
-	mv test_crypto.tmp test_crypto
-
-test_nist: test_nist.in Makefile
-	$(do_subst) < $(srcdir)/test_nist.in > test_nist.tmp
-	chmod +x test_nist.tmp
-	mv test_nist.tmp test_nist
-
-test_nist2: test_nist2.in Makefile
-	$(do_subst) < $(srcdir)/test_nist2.in > test_nist2.tmp
-	chmod +x test_nist2.tmp
-	mv test_nist2.tmp test_nist2
-
-test_pkcs11: test_pkcs11.in Makefile
-	$(do_subst) < $(srcdir)/test_pkcs11.in > test_pkcs11.tmp
-	chmod +x test_pkcs11.tmp
-	mv test_pkcs11.tmp test_pkcs11
-
-test_java_pkcs11: test_java_pkcs11.in Makefile
-	$(do_subst) < $(srcdir)/test_java_pkcs11.in > test_java_pkcs11.tmp
-	chmod +x test_java_pkcs11.tmp
-	mv test_java_pkcs11.tmp test_java_pkcs11
-
-test_nist_cert: test_nist_cert.in Makefile
-	$(do_subst) < $(srcdir)/test_nist_cert.in > test_nist_cert.tmp
-	chmod +x test_nist_cert.tmp
-	mv test_nist_cert.tmp test_nist_cert
-
-test_nist_pkcs12: test_nist_pkcs12.in Makefile
-	$(do_subst) < $(srcdir)/test_nist_pkcs12.in > test_nist_pkcs12.tmp
-	chmod +x test_nist_pkcs12.tmp
-	mv test_nist_pkcs12.tmp test_nist_pkcs12
-
-test_req: test_req.in Makefile
-	$(do_subst) < $(srcdir)/test_req.in > test_req.tmp
-	chmod +x test_req.tmp
-	mv test_req.tmp test_req
-
-test_windows: test_windows.in Makefile
-	$(do_subst) < $(srcdir)/test_windows.in > test_windows.tmp
-	chmod +x test_windows.tmp
-	mv test_windows.tmp test_windows
-
-test_query: test_query.in Makefile
-	$(do_subst) < $(srcdir)/test_query.in > test_query.tmp
-	chmod +x test_query.tmp
-	mv test_query.tmp test_query
-
-EXTRA_DIST = \
-	version-script.map \
-	crmf.asn1 \
-	data/bleichenbacher-bad.pem \
-	hx509_err.et \
-	hxtool-commands.in \
-	ocsp.asn1 \
-	pkcs10.asn1 \
-	test_ca.in \
-	test_chain.in \
-	test_cert.in \
-	test_cms.in \
-	test_crypto.in \
-	test_nist.in \
-	test_nist2.in \
-	test_nist_cert.in \
-	test_nist_pkcs12.in \
-	test_pkcs11.in \
-	test_java_pkcs11.in \
-	test_query.in \
-	test_req.in \
-	test_windows.in \
-	tst-crypto-available1 \
-	tst-crypto-available2 \
-	tst-crypto-available3 \
-	tst-crypto-select \
-	tst-crypto-select1 \
-	tst-crypto-select2 \
-	tst-crypto-select3 \
-	tst-crypto-select4 \
-	tst-crypto-select5 \
-	tst-crypto-select6 \
-	tst-crypto-select7 \
-	data/bleichenbacher-good.pem \
-	data/bleichenbacher-sf-pad-correct.pem \
-	data/ca.crt \
-	data/ca.key \
-	data/crl1.crl \
-	data/crl1.der \
-	data/gen-req.sh \
-	data/j.pem \
-	data/kdc.crt \
-	data/kdc.key \
-	data/key.der \
-	data/key2.der \
-	data/nist-data \
-	data/nist-data2 \
-	data/no-proxy-test.crt \
-	data/no-proxy-test.key \
-	data/ocsp-req1.der \
-	data/ocsp-req2.der \
-	data/ocsp-resp1-2.der \
-	data/ocsp-resp1-3.der \
-	data/ocsp-resp1-ca.der \
-	data/ocsp-resp1-keyhash.der \
-	data/ocsp-resp1-ocsp-no-cert.der \
-	data/ocsp-resp1-ocsp.der \
-	data/ocsp-resp1.der \
-	data/ocsp-resp2.der \
-	data/ocsp-responder.crt \
-	data/ocsp-responder.key \
-	data/openssl.cnf \
-	data/pkinit-proxy-chain.crt \
-	data/pkinit-proxy.crt \
-	data/pkinit-proxy.key \
-	data/pkinit-pw.key \
-	data/pkinit.crt \
-	data/pkinit.key \
-	data/proxy-level-test.crt \
-	data/proxy-level-test.key \
-	data/proxy-test.crt \
-	data/proxy-test.key \
-	data/proxy10-child-test.crt \
-	data/proxy10-child-test.key \
-	data/proxy10-child-child-test.crt \
-	data/proxy10-child-child-test.key \
-	data/proxy10-test.crt \
-	data/proxy10-test.key \
-	data/revoke.crt \
-	data/revoke.key \
-	data/sf-class2-root.pem \
-	data/static-file \
-	data/sub-ca.crt \
-	data/sub-ca.key \
-	data/sub-cert.crt \
-	data/sub-cert.key \
-	data/sub-cert.p12 \
-	data/test-ds-only.crt \
-	data/test-ds-only.key \
-	data/test-enveloped-aes-128 \
-	data/test-enveloped-aes-256 \
-	data/test-enveloped-des \
-	data/test-enveloped-des-ede3 \
-	data/test-enveloped-rc2-128 \
-	data/test-enveloped-rc2-40 \
-	data/test-enveloped-rc2-64 \
-	data/test-ke-only.crt \
-	data/test-ke-only.key \
-	data/test-nopw.p12 \
-	data/test-pw.key \
-	data/test-signed-data \
-	data/test-signed-data-noattr \
-	data/test-signed-data-noattr-nocerts \
-	data/test.combined.crt \
-	data/test.crt \
-	data/test.key \
-	data/test.p12 \
-	data/yutaka-pad-broken-ca.pem \
-	data/yutaka-pad-broken-cert.pem \
-	data/yutaka-pad-ok-ca.pem \
-	data/yutaka-pad-ok-cert.pem \
-	data/yutaka-pad.key
diff --git a/crypto/heimdal/lib/hx509/Makefile.in b/crypto/heimdal/lib/hx509/Makefile.in
deleted file mode 100644
index b564a4903061..000000000000
--- a/crypto/heimdal/lib/hx509/Makefile.in
+++ /dev/null
@@ -1,1530 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 22459 2008-01-15 21:46:20Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(dist_include_HEADERS) $(srcdir)/Makefile.am \
-	$(srcdir)/Makefile.in $(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common ChangeLog TODO
-@FRAMEWORK_SECURITY_TRUE@am__append_1 = -framework Security -framework CoreFoundation
-@versionscript_TRUE@am__append_2 = $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
-bin_PROGRAMS = hxtool$(EXEEXT)
-check_PROGRAMS = $(am__EXEEXT_1) test_soft_pkcs11$(EXEEXT)
-TESTS = $(SCRIPT_TESTS) $(am__EXEEXT_1)
-subdir = lib/hx509
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
-    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
-    *) f=$$p;; \
-  esac;
-am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
-am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" \
-	"$(DESTDIR)$(includedir)" "$(DESTDIR)$(includedir)"
-libLTLIBRARIES_INSTALL = $(INSTALL)
-LTLIBRARIES = $(lib_LTLIBRARIES)
-am__DEPENDENCIES_1 =
-libhx509_la_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1)
-dist_libhx509_la_OBJECTS = libhx509_la-ca.lo libhx509_la-cert.lo \
-	libhx509_la-cms.lo libhx509_la-collector.lo \
-	libhx509_la-crypto.lo libhx509_la-doxygen.lo \
-	libhx509_la-error.lo libhx509_la-env.lo libhx509_la-file.lo \
-	libhx509_la-keyset.lo libhx509_la-ks_dir.lo \
-	libhx509_la-ks_file.lo libhx509_la-ks_mem.lo \
-	libhx509_la-ks_null.lo libhx509_la-ks_p11.lo \
-	libhx509_la-ks_p12.lo libhx509_la-ks_keychain.lo \
-	libhx509_la-lock.lo libhx509_la-name.lo libhx509_la-peer.lo \
-	libhx509_la-print.lo libhx509_la-softp11.lo libhx509_la-req.lo \
-	libhx509_la-revoke.lo
-am__objects_1 = libhx509_la-asn1_OCSPBasicOCSPResponse.lo \
-	libhx509_la-asn1_OCSPCertID.lo \
-	libhx509_la-asn1_OCSPCertStatus.lo \
-	libhx509_la-asn1_OCSPInnerRequest.lo \
-	libhx509_la-asn1_OCSPKeyHash.lo \
-	libhx509_la-asn1_OCSPRequest.lo \
-	libhx509_la-asn1_OCSPResponderID.lo \
-	libhx509_la-asn1_OCSPResponse.lo \
-	libhx509_la-asn1_OCSPResponseBytes.lo \
-	libhx509_la-asn1_OCSPResponseData.lo \
-	libhx509_la-asn1_OCSPResponseStatus.lo \
-	libhx509_la-asn1_OCSPSignature.lo \
-	libhx509_la-asn1_OCSPSingleResponse.lo \
-	libhx509_la-asn1_OCSPTBSRequest.lo \
-	libhx509_la-asn1_OCSPVersion.lo \
-	libhx509_la-asn1_id_pkix_ocsp.lo \
-	libhx509_la-asn1_id_pkix_ocsp_basic.lo \
-	libhx509_la-asn1_id_pkix_ocsp_nonce.lo
-am__objects_2 = libhx509_la-asn1_CertificationRequestInfo.lo \
-	libhx509_la-asn1_CertificationRequest.lo
-am__objects_3 = $(am__objects_1) $(am__objects_2) \
-	libhx509_la-hx509_err.lo
-nodist_libhx509_la_OBJECTS = $(am__objects_3)
-libhx509_la_OBJECTS = $(dist_libhx509_la_OBJECTS) \
-	$(nodist_libhx509_la_OBJECTS)
-libhx509_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(libhx509_la_LDFLAGS) $(LDFLAGS) -o $@
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-am__EXEEXT_1 = test_name$(EXEEXT)
-PROGRAMS = $(bin_PROGRAMS)
-dist_hxtool_OBJECTS = hxtool-hxtool.$(OBJEXT)
-nodist_hxtool_OBJECTS = hxtool-hxtool-commands.$(OBJEXT)
-hxtool_OBJECTS = $(dist_hxtool_OBJECTS) $(nodist_hxtool_OBJECTS)
-hxtool_DEPENDENCIES = libhx509.la $(top_builddir)/lib/asn1/libasn1.la \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/sl/libsl.la
-test_name_SOURCES = test_name.c
-test_name_OBJECTS = test_name.$(OBJEXT)
-test_name_LDADD = $(LDADD)
-test_name_DEPENDENCIES = libhx509.la
-test_soft_pkcs11_SOURCES = test_soft_pkcs11.c
-test_soft_pkcs11_OBJECTS =  \
-	test_soft_pkcs11-test_soft_pkcs11.$(OBJEXT)
-test_soft_pkcs11_DEPENDENCIES = libhx509.la
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-SOURCES = $(dist_libhx509_la_SOURCES) $(nodist_libhx509_la_SOURCES) \
-	$(dist_hxtool_SOURCES) $(nodist_hxtool_SOURCES) test_name.c \
-	test_soft_pkcs11.c
-DIST_SOURCES = $(dist_libhx509_la_SOURCES) $(dist_hxtool_SOURCES) \
-	test_name.c test_soft_pkcs11.c
-dist_includeHEADERS_INSTALL = $(INSTALL_HEADER)
-nodist_includeHEADERS_INSTALL = $(INSTALL_HEADER)
-HEADERS = $(dist_include_HEADERS) $(nodist_include_HEADERS)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-lib_LTLIBRARIES = libhx509.la
-libhx509_la_LDFLAGS = -version-info 3:0:0 $(am__append_1) \
-	$(am__append_2)
-BUILT_SOURCES = \
-	$(gen_files_ocsp:.x=.c)		\
-	$(gen_files_pkcs10:.x=.c)	\
-	hx509_err.c			\
-	hx509_err.h
-
-gen_files_ocsp = \
-	asn1_OCSPBasicOCSPResponse.x	\
-	asn1_OCSPCertID.x		\
-	asn1_OCSPCertStatus.x		\
-	asn1_OCSPInnerRequest.x		\
-	asn1_OCSPKeyHash.x		\
-	asn1_OCSPRequest.x		\
-	asn1_OCSPResponderID.x		\
-	asn1_OCSPResponse.x		\
-	asn1_OCSPResponseBytes.x	\
-	asn1_OCSPResponseData.x		\
-	asn1_OCSPResponseStatus.x	\
-	asn1_OCSPSignature.x		\
-	asn1_OCSPSingleResponse.x	\
-	asn1_OCSPTBSRequest.x		\
-	asn1_OCSPVersion.x		\
-	asn1_id_pkix_ocsp.x		\
-	asn1_id_pkix_ocsp_basic.x	\
-	asn1_id_pkix_ocsp_nonce.x
-
-gen_files_pkcs10 = \
-	asn1_CertificationRequestInfo.x	\
-	asn1_CertificationRequest.x
-
-gen_files_crmf = \
-	asn1_CRMFRDNSequence.x		\
-	asn1_CertReqMessages.x		\
-	asn1_CertReqMsg.x		\
-	asn1_CertRequest.x		\
-	asn1_CertTemplate.x		\
-	asn1_Controls.x			\
-	asn1_PBMParameter.x		\
-	asn1_PKMACValue.x		\
-	asn1_POPOPrivKey.x		\
-	asn1_POPOSigningKey.x		\
-	asn1_POPOSigningKeyInput.x	\
-	asn1_ProofOfPossession.x	\
-	asn1_SubsequentMessage.x	
-
-dist_libhx509_la_SOURCES = \
-	ca.c \
-	cert.c \
-	cms.c \
-	collector.c \
-	crypto.c \
-	doxygen.c \
-	error.c \
-	env.c \
-	file.c \
-	hx509-private.h \
-	hx509-protos.h \
-	hx509.h \
-	hx_locl.h \
-	keyset.c \
-	ks_dir.c \
-	ks_file.c \
-	ks_mem.c \
-	ks_null.c \
-	ks_p11.c \
-	ks_p12.c \
-	ks_keychain.c \
-	lock.c \
-	name.c \
-	peer.c \
-	print.c \
-	softp11.c \
-	ref/pkcs11.h \
-	req.c \
-	revoke.c
-
-libhx509_la_LIBADD = \
-	$(LIB_com_err) \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIBADD_roken) \
-	$(LIB_dlopen)
-
-libhx509_la_CPPFLAGS = -I$(srcdir)/ref $(INCLUDE_hcrypto)
-nodist_libhx509_la_SOURCES = $(BUILT_SOURCES)
-asn1_compile = ../asn1/asn1_compile$(EXEEXT)
-dist_include_HEADERS = hx509.h hx509-protos.h
-nodist_include_HEADERS = hx509_err.h
-SLC = $(top_builddir)/lib/sl/slc
-dist_hxtool_SOURCES = hxtool.c
-nodist_hxtool_SOURCES = hxtool-commands.c hxtool-commands.h
-hxtool_CPPFLAGS = $(INCLUDE_hcrypto)
-hxtool_LDADD = \
-	libhx509.la \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_hcrypto) \
-	$(LIB_roken) \
-	$(top_builddir)/lib/sl/libsl.la
-
-CLEANFILES = $(BUILT_SOURCES) \
-	$(gen_files_ocsp) ocsp_asn1_files ocsp_asn1.h \
-	$(gen_files_pkcs10) pkcs10_asn1_files pkcs10_asn1.h \
-	$(gen_files_crmf) crmf_asn1_files crmf_asn1.h \
-	$(TESTS) \
-	hxtool-commands.c hxtool-commands.h *.tmp \
-	request.out \
-	out.pem out2.pem \
-	sd.data sd.data.out \
-	ev.data ev.data.out \
-	cert-null.pem cert-sub-ca2.pem \
-	cert-ee.pem cert-ca.pem \
-	cert-sub-ee.pem cert-sub-ca.pem \
-	cert-proxy.der cert-ca.der cert-ee.der pkcs10-request.der \
-	wca.pem wuser.pem wdc.pem wcrl.crl \
-	random-data statfile crl.crl \
-	test p11dbg.log pkcs11.cfg \
-	test-rc-file.rc
-
-
-#
-# regression tests
-#
-check_SCRIPTS = $(SCRIPT_TESTS)
-LDADD = libhx509.la
-test_soft_pkcs11_LDADD = libhx509.la
-test_soft_pkcs11_CPPFLAGS = -I$(srcdir)/ref
-PROGRAM_TESTS = \
-	test_name
-
-SCRIPT_TESTS = \
-	test_ca			\
-	test_cert		\
-	test_chain		\
-	test_cms		\
-	test_crypto		\
-	test_nist		\
-	test_nist2		\
-	test_pkcs11		\
-	test_java_pkcs11	\
-	test_nist_cert		\
-	test_nist_pkcs12	\
-	test_req		\
-	test_windows		\
-	test_query
-
-do_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \
-	-e 's,[@]objdir[@],$(top_builddir)/lib/hx509,g'
-
-EXTRA_DIST = \
-	version-script.map \
-	crmf.asn1 \
-	data/bleichenbacher-bad.pem \
-	hx509_err.et \
-	hxtool-commands.in \
-	ocsp.asn1 \
-	pkcs10.asn1 \
-	test_ca.in \
-	test_chain.in \
-	test_cert.in \
-	test_cms.in \
-	test_crypto.in \
-	test_nist.in \
-	test_nist2.in \
-	test_nist_cert.in \
-	test_nist_pkcs12.in \
-	test_pkcs11.in \
-	test_java_pkcs11.in \
-	test_query.in \
-	test_req.in \
-	test_windows.in \
-	tst-crypto-available1 \
-	tst-crypto-available2 \
-	tst-crypto-available3 \
-	tst-crypto-select \
-	tst-crypto-select1 \
-	tst-crypto-select2 \
-	tst-crypto-select3 \
-	tst-crypto-select4 \
-	tst-crypto-select5 \
-	tst-crypto-select6 \
-	tst-crypto-select7 \
-	data/bleichenbacher-good.pem \
-	data/bleichenbacher-sf-pad-correct.pem \
-	data/ca.crt \
-	data/ca.key \
-	data/crl1.crl \
-	data/crl1.der \
-	data/gen-req.sh \
-	data/j.pem \
-	data/kdc.crt \
-	data/kdc.key \
-	data/key.der \
-	data/key2.der \
-	data/nist-data \
-	data/nist-data2 \
-	data/no-proxy-test.crt \
-	data/no-proxy-test.key \
-	data/ocsp-req1.der \
-	data/ocsp-req2.der \
-	data/ocsp-resp1-2.der \
-	data/ocsp-resp1-3.der \
-	data/ocsp-resp1-ca.der \
-	data/ocsp-resp1-keyhash.der \
-	data/ocsp-resp1-ocsp-no-cert.der \
-	data/ocsp-resp1-ocsp.der \
-	data/ocsp-resp1.der \
-	data/ocsp-resp2.der \
-	data/ocsp-responder.crt \
-	data/ocsp-responder.key \
-	data/openssl.cnf \
-	data/pkinit-proxy-chain.crt \
-	data/pkinit-proxy.crt \
-	data/pkinit-proxy.key \
-	data/pkinit-pw.key \
-	data/pkinit.crt \
-	data/pkinit.key \
-	data/proxy-level-test.crt \
-	data/proxy-level-test.key \
-	data/proxy-test.crt \
-	data/proxy-test.key \
-	data/proxy10-child-test.crt \
-	data/proxy10-child-test.key \
-	data/proxy10-child-child-test.crt \
-	data/proxy10-child-child-test.key \
-	data/proxy10-test.crt \
-	data/proxy10-test.key \
-	data/revoke.crt \
-	data/revoke.key \
-	data/sf-class2-root.pem \
-	data/static-file \
-	data/sub-ca.crt \
-	data/sub-ca.key \
-	data/sub-cert.crt \
-	data/sub-cert.key \
-	data/sub-cert.p12 \
-	data/test-ds-only.crt \
-	data/test-ds-only.key \
-	data/test-enveloped-aes-128 \
-	data/test-enveloped-aes-256 \
-	data/test-enveloped-des \
-	data/test-enveloped-des-ede3 \
-	data/test-enveloped-rc2-128 \
-	data/test-enveloped-rc2-40 \
-	data/test-enveloped-rc2-64 \
-	data/test-ke-only.crt \
-	data/test-ke-only.key \
-	data/test-nopw.p12 \
-	data/test-pw.key \
-	data/test-signed-data \
-	data/test-signed-data-noattr \
-	data/test-signed-data-noattr-nocerts \
-	data/test.combined.crt \
-	data/test.crt \
-	data/test.key \
-	data/test.p12 \
-	data/yutaka-pad-broken-ca.pem \
-	data/yutaka-pad-broken-cert.pem \
-	data/yutaka-pad-ok-ca.pem \
-	data/yutaka-pad-ok-cert.pem \
-	data/yutaka-pad.key
-
-all: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps lib/hx509/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps lib/hx509/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f=$(am__strip_dir) \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  p=$(am__strip_dir) \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
-	  $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test "$$dir" != "$$p" || dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-libhx509.la: $(libhx509_la_OBJECTS) $(libhx509_la_DEPENDENCIES) 
-	$(libhx509_la_LINK) -rpath $(libdir) $(libhx509_la_OBJECTS) $(libhx509_la_LIBADD) $(LIBS)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(bindir)/$$f"; \
-	done
-
-clean-binPROGRAMS:
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-
-clean-checkPROGRAMS:
-	@list='$(check_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-hxtool$(EXEEXT): $(hxtool_OBJECTS) $(hxtool_DEPENDENCIES) 
-	@rm -f hxtool$(EXEEXT)
-	$(LINK) $(hxtool_OBJECTS) $(hxtool_LDADD) $(LIBS)
-test_name$(EXEEXT): $(test_name_OBJECTS) $(test_name_DEPENDENCIES) 
-	@rm -f test_name$(EXEEXT)
-	$(LINK) $(test_name_OBJECTS) $(test_name_LDADD) $(LIBS)
-test_soft_pkcs11$(EXEEXT): $(test_soft_pkcs11_OBJECTS) $(test_soft_pkcs11_DEPENDENCIES) 
-	@rm -f test_soft_pkcs11$(EXEEXT)
-	$(LINK) $(test_soft_pkcs11_OBJECTS) $(test_soft_pkcs11_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-libhx509_la-ca.lo: ca.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-ca.lo `test -f 'ca.c' || echo '$(srcdir)/'`ca.c
-
-libhx509_la-cert.lo: cert.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-cert.lo `test -f 'cert.c' || echo '$(srcdir)/'`cert.c
-
-libhx509_la-cms.lo: cms.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-cms.lo `test -f 'cms.c' || echo '$(srcdir)/'`cms.c
-
-libhx509_la-collector.lo: collector.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-collector.lo `test -f 'collector.c' || echo '$(srcdir)/'`collector.c
-
-libhx509_la-crypto.lo: crypto.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-crypto.lo `test -f 'crypto.c' || echo '$(srcdir)/'`crypto.c
-
-libhx509_la-doxygen.lo: doxygen.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-doxygen.lo `test -f 'doxygen.c' || echo '$(srcdir)/'`doxygen.c
-
-libhx509_la-error.lo: error.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-error.lo `test -f 'error.c' || echo '$(srcdir)/'`error.c
-
-libhx509_la-env.lo: env.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-env.lo `test -f 'env.c' || echo '$(srcdir)/'`env.c
-
-libhx509_la-file.lo: file.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-file.lo `test -f 'file.c' || echo '$(srcdir)/'`file.c
-
-libhx509_la-keyset.lo: keyset.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-keyset.lo `test -f 'keyset.c' || echo '$(srcdir)/'`keyset.c
-
-libhx509_la-ks_dir.lo: ks_dir.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-ks_dir.lo `test -f 'ks_dir.c' || echo '$(srcdir)/'`ks_dir.c
-
-libhx509_la-ks_file.lo: ks_file.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-ks_file.lo `test -f 'ks_file.c' || echo '$(srcdir)/'`ks_file.c
-
-libhx509_la-ks_mem.lo: ks_mem.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-ks_mem.lo `test -f 'ks_mem.c' || echo '$(srcdir)/'`ks_mem.c
-
-libhx509_la-ks_null.lo: ks_null.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-ks_null.lo `test -f 'ks_null.c' || echo '$(srcdir)/'`ks_null.c
-
-libhx509_la-ks_p11.lo: ks_p11.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-ks_p11.lo `test -f 'ks_p11.c' || echo '$(srcdir)/'`ks_p11.c
-
-libhx509_la-ks_p12.lo: ks_p12.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-ks_p12.lo `test -f 'ks_p12.c' || echo '$(srcdir)/'`ks_p12.c
-
-libhx509_la-ks_keychain.lo: ks_keychain.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-ks_keychain.lo `test -f 'ks_keychain.c' || echo '$(srcdir)/'`ks_keychain.c
-
-libhx509_la-lock.lo: lock.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-lock.lo `test -f 'lock.c' || echo '$(srcdir)/'`lock.c
-
-libhx509_la-name.lo: name.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-name.lo `test -f 'name.c' || echo '$(srcdir)/'`name.c
-
-libhx509_la-peer.lo: peer.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-peer.lo `test -f 'peer.c' || echo '$(srcdir)/'`peer.c
-
-libhx509_la-print.lo: print.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-print.lo `test -f 'print.c' || echo '$(srcdir)/'`print.c
-
-libhx509_la-softp11.lo: softp11.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-softp11.lo `test -f 'softp11.c' || echo '$(srcdir)/'`softp11.c
-
-libhx509_la-req.lo: req.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-req.lo `test -f 'req.c' || echo '$(srcdir)/'`req.c
-
-libhx509_la-revoke.lo: revoke.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-revoke.lo `test -f 'revoke.c' || echo '$(srcdir)/'`revoke.c
-
-libhx509_la-asn1_OCSPBasicOCSPResponse.lo: asn1_OCSPBasicOCSPResponse.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPBasicOCSPResponse.lo `test -f 'asn1_OCSPBasicOCSPResponse.c' || echo '$(srcdir)/'`asn1_OCSPBasicOCSPResponse.c
-
-libhx509_la-asn1_OCSPCertID.lo: asn1_OCSPCertID.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPCertID.lo `test -f 'asn1_OCSPCertID.c' || echo '$(srcdir)/'`asn1_OCSPCertID.c
-
-libhx509_la-asn1_OCSPCertStatus.lo: asn1_OCSPCertStatus.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPCertStatus.lo `test -f 'asn1_OCSPCertStatus.c' || echo '$(srcdir)/'`asn1_OCSPCertStatus.c
-
-libhx509_la-asn1_OCSPInnerRequest.lo: asn1_OCSPInnerRequest.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPInnerRequest.lo `test -f 'asn1_OCSPInnerRequest.c' || echo '$(srcdir)/'`asn1_OCSPInnerRequest.c
-
-libhx509_la-asn1_OCSPKeyHash.lo: asn1_OCSPKeyHash.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPKeyHash.lo `test -f 'asn1_OCSPKeyHash.c' || echo '$(srcdir)/'`asn1_OCSPKeyHash.c
-
-libhx509_la-asn1_OCSPRequest.lo: asn1_OCSPRequest.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPRequest.lo `test -f 'asn1_OCSPRequest.c' || echo '$(srcdir)/'`asn1_OCSPRequest.c
-
-libhx509_la-asn1_OCSPResponderID.lo: asn1_OCSPResponderID.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPResponderID.lo `test -f 'asn1_OCSPResponderID.c' || echo '$(srcdir)/'`asn1_OCSPResponderID.c
-
-libhx509_la-asn1_OCSPResponse.lo: asn1_OCSPResponse.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPResponse.lo `test -f 'asn1_OCSPResponse.c' || echo '$(srcdir)/'`asn1_OCSPResponse.c
-
-libhx509_la-asn1_OCSPResponseBytes.lo: asn1_OCSPResponseBytes.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPResponseBytes.lo `test -f 'asn1_OCSPResponseBytes.c' || echo '$(srcdir)/'`asn1_OCSPResponseBytes.c
-
-libhx509_la-asn1_OCSPResponseData.lo: asn1_OCSPResponseData.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPResponseData.lo `test -f 'asn1_OCSPResponseData.c' || echo '$(srcdir)/'`asn1_OCSPResponseData.c
-
-libhx509_la-asn1_OCSPResponseStatus.lo: asn1_OCSPResponseStatus.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPResponseStatus.lo `test -f 'asn1_OCSPResponseStatus.c' || echo '$(srcdir)/'`asn1_OCSPResponseStatus.c
-
-libhx509_la-asn1_OCSPSignature.lo: asn1_OCSPSignature.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPSignature.lo `test -f 'asn1_OCSPSignature.c' || echo '$(srcdir)/'`asn1_OCSPSignature.c
-
-libhx509_la-asn1_OCSPSingleResponse.lo: asn1_OCSPSingleResponse.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPSingleResponse.lo `test -f 'asn1_OCSPSingleResponse.c' || echo '$(srcdir)/'`asn1_OCSPSingleResponse.c
-
-libhx509_la-asn1_OCSPTBSRequest.lo: asn1_OCSPTBSRequest.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPTBSRequest.lo `test -f 'asn1_OCSPTBSRequest.c' || echo '$(srcdir)/'`asn1_OCSPTBSRequest.c
-
-libhx509_la-asn1_OCSPVersion.lo: asn1_OCSPVersion.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPVersion.lo `test -f 'asn1_OCSPVersion.c' || echo '$(srcdir)/'`asn1_OCSPVersion.c
-
-libhx509_la-asn1_id_pkix_ocsp.lo: asn1_id_pkix_ocsp.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_id_pkix_ocsp.lo `test -f 'asn1_id_pkix_ocsp.c' || echo '$(srcdir)/'`asn1_id_pkix_ocsp.c
-
-libhx509_la-asn1_id_pkix_ocsp_basic.lo: asn1_id_pkix_ocsp_basic.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_id_pkix_ocsp_basic.lo `test -f 'asn1_id_pkix_ocsp_basic.c' || echo '$(srcdir)/'`asn1_id_pkix_ocsp_basic.c
-
-libhx509_la-asn1_id_pkix_ocsp_nonce.lo: asn1_id_pkix_ocsp_nonce.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_id_pkix_ocsp_nonce.lo `test -f 'asn1_id_pkix_ocsp_nonce.c' || echo '$(srcdir)/'`asn1_id_pkix_ocsp_nonce.c
-
-libhx509_la-asn1_CertificationRequestInfo.lo: asn1_CertificationRequestInfo.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_CertificationRequestInfo.lo `test -f 'asn1_CertificationRequestInfo.c' || echo '$(srcdir)/'`asn1_CertificationRequestInfo.c
-
-libhx509_la-asn1_CertificationRequest.lo: asn1_CertificationRequest.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_CertificationRequest.lo `test -f 'asn1_CertificationRequest.c' || echo '$(srcdir)/'`asn1_CertificationRequest.c
-
-libhx509_la-hx509_err.lo: hx509_err.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-hx509_err.lo `test -f 'hx509_err.c' || echo '$(srcdir)/'`hx509_err.c
-
-hxtool-hxtool.o: hxtool.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(hxtool_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o hxtool-hxtool.o `test -f 'hxtool.c' || echo '$(srcdir)/'`hxtool.c
-
-hxtool-hxtool.obj: hxtool.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(hxtool_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o hxtool-hxtool.obj `if test -f 'hxtool.c'; then $(CYGPATH_W) 'hxtool.c'; else $(CYGPATH_W) '$(srcdir)/hxtool.c'; fi`
-
-hxtool-hxtool-commands.o: hxtool-commands.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(hxtool_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o hxtool-hxtool-commands.o `test -f 'hxtool-commands.c' || echo '$(srcdir)/'`hxtool-commands.c
-
-hxtool-hxtool-commands.obj: hxtool-commands.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(hxtool_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o hxtool-hxtool-commands.obj `if test -f 'hxtool-commands.c'; then $(CYGPATH_W) 'hxtool-commands.c'; else $(CYGPATH_W) '$(srcdir)/hxtool-commands.c'; fi`
-
-test_soft_pkcs11-test_soft_pkcs11.o: test_soft_pkcs11.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(test_soft_pkcs11_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o test_soft_pkcs11-test_soft_pkcs11.o `test -f 'test_soft_pkcs11.c' || echo '$(srcdir)/'`test_soft_pkcs11.c
-
-test_soft_pkcs11-test_soft_pkcs11.obj: test_soft_pkcs11.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(test_soft_pkcs11_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o test_soft_pkcs11-test_soft_pkcs11.obj `if test -f 'test_soft_pkcs11.c'; then $(CYGPATH_W) 'test_soft_pkcs11.c'; else $(CYGPATH_W) '$(srcdir)/test_soft_pkcs11.c'; fi`
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-dist_includeHEADERS: $(dist_include_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
-	@list='$(dist_include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(dist_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
-	  $(dist_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-uninstall-dist_includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(dist_include_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(includedir)/$$f"; \
-	done
-install-nodist_includeHEADERS: $(nodist_include_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
-	@list='$(nodist_include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(nodist_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
-	  $(nodist_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-uninstall-nodist_includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(nodist_include_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-check-TESTS: $(TESTS)
-	@failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[	 ]'; \
-	srcdir=$(srcdir); export srcdir; \
-	list=' $(TESTS) '; \
-	if test -n "$$list"; then \
-	  for tst in $$list; do \
-	    if test -f ./$$tst; then dir=./; \
-	    elif test -f $$tst; then dir=; \
-	    else dir="$(srcdir)/"; fi; \
-	    if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xpass=`expr $$xpass + 1`; \
-		failed=`expr $$failed + 1`; \
-		echo "XPASS: $$tst"; \
-	      ;; \
-	      *) \
-		echo "PASS: $$tst"; \
-	      ;; \
-	      esac; \
-	    elif test $$? -ne 77; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xfail=`expr $$xfail + 1`; \
-		echo "XFAIL: $$tst"; \
-	      ;; \
-	      *) \
-		failed=`expr $$failed + 1`; \
-		echo "FAIL: $$tst"; \
-	      ;; \
-	      esac; \
-	    else \
-	      skip=`expr $$skip + 1`; \
-	      echo "SKIP: $$tst"; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    if test "$$xfail" -eq 0; then \
-	      banner="All $$all tests passed"; \
-	    else \
-	      banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
-	    fi; \
-	  else \
-	    if test "$$xpass" -eq 0; then \
-	      banner="$$failed of $$all tests failed"; \
-	    else \
-	      banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
-	    fi; \
-	  fi; \
-	  dashes="$$banner"; \
-	  skipped=""; \
-	  if test "$$skip" -ne 0; then \
-	    skipped="($$skip tests were not run)"; \
-	    test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$skipped"; \
-	  fi; \
-	  report=""; \
-	  if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
-	    report="Please report to $(PACKAGE_BUGREPORT)"; \
-	    test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$report"; \
-	  fi; \
-	  dashes=`echo "$$dashes" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  test -z "$$skipped" || echo "$$skipped"; \
-	  test -z "$$report" || echo "$$report"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	else :; fi
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) $(check_SCRIPTS)
-	$(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
-check: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(HEADERS) all-local
-install-binPROGRAMS: install-libLTLIBRARIES
-
-installdirs:
-	for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" "$(DESTDIR)$(includedir)" "$(DESTDIR)$(includedir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-	-test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-checkPROGRAMS clean-generic \
-	clean-libLTLIBRARIES clean-libtool clean-local mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-dist_includeHEADERS \
-	install-nodist_includeHEADERS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am: install-binPROGRAMS install-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-binPROGRAMS uninstall-dist_includeHEADERS \
-	uninstall-libLTLIBRARIES uninstall-nodist_includeHEADERS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-TESTS check-am \
-	check-local clean clean-binPROGRAMS clean-checkPROGRAMS \
-	clean-generic clean-libLTLIBRARIES clean-libtool clean-local \
-	ctags dist-hook distclean distclean-compile distclean-generic \
-	distclean-libtool distclean-tags distdir dvi dvi-am html \
-	html-am info info-am install install-am install-binPROGRAMS \
-	install-data install-data-am install-data-hook \
-	install-dist_includeHEADERS install-dvi install-dvi-am \
-	install-exec install-exec-am install-exec-hook install-html \
-	install-html-am install-info install-info-am \
-	install-libLTLIBRARIES install-man \
-	install-nodist_includeHEADERS install-pdf install-pdf-am \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-binPROGRAMS \
-	uninstall-dist_includeHEADERS uninstall-hook \
-	uninstall-libLTLIBRARIES uninstall-nodist_includeHEADERS
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-$(libhx509_la_OBJECTS): $(srcdir)/version-script.map
-
-$(gen_files_ocsp) ocsp_asn1.h: ocsp_asn1_files
-$(gen_files_pkcs10) pkcs10_asn1.h: pkcs10_asn1_files
-$(gen_files_crmf) crmf_asn1.h: crmf_asn1_files
-
-ocsp_asn1_files: $(asn1_compile) $(srcdir)/ocsp.asn1
-	$(asn1_compile) --preserve-binary=OCSPTBSRequest --preserve-binary=OCSPResponseData $(srcdir)/ocsp.asn1 ocsp_asn1 || (rm -f ocsp_asn1_files ; exit 1)
-
-pkcs10_asn1_files: $(asn1_compile) $(srcdir)/pkcs10.asn1
-	$(asn1_compile) --preserve-binary=CertificationRequestInfo $(srcdir)/pkcs10.asn1 pkcs10_asn1 || (rm -f pkcs10_asn1_files ; exit 1)
-
-crmf_asn1_files: $(asn1_compile) $(srcdir)/crmf.asn1
-	$(asn1_compile) $(srcdir)/crmf.asn1 crmf_asn1 || (rm -f crmf_asn1_files ; exit 1)
-
-$(libhx509_la_OBJECTS): $(srcdir)/hx509-protos.h $(srcdir)/hx509-private.h
-
-$(srcdir)/hx509-protos.h:
-	cd $(srcdir) && perl ../../cf/make-proto.pl -R '^(_|^C)' -E HX509_LIB_FUNCTION -q -P comment -o hx509-protos.h $(dist_libhx509_la_SOURCES) || rm -f hx509-protos.h
-
-$(srcdir)/hx509-private.h:
-	cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p hx509-private.h $(dist_libhx509_la_SOURCES) || rm -f hx509-private.h
-
-hxtool-commands.c hxtool-commands.h: hxtool-commands.in $(SLC)
-	$(SLC) $(srcdir)/hxtool-commands.in
-
-$(hxtool_OBJECTS): hxtool-commands.h
-
-clean-local:
-	@echo "cleaning PKITS" ; rm -rf PKITS_data
-
-test_ca: test_ca.in Makefile
-	$(do_subst) < $(srcdir)/test_ca.in > test_ca.tmp
-	chmod +x test_ca.tmp
-	mv test_ca.tmp test_ca
-
-test_cert: test_cert.in Makefile
-	$(do_subst) < $(srcdir)/test_cert.in > test_cert.tmp
-	chmod +x test_cert.tmp
-	mv test_cert.tmp test_cert
-
-test_chain: test_chain.in Makefile
-	$(do_subst) < $(srcdir)/test_chain.in > test_chain.tmp
-	chmod +x test_chain.tmp
-	mv test_chain.tmp test_chain
-
-test_cms: test_cms.in Makefile
-	$(do_subst) < $(srcdir)/test_cms.in > test_cms.tmp
-	chmod +x test_cms.tmp
-	mv test_cms.tmp test_cms
-
-test_crypto: test_crypto.in Makefile
-	$(do_subst) < $(srcdir)/test_crypto.in > test_crypto.tmp
-	chmod +x test_crypto.tmp
-	mv test_crypto.tmp test_crypto
-
-test_nist: test_nist.in Makefile
-	$(do_subst) < $(srcdir)/test_nist.in > test_nist.tmp
-	chmod +x test_nist.tmp
-	mv test_nist.tmp test_nist
-
-test_nist2: test_nist2.in Makefile
-	$(do_subst) < $(srcdir)/test_nist2.in > test_nist2.tmp
-	chmod +x test_nist2.tmp
-	mv test_nist2.tmp test_nist2
-
-test_pkcs11: test_pkcs11.in Makefile
-	$(do_subst) < $(srcdir)/test_pkcs11.in > test_pkcs11.tmp
-	chmod +x test_pkcs11.tmp
-	mv test_pkcs11.tmp test_pkcs11
-
-test_java_pkcs11: test_java_pkcs11.in Makefile
-	$(do_subst) < $(srcdir)/test_java_pkcs11.in > test_java_pkcs11.tmp
-	chmod +x test_java_pkcs11.tmp
-	mv test_java_pkcs11.tmp test_java_pkcs11
-
-test_nist_cert: test_nist_cert.in Makefile
-	$(do_subst) < $(srcdir)/test_nist_cert.in > test_nist_cert.tmp
-	chmod +x test_nist_cert.tmp
-	mv test_nist_cert.tmp test_nist_cert
-
-test_nist_pkcs12: test_nist_pkcs12.in Makefile
-	$(do_subst) < $(srcdir)/test_nist_pkcs12.in > test_nist_pkcs12.tmp
-	chmod +x test_nist_pkcs12.tmp
-	mv test_nist_pkcs12.tmp test_nist_pkcs12
-
-test_req: test_req.in Makefile
-	$(do_subst) < $(srcdir)/test_req.in > test_req.tmp
-	chmod +x test_req.tmp
-	mv test_req.tmp test_req
-
-test_windows: test_windows.in Makefile
-	$(do_subst) < $(srcdir)/test_windows.in > test_windows.tmp
-	chmod +x test_windows.tmp
-	mv test_windows.tmp test_windows
-
-test_query: test_query.in Makefile
-	$(do_subst) < $(srcdir)/test_query.in > test_query.tmp
-	chmod +x test_query.tmp
-	mv test_query.tmp test_query
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/hx509/ca.c b/crypto/heimdal/lib/hx509/ca.c
deleted file mode 100644
index 40260700b3fa..000000000000
--- a/crypto/heimdal/lib/hx509/ca.c
+++ /dev/null
@@ -1,1518 +0,0 @@
-/*
- * Copyright (c) 2006 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-#include <pkinit_asn1.h>
-RCSID("$Id: ca.c 22456 2008-01-15 20:22:53Z lha $");
-
-/**
- * @page page_ca Hx509 CA functions
- *
- * See the library functions here: @ref hx509_ca
- */
-
-struct hx509_ca_tbs {
-    hx509_name subject;
-    SubjectPublicKeyInfo spki;
-    ExtKeyUsage eku;
-    GeneralNames san;
-    unsigned key_usage;
-    heim_integer serial;
-    struct {
-	unsigned int proxy:1;
-	unsigned int ca:1;
-	unsigned int key:1;
-	unsigned int serial:1;
-	unsigned int domaincontroller:1;
-    } flags;
-    time_t notBefore;
-    time_t notAfter;
-    int pathLenConstraint; /* both for CA and Proxy */
-    CRLDistributionPoints crldp;
-};
-
-/**
- * Allocate an to-be-signed certificate object that will be converted
- * into an certificate.
- *
- * @param context A hx509 context.
- * @param tbs returned to-be-signed certicate object, free with
- * hx509_ca_tbs_free().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_init(hx509_context context, hx509_ca_tbs *tbs)
-{
-    *tbs = calloc(1, sizeof(**tbs));
-    if (*tbs == NULL)
-	return ENOMEM;
-
-    (*tbs)->subject = NULL;
-    (*tbs)->san.len = 0;
-    (*tbs)->san.val = NULL;
-    (*tbs)->eku.len = 0;
-    (*tbs)->eku.val = NULL;
-    (*tbs)->pathLenConstraint = 0;
-    (*tbs)->crldp.len = 0;
-    (*tbs)->crldp.val = NULL;
-
-    return 0;
-}
-
-/**
- * Free an To Be Signed object.
- *
- * @param tbs object to free.
- *
- * @ingroup hx509_ca
- */
-
-void
-hx509_ca_tbs_free(hx509_ca_tbs *tbs)
-{
-    if (tbs == NULL || *tbs == NULL)
-	return;
-
-    free_SubjectPublicKeyInfo(&(*tbs)->spki);
-    free_GeneralNames(&(*tbs)->san);
-    free_ExtKeyUsage(&(*tbs)->eku);
-    der_free_heim_integer(&(*tbs)->serial);
-    free_CRLDistributionPoints(&(*tbs)->crldp);
-
-    hx509_name_free(&(*tbs)->subject);
-
-    memset(*tbs, 0, sizeof(**tbs));
-    free(*tbs);
-    *tbs = NULL;
-}
-
-/**
- * Set the absolute time when the certificate is valid from. If not
- * set the current time will be used.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param t time the certificated will start to be valid
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_set_notBefore(hx509_context context,
-			   hx509_ca_tbs tbs,
-			   time_t t)
-{
-    tbs->notBefore = t;
-    return 0;
-}
-
-/**
- * Set the absolute time when the certificate is valid to.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param t time when the certificate will expire
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_set_notAfter(hx509_context context,
-			   hx509_ca_tbs tbs,
-			   time_t t)
-{
-    tbs->notAfter = t;
-    return 0;
-}
-
-/**
- * Set the relative time when the certificiate is going to expire.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param delta seconds to the certificate is going to expire.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_set_notAfter_lifetime(hx509_context context,
-				   hx509_ca_tbs tbs,
-				   time_t delta)
-{
-    return hx509_ca_tbs_set_notAfter(context, tbs, time(NULL) + delta);
-}
-
-static const struct units templatebits[] = {
-    { "ExtendedKeyUsage", HX509_CA_TEMPLATE_EKU },
-    { "KeyUsage", HX509_CA_TEMPLATE_KU },
-    { "SPKI", HX509_CA_TEMPLATE_SPKI },
-    { "notAfter", HX509_CA_TEMPLATE_NOTAFTER },
-    { "notBefore", HX509_CA_TEMPLATE_NOTBEFORE },
-    { "serial", HX509_CA_TEMPLATE_SERIAL },
-    { "subject", HX509_CA_TEMPLATE_SUBJECT },
-    { NULL, 0 }
-};
-
-/**
- * Make of template units, use to build flags argument to
- * hx509_ca_tbs_set_template() with parse_units().
- *
- * @return an units structure.
- *
- * @ingroup hx509_ca
- */
-
-const struct units *
-hx509_ca_tbs_template_units(void)
-{
-    return templatebits;
-}
-
-/**
- * Initialize the to-be-signed certificate object from a template certifiate.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param flags bit field selecting what to copy from the template
- * certifiate.
- * @param cert template certificate.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_set_template(hx509_context context,
-			  hx509_ca_tbs tbs,
-			  int flags,
-			  hx509_cert cert)
-{
-    int ret;
-
-    if (flags & HX509_CA_TEMPLATE_SUBJECT) {
-	if (tbs->subject)
-	    hx509_name_free(&tbs->subject);
-	ret = hx509_cert_get_subject(cert, &tbs->subject);
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret, 
-				   "Failed to get subject from template");
-	    return ret;
-	}
-    }
-    if (flags & HX509_CA_TEMPLATE_SERIAL) {
-	der_free_heim_integer(&tbs->serial);
-	ret = hx509_cert_get_serialnumber(cert, &tbs->serial);
-	tbs->flags.serial = !ret;
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret, 
-				   "Failed to copy serial number");
-	    return ret;
-	}
-    }
-    if (flags & HX509_CA_TEMPLATE_NOTBEFORE)
-	tbs->notBefore = hx509_cert_get_notBefore(cert);
-    if (flags & HX509_CA_TEMPLATE_NOTAFTER)
-	tbs->notAfter = hx509_cert_get_notAfter(cert);
-    if (flags & HX509_CA_TEMPLATE_SPKI) {
-	free_SubjectPublicKeyInfo(&tbs->spki);
-	ret = hx509_cert_get_SPKI(context, cert, &tbs->spki);
-	tbs->flags.key = !ret;
-	if (ret)
-	    return ret;
-    }
-    if (flags & HX509_CA_TEMPLATE_KU) {
-	KeyUsage ku;
-	ret = _hx509_cert_get_keyusage(context, cert, &ku);
-	if (ret)
-	    return ret;
-	tbs->key_usage = KeyUsage2int(ku);
-    }
-    if (flags & HX509_CA_TEMPLATE_EKU) {
-	ExtKeyUsage eku;
-	int i;
-	ret = _hx509_cert_get_eku(context, cert, &eku);
-	if (ret)
-	    return ret;
-	for (i = 0; i < eku.len; i++) {
-	    ret = hx509_ca_tbs_add_eku(context, tbs, &eku.val[i]);
-	    if (ret) {
-		free_ExtKeyUsage(&eku);
-		return ret;
-	    }
-	}
-	free_ExtKeyUsage(&eku);
-    }
-    return 0;
-}
-
-/**
- * Make the to-be-signed certificate object a CA certificate. If the
- * pathLenConstraint is negative path length constraint is used.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param pathLenConstraint path length constraint, negative, no
- * constraint.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_set_ca(hx509_context context,
-		    hx509_ca_tbs tbs,
-		    int pathLenConstraint)
-{
-    tbs->flags.ca = 1;
-    tbs->pathLenConstraint = pathLenConstraint;
-    return 0;
-}
-
-/**
- * Make the to-be-signed certificate object a proxy certificate. If the
- * pathLenConstraint is negative path length constraint is used.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param pathLenConstraint path length constraint, negative, no
- * constraint.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_set_proxy(hx509_context context,
-		       hx509_ca_tbs tbs,
-		       int pathLenConstraint)
-{
-    tbs->flags.proxy = 1;
-    tbs->pathLenConstraint = pathLenConstraint;
-    return 0;
-}
-
-
-/**
- * Make the to-be-signed certificate object a windows domain controller certificate.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_set_domaincontroller(hx509_context context,
-				  hx509_ca_tbs tbs)
-{
-    tbs->flags.domaincontroller = 1;
-    return 0;
-}
-
-/**
- * Set the subject public key info (SPKI) in the to-be-signed certificate
- * object. SPKI is the public key and key related parameters in the
- * certificate.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param spki subject public key info to use for the to-be-signed certificate object.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_set_spki(hx509_context context,
-		      hx509_ca_tbs tbs,
-		      const SubjectPublicKeyInfo *spki)
-{
-    int ret;
-    free_SubjectPublicKeyInfo(&tbs->spki);
-    ret = copy_SubjectPublicKeyInfo(spki, &tbs->spki);
-    tbs->flags.key = !ret;
-    return ret;
-}
-
-/**
- * Set the serial number to use for to-be-signed certificate object.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param serialNumber serial number to use for the to-be-signed
- * certificate object.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_set_serialnumber(hx509_context context,
-			      hx509_ca_tbs tbs,
-			      const heim_integer *serialNumber)
-{
-    int ret;
-    der_free_heim_integer(&tbs->serial);
-    ret = der_copy_heim_integer(serialNumber, &tbs->serial);
-    tbs->flags.serial = !ret;
-    return ret;
-}
-
-/**
- * An an extended key usage to the to-be-signed certificate object.
- * Duplicates will detected and not added.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param oid extended key usage to add.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_add_eku(hx509_context context,
-		     hx509_ca_tbs tbs,
-		     const heim_oid *oid)
-{
-    void *ptr;
-    int ret;
-    unsigned i;
-
-    /* search for duplicates */
-    for (i = 0; i < tbs->eku.len; i++) {
-	if (der_heim_oid_cmp(oid, &tbs->eku.val[i]) == 0)
-	    return 0;
-    }
-
-    ptr = realloc(tbs->eku.val, sizeof(tbs->eku.val[0]) * (tbs->eku.len + 1));
-    if (ptr == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-    tbs->eku.val = ptr;
-    ret = der_copy_oid(oid, &tbs->eku.val[tbs->eku.len]);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "out of memory");
-	return ret;
-    }
-    tbs->eku.len += 1;
-    return 0;
-}
-
-/**
- * Add CRL distribution point URI to the to-be-signed certificate
- * object.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param uri uri to the CRL.
- * @param issuername name of the issuer.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_add_crl_dp_uri(hx509_context context,
-			    hx509_ca_tbs tbs,
-			    const char *uri,
-			    hx509_name issuername)
-{
-    DistributionPoint dp;
-    int ret;
-
-    memset(&dp, 0, sizeof(dp));
-    
-    dp.distributionPoint = ecalloc(1, sizeof(*dp.distributionPoint));
-
-    {
-	DistributionPointName name;
-	GeneralName gn;
-	size_t size;
-
-	name.element = choice_DistributionPointName_fullName;
-	name.u.fullName.len = 1;
-	name.u.fullName.val = &gn;
-
-	gn.element = choice_GeneralName_uniformResourceIdentifier;
-	gn.u.uniformResourceIdentifier = rk_UNCONST(uri);
-
-	ASN1_MALLOC_ENCODE(DistributionPointName, 
-			   dp.distributionPoint->data, 
-			   dp.distributionPoint->length,
-			   &name, &size, ret);
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret,
-				   "Failed to encoded DistributionPointName");
-	    goto out;
-	}
-	if (dp.distributionPoint->length != size)
-	    _hx509_abort("internal ASN.1 encoder error");
-    }
-
-    if (issuername) {
-#if 1
-	/**
-	 * issuername not supported
-	 */
-	hx509_set_error_string(context, 0, EINVAL,
-			       "CRLDistributionPoints.name.issuername not yet supported");
-	return EINVAL;
-#else 
-	GeneralNames *crlissuer;
-	GeneralName gn;
-	Name n;
-
-	crlissuer = calloc(1, sizeof(*crlissuer));
-	if (crlissuer == NULL) {
-	    return ENOMEM;
-	}
-	memset(&gn, 0, sizeof(gn));
-
-	gn.element = choice_GeneralName_directoryName;
-	ret = hx509_name_to_Name(issuername, &n);
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret, "out of memory");
-	    goto out;
-	}
-
-	gn.u.directoryName.element = n.element;
-	gn.u.directoryName.u.rdnSequence = n.u.rdnSequence;
-
-	ret = add_GeneralNames(&crlissuer, &gn);
-	free_Name(&n);
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret, "out of memory");
-	    goto out;
-	}
-
-	dp.cRLIssuer = &crlissuer;
-#endif
-    }
-
-    ret = add_CRLDistributionPoints(&tbs->crldp, &dp);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "out of memory");
-	goto out;
-    }
-
-out:
-    free_DistributionPoint(&dp);
-
-    return ret;
-}
-
-/**
- * Add Subject Alternative Name otherName to the to-be-signed
- * certificate object.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param oid the oid of the OtherName.
- * @param os data in the other name.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_add_san_otherName(hx509_context context,
-			       hx509_ca_tbs tbs,
-			       const heim_oid *oid,
-			       const heim_octet_string *os)
-{
-    GeneralName gn;
-
-    memset(&gn, 0, sizeof(gn));
-    gn.element = choice_GeneralName_otherName;
-    gn.u.otherName.type_id = *oid;
-    gn.u.otherName.value = *os;
-    
-    return add_GeneralNames(&tbs->san, &gn);
-}
-
-/**
- * Add Kerberos Subject Alternative Name to the to-be-signed
- * certificate object. The principal string is a UTF8 string.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param principal Kerberos principal to add to the certificate.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_add_san_pkinit(hx509_context context,
-			    hx509_ca_tbs tbs,
-			    const char *principal)
-{
-    heim_octet_string os;
-    KRB5PrincipalName p;
-    size_t size;
-    int ret;
-    char *s = NULL;
-
-    memset(&p, 0, sizeof(p));
-
-    /* parse principal */
-    {
-	const char *str;
-	char *q;
-	int n;
-	
-	/* count number of component */
-	n = 1;
-	for(str = principal; *str != '\0' && *str != '@'; str++){
-	    if(*str=='\\'){
-		if(str[1] == '\0' || str[1] == '@') {
-		    ret = HX509_PARSING_NAME_FAILED;
-		    hx509_set_error_string(context, 0, ret, 
-					   "trailing \\ in principal name");
-		    goto out;
-		}
-		str++;
-	    } else if(*str == '/')
-		n++;
-	}
-	p.principalName.name_string.val = 
-	    calloc(n, sizeof(*p.principalName.name_string.val));
-	if (p.principalName.name_string.val == NULL) {
-	    ret = ENOMEM;
-	    hx509_set_error_string(context, 0, ret, "malloc: out of memory");
-	    goto out;
-	}
-	p.principalName.name_string.len = n;
-	
-	p.principalName.name_type = KRB5_NT_PRINCIPAL;
-	q = s = strdup(principal);
-	if (q == NULL) {
-	    ret = ENOMEM;
-	    hx509_set_error_string(context, 0, ret, "malloc: out of memory");
-	    goto out;
-	}
-	p.realm = strrchr(q, '@');
-	if (p.realm == NULL) {
-	    ret = HX509_PARSING_NAME_FAILED;
-	    hx509_set_error_string(context, 0, ret, "Missing @ in principal");
-	    goto out;
-	};
-	*p.realm++ = '\0';
-
-	n = 0;
-	while (q) {
-	    p.principalName.name_string.val[n++] = q;
-	    q = strchr(q, '/');
-	    if (q)
-		*q++ = '\0';
-	}
-    }
-    
-    ASN1_MALLOC_ENCODE(KRB5PrincipalName, os.data, os.length, &p, &size, ret);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "Out of memory");
-	goto out;
-    }
-    if (size != os.length)
-	_hx509_abort("internal ASN.1 encoder error");
-    
-    ret = hx509_ca_tbs_add_san_otherName(context,
-					 tbs,
-					 oid_id_pkinit_san(),
-					 &os);
-    free(os.data);
-out:
-    if (p.principalName.name_string.val)
-	free (p.principalName.name_string.val);
-    if (s)
-	free(s);
-    return ret;
-}
-    
-/*
- *
- */
-
-static int
-add_utf8_san(hx509_context context,
-	     hx509_ca_tbs tbs,
-	     const heim_oid *oid,
-	     const char *string)
-{
-    const PKIXXmppAddr ustring = (const PKIXXmppAddr)string;
-    heim_octet_string os;
-    size_t size;
-    int ret;
-
-    os.length = 0;
-    os.data = NULL;
-
-    ASN1_MALLOC_ENCODE(PKIXXmppAddr, os.data, os.length, &ustring, &size, ret);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "Out of memory");
-	goto out;
-    }
-    if (size != os.length)
-	_hx509_abort("internal ASN.1 encoder error");
-    
-    ret = hx509_ca_tbs_add_san_otherName(context,
-					 tbs,
-					 oid,
-					 &os);
-    free(os.data);
-out:
-    return ret;
-}
-
-/**
- * Add Microsoft UPN Subject Alternative Name to the to-be-signed
- * certificate object. The principal string is a UTF8 string.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param principal Microsoft UPN string.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_add_san_ms_upn(hx509_context context,
-			    hx509_ca_tbs tbs,
-			    const char *principal)
-{
-    return add_utf8_san(context, tbs, oid_id_pkinit_ms_san(), principal);
-}
-
-/**
- * Add a Jabber/XMPP jid Subject Alternative Name to the to-be-signed
- * certificate object. The jid is an UTF8 string.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param jid string of an a jabber id in UTF8.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_add_san_jid(hx509_context context,
-			 hx509_ca_tbs tbs,
-			 const char *jid)
-{
-    return add_utf8_san(context, tbs, oid_id_pkix_on_xmppAddr(), jid);
-}
-
-
-/**
- * Add a Subject Alternative Name hostname to to-be-signed certificate
- * object. A domain match starts with ., an exact match does not.
- *
- * Example of a an domain match: .domain.se matches the hostname
- * host.domain.se.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param dnsname a hostame.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_add_san_hostname(hx509_context context,
-			      hx509_ca_tbs tbs,
-			      const char *dnsname)
-{
-    GeneralName gn;
-
-    memset(&gn, 0, sizeof(gn));
-    gn.element = choice_GeneralName_dNSName;
-    gn.u.dNSName = rk_UNCONST(dnsname);
-    
-    return add_GeneralNames(&tbs->san, &gn);
-}
-
-/**
- * Add a Subject Alternative Name rfc822 (email address) to
- * to-be-signed certificate object.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param rfc822Name a string to a email address.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_add_san_rfc822name(hx509_context context,
-				hx509_ca_tbs tbs,
-				const char *rfc822Name)
-{
-    GeneralName gn;
-
-    memset(&gn, 0, sizeof(gn));
-    gn.element = choice_GeneralName_rfc822Name;
-    gn.u.rfc822Name = rk_UNCONST(rfc822Name);
-    
-    return add_GeneralNames(&tbs->san, &gn);
-}
-
-/**
- * Set the subject name of a to-be-signed certificate object.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param subject the name to set a subject.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_set_subject(hx509_context context,
-			 hx509_ca_tbs tbs,
-			 hx509_name subject)
-{
-    if (tbs->subject)
-	hx509_name_free(&tbs->subject);
-    return hx509_name_copy(context, subject, &tbs->subject);
-}
-
-/**
- * Expand the the subject name in the to-be-signed certificate object
- * using hx509_name_expand().
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param env enviroment variable to expand variables in the subject
- * name, see hx509_env_init().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_tbs_subject_expand(hx509_context context,
-			    hx509_ca_tbs tbs,
-			    hx509_env env)
-{
-    return hx509_name_expand(context, tbs->subject, env);
-}
-
-static int
-add_extension(hx509_context context,
-	      TBSCertificate *tbsc,
-	      int critical_flag,
-	      const heim_oid *oid,
-	      const heim_octet_string *data)
-{
-    Extension ext;
-    int ret;
-
-    memset(&ext, 0, sizeof(ext));
-
-    if (critical_flag) {
-	ext.critical = malloc(sizeof(*ext.critical));
-	if (ext.critical == NULL) {
-	    ret = ENOMEM;
-	    hx509_set_error_string(context, 0, ret, "Out of memory");
-	    goto out;
-	}
-	*ext.critical = TRUE;
-    }
-
-    ret = der_copy_oid(oid, &ext.extnID);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "Out of memory");
-	goto out;
-    }
-    ret = der_copy_octet_string(data, &ext.extnValue);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "Out of memory");
-	goto out;
-    }
-    ret = add_Extensions(tbsc->extensions, &ext);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "Out of memory");
-	goto out;
-    }
-out:
-    free_Extension(&ext);
-    return ret;
-}
-
-static int
-build_proxy_prefix(hx509_context context, const Name *issuer, Name *subject)
-{
-    char *tstr;
-    time_t t;
-    int ret;
-
-    ret = copy_Name(issuer, subject);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret,
-			       "Failed to copy subject name");
-	return ret;
-    }
-
-    t = time(NULL);
-    asprintf(&tstr, "ts-%lu", (unsigned long)t);
-    if (tstr == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM,
-			       "Failed to copy subject name");
-	return ENOMEM;
-    }
-    /* prefix with CN=<ts>,...*/
-    ret = _hx509_name_modify(context, subject, 1, oid_id_at_commonName(), tstr);
-    free(tstr);
-    if (ret)
-	free_Name(subject);
-    return ret;
-}
-
-static int
-ca_sign(hx509_context context,
-	hx509_ca_tbs tbs,
-	hx509_private_key signer,
-	const AuthorityKeyIdentifier *ai,
-	const Name *issuername,
-	hx509_cert *certificate)
-{
-    heim_octet_string data;
-    Certificate c;
-    TBSCertificate *tbsc;
-    size_t size;
-    int ret;
-    const AlgorithmIdentifier *sigalg;
-    time_t notBefore;
-    time_t notAfter;
-    unsigned key_usage;
-
-    sigalg = _hx509_crypto_default_sig_alg;
-
-    memset(&c, 0, sizeof(c));
-
-    /*
-     * Default values are: Valid since 24h ago, valid one year into
-     * the future, KeyUsage digitalSignature and keyEncipherment set,
-     * and keyCertSign for CA certificates.
-     */
-    notBefore = tbs->notBefore;
-    if (notBefore == 0)
-	notBefore = time(NULL) - 3600 * 24;
-    notAfter = tbs->notAfter;
-    if (notAfter == 0)
-	notAfter = time(NULL) + 3600 * 24 * 365;
-
-    key_usage = tbs->key_usage;
-    if (key_usage == 0) {
-	KeyUsage ku;
-	memset(&ku, 0, sizeof(ku));
-	ku.digitalSignature = 1;
-	ku.keyEncipherment = 1;
-	key_usage = KeyUsage2int(ku);
-    }
-
-    if (tbs->flags.ca) {
-	KeyUsage ku;
-	memset(&ku, 0, sizeof(ku));
-	ku.keyCertSign = 1;
-	ku.cRLSign = 1;
-	key_usage |= KeyUsage2int(ku);
-    }
-
-    /*
-     *
-     */
-
-    tbsc = &c.tbsCertificate;
-
-    if (tbs->flags.key == 0) {
-	ret = EINVAL;
-	hx509_set_error_string(context, 0, ret, "No public key set");
-	return ret;
-    }
-    /*
-     * Don't put restrictions on proxy certificate's subject name, it
-     * will be generated below.
-     */
-    if (!tbs->flags.proxy) {
-	if (tbs->subject == NULL) {
-	    hx509_set_error_string(context, 0, EINVAL, "No subject name set");
-	    return EINVAL;
-	}
-	if (hx509_name_is_null_p(tbs->subject) && tbs->san.len == 0) {
-	    hx509_set_error_string(context, 0, EINVAL, 
-				   "NULL subject and no SubjectAltNames");
-	    return EINVAL;
-	}
-    }
-    if (tbs->flags.ca && tbs->flags.proxy) {
-	hx509_set_error_string(context, 0, EINVAL, "Can't be proxy and CA "
-			       "at the same time");
-	return EINVAL;
-    }
-    if (tbs->flags.proxy) {
-	if (tbs->san.len > 0) {
-	    hx509_set_error_string(context, 0, EINVAL, 
-				   "Proxy certificate is not allowed "
-				   "to have SubjectAltNames");
-	    return EINVAL;
-	}
-    }
-
-    /* version         [0]  Version OPTIONAL, -- EXPLICIT nnn DEFAULT 1, */
-    tbsc->version = calloc(1, sizeof(*tbsc->version));
-    if (tbsc->version == NULL) {
-	ret = ENOMEM;
-	hx509_set_error_string(context, 0, ret, "Out of memory");
-	goto out;
-    }
-    *tbsc->version = rfc3280_version_3;
-    /* serialNumber         CertificateSerialNumber, */
-    if (tbs->flags.serial) {
-	ret = der_copy_heim_integer(&tbs->serial, &tbsc->serialNumber);
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret, "Out of memory");
-	    goto out;
-	}
-    } else {
-	tbsc->serialNumber.length = 20;
-	tbsc->serialNumber.data = malloc(tbsc->serialNumber.length);
-	if (tbsc->serialNumber.data == NULL){
-	    ret = ENOMEM;
-	    hx509_set_error_string(context, 0, ret, "Out of memory");
-	    goto out;
-	}
-	/* XXX diffrent */
-	RAND_bytes(tbsc->serialNumber.data, tbsc->serialNumber.length);
-	((unsigned char *)tbsc->serialNumber.data)[0] &= 0x7f;
-    }
-    /* signature            AlgorithmIdentifier, */
-    ret = copy_AlgorithmIdentifier(sigalg, &tbsc->signature);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "Failed to copy sigature alg");
-	goto out;
-    }
-    /* issuer               Name, */
-    if (issuername)
-	ret = copy_Name(issuername, &tbsc->issuer);
-    else
-	ret = hx509_name_to_Name(tbs->subject, &tbsc->issuer);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "Failed to copy issuer name");
-	goto out;
-    }
-    /* validity             Validity, */
-    tbsc->validity.notBefore.element = choice_Time_generalTime;
-    tbsc->validity.notBefore.u.generalTime = notBefore;
-    tbsc->validity.notAfter.element = choice_Time_generalTime;
-    tbsc->validity.notAfter.u.generalTime = notAfter;
-    /* subject              Name, */
-    if (tbs->flags.proxy) {
-	ret = build_proxy_prefix(context, &tbsc->issuer, &tbsc->subject);
-	if (ret)
-	    goto out;
-    } else {
-	ret = hx509_name_to_Name(tbs->subject, &tbsc->subject);
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret,
-				   "Failed to copy subject name");
-	    goto out;
-	}
-    }
-    /* subjectPublicKeyInfo SubjectPublicKeyInfo, */
-    ret = copy_SubjectPublicKeyInfo(&tbs->spki, &tbsc->subjectPublicKeyInfo);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "Failed to copy spki");
-	goto out;
-    }
-    /* issuerUniqueID  [1]  IMPLICIT BIT STRING OPTIONAL */
-    /* subjectUniqueID [2]  IMPLICIT BIT STRING OPTIONAL */
-    /* extensions      [3]  EXPLICIT Extensions OPTIONAL */
-    tbsc->extensions = calloc(1, sizeof(*tbsc->extensions));
-    if (tbsc->extensions == NULL) {
-	ret = ENOMEM;
-	hx509_set_error_string(context, 0, ret, "Out of memory");
-	goto out;
-    }
-    
-    /* Add the text BMP string Domaincontroller to the cert */
-    if (tbs->flags.domaincontroller) {
-	data.data = rk_UNCONST("\x1e\x20\x00\x44\x00\x6f\x00\x6d"
-			       "\x00\x61\x00\x69\x00\x6e\x00\x43"
-			       "\x00\x6f\x00\x6e\x00\x74\x00\x72"
-			       "\x00\x6f\x00\x6c\x00\x6c\x00\x65"
-			       "\x00\x72");
-	data.length = 34;
-
-	ret = add_extension(context, tbsc, 0,
-			    oid_id_ms_cert_enroll_domaincontroller(),
-			    &data);
-	if (ret)
-	    goto out;
-    }
-
-    /* add KeyUsage */
-    {
-	KeyUsage ku;
-
-	ku = int2KeyUsage(key_usage);
-	ASN1_MALLOC_ENCODE(KeyUsage, data.data, data.length, &ku, &size, ret);
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret, "Out of memory");
-	    goto out;
-	}
-	if (size != data.length)
-	    _hx509_abort("internal ASN.1 encoder error");
-	ret = add_extension(context, tbsc, 1,
-			    oid_id_x509_ce_keyUsage(), &data);
-	free(data.data);
-	if (ret)
-	    goto out;
-    }
-
-    /* add ExtendedKeyUsage */
-    if (tbs->eku.len > 0) {
-	ASN1_MALLOC_ENCODE(ExtKeyUsage, data.data, data.length, 
-			   &tbs->eku, &size, ret);
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret, "Out of memory");
-	    goto out;
-	}
-	if (size != data.length)
-	    _hx509_abort("internal ASN.1 encoder error");
-	ret = add_extension(context, tbsc, 0,
-			    oid_id_x509_ce_extKeyUsage(), &data);
-	free(data.data);
-	if (ret)
-	    goto out;
-    }
-
-    /* add Subject Alternative Name */
-    if (tbs->san.len > 0) {
-	ASN1_MALLOC_ENCODE(GeneralNames, data.data, data.length, 
-			   &tbs->san, &size, ret);
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret, "Out of memory");
-	    goto out;
-	}
-	if (size != data.length)
-	    _hx509_abort("internal ASN.1 encoder error");
-	ret = add_extension(context, tbsc, 0,
-			    oid_id_x509_ce_subjectAltName(),
-			    &data);
-	free(data.data);
-	if (ret)
-	    goto out;
-    }
-
-    /* Add Authority Key Identifier */
-    if (ai) {
-	ASN1_MALLOC_ENCODE(AuthorityKeyIdentifier, data.data, data.length, 
-			   ai, &size, ret);
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret, "Out of memory");
-	    goto out;
-	}
-	if (size != data.length)
-	    _hx509_abort("internal ASN.1 encoder error");
-	ret = add_extension(context, tbsc, 0,
-			    oid_id_x509_ce_authorityKeyIdentifier(),
-			    &data);
-	free(data.data);
-	if (ret)
-	    goto out;
-    }
-
-    /* Add Subject Key Identifier */
-    {
-	SubjectKeyIdentifier si;
-	unsigned char hash[SHA_DIGEST_LENGTH];
-
-	{
-	    SHA_CTX m;
-	    
-	    SHA1_Init(&m);
-	    SHA1_Update(&m, tbs->spki.subjectPublicKey.data,
-			tbs->spki.subjectPublicKey.length / 8);
-	    SHA1_Final (hash, &m);
-	}
-
-	si.data = hash;
-	si.length = sizeof(hash);
-
-	ASN1_MALLOC_ENCODE(SubjectKeyIdentifier, data.data, data.length, 
-			   &si, &size, ret);
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret, "Out of memory");
-	    goto out;
-	}
-	if (size != data.length)
-	    _hx509_abort("internal ASN.1 encoder error");
-	ret = add_extension(context, tbsc, 0,
-			    oid_id_x509_ce_subjectKeyIdentifier(),
-			    &data);
-	free(data.data);
-	if (ret)
-	    goto out;
-    }
-
-    /* Add BasicConstraints */ 
-    {
-	BasicConstraints bc;
-	int aCA = 1;
-	uint32_t path;
-
-	memset(&bc, 0, sizeof(bc));
-
-	if (tbs->flags.ca) {
-	    bc.cA = &aCA;
-	    if (tbs->pathLenConstraint >= 0) {
-		path = tbs->pathLenConstraint;
-		bc.pathLenConstraint = &path;
-	    }
-	}
-
-	ASN1_MALLOC_ENCODE(BasicConstraints, data.data, data.length, 
-			   &bc, &size, ret);
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret, "Out of memory");
-	    goto out;
-	}
-	if (size != data.length)
-	    _hx509_abort("internal ASN.1 encoder error");
-	/* Critical if this is a CA */
-	ret = add_extension(context, tbsc, tbs->flags.ca,
-			    oid_id_x509_ce_basicConstraints(),
-			    &data);
-	free(data.data);
-	if (ret)
-	    goto out;
-    }
-
-    /* add Proxy */
-    if (tbs->flags.proxy) {
-	ProxyCertInfo info;
-
-	memset(&info, 0, sizeof(info));
-
-	if (tbs->pathLenConstraint >= 0) {
-	    info.pCPathLenConstraint = 
-		malloc(sizeof(*info.pCPathLenConstraint));
-	    if (info.pCPathLenConstraint == NULL) {
-		ret = ENOMEM;
-		hx509_set_error_string(context, 0, ret, "Out of memory");
-		goto out;
-	    }
-	    *info.pCPathLenConstraint = tbs->pathLenConstraint;
-	}
-
-	ret = der_copy_oid(oid_id_pkix_ppl_inheritAll(),
-			   &info.proxyPolicy.policyLanguage);
-	if (ret) {
-	    free_ProxyCertInfo(&info);
-	    hx509_set_error_string(context, 0, ret, "Out of memory");
-	    goto out;
-	}
-
-	ASN1_MALLOC_ENCODE(ProxyCertInfo, data.data, data.length, 
-			   &info, &size, ret);
-	free_ProxyCertInfo(&info);
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret, "Out of memory");
-	    goto out;
-	}
-	if (size != data.length)
-	    _hx509_abort("internal ASN.1 encoder error");
-	ret = add_extension(context, tbsc, 0,
-			    oid_id_pkix_pe_proxyCertInfo(),
-			    &data);
-	free(data.data);
-	if (ret)
-	    goto out;
-    }
-
-    if (tbs->crldp.len) {
-
-	ASN1_MALLOC_ENCODE(CRLDistributionPoints, data.data, data.length,
-			   &tbs->crldp, &size, ret);
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret, "Out of memory");
-	    goto out;
-	}
-	if (size != data.length)
-	    _hx509_abort("internal ASN.1 encoder error");
-	ret = add_extension(context, tbsc, FALSE,
-			    oid_id_x509_ce_cRLDistributionPoints(),
-			    &data);
-	free(data.data);
-	if (ret)
-	    goto out;
-    }
-
-    ASN1_MALLOC_ENCODE(TBSCertificate, data.data, data.length,tbsc, &size, ret);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "malloc out of memory");
-	goto out;
-    }
-    if (data.length != size)
-	_hx509_abort("internal ASN.1 encoder error");
-
-    ret = _hx509_create_signature_bitstring(context,
-					    signer,
-					    sigalg,
-					    &data,
-					    &c.signatureAlgorithm,
-					    &c.signatureValue);
-    free(data.data);
-    if (ret)
-	goto out;
-
-    ret = hx509_cert_init(context, &c, certificate);
-    if (ret)
-	goto out;
-
-    free_Certificate(&c);
-
-    return 0;
-
-out:
-    free_Certificate(&c);
-    return ret;
-}
-
-static int
-get_AuthorityKeyIdentifier(hx509_context context,
-			   const Certificate *certificate,
-			   AuthorityKeyIdentifier *ai)
-{
-    SubjectKeyIdentifier si;
-    int ret;
-
-    ret = _hx509_find_extension_subject_key_id(certificate, &si);
-    if (ret == 0) {
-	ai->keyIdentifier = calloc(1, sizeof(*ai->keyIdentifier));
-	if (ai->keyIdentifier == NULL) {
-	    free_SubjectKeyIdentifier(&si);
-	    ret = ENOMEM;
-	    hx509_set_error_string(context, 0, ret, "Out of memory");
-	    goto out;
-	}
-	ret = der_copy_octet_string(&si, ai->keyIdentifier);
-	free_SubjectKeyIdentifier(&si);
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret, "Out of memory");
-	    goto out;
-	}
-    } else {
-	GeneralNames gns;
-	GeneralName gn;
-	Name name;
-
-	memset(&gn, 0, sizeof(gn));
-	memset(&gns, 0, sizeof(gns));
-	memset(&name, 0, sizeof(name));
-
-	ai->authorityCertIssuer = 
-	    calloc(1, sizeof(*ai->authorityCertIssuer));
-	if (ai->authorityCertIssuer == NULL) {
-	    ret = ENOMEM;
-	    hx509_set_error_string(context, 0, ret, "Out of memory");
-	    goto out;
-	}
-	ai->authorityCertSerialNumber = 
-	    calloc(1, sizeof(*ai->authorityCertSerialNumber));
-	if (ai->authorityCertSerialNumber == NULL) {
-	    ret = ENOMEM;
-	    hx509_set_error_string(context, 0, ret, "Out of memory");
-	    goto out;
-	}
-
-	/* 
-	 * XXX unbreak when asn1 compiler handle IMPLICIT
-	 *
-	 * This is so horrible.
-	 */
-
-	ret = copy_Name(&certificate->tbsCertificate.subject, &name);
-	if (ai->authorityCertSerialNumber == NULL) {
-	    ret = ENOMEM;
-	    hx509_set_error_string(context, 0, ret, "Out of memory");
-	    goto out;
-	}
-
-	memset(&gn, 0, sizeof(gn));
-	gn.element = choice_GeneralName_directoryName;
-	gn.u.directoryName.element = 
-	    choice_GeneralName_directoryName_rdnSequence;
-	gn.u.directoryName.u.rdnSequence = name.u.rdnSequence;
-
-	ret = add_GeneralNames(&gns, &gn);
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret, "Out of memory");
-	    goto out;
-	}
-
-	ai->authorityCertIssuer->val = gns.val;
-	ai->authorityCertIssuer->len = gns.len;
-
-	ret = der_copy_heim_integer(&certificate->tbsCertificate.serialNumber,
-				    ai->authorityCertSerialNumber);
-	if (ai->authorityCertSerialNumber == NULL) {
-	    ret = ENOMEM;
-	    hx509_set_error_string(context, 0, ret, "Out of memory");
-	    goto out;
-	}
-    }
-out:
-    if (ret)
-	free_AuthorityKeyIdentifier(ai);
-    return ret;
-}
-
-
-/**
- * Sign a to-be-signed certificate object with a issuer certificate. 
- *
- * The caller needs to at least have called the following functions on the
- * to-be-signed certificate object:
- * - hx509_ca_tbs_init()
- * - hx509_ca_tbs_set_subject()
- * - hx509_ca_tbs_set_spki()
- *
- * When done the to-be-signed certificate object should be freed with
- * hx509_ca_tbs_free().
- *
- * When creating self-signed certificate use hx509_ca_sign_self() instead.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param signer the CA certificate object to sign with (need private key).
- * @param certificate return cerificate, free with hx509_cert_free().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_sign(hx509_context context,
-	      hx509_ca_tbs tbs,
-	      hx509_cert signer,
-	      hx509_cert *certificate)
-{
-    const Certificate *signer_cert;
-    AuthorityKeyIdentifier ai;
-    int ret;
-
-    memset(&ai, 0, sizeof(ai));
-
-    signer_cert = _hx509_get_cert(signer);
-
-    ret = get_AuthorityKeyIdentifier(context, signer_cert, &ai);
-    if (ret)
-	goto out;
-
-    ret = ca_sign(context,
-		  tbs, 
-		  _hx509_cert_private_key(signer),
-		  &ai,
-		  &signer_cert->tbsCertificate.subject,
-		  certificate);
-
-out:
-    free_AuthorityKeyIdentifier(&ai);
-
-    return ret;
-}
-
-/**
- * Work just like hx509_ca_sign() but signs it-self.
- *
- * @param context A hx509 context.
- * @param tbs object to be signed.
- * @param signer private key to sign with.
- * @param certificate return cerificate, free with hx509_cert_free().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_ca
- */
-
-int
-hx509_ca_sign_self(hx509_context context,
-		   hx509_ca_tbs tbs,
-		   hx509_private_key signer,
-		   hx509_cert *certificate)
-{
-    return ca_sign(context,
-		   tbs, 
-		   signer,
-		   NULL,
-		   NULL,
-		   certificate);
-}
diff --git a/crypto/heimdal/lib/hx509/cert.c b/crypto/heimdal/lib/hx509/cert.c
deleted file mode 100644
index 1520e23cb1dd..000000000000
--- a/crypto/heimdal/lib/hx509/cert.c
+++ /dev/null
@@ -1,3108 +0,0 @@
-/*
- * Copyright (c) 2004 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-RCSID("$Id: cert.c 22450 2008-01-15 19:39:14Z lha $");
-#include "crypto-headers.h"
-#include <rtbl.h>
-
-/**
- * @page page_cert The basic certificate
- *
- * The basic hx509 cerificate object in hx509 is hx509_cert. The
- * hx509_cert object is representing one X509/PKIX certificate and
- * associated attributes; like private key, friendly name, etc.
- *
- * A hx509_cert object is usully found via the keyset interfaces (@ref
- * page_keyset), but its also possible to create a certificate
- * directly from a parsed object with hx509_cert_init() and
- * hx509_cert_init_data().
- *
- * See the library functions here: @ref hx509_cert
- */
-
-struct hx509_verify_ctx_data {
-    hx509_certs trust_anchors;
-    int flags;
-#define HX509_VERIFY_CTX_F_TIME_SET			1
-#define HX509_VERIFY_CTX_F_ALLOW_PROXY_CERTIFICATE	2
-#define HX509_VERIFY_CTX_F_REQUIRE_RFC3280		4
-#define HX509_VERIFY_CTX_F_CHECK_TRUST_ANCHORS		8
-#define HX509_VERIFY_CTX_F_NO_DEFAULT_ANCHORS		16
-    time_t time_now;
-    unsigned int max_depth;
-#define HX509_VERIFY_MAX_DEPTH 30
-    hx509_revoke_ctx revoke_ctx;
-};
-
-#define REQUIRE_RFC3280(ctx) ((ctx)->flags & HX509_VERIFY_CTX_F_REQUIRE_RFC3280)
-#define CHECK_TA(ctx) ((ctx)->flags & HX509_VERIFY_CTX_F_CHECK_TRUST_ANCHORS)
-#define ALLOW_DEF_TA(ctx) (((ctx)->flags & HX509_VERIFY_CTX_F_NO_DEFAULT_ANCHORS) == 0)
-
-struct _hx509_cert_attrs {
-    size_t len;
-    hx509_cert_attribute *val;
-};
-
-struct hx509_cert_data {
-    unsigned int ref;
-    char *friendlyname;
-    Certificate *data;
-    hx509_private_key private_key;
-    struct _hx509_cert_attrs attrs;
-    hx509_name basename;
-    _hx509_cert_release_func release;
-    void *ctx;
-};
-
-typedef struct hx509_name_constraints {
-    NameConstraints *val;
-    size_t len;
-} hx509_name_constraints;
-
-#define GeneralSubtrees_SET(g,var) \
-	(g)->len = (var)->len, (g)->val = (var)->val;
-
-/**
- * Creates a hx509 context that most functions in the library
- * uses. The context is only allowed to be used by one thread at each
- * moment. Free the context with hx509_context_free().
- *
- * @param context Returns a pointer to new hx509 context.
- *
- * @return Returns an hx509 error code.
- *
- * @ingroup hx509
- */
-
-int
-hx509_context_init(hx509_context *context)
-{
-    *context = calloc(1, sizeof(**context));
-    if (*context == NULL)
-	return ENOMEM;
-
-    _hx509_ks_null_register(*context);
-    _hx509_ks_mem_register(*context);
-    _hx509_ks_file_register(*context);
-    _hx509_ks_pkcs12_register(*context);
-    _hx509_ks_pkcs11_register(*context);
-    _hx509_ks_dir_register(*context);
-    _hx509_ks_keychain_register(*context);
-
-    ENGINE_add_conf_module();
-    OpenSSL_add_all_algorithms();
-
-    (*context)->ocsp_time_diff = HX509_DEFAULT_OCSP_TIME_DIFF;
-
-    initialize_hx_error_table_r(&(*context)->et_list);
-    initialize_asn1_error_table_r(&(*context)->et_list);
-
-#ifdef HX509_DEFAULT_ANCHORS
-    (void)hx509_certs_init(*context, HX509_DEFAULT_ANCHORS, 0,
-			   NULL, &(*context)->default_trust_anchors);
-#endif
-
-    return 0;
-}
-
-/**
- * Selects if the hx509_revoke_verify() function is going to require
- * the existans of a revokation method (OSCP, CRL) or not. Note that
- * hx509_verify_path(), hx509_cms_verify_signed(), and other function
- * call hx509_revoke_verify().
- * 
- * @param context hx509 context to change the flag for.
- * @param flag zero, revokation method required, non zero missing
- * revokation method ok
- *
- * @ingroup hx509_verify
- */
-
-void
-hx509_context_set_missing_revoke(hx509_context context, int flag)
-{
-    if (flag)
-	context->flags |= HX509_CTX_VERIFY_MISSING_OK;
-    else
-	context->flags &= ~HX509_CTX_VERIFY_MISSING_OK;
-}
-
-/**
- * Free the context allocated by hx509_context_init().
- * 
- * @param context context to be freed.
- *
- * @ingroup hx509
- */
-
-void
-hx509_context_free(hx509_context *context)
-{
-    hx509_clear_error_string(*context);
-    if ((*context)->ks_ops) {
-	free((*context)->ks_ops);
-	(*context)->ks_ops = NULL;
-    }
-    (*context)->ks_num_ops = 0;
-    free_error_table ((*context)->et_list);
-    if ((*context)->querystat)
-	free((*context)->querystat);
-    memset(*context, 0, sizeof(**context));
-    free(*context);
-    *context = NULL;
-}
-
-/*
- *
- */
-
-Certificate *
-_hx509_get_cert(hx509_cert cert)
-{
-    return cert->data;
-}
-
-/*
- *
- */
-
-int
-_hx509_cert_get_version(const Certificate *t)
-{
-    return t->tbsCertificate.version ? *t->tbsCertificate.version + 1 : 1;
-}
-
-/**
- * Allocate and init an hx509 certificate object from the decoded
- * certificate `c�.
- *
- * @param context A hx509 context.
- * @param c
- * @param cert
- *
- * @return Returns an hx509 error code.
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_cert_init(hx509_context context, const Certificate *c, hx509_cert *cert)
-{
-    int ret;
-
-    *cert = malloc(sizeof(**cert));
-    if (*cert == NULL)
-	return ENOMEM;
-    (*cert)->ref = 1;
-    (*cert)->friendlyname = NULL;
-    (*cert)->attrs.len = 0;
-    (*cert)->attrs.val = NULL;
-    (*cert)->private_key = NULL;
-    (*cert)->basename = NULL;
-    (*cert)->release = NULL;
-    (*cert)->ctx = NULL;
-
-    (*cert)->data = calloc(1, sizeof(*(*cert)->data));
-    if ((*cert)->data == NULL) {
-	free(*cert);
-	return ENOMEM;
-    }
-    ret = copy_Certificate(c, (*cert)->data);
-    if (ret) {
-	free((*cert)->data);
-	free(*cert);
-	*cert = NULL;
-    }
-    return ret;
-}
-
-/**
- * Just like hx509_cert_init(), but instead of a decode certificate
- * takes an pointer and length to a memory region that contains a
- * DER/BER encoded certificate.
- *
- * If the memory region doesn't contain just the certificate and
- * nothing more the function will fail with
- * HX509_EXTRA_DATA_AFTER_STRUCTURE.
- *
- * @param context A hx509 context.
- * @param ptr pointer to memory region containing encoded certificate.
- * @param len length of memory region.
- * @param cert a return pointer to a hx509 certificate object, will
- * contain NULL on error.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_cert_init_data(hx509_context context, 
-		     const void *ptr,
-		     size_t len,
-		     hx509_cert *cert)
-{
-    Certificate t;
-    size_t size;
-    int ret;
-
-    ret = decode_Certificate(ptr, len, &t, &size);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "Failed to decode certificate");
-	return ret;
-    }
-    if (size != len) {
-	hx509_set_error_string(context, 0, HX509_EXTRA_DATA_AFTER_STRUCTURE,
-			       "Extra data after certificate");
-	return HX509_EXTRA_DATA_AFTER_STRUCTURE;
-    }
-
-    ret = hx509_cert_init(context, &t, cert);
-    free_Certificate(&t);
-    return ret;
-}
-
-void
-_hx509_cert_set_release(hx509_cert cert, 
-			_hx509_cert_release_func release,
-			void *ctx)
-{
-    cert->release = release;
-    cert->ctx = ctx;
-}
-
-
-/* Doesn't make a copy of `private_key'. */
-
-int
-_hx509_cert_assign_key(hx509_cert cert, hx509_private_key private_key)
-{
-    if (cert->private_key)
-	_hx509_private_key_free(&cert->private_key);
-    cert->private_key = _hx509_private_key_ref(private_key);
-    return 0;
-}
-
-/**
- * Free reference to the hx509 certificate object, if the refcounter
- * reaches 0, the object if freed. Its allowed to pass in NULL.
- *
- * @param cert the cert to free.
- *
- * @ingroup hx509_cert
- */
-
-void
-hx509_cert_free(hx509_cert cert)
-{
-    int i;
-
-    if (cert == NULL)
-	return;
-
-    if (cert->ref <= 0)
-	_hx509_abort("cert refcount <= 0 on free");
-    if (--cert->ref > 0)
-	return;
-
-    if (cert->release)
-	(cert->release)(cert, cert->ctx);
-
-    if (cert->private_key)
-	_hx509_private_key_free(&cert->private_key);
-
-    free_Certificate(cert->data);
-    free(cert->data);
-
-    for (i = 0; i < cert->attrs.len; i++) {
-	der_free_octet_string(&cert->attrs.val[i]->data);
-	der_free_oid(&cert->attrs.val[i]->oid);
-	free(cert->attrs.val[i]);
-    }
-    free(cert->attrs.val);
-    free(cert->friendlyname);
-    if (cert->basename)
-	hx509_name_free(&cert->basename);
-    memset(cert, 0, sizeof(cert));
-    free(cert);
-}
-
-/**
- * Add a reference to a hx509 certificate object.
- *
- * @param cert a pointer to an hx509 certificate object.
- *
- * @return the same object as is passed in.
- *
- * @ingroup hx509_cert
- */
-
-hx509_cert
-hx509_cert_ref(hx509_cert cert)
-{
-    if (cert == NULL)
-	return NULL;
-    if (cert->ref <= 0)
-	_hx509_abort("cert refcount <= 0");
-    cert->ref++;
-    if (cert->ref == 0)
-	_hx509_abort("cert refcount == 0");
-    return cert;
-}
-
-/**
- * Allocate an verification context that is used fo control the
- * verification process. 
- *
- * @param context A hx509 context.
- * @param ctx returns a pointer to a hx509_verify_ctx object.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_verify
- */
-
-int
-hx509_verify_init_ctx(hx509_context context, hx509_verify_ctx *ctx)
-{
-    hx509_verify_ctx c;
-
-    c = calloc(1, sizeof(*c));
-    if (c == NULL)
-	return ENOMEM;
-
-    c->max_depth = HX509_VERIFY_MAX_DEPTH;
-
-    *ctx = c;
-    
-    return 0;
-}
-
-/**
- * Free an hx509 verification context.
- *
- * @param ctx the context to be freed.
- *
- * @ingroup hx509_verify
- */
-
-void
-hx509_verify_destroy_ctx(hx509_verify_ctx ctx)
-{
-    if (ctx) {
-	hx509_certs_free(&ctx->trust_anchors);
-	hx509_revoke_free(&ctx->revoke_ctx);
-	memset(ctx, 0, sizeof(*ctx));
-    }
-    free(ctx);
-}
-
-/**
- * Set the trust anchors in the verification context, makes an
- * reference to the keyset, so the consumer can free the keyset
- * independent of the destruction of the verification context (ctx).
- *
- * @param ctx a verification context
- * @param set a keyset containing the trust anchors.
- *
- * @ingroup hx509_verify
- */
-
-void
-hx509_verify_attach_anchors(hx509_verify_ctx ctx, hx509_certs set)
-{
-    ctx->trust_anchors = _hx509_certs_ref(set);
-}
-
-/**
- * Attach an revocation context to the verfication context, , makes an
- * reference to the revoke context, so the consumer can free the
- * revoke context independent of the destruction of the verification
- * context. If there is no revoke context, the verification process is
- * NOT going to check any verification status.
- *
- * @param ctx a verification context.
- * @param revoke_ctx a revoke context.
- *
- * @ingroup hx509_verify
- */
-
-void
-hx509_verify_attach_revoke(hx509_verify_ctx ctx, hx509_revoke_ctx revoke_ctx)
-{
-    if (ctx->revoke_ctx)
-	hx509_revoke_free(&ctx->revoke_ctx);
-    ctx->revoke_ctx = _hx509_revoke_ref(revoke_ctx);
-}
-
-/**
- * Set the clock time the the verification process is going to
- * use. Used to check certificate in the past and future time. If not
- * set the current time will be used.
- *
- * @param ctx a verification context.
- * @param t the time the verifiation is using.
- *
- *
- * @ingroup hx509_verify
- */
-
-void
-hx509_verify_set_time(hx509_verify_ctx ctx, time_t t)
-{
-    ctx->flags |= HX509_VERIFY_CTX_F_TIME_SET;
-    ctx->time_now = t;
-}
-
-/**
- * Set the maximum depth of the certificate chain that the path
- * builder is going to try.
- *
- * @param ctx a verification context
- * @param max_depth maxium depth of the certificate chain, include
- * trust anchor.
- *
- * @ingroup hx509_verify
- */
-
-void
-hx509_verify_set_max_depth(hx509_verify_ctx ctx, unsigned int max_depth)
-{
-    ctx->max_depth = max_depth;
-}
-
-/**
- * Allow or deny the use of proxy certificates
- *
- * @param ctx a verification context
- * @param boolean if non zero, allow proxy certificates.
- *
- * @ingroup hx509_verify
- */
-
-void
-hx509_verify_set_proxy_certificate(hx509_verify_ctx ctx, int boolean)
-{
-    if (boolean)
-	ctx->flags |= HX509_VERIFY_CTX_F_ALLOW_PROXY_CERTIFICATE;
-    else
-	ctx->flags &= ~HX509_VERIFY_CTX_F_ALLOW_PROXY_CERTIFICATE;
-}
-
-/**
- * Select strict RFC3280 verification of certificiates. This means
- * checking key usage on CA certificates, this will make version 1
- * certificiates unuseable.
- *
- * @param ctx a verification context
- * @param boolean if non zero, use strict verification.
- *
- * @ingroup hx509_verify
- */
-
-void
-hx509_verify_set_strict_rfc3280_verification(hx509_verify_ctx ctx, int boolean)
-{
-    if (boolean)
-	ctx->flags |= HX509_VERIFY_CTX_F_REQUIRE_RFC3280;
-    else
-	ctx->flags &= ~HX509_VERIFY_CTX_F_REQUIRE_RFC3280;
-}
-
-/**
- * Allow using the operating system builtin trust anchors if no other
- * trust anchors are configured.
- *
- * @param ctx a verification context
- * @param boolean if non zero, useing the operating systems builtin
- * trust anchors.
- *
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-void
-hx509_verify_ctx_f_allow_default_trustanchors(hx509_verify_ctx ctx, int boolean)
-{
-    if (boolean)
-	ctx->flags &= ~HX509_VERIFY_CTX_F_NO_DEFAULT_ANCHORS;
-    else
-	ctx->flags |= HX509_VERIFY_CTX_F_NO_DEFAULT_ANCHORS;
-}
-
-static const Extension *
-find_extension(const Certificate *cert, const heim_oid *oid, int *idx)
-{
-    const TBSCertificate *c = &cert->tbsCertificate;
-
-    if (c->version == NULL || *c->version < 2 || c->extensions == NULL)
-	return NULL;
-    
-    for (;*idx < c->extensions->len; (*idx)++) {
-	if (der_heim_oid_cmp(&c->extensions->val[*idx].extnID, oid) == 0)
-	    return &c->extensions->val[(*idx)++];
-    }
-    return NULL;
-}
-
-static int
-find_extension_auth_key_id(const Certificate *subject, 
-			   AuthorityKeyIdentifier *ai)
-{
-    const Extension *e;
-    size_t size;
-    int i = 0;
-
-    memset(ai, 0, sizeof(*ai));
-
-    e = find_extension(subject, oid_id_x509_ce_authorityKeyIdentifier(), &i);
-    if (e == NULL)
-	return HX509_EXTENSION_NOT_FOUND;
-    
-    return decode_AuthorityKeyIdentifier(e->extnValue.data, 
-					 e->extnValue.length, 
-					 ai, &size);
-}
-
-int
-_hx509_find_extension_subject_key_id(const Certificate *issuer,
-				     SubjectKeyIdentifier *si)
-{
-    const Extension *e;
-    size_t size;
-    int i = 0;
-
-    memset(si, 0, sizeof(*si));
-
-    e = find_extension(issuer, oid_id_x509_ce_subjectKeyIdentifier(), &i);
-    if (e == NULL)
-	return HX509_EXTENSION_NOT_FOUND;
-    
-    return decode_SubjectKeyIdentifier(e->extnValue.data, 
-				       e->extnValue.length,
-				       si, &size);
-}
-
-static int
-find_extension_name_constraints(const Certificate *subject, 
-				NameConstraints *nc)
-{
-    const Extension *e;
-    size_t size;
-    int i = 0;
-
-    memset(nc, 0, sizeof(*nc));
-
-    e = find_extension(subject, oid_id_x509_ce_nameConstraints(), &i);
-    if (e == NULL)
-	return HX509_EXTENSION_NOT_FOUND;
-    
-    return decode_NameConstraints(e->extnValue.data, 
-				  e->extnValue.length, 
-				  nc, &size);
-}
-
-static int
-find_extension_subject_alt_name(const Certificate *cert, int *i,
-				GeneralNames *sa)
-{
-    const Extension *e;
-    size_t size;
-
-    memset(sa, 0, sizeof(*sa));
-
-    e = find_extension(cert, oid_id_x509_ce_subjectAltName(), i);
-    if (e == NULL)
-	return HX509_EXTENSION_NOT_FOUND;
-    
-    return decode_GeneralNames(e->extnValue.data, 
-			       e->extnValue.length,
-			       sa, &size);
-}
-
-static int
-find_extension_eku(const Certificate *cert, ExtKeyUsage *eku)
-{
-    const Extension *e;
-    size_t size;
-    int i = 0;
-
-    memset(eku, 0, sizeof(*eku));
-
-    e = find_extension(cert, oid_id_x509_ce_extKeyUsage(), &i);
-    if (e == NULL)
-	return HX509_EXTENSION_NOT_FOUND;
-    
-    return decode_ExtKeyUsage(e->extnValue.data, 
-			      e->extnValue.length,
-			      eku, &size);
-}
-
-static int
-add_to_list(hx509_octet_string_list *list, const heim_octet_string *entry)
-{
-    void *p;
-    int ret;
-
-    p = realloc(list->val, (list->len + 1) * sizeof(list->val[0]));
-    if (p == NULL)
-	return ENOMEM;
-    list->val = p;
-    ret = der_copy_octet_string(entry, &list->val[list->len]);
-    if (ret)
-	return ret;
-    list->len++;
-    return 0;
-}
-
-/**
- * Free a list of octet strings returned by another hx509 library
- * function.
- *
- * @param list list to be freed.
- *
- * @ingroup hx509_misc
- */
-
-void
-hx509_free_octet_string_list(hx509_octet_string_list *list)
-{
-    int i;
-    for (i = 0; i < list->len; i++)
-	der_free_octet_string(&list->val[i]);
-    free(list->val);
-    list->val = NULL;
-    list->len = 0;
-}
-
-/**
- * Return a list of subjectAltNames specified by oid in the
- * certificate. On error the 
- *
- * The returned list of octet string should be freed with
- * hx509_free_octet_string_list().
- *
- * @param context A hx509 context.
- * @param cert a hx509 certificate object.
- * @param oid an oid to for SubjectAltName.
- * @param list list of matching SubjectAltName.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_cert_find_subjectAltName_otherName(hx509_context context,
-					 hx509_cert cert,
-					 const heim_oid *oid,
-					 hx509_octet_string_list *list)
-{
-    GeneralNames sa;
-    int ret, i, j;
-
-    list->val = NULL;
-    list->len = 0;
-
-    i = 0;
-    while (1) {
-	ret = find_extension_subject_alt_name(_hx509_get_cert(cert), &i, &sa);
-	i++;
-	if (ret == HX509_EXTENSION_NOT_FOUND) {
-	    ret = 0;
-	    break;
-	} else if (ret != 0) {
-	    hx509_set_error_string(context, 0, ret, "Error searching for SAN");
-	    hx509_free_octet_string_list(list);
-	    return ret;
-	}
-
-	for (j = 0; j < sa.len; j++) {
-	    if (sa.val[j].element == choice_GeneralName_otherName &&
-		der_heim_oid_cmp(&sa.val[j].u.otherName.type_id, oid) == 0) 
-	    {
-		ret = add_to_list(list, &sa.val[j].u.otherName.value);
-		if (ret) {
-		    hx509_set_error_string(context, 0, ret, 
-					   "Error adding an exra SAN to "
-					   "return list");
-		    hx509_free_octet_string_list(list);
-		    free_GeneralNames(&sa);
-		    return ret;
-		}
-	    }
-	}
-	free_GeneralNames(&sa);
-    }
-    return 0;
-}
-
-
-static int
-check_key_usage(hx509_context context, const Certificate *cert, 
-		unsigned flags, int req_present)
-{
-    const Extension *e;
-    KeyUsage ku;
-    size_t size;
-    int ret, i = 0;
-    unsigned ku_flags;
-
-    if (_hx509_cert_get_version(cert) < 3)
-	return 0;
-
-    e = find_extension(cert, oid_id_x509_ce_keyUsage(), &i);
-    if (e == NULL) {
-	if (req_present) {
-	    hx509_set_error_string(context, 0, HX509_KU_CERT_MISSING,
-				   "Required extension key "
-				   "usage missing from certifiate");
-	    return HX509_KU_CERT_MISSING;
-	}
-	return 0;
-    }
-    
-    ret = decode_KeyUsage(e->extnValue.data, e->extnValue.length, &ku, &size);
-    if (ret)
-	return ret;
-    ku_flags = KeyUsage2int(ku);
-    if ((ku_flags & flags) != flags) {
-	unsigned missing = (~ku_flags) & flags;
-	char buf[256], *name;
-
-	unparse_flags(missing, asn1_KeyUsage_units(), buf, sizeof(buf));
-	_hx509_unparse_Name(&cert->tbsCertificate.subject, &name);
-	hx509_set_error_string(context, 0, HX509_KU_CERT_MISSING,
-			       "Key usage %s required but missing "
-			       "from certifiate %s", buf, name);
-	free(name);
-	return HX509_KU_CERT_MISSING;
-    }
-    return 0;
-}
-
-/*
- * Return 0 on matching key usage 'flags' for 'cert', otherwise return
- * an error code. If 'req_present' the existance is required of the
- * KeyUsage extension.
- */
-
-int
-_hx509_check_key_usage(hx509_context context, hx509_cert cert, 
-		       unsigned flags, int req_present)
-{
-    return check_key_usage(context, _hx509_get_cert(cert), flags, req_present);
-}
-
-enum certtype { PROXY_CERT, EE_CERT, CA_CERT };
-
-static int
-check_basic_constraints(hx509_context context, const Certificate *cert, 
-			enum certtype type, int depth)
-{
-    BasicConstraints bc;
-    const Extension *e;
-    size_t size;
-    int ret, i = 0;
-
-    if (_hx509_cert_get_version(cert) < 3)
-	return 0;
-
-    e = find_extension(cert, oid_id_x509_ce_basicConstraints(), &i);
-    if (e == NULL) {
-	switch(type) {
-	case PROXY_CERT:
-	case EE_CERT:
-	    return 0;
-	case CA_CERT: {
-	    char *name;
-	    ret = _hx509_unparse_Name(&cert->tbsCertificate.subject, &name);
-	    assert(ret == 0);
-	    hx509_set_error_string(context, 0, HX509_EXTENSION_NOT_FOUND,
-				   "basicConstraints missing from "
-				   "CA certifiacte %s", name);
-	    free(name);
-	    return HX509_EXTENSION_NOT_FOUND;
-	}
-	}
-    }
-    
-    ret = decode_BasicConstraints(e->extnValue.data, 
-				  e->extnValue.length, &bc,
-				  &size);
-    if (ret)
-	return ret;
-    switch(type) {
-    case PROXY_CERT:
-	if (bc.cA != NULL && *bc.cA)
-	    ret = HX509_PARENT_IS_CA;
-	break;
-    case EE_CERT:
-	ret = 0;
-	break;
-    case CA_CERT:
-	if (bc.cA == NULL || !*bc.cA)
-	    ret = HX509_PARENT_NOT_CA;
-	else if (bc.pathLenConstraint)
-	    if (depth - 1 > *bc.pathLenConstraint)
-		ret = HX509_CA_PATH_TOO_DEEP;
-	break;
-    }
-    free_BasicConstraints(&bc);
-    return ret;
-}
-
-int
-_hx509_cert_is_parent_cmp(const Certificate *subject,
-			  const Certificate *issuer,
-			  int allow_self_signed)
-{
-    int diff;
-    AuthorityKeyIdentifier ai;
-    SubjectKeyIdentifier si;
-    int ret_ai, ret_si;
-
-    diff = _hx509_name_cmp(&issuer->tbsCertificate.subject, 
-			   &subject->tbsCertificate.issuer);
-    if (diff)
-	return diff;
-    
-    memset(&ai, 0, sizeof(ai));
-    memset(&si, 0, sizeof(si));
-
-    /*
-     * Try to find AuthorityKeyIdentifier, if it's not present in the
-     * subject certificate nor the parent.
-     */
-
-    ret_ai = find_extension_auth_key_id(subject, &ai);
-    if (ret_ai && ret_ai != HX509_EXTENSION_NOT_FOUND)
-	return 1;
-    ret_si = _hx509_find_extension_subject_key_id(issuer, &si);
-    if (ret_si && ret_si != HX509_EXTENSION_NOT_FOUND)
-	return -1;
-
-    if (ret_si && ret_ai)
-	goto out;
-    if (ret_ai)
-	goto out;
-    if (ret_si) {
-	if (allow_self_signed) {
-	    diff = 0;
-	    goto out;
-	} else if (ai.keyIdentifier) {
-	    diff = -1;
-	    goto out;
-	}
-    }
-    
-    if (ai.keyIdentifier == NULL) {
-	Name name;
-
-	if (ai.authorityCertIssuer == NULL)
-	    return -1;
-	if (ai.authorityCertSerialNumber == NULL)
-	    return -1;
-
-	diff = der_heim_integer_cmp(ai.authorityCertSerialNumber, 
-				    &issuer->tbsCertificate.serialNumber);
-	if (diff)
-	    return diff;
-	if (ai.authorityCertIssuer->len != 1)
-	    return -1;
-	if (ai.authorityCertIssuer->val[0].element != choice_GeneralName_directoryName)
-	    return -1;
-	
-	name.element = 
-	    ai.authorityCertIssuer->val[0].u.directoryName.element;
-	name.u.rdnSequence = 
-	    ai.authorityCertIssuer->val[0].u.directoryName.u.rdnSequence;
-
-	diff = _hx509_name_cmp(&issuer->tbsCertificate.subject, 
-			       &name);
-	if (diff)
-	    return diff;
-	diff = 0;
-    } else
-	diff = der_heim_octet_string_cmp(ai.keyIdentifier, &si);
-    if (diff)
-	goto out;
-
- out:
-    free_AuthorityKeyIdentifier(&ai);
-    free_SubjectKeyIdentifier(&si);
-    return diff;
-}
-
-static int
-certificate_is_anchor(hx509_context context,
-		      hx509_certs trust_anchors,
-		      const hx509_cert cert)
-{
-    hx509_query q;
-    hx509_cert c;
-    int ret;
-
-    if (trust_anchors == NULL)
-	return 0;
-
-    _hx509_query_clear(&q);
-
-    q.match = HX509_QUERY_MATCH_CERTIFICATE;
-    q.certificate = _hx509_get_cert(cert);
-
-    ret = hx509_certs_find(context, trust_anchors, &q, &c);
-    if (ret == 0)
-	hx509_cert_free(c);
-    return ret == 0;
-}
-
-static int
-certificate_is_self_signed(const Certificate *cert)
-{
-    return _hx509_name_cmp(&cert->tbsCertificate.subject, 
-			   &cert->tbsCertificate.issuer) == 0;
-}
-
-/*
- * The subjectName is "null" when it's empty set of relative DBs.
- */
-
-static int
-subject_null_p(const Certificate *c)
-{
-    return c->tbsCertificate.subject.u.rdnSequence.len == 0;
-}
-
-
-static int
-find_parent(hx509_context context,
-	    time_t time_now,
-	    hx509_certs trust_anchors,
-	    hx509_path *path,
-	    hx509_certs pool, 
-	    hx509_cert current,
-	    hx509_cert *parent)
-{
-    AuthorityKeyIdentifier ai;
-    hx509_query q;
-    int ret;
-
-    *parent = NULL;
-    memset(&ai, 0, sizeof(ai));
-    
-    _hx509_query_clear(&q);
-
-    if (!subject_null_p(current->data)) {
-	q.match |= HX509_QUERY_FIND_ISSUER_CERT;
-	q.subject = _hx509_get_cert(current);
-    } else {
-	ret = find_extension_auth_key_id(current->data, &ai);
-	if (ret) {
-	    hx509_set_error_string(context, 0, HX509_CERTIFICATE_MALFORMED,
-				   "Subjectless certificate missing AuthKeyID");
-	    return HX509_CERTIFICATE_MALFORMED;
-	}
-
-	if (ai.keyIdentifier == NULL) {
-	    free_AuthorityKeyIdentifier(&ai);
-	    hx509_set_error_string(context, 0, HX509_CERTIFICATE_MALFORMED,
-				   "Subjectless certificate missing keyIdentifier "
-				   "inside AuthKeyID");
-	    return HX509_CERTIFICATE_MALFORMED;
-	}
-
-	q.subject_id = ai.keyIdentifier;
-	q.match = HX509_QUERY_MATCH_SUBJECT_KEY_ID;
-    }
-
-    q.path = path;
-    q.match |= HX509_QUERY_NO_MATCH_PATH;
-
-    if (pool) {
-	q.timenow = time_now;
-	q.match |= HX509_QUERY_MATCH_TIME;
-
-	ret = hx509_certs_find(context, pool, &q, parent);
-	if (ret == 0) {
-	    free_AuthorityKeyIdentifier(&ai);
-	    return 0;
-	}
-	q.match &= ~HX509_QUERY_MATCH_TIME;
-    }
-
-    if (trust_anchors) {
-	ret = hx509_certs_find(context, trust_anchors, &q, parent);
-	if (ret == 0) {
-	    free_AuthorityKeyIdentifier(&ai);
-	    return ret;
-	}
-    }
-    free_AuthorityKeyIdentifier(&ai);
-
-    {
-	hx509_name name;
-	char *str;
-
-	ret = hx509_cert_get_subject(current, &name);
-	if (ret) {
-	    hx509_clear_error_string(context);
-	    return HX509_ISSUER_NOT_FOUND;
-	}
-	ret = hx509_name_to_string(name, &str);
-	hx509_name_free(&name);
-	if (ret) {
-	    hx509_clear_error_string(context);
-	    return HX509_ISSUER_NOT_FOUND;
-	}
-	
-	hx509_set_error_string(context, 0, HX509_ISSUER_NOT_FOUND,
-			       "Failed to find issuer for "
-			       "certificate with subject: '%s'", str);
-	free(str);
-    }
-    return HX509_ISSUER_NOT_FOUND;
-}
-
-/*
- *
- */
-
-static int
-is_proxy_cert(hx509_context context, 
-	      const Certificate *cert, 
-	      ProxyCertInfo *rinfo)
-{
-    ProxyCertInfo info;
-    const Extension *e;
-    size_t size;
-    int ret, i = 0;
-
-    if (rinfo)
-	memset(rinfo, 0, sizeof(*rinfo));
-
-    e = find_extension(cert, oid_id_pkix_pe_proxyCertInfo(), &i);
-    if (e == NULL) {
-	hx509_clear_error_string(context);
-	return HX509_EXTENSION_NOT_FOUND;
-    }
-
-    ret = decode_ProxyCertInfo(e->extnValue.data, 
-			       e->extnValue.length, 
-			       &info,
-			       &size);
-    if (ret) {
-	hx509_clear_error_string(context);
-	return ret;
-    }
-    if (size != e->extnValue.length) {
-	free_ProxyCertInfo(&info);
-	hx509_clear_error_string(context);
-	return HX509_EXTRA_DATA_AFTER_STRUCTURE; 
-    }
-    if (rinfo == NULL)
-	free_ProxyCertInfo(&info);
-    else
-	*rinfo = info;
-
-    return 0;
-}
-
-/*
- * Path operations are like MEMORY based keyset, but with exposed
- * internal so we can do easy searches.
- */
-
-int
-_hx509_path_append(hx509_context context, hx509_path *path, hx509_cert cert)
-{
-    hx509_cert *val;
-    val = realloc(path->val, (path->len + 1) * sizeof(path->val[0]));
-    if (val == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-
-    path->val = val;
-    path->val[path->len] = hx509_cert_ref(cert);
-    path->len++;
-
-    return 0;
-}
-
-void
-_hx509_path_free(hx509_path *path)
-{
-    unsigned i;
-    
-    for (i = 0; i < path->len; i++)
-	hx509_cert_free(path->val[i]);
-    free(path->val);
-    path->val = NULL;
-    path->len = 0;
-}
-
-/*
- * Find path by looking up issuer for the top certificate and continue
- * until an anchor certificate is found or max limit is found. A
- * certificate never included twice in the path.
- *
- * If the trust anchors are not given, calculate optimistic path, just
- * follow the chain upward until we no longer find a parent or we hit
- * the max path limit. In this case, a failure will always be returned
- * depending on what error condition is hit first.
- *
- * The path includes a path from the top certificate to the anchor
- * certificate.
- *
- * The caller needs to free `path� both on successful built path and
- * failure.
- */
-
-int
-_hx509_calculate_path(hx509_context context,
-		      int flags,
-		      time_t time_now,
-		      hx509_certs anchors,
-		      unsigned int max_depth,
-		      hx509_cert cert,
-		      hx509_certs pool,
-		      hx509_path *path)
-{
-    hx509_cert parent, current;
-    int ret;
-
-    if (max_depth == 0)
-	max_depth = HX509_VERIFY_MAX_DEPTH;
-
-    ret = _hx509_path_append(context, path, cert);
-    if (ret)
-	return ret;
-
-    current = hx509_cert_ref(cert);
-
-    while (!certificate_is_anchor(context, anchors, current)) {
-
-	ret = find_parent(context, time_now, anchors, path, 
-			  pool, current, &parent);
-	hx509_cert_free(current);
-	if (ret)
-	    return ret;
-
-	ret = _hx509_path_append(context, path, parent);
-	if (ret)
-	    return ret;
-	current = parent;
-
-	if (path->len > max_depth) {
-	    hx509_cert_free(current);
-	    hx509_set_error_string(context, 0, HX509_PATH_TOO_LONG,
-				   "Path too long while bulding "
-				   "certificate chain");
-	    return HX509_PATH_TOO_LONG;
-	}
-    }
-
-    if ((flags & HX509_CALCULATE_PATH_NO_ANCHOR) && 
-	path->len > 0 && 
-	certificate_is_anchor(context, anchors, path->val[path->len - 1]))
-    {
-	hx509_cert_free(path->val[path->len - 1]);
-	path->len--;
-    }
-
-    hx509_cert_free(current);
-    return 0;
-}
-
-int
-_hx509_AlgorithmIdentifier_cmp(const AlgorithmIdentifier *p,
-			       const AlgorithmIdentifier *q)
-{
-    int diff;
-    diff = der_heim_oid_cmp(&p->algorithm, &q->algorithm);
-    if (diff)
-	return diff;
-    if (p->parameters) {
-	if (q->parameters)
-	    return heim_any_cmp(p->parameters,
-				q->parameters);
-	else
-	    return 1;
-    } else {
-	if (q->parameters)
-	    return -1;
-	else
-	    return 0;
-    }
-}
-
-int
-_hx509_Certificate_cmp(const Certificate *p, const Certificate *q)
-{
-    int diff;
-    diff = der_heim_bit_string_cmp(&p->signatureValue, &q->signatureValue);
-    if (diff)
-	return diff;
-    diff = _hx509_AlgorithmIdentifier_cmp(&p->signatureAlgorithm, 
-					  &q->signatureAlgorithm);
-    if (diff)
-	return diff;
-    diff = der_heim_octet_string_cmp(&p->tbsCertificate._save,
-				     &q->tbsCertificate._save);
-    return diff;
-}
-
-/**
- * Compare to hx509 certificate object, useful for sorting.
- *
- * @param p a hx509 certificate object.
- * @param q a hx509 certificate object.
- *
- * @return 0 the objects are the same, returns > 0 is p is "larger"
- * then q, < 0 if p is "smaller" then q.
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_cert_cmp(hx509_cert p, hx509_cert q)
-{
-    return _hx509_Certificate_cmp(p->data, q->data);
-}
-
-/**
- * Return the name of the issuer of the hx509 certificate.
- *
- * @param p a hx509 certificate object.
- * @param name a pointer to a hx509 name, should be freed by
- * hx509_name_free().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_cert_get_issuer(hx509_cert p, hx509_name *name)
-{
-    return _hx509_name_from_Name(&p->data->tbsCertificate.issuer, name);
-}
-
-/**
- * Return the name of the subject of the hx509 certificate.
- *
- * @param p a hx509 certificate object.
- * @param name a pointer to a hx509 name, should be freed by
- * hx509_name_free(). See also hx509_cert_get_base_subject().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_cert_get_subject(hx509_cert p, hx509_name *name)
-{
-    return _hx509_name_from_Name(&p->data->tbsCertificate.subject, name);
-}
-
-/**
- * Return the name of the base subject of the hx509 certificate. If
- * the certiicate is a verified proxy certificate, the this function
- * return the base certificate (root of the proxy chain). If the proxy
- * certificate is not verified with the base certificate
- * HX509_PROXY_CERTIFICATE_NOT_CANONICALIZED is returned.
- *
- * @param context a hx509 context.
- * @param c a hx509 certificate object.
- * @param name a pointer to a hx509 name, should be freed by
- * hx509_name_free(). See also hx509_cert_get_subject().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_cert_get_base_subject(hx509_context context, hx509_cert c,
-			    hx509_name *name)
-{
-    if (c->basename)
-	return hx509_name_copy(context, c->basename, name);
-    if (is_proxy_cert(context, c->data, NULL) == 0) {
-	int ret = HX509_PROXY_CERTIFICATE_NOT_CANONICALIZED;
-	hx509_set_error_string(context, 0, ret,
-			       "Proxy certificate have not been "
-			       "canonicalize yet, no base name");
-	return ret;
-    }
-    return _hx509_name_from_Name(&c->data->tbsCertificate.subject, name);
-}
-
-/**
- * Get serial number of the certificate.
- *
- * @param p a hx509 certificate object.
- * @param i serial number, should be freed ith der_free_heim_integer().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_cert_get_serialnumber(hx509_cert p, heim_integer *i)
-{
-    return der_copy_heim_integer(&p->data->tbsCertificate.serialNumber, i);
-}
-
-/**
- * Get notBefore time of the certificate.
- *
- * @param p a hx509 certificate object.
- *
- * @return return not before time
- *
- * @ingroup hx509_cert
- */
-
-time_t
-hx509_cert_get_notBefore(hx509_cert p)
-{
-    return _hx509_Time2time_t(&p->data->tbsCertificate.validity.notBefore);
-}
-
-/**
- * Get notAfter time of the certificate.
- *
- * @param p a hx509 certificate object.
- *
- * @return return not after time.
- *
- * @ingroup hx509_cert
- */
-
-time_t
-hx509_cert_get_notAfter(hx509_cert p)
-{
-    return _hx509_Time2time_t(&p->data->tbsCertificate.validity.notAfter);
-}
-
-/**
- * Get the SubjectPublicKeyInfo structure from the hx509 certificate.
- *
- * @param context a hx509 context.
- * @param p a hx509 certificate object.
- * @param spki SubjectPublicKeyInfo, should be freed with
- * free_SubjectPublicKeyInfo().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_cert_get_SPKI(hx509_context context, hx509_cert p, SubjectPublicKeyInfo *spki)
-{
-    int ret;
-
-    ret = copy_SubjectPublicKeyInfo(&p->data->tbsCertificate.subjectPublicKeyInfo, spki);
-    if (ret)
-	hx509_set_error_string(context, 0, ret, "Failed to copy SPKI");
-    return ret;
-}
-
-/**
- * Get the AlgorithmIdentifier from the hx509 certificate.
- *
- * @param context a hx509 context.
- * @param p a hx509 certificate object.
- * @param alg AlgorithmIdentifier, should be freed with
- * free_AlgorithmIdentifier().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_cert_get_SPKI_AlgorithmIdentifier(hx509_context context,
-					hx509_cert p, 
-					AlgorithmIdentifier *alg)
-{
-    int ret;
-
-    ret = copy_AlgorithmIdentifier(&p->data->tbsCertificate.subjectPublicKeyInfo.algorithm, alg);
-    if (ret)
-	hx509_set_error_string(context, 0, ret,
-			       "Failed to copy SPKI AlgorithmIdentifier");
-    return ret;
-}
-
-
-hx509_private_key
-_hx509_cert_private_key(hx509_cert p)
-{
-    return p->private_key;
-}
-
-int
-hx509_cert_have_private_key(hx509_cert p)
-{
-    return p->private_key ? 1 : 0;
-}
-
-
-int
-_hx509_cert_private_key_exportable(hx509_cert p)
-{
-    if (p->private_key == NULL)
-	return 0;
-    return _hx509_private_key_exportable(p->private_key);
-}
-
-int
-_hx509_cert_private_decrypt(hx509_context context,
-			    const heim_octet_string *ciphertext,
-			    const heim_oid *encryption_oid,
-			    hx509_cert p,
-			    heim_octet_string *cleartext)
-{
-    cleartext->data = NULL;
-    cleartext->length = 0;
-
-    if (p->private_key == NULL) {
-	hx509_set_error_string(context, 0, HX509_PRIVATE_KEY_MISSING,
-			       "Private key missing");
-	return HX509_PRIVATE_KEY_MISSING;
-    }
-
-    return _hx509_private_key_private_decrypt(context,
-					      ciphertext,
-					      encryption_oid,
-					      p->private_key, 
-					      cleartext);
-}
-
-int
-_hx509_cert_public_encrypt(hx509_context context,
-			   const heim_octet_string *cleartext,
-			   const hx509_cert p,
-			   heim_oid *encryption_oid,
-			   heim_octet_string *ciphertext)
-{
-    return _hx509_public_encrypt(context,
-				 cleartext, p->data,
-				 encryption_oid, ciphertext);
-}
-
-/*
- *
- */
-
-time_t
-_hx509_Time2time_t(const Time *t)
-{
-    switch(t->element) {
-    case choice_Time_utcTime:
-	return t->u.utcTime;
-    case choice_Time_generalTime:
-	return t->u.generalTime;
-    }
-    return 0;
-}
-
-/*
- *
- */
-
-static int
-init_name_constraints(hx509_name_constraints *nc)
-{
-    memset(nc, 0, sizeof(*nc));
-    return 0;
-}
-
-static int
-add_name_constraints(hx509_context context, const Certificate *c, int not_ca,
-		     hx509_name_constraints *nc)
-{
-    NameConstraints tnc;
-    int ret;
-
-    ret = find_extension_name_constraints(c, &tnc);
-    if (ret == HX509_EXTENSION_NOT_FOUND)
-	return 0;
-    else if (ret) {
-	hx509_set_error_string(context, 0, ret, "Failed getting NameConstraints");
-	return ret;
-    } else if (not_ca) {
-	ret = HX509_VERIFY_CONSTRAINTS;
-	hx509_set_error_string(context, 0, ret, "Not a CA and "
-			       "have NameConstraints");
-    } else {
-	NameConstraints *val;
-	val = realloc(nc->val, sizeof(nc->val[0]) * (nc->len + 1));
-	if (val == NULL) {
-	    hx509_clear_error_string(context);
-	    ret = ENOMEM;
-	    goto out;
-	}
-	nc->val = val;
-	ret = copy_NameConstraints(&tnc, &nc->val[nc->len]);
-	if (ret) {
-	    hx509_clear_error_string(context);
-	    goto out;
-	}
-	nc->len += 1;
-    }
-out:
-    free_NameConstraints(&tnc);
-    return ret;
-}
-
-static int
-match_RDN(const RelativeDistinguishedName *c,
-	  const RelativeDistinguishedName *n)
-{
-    int i;
-
-    if (c->len != n->len)
-	return HX509_NAME_CONSTRAINT_ERROR;
-    
-    for (i = 0; i < n->len; i++) {
-	if (der_heim_oid_cmp(&c->val[i].type, &n->val[i].type) != 0)
-	    return HX509_NAME_CONSTRAINT_ERROR;
-	if (_hx509_name_ds_cmp(&c->val[i].value, &n->val[i].value) != 0)
-	    return HX509_NAME_CONSTRAINT_ERROR;
-    }
-    return 0;
-}
-
-static int
-match_X501Name(const Name *c, const Name *n)
-{
-    int i, ret;
-
-    if (c->element != choice_Name_rdnSequence
-	|| n->element != choice_Name_rdnSequence)
-	return 0;
-    if (c->u.rdnSequence.len > n->u.rdnSequence.len)
-	return HX509_NAME_CONSTRAINT_ERROR;
-    for (i = 0; i < c->u.rdnSequence.len; i++) {
-	ret = match_RDN(&c->u.rdnSequence.val[i], &n->u.rdnSequence.val[i]);
-	if (ret)
-	    return ret;
-    }
-    return 0;
-} 
-
-
-static int
-match_general_name(const GeneralName *c, const GeneralName *n, int *match)
-{
-    /* 
-     * Name constraints only apply to the same name type, see RFC3280,
-     * 4.2.1.11.
-     */
-    assert(c->element == n->element);
-
-    switch(c->element) {
-    case choice_GeneralName_otherName:
-	if (der_heim_oid_cmp(&c->u.otherName.type_id,
-			 &n->u.otherName.type_id) != 0)
-	    return HX509_NAME_CONSTRAINT_ERROR;
-	if (heim_any_cmp(&c->u.otherName.value,
-			 &n->u.otherName.value) != 0)
-	    return HX509_NAME_CONSTRAINT_ERROR;
-	*match = 1;
-	return 0;
-    case choice_GeneralName_rfc822Name: {
-	const char *s;
-	size_t len1, len2;
-	s = strchr(c->u.rfc822Name, '@');
-	if (s) {
-	    if (strcasecmp(c->u.rfc822Name, n->u.rfc822Name) != 0)
-		return HX509_NAME_CONSTRAINT_ERROR;
-	} else {
-	    s = strchr(n->u.rfc822Name, '@');
-	    if (s == NULL)
-		return HX509_NAME_CONSTRAINT_ERROR;
-	    len1 = strlen(c->u.rfc822Name);
-	    len2 = strlen(s + 1);
-	    if (len1 > len2)
-		return HX509_NAME_CONSTRAINT_ERROR;
-	    if (strcasecmp(s + 1 + len2 - len1, c->u.rfc822Name) != 0)
-		return HX509_NAME_CONSTRAINT_ERROR;
-	    if (len1 < len2 && s[len2 - len1 + 1] != '.')
-		return HX509_NAME_CONSTRAINT_ERROR;
-	}
-	*match = 1;
-	return 0;
-    }
-    case choice_GeneralName_dNSName: {
-	size_t lenc, lenn;
-
-	lenc = strlen(c->u.dNSName);
-	lenn = strlen(n->u.dNSName);
-	if (lenc > lenn)
-	    return HX509_NAME_CONSTRAINT_ERROR;
-	if (strcasecmp(&n->u.dNSName[lenn - lenc], c->u.dNSName) != 0)
-	    return HX509_NAME_CONSTRAINT_ERROR;
-	if (lenc != lenn && n->u.dNSName[lenn - lenc - 1] != '.')
-	    return HX509_NAME_CONSTRAINT_ERROR;
-	*match = 1;
-	return 0;
-    }
-    case choice_GeneralName_directoryName: {
-	Name c_name, n_name;
-	int ret;
-
-	c_name._save.data = NULL;
-	c_name._save.length = 0;
-	c_name.element = c->u.directoryName.element;
-	c_name.u.rdnSequence = c->u.directoryName.u.rdnSequence;
-
-	n_name._save.data = NULL;
-	n_name._save.length = 0;
-	n_name.element = n->u.directoryName.element;
-	n_name.u.rdnSequence = n->u.directoryName.u.rdnSequence;
-
-	ret = match_X501Name(&c_name, &n_name);
-	if (ret == 0)
-	    *match = 1;
-	return ret;
-    }
-    case choice_GeneralName_uniformResourceIdentifier:
-    case choice_GeneralName_iPAddress:
-    case choice_GeneralName_registeredID:
-    default:
-	return HX509_NAME_CONSTRAINT_ERROR;
-    }
-}
-
-static int
-match_alt_name(const GeneralName *n, const Certificate *c, 
-	       int *same, int *match)
-{
-    GeneralNames sa;
-    int ret, i, j;
-
-    i = 0;
-    do {
-	ret = find_extension_subject_alt_name(c, &i, &sa);
-	if (ret == HX509_EXTENSION_NOT_FOUND) {
-	    ret = 0;
-	    break;
-	} else if (ret != 0)
-	    break;
-
-	for (j = 0; j < sa.len; j++) {
-	    if (n->element == sa.val[j].element) {
-		*same = 1;
-		ret = match_general_name(n, &sa.val[j], match);
-	    }
-	}
-	free_GeneralNames(&sa);
-    } while (1);
-    return ret;
-}
-
-
-static int
-match_tree(const GeneralSubtrees *t, const Certificate *c, int *match)
-{
-    int name, alt_name, same;
-    unsigned int i;
-    int ret = 0;
-
-    name = alt_name = same = *match = 0;
-    for (i = 0; i < t->len; i++) {
-	if (t->val[i].minimum && t->val[i].maximum)
-	    return HX509_RANGE;
-
-	/*
-	 * If the constraint apply to directoryNames, test is with
-	 * subjectName of the certificate if the certificate have a
-	 * non-null (empty) subjectName.
-	 */
-
-	if (t->val[i].base.element == choice_GeneralName_directoryName
-	    && !subject_null_p(c))
-	{
-	    GeneralName certname;
-	    
-	    memset(&certname, 0, sizeof(certname));
-	    certname.element = choice_GeneralName_directoryName;
-	    certname.u.directoryName.element = 
-		c->tbsCertificate.subject.element;
-	    certname.u.directoryName.u.rdnSequence = 
-		c->tbsCertificate.subject.u.rdnSequence;
-    
-	    ret = match_general_name(&t->val[i].base, &certname, &name);
-	}
-
-	/* Handle subjectAltNames, this is icky since they
-	 * restrictions only apply if the subjectAltName is of the
-	 * same type. So if there have been a match of type, require
-	 * altname to be set.
-	 */
-	ret = match_alt_name(&t->val[i].base, c, &same, &alt_name);
-    }
-    if (name && (!same || alt_name))
-	*match = 1;
-    return ret;
-}
-
-static int
-check_name_constraints(hx509_context context, 
-		       const hx509_name_constraints *nc,
-		       const Certificate *c)
-{
-    int match, ret;
-    int i;
-
-    for (i = 0 ; i < nc->len; i++) {
-	GeneralSubtrees gs;
-
-	if (nc->val[i].permittedSubtrees) {
-	    GeneralSubtrees_SET(&gs, nc->val[i].permittedSubtrees);
-	    ret = match_tree(&gs, c, &match);
-	    if (ret) {
-		hx509_clear_error_string(context);
-		return ret;
-	    }
-	    /* allow null subjectNames, they wont matches anything */
-	    if (match == 0 && !subject_null_p(c)) {
-		hx509_set_error_string(context, 0, HX509_VERIFY_CONSTRAINTS,
-				       "Error verify constraints, "
-				       "certificate didn't match any "
-				       "permitted subtree");
-		return HX509_VERIFY_CONSTRAINTS;
-	    }
-	}
-	if (nc->val[i].excludedSubtrees) {
-	    GeneralSubtrees_SET(&gs, nc->val[i].excludedSubtrees);
-	    ret = match_tree(&gs, c, &match);
-	    if (ret) {
-		hx509_clear_error_string(context);
-		return ret;
-	    }
-	    if (match) {
-		hx509_set_error_string(context, 0, HX509_VERIFY_CONSTRAINTS,
-				       "Error verify constraints, "
-				       "certificate included in excluded "
-				       "subtree");
-		return HX509_VERIFY_CONSTRAINTS;
-	    }
-	}
-    }
-    return 0;
-}
-
-static void
-free_name_constraints(hx509_name_constraints *nc)
-{
-    int i;
-
-    for (i = 0 ; i < nc->len; i++)
-	free_NameConstraints(&nc->val[i]);
-    free(nc->val);
-}
-
-/**
- * Build and verify the path for the certificate to the trust anchor
- * specified in the verify context. The path is constructed from the
- * certificate, the pool and the trust anchors.
- *
- * @param context A hx509 context.
- * @param ctx A hx509 verification context.
- * @param cert the certificate to build the path from.
- * @param pool A keyset of certificates to build the chain from.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_verify
- */
-
-int
-hx509_verify_path(hx509_context context,
-		  hx509_verify_ctx ctx,
-		  hx509_cert cert,
-		  hx509_certs pool)
-{
-    hx509_name_constraints nc;
-    hx509_path path;
-#if 0
-    const AlgorithmIdentifier *alg_id;
-#endif
-    int ret, i, proxy_cert_depth, selfsigned_depth;
-    enum certtype type;
-    Name proxy_issuer;
-    hx509_certs anchors = NULL;
-
-    memset(&proxy_issuer, 0, sizeof(proxy_issuer));
-
-    ret = init_name_constraints(&nc);
-    if (ret)	
-	return ret;
-
-    path.val = NULL;
-    path.len = 0;
-
-    if ((ctx->flags & HX509_VERIFY_CTX_F_TIME_SET) == 0)
-	ctx->time_now = time(NULL);
-
-    /*
-     *
-     */
-    if (ctx->trust_anchors)
-	anchors = _hx509_certs_ref(ctx->trust_anchors);
-    else if (context->default_trust_anchors && ALLOW_DEF_TA(ctx))
-	anchors = _hx509_certs_ref(context->default_trust_anchors);
-    else {
-	ret = hx509_certs_init(context, "MEMORY:no-TA", 0, NULL, &anchors);
-	if (ret)
-	    goto out;
-    }
-
-    /*
-     * Calculate the path from the certificate user presented to the
-     * to an anchor.
-     */
-    ret = _hx509_calculate_path(context, 0, ctx->time_now,
-				anchors, ctx->max_depth,
-				cert, pool, &path);
-    if (ret)
-	goto out;
-
-#if 0
-    alg_id = path.val[path->len - 1]->data->tbsCertificate.signature;
-#endif
-
-    /*
-     * Check CA and proxy certificate chain from the top of the
-     * certificate chain. Also check certificate is valid with respect
-     * to the current time.
-     *
-     */
-
-    proxy_cert_depth = 0;
-    selfsigned_depth = 0;
-
-    if (ctx->flags & HX509_VERIFY_CTX_F_ALLOW_PROXY_CERTIFICATE)
-	type = PROXY_CERT;
-    else
-	type = EE_CERT;
-
-    for (i = 0; i < path.len; i++) {
-	Certificate *c;
-	time_t t;
-
-	c = _hx509_get_cert(path.val[i]);
-	
-	/*
-	 * Lets do some basic check on issuer like
-	 * keyUsage.keyCertSign and basicConstraints.cA bit depending
-	 * on what type of certificate this is.
-	 */
-
-	switch (type) {
-	case CA_CERT:
-	    /* XXX make constants for keyusage */
-	    ret = check_key_usage(context, c, 1 << 5,
-				  REQUIRE_RFC3280(ctx) ? TRUE : FALSE);
-	    if (ret) {
-		hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
-				       "Key usage missing from CA certificate");
-		goto out;
-	    }
-
-	    if (i + 1 != path.len && certificate_is_self_signed(c)) 
-		selfsigned_depth++;
-
-	    break;
-	case PROXY_CERT: {
-	    ProxyCertInfo info;	    
-
-	    if (is_proxy_cert(context, c, &info) == 0) {
-		int j;
-
-		if (info.pCPathLenConstraint != NULL &&
-		    *info.pCPathLenConstraint < i)
-		{
-		    free_ProxyCertInfo(&info);
-		    ret = HX509_PATH_TOO_LONG;
-		    hx509_set_error_string(context, 0, ret,
-					   "Proxy certificate chain "
-					   "longer then allowed");
-		    goto out;
-		}
-		/* XXX MUST check info.proxyPolicy */
-		free_ProxyCertInfo(&info);
-		
-		j = 0;
-		if (find_extension(c, oid_id_x509_ce_subjectAltName(), &j)) {
-		    ret = HX509_PROXY_CERT_INVALID;
-		    hx509_set_error_string(context, 0, ret, 
-					   "Proxy certificate have explicity "
-					   "forbidden subjectAltName");
-		    goto out;
-		}
-
-		j = 0;
-		if (find_extension(c, oid_id_x509_ce_issuerAltName(), &j)) {
-		    ret = HX509_PROXY_CERT_INVALID;
-		    hx509_set_error_string(context, 0, ret, 
-					   "Proxy certificate have explicity "
-					   "forbidden issuerAltName");
-		    goto out;
-		}
-			
-		/* 
-		 * The subject name of the proxy certificate should be
-		 * CN=XXX,<proxy issuer>, prune of CN and check if its
-		 * the same over the whole chain of proxy certs and
-		 * then check with the EE cert when we get to it.
-		 */
-
-		if (proxy_cert_depth) {
-		    ret = _hx509_name_cmp(&proxy_issuer, &c->tbsCertificate.subject);
-		    if (ret) {
-			ret = HX509_PROXY_CERT_NAME_WRONG;
-			hx509_set_error_string(context, 0, ret,
-					       "Base proxy name not right");
-			goto out;
-		    }
-		}
-
-		free_Name(&proxy_issuer);
-
-		ret = copy_Name(&c->tbsCertificate.subject, &proxy_issuer);
-		if (ret) {
-		    hx509_clear_error_string(context);
-		    goto out;
-		}
-
-		j = proxy_issuer.u.rdnSequence.len;
-		if (proxy_issuer.u.rdnSequence.len < 2 
-		    || proxy_issuer.u.rdnSequence.val[j - 1].len > 1
-		    || der_heim_oid_cmp(&proxy_issuer.u.rdnSequence.val[j - 1].val[0].type,
-					oid_id_at_commonName()))
-		{
-		    ret = HX509_PROXY_CERT_NAME_WRONG;
-		    hx509_set_error_string(context, 0, ret,
-					   "Proxy name too short or "
-					   "does not have Common name "
-					   "at the top");
-		    goto out;
-		}
-
-		free_RelativeDistinguishedName(&proxy_issuer.u.rdnSequence.val[j - 1]);
-		proxy_issuer.u.rdnSequence.len -= 1;
-
-		ret = _hx509_name_cmp(&proxy_issuer, &c->tbsCertificate.issuer);
-		if (ret != 0) {
-		    ret = HX509_PROXY_CERT_NAME_WRONG;
-		    hx509_set_error_string(context, 0, ret,
-					   "Proxy issuer name not as expected");
-		    goto out;
-		}
-
-		break;
-	    } else {
-		/* 
-		 * Now we are done with the proxy certificates, this
-		 * cert was an EE cert and we we will fall though to
-		 * EE checking below.
-		 */
-		type = EE_CERT;
-		/* FALLTHOUGH */
-	    }
-	}
-	case EE_CERT:
-	    /*
-	     * If there where any proxy certificates in the chain
-	     * (proxy_cert_depth > 0), check that the proxy issuer
-	     * matched proxy certificates "base" subject.
-	     */
-	    if (proxy_cert_depth) {
-
-		ret = _hx509_name_cmp(&proxy_issuer,
-				      &c->tbsCertificate.subject);
-		if (ret) {
-		    ret = HX509_PROXY_CERT_NAME_WRONG;
-		    hx509_clear_error_string(context);
-		    goto out;
-		}
-		if (cert->basename)
-		    hx509_name_free(&cert->basename);
-		
-		ret = _hx509_name_from_Name(&proxy_issuer, &cert->basename);
-		if (ret) {
-		    hx509_clear_error_string(context);
-		    goto out;
-		}
-	    }
-
-	    break;
-	}
-
-	ret = check_basic_constraints(context, c, type, 
-				      i - proxy_cert_depth - selfsigned_depth);
-	if (ret)
-	    goto out;
-	    
-	/*
-	 * Don't check the trust anchors expiration time since they
-	 * are transported out of band, from RFC3820.
-	 */
-	if (i + 1 != path.len || CHECK_TA(ctx)) {
-
-	    t = _hx509_Time2time_t(&c->tbsCertificate.validity.notBefore);
-	    if (t > ctx->time_now) {
-		ret = HX509_CERT_USED_BEFORE_TIME;
-		hx509_clear_error_string(context);
-		goto out;
-	    }
-	    t = _hx509_Time2time_t(&c->tbsCertificate.validity.notAfter);
-	    if (t < ctx->time_now) {
-		ret = HX509_CERT_USED_AFTER_TIME;
-		hx509_clear_error_string(context);
-		goto out;
-	    }
-	}
-
-	if (type == EE_CERT)
-	    type = CA_CERT;
-	else if (type == PROXY_CERT)
-	    proxy_cert_depth++;
-    }
-
-    /*
-     * Verify constraints, do this backward so path constraints are
-     * checked in the right order.
-     */
-
-    for (ret = 0, i = path.len - 1; i >= 0; i--) {
-	Certificate *c;
-
-	c = _hx509_get_cert(path.val[i]);
-
-	/* verify name constraints, not for selfsigned and anchor */
-	if (!certificate_is_self_signed(c) || i + 1 != path.len) {
-	    ret = check_name_constraints(context, &nc, c);
-	    if (ret) {
-		goto out;
-	    }
-	}
-	ret = add_name_constraints(context, c, i == 0, &nc);
-	if (ret)
-	    goto out;
-
-	/* XXX verify all other silly constraints */
-
-    }
-
-    /*
-     * Verify that no certificates has been revoked.
-     */
-
-    if (ctx->revoke_ctx) {
-	hx509_certs certs;
-
-	ret = hx509_certs_init(context, "MEMORY:revoke-certs", 0,
-			       NULL, &certs);
-	if (ret)
-	    goto out;
-
-	for (i = 0; i < path.len; i++) {
-	    ret = hx509_certs_add(context, certs, path.val[i]);
-	    if (ret) {
-		hx509_certs_free(&certs);
-		goto out;
-	    }
-	}
-	ret = hx509_certs_merge(context, certs, pool);
-	if (ret) {
-	    hx509_certs_free(&certs);
-	    goto out;
-	}
-
-	for (i = 0; i < path.len - 1; i++) {
-	    int parent = (i < path.len - 1) ? i + 1 : i;
-
-	    ret = hx509_revoke_verify(context,
-				      ctx->revoke_ctx, 
-				      certs,
-				      ctx->time_now,
-				      path.val[i],
-				      path.val[parent]);
-	    if (ret) {
-		hx509_certs_free(&certs);
-		goto out;
-	    }
-	}
-	hx509_certs_free(&certs);
-    }
-
-    /*
-     * Verify signatures, do this backward so public key working
-     * parameter is passed up from the anchor up though the chain.
-     */
-
-    for (i = path.len - 1; i >= 0; i--) {
-	Certificate *signer, *c;
-
-	c = _hx509_get_cert(path.val[i]);
-
-	/* is last in chain (trust anchor) */
-	if (i + 1 == path.len) {
-	    signer = path.val[i]->data;
-
-	    /* if trust anchor is not self signed, don't check sig */
-	    if (!certificate_is_self_signed(signer))
-		continue;
-	} else {
-	    /* take next certificate in chain */
-	    signer = path.val[i + 1]->data;
-	}
-
-	/* verify signatureValue */
-	ret = _hx509_verify_signature_bitstring(context,
-						signer,
-						&c->signatureAlgorithm,
-						&c->tbsCertificate._save,
-						&c->signatureValue);
-	if (ret) {
-	    hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
-				   "Failed to verify signature of certificate");
-	    goto out;
-	}
-    }
-
-out:
-    hx509_certs_free(&anchors);
-    free_Name(&proxy_issuer);
-    free_name_constraints(&nc);
-    _hx509_path_free(&path);
-
-    return ret;
-}
-
-/**
- * Verify a signature made using the private key of an certificate.
- *
- * @param context A hx509 context.
- * @param signer the certificate that made the signature.
- * @param alg algorthm that was used to sign the data.
- * @param data the data that was signed.
- * @param sig the sigature to verify.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_crypto
- */
-
-int
-hx509_verify_signature(hx509_context context,
-		       const hx509_cert signer,
-		       const AlgorithmIdentifier *alg,
-		       const heim_octet_string *data,
-		       const heim_octet_string *sig)
-{
-    return _hx509_verify_signature(context, signer->data, alg, data, sig);
-}
-
-
-/**
- * Verify that the certificate is allowed to be used for the hostname
- * and address.
- *
- * @param context A hx509 context.
- * @param cert the certificate to match with
- * @param flags Flags to modify the behavior:
- * - HX509_VHN_F_ALLOW_NO_MATCH no match is ok
- * @param type type of hostname:
- * - HX509_HN_HOSTNAME for plain hostname.
- * - HX509_HN_DNSSRV for DNS SRV names.
- * @param hostname the hostname to check
- * @param sa address of the host
- * @param sa_size length of address
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_verify_hostname(hx509_context context,
-		      const hx509_cert cert,
-		      int flags,
-		      hx509_hostname_type type,
-		      const char *hostname,
-		      const struct sockaddr *sa,
-		      /* XXX krb5_socklen_t */ int sa_size) 
-{
-    GeneralNames san;
-    int ret, i, j;
-
-    if (sa && sa_size <= 0)
-	return EINVAL;
-
-    memset(&san, 0, sizeof(san));
-
-    i = 0;
-    do {
-	ret = find_extension_subject_alt_name(cert->data, &i, &san);
-	if (ret == HX509_EXTENSION_NOT_FOUND) {
-	    ret = 0;
-	    break;
-	} else if (ret != 0)
-	    break;
-
-	for (j = 0; j < san.len; j++) {
-	    switch (san.val[j].element) {
-	    case choice_GeneralName_dNSName:
-		if (strcasecmp(san.val[j].u.dNSName, hostname) == 0) {
-		    free_GeneralNames(&san);
-		    return 0;
-		}
-		break;
-	    default:
-		break;
-	    }
-	}
-	free_GeneralNames(&san);
-    } while (1);
-
-    {
-	Name *name = &cert->data->tbsCertificate.subject;
-
-	/* match if first component is a CN= */
-	if (name->u.rdnSequence.len > 0
-	    && name->u.rdnSequence.val[0].len == 1
-	    && der_heim_oid_cmp(&name->u.rdnSequence.val[0].val[0].type,
-				oid_id_at_commonName()) == 0)
-	{
-	    DirectoryString *ds = &name->u.rdnSequence.val[0].val[0].value;
-
-	    switch (ds->element) {
-	    case choice_DirectoryString_printableString:
-		if (strcasecmp(ds->u.printableString, hostname) == 0)
-		    return 0;
-		break;
-	    case choice_DirectoryString_ia5String:
-		if (strcasecmp(ds->u.ia5String, hostname) == 0)
-		    return 0;
-		break;
-	    case choice_DirectoryString_utf8String:
-		if (strcasecmp(ds->u.utf8String, hostname) == 0)
-		    return 0;
-	    default:
-		break;
-	    }
-	}
-    }
-
-    if ((flags & HX509_VHN_F_ALLOW_NO_MATCH) == 0)
-	ret = HX509_NAME_CONSTRAINT_ERROR;
-
-    return ret;
-}
-
-int
-_hx509_set_cert_attribute(hx509_context context,
-			  hx509_cert cert, 
-			  const heim_oid *oid, 
-			  const heim_octet_string *attr)
-{
-    hx509_cert_attribute a;
-    void *d;
-
-    if (hx509_cert_get_attribute(cert, oid) != NULL)
-	return 0;
-
-    d = realloc(cert->attrs.val, 
-		sizeof(cert->attrs.val[0]) * (cert->attrs.len + 1));
-    if (d == NULL) {
-	hx509_clear_error_string(context);
-	return ENOMEM;
-    }
-    cert->attrs.val = d;
-
-    a = malloc(sizeof(*a));
-    if (a == NULL)
-	return ENOMEM;
-
-    der_copy_octet_string(attr, &a->data);
-    der_copy_oid(oid, &a->oid);
-    
-    cert->attrs.val[cert->attrs.len] = a;
-    cert->attrs.len++;
-
-    return 0;
-}
-
-/**
- * Get an external attribute for the certificate, examples are
- * friendly name and id.
- *
- * @param cert hx509 certificate object to search
- * @param oid an oid to search for.
- *
- * @return an hx509_cert_attribute, only valid as long as the
- * certificate is referenced.
- *
- * @ingroup hx509_cert
- */
-
-hx509_cert_attribute
-hx509_cert_get_attribute(hx509_cert cert, const heim_oid *oid)
-{
-    int i;
-    for (i = 0; i < cert->attrs.len; i++)
-	if (der_heim_oid_cmp(oid, &cert->attrs.val[i]->oid) == 0)
-	    return cert->attrs.val[i];
-    return NULL;
-}
-
-/**
- * Set the friendly name on the certificate.
- *
- * @param cert The certificate to set the friendly name on
- * @param name Friendly name.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_cert_set_friendly_name(hx509_cert cert, const char *name)
-{
-    if (cert->friendlyname)
-	free(cert->friendlyname);
-    cert->friendlyname = strdup(name);
-    if (cert->friendlyname == NULL)
-	return ENOMEM;
-    return 0;
-}
-
-/**
- * Get friendly name of the certificate.
- *
- * @param cert cert to get the friendly name from.
- *
- * @return an friendly name or NULL if there is. The friendly name is
- * only valid as long as the certificate is referenced.
- *
- * @ingroup hx509_cert
- */
-
-const char *
-hx509_cert_get_friendly_name(hx509_cert cert)
-{
-    hx509_cert_attribute a;
-    PKCS9_friendlyName n;
-    size_t sz;
-    int ret, i;
-
-    if (cert->friendlyname)
-	return cert->friendlyname;
-
-    a = hx509_cert_get_attribute(cert, oid_id_pkcs_9_at_friendlyName());
-    if (a == NULL) {
-	/* XXX use subject name ? */
-	return NULL; 
-    }
-
-    ret = decode_PKCS9_friendlyName(a->data.data, a->data.length, &n, &sz);
-    if (ret)
-	return NULL;
-	
-    if (n.len != 1) {
-	free_PKCS9_friendlyName(&n);
-	return NULL;
-    }
-    
-    cert->friendlyname = malloc(n.val[0].length + 1);
-    if (cert->friendlyname == NULL) {
-	free_PKCS9_friendlyName(&n);
-	return NULL;
-    }
-    
-    for (i = 0; i < n.val[0].length; i++) {
-	if (n.val[0].data[i] <= 0xff)
-	    cert->friendlyname[i] = n.val[0].data[i] & 0xff;
-	else
-	    cert->friendlyname[i] = 'X';
-    }
-    cert->friendlyname[i] = '\0';
-    free_PKCS9_friendlyName(&n);
-
-    return cert->friendlyname;
-}
-
-void
-_hx509_query_clear(hx509_query *q)
-{
-    memset(q, 0, sizeof(*q));
-}
-
-/**
- * Allocate an query controller. Free using hx509_query_free().
- *
- * @param context A hx509 context.
- * @param q return pointer to a hx509_query.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_query_alloc(hx509_context context, hx509_query **q)
-{
-    *q = calloc(1, sizeof(**q));
-    if (*q == NULL)
-	return ENOMEM;
-    return 0;
-}
-
-/**
- * Set match options for the hx509 query controller.
- *
- * @param q query controller.
- * @param option options to control the query controller.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-void
-hx509_query_match_option(hx509_query *q, hx509_query_option option)
-{
-    switch(option) {
-    case HX509_QUERY_OPTION_PRIVATE_KEY:
-	q->match |= HX509_QUERY_PRIVATE_KEY;
-	break;
-    case HX509_QUERY_OPTION_KU_ENCIPHERMENT:
-	q->match |= HX509_QUERY_KU_ENCIPHERMENT;
-	break;
-    case HX509_QUERY_OPTION_KU_DIGITALSIGNATURE:
-	q->match |= HX509_QUERY_KU_DIGITALSIGNATURE;
-	break;
-    case HX509_QUERY_OPTION_KU_KEYCERTSIGN:
-	q->match |= HX509_QUERY_KU_KEYCERTSIGN;
-	break;
-    case HX509_QUERY_OPTION_END:
-    default:
-	break;
-    }
-}
-
-/**
- * Set the issuer and serial number of match in the query
- * controller. The function make copies of the isser and serial number.
- *
- * @param q a hx509 query controller
- * @param issuer issuer to search for
- * @param serialNumber the serialNumber of the issuer.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_query_match_issuer_serial(hx509_query *q,
-				const Name *issuer, 
-				const heim_integer *serialNumber)
-{
-    int ret;
-    if (q->serial) {
-	der_free_heim_integer(q->serial);
-	free(q->serial);
-    }
-    q->serial = malloc(sizeof(*q->serial));
-    if (q->serial == NULL)
-	return ENOMEM;
-    ret = der_copy_heim_integer(serialNumber, q->serial);
-    if (ret) {
-	free(q->serial);
-	q->serial = NULL;
-	return ret;
-    }
-    if (q->issuer_name) {
-	free_Name(q->issuer_name);
-	free(q->issuer_name);
-    }
-    q->issuer_name = malloc(sizeof(*q->issuer_name));
-    if (q->issuer_name == NULL)
-	return ENOMEM;
-    ret = copy_Name(issuer, q->issuer_name);
-    if (ret) {
-	free(q->issuer_name);
-	q->issuer_name = NULL;
-	return ret;
-    }
-    q->match |= HX509_QUERY_MATCH_SERIALNUMBER|HX509_QUERY_MATCH_ISSUER_NAME;
-    return 0;
-}
-
-/**
- * Set the query controller to match on a friendly name
- *
- * @param q a hx509 query controller.
- * @param name a friendly name to match on
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_query_match_friendly_name(hx509_query *q, const char *name)
-{
-    if (q->friendlyname)
-	free(q->friendlyname);
-    q->friendlyname = strdup(name);
-    if (q->friendlyname == NULL)
-	return ENOMEM;
-    q->match |= HX509_QUERY_MATCH_FRIENDLY_NAME;
-    return 0;
-}
-
-/**
- * Set the query controller to match using a specific match function.
- *
- * @param q a hx509 query controller.
- * @param func function to use for matching, if the argument is NULL,
- * the match function is removed.
- * @param ctx context passed to the function.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_query_match_cmp_func(hx509_query *q,
-			   int (*func)(void *, hx509_cert),
-			   void *ctx)
-{
-    if (func)
-	q->match |= HX509_QUERY_MATCH_FUNCTION;
-    else
-	q->match &= ~HX509_QUERY_MATCH_FUNCTION;
-    q->cmp_func = func;
-    q->cmp_func_ctx = ctx;
-    return 0;
-}
-
-/**
- * Free the query controller.
- *
- * @param context A hx509 context.
- * @param q a pointer to the query controller.
- *
- * @ingroup hx509_cert
- */
-
-void
-hx509_query_free(hx509_context context, hx509_query *q)
-{
-    if (q->serial) {
-	der_free_heim_integer(q->serial);
-	free(q->serial);
-	q->serial = NULL;
-    }
-    if (q->issuer_name) {
-	free_Name(q->issuer_name);
-	free(q->issuer_name);
-	q->issuer_name = NULL;
-    }
-    if (q) {
-	free(q->friendlyname);
-	memset(q, 0, sizeof(*q));
-    }
-    free(q);
-}
-
-int
-_hx509_query_match_cert(hx509_context context, const hx509_query *q, hx509_cert cert)
-{
-    Certificate *c = _hx509_get_cert(cert);
-
-    _hx509_query_statistic(context, 1, q);
-
-    if ((q->match & HX509_QUERY_FIND_ISSUER_CERT) &&
-	_hx509_cert_is_parent_cmp(q->subject, c, 0) != 0)
-	return 0;
-
-    if ((q->match & HX509_QUERY_MATCH_CERTIFICATE) &&
-	_hx509_Certificate_cmp(q->certificate, c) != 0)
-	return 0;
-
-    if ((q->match & HX509_QUERY_MATCH_SERIALNUMBER)
-	&& der_heim_integer_cmp(&c->tbsCertificate.serialNumber, q->serial) != 0)
-	return 0;
-
-    if ((q->match & HX509_QUERY_MATCH_ISSUER_NAME)
-	&& _hx509_name_cmp(&c->tbsCertificate.issuer, q->issuer_name) != 0)
-	return 0;
-
-    if ((q->match & HX509_QUERY_MATCH_SUBJECT_NAME)
-	&& _hx509_name_cmp(&c->tbsCertificate.subject, q->subject_name) != 0)
-	return 0;
-
-    if (q->match & HX509_QUERY_MATCH_SUBJECT_KEY_ID) {
-	SubjectKeyIdentifier si;
-	int ret;
-
-	ret = _hx509_find_extension_subject_key_id(c, &si);
-	if (ret == 0) {
-	    if (der_heim_octet_string_cmp(&si, q->subject_id) != 0)
-		ret = 1;
-	    free_SubjectKeyIdentifier(&si);
-	}
-	if (ret)
-	    return 0;
-    }
-    if ((q->match & HX509_QUERY_MATCH_ISSUER_ID))
-	return 0;
-    if ((q->match & HX509_QUERY_PRIVATE_KEY) && 
-	_hx509_cert_private_key(cert) == NULL)
-	return 0;
-
-    {
-	unsigned ku = 0;
-	if (q->match & HX509_QUERY_KU_DIGITALSIGNATURE)
-	    ku |= (1 << 0);
-	if (q->match & HX509_QUERY_KU_NONREPUDIATION)
-	    ku |= (1 << 1);
-	if (q->match & HX509_QUERY_KU_ENCIPHERMENT)
-	    ku |= (1 << 2);
-	if (q->match & HX509_QUERY_KU_DATAENCIPHERMENT)
-	    ku |= (1 << 3);
-	if (q->match & HX509_QUERY_KU_KEYAGREEMENT)
-	    ku |= (1 << 4);
-	if (q->match & HX509_QUERY_KU_KEYCERTSIGN)
-	    ku |= (1 << 5);
-	if (q->match & HX509_QUERY_KU_CRLSIGN)
-	    ku |= (1 << 6);
-	if (ku && check_key_usage(context, c, ku, TRUE))
-	    return 0;
-    }
-    if ((q->match & HX509_QUERY_ANCHOR))
-	return 0;
-
-    if (q->match & HX509_QUERY_MATCH_LOCAL_KEY_ID) {
-	hx509_cert_attribute a;
-
-	a = hx509_cert_get_attribute(cert, oid_id_pkcs_9_at_localKeyId());
-	if (a == NULL)
-	    return 0;
-	if (der_heim_octet_string_cmp(&a->data, q->local_key_id) != 0)
-	    return 0;
-    }
-
-    if (q->match & HX509_QUERY_NO_MATCH_PATH) {
-	size_t i;
-
-	for (i = 0; i < q->path->len; i++)
-	    if (hx509_cert_cmp(q->path->val[i], cert) == 0)
-		return 0;
-    }
-    if (q->match & HX509_QUERY_MATCH_FRIENDLY_NAME) {
-	const char *name = hx509_cert_get_friendly_name(cert);
-	if (name == NULL)
-	    return 0;
-	if (strcasecmp(q->friendlyname, name) != 0)
-	    return 0;
-    }
-    if (q->match & HX509_QUERY_MATCH_FUNCTION) {
-	int ret = (*q->cmp_func)(q->cmp_func_ctx, cert);
-	if (ret != 0)
-	    return 0;
-    }
-
-    if (q->match & HX509_QUERY_MATCH_KEY_HASH_SHA1) {
-	heim_octet_string os;
-	int ret;
-
-	os.data = c->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data;
-	os.length = 
-	    c->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.length / 8;
-
-	ret = _hx509_verify_signature(context,
-				      NULL,
-				      hx509_signature_sha1(),
-				      &os,
-				      q->keyhash_sha1);
-	if (ret != 0)
-	    return 0;
-    }
-
-    if (q->match & HX509_QUERY_MATCH_TIME) {
-	time_t t;
-	t = _hx509_Time2time_t(&c->tbsCertificate.validity.notBefore);
-	if (t > q->timenow)
-	    return 0;
-	t = _hx509_Time2time_t(&c->tbsCertificate.validity.notAfter);
-	if (t < q->timenow)
-	    return 0;
-    }
-
-    if (q->match & ~HX509_QUERY_MASK)
-	return 0;
-
-    return 1;
-}
-
-/**
- * Set a statistic file for the query statistics.
- *
- * @param context A hx509 context.
- * @param fn statistics file name
- *
- * @ingroup hx509_cert
- */
-
-void
-hx509_query_statistic_file(hx509_context context, const char *fn)
-{
-    if (context->querystat)
-	free(context->querystat);
-    context->querystat = strdup(fn);
-}
-
-void
-_hx509_query_statistic(hx509_context context, int type, const hx509_query *q)
-{
-    FILE *f;
-    if (context->querystat == NULL)
-	return;
-    f = fopen(context->querystat, "a");
-    if (f == NULL)
-	return;
-    fprintf(f, "%d %d\n", type, q->match);
-    fclose(f);
-}
-
-static const char *statname[] = {
-    "find issuer cert",
-    "match serialnumber",
-    "match issuer name",
-    "match subject name",
-    "match subject key id",
-    "match issuer id",
-    "private key",
-    "ku encipherment",
-    "ku digitalsignature",
-    "ku keycertsign",
-    "ku crlsign",
-    "ku nonrepudiation",
-    "ku keyagreement",
-    "ku dataencipherment",
-    "anchor",
-    "match certificate",
-    "match local key id",
-    "no match path",
-    "match friendly name",
-    "match function",
-    "match key hash sha1",
-    "match time"
-};
-
-struct stat_el {
-    unsigned long stats;
-    unsigned int index;
-};
-
-
-static int
-stat_sort(const void *a, const void *b)
-{
-    const struct stat_el *ae = a;
-    const struct stat_el *be = b;
-    return be->stats - ae->stats;
-}
-
-/**
- * Unparse the statistics file and print the result on a FILE descriptor.
- *
- * @param context A hx509 context.
- * @param printtype tyep to print
- * @param out the FILE to write the data on.
- *
- * @ingroup hx509_cert
- */
-
-void
-hx509_query_unparse_stats(hx509_context context, int printtype, FILE *out)
-{
-    rtbl_t t;
-    FILE *f;
-    int type, mask, i, num;
-    unsigned long multiqueries = 0, totalqueries = 0;
-    struct stat_el stats[32];
-
-    if (context->querystat == NULL)
-	return;
-    f = fopen(context->querystat, "r");
-    if (f == NULL) {
-	fprintf(out, "No statistic file %s: %s.\n", 
-		context->querystat, strerror(errno));
-	return;
-    }
-    
-    for (i = 0; i < sizeof(stats)/sizeof(stats[0]); i++) {
-	stats[i].index = i;
-	stats[i].stats = 0;
-    }
-
-    while (fscanf(f, "%d %d\n", &type, &mask) == 2) {
-	if (type != printtype)
-	    continue;
-	num = i = 0;
-	while (mask && i < sizeof(stats)/sizeof(stats[0])) {
-	    if (mask & 1) {
-		stats[i].stats++;
-		num++;
-	    }
-	    mask = mask >>1 ;
-	    i++;
-	}
-	if (num > 1)
-	    multiqueries++;
-	totalqueries++;
-    }
-    fclose(f);
-
-    qsort(stats, sizeof(stats)/sizeof(stats[0]), sizeof(stats[0]), stat_sort);
-
-    t = rtbl_create();
-    if (t == NULL)
-	errx(1, "out of memory");
-
-    rtbl_set_separator (t, "  ");
-    
-    rtbl_add_column_by_id (t, 0, "Name", 0);
-    rtbl_add_column_by_id (t, 1, "Counter", 0);
-
-
-    for (i = 0; i < sizeof(stats)/sizeof(stats[0]); i++) {
-	char str[10];
-
-	if (stats[i].index < sizeof(statname)/sizeof(statname[0])) 
-	    rtbl_add_column_entry_by_id (t, 0, statname[stats[i].index]);
-	else {
-	    snprintf(str, sizeof(str), "%d", stats[i].index);
-	    rtbl_add_column_entry_by_id (t, 0, str);
-	}
-	snprintf(str, sizeof(str), "%lu", stats[i].stats);
-	rtbl_add_column_entry_by_id (t, 1, str);
-    }
-
-    rtbl_format(t, out);
-    rtbl_destroy(t);
-
-    fprintf(out, "\nQueries: multi %lu total %lu\n", 
-	    multiqueries, totalqueries);
-}
-
-/**
- * Check the extended key usage on the hx509 certificate.
- *
- * @param context A hx509 context.
- * @param cert A hx509 context.
- * @param eku the EKU to check for
- * @param allow_any_eku if the any EKU is set, allow that to be a
- * substitute.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_cert_check_eku(hx509_context context, hx509_cert cert,
-		     const heim_oid *eku, int allow_any_eku)
-{
-    ExtKeyUsage e;
-    int ret, i;
-
-    ret = find_extension_eku(_hx509_get_cert(cert), &e);
-    if (ret) {
-	hx509_clear_error_string(context);
-	return ret;
-    }
-
-    for (i = 0; i < e.len; i++) {
-	if (der_heim_oid_cmp(eku, &e.val[i]) == 0) {
-	    free_ExtKeyUsage(&e);
-	    return 0;
-	}
-	if (allow_any_eku) {
-#if 0
-	    if (der_heim_oid_cmp(id_any_eku, &e.val[i]) == 0) {
-		free_ExtKeyUsage(&e);
-		return 0;
-	    }
-#endif
-	}
-    }
-    free_ExtKeyUsage(&e);
-    hx509_clear_error_string(context);
-    return HX509_CERTIFICATE_MISSING_EKU;
-}
-
-int
-_hx509_cert_get_keyusage(hx509_context context,
-			 hx509_cert c,
-			 KeyUsage *ku)
-{
-    Certificate *cert;
-    const Extension *e;
-    size_t size;
-    int ret, i = 0;
-
-    memset(ku, 0, sizeof(*ku));
-
-    cert = _hx509_get_cert(c);
-
-    if (_hx509_cert_get_version(cert) < 3)
-	return 0;
-
-    e = find_extension(cert, oid_id_x509_ce_keyUsage(), &i);
-    if (e == NULL)
-	return HX509_KU_CERT_MISSING;
-    
-    ret = decode_KeyUsage(e->extnValue.data, e->extnValue.length, ku, &size);
-    if (ret)
-	return ret;
-    return 0;
-}
-
-int
-_hx509_cert_get_eku(hx509_context context,
-		    hx509_cert cert,
-		    ExtKeyUsage *e)
-{
-    int ret;
-
-    memset(e, 0, sizeof(*e));
-
-    ret = find_extension_eku(_hx509_get_cert(cert), e);
-    if (ret && ret != HX509_EXTENSION_NOT_FOUND) {
-	hx509_clear_error_string(context);
-	return ret;
-    }
-    return 0;
-}
-
-/**
- * Encodes the hx509 certificate as a DER encode binary.
- *
- * @param context A hx509 context.
- * @param c the certificate to encode.
- * @param os the encode certificate, set to NULL, 0 on case of
- * error. Free the returned structure with hx509_xfree().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_cert
- */
-
-int
-hx509_cert_binary(hx509_context context, hx509_cert c, heim_octet_string *os)
-{
-    size_t size;
-    int ret;
-
-    os->data = NULL;
-    os->length = 0;
-
-    ASN1_MALLOC_ENCODE(Certificate, os->data, os->length, 
-		       _hx509_get_cert(c), &size, ret);
-    if (ret) {
-	os->data = NULL;
-	os->length = 0;
-	return ret;
-    }
-    if (os->length != size)
-	_hx509_abort("internal ASN.1 encoder error");
-
-    return ret;
-}
-
-/*
- * Last to avoid lost __attribute__s due to #undef.
- */
-
-#undef __attribute__
-#define __attribute__(X)
-
-void
-_hx509_abort(const char *fmt, ...)
-     __attribute__ ((noreturn, format (printf, 1, 2)))
-{
-    va_list ap;
-    va_start(ap, fmt);
-    vprintf(fmt, ap);
-    va_end(ap);
-    printf("\n");
-    fflush(stdout);
-    abort();
-}
-
-/**
- * Free a data element allocated in the library.
- *
- * @param ptr data to be freed.
- *
- * @ingroup hx509_misc
- */
-
-void
-hx509_xfree(void *ptr)
-{
-    free(ptr);
-}
diff --git a/crypto/heimdal/lib/hx509/cms.c b/crypto/heimdal/lib/hx509/cms.c
deleted file mode 100644
index 80bcaac6c983..000000000000
--- a/crypto/heimdal/lib/hx509/cms.c
+++ /dev/null
@@ -1,1426 +0,0 @@
-/*
- * Copyright (c) 2003 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "hx_locl.h"
-RCSID("$Id: cms.c 22327 2007-12-15 04:49:37Z lha $");
-
-/**
- * @page page_cms CMS/PKCS7 message functions.
- *
- * CMS is defined in RFC 3369 and is an continuation of the RSA Labs
- * standard PKCS7. The basic messages in CMS is 
- *
- * - SignedData
- *   Data signed with private key (RSA, DSA, ECDSA) or secret
- *   (symmetric) key
- * - EnvelopedData
- *   Data encrypted with private key (RSA)
- * - EncryptedData
- *   Data encrypted with secret (symmetric) key.
- * - ContentInfo
- *   Wrapper structure including type and data.
- *
- *
- * See the library functions here: @ref hx509_cms
- */
-
-#define ALLOC(X, N) (X) = calloc((N), sizeof(*(X)))
-#define ALLOC_SEQ(X, N) do { (X)->len = (N); ALLOC((X)->val, (N)); } while(0)
-
-/**
- * Wrap data and oid in a ContentInfo and encode it.
- *
- * @param oid type of the content.
- * @param buf data to be wrapped. If a NULL pointer is passed in, the
- * optional content field in the ContentInfo is not going be filled
- * in.
- * @param res the encoded buffer, the result should be freed with
- * der_free_octet_string().
- *
- * @return Returns an hx509 error code.
- * 
- * @ingroup hx509_cms
- */
-
-int
-hx509_cms_wrap_ContentInfo(const heim_oid *oid,
-			   const heim_octet_string *buf,
-			   heim_octet_string *res)
-{
-    ContentInfo ci;
-    size_t size;
-    int ret;
-
-    memset(res, 0, sizeof(*res));
-    memset(&ci, 0, sizeof(ci));
-
-    ret = der_copy_oid(oid, &ci.contentType);
-    if (ret)
-	return ret;
-    if (buf) {
-	ALLOC(ci.content, 1);
-	if (ci.content == NULL) {
-	    free_ContentInfo(&ci);
-	    return ENOMEM;
-	}
-	ci.content->data = malloc(buf->length);
-	if (ci.content->data == NULL) {
-	    free_ContentInfo(&ci);
-	    return ENOMEM;
-	}
-	memcpy(ci.content->data, buf->data, buf->length);
-	ci.content->length = buf->length;
-    }
-
-    ASN1_MALLOC_ENCODE(ContentInfo, res->data, res->length, &ci, &size, ret);
-    free_ContentInfo(&ci);
-    if (ret)
-	return ret;
-    if (res->length != size)
-	_hx509_abort("internal ASN.1 encoder error");
-
-    return 0;
-}
-
-/**
- * Decode an ContentInfo and unwrap data and oid it.
- *
- * @param in the encoded buffer.
- * @param oid type of the content.
- * @param out data to be wrapped.
- * @param have_data since the data is optional, this flags show dthe
- * diffrence between no data and the zero length data.
- *
- * @return Returns an hx509 error code.
- * 
- * @ingroup hx509_cms
- */
-
-int
-hx509_cms_unwrap_ContentInfo(const heim_octet_string *in,
-			     heim_oid *oid,
-			     heim_octet_string *out,
-			     int *have_data)
-{
-    ContentInfo ci;
-    size_t size;
-    int ret;
-
-    memset(oid, 0, sizeof(*oid));
-    memset(out, 0, sizeof(*out));
-
-    ret = decode_ContentInfo(in->data, in->length, &ci, &size);
-    if (ret)
-	return ret;
-
-    ret = der_copy_oid(&ci.contentType, oid);
-    if (ret) {
-	free_ContentInfo(&ci);
-	return ret;
-    }
-    if (ci.content) {
-	ret = der_copy_octet_string(ci.content, out);
-	if (ret) {
-	    der_free_oid(oid);
-	    free_ContentInfo(&ci);
-	    return ret;
-	}
-    } else
-	memset(out, 0, sizeof(*out));
-
-    if (have_data)
-	*have_data = (ci.content != NULL) ? 1 : 0;
-
-    free_ContentInfo(&ci);
-
-    return 0;
-}
-
-#define CMS_ID_SKI	0
-#define CMS_ID_NAME	1
-
-static int
-fill_CMSIdentifier(const hx509_cert cert,
-		   int type,
-		   CMSIdentifier *id)
-{
-    int ret;
-
-    switch (type) {
-    case CMS_ID_SKI:
-	id->element = choice_CMSIdentifier_subjectKeyIdentifier;
-	ret = _hx509_find_extension_subject_key_id(_hx509_get_cert(cert),
-						   &id->u.subjectKeyIdentifier);
-	if (ret == 0)
-	    break;
-	/* FALL THOUGH */
-    case CMS_ID_NAME: {
-	hx509_name name;
-
-	id->element = choice_CMSIdentifier_issuerAndSerialNumber;
-	ret = hx509_cert_get_issuer(cert, &name);
-	if (ret)
-	    return ret;
-	ret = hx509_name_to_Name(name, &id->u.issuerAndSerialNumber.issuer);
-	hx509_name_free(&name);
-	if (ret)
-	    return ret;
-
-	ret = hx509_cert_get_serialnumber(cert, &id->u.issuerAndSerialNumber.serialNumber);
-	break;
-    }
-    default:
-	_hx509_abort("CMS fill identifier with unknown type");
-    }
-    return ret;
-}
-
-static int
-unparse_CMSIdentifier(hx509_context context,
-		      CMSIdentifier *id,
-		      char **str)
-{
-    int ret;
-
-    *str = NULL;
-    switch (id->element) {
-    case choice_CMSIdentifier_issuerAndSerialNumber: {
-	IssuerAndSerialNumber *iasn;
-	char *serial, *name;
-
-	iasn = &id->u.issuerAndSerialNumber;
-
-	ret = _hx509_Name_to_string(&iasn->issuer, &name);
-	if(ret)
-	    return ret;
-	ret = der_print_hex_heim_integer(&iasn->serialNumber, &serial);
-	if (ret) {
-	    free(name);
-	    return ret;
-	}
-	asprintf(str, "certificate issued by %s with serial number %s",
-		 name, serial);
-	free(name);
-	free(serial);
-	break;
-    }
-    case choice_CMSIdentifier_subjectKeyIdentifier: {
-	KeyIdentifier *ki  = &id->u.subjectKeyIdentifier;
-	char *keyid;
-	ssize_t len;
-
-	len = hex_encode(ki->data, ki->length, &keyid);
-	if (len < 0)
-	    return ENOMEM;
-
-	asprintf(str, "certificate with id %s", keyid);
-	free(keyid);
-	break;
-    }
-    default:
-	asprintf(str, "certificate have unknown CMSidentifier type");
-	break;
-    }
-    if (*str == NULL)
-	return ENOMEM;
-    return 0;
-}
-
-static int
-find_CMSIdentifier(hx509_context context,
-		   CMSIdentifier *client,
-		   hx509_certs certs,
-		   hx509_cert *signer_cert,
-		   int match)
-{
-    hx509_query q;
-    hx509_cert cert;
-    Certificate c;
-    int ret;
-
-    memset(&c, 0, sizeof(c));
-    _hx509_query_clear(&q);
-
-    *signer_cert = NULL;
-
-    switch (client->element) {
-    case choice_CMSIdentifier_issuerAndSerialNumber:
-	q.serial = &client->u.issuerAndSerialNumber.serialNumber;
-	q.issuer_name = &client->u.issuerAndSerialNumber.issuer;
-	q.match = HX509_QUERY_MATCH_SERIALNUMBER|HX509_QUERY_MATCH_ISSUER_NAME;
-	break;
-    case choice_CMSIdentifier_subjectKeyIdentifier:
-	q.subject_id = &client->u.subjectKeyIdentifier;
-	q.match = HX509_QUERY_MATCH_SUBJECT_KEY_ID;
-	break;
-    default:
-	hx509_set_error_string(context, 0, HX509_CMS_NO_RECIPIENT_CERTIFICATE,
-			       "unknown CMS identifier element");
-	return HX509_CMS_NO_RECIPIENT_CERTIFICATE;
-    }
-
-    q.match |= match;
-
-    q.match |= HX509_QUERY_MATCH_TIME;
-    q.timenow = time(NULL);
-
-    ret = hx509_certs_find(context, certs, &q, &cert);
-    if (ret == HX509_CERT_NOT_FOUND) {
-	char *str;
-
-	ret = unparse_CMSIdentifier(context, client, &str);
-	if (ret == 0) {
-	    hx509_set_error_string(context, 0,
-				   HX509_CMS_NO_RECIPIENT_CERTIFICATE,
-				   "Failed to find %s", str);
-	} else
-	    hx509_clear_error_string(context);
-	return HX509_CMS_NO_RECIPIENT_CERTIFICATE;
-    } else if (ret) {
-	hx509_set_error_string(context, HX509_ERROR_APPEND,
-			       HX509_CMS_NO_RECIPIENT_CERTIFICATE,
-			       "Failed to find CMS id in cert store");
-	return HX509_CMS_NO_RECIPIENT_CERTIFICATE;
-    }
-
-    *signer_cert = cert;
-
-    return 0;
-}
-
-/**
- * Decode and unencrypt EnvelopedData.
- *
- * Extract data and parameteres from from the EnvelopedData. Also
- * supports using detached EnvelopedData.
- *
- * @param context A hx509 context.
- * @param certs Certificate that can decrypt the EnvelopedData
- * encryption key.
- * @param flags HX509_CMS_UE flags to control the behavior.
- * @param data pointer the structure the contains the DER/BER encoded
- * EnvelopedData stucture.
- * @param length length of the data that data point to.
- * @param encryptedContent in case of detached signature, this
- * contains the actual encrypted data, othersize its should be NULL.
- * @param contentType output type oid, should be freed with der_free_oid().
- * @param content the data, free with der_free_octet_string().
- *
- * @ingroup hx509_cms
- */
-
-int
-hx509_cms_unenvelope(hx509_context context,
-		     hx509_certs certs,
-		     int flags,
-		     const void *data,
-		     size_t length,
-		     const heim_octet_string *encryptedContent,
-		     heim_oid *contentType,
-		     heim_octet_string *content)
-{
-    heim_octet_string key;
-    EnvelopedData ed;
-    hx509_cert cert;
-    AlgorithmIdentifier *ai;
-    const heim_octet_string *enccontent;
-    heim_octet_string *params, params_data;
-    heim_octet_string ivec;
-    size_t size;
-    int ret, i, matched = 0, findflags = 0;
-
-
-    memset(&key, 0, sizeof(key));
-    memset(&ed, 0, sizeof(ed));
-    memset(&ivec, 0, sizeof(ivec));
-    memset(content, 0, sizeof(*content));
-    memset(contentType, 0, sizeof(*contentType));
-
-    if ((flags & HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT) == 0)
-	findflags |= HX509_QUERY_KU_ENCIPHERMENT;
-
-    ret = decode_EnvelopedData(data, length, &ed, &size);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret,
-			       "Failed to decode EnvelopedData");
-	return ret;
-    }
-
-    if (ed.recipientInfos.len == 0) {
-	ret = HX509_CMS_NO_RECIPIENT_CERTIFICATE;
-	hx509_set_error_string(context, 0, ret,
-			       "No recipient info in enveloped data");
-	goto out;
-    }
-
-    enccontent = ed.encryptedContentInfo.encryptedContent;
-    if (enccontent == NULL) {
-	if (encryptedContent == NULL) {
-	    ret = HX509_CMS_NO_DATA_AVAILABLE;
-	    hx509_set_error_string(context, 0, ret,
-				   "Content missing from encrypted data");
-	    goto out;
-	}
-	enccontent = encryptedContent;
-    } else if (encryptedContent != NULL) {
-	ret = HX509_CMS_NO_DATA_AVAILABLE;
-	hx509_set_error_string(context, 0, ret,
-			       "Both internal and external encrypted data");
-	goto out;
-    }
-
-    cert = NULL;
-    for (i = 0; i < ed.recipientInfos.len; i++) {
-	KeyTransRecipientInfo *ri;
-	char *str;
-	int ret2;
-
-	ri = &ed.recipientInfos.val[i];
-
-	ret = find_CMSIdentifier(context, &ri->rid, certs, &cert,
-				 HX509_QUERY_PRIVATE_KEY|findflags);
-	if (ret)
-	    continue;
-
-	matched = 1; /* found a matching certificate, let decrypt */
-
-	ret = _hx509_cert_private_decrypt(context,
-					  &ri->encryptedKey,
-					  &ri->keyEncryptionAlgorithm.algorithm,
-					  cert, &key);
-
-	hx509_cert_free(cert);
-	if (ret == 0)
-	    break; /* succuessfully decrypted cert */
-	cert = NULL;
-	ret2 = unparse_CMSIdentifier(context, &ri->rid, &str);
-	if (ret2 == 0) {
-	    hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
-				   "Failed to decrypt with %s", str);
-	    free(str);
-	}
-    }
-
-    if (!matched) {
-	ret = HX509_CMS_NO_RECIPIENT_CERTIFICATE;
-	hx509_set_error_string(context, 0, ret,
-			       "No private key matched any certificate");
-	goto out;
-    }
-
-    if (cert == NULL) {
-	ret = HX509_CMS_NO_RECIPIENT_CERTIFICATE;
-	hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
-			       "No private key decrypted the transfer key");
-	goto out;
-    }
-
-    ret = der_copy_oid(&ed.encryptedContentInfo.contentType, contentType);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret,
-			       "Failed to copy EnvelopedData content oid");
-	goto out;
-    }
-
-    ai = &ed.encryptedContentInfo.contentEncryptionAlgorithm;
-    if (ai->parameters) {
-	params_data.data = ai->parameters->data;
-	params_data.length = ai->parameters->length;
-	params = &params_data;
-    } else
-	params = NULL;
-
-    {
-	hx509_crypto crypto;
-
-	ret = hx509_crypto_init(context, NULL, &ai->algorithm, &crypto);
-	if (ret)
-	    goto out;
-	
-	if (params) {
-	    ret = hx509_crypto_set_params(context, crypto, params, &ivec);
-	    if (ret) {
-		hx509_crypto_destroy(crypto);
-		goto out;
-	    }
-	}
-
-	ret = hx509_crypto_set_key_data(crypto, key.data, key.length);
-	if (ret) {
-	    hx509_crypto_destroy(crypto);
-	    hx509_set_error_string(context, 0, ret,
-				   "Failed to set key for decryption "
-				   "of EnvelopedData");
-	    goto out;
-	}
-	
-	ret = hx509_crypto_decrypt(crypto,
-				   enccontent->data,
-				   enccontent->length,
-				   ivec.length ? &ivec : NULL,
-				   content);
-	hx509_crypto_destroy(crypto);
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret,
-				   "Failed to decrypt EnvelopedData");
-	    goto out;
-	}
-    }
-
-out:
-
-    free_EnvelopedData(&ed);
-    der_free_octet_string(&key);
-    if (ivec.length)
-	der_free_octet_string(&ivec);
-    if (ret) {
-	der_free_oid(contentType);
-	der_free_octet_string(content);
-    }
-
-    return ret;
-}
-
-/**
- * Encrypt end encode EnvelopedData.
- *
- * Encrypt and encode EnvelopedData. The data is encrypted with a
- * random key and the the random key is encrypted with the
- * certificates private key. This limits what private key type can be
- * used to RSA.
- *
- * @param context A hx509 context.
- * @param flags flags to control the behavior, no flags today
- * @param cert Certificate to encrypt the EnvelopedData encryption key
- * with.
- * @param data pointer the data to encrypt.
- * @param length length of the data that data point to.
- * @param encryption_type Encryption cipher to use for the bulk data,
- * use NULL to get default.
- * @param contentType type of the data that is encrypted
- * @param content the output of the function,
- * free with der_free_octet_string().
- *
- * @ingroup hx509_cms
- */
-
-int
-hx509_cms_envelope_1(hx509_context context,
-		     int flags,
-		     hx509_cert cert,
-		     const void *data,
-		     size_t length,
-		     const heim_oid *encryption_type,
-		     const heim_oid *contentType,
-		     heim_octet_string *content)
-{
-    KeyTransRecipientInfo *ri;
-    heim_octet_string ivec;
-    heim_octet_string key;
-    hx509_crypto crypto = NULL;
-    EnvelopedData ed;
-    size_t size;
-    int ret;
-
-    memset(&ivec, 0, sizeof(ivec));
-    memset(&key, 0, sizeof(key));
-    memset(&ed, 0, sizeof(ed));
-    memset(content, 0, sizeof(*content));
-
-    if (encryption_type == NULL)
-	encryption_type = oid_id_aes_256_cbc();
-
-    ret = _hx509_check_key_usage(context, cert, 1 << 2, TRUE);
-    if (ret)
-	goto out;
-
-    ret = hx509_crypto_init(context, NULL, encryption_type, &crypto);
-    if (ret)
-	goto out;
-
-    ret = hx509_crypto_set_random_key(crypto, &key);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret,
-			       "Create random key for EnvelopedData content");
-	goto out;
-    }
-
-    ret = hx509_crypto_random_iv(crypto, &ivec);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret,
-			       "Failed to create a random iv");
-	goto out;
-    }
-
-    ret = hx509_crypto_encrypt(crypto,
-			       data,
-			       length,
-			       &ivec,
-			       &ed.encryptedContentInfo.encryptedContent);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret,
-			       "Failed to encrypt EnvelopedData content");
-	goto out;
-    }
-
-    {
-	AlgorithmIdentifier *enc_alg;
-	enc_alg = &ed.encryptedContentInfo.contentEncryptionAlgorithm;
-	ret = der_copy_oid(encryption_type, &enc_alg->algorithm);
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret,
-				   "Failed to set crypto oid "
-				   "for EnvelopedData");
-	    goto out;
-	}	
-	ALLOC(enc_alg->parameters, 1);
-	if (enc_alg->parameters == NULL) {
-	    ret = ENOMEM;
-	    hx509_set_error_string(context, 0, ret,
-				   "Failed to allocate crypto paramaters "
-				   "for EnvelopedData");
-	    goto out;
-	}
-
-	ret = hx509_crypto_get_params(context,
-				      crypto,
-				      &ivec,
-				      enc_alg->parameters);
-	if (ret) {
-	    goto out;
-	}
-    }
-
-    ALLOC_SEQ(&ed.recipientInfos, 1);
-    if (ed.recipientInfos.val == NULL) {
-	ret = ENOMEM;
-	hx509_set_error_string(context, 0, ret,
-			       "Failed to allocate recipients info "
-			       "for EnvelopedData");
-	goto out;
-    }
-
-    ri = &ed.recipientInfos.val[0];
-
-    ri->version = 0;
-    ret = fill_CMSIdentifier(cert, CMS_ID_SKI, &ri->rid);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret,
-			       "Failed to set CMS identifier info "
-			       "for EnvelopedData");
-	goto out;
-    }
-
-    ret = _hx509_cert_public_encrypt(context,
-				     &key, cert,
-				     &ri->keyEncryptionAlgorithm.algorithm,
-				     &ri->encryptedKey);
-    if (ret) {
-	hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
-			       "Failed to encrypt transport key for "
-			       "EnvelopedData");
-	goto out;
-    }
-
-    /*
-     *
-     */
-
-    ed.version = 0;
-    ed.originatorInfo = NULL;
-
-    ret = der_copy_oid(contentType, &ed.encryptedContentInfo.contentType);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret,
-			       "Failed to copy content oid for "
-			       "EnvelopedData");
-	goto out;
-    }
-
-    ed.unprotectedAttrs = NULL;
-
-    ASN1_MALLOC_ENCODE(EnvelopedData, content->data, content->length,
-		       &ed, &size, ret);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret,
-			       "Failed to encode EnvelopedData");
-	goto out;
-    }
-    if (size != content->length)
-	_hx509_abort("internal ASN.1 encoder error");
-
-out:
-    if (crypto)
-	hx509_crypto_destroy(crypto);
-    if (ret)
-	der_free_octet_string(content);
-    der_free_octet_string(&key);
-    der_free_octet_string(&ivec);
-    free_EnvelopedData(&ed);
-
-    return ret;
-}
-
-static int
-any_to_certs(hx509_context context, const SignedData *sd, hx509_certs certs)
-{
-    int ret, i;
-
-    if (sd->certificates == NULL)
-	return 0;
-
-    for (i = 0; i < sd->certificates->len; i++) {
-	hx509_cert c;
-
-	ret = hx509_cert_init_data(context, 
-				   sd->certificates->val[i].data, 
-				   sd->certificates->val[i].length,
-				   &c);
-	if (ret)
-	    return ret;
-	ret = hx509_certs_add(context, certs, c);
-	hx509_cert_free(c);
-	if (ret)
-	    return ret;
-    }
-
-    return 0;
-}
-
-static const Attribute *
-find_attribute(const CMSAttributes *attr, const heim_oid *oid)
-{
-    int i;
-    for (i = 0; i < attr->len; i++)
-	if (der_heim_oid_cmp(&attr->val[i].type, oid) == 0)
-	    return &attr->val[i];
-    return NULL;
-}
-
-/**
- * Decode SignedData and verify that the signature is correct.
- *
- * @param context A hx509 context.
- * @param ctx a hx509 version context
- * @param data
- * @param length length of the data that data point to.
- * @param signedContent
- * @param pool certificate pool to build certificates paths.
- * @param contentType free with der_free_oid()
- * @param content the output of the function, free with
- * der_free_octet_string().
- * @param signer_certs list of the cerficates used to sign this
- * request, free with hx509_certs_free().
- *
- * @ingroup hx509_cms
- */
-
-int
-hx509_cms_verify_signed(hx509_context context,
-			hx509_verify_ctx ctx,
-			const void *data,
-			size_t length,
-			const heim_octet_string *signedContent,
-			hx509_certs pool,
-			heim_oid *contentType,
-			heim_octet_string *content,
-			hx509_certs *signer_certs)
-{
-    SignerInfo *signer_info;
-    hx509_cert cert = NULL;
-    hx509_certs certs = NULL;
-    SignedData sd;
-    size_t size;
-    int ret, i, found_valid_sig;
-
-    *signer_certs = NULL;
-    content->data = NULL;
-    content->length = 0;
-    contentType->length = 0;
-    contentType->components = NULL;
-
-    memset(&sd, 0, sizeof(sd));
-
-    ret = decode_SignedData(data, length, &sd, &size);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret,
-			       "Failed to decode SignedData");
-	goto out;
-    }
-
-    if (sd.encapContentInfo.eContent == NULL && signedContent == NULL) {
-	ret = HX509_CMS_NO_DATA_AVAILABLE;
-	hx509_set_error_string(context, 0, ret,
-			       "No content data in SignedData");
-	goto out;
-    }
-    if (sd.encapContentInfo.eContent && signedContent) {
-	ret = HX509_CMS_NO_DATA_AVAILABLE;
-	hx509_set_error_string(context, 0, ret,
-			       "Both external and internal SignedData");
-	goto out;
-    }
-    if (sd.encapContentInfo.eContent)
-	signedContent = sd.encapContentInfo.eContent;
-
-    ret = hx509_certs_init(context, "MEMORY:cms-cert-buffer",
-			   0, NULL, &certs);
-    if (ret)
-	goto out;
-
-    ret = hx509_certs_init(context, "MEMORY:cms-signer-certs",
-			   0, NULL, signer_certs);
-    if (ret)
-	goto out;
-
-    /* XXX Check CMS version */
-
-    ret = any_to_certs(context, &sd, certs);
-    if (ret)
-	goto out;
-
-    if (pool) {
-	ret = hx509_certs_merge(context, certs, pool);
-	if (ret)
-	    goto out;
-    }
-
-    for (found_valid_sig = 0, i = 0; i < sd.signerInfos.len; i++) {
-	heim_octet_string *signed_data;
-	const heim_oid *match_oid;
-	heim_oid decode_oid;
-
-	signer_info = &sd.signerInfos.val[i];
-	match_oid = NULL;
-
-	if (signer_info->signature.length == 0) {
-	    ret = HX509_CMS_MISSING_SIGNER_DATA;
-	    hx509_set_error_string(context, 0, ret,
-				   "SignerInfo %d in SignedData "
-				   "missing sigature", i);
-	    continue;
-	}
-
-	ret = find_CMSIdentifier(context, &signer_info->sid, certs, &cert,
-				 HX509_QUERY_KU_DIGITALSIGNATURE);
-	if (ret)
-	    continue;
-
-	if (signer_info->signedAttrs) {
-	    const Attribute *attr;
-	
-	    CMSAttributes sa;
-	    heim_octet_string os;
-
-	    sa.val = signer_info->signedAttrs->val;
-	    sa.len = signer_info->signedAttrs->len;
-
-	    /* verify that sigature exists */
-	    attr = find_attribute(&sa, oid_id_pkcs9_messageDigest());
-	    if (attr == NULL) {
-		ret = HX509_CRYPTO_SIGNATURE_MISSING;
-		hx509_set_error_string(context, 0, ret,
-				       "SignerInfo have signed attributes "
-				       "but messageDigest (signature) "
-				       "is missing");
-		goto next_sigature;
-	    }
-	    if (attr->value.len != 1) {
-		ret = HX509_CRYPTO_SIGNATURE_MISSING;
-		hx509_set_error_string(context, 0, ret,
-				       "SignerInfo have more then one "
-				       "messageDigest (signature)");
-		goto next_sigature;
-	    }
-	
-	    ret = decode_MessageDigest(attr->value.val[0].data,
-				       attr->value.val[0].length,
-				       &os,
-				       &size);
-	    if (ret) {
-		hx509_set_error_string(context, 0, ret,
-				       "Failed to decode "
-				       "messageDigest (signature)");
-		goto next_sigature;
-	    }
-
-	    ret = _hx509_verify_signature(context,
-					  NULL,
-					  &signer_info->digestAlgorithm,
-					  signedContent,
-					  &os);
-	    der_free_octet_string(&os);
-	    if (ret) {
-		hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
-				       "Failed to verify messageDigest");
-		goto next_sigature;
-	    }
-
-	    /*
-	     * Fetch content oid inside signedAttrs or set it to
-	     * id-pkcs7-data.
-	     */
-	    attr = find_attribute(&sa, oid_id_pkcs9_contentType());
-	    if (attr == NULL) {
-		match_oid = oid_id_pkcs7_data();
-	    } else {
-		if (attr->value.len != 1) {
-		    ret = HX509_CMS_DATA_OID_MISMATCH;
-		    hx509_set_error_string(context, 0, ret,
-					   "More then one oid in signedAttrs");
-		    goto next_sigature;
-
-		}
-		ret = decode_ContentType(attr->value.val[0].data,
-					 attr->value.val[0].length,
-					 &decode_oid,
-					 &size);
-		if (ret) {
-		    hx509_set_error_string(context, 0, ret,
-					   "Failed to decode "
-					   "oid in signedAttrs");
-		    goto next_sigature;
-		}
-		match_oid = &decode_oid;
-	    }
-
-	    ALLOC(signed_data, 1);
-	    if (signed_data == NULL) {
-		if (match_oid == &decode_oid)
-		    der_free_oid(&decode_oid);
-		ret = ENOMEM;
-		hx509_clear_error_string(context);
-		goto next_sigature;
-	    }
-	
-	    ASN1_MALLOC_ENCODE(CMSAttributes,
-			       signed_data->data,
-			       signed_data->length,
-			       &sa,
-			       &size, ret);
-	    if (ret) {
-		if (match_oid == &decode_oid)
-		    der_free_oid(&decode_oid);
-		free(signed_data);
-		hx509_clear_error_string(context);
-		goto next_sigature;
-	    }
-	    if (size != signed_data->length)
-		_hx509_abort("internal ASN.1 encoder error");
-
-	} else {
-	    signed_data = rk_UNCONST(signedContent);
-	    match_oid = oid_id_pkcs7_data();
-	}
-
-	if (der_heim_oid_cmp(match_oid, &sd.encapContentInfo.eContentType)) {
-	    ret = HX509_CMS_DATA_OID_MISMATCH;
-	    hx509_set_error_string(context, 0, ret,
-				   "Oid in message mismatch from the expected");
-	}
-	if (match_oid == &decode_oid)
-	    der_free_oid(&decode_oid);
-
-	if (ret == 0) {
-	    ret = hx509_verify_signature(context,
-					 cert,
-					 &signer_info->signatureAlgorithm,
-					 signed_data,
-					 &signer_info->signature);
-	    if (ret)
-		hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
-				       "Failed to verify sigature in "
-				       "CMS SignedData");
-	}
-	if (signed_data != signedContent) {
-	    der_free_octet_string(signed_data);
-	    free(signed_data);
-	}
-	if (ret)
-	    goto next_sigature;
-
-	ret = hx509_verify_path(context, ctx, cert, certs);
-	if (ret)
-	    goto next_sigature;
-
-	ret = hx509_certs_add(context, *signer_certs, cert);
-	if (ret)
-	    goto next_sigature;
-
-	found_valid_sig++;
-
-    next_sigature:
-	if (cert)
-	    hx509_cert_free(cert);
-	cert = NULL;
-    }
-    if (found_valid_sig == 0) {
-	if (ret == 0) {
-	    ret = HX509_CMS_SIGNER_NOT_FOUND;
-	    hx509_set_error_string(context, 0, ret,
-				   "No signers where found");
-	}
-	goto out;
-    }
-
-    ret = der_copy_oid(&sd.encapContentInfo.eContentType, contentType);
-    if (ret) {
-	hx509_clear_error_string(context);
-	goto out;
-    }
-
-    content->data = malloc(signedContent->length);
-    if (content->data == NULL) {
-	hx509_clear_error_string(context);
-	ret = ENOMEM;
-	goto out;
-    }
-    content->length = signedContent->length;
-    memcpy(content->data, signedContent->data, content->length);
-
-out:
-    free_SignedData(&sd);
-    if (certs)
-	hx509_certs_free(&certs);
-    if (ret) {
-	if (*signer_certs)
-	    hx509_certs_free(signer_certs);
-	der_free_oid(contentType);
-	der_free_octet_string(content);
-    }
-
-    return ret;
-}
-
-static int
-add_one_attribute(Attribute **attr,
-		  unsigned int *len,
-		  const heim_oid *oid,
-		  heim_octet_string *data)
-{
-    void *d;
-    int ret;
-
-    d = realloc(*attr, sizeof((*attr)[0]) * (*len + 1));
-    if (d == NULL)
-	return ENOMEM;
-    (*attr) = d;
-
-    ret = der_copy_oid(oid, &(*attr)[*len].type);
-    if (ret)
-	return ret;
-
-    ALLOC_SEQ(&(*attr)[*len].value, 1);
-    if ((*attr)[*len].value.val == NULL) {
-	der_free_oid(&(*attr)[*len].type);
-	return ENOMEM;
-    }
-
-    (*attr)[*len].value.val[0].data = data->data;
-    (*attr)[*len].value.val[0].length = data->length;
-
-    *len += 1;
-
-    return 0;
-}
-	
-/**
- * Decode SignedData and verify that the signature is correct.
- *
- * @param context A hx509 context.
- * @param flags
- * @param eContentType the type of the data.
- * @param data data to sign
- * @param length length of the data that data point to.
- * @param digest_alg digest algorithm to use, use NULL to get the
- * default or the peer determined algorithm.
- * @param cert certificate to use for sign the data.
- * @param peer info about the peer the message to send the message to,
- * like what digest algorithm to use.
- * @param anchors trust anchors that the client will use, used to
- * polulate the certificates included in the message
- * @param pool certificates to use in try to build the path to the
- * trust anchors.
- * @param signed_data the output of the function, free with
- * der_free_octet_string().
- *
- * @ingroup hx509_cms
- */
-
-int
-hx509_cms_create_signed_1(hx509_context context,
-			  int flags,
-			  const heim_oid *eContentType,
-			  const void *data, size_t length,
-			  const AlgorithmIdentifier *digest_alg,
-			  hx509_cert cert,
-			  hx509_peer_info peer,
-			  hx509_certs anchors,
-			  hx509_certs pool,
-			  heim_octet_string *signed_data)
-{
-    AlgorithmIdentifier digest;
-    hx509_name name;
-    SignerInfo *signer_info;
-    heim_octet_string buf, content, sigdata = { 0, NULL };
-    SignedData sd;
-    int ret;
-    size_t size;
-    hx509_path path;
-    int cmsidflag = CMS_ID_SKI;
-
-    memset(&sd, 0, sizeof(sd));
-    memset(&name, 0, sizeof(name));
-    memset(&path, 0, sizeof(path));
-    memset(&digest, 0, sizeof(digest));
-
-    content.data = rk_UNCONST(data);
-    content.length = length;
-
-    if (flags & HX509_CMS_SIGATURE_ID_NAME)
-	cmsidflag = CMS_ID_NAME;
-
-    if (_hx509_cert_private_key(cert) == NULL) {
-	hx509_set_error_string(context, 0, HX509_PRIVATE_KEY_MISSING,
-			       "Private key missing for signing");
-	return HX509_PRIVATE_KEY_MISSING;
-    }
-
-    if (digest_alg == NULL) {
-	ret = hx509_crypto_select(context, HX509_SELECT_DIGEST,
-				  _hx509_cert_private_key(cert), peer, &digest);
-    } else {
-	ret = copy_AlgorithmIdentifier(digest_alg, &digest);
-	if (ret)
-	    hx509_clear_error_string(context);
-    }
-    if (ret)
-	goto out;
-
-    sd.version = CMSVersion_v3;
-
-    if (eContentType == NULL)
-	eContentType = oid_id_pkcs7_data();
-
-    der_copy_oid(eContentType, &sd.encapContentInfo.eContentType);
-
-    /* */
-    if ((flags & HX509_CMS_SIGATURE_DETACHED) == 0) {
-	ALLOC(sd.encapContentInfo.eContent, 1);
-	if (sd.encapContentInfo.eContent == NULL) {
-	    hx509_clear_error_string(context);
-	    ret = ENOMEM;
-	    goto out;
-	}
-	
-	sd.encapContentInfo.eContent->data = malloc(length);
-	if (sd.encapContentInfo.eContent->data == NULL) {
-	    hx509_clear_error_string(context);
-	    ret = ENOMEM;
-	    goto out;
-	}
-	memcpy(sd.encapContentInfo.eContent->data, data, length);
-	sd.encapContentInfo.eContent->length = length;
-    }
-
-    ALLOC_SEQ(&sd.signerInfos, 1);
-    if (sd.signerInfos.val == NULL) {
-	hx509_clear_error_string(context);
-	ret = ENOMEM;
-	goto out;
-    }
-
-    signer_info = &sd.signerInfos.val[0];
-
-    signer_info->version = 1;
-
-    ret = fill_CMSIdentifier(cert, cmsidflag, &signer_info->sid);
-    if (ret) {
-	hx509_clear_error_string(context);
-	goto out;
-    }			
-
-    signer_info->signedAttrs = NULL;
-    signer_info->unsignedAttrs = NULL;
-
-
-    ret = copy_AlgorithmIdentifier(&digest, &signer_info->digestAlgorithm);
-    if (ret) {
-	hx509_clear_error_string(context);
-	goto out;
-    }
-
-    /*
-     * If it isn't pkcs7-data send signedAttributes
-     */
-
-    if (der_heim_oid_cmp(eContentType, oid_id_pkcs7_data()) != 0) {
-	CMSAttributes sa;	
-	heim_octet_string sig;
-
-	ALLOC(signer_info->signedAttrs, 1);
-	if (signer_info->signedAttrs == NULL) {
-	    ret = ENOMEM;
-	    goto out;
-	}
-
-	ret = _hx509_create_signature(context,
-				      NULL,
-				      &digest,
-				      &content,
-				      NULL,
-				      &sig);
-	if (ret)
-	    goto out;
-
-	ASN1_MALLOC_ENCODE(MessageDigest,
-			   buf.data,
-			   buf.length,
-			   &sig,
-			   &size,
-			   ret);
-	der_free_octet_string(&sig);
-	if (ret) {
-	    hx509_clear_error_string(context);
-	    goto out;
-	}
-	if (size != buf.length)
-	    _hx509_abort("internal ASN.1 encoder error");
-
-	ret = add_one_attribute(&signer_info->signedAttrs->val,
-				&signer_info->signedAttrs->len,
-				oid_id_pkcs9_messageDigest(),
-				&buf);
-	if (ret) {
-	    hx509_clear_error_string(context);
-	    goto out;
-	}
-
-
-	ASN1_MALLOC_ENCODE(ContentType,
-			   buf.data,
-			   buf.length,
-			   eContentType,
-			   &size,
-			   ret);
-	if (ret)
-	    goto out;
-	if (size != buf.length)
-	    _hx509_abort("internal ASN.1 encoder error");
-
-	ret = add_one_attribute(&signer_info->signedAttrs->val,
-				&signer_info->signedAttrs->len,
-				oid_id_pkcs9_contentType(),
-				&buf);
-	if (ret) {
-	    hx509_clear_error_string(context);
-	    goto out;
-	}
-
-	sa.val = signer_info->signedAttrs->val;
-	sa.len = signer_info->signedAttrs->len;
-	
-	ASN1_MALLOC_ENCODE(CMSAttributes,
-			   sigdata.data,
-			   sigdata.length,
-			   &sa,
-			   &size,
-			   ret);
-	if (ret) {
-	    hx509_clear_error_string(context);
-	    goto out;
-	}
-	if (size != sigdata.length)
-	    _hx509_abort("internal ASN.1 encoder error");
-    } else {
-	sigdata.data = content.data;
-	sigdata.length = content.length;
-    }
-
-
-    {
-	AlgorithmIdentifier sigalg;
-
-	ret = hx509_crypto_select(context, HX509_SELECT_PUBLIC_SIG,
-				  _hx509_cert_private_key(cert), peer,
-				  &sigalg);
-	if (ret)
-	    goto out;
-
-	ret = _hx509_create_signature(context,
-				      _hx509_cert_private_key(cert),
-				      &sigalg,
-				      &sigdata,
-				      &signer_info->signatureAlgorithm,
-				      &signer_info->signature);
-	free_AlgorithmIdentifier(&sigalg);
-	if (ret)
-	    goto out;
-    }
-
-    ALLOC_SEQ(&sd.digestAlgorithms, 1);
-    if (sd.digestAlgorithms.val == NULL) {
-	ret = ENOMEM;
-	hx509_clear_error_string(context);
-	goto out;
-    }
-
-    ret = copy_AlgorithmIdentifier(&digest, &sd.digestAlgorithms.val[0]);
-    if (ret) {
-	hx509_clear_error_string(context);
-	goto out;
-    }
-
-    /*
-     * Provide best effort path
-     */
-    if (pool) {
-	_hx509_calculate_path(context,
-			      HX509_CALCULATE_PATH_NO_ANCHOR,			      
-			      time(NULL),
-			      anchors,
-			      0,
-			      cert,
-			      pool,
-			      &path);
-    } else
-	_hx509_path_append(context, &path, cert);
-
-
-    if (path.len) {
-	int i;
-
-	ALLOC(sd.certificates, 1);
-	if (sd.certificates == NULL) {
-	    hx509_clear_error_string(context);
-	    ret = ENOMEM;
-	    goto out;
-	}
-	ALLOC_SEQ(sd.certificates, path.len);
-	if (sd.certificates->val == NULL) {
-	    hx509_clear_error_string(context);
-	    ret = ENOMEM;
-	    goto out;
-	}
-
-	for (i = 0; i < path.len; i++) {
-	    ret = hx509_cert_binary(context, path.val[i],
-				    &sd.certificates->val[i]);
-	    if (ret) {
-		hx509_clear_error_string(context);
-		goto out;
-	    }
-	}
-    }
-
-    ASN1_MALLOC_ENCODE(SignedData,
-		       signed_data->data, signed_data->length,
-		       &sd, &size, ret);
-    if (ret) {
-	hx509_clear_error_string(context);
-	goto out;
-    }
-    if (signed_data->length != size)
-	_hx509_abort("internal ASN.1 encoder error");
-
-out:
-    if (sigdata.data != content.data)
-	der_free_octet_string(&sigdata);
-    free_AlgorithmIdentifier(&digest);
-    _hx509_path_free(&path);
-    free_SignedData(&sd);
-
-    return ret;
-}
-
-int
-hx509_cms_decrypt_encrypted(hx509_context context,
-			    hx509_lock lock,
-			    const void *data,
-			    size_t length,
-			    heim_oid *contentType,
-			    heim_octet_string *content)
-{
-    heim_octet_string cont;
-    CMSEncryptedData ed;
-    AlgorithmIdentifier *ai;
-    int ret;
-
-    memset(content, 0, sizeof(*content));
-    memset(&cont, 0, sizeof(cont));
-
-    ret = decode_CMSEncryptedData(data, length, &ed, NULL);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret,
-			       "Failed to decode CMSEncryptedData");
-	return ret;
-    }
-
-    if (ed.encryptedContentInfo.encryptedContent == NULL) {
-	ret = HX509_CMS_NO_DATA_AVAILABLE;
-	hx509_set_error_string(context, 0, ret,
-			       "No content in EncryptedData");
-	goto out;
-    }
-
-    ret = der_copy_oid(&ed.encryptedContentInfo.contentType, contentType);
-    if (ret) {
-	hx509_clear_error_string(context);
-	goto out;
-    }
-
-    ai = &ed.encryptedContentInfo.contentEncryptionAlgorithm;
-    if (ai->parameters == NULL) {
-	ret = HX509_ALG_NOT_SUPP;
-	hx509_clear_error_string(context);
-	goto out;
-    }
-
-    ret = _hx509_pbe_decrypt(context,
-			     lock,
-			     ai,
-			     ed.encryptedContentInfo.encryptedContent,
-			     &cont);
-    if (ret)
-	goto out;
-
-    *content = cont;
-
-out:
-    if (ret) {
-	if (cont.data)
-	    free(cont.data);
-    }
-    free_CMSEncryptedData(&ed);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/hx509/collector.c b/crypto/heimdal/lib/hx509/collector.c
deleted file mode 100644
index 8b6ffcb94567..000000000000
--- a/crypto/heimdal/lib/hx509/collector.c
+++ /dev/null
@@ -1,329 +0,0 @@
-/*
- * Copyright (c) 2004 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-RCSID("$Id: collector.c 20778 2007-06-01 22:04:13Z lha $");
-
-struct private_key {
-    AlgorithmIdentifier alg;
-    hx509_private_key private_key;
-    heim_octet_string localKeyId;
-};
-
-struct hx509_collector {
-    hx509_lock lock;
-    hx509_certs unenvelop_certs;
-    hx509_certs certs;
-    struct {
-	struct private_key **data;
-	size_t len;
-    } val;
-};
-
-
-int
-_hx509_collector_alloc(hx509_context context, hx509_lock lock, struct hx509_collector **collector)
-{
-    struct hx509_collector *c;
-    int ret;
-
-    *collector = NULL;
-
-    c = calloc(1, sizeof(*c));
-    if (c == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-    c->lock = lock;
-
-    ret = hx509_certs_init(context, "MEMORY:collector-unenvelop-cert",
-			   0,NULL, &c->unenvelop_certs);
-    if (ret) {
-	free(c);
-	return ret;
-    }
-    c->val.data = NULL;
-    c->val.len = 0;
-    ret = hx509_certs_init(context, "MEMORY:collector-tmp-store",
-			   0, NULL, &c->certs);
-    if (ret) {
-	hx509_certs_free(&c->unenvelop_certs);
-	free(c);
-	return ret;
-    }
-
-    *collector = c;
-    return 0;
-}
-
-hx509_lock
-_hx509_collector_get_lock(struct hx509_collector *c)
-{
-    return c->lock;
-}
-
-
-int
-_hx509_collector_certs_add(hx509_context context,
-			   struct hx509_collector *c,
-			   hx509_cert cert)
-{
-    return hx509_certs_add(context, c->certs, cert);
-}
-
-static void
-free_private_key(struct private_key *key)
-{
-    free_AlgorithmIdentifier(&key->alg);
-    if (key->private_key)
-	_hx509_private_key_free(&key->private_key);
-    der_free_octet_string(&key->localKeyId);
-    free(key);
-}
-
-int
-_hx509_collector_private_key_add(hx509_context context,
-				 struct hx509_collector *c, 
-				 const AlgorithmIdentifier *alg,
-				 hx509_private_key private_key,
-				 const heim_octet_string *key_data,
-				 const heim_octet_string *localKeyId)
-{
-    struct private_key *key;
-    void *d;
-    int ret;
-
-    key = calloc(1, sizeof(*key));
-    if (key == NULL)
-	return ENOMEM;
-
-    d = realloc(c->val.data, (c->val.len + 1) * sizeof(c->val.data[0]));
-    if (d == NULL) {
-	free(key);
-	hx509_set_error_string(context, 0, ENOMEM, "Out of memory");
-	return ENOMEM;
-    }
-    c->val.data = d;
-	
-    ret = copy_AlgorithmIdentifier(alg, &key->alg);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "Failed to copy "
-			       "AlgorithmIdentifier");
-	goto out;
-    }
-    if (private_key) {
-	key->private_key = private_key;
-    } else {
-	ret = _hx509_parse_private_key(context, &alg->algorithm,
-				       key_data->data, key_data->length,
-				       &key->private_key);
-	if (ret)
-	    goto out;
-    }
-    if (localKeyId) {
-	ret = der_copy_octet_string(localKeyId, &key->localKeyId);
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret, 
-				   "Failed to copy localKeyId");
-	    goto out;
-	}
-    } else
-	memset(&key->localKeyId, 0, sizeof(key->localKeyId));
-
-    c->val.data[c->val.len] = key;
-    c->val.len++;
-
-out:
-    if (ret)
-	free_private_key(key);
-
-    return ret;
-}
-
-static int
-match_localkeyid(hx509_context context,
-		 struct private_key *value,
-		 hx509_certs certs)
-{
-    hx509_cert cert;
-    hx509_query q;
-    int ret;
-
-    if (value->localKeyId.length == 0) {
-	hx509_set_error_string(context, 0, HX509_LOCAL_ATTRIBUTE_MISSING,
-			       "No local key attribute on private key");
-	return HX509_LOCAL_ATTRIBUTE_MISSING;
-    }
-
-    _hx509_query_clear(&q);
-    q.match |= HX509_QUERY_MATCH_LOCAL_KEY_ID;
-    
-    q.local_key_id = &value->localKeyId;
-    
-    ret = hx509_certs_find(context, certs, &q, &cert);
-    if (ret == 0) {
-	
-	if (value->private_key)
-	    _hx509_cert_assign_key(cert, value->private_key);
-	hx509_cert_free(cert);
-    }
-    return ret;
-}
-
-static int
-match_keys(hx509_context context, struct private_key *value, hx509_certs certs)
-{
-    hx509_cursor cursor;
-    hx509_cert c;
-    int ret, found = HX509_CERT_NOT_FOUND;
-
-    if (value->private_key == NULL) {
-	hx509_set_error_string(context, 0, HX509_PRIVATE_KEY_MISSING, 
-			       "No private key to compare with");
-	return HX509_PRIVATE_KEY_MISSING;
-    }
-
-    ret = hx509_certs_start_seq(context, certs, &cursor);
-    if (ret)
-	return ret;
-
-    c = NULL;
-    while (1) {
-	ret = hx509_certs_next_cert(context, certs, cursor, &c);
-	if (ret)
-	    break;
-	if (c == NULL)
-	    break;
-	if (_hx509_cert_private_key(c)) {
-	    hx509_cert_free(c);
-	    continue;
-	}
-
-	ret = _hx509_match_keys(c, value->private_key);
-	if (ret) {
-	    _hx509_cert_assign_key(c, value->private_key);
-	    hx509_cert_free(c);
-	    found = 0;
-	    break;
-	}
-	hx509_cert_free(c);
-    }
-
-    hx509_certs_end_seq(context, certs, cursor);
-
-    if (found)
-	hx509_clear_error_string(context);
-
-    return found;
-}
-
-int
-_hx509_collector_collect_certs(hx509_context context, 
-			       struct hx509_collector *c,
-			       hx509_certs *ret_certs)
-{
-    hx509_certs certs;
-    int ret, i;
-
-    *ret_certs = NULL;
-
-    ret = hx509_certs_init(context, "MEMORY:collector-store", 0, NULL, &certs);
-    if (ret)
-	return ret;
-
-    ret = hx509_certs_merge(context, certs, c->certs);
-    if (ret) {
-	hx509_certs_free(&certs);
-	return ret;
-    }
-
-    for (i = 0; i < c->val.len; i++) {
-	ret = match_localkeyid(context, c->val.data[i], certs);
-	if (ret == 0)
-	    continue;
-	ret = match_keys(context, c->val.data[i], certs);
-	if (ret == 0)
-	    continue;
-    }
-
-    *ret_certs = certs;
-
-    return 0;
-}
-
-int
-_hx509_collector_collect_private_keys(hx509_context context, 
-				      struct hx509_collector *c,
-				      hx509_private_key **keys)
-{
-    int i, nkeys;
-
-    *keys = NULL;
-
-    for (i = 0, nkeys = 0; i < c->val.len; i++)
-	if (c->val.data[i]->private_key)
-	    nkeys++;
-
-    *keys = calloc(nkeys + 1, sizeof(**keys));
-    if (*keys == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "malloc - out of memory");
-	return ENOMEM;
-    }
-
-    for (i = 0, nkeys = 0; i < c->val.len; i++) {
- 	if (c->val.data[i]->private_key) {
-	    (*keys)[nkeys++] = c->val.data[i]->private_key;
-	    c->val.data[i]->private_key = NULL;
-	}
-    }
-    (*keys)[nkeys++] = NULL;
-
-    return 0;
-}
-
-
-void
-_hx509_collector_free(struct hx509_collector *c)
-{
-    int i;
-
-    if (c->unenvelop_certs)
-	hx509_certs_free(&c->unenvelop_certs);
-    if (c->certs)
-	hx509_certs_free(&c->certs);
-    for (i = 0; i < c->val.len; i++)
-	free_private_key(c->val.data[i]);
-    if (c->val.data)
-	free(c->val.data);
-    free(c);
-}
diff --git a/crypto/heimdal/lib/hx509/crmf.asn1 b/crypto/heimdal/lib/hx509/crmf.asn1
deleted file mode 100644
index 97ade264ae2c..000000000000
--- a/crypto/heimdal/lib/hx509/crmf.asn1
+++ /dev/null
@@ -1,113 +0,0 @@
--- $Id: crmf.asn1 17102 2006-04-18 13:05:21Z lha $
-PKCS10 DEFINITIONS ::=
-
-BEGIN
-
-IMPORTS
-	Time,
-	GeneralName,
-	SubjectPublicKeyInfo,
-	RelativeDistinguishedName,
-	AttributeTypeAndValue,
-	Extension,
-	AlgorithmIdentifier
-	FROM rfc2459
-	heim_any
-	FROM heim;
-
-CRMFRDNSequence ::= SEQUENCE OF RelativeDistinguishedName
-
-Controls  ::= SEQUENCE -- SIZE(1..MAX) -- OF AttributeTypeAndValue
-
--- XXX IMPLICIT brokenness
-POPOSigningKey ::= SEQUENCE {
-	poposkInput           [0] IMPLICIT POPOSigningKeyInput OPTIONAL,
-	algorithmIdentifier   AlgorithmIdentifier,
-	signature             BIT STRING }
-
-PKMACValue ::= SEQUENCE {
-	algId  AlgorithmIdentifier,
-	value  BIT STRING
-}
-
--- XXX IMPLICIT brokenness
-POPOSigningKeyInput ::= SEQUENCE {
-	authInfo            CHOICE {
-		sender              [0] IMPLICIT GeneralName,
-		publicKeyMAC        PKMACValue
-	},
-	publicKey           SubjectPublicKeyInfo
-}  -- from CertTemplate
-
-
-PBMParameter ::= SEQUENCE {
-   salt                OCTET STRING,
-   owf                 AlgorithmIdentifier,
-   iterationCount      INTEGER,
-   mac                 AlgorithmIdentifier
-}
-
-SubsequentMessage ::= INTEGER {
-	encrCert (0),
-	challengeResp (1)
-}
-
--- XXX IMPLICIT brokenness
-POPOPrivKey ::= CHOICE {
-	thisMessage       [0] BIT STRING,         -- Deprecated
-	subsequentMessage [1] IMPLICIT SubsequentMessage,
-	dhMAC             [2] BIT STRING,         -- Deprecated
-	agreeMAC          [3] IMPLICIT PKMACValue,
-	encryptedKey      [4] heim_any
-}
-
--- XXX IMPLICIT brokenness
-ProofOfPossession ::= CHOICE {
-	raVerified        [0] NULL,
-	signature         [1] POPOSigningKey,
-	keyEncipherment   [2] POPOPrivKey,
-	keyAgreement      [3] POPOPrivKey
-}
-
-CertTemplate ::= SEQUENCE {
-	version      [0] INTEGER OPTIONAL,
-	serialNumber [1] INTEGER OPTIONAL,
-	signingAlg   [2] SEQUENCE {
-		algorithm	OBJECT IDENTIFIER,
-		parameters	heim_any OPTIONAL
-	} -- AlgorithmIdentifier --   OPTIONAL,
-	issuer       [3] IMPLICIT CHOICE {
-		rdnSequence  CRMFRDNSequence
-	} -- Name --  OPTIONAL,
-	validity     [4] SEQUENCE {
-		notBefore  [0] Time OPTIONAL,
-		notAfter   [1] Time OPTIONAL
-	} -- OptionalValidity -- OPTIONAL,
-	subject      [5] IMPLICIT CHOICE {
-		rdnSequence  CRMFRDNSequence
-	} -- Name -- OPTIONAL,
-	publicKey    [6] IMPLICIT SEQUENCE  {
-		algorithm            AlgorithmIdentifier,
-		subjectPublicKey     BIT STRING OPTIONAL
-	} -- SubjectPublicKeyInfo -- OPTIONAL,
-	issuerUID    [7] IMPLICIT BIT STRING OPTIONAL,
-	subjectUID   [8] IMPLICIT BIT STRING OPTIONAL,
-	extensions   [9] IMPLICIT SEQUENCE OF Extension OPTIONAL
-}
-
-CertRequest ::= SEQUENCE {
-	certReqId	INTEGER,
-	certTemplate	CertTemplate,
-	controls	Controls OPTIONAL
-}
-
-CertReqMsg ::= SEQUENCE {
-	certReq		CertRequest,
-	popo		ProofOfPossession  OPTIONAL,
-	regInfo		SEQUENCE OF AttributeTypeAndValue OPTIONAL }
-
-CertReqMessages ::= SEQUENCE OF CertReqMsg
-
-
-END
-
diff --git a/crypto/heimdal/lib/hx509/crypto.c b/crypto/heimdal/lib/hx509/crypto.c
deleted file mode 100644
index e0f00ad7b45b..000000000000
--- a/crypto/heimdal/lib/hx509/crypto.c
+++ /dev/null
@@ -1,2706 +0,0 @@
-/*
- * Copyright (c) 2004 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-RCSID("$Id: crypto.c 22435 2008-01-14 20:53:56Z lha $");
-
-struct hx509_crypto;
-
-struct signature_alg;
-
-enum crypto_op_type {
-    COT_SIGN
-};
-
-struct hx509_generate_private_context {
-    const heim_oid *key_oid;
-    int isCA;
-    unsigned long num_bits;
-};
-
-struct hx509_private_key_ops {
-    const char *pemtype;
-    const heim_oid *(*key_oid)(void);
-    int (*get_spki)(hx509_context,
-		    const hx509_private_key,
-		    SubjectPublicKeyInfo *);
-    int (*export)(hx509_context context,
-		  const hx509_private_key,
-		  heim_octet_string *);
-    int (*import)(hx509_context,
-		  const void *data,
-		  size_t len,
-		  hx509_private_key private_key);
-    int (*generate_private_key)(hx509_context,
-				struct hx509_generate_private_context *,
-				hx509_private_key);
-    BIGNUM *(*get_internal)(hx509_context, hx509_private_key, const char *);
-    int (*handle_alg)(const hx509_private_key,
-		      const AlgorithmIdentifier *,
-		      enum crypto_op_type);
-    int (*sign)(hx509_context context,
-		const hx509_private_key,
-		const AlgorithmIdentifier *,
-		const heim_octet_string *,
-		AlgorithmIdentifier *,
-		heim_octet_string *);
-#if 0
-    const AlgorithmIdentifier *(*preferred_sig_alg)
-	(const hx509_private_key,
-	 const hx509_peer_info);
-    int (*unwrap)(hx509_context context,
-		  const hx509_private_key,
-		  const AlgorithmIdentifier *,
-		  const heim_octet_string *,
-		  heim_octet_string *);
-#endif
-};
-
-struct hx509_private_key {
-    unsigned int ref;
-    const struct signature_alg *md;
-    const heim_oid *signature_alg;
-    union {
-	RSA *rsa;
-	void *keydata;
-    } private_key;
-    /* new crypto layer */
-    hx509_private_key_ops *ops;
-};
-
-/*
- *
- */
-
-struct signature_alg {
-    const char *name;
-    const heim_oid *(*sig_oid)(void);
-    const AlgorithmIdentifier *(*sig_alg)(void);
-    const heim_oid *(*key_oid)(void);
-    const heim_oid *(*digest_oid)(void);
-    int flags;
-#define PROVIDE_CONF 1
-#define REQUIRE_SIGNER 2
-
-#define SIG_DIGEST	0x100
-#define SIG_PUBLIC_SIG	0x200
-#define SIG_SECRET	0x400
-
-#define RA_RSA_USES_DIGEST_INFO 0x1000000
-
-
-    int (*verify_signature)(hx509_context context,
-			    const struct signature_alg *,
-			    const Certificate *,
-			    const AlgorithmIdentifier *,
-			    const heim_octet_string *,
-			    const heim_octet_string *);
-    int (*create_signature)(hx509_context,
-			    const struct signature_alg *,
-			    const hx509_private_key,
-			    const AlgorithmIdentifier *,
-			    const heim_octet_string *,
-			    AlgorithmIdentifier *,
-			    heim_octet_string *);
-};
-
-/*
- *
- */
-
-static BIGNUM *
-heim_int2BN(const heim_integer *i)
-{
-    BIGNUM *bn;
-
-    bn = BN_bin2bn(i->data, i->length, NULL);
-    BN_set_negative(bn, i->negative);
-    return bn;
-}
-
-/*
- *
- */
-
-static int
-set_digest_alg(DigestAlgorithmIdentifier *id,
-	       const heim_oid *oid,
-	       const void *param, size_t length)
-{
-    int ret;
-    if (param) {
-	id->parameters = malloc(sizeof(*id->parameters));
-	if (id->parameters == NULL)
-	    return ENOMEM;
-	id->parameters->data = malloc(length);
-	if (id->parameters->data == NULL) {
-	    free(id->parameters);
-	    id->parameters = NULL;
-	    return ENOMEM;
-	}
-	memcpy(id->parameters->data, param, length);
-	id->parameters->length = length;
-    } else
-	id->parameters = NULL;
-    ret = der_copy_oid(oid, &id->algorithm);
-    if (ret) {
-	if (id->parameters) {
-	    free(id->parameters->data);
-	    free(id->parameters);
-	    id->parameters = NULL;
-	}
-	return ret;
-    }
-    return 0;
-}
-
-/*
- *
- */
-
-static int
-rsa_verify_signature(hx509_context context,
-		     const struct signature_alg *sig_alg,
-		     const Certificate *signer,
-		     const AlgorithmIdentifier *alg,
-		     const heim_octet_string *data,
-		     const heim_octet_string *sig)
-{
-    const SubjectPublicKeyInfo *spi;
-    DigestInfo di;
-    unsigned char *to;
-    int tosize, retsize;
-    int ret;
-    RSA *rsa;
-    RSAPublicKey pk;
-    size_t size;
-
-    memset(&di, 0, sizeof(di));
-
-    spi = &signer->tbsCertificate.subjectPublicKeyInfo;
-
-    rsa = RSA_new();
-    if (rsa == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-    ret = decode_RSAPublicKey(spi->subjectPublicKey.data,
-			      spi->subjectPublicKey.length / 8,
-			      &pk, &size);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "Failed to decode RSAPublicKey");
-	goto out;
-    }
-
-    rsa->n = heim_int2BN(&pk.modulus);
-    rsa->e = heim_int2BN(&pk.publicExponent);
-
-    free_RSAPublicKey(&pk);
-
-    if (rsa->n == NULL || rsa->e == NULL) {
-	ret = ENOMEM;
-	hx509_set_error_string(context, 0, ret, "out of memory");
-	goto out;
-    }
-
-    tosize = RSA_size(rsa);
-    to = malloc(tosize);
-    if (to == NULL) {
-	ret = ENOMEM;
-	hx509_set_error_string(context, 0, ret, "out of memory");
-	goto out;
-    }
-
-    retsize = RSA_public_decrypt(sig->length, (unsigned char *)sig->data, 
-				 to, rsa, RSA_PKCS1_PADDING);
-    if (retsize <= 0) {
-	ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
-	hx509_set_error_string(context, 0, ret, 
-			       "RSA public decrypt failed: %d", retsize);
-	free(to);
-	goto out;
-    }
-    if (retsize > tosize)
-	_hx509_abort("internal rsa decryption failure: ret > tosize");
-
-    if (sig_alg->flags & RA_RSA_USES_DIGEST_INFO) {
-
-	ret = decode_DigestInfo(to, retsize, &di, &size);
-	free(to);
-	if (ret) {
-	    goto out;
-	}
-	
-	/* Check for extra data inside the sigature */
-	if (size != retsize) {
-	    ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
-	    hx509_set_error_string(context, 0, ret, "size from decryption mismatch");
-	    goto out;
-	}
-	
-	if (sig_alg->digest_oid &&
-	    der_heim_oid_cmp(&di.digestAlgorithm.algorithm, 
-			     (*sig_alg->digest_oid)()) != 0) 
-	{
-	    ret = HX509_CRYPTO_OID_MISMATCH;
-	    hx509_set_error_string(context, 0, ret, "object identifier in RSA sig mismatch");
-	    goto out;
-	}
-	
-	/* verify that the parameters are NULL or the NULL-type */
-	if (di.digestAlgorithm.parameters != NULL &&
-	    (di.digestAlgorithm.parameters->length != 2 ||
-	     memcmp(di.digestAlgorithm.parameters->data, "\x05\x00", 2) != 0))
-	{
-	    ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
-	    hx509_set_error_string(context, 0, ret, "Extra parameters inside RSA signature");
-	    goto out;
-	}
-
-	ret = _hx509_verify_signature(context,
-				      NULL,
-				      &di.digestAlgorithm,
-				      data,
-				      &di.digest);
-    } else {
-	if (retsize != data->length ||
-	    memcmp(to, data->data, retsize) != 0)
-	{
-	    ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
-	    hx509_set_error_string(context, 0, ret, "RSA Signature incorrect");
-	    goto out;
-	}
-	free(to);
-    }
-
- out:
-    free_DigestInfo(&di);
-    RSA_free(rsa);
-    return ret;
-}
-
-static int
-rsa_create_signature(hx509_context context,
-		     const struct signature_alg *sig_alg,
-		     const hx509_private_key signer,
-		     const AlgorithmIdentifier *alg,
-		     const heim_octet_string *data,
-		     AlgorithmIdentifier *signatureAlgorithm,
-		     heim_octet_string *sig)
-{
-    const AlgorithmIdentifier *digest_alg;
-    heim_octet_string indata;
-    const heim_oid *sig_oid;
-    size_t size;
-    int ret;
-    
-    if (alg)
-	sig_oid = &alg->algorithm;
-    else
-	sig_oid = signer->signature_alg;
-
-    if (der_heim_oid_cmp(sig_oid, oid_id_pkcs1_sha256WithRSAEncryption()) == 0) {
-	digest_alg = hx509_signature_sha256();
-    } else if (der_heim_oid_cmp(sig_oid, oid_id_pkcs1_sha1WithRSAEncryption()) == 0) {
-	digest_alg = hx509_signature_sha1();
-    } else if (der_heim_oid_cmp(sig_oid, oid_id_pkcs1_md5WithRSAEncryption()) == 0) {
-	digest_alg = hx509_signature_md5();
-    } else if (der_heim_oid_cmp(sig_oid, oid_id_pkcs1_md5WithRSAEncryption()) == 0) {
-	digest_alg = hx509_signature_md5();
-    } else if (der_heim_oid_cmp(sig_oid, oid_id_dsa_with_sha1()) == 0) {
-	digest_alg = hx509_signature_sha1();
-    } else if (der_heim_oid_cmp(sig_oid, oid_id_pkcs1_rsaEncryption()) == 0) {
-	digest_alg = hx509_signature_sha1();
-    } else if (der_heim_oid_cmp(sig_oid, oid_id_heim_rsa_pkcs1_x509()) == 0) {
-	digest_alg = NULL;
-    } else
-	return HX509_ALG_NOT_SUPP;
-
-    if (signatureAlgorithm) {
-	ret = set_digest_alg(signatureAlgorithm, sig_oid, "\x05\x00", 2);
-	if (ret) {
-	    hx509_clear_error_string(context);
-	    return ret;
-	}
-    }
-
-    if (digest_alg) {
-	DigestInfo di;
-	memset(&di, 0, sizeof(di));
-
-	ret = _hx509_create_signature(context,
-				      NULL,
-				      digest_alg,
-				      data,
-				      &di.digestAlgorithm,
-				      &di.digest);
-	if (ret)
-	    return ret;
-	ASN1_MALLOC_ENCODE(DigestInfo,
-			   indata.data,
-			   indata.length,
-			   &di,
-			   &size,
-			   ret);
-	free_DigestInfo(&di);
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret, "out of memory");
-	    return ret;
-	}
-	if (indata.length != size)
-	    _hx509_abort("internal ASN.1 encoder error");
-    } else {
-	indata = *data;
-    }
-
-    sig->length = RSA_size(signer->private_key.rsa);
-    sig->data = malloc(sig->length);
-    if (sig->data == NULL) {
-	der_free_octet_string(&indata);
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-
-    ret = RSA_private_encrypt(indata.length, indata.data, 
-			      sig->data, 
-			      signer->private_key.rsa,
-			      RSA_PKCS1_PADDING);
-    if (indata.data != data->data)
-	der_free_octet_string(&indata);
-    if (ret <= 0) {
-	ret = HX509_CMS_FAILED_CREATE_SIGATURE;
-	hx509_set_error_string(context, 0, ret,
-			       "RSA private decrypt failed: %d", ret);
-	return ret;
-    }
-    if (ret > sig->length)
-	_hx509_abort("RSA signature prelen longer the output len");
-
-    sig->length = ret;
-    
-    return 0;
-}
-
-static int
-rsa_private_key_import(hx509_context context,
-		       const void *data,
-		       size_t len,
-		       hx509_private_key private_key)
-{
-    const unsigned char *p = data;
-
-    private_key->private_key.rsa = 
-	d2i_RSAPrivateKey(NULL, &p, len);
-    if (private_key->private_key.rsa == NULL) {
-	hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
-			       "Failed to parse RSA key");
-	return HX509_PARSING_KEY_FAILED;
-    }
-    private_key->signature_alg = oid_id_pkcs1_sha1WithRSAEncryption();
-
-    return 0;
-}
-
-static int
-rsa_private_key2SPKI(hx509_context context,
-		     hx509_private_key private_key,
-		     SubjectPublicKeyInfo *spki)
-{
-    int len, ret;
-
-    memset(spki, 0, sizeof(*spki));
-
-    len = i2d_RSAPublicKey(private_key->private_key.rsa, NULL);
-
-    spki->subjectPublicKey.data = malloc(len);
-    if (spki->subjectPublicKey.data == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "malloc - out of memory");
-	return ENOMEM;
-    }
-    spki->subjectPublicKey.length = len * 8;
-
-    ret = set_digest_alg(&spki->algorithm,oid_id_pkcs1_rsaEncryption(), 
-			 "\x05\x00", 2);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "malloc - out of memory");
-	free(spki->subjectPublicKey.data);
-	spki->subjectPublicKey.data = NULL;
-	spki->subjectPublicKey.length = 0;
-	return ret;
-    }
-
-    {
-	unsigned char *pp = spki->subjectPublicKey.data;
-	i2d_RSAPublicKey(private_key->private_key.rsa, &pp);
-    }
-
-    return 0;
-}
-
-static int
-rsa_generate_private_key(hx509_context context, 
-			 struct hx509_generate_private_context *ctx,
-			 hx509_private_key private_key)
-{
-    BIGNUM *e;
-    int ret;
-    unsigned long bits;
-
-    static const int default_rsa_e = 65537;
-    static const int default_rsa_bits = 1024;
-
-    private_key->private_key.rsa = RSA_new();
-    if (private_key->private_key.rsa == NULL) {
-	hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
-			       "Failed to generate RSA key");
-	return HX509_PARSING_KEY_FAILED;
-    }
-    
-    e = BN_new();
-    BN_set_word(e, default_rsa_e);
-
-    bits = default_rsa_bits;
-
-    if (ctx->num_bits)
-	bits = ctx->num_bits;
-    else if (ctx->isCA)
-	bits *= 2;
-
-    ret = RSA_generate_key_ex(private_key->private_key.rsa, bits, e, NULL);
-    BN_free(e);
-    if (ret != 1) {
-	hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
-			       "Failed to generate RSA key");
-	return HX509_PARSING_KEY_FAILED;
-    }
-    private_key->signature_alg = oid_id_pkcs1_sha1WithRSAEncryption();
-
-    return 0;
-}
-
-static int 
-rsa_private_key_export(hx509_context context,
-		       const hx509_private_key key,
-		       heim_octet_string *data)
-{
-    int ret;
-
-    data->data = NULL;
-    data->length = 0;
-
-    ret = i2d_RSAPrivateKey(key->private_key.rsa, NULL);
-    if (ret <= 0) {
-	ret = EINVAL;
-	hx509_set_error_string(context, 0, ret,
-			       "Private key is not exportable");
-	return ret;
-    }
-
-    data->data = malloc(ret);
-    if (data->data == NULL) {
-	ret = ENOMEM;
-	hx509_set_error_string(context, 0, ret, "malloc out of memory");
-	return ret;
-    }
-    data->length = ret;
-    
-    {
-	unsigned char *p = data->data;
-	i2d_RSAPrivateKey(key->private_key.rsa, &p);
-    }
-
-    return 0;
-}
-
-static BIGNUM *
-rsa_get_internal(hx509_context context, hx509_private_key key, const char *type)
-{
-    if (strcasecmp(type, "rsa-modulus") == 0) {
-	return BN_dup(key->private_key.rsa->n);
-    } else if (strcasecmp(type, "rsa-exponent") == 0) {
-	return BN_dup(key->private_key.rsa->e);
-    } else
-	return NULL;
-}
-
-
-
-static hx509_private_key_ops rsa_private_key_ops = {
-    "RSA PRIVATE KEY",
-    oid_id_pkcs1_rsaEncryption,
-    rsa_private_key2SPKI,
-    rsa_private_key_export,
-    rsa_private_key_import,
-    rsa_generate_private_key,
-    rsa_get_internal
-};
-
-
-/*
- *
- */
-
-static int
-dsa_verify_signature(hx509_context context,
-		     const struct signature_alg *sig_alg,
-		     const Certificate *signer,
-		     const AlgorithmIdentifier *alg,
-		     const heim_octet_string *data,
-		     const heim_octet_string *sig)
-{
-    const SubjectPublicKeyInfo *spi;
-    DSAPublicKey pk;
-    DSAParams param;
-    size_t size;
-    DSA *dsa;
-    int ret;
-
-    spi = &signer->tbsCertificate.subjectPublicKeyInfo;
-
-    dsa = DSA_new();
-    if (dsa == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-
-    ret = decode_DSAPublicKey(spi->subjectPublicKey.data,
-			      spi->subjectPublicKey.length / 8,
-			      &pk, &size);
-    if (ret)
-	goto out;
-
-    dsa->pub_key = heim_int2BN(&pk);
-
-    free_DSAPublicKey(&pk);
-
-    if (dsa->pub_key == NULL) {
-	ret = ENOMEM;
-	hx509_set_error_string(context, 0, ret, "out of memory");
-	goto out;
-    }
-
-    if (spi->algorithm.parameters == NULL) {
-	ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
-	hx509_set_error_string(context, 0, ret, "DSA parameters missing");
-	goto out;
-    }
-
-    ret = decode_DSAParams(spi->algorithm.parameters->data,
-			   spi->algorithm.parameters->length,
-			   &param,
-			   &size);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "DSA parameters failed to decode");
-	goto out;
-    }
-
-    dsa->p = heim_int2BN(&param.p);
-    dsa->q = heim_int2BN(&param.q);
-    dsa->g = heim_int2BN(&param.g);
-
-    free_DSAParams(&param);
-
-    if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) {
-	ret = ENOMEM;
-	hx509_set_error_string(context, 0, ret, "out of memory");
-	goto out;
-    }
-
-    ret = DSA_verify(-1, data->data, data->length,
-		     (unsigned char*)sig->data, sig->length,
-		     dsa);
-    if (ret == 1)
-	ret = 0;
-    else if (ret == 0 || ret == -1) {
-	ret = HX509_CRYPTO_BAD_SIGNATURE;
-	hx509_set_error_string(context, 0, ret, "BAD DSA sigature");
-    } else {
-	ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
-	hx509_set_error_string(context, 0, ret, "Invalid format of DSA sigature");
-    }
-
- out:
-    DSA_free(dsa);
-
-    return ret;
-}
-
-#if 0
-static int
-dsa_parse_private_key(hx509_context context,
-		      const void *data,
-		      size_t len,
-		      hx509_private_key private_key)
-{
-    const unsigned char *p = data;
-
-    private_key->private_key.dsa = 
-	d2i_DSAPrivateKey(NULL, &p, len);
-    if (private_key->private_key.dsa == NULL)
-	return EINVAL;
-    private_key->signature_alg = oid_id_dsa_with_sha1();
-
-    return 0;
-/* else */
-    hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
-			   "No support to parse DSA keys");
-    return HX509_PARSING_KEY_FAILED;
-}
-#endif
-
-
-static int
-sha1_verify_signature(hx509_context context,
-		      const struct signature_alg *sig_alg,
-		      const Certificate *signer,
-		      const AlgorithmIdentifier *alg,
-		      const heim_octet_string *data,
-		      const heim_octet_string *sig)
-{
-    unsigned char digest[SHA_DIGEST_LENGTH];
-    SHA_CTX m;
-    
-    if (sig->length != SHA_DIGEST_LENGTH) {
-	hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
-			       "SHA1 sigature have wrong length");
-	return HX509_CRYPTO_SIG_INVALID_FORMAT;
-    }
-
-    SHA1_Init(&m);
-    SHA1_Update(&m, data->data, data->length);
-    SHA1_Final (digest, &m);
-	
-    if (memcmp(digest, sig->data, SHA_DIGEST_LENGTH) != 0) {
-	hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE,
-			       "Bad SHA1 sigature");
-	return HX509_CRYPTO_BAD_SIGNATURE;
-    }
-
-    return 0;
-}
-
-static int
-sha256_create_signature(hx509_context context,
-			const struct signature_alg *sig_alg,
-			const hx509_private_key signer,
-			const AlgorithmIdentifier *alg,
-			const heim_octet_string *data,
-			AlgorithmIdentifier *signatureAlgorithm,
-			heim_octet_string *sig)
-{
-    SHA256_CTX m;
-    
-    memset(sig, 0, sizeof(*sig));
-
-    if (signatureAlgorithm) {
-	int ret;
-	ret = set_digest_alg(signatureAlgorithm, (*sig_alg->sig_oid)(),
-			     "\x05\x00", 2);
-	if (ret)
-	    return ret;
-    }
-	    
-
-    sig->data = malloc(SHA256_DIGEST_LENGTH);
-    if (sig->data == NULL) {
-	sig->length = 0;
-	return ENOMEM;
-    }
-    sig->length = SHA256_DIGEST_LENGTH;
-
-    SHA256_Init(&m);
-    SHA256_Update(&m, data->data, data->length);
-    SHA256_Final (sig->data, &m);
-
-    return 0;
-}
-
-static int
-sha256_verify_signature(hx509_context context,
-			const struct signature_alg *sig_alg,
-			const Certificate *signer,
-			const AlgorithmIdentifier *alg,
-			const heim_octet_string *data,
-			const heim_octet_string *sig)
-{
-    unsigned char digest[SHA256_DIGEST_LENGTH];
-    SHA256_CTX m;
-    
-    if (sig->length != SHA256_DIGEST_LENGTH) {
-	hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
-			       "SHA256 sigature have wrong length");
-	return HX509_CRYPTO_SIG_INVALID_FORMAT;
-    }
-
-    SHA256_Init(&m);
-    SHA256_Update(&m, data->data, data->length);
-    SHA256_Final (digest, &m);
-	
-    if (memcmp(digest, sig->data, SHA256_DIGEST_LENGTH) != 0) {
-	hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE,
-			       "Bad SHA256 sigature");
-	return HX509_CRYPTO_BAD_SIGNATURE;
-    }
-
-    return 0;
-}
-
-static int
-sha1_create_signature(hx509_context context,
-		      const struct signature_alg *sig_alg,
-		      const hx509_private_key signer,
-		      const AlgorithmIdentifier *alg,
-		      const heim_octet_string *data,
-		      AlgorithmIdentifier *signatureAlgorithm,
-		      heim_octet_string *sig)
-{
-    SHA_CTX m;
-    
-    memset(sig, 0, sizeof(*sig));
-
-    if (signatureAlgorithm) {
-	int ret;
-	ret = set_digest_alg(signatureAlgorithm, (*sig_alg->sig_oid)(), 
-			     "\x05\x00", 2);
-	if (ret)
-	    return ret;
-    }
-	    
-
-    sig->data = malloc(SHA_DIGEST_LENGTH);
-    if (sig->data == NULL) {
-	sig->length = 0;
-	return ENOMEM;
-    }
-    sig->length = SHA_DIGEST_LENGTH;
-
-    SHA1_Init(&m);
-    SHA1_Update(&m, data->data, data->length);
-    SHA1_Final (sig->data, &m);
-
-    return 0;
-}
-
-static int
-md5_verify_signature(hx509_context context,
-		     const struct signature_alg *sig_alg,
-		     const Certificate *signer,
-		     const AlgorithmIdentifier *alg,
-		     const heim_octet_string *data,
-		     const heim_octet_string *sig)
-{
-    unsigned char digest[MD5_DIGEST_LENGTH];
-    MD5_CTX m;
-    
-    if (sig->length != MD5_DIGEST_LENGTH) {
-	hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
-			       "MD5 sigature have wrong length");
-	return HX509_CRYPTO_SIG_INVALID_FORMAT;
-    }
-
-    MD5_Init(&m);
-    MD5_Update(&m, data->data, data->length);
-    MD5_Final (digest, &m);
-	
-    if (memcmp(digest, sig->data, MD5_DIGEST_LENGTH) != 0) {
-	hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE,
-			       "Bad MD5 sigature");
-	return HX509_CRYPTO_BAD_SIGNATURE;
-    }
-
-    return 0;
-}
-
-static int
-md2_verify_signature(hx509_context context,
-		     const struct signature_alg *sig_alg,
-		     const Certificate *signer,
-		     const AlgorithmIdentifier *alg,
-		     const heim_octet_string *data,
-		     const heim_octet_string *sig)
-{
-    unsigned char digest[MD2_DIGEST_LENGTH];
-    MD2_CTX m;
-    
-    if (sig->length != MD2_DIGEST_LENGTH) {
-	hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
-			       "MD2 sigature have wrong length");
-	return HX509_CRYPTO_SIG_INVALID_FORMAT;
-    }
-
-    MD2_Init(&m);
-    MD2_Update(&m, data->data, data->length);
-    MD2_Final (digest, &m);
-	
-    if (memcmp(digest, sig->data, MD2_DIGEST_LENGTH) != 0) {
-	hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE,
-			       "Bad MD2 sigature");
-	return HX509_CRYPTO_BAD_SIGNATURE;
-    }
-
-    return 0;
-}
-
-static const struct signature_alg heim_rsa_pkcs1_x509 = {
-    "rsa-pkcs1-x509",
-    oid_id_heim_rsa_pkcs1_x509,
-    hx509_signature_rsa_pkcs1_x509,
-    oid_id_pkcs1_rsaEncryption,
-    NULL,
-    PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG,
-    rsa_verify_signature,
-    rsa_create_signature
-};
-
-static const struct signature_alg pkcs1_rsa_sha1_alg = {
-    "rsa",
-    oid_id_pkcs1_rsaEncryption,
-    hx509_signature_rsa_with_sha1,
-    oid_id_pkcs1_rsaEncryption,
-    NULL,
-    PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
-    rsa_verify_signature,
-    rsa_create_signature
-};
-
-static const struct signature_alg rsa_with_sha256_alg = {
-    "rsa-with-sha256",
-    oid_id_pkcs1_sha256WithRSAEncryption,
-    hx509_signature_rsa_with_sha256,
-    oid_id_pkcs1_rsaEncryption,
-    oid_id_sha256,
-    PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
-    rsa_verify_signature,
-    rsa_create_signature
-};
-
-static const struct signature_alg rsa_with_sha1_alg = {
-    "rsa-with-sha1",
-    oid_id_pkcs1_sha1WithRSAEncryption,
-    hx509_signature_rsa_with_sha1,
-    oid_id_pkcs1_rsaEncryption,
-    oid_id_secsig_sha_1,
-    PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
-    rsa_verify_signature,
-    rsa_create_signature
-};
-
-static const struct signature_alg rsa_with_md5_alg = {
-    "rsa-with-md5",
-    oid_id_pkcs1_md5WithRSAEncryption,
-    hx509_signature_rsa_with_md5,
-    oid_id_pkcs1_rsaEncryption,
-    oid_id_rsa_digest_md5,
-    PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
-    rsa_verify_signature,
-    rsa_create_signature
-};
-
-static const struct signature_alg rsa_with_md2_alg = {
-    "rsa-with-md2",
-    oid_id_pkcs1_md2WithRSAEncryption,
-    hx509_signature_rsa_with_md2,
-    oid_id_pkcs1_rsaEncryption,
-    oid_id_rsa_digest_md2,
-    PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
-    rsa_verify_signature,
-    rsa_create_signature
-};
-
-static const struct signature_alg dsa_sha1_alg = {
-    "dsa-with-sha1",
-    oid_id_dsa_with_sha1,
-    NULL,
-    oid_id_dsa, 
-    oid_id_secsig_sha_1,
-    PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG,
-    dsa_verify_signature,
-    /* create_signature */ NULL,
-};
-
-static const struct signature_alg sha256_alg = {
-    "sha-256",
-    oid_id_sha256,
-    hx509_signature_sha256,
-    NULL,
-    NULL,
-    SIG_DIGEST,
-    sha256_verify_signature,
-    sha256_create_signature
-};
-
-static const struct signature_alg sha1_alg = {
-    "sha1",
-    oid_id_secsig_sha_1,
-    hx509_signature_sha1,
-    NULL,
-    NULL,
-    SIG_DIGEST,
-    sha1_verify_signature,
-    sha1_create_signature
-};
-
-static const struct signature_alg md5_alg = {
-    "rsa-md5",
-    oid_id_rsa_digest_md5,
-    hx509_signature_md5,
-    NULL,
-    NULL,
-    SIG_DIGEST,
-    md5_verify_signature
-};
-
-static const struct signature_alg md2_alg = {
-    "rsa-md2",
-    oid_id_rsa_digest_md2,
-    hx509_signature_md2,
-    NULL,
-    NULL,
-    SIG_DIGEST,
-    md2_verify_signature
-};
-
-/* 
- * Order matter in this structure, "best" first for each "key
- * compatible" type (type is RSA, DSA, none, etc)
- */
-
-static const struct signature_alg *sig_algs[] = {
-    &rsa_with_sha256_alg,
-    &rsa_with_sha1_alg,
-    &pkcs1_rsa_sha1_alg,
-    &rsa_with_md5_alg,
-    &rsa_with_md2_alg,
-    &heim_rsa_pkcs1_x509,
-    &dsa_sha1_alg,
-    &sha256_alg,
-    &sha1_alg,
-    &md5_alg,
-    &md2_alg,
-    NULL
-};
-
-static const struct signature_alg *
-find_sig_alg(const heim_oid *oid)
-{
-    int i;
-    for (i = 0; sig_algs[i]; i++)
-	if (der_heim_oid_cmp((*sig_algs[i]->sig_oid)(), oid) == 0)
-	    return sig_algs[i];
-    return NULL;
-}
-
-/*
- *
- */
-
-static struct hx509_private_key_ops *private_algs[] = {
-    &rsa_private_key_ops,
-    NULL
-};
-
-static hx509_private_key_ops *
-find_private_alg(const heim_oid *oid)
-{
-    int i;
-    for (i = 0; private_algs[i]; i++) {
-	if (private_algs[i]->key_oid == NULL)
-	    continue;
-	if (der_heim_oid_cmp((*private_algs[i]->key_oid)(), oid) == 0)
-	    return private_algs[i];
-    }
-    return NULL;
-}
-
-
-int
-_hx509_verify_signature(hx509_context context,
-			const Certificate *signer,
-			const AlgorithmIdentifier *alg,
-			const heim_octet_string *data,
-			const heim_octet_string *sig)
-{
-    const struct signature_alg *md;
-
-    md = find_sig_alg(&alg->algorithm);
-    if (md == NULL) {
-	hx509_clear_error_string(context);
-	return HX509_SIG_ALG_NO_SUPPORTED;
-    }
-    if (signer && (md->flags & PROVIDE_CONF) == 0) {
-	hx509_clear_error_string(context);
-	return HX509_CRYPTO_SIG_NO_CONF;
-    }
-    if (signer == NULL && (md->flags & REQUIRE_SIGNER)) {
-	    hx509_clear_error_string(context);
-	return HX509_CRYPTO_SIGNATURE_WITHOUT_SIGNER;
-    }
-    if (md->key_oid && signer) {
-	const SubjectPublicKeyInfo *spi;
-	spi = &signer->tbsCertificate.subjectPublicKeyInfo;
-
-	if (der_heim_oid_cmp(&spi->algorithm.algorithm, (*md->key_oid)()) != 0) {
-	    hx509_clear_error_string(context);
-	    return HX509_SIG_ALG_DONT_MATCH_KEY_ALG;
-	}
-    }
-    return (*md->verify_signature)(context, md, signer, alg, data, sig);
-}
-
-int
-_hx509_verify_signature_bitstring(hx509_context context,
-				  const Certificate *signer,
-				  const AlgorithmIdentifier *alg,
-				  const heim_octet_string *data,
-				  const heim_bit_string *sig)
-{
-    heim_octet_string os;
-
-    if (sig->length & 7) {
-	hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
-			       "signature not multiple of 8 bits");
-	return HX509_CRYPTO_SIG_INVALID_FORMAT;
-    }
-
-    os.data = sig->data;
-    os.length = sig->length / 8;
-    
-    return _hx509_verify_signature(context, signer, alg, data, &os);
-}
-
-int
-_hx509_create_signature(hx509_context context,
-			const hx509_private_key signer,
-			const AlgorithmIdentifier *alg,
-			const heim_octet_string *data,
-			AlgorithmIdentifier *signatureAlgorithm,
-			heim_octet_string *sig)
-{
-    const struct signature_alg *md;
-
-    if (signer && signer->ops && signer->ops->handle_alg &&
-	(*signer->ops->handle_alg)(signer, alg, COT_SIGN))
-    {
-	return (*signer->ops->sign)(context, signer, alg, data, 
-				    signatureAlgorithm, sig);
-    }
-
-    md = find_sig_alg(&alg->algorithm);
-    if (md == NULL) {
-	hx509_set_error_string(context, 0, HX509_SIG_ALG_NO_SUPPORTED,
-	    "algorithm no supported");
-	return HX509_SIG_ALG_NO_SUPPORTED;
-    }
-
-    if (signer && (md->flags & PROVIDE_CONF) == 0) {
-	hx509_set_error_string(context, 0, HX509_SIG_ALG_NO_SUPPORTED,
-	    "algorithm provides no conf");
-	return HX509_CRYPTO_SIG_NO_CONF;
-    }
-
-    return (*md->create_signature)(context, md, signer, alg, data, 
-				   signatureAlgorithm, sig);
-}
-
-int
-_hx509_create_signature_bitstring(hx509_context context,
-				  const hx509_private_key signer,
-				  const AlgorithmIdentifier *alg,
-				  const heim_octet_string *data,
-				  AlgorithmIdentifier *signatureAlgorithm,
-				  heim_bit_string *sig)
-{
-    heim_octet_string os;
-    int ret;
-
-    ret = _hx509_create_signature(context, signer, alg,
-				  data, signatureAlgorithm, &os);
-    if (ret)
-	return ret;
-    sig->data = os.data;
-    sig->length = os.length * 8;
-    return 0;
-}
-
-int
-_hx509_public_encrypt(hx509_context context,
-		      const heim_octet_string *cleartext,
-		      const Certificate *cert,
-		      heim_oid *encryption_oid,
-		      heim_octet_string *ciphertext)
-{
-    const SubjectPublicKeyInfo *spi;
-    unsigned char *to;
-    int tosize;
-    int ret;
-    RSA *rsa;
-    RSAPublicKey pk;
-    size_t size;
-
-    ciphertext->data = NULL;
-    ciphertext->length = 0;
-
-    spi = &cert->tbsCertificate.subjectPublicKeyInfo;
-
-    rsa = RSA_new();
-    if (rsa == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-
-    ret = decode_RSAPublicKey(spi->subjectPublicKey.data,
-			      spi->subjectPublicKey.length / 8,
-			      &pk, &size);
-    if (ret) {
-	RSA_free(rsa);
-	hx509_set_error_string(context, 0, ret, "RSAPublicKey decode failure");
-	return ret;
-    }
-    rsa->n = heim_int2BN(&pk.modulus);
-    rsa->e = heim_int2BN(&pk.publicExponent);
-
-    free_RSAPublicKey(&pk);
-
-    if (rsa->n == NULL || rsa->e == NULL) {
-	RSA_free(rsa);
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-
-    tosize = RSA_size(rsa);
-    to = malloc(tosize);
-    if (to == NULL) {
-	RSA_free(rsa);
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-
-    ret = RSA_public_encrypt(cleartext->length, 
-			     (unsigned char *)cleartext->data, 
-			     to, rsa, RSA_PKCS1_PADDING);
-    RSA_free(rsa);
-    if (ret <= 0) {
-	free(to);
-	hx509_set_error_string(context, 0, HX509_CRYPTO_RSA_PUBLIC_ENCRYPT,
-			       "RSA public encrypt failed with %d", ret);
-	return HX509_CRYPTO_RSA_PUBLIC_ENCRYPT;
-    }
-    if (ret > tosize)
-	_hx509_abort("internal rsa decryption failure: ret > tosize");
-
-    ciphertext->length = ret;
-    ciphertext->data = to;
-
-    ret = der_copy_oid(oid_id_pkcs1_rsaEncryption(), encryption_oid);
-    if (ret) {
-	der_free_octet_string(ciphertext);
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-
-    return 0;
-}
-
-int
-_hx509_private_key_private_decrypt(hx509_context context,
-				   const heim_octet_string *ciphertext,
-				   const heim_oid *encryption_oid,
-				   hx509_private_key p,
-				   heim_octet_string *cleartext)
-{
-    int ret;
-
-    cleartext->data = NULL;
-    cleartext->length = 0;
-
-    if (p->private_key.rsa == NULL) {
-	hx509_set_error_string(context, 0, HX509_PRIVATE_KEY_MISSING,
-			       "Private RSA key missing");
-	return HX509_PRIVATE_KEY_MISSING;
-    }
-
-    cleartext->length = RSA_size(p->private_key.rsa);
-    cleartext->data = malloc(cleartext->length);
-    if (cleartext->data == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-    ret = RSA_private_decrypt(ciphertext->length, ciphertext->data,
-			      cleartext->data,
-			      p->private_key.rsa,
-			      RSA_PKCS1_PADDING);
-    if (ret <= 0) {
-	der_free_octet_string(cleartext);
-	hx509_set_error_string(context, 0, HX509_CRYPTO_RSA_PRIVATE_DECRYPT,
-			       "Failed to decrypt using private key: %d", ret);
-	return HX509_CRYPTO_RSA_PRIVATE_DECRYPT;
-    }
-    if (cleartext->length < ret)
-	_hx509_abort("internal rsa decryption failure: ret > tosize");
-
-    cleartext->length = ret;
-
-    return 0;
-}
-
-
-int
-_hx509_parse_private_key(hx509_context context,
-			 const heim_oid *key_oid,
-			 const void *data,
-			 size_t len,
-			 hx509_private_key *private_key)
-{
-    struct hx509_private_key_ops *ops;
-    int ret;
-
-    *private_key = NULL;
-
-    ops = find_private_alg(key_oid);
-    if (ops == NULL) {
-	hx509_clear_error_string(context);
-	return HX509_SIG_ALG_NO_SUPPORTED;
-    }
-
-    ret = _hx509_private_key_init(private_key, ops, NULL);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "out of memory");
-	return ret;
-    }
-
-    ret = (*ops->import)(context, data, len, *private_key);
-    if (ret)
-	_hx509_private_key_free(private_key);
-
-    return ret;
-}
-
-/*
- *
- */
-
-int
-_hx509_private_key2SPKI(hx509_context context,
-			hx509_private_key private_key,
-			SubjectPublicKeyInfo *spki)
-{
-    const struct hx509_private_key_ops *ops = private_key->ops;
-    if (ops == NULL || ops->get_spki == NULL) {
-	hx509_set_error_string(context, 0, HX509_UNIMPLEMENTED_OPERATION,
-			       "Private key have no key2SPKI function");
-	return HX509_UNIMPLEMENTED_OPERATION;
-    }
-    return (*ops->get_spki)(context, private_key, spki);
-}
-
-int
-_hx509_generate_private_key_init(hx509_context context,
-				 const heim_oid *oid,
-				 struct hx509_generate_private_context **ctx)
-{
-    *ctx = NULL;
-
-    if (der_heim_oid_cmp(oid, oid_id_pkcs1_rsaEncryption()) != 0) {
-	hx509_set_error_string(context, 0, EINVAL, 
-			       "private key not an RSA key");
-	return EINVAL;
-    }
-
-    *ctx = calloc(1, sizeof(**ctx));
-    if (*ctx == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-    (*ctx)->key_oid = oid;
-
-    return 0;
-}
-
-int
-_hx509_generate_private_key_is_ca(hx509_context context,
-				  struct hx509_generate_private_context *ctx)
-{
-    ctx->isCA = 1;
-    return 0;
-}
-
-int
-_hx509_generate_private_key_bits(hx509_context context,
-				 struct hx509_generate_private_context *ctx,
-				 unsigned long bits)
-{
-    ctx->num_bits = bits;
-    return 0;
-}
-
-
-void
-_hx509_generate_private_key_free(struct hx509_generate_private_context **ctx)
-{
-    free(*ctx);
-    *ctx = NULL;
-}
-
-int
-_hx509_generate_private_key(hx509_context context,
-			    struct hx509_generate_private_context *ctx,
-			    hx509_private_key *private_key)
-{
-    struct hx509_private_key_ops *ops;
-    int ret;
-
-    *private_key = NULL;
-
-    ops = find_private_alg(ctx->key_oid);
-    if (ops == NULL) {
-	hx509_clear_error_string(context);
-	return HX509_SIG_ALG_NO_SUPPORTED;
-    }
-
-    ret = _hx509_private_key_init(private_key, ops, NULL);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "out of memory");
-	return ret;
-    }
-
-    ret = (*ops->generate_private_key)(context, ctx, *private_key);
-    if (ret)
-	_hx509_private_key_free(private_key);
-
-    return ret;
-}
-
-
-/*
- *
- */
-
-static const heim_octet_string null_entry_oid = { 2, rk_UNCONST("\x05\x00") };
-
-static const unsigned sha512_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 3 };
-const AlgorithmIdentifier _hx509_signature_sha512_data = { 
-    { 9, rk_UNCONST(sha512_oid_tree) }, rk_UNCONST(&null_entry_oid)
-};
-
-static const unsigned sha384_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 2 };
-const AlgorithmIdentifier _hx509_signature_sha384_data = { 
-    { 9, rk_UNCONST(sha384_oid_tree) }, rk_UNCONST(&null_entry_oid)
-};
-
-static const unsigned sha256_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 1 };
-const AlgorithmIdentifier _hx509_signature_sha256_data = { 
-    { 9, rk_UNCONST(sha256_oid_tree) }, rk_UNCONST(&null_entry_oid)
-};
-
-static const unsigned sha1_oid_tree[] = { 1, 3, 14, 3, 2, 26 };
-const AlgorithmIdentifier _hx509_signature_sha1_data = { 
-    { 6, rk_UNCONST(sha1_oid_tree) }, rk_UNCONST(&null_entry_oid)
-};
-
-static const unsigned md5_oid_tree[] = { 1, 2, 840, 113549, 2, 5 };
-const AlgorithmIdentifier _hx509_signature_md5_data = { 
-    { 6, rk_UNCONST(md5_oid_tree) }, rk_UNCONST(&null_entry_oid)
-};
-
-static const unsigned md2_oid_tree[] = { 1, 2, 840, 113549, 2, 2 };
-const AlgorithmIdentifier _hx509_signature_md2_data = { 
-    { 6, rk_UNCONST(md2_oid_tree) }, rk_UNCONST(&null_entry_oid)
-};
-
-static const unsigned rsa_with_sha512_oid[] ={ 1, 2, 840, 113549, 1, 1, 13 };
-const AlgorithmIdentifier _hx509_signature_rsa_with_sha512_data = { 
-    { 7, rk_UNCONST(rsa_with_sha512_oid) }, NULL
-};
-
-static const unsigned rsa_with_sha384_oid[] ={ 1, 2, 840, 113549, 1, 1, 12 };
-const AlgorithmIdentifier _hx509_signature_rsa_with_sha384_data = { 
-    { 7, rk_UNCONST(rsa_with_sha384_oid) }, NULL
-};
-
-static const unsigned rsa_with_sha256_oid[] ={ 1, 2, 840, 113549, 1, 1, 11 };
-const AlgorithmIdentifier _hx509_signature_rsa_with_sha256_data = { 
-    { 7, rk_UNCONST(rsa_with_sha256_oid) }, NULL
-};
-
-static const unsigned rsa_with_sha1_oid[] ={ 1, 2, 840, 113549, 1, 1, 5 };
-const AlgorithmIdentifier _hx509_signature_rsa_with_sha1_data = { 
-    { 7, rk_UNCONST(rsa_with_sha1_oid) }, NULL
-};
-
-static const unsigned rsa_with_md5_oid[] ={ 1, 2, 840, 113549, 1, 1, 4 };
-const AlgorithmIdentifier _hx509_signature_rsa_with_md5_data = { 
-    { 7, rk_UNCONST(rsa_with_md5_oid) }, NULL
-};
-
-static const unsigned rsa_with_md2_oid[] ={ 1, 2, 840, 113549, 1, 1, 2 };
-const AlgorithmIdentifier _hx509_signature_rsa_with_md2_data = { 
-    { 7, rk_UNCONST(rsa_with_md2_oid) }, NULL
-};
-
-static const unsigned rsa_oid[] ={ 1, 2, 840, 113549, 1, 1, 1 };
-const AlgorithmIdentifier _hx509_signature_rsa_data = { 
-    { 7, rk_UNCONST(rsa_oid) }, NULL
-};
-
-static const unsigned rsa_pkcs1_x509_oid[] ={ 1, 2, 752, 43, 16, 1 };
-const AlgorithmIdentifier _hx509_signature_rsa_pkcs1_x509_data = { 
-    { 6, rk_UNCONST(rsa_pkcs1_x509_oid) }, NULL
-};
-
-static const unsigned des_rsdi_ede3_cbc_oid[] ={ 1, 2, 840, 113549, 3, 7 };
-const AlgorithmIdentifier _hx509_des_rsdi_ede3_cbc_oid = {
-    { 6, rk_UNCONST(des_rsdi_ede3_cbc_oid) }, NULL
-};
-
-static const unsigned aes128_cbc_oid[] ={ 2, 16, 840, 1, 101, 3, 4, 1, 2 };
-const AlgorithmIdentifier _hx509_crypto_aes128_cbc_data = {
-    { 9, rk_UNCONST(aes128_cbc_oid) }, NULL
-};
-
-static const unsigned aes256_cbc_oid[] ={ 2, 16, 840, 1, 101, 3, 4, 1, 42 };
-const AlgorithmIdentifier _hx509_crypto_aes256_cbc_data = {
-    { 9, rk_UNCONST(aes256_cbc_oid) }, NULL
-};
-
-const AlgorithmIdentifier *
-hx509_signature_sha512(void)
-{ return &_hx509_signature_sha512_data; }
-
-const AlgorithmIdentifier *
-hx509_signature_sha384(void)
-{ return &_hx509_signature_sha384_data; }
-
-const AlgorithmIdentifier *
-hx509_signature_sha256(void)
-{ return &_hx509_signature_sha256_data; }
-
-const AlgorithmIdentifier *
-hx509_signature_sha1(void)
-{ return &_hx509_signature_sha1_data; }
-
-const AlgorithmIdentifier *
-hx509_signature_md5(void)
-{ return &_hx509_signature_md5_data; }
-
-const AlgorithmIdentifier *
-hx509_signature_md2(void)
-{ return &_hx509_signature_md2_data; }
-
-const AlgorithmIdentifier *
-hx509_signature_rsa_with_sha512(void)
-{ return &_hx509_signature_rsa_with_sha512_data; }
-
-const AlgorithmIdentifier *
-hx509_signature_rsa_with_sha384(void)
-{ return &_hx509_signature_rsa_with_sha384_data; }
-
-const AlgorithmIdentifier *
-hx509_signature_rsa_with_sha256(void)
-{ return &_hx509_signature_rsa_with_sha256_data; }
-
-const AlgorithmIdentifier *
-hx509_signature_rsa_with_sha1(void)
-{ return &_hx509_signature_rsa_with_sha1_data; }
-
-const AlgorithmIdentifier *
-hx509_signature_rsa_with_md5(void)
-{ return &_hx509_signature_rsa_with_md5_data; }
-
-const AlgorithmIdentifier *
-hx509_signature_rsa_with_md2(void)
-{ return &_hx509_signature_rsa_with_md2_data; }
-
-const AlgorithmIdentifier *
-hx509_signature_rsa(void)
-{ return &_hx509_signature_rsa_data; }
-
-const AlgorithmIdentifier *
-hx509_signature_rsa_pkcs1_x509(void)
-{ return &_hx509_signature_rsa_pkcs1_x509_data; }
-
-const AlgorithmIdentifier *
-hx509_crypto_des_rsdi_ede3_cbc(void)
-{ return &_hx509_des_rsdi_ede3_cbc_oid; }
-
-const AlgorithmIdentifier *
-hx509_crypto_aes128_cbc(void)
-{ return &_hx509_crypto_aes128_cbc_data; }
-
-const AlgorithmIdentifier *
-hx509_crypto_aes256_cbc(void)
-{ return &_hx509_crypto_aes256_cbc_data; }
-
-/*
- *
- */
-
-const AlgorithmIdentifier * _hx509_crypto_default_sig_alg = 
-    &_hx509_signature_rsa_with_sha1_data;
-const AlgorithmIdentifier * _hx509_crypto_default_digest_alg = 
-    &_hx509_signature_sha1_data;
-const AlgorithmIdentifier * _hx509_crypto_default_secret_alg = 
-    &_hx509_crypto_aes128_cbc_data;
-
-/*
- *
- */
-
-int
-_hx509_private_key_init(hx509_private_key *key,
-			hx509_private_key_ops *ops,
-			void *keydata)
-{
-    *key = calloc(1, sizeof(**key));
-    if (*key == NULL)
-	return ENOMEM;
-    (*key)->ref = 1;
-    (*key)->ops = ops;
-    (*key)->private_key.keydata = keydata;
-    return 0;
-}
-
-hx509_private_key
-_hx509_private_key_ref(hx509_private_key key)
-{
-    if (key->ref <= 0)
-	_hx509_abort("refcount <= 0");
-    key->ref++;
-    if (key->ref == 0)
-	_hx509_abort("refcount == 0");
-    return key;
-}
-
-const char *
-_hx509_private_pem_name(hx509_private_key key)
-{
-    return key->ops->pemtype;
-}
-
-int
-_hx509_private_key_free(hx509_private_key *key)
-{
-    if (key == NULL || *key == NULL)
-	return 0;
-
-    if ((*key)->ref <= 0)
-	_hx509_abort("refcount <= 0");
-    if (--(*key)->ref > 0)
-	return 0;
-
-    if ((*key)->private_key.rsa)
-	RSA_free((*key)->private_key.rsa);
-    (*key)->private_key.rsa = NULL;
-    free(*key);
-    *key = NULL;
-    return 0;
-}
-
-void
-_hx509_private_key_assign_rsa(hx509_private_key key, void *ptr)
-{
-    if (key->private_key.rsa)
-	RSA_free(key->private_key.rsa);
-    key->private_key.rsa = ptr;
-    key->signature_alg = oid_id_pkcs1_sha1WithRSAEncryption();
-    key->md = &pkcs1_rsa_sha1_alg;
-}
-
-int 
-_hx509_private_key_oid(hx509_context context,
-		       const hx509_private_key key,
-		       heim_oid *data)
-{
-    int ret;
-    ret = der_copy_oid((*key->ops->key_oid)(), data);
-    if (ret)
-	hx509_set_error_string(context, 0, ret, "malloc out of memory");
-    return ret;
-}
-
-int
-_hx509_private_key_exportable(hx509_private_key key)
-{
-    if (key->ops->export == NULL)
-	return 0;
-    return 1;
-}
-
-BIGNUM *
-_hx509_private_key_get_internal(hx509_context context,
-				hx509_private_key key, 
-				const char *type)
-{
-    if (key->ops->get_internal == NULL)
-	return NULL;
-    return (*key->ops->get_internal)(context, key, type);
-}
-
-int 
-_hx509_private_key_export(hx509_context context,
-			  const hx509_private_key key,
-			  heim_octet_string *data)
-{
-    if (key->ops->export == NULL) {
-	hx509_clear_error_string(context);
-	return HX509_UNIMPLEMENTED_OPERATION;
-    }
-    return (*key->ops->export)(context, key, data);
-}
-
-/*
- *
- */
-
-struct hx509cipher {
-    const char *name;
-    const heim_oid *(*oid_func)(void);
-    const AlgorithmIdentifier *(*ai_func)(void);
-    const EVP_CIPHER *(*evp_func)(void);
-    int (*get_params)(hx509_context, const hx509_crypto,
-		      const heim_octet_string *, heim_octet_string *);
-    int (*set_params)(hx509_context, const heim_octet_string *, 
-		      hx509_crypto, heim_octet_string *);
-};
-
-struct hx509_crypto_data {
-    char *name;
-    const struct hx509cipher *cipher;
-    const EVP_CIPHER *c;
-    heim_octet_string key;
-    heim_oid oid;
-    void *param;
-};
-
-/*
- *
- */
-
-static const heim_oid *
-oid_private_rc2_40(void)
-{
-    static unsigned oid_data[] = { 127, 1 };
-    static const heim_oid oid = { 2, oid_data };
-
-    return &oid;
-}
-
-
-/*
- *
- */
-
-static int
-CMSCBCParam_get(hx509_context context, const hx509_crypto crypto,
-		 const heim_octet_string *ivec, heim_octet_string *param)
-{
-    size_t size;
-    int ret;
-
-    assert(crypto->param == NULL);
-    if (ivec == NULL)
-	return 0;
-
-    ASN1_MALLOC_ENCODE(CMSCBCParameter, param->data, param->length,
-		       ivec, &size, ret);
-    if (ret == 0 && size != param->length)
-	_hx509_abort("Internal asn1 encoder failure");
-    if (ret)
-	hx509_clear_error_string(context);
-    return ret;
-}
-
-static int
-CMSCBCParam_set(hx509_context context, const heim_octet_string *param,
-		hx509_crypto crypto, heim_octet_string *ivec)
-{
-    int ret;
-    if (ivec == NULL)
-	return 0;
-
-    ret = decode_CMSCBCParameter(param->data, param->length, ivec, NULL);
-    if (ret)
-	hx509_clear_error_string(context);
-
-    return ret;
-}
-
-struct _RC2_params {
-    int maximum_effective_key;
-};
-
-static int
-CMSRC2CBCParam_get(hx509_context context, const hx509_crypto crypto,
-		   const heim_octet_string *ivec, heim_octet_string *param)
-{
-    CMSRC2CBCParameter rc2params;
-    const struct _RC2_params *p = crypto->param;
-    int maximum_effective_key = 128;
-    size_t size;
-    int ret;
-
-    memset(&rc2params, 0, sizeof(rc2params));
-
-    if (p)
-	maximum_effective_key = p->maximum_effective_key;
-
-    switch(maximum_effective_key) {
-    case 40:
-	rc2params.rc2ParameterVersion = 160;
-	break;
-    case 64:
-	rc2params.rc2ParameterVersion = 120;
-	break;
-    case 128:
-	rc2params.rc2ParameterVersion = 58;
-	break;
-    }
-    rc2params.iv = *ivec;
-
-    ASN1_MALLOC_ENCODE(CMSRC2CBCParameter, param->data, param->length,
-		       &rc2params, &size, ret);
-    if (ret == 0 && size != param->length)
-	_hx509_abort("Internal asn1 encoder failure");
-
-    return ret;
-}
-
-static int
-CMSRC2CBCParam_set(hx509_context context, const heim_octet_string *param,
-		   hx509_crypto crypto, heim_octet_string *ivec)
-{
-    CMSRC2CBCParameter rc2param;
-    struct _RC2_params *p;
-    size_t size;
-    int ret;
-
-    ret = decode_CMSRC2CBCParameter(param->data, param->length,
-				    &rc2param, &size);
-    if (ret) {
-	hx509_clear_error_string(context);
-	return ret;
-    }
-
-    p = calloc(1, sizeof(*p));
-    if (p == NULL) {
-	free_CMSRC2CBCParameter(&rc2param);
-	hx509_clear_error_string(context);
-	return ENOMEM;
-    }
-    switch(rc2param.rc2ParameterVersion) {
-    case 160:
-	crypto->c = EVP_rc2_40_cbc();
-	p->maximum_effective_key = 40;
-	break;
-    case 120:
-	crypto->c = EVP_rc2_64_cbc();
-	p->maximum_effective_key = 64;
-	break;
-    case 58:
-	crypto->c = EVP_rc2_cbc();
-	p->maximum_effective_key = 128;
-	break;
-    default:
-	free(p);
-	free_CMSRC2CBCParameter(&rc2param);
-	return HX509_CRYPTO_SIG_INVALID_FORMAT;
-    }
-    if (ivec)
-	ret = der_copy_octet_string(&rc2param.iv, ivec);
-    free_CMSRC2CBCParameter(&rc2param);
-    if (ret) {
-	free(p);
-	hx509_clear_error_string(context);
-    } else
-	crypto->param = p;
-
-    return ret;
-}
-
-/*
- *
- */
-
-static const struct hx509cipher ciphers[] = {
-    {
-	"rc2-cbc",
-	oid_id_pkcs3_rc2_cbc,
-	NULL,
-	EVP_rc2_cbc,
-	CMSRC2CBCParam_get,
-	CMSRC2CBCParam_set
-    },
-    {
-	"rc2-cbc",
-	oid_id_rsadsi_rc2_cbc,
-	NULL,
-	EVP_rc2_cbc,
-	CMSRC2CBCParam_get,
-	CMSRC2CBCParam_set
-    },
-    {
-	"rc2-40-cbc",
-	oid_private_rc2_40,
-	NULL,
-	EVP_rc2_40_cbc,
-	CMSRC2CBCParam_get,
-	CMSRC2CBCParam_set
-    },
-    {
-	"des-ede3-cbc",
-	oid_id_pkcs3_des_ede3_cbc,
-	NULL,
-	EVP_des_ede3_cbc,
-	CMSCBCParam_get,
-	CMSCBCParam_set
-    },
-    {
-	"des-ede3-cbc",
-	oid_id_rsadsi_des_ede3_cbc,
-	hx509_crypto_des_rsdi_ede3_cbc,
-	EVP_des_ede3_cbc,
-	CMSCBCParam_get,
-	CMSCBCParam_set
-    },
-    {
-	"aes-128-cbc",
-	oid_id_aes_128_cbc,
-	hx509_crypto_aes128_cbc,
-	EVP_aes_128_cbc,
-	CMSCBCParam_get,
-	CMSCBCParam_set
-    },
-    {
-	"aes-192-cbc",
-	oid_id_aes_192_cbc,
-	NULL,
-	EVP_aes_192_cbc,
-	CMSCBCParam_get,
-	CMSCBCParam_set
-    },
-    {
-	"aes-256-cbc",
-	oid_id_aes_256_cbc,
-	hx509_crypto_aes256_cbc,
-	EVP_aes_256_cbc,
-	CMSCBCParam_get,
-	CMSCBCParam_set
-    }
-};
-
-static const struct hx509cipher *
-find_cipher_by_oid(const heim_oid *oid)
-{
-    int i;
-
-    for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++)
-	if (der_heim_oid_cmp(oid, (*ciphers[i].oid_func)()) == 0)
-	    return &ciphers[i];
-
-    return NULL;
-}
-
-static const struct hx509cipher *
-find_cipher_by_name(const char *name)
-{
-    int i;
-
-    for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++)
-	if (strcasecmp(name, ciphers[i].name) == 0)
-	    return &ciphers[i];
-
-    return NULL;
-}
-
-
-const heim_oid *
-hx509_crypto_enctype_by_name(const char *name)
-{
-    const struct hx509cipher *cipher;
-
-    cipher = find_cipher_by_name(name);
-    if (cipher == NULL)
-	return NULL;
-    return (*cipher->oid_func)();
-}
-
-int
-hx509_crypto_init(hx509_context context,
-		  const char *provider,
-		  const heim_oid *enctype,
-		  hx509_crypto *crypto)
-{
-    const struct hx509cipher *cipher;
-
-    *crypto = NULL;
-
-    cipher = find_cipher_by_oid(enctype);
-    if (cipher == NULL) {
-	hx509_set_error_string(context, 0, HX509_ALG_NOT_SUPP,
-			       "Algorithm not supported");
-	return HX509_ALG_NOT_SUPP;
-    }
-
-    *crypto = calloc(1, sizeof(**crypto));
-    if (*crypto == NULL) {
-	hx509_clear_error_string(context);
-	return ENOMEM;
-    }
-
-    (*crypto)->cipher = cipher;
-    (*crypto)->c = (*cipher->evp_func)();
-
-    if (der_copy_oid(enctype, &(*crypto)->oid)) {
-	hx509_crypto_destroy(*crypto);
-	*crypto = NULL;
-	hx509_clear_error_string(context);
-	return ENOMEM;
-    }
-
-    return 0;
-}
-
-const char *
-hx509_crypto_provider(hx509_crypto crypto)
-{
-    return "unknown";
-}
-
-void
-hx509_crypto_destroy(hx509_crypto crypto)
-{
-    if (crypto->name)
-	free(crypto->name);
-    if (crypto->key.data)
-	free(crypto->key.data);
-    if (crypto->param)
-	free(crypto->param);
-    der_free_oid(&crypto->oid);
-    memset(crypto, 0, sizeof(*crypto));
-    free(crypto);
-}
-
-int
-hx509_crypto_set_key_name(hx509_crypto crypto, const char *name)
-{
-    return 0;
-}
-
-int
-hx509_crypto_set_key_data(hx509_crypto crypto, const void *data, size_t length)
-{
-    if (EVP_CIPHER_key_length(crypto->c) > length)
-	return HX509_CRYPTO_INTERNAL_ERROR;
-
-    if (crypto->key.data) {
-	free(crypto->key.data);
-	crypto->key.data = NULL;
-	crypto->key.length = 0;
-    }
-    crypto->key.data = malloc(length);
-    if (crypto->key.data == NULL)
-	return ENOMEM;
-    memcpy(crypto->key.data, data, length);
-    crypto->key.length = length;
-
-    return 0;
-}
-
-int
-hx509_crypto_set_random_key(hx509_crypto crypto, heim_octet_string *key)
-{
-    if (crypto->key.data) {
-	free(crypto->key.data);
-	crypto->key.length = 0;
-    }
-
-    crypto->key.length = EVP_CIPHER_key_length(crypto->c);
-    crypto->key.data = malloc(crypto->key.length);
-    if (crypto->key.data == NULL) {
-	crypto->key.length = 0;
-	return ENOMEM;
-    }
-    if (RAND_bytes(crypto->key.data, crypto->key.length) <= 0) {
-	free(crypto->key.data);
-	crypto->key.data = NULL;
-	crypto->key.length = 0;
-	return HX509_CRYPTO_INTERNAL_ERROR;
-    }
-    if (key)
-	return der_copy_octet_string(&crypto->key, key);
-    else
-	return 0;
-}
-
-int
-hx509_crypto_set_params(hx509_context context,
-			hx509_crypto crypto, 
-			const heim_octet_string *param,
-			heim_octet_string *ivec)
-{
-    return (*crypto->cipher->set_params)(context, param, crypto, ivec);
-}
-
-int
-hx509_crypto_get_params(hx509_context context,
-			hx509_crypto crypto, 
-			const heim_octet_string *ivec,
-			heim_octet_string *param)
-{
-    return (*crypto->cipher->get_params)(context, crypto, ivec, param);
-}
-
-int
-hx509_crypto_random_iv(hx509_crypto crypto, heim_octet_string *ivec)
-{
-    ivec->length = EVP_CIPHER_iv_length(crypto->c);
-    ivec->data = malloc(ivec->length);
-    if (ivec->data == NULL) {
-	ivec->length = 0;
-	return ENOMEM;
-    }
-
-    if (RAND_bytes(ivec->data, ivec->length) <= 0) {
-	free(ivec->data);
-	ivec->data = NULL;
-	ivec->length = 0;
-	return HX509_CRYPTO_INTERNAL_ERROR;
-    }
-    return 0;
-}
-
-int
-hx509_crypto_encrypt(hx509_crypto crypto,
-		     const void *data,
-		     const size_t length,
-		     const heim_octet_string *ivec,
-		     heim_octet_string **ciphertext)
-{
-    EVP_CIPHER_CTX evp;
-    size_t padsize;
-    int ret;
-
-    *ciphertext = NULL;
-
-    assert(EVP_CIPHER_iv_length(crypto->c) == ivec->length);
-
-    EVP_CIPHER_CTX_init(&evp);
-
-    ret = EVP_CipherInit_ex(&evp, crypto->c, NULL,
-			    crypto->key.data, ivec->data, 1);
-    if (ret != 1) {
-	EVP_CIPHER_CTX_cleanup(&evp);
-	ret = HX509_CRYPTO_INTERNAL_ERROR;
-	goto out;
-    }
-
-    *ciphertext = calloc(1, sizeof(**ciphertext));
-    if (*ciphertext == NULL) {
-	ret = ENOMEM;
-	goto out;
-    }
-    
-    if (EVP_CIPHER_block_size(crypto->c) == 1) {
-	padsize = 0;
-    } else {
-	int bsize = EVP_CIPHER_block_size(crypto->c);
-	padsize = bsize - (length % bsize);
-    }
-    (*ciphertext)->length = length + padsize;
-    (*ciphertext)->data = malloc(length + padsize);
-    if ((*ciphertext)->data == NULL) {
-	ret = ENOMEM;
-	goto out;
-    }
-	
-    memcpy((*ciphertext)->data, data, length);
-    if (padsize) {
-	int i;
-	unsigned char *p = (*ciphertext)->data;
-	p += length;
-	for (i = 0; i < padsize; i++)
-	    *p++ = padsize;
-    }
-
-    ret = EVP_Cipher(&evp, (*ciphertext)->data,
-		     (*ciphertext)->data,
-		     length + padsize);
-    if (ret != 1) {
-	ret = HX509_CRYPTO_INTERNAL_ERROR;
-	goto out;
-    }
-    ret = 0;
-
- out:
-    if (ret) {
-	if (*ciphertext) {
-	    if ((*ciphertext)->data) {
-		free((*ciphertext)->data);
-	    }
-	    free(*ciphertext);
-	    *ciphertext = NULL;
-	}
-    }
-    EVP_CIPHER_CTX_cleanup(&evp);
-
-    return ret;
-}
-
-int
-hx509_crypto_decrypt(hx509_crypto crypto,
-		     const void *data,
-		     const size_t length,
-		     heim_octet_string *ivec,
-		     heim_octet_string *clear)
-{
-    EVP_CIPHER_CTX evp;
-    void *idata = NULL;
-    int ret;
-
-    clear->data = NULL;
-    clear->length = 0;
-
-    if (ivec && EVP_CIPHER_iv_length(crypto->c) < ivec->length)
-	return HX509_CRYPTO_INTERNAL_ERROR;
-
-    if (crypto->key.data == NULL)
-	return HX509_CRYPTO_INTERNAL_ERROR;
-
-    if (ivec)
-	idata = ivec->data;
-
-    EVP_CIPHER_CTX_init(&evp);
-
-    ret = EVP_CipherInit_ex(&evp, crypto->c, NULL,
-			    crypto->key.data, idata, 0);
-    if (ret != 1) {
-	EVP_CIPHER_CTX_cleanup(&evp);
-	return HX509_CRYPTO_INTERNAL_ERROR;
-    }
-
-    clear->length = length;
-    clear->data = malloc(length);
-    if (clear->data == NULL) {
-	EVP_CIPHER_CTX_cleanup(&evp);
-	clear->length = 0;
-	return ENOMEM;
-    }
-
-    if (EVP_Cipher(&evp, clear->data, data, length) != 1) {
-	return HX509_CRYPTO_INTERNAL_ERROR;
-    }
-    EVP_CIPHER_CTX_cleanup(&evp);
-
-    if (EVP_CIPHER_block_size(crypto->c) > 1) {
-	int padsize;
-	unsigned char *p; 
-	int j, bsize = EVP_CIPHER_block_size(crypto->c);
-
-	if (clear->length < bsize) {
-	    ret = HX509_CMS_PADDING_ERROR;
-	    goto out;
-	}
-
-	p = clear->data;
-	p += clear->length - 1;
-	padsize = *p;
-	if (padsize > bsize) {
-	    ret = HX509_CMS_PADDING_ERROR;
-	    goto out;
-	}
-	clear->length -= padsize;
-	for (j = 0; j < padsize; j++) {
-	    if (*p-- != padsize) {
-		ret = HX509_CMS_PADDING_ERROR;
-		goto out;
-	    }
-	}
-    }
-
-    return 0;
-
- out:
-    if (clear->data)
-	free(clear->data);
-    clear->data = NULL;
-    clear->length = 0;
-    return ret;
-}
-
-typedef int (*PBE_string2key_func)(hx509_context,
-				   const char *,
-				   const heim_octet_string *,
-				   hx509_crypto *, heim_octet_string *, 
-				   heim_octet_string *,
-				   const heim_oid *, const EVP_MD *);
-
-static int
-PBE_string2key(hx509_context context,
-	       const char *password,
-	       const heim_octet_string *parameters,
-	       hx509_crypto *crypto, 
-	       heim_octet_string *key, heim_octet_string *iv,
-	       const heim_oid *enc_oid,
-	       const EVP_MD *md)
-{
-    PKCS12_PBEParams p12params;
-    int passwordlen;
-    hx509_crypto c;
-    int iter, saltlen, ret;
-    unsigned char *salt;
-
-    passwordlen = password ? strlen(password) : 0;
-
-    if (parameters == NULL)
- 	return HX509_ALG_NOT_SUPP;
-
-    ret = decode_PKCS12_PBEParams(parameters->data,
-				  parameters->length,
-				  &p12params, NULL);
-    if (ret)
-	goto out;
-
-    if (p12params.iterations)
-	iter = *p12params.iterations;
-    else
-	iter = 1;
-    salt = p12params.salt.data;
-    saltlen = p12params.salt.length;
-
-    if (!PKCS12_key_gen (password, passwordlen, salt, saltlen, 
-			 PKCS12_KEY_ID, iter, key->length, key->data, md)) {
-	ret = HX509_CRYPTO_INTERNAL_ERROR;
-	goto out;
-    }
-    
-    if (!PKCS12_key_gen (password, passwordlen, salt, saltlen, 
-			 PKCS12_IV_ID, iter, iv->length, iv->data, md)) {
-	ret = HX509_CRYPTO_INTERNAL_ERROR;
-	goto out;
-    }
-
-    ret = hx509_crypto_init(context, NULL, enc_oid, &c);
-    if (ret)
-	goto out;
-
-    ret = hx509_crypto_set_key_data(c, key->data, key->length);
-    if (ret) {
-	hx509_crypto_destroy(c);
-	goto out;
-    }
-
-    *crypto = c;
-out:
-    free_PKCS12_PBEParams(&p12params);
-    return ret;
-}
-
-static const heim_oid *
-find_string2key(const heim_oid *oid, 
-		const EVP_CIPHER **c, 
-		const EVP_MD **md,
-		PBE_string2key_func *s2k)
-{
-    if (der_heim_oid_cmp(oid, oid_id_pbewithSHAAnd40BitRC2_CBC()) == 0) {
-	*c = EVP_rc2_40_cbc();
-	*md = EVP_sha1();
-	*s2k = PBE_string2key;
-	return oid_private_rc2_40();
-    } else if (der_heim_oid_cmp(oid, oid_id_pbeWithSHAAnd128BitRC2_CBC()) == 0) {
-	*c = EVP_rc2_cbc();
-	*md = EVP_sha1();
-	*s2k = PBE_string2key;
-	return oid_id_pkcs3_rc2_cbc();
-#if 0
-    } else if (der_heim_oid_cmp(oid, oid_id_pbeWithSHAAnd40BitRC4()) == 0) {
-	*c = EVP_rc4_40();
-	*md = EVP_sha1();
-	*s2k = PBE_string2key;
-	return NULL;
-    } else if (der_heim_oid_cmp(oid, oid_id_pbeWithSHAAnd128BitRC4()) == 0) {
-	*c = EVP_rc4();
-	*md = EVP_sha1();
-	*s2k = PBE_string2key;
-	return oid_id_pkcs3_rc4();
-#endif
-    } else if (der_heim_oid_cmp(oid, oid_id_pbeWithSHAAnd3_KeyTripleDES_CBC()) == 0) {
-	*c = EVP_des_ede3_cbc();
-	*md = EVP_sha1();
-	*s2k = PBE_string2key;
-	return oid_id_pkcs3_des_ede3_cbc();
-    }
-
-    return NULL;
-}
-
-/*
- *
- */
-
-int
-_hx509_pbe_encrypt(hx509_context context,
-		   hx509_lock lock,
-		   const AlgorithmIdentifier *ai,
-		   const heim_octet_string *content,
-		   heim_octet_string *econtent)
-{
-    hx509_clear_error_string(context);
-    return EINVAL;
-}
-
-/*
- *
- */
-
-int
-_hx509_pbe_decrypt(hx509_context context,
-		   hx509_lock lock,
-		   const AlgorithmIdentifier *ai,
-		   const heim_octet_string *econtent,
-		   heim_octet_string *content)
-{
-    const struct _hx509_password *pw;
-    heim_octet_string key, iv;
-    const heim_oid *enc_oid;
-    const EVP_CIPHER *c;
-    const EVP_MD *md;
-    PBE_string2key_func s2k;
-    int i, ret = 0;
-
-    memset(&key, 0, sizeof(key));
-    memset(&iv, 0, sizeof(iv));
-
-    memset(content, 0, sizeof(*content));
-
-    enc_oid = find_string2key(&ai->algorithm, &c, &md, &s2k);
-    if (enc_oid == NULL) {
-	hx509_set_error_string(context, 0, HX509_ALG_NOT_SUPP,
-			       "String to key algorithm not supported");
-	ret = HX509_ALG_NOT_SUPP;
-	goto out;
-    }
-
-    key.length = EVP_CIPHER_key_length(c);
-    key.data = malloc(key.length);
-    if (key.data == NULL) {
-	ret = ENOMEM;
-	hx509_clear_error_string(context);
-	goto out;
-    }
-
-    iv.length = EVP_CIPHER_iv_length(c);
-    iv.data = malloc(iv.length);
-    if (iv.data == NULL) {
-	ret = ENOMEM;
-	hx509_clear_error_string(context);
-	goto out;
-    }
-
-    pw = _hx509_lock_get_passwords(lock);
-
-    ret = HX509_CRYPTO_INTERNAL_ERROR;
-    for (i = 0; i < pw->len + 1; i++) {
-	hx509_crypto crypto;
-	const char *password;
-
-	if (i < pw->len)
-	    password = pw->val[i];
-	else if (i < pw->len + 1)
-	    password = "";
-	else
-	    password = NULL;
-
-	ret = (*s2k)(context, password, ai->parameters, &crypto, 
-		     &key, &iv, enc_oid, md);
-	if (ret)
-	    goto out;
-
-	ret = hx509_crypto_decrypt(crypto,
-				   econtent->data,
-				   econtent->length,
-				   &iv,
-				   content);
-	hx509_crypto_destroy(crypto);
-	if (ret == 0)
-	    goto out;
-				   
-    }
-out:
-    if (key.data)
-	der_free_octet_string(&key);
-    if (iv.data)
-	der_free_octet_string(&iv);
-    return ret;
-}
-
-/*
- *
- */
-
-
-int
-_hx509_match_keys(hx509_cert c, hx509_private_key private_key)
-{
-    const Certificate *cert;
-    const SubjectPublicKeyInfo *spi;
-    RSAPublicKey pk;
-    RSA *rsa;
-    size_t size;
-    int ret;
-
-    if (private_key->private_key.rsa == NULL)
-	return 0;
-
-    rsa = private_key->private_key.rsa;
-    if (rsa->d == NULL || rsa->p == NULL || rsa->q == NULL)
-	return 0;
-
-    cert = _hx509_get_cert(c);
-    spi = &cert->tbsCertificate.subjectPublicKeyInfo;
-
-    rsa = RSA_new();
-    if (rsa == NULL)
-	return 0;
-
-    ret = decode_RSAPublicKey(spi->subjectPublicKey.data,
-			      spi->subjectPublicKey.length / 8,
-			      &pk, &size);
-    if (ret) {
-	RSA_free(rsa);
-	return 0;
-    }
-    rsa->n = heim_int2BN(&pk.modulus);
-    rsa->e = heim_int2BN(&pk.publicExponent);
-
-    free_RSAPublicKey(&pk);
-
-    rsa->d = BN_dup(private_key->private_key.rsa->d);
-    rsa->p = BN_dup(private_key->private_key.rsa->p);
-    rsa->q = BN_dup(private_key->private_key.rsa->q);
-    rsa->dmp1 = BN_dup(private_key->private_key.rsa->dmp1);
-    rsa->dmq1 = BN_dup(private_key->private_key.rsa->dmq1);
-    rsa->iqmp = BN_dup(private_key->private_key.rsa->iqmp);
-
-    if (rsa->n == NULL || rsa->e == NULL || 
-	rsa->d == NULL || rsa->p == NULL|| rsa->q == NULL ||
-	rsa->dmp1 == NULL || rsa->dmq1 == NULL) {
-	RSA_free(rsa);
-	return 0;
-    }
-
-    ret = RSA_check_key(rsa);
-    RSA_free(rsa);
-
-    return ret == 1;
-}
-
-static const heim_oid *
-find_keytype(const hx509_private_key key)
-{
-    const struct signature_alg *md;
-
-    if (key == NULL)
-	return NULL;
-
-    md = find_sig_alg(key->signature_alg);
-    if (md == NULL)
-	return NULL;
-    return (*md->key_oid)();
-}
-
-
-int
-hx509_crypto_select(const hx509_context context,
-		    int type,
-		    const hx509_private_key source,
-		    hx509_peer_info peer,
-		    AlgorithmIdentifier *selected)
-{
-    const AlgorithmIdentifier *def;
-    size_t i, j;
-    int ret, bits;
-
-    memset(selected, 0, sizeof(*selected));
-
-    if (type == HX509_SELECT_DIGEST) {
-	bits = SIG_DIGEST;
-	def = _hx509_crypto_default_digest_alg;
-    } else if (type == HX509_SELECT_PUBLIC_SIG) {
-	bits = SIG_PUBLIC_SIG;
-	/* XXX depend on `source� and `peer� */
-	def = _hx509_crypto_default_sig_alg;
-    } else if (type == HX509_SELECT_SECRET_ENC) {
-	bits = SIG_SECRET;
-	def = _hx509_crypto_default_secret_alg;
-    } else {
-	hx509_set_error_string(context, 0, EINVAL, 
-			       "Unknown type %d of selection", type);
-	return EINVAL;
-    }
-
-    if (peer) {
-	const heim_oid *keytype = NULL;
-
-	keytype = find_keytype(source);
-
-	for (i = 0; i < peer->len; i++) {
-	    for (j = 0; sig_algs[j]; j++) {
-		if ((sig_algs[j]->flags & bits) != bits)
-		    continue;
-		if (der_heim_oid_cmp((*sig_algs[j]->sig_oid)(), 
-				     &peer->val[i].algorithm) != 0)
-		    continue;
-		if (keytype && sig_algs[j]->key_oid && 
-		    der_heim_oid_cmp(keytype, (*sig_algs[j]->key_oid)()))
-		    continue;
-
-		/* found one, use that */
-		ret = copy_AlgorithmIdentifier(&peer->val[i], selected);
-		if (ret)
-		    hx509_clear_error_string(context);
-		return ret;
-	    }
-	    if (bits & SIG_SECRET) {
-		const struct hx509cipher *cipher;
-
-		cipher = find_cipher_by_oid(&peer->val[i].algorithm);
-		if (cipher == NULL)
-		    continue;
-		if (cipher->ai_func == NULL)
-		    continue;
-		ret = copy_AlgorithmIdentifier(cipher->ai_func(), selected);
-		if (ret)
-		    hx509_clear_error_string(context);
-		return ret;
-	    }
-	}
-    }
-
-    /* use default */
-    ret = copy_AlgorithmIdentifier(def, selected);
-    if (ret)
-	hx509_clear_error_string(context);
-    return ret;
-}
-
-int
-hx509_crypto_available(hx509_context context,
-		       int type,
-		       hx509_cert source,
-		       AlgorithmIdentifier **val,
-		       unsigned int *plen)
-{
-    const heim_oid *keytype = NULL;
-    unsigned int len, i;
-    void *ptr;
-    int bits, ret;
-
-    *val = NULL;
-
-    if (type == HX509_SELECT_ALL) {
-	bits = SIG_DIGEST | SIG_PUBLIC_SIG | SIG_SECRET;
-    } else if (type == HX509_SELECT_DIGEST) {
-	bits = SIG_DIGEST;
-    } else if (type == HX509_SELECT_PUBLIC_SIG) {
-	bits = SIG_PUBLIC_SIG;
-    } else {
-	hx509_set_error_string(context, 0, EINVAL, 
-			       "Unknown type %d of available", type);
-	return EINVAL;
-    }
-
-    if (source)
-	keytype = find_keytype(_hx509_cert_private_key(source));
-
-    len = 0;
-    for (i = 0; sig_algs[i]; i++) {
-	if ((sig_algs[i]->flags & bits) == 0)
-	    continue;
-	if (sig_algs[i]->sig_alg == NULL)
-	    continue;
-	if (keytype && sig_algs[i]->key_oid && 
-	    der_heim_oid_cmp((*sig_algs[i]->key_oid)(), keytype))
-	    continue;
-
-	/* found one, add that to the list */
-	ptr = realloc(*val, sizeof(**val) * (len + 1));
-	if (ptr == NULL)
-	    goto out;
-	*val = ptr;
-
-	ret = copy_AlgorithmIdentifier((*sig_algs[i]->sig_alg)(), &(*val)[len]);
-	if (ret)
-	    goto out;
-	len++;
-    }
-
-    /* Add AES */
-    if (bits & SIG_SECRET) {
-
-	for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++) {
-	
-	    if (ciphers[i].ai_func == NULL)
-		continue;
-
-	    ptr = realloc(*val, sizeof(**val) * (len + 1));
-	    if (ptr == NULL)
-		goto out;
-	    *val = ptr;
-	    
-	    ret = copy_AlgorithmIdentifier((ciphers[i].ai_func)(), &(*val)[len]);
-	    if (ret)
-		goto out;
-	    len++;
-	}
-    }
-
-    *plen = len;
-    return 0;
-
-out:
-    for (i = 0; i < len; i++)
-	free_AlgorithmIdentifier(&(*val)[i]);
-    free(*val);
-    *val = NULL;
-    hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-    return ENOMEM;
-}
-
-void
-hx509_crypto_free_algs(AlgorithmIdentifier *val,
-		       unsigned int len)
-{
-    unsigned int i;
-    for (i = 0; i < len; i++)
-	free_AlgorithmIdentifier(&val[i]);
-    free(val);
-}    
diff --git a/crypto/heimdal/lib/hx509/data/bleichenbacher-bad.pem b/crypto/heimdal/lib/hx509/data/bleichenbacher-bad.pem
deleted file mode 100644
index 2c71932bc9a9..000000000000
--- a/crypto/heimdal/lib/hx509/data/bleichenbacher-bad.pem
+++ /dev/null
@@ -1,12 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIBsDCCAVoCAQYwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV
-BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD
-VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw0wNjA5MTEyMzU4NTVa
-Fw0wNjEwMTEyMzU4NTVaMGMxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNs
-YW5kMRowGAYDVQQKExFDcnlwdFNvZnQgUHR5IEx0ZDEjMCEGA1UEAxMaU2VydmVy
-IHRlc3QgY2VydCAoNTEyIGJpdCkwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PD
-hCeV/xIxUg8V70YRxK2A5jZbD92A12GN4PxyRQk0/lVmRUNMaJdq/qigpd9feP/u
-12S4PwTLb/8q/v657QIDAQABMA0GCSqGSIb3DQEBBQUAA0EAbynCRIlUQgaqyNgU
-DF6P14yRKUtX8akOP2TwStaSiVf/akYqfLFm3UGka5XbPj4rifrZ0/sOoZEEBvHQ
-e20sRA==
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/bleichenbacher-good.pem b/crypto/heimdal/lib/hx509/data/bleichenbacher-good.pem
deleted file mode 100644
index 409147bd5e4f..000000000000
--- a/crypto/heimdal/lib/hx509/data/bleichenbacher-good.pem
+++ /dev/null
@@ -1,12 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIBsDCCAVoCAQYwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV
-BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD
-VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw0wNjA5MTEyMzU5MDJa
-Fw0wNjEwMTEyMzU5MDJaMGMxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNs
-YW5kMRowGAYDVQQKExFDcnlwdFNvZnQgUHR5IEx0ZDEjMCEGA1UEAxMaU2VydmVy
-IHRlc3QgY2VydCAoNTEyIGJpdCkwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PD
-hCeV/xIxUg8V70YRxK2A5jZbD92A12GN4PxyRQk0/lVmRUNMaJdq/qigpd9feP/u
-12S4PwTLb/8q/v657QIDAQABMA0GCSqGSIb3DQEBBQUAA0EAc+fnj0rB2CYautG2
-4itiMOU4SN6JFTFDCTU/Gb5aR/Fiu7HJkuE5yGEnTdnwcId/T9sTW251yzCc1e2z
-rHX/kw==
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/bleichenbacher-sf-pad-correct.pem b/crypto/heimdal/lib/hx509/data/bleichenbacher-sf-pad-correct.pem
deleted file mode 100644
index 3e73f5d61434..000000000000
--- a/crypto/heimdal/lib/hx509/data/bleichenbacher-sf-pad-correct.pem
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICgzCCAWugAwIBAgIBFzANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
-MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
-U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYw
-ODE5MTY1MTMwWhcNMDYxMDE4MTY1MTMwWjARMQ8wDQYDVQQDEwZIYWNrZXIwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKSu6ChWttBsOpaBrYf4PzyCGNe6DuE7
-rmq4CMskdz8uiAJ3wVd8jGsjdeY4YzoXSVp+9mEF6XqNgyDf8Ub3kNgPYxvJ28lg
-QVpd5RdGWXHo14LWBTD1mtFkCiAhVlATsVNI/tjv2tv7Jp8EsylbDHe7hslA0rns
-Rr2cS9bvpM03AgMBAAGjEzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEF
-BQADggEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADLL/Up63HkFWD15INcW
-Xd1nZGI+gO/whm58ICyJ1Js7ON6N4NyBTwe8513CvdOlOdG/Ctmy2gxEE47HhEed
-ST8AUooI0ey599t84P20gGRuOYIjr7c=
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/ca.crt b/crypto/heimdal/lib/hx509/data/ca.crt
deleted file mode 100644
index 76fa2c4d9522..000000000000
--- a/crypto/heimdal/lib/hx509/data/ca.crt
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICbDCCAdWgAwIBAgIJALeUXoWyGYBYMA0GCSqGSIb3DQEBBQUAMCoxGzAZBgNV
-BAMMEmh4NTA5IFRlc3QgUm9vdCBDQTELMAkGA1UEBhMCU0UwHhcNMDcxMTE1MDY1
-ODU2WhcNMTcxMTEyMDY1ODU2WjAqMRswGQYDVQQDDBJoeDUwOSBUZXN0IFJvb3Qg
-Q0ExCzAJBgNVBAYTAlNFMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHcvJb
-yJXPhM9HHq1hU6d2Cu1fW9o1CvObirn1SNZg+pTnQgO9Lv4VjQQfltNK0aovyLJa
-UdbAbsRCfH+79YY2tU76x8aXpUri0DfUv5PGscIZzW7WULaaXxBgHo1owzmhc1Qj
-F9JDEurJXGFEZaDsPcEwY40RjrKDL8SXzEoEwwIDAQABo4GZMIGWMB0GA1UdDgQW
-BBSM5w21xd5phXUsCKHeUxUwnKHoADBaBgNVHSMEUzBRgBSM5w21xd5phXUsCKHe
-UxUwnKHoAKEupCwwKjEbMBkGA1UEAwwSaHg1MDkgVGVzdCBSb290IENBMQswCQYD
-VQQGEwJTRYIJALeUXoWyGYBYMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgHmMA0G
-CSqGSIb3DQEBBQUAA4GBAIBa6mq1aytlbhixD6q4PROg7P1OGX6nr5CkC96CC+Xp
-5UTLZEVIddkrBswNAAS0p5eEorO8xD9eT5ztZ0oYITymsO1sEIfDLks+LhdBoyF7
-TX24INRwjlqsC8UlbRFoClxIMNhrMwcC3oZ4oLddV2OmA0IOG6yHXvEOQq0sTotr
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/ca.key b/crypto/heimdal/lib/hx509/data/ca.key
deleted file mode 100644
index 924c52dbafc9..000000000000
--- a/crypto/heimdal/lib/hx509/data/ca.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDHcvJbyJXPhM9HHq1hU6d2Cu1fW9o1CvObirn1SNZg+pTnQgO9
-Lv4VjQQfltNK0aovyLJaUdbAbsRCfH+79YY2tU76x8aXpUri0DfUv5PGscIZzW7W
-ULaaXxBgHo1owzmhc1QjF9JDEurJXGFEZaDsPcEwY40RjrKDL8SXzEoEwwIDAQAB
-AoGAcRFgBdpr224eF+JzRganm8rMENBAnutreRUnIL+/ENFd0tBg0EIwtsTvvnzB
-odvEkDxFp+BXT1Y8Grj7rPGeuKq7537J43Go02fSC7z4i3HDhSmv1SXE59hiES4F
-ktyR2D7N+A/RPCckS4JM/zG4ZkucqKg/NnVpbdTpl0P2oSkCQQDoDkPde5vfWeXG
-wmAgm5HPbyEmDBXQMlYDgNd448TmObRpjr0dyyr5zDgFJkOpOmv6WUMUxGILam3k
-hCDqQqHPAkEA3AdgsMafqkR+OJmZT/gIDYb+mU8DFH6+WcUPxk+qbAa8JWg4VD30
-tpOKwZu4an1kExHnsVTqKOoW1cYmtYDuzQJAJ+78gsrYwhDoV9HvVO0wpG/NVozR
-3CgtYSD085rOsYfQojGsHcputNoN8eTp09934Xcm8hXxgWFpU9/hAi9BRQJACKG1
-dlnka56SQRAthoiZcEZqeIM0ALrUJttnOgVoDyLYgLMs+okPr5XsLJo6StsucN0T
-9M36/a3pRWunmxk6xQJBAOaD3sdIMLtGpFFOIQgkNUD9rOqXpi87h3ecmJCuG82w
-B6kRNvpZz33U2FowFQtGBdvUBsbzlRzYDMrWniC6YKc=
------END RSA PRIVATE KEY-----
diff --git a/crypto/heimdal/lib/hx509/data/crl1.crl b/crypto/heimdal/lib/hx509/data/crl1.crl
deleted file mode 100644
index 14aecf4c3dca..000000000000
--- a/crypto/heimdal/lib/hx509/data/crl1.crl
+++ /dev/null
@@ -1,8 +0,0 @@
------BEGIN X509 CRL-----
-MIIBBDBvMA0GCSqGSIb3DQEBBQUAMCoxGzAZBgNVBAMMEmh4NTA5IFRlc3QgUm9v
-dCBDQTELMAkGA1UEBhMCU0UXDTA3MTExNTA2NTkwMFoXDTE3MDkyMzA2NTkwMFow
-FDASAgEDFw0wNzExMTUwNjU5MDBaMA0GCSqGSIb3DQEBBQUAA4GBAGYUroSt3oVI
-0mjphSYqtpzDavF6xVM7bQrQEW+ZhzG7VynJdJaPgaJRaEHj9CNlJT1GF5WOY180
-wWuZEqXUV144snZ7YkSdsNOQRSmnHp8Fl6Sjdya3G55FoJHmhZ2JvscyZpb/Vh8N
-NoMICB27iYqCzVlK9NkT5neCmomv/mDn
------END X509 CRL-----
diff --git a/crypto/heimdal/lib/hx509/data/crl1.der b/crypto/heimdal/lib/hx509/data/crl1.der
deleted file mode 100644
index 6d29196fc7bf..000000000000
--- a/crypto/heimdal/lib/hx509/data/crl1.der
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/gen-req.sh b/crypto/heimdal/lib/hx509/data/gen-req.sh
deleted file mode 100644
index 4926399d4ea3..000000000000
--- a/crypto/heimdal/lib/hx509/data/gen-req.sh
+++ /dev/null
@@ -1,316 +0,0 @@
-#!/bin/sh
-# $Id: gen-req.sh 21786 2007-08-01 19:37:45Z lha $
-#
-# This script need openssl 0.9.8a or newer, so it can parse the
-# otherName section for pkinit certificates.
-#
-
-openssl=$HOME/src/openssl/openssl-0.9.8e/apps/openssl
-
-gen_cert()
-{
-	${openssl} req \
-		-new \
-		-subj "$1" \
-		-config openssl.cnf \
-		-newkey rsa:1024 \
-		-sha1 \
-		-nodes \
-		-keyout out.key \
-		-out cert.req > /dev/null 2>/dev/null
-
-        if [ "$3" = "ca" ] ; then
-	    ${openssl} x509 \
-		-req \
-		-days 3650 \
-		-in cert.req \
-		-extfile openssl.cnf \
-		-extensions $4 \
-                -signkey out.key \
-		-out cert.crt
-
-		ln -s ca.crt `${openssl} x509 -hash -noout -in cert.crt`.0
-
-		name=$3
-
-        elif [ "$3" = "proxy" ] ; then
-
-	    ${openssl} x509 \
-		-req \
-		-in cert.req \
-		-days 3650 \
-		-out cert.crt \
-		-CA $2.crt \
-		-CAkey $2.key \
-		-CAcreateserial \
-		-extfile openssl.cnf \
-		-extensions $4
-
-		name=$5
-	else
-
-	    ${openssl} ca \
-		-name $4 \
-		-days 3650 \
-		-cert $2.crt \
-		-keyfile $2.key \
-		-in cert.req \
-		-out cert.crt \
-		-outdir . \
-		-batch \
-		-config openssl.cnf 
-
-		name=$3
-	fi
-
-	mv cert.crt $name.crt
-	mv out.key $name.key
-}
-
-echo "01" > serial
-> index.txt
-rm -f *.0
-
-gen_cert "/CN=hx509 Test Root CA/C=SE" "root" "ca" "v3_ca"
-gen_cert "/CN=OCSP responder/C=SE" "ca" "ocsp-responder" "ocsp"
-gen_cert "/CN=Test cert/C=SE" "ca" "test" "usr"
-gen_cert "/CN=Revoke cert/C=SE" "ca" "revoke" "usr"
-gen_cert "/CN=Test cert KeyEncipherment/C=SE" "ca" "test-ke-only" "usr_ke"
-gen_cert "/CN=Test cert DigitalSignature/C=SE" "ca" "test-ds-only" "usr_ds"
-gen_cert "/CN=pkinit/C=SE" "ca" "pkinit" "pkinit_client"
-gen_cert "/C=SE/CN=pkinit/CN=pkinit-proxy" "pkinit" "proxy" "proxy_cert" pkinit-proxy
-gen_cert "/CN=kdc/C=SE" "ca" "kdc" "pkinit_kdc"
-gen_cert "/CN=www.test.h5l.se/C=SE" "ca" "https" "https"
-gen_cert "/CN=Sub CA/C=SE" "ca" "sub-ca" "subca"
-gen_cert "/CN=Test sub cert/C=SE" "sub-ca" "sub-cert" "usr"
-gen_cert "/C=SE/CN=Test cert/CN=proxy" "test" "proxy" "proxy_cert" proxy-test
-gen_cert "/C=SE/CN=Test cert/CN=proxy/CN=child" "proxy-test" "proxy" "proxy_cert" proxy-level-test
-gen_cert "/C=SE/CN=Test cert/CN=no-proxy" "test" "proxy" "usr_cert" no-proxy-test
-gen_cert "/C=SE/CN=Test cert/CN=proxy10" "test" "proxy" "proxy10_cert" proxy10-test
-gen_cert "/C=SE/CN=Test cert/CN=proxy10/CN=child" "proxy10-test" "proxy" "proxy10_cert" proxy10-child-test
-gen_cert "/C=SE/CN=Test cert/CN=proxy10/CN=child/CN=child" "proxy10-child-test" "proxy" "proxy10_cert" proxy10-child-child-test
-
-
-# combine
-cat sub-ca.crt ca.crt > sub-ca-combined.crt
-cat test.crt test.key > test.combined.crt
-cat pkinit-proxy.crt pkinit.crt > pkinit-proxy-chain.crt
-
-# password protected key
-${openssl} rsa -in test.key -aes256 -passout pass:foobar -out test-pw.key
-${openssl} rsa -in pkinit.key -aes256 -passout pass:foo -out pkinit-pw.key
-
-
-${openssl} ca \
-    -name usr \
-    -cert ca.crt \
-    -keyfile ca.key \
-    -revoke revoke.crt \
-    -config openssl.cnf 
-
-${openssl} pkcs12 \
-    -export \
-    -in test.crt \
-    -inkey test.key \
-    -passout pass:foobar \
-    -out test.p12 \
-    -name "friendlyname-test" \
-    -certfile ca.crt \
-    -caname ca
-
-${openssl} pkcs12 \
-    -export \
-    -in sub-cert.crt \
-    -inkey sub-cert.key \
-    -passout pass:foobar \
-    -out sub-cert.p12 \
-    -name "friendlyname-sub-cert" \
-    -certfile sub-ca-combined.crt \
-    -caname sub-ca \
-    -caname ca
-
-${openssl} pkcs12 \
-    -keypbe NONE \
-    -certpbe NONE \
-    -export \
-    -in test.crt \
-    -inkey test.key \
-    -passout pass:foobar \
-    -out test-nopw.p12 \
-    -name "friendlyname-cert" \
-    -certfile ca.crt \
-    -caname ca
-
-${openssl} smime \
-    -sign \
-    -nodetach \
-    -binary \
-    -in static-file \
-    -signer test.crt \
-    -inkey test.key \
-    -outform DER \
-    -out test-signed-data
-
-${openssl} smime \
-    -sign \
-    -nodetach \
-    -binary \
-    -in static-file \
-    -signer test.crt \
-    -inkey test.key \
-    -noattr \
-    -outform DER \
-    -out test-signed-data-noattr
-
-${openssl} smime \
-    -sign \
-    -nodetach \
-    -binary \
-    -in static-file \
-    -signer test.crt \
-    -inkey test.key \
-    -noattr \
-    -nocerts \
-    -outform DER \
-    -out test-signed-data-noattr-nocerts
-
-${openssl} smime \
-    -encrypt \
-    -nodetach \
-    -binary \
-    -in static-file \
-    -outform DER \
-    -out test-enveloped-rc2-40 \
-    -rc2-40 \
-    test.crt
-
-${openssl} smime \
-    -encrypt \
-    -nodetach \
-    -binary \
-    -in static-file \
-    -outform DER \
-    -out test-enveloped-rc2-64 \
-    -rc2-64 \
-    test.crt
-
-${openssl} smime \
-    -encrypt \
-    -nodetach \
-    -binary \
-    -in static-file \
-    -outform DER \
-    -out test-enveloped-rc2-128 \
-    -rc2-128 \
-    test.crt
-
-${openssl} smime \
-    -encrypt \
-    -nodetach \
-    -binary \
-    -in static-file \
-    -outform DER \
-    -out test-enveloped-des \
-    -des \
-    test.crt
-
-${openssl} smime \
-    -encrypt \
-    -nodetach \
-    -binary \
-    -in static-file \
-    -outform DER \
-    -out test-enveloped-des-ede3 \
-    -des3 \
-    test.crt
-
-${openssl} smime \
-    -encrypt \
-    -nodetach \
-    -binary \
-    -in static-file \
-    -outform DER \
-    -out test-enveloped-aes-128 \
-    -aes128 \
-    test.crt
-
-${openssl} smime \
-    -encrypt \
-    -nodetach \
-    -binary \
-    -in static-file \
-    -outform DER \
-    -out test-enveloped-aes-256 \
-    -aes256 \
-    test.crt
-
-echo ocsp requests
-
-${openssl} ocsp \
-    -issuer ca.crt \
-    -cert test.crt \
-    -reqout ocsp-req1.der
-
-${openssl} ocsp \
-    -index index.txt \
-    -rsigner ocsp-responder.crt \
-    -rkey ocsp-responder.key \
-    -CA ca.crt \
-    -reqin ocsp-req1.der \
-    -noverify \
-    -respout ocsp-resp1-ocsp.der
-
-${openssl} ocsp \
-    -index index.txt \
-    -rsigner ca.crt \
-    -rkey ca.key \
-    -CA ca.crt \
-    -reqin ocsp-req1.der \
-    -noverify \
-    -respout ocsp-resp1-ca.der
-
-${openssl} ocsp \
-    -index index.txt \
-    -rsigner ocsp-responder.crt \
-    -rkey ocsp-responder.key \
-    -CA ca.crt \
-    -resp_no_certs \
-    -reqin ocsp-req1.der \
-    -noverify \
-    -respout ocsp-resp1-ocsp-no-cert.der
-
-${openssl} ocsp \
-    -index index.txt \
-    -rsigner ocsp-responder.crt \
-    -rkey ocsp-responder.key \
-    -CA ca.crt \
-    -reqin ocsp-req1.der \
-    -resp_key_id \
-    -noverify \
-    -respout ocsp-resp1-keyhash.der
-
-${openssl} ocsp \
-    -issuer ca.crt \
-    -cert revoke.crt \
-    -reqout ocsp-req2.der
-
-${openssl} ocsp \
-    -index index.txt \
-    -rsigner ocsp-responder.crt \
-    -rkey ocsp-responder.key \
-    -CA ca.crt \
-    -reqin ocsp-req2.der \
-    -noverify \
-    -respout ocsp-resp2.der
-
-${openssl} ca \
-    -gencrl \
-    -name usr \
-    -crldays 3600 \
-    -keyfile ca.key \
-    -cert ca.crt \
-    -crl_reason superseded \
-    -out crl1.crl \
-    -config openssl.cnf 
-
-${openssl} crl -in crl1.crl -outform der -out crl1.der
diff --git a/crypto/heimdal/lib/hx509/data/j.pem b/crypto/heimdal/lib/hx509/data/j.pem
deleted file mode 100644
index 45ae8e81477f..000000000000
--- a/crypto/heimdal/lib/hx509/data/j.pem
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEajCCA1KgAwIBAgIBATANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJKUDEN
-MAsGA1UECgwESlBLSTEpMCcGA1UECwwgUHJlZmVjdHVyYWwgQXNzb2NpYXRpb24g
-Rm9yIEpQS0kxETAPBgNVBAsMCEJyaWRnZUNBMB4XDTAzMTIyNzA1MDgxNVoXDTEz
-MTIyNjE0NTk1OVowWjELMAkGA1UEBhMCSlAxDTALBgNVBAoMBEpQS0kxKTAnBgNV
-BAsMIFByZWZlY3R1cmFsIEFzc29jaWF0aW9uIEZvciBKUEtJMREwDwYDVQQLDAhC
-cmlkZ2VDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANTnUmg7K3m8
-52vd77kwkq156euwoWm5no8E8kmaTSc7x2RABPpqNTlMKdZ6ttsyYrqREeDkcvPL
-yF7yf/I8+innasNtsytcTAy8xY8Avsbd4JkCGW9dyPjk9pzzc3yLQ64Rx2fujRn2
-agcEVdPCr/XpJygX8FD5bbhkZ0CVoiASBmlHOcC3YpFlfbT1QcpOSOb7o+VdKVEi
-MMfbBuU2IlYIaSr/R1nO7RPNtkqkFWJ1/nKjKHyzZje7j70qSxb+BTGcNgTHa1YA
-UrogKB+UpBftmb4ds+XlkEJ1dvwokiSbCDaWFKD+YD4B2s0bvjCbw8xuZFYGhNyR
-/2D5XfN1s2MCAwEAAaOCATkwggE1MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
-BTADAQH/MG0GA1UdHwRmMGQwYqBgoF6kXDBaMQswCQYDVQQGEwJKUDENMAsGA1UE
-CgwESlBLSTEpMCcGA1UECwwgUHJlZmVjdHVyYWwgQXNzb2NpYXRpb24gRm9yIEpQ
-S0kxETAPBgNVBAsMCEJyaWRnZUNBMIGDBgNVHREEfDB6pHgwdjELMAkGA1UEBhMC
-SlAxJzAlBgNVBAoMHuWFrOeahOWAi+S6uuiqjeiovOOCteODvOODk+OCuTEeMBwG
-A1UECwwV6YO96YGT5bqc55yM5Y2U6K2w5LyaMR4wHAYDVQQLDBXjg5bjg6rjg4Pj
-grjoqo3oqLzlsYAwHQYDVR0OBBYEFNQXMiCqQNkR2OaZmQgLtf8mR8p8MA0GCSqG
-SIb3DQEBBQUAA4IBAQATjJo4reTNPC5CsvAKu1RYT8PyXFVYHbKsEpGt4GR8pDCg
-HEGAiAhHSNrGh9CagZMXADvlG0gmMOnXowriQQixrtpkmx0TB8tNAlZptZWkZC+R
-8TnjOkHrk2nFAEC3ezbdK0R7MR4tJLDQCnhEWbg50rf0wZ/aF8uAaVeEtHXa6W0M
-Xq3dSe0XAcrLbX4zZHQTaWvdpLAIjl6DZ3SCieRMyoWUL+LXaLFdTP5WBCd+No58
-IounD9X4xxze2aeRVaiV/WnQ0OSPNS7n7YXy6xQdnaOU4KRW/Lne1EDf5IfWC/ih
-bVAmhZMbcrkWWcsR6aCPG+2mV3zTD6AUzuKPal8Y
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/kdc.crt b/crypto/heimdal/lib/hx509/data/kdc.crt
deleted file mode 100644
index 7dc38359c8fa..000000000000
--- a/crypto/heimdal/lib/hx509/data/kdc.crt
+++ /dev/null
@@ -1,59 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 7 (0x7)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: CN=hx509 Test Root CA, C=SE
-        Validity
-            Not Before: Nov 15 06:58:58 2007 GMT
-            Not After : Nov 12 06:58:58 2017 GMT
-        Subject: C=SE, CN=kdc
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:bb:fa:14:24:35:9f:cb:82:91:20:b9:44:ec:4d:
-                    f8:e4:1b:68:3f:6a:4d:d1:56:3e:28:25:6e:ab:aa:
-                    8b:6b:9c:59:ce:67:cc:27:61:4f:ff:18:a5:56:81:
-                    a1:94:c4:33:f9:20:54:e5:1f:5a:47:43:ee:8f:52:
-                    8a:9f:97:6b:73:92:a3:e1:fd:9e:0b:04:36:2b:b2:
-                    72:bd:80:ff:ae:5a:e1:9b:bb:d8:77:c8:fe:f8:3b:
-                    3f:b9:51:56:6e:97:c2:2a:76:ea:56:d8:46:67:45:
-                    33:6f:b1:74:cf:2b:dd:11:32:1f:d7:a9:e9:2a:e2:
-                    0f:a8:dd:b1:94:85:87:dd:b5
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Key Usage: 
-                Digital Signature, Non Repudiation, Key Encipherment
-            X509v3 Extended Key Usage: 
-                pkkdcekuoid
-            X509v3 Subject Key Identifier: 
-                51:75:26:1A:E0:16:0F:69:A8:B4:98:80:EB:C8:49:A6:D0:C6:24:C1
-            X509v3 Subject Alternative Name: 
-                othername:<unsupported>
-    Signature Algorithm: sha1WithRSAEncryption
-        7a:f7:7c:cf:2d:87:aa:93:49:b1:05:2a:ea:ee:75:97:22:02:
-        5a:a1:2c:e3:e1:9d:be:48:0c:75:26:e0:84:f0:2a:90:5a:15:
-        dd:7c:58:65:ab:79:05:85:40:54:35:e1:57:58:96:aa:32:68:
-        f2:bd:cc:b5:9a:1c:f5:d7:49:01:44:ce:fc:22:55:3c:86:d6:
-        c2:ed:46:e6:dc:a7:c5:48:3f:ac:0c:10:ba:b9:e2:e8:78:37:
-        79:f7:d5:da:c0:8e:74:09:64:ff:bb:36:24:d4:c7:4d:c3:93:
-        c2:d7:3a:32:97:b9:e1:79:ea:82:3a:42:69:ec:e4:ec:48:d5:
-        3f:90
------BEGIN CERTIFICATE-----
-MIICVDCCAb2gAwIBAgIBBzANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw
-OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA3MTExNTA2NTg1OFoXDTE3
-MTExMjA2NTg1OFowGzELMAkGA1UEBhMCU0UxDDAKBgNVBAMMA2tkYzCBnzANBgkq
-hkiG9w0BAQEFAAOBjQAwgYkCgYEAu/oUJDWfy4KRILlE7E345BtoP2pN0VY+KCVu
-q6qLa5xZzmfMJ2FP/xilVoGhlMQz+SBU5R9aR0Puj1KKn5drc5Kj4f2eCwQ2K7Jy
-vYD/rlrhm7vYd8j++Ds/uVFWbpfCKnbqVthGZ0Uzb7F0zyvdETIf16npKuIPqN2x
-lIWH3bUCAwEAAaOBmDCBlTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DASBgNVHSUE
-CzAJBgcrBgEFAgMFMB0GA1UdDgQWBBRRdSYa4BYPaai0mIDryEmm0MYkwTBIBgNV
-HREEQTA/oD0GBisGAQUCAqAzMDGgDRsLVEVTVC5INUwuU0WhIDAeoAMCAQGhFzAV
-GwZrcmJ0Z3QbC1RFU1QuSDVMLlNFMA0GCSqGSIb3DQEBBQUAA4GBAHr3fM8th6qT
-SbEFKurudZciAlqhLOPhnb5IDHUm4ITwKpBaFd18WGWreQWFQFQ14VdYlqoyaPK9
-zLWaHPXXSQFEzvwiVTyG1sLtRubcp8VIP6wMELq54uh4N3n31drAjnQJZP+7NiTU
-x03Dk8LXOjKXueF56oI6Qmns5OxI1T+Q
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/kdc.key b/crypto/heimdal/lib/hx509/data/kdc.key
deleted file mode 100644
index 01fca6542c2d..000000000000
--- a/crypto/heimdal/lib/hx509/data/kdc.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQC7+hQkNZ/LgpEguUTsTfjkG2g/ak3RVj4oJW6rqotrnFnOZ8wn
-YU//GKVWgaGUxDP5IFTlH1pHQ+6PUoqfl2tzkqPh/Z4LBDYrsnK9gP+uWuGbu9h3
-yP74Oz+5UVZul8IqdupW2EZnRTNvsXTPK90RMh/Xqekq4g+o3bGUhYfdtQIDAQAB
-AoGBAJXwJO65A0v+SqqyfSKME1JH9kBXF9k5lHzLVtqBP5JHdW7pZnOm8HtG+mLl
-JbCXS+mUe4MDHiyoJ/qUWVRxIFgBBEQpaYxdyW8d+SpCnR53hBa3t0yxr3yZ0XCc
-u4lkKaCCQM5aPZqlbEkyR0Hm+lXPKbW+Sgm18fm2zPJ/2EXhAkEA8RO+dydMR7LV
-8PdOvMkENwwnkUQTI3YjoRy0yV9UV+x3JDdBufOOjObrXIg/jDkg3PyOE5JBo/EZ
-u1OyFFbyPQJBAMec4B3+ZyOPeH1OodSWfL/0AFCSZyOs1UgEC7vorMJ8i0eHDIsT
-Uie1xNlrfrjnXTvMG7woFZOvNXBJkxCXKNkCQQCyMX/lnxyZGq1csdB3ZrZA4jEV
-BRaIbbikTA2tk1NKsjTWhimFA2xo5f8upF8kjM2nyt5RxRfT0FDO0Gye8C2ZAkBq
-CJYwuJwXErZBcgya/dmEqduk8TAijkO5fpSxG7bxlPDzbPSnx/qjJ3ZKvERTemtX
-QWQWPgDAM5kibaLWdEV5AkAJn7iP495Cbac0y3zihgK/M70M9y1WB0TbumpTVpg2
-taw3NwTjQlGnFj64dJIj+hgCOGYJ7H1Gt7JOi10NRtbd
------END RSA PRIVATE KEY-----
diff --git a/crypto/heimdal/lib/hx509/data/key.der b/crypto/heimdal/lib/hx509/data/key.der
deleted file mode 100644
index e7c665e3005e..000000000000
--- a/crypto/heimdal/lib/hx509/data/key.der
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/key2.der b/crypto/heimdal/lib/hx509/data/key2.der
deleted file mode 100644
index fe3f413c0aa5..000000000000
--- a/crypto/heimdal/lib/hx509/data/key2.der
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/nist-data b/crypto/heimdal/lib/hx509/data/nist-data
deleted file mode 100644
index 80333bbfc406..000000000000
--- a/crypto/heimdal/lib/hx509/data/nist-data
+++ /dev/null
@@ -1,91 +0,0 @@
-# $Id: nist-data 21917 2007-08-16 13:54:25Z lha $
-# id verify cert hxtool-verify-arguments...
-# p(ass) f(ail)
-# Those id's that end with i are invariants of the orignal test
-#
-# 4.1 Signature Verification
-#
-4.1.1   p ValidCertificatePathTest1EE.crt GoodCACert.crt GoodCACRL.crl
-4.1.2   f InvalidCASignatureTest2EE.crt BadSignedCACert.crt BadSignedCACRL.crl
-4.1.3   f InvalidEESignatureTest3EE.crt GoodCACert.crt GoodCACRL.crl
-#4.1.4	p ValidDSASignaturesTest4EE.crt DSACACert.crt DSACACRL.crl
-#4.1.5	p ValidDSAParameterInheritanceTest5EE.crl DSAParametersInheritedCACert.crt DSAParametersInheritedCACRL.crl DSACACert.crt DSACACRL.crl
-#4.1.6	f InvalidDSASignaturesTest6EE.crt DSACACert.crt DSACACRL.crl
-#
-# 4.2 Validity Periods
-#
-4.2.1   f InvalidCAnotBeforeDateTest1EE.crt BadnotBeforeDateCACert.crt BadnotBeforeDateCACRL.crl
-4.2.2   f InvalidEEnotBeforeDateTest2EE.crt GoodCACert.crt GoodCACRL.crl
-4.2.3   p Validpre2000UTCnotBeforeDateTest3EE.crt GoodCACert.crt GoodCACRL.crl
-4.2.4   p ValidGeneralizedTimenotBeforeDateTest4EE.crt GoodCACert.crt GoodCACRL.crl
-4.2.5   f InvalidCAnotAfterDateTest5EE.crt BadnotAfterDateCACert.crt BadnotAfterDateCACRL.crl
-4.2.6   f InvalidEEnotAfterDateTest6EE.crt GoodCACert.crt GoodCACRL.crl
-4.2.7   f Invalidpre2000UTCEEnotAfterDateTest7EE.crt GoodCACert.crt GoodCACRL.crl
-#4.2.8   p ValidGeneralizedTimenotAfterDateTest8EE.crt GoodCACert.crt GoodCACRL.crl
-#
-# 4.4 CRtests
-#
-4.4.1   f InvalidMissingCRLTest1EE.crt NoCRLCACert.crt
-4.4.1i  p InvalidMissingCRLTest1EE.crt --missing-revoke NoCRLCACert.crt
-4.4.2   f InvalidRevokedEETest3EE.crt GoodCACert.crt InvalidRevokedCATest2EE.crt GoodCACRL.crl RevokedsubCACRL.crl
-4.4.2i  p InvalidRevokedEETest3EE.crt --missing-revoke GoodCACert.crt InvalidRevokedCATest2EE.crt
-4.4.3   f InvalidRevokedEETest3EE.crt GoodCACert.crt GoodCACRL.crl
-4.4.3i  p InvalidRevokedEETest3EE.crt --missing-revoke GoodCACert.crt
-4.4.4   f InvalidBadCRLSignatureTest4EE.crt BadCRLSignatureCACert.crt BadCRLSignatureCACRL.crl
-4.4.4i  p InvalidBadCRLSignatureTest4EE.crt --missing-revoke BadCRLSignatureCACert.crt
-4.4.5   f InvalidBadCRLIssuerNameTest5EE.crt BadCRLIssuerNameCACert.crt BadCRLIssuerNameCACRL.crl
-4.4.5i  p InvalidBadCRLIssuerNameTest5EE.crt --missing-revoke BadCRLIssuerNameCACert.crt
-4.4.6   f InvalidWrongCRLTest6EE.crt WrongCRLCACert.crt WrongCRLCACRL.crl
-4.4.7   p ValidTwoCRLsTest7EE.crt TwoCRLsCACert.crt TwoCRLsCAGoodCRL.crl TwoCRLsCABadCRL.crl
-4.4.8   f InvalidUnknownCRLEntryExtensionTest8EE.crt UnknownCRLEntryExtensionCACert.crt UnknownCRLEntryExtensionCACRL.crl
-4.4.9   f InvalidUnknownCRLExtensionTest9EE.crt UnknownCRLExtensionCACert.crt UnknownCRLExtensionCACRL.crl
-4.4.10  f InvalidUnknownCRLExtensionTest10EE.crt UnknownCRLExtensionCACert.crt UnknownCRLExtensionCACRL.crl
-4.4.11  f InvalidOldCRLnextUpdateTest11EE.crt OldCRLnextUpdateCACert.crt OldCRLnextUpdateCACRL.crl 
-4.4.12  f Invalidpre2000CRLnextUpdateTest12EE.crt pre2000CRLnextUpdateCACert.crt pre2000CRLnextUpdateCACRL.crl
-#4.4.13-xxx s ValidGeneralizedTimeCRLnextUpdateTest13EE.crt GeneralizedTimeCRLnextUpdateCACert.crt GeneralizedTimeCRLnextUpdateCACRL.crl
-4.4.14  p ValidNegativeSerialNumberTest14EE.crt NegativeSerialNumberCACert.crt NegativeSerialNumberCACRL.crl
-4.4.15  f InvalidNegativeSerialNumberTest15EE.crt NegativeSerialNumberCACert.crt NegativeSerialNumberCACRL.crl
-4.4.16  p ValidLongSerialNumberTest16EE.crt LongSerialNumberCACert.crt LongSerialNumberCACRL.crl
-4.4.17  p ValidLongSerialNumberTest17EE.crt LongSerialNumberCACert.crt LongSerialNumberCACRL.crl
-4.4.18  f InvalidLongSerialNumberTest18EE.crt LongSerialNumberCACert.crt LongSerialNumberCACRL.crl
-#
-#
-# 4.8 Ceificate Policies
-incomplete4.8.2 p AllCertificatesNoPoliciesTest2EE.crt NoPoliciesCACert.crt NoPoliciesCACRL.crl
-incomplete4.8.10 p AllCertificatesSamePoliciesTest10EE.crt PoliciesP12CACert.crt PoliciesP12CACRL.crl
-incomplete4.8.13 p AllCertificatesSamePoliciesTest13EE.crt PoliciesP123CACert.crt PoliciesP123CACRL.crl
-incomplete4.8.11 p AllCertificatesanyPolicyTest11EE.crt anyPolicyCACert.crt anyPolicyCACRL.crl
-unknown p AnyPolicyTest14EE.crt anyPolicyCACert.crt anyPolicyCACRL.crl
-unknown f BadSignedCACert.crt
-unknown f BadnotAfterDateCACert.crt
-unknown f BadnotBeforeDateCACert.crt
-#
-# 4.13 Name Constraints
-#
-4.13.1   p ValidDNnameConstraintsTest1EE.crt nameConstraintsDN1CACert.crt nameConstraintsDN1CACRL.crl
-4.13.2   f InvalidDNnameConstraintsTest2EE.crt nameConstraintsDN1CACert.crt nameConstraintsDN1CACRL.crl
-4.13.3   f InvalidDNnameConstraintsTest3EE.crt nameConstraintsDN1CACert.crt nameConstraintsDN1CACRL.crl
-4.13.4   p ValidDNnameConstraintsTest4EE.crt nameConstraintsDN1CACert.crt nameConstraintsDN1CACRL.crl
-4.13.5   p ValidDNnameConstraintsTest5EE.crt nameConstraintsDN2CACert.crt nameConstraintsDN2CACRL.crl
-4.13.6   p ValidDNnameConstraintsTest6EE.crt nameConstraintsDN3CACert.crt nameConstraintsDN3CACRL.crl
-4.13.7   f InvalidDNnameConstraintsTest7EE.crt nameConstraintsDN3CACert.crt nameConstraintsDN3CACRL.crl
-4.13.8   f InvalidDNnameConstraintsTest8EE.crt nameConstraintsDN4CACert.crt nameConstraintsDN4CACRL.crl
-4.13.9   f InvalidDNnameConstraintsTest9EE.crt nameConstraintsDN4CACert.crt nameConstraintsDN4CACRL.crl
-4.13.10   f InvalidDNnameConstraintsTest10EE.crt nameConstraintsDN5CACert.crt nameConstraintsDN5CACRL.crl
-4.13.11   p ValidDNnameConstraintsTest11EE.crt nameConstraintsDN5CACert.crt nameConstraintsDN5CACRL.crl
-4.13.12   f InvalidDNnameConstraintsTest12EE.crt nameConstraintsDN1subCA1Cert.crt nameConstraintsDN1subCA1CRL.crl nameConstraintsDN1CACert.crt nameConstraintsDN1CACRL.crl
-4.13.13   f InvalidDNnameConstraintsTest13EE.crt nameConstraintsDN1subCA1Cert.crt nameConstraintsDN1subCA1CRL.crl nameConstraintsDN1CACert.crt nameConstraintsDN1CACRL.crl
-4.13.14   p ValidDNnameConstraintsTest14EE.crt nameConstraintsDN1subCA2Cert.crt nameConstraintsDN1subCA2CRL.crl nameConstraintsDN1CACert.crt nameConstraintsDN1CACRL.crl
-4.13.15   f InvalidDNnameConstraintsTest15EE.crt nameConstraintsDN3subCA1Cert.crt nameConstraintsDN3subCA1CRL.crl nameConstraintsDN3CACert.crt nameConstraintsDN3CACRL.crl
-4.13.16   f InvalidDNnameConstraintsTest16EE.crt nameConstraintsDN3subCA1Cert.crt nameConstraintsDN3subCA1CRL.crl nameConstraintsDN3CACert.crt nameConstraintsDN3CACRL.crl
-4.13.17   f InvalidDNnameConstraintsTest17EE.crt nameConstraintsDN3subCA2Cert.crt nameConstraintsDN3subCA2CRL.crl nameConstraintsDN3CACert.crt nameConstraintsDN3CACRL.crl
-4.13.18   p ValidDNnameConstraintsTest18EE.crt nameConstraintsDN3subCA2Cert.crt nameConstraintsDN3subCA2CRL.crl nameConstraintsDN3CACert.crt nameConstraintsDN3CACRL.crl
-#
-# no crl for self issued cert
-#
-#4.13.19   p ValidDNnameConstraintsTest19EE.crt nameConstraintsDN1SelfIssuedCACert.crt nameConstraintsDN1CACert.crt nameConstraintsDN1CACRL.crl
-# ??
-4.13.20   f InvalidDNnameConstraintsTest20EE.crt nameConstraintsDN1CACert.crt nameConstraintsDN1CACRL.crl
-#4.13.21   p ValidRFC822nameConstraintsTest21EE.crt nameConstraintsRFC822CA1Cert.crt nameConstraintsRFC822CA1CRL.crl
-#page 74
-end
diff --git a/crypto/heimdal/lib/hx509/data/nist-data2 b/crypto/heimdal/lib/hx509/data/nist-data2
deleted file mode 100644
index 491beacfb6b6..000000000000
--- a/crypto/heimdal/lib/hx509/data/nist-data2
+++ /dev/null
@@ -1,291 +0,0 @@
-# 4.1.1 Valid Signatures Test1 - Validate Successfully
-0 ValidCertificatePathTest1EE.crt
-# 4.1.2 Invalid CA Signature Test2 - Reject - Invalid signature on intermediate certificate
-1 InvalidCASignatureTest2EE.crt
-# 4.1.3 Invalid EE Signature Test3 - Reject - Invalid signature on end entity certificate
-1 InvalidEESignatureTest3EE.crt
-# 4.1.4 Valid DSA Signatures Test4 - Reject - Application can not process DSA signatures
-1 ValidDSASignaturesTest4EE.crt
-# 4.2.1 Invalid CA notBefore Date Test1 - Reject - notBefore date in intermediate certificate is after the current date
-1 InvalidCAnotBeforeDateTest1EE.crt
-# 4.2.2 Invalid EE notBefore Date Test2 - Reject - notBefore date in end entity certificate is after the current date
-1 InvalidEEnotBeforeDateTest2EE.crt
-# 4.2.3 Valid pre2000 UTC notBefore Date Test3 - Validate Successfully
-0 Validpre2000UTCnotBeforeDateTest3EE.crt
-# 4.2.4 Valid GeneralizedTime notBefore Date Test4 - Validate Successfully
-0 ValidGeneralizedTimenotBeforeDateTest4EE.crt
-# 4.2.5 Invalid CA notAfter Date Test5 - Reject - notAfter date in intermediate certificate is before the current date
-1 InvalidCAnotAfterDateTest5EE.crt
-# 4.2.6 Invalid EE notAfter Date Test6 - Reject - notAfter date in end entity certificate is before the current date
-1 InvalidEEnotAfterDateTest6EE.crt
-# 4.2.7 Invalid pre2000 UTC EE notAfter Date Test7 - Reject - notAfter date in end entity certificate is before the current date
-1 Invalidpre2000UTCEEnotAfterDateTest7EE.crt
-# 4.2.8 Valid GeneralizedTime notAfter Date Test8 - Validate Successfully
-0 ValidGeneralizedTimenotAfterDateTest8EE.crt
-# 4.3.1 Invalid Name Chaining EE Test1 - Reject - names do not chain
-1 InvalidNameChainingTest1EE.crt
-# 4.3.2 Invalid Name Chaining Order Test2 - Reject - names do not chain
-1 InvalidNameChainingOrderTest2EE.crt
-# 4.3.3 Valid Name Chaining Whitespace Test3 - Validate Successfully
-0 ValidNameChainingWhitespaceTest3EE.crt
-# 4.3.4 Valid Name Chaining Whitespace Test4 - Validate Successfully
-0 ValidNameChainingWhitespaceTest4EE.crt
-# 4.3.5 Valid Name Chaining Capitalization Test5 - Validate Successfully
-0 ValidNameChainingCapitalizationTest5EE.crt
-# 4.3.6 Valid Name Chaining UIDs Test6 - Validate Successfully
-0 ValidNameUIDsTest6EE.crt
-# 4.3.9 Valid UTF8String Encoded Names Test9 - Validate Successfully
-0 ValidUTF8StringEncodedNamesTest9EE.crt
-# 4.4.1 Missing CRL Test1 - Reject or Warn - status of end entity certificate can not be determined
-3 InvalidMissingCRLTest1EE.crt
-# 4.4.2 Invalid Revoked CA Test2 - Reject - an intermediate certificate has been revoked.
-2 InvalidRevokedCATest2EE.crt
-# 4.4.3 Invalid Revoked EE Test3 - Reject - the end entity certificate has been revoked
-2 InvalidRevokedEETest3EE.crt
-# 4.4.4. Invalid Bad CRL Signature Test4 - Reject or Warn - status of end entity certificate can not be determined
-3 InvalidBadCRLSignatureTest4EE.crt
-# 4.4.5 Invalid Bad CRL Issuer Name Test5 - Reject or Warn - status of end entity certificate can not be determined
-3 InvalidBadCRLIssuerNameTest5EE.crt
-# 4.4.6 Invalid Wrong CRL Test6 - Reject or Warn - status of end entity certificate can not be determined
-3 InvalidWrongCRLTest6EE.crt
-# 4.4.7 Valid Two CRLs Test7 - Validate Successfully
-0 ValidTwoCRLsTest7EE.crt
-# 4.4.8 Invalid Unknown CRL Entry Extension Test8 - Reject - the end entity certificate has been revoked
-2 InvalidUnknownCRLEntryExtensionTest8EE.crt
-# 4.4.9 Invalid Unknown CRL Extension Test9 - Reject - the end entity certificate has been revoked
-2 InvalidUnknownCRLExtensionTest9EE.crt
-# 4.4.10 Invalid Unknown CRL Extension Test10 - Reject or Warn - status of end entity certificate can not be determined
-3 InvalidUnknownCRLExtensionTest10EE.crt
-# 4.4.11 Invalid Old CRL nextUpdate Test11 - Reject or Warn - status of end entity certificate can not be determined
-3 InvalidOldCRLnextUpdateTest11EE.crt
-# 4.4.12 Invalid pre2000 CRL nextUpdate Tesst12 - Reject or Warn - status of end entity certificate can not be determined
-3 Invalidpre2000CRLnextUpdateTest12EE.crt
-# 4.4.13 Valid GeneralizedTime CRL nextUpdate Test13 - Validate Successfully
-0 ValidGeneralizedTimeCRLnextUpdateTest13EE.crt
-# 4.4.14 Valid Negative Serial Number Test14 - Validate Successfully
-0 ValidNegativeSerialNumberTest14EE.crt
-# 4.4.15 Invalid Negative Serial Number Test15 - Reject - the end entity certificate has been revoked
-2 InvalidNegativeSerialNumberTest15EE.crt
-# 4.4.16 Valid Long Serial Number Test16 - Validate Successfully
-0 ValidLongSerialNumberTest16EE.crt
-# 4.4.17 Valid Long Serial Number Test17 - Validate Successfully
-0 ValidLongSerialNumberTest17EE.crt
-# 4.4.18 Invalid Long Serial Number Test18 - Reject - the end entity certificate has been revoked
-2 InvalidLongSerialNumberTest18EE.crt
-# 4.4.19 Valid Separate Certificate and CRL Keys Test19 - Validate Successfully
-0 ValidSeparateCertificateandCRLKeysTest19EE.crt
-# 4.4.20 Invalid Separate Certificate and CRL Keys Test20 - Reject - the end entity certificate has been revoked
-2 InvalidSeparateCertificateandCRLKeysTest20EE.crt
-# 4.4.21 Invalid Separate Certificate and CRL Keys Test21 - Reject or Warn - status of end entity certificate can not be determined
-3 InvalidSeparateCertificateandCRLKeysTest21EE.crt
-# 4.5.1 Valid Basic Self-Issued Old With New Test1 - Validate Successfully
-0 ValidBasicSelfIssuedOldWithNewTest1EE.crt
-# 4.5.2 Invalid Basic Self-Issued Old With New Test2 - Reject - the end entity certificate has been revoked
-2 InvalidBasicSelfIssuedOldWithNewTest2EE.crt
-# 4.5.3 Valid Basic Self-Issued New With Old Test3 - Validate Successfully
-0 ValidBasicSelfIssuedNewWithOldTest3EE.crt
-# 4.5.4 Valid Basic Self-Issued New With Old Test4 - Validate Successfully
-0 ValidBasicSelfIssuedNewWithOldTest4EE.crt
-# 4.5.5 Invalid Basic Self-Issued New With Old Test5 - Reject - the end entity certificate has been revoked
-2 InvalidBasicSelfIssuedNewWithOldTest5EE.crt
-# 4.5.6 Valid Basic Self-Issued CRL Signing Key Test6 - Validate Successfully
-0 ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt
-# 4.5.7 Invalid Basic Self-Issued CRL Signing Key Test7 - Reject - the end entity certificate has been revoked
-2 InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt
-# 4.5.8 Invalid Basic Self-Issued CRL Signing Key Test8 - Reject - invalid certification path
-1 InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt
-# 4.6.1 Invalid Missing basicConstraints Test1 - Reject - invalid certification path
-1 InvalidMissingbasicConstraintsTest1EE.crt
-# 4.6.2 Invalid cA False Test2 - Reject - invalid certification path
-1 InvalidcAFalseTest2EE.crt
-# 4.6.3 Invalid cA False Test3 - Reject - invalid certification path
-1 InvalidcAFalseTest3EE.crt
-# 4.6.4 Valid basicConstraints Not Critical Test4 - Validate Successfully
-0 ValidbasicConstraintsNotCriticalTest4EE.crt
-# 4.6.5 Invalid pathLenConstraint Test5 - Reject - invalid certification path
-1 InvalidpathLenConstraintTest5EE.crt
-# 4.6.6 Invalid pathLenConstraint Test6 - Reject - invalid certification path
-1 InvalidpathLenConstraintTest6EE.crt
-# 4.6.7 Valid pathLenConstraint Test7 - Validate Successfully
-0 ValidpathLenConstraintTest7EE.crt
-# 4.6.8 Valid pathLenConstraint Test8 - Validate Successfully
-0 ValidpathLenConstraintTest8EE.crt
-# 4.6.9 Invalid pathLenConstraint Test9 - Reject - invalid certification path
-1 InvalidpathLenConstraintTest9EE.crt
-# 4.6.10 Invalid pathLenConstraint Test10 - Reject - invalid certification path
-1 InvalidpathLenConstraintTest10EE.crt
-# 4.6.11 Invalid pathLenConstraint Test11 - Reject - invalid certification path
-1 InvalidpathLenConstraintTest11EE.crt
-# 4.6.12 Invalid pathLenConstraint Test12 - Reject - invalid certification path
-1 InvalidpathLenConstraintTest12EE.crt
-# 4.6.13 Valid pathLenConstraint Test13 - Validate Successfully
-0 ValidpathLenConstraintTest13EE.crt
-# 4.6.14 Valid pathLenConstraint Test14 - Validate Successfully
-0 ValidpathLenConstraintTest14EE.crt
-# 4.6.15 Valid Self-Issued pathLenConstraint Test15 - Validate Successfully
-0 ValidSelfIssuedpathLenConstraintTest15EE.crt
-# 4.6.16 Invalid Self-Issued pathLenConstraint Test16 - Reject - invalid certification path
-1 InvalidSelfIssuedpathLenConstraintTest16EE.crt
-# 4.6.17 Valid Self-Issued pathLenConstraint Test17 - Validate Successfully
-0 ValidSelfIssuedpathLenConstraintTest17EE.crt
-# 4.7.1 Invalid keyUsage Critical keyCertSign False Test1 - Reject - invalid certification path
-1 InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt
-# 4.7.2 Invalid keyUsage Not Critical keyCertSign False Test2 - Reject - invalid certification path
-1 InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt
-# 4.7.3 Valid keyUsage Not Critical Test3 - Validate Successfully
-0 ValidkeyUsageNotCriticalTest3EE.crt
-# 4.7.4 Invalid keyUsage Critical cRLSign False Test4 - Reject - invalid certification path
-1 InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt
-# 4.7.5 Invalid keyUsage Not Critical cRLSign False Test5 - Reject - invalid certification path
-1 InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt
-0 UserNoticeQualifierTest19EE.crt
-# 4.10.1 Valid Policy Mapping Test1, subtest 1 - Reject - unrecognized critical extension [Test using the default settings (i.e., <i>initial-policy-set</i> = <i>any-policy</i>)
-1 InvalidSelfIssuedrequireExplicitPolicyTest8EE.crt
-# 4.11.2 Valid inhibitPolicyMapping Test2 - Reject - unrecognized critical extension
-1 ValidinhibitPolicyMappingTest2EE.crt
-# 4.12.2 Valid inhibitAnyPolicy Test2 - Reject - unrecognized critical extension
-1 ValidinhibitAnyPolicyTest2EE.crt
-# 4.13.1 Valid DN nameConstraints Test1 - Validate Successfully
-0 ValidDNnameConstraintsTest1EE.crt
-# 4.13.2 Invalid DN nameConstraints Test2 - Reject - name constraints violation
-1 InvalidDNnameConstraintsTest2EE.crt
-# 4.13.3 Invalid DN nameConstraints Test3 - Reject - name constraints violation
-1 InvalidDNnameConstraintsTest3EE.crt
-# 4.13.4 Valid DN nameConstraints Test4 - Validate Successfully
-0 ValidDNnameConstraintsTest4EE.crt
-# 4.13.5 Valid DN nameConstraints Test5 - Validate Successfully
-0 ValidDNnameConstraintsTest5EE.crt
-# 4.13.6 Valid DN nameConstraints Test6 - Validate Successfully
-0 ValidDNnameConstraintsTest6EE.crt
-# 4.13.7 Invalid DN nameConstraints Test7 - Reject - name constraints violation
-1 InvalidDNnameConstraintsTest7EE.crt
-# 4.13.8 Invalid DN nameConstraints Test8 - Reject - name constraints violation
-1 InvalidDNnameConstraintsTest8EE.crt
-# 4.13.9 Invalid DN nameConstraints Test9 - Reject - name constraints violation
-1 InvalidDNnameConstraintsTest9EE.crt
-# 4.13.10 Invalid DN nameConstraints Test10 - Reject - name constraints violation
-1 InvalidDNnameConstraintsTest10EE.crt
-# 4.13.11 Valid DN nameConstraints Test11 - Validate Successfully
-0 ValidDNnameConstraintsTest11EE.crt
-# 4.13.12 Invalid DN nameConstraints Test12 - Reject - name constraints violation
-1 InvalidDNnameConstraintsTest12EE.crt
-# 4.13.13 Invalid DN nameConstraints Test13 - Reject - name constraints violation
-1 InvalidDNnameConstraintsTest13EE.crt
-# 4.13.14 Valid DN nameConstraints Test14 - Validate Successfully
-0 ValidDNnameConstraintsTest14EE.crt
-# 4.13.15 Invalid DN nameConstraints Test15 - Reject - name constraints violation
-1 InvalidDNnameConstraintsTest15EE.crt
-# 4.13.16 Invalid DN nameConstraints Test16 - Reject - name constraints violation
-1 InvalidDNnameConstraintsTest16EE.crt
-# 4.13.17 Invalid DN nameConstraints Test17 - Reject - name constraints violation
-1 InvalidDNnameConstraintsTest17EE.crt
-# 4.13.18 Valid DN nameConstraints Test18 - Validate Successfully
-0 ValidDNnameConstraintsTest18EE.crt
-# 4.13.19 Valid Self-Issued DN nameConstraints Test19 - Validate Successfully
-0 ValidDNnameConstraintsTest19EE.crt
-# 4.13.20 Invalid Self-Issued DN nameConstraints Test20 - Reject - name constraints violation
-1 InvalidDNnameConstraintsTest20EE.crt
-# 4.13.21 Valid RFC822 nameConstraints Test21 - Validate Successfully
-0 ValidRFC822nameConstraintsTest21EE.crt
-# 4.13.22 Invalid RFC822 nameConstraints Test22 - Reject - name constraints violation
-1 InvalidRFC822nameConstraintsTest22EE.crt
-# 4.13.23 Valid RFC822 nameConstraints Test23 - Validate Successfully
-0 ValidRFC822nameConstraintsTest23EE.crt
-# 4.13.24 Invalid RFC822 nameConstraints Test24 - Reject - name constraints violation
-1 InvalidRFC822nameConstraintsTest24EE.crt
-# 4.13.25 Valid RFC822 nameConstraints Test25 - Validate Successfully
-0 ValidRFC822nameConstraintsTest25EE.crt
-# 4.13.26 Invalid RFC822 nameConstraints Test26 - Reject - name constraints violation
-1 InvalidRFC822nameConstraintsTest26EE.crt
-# 4.13.27 Valid DN and  RFC822 nameConstraints Test27 - Validate Successfully
-0 ValidDNandRFC822nameConstraintsTest27EE.crt
-# 4.13.28 Invalid DN and  RFC822 nameConstraints Test28 - Reject - name constraints violation
-1 InvalidDNandRFC822nameConstraintsTest28EE.crt
-# 4.13.29 Invalid DN and  RFC822 nameConstraints Test29 - Reject - name constraints violation
-1 InvalidDNandRFC822nameConstraintsTest29EE.crt
-# 4.13.30 Valid DNS nameConstraints Test30 - Validate Successfully
-0 ValidDNSnameConstraintsTest30EE.crt
-# 4.13.31 Invalid DNS nameConstraints Test31 - Reject - name constraints violation
-1 InvalidDNSnameConstraintsTest31EE.crt
-# 4.13.32 Valid DNS nameConstraints Test32 - Validate Successfully
-0 ValidDNSnameConstraintsTest32EE.crt
-# 4.13.33 Invalid DNS nameConstraints Test33 - Reject - name constraints violation
-1 InvalidDNSnameConstraintsTest33EE.crt
-# 4.13.34 Valid URI nameConstraints Test34 - Validate Successfully
-0 ValidURInameConstraintsTest34EE.crt
-# 4.13.35 Invalid URI nameConstraints Test35 - Reject - name constraints violation
-1 InvalidURInameConstraintsTest35EE.crt
-# 4.13.36 Valid URI nameConstraints Test36 - Validate Successfully
-0 ValidURInameConstraintsTest36EE.crt
-# 4.13.37 Invalid URI nameConstraints Test37 - Reject - name constraints violation
-1 InvalidURInameConstraintsTest37EE.crt
-# 4.13.38 Invalid DNS nameConstraints Test38 - Reject - name constraints violation
-1 InvalidDNSnameConstraintsTest38EE.crt
-# 4.14.1 Valid distributionPoint Test1 - Validate Successfully
-0 ValiddistributionPointTest1EE.crt
-# 4.14.2 Invalid distributionPoint Test2 - Reject - end entity certificate has been revoked
-2 InvaliddistributionPointTest2EE.crt
-# 4.14.3 Invalid distributionPoint Test3 - Reject or Warn - status of end entity certificate can not be determined
-3 InvaliddistributionPointTest3EE.crt
-# 4.14.4 Valid distributionPoint Test4 - Validate Successfully
-0 ValiddistributionPointTest4EE.crt
-# 4.14.5 Valid distributionPoint Test5 - Validate Successfully
-0 ValiddistributionPointTest5EE.crt
-# 4.14.6 Invalid distributionPoint Test6 - Reject - end entity certificate has been revoked
-2 InvaliddistributionPointTest6EE.crt
-# 4.14.7 Valid distributionPoint Test7 - Validate Successfully
-0 ValiddistributionPointTest7EE.crt
-# 4.14.8 Invalid distributionPoint Test8 - Reject or Warn - status of end entity certificate can not be determined
-3 InvaliddistributionPointTest8EE.crt
-# 4.14.9 Invalid distributionPoint Test9 - Reject or Warn - status of end entity certificate can not be determined
-3 InvaliddistributionPointTest9EE.crt
-# 4.14.10 Valid No issuingDistributionPoint Test10 - Validate Successfully
-0 ValidNoissuingDistributionPointTest10EE.crt
-# 4.14.11 Invalid onlyContainsUserCerts CRL Test11 - Reject or Warn - status of end entity certificate can not be determined
-3 InvalidonlyContainsUserCertsTest11EE.crt
-# 4.14.12 Invalid onlyContainsCACerts CRL Test12 - Reject or Warn - status of end entity certificate can not be determined
-3 InvalidonlyContainsCACertsTest12EE.crt
-# 4.14.13 Valid onlyContainsCACerts CRL Test13 - Validate Successfully
-0 ValidonlyContainsCACertsTest13EE.crt
-# 4.14.14 Invalid onlyContainsAttributeCerts Test14 - Reject or Warn - status of end entity certificate can not be determined
-3 InvalidonlyContainsAttributeCertsTest14EE.crt
-# 4.14.15 Invalid onlySomeReasons Test15 - Reject - end entity certificate has been revoked
-2 InvalidonlySomeReasonsTest15EE.crt
-# 4.14.16 Invalid onlySomeReasons Test16 - Reject - end entity certificate is on hold
-2 InvalidonlySomeReasonsTest16EE.crt
-# 4.14.17 Invalid onlySomeReasons Test17 - Reject or Warn - status of end entity certificate can not be determined
-3 InvalidonlySomeReasonsTest17EE.crt
-# 4.14.18 Valid onlySomeReasons Test18 - Validate Successfully
-0 ValidonlySomeReasonsTest18EE.crt
-# 4.14.19 Valid onlySomeReasons Test19 - Validate Successfully
-0 ValidonlySomeReasonsTest19EE.crt
-# 4.14.20 Invalid onlySomeReasons Test20 - Reject - end entity certificate has been revoked
-2 InvalidonlySomeReasonsTest20EE.crt
-# 4.14.21 Invalid onlySomeReasons Test21 - Reject - end entity certificate has been revoked
-2 InvalidonlySomeReasonsTest21EE.crt
-# 4.14.24 Valid IDP with indirectCRL Test24 - Reject or Warn - status of end entity certificate can not be determined
-3 ValidIDPwithindirectCRLTest24EE.crt
-# 4.15.1 Invalid deltaCRLIndicator No Base Test1 - Reject or Warn - status of end entity certificate can not be determined
-3 InvaliddeltaCRLIndicatorNoBaseTest1EE.crt
-# 4.15.2 Valid delta-CRL Test2 - Validate Successfully
-0 ValiddeltaCRLTest2EE.crt
-# 4.15.3 Invalid delta-CRL Test3 - Reject - end entity certificate has been revoked
-2 InvaliddeltaCRLTest3EE.crt
-# 4.15.4 Invalid delta-CRL Test4 - Reject - end entity certificate has been revoked
-2 InvaliddeltaCRLTest4EE.crt
-# 4.15.5 Valid delta-CRL Test5 - Validate Successfully
-0 ValiddeltaCRLTest5EE.crt
-# 4.15.6 Invalid delta-CRL Test6 - Reject - end entity certificate has been revoked
-2 InvaliddeltaCRLTest6EE.crt
-# 4.15.7 Valid delta-CRL Test7 - Validate Successfully
-0 ValiddeltaCRLTest7EE.crt
-# 4.15.8 Valid delta-CRL Test8 - Validate Successfully
-0 ValiddeltaCRLTest8EE.crt
-# 4.15.9 Invalid delta-CRL Test9 - Reject - end entity certificate has been revoked
-2 InvaliddeltaCRLTest9EE.crt
-# 4.15.10 Invalid delta-CRL Test10 - Reject or Warn - status of end entity certificate can not be determined
-3 InvaliddeltaCRLTest10EE.crt
-# 4.16.1 Valid Unknown Not Critical Certificate Extension Test1 - Validate Successfully
-0 ValidUnknownNotCriticalCertificateExtensionTest1EE.crt
-# 4.16.2 Invalid Unknown Critical Certificate Extension Test2 - Reject - unrecognized critical extension
-1 InvalidUnknownCriticalCertificateExtensionTest2EE.crt
diff --git a/crypto/heimdal/lib/hx509/data/no-proxy-test.crt b/crypto/heimdal/lib/hx509/data/no-proxy-test.crt
deleted file mode 100644
index d57802e44699..000000000000
--- a/crypto/heimdal/lib/hx509/data/no-proxy-test.crt
+++ /dev/null
@@ -1,13 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICDDCCAXWgAwIBAgIJAI8UaHGQmUvOMA0GCSqGSIb3DQEBBQUAMCExCzAJBgNV
-BAYTAlNFMRIwEAYDVQQDDAlUZXN0IGNlcnQwHhcNMDcxMTE1MDY1ODU5WhcNMTcx
-MTEyMDY1ODU5WjA0MQswCQYDVQQGEwJTRTESMBAGA1UEAwwJVGVzdCBjZXJ0MREw
-DwYDVQQDDAhuby1wcm94eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvF58
-Sgq1QTZwsXyFvMTo2Iit/NLZupuIlJgctZJ51EOaFBmTfqt/PgxQKmgqQhgFW+HT
-8WPdvvfUxjwe4BiIORYoCX8pl/wGFCa70zUC7/5IoMmhb9XBrecOxswRNK8EvGhF
-67z2uDUS4LASuy7ng8HSuAM0PCHYnGmqeYrR6jUCAwEAAaM5MDcwCQYDVR0TBAIw
-ADALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFJ+WD/mqMrbcBts4x0tXv0CflIcZMA0G
-CSqGSIb3DQEBBQUAA4GBAEAODiL2ZL2ZhkklFbHXSg/ZEkUs1Oewpg+bDO6xjute
-hnarKTrWFWiSgQ9yhZMa8klaNCdHjDo0Q5borQeVzp027cemLdnLyxusSuIJRqy+
-mZtNl7533q+oKWydZtvNmXRlGi5HmJV5JAjEXbadqUnlRJ/CdN1WvdwLWfvbW5DL
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/no-proxy-test.key b/crypto/heimdal/lib/hx509/data/no-proxy-test.key
deleted file mode 100644
index 1c4793756678..000000000000
--- a/crypto/heimdal/lib/hx509/data/no-proxy-test.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQC8XnxKCrVBNnCxfIW8xOjYiK380tm6m4iUmBy1knnUQ5oUGZN+
-q38+DFAqaCpCGAVb4dPxY92+99TGPB7gGIg5FigJfymX/AYUJrvTNQLv/kigyaFv
-1cGt5w7GzBE0rwS8aEXrvPa4NRLgsBK7LueDwdK4AzQ8Idicaap5itHqNQIDAQAB
-AoGBAJt0CnR8U8tGp0gCMMhxZIvWeGfOhnr3AodG5WJ/SGWBiLWPyeZel7rYJIxq
-vH0hH8MNIoDy3rxMAN+8G+rqs/elE8zeYv8FCP4jahz+HPKeJIjFm1MBOHZQspq7
-Y4OfoBH+EgqJjBRxuBIeCUqVhyluSsYHQFihurp3a76dHvxBAkEA7c4KjJ6mka9C
-9X+Tp2EKW+h8npEEXbLIvHet9p0pzD5PhE2aVvSEAXEqxdbuFAb4LVApUdd4Quec
-PXa0EOF7UQJBAMrIIV317rGPlmEXqt681KkHo30C2e6SpM6by42r+csTs+6KDZdf
-uDWZKb4o9bLTj+A0LC73ySESv4PlGC+8v6UCQEIRnJy091JCfzf12fAG5fni/byQ
-TcY6hcrW9V4vDA3SwgTgCqFeDc7Ywil1LXAi/5CXVOOIGcF818u7zwthmgECQCm+
-Rvgjr05IA6nbCGavsotVMjeCxcAR2fFaKu3wEAzY8npRWvjlUHNgIzKtFd8JJB4A
-P3Qvt+yiAmCxYWg6T60CQHvGW0M/usmQXEGWMx+KCkm71UKcKCxDEKzZ8mI3jQ3H
-b6Whs1NdsQJwIEXHB2Sb2GmTIlFjXczw7fp/ub3Dx84=
------END RSA PRIVATE KEY-----
diff --git a/crypto/heimdal/lib/hx509/data/ocsp-req1.der b/crypto/heimdal/lib/hx509/data/ocsp-req1.der
deleted file mode 100644
index 869a7dc87d3a..000000000000
--- a/crypto/heimdal/lib/hx509/data/ocsp-req1.der
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/ocsp-req2.der b/crypto/heimdal/lib/hx509/data/ocsp-req2.der
deleted file mode 100644
index c1481e186dbc..000000000000
--- a/crypto/heimdal/lib/hx509/data/ocsp-req2.der
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/ocsp-resp1-2.der b/crypto/heimdal/lib/hx509/data/ocsp-resp1-2.der
deleted file mode 100644
index 98d88e4bf265..000000000000
--- a/crypto/heimdal/lib/hx509/data/ocsp-resp1-2.der
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/ocsp-resp1-3.der b/crypto/heimdal/lib/hx509/data/ocsp-resp1-3.der
deleted file mode 100644
index 4c650162f796..000000000000
--- a/crypto/heimdal/lib/hx509/data/ocsp-resp1-3.der
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/ocsp-resp1-ca.der b/crypto/heimdal/lib/hx509/data/ocsp-resp1-ca.der
deleted file mode 100644
index 245016891513..000000000000
--- a/crypto/heimdal/lib/hx509/data/ocsp-resp1-ca.der
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/ocsp-resp1-keyhash.der b/crypto/heimdal/lib/hx509/data/ocsp-resp1-keyhash.der
deleted file mode 100644
index 19cf6c80cc95..000000000000
--- a/crypto/heimdal/lib/hx509/data/ocsp-resp1-keyhash.der
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/ocsp-resp1-ocsp-no-cert.der b/crypto/heimdal/lib/hx509/data/ocsp-resp1-ocsp-no-cert.der
deleted file mode 100644
index 460b5f7ea157..000000000000
--- a/crypto/heimdal/lib/hx509/data/ocsp-resp1-ocsp-no-cert.der
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/ocsp-resp1-ocsp.der b/crypto/heimdal/lib/hx509/data/ocsp-resp1-ocsp.der
deleted file mode 100644
index 87173ff610a0..000000000000
--- a/crypto/heimdal/lib/hx509/data/ocsp-resp1-ocsp.der
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/ocsp-resp1.der b/crypto/heimdal/lib/hx509/data/ocsp-resp1.der
deleted file mode 100644
index 8546eba86f69..000000000000
--- a/crypto/heimdal/lib/hx509/data/ocsp-resp1.der
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/ocsp-resp2.der b/crypto/heimdal/lib/hx509/data/ocsp-resp2.der
deleted file mode 100644
index 0ba588a80869..000000000000
--- a/crypto/heimdal/lib/hx509/data/ocsp-resp2.der
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/ocsp-responder.crt b/crypto/heimdal/lib/hx509/data/ocsp-responder.crt
deleted file mode 100644
index fb55a8a53939..000000000000
--- a/crypto/heimdal/lib/hx509/data/ocsp-responder.crt
+++ /dev/null
@@ -1,56 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 1 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: CN=hx509 Test Root CA, C=SE
-        Validity
-            Not Before: Nov 15 06:58:56 2007 GMT
-            Not After : Nov 12 06:58:56 2017 GMT
-        Subject: C=SE, CN=OCSP responder
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:d9:10:2f:04:de:99:10:61:02:ff:4e:b5:54:6f:
-                    98:80:70:fb:a1:e0:97:ee:a9:0f:74:47:a9:8c:a5:
-                    86:ff:b8:ea:80:d9:ae:45:07:bd:33:93:e2:f4:f1:
-                    dd:dc:86:6e:9a:6c:b7:67:11:50:ad:9c:b0:0f:68:
-                    5d:4d:74:2a:24:4e:5e:c6:c0:9e:6a:a2:ed:80:31:
-                    d9:ac:79:c7:09:07:1f:9c:c3:12:33:88:72:9d:99:
-                    c5:f4:fd:c6:a1:9f:09:04:e0:7d:b0:ed:1f:91:4c:
-                    8e:de:9b:6d:7d:cb:2e:83:32:0e:32:57:f1:16:07:
-                    ed:69:fc:0e:a8:2a:ad:82:9d
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Key Usage: 
-                Digital Signature, Non Repudiation, Key Encipherment
-            X509v3 Extended Key Usage: 
-                OCSP No Check, OCSP Signing
-            X509v3 Subject Key Identifier: 
-                9C:BE:33:AF:C2:52:C6:F2:46:5F:A8:67:71:02:F1:70:4B:A7:B7:14
-    Signature Algorithm: sha1WithRSAEncryption
-        8b:c5:8e:d6:dc:ba:e3:77:da:66:2b:be:c4:a6:4c:b0:30:6d:
-        fd:26:3d:8d:1d:ad:c5:8c:88:61:86:0a:da:48:e8:39:cf:c5:
-        83:98:e7:f9:ff:92:a7:ba:fe:b4:b4:6c:bb:84:17:fd:e3:71:
-        9e:a7:39:af:d3:08:0b:1f:05:29:cf:ef:e4:3c:82:7e:ee:aa:
-        4a:19:3b:17:e6:e9:2d:b4:f7:4f:e2:f3:6b:04:20:58:42:fa:
-        e2:b6:d4:80:c4:db:22:32:ce:cb:59:23:8b:df:ba:87:bb:bf:
-        4e:ea:b0:1e:7a:73:b4:c9:06:aa:f1:59:cf:d3:28:db:d2:6c:
-        a0:dd
------BEGIN CERTIFICATE-----
-MIICHzCCAYigAwIBAgIBATANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw
-OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA3MTExNTA2NTg1NloXDTE3
-MTExMjA2NTg1NlowJjELMAkGA1UEBhMCU0UxFzAVBgNVBAMMDk9DU1AgcmVzcG9u
-ZGVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZEC8E3pkQYQL/TrVUb5iA
-cPuh4JfuqQ90R6mMpYb/uOqA2a5FB70zk+L08d3chm6abLdnEVCtnLAPaF1NdCok
-Tl7GwJ5qou2AMdmseccJBx+cwxIziHKdmcX0/cahnwkE4H2w7R+RTI7em219yy6D
-Mg4yV/EWB+1p/A6oKq2CnQIDAQABo1kwVzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF
-4DAeBgNVHSUEFzAVBgkrBgEFBQcwAQUGCCsGAQUFBwMJMB0GA1UdDgQWBBScvjOv
-wlLG8kZfqGdxAvFwS6e3FDANBgkqhkiG9w0BAQUFAAOBgQCLxY7W3Lrjd9pmK77E
-pkywMG39Jj2NHa3FjIhhhgraSOg5z8WDmOf5/5Knuv60tGy7hBf943Gepzmv0wgL
-HwUpz+/kPIJ+7qpKGTsX5ukttPdP4vNrBCBYQvrittSAxNsiMs7LWSOL37qHu79O
-6rAeenO0yQaq8VnP0yjb0myg3Q==
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/ocsp-responder.key b/crypto/heimdal/lib/hx509/data/ocsp-responder.key
deleted file mode 100644
index 24369bc1cbf8..000000000000
--- a/crypto/heimdal/lib/hx509/data/ocsp-responder.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDZEC8E3pkQYQL/TrVUb5iAcPuh4JfuqQ90R6mMpYb/uOqA2a5F
-B70zk+L08d3chm6abLdnEVCtnLAPaF1NdCokTl7GwJ5qou2AMdmseccJBx+cwxIz
-iHKdmcX0/cahnwkE4H2w7R+RTI7em219yy6DMg4yV/EWB+1p/A6oKq2CnQIDAQAB
-AoGBALXDXowmVmgnxFnEMAWvmTVc5unL5437VayaYbkb1ysGTqBtKAg4DdBF81QH
-wS/sBmwbw4x0LGnk/m04iIDWWH4ZTH0HHthLxTiIrGHenS01V4Ucq1EjhYNJW/bk
-8FGf91UDknZrEnvPFQxvdSLHVSB+WHgqkX8WXPc7MwoJ7HblAkEA9pmjB8TXxeky
-B8+0G65u3QDWMzmfw12oHgKHnHxKyL/gamHERNPJ0NsFE4BtsSF1LJQYCw189s8m
-GDpa0uW0iwJBAOFWUiJSYYVTSdcmfjI99XUCo9rXEkaJXY0etjK5q+rK21mrkWNQ
-M7fWVZDbQZfbTP1LiUak+qjz64J9/iOogncCQEXUT6Qdi3RRiodHu5qzFFWkrQMo
-aCMsXDTTRo97arnaC7RUJv3OczGfM5rIHUexT7rl3MEUerRxCDqIG7voq+0CQQDE
-806sgvaLsoVqkFFilnbwg5M1lh96GVv0GTDEWzZg7FcWI/faJuJdPu/gwVKuaNX8
-2cWtQkt32mIw1vCGuCT3AkAfubHAXeiBHHE95jLtQ98s4KzOaZtFnQfn14c8nGS0
-2qUv1RHYZEVHYnsOZs3pLyOdxrZOlOSE6gKHCGVHoUKJ
------END RSA PRIVATE KEY-----
diff --git a/crypto/heimdal/lib/hx509/data/openssl.cnf b/crypto/heimdal/lib/hx509/data/openssl.cnf
deleted file mode 100644
index 7fe3b649dbf7..000000000000
--- a/crypto/heimdal/lib/hx509/data/openssl.cnf
+++ /dev/null
@@ -1,182 +0,0 @@
-oid_section             = new_oids
-
-[ new_oids ]
-pkkdcekuoid = 1.3.6.1.5.2.3.5
-
-[ca]
-
-default_ca = user
-
-[usr]
-database	= index.txt
-serial		= serial
-x509_extensions = usr_cert
-default_md=sha1
-policy		= policy_match
-certs		= .
-
-[ocsp]
-database	= index.txt
-serial		= serial
-x509_extensions = ocsp_cert
-default_md=sha1
-policy		= policy_match
-certs		= .
-
-[usr_ke]
-database	= index.txt
-serial		= serial
-x509_extensions = usr_cert_ke
-default_md=sha1
-policy		= policy_match
-certs		= .
-
-[usr_ds]
-database	= index.txt
-serial		= serial
-x509_extensions = usr_cert_ds
-default_md=sha1
-policy		= policy_match
-certs		= .
-
-[pkinit_client]
-database	= index.txt
-serial		= serial
-x509_extensions = pkinit_client_cert
-default_md=sha1
-policy		= policy_match
-certs		= .
-
-[pkinit_kdc]
-database	= index.txt
-serial		= serial
-x509_extensions = pkinit_kdc_cert
-default_md=sha1
-policy		= policy_match
-certs		= .
-
-[https]
-database	= index.txt
-serial		= serial
-x509_extensions = https_cert
-default_md=sha1
-policy		= policy_match
-certs		= .
-
-[subca]
-database	= index.txt
-serial		= serial
-x509_extensions = v3_ca
-default_md=sha1
-policy		= policy_match
-certs		= .
-
-
-[ req ]
-distinguished_name	= req_distinguished_name
-x509_extensions		= v3_ca	# The extentions to add to the self signed cert
-
-string_mask = utf8only
-
-[ v3_ca ]
-
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer:always
-basicConstraints = CA:true
-keyUsage = cRLSign, keyCertSign, keyEncipherment, nonRepudiation, digitalSignature
-
-[ usr_cert ]
-basicConstraints=CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-subjectKeyIdentifier	= hash
-
-[ usr_cert_ke ]
-basicConstraints=CA:FALSE
-keyUsage = nonRepudiation, keyEncipherment
-subjectKeyIdentifier	= hash
-
-[ proxy_cert ]
-basicConstraints=CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-subjectKeyIdentifier	= hash
-proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:0,policy:text:foo
-
-[pkinitc_princ_name] 
-realm = EXP:0, GeneralString:TEST.H5L.SE
-principal_name = EXP:1, SEQUENCE:pkinitc_principal_seq
-
-[ pkinit_client_cert ]
-basicConstraints=CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-subjectKeyIdentifier	= hash
-subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:pkinitc_princ_name
-
-[pkinitc_principal_seq] 
-name_type = EXP:0, INTEGER:1 
-name_string = EXP:1, SEQUENCE:pkinitc_principals
-
-[pkinitc_principals] 
-princ1 = GeneralString:bar
-
-[ https_cert ]
-basicConstraints=CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-#extendedKeyUsage = https-server XXX
-subjectKeyIdentifier	= hash
-
-[ pkinit_kdc_cert ]
-basicConstraints=CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-extendedKeyUsage = pkkdcekuoid
-subjectKeyIdentifier	= hash
-subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:pkinitkdc_princ_name 
-
-[pkinitkdc_princ_name] 
-realm = EXP:0, GeneralString:TEST.H5L.SE
-principal_name = EXP:1, SEQUENCE:pkinitkdc_principal_seq
-
-[pkinitkdc_principal_seq] 
-name_type = EXP:0, INTEGER:1 
-name_string = EXP:1, SEQUENCE:pkinitkdc_principals
-
-[pkinitkdc_principals] 
-princ1 = GeneralString:krbtgt
-princ2 = GeneralString:TEST.H5L.SE
-
-[ proxy10_cert ]
-basicConstraints=CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-subjectKeyIdentifier	= hash
-proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:10,policy:text:foo
-
-[ usr_cert_ds ]
-basicConstraints=CA:FALSE
-keyUsage = nonRepudiation, digitalSignature
-subjectKeyIdentifier	= hash
-
-[ ocsp_cert ]
-basicConstraints=CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-# ocsp-nocheck and kp-OCSPSigning
-extendedKeyUsage	= 1.3.6.1.5.5.7.48.1.5, 1.3.6.1.5.5.7.3.9
-subjectKeyIdentifier	= hash
-
-[ req_distinguished_name ]
-countryName			= Country Name (2 letter code)
-countryName_default		= SE
-countryName_min			= 2
-countryName_max			= 2
-
-organizationalName		= Organizational Unit Name (eg, section)
-
-commonName			= Common Name (eg, YOUR name)
-commonName_max			= 64
-
-#[ req_attributes ]
-#challengePassword              = A challenge password
-#challengePassword_min          = 4
-#challengePassword_max          = 20
-
-[ policy_match ]
-countryName		= match
-commonName		= supplied
diff --git a/crypto/heimdal/lib/hx509/data/pkinit-proxy-chain.crt b/crypto/heimdal/lib/hx509/data/pkinit-proxy-chain.crt
deleted file mode 100644
index 7349a6241762..000000000000
--- a/crypto/heimdal/lib/hx509/data/pkinit-proxy-chain.crt
+++ /dev/null
@@ -1,70 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICMTCCAZqgAwIBAgIJAJWfAgX+rDGvMA0GCSqGSIb3DQEBBQUAMB4xCzAJBgNV
-BAYTAlNFMQ8wDQYDVQQDDAZwa2luaXQwHhcNMDcxMTE1MDY1ODU3WhcNMTcxMTEy
-MDY1ODU3WjA1MQswCQYDVQQGEwJTRTEPMA0GA1UEAwwGcGtpbml0MRUwEwYDVQQD
-DAxwa2luaXQtcHJveHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJk+5riF
-ML9djk75CGm9WUN37N+EKXZvLS1/jLsQbxOWPnfZ/bHPpnI2I4EEavSQUgrlbpLf
-5IZsxlAFtokSROpef1MQ3oyJFom8c1Ut37zEJL13m4pjUZjr8Ky+OUsWNVieRIXU
-eHw2+Ny8a5y3XOygCJWDzaCTcm+nvfTmVsr9AgMBAAGjYDBeMAkGA1UdEwQCMAAw
-CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBQRgztmDHmF1DecOPint9iafFNckDAlBggr
-BgEFBQcBDgEB/wQWMBQCAQAwDwYIKwYBBQUHFQAEA2ZvbzANBgkqhkiG9w0BAQUF
-AAOBgQCYm9bHTRfvEpjnKXQz9t8Uh9L+prU2+BMDClnDHsBE/Pb1vH40rOIT2sV8
-KQnjo+TVlvHXDxUy/HMY5O/5umLbzP4xr6mWwP5B2K5y566WHThz2ltcRgcmbRrn
-eOzN87+Gt1XqrTIlFftvxGX9U0PxyxFTASAOiv0hFvZN5GxYzQ==
------END CERTIFICATE-----
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 6 (0x6)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: CN=hx509 Test Root CA, C=SE
-        Validity
-            Not Before: Nov 15 06:58:57 2007 GMT
-            Not After : Nov 12 06:58:57 2017 GMT
-        Subject: C=SE, CN=pkinit
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:a3:44:b1:8a:42:9d:d0:3f:30:de:e8:66:42:c1:
-                    f1:c9:98:8f:d2:bd:eb:59:67:3d:5e:0e:35:ca:3b:
-                    b8:91:b0:fc:e5:22:3a:2d:62:81:56:bb:51:77:60:
-                    ac:83:43:75:87:ce:f1:f6:bd:ab:f2:07:c5:8d:d5:
-                    b8:56:9e:8e:45:93:bd:c6:ac:5d:20:3e:cb:14:e8:
-                    10:07:b9:5e:07:ac:56:13:48:1b:84:c7:30:62:f4:
-                    e4:19:67:b5:1b:3a:ac:af:0b:92:e2:00:90:2f:81:
-                    75:b6:63:3f:43:a5:e9:76:ee:33:75:74:b2:76:5d:
-                    a5:76:f2:f9:30:68:ec:e8:47
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Key Usage: 
-                Digital Signature, Non Repudiation, Key Encipherment
-            X509v3 Subject Key Identifier: 
-                66:BB:EC:4F:F0:52:7E:D1:F4:F4:F9:CD:E9:B6:C7:C4:FC:2A:2F:4F
-            X509v3 Subject Alternative Name: 
-                othername:<unsupported>
-    Signature Algorithm: sha1WithRSAEncryption
-        1f:bd:87:72:d7:85:93:f9:96:97:6f:25:2f:89:1f:09:64:ff:
-        da:44:92:d0:59:6e:4f:cf:29:d7:5a:78:64:40:1c:3d:a5:80:
-        e9:b9:92:85:44:2e:25:ab:5c:8d:35:4b:5b:47:c6:79:61:cf:
-        b9:75:55:0b:20:6a:ad:ec:f5:0f:47:1e:e7:72:b0:b6:61:0f:
-        d6:84:e3:e4:29:05:4d:d1:7c:7b:a6:7b:6f:b2:af:9a:6b:dd:
-        81:ae:5d:c1:7b:74:11:86:18:2e:38:eb:ed:33:03:f6:05:4b:
-        ec:d7:7d:53:6c:71:01:86:fb:fb:63:dd:5b:cb:10:85:96:f2:
-        43:43
------BEGIN CERTIFICATE-----
-MIICMTCCAZqgAwIBAgIBBjANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw
-OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA3MTExNTA2NTg1N1oXDTE3
-MTExMjA2NTg1N1owHjELMAkGA1UEBhMCU0UxDzANBgNVBAMMBnBraW5pdDCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo0SxikKd0D8w3uhmQsHxyZiP0r3rWWc9
-Xg41yju4kbD85SI6LWKBVrtRd2Csg0N1h87x9r2r8gfFjdW4Vp6ORZO9xqxdID7L
-FOgQB7leB6xWE0gbhMcwYvTkGWe1GzqsrwuS4gCQL4F1tmM/Q6Xpdu4zdXSydl2l
-dvL5MGjs6EcCAwEAAaNzMHEwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYDVR0O
-BBYEFGa77E/wUn7R9PT5zem2x8T8Ki9PMDgGA1UdEQQxMC+gLQYGKwYBBQICoCMw
-IaANGwtURVNULkg1TC5TRaEQMA6gAwIBAaEHMAUbA2JhcjANBgkqhkiG9w0BAQUF
-AAOBgQAfvYdy14WT+ZaXbyUviR8JZP/aRJLQWW5PzynXWnhkQBw9pYDpuZKFRC4l
-q1yNNUtbR8Z5Yc+5dVULIGqt7PUPRx7ncrC2YQ/WhOPkKQVN0Xx7pntvsq+aa92B
-rl3Be3QRhhguOOvtMwP2BUvs131TbHEBhvv7Y91byxCFlvJDQw==
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/pkinit-proxy.crt b/crypto/heimdal/lib/hx509/data/pkinit-proxy.crt
deleted file mode 100644
index 3867a892f871..000000000000
--- a/crypto/heimdal/lib/hx509/data/pkinit-proxy.crt
+++ /dev/null
@@ -1,14 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICMTCCAZqgAwIBAgIJAJWfAgX+rDGvMA0GCSqGSIb3DQEBBQUAMB4xCzAJBgNV
-BAYTAlNFMQ8wDQYDVQQDDAZwa2luaXQwHhcNMDcxMTE1MDY1ODU3WhcNMTcxMTEy
-MDY1ODU3WjA1MQswCQYDVQQGEwJTRTEPMA0GA1UEAwwGcGtpbml0MRUwEwYDVQQD
-DAxwa2luaXQtcHJveHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJk+5riF
-ML9djk75CGm9WUN37N+EKXZvLS1/jLsQbxOWPnfZ/bHPpnI2I4EEavSQUgrlbpLf
-5IZsxlAFtokSROpef1MQ3oyJFom8c1Ut37zEJL13m4pjUZjr8Ky+OUsWNVieRIXU
-eHw2+Ny8a5y3XOygCJWDzaCTcm+nvfTmVsr9AgMBAAGjYDBeMAkGA1UdEwQCMAAw
-CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBQRgztmDHmF1DecOPint9iafFNckDAlBggr
-BgEFBQcBDgEB/wQWMBQCAQAwDwYIKwYBBQUHFQAEA2ZvbzANBgkqhkiG9w0BAQUF
-AAOBgQCYm9bHTRfvEpjnKXQz9t8Uh9L+prU2+BMDClnDHsBE/Pb1vH40rOIT2sV8
-KQnjo+TVlvHXDxUy/HMY5O/5umLbzP4xr6mWwP5B2K5y566WHThz2ltcRgcmbRrn
-eOzN87+Gt1XqrTIlFftvxGX9U0PxyxFTASAOiv0hFvZN5GxYzQ==
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/pkinit-proxy.key b/crypto/heimdal/lib/hx509/data/pkinit-proxy.key
deleted file mode 100644
index d04b0091e777..000000000000
--- a/crypto/heimdal/lib/hx509/data/pkinit-proxy.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCZPua4hTC/XY5O+QhpvVlDd+zfhCl2by0tf4y7EG8Tlj532f2x
-z6ZyNiOBBGr0kFIK5W6S3+SGbMZQBbaJEkTqXn9TEN6MiRaJvHNVLd+8xCS9d5uK
-Y1GY6/CsvjlLFjVYnkSF1Hh8NvjcvGuct1zsoAiVg82gk3Jvp7305lbK/QIDAQAB
-AoGAKH4TbuxariYlZT6ud2o9/PLiV0lPv2ivEleiswcrooxPo1GplGNfAszFYuDs
-9gRweUqYhhy9ALwbRqfLzLpUFQUBzQ1cZlO23m48GsCPL4XJxlzE9+w/wLWWaqsK
-syFax5T//iokYVa07AvFZxWpEUixewirJrhNyUafdKk8W8ECQQDKpH/pvljO6e9J
-jC65aTYPzMXAUp54DMWu1+FXUyELxGp+GjAwwhESpSLEaAnZH97H6ZtTiJku3Z0n
-pMsrH7WtAkEAwZi2sV8I/MjFPpti/zf6OHEJo89/SgTYIHmL6pE3tuNWhw/9Dorc
-N45cMGAiGep2HQdfZFGD0OekzLGeGBj0kQJAPFdNi5HVqg945IKsqyNMKNpGDGXN
-sFvFRbIc9L7ZOULMny43KV2wbcfkmW2NeS0HTqoeSXqEerMdB+AHa5jupQJADALP
-gt2kjxpdsm6ti6wLaCkLMhCTkyINzqX72ke8LyqXmbWSO669zuyUJ6QvOXBkd5SX
-hH/SL8nPXau/ZTtXIQJBAICcJBlgxhrUn5C12wwuQw/BZi6qK9KdVcWTapnhE7eQ
-Z6k/Pbi53/aI2g1EXq7G3RrQvAhV43AW5foJWqijDdA=
------END RSA PRIVATE KEY-----
diff --git a/crypto/heimdal/lib/hx509/data/pkinit-pw.key b/crypto/heimdal/lib/hx509/data/pkinit-pw.key
deleted file mode 100644
index 563ccf112094..000000000000
--- a/crypto/heimdal/lib/hx509/data/pkinit-pw.key
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-256-CBC,1698161265C4033B32CEB819B5D78953
-
-vQnkfeICkS2/gIEv1zrJ+WaUOeRvKfUUFM6uH4/xm5Abp4DqGlkCvwb4u9dZuRUj
-arlvgRc0e0CoBuQ/3gmBDlmQp+4ByiypERku8MAxsUV6LEmv2f1YfhecQSntDoJH
-fNOXna8caCy4W1xhmsYgWYSVS98QkNXdLjBjLJ4/MrwzdR2SMqAzyg6eNwhWAMe1
-aUh/M9JYB04sfRUtqD67oeyBfHVhDd9kByXuRYWyNE0SW5wlmVehhnEb/YHREKHr
-yOa3eRGtA4MHi7NXww4NBzOG10N9Ajq55ouMKnejFroCpevC332ijBzjTI+fo4SX
-hegNDXzAIqRueGZlmBzHjkTzA8tEPM1dsbviJ5BYO3iZgWE8J1rIBx51HOZmlREC
-3EWflJPhd666BnBepODMBXldkmfcfxhZxuoOrrXer+NZCsXE0z0DOLsNARR/7JvW
-Ie81eQijvkur1QJO63SwT0kNm5IMJZr2Ul0QLysvjY2G/nV0bzHb8KsWqNoUPNvJ
-lBUGQ2yvpeVRNR9CMm39U/CcnkLOl+z2oLUC86TdodaY6FEBmIBaakZ1rHkANWK4
-HMcN0FgdGbcRLg5PHji84g4tT+SOZa1hWEC4PC7lmRxAZP+o8Pe0tpiJzIbLPTRb
-3rvnEEG3IawMIGcoUGcgIUPvHH93EMpDrflVYdXmvapzST3U8xBDzpkXZRof7APG
-qAFsEB4psQEDG6KmOJ245aVWN0SBjHTLlIhUTx+m7OYl34MDoyv6Yk12i9PpKQN5
-W++QayfkJzQpV4EsR08UO615+XYCzMhCU3eozH+P39RF58rYnMLv9owjx1wL0z5R
------END RSA PRIVATE KEY-----
diff --git a/crypto/heimdal/lib/hx509/data/pkinit.crt b/crypto/heimdal/lib/hx509/data/pkinit.crt
deleted file mode 100644
index e8d485e616d5..000000000000
--- a/crypto/heimdal/lib/hx509/data/pkinit.crt
+++ /dev/null
@@ -1,56 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 6 (0x6)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: CN=hx509 Test Root CA, C=SE
-        Validity
-            Not Before: Nov 15 06:58:57 2007 GMT
-            Not After : Nov 12 06:58:57 2017 GMT
-        Subject: C=SE, CN=pkinit
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:a3:44:b1:8a:42:9d:d0:3f:30:de:e8:66:42:c1:
-                    f1:c9:98:8f:d2:bd:eb:59:67:3d:5e:0e:35:ca:3b:
-                    b8:91:b0:fc:e5:22:3a:2d:62:81:56:bb:51:77:60:
-                    ac:83:43:75:87:ce:f1:f6:bd:ab:f2:07:c5:8d:d5:
-                    b8:56:9e:8e:45:93:bd:c6:ac:5d:20:3e:cb:14:e8:
-                    10:07:b9:5e:07:ac:56:13:48:1b:84:c7:30:62:f4:
-                    e4:19:67:b5:1b:3a:ac:af:0b:92:e2:00:90:2f:81:
-                    75:b6:63:3f:43:a5:e9:76:ee:33:75:74:b2:76:5d:
-                    a5:76:f2:f9:30:68:ec:e8:47
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Key Usage: 
-                Digital Signature, Non Repudiation, Key Encipherment
-            X509v3 Subject Key Identifier: 
-                66:BB:EC:4F:F0:52:7E:D1:F4:F4:F9:CD:E9:B6:C7:C4:FC:2A:2F:4F
-            X509v3 Subject Alternative Name: 
-                othername:<unsupported>
-    Signature Algorithm: sha1WithRSAEncryption
-        1f:bd:87:72:d7:85:93:f9:96:97:6f:25:2f:89:1f:09:64:ff:
-        da:44:92:d0:59:6e:4f:cf:29:d7:5a:78:64:40:1c:3d:a5:80:
-        e9:b9:92:85:44:2e:25:ab:5c:8d:35:4b:5b:47:c6:79:61:cf:
-        b9:75:55:0b:20:6a:ad:ec:f5:0f:47:1e:e7:72:b0:b6:61:0f:
-        d6:84:e3:e4:29:05:4d:d1:7c:7b:a6:7b:6f:b2:af:9a:6b:dd:
-        81:ae:5d:c1:7b:74:11:86:18:2e:38:eb:ed:33:03:f6:05:4b:
-        ec:d7:7d:53:6c:71:01:86:fb:fb:63:dd:5b:cb:10:85:96:f2:
-        43:43
------BEGIN CERTIFICATE-----
-MIICMTCCAZqgAwIBAgIBBjANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw
-OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA3MTExNTA2NTg1N1oXDTE3
-MTExMjA2NTg1N1owHjELMAkGA1UEBhMCU0UxDzANBgNVBAMMBnBraW5pdDCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo0SxikKd0D8w3uhmQsHxyZiP0r3rWWc9
-Xg41yju4kbD85SI6LWKBVrtRd2Csg0N1h87x9r2r8gfFjdW4Vp6ORZO9xqxdID7L
-FOgQB7leB6xWE0gbhMcwYvTkGWe1GzqsrwuS4gCQL4F1tmM/Q6Xpdu4zdXSydl2l
-dvL5MGjs6EcCAwEAAaNzMHEwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYDVR0O
-BBYEFGa77E/wUn7R9PT5zem2x8T8Ki9PMDgGA1UdEQQxMC+gLQYGKwYBBQICoCMw
-IaANGwtURVNULkg1TC5TRaEQMA6gAwIBAaEHMAUbA2JhcjANBgkqhkiG9w0BAQUF
-AAOBgQAfvYdy14WT+ZaXbyUviR8JZP/aRJLQWW5PzynXWnhkQBw9pYDpuZKFRC4l
-q1yNNUtbR8Z5Yc+5dVULIGqt7PUPRx7ncrC2YQ/WhOPkKQVN0Xx7pntvsq+aa92B
-rl3Be3QRhhguOOvtMwP2BUvs131TbHEBhvv7Y91byxCFlvJDQw==
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/pkinit.key b/crypto/heimdal/lib/hx509/data/pkinit.key
deleted file mode 100644
index 12b41689a2dd..000000000000
--- a/crypto/heimdal/lib/hx509/data/pkinit.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCjRLGKQp3QPzDe6GZCwfHJmI/SvetZZz1eDjXKO7iRsPzlIjot
-YoFWu1F3YKyDQ3WHzvH2vavyB8WN1bhWno5Fk73GrF0gPssU6BAHuV4HrFYTSBuE
-xzBi9OQZZ7UbOqyvC5LiAJAvgXW2Yz9Dpel27jN1dLJ2XaV28vkwaOzoRwIDAQAB
-AoGAQTAxTwnwJvDEG4xhIDB90MdITZWk/YpaF07HLVsRA6LOJtK2td5J1A5wpaCE
-4NgzeikntSPgHn/54fq+Yl9mYEAM1Uv6SimudiKe3Qk0M+bS4m/SMMlmV0eFjEh6
-ZG4NNRZmmzoaQbUiVa27fZ6362xtFGbGXJ8BjxOoTeaRn6kCQQDUwJafoKPN2dsq
-ewSCjGQhVGezw12ho2eaxj7VyNWU7V4LW2LdLClbXovSnpQ7bgHEopx1e97G2du7
-1ak3BxejAkEAxHUCpbFSbBBoIdnt+VGS/8hCWl8/6YniOFOk9Qp22moaNVVZYyTT
-Xpu45FeDKfm/xDwvPP9If0PDoM38tBvHDQJBAMTcmAOI/0lhRv1d62RpR9XXZkXe
-huskap+6xTXIqmkt4xGbNDX3wST8rWDsv7jmJ9itpxzGy/Mwb7S1FekHNQUCQDDw
-jTZFlCjDdY1pQrUnMx1w/8aPj9ZXuPkbLS616qHCaMD8gAYIuHcLB+YqPsyIINN7
-wrDJT4AUm3lFlzwu50kCQELkMFUM6rb9q/cOUQxsf023nPbObm3xJ0X4FtVhXuGi
-oUAOklX1xDLSqvWySOrTXfvfF4c3qCw9DAoDtKpbCgk=
------END RSA PRIVATE KEY-----
diff --git a/crypto/heimdal/lib/hx509/data/proxy-level-test.crt b/crypto/heimdal/lib/hx509/data/proxy-level-test.crt
deleted file mode 100644
index 0cab380563d9..000000000000
--- a/crypto/heimdal/lib/hx509/data/proxy-level-test.crt
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICUDCCAbmgAwIBAgIJAKfbLM8p28MgMA0GCSqGSIb3DQEBBQUAMDExCzAJBgNV
-BAYTAlNFMRIwEAYDVQQDDAlUZXN0IGNlcnQxDjAMBgNVBAMMBXByb3h5MB4XDTA3
-MTExNTA2NTg1OVoXDTE3MTExMjA2NTg1OVowQTELMAkGA1UEBhMCU0UxEjAQBgNV
-BAMMCVRlc3QgY2VydDEOMAwGA1UEAwwFcHJveHkxDjAMBgNVBAMMBWNoaWxkMIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0hrvRoael03J8Y5gvtDMq0ZGm5ZZM
-OGOhTtMnNlCpA/OKEpwMPIxiWr625wFwD7YUupvUZ7qLodf5yTN1wkbpVD2NbAUa
-klBRKHZm+UCJ8L6X4MgahNy+Y1uj6m14a50B9GtCi+RspP7p9pNKx9hnA8+dRs6Q
-9oZgim2zMwvVBQIDAQABo2AwXjAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAdBgNV
-HQ4EFgQUQGqZ5v4NSB5Iwo17DynPRufgbF0wJQYIKwYBBQUHAQ4BAf8EFjAUAgEA
-MA8GCCsGAQUFBxUABANmb28wDQYJKoZIhvcNAQEFBQADgYEAxQjN9RrCdZHhGAyS
-y3/1EAyWIvmz8wKW0q4kSfNV7DAcUCKmQQ45oCEVnyTEbP8ltdIaHyIK1ujxKQC1
-QLDzjHkBBQGBrCH+gyIdpT9OZu2gT8f2j4u01YwbjLTcU2yEXVkkH18SZiawq2DF
-ETkEd/u6TKzhpwFPuZPKUeFexPA=
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/proxy-level-test.key b/crypto/heimdal/lib/hx509/data/proxy-level-test.key
deleted file mode 100644
index c697b1b64992..000000000000
--- a/crypto/heimdal/lib/hx509/data/proxy-level-test.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQC0hrvRoael03J8Y5gvtDMq0ZGm5ZZMOGOhTtMnNlCpA/OKEpwM
-PIxiWr625wFwD7YUupvUZ7qLodf5yTN1wkbpVD2NbAUaklBRKHZm+UCJ8L6X4Mga
-hNy+Y1uj6m14a50B9GtCi+RspP7p9pNKx9hnA8+dRs6Q9oZgim2zMwvVBQIDAQAB
-AoGBAI7cPM/1ZK1W+rezPSErMn7FH8V61Ij26ukhbvoOAqDuLpFqjrEkTVgcReaK
-QtoCpO4ciur5N2f+qOLUNXQQTXpMN+nRxkKxLMhG99Hej+vmzPjMdimEtTJiRfKF
-KU4rKUOCPdmu9fMe/kniOKbDmq1FFP+SqCU4hRiZZv0GMdDhAkEA8I6Du8UvTZ8I
-04o05s/BlMiErASTZgq27UM6rWl2FNy5Av2suayBW7xJczdGEtbT982KwQmk0Mg9
-Hj5pWi5MDQJBAMAdorBVTMD4iFvfRhN6aSD3PzG/fsEexRuxvx2iBrrMZQ+6mS26
-8myNHPMASAiwt5H2T7Y/dNMB64iod5gFVtkCQDMJ+ddQKg4tDQFdFIZYVDlOJiAd
-RGzlHxTOK9f5RU19219QFWK7wCKHm4nvk1WR8R1lpef5NNf7dERDd7Tjl80CQAx6
-oFO15rtuKWVWVnXzcJq8lLVFjBU9S25mGFTzbl554mKoK0UGLLMSY3wBW6x81h+8
-ESd0bcE7EbKZxtLwHdkCQQDYB5HxhlPZdquY+yg7vqxUF9Lf6+smlVv3PjfhXztg
-2aV717UGinyqZgcn2J+ADWocRI3JnOhU0lswsGc+oVXp
------END RSA PRIVATE KEY-----
diff --git a/crypto/heimdal/lib/hx509/data/proxy-test.crt b/crypto/heimdal/lib/hx509/data/proxy-test.crt
deleted file mode 100644
index d0d3135a58e0..000000000000
--- a/crypto/heimdal/lib/hx509/data/proxy-test.crt
+++ /dev/null
@@ -1,14 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICMDCCAZmgAwIBAgIJAI8UaHGQmUvNMA0GCSqGSIb3DQEBBQUAMCExCzAJBgNV
-BAYTAlNFMRIwEAYDVQQDDAlUZXN0IGNlcnQwHhcNMDcxMTE1MDY1ODU5WhcNMTcx
-MTEyMDY1ODU5WjAxMQswCQYDVQQGEwJTRTESMBAGA1UEAwwJVGVzdCBjZXJ0MQ4w
-DAYDVQQDDAVwcm94eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzeKelgMO
-dEHFmfEANkv6k+HkOduzT2It++ma7Kg+6+eOWpBqWcY3AOEbSE2UJM6H+StDhNNS
-cldPd3LoZayywckvgD3/NZjB9drsxF9GGClHew+fKjiekjNR3aUuAjysJYfr9AYd
-E6AFft2qKphuPKlEjPDeOZ4RpjvQOgFRB28CAwEAAaNgMF4wCQYDVR0TBAIwADAL
-BgNVHQ8EBAMCBeAwHQYDVR0OBBYEFOGuL3xdInqdArsxly/BbLmYbzDTMCUGCCsG
-AQUFBwEOAQH/BBYwFAIBADAPBggrBgEFBQcVAAQDZm9vMA0GCSqGSIb3DQEBBQUA
-A4GBADOZurVQ/lXeLADFOZbTmbRt0Nv3aPHniG1yovlSDEuNjMczeRMMIsef+jpJ
-4Z0rt65i3qpX3uXZdCgGtIbusIlM7fBLCRI5vJ27jqs2PnCvodWO05e/aL3XxRwr
-42wDWTioZuGm8Sz4hpHv74Fz/7PgvZPMFSo15ujdOTWMXj08
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/proxy-test.key b/crypto/heimdal/lib/hx509/data/proxy-test.key
deleted file mode 100644
index 93b609b75164..000000000000
--- a/crypto/heimdal/lib/hx509/data/proxy-test.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDN4p6WAw50QcWZ8QA2S/qT4eQ527NPYi376ZrsqD7r545akGpZ
-xjcA4RtITZQkzof5K0OE01JyV093cuhlrLLByS+APf81mMH12uzEX0YYKUd7D58q
-OJ6SM1HdpS4CPKwlh+v0Bh0ToAV+3aoqmG48qUSM8N45nhGmO9A6AVEHbwIDAQAB
-AoGAaAv+2RDyXQ5gLkv9L3N2TwX5sMO2+odDdeu4v6DHK7D54ArbtELXyTn577BF
-DdTSIroahSXGpMI7BsKrb7a3Hw+lnbEsag0a71yMM+E/zN9e0BgZwb7ZpeezVG2O
-kaXCuVPQlmDys8UH001FWP/XxqhLfCjy25ynaXi990k0AwECQQDwI64IquGE0OCO
-bI15Z+qLM5aRQgkNPokU7bZ1oSp9Ctx0pI9IzN6DcXe1QcXBDUJrZ0medNmNjqkG
-KPkiAieDAkEA23vDr6+iiSTOIUAGj+NDY9ydk48j8oWYUeQPL8Y7hJrckJrqqfNL
-MGZUKnF/RFPRbfS543xiqlXs4j3C61cwpQJAS9DH+l6Q8tDLhMvK4sCnMSmpaNTz
-bKYIu33NdFfcxTuvnHfz8OUVf2RMigJo/+lCxgwHFysHIIUg4hv/g/gwJwJBAIfx
-UHMwxetL8KCHl4jnqoXfz3nl3s4IESAnsYBVt+eaQ6MNUOuS1a9UsizXv4wCnmUM
-f1Z3ZGU8c0xuFJzPlEECQAs9UM+v0WxhUY8iVltgaLxGP282Mg+p+pIoqXbn8Mt7
-gOomlisP+s0Hh+c+YFPIAaAeH6j7n4AxydI0Z9fKIZA=
------END RSA PRIVATE KEY-----
diff --git a/crypto/heimdal/lib/hx509/data/proxy10-child-child-test.crt b/crypto/heimdal/lib/hx509/data/proxy10-child-child-test.crt
deleted file mode 100644
index 95abe018b128..000000000000
--- a/crypto/heimdal/lib/hx509/data/proxy10-child-child-test.crt
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICdDCCAd2gAwIBAgIJAN27BSQHOOO6MA0GCSqGSIb3DQEBBQUAMEMxCzAJBgNV
-BAYTAlNFMRIwEAYDVQQDDAlUZXN0IGNlcnQxEDAOBgNVBAMMB3Byb3h5MTAxDjAM
-BgNVBAMMBWNoaWxkMB4XDTA3MTExNTA2NTkwMFoXDTE3MTExMjA2NTkwMFowUzEL
-MAkGA1UEBhMCU0UxEjAQBgNVBAMMCVRlc3QgY2VydDEQMA4GA1UEAwwHcHJveHkx
-MDEOMAwGA1UEAwwFY2hpbGQxDjAMBgNVBAMMBWNoaWxkMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQCw3LymYPXq7FKF1yumUvZTEbyMNszUYmoaMXgfnOgu8TWR
-Dwek7ome68yHYYkc4fj1jG2ugdQ+/LgpJ10c+lHa1MeE7QHbJu6tNhRcCgxnAtlV
-JljkmB24Ne/UjQwVVT73rUrvaigby8Ai0ujDtPJDqfUQvh8lwEFFWuafq9Ms1wID
-AQABo2AwXjAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQUNBaggvaD
-C/Amnb2M8g60WKxwGn0wJQYIKwYBBQUHAQ4BAf8EFjAUAgEKMA8GCCsGAQUFBxUA
-BANmb28wDQYJKoZIhvcNAQEFBQADgYEAmT5WYZ6FM6ceyyxTKiusYLDPJ04D7dVk
-VVMnu1q9dATMje/RKrncT0+KNEMdLWLpZgeHj4E2bi1507l3/zOUwOPpdI9MrvpY
-Or6ssQ3sZAZI60ruZ91ml6cYt+rbE1F2J+y1CM0rW/wnAIT1v2vP2Wd7PrEm8RsM
-QGbyuzcrAL4=
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/proxy10-child-child-test.key b/crypto/heimdal/lib/hx509/data/proxy10-child-child-test.key
deleted file mode 100644
index 247f61653637..000000000000
--- a/crypto/heimdal/lib/hx509/data/proxy10-child-child-test.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQCw3LymYPXq7FKF1yumUvZTEbyMNszUYmoaMXgfnOgu8TWRDwek
-7ome68yHYYkc4fj1jG2ugdQ+/LgpJ10c+lHa1MeE7QHbJu6tNhRcCgxnAtlVJljk
-mB24Ne/UjQwVVT73rUrvaigby8Ai0ujDtPJDqfUQvh8lwEFFWuafq9Ms1wIDAQAB
-AoGAHRo1cKtDzARXD+74H8ZHAiRJAkmCKvCGxQie25TWH+NRDS2L9HfL7XqfjSdf
-iIEmlkElSzHR2wt6wkrX54zJKxMNayc88UfInQ03a4XwFzAksTf05zpdGPbkKohi
-eeQcf3Raq+Swe4pTEwyEU8mDidM/rKJst+zMiE4UMeVGTQECQQDZPFrVTyJwGBcS
-sxJly0zXmZ8tvvsxIuplwAvbfCWbhEEgeO3LAKjcpb5HVOLfTe8+2ZO00ALidVCH
-N6/ae+iLAkEA0GwPxjlbKnL1VcpKdsegntACxlHD0TonvIEINKv9PiKzHIhQo8xJ
-Rt/2aBRAOJn+zB3FJxfQ+o6vEUwvBfEKZQJBANHMLTlG9M5nJZlkogb3YZ3y+j0W
-7cdVniRoZcsySau4/aDbyWO9nleCJpMDUxwwSzdasAD2x2JnxD7itA4AjuMCQQCP
-a+0m8M0lVtowYPYA6rpCzs05/4YKckRp2Tj2Vev8WBB87+jd7nP2S6PaVyUiTgYi
-G9JRZnguEwWxl4U8R3RpAkA5QpGHFhXNI2xA0ZKYH1tgmYfLBAAiVrIDKJddtOf/
-rKceL88RXsjnA6PTN9AdpnJ4sTToR3HDeEwAQrNHMC2M
------END RSA PRIVATE KEY-----
diff --git a/crypto/heimdal/lib/hx509/data/proxy10-child-test.crt b/crypto/heimdal/lib/hx509/data/proxy10-child-test.crt
deleted file mode 100644
index c45074102e17..000000000000
--- a/crypto/heimdal/lib/hx509/data/proxy10-child-test.crt
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICVDCCAb2gAwIBAgIJAITDCg/e+gWyMA0GCSqGSIb3DQEBBQUAMDMxCzAJBgNV
-BAYTAlNFMRIwEAYDVQQDDAlUZXN0IGNlcnQxEDAOBgNVBAMMB3Byb3h5MTAwHhcN
-MDcxMTE1MDY1OTAwWhcNMTcxMTEyMDY1OTAwWjBDMQswCQYDVQQGEwJTRTESMBAG
-A1UEAwwJVGVzdCBjZXJ0MRAwDgYDVQQDDAdwcm94eTEwMQ4wDAYDVQQDDAVjaGls
-ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAroEn/MX0t84+NLivDSbN0y5r
-ZRxaiTDYkmvbdvJuBryCCLkzUT+/eh3pEK52BODXZWD4oiEMJLubH/pz+/6eAb4T
-ReAWft/wMFaOSZ37a7iLWr8vFaRfBjQREpEm0rCp7dPvWYrraRIIjMRJzAUwygXN
-KSS4f5VZkMwNfT9wwE8CAwEAAaNgMF4wCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAw
-HQYDVR0OBBYEFJrcQRDczQ1P+84ND71GVT99a/2mMCUGCCsGAQUFBwEOAQH/BBYw
-FAIBCjAPBggrBgEFBQcVAAQDZm9vMA0GCSqGSIb3DQEBBQUAA4GBALIbzPSyUE5Q
-4TWAUfATVsADj131V1Xe+HHgwXebWbnNCJIe3OyWoFqK3X5ATKzi6MzHzA+UngFK
-KGl8m8Ogx9dYQKzP2LIw0GuvpMyc3azb/cvbWv3vmM55UEdBlqxSTFynqLdpJqtn
-9dXq2wCNdUtbGEOpaRVOiZ0wjvpTB4wA
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/proxy10-child-test.key b/crypto/heimdal/lib/hx509/data/proxy10-child-test.key
deleted file mode 100644
index 70cea5d344ae..000000000000
--- a/crypto/heimdal/lib/hx509/data/proxy10-child-test.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCugSf8xfS3zj40uK8NJs3TLmtlHFqJMNiSa9t28m4GvIIIuTNR
-P796HekQrnYE4NdlYPiiIQwku5sf+nP7/p4BvhNF4BZ+3/AwVo5JnftruItavy8V
-pF8GNBESkSbSsKnt0+9ZiutpEgiMxEnMBTDKBc0pJLh/lVmQzA19P3DATwIDAQAB
-AoGAaYkc+Odzd9IYluP2ojqMkiJpuu2p53yODgeC4+38EsDg14vB+GpYT+9U68zG
-/W5JdjtuQwc/g9ueFnnuuUEkpyMIKDdAl00ZJQU5Vvz+ooZdxp/iYm3axkV2Gc2l
-mbulzUxgpomflDd/B3RXO1jY4ZttpVHTNUvjm7DtypiqsAkCQQDgIIRBtSipM3F6
-GYKgnmsjK+19YxUdMbHS6fyfg0TDIrSrBi5EqyjgA4MzxfzimvfKCiV6SSqFnU3G
-MIWDLh2dAkEAx1IaAAi+DmED08rarKRU2Ma7KRQWlxjXTp6c9OrbzuCJrqZgscxJ
-vBjmHzbXCKumRZwqWgzM5mRxPVX6npyn2wJBALrWQIqqI3hRuzJnG78b8QJD91nE
-hHBu4eeKSZ8MBgGJ6AR+RYnXCV8dbn11eifJufECXlW/sqPqC1DBWDuP8P0CQFxg
-utglNSCo6gMw0ySMjR5jDL8/JjElPDSd4pTIfNNm0aj2R35f9hSNXao92m+UTl2Y
-wTA3Gof1KV6KCLuWU10CQCeGYU3SFAy5QLVqR0B0u19wWyS8ZMl06DjOslmu7Zp+
-x1GxxFu1MNFvcKwmFeeYcNU1t9X0tC7EhUIaLQk2kqM=
------END RSA PRIVATE KEY-----
diff --git a/crypto/heimdal/lib/hx509/data/proxy10-test.crt b/crypto/heimdal/lib/hx509/data/proxy10-test.crt
deleted file mode 100644
index 331c3ea33aa6..000000000000
--- a/crypto/heimdal/lib/hx509/data/proxy10-test.crt
+++ /dev/null
@@ -1,14 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICMjCCAZugAwIBAgIJAI8UaHGQmUvPMA0GCSqGSIb3DQEBBQUAMCExCzAJBgNV
-BAYTAlNFMRIwEAYDVQQDDAlUZXN0IGNlcnQwHhcNMDcxMTE1MDY1OTAwWhcNMTcx
-MTEyMDY1OTAwWjAzMQswCQYDVQQGEwJTRTESMBAGA1UEAwwJVGVzdCBjZXJ0MRAw
-DgYDVQQDDAdwcm94eTEwMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDTeTGh
-PIY39c75rcek77oZeDKnvO9zmsU2nlPnKpNsQ/QYEa610EeaRhB36lLhIS3aEtoG
-LKgHeDF+jxasog3GNWZ7/EF5x5VwIbXo659ZbDwnT8c8ZJADEe1kfMuFgKd49l4y
-PNCqN4LX2DdAh2HIb7x1iw7Fnu7s0Xnipgq0twIDAQABo2AwXjAJBgNVHRMEAjAA
-MAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQUe24gc/gLyB6DW4gELVL3axuZTbkwJQYI
-KwYBBQUHAQ4BAf8EFjAUAgEKMA8GCCsGAQUFBxUABANmb28wDQYJKoZIhvcNAQEF
-BQADgYEABlvvmLwl6ZjaLdTGmxDD2eHN4/IbjYj1Vta2zQOKKA/W4qrkhmSNpy0x
-+v9tqf2fumNSpspqF+g814pXbqSMuObHEE1IeUmiGwVPC7AMWVXd2skMdkjEqhLM
-8qvDrPt+c5rGnnqM9AqrT/xDgXm7XnPLSFcrX/q8xVKVztskgEU=
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/proxy10-test.key b/crypto/heimdal/lib/hx509/data/proxy10-test.key
deleted file mode 100644
index 3bc0b4582f1d..000000000000
--- a/crypto/heimdal/lib/hx509/data/proxy10-test.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXwIBAAKBgQDTeTGhPIY39c75rcek77oZeDKnvO9zmsU2nlPnKpNsQ/QYEa61
-0EeaRhB36lLhIS3aEtoGLKgHeDF+jxasog3GNWZ7/EF5x5VwIbXo659ZbDwnT8c8
-ZJADEe1kfMuFgKd49l4yPNCqN4LX2DdAh2HIb7x1iw7Fnu7s0Xnipgq0twIDAQAB
-AoGBANDEIiSklXQFLFD8J81CBBxEtu007cbYkbx7zSS2uVb2NrDUM/+1IBrC9FsN
-bshlctiIJ8hUqYTGOUZRh/bg/GpVOgTRAgaMBEBOYXra7r7TVcUUxpC8CzX9hevl
-H42T6Ez6+Ednfg0RX6rZTiFeCNV3ADkguO07mlgSppiQJmlxAkEA/ICw/Ar/GtJH
-/EK8jrbxzakNzFxtHUtVNwSALsiWZUfJWJgf7jDsl0XB8w/HhVDrdwfc+Aiexxc9
-SPJKKqdpswJBANZnBfxEucE1SWu9elvPNWIMYBXinfMvfnkSt81KH3AfObiUj93d
-LCii1sF/x2aDeKJseFiUycy9xQXhQMF5vu0CQQCPECs24tQfUj1PBFDpW2YtbDdR
-Lpz0GBa0EWy/FQ+BWucNt0OAJWAnZXK6UJpvQqXmzyG3tsqfat9iUUUMXcZZAkEA
-vc+PePrPCMHIMl4ZCVa0iA00s6tg8n7FlSKBHnnUw0qhq0u64kyAX6lqPvyE57jU
-/9bP5Hw0+9G1r7LvxVmnMQJBAMdphUdEYRlIZ0GTnIETDzjm3lge06cXzLvXFIps
-nCANLV4OXJZVaTUrnDINLJVHu5d+Mx1pTw6GOF+v0+LjbF4=
------END RSA PRIVATE KEY-----
diff --git a/crypto/heimdal/lib/hx509/data/revoke.crt b/crypto/heimdal/lib/hx509/data/revoke.crt
deleted file mode 100644
index 0adcc2d1b4f7..000000000000
--- a/crypto/heimdal/lib/hx509/data/revoke.crt
+++ /dev/null
@@ -1,53 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 3 (0x3)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: CN=hx509 Test Root CA, C=SE
-        Validity
-            Not Before: Nov 15 06:58:56 2007 GMT
-            Not After : Nov 12 06:58:56 2017 GMT
-        Subject: C=SE, CN=Revoke cert
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:b3:24:de:14:fc:b6:80:e2:34:59:81:1f:ec:cb:
-                    00:21:75:e5:34:88:09:5e:5e:8e:f8:91:6b:ab:09:
-                    34:f8:6c:69:14:00:c5:47:f2:d7:de:a0:32:00:02:
-                    63:79:3c:14:1a:a9:4d:d1:1d:c0:fc:a7:50:72:26:
-                    96:53:d1:9f:a9:5f:f4:82:4d:4b:17:3b:fe:14:60:
-                    42:94:22:93:3e:c5:14:97:c8:a3:6a:8e:bd:90:03:
-                    22:12:9e:41:ca:a5:de:4f:57:f4:bf:f1:9e:f8:63:
-                    4f:c0:9e:c8:3c:e1:8b:89:60:3a:2b:5c:a7:b7:6e:
-                    a0:48:34:49:58:61:a0:34:6d
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Key Usage: 
-                Digital Signature, Non Repudiation, Key Encipherment
-            X509v3 Subject Key Identifier: 
-                F3:E2:96:20:28:53:21:92:67:A8:5C:B5:2C:7E:87:CF:7A:07:3D:84
-    Signature Algorithm: sha1WithRSAEncryption
-        90:39:f3:a6:fe:92:b9:92:4c:75:58:b2:51:36:11:07:f5:a2:
-        71:dc:90:d7:2b:b5:bc:37:c8:30:4f:a4:6b:41:11:63:3e:53:
-        42:ae:6f:59:7d:f8:b0:59:01:2f:50:4f:2d:21:7e:6a:58:bd:
-        74:f1:69:c5:62:3d:8f:fa:1a:c8:7e:a4:30:dc:01:8b:c9:f8:
-        77:44:5c:d3:a4:ab:9a:50:cc:45:d0:65:00:5c:fe:d3:b5:a3:
-        7a:f1:b1:5c:25:0f:06:16:5f:cf:e2:5d:0b:87:c0:fe:14:b8:
-        0a:10:17:55:34:15:4d:44:6b:60:80:6e:af:7b:81:30:47:5c:
-        f3:fe
------BEGIN CERTIFICATE-----
-MIIB/DCCAWWgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw
-OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA3MTExNTA2NTg1NloXDTE3
-MTExMjA2NTg1NlowIzELMAkGA1UEBhMCU0UxFDASBgNVBAMMC1Jldm9rZSBjZXJ0
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzJN4U/LaA4jRZgR/sywAhdeU0
-iAleXo74kWurCTT4bGkUAMVH8tfeoDIAAmN5PBQaqU3RHcD8p1ByJpZT0Z+pX/SC
-TUsXO/4UYEKUIpM+xRSXyKNqjr2QAyISnkHKpd5PV/S/8Z74Y0/Ansg84YuJYDor
-XKe3bqBINElYYaA0bQIDAQABozkwNzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAd
-BgNVHQ4EFgQU8+KWIChTIZJnqFy1LH6Hz3oHPYQwDQYJKoZIhvcNAQEFBQADgYEA
-kDnzpv6SuZJMdViyUTYRB/WicdyQ1yu1vDfIME+ka0ERYz5TQq5vWX34sFkBL1BP
-LSF+ali9dPFpxWI9j/oayH6kMNwBi8n4d0Rc06SrmlDMRdBlAFz+07WjevGxXCUP
-BhZfz+JdC4fA/hS4ChAXVTQVTURrYIBur3uBMEdc8/4=
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/revoke.key b/crypto/heimdal/lib/hx509/data/revoke.key
deleted file mode 100644
index a4c68aed196a..000000000000
--- a/crypto/heimdal/lib/hx509/data/revoke.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQCzJN4U/LaA4jRZgR/sywAhdeU0iAleXo74kWurCTT4bGkUAMVH
-8tfeoDIAAmN5PBQaqU3RHcD8p1ByJpZT0Z+pX/SCTUsXO/4UYEKUIpM+xRSXyKNq
-jr2QAyISnkHKpd5PV/S/8Z74Y0/Ansg84YuJYDorXKe3bqBINElYYaA0bQIDAQAB
-AoGAIDHl/5uTKQJ+Kf+8vw+UjG7lrFUuadlQlHd+BBT5ghPppoCk89M+3HGpyrqj
-KeyUKF5477YLMtzW5kztA09PBBJvMjSm92dI2uCYfipkIWZZUlq64AStI15pgeVd
-cH61hxOUCm47tqhtkaO11DnKkoJBXaAVIe2ySG2sIZQH+gECQQDjhMdCWkaO+HUe
-utqKJCq6pUkwSelgLEINDVoRVgJ+qUHb0nN06DmPfcfxwqfgP/vS6baKkGIBCiZJ
-n9Kfd23BAkEAyZHXY5iGSq9qc2ern0CcyitNozvtm6eEZYVvJxVMsVBQRo23EmGF
-68SJlHjpY+nHyPWEkbG99R/CMdr3FV9JrQJBAOG/hoKk1mvXxUYXeu4kkq0dgXBD
-diex4lvXCq423ETXJny55UtzfGGPGUwdq7rLYc/VjAUS29tSOclFppQJyUECQQDA
-J7P5UhHTaN5GHfJR4rqVUCq3Dg45cLyaO1X3ICr4bePZHogDkcylMbsmOw3jHZ5D
-SSqT6al44Em0VVVunmQRAkBUAQzHGGJnMKI9ZSdD3J6scWCVIjHVgaehYe9a8DlK
-DeZ4KYGG0+1aUdkqeYE8c6Qqp+pdjPmRMdooww6y+Xk1
------END RSA PRIVATE KEY-----
diff --git a/crypto/heimdal/lib/hx509/data/sf-class2-root.pem b/crypto/heimdal/lib/hx509/data/sf-class2-root.pem
deleted file mode 100644
index d552e65dddb9..000000000000
--- a/crypto/heimdal/lib/hx509/data/sf-class2-root.pem
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
-MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
-U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
-NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
-ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
-ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
-DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
-8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
-+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
-X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
-K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
-1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
-A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
-zt0fhvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
-YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
-bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
-DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
-L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
-eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
-xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
-VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
-WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5Q=
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/static-file b/crypto/heimdal/lib/hx509/data/static-file
deleted file mode 100644
index 2216857ccca5..000000000000
--- a/crypto/heimdal/lib/hx509/data/static-file
+++ /dev/null
@@ -1,84 +0,0 @@
-This is a static file don't change the content, it is used in the test
-
-#!/bin/sh
-#
-# Copyright (c) 2005 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-#
-
-srcdir="@srcdir@"
-
-echo "try printing"
-./hxtool print \
-	--pass=PASS:foobar \
-	PKCS12:$srcdir/data/test.p12 || exit 1
-
-echo "make sure entry is found (friendlyname)"
-./hxtool query \
-	--pass=PASS:foobar \
-	--friendlyname=friendlyname-test  \
-	PKCS12:$srcdir/data/test.p12 || exit 1
-
-echo "make sure entry is not found  (friendlyname)"
-./hxtool query \
-	--pass=PASS:foobar \
-	--friendlyname=friendlyname-test-not  \
-	PKCS12:$srcdir/data/test.p12 && exit 1
-
-echo "check for ca cert (friendlyname)"
-./hxtool query \
-	--pass=PASS:foobar \
-	--friendlyname=ca  \
-	PKCS12:$srcdir/data/test.p12 || exit 1
-
-echo "make sure entry is not found (friendlyname)"
-./hxtool query \
-	--pass=PASS:foobar \
-	--friendlyname=friendlyname-test \
-	PKCS12:$srcdir/data/sub-cert.p12 && exit 1
-
-echo "make sure entry is found (friendlyname|private key)"
-./hxtool query \
-	--pass=PASS:foobar \
-	--friendlyname=friendlyname-test  \
-	--private-key \
-	PKCS12:$srcdir/data/test.p12 || exit 1
-
-echo "make sure entry is not found (friendlyname|private key)"
-./hxtool query \
-	--pass=PASS:foobar \
-	--friendlyname=ca  \
-	--private-key \
-	PKCS12:$srcdir/data/test.p12 && exit 1
-
-exit 0
-
diff --git a/crypto/heimdal/lib/hx509/data/sub-ca.crt b/crypto/heimdal/lib/hx509/data/sub-ca.crt
deleted file mode 100644
index 6cb485ab1883..000000000000
--- a/crypto/heimdal/lib/hx509/data/sub-ca.crt
+++ /dev/null
@@ -1,60 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 9 (0x9)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: CN=hx509 Test Root CA, C=SE
-        Validity
-            Not Before: Nov 15 06:58:59 2007 GMT
-            Not After : Nov 12 06:58:59 2017 GMT
-        Subject: C=SE, CN=Sub CA
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:f3:ab:db:06:fa:f9:a1:84:35:a6:fb:a4:a9:39:
-                    5f:54:10:a2:a4:3f:1a:ae:2c:7e:bd:dd:aa:63:4a:
-                    7a:62:99:07:25:af:eb:62:b4:20:93:67:46:59:b4:
-                    30:85:81:24:41:9d:49:97:fb:a3:ce:74:61:f7:ff:
-                    d5:9e:b1:9b:d3:5a:8b:59:51:76:99:69:2a:73:02:
-                    e9:2d:39:3f:21:b8:2f:f1:af:91:1f:f1:c3:e3:4d:
-                    c0:e4:87:95:df:e7:d2:e7:27:a6:cd:c4:cf:97:e6:
-                    b8:24:31:d1:66:d3:af:f8:06:8b:9c:81:bf:66:54:
-                    53:08:0a:ee:15:71:b2:a5:a5
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                36:04:CF:AD:8B:30:E2:5D:C0:43:8C:09:0B:4D:50:7B:1F:39:41:17
-            X509v3 Authority Key Identifier: 
-                keyid:8C:E7:0D:B5:C5:DE:69:85:75:2C:08:A1:DE:53:15:30:9C:A1:E8:00
-                DirName:/CN=hx509 Test Root CA/C=SE
-                serial:B7:94:5E:85:B2:19:80:58
-
-            X509v3 Basic Constraints: 
-                CA:TRUE
-            X509v3 Key Usage: 
-                Digital Signature, Non Repudiation, Key Encipherment, Certificate Sign, CRL Sign
-    Signature Algorithm: sha1WithRSAEncryption
-        5b:f9:bb:2c:d2:d6:4d:bb:20:b1:05:fc:67:45:de:9c:5e:83:
-        35:24:9a:f6:33:bc:3d:ca:27:dc:be:3c:cb:c6:d7:c5:b4:d3:
-        9e:c4:c2:60:4d:dc:21:2c:f4:88:ec:dd:41:37:58:63:45:d6:
-        9b:32:7d:f8:e0:d1:41:0f:f3:30:20:7d:15:af:49:15:2b:cb:
-        db:fe:90:6e:db:84:fa:92:a3:ac:83:25:5a:ab:49:7a:1e:2b:
-        dc:c9:74:7b:9f:2b:62:a9:6f:ef:b9:89:72:4b:ea:02:5a:27:
-        93:b7:9d:fd:e2:a3:73:04:52:d0:98:5a:a3:23:f5:02:56:b6:
-        c6:8f
------BEGIN CERTIFICATE-----
-MIICWDCCAcGgAwIBAgIBCTANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw
-OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA3MTExNTA2NTg1OVoXDTE3
-MTExMjA2NTg1OVowHjELMAkGA1UEBhMCU0UxDzANBgNVBAMMBlN1YiBDQTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA86vbBvr5oYQ1pvukqTlfVBCipD8arix+
-vd2qY0p6YpkHJa/rYrQgk2dGWbQwhYEkQZ1Jl/ujznRh9//VnrGb01qLWVF2mWkq
-cwLpLTk/Ibgv8a+RH/HD403A5IeV3+fS5yemzcTPl+a4JDHRZtOv+AaLnIG/ZlRT
-CAruFXGypaUCAwEAAaOBmTCBljAdBgNVHQ4EFgQUNgTPrYsw4l3AQ4wJC01Qex85
-QRcwWgYDVR0jBFMwUYAUjOcNtcXeaYV1LAih3lMVMJyh6AChLqQsMCoxGzAZBgNV
-BAMMEmh4NTA5IFRlc3QgUm9vdCBDQTELMAkGA1UEBhMCU0WCCQC3lF6FshmAWDAM
-BgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB5jANBgkqhkiG9w0BAQUFAAOBgQBb+bss
-0tZNuyCxBfxnRd6cXoM1JJr2M7w9yifcvjzLxtfFtNOexMJgTdwhLPSI7N1BN1hj
-RdabMn344NFBD/MwIH0Vr0kVK8vb/pBu24T6kqOsgyVaq0l6HivcyXR7nytiqW/v
-uYlyS+oCWieTt5394qNzBFLQmFqjI/UCVrbGjw==
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/sub-ca.key b/crypto/heimdal/lib/hx509/data/sub-ca.key
deleted file mode 100644
index 070d21d00afd..000000000000
--- a/crypto/heimdal/lib/hx509/data/sub-ca.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDzq9sG+vmhhDWm+6SpOV9UEKKkPxquLH693apjSnpimQclr+ti
-tCCTZ0ZZtDCFgSRBnUmX+6POdGH3/9WesZvTWotZUXaZaSpzAuktOT8huC/xr5Ef
-8cPjTcDkh5Xf59LnJ6bNxM+X5rgkMdFm06/4Boucgb9mVFMICu4VcbKlpQIDAQAB
-AoGBAIoiQmgSnrERYdjnjtDf1Uqyo4C4xUc3siGwJ4diET8TwRl8QNQTiOQHB7qS
-i28jZopLwAyIerPvBhqwzUjJJqvu1z+5/MjwBJ/aonmJjJ9e3nqk/KE658xGg5E8
-V64DYRif0YboZEYJo5yzU9UEdEPI4zTyhFlR21TmOZkidnwBAkEA/IIRCcGs/FNR
-q9tEW8ARK1DEeerXhoV9Xye9xYb5UNyH4f6J31NdkvYOMA4F0+0lKecaKmPtKsu7
-gQrFZYwt/QJBAPcKgUVOJox/s/o1PXRGjifl1haehcawWNLtN/UnFZcUKslyMkxh
-qyCJJ0SuX7quQqy+++hFj/DwNdECaFRd0skCQBocdRiWL4Y0M3jbBrmaJexdwMN+
-tmTRvwItAOHBMFzdQSvsf2NZoo6E5Tiw6odcuYAYxsrlZGwNf0k7zOfQVB0CQQDy
-GWdqZhY9JoFYuYhKRULXMtTGQgBUIUpLG5L1O6Ja9rafyLwmQqkUL5U+J61FI7XP
-2TLCBDn2I1J6TGO2GmSRAkAIFsFpkrq4q+lbJ3Vr3UpfhRJsTVOD5SgZx1umn63l
-jEz5/r4HCg/Q0/yiPiYaTHutfnsChg3/AfbmWcA6j4NU
------END RSA PRIVATE KEY-----
diff --git a/crypto/heimdal/lib/hx509/data/sub-cert.crt b/crypto/heimdal/lib/hx509/data/sub-cert.crt
deleted file mode 100644
index fe23a373a1f0..000000000000
--- a/crypto/heimdal/lib/hx509/data/sub-cert.crt
+++ /dev/null
@@ -1,53 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 10 (0xa)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=SE, CN=Sub CA
-        Validity
-            Not Before: Nov 15 06:58:59 2007 GMT
-            Not After : Nov 12 06:58:59 2017 GMT
-        Subject: C=SE, CN=Test sub cert
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:da:41:57:e1:62:23:1b:bf:ac:1c:a9:06:c8:98:
-                    77:38:dc:33:a3:03:c0:02:6d:d8:6d:68:95:b1:ea:
-                    60:c0:c2:96:23:34:91:fb:32:44:44:cd:72:40:5b:
-                    a3:cf:57:94:3c:8d:a9:30:11:73:61:15:17:10:a6:
-                    17:7d:9d:27:f0:58:23:ee:a4:83:3c:b1:0f:20:0c:
-                    a4:3d:01:ef:de:93:cb:b5:02:c1:1e:b4:54:35:6a:
-                    8f:55:7b:5d:76:0a:f9:6d:b1:31:25:4c:fb:e2:d6:
-                    6e:94:e9:8a:c4:cc:4e:28:6b:bd:4c:80:85:2c:87:
-                    eb:31:88:6d:27:2a:d3:df:1f
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Key Usage: 
-                Digital Signature, Non Repudiation, Key Encipherment
-            X509v3 Subject Key Identifier: 
-                D3:5F:89:9B:31:E6:2A:E0:C6:64:27:9F:A4:E5:42:8C:70:99:96:25
-    Signature Algorithm: sha1WithRSAEncryption
-        34:f9:9f:c5:6f:44:55:6a:15:8f:51:ab:c1:44:18:0e:eb:9a:
-        d0:c4:64:ce:ab:24:2b:77:82:f3:88:e3:9e:1f:9c:8d:28:a6:
-        be:3d:d5:3e:5e:95:01:c8:b9:d4:e2:b5:17:06:1d:10:0b:a5:
-        64:29:d9:45:b0:fd:16:ec:5d:3c:3f:58:55:25:90:d0:e4:4f:
-        3f:9f:9c:5f:d5:1e:0c:73:a5:1a:7c:71:10:b5:a3:d5:fb:0f:
-        d3:de:fc:9a:06:bc:0b:8c:72:eb:bc:fc:d1:47:87:68:44:25:
-        25:ab:51:e9:af:d8:9e:1b:04:f2:1c:4f:4c:27:a0:87:11:4a:
-        69:67
------BEGIN CERTIFICATE-----
-MIIB8jCCAVugAwIBAgIBCjANBgkqhkiG9w0BAQUFADAeMQswCQYDVQQGEwJTRTEP
-MA0GA1UEAwwGU3ViIENBMB4XDTA3MTExNTA2NTg1OVoXDTE3MTExMjA2NTg1OVow
-JTELMAkGA1UEBhMCU0UxFjAUBgNVBAMMDVRlc3Qgc3ViIGNlcnQwgZ8wDQYJKoZI
-hvcNAQEBBQADgY0AMIGJAoGBANpBV+FiIxu/rBypBsiYdzjcM6MDwAJt2G1olbHq
-YMDCliM0kfsyRETNckBbo89XlDyNqTARc2EVFxCmF32dJ/BYI+6kgzyxDyAMpD0B
-796Ty7UCwR60VDVqj1V7XXYK+W2xMSVM++LWbpTpisTMTihrvUyAhSyH6zGIbScq
-098fAgMBAAGjOTA3MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTT
-X4mbMeYq4MZkJ5+k5UKMcJmWJTANBgkqhkiG9w0BAQUFAAOBgQA0+Z/Fb0RVahWP
-UavBRBgO65rQxGTOqyQrd4LziOOeH5yNKKa+PdU+XpUByLnU4rUXBh0QC6VkKdlF
-sP0W7F08P1hVJZDQ5E8/n5xf1R4Mc6UafHEQtaPV+w/T3vyaBrwLjHLrvPzRR4do
-RCUlq1Hpr9ieGwTyHE9MJ6CHEUppZw==
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/sub-cert.key b/crypto/heimdal/lib/hx509/data/sub-cert.key
deleted file mode 100644
index b9faa56eb2e9..000000000000
--- a/crypto/heimdal/lib/hx509/data/sub-cert.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDaQVfhYiMbv6wcqQbImHc43DOjA8ACbdhtaJWx6mDAwpYjNJH7
-MkREzXJAW6PPV5Q8jakwEXNhFRcQphd9nSfwWCPupIM8sQ8gDKQ9Ae/ek8u1AsEe
-tFQ1ao9Ve112CvltsTElTPvi1m6U6YrEzE4oa71MgIUsh+sxiG0nKtPfHwIDAQAB
-AoGBAMPvk4h4BNK9gTL9n2RoU+fM7+Jx1GeZ24llMbZWlmOWjRiv8joTx2wJEH+s
-hWP32NF/z5qin/VQ7LL6mO4hLx8RbPysfZH2PGwGLBsL6yFKrpVLEb6Gze7bfaNC
-Zxqz2zBaUup5IN5IoQbYmhYgo7h+uca2FKZMtWZlvxsNb22hAkEA/QCwdBhlf7w9
-BUWezxxm5o/laKhvP7RYem43eJNKj1tenB1MnbjM6R3Ckp0ykbKQIEL3mjTEUR+/
-31yfSjKRrwJBANzXRXmowoaKFrjkRFjfKrSk6cIa5/32U4Shy3/1LRoHv1qcsyEv
-0Acn5aE8vdiYK4J/OqiS87KFYH6WISCEFZECQQDg4xH1wBHIfvwGiaHmGyrkWpfi
-dYWdrKLRANNR3Cr0TpVEU07dC30o4YkoZY6jr4MpCh2o9qpiKcSVuHDmtRiFAkBE
-AsvznqRhuK8su6fM0tWdElinHZAqpyyrYQSB4KjGJnKo3i9QXiArw/60/DbfOGXV
-54bSGYeRh//inCuRjvvxAkBv9rarlopkpj29aAM4e4gs5W4ssl0uOjnSBiSH+Zn/
-j/oYrQgvpITFLCdF48D44GWtupw5zCLiJAREySaNma4Z
------END RSA PRIVATE KEY-----
diff --git a/crypto/heimdal/lib/hx509/data/sub-cert.p12 b/crypto/heimdal/lib/hx509/data/sub-cert.p12
deleted file mode 100644
index 90def937974e..000000000000
--- a/crypto/heimdal/lib/hx509/data/sub-cert.p12
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/test-ds-only.crt b/crypto/heimdal/lib/hx509/data/test-ds-only.crt
deleted file mode 100644
index 78559c662e31..000000000000
--- a/crypto/heimdal/lib/hx509/data/test-ds-only.crt
+++ /dev/null
@@ -1,53 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 5 (0x5)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: CN=hx509 Test Root CA, C=SE
-        Validity
-            Not Before: Nov 15 06:58:57 2007 GMT
-            Not After : Nov 12 06:58:57 2017 GMT
-        Subject: C=SE, CN=Test cert DigitalSignature
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:c7:40:d0:87:47:81:b2:4e:4b:36:7c:c9:8d:9d:
-                    eb:dc:65:13:20:dc:72:0f:bf:5e:44:36:aa:18:fc:
-                    09:54:8c:1a:4e:15:5a:c5:c3:0c:95:f7:55:1c:b0:
-                    93:d2:80:92:eb:7e:67:b4:2e:9c:0c:fd:65:6a:9c:
-                    d6:35:d2:c2:62:3f:a2:6c:90:9e:a6:5a:59:33:e1:
-                    3a:13:9a:9d:9a:7e:2b:a2:44:96:41:87:b3:e2:b8:
-                    62:1b:88:46:08:39:c5:7a:90:83:42:22:c9:73:9f:
-                    41:51:1d:40:34:0f:94:0e:2a:ee:27:76:6d:6d:44:
-                    d2:e7:90:ad:9c:da:f8:7f:87
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Key Usage: 
-                Digital Signature, Non Repudiation
-            X509v3 Subject Key Identifier: 
-                B9:41:3E:C9:AB:F2:37:75:F1:F8:C7:86:BB:54:78:76:15:16:D9:BB
-    Signature Algorithm: sha1WithRSAEncryption
-        72:fc:ea:ad:ec:08:be:45:34:5e:d0:1b:d0:0d:fc:2f:70:89:
-        8e:58:fb:15:ce:7b:78:8f:db:e9:97:cc:89:10:e6:10:f5:22:
-        f9:e9:c6:0d:4e:f9:35:c6:e2:5f:ab:28:47:e3:d6:94:d0:80:
-        db:44:4a:a9:8b:86:8b:c6:09:7b:d5:eb:07:ef:92:5a:ac:9a:
-        a7:04:c5:e2:c5:3f:01:d0:c1:92:c1:14:90:50:bd:0f:38:09:
-        0e:c5:9f:96:bd:42:8b:87:ac:b1:62:ca:bc:79:1d:fc:23:06:
-        55:b3:55:f2:b8:49:67:8e:d7:63:1f:52:aa:b9:19:e0:1f:18:
-        11:ac
------BEGIN CERTIFICATE-----
-MIICCzCCAXSgAwIBAgIBBTANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw
-OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA3MTExNTA2NTg1N1oXDTE3
-MTExMjA2NTg1N1owMjELMAkGA1UEBhMCU0UxIzAhBgNVBAMMGlRlc3QgY2VydCBE
-aWdpdGFsU2lnbmF0dXJlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHQNCH
-R4GyTks2fMmNnevcZRMg3HIPv15ENqoY/AlUjBpOFVrFwwyV91UcsJPSgJLrfme0
-LpwM/WVqnNY10sJiP6JskJ6mWlkz4ToTmp2afiuiRJZBh7PiuGIbiEYIOcV6kINC
-Islzn0FRHUA0D5QOKu4ndm1tRNLnkK2c2vh/hwIDAQABozkwNzAJBgNVHRMEAjAA
-MAsGA1UdDwQEAwIGwDAdBgNVHQ4EFgQUuUE+yavyN3Xx+MeGu1R4dhUW2bswDQYJ
-KoZIhvcNAQEFBQADgYEAcvzqrewIvkU0XtAb0A38L3CJjlj7Fc57eI/b6ZfMiRDm
-EPUi+enGDU75NcbiX6soR+PWlNCA20RKqYuGi8YJe9XrB++SWqyapwTF4sU/AdDB
-ksEUkFC9DzgJDsWflr1Ci4essWLKvHkd/CMGVbNV8rhJZ47XYx9SqrkZ4B8YEaw=
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/test-ds-only.key b/crypto/heimdal/lib/hx509/data/test-ds-only.key
deleted file mode 100644
index 1233c34b1b26..000000000000
--- a/crypto/heimdal/lib/hx509/data/test-ds-only.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDHQNCHR4GyTks2fMmNnevcZRMg3HIPv15ENqoY/AlUjBpOFVrF
-wwyV91UcsJPSgJLrfme0LpwM/WVqnNY10sJiP6JskJ6mWlkz4ToTmp2afiuiRJZB
-h7PiuGIbiEYIOcV6kINCIslzn0FRHUA0D5QOKu4ndm1tRNLnkK2c2vh/hwIDAQAB
-AoGAPa3Ln0S8WjSwRaKlRahP/b5wCGkVCdjkVltRlkBWpwxjjC5CFhvFxpp0h1gF
-ulDAqhNMCNOwzLiX70Ozb5/ZOcK6eIYolFDf8ldc5fSJMTIZF2V6CzICNNKFGWpI
-z5QFhfQDqru6ZaWtPuK4sJIcmBx1nMTu4z9rNjvnGqJV/ckCQQDm8HfOI6f5Dlgg
-QI9My7uDshfF2j6lo8wX32Vsgfb2PO+a6BGCCQhSjlKSZoiOH+KNz1/fp0/sbeGY
-ZbdJSMg9AkEA3OAZrLlgKId6Gs5EjDfvq2njJf4dAOk5aH8HB1u18VuRvdkWxEwo
-A7zrFZz+l1U52OMNKazPuPLju7foen9fEwJAR1URfG/RC4HdwKCQYsUvN1+ELk3a
-OemdOeZ7+ocuVCLAU9XIyqSlmHJzmNro5RV+MhVS5M9WRY4vN5Z7hbxgdQJBAJG3
-NrkAwzN5zVCJ7Cclb/SCMt0JvFCxjLInu5dbJblJU+kPozl1lKCCrgTgQgXMsBEq
-GbD41UGK3DsnpTPLfAkCQQCeZlgPiddfNhyg3SQOgj1M/3NBEfJFnX3FqlF32Pvz
-0U29o0iMSP4q2j+cyUxAmlp9I7clhq7bBRTfCHKIHETg
------END RSA PRIVATE KEY-----
diff --git a/crypto/heimdal/lib/hx509/data/test-enveloped-aes-128 b/crypto/heimdal/lib/hx509/data/test-enveloped-aes-128
deleted file mode 100644
index c706839a3fb3..000000000000
--- a/crypto/heimdal/lib/hx509/data/test-enveloped-aes-128
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/test-enveloped-aes-256 b/crypto/heimdal/lib/hx509/data/test-enveloped-aes-256
deleted file mode 100644
index 1d5ef41ec428..000000000000
--- a/crypto/heimdal/lib/hx509/data/test-enveloped-aes-256
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/test-enveloped-des b/crypto/heimdal/lib/hx509/data/test-enveloped-des
deleted file mode 100644
index 85a08d901a4a..000000000000
--- a/crypto/heimdal/lib/hx509/data/test-enveloped-des
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/test-enveloped-des-ede3 b/crypto/heimdal/lib/hx509/data/test-enveloped-des-ede3
deleted file mode 100644
index deb5fe1ce4b6..000000000000
--- a/crypto/heimdal/lib/hx509/data/test-enveloped-des-ede3
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/test-enveloped-rc2-128 b/crypto/heimdal/lib/hx509/data/test-enveloped-rc2-128
deleted file mode 100644
index ebe0b5faa056..000000000000
--- a/crypto/heimdal/lib/hx509/data/test-enveloped-rc2-128
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/test-enveloped-rc2-40 b/crypto/heimdal/lib/hx509/data/test-enveloped-rc2-40
deleted file mode 100644
index c664b81c3db2..000000000000
--- a/crypto/heimdal/lib/hx509/data/test-enveloped-rc2-40
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/test-enveloped-rc2-64 b/crypto/heimdal/lib/hx509/data/test-enveloped-rc2-64
deleted file mode 100644
index 24bd36818006..000000000000
--- a/crypto/heimdal/lib/hx509/data/test-enveloped-rc2-64
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/test-ke-only.crt b/crypto/heimdal/lib/hx509/data/test-ke-only.crt
deleted file mode 100644
index 9239de472554..000000000000
--- a/crypto/heimdal/lib/hx509/data/test-ke-only.crt
+++ /dev/null
@@ -1,53 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 4 (0x4)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: CN=hx509 Test Root CA, C=SE
-        Validity
-            Not Before: Nov 15 06:58:57 2007 GMT
-            Not After : Nov 12 06:58:57 2017 GMT
-        Subject: C=SE, CN=Test cert KeyEncipherment
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:bd:6a:09:6d:65:fd:2f:a6:02:74:48:59:5a:d6:
-                    b1:cf:d2:30:60:21:92:bf:ed:94:d1:df:e9:de:b7:
-                    c2:c5:5d:c8:7b:a7:f2:b3:e0:1b:78:ba:a8:ba:4b:
-                    ee:95:5c:06:77:10:39:be:e5:4c:4a:f0:1e:96:a0:
-                    df:77:7a:7a:06:ce:95:b0:d9:fd:ac:4b:85:45:b1:
-                    7c:a5:51:af:b8:c3:82:6f:21:09:37:03:b0:61:e0:
-                    04:46:a8:71:56:a6:36:67:79:42:e1:ef:bf:28:1d:
-                    a0:ef:02:6e:26:60:e1:fe:05:95:72:87:b9:c1:08:
-                    8e:ed:dc:fd:71:06:15:80:79
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Key Usage: 
-                Non Repudiation, Key Encipherment
-            X509v3 Subject Key Identifier: 
-                17:F3:F4:8B:D1:CD:D4:A3:D9:9D:A0:0E:6E:52:EE:11:03:85:32:6F
-    Signature Algorithm: sha1WithRSAEncryption
-        5f:1d:86:c2:bd:eb:c7:75:ad:b6:ec:c8:10:96:4f:8b:b2:36:
-        b4:7b:ba:c4:b5:6c:1c:2e:80:eb:d0:97:5f:71:48:8a:79:f7:
-        05:ee:2b:96:ef:b9:68:0d:fa:86:73:c7:30:3f:22:81:ea:cf:
-        46:3a:4b:4d:31:39:29:5d:1a:b8:44:ae:12:f1:18:ea:de:55:
-        47:f4:1c:77:07:34:41:cf:1c:f1:1c:f8:0d:63:c1:e8:b4:98:
-        e7:cb:c1:2d:96:b3:5a:21:6e:fa:e7:e1:15:87:84:c9:71:31:
-        5f:6f:93:98:7f:ca:00:d3:8d:96:bb:b5:03:af:c0:4d:4e:a2:
-        a5:97
------BEGIN CERTIFICATE-----
-MIICCjCCAXOgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw
-OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA3MTExNTA2NTg1N1oXDTE3
-MTExMjA2NTg1N1owMTELMAkGA1UEBhMCU0UxIjAgBgNVBAMMGVRlc3QgY2VydCBL
-ZXlFbmNpcGhlcm1lbnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL1qCW1l
-/S+mAnRIWVrWsc/SMGAhkr/tlNHf6d63wsVdyHun8rPgG3i6qLpL7pVcBncQOb7l
-TErwHpag33d6egbOlbDZ/axLhUWxfKVRr7jDgm8hCTcDsGHgBEaocVamNmd5QuHv
-vygdoO8CbiZg4f4FlXKHucEIju3c/XEGFYB5AgMBAAGjOTA3MAkGA1UdEwQCMAAw
-CwYDVR0PBAQDAgVgMB0GA1UdDgQWBBQX8/SL0c3Uo9mdoA5uUu4RA4UybzANBgkq
-hkiG9w0BAQUFAAOBgQBfHYbCvevHda227MgQlk+Lsja0e7rEtWwcLoDr0JdfcUiK
-efcF7iuW77loDfqGc8cwPyKB6s9GOktNMTkpXRq4RK4S8Rjq3lVH9Bx3BzRBzxzx
-HPgNY8HotJjny8EtlrNaIW765+EVh4TJcTFfb5OYf8oA042Wu7UDr8BNTqKllw==
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/test-ke-only.key b/crypto/heimdal/lib/hx509/data/test-ke-only.key
deleted file mode 100644
index 878267e0156b..000000000000
--- a/crypto/heimdal/lib/hx509/data/test-ke-only.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQC9agltZf0vpgJ0SFla1rHP0jBgIZK/7ZTR3+net8LFXch7p/Kz
-4Bt4uqi6S+6VXAZ3EDm+5UxK8B6WoN93enoGzpWw2f2sS4VFsXylUa+4w4JvIQk3
-A7Bh4ARGqHFWpjZneULh778oHaDvAm4mYOH+BZVyh7nBCI7t3P1xBhWAeQIDAQAB
-AoGASR2vee1OqJ/6foyXAXuys7g9OD59eVzqf4Fhs7lXk/w5sZIJG+o8cIQNMayx
-8jHNxRQcVlYI9zxtclOzL1m11FPRgP6oVicPdIbKf/9JQhjlq/RgX/N66iBSPOW3
-80RtZ0G9pI+9RQN3sG1t39sXyMZJz5ApkcrsIfkX7Ej8tAkCQQD1mqP32MjUIpDc
-x15ybBXib7E/27f/aM04Zg4D1WLkYANmUKFLiNeKKEIy+R6iQ9bqcWdh/u2Pu08e
-I9eusolbAkEAxW6GQOihK5hsmKY7QdrORP6I6g8nqu/esiN1/LMtIVZdHtuaLxea
-3XUIewnK1h5d2eKXyWjMgT8o5y/XtT5xuwJAVW7mbJeHPGuNso7TZr/8WNj7cjgu
-5/R/toehhmnazZAsfpG7mbfPKirY5DxOEKnCf6jVCnyQDHhejCBxrT5DkwJBALrW
-MW7Tt1JOWNbM2V8k9fcM+fymgt+dSJ5EOK//0EGwPUeqgmr2Z7QTwQbO6YlgC2ja
-qtILvxzA7LB78iKvCWkCQQCOPkDbIzy5JM8AZtUFYb7PqJBb5fHDg3wiKWXiTh8+
-eaBxDdbBxCsamPLwfP2cguCvVv9yz3ODA9Aopny9iAv3
------END RSA PRIVATE KEY-----
diff --git a/crypto/heimdal/lib/hx509/data/test-nopw.p12 b/crypto/heimdal/lib/hx509/data/test-nopw.p12
deleted file mode 100644
index 49db084e6234..000000000000
--- a/crypto/heimdal/lib/hx509/data/test-nopw.p12
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/test-pw.key b/crypto/heimdal/lib/hx509/data/test-pw.key
deleted file mode 100644
index e844a98bbc03..000000000000
--- a/crypto/heimdal/lib/hx509/data/test-pw.key
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-256-CBC,B9B1B14B38E4ED57E3F9D8DFA7FEB086
-
-mgUkuZfb6TTZ+69kLKbHpwfSYmY1tRMeIuuqcY6qdNpF70kiZ6BylMYzGG29OZJQ
-ttiYmYz1zFYVhWrnpGnK7Raa7CHaohlcPfiUBD2lRzNmj6xYAJdooiR9kWNnZZe5
-JTOpLuokpSWSqgS58AB1BLkK67JGTEhF3iDwPff/oVBjW5X/VMRd62RfDk32MJmd
-nd+xNdBeKk7nXwMITZyv3n5KayVohNSpFblIAwl/k8BDLavIKboZtJDqw9LyRpWC
-KLtToAWTO7pvZcOoK9yIhM5TtbZkp7pQrebGjoYkvdF84i4oVS85q8swwsw7BFq5
-s8AVbdC0kcj5tfSaJYxFonyj5BHiEc1k1CLkcn0Aff1DhW/vR93W28UgQBT11Lxf
-bvHxCSIGp6TKut7Jr1FGs6tzU5eTI2AlWeWJBoANDD2HaKnouRQfDEf8pHP9Odxg
-nOQ4HinpwpylimqisYqHbeocO5izz1xioze82SxYQTUGj+gCViSBIBesVaZ31DGm
-3ECN94ItCm9z6zAeMNtUdLkTY6rPeetwrXXcrWddD7p5c1HdWEEQHU1HilunQc6N
-I39udeWfW0HlINxKu7IgOepNipdw9EFUPtY1LGP+2Xa3ezi8saXPbsq0i/0looWf
-dhjvWke/uwi16zwDKL25pNSmSAKyhD+P46f5pcf1yk1MbMkFbfTrHzcxOIN1Fd5m
-rFVJTUnVonQinb8cEyqgg/2ufvOe6AnaIqjsKdFUQthYrCg6Voupis+SXRbIefhr
-diiBsOoIu8O38I9R6KmSs+CYTBeChWmt1sAJudRIgZ3v5vTm734qwlxijL4sSkYQ
------END RSA PRIVATE KEY-----
diff --git a/crypto/heimdal/lib/hx509/data/test-signed-data b/crypto/heimdal/lib/hx509/data/test-signed-data
deleted file mode 100644
index ae27556a0ae9..000000000000
--- a/crypto/heimdal/lib/hx509/data/test-signed-data
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/test-signed-data-noattr b/crypto/heimdal/lib/hx509/data/test-signed-data-noattr
deleted file mode 100644
index 11b008eb3d4d..000000000000
--- a/crypto/heimdal/lib/hx509/data/test-signed-data-noattr
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/test-signed-data-noattr-nocerts b/crypto/heimdal/lib/hx509/data/test-signed-data-noattr-nocerts
deleted file mode 100644
index 0c94ab9f2be9..000000000000
--- a/crypto/heimdal/lib/hx509/data/test-signed-data-noattr-nocerts
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/test.combined.crt b/crypto/heimdal/lib/hx509/data/test.combined.crt
deleted file mode 100644
index 05c1e74bdc8e..000000000000
--- a/crypto/heimdal/lib/hx509/data/test.combined.crt
+++ /dev/null
@@ -1,68 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 2 (0x2)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: CN=hx509 Test Root CA, C=SE
-        Validity
-            Not Before: Nov 15 06:58:56 2007 GMT
-            Not After : Nov 12 06:58:56 2017 GMT
-        Subject: C=SE, CN=Test cert
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:e8:bd:c6:8e:de:37:d8:f3:43:23:c3:27:b6:49:
-                    65:33:a8:b2:a9:f0:16:0d:90:49:47:7b:90:98:e4:
-                    ae:de:dd:64:b6:3b:48:b7:2e:0b:02:18:1f:85:f3:
-                    48:af:78:4b:54:34:63:62:06:30:f0:b5:a2:e9:db:
-                    35:6c:c7:55:f5:30:27:a0:66:54:a5:e8:52:27:52:
-                    43:4e:90:04:11:6a:e8:2b:52:e4:8d:fe:fd:c4:aa:
-                    b0:4e:63:c6:aa:2d:0a:4e:1d:ae:1c:0d:c8:12:10:
-                    93:af:5c:e5:31:30:df:2c:0d:d7:c4:9e:d1:fd:37:
-                    3a:45:71:fa:62:af:90:5e:c3
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Key Usage: 
-                Digital Signature, Non Repudiation, Key Encipherment
-            X509v3 Subject Key Identifier: 
-                D0:9B:77:9A:88:C7:AD:71:07:17:56:E1:0C:4D:B2:23:85:81:D1:EB
-    Signature Algorithm: sha1WithRSAEncryption
-        88:f8:ee:7d:35:36:1c:a9:71:e4:c5:64:b9:c9:c2:2d:9d:d5:
-        79:67:25:12:d7:96:28:4c:dd:92:6a:19:6b:ce:bc:fa:78:bd:
-        f3:d2:c4:5c:a9:d9:4a:b7:ef:40:8f:c8:e2:1a:67:90:58:a4:
-        71:76:87:c2:66:9e:69:57:37:c9:15:b8:c7:d9:fa:3f:32:be:
-        14:5e:7b:41:5c:7f:c2:54:1b:f1:1b:15:20:8c:0a:62:7c:71:
-        07:ff:7d:df:71:75:0c:4b:7d:b8:a1:59:e1:5a:4e:b7:c1:df:
-        98:3b:cf:c9:de:e3:73:6f:fa:2d:fa:39:c5:59:92:08:c4:6b:
-        43:7a
------BEGIN CERTIFICATE-----
-MIIB+jCCAWOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw
-OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA3MTExNTA2NTg1NloXDTE3
-MTExMjA2NTg1NlowITELMAkGA1UEBhMCU0UxEjAQBgNVBAMMCVRlc3QgY2VydDCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6L3Gjt432PNDI8MntkllM6iyqfAW
-DZBJR3uQmOSu3t1ktjtIty4LAhgfhfNIr3hLVDRjYgYw8LWi6ds1bMdV9TAnoGZU
-pehSJ1JDTpAEEWroK1Lkjf79xKqwTmPGqi0KTh2uHA3IEhCTr1zlMTDfLA3XxJ7R
-/Tc6RXH6Yq+QXsMCAwEAAaM5MDcwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYD
-VR0OBBYEFNCbd5qIx61xBxdW4QxNsiOFgdHrMA0GCSqGSIb3DQEBBQUAA4GBAIj4
-7n01NhypceTFZLnJwi2d1XlnJRLXlihM3ZJqGWvOvPp4vfPSxFyp2Uq370CPyOIa
-Z5BYpHF2h8JmnmlXN8kVuMfZ+j8yvhRee0Fcf8JUG/EbFSCMCmJ8cQf/fd9xdQxL
-fbihWeFaTrfB35g7z8ne43Nv+i36OcVZkgjEa0N6
------END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIICXgIBAAKBgQDovcaO3jfY80Mjwye2SWUzqLKp8BYNkElHe5CY5K7e3WS2O0i3
-LgsCGB+F80iveEtUNGNiBjDwtaLp2zVsx1X1MCegZlSl6FInUkNOkAQRaugrUuSN
-/v3EqrBOY8aqLQpOHa4cDcgSEJOvXOUxMN8sDdfEntH9NzpFcfpir5BewwIDAQAB
-AoGBAKS3WsVWBBRo5cVzorFh9FvBMuEOZ60lxpbunoF2p0RXT6WhA2+RCH1s8TJt
-4a0956IqiYOgehaBllEHsSHRWcUZ0P96qhZbVn1fWem0/U1VGb6d9WFftqPCOgYI
-0joyDn+mmS1nhILexQARULyM67JyhX1xVbgFQUeTtr2WGIdBAkEA9hQURHdgxsu+
-iqe+93I1mA0LccKI3Mmb9jM0DBW1+NeGw17xE39u2DTLsFTIXkcpGzbaJYPaaOhU
-pcpLX7haMQJBAPIgCT9cwEhX/MQq4eViCXd7blg4FxlDJDrD8sC8E0xss2N9Kpk4
-aJBtd4leOlzDwCanlWHrMCKo/NuE2b58FzMCQQDLTMtxxS6vDqTc6LlctX6RoDVU
-RuPLhMTVInhdg5JTg7xSrJ1+/kkVVojxpRnkyeWsFiUj2UsYYNmOHxMmgagBAkEA
-1to8uoAolEmXn89Zsv3C3salzRzAyob84DS+9e4uxdNzf+Yy5dHbX8Xzm+8EpQqD
-OQnekgxsI2WHM5h4zAI7ZwJAefxLT1ljFxZmp1612/jqDaeNmmUHIN2aMpDinIle
-r2S7S+UC+m573YcLZoYy9QAcTjnvgs/99zXjewfIQSQOmw==
------END RSA PRIVATE KEY-----
diff --git a/crypto/heimdal/lib/hx509/data/test.crt b/crypto/heimdal/lib/hx509/data/test.crt
deleted file mode 100644
index 607605b01dfe..000000000000
--- a/crypto/heimdal/lib/hx509/data/test.crt
+++ /dev/null
@@ -1,53 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 2 (0x2)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: CN=hx509 Test Root CA, C=SE
-        Validity
-            Not Before: Nov 15 06:58:56 2007 GMT
-            Not After : Nov 12 06:58:56 2017 GMT
-        Subject: C=SE, CN=Test cert
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:e8:bd:c6:8e:de:37:d8:f3:43:23:c3:27:b6:49:
-                    65:33:a8:b2:a9:f0:16:0d:90:49:47:7b:90:98:e4:
-                    ae:de:dd:64:b6:3b:48:b7:2e:0b:02:18:1f:85:f3:
-                    48:af:78:4b:54:34:63:62:06:30:f0:b5:a2:e9:db:
-                    35:6c:c7:55:f5:30:27:a0:66:54:a5:e8:52:27:52:
-                    43:4e:90:04:11:6a:e8:2b:52:e4:8d:fe:fd:c4:aa:
-                    b0:4e:63:c6:aa:2d:0a:4e:1d:ae:1c:0d:c8:12:10:
-                    93:af:5c:e5:31:30:df:2c:0d:d7:c4:9e:d1:fd:37:
-                    3a:45:71:fa:62:af:90:5e:c3
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Key Usage: 
-                Digital Signature, Non Repudiation, Key Encipherment
-            X509v3 Subject Key Identifier: 
-                D0:9B:77:9A:88:C7:AD:71:07:17:56:E1:0C:4D:B2:23:85:81:D1:EB
-    Signature Algorithm: sha1WithRSAEncryption
-        88:f8:ee:7d:35:36:1c:a9:71:e4:c5:64:b9:c9:c2:2d:9d:d5:
-        79:67:25:12:d7:96:28:4c:dd:92:6a:19:6b:ce:bc:fa:78:bd:
-        f3:d2:c4:5c:a9:d9:4a:b7:ef:40:8f:c8:e2:1a:67:90:58:a4:
-        71:76:87:c2:66:9e:69:57:37:c9:15:b8:c7:d9:fa:3f:32:be:
-        14:5e:7b:41:5c:7f:c2:54:1b:f1:1b:15:20:8c:0a:62:7c:71:
-        07:ff:7d:df:71:75:0c:4b:7d:b8:a1:59:e1:5a:4e:b7:c1:df:
-        98:3b:cf:c9:de:e3:73:6f:fa:2d:fa:39:c5:59:92:08:c4:6b:
-        43:7a
------BEGIN CERTIFICATE-----
-MIIB+jCCAWOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw
-OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA3MTExNTA2NTg1NloXDTE3
-MTExMjA2NTg1NlowITELMAkGA1UEBhMCU0UxEjAQBgNVBAMMCVRlc3QgY2VydDCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6L3Gjt432PNDI8MntkllM6iyqfAW
-DZBJR3uQmOSu3t1ktjtIty4LAhgfhfNIr3hLVDRjYgYw8LWi6ds1bMdV9TAnoGZU
-pehSJ1JDTpAEEWroK1Lkjf79xKqwTmPGqi0KTh2uHA3IEhCTr1zlMTDfLA3XxJ7R
-/Tc6RXH6Yq+QXsMCAwEAAaM5MDcwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYD
-VR0OBBYEFNCbd5qIx61xBxdW4QxNsiOFgdHrMA0GCSqGSIb3DQEBBQUAA4GBAIj4
-7n01NhypceTFZLnJwi2d1XlnJRLXlihM3ZJqGWvOvPp4vfPSxFyp2Uq370CPyOIa
-Z5BYpHF2h8JmnmlXN8kVuMfZ+j8yvhRee0Fcf8JUG/EbFSCMCmJ8cQf/fd9xdQxL
-fbihWeFaTrfB35g7z8ne43Nv+i36OcVZkgjEa0N6
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/test.key b/crypto/heimdal/lib/hx509/data/test.key
deleted file mode 100644
index 5251ceb74d3f..000000000000
--- a/crypto/heimdal/lib/hx509/data/test.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXgIBAAKBgQDovcaO3jfY80Mjwye2SWUzqLKp8BYNkElHe5CY5K7e3WS2O0i3
-LgsCGB+F80iveEtUNGNiBjDwtaLp2zVsx1X1MCegZlSl6FInUkNOkAQRaugrUuSN
-/v3EqrBOY8aqLQpOHa4cDcgSEJOvXOUxMN8sDdfEntH9NzpFcfpir5BewwIDAQAB
-AoGBAKS3WsVWBBRo5cVzorFh9FvBMuEOZ60lxpbunoF2p0RXT6WhA2+RCH1s8TJt
-4a0956IqiYOgehaBllEHsSHRWcUZ0P96qhZbVn1fWem0/U1VGb6d9WFftqPCOgYI
-0joyDn+mmS1nhILexQARULyM67JyhX1xVbgFQUeTtr2WGIdBAkEA9hQURHdgxsu+
-iqe+93I1mA0LccKI3Mmb9jM0DBW1+NeGw17xE39u2DTLsFTIXkcpGzbaJYPaaOhU
-pcpLX7haMQJBAPIgCT9cwEhX/MQq4eViCXd7blg4FxlDJDrD8sC8E0xss2N9Kpk4
-aJBtd4leOlzDwCanlWHrMCKo/NuE2b58FzMCQQDLTMtxxS6vDqTc6LlctX6RoDVU
-RuPLhMTVInhdg5JTg7xSrJ1+/kkVVojxpRnkyeWsFiUj2UsYYNmOHxMmgagBAkEA
-1to8uoAolEmXn89Zsv3C3salzRzAyob84DS+9e4uxdNzf+Yy5dHbX8Xzm+8EpQqD
-OQnekgxsI2WHM5h4zAI7ZwJAefxLT1ljFxZmp1612/jqDaeNmmUHIN2aMpDinIle
-r2S7S+UC+m573YcLZoYy9QAcTjnvgs/99zXjewfIQSQOmw==
------END RSA PRIVATE KEY-----
diff --git a/crypto/heimdal/lib/hx509/data/test.p12 b/crypto/heimdal/lib/hx509/data/test.p12
deleted file mode 100644
index ad3e90acaa2e..000000000000
--- a/crypto/heimdal/lib/hx509/data/test.p12
+++ /dev/null
diff --git a/crypto/heimdal/lib/hx509/data/yutaka-pad-broken-ca.pem b/crypto/heimdal/lib/hx509/data/yutaka-pad-broken-ca.pem
deleted file mode 100644
index 32685d1fe8a7..000000000000
--- a/crypto/heimdal/lib/hx509/data/yutaka-pad-broken-ca.pem
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICijCCAfOgAwIBAgIJAOSnzE4Qx2H+MA0GCSqGSIb3DQEBBQUAMDkxCzAJBgNV
-BAYTAkpQMRQwEgYDVQQKEwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAx
-LTQwHhcNMDYwOTA3MTYzMzE4WhcNMDYxMDA3MTYzMzE4WjA5MQswCQYDVQQGEwJK
-UDEUMBIGA1UEChMLQ0EgVEVTVCAxLTQxFDASBgNVBAMTC0NBIFRFU1QgMS00MIGd
-MA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQDZfFjkPDZeorxWqk7/DKM2d/9Nao28
-dM6T5sb5L41hD5C1kXV6MJev5ALASSxtI6OVOmZO4gfubnsvcj0NTZO4SeF1yL1r
-VDPdx7juQI1cbDiG/EwIMW29UIdj9h052JTmEbpT0RuP/4JWmAWrdO5UE40xua7S
-z2/6+DB2ZklFoQIBA6OBmzCBmDAdBgNVHQ4EFgQU340JbeYcg6V9zi8aozy48aIh
-tfgwaQYDVR0jBGIwYIAU340JbeYcg6V9zi8aozy48aIhtfihPaQ7MDkxCzAJBgNV
-BAYTAkpQMRQwEgYDVQQKEwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAx
-LTSCCQDkp8xOEMdh/jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABsH
-aJ/c/3cGHssi8IvVRci/aavqj607y7l22nKDtG1p4KAjnfNhBMOhRhFv00nJnokK
-y0uc4DIegAW1bxQjqcMNNEmGbzAeixH/cRCot8C1LobEQmxNWCY2DJLWoI3wwqr8
-uUSnI1CDZ5402etkCiNXsDy/eYDrF+2KonkIWRrr
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/yutaka-pad-broken-cert.pem b/crypto/heimdal/lib/hx509/data/yutaka-pad-broken-cert.pem
deleted file mode 100644
index b0726eac1d65..000000000000
--- a/crypto/heimdal/lib/hx509/data/yutaka-pad-broken-cert.pem
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICzTCCAjagAwIBAgIJAOSnzE4Qx2H/MA0GCSqGSIb3DQEBBQUAMDkxCzAJBgNV
-BAYTAkpQMRQwEgYDVQQKEwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAx
-LTQwHhcNMDYwOTA3MTY0MDM3WhcNMDcwOTA3MTY0MDM3WjBPMQswCQYDVQQGEwJK
-UDEOMAwGA1UECBMFVG9reW8xFjAUBgNVBAoTDVRFU1QgMiBDTElFTlQxGDAWBgNV
-BAMTD3d3dzIuZXhhbXBsZS5qcDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-vSpZ6ig9DpeKB60h7ii1RitNuvkn4INOfEXjCjPSFwmIbGJqnyWvKTiMKzguEYkG
-6CZAbsx44t3kvsVDeUd5WZBRgMoeQd1tNJBU4BXxOA8bVzdwstzaPeeufQtZDvKf
-M4ej+fo/j9lYH9udCug1huaNybcCtijzGonkddX4JEUCAwEAAaOBxjCBwzAJBgNV
-HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp
-Y2F0ZTAdBgNVHQ4EFgQUK0DZtd8K1P2ij9gVKUNcHlx7uCIwaQYDVR0jBGIwYIAU
-340JbeYcg6V9zi8aozy48aIhtfihPaQ7MDkxCzAJBgNVBAYTAkpQMRQwEgYDVQQK
-EwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAxLTSCCQDkp8xOEMdh/jAN
-BgkqhkiG9w0BAQUFAAOBgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-AAAAAAAAAUKJ+eFJYSvXwGF2wxzDXj+x5YCItrHFmrEy4AXXAW+H0NgJVNvqRY/O
-Kw==
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/yutaka-pad-ok-ca.pem b/crypto/heimdal/lib/hx509/data/yutaka-pad-ok-ca.pem
deleted file mode 100644
index 32685d1fe8a7..000000000000
--- a/crypto/heimdal/lib/hx509/data/yutaka-pad-ok-ca.pem
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICijCCAfOgAwIBAgIJAOSnzE4Qx2H+MA0GCSqGSIb3DQEBBQUAMDkxCzAJBgNV
-BAYTAkpQMRQwEgYDVQQKEwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAx
-LTQwHhcNMDYwOTA3MTYzMzE4WhcNMDYxMDA3MTYzMzE4WjA5MQswCQYDVQQGEwJK
-UDEUMBIGA1UEChMLQ0EgVEVTVCAxLTQxFDASBgNVBAMTC0NBIFRFU1QgMS00MIGd
-MA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQDZfFjkPDZeorxWqk7/DKM2d/9Nao28
-dM6T5sb5L41hD5C1kXV6MJev5ALASSxtI6OVOmZO4gfubnsvcj0NTZO4SeF1yL1r
-VDPdx7juQI1cbDiG/EwIMW29UIdj9h052JTmEbpT0RuP/4JWmAWrdO5UE40xua7S
-z2/6+DB2ZklFoQIBA6OBmzCBmDAdBgNVHQ4EFgQU340JbeYcg6V9zi8aozy48aIh
-tfgwaQYDVR0jBGIwYIAU340JbeYcg6V9zi8aozy48aIhtfihPaQ7MDkxCzAJBgNV
-BAYTAkpQMRQwEgYDVQQKEwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAx
-LTSCCQDkp8xOEMdh/jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABsH
-aJ/c/3cGHssi8IvVRci/aavqj607y7l22nKDtG1p4KAjnfNhBMOhRhFv00nJnokK
-y0uc4DIegAW1bxQjqcMNNEmGbzAeixH/cRCot8C1LobEQmxNWCY2DJLWoI3wwqr8
-uUSnI1CDZ5402etkCiNXsDy/eYDrF+2KonkIWRrr
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/yutaka-pad-ok-cert.pem b/crypto/heimdal/lib/hx509/data/yutaka-pad-ok-cert.pem
deleted file mode 100644
index 9a89e59e2ad7..000000000000
--- a/crypto/heimdal/lib/hx509/data/yutaka-pad-ok-cert.pem
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICzTCCAjagAwIBAgIJAOSnzE4Qx2H/MA0GCSqGSIb3DQEBBQUAMDkxCzAJBgNV
-BAYTAkpQMRQwEgYDVQQKEwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAx
-LTQwHhcNMDYwOTA3MTY0MDM3WhcNMDcwOTA3MTY0MDM3WjBPMQswCQYDVQQGEwJK
-UDEOMAwGA1UECBMFVG9reW8xFjAUBgNVBAoTDVRFU1QgMiBDTElFTlQxGDAWBgNV
-BAMTD3d3dzIuZXhhbXBsZS5qcDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-vSpZ6ig9DpeKB60h7ii1RitNuvkn4INOfEXjCjPSFwmIbGJqnyWvKTiMKzguEYkG
-6CZAbsx44t3kvsVDeUd5WZBRgMoeQd1tNJBU4BXxOA8bVzdwstzaPeeufQtZDvKf
-M4ej+fo/j9lYH9udCug1huaNybcCtijzGonkddX4JEUCAwEAAaOBxjCBwzAJBgNV
-HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp
-Y2F0ZTAdBgNVHQ4EFgQUK0DZtd8K1P2ij9gVKUNcHlx7uCIwaQYDVR0jBGIwYIAU
-340JbeYcg6V9zi8aozy48aIhtfihPaQ7MDkxCzAJBgNVBAYTAkpQMRQwEgYDVQQK
-EwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAxLTSCCQDkp8xOEMdh/jAN
-BgkqhkiG9w0BAQUFAAOBgQCkGhwCDLRwWbDnDFReXkIZ1/9OhfiR8yL1idP9iYVU
-cSoWxSHPBWkv6LORFS03APcXCSzDPJ9pxTjFjGGFSI91fNrzkKdHU/+0WCF2uTh7
-Dz2blqtcmnJqMSn1xHxxfM/9e6M3XwFUMf7SGiKRAbDfsauPafEPTn83vSeKj1lg
-Dw==
------END CERTIFICATE-----
diff --git a/crypto/heimdal/lib/hx509/data/yutaka-pad.key b/crypto/heimdal/lib/hx509/data/yutaka-pad.key
deleted file mode 100644
index 1763623880c1..000000000000
--- a/crypto/heimdal/lib/hx509/data/yutaka-pad.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQC9KlnqKD0Ol4oHrSHuKLVGK026+Sfgg058ReMKM9IXCYhsYmqf
-Ja8pOIwrOC4RiQboJkBuzHji3eS+xUN5R3lZkFGAyh5B3W00kFTgFfE4DxtXN3Cy
-3No95659C1kO8p8zh6P5+j+P2Vgf250K6DWG5o3JtwK2KPMaieR11fgkRQIDAQAB
-AoGBAJCYvwJun713uNsFTNpv46EvmMtDiWfk9ymnglVaJ03Uy6ON11Kvy6UGxJ6E
-4zIkPFNYaghH5GAGncP1pg4exHKRGJTNcQbMf9iOsCTOuvKSWbBZpnJcFllKyESK
-PTt72D6x/cuzDXVTeWvQMoOILa09szW7aqFNIdxae4Vq7a4BAkEA6MoehuRtZ4N9
-Jtc9cIpSKOOatZ1UajWEFV2yVHaDED2kkWxKjppPzRn06LzX8LWm1RT0qe3Zyasi
-iXCXlno/+QJBANAGvY+k/+OvzWnv1yTKO8OmrMqkSzh3KAhFbiVWdQaqMSCWtKYk
-GoOKnq0PB73ExhdbTFmxC4KBPHTC2guOca0CQCD78pNebnoKUYNdYCFAGCAfD97H
-6hwadRqp6gi5uhxk/5pzY6UNDF2dXexURayfsIHktD4Xq5I9o2kiAPibXdECQQDC
-KihwlL9K02JVSMl0y1XxDfclxSd4cq9o2PUv4HymVeA43LGMiRI+SPpF6Ut+ctW6
-IzsmVDu7+chl6yD9vFyZAkA3Auv9UxKL3kPtvu5G/lrCVmwzVfAzuwtnmSfp1+M5
-yTYBz+VFSsYrdlDZ3jdLnFzVOMiIm9pZca/L93QjmXJ+
------END RSA PRIVATE KEY-----
diff --git a/crypto/heimdal/lib/hx509/doxygen.c b/crypto/heimdal/lib/hx509/doxygen.c
deleted file mode 100644
index 488ae4b9bbb7..000000000000
--- a/crypto/heimdal/lib/hx509/doxygen.c
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * Copyright (c) 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/** @mainpage Heimdal PKIX/X.509 library
- *
- * @section intro Introduction
- *
- * Heimdal libhx509 library is a implementation of the PKIX/X.509 and
- * related protocols.
- * 
- * PKIX/X.509 is ...
- *
- *
- * Sections in this manual are:
- * - @ref page_name
- * - @ref page_cert
- * - @ref page_keyset
- * - @ref page_error
- * - @ref page_lock
- * - @ref page_cms
- * - @ref page_ca
- * - @ref page_revoke
- * - @ref page_print
- * - @ref page_env
- *
- * The project web page:
- * http://www.h5l.org/
- *
- */
-
-/** @defgroup hx509 hx509 library */
-
-/** @defgroup hx509_error hx509 error functions
- * See the @ref page_error for description and examples. */
-/** @defgroup hx509_cert hx509 certificate functions
- * See the @ref page_cert for description and examples. */
-/** @defgroup hx509_keyset hx509 certificate store functions
- * See the @ref page_keyset for description and examples. */
-/** @defgroup hx509_cms hx509 CMS/pkcs7 functions
- * See the @ref page_cms for description and examples. */
-/** @defgroup hx509_crypto hx509 crypto functions */
-/** @defgroup hx509_misc hx509 misc functions */
-/** @defgroup hx509_name hx509 name functions 
- * See the @ref page_name for description and examples. */
-/** @defgroup hx509_revoke hx509 revokation checking functions
- * See the @ref page_revoke for description and examples. */
-/** @defgroup hx509_verify hx509 verification functions */
-/** @defgroup hx509_lock hx509 lock functions
- * See the @ref page_lock for description and examples. */
-/** @defgroup hx509_query hx509 query functions */
-/** @defgroup hx509_ca hx509 CA functions
- * See the @ref page_ca for description and examples. */
-/** @defgroup hx509_peer hx509 certificate selecting functions */
-/** @defgroup hx509_print hx509 printing functions */
-/** @defgroup hx509_env hx509 enviroment functions */
diff --git a/crypto/heimdal/lib/hx509/env.c b/crypto/heimdal/lib/hx509/env.c
deleted file mode 100644
index f868c22488cb..000000000000
--- a/crypto/heimdal/lib/hx509/env.c
+++ /dev/null
@@ -1,161 +0,0 @@
-/*
- * Copyright (c) 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-RCSID("$Id: env.c 22349 2007-12-26 19:32:49Z lha $");
-
-/**
- * @page page_env Hx509 enviroment functions
- *
- * See the library functions here: @ref hx509_env
- */
-
-struct hx509_env {
-    struct {
-	char *key;
-	char *value;
-    } *val;
-    size_t len;
-};
-
-/**
- * Allocate a new hx509_env container object.
- *
- * @param context A hx509 context.
- * @param env return a hx509_env structure, free with hx509_env_free().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_env
- */
-
-int
-hx509_env_init(hx509_context context, hx509_env *env)
-{
-    *env = calloc(1, sizeof(**env));
-    if (*env == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-    return 0;
-}
-
-/**
- * Add a new key/value pair to the hx509_env.
- *
- * @param context A hx509 context.
- * @param env enviroment to add the enviroment variable too.
- * @param key key to add
- * @param value value to add
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_env
- */
-
-int
-hx509_env_add(hx509_context context, hx509_env env, 
-	      const char *key, const char *value)
-{
-    void *ptr;
-
-    ptr = realloc(env->val, sizeof(env->val[0]) * (env->len + 1));
-    if (ptr == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-    env->val = ptr;
-    env->val[env->len].key = strdup(key);
-    if (env->val[env->len].key == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-    env->val[env->len].value = strdup(value);
-    if (env->val[env->len].value == NULL) {
-	free(env->val[env->len].key);
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-    env->len++;
-    return 0;
-}
-
-/**
- * Search the hx509_env for a key.
- *
- * @param context A hx509 context.
- * @param env enviroment to add the enviroment variable too.
- * @param key key to search for.
- * @param len length of key.
- *
- * @return the value if the key is found, NULL otherwise.
- *
- * @ingroup hx509_env
- */
-
-const char *
-hx509_env_lfind(hx509_context context, hx509_env env,
-		const char *key, size_t len)
-{
-    size_t i;
-
-    for (i = 0; i < env->len; i++) {
-	char *s = env->val[i].key;
-	if (strncmp(key, s, len) == 0 && s[len] == '\0')
-	    return env->val[i].value;
-    }
-    return NULL;
-}
-
-/**
- * Free an hx509_env enviroment context.
- *
- * @param env the enviroment to free.
- *
- * @ingroup hx509_env
- */
-
-void
-hx509_env_free(hx509_env *env)
-{
-    size_t i;
-
-    for (i = 0; i < (*env)->len; i++) {
-	free((*env)->val[i].key);
-	free((*env)->val[i].value);
-    }
-    free((*env)->val);
-    free(*env);
-    *env = NULL;
-}
-
diff --git a/crypto/heimdal/lib/hx509/error.c b/crypto/heimdal/lib/hx509/error.c
deleted file mode 100644
index 25119ed28830..000000000000
--- a/crypto/heimdal/lib/hx509/error.c
+++ /dev/null
@@ -1,223 +0,0 @@
-/*
- * Copyright (c) 2006 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-RCSID("$Id: error.c 22332 2007-12-17 01:03:22Z lha $");
-
-/**
- * @page page_error Hx509 error reporting functions
- *
- * See the library functions here: @ref hx509_error
- */
-
-struct hx509_error_data {
-    hx509_error next;
-    int code;
-    char *msg;
-};
-
-static void
-free_error_string(hx509_error msg)
-{
-    while(msg) {
-	hx509_error m2 = msg->next;
-	free(msg->msg);
-	free(msg);
-	msg = m2;
-    }
-}
-
-/**
- * Resets the error strings the hx509 context.
- *
- * @param context A hx509 context.
- *
- * @ingroup hx509_error
- */
-
-void
-hx509_clear_error_string(hx509_context context)
-{
-    free_error_string(context->error);
-    context->error = NULL;
-}
-
-/**
- * Add an error message to the hx509 context.
- *
- * @param context A hx509 context.
- * @param flags
- * - HX509_ERROR_APPEND appends the error string to the old messages
-     (code is updated).
- * @param code error code related to error message
- * @param fmt error message format
- * @param ap arguments to error message format
- *
- * @ingroup hx509_error
- */
-
-void
-hx509_set_error_stringv(hx509_context context, int flags, int code, 
-			const char *fmt, va_list ap)
-{
-    hx509_error msg;
-
-    msg = calloc(1, sizeof(*msg));
-    if (msg == NULL) {
-	hx509_clear_error_string(context);
-	return;
-    }
-
-    if (vasprintf(&msg->msg, fmt, ap) == -1) {
-	hx509_clear_error_string(context);
-	free(msg);
-	return;
-    }
-    msg->code = code;
-
-    if (flags & HX509_ERROR_APPEND) {
-	msg->next = context->error;
-	context->error = msg;
-    } else  {
-	free_error_string(context->error);
-	context->error = msg;
-    }
-}
-
-/**
- * See hx509_set_error_stringv(). 
- *
- * @param context A hx509 context.
- * @param flags
- * - HX509_ERROR_APPEND appends the error string to the old messages
-     (code is updated).
- * @param code error code related to error message
- * @param fmt error message format
- * @param ... arguments to error message format
- *
- * @ingroup hx509_error
- */
-
-void
-hx509_set_error_string(hx509_context context, int flags, int code,
-		       const char *fmt, ...)
-{
-    va_list ap;
-
-    va_start(ap, fmt);
-    hx509_set_error_stringv(context, flags, code, fmt, ap);
-    va_end(ap);
-}
-
-/**
- * Get an error string from context associated with error_code.
- *
- * @param context A hx509 context.
- * @param error_code Get error message for this error code.
- *
- * @return error string, free with hx509_free_error_string().
- *
- * @ingroup hx509_error
- */
-
-char *
-hx509_get_error_string(hx509_context context, int error_code)
-{
-    struct rk_strpool *p = NULL;
-    hx509_error msg = context->error;
-
-    if (msg == NULL || msg->code != error_code) {
-	const char *cstr;
-	char *str;
-
-	cstr = com_right(context->et_list, error_code);
-	if (cstr)
-	    return strdup(cstr);
-	cstr = strerror(error_code);
-	if (cstr)
-	    return strdup(cstr);
-	if (asprintf(&str, "<unknown error: %d>", error_code) == -1)
-	    return NULL;
-	return str;
-    }
-
-    for (msg = context->error; msg; msg = msg->next)
-	p = rk_strpoolprintf(p, "%s%s", msg->msg, 
-			     msg->next != NULL ? "; " : "");
-
-    return rk_strpoolcollect(p);
-}
-
-/**
- * Free error string returned by hx509_get_error_string().
- *
- * @param str error string to free.
- *
- * @ingroup hx509_error
- */
-
-void
-hx509_free_error_string(char *str)
-{
-    free(str);
-}
-
-/**
- * Print error message and fatally exit from error code
- *
- * @param context A hx509 context.
- * @param exit_code exit() code from process.
- * @param error_code Error code for the reason to exit.
- * @param fmt format string with the exit message.
- * @param ... argument to format string.
- *
- * @ingroup hx509_error
- */
-
-void
-hx509_err(hx509_context context, int exit_code, 
-	  int error_code, const char *fmt, ...)
-{
-    va_list ap;
-    const char *msg;
-    char *str;
-
-    va_start(ap, fmt);
-    vasprintf(&str, fmt, ap);
-    va_end(ap);
-    msg = hx509_get_error_string(context, error_code);
-    if (msg == NULL)
-	msg = "no error";
-
-    errx(exit_code, "%s: %s", str, msg);
-}
diff --git a/crypto/heimdal/lib/hx509/file.c b/crypto/heimdal/lib/hx509/file.c
deleted file mode 100644
index b076b74f44df..000000000000
--- a/crypto/heimdal/lib/hx509/file.c
+++ /dev/null
@@ -1,376 +0,0 @@
-/*
- * Copyright (c) 2005 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-RCSID("$ID$");
-
-int
-_hx509_map_file_os(const char *fn, heim_octet_string *os, struct stat *rsb)
-{
-    size_t length;
-    void *data;
-    int ret;
-
-    ret = _hx509_map_file(fn, &data, &length, rsb);
-
-    os->data = data;
-    os->length = length;
-
-    return ret;
-}
-
-void
-_hx509_unmap_file_os(heim_octet_string *os)
-{
-    _hx509_unmap_file(os->data, os->length);
-}
-
-int
-_hx509_map_file(const char *fn, void **data, size_t *length, struct stat *rsb)
-{
-    struct stat sb;
-    size_t len;
-    ssize_t l;
-    int ret;
-    void *d;
-    int fd;
-
-    *data = NULL;
-    *length = 0;
-
-    fd = open(fn, O_RDONLY);
-    if (fd < 0)
-	return errno;
-    
-    if (fstat(fd, &sb) < 0) {
-	ret = errno;
-	close(fd);
-	return ret;
-    }
-
-    len = sb.st_size;
-
-    d = malloc(len);
-    if (d == NULL) {
-	close(fd);
-	return ENOMEM;
-    }
-    
-    l = read(fd, d, len);
-    close(fd);
-    if (l < 0 || l != len) {
-	free(d);
-	return EINVAL;
-    }
-
-    if (rsb)
-	*rsb = sb;
-    *data = d;
-    *length = len;
-    return 0;
-}
-
-void
-_hx509_unmap_file(void *data, size_t len)
-{
-    free(data);
-}
-
-int
-_hx509_write_file(const char *fn, const void *data, size_t length)
-{
-    ssize_t sz;
-    const unsigned char *p = data;
-    int fd;
-
-    fd = open(fn, O_WRONLY|O_TRUNC|O_CREAT, 0644);
-    if (fd < 0)
-	return errno;
-
-    do {
-	sz = write(fd, p, length);
-	if (sz < 0) {
-	    int saved_errno = errno;
-	    close(fd);
-	    return saved_errno;
-	}
-	if (sz == 0)
-	    break;
-	length -= sz;
-    } while (length > 0);
-		
-    if (close(fd) == -1)
-	return errno;
-
-    return 0;
-}
-
-/*
- *
- */
-
-static void
-header(FILE *f, const char *type, const char *str)
-{
-    fprintf(f, "-----%s %s-----\n", type, str);
-}
-
-int
-hx509_pem_write(hx509_context context, const char *type, 
-		hx509_pem_header *headers, FILE *f,
-		const void *data, size_t size)
-{
-    const char *p = data;
-    size_t length;
-    char *line;
-
-#define ENCODE_LINE_LENGTH	54
-    
-    header(f, "BEGIN", type);
-
-    while (headers) {
-	fprintf(f, "%s: %s\n%s", 
-		headers->header, headers->value,
-		headers->next ? "" : "\n");
-	headers = headers->next;
-    }
-
-    while (size > 0) {
-	ssize_t l;
-	
-	length = size;
-	if (length > ENCODE_LINE_LENGTH)
-	    length = ENCODE_LINE_LENGTH;
-	
-	l = base64_encode(p, length, &line);
-	if (l < 0) {
-	    hx509_set_error_string(context, 0, ENOMEM,
-				   "malloc - out of memory");
-	    return ENOMEM;
-	}
-	size -= length;
-	fprintf(f, "%s\n", line);
-	p += length;
-	free(line);
-    }
-
-    header(f, "END", type);
-
-    return 0;
-}
-
-/*
- *
- */
-
-int
-hx509_pem_add_header(hx509_pem_header **headers, 
-		     const char *header, const char *value)
-{
-    hx509_pem_header *h;
-
-    h = calloc(1, sizeof(*h));
-    if (h == NULL)
-	return ENOMEM;
-    h->header = strdup(header);
-    if (h->header == NULL) {
-	free(h);
-	return ENOMEM;
-    }
-    h->value = strdup(value);
-    if (h->value == NULL) {
-	free(h->header);
-	free(h);
-	return ENOMEM;
-    }
-
-    h->next = *headers;
-    *headers = h;
-
-    return 0;
-}
-
-void
-hx509_pem_free_header(hx509_pem_header *headers)
-{
-    hx509_pem_header *h;
-    while (headers) {
-	h = headers;
-	headers = headers->next;
-	free(h->header);
-	free(h->value);
-	free(h);
-    }
-}
-
-/*
- *
- */
-
-const char *
-hx509_pem_find_header(const hx509_pem_header *h, const char *header)
-{
-    while(h) {
-	if (strcmp(header, h->header) == 0)
-	    return h->value;
-	h = h->next;
-    }
-    return NULL;
-}
-
-
-/*
- *
- */
-
-int
-hx509_pem_read(hx509_context context,
-	       FILE *f, 
-	       hx509_pem_read_func func,
-	       void *ctx)
-{
-    hx509_pem_header *headers = NULL;
-    char *type = NULL;
-    void *data = NULL;
-    size_t len = 0;
-    char buf[1024];
-    int ret = HX509_PARSING_KEY_FAILED;
-
-    enum { BEFORE, SEARCHHEADER, INHEADER, INDATA, DONE } where;
-
-    where = BEFORE;
-
-    while (fgets(buf, sizeof(buf), f) != NULL) {
-	char *p;
-	int i;
-
-	i = strcspn(buf, "\n");
-	if (buf[i] == '\n') {
-	    buf[i] = '\0';
-	    if (i > 0)
-		i--;
-	}
-	if (buf[i] == '\r') {
-	    buf[i] = '\0';
-	    if (i > 0)
-		i--;
-	}
-	    
-	switch (where) {
-	case BEFORE:
-	    if (strncmp("-----BEGIN ", buf, 11) == 0) {
-		type = strdup(buf + 11);
-		if (type == NULL)
-		    break;
-		p = strchr(type, '-');
-		if (p)
-		    *p = '\0';
-		where = SEARCHHEADER;
-	    }
-	    break;
-	case SEARCHHEADER:
-	    p = strchr(buf, ':');
-	    if (p == NULL) {
-		where = INDATA;
-		goto indata;
-	    }
-	    /* FALLTHOUGH */
-	case INHEADER:
-	    if (buf[0] == '\0') {
-		where = INDATA;
-		break;
-	    }
-	    p = strchr(buf, ':');
-	    if (p) {
-		*p++ = '\0';
-		while (isspace((int)*p))
-		    p++;
-		ret = hx509_pem_add_header(&headers, buf, p);
-		if (ret)
-		    abort();
-	    }
-	    break;
-	case INDATA:
-	indata:
-
-	    if (strncmp("-----END ", buf, 9) == 0) {
-		where = DONE;
-		break;
-	    }
-
-	    p = emalloc(i);
-	    i = base64_decode(buf, p);
-	    if (i < 0) {
-		free(p);
-		goto out;
-	    }
-	    
-	    data = erealloc(data, len + i);
-	    memcpy(((char *)data) + len, p, i);
-	    free(p);
-	    len += i;
-	    break;
-	case DONE:
-	    abort();
-	}
-
-	if (where == DONE) {
-	    ret = (*func)(context, type, headers, data, len, ctx);
-	out:
-	    free(data);
-	    data = NULL;
-	    len = 0;
-	    free(type);
-	    type = NULL;
-	    where = BEFORE;
-	    hx509_pem_free_header(headers);
-	    headers = NULL;
-	    if (ret)
-		break;
-	}
-    }
-
-    if (where != BEFORE) {
-	hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
-			       "File ends before end of PEM end tag");
-	ret = HX509_PARSING_KEY_FAILED;
-    }
-    if (data)
-	free(data);
-    if (type)
-	free(type);
-    if (headers)
-	hx509_pem_free_header(headers);
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/hx509/hx509-private.h b/crypto/heimdal/lib/hx509/hx509-private.h
deleted file mode 100644
index 67bb843df59a..000000000000
--- a/crypto/heimdal/lib/hx509/hx509-private.h
+++ /dev/null
@@ -1,529 +0,0 @@
-/* This is a generated file */
-#ifndef __hx509_private_h__
-#define __hx509_private_h__
-
-#include <stdarg.h>
-
-#if !defined(__GNUC__) && !defined(__attribute__)
-#define __attribute__(x)
-#endif
-
-int
-_hx509_AlgorithmIdentifier_cmp (
-	const AlgorithmIdentifier */*p*/,
-	const AlgorithmIdentifier */*q*/);
-
-int
-_hx509_Certificate_cmp (
-	const Certificate */*p*/,
-	const Certificate */*q*/);
-
-int
-_hx509_Name_to_string (
-	const Name */*n*/,
-	char **/*str*/);
-
-time_t
-_hx509_Time2time_t (const Time */*t*/);
-
-void
-_hx509_abort (
-	const char */*fmt*/,
-	...)
-    __attribute__ ((noreturn, format (printf, 1, 2)));
-
-int
-_hx509_calculate_path (
-	hx509_context /*context*/,
-	int /*flags*/,
-	time_t /*time_now*/,
-	hx509_certs /*anchors*/,
-	unsigned int /*max_depth*/,
-	hx509_cert /*cert*/,
-	hx509_certs /*pool*/,
-	hx509_path */*path*/);
-
-int
-_hx509_cert_assign_key (
-	hx509_cert /*cert*/,
-	hx509_private_key /*private_key*/);
-
-int
-_hx509_cert_get_eku (
-	hx509_context /*context*/,
-	hx509_cert /*cert*/,
-	ExtKeyUsage */*e*/);
-
-int
-_hx509_cert_get_keyusage (
-	hx509_context /*context*/,
-	hx509_cert /*c*/,
-	KeyUsage */*ku*/);
-
-int
-_hx509_cert_get_version (const Certificate */*t*/);
-
-int
-_hx509_cert_is_parent_cmp (
-	const Certificate */*subject*/,
-	const Certificate */*issuer*/,
-	int /*allow_self_signed*/);
-
-int
-_hx509_cert_private_decrypt (
-	hx509_context /*context*/,
-	const heim_octet_string */*ciphertext*/,
-	const heim_oid */*encryption_oid*/,
-	hx509_cert /*p*/,
-	heim_octet_string */*cleartext*/);
-
-hx509_private_key
-_hx509_cert_private_key (hx509_cert /*p*/);
-
-int
-_hx509_cert_private_key_exportable (hx509_cert /*p*/);
-
-int
-_hx509_cert_public_encrypt (
-	hx509_context /*context*/,
-	const heim_octet_string */*cleartext*/,
-	const hx509_cert /*p*/,
-	heim_oid */*encryption_oid*/,
-	heim_octet_string */*ciphertext*/);
-
-void
-_hx509_cert_set_release (
-	hx509_cert /*cert*/,
-	_hx509_cert_release_func /*release*/,
-	void */*ctx*/);
-
-int
-_hx509_certs_keys_add (
-	hx509_context /*context*/,
-	hx509_certs /*certs*/,
-	hx509_private_key /*key*/);
-
-void
-_hx509_certs_keys_free (
-	hx509_context /*context*/,
-	hx509_private_key */*keys*/);
-
-int
-_hx509_certs_keys_get (
-	hx509_context /*context*/,
-	hx509_certs /*certs*/,
-	hx509_private_key **/*keys*/);
-
-hx509_certs
-_hx509_certs_ref (hx509_certs /*certs*/);
-
-int
-_hx509_check_key_usage (
-	hx509_context /*context*/,
-	hx509_cert /*cert*/,
-	unsigned /*flags*/,
-	int /*req_present*/);
-
-int
-_hx509_collector_alloc (
-	hx509_context /*context*/,
-	hx509_lock /*lock*/,
-	struct hx509_collector **/*collector*/);
-
-int
-_hx509_collector_certs_add (
-	hx509_context /*context*/,
-	struct hx509_collector */*c*/,
-	hx509_cert /*cert*/);
-
-int
-_hx509_collector_collect_certs (
-	hx509_context /*context*/,
-	struct hx509_collector */*c*/,
-	hx509_certs */*ret_certs*/);
-
-int
-_hx509_collector_collect_private_keys (
-	hx509_context /*context*/,
-	struct hx509_collector */*c*/,
-	hx509_private_key **/*keys*/);
-
-void
-_hx509_collector_free (struct hx509_collector */*c*/);
-
-hx509_lock
-_hx509_collector_get_lock (struct hx509_collector */*c*/);
-
-int
-_hx509_collector_private_key_add (
-	hx509_context /*context*/,
-	struct hx509_collector */*c*/,
-	const AlgorithmIdentifier */*alg*/,
-	hx509_private_key /*private_key*/,
-	const heim_octet_string */*key_data*/,
-	const heim_octet_string */*localKeyId*/);
-
-int
-_hx509_create_signature (
-	hx509_context /*context*/,
-	const hx509_private_key /*signer*/,
-	const AlgorithmIdentifier */*alg*/,
-	const heim_octet_string */*data*/,
-	AlgorithmIdentifier */*signatureAlgorithm*/,
-	heim_octet_string */*sig*/);
-
-int
-_hx509_create_signature_bitstring (
-	hx509_context /*context*/,
-	const hx509_private_key /*signer*/,
-	const AlgorithmIdentifier */*alg*/,
-	const heim_octet_string */*data*/,
-	AlgorithmIdentifier */*signatureAlgorithm*/,
-	heim_bit_string */*sig*/);
-
-int
-_hx509_find_extension_subject_key_id (
-	const Certificate */*issuer*/,
-	SubjectKeyIdentifier */*si*/);
-
-int
-_hx509_generate_private_key (
-	hx509_context /*context*/,
-	struct hx509_generate_private_context */*ctx*/,
-	hx509_private_key */*private_key*/);
-
-int
-_hx509_generate_private_key_bits (
-	hx509_context /*context*/,
-	struct hx509_generate_private_context */*ctx*/,
-	unsigned long /*bits*/);
-
-void
-_hx509_generate_private_key_free (struct hx509_generate_private_context **/*ctx*/);
-
-int
-_hx509_generate_private_key_init (
-	hx509_context /*context*/,
-	const heim_oid */*oid*/,
-	struct hx509_generate_private_context **/*ctx*/);
-
-int
-_hx509_generate_private_key_is_ca (
-	hx509_context /*context*/,
-	struct hx509_generate_private_context */*ctx*/);
-
-Certificate *
-_hx509_get_cert (hx509_cert /*cert*/);
-
-void
-_hx509_ks_dir_register (hx509_context /*context*/);
-
-void
-_hx509_ks_file_register (hx509_context /*context*/);
-
-void
-_hx509_ks_keychain_register (hx509_context /*context*/);
-
-void
-_hx509_ks_mem_register (hx509_context /*context*/);
-
-void
-_hx509_ks_null_register (hx509_context /*context*/);
-
-void
-_hx509_ks_pkcs11_register (hx509_context /*context*/);
-
-void
-_hx509_ks_pkcs12_register (hx509_context /*context*/);
-
-void
-_hx509_ks_register (
-	hx509_context /*context*/,
-	struct hx509_keyset_ops */*ops*/);
-
-int
-_hx509_lock_find_cert (
-	hx509_lock /*lock*/,
-	const hx509_query */*q*/,
-	hx509_cert */*c*/);
-
-const struct _hx509_password *
-_hx509_lock_get_passwords (hx509_lock /*lock*/);
-
-hx509_certs
-_hx509_lock_unlock_certs (hx509_lock /*lock*/);
-
-int
-_hx509_map_file (
-	const char */*fn*/,
-	void **/*data*/,
-	size_t */*length*/,
-	struct stat */*rsb*/);
-
-int
-_hx509_map_file_os (
-	const char */*fn*/,
-	heim_octet_string */*os*/,
-	struct stat */*rsb*/);
-
-int
-_hx509_match_keys (
-	hx509_cert /*c*/,
-	hx509_private_key /*private_key*/);
-
-int
-_hx509_name_cmp (
-	const Name */*n1*/,
-	const Name */*n2*/);
-
-int
-_hx509_name_ds_cmp (
-	const DirectoryString */*ds1*/,
-	const DirectoryString */*ds2*/);
-
-int
-_hx509_name_from_Name (
-	const Name */*n*/,
-	hx509_name */*name*/);
-
-int
-_hx509_name_modify (
-	hx509_context /*context*/,
-	Name */*name*/,
-	int /*append*/,
-	const heim_oid */*oid*/,
-	const char */*str*/);
-
-int
-_hx509_parse_private_key (
-	hx509_context /*context*/,
-	const heim_oid */*key_oid*/,
-	const void */*data*/,
-	size_t /*len*/,
-	hx509_private_key */*private_key*/);
-
-int
-_hx509_path_append (
-	hx509_context /*context*/,
-	hx509_path */*path*/,
-	hx509_cert /*cert*/);
-
-void
-_hx509_path_free (hx509_path */*path*/);
-
-int
-_hx509_pbe_decrypt (
-	hx509_context /*context*/,
-	hx509_lock /*lock*/,
-	const AlgorithmIdentifier */*ai*/,
-	const heim_octet_string */*econtent*/,
-	heim_octet_string */*content*/);
-
-int
-_hx509_pbe_encrypt (
-	hx509_context /*context*/,
-	hx509_lock /*lock*/,
-	const AlgorithmIdentifier */*ai*/,
-	const heim_octet_string */*content*/,
-	heim_octet_string */*econtent*/);
-
-void
-_hx509_pi_printf (
-	int (*/*func*/)(void *, const char *),
-	void */*ctx*/,
-	const char */*fmt*/,
-	...);
-
-int
-_hx509_private_key2SPKI (
-	hx509_context /*context*/,
-	hx509_private_key /*private_key*/,
-	SubjectPublicKeyInfo */*spki*/);
-
-void
-_hx509_private_key_assign_rsa (
-	hx509_private_key /*key*/,
-	void */*ptr*/);
-
-int
-_hx509_private_key_export (
-	hx509_context /*context*/,
-	const hx509_private_key /*key*/,
-	heim_octet_string */*data*/);
-
-int
-_hx509_private_key_exportable (hx509_private_key /*key*/);
-
-int
-_hx509_private_key_free (hx509_private_key */*key*/);
-
-BIGNUM *
-_hx509_private_key_get_internal (
-	hx509_context /*context*/,
-	hx509_private_key /*key*/,
-	const char */*type*/);
-
-int
-_hx509_private_key_init (
-	hx509_private_key */*key*/,
-	hx509_private_key_ops */*ops*/,
-	void */*keydata*/);
-
-int
-_hx509_private_key_oid (
-	hx509_context /*context*/,
-	const hx509_private_key /*key*/,
-	heim_oid */*data*/);
-
-int
-_hx509_private_key_private_decrypt (
-	hx509_context /*context*/,
-	const heim_octet_string */*ciphertext*/,
-	const heim_oid */*encryption_oid*/,
-	hx509_private_key /*p*/,
-	heim_octet_string */*cleartext*/);
-
-hx509_private_key
-_hx509_private_key_ref (hx509_private_key /*key*/);
-
-const char *
-_hx509_private_pem_name (hx509_private_key /*key*/);
-
-int
-_hx509_public_encrypt (
-	hx509_context /*context*/,
-	const heim_octet_string */*cleartext*/,
-	const Certificate */*cert*/,
-	heim_oid */*encryption_oid*/,
-	heim_octet_string */*ciphertext*/);
-
-void
-_hx509_query_clear (hx509_query */*q*/);
-
-int
-_hx509_query_match_cert (
-	hx509_context /*context*/,
-	const hx509_query */*q*/,
-	hx509_cert /*cert*/);
-
-void
-_hx509_query_statistic (
-	hx509_context /*context*/,
-	int /*type*/,
-	const hx509_query */*q*/);
-
-int
-_hx509_request_add_dns_name (
-	hx509_context /*context*/,
-	hx509_request /*req*/,
-	const char */*hostname*/);
-
-int
-_hx509_request_add_eku (
-	hx509_context /*context*/,
-	hx509_request /*req*/,
-	const heim_oid */*oid*/);
-
-int
-_hx509_request_add_email (
-	hx509_context /*context*/,
-	hx509_request /*req*/,
-	const char */*email*/);
-
-void
-_hx509_request_free (hx509_request */*req*/);
-
-int
-_hx509_request_get_SubjectPublicKeyInfo (
-	hx509_context /*context*/,
-	hx509_request /*req*/,
-	SubjectPublicKeyInfo */*key*/);
-
-int
-_hx509_request_get_name (
-	hx509_context /*context*/,
-	hx509_request /*req*/,
-	hx509_name */*name*/);
-
-int
-_hx509_request_init (
-	hx509_context /*context*/,
-	hx509_request */*req*/);
-
-int
-_hx509_request_parse (
-	hx509_context /*context*/,
-	const char */*path*/,
-	hx509_request */*req*/);
-
-int
-_hx509_request_print (
-	hx509_context /*context*/,
-	hx509_request /*req*/,
-	FILE */*f*/);
-
-int
-_hx509_request_set_SubjectPublicKeyInfo (
-	hx509_context /*context*/,
-	hx509_request /*req*/,
-	const SubjectPublicKeyInfo */*key*/);
-
-int
-_hx509_request_set_name (
-	hx509_context /*context*/,
-	hx509_request /*req*/,
-	hx509_name /*name*/);
-
-int
-_hx509_request_to_pkcs10 (
-	hx509_context /*context*/,
-	const hx509_request /*req*/,
-	const hx509_private_key /*signer*/,
-	heim_octet_string */*request*/);
-
-hx509_revoke_ctx
-_hx509_revoke_ref (hx509_revoke_ctx /*ctx*/);
-
-int
-_hx509_set_cert_attribute (
-	hx509_context /*context*/,
-	hx509_cert /*cert*/,
-	const heim_oid */*oid*/,
-	const heim_octet_string */*attr*/);
-
-void
-_hx509_unmap_file (
-	void */*data*/,
-	size_t /*len*/);
-
-void
-_hx509_unmap_file_os (heim_octet_string */*os*/);
-
-int
-_hx509_unparse_Name (
-	const Name */*aname*/,
-	char **/*str*/);
-
-int
-_hx509_verify_signature (
-	hx509_context /*context*/,
-	const Certificate */*signer*/,
-	const AlgorithmIdentifier */*alg*/,
-	const heim_octet_string */*data*/,
-	const heim_octet_string */*sig*/);
-
-int
-_hx509_verify_signature_bitstring (
-	hx509_context /*context*/,
-	const Certificate */*signer*/,
-	const AlgorithmIdentifier */*alg*/,
-	const heim_octet_string */*data*/,
-	const heim_bit_string */*sig*/);
-
-int
-_hx509_write_file (
-	const char */*fn*/,
-	const void */*data*/,
-	size_t /*length*/);
-
-#endif /* __hx509_private_h__ */
diff --git a/crypto/heimdal/lib/hx509/hx509-protos.h b/crypto/heimdal/lib/hx509/hx509-protos.h
deleted file mode 100644
index 50ce1b3df175..000000000000
--- a/crypto/heimdal/lib/hx509/hx509-protos.h
+++ /dev/null
@@ -1,1049 +0,0 @@
-/* This is a generated file */
-#ifndef __hx509_protos_h__
-#define __hx509_protos_h__
-
-#include <stdarg.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef HX509_LIB_FUNCTION
-#if defined(_WIN32)
-#define HX509_LIB_FUNCTION _stdcall
-#else
-#define HX509_LIB_FUNCTION
-#endif
-#endif
-
-void
-hx509_bitstring_print (
-	const heim_bit_string */*b*/,
-	hx509_vprint_func /*func*/,
-	void */*ctx*/);
-
-int
-hx509_ca_sign (
-	hx509_context /*context*/,
-	hx509_ca_tbs /*tbs*/,
-	hx509_cert /*signer*/,
-	hx509_cert */*certificate*/);
-
-int
-hx509_ca_sign_self (
-	hx509_context /*context*/,
-	hx509_ca_tbs /*tbs*/,
-	hx509_private_key /*signer*/,
-	hx509_cert */*certificate*/);
-
-int
-hx509_ca_tbs_add_crl_dp_uri (
-	hx509_context /*context*/,
-	hx509_ca_tbs /*tbs*/,
-	const char */*uri*/,
-	hx509_name /*issuername*/);
-
-int
-hx509_ca_tbs_add_eku (
-	hx509_context /*context*/,
-	hx509_ca_tbs /*tbs*/,
-	const heim_oid */*oid*/);
-
-int
-hx509_ca_tbs_add_san_hostname (
-	hx509_context /*context*/,
-	hx509_ca_tbs /*tbs*/,
-	const char */*dnsname*/);
-
-int
-hx509_ca_tbs_add_san_jid (
-	hx509_context /*context*/,
-	hx509_ca_tbs /*tbs*/,
-	const char */*jid*/);
-
-int
-hx509_ca_tbs_add_san_ms_upn (
-	hx509_context /*context*/,
-	hx509_ca_tbs /*tbs*/,
-	const char */*principal*/);
-
-int
-hx509_ca_tbs_add_san_otherName (
-	hx509_context /*context*/,
-	hx509_ca_tbs /*tbs*/,
-	const heim_oid */*oid*/,
-	const heim_octet_string */*os*/);
-
-int
-hx509_ca_tbs_add_san_pkinit (
-	hx509_context /*context*/,
-	hx509_ca_tbs /*tbs*/,
-	const char */*principal*/);
-
-int
-hx509_ca_tbs_add_san_rfc822name (
-	hx509_context /*context*/,
-	hx509_ca_tbs /*tbs*/,
-	const char */*rfc822Name*/);
-
-void
-hx509_ca_tbs_free (hx509_ca_tbs */*tbs*/);
-
-int
-hx509_ca_tbs_init (
-	hx509_context /*context*/,
-	hx509_ca_tbs */*tbs*/);
-
-int
-hx509_ca_tbs_set_ca (
-	hx509_context /*context*/,
-	hx509_ca_tbs /*tbs*/,
-	int /*pathLenConstraint*/);
-
-int
-hx509_ca_tbs_set_domaincontroller (
-	hx509_context /*context*/,
-	hx509_ca_tbs /*tbs*/);
-
-int
-hx509_ca_tbs_set_notAfter (
-	hx509_context /*context*/,
-	hx509_ca_tbs /*tbs*/,
-	time_t /*t*/);
-
-int
-hx509_ca_tbs_set_notAfter_lifetime (
-	hx509_context /*context*/,
-	hx509_ca_tbs /*tbs*/,
-	time_t /*delta*/);
-
-int
-hx509_ca_tbs_set_notBefore (
-	hx509_context /*context*/,
-	hx509_ca_tbs /*tbs*/,
-	time_t /*t*/);
-
-int
-hx509_ca_tbs_set_proxy (
-	hx509_context /*context*/,
-	hx509_ca_tbs /*tbs*/,
-	int /*pathLenConstraint*/);
-
-int
-hx509_ca_tbs_set_serialnumber (
-	hx509_context /*context*/,
-	hx509_ca_tbs /*tbs*/,
-	const heim_integer */*serialNumber*/);
-
-int
-hx509_ca_tbs_set_spki (
-	hx509_context /*context*/,
-	hx509_ca_tbs /*tbs*/,
-	const SubjectPublicKeyInfo */*spki*/);
-
-int
-hx509_ca_tbs_set_subject (
-	hx509_context /*context*/,
-	hx509_ca_tbs /*tbs*/,
-	hx509_name /*subject*/);
-
-int
-hx509_ca_tbs_set_template (
-	hx509_context /*context*/,
-	hx509_ca_tbs /*tbs*/,
-	int /*flags*/,
-	hx509_cert /*cert*/);
-
-int
-hx509_ca_tbs_subject_expand (
-	hx509_context /*context*/,
-	hx509_ca_tbs /*tbs*/,
-	hx509_env /*env*/);
-
-const struct units *
-hx509_ca_tbs_template_units (void);
-
-int
-hx509_cert_binary (
-	hx509_context /*context*/,
-	hx509_cert /*c*/,
-	heim_octet_string */*os*/);
-
-int
-hx509_cert_check_eku (
-	hx509_context /*context*/,
-	hx509_cert /*cert*/,
-	const heim_oid */*eku*/,
-	int /*allow_any_eku*/);
-
-int
-hx509_cert_cmp (
-	hx509_cert /*p*/,
-	hx509_cert /*q*/);
-
-int
-hx509_cert_find_subjectAltName_otherName (
-	hx509_context /*context*/,
-	hx509_cert /*cert*/,
-	const heim_oid */*oid*/,
-	hx509_octet_string_list */*list*/);
-
-void
-hx509_cert_free (hx509_cert /*cert*/);
-
-int
-hx509_cert_get_SPKI (
-	hx509_context /*context*/,
-	hx509_cert /*p*/,
-	SubjectPublicKeyInfo */*spki*/);
-
-int
-hx509_cert_get_SPKI_AlgorithmIdentifier (
-	hx509_context /*context*/,
-	hx509_cert /*p*/,
-	AlgorithmIdentifier */*alg*/);
-
-hx509_cert_attribute
-hx509_cert_get_attribute (
-	hx509_cert /*cert*/,
-	const heim_oid */*oid*/);
-
-int
-hx509_cert_get_base_subject (
-	hx509_context /*context*/,
-	hx509_cert /*c*/,
-	hx509_name */*name*/);
-
-const char *
-hx509_cert_get_friendly_name (hx509_cert /*cert*/);
-
-int
-hx509_cert_get_issuer (
-	hx509_cert /*p*/,
-	hx509_name */*name*/);
-
-time_t
-hx509_cert_get_notAfter (hx509_cert /*p*/);
-
-time_t
-hx509_cert_get_notBefore (hx509_cert /*p*/);
-
-int
-hx509_cert_get_serialnumber (
-	hx509_cert /*p*/,
-	heim_integer */*i*/);
-
-int
-hx509_cert_get_subject (
-	hx509_cert /*p*/,
-	hx509_name */*name*/);
-
-int
-hx509_cert_have_private_key (hx509_cert /*p*/);
-
-int
-hx509_cert_init (
-	hx509_context /*context*/,
-	const Certificate */*c*/,
-	hx509_cert */*cert*/);
-
-int
-hx509_cert_init_data (
-	hx509_context /*context*/,
-	const void */*ptr*/,
-	size_t /*len*/,
-	hx509_cert */*cert*/);
-
-int
-hx509_cert_keyusage_print (
-	hx509_context /*context*/,
-	hx509_cert /*c*/,
-	char **/*s*/);
-
-hx509_cert
-hx509_cert_ref (hx509_cert /*cert*/);
-
-int
-hx509_cert_set_friendly_name (
-	hx509_cert /*cert*/,
-	const char */*name*/);
-
-int
-hx509_certs_add (
-	hx509_context /*context*/,
-	hx509_certs /*certs*/,
-	hx509_cert /*cert*/);
-
-int
-hx509_certs_append (
-	hx509_context /*context*/,
-	hx509_certs /*to*/,
-	hx509_lock /*lock*/,
-	const char */*name*/);
-
-int
-hx509_certs_end_seq (
-	hx509_context /*context*/,
-	hx509_certs /*certs*/,
-	hx509_cursor /*cursor*/);
-
-int
-hx509_certs_find (
-	hx509_context /*context*/,
-	hx509_certs /*certs*/,
-	const hx509_query */*q*/,
-	hx509_cert */*r*/);
-
-void
-hx509_certs_free (hx509_certs */*certs*/);
-
-int
-hx509_certs_info (
-	hx509_context /*context*/,
-	hx509_certs /*certs*/,
-	int (*/*func*/)(void *, const char *),
-	void */*ctx*/);
-
-int
-hx509_certs_init (
-	hx509_context /*context*/,
-	const char */*name*/,
-	int /*flags*/,
-	hx509_lock /*lock*/,
-	hx509_certs */*certs*/);
-
-int
-hx509_certs_iter (
-	hx509_context /*context*/,
-	hx509_certs /*certs*/,
-	int (*/*func*/)(hx509_context, void *, hx509_cert),
-	void */*ctx*/);
-
-int
-hx509_certs_merge (
-	hx509_context /*context*/,
-	hx509_certs /*to*/,
-	hx509_certs /*from*/);
-
-int
-hx509_certs_next_cert (
-	hx509_context /*context*/,
-	hx509_certs /*certs*/,
-	hx509_cursor /*cursor*/,
-	hx509_cert */*cert*/);
-
-int
-hx509_certs_start_seq (
-	hx509_context /*context*/,
-	hx509_certs /*certs*/,
-	hx509_cursor */*cursor*/);
-
-int
-hx509_certs_store (
-	hx509_context /*context*/,
-	hx509_certs /*certs*/,
-	int /*flags*/,
-	hx509_lock /*lock*/);
-
-int
-hx509_ci_print_names (
-	hx509_context /*context*/,
-	void */*ctx*/,
-	hx509_cert /*c*/);
-
-void
-hx509_clear_error_string (hx509_context /*context*/);
-
-int
-hx509_cms_create_signed_1 (
-	hx509_context /*context*/,
-	int /*flags*/,
-	const heim_oid */*eContentType*/,
-	const void */*data*/,
-	size_t /*length*/,
-	const AlgorithmIdentifier */*digest_alg*/,
-	hx509_cert /*cert*/,
-	hx509_peer_info /*peer*/,
-	hx509_certs /*anchors*/,
-	hx509_certs /*pool*/,
-	heim_octet_string */*signed_data*/);
-
-int
-hx509_cms_decrypt_encrypted (
-	hx509_context /*context*/,
-	hx509_lock /*lock*/,
-	const void */*data*/,
-	size_t /*length*/,
-	heim_oid */*contentType*/,
-	heim_octet_string */*content*/);
-
-int
-hx509_cms_envelope_1 (
-	hx509_context /*context*/,
-	int /*flags*/,
-	hx509_cert /*cert*/,
-	const void */*data*/,
-	size_t /*length*/,
-	const heim_oid */*encryption_type*/,
-	const heim_oid */*contentType*/,
-	heim_octet_string */*content*/);
-
-int
-hx509_cms_unenvelope (
-	hx509_context /*context*/,
-	hx509_certs /*certs*/,
-	int /*flags*/,
-	const void */*data*/,
-	size_t /*length*/,
-	const heim_octet_string */*encryptedContent*/,
-	heim_oid */*contentType*/,
-	heim_octet_string */*content*/);
-
-int
-hx509_cms_unwrap_ContentInfo (
-	const heim_octet_string */*in*/,
-	heim_oid */*oid*/,
-	heim_octet_string */*out*/,
-	int */*have_data*/);
-
-int
-hx509_cms_verify_signed (
-	hx509_context /*context*/,
-	hx509_verify_ctx /*ctx*/,
-	const void */*data*/,
-	size_t /*length*/,
-	const heim_octet_string */*signedContent*/,
-	hx509_certs /*pool*/,
-	heim_oid */*contentType*/,
-	heim_octet_string */*content*/,
-	hx509_certs */*signer_certs*/);
-
-int
-hx509_cms_wrap_ContentInfo (
-	const heim_oid */*oid*/,
-	const heim_octet_string */*buf*/,
-	heim_octet_string */*res*/);
-
-void
-hx509_context_free (hx509_context */*context*/);
-
-int
-hx509_context_init (hx509_context */*context*/);
-
-void
-hx509_context_set_missing_revoke (
-	hx509_context /*context*/,
-	int /*flag*/);
-
-int
-hx509_crl_add_revoked_certs (
-	hx509_context /*context*/,
-	hx509_crl /*crl*/,
-	hx509_certs /*certs*/);
-
-int
-hx509_crl_alloc (
-	hx509_context /*context*/,
-	hx509_crl */*crl*/);
-
-void
-hx509_crl_free (
-	hx509_context /*context*/,
-	hx509_crl */*crl*/);
-
-int
-hx509_crl_lifetime (
-	hx509_context /*context*/,
-	hx509_crl /*crl*/,
-	int /*delta*/);
-
-int
-hx509_crl_sign (
-	hx509_context /*context*/,
-	hx509_cert /*signer*/,
-	hx509_crl /*crl*/,
-	heim_octet_string */*os*/);
-
-const AlgorithmIdentifier *
-hx509_crypto_aes128_cbc (void);
-
-const AlgorithmIdentifier *
-hx509_crypto_aes256_cbc (void);
-
-int
-hx509_crypto_available (
-	hx509_context /*context*/,
-	int /*type*/,
-	hx509_cert /*source*/,
-	AlgorithmIdentifier **/*val*/,
-	unsigned int */*plen*/);
-
-int
-hx509_crypto_decrypt (
-	hx509_crypto /*crypto*/,
-	const void */*data*/,
-	const size_t /*length*/,
-	heim_octet_string */*ivec*/,
-	heim_octet_string */*clear*/);
-
-const AlgorithmIdentifier *
-hx509_crypto_des_rsdi_ede3_cbc (void);
-
-void
-hx509_crypto_destroy (hx509_crypto /*crypto*/);
-
-int
-hx509_crypto_encrypt (
-	hx509_crypto /*crypto*/,
-	const void */*data*/,
-	const size_t /*length*/,
-	const heim_octet_string */*ivec*/,
-	heim_octet_string **/*ciphertext*/);
-
-const heim_oid *
-hx509_crypto_enctype_by_name (const char */*name*/);
-
-void
-hx509_crypto_free_algs (
-	AlgorithmIdentifier */*val*/,
-	unsigned int /*len*/);
-
-int
-hx509_crypto_get_params (
-	hx509_context /*context*/,
-	hx509_crypto /*crypto*/,
-	const heim_octet_string */*ivec*/,
-	heim_octet_string */*param*/);
-
-int
-hx509_crypto_init (
-	hx509_context /*context*/,
-	const char */*provider*/,
-	const heim_oid */*enctype*/,
-	hx509_crypto */*crypto*/);
-
-const char *
-hx509_crypto_provider (hx509_crypto /*crypto*/);
-
-int
-hx509_crypto_random_iv (
-	hx509_crypto /*crypto*/,
-	heim_octet_string */*ivec*/);
-
-int
-hx509_crypto_select (
-	const hx509_context /*context*/,
-	int /*type*/,
-	const hx509_private_key /*source*/,
-	hx509_peer_info /*peer*/,
-	AlgorithmIdentifier */*selected*/);
-
-int
-hx509_crypto_set_key_data (
-	hx509_crypto /*crypto*/,
-	const void */*data*/,
-	size_t /*length*/);
-
-int
-hx509_crypto_set_key_name (
-	hx509_crypto /*crypto*/,
-	const char */*name*/);
-
-int
-hx509_crypto_set_params (
-	hx509_context /*context*/,
-	hx509_crypto /*crypto*/,
-	const heim_octet_string */*param*/,
-	heim_octet_string */*ivec*/);
-
-int
-hx509_crypto_set_random_key (
-	hx509_crypto /*crypto*/,
-	heim_octet_string */*key*/);
-
-int
-hx509_env_add (
-	hx509_context /*context*/,
-	hx509_env /*env*/,
-	const char */*key*/,
-	const char */*value*/);
-
-void
-hx509_env_free (hx509_env */*env*/);
-
-int
-hx509_env_init (
-	hx509_context /*context*/,
-	hx509_env */*env*/);
-
-const char *
-hx509_env_lfind (
-	hx509_context /*context*/,
-	hx509_env /*env*/,
-	const char */*key*/,
-	size_t /*len*/);
-
-void
-hx509_err (
-	hx509_context /*context*/,
-	int /*exit_code*/,
-	int /*error_code*/,
-	const char */*fmt*/,
-	...);
-
-void
-hx509_free_error_string (char */*str*/);
-
-void
-hx509_free_octet_string_list (hx509_octet_string_list */*list*/);
-
-int
-hx509_general_name_unparse (
-	GeneralName */*name*/,
-	char **/*str*/);
-
-char *
-hx509_get_error_string (
-	hx509_context /*context*/,
-	int /*error_code*/);
-
-int
-hx509_get_one_cert (
-	hx509_context /*context*/,
-	hx509_certs /*certs*/,
-	hx509_cert */*c*/);
-
-int
-hx509_lock_add_cert (
-	hx509_context /*context*/,
-	hx509_lock /*lock*/,
-	hx509_cert /*cert*/);
-
-int
-hx509_lock_add_certs (
-	hx509_context /*context*/,
-	hx509_lock /*lock*/,
-	hx509_certs /*certs*/);
-
-int
-hx509_lock_add_password (
-	hx509_lock /*lock*/,
-	const char */*password*/);
-
-int
-hx509_lock_command_string (
-	hx509_lock /*lock*/,
-	const char */*string*/);
-
-void
-hx509_lock_free (hx509_lock /*lock*/);
-
-int
-hx509_lock_init (
-	hx509_context /*context*/,
-	hx509_lock */*lock*/);
-
-int
-hx509_lock_prompt (
-	hx509_lock /*lock*/,
-	hx509_prompt */*prompt*/);
-
-void
-hx509_lock_reset_certs (
-	hx509_context /*context*/,
-	hx509_lock /*lock*/);
-
-void
-hx509_lock_reset_passwords (hx509_lock /*lock*/);
-
-void
-hx509_lock_reset_promper (hx509_lock /*lock*/);
-
-int
-hx509_lock_set_prompter (
-	hx509_lock /*lock*/,
-	hx509_prompter_fct /*prompt*/,
-	void */*data*/);
-
-int
-hx509_name_binary (
-	const hx509_name /*name*/,
-	heim_octet_string */*os*/);
-
-int
-hx509_name_cmp (
-	hx509_name /*n1*/,
-	hx509_name /*n2*/);
-
-int
-hx509_name_copy (
-	hx509_context /*context*/,
-	const hx509_name /*from*/,
-	hx509_name */*to*/);
-
-int
-hx509_name_expand (
-	hx509_context /*context*/,
-	hx509_name /*name*/,
-	hx509_env /*env*/);
-
-void
-hx509_name_free (hx509_name */*name*/);
-
-int
-hx509_name_is_null_p (const hx509_name /*name*/);
-
-int
-hx509_name_normalize (
-	hx509_context /*context*/,
-	hx509_name /*name*/);
-
-int
-hx509_name_to_Name (
-	const hx509_name /*from*/,
-	Name */*to*/);
-
-int
-hx509_name_to_string (
-	const hx509_name /*name*/,
-	char **/*str*/);
-
-int
-hx509_ocsp_request (
-	hx509_context /*context*/,
-	hx509_certs /*reqcerts*/,
-	hx509_certs /*pool*/,
-	hx509_cert /*signer*/,
-	const AlgorithmIdentifier */*digest*/,
-	heim_octet_string */*request*/,
-	heim_octet_string */*nonce*/);
-
-int
-hx509_ocsp_verify (
-	hx509_context /*context*/,
-	time_t /*now*/,
-	hx509_cert /*cert*/,
-	int /*flags*/,
-	const void */*data*/,
-	size_t /*length*/,
-	time_t */*expiration*/);
-
-void
-hx509_oid_print (
-	const heim_oid */*oid*/,
-	hx509_vprint_func /*func*/,
-	void */*ctx*/);
-
-int
-hx509_oid_sprint (
-	const heim_oid */*oid*/,
-	char **/*str*/);
-
-int
-hx509_parse_name (
-	hx509_context /*context*/,
-	const char */*str*/,
-	hx509_name */*name*/);
-
-int
-hx509_peer_info_alloc (
-	hx509_context /*context*/,
-	hx509_peer_info */*peer*/);
-
-void
-hx509_peer_info_free (hx509_peer_info /*peer*/);
-
-int
-hx509_peer_info_set_cert (
-	hx509_peer_info /*peer*/,
-	hx509_cert /*cert*/);
-
-int
-hx509_peer_info_set_cms_algs (
-	hx509_context /*context*/,
-	hx509_peer_info /*peer*/,
-	const AlgorithmIdentifier */*val*/,
-	size_t /*len*/);
-
-int
-hx509_pem_add_header (
-	hx509_pem_header **/*headers*/,
-	const char */*header*/,
-	const char */*value*/);
-
-const char *
-hx509_pem_find_header (
-	const hx509_pem_header */*h*/,
-	const char */*header*/);
-
-void
-hx509_pem_free_header (hx509_pem_header */*headers*/);
-
-int
-hx509_pem_read (
-	hx509_context /*context*/,
-	FILE */*f*/,
-	hx509_pem_read_func /*func*/,
-	void */*ctx*/);
-
-int
-hx509_pem_write (
-	hx509_context /*context*/,
-	const char */*type*/,
-	hx509_pem_header */*headers*/,
-	FILE */*f*/,
-	const void */*data*/,
-	size_t /*size*/);
-
-void
-hx509_print_stdout (
-	void */*ctx*/,
-	const char */*fmt*/,
-	va_list /*va*/);
-
-int
-hx509_prompt_hidden (hx509_prompt_type /*type*/);
-
-int
-hx509_query_alloc (
-	hx509_context /*context*/,
-	hx509_query **/*q*/);
-
-void
-hx509_query_free (
-	hx509_context /*context*/,
-	hx509_query */*q*/);
-
-int
-hx509_query_match_cmp_func (
-	hx509_query */*q*/,
-	int (*/*func*/)(void *, hx509_cert),
-	void */*ctx*/);
-
-int
-hx509_query_match_friendly_name (
-	hx509_query */*q*/,
-	const char */*name*/);
-
-int
-hx509_query_match_issuer_serial (
-	hx509_query */*q*/,
-	const Name */*issuer*/,
-	const heim_integer */*serialNumber*/);
-
-void
-hx509_query_match_option (
-	hx509_query */*q*/,
-	hx509_query_option /*option*/);
-
-void
-hx509_query_statistic_file (
-	hx509_context /*context*/,
-	const char */*fn*/);
-
-void
-hx509_query_unparse_stats (
-	hx509_context /*context*/,
-	int /*printtype*/,
-	FILE */*out*/);
-
-int
-hx509_revoke_add_crl (
-	hx509_context /*context*/,
-	hx509_revoke_ctx /*ctx*/,
-	const char */*path*/);
-
-int
-hx509_revoke_add_ocsp (
-	hx509_context /*context*/,
-	hx509_revoke_ctx /*ctx*/,
-	const char */*path*/);
-
-void
-hx509_revoke_free (hx509_revoke_ctx */*ctx*/);
-
-int
-hx509_revoke_init (
-	hx509_context /*context*/,
-	hx509_revoke_ctx */*ctx*/);
-
-int
-hx509_revoke_ocsp_print (
-	hx509_context /*context*/,
-	const char */*path*/,
-	FILE */*out*/);
-
-int
-hx509_revoke_verify (
-	hx509_context /*context*/,
-	hx509_revoke_ctx /*ctx*/,
-	hx509_certs /*certs*/,
-	time_t /*now*/,
-	hx509_cert /*cert*/,
-	hx509_cert /*parent_cert*/);
-
-void
-hx509_set_error_string (
-	hx509_context /*context*/,
-	int /*flags*/,
-	int /*code*/,
-	const char */*fmt*/,
-	...);
-
-void
-hx509_set_error_stringv (
-	hx509_context /*context*/,
-	int /*flags*/,
-	int /*code*/,
-	const char */*fmt*/,
-	va_list /*ap*/);
-
-const AlgorithmIdentifier *
-hx509_signature_md2 (void);
-
-const AlgorithmIdentifier *
-hx509_signature_md5 (void);
-
-const AlgorithmIdentifier *
-hx509_signature_rsa (void);
-
-const AlgorithmIdentifier *
-hx509_signature_rsa_pkcs1_x509 (void);
-
-const AlgorithmIdentifier *
-hx509_signature_rsa_with_md2 (void);
-
-const AlgorithmIdentifier *
-hx509_signature_rsa_with_md5 (void);
-
-const AlgorithmIdentifier *
-hx509_signature_rsa_with_sha1 (void);
-
-const AlgorithmIdentifier *
-hx509_signature_rsa_with_sha256 (void);
-
-const AlgorithmIdentifier *
-hx509_signature_rsa_with_sha384 (void);
-
-const AlgorithmIdentifier *
-hx509_signature_rsa_with_sha512 (void);
-
-const AlgorithmIdentifier *
-hx509_signature_sha1 (void);
-
-const AlgorithmIdentifier *
-hx509_signature_sha256 (void);
-
-const AlgorithmIdentifier *
-hx509_signature_sha384 (void);
-
-const AlgorithmIdentifier *
-hx509_signature_sha512 (void);
-
-int
-hx509_unparse_der_name (
-	const void */*data*/,
-	size_t /*length*/,
-	char **/*str*/);
-
-int
-hx509_validate_cert (
-	hx509_context /*context*/,
-	hx509_validate_ctx /*ctx*/,
-	hx509_cert /*cert*/);
-
-void
-hx509_validate_ctx_add_flags (
-	hx509_validate_ctx /*ctx*/,
-	int /*flags*/);
-
-void
-hx509_validate_ctx_free (hx509_validate_ctx /*ctx*/);
-
-int
-hx509_validate_ctx_init (
-	hx509_context /*context*/,
-	hx509_validate_ctx */*ctx*/);
-
-void
-hx509_validate_ctx_set_print (
-	hx509_validate_ctx /*ctx*/,
-	hx509_vprint_func /*func*/,
-	void */*c*/);
-
-void
-hx509_verify_attach_anchors (
-	hx509_verify_ctx /*ctx*/,
-	hx509_certs /*set*/);
-
-void
-hx509_verify_attach_revoke (
-	hx509_verify_ctx /*ctx*/,
-	hx509_revoke_ctx /*revoke_ctx*/);
-
-void
-hx509_verify_ctx_f_allow_default_trustanchors (
-	hx509_verify_ctx /*ctx*/,
-	int /*boolean*/);
-
-void
-hx509_verify_destroy_ctx (hx509_verify_ctx /*ctx*/);
-
-int
-hx509_verify_hostname (
-	hx509_context /*context*/,
-	const hx509_cert /*cert*/,
-	int /*flags*/,
-	hx509_hostname_type /*type*/,
-	const char */*hostname*/,
-	const struct sockaddr */*sa*/,
-	int /*sa_size*/);
-
-int
-hx509_verify_init_ctx (
-	hx509_context /*context*/,
-	hx509_verify_ctx */*ctx*/);
-
-int
-hx509_verify_path (
-	hx509_context /*context*/,
-	hx509_verify_ctx /*ctx*/,
-	hx509_cert /*cert*/,
-	hx509_certs /*pool*/);
-
-void
-hx509_verify_set_max_depth (
-	hx509_verify_ctx /*ctx*/,
-	unsigned int /*max_depth*/);
-
-void
-hx509_verify_set_proxy_certificate (
-	hx509_verify_ctx /*ctx*/,
-	int /*boolean*/);
-
-void
-hx509_verify_set_strict_rfc3280_verification (
-	hx509_verify_ctx /*ctx*/,
-	int /*boolean*/);
-
-void
-hx509_verify_set_time (
-	hx509_verify_ctx /*ctx*/,
-	time_t /*t*/);
-
-int
-hx509_verify_signature (
-	hx509_context /*context*/,
-	const hx509_cert /*signer*/,
-	const AlgorithmIdentifier */*alg*/,
-	const heim_octet_string */*data*/,
-	const heim_octet_string */*sig*/);
-
-void
-hx509_xfree (void */*ptr*/);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __hx509_protos_h__ */
diff --git a/crypto/heimdal/lib/hx509/hx509.h b/crypto/heimdal/lib/hx509/hx509.h
deleted file mode 100644
index be02f6347490..000000000000
--- a/crypto/heimdal/lib/hx509/hx509.h
+++ /dev/null
@@ -1,148 +0,0 @@
-/*
- * Copyright (c) 2004 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: hx509.h 22464 2008-01-16 14:24:50Z lha $ */
-
-typedef struct hx509_cert_attribute_data *hx509_cert_attribute;
-typedef struct hx509_cert_data *hx509_cert;
-typedef struct hx509_certs_data *hx509_certs;
-typedef struct hx509_context_data *hx509_context;
-typedef struct hx509_crypto_data *hx509_crypto;
-typedef struct hx509_lock_data *hx509_lock;
-typedef struct hx509_name_data *hx509_name;
-typedef struct hx509_private_key *hx509_private_key;
-typedef struct hx509_validate_ctx_data *hx509_validate_ctx;
-typedef struct hx509_verify_ctx_data *hx509_verify_ctx;
-typedef struct hx509_revoke_ctx_data *hx509_revoke_ctx;
-typedef struct hx509_query_data hx509_query;
-typedef void * hx509_cursor;
-typedef struct hx509_request_data *hx509_request;
-typedef struct hx509_error_data *hx509_error;
-typedef struct hx509_peer_info *hx509_peer_info;
-typedef struct hx509_ca_tbs *hx509_ca_tbs;
-typedef struct hx509_env *hx509_env;
-typedef struct hx509_crl *hx509_crl;
-
-typedef void (*hx509_vprint_func)(void *, const char *, va_list);
-
-enum {
-    HX509_VHN_F_ALLOW_NO_MATCH = 1
-};
-
-enum {
-    HX509_VALIDATE_F_VALIDATE = 1,
-    HX509_VALIDATE_F_VERBOSE = 2
-};
-
-struct hx509_cert_attribute_data {
-    heim_oid oid;
-    heim_octet_string data;
-};
-
-typedef enum {
-    HX509_PROMPT_TYPE_PASSWORD		= 0x1,	/* password, hidden */
-    HX509_PROMPT_TYPE_QUESTION		= 0x2,	/* question, not hidden */
-    HX509_PROMPT_TYPE_INFO		= 0x4	/* infomation, reply doesn't matter */
-} hx509_prompt_type;
-
-typedef struct hx509_prompt {
-    const char *prompt;
-    hx509_prompt_type type;
-    heim_octet_string reply;
-} hx509_prompt;
-
-typedef int (*hx509_prompter_fct)(void *, const hx509_prompt *);
-
-typedef struct hx509_octet_string_list {
-    size_t len;
-    heim_octet_string *val;
-} hx509_octet_string_list;
-
-typedef struct hx509_pem_header {
-    struct hx509_pem_header *next;
-    char *header;
-    char *value;
-} hx509_pem_header;
-
-typedef int
-(*hx509_pem_read_func)(hx509_context, const char *, const hx509_pem_header *,
-		       const void *, size_t, void *ctx);
-
-/*
- * Options passed to hx509_query_match_option.
- */
-typedef enum {
-    HX509_QUERY_OPTION_PRIVATE_KEY = 1,
-    HX509_QUERY_OPTION_KU_ENCIPHERMENT = 2,
-    HX509_QUERY_OPTION_KU_DIGITALSIGNATURE = 3,
-    HX509_QUERY_OPTION_KU_KEYCERTSIGN = 4,
-    HX509_QUERY_OPTION_END = 0xffff
-} hx509_query_option;
-
-/* flags to hx509_certs_init */
-#define HX509_CERTS_CREATE				0x01
-#define HX509_CERTS_UNPROTECT_ALL			0x02
-
-/* flags to hx509_set_error_string */
-#define HX509_ERROR_APPEND				0x01
-
-/* flags to hx509_cms_unenvelope */
-#define HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT	0x01
-
-/* selectors passed to hx509_crypto_select and hx509_crypto_available */
-#define HX509_SELECT_ALL 0
-#define HX509_SELECT_DIGEST 1
-#define HX509_SELECT_PUBLIC_SIG 2
-#define HX509_SELECT_PUBLIC_ENC 3
-#define HX509_SELECT_SECRET_ENC 4
-
-/* flags to hx509_ca_tbs_set_template */
-#define HX509_CA_TEMPLATE_SUBJECT 1
-#define HX509_CA_TEMPLATE_SERIAL 2
-#define HX509_CA_TEMPLATE_NOTBEFORE 4
-#define HX509_CA_TEMPLATE_NOTAFTER 8
-#define HX509_CA_TEMPLATE_SPKI 16
-#define HX509_CA_TEMPLATE_KU 32
-#define HX509_CA_TEMPLATE_EKU 64
-
-/* flags hx509_cms_create_signed* */
-#define HX509_CMS_SIGATURE_DETACHED 1
-#define HX509_CMS_SIGATURE_ID_NAME 2
-
-/* hx509_verify_hostname nametype */
-typedef enum  {
-    HX509_HN_HOSTNAME = 0,
-    HX509_HN_DNSSRV
-} hx509_hostname_type;
-
-#include <hx509-protos.h>
diff --git a/crypto/heimdal/lib/hx509/hx509_err.et b/crypto/heimdal/lib/hx509/hx509_err.et
deleted file mode 100644
index 8fc5cb8f2f7e..000000000000
--- a/crypto/heimdal/lib/hx509/hx509_err.et
+++ /dev/null
@@ -1,101 +0,0 @@
-#
-# Error messages for the hx509 library
-#
-# This might look like a com_err file, but is not
-#
-id "$Id: hx509_err.et 22329 2007-12-15 05:13:14Z lha $"
-
-error_table hx
-prefix HX509
-
-# path validateion and construction related errors
-error_code BAD_TIMEFORMAT,	"ASN.1 failed call to system time library"
-error_code EXTENSION_NOT_FOUND,	"Extension not found"
-error_code NO_PATH,		"Certification path not found"
-error_code PARENT_NOT_CA,	"Parent certificate is not a CA"
-error_code CA_PATH_TOO_DEEP,	"CA path too deep"
-error_code SIG_ALG_NO_SUPPORTED, "Signature algorithm not supported"
-error_code SIG_ALG_DONT_MATCH_KEY_ALG, "Signature algorithm doesn't match certificate key"
-error_code CERT_USED_BEFORE_TIME, "Certificate used before it became valid"
-error_code CERT_USED_AFTER_TIME, "Certificate used after it became invalid"
-error_code PRIVATE_KEY_MISSING,	"Private key required for the operation is missing"
-error_code ALG_NOT_SUPP, 	"Algorithm not supported"
-error_code ISSUER_NOT_FOUND, 	"Issuer couldn't be found"
-error_code VERIFY_CONSTRAINTS,	"Error verifing constraints"
-error_code RANGE,		"Number too large"
-error_code NAME_CONSTRAINT_ERROR, "Error while verifing name constraints"
-error_code PATH_TOO_LONG, "Path is too long, failed to find valid anchor"
-error_code KU_CERT_MISSING, "Required keyusage for this certificate is missing"
-error_code CERT_NOT_FOUND, "Certificate not found"
-error_code UNKNOWN_LOCK_COMMAND, "Unknown lock command"
-error_code PARENT_IS_CA, "Parent certificate is a CA"
-error_code EXTRA_DATA_AFTER_STRUCTURE, "Extra data was found after the structure"
-error_code PROXY_CERT_INVALID, "Proxy certificate is invalid"
-error_code PROXY_CERT_NAME_WRONG, "Proxy certificate name is wrong"
-error_code NAME_MALFORMED, "Name is malformated"
-error_code CERTIFICATE_MALFORMED, "Certificate is malformated"
-error_code CERTIFICATE_MISSING_EKU, "Certificate is missing a required EKU"
-error_code PROXY_CERTIFICATE_NOT_CANONICALIZED, "Proxy certificate not canonicalize" 
-
-# cms related errors
-index 32
-prefix HX509_CMS
-error_code FAILED_CREATE_SIGATURE, "Failed to create signature"
-error_code MISSING_SIGNER_DATA, "Missing signer data"
-error_code SIGNER_NOT_FOUND, "Couldn't find signers certificate"
-error_code NO_DATA_AVAILABLE, "No data to perform the operation on"
-error_code INVALID_DATA, "Data in the message is invalid"
-error_code PADDING_ERROR, "Padding in the message invalid"
-error_code NO_RECIPIENT_CERTIFICATE, "Couldn't find recipient certificate"
-error_code DATA_OID_MISMATCH, "Mismatch bewteen signed type and unsigned type"
-
-# crypto related errors
-index 64
-prefix HX509_CRYPTO
-error_code INTERNAL_ERROR, "Internal error in the crypto engine"
-error_code EXTERNAL_ERROR, "External error in the crypto engine"
-error_code SIGNATURE_MISSING, "Signature missing for data"
-error_code BAD_SIGNATURE, "Signature is not valid"
-error_code SIG_NO_CONF, "Sigature doesn't provide confidentiality"
-error_code SIG_INVALID_FORMAT, "Invalid format on signature"
-error_code OID_MISMATCH, "Mismatch bewteen oids"
-error_code NO_PROMPTER, "No prompter function defined"
-error_code SIGNATURE_WITHOUT_SIGNER, "Signature require signer, but non available"
-error_code RSA_PUBLIC_ENCRYPT, "RSA public encyption failed"
-error_code RSA_PRIVATE_ENCRYPT, "RSA public encyption failed"
-error_code RSA_PUBLIC_DECRYPT, "RSA private decryption failed"
-error_code RSA_PRIVATE_DECRYPT, "RSA private decryption failed"
-
-# revoke related errors
-index 96
-prefix HX509
-error_code CRL_USED_BEFORE_TIME, "CRL used before it became valid"
-error_code CRL_USED_AFTER_TIME, "CRL used after it became invalid"
-error_code CRL_INVALID_FORMAT, "CRL have invalid format"
-error_code CERT_REVOKED, "Certificate is revoked"
-error_code REVOKE_STATUS_MISSING, "No revoke status found for certificates"
-error_code CRL_UNKNOWN_EXTENSION, "Unknown extension"
-error_code REVOKE_WRONG_DATA, "Got wrong CRL/OCSP data from server"
-error_code REVOKE_NOT_SAME_PARENT, "Doesn't have same parent as other certificates"
-error_code CERT_NOT_IN_OCSP, "Certificates not in OCSP reply"
-
-# misc error
-index 108
-error_code LOCAL_ATTRIBUTE_MISSING, "No local key attribute"
-error_code PARSING_KEY_FAILED, "Failed to parse key"
-error_code UNSUPPORTED_OPERATION, "Unsupported operation"
-error_code UNIMPLEMENTED_OPERATION, "Unimplemented operation"
-error_code PARSING_NAME_FAILED, "Failed to parse name"
-
-# keystore related error
-index 128
-prefix HX509_PKCS11
-error_code NO_SLOT,  "No smartcard reader/device found"
-error_code NO_TOKEN,  "No smartcard in reader"
-error_code NO_MECH,  "No supported mech(s)"
-error_code TOKEN_CONFUSED,  "Token or slot failed in inconsistent way"
-error_code OPEN_SESSION,  "Failed to open session to slot"
-error_code LOGIN,  "Failed to login to slot"
-error_code LOAD,  "Failed to load PKCS module"
-
-end
diff --git a/crypto/heimdal/lib/hx509/hx_locl.h b/crypto/heimdal/lib/hx509/hx_locl.h
deleted file mode 100644
index 145bfcc006d0..000000000000
--- a/crypto/heimdal/lib/hx509/hx_locl.h
+++ /dev/null
@@ -1,199 +0,0 @@
-/*
- * Copyright (c) 2004 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: hx_locl.h 21083 2007-06-13 02:11:19Z lha $ */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <ctype.h>
-#include <errno.h>
-#include <strings.h>
-#include <assert.h>
-#include <stdarg.h>
-#include <err.h>
-#include <getarg.h>
-#include <base64.h>
-#include <hex.h>
-#include <roken.h>
-#include <com_err.h>
-#include <parse_units.h>
-#include <parse_bytes.h>
-
-#include <krb5-types.h>
-
-#include <rfc2459_asn1.h>
-#include <cms_asn1.h>
-#include <pkcs8_asn1.h>
-#include <pkcs9_asn1.h>
-#include <pkcs12_asn1.h>
-#include <ocsp_asn1.h>
-#include <pkcs10_asn1.h>
-#include <asn1_err.h>
-#include <pkinit_asn1.h>
-
-#include <der.h>
-
-#include "crypto-headers.h"
-
-struct hx509_keyset_ops;
-struct hx509_collector;
-struct hx509_generate_private_context;
-typedef struct hx509_path hx509_path;
-
-#include <hx509.h>
-
-typedef void (*_hx509_cert_release_func)(struct hx509_cert_data *, void *);
-
-typedef struct hx509_private_key_ops hx509_private_key_ops;
-
-#include <hx509-private.h>
-#include <hx509_err.h>
-
-struct hx509_peer_info {
-    hx509_cert cert;
-    AlgorithmIdentifier *val;
-    size_t len;
-};
-
-#define HX509_CERTS_FIND_SERIALNUMBER		1
-#define HX509_CERTS_FIND_ISSUER			2
-#define HX509_CERTS_FIND_SUBJECT		4
-#define HX509_CERTS_FIND_ISSUER_KEY_ID		8
-#define HX509_CERTS_FIND_SUBJECT_KEY_ID		16
-
-struct hx509_name_data {
-    Name der_name;
-};
-
-struct hx509_path {
-    size_t len;
-    hx509_cert *val;
-};
-
-struct hx509_query_data {
-    int match;
-#define HX509_QUERY_FIND_ISSUER_CERT		0x000001
-#define HX509_QUERY_MATCH_SERIALNUMBER		0x000002
-#define HX509_QUERY_MATCH_ISSUER_NAME		0x000004
-#define HX509_QUERY_MATCH_SUBJECT_NAME		0x000008
-#define HX509_QUERY_MATCH_SUBJECT_KEY_ID	0x000010
-#define HX509_QUERY_MATCH_ISSUER_ID		0x000020
-#define HX509_QUERY_PRIVATE_KEY			0x000040
-#define HX509_QUERY_KU_ENCIPHERMENT		0x000080
-#define HX509_QUERY_KU_DIGITALSIGNATURE		0x000100
-#define HX509_QUERY_KU_KEYCERTSIGN		0x000200
-#define HX509_QUERY_KU_CRLSIGN			0x000400
-#define HX509_QUERY_KU_NONREPUDIATION		0x000800
-#define HX509_QUERY_KU_KEYAGREEMENT		0x001000
-#define HX509_QUERY_KU_DATAENCIPHERMENT		0x002000
-#define HX509_QUERY_ANCHOR			0x004000
-#define HX509_QUERY_MATCH_CERTIFICATE		0x008000
-#define HX509_QUERY_MATCH_LOCAL_KEY_ID		0x010000
-#define HX509_QUERY_NO_MATCH_PATH		0x020000
-#define HX509_QUERY_MATCH_FRIENDLY_NAME		0x040000
-#define HX509_QUERY_MATCH_FUNCTION		0x080000
-#define HX509_QUERY_MATCH_KEY_HASH_SHA1		0x100000
-#define HX509_QUERY_MATCH_TIME			0x200000
-#define HX509_QUERY_MASK			0x3fffff
-    Certificate *subject;
-    Certificate *certificate;
-    heim_integer *serial;
-    heim_octet_string *subject_id;
-    heim_octet_string *local_key_id;
-    Name *issuer_name;
-    Name *subject_name;
-    hx509_path *path;
-    char *friendlyname;
-    int (*cmp_func)(void *, hx509_cert);
-    void *cmp_func_ctx;
-    heim_octet_string *keyhash_sha1;
-    time_t timenow;
-};
-
-struct hx509_keyset_ops {
-    const char *name;
-    int flags;
-    int (*init)(hx509_context, hx509_certs, void **, 
-		int, const char *, hx509_lock);
-    int (*store)(hx509_context, hx509_certs, void *, int, hx509_lock);
-    int (*free)(hx509_certs, void *);
-    int (*add)(hx509_context, hx509_certs, void *, hx509_cert);
-    int (*query)(hx509_context, hx509_certs, void *, 
-		 const hx509_query *, hx509_cert *);
-    int (*iter_start)(hx509_context, hx509_certs, void *, void **);
-    int (*iter)(hx509_context, hx509_certs, void *, void *, hx509_cert *);
-    int (*iter_end)(hx509_context, hx509_certs, void *, void *);
-    int (*printinfo)(hx509_context, hx509_certs, 
-		     void *, int (*)(void *, const char *), void *);
-    int (*getkeys)(hx509_context, hx509_certs, void *, hx509_private_key **);
-    int (*addkey)(hx509_context, hx509_certs, void *, hx509_private_key);
-};
-
-struct _hx509_password {
-    size_t len;
-    char **val;
-};
-
-extern hx509_lock _hx509_empty_lock;
-
-struct hx509_context_data {
-    struct hx509_keyset_ops **ks_ops;
-    int ks_num_ops;
-    int flags;
-#define HX509_CTX_VERIFY_MISSING_OK	1
-    int ocsp_time_diff;
-#define HX509_DEFAULT_OCSP_TIME_DIFF	(5*60)
-    hx509_error error;
-    struct et_list *et_list;
-    char *querystat;
-    hx509_certs default_trust_anchors;
-};
-
-/* _hx509_calculate_path flag field */
-#define HX509_CALCULATE_PATH_NO_ANCHOR 1
-
-extern const AlgorithmIdentifier * _hx509_crypto_default_sig_alg;
-extern const AlgorithmIdentifier * _hx509_crypto_default_digest_alg;
-extern const AlgorithmIdentifier * _hx509_crypto_default_secret_alg;
-
-/*
- * Configurable options
- */
-
-#ifdef __APPLE__
-#define HX509_DEFAULT_ANCHORS "KEYCHAIN:system-anchors"
-#endif
diff --git a/crypto/heimdal/lib/hx509/hxtool-commands.in b/crypto/heimdal/lib/hx509/hxtool-commands.in
deleted file mode 100644
index b648ecf584ae..000000000000
--- a/crypto/heimdal/lib/hx509/hxtool-commands.in
+++ /dev/null
@@ -1,707 +0,0 @@
-/*
- * Copyright (c) 2005 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-/* $Id: hxtool-commands.in 21343 2007-06-26 14:21:55Z lha $ */
-
-command = {
-	name = "cms-create-sd"
-	option = {
-		long = "certificate"
-		short = "c"
-		type = "strings"
-		argument = "certificate-store"
-		help = "certificate stores to pull certificates from"
-	}
-	option = {
-		long = "signer"
-		short = "s"
-		type = "string"
-		argument = "signer-friendly-name"
-		help = "certificate to sign with"
-	}
-	option = {
-		long = "anchors"
-		type = "strings"
-		argument = "certificate-store"
-		help = "trust anchors"
-	}
-	option = {
-		long = "pool"
-		type = "strings"
-		argument = "certificate-pool"
-		help = "certificate store to pull certificates from"
-	}
-	option = {
-		long = "pass"
-		type = "strings"
-		argument = "password"
-		help = "password, prompter, or environment"
-	}
-	option = {
-		long = "peer-alg"
-		type = "strings"
-		argument = "oid"
-		help = "oid that the peer support"
-	}
-	option = {
-		long = "content-type"
-		type = "string"
-		argument = "oid"
-		help = "content type oid"
-	}
-	option = {
-		long = "content-info"
-		type = "flag"
-		help = "wrapped out-data in a ContentInfo"
-	}
-	option = {
-		long = "pem"
-		type = "flag"
-		help = "wrap out-data in PEM armor"
-	}
-	option = {
-		long = "detached-signature"
-		type = "flag"
-		help = "create a detached signature"
-	}
-	option = {
-		long = "id-by-name"
-		type = "flag"
-		help = "use subject name for CMS Identifier"
-	}
-	min_args="2"
-	max_args="2"
-	argument="in-file out-file"
-	help = "Wrap a file within a SignedData object"
-}
-command = {
-	name = "cms-verify-sd"
-	option = {
-		long = "anchors"
-		type = "strings"
-		argument = "certificate-store"
-		help = "trust anchors"
-	}
-	option = {
-		long = "certificate"
-		short = "c"
-		type = "strings"
-		argument = "certificate-store"
-		help = "certificate store to pull certificates from"
-	}
-	option = {
-		long = "pass"
-		type = "strings"
-		argument = "password"
-		help = "password, prompter, or environment"
-	}
-	option = {
-		long = "missing-revoke"
-		type = "flag"
-		help = "missing CRL/OCSP is ok"
-	}
-	option = {
-		long = "content-info"
-		type = "flag"
-		help = "unwrap in-data that's in a ContentInfo"
-	}
-	option = {
-		long = "signed-content"
-		type = "string"
-		help = "file containing content"
-	}
-	min_args="2"
-	max_args="2"
-	argument="in-file out-file"
-	help = "Verify a file within a SignedData object"
-}
-command = {
-	name = "cms-unenvelope"
-	option = {
-		long = "certificate"
-		short = "c"
-		type = "strings"
-		argument = "certificate-store"
-		help = "certificate used to decrypt the data"
-	}
-	option = {
-		long = "pass"
-		type = "strings"
-		argument = "password"
-		help = "password, prompter, or environment"
-	}
-	option = {
-		long = "content-info"
-		type = "flag"
-		help = "wrapped out-data in a ContentInfo"
-	}
-	min_args="2"
-	argument="in-file out-file"
-	help = "Unenvelope a file containing a EnvelopedData object"
-}
-command = {
-	name = "cms-envelope"
-	function = "cms_create_enveloped"
-	option = {
-		long = "certificate"
-		short = "c"
-		type = "strings"
-		argument = "certificate-store"
-		help = "certificates used to receive the data"
-	}
-	option = {
-		long = "pass"
-		type = "strings"
-		argument = "password"
-		help = "password, prompter, or environment"
-	}
-	option = {
-		long = "encryption-type"
-		type = "string"
-		argument = "enctype"
-		help = "enctype"
-	}
-	option = {
-		long = "content-type"
-		type = "string"
-		argument = "oid"
-		help = "content type oid"
-	}
-	option = {
-		long = "content-info"
-		type = "flag"
-		help = "wrapped out-data in a ContentInfo"
-	}
-	min_args="2"
-	argument="in-file out-file"
-	help = "Envelope a file containing a EnvelopedData object"
-}
-command = {
-	name = "verify"
-	function = "pcert_verify"
-	option = {
-		long = "pass"
-		type = "strings"
-		argument = "password"
-		help = "password, prompter, or environment"
-	}
-	option = {
-		long = "allow-proxy-certificate"
-		type = "flag"
-		help = "allow proxy certificates"
-	}
-	option = {
-		long = "missing-revoke"
-		type = "flag"
-		help = "missing CRL/OCSP is ok"
-	}
-	option = {
-		long = "time"
-		type = "string"
-		help = "time when to validate the chain"
-	}
-	option = {
-		long = "verbose"
-		short = "v"
-		type = "flag"
-		help = "verbose logging"
-	}
-	option = {
-		long = "max-depth"
-		type = "integer"
-		help = "maximum search length of certificate trust anchor"
-	}
-	option = {
-		long = "hostname"
-		type = "string"
-		help = "match hostname to certificate"
-	}
-	argument = "cert:foo chain:cert1 chain:cert2 anchor:anchor1 anchor:anchor2"
-	help = "Verify certificate chain"
-}
-command = {
-	name = "print"
-	function = "pcert_print"
-	option = {
-		long = "pass"
-		type = "strings"
-		argument = "password"
-		help = "password, prompter, or environment"
-	}
-	option = {
-		long = "content"
-		type = "flag"
-		help = "print the content of the certificates"
-	}
-	option = {
-		long = "info"
-		type = "flag"
-		help = "print the information about the certificate store"
-	}
-	min_args="1"
-	argument="certificate ..."
-	help = "Print certificates"
-}
-command = {
-	name = "validate"
-	function = "pcert_validate"
-	option = {
-		long = "pass"
-		type = "strings"
-		argument = "password"
-		help = "password, prompter, or environment"
-	}
-	min_args="1"
-	argument="certificate ..."
-	help = "Validate content of certificates"
-}
-command = {
-	name = "certificate-copy"
-	name = "cc"
-	option = {
-		long = "in-pass"
-		type = "strings"
-		argument = "password"
-		help = "password, prompter, or environment"
-	}
-	option = {
-		long = "out-pass"
-		type = "string"
-		argument = "password"
-		help = "password, prompter, or environment"
-	}
-	min_args="2"
-	argument="in-certificates-1 ... out-certificate"
-	help = "Copy in certificates stores into out certificate store"
-}
-command = {
-	name = "ocsp-fetch"
-	option = {
-		long = "pass"
-		type = "strings"
-		argument = "password"
-		help = "password, prompter, or environment"
-	}
-	option = {
-		long = "sign"
-		type = "string"
-		argument = "certificate"
-		help = "certificate use to sign the request"
-	}
-	option = {
-		long = "url-path"
-		type = "string"
-		argument = "url"
-		help = "part after host in url to put in the request"
-	}
-	option = {
-		long = "nonce"
-		type = "-flag"
-		default = "1"
-		help = "don't include nonce in request"
-	}
-	option = {
-		long = "pool"
-		type = "strings"
-		argument = "certificate-store"
-		help = "pool to find parent certificate in"
-	}
-	min_args="2"
-	argument="outfile certs ..."
-	help = "Fetch OCSP responses for the following certs"
-}
-command = {
-	option = {
-		long = "ocsp-file"
-		type = "string"
-		help = "OCSP file"
-	}
-	name = "ocsp-verify"
-	min_args="1"
-	argument="certificates ..."
-	help = "Check that certificates are in OCSP file and valid"
-}
-command = {
-	name = "ocsp-print"
-	option = {
-		long = "verbose"
-		type = "flag"
-		help = "verbose"
-	}
-	min_args="1"
-	argument="ocsp-response-file ..."
-	help = "Print the OCSP responses"
-}
-command = {
-	name = "request-create"
-	option = {
-		long = "subject"
-		type = "string"
-		help = "Subject DN"
-	}
-	option = {
-		long = "email"
-		type = "strings"
-		help = "Email address in SubjectAltName"
-	}
-	option = {
-		long = "dnsname"
-		type = "strings"
-		help = "Hostname or domainname in SubjectAltName"
-	}
-	option = {
-		long = "type"
-		type = "string"
-		help = "Type of request CRMF or PKCS10, defaults to PKCS10"
-	}
-	option = {
-		long = "key"
-		type = "string"
-		help = "Key-pair"
-	}
-	option = {
-		long = "generate-key"
-		type = "string"
-		help = "keytype"
-	}
-	option = {
-	        long = "key-bits"
-		type = "integer"
-		help = "number of bits in the generated key";
-	}
-	option = {
-		long = "verbose"
-		type = "flag"
-		help = "verbose status"
-	}
-	min_args="1"
-	max_args="1"
-	argument="output-file"
-	help = "Create a CRMF or PKCS10 request"
-}
-command = {
-	name = "request-print"
-	option = {
-		long = "verbose"
-		type = "flag"
-		help = "verbose printing"
-	}
-	min_args="1"
-	argument="requests ..."
-	help = "Print requests"
-}
-command = {
-	name = "query"
-	option = {
-		long = "exact"
-		type = "flag"
-		help = "exact match"
-	}
-	option = {
-		long = "private-key"
-		type = "flag"
-		help = "search for private key"
-	}
-	option = {
-		long = "friendlyname"
-		type = "string"
-		argument = "name"
-		help = "match on friendly name"
-	}
-	option = {
-		long = "keyEncipherment"
-		type = "flag"
-		help = "match keyEncipherment certificates"
-	}
-	option = {
-		long = "digitalSignature"
-		type = "flag"
-		help = "match digitalSignature certificates"
-	}
-	option = {
-		long = "print"
-		type = "flag"
-		help = "print matches"
-	}
-	option = {
-		long = "pass"
-		type = "strings"
-		argument = "password"
-		help = "password, prompter, or environment"
-	}
-	min_args="1"
-	argument="certificates ..."
-	help = "Query the certificates for a match"
-}
-command = {
-	name = "info"
-}
-command = {
-	name = "random-data"
-	min_args="1"
-	argument="bytes"
-	help = "Generates random bytes and prints them to standard output"
-}
-command = {
-	option = {
-		long = "type"
-		type = "string"
-		help = "type of CMS algorithm"
-	}
-	name = "crypto-available"
-	min_args="0"
-	help = "Print available CMS crypto types"
-}
-command = {
-	option = {
-		long = "type"
-		type = "string"
-		help = "type of CMS algorithm"
-	}
-	option = {
-		long = "certificate"
-		type = "string"
-		help = "source certificate limiting the choices"
-	}
-	option = {
-		long = "peer-cmstype"
-		type = "strings"
-		help = "peer limiting cmstypes"
-	}
-	name = "crypto-select"
-	min_args="0"
-	help = "Print selected CMS type"
-}
-command = {
-	option = {
-		long = "decode"
-		short = "d"
-		type = "flag"
-		help = "decode instead of encode"
-	}
-	name = "hex"
-	function = "hxtool_hex"
-	min_args="0"
-	help = "Encode input to hex"
-}
-command = {
-	option = {
-		long = "issue-ca"
-		type = "flag"
-		help = "Issue a CA certificate"
-	}
-	option = {
-		long = "issue-proxy"
-		type = "flag"
-		help = "Issue a proxy certificate"
-	}
-	option = {
-		long = "domain-controller"
-		type = "flag"
-		help = "Issue a MS domaincontroller certificate"
-	}
-	option = {
-		long = "subject"
-		type = "string"
-		help = "Subject of issued certificate"
-	}
-	option = {
-		long = "ca-certificate"
-		type = "string"
-		help = "Issuing CA certificate"
-	}
-	option = {
-		long = "self-signed"
-		type = "flag"
-		help = "Issuing a self-signed certificate"
-	}
-	option = {
-		long = "ca-private-key"
-		type = "string"
-		help = "Private key for self-signed certificate"
-	}
-	option = {
-		long = "certificate"
-		type = "string"
-		help = "Issued certificate"
-	}
-	option = {
-		long = "type"
-		type = "strings"
-		help = "Type of certificate to issue"
-	}
-	option = {
-		long = "lifetime"
-		type = "string"
-		help = "Lifetime of certificate"
-	}
-	option = {
-		long = "serial-number"
-		type = "string"
-		help = "serial-number of certificate"
-	}
-	option = {
-		long = "path-length"
-		default = "-1"
-		type = "integer"
-		help = "Maximum path length (CA and proxy certificates), -1 no limit"
-	}
-	option = {
-		long = "hostname"
-		type = "strings"
-		help = "DNS names this certificate is allowed to serve"
-	}
-	option = {
-		long = "email"
-		type = "strings"
-		help = "email addresses assigned to this certificate"
-	}
-	option = {
-		long = "pk-init-principal"
-		type = "string"
-		help = "PK-INIT principal (for SAN)"
-	}
-	option = {
-		long = "ms-upn"
-		type = "string"
-		help = "Microsoft UPN (for SAN)"
-	}
-	option = {
-		long = "jid"
-		type = "string"
-		help = "XMPP jabber id (for SAN)"
-	}
-	option = {
-		long = "req"
-		type = "string"
-		help = "certificate request"
-	}
-	option = {
-		long = "certificate-private-key"
-		type = "string"
-		help = "private-key"
-	}
-	option = {
-		long = "generate-key"
-		type = "string"
-		help = "keytype"
-	}
-	option = {
-	        long = "key-bits"
-		type = "integer"
-		help = "number of bits in the generated key"
-	}
-	option = {
-	        long = "crl-uri"
-		type = "string"
-		help = "URI to CRL"
-	}
-	option = {
-		long = "template-certificate"
-		type = "string"
-		help = "certificate"
-	}
-	option = {
-		long = "template-fields"
-		type = "string"
-		help = "flag"
-	}
-	name = "certificate-sign"
-	name = "cert-sign"
-	name = "issue-certificate"
-	name = "ca"
-	function = "hxtool_ca"
-	min_args="0"
-	help = "Issue a certificate"
-}
-command = {
-	name = "test-crypto"
-	option = {
-		long = "pass"
-		type = "strings"
-		argument = "password"
-		help = "password, prompter, or environment"
-	}
-	option = {
-		long = "verbose"
-		type = "flag"
-		help = "verbose printing"
-	}
-	min_args="1"
-	argument="certificates..."
-	help = "Test crypto system related to the certificates"
-}
-command = {
-	option = {
-		long = "type"
-		type = "integer"
-		help = "type of statistics"
-	}
-	name = "statistic-print"
-	min_args="0"
-	help = "Print statistics"
-}
-command = {
-	option = {
-		long = "signer"
-		type = "string"
-		help = "signer certificate"
-	}
-	option = {
-		long = "pass"
-		type = "strings"
-		argument = "password"
-		help = "password, prompter, or environment"
-	}
-	option = {
-		long = "crl-file"
-		type = "string"
-		help = "CRL output file"
-	}
-	option = {
-		long = "lifetime"
-		type = "string"
-		help = "time the crl will be valid"
-	}
-	name = "crl-sign"
-	min_args="0"
-	argument="certificates..."
-	help = "Create a CRL"
-}
-command = {
-	name = "help"
-	name = "?"
-	argument = "[command]"
-	min_args = "0"
-	max_args = "1"
-	help = "Help! I need somebody"
-}
diff --git a/crypto/heimdal/lib/hx509/hxtool.c b/crypto/heimdal/lib/hx509/hxtool.c
deleted file mode 100644
index 55410b1da75d..000000000000
--- a/crypto/heimdal/lib/hx509/hxtool.c
+++ /dev/null
@@ -1,1986 +0,0 @@
-/*
- * Copyright (c) 2004 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-RCSID("$Id: hxtool.c 22333 2007-12-17 01:03:43Z lha $");
-
-#include <hxtool-commands.h>
-#include <sl.h>
-#include <parse_time.h>
-
-static hx509_context context;
-
-static char *stat_file_string;
-static int version_flag;
-static int help_flag;
-
-struct getargs args[] = {
-    { "statistic-file", 0, arg_string, &stat_file_string },
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 0, arg_flag, &help_flag }
-};
-int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(int code)
-{
-    arg_printusage(args, num_args, NULL, "command");
-    printf("Use \"%s help\" to get more help\n", getprogname());
-    exit(code);
-}
-
-/*
- *
- */
-
-static void
-lock_strings(hx509_lock lock, getarg_strings *pass)
-{
-    int i;
-    for (i = 0; i < pass->num_strings; i++) {
-	int ret = hx509_lock_command_string(lock, pass->strings[i]);
-	if (ret)
-	    errx(1, "hx509_lock_command_string: %s: %d", 
-		 pass->strings[i], ret);
-    }
-}
-
-/*
- *
- */
-
-static void
-certs_strings(hx509_context context, const char *type, hx509_certs certs,
-	      hx509_lock lock, const getarg_strings *s)
-{
-    int i, ret;
-
-    for (i = 0; i < s->num_strings; i++) {
-	ret = hx509_certs_append(context, certs, lock, s->strings[i]);
-	if (ret)
-	    hx509_err(context, 1, ret,
-		      "hx509_certs_append: %s %s", type, s->strings[i]);
-    }
-}
-
-/*
- *
- */
-
-static void
-parse_oid(const char *str, const heim_oid *def, heim_oid *oid)
-{
-    int ret;
-    if (str)
-	ret = der_parse_heim_oid (str, " .", oid);
-    else
-	ret = der_copy_oid(def, oid);
-    if  (ret)
-	errx(1, "parse_oid failed for: %s", str ? str : "default oid");
-}
-
-/*
- *
- */
-
-static void
-peer_strings(hx509_context context,
-	     hx509_peer_info *peer, 
-	     const getarg_strings *s)
-{
-    AlgorithmIdentifier *val;
-    int ret, i;
-    
-    ret = hx509_peer_info_alloc(context, peer);
-    if (ret)
-	hx509_err(context, 1, ret, "hx509_peer_info_alloc");
-    
-    val = calloc(s->num_strings, sizeof(*val));
-    if (val == NULL)
-	err(1, "malloc");
-
-    for (i = 0; i < s->num_strings; i++)
-	parse_oid(s->strings[i], NULL, &val[i].algorithm);
-	    
-    ret = hx509_peer_info_set_cms_algs(context, *peer, val, s->num_strings);
-    if (ret)
-	hx509_err(context, 1, ret, "hx509_peer_info_set_cms_algs");
-
-    for (i = 0; i < s->num_strings; i++)
-	free_AlgorithmIdentifier(&val[i]);
-    free(val);
-}
-
-/*
- *
- */
-
-int
-cms_verify_sd(struct cms_verify_sd_options *opt, int argc, char **argv)
-{
-    hx509_verify_ctx ctx = NULL;
-    heim_oid type;
-    heim_octet_string c, co, signeddata, *sd = NULL;
-    hx509_certs store = NULL;
-    hx509_certs signers = NULL;
-    hx509_certs anchors = NULL;
-    hx509_lock lock;
-    int ret;
-
-    size_t sz;
-    void *p;
-
-    if (opt->missing_revoke_flag)
-	hx509_context_set_missing_revoke(context, 1);
-
-    hx509_lock_init(context, &lock);
-    lock_strings(lock, &opt->pass_strings);
-
-    ret = _hx509_map_file(argv[0], &p, &sz, NULL);
-    if (ret)
-	err(1, "map_file: %s: %d", argv[0], ret);
-
-    if (opt->signed_content_string) {
-	ret = _hx509_map_file_os(opt->signed_content_string, &signeddata, NULL);
-	if (ret)
-	    err(1, "map_file: %s: %d", opt->signed_content_string, ret);
-	sd = &signeddata;
-    }
-
-    ret = hx509_verify_init_ctx(context, &ctx);
-
-    ret = hx509_certs_init(context, "MEMORY:cms-anchors", 0, NULL, &anchors);
-    ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &store);
-
-    certs_strings(context, "anchors", anchors, lock, &opt->anchors_strings);
-    certs_strings(context, "store", store, lock, &opt->certificate_strings);
-
-    co.data = p;
-    co.length = sz;
-
-    if (opt->content_info_flag) {
-	heim_octet_string uwco;
-	heim_oid oid;
-
-	ret = hx509_cms_unwrap_ContentInfo(&co, &oid, &uwco, NULL);
-	if (ret)
-	    errx(1, "hx509_cms_unwrap_ContentInfo: %d", ret);
-
-	if (der_heim_oid_cmp(&oid, oid_id_pkcs7_signedData()) != 0)
-	    errx(1, "Content is not SignedData");
-	der_free_oid(&oid);
-
-	co = uwco;
-    }
-
-    hx509_verify_attach_anchors(ctx, anchors);
-
-    ret = hx509_cms_verify_signed(context, ctx, co.data, co.length, sd,
-				  store, &type, &c, &signers);
-    if (co.data != p)
-	der_free_octet_string(&co);
-    if (ret)
-	hx509_err(context, 1, ret, "hx509_cms_verify_signed");
-
-    {
-	char *str;
-	der_print_heim_oid(&type, '.', &str);
-	printf("type: %s\n", str);
-	free(str);
-	der_free_oid(&type);
-    }
-    printf("signers:\n");
-    hx509_certs_iter(context, signers, hx509_ci_print_names, stdout);
-
-    hx509_verify_destroy_ctx(ctx);
-
-    hx509_certs_free(&store);
-    hx509_certs_free(&signers);
-    hx509_certs_free(&anchors);
-
-    hx509_lock_free(lock);
-
-    ret = _hx509_write_file(argv[1], c.data, c.length);
-    if (ret)
-	errx(1, "hx509_write_file: %d", ret);
-
-    der_free_octet_string(&c);
-    _hx509_unmap_file(p, sz);
-    if (sd)
-	_hx509_unmap_file_os(sd);
-
-    return 0;
-}
-
-int
-cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv)
-{
-    heim_oid contentType;
-    hx509_peer_info peer = NULL;
-    heim_octet_string o;
-    hx509_query *q;
-    hx509_lock lock;
-    hx509_certs store, pool, anchors;
-    hx509_cert cert;
-    size_t sz;
-    void *p;
-    int ret, flags = 0;
-    char *signer_name = NULL;
-
-    memset(&contentType, 0, sizeof(contentType));
-
-    if (argc < 2)
-	errx(1, "argc < 2");
-
-    hx509_lock_init(context, &lock);
-    lock_strings(lock, &opt->pass_strings);
-
-    ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &store);
-    ret = hx509_certs_init(context, "MEMORY:cert-pool", 0, NULL, &pool);
-
-    certs_strings(context, "store", store, lock, &opt->certificate_strings);
-    certs_strings(context, "pool", pool, lock, &opt->pool_strings);
-
-    if (opt->anchors_strings.num_strings) {
-	ret = hx509_certs_init(context, "MEMORY:cert-anchors", 
-			       0, NULL, &anchors);
-	certs_strings(context, "anchors", anchors, lock, &opt->anchors_strings);
-    } else
-	anchors = NULL;
-
-    if (opt->detached_signature_flag)
-	flags |= HX509_CMS_SIGATURE_DETACHED;
-    if (opt->id_by_name_flag)
-	flags |= HX509_CMS_SIGATURE_ID_NAME;
-
-    ret = hx509_query_alloc(context, &q);
-    if (ret)
-	errx(1, "hx509_query_alloc: %d", ret);
-
-    hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
-    hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE);
-			     
-    if (opt->signer_string)
-	hx509_query_match_friendly_name(q, opt->signer_string);
-
-    ret = hx509_certs_find(context, store, q, &cert);
-    hx509_query_free(context, q);
-    if (ret)
-	hx509_err(context, 1, ret, "hx509_certs_find");
-
-    ret = _hx509_map_file(argv[0], &p, &sz, NULL);
-    if (ret)
-	err(1, "map_file: %s: %d", argv[0], ret);
-
-    if (opt->peer_alg_strings.num_strings)
-	peer_strings(context, &peer, &opt->peer_alg_strings);
-
-    parse_oid(opt->content_type_string, oid_id_pkcs7_data(), &contentType);
-
-    ret = hx509_cms_create_signed_1(context,
-				    flags,
-				    &contentType,
-				    p,
-				    sz, 
-				    NULL,
-				    cert,
-				    peer,
-				    anchors,
-				    pool,
-				    &o);
-    if (ret)
-	errx(1, "hx509_cms_create_signed: %d", ret);
-
-    {
-	hx509_name name;
-	
-	ret = hx509_cert_get_subject(cert, &name);
-	if (ret)
-	    errx(1, "hx509_cert_get_subject");
-	
-	ret = hx509_name_to_string(name, &signer_name);
-	hx509_name_free(&name);
-	if (ret)
-	    errx(1, "hx509_name_to_string");
-    }
-
-
-    hx509_certs_free(&anchors);
-    hx509_certs_free(&pool);
-    hx509_cert_free(cert);
-    hx509_certs_free(&store);
-    _hx509_unmap_file(p, sz);
-    hx509_lock_free(lock);
-    hx509_peer_info_free(peer);
-    der_free_oid(&contentType);
-
-    if (opt->content_info_flag) {
-	heim_octet_string wo;
-
-	ret = hx509_cms_wrap_ContentInfo(oid_id_pkcs7_signedData(), &o, &wo);
-	if (ret)
-	    errx(1, "hx509_cms_wrap_ContentInfo: %d", ret);
-
-	der_free_octet_string(&o);
-	o = wo;
-    }
-
-    if (opt->pem_flag) {
-	hx509_pem_header *header = NULL;
-	FILE *f;
-
-	hx509_pem_add_header(&header, "Content-disposition", 
-			     opt->detached_signature_flag ? "detached" : "inline");
-	hx509_pem_add_header(&header, "Signer", signer_name);
-
-	f = fopen(argv[1], "w");
-	if (f == NULL)
-	    err(1, "open %s", argv[1]);
-	
-	ret = hx509_pem_write(context, "CMS SIGNEDDATA", header, f, 
-			      o.data, o.length);
-	fclose(f);
-	hx509_pem_free_header(header);
-	if (ret)
-	    errx(1, "hx509_pem_write: %d", ret);
-
-    } else {
-	ret = _hx509_write_file(argv[1], o.data, o.length);
-	if (ret)
-	    errx(1, "hx509_write_file: %d", ret);
-    }
-
-    free(signer_name);
-    free(o.data);
-
-    return 0;
-}
-
-int
-cms_unenvelope(struct cms_unenvelope_options *opt, int argc, char **argv)
-{
-    heim_oid contentType = { 0, NULL };
-    heim_octet_string o, co;
-    hx509_certs certs;
-    size_t sz;
-    void *p;
-    int ret;
-    hx509_lock lock;
-
-    hx509_lock_init(context, &lock);
-    lock_strings(lock, &opt->pass_strings);
-
-    ret = _hx509_map_file(argv[0], &p, &sz, NULL);
-    if (ret)
-	err(1, "map_file: %s: %d", argv[0], ret);
-
-    co.data = p;
-    co.length = sz;
-
-    if (opt->content_info_flag) {
-	heim_octet_string uwco;
-	heim_oid oid;
-
-	ret = hx509_cms_unwrap_ContentInfo(&co, &oid, &uwco, NULL);
-	if (ret)
-	    errx(1, "hx509_cms_unwrap_ContentInfo: %d", ret);
-
-	if (der_heim_oid_cmp(&oid, oid_id_pkcs7_envelopedData()) != 0)
-	    errx(1, "Content is not SignedData");
-	der_free_oid(&oid);
-
-	co = uwco;
-    }
-
-    ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &certs);
-    if (ret)
-	errx(1, "hx509_certs_init: MEMORY: %d", ret);
-
-    certs_strings(context, "store", certs, lock, &opt->certificate_strings);
-
-    ret = hx509_cms_unenvelope(context, certs, 0, co.data, co.length,
-			       NULL, &contentType, &o);
-    if (co.data != p)
-	der_free_octet_string(&co);
-    if (ret)
-	hx509_err(context, 1, ret, "hx509_cms_unenvelope");
-
-    _hx509_unmap_file(p, sz);
-    hx509_lock_free(lock);
-    hx509_certs_free(&certs);
-    der_free_oid(&contentType);
-
-    ret = _hx509_write_file(argv[1], o.data, o.length);
-    if (ret)
-	errx(1, "hx509_write_file: %d", ret);
-
-    der_free_octet_string(&o);
-
-    return 0;
-}
-
-int
-cms_create_enveloped(struct cms_envelope_options *opt, int argc, char **argv)
-{
-    heim_oid contentType;
-    heim_octet_string o;
-    const heim_oid *enctype = NULL;
-    hx509_query *q;
-    hx509_certs certs;
-    hx509_cert cert;
-    int ret;
-    size_t sz;
-    void *p;
-    hx509_lock lock;
-
-    memset(&contentType, 0, sizeof(contentType));
-
-    hx509_lock_init(context, &lock);
-    lock_strings(lock, &opt->pass_strings);
-
-    ret = _hx509_map_file(argv[0], &p, &sz, NULL);
-    if (ret)
-	err(1, "map_file: %s: %d", argv[0], ret);
-
-    ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &certs);
-
-    certs_strings(context, "store", certs, lock, &opt->certificate_strings);
-
-    if (opt->encryption_type_string) {
-	enctype = hx509_crypto_enctype_by_name(opt->encryption_type_string);
-	if (enctype == NULL)
-	    errx(1, "encryption type: %s no found", 
-		 opt->encryption_type_string);
-    }
-
-    ret = hx509_query_alloc(context, &q);
-    if (ret)
-	errx(1, "hx509_query_alloc: %d", ret);
-
-    hx509_query_match_option(q, HX509_QUERY_OPTION_KU_ENCIPHERMENT);
-
-    ret = hx509_certs_find(context, certs, q, &cert);
-    hx509_query_free(context, q);
-    if (ret)
-	errx(1, "hx509_certs_find: %d", ret);
-
-    parse_oid(opt->content_type_string, oid_id_pkcs7_data(), &contentType);
-
-    ret = hx509_cms_envelope_1(context, 0, cert, p, sz, enctype, 
-			       &contentType, &o);
-    if (ret)
-	errx(1, "hx509_cms_envelope_1: %d", ret);
-
-    hx509_cert_free(cert);
-    hx509_certs_free(&certs);
-    _hx509_unmap_file(p, sz);
-    der_free_oid(&contentType);
-
-    if (opt->content_info_flag) {
-	heim_octet_string wo;
-
-	ret = hx509_cms_wrap_ContentInfo(oid_id_pkcs7_envelopedData(), &o, &wo);
-	if (ret)
-	    errx(1, "hx509_cms_wrap_ContentInfo: %d", ret);
-
-	der_free_octet_string(&o);
-	o = wo;
-    }
-
-    hx509_lock_free(lock);
-
-    ret = _hx509_write_file(argv[1], o.data, o.length);
-    if (ret)
-	errx(1, "hx509_write_file: %d", ret);
-
-    der_free_octet_string(&o);
-
-    return 0;
-}
-
-static void
-print_certificate(hx509_context hxcontext, hx509_cert cert, int verbose)
-{
-    hx509_name name;
-    const char *fn;
-    char *str;
-    int ret;
-    
-    fn = hx509_cert_get_friendly_name(cert);
-    if (fn)
-	printf("    friendly name: %s\n", fn);
-    printf("    private key: %s\n", 
-	   _hx509_cert_private_key(cert) ? "yes" : "no");
-
-    ret = hx509_cert_get_issuer(cert, &name);
-    hx509_name_to_string(name, &str);
-    hx509_name_free(&name);
-    printf("    issuer:  \"%s\"\n", str);
-    free(str);
-
-    ret = hx509_cert_get_subject(cert, &name);
-    hx509_name_to_string(name, &str);
-    hx509_name_free(&name);
-    printf("    subject: \"%s\"\n", str);
-    free(str);
-
-    {
-	heim_integer serialNumber;
-
-	hx509_cert_get_serialnumber(cert, &serialNumber);
-	der_print_hex_heim_integer(&serialNumber, &str);
-	der_free_heim_integer(&serialNumber);
-	printf("    serial: %s\n", str);
-	free(str);
-    }
-
-    printf("    keyusage: ");
-    ret = hx509_cert_keyusage_print(hxcontext, cert, &str);
-    if (ret == 0) {
-	printf("%s\n", str);
-	free(str);
-    } else
-	printf("no");
-
-    if (verbose) {
-	hx509_validate_ctx vctx;
-
-	hx509_validate_ctx_init(hxcontext, &vctx);
-	hx509_validate_ctx_set_print(vctx, hx509_print_stdout, stdout);
-	hx509_validate_ctx_add_flags(vctx, HX509_VALIDATE_F_VALIDATE);
-	hx509_validate_ctx_add_flags(vctx, HX509_VALIDATE_F_VERBOSE);
-	
-	hx509_validate_cert(hxcontext, vctx, cert);
-
-	hx509_validate_ctx_free(vctx);
-    }
-}
-
-
-struct print_s {
-    int counter;
-    int verbose;
-};
-
-static int
-print_f(hx509_context hxcontext, void *ctx, hx509_cert cert)
-{
-    struct print_s *s = ctx;
-    
-    printf("cert: %d\n", s->counter++);
-    print_certificate(context, cert, s->verbose);
-
-    return 0;
-}
-
-int
-pcert_print(struct print_options *opt, int argc, char **argv)
-{
-    hx509_certs certs;
-    hx509_lock lock;
-    struct print_s s;
-
-    s.counter = 0;
-    s.verbose = opt->content_flag;
-
-    hx509_lock_init(context, &lock);
-    lock_strings(lock, &opt->pass_strings);
-
-    while(argc--) {
-	int ret;
-	ret = hx509_certs_init(context, argv[0], 0, lock, &certs);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_certs_init");
-	if (opt->info_flag)
-	    hx509_certs_info(context, certs, NULL, NULL);
-	hx509_certs_iter(context, certs, print_f, &s);
-	hx509_certs_free(&certs);
-	argv++;
-    }
-
-    hx509_lock_free(lock);
-
-    return 0;
-}
-
-
-static int
-validate_f(hx509_context hxcontext, void *ctx, hx509_cert c)
-{
-    hx509_validate_cert(hxcontext, ctx, c);
-    return 0;
-}
-
-int
-pcert_validate(struct validate_options *opt, int argc, char **argv)
-{
-    hx509_validate_ctx ctx;
-    hx509_certs certs;
-    hx509_lock lock;
-
-    hx509_lock_init(context, &lock);
-    lock_strings(lock, &opt->pass_strings);
-
-    hx509_validate_ctx_init(context, &ctx);
-    hx509_validate_ctx_set_print(ctx, hx509_print_stdout, stdout);
-    hx509_validate_ctx_add_flags(ctx, HX509_VALIDATE_F_VALIDATE);
-
-    while(argc--) {
-	int ret;
-	ret = hx509_certs_init(context, argv[0], 0, lock, &certs);
-	if (ret)
-	    errx(1, "hx509_certs_init: %d", ret);
-	hx509_certs_iter(context, certs, validate_f, ctx);
-	hx509_certs_free(&certs);
-	argv++;
-    }
-    hx509_validate_ctx_free(ctx);
-
-    hx509_lock_free(lock);
-
-    return 0;
-}
-
-int
-certificate_copy(struct certificate_copy_options *opt, int argc, char **argv)
-{
-    hx509_certs certs;
-    hx509_lock lock;
-    int ret;
-
-    hx509_lock_init(context, &lock);
-    lock_strings(lock, &opt->in_pass_strings);
-
-    ret = hx509_certs_init(context, argv[argc - 1], 
-			   HX509_CERTS_CREATE, lock, &certs);
-    if (ret)
-	hx509_err(context, 1, ret, "hx509_certs_init");
-
-    while(argc-- > 1) {
-	int ret;
-	ret = hx509_certs_append(context, certs, lock, argv[0]);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_certs_append");
-	argv++;
-    }
-
-    ret = hx509_certs_store(context, certs, 0, NULL);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_certs_store");
-
-    hx509_certs_free(&certs);
-    hx509_lock_free(lock);
-
-    return 0;
-}
-
-struct verify {
-    hx509_verify_ctx ctx;
-    hx509_certs chain;
-    const char *hostname;
-    int errors;
-};
-
-static int
-verify_f(hx509_context hxcontext, void *ctx, hx509_cert c)
-{
-    struct verify *v = ctx;
-    int ret;
-
-    ret = hx509_verify_path(hxcontext, v->ctx, c, v->chain);
-    if (ret) {
-	char *s = hx509_get_error_string(hxcontext, ret);
-	printf("verify_path: %s: %d\n", s, ret);
-	hx509_free_error_string(s);
-	v->errors++;
-    } else
-	printf("path ok\n");
-
-    if (v->hostname) {
-	ret = hx509_verify_hostname(hxcontext, c, 0, HX509_HN_HOSTNAME,
-				    v->hostname, NULL, 0);
-	if (ret) {
-	    printf("verify_hostname: %d\n", ret);
-	    v->errors++;
-	}
-    }
-
-    return 0;
-}
-
-int
-pcert_verify(struct verify_options *opt, int argc, char **argv)
-{
-    hx509_certs anchors, chain, certs;
-    hx509_revoke_ctx revoke_ctx;
-    hx509_verify_ctx ctx;
-    struct verify v;
-    int ret;
-
-    memset(&v, 0, sizeof(v));
-
-    if (opt->missing_revoke_flag)
-	hx509_context_set_missing_revoke(context, 1);
-
-    ret = hx509_verify_init_ctx(context, &ctx);
-    ret = hx509_certs_init(context, "MEMORY:anchors", 0, NULL, &anchors);
-    ret = hx509_certs_init(context, "MEMORY:chain", 0, NULL, &chain);
-    ret = hx509_certs_init(context, "MEMORY:certs", 0, NULL, &certs);
-
-    if (opt->allow_proxy_certificate_flag)
-	hx509_verify_set_proxy_certificate(ctx, 1);
-
-    if (opt->time_string) {
-	const char *p;
-	struct tm tm;
-	time_t t;
-
-	memset(&tm, 0, sizeof(tm));
-
-	p = strptime (opt->time_string, "%Y-%m-%d", &tm);
-	if (p == NULL)
-	    errx(1, "Failed to parse time %s, need to be on format %%Y-%%m-%%d",
-		 opt->time_string);
-	
-	t = tm2time (tm, 0);
-
-	hx509_verify_set_time(ctx, t);
-    }
-
-    if (opt->hostname_string)
-	v.hostname = opt->hostname_string;
-    if (opt->max_depth_integer)
-	hx509_verify_set_max_depth(ctx, opt->max_depth_integer);
-
-    ret = hx509_revoke_init(context, &revoke_ctx);
-    if (ret)
-	errx(1, "hx509_revoke_init: %d", ret);
-
-    while(argc--) {
-	char *s = *argv++;
-
-	if (strncmp(s, "chain:", 6) == 0) {
-	    s += 6;
-
-	    ret = hx509_certs_append(context, chain, NULL, s);
-	    if (ret)
-		hx509_err(context, 1, ret, "hx509_certs_append: chain: %s: %d", s, ret);
-
-	} else if (strncmp(s, "anchor:", 7) == 0) {
-	    s += 7;
-
-	    ret = hx509_certs_append(context, anchors, NULL, s);
-	    if (ret)
-		hx509_err(context, 1, ret, "hx509_certs_append: anchor: %s: %d", s, ret);
-
-	} else if (strncmp(s, "cert:", 5) == 0) {
-	    s += 5;
-
-	    ret = hx509_certs_append(context, certs, NULL, s);
-	    if (ret)
-		hx509_err(context, 1, ret, "hx509_certs_append: certs: %s: %d", 
-			  s, ret);
-
-	} else if (strncmp(s, "crl:", 4) == 0) {
-	    s += 4;
-
-	    ret = hx509_revoke_add_crl(context, revoke_ctx, s);
-	    if (ret)
-		errx(1, "hx509_revoke_add_crl: %s: %d", s, ret);
-
-	} else if (strncmp(s, "ocsp:", 4) == 0) {
-	    s += 5;
-
-	    ret = hx509_revoke_add_ocsp(context, revoke_ctx, s);
-	    if (ret)
-		errx(1, "hx509_revoke_add_ocsp: %s: %d", s, ret);
-
-	} else {
-	    errx(1, "unknown option to verify: `%s'\n", s);
-	}
-    }
-
-    hx509_verify_attach_anchors(ctx, anchors);
-    hx509_verify_attach_revoke(ctx, revoke_ctx);
-
-    v.ctx = ctx;
-    v.chain = chain;
-
-    hx509_certs_iter(context, certs, verify_f, &v);
-
-    hx509_verify_destroy_ctx(ctx);
-
-    hx509_certs_free(&certs);
-    hx509_certs_free(&chain);
-    hx509_certs_free(&anchors);
-
-    hx509_revoke_free(&revoke_ctx);
-
-    if (v.errors) {
-	printf("failed verifing %d checks\n", v.errors);
-	return 1;
-    }
-
-    return 0;
-}
-
-int
-query(struct query_options *opt, int argc, char **argv)
-{
-    hx509_lock lock;
-    hx509_query *q;
-    hx509_certs certs;
-    hx509_cert c;
-    int ret;
-
-    ret = hx509_query_alloc(context, &q);
-    if (ret)
-	errx(1, "hx509_query_alloc: %d", ret);
-
-    hx509_lock_init(context, &lock);
-    lock_strings(lock, &opt->pass_strings);
-
-    ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &certs);
-
-    while (argc > 0) {
-
-	ret = hx509_certs_append(context, certs, lock, argv[0]);
-	if (ret)
-	    errx(1, "hx509_certs_append: %s: %d", argv[0], ret);
-
-	argc--;
-	argv++;
-    }
-
-    if (opt->friendlyname_string)
-	hx509_query_match_friendly_name(q, opt->friendlyname_string);
-
-    if (opt->private_key_flag)
-	hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
-
-    if (opt->keyEncipherment_flag)
-	hx509_query_match_option(q, HX509_QUERY_OPTION_KU_ENCIPHERMENT);
-
-    if (opt->digitalSignature_flag)
-	hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE);
-
-    ret = hx509_certs_find(context, certs, q, &c);
-    hx509_query_free(context, q);
-    if (ret)
-	printf("no match found (%d)\n", ret);
-    else {
-	printf("match found\n");
-	if (opt->print_flag)
-	    print_certificate(context, c, 0);
-    }
-
-    hx509_cert_free(c);
-    hx509_certs_free(&certs);
-
-    hx509_lock_free(lock);
-
-    return ret;
-}
-
-int
-ocsp_fetch(struct ocsp_fetch_options *opt, int argc, char **argv)
-{
-    hx509_certs reqcerts, pool;
-    heim_octet_string req, nonce_data, *nonce = &nonce_data;
-    hx509_lock lock;
-    int i, ret;
-    char *file;
-    const char *url = "/";
-
-    memset(&nonce, 0, sizeof(nonce));
-
-    hx509_lock_init(context, &lock);
-    lock_strings(lock, &opt->pass_strings);
-
-    /* no nonce */
-    if (!opt->nonce_flag)
-	nonce = NULL;
-
-    if (opt->url_path_string)
-	url = opt->url_path_string;
-
-    ret = hx509_certs_init(context, "MEMORY:ocsp-pool", 0, NULL, &pool);
-
-    certs_strings(context, "ocsp-pool", pool, lock, &opt->pool_strings);
-
-    file = argv[0];
-
-    ret = hx509_certs_init(context, "MEMORY:ocsp-req", 0, NULL, &reqcerts);
-
-    for (i = 1; i < argc; i++) {
-	ret = hx509_certs_append(context, reqcerts, lock, argv[i]);
-	if (ret)
-	    errx(1, "hx509_certs_append: req: %s: %d", argv[i], ret);
-    }
-
-    ret = hx509_ocsp_request(context, reqcerts, pool, NULL, NULL, &req, nonce);
-    if (ret)
-	errx(1, "hx509_ocsp_request: req: %d", ret);
-	
-    {
-	FILE *f;
-
-	f = fopen(file, "w");
-	if (f == NULL)
-	    abort();
-
-	fprintf(f, 
-		"POST %s HTTP/1.0\r\n"
-		"Content-Type: application/ocsp-request\r\n"
-		"Content-Length: %ld\r\n"
-		"\r\n",
-		url,
-		(unsigned long)req.length);
-	fwrite(req.data, req.length, 1, f);
-	fclose(f);
-    }
-
-    if (nonce)
-	der_free_octet_string(nonce);
-
-    hx509_certs_free(&reqcerts);
-    hx509_certs_free(&pool);
-
-    return 0;
-}
-
-int
-ocsp_print(struct ocsp_print_options *opt, int argc, char **argv)
-{
-    hx509_revoke_ocsp_print(context, argv[0], stdout);
-    return 0;
-}
-
-/*
- *
- */
-
-static int
-verify_o(hx509_context hxcontext, void *ctx, hx509_cert c)
-{
-    heim_octet_string *os = ctx;
-    time_t expiration;
-    int ret;
-
-    ret = hx509_ocsp_verify(context, 0, c, 0, 
-			    os->data, os->length, &expiration);
-    if (ret) {
-	char *s = hx509_get_error_string(hxcontext, ret);
-	printf("ocsp_verify: %s: %d\n", s, ret);
-	hx509_free_error_string(s);
-    } else
-	printf("expire: %d\n", (int)expiration);
-
-    return ret;
-}
-
-
-int
-ocsp_verify(struct ocsp_verify_options *opt, int argc, char **argv)
-{
-    hx509_lock lock;
-    hx509_certs certs;
-    int ret, i;
-    heim_octet_string os;
-    
-    hx509_lock_init(context, &lock);
-
-    if (opt->ocsp_file_string == NULL)
-	errx(1, "no ocsp file given");
-
-    ret = _hx509_map_file(opt->ocsp_file_string, &os.data, &os.length, NULL);
-    if (ret)
-	err(1, "map_file: %s: %d", argv[0], ret);
-    
-    ret = hx509_certs_init(context, "MEMORY:test-certs", 0, NULL, &certs);
-
-    for (i = 0; i < argc; i++) {
-	ret = hx509_certs_append(context, certs, lock, argv[i]);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_certs_append: %s", argv[i]);
-    }
-
-    ret = hx509_certs_iter(context, certs, verify_o, &os);
-
-    hx509_certs_free(&certs);
-    _hx509_unmap_file(os.data, os.length);
-    hx509_lock_free(lock);
-
-    return ret;
-}
-
-static int
-read_private_key(const char *fn, hx509_private_key *key)
-{
-    hx509_private_key *keys;
-    hx509_certs certs;
-    int ret;
-    
-    *key = NULL;
-
-    ret = hx509_certs_init(context, fn, 0, NULL, &certs);
-    if (ret)
-	hx509_err(context, 1, ret, "hx509_certs_init: %s", fn);
-
-    ret = _hx509_certs_keys_get(context, certs, &keys);
-    hx509_certs_free(&certs);
-    if (ret)
-	hx509_err(context, 1, ret, "hx509_certs_keys_get");
-    if (keys[0] == NULL)
-	errx(1, "no keys in key store: %s", fn);
-
-    *key = _hx509_private_key_ref(keys[0]);
-    _hx509_certs_keys_free(context, keys);
-
-    return 0;
-}
-
-static void
-get_key(const char *fn, const char *type, int optbits,
-	hx509_private_key *signer)
-{
-    int ret;
-
-    if (type) {
-	BIGNUM *e;
-	RSA *rsa;
-	unsigned char *p0, *p;
-	size_t len;
-	int bits = 1024;
-
-	if (fn == NULL)
-	    errx(1, "no key argument, don't know here to store key");
-	
-	if (strcasecmp(type, "rsa") != 0)
-	    errx(1, "can only handle rsa keys for now");
-	    
-	e = BN_new();
-	BN_set_word(e, 0x10001);
-
-	if (optbits)
-	    bits = optbits;
-
-	rsa = RSA_new();
-	if(rsa == NULL)
-	    errx(1, "RSA_new failed");
-
-	ret = RSA_generate_key_ex(rsa, bits, e, NULL);
-	if(ret != 1)
-	    errx(1, "RSA_new failed");
-
-	BN_free(e);
-
-	len = i2d_RSAPrivateKey(rsa, NULL);
-
-	p0 = p = malloc(len);
-	if (p == NULL)
-	    errx(1, "out of memory");
-	
-	i2d_RSAPrivateKey(rsa, &p);
-
-	rk_dumpdata(fn, p0, len);
-	memset(p0, 0, len);
-	free(p0);
-	
-	RSA_free(rsa);
-
-    } else if (fn == NULL)
-	err(1, "no private key");
-
-    ret = read_private_key(fn, signer);
-    if (ret)
-	err(1, "read_private_key");
-}
-
-int
-request_create(struct request_create_options *opt, int argc, char **argv)
-{
-    heim_octet_string request;
-    hx509_request req;
-    int ret, i;
-    hx509_private_key signer;
-    SubjectPublicKeyInfo key;
-    const char *outfile = argv[0];
-
-    memset(&key, 0, sizeof(key));
-
-    get_key(opt->key_string, 
-	    opt->generate_key_string,
-	    opt->key_bits_integer,
-	    &signer);
-    
-    _hx509_request_init(context, &req);
-
-    if (opt->subject_string) {
-	hx509_name name = NULL;
-
-	ret = hx509_parse_name(context, opt->subject_string, &name);
-	if (ret)
-	    errx(1, "hx509_parse_name: %d\n", ret);
-	_hx509_request_set_name(context, req, name);
-
-	if (opt->verbose_flag) {
-	    char *s;
-	    hx509_name_to_string(name, &s);
-	    printf("%s\n", s);
-	}
-	hx509_name_free(&name);
-    }
-
-    for (i = 0; i < opt->email_strings.num_strings; i++) {
-	ret = _hx509_request_add_email(context, req, 
-				       opt->email_strings.strings[i]);
-    }
-
-    for (i = 0; i < opt->dnsname_strings.num_strings; i++) {
-	ret = _hx509_request_add_dns_name(context, req, 
-					  opt->dnsname_strings.strings[i]);
-    }
-
-
-    ret = _hx509_private_key2SPKI(context, signer, &key);
-    if (ret)
-	errx(1, "_hx509_private_key2SPKI: %d\n", ret);
-
-    ret = _hx509_request_set_SubjectPublicKeyInfo(context,
-						  req,
-						  &key);
-    free_SubjectPublicKeyInfo(&key);
-    if (ret)
-	hx509_err(context, 1, ret, "_hx509_request_set_SubjectPublicKeyInfo");
-
-    ret = _hx509_request_to_pkcs10(context,
-				   req,
-				   signer,
-				   &request);
-    if (ret)
-	hx509_err(context, 1, ret, "_hx509_request_to_pkcs10");
-
-    _hx509_private_key_free(&signer);
-    _hx509_request_free(&req);
-
-    if (ret == 0)
-	rk_dumpdata(outfile, request.data, request.length);
-    der_free_octet_string(&request);
-
-    return 0;
-}
-
-int
-request_print(struct request_print_options *opt, int argc, char **argv)
-{
-    int ret, i;
-
-    printf("request print\n");
-
-    for (i = 0; i < argc; i++) {
-	hx509_request req;
-
-	ret = _hx509_request_parse(context, argv[i], &req);
-	if (ret)
-	    hx509_err(context, 1, ret, "parse_request: %s", argv[i]);
-
-	ret = _hx509_request_print(context, req, stdout);
-	_hx509_request_free(&req);
-	if (ret)
-	    hx509_err(context, 1, ret, "Failed to print file %s", argv[i]);
-    }
-
-    return 0;
-}
-
-int
-info(void *opt, int argc, char **argv)
-{
-
-    ENGINE_add_conf_module();
-
-    {
-	const RSA_METHOD *m = RSA_get_default_method();
-	if (m != NULL)
-	    printf("rsa: %s\n", m->name);
-    }
-    {
-	const DH_METHOD *m = DH_get_default_method();
-	if (m != NULL)
-	    printf("dh: %s\n", m->name);
-    }
-    {
-	int ret = RAND_status();
-	printf("rand: %s\n", ret == 1 ? "ok" : "not available");
-    }
-
-    return 0;
-}
-
-int
-random_data(void *opt, int argc, char **argv)
-{
-    void *ptr;
-    int len, ret;
-
-    len = parse_bytes(argv[0], "byte");
-    if (len <= 0) {
-	fprintf(stderr, "bad argument to random-data\n");
-	return 1;
-    }
-
-    ptr = malloc(len);
-    if (ptr == NULL) {
-	fprintf(stderr, "out of memory\n");
-	return 1;
-    }
-
-    ret = RAND_bytes(ptr, len);
-    if (ret != 1) {
-	free(ptr);
-	fprintf(stderr, "did not get cryptographic strong random\n");
-	return 1;
-    }
-
-    fwrite(ptr, len, 1, stdout);
-    fflush(stdout);
-
-    free(ptr);
-
-    return 0;
-}
-
-int
-crypto_available(struct crypto_available_options *opt, int argc, char **argv)
-{
-    AlgorithmIdentifier *val;
-    unsigned int len, i;
-    int ret, type;
-
-    if (opt->type_string) {
-	if (strcmp(opt->type_string, "all") == 0)
-	    type = HX509_SELECT_ALL;
-	else if (strcmp(opt->type_string, "digest") == 0)
-	    type = HX509_SELECT_DIGEST;
-	else if (strcmp(opt->type_string, "public-sig") == 0)
-	    type = HX509_SELECT_PUBLIC_SIG;
-	else if (strcmp(opt->type_string, "secret") == 0)
-	    type = HX509_SELECT_SECRET_ENC;
-	else
-	    errx(1, "unknown type: %s", opt->type_string);
-    } else
-	type = HX509_SELECT_ALL;
-
-    ret = hx509_crypto_available(context, type, NULL, &val, &len);
-    if (ret)
-	errx(1, "hx509_crypto_available");
-
-    for (i = 0; i < len; i++) {
-	char *s;
-	der_print_heim_oid (&val[i].algorithm, '.', &s);
-	printf("%s\n", s);
-	free(s);
-    }
-
-    hx509_crypto_free_algs(val, len);
-
-    return 0;
-}
-
-int
-crypto_select(struct crypto_select_options *opt, int argc, char **argv)
-{
-    hx509_peer_info peer = NULL;
-    AlgorithmIdentifier selected;
-    int ret, type;
-    char *s;
-
-    if (opt->type_string) {
-	if (strcmp(opt->type_string, "digest") == 0)
-	    type = HX509_SELECT_DIGEST;
-	else if (strcmp(opt->type_string, "public-sig") == 0)
-	    type = HX509_SELECT_PUBLIC_SIG;
-	else if (strcmp(opt->type_string, "secret") == 0)
-	    type = HX509_SELECT_SECRET_ENC;
-	else
-	    errx(1, "unknown type: %s", opt->type_string);
-    } else
-	type = HX509_SELECT_DIGEST;
-
-    if (opt->peer_cmstype_strings.num_strings)
-	peer_strings(context, &peer, &opt->peer_cmstype_strings);
-
-    ret = hx509_crypto_select(context, type, NULL, peer, &selected);
-    if (ret)
-	errx(1, "hx509_crypto_available");
-
-    der_print_heim_oid (&selected.algorithm, '.', &s);
-    printf("%s\n", s);
-    free(s);
-    free_AlgorithmIdentifier(&selected);
-
-    hx509_peer_info_free(peer);
-
-    return 0;
-}
-
-int
-hxtool_hex(struct hex_options *opt, int argc, char **argv)
-{
-
-    if (opt->decode_flag) {
-	char buf[1024], buf2[1024], *p;
-	ssize_t len;
-
-	while(fgets(buf, sizeof(buf), stdin) != NULL) {
-	    buf[strcspn(buf, "\r\n")] = '\0';
-	    p = buf;
-	    while(isspace(*(unsigned char *)p))
-		p++;
-	    len = hex_decode(p, buf2, strlen(p));
-	    if (len < 0)
-		errx(1, "hex_decode failed");
-	    if (fwrite(buf2, 1, len, stdout) != len)
-		errx(1, "fwrite failed");
-	}
-    } else {
-	char buf[28], *p;
-	size_t len;
-
-	while((len = fread(buf, 1, sizeof(buf), stdin)) != 0) {
-	    len = hex_encode(buf, len, &p);
-	    fprintf(stdout, "%s\n", p);
-	    free(p);
-	}
-    }
-    return 0;
-}
-
-static int
-eval_types(hx509_context context, 
-	   hx509_ca_tbs tbs,
-	   const struct certificate_sign_options *opt)
-{
-    int pkinit = 0;
-    int i, ret;
-
-    for (i = 0; i < opt->type_strings.num_strings; i++) {
-	const char *type = opt->type_strings.strings[i];
-	
-	if (strcmp(type, "https-server") == 0) {
-	    ret = hx509_ca_tbs_add_eku(context, tbs, 
-				       oid_id_pkix_kp_serverAuth());
-	    if (ret)
-		hx509_err(context, 1, ret, "hx509_ca_tbs_add_eku");
-	} else if (strcmp(type, "https-client") == 0) {
-	    ret = hx509_ca_tbs_add_eku(context, tbs, 
-				       oid_id_pkix_kp_clientAuth());
-	    if (ret)
-		hx509_err(context, 1, ret, "hx509_ca_tbs_add_eku");
-	} else if (strcmp(type, "peap-server") == 0) {
-	    ret = hx509_ca_tbs_add_eku(context, tbs, 
-				       oid_id_pkix_kp_serverAuth());
-	    if (ret)
-		hx509_err(context, 1, ret, "hx509_ca_tbs_add_eku");
-	} else if (strcmp(type, "pkinit-kdc") == 0) {
-	    pkinit++;
-	    ret = hx509_ca_tbs_add_eku(context, tbs, 
-				       oid_id_pkkdcekuoid());
-	    if (ret)
-		hx509_err(context, 1, ret, "hx509_ca_tbs_add_eku");
-	} else if (strcmp(type, "pkinit-client") == 0) {
-	    pkinit++;
-	    ret = hx509_ca_tbs_add_eku(context, tbs, 
-				       oid_id_pkekuoid());
-	    if (ret)
-		hx509_err(context, 1, ret, "hx509_ca_tbs_add_eku");
-
-	    ret = hx509_ca_tbs_add_eku(context, tbs, 
-				       oid_id_ms_client_authentication());
-	    if (ret)
-		hx509_err(context, 1, ret, "hx509_ca_tbs_add_eku");
-
-	    ret = hx509_ca_tbs_add_eku(context, tbs, 
-				       oid_id_pkinit_ms_eku());
-	    if (ret)
-		hx509_err(context, 1, ret, "hx509_ca_tbs_add_eku");
-
-	} else if (strcmp(type, "email") == 0) {
-	    ret = hx509_ca_tbs_add_eku(context, tbs, 
-				       oid_id_pkix_kp_emailProtection());
-	    if (ret)
-		hx509_err(context, 1, ret, "hx509_ca_tbs_add_eku");
-	} else
-	    errx(1, "unknown type %s", type);
-    }
-
-    if (pkinit > 1)
-	errx(1, "More the one PK-INIT type given");
-
-    if (opt->pk_init_principal_string) {
-	if (!pkinit)
-	    errx(1, "pk-init principal given but no pk-init oid");
-
-	ret = hx509_ca_tbs_add_san_pkinit(context, tbs,
-					  opt->pk_init_principal_string);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_ca_tbs_add_san_pkinit");
-    }
-
-    if (opt->ms_upn_string) {
-	if (!pkinit)
-	    errx(1, "MS up given but no pk-init oid");
-
-	ret = hx509_ca_tbs_add_san_ms_upn(context, tbs, opt->ms_upn_string);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_ca_tbs_add_san_ms_upn");
-    }
-
-    
-    for (i = 0; i < opt->hostname_strings.num_strings; i++) {
-	const char *hostname = opt->hostname_strings.strings[i];
-
-	ret = hx509_ca_tbs_add_san_hostname(context, tbs, hostname);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_ca_tbs_add_san_hostname");
-    }
-
-    for (i = 0; i < opt->email_strings.num_strings; i++) {
-	const char *email = opt->email_strings.strings[i];
-
-	ret = hx509_ca_tbs_add_san_rfc822name(context, tbs, email);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_ca_tbs_add_san_hostname");
-	
-	ret = hx509_ca_tbs_add_eku(context, tbs, 
-				   oid_id_pkix_kp_emailProtection());
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_ca_tbs_add_eku");
-    }
-
-    if (opt->jid_string) {
-	ret = hx509_ca_tbs_add_san_jid(context, tbs, opt->jid_string);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_ca_tbs_add_san_jid");
-    }
-
-    return 0;
-}
-
-int
-hxtool_ca(struct certificate_sign_options *opt, int argc, char **argv)
-{
-    int ret;
-    hx509_ca_tbs tbs;
-    hx509_cert signer = NULL, cert = NULL;
-    hx509_private_key private_key = NULL;
-    hx509_private_key cert_key = NULL;
-    hx509_name subject = NULL;
-    SubjectPublicKeyInfo spki;
-    int delta = 0;
-
-    memset(&spki, 0, sizeof(spki));
-
-    if (opt->ca_certificate_string == NULL && !opt->self_signed_flag)
-	errx(1, "--ca-certificate argument missing (not using --self-signed)");
-    if (opt->ca_private_key_string == NULL && opt->generate_key_string == NULL && opt->self_signed_flag)
-	errx(1, "--ca-private-key argument missing (using --self-signed)");
-    if (opt->certificate_string == NULL)
-	errx(1, "--certificate argument missing");
-
-    if (opt->template_certificate_string) {
-	if (opt->template_fields_string == NULL)
-	    errx(1, "--template-certificate not no --template-fields");
-    }
-
-    if (opt->lifetime_string) {
-	delta = parse_time(opt->lifetime_string, "day");
-	if (delta < 0)
-	    errx(1, "Invalid lifetime: %s", opt->lifetime_string);
-    }
-
-    if (opt->ca_certificate_string) {
-	hx509_certs cacerts = NULL;
-	hx509_query *q;
-
-	ret = hx509_certs_init(context, opt->ca_certificate_string, 0,
-			       NULL, &cacerts);
-	if (ret)
-	    hx509_err(context, 1, ret,
-		      "hx509_certs_init: %s", opt->ca_certificate_string);
-
-	ret = hx509_query_alloc(context, &q);
-	if (ret)
-	    errx(1, "hx509_query_alloc: %d", ret);
-
-	hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
-	if (!opt->issue_proxy_flag)
-	    hx509_query_match_option(q, HX509_QUERY_OPTION_KU_KEYCERTSIGN);
-
-	ret = hx509_certs_find(context, cacerts, q, &signer);
-	hx509_query_free(context, q);
-	hx509_certs_free(&cacerts);
-	if (ret)
-	    hx509_err(context, 1, ret, "no CA certificate found");
-    } else if (opt->self_signed_flag) {
-	if (opt->generate_key_string == NULL
-	    && opt->ca_private_key_string == NULL)
-	    errx(1, "no signing private key");
-    } else
-	errx(1, "missing ca key");
-
-    if (opt->ca_private_key_string) {
-
-	ret = read_private_key(opt->ca_private_key_string, &private_key);
-	if (ret)
-	    err(1, "read_private_key");
-
-	ret = _hx509_private_key2SPKI(context, private_key, &spki);
-	if (ret)
-	    errx(1, "_hx509_private_key2SPKI: %d\n", ret);
-
-	if (opt->self_signed_flag)
-	    cert_key = private_key;
-    }
-
-    if (opt->req_string) {
-	hx509_request req;
-
-	ret = _hx509_request_parse(context, opt->req_string, &req);
-	if (ret)
-	    hx509_err(context, 1, ret, "parse_request: %s", opt->req_string);
-	ret = _hx509_request_get_name(context, req, &subject);
-	if (ret)
-	    hx509_err(context, 1, ret, "get name");
-	ret = _hx509_request_get_SubjectPublicKeyInfo(context, req, &spki);
-	if (ret)
-	    hx509_err(context, 1, ret, "get spki");
-	_hx509_request_free(&req);
-    }
-
-    if (opt->generate_key_string) {
-	struct hx509_generate_private_context *keyctx;
-
-	ret = _hx509_generate_private_key_init(context, 
-					       oid_id_pkcs1_rsaEncryption(),
-					       &keyctx);
-
-	if (opt->issue_ca_flag)
-	    _hx509_generate_private_key_is_ca(context, keyctx);
-
-	if (opt->key_bits_integer)
-	    _hx509_generate_private_key_bits(context, keyctx,
-					     opt->key_bits_integer);
-
-	ret = _hx509_generate_private_key(context, keyctx,
-					  &cert_key);
-	_hx509_generate_private_key_free(&keyctx);
-	if (ret)
-	    hx509_err(context, 1, ret, "generate private key");
-	
-	ret = _hx509_private_key2SPKI(context, cert_key, &spki);
-	if (ret)
-	    errx(1, "_hx509_private_key2SPKI: %d\n", ret);
-
-	if (opt->self_signed_flag)
-	    private_key = cert_key;
-    }
-
-    if (opt->certificate_private_key_string) {
-	ret = read_private_key(opt->certificate_private_key_string, &cert_key);
-	if (ret)
-	    err(1, "read_private_key for certificate");
-    }
-
-    if (opt->subject_string) {
-	if (subject)
-	    hx509_name_free(&subject);
-	ret = hx509_parse_name(context, opt->subject_string, &subject);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_parse_name");
-    }
-
-    /*
-     *
-     */
-
-    ret = hx509_ca_tbs_init(context, &tbs);
-    if (ret)
-	hx509_err(context, 1, ret, "hx509_ca_tbs_init");
-	
-    if (opt->template_certificate_string) {
-	hx509_cert template;
-	hx509_certs tcerts;
-	int flags;
-
-	ret = hx509_certs_init(context, opt->template_certificate_string, 0,
-			       NULL, &tcerts);
-	if (ret)
-	    hx509_err(context, 1, ret,
-		      "hx509_certs_init: %s", opt->template_certificate_string);
-
-	ret = hx509_get_one_cert(context, tcerts, &template);
-
-	hx509_certs_free(&tcerts);
-	if (ret)
-	    hx509_err(context, 1, ret, "no template certificate found");
-
-	flags = parse_units(opt->template_fields_string, 
-			    hx509_ca_tbs_template_units(), "");
-
-	ret = hx509_ca_tbs_set_template(context, tbs, flags, template);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_ca_tbs_set_template");
-
-	hx509_cert_free(template);
-    }
-
-    if (opt->serial_number_string) {
-	heim_integer serialNumber;
-
-	ret = der_parse_hex_heim_integer(opt->serial_number_string,
-					 &serialNumber);
-	if (ret)
-	    err(1, "der_parse_hex_heim_integer");
-	ret = hx509_ca_tbs_set_serialnumber(context, tbs, &serialNumber);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_ca_tbs_init");
-	der_free_heim_integer(&serialNumber);
-    }
-
-    if (spki.subjectPublicKey.length) {
-	ret = hx509_ca_tbs_set_spki(context, tbs, &spki);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_ca_tbs_set_spki");
-    }
-
-    if (subject) {
-	ret = hx509_ca_tbs_set_subject(context, tbs, subject);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_ca_tbs_set_subject");
-    }
-
-    if (opt->crl_uri_string) {
-	ret = hx509_ca_tbs_add_crl_dp_uri(context, tbs, 
-					  opt->crl_uri_string, NULL);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_ca_tbs_add_crl_dp_uri");
-    }
-
-    eval_types(context, tbs, opt);
-
-    if (opt->issue_ca_flag) {
-	ret = hx509_ca_tbs_set_ca(context, tbs, opt->path_length_integer);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_ca_tbs_set_ca");
-    }
-    if (opt->issue_proxy_flag) {
-	ret = hx509_ca_tbs_set_proxy(context, tbs, opt->path_length_integer);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_ca_tbs_set_proxy");
-    }
-    if (opt->domain_controller_flag) {
-	hx509_ca_tbs_set_domaincontroller(context, tbs);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_ca_tbs_set_domaincontroller");
-    }
-
-    if (delta) {
-	ret = hx509_ca_tbs_set_notAfter_lifetime(context, tbs, delta);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_ca_tbs_set_notAfter_lifetime");
-    }	
-
-    if (opt->self_signed_flag) {
-	ret = hx509_ca_sign_self(context, tbs, private_key, &cert);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_ca_sign_self");
-    } else {
-	ret = hx509_ca_sign(context, tbs, signer, &cert);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_ca_sign");
-    }
-
-    if (cert_key) {
-	ret = _hx509_cert_assign_key(cert, cert_key);
-	if (ret)
-	    hx509_err(context, 1, ret, "_hx509_cert_assign_key");
-    }	    
-
-    {
-	hx509_certs certs;
-
-	ret = hx509_certs_init(context, opt->certificate_string, 
-			       HX509_CERTS_CREATE, NULL, &certs);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_certs_init");
-
-	ret = hx509_certs_add(context, certs, cert);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_certs_add");
-
-	ret = hx509_certs_store(context, certs, 0, NULL);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_certs_store");
-
-	hx509_certs_free(&certs);
-    }
-
-    if (subject)
-	hx509_name_free(&subject);
-    if (signer)
-	hx509_cert_free(signer);
-    hx509_cert_free(cert);
-    free_SubjectPublicKeyInfo(&spki);
-
-    if (private_key != cert_key)
-	_hx509_private_key_free(&private_key);
-    _hx509_private_key_free(&cert_key);
-
-    hx509_ca_tbs_free(&tbs);
-
-    return 0;
-}
-
-static int
-test_one_cert(hx509_context hxcontext, void *ctx, hx509_cert cert)
-{
-    heim_octet_string sd, c;
-    hx509_verify_ctx vctx = ctx;
-    hx509_certs signer = NULL;
-    heim_oid type;
-    int ret;
-
-    if (_hx509_cert_private_key(cert) == NULL)
-	return 0;
-
-    ret = hx509_cms_create_signed_1(context, 0, NULL, NULL, 0,
-				    NULL, cert, NULL, NULL, NULL, &sd);
-    if (ret)
-	errx(1, "hx509_cms_create_signed_1");
-
-    ret = hx509_cms_verify_signed(context, vctx, sd.data, sd.length,
-				  NULL, NULL, &type, &c, &signer);
-    free(sd.data);
-    if (ret)
-	hx509_err(context, 1, ret, "hx509_cms_verify_signed");
-
-    printf("create-signature verify-sigature done\n");
-
-    free(c.data);
-
-    return 0;
-}
-
-int
-test_crypto(struct test_crypto_options *opt, int argc, char ** argv)
-{
-    hx509_verify_ctx vctx;
-    hx509_certs certs;
-    hx509_lock lock;
-    int i, ret;
-
-    hx509_lock_init(context, &lock);
-    lock_strings(lock, &opt->pass_strings);
-
-    ret = hx509_certs_init(context, "MEMORY:test-crypto", 0, NULL, &certs);
-
-    for (i = 0; i < argc; i++) {
-	ret = hx509_certs_append(context, certs, lock, argv[i]);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_certs_append");
-    }
-
-    ret = hx509_verify_init_ctx(context, &vctx);
-    if (ret)
-	hx509_err(context, 1, ret, "hx509_verify_init_ctx");
-
-    hx509_verify_attach_anchors(vctx, certs);
-
-    ret = hx509_certs_iter(context, certs, test_one_cert, vctx);
-
-    hx509_certs_free(&certs);
-
-    return 0;
-}
-
-int
-statistic_print(struct statistic_print_options*opt, int argc, char **argv)
-{
-    int type = 0;
-
-    if (stat_file_string == NULL)
-	errx(1, "no stat file");
-
-    if (opt->type_integer)
-	type = opt->type_integer;
-
-    hx509_query_unparse_stats(context, type, stdout);
-    return 0;
-}
-
-/*
- *
- */
-
-int
-crl_sign(struct crl_sign_options *opt, int argc, char **argv)
-{
-    hx509_crl crl;
-    heim_octet_string os;
-    hx509_cert signer = NULL;
-    hx509_lock lock;
-    int ret;
-
-    hx509_lock_init(context, &lock);
-    lock_strings(lock, &opt->pass_strings);
-
-    ret = hx509_crl_alloc(context, &crl);
-    if (ret)
-	errx(1, "crl alloc");
-
-    if (opt->signer_string == NULL)
-	errx(1, "signer missing");
-
-    {
-	hx509_certs certs = NULL;
-	hx509_query *q;
-
-	ret = hx509_certs_init(context, opt->signer_string, 0,
-			       NULL, &certs);
-	if (ret)
-	    hx509_err(context, 1, ret, 
-		      "hx509_certs_init: %s", opt->signer_string);
-
-	ret = hx509_query_alloc(context, &q);
-	if (ret)
-	    hx509_err(context, 1, ret, "hx509_query_alloc: %d", ret);
-
-	hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
-
-	ret = hx509_certs_find(context, certs, q, &signer);
-	hx509_query_free(context, q);
-	hx509_certs_free(&certs);
-	if (ret)
-	    hx509_err(context, 1, ret, "no signer certificate found");
-    }
-
-    if (opt->lifetime_string) {
-	int delta;
-
-	delta = parse_time(opt->lifetime_string, "day");
-	if (delta < 0)
-	    errx(1, "Invalid lifetime: %s", opt->lifetime_string);
-
-	hx509_crl_lifetime(context, crl, delta);
-    }
-
-    {
-	hx509_certs revoked = NULL;
-	int i;
-
-	ret = hx509_certs_init(context, "MEMORY:revoked-certs", 0,
-			       NULL, &revoked);
-
-	for (i = 0; i < argc; i++) {
-	    ret = hx509_certs_append(context, revoked, lock, argv[i]);
-	    if (ret)
-		hx509_err(context, 1, ret, "hx509_certs_append: %s", argv[i]);
-	}
-
-	hx509_crl_add_revoked_certs(context, crl, revoked);
-	hx509_certs_free(&revoked);
-    }
-
-    hx509_crl_sign(context, signer, crl, &os);
-
-    if (opt->crl_file_string)
-	rk_dumpdata(opt->crl_file_string, os.data, os.length);
-
-    free(os.data);
-
-    hx509_crl_free(context, &crl);
-    hx509_cert_free(signer);
-    hx509_lock_free(lock);
-
-    return 0;
-}
-
-/*
- *
- */
-
-int
-help(void *opt, int argc, char **argv)
-{
-    sl_slc_help(commands, argc, argv);
-    return 0;
-}
-
-int
-main(int argc, char **argv)
-{
-    int ret, optidx = 0;
-
-    setprogname (argv[0]);
-
-    if(getarg(args, num_args, argc, argv, &optidx))
-	usage(1);
-    if(help_flag)
-	usage(0);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-    argv += optidx;
-    argc -= optidx;
-
-    if (argc == 0)
-	usage(1);
-
-    ret = hx509_context_init(&context);
-    if (ret)
-	errx(1, "hx509_context_init failed with %d", ret);
-
-    if (stat_file_string)
-	hx509_query_statistic_file(context, stat_file_string);
-
-    ret = sl_command(commands, argc, argv);
-    if(ret == -1)
-	warnx ("unrecognized command: %s", argv[0]);
-
-    hx509_context_free(&context);
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/hx509/keyset.c b/crypto/heimdal/lib/hx509/keyset.c
deleted file mode 100644
index 2fcff7b03b35..000000000000
--- a/crypto/heimdal/lib/hx509/keyset.c
+++ /dev/null
@@ -1,677 +0,0 @@
-/*
- * Copyright (c) 2004 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-RCSID("$Id: keyset.c 22466 2008-01-16 14:26:35Z lha $");
-
-/**
- * @page page_keyset Certificate store operations
- *
- * Type of certificates store:
- * - MEMORY
- *   In memory based format. Doesnt support storing.
- * - FILE 
- *   FILE supports raw DER certicates and PEM certicates. When PEM is
- *   used the file can contain may certificates and match private
- *   keys. Support storing the certificates. DER format only supports
- *   on certificate and no private key.
- * - PEM-FILE
- *   Same as FILE, defaulting to PEM encoded certificates.
- * - PEM-FILE
- *   Same as FILE, defaulting to DER encoded certificates.
- * - PKCS11
- * - PKCS12
- * - DIR
- * - KEYCHAIN
- *   Apple Mac OS X KeyChain backed keychain object.
- *
- * See the library functions here: @ref hx509_keyset
- */
-
-struct hx509_certs_data {
-    int ref;
-    struct hx509_keyset_ops *ops;
-    void *ops_data;
-};
-
-static struct hx509_keyset_ops *
-_hx509_ks_type(hx509_context context, const char *type)
-{
-    int i;
-
-    for (i = 0; i < context->ks_num_ops; i++)
-	if (strcasecmp(type, context->ks_ops[i]->name) == 0)
-	    return context->ks_ops[i];
-
-    return NULL;
-}
-
-void
-_hx509_ks_register(hx509_context context, struct hx509_keyset_ops *ops)
-{
-    struct hx509_keyset_ops **val;
-
-    if (_hx509_ks_type(context, ops->name))
-	return;
-
-    val = realloc(context->ks_ops, 
-		  (context->ks_num_ops + 1) * sizeof(context->ks_ops[0]));
-    if (val == NULL)
-	return;
-    val[context->ks_num_ops] = ops;
-    context->ks_ops = val;
-    context->ks_num_ops++;
-}
-
-/**
- * Open or creates a new hx509 certificate store.
- *
- * @param context A hx509 context
- * @param name name of the store, format is TYPE:type-specific-string,
- * if NULL is used the MEMORY store is used.
- * @param flags list of flags:
- * - HX509_CERTS_CREATE create a new keystore of the specific TYPE.
- * - HX509_CERTS_UNPROTECT_ALL fails if any private key failed to be extracted.
- * @param lock a lock that unlocks the certificates store, use NULL to
- * select no password/certifictes/prompt lock (see @ref page_lock).
- * @param certs return pointer, free with hx509_certs_free().
- *
- * @ingroup hx509_keyset
- */
-
-int
-hx509_certs_init(hx509_context context,
-		 const char *name, int flags,
-		 hx509_lock lock, hx509_certs *certs)
-{
-    struct hx509_keyset_ops *ops;
-    const char *residue;
-    hx509_certs c;
-    char *type;
-    int ret;
-
-    *certs = NULL;
-
-    residue = strchr(name, ':');
-    if (residue) {
-	type = malloc(residue - name + 1);
-	if (type)
-	    strlcpy(type, name, residue - name + 1);
-	residue++;
-	if (residue[0] == '\0')
-	    residue = NULL;
-    } else {
-	type = strdup("MEMORY");
-	residue = name;
-    }
-    if (type == NULL) {
-	hx509_clear_error_string(context);
-	return ENOMEM;
-    }
-    
-    ops = _hx509_ks_type(context, type);
-    if (ops == NULL) {
-	hx509_set_error_string(context, 0, ENOENT, 
-			       "Keyset type %s is not supported", type);
-	free(type);
-	return ENOENT;
-    }
-    free(type);
-    c = calloc(1, sizeof(*c));
-    if (c == NULL) {
-	hx509_clear_error_string(context);
-	return ENOMEM;
-    }
-    c->ops = ops;
-    c->ref = 1;
-
-    ret = (*ops->init)(context, c, &c->ops_data, flags, residue, lock);
-    if (ret) {
-	free(c);
-	return ret;
-    }
-
-    *certs = c;
-    return 0;
-}
-
-/**
- * Write the certificate store to stable storage.
- *
- * @param context A hx509 context.
- * @param certs a certificate store to store.
- * @param flags currently unused, use 0.
- * @param lock a lock that unlocks the certificates store, use NULL to
- * select no password/certifictes/prompt lock (see @ref page_lock).
- *
- * @return Returns an hx509 error code. HX509_UNSUPPORTED_OPERATION if
- * the certificate store doesn't support the store operation.
- *
- * @ingroup hx509_keyset
- */
-
-int
-hx509_certs_store(hx509_context context,
-		  hx509_certs certs,
-		  int flags,
-		  hx509_lock lock)
-{
-    if (certs->ops->store == NULL) {
-	hx509_set_error_string(context, 0, HX509_UNSUPPORTED_OPERATION,
-			       "keystore if type %s doesn't support "
-			       "store operation",
-			       certs->ops->name);
-	return HX509_UNSUPPORTED_OPERATION;
-    }
-
-    return (*certs->ops->store)(context, certs, certs->ops_data, flags, lock);
-}
-
-
-hx509_certs
-_hx509_certs_ref(hx509_certs certs)
-{
-    if (certs == NULL)
-	return NULL;
-    if (certs->ref <= 0)
-	_hx509_abort("certs refcount <= 0");
-    certs->ref++;
-    if (certs->ref == 0)
-	_hx509_abort("certs refcount == 0");
-    return certs;
-}
-
-/**
- * Free a certificate store.
- *
- * @param certs certificate store to free.
- *
- * @ingroup hx509_keyset
- */
-
-void
-hx509_certs_free(hx509_certs *certs)
-{
-    if (*certs) {
-	if ((*certs)->ref <= 0)
-	    _hx509_abort("refcount <= 0");
-	if (--(*certs)->ref > 0)
-	    return;
-
-	(*(*certs)->ops->free)(*certs, (*certs)->ops_data);
-	free(*certs);
-	*certs = NULL;
-    }
-}
-
-/**
- * Start the integration
- *
- * @param context a hx509 context.
- * @param certs certificate store to iterate over
- * @param cursor cursor that will keep track of progress, free with
- * hx509_certs_end_seq().
- *
- * @return Returns an hx509 error code. HX509_UNSUPPORTED_OPERATION is
- * returned if the certificate store doesn't support the iteration
- * operation.
- *
- * @ingroup hx509_keyset
- */
-
-int
-hx509_certs_start_seq(hx509_context context,
-		      hx509_certs certs,
-		      hx509_cursor *cursor)
-{
-    int ret;
-
-    if (certs->ops->iter_start == NULL) {
-	hx509_set_error_string(context, 0, HX509_UNSUPPORTED_OPERATION, 
-			       "Keyset type %s doesn't support iteration", 
-			       certs->ops->name);
-	return HX509_UNSUPPORTED_OPERATION;
-    }
-
-    ret = (*certs->ops->iter_start)(context, certs, certs->ops_data, cursor);
-    if (ret)
-	return ret;
-
-    return 0;
-}
-
-/**
- * Get next ceritificate from the certificate keystore pointed out by
- * cursor.
- *
- * @param context a hx509 context.
- * @param certs certificate store to iterate over.
- * @param cursor cursor that keeps track of progress.
- * @param cert return certificate next in store, NULL if the store
- * contains no more certificates. Free with hx509_cert_free().
- *
- * @return Returns an hx509 error code.
- *
- * @ingroup hx509_keyset
- */
-
-int
-hx509_certs_next_cert(hx509_context context,
-		      hx509_certs certs,
-		      hx509_cursor cursor,
-		      hx509_cert *cert)
-{
-    *cert = NULL;
-    return (*certs->ops->iter)(context, certs, certs->ops_data, cursor, cert);
-}
-
-/**
- * End the iteration over certificates.
- *
- * @param context a hx509 context.
- * @param certs certificate store to iterate over.
- * @param cursor cursor that will keep track of progress, freed.
- *
- * @return Returns an hx509 error code.
- *
- * @ingroup hx509_keyset
- */
-
-int
-hx509_certs_end_seq(hx509_context context,
-		    hx509_certs certs,
-		    hx509_cursor cursor)
-{
-    (*certs->ops->iter_end)(context, certs, certs->ops_data, cursor);
-    return 0;
-}
-
-/**
- * Iterate over all certificates in a keystore and call an function
- * for each fo them.
- *
- * @param context a hx509 context.
- * @param certs certificate store to iterate over.
- * @param func function to call for each certificate. The function
- * should return non-zero to abort the iteration, that value is passed
- * back to te caller of hx509_certs_iter().
- * @param ctx context variable that will passed to the function.
- *
- * @return Returns an hx509 error code.
- *
- * @ingroup hx509_keyset
- */
-
-int
-hx509_certs_iter(hx509_context context, 
-		 hx509_certs certs, 
-		 int (*func)(hx509_context, void *, hx509_cert),
-		 void *ctx)
-{
-    hx509_cursor cursor;
-    hx509_cert c;
-    int ret;
-
-    ret = hx509_certs_start_seq(context, certs, &cursor);
-    if (ret)
-	return ret;
-    
-    while (1) {
-	ret = hx509_certs_next_cert(context, certs, cursor, &c);
-	if (ret)
-	    break;
-	if (c == NULL) {
-	    ret = 0;
-	    break;
-	}
-	ret = (*func)(context, ctx, c);
-	hx509_cert_free(c);
-	if (ret)
-	    break;
-    }
-
-    hx509_certs_end_seq(context, certs, cursor);
-
-    return ret;
-}
-
-
-/**
- * Function to use to hx509_certs_iter() as a function argument, the
- * ctx variable to hx509_certs_iter() should be a FILE file descriptor.
- *
- * @param context a hx509 context.
- * @param ctx used by hx509_certs_iter().
- * @param c a certificate
- *
- * @return Returns an hx509 error code.
- *
- * @ingroup hx509_keyset
- */
-
-int
-hx509_ci_print_names(hx509_context context, void *ctx, hx509_cert c)
-{
-    Certificate *cert;
-    hx509_name n;
-    char *s, *i;
-
-    cert = _hx509_get_cert(c);
-
-    _hx509_name_from_Name(&cert->tbsCertificate.subject, &n);
-    hx509_name_to_string(n, &s);
-    hx509_name_free(&n);
-    _hx509_name_from_Name(&cert->tbsCertificate.issuer, &n);
-    hx509_name_to_string(n, &i);
-    hx509_name_free(&n);
-    fprintf(ctx, "subject: %s\nissuer: %s\n", s, i);
-    free(s);
-    free(i);
-    return 0;
-}
-
-/**
- * Add a certificate to the certificiate store.
- *
- * The receiving keyset certs will either increase reference counter
- * of the cert or make a deep copy, either way, the caller needs to
- * free the cert itself.
- *
- * @param context a hx509 context.
- * @param certs certificate store to add the certificate to.
- * @param cert certificate to add.
- *
- * @return Returns an hx509 error code.
- *
- * @ingroup hx509_keyset
- */
-
-int
-hx509_certs_add(hx509_context context, hx509_certs certs, hx509_cert cert)
-{
-    if (certs->ops->add == NULL) {
-	hx509_set_error_string(context, 0, ENOENT, 
-			       "Keyset type %s doesn't support add operation", 
-			       certs->ops->name);
-	return ENOENT;
-    }
-
-    return (*certs->ops->add)(context, certs, certs->ops_data, cert);
-}
-
-/**
- * Find a certificate matching the query.
- *
- * @param context a hx509 context.
- * @param certs certificate store to search.
- * @param q query allocated with @ref hx509_query functions.
- * @param r return certificate (or NULL on error), should be freed
- * with hx509_cert_free().
- *
- * @return Returns an hx509 error code.
- *
- * @ingroup hx509_keyset
- */
-
-int
-hx509_certs_find(hx509_context context,
-		 hx509_certs certs, 
-		 const hx509_query *q,
-		 hx509_cert *r)
-{
-    hx509_cursor cursor;
-    hx509_cert c;
-    int ret;
-
-    *r = NULL;
-
-    _hx509_query_statistic(context, 0, q);
-
-    if (certs->ops->query)
-	return (*certs->ops->query)(context, certs, certs->ops_data, q, r);
-
-    ret = hx509_certs_start_seq(context, certs, &cursor);
-    if (ret)
-	return ret;
-
-    c = NULL;
-    while (1) {
-	ret = hx509_certs_next_cert(context, certs, cursor, &c);
-	if (ret)
-	    break;
-	if (c == NULL)
-	    break;
-	if (_hx509_query_match_cert(context, q, c)) {
-	    *r = c;
-	    break;
-	}
-	hx509_cert_free(c);
-    }
-
-    hx509_certs_end_seq(context, certs, cursor);
-    if (ret)
-	return ret;
-    if (c == NULL) {
-	hx509_clear_error_string(context);
-	return HX509_CERT_NOT_FOUND;
-    }
-
-    return 0;
-}
-
-static int
-certs_merge_func(hx509_context context, void *ctx, hx509_cert c)
-{
-    return hx509_certs_add(context, (hx509_certs)ctx, c);
-}
-
-/**
- * Merge a certificate store into another. The from store is keep
- * intact.
- *
- * @param context a hx509 context.
- * @param to the store to merge into.
- * @param from the store to copy the object from.
- *
- * @return Returns an hx509 error code.
- *
- * @ingroup hx509_keyset
- */
-
-int
-hx509_certs_merge(hx509_context context, hx509_certs to, hx509_certs from)
-{
-    if (from == NULL)
-	return 0;
-    return hx509_certs_iter(context, from, certs_merge_func, to);
-}
-
-/**
- * Same a hx509_certs_merge() but use a lock and name to describe the
- * from source.
- *
- * @param context a hx509 context.
- * @param to the store to merge into.
- * @param lock a lock that unlocks the certificates store, use NULL to
- * select no password/certifictes/prompt lock (see @ref page_lock).
- * @param name name of the source store
- *
- * @return Returns an hx509 error code.
- *
- * @ingroup hx509_keyset
- */
-
-int
-hx509_certs_append(hx509_context context,
-		   hx509_certs to,
-		   hx509_lock lock,
-		   const char *name)
-{
-    hx509_certs s;
-    int ret;
-
-    ret = hx509_certs_init(context, name, 0, lock, &s);
-    if (ret)
-	return ret;
-    ret = hx509_certs_merge(context, to, s);
-    hx509_certs_free(&s);
-    return ret;
-}
-
-/**
- * Get one random certificate from the certificate store.
- *
- * @param context a hx509 context.
- * @param certs a certificate store to get the certificate from.
- * @param c return certificate, should be freed with hx509_cert_free().
- *
- * @return Returns an hx509 error code.
- *
- * @ingroup hx509_keyset
- */
-
-int
-hx509_get_one_cert(hx509_context context, hx509_certs certs, hx509_cert *c)
-{
-    hx509_cursor cursor;
-    int ret;
-
-    *c = NULL;
-
-    ret = hx509_certs_start_seq(context, certs, &cursor);
-    if (ret)
-	return ret;
-
-    ret = hx509_certs_next_cert(context, certs, cursor, c);
-    if (ret)
-	return ret;
-
-    hx509_certs_end_seq(context, certs, cursor);
-    return 0;
-}
-
-static int
-certs_info_stdio(void *ctx, const char *str)
-{
-    FILE *f = ctx;
-    fprintf(f, "%s\n", str);
-    return 0;
-}
-
-/**
- * Print some info about the certificate store.
- *
- * @param context a hx509 context.
- * @param certs certificate store to print information about.
- * @param func function that will get each line of the information, if
- * NULL is used the data is printed on a FILE descriptor that should
- * be passed in ctx, if ctx also is NULL, stdout is used.
- * @param ctx parameter to func.
- *
- * @return Returns an hx509 error code.
- *
- * @ingroup hx509_keyset
- */
-
-int
-hx509_certs_info(hx509_context context, 
-		 hx509_certs certs,
-		 int (*func)(void *, const char *),
-		 void *ctx)
-{
-    if (func == NULL) {
-	func = certs_info_stdio;
-	if (ctx == NULL)
-	    ctx = stdout;
-    }
-    if (certs->ops->printinfo == NULL) {
-	(*func)(ctx, "No info function for certs");
-	return 0;
-    }
-    return (*certs->ops->printinfo)(context, certs, certs->ops_data,
-				    func, ctx);
-}
-
-void
-_hx509_pi_printf(int (*func)(void *, const char *), void *ctx,
-		 const char *fmt, ...)
-{
-    va_list ap;
-    char *str;
-
-    va_start(ap, fmt);
-    vasprintf(&str, fmt, ap);
-    va_end(ap);
-    if (str == NULL)
-	return;
-    (*func)(ctx, str);
-    free(str);
-}
-
-int
-_hx509_certs_keys_get(hx509_context context, 
-		      hx509_certs certs, 
-		      hx509_private_key **keys)
-{
-    if (certs->ops->getkeys == NULL) {
-	*keys = NULL;
-	return 0;
-    }
-    return (*certs->ops->getkeys)(context, certs, certs->ops_data, keys);
-}
-
-int
-_hx509_certs_keys_add(hx509_context context, 
-		      hx509_certs certs, 
-		      hx509_private_key key)
-{
-    if (certs->ops->addkey == NULL) {
-	hx509_set_error_string(context, 0, EINVAL,
-			       "keystore if type %s doesn't support "
-			       "key add operation",
-			       certs->ops->name);
-	return EINVAL;
-    }
-    return (*certs->ops->addkey)(context, certs, certs->ops_data, key);
-}
-
-
-void
-_hx509_certs_keys_free(hx509_context context,
-		       hx509_private_key *keys)
-{
-    int i;
-    for (i = 0; keys[i]; i++)
-	_hx509_private_key_free(&keys[i]);
-    free(keys);
-}
diff --git a/crypto/heimdal/lib/hx509/ks_dir.c b/crypto/heimdal/lib/hx509/ks_dir.c
deleted file mode 100644
index a0bc875e5b8c..000000000000
--- a/crypto/heimdal/lib/hx509/ks_dir.c
+++ /dev/null
@@ -1,223 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-RCSID("$Id: ks_dir.c 19778 2007-01-09 10:52:13Z lha $");
-#include <dirent.h>
-
-/*
- * The DIR keyset module is strange compared to the other modules
- * since it does lazy evaluation and really doesn't keep any local
- * state except for the directory iteration and cert iteration of
- * files. DIR ignores most errors so that the consumer doesn't get
- * failes for stray files in directories.
- */
-
-struct dircursor {
-    DIR *dir;
-    hx509_certs certs;
-    void *iter;
-};
-
-/*
- *
- */
-
-static int
-dir_init(hx509_context context,
-	 hx509_certs certs, void **data, int flags, 
-	 const char *residue, hx509_lock lock)
-{
-    *data = NULL;
-
-    {
-	struct stat sb;
-	int ret;
-
-	ret = stat(residue, &sb);
-	if (ret == -1) {
-	    hx509_set_error_string(context, 0, ENOENT,
-				   "No such file %s", residue);
-	    return ENOENT;
-	}
-
-	if ((sb.st_mode & S_IFDIR) == 0) {
-	    hx509_set_error_string(context, 0, ENOTDIR,
-				   "%s is not a directory", residue);
-	    return ENOTDIR;
-	}
-    }
-
-    *data = strdup(residue);
-    if (*data == NULL) {
-	hx509_clear_error_string(context);
-	return ENOMEM;
-    }
-
-    return 0;
-}
-
-static int
-dir_free(hx509_certs certs, void *data)
-{
-    free(data);
-    return 0;
-}
-
-
-
-static int 
-dir_iter_start(hx509_context context,
-	       hx509_certs certs, void *data, void **cursor)
-{
-    struct dircursor *d;
-
-    *cursor = NULL;
-
-    d = calloc(1, sizeof(*d));
-    if (d == NULL) {
-	hx509_clear_error_string(context);
-	return ENOMEM;
-    }
-
-    d->dir = opendir(data);
-    if (d->dir == NULL) {
-	hx509_clear_error_string(context);
-	free(d);
-	return errno;
-    }
-    d->certs = NULL;
-    d->iter = NULL;
-
-    *cursor = d;
-    return 0;
-}
-
-static int
-dir_iter(hx509_context context,
-	 hx509_certs certs, void *data, void *iter, hx509_cert *cert)
-{
-    struct dircursor *d = iter;
-    int ret = 0;
-    
-    *cert = NULL;
-
-    do {
-	struct dirent *dir;
-	char *fn;
-
-	if (d->certs) {
-	    ret = hx509_certs_next_cert(context, d->certs, d->iter, cert);
-	    if (ret) {
-		hx509_certs_end_seq(context, d->certs, d->iter);
-		d->iter = NULL;
-		hx509_certs_free(&d->certs);
-		return ret;
-	    }
-	    if (*cert) {
-		ret = 0;
-		break;
-	    }
-	    hx509_certs_end_seq(context, d->certs, d->iter);
-	    d->iter = NULL;
-	    hx509_certs_free(&d->certs);
-	}
-
-	dir = readdir(d->dir);
-	if (dir == NULL) {
-	    ret = 0;
-	    break;
-	}
-	if (strcmp(dir->d_name, ".") == 0 || strcmp(dir->d_name, "..") == 0)
-	    continue;
-	
-	if (asprintf(&fn, "FILE:%s/%s", (char *)data, dir->d_name) == -1)
-	    return ENOMEM;
-	
-	ret = hx509_certs_init(context, fn, 0, NULL, &d->certs);
-	if (ret == 0) {
-
-	    ret = hx509_certs_start_seq(context, d->certs, &d->iter);
-	    if (ret)
-	    hx509_certs_free(&d->certs);
-	}
-	/* ignore errors */
-	if (ret) {
-	    d->certs = NULL;
-	    ret = 0;
-	}
-
-	free(fn);
-    } while(ret == 0);
-
-    return ret;
-}
-
-
-static int
-dir_iter_end(hx509_context context,
-	     hx509_certs certs,
-	     void *data,
-	     void *cursor)
-{
-    struct dircursor *d = cursor;
-
-    if (d->certs) {
-	hx509_certs_end_seq(context, d->certs, d->iter);
-	d->iter = NULL;
-	hx509_certs_free(&d->certs);
-    }
-    closedir(d->dir);
-    free(d);
-    return 0;
-}
-
-
-static struct hx509_keyset_ops keyset_dir = {
-    "DIR",
-    0,
-    dir_init,
-    NULL,
-    dir_free,
-    NULL,
-    NULL,
-    dir_iter_start,
-    dir_iter,
-    dir_iter_end
-};
-
-void
-_hx509_ks_dir_register(hx509_context context)
-{
-    _hx509_ks_register(context, &keyset_dir);
-}
diff --git a/crypto/heimdal/lib/hx509/ks_file.c b/crypto/heimdal/lib/hx509/ks_file.c
deleted file mode 100644
index 87b97af401c5..000000000000
--- a/crypto/heimdal/lib/hx509/ks_file.c
+++ /dev/null
@@ -1,643 +0,0 @@
-/*
- * Copyright (c) 2005 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-RCSID("$Id: ks_file.c 22465 2008-01-16 14:25:24Z lha $");
-
-typedef enum { USE_PEM, USE_DER } outformat;
-
-struct ks_file {
-    hx509_certs certs;
-    char *fn;
-    outformat format;
-};
-
-/*
- *
- */
-
-static int
-parse_certificate(hx509_context context, const char *fn, 
-		  struct hx509_collector *c, 
-		  const hx509_pem_header *headers,
-		  const void *data, size_t len)
-{
-    hx509_cert cert;
-    int ret;
-
-    ret = hx509_cert_init_data(context, data, len, &cert);
-    if (ret)
-	return ret;
-
-    ret = _hx509_collector_certs_add(context, c, cert);
-    hx509_cert_free(cert);
-    return ret;
-}
-
-static int
-try_decrypt(hx509_context context,
-	    struct hx509_collector *collector,
-	    const AlgorithmIdentifier *alg,
-	    const EVP_CIPHER *c,
-	    const void *ivdata,
-	    const void *password,
-	    size_t passwordlen,
-	    const void *cipher,
-	    size_t len)
-{
-    heim_octet_string clear;
-    size_t keylen;
-    void *key;
-    int ret;
-
-    keylen = EVP_CIPHER_key_length(c);
-
-    key = malloc(keylen);
-    if (key == NULL) {
-	hx509_clear_error_string(context);
-	return ENOMEM;
-    }
-
-    ret = EVP_BytesToKey(c, EVP_md5(), ivdata,
-			 password, passwordlen,
-			 1, key, NULL);
-    if (ret <= 0) {
-	hx509_set_error_string(context, 0, HX509_CRYPTO_INTERNAL_ERROR,
-			       "Failed to do string2key for private key");
-	return HX509_CRYPTO_INTERNAL_ERROR;
-    }
-
-    clear.data = malloc(len);
-    if (clear.data == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM,
-			       "Out of memory to decrypt for private key");
-	ret = ENOMEM;
-	goto out;
-    }
-    clear.length = len;
-
-    {
-	EVP_CIPHER_CTX ctx;
-	EVP_CIPHER_CTX_init(&ctx);
-	EVP_CipherInit_ex(&ctx, c, NULL, key, ivdata, 0);
-	EVP_Cipher(&ctx, clear.data, cipher, len);
-	EVP_CIPHER_CTX_cleanup(&ctx);
-    }	
-
-    ret = _hx509_collector_private_key_add(context,
-					   collector,
-					   alg,
-					   NULL,
-					   &clear,
-					   NULL);
-
-    memset(clear.data, 0, clear.length);
-    free(clear.data);
-out:
-    memset(key, 0, keylen);
-    free(key);
-    return ret;
-}
-
-static int
-parse_rsa_private_key(hx509_context context, const char *fn,
-		      struct hx509_collector *c, 
-		      const hx509_pem_header *headers,
-		      const void *data, size_t len)
-{
-    int ret = 0;
-    const char *enc;
-
-    enc = hx509_pem_find_header(headers, "Proc-Type");
-    if (enc) {
-	const char *dek;
-	char *type, *iv;
-	ssize_t ssize, size;
-	void *ivdata;
-	const EVP_CIPHER *cipher;
-	const struct _hx509_password *pw;
-	hx509_lock lock;
-	int i, decrypted = 0;
-
-	lock = _hx509_collector_get_lock(c);
-	if (lock == NULL) {
-	    hx509_set_error_string(context, 0, HX509_ALG_NOT_SUPP,
-				   "Failed to get password for "
-				   "password protected file %s", fn);
-	    return HX509_ALG_NOT_SUPP;
-	}
-
-	if (strcmp(enc, "4,ENCRYPTED") != 0) {
-	    hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
-				   "RSA key encrypted in unknown method %s "
-				   "in file",
-				   enc, fn);
-	    hx509_clear_error_string(context);
-	    return HX509_PARSING_KEY_FAILED;
-	}
-
-	dek = hx509_pem_find_header(headers, "DEK-Info");
-	if (dek == NULL) {
-	    hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
-				   "Encrypted RSA missing DEK-Info");
-	    return HX509_PARSING_KEY_FAILED;
-	}
-
-	type = strdup(dek);
-	if (type == NULL) {
-	    hx509_clear_error_string(context);
-	    return ENOMEM;
-	}
-
-	iv = strchr(type, ',');
-	if (iv == NULL) {
-	    free(type);
-	    hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
-				   "IV missing");
-	    return HX509_PARSING_KEY_FAILED;
-	}
-
-	*iv++ = '\0';
-
-	size = strlen(iv);
-	ivdata = malloc(size);
-	if (ivdata == NULL) {
-	    hx509_clear_error_string(context);
-	    free(type);
-	    return ENOMEM;
-	}
-
-	cipher = EVP_get_cipherbyname(type);
-	if (cipher == NULL) {
-	    free(ivdata);
-	    hx509_set_error_string(context, 0, HX509_ALG_NOT_SUPP,
-				   "RSA key encrypted with "
-				   "unsupported cipher: %s",
-				   type);
-	    free(type);
-	    return HX509_ALG_NOT_SUPP;
-	}
-
-#define PKCS5_SALT_LEN 8
-
-	ssize = hex_decode(iv, ivdata, size);
-	free(type);
-	type = NULL;
-	iv = NULL;
-
-	if (ssize < 0 || ssize < PKCS5_SALT_LEN || ssize < EVP_CIPHER_iv_length(cipher)) {
-	    free(ivdata);
-	    hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
-				   "Salt have wrong length in RSA key file");
-	    return HX509_PARSING_KEY_FAILED;
-	}
-	
-	pw = _hx509_lock_get_passwords(lock);
-	if (pw != NULL) {
-	    const void *password;
-	    size_t passwordlen;
-
-	    for (i = 0; i < pw->len; i++) {
-		password = pw->val[i];
-		passwordlen = strlen(password);
-		
-		ret = try_decrypt(context, c, hx509_signature_rsa(),
-				  cipher, ivdata, password, passwordlen,
-				  data, len);
-		if (ret == 0) {
-		    decrypted = 1;
-		    break;
-		}
-	    }
-	}
-	if (!decrypted) {
-	    hx509_prompt prompt;
-	    char password[128];
-
-	    memset(&prompt, 0, sizeof(prompt));
-
-	    prompt.prompt = "Password for keyfile: ";
-	    prompt.type = HX509_PROMPT_TYPE_PASSWORD;
-	    prompt.reply.data = password;
-	    prompt.reply.length = sizeof(password);
-
-	    ret = hx509_lock_prompt(lock, &prompt);
-	    if (ret == 0)
-		ret = try_decrypt(context, c, hx509_signature_rsa(),
-				  cipher, ivdata, password, strlen(password),
-				  data, len);
-	    /* XXX add password to lock password collection ? */
-	    memset(password, 0, sizeof(password));
-	}
-	free(ivdata);
-
-    } else {
-	heim_octet_string keydata;
-
-	keydata.data = rk_UNCONST(data);
-	keydata.length = len;
-
-	ret = _hx509_collector_private_key_add(context,
-					       c,
-					       hx509_signature_rsa(),
-					       NULL,
-					       &keydata,
-					       NULL);
-    }
-
-    return ret;
-}
-
-
-struct pem_formats {
-    const char *name;
-    int (*func)(hx509_context, const char *, struct hx509_collector *, 
-		const hx509_pem_header *, const void *, size_t);
-} formats[] = {
-    { "CERTIFICATE", parse_certificate },
-    { "RSA PRIVATE KEY", parse_rsa_private_key }
-};
-
-
-struct pem_ctx {
-    int flags;
-    struct hx509_collector *c;
-};
-
-static int
-pem_func(hx509_context context, const char *type,
-	 const hx509_pem_header *header,
-	 const void *data, size_t len, void *ctx)
-{
-    struct pem_ctx *pem_ctx = (struct pem_ctx*)ctx;
-    int ret = 0, j;
-
-    for (j = 0; j < sizeof(formats)/sizeof(formats[0]); j++) {
-	const char *q = formats[j].name;
-	if (strcasecmp(type, q) == 0) {
-	    ret = (*formats[j].func)(context, NULL, pem_ctx->c,  header, data, len);
-	    if (ret == 0)
-		break;
-	}
-    }
-    if (j == sizeof(formats)/sizeof(formats[0])) {
-	ret = HX509_UNSUPPORTED_OPERATION;
-	hx509_set_error_string(context, 0, ret,
-			       "Found no matching PEM format for %s", type);
-	return ret;
-    }
-    if (ret && (pem_ctx->flags & HX509_CERTS_UNPROTECT_ALL))
-	return ret;
-    return 0;
-}
-
-/*
- *
- */
-
-static int
-file_init_common(hx509_context context,
-		 hx509_certs certs, void **data, int flags, 
-		 const char *residue, hx509_lock lock, outformat format)
-{
-    char *p, *pnext;
-    struct ks_file *f = NULL;
-    hx509_private_key *keys = NULL;
-    int ret;
-    struct pem_ctx pem_ctx;
-
-    pem_ctx.flags = flags;
-    pem_ctx.c = NULL;
-
-    *data = NULL;
-
-    if (lock == NULL)
-	lock = _hx509_empty_lock;
-
-    f = calloc(1, sizeof(*f));
-    if (f == NULL) {
-	hx509_clear_error_string(context);
-	return ENOMEM;
-    }
-    f->format = format;
-
-    f->fn = strdup(residue);
-    if (f->fn == NULL) {
-	hx509_clear_error_string(context);
-	ret = ENOMEM;
-	goto out;
-    }
-
-    /* 
-     * XXX this is broken, the function should parse the file before
-     * overwriting it
-     */
-
-    if (flags & HX509_CERTS_CREATE) {
-	ret = hx509_certs_init(context, "MEMORY:ks-file-create", 
-			       0, lock, &f->certs);
-	if (ret)
-	    goto out;
-	*data = f;
-	return 0;
-    }
-
-    ret = _hx509_collector_alloc(context, lock, &pem_ctx.c);
-    if (ret)
-	goto out;
-
-    for (p = f->fn; p != NULL; p = pnext) {
-	FILE *f;
-
-	pnext = strchr(p, ',');
-	if (pnext)
-	    *pnext++ = '\0';
-	
-
-	if ((f = fopen(p, "r")) == NULL) {
-	    ret = ENOENT;
-	    hx509_set_error_string(context, 0, ret, 
-				   "Failed to open PEM file \"%s\": %s", 
-				   p, strerror(errno));
-	    goto out;
-	}
-
-	ret = hx509_pem_read(context, f, pem_func, &pem_ctx);
-	fclose(f);		     
-	if (ret != 0 && ret != HX509_PARSING_KEY_FAILED)
-	    goto out;
-	else if (ret == HX509_PARSING_KEY_FAILED) {
-	    size_t length;
-	    void *ptr;
-	    int i;
-
-	    ret = _hx509_map_file(p, &ptr, &length, NULL);
-	    if (ret) {
-		hx509_clear_error_string(context);
-		goto out;
-	    }
-
-	    for (i = 0; i < sizeof(formats)/sizeof(formats[0]); i++) {
-		ret = (*formats[i].func)(context, p, pem_ctx.c, NULL, ptr, length);
-		if (ret == 0)
-		    break;
-	    }
-	    _hx509_unmap_file(ptr, length);
-	    if (ret)
-		goto out;
-	}
-    }
-
-    ret = _hx509_collector_collect_certs(context, pem_ctx.c, &f->certs);
-    if (ret)
-	goto out;
-
-    ret = _hx509_collector_collect_private_keys(context, pem_ctx.c, &keys);
-    if (ret == 0) {
-	int i;
-
-	for (i = 0; keys[i]; i++)
-	    _hx509_certs_keys_add(context, f->certs, keys[i]);
-	_hx509_certs_keys_free(context, keys);
-    }
-
-out:
-    if (ret == 0)
-	*data = f;
-    else {
-	if (f->fn)
-	    free(f->fn);
-	free(f);
-    }
-    if (pem_ctx.c)
-	_hx509_collector_free(pem_ctx.c);
-
-    return ret;
-}
-
-static int
-file_init_pem(hx509_context context,
-	      hx509_certs certs, void **data, int flags, 
-	      const char *residue, hx509_lock lock)
-{
-    return file_init_common(context, certs, data, flags, residue, lock, USE_PEM);
-}
-
-static int
-file_init_der(hx509_context context,
-	      hx509_certs certs, void **data, int flags, 
-	      const char *residue, hx509_lock lock)
-{
-    return file_init_common(context, certs, data, flags, residue, lock, USE_DER);
-}
-
-static int
-file_free(hx509_certs certs, void *data)
-{
-    struct ks_file *f = data;
-    hx509_certs_free(&f->certs);
-    free(f->fn);
-    free(f);
-    return 0;
-}
-
-struct store_ctx {
-    FILE *f;
-    outformat format;
-};
-
-static int
-store_func(hx509_context context, void *ctx, hx509_cert c)
-{
-    struct store_ctx *sc = ctx;
-    heim_octet_string data;
-    int ret;
-
-    ret = hx509_cert_binary(context, c, &data);
-    if (ret)
-	return ret;
-    
-    switch (sc->format) {
-    case USE_DER:
-	fwrite(data.data, data.length, 1, sc->f);
-	free(data.data);
-	break;
-    case USE_PEM:
-	hx509_pem_write(context, "CERTIFICATE", NULL, sc->f, 
-			data.data, data.length);
-	free(data.data);
-	if (_hx509_cert_private_key_exportable(c)) {
-	    hx509_private_key key = _hx509_cert_private_key(c);
-	    ret = _hx509_private_key_export(context, key, &data);
-	    if (ret)
-		break;
-	    hx509_pem_write(context, _hx509_private_pem_name(key), NULL, sc->f,
-			    data.data, data.length);
-	    free(data.data);
-	}
-	break;
-    }
-
-    return 0;
-}
-
-static int
-file_store(hx509_context context, 
-	   hx509_certs certs, void *data, int flags, hx509_lock lock)
-{
-    struct ks_file *f = data;
-    struct store_ctx sc;
-    int ret;
-
-    sc.f = fopen(f->fn, "w");
-    if (sc.f == NULL) {
-	hx509_set_error_string(context, 0, ENOENT,
-			       "Failed to open file %s for writing");
-	return ENOENT;
-    }
-    sc.format = f->format;
-
-    ret = hx509_certs_iter(context, f->certs, store_func, &sc);
-    fclose(sc.f);
-    return ret;
-}
-
-static int 
-file_add(hx509_context context, hx509_certs certs, void *data, hx509_cert c)
-{
-    struct ks_file *f = data;
-    return hx509_certs_add(context, f->certs, c);
-}
-
-static int 
-file_iter_start(hx509_context context,
-		hx509_certs certs, void *data, void **cursor)
-{
-    struct ks_file *f = data;
-    return hx509_certs_start_seq(context, f->certs, cursor);
-}
-
-static int
-file_iter(hx509_context context,
-	  hx509_certs certs, void *data, void *iter, hx509_cert *cert)
-{
-    struct ks_file *f = data;
-    return hx509_certs_next_cert(context, f->certs, iter, cert);
-}
-
-static int
-file_iter_end(hx509_context context,
-	      hx509_certs certs,
-	      void *data,
-	      void *cursor)
-{
-    struct ks_file *f = data;
-    return hx509_certs_end_seq(context, f->certs, cursor);
-}
-
-static int
-file_getkeys(hx509_context context,
-	     hx509_certs certs,
-	     void *data,
-	     hx509_private_key **keys)
-{
-    struct ks_file *f = data;
-    return _hx509_certs_keys_get(context, f->certs, keys);
-}
-
-static int
-file_addkey(hx509_context context,
-	     hx509_certs certs,
-	     void *data,
-	     hx509_private_key key)
-{
-    struct ks_file *f = data;
-    return _hx509_certs_keys_add(context, f->certs, key);
-}
-
-static struct hx509_keyset_ops keyset_file = {
-    "FILE",
-    0,
-    file_init_pem,
-    file_store,
-    file_free,
-    file_add,
-    NULL,
-    file_iter_start,
-    file_iter,
-    file_iter_end,
-    NULL,
-    file_getkeys,
-    file_addkey
-};
-
-static struct hx509_keyset_ops keyset_pemfile = {
-    "PEM-FILE",
-    0,
-    file_init_pem,
-    file_store,
-    file_free,
-    file_add,
-    NULL,
-    file_iter_start,
-    file_iter,
-    file_iter_end,
-    NULL,
-    file_getkeys,
-    file_addkey
-};
-
-static struct hx509_keyset_ops keyset_derfile = {
-    "DER-FILE",
-    0,
-    file_init_der,
-    file_store,
-    file_free,
-    file_add,
-    NULL,
-    file_iter_start,
-    file_iter,
-    file_iter_end,
-    NULL,
-    file_getkeys,
-    file_addkey
-};
-
-
-void
-_hx509_ks_file_register(hx509_context context)
-{
-    _hx509_ks_register(context, &keyset_file);
-    _hx509_ks_register(context, &keyset_pemfile);
-    _hx509_ks_register(context, &keyset_derfile);
-}
diff --git a/crypto/heimdal/lib/hx509/ks_keychain.c b/crypto/heimdal/lib/hx509/ks_keychain.c
deleted file mode 100644
index f8181975d9d5..000000000000
--- a/crypto/heimdal/lib/hx509/ks_keychain.c
+++ /dev/null
@@ -1,548 +0,0 @@
-/*
- * Copyright (c) 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-RCSID("$Id: ks_keychain.c 22084 2007-11-16 20:12:30Z lha $");
-
-#ifdef HAVE_FRAMEWORK_SECURITY
-
-#include <Security/Security.h>
-
-/* Missing function decls in pre Leopard */
-#ifdef NEED_SECKEYGETCSPHANDLE_PROTO
-OSStatus SecKeyGetCSPHandle(SecKeyRef, CSSM_CSP_HANDLE *);
-OSStatus SecKeyGetCredentials(SecKeyRef, CSSM_ACL_AUTHORIZATION_TAG,
-			      int, const CSSM_ACCESS_CREDENTIALS **);
-#define kSecCredentialTypeDefault 0
-#endif
-
-
-static int
-getAttribute(SecKeychainItemRef itemRef, SecItemAttr item,
-	     SecKeychainAttributeList **attrs)
-{	     
-    SecKeychainAttributeInfo attrInfo;
-    UInt32 attrFormat = 0;
-    OSStatus ret;
-
-    *attrs = NULL;
-
-    attrInfo.count = 1;
-    attrInfo.tag = &item;
-    attrInfo.format = &attrFormat;
-  
-    ret = SecKeychainItemCopyAttributesAndData(itemRef, &attrInfo, NULL,
-					       attrs, NULL, NULL);
-    if (ret)
-	return EINVAL;
-    return 0;
-}
-
-
-/*
- *
- */
-
-struct kc_rsa {
-    SecKeychainItemRef item;
-    size_t keysize;
-};
-
-
-static int
-kc_rsa_public_encrypt(int flen,
-		      const unsigned char *from,
-		      unsigned char *to,
-		      RSA *rsa,
-		      int padding)
-{
-    return -1;
-}
-
-static int
-kc_rsa_public_decrypt(int flen,
-		      const unsigned char *from,
-		      unsigned char *to,
-		      RSA *rsa,
-		      int padding)
-{
-    return -1;
-}
-
-
-static int
-kc_rsa_private_encrypt(int flen, 
-		       const unsigned char *from,
-		       unsigned char *to,
-		       RSA *rsa,
-		       int padding)
-{
-    struct kc_rsa *kc = RSA_get_app_data(rsa);
-
-    CSSM_RETURN cret;
-    OSStatus ret;
-    const CSSM_ACCESS_CREDENTIALS *creds;
-    SecKeyRef privKeyRef = (SecKeyRef)kc->item;
-    CSSM_CSP_HANDLE cspHandle;
-    const CSSM_KEY *cssmKey;
-    CSSM_CC_HANDLE sigHandle = 0;
-    CSSM_DATA sig, in;
-    int fret = 0;
-
-
-    cret = SecKeyGetCSSMKey(privKeyRef, &cssmKey);
-    if(cret) abort();
-
-    cret = SecKeyGetCSPHandle(privKeyRef, &cspHandle);
-    if(cret) abort();
-
-    ret = SecKeyGetCredentials(privKeyRef, CSSM_ACL_AUTHORIZATION_SIGN,
-			       kSecCredentialTypeDefault, &creds);
-    if(ret) abort();
-
-    ret = CSSM_CSP_CreateSignatureContext(cspHandle, CSSM_ALGID_RSA,
-					  creds, cssmKey, &sigHandle);
-    if(ret) abort();
-
-    in.Data = (uint8 *)from;
-    in.Length = flen;
-	
-    sig.Data = (uint8 *)to;
-    sig.Length = kc->keysize;
-	
-    cret = CSSM_SignData(sigHandle, &in, 1, CSSM_ALGID_NONE, &sig);
-    if(cret) {
-	/* cssmErrorString(cret); */
-	fret = -1;
-    } else
-	fret = sig.Length;
-
-    if(sigHandle)
-	CSSM_DeleteContext(sigHandle);
-
-    return fret;
-}
-
-static int
-kc_rsa_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
-		       RSA * rsa, int padding)
-{
-    return -1;
-}
-
-static int 
-kc_rsa_init(RSA *rsa)
-{
-    return 1;
-}
-
-static int
-kc_rsa_finish(RSA *rsa)
-{
-    struct kc_rsa *kc_rsa = RSA_get_app_data(rsa);
-    CFRelease(kc_rsa->item);
-    memset(kc_rsa, 0, sizeof(*kc_rsa));
-    free(kc_rsa);
-    return 1;
-}
-
-static const RSA_METHOD kc_rsa_pkcs1_method = {
-    "hx509 Keychain PKCS#1 RSA",
-    kc_rsa_public_encrypt,
-    kc_rsa_public_decrypt,
-    kc_rsa_private_encrypt,
-    kc_rsa_private_decrypt,
-    NULL,
-    NULL,
-    kc_rsa_init,
-    kc_rsa_finish,
-    0,
-    NULL,
-    NULL,
-    NULL
-};
-
-static int
-set_private_key(hx509_context context,
-		SecKeychainItemRef itemRef,
-		hx509_cert cert)
-{
-    struct kc_rsa *kc;
-    hx509_private_key key;
-    RSA *rsa;
-    int ret;
-
-    ret = _hx509_private_key_init(&key, NULL, NULL);
-    if (ret)
-	return ret;
-
-    kc = calloc(1, sizeof(*kc));
-    if (kc == NULL)
-	_hx509_abort("out of memory");
-
-    kc->item = itemRef;
-
-    rsa = RSA_new();
-    if (rsa == NULL)
-	_hx509_abort("out of memory");
-
-    /* Argh, fake modulus since OpenSSL API is on crack */
-    {
-	SecKeychainAttributeList *attrs = NULL;
-	uint32_t size;
-	void *data;
-
-	rsa->n = BN_new();
-	if (rsa->n == NULL) abort();
-
-	ret = getAttribute(itemRef, kSecKeyKeySizeInBits, &attrs);
-	if (ret) abort();
-
-	size = *(uint32_t *)attrs->attr[0].data;
-	SecKeychainItemFreeAttributesAndData(attrs, NULL);
-
-	kc->keysize = (size + 7) / 8;
-
-	data = malloc(kc->keysize);
-	memset(data, 0xe0, kc->keysize);
-	BN_bin2bn(data, kc->keysize, rsa->n);
-	free(data);
-    }
-    rsa->e = NULL;
-
-    RSA_set_method(rsa, &kc_rsa_pkcs1_method);
-    ret = RSA_set_app_data(rsa, kc);
-    if (ret != 1)
-	_hx509_abort("RSA_set_app_data");
-
-    _hx509_private_key_assign_rsa(key, rsa);
-    _hx509_cert_assign_key(cert, key);
-
-    return 0;
-}
-
-/*
- *
- */
-
-struct ks_keychain {
-    int anchors;
-    SecKeychainRef keychain;
-};
-
-static int
-keychain_init(hx509_context context,
-	      hx509_certs certs, void **data, int flags,
-	      const char *residue, hx509_lock lock)
-{
-    struct ks_keychain *ctx;
-
-    ctx = calloc(1, sizeof(*ctx));
-    if (ctx == NULL) {
-	hx509_clear_error_string(context);
-	return ENOMEM;
-    }
-
-    if (residue) {
-	if (strcasecmp(residue, "system-anchors") == 0) {
-	    ctx->anchors = 1;
-	} else if (strncasecmp(residue, "FILE:", 5) == 0) {
-	    OSStatus ret;
-
-	    ret = SecKeychainOpen(residue + 5, &ctx->keychain);
-	    if (ret != noErr) {
-		hx509_set_error_string(context, 0, ENOENT, 
-				       "Failed to open %s", residue);
-		return ENOENT;
-	    }
-	} else {
-	    hx509_set_error_string(context, 0, ENOENT, 
-				   "Unknown subtype %s", residue);
-	    return ENOENT;
-	}
-    }
-
-    *data = ctx;
-    return 0;
-}
-
-/*
- *
- */
-
-static int
-keychain_free(hx509_certs certs, void *data)
-{
-    struct ks_keychain *ctx = data;
-    if (ctx->keychain)
-	CFRelease(ctx->keychain);
-    memset(ctx, 0, sizeof(*ctx));
-    free(ctx);
-    return 0;
-}
-
-/*
- *
- */
-
-struct iter {
-    hx509_certs certs;
-    void *cursor;
-    SecKeychainSearchRef searchRef;
-};
-
-static int 
-keychain_iter_start(hx509_context context,
-		    hx509_certs certs, void *data, void **cursor)
-{
-    struct ks_keychain *ctx = data;
-    struct iter *iter;
-
-    iter = calloc(1, sizeof(*iter));
-    if (iter == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-
-    if (ctx->anchors) {
-        CFArrayRef anchors;
-	int ret;
-	int i;
-
-	ret = hx509_certs_init(context, "MEMORY:ks-file-create", 
-			       0, NULL, &iter->certs);
-	if (ret) {
-	    free(iter);
-	    return ret;
-	}
-
-	ret = SecTrustCopyAnchorCertificates(&anchors);
-	if (ret != 0) {
-	    hx509_certs_free(&iter->certs);
-	    free(iter);
-	    hx509_set_error_string(context, 0, ENOMEM, 
-				   "Can't get trust anchors from Keychain");
-	    return ENOMEM;
-	}
-	for (i = 0; i < CFArrayGetCount(anchors); i++) {
-	    SecCertificateRef cr; 
-	    hx509_cert cert;
-	    CSSM_DATA cssm;
-
-	    cr = (SecCertificateRef)CFArrayGetValueAtIndex(anchors, i);
-
-	    SecCertificateGetData(cr, &cssm);
-
-	    ret = hx509_cert_init_data(context, cssm.Data, cssm.Length, &cert);
-	    if (ret)
-		continue;
-
-	    ret = hx509_certs_add(context, iter->certs, cert);
-	    hx509_cert_free(cert);
-	}
-	CFRelease(anchors);
-    }
-
-    if (iter->certs) {
-	int ret;
-	ret = hx509_certs_start_seq(context, iter->certs, &iter->cursor);
-	if (ret) {
-	    hx509_certs_free(&iter->certs);
-	    free(iter);
-	    return ret;
-	}
-    } else {
-	OSStatus ret;
-
-	ret = SecKeychainSearchCreateFromAttributes(ctx->keychain,
-						    kSecCertificateItemClass,
-						    NULL,
-						    &iter->searchRef);
-	if (ret) {
-	    free(iter);
-	    hx509_set_error_string(context, 0, ret, 
-				   "Failed to start search for attributes");
-	    return ENOMEM;
-	}
-    }
-
-    *cursor = iter;
-    return 0;
-}
-
-/*
- *
- */
-
-static int
-keychain_iter(hx509_context context,
-	      hx509_certs certs, void *data, void *cursor, hx509_cert *cert)
-{
-    SecKeychainAttributeList *attrs = NULL;
-    SecKeychainAttributeInfo attrInfo;
-    UInt32 attrFormat[1] = { 0 };
-    SecKeychainItemRef itemRef;
-    SecItemAttr item[1];
-    struct iter *iter = cursor;
-    OSStatus ret;
-    UInt32 len;
-    void *ptr = NULL;
-
-    if (iter->certs)
-	return hx509_certs_next_cert(context, iter->certs, iter->cursor, cert);
-
-    *cert = NULL;
-
-    ret = SecKeychainSearchCopyNext(iter->searchRef, &itemRef);
-    if (ret == errSecItemNotFound)
-	return 0;
-    else if (ret != 0)
-	return EINVAL;
-	
-    /*
-     * Pick out certificate and matching "keyid"
-     */
-
-    item[0] = kSecPublicKeyHashItemAttr;
-
-    attrInfo.count = 1;
-    attrInfo.tag = item;
-    attrInfo.format = attrFormat;
-  
-    ret = SecKeychainItemCopyAttributesAndData(itemRef, &attrInfo, NULL,
-					       &attrs, &len, &ptr);
-    if (ret)
-	return EINVAL;
-
-    ret = hx509_cert_init_data(context, ptr, len, cert);
-    if (ret)
-	goto out;
-
-    /* 
-     * Find related private key if there is one by looking at
-     * kSecPublicKeyHashItemAttr == kSecKeyLabel
-     */
-    {
-	SecKeychainSearchRef search;
-	SecKeychainAttribute attrKeyid;
-	SecKeychainAttributeList attrList;
-
-	attrKeyid.tag = kSecKeyLabel;
-	attrKeyid.length = attrs->attr[0].length;
-	attrKeyid.data = attrs->attr[0].data;
-	
-	attrList.count = 1;
-	attrList.attr = &attrKeyid;
-
-	ret = SecKeychainSearchCreateFromAttributes(NULL,
-						    CSSM_DL_DB_RECORD_PRIVATE_KEY,
-						    &attrList,
-						    &search);
-	if (ret) {
-	    ret = 0;
-	    goto out;
-	}
-
-	ret = SecKeychainSearchCopyNext(search, &itemRef);
-	CFRelease(search);
-	if (ret == errSecItemNotFound) {
-	    ret = 0;
-	    goto out;
-	} else if (ret) {
-	    ret = EINVAL;
-	    goto out;
-	}
-	set_private_key(context, itemRef, *cert);
-    }
-
-out:
-    SecKeychainItemFreeAttributesAndData(attrs, ptr);
-
-    return ret;
-}
-
-/*
- *
- */
-
-static int
-keychain_iter_end(hx509_context context,
-		  hx509_certs certs,
-		  void *data,
-		  void *cursor)
-{
-    struct iter *iter = cursor;
-
-    if (iter->certs) {
-	int ret;
-	ret = hx509_certs_end_seq(context, iter->certs, iter->cursor);
-	hx509_certs_free(&iter->certs);
-    } else {
-	CFRelease(iter->searchRef);
-    }
-
-    memset(iter, 0, sizeof(*iter));
-    free(iter);
-    return 0;
-}
-
-/*
- *
- */
-
-struct hx509_keyset_ops keyset_keychain = {
-    "KEYCHAIN",
-    0,
-    keychain_init,
-    NULL,
-    keychain_free,
-    NULL,
-    NULL,
-    keychain_iter_start,
-    keychain_iter,
-    keychain_iter_end
-};
-
-#endif /* HAVE_FRAMEWORK_SECURITY */
-
-/*
- *
- */
-
-void
-_hx509_ks_keychain_register(hx509_context context)
-{
-#ifdef HAVE_FRAMEWORK_SECURITY
-    _hx509_ks_register(context, &keyset_keychain);
-#endif
-}
diff --git a/crypto/heimdal/lib/hx509/ks_mem.c b/crypto/heimdal/lib/hx509/ks_mem.c
deleted file mode 100644
index efa19eb19c54..000000000000
--- a/crypto/heimdal/lib/hx509/ks_mem.c
+++ /dev/null
@@ -1,224 +0,0 @@
-/*
- * Copyright (c) 2005 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-RCSID("Id$");
-
-/*
- * Should use two hash/tree certificates intead of a array.  Criteria
- * should be subject and subjectKeyIdentifier since those two are
- * commonly seached on in CMS and path building.
- */
-
-struct mem_data {
-    char *name;
-    struct {
-	unsigned long len;
-	hx509_cert *val;
-    } certs;
-    hx509_private_key *keys;
-};
-
-static int
-mem_init(hx509_context context,
-	 hx509_certs certs, void **data, int flags,
-	 const char *residue, hx509_lock lock)
-{
-    struct mem_data *mem;
-    mem = calloc(1, sizeof(*mem));
-    if (mem == NULL)
-	return ENOMEM;
-    if (residue == NULL || residue[0] == '\0')
-	residue = "anonymous";
-    mem->name = strdup(residue);
-    if (mem->name == NULL) {
-	free(mem);
-	return ENOMEM;
-    }
-    *data = mem;
-    return 0;
-}
-
-static int
-mem_free(hx509_certs certs, void *data)
-{
-    struct mem_data *mem = data;
-    unsigned long i;
-    
-    for (i = 0; i < mem->certs.len; i++)
-	hx509_cert_free(mem->certs.val[i]);
-    free(mem->certs.val);
-    for (i = 0; mem->keys && mem->keys[i]; i++)
-	_hx509_private_key_free(&mem->keys[i]);
-    free(mem->keys);
-    free(mem->name);
-    free(mem);
-
-    return 0;
-}
-
-static int 
-mem_add(hx509_context context, hx509_certs certs, void *data, hx509_cert c)
-{
-    struct mem_data *mem = data;
-    hx509_cert *val;
-
-    val = realloc(mem->certs.val, 
-		  (mem->certs.len + 1) * sizeof(mem->certs.val[0]));
-    if (val == NULL)
-	return ENOMEM;
-
-    mem->certs.val = val;
-    mem->certs.val[mem->certs.len] = hx509_cert_ref(c);
-    mem->certs.len++;
-
-    return 0;
-}
-
-static int 
-mem_iter_start(hx509_context context,
-	       hx509_certs certs,
-	       void *data,
-	       void **cursor)
-{
-    unsigned long *iter = malloc(sizeof(*iter));
-
-    if (iter == NULL)
-	return ENOMEM;
-
-    *iter = 0;
-    *cursor = iter;
-
-    return 0;
-}
-
-static int
-mem_iter(hx509_context contexst,
-	 hx509_certs certs,
-	 void *data, 
-	 void *cursor,
-	 hx509_cert *cert)
-{
-    unsigned long *iter = cursor;
-    struct mem_data *mem = data;
-
-    if (*iter >= mem->certs.len) {
-	*cert = NULL;
-	return 0;
-    }
-
-    *cert = hx509_cert_ref(mem->certs.val[*iter]);
-    (*iter)++;
-    return 0;
-}
-
-static int
-mem_iter_end(hx509_context context,
-	     hx509_certs certs,
-	     void *data,
-	     void *cursor)
-{
-    free(cursor);
-    return 0;
-}
-
-static int
-mem_getkeys(hx509_context context,
-	     hx509_certs certs,
-	     void *data,
-	     hx509_private_key **keys)
-{
-    struct mem_data *mem = data;
-    int i;
-
-    for (i = 0; mem->keys && mem->keys[i]; i++)
-	;
-    *keys = calloc(i + 1, sizeof(**keys));
-    for (i = 0; mem->keys && mem->keys[i]; i++) {
-	(*keys)[i] = _hx509_private_key_ref(mem->keys[i]);
-	if ((*keys)[i] == NULL) {
-	    while (--i >= 0)
-		_hx509_private_key_free(&(*keys)[i]);
-	    hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	    return ENOMEM;
-	}
-    }	    
-    (*keys)[i] = NULL;
-    return 0;
-}
-
-static int
-mem_addkey(hx509_context context,
-	   hx509_certs certs,
-	   void *data,
-	   hx509_private_key key)
-{
-    struct mem_data *mem = data;
-    void *ptr;
-    int i;
-
-    for (i = 0; mem->keys && mem->keys[i]; i++)
-	;
-    ptr = realloc(mem->keys, (i + 2) * sizeof(*mem->keys));
-    if (ptr == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-    mem->keys = ptr;
-    mem->keys[i++] = _hx509_private_key_ref(key);
-    mem->keys[i++] = NULL;
-    return 0;
-}
-
-
-static struct hx509_keyset_ops keyset_mem = {
-    "MEMORY",
-    0,
-    mem_init,
-    NULL,
-    mem_free,
-    mem_add,
-    NULL,
-    mem_iter_start,
-    mem_iter,
-    mem_iter_end,
-    NULL,
-    mem_getkeys,
-    mem_addkey
-};
-
-void
-_hx509_ks_mem_register(hx509_context context)
-{
-    _hx509_ks_register(context, &keyset_mem);
-}
diff --git a/crypto/heimdal/lib/hx509/ks_null.c b/crypto/heimdal/lib/hx509/ks_null.c
deleted file mode 100644
index 3be259fc6052..000000000000
--- a/crypto/heimdal/lib/hx509/ks_null.c
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- * Copyright (c) 2005 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-RCSID("$Id: ks_null.c 20901 2007-06-04 23:14:08Z lha $");
-
-
-static int
-null_init(hx509_context context,
-	  hx509_certs certs, void **data, int flags,
-	  const char *residue, hx509_lock lock)
-{
-    *data = NULL;
-    return 0;
-}
-
-static int
-null_free(hx509_certs certs, void *data)
-{
-    assert(data == NULL);
-    return 0;
-}
-
-static int 
-null_iter_start(hx509_context context,
-		hx509_certs certs, void *data, void **cursor)
-{
-    *cursor = NULL;
-    return 0;
-}
-
-static int
-null_iter(hx509_context context,
-	  hx509_certs certs, void *data, void *iter, hx509_cert *cert)
-{
-    *cert = NULL;
-    return ENOENT;
-}
-
-static int
-null_iter_end(hx509_context context,
-	      hx509_certs certs,
-	      void *data,
-	      void *cursor)
-{
-    assert(cursor == NULL);
-    return 0;
-}
-
-
-struct hx509_keyset_ops keyset_null = {
-    "NULL",
-    0,
-    null_init,
-    NULL,
-    null_free,
-    NULL,
-    NULL,
-    null_iter_start,
-    null_iter,
-    null_iter_end
-};
-
-void
-_hx509_ks_null_register(hx509_context context)
-{
-    _hx509_ks_register(context, &keyset_null);
-}
diff --git a/crypto/heimdal/lib/hx509/ks_p11.c b/crypto/heimdal/lib/hx509/ks_p11.c
deleted file mode 100644
index 0d7c312c7241..000000000000
--- a/crypto/heimdal/lib/hx509/ks_p11.c
+++ /dev/null
@@ -1,1192 +0,0 @@
-/*
- * Copyright (c) 2004 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-RCSID("$Id: ks_p11.c 22071 2007-11-14 20:04:50Z lha $");
-#ifdef HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-#ifdef HAVE_DLOPEN
-
-#include "pkcs11.h"
-
-struct p11_slot {
-    int flags;
-#define P11_SESSION		1
-#define P11_SESSION_IN_USE	2
-#define P11_LOGIN_REQ		4
-#define P11_LOGIN_DONE		8
-#define P11_TOKEN_PRESENT	16
-    CK_SESSION_HANDLE session;
-    CK_SLOT_ID id;
-    CK_BBOOL token;
-    char *name;
-    hx509_certs certs;
-    char *pin;
-    struct {
-	CK_MECHANISM_TYPE_PTR list;
-	CK_ULONG num;
-	CK_MECHANISM_INFO_PTR *infos;
-    } mechs;
-};
-
-struct p11_module {
-    void *dl_handle;
-    CK_FUNCTION_LIST_PTR funcs;
-    CK_ULONG num_slots;
-    unsigned int refcount;
-    struct p11_slot *slot;
-};
-
-#define P11FUNC(module,f,args) (*(module)->funcs->C_##f)args
-
-static int p11_get_session(hx509_context,
-			   struct p11_module *,
-			   struct p11_slot *,
-			   hx509_lock,
-			   CK_SESSION_HANDLE *);
-static int p11_put_session(struct p11_module *,
-			   struct p11_slot *,
-			   CK_SESSION_HANDLE);
-static void p11_release_module(struct p11_module *);
-
-static int p11_list_keys(hx509_context,
-			 struct p11_module *,
-			 struct p11_slot *, 
-			 CK_SESSION_HANDLE,
-			 hx509_lock,
-			 hx509_certs *);
-
-/*
- *
- */
-
-struct p11_rsa {
-    struct p11_module *p;
-    struct p11_slot *slot;
-    CK_OBJECT_HANDLE private_key;
-    CK_OBJECT_HANDLE public_key;
-};
-
-static int
-p11_rsa_public_encrypt(int flen,
-		       const unsigned char *from,
-		       unsigned char *to,
-		       RSA *rsa,
-		       int padding)
-{
-    return -1;
-}
-
-static int
-p11_rsa_public_decrypt(int flen,
-		       const unsigned char *from,
-		       unsigned char *to,
-		       RSA *rsa,
-		       int padding)
-{
-    return -1;
-}
-
-
-static int
-p11_rsa_private_encrypt(int flen, 
-			const unsigned char *from,
-			unsigned char *to,
-			RSA *rsa,
-			int padding)
-{
-    struct p11_rsa *p11rsa = RSA_get_app_data(rsa);
-    CK_OBJECT_HANDLE key = p11rsa->private_key;
-    CK_SESSION_HANDLE session;
-    CK_MECHANISM mechanism;
-    CK_ULONG ck_sigsize;
-    int ret;
-
-    if (padding != RSA_PKCS1_PADDING)
-	return -1;
-
-    memset(&mechanism, 0, sizeof(mechanism));
-    mechanism.mechanism = CKM_RSA_PKCS;
-
-    ck_sigsize = RSA_size(rsa);
-
-    ret = p11_get_session(NULL, p11rsa->p, p11rsa->slot, NULL, &session);
-    if (ret)
-	return -1;
-
-    ret = P11FUNC(p11rsa->p, SignInit, (session, &mechanism, key));
-    if (ret != CKR_OK) {
-	p11_put_session(p11rsa->p, p11rsa->slot, session);
-	return -1;
-    }
-
-    ret = P11FUNC(p11rsa->p, Sign, 
-		  (session, (CK_BYTE *)from, flen, to, &ck_sigsize));
-    p11_put_session(p11rsa->p, p11rsa->slot, session);
-    if (ret != CKR_OK)
-	return -1;
-
-    return ck_sigsize;
-}
-
-static int
-p11_rsa_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
-			RSA * rsa, int padding)
-{
-    struct p11_rsa *p11rsa = RSA_get_app_data(rsa);
-    CK_OBJECT_HANDLE key = p11rsa->private_key;
-    CK_SESSION_HANDLE session;
-    CK_MECHANISM mechanism;
-    CK_ULONG ck_sigsize;
-    int ret;
-
-    if (padding != RSA_PKCS1_PADDING)
-	return -1;
-
-    memset(&mechanism, 0, sizeof(mechanism));
-    mechanism.mechanism = CKM_RSA_PKCS;
-
-    ck_sigsize = RSA_size(rsa);
-
-    ret = p11_get_session(NULL, p11rsa->p, p11rsa->slot, NULL, &session);
-    if (ret)
-	return -1;
-
-    ret = P11FUNC(p11rsa->p, DecryptInit, (session, &mechanism, key));
-    if (ret != CKR_OK) {
-	p11_put_session(p11rsa->p, p11rsa->slot, session);
-	return -1;
-    }
-
-    ret = P11FUNC(p11rsa->p, Decrypt, 
-		  (session, (CK_BYTE *)from, flen, to, &ck_sigsize));
-    p11_put_session(p11rsa->p, p11rsa->slot, session);
-    if (ret != CKR_OK)
-	return -1;
-
-    return ck_sigsize;
-}
-
-static int 
-p11_rsa_init(RSA *rsa)
-{
-    return 1;
-}
-
-static int
-p11_rsa_finish(RSA *rsa)
-{
-    struct p11_rsa *p11rsa = RSA_get_app_data(rsa);
-    p11_release_module(p11rsa->p);
-    free(p11rsa);
-    return 1;
-}
-
-static const RSA_METHOD p11_rsa_pkcs1_method = {
-    "hx509 PKCS11 PKCS#1 RSA",
-    p11_rsa_public_encrypt,
-    p11_rsa_public_decrypt,
-    p11_rsa_private_encrypt,
-    p11_rsa_private_decrypt,
-    NULL,
-    NULL,
-    p11_rsa_init,
-    p11_rsa_finish,
-    0,
-    NULL,
-    NULL,
-    NULL
-};
-
-/*
- *
- */
-
-static int
-p11_mech_info(hx509_context context,
-	      struct p11_module *p,
-	      struct p11_slot *slot,
-	      int num)
-{
-    CK_ULONG i;
-    int ret;
-
-    ret = P11FUNC(p, GetMechanismList, (slot->id, NULL_PTR, &i));
-    if (ret) {
-	hx509_set_error_string(context, 0, HX509_PKCS11_NO_MECH,
-			       "Failed to get mech list count for slot %d",
-			       num);
-	return HX509_PKCS11_NO_MECH;
-    }
-    if (i == 0) {
-	hx509_set_error_string(context, 0, HX509_PKCS11_NO_MECH,
-			       "no mech supported for slot %d", num);
-	return HX509_PKCS11_NO_MECH;
-    }
-    slot->mechs.list = calloc(i, sizeof(slot->mechs.list[0]));
-    if (slot->mechs.list == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM,
-			       "out of memory");
-	return ENOMEM;
-    }
-    slot->mechs.num = i;
-    ret = P11FUNC(p, GetMechanismList, (slot->id, slot->mechs.list, &i));
-    if (ret) {
-	hx509_set_error_string(context, 0, HX509_PKCS11_NO_MECH,
-			       "Failed to get mech list for slot %d",
-			       num);
-	return HX509_PKCS11_NO_MECH;
-    }
-    assert(i == slot->mechs.num);
-
-    slot->mechs.infos = calloc(i, sizeof(*slot->mechs.infos));
-    if (slot->mechs.list == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM,
-			       "out of memory");
-	return ENOMEM;
-    }
-
-    for (i = 0; i < slot->mechs.num; i++) {
-	slot->mechs.infos[i] = calloc(1, sizeof(*(slot->mechs.infos[0])));
-	if (slot->mechs.infos[i] == NULL) {
-	    hx509_set_error_string(context, 0, ENOMEM,
-				   "out of memory");
-	    return ENOMEM;
-	}
-	ret = P11FUNC(p, GetMechanismInfo, (slot->id, slot->mechs.list[i],
-					    slot->mechs.infos[i]));
-	if (ret) {
-	    hx509_set_error_string(context, 0, HX509_PKCS11_NO_MECH,
-				   "Failed to get mech info for slot %d",
-				   num);
-	    return HX509_PKCS11_NO_MECH;
-	}
-    }
-
-    return 0;
-}
-
-static int
-p11_init_slot(hx509_context context, 
-	      struct p11_module *p,
-	      hx509_lock lock,
-	      CK_SLOT_ID id,
-	      int num,
-	      struct p11_slot *slot)
-{
-    CK_SESSION_HANDLE session;
-    CK_SLOT_INFO slot_info;
-    CK_TOKEN_INFO token_info;
-    int ret, i;
-
-    slot->certs = NULL;
-    slot->id = id;
-
-    ret = P11FUNC(p, GetSlotInfo, (slot->id, &slot_info));
-    if (ret) {
-	hx509_set_error_string(context, 0, HX509_PKCS11_TOKEN_CONFUSED,
-			       "Failed to init PKCS11 slot %d",
-			       num);
-	return HX509_PKCS11_TOKEN_CONFUSED;
-    }
-
-    for (i = sizeof(slot_info.slotDescription) - 1; i > 0; i--) {
-	char c = slot_info.slotDescription[i];
-	if (c == ' ' || c == '\t' || c == '\n' || c == '\r' || c == '\0')
-	    continue;
-	i++;
-	break;
-    }
-
-    asprintf(&slot->name, "%.*s",
-	     i, slot_info.slotDescription);
-
-    if ((slot_info.flags & CKF_TOKEN_PRESENT) == 0)
-	return 0;
-
-    ret = P11FUNC(p, GetTokenInfo, (slot->id, &token_info));
-    if (ret) {
-	hx509_set_error_string(context, 0, HX509_PKCS11_NO_TOKEN,
-			       "Failed to init PKCS11 slot %d "
-			       "with error 0x08x",
-			       num, ret);
-	return HX509_PKCS11_NO_TOKEN;
-    }
-    slot->flags |= P11_TOKEN_PRESENT;
-
-    if (token_info.flags & CKF_LOGIN_REQUIRED)
-	slot->flags |= P11_LOGIN_REQ;
-
-    ret = p11_get_session(context, p, slot, lock, &session);
-    if (ret)
-	return ret;
-
-    ret = p11_mech_info(context, p, slot, num);
-    if (ret)
-	goto out;
-
-    ret = p11_list_keys(context, p, slot, session, lock, &slot->certs);
- out:
-    p11_put_session(p, slot, session);
-
-    return ret;
-}
-
-static int
-p11_get_session(hx509_context context,
-		struct p11_module *p,
-		struct p11_slot *slot,
-		hx509_lock lock,
-		CK_SESSION_HANDLE *psession)
-{
-    CK_RV ret;
-
-    if (slot->flags & P11_SESSION_IN_USE)
-	_hx509_abort("slot already in session");
-    
-    if (slot->flags & P11_SESSION) {
-	slot->flags |= P11_SESSION_IN_USE;
-	*psession = slot->session;
-	return 0;
-    }
-
-    ret = P11FUNC(p, OpenSession, (slot->id, 
-				   CKF_SERIAL_SESSION,
-				   NULL,
-				   NULL,
-				   &slot->session));
-    if (ret != CKR_OK) {
-	if (context)
-	    hx509_set_error_string(context, 0, HX509_PKCS11_OPEN_SESSION,
-				   "Failed to OpenSession for slot id %d "
-				   "with error: 0x%08x",
-				   (int)slot->id, ret);
-	return HX509_PKCS11_OPEN_SESSION;
-    }
-    
-    slot->flags |= P11_SESSION;
-    
-    /* 
-     * If we have have to login, and haven't tried before and have a
-     * prompter or known to work pin code.
-     *
-     * This code is very conversative and only uses the prompter in
-     * the hx509_lock, the reason is that it's bad to try many
-     * passwords on a pkcs11 token, it might lock up and have to be
-     * unlocked by a administrator.
-     *
-     * XXX try harder to not use pin several times on the same card.
-     */
-
-    if (   (slot->flags & P11_LOGIN_REQ)
-	&& (slot->flags & P11_LOGIN_DONE) == 0
-	&& (lock || slot->pin))
-    {
-	hx509_prompt prompt;
-	char pin[20];
-	char *str;
-
-	slot->flags |= P11_LOGIN_DONE;
-
-	if (slot->pin == NULL) {
-
-	    memset(&prompt, 0, sizeof(prompt));
-
-	    asprintf(&str, "PIN code for %s: ", slot->name);
-	    prompt.prompt = str;
-	    prompt.type = HX509_PROMPT_TYPE_PASSWORD;
-	    prompt.reply.data = pin;
-	    prompt.reply.length = sizeof(pin);
-	    
-	    ret = hx509_lock_prompt(lock, &prompt);
-	    if (ret) {
-		free(str);
-		if (context)
-		    hx509_set_error_string(context, 0, ret,
-					   "Failed to get pin code for slot "
-					   "id %d with error: %d",
-					   (int)slot->id, ret);
-		return ret;
-	    }
-	    free(str);
-	} else {
-	    strlcpy(pin, slot->pin, sizeof(pin));
-	}
-
-	ret = P11FUNC(p, Login, (slot->session, CKU_USER,
-				 (unsigned char*)pin, strlen(pin)));
-	if (ret != CKR_OK) {
-	    if (context)
-		hx509_set_error_string(context, 0, HX509_PKCS11_LOGIN,
-				       "Failed to login on slot id %d "
-				       "with error: 0x%08x",
-				       (int)slot->id, ret);
-	    p11_put_session(p, slot, slot->session);
-	    return HX509_PKCS11_LOGIN;
-	}
-	if (slot->pin == NULL) {
-	    slot->pin = strdup(pin);
-	    if (slot->pin == NULL) {
-		if (context)
-		    hx509_set_error_string(context, 0, ENOMEM,
-					   "out of memory");
-		p11_put_session(p, slot, slot->session);
-		return ENOMEM;
-	    }
-	}
-    } else
-	slot->flags |= P11_LOGIN_DONE;
-
-    slot->flags |= P11_SESSION_IN_USE;
-
-    *psession = slot->session;
-
-    return 0;
-}
-
-static int
-p11_put_session(struct p11_module *p,
-		struct p11_slot *slot, 
-		CK_SESSION_HANDLE session)
-{
-    if ((slot->flags & P11_SESSION_IN_USE) == 0)
-	_hx509_abort("slot not in session");
-    slot->flags &= ~P11_SESSION_IN_USE;
-
-    return 0;
-}
-
-static int
-iterate_entries(hx509_context context,
-		struct p11_module *p, struct p11_slot *slot,
-		CK_SESSION_HANDLE session,
-		CK_ATTRIBUTE *search_data, int num_search_data,
-		CK_ATTRIBUTE *query, int num_query,
-		int (*func)(hx509_context,
-			    struct p11_module *, struct p11_slot *,
-			    CK_SESSION_HANDLE session,
-			    CK_OBJECT_HANDLE object,
-			    void *, CK_ATTRIBUTE *, int), void *ptr)
-{
-    CK_OBJECT_HANDLE object;
-    CK_ULONG object_count;
-    int ret, i;
-
-    ret = P11FUNC(p, FindObjectsInit, (session, search_data, num_search_data));
-    if (ret != CKR_OK) {
-	return -1;
-    }
-    while (1) {
-	ret = P11FUNC(p, FindObjects, (session, &object, 1, &object_count));
-	if (ret != CKR_OK) {
-	    return -1;
-	}
-	if (object_count == 0)
-	    break;
-	
-	for (i = 0; i < num_query; i++)
-	    query[i].pValue = NULL;
-
-	ret = P11FUNC(p, GetAttributeValue, 
-		      (session, object, query, num_query));
-	if (ret != CKR_OK) {
-	    return -1;
-	}
-	for (i = 0; i < num_query; i++) {
-	    query[i].pValue = malloc(query[i].ulValueLen);
-	    if (query[i].pValue == NULL) {
-		ret = ENOMEM;
-		goto out;
-	    }
-	}
-	ret = P11FUNC(p, GetAttributeValue,
-		      (session, object, query, num_query));
-	if (ret != CKR_OK) {
-	    ret = -1;
-	    goto out;
-	}
-	
-	ret = (*func)(context, p, slot, session, object, ptr, query, num_query);
-	if (ret)
-	    goto out;
-
-	for (i = 0; i < num_query; i++) {
-	    if (query[i].pValue)
-		free(query[i].pValue);
-	    query[i].pValue = NULL;
-	}
-    }
- out:
-
-    for (i = 0; i < num_query; i++) {
-	if (query[i].pValue)
-	    free(query[i].pValue);
-	query[i].pValue = NULL;
-    }
-
-    ret = P11FUNC(p, FindObjectsFinal, (session));
-    if (ret != CKR_OK) {
-	return -2;
-    }
-
-
-    return 0;
-}
-		
-static BIGNUM *
-getattr_bn(struct p11_module *p,
-	   struct p11_slot *slot,
-	   CK_SESSION_HANDLE session,
-	   CK_OBJECT_HANDLE object, 
-	   unsigned int type)
-{
-    CK_ATTRIBUTE query;
-    BIGNUM *bn;
-    int ret;
-
-    query.type = type;
-    query.pValue = NULL;
-    query.ulValueLen = 0;
-
-    ret = P11FUNC(p, GetAttributeValue, 
-		  (session, object, &query, 1));
-    if (ret != CKR_OK)
-	return NULL;
-
-    query.pValue = malloc(query.ulValueLen);
-
-    ret = P11FUNC(p, GetAttributeValue, 
-		  (session, object, &query, 1));
-    if (ret != CKR_OK) {
-	free(query.pValue);
-	return NULL;
-    }
-    bn = BN_bin2bn(query.pValue, query.ulValueLen, NULL);
-    free(query.pValue);
-
-    return bn;
-}
-
-static int
-collect_private_key(hx509_context context,
-		    struct p11_module *p, struct p11_slot *slot,
-		    CK_SESSION_HANDLE session,
-		    CK_OBJECT_HANDLE object,
-		    void *ptr, CK_ATTRIBUTE *query, int num_query)
-{
-    struct hx509_collector *collector = ptr;
-    hx509_private_key key;
-    heim_octet_string localKeyId;
-    int ret;
-    RSA *rsa;
-    struct p11_rsa *p11rsa;
-
-    localKeyId.data = query[0].pValue;
-    localKeyId.length = query[0].ulValueLen;
-
-    ret = _hx509_private_key_init(&key, NULL, NULL);
-    if (ret)
-	return ret;
-
-    rsa = RSA_new();
-    if (rsa == NULL)
-	_hx509_abort("out of memory");
-
-    /* 
-     * The exponent and modulus should always be present according to
-     * the pkcs11 specification, but some smartcards leaves it out,
-     * let ignore any failure to fetch it.
-     */
-    rsa->n = getattr_bn(p, slot, session, object, CKA_MODULUS);
-    rsa->e = getattr_bn(p, slot, session, object, CKA_PUBLIC_EXPONENT);
-
-    p11rsa = calloc(1, sizeof(*p11rsa));
-    if (p11rsa == NULL)
-	_hx509_abort("out of memory");
-
-    p11rsa->p = p;
-    p11rsa->slot = slot;
-    p11rsa->private_key = object;
-    
-    p->refcount++;
-    if (p->refcount == 0)
-	_hx509_abort("pkcs11 refcount to high");
-
-    RSA_set_method(rsa, &p11_rsa_pkcs1_method);
-    ret = RSA_set_app_data(rsa, p11rsa);
-    if (ret != 1)
-	_hx509_abort("RSA_set_app_data");
-
-    _hx509_private_key_assign_rsa(key, rsa);
-
-    ret = _hx509_collector_private_key_add(context,
-					   collector,
-					   hx509_signature_rsa(),
-					   key,
-					   NULL,
-					   &localKeyId);
-
-    if (ret) {
-	_hx509_private_key_free(&key);
-	return ret;
-    }
-    return 0;
-}
-
-static void
-p11_cert_release(hx509_cert cert, void *ctx)
-{
-    struct p11_module *p = ctx;
-    p11_release_module(p);
-}
-
-
-static int
-collect_cert(hx509_context context, 
-	     struct p11_module *p, struct p11_slot *slot,
-	     CK_SESSION_HANDLE session,
-	     CK_OBJECT_HANDLE object,
-	     void *ptr, CK_ATTRIBUTE *query, int num_query)
-{
-    struct hx509_collector *collector = ptr;
-    hx509_cert cert;
-    int ret;
-
-    if ((CK_LONG)query[0].ulValueLen == -1 ||
-	(CK_LONG)query[1].ulValueLen == -1) 
-    {
-	return 0;
-    }
-
-    ret = hx509_cert_init_data(context, query[1].pValue, 
-			       query[1].ulValueLen, &cert);
-    if (ret)
-	return ret;
-
-    p->refcount++;
-    if (p->refcount == 0)
-	_hx509_abort("pkcs11 refcount to high");
-
-    _hx509_cert_set_release(cert, p11_cert_release, p);
-
-    {
-	heim_octet_string data;
-	
-	data.data = query[0].pValue;
-	data.length = query[0].ulValueLen;
-	
-	_hx509_set_cert_attribute(context,
-				  cert,
-				  oid_id_pkcs_9_at_localKeyId(),
-				  &data);
-    }
-
-    if ((CK_LONG)query[2].ulValueLen != -1) {
-	char *str;
-
-	asprintf(&str, "%.*s",
-		 (int)query[2].ulValueLen, (char *)query[2].pValue);
-	if (str) {
-	    hx509_cert_set_friendly_name(cert, str);
-	    free(str);
-	}
-    }
-
-    ret = _hx509_collector_certs_add(context, collector, cert);
-    hx509_cert_free(cert);
-
-    return ret;
-}
-
-
-static int
-p11_list_keys(hx509_context context,
-	      struct p11_module *p,
-	      struct p11_slot *slot, 
-	      CK_SESSION_HANDLE session,
-	      hx509_lock lock,
-	      hx509_certs *certs)
-{
-    struct hx509_collector *collector;
-    CK_OBJECT_CLASS key_class;
-    CK_ATTRIBUTE search_data[] = {
-	{CKA_CLASS, NULL, 0},
-    };
-    CK_ATTRIBUTE query_data[3] = {
-	{CKA_ID, NULL, 0},
-	{CKA_VALUE, NULL, 0},
-	{CKA_LABEL, NULL, 0}
-    };
-    int ret;
-
-    search_data[0].pValue = &key_class;
-    search_data[0].ulValueLen = sizeof(key_class);
-
-    if (lock == NULL)
-	lock = _hx509_empty_lock;
-
-    ret = _hx509_collector_alloc(context, lock, &collector);
-    if (ret)
-	return ret;
-
-    key_class = CKO_PRIVATE_KEY;
-    ret = iterate_entries(context, p, slot, session,
-			  search_data, 1,
-			  query_data, 1,
-			  collect_private_key, collector);
-    if (ret)
-	goto out;
-
-    key_class = CKO_CERTIFICATE;
-    ret = iterate_entries(context, p, slot, session,
-			  search_data, 1,
-			  query_data, 3,
-			  collect_cert, collector);
-    if (ret)
-	goto out;
-
-    ret = _hx509_collector_collect_certs(context, collector, &slot->certs);
-
-out:
-    _hx509_collector_free(collector);
-
-    return ret;
-}
-
-
-static int
-p11_init(hx509_context context,
-	 hx509_certs certs, void **data, int flags, 
-	 const char *residue, hx509_lock lock)
-{
-    CK_C_GetFunctionList getFuncs;
-    struct p11_module *p;
-    char *list, *str;
-    int ret;
-
-    *data = NULL;
-
-    list = strdup(residue);
-    if (list == NULL)
-	return ENOMEM;
-
-    p = calloc(1, sizeof(*p));
-    if (p == NULL) {
-	free(list);
-	return ENOMEM;
-    }
-
-    p->refcount = 1;
-
-    str = strchr(list, ',');
-    if (str)
-	*str++ = '\0';
-    while (str) {
-	char *strnext;
-	strnext = strchr(str, ',');
-	if (strnext)
-	    *strnext++ = '\0';
-#if 0
-	if (strncasecmp(str, "slot=", 5) == 0)
-	    p->selected_slot = atoi(str + 5);
-#endif
-	str = strnext;
-    }
-
-    p->dl_handle = dlopen(list, RTLD_NOW);
-    free(list);
-    if (p->dl_handle == NULL) {
-	ret = HX509_PKCS11_LOAD;
-	hx509_set_error_string(context, 0, ret,
-			       "Failed to open %s: %s", list, dlerror());
-	goto out;
-    }
-
-    getFuncs = dlsym(p->dl_handle, "C_GetFunctionList");
-    if (getFuncs == NULL) {
-	ret = HX509_PKCS11_LOAD;
-	hx509_set_error_string(context, 0, ret,
-			       "C_GetFunctionList missing in %s: %s", 
-			       list, dlerror());
-	goto out;
-    }
-
-    ret = (*getFuncs)(&p->funcs);
-    if (ret) {
-	ret = HX509_PKCS11_LOAD;
-	hx509_set_error_string(context, 0, ret,
-			       "C_GetFunctionList failed in %s", list);
-	goto out;
-    }
-
-    ret = P11FUNC(p, Initialize, (NULL_PTR));
-    if (ret != CKR_OK) {
-	ret = HX509_PKCS11_TOKEN_CONFUSED;
-	hx509_set_error_string(context, 0, ret,
-			       "Failed initialize the PKCS11 module");
-	goto out;
-    }
-
-    ret = P11FUNC(p, GetSlotList, (FALSE, NULL, &p->num_slots));
-    if (ret) {
-	ret = HX509_PKCS11_TOKEN_CONFUSED;
-	hx509_set_error_string(context, 0, ret,
-			       "Failed to get number of PKCS11 slots");
-	goto out;
-    }
-
-   if (p->num_slots == 0) {
-	ret = HX509_PKCS11_NO_SLOT;
-	hx509_set_error_string(context, 0, ret,
-			       "Selected PKCS11 module have no slots");
-	goto out;
-   }
-
-
-    {
-	CK_SLOT_ID_PTR slot_ids;
-	int i, num_tokens = 0;
-
-	slot_ids = malloc(p->num_slots * sizeof(*slot_ids));
-	if (slot_ids == NULL) {
-	    hx509_clear_error_string(context);
-	    ret = ENOMEM;
-	    goto out;
-	}
-
-	ret = P11FUNC(p, GetSlotList, (FALSE, slot_ids, &p->num_slots));
-	if (ret) {
-	    free(slot_ids);
-	    hx509_set_error_string(context, 0, HX509_PKCS11_TOKEN_CONFUSED,
-				   "Failed getting slot-list from "
-				   "PKCS11 module");
-	    ret = HX509_PKCS11_TOKEN_CONFUSED;
-	    goto out;
-	}
-
-	p->slot = calloc(p->num_slots, sizeof(p->slot[0]));
-	if (p->slot == NULL) {
-	    free(slot_ids);
-	    hx509_set_error_string(context, 0, ENOMEM,
-				   "Failed to get memory for slot-list");
-	    ret = ENOMEM;
-	    goto out;
-	}
-			 
-	for (i = 0; i < p->num_slots; i++) {
-	    ret = p11_init_slot(context, p, lock, slot_ids[i], i, &p->slot[i]);
-	    if (ret)
-		break;
-	    if (p->slot[i].flags & P11_TOKEN_PRESENT)
-		num_tokens++;
-	}
-	free(slot_ids);
-	if (ret)
-	    goto out;
-	if (num_tokens == 0) {
-	    ret = HX509_PKCS11_NO_TOKEN;
-	    goto out;
-	}
-    }
-
-    *data = p;
-
-    return 0;
- out:    
-    p11_release_module(p);
-    return ret;
-}
-
-static void
-p11_release_module(struct p11_module *p)
-{
-    int i;
-
-    if (p->refcount == 0)
-	_hx509_abort("pkcs11 refcount to low");
-    if (--p->refcount > 0)
-	return;
-
-    for (i = 0; i < p->num_slots; i++) {
-	if (p->slot[i].flags & P11_SESSION_IN_USE)
-	    _hx509_abort("pkcs11 module release while session in use");
-	if (p->slot[i].flags & P11_SESSION) {
-	    int ret;
-
-	    ret = P11FUNC(p, CloseSession, (p->slot[i].session));
-	    if (ret != CKR_OK)
-		;
-	}
-
-	if (p->slot[i].name)
-	    free(p->slot[i].name);
-	if (p->slot[i].pin) {
-	    memset(p->slot[i].pin, 0, strlen(p->slot[i].pin));
-	    free(p->slot[i].pin);
-	}
-	if (p->slot[i].mechs.num) {
-	    free(p->slot[i].mechs.list);
-
-	    if (p->slot[i].mechs.infos) {
-		int j;
-
-		for (j = 0 ; j < p->slot[i].mechs.num ; j++)
-		    free(p->slot[i].mechs.infos[j]);
-		free(p->slot[i].mechs.infos);
-	    }
-	}
-    }
-    free(p->slot);
-
-    if (p->funcs)
-	P11FUNC(p, Finalize, (NULL));
-
-    if (p->dl_handle)
-	dlclose(p->dl_handle);
-
-    memset(p, 0, sizeof(*p));
-    free(p);
-}
-
-static int
-p11_free(hx509_certs certs, void *data)
-{
-    struct p11_module *p = data;
-    int i;
-
-    for (i = 0; i < p->num_slots; i++) {
-	if (p->slot[i].certs)
-	    hx509_certs_free(&p->slot[i].certs);
-    }
-    p11_release_module(p);
-    return 0;
-}
-
-struct p11_cursor {
-    hx509_certs certs;
-    void *cursor;
-};
-
-static int 
-p11_iter_start(hx509_context context,
-	       hx509_certs certs, void *data, void **cursor)
-{
-    struct p11_module *p = data;
-    struct p11_cursor *c;
-    int ret, i;
-
-    c = malloc(sizeof(*c));
-    if (c == NULL) {
-	hx509_clear_error_string(context);
-	return ENOMEM;
-    }
-    ret = hx509_certs_init(context, "MEMORY:pkcs11-iter", 0, NULL, &c->certs);
-    if (ret) {
-	free(c);
-	return ret;
-    }
-
-    for (i = 0 ; i < p->num_slots; i++) {
-	if (p->slot[i].certs == NULL)
-	    continue;
-	ret = hx509_certs_merge(context, c->certs, p->slot[i].certs);
-	if (ret) {
-	    hx509_certs_free(&c->certs);
-	    free(c);
-	    return ret;
-	}
-    }
-
-    ret = hx509_certs_start_seq(context, c->certs, &c->cursor);
-    if (ret) {
-	hx509_certs_free(&c->certs);
-	free(c);
-	return 0;
-    }
-    *cursor = c;
-
-    return 0;
-}
-
-static int
-p11_iter(hx509_context context,
-	 hx509_certs certs, void *data, void *cursor, hx509_cert *cert)
-{
-    struct p11_cursor *c = cursor;
-    return hx509_certs_next_cert(context, c->certs, c->cursor, cert);
-}
-
-static int
-p11_iter_end(hx509_context context,
-	     hx509_certs certs, void *data, void *cursor)
-{
-    struct p11_cursor *c = cursor;
-    int ret;
-    ret = hx509_certs_end_seq(context, c->certs, c->cursor);
-    hx509_certs_free(&c->certs);
-    free(c);
-    return ret;
-}
-
-#define MECHFLAG(x) { "unknown-flag-" #x, x }
-static struct units mechflags[] = {
-	MECHFLAG(0x80000000),
-	MECHFLAG(0x40000000),
-	MECHFLAG(0x20000000),
-	MECHFLAG(0x10000000),
-	MECHFLAG(0x08000000),
-	MECHFLAG(0x04000000),
-	{"ec-compress",		0x2000000 },
-	{"ec-uncompress",	0x1000000 },
-	{"ec-namedcurve",	0x0800000 },
-	{"ec-ecparameters",	0x0400000 },
-	{"ec-f-2m",		0x0200000 },
-	{"ec-f-p",		0x0100000 },
-	{"derive",		0x0080000 },
-	{"unwrap",		0x0040000 },
-	{"wrap",		0x0020000 },
-	{"genereate-key-pair",	0x0010000 },
-	{"generate",		0x0008000 },
-	{"verify-recover",	0x0004000 },
-	{"verify",		0x0002000 },
-	{"sign-recover",	0x0001000 },
-	{"sign",		0x0000800 },
-	{"digest",		0x0000400 },
-	{"decrypt",		0x0000200 },
-	{"encrypt",		0x0000100 },
-	MECHFLAG(0x00080),
-	MECHFLAG(0x00040),
-	MECHFLAG(0x00020),
-	MECHFLAG(0x00010),
-	MECHFLAG(0x00008),
-	MECHFLAG(0x00004),
-	MECHFLAG(0x00002),
-	{"hw",			0x0000001 },
-	{ NULL,			0x0000000 }
-};
-#undef MECHFLAG
-
-static int
-p11_printinfo(hx509_context context, 
-	      hx509_certs certs, 
-	      void *data,
-	      int (*func)(void *, const char *),
-	      void *ctx)
-{
-    struct p11_module *p = data;
-    int i, j;
-        
-    _hx509_pi_printf(func, ctx, "pkcs11 driver with %d slot%s", 
-		     p->num_slots, p->num_slots > 1 ? "s" : "");
-
-    for (i = 0; i < p->num_slots; i++) {
-	struct p11_slot *s = &p->slot[i];
-
-	_hx509_pi_printf(func, ctx, "slot %d: id: %d name: %s flags: %08x",
-			 i, (int)s->id, s->name, s->flags);
-
-	_hx509_pi_printf(func, ctx, "number of supported mechanisms: %lu", 
-			 (unsigned long)s->mechs.num);
-	for (j = 0; j < s->mechs.num; j++) {
-	    const char *mechname = "unknown";
-	    char flags[256], unknownname[40];
-#define MECHNAME(s,n) case s: mechname = n; break
-	    switch(s->mechs.list[j]) {
-		MECHNAME(CKM_RSA_PKCS_KEY_PAIR_GEN, "rsa-pkcs-key-pair-gen");
-		MECHNAME(CKM_RSA_PKCS, "rsa-pkcs");
-		MECHNAME(CKM_RSA_X_509, "rsa-x-509");
-		MECHNAME(CKM_MD5_RSA_PKCS, "md5-rsa-pkcs");
-		MECHNAME(CKM_SHA1_RSA_PKCS, "sha1-rsa-pkcs");
-		MECHNAME(CKM_SHA256_RSA_PKCS, "sha256-rsa-pkcs");
-		MECHNAME(CKM_SHA384_RSA_PKCS, "sha384-rsa-pkcs");
-		MECHNAME(CKM_SHA512_RSA_PKCS, "sha512-rsa-pkcs");
-		MECHNAME(CKM_RIPEMD160_RSA_PKCS, "ripemd160-rsa-pkcs");
-		MECHNAME(CKM_RSA_PKCS_OAEP, "rsa-pkcs-oaep");
-		MECHNAME(CKM_SHA512_HMAC, "sha512-hmac");
-		MECHNAME(CKM_SHA512, "sha512");
-		MECHNAME(CKM_SHA384_HMAC, "sha384-hmac");
-		MECHNAME(CKM_SHA384, "sha384");
-		MECHNAME(CKM_SHA256_HMAC, "sha256-hmac");
-		MECHNAME(CKM_SHA256, "sha256");
-		MECHNAME(CKM_SHA_1, "sha1");
-		MECHNAME(CKM_MD5, "md5");
-		MECHNAME(CKM_MD2, "md2");
-		MECHNAME(CKM_RIPEMD160, "ripemd-160");
-		MECHNAME(CKM_DES_ECB, "des-ecb");
-		MECHNAME(CKM_DES_CBC, "des-cbc");
-		MECHNAME(CKM_AES_ECB, "aes-ecb");
-		MECHNAME(CKM_AES_CBC, "aes-cbc");
-		MECHNAME(CKM_DH_PKCS_PARAMETER_GEN, "dh-pkcs-parameter-gen");
-	    default:
-		snprintf(unknownname, sizeof(unknownname),
-			 "unknown-mech-%lu", 
-			 (unsigned long)s->mechs.list[j]);
-		mechname = unknownname;
-		break;
-	    }
-#undef MECHNAME
-	    unparse_flags(s->mechs.infos[j]->flags, mechflags, 
-			  flags, sizeof(flags));
-
-	    _hx509_pi_printf(func, ctx, "  %s: %s", mechname, flags);
-	}
-    }
-
-    return 0;
-}
-
-static struct hx509_keyset_ops keyset_pkcs11 = {
-    "PKCS11",
-    0,
-    p11_init,
-    NULL,
-    p11_free,
-    NULL,
-    NULL,
-    p11_iter_start,
-    p11_iter,
-    p11_iter_end,
-    p11_printinfo
-};
-
-#endif /* HAVE_DLOPEN */
-
-void
-_hx509_ks_pkcs11_register(hx509_context context)
-{
-#ifdef HAVE_DLOPEN
-    _hx509_ks_register(context, &keyset_pkcs11);
-#endif
-}
diff --git a/crypto/heimdal/lib/hx509/ks_p12.c b/crypto/heimdal/lib/hx509/ks_p12.c
deleted file mode 100644
index 12756e6c071d..000000000000
--- a/crypto/heimdal/lib/hx509/ks_p12.c
+++ /dev/null
@@ -1,704 +0,0 @@
-/*
- * Copyright (c) 2004 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-RCSID("$Id: ks_p12.c 21146 2007-06-18 21:37:25Z lha $");
-
-struct ks_pkcs12 {
-    hx509_certs certs;
-    char *fn;
-};
-
-typedef int (*collector_func)(hx509_context,
-			      struct hx509_collector *,
-			      const void *, size_t,
-			      const PKCS12_Attributes *);
-
-struct type {
-    const heim_oid * (*oid)(void);
-    collector_func func;
-};
-
-static void
-parse_pkcs12_type(hx509_context, struct hx509_collector *, const heim_oid *, 
-		  const void *, size_t, const PKCS12_Attributes *);
-
-
-static const PKCS12_Attribute *
-find_attribute(const PKCS12_Attributes *attrs, const heim_oid *oid)
-{
-    int i;
-    if (attrs == NULL)
-	return NULL;
-    for (i = 0; i < attrs->len; i++)
-	if (der_heim_oid_cmp(oid, &attrs->val[i].attrId) == 0)
-	    return &attrs->val[i];
-    return NULL;
-}
-
-static int
-keyBag_parser(hx509_context context,
-	      struct hx509_collector *c, 
-	      const void *data, size_t length,
-	      const PKCS12_Attributes *attrs)
-{
-    const PKCS12_Attribute *attr;
-    PKCS8PrivateKeyInfo ki;
-    const heim_octet_string *os = NULL;
-    int ret;
-
-    attr = find_attribute(attrs, oid_id_pkcs_9_at_localKeyId());
-    if (attr)
-	os = &attr->attrValues;
-
-    ret = decode_PKCS8PrivateKeyInfo(data, length, &ki, NULL);
-    if (ret)
-	return ret;
-    
-    _hx509_collector_private_key_add(context,
-				     c,
-				     &ki.privateKeyAlgorithm,
-				     NULL,
-				     &ki.privateKey,
-				     os);
-    free_PKCS8PrivateKeyInfo(&ki);
-    return 0;
-}
-
-static int
-ShroudedKeyBag_parser(hx509_context context,
-		      struct hx509_collector *c, 
-		      const void *data, size_t length,
-		      const PKCS12_Attributes *attrs)
-{
-    PKCS8EncryptedPrivateKeyInfo pk;
-    heim_octet_string content;
-    int ret;
-    
-    memset(&pk, 0, sizeof(pk));
-    
-    ret = decode_PKCS8EncryptedPrivateKeyInfo(data, length, &pk, NULL);
-    if (ret)
-	return ret;
-
-    ret = _hx509_pbe_decrypt(context,
-			     _hx509_collector_get_lock(c),
-			     &pk.encryptionAlgorithm,
-			     &pk.encryptedData,
-			     &content);
-    free_PKCS8EncryptedPrivateKeyInfo(&pk);
-    if (ret)
-	return ret;
-
-    ret = keyBag_parser(context, c, content.data, content.length, attrs);
-    der_free_octet_string(&content);
-    return ret;
-}
-
-static int
-certBag_parser(hx509_context context,
-	       struct hx509_collector *c, 
-	       const void *data, size_t length,
-	       const PKCS12_Attributes *attrs)
-{
-    heim_octet_string os;
-    hx509_cert cert;
-    PKCS12_CertBag cb;
-    int ret;
-
-    ret = decode_PKCS12_CertBag(data, length, &cb, NULL);
-    if (ret)
-	return ret;
-
-    if (der_heim_oid_cmp(oid_id_pkcs_9_at_certTypes_x509(), &cb.certType)) {
-	free_PKCS12_CertBag(&cb);
-	return 0;
-    }
-
-    ret = decode_PKCS12_OctetString(cb.certValue.data, 
-				    cb.certValue.length,
-				    &os,
-				    NULL);
-    free_PKCS12_CertBag(&cb);
-    if (ret)
-	return ret;
-
-    ret = hx509_cert_init_data(context, os.data, os.length, &cert);
-    der_free_octet_string(&os);
-    if (ret)
-	return ret;
-
-    ret = _hx509_collector_certs_add(context, c, cert);
-    if (ret) {
-	hx509_cert_free(cert);
-	return ret;
-    }
-
-    {
-	const PKCS12_Attribute *attr;
-	const heim_oid * (*oids[])(void) = {
-	    oid_id_pkcs_9_at_localKeyId, oid_id_pkcs_9_at_friendlyName
-	};
-	int i;
-
-	for (i = 0; i < sizeof(oids)/sizeof(oids[0]); i++) {
-	    const heim_oid *oid = (*(oids[i]))();
-	    attr = find_attribute(attrs, oid);
-	    if (attr)
-		_hx509_set_cert_attribute(context, cert, oid,
-					  &attr->attrValues);
-	}	
-    }
-
-    hx509_cert_free(cert);
-
-    return 0;
-}
-
-static int
-parse_safe_content(hx509_context context,
-		   struct hx509_collector *c, 
-		   const unsigned char *p, size_t len)
-{
-    PKCS12_SafeContents sc;
-    int ret, i;
-
-    memset(&sc, 0, sizeof(sc));
-
-    ret = decode_PKCS12_SafeContents(p, len, &sc, NULL);
-    if (ret)
-	return ret;
-
-    for (i = 0; i < sc.len ; i++)
-	parse_pkcs12_type(context,
-			  c,
-			  &sc.val[i].bagId,
-			  sc.val[i].bagValue.data,
-			  sc.val[i].bagValue.length,
-			  sc.val[i].bagAttributes);
-
-    free_PKCS12_SafeContents(&sc);
-    return 0;
-}
-
-static int
-safeContent_parser(hx509_context context,
-		   struct hx509_collector *c, 
-		   const void *data, size_t length,
-		   const PKCS12_Attributes *attrs)
-{
-    heim_octet_string os;
-    int ret;
-
-    ret = decode_PKCS12_OctetString(data, length, &os, NULL);
-    if (ret)
-	return ret;
-    ret = parse_safe_content(context, c, os.data, os.length);
-    der_free_octet_string(&os);
-    return ret;
-}
-
-static int
-encryptedData_parser(hx509_context context,
-		     struct hx509_collector *c,
-		     const void *data, size_t length,
-		     const PKCS12_Attributes *attrs)
-{
-    heim_octet_string content;
-    heim_oid contentType;
-    int ret;
-		
-    memset(&contentType, 0, sizeof(contentType));
-
-    ret = hx509_cms_decrypt_encrypted(context,
-				      _hx509_collector_get_lock(c),
-				      data, length,
-				      &contentType,
-				      &content);
-    if (ret)
-	return ret;
-
-    if (der_heim_oid_cmp(&contentType, oid_id_pkcs7_data()) == 0)
-	ret = parse_safe_content(context, c, content.data, content.length);
-
-    der_free_octet_string(&content);
-    der_free_oid(&contentType);
-    return ret;
-}
-
-static int
-envelopedData_parser(hx509_context context,
-		     struct hx509_collector *c,
-		     const void *data, size_t length,
-		     const PKCS12_Attributes *attrs)
-{
-    heim_octet_string content;
-    heim_oid contentType;
-    hx509_lock lock;
-    int ret;
-		
-    memset(&contentType, 0, sizeof(contentType));
-
-    lock = _hx509_collector_get_lock(c);
-
-    ret = hx509_cms_unenvelope(context,
-			       _hx509_lock_unlock_certs(lock),
-			       0,
-			       data, length,
-			       NULL,
-			       &contentType,
-			       &content);
-    if (ret) {
-	hx509_set_error_string(context, HX509_ERROR_APPEND, ret, 
-			       "PKCS12 failed to unenvelope");
-	return ret;
-    }
-
-    if (der_heim_oid_cmp(&contentType, oid_id_pkcs7_data()) == 0)
-	ret = parse_safe_content(context, c, content.data, content.length);
-
-    der_free_octet_string(&content);
-    der_free_oid(&contentType);
-
-    return ret;
-}
-
-
-struct type bagtypes[] = {
-    { oid_id_pkcs12_keyBag, keyBag_parser },
-    { oid_id_pkcs12_pkcs8ShroudedKeyBag, ShroudedKeyBag_parser },
-    { oid_id_pkcs12_certBag, certBag_parser },
-    { oid_id_pkcs7_data, safeContent_parser },
-    { oid_id_pkcs7_encryptedData, encryptedData_parser },
-    { oid_id_pkcs7_envelopedData, envelopedData_parser }
-};
-
-static void
-parse_pkcs12_type(hx509_context context,
-		  struct hx509_collector *c,
-		  const heim_oid *oid, 
-		  const void *data, size_t length,
-		  const PKCS12_Attributes *attrs)
-{
-    int i;
-
-    for (i = 0; i < sizeof(bagtypes)/sizeof(bagtypes[0]); i++)
-	if (der_heim_oid_cmp((*bagtypes[i].oid)(), oid) == 0)
-	    (*bagtypes[i].func)(context, c, data, length, attrs);
-}
-
-static int
-p12_init(hx509_context context,
-	 hx509_certs certs, void **data, int flags, 
-	 const char *residue, hx509_lock lock)
-{
-    struct ks_pkcs12 *p12;
-    size_t len;
-    void *buf;
-    PKCS12_PFX pfx;
-    PKCS12_AuthenticatedSafe as;
-    int ret, i;
-    struct hx509_collector *c;
-
-    *data = NULL;
-
-    if (lock == NULL)
-	lock = _hx509_empty_lock;
-
-    ret = _hx509_collector_alloc(context, lock, &c);
-    if (ret)
-	return ret;
-
-    p12 = calloc(1, sizeof(*p12));
-    if (p12 == NULL) {
-	ret = ENOMEM;
-	hx509_set_error_string(context, 0, ret, "out of memory");
-	goto out;
-    }
-
-    p12->fn = strdup(residue);
-    if (p12->fn == NULL) {
-	ret = ENOMEM;
-	hx509_set_error_string(context, 0, ret, "out of memory");
-	goto out;
-    }
-
-    if (flags & HX509_CERTS_CREATE) {
-	ret = hx509_certs_init(context, "MEMORY:ks-file-create",
-			       0, lock, &p12->certs);
-	if (ret == 0)
-	    *data = p12;
-	goto out;
-    }
-
-    ret = _hx509_map_file(residue, &buf, &len, NULL);
-    if (ret) {
-	hx509_clear_error_string(context);
-	goto out;
-    }
-
-    ret = decode_PKCS12_PFX(buf, len, &pfx, NULL);
-    _hx509_unmap_file(buf, len);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret,
-			       "Failed to decode the PFX in %s", residue);
-	goto out;
-    }
-
-    if (der_heim_oid_cmp(&pfx.authSafe.contentType, oid_id_pkcs7_data()) != 0) {
-	free_PKCS12_PFX(&pfx);
-	ret = EINVAL;
-	hx509_set_error_string(context, 0, ret,
-			       "PKCS PFX isn't a pkcs7-data container");
-	goto out;
-    }
-
-    if (pfx.authSafe.content == NULL) {
-	free_PKCS12_PFX(&pfx);
-	ret = EINVAL;
-	hx509_set_error_string(context, 0, ret,
-			       "PKCS PFX missing data");
-	goto out;
-    }
-
-    {
-	heim_octet_string asdata;
-
-	ret = decode_PKCS12_OctetString(pfx.authSafe.content->data,
-					pfx.authSafe.content->length,
-					&asdata,
-					NULL);
-	free_PKCS12_PFX(&pfx);
-	if (ret) {
-	    hx509_clear_error_string(context);
-	    goto out;
-	}
-	ret = decode_PKCS12_AuthenticatedSafe(asdata.data, 
-					      asdata.length,
-					      &as,
-					      NULL);
-	der_free_octet_string(&asdata);
-	if (ret) {
-	    hx509_clear_error_string(context);
-	    goto out;
-	}
-    }
-
-    for (i = 0; i < as.len; i++)
-	parse_pkcs12_type(context,
-			  c,
-			  &as.val[i].contentType,
-			  as.val[i].content->data,
-			  as.val[i].content->length,
-			  NULL);
-
-    free_PKCS12_AuthenticatedSafe(&as);
-
-    ret = _hx509_collector_collect_certs(context, c, &p12->certs);
-    if (ret == 0)
-	*data = p12;
-
-out:
-    _hx509_collector_free(c);
-
-    if (ret && p12) {
-	if (p12->fn)
-	    free(p12->fn);
-	if (p12->certs)
-	    hx509_certs_free(&p12->certs);
-	free(p12);
-    }
-
-    return ret;
-}
-
-static int
-addBag(hx509_context context,
-       PKCS12_AuthenticatedSafe *as,
-       const heim_oid *oid,
-       void *data,
-       size_t length)
-{
-    void *ptr;
-    int ret;
-
-    ptr = realloc(as->val, sizeof(as->val[0]) * (as->len + 1));
-    if (ptr == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-    as->val = ptr;
-
-    ret = der_copy_oid(oid, &as->val[as->len].contentType);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "out of memory");
-	return ret;
-    }
-    
-    as->val[as->len].content = calloc(1, sizeof(*as->val[0].content));
-    if (as->val[as->len].content == NULL) {
-	der_free_oid(&as->val[as->len].contentType);
-	hx509_set_error_string(context, 0, ENOMEM, "malloc out of memory");
-	return ENOMEM;
-    }
-
-    as->val[as->len].content->data = data;
-    as->val[as->len].content->length = length;
-
-    as->len++;
-
-    return 0;
-}
-
-static int
-store_func(hx509_context context, void *ctx, hx509_cert c)
-{
-    PKCS12_AuthenticatedSafe *as = ctx;
-    PKCS12_OctetString os;
-    PKCS12_CertBag cb;
-    size_t size;
-    int ret;
-
-    memset(&os, 0, sizeof(os));
-    memset(&cb, 0, sizeof(cb));
-
-    os.data = NULL;
-    os.length = 0;
-
-    ret = hx509_cert_binary(context, c, &os);
-    if (ret)
-	return ret;
-
-    ASN1_MALLOC_ENCODE(PKCS12_OctetString,
-		       cb.certValue.data,cb.certValue.length,
-		       &os, &size, ret);
-    free(os.data);
-    if (ret)
-	goto out;
-    ret = der_copy_oid(oid_id_pkcs_9_at_certTypes_x509(), &cb.certType);
-    if (ret) {
-	free_PKCS12_CertBag(&cb);
-	goto out;
-    }
-    ASN1_MALLOC_ENCODE(PKCS12_CertBag, os.data, os.length,
-		       &cb, &size, ret);
-    free_PKCS12_CertBag(&cb);
-    if (ret)
-	goto out;
-
-    ret = addBag(context, as, oid_id_pkcs12_certBag(), os.data, os.length);
-
-    if (_hx509_cert_private_key_exportable(c)) {
-	hx509_private_key key = _hx509_cert_private_key(c);
-	PKCS8PrivateKeyInfo pki;
-
-	memset(&pki, 0, sizeof(pki));
-
-	ret = der_parse_hex_heim_integer("00", &pki.version);
-	if (ret)
-	    return ret;
-	ret = _hx509_private_key_oid(context, key, 
-				     &pki.privateKeyAlgorithm.algorithm);
-	if (ret) {
-	    free_PKCS8PrivateKeyInfo(&pki);
-	    return ret;
-	}
-	ret = _hx509_private_key_export(context,
-					_hx509_cert_private_key(c),
-					&pki.privateKey);
-	if (ret) {
-	    free_PKCS8PrivateKeyInfo(&pki);
-	    return ret;
-	}
-	/* set attribute, oid_id_pkcs_9_at_localKeyId() */
-
-	ASN1_MALLOC_ENCODE(PKCS8PrivateKeyInfo, os.data, os.length,
-			   &pki, &size, ret);
-	free_PKCS8PrivateKeyInfo(&pki);
-	if (ret)
-	    return ret;
-
-	ret = addBag(context, as, oid_id_pkcs12_keyBag(), os.data, os.length);
-	if (ret)
-	    return ret;
-    }
-
-out:
-    return ret;
-}
-
-static int
-p12_store(hx509_context context, 
-	  hx509_certs certs, void *data, int flags, hx509_lock lock)
-{
-    struct ks_pkcs12 *p12 = data;
-    PKCS12_PFX pfx;
-    PKCS12_AuthenticatedSafe as;
-    PKCS12_OctetString asdata;
-    size_t size;
-    int ret;
-
-    memset(&as, 0, sizeof(as));
-    memset(&pfx, 0, sizeof(pfx));
-
-    ret = hx509_certs_iter(context, p12->certs, store_func, &as);
-    if (ret)
-	goto out;
-
-    ASN1_MALLOC_ENCODE(PKCS12_AuthenticatedSafe, asdata.data, asdata.length,
-		       &as, &size, ret);
-    free_PKCS12_AuthenticatedSafe(&as);
-    if (ret)
-	return ret;
-		       
-    ret = der_parse_hex_heim_integer("03", &pfx.version);
-    if (ret) {
-	free(asdata.data);
-	goto out;
-    }
-
-    pfx.authSafe.content = calloc(1, sizeof(*pfx.authSafe.content));
-
-    ASN1_MALLOC_ENCODE(PKCS12_OctetString, 
-		       pfx.authSafe.content->data,
-		       pfx.authSafe.content->length,
-		       &asdata, &size, ret);
-    free(asdata.data);
-    if (ret)
-	goto out;
-
-    ret = der_copy_oid(oid_id_pkcs7_data(), &pfx.authSafe.contentType);
-    if (ret)
-	goto out;
-
-    ASN1_MALLOC_ENCODE(PKCS12_PFX, asdata.data, asdata.length,
-		       &pfx, &size, ret);
-    if (ret)
-	goto out;
-
-#if 0
-    const struct _hx509_password *pw;
-
-    pw = _hx509_lock_get_passwords(lock);
-    if (pw != NULL) {
-	pfx.macData = calloc(1, sizeof(*pfx.macData));
-	if (pfx.macData == NULL) {
-	    ret = ENOMEM;
-	    hx509_set_error_string(context, 0, ret, "malloc out of memory");
-	    return ret;
-	}
-	if (pfx.macData == NULL) {
-	    free(asdata.data);
-	    goto out;
-	}
-    }
-    ret = calculate_hash(&aspath, pw, pfx.macData);
-#endif
-
-    rk_dumpdata(p12->fn, asdata.data, asdata.length);
-    free(asdata.data);
-
-out:
-    free_PKCS12_AuthenticatedSafe(&as);
-    free_PKCS12_PFX(&pfx);
-
-    return ret;
-}
-
-
-static int
-p12_free(hx509_certs certs, void *data)
-{
-    struct ks_pkcs12 *p12 = data;
-    hx509_certs_free(&p12->certs);
-    free(p12->fn);
-    free(p12);
-    return 0;
-}
-
-static int 
-p12_add(hx509_context context, hx509_certs certs, void *data, hx509_cert c)
-{
-    struct ks_pkcs12 *p12 = data;
-    return hx509_certs_add(context, p12->certs, c);
-}
-
-static int 
-p12_iter_start(hx509_context context,
-	       hx509_certs certs,
-	       void *data,
-	       void **cursor)
-{
-    struct ks_pkcs12 *p12 = data;
-    return hx509_certs_start_seq(context, p12->certs, cursor);
-}
-
-static int
-p12_iter(hx509_context context,
-	 hx509_certs certs,
-	 void *data,
-	 void *cursor,
-	 hx509_cert *cert)
-{
-    struct ks_pkcs12 *p12 = data;
-    return hx509_certs_next_cert(context, p12->certs, cursor, cert);
-}
-
-static int
-p12_iter_end(hx509_context context,
-	     hx509_certs certs,
-	     void *data,
-	     void *cursor)
-{
-    struct ks_pkcs12 *p12 = data;
-    return hx509_certs_end_seq(context, p12->certs, cursor);
-}
-
-static struct hx509_keyset_ops keyset_pkcs12 = {
-    "PKCS12",
-    0,
-    p12_init,
-    p12_store,
-    p12_free,
-    p12_add,
-    NULL,
-    p12_iter_start,
-    p12_iter,
-    p12_iter_end
-};
-
-void
-_hx509_ks_pkcs12_register(hx509_context context)
-{
-    _hx509_ks_register(context, &keyset_pkcs12);
-}
diff --git a/crypto/heimdal/lib/hx509/lock.c b/crypto/heimdal/lib/hx509/lock.c
deleted file mode 100644
index e835aee35af0..000000000000
--- a/crypto/heimdal/lib/hx509/lock.c
+++ /dev/null
@@ -1,248 +0,0 @@
-/*
- * Copyright (c) 2005 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-RCSID("$Id: lock.c 22327 2007-12-15 04:49:37Z lha $");
-
-/**
- * @page page_lock Locking and unlocking certificates and encrypted data.
- *
- * See the library functions here: @ref hx509_lock
- */
-
-struct hx509_lock_data {
-    struct _hx509_password password;
-    hx509_certs certs;
-    hx509_prompter_fct prompt;
-    void *prompt_data;
-};
-
-static struct hx509_lock_data empty_lock_data = {
-    { 0, NULL }
-};
-
-hx509_lock _hx509_empty_lock = &empty_lock_data;
-
-/*
- *
- */
-
-int
-hx509_lock_init(hx509_context context, hx509_lock *lock)
-{
-    hx509_lock l;
-    int ret;
-
-    *lock = NULL;
-
-    l = calloc(1, sizeof(*l));
-    if (l == NULL)
-	return ENOMEM;
-
-    ret = hx509_certs_init(context, 
-			   "MEMORY:locks-internal", 
-			   0,
-			   NULL,
-			   &l->certs);
-    if (ret) {
-	free(l);
-	return ret;
-    }
-
-    *lock = l;
-
-    return 0;
-}
-
-int
-hx509_lock_add_password(hx509_lock lock, const char *password)
-{
-    void *d;
-    char *s;
-
-    s = strdup(password);
-    if (s == NULL)
-	return ENOMEM;
-
-    d = realloc(lock->password.val,
-		(lock->password.len + 1) * sizeof(lock->password.val[0]));
-    if (d == NULL) {
-	free(s);
-	return ENOMEM;
-    }
-    lock->password.val = d;
-    lock->password.val[lock->password.len] = s;
-    lock->password.len++;
-
-    return 0;
-}
-
-const struct _hx509_password *
-_hx509_lock_get_passwords(hx509_lock lock)
-{
-    return &lock->password;
-}
-
-hx509_certs
-_hx509_lock_unlock_certs(hx509_lock lock)
-{
-    return lock->certs;
-}
-
-void
-hx509_lock_reset_passwords(hx509_lock lock)
-{
-    int i;
-    for (i = 0; i < lock->password.len; i++)
-	free(lock->password.val[i]);
-    free(lock->password.val);
-    lock->password.val = NULL;
-    lock->password.len = 0;
-}
-
-int
-hx509_lock_add_cert(hx509_context context, hx509_lock lock, hx509_cert cert)
-{
-    return hx509_certs_add(context, lock->certs, cert);
-}
-
-int
-hx509_lock_add_certs(hx509_context context, hx509_lock lock, hx509_certs certs)
-{
-    return hx509_certs_merge(context, lock->certs, certs);
-}
-
-void
-hx509_lock_reset_certs(hx509_context context, hx509_lock lock)
-{
-    hx509_certs certs = lock->certs;
-    int ret;
-    
-    ret = hx509_certs_init(context, 
-			   "MEMORY:locks-internal",
-			   0,
-			   NULL,
-			   &lock->certs);
-    if (ret == 0)
-	hx509_certs_free(&certs);
-    else
-	lock->certs = certs;
-}
-
-int
-_hx509_lock_find_cert(hx509_lock lock, const hx509_query *q, hx509_cert *c)
-{
-    *c = NULL;
-    return 0;
-}
-
-int
-hx509_lock_set_prompter(hx509_lock lock, hx509_prompter_fct prompt, void *data)
-{
-    lock->prompt = prompt;
-    lock->prompt_data = data;
-    return 0;
-}
-
-void
-hx509_lock_reset_promper(hx509_lock lock)
-{
-    lock->prompt = NULL;
-    lock->prompt_data = NULL;
-}
-
-static int 
-default_prompter(void *data, const hx509_prompt *prompter)
-{
-    if (hx509_prompt_hidden(prompter->type)) {
-	if(UI_UTIL_read_pw_string(prompter->reply.data,
-				  prompter->reply.length,
-				  prompter->prompt,
-				  0))
-	    return 1;
-    } else {
-	char *s = prompter->reply.data;
-
-	fputs (prompter->prompt, stdout);
-	fflush (stdout);
-	if(fgets(prompter->reply.data,
-		 prompter->reply.length,
-		 stdin) == NULL)
-	    return 1;
-	s[strcspn(s, "\n")] = '\0';
-    }
-    return 0;
-}
-
-int
-hx509_lock_prompt(hx509_lock lock, hx509_prompt *prompt)
-{
-    if (lock->prompt == NULL)
-	return HX509_CRYPTO_NO_PROMPTER;
-    return (*lock->prompt)(lock->prompt_data, prompt);
-}
-
-void
-hx509_lock_free(hx509_lock lock)
-{
-    hx509_certs_free(&lock->certs);
-    hx509_lock_reset_passwords(lock);
-    memset(lock, 0, sizeof(*lock));
-    free(lock);
-}
-
-int
-hx509_prompt_hidden(hx509_prompt_type type)
-{
-    /* default to hidden if unknown */
-
-    switch (type) {
-    case HX509_PROMPT_TYPE_QUESTION:
-    case HX509_PROMPT_TYPE_INFO:
-	return 0;
-    default:
-	return 1;
-    }
-}
-
-int
-hx509_lock_command_string(hx509_lock lock, const char *string)
-{
-    if (strncasecmp(string, "PASS:", 5) == 0) {
-	hx509_lock_add_password(lock, string + 5);
-    } else if (strcasecmp(string, "PROMPT") == 0) {
-	hx509_lock_set_prompter(lock, default_prompter, NULL);
-    } else
-	return HX509_UNKNOWN_LOCK_COMMAND;
-    return 0;
-}
diff --git a/crypto/heimdal/lib/hx509/name.c b/crypto/heimdal/lib/hx509/name.c
deleted file mode 100644
index 69fafe1b8a17..000000000000
--- a/crypto/heimdal/lib/hx509/name.c
+++ /dev/null
@@ -1,918 +0,0 @@
-/*
- * Copyright (c) 2004 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-RCSID("$Id: name.c 22432 2008-01-13 14:08:03Z lha $");
-
-/**
- * @page page_name PKIX/X.509 Names
- *
- * There are several names in PKIX/X.509, GeneralName and Name.
- *
- * A Name consists of an ordered list of Relative Distinguished Names
- * (RDN). Each RDN consists of an unordered list of typed strings. The
- * types are defined by OID and have long and short description. For
- * example id-at-commonName (2.5.4.3) have the long name CommonName
- * and short name CN. The string itself can be of serveral encoding,
- * UTF8, UTF16, Teltex string, etc. The type limit what encoding
- * should be used.
- *
- * GeneralName is a broader nametype that can contains al kind of
- * stuff like Name, IP addresses, partial Name, etc.
- *
- * Name is mapped into a hx509_name object.
- *
- * Parse and string name into a hx509_name object with hx509_parse_name(),
- * make it back into string representation with hx509_name_to_string().
- *
- * Name string are defined rfc2253, rfc1779 and X.501.
- *
- * See the library functions here: @ref hx509_name
- */
-
-static const struct {
-    const char *n;
-    const heim_oid *(*o)(void);
-} no[] = {
-    { "C", oid_id_at_countryName },
-    { "CN", oid_id_at_commonName },
-    { "DC", oid_id_domainComponent },
-    { "L", oid_id_at_localityName },
-    { "O", oid_id_at_organizationName },
-    { "OU", oid_id_at_organizationalUnitName },
-    { "S", oid_id_at_stateOrProvinceName },
-    { "STREET", oid_id_at_streetAddress },
-    { "UID", oid_id_Userid },
-    { "emailAddress", oid_id_pkcs9_emailAddress },
-    { "serialNumber", oid_id_at_serialNumber }
-};
-
-static char *
-quote_string(const char *f, size_t len, size_t *rlen)
-{
-    size_t i, j, tolen;
-    const char *from = f;
-    char *to;
-
-    tolen = len * 3 + 1;
-    to = malloc(tolen);
-    if (to == NULL)
-	return NULL;
-
-    for (i = 0, j = 0; i < len; i++) {
-	if (from[i] == ' ' && i + 1 < len)
-	    to[j++] = from[i];
-	else if (from[i] == ',' || from[i] == '=' || from[i] == '+' ||
-		 from[i] == '<' || from[i] == '>' || from[i] == '#' ||
-		 from[i] == ';' || from[i] == ' ')
-	{
-	    to[j++] = '\\';
-	    to[j++] = from[i];
-	} else if (((unsigned char)from[i]) >= 32 && ((unsigned char)from[i]) <= 127) {
-	    to[j++] = from[i];
-	} else {
-	    int l = snprintf(&to[j], tolen - j - 1,
-			     "#%02x", (unsigned char)from[i]);
-	    j += l;
-	}
-    }
-    to[j] = '\0';
-    assert(j < tolen);
-    *rlen = j;
-    return to;
-}
-
-
-static int
-append_string(char **str, size_t *total_len, const char *ss, 
-	      size_t len, int quote)
-{
-    char *s, *qs;
-
-    if (quote)
-	qs = quote_string(ss, len, &len);
-    else
-	qs = rk_UNCONST(ss);
-
-    s = realloc(*str, len + *total_len + 1);
-    if (s == NULL)
-	_hx509_abort("allocation failure"); /* XXX */
-    memcpy(s + *total_len, qs, len);
-    if (qs != ss)
-	free(qs);
-    s[*total_len + len] = '\0';
-    *str = s;
-    *total_len += len;
-    return 0;
-}
-
-static char *
-oidtostring(const heim_oid *type)
-{
-    char *s;
-    size_t i;
-    
-    for (i = 0; i < sizeof(no)/sizeof(no[0]); i++) {
-	if (der_heim_oid_cmp((*no[i].o)(), type) == 0)
-	    return strdup(no[i].n);
-    }
-    if (der_print_heim_oid(type, '.', &s) != 0)
-	return NULL;
-    return s;
-}
-
-static int
-stringtooid(const char *name, size_t len, heim_oid *oid)
-{
-    int i, ret;
-    char *s;
-    
-    memset(oid, 0, sizeof(*oid));
-
-    for (i = 0; i < sizeof(no)/sizeof(no[0]); i++) {
-	if (strncasecmp(no[i].n, name, len) == 0)
-	    return der_copy_oid((*no[i].o)(), oid);
-    }
-    s = malloc(len + 1);
-    if (s == NULL)
-	return ENOMEM;
-    memcpy(s, name, len);
-    s[len] = '\0';
-    ret = der_parse_heim_oid(s, ".", oid);
-    free(s);
-    return ret;
-}
-
-/**
- * Convert the hx509 name object into a printable string.
- * The resulting string should be freed with free().
- *
- * @param name name to print
- * @param str the string to return
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_name
- */
-
-int
-hx509_name_to_string(const hx509_name name, char **str)
-{
-    return _hx509_Name_to_string(&name->der_name, str);
-}
-
-int
-_hx509_Name_to_string(const Name *n, char **str)
-{
-    size_t total_len = 0;
-    int i, j;
-
-    *str = strdup("");
-    if (*str == NULL)
-	return ENOMEM;
-
-    for (i = n->u.rdnSequence.len - 1 ; i >= 0 ; i--) {
-	int len;
-
-	for (j = 0; j < n->u.rdnSequence.val[i].len; j++) {
-	    DirectoryString *ds = &n->u.rdnSequence.val[i].val[j].value;
-	    char *oidname;
-	    char *ss;
-	    
-	    oidname = oidtostring(&n->u.rdnSequence.val[i].val[j].type);
-
-	    switch(ds->element) {
-	    case choice_DirectoryString_ia5String:
-		ss = ds->u.ia5String;
-		break;
-	    case choice_DirectoryString_printableString:
-		ss = ds->u.printableString;
-		break;
-	    case choice_DirectoryString_utf8String:
-		ss = ds->u.utf8String;
-		break;
-	    case choice_DirectoryString_bmpString: {
-		uint16_t *bmp = ds->u.bmpString.data;
-		size_t bmplen = ds->u.bmpString.length;
-		size_t k;
-
-		ss = malloc(bmplen + 1);
-		if (ss == NULL)
-		    _hx509_abort("allocation failure"); /* XXX */
-		for (k = 0; k < bmplen; k++)
-		    ss[k] = bmp[k] & 0xff; /* XXX */
-		ss[k] = '\0';
-		break;
-	    }
-	    case choice_DirectoryString_teletexString:
-		ss = malloc(ds->u.teletexString.length + 1);
-		if (ss == NULL)
-		    _hx509_abort("allocation failure"); /* XXX */
-		memcpy(ss, ds->u.teletexString.data, ds->u.teletexString.length);
-		ss[ds->u.teletexString.length] = '\0';
-		break;
-	    case choice_DirectoryString_universalString: {
-		uint32_t *uni = ds->u.universalString.data;
-		size_t unilen = ds->u.universalString.length;
-		size_t k;
-
-		ss = malloc(unilen + 1);
-		if (ss == NULL)
-		    _hx509_abort("allocation failure"); /* XXX */
-		for (k = 0; k < unilen; k++)
-		    ss[k] = uni[k] & 0xff; /* XXX */
-		ss[k] = '\0';
-		break;
-	    }
-	    default:
-		_hx509_abort("unknown directory type: %d", ds->element);
-		exit(1);
-	    }
-	    append_string(str, &total_len, oidname, strlen(oidname), 0);
-	    free(oidname);
-	    append_string(str, &total_len, "=", 1, 0);
-	    len = strlen(ss);
-	    append_string(str, &total_len, ss, len, 1);
-	    if (ds->element == choice_DirectoryString_universalString ||
-		ds->element == choice_DirectoryString_bmpString ||
-		ds->element == choice_DirectoryString_teletexString)
-	    {
-		free(ss);
-	    }
-	    if (j + 1 < n->u.rdnSequence.val[i].len)
-		append_string(str, &total_len, "+", 1, 0);
-	}
-
-	if (i > 0)
-	    append_string(str, &total_len, ",", 1, 0);
-    }
-    return 0;
-}
-
-/*
- * XXX this function is broken, it needs to compare code points, not
- * bytes.
- */
-
-static void
-prune_space(const unsigned char **s)
-{
-    while (**s == ' ')
-	(*s)++;
-}
-
-int
-_hx509_name_ds_cmp(const DirectoryString *ds1, const DirectoryString *ds2)
-{
-    int c;
-
-    c = ds1->element - ds2->element;
-    if (c)
-	return c;
-
-    switch(ds1->element) {
-    case choice_DirectoryString_ia5String:
-	c = strcmp(ds1->u.ia5String, ds2->u.ia5String);
-	break;
-    case choice_DirectoryString_teletexString:
-	c = der_heim_octet_string_cmp(&ds1->u.teletexString,
-				  &ds2->u.teletexString);
-	break;
-    case choice_DirectoryString_printableString: {
-	const unsigned char *s1 = (unsigned char*)ds1->u.printableString;
-	const unsigned char *s2 = (unsigned char*)ds2->u.printableString;
-	prune_space(&s1); prune_space(&s2);
-	while (*s1 && *s2) {
-	    if (toupper(*s1) != toupper(*s2)) {
-		c = toupper(*s1) - toupper(*s2);
-		break;
-	    }
-	    if (*s1 == ' ') { prune_space(&s1); prune_space(&s2); }
-	    else { s1++; s2++; }
-	}	    
-	prune_space(&s1); prune_space(&s2);
-	c = *s1 - *s2;
-	break;
-    }
-    case choice_DirectoryString_utf8String:
-	c = strcmp(ds1->u.utf8String, ds2->u.utf8String);
-	break;
-    case choice_DirectoryString_universalString:
-	c = der_heim_universal_string_cmp(&ds1->u.universalString,
-					  &ds2->u.universalString);
-	break;
-    case choice_DirectoryString_bmpString:
-	c = der_heim_bmp_string_cmp(&ds1->u.bmpString,
-				    &ds2->u.bmpString);
-	break;
-    default:
-	c = 1;
-	break;
-    }
-    return c;
-}
-
-int
-_hx509_name_cmp(const Name *n1, const Name *n2)
-{
-    int i, j, c;
-
-    c = n1->u.rdnSequence.len - n2->u.rdnSequence.len;
-    if (c)
-	return c;
-
-    for (i = 0 ; i < n1->u.rdnSequence.len; i++) {
-	c = n1->u.rdnSequence.val[i].len - n2->u.rdnSequence.val[i].len;
-	if (c)
-	    return c;
-
-	for (j = 0; j < n1->u.rdnSequence.val[i].len; j++) {
-	    c = der_heim_oid_cmp(&n1->u.rdnSequence.val[i].val[j].type,
-				 &n1->u.rdnSequence.val[i].val[j].type);
-	    if (c)
-		return c;
-			     
-	    c = _hx509_name_ds_cmp(&n1->u.rdnSequence.val[i].val[j].value,
-				   &n2->u.rdnSequence.val[i].val[j].value);
-	    if (c)
-		return c;
-	}
-    }
-    return 0;
-}
-
-/**
- * Compare to hx509 name object, useful for sorting.
- *
- * @param n1 a hx509 name object.
- * @param n2 a hx509 name object.
- *
- * @return 0 the objects are the same, returns > 0 is n2 is "larger"
- * then n2, < 0 if n1 is "smaller" then n2.
- *
- * @ingroup hx509_name
- */
-
-int
-hx509_name_cmp(hx509_name n1, hx509_name n2)
-{
-    return _hx509_name_cmp(&n1->der_name, &n2->der_name);
-}
-
-
-int
-_hx509_name_from_Name(const Name *n, hx509_name *name)
-{
-    int ret;
-    *name = calloc(1, sizeof(**name));
-    if (*name == NULL)
-	return ENOMEM;
-    ret = copy_Name(n, &(*name)->der_name);
-    if (ret) {
-	free(*name);
-	*name = NULL;
-    }
-    return ret;
-}
-
-int
-_hx509_name_modify(hx509_context context,
-		   Name *name, 
-		   int append,
-		   const heim_oid *oid, 
-		   const char *str)
-{
-    RelativeDistinguishedName *rdn;
-    int ret;
-    void *ptr;
-
-    ptr = realloc(name->u.rdnSequence.val, 
-		  sizeof(name->u.rdnSequence.val[0]) * 
-		  (name->u.rdnSequence.len + 1));
-    if (ptr == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "Out of memory");
-	return ENOMEM;
-    }
-    name->u.rdnSequence.val = ptr;
-
-    if (append) {
-	rdn = &name->u.rdnSequence.val[name->u.rdnSequence.len];
-    } else {
-	memmove(&name->u.rdnSequence.val[1],
-		&name->u.rdnSequence.val[0],
-		name->u.rdnSequence.len * 
-		sizeof(name->u.rdnSequence.val[0]));
-	
-	rdn = &name->u.rdnSequence.val[0];
-    }
-    rdn->val = malloc(sizeof(rdn->val[0]));
-    if (rdn->val == NULL)
-	return ENOMEM;
-    rdn->len = 1;
-    ret = der_copy_oid(oid, &rdn->val[0].type);
-    if (ret)
-	return ret;
-    rdn->val[0].value.element = choice_DirectoryString_utf8String;
-    rdn->val[0].value.u.utf8String = strdup(str);
-    if (rdn->val[0].value.u.utf8String == NULL)
-	return ENOMEM;
-    name->u.rdnSequence.len += 1;
-
-    return 0;
-}
-
-/**
- * Parse a string into a hx509 name object.
- *
- * @param context A hx509 context.
- * @param str a string to parse.
- * @param name the resulting object, NULL in case of error.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_name
- */
-
-int
-hx509_parse_name(hx509_context context, const char *str, hx509_name *name)
-{
-    const char *p, *q;
-    size_t len;
-    hx509_name n;
-    int ret;
-
-    *name = NULL;
-
-    n = calloc(1, sizeof(*n));
-    if (n == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-
-    n->der_name.element = choice_Name_rdnSequence;
-
-    p = str;
-
-    while (p != NULL && *p != '\0') {
-	heim_oid oid;
-	int last;
-
-	q = strchr(p, ',');
-	if (q) {
-	    len = (q - p);
-	    last = 1;
-	} else {
-	    len = strlen(p);
-	    last = 0;
-	}
-
-	q = strchr(p, '=');
-	if (q == NULL) {
-	    ret = HX509_PARSING_NAME_FAILED;
-	    hx509_set_error_string(context, 0, ret, "missing = in %s", p);
-	    goto out;
-	}
-	if (q == p) {
-	    ret = HX509_PARSING_NAME_FAILED;
-	    hx509_set_error_string(context, 0, ret, 
-				   "missing name before = in %s", p);
-	    goto out;
-	}
-	
-	if ((q - p) > len) {
-	    ret = HX509_PARSING_NAME_FAILED;
-	    hx509_set_error_string(context, 0, ret, " = after , in %s", p);
-	    goto out;
-	}
-
-	ret = stringtooid(p, q - p, &oid);
-	if (ret) {
-	    ret = HX509_PARSING_NAME_FAILED;
-	    hx509_set_error_string(context, 0, ret, 
-				   "unknown type: %.*s", (int)(q - p), p);
-	    goto out;
-	}
-	
-	{
-	    size_t pstr_len = len - (q - p) - 1;
-	    const char *pstr = p + (q - p) + 1;
-	    char *r;
-	    
-	    r = malloc(pstr_len + 1);
-	    if (r == NULL) {
-		der_free_oid(&oid);
-		ret = ENOMEM;
-		hx509_set_error_string(context, 0, ret, "out of memory");
-		goto out;
-	    }
-	    memcpy(r, pstr, pstr_len);
-	    r[pstr_len] = '\0';
-
-	    ret = _hx509_name_modify(context, &n->der_name, 0, &oid, r);
-	    free(r);
-	    der_free_oid(&oid);
-	    if(ret)
-		goto out;
-	}
-	p += len + last;
-    }
-
-    *name = n;
-
-    return 0;
-out:
-    hx509_name_free(&n);
-    return HX509_NAME_MALFORMED;
-}
-
-/**
- * Copy a hx509 name object.
- *
- * @param context A hx509 cotext.
- * @param from the name to copy from
- * @param to the name to copy to
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_name
- */
-
-int
-hx509_name_copy(hx509_context context, const hx509_name from, hx509_name *to)
-{
-    int ret;
-
-    *to = calloc(1, sizeof(**to));
-    if (*to == NULL)
-	return ENOMEM;
-    ret = copy_Name(&from->der_name, &(*to)->der_name);
-    if (ret) {
-	free(*to);
-	*to = NULL;
-	return ENOMEM;
-    }
-    return 0;
-}
-
-/**
- * Convert a hx509_name into a Name.
- *
- * @param from the name to copy from
- * @param to the name to copy to
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_name
- */
-
-int
-hx509_name_to_Name(const hx509_name from, Name *to)
-{
-    return copy_Name(&from->der_name, to);
-}
-
-int
-hx509_name_normalize(hx509_context context, hx509_name name)
-{
-    return 0;
-}
-
-/**
- * Expands variables in the name using env. Variables are on the form
- * ${name}. Useful when dealing with certificate templates.
- *
- * @param context A hx509 cotext.
- * @param name the name to expand.
- * @param env environment variable to expand.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_name
- */
-
-int
-hx509_name_expand(hx509_context context,
-		  hx509_name name,
-		  hx509_env env)
-{
-    Name *n = &name->der_name;
-    int i, j;
-
-    if (env == NULL)
-	return 0;
-
-    if (n->element != choice_Name_rdnSequence) {
-	hx509_set_error_string(context, 0, EINVAL, "RDN not of supported type");
-	return EINVAL;
-    }
-
-    for (i = 0 ; i < n->u.rdnSequence.len; i++) {
-	for (j = 0; j < n->u.rdnSequence.val[i].len; j++) {
-	    /** Only UTF8String rdnSequence names are allowed */
-	    /*
-	      THIS SHOULD REALLY BE:
-	      COMP = n->u.rdnSequence.val[i].val[j];
-	      normalize COMP to utf8
-	      check if there are variables
-	        expand variables
-	        convert back to orignal format, store in COMP
-	      free normalized utf8 string
-	    */
-	    DirectoryString *ds = &n->u.rdnSequence.val[i].val[j].value;
-	    char *p, *p2;
-	    struct rk_strpool *strpool = NULL;
-
-	    if (ds->element != choice_DirectoryString_utf8String) {
-		hx509_set_error_string(context, 0, EINVAL, "unsupported type");
-		return EINVAL;
-	    }
-	    p = strstr(ds->u.utf8String, "${");
-	    if (p) {
-		strpool = rk_strpoolprintf(strpool, "%.*s", 
-					   (int)(p - ds->u.utf8String), 
-					   ds->u.utf8String);
-		if (strpool == NULL) {
-		    hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-		    return ENOMEM;
-		}
-	    }
-	    while (p != NULL) {
-		/* expand variables */
-		const char *value;
-		p2 = strchr(p, '}');
-		if (p2 == NULL) {
-		    hx509_set_error_string(context, 0, EINVAL, "missing }");
-		    rk_strpoolfree(strpool);
-		    return EINVAL;
-		}
-		p += 2;
-		value = hx509_env_lfind(context, env, p, p2 - p);
-		if (value == NULL) {
-		    hx509_set_error_string(context, 0, EINVAL, 
-					   "variable %.*s missing",
-					   (int)(p2 - p), p);
-		    rk_strpoolfree(strpool);
-		    return EINVAL;
-		}
-		strpool = rk_strpoolprintf(strpool, "%s", value);
-		if (strpool == NULL) {
-		    hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-		    return ENOMEM;
-		}
-		p2++;
-
-		p = strstr(p2, "${");
-		if (p)
-		    strpool = rk_strpoolprintf(strpool, "%.*s", 
-					       (int)(p - p2), p2);
-		else
-		    strpool = rk_strpoolprintf(strpool, "%s", p2);
-		if (strpool == NULL) {
-		    hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-		    return ENOMEM;
-		}
-	    }
-	    if (strpool) {
-		free(ds->u.utf8String);
-		ds->u.utf8String = rk_strpoolcollect(strpool);
-		if (ds->u.utf8String == NULL) {
-		    hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-		    return ENOMEM;
-		}
-	    }
-	}
-    }
-    return 0;
-}
-
-/**
- * Free a hx509 name object, upond return *name will be NULL.
- *
- * @param name a hx509 name object to be freed.
- *
- * @ingroup hx509_name
- */
-
-void
-hx509_name_free(hx509_name *name)
-{
-    free_Name(&(*name)->der_name);
-    memset(*name, 0, sizeof(**name));
-    free(*name);
-    *name = NULL;
-}
-
-/**
- * Convert a DER encoded name info a string.
- *
- * @param data data to a DER/BER encoded name
- * @param length length of data
- * @param str the resulting string, is NULL on failure.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_name
- */
-
-int
-hx509_unparse_der_name(const void *data, size_t length, char **str)
-{
-    Name name;
-    int ret;
-
-    *str = NULL;
-
-    ret = decode_Name(data, length, &name, NULL);
-    if (ret)
-	return ret;
-    ret = _hx509_Name_to_string(&name, str);
-    free_Name(&name);
-    return ret;
-}
-
-/**
- * Convert a hx509_name object to DER encoded name.
- *
- * @param name name to concert
- * @param os data to a DER encoded name, free the resulting octet
- * string with hx509_xfree(os->data).
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_name
- */
-
-int
-hx509_name_binary(const hx509_name name, heim_octet_string *os)
-{
-    size_t size;
-    int ret;
-
-    ASN1_MALLOC_ENCODE(Name, os->data, os->length, &name->der_name, &size, ret);
-    if (ret)
-	return ret;
-    if (os->length != size)
-	_hx509_abort("internal ASN.1 encoder error");
-
-    return 0;
-}
-
-int
-_hx509_unparse_Name(const Name *aname, char **str)
-{
-    hx509_name name;
-    int ret;
-
-    ret = _hx509_name_from_Name(aname, &name);
-    if (ret)
-	return ret;
-
-    ret = hx509_name_to_string(name, str);
-    hx509_name_free(&name);
-    return ret;
-}
-
-/**
- * Unparse the hx509 name in name into a string.
- *
- * @param name the name to check if its empty/null.
- *
- * @return non zero if the name is empty/null.
- *
- * @ingroup hx509_name
- */
-
-int
-hx509_name_is_null_p(const hx509_name name)
-{
-    return name->der_name.u.rdnSequence.len == 0;
-}
-
-/**
- * Unparse the hx509 name in name into a string.
- *
- * @param name the name to print
- * @param str an allocated string returns the name in string form
- *
- * @return An hx509 error code, see krb5_get_error_string().
- *
- * @ingroup hx509_name
- */
-
-int
-hx509_general_name_unparse(GeneralName *name, char **str)
-{
-    struct rk_strpool *strpool = NULL;
-
-    *str = NULL;
-
-    switch (name->element) {
-    case choice_GeneralName_otherName: {
-	char *str;
-	hx509_oid_sprint(&name->u.otherName.type_id, &str);
-	if (str == NULL)
-	    return ENOMEM;
-	strpool = rk_strpoolprintf(strpool, "otherName: %s", str);
-	free(str);
-	break;
-    }
-    case choice_GeneralName_rfc822Name:
-	strpool = rk_strpoolprintf(strpool, "rfc822Name: %s\n",
-				   name->u.rfc822Name);
-	break;
-    case choice_GeneralName_dNSName:
-	strpool = rk_strpoolprintf(strpool, "dNSName: %s\n",
-				   name->u.dNSName);
-	break;
-    case choice_GeneralName_directoryName: {
-	Name dir;
-	char *s;
-	int ret;
-	memset(&dir, 0, sizeof(dir));
-	dir.element = name->u.directoryName.element;
-	dir.u.rdnSequence = name->u.directoryName.u.rdnSequence;
-	ret = _hx509_unparse_Name(&dir, &s);
-	if (ret)
-	    return ret;
-	strpool = rk_strpoolprintf(strpool, "directoryName: %s", s);
-	free(s);
-	break;
-    }
-    case choice_GeneralName_uniformResourceIdentifier:
-	strpool = rk_strpoolprintf(strpool, "URI: %s", 
-				   name->u.uniformResourceIdentifier);
-	break;
-    case choice_GeneralName_iPAddress: {
-	unsigned char *a = name->u.iPAddress.data;
-
-	strpool = rk_strpoolprintf(strpool, "IPAddress: ");
-	if (strpool == NULL)
-	    break;
-	if (name->u.iPAddress.length == 4)
-	    strpool = rk_strpoolprintf(strpool, "%d.%d.%d.%d", 
-				       a[0], a[1], a[2], a[3]);
-	else if (name->u.iPAddress.length == 16)
-	    strpool = rk_strpoolprintf(strpool, 
-				       "%02X:%02X:%02X:%02X:"
-				       "%02X:%02X:%02X:%02X:"
-				       "%02X:%02X:%02X:%02X:"
-				       "%02X:%02X:%02X:%02X", 
-				       a[0], a[1], a[2], a[3],
-				       a[4], a[5], a[6], a[7],
-				       a[8], a[9], a[10], a[11],
-				       a[12], a[13], a[14], a[15]);
-	else
-	    strpool = rk_strpoolprintf(strpool, 
-				       "unknown IP address of length %lu",
-				       (unsigned long)name->u.iPAddress.length);
-	break;
-    }
-    case choice_GeneralName_registeredID: {
-	char *str;
-	hx509_oid_sprint(&name->u.registeredID, &str);
-	if (str == NULL)
-	    return ENOMEM;
-	strpool = rk_strpoolprintf(strpool, "registeredID: %s", str);
-	free(str);
-	break;
-    }
-    default:
-	return EINVAL;
-    }
-    if (strpool == NULL)
-	return ENOMEM;
-
-    *str = rk_strpoolcollect(strpool);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/hx509/ocsp.asn1 b/crypto/heimdal/lib/hx509/ocsp.asn1
deleted file mode 100644
index d8ecd66ccf70..000000000000
--- a/crypto/heimdal/lib/hx509/ocsp.asn1
+++ /dev/null
@@ -1,113 +0,0 @@
--- From rfc2560
--- $Id: ocsp.asn1 19576 2006-12-30 12:40:43Z lha $
-OCSP DEFINITIONS EXPLICIT TAGS::=
-
-BEGIN
-
-IMPORTS
-	Certificate, AlgorithmIdentifier, CRLReason,
-	Name, GeneralName, CertificateSerialNumber, Extensions
-	FROM rfc2459;
-
-OCSPVersion  ::=  INTEGER {  ocsp-v1(0) }
-
-OCSPCertStatus ::= CHOICE {
-    good                [0]     IMPLICIT NULL,
-    revoked             [1]     IMPLICIT -- OCSPRevokedInfo -- SEQUENCE {
-    			revocationTime		GeneralizedTime,
-			revocationReason[0]	EXPLICIT CRLReason OPTIONAL
-    },
-    unknown             [2]     IMPLICIT NULL }
-
-OCSPCertID ::= SEQUENCE {
-    hashAlgorithm            AlgorithmIdentifier,
-    issuerNameHash     OCTET STRING, -- Hash of Issuer's DN
-    issuerKeyHash      OCTET STRING, -- Hash of Issuers public key
-    serialNumber       CertificateSerialNumber }
-
-OCSPSingleResponse ::= SEQUENCE {
-   certID                       OCSPCertID,
-   certStatus                   OCSPCertStatus,
-   thisUpdate                   GeneralizedTime,
-   nextUpdate           [0]     EXPLICIT GeneralizedTime OPTIONAL,
-   singleExtensions     [1]     EXPLICIT Extensions OPTIONAL }
-
-OCSPInnerRequest ::=     SEQUENCE {
-    reqCert                    OCSPCertID,
-    singleRequestExtensions    [0] EXPLICIT Extensions OPTIONAL }
-
-OCSPTBSRequest      ::=     SEQUENCE {
-    version             [0] EXPLICIT OCSPVersion -- DEFAULT v1 -- OPTIONAL,
-    requestorName       [1] EXPLICIT GeneralName OPTIONAL,
-    requestList             SEQUENCE OF OCSPInnerRequest,
-    requestExtensions   [2] EXPLICIT Extensions OPTIONAL }
-
-OCSPSignature       ::=     SEQUENCE {
-    signatureAlgorithm   AlgorithmIdentifier,
-    signature            BIT STRING,
-    certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
-
-OCSPRequest     ::=     SEQUENCE {
-    tbsRequest                  OCSPTBSRequest,
-    optionalSignature   [0]     EXPLICIT OCSPSignature OPTIONAL }
-
-OCSPResponseBytes ::=       SEQUENCE {
-    responseType   OBJECT IDENTIFIER,
-    response       OCTET STRING }
-
-OCSPResponseStatus ::= ENUMERATED {
-    successful            (0),      --Response has valid confirmations
-    malformedRequest      (1),      --Illegal confirmation request
-    internalError         (2),      --Internal error in issuer
-    tryLater              (3),      --Try again later
-                                    --(4) is not used
-    sigRequired           (5),      --Must sign the request
-    unauthorized          (6)       --Request unauthorized
-}
-
-OCSPResponse ::= SEQUENCE {
-   responseStatus         OCSPResponseStatus,
-   responseBytes          [0] EXPLICIT OCSPResponseBytes OPTIONAL }
-
-OCSPKeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
-                         --(excluding the tag and length fields)
-
-OCSPResponderID ::= CHOICE {
-   byName   [1] Name,
-   byKey    [2] OCSPKeyHash }
-
-OCSPResponseData ::= SEQUENCE {
-   version              [0] EXPLICIT OCSPVersion -- DEFAULT v1 -- OPTIONAL,
-   responderID              OCSPResponderID,
-   producedAt               GeneralizedTime,
-   responses                SEQUENCE OF OCSPSingleResponse,
-   responseExtensions   [1] EXPLICIT Extensions OPTIONAL }
-
-OCSPBasicOCSPResponse       ::= SEQUENCE {
-   tbsResponseData      OCSPResponseData,
-   signatureAlgorithm   AlgorithmIdentifier,
-   signature            BIT STRING,
-   certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
-
--- ArchiveCutoff ::= GeneralizedTime
-
--- AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER
-
--- Object Identifiers
-
-id-pkix-ocsp         OBJECT IDENTIFIER ::= {
- 	 iso(1) identified-organization(3) dod(6) internet(1)
-	 security(5) mechanisms(5) pkix(7) pkix-ad(48) 1
-}
-
-id-pkix-ocsp-basic		OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 }
-id-pkix-ocsp-nonce		OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
--- id-pkix-ocsp-crl             OBJECT IDENTIFIER ::= { id-pkix-ocsp 3 }
--- id-pkix-ocsp-response        OBJECT IDENTIFIER ::= { id-pkix-ocsp 4 }
--- id-pkix-ocsp-nocheck         OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
--- id-pkix-ocsp-archive-cutoff  OBJECT IDENTIFIER ::= { id-pkix-ocsp 6 }
--- id-pkix-ocsp-service-locator OBJECT IDENTIFIER ::= { id-pkix-ocsp 7 }
-
-
-END
-
diff --git a/crypto/heimdal/lib/hx509/peer.c b/crypto/heimdal/lib/hx509/peer.c
deleted file mode 100644
index eb0ecd2bdefb..000000000000
--- a/crypto/heimdal/lib/hx509/peer.c
+++ /dev/null
@@ -1,202 +0,0 @@
-/*
- * Copyright (c) 2006 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-RCSID("$Id: peer.c 22345 2007-12-26 19:03:51Z lha $");
-
-/**
- * @page page_peer Hx509 crypto selecting functions
- *
- * Peer info structures are used togeter with hx509_crypto_select() to
- * select the best avaible crypto algorithm to use.
- *
- * See the library functions here: @ref hx509_peer
- */
-
-/**
- * Allocate a new peer info structure an init it to default values.
- *
- * @param context A hx509 context.
- * @param peer return an allocated peer, free with hx509_peer_info_free().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_peer
- */
-
-int
-hx509_peer_info_alloc(hx509_context context, hx509_peer_info *peer)
-{
-    *peer = calloc(1, sizeof(**peer));
-    if (*peer == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-    return 0;
-}
-
-
-static void
-free_cms_alg(hx509_peer_info peer)
-{
-    if (peer->val) {
-	size_t i;
-	for (i = 0; i < peer->len; i++)
-	    free_AlgorithmIdentifier(&peer->val[i]);
-	free(peer->val);
-	peer->val = NULL;
-	peer->len = 0;
-    }
-}
-
-/**
- * Free a peer info structure.
- *
- * @param peer peer info to be freed.
- *
- * @ingroup hx509_peer
- */
-
-void
-hx509_peer_info_free(hx509_peer_info peer)
-{
-    if (peer == NULL)
-	return;
-    if (peer->cert)
-	hx509_cert_free(peer->cert);
-    free_cms_alg(peer);
-    memset(peer, 0, sizeof(*peer));
-    free(peer);
-}
-
-/**
- * Set the certificate that remote peer is using.
- *
- * @param peer peer info to update
- * @param cert cerificate of the remote peer.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_peer
- */
-
-int
-hx509_peer_info_set_cert(hx509_peer_info peer,
-			 hx509_cert cert)
-{
-    if (peer->cert)
-	hx509_cert_free(peer->cert);
-    peer->cert = hx509_cert_ref(cert);
-    return 0;
-}
-
-/**
- * Set the algorithms that the peer supports.
- *
- * @param context A hx509 context.
- * @param peer the peer to set the new algorithms for
- * @param val array of supported AlgorithmsIdentiers
- * @param len length of array val.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_peer
- */
-
-int
-hx509_peer_info_set_cms_algs(hx509_context context,
-			     hx509_peer_info peer,
-			     const AlgorithmIdentifier *val,
-			     size_t len)
-{
-    size_t i;
-
-    free_cms_alg(peer);
-
-    peer->val = calloc(len, sizeof(*peer->val));
-    if (peer->val == NULL) {
-	peer->len = 0;
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-    peer->len = len;
-    for (i = 0; i < len; i++) {
-	int ret;
-	ret = copy_AlgorithmIdentifier(&val[i], &peer->val[i]);
-	if (ret) {
-	    hx509_clear_error_string(context);
-	    free_cms_alg(peer);
-	    return ret;
-	}
-    }
-    return 0;
-}
-
-#if 0
-
-/*
- * S/MIME
- */
-
-int
-hx509_peer_info_parse_smime(hx509_peer_info peer,
-			    const heim_octet_string *data)
-{
-    return 0;
-}
-
-int
-hx509_peer_info_unparse_smime(hx509_peer_info peer,
-			      heim_octet_string *data)
-{
-    return 0;
-}
-
-/*
- * For storing hx509_peer_info to be able to cache them.
- */
-
-int
-hx509_peer_info_parse(hx509_peer_info peer,
-		      const heim_octet_string *data)
-{
-    return 0;
-}
-
-int
-hx509_peer_info_unparse(hx509_peer_info peer,
-			heim_octet_string *data)
-{
-    return 0;
-}
-#endif
diff --git a/crypto/heimdal/lib/hx509/pkcs10.asn1 b/crypto/heimdal/lib/hx509/pkcs10.asn1
deleted file mode 100644
index 518fe3bfa36a..000000000000
--- a/crypto/heimdal/lib/hx509/pkcs10.asn1
+++ /dev/null
@@ -1,25 +0,0 @@
--- $Id: pkcs10.asn1 16918 2006-04-01 09:46:57Z lha $
-PKCS10 DEFINITIONS ::=
-
-BEGIN
-
-IMPORTS
-	Name, SubjectPublicKeyInfo, Attribute, AlgorithmIdentifier
-	FROM rfc2459;
-
-
-CertificationRequestInfo ::= SEQUENCE {
-    version       INTEGER { pkcs10-v1(0) },
-    subject       Name,
-    subjectPKInfo SubjectPublicKeyInfo,
-    attributes    [0] IMPLICIT SET OF Attribute OPTIONAL 
-}
-
-CertificationRequest ::= SEQUENCE {
-    certificationRequestInfo CertificationRequestInfo,
-    signatureAlgorithm	     AlgorithmIdentifier,
-    signature                BIT STRING
-}
-
-END
-
diff --git a/crypto/heimdal/lib/hx509/print.c b/crypto/heimdal/lib/hx509/print.c
deleted file mode 100644
index 78ebbafb2f67..000000000000
--- a/crypto/heimdal/lib/hx509/print.c
+++ /dev/null
@@ -1,990 +0,0 @@
-/*
- * Copyright (c) 2004 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-RCSID("$Id: print.c 22420 2008-01-13 09:42:35Z lha $");
-
-/**
- * @page page_print Hx509 printing functions
- *
- * See the library functions here: @ref hx509_print
- */
-
-struct hx509_validate_ctx_data {
-    int flags;
-    hx509_vprint_func vprint_func;
-    void *ctx;
-};
-
-struct cert_status {
-    unsigned int selfsigned:1;
-    unsigned int isca:1;
-    unsigned int isproxy:1;
-    unsigned int haveSAN:1;
-    unsigned int haveIAN:1;
-    unsigned int haveSKI:1;
-    unsigned int haveAKI:1;
-    unsigned int haveCRLDP:1;
-};
-
-
-/*
- *
- */
-
-static int
-Time2string(const Time *T, char **str)
-{
-    time_t t;
-    char *s;
-    struct tm *tm;
-
-    *str = NULL;
-    t = _hx509_Time2time_t(T);
-    tm = gmtime (&t);
-    s = malloc(30);
-    if (s == NULL)
-	return ENOMEM;
-    strftime(s, 30, "%Y-%m-%d %H:%M:%S", tm);
-    *str = s;
-    return 0;
-}
-
-/**
- * Helper function to print on stdout for:
- * - hx509_oid_print(),
- * - hx509_bitstring_print(),
- * - hx509_validate_ctx_set_print().
- *
- * @param ctx the context to the print function. If the ctx is NULL,
- * stdout is used.
- * @param fmt the printing format.
- * @param va the argumet list.
- *
- * @ingroup hx509_print
- */
-
-void
-hx509_print_stdout(void *ctx, const char *fmt, va_list va)
-{
-    FILE *f = ctx;
-    if (f == NULL)
-	f = stdout;
-    vfprintf(f, fmt, va);
-}
-
-static void
-print_func(hx509_vprint_func func, void *ctx, const char *fmt, ...)
-{
-    va_list va;
-    va_start(va, fmt);
-    (*func)(ctx, fmt, va);
-    va_end(va);
-}
-
-/**
- * Print a oid to a string.
- * 
- * @param oid oid to print
- * @param str allocated string, free with hx509_xfree().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_print
- */
-
-int
-hx509_oid_sprint(const heim_oid *oid, char **str)
-{
-    return der_print_heim_oid(oid, '.', str);
-}
-
-/**
- * Print a oid using a hx509_vprint_func function. To print to stdout
- * use hx509_print_stdout().
- * 
- * @param oid oid to print
- * @param func hx509_vprint_func to print with.
- * @param ctx context variable to hx509_vprint_func function.
- *
- * @ingroup hx509_print
- */
-
-void
-hx509_oid_print(const heim_oid *oid, hx509_vprint_func func, void *ctx)
-{
-    char *str;
-    hx509_oid_sprint(oid, &str);
-    print_func(func, ctx, "%s", str);
-    free(str);
-}
-
-/**
- * Print a bitstring using a hx509_vprint_func function. To print to
- * stdout use hx509_print_stdout().
- * 
- * @param b bit string to print.
- * @param func hx509_vprint_func to print with.
- * @param ctx context variable to hx509_vprint_func function.
- *
- * @ingroup hx509_print
- */
-
-void
-hx509_bitstring_print(const heim_bit_string *b,
-		      hx509_vprint_func func, void *ctx)
-{
-    int i;
-    print_func(func, ctx, "\tlength: %d\n\t", b->length);
-    for (i = 0; i < (b->length + 7) / 8; i++)
-	print_func(func, ctx, "%02x%s%s",
-		   ((unsigned char *)b->data)[i], 
-		   i < (b->length - 7) / 8
-		   && (i == 0 || (i % 16) != 15) ? ":" : "",
-		   i != 0 && (i % 16) == 15 ?
-		   (i <= ((b->length + 7) / 8 - 2) ? "\n\t" : "\n"):"");
-}
-
-/**
- * Print certificate usage for a certificate to a string.
- * 
- * @param context A hx509 context.
- * @param c a certificate print the keyusage for.
- * @param s the return string with the keysage printed in to, free
- * with hx509_xfree().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_print
- */
-
-int
-hx509_cert_keyusage_print(hx509_context context, hx509_cert c, char **s)
-{
-    KeyUsage ku;
-    char buf[256];
-    int ret;
-
-    *s = NULL;
-
-    ret = _hx509_cert_get_keyusage(context, c, &ku);
-    if (ret)
-	return ret;
-    unparse_flags(KeyUsage2int(ku), asn1_KeyUsage_units(), buf, sizeof(buf));
-    *s = strdup(buf);
-    if (*s == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-
-    return 0;
-}
-
-/*
- *
- */
-
-static void
-validate_vprint(void *c, const char *fmt, va_list va)
-{
-    hx509_validate_ctx ctx = c;
-    if (ctx->vprint_func == NULL)
-	return;
-    (ctx->vprint_func)(ctx->ctx, fmt, va);
-}
-
-static void
-validate_print(hx509_validate_ctx ctx, int flags, const char *fmt, ...)
-{
-    va_list va;
-    if ((ctx->flags & flags) == 0)
-	return;
-    va_start(va, fmt);
-    validate_vprint(ctx, fmt, va);
-    va_end(va);
-}
-
-/* 
- * Dont Care, SHOULD critical, SHOULD NOT critical, MUST critical,
- * MUST NOT critical
- */
-enum critical_flag { D_C = 0, S_C, S_N_C, M_C, M_N_C };
-
-static int
-check_Null(hx509_validate_ctx ctx,
-	   struct cert_status *status,
-	   enum critical_flag cf, const Extension *e)
-{
-    switch(cf) {
-    case D_C:
-	break;
-    case S_C:
-	if (!e->critical)
-	    validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-			   "\tCritical not set on SHOULD\n");
-	break;
-    case S_N_C:
-	if (e->critical)
-	    validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-			   "\tCritical set on SHOULD NOT\n");
-	break;
-    case M_C:
-	if (!e->critical)
-	    validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-			   "\tCritical not set on MUST\n");
-	break;
-    case M_N_C:
-	if (e->critical)
-	    validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-			   "\tCritical set on MUST NOT\n");
-	break;
-    default:
-	_hx509_abort("internal check_Null state error");
-    }
-    return 0;
-}
-
-static int
-check_subjectKeyIdentifier(hx509_validate_ctx ctx, 
-			   struct cert_status *status,
-			   enum critical_flag cf,
-			   const Extension *e)
-{
-    SubjectKeyIdentifier si;
-    size_t size;
-    int ret;
-
-    status->haveSKI = 1;
-    check_Null(ctx, status, cf, e);
-
-    ret = decode_SubjectKeyIdentifier(e->extnValue.data, 
-				      e->extnValue.length,
-				      &si, &size);
-    if (ret) {
-	validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-		       "Decoding SubjectKeyIdentifier failed: %d", ret);
-	return 1;
-    }
-    if (size != e->extnValue.length) {
-	validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-		       "Decoding SKI ahve extra bits on the end");
-	return 1;
-    }
-    if (si.length == 0)
-	validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-		       "SKI is too short (0 bytes)");
-    if (si.length > 20)
-	validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-		       "SKI is too long");
-
-    {
-	char *id;
-	hex_encode(si.data, si.length, &id);
-	if (id) {
-	    validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
-			   "\tsubject key id: %s\n", id);
-	    free(id);
-	}
-    }
-
-    free_SubjectKeyIdentifier(&si);
-
-    return 0;
-}
-
-static int
-check_authorityKeyIdentifier(hx509_validate_ctx ctx, 
-			     struct cert_status *status,
-			     enum critical_flag cf,
-			     const Extension *e)
-{
-    AuthorityKeyIdentifier ai;
-    size_t size;
-    int ret;
-
-    status->haveAKI = 1;
-    check_Null(ctx, status, cf, e);
-
-    status->haveSKI = 1;
-    check_Null(ctx, status, cf, e);
-
-    ret = decode_AuthorityKeyIdentifier(e->extnValue.data, 
-					e->extnValue.length,
-					&ai, &size);
-    if (ret) {
-	validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-		       "Decoding AuthorityKeyIdentifier failed: %d", ret);
-	return 1;
-    }
-    if (size != e->extnValue.length) {
-	validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-		       "Decoding SKI ahve extra bits on the end");
-	return 1;
-    }
-
-    if (ai.keyIdentifier) {
-	char *id;
-	hex_encode(ai.keyIdentifier->data, ai.keyIdentifier->length, &id);
-	if (id) {
-	    validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
-			   "\tauthority key id: %s\n", id);
-	    free(id);
-	}
-    }
-
-    return 0;
-}
-
-
-static int
-check_pkinit_san(hx509_validate_ctx ctx, heim_any *a)
-{
-    KRB5PrincipalName kn;
-    unsigned i;
-    size_t size;
-    int ret;
-
-    ret = decode_KRB5PrincipalName(a->data, a->length, &kn, &size);
-    if (ret) {
-	validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-		       "Decoding kerberos name in SAN failed: %d", ret);
-	return 1;
-    }
-
-    if (size != a->length) {
-	validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-		       "Decoding kerberos name have extra bits on the end");
-	return 1;
-    }
-
-    /* print kerberos principal, add code to quote / within components */
-    for (i = 0; i < kn.principalName.name_string.len; i++) {
-	validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "%s", 
-		       kn.principalName.name_string.val[i]);
-	if (i + 1 < kn.principalName.name_string.len)
-	    validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "/");
-    }
-    validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "@");
-    validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "%s", kn.realm);
-
-    free_KRB5PrincipalName(&kn);
-    return 0;
-}
-
-static int
-check_utf8_string_san(hx509_validate_ctx ctx, heim_any *a)
-{
-    PKIXXmppAddr jid;
-    size_t size;
-    int ret;
-
-    ret = decode_PKIXXmppAddr(a->data, a->length, &jid, &size);
-    if (ret) {
-	validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-		       "Decoding JID in SAN failed: %d", ret);
-	return 1;
-    }
-
-    validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "%s", jid);
-    free_PKIXXmppAddr(&jid);
-
-    return 0;
-}
-
-static int
-check_altnull(hx509_validate_ctx ctx, heim_any *a)
-{
-    return 0;
-}
-
-static int
-check_CRLDistributionPoints(hx509_validate_ctx ctx, 
-			   struct cert_status *status,
-			   enum critical_flag cf,
-			   const Extension *e)
-{
-    CRLDistributionPoints dp;
-    size_t size;
-    int ret, i;
-
-    check_Null(ctx, status, cf, e);
-
-    ret = decode_CRLDistributionPoints(e->extnValue.data, 
-				       e->extnValue.length,
-				       &dp, &size);
-    if (ret) {
-	validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-		       "Decoding CRL Distribution Points failed: %d\n", ret);
-	return 1;
-    }
-
-    validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "CRL Distribution Points:\n");
-    for (i = 0 ; i < dp.len; i++) {
-	if (dp.val[i].distributionPoint) {
-	    DistributionPointName dpname;
-	    heim_any *data = dp.val[i].distributionPoint;
-	    int j;
-	    
-	    ret = decode_DistributionPointName(data->data, data->length,
-					       &dpname, NULL);
-	    if (ret) {
-		validate_print(ctx, HX509_VALIDATE_F_VALIDATE, 
-			       "Failed to parse CRL Distribution Point Name: %d\n", ret);
-		continue;
-	    }
-
-	    switch (dpname.element) {
-	    case choice_DistributionPointName_fullName:
-		validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "Fullname:\n");
-		
-		for (j = 0 ; j < dpname.u.fullName.len; j++) {
-		    char *s;
-		    GeneralName *name = &dpname.u.fullName.val[j];
-
-		    ret = hx509_general_name_unparse(name, &s);
-		    if (ret == 0 && s != NULL) {
-			validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "   %s\n", s);
-			free(s);
-		    }
-		}
-		break;
-	    case choice_DistributionPointName_nameRelativeToCRLIssuer:
-		validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
-			       "Unknown nameRelativeToCRLIssuer");
-		break;
-	    default:
-		validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-			       "Unknown DistributionPointName");
-		break;
-	    }
-	    free_DistributionPointName(&dpname);
-	}
-    }
-    free_CRLDistributionPoints(&dp);
-
-    status->haveCRLDP = 1;
-
-    return 0;
-}
-
-
-struct {
-    const char *name;
-    const heim_oid *(*oid)(void);
-    int (*func)(hx509_validate_ctx, heim_any *);
-} check_altname[] = {
-    { "pk-init", oid_id_pkinit_san, check_pkinit_san },
-    { "jabber", oid_id_pkix_on_xmppAddr, check_utf8_string_san },
-    { "dns-srv", oid_id_pkix_on_dnsSRV, check_altnull },
-    { "card-id", oid_id_uspkicommon_card_id, check_altnull },
-    { "Microsoft NT-PRINCIPAL-NAME", oid_id_pkinit_ms_san, check_utf8_string_san }
-};
-
-static int
-check_altName(hx509_validate_ctx ctx,
-	      struct cert_status *status,
-	      const char *name,
-	      enum critical_flag cf,
-	      const Extension *e)
-{
-    GeneralNames gn;
-    size_t size;
-    int ret, i;
-
-    check_Null(ctx, status, cf, e);
-
-    if (e->extnValue.length == 0) {
-	validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-		       "%sAltName empty, not allowed", name);
-	return 1;
-    }
-    ret = decode_GeneralNames(e->extnValue.data, e->extnValue.length,
-			      &gn, &size);
-    if (ret) {
-	validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-		       "\tret = %d while decoding %s GeneralNames\n", 
-		       ret, name);
-	return 1;
-    }
-    if (gn.len == 0) {
-	validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-		       "%sAltName generalName empty, not allowed\n", name);
-	return 1;
-    }
-
-    for (i = 0; i < gn.len; i++) {
-	switch (gn.val[i].element) {
-	case choice_GeneralName_otherName: {
-	    unsigned j;
-
-	    validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
-			   "%sAltName otherName ", name);
-
-	    for (j = 0; j < sizeof(check_altname)/sizeof(check_altname[0]); j++) {
-		if (der_heim_oid_cmp((*check_altname[j].oid)(), 
-				     &gn.val[i].u.otherName.type_id) != 0)
-		    continue;
-		
-		validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "%s: ", 
-			       check_altname[j].name);
-		(*check_altname[j].func)(ctx, &gn.val[i].u.otherName.value);
-		break;
-	    }
-	    if (j == sizeof(check_altname)/sizeof(check_altname[0])) {
-		hx509_oid_print(&gn.val[i].u.otherName.type_id,
-				validate_vprint, ctx);
-		validate_print(ctx, HX509_VALIDATE_F_VERBOSE, " unknown");
-	    }
-	    validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "\n");
-	    break;
-	}
-	default: {
-	    char *s;
-	    ret = hx509_general_name_unparse(&gn.val[i], &s);
-	    if (ret) {
-		validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-			       "ret = %d unparsing GeneralName\n", ret);
-		return 1;
-	    }
-	    validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "%s\n", s);
-	    free(s);
-	    break;
-	}
-	}
-    }
-
-    free_GeneralNames(&gn);
-
-    return 0;
-}
-
-static int
-check_subjectAltName(hx509_validate_ctx ctx,
-		     struct cert_status *status,
-		     enum critical_flag cf,
-		     const Extension *e)
-{
-    status->haveSAN = 1;
-    return check_altName(ctx, status, "subject", cf, e);
-}
-
-static int
-check_issuerAltName(hx509_validate_ctx ctx,
-		    struct cert_status *status,
-		     enum critical_flag cf,
-		     const Extension *e)
-{
-    status->haveIAN = 1;
-    return check_altName(ctx, status, "issuer", cf, e);
-}
-
-
-static int
-check_basicConstraints(hx509_validate_ctx ctx, 
-		       struct cert_status *status,
-		       enum critical_flag cf, 
-		       const Extension *e)
-{
-    BasicConstraints b;
-    size_t size;
-    int ret;
-
-    check_Null(ctx, status, cf, e);
-    
-    ret = decode_BasicConstraints(e->extnValue.data, e->extnValue.length,
-				  &b, &size);
-    if (ret) {
-	printf("\tret = %d while decoding BasicConstraints\n", ret);
-	return 0;
-    }
-    if (size != e->extnValue.length)
-	printf("\tlength of der data isn't same as extension\n");
-
-    validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
-		   "\tis %sa CA\n", b.cA && *b.cA ? "" : "NOT ");
-    if (b.pathLenConstraint)
-	validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
-		       "\tpathLenConstraint: %d\n", *b.pathLenConstraint);
-
-    if (b.cA) {
-	if (*b.cA) {
-	    if (!e->critical)
-		validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-			       "Is a CA and not BasicConstraints CRITICAL\n");
-	    status->isca = 1;
-	}
-	else
-	    validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-			   "cA is FALSE, not allowed to be\n");
-    }
-    free_BasicConstraints(&b);
-
-    return 0;
-}
-
-static int
-check_proxyCertInfo(hx509_validate_ctx ctx, 
-		    struct cert_status *status,
-		    enum critical_flag cf, 
-		    const Extension *e)
-{
-    check_Null(ctx, status, cf, e);
-    status->isproxy = 1;
-    return 0;
-}
-
-static int
-check_authorityInfoAccess(hx509_validate_ctx ctx, 
-			  struct cert_status *status,
-			  enum critical_flag cf, 
-			  const Extension *e)
-{
-    AuthorityInfoAccessSyntax aia;
-    size_t size;
-    int ret, i;
-
-    check_Null(ctx, status, cf, e);
-
-    ret = decode_AuthorityInfoAccessSyntax(e->extnValue.data, 
-					   e->extnValue.length,
-					   &aia, &size);
-    if (ret) {
-	printf("\tret = %d while decoding AuthorityInfoAccessSyntax\n", ret);
-	return 0;
-    }
-
-    for (i = 0; i < aia.len; i++) {
-	char *str;
-	validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
-		       "\ttype: ");
-	hx509_oid_print(&aia.val[i].accessMethod, validate_vprint, ctx);
-	hx509_general_name_unparse(&aia.val[i].accessLocation, &str);
-	validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
-		       "\n\tdirname: %s\n", str);
-	free(str);
-    }
-    free_AuthorityInfoAccessSyntax(&aia);
-
-    return 0;
-}
-
-/*
- *
- */
-
-struct {
-    const char *name;
-    const heim_oid *(*oid)(void);
-    int (*func)(hx509_validate_ctx ctx, 
-		struct cert_status *status,
-		enum critical_flag cf, 
-		const Extension *);
-    enum critical_flag cf;
-} check_extension[] = {
-#define ext(name, checkname) #name, &oid_id_x509_ce_##name, check_##checkname 
-    { ext(subjectDirectoryAttributes, Null), M_N_C },
-    { ext(subjectKeyIdentifier, subjectKeyIdentifier), M_N_C },
-    { ext(keyUsage, Null), S_C },
-    { ext(subjectAltName, subjectAltName), M_N_C },
-    { ext(issuerAltName, issuerAltName), S_N_C },
-    { ext(basicConstraints, basicConstraints), D_C },
-    { ext(cRLNumber, Null), M_N_C },
-    { ext(cRLReason, Null), M_N_C },
-    { ext(holdInstructionCode, Null), M_N_C },
-    { ext(invalidityDate, Null), M_N_C },
-    { ext(deltaCRLIndicator, Null), M_C },
-    { ext(issuingDistributionPoint, Null), M_C },
-    { ext(certificateIssuer, Null), M_C },
-    { ext(nameConstraints, Null), M_C },
-    { ext(cRLDistributionPoints, CRLDistributionPoints), S_N_C },
-    { ext(certificatePolicies, Null) },
-    { ext(policyMappings, Null), M_N_C },
-    { ext(authorityKeyIdentifier, authorityKeyIdentifier), M_N_C },
-    { ext(policyConstraints, Null), D_C },
-    { ext(extKeyUsage, Null), D_C },
-    { ext(freshestCRL, Null), M_N_C },
-    { ext(inhibitAnyPolicy, Null), M_C },
-#undef ext
-#define ext(name, checkname) #name, &oid_id_pkix_pe_##name, check_##checkname 
-    { ext(proxyCertInfo, proxyCertInfo), M_C },
-    { ext(authorityInfoAccess, authorityInfoAccess), M_C },
-#undef ext
-    { "US Fed PKI - PIV Interim", oid_id_uspkicommon_piv_interim, 
-      check_Null, D_C },
-    { "Netscape cert comment", oid_id_netscape_cert_comment, 
-      check_Null, D_C },
-    { NULL }
-};
-
-/**
- * Allocate a hx509 validation/printing context.
- * 
- * @param context A hx509 context.
- * @param ctx a new allocated hx509 validation context, free with
- * hx509_validate_ctx_free().
-
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_print
- */
-
-int
-hx509_validate_ctx_init(hx509_context context, hx509_validate_ctx *ctx)
-{
-    *ctx = malloc(sizeof(**ctx));
-    if (*ctx == NULL)
-	return ENOMEM;
-    memset(*ctx, 0, sizeof(**ctx));
-    return 0;
-}
-
-/**
- * Set the printing functions for the validation context.
- * 
- * @param ctx a hx509 valication context.
- * @param func the printing function to usea.
- * @param c the context variable to the printing function.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_print
- */
-
-void
-hx509_validate_ctx_set_print(hx509_validate_ctx ctx, 
-			     hx509_vprint_func func,
-			     void *c)
-{
-    ctx->vprint_func = func;
-    ctx->ctx = c;
-}
-
-/**
- * Add flags to control the behaivor of the hx509_validate_cert()
- * function.
- * 
- * @param ctx A hx509 validation context.
- * @param flags flags to add to the validation context.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_print
- */
-
-void
-hx509_validate_ctx_add_flags(hx509_validate_ctx ctx, int flags)
-{
-    ctx->flags |= flags;
-}
-
-/**
- * Free an hx509 validate context.
- * 
- * @param ctx the hx509 validate context to free.
- *
- * @ingroup hx509_print
- */
-
-void
-hx509_validate_ctx_free(hx509_validate_ctx ctx)
-{
-    free(ctx);
-}
-
-/**
- * Validate/Print the status of the certificate.
- * 
- * @param context A hx509 context.
- * @param ctx A hx509 validation context.
- * @param cert the cerificate to validate/print.
-
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_print
- */
-
-int
-hx509_validate_cert(hx509_context context,
-		    hx509_validate_ctx ctx,
-		    hx509_cert cert)
-{
-    Certificate *c = _hx509_get_cert(cert);
-    TBSCertificate *t = &c->tbsCertificate;
-    hx509_name issuer, subject;
-    char *str;
-    struct cert_status status;
-    int ret;
-
-    memset(&status, 0, sizeof(status));
-
-    if (_hx509_cert_get_version(c) != 3)
-	validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
-		       "Not version 3 certificate\n");
-    
-    if ((t->version == NULL || *t->version < 2) && t->extensions)
-	validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-		       "Not version 3 certificate with extensions\n");
-	
-    if (_hx509_cert_get_version(c) >= 3 && t->extensions == NULL)
-	validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
-		       "Version 3 certificate without extensions\n");
-
-    ret = hx509_cert_get_subject(cert, &subject);
-    if (ret) abort();
-    hx509_name_to_string(subject, &str);
-    validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
-		   "subject name: %s\n", str);
-    free(str);
-
-    ret = hx509_cert_get_issuer(cert, &issuer);
-    if (ret) abort();
-    hx509_name_to_string(issuer, &str);
-    validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
-		   "issuer name: %s\n", str);
-    free(str);
-
-    if (hx509_name_cmp(subject, issuer) == 0) {
-	status.selfsigned = 1;
-	validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
-		       "\tis a self-signed certificate\n");
-    }
-
-    validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
-		   "Validity:\n");
-
-    Time2string(&t->validity.notBefore, &str);
-    validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "\tnotBefore %s\n", str);
-    free(str);
-    Time2string(&t->validity.notAfter, &str);
-    validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "\tnotAfter  %s\n", str);
-    free(str);
-
-    if (t->extensions) {
-	int i, j;
-
-	if (t->extensions->len == 0) {
-	    validate_print(ctx,
-			   HX509_VALIDATE_F_VALIDATE|HX509_VALIDATE_F_VERBOSE,
-			   "The empty extensions list is not "
-			   "allowed by PKIX\n");
-	}
-
-	for (i = 0; i < t->extensions->len; i++) {
-
-	    for (j = 0; check_extension[j].name; j++)
-		if (der_heim_oid_cmp((*check_extension[j].oid)(),
-				     &t->extensions->val[i].extnID) == 0)
-		    break;
-	    if (check_extension[j].name == NULL) {
-		int flags = HX509_VALIDATE_F_VERBOSE;
-		if (t->extensions->val[i].critical)
-		    flags |= HX509_VALIDATE_F_VALIDATE;
-		validate_print(ctx, flags, "don't know what ");
-		if (t->extensions->val[i].critical)
-		    validate_print(ctx, flags, "and is CRITICAL ");
-		if (ctx->flags & flags)
-		    hx509_oid_print(&t->extensions->val[i].extnID, 
-				    validate_vprint, ctx);
-		validate_print(ctx, flags, " is\n");
-		continue;
-	    }
-	    validate_print(ctx,
-			   HX509_VALIDATE_F_VALIDATE|HX509_VALIDATE_F_VERBOSE,
-			   "checking extention: %s\n",
-			   check_extension[j].name);
-	    (*check_extension[j].func)(ctx,
-				       &status,
-				       check_extension[j].cf,
-				       &t->extensions->val[i]);
-	}
-    } else
-	validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "no extentions\n");
-	
-    if (status.isca) {
-	if (!status.haveSKI)
-	    validate_print(ctx, HX509_VALIDATE_F_VALIDATE, 
-			   "CA certificate have no SubjectKeyIdentifier\n");
-
-    } else {
-	if (!status.haveAKI)
-	    validate_print(ctx, HX509_VALIDATE_F_VALIDATE, 
-			   "Is not CA and doesn't have "
-			   "AuthorityKeyIdentifier\n");
-    }
-	    
-
-    if (!status.haveSKI)
-	validate_print(ctx, HX509_VALIDATE_F_VALIDATE, 
-		       "Doesn't have SubjectKeyIdentifier\n");
-
-    if (status.isproxy && status.isca)
-	validate_print(ctx, HX509_VALIDATE_F_VALIDATE, 
-		       "Proxy and CA at the same time!\n");
-
-    if (status.isproxy) {
-	if (status.haveSAN)
-	    validate_print(ctx, HX509_VALIDATE_F_VALIDATE, 
-			   "Proxy and have SAN\n");
-	if (status.haveIAN)
-	    validate_print(ctx, HX509_VALIDATE_F_VALIDATE, 
-			   "Proxy and have IAN\n");
-    }
-
-    if (hx509_name_is_null_p(subject) && !status.haveSAN)
-	validate_print(ctx, HX509_VALIDATE_F_VALIDATE, 
-		       "NULL subject DN and doesn't have a SAN\n");
-
-    if (!status.selfsigned && !status.haveCRLDP)
-	validate_print(ctx, HX509_VALIDATE_F_VALIDATE, 
-		       "Not a CA nor PROXY and doesn't have"
-		       "CRL Dist Point\n");
-
-    if (status.selfsigned) {
-	ret = _hx509_verify_signature_bitstring(context,
-						c,
-						&c->signatureAlgorithm,
-						&c->tbsCertificate._save,
-						&c->signatureValue);
-	if (ret == 0)
-	    validate_print(ctx, HX509_VALIDATE_F_VERBOSE, 
-			   "Self-signed certificate was self-signed\n");
-	else
-	    validate_print(ctx, HX509_VALIDATE_F_VALIDATE, 
-			   "Self-signed certificate NOT really self-signed!\n");
-    }
-
-    hx509_name_free(&subject);
-    hx509_name_free(&issuer);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/hx509/ref/pkcs11.h b/crypto/heimdal/lib/hx509/ref/pkcs11.h
deleted file mode 100644
index 2e6a1e3ed307..000000000000
--- a/crypto/heimdal/lib/hx509/ref/pkcs11.h
+++ /dev/null
@@ -1,1357 +0,0 @@
-/* pkcs11.h
-   Copyright 2006, 2007 g10 Code GmbH
-   Copyright 2006 Andreas Jellinghaus
-
-   This file is free software; as a special exception the author gives
-   unlimited permission to copy and/or distribute it, with or without
-   modifications, as long as this notice is preserved.
-
-   This file is distributed in the hope that it will be useful, but
-   WITHOUT ANY WARRANTY, to the extent permitted by law; without even
-   the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-   PURPOSE.  */
-
-/* Please submit changes back to the Scute project at
-   http://www.scute.org/ (or send them to marcus@g10code.com), so that
-   they can be picked up by other projects from there as well.  */
-
-/* This file is a modified implementation of the PKCS #11 standard by
-   RSA Security Inc.  It is mostly a drop-in replacement, with the
-   following change:
-
-   This header file does not require any macro definitions by the user
-   (like CK_DEFINE_FUNCTION etc).  In fact, it defines those macros
-   for you (if useful, some are missing, let me know if you need
-   more).
-
-   There is an additional API available that does comply better to the
-   GNU coding standard.  It can be switched on by defining
-   CRYPTOKI_GNU before including this header file.  For this, the
-   following changes are made to the specification:
-
-   All structure types are changed to a "struct ck_foo" where CK_FOO
-   is the type name in PKCS #11.
-
-   All non-structure types are changed to ck_foo_t where CK_FOO is the
-   lowercase version of the type name in PKCS #11.  The basic types
-   (CK_ULONG et al.) are removed without substitute.
-
-   All members of structures are modified in the following way: Type
-   indication prefixes are removed, and underscore characters are
-   inserted before words.  Then the result is lowercased.
-
-   Note that function names are still in the original case, as they
-   need for ABI compatibility.
-
-   CK_FALSE, CK_TRUE and NULL_PTR are removed without substitute.  Use
-   <stdbool.h>.
-
-   If CRYPTOKI_COMPAT is defined before including this header file,
-   then none of the API changes above take place, and the API is the
-   one defined by the PKCS #11 standard.  */
-
-#ifndef PKCS11_H
-#define PKCS11_H 1
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-
-/* The version of cryptoki we implement.  The revision is changed with
-   each modification of this file.  If you do not use the "official"
-   version of this file, please consider deleting the revision macro
-   (you may use a macro with a different name to keep track of your
-   versions).  */
-#define CRYPTOKI_VERSION_MAJOR		2
-#define CRYPTOKI_VERSION_MINOR		20
-#define CRYPTOKI_VERSION_REVISION	6
-
-
-/* Compatibility interface is default, unless CRYPTOKI_GNU is
-   given.  */
-#ifndef CRYPTOKI_GNU
-#ifndef CRYPTOKI_COMPAT
-#define CRYPTOKI_COMPAT 1
-#endif
-#endif
-
-/* System dependencies.  */
-
-#if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32)
-
-/* There is a matching pop below.  */
-#pragma pack(push, cryptoki, 1)
-
-#ifdef CRYPTOKI_EXPORTS
-#define CK_SPEC __declspec(dllexport)
-#else
-#define CK_SPEC __declspec(dllimport)
-#endif
-
-#else
-
-#define CK_SPEC
-
-#endif
-
-
-#ifdef CRYPTOKI_COMPAT
-  /* If we are in compatibility mode, switch all exposed names to the
-     PKCS #11 variant.  There are corresponding #undefs below.  */
-
-#define ck_flags_t CK_FLAGS
-#define ck_version _CK_VERSION
-
-#define ck_info _CK_INFO
-#define cryptoki_version cryptokiVersion
-#define manufacturer_id manufacturerID
-#define library_description libraryDescription
-#define library_version libraryVersion
-
-#define ck_notification_t CK_NOTIFICATION
-#define ck_slot_id_t CK_SLOT_ID
-
-#define ck_slot_info _CK_SLOT_INFO
-#define slot_description slotDescription
-#define hardware_version hardwareVersion
-#define firmware_version firmwareVersion
-
-#define ck_token_info _CK_TOKEN_INFO
-#define serial_number serialNumber
-#define max_session_count ulMaxSessionCount
-#define session_count ulSessionCount
-#define max_rw_session_count ulMaxRwSessionCount
-#define rw_session_count ulRwSessionCount
-#define max_pin_len ulMaxPinLen
-#define min_pin_len ulMinPinLen
-#define total_public_memory ulTotalPublicMemory
-#define free_public_memory ulFreePublicMemory
-#define total_private_memory ulTotalPrivateMemory
-#define free_private_memory ulFreePrivateMemory
-#define utc_time utcTime
-
-#define ck_session_handle_t CK_SESSION_HANDLE
-#define ck_user_type_t CK_USER_TYPE
-#define ck_state_t CK_STATE
-
-#define ck_session_info _CK_SESSION_INFO
-#define slot_id slotID
-#define device_error ulDeviceError
-
-#define ck_object_handle_t CK_OBJECT_HANDLE
-#define ck_object_class_t CK_OBJECT_CLASS
-#define ck_hw_feature_type_t CK_HW_FEATURE_TYPE
-#define ck_key_type_t CK_KEY_TYPE
-#define ck_certificate_type_t CK_CERTIFICATE_TYPE
-#define ck_attribute_type_t CK_ATTRIBUTE_TYPE
-
-#define ck_attribute _CK_ATTRIBUTE
-#define value pValue
-#define value_len ulValueLen
-
-#define ck_date _CK_DATE
-
-#define ck_mechanism_type_t CK_MECHANISM_TYPE
-
-#define ck_mechanism _CK_MECHANISM
-#define parameter pParameter
-#define parameter_len ulParameterLen
-
-#define ck_mechanism_info _CK_MECHANISM_INFO
-#define min_key_size ulMinKeySize
-#define max_key_size ulMaxKeySize
-
-#define ck_rv_t CK_RV
-#define ck_notify_t CK_NOTIFY
-
-#define ck_function_list _CK_FUNCTION_LIST
-
-#define ck_createmutex_t CK_CREATEMUTEX
-#define ck_destroymutex_t CK_DESTROYMUTEX
-#define ck_lockmutex_t CK_LOCKMUTEX
-#define ck_unlockmutex_t CK_UNLOCKMUTEX
-
-#define ck_c_initialize_args _CK_C_INITIALIZE_ARGS
-#define create_mutex CreateMutex
-#define destroy_mutex DestroyMutex
-#define lock_mutex LockMutex
-#define unlock_mutex UnlockMutex
-#define reserved pReserved
-
-#endif	/* CRYPTOKI_COMPAT */
-
-
-
-typedef unsigned long ck_flags_t;
-
-struct ck_version
-{
-  unsigned char major;
-  unsigned char minor;
-};
-
-
-struct ck_info
-{
-  struct ck_version cryptoki_version;
-  unsigned char manufacturer_id[32];
-  ck_flags_t flags;
-  unsigned char library_description[32];
-  struct ck_version library_version;
-};
-
-
-typedef unsigned long ck_notification_t;
-
-#define CKN_SURRENDER	(0)
-
-
-typedef unsigned long ck_slot_id_t;
-
-
-struct ck_slot_info
-{
-  unsigned char slot_description[64];
-  unsigned char manufacturer_id[32];
-  ck_flags_t flags;
-  struct ck_version hardware_version;
-  struct ck_version firmware_version;
-};
-
-
-#define CKF_TOKEN_PRESENT	(1 << 0)
-#define CKF_REMOVABLE_DEVICE	(1 << 1)
-#define CKF_HW_SLOT		(1 << 2)
-#define CKF_ARRAY_ATTRIBUTE	(1 << 30)
-
-
-struct ck_token_info
-{
-  unsigned char label[32];
-  unsigned char manufacturer_id[32];
-  unsigned char model[16];
-  unsigned char serial_number[16];
-  ck_flags_t flags;
-  unsigned long max_session_count;
-  unsigned long session_count;
-  unsigned long max_rw_session_count;
-  unsigned long rw_session_count;
-  unsigned long max_pin_len;
-  unsigned long min_pin_len;
-  unsigned long total_public_memory;
-  unsigned long free_public_memory;
-  unsigned long total_private_memory;
-  unsigned long free_private_memory;
-  struct ck_version hardware_version;
-  struct ck_version firmware_version;
-  unsigned char utc_time[16];
-};
-
-
-#define CKF_RNG					(1 << 0)
-#define CKF_WRITE_PROTECTED			(1 << 1)
-#define CKF_LOGIN_REQUIRED			(1 << 2)
-#define CKF_USER_PIN_INITIALIZED		(1 << 3)
-#define CKF_RESTORE_KEY_NOT_NEEDED		(1 << 5)
-#define CKF_CLOCK_ON_TOKEN			(1 << 6)
-#define CKF_PROTECTED_AUTHENTICATION_PATH	(1 << 8)
-#define CKF_DUAL_CRYPTO_OPERATIONS		(1 << 9)
-#define CKF_TOKEN_INITIALIZED			(1 << 10)
-#define CKF_SECONDARY_AUTHENTICATION		(1 << 11)
-#define CKF_USER_PIN_COUNT_LOW			(1 << 16)
-#define CKF_USER_PIN_FINAL_TRY			(1 << 17)
-#define CKF_USER_PIN_LOCKED			(1 << 18)
-#define CKF_USER_PIN_TO_BE_CHANGED		(1 << 19)
-#define CKF_SO_PIN_COUNT_LOW			(1 << 20)
-#define CKF_SO_PIN_FINAL_TRY			(1 << 21)
-#define CKF_SO_PIN_LOCKED			(1 << 22)
-#define CKF_SO_PIN_TO_BE_CHANGED		(1 << 23)
-
-#define CK_UNAVAILABLE_INFORMATION	((unsigned long) -1)
-#define CK_EFFECTIVELY_INFINITE		(0)
-
-
-typedef unsigned long ck_session_handle_t;
-
-#define CK_INVALID_HANDLE	(0)
-
-
-typedef unsigned long ck_user_type_t;
-
-#define CKU_SO			(0)
-#define CKU_USER		(1)
-#define CKU_CONTEXT_SPECIFIC	(2)
-
-
-typedef unsigned long ck_state_t;
-
-#define CKS_RO_PUBLIC_SESSION	(0)
-#define CKS_RO_USER_FUNCTIONS	(1)
-#define CKS_RW_PUBLIC_SESSION	(2)
-#define CKS_RW_USER_FUNCTIONS	(3)
-#define CKS_RW_SO_FUNCTIONS	(4)
-
-
-struct ck_session_info
-{
-  ck_slot_id_t slot_id;
-  ck_state_t state;
-  ck_flags_t flags;
-  unsigned long device_error;
-};
-
-#define CKF_RW_SESSION		(1 << 1)
-#define CKF_SERIAL_SESSION	(1 << 2)
-
-
-typedef unsigned long ck_object_handle_t;
-
-
-typedef unsigned long ck_object_class_t;
-
-#define CKO_DATA		(0)
-#define CKO_CERTIFICATE		(1)
-#define CKO_PUBLIC_KEY		(2)
-#define CKO_PRIVATE_KEY		(3)
-#define CKO_SECRET_KEY		(4)
-#define CKO_HW_FEATURE		(5)
-#define CKO_DOMAIN_PARAMETERS	(6)
-#define CKO_MECHANISM		(7)
-#define CKO_VENDOR_DEFINED	((unsigned long) (1 << 31))
-
-
-typedef unsigned long ck_hw_feature_type_t;
-
-#define CKH_MONOTONIC_COUNTER	(1)
-#define CKH_CLOCK		(2)
-#define CKH_USER_INTERFACE	(3)
-#define CKH_VENDOR_DEFINED	((unsigned long) (1 << 31))
-
-
-typedef unsigned long ck_key_type_t;
-
-#define CKK_RSA			(0)
-#define CKK_DSA			(1)
-#define CKK_DH			(2)
-#define CKK_ECDSA		(3)
-#define CKK_EC			(3)
-#define CKK_X9_42_DH		(4)
-#define CKK_KEA			(5)
-#define CKK_GENERIC_SECRET	(0x10)
-#define CKK_RC2			(0x11)
-#define CKK_RC4			(0x12)
-#define CKK_DES			(0x13)
-#define CKK_DES2		(0x14)
-#define CKK_DES3		(0x15)
-#define CKK_CAST		(0x16)
-#define CKK_CAST3		(0x17)
-#define CKK_CAST128		(0x18)
-#define CKK_RC5			(0x19)
-#define CKK_IDEA		(0x1a)
-#define CKK_SKIPJACK		(0x1b)
-#define CKK_BATON		(0x1c)
-#define CKK_JUNIPER		(0x1d)
-#define CKK_CDMF		(0x1e)
-#define CKK_AES			(0x1f)
-#define CKK_BLOWFISH		(0x20)
-#define CKK_TWOFISH		(0x21)
-#define CKK_VENDOR_DEFINED	((unsigned long) (1 << 31))
-
-
-typedef unsigned long ck_certificate_type_t;
-
-#define CKC_X_509		(0)
-#define CKC_X_509_ATTR_CERT	(1)
-#define CKC_WTLS		(2)
-#define CKC_VENDOR_DEFINED	((unsigned long) (1 << 31))
-
-
-typedef unsigned long ck_attribute_type_t;
-
-#define CKA_CLASS			(0)
-#define CKA_TOKEN			(1)
-#define CKA_PRIVATE			(2)
-#define CKA_LABEL			(3)
-#define CKA_APPLICATION			(0x10)
-#define CKA_VALUE			(0x11)
-#define CKA_OBJECT_ID			(0x12)
-#define CKA_CERTIFICATE_TYPE		(0x80)
-#define CKA_ISSUER			(0x81)
-#define CKA_SERIAL_NUMBER		(0x82)
-#define CKA_AC_ISSUER			(0x83)
-#define CKA_OWNER			(0x84)
-#define CKA_ATTR_TYPES			(0x85)
-#define CKA_TRUSTED			(0x86)
-#define CKA_CERTIFICATE_CATEGORY	(0x87)
-#define CKA_JAVA_MIDP_SECURITY_DOMAIN	(0x88)
-#define CKA_URL				(0x89)
-#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY	(0x8a)
-#define CKA_HASH_OF_ISSUER_PUBLIC_KEY	(0x8b)
-#define CKA_CHECK_VALUE			(0x90)
-#define CKA_KEY_TYPE			(0x100)
-#define CKA_SUBJECT			(0x101)
-#define CKA_ID				(0x102)
-#define CKA_SENSITIVE			(0x103)
-#define CKA_ENCRYPT			(0x104)
-#define CKA_DECRYPT			(0x105)
-#define CKA_WRAP			(0x106)
-#define CKA_UNWRAP			(0x107)
-#define CKA_SIGN			(0x108)
-#define CKA_SIGN_RECOVER		(0x109)
-#define CKA_VERIFY			(0x10a)
-#define CKA_VERIFY_RECOVER		(0x10b)
-#define CKA_DERIVE			(0x10c)
-#define CKA_START_DATE			(0x110)
-#define CKA_END_DATE			(0x111)
-#define CKA_MODULUS			(0x120)
-#define CKA_MODULUS_BITS		(0x121)
-#define CKA_PUBLIC_EXPONENT		(0x122)
-#define CKA_PRIVATE_EXPONENT		(0x123)
-#define CKA_PRIME_1			(0x124)
-#define CKA_PRIME_2			(0x125)
-#define CKA_EXPONENT_1			(0x126)
-#define CKA_EXPONENT_2			(0x127)
-#define CKA_COEFFICIENT			(0x128)
-#define CKA_PRIME			(0x130)
-#define CKA_SUBPRIME			(0x131)
-#define CKA_BASE			(0x132)
-#define CKA_PRIME_BITS			(0x133)
-#define CKA_SUB_PRIME_BITS		(0x134)
-#define CKA_VALUE_BITS			(0x160)
-#define CKA_VALUE_LEN			(0x161)
-#define CKA_EXTRACTABLE			(0x162)
-#define CKA_LOCAL			(0x163)
-#define CKA_NEVER_EXTRACTABLE		(0x164)
-#define CKA_ALWAYS_SENSITIVE		(0x165)
-#define CKA_KEY_GEN_MECHANISM		(0x166)
-#define CKA_MODIFIABLE			(0x170)
-#define CKA_ECDSA_PARAMS		(0x180)
-#define CKA_EC_PARAMS			(0x180)
-#define CKA_EC_POINT			(0x181)
-#define CKA_SECONDARY_AUTH		(0x200)
-#define CKA_AUTH_PIN_FLAGS		(0x201)
-#define CKA_ALWAYS_AUTHENTICATE		(0x202)
-#define CKA_WRAP_WITH_TRUSTED		(0x210)
-#define CKA_HW_FEATURE_TYPE		(0x300)
-#define CKA_RESET_ON_INIT		(0x301)
-#define CKA_HAS_RESET			(0x302)
-#define CKA_PIXEL_X			(0x400)
-#define CKA_PIXEL_Y			(0x401)
-#define CKA_RESOLUTION			(0x402)
-#define CKA_CHAR_ROWS			(0x403)
-#define CKA_CHAR_COLUMNS		(0x404)
-#define CKA_COLOR			(0x405)
-#define CKA_BITS_PER_PIXEL		(0x406)
-#define CKA_CHAR_SETS			(0x480)
-#define CKA_ENCODING_METHODS		(0x481)
-#define CKA_MIME_TYPES			(0x482)
-#define CKA_MECHANISM_TYPE		(0x500)
-#define CKA_REQUIRED_CMS_ATTRIBUTES	(0x501)
-#define CKA_DEFAULT_CMS_ATTRIBUTES	(0x502)
-#define CKA_SUPPORTED_CMS_ATTRIBUTES	(0x503)
-#define CKA_WRAP_TEMPLATE		(CKF_ARRAY_ATTRIBUTE | 0x211)
-#define CKA_UNWRAP_TEMPLATE		(CKF_ARRAY_ATTRIBUTE | 0x212)
-#define CKA_ALLOWED_MECHANISMS		(CKF_ARRAY_ATTRIBUTE | 0x600)
-#define CKA_VENDOR_DEFINED		((unsigned long) (1 << 31))
-
-
-struct ck_attribute
-{
-  ck_attribute_type_t type;
-  void *value;
-  unsigned long value_len;
-};
-
-
-struct ck_date
-{
-  unsigned char year[4];
-  unsigned char month[2];
-  unsigned char day[2];
-};
-
-
-typedef unsigned long ck_mechanism_type_t;
-
-#define CKM_RSA_PKCS_KEY_PAIR_GEN	(0)
-#define CKM_RSA_PKCS			(1)
-#define CKM_RSA_9796			(2)
-#define CKM_RSA_X_509			(3)
-#define CKM_MD2_RSA_PKCS		(4)
-#define CKM_MD5_RSA_PKCS		(5)
-#define CKM_SHA1_RSA_PKCS		(6)
-#define CKM_RIPEMD128_RSA_PKCS		(7)
-#define CKM_RIPEMD160_RSA_PKCS		(8)
-#define CKM_RSA_PKCS_OAEP		(9)
-#define CKM_RSA_X9_31_KEY_PAIR_GEN	(0xa)
-#define CKM_RSA_X9_31			(0xb)
-#define CKM_SHA1_RSA_X9_31		(0xc)
-#define CKM_RSA_PKCS_PSS		(0xd)
-#define CKM_SHA1_RSA_PKCS_PSS		(0xe)
-#define CKM_DSA_KEY_PAIR_GEN		(0x10)
-#define	CKM_DSA				(0x11)
-#define CKM_DSA_SHA1			(0x12)
-#define CKM_DH_PKCS_KEY_PAIR_GEN	(0x20)
-#define CKM_DH_PKCS_DERIVE		(0x21)
-#define	CKM_X9_42_DH_KEY_PAIR_GEN	(0x30)
-#define CKM_X9_42_DH_DERIVE		(0x31)
-#define CKM_X9_42_DH_HYBRID_DERIVE	(0x32)
-#define CKM_X9_42_MQV_DERIVE		(0x33)
-#define CKM_SHA256_RSA_PKCS		(0x40)
-#define CKM_SHA384_RSA_PKCS		(0x41)
-#define CKM_SHA512_RSA_PKCS		(0x42)
-#define CKM_SHA256_RSA_PKCS_PSS		(0x43)
-#define CKM_SHA384_RSA_PKCS_PSS		(0x44)
-#define CKM_SHA512_RSA_PKCS_PSS		(0x45)
-#define CKM_RC2_KEY_GEN			(0x100)
-#define CKM_RC2_ECB			(0x101)
-#define	CKM_RC2_CBC			(0x102)
-#define	CKM_RC2_MAC			(0x103)
-#define CKM_RC2_MAC_GENERAL		(0x104)
-#define CKM_RC2_CBC_PAD			(0x105)
-#define CKM_RC4_KEY_GEN			(0x110)
-#define CKM_RC4				(0x111)
-#define CKM_DES_KEY_GEN			(0x120)
-#define CKM_DES_ECB			(0x121)
-#define CKM_DES_CBC			(0x122)
-#define CKM_DES_MAC			(0x123)
-#define CKM_DES_MAC_GENERAL		(0x124)
-#define CKM_DES_CBC_PAD			(0x125)
-#define CKM_DES2_KEY_GEN		(0x130)
-#define CKM_DES3_KEY_GEN		(0x131)
-#define CKM_DES3_ECB			(0x132)
-#define CKM_DES3_CBC			(0x133)
-#define CKM_DES3_MAC			(0x134)
-#define CKM_DES3_MAC_GENERAL		(0x135)
-#define CKM_DES3_CBC_PAD		(0x136)
-#define CKM_CDMF_KEY_GEN		(0x140)
-#define CKM_CDMF_ECB			(0x141)
-#define CKM_CDMF_CBC			(0x142)
-#define CKM_CDMF_MAC			(0x143)
-#define CKM_CDMF_MAC_GENERAL		(0x144)
-#define CKM_CDMF_CBC_PAD		(0x145)
-#define CKM_MD2				(0x200)
-#define CKM_MD2_HMAC			(0x201)
-#define CKM_MD2_HMAC_GENERAL		(0x202)
-#define CKM_MD5				(0x210)
-#define CKM_MD5_HMAC			(0x211)
-#define CKM_MD5_HMAC_GENERAL		(0x212)
-#define CKM_SHA_1			(0x220)
-#define CKM_SHA_1_HMAC			(0x221)
-#define CKM_SHA_1_HMAC_GENERAL		(0x222)
-#define CKM_RIPEMD128			(0x230)
-#define CKM_RIPEMD128_HMAC		(0x231)
-#define CKM_RIPEMD128_HMAC_GENERAL	(0x232)
-#define CKM_RIPEMD160			(0x240)
-#define CKM_RIPEMD160_HMAC		(0x241)
-#define CKM_RIPEMD160_HMAC_GENERAL	(0x242)
-#define CKM_SHA256			(0x250)
-#define CKM_SHA256_HMAC			(0x251)
-#define CKM_SHA256_HMAC_GENERAL		(0x252)
-#define CKM_SHA384			(0x260)
-#define CKM_SHA384_HMAC			(0x261)
-#define CKM_SHA384_HMAC_GENERAL		(0x262)
-#define CKM_SHA512			(0x270)
-#define CKM_SHA512_HMAC			(0x271)
-#define CKM_SHA512_HMAC_GENERAL		(0x272)
-#define CKM_CAST_KEY_GEN		(0x300)
-#define CKM_CAST_ECB			(0x301)
-#define CKM_CAST_CBC			(0x302)
-#define CKM_CAST_MAC			(0x303)
-#define CKM_CAST_MAC_GENERAL		(0x304)
-#define CKM_CAST_CBC_PAD		(0x305)
-#define CKM_CAST3_KEY_GEN		(0x310)
-#define CKM_CAST3_ECB			(0x311)
-#define CKM_CAST3_CBC			(0x312)
-#define CKM_CAST3_MAC			(0x313)
-#define CKM_CAST3_MAC_GENERAL		(0x314)
-#define CKM_CAST3_CBC_PAD		(0x315)
-#define CKM_CAST5_KEY_GEN		(0x320)
-#define CKM_CAST128_KEY_GEN		(0x320)
-#define CKM_CAST5_ECB			(0x321)
-#define CKM_CAST128_ECB			(0x321)
-#define CKM_CAST5_CBC			(0x322)
-#define CKM_CAST128_CBC			(0x322)
-#define CKM_CAST5_MAC			(0x323)
-#define	CKM_CAST128_MAC			(0x323)
-#define CKM_CAST5_MAC_GENERAL		(0x324)
-#define CKM_CAST128_MAC_GENERAL		(0x324)
-#define CKM_CAST5_CBC_PAD		(0x325)
-#define CKM_CAST128_CBC_PAD		(0x325)
-#define CKM_RC5_KEY_GEN			(0x330)
-#define CKM_RC5_ECB			(0x331)
-#define CKM_RC5_CBC			(0x332)
-#define CKM_RC5_MAC			(0x333)
-#define CKM_RC5_MAC_GENERAL		(0x334)
-#define CKM_RC5_CBC_PAD			(0x335)
-#define CKM_IDEA_KEY_GEN		(0x340)
-#define CKM_IDEA_ECB			(0x341)
-#define	CKM_IDEA_CBC			(0x342)
-#define CKM_IDEA_MAC			(0x343)
-#define CKM_IDEA_MAC_GENERAL		(0x344)
-#define CKM_IDEA_CBC_PAD		(0x345)
-#define CKM_GENERIC_SECRET_KEY_GEN	(0x350)
-#define CKM_CONCATENATE_BASE_AND_KEY	(0x360)
-#define CKM_CONCATENATE_BASE_AND_DATA	(0x362)
-#define CKM_CONCATENATE_DATA_AND_BASE	(0x363)
-#define CKM_XOR_BASE_AND_DATA		(0x364)
-#define CKM_EXTRACT_KEY_FROM_KEY	(0x365)
-#define CKM_SSL3_PRE_MASTER_KEY_GEN	(0x370)
-#define CKM_SSL3_MASTER_KEY_DERIVE	(0x371)
-#define CKM_SSL3_KEY_AND_MAC_DERIVE	(0x372)
-#define CKM_SSL3_MASTER_KEY_DERIVE_DH	(0x373)
-#define CKM_TLS_PRE_MASTER_KEY_GEN	(0x374)
-#define CKM_TLS_MASTER_KEY_DERIVE	(0x375)
-#define CKM_TLS_KEY_AND_MAC_DERIVE	(0x376)
-#define CKM_TLS_MASTER_KEY_DERIVE_DH	(0x377)
-#define CKM_SSL3_MD5_MAC		(0x380)
-#define CKM_SSL3_SHA1_MAC		(0x381)
-#define CKM_MD5_KEY_DERIVATION		(0x390)
-#define CKM_MD2_KEY_DERIVATION		(0x391)
-#define CKM_SHA1_KEY_DERIVATION		(0x392)
-#define CKM_PBE_MD2_DES_CBC		(0x3a0)
-#define CKM_PBE_MD5_DES_CBC		(0x3a1)
-#define CKM_PBE_MD5_CAST_CBC		(0x3a2)
-#define CKM_PBE_MD5_CAST3_CBC		(0x3a3)
-#define CKM_PBE_MD5_CAST5_CBC		(0x3a4)
-#define CKM_PBE_MD5_CAST128_CBC		(0x3a4)
-#define CKM_PBE_SHA1_CAST5_CBC		(0x3a5)
-#define CKM_PBE_SHA1_CAST128_CBC	(0x3a5)
-#define CKM_PBE_SHA1_RC4_128		(0x3a6)
-#define CKM_PBE_SHA1_RC4_40		(0x3a7)
-#define CKM_PBE_SHA1_DES3_EDE_CBC	(0x3a8)
-#define CKM_PBE_SHA1_DES2_EDE_CBC	(0x3a9)
-#define CKM_PBE_SHA1_RC2_128_CBC	(0x3aa)
-#define CKM_PBE_SHA1_RC2_40_CBC		(0x3ab)
-#define CKM_PKCS5_PBKD2			(0x3b0)
-#define CKM_PBA_SHA1_WITH_SHA1_HMAC	(0x3c0)
-#define CKM_KEY_WRAP_LYNKS		(0x400)
-#define CKM_KEY_WRAP_SET_OAEP		(0x401)
-#define CKM_SKIPJACK_KEY_GEN		(0x1000)
-#define CKM_SKIPJACK_ECB64		(0x1001)
-#define CKM_SKIPJACK_CBC64		(0x1002)
-#define CKM_SKIPJACK_OFB64		(0x1003)
-#define CKM_SKIPJACK_CFB64		(0x1004)
-#define CKM_SKIPJACK_CFB32		(0x1005)
-#define CKM_SKIPJACK_CFB16		(0x1006)
-#define CKM_SKIPJACK_CFB8		(0x1007)
-#define CKM_SKIPJACK_WRAP		(0x1008)
-#define CKM_SKIPJACK_PRIVATE_WRAP	(0x1009)
-#define CKM_SKIPJACK_RELAYX		(0x100a)
-#define CKM_KEA_KEY_PAIR_GEN		(0x1010)
-#define CKM_KEA_KEY_DERIVE		(0x1011)
-#define CKM_FORTEZZA_TIMESTAMP		(0x1020)
-#define CKM_BATON_KEY_GEN		(0x1030)
-#define CKM_BATON_ECB128		(0x1031)
-#define CKM_BATON_ECB96			(0x1032)
-#define CKM_BATON_CBC128		(0x1033)
-#define CKM_BATON_COUNTER		(0x1034)
-#define CKM_BATON_SHUFFLE		(0x1035)
-#define CKM_BATON_WRAP			(0x1036)
-#define CKM_ECDSA_KEY_PAIR_GEN		(0x1040)
-#define CKM_EC_KEY_PAIR_GEN		(0x1040)
-#define CKM_ECDSA			(0x1041)
-#define CKM_ECDSA_SHA1			(0x1042)
-#define CKM_ECDH1_DERIVE		(0x1050)
-#define CKM_ECDH1_COFACTOR_DERIVE	(0x1051)
-#define CKM_ECMQV_DERIVE		(0x1052)
-#define CKM_JUNIPER_KEY_GEN		(0x1060)
-#define CKM_JUNIPER_ECB128		(0x1061)
-#define CKM_JUNIPER_CBC128		(0x1062)
-#define CKM_JUNIPER_COUNTER		(0x1063)
-#define CKM_JUNIPER_SHUFFLE		(0x1064)
-#define CKM_JUNIPER_WRAP		(0x1065)
-#define CKM_FASTHASH			(0x1070)
-#define CKM_AES_KEY_GEN			(0x1080)
-#define CKM_AES_ECB			(0x1081)
-#define CKM_AES_CBC			(0x1082)
-#define CKM_AES_MAC			(0x1083)
-#define CKM_AES_MAC_GENERAL		(0x1084)
-#define CKM_AES_CBC_PAD			(0x1085)
-#define CKM_DSA_PARAMETER_GEN		(0x2000)
-#define CKM_DH_PKCS_PARAMETER_GEN	(0x2001)
-#define CKM_X9_42_DH_PARAMETER_GEN	(0x2002)
-#define CKM_VENDOR_DEFINED		((unsigned long) (1 << 31))
-
-
-struct ck_mechanism
-{
-  ck_mechanism_type_t mechanism;
-  void *parameter;
-  unsigned long parameter_len;
-};
-
-
-struct ck_mechanism_info
-{
-  unsigned long min_key_size;
-  unsigned long max_key_size;
-  ck_flags_t flags;
-};
-
-#define CKF_HW			(1 << 0)
-#define CKF_ENCRYPT		(1 << 8)
-#define CKF_DECRYPT		(1 << 9)
-#define CKF_DIGEST		(1 << 10)
-#define CKF_SIGN		(1 << 11)
-#define CKF_SIGN_RECOVER	(1 << 12)
-#define CKF_VERIFY		(1 << 13)
-#define CKF_VERIFY_RECOVER	(1 << 14)
-#define CKF_GENERATE		(1 << 15)
-#define CKF_GENERATE_KEY_PAIR	(1 << 16)
-#define CKF_WRAP		(1 << 17)
-#define CKF_UNWRAP		(1 << 18)
-#define CKF_DERIVE		(1 << 19)
-#define CKF_EXTENSION		((unsigned long) (1 << 31))
-
-
-/* Flags for C_WaitForSlotEvent.  */
-#define CKF_DONT_BLOCK				(1)
-
-
-typedef unsigned long ck_rv_t;
-
-
-typedef ck_rv_t (*ck_notify_t) (ck_session_handle_t session,
-				ck_notification_t event, void *application);
-
-/* Forward reference.  */
-struct ck_function_list;
-
-#define _CK_DECLARE_FUNCTION(name, args)	\
-typedef ck_rv_t (*CK_ ## name) args;		\
-ck_rv_t CK_SPEC name args
-
-_CK_DECLARE_FUNCTION (C_Initialize, (void *init_args));
-_CK_DECLARE_FUNCTION (C_Finalize, (void *reserved));
-_CK_DECLARE_FUNCTION (C_GetInfo, (struct ck_info *info));
-_CK_DECLARE_FUNCTION (C_GetFunctionList,
-		      (struct ck_function_list **function_list));
-
-_CK_DECLARE_FUNCTION (C_GetSlotList,
-		      (unsigned char token_present, ck_slot_id_t *slot_list,
-		       unsigned long *count));
-_CK_DECLARE_FUNCTION (C_GetSlotInfo,
-		      (ck_slot_id_t slot_id, struct ck_slot_info *info));
-_CK_DECLARE_FUNCTION (C_GetTokenInfo,
-		      (ck_slot_id_t slot_id, struct ck_token_info *info));
-_CK_DECLARE_FUNCTION (C_WaitForSlotEvent,
-		      (ck_flags_t flags, ck_slot_id_t *slot, void *reserved));
-_CK_DECLARE_FUNCTION (C_GetMechanismList,
-		      (ck_slot_id_t slot_id,
-		       ck_mechanism_type_t *mechanism_list,
-		       unsigned long *count));
-_CK_DECLARE_FUNCTION (C_GetMechanismInfo,
-		      (ck_slot_id_t slot_id, ck_mechanism_type_t type,
-		       struct ck_mechanism_info *info));
-_CK_DECLARE_FUNCTION (C_InitToken,
-		      (ck_slot_id_t slot_id, unsigned char *pin,
-		       unsigned long pin_len, unsigned char *label));
-_CK_DECLARE_FUNCTION (C_InitPIN,
-		      (ck_session_handle_t session, unsigned char *pin,
-		       unsigned long pin_len));
-_CK_DECLARE_FUNCTION (C_SetPIN,
-		      (ck_session_handle_t session, unsigned char *old_pin,
-		       unsigned long old_len, unsigned char *new_pin,
-		       unsigned long new_len));
-
-_CK_DECLARE_FUNCTION (C_OpenSession,
-		      (ck_slot_id_t slot_id, ck_flags_t flags,
-		       void *application, ck_notify_t notify,
-		       ck_session_handle_t *session));
-_CK_DECLARE_FUNCTION (C_CloseSession, (ck_session_handle_t session));
-_CK_DECLARE_FUNCTION (C_CloseAllSessions, (ck_slot_id_t slot_id));
-_CK_DECLARE_FUNCTION (C_GetSessionInfo,
-		      (ck_session_handle_t session,
-		       struct ck_session_info *info));
-_CK_DECLARE_FUNCTION (C_GetOperationState,
-		      (ck_session_handle_t session,
-		       unsigned char *operation_state,
-		       unsigned long *operation_state_len));
-_CK_DECLARE_FUNCTION (C_SetOperationState,
-		      (ck_session_handle_t session,
-		       unsigned char *operation_state,
-		       unsigned long operation_state_len,
-		       ck_object_handle_t encryption_key,
-		       ck_object_handle_t authentiation_key));
-_CK_DECLARE_FUNCTION (C_Login,
-		      (ck_session_handle_t session, ck_user_type_t user_type,
-		       unsigned char *pin, unsigned long pin_len));
-_CK_DECLARE_FUNCTION (C_Logout, (ck_session_handle_t session));
-
-_CK_DECLARE_FUNCTION (C_CreateObject,
-		      (ck_session_handle_t session,
-		       struct ck_attribute *templ,
-		       unsigned long count, ck_object_handle_t *object));
-_CK_DECLARE_FUNCTION (C_CopyObject,
-		      (ck_session_handle_t session, ck_object_handle_t object,
-		       struct ck_attribute *templ, unsigned long count,
-		       ck_object_handle_t *new_object));
-_CK_DECLARE_FUNCTION (C_DestroyObject,
-		      (ck_session_handle_t session,
-		       ck_object_handle_t object));
-_CK_DECLARE_FUNCTION (C_GetObjectSize,
-		      (ck_session_handle_t session,
-		       ck_object_handle_t object,
-		       unsigned long *size));
-_CK_DECLARE_FUNCTION (C_GetAttributeValue,
-		      (ck_session_handle_t session,
-		       ck_object_handle_t object,
-		       struct ck_attribute *templ,
-		       unsigned long count));
-_CK_DECLARE_FUNCTION (C_SetAttributeValue,
-		      (ck_session_handle_t session,
-		       ck_object_handle_t object,
-		       struct ck_attribute *templ,
-		       unsigned long count));
-_CK_DECLARE_FUNCTION (C_FindObjectsInit,
-		      (ck_session_handle_t session,
-		       struct ck_attribute *templ,
-		       unsigned long count));
-_CK_DECLARE_FUNCTION (C_FindObjects,
-		      (ck_session_handle_t session,
-		       ck_object_handle_t *object,
-		       unsigned long max_object_count,
-		       unsigned long *object_count));
-_CK_DECLARE_FUNCTION (C_FindObjectsFinal,
-		      (ck_session_handle_t session));
-
-_CK_DECLARE_FUNCTION (C_EncryptInit,
-		      (ck_session_handle_t session,
-		       struct ck_mechanism *mechanism,
-		       ck_object_handle_t key));
-_CK_DECLARE_FUNCTION (C_Encrypt,
-		      (ck_session_handle_t session,
-		       unsigned char *data, unsigned long data_len,
-		       unsigned char *encrypted_data,
-		       unsigned long *encrypted_data_len));
-_CK_DECLARE_FUNCTION (C_EncryptUpdate,
-		      (ck_session_handle_t session,
-		       unsigned char *part, unsigned long part_len,
-		       unsigned char *encrypted_part,
-		       unsigned long *encrypted_part_len));
-_CK_DECLARE_FUNCTION (C_EncryptFinal,
-		      (ck_session_handle_t session,
-		       unsigned char *last_encrypted_part,
-		       unsigned long *last_encrypted_part_len));
-
-_CK_DECLARE_FUNCTION (C_DecryptInit,
-		      (ck_session_handle_t session,
-		       struct ck_mechanism *mechanism,
-		       ck_object_handle_t key));
-_CK_DECLARE_FUNCTION (C_Decrypt,
-		      (ck_session_handle_t session,
-		       unsigned char *encrypted_data,
-		       unsigned long encrypted_data_len,
-		       unsigned char *data, unsigned long *data_len));
-_CK_DECLARE_FUNCTION (C_DecryptUpdate,
-		      (ck_session_handle_t session,
-		       unsigned char *encrypted_part,
-		       unsigned long encrypted_part_len,
-		       unsigned char *part, unsigned long *part_len));
-_CK_DECLARE_FUNCTION (C_DecryptFinal,
-		      (ck_session_handle_t session,
-		       unsigned char *last_part,
-		       unsigned long *last_part_len));
-
-_CK_DECLARE_FUNCTION (C_DigestInit,
-		      (ck_session_handle_t session,
-		       struct ck_mechanism *mechanism));
-_CK_DECLARE_FUNCTION (C_Digest,
-		      (ck_session_handle_t session,
-		       unsigned char *data, unsigned long data_len,
-		       unsigned char *digest,
-		       unsigned long *digest_len));
-_CK_DECLARE_FUNCTION (C_DigestUpdate,
-		      (ck_session_handle_t session,
-		       unsigned char *part, unsigned long part_len));
-_CK_DECLARE_FUNCTION (C_DigestKey,
-		      (ck_session_handle_t session, ck_object_handle_t key));
-_CK_DECLARE_FUNCTION (C_DigestFinal,
-		      (ck_session_handle_t session,
-		       unsigned char *digest,
-		       unsigned long *digest_len));
-
-_CK_DECLARE_FUNCTION (C_SignInit,
-		      (ck_session_handle_t session,
-		       struct ck_mechanism *mechanism,
-		       ck_object_handle_t key));
-_CK_DECLARE_FUNCTION (C_Sign,
-		      (ck_session_handle_t session,
-		       unsigned char *data, unsigned long data_len,
-		       unsigned char *signature,
-		       unsigned long *signature_len));
-_CK_DECLARE_FUNCTION (C_SignUpdate,
-		      (ck_session_handle_t session,
-		       unsigned char *part, unsigned long part_len));
-_CK_DECLARE_FUNCTION (C_SignFinal,
-		      (ck_session_handle_t session,
-		       unsigned char *signature,
-		       unsigned long *signature_len));
-_CK_DECLARE_FUNCTION (C_SignRecoverInit,
-		      (ck_session_handle_t session,
-		       struct ck_mechanism *mechanism,
-		       ck_object_handle_t key));
-_CK_DECLARE_FUNCTION (C_SignRecover,
-		      (ck_session_handle_t session,
-		       unsigned char *data, unsigned long data_len,
-		       unsigned char *signature,
-		       unsigned long *signature_len));
-
-_CK_DECLARE_FUNCTION (C_VerifyInit,
-		      (ck_session_handle_t session,
-		       struct ck_mechanism *mechanism,
-		       ck_object_handle_t key));
-_CK_DECLARE_FUNCTION (C_Verify,
-		      (ck_session_handle_t session,
-		       unsigned char *data, unsigned long data_len,
-		       unsigned char *signature,
-		       unsigned long signature_len));
-_CK_DECLARE_FUNCTION (C_VerifyUpdate,
-		      (ck_session_handle_t session,
-		       unsigned char *part, unsigned long part_len));
-_CK_DECLARE_FUNCTION (C_VerifyFinal,
-		      (ck_session_handle_t session,
-		       unsigned char *signature,
-		       unsigned long signature_len));
-_CK_DECLARE_FUNCTION (C_VerifyRecoverInit,
-		      (ck_session_handle_t session,
-		       struct ck_mechanism *mechanism,
-		       ck_object_handle_t key));
-_CK_DECLARE_FUNCTION (C_VerifyRecover,
-		      (ck_session_handle_t session,
-		       unsigned char *signature,
-		       unsigned long signature_len,
-		       unsigned char *data,
-		       unsigned long *data_len));
-
-_CK_DECLARE_FUNCTION (C_DigestEncryptUpdate,
-		      (ck_session_handle_t session,
-		       unsigned char *part, unsigned long part_len,
-		       unsigned char *encrypted_part,
-		       unsigned long *encrypted_part_len));
-_CK_DECLARE_FUNCTION (C_DecryptDigestUpdate,
-		      (ck_session_handle_t session,
-		       unsigned char *encrypted_part,
-		       unsigned long encrypted_part_len,
-		       unsigned char *part,
-		       unsigned long *part_len));
-_CK_DECLARE_FUNCTION (C_SignEncryptUpdate,
-		      (ck_session_handle_t session,
-		       unsigned char *part, unsigned long part_len,
-		       unsigned char *encrypted_part,
-		       unsigned long *encrypted_part_len));
-_CK_DECLARE_FUNCTION (C_DecryptVerifyUpdate,
-		      (ck_session_handle_t session,
-		       unsigned char *encrypted_part,
-		       unsigned long encrypted_part_len,
-		       unsigned char *part,
-		       unsigned long *part_len));
-
-_CK_DECLARE_FUNCTION (C_GenerateKey,
-		      (ck_session_handle_t session,
-		       struct ck_mechanism *mechanism,
-		       struct ck_attribute *templ,
-		       unsigned long count,
-		       ck_object_handle_t *key));
-_CK_DECLARE_FUNCTION (C_GenerateKeyPair,
-		      (ck_session_handle_t session,
-		       struct ck_mechanism *mechanism,
-		       struct ck_attribute *public_key_template,
-		       unsigned long public_key_attribute_count,
-		       struct ck_attribute *private_key_template,
-		       unsigned long private_key_attribute_count,
-		       ck_object_handle_t *public_key,
-		       ck_object_handle_t *private_key));
-_CK_DECLARE_FUNCTION (C_WrapKey,
-		      (ck_session_handle_t session,
-		       struct ck_mechanism *mechanism,
-		       ck_object_handle_t wrapping_key,
-		       ck_object_handle_t key,
-		       unsigned char *wrapped_key,
-		       unsigned long *wrapped_key_len));
-_CK_DECLARE_FUNCTION (C_UnwrapKey,
-		      (ck_session_handle_t session,
-		       struct ck_mechanism *mechanism,
-		       ck_object_handle_t unwrapping_key,
-		       unsigned char *wrapped_key,
-		       unsigned long wrapped_key_len,
-		       struct ck_attribute *templ,
-		       unsigned long attribute_count,
-		       ck_object_handle_t *key));
-_CK_DECLARE_FUNCTION (C_DeriveKey,
-		      (ck_session_handle_t session,
-		       struct ck_mechanism *mechanism,
-		       ck_object_handle_t base_key,
-		       struct ck_attribute *templ,
-		       unsigned long attribute_count,
-		       ck_object_handle_t *key));
-
-_CK_DECLARE_FUNCTION (C_SeedRandom,
-		      (ck_session_handle_t session, unsigned char *seed,
-		       unsigned long seed_len));
-_CK_DECLARE_FUNCTION (C_GenerateRandom,
-		      (ck_session_handle_t session,
-		       unsigned char *random_data,
-		       unsigned long random_len));
-
-_CK_DECLARE_FUNCTION (C_GetFunctionStatus, (ck_session_handle_t session));
-_CK_DECLARE_FUNCTION (C_CancelFunction, (ck_session_handle_t session));
-
-
-struct ck_function_list
-{
-  struct ck_version version;
-  CK_C_Initialize C_Initialize;
-  CK_C_Finalize C_Finalize;
-  CK_C_GetInfo C_GetInfo;
-  CK_C_GetFunctionList C_GetFunctionList;
-  CK_C_GetSlotList C_GetSlotList;
-  CK_C_GetSlotInfo C_GetSlotInfo;
-  CK_C_GetTokenInfo C_GetTokenInfo;
-  CK_C_GetMechanismList C_GetMechanismList;
-  CK_C_GetMechanismInfo C_GetMechanismInfo;
-  CK_C_InitToken C_InitToken;
-  CK_C_InitPIN C_InitPIN;
-  CK_C_SetPIN C_SetPIN;
-  CK_C_OpenSession C_OpenSession;
-  CK_C_CloseSession C_CloseSession;
-  CK_C_CloseAllSessions C_CloseAllSessions;
-  CK_C_GetSessionInfo C_GetSessionInfo;
-  CK_C_GetOperationState C_GetOperationState;
-  CK_C_SetOperationState C_SetOperationState;
-  CK_C_Login C_Login;
-  CK_C_Logout C_Logout;
-  CK_C_CreateObject C_CreateObject;
-  CK_C_CopyObject C_CopyObject;
-  CK_C_DestroyObject C_DestroyObject;
-  CK_C_GetObjectSize C_GetObjectSize;
-  CK_C_GetAttributeValue C_GetAttributeValue;
-  CK_C_SetAttributeValue C_SetAttributeValue;
-  CK_C_FindObjectsInit C_FindObjectsInit;
-  CK_C_FindObjects C_FindObjects;
-  CK_C_FindObjectsFinal C_FindObjectsFinal;
-  CK_C_EncryptInit C_EncryptInit;
-  CK_C_Encrypt C_Encrypt;
-  CK_C_EncryptUpdate C_EncryptUpdate;
-  CK_C_EncryptFinal C_EncryptFinal;
-  CK_C_DecryptInit C_DecryptInit;
-  CK_C_Decrypt C_Decrypt;
-  CK_C_DecryptUpdate C_DecryptUpdate;
-  CK_C_DecryptFinal C_DecryptFinal;
-  CK_C_DigestInit C_DigestInit;
-  CK_C_Digest C_Digest;
-  CK_C_DigestUpdate C_DigestUpdate;
-  CK_C_DigestKey C_DigestKey;
-  CK_C_DigestFinal C_DigestFinal;
-  CK_C_SignInit C_SignInit;
-  CK_C_Sign C_Sign;
-  CK_C_SignUpdate C_SignUpdate;
-  CK_C_SignFinal C_SignFinal;
-  CK_C_SignRecoverInit C_SignRecoverInit;
-  CK_C_SignRecover C_SignRecover;
-  CK_C_VerifyInit C_VerifyInit;
-  CK_C_Verify C_Verify;
-  CK_C_VerifyUpdate C_VerifyUpdate;
-  CK_C_VerifyFinal C_VerifyFinal;
-  CK_C_VerifyRecoverInit C_VerifyRecoverInit;
-  CK_C_VerifyRecover C_VerifyRecover;
-  CK_C_DigestEncryptUpdate C_DigestEncryptUpdate;
-  CK_C_DecryptDigestUpdate C_DecryptDigestUpdate;
-  CK_C_SignEncryptUpdate C_SignEncryptUpdate;
-  CK_C_DecryptVerifyUpdate C_DecryptVerifyUpdate;
-  CK_C_GenerateKey C_GenerateKey;
-  CK_C_GenerateKeyPair C_GenerateKeyPair;
-  CK_C_WrapKey C_WrapKey;
-  CK_C_UnwrapKey C_UnwrapKey;
-  CK_C_DeriveKey C_DeriveKey;
-  CK_C_SeedRandom C_SeedRandom;
-  CK_C_GenerateRandom C_GenerateRandom;
-  CK_C_GetFunctionStatus C_GetFunctionStatus;
-  CK_C_CancelFunction C_CancelFunction;
-  CK_C_WaitForSlotEvent C_WaitForSlotEvent;
-};
-
-
-typedef ck_rv_t (*ck_createmutex_t) (void **mutex);
-typedef ck_rv_t (*ck_destroymutex_t) (void *mutex);
-typedef ck_rv_t (*ck_lockmutex_t) (void *mutex);
-typedef ck_rv_t (*ck_unlockmutex_t) (void *mutex);
-
-
-struct ck_c_initialize_args
-{
-  ck_createmutex_t create_mutex;
-  ck_destroymutex_t destroy_mutex;
-  ck_lockmutex_t lock_mutex;
-  ck_unlockmutex_t unlock_mutex;
-  ck_flags_t flags;
-  void *reserved;
-};
-
-
-#define CKF_LIBRARY_CANT_CREATE_OS_THREADS	(1 << 0)
-#define CKF_OS_LOCKING_OK			(1 << 1)
-
-#define CKR_OK					(0)
-#define CKR_CANCEL				(1)
-#define CKR_HOST_MEMORY				(2)
-#define CKR_SLOT_ID_INVALID			(3)
-#define CKR_GENERAL_ERROR			(5)
-#define CKR_FUNCTION_FAILED			(6)
-#define CKR_ARGUMENTS_BAD			(7)
-#define CKR_NO_EVENT				(8)
-#define CKR_NEED_TO_CREATE_THREADS		(9)
-#define CKR_CANT_LOCK				(0xa)
-#define CKR_ATTRIBUTE_READ_ONLY			(0x10)
-#define CKR_ATTRIBUTE_SENSITIVE			(0x11)
-#define CKR_ATTRIBUTE_TYPE_INVALID		(0x12)
-#define CKR_ATTRIBUTE_VALUE_INVALID		(0x13)
-#define CKR_DATA_INVALID			(0x20)
-#define CKR_DATA_LEN_RANGE			(0x21)
-#define CKR_DEVICE_ERROR			(0x30)
-#define CKR_DEVICE_MEMORY			(0x31)
-#define CKR_DEVICE_REMOVED			(0x32)
-#define CKR_ENCRYPTED_DATA_INVALID		(0x40)
-#define CKR_ENCRYPTED_DATA_LEN_RANGE		(0x41)
-#define CKR_FUNCTION_CANCELED			(0x50)
-#define CKR_FUNCTION_NOT_PARALLEL		(0x51)
-#define CKR_FUNCTION_NOT_SUPPORTED		(0x54)
-#define CKR_KEY_HANDLE_INVALID			(0x60)
-#define CKR_KEY_SIZE_RANGE			(0x62)
-#define CKR_KEY_TYPE_INCONSISTENT		(0x63)
-#define CKR_KEY_NOT_NEEDED			(0x64)
-#define CKR_KEY_CHANGED				(0x65)
-#define CKR_KEY_NEEDED				(0x66)
-#define CKR_KEY_INDIGESTIBLE			(0x67)
-#define CKR_KEY_FUNCTION_NOT_PERMITTED		(0x68)
-#define CKR_KEY_NOT_WRAPPABLE			(0x69)
-#define CKR_KEY_UNEXTRACTABLE			(0x6a)
-#define CKR_MECHANISM_INVALID			(0x70)
-#define CKR_MECHANISM_PARAM_INVALID		(0x71)
-#define CKR_OBJECT_HANDLE_INVALID		(0x82)
-#define CKR_OPERATION_ACTIVE			(0x90)
-#define CKR_OPERATION_NOT_INITIALIZED		(0x91)
-#define CKR_PIN_INCORRECT			(0xa0)
-#define CKR_PIN_INVALID				(0xa1)
-#define CKR_PIN_LEN_RANGE			(0xa2)
-#define CKR_PIN_EXPIRED				(0xa3)
-#define CKR_PIN_LOCKED				(0xa4)
-#define CKR_SESSION_CLOSED			(0xb0)
-#define CKR_SESSION_COUNT			(0xb1)
-#define CKR_SESSION_HANDLE_INVALID		(0xb3)
-#define CKR_SESSION_PARALLEL_NOT_SUPPORTED	(0xb4)
-#define CKR_SESSION_READ_ONLY			(0xb5)
-#define CKR_SESSION_EXISTS			(0xb6)
-#define CKR_SESSION_READ_ONLY_EXISTS		(0xb7)
-#define CKR_SESSION_READ_WRITE_SO_EXISTS	(0xb8)
-#define CKR_SIGNATURE_INVALID			(0xc0)
-#define CKR_SIGNATURE_LEN_RANGE			(0xc1)
-#define CKR_TEMPLATE_INCOMPLETE			(0xd0)
-#define CKR_TEMPLATE_INCONSISTENT		(0xd1)
-#define CKR_TOKEN_NOT_PRESENT			(0xe0)
-#define CKR_TOKEN_NOT_RECOGNIZED		(0xe1)
-#define CKR_TOKEN_WRITE_PROTECTED		(0xe2)
-#define	CKR_UNWRAPPING_KEY_HANDLE_INVALID	(0xf0)
-#define CKR_UNWRAPPING_KEY_SIZE_RANGE		(0xf1)
-#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT	(0xf2)
-#define CKR_USER_ALREADY_LOGGED_IN		(0x100)
-#define CKR_USER_NOT_LOGGED_IN			(0x101)
-#define CKR_USER_PIN_NOT_INITIALIZED		(0x102)
-#define CKR_USER_TYPE_INVALID			(0x103)
-#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN	(0x104)
-#define CKR_USER_TOO_MANY_TYPES			(0x105)
-#define CKR_WRAPPED_KEY_INVALID			(0x110)
-#define CKR_WRAPPED_KEY_LEN_RANGE		(0x112)
-#define CKR_WRAPPING_KEY_HANDLE_INVALID		(0x113)
-#define CKR_WRAPPING_KEY_SIZE_RANGE		(0x114)
-#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT	(0x115)
-#define CKR_RANDOM_SEED_NOT_SUPPORTED		(0x120)
-#define CKR_RANDOM_NO_RNG			(0x121)
-#define CKR_DOMAIN_PARAMS_INVALID		(0x130)
-#define CKR_BUFFER_TOO_SMALL			(0x150)
-#define CKR_SAVED_STATE_INVALID			(0x160)
-#define CKR_INFORMATION_SENSITIVE		(0x170)
-#define CKR_STATE_UNSAVEABLE			(0x180)
-#define CKR_CRYPTOKI_NOT_INITIALIZED		(0x190)
-#define CKR_CRYPTOKI_ALREADY_INITIALIZED	(0x191)
-#define CKR_MUTEX_BAD				(0x1a0)
-#define CKR_MUTEX_NOT_LOCKED			(0x1a1)
-#define CKR_FUNCTION_REJECTED			(0x200)
-#define CKR_VENDOR_DEFINED			((unsigned long) (1 << 31))
-
-
-
-/* Compatibility layer.  */
-
-#ifdef CRYPTOKI_COMPAT
-
-#undef CK_DEFINE_FUNCTION
-#define CK_DEFINE_FUNCTION(retval, name) retval CK_SPEC name
-
-/* For NULL.  */
-#include <stddef.h>
-
-typedef unsigned char CK_BYTE;
-typedef unsigned char CK_CHAR;
-typedef unsigned char CK_UTF8CHAR;
-typedef unsigned char CK_BBOOL;
-typedef unsigned long int CK_ULONG;
-typedef long int CK_LONG;
-typedef CK_BYTE *CK_BYTE_PTR;
-typedef CK_CHAR *CK_CHAR_PTR;
-typedef CK_UTF8CHAR *CK_UTF8CHAR_PTR;
-typedef CK_ULONG *CK_ULONG_PTR;
-typedef void *CK_VOID_PTR;
-typedef void **CK_VOID_PTR_PTR;
-#define CK_FALSE 0
-#define CK_TRUE 1
-#ifndef CK_DISABLE_TRUE_FALSE
-#ifndef FALSE
-#define FALSE 0
-#endif
-#ifndef TRUE
-#define TRUE 1
-#endif
-#endif
-
-typedef struct ck_version CK_VERSION;
-typedef struct ck_version *CK_VERSION_PTR;
-
-typedef struct ck_info CK_INFO;
-typedef struct ck_info *CK_INFO_PTR;
-
-typedef ck_slot_id_t *CK_SLOT_ID_PTR;
-
-typedef struct ck_slot_info CK_SLOT_INFO;
-typedef struct ck_slot_info *CK_SLOT_INFO_PTR;
-
-typedef struct ck_token_info CK_TOKEN_INFO;
-typedef struct ck_token_info *CK_TOKEN_INFO_PTR;
-
-typedef ck_session_handle_t *CK_SESSION_HANDLE_PTR;
-
-typedef struct ck_session_info CK_SESSION_INFO;
-typedef struct ck_session_info *CK_SESSION_INFO_PTR;
-
-typedef ck_object_handle_t *CK_OBJECT_HANDLE_PTR;
-
-typedef ck_object_class_t *CK_OBJECT_CLASS_PTR;
-
-typedef struct ck_attribute CK_ATTRIBUTE;
-typedef struct ck_attribute *CK_ATTRIBUTE_PTR;
-
-typedef struct ck_date CK_DATE;
-typedef struct ck_date *CK_DATE_PTR;
-
-typedef ck_mechanism_type_t *CK_MECHANISM_TYPE_PTR;
-
-typedef struct ck_mechanism CK_MECHANISM;
-typedef struct ck_mechanism *CK_MECHANISM_PTR;
-
-typedef struct ck_mechanism_info CK_MECHANISM_INFO;
-typedef struct ck_mechanism_info *CK_MECHANISM_INFO_PTR;
-
-typedef struct ck_function_list CK_FUNCTION_LIST;
-typedef struct ck_function_list *CK_FUNCTION_LIST_PTR;
-typedef struct ck_function_list **CK_FUNCTION_LIST_PTR_PTR;
-
-typedef struct ck_c_initialize_args CK_C_INITIALIZE_ARGS;
-typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR;
-
-#define NULL_PTR NULL
-
-/* Delete the helper macros defined at the top of the file.  */
-#undef ck_flags_t
-#undef ck_version
-
-#undef ck_info
-#undef cryptoki_version
-#undef manufacturer_id
-#undef library_description
-#undef library_version
-
-#undef ck_notification_t
-#undef ck_slot_id_t
-
-#undef ck_slot_info
-#undef slot_description
-#undef hardware_version
-#undef firmware_version
-
-#undef ck_token_info
-#undef serial_number
-#undef max_session_count
-#undef session_count
-#undef max_rw_session_count
-#undef rw_session_count
-#undef max_pin_len
-#undef min_pin_len
-#undef total_public_memory
-#undef free_public_memory
-#undef total_private_memory
-#undef free_private_memory
-#undef utc_time
-
-#undef ck_session_handle_t
-#undef ck_user_type_t
-#undef ck_state_t
-
-#undef ck_session_info
-#undef slot_id
-#undef device_error
-
-#undef ck_object_handle_t
-#undef ck_object_class_t
-#undef ck_hw_feature_type_t
-#undef ck_key_type_t
-#undef ck_certificate_type_t
-#undef ck_attribute_type_t
-
-#undef ck_attribute
-#undef value
-#undef value_len
-
-#undef ck_date
-
-#undef ck_mechanism_type_t
-
-#undef ck_mechanism
-#undef parameter
-#undef parameter_len
-
-#undef ck_mechanism_info
-#undef min_key_size
-#undef max_key_size
-
-#undef ck_rv_t
-#undef ck_notify_t
-
-#undef ck_function_list
-
-#undef ck_createmutex_t
-#undef ck_destroymutex_t
-#undef ck_lockmutex_t
-#undef ck_unlockmutex_t
-
-#undef ck_c_initialize_args
-#undef create_mutex
-#undef destroy_mutex
-#undef lock_mutex
-#undef unlock_mutex
-#undef reserved
-
-#endif	/* CRYPTOKI_COMPAT */
-
-
-/* System dependencies.  */
-#if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32)
-#pragma pack(pop, cryptoki)
-#endif
-
-#if defined(__cplusplus)
-}
-#endif
-
-#endif	/* PKCS11_H */
diff --git a/crypto/heimdal/lib/hx509/req.c b/crypto/heimdal/lib/hx509/req.c
deleted file mode 100644
index d7a85e1cecd2..000000000000
--- a/crypto/heimdal/lib/hx509/req.c
+++ /dev/null
@@ -1,325 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-#include <pkcs10_asn1.h>
-RCSID("$Id: req.c 21344 2007-06-26 14:22:34Z lha $");
-
-struct hx509_request_data {
-    hx509_name name;
-    SubjectPublicKeyInfo key;
-    ExtKeyUsage eku;
-    GeneralNames san;
-};
-
-/*
- *
- */
-
-int
-_hx509_request_init(hx509_context context, hx509_request *req)
-{
-    *req = calloc(1, sizeof(**req));
-    if (*req == NULL)
-	return ENOMEM;
-
-    return 0;
-}
-
-void
-_hx509_request_free(hx509_request *req)
-{
-    if ((*req)->name)
-	hx509_name_free(&(*req)->name);
-    free_SubjectPublicKeyInfo(&(*req)->key);
-    free_ExtKeyUsage(&(*req)->eku);
-    free_GeneralNames(&(*req)->san);
-    memset(*req, 0, sizeof(**req));
-    free(*req);
-    *req = NULL;
-}
-
-int
-_hx509_request_set_name(hx509_context context,
-			hx509_request req,
-			hx509_name name)
-{
-    if (req->name)
-	hx509_name_free(&req->name);
-    if (name) {
-	int ret = hx509_name_copy(context, name, &req->name);
-	if (ret)
-	    return ret;
-    }
-    return 0;
-}
-
-int
-_hx509_request_get_name(hx509_context context,
-			hx509_request req,
-			hx509_name *name)
-{
-    if (req->name == NULL) {
-	hx509_set_error_string(context, 0, EINVAL, "Request have no name");
-	return EINVAL;
-    }
-    return hx509_name_copy(context, req->name, name);
-}
-
-int
-_hx509_request_set_SubjectPublicKeyInfo(hx509_context context,
-					hx509_request req,
-					const SubjectPublicKeyInfo *key)
-{
-    free_SubjectPublicKeyInfo(&req->key);
-    return copy_SubjectPublicKeyInfo(key, &req->key);
-}
-
-int
-_hx509_request_get_SubjectPublicKeyInfo(hx509_context context,
-					hx509_request req,
-					SubjectPublicKeyInfo *key)
-{
-    return copy_SubjectPublicKeyInfo(&req->key, key);
-}
-
-int
-_hx509_request_add_eku(hx509_context context,
-		       hx509_request req,
-		       const heim_oid *oid)
-{
-    void *val;
-    int ret;
-
-    val = realloc(req->eku.val, sizeof(req->eku.val[0]) * (req->eku.len + 1));
-    if (val == NULL)
-	return ENOMEM;
-    req->eku.val = val;
-
-    ret = der_copy_oid(oid, &req->eku.val[req->eku.len]);
-    if (ret)
-	return ret;
-
-    req->eku.len += 1;
-
-    return 0;
-}
-
-int
-_hx509_request_add_dns_name(hx509_context context,
-			    hx509_request req,
-			    const char *hostname)
-{
-    GeneralName name;
-
-    memset(&name, 0, sizeof(name));
-    name.element = choice_GeneralName_dNSName;
-    name.u.dNSName = rk_UNCONST(hostname);
-
-    return add_GeneralNames(&req->san, &name);
-}
-
-int
-_hx509_request_add_email(hx509_context context,
-			 hx509_request req,
-			 const char *email)
-{
-    GeneralName name;
-
-    memset(&name, 0, sizeof(name));
-    name.element = choice_GeneralName_rfc822Name;
-    name.u.dNSName = rk_UNCONST(email);
-
-    return add_GeneralNames(&req->san, &name);
-}
-
-
-
-int
-_hx509_request_to_pkcs10(hx509_context context,
-			 const hx509_request req,
-			 const hx509_private_key signer,
-			 heim_octet_string *request)
-{
-    CertificationRequest r;
-    heim_octet_string data, os;
-    int ret;
-    size_t size;
-
-    if (req->name == NULL) {
-	hx509_set_error_string(context, 0, EINVAL,
-			       "PKCS10 needs to have a subject");
-	return EINVAL;
-    }
-
-    memset(&r, 0, sizeof(r));
-    memset(request, 0, sizeof(*request));
-
-    r.certificationRequestInfo.version = pkcs10_v1;
-
-    ret = copy_Name(&req->name->der_name,
-		    &r.certificationRequestInfo.subject);
-    if (ret)
-	goto out;
-    ret = copy_SubjectPublicKeyInfo(&req->key,
-				    &r.certificationRequestInfo.subjectPKInfo);
-    if (ret)
-	goto out;
-    r.certificationRequestInfo.attributes = 
-	calloc(1, sizeof(*r.certificationRequestInfo.attributes));
-    if (r.certificationRequestInfo.attributes == NULL) {
-	ret = ENOMEM;
-	goto out;
-    }
-
-    ASN1_MALLOC_ENCODE(CertificationRequestInfo, data.data, data.length, 
-		       &r.certificationRequestInfo, &size, ret);
-    if (ret)
-	goto out;
-    if (data.length != size)
-	abort();
-
-    ret = _hx509_create_signature(context,
-				  signer,
-				  _hx509_crypto_default_sig_alg,
-				  &data,
-				  &r.signatureAlgorithm,
-				  &os);
-    free(data.data);
-    if (ret)
-	goto out;
-    r.signature.data = os.data;
-    r.signature.length = os.length * 8;
-
-    ASN1_MALLOC_ENCODE(CertificationRequest, data.data, data.length,
-		       &r, &size, ret);
-    if (ret)
-	goto out;
-    if (data.length != size)
-	abort();
-
-    *request = data;
-
-out:
-    free_CertificationRequest(&r);
-
-    return ret;
-}
-
-int
-_hx509_request_parse(hx509_context context, 
-		     const char *path,
-		     hx509_request *req)
-{
-    CertificationRequest r;
-    CertificationRequestInfo *rinfo;
-    hx509_name subject;
-    size_t len, size;
-    void *p;
-    int ret;
-
-    if (strncmp(path, "PKCS10:", 7) != 0) {
-	hx509_set_error_string(context, 0, HX509_UNSUPPORTED_OPERATION,
-			       "unsupport type in %s", path);
-	return HX509_UNSUPPORTED_OPERATION;
-    }
-    path += 7;
-
-    /* XXX PEM request */
-
-    ret = _hx509_map_file(path, &p, &len, NULL);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "Failed to map file %s", path);
-	return ret;
-    }
-
-    ret = decode_CertificationRequest(p, len, &r, &size);
-    _hx509_unmap_file(p, len);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "Failed to decode %s", path);
-	return ret;
-    }
-
-    ret = _hx509_request_init(context, req);
-    if (ret) {
-	free_CertificationRequest(&r);
-	return ret;
-    }
-
-    rinfo = &r.certificationRequestInfo;
-
-    ret = _hx509_request_set_SubjectPublicKeyInfo(context, *req,
-						  &rinfo->subjectPKInfo);
-    if (ret) {
-	free_CertificationRequest(&r);
-	_hx509_request_free(req);
-	return ret;
-    }
-
-    ret = _hx509_name_from_Name(&rinfo->subject, &subject);
-    if (ret) {
-	free_CertificationRequest(&r);
-	_hx509_request_free(req);
-	return ret;
-    }
-    ret = _hx509_request_set_name(context, *req, subject);
-    hx509_name_free(&subject);
-    free_CertificationRequest(&r);
-    if (ret) {
-	_hx509_request_free(req);
-	return ret;
-    }
-
-    return 0;
-}
-
-
-int
-_hx509_request_print(hx509_context context, hx509_request req, FILE *f)
-{
-    int ret;
-
-    if (req->name) {
-	char *subject;
-	ret = hx509_name_to_string(req->name, &subject);
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret, "Failed to print name");
-	    return ret;
-	}
-        fprintf(f, "name: %s\n", subject);
-	free(subject);
-    }
-    
-    return 0;
-}
-
diff --git a/crypto/heimdal/lib/hx509/revoke.c b/crypto/heimdal/lib/hx509/revoke.c
deleted file mode 100644
index cfde4396a1d4..000000000000
--- a/crypto/heimdal/lib/hx509/revoke.c
+++ /dev/null
@@ -1,1525 +0,0 @@
-/*
- * Copyright (c) 2006 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/**
- * @page page_revoke Revocation methods
- *
- * There are two revocation method for PKIX/X.509: CRL and OCSP.
- * Revocation is needed if the private key is lost and
- * stolen. Depending on how picky you are, you might want to make
- * revocation for destroyed private keys too (smartcard broken), but
- * that should not be a problem.
- *
- * CRL is a list of certifiates that have expired.
- *
- * OCSP is an online checking method where the requestor sends a list
- * of certificates to the OCSP server to return a signed reply if they
- * are valid or not. Some services sends a OCSP reply as part of the
- * hand-shake to make the revoktion decision simpler/faster for the
- * client.
- */
-
-#include "hx_locl.h"
-RCSID("$Id: revoke.c 22275 2007-12-11 11:02:11Z lha $");
-
-struct revoke_crl {
-    char *path;
-    time_t last_modfied;
-    CRLCertificateList crl;
-    int verified;
-    int failed_verify;
-};
-
-struct revoke_ocsp {
-    char *path;
-    time_t last_modfied;
-    OCSPBasicOCSPResponse ocsp;
-    hx509_certs certs;
-    hx509_cert signer;
-};
-
-
-struct hx509_revoke_ctx_data {
-    unsigned ref;
-    struct {
-	struct revoke_crl *val;
-	size_t len;
-    } crls;
-    struct {
-	struct revoke_ocsp *val;
-	size_t len;
-    } ocsps;
-};
-
-/**
- * Allocate a revokation context. Free with hx509_revoke_free().
- *
- * @param context A hx509 context.
- * @param ctx returns a newly allocated revokation context.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_revoke
- */
-
-int
-hx509_revoke_init(hx509_context context, hx509_revoke_ctx *ctx)
-{
-    *ctx = calloc(1, sizeof(**ctx));
-    if (*ctx == NULL)
-	return ENOMEM;
-
-    (*ctx)->ref = 1;
-    (*ctx)->crls.len = 0;
-    (*ctx)->crls.val = NULL;
-    (*ctx)->ocsps.len = 0;
-    (*ctx)->ocsps.val = NULL;
-
-    return 0;
-}
-
-hx509_revoke_ctx
-_hx509_revoke_ref(hx509_revoke_ctx ctx)
-{
-    if (ctx == NULL)
-	return NULL;
-    if (ctx->ref <= 0)
-	_hx509_abort("revoke ctx refcount <= 0");
-    ctx->ref++;
-    if (ctx->ref == 0)
-	_hx509_abort("revoke ctx refcount == 0");
-    return ctx;
-}
-
-static void
-free_ocsp(struct revoke_ocsp *ocsp)
-{
-    free(ocsp->path);
-    free_OCSPBasicOCSPResponse(&ocsp->ocsp);
-    hx509_certs_free(&ocsp->certs);
-    hx509_cert_free(ocsp->signer);
-}
-
-/**
- * Free a hx509 revokation context.
- *
- * @param ctx context to be freed
- *
- * @ingroup hx509_revoke
- */
-
-void
-hx509_revoke_free(hx509_revoke_ctx *ctx)
-{
-    size_t i ;
-
-    if (ctx == NULL || *ctx == NULL)
-	return;
-
-    if ((*ctx)->ref <= 0)
-	_hx509_abort("revoke ctx refcount <= 0 on free");
-    if (--(*ctx)->ref > 0)
-	return;
-
-    for (i = 0; i < (*ctx)->crls.len; i++) {
-	free((*ctx)->crls.val[i].path);
-	free_CRLCertificateList(&(*ctx)->crls.val[i].crl);
-    }
-
-    for (i = 0; i < (*ctx)->ocsps.len; i++)
-	free_ocsp(&(*ctx)->ocsps.val[i]);
-    free((*ctx)->ocsps.val);
-
-    free((*ctx)->crls.val);
-
-    memset(*ctx, 0, sizeof(**ctx));
-    free(*ctx);
-    *ctx = NULL;
-}
-
-static int
-verify_ocsp(hx509_context context,
-	    struct revoke_ocsp *ocsp,
-	    time_t time_now,
-	    hx509_certs certs,
-	    hx509_cert parent)
-{
-    hx509_cert signer = NULL;
-    hx509_query q;
-    int ret;
-	
-    _hx509_query_clear(&q);
-	
-    /*
-     * Need to match on issuer too in case there are two CA that have
-     * issued the same name to a certificate. One example of this is
-     * the www.openvalidation.org test's ocsp validator.
-     */
-
-    q.match = HX509_QUERY_MATCH_ISSUER_NAME;
-    q.issuer_name = &_hx509_get_cert(parent)->tbsCertificate.issuer;
-
-    switch(ocsp->ocsp.tbsResponseData.responderID.element) {
-    case choice_OCSPResponderID_byName:
-	q.match |= HX509_QUERY_MATCH_SUBJECT_NAME;
-	q.subject_name = &ocsp->ocsp.tbsResponseData.responderID.u.byName;
-	break;
-    case choice_OCSPResponderID_byKey:
-	q.match |= HX509_QUERY_MATCH_KEY_HASH_SHA1;
-	q.keyhash_sha1 = &ocsp->ocsp.tbsResponseData.responderID.u.byKey;
-	break;
-    }
-	
-    ret = hx509_certs_find(context, certs, &q, &signer);
-    if (ret && ocsp->certs)
-	ret = hx509_certs_find(context, ocsp->certs, &q, &signer);
-    if (ret)
-	goto out;
-
-    /*
-     * If signer certificate isn't the CA certificate, lets check the
-     * it is the CA that signed the signer certificate and the OCSP EKU
-     * is set.
-     */
-    if (hx509_cert_cmp(signer, parent) != 0) {
-	Certificate *p = _hx509_get_cert(parent);
-	Certificate *s = _hx509_get_cert(signer);
-
-	ret = _hx509_cert_is_parent_cmp(s, p, 0);
-	if (ret != 0) {
-	    ret = HX509_PARENT_NOT_CA;
-	    hx509_set_error_string(context, 0, ret, "Revoke OSCP signer is "
-				   "doesn't have CA as signer certificate");
-	    goto out;
-	}
-
-	ret = _hx509_verify_signature_bitstring(context,
-						p,
-						&s->signatureAlgorithm,
-						&s->tbsCertificate._save,
-						&s->signatureValue);
-	if (ret) {
-	    hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
-				   "OSCP signer signature invalid");
-	    goto out;
-	}
-
-	ret = hx509_cert_check_eku(context, signer, 
-				   oid_id_pkix_kp_OCSPSigning(), 0);
-	if (ret)
-	    goto out;
-    }
-
-    ret = _hx509_verify_signature_bitstring(context,
-					    _hx509_get_cert(signer), 
-					    &ocsp->ocsp.signatureAlgorithm,
-					    &ocsp->ocsp.tbsResponseData._save,
-					    &ocsp->ocsp.signature);
-    if (ret) {
-	hx509_set_error_string(context, HX509_ERROR_APPEND, ret, 
-			       "OSCP signature invalid");
-	goto out;
-    }
-
-    ocsp->signer = signer;
-    signer = NULL;
-out:
-    if (signer)
-	hx509_cert_free(signer);
-
-    return ret;
-}
-
-/*
- *
- */
-
-static int
-parse_ocsp_basic(const void *data, size_t length, OCSPBasicOCSPResponse *basic)
-{
-    OCSPResponse resp;
-    size_t size;
-    int ret;
-
-    memset(basic, 0, sizeof(*basic));
-
-    ret = decode_OCSPResponse(data, length, &resp, &size);
-    if (ret)
-	return ret;
-    if (length != size) {
-	free_OCSPResponse(&resp);
-	return ASN1_EXTRA_DATA;
-    }
-
-    switch (resp.responseStatus) {
-    case successful:
-	break;
-    default:
-	free_OCSPResponse(&resp);
-	return HX509_REVOKE_WRONG_DATA;
-    }
-
-    if (resp.responseBytes == NULL) {
-	free_OCSPResponse(&resp);
-	return EINVAL;
-    }
-
-    ret = der_heim_oid_cmp(&resp.responseBytes->responseType, 
-			   oid_id_pkix_ocsp_basic());
-    if (ret != 0) {
-	free_OCSPResponse(&resp);
-	return HX509_REVOKE_WRONG_DATA;
-    }
-
-    ret = decode_OCSPBasicOCSPResponse(resp.responseBytes->response.data,
-				       resp.responseBytes->response.length,
-				       basic,
-				       &size);
-    if (ret) {
-	free_OCSPResponse(&resp);
-	return ret;
-    }
-    if (size != resp.responseBytes->response.length) {
-	free_OCSPResponse(&resp);
-	free_OCSPBasicOCSPResponse(basic);
-	return ASN1_EXTRA_DATA;
-    }
-    free_OCSPResponse(&resp);
-
-    return 0;
-}
-
-/*
- *
- */
-
-static int
-load_ocsp(hx509_context context, struct revoke_ocsp *ocsp)
-{
-    OCSPBasicOCSPResponse basic;
-    hx509_certs certs = NULL;
-    size_t length;
-    struct stat sb;
-    void *data;
-    int ret;
-
-    ret = _hx509_map_file(ocsp->path, &data, &length, &sb);
-    if (ret)
-	return ret;
-
-    ret = parse_ocsp_basic(data, length, &basic);
-    _hx509_unmap_file(data, length);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret,
-			       "Failed to parse OCSP response");
-	return ret;
-    }
-
-    if (basic.certs) {
-	int i;
-
-	ret = hx509_certs_init(context, "MEMORY:ocsp-certs", 0, 
-			       NULL, &certs);
-	if (ret) {
-	    free_OCSPBasicOCSPResponse(&basic);
-	    return ret;
-	}
-
-	for (i = 0; i < basic.certs->len; i++) {
-	    hx509_cert c;
-	    
-	    ret = hx509_cert_init(context, &basic.certs->val[i], &c);
-	    if (ret)
-		continue;
-	    
-	    ret = hx509_certs_add(context, certs, c);
-	    hx509_cert_free(c);
-	    if (ret)
-		continue;
-	}
-    }
-
-    ocsp->last_modfied = sb.st_mtime;
-
-    free_OCSPBasicOCSPResponse(&ocsp->ocsp);
-    hx509_certs_free(&ocsp->certs);
-    hx509_cert_free(ocsp->signer);
-
-    ocsp->ocsp = basic;
-    ocsp->certs = certs;
-    ocsp->signer = NULL;
-
-    return 0;
-}
-
-/**
- * Add a OCSP file to the revokation context.
- *
- * @param context hx509 context
- * @param ctx hx509 revokation context
- * @param path path to file that is going to be added to the context.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_revoke
- */
-
-int
-hx509_revoke_add_ocsp(hx509_context context,
-		      hx509_revoke_ctx ctx,
-		      const char *path)
-{
-    void *data;
-    int ret;
-    size_t i;
-
-    if (strncmp(path, "FILE:", 5) != 0) {
-	hx509_set_error_string(context, 0, HX509_UNSUPPORTED_OPERATION,
-			       "unsupport type in %s", path);
-	return HX509_UNSUPPORTED_OPERATION;
-    }
-
-    path += 5;
-
-    for (i = 0; i < ctx->ocsps.len; i++) {
-	if (strcmp(ctx->ocsps.val[0].path, path) == 0)
-	    return 0;
-    }
-
-    data = realloc(ctx->ocsps.val, 
-		   (ctx->ocsps.len + 1) * sizeof(ctx->ocsps.val[0]));
-    if (data == NULL) {
-	hx509_clear_error_string(context);
-	return ENOMEM;
-    }
-
-    ctx->ocsps.val = data;
-
-    memset(&ctx->ocsps.val[ctx->ocsps.len], 0, 
-	   sizeof(ctx->ocsps.val[0]));
-
-    ctx->ocsps.val[ctx->ocsps.len].path = strdup(path);
-    if (ctx->ocsps.val[ctx->ocsps.len].path == NULL) {
-	hx509_clear_error_string(context);
-	return ENOMEM;
-    }
-
-    ret = load_ocsp(context, &ctx->ocsps.val[ctx->ocsps.len]);
-    if (ret) {
-	free(ctx->ocsps.val[ctx->ocsps.len].path);
-	return ret;
-    }
-    ctx->ocsps.len++;
-
-    return ret;
-}
-
-/*
- *
- */
-
-static int
-verify_crl(hx509_context context,
-	   hx509_revoke_ctx ctx,
-	   CRLCertificateList *crl,
-	   time_t time_now,
-	   hx509_certs certs,
-	   hx509_cert parent)
-{
-    hx509_cert signer;
-    hx509_query q;
-    time_t t;
-    int ret;
-	
-    t = _hx509_Time2time_t(&crl->tbsCertList.thisUpdate);
-    if (t > time_now) {
-	hx509_set_error_string(context, 0, HX509_CRL_USED_BEFORE_TIME,
-			       "CRL used before time");
-	return HX509_CRL_USED_BEFORE_TIME;
-    }
-
-    if (crl->tbsCertList.nextUpdate == NULL) {
-	hx509_set_error_string(context, 0, HX509_CRL_INVALID_FORMAT,
-			       "CRL missing nextUpdate");
-	return HX509_CRL_INVALID_FORMAT;
-    }
-
-    t = _hx509_Time2time_t(crl->tbsCertList.nextUpdate);
-    if (t < time_now) {
-	hx509_set_error_string(context, 0, HX509_CRL_USED_AFTER_TIME,
-			       "CRL used after time");
-	return HX509_CRL_USED_AFTER_TIME;
-    }
-
-    _hx509_query_clear(&q);
-	
-    /*
-     * If it's the signer have CRLSIGN bit set, use that as the signer
-     * cert for the certificate, otherwise, search for a certificate.
-     */
-    if (_hx509_check_key_usage(context, parent, 1 << 6, FALSE) == 0) {
-	signer = hx509_cert_ref(parent);
-    } else {
-	q.match = HX509_QUERY_MATCH_SUBJECT_NAME;
-	q.match |= HX509_QUERY_KU_CRLSIGN;
-	q.subject_name = &crl->tbsCertList.issuer;
-	
-	ret = hx509_certs_find(context, certs, &q, &signer);
-	if (ret) {
-	    hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
-				   "Failed to find certificate for CRL");
-	    return ret;
-	}
-    }
-
-    ret = _hx509_verify_signature_bitstring(context,
-					    _hx509_get_cert(signer), 
-					    &crl->signatureAlgorithm,
-					    &crl->tbsCertList._save,
-					    &crl->signatureValue);
-    if (ret) {
-	hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
-			       "CRL signature invalid");
-	goto out;
-    }
-
-    /* 
-     * If signer is not CA cert, need to check revoke status of this
-     * CRL signing cert too, this include all parent CRL signer cert
-     * up to the root *sigh*, assume root at least hve CERTSIGN flag
-     * set.
-     */
-    while (_hx509_check_key_usage(context, signer, 1 << 5, TRUE)) {
-	hx509_cert crl_parent;
-
-	_hx509_query_clear(&q);
-	
-	q.match = HX509_QUERY_MATCH_SUBJECT_NAME;
-	q.match |= HX509_QUERY_KU_CRLSIGN;
-	q.subject_name = &_hx509_get_cert(signer)->tbsCertificate.issuer;
-	
-	ret = hx509_certs_find(context, certs, &q, &crl_parent);
-	if (ret) {
-	    hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
-				   "Failed to find parent of CRL signer");
-	    goto out;
-	}
-
-	ret = hx509_revoke_verify(context,
-				  ctx, 
-				  certs,
-				  time_now,
-				  signer,
-				  crl_parent);
-	hx509_cert_free(signer);
-	signer = crl_parent;
-	if (ret) {
-	    hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
-				   "Failed to verify revoke "
-				   "status of CRL signer");
-	    goto out;
-	}
-    }
-
-out:
-    hx509_cert_free(signer);
-
-    return ret;
-}
-
-static int
-load_crl(const char *path, time_t *t, CRLCertificateList *crl)
-{
-    size_t length, size;
-    struct stat sb;
-    void *data;
-    int ret;
-
-    memset(crl, 0, sizeof(*crl));
-
-    ret = _hx509_map_file(path, &data, &length, &sb);
-    if (ret)
-	return ret;
-
-    *t = sb.st_mtime;
-
-    ret = decode_CRLCertificateList(data, length, crl, &size);
-    _hx509_unmap_file(data, length);
-    if (ret)
-	return ret;
-
-    /* check signature is aligned */
-    if (crl->signatureValue.length & 7) {
-	free_CRLCertificateList(crl);
-	return HX509_CRYPTO_SIG_INVALID_FORMAT;
-    }
-    return 0;
-}
-
-/**
- * Add a CRL file to the revokation context.
- *
- * @param context hx509 context
- * @param ctx hx509 revokation context
- * @param path path to file that is going to be added to the context.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_revoke
- */
-
-int
-hx509_revoke_add_crl(hx509_context context,
-		     hx509_revoke_ctx ctx,
-		     const char *path)
-{
-    void *data;
-    size_t i;
-    int ret;
-
-    if (strncmp(path, "FILE:", 5) != 0) {
-	hx509_set_error_string(context, 0, HX509_UNSUPPORTED_OPERATION,
-			       "unsupport type in %s", path);
-	return HX509_UNSUPPORTED_OPERATION;
-    }
-
-    
-    path += 5;
-
-    for (i = 0; i < ctx->crls.len; i++) {
-	if (strcmp(ctx->crls.val[0].path, path) == 0)
-	    return 0;
-    }
-
-    data = realloc(ctx->crls.val, 
-		   (ctx->crls.len + 1) * sizeof(ctx->crls.val[0]));
-    if (data == NULL) {
-	hx509_clear_error_string(context);
-	return ENOMEM;
-    }
-    ctx->crls.val = data;
-
-    memset(&ctx->crls.val[ctx->crls.len], 0, sizeof(ctx->crls.val[0]));
-
-    ctx->crls.val[ctx->crls.len].path = strdup(path);
-    if (ctx->crls.val[ctx->crls.len].path == NULL) {
-	hx509_clear_error_string(context);
-	return ENOMEM;
-    }
-
-    ret = load_crl(path, 
-		   &ctx->crls.val[ctx->crls.len].last_modfied,
-		   &ctx->crls.val[ctx->crls.len].crl);
-    if (ret) {
-	free(ctx->crls.val[ctx->crls.len].path);
-	return ret;
-    }
-
-    ctx->crls.len++;
-
-    return ret;
-}
-
-/**
- * Check that a certificate is not expired according to a revokation
- * context. Also need the parent certificte to the check OCSP
- * parent identifier.
- *
- * @param context hx509 context
- * @param ctx hx509 revokation context
- * @param certs
- * @param now
- * @param cert
- * @param parent_cert
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_revoke
- */
-
-
-int
-hx509_revoke_verify(hx509_context context,
-		    hx509_revoke_ctx ctx,
-		    hx509_certs certs,
-		    time_t now,
-		    hx509_cert cert,
-		    hx509_cert parent_cert)
-{
-    const Certificate *c = _hx509_get_cert(cert);
-    const Certificate *p = _hx509_get_cert(parent_cert);
-    unsigned long i, j, k;
-    int ret;
-
-    hx509_clear_error_string(context);
-
-    for (i = 0; i < ctx->ocsps.len; i++) {
-	struct revoke_ocsp *ocsp = &ctx->ocsps.val[i];
-	struct stat sb;
-
-	/* check this ocsp apply to this cert */
-
-	/* check if there is a newer version of the file */
-	ret = stat(ocsp->path, &sb);
-	if (ret == 0 && ocsp->last_modfied != sb.st_mtime) {
-	    ret = load_ocsp(context, ocsp);
-	    if (ret)
-		continue;
-	}
-
-	/* verify signature in ocsp if not already done */
-	if (ocsp->signer == NULL) {
-	    ret = verify_ocsp(context, ocsp, now, certs, parent_cert);
-	    if (ret)
-		continue;
-	}
-
-	for (j = 0; j < ocsp->ocsp.tbsResponseData.responses.len; j++) {
-	    heim_octet_string os;
-
-	    ret = der_heim_integer_cmp(&ocsp->ocsp.tbsResponseData.responses.val[j].certID.serialNumber,
-				   &c->tbsCertificate.serialNumber);
-	    if (ret != 0)
-		continue;
-	    
-	    /* verify issuer hashes hash */
-	    ret = _hx509_verify_signature(context,
-					  NULL,
-					  &ocsp->ocsp.tbsResponseData.responses.val[i].certID.hashAlgorithm,
-					  &c->tbsCertificate.issuer._save,
-					  &ocsp->ocsp.tbsResponseData.responses.val[i].certID.issuerNameHash);
-	    if (ret != 0)
-		continue;
-
-	    os.data = p->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data;
-	    os.length = p->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.length / 8;
-
-	    ret = _hx509_verify_signature(context,
-					  NULL,
-					  &ocsp->ocsp.tbsResponseData.responses.val[j].certID.hashAlgorithm,
-					  &os,
-					  &ocsp->ocsp.tbsResponseData.responses.val[j].certID.issuerKeyHash);
-	    if (ret != 0)
-		continue;
-
-	    switch (ocsp->ocsp.tbsResponseData.responses.val[j].certStatus.element) {
-	    case choice_OCSPCertStatus_good:
-		break;
-	    case choice_OCSPCertStatus_revoked:
-		hx509_set_error_string(context, 0, 
-				       HX509_CERT_REVOKED,
-				       "Certificate revoked by issuer in OCSP");
-		return HX509_CERT_REVOKED;
-	    case choice_OCSPCertStatus_unknown:
-		continue;
-	    }
-
-	    /* don't allow the update to be in the future */
-	    if (ocsp->ocsp.tbsResponseData.responses.val[j].thisUpdate > 
-		now + context->ocsp_time_diff)
-		continue;
-
-	    /* don't allow the next update to be in the past */
-	    if (ocsp->ocsp.tbsResponseData.responses.val[j].nextUpdate) {
-		if (*ocsp->ocsp.tbsResponseData.responses.val[j].nextUpdate < now)
-		    continue;
-	    } else
-		/* Should force a refetch, but can we ? */;
-
-	    return 0;
-	}
-    }
-
-    for (i = 0; i < ctx->crls.len; i++) {
-	struct revoke_crl *crl = &ctx->crls.val[i];
-	struct stat sb;
-
-	/* check if cert.issuer == crls.val[i].crl.issuer */
-	ret = _hx509_name_cmp(&c->tbsCertificate.issuer, 
-			      &crl->crl.tbsCertList.issuer);
-	if (ret)
-	    continue;
-
-	ret = stat(crl->path, &sb);
-	if (ret == 0 && crl->last_modfied != sb.st_mtime) {
-	    CRLCertificateList cl;
-
-	    ret = load_crl(crl->path, &crl->last_modfied, &cl);
-	    if (ret == 0) {
-		free_CRLCertificateList(&crl->crl);
-		crl->crl = cl;
-		crl->verified = 0;
-		crl->failed_verify = 0;
-	    }
-	}
-	if (crl->failed_verify)
-	    continue;
-
-	/* verify signature in crl if not already done */
-	if (crl->verified == 0) {
-	    ret = verify_crl(context, ctx, &crl->crl, now, certs, parent_cert);
-	    if (ret) {
-		crl->failed_verify = 1;
-		continue;
-	    }
-	    crl->verified = 1;
-	}
-
-	if (crl->crl.tbsCertList.crlExtensions) {
-	    for (j = 0; j < crl->crl.tbsCertList.crlExtensions->len; j++) {
-		if (crl->crl.tbsCertList.crlExtensions->val[j].critical) {
-		    hx509_set_error_string(context, 0, 
-					   HX509_CRL_UNKNOWN_EXTENSION,
-					   "Unknown CRL extension");
-		    return HX509_CRL_UNKNOWN_EXTENSION;
-		}
-	    }
-	}
-
-	if (crl->crl.tbsCertList.revokedCertificates == NULL)
-	    return 0;
-
-	/* check if cert is in crl */
-	for (j = 0; j < crl->crl.tbsCertList.revokedCertificates->len; j++) {
-	    time_t t;
-
-	    ret = der_heim_integer_cmp(&crl->crl.tbsCertList.revokedCertificates->val[j].userCertificate,
-				       &c->tbsCertificate.serialNumber);
-	    if (ret != 0)
-		continue;
-
-	    t = _hx509_Time2time_t(&crl->crl.tbsCertList.revokedCertificates->val[j].revocationDate);
-	    if (t > now)
-		continue;
-	    
-	    if (crl->crl.tbsCertList.revokedCertificates->val[j].crlEntryExtensions)
-		for (k = 0; k < crl->crl.tbsCertList.revokedCertificates->val[j].crlEntryExtensions->len; k++)
-		    if (crl->crl.tbsCertList.revokedCertificates->val[j].crlEntryExtensions->val[k].critical)
-			return HX509_CRL_UNKNOWN_EXTENSION;
-	    
-	    hx509_set_error_string(context, 0, 
-				   HX509_CERT_REVOKED,
-				   "Certificate revoked by issuer in CRL");
-	    return HX509_CERT_REVOKED;
-	}
-
-	return 0;
-    }
-
-
-    if (context->flags & HX509_CTX_VERIFY_MISSING_OK)
-	return 0;
-    hx509_set_error_string(context, HX509_ERROR_APPEND, 
-			   HX509_REVOKE_STATUS_MISSING,
-			   "No revoke status found for "
-			   "certificates");
-    return HX509_REVOKE_STATUS_MISSING;
-}
-
-struct ocsp_add_ctx {
-    OCSPTBSRequest *req;
-    hx509_certs certs;
-    const AlgorithmIdentifier *digest;
-    hx509_cert parent;
-};
-
-static int
-add_to_req(hx509_context context, void *ptr, hx509_cert cert)
-{
-    struct ocsp_add_ctx *ctx = ptr;
-    OCSPInnerRequest *one;
-    hx509_cert parent = NULL;
-    Certificate *p, *c = _hx509_get_cert(cert);
-    heim_octet_string os;
-    int ret;
-    hx509_query q;
-    void *d;
-
-    d = realloc(ctx->req->requestList.val, 
-		sizeof(ctx->req->requestList.val[0]) *
-		(ctx->req->requestList.len + 1));
-    if (d == NULL)
-	return ENOMEM;
-    ctx->req->requestList.val = d;
-    
-    one = &ctx->req->requestList.val[ctx->req->requestList.len];
-    memset(one, 0, sizeof(*one));
-
-    _hx509_query_clear(&q);
-
-    q.match |= HX509_QUERY_FIND_ISSUER_CERT;
-    q.subject = c;
-
-    ret = hx509_certs_find(context, ctx->certs, &q, &parent);
-    if (ret)
-	goto out;
-
-    if (ctx->parent) {
-	if (hx509_cert_cmp(ctx->parent, parent) != 0) {
-	    ret = HX509_REVOKE_NOT_SAME_PARENT;
-	    hx509_set_error_string(context, 0, ret,
-				   "Not same parent certifate as "
-				   "last certificate in request");
-	    goto out;
-	}
-    } else
-	ctx->parent = hx509_cert_ref(parent);
-
-    p = _hx509_get_cert(parent);
-
-    ret = copy_AlgorithmIdentifier(ctx->digest, &one->reqCert.hashAlgorithm);
-    if (ret)
-	goto out;
-
-    ret = _hx509_create_signature(context,
-				  NULL,
-				  &one->reqCert.hashAlgorithm,
-				  &c->tbsCertificate.issuer._save,
-				  NULL,
-				  &one->reqCert.issuerNameHash);
-    if (ret)
-	goto out;
-
-    os.data = p->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data;
-    os.length = 
-	p->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.length / 8;
-
-    ret = _hx509_create_signature(context,
-				  NULL,
-				  &one->reqCert.hashAlgorithm,
-				  &os,
-				  NULL,
-				  &one->reqCert.issuerKeyHash);
-    if (ret)
-	goto out;
-
-    ret = copy_CertificateSerialNumber(&c->tbsCertificate.serialNumber,
-				       &one->reqCert.serialNumber);
-    if (ret)
-	goto out;
-
-    ctx->req->requestList.len++;
-out:
-    hx509_cert_free(parent);
-    if (ret) {
-	free_OCSPInnerRequest(one);
-	memset(one, 0, sizeof(*one));
-    }
-
-    return ret;
-}
-
-/**
- * Create an OCSP request for a set of certificates.
- *
- * @param context a hx509 context
- * @param reqcerts list of certificates to request ocsp data for
- * @param pool certificate pool to use when signing
- * @param signer certificate to use to sign the request
- * @param digest the signing algorithm in the request, if NULL use the
- * default signature algorithm,
- * @param request the encoded request, free with free_heim_octet_string().
- * @param nonce nonce in the request, free with free_heim_octet_string().
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_revoke
- */
-
-int
-hx509_ocsp_request(hx509_context context,
-		   hx509_certs reqcerts,
-		   hx509_certs pool,
-		   hx509_cert signer,
-		   const AlgorithmIdentifier *digest,
-		   heim_octet_string *request,
-		   heim_octet_string *nonce)
-{
-    OCSPRequest req;
-    size_t size;
-    int ret;
-    struct ocsp_add_ctx ctx;
-    Extensions *es;
-
-    memset(&req, 0, sizeof(req));
-
-    if (digest == NULL)
-	digest = _hx509_crypto_default_digest_alg;
-
-    ctx.req = &req.tbsRequest;
-    ctx.certs = pool;
-    ctx.digest = digest;
-    ctx.parent = NULL;
-
-    ret = hx509_certs_iter(context, reqcerts, add_to_req, &ctx);
-    hx509_cert_free(ctx.parent);
-    if (ret)
-	goto out;
-    
-    if (nonce) {
-	req.tbsRequest.requestExtensions = 
-	    calloc(1, sizeof(*req.tbsRequest.requestExtensions));
-	if (req.tbsRequest.requestExtensions == NULL) {
-	    ret = ENOMEM;
-	    goto out;
-	}
-
-	es = req.tbsRequest.requestExtensions;
-	
-	es->val = calloc(es->len, sizeof(es->val[0]));
-	if (es->val == NULL) {
-	    ret = ENOMEM;
-	    goto out;
-	}
-	es->len = 1;
-	
-	ret = der_copy_oid(oid_id_pkix_ocsp_nonce(), &es->val[0].extnID);
-	if (ret) {
-	    free_OCSPRequest(&req);
-	    return ret;
-	}
-
-	es->val[0].extnValue.data = malloc(10);
-	if (es->val[0].extnValue.data == NULL) {
-	    ret = ENOMEM;
-	    goto out;
-	}
-	es->val[0].extnValue.length = 10;
-	
-	ret = RAND_bytes(es->val[0].extnValue.data,
-			 es->val[0].extnValue.length);
-	if (ret != 1) {
-	    ret = HX509_CRYPTO_INTERNAL_ERROR;
-	    goto out;
-	}
-	ret = der_copy_octet_string(nonce, &es->val[0].extnValue);
-	if (ret) {
-	    ret = ENOMEM;
-	    goto out;
-	}
-    }
-
-    ASN1_MALLOC_ENCODE(OCSPRequest, request->data, request->length,
-		       &req, &size, ret);
-    free_OCSPRequest(&req);
-    if (ret)
-	goto out;
-    if (size != request->length)
-	_hx509_abort("internal ASN.1 encoder error");
-
-    return 0;
-
-out:
-    free_OCSPRequest(&req);
-    return ret;
-}
-
-static char *
-printable_time(time_t t)
-{
-    static char s[128];
-    strlcpy(s, ctime(&t)+ 4, sizeof(s));
-    s[20] = 0;
-    return s;
-}
-
-/**
- * Print the OCSP reply stored in a file.
- *
- * @param context a hx509 context
- * @param path path to a file with a OCSP reply
- * @param out the out FILE descriptor to print the reply on
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_revoke
- */
-
-int
-hx509_revoke_ocsp_print(hx509_context context, const char *path, FILE *out)
-{
-    struct revoke_ocsp ocsp;
-    int ret, i;
-    
-    if (out == NULL)
-	out = stdout;
-
-    memset(&ocsp, 0, sizeof(ocsp));
-
-    ocsp.path = strdup(path);
-    if (ocsp.path == NULL)
-	return ENOMEM;
-
-    ret = load_ocsp(context, &ocsp);
-    if (ret) {
-	free_ocsp(&ocsp);
-	return ret;
-    }
-
-    fprintf(out, "signer: ");
-
-    switch(ocsp.ocsp.tbsResponseData.responderID.element) {
-    case choice_OCSPResponderID_byName: {
-	hx509_name n;
-	char *s;
-	_hx509_name_from_Name(&ocsp.ocsp.tbsResponseData.responderID.u.byName, &n);
-	hx509_name_to_string(n, &s);
-	hx509_name_free(&n);
-	fprintf(out, " byName: %s\n", s);
-	free(s);
-	break;
-    }
-    case choice_OCSPResponderID_byKey: {
-	char *s;
-	hex_encode(ocsp.ocsp.tbsResponseData.responderID.u.byKey.data,
-		   ocsp.ocsp.tbsResponseData.responderID.u.byKey.length,
-		   &s);
-	fprintf(out, " byKey: %s\n", s);
-	free(s);
-	break;
-    }
-    default:
-	_hx509_abort("choice_OCSPResponderID unknown");
-	break;
-    }
-
-    fprintf(out, "producedAt: %s\n", 
-	    printable_time(ocsp.ocsp.tbsResponseData.producedAt));
-
-    fprintf(out, "replies: %d\n", ocsp.ocsp.tbsResponseData.responses.len);
-
-    for (i = 0; i < ocsp.ocsp.tbsResponseData.responses.len; i++) {
-	const char *status;
-	switch (ocsp.ocsp.tbsResponseData.responses.val[i].certStatus.element) {
-	case choice_OCSPCertStatus_good:
-	    status = "good";
-	    break;
-	case choice_OCSPCertStatus_revoked:
-	    status = "revoked";
-	    break;
-	case choice_OCSPCertStatus_unknown:
-	    status = "unknown";
-	    break;
-	default:
-	    status = "element unknown";
-	}
-
-	fprintf(out, "\t%d. status: %s\n", i, status);
-
-	fprintf(out, "\tthisUpdate: %s\n", 
-		printable_time(ocsp.ocsp.tbsResponseData.responses.val[i].thisUpdate));
-	if (ocsp.ocsp.tbsResponseData.responses.val[i].nextUpdate)
-	    fprintf(out, "\tproducedAt: %s\n", 
-		    printable_time(ocsp.ocsp.tbsResponseData.responses.val[i].thisUpdate));
-
-    }
-
-    fprintf(out, "appended certs:\n");
-    if (ocsp.certs)
-	ret = hx509_certs_iter(context, ocsp.certs, hx509_ci_print_names, out);
-
-    free_ocsp(&ocsp);
-    return ret;
-}
-
-/**
- * Verify that the certificate is part of the OCSP reply and it's not
- * expired. Doesn't verify signature the OCSP reply or it's done by a
- * authorized sender, that is assumed to be already done.
- *
- * @param context a hx509 context
- * @param now the time right now, if 0, use the current time.
- * @param cert the certificate to verify
- * @param flags flags control the behavior
- * @param data pointer to the encode ocsp reply
- * @param length the length of the encode ocsp reply
- * @param expiration return the time the OCSP will expire and need to
- * be rechecked.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_verify
- */
-
-int
-hx509_ocsp_verify(hx509_context context,
-		  time_t now,
-		  hx509_cert cert,
-		  int flags,
-		  const void *data, size_t length,
-		  time_t *expiration)
-{
-    const Certificate *c = _hx509_get_cert(cert);
-    OCSPBasicOCSPResponse basic;
-    int ret, i;
-
-    if (now == 0)
-	now = time(NULL);
-
-    *expiration = 0;
-
-    ret = parse_ocsp_basic(data, length, &basic);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret,
-			       "Failed to parse OCSP response");
-	return ret;
-    }
-
-    for (i = 0; i < basic.tbsResponseData.responses.len; i++) {
-
-	ret = der_heim_integer_cmp(&basic.tbsResponseData.responses.val[i].certID.serialNumber,
-			       &c->tbsCertificate.serialNumber);
-	if (ret != 0)
-	    continue;
-	    
-	/* verify issuer hashes hash */
-	ret = _hx509_verify_signature(context,
-				      NULL,
-				      &basic.tbsResponseData.responses.val[i].certID.hashAlgorithm,
-				      &c->tbsCertificate.issuer._save,
-				      &basic.tbsResponseData.responses.val[i].certID.issuerNameHash);
-	if (ret != 0)
-	    continue;
-
-	switch (basic.tbsResponseData.responses.val[i].certStatus.element) {
-	case choice_OCSPCertStatus_good:
-	    break;
-	case choice_OCSPCertStatus_revoked:
-	case choice_OCSPCertStatus_unknown:
-	    continue;
-	}
-
-	/* don't allow the update to be in the future */
-	if (basic.tbsResponseData.responses.val[i].thisUpdate > 
-	    now + context->ocsp_time_diff)
-	    continue;
-
-	/* don't allow the next update to be in the past */
-	if (basic.tbsResponseData.responses.val[i].nextUpdate) {
-	    if (*basic.tbsResponseData.responses.val[i].nextUpdate < now)
-		continue;
-	    *expiration = *basic.tbsResponseData.responses.val[i].nextUpdate;
-	} else
-	    *expiration = now;
-
-	free_OCSPBasicOCSPResponse(&basic);
-	return 0;
-    }
-
-    free_OCSPBasicOCSPResponse(&basic);
-
-    {
-	hx509_name name;
-	char *subject;
-	
-	ret = hx509_cert_get_subject(cert, &name);
-	if (ret) {
-	    hx509_clear_error_string(context);
-	    goto out;
-	}
-	ret = hx509_name_to_string(name, &subject);
-	hx509_name_free(&name);
-	if (ret) {
-	    hx509_clear_error_string(context);
-	    goto out;
-	}
-	hx509_set_error_string(context, 0, HX509_CERT_NOT_IN_OCSP,
-			       "Certificate %s not in OCSP response "
-			       "or not good",
-			       subject);
-	free(subject);
-    }
-out:
-    return HX509_CERT_NOT_IN_OCSP;
-}
-
-struct hx509_crl {
-    hx509_certs revoked;
-    time_t expire;
-};
-
-/**
- * Create a CRL context. Use hx509_crl_free() to free the CRL context.
- *
- * @param context a hx509 context.
- * @param crl return pointer to a newly allocated CRL context.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_verify
- */
-
-int
-hx509_crl_alloc(hx509_context context, hx509_crl *crl)
-{
-    int ret;
-
-    *crl = calloc(1, sizeof(**crl));
-    if (*crl == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-
-    ret = hx509_certs_init(context, "MEMORY:crl", 0, NULL, &(*crl)->revoked);
-    if (ret) {
-	free(*crl);
-	*crl = NULL;
-	return ret;
-    }
-    (*crl)->expire = 0;
-    return ret;
-}
-
-/**
- * Add revoked certificate to an CRL context.
- *
- * @param context a hx509 context.
- * @param crl the CRL to add the revoked certificate to.
- * @param certs keyset of certificate to revoke.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_verify
- */
-
-int
-hx509_crl_add_revoked_certs(hx509_context context,
-			    hx509_crl crl, 
-			    hx509_certs certs)
-{
-    return hx509_certs_merge(context, crl->revoked, certs);
-}
-
-/**
- * Set the lifetime of a CRL context.
- *
- * @param context a hx509 context.
- * @param crl a CRL context
- * @param delta delta time the certificate is valid, library adds the
- * current time to this.
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_verify
- */
-
-int
-hx509_crl_lifetime(hx509_context context, hx509_crl crl, int delta)
-{
-    crl->expire = time(NULL) + delta;
-    return 0;
-}
-
-/**
- * Free a CRL context.
- *
- * @param context a hx509 context.
- * @param crl a CRL context to free.
- *
- * @ingroup hx509_verify
- */
-
-void
-hx509_crl_free(hx509_context context, hx509_crl *crl)
-{
-    if (*crl == NULL)
-	return;
-    hx509_certs_free(&(*crl)->revoked);
-    memset(*crl, 0, sizeof(**crl));
-    free(*crl);
-    *crl = NULL;
-}
-
-static int
-add_revoked(hx509_context context, void *ctx, hx509_cert cert)
-{
-    TBSCRLCertList *c = ctx;
-    unsigned int num;
-    void *ptr;
-    int ret;
-
-    num = c->revokedCertificates->len;
-    ptr = realloc(c->revokedCertificates->val,
-		  (num + 1) * sizeof(c->revokedCertificates->val[0]));
-    if (ptr == NULL) {
-	hx509_clear_error_string(context);
-	return ENOMEM;
-    }
-    c->revokedCertificates->val = ptr;
-
-    ret = hx509_cert_get_serialnumber(cert, 
-				      &c->revokedCertificates->val[num].userCertificate);
-    if (ret) {
-	hx509_clear_error_string(context);
-	return ret;
-    }
-    c->revokedCertificates->val[num].revocationDate.element = 
-	choice_Time_generalTime;
-    c->revokedCertificates->val[num].revocationDate.u.generalTime =
-	time(NULL) - 3600 * 24;
-    c->revokedCertificates->val[num].crlEntryExtensions = NULL;
-
-    c->revokedCertificates->len++;
-
-    return 0;
-}    
-
-/**
- * Sign a CRL and return an encode certificate.
- *
- * @param context a hx509 context.
- * @param signer certificate to sign the CRL with
- * @param crl the CRL to sign
- * @param os return the signed and encoded CRL, free with
- * free_heim_octet_string()
- *
- * @return An hx509 error code, see hx509_get_error_string().
- *
- * @ingroup hx509_verify
- */
-
-int
-hx509_crl_sign(hx509_context context,
-	       hx509_cert signer,
-	       hx509_crl crl,
-	       heim_octet_string *os)
-{
-    const AlgorithmIdentifier *sigalg = _hx509_crypto_default_sig_alg;
-    CRLCertificateList c;
-    size_t size;
-    int ret;
-    hx509_private_key signerkey;
-
-    memset(&c, 0, sizeof(c));
-
-    signerkey = _hx509_cert_private_key(signer);
-    if (signerkey == NULL) {
-	ret = HX509_PRIVATE_KEY_MISSING;
-	hx509_set_error_string(context, 0, ret,
-			       "Private key missing for CRL signing");
-	return ret;
-    }
-
-    c.tbsCertList.version = malloc(sizeof(*c.tbsCertList.version));
-    if (c.tbsCertList.version == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	return ENOMEM;
-    }
-
-    *c.tbsCertList.version = 1;
-
-    ret = copy_AlgorithmIdentifier(sigalg, &c.tbsCertList.signature);
-    if (ret) {
-	hx509_clear_error_string(context);
-	goto out;
-    }
-
-    ret = copy_Name(&_hx509_get_cert(signer)->tbsCertificate.issuer,
-		    &c.tbsCertList.issuer);
-    if (ret) {
-	hx509_clear_error_string(context);
-	goto out;
-    }
-
-    c.tbsCertList.thisUpdate.element = choice_Time_generalTime;
-    c.tbsCertList.thisUpdate.u.generalTime = time(NULL) - 24 * 3600;
-
-    c.tbsCertList.nextUpdate = malloc(sizeof(*c.tbsCertList.nextUpdate));
-    if (c.tbsCertList.nextUpdate == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	ret = ENOMEM;
-	goto out;
-    }
-
-    {
-	time_t next = crl->expire;
-	if (next == 0)
-	    next = time(NULL) + 24 * 3600 * 365;
-
-	c.tbsCertList.nextUpdate->element = choice_Time_generalTime;
-	c.tbsCertList.nextUpdate->u.generalTime = next;
-    }
-
-    c.tbsCertList.revokedCertificates = 
-	calloc(1, sizeof(*c.tbsCertList.revokedCertificates));
-    if (c.tbsCertList.revokedCertificates == NULL) {
-	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
-	ret = ENOMEM;
-	goto out;
-    }
-    c.tbsCertList.crlExtensions = NULL;
-
-    ret = hx509_certs_iter(context, crl->revoked, add_revoked, &c.tbsCertList);
-    if (ret)
-	goto out;
-
-    /* if not revoked certs, remove OPTIONAL entry */
-    if (c.tbsCertList.revokedCertificates->len == 0) {
-	free(c.tbsCertList.revokedCertificates);
-	c.tbsCertList.revokedCertificates = NULL;
-    }
-
-    ASN1_MALLOC_ENCODE(TBSCRLCertList, os->data, os->length,
-		       &c.tbsCertList, &size, ret);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "failed to encode tbsCRL");
-	goto out;
-    }
-    if (size != os->length)
-	_hx509_abort("internal ASN.1 encoder error");
-
-
-    ret = _hx509_create_signature_bitstring(context,
-					    signerkey,
-					    sigalg,
-					    os,
-					    &c.signatureAlgorithm,
-					    &c.signatureValue);
-    free(os->data);
-
-    ASN1_MALLOC_ENCODE(CRLCertificateList, os->data, os->length,
-		       &c, &size, ret);
-    free_CRLCertificateList(&c);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "failed to encode CRL");
-	goto out;
-    }
-    if (size != os->length)
-	_hx509_abort("internal ASN.1 encoder error");
-
-    return 0;
-
-out:
-    free_CRLCertificateList(&c);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/hx509/softp11.c b/crypto/heimdal/lib/hx509/softp11.c
deleted file mode 100644
index 86bb1d6dbe75..000000000000
--- a/crypto/heimdal/lib/hx509/softp11.c
+++ /dev/null
@@ -1,1740 +0,0 @@
-/*
- * Copyright (c) 2004 - 2008 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-#include "pkcs11.h"
-
-#define OBJECT_ID_MASK		0xfff
-#define HANDLE_OBJECT_ID(h)	((h) & OBJECT_ID_MASK)
-#define OBJECT_ID(obj)		HANDLE_OBJECT_ID((obj)->object_handle)
-
-
-struct st_attr {
-    CK_ATTRIBUTE attribute;
-    int secret;
-};
-
-struct st_object {
-    CK_OBJECT_HANDLE object_handle;
-    struct st_attr *attrs;
-    int num_attributes;
-    hx509_cert cert;
-};
-
-static struct soft_token {
-    CK_VOID_PTR application;
-    CK_NOTIFY notify;
-    char *config_file;
-    hx509_certs certs;
-    struct {
-	struct st_object **objs;
-	int num_objs;
-    } object;
-    struct {
-	int hardware_slot;
-	int app_error_fatal;
-	int login_done;
-    } flags;
-    int open_sessions;
-    struct session_state {
-	CK_SESSION_HANDLE session_handle;
-
-	struct {
-	    CK_ATTRIBUTE *attributes;
-	    CK_ULONG num_attributes;
-	    int next_object;
-	} find;
-
-	int sign_object;
-	CK_MECHANISM_PTR sign_mechanism;
-	int verify_object;
-	CK_MECHANISM_PTR verify_mechanism;
-    } state[10];
-#define MAX_NUM_SESSION (sizeof(soft_token.state)/sizeof(soft_token.state[0]))
-    FILE *logfile;
-} soft_token;
-
-static hx509_context context;
-
-static void
-application_error(const char *fmt, ...)
-{
-    va_list ap;
-    va_start(ap, fmt);
-    vprintf(fmt, ap);
-    va_end(ap);
-    if (soft_token.flags.app_error_fatal)
-	abort();
-}
-
-static void
-st_logf(const char *fmt, ...)
-{
-    va_list ap;
-    if (soft_token.logfile == NULL)
-	return;
-    va_start(ap, fmt);
-    vfprintf(soft_token.logfile, fmt, ap);
-    va_end(ap);
-    fflush(soft_token.logfile);
-}
-
-static CK_RV
-init_context(void)
-{
-    if (context == NULL) {
-	int ret = hx509_context_init(&context);
-	if (ret)
-	    return CKR_GENERAL_ERROR;
-    }
-    return CKR_OK;
-}
-
-#define INIT_CONTEXT() { CK_RV icret = init_context(); if (icret) return icret; }
-
-static void
-snprintf_fill(char *str, size_t size, char fillchar, const char *fmt, ...)
-{
-    int len;
-    va_list ap;
-    len = vsnprintf(str, size, fmt, ap);
-    va_end(ap);
-    if (len < 0 || len > size)
-	return;
-    while(len < size)
-	str[len++] = fillchar;
-}
-
-#ifndef TEST_APP
-#define printf error_use_st_logf
-#endif
-
-#define VERIFY_SESSION_HANDLE(s, state)			\
-{							\
-    CK_RV ret;						\
-    ret = verify_session_handle(s, state);		\
-    if (ret != CKR_OK) {				\
-	/* return CKR_OK */;				\
-    }							\
-}
-
-static CK_RV
-verify_session_handle(CK_SESSION_HANDLE hSession,
-		      struct session_state **state)
-{
-    int i;
-
-    for (i = 0; i < MAX_NUM_SESSION; i++){
-	if (soft_token.state[i].session_handle == hSession)
-	    break;
-    }
-    if (i == MAX_NUM_SESSION) {
-	application_error("use of invalid handle: 0x%08lx\n",
-			  (unsigned long)hSession);
-	return CKR_SESSION_HANDLE_INVALID;
-    }
-    if (state)
-	*state = &soft_token.state[i];
-    return CKR_OK;
-}
-
-static CK_RV
-object_handle_to_object(CK_OBJECT_HANDLE handle,
-			struct st_object **object)
-{
-    int i = HANDLE_OBJECT_ID(handle);
-
-    *object = NULL;
-    if (i >= soft_token.object.num_objs)
-	return CKR_ARGUMENTS_BAD;
-    if (soft_token.object.objs[i] == NULL)
-	return CKR_ARGUMENTS_BAD;
-    if (soft_token.object.objs[i]->object_handle != handle)
-	return CKR_ARGUMENTS_BAD;
-    *object = soft_token.object.objs[i];
-    return CKR_OK;
-}
-
-static int
-attributes_match(const struct st_object *obj,
-		 const CK_ATTRIBUTE *attributes,
-		 CK_ULONG num_attributes)
-{
-    CK_ULONG i;
-    int j;
-
-    st_logf("attributes_match: %ld\n", (unsigned long)OBJECT_ID(obj));
-
-    for (i = 0; i < num_attributes; i++) {
-	int match = 0;
-	for (j = 0; j < obj->num_attributes; j++) {
-	    if (attributes[i].type == obj->attrs[j].attribute.type &&
-		attributes[i].ulValueLen == obj->attrs[j].attribute.ulValueLen &&
-		memcmp(attributes[i].pValue, obj->attrs[j].attribute.pValue,
-		       attributes[i].ulValueLen) == 0) {
-		match = 1;
-		break;
-	    }
-	}
-	if (match == 0) {
-	    st_logf("type %d attribute have no match\n", attributes[i].type);
-	    return 0;
-	}
-    }
-    st_logf("attribute matches\n");
-    return 1;
-}
-
-static void
-print_attributes(const CK_ATTRIBUTE *attributes,
-		 CK_ULONG num_attributes)
-{
-    CK_ULONG i;
-
-    st_logf("find objects: attrs: %lu\n", (unsigned long)num_attributes);
-
-    for (i = 0; i < num_attributes; i++) {
-	st_logf("  type: ");
-	switch (attributes[i].type) {
-	case CKA_TOKEN: {
-	    CK_BBOOL *ck_true;
-	    if (attributes[i].ulValueLen != sizeof(CK_BBOOL)) {
-		application_error("token attribute wrong length\n");
-		break;
-	    }
-	    ck_true = attributes[i].pValue;
-	    st_logf("token: %s", *ck_true ? "TRUE" : "FALSE");
-	    break;
-	}
-	case CKA_CLASS: {
-	    CK_OBJECT_CLASS *class;
-	    if (attributes[i].ulValueLen != sizeof(CK_ULONG)) {
-		application_error("class attribute wrong length\n");
-		break;
-	    }
-	    class = attributes[i].pValue;
-	    st_logf("class ");
-	    switch (*class) {
-	    case CKO_CERTIFICATE:
-		st_logf("certificate");
-		break;
-	    case CKO_PUBLIC_KEY:
-		st_logf("public key");
-		break;
-	    case CKO_PRIVATE_KEY:
-		st_logf("private key");
-		break;
-	    case CKO_SECRET_KEY:
-		st_logf("secret key");
-		break;
-	    case CKO_DOMAIN_PARAMETERS:
-		st_logf("domain parameters");
-		break;
-	    default:
-		st_logf("[class %lx]", (long unsigned)*class);
-		break;
-	    }
-	    break;
-	}
-	case CKA_PRIVATE:
-	    st_logf("private");
-	    break;
-	case CKA_LABEL:
-	    st_logf("label");
-	    break;
-	case CKA_APPLICATION:
-	    st_logf("application");
-	    break;
-	case CKA_VALUE:
-	    st_logf("value");
-	    break;
-	case CKA_ID:
-	    st_logf("id");
-	    break;
-	default:
-	    st_logf("[unknown 0x%08lx]", (unsigned long)attributes[i].type);
-	    break;
-	}
-	st_logf("\n");
-    }
-}
-
-static struct st_object *
-add_st_object(void)
-{
-    struct st_object *o, **objs;
-    int i;
-
-    o = malloc(sizeof(*o));
-    if (o == NULL)
-	return NULL;
-    memset(o, 0, sizeof(*o));
-    o->attrs = NULL;
-    o->num_attributes = 0;
-    
-    for (i = 0; i < soft_token.object.num_objs; i++) {
-	if (soft_token.object.objs == NULL) {
-	    soft_token.object.objs[i] = o;
-	    break;
-	}
-    }
-    if (i == soft_token.object.num_objs) {
-	objs = realloc(soft_token.object.objs,
-		       (soft_token.object.num_objs + 1) * sizeof(soft_token.object.objs[0]));
-	if (objs == NULL) {
-	    free(o);
-	    return NULL;
-	}
-	soft_token.object.objs = objs;
-	soft_token.object.objs[soft_token.object.num_objs++] = o;
-    }	
-    soft_token.object.objs[i]->object_handle =
-	(random() & (~OBJECT_ID_MASK)) | i;
-
-    return o;
-}
-
-static CK_RV
-add_object_attribute(struct st_object *o, 
-		     int secret,
-		     CK_ATTRIBUTE_TYPE type,
-		     CK_VOID_PTR pValue,
-		     CK_ULONG ulValueLen)
-{
-    struct st_attr *a;
-    int i;
-
-    i = o->num_attributes;
-    a = realloc(o->attrs, (i + 1) * sizeof(o->attrs[0]));
-    if (a == NULL)
-	return CKR_DEVICE_MEMORY;
-    o->attrs = a;
-    o->attrs[i].secret = secret;
-    o->attrs[i].attribute.type = type;
-    o->attrs[i].attribute.pValue = malloc(ulValueLen);
-    if (o->attrs[i].attribute.pValue == NULL && ulValueLen != 0)
-	return CKR_DEVICE_MEMORY;
-    memcpy(o->attrs[i].attribute.pValue, pValue, ulValueLen);
-    o->attrs[i].attribute.ulValueLen = ulValueLen;
-    o->num_attributes++;
-
-    return CKR_OK;
-}
-
-static CK_RV
-add_pubkey_info(hx509_context hxctx, struct st_object *o,
-		CK_KEY_TYPE key_type, hx509_cert cert)
-{
-    BIGNUM *num;
-    CK_BYTE *modulus = NULL;
-    size_t modulus_len = 0;
-    CK_ULONG modulus_bits = 0;
-    CK_BYTE *exponent = NULL;
-    size_t exponent_len = 0;
-    
-    if (key_type != CKK_RSA)
-	return CKR_OK;
-    if (_hx509_cert_private_key(cert) == NULL)
-	return CKR_OK;
-
-    num = _hx509_private_key_get_internal(context, 
-					  _hx509_cert_private_key(cert), 
-					  "rsa-modulus");
-    if (num == NULL)
-	return CKR_GENERAL_ERROR;
-    modulus_bits = BN_num_bits(num);
-
-    modulus_len = BN_num_bytes(num);
-    modulus = malloc(modulus_len);
-    BN_bn2bin(num, modulus);
-    BN_free(num);
-
-    add_object_attribute(o, 0, CKA_MODULUS, modulus, modulus_len);
-    add_object_attribute(o, 0, CKA_MODULUS_BITS,
-			 &modulus_bits, sizeof(modulus_bits));
-
-    free(modulus);
-	
-    num = _hx509_private_key_get_internal(context, 
-					  _hx509_cert_private_key(cert), 
-					  "rsa-exponent");
-    if (num == NULL)
-	return CKR_GENERAL_ERROR;
-
-    exponent_len = BN_num_bytes(num);
-    exponent = malloc(exponent_len);
-    BN_bn2bin(num, exponent);
-    BN_free(num);
-
-    add_object_attribute(o, 0, CKA_PUBLIC_EXPONENT,
-			 exponent, exponent_len);
-
-    free(exponent);
-
-    return CKR_OK;
-}
-
-
-struct foo {
-    char *label;
-    char *id;
-};
-
-static int
-add_cert(hx509_context hxctx, void *ctx, hx509_cert cert)
-{
-    struct foo *foo = (struct foo *)ctx;
-    struct st_object *o = NULL;
-    CK_OBJECT_CLASS type;
-    CK_BBOOL bool_true = CK_TRUE;
-    CK_BBOOL bool_false = CK_FALSE;
-    CK_CERTIFICATE_TYPE cert_type = CKC_X_509;
-    CK_KEY_TYPE key_type;
-    CK_MECHANISM_TYPE mech_type;
-    CK_RV ret = CKR_GENERAL_ERROR;
-    int hret;
-    heim_octet_string cert_data, subject_data, issuer_data, serial_data;
-
-    st_logf("adding certificate\n");
-
-    serial_data.data = NULL;
-    serial_data.length = 0;
-    cert_data = subject_data = issuer_data = serial_data;
-
-    hret = hx509_cert_binary(hxctx, cert, &cert_data);
-    if (hret)
-	goto out;
-
-    {
-	    hx509_name name;
-
-	    hret = hx509_cert_get_issuer(cert, &name);
-	    if (hret)
-		goto out;
-	    hret = hx509_name_binary(name, &issuer_data);
-	    hx509_name_free(&name);
-	    if (hret)
-		goto out;
-
-	    hret = hx509_cert_get_subject(cert, &name);
-	    if (hret)
-		goto out;
-	    hret = hx509_name_binary(name, &subject_data);
-	    hx509_name_free(&name);
-	    if (hret)
-		goto out;
-    }
-
-    {
-	AlgorithmIdentifier alg;
-
-	hret = hx509_cert_get_SPKI_AlgorithmIdentifier(context, cert, &alg);
-	if (hret) {
-	    ret = CKR_DEVICE_MEMORY;
-	    goto out;
-	}
-
-	key_type = CKK_RSA; /* XXX */
-
-	free_AlgorithmIdentifier(&alg);
-    }
-
-
-    type = CKO_CERTIFICATE;
-    o = add_st_object();
-    if (o == NULL) {
-	ret = CKR_DEVICE_MEMORY;
-	goto out;
-    }
-
-    o->cert = hx509_cert_ref(cert);
-
-    add_object_attribute(o, 0, CKA_CLASS, &type, sizeof(type));
-    add_object_attribute(o, 0, CKA_TOKEN, &bool_true, sizeof(bool_true));
-    add_object_attribute(o, 0, CKA_PRIVATE, &bool_false, sizeof(bool_false));
-    add_object_attribute(o, 0, CKA_MODIFIABLE, &bool_false, sizeof(bool_false));
-    add_object_attribute(o, 0, CKA_LABEL, foo->label, strlen(foo->label));
-
-    add_object_attribute(o, 0, CKA_CERTIFICATE_TYPE, &cert_type, sizeof(cert_type));
-    add_object_attribute(o, 0, CKA_ID, foo->id, strlen(foo->id));
-
-    add_object_attribute(o, 0, CKA_SUBJECT, subject_data.data, subject_data.length);
-    add_object_attribute(o, 0, CKA_ISSUER, issuer_data.data, issuer_data.length);
-    add_object_attribute(o, 0, CKA_SERIAL_NUMBER, serial_data.data, serial_data.length);
-    add_object_attribute(o, 0, CKA_VALUE, cert_data.data, cert_data.length);
-    add_object_attribute(o, 0, CKA_TRUSTED, &bool_false, sizeof(bool_false));
-
-    st_logf("add cert ok: %lx\n", (unsigned long)OBJECT_ID(o));
-
-    type = CKO_PUBLIC_KEY;
-    o = add_st_object();
-    if (o == NULL) {
-	ret = CKR_DEVICE_MEMORY;
-	goto out;
-    }
-    o->cert = hx509_cert_ref(cert);
-
-    add_object_attribute(o, 0, CKA_CLASS, &type, sizeof(type));
-    add_object_attribute(o, 0, CKA_TOKEN, &bool_true, sizeof(bool_true));
-    add_object_attribute(o, 0, CKA_PRIVATE, &bool_false, sizeof(bool_false));
-    add_object_attribute(o, 0, CKA_MODIFIABLE, &bool_false, sizeof(bool_false));
-    add_object_attribute(o, 0, CKA_LABEL, foo->label, strlen(foo->label));
-
-    add_object_attribute(o, 0, CKA_KEY_TYPE, &key_type, sizeof(key_type));
-    add_object_attribute(o, 0, CKA_ID, foo->id, strlen(foo->id));
-    add_object_attribute(o, 0, CKA_START_DATE, "", 1); /* XXX */
-    add_object_attribute(o, 0, CKA_END_DATE, "", 1); /* XXX */
-    add_object_attribute(o, 0, CKA_DERIVE, &bool_false, sizeof(bool_false));
-    add_object_attribute(o, 0, CKA_LOCAL, &bool_false, sizeof(bool_false));
-    mech_type = CKM_RSA_X_509;
-    add_object_attribute(o, 0, CKA_KEY_GEN_MECHANISM, &mech_type, sizeof(mech_type));
-
-    add_object_attribute(o, 0, CKA_SUBJECT, subject_data.data, subject_data.length);
-    add_object_attribute(o, 0, CKA_ENCRYPT, &bool_true, sizeof(bool_true));
-    add_object_attribute(o, 0, CKA_VERIFY, &bool_true, sizeof(bool_true));
-    add_object_attribute(o, 0, CKA_VERIFY_RECOVER, &bool_false, sizeof(bool_false));
-    add_object_attribute(o, 0, CKA_WRAP, &bool_true, sizeof(bool_true));
-    add_object_attribute(o, 0, CKA_TRUSTED, &bool_true, sizeof(bool_true));
-
-    add_pubkey_info(hxctx, o, key_type, cert);
-
-    st_logf("add key ok: %lx\n", (unsigned long)OBJECT_ID(o));
-
-    if (hx509_cert_have_private_key(cert)) {
-	CK_FLAGS flags;
-
-	type = CKO_PRIVATE_KEY;
-	o = add_st_object();
-	if (o == NULL) {
-	    ret = CKR_DEVICE_MEMORY;
-	    goto out;
-	}
-	o->cert = hx509_cert_ref(cert);
-
-	add_object_attribute(o, 0, CKA_CLASS, &type, sizeof(type));
-	add_object_attribute(o, 0, CKA_TOKEN, &bool_true, sizeof(bool_true));
-	add_object_attribute(o, 0, CKA_PRIVATE, &bool_true, sizeof(bool_false));
-	add_object_attribute(o, 0, CKA_MODIFIABLE, &bool_false, sizeof(bool_false));
-	add_object_attribute(o, 0, CKA_LABEL, foo->label, strlen(foo->label));
-
-	add_object_attribute(o, 0, CKA_KEY_TYPE, &key_type, sizeof(key_type));
-	add_object_attribute(o, 0, CKA_ID, foo->id, strlen(foo->id));
-	add_object_attribute(o, 0, CKA_START_DATE, "", 1); /* XXX */
-	add_object_attribute(o, 0, CKA_END_DATE, "", 1); /* XXX */
-	add_object_attribute(o, 0, CKA_DERIVE, &bool_false, sizeof(bool_false));
-	add_object_attribute(o, 0, CKA_LOCAL, &bool_false, sizeof(bool_false));
-	mech_type = CKM_RSA_X_509;
-	add_object_attribute(o, 0, CKA_KEY_GEN_MECHANISM, &mech_type, sizeof(mech_type));
-
-	add_object_attribute(o, 0, CKA_SUBJECT, subject_data.data, subject_data.length);
-	add_object_attribute(o, 0, CKA_SENSITIVE, &bool_true, sizeof(bool_true));
-	add_object_attribute(o, 0, CKA_SECONDARY_AUTH, &bool_false, sizeof(bool_true));
-	flags = 0;
-	add_object_attribute(o, 0, CKA_AUTH_PIN_FLAGS, &flags, sizeof(flags));
-
-	add_object_attribute(o, 0, CKA_DECRYPT, &bool_true, sizeof(bool_true));
-	add_object_attribute(o, 0, CKA_SIGN, &bool_true, sizeof(bool_true));
-	add_object_attribute(o, 0, CKA_SIGN_RECOVER, &bool_false, sizeof(bool_false));
-	add_object_attribute(o, 0, CKA_UNWRAP, &bool_true, sizeof(bool_true));
-	add_object_attribute(o, 0, CKA_EXTRACTABLE, &bool_true, sizeof(bool_true));
-	add_object_attribute(o, 0, CKA_NEVER_EXTRACTABLE, &bool_false, sizeof(bool_false));
-
-	add_pubkey_info(hxctx, o, key_type, cert);
-    }
-
-    ret = CKR_OK;
- out:
-    if (ret != CKR_OK) {
-	st_logf("something went wrong when adding cert!\n");
-
-	/* XXX wack o */;
-    }
-    hx509_xfree(cert_data.data);
-    hx509_xfree(serial_data.data);
-    hx509_xfree(issuer_data.data);
-    hx509_xfree(subject_data.data);
-
-    return 0;
-}
-
-static CK_RV
-add_certificate(const char *cert_file,
-		const char *pin,
-		char *id,
-		char *label)
-{
-    hx509_certs certs;
-    hx509_lock lock = NULL;
-    int ret, flags = 0;
-
-    struct foo foo;
-    foo.id = id;
-    foo.label = label;
-
-    if (pin == NULL)
-	flags |= HX509_CERTS_UNPROTECT_ALL;
-
-    if (pin) {
-	char *str;
-	asprintf(&str, "PASS:%s", pin);
-
-	hx509_lock_init(context, &lock);
-	hx509_lock_command_string(lock, str);
-
-	memset(str, 0, strlen(str));
-	free(str);
-    }
-
-    ret = hx509_certs_init(context, cert_file, flags, lock, &certs);
-    if (ret) {
-	st_logf("failed to open file %s\n", cert_file);
-	return CKR_GENERAL_ERROR;
-    }
-
-    ret = hx509_certs_iter(context, certs, add_cert, &foo);
-    hx509_certs_free(&certs);
-    if (ret) {
-	st_logf("failed adding certs from file %s\n", cert_file);
-	return CKR_GENERAL_ERROR;
-    }
-
-    return CKR_OK;
-}
-
-static void
-find_object_final(struct session_state *state)
-{
-    if (state->find.attributes) {
-	CK_ULONG i;
-
-	for (i = 0; i < state->find.num_attributes; i++) {
-	    if (state->find.attributes[i].pValue)
-		free(state->find.attributes[i].pValue);
-	}
-	free(state->find.attributes);
-	state->find.attributes = NULL;
-	state->find.num_attributes = 0;
-	state->find.next_object = -1;
-    }
-}
-
-static void
-reset_crypto_state(struct session_state *state)
-{
-    state->sign_object = -1;
-    if (state->sign_mechanism)
-	free(state->sign_mechanism);
-    state->sign_mechanism = NULL_PTR;
-    state->verify_object = -1;
-    if (state->verify_mechanism)
-	free(state->verify_mechanism);
-    state->verify_mechanism = NULL_PTR;
-}
-
-static void
-close_session(struct session_state *state)
-{
-    if (state->find.attributes) {
-	application_error("application didn't do C_FindObjectsFinal\n");
-	find_object_final(state);
-    }
-
-    state->session_handle = CK_INVALID_HANDLE;
-    soft_token.application = NULL_PTR;
-    soft_token.notify = NULL_PTR;
-    reset_crypto_state(state);
-}
-
-static const char *
-has_session(void)
-{
-    return soft_token.open_sessions > 0 ? "yes" : "no";
-}
-
-static CK_RV
-read_conf_file(const char *fn, CK_USER_TYPE userType, const char *pin)
-{
-    char buf[1024], *type, *s, *p;
-    int anchor;
-    FILE *f;
-    CK_RV ret = CKR_OK;
-    CK_RV failed = CKR_OK;
-
-    f = fopen(fn, "r");
-    if (f == NULL) {
-	st_logf("can't open configuration file %s\n", fn);
-	return CKR_GENERAL_ERROR;
-    }
-
-    while(fgets(buf, sizeof(buf), f) != NULL) {
-	buf[strcspn(buf, "\n")] = '\0';
-
-	anchor = 0;
-
-	st_logf("line: %s\n", buf);
-
-	p = buf;
-	while (isspace(*p))
-	    p++;
-	if (*p == '#')
-	    continue;
-	while (isspace(*p))
-	    p++;
-
-	s = NULL;
-	type = strtok_r(p, "\t", &s);
-	if (type == NULL)
-	    continue;
-	
-	if (strcasecmp("certificate", type) == 0) {
-	    char *cert, *id, *label;
-	    
-	    id = strtok_r(NULL, "\t", &s);
-	    if (id == NULL) {
-		st_logf("no id\n");
-		continue;
-	    }
-	    st_logf("id: %s\n", id);
-	    label = strtok_r(NULL, "\t", &s);
-	    if (label == NULL) {
-		st_logf("no label\n");
-		continue;
-	    }
-	    cert = strtok_r(NULL, "\t", &s);
-	    if (cert == NULL) {
-		st_logf("no certfiicate store\n");
-		continue;
-	    }
-	    
-	    st_logf("adding: %s: %s in file %s\n", id, label, cert);
-	    
-	    ret = add_certificate(cert, pin, id, label);
-	    if (ret)
-		failed = ret;
-	} else if (strcasecmp("debug", type) == 0) {
-	    char *name;
-
-	    name = strtok_r(NULL, "\t", &s);
-	    if (name == NULL) {
-		st_logf("no filename\n");
-		continue;
-	    }
-
-	    if (soft_token.logfile)
-		fclose(soft_token.logfile);
-
-	    if (strcasecmp(name, "stdout") == 0)
-		soft_token.logfile = stdout;
-	    else
-		soft_token.logfile = fopen(name, "a");
-	    if (soft_token.logfile == NULL)
-		st_logf("failed to open file: %s\n", name);
-		
-	} else if (strcasecmp("app-fatal", type) == 0) {
-	    char *name;
-
-	    name = strtok_r(NULL, "\t", &s);
-	    if (name == NULL) {
-		st_logf("argument to app-fatal\n");
-		continue;
-	    }
-
-	    if (strcmp(name, "true") == 0 || strcmp(name, "on") == 0)
-		soft_token.flags.app_error_fatal = 1;
-	    else if (strcmp(name, "false") == 0 || strcmp(name, "off") == 0)
-		soft_token.flags.app_error_fatal = 0;
-	    else
-		st_logf("unknown app-fatal: %s\n", name);
-
-	} else {
-	    st_logf("unknown type: %s\n", type);
-	}
-    }
-
-    fclose(f);
-
-    return failed;
-}
-
-static CK_RV
-func_not_supported(void)
-{
-    st_logf("function not supported\n");
-    return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-C_Initialize(CK_VOID_PTR a)
-{
-    CK_C_INITIALIZE_ARGS_PTR args = a;
-    CK_RV ret;
-    int i;
-
-    st_logf("Initialize\n");
-
-    INIT_CONTEXT();
-
-    OpenSSL_add_all_algorithms();
-
-    srandom(getpid() ^ time(NULL));
-
-    for (i = 0; i < MAX_NUM_SESSION; i++) {
-	soft_token.state[i].session_handle = CK_INVALID_HANDLE;
-	soft_token.state[i].find.attributes = NULL;
-	soft_token.state[i].find.num_attributes = 0;
-	soft_token.state[i].find.next_object = -1;
-	reset_crypto_state(&soft_token.state[i]);
-    }
-
-    soft_token.flags.hardware_slot = 1;
-    soft_token.flags.app_error_fatal = 0;
-    soft_token.flags.login_done = 0;
-
-    soft_token.object.objs = NULL;
-    soft_token.object.num_objs = 0;
-    
-    soft_token.logfile = NULL;
-#if 0
-    soft_token.logfile = stdout;
-#endif
-#if 0
-    soft_token.logfile = fopen("/tmp/log-pkcs11.txt", "a");
-#endif
-
-    if (a != NULL_PTR) {
-	st_logf("\tCreateMutex:\t%p\n", args->CreateMutex);
-	st_logf("\tDestroyMutext\t%p\n", args->DestroyMutex);
-	st_logf("\tLockMutext\t%p\n", args->LockMutex);
-	st_logf("\tUnlockMutext\t%p\n", args->UnlockMutex);
-	st_logf("\tFlags\t%04x\n", (unsigned int)args->flags);
-    }
-
-    {
-	char *fn = NULL, *home = NULL;
-
-	if (getuid() == geteuid()) {
-	    fn = getenv("SOFTPKCS11RC");
-	    if (fn)
-		fn = strdup(fn);
-	    home = getenv("HOME");
-	}
-	if (fn == NULL && home == NULL) {
-	    struct passwd *pw = getpwuid(getuid());	
-	    if(pw != NULL)
-		home = pw->pw_dir;
-	}
-	if (fn == NULL) {
-	    if (home)
-		asprintf(&fn, "%s/.soft-token.rc", home);
-	    else
-		fn = strdup("/etc/soft-token.rc");
-	}
-
-	soft_token.config_file = fn;
-    }
-
-    /*
-     * This operations doesn't return CKR_OK if any of the
-     * certificates failes to be unparsed (ie password protected).
-     */
-    ret = read_conf_file(soft_token.config_file, CKU_USER, NULL);
-    if (ret == CKR_OK)
-	soft_token.flags.login_done = 1;
-
-    return CKR_OK;
-}
-
-CK_RV
-C_Finalize(CK_VOID_PTR args)
-{
-    int i;
-
-    INIT_CONTEXT();
-
-    st_logf("Finalize\n");
-
-    for (i = 0; i < MAX_NUM_SESSION; i++) {
-	if (soft_token.state[i].session_handle != CK_INVALID_HANDLE) {
-	    application_error("application finalized without "
-			      "closing session\n");
-	    close_session(&soft_token.state[i]);
-	}
-    }
-
-    return CKR_OK;
-}
-
-CK_RV
-C_GetInfo(CK_INFO_PTR args)
-{
-    INIT_CONTEXT();
-
-    st_logf("GetInfo\n");
-
-    memset(args, 17, sizeof(*args));
-    args->cryptokiVersion.major = 2;
-    args->cryptokiVersion.minor = 10;
-    snprintf_fill((char *)args->manufacturerID, 
-		  sizeof(args->manufacturerID),
-		  ' ',
-		  "Heimdal hx509 SoftToken");
-    snprintf_fill((char *)args->libraryDescription, 
-		  sizeof(args->libraryDescription), ' ',
-		  "Heimdal hx509 SoftToken");
-    args->libraryVersion.major = 2;
-    args->libraryVersion.minor = 0;
-
-    return CKR_OK;
-}
-
-extern CK_FUNCTION_LIST funcs;
-
-CK_RV
-C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList)
-{
-    INIT_CONTEXT();
-
-    *ppFunctionList = &funcs;
-    return CKR_OK;
-}
-
-CK_RV
-C_GetSlotList(CK_BBOOL tokenPresent,
-	      CK_SLOT_ID_PTR pSlotList,
-	      CK_ULONG_PTR   pulCount)
-{
-    INIT_CONTEXT();
-    st_logf("GetSlotList: %s\n",
-	    tokenPresent ? "tokenPresent" : "token not Present");
-    if (pSlotList)
-	pSlotList[0] = 1;
-    *pulCount = 1;
-    return CKR_OK;
-}
-
-CK_RV
-C_GetSlotInfo(CK_SLOT_ID slotID,
-	      CK_SLOT_INFO_PTR pInfo)
-{
-    INIT_CONTEXT();
-    st_logf("GetSlotInfo: slot: %d : %s\n", (int)slotID, has_session());
-
-    memset(pInfo, 18, sizeof(*pInfo));
-
-    if (slotID != 1)
-	return CKR_ARGUMENTS_BAD;
-
-    snprintf_fill((char *)pInfo->slotDescription, 
-		  sizeof(pInfo->slotDescription),
-		  ' ',
-		  "Heimdal hx509 SoftToken (slot)");
-    snprintf_fill((char *)pInfo->manufacturerID,
-		  sizeof(pInfo->manufacturerID),
-		  ' ',
-		  "Heimdal hx509 SoftToken (slot)");
-    pInfo->flags = CKF_TOKEN_PRESENT;
-    if (soft_token.flags.hardware_slot)
-	pInfo->flags |= CKF_HW_SLOT;
-    pInfo->hardwareVersion.major = 1;
-    pInfo->hardwareVersion.minor = 0;
-    pInfo->firmwareVersion.major = 1;
-    pInfo->firmwareVersion.minor = 0;
-    
-    return CKR_OK;
-}
-
-CK_RV
-C_GetTokenInfo(CK_SLOT_ID slotID,
-	       CK_TOKEN_INFO_PTR pInfo)
-{
-    INIT_CONTEXT();
-    st_logf("GetTokenInfo: %s\n", has_session()); 
-
-    memset(pInfo, 19, sizeof(*pInfo));
-
-    snprintf_fill((char *)pInfo->label, 
-		  sizeof(pInfo->label),
-		  ' ',
-		  "Heimdal hx509 SoftToken (token)");
-    snprintf_fill((char *)pInfo->manufacturerID, 
-		  sizeof(pInfo->manufacturerID),
-		  ' ',
-		  "Heimdal hx509 SoftToken (token)");
-    snprintf_fill((char *)pInfo->model,
-		  sizeof(pInfo->model),
-		  ' ',
-		  "Heimdal hx509 SoftToken (token)");
-    snprintf_fill((char *)pInfo->serialNumber, 
-		  sizeof(pInfo->serialNumber),
-		  ' ',
-		  "4711");
-    pInfo->flags = 
-	CKF_TOKEN_INITIALIZED | 
-	CKF_USER_PIN_INITIALIZED;
-
-    if (soft_token.flags.login_done == 0)
-	pInfo->flags |= CKF_LOGIN_REQUIRED;
-
-    /* CFK_RNG |
-       CKF_RESTORE_KEY_NOT_NEEDED |
-    */
-    pInfo->ulMaxSessionCount = MAX_NUM_SESSION;
-    pInfo->ulSessionCount = soft_token.open_sessions;
-    pInfo->ulMaxRwSessionCount = MAX_NUM_SESSION;
-    pInfo->ulRwSessionCount = soft_token.open_sessions;
-    pInfo->ulMaxPinLen = 1024;
-    pInfo->ulMinPinLen = 0;
-    pInfo->ulTotalPublicMemory = 4711;
-    pInfo->ulFreePublicMemory = 4712;
-    pInfo->ulTotalPrivateMemory = 4713;
-    pInfo->ulFreePrivateMemory = 4714;
-    pInfo->hardwareVersion.major = 2;
-    pInfo->hardwareVersion.minor = 0;
-    pInfo->firmwareVersion.major = 2;
-    pInfo->firmwareVersion.minor = 0;
-
-    return CKR_OK;
-}
-
-CK_RV
-C_GetMechanismList(CK_SLOT_ID slotID,
-		   CK_MECHANISM_TYPE_PTR pMechanismList,
-		   CK_ULONG_PTR pulCount)
-{
-    INIT_CONTEXT();
-    st_logf("GetMechanismList\n");
-
-    *pulCount = 1;
-    if (pMechanismList == NULL_PTR)
-	return CKR_OK;
-    pMechanismList[1] = CKM_RSA_PKCS;
-
-    return CKR_OK;
-}
-
-CK_RV
-C_GetMechanismInfo(CK_SLOT_ID slotID,
-		   CK_MECHANISM_TYPE type,
-		   CK_MECHANISM_INFO_PTR pInfo)
-{
-    INIT_CONTEXT();
-    st_logf("GetMechanismInfo: slot %d type: %d\n",
-	    (int)slotID, (int)type);
-    memset(pInfo, 0, sizeof(*pInfo));
-
-    return CKR_OK;
-}
-
-CK_RV
-C_InitToken(CK_SLOT_ID slotID,
-	    CK_UTF8CHAR_PTR pPin,
-	    CK_ULONG ulPinLen,
-	    CK_UTF8CHAR_PTR pLabel)
-{
-    INIT_CONTEXT();
-    st_logf("InitToken: slot %d\n", (int)slotID);
-    return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-C_OpenSession(CK_SLOT_ID slotID,
-	      CK_FLAGS flags,
-	      CK_VOID_PTR pApplication,
-	      CK_NOTIFY Notify,
-	      CK_SESSION_HANDLE_PTR phSession)
-{
-    int i;
-    INIT_CONTEXT();
-    st_logf("OpenSession: slot: %d\n", (int)slotID);
-    
-    if (soft_token.open_sessions == MAX_NUM_SESSION)
-	return CKR_SESSION_COUNT;
-
-    soft_token.application = pApplication;
-    soft_token.notify = Notify;
-
-    for (i = 0; i < MAX_NUM_SESSION; i++)
-	if (soft_token.state[i].session_handle == CK_INVALID_HANDLE)
-	    break;
-    if (i == MAX_NUM_SESSION)
-	abort();
-
-    soft_token.open_sessions++;
-
-    soft_token.state[i].session_handle =
-	(CK_SESSION_HANDLE)(random() & 0xfffff);
-    *phSession = soft_token.state[i].session_handle;
-
-    return CKR_OK;
-}
-
-CK_RV
-C_CloseSession(CK_SESSION_HANDLE hSession)
-{
-    struct session_state *state;
-    INIT_CONTEXT();
-    st_logf("CloseSession\n");
-
-    if (verify_session_handle(hSession, &state) != CKR_OK)
-	application_error("closed session not open");
-    else
-	close_session(state);
-
-    return CKR_OK;
-}
-
-CK_RV
-C_CloseAllSessions(CK_SLOT_ID slotID)
-{
-    int i;
-    INIT_CONTEXT();
-
-    st_logf("CloseAllSessions\n");
-
-    for (i = 0; i < MAX_NUM_SESSION; i++)
-	if (soft_token.state[i].session_handle != CK_INVALID_HANDLE)
-	    close_session(&soft_token.state[i]);
-
-    return CKR_OK;
-}
-
-CK_RV
-C_GetSessionInfo(CK_SESSION_HANDLE hSession,
-		 CK_SESSION_INFO_PTR pInfo)
-{
-    st_logf("GetSessionInfo\n");
-    INIT_CONTEXT();
-    
-    VERIFY_SESSION_HANDLE(hSession, NULL);
-
-    memset(pInfo, 20, sizeof(*pInfo));
-
-    pInfo->slotID = 1;
-    if (soft_token.flags.login_done)
-	pInfo->state = CKS_RO_USER_FUNCTIONS;
-    else
-	pInfo->state = CKS_RO_PUBLIC_SESSION;
-    pInfo->flags = CKF_SERIAL_SESSION;
-    pInfo->ulDeviceError = 0;
-
-    return CKR_OK;
-}
-
-CK_RV
-C_Login(CK_SESSION_HANDLE hSession,
-	CK_USER_TYPE userType,
-	CK_UTF8CHAR_PTR pPin,
-	CK_ULONG ulPinLen)
-{
-    char *pin = NULL;
-    CK_RV ret;
-    INIT_CONTEXT();
-
-    st_logf("Login\n");
-
-    VERIFY_SESSION_HANDLE(hSession, NULL);
-
-    if (pPin != NULL_PTR) {
-	asprintf(&pin, "%.*s", (int)ulPinLen, pPin);
-	st_logf("type: %d password: %s\n", (int)userType, pin);
-    }
-
-    /*
-     * Login
-     */
-
-    ret = read_conf_file(soft_token.config_file, userType, pin);
-    if (ret == CKR_OK)
-	soft_token.flags.login_done = 1;
-
-    free(pin);
-    
-    return soft_token.flags.login_done ? CKR_OK : CKR_PIN_INCORRECT;
-}
-
-CK_RV
-C_Logout(CK_SESSION_HANDLE hSession)
-{
-    st_logf("Logout\n");
-    INIT_CONTEXT();
-
-    VERIFY_SESSION_HANDLE(hSession, NULL);
-    return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-C_GetObjectSize(CK_SESSION_HANDLE hSession,
-		CK_OBJECT_HANDLE hObject,
-		CK_ULONG_PTR pulSize)
-{
-    st_logf("GetObjectSize\n");
-    INIT_CONTEXT();
-
-    VERIFY_SESSION_HANDLE(hSession, NULL);
-    return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-C_GetAttributeValue(CK_SESSION_HANDLE hSession,
-		    CK_OBJECT_HANDLE hObject,
-		    CK_ATTRIBUTE_PTR pTemplate,
-		    CK_ULONG ulCount)
-{
-    struct session_state *state;
-    struct st_object *obj;
-    CK_ULONG i;
-    CK_RV ret;
-    int j;
-
-    INIT_CONTEXT();
-
-    st_logf("GetAttributeValue: %lx\n",
-	    (unsigned long)HANDLE_OBJECT_ID(hObject));
-    VERIFY_SESSION_HANDLE(hSession, &state);
-
-    if ((ret = object_handle_to_object(hObject, &obj)) != CKR_OK) {
-	st_logf("object not found: %lx\n",
-		(unsigned long)HANDLE_OBJECT_ID(hObject));
-	return ret;
-    }
-
-    for (i = 0; i < ulCount; i++) {
-	st_logf("	getting 0x%08lx\n", (unsigned long)pTemplate[i].type);
-	for (j = 0; j < obj->num_attributes; j++) {
-	    if (obj->attrs[j].secret) {
-		pTemplate[i].ulValueLen = (CK_ULONG)-1;
-		break;
-	    }
-	    if (pTemplate[i].type == obj->attrs[j].attribute.type) {
-		if (pTemplate[i].pValue != NULL_PTR && obj->attrs[j].secret == 0) {
-		    if (pTemplate[i].ulValueLen >= obj->attrs[j].attribute.ulValueLen)
-			memcpy(pTemplate[i].pValue, obj->attrs[j].attribute.pValue,
-			       obj->attrs[j].attribute.ulValueLen);
-		}
-		pTemplate[i].ulValueLen = obj->attrs[j].attribute.ulValueLen;
-		break;
-	    }
-	}
-	if (j == obj->num_attributes) {
-	    st_logf("key type: 0x%08lx not found\n", (unsigned long)pTemplate[i].type);
-	    pTemplate[i].ulValueLen = (CK_ULONG)-1;
-	}
-
-    }
-    return CKR_OK;
-}
-
-CK_RV
-C_FindObjectsInit(CK_SESSION_HANDLE hSession,
-		  CK_ATTRIBUTE_PTR pTemplate,
-		  CK_ULONG ulCount)
-{
-    struct session_state *state;
-
-    st_logf("FindObjectsInit\n");
-
-    INIT_CONTEXT();
-
-    VERIFY_SESSION_HANDLE(hSession, &state);
-
-    if (state->find.next_object != -1) {
-	application_error("application didn't do C_FindObjectsFinal\n");
-	find_object_final(state);
-    }
-    if (ulCount) {
-	CK_ULONG i;
-
-	print_attributes(pTemplate, ulCount);
-
-	state->find.attributes = 
-	    calloc(1, ulCount * sizeof(state->find.attributes[0]));
-	if (state->find.attributes == NULL)
-	    return CKR_DEVICE_MEMORY;
-	for (i = 0; i < ulCount; i++) {
-	    state->find.attributes[i].pValue = 
-		malloc(pTemplate[i].ulValueLen);
-	    if (state->find.attributes[i].pValue == NULL) {
-		find_object_final(state);
-		return CKR_DEVICE_MEMORY;
-	    }
-	    memcpy(state->find.attributes[i].pValue,
-		   pTemplate[i].pValue, pTemplate[i].ulValueLen);
-	    state->find.attributes[i].type = pTemplate[i].type;
-	    state->find.attributes[i].ulValueLen = pTemplate[i].ulValueLen;
-	}
-	state->find.num_attributes = ulCount;
-	state->find.next_object = 0;
-    } else {
-	st_logf("find all objects\n");
-	state->find.attributes = NULL;
-	state->find.num_attributes = 0;
-	state->find.next_object = 0;
-    }
-
-    return CKR_OK;
-}
-
-CK_RV
-C_FindObjects(CK_SESSION_HANDLE hSession,
-	      CK_OBJECT_HANDLE_PTR phObject,
-	      CK_ULONG ulMaxObjectCount,
-	      CK_ULONG_PTR pulObjectCount)
-{
-    struct session_state *state;
-    int i;
-
-    INIT_CONTEXT();
-
-    st_logf("FindObjects\n");
-
-    VERIFY_SESSION_HANDLE(hSession, &state);
-
-    if (state->find.next_object == -1) {
-	application_error("application didn't do C_FindObjectsInit\n");
-	return CKR_ARGUMENTS_BAD;
-    }
-    if (ulMaxObjectCount == 0) {
-	application_error("application asked for 0 objects\n");
-	return CKR_ARGUMENTS_BAD;
-    }
-    *pulObjectCount = 0;
-    for (i = state->find.next_object; i < soft_token.object.num_objs; i++) {
-	st_logf("FindObjects: %d\n", i);
-	state->find.next_object = i + 1;
-	if (attributes_match(soft_token.object.objs[i],
-			     state->find.attributes,
-			     state->find.num_attributes)) {
-	    *phObject++ = soft_token.object.objs[i]->object_handle;
-	    ulMaxObjectCount--;
-	    (*pulObjectCount)++;
-	    if (ulMaxObjectCount == 0)
-		break;
-	}
-    }
-    return CKR_OK;
-}
-
-CK_RV
-C_FindObjectsFinal(CK_SESSION_HANDLE hSession)
-{
-    struct session_state *state;
-
-    INIT_CONTEXT();
-
-    st_logf("FindObjectsFinal\n");
-    VERIFY_SESSION_HANDLE(hSession, &state);
-    find_object_final(state);
-    return CKR_OK;
-}
-
-static CK_RV
-commonInit(CK_ATTRIBUTE *attr_match, int attr_match_len,
-	   const CK_MECHANISM_TYPE *mechs, int mechs_len,
-	   const CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey,
-	   struct st_object **o)
-{
-    CK_RV ret;
-    int i;
-
-    *o = NULL;
-    if ((ret = object_handle_to_object(hKey, o)) != CKR_OK)
-	return ret;
-
-    ret = attributes_match(*o, attr_match, attr_match_len);
-    if (!ret) {
-	application_error("called commonInit on key that doesn't "
-			  "support required attr");
-	return CKR_ARGUMENTS_BAD;
-    }
-
-    for (i = 0; i < mechs_len; i++)
-	if (mechs[i] == pMechanism->mechanism)
-	    break;
-    if (i == mechs_len) {
-	application_error("called mech (%08lx) not supported\n",
-			  pMechanism->mechanism);
-	return CKR_ARGUMENTS_BAD;
-    }
-    return CKR_OK;
-}
-
-
-static CK_RV
-dup_mechanism(CK_MECHANISM_PTR *dup, const CK_MECHANISM_PTR pMechanism)
-{
-    CK_MECHANISM_PTR p;
-
-    p = malloc(sizeof(*p));
-    if (p == NULL)
-	return CKR_DEVICE_MEMORY;
-
-    if (*dup)
-	free(*dup);
-    *dup = p;
-    memcpy(p, pMechanism, sizeof(*p));
-
-    return CKR_OK;
-}
-
-CK_RV
-C_DigestInit(CK_SESSION_HANDLE hSession,
-	     CK_MECHANISM_PTR pMechanism)
-{
-    st_logf("DigestInit\n");
-    INIT_CONTEXT();
-    VERIFY_SESSION_HANDLE(hSession, NULL);
-    return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-C_SignInit(CK_SESSION_HANDLE hSession,
-	   CK_MECHANISM_PTR pMechanism,
-	   CK_OBJECT_HANDLE hKey)
-{
-    struct session_state *state;
-    CK_MECHANISM_TYPE mechs[] = { CKM_RSA_PKCS };
-    CK_BBOOL bool_true = CK_TRUE;
-    CK_ATTRIBUTE attr[] = {
-	{ CKA_SIGN, &bool_true, sizeof(bool_true) }
-    };
-    struct st_object *o;
-    CK_RV ret;
-
-    INIT_CONTEXT();
-    st_logf("SignInit\n");
-    VERIFY_SESSION_HANDLE(hSession, &state);
-    
-    ret = commonInit(attr, sizeof(attr)/sizeof(attr[0]), 
-		     mechs, sizeof(mechs)/sizeof(mechs[0]),
-		     pMechanism, hKey, &o);
-    if (ret)
-	return ret;
-
-    ret = dup_mechanism(&state->sign_mechanism, pMechanism);
-    if (ret == CKR_OK) 
-	state->sign_object = OBJECT_ID(o);
-
-    return CKR_OK;
-}
-
-CK_RV
-C_Sign(CK_SESSION_HANDLE hSession,
-       CK_BYTE_PTR pData,
-       CK_ULONG ulDataLen,
-       CK_BYTE_PTR pSignature,
-       CK_ULONG_PTR pulSignatureLen)
-{
-    struct session_state *state;
-    struct st_object *o;
-    CK_RV ret;
-    uint hret;
-    const AlgorithmIdentifier *alg;
-    heim_octet_string sig, data;
-
-    INIT_CONTEXT();
-    st_logf("Sign\n");
-    VERIFY_SESSION_HANDLE(hSession, &state);
-
-    sig.data = NULL;
-    sig.length = 0;
-
-    if (state->sign_object == -1)
-	return CKR_ARGUMENTS_BAD;
-
-    if (pulSignatureLen == NULL) {
-	st_logf("signature len NULL\n");
-	ret = CKR_ARGUMENTS_BAD;
-	goto out;
-    }
-
-    if (pData == NULL_PTR) {
-	st_logf("data NULL\n");
-	ret = CKR_ARGUMENTS_BAD;
-	goto out;
-    }
-
-    o = soft_token.object.objs[state->sign_object];
-
-    if (hx509_cert_have_private_key(o->cert) == 0) {
-	st_logf("private key NULL\n");
-	return CKR_ARGUMENTS_BAD;
-    }
-
-    switch(state->sign_mechanism->mechanism) {
-    case CKM_RSA_PKCS:
-	alg = hx509_signature_rsa_pkcs1_x509();
-	break;
-    default:
-	ret = CKR_FUNCTION_NOT_SUPPORTED;
-	goto out;
-    }
-    
-    data.data = pData;
-    data.length = ulDataLen;
-
-    hret = _hx509_create_signature(context,
-				   _hx509_cert_private_key(o->cert),
-				   alg,
-				   &data,
-				   NULL,
-				   &sig);
-    if (hret) {
-	ret = CKR_DEVICE_ERROR;
-	goto out;
-    }
-    *pulSignatureLen = sig.length;
-
-    if (pSignature != NULL_PTR)
-	memcpy(pSignature, sig.data, sig.length);
-
-    ret = CKR_OK;
- out:
-    if (sig.data) {
-	memset(sig.data, 0, sig.length);
-	der_free_octet_string(&sig);
-    }
-    return ret;
-}
-
-CK_RV
-C_SignUpdate(CK_SESSION_HANDLE hSession,
-	     CK_BYTE_PTR pPart,
-	     CK_ULONG ulPartLen)
-{
-    INIT_CONTEXT();
-    st_logf("SignUpdate\n");
-    VERIFY_SESSION_HANDLE(hSession, NULL);
-    return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-
-CK_RV
-C_SignFinal(CK_SESSION_HANDLE hSession,
-	    CK_BYTE_PTR pSignature,
-	    CK_ULONG_PTR pulSignatureLen)
-{
-    INIT_CONTEXT();
-    st_logf("SignUpdate\n");
-    VERIFY_SESSION_HANDLE(hSession, NULL);
-    return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-C_VerifyInit(CK_SESSION_HANDLE hSession,
-	     CK_MECHANISM_PTR pMechanism,
-	     CK_OBJECT_HANDLE hKey)
-{
-    struct session_state *state;
-    CK_MECHANISM_TYPE mechs[] = { CKM_RSA_PKCS };
-    CK_BBOOL bool_true = CK_TRUE;
-    CK_ATTRIBUTE attr[] = {
-	{ CKA_VERIFY, &bool_true, sizeof(bool_true) }
-    };
-    struct st_object *o;
-    CK_RV ret;
-
-    INIT_CONTEXT();
-    st_logf("VerifyInit\n");
-    VERIFY_SESSION_HANDLE(hSession, &state);
-    
-    ret = commonInit(attr, sizeof(attr)/sizeof(attr[0]), 
-		     mechs, sizeof(mechs)/sizeof(mechs[0]),
-		     pMechanism, hKey, &o);
-    if (ret)
-	return ret;
-
-    ret = dup_mechanism(&state->verify_mechanism, pMechanism);
-    if (ret == CKR_OK) 
-	state->verify_object = OBJECT_ID(o);
-			
-    return ret;
-}
-
-CK_RV
-C_Verify(CK_SESSION_HANDLE hSession,
-	 CK_BYTE_PTR pData,
-	 CK_ULONG ulDataLen,
-	 CK_BYTE_PTR pSignature,
-	 CK_ULONG ulSignatureLen)
-{
-    struct session_state *state;
-    struct st_object *o;
-    const AlgorithmIdentifier *alg;
-    CK_RV ret;
-    int hret;
-    heim_octet_string data, sig;
-
-    INIT_CONTEXT();
-    st_logf("Verify\n");
-    VERIFY_SESSION_HANDLE(hSession, &state);
-
-    if (state->verify_object == -1)
-	return CKR_ARGUMENTS_BAD;
-
-    o = soft_token.object.objs[state->verify_object];
-
-    switch(state->verify_mechanism->mechanism) {
-    case CKM_RSA_PKCS:
-	alg = hx509_signature_rsa_pkcs1_x509();
-	break;
-    default:
-	ret = CKR_FUNCTION_NOT_SUPPORTED;
-	goto out;
-    }
-
-    sig.data = pData;
-    sig.length = ulDataLen;
-    data.data = pSignature;
-    data.length = ulSignatureLen;
-
-    hret = _hx509_verify_signature(context,
-				   _hx509_get_cert(o->cert),
-				   alg,
-				   &data,
-				   &sig);
-    if (hret) {
-	ret = CKR_GENERAL_ERROR;
-	goto out;
-    }
-    ret = CKR_OK;
-
- out:
-    return ret;
-}
-
-
-CK_RV
-C_VerifyUpdate(CK_SESSION_HANDLE hSession,
-	       CK_BYTE_PTR pPart,
-	       CK_ULONG ulPartLen)
-{
-    INIT_CONTEXT();
-    st_logf("VerifyUpdate\n");
-    VERIFY_SESSION_HANDLE(hSession, NULL);
-    return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-C_VerifyFinal(CK_SESSION_HANDLE hSession,
-	      CK_BYTE_PTR pSignature,
-	      CK_ULONG ulSignatureLen)
-{
-    INIT_CONTEXT();
-    st_logf("VerifyFinal\n");
-    VERIFY_SESSION_HANDLE(hSession, NULL);
-    return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-C_GenerateRandom(CK_SESSION_HANDLE hSession,
-		 CK_BYTE_PTR RandomData,
-		 CK_ULONG ulRandomLen)
-{
-    INIT_CONTEXT();
-    st_logf("GenerateRandom\n");
-    VERIFY_SESSION_HANDLE(hSession, NULL);
-    return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-
-CK_FUNCTION_LIST funcs = {
-    { 2, 11 },
-    C_Initialize,
-    C_Finalize,
-    C_GetInfo,
-    C_GetFunctionList,
-    C_GetSlotList,
-    C_GetSlotInfo,
-    C_GetTokenInfo,
-    C_GetMechanismList,
-    C_GetMechanismInfo,
-    C_InitToken,
-    (void *)func_not_supported, /* C_InitPIN */
-    (void *)func_not_supported, /* C_SetPIN */
-    C_OpenSession,
-    C_CloseSession,
-    C_CloseAllSessions,
-    C_GetSessionInfo,
-    (void *)func_not_supported, /* C_GetOperationState */
-    (void *)func_not_supported, /* C_SetOperationState */
-    C_Login,
-    C_Logout,
-    (void *)func_not_supported, /* C_CreateObject */
-    (void *)func_not_supported, /* C_CopyObject */
-    (void *)func_not_supported, /* C_DestroyObject */
-    (void *)func_not_supported, /* C_GetObjectSize */
-    C_GetAttributeValue,
-    (void *)func_not_supported, /* C_SetAttributeValue */
-    C_FindObjectsInit,
-    C_FindObjects,
-    C_FindObjectsFinal,
-    (void *)func_not_supported, /* C_EncryptInit, */
-    (void *)func_not_supported, /* C_Encrypt, */
-    (void *)func_not_supported, /* C_EncryptUpdate, */
-    (void *)func_not_supported, /* C_EncryptFinal, */
-    (void *)func_not_supported, /* C_DecryptInit, */
-    (void *)func_not_supported, /* C_Decrypt, */
-    (void *)func_not_supported, /* C_DecryptUpdate, */
-    (void *)func_not_supported, /* C_DecryptFinal, */
-    C_DigestInit,
-    (void *)func_not_supported, /* C_Digest */
-    (void *)func_not_supported, /* C_DigestUpdate */
-    (void *)func_not_supported, /* C_DigestKey */
-    (void *)func_not_supported, /* C_DigestFinal */
-    C_SignInit,
-    C_Sign,
-    C_SignUpdate,
-    C_SignFinal,
-    (void *)func_not_supported, /* C_SignRecoverInit */
-    (void *)func_not_supported, /* C_SignRecover */
-    C_VerifyInit,
-    C_Verify,
-    C_VerifyUpdate,
-    C_VerifyFinal,
-    (void *)func_not_supported, /* C_VerifyRecoverInit */
-    (void *)func_not_supported, /* C_VerifyRecover */
-    (void *)func_not_supported, /* C_DigestEncryptUpdate */
-    (void *)func_not_supported, /* C_DecryptDigestUpdate */
-    (void *)func_not_supported, /* C_SignEncryptUpdate */
-    (void *)func_not_supported, /* C_DecryptVerifyUpdate */
-    (void *)func_not_supported, /* C_GenerateKey */
-    (void *)func_not_supported, /* C_GenerateKeyPair */
-    (void *)func_not_supported, /* C_WrapKey */
-    (void *)func_not_supported, /* C_UnwrapKey */
-    (void *)func_not_supported, /* C_DeriveKey */
-    (void *)func_not_supported, /* C_SeedRandom */
-    C_GenerateRandom,
-    (void *)func_not_supported, /* C_GetFunctionStatus */
-    (void *)func_not_supported, /* C_CancelFunction */
-    (void *)func_not_supported  /* C_WaitForSlotEvent */
-};
diff --git a/crypto/heimdal/lib/hx509/test_ca.in b/crypto/heimdal/lib/hx509/test_ca.in
deleted file mode 100644
index 5cc124d3bc7b..000000000000
--- a/crypto/heimdal/lib/hx509/test_ca.in
+++ /dev/null
@@ -1,424 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2006 - 2007 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: test_ca.in 21345 2007-06-26 14:22:57Z lha $
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-
-stat="--statistic-file=${objdir}/statfile"
-
-hxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}"
-
-if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
-    exit 77
-fi
-if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
-    exit 77
-fi
-
-echo "create certificate request"
-${hxtool} request-create \
-	 --subject="CN=Love,DC=it,DC=su,DC=se" \
-	 --key=FILE:$srcdir/data/key.der \
-	 pkcs10-request.der || exit 1
-
-echo "issue certificate"
-${hxtool} issue-certificate \
-	  --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
-	  --subject="cn=foo" \
-	  --req="PKCS10:pkcs10-request.der" \
-	  --certificate="FILE:cert-ee.pem" || exit 1
-
-echo "verify certificate"
-${hxtool} verify --missing-revoke \
-	cert:FILE:cert-ee.pem \
-	anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
-
-echo "issue crl (no cert)"
-${hxtool} crl-sign \
-	--crl-file=crl.crl \
-	--signer=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key || exit 1
-
-echo "verify certificate (with CRL)"
-${hxtool} verify \
-	cert:FILE:cert-ee.pem \
-	crl:FILE:crl.crl \
-	anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
-
-echo "issue crl (with cert)"
-${hxtool} crl-sign \
-	--crl-file=crl.crl \
-	--signer=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
-	FILE:cert-ee.pem || exit 1
-
-echo "verify certificate (included in CRL)"
-${hxtool} verify \
-	cert:FILE:cert-ee.pem \
-	crl:FILE:crl.crl \
-	anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
-
-echo "issue crl (with cert)"
-${hxtool} crl-sign \
-	--crl-file=crl.crl \
-	--lifetime='1 month' \
-	--signer=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
-	FILE:cert-ee.pem || exit 1
-
-echo "verify certificate (included in CRL, and lifetime 1 month)"
-${hxtool} verify \
-	cert:FILE:cert-ee.pem \
-	crl:FILE:crl.crl \
-	anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
-
-echo "issue certificate (10years 1 month)"
-${hxtool} issue-certificate \
-	  --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
-	  --subject="cn=foo" \
-          --lifetime="10years 1 month" \
-	  --req="PKCS10:pkcs10-request.der" \
-	  --certificate="FILE:cert-ee.pem" || exit 1
-
-echo "issue certificate (with https ekus)"
-${hxtool} issue-certificate \
-	  --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
-	  --subject="cn=foo" \
-	  --type="https-server" \
-	  --type="https-client" \
-	  --req="PKCS10:pkcs10-request.der" \
-	  --certificate="FILE:cert-ee.pem" || exit 1
-
-echo "issue certificate (pkinit KDC)"
-${hxtool} issue-certificate \
-	  --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
-	  --subject="cn=foo" \
-	  --type="pkinit-kdc" \
-          --pk-init-principal="krbtgt/TEST.H5L.SE@TEST.H5L.SE" \
-	  --req="PKCS10:pkcs10-request.der" \
-	  --certificate="FILE:cert-ee.pem" || exit 1
-
-echo "issue certificate (pkinit client)"
-${hxtool} issue-certificate \
-	  --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
-	  --subject="cn=foo" \
-	  --type="pkinit-client" \
-          --pk-init-principal="lha@TEST.H5L.SE" \
-	  --req="PKCS10:pkcs10-request.der" \
-	  --certificate="FILE:cert-ee.pem" || exit 1
-
-echo "issue certificate (hostnames)"
-${hxtool} issue-certificate \
-	  --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
-	  --subject="cn=foo" \
-	  --type="https-server" \
-          --hostname="www.test.h5l.se" \
-          --hostname="ftp.test.h5l.se" \
-	  --req="PKCS10:pkcs10-request.der" \
-	  --certificate="FILE:cert-ee.pem" || exit 1
-
-echo "verify certificate hostname (ok)"
-${hxtool} verify --missing-revoke \
-	--hostname=www.test.h5l.se \
-	cert:FILE:cert-ee.pem \
-	anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
-
-echo "verify certificate hostname (fail)"
-${hxtool} verify --missing-revoke \
-	--hostname=www2.test.h5l.se \
-	cert:FILE:cert-ee.pem \
-	anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
-
-echo "verify certificate hostname (fail)"
-${hxtool} verify --missing-revoke \
-	--hostname=2www.test.h5l.se \
-	cert:FILE:cert-ee.pem \
-	anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
-
-echo "issue certificate (hostname in CN)"
-${hxtool} issue-certificate \
-	  --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
-	  --subject="cn=www.test.h5l.se" \
-	  --type="https-server" \
-	  --req="PKCS10:pkcs10-request.der" \
-	  --certificate="FILE:cert-ee.pem" || exit 1
-
-echo "verify certificate hostname (ok)"
-${hxtool} verify --missing-revoke \
-	--hostname=www.test.h5l.se \
-	cert:FILE:cert-ee.pem \
-	anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
-
-echo "verify certificate hostname (fail)"
-${hxtool} verify --missing-revoke \
-	--hostname=www2.test.h5l.se \
-	cert:FILE:cert-ee.pem \
-	anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
-
-echo "issue certificate (email)"
-${hxtool} issue-certificate \
-	  --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
-	  --subject="cn=foo" \
-          --email="lha@test.h5l.se" \
-          --email="test@test.h5l.se" \
-	  --req="PKCS10:pkcs10-request.der" \
-	  --certificate="FILE:cert-ee.pem" || exit 1
-
-echo "issue certificate (email, null subject DN)"
-${hxtool} issue-certificate \
-	  --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
-	  --subject="" \
-          --email="lha@test.h5l.se" \
-	  --req="PKCS10:pkcs10-request.der" \
-	  --certificate="FILE:cert-null.pem" || exit 1
-
-echo "issue certificate (jabber)"
-${hxtool} issue-certificate \
-	  --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
-	  --subject="cn=foo" \
-          --jid="lha@test.h5l.se" \
-	  --req="PKCS10:pkcs10-request.der" \
-	  --certificate="FILE:cert-ee.pem" || exit 1
-
-echo "issue self-signed cert"
-${hxtool} issue-certificate \
-	  --self-signed \
-	  --ca-private-key=FILE:$srcdir/data/key.der \
-	  --subject="cn=test" \
-	  --certificate="FILE:cert-ee.pem" || exit 1
-
-echo "issue ca cert"
-${hxtool} issue-certificate \
-	  --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
-	  --issue-ca \
-	  --subject="cn=ca-cert" \
-	  --req="PKCS10:pkcs10-request.der" \
-	  --certificate="FILE:cert-ca.der" || exit 1
-
-echo "issue self-signed ca cert"
-${hxtool} issue-certificate \
-	  --self-signed \
-	  --issue-ca \
-	  --ca-private-key=FILE:$srcdir/data/key.der \
-	  --subject="cn=ca-root" \
-	  --certificate="FILE:cert-ca.der" || exit 1
-
-echo "issue proxy certificate"
-${hxtool} issue-certificate \
-	  --ca-certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
-	  --issue-proxy \
-	  --req="PKCS10:pkcs10-request.der" \
-	  --certificate="FILE:cert-proxy.der" || exit 1
-
-echo "verify proxy cert"
-${hxtool} verify --missing-revoke \
-    --allow-proxy-certificate \
-    cert:FILE:cert-proxy.der \
-    chain:FILE:$srcdir/data/test.crt \
-    anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
-
-echo "issue ca cert (generate rsa key)"
-${hxtool} issue-certificate \
-	  --self-signed \
-	  --issue-ca \
- 	  --serial-number="deadbeaf" \
-	  --generate-key=rsa \
-          --path-length=-1 \
-	  --subject="cn=ca2-cert" \
-	  --certificate="FILE:cert-ca.pem" || exit 1
-
-echo "issue sub-ca cert (generate rsa key)"
-${hxtool} issue-certificate \
-	  --ca-certificate=FILE:cert-ca.pem \
-	  --issue-ca \
- 	  --serial-number="deadbeaf22" \
-	  --generate-key=rsa \
-	  --subject="cn=sub-ca2-cert" \
-	  --certificate="FILE:cert-sub-ca.pem" || exit 1
-
-echo "issue ee cert (generate rsa key)"
-${hxtool} issue-certificate \
-	  --ca-certificate=FILE:cert-ca.pem \
-	  --generate-key=rsa \
-	  --subject="cn=cert-ee2" \
-	  --certificate="FILE:cert-ee.pem" || exit 1
-
-echo "issue sub-ca ee cert (generate rsa key)"
-${hxtool} issue-certificate \
-	  --ca-certificate=FILE:cert-sub-ca.pem \
-	  --generate-key=rsa \
-	  --subject="cn=cert-sub-ee2" \
-	  --certificate="FILE:cert-sub-ee.pem" || exit 1
-
-echo "verify certificate (ee)"
-${hxtool} verify --missing-revoke \
-	cert:FILE:cert-ee.pem \
-	anchor:FILE:cert-ca.pem > /dev/null || exit 1
-
-echo "verify certificate (sub-ee)"
-${hxtool} verify --missing-revoke \
-	cert:FILE:cert-sub-ee.pem \
-	chain:FILE:cert-sub-ca.pem \
-	anchor:FILE:cert-ca.pem || exit 1
-
-echo "sign CMS signature (generate key)"
-${hxtool} cms-create-sd \
-	--certificate=FILE:cert-ee.pem \
-	"$srcdir/test_name.c" \
-	sd.data > /dev/null || exit 1
-
-echo "verify CMS signature (generate key)"
-${hxtool} cms-verify-sd \
-	--missing-revoke \
-	--anchors=FILE:cert-ca.pem \
-	sd.data sd.data.out > /dev/null || exit 1
-cmp "$srcdir/test_name.c" sd.data.out || exit 1
-
-echo "extend ca cert"
-${hxtool} issue-certificate \
-	  --self-signed \
-	  --issue-ca \
-          --lifetime="2years" \
- 	  --serial-number="deadbeaf" \
-	  --ca-private-key=FILE:cert-ca.pem \
-	  --subject="cn=ca2-cert" \
-	  --certificate="FILE:cert-ca.pem" || exit 1
-
-echo "verify certificate generated by previous ca"
-${hxtool} verify --missing-revoke \
-	cert:FILE:cert-ee.pem \
-	anchor:FILE:cert-ca.pem > /dev/null || exit 1
-
-echo "extend ca cert (template)"
-${hxtool} issue-certificate \
-	  --self-signed \
-	  --issue-ca \
-          --lifetime="3years" \
-	  --template-certificate="FILE:cert-ca.pem" \
-	  --template-fields="serialNumber,notBefore,subject" \
-          --path-length=-1 \
-	  --ca-private-key=FILE:cert-ca.pem \
-	  --certificate="FILE:cert-ca.pem" || exit 1
-
-echo "verify certificate generated by previous ca"
-${hxtool} verify --missing-revoke \
-	cert:FILE:cert-ee.pem \
-	anchor:FILE:cert-ca.pem > /dev/null || exit 1
-
-echo "extend sub-ca cert (template)"
-${hxtool} issue-certificate \
-	  --ca-certificate=FILE:cert-ca.pem \
-	  --issue-ca \
-          --lifetime="2years" \
-	  --template-certificate="FILE:cert-sub-ca.pem" \
-	  --template-fields="serialNumber,notBefore,subject,SPKI" \
-	  --certificate="FILE:cert-sub-ca2.pem" || exit 1
-
-echo "verify certificate (sub-ee) with extended chain"
-${hxtool} verify --missing-revoke \
-	cert:FILE:cert-sub-ee.pem \
-	chain:FILE:cert-sub-ca.pem \
-	anchor:FILE:cert-ca.pem > /dev/null || exit 1
-
-echo "+++++++++++ test basic constraints"
-
-echo "extend ca cert (too low path-length constraint)"
-${hxtool} issue-certificate \
-	  --self-signed \
-	  --issue-ca \
-          --lifetime="3years" \
-	  --template-certificate="FILE:cert-ca.pem" \
-	  --template-fields="serialNumber,notBefore,subject" \
-          --path-length=0 \
-	  --ca-private-key=FILE:cert-ca.pem \
-	  --certificate="FILE:cert-ca.pem" || exit 1
-
-echo "verify failure of certificate (sub-ee) with path-length constraint"
-${hxtool} verify --missing-revoke \
-	cert:FILE:cert-sub-ee.pem \
-	chain:FILE:cert-sub-ca.pem \
-	anchor:FILE:cert-ca.pem > /dev/null && exit 1
-
-echo "extend ca cert (exact path-length constraint)"
-${hxtool} issue-certificate \
-	  --self-signed \
-	  --issue-ca \
-          --lifetime="3years" \
-	  --template-certificate="FILE:cert-ca.pem" \
-	  --template-fields="serialNumber,notBefore,subject" \
-          --path-length=1 \
-	  --ca-private-key=FILE:cert-ca.pem \
-	  --certificate="FILE:cert-ca.pem" || exit 1
-
-echo "verify certificate (sub-ee) with exact path-length constraint"
-${hxtool} verify --missing-revoke \
-	cert:FILE:cert-sub-ee.pem \
-	chain:FILE:cert-sub-ca.pem \
-	anchor:FILE:cert-ca.pem > /dev/null || exit 1
-
-echo "Check missing basicConstrants.isCa"
-${hxtool} issue-certificate \
-	  --ca-certificate=FILE:cert-ca.pem \
-          --lifetime="2years" \
-	  --template-certificate="FILE:cert-sub-ca.pem" \
-	  --template-fields="serialNumber,notBefore,subject,SPKI" \
-	  --certificate="FILE:cert-sub-ca2.pem" || exit 1
-
-echo "verify failure certificate (sub-ee) with missing isCA"
-${hxtool} verify --missing-revoke \
-	cert:FILE:cert-sub-ee.pem \
-	chain:FILE:cert-sub-ca2.pem \
-	anchor:FILE:cert-ca.pem > /dev/null && exit 1
-
-echo "issue ee cert (crl uri)"
-${hxtool} issue-certificate \
-	  --ca-certificate=FILE:cert-ca.pem \
-	  --req="PKCS10:pkcs10-request.der" \
-	  --crl-uri="http://www.test.h5l.se/crl1.crl" \
-	  --subject="cn=cert-ee-crl-uri" \
-	  --certificate="FILE:cert-ee.pem" || exit 1
-
-echo "issue null subject cert"
-${hxtool} issue-certificate \
-	  --ca-certificate=FILE:cert-ca.pem \
-	  --req="PKCS10:pkcs10-request.der" \
-	  --subject="" \
-	  --email="lha@test.h5l.se" \
-	  --certificate="FILE:cert-ee.pem" || exit 1
-
-echo "verify certificate null subject"
-${hxtool} verify --missing-revoke \
-	cert:FILE:cert-ee.pem \
-	anchor:FILE:cert-ca.pem > /dev/null || exit 1
-
-exit 0
diff --git a/crypto/heimdal/lib/hx509/test_cert.in b/crypto/heimdal/lib/hx509/test_cert.in
deleted file mode 100644
index ed04bfac3b73..000000000000
--- a/crypto/heimdal/lib/hx509/test_cert.in
+++ /dev/null
@@ -1,69 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2007 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: test_chain.in 20809 2007-06-03 03:19:06Z lha $
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-
-hxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}"
-if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
-    exit 77
-fi
-if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
-    exit 77
-fi
-
-echo "print DIR"
-${hxtool} print --content DIR:$srcdir/data > /dev/null || exit 1
-
-echo "print FILE"
-for a in $srcdir/data/*.crt; do 
-    ${hxtool} print --content FILE:"$a" > /dev/null 2>/dev/null
-done
-
-echo "print NULL"
-${hxtool} print --content NULL: > /dev/null || exit 1
-
-echo "copy dance"
-${hxtool} certificate-copy \
-    FILE:${srcdir}/data/test.crt PEM-FILE:cert-pem.tmp || exit 1
-
-${hxtool} certificate-copy PEM-FILE:cert-pem.tmp DER-FILE:cert-der.tmp || exit 1
-${hxtool} certificate-copy DER-FILE:cert-der.tmp PEM-FILE:cert-pem2.tmp || exit 1
-
-cmp cert-pem.tmp cert-pem2.tmp || exit 1
-
-
-exit 0
diff --git a/crypto/heimdal/lib/hx509/test_chain.in b/crypto/heimdal/lib/hx509/test_chain.in
deleted file mode 100644
index a99ae5e4cb54..000000000000
--- a/crypto/heimdal/lib/hx509/test_chain.in
+++ /dev/null
@@ -1,242 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2004 - 2006 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: test_chain.in 21278 2007-06-25 04:54:43Z lha $
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-
-stat="--statistic-file=${objdir}/statfile"
-
-hxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}"
-if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
-    exit 77
-fi
-if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
-    exit 77
-fi
-
-echo "cert -> root"
-${hxtool} verify --missing-revoke \
-	cert:FILE:$srcdir/data/test.crt \
-	chain:FILE:$srcdir/data/test.crt \
-	chain:FILE:$srcdir/data/ca.crt \
-	anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
-
-echo "cert -> root"
-${hxtool} verify --missing-revoke \
-	cert:FILE:$srcdir/data/test.crt \
-	chain:FILE:$srcdir/data/ca.crt \
-	anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
-
-echo "cert -> root"
-${hxtool} verify --missing-revoke \
-	cert:FILE:$srcdir/data/test.crt \
-	anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
-
-echo "sub-cert -> root"
-${hxtool} verify --missing-revoke \
-	cert:FILE:$srcdir/data/sub-cert.crt \
-	chain:FILE:$srcdir/data/ca.crt \
-	anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
-
-echo "sub-cert -> sub-ca -> root"
-${hxtool} verify --missing-revoke \
-	cert:FILE:$srcdir/data/sub-cert.crt \
-	chain:FILE:$srcdir/data/sub-ca.crt \
-	chain:FILE:$srcdir/data/ca.crt \
-	anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
-
-echo "sub-cert -> sub-ca"
-${hxtool} verify --missing-revoke \
-	cert:FILE:$srcdir/data/sub-cert.crt \
-	anchor:FILE:$srcdir/data/sub-ca.crt > /dev/null || exit 1
-
-echo "sub-cert -> sub-ca -> root"
-${hxtool} verify --missing-revoke \
-	cert:FILE:$srcdir/data/sub-cert.crt \
-	chain:FILE:$srcdir/data/sub-ca.crt \
-	chain:FILE:$srcdir/data/ca.crt \
-	anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
-
-echo "sub-cert -> sub-ca -> root"
-${hxtool} verify --missing-revoke \
-	cert:FILE:$srcdir/data/sub-cert.crt \
-	chain:FILE:$srcdir/data/ca.crt \
-	chain:FILE:$srcdir/data/sub-ca.crt \
-	anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
-
-echo "sub-cert -> sub-ca -> root"
-${hxtool} verify --missing-revoke \
-	cert:FILE:$srcdir/data/sub-cert.crt \
-	chain:FILE:$srcdir/data/sub-ca.crt \
-	anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
-
-echo "max depth 2 (ok)"
-${hxtool} verify --missing-revoke \
-	--max-depth=2 \
-	cert:FILE:$srcdir/data/sub-cert.crt \
-	chain:FILE:$srcdir/data/sub-ca.crt \
-	anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
-
-echo "max depth 1 (fail)"
-${hxtool} verify --missing-revoke \
-	--max-depth=1 \
-	cert:FILE:$srcdir/data/sub-cert.crt \
-	chain:FILE:$srcdir/data/sub-ca.crt \
-	anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
-
-echo "ocsp non-ca responder"
-${hxtool} verify \
-    cert:FILE:$srcdir/data/test.crt \
-    anchor:FILE:$srcdir/data/ca.crt \
-    ocsp:FILE:$srcdir/data/ocsp-resp1-ocsp.der > /dev/null || exit 1
-
-echo "ocsp ca responder"
-${hxtool} verify \
-    cert:FILE:$srcdir/data/test.crt \
-    anchor:FILE:$srcdir/data/ca.crt \
-    ocsp:FILE:$srcdir/data/ocsp-resp1-ca.der > /dev/null || exit 1
-
-echo "ocsp no-ca responder, missing cert"
-${hxtool} verify \
-    cert:FILE:$srcdir/data/test.crt \
-    anchor:FILE:$srcdir/data/ca.crt \
-    ocsp:FILE:$srcdir/data/ocsp-resp1-ocsp-no-cert.der > /dev/null && exit 1
-
-echo "ocsp no-ca responder, missing cert, in pool"
-${hxtool} verify \
-    cert:FILE:$srcdir/data/test.crt \
-    anchor:FILE:$srcdir/data/ca.crt \
-    ocsp:FILE:$srcdir/data/ocsp-resp1-ocsp-no-cert.der \
-    chain:FILE:$srcdir/data/ocsp-responder.crt > /dev/null || exit 1
-
-echo "ocsp no-ca responder, keyHash"
-${hxtool} verify \
-    cert:FILE:$srcdir/data/test.crt \
-    anchor:FILE:$srcdir/data/ca.crt \
-    ocsp:FILE:$srcdir/data/ocsp-resp1-keyhash.der > /dev/null || exit 1
-
-echo "ocsp revoked cert"
-${hxtool} verify \
-    cert:FILE:$srcdir/data/revoke.crt \
-    anchor:FILE:$srcdir/data/ca.crt \
-    ocsp:FILE:$srcdir/data/ocsp-resp2.der > /dev/null && exit 1
-
-for a in resp1-ocsp-no-cert resp1-ca resp1-keyhash resp2 ; do
-	echo "ocsp print reply $a"
-	${hxtool} ocsp-print \
-	    $srcdir/data/ocsp-${a}.der > /dev/null || exit 1
-done
-
-echo "ocsp verify exists"
-${hxtool} ocsp-verify \
-	--ocsp-file=$srcdir/data/ocsp-resp1-ca.der \
-	FILE:$srcdir/data/test.crt > /dev/null || exit 1
-
-echo "ocsp verify not exists"
-${hxtool} ocsp-verify \
-    --ocsp-file=$srcdir/data/ocsp-resp1.der \
-	FILE:$srcdir/data/ca.crt > /dev/null && exit 1
-
-echo "ocsp verify revoked"
-${hxtool} ocsp-verify \
-    --ocsp-file=$srcdir/data/ocsp-resp2.der \
-	FILE:$srcdir/data/revoke.crt > /dev/null && exit 1
-
-echo "crl non-revoked cert"
-${hxtool} verify \
-    cert:FILE:$srcdir/data/test.crt \
-    anchor:FILE:$srcdir/data/ca.crt \
-    crl:FILE:$srcdir/data/crl1.der > /dev/null || exit 1
-
-echo "crl revoked cert"
-${hxtool} verify \
-    cert:FILE:$srcdir/data/revoke.crt \
-    anchor:FILE:$srcdir/data/ca.crt \
-    crl:FILE:$srcdir/data/crl1.der > /dev/null && exit 1
-
-echo "proxy cert"
-${hxtool} verify --missing-revoke \
-    --allow-proxy-certificate \
-    cert:FILE:$srcdir/data/proxy-test.crt \
-    chain:FILE:$srcdir/data/test.crt \
-    anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
-
-echo "proxy cert (negative)"
-${hxtool} verify --missing-revoke \
-    cert:FILE:$srcdir/data/proxy-test.crt \
-    chain:FILE:$srcdir/data/test.crt \
-    anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
-
-echo "proxy cert (level fail)"
-${hxtool} verify --missing-revoke \
-    --allow-proxy-certificate \
-    cert:FILE:$srcdir/data/proxy-level-test.crt \
-    chain:FILE:$srcdir/data/proxy-test.crt \
-    chain:FILE:$srcdir/data/test.crt \
-    anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
-
-echo "not a proxy cert"
-${hxtool} verify --missing-revoke \
-    --allow-proxy-certificate \
-    cert:FILE:$srcdir/data/no-proxy-test.crt \
-    chain:FILE:$srcdir/data/test.crt \
-    anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
-
-echo "proxy cert (max level 10)"
-${hxtool} verify --missing-revoke \
-    --allow-proxy-certificate \
-    cert:FILE:$srcdir/data/proxy10-test.crt \
-    chain:FILE:$srcdir/data/test.crt \
-    anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
-
-echo "proxy cert (second level)"
-${hxtool} verify --missing-revoke \
-    --allow-proxy-certificate \
-    cert:FILE:$srcdir/data/proxy10-child-test.crt \
-    chain:FILE:$srcdir/data/proxy10-test.crt \
-    chain:FILE:$srcdir/data/test.crt \
-    anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
-
-echo "proxy cert (third level)"
-${hxtool} verify --missing-revoke \
-    --allow-proxy-certificate \
-    cert:FILE:$srcdir/data/proxy10-child-child-test.crt \
-    chain:FILE:$srcdir/data/proxy10-child-test.crt \
-    chain:FILE:$srcdir/data/proxy10-test.crt \
-    chain:FILE:$srcdir/data/test.crt \
-    anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
-
-exit 0
diff --git a/crypto/heimdal/lib/hx509/test_cms.in b/crypto/heimdal/lib/hx509/test_cms.in
deleted file mode 100644
index a89e81023530..000000000000
--- a/crypto/heimdal/lib/hx509/test_cms.in
+++ /dev/null
@@ -1,377 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2005 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: test_cms.in 21311 2007-06-25 18:26:37Z lha $
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-
-stat="--statistic-file=${objdir}/statfile"
-
-hxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}"
-
-if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
-    exit 77
-fi
-if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
-    exit 77
-fi
-
-echo "create signed data"
-${hxtool} cms-create-sd \
-	--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
-	"$srcdir/test_chain.in" \
-	sd.data > /dev/null || exit 1
-
-echo "verify signed data"
-${hxtool} cms-verify-sd \
-	--missing-revoke \
-	--anchors=FILE:$srcdir/data/ca.crt \
-	sd.data sd.data.out > /dev/null || exit 1
-cmp "$srcdir/test_chain.in" sd.data.out || exit 1
-
-echo "create signed data (id-by-name)"
-${hxtool} cms-create-sd \
-	--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
-	--id-by-name \
-	"$srcdir/test_chain.in" \
-	sd.data > /dev/null || exit 1
-
-echo "verify signed data"
-${hxtool} cms-verify-sd \
-	--missing-revoke \
-	--anchors=FILE:$srcdir/data/ca.crt \
-	sd.data sd.data.out > /dev/null || exit 1
-cmp "$srcdir/test_chain.in" sd.data.out || exit 1
-
-echo "verify signed data (EE cert as anchor)"
-${hxtool} cms-verify-sd \
-	--missing-revoke \
-	--anchors=FILE:$srcdir/data/test.crt \
-	sd.data sd.data.out > /dev/null || exit 1
-cmp "$srcdir/test_chain.in" sd.data.out || exit 1
-
-echo "create signed data (password)"
-${hxtool} cms-create-sd \
-	--pass=PASS:foobar \
-	--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test-pw.key \
-	"$srcdir/test_chain.in" \
-	sd.data > /dev/null || exit 1
-
-echo "verify signed data"
-${hxtool} cms-verify-sd \
-	--missing-revoke \
-	--anchors=FILE:$srcdir/data/ca.crt \
-	sd.data sd.data.out > /dev/null || exit 1
-cmp "$srcdir/test_chain.in" sd.data.out || exit 1
-
-echo "create signed data (combined)"
-${hxtool} cms-create-sd \
-	--certificate=FILE:$srcdir/data/test.combined.crt \
-	"$srcdir/test_chain.in" \
-	sd.data > /dev/null || exit 1
-
-echo "verify signed data"
-${hxtool} cms-verify-sd \
-	--missing-revoke \
-	--anchors=FILE:$srcdir/data/ca.crt \
-	sd.data sd.data.out > /dev/null || exit 1
-cmp "$srcdir/test_chain.in" sd.data.out || exit 1
-
-echo "create signed data  (content info)"
-${hxtool} cms-create-sd \
-	--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
-	--content-info \
-	"$srcdir/test_chain.in" \
-	sd.data > /dev/null || exit 1
-
-echo "verify signed data (content info)"
-${hxtool} cms-verify-sd \
-	--missing-revoke \
-	--anchors=FILE:$srcdir/data/ca.crt \
-	--content-info \
-	sd.data sd.data.out > /dev/null || exit 1
-cmp "$srcdir/test_chain.in" sd.data.out || exit 1
-
-echo "create signed data  (content type)"
-${hxtool} cms-create-sd \
-	--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
-	--content-type=1.1.1.1 \
-	"$srcdir/test_chain.in" \
-	sd.data > /dev/null || exit 1
-
-echo "verify signed data (content type)"
-${hxtool} cms-verify-sd \
-	--missing-revoke \
-	--anchors=FILE:$srcdir/data/ca.crt \
-	sd.data sd.data.out > /dev/null || exit 1
-cmp "$srcdir/test_chain.in" sd.data.out || exit 1
-
-echo "create signed data (pem)"
-${hxtool} cms-create-sd \
-	--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
-	--pem \
-	"$srcdir/test_chain.in" \
-	sd.data > /dev/null || exit 1
-
-echo "create signed data (pem, detached)"
-${hxtool} cms-create-sd \
-	--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
-	--detached-signature \
-	--pem \
-	"$srcdir/test_chain.in" \
-	sd.data > /dev/null || exit 1
-
-echo "create signed data (p12)"
-${hxtool} cms-create-sd \
-	--pass=PASS:foobar \
-	--certificate=PKCS12:$srcdir/data/test.p12 \
-	--signer=friendlyname-test \
-	"$srcdir/test_chain.in" \
-	sd.data > /dev/null || exit 1
-
-echo "verify signed data"
-${hxtool} cms-verify-sd \
-	--missing-revoke \
-	--anchors=FILE:$srcdir/data/ca.crt \
-	--content-info \
-	"$srcdir/data/test-signed-data" sd.data.out > /dev/null || exit 1
-cmp "$srcdir/data/static-file" sd.data.out || exit 1
-
-echo "verify signed data (no attr)"
-${hxtool} cms-verify-sd \
-	--missing-revoke \
-	--anchors=FILE:$srcdir/data/ca.crt \
-	--content-info \
-	"$srcdir/data/test-signed-data-noattr" sd.data.out > /dev/null || exit 1
-cmp "$srcdir/data/static-file" sd.data.out || exit 1
-
-echo "verify failure signed data (no attr, no certs)"
-${hxtool} cms-verify-sd \
-	--missing-revoke \
-	--anchors=FILE:$srcdir/data/ca.crt \
-	--content-info \
-	"$srcdir/data/test-signed-data-noattr-nocerts" \
-	sd.data.out > /dev/null 2>/dev/null && exit 1
-
-echo "verify signed data (no attr, no certs)"
-${hxtool} cms-verify-sd \
-	--missing-revoke \
-	--anchors=FILE:$srcdir/data/ca.crt \
-	--certificate=FILE:$srcdir/data/test.crt \
-	--content-info \
-	"$srcdir/data/test-signed-data-noattr-nocerts" \
-	sd.data.out > /dev/null || exit 1
-cmp "$srcdir/data/static-file" sd.data.out || exit 1
-
-echo "create signed data (subcert, no certs)"
-${hxtool} cms-create-sd \
-	--certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \
-	"$srcdir/test_chain.in" \
-	sd.data > /dev/null || exit 1
-
-echo "verify failure signed data"
-${hxtool} cms-verify-sd \
-	--missing-revoke \
-	--anchors=FILE:$srcdir/data/ca.crt \
-	sd.data sd.data.out > /dev/null 2> /dev/null && exit 1
-
-echo "verify success signed data"
-${hxtool} cms-verify-sd \
-	--missing-revoke \
-	--certificate=FILE:$srcdir/data/sub-ca.crt \
-	--anchors=FILE:$srcdir/data/ca.crt \
-	sd.data sd.data.out > /dev/null || exit 1
-cmp "$srcdir/test_chain.in" sd.data.out || exit 1
-
-echo "create signed data (subcert, certs)"
-${hxtool} cms-create-sd \
-	--certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \
-	--pool=FILE:$srcdir/data/sub-ca.crt \
-	--anchors=FILE:$srcdir/data/ca.crt \
-	"$srcdir/test_chain.in" \
-	sd.data > /dev/null || exit 1
-
-echo "verify success signed data"
-${hxtool} cms-verify-sd \
-	--missing-revoke \
-	--anchors=FILE:$srcdir/data/ca.crt \
-	sd.data sd.data.out > /dev/null || exit 1
-cmp "$srcdir/test_chain.in" sd.data.out || exit 1
-
-echo "create signed data (subcert, certs, no-root)"
-${hxtool} cms-create-sd \
-	--certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \
-	--pool=FILE:$srcdir/data/sub-ca.crt \
-	"$srcdir/test_chain.in" \
-	sd.data > /dev/null || exit 1
-
-echo "verify success signed data"
-${hxtool} cms-verify-sd \
-	--missing-revoke \
-	--anchors=FILE:$srcdir/data/ca.crt \
-	sd.data sd.data.out > /dev/null || exit 1
-cmp "$srcdir/test_chain.in" sd.data.out || exit 1
-
-echo "create signed data (subcert, no-subca, no-root)"
-${hxtool} cms-create-sd \
-	--certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \
-	"$srcdir/test_chain.in" \
-	sd.data > /dev/null || exit 1
-
-echo "verify failure signed data"
-${hxtool} cms-verify-sd \
-	--missing-revoke \
-	--anchors=FILE:$srcdir/data/ca.crt \
-	sd.data sd.data.out > /dev/null 2>/dev/null && exit 1
-
-echo "create signed data (sd cert)"
-${hxtool} cms-create-sd \
-	--certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \
-	"$srcdir/test_chain.in" \
-	sd.data > /dev/null || exit 1
-
-echo "create signed data (ke cert)"
-${hxtool} cms-create-sd \
-	--certificate=FILE:$srcdir/data/test-ke-only.crt,$srcdir/data/test-ke-only.key \
-	"$srcdir/test_chain.in" \
-	sd.data > /dev/null 2>/dev/null && exit 1
-
-echo "create signed data (sd + ke certs)"
-${hxtool} cms-create-sd \
-	--certificate=FILE:$srcdir/data/test-ke-only.crt,$srcdir/data/test-ke-only.key \
-	--certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \
-	"$srcdir/test_chain.in" \
-	sd.data > /dev/null || exit 1
-
-echo "create signed data (ke + sd certs)"
-${hxtool} cms-create-sd \
-	--certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \
-	--certificate=FILE:$srcdir/data/test-ke-only.crt,$srcdir/data/test-ke-only.key \
-	"$srcdir/test_chain.in" \
-	sd.data > /dev/null || exit 1
-
-echo "create signed data (detached)"
-${hxtool} cms-create-sd \
-	--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
-	--detached-signature \
-	"$srcdir/test_chain.in" \
-	sd.data > /dev/null || exit 1
-
-echo "verify signed data (detached)"
-${hxtool} cms-verify-sd \
-	--missing-revoke \
-	--signed-content="$srcdir/test_chain.in" \
-	--anchors=FILE:$srcdir/data/ca.crt \
-	sd.data sd.data.out > /dev/null || exit 1
-cmp "$srcdir/test_chain.in" sd.data.out || exit 1
-
-echo "verify failure signed data (detached)"
-${hxtool} cms-verify-sd \
-	--missing-revoke \
-	--anchors=FILE:$srcdir/data/ca.crt \
-	sd.data sd.data.out > /dev/null 2>/dev/null && exit 1
-
-echo "create signed data (rsa)"
-${hxtool} cms-create-sd \
-	--peer-alg=1.2.840.113549.1.1.1 \
-	--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
-	"$srcdir/test_chain.in" \
-	sd.data > /dev/null || exit 1
-
-echo "verify signed data (rsa)"
-${hxtool} cms-verify-sd \
-	--missing-revoke \
-	--anchors=FILE:$srcdir/data/ca.crt \
-	sd.data sd.data.out > /dev/null 2>/dev/null || exit 1
-cmp "$srcdir/test_chain.in" sd.data.out || exit 1
-
-echo "envelope data (content-type)"
-${hxtool} cms-envelope \
-	--certificate=FILE:$srcdir/data/test.crt \
-	--content-type=1.1.1.1 \
-	"$srcdir/data/static-file" \
-	ev.data > /dev/null || exit 1
-
-echo "unenvelope data (content-type)"
-${hxtool} cms-unenvelope \
-	--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
-	ev.data ev.data.out \
-	FILE:$srcdir/data/test.crt,$srcdir/data/test.key > /dev/null || exit 1
-cmp "$srcdir/data/static-file" ev.data.out || exit 1
-
-echo "envelope data (content-info)"
-${hxtool} cms-envelope \
-	--certificate=FILE:$srcdir/data/test.crt \
-	--content-info \
-	"$srcdir/data/static-file" \
-	ev.data > /dev/null || exit 1
-
-echo "unenvelope data (content-info)"
-${hxtool} cms-unenvelope \
-	--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
-	--content-info \
-	ev.data ev.data.out \
-	FILE:$srcdir/data/test.crt,$srcdir/data/test.key > /dev/null || exit 1
-cmp "$srcdir/data/static-file" ev.data.out || exit 1
-
-for a in des-ede3 aes-128 aes-256; do
-
-	rm -f ev.data ev.data.out
-	echo "envelope data ($a)"
-	${hxtool} cms-envelope \
-	        --encryption-type="$a-cbc" \
-		--certificate=FILE:$srcdir/data/test.crt \
-		"$srcdir/data/static-file" \
-		ev.data  || exit 1
-
-	echo "unenvelope data ($a)"
-	${hxtool} cms-unenvelope \
-		--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
-		ev.data ev.data.out > /dev/null || exit 1
-	cmp "$srcdir/data/static-file" ev.data.out || exit 1
-done
-
-for a in rc2-40 rc2-64 rc2-128 des-ede3 aes-128 aes-256; do
-    echo "static unenvelope data ($a)"
-
-    rm -f ev.data.out
-    ${hxtool} cms-unenvelope \
-	--certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
-	--content-info \
-	"$srcdir/data/test-enveloped-$a" ev.data.out > /dev/null || exit 1
-    cmp "$srcdir/data/static-file" ev.data.out || exit 1
-done
-
-exit 0
diff --git a/crypto/heimdal/lib/hx509/test_crypto.in b/crypto/heimdal/lib/hx509/test_crypto.in
deleted file mode 100644
index 31b5233fe9e6..000000000000
--- a/crypto/heimdal/lib/hx509/test_crypto.in
+++ /dev/null
@@ -1,187 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2006 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: test_crypto.in 20898 2007-06-04 23:07:46Z lha $
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-
-stat="--statistic-file=${objdir}/statfile"
-
-hxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}"
-
-if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
-    exit 77
-fi
-if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
-    exit 77
-fi
-
-
-echo "Bleichenbacher good cert (from eay)"
-${hxtool} verify --missing-revoke \
-    --time=2006-09-25 \
-    cert:FILE:$srcdir/data/bleichenbacher-good.pem \
-    anchor:FILE:$srcdir/data/bleichenbacher-good.pem > /dev/null || exit 1
-
-echo "Bleichenbacher bad cert (from eay)"
-${hxtool} verify --missing-revoke \
-    --time=2006-09-25 \
-    cert:FILE:$srcdir/data/bleichenbacher-bad.pem \
-    anchor:FILE:$srcdir/data/bleichenbacher-bad.pem > /dev/null && exit 1
-
-echo "Bleichenbacher good cert (from yutaka)"
-${hxtool} verify --missing-revoke \
-    --time=2006-09-25 \
-    cert:FILE:$srcdir/data/yutaka-pad-ok-cert.pem \
-    anchor:FILE:$srcdir/data/yutaka-pad-ok-ca.pem > /dev/null || exit 1
-
-echo "Bleichenbacher bad cert (from yutaka)"
-${hxtool} verify --missing-revoke \
-    --time=2006-09-25 \
-    cert:FILE:$srcdir/data/yutaka-pad-broken-cert.pem \
-    anchor:FILE:$srcdir/data/yutaka-pad-broken-ca.pem > /dev/null && exit 1
-
-# Ralf-Philipp Weinmann <weinmann@cdc.informatik.tu-darmstadt.de>
-# Andrew Pyshkin <pychkine@cdc.informatik.tu-darmstadt.de>
-echo "Bleichenbacher bad cert (sf pad correct)"
-${hxtool} verify --missing-revoke \
-    --time=2006-09-25 \
-    cert:FILE:$srcdir/data/bleichenbacher-sf-pad-correct.pem \
-    anchor:FILE:$srcdir/data/sf-class2-root.pem > /dev/null && exit 1
-
-echo Read 50 kilobyte random data
-${hxtool} random-data 50kilobyte > random-data || exit 1
-
-echo "crypto select1"
-${hxtool} crypto-select > test || { echo "select1"; exit 1; }
-cmp test ${srcdir}/tst-crypto-select1 > /dev/null || \
-	{ echo "select1 failure"; exit 1; }
-
-echo "crypto select1"
-${hxtool} crypto-select --type=digest > test || { echo "select1"; exit 1; }
-cmp test ${srcdir}/tst-crypto-select1 > /dev/null || \
-	{ echo "select1 failure"; exit 1; }
-
-echo "crypto select2"
-${hxtool} crypto-select --type=public-sig > test || { echo "select2"; exit 1; }
-cmp test ${srcdir}/tst-crypto-select2 > /dev/null || \
-	{ echo "select2 failure"; exit 1; }
-
-echo "crypto select3"
-${hxtool} crypto-select \
-	--type=public-sig \
-	--peer-cmstype=1.2.840.113549.1.1.4 \
-	 > test || { echo "select3"; exit 1; }
-cmp test ${srcdir}/tst-crypto-select3 > /dev/null || \
-	{ echo "select3 failure"; exit 1; }
-
-echo "crypto select4"
-${hxtool} crypto-select \
-	--type=public-sig \
-	--peer-cmstype=1.2.840.113549.1.1.5 \
-	--peer-cmstype=1.2.840.113549.1.1.4 \
-	 > test || { echo "select4"; exit 1; }
-cmp test ${srcdir}/tst-crypto-select4 > /dev/null || \
-	{ echo "select4 failure"; exit 1; }
-
-echo "crypto select5"
-${hxtool} crypto-select \
-	--type=public-sig \
-	--peer-cmstype=1.2.840.113549.1.1.11 \
-	--peer-cmstype=1.2.840.113549.1.1.5 \
-	 > test || { echo "select5"; exit 1; }
-cmp test ${srcdir}/tst-crypto-select5 > /dev/null || \
-	{ echo "select5 failure"; exit 1; }
-
-echo "crypto select6"
-${hxtool} crypto-select \
-	--type=public-sig \
-	--peer-cmstype=1.2.840.113549.2.5 \
-	--peer-cmstype=1.2.840.113549.1.1.5 \
-	 > test || { echo "select6"; exit 1; }
-cmp test ${srcdir}/tst-crypto-select6 > /dev/null || \
-	{ echo "select6 failure"; exit 1; }
-
-echo "crypto select7"
-${hxtool} crypto-select \
-	--type=secret \
-	--peer-cmstype=2.16.840.1.101.3.4.1.42 \
-	--peer-cmstype=1.2.840.113549.3.7 \
-	--peer-cmstype=1.2.840.113549.1.1.5 \
-	 > test || { echo "select7"; exit 1; }
-cmp test ${srcdir}/tst-crypto-select7 > /dev/null || \
-	{ echo "select7 failure"; exit 1; }
-
-echo "crypto available1"
-${hxtool} crypto-available \
-	--type=all \
-	> test || { echo "available1"; exit 1; }
-cmp test ${srcdir}/tst-crypto-available1 > /dev/null || \
-	{ echo "available1 failure"; exit 1; }
-
-echo "crypto available2"
-${hxtool} crypto-available \
-	--type=digest \
-	> test || { echo "available2"; exit 1; }
-cmp test ${srcdir}/tst-crypto-available2 > /dev/null || \
-	{ echo "available2 failure"; exit 1; }
-
-echo "crypto available3"
-${hxtool} crypto-available \
-	--type=public-sig \
-	> test || { echo "available3"; exit 1; }
-cmp test ${srcdir}/tst-crypto-available3 > /dev/null || \
-	{ echo "available3 failure"; exit 1; }
-
-echo "copy keystore FILE existing -> FILE"
-${hxtool} certificate-copy \
-    FILE:${srcdir}/data/test.crt,${srcdir}/data/test.key \
-    FILE:out.pem || exit 1
-
-echo "copy keystore FILE -> FILE"
-${hxtool} certificate-copy \
-    FILE:out.pem \
-    FILE:out2.pem || exit 1
-
-echo "copy keystore FILE -> PKCS12"
-${hxtool} certificate-copy \
-    FILE:out.pem \
-    PKCS12:out2.pem || exit 1
-
-echo "print certificate with utf8"
-${hxtool} print \
-	FILE:$srcdir/data/j.pem >/dev/null 2>/dev/null || exit 1
-
-exit 0
diff --git a/crypto/heimdal/lib/hx509/test_java_pkcs11.in b/crypto/heimdal/lib/hx509/test_java_pkcs11.in
deleted file mode 100644
index 35f61e61aa35..000000000000
--- a/crypto/heimdal/lib/hx509/test_java_pkcs11.in
+++ /dev/null
@@ -1,73 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2008 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-
-exit 0
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-
-dir=$objdir
-file=
-
-for a in libhx509.so .libs/libhx509.so libhx509.dylib .libs/libhx509.dylib ; do
-    if [ -f $dir/$a ] ; then
-	file=$dir/$a
-	break
-    fi
-done
-
-if [ "X$file" = X ] ; then
-    exit 0
-fi
-
-cat > pkcs11.cfg <<EOF
-name = Heimdal
-library = $file
-EOF
-
-cat > test-rc-file.rc <<EOF
-certificate	cert	User certificate	FILE:$srcdir/data/test.crt,$srcdir/data/test.key
-debug	stdout
-EOF
-
-
-env SOFTPKCS11RC="test-rc-file.rc" \
-    keytool \
-    -keystore NONE \
-    -storetype PKCS11 \
-    -providerClass sun.security.pkcs11.SunPKCS11 \
-    -providerArg pkcs11.cfg \
-    -list || exit 1
-
-exit 0
diff --git a/crypto/heimdal/lib/hx509/test_name.c b/crypto/heimdal/lib/hx509/test_name.c
deleted file mode 100644
index 2c6dd516cb80..000000000000
--- a/crypto/heimdal/lib/hx509/test_name.c
+++ /dev/null
@@ -1,132 +0,0 @@
-/*
- * Copyright (c) 2006 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-RCSID("$Id: test_name.c 19882 2007-01-13 01:02:57Z lha $");
-
-static int
-test_name(hx509_context context, const char *name)
-{
-    hx509_name n;
-    char *s;
-    int ret;
-
-    ret = hx509_parse_name(context, name, &n);
-    if (ret)
-	return 1;
-
-    ret = hx509_name_to_string(n, &s);
-    if (ret)
-	return 1;
-
-    if (strcmp(s, name) != 0)
-	return 1;
-
-    hx509_name_free(&n);
-    free(s);
-
-    return 0;
-}
-
-static int
-test_name_fail(hx509_context context, const char *name)
-{
-    hx509_name n;
-
-    if (hx509_parse_name(context, name, &n) == HX509_NAME_MALFORMED)
-	return 0;
-    hx509_name_free(&n);
-    return 1;
-}
-
-static int
-test_expand(hx509_context context, const char *name, const char *expected)
-{
-    hx509_env env;
-    hx509_name n;
-    char *s;
-    int ret;
-
-    hx509_env_init(context, &env);
-    hx509_env_add(context, env, "uid", "lha");
-
-    ret = hx509_parse_name(context, name, &n);
-    if (ret)
-	return 1;
-
-    ret = hx509_name_expand(context, n, env);
-    hx509_env_free(&env);
-    if (ret)
-	return 1;
-
-    ret = hx509_name_to_string(n, &s);
-    hx509_name_free(&n);
-    if (ret)
-	return 1;
-    
-    ret = strcmp(s, expected) != 0;
-    free(s);
-    if (ret)
-	return 1;
-
-    return 0;
-}
-
-int
-main(int argc, char **argv)
-{
-    hx509_context context;
-    int ret = 0;
-
-    ret = hx509_context_init(&context);
-    if (ret)
-	errx(1, "hx509_context_init failed with %d", ret);
-
-    ret += test_name(context, "CN=foo,C=SE");
-    ret += test_name(context, "CN=foo,CN=kaka,CN=FOO,DC=ad1,C=SE");
-    ret += test_name(context, "1.2.3.4=foo,C=SE");
-    ret += test_name_fail(context, "=");
-    ret += test_name_fail(context, "CN=foo,=foo");
-    ret += test_name_fail(context, "CN=foo,really-unknown-type=foo");
-
-    ret += test_expand(context, "UID=${uid},C=SE", "UID=lha,C=SE");
-    ret += test_expand(context, "UID=foo${uid},C=SE", "UID=foolha,C=SE");
-    ret += test_expand(context, "UID=${uid}bar,C=SE", "UID=lhabar,C=SE");
-    ret += test_expand(context, "UID=f${uid}b,C=SE", "UID=flhab,C=SE");
-    ret += test_expand(context, "UID=${uid}${uid},C=SE", "UID=lhalha,C=SE");
-    ret += test_expand(context, "UID=${uid}{uid},C=SE", "UID=lha{uid},C=SE");
-
-    hx509_context_free(&context);
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/hx509/test_nist.in b/crypto/heimdal/lib/hx509/test_nist.in
deleted file mode 100644
index 8306283fc9e0..000000000000
--- a/crypto/heimdal/lib/hx509/test_nist.in
+++ /dev/null
@@ -1,116 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2004 - 2005 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: test_nist.in 22240 2007-12-08 22:55:03Z lha $
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-nistdir=${objdir}/PKITS_data
-nistzip=${srcdir}/data/PKITS_data.zip
-
-stat="--statistic-file=${objdir}/statfile"
-
-hxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}"
-
-# nistzip is not distributed part of the distribution
-test -f "$nistzip" || exit 77
-
-if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
-    exit 77
-fi
-if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
-    exit 77
-fi
-
-echo "nist tests"
-
-if [ ! -d "$nistdir" ] ; then
-    ( mkdir "$nistdir" && unzip -d "${nistdir}" "${nistzip}" ) >/dev/null || \
-	{ rm -rf "$nistdir" ; exit 1; }
-fi
-
-while read id verify cert arg1 arg2 arg3 arg4 arg5 ; do
-    expr "$id" : "#" > /dev/null && continue
-    
-    test "$id" = "end" && break
-
-    args=""
-    case "$arg1" in
-    *.crt) args="$args chain:FILE:$nistdir/certs/$arg1" ;;
-    *.crl) args="$args crl:FILE:$nistdir/crls/$arg1" ;;
-    *) args="$args $arg1" ;;
-    esac
-    case "$arg2" in
-    *.crt) args="$args chain:FILE:$nistdir/certs/$arg2" ;;
-    *.crl) args="$args crl:FILE:$nistdir/crls/$arg2" ;;
-    *) args="$args $arg2" ;;
-    esac
-    case "$arg3" in
-    *.crt) args="$args chain:FILE:$nistdir/certs/$arg3" ;;
-    *.crl) args="$args crl:FILE:$nistdir/crls/$arg3" ;;
-    *) args="$args $arg3" ;;
-    esac
-    case "$arg4" in
-    *.crt) args="$args chain:FILE:$nistdir/certs/$arg4" ;;
-    *.crl) args="$args crl:FILE:$nistdir/crls/$arg4" ;;
-    *) args="$args $arg4" ;;
-    esac
-    case "$arg5" in
-    *.crt) args="$args chain:FILE:$nistdir/certs/$arg5" ;;
-    *.crl) args="$args crl:FILE:$nistdir/crls/$arg5" ;;
-    *) args="$args $arg5" ;;
-    esac
-
-    args="$args anchor:FILE:$nistdir/certs/TrustAnchorRootCertificate.crt"
-    args="$args crl:FILE:$nistdir/crls/TrustAnchorRootCRL.crl"
-    args="$args cert:FILE:$nistdir/certs/$cert"
-
-    if ${hxtool} verify $args > /dev/null; then
-	if test "$verify" = "f"; then
-	    echo "verify passed on fail: $id $cert"
-	    exit 1
-	fi
-    else
-	if test "$verify" = "p"; then
-	    echo "verify failed on pass: $id $cert"
-	    exit 1
-	fi
-    fi
-
-done < $srcdir/data/nist-data
-
-
-echo "done!"
-
-exit 0
diff --git a/crypto/heimdal/lib/hx509/test_nist2.in b/crypto/heimdal/lib/hx509/test_nist2.in
deleted file mode 100644
index 66161298953f..000000000000
--- a/crypto/heimdal/lib/hx509/test_nist2.in
+++ /dev/null
@@ -1,118 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2004 - 2005 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: test_nist.in 21787 2007-08-02 08:50:24Z lha $
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-nistdir=${objdir}/PKITS_data
-nistzip=${srcdir}/data/PKITS_data.zip
-
-limit="${1:-nolimit}"
-
-stat="--statistic-file=${objdir}/statfile"
-
-hxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}"
-
-# nistzip is not distributed part of the distribution
-test -f "$nistzip" || exit 77
-
-if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
-    exit 77
-fi
-if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
-    exit 77
-fi
-
-echo "nist tests, version 2"
-
-if [ ! -d "$nistdir" ] ; then
-    ( mkdir "$nistdir" && unzip -d "${nistdir}" "${nistzip}" ) >/dev/null || \
-	{ rm -rf "$nistdir" ; exit 1; }
-fi
-
-ec=
-name=
-description=
-while read result cert other ; do
-    if expr "$result" : "#" > /dev/null; then
-	name=${cert}
-	description="${other}"
-	continue
-    fi
-    
-    test nolimit != "${limit}" && ! expr "$name" : "$limit" > /dev/null && continue
-
-    test "$result" = "end" && break
-
-    args=
-    args="$args cert:FILE:$nistdir/certs/$cert"
-    args="$args chain:DIR:$nistdir/certs"
-    args="$args anchor:FILE:$nistdir/certs/TrustAnchorRootCertificate.crt"
-#    args="$args crl:FILE:$nistdir/crls/TrustAnchorRootCRL.crl"
-
-    for a in $nistdir/crls/*.crl; do
-	args="$args crl:FILE:$a"
-    done
-
-    cmd="${hxtool} verify $args"
-    eval ${cmd} > /dev/null
-    res=$?
-
-    case "${result},${res}" in
-    0,0) r="PASSs";;
-    0,*) r="FAILs";;
-    [123],0) r="FAILf";;
-    [123],*) r="PASSf";;
-    *) echo="unknown result ${result},${res}" ; exit 1 ;;
-    esac
-    if grep "${name} FAIL" $srcdir/data/nist-result2 > /dev/null; then
-	if expr "$r" : "PASS" >/dev/null; then
-	    echo "${name} passed when expected not to"
-	    echo "# ${description}" > nist2-passed-${name}.tmp
-	    ec=1
-	fi
-    elif expr "$r" : "FAIL.*" >/dev/null ; then
-	echo "$r ${name} ${description}"
-	echo "# ${description}" > nist2-failed-${name}.tmp
-	echo "$cmd" >> nist2-failed-${name}.tmp
-	ec=1
-    fi
-
-done < $srcdir/data/nist-data2
-
-
-echo "done!"
-
-exit $ec
diff --git a/crypto/heimdal/lib/hx509/test_nist_cert.in b/crypto/heimdal/lib/hx509/test_nist_cert.in
deleted file mode 100644
index 2d2bbe1f1983..000000000000
--- a/crypto/heimdal/lib/hx509/test_nist_cert.in
+++ /dev/null
@@ -1,68 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2006 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: test_nist_cert.in 21823 2007-08-03 15:13:37Z lha $
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-nistdir=${objdir}/PKITS_data
-nistzip=${srcdir}/data/PKITS_data.zip
-
-# nistzip is not distributed part of the distribution
-test -f "$nistzip" || exit 77
-
-stat="--statistic-file=${objdir}/statfile"
-
-hxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}"
-
-if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
-    exit 77
-fi
-if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
-    exit 77
-fi
-
-if [ ! -d "$nistdir" ] ; then
-    ( mkdir "$nistdir" &&  cd "$nistdir" && unzip "$nistzip" ) >/dev/null || \
-	{ rm -rf "$nistdir" ; exit 1; }
-fi
-
-if ${hxtool} validate DIR:$nistdir/certs > /dev/null; then
-   :
-else
-   echo "validate failed"
-   exit 1
-fi
-
-exit 0
diff --git a/crypto/heimdal/lib/hx509/test_nist_pkcs12.in b/crypto/heimdal/lib/hx509/test_nist_pkcs12.in
deleted file mode 100644
index fe595f284784..000000000000
--- a/crypto/heimdal/lib/hx509/test_nist_pkcs12.in
+++ /dev/null
@@ -1,77 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2004 - 2005 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: test_nist_pkcs12.in 22256 2007-12-09 06:04:02Z lha $
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-pass="--pass=PASS:password"
-nistdir=${objdir}/PKITS_data
-nistzip=${srcdir}/data/PKITS_data.zip
-
-# nistzip is not distributed part of the distribution
-test -f "$nistzip" || exit 77
-
-stat="--statistic-file=${objdir}/statfile"
-
-hxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}"
-
-if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
-    exit 77
-fi
-if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
-    exit 77
-fi
-
-if [ ! -d "$nistdir" ] ; then
-    ( mkdir "$nistdir" &&  cd "$nistdir" && unzip "$nistzip" ) >/dev/null || \
-	{ rm -rf "$nistdir" ; exit 1; }
-fi
-
-echo "nist pkcs12 tests"
-
-for a in $nistdir/pkcs12/*.p12 ; do
-
-    if ${hxtool} validate $pass PKCS12:$a > /dev/null; then
-	:
-    else
-	echo "$a failed"
-	exit 1
-    fi
-
-done
-
-echo "done!"
-
-exit 0
-\ No newline at end of file
diff --git a/crypto/heimdal/lib/hx509/test_pkcs11.in b/crypto/heimdal/lib/hx509/test_pkcs11.in
deleted file mode 100644
index 0a315bf5eaf7..000000000000
--- a/crypto/heimdal/lib/hx509/test_pkcs11.in
+++ /dev/null
@@ -1,62 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2008 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-
-SOFTPKCS11RC="test-rc-file.rc" \
-export SOFTPKCS11RC
-
-echo "password less"
-
-cat > test-rc-file.rc <<EOF
-certificate	cert	User certificate	FILE:$srcdir/data/test.crt,$srcdir/data/test.key
-debug	p11dbg.log
-app-fatal	true
-EOF
-
-./test_soft_pkcs11 || exit 1
-
-echo "password"
-
-cat > test-rc-file.rc <<EOF
-certificate	cert	User certificate	FILE:$srcdir/data/test.crt,$srcdir/data/test-pw.key
-debug	p11dbg.log
-app-fatal	true
-EOF
-
-./test_soft_pkcs11 || exit 1
-
-echo "done"
-exit 0
diff --git a/crypto/heimdal/lib/hx509/test_query.in b/crypto/heimdal/lib/hx509/test_query.in
deleted file mode 100644
index 01e0c3123371..000000000000
--- a/crypto/heimdal/lib/hx509/test_query.in
+++ /dev/null
@@ -1,146 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2005 - 2007 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: test_query.in 20782 2007-06-02 00:46:00Z lha $
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-
-stat="--statistic-file=${objdir}/statfile"
-
-hxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}"
-
-echo "try printing"
-${hxtool} print \
-	--pass=PASS:foobar \
-	PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null || exit 1
-
-${hxtool} print \
-	--pass=PASS:foobar \
-	--info \
-	PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null || exit 1
-
-echo "make sure entry is found (friendlyname)"
-${hxtool} query \
-	--pass=PASS:foobar \
-	--friendlyname=friendlyname-test  \
-	PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null || exit 1
-
-echo "make sure entry is not found  (friendlyname)"
-${hxtool} query \
-	--pass=PASS:foobar \
-	--friendlyname=friendlyname-test-not  \
-	PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null && exit 1
-
-echo "make sure entry is found (friendlyname, no-pw)"
-${hxtool} query \
-	--friendlyname=friendlyname-cert  \
-	PKCS12:$srcdir/data/test-nopw.p12 >/dev/null 2>/dev/null || exit 1
-
-echo "check for ca cert (friendlyname)"
-${hxtool} query \
-	--pass=PASS:foobar \
-	--friendlyname=ca  \
-	PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null || exit 1
-
-echo "make sure entry is not found (friendlyname)"
-${hxtool} query \
-	--pass=PASS:foobar \
-	--friendlyname=friendlyname-test \
-	PKCS12:$srcdir/data/sub-cert.p12 >/dev/null 2>/dev/null && exit 1
-
-echo "make sure entry is found (friendlyname|private key)"
-${hxtool} query \
-	--pass=PASS:foobar \
-	--friendlyname=friendlyname-test  \
-	--private-key \
-	PKCS12:$srcdir/data/test.p12 > /dev/null || exit 1
-
-echo "make sure entry is not found (friendlyname|private key)"
-${hxtool} query \
-	--pass=PASS:foobar \
-	--friendlyname=ca  \
-	--private-key \
-	PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null && exit 1
-
-echo "make sure entry is found (cert ds)"
-${hxtool} query \
-	--digitalSignature \
-	FILE:$srcdir/data/test.crt >/dev/null 2>/dev/null || exit 1
-
-echo "make sure entry is found (cert ke)"
-${hxtool} query \
-	--keyEncipherment \
-	FILE:$srcdir/data/test.crt >/dev/null 2>/dev/null || exit 1
-
-echo "make sure entry is found (cert ke + ds)"
-${hxtool} query \
-	--digitalSignature \
-	--keyEncipherment \
-	FILE:$srcdir/data/test.crt >/dev/null 2>/dev/null || exit 1
-
-echo "make sure entry is found (cert-ds ds)"
-${hxtool} query \
-	--digitalSignature \
-	FILE:$srcdir/data/test-ds-only.crt >/dev/null 2>/dev/null || exit 1
-
-echo "make sure entry is not found (cert-ds ke)"
-${hxtool} query \
-	--keyEncipherment \
-	FILE:$srcdir/data/test-ds-only.crt >/dev/null 2>/dev/null && exit 1
-
-echo "make sure entry is not found (cert-ds ke + ds)"
-${hxtool} query \
-	--digitalSignature \
-	--keyEncipherment \
-	FILE:$srcdir/data/test-ds-only.crt >/dev/null 2>/dev/null && exit 1
-
-echo "make sure entry is not found (cert-ke ds)"
-${hxtool} query \
-	--digitalSignature \
-	FILE:$srcdir/data/test-ke-only.crt >/dev/null 2>/dev/null && exit 1
-
-echo "make sure entry is found (cert-ke ke)"
-${hxtool} query \
-	--keyEncipherment \
-	FILE:$srcdir/data/test-ke-only.crt >/dev/null 2>/dev/null || exit 1
-
-echo "make sure entry is not found (cert-ke ke + ds)"
-${hxtool} query \
-	--digitalSignature \
-	--keyEncipherment \
-	FILE:$srcdir/data/test-ke-only.crt >/dev/null 2>/dev/null && exit 1
-
-exit 0
-
diff --git a/crypto/heimdal/lib/hx509/test_req.in b/crypto/heimdal/lib/hx509/test_req.in
deleted file mode 100644
index 2109ceb26dca..000000000000
--- a/crypto/heimdal/lib/hx509/test_req.in
+++ /dev/null
@@ -1,63 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2005 - 2007 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: test_req.in 21341 2007-06-26 14:20:56Z lha $
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-
-stat="--statistic-file=${objdir}/statfile"
-
-hxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}"
-
-if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
-    exit 77
-fi
-if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
-    exit 77
-fi
-
-${hxtool} request-create \
-	 --subject="CN=Love,DC=it,DC=su,DC=se" \
-	 --key=FILE:$srcdir/data/key.der \
-	 request.out || exit 1
-
-${hxtool} request-print \
-	 PKCS10:request.out > /dev/null || exit 1
-
-${hxtool} request-create \
-	 --subject="CN=Love,DC=it,DC=su,DC=se" \
-	 --dnsname=nutcracker.it.su.se \
-	 --key=FILE:$srcdir/data/key.der \
-	 request.out || exit 1
diff --git a/crypto/heimdal/lib/hx509/test_soft_pkcs11.c b/crypto/heimdal/lib/hx509/test_soft_pkcs11.c
deleted file mode 100644
index e76f7720156d..000000000000
--- a/crypto/heimdal/lib/hx509/test_soft_pkcs11.c
+++ /dev/null
@@ -1,228 +0,0 @@
-/*
- * Copyright (c) 2006 - 2008 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hx_locl.h"
-#include "pkcs11.h"
-#include <err.h>
-
-static CK_FUNCTION_LIST_PTR func;
-
-
-static CK_RV
-find_object(CK_SESSION_HANDLE session, 
-	    char *id,
-	    CK_OBJECT_CLASS key_class, 
-	    CK_OBJECT_HANDLE_PTR object)
-{
-    CK_ULONG object_count;
-    CK_RV ret;
-    CK_ATTRIBUTE search_data[] = {
-	{CKA_ID, id, 0 },
-	{CKA_CLASS, &key_class, sizeof(key_class)}
-    };
-    CK_ULONG num_search_data = sizeof(search_data)/sizeof(search_data[0]);
-
-    search_data[0].ulValueLen = strlen(id);
-
-    ret = (*func->C_FindObjectsInit)(session, search_data, num_search_data);
-    if (ret != CKR_OK)
-	return ret;
-
-    ret = (*func->C_FindObjects)(session, object, 1, &object_count);
-    if (ret != CKR_OK)
-	return ret;
-    if (object_count == 0) {
-	printf("found no object\n");
-	return 1;
-    }
-
-    ret = (*func->C_FindObjectsFinal)(session);
-    if (ret != CKR_OK)
-	return ret;
-
-    return CKR_OK;
-}
-
-static char *sighash = "hej";
-static char signature[1024];
-
-
-int
-main(int argc, char **argv)
-{
-    CK_SLOT_ID_PTR slot_ids;
-    CK_SLOT_ID slot;
-    CK_ULONG num_slots;
-    CK_RV ret;
-    CK_SLOT_INFO slot_info;
-    CK_TOKEN_INFO token_info;
-    CK_SESSION_HANDLE session;
-    CK_OBJECT_HANDLE public, private;
-
-    ret = C_GetFunctionList(&func);
-    if (ret != CKR_OK)
-	errx(1, "C_GetFunctionList failed: %d", (int)ret);
-
-    (*func->C_Initialize)(NULL_PTR);
-
-    ret = (*func->C_GetSlotList)(FALSE, NULL, &num_slots);
-    if (ret != CKR_OK)
-	errx(1, "C_GetSlotList1 failed: %d", (int)ret);
-
-    if (num_slots == 0)
-	errx(1, "no slots");
-
-    if ((slot_ids = calloc(1, num_slots * sizeof(*slot_ids))) == NULL)
-	err(1, "alloc slots failed");
-
-    ret = (*func->C_GetSlotList)(FALSE, slot_ids, &num_slots);
-    if (ret != CKR_OK)
-	errx(1, "C_GetSlotList2 failed: %d", (int)ret);
-
-    slot = slot_ids[0];
-    free(slot_ids);
-
-    ret = (*func->C_GetSlotInfo)(slot, &slot_info);
-    if (ret)
-	errx(1, "C_GetSlotInfo failed: %d", (int)ret);
-
-    if ((slot_info.flags & CKF_TOKEN_PRESENT) == 0)
-	errx(1, "no token present");
-
-    ret = (*func->C_OpenSession)(slot, CKF_SERIAL_SESSION, 
-				 NULL, NULL, &session);
-    if (ret != CKR_OK)
-	errx(1, "C_OpenSession failed: %d", (int)ret);
-    
-    ret = (*func->C_GetTokenInfo)(slot, &token_info);
-    if (ret)
-	errx(1, "C_GetTokenInfo1 failed: %d", (int)ret);
-
-    if (token_info.flags & CKF_LOGIN_REQUIRED) {
-	ret = (*func->C_Login)(session, CKU_USER,
-			       (unsigned char*)"foobar", 6);
-	if (ret != CKR_OK)
-	    errx(1, "C_Login failed: %d", (int)ret);
-    }
-
-    ret = (*func->C_GetTokenInfo)(slot, &token_info);
-    if (ret)
-	errx(1, "C_GetTokenInfo2 failed: %d", (int)ret);
-
-    if (token_info.flags & CKF_LOGIN_REQUIRED)
-	errx(1, "login required, even after C_Login");
-
-    ret = find_object(session, "cert", CKO_PUBLIC_KEY, &public);
-    if (ret != CKR_OK)
-	errx(1, "find cert failed: %d", (int)ret);
-    ret = find_object(session, "cert", CKO_PRIVATE_KEY, &private);
-    if (ret != CKR_OK)
-	errx(1, "find private key failed: %d", (int)ret);
-
-    {
-	CK_ULONG ck_sigsize;
-	CK_MECHANISM mechanism;
-
-	memset(&mechanism, 0, sizeof(mechanism));
-	mechanism.mechanism = CKM_RSA_PKCS;
-
-	ret = (*func->C_SignInit)(session, &mechanism, private);
-	if (ret != CKR_OK)
-	    return 1;
-	
-	ck_sigsize = sizeof(signature);
-	ret = (*func->C_Sign)(session, (CK_BYTE *)sighash, strlen(sighash),
-			      (CK_BYTE *)signature, &ck_sigsize);
-	if (ret != CKR_OK) {
-	    printf("C_Sign failed with: %d\n", (int)ret);
-	    return 1;
-	}
-
-	ret = (*func->C_VerifyInit)(session, &mechanism, public);
-	if (ret != CKR_OK)
-	    return 1;
-
-	ret = (*func->C_Verify)(session, (CK_BYTE *)signature, ck_sigsize, 
-				(CK_BYTE *)sighash, strlen(sighash));
-	if (ret != CKR_OK) {
-	    printf("message: %d\n", (int)ret);
-	    return 1;
-	}
-    }
-
-#if 0
-    {
-	CK_ULONG ck_sigsize, outsize;
-	CK_MECHANISM mechanism;
-	char outdata[1024];
-
-	memset(&mechanism, 0, sizeof(mechanism));
-	mechanism.mechanism = CKM_RSA_PKCS;
-
-	ret = (*func->C_EncryptInit)(session, &mechanism, public);
-	if (ret != CKR_OK)
-	    return 1;
-	
-	ck_sigsize = sizeof(signature);
-	ret = (*func->C_Encrypt)(session, (CK_BYTE *)sighash, strlen(sighash),
-				 (CK_BYTE *)signature, &ck_sigsize);
-	if (ret != CKR_OK) {
-	    printf("message: %d\n", (int)ret);
-	    return 1;
-	}
-
-	ret = (*func->C_DecryptInit)(session, &mechanism, private);
-	if (ret != CKR_OK)
-	    return 1;
-
-	outsize = sizeof(outdata);
-	ret = (*func->C_Decrypt)(session, (CK_BYTE *)signature, ck_sigsize, 
-				 (CK_BYTE *)outdata, &outsize);
-	if (ret != CKR_OK) {
-	    printf("message: %d\n", (int)ret);
-	    return 1;
-	}
-
-	if (memcmp(sighash, outdata, strlen(sighash)) != 0)
-	    return 1;
-    }
-#endif
-
-    ret = (*func->C_CloseSession)(session);
-    if (ret != CKR_OK)
-	return 1;
-
-    (*func->C_Finalize)(NULL_PTR);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/hx509/test_windows.in b/crypto/heimdal/lib/hx509/test_windows.in
deleted file mode 100644
index 86145449a7f3..000000000000
--- a/crypto/heimdal/lib/hx509/test_windows.in
+++ /dev/null
@@ -1,89 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2007 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: test_windows.in 21004 2007-06-08 01:53:10Z lha $
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-
-stat="--statistic-file=${objdir}/statfile"
-
-hxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}"
-
-if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
-    exit 77
-fi
-if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
-    exit 77
-fi
-
-echo "Create trust anchor"
-${hxtool} issue-certificate \
-    --self-signed \
-    --issue-ca \
-    --generate-key=rsa \
-    --subject="CN=Windows-CA,DC=heimdal,DC=pki" \
-    --lifetime=10years \
-    --certificate="FILE:wca.pem" || exit 1
-
-echo "Create domain controller cert"
-${hxtool} issue-certificate \
-    --type="pkinit-kdc" \
-    --pk-init-principal="krbtgt/HEIMDAL.PKI@HEIMDAL.PKI" \
-    --hostname=kdc.heimdal.pki \
-    --generate-key=rsa \
-    --subject="CN=kdc.heimdal.pki,dc=heimdal,dc=pki" \
-    --certificate="FILE:wdc.pem" \
-    --domain-controller \
-    --crl-uri="http://www.test.h5l.se/test-hemdal-pki-crl1.crl" \
-    --ca-certificate=FILE:wca.pem || exit 1
-
-
-echo "Create user cert"
-${hxtool} issue-certificate \
-    --type="pkinit-client" \
-    --pk-init-principal="user@HEIMDAL.PKI" \
-    --generate-key=rsa \
-    --subject="CN=User,DC=heimdal,DC=pki" \
-    --ms-upn="user@heimdal.pki" \
-    --crl-uri="http://www.test.h5l.se/test-hemdal-pki-crl1.crl" \
-    --certificate="FILE:wuser.pem" \
-    --ca-certificate=FILE:wca.pem || exit 1
-
-echo "Create crl"
-${hxtool} crl-sign \
-	--crl-file=wcrl.crl \
-	--signer=FILE:wca.pem || exit 1
-
-exit 0
diff --git a/crypto/heimdal/lib/hx509/tst-crypto-available1 b/crypto/heimdal/lib/hx509/tst-crypto-available1
deleted file mode 100644
index 71fa741d64ff..000000000000
--- a/crypto/heimdal/lib/hx509/tst-crypto-available1
+++ /dev/null
@@ -1,13 +0,0 @@
-1.2.840.113549.1.1.11
-1.2.840.113549.1.1.5
-1.2.840.113549.1.1.5
-1.2.840.113549.1.1.4
-1.2.840.113549.1.1.2
-1.2.752.43.16.1
-2.16.840.1.101.3.4.2.1
-1.3.14.3.2.26
-1.2.840.113549.2.5
-1.2.840.113549.2.2
-1.2.840.113549.3.7
-2.16.840.1.101.3.4.1.2
-2.16.840.1.101.3.4.1.42
diff --git a/crypto/heimdal/lib/hx509/tst-crypto-available2 b/crypto/heimdal/lib/hx509/tst-crypto-available2
deleted file mode 100644
index b3f76e376f0a..000000000000
--- a/crypto/heimdal/lib/hx509/tst-crypto-available2
+++ /dev/null
@@ -1,4 +0,0 @@
-2.16.840.1.101.3.4.2.1
-1.3.14.3.2.26
-1.2.840.113549.2.5
-1.2.840.113549.2.2
diff --git a/crypto/heimdal/lib/hx509/tst-crypto-available3 b/crypto/heimdal/lib/hx509/tst-crypto-available3
deleted file mode 100644
index 0b1a855ee544..000000000000
--- a/crypto/heimdal/lib/hx509/tst-crypto-available3
+++ /dev/null
@@ -1,6 +0,0 @@
-1.2.840.113549.1.1.11
-1.2.840.113549.1.1.5
-1.2.840.113549.1.1.5
-1.2.840.113549.1.1.4
-1.2.840.113549.1.1.2
-1.2.752.43.16.1
diff --git a/crypto/heimdal/lib/hx509/tst-crypto-select b/crypto/heimdal/lib/hx509/tst-crypto-select
deleted file mode 100644
index 399c883a9235..000000000000
--- a/crypto/heimdal/lib/hx509/tst-crypto-select
+++ /dev/null
@@ -1 +0,0 @@
-1.2.840.113549.1.1.11
diff --git a/crypto/heimdal/lib/hx509/tst-crypto-select1 b/crypto/heimdal/lib/hx509/tst-crypto-select1
deleted file mode 100644
index eb0d095adf65..000000000000
--- a/crypto/heimdal/lib/hx509/tst-crypto-select1
+++ /dev/null
@@ -1 +0,0 @@
-1.3.14.3.2.26
diff --git a/crypto/heimdal/lib/hx509/tst-crypto-select2 b/crypto/heimdal/lib/hx509/tst-crypto-select2
deleted file mode 100644
index 749a54905dc2..000000000000
--- a/crypto/heimdal/lib/hx509/tst-crypto-select2
+++ /dev/null
@@ -1 +0,0 @@
-1.2.840.113549.1.1.5
diff --git a/crypto/heimdal/lib/hx509/tst-crypto-select3 b/crypto/heimdal/lib/hx509/tst-crypto-select3
deleted file mode 100644
index ba9f29fd7df6..000000000000
--- a/crypto/heimdal/lib/hx509/tst-crypto-select3
+++ /dev/null
@@ -1 +0,0 @@
-1.2.840.113549.1.1.4
diff --git a/crypto/heimdal/lib/hx509/tst-crypto-select4 b/crypto/heimdal/lib/hx509/tst-crypto-select4
deleted file mode 100644
index 749a54905dc2..000000000000
--- a/crypto/heimdal/lib/hx509/tst-crypto-select4
+++ /dev/null
@@ -1 +0,0 @@
-1.2.840.113549.1.1.5
diff --git a/crypto/heimdal/lib/hx509/tst-crypto-select5 b/crypto/heimdal/lib/hx509/tst-crypto-select5
deleted file mode 100644
index 399c883a9235..000000000000
--- a/crypto/heimdal/lib/hx509/tst-crypto-select5
+++ /dev/null
@@ -1 +0,0 @@
-1.2.840.113549.1.1.11
diff --git a/crypto/heimdal/lib/hx509/tst-crypto-select6 b/crypto/heimdal/lib/hx509/tst-crypto-select6
deleted file mode 100644
index 749a54905dc2..000000000000
--- a/crypto/heimdal/lib/hx509/tst-crypto-select6
+++ /dev/null
@@ -1 +0,0 @@
-1.2.840.113549.1.1.5
diff --git a/crypto/heimdal/lib/hx509/tst-crypto-select7 b/crypto/heimdal/lib/hx509/tst-crypto-select7
deleted file mode 100644
index 9b0ac647bc5f..000000000000
--- a/crypto/heimdal/lib/hx509/tst-crypto-select7
+++ /dev/null
@@ -1 +0,0 @@
-2.16.840.1.101.3.4.1.42
diff --git a/crypto/heimdal/lib/hx509/version-script.map b/crypto/heimdal/lib/hx509/version-script.map
deleted file mode 100644
index 68ef73e8ecca..000000000000
--- a/crypto/heimdal/lib/hx509/version-script.map
+++ /dev/null
@@ -1,227 +0,0 @@
-# $Id$
-
-HEIMDAL_X509_1.0 {
-	global:
-		initialize_hx_error_table_r;
-		hx509_bitstring_print;
-		hx509_ca_sign;
-		hx509_ca_sign_self;
-		hx509_ca_tbs_add_crl_dp_uri;
-		hx509_ca_tbs_add_eku;
-		hx509_ca_tbs_add_san_hostname;
-		hx509_ca_tbs_add_san_jid;
-		hx509_ca_tbs_add_san_ms_upn;
-		hx509_ca_tbs_add_san_otherName;
-		hx509_ca_tbs_add_san_pkinit;
-		hx509_ca_tbs_add_san_rfc822name;
-		hx509_ca_tbs_free;
-		hx509_ca_tbs_init;
-		hx509_ca_tbs_set_ca;
-		hx509_ca_tbs_set_domaincontroller;
-		hx509_ca_tbs_set_notAfter;
-		hx509_ca_tbs_set_notAfter_lifetime;
-		hx509_ca_tbs_set_notBefore;
-		hx509_ca_tbs_set_proxy;
-		hx509_ca_tbs_set_serialnumber;
-		hx509_ca_tbs_set_spki;
-		hx509_ca_tbs_set_subject;
-		hx509_ca_tbs_set_template;
-		hx509_ca_tbs_subject_expand;
-		hx509_ca_tbs_template_units;
-		hx509_cert_binary;
-		hx509_cert_check_eku;
-		hx509_cert_cmp;
-		hx509_cert_find_subjectAltName_otherName;
-		hx509_cert_free;
-		hx509_cert_get_SPKI;
-		hx509_cert_attribute;
-		hx509_cert_get_attribute;
-		hx509_cert_get_base_subject;
-		hx509_cert_get_friendly_name;
-		hx509_cert_get_issuer;
-		hx509_cert_get_notAfter;
-		hx509_cert_get_notBefore;
-		hx509_cert_get_serialnumber;
-		hx509_cert_get_subject;
-		hx509_cert_init;
-		hx509_cert_init_data;
-		hx509_cert_keyusage_print;
-		hx509_cert;
-		hx509_cert_ref;
-		hx509_cert_set_friendly_name;
-		hx509_certs_add;
-		hx509_certs_append;
-		hx509_certs_end_seq;
-		hx509_certs_find;
-		hx509_certs_free;
-		hx509_certs_info;
-		hx509_certs_init;
-		hx509_certs_iter;
-		hx509_certs_merge;
-		hx509_certs_next_cert;
-		hx509_certs_start_seq;
-		hx509_certs_store;
-		hx509_ci_print_names;
-		hx509_clear_error_string;
-		hx509_cms_create_signed_1;
-		hx509_cms_decrypt_encrypted;
-		hx509_cms_envelope_1;
-		hx509_cms_unenvelope;
-		hx509_cms_unwrap_ContentInfo;
-		hx509_cms_verify_signed;
-		hx509_cms_wrap_ContentInfo;
-		hx509_context_free;
-		hx509_context_init;
-		hx509_context_set_missing_revoke;
-		hx509_crl_add_revoked_certs;
-		hx509_crl_alloc;
-		hx509_crl_free;
-		hx509_crl_lifetime;
-		hx509_crl_sign;
-		hx509_crypto_aes128_cbc;
-		hx509_crypto_aes256_cbc;
-		hx509_crypto_available;
-		hx509_crypto_decrypt;
-		hx509_crypto_des_rsdi_ede3_cbc;
-		hx509_crypto_destroy;
-		hx509_crypto_encrypt;
-		hx509_crypto_enctype_by_name;
-		hx509_crypto_free_algs;
-		hx509_crypto_get_params;
-		hx509_crypto_init;
-		hx509_crypto_provider;
-		hx509_crypto_select;
-		hx509_crypto_set_key_data;
-		hx509_crypto_set_key_name;
-		hx509_crypto_set_params;
-		hx509_crypto_set_random_key;
-		hx509_env_add;
-		hx509_env_free;
-		hx509_env_init;
-		hx509_env_lfind;
-		hx509_err;
-		hx509_free_error_string;
-		hx509_free_octet_string_list;
-		hx509_general_name_unparse;
-		hx509_get_error_string;
-		hx509_get_one_cert;
-		hx509_lock_add_cert;
-		hx509_lock_add_certs;
-		hx509_lock_add_password;
-		hx509_lock_command_string;
-		hx509_lock_free;
-		hx509_lock_init;
-		hx509_lock_prompt;
-		hx509_lock_reset_certs;
-		hx509_lock_reset_passwords;
-		hx509_lock_reset_promper;
-		hx509_lock_set_prompter;
-		hx509_name_cmp;
-		hx509_name_copy;
-		hx509_name_expand;
-		hx509_name_free;
-		hx509_name_is_null_p;
-		hx509_name_normalize;
-		hx509_name_to_Name;
-		hx509_name_binary;
-		hx509_name_to_string;
-		hx509_ocsp_request;
-		hx509_ocsp_verify;
-		hx509_oid_print;
-		hx509_oid_sprint;
-		hx509_parse_name;
-		hx509_peer_info_alloc;
-		hx509_peer_info_free;
-		hx509_peer_info_set_cert;
-		hx509_peer_info_set_cms_algs;
-		hx509_print_stdout;
-		hx509_prompt_hidden;
-		hx509_query_alloc;
-		hx509_query_free;
-		hx509_query_match_cmp_func;
-		hx509_query_match_friendly_name;
-		hx509_query_match_issuer_serial;
-		hx509_query_match_option;
-		hx509_query_statistic_file;
-		hx509_query_unparse_stats;
-		hx509_revoke_add_crl;
-		hx509_revoke_add_ocsp;
-		hx509_revoke_free;
-		hx509_revoke_init;
-		hx509_revoke_ocsp_print;
-		hx509_revoke_verify;
-		hx509_set_error_string;
-		hx509_set_error_stringv;
-		hx509_signature_md2;
-		hx509_signature_md5;
-		hx509_signature_rsa;
-		hx509_signature_rsa_with_md2;
-		hx509_signature_rsa_with_md5;
-		hx509_signature_rsa_with_sha1;
-		hx509_signature_rsa_with_sha256;
-		hx509_signature_rsa_with_sha384;
-		hx509_signature_rsa_with_sha512;
-		hx509_signature_sha1;
-		hx509_signature_sha256;
-		hx509_signature_sha384;
-		hx509_signature_sha512;
-		hx509_unparse_der_name;
-		hx509_validate_cert;
-		hx509_validate_ctx_add_flags;
-		hx509_validate_ctx_free;
-		hx509_validate_ctx_init;
-		hx509_validate_ctx_set_print;
-		hx509_verify_attach_anchors;
-		hx509_verify_attach_revoke;
-		hx509_verify_ctx_f_allow_default_trustanchors;
-		hx509_verify_destroy_ctx;
-		hx509_verify_hostname;
-		hx509_verify_init_ctx;
-		hx509_verify_path;
-		hx509_verify_set_max_depth;
-		hx509_verify_set_proxy_certificate;
-		hx509_verify_set_strict_rfc3280_verification;
-		hx509_verify_set_time;
-		hx509_verify_signature;
-		hx509_pem_write;
-		hx509_pem_add_header;
-		hx509_pem_find_header;
-		hx509_pem_free_header;
-		hx509_xfree;
-		_hx509_write_file;
-		_hx509_map_file;
-		_hx509_map_file_os;
-		_hx509_unmap_file;
-		_hx509_unmap_file_os;
-		_hx509_certs_keys_free;
-		_hx509_certs_keys_get;
-		_hx509_request_init;
-		_hx509_request_add_dns_name;
-		_hx509_request_add_email;
-		_hx509_request_get_name;
-		_hx509_request_set_name;
-		_hx509_request_set_email;
-		_hx509_request_get_SubjectPublicKeyInfo;
-		_hx509_request_set_SubjectPublicKeyInfo;
-		_hx509_request_to_pkcs10;
-		_hx509_request_to_pkcs10;
-		_hx509_request_free;
-		_hx509_request_print;
-		_hx509_request_parse;
-		_hx509_private_key_ref;
-		_hx509_private_key_free;
-		_hx509_private_key2SPKI;
-		_hx509_generate_private_key_init;
-		_hx509_generate_private_key_is_ca;
-		_hx509_generate_private_key_bits;
-		_hx509_generate_private_key;
-		_hx509_generate_private_key_free;
-		_hx509_cert_assign_key;
-		_hx509_cert_private_key;
-		_hx509_name_from_Name;
-		# pkcs11 symbols
-		C_GetFunctionList;
-	local:
-		*;
-};
-
diff --git a/crypto/heimdal/lib/kadm5/ChangeLog b/crypto/heimdal/lib/kadm5/ChangeLog
deleted file mode 100644
index 9b1235cf3082..000000000000
--- a/crypto/heimdal/lib/kadm5/ChangeLog
+++ /dev/null
@@ -1,1383 +0,0 @@
-2008-01-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* default_keys.c: Use hdb_free_keys().
-
-2008-01-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: add check-cracklib.pl, flush.c,
-	sample_passwd_check.c
-
-2007-12-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* use hdb_db_dir() and hdb_default_db()
-
-2007-10-18  Love  <lha@stacken.kth.se>
-
-	* init_c.c: We are getting default_client, not client. this way
-	the user can override the result.
-	
-2007-09-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* iprop.8: fix spelling, From Antoine Jacoutt.
-
-2007-08-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* version-script.map: export _kadm5_unmarshal_params,
-	_kadm5_acl_check_permission
-
-	* version-script.map: export kadm5_log_ symbols.
-
-	* log.c: Unexport the specific log replay operations.
-	
-2007-08-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: build sample_passwd_check.la as part of noinst.
-
-	* sample_passwd_check.c: Add missing prototype for check_length().
-
-2007-08-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* log.c: Sprinkle krb5_set_error_string().
-
-	* ipropd_slave.c: Provide better error why kadm5_log_replay
-	failed.
-
-2007-08-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ipropd_master.c: - don't push whole database to the new client
-	every time.  - make slaves get the whole new database if they have
-	a newer log the the master (and thus have them go back in time).
-
-2007-08-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ipropd_slave.c: make more sane.
-
-	* ipropd_slave.c: more paranoid check that the log entires are
-	self consistant
-
-	* log.c (kadm5_log_foreach): check that the postamble contains the
-	right data.
-
-	* ipropd_master.c: Sprinkle more info about what versions the
-	master thinks about the client versions.
-
-	* ipropd_master.c: Start the server at the current version, not 0.
-
-2007-08-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ipropd_master.c: Add more logging, to figure out what is
-	happening in the master.
-
-2007-08-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: add version-script for libkadm5srv.la
-
-	* version-script.map: version script fro kadm5 server libary.
-
-	* log.c: only free the orignal entries extentions if there was
-	any.  Bug reported by Peter Meinecke.
-
-	* add configuration for signal file and acl file, let user select
-	hostname, catch signals and print why we are quiting, make nop
-	cause one new version, not two
-
-2007-07-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ipropd_master.c (send_diffs): make current slave's version
-	uptodate when diff have been sent.
-	
-2007-07-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ipropd_slave.c: More comments and some more error checking.
-	
-2007-07-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* init_c.c (get_cache_principal): make sure id is reset if we
-	fail. From Benjamin Bennet.
-
-2007-07-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* context_s.c (find_db_spec): match realm-less as the default
-	realm.
-
-	* Makefile.am: New library version.
-
-2007-07-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* context_s.c: Use hdb_get_dbinfo to pick up configuration.
-	ctx->config.realm can be NULL, check for that, from Bjorn S.
-	
-2007-07-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* init_c.c: Try harder to use the right principal.
-
-2007-06-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ipropd_slave.c: Catch return value from krb5_program_setup. From
-	Steven Luo.
-	
-2007-05-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* delete_s.c: Write log entry after store is successful, rename
-	out goto statments.
-
-	* randkey_s.c: Write log entry after store is successful.
-
-	* modify_s.c: Write log entry after store is successful.
-
-	* rename_s.c: indent.
-
-	* chpass_s.c: Write log entry after store is successful.
-
-	* create_s.c: Write log entry after store is successful.
-	
-2007-05-07  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* iprop-commands.in: Add default values to make this working
-	again.
-
-	* iprop-log.c (iprop_replay): create the database with more
-	liberal mode.
-
-	* log.c: make it slightly more working.
-
-	* iprop-log.8: Document last-version.
-
-	* iprop-log.c: (last_version): print last version of the log.
-	
-	* iprop-commands.in: new command last-version: print last version
-	of the log.
-
-	* log.c (kadm5_log_previous): document assumptions and make less
-	broken.  Bug report from Ronny Blomme.
-	
-2007-02-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* admin.h: add support to get aliases
-
-	* get_s.c: add support to get aliases
-
-2007-02-11  David Love  <fx@gnu.org>
-
-	* iprop-log.8: Small fixes, from David Love.
-	
-2006-12-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* init_c.c: if the user have a kadmin/admin initial ticket, don't
-	ask for password, just use the credential instead.
-	
-2006-12-06  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ipropd_master.c: Use strcspn to remove \n from string returned
-	by fgets.  From Bj�rn Sandell
-	
-2006-11-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* init_c.c (kadm_connect): clear error string before trying to
-	print a errno, this way we don't pick up a random failure code
-	
-2006-11-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ipropd_slave.c: Make krb5_get_init_creds_opt_free take a context
-	argument.
-
-	* init_c.c: Make krb5_get_init_creds_opt_free take a context
-	argument.
-	
-2006-10-22  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ent_setup.c: Try to not leak memory.
-	
-2006-10-07  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: split build files into dist_ and noinst_ SOURCES
-	
-2006-08-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* get_s.c: Add KRB5_KDB_ALLOW_DIGEST
-
-	* ent_setup.c: Add KRB5_KDB_ALLOW_DIGEST
-
-	* admin.h: Add KRB5_KDB_ALLOW_DIGEST
-	
-2006-06-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-cracklib.pl: Add password reuse checking. From Harald
-	Barth.
-	
-2006-06-14  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ent_setup.c (attr_to_flags): Add KRB5_KDB_ALLOW_KERBEROS4
-
-	* get_s.c (kadm5_s_get_principal): Add KRB5_KDB_ALLOW_KERBEROS4
-
-	* admin.h: Add KRB5_KDB_ALLOW_KERBEROS4
-	
-2006-06-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ent_setup.c (attr_to_flags): Add KRB5_KDB_TRUSTED_FOR_DELEGATION
-
-2006-05-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* password_quality.c (kadm5_check_password_quality): set error
-	message in context.
-	
-2006-05-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* iprop-log.c: Avoid shadowing.
-
-	* rename_s.c: Avoid shadowing.
-
-2006-05-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* privs_c.c (kadm5_c_get_privs): privs is a uint32_t, let copy it
-	that way.
-	
-2006-05-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Rename u_intXX_t to uintXX_t
-
-2006-04-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* chpass_s.c,delete_s.c,get_s.c,log.c,modify_s.c,randkey_s.c,rename_s.c:
-	Pass in HDB_F_GET_ANY to all ->hdb fetch to hint what entries we are looking for
-
-	* send_recv.c: set and clear error string
-
-	* rename_s.c: Break out the that we request from principal from
-	the entry and pass it in as a separate argument.
-
-	* randkey_s.c: Break out the that we request from principal from
-	the entry and pass it in as a separate argument.
-
-	* modify_s.c: Break out the that we request from principal from
-	the entry and pass it in as a separate argument.
-
-	* log.c: Break out the that we request from principal from the
-	entry and pass it in as a separate argument.
-
-	* get_s.c: Break out the that we request from principal from the
-	entry and pass it in as a separate argument.
-
-	* delete_s.c: Break out the that we request from principal from
-	the entry and pass it in as a separate argument.
-
-	* chpass_s.c: Break out the that we request from principal from
-	the entry and pass it in as a separate argument.
-	
-2006-04-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* create_s.c (create_principal*): If client doesn't send kvno,
-	make sure to set it to 1.
-	
-2006-04-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* log.c: (kadm5_log_rename): handle errors better
-	Fixes Coverity, NetBSD CID#628
-
-	* log.c (kadm5_log_delete): add error handling Coverity, NetBSD
-	CID#626
-	(kadm5_log_modify): add error handling Coverity, NetBSD CID#627
-
-	* init_c.c (_kadm5_c_get_cred_cache): handle ccache case better in
-	case no client name was passed in. Coverity, NetBSD CID#919
-	
-	* init_c.c (_kadm5_c_get_cred_cache): Free client principal in
-	case of error. Coverity NetBSD CID#1908
-	
-2006-02-02  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kadm5_err.et: (PASS_REUSE): Spelling, 
-	from V�clav H?la <ax@natur.cuni.cz>
-	
-2006-01-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* send_recv.c: Clear error-string when introducing new errors.
-
-	* *_c.c: Clear error-string when introducing new errors.
-	
-2006-01-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am (libkadm5clnt.la) doesn't depend on libhdb, remove
-	dependency
-	
-2005-12-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* memset hdb_entry_ex before use
-	
-2005-12-12  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Wrap hdb_entry with hdb_entry_ex, patch originally 
-	from Andrew Bartlet
-
-2005-11-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* context_s.c (set_field): try another way to calculate the path
-	to the database/logfile/signal-socket
-
-	* log.c (kadm5_log_init): set error string on failures
-	
-2005-09-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Constify password.
-
-	* admin.h: Add KRB5_TL_PKINIT_ACL.
-	
-	* marshall.c (_kadm5_unmarshal_params): avoid signed-ness warnings
-	
-	* get_s.c (kadm5_s_get_principal): clear error string
-	
-2005-08-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* iprop-log.8: More text about iprop-log.
-	
-2005-08-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* iprop.8: SEE ALSO iprop-log.
-
-	* Makefile.am: man_MANS += iprop-log.8
-
-	* iprop-log.8: Basic for documentation of iprop-log.
-	
-	* remove replay_log.c, dump_log.c, and truncate_log.c, folded into
-	iprop-log.
-
-	* log.c (kadm5_log_foreach): add a context variable and pass it
-	down to `func�.
-
-	* iprop-commands.in: Move truncate_log and replay_log into
-	iprop-log.
-
-	* iprop-log.c: Move truncate_log and replay_log into iprop-log.
-	
-	* Makefile.am: Move truncate_log and replay_log into iprop-log.
-	
-	* Makefile.am: Make this work with a clean directory.
-
-	* ipropd_master.c: Make compile.
-
-	* ipropd_master.c: Update to new signature of kadm5_log_previous.
-
-	* log.c (kadm5_log_previous): catch errors instead of asserting
-	and set error string.
-
-	* iprop-commands.in: New program iprop-log that incorperates
-	dump_log as a subcommand, truncate_log and replay_log soon to come
-	after.
-	
-	* iprop-log.c: New program iprop-log that incorperates dump_log as
-	a subcommand, truncate_log and replay_log soon to come after.
-
-	* Makefile.am: New program iprop-log that incorperates dump_log as
-	a subcommand, truncate_log and replay_log soon to come after.
-	
-2005-08-11 Love H�rnquist �strand  <lha@it.su.se>
-
-	* get_s.c: Implement KADM5_LAST_PWD_CHANGE.
-	
-	* set_keys.c: Set and clear password where appropriate.
-
-	* randkey_s.c: Operation modifies tl_data.
-
-	* log.c (kadm5_log_replay_modify): Check return values of
-	malloc(), replace all extensions.
-
-	* kadm5_err.et: Make BAD_TL_TYPE error more helpful.
-
-	* get_s.c: Expose KADM5_TL_DATA options to the client.
-
-	* ent_setup.c: Merge in KADM5_TL_DATA in the database.
-
-	* chpass_s.c: Operations modify extensions, mark that with
-	TL_DATA.
-
-	* admin.h: Add more TL types (password and extension).
-
-2005-06-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* constify
-
-	* ipropd_slave.c: avoid shadowing
-
-	* ipropd_master.c: rename local variable slave to s, optind ->
-	optidx
-
-	* get_princs_c.c: rename variable exp to expression
-	
-	* ad.c: rename variable exp to expression
-
-	* log.c: rename shadowing len to num
-	
-	* get_princs_s.c: rename variable exp to expression
-
-	* context_s.c: const poison
-
-	* common_glue.c: rename variable exp to expression
-
-2005-05-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ent_setup.c (attr_to_flags): check for KRB5_KDB_OK_AS_DELEGATE
-	
-	* get_s.c (kadm5_s_get_principal): set KRB5_KDB_OK_AS_DELEGATE
-
-	* admin.h: add KRB5_KDB_OK_AS_DELEGATE, sync KRB5_TL_ flags
-
-2005-05-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kadm5_pwcheck.3: please mdoclint
-
-2005-05-25  Dave Love  <fx@gnu.org>
-
-	* kadm5_pwcheck.3: document kadm5_add_passwd_quality_verifier,
-	improve text
-
-2005-05-24  Dave Love  <fx@gnu.org>
-
-	* iprop.8: Added some info about defaults, fixed some markup.
-	
-2005-05-23  Dave Love  <fx@gnu.org>
-
-	* ipropd_slave.c: Don't test HAVE_DAEMON since roken supplies it.
-
-	* ipropd_master.c: Don't test HAVE_DAEMON since roken supplies it.
-
-2005-05-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* init_c.c (_kadm5_c_init_context): fix memory leak in case of
-	failure
-
-2005-05-09  Dave Love  <fx@gnu.org>
-
-	* password_quality.c (find_func): Fix off-by-one and logic error.
-	(external_passwd_quality): Improve messages.
-
-	* test_pw_quality.c (main): Call kadm5_setup_passwd_quality_check
-	and kadm5_add_passwd_quality_verifier.
-
-2005-04-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* default_keys.c: #include <err.h>, only print salt it its longer
-	then 0, use krb5_err instead of errx where appropriate
-	
-2005-04-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ipropd_slave.c: add the documented option --port
-
-	* ipropd_master.c: add the documented option --port
-	
-	* dump_log.c: use the newly generated units function
-
-2005-04-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* dump_log.c: use strlcpy
-	
-	* password_quality.c: don't use sizeof(pointer)
-	
-2005-04-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-cracklib.pl: external password verifier sample
-
-	* password_quality.c (kadm5_add_passwd_quality_verifier): if NULL
-	is passed in, load defaults
-
-2005-04-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* password_quality.c: add an end tag to the external password
-	quality check protocol
-
-2005-04-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* password_quality.c: add external passsword quality check builtin
-	module
-	
-	[password_quality]
-		policies = external-check
-		external-program = /bin/false
-	
-	To approve password a, make the test program return APPROVED on
-	stderr and fail with exit code 0.
-	
-2004-10-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: bump version to 7:7:0 and 6:5:2
-	
-	* default_keys.c (parse_file): use hdb_generate_key_set
-	
-	* keys.c,set_keys.c: Move keyset parsing and password based keyset
-	generation into hdb.  Requested by Andrew Bartlett <abartlet@samba.org>
-	for hdb-ldb backend.
-	
-2004-09-23  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ipropd_master.c: add help strings to some options
-	
-2004-09-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* chpass_s.c: deal with changed prototype for _kadm5_free_keys
-	
-	* keys.c (_kadm5_free_keys): change prototype, make it use
-	krb5_context instead of a kadm5_server_context
-	
-	* set_keys.c (parse_key_set): do way with static returning
-	(function) static variable and returned allocated memory
-	(_kadm5_generate_key_set): free enctypes returned by parse_key_set
-
-2004-09-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* set_keys.c: Fix memory leak, don't return stack variables From
-	Andrew Bartlett
-	
-	* set_keys.c: make all_etypes const and move outside function to
-	avoid returning data on stack
-	
-2004-08-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* acl.c (fetch_acl): use " \t\n" instead of just "\n" for the
-	delim of the third element, this is so we can match
-	"foo@REALM<SPC>all<SPC><SPC>*@REALM", before it just matched
-	"foo@REALM<SPC>all<SPC>*@REALM", but that is kind of lucky since
-	what really happen was that the last <SPC> was stamped out, and
-	the it never strtok_r never needed to parse over it.
-	
-2004-08-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* set_keys.c (_kadm5_generate_key_set): since arcfour-hmac-md5 is
-	without salting, some people tries to add the string
-	"arcfour-hmac-md5" when they really should have used
-	"arcfour-hmac-md5:pw-salt", help them and add glue for that
-	
-2004-08-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ipropd_slave.c: add --detach
-
-2004-07-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ad.c: use new tsasl interface remove debug printf add upn to
-	computer-accounts
-	
-2004-06-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ad.c: implement kadm5_ad_init_with_password_ctx set more error
-	strings
-	
-2004-06-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: man_MANS = kadm5_pwcheck.3
-	
-	* kadm5_pwcheck.3: document new password quality api
-	
-	* password_quality.c: new password check interface (old still
-	supported)
-	
-	* kadm5-pwcheck.h: new password check interface
-	
-2004-06-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ipropd_master.c (main): process all slaves, not just up to the
-	last slave sending data
-	(bug report from Bj�rn Sandell <biorn@dce.chalmers.se>)
-	(*): only send one ARE_YOU_THERE
-
-2004-06-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ad.c: use krb5_set_password_using_ccache
-	
-2004-06-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ad.c: try handle spn's better
-	
-2004-05-31  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ad.c: add expiration time
-	
-	* ad.c: add modify operations
-	
-	* ad.c: handle create and delete
-	
-2004-05-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ad.c: more code for get, handle attributes
-	
-	* ad.c: more code for get, handle time stamps and bad password
-	counter
-
-	* ad.c: more code for get, only fetches kvno for now
-	
-2004-05-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ad.c: add support for tsasl
-	
-	* private.h: add kadm5_ad_context
-	
-	* ipropd_master.c (prop_one): store the opcode in the begining of
-	the blob, not the end
-	
-	* ad.c: try all ldap servers in dns, generate a random password,
-	base64(random_block(64)), XXX must make it support other then
-	ARCFOUR
-	
-	* ad.c: framework for windows AD backend
-	
-2004-03-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* create_s.c (kadm5_s_create_principal): remove old XXX command
-	and related code, _kadm5_set_keys will do all this now
-	
-2004-02-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* set_keys.c (_kadm5_set_keys_randomly): make sure enctype to copy
-	enctype for des keys From: Andrew Bartlett <abartlet@samba.org>
-	
-	* create_s.c (kadm5_s_create_principal_with_key): don't call
-	_kadm5_set_keys2, create_principal will do that for us. Set kvno
-	to 1.
-
-	* chpass_s.c (change): bump kvno
-	(kadm5_s_chpass_principal_with_key): bump kvno
-
-	* randkey_s.c (kadm5_s_randkey_principal): bump kvno
-	
-	* set_keys.c (_kadm5_set_*): don't change the kvno, let the callee
-	to that
-
-2003-12-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* chpass_s.c (change): fix same-password-again by decrypting keys
-	and setting an error code From: Buck Huppmann <buckh@pobox.com>
-	
-2003-12-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* init_c.c (_kadm5_c_init_context): catch errors from strdup and
-	other krb5_ functions
-
-2003-12-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* rename_s.c (kadm5_s_rename_principal): allow principal to change
-	realm From Panasas Inc
-	
-2003-12-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* destroy_c.c (kadm5_c_destroy): fix memory leaks, From Panasas,
-	Inc
-
-2003-11-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* iprop.h: don't include <krb5-private.h>
-	
-	* ipropd_slave.c: stop using krb5 lib private byte-frobbing
-	functions and replace them with with krb5_storage
-	
-	* ipropd_master.c: stop using krb5 lib private byte-frobbing
-	functions and replace them with with krb5_storage
-	
-2003-11-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ipropd_slave.c (receive_loop): when seeking over the entries we
-	already have, skip over the trailer.  From: Jeffrey Hutzelman
-	<jhutz@cmu.edu>
-
-	* dump_log.c,ipropd_master.c,ipropd_slave.c,
-	replay_log.c,truncate_log.c: parse kdc.conf
-	From: Jeffrey Hutzelman <jhutz@cmu.edu>
-
-2003-10-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: += test_pw_quality
-	
-	* test_pw_quality.c: test program for verifying password quality
-	function
-
-2003-09-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: add and enable check program default_keys
-	
-	* default_keys.c: test program for _kadm5_generate_key_set
-	
-	* init_c.c: use
-	krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free
-
-2003-08-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* set_keys.c (_kadm5_set_keys_randomly): remove dup return
-	
-	* ipropd_master.c (main): make sure current_version is initialized
-	
-2003-08-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* set_keys.c: use default_keys for the both random keys and
-	password derived keys if its defined
-	
-2003-07-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ipropd_slave.c (receive_everything): switch close and rename
-	From: Alf Wachsmann <alfw@SLAC.Stanford.EDU>
-	
-2003-07-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* iprop.h, ipropd_master.c, ipropd_slave.c:
-	Add probing from the server that the client is still there, also
-	make the client check that the server is probing.
-
-2003-07-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* truncate_log.c (main): add missing ``if (ret)''
-	
-2003-06-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* set_keys.c (make_keys): add AES support
-	
-	* set_keys.c: fix off by one in the aes case, pointed out by Ken
-	Raeburn
-
-2003-04-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* set_keys.c (_kadm5_set_keys_randomly): add
-	ETYPE_AES256_CTS_HMAC_SHA1_96 key when configuried with aes
-	support
-
-2003-04-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* send_recv.c: check return values from krb5_data_alloc
-	* log.c: check return values from krb5_data_alloc
-	
-2003-04-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* dump_log.c (print_entry): check return values from
-	krb5_data_alloc
-
-2003-04-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* init_c.c (kadm_connect): if a context realm was passed in, use
-	that to form the kadmin/admin principal
-	
-2003-03-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ipropd_master.c (main): make sure we don't consider dead slave
-	for select processing
-	(write_stats): use slave_stats_file variable, 
-	check return value of strftime
-	(args): allow specifying slave stats file
-	(slave_dead): close the fd when the slave dies
-
-2002-10-21  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ipropd_slave.c (from Derrick Brashear): Propagating a large
-	database without this means the slave kdcs can get erroneous
-	HDB_NOENTRY and return the resulting errors. This creates a new db
-	handle, populates it, and moves it into place.
-
-2002-08-26  Assar Westerlund  <assar@kth.se>
-
-	* ipropd_slave.c (receive_everything): type-correctness calling
-	_krb5_get_int
-
-	* context_s.c (find_db_spec): const-correctness in parameters to
-	krb5_config_get_next
-
-2002-08-16  Johan Danielsson  <joda@pdc.kth.se>
-
-	* private.h: rename header file flag macro
-
-	* Makefile.am: generate kadm5-{protos,private}.h
-
-2002-08-15  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ipropd_master.c: check return value of krb5_sockaddr2address
-
-2002-07-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ipropd_master.c: handle slaves that come and go; add status
-	reporting (both from Love)
-
-	* iprop.h: KADM5_SLAVE_STATS
-
-2002-03-25  Jacques Vidrine  <n@nectar.com>
-
-	* init_c.c (get_cred_cache): bug fix: the default credentials
-	cache was not being used if a client name was specified.
-
-2002-03-25  Johan Danielsson  <joda@pdc.kth.se>
-
-	* init_c.c (get_cred_cache): when getting the default_client from
-	the cred cache, make sure the instance part is "admin"; this
-	should require fewer uses of -p
-
-2002-03-11  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkadm5srv_la_LDFLAGS): set version to 7:5:0
-	(libkadm5clnt_la_LDFLAGS): set version to 6:3:2
-
-2002-02-08  Johan Danielsson  <joda@pdc.kth.se>
-
-	* init_c.c: we have to create our own param struct before
-	marshaling
-
-2001-09-05  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: link with LIB_pidfile
-
-	* iprop.h: include util.h for pidfile
-
-2001-08-31  Assar Westerlund  <assar@sics.se>
-
-	* ipropd_slave.c (main): syslog with the correct name
-
-2001-08-30  Jacques Vidrine <n@nectar.com>
-
-	* ipropd_slave.c, ipropd_master.c (main): call pidfile
-
-2001-08-28  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkadm5srv_la_LDFLAGS): set version to 7:4:0
-
-2001-08-24  Assar Westerlund  <assar@sics.se>
-
-	* acl.c (fetch_acl): do not return bogus flags and re-organize
-	function
-
-	* Makefile.am: rename variable name to avoid error from current
-	automake
-
-2001-08-13  Johan Danielsson  <joda@pdc.kth.se>
-
-	* set_keys.c: add easier afs configuration, defaulting to the
-	local realm in lower case; also try to remove duplicate salts
-
-2001-07-12  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: add required library dependencies
-
-2001-07-03  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkadm5clnt_la_LDFLAGS): set version to 6:2:2
-
-2001-06-29  Johan Danielsson  <joda@pdc.kth.se>
-
-	* init_c.c: call krb5_get_init_creds_opt_set_default_flags
-
-2001-02-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* replay_log.c: add --{start-end}-version flags to replay just
-	part of the log
-
-2001-02-15  Assar Westerlund  <assar@sics.se>
-
-	* ipropd_master.c (main): fix select-loop to decrement ret
-	correctly.  from "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu>
-
-2001-01-30  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump versions
-
-2000-12-31  Assar Westerlund  <assar@sics.se>
-
-	* init_s.c (*): handle krb5_init_context failure consistently
-	* init_c.c (init_context): handle krb5_init_context failure
-	consistently
-
-2000-12-11  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkadm5srv_la_LDFLAGS): bump version to 7:2:0
-
-2000-11-16  Assar Westerlund  <assar@sics.se>
-
-	* set_keys.c (make_keys): clean-up salting loop and try not to
-	leak memory
-
-	* ipropd_master.c (main): check for fd's being too large to select
-	on
-
-2000-08-16  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkadm5srv_la_LDFLAGS): bump version to 7:1:0
-
-2000-08-10  Assar Westerlund  <assar@sics.se>
-
-	* acl.c (fetch_acl): fix wrong cases, use krb5_principal_match
-
-2000-08-07  Assar Westerlund  <assar@sics.se>
-
-	* ipropd_master.c (main): ignore SIGPIPE
-
-2000-08-06  Assar Westerlund  <assar@sics.se>
-
-	* ipropd_slave.c (receive_everything): make `fd' an int instead of
-	a pointer.  From Derrick J Brashear <shadow@dementia.org>
-
-2000-08-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* admin.h: change void** to void*
-
-2000-07-25  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: bump versions to 7:0:0 and 6:0:2
-
-2000-07-24  Assar Westerlund  <assar@sics.se>
-
-	* log.c (kadm5_log_get_version): rename kadm5_log_get_version_fd
-	and make a new that takes a context
-	(kadm5_log_nop): add logging of missing lengths
-	(kadm5_log_truncate): new function
-
-	* dump_log.c (print_entry): update and correct
-	* randkey_s.c: call _kadm5_bump_pw_expire
-	* truncate_log.c: new program for truncating the log
-	* Makefile.am (sbin_PROGRAMS): add truncate_log
-	(C_SOURCES): add bump_pw_expire.c
-	* bump_pw_expire.c: new function for extending password expiration
-
-2000-07-22  Assar Westerlund  <assar@sics.se>
-
-	* keys.c: new file with _kadm5_free_keys, _kadm5_init_keys
-
-	* set_keys.c (free_keys, init_keys): elevate to internal kadm5
-	functions
-
-	* chpass_s.c (kadm5_s_chpass_principal_cond): new function
-	* Makefile.am (C_SOURCES): add keys.c
-	* init_c.c: remove unused variable and handle some parameters
-	being NULL
-
-2000-07-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ipropd_slave.c: use krb5_read_priv_message
-
-	* ipropd_master.c: use krb5_{read,write}_priv_message
-
-	* init_c.c: use krb5_write_priv_message
-
-2000-07-11  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ipropd_slave.c: no need to call gethostname, since
-	sname_to_principal will
-
-	* send_recv.c: assert that we have a connected socket
-
-	* get_princs_c.c: call _kadm5_connect
-
-	* rename_c.c: call _kadm5_connect
-
-	* randkey_c.c: call _kadm5_connect
-
-	* privs_c.c: call _kadm5_connect
-
-	* modify_c.c: call _kadm5_connect
-
-	* get_c.c: call _kadm5_connect
-
-	* delete_c.c: call _kadm5_connect
-
-	* create_c.c: call _kadm5_connect
-
-	* chpass_c.c: call _kadm5_connect
-
-	* private.h: add more fields to client context; remove prototypes
-
-	* admin.h: remove prototypes
-
-	* kadm5-protos.h: move public prototypes here
-
-	* kadm5-private.h: move private prototypes here
-
-	* init_c.c: break out connection code to separate function, and
-	defer calling it until we actually do something
-
-2000-07-07  Assar Westerlund  <assar@sics.se>
-
-	* set_keys.c (make_keys): also support `[kadmin]use_v4_salt' for
-	backwards compatability
-
-2000-06-26  Johan Danielsson  <joda@pdc.kth.se>
-
-	* set_keys.c (_kadm5_set_keys): rewrite this to be more easily
-	adaptable to different salts
-	
-2000-06-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* get_s.c: pa_* -> KRB5_PADATA_*
-
-2000-06-16  Assar Westerlund  <assar@sics.se>
-
-	* ipropd_slave.c: change default keytab to default keytab (as in
-	typically FILE:/etc/krb5.keytab)
-
-2000-06-08  Assar Westerlund  <assar@sics.se>
-
-	* ipropd_slave.c: bug fixes, for actually writing the full dump to
-	the database.  based on a patch from Love <lha@stacken.kth.se>
-
-2000-06-07  Assar Westerlund  <assar@sics.se>
-
-	* acl.c: add support for patterns of principals
-	* log.c (kadm5_log_replay_create): handle more NULL pointers
-	(should they really happen?)
-	* log.c (kadm5_log_replay_modify): handle max_life == NULL and
-	max_renew == NULL
-
-	* ipropd_master.c: use syslog.  be less verbose
-	* ipropd_slave.c: use syslog
-
-2000-06-05  Assar Westerlund  <assar@sics.se>
-
-	* private.h (kadm_ops): add kadm_nop more prototypes
-	* log.c (kadm5_log_set_version, kadm5_log_reinit, kadm5_log_nop,
-	kadm5_log_replay_nop): add
-	* ipropd_slave.c: and some more improvements
-	* ipropd_master.c: lots of improvements
-	* iprop.h (IPROP_PORT, IPROP_SERVICE): add
-	(iprop_cmd): add new commands
-
-	* dump_log.c: add nop
-
-2000-05-15  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkadm5clnt_la_LDFLAGS): set version to 5:1:1
-
-2000-05-12  Assar Westerlund  <assar@sics.se>
-
-	* get_s.c (kadm5_s_get_principal): set life, rlife to INT_MAX as a
-	fallback.  handle not having any creator.
-	* destroy_s.c (kadm5_s_destroy): free all allocated memory
-	* context_s.c (set_field): free variable if it's already set
-	(find_db_spec): malloc space for all strings
-
-2000-04-05  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (LDADD): add LIB_openldap
-
-2000-04-03  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkadm5srv_la_LDFLAGS): set version to 6:0:1
-	(libkadm5clnt_la_LDFLAGS): set version to 5:0:1
-
-2000-03-24  Assar Westerlund  <assar@sics.se>
-
-	* set_keys.c (_kadm5_set_keys2): rewrite
-	(_kadm5_set_keys3): add
-
-	* private.h (struct kadm_func): add chpass_principal_with_key
-	* init_c.c (set_funcs): add chpass_principal_with_key
-
-2000-03-23  Assar Westerlund  <assar@sics.se>
-
-	* context_s.c (set_funcs): add chpass_principal_with_key
-	* common_glue.c (kadm5_chpass_principal_with_key): add
-	* chpass_s.c: comment-ize and change calling convention for
-	_kadm5_set_keys*
-	* chpass_c.c (kadm5_c_chpass_principal_with_key): add
-
-2000-02-07  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkadm5clnt_la_LDFLAGS): set version to 4:2:0
-
-2000-01-28  Assar Westerlund  <assar@sics.se>
-
-	* init_c.c (get_new_cache): make sure to request non-forwardable,
-	non-proxiable
-
-2000-01-06  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkadm5srv.la): bump version to 5:1:0
-
-	* context_s.c (_kadm5_s_init_context): handle params == NULL
-
-1999-12-26  Assar Westerlund  <assar@sics.se>
-
-	* get_s.c (kadm5_s_get_principal): handle modified_by->principal
- 	== NULL
-
-1999-12-20  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkadm5clnt_la_LDFLAGS): bump version to 4:1:0
-
-	* init_c.c (_kadm5_c_init_context): handle getting back port
- 	number from admin host
-	(kadm5_c_init_with_context): remove `proto/' part before doing
-	getaddrinfo()
-
-1999-12-06  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump version to 5:0:0 and 4:0:0
-
-	* init_c.c (kadm5_c_init_with_context): don't use unitialized
- 	stuff
-
-1999-12-04  Assar Westerlund  <assar@sics.se>
-
-	* replay_log.c: adapt to changed kadm5_log_foreach
-
-	* log.c (kadm5_log_foreach): change to take a
- 	`kadm5_server_context'
-
-	* init_c.c: use krb5_warn{,x}
-
-	* dump_log.c: adapt to changed kadm5_log_foreach
-
-	* init_c.c: re-write to use getaddrinfo
-	* Makefile.am (install-build-headers): add dependency
-	
-1999-12-03  Johan Danielsson  <joda@pdc.kth.se>
-
-	* log.c (kadm5_log_foreach): pass context
-
-	* dump_log.c: print more interesting things
-
-1999-12-02  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ipropd_master.c (process_msg): check for short reads
-
-1999-11-25  Assar Westerlund  <assar@sics.se>
-
-	* modify_s.c (kadm5_s_modify_principal): support key_data
-	(kadm5_s_modify_principal_with_key): remove
-
-	* admin.h (kadm5_s_modify_principal_with_key): remove
-
-1999-11-20  Assar Westerlund  <assar@sics.se>
-
-	* context_s.c (find_db_spec): ugly cast work-around.
-
-1999-11-14  Assar Westerlund  <assar@sics.se>
-
-	* context_s.c (_kadm5_s_init_context): call krb5_add_et_list so
- 	that we aren't dependent on the layout of krb5_context_data
-	* init_c.c (_kadm5_c_init_context): call krb5_add_et_list so that
- 	we aren't dependent on the layout of krb5_context_data
-
-1999-11-13  Assar Westerlund  <assar@sics.se>
-
-	* password_quality.c (kadm5_setup_passwd_quality_check): use
-	correct types for function pointers
-	
-1999-11-09  Johan Danielsson  <joda@pdc.kth.se>
-
-	* randkey_s.c: always bail out if the fetch fails
-
-	* admin.h (kadm5_config_params): remove fields we're not using
-
-	* ipropd_slave.c: allow passing a realm
-
-	* ipropd_master.c: allow passing a realm
-
-	* dump_log.c: allow passing a realm
-
-	* acl.c: correctly get acl file
-
-	* private.h (kadm5_server_context): add config_params struct and
-	remove acl_file; bump protocol version number
-
-	* marshall.c: marshalling of config parameters
-
-	* init_c.c (kadm5_c_init_with_context): try to cope with old
-	servers
-
-	* init_s.c (kadm5_s_init_with_context): actually use some passed
-	values
-
-	* context_s.c (_kadm5_s_init_context): get dbname, acl_file, and
-	stash_file from the config parameters, try to figure out these if
-	they're not provided
-
-1999-11-05  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (install-build-headers): use `cp' instead of
- 	INSTALL_DATA
-
-1999-11-04  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump version to 4:0:0 and 3:0:0 (they access fields
- 	directly in libkrb5's context - bad functions)
-
-	* set_keys.c (_kadm5_set_keys_randomly): set enctypes correctly in
- 	the copied keys
-
-1999-10-20  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version of kadm5srv to 3:0:2 (new password
- 	quality functions).
- 	set version of kdam5clnt to 2:1:1 (no interface changes)
-
-	* Makefile.am (LDADD): add $(LIB_dlopen)
-
-1999-10-17  Assar Westerlund  <assar@sics.se>
-
-	* randkey_s.c (kadm5_s_randkey_principal): use
- 	_kadm5_set_keys_randomly
-
-	* set_keys.c (free_keys): free more memory
-	(_kadm5_set_keys): a little bit more generic
-	(_kadm5_set_keys_randomly): new function for setting random keys.
-
-1999-10-14  Assar Westerlund  <assar@sics.se>
-
-	* set_keys.c (_kadm5_set_keys): ignore old keys when setting new
- 	ones and always add 3 DES keys and one 3DES key
-
-1999-10-03  Assar Westerlund  <assar@sics.se>
-
-	* init_c.c (_kadm5_c_init_context): use `krb5_get_krb_admin_hst'.
-  	check return value from strdup
-
-1999-09-26  Assar Westerlund  <assar@sics.se>
-
-	* acl.c (_kadm5_privs_to_string): forgot one strcpy_truncate ->
- 	strlcpy
-
-1999-09-24  Johan Danielsson  <joda@pdc.kth.se>
-
-	* dump_log.c: remove unused `optind'
-
-	* replay_log.c: remove unused `optind'
-
-1999-09-13  Assar Westerlund  <assar@sics.se>
-
-	* chpass_c.c (kadm5_c_chpass_principal): new _kadm5_client_recv
-
-	* send_recv.c (_kadm5_client_recv): return result in a `krb5_data'
- 	so that we avoid copying it and don't need to dimension in
- 	advance.  change all callers.
-
-1999-09-10  Assar Westerlund  <assar@sics.se>
-
-	* password_quality.c: new file
-
-	* admin.h
- 	(kadm5_setup_passwd_quality_check,kadm5_check_password_quality):
- 	add prototypes
-
-	* Makefile.am (S_SOURCES): add password_quality.c
-
-1999-07-26  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: update versions to 2:0:1
-
-1999-07-24  Assar Westerlund  <assar@sics.se>
-
-	* ent_setup.c (_kadm5_setup_entry): make princ_expire_time == 0
- 	and pw_expiration == 0 mean never
-
-1999-07-22  Assar Westerlund  <assar@sics.se>
-
-	* log.c (kadm5_log_flush): extra cast
-
-1999-07-07  Assar Westerlund  <assar@sics.se>
-
-	* marshall.c (store_principal_ent): encoding princ_expire_time and
- 	pw_expiration in correct order
-
-1999-06-28  Assar Westerlund  <assar@sics.se>
-
-	* randkey_s.c (kadm5_s_randkey_principal): nuke old mkvno,
- 	otherwise hdb will think that the new random keys are already
- 	encrypted which will cause lots of confusion later.
-
-1999-06-23  Assar Westerlund  <assar@sics.se>
-
-	* ent_setup.c (_kadm5_setup_entry): handle 0 == unlimited
- 	correctly.  From Michal Vocu <michal@karlin.mff.cuni.cz>
-
-1999-06-15  Assar Westerlund  <assar@sics.se>
-
-	* init_c.c (get_cred_cache): use get_default_username
-
-1999-05-23  Assar Westerlund  <assar@sics.se>
-
-	* create_s.c (create_principal): if there's no default entry the
-	mask should be zero.
-
-1999-05-21  Assar Westerlund  <assar@sics.se>
-
-	* init_c.c (get_cred_cache): use $USERNAME
-
-1999-05-17  Johan Danielsson  <joda@pdc.kth.se>
-
-	* init_c.c (get_cred_cache): figure out principal
-
-1999-05-05  Johan Danielsson  <joda@pdc.kth.se>
-
-	* send_recv.c: cleanup _kadm5_client_{send,recv}
-
-1999-05-04  Assar Westerlund  <assar@sics.se>
-
-	* set_keys.c (_kadm5_set_keys2): don't check the recently created
- 	memory for NULL pointers
-
-	* private.h (_kadm5_setup_entry): change prototype
-
-	* modify_s.c: call new _kadm5_setup_entry
-
-	* ent_setup.c (_kadm5_setup_entry): change so that it takes three
- 	masks, one for what bits to set and one for each of principal and
- 	def containing the bits that are set there.
-
-	* create_s.c: call new _kadm5_setup_entry
-
-	* create_s.c (get_default): check return value
-	(create_principal): send wider mask to _kadm5_setup_entry
-
-1999-05-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* send_recv.c (_kadm5_client_recv): handle arbitrarily sized
-	packets, check for errors
-
-	* get_c.c: check for failure from _kadm5_client_{send,recv}
-
-1999-05-04  Assar Westerlund  <assar@sics.se>
-
-	* init_c.c (get_new_cache): don't abort when interrupted from
- 	password prompt
-	
-	* destroy_c.c (kadm5_c_destroy): check if we should destroy the
- 	auth context
-
-1999-05-03  Johan Danielsson  <joda@pdc.kth.se>
-
-	* chpass_s.c: fix arguments to _kadm5_set_keys2
-
-	* private.h: proto
-
-	* set_keys.c: clear mkvno
-
-	* rename_s.c: add flags to fetch and store; seal keys before
-	logging
-
-	* randkey_s.c: add flags to fetch and store; seal keys before
-	logging
-
-	* modify_s.c: add flags to fetch and store; seal keys before
-	logging
-
-	* log.c: add flags to fetch and store; seal keys before logging
-
-	* get_s.c: add flags to fetch and store; seal keys before logging
-
-	* get_princs_s.c: add flags to fetch and store; seal keys before
-	logging
-
-	* delete_s.c: add flags to fetch and store; seal keys before
-	logging
-
-	* create_s.c: add flags to fetch and store; seal keys before
-	logging
-
-	* chpass_s.c: add flags to fetch and store; seal keys before
-	logging
-
-	* Makefile.am: remove server.c
-
-	* admin.h: add prototypes
-
-	* ent_setup.c (_kadm5_setup_entry): set key_data
-
-	* set_keys.c: add _kadm5_set_keys2 to sey keys from key_data
-
-	* modify_s.c: add kadm5_s_modify_principal_with_key
-
-	* create_s.c: add kadm5_s_create_principal_with_key
-
-	* chpass_s.c: add kadm5_s_chpass_principal_with_key
-
-	* kadm5_locl.h: move stuff to private.h
-
-	* private.h: move stuff from kadm5_locl.h
-	
diff --git a/crypto/heimdal/lib/kadm5/Makefile.am b/crypto/heimdal/lib/kadm5/Makefile.am
deleted file mode 100644
index 66ffd375c49a..000000000000
--- a/crypto/heimdal/lib/kadm5/Makefile.am
+++ /dev/null
@@ -1,192 +0,0 @@
-# $Id: Makefile.am 22403 2008-01-11 14:37:26Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-SLC = $(top_builddir)/lib/sl/slc
-
-lib_LTLIBRARIES = libkadm5srv.la libkadm5clnt.la
-libkadm5srv_la_LDFLAGS = -version-info 8:1:0
-libkadm5clnt_la_LDFLAGS = -version-info 7:1:0
-
-if versionscript
-libkadm5srv_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
-endif
-
-sbin_PROGRAMS = iprop-log
-check_PROGRAMS = default_keys
-noinst_PROGRAMS = test_pw_quality
-
-noinst_LTLIBRARIES = sample_passwd_check.la
-
-sample_passwd_check_la_SOURCES = sample_passwd_check.c
-sample_passwd_check_la_LDFLAGS = -module
-
-libkadm5srv_la_LIBADD = \
-	$(LIB_com_err) ../krb5/libkrb5.la \
-	../hdb/libhdb.la $(LIBADD_roken)
-libkadm5clnt_la_LIBADD = \
-	$(LIB_com_err) ../krb5/libkrb5.la $(LIBADD_roken)
-
-libexec_PROGRAMS = ipropd-master ipropd-slave
-
-default_keys_SOURCES = default_keys.c
-
-kadm5includedir = $(includedir)/kadm5
-buildkadm5include = $(buildinclude)/kadm5
-
-dist_kadm5include_HEADERS = admin.h private.h kadm5-protos.h kadm5-private.h
-nodist_kadm5include_HEADERS = kadm5_err.h
-
-install-build-headers:: $(dist_kadm5include_HEADERS) $(nodist_kadm5include_HEADERS)
-	@foo='$(dist_kadm5include_HEADERS) $(nodist_kadm5include_HEADERS)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildkadm5include)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo "cp $$file $(buildkadm5include)/$$f";\
-			cp $$file $(buildkadm5include)/$$f; \
-		fi ; \
-	done
-
-dist_libkadm5clnt_la_SOURCES =			\
-	ad.c					\
-	chpass_c.c				\
-	client_glue.c				\
-	common_glue.c				\
-	create_c.c				\
-	delete_c.c				\
-	destroy_c.c				\
-	flush_c.c				\
-	free.c					\
-	get_c.c					\
-	get_princs_c.c				\
-	init_c.c				\
-	kadm5_locl.h				\
-	marshall.c				\
-	modify_c.c				\
-	private.h				\
-	privs_c.c				\
-	randkey_c.c				\
-	rename_c.c				\
-	send_recv.c				\
-	kadm5-pwcheck.h				\
-	admin.h
-
-nodist_libkadm5clnt_la_SOURCES =		\
-	kadm5_err.c				\
-	kadm5_err.h
-
-dist_libkadm5srv_la_SOURCES =			\
-	acl.c					\
-	admin.h					\
-	bump_pw_expire.c			\
-	chpass_s.c				\
-	common_glue.c				\
-	context_s.c				\
-	create_s.c				\
-	delete_s.c				\
-	destroy_s.c				\
-	ent_setup.c				\
-	error.c					\
-	flush_s.c				\
-	free.c					\
-	get_princs_s.c				\
-	get_s.c					\
-	init_s.c				\
-	kadm5_locl.h				\
-	keys.c					\
-	log.c					\
-	marshall.c				\
-	modify_s.c				\
-	password_quality.c			\
-	private.h				\
-	privs_s.c				\
-	randkey_s.c				\
-	rename_s.c				\
-	server_glue.c				\
-	set_keys.c				\
-	set_modifier.c				\
-	kadm5-pwcheck.h				\
-	admin.h
-
-nodist_libkadm5srv_la_SOURCES = 		\
-	kadm5_err.c				\
-	kadm5_err.h
-
-dist_iprop_log_SOURCES = iprop-log.c
-nodist_iprop_log_SOURCES = iprop-commands.c
-
-ipropd_master_SOURCES = ipropd_master.c ipropd_common.c iprop.h kadm5_locl.h
-
-ipropd_slave_SOURCES = ipropd_slave.c ipropd_common.c iprop.h kadm5_locl.h
-
-man_MANS = kadm5_pwcheck.3 iprop.8 iprop-log.8
-
-LDADD = \
-	libkadm5srv.la \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(LIB_openldap) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_hcrypto) \
-	$(LIB_roken) \
-	$(DBLIB) \
-	$(LIB_dlopen) \
-	$(LIB_pidfile)
-
-iprop_log_LDADD = \
-	libkadm5srv.la \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(LIB_openldap) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/sl/libsl.la \
-	$(LIB_readline) \
-	$(LIB_roken) \
-	$(DBLIB) \
-	$(LIB_dlopen) \
-	$(LIB_pidfile)
-
-
-iprop-commands.c iprop-commands.h: iprop-commands.in
-	$(SLC) $(srcdir)/iprop-commands.in
-
-$(libkadm5srv_la_OBJECTS): kadm5_err.h
-$(iprop_log_OBJECTS): iprop-commands.h
-
-client_glue.lo server_glue.lo: $(srcdir)/common_glue.c
-
-CLEANFILES = kadm5_err.c kadm5_err.h iprop-commands.h iprop-commands.c
-
-# to help stupid solaris make
-
-kadm5_err.h: kadm5_err.et
-
-$(libkadm5clnt_la_OBJECTS) $(libkadm5srv_la_OBJECTS): $(srcdir)/kadm5-protos.h $(srcdir)/kadm5-private.h
-
-proto_opts = -q -R '^(_|kadm5_c_|kadm5_s_|kadm5_log)' -P comment
-$(srcdir)/kadm5-protos.h:
-	cd $(srcdir); perl ../../cf/make-proto.pl $(proto_opts) \
-		-o kadm5-protos.h \
-		$(dist_libkadm5clnt_la_SOURCES) \
-		$(dist_libkadm5srv_la_SOURCES) \
-		|| rm -f kadm5-protos.h
-
-$(srcdir)/kadm5-private.h:
-	cd $(srcdir); perl ../../cf/make-proto.pl $(proto_opts) \
-		-p kadm5-private.h \
-		$(dist_libkadm5clnt_la_SOURCES) \
-		$(dist_libkadm5srv_la_SOURCES) \
-		|| rm -f kadm5-private.h
-
-EXTRA_DIST = \
-	kadm5_err.et \
-	iprop-commands.in \
-	$(man_MANS) \
-	check-cracklib.pl \
-	flush.c \
-	sample_passwd_check.c \
-	version-script.map
diff --git a/crypto/heimdal/lib/kadm5/Makefile.in b/crypto/heimdal/lib/kadm5/Makefile.in
deleted file mode 100644
index 81f1ced3d9e9..000000000000
--- a/crypto/heimdal/lib/kadm5/Makefile.in
+++ /dev/null
@@ -1,1293 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 22403 2008-01-11 14:37:26Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(dist_kadm5include_HEADERS) $(srcdir)/Makefile.am \
-	$(srcdir)/Makefile.in $(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common ChangeLog
-@versionscript_TRUE@am__append_1 = $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
-sbin_PROGRAMS = iprop-log$(EXEEXT)
-check_PROGRAMS = default_keys$(EXEEXT)
-noinst_PROGRAMS = test_pw_quality$(EXEEXT)
-libexec_PROGRAMS = ipropd-master$(EXEEXT) ipropd-slave$(EXEEXT)
-subdir = lib/kadm5
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
-    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
-    *) f=$$p;; \
-  esac;
-am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
-am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(libexecdir)" \
-	"$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man3dir)" \
-	"$(DESTDIR)$(man8dir)" "$(DESTDIR)$(kadm5includedir)" \
-	"$(DESTDIR)$(kadm5includedir)"
-libLTLIBRARIES_INSTALL = $(INSTALL)
-LTLIBRARIES = $(lib_LTLIBRARIES) $(noinst_LTLIBRARIES)
-am__DEPENDENCIES_1 =
-libkadm5clnt_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \
-	../krb5/libkrb5.la $(am__DEPENDENCIES_1)
-dist_libkadm5clnt_la_OBJECTS = ad.lo chpass_c.lo client_glue.lo \
-	common_glue.lo create_c.lo delete_c.lo destroy_c.lo flush_c.lo \
-	free.lo get_c.lo get_princs_c.lo init_c.lo marshall.lo \
-	modify_c.lo privs_c.lo randkey_c.lo rename_c.lo send_recv.lo
-nodist_libkadm5clnt_la_OBJECTS = kadm5_err.lo
-libkadm5clnt_la_OBJECTS = $(dist_libkadm5clnt_la_OBJECTS) \
-	$(nodist_libkadm5clnt_la_OBJECTS)
-libkadm5clnt_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(libkadm5clnt_la_LDFLAGS) $(LDFLAGS) -o $@
-libkadm5srv_la_DEPENDENCIES = $(am__DEPENDENCIES_1) ../krb5/libkrb5.la \
-	../hdb/libhdb.la $(am__DEPENDENCIES_1)
-dist_libkadm5srv_la_OBJECTS = acl.lo bump_pw_expire.lo chpass_s.lo \
-	common_glue.lo context_s.lo create_s.lo delete_s.lo \
-	destroy_s.lo ent_setup.lo error.lo flush_s.lo free.lo \
-	get_princs_s.lo get_s.lo init_s.lo keys.lo log.lo marshall.lo \
-	modify_s.lo password_quality.lo privs_s.lo randkey_s.lo \
-	rename_s.lo server_glue.lo set_keys.lo set_modifier.lo
-nodist_libkadm5srv_la_OBJECTS = kadm5_err.lo
-libkadm5srv_la_OBJECTS = $(dist_libkadm5srv_la_OBJECTS) \
-	$(nodist_libkadm5srv_la_OBJECTS)
-libkadm5srv_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(libkadm5srv_la_LDFLAGS) $(LDFLAGS) -o $@
-sample_passwd_check_la_LIBADD =
-am_sample_passwd_check_la_OBJECTS = sample_passwd_check.lo
-sample_passwd_check_la_OBJECTS = $(am_sample_passwd_check_la_OBJECTS)
-sample_passwd_check_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(sample_passwd_check_la_LDFLAGS) $(LDFLAGS) -o $@
-libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-PROGRAMS = $(libexec_PROGRAMS) $(noinst_PROGRAMS) $(sbin_PROGRAMS)
-am_default_keys_OBJECTS = default_keys.$(OBJEXT)
-default_keys_OBJECTS = $(am_default_keys_OBJECTS)
-default_keys_LDADD = $(LDADD)
-default_keys_DEPENDENCIES = libkadm5srv.la \
-	$(top_builddir)/lib/hdb/libhdb.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
-dist_iprop_log_OBJECTS = iprop-log.$(OBJEXT)
-nodist_iprop_log_OBJECTS = iprop-commands.$(OBJEXT)
-iprop_log_OBJECTS = $(dist_iprop_log_OBJECTS) \
-	$(nodist_iprop_log_OBJECTS)
-iprop_log_DEPENDENCIES = libkadm5srv.la \
-	$(top_builddir)/lib/hdb/libhdb.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/sl/libsl.la $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
-am_ipropd_master_OBJECTS = ipropd_master.$(OBJEXT) \
-	ipropd_common.$(OBJEXT)
-ipropd_master_OBJECTS = $(am_ipropd_master_OBJECTS)
-ipropd_master_LDADD = $(LDADD)
-ipropd_master_DEPENDENCIES = libkadm5srv.la \
-	$(top_builddir)/lib/hdb/libhdb.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
-am_ipropd_slave_OBJECTS = ipropd_slave.$(OBJEXT) \
-	ipropd_common.$(OBJEXT)
-ipropd_slave_OBJECTS = $(am_ipropd_slave_OBJECTS)
-ipropd_slave_LDADD = $(LDADD)
-ipropd_slave_DEPENDENCIES = libkadm5srv.la \
-	$(top_builddir)/lib/hdb/libhdb.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
-test_pw_quality_SOURCES = test_pw_quality.c
-test_pw_quality_OBJECTS = test_pw_quality.$(OBJEXT)
-test_pw_quality_LDADD = $(LDADD)
-test_pw_quality_DEPENDENCIES = libkadm5srv.la \
-	$(top_builddir)/lib/hdb/libhdb.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-SOURCES = $(dist_libkadm5clnt_la_SOURCES) \
-	$(nodist_libkadm5clnt_la_SOURCES) \
-	$(dist_libkadm5srv_la_SOURCES) \
-	$(nodist_libkadm5srv_la_SOURCES) \
-	$(sample_passwd_check_la_SOURCES) $(default_keys_SOURCES) \
-	$(dist_iprop_log_SOURCES) $(nodist_iprop_log_SOURCES) \
-	$(ipropd_master_SOURCES) $(ipropd_slave_SOURCES) \
-	test_pw_quality.c
-DIST_SOURCES = $(dist_libkadm5clnt_la_SOURCES) \
-	$(dist_libkadm5srv_la_SOURCES) \
-	$(sample_passwd_check_la_SOURCES) $(default_keys_SOURCES) \
-	$(dist_iprop_log_SOURCES) $(ipropd_master_SOURCES) \
-	$(ipropd_slave_SOURCES) test_pw_quality.c
-man3dir = $(mandir)/man3
-man8dir = $(mandir)/man8
-MANS = $(man_MANS)
-dist_kadm5includeHEADERS_INSTALL = $(INSTALL_HEADER)
-nodist_kadm5includeHEADERS_INSTALL = $(INSTALL_HEADER)
-HEADERS = $(dist_kadm5include_HEADERS) $(nodist_kadm5include_HEADERS)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-SLC = $(top_builddir)/lib/sl/slc
-lib_LTLIBRARIES = libkadm5srv.la libkadm5clnt.la
-libkadm5srv_la_LDFLAGS = -version-info 8:1:0 $(am__append_1)
-libkadm5clnt_la_LDFLAGS = -version-info 7:1:0
-noinst_LTLIBRARIES = sample_passwd_check.la
-sample_passwd_check_la_SOURCES = sample_passwd_check.c
-sample_passwd_check_la_LDFLAGS = -module
-libkadm5srv_la_LIBADD = \
-	$(LIB_com_err) ../krb5/libkrb5.la \
-	../hdb/libhdb.la $(LIBADD_roken)
-
-libkadm5clnt_la_LIBADD = \
-	$(LIB_com_err) ../krb5/libkrb5.la $(LIBADD_roken)
-
-default_keys_SOURCES = default_keys.c
-kadm5includedir = $(includedir)/kadm5
-buildkadm5include = $(buildinclude)/kadm5
-dist_kadm5include_HEADERS = admin.h private.h kadm5-protos.h kadm5-private.h
-nodist_kadm5include_HEADERS = kadm5_err.h
-dist_libkadm5clnt_la_SOURCES = \
-	ad.c					\
-	chpass_c.c				\
-	client_glue.c				\
-	common_glue.c				\
-	create_c.c				\
-	delete_c.c				\
-	destroy_c.c				\
-	flush_c.c				\
-	free.c					\
-	get_c.c					\
-	get_princs_c.c				\
-	init_c.c				\
-	kadm5_locl.h				\
-	marshall.c				\
-	modify_c.c				\
-	private.h				\
-	privs_c.c				\
-	randkey_c.c				\
-	rename_c.c				\
-	send_recv.c				\
-	kadm5-pwcheck.h				\
-	admin.h
-
-nodist_libkadm5clnt_la_SOURCES = \
-	kadm5_err.c				\
-	kadm5_err.h
-
-dist_libkadm5srv_la_SOURCES = \
-	acl.c					\
-	admin.h					\
-	bump_pw_expire.c			\
-	chpass_s.c				\
-	common_glue.c				\
-	context_s.c				\
-	create_s.c				\
-	delete_s.c				\
-	destroy_s.c				\
-	ent_setup.c				\
-	error.c					\
-	flush_s.c				\
-	free.c					\
-	get_princs_s.c				\
-	get_s.c					\
-	init_s.c				\
-	kadm5_locl.h				\
-	keys.c					\
-	log.c					\
-	marshall.c				\
-	modify_s.c				\
-	password_quality.c			\
-	private.h				\
-	privs_s.c				\
-	randkey_s.c				\
-	rename_s.c				\
-	server_glue.c				\
-	set_keys.c				\
-	set_modifier.c				\
-	kadm5-pwcheck.h				\
-	admin.h
-
-nodist_libkadm5srv_la_SOURCES = \
-	kadm5_err.c				\
-	kadm5_err.h
-
-dist_iprop_log_SOURCES = iprop-log.c
-nodist_iprop_log_SOURCES = iprop-commands.c
-ipropd_master_SOURCES = ipropd_master.c ipropd_common.c iprop.h kadm5_locl.h
-ipropd_slave_SOURCES = ipropd_slave.c ipropd_common.c iprop.h kadm5_locl.h
-man_MANS = kadm5_pwcheck.3 iprop.8 iprop-log.8
-LDADD = \
-	libkadm5srv.la \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(LIB_openldap) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_hcrypto) \
-	$(LIB_roken) \
-	$(DBLIB) \
-	$(LIB_dlopen) \
-	$(LIB_pidfile)
-
-iprop_log_LDADD = \
-	libkadm5srv.la \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(LIB_openldap) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/sl/libsl.la \
-	$(LIB_readline) \
-	$(LIB_roken) \
-	$(DBLIB) \
-	$(LIB_dlopen) \
-	$(LIB_pidfile)
-
-CLEANFILES = kadm5_err.c kadm5_err.h iprop-commands.h iprop-commands.c
-proto_opts = -q -R '^(_|kadm5_c_|kadm5_s_|kadm5_log)' -P comment
-EXTRA_DIST = \
-	kadm5_err.et \
-	iprop-commands.in \
-	$(man_MANS) \
-	check-cracklib.pl \
-	flush.c \
-	sample_passwd_check.c \
-	version-script.map
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps lib/kadm5/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps lib/kadm5/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f=$(am__strip_dir) \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  p=$(am__strip_dir) \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
-	  $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test "$$dir" != "$$p" || dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-
-clean-noinstLTLIBRARIES:
-	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
-	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test "$$dir" != "$$p" || dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-libkadm5clnt.la: $(libkadm5clnt_la_OBJECTS) $(libkadm5clnt_la_DEPENDENCIES) 
-	$(libkadm5clnt_la_LINK) -rpath $(libdir) $(libkadm5clnt_la_OBJECTS) $(libkadm5clnt_la_LIBADD) $(LIBS)
-libkadm5srv.la: $(libkadm5srv_la_OBJECTS) $(libkadm5srv_la_DEPENDENCIES) 
-	$(libkadm5srv_la_LINK) -rpath $(libdir) $(libkadm5srv_la_OBJECTS) $(libkadm5srv_la_LIBADD) $(LIBS)
-sample_passwd_check.la: $(sample_passwd_check_la_OBJECTS) $(sample_passwd_check_la_DEPENDENCIES) 
-	$(sample_passwd_check_la_LINK)  $(sample_passwd_check_la_OBJECTS) $(sample_passwd_check_la_LIBADD) $(LIBS)
-
-clean-checkPROGRAMS:
-	@list='$(check_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-install-libexecPROGRAMS: $(libexec_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)"
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(libexecdir)/$$f'"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(libexecdir)/$$f" || exit 1; \
-	  else :; fi; \
-	done
-
-uninstall-libexecPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f '$(DESTDIR)$(libexecdir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(libexecdir)/$$f"; \
-	done
-
-clean-libexecPROGRAMS:
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-
-clean-noinstPROGRAMS:
-	@list='$(noinst_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-install-sbinPROGRAMS: $(sbin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)"
-	@list='$(sbin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(sbindir)/$$f'"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(sbindir)/$$f" || exit 1; \
-	  else :; fi; \
-	done
-
-uninstall-sbinPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(sbin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f '$(DESTDIR)$(sbindir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(sbindir)/$$f"; \
-	done
-
-clean-sbinPROGRAMS:
-	@list='$(sbin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-default_keys$(EXEEXT): $(default_keys_OBJECTS) $(default_keys_DEPENDENCIES) 
-	@rm -f default_keys$(EXEEXT)
-	$(LINK) $(default_keys_OBJECTS) $(default_keys_LDADD) $(LIBS)
-iprop-log$(EXEEXT): $(iprop_log_OBJECTS) $(iprop_log_DEPENDENCIES) 
-	@rm -f iprop-log$(EXEEXT)
-	$(LINK) $(iprop_log_OBJECTS) $(iprop_log_LDADD) $(LIBS)
-ipropd-master$(EXEEXT): $(ipropd_master_OBJECTS) $(ipropd_master_DEPENDENCIES) 
-	@rm -f ipropd-master$(EXEEXT)
-	$(LINK) $(ipropd_master_OBJECTS) $(ipropd_master_LDADD) $(LIBS)
-ipropd-slave$(EXEEXT): $(ipropd_slave_OBJECTS) $(ipropd_slave_DEPENDENCIES) 
-	@rm -f ipropd-slave$(EXEEXT)
-	$(LINK) $(ipropd_slave_OBJECTS) $(ipropd_slave_LDADD) $(LIBS)
-test_pw_quality$(EXEEXT): $(test_pw_quality_OBJECTS) $(test_pw_quality_DEPENDENCIES) 
-	@rm -f test_pw_quality$(EXEEXT)
-	$(LINK) $(test_pw_quality_OBJECTS) $(test_pw_quality_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-man3: $(man3_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	test -z "$(man3dir)" || $(MKDIR_P) "$(DESTDIR)$(man3dir)"
-	@list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.3*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    3*) ;; \
-	    *) ext='3' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \
-	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst"; \
-	done
-uninstall-man3:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.3*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    3*) ;; \
-	    *) ext='3' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f '$(DESTDIR)$(man3dir)/$$inst'"; \
-	  rm -f "$(DESTDIR)$(man3dir)/$$inst"; \
-	done
-install-man8: $(man8_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    8*) ;; \
-	    *) ext='8' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
-	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
-	done
-uninstall-man8:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    8*) ;; \
-	    *) ext='8' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
-	  rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
-	done
-install-dist_kadm5includeHEADERS: $(dist_kadm5include_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(kadm5includedir)" || $(MKDIR_P) "$(DESTDIR)$(kadm5includedir)"
-	@list='$(dist_kadm5include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(dist_kadm5includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(kadm5includedir)/$$f'"; \
-	  $(dist_kadm5includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(kadm5includedir)/$$f"; \
-	done
-
-uninstall-dist_kadm5includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(dist_kadm5include_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(kadm5includedir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(kadm5includedir)/$$f"; \
-	done
-install-nodist_kadm5includeHEADERS: $(nodist_kadm5include_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(kadm5includedir)" || $(MKDIR_P) "$(DESTDIR)$(kadm5includedir)"
-	@list='$(nodist_kadm5include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(nodist_kadm5includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(kadm5includedir)/$$f'"; \
-	  $(nodist_kadm5includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(kadm5includedir)/$$f"; \
-	done
-
-uninstall-nodist_kadm5includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(nodist_kadm5include_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(kadm5includedir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(kadm5includedir)/$$f"; \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(MANS) $(HEADERS) \
-		all-local
-installdirs:
-	for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man3dir)" "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(kadm5includedir)" "$(DESTDIR)$(kadm5includedir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-checkPROGRAMS clean-generic clean-libLTLIBRARIES \
-	clean-libexecPROGRAMS clean-libtool clean-noinstLTLIBRARIES \
-	clean-noinstPROGRAMS clean-sbinPROGRAMS mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-dist_kadm5includeHEADERS install-man \
-	install-nodist_kadm5includeHEADERS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am: install-libLTLIBRARIES install-libexecPROGRAMS \
-	install-sbinPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man: install-man3 install-man8
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-dist_kadm5includeHEADERS \
-	uninstall-libLTLIBRARIES uninstall-libexecPROGRAMS \
-	uninstall-man uninstall-nodist_kadm5includeHEADERS \
-	uninstall-sbinPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-uninstall-man: uninstall-man3 uninstall-man8
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
-	clean clean-checkPROGRAMS clean-generic clean-libLTLIBRARIES \
-	clean-libexecPROGRAMS clean-libtool clean-noinstLTLIBRARIES \
-	clean-noinstPROGRAMS clean-sbinPROGRAMS ctags dist-hook \
-	distclean distclean-compile distclean-generic \
-	distclean-libtool distclean-tags distdir dvi dvi-am html \
-	html-am info info-am install install-am install-data \
-	install-data-am install-data-hook \
-	install-dist_kadm5includeHEADERS install-dvi install-dvi-am \
-	install-exec install-exec-am install-exec-hook install-html \
-	install-html-am install-info install-info-am \
-	install-libLTLIBRARIES install-libexecPROGRAMS install-man \
-	install-man3 install-man8 install-nodist_kadm5includeHEADERS \
-	install-pdf install-pdf-am install-ps install-ps-am \
-	install-sbinPROGRAMS install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-dist_kadm5includeHEADERS \
-	uninstall-hook uninstall-libLTLIBRARIES \
-	uninstall-libexecPROGRAMS uninstall-man uninstall-man3 \
-	uninstall-man8 uninstall-nodist_kadm5includeHEADERS \
-	uninstall-sbinPROGRAMS
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-install-build-headers:: $(dist_kadm5include_HEADERS) $(nodist_kadm5include_HEADERS)
-	@foo='$(dist_kadm5include_HEADERS) $(nodist_kadm5include_HEADERS)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildkadm5include)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo "cp $$file $(buildkadm5include)/$$f";\
-			cp $$file $(buildkadm5include)/$$f; \
-		fi ; \
-	done
-
-iprop-commands.c iprop-commands.h: iprop-commands.in
-	$(SLC) $(srcdir)/iprop-commands.in
-
-$(libkadm5srv_la_OBJECTS): kadm5_err.h
-$(iprop_log_OBJECTS): iprop-commands.h
-
-client_glue.lo server_glue.lo: $(srcdir)/common_glue.c
-
-# to help stupid solaris make
-
-kadm5_err.h: kadm5_err.et
-
-$(libkadm5clnt_la_OBJECTS) $(libkadm5srv_la_OBJECTS): $(srcdir)/kadm5-protos.h $(srcdir)/kadm5-private.h
-$(srcdir)/kadm5-protos.h:
-	cd $(srcdir); perl ../../cf/make-proto.pl $(proto_opts) \
-		-o kadm5-protos.h \
-		$(dist_libkadm5clnt_la_SOURCES) \
-		$(dist_libkadm5srv_la_SOURCES) \
-		|| rm -f kadm5-protos.h
-
-$(srcdir)/kadm5-private.h:
-	cd $(srcdir); perl ../../cf/make-proto.pl $(proto_opts) \
-		-p kadm5-private.h \
-		$(dist_libkadm5clnt_la_SOURCES) \
-		$(dist_libkadm5srv_la_SOURCES) \
-		|| rm -f kadm5-private.h
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/kadm5/acl.c b/crypto/heimdal/lib/kadm5/acl.c
deleted file mode 100644
index 9a2f75b6cbf6..000000000000
--- a/crypto/heimdal/lib/kadm5/acl.c
+++ /dev/null
@@ -1,216 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: acl.c 17445 2006-05-05 10:37:46Z lha $");
-
-static struct units acl_units[] = {
-    { "all",		KADM5_PRIV_ALL },
-    { "change-password",KADM5_PRIV_CPW },
-    { "cpw",		KADM5_PRIV_CPW },
-    { "list",		KADM5_PRIV_LIST },
-    { "delete",		KADM5_PRIV_DELETE },
-    { "modify",		KADM5_PRIV_MODIFY },
-    { "add",		KADM5_PRIV_ADD },
-    { "get", 		KADM5_PRIV_GET },
-    { NULL }
-};
-
-kadm5_ret_t
-_kadm5_string_to_privs(const char *s, uint32_t* privs)
-{
-    int flags;
-    flags = parse_flags(s, acl_units, 0);
-    if(flags < 0)
-	return KADM5_FAILURE;
-    *privs = flags;
-    return 0;
-}
-
-kadm5_ret_t
-_kadm5_privs_to_string(uint32_t privs, char *string, size_t len)
-{
-    if(privs == 0)
-	strlcpy(string, "none", len);
-    else
-	unparse_flags(privs, acl_units + 1, string, len);
-    return 0;
-}
-
-/*
- * retrieve the right for the current caller on `princ' (NULL means all)
- * and store them in `ret_flags'
- * return 0 or an error.
- */
-
-static kadm5_ret_t
-fetch_acl (kadm5_server_context *context,
-	   krb5_const_principal princ,
-	   unsigned *ret_flags)
-{
-    FILE *f;
-    krb5_error_code ret = 0;
-    char buf[256];
-
-    *ret_flags = 0;
-
-    /* no acl file -> no rights */
-    f = fopen(context->config.acl_file, "r");
-    if (f == NULL)
-	return 0;
-
-    while(fgets(buf, sizeof(buf), f) != NULL) {
-	char *foo = NULL, *p;
-	krb5_principal this_princ;
-	unsigned flags = 0;
-
-	p = strtok_r(buf, " \t\n", &foo);
-	if(p == NULL)
-	    continue;
-	if (*p == '#')		/* comment */
-	    continue;
-	ret = krb5_parse_name(context->context, p, &this_princ);
-	if(ret)
-	    break;
-	if(!krb5_principal_compare(context->context, 
-				   context->caller, this_princ)) {
-	    krb5_free_principal(context->context, this_princ);
-	    continue;
-	}
-	krb5_free_principal(context->context, this_princ);
-	p = strtok_r(NULL, " \t\n", &foo);
-	if(p == NULL)
-	    continue;
-	ret = _kadm5_string_to_privs(p, &flags);
-	if (ret)
-	    break;
-	p = strtok_r(NULL, " \t\n", &foo);
-	if (p == NULL) {
-	    *ret_flags = flags;
-	    break;
-	}
-	if (princ != NULL) {
-	    krb5_principal pattern_princ;
-	    krb5_boolean match;
-
-	    ret = krb5_parse_name (context->context, p, &pattern_princ);
-	    if (ret)
-		break;
-	    match = krb5_principal_match (context->context,
-					  princ, pattern_princ);
-	    krb5_free_principal (context->context, pattern_princ);
-	    if (match) {
-		*ret_flags = flags;
-		break;
-	    }
-	}
-    }
-    fclose(f);
-    return ret;
-}
-
-/*
- * set global acl flags in `context' for the current caller.
- * return 0 on success or an error
- */
-
-kadm5_ret_t
-_kadm5_acl_init(kadm5_server_context *context)
-{
-    krb5_principal princ;
-    krb5_error_code ret;
-    
-    ret = krb5_parse_name(context->context, KADM5_ADMIN_SERVICE, &princ);
-    if (ret)
-	return ret;
-    ret = krb5_principal_compare(context->context, context->caller, princ);
-    krb5_free_principal(context->context, princ);
-    if(ret != 0) {
-	context->acl_flags = KADM5_PRIV_ALL;
-	return 0;
-    }
-
-    return fetch_acl (context, NULL, &context->acl_flags);
-}
-
-/*
- * check if `flags' allows `op'
- * return 0 if OK or an error
- */
-
-static kadm5_ret_t
-check_flags (unsigned op,
-	     unsigned flags)
-{
-    unsigned res = ~flags & op;
-
-    if(res & KADM5_PRIV_GET)
-	return KADM5_AUTH_GET;
-    if(res & KADM5_PRIV_ADD)
-	return KADM5_AUTH_ADD;
-    if(res & KADM5_PRIV_MODIFY)
-	return KADM5_AUTH_MODIFY;
-    if(res & KADM5_PRIV_DELETE)
-	return KADM5_AUTH_DELETE;
-    if(res & KADM5_PRIV_CPW)
-	return KADM5_AUTH_CHANGEPW;
-    if(res & KADM5_PRIV_LIST)
-	return KADM5_AUTH_LIST;
-    if(res)
-	return KADM5_AUTH_INSUFFICIENT;
-    return 0;
-}
-
-/*
- * return 0 if the current caller in `context' is allowed to perform
- * `op' on `princ' and otherwise an error
- * princ == NULL if it's not relevant.
- */
-
-kadm5_ret_t
-_kadm5_acl_check_permission(kadm5_server_context *context,
-			    unsigned op,
-			    krb5_const_principal princ)
-{
-    kadm5_ret_t ret;
-    unsigned princ_flags;
-
-    ret = check_flags (op, context->acl_flags);
-    if (ret == 0)
-	return ret;
-    ret = fetch_acl (context, princ, &princ_flags);
-    if (ret)
-	return ret;
-    return check_flags (op, princ_flags);
-}
diff --git a/crypto/heimdal/lib/kadm5/ad.c b/crypto/heimdal/lib/kadm5/ad.c
deleted file mode 100644
index 72288d978eaa..000000000000
--- a/crypto/heimdal/lib/kadm5/ad.c
+++ /dev/null
@@ -1,1449 +0,0 @@
-/*
- * Copyright (c) 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#define HAVE_TSASL 1
-
-#include "kadm5_locl.h"
-#if 1
-#undef OPENLDAP
-#undef HAVE_TSASL
-#endif
-#ifdef OPENLDAP
-#include <ldap.h>
-#ifdef HAVE_TSASL
-#include <tsasl.h>
-#endif
-#include <resolve.h>
-#include <base64.h>
-#endif
-
-RCSID("$Id: ad.c 17445 2006-05-05 10:37:46Z lha $");
-
-#ifdef OPENLDAP
-
-#define CTX2LP(context) ((LDAP *)((context)->ldap_conn))
-#define CTX2BASE(context) ((context)->base_dn)
-
-/*
- * userAccountControl
- */
-
-#define UF_SCRIPT	 			0x00000001
-#define UF_ACCOUNTDISABLE			0x00000002
-#define UF_UNUSED_0	 			0x00000004
-#define UF_HOMEDIR_REQUIRED			0x00000008
-#define UF_LOCKOUT	 			0x00000010
-#define UF_PASSWD_NOTREQD 			0x00000020
-#define UF_PASSWD_CANT_CHANGE 			0x00000040
-#define UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED	0x00000080
-#define UF_TEMP_DUPLICATE_ACCOUNT       	0x00000100
-#define UF_NORMAL_ACCOUNT               	0x00000200
-#define UF_UNUSED_1	 			0x00000400
-#define UF_INTERDOMAIN_TRUST_ACCOUNT    	0x00000800
-#define UF_WORKSTATION_TRUST_ACCOUNT    	0x00001000
-#define UF_SERVER_TRUST_ACCOUNT         	0x00002000
-#define UF_UNUSED_2	 			0x00004000
-#define UF_UNUSED_3	 			0x00008000
-#define UF_PASSWD_NOT_EXPIRE			0x00010000
-#define UF_MNS_LOGON_ACCOUNT			0x00020000
-#define UF_SMARTCARD_REQUIRED			0x00040000
-#define UF_TRUSTED_FOR_DELEGATION		0x00080000
-#define UF_NOT_DELEGATED			0x00100000
-#define UF_USE_DES_KEY_ONLY			0x00200000
-#define UF_DONT_REQUIRE_PREAUTH			0x00400000
-#define UF_UNUSED_4				0x00800000
-#define UF_UNUSED_5				0x01000000
-#define UF_UNUSED_6				0x02000000
-#define UF_UNUSED_7				0x04000000
-#define UF_UNUSED_8				0x08000000
-#define UF_UNUSED_9				0x10000000
-#define UF_UNUSED_10				0x20000000
-#define UF_UNUSED_11				0x40000000
-#define UF_UNUSED_12				0x80000000
-
-/*
- *
- */
-
-#ifndef HAVE_TSASL
-static int
-sasl_interact(LDAP *ld, unsigned flags, void *defaults, void *interact)
-{
-    return LDAP_SUCCESS;
-}
-#endif
-
-#if 0
-static Sockbuf_IO ldap_tsasl_io = {
-    NULL,			/* sbi_setup */
-    NULL,			/* sbi_remove */
-    NULL,			/* sbi_ctrl */
-    NULL,			/* sbi_read */
-    NULL,			/* sbi_write */
-    NULL			/* sbi_close */
-};
-#endif
-
-#ifdef HAVE_TSASL
-static int
-ldap_tsasl_bind_s(LDAP *ld,
-		  LDAP_CONST char *dn,
-		  LDAPControl **serverControls,
-		  LDAPControl **clientControls,
-		  const char *host)
-{
-    char *attrs[] = { "supportedSASLMechanisms", NULL };
-    struct tsasl_peer *peer = NULL;
-    struct tsasl_buffer in, out;
-    struct berval ccred, *scred;
-    LDAPMessage *m, *m0;
-    const char *mech;
-    char **vals;
-    int ret, rc;
-
-    ret = tsasl_peer_init(TSASL_FLAGS_INITIATOR | TSASL_FLAGS_CLEAR,
-			  "ldap", host, &peer);
-    if (ret != TSASL_DONE) {
-	rc = LDAP_LOCAL_ERROR;
-	goto out;
-    }
-
-    rc = ldap_search_s(ld, "", LDAP_SCOPE_BASE, NULL, attrs, 0, &m0);
-    if (rc != LDAP_SUCCESS)
-	goto out;
-    
-    m = ldap_first_entry(ld, m0);
-    if (m == NULL) {
-	ldap_msgfree(m0);
-	goto out;
-    }
-
-    vals = ldap_get_values(ld, m, "supportedSASLMechanisms");
-    if (vals == NULL) {
-	ldap_msgfree(m0);
-	goto out;
-    }
-
-    ret = tsasl_find_best_mech(peer, vals, &mech);
-    if (ret) {
-	ldap_msgfree(m0);
-	goto out;
-    }
-
-    ldap_msgfree(m0);
-
-    ret = tsasl_select_mech(peer, mech);
-    if (ret != TSASL_DONE) {
-	rc = LDAP_LOCAL_ERROR;
-	goto out;
-    }
-
-    in.tb_data = NULL;
-    in.tb_size = 0;
-
-    do {
-	ret = tsasl_request(peer, &in, &out);
-	if (in.tb_size != 0) {
-	    free(in.tb_data);
-	    in.tb_data = NULL; 
-	    in.tb_size = 0;
-	}
-	if (ret != TSASL_DONE && ret != TSASL_CONTINUE) {
-	    rc = LDAP_AUTH_UNKNOWN;
-	    goto out;
-	}
-
-	ccred.bv_val = out.tb_data;
-	ccred.bv_len = out.tb_size;
-
-	rc = ldap_sasl_bind_s(ld, dn, mech, &ccred,
-			      serverControls, clientControls, &scred);
-	tsasl_buffer_free(&out);
-
-	if (rc != LDAP_SUCCESS && rc != LDAP_SASL_BIND_IN_PROGRESS) {
-	    if(scred && scred->bv_len)
-		ber_bvfree(scred);
-	    goto out;
-	}
-
-	in.tb_data = malloc(scred->bv_len);
-	if (in.tb_data == NULL) {
-	    rc = LDAP_LOCAL_ERROR;
-	    goto out;
-	}
-	memcpy(in.tb_data, scred->bv_val, scred->bv_len);
-	in.tb_size = scred->bv_len;
-	ber_bvfree(scred);
-
-    } while (rc == LDAP_SASL_BIND_IN_PROGRESS);
-
- out:
-    if (rc == LDAP_SUCCESS) {
-#if 0
-	ber_sockbuf_add_io(ld->ld_conns->lconn_sb, &ldap_tsasl_io,
-			   LBER_SBIOD_LEVEL_APPLICATION, peer);
-
-#endif
-    } else if (peer != NULL)
-	tsasl_peer_free(peer);
-
-    return rc;
-}
-#endif /* HAVE_TSASL */
-
-
-static int
-check_ldap(kadm5_ad_context *context, int ret)
-{
-    switch (ret) {
-    case LDAP_SUCCESS:
-	return 0;
-    case LDAP_SERVER_DOWN: {
-	LDAP *lp = CTX2LP(context);
-	ldap_unbind(lp);
-	context->ldap_conn = NULL;
-	free(context->base_dn);
-	context->base_dn = NULL;
-	return 1;
-    }
-    default:
-	return 1;
-    }
-}
-
-/*
- *
- */
-
-static void
-laddattr(char ***al, int *attrlen, char *attr)
-{
-    char **a;
-    a = realloc(*al, (*attrlen + 2) * sizeof(**al));
-    if (a == NULL)
-	return;
-    a[*attrlen] = attr;
-    a[*attrlen + 1] = NULL;
-    (*attrlen)++;
-    *al = a;
-}
-
-static kadm5_ret_t
-_kadm5_ad_connect(void *server_handle)
-{
-    kadm5_ad_context *context = server_handle;
-    struct {
-	char *server;
-	int port;
-    } *s, *servers = NULL;
-    int i, num_servers = 0;
-
-    if (context->ldap_conn)
-	return 0;
-
-    {
-	struct dns_reply *r;
-	struct resource_record *rr;
-	char *domain;
-
-	asprintf(&domain, "_ldap._tcp.%s", context->realm);
-	if (domain == NULL) {
-	    krb5_set_error_string(context->context, "malloc");
-	    return KADM5_NO_SRV;
-	}
-
-	r = dns_lookup(domain, "SRV");
-	free(domain);
-	if (r == NULL) {
-	    krb5_set_error_string(context->context, "Didn't find ldap dns");
-	    return KADM5_NO_SRV;
-	}	
-
-	for (rr = r->head ; rr != NULL; rr = rr->next) {
-	    if (rr->type != T_SRV)
-		continue;
-	    s = realloc(servers, sizeof(*servers) * (num_servers + 1));
-	    if (s == NULL) {
-		krb5_set_error_string(context->context, "malloc");
-		dns_free_data(r);
-		goto fail;
-	    }
-	    servers = s;
-	    num_servers++;
-	    servers[num_servers - 1].port =  rr->u.srv->port;
-	    servers[num_servers - 1].server =  strdup(rr->u.srv->target);
-	}
-	dns_free_data(r);
-    }
-
-    if (num_servers == 0) {
-	krb5_set_error_string(context->context, "No AD server found in DNS");
-	return KADM5_NO_SRV;
-    }
-
-    for (i = 0; i < num_servers; i++) {
-	int lret, version = LDAP_VERSION3;
-	LDAP *lp;
-
-	lp = ldap_init(servers[i].server, servers[i].port);
-	if (lp == NULL)
-	    continue;
-	
-	if (ldap_set_option(lp, LDAP_OPT_PROTOCOL_VERSION, &version)) {
-	    ldap_unbind(lp);
-	    continue;
-	}
-	
-	if (ldap_set_option(lp, LDAP_OPT_REFERRALS, LDAP_OPT_OFF)) {
-	    ldap_unbind(lp);
-	    continue;
-	}
-	
-#ifdef HAVE_TSASL
-	lret = ldap_tsasl_bind_s(lp, NULL, NULL, NULL, servers[i].server);
-				 
-#else
-	lret = ldap_sasl_interactive_bind_s(lp, NULL, NULL, NULL, NULL, 
-					    LDAP_SASL_QUIET,
-					    sasl_interact, NULL);
-#endif
-	if (lret != LDAP_SUCCESS) {
-	    krb5_set_error_string(context->context, 
-				  "Couldn't contact any AD servers: %s",
-				  ldap_err2string(lret));
-	    ldap_unbind(lp);
-	    continue;
-	}
-
-	context->ldap_conn = lp;
-	break;
-    }
-    if (i >= num_servers) {
-	goto fail;
-    }
-
-    {
-	LDAPMessage *m, *m0;
-	char **attr = NULL;
-	int attrlen = 0;
-	char **vals;
-	int ret;
-	
-	laddattr(&attr, &attrlen, "defaultNamingContext");
-
-	ret = ldap_search_s(CTX2LP(context), "", LDAP_SCOPE_BASE, 
-			    "objectclass=*", attr, 0, &m);
-	free(attr);
-	if (check_ldap(context, ret))
-	    goto fail;
-
-	if (ldap_count_entries(CTX2LP(context), m) > 0) {
-	    m0 = ldap_first_entry(CTX2LP(context), m);
-	    if (m0 == NULL) {
-		krb5_set_error_string(context->context,
-				      "Error in AD ldap responce");
-		ldap_msgfree(m);
-		goto fail;
-	    }
-	    vals = ldap_get_values(CTX2LP(context), 
-				   m0, "defaultNamingContext");
-	    if (vals == NULL) {
-		krb5_set_error_string(context->context,
-				      "No naming context found");
-		goto fail;
-	    }
-	    context->base_dn = strdup(vals[0]);
-	} else
-	    goto fail;
-	ldap_msgfree(m);
-    }
-
-    for (i = 0; i < num_servers; i++)
-	free(servers[i].server);
-    free(servers);
-
-    return 0;
-
- fail:
-    for (i = 0; i < num_servers; i++)
-	free(servers[i].server);
-    free(servers);
-
-    if (context->ldap_conn) {
-	ldap_unbind(CTX2LP(context));
-	context->ldap_conn = NULL;
-    }
-    return KADM5_RPC_ERROR;
-}
-
-#define NTTIME_EPOCH 0x019DB1DED53E8000LL
-
-static time_t
-nt2unixtime(const char *str)
-{
-    unsigned long long t;
-    t = strtoll(str, NULL, 10);
-    t = ((t - NTTIME_EPOCH) / (long long)10000000);
-    if (t > (((time_t)(~(long long)0)) >> 1))
-	return 0;
-    return (time_t)t;
-}
-
-static long long
-unix2nttime(time_t unix_time)
-{
-    long long wt;
-    wt = unix_time * (long long)10000000 + (long long)NTTIME_EPOCH;
-    return wt;
-}
-
-/* XXX create filter in a better way */
-
-static int
-ad_find_entry(kadm5_ad_context *context,
-	      const char *fqdn,
-	      const char *pn,
-	      char **name)
-{
-    LDAPMessage *m, *m0;
-    char *attr[] = { "distinguishedName", NULL };
-    char *filter;
-    int ret;
-
-    if (name)
-	*name = NULL;
-
-    if (fqdn)
-	asprintf(&filter, 
-		 "(&(objectClass=computer)(|(dNSHostName=%s)(servicePrincipalName=%s)))",
-		 fqdn, pn);
-    else if(pn)
-	asprintf(&filter, "(&(objectClass=account)(userPrincipalName=%s))", pn);
-    else
-	return KADM5_RPC_ERROR;
-
-    ret = ldap_search_s(CTX2LP(context), CTX2BASE(context),
-			LDAP_SCOPE_SUBTREE, 
-			filter, attr, 0, &m);
-    free(filter);
-    if (check_ldap(context, ret))
-	return KADM5_RPC_ERROR;
-
-    if (ldap_count_entries(CTX2LP(context), m) > 0) {
-	char **vals;
-	m0 = ldap_first_entry(CTX2LP(context), m);
-	vals = ldap_get_values(CTX2LP(context), m0, "distinguishedName");
-	if (vals == NULL || vals[0] == NULL) {
-	    ldap_msgfree(m);
-	    return KADM5_RPC_ERROR;
-	}
-	if (name)
-	    *name = strdup(vals[0]);
-	ldap_msgfree(m);
-    } else
-	return KADM5_UNK_PRINC;
-
-    return 0;
-}
-
-#endif /* OPENLDAP */
-
-static kadm5_ret_t
-ad_get_cred(kadm5_ad_context *context, const char *password)
-{
-    kadm5_ret_t ret;
-    krb5_ccache cc;
-    char *service;
-
-    if (context->ccache)
-	return 0;
-
-    asprintf(&service, "%s/%s@%s", KRB5_TGS_NAME,
-	     context->realm, context->realm);
-    if (service == NULL)
-	return ENOMEM;
-
-    ret = _kadm5_c_get_cred_cache(context->context,
-				  context->client_name,
-				  service,
-				  password, krb5_prompter_posix, 
-				  NULL, NULL, &cc);
-    free(service);
-    if(ret)
-	return ret; /* XXX */
-    context->ccache = cc;
-    return 0;
-}
-
-static kadm5_ret_t
-kadm5_ad_chpass_principal(void *server_handle,
-			  krb5_principal principal,
-			  const char *password)
-{
-    kadm5_ad_context *context = server_handle;
-    krb5_data result_code_string, result_string;
-    int result_code;
-    kadm5_ret_t ret;
-
-    ret = ad_get_cred(context, NULL);
-    if (ret)
-	return ret;
-
-    krb5_data_zero (&result_code_string);
-    krb5_data_zero (&result_string);
-
-    ret = krb5_set_password_using_ccache (context->context, 
-					  context->ccache,
-					  password,
-					  principal,
-					  &result_code,
-					  &result_code_string,
-					  &result_string);
-    
-    krb5_data_free (&result_code_string);
-    krb5_data_free (&result_string);
-
-    /* XXX do mapping here on error codes */
-
-    return ret;
-}
-
-#ifdef OPENLDAP
-static const char *
-get_fqdn(krb5_context context, const krb5_principal p)
-{
-    const char *s, *hosttypes[] = { "host", "ldap", "gc", "cifs", "dns" };
-    int i;
-
-    s = krb5_principal_get_comp_string(context, p, 0);
-    if (p == NULL)
-	return NULL;
-    
-    for (i = 0; i < sizeof(hosttypes)/sizeof(hosttypes[0]); i++) {
-	if (strcasecmp(s, hosttypes[i]) == 0)
-	    return krb5_principal_get_comp_string(context, p, 1);
-    }
-    return 0;
-}
-#endif
-
-
-static kadm5_ret_t
-kadm5_ad_create_principal(void *server_handle,
-			  kadm5_principal_ent_t entry,
-			  uint32_t mask,
-			  const char *password)
-{
-    kadm5_ad_context *context = server_handle;
-
-    /*
-     * KADM5_PRINC_EXPIRE_TIME
-     *
-     * return 0 || KADM5_DUP;
-     */
-
-#ifdef OPENLDAP
-    LDAPMod *attrs[8], rattrs[7], *a;
-    char *useraccvals[2] = { NULL, NULL }, 
-	*samvals[2], *dnsvals[2], *spnvals[5], *upnvals[2], *tv[2];
-    char *ocvals_spn[] = { "top", "person", "organizationalPerson", 
-			   "user", "computer", NULL}; 
-    char *p, *realmless_p, *p_msrealm = NULL, *dn = NULL;
-    const char *fqdn;
-    char *s, *samname = NULL, *short_spn = NULL;
-    int ret, i;
-    int32_t uf_flags = 0;
-    
-    if ((mask & KADM5_PRINCIPAL) == 0)
-	return KADM5_BAD_MASK;
-
-    for (i = 0; i < sizeof(rattrs)/sizeof(rattrs[0]); i++)
-	attrs[i] = &rattrs[i];
-    attrs[i] = NULL;
-    
-    ret = ad_get_cred(context, NULL);
-    if (ret)
-	return ret;
-    
-    ret = _kadm5_ad_connect(server_handle);
-    if (ret)
-	return ret;
-    
-    fqdn = get_fqdn(context->context, entry->principal);
-    
-    ret = krb5_unparse_name(context->context, entry->principal, &p);
-    if (ret)
-	return ret;
-    
-    if (ad_find_entry(context, fqdn, p, NULL) == 0) {
-	free(p);
-	return KADM5_DUP;
-    }
-    
-    if (mask & KADM5_ATTRIBUTES) {
-	if (entry->attributes & KRB5_KDB_DISALLOW_ALL_TIX)
-	    uf_flags |= UF_ACCOUNTDISABLE|UF_LOCKOUT;
-	if ((entry->attributes & KRB5_KDB_REQUIRES_PRE_AUTH) == 0)
-	    uf_flags |= UF_DONT_REQUIRE_PREAUTH;
-	if (entry->attributes & KRB5_KDB_REQUIRES_HW_AUTH)
-	    uf_flags |= UF_SMARTCARD_REQUIRED;
-    }
-    
-    realmless_p = strdup(p);
-    if (realmless_p == NULL) {
-	ret = ENOMEM;
-	goto out;
-    }
-    s = strrchr(realmless_p, '@');
-    if (s)
-	*s = '\0';
-    
-    if (fqdn) {
-	/* create computer account */
-	asprintf(&samname, "%s$", fqdn);
-	if (samname == NULL) {
-	    ret = ENOMEM;
-	    goto out;
-	}
-	s = strchr(samname, '.');
-	if (s) {
-	    s[0] = '$';
-	    s[1] = '\0';
-	}
-	
-	short_spn = strdup(p);
-	if (short_spn == NULL) {
-	    errno = ENOMEM;
-	    goto out;
-	}
-	s = strchr(short_spn, '.');
-	if (s) {
-	    *s = '\0';
-	} else {
-	    free(short_spn);
-	    short_spn = NULL;
-	}
-
-	p_msrealm = strdup(p);
-	if (p_msrealm == NULL) {
-	    errno = ENOMEM;
-	    goto out;
-	}
-	s = strrchr(p_msrealm, '@');
-	if (s) {
-	    *s = '/';
-	} else {
-	    free(p_msrealm);
-	    p_msrealm = NULL;
-	}
-
-	asprintf(&dn, "cn=%s, cn=Computers, %s", fqdn, CTX2BASE(context));
-	if (dn == NULL) {
-	    ret = ENOMEM;
-	    goto out;
-	}
-
-	a = &rattrs[0];
-	a->mod_op = LDAP_MOD_ADD;
-	a->mod_type = "objectClass";
-	a->mod_values = ocvals_spn;
-	a++;
-
-	a->mod_op = LDAP_MOD_ADD;
-	a->mod_type = "userAccountControl";
-	a->mod_values = useraccvals;
-	asprintf(&useraccvals[0], "%d",
-		 uf_flags |
-		 UF_PASSWD_NOT_EXPIRE |
-		 UF_WORKSTATION_TRUST_ACCOUNT);
-	useraccvals[1] = NULL;
-	a++;
-
-	a->mod_op = LDAP_MOD_ADD;
-	a->mod_type = "sAMAccountName";
-	a->mod_values = samvals;
-	samvals[0] = samname;
-	samvals[1] = NULL;
-	a++;
-
-	a->mod_op = LDAP_MOD_ADD;
-	a->mod_type = "dNSHostName";
-	a->mod_values = dnsvals;
-	dnsvals[0] = (char *)fqdn;
-	dnsvals[1] = NULL;
-	a++;
-
-	/* XXX  add even more spn's */
-	a->mod_op = LDAP_MOD_ADD;
-	a->mod_type = "servicePrincipalName";
-	a->mod_values = spnvals;
-	i = 0;
-	spnvals[i++] = p;
-	spnvals[i++] = realmless_p;
-	if (short_spn)
-	    spnvals[i++] = short_spn;
-	if (p_msrealm)
-	    spnvals[i++] = p_msrealm;
-	spnvals[i++] = NULL;
-	a++;
-
-	a->mod_op = LDAP_MOD_ADD;
-	a->mod_type = "userPrincipalName";
-	a->mod_values = upnvals;
-	upnvals[0] = p;
-	upnvals[1] = NULL;
-	a++;
-
-	a->mod_op = LDAP_MOD_ADD;
-	a->mod_type = "accountExpires";
-	a->mod_values = tv;
-	tv[0] = "9223372036854775807"; /* "never" */
-	tv[1] = NULL;
-	a++;
-
-    } else {
-	/* create user account */
-	
-	a = &rattrs[0];
-	a->mod_op = LDAP_MOD_ADD;
-	a->mod_type = "userAccountControl";
-	a->mod_values = useraccvals;
-	asprintf(&useraccvals[0], "%d", 
-		 uf_flags |
-		 UF_PASSWD_NOT_EXPIRE);
-	useraccvals[1] = NULL;
-	a++;
-
-	a->mod_op = LDAP_MOD_ADD;
-	a->mod_type = "sAMAccountName";
-	a->mod_values = samvals;
-	samvals[0] = realmless_p;
-	samvals[1] = NULL;
-	a++;
-
-	a->mod_op = LDAP_MOD_ADD;
-	a->mod_type = "userPrincipalName";
-	a->mod_values = upnvals;
-	upnvals[0] = p;
-	upnvals[1] = NULL;
-	a++;
-
-	a->mod_op = LDAP_MOD_ADD;
-	a->mod_type = "accountExpires";
-	a->mod_values = tv;
-	tv[0] = "9223372036854775807"; /* "never" */
-	tv[1] = NULL;
-	a++;
-    }
-
-    attrs[a - &rattrs[0]] = NULL;
-
-    ret = ldap_add_s(CTX2LP(context), dn, attrs);
-
- out:
-    if (useraccvals[0])
-	free(useraccvals[0]);
-    if (realmless_p)
-	free(realmless_p);
-    if (samname)
-	free(samname);
-    if (short_spn)
-	free(short_spn);
-    if (p_msrealm)
-	free(p_msrealm);
-    free(p);
-
-    if (check_ldap(context, ret))
-	return KADM5_RPC_ERROR;
-
-    return 0;
-#else
-    krb5_set_error_string(context->context, "Function not implemented");
-    return KADM5_RPC_ERROR;
-#endif
-}
-
-static kadm5_ret_t
-kadm5_ad_delete_principal(void *server_handle, krb5_principal principal)
-{
-    kadm5_ad_context *context = server_handle;
-#ifdef OPENLDAP
-    char *p, *dn = NULL;
-    const char *fqdn;
-    int ret;
-
-    ret = ad_get_cred(context, NULL);
-    if (ret)
-	return ret;
-
-    ret = _kadm5_ad_connect(server_handle);
-    if (ret)
-	return ret;
-
-    fqdn = get_fqdn(context->context, principal);
-
-    ret = krb5_unparse_name(context->context, principal, &p);
-    if (ret)
-	return ret;
-
-    if (ad_find_entry(context, fqdn, p, &dn) != 0) {
-	free(p);
-	return KADM5_UNK_PRINC;
-    }
-
-    ret = ldap_delete_s(CTX2LP(context), dn);
-
-    free(dn);
-    free(p);
-
-    if (check_ldap(context, ret))
-	return KADM5_RPC_ERROR;
-    return 0;
-#else
-    krb5_set_error_string(context->context, "Function not implemented");
-    return KADM5_RPC_ERROR;
-#endif
-}
-
-static kadm5_ret_t
-kadm5_ad_destroy(void *server_handle)
-{
-    kadm5_ad_context *context = server_handle;
-
-    if (context->ccache)
-	krb5_cc_destroy(context->context, context->ccache);
-
-#ifdef OPENLDAP
-    {
-	LDAP *lp = CTX2LP(context);
-	if (lp)
-	    ldap_unbind(lp);
-	if (context->base_dn)
-	    free(context->base_dn);
-    }
-#endif
-    free(context->realm);
-    free(context->client_name);
-    krb5_free_principal(context->context, context->caller);
-    if(context->my_context)
-	krb5_free_context(context->context);
-    return 0;
-}
-
-static kadm5_ret_t
-kadm5_ad_flush(void *server_handle)
-{
-    kadm5_ad_context *context = server_handle;
-#ifdef OPENLDAP
-    krb5_set_error_string(context->context, "Function not implemented");
-    return KADM5_RPC_ERROR;
-#else
-    krb5_set_error_string(context->context, "Function not implemented");
-    return KADM5_RPC_ERROR;
-#endif
-}
-
-static kadm5_ret_t
-kadm5_ad_get_principal(void *server_handle,
-		       krb5_principal principal, 
-		       kadm5_principal_ent_t entry, 
-		       uint32_t mask)
-{
-    kadm5_ad_context *context = server_handle;
-#ifdef OPENLDAP
-    LDAPMessage *m, *m0;
-    char **attr = NULL;
-    int attrlen = 0;
-    char *filter, *p, *q, *u;
-    int ret;
-
-    /*
-     * principal
-     * KADM5_PRINCIPAL | KADM5_KVNO | KADM5_ATTRIBUTES
-     */
-
-    /*
-     * return 0 || KADM5_DUP;
-     */
-
-    memset(entry, 0, sizeof(*entry));
-
-    if (mask & KADM5_KVNO)
-	laddattr(&attr, &attrlen, "msDS-KeyVersionNumber");
-
-    if (mask & KADM5_PRINCIPAL) {
-	laddattr(&attr, &attrlen, "userPrincipalName");
-	laddattr(&attr, &attrlen, "servicePrincipalName");
-    }
-    laddattr(&attr, &attrlen, "objectClass");
-    laddattr(&attr, &attrlen, "lastLogon");
-    laddattr(&attr, &attrlen, "badPwdCount");
-    laddattr(&attr, &attrlen, "badPasswordTime");
-    laddattr(&attr, &attrlen, "pwdLastSet");
-    laddattr(&attr, &attrlen, "accountExpires");
-    laddattr(&attr, &attrlen, "userAccountControl");
-
-    krb5_unparse_name_short(context->context, principal, &p);
-    krb5_unparse_name(context->context, principal, &u);
-
-    /* replace @ in domain part with a / */
-    q = strrchr(p, '@');
-    if (q && (p != q && *(q - 1) != '\\'))
-	*q = '/';
-
-    asprintf(&filter, 
-	     "(|(userPrincipalName=%s)(servicePrincipalName=%s)(servicePrincipalName=%s))",
-	     u, p, u);
-    free(p);
-    free(u);
-
-    ret = ldap_search_s(CTX2LP(context), CTX2BASE(context),
-			LDAP_SCOPE_SUBTREE, 
-			filter, attr, 0, &m);
-    free(attr);
-    if (check_ldap(context, ret))
-	return KADM5_RPC_ERROR;
-
-    if (ldap_count_entries(CTX2LP(context), m) > 0) {
-	char **vals;
-	m0 = ldap_first_entry(CTX2LP(context), m);
-	if (m0 == NULL) {
-	    ldap_msgfree(m);
-	    goto fail;
-	}
-#if 0
-	vals = ldap_get_values(CTX2LP(context), m0, "servicePrincipalName");
-	if (vals)
-	    printf("servicePrincipalName %s\n", vals[0]);
-	vals = ldap_get_values(CTX2LP(context), m0, "userPrincipalName");
-	if (vals)
-	    printf("userPrincipalName %s\n", vals[0]);
-	vals = ldap_get_values(CTX2LP(context), m0, "userAccountControl");
-	if (vals)
-	    printf("userAccountControl %s\n", vals[0]);
-#endif
-	entry->princ_expire_time = 0;
-	if (mask & KADM5_PRINC_EXPIRE_TIME) {
-	    vals = ldap_get_values(CTX2LP(context), m0, "accountExpires");
-	    if (vals)
-		entry->princ_expire_time = nt2unixtime(vals[0]);
-	}
-	entry->last_success = 0;
-	if (mask & KADM5_LAST_SUCCESS) {
-	    vals = ldap_get_values(CTX2LP(context), m0, "lastLogon");
-	    if (vals)
-		entry->last_success = nt2unixtime(vals[0]);
-	}
-	if (mask & KADM5_LAST_FAILED) {
-	    vals = ldap_get_values(CTX2LP(context), m0, "badPasswordTime");
-	    if (vals)
-		entry->last_failed = nt2unixtime(vals[0]);
-	}
-	if (mask & KADM5_LAST_PWD_CHANGE) {
-	    vals = ldap_get_values(CTX2LP(context), m0, "pwdLastSet");
-	    if (vals)
-		entry->last_pwd_change = nt2unixtime(vals[0]);
-	}
-	if (mask & KADM5_FAIL_AUTH_COUNT) {
-	    vals = ldap_get_values(CTX2LP(context), m0, "badPwdCount");
-	    if (vals)
-		entry->fail_auth_count = atoi(vals[0]);
-	}
- 	if (mask & KADM5_ATTRIBUTES) {
-	    vals = ldap_get_values(CTX2LP(context), m0, "userAccountControl");
-	    if (vals) {
-		uint32_t i;
-		i = atoi(vals[0]);
-		if (i & (UF_ACCOUNTDISABLE|UF_LOCKOUT))
-		    entry->attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
-		if ((i & UF_DONT_REQUIRE_PREAUTH) == 0)
-		    entry->attributes |= KRB5_KDB_REQUIRES_PRE_AUTH;
-		if (i & UF_SMARTCARD_REQUIRED)
-		    entry->attributes |= KRB5_KDB_REQUIRES_HW_AUTH;
-		if ((i & UF_WORKSTATION_TRUST_ACCOUNT) == 0)
-		    entry->attributes |= KRB5_KDB_DISALLOW_SVR;
-	    }
-	}
-	if (mask & KADM5_KVNO) {
-	    vals = ldap_get_values(CTX2LP(context), m0, 
-				   "msDS-KeyVersionNumber");
-	    if (vals)
-		entry->kvno = atoi(vals[0]);
-	    else
-		entry->kvno = 0;
-	}
-	ldap_msgfree(m);
-    } else {
-	return KADM5_UNK_PRINC;
-    }
-
-    if (mask & KADM5_PRINCIPAL)
-	krb5_copy_principal(context->context, principal, &entry->principal);
-
-    return 0;
- fail:
-    return KADM5_RPC_ERROR;
-#else
-    krb5_set_error_string(context->context, "Function not implemented");
-    return KADM5_RPC_ERROR;
-#endif
-}
-
-static kadm5_ret_t
-kadm5_ad_get_principals(void *server_handle,
-			const char *expression,
-			char ***principals,
-			int *count)
-{
-    kadm5_ad_context *context = server_handle;
-
-    /*
-     * KADM5_PRINCIPAL | KADM5_KVNO | KADM5_ATTRIBUTES
-     */
-
-#ifdef OPENLDAP
-    kadm5_ret_t ret;
-
-    ret = ad_get_cred(context, NULL);
-    if (ret)
-	return ret;
-
-    ret = _kadm5_ad_connect(server_handle);
-    if (ret)
-	return ret;
-
-    krb5_set_error_string(context->context, "Function not implemented");
-    return KADM5_RPC_ERROR;
-#else
-    krb5_set_error_string(context->context, "Function not implemented");
-    return KADM5_RPC_ERROR;
-#endif
-}
-
-static kadm5_ret_t
-kadm5_ad_get_privs(void *server_handle, uint32_t*privs)
-{
-    kadm5_ad_context *context = server_handle;
-    krb5_set_error_string(context->context, "Function not implemented");
-    return KADM5_RPC_ERROR;
-}
-
-static kadm5_ret_t
-kadm5_ad_modify_principal(void *server_handle,
-			  kadm5_principal_ent_t entry,
-			  uint32_t mask)
-{
-    kadm5_ad_context *context = server_handle;
-
-    /* 
-     * KADM5_ATTRIBUTES
-     * KRB5_KDB_DISALLOW_ALL_TIX (| KADM5_KVNO)
-     */
-
-#ifdef OPENLDAP
-    LDAPMessage *m = NULL, *m0;
-    kadm5_ret_t ret;
-    char **attr = NULL;
-    int attrlen = 0;
-    char *p = NULL, *s = NULL, *q;
-    char **vals;
-    LDAPMod *attrs[4], rattrs[3], *a;
-    char *uaf[2] = { NULL, NULL };
-    char *kvno[2] = { NULL, NULL };
-    char *tv[2] = { NULL, NULL };
-    char *filter, *dn;
-    int i;
-
-    for (i = 0; i < sizeof(rattrs)/sizeof(rattrs[0]); i++)
-	attrs[i] = &rattrs[i];
-    attrs[i] = NULL;
-    a = &rattrs[0];
-
-    ret = _kadm5_ad_connect(server_handle);
-    if (ret)
-	return ret;
-
-    if (mask & KADM5_KVNO)
-	laddattr(&attr, &attrlen, "msDS-KeyVersionNumber");
-    if (mask & KADM5_PRINC_EXPIRE_TIME)
-	laddattr(&attr, &attrlen, "accountExpires");
-    if (mask & KADM5_ATTRIBUTES)
-	laddattr(&attr, &attrlen, "userAccountControl");
-    laddattr(&attr, &attrlen, "distinguishedName");
-
-    krb5_unparse_name(context->context, entry->principal, &p);
-
-    s = strdup(p);
-
-    q = strrchr(s, '@');
-    if (q && (p != q && *(q - 1) != '\\'))
-	*q = '\0';
-
-    asprintf(&filter, 
-	     "(|(userPrincipalName=%s)(servicePrincipalName=%s))",
-	     s, s);
-    free(p);
-    free(s);
-
-    ret = ldap_search_s(CTX2LP(context), CTX2BASE(context),
-			LDAP_SCOPE_SUBTREE, 
-			filter, attr, 0, &m);
-    free(attr);
-    free(filter);
-    if (check_ldap(context, ret))
-	return KADM5_RPC_ERROR;
-
-    if (ldap_count_entries(CTX2LP(context), m) <= 0) {
-	ret = KADM5_RPC_ERROR;
-	goto out;
-    }
-
-    m0 = ldap_first_entry(CTX2LP(context), m);
-
-    if (mask & KADM5_ATTRIBUTES) {
-	int32_t i;
-
-	vals = ldap_get_values(CTX2LP(context), m0, "userAccountControl");
-	if (vals == NULL) {
-	    ret = KADM5_RPC_ERROR;
-	    goto out;
-	}
-
-	i = atoi(vals[0]);
-	if (i == 0)
-	    return KADM5_RPC_ERROR;
-
-	if (entry->attributes & KRB5_KDB_DISALLOW_ALL_TIX)
-	    i |= (UF_ACCOUNTDISABLE|UF_LOCKOUT);
-	else
-	    i &= ~(UF_ACCOUNTDISABLE|UF_LOCKOUT);
-	if (entry->attributes & KRB5_KDB_REQUIRES_PRE_AUTH)
-	    i &= ~UF_DONT_REQUIRE_PREAUTH;
-	else
-	    i |= UF_DONT_REQUIRE_PREAUTH;
-	if (entry->attributes & KRB5_KDB_REQUIRES_HW_AUTH)
-	    i |= UF_SMARTCARD_REQUIRED;
-	else
-	    i &= UF_SMARTCARD_REQUIRED;
-	if (entry->attributes & KRB5_KDB_DISALLOW_SVR)
-	    i &= ~UF_WORKSTATION_TRUST_ACCOUNT;
-	else
-	    i |= UF_WORKSTATION_TRUST_ACCOUNT;
-
-	asprintf(&uaf[0], "%d", i);
-
-	a->mod_op = LDAP_MOD_REPLACE;
-	a->mod_type = "userAccountControl";
-	a->mod_values = uaf;
-	a++;
-    }
-
-    if (mask & KADM5_KVNO) {
-	vals = ldap_get_values(CTX2LP(context), m0, "msDS-KeyVersionNumber");
-	if (vals == NULL) {
-	    entry->kvno = 0;
-	} else {
-	    asprintf(&kvno[0], "%d", entry->kvno);
-
-	    a->mod_op = LDAP_MOD_REPLACE;
-	    a->mod_type = "msDS-KeyVersionNumber";
-	    a->mod_values = kvno;
-	    a++;
-	}
-    }
-
-    if (mask & KADM5_PRINC_EXPIRE_TIME) {
-	long long wt;
-	vals = ldap_get_values(CTX2LP(context), m0, "accountExpires");
-	if (vals == NULL) {
-	    ret = KADM5_RPC_ERROR;
-	    goto out;
-	}
-
-	wt = unix2nttime(entry->princ_expire_time);
-
-	asprintf(&tv[0], "%llu", wt);
-
-	a->mod_op = LDAP_MOD_REPLACE;
-	a->mod_type = "accountExpires";
-	a->mod_values = tv;
-	a++;
-    }
-    
-    vals = ldap_get_values(CTX2LP(context), m0, "distinguishedName");
-    if (vals == NULL) {
-	ret = KADM5_RPC_ERROR;
-	goto out;
-    }
-    dn = vals[0];
-
-    attrs[a - &rattrs[0]] = NULL;
-
-    ret = ldap_modify_s(CTX2LP(context), dn, attrs);
-    if (check_ldap(context, ret))
-	return KADM5_RPC_ERROR;
-
- out:
-    if (m)
-	ldap_msgfree(m);
-    if (uaf[0])
-	free(uaf[0]);
-    if (kvno[0])
-	free(kvno[0]);
-    if (tv[0])
-	free(tv[0]);
-    return ret;
-#else
-    krb5_set_error_string(context->context, "Function not implemented");
-    return KADM5_RPC_ERROR;
-#endif
-}
-
-static kadm5_ret_t
-kadm5_ad_randkey_principal(void *server_handle,
-			   krb5_principal principal,
-			   krb5_keyblock **keys,
-			   int *n_keys)
-{
-    kadm5_ad_context *context = server_handle;
-
-    /*
-     * random key
-     */
-
-#ifdef OPENLDAP
-    krb5_data result_code_string, result_string;
-    int result_code, plen;
-    kadm5_ret_t ret;
-    char *password;
-
-    *keys = NULL;
-    *n_keys = 0;
-
-    {
-	char p[64];
-	krb5_generate_random_block(p, sizeof(p));
-	plen = base64_encode(p, sizeof(p), &password);
-	if (plen < 0)
-	    return ENOMEM;
-    }
-
-    ret = ad_get_cred(context, NULL);
-    if (ret) {
-	free(password);
-	return ret;
-    }
-
-    krb5_data_zero (&result_code_string);
-    krb5_data_zero (&result_string);
-
-    ret = krb5_set_password_using_ccache (context->context, 
-					  context->ccache,
-					  password,
-					  principal,
-					  &result_code,
-					  &result_code_string,
-					  &result_string);
-
-    krb5_data_free (&result_code_string);
-    krb5_data_free (&result_string);
-
-    if (ret == 0) {
-
-	*keys = malloc(sizeof(**keys) * 1);
-	if (*keys == NULL) {
-	    ret = ENOMEM;
-	    goto out;
-	}
-	*n_keys = 1;
-
-	ret = krb5_string_to_key(context->context,
-				 ENCTYPE_ARCFOUR_HMAC_MD5,
-				 password,
-				 principal,
-				 &(*keys)[0]);
-	memset(password, 0, sizeof(password));
-	if (ret) {
-	    free(*keys);
-	    *keys = NULL;
-	    *n_keys = 0;
-	    goto out;
-	}
-    }
-    memset(password, 0, plen);
-    free(password);
- out:
-    return ret;
-#else
-    *keys = NULL;
-    *n_keys = 0;
-
-    krb5_set_error_string(context->context, "Function not implemented");
-    return KADM5_RPC_ERROR;
-#endif
-}
-
-static kadm5_ret_t
-kadm5_ad_rename_principal(void *server_handle,
-			  krb5_principal from,
-			  krb5_principal to)
-{
-    kadm5_ad_context *context = server_handle;
-    krb5_set_error_string(context->context, "Function not implemented");
-    return KADM5_RPC_ERROR;
-}
-
-static kadm5_ret_t
-kadm5_ad_chpass_principal_with_key(void *server_handle, 
-				   krb5_principal princ,
-				   int n_key_data,
-				   krb5_key_data *key_data)
-{
-    kadm5_ad_context *context = server_handle;
-    krb5_set_error_string(context->context, "Function not implemented");
-    return KADM5_RPC_ERROR;
-}
-
-static void
-set_funcs(kadm5_ad_context *c)
-{
-#define SET(C, F) (C)->funcs.F = kadm5_ad_ ## F
-    SET(c, chpass_principal);
-    SET(c, chpass_principal_with_key);
-    SET(c, create_principal);
-    SET(c, delete_principal);
-    SET(c, destroy);
-    SET(c, flush);
-    SET(c, get_principal);
-    SET(c, get_principals);
-    SET(c, get_privs);
-    SET(c, modify_principal);
-    SET(c, randkey_principal);
-    SET(c, rename_principal);
-}
-
-kadm5_ret_t 
-kadm5_ad_init_with_password_ctx(krb5_context context,
-				const char *client_name,
-				const char *password,
-				const char *service_name,
-				kadm5_config_params *realm_params,
-				unsigned long struct_version,
-				unsigned long api_version,
-				void **server_handle)
-{
-    kadm5_ret_t ret;
-    kadm5_ad_context *ctx;
-
-    ctx = malloc(sizeof(*ctx));
-    if(ctx == NULL)
-	return ENOMEM;
-    memset(ctx, 0, sizeof(*ctx));
-    set_funcs(ctx);
-
-    ctx->context = context;
-    krb5_add_et_list (context, initialize_kadm5_error_table_r);
-
-    ret = krb5_parse_name(ctx->context, client_name, &ctx->caller);
-    if(ret) {
-	free(ctx);
-	return ret;
-    }
-
-    if(realm_params->mask & KADM5_CONFIG_REALM) {
-	ret = 0;
-	ctx->realm = strdup(realm_params->realm);
-	if (ctx->realm == NULL)
-	    ret = ENOMEM;
-    } else
-	ret = krb5_get_default_realm(ctx->context, &ctx->realm);
-    if (ret) {
-	free(ctx);
-	return ret;
-    }
-
-    ctx->client_name = strdup(client_name);
-
-    if(password != NULL && *password != '\0')
-	ret = ad_get_cred(ctx, password);
-    else
-	ret = ad_get_cred(ctx, NULL);
-    if(ret) {
-	kadm5_ad_destroy(ctx);
-	return ret;
-    }
-
-#ifdef OPENLDAP
-    ret = _kadm5_ad_connect(ctx);
-    if (ret) {
-	kadm5_ad_destroy(ctx);
-	return ret;
-    }
-#endif
-
-    *server_handle = ctx;
-    return 0;
-}
-
-kadm5_ret_t 
-kadm5_ad_init_with_password(const char *client_name,
-			    const char *password,
-			    const char *service_name,
-			    kadm5_config_params *realm_params,
-			    unsigned long struct_version,
-			    unsigned long api_version,
-			    void **server_handle)
-{
-    krb5_context context;
-    kadm5_ret_t ret;
-    kadm5_ad_context *ctx;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	return ret;
-    ret = kadm5_ad_init_with_password_ctx(context, 
-					  client_name,
-					  password,
-					  service_name,
-					  realm_params,
-					  struct_version,
-					  api_version,
-					  server_handle);
-    if(ret) {
-	krb5_free_context(context);
-	return ret;
-    }
-    ctx = *server_handle;
-    ctx->my_context = 1;
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/admin.h b/crypto/heimdal/lib/kadm5/admin.h
deleted file mode 100644
index 30d68d823793..000000000000
--- a/crypto/heimdal/lib/kadm5/admin.h
+++ /dev/null
@@ -1,258 +0,0 @@
-/*
- * Copyright (c) 1997-2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-/* $Id: admin.h 20237 2007-02-16 23:54:34Z lha $ */
-
-#ifndef __KADM5_ADMIN_H__
-#define __KADM5_ADMIN_H__
-
-#define KADM5_API_VERSION_1 1
-#define KADM5_API_VERSION_2 2
-
-#ifndef USE_KADM5_API_VERSION
-#define USE_KADM5_API_VERSION KADM5_API_VERSION_2
-#endif
-
-#if USE_KADM5_API_VERSION != KADM5_API_VERSION_2
-#error No support for API versions other than 2
-#endif
-
-#define KADM5_STRUCT_VERSION 0
-
-#include <krb5.h>
-
-#define KRB5_KDB_DISALLOW_POSTDATED	0x00000001
-#define KRB5_KDB_DISALLOW_FORWARDABLE	0x00000002
-#define KRB5_KDB_DISALLOW_TGT_BASED	0x00000004
-#define KRB5_KDB_DISALLOW_RENEWABLE	0x00000008
-#define KRB5_KDB_DISALLOW_PROXIABLE	0x00000010
-#define KRB5_KDB_DISALLOW_DUP_SKEY	0x00000020
-#define KRB5_KDB_DISALLOW_ALL_TIX	0x00000040
-#define KRB5_KDB_REQUIRES_PRE_AUTH	0x00000080
-#define KRB5_KDB_REQUIRES_HW_AUTH	0x00000100
-#define KRB5_KDB_REQUIRES_PWCHANGE	0x00000200
-#define KRB5_KDB_DISALLOW_SVR		0x00001000
-#define KRB5_KDB_PWCHANGE_SERVICE	0x00002000
-#define KRB5_KDB_SUPPORT_DESMD5		0x00004000
-#define KRB5_KDB_NEW_PRINC		0x00008000
-#define KRB5_KDB_OK_AS_DELEGATE		0x00010000
-#define KRB5_KDB_TRUSTED_FOR_DELEGATION	0x00020000
-#define KRB5_KDB_ALLOW_KERBEROS4	0x00040000
-#define KRB5_KDB_ALLOW_DIGEST		0x00080000
-
-#define KADM5_PRINCIPAL		0x000001
-#define KADM5_PRINC_EXPIRE_TIME	0x000002
-#define KADM5_PW_EXPIRATION	0x000004
-#define KADM5_LAST_PWD_CHANGE	0x000008
-#define KADM5_ATTRIBUTES	0x000010
-#define KADM5_MAX_LIFE		0x000020
-#define KADM5_MOD_TIME		0x000040
-#define KADM5_MOD_NAME		0x000080
-#define KADM5_KVNO		0x000100
-#define KADM5_MKVNO		0x000200
-#define KADM5_AUX_ATTRIBUTES	0x000400
-#define KADM5_POLICY		0x000800
-#define KADM5_POLICY_CLR	0x001000
-#define KADM5_MAX_RLIFE		0x002000
-#define KADM5_LAST_SUCCESS	0x004000
-#define KADM5_LAST_FAILED	0x008000
-#define KADM5_FAIL_AUTH_COUNT	0x010000
-#define KADM5_KEY_DATA		0x020000
-#define KADM5_TL_DATA		0x040000
-
-#define KADM5_PRINCIPAL_NORMAL_MASK (~(KADM5_KEY_DATA | KADM5_TL_DATA))
-
-#define KADM5_PW_MAX_LIFE 	0x004000
-#define KADM5_PW_MIN_LIFE	0x008000
-#define KADM5_PW_MIN_LENGTH 	0x010000
-#define KADM5_PW_MIN_CLASSES	0x020000
-#define KADM5_PW_HISTORY_NUM	0x040000
-#define KADM5_REF_COUNT		0x080000
-
-#define KADM5_POLICY_NORMAL_MASK (~0)
-
-#define KADM5_ADMIN_SERVICE	"kadmin/admin"
-#define KADM5_HIST_PRINCIPAL	"kadmin/history"
-#define KADM5_CHANGEPW_SERVICE	"kadmin/changepw"
-
-typedef struct _krb5_key_data {
-    int16_t key_data_ver;	/* Version */
-    int16_t key_data_kvno;	/* Key Version */
-    int16_t key_data_type[2];	/* Array of types */
-    int16_t key_data_length[2];	/* Array of lengths */
-    void*   key_data_contents[2];/* Array of pointers */
-} krb5_key_data;
-
-typedef struct _krb5_tl_data {
-    struct _krb5_tl_data* tl_data_next;
-    int16_t tl_data_type;         
-    int16_t tl_data_length;       
-    void*   tl_data_contents;     
-} krb5_tl_data;
-
-#define KRB5_TL_LAST_PWD_CHANGE		0x0001
-#define KRB5_TL_MOD_PRINC		0x0002
-#define KRB5_TL_KADM_DATA		0x0003
-#define KRB5_TL_KADM5_E_DATA		0x0004
-#define KRB5_TL_RB1_CHALLENGE		0x0005
-#define KRB5_TL_SECURID_STATE           0x0006
-#define KRB5_TL_PASSWORD           	0x0007
-#define KRB5_TL_EXTENSION           	0x0008
-#define KRB5_TL_PKINIT_ACL           	0x0009
-#define KRB5_TL_ALIASES           	0x000a
-
-typedef struct _kadm5_principal_ent_t {
-    krb5_principal principal;
-
-    krb5_timestamp princ_expire_time;
-    krb5_timestamp last_pwd_change;
-    krb5_timestamp pw_expiration;
-    krb5_deltat max_life;
-    krb5_principal mod_name;
-    krb5_timestamp mod_date;
-    krb5_flags attributes;
-    krb5_kvno kvno;
-    krb5_kvno mkvno;
-
-    char * policy;
-    uint32_t aux_attributes;
-
-    krb5_deltat max_renewable_life;
-    krb5_timestamp last_success;
-    krb5_timestamp last_failed;
-    krb5_kvno fail_auth_count;
-    int16_t n_key_data;
-    int16_t n_tl_data;
-    krb5_tl_data *tl_data;
-    krb5_key_data *key_data;
-} kadm5_principal_ent_rec, *kadm5_principal_ent_t;
-
-typedef struct _kadm5_policy_ent_t {
-    char *policy;
-
-    uint32_t pw_min_life;
-    uint32_t pw_max_life;
-    uint32_t pw_min_length;
-    uint32_t pw_min_classes;
-    uint32_t pw_history_num;
-    uint32_t policy_refcnt;
-} kadm5_policy_ent_rec, *kadm5_policy_ent_t;
-
-#define KADM5_CONFIG_REALM			(1 << 0)
-#define KADM5_CONFIG_PROFILE			(1 << 1)
-#define KADM5_CONFIG_KADMIND_PORT		(1 << 2)
-#define KADM5_CONFIG_ADMIN_SERVER		(1 << 3)
-#define KADM5_CONFIG_DBNAME			(1 << 4)
-#define KADM5_CONFIG_ADBNAME			(1 << 5)
-#define KADM5_CONFIG_ADB_LOCKFILE		(1 << 6)
-#define KADM5_CONFIG_ACL_FILE			(1 << 7)
-#define KADM5_CONFIG_DICT_FILE			(1 << 8)
-#define KADM5_CONFIG_ADMIN_KEYTAB		(1 << 9)
-#define KADM5_CONFIG_MKEY_FROM_KEYBOARD		(1 << 10)
-#define KADM5_CONFIG_STASH_FILE			(1 << 11)
-#define KADM5_CONFIG_MKEY_NAME			(1 << 12)
-#define KADM5_CONFIG_ENCTYPE			(1 << 13)
-#define KADM5_CONFIG_MAX_LIFE			(1 << 14)
-#define KADM5_CONFIG_MAX_RLIFE			(1 << 15)
-#define KADM5_CONFIG_EXPIRATION			(1 << 16)
-#define KADM5_CONFIG_FLAGS			(1 << 17)
-#define KADM5_CONFIG_ENCTYPES			(1 << 18)
-
-#define KADM5_PRIV_GET		(1 << 0)
-#define KADM5_PRIV_ADD 		(1 << 1)
-#define KADM5_PRIV_MODIFY	(1 << 2)
-#define KADM5_PRIV_DELETE	(1 << 3)
-#define KADM5_PRIV_LIST		(1 << 4)
-#define KADM5_PRIV_CPW		(1 << 5)
-#define KADM5_PRIV_ALL		(KADM5_PRIV_GET | KADM5_PRIV_ADD | KADM5_PRIV_MODIFY | KADM5_PRIV_DELETE | KADM5_PRIV_LIST | KADM5_PRIV_CPW)
-
-typedef struct {
-    int XXX;
-}krb5_key_salt_tuple;
-
-typedef struct _kadm5_config_params {
-    uint32_t mask;
-
-    /* Client and server fields */
-    char *realm;
-    int kadmind_port;
-
-    /* client fields */
-    char *admin_server;
-
-    /* server fields */
-    char *dbname;
-    char *acl_file;
-
-    /* server library (database) fields */
-    char *stash_file;
-} kadm5_config_params;
-
-typedef krb5_error_code kadm5_ret_t;
-
-#include "kadm5-protos.h"
-
-#if 0
-/* unimplemented functions */
-kadm5_ret_t 
-kadm5_decrypt_key(void *server_handle,
-		  kadm5_principal_ent_t entry, int32_t
-		  ktype, int32_t stype, int32_t
-		  kvno, krb5_keyblock *keyblock,
-		  krb5_keysalt *keysalt, int *kvnop);
-
-kadm5_ret_t
-kadm5_create_policy(void *server_handle,
-		    kadm5_policy_ent_t policy, uint32_t mask); 
-
-kadm5_ret_t
-kadm5_delete_policy(void *server_handle, char *policy);
-
-
-kadm5_ret_t
-kadm5_modify_policy(void *server_handle,
-		    kadm5_policy_ent_t policy, 
-		    uint32_t mask);
-
-kadm5_ret_t
-kadm5_get_policy(void *server_handle, char *policy, kadm5_policy_ent_t ent); 
-
-kadm5_ret_t
-kadm5_get_policies(void *server_handle, char *exp,
-		   char ***pols, int *count);
-
-void 
-kadm5_free_policy_ent(kadm5_policy_ent_t policy);
-
-#endif
-
-#endif /* __KADM5_ADMIN_H__ */
diff --git a/crypto/heimdal/lib/kadm5/bump_pw_expire.c b/crypto/heimdal/lib/kadm5/bump_pw_expire.c
deleted file mode 100644
index 17bd5e103cef..000000000000
--- a/crypto/heimdal/lib/kadm5/bump_pw_expire.c
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Copyright (c) 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: bump_pw_expire.c 8797 2000-07-24 03:47:54Z assar $");
-
-/*
- * extend password_expiration if it's defined
- */
-
-kadm5_ret_t
-_kadm5_bump_pw_expire(kadm5_server_context *context,
-		      hdb_entry *ent)
-{
-    if (ent->pw_end != NULL) {
-	time_t life;
-
-	life = krb5_config_get_time_default(context->context,
-					    NULL,
-					    365 * 24 * 60 * 60,
-					    "kadmin",
-					    "password_lifetime",
-					    NULL);
-
-	*(ent->pw_end) = time(NULL) + life;
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/check-cracklib.pl b/crypto/heimdal/lib/kadm5/check-cracklib.pl
deleted file mode 100755
index 229cc7f0a9be..000000000000
--- a/crypto/heimdal/lib/kadm5/check-cracklib.pl
+++ /dev/null
@@ -1,106 +0,0 @@
-#!/usr/pkg/bin/perl
-#
-# Sample password verifier for Heimdals external password
-# verifier, see the chapter "Password changing" in the the info
-# documentation for more information about the protocol used.
-#
-# Three checks
-#  1. Check that password is not the principal name
-#  2. Check that the password passes cracklib
-#  3. Check that password isn't repeated for this principal
-#
-# The repeat check must be last because some clients ask
-# twice when getting "no" back and thus the error message
-# would be wrong.
-#
-# Prereqs (example versions): 
-#
-# * perl (5.8.5) http://www.perl.org/
-# * cracklib (2.8.5) http://sourceforge.net/projects/cracklib
-# * Crypt-Cracklib perlmodule (0.01) http://search.cpan.org/~daniel/
-#
-# Sample dictionaries:
-#     cracklib-words (1.1) http://sourceforge.net/projects/cracklib
-#     miscfiles (1.4.2) http://directory.fsf.org/miscfiles.html
-#
-# Configuration for krb5.conf or kdc.conf
-#
-#   [password_quality]
-#     	policies = builtin:external-check
-#     	external_program = <your-path>/check-cracklib.pl
-#
-# $Id: check-cracklib.pl 20578 2007-05-07 22:21:51Z lha $
-
-use strict;
-use Crypt::Cracklib;
-use Digest::MD5;
-
-# NEED TO CHANGE THESE TO MATCH YOUR SYSTEM
-my $database = '/usr/lib/cracklib_dict';
-my $historydb = '/var/heimdal/historydb';
-# NEED TO CHANGE THESE TO MATCH YOUR SYSTEM
-
-my %params;
-
-sub check_basic
-{
-    my $principal = shift;
-    my $passwd = shift;
-
-    if ($principal eq $passwd) {
-	return "Principal name as password is not allowed";
-    }
-    return "ok";
-}
-
-sub check_repeat
-{
-    my $principal = shift;
-    my $passwd = shift;
-    my $result  = 'Do not reuse passwords';
-    my %DB;
-    my $md5context = new Digest::MD5;
-
-    $md5context->reset();
-    $md5context->add($principal, ":", $passwd);
-
-    my $key=$md5context->hexdigest();
-
-    dbmopen(%DB,$historydb,0600) or die "Internal: Could not open $historydb";
-    $result = "ok" if (!$DB{$key});
-    $DB{$key}=scalar(time());
-    dbmclose(%DB) or die "Internal: Could not close $historydb";
-    return $result;
-}
-
-sub badpassword
-{
-    my $reason = shift;
-    print "$reason\n";
-    exit 0
-}
-
-while (<>) {
-    last if /^end$/;
-    if (!/^([^:]+): (.+)$/) {
-	die "key value pair not correct: $_";
-    }
-    $params{$1} = $2;
-}
-
-die "missing principal" if (!defined $params{'principal'});
-die "missing password" if (!defined $params{'new-password'});
-
-my $reason;
-
-$reason = check_basic($params{'principal'}, $params{'new-password'});
-badpassword($reason) if ($reason ne "ok");
-
-$reason = fascist_check($params{'new-password'}, $database);
-badpassword($reason) if ($reason ne "ok");
-
-$reason = check_repeat($params{'principal'}, $params{'new-password'});
-badpassword($reason) if ($reason ne "ok");
-
-print "APPROVED\n";
-exit 0
diff --git a/crypto/heimdal/lib/kadm5/chpass_c.c b/crypto/heimdal/lib/kadm5/chpass_c.c
deleted file mode 100644
index 5319ce9045b2..000000000000
--- a/crypto/heimdal/lib/kadm5/chpass_c.c
+++ /dev/null
@@ -1,124 +0,0 @@
-/*
- * Copyright (c) 1997-2000, 2005-2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: chpass_c.c 16661 2006-01-25 12:50:10Z lha $");
-
-kadm5_ret_t
-kadm5_c_chpass_principal(void *server_handle, 
-			 krb5_principal princ,
-			 const char *password)
-{
-    kadm5_client_context *context = server_handle;
-    kadm5_ret_t ret;
-    krb5_storage *sp;
-    unsigned char buf[1024];
-    int32_t tmp;
-    krb5_data reply;
-
-    ret = _kadm5_connect(server_handle);
-    if(ret)
-	return ret;
-
-    sp = krb5_storage_from_mem(buf, sizeof(buf));
-    if (sp == NULL) {
-	krb5_clear_error_string(context->context);
-	return ENOMEM;
-    }
-    krb5_store_int32(sp, kadm_chpass);
-    krb5_store_principal(sp, princ);
-    krb5_store_string(sp, password);
-    ret = _kadm5_client_send(context, sp);
-    krb5_storage_free(sp);
-    ret = _kadm5_client_recv(context, &reply);
-    if(ret)
-	return ret;
-    sp = krb5_storage_from_data (&reply);
-    if (sp == NULL) {
-	krb5_clear_error_string(context->context);
-	krb5_data_free (&reply);
-	return ENOMEM;
-    }
-    krb5_ret_int32(sp, &tmp);
-    krb5_clear_error_string(context->context);
-    krb5_storage_free(sp);
-    krb5_data_free (&reply);
-    return tmp;
-}
-
-kadm5_ret_t
-kadm5_c_chpass_principal_with_key(void *server_handle, 
-				  krb5_principal princ,
-				  int n_key_data,
-				  krb5_key_data *key_data)
-{
-    kadm5_client_context *context = server_handle;
-    kadm5_ret_t ret;
-    krb5_storage *sp;
-    unsigned char buf[1024];
-    int32_t tmp;
-    krb5_data reply;
-    int i;
-
-    ret = _kadm5_connect(server_handle);
-    if(ret)
-	return ret;
-
-    sp = krb5_storage_from_mem(buf, sizeof(buf));
-    if (sp == NULL) {
-	krb5_clear_error_string(context->context);
-	return ENOMEM;
-    }
-    krb5_store_int32(sp, kadm_chpass_with_key);
-    krb5_store_principal(sp, princ);
-    krb5_store_int32(sp, n_key_data);
-    for (i = 0; i < n_key_data; ++i)
-	kadm5_store_key_data (sp, &key_data[i]);
-    ret = _kadm5_client_send(context, sp);
-    krb5_storage_free(sp);
-    ret = _kadm5_client_recv(context, &reply);
-    if(ret)
-	return ret;
-    sp = krb5_storage_from_data (&reply);
-    if (sp == NULL) {
-	krb5_clear_error_string(context->context);
-	krb5_data_free (&reply);
-	return ENOMEM;
-    }
-    krb5_ret_int32(sp, &tmp);
-    krb5_clear_error_string(context->context);
-    krb5_storage_free(sp);
-    krb5_data_free (&reply);
-    return tmp;
-}
diff --git a/crypto/heimdal/lib/kadm5/chpass_s.c b/crypto/heimdal/lib/kadm5/chpass_s.c
deleted file mode 100644
index abef28c25508..000000000000
--- a/crypto/heimdal/lib/kadm5/chpass_s.c
+++ /dev/null
@@ -1,192 +0,0 @@
-/*
- * Copyright (c) 1997-2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: chpass_s.c 20608 2007-05-08 07:11:48Z lha $");
-
-static kadm5_ret_t
-change(void *server_handle, 
-       krb5_principal princ,
-       const char *password,
-       int cond)
-{
-    kadm5_server_context *context = server_handle;
-    hdb_entry_ex ent;
-    kadm5_ret_t ret;
-    Key *keys;
-    size_t num_keys;
-    int cmp = 1;
-
-    memset(&ent, 0, sizeof(ent));
-    ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
-    if(ret)
-	return ret;
-    ret = context->db->hdb_fetch(context->context, context->db, princ,
-				 HDB_F_DECRYPT|HDB_F_GET_ANY, &ent);
-    if(ret == HDB_ERR_NOENTRY)
-	goto out;
-
-    num_keys = ent.entry.keys.len;
-    keys     = ent.entry.keys.val;
-
-    ent.entry.keys.len = 0;
-    ent.entry.keys.val = NULL;
-
-    ret = _kadm5_set_keys(context, &ent.entry, password);
-    if(ret) {
-	_kadm5_free_keys (context->context, num_keys, keys);
-	goto out2;
-    }
-    ent.entry.kvno++;
-    if (cond)
-	cmp = _kadm5_cmp_keys (ent.entry.keys.val, ent.entry.keys.len,
-			       keys, num_keys);
-    _kadm5_free_keys (context->context, num_keys, keys);
-
-    if (cmp == 0) {
-	krb5_set_error_string(context->context, "Password reuse forbidden");
-	ret = KADM5_PASS_REUSE;
-	goto out2;
-    }
-
-    ret = _kadm5_set_modifier(context, &ent.entry);
-    if(ret)
-	goto out2;
-
-    ret = _kadm5_bump_pw_expire(context, &ent.entry);
-    if (ret)
-	goto out2;
-
-    ret = hdb_seal_keys(context->context, context->db, &ent.entry);
-    if (ret)
-	goto out2;
-
-    ret = context->db->hdb_store(context->context, context->db, 
-				 HDB_F_REPLACE, &ent);
-    if (ret)
-	goto out2;
-
-    kadm5_log_modify (context,
-		      &ent.entry,
-		      KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME |
-		      KADM5_KEY_DATA | KADM5_KVNO | KADM5_PW_EXPIRATION |
-		      KADM5_TL_DATA);
-
-out2:
-    hdb_free_entry(context->context, &ent);
-out:
-    context->db->hdb_close(context->context, context->db);
-    return _kadm5_error_code(ret);
-}
-
-
-
-/*
- * change the password of `princ' to `password' if it's not already that.
- */
-
-kadm5_ret_t
-kadm5_s_chpass_principal_cond(void *server_handle, 
-			      krb5_principal princ,
-			      const char *password)
-{
-    return change (server_handle, princ, password, 1);
-}
-
-/*
- * change the password of `princ' to `password'
- */
-
-kadm5_ret_t
-kadm5_s_chpass_principal(void *server_handle, 
-			 krb5_principal princ,
-			 const char *password)
-{
-    return change (server_handle, princ, password, 0);
-}
-
-/*
- * change keys for `princ' to `keys'
- */
-
-kadm5_ret_t
-kadm5_s_chpass_principal_with_key(void *server_handle, 
-				  krb5_principal princ,
-				  int n_key_data,
-				  krb5_key_data *key_data)
-{
-    kadm5_server_context *context = server_handle;
-    hdb_entry_ex ent;
-    kadm5_ret_t ret;
-
-    memset(&ent, 0, sizeof(ent));
-    ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
-    if(ret)
-	return ret;
-    ret = context->db->hdb_fetch(context->context, context->db, princ, 
-				 HDB_F_GET_ANY, &ent);
-    if(ret == HDB_ERR_NOENTRY)
-	goto out;
-    ret = _kadm5_set_keys2(context, &ent.entry, n_key_data, key_data);
-    if(ret)
-	goto out2;
-    ent.entry.kvno++;
-    ret = _kadm5_set_modifier(context, &ent.entry);
-    if(ret)
-	goto out2;
-    ret = _kadm5_bump_pw_expire(context, &ent.entry);
-    if (ret)
-	goto out2;
-
-    ret = hdb_seal_keys(context->context, context->db, &ent.entry);
-    if (ret)
-	goto out2;
-
-    ret = context->db->hdb_store(context->context, context->db, 
-				 HDB_F_REPLACE, &ent);
-    if (ret)
-	goto out2;
-
-    kadm5_log_modify (context,
-		      &ent.entry,
-		      KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME |
-		      KADM5_KEY_DATA | KADM5_KVNO | KADM5_PW_EXPIRATION |
-		      KADM5_TL_DATA);
-
-out2:
-    hdb_free_entry(context->context, &ent);
-out:
-    context->db->hdb_close(context->context, context->db);
-    return _kadm5_error_code(ret);
-}
diff --git a/crypto/heimdal/lib/kadm5/client_glue.c b/crypto/heimdal/lib/kadm5/client_glue.c
deleted file mode 100644
index 24d91b3f0d6b..000000000000
--- a/crypto/heimdal/lib/kadm5/client_glue.c
+++ /dev/null
@@ -1,150 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: client_glue.c 7464 1999-12-02 17:05:13Z joda $");
-
-kadm5_ret_t
-kadm5_init_with_password(const char *client_name,
-			 const char *password,
-			 const char *service_name,
-			 kadm5_config_params *realm_params,
-			 unsigned long struct_version,
-			 unsigned long api_version,
-			 void **server_handle)
-{
-    return kadm5_c_init_with_password(client_name,
-				      password,
-				      service_name,
-				      realm_params,
-				      struct_version,
-				      api_version,
-				      server_handle);
-}
-
-kadm5_ret_t
-kadm5_init_with_password_ctx(krb5_context context,
-			     const char *client_name,
-			     const char *password,
-			     const char *service_name,
-			     kadm5_config_params *realm_params,
-			     unsigned long struct_version,
-			     unsigned long api_version,
-			     void **server_handle)
-{
-    return kadm5_c_init_with_password_ctx(context,
-					  client_name,
-					  password,
-					  service_name,
-					  realm_params,
-					  struct_version,
-					  api_version,
-					  server_handle);
-}
-
-kadm5_ret_t
-kadm5_init_with_skey(const char *client_name,
-		     const char *keytab,
-		     const char *service_name,
-		     kadm5_config_params *realm_params,
-		     unsigned long struct_version,
-		     unsigned long api_version,
-		     void **server_handle)
-{
-    return kadm5_c_init_with_skey(client_name,
-				  keytab,
-				  service_name,
-				  realm_params,
-				  struct_version,
-				  api_version,
-				  server_handle);
-}
-
-kadm5_ret_t
-kadm5_init_with_skey_ctx(krb5_context context,
-			 const char *client_name,
-			 const char *keytab,
-			 const char *service_name,
-			 kadm5_config_params *realm_params,
-			 unsigned long struct_version,
-			 unsigned long api_version,
-			 void **server_handle)
-{
-    return kadm5_c_init_with_skey_ctx(context,
-				      client_name,
-				      keytab,
-				      service_name,
-				      realm_params,
-				      struct_version,
-				      api_version,
-				      server_handle);
-}
-
-kadm5_ret_t
-kadm5_init_with_creds(const char *client_name,
-		      krb5_ccache ccache,
-		      const char *service_name,
-		      kadm5_config_params *realm_params,
-		      unsigned long struct_version,
-		      unsigned long api_version,
-		      void **server_handle)
-{
-    return kadm5_c_init_with_creds(client_name,
-				   ccache,
-				   service_name,
-				   realm_params,
-				   struct_version,
-				   api_version,
-				   server_handle);
-}
-
-kadm5_ret_t
-kadm5_init_with_creds_ctx(krb5_context context,
-			  const char *client_name,
-			  krb5_ccache ccache,
-			  const char *service_name,
-			  kadm5_config_params *realm_params,
-			  unsigned long struct_version,
-			  unsigned long api_version,
-			  void **server_handle)
-{
-    return kadm5_c_init_with_creds_ctx(context,
-				       client_name,
-				       ccache,
-				       service_name,
-				       realm_params,
-				       struct_version,
-				       api_version,
-				       server_handle);
-}
diff --git a/crypto/heimdal/lib/kadm5/common_glue.c b/crypto/heimdal/lib/kadm5/common_glue.c
deleted file mode 100644
index 48d9d845c0a4..000000000000
--- a/crypto/heimdal/lib/kadm5/common_glue.c
+++ /dev/null
@@ -1,134 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: common_glue.c 17445 2006-05-05 10:37:46Z lha $");
-
-#define __CALL(F, P) (*((kadm5_common_context*)server_handle)->funcs.F)P;
-
-kadm5_ret_t
-kadm5_chpass_principal(void *server_handle,
-		       krb5_principal princ,
-		       const char *password)
-{
-    return __CALL(chpass_principal, (server_handle, princ, password));
-}
-
-kadm5_ret_t
-kadm5_chpass_principal_with_key(void *server_handle,
-				krb5_principal princ,
-				int n_key_data,
-				krb5_key_data *key_data)
-{
-    return __CALL(chpass_principal_with_key,
-		  (server_handle, princ, n_key_data, key_data));
-}
-
-kadm5_ret_t
-kadm5_create_principal(void *server_handle,
-		       kadm5_principal_ent_t princ,
-		       uint32_t mask,
-		       const char *password)
-{
-    return __CALL(create_principal, (server_handle, princ, mask, password));
-}
-
-kadm5_ret_t
-kadm5_delete_principal(void *server_handle,
-		       krb5_principal princ)
-{
-    return __CALL(delete_principal, (server_handle, princ));
-}
-
-kadm5_ret_t
-kadm5_destroy (void *server_handle)
-{
-    return __CALL(destroy, (server_handle));
-}
-
-kadm5_ret_t
-kadm5_flush (void *server_handle)
-{
-    return __CALL(flush, (server_handle));
-}
-
-kadm5_ret_t
-kadm5_get_principal(void *server_handle,
-		    krb5_principal princ,
-		    kadm5_principal_ent_t out,
-		    uint32_t mask)
-{
-    return __CALL(get_principal, (server_handle, princ, out, mask));
-}
-
-kadm5_ret_t
-kadm5_modify_principal(void *server_handle,
-		       kadm5_principal_ent_t princ,
-		       uint32_t mask)
-{
-    return __CALL(modify_principal, (server_handle, princ, mask));
-}
-
-kadm5_ret_t
-kadm5_randkey_principal(void *server_handle,
-			krb5_principal princ,
-			krb5_keyblock **new_keys,
-			int *n_keys)
-{
-    return __CALL(randkey_principal, (server_handle, princ, new_keys, n_keys));
-}
-
-kadm5_ret_t
-kadm5_rename_principal(void *server_handle,
-		       krb5_principal source,
-		       krb5_principal target)
-{
-    return __CALL(rename_principal, (server_handle, source, target));
-}
-
-kadm5_ret_t
-kadm5_get_principals(void *server_handle,
-		     const char *expression,
-		     char ***princs,
-		     int *count)
-{
-    return __CALL(get_principals, (server_handle, expression, princs, count));
-}
-
-kadm5_ret_t
-kadm5_get_privs(void *server_handle,
-		uint32_t *privs)
-{
-    return __CALL(get_privs, (server_handle, privs));
-}
diff --git a/crypto/heimdal/lib/kadm5/context_s.c b/crypto/heimdal/lib/kadm5/context_s.c
deleted file mode 100644
index 6ac7a9cf2d1e..000000000000
--- a/crypto/heimdal/lib/kadm5/context_s.c
+++ /dev/null
@@ -1,174 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: context_s.c 22211 2007-12-07 19:27:27Z lha $");
-
-static void
-set_funcs(kadm5_server_context *c)
-{
-#define SET(C, F) (C)->funcs.F = kadm5_s_ ## F
-    SET(c, chpass_principal);
-    SET(c, chpass_principal_with_key);
-    SET(c, create_principal);
-    SET(c, delete_principal);
-    SET(c, destroy);
-    SET(c, flush);
-    SET(c, get_principal);
-    SET(c, get_principals);
-    SET(c, get_privs);
-    SET(c, modify_principal);
-    SET(c, randkey_principal);
-    SET(c, rename_principal);
-}
-
-static void
-set_socket_name(krb5_context context, struct sockaddr_un *un)
-{
-    const char *fn = kadm5_log_signal_socket(context);
-
-    memset(un, 0, sizeof(*un));
-    un->sun_family = AF_UNIX;
-    strlcpy (un->sun_path, fn, sizeof(un->sun_path));
-}
-
-static kadm5_ret_t
-find_db_spec(kadm5_server_context *ctx)
-{
-    krb5_context context = ctx->context;
-    struct hdb_dbinfo *info, *d;
-    krb5_error_code ret;
-
-    if (ctx->config.realm) {
-	/* fetch the databases */
-	ret = hdb_get_dbinfo(context, &info);
-	if (ret)
-	    return ret;
-	
-	d = NULL;
-	while ((d = hdb_dbinfo_get_next(info, d)) != NULL) {
-	    const char *p = hdb_dbinfo_get_realm(context, d);
-	    
-	    /* match default (realm-less) */
-	    if(p != NULL && strcmp(ctx->config.realm, p) != 0)
-		continue;
-	    
-	    p = hdb_dbinfo_get_dbname(context, d);
-	    if (p)
-		ctx->config.dbname = strdup(p);
-	    
-	    p = hdb_dbinfo_get_acl_file(context, d);
-	    if (p)
-		ctx->config.acl_file = strdup(p);
-	    
-	    p = hdb_dbinfo_get_mkey_file(context, d);
-	    if (p)
-		ctx->config.stash_file = strdup(p);
-	    
-	    p = hdb_dbinfo_get_log_file(context, d);
-	    if (p)
-		ctx->log_context.log_file = strdup(p);
-	    break;
-	}
-	hdb_free_dbinfo(context, &info);
-    }
-
-    /* If any of the values was unset, pick up the default value */
-
-    if (ctx->config.dbname == NULL)
-	ctx->config.dbname = strdup(hdb_default_db(context));
-    if (ctx->config.acl_file == NULL)
-	asprintf(&ctx->config.acl_file, "%s/kadmind.acl", hdb_db_dir(context));
-    if (ctx->config.stash_file == NULL)
-	asprintf(&ctx->config.stash_file, "%s/m-key", hdb_db_dir(context));
-    if (ctx->log_context.log_file == NULL)
-	asprintf(&ctx->log_context.log_file, "%s/log", hdb_db_dir(context));
-
-    set_socket_name(context, &ctx->log_context.socket_name);
-
-    return 0;
-}
-
-kadm5_ret_t
-_kadm5_s_init_context(kadm5_server_context **ctx, 
-		      kadm5_config_params *params,
-		      krb5_context context)
-{
-    *ctx = malloc(sizeof(**ctx));
-    if(*ctx == NULL)
-	return ENOMEM;
-    memset(*ctx, 0, sizeof(**ctx));
-    set_funcs(*ctx);
-    (*ctx)->context = context;
-    krb5_add_et_list (context, initialize_kadm5_error_table_r);
-#define is_set(M) (params && params->mask & KADM5_CONFIG_ ## M)
-    if(is_set(REALM))
-	(*ctx)->config.realm = strdup(params->realm);
-    else
-	krb5_get_default_realm(context, &(*ctx)->config.realm);
-    if(is_set(DBNAME))
-	(*ctx)->config.dbname = strdup(params->dbname);
-    if(is_set(ACL_FILE))
-	(*ctx)->config.acl_file = strdup(params->acl_file);
-    if(is_set(STASH_FILE))
-	(*ctx)->config.stash_file = strdup(params->stash_file);
-    
-    find_db_spec(*ctx);
-    
-    /* PROFILE can't be specified for now */
-    /* KADMIND_PORT is supposed to be used on the server also, 
-       but this doesn't make sense */
-    /* ADMIN_SERVER is client only */
-    /* ADNAME is not used at all (as far as I can tell) */
-    /* ADB_LOCKFILE ditto */
-    /* DICT_FILE */
-    /* ADMIN_KEYTAB */
-    /* MKEY_FROM_KEYBOARD is not supported */
-    /* MKEY_NAME neither */
-    /* ENCTYPE */
-    /* MAX_LIFE */
-    /* MAX_RLIFE */
-    /* EXPIRATION */
-    /* FLAGS */
-    /* ENCTYPES */
-
-    return 0;
-}
-
-HDB *
-_kadm5_s_get_db(void *server_handle)
-{
-    kadm5_server_context *context = server_handle;
-    return context->db;
-}
diff --git a/crypto/heimdal/lib/kadm5/create_c.c b/crypto/heimdal/lib/kadm5/create_c.c
deleted file mode 100644
index 903a06af486f..000000000000
--- a/crypto/heimdal/lib/kadm5/create_c.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * Copyright (c) 1997-2000, 2005-2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: create_c.c 17445 2006-05-05 10:37:46Z lha $");
-
-kadm5_ret_t
-kadm5_c_create_principal(void *server_handle,
-			 kadm5_principal_ent_t princ, 
-			 uint32_t mask,
-			 const char *password)
-{
-    kadm5_client_context *context = server_handle;
-    kadm5_ret_t ret;
-    krb5_storage *sp;
-    unsigned char buf[1024];
-    int32_t tmp;
-    krb5_data reply;
-
-    ret = _kadm5_connect(server_handle);
-    if(ret)
-	return ret;
-
-    sp = krb5_storage_from_mem(buf, sizeof(buf));
-    if (sp == NULL) {
-	krb5_clear_error_string(context->context);
-	return ENOMEM;
-    }
-    krb5_store_int32(sp, kadm_create);
-    kadm5_store_principal_ent(sp, princ);
-    krb5_store_int32(sp, mask);
-    krb5_store_string(sp, password);
-    ret = _kadm5_client_send(context, sp);
-    krb5_storage_free(sp);
-    ret = _kadm5_client_recv(context, &reply);
-    if(ret)
-	return ret;
-    sp = krb5_storage_from_data (&reply);
-    if (sp == NULL) {
-	krb5_clear_error_string(context->context);
-	krb5_data_free (&reply);
-	return ENOMEM;
-    }
-    krb5_ret_int32(sp, &tmp);
-    krb5_clear_error_string(context->context);
-    krb5_storage_free(sp);
-    krb5_data_free (&reply);
-    return tmp;
-}
-
diff --git a/crypto/heimdal/lib/kadm5/create_s.c b/crypto/heimdal/lib/kadm5/create_s.c
deleted file mode 100644
index 9465310cb586..000000000000
--- a/crypto/heimdal/lib/kadm5/create_s.c
+++ /dev/null
@@ -1,193 +0,0 @@
-/*
- * Copyright (c) 1997-2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: create_s.c 20607 2007-05-08 07:11:11Z lha $");
-
-static kadm5_ret_t
-get_default(kadm5_server_context *context, krb5_principal princ, 
-	    kadm5_principal_ent_t def)
-{
-    kadm5_ret_t ret;
-    krb5_principal def_principal;
-    krb5_realm *realm = krb5_princ_realm(context->context, princ);
-
-    ret = krb5_make_principal(context->context, &def_principal, 
-			      *realm, "default", NULL);
-    if (ret)
-	return ret;
-    ret = kadm5_s_get_principal(context, def_principal, def, 
-				KADM5_PRINCIPAL_NORMAL_MASK);
-    krb5_free_principal (context->context, def_principal);
-    return ret;
-}
-
-static kadm5_ret_t
-create_principal(kadm5_server_context *context,
-		 kadm5_principal_ent_t princ,
-		 uint32_t mask,
-		 hdb_entry_ex *ent,
-		 uint32_t required_mask,
-		 uint32_t forbidden_mask)
-{
-    kadm5_ret_t ret;
-    kadm5_principal_ent_rec defrec, *defent;
-    uint32_t def_mask;
-    
-    if((mask & required_mask) != required_mask)
-	return KADM5_BAD_MASK;
-    if((mask & forbidden_mask))
-	return KADM5_BAD_MASK;
-    if((mask & KADM5_POLICY) && strcmp(princ->policy, "default"))
-	/* XXX no real policies for now */
-	return KADM5_UNK_POLICY;
-    memset(ent, 0, sizeof(*ent));
-    ret  = krb5_copy_principal(context->context, princ->principal, 
-			       &ent->entry.principal);
-    if(ret)
-	return ret;
-    
-    defent = &defrec;
-    ret = get_default(context, princ->principal, defent);
-    if(ret) {
-	defent   = NULL;
-	def_mask = 0;
-    } else {
-	def_mask = KADM5_ATTRIBUTES | KADM5_MAX_LIFE | KADM5_MAX_RLIFE;
-    }
-
-    ret = _kadm5_setup_entry(context,
-			     ent, mask | def_mask,
-			     princ, mask,
-			     defent, def_mask);
-    if(defent)
-	kadm5_free_principal_ent(context, defent);
-    
-    ent->entry.created_by.time = time(NULL);
-    ret = krb5_copy_principal(context->context, context->caller, 
-			      &ent->entry.created_by.principal);
-
-    return ret;
-}
-
-kadm5_ret_t
-kadm5_s_create_principal_with_key(void *server_handle,
-				  kadm5_principal_ent_t princ,
-				  uint32_t mask)
-{
-    kadm5_ret_t ret;
-    hdb_entry_ex ent;
-    kadm5_server_context *context = server_handle;
-
-    ret = create_principal(context, princ, mask, &ent,
-			   KADM5_PRINCIPAL | KADM5_KEY_DATA,
-			   KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME 
-			   | KADM5_MOD_NAME | KADM5_MKVNO 
-			   | KADM5_AUX_ATTRIBUTES 
-			   | KADM5_POLICY_CLR | KADM5_LAST_SUCCESS 
-			   | KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT);
-    if(ret)
-	goto out;
-
-    if ((mask & KADM5_KVNO) == 0)
-	ent.entry.kvno = 1;
-
-    ret = hdb_seal_keys(context->context, context->db, &ent.entry);
-    if (ret)
-	goto out;
-    
-    ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
-    if(ret)
-	goto out;
-    ret = context->db->hdb_store(context->context, context->db, 0, &ent);
-    context->db->hdb_close(context->context, context->db);
-    if (ret)
-	goto out;
-    kadm5_log_create (context, &ent.entry);
-
-out:
-    hdb_free_entry(context->context, &ent);
-    return _kadm5_error_code(ret);
-}
-				  
-
-kadm5_ret_t
-kadm5_s_create_principal(void *server_handle,
-			 kadm5_principal_ent_t princ, 
-			 uint32_t mask,
-			 const char *password)
-{
-    kadm5_ret_t ret;
-    hdb_entry_ex ent;
-    kadm5_server_context *context = server_handle;
-
-    ret = create_principal(context, princ, mask, &ent,
-			   KADM5_PRINCIPAL,
-			   KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME 
-			   | KADM5_MOD_NAME | KADM5_MKVNO 
-			   | KADM5_AUX_ATTRIBUTES | KADM5_KEY_DATA
-			   | KADM5_POLICY_CLR | KADM5_LAST_SUCCESS 
-			   | KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT);
-    if(ret)
-	goto out;
-
-    if ((mask & KADM5_KVNO) == 0)
-	ent.entry.kvno = 1;
-
-    ent.entry.keys.len = 0;
-    ent.entry.keys.val = NULL;
-
-    ret = _kadm5_set_keys(context, &ent.entry, password);
-    if (ret)
-	goto out;
-
-    ret = hdb_seal_keys(context->context, context->db, &ent.entry);
-    if (ret)
-	goto out;
-    
-    ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
-    if(ret)
-	goto out;
-    ret = context->db->hdb_store(context->context, context->db, 0, &ent);
-    context->db->hdb_close(context->context, context->db);
-    if (ret)
-	goto out;
-
-    kadm5_log_create (context, &ent.entry);
-
- out:
-    hdb_free_entry(context->context, &ent);
-    return _kadm5_error_code(ret);
-}
-
diff --git a/crypto/heimdal/lib/kadm5/default_keys.c b/crypto/heimdal/lib/kadm5/default_keys.c
deleted file mode 100644
index 2a851cd8babf..000000000000
--- a/crypto/heimdal/lib/kadm5/default_keys.c
+++ /dev/null
@@ -1,120 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-#include <err.h>
-
-RCSID("$Id: default_keys.c 22494 2008-01-21 11:56:44Z lha $");
-
-static void
-print_keys(krb5_context context, Key *keys, size_t nkeys)
-{
-    krb5_error_code ret;
-    char *str;
-    int i;
-
-    printf("keys:\n");
-
-    for (i = 0; i < nkeys; i++) {
-
-	ret = krb5_enctype_to_string(context, keys[i].key.keytype, &str);
-	if (ret)
-	    krb5_err(context, ret, 1, "krb5_enctype_to_string: %d\n",
-		     (int)keys[i].key.keytype);
-
-	printf("\tenctype %s", str);
-	free(str);
-
-	if (keys[i].salt) {
-	    printf(" salt: ");
-
-	    switch (keys[i].salt->type) {
-	    case KRB5_PW_SALT:
-		printf("pw-salt:");
-		break;
-	    case KRB5_AFS3_SALT:
-		printf("afs3-salt:");
-		break;
-	    default:
-		printf("unknown salt: %d", keys[i].salt->type);
-		break;
-	    }
-	    if (keys[i].salt->salt.length)
-		printf("%.*s", (int)keys[i].salt->salt.length,
-		       (char *)keys[i].salt->salt.data);
-	}	
-	printf("\n");
-    }
-    printf("end keys:\n");
-}
-
-static void
-parse_file(krb5_context context, krb5_principal principal, int no_salt)
-{
-    krb5_error_code ret;
-    size_t nkeys;
-    Key *keys;
-
-    ret = hdb_generate_key_set(context, principal, &keys, &nkeys, no_salt);
-    if (ret)
-	krb5_err(context, 1, ret, "hdb_generate_key_set");
-
-    print_keys(context, keys, nkeys);
-
-    hdb_free_keys(context, nkeys, keys);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_context context;
-    krb5_principal principal;
-
-    ret = krb5_init_context(&context);
-    if (ret) 
-	errx(1, "krb5_init_context");
-
-    ret = krb5_parse_name(context, "lha@SU.SE", &principal);
-    if (ret)
-	krb5_err(context, ret, 1, "krb5_parse_name");
-
-    parse_file(context, principal, 0);
-    parse_file(context, principal, 1);
-
-    krb5_free_principal(context, principal);
-
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/delete_c.c b/crypto/heimdal/lib/kadm5/delete_c.c
deleted file mode 100644
index 5018fd6cbf19..000000000000
--- a/crypto/heimdal/lib/kadm5/delete_c.c
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: delete_c.c 16661 2006-01-25 12:50:10Z lha $");
-
-kadm5_ret_t
-kadm5_c_delete_principal(void *server_handle, krb5_principal princ)
-{
-    kadm5_client_context *context = server_handle;
-    kadm5_ret_t ret;
-    krb5_storage *sp;
-    unsigned char buf[1024];
-    int32_t tmp;
-    krb5_data reply;
-
-    ret = _kadm5_connect(server_handle);
-    if(ret)
-	return ret;
-
-    sp = krb5_storage_from_mem(buf, sizeof(buf));
-    if (sp == NULL) {
-	krb5_clear_error_string(context->context);
-	return ENOMEM;
-    }
-    krb5_store_int32(sp, kadm_delete);
-    krb5_store_principal(sp, princ);
-    ret = _kadm5_client_send(context, sp);
-    krb5_storage_free(sp);
-    if (ret)
-	return ret;
-    ret = _kadm5_client_recv(context, &reply);
-    if (ret)
-	return ret;
-    sp = krb5_storage_from_data (&reply);
-    if(sp == NULL) {
-	krb5_clear_error_string(context->context);
-	krb5_data_free (&reply);
-	return ENOMEM;
-    }
-    krb5_ret_int32(sp, &tmp);
-    krb5_clear_error_string(context->context);
-    krb5_storage_free(sp);
-    krb5_data_free (&reply);
-    return tmp;
-}
diff --git a/crypto/heimdal/lib/kadm5/delete_s.c b/crypto/heimdal/lib/kadm5/delete_s.c
deleted file mode 100644
index b4e5a37467fc..000000000000
--- a/crypto/heimdal/lib/kadm5/delete_s.c
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001, 2003, 2005 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: delete_s.c 20612 2007-05-08 07:13:45Z lha $");
-
-kadm5_ret_t
-kadm5_s_delete_principal(void *server_handle, krb5_principal princ)
-{
-    kadm5_server_context *context = server_handle;
-    kadm5_ret_t ret;
-    hdb_entry_ex ent;
-
-    memset(&ent, 0, sizeof(ent));
-    ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
-    if(ret) {
-	krb5_warn(context->context, ret, "opening database");
-	return ret;
-    }
-    ret = context->db->hdb_fetch(context->context, context->db, princ,
-				 HDB_F_DECRYPT|HDB_F_GET_ANY, &ent);
-    if(ret == HDB_ERR_NOENTRY)
-	goto out;
-    if(ent.entry.flags.immutable) {
-	ret = KADM5_PROTECT_PRINCIPAL;
-	goto out2;
-    }
-    
-    ret = hdb_seal_keys(context->context, context->db, &ent.entry);
-    if (ret)
-	goto out2;
-
-    ret = context->db->hdb_remove(context->context, context->db, princ);
-    if (ret)
-	goto out2;
-
-    kadm5_log_delete (context, princ);
-
-out2:
-    hdb_free_entry(context->context, &ent);
-out:
-    context->db->hdb_close(context->context, context->db);
-    return _kadm5_error_code(ret);
-}
diff --git a/crypto/heimdal/lib/kadm5/destroy_c.c b/crypto/heimdal/lib/kadm5/destroy_c.c
deleted file mode 100644
index 9ae2e9d17cb6..000000000000
--- a/crypto/heimdal/lib/kadm5/destroy_c.c
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: destroy_c.c 13198 2003-12-07 19:01:39Z lha $");
-
-kadm5_ret_t 
-kadm5_c_destroy(void *server_handle)
-{
-    kadm5_client_context *context = server_handle;
-
-    free(context->realm);
-    free(context->admin_server);
-    close(context->sock);
-    if (context->client_name)
-	free(context->client_name);
-    if (context->service_name)
-	free(context->service_name);
-    if (context->ac != NULL)
-	krb5_auth_con_free(context->context, context->ac);
-    if(context->my_context)
-	krb5_free_context(context->context);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/destroy_s.c b/crypto/heimdal/lib/kadm5/destroy_s.c
deleted file mode 100644
index edfc6b53b9c9..000000000000
--- a/crypto/heimdal/lib/kadm5/destroy_s.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: destroy_s.c 12880 2003-09-19 00:25:35Z lha $");
-
-/*
- * dealloc a `kadm5_config_params'
- */
-
-static void
-destroy_config (kadm5_config_params *c)
-{
-    free (c->realm);
-    free (c->dbname);
-    free (c->acl_file);
-    free (c->stash_file);
-}
-
-/*
- * dealloc a kadm5_log_context
- */
-
-static void
-destroy_kadm5_log_context (kadm5_log_context *c)
-{
-    free (c->log_file);
-    close (c->socket_fd);
-}
-
-/*
- * destroy a kadm5 handle
- */
-
-kadm5_ret_t 
-kadm5_s_destroy(void *server_handle)
-{
-    kadm5_ret_t ret;
-    kadm5_server_context *context = server_handle;
-    krb5_context kcontext = context->context;
-
-    ret = context->db->hdb_destroy(kcontext, context->db);
-    destroy_kadm5_log_context (&context->log_context);
-    destroy_config (&context->config);
-    krb5_free_principal (kcontext, context->caller);
-    if(context->my_context)
-	krb5_free_context(kcontext);
-    free (context);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/kadm5/dump_log.c b/crypto/heimdal/lib/kadm5/dump_log.c
deleted file mode 100644
index f8309fb5acfe..000000000000
--- a/crypto/heimdal/lib/kadm5/dump_log.c
+++ /dev/null
@@ -1,273 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "iprop.h"
-#include "parse_time.h"
-
-RCSID("$Id: dump_log.c,v 1.13 2003/04/16 17:56:02 lha Exp $");
-
-static char *op_names[] = {
-    "get",
-    "delete",
-    "create",
-    "rename",
-    "chpass",
-    "modify",
-    "randkey",
-    "get_privs",
-    "get_princs",
-    "chpass_with_key",
-    "nop"
-};
-
-static void
-print_entry(kadm5_server_context *server_context,
-	    u_int32_t ver,
-	    time_t timestamp,
-	    enum kadm_ops op,
-	    u_int32_t len,
-	    krb5_storage *sp)
-{
-    char t[256];
-    int32_t mask;
-    hdb_entry ent;
-    krb5_principal source;
-    char *name1, *name2;
-    krb5_data data;
-    krb5_context context = server_context->context;
-
-    off_t end = krb5_storage_seek(sp, 0, SEEK_CUR) + len;
-    
-    krb5_error_code ret;
-
-    strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S", localtime(&timestamp));
-
-    if(op < kadm_get || op > kadm_nop) {
-	printf("unknown op: %d\n", op);
-	krb5_storage_seek(sp, end, SEEK_SET);
-	return;
-    }
-
-    printf ("%s: ver = %u, timestamp = %s, len = %u\n",
-	    op_names[op], ver, t, len);
-    switch(op) {
-    case kadm_delete:
-	krb5_ret_principal(sp, &source);
-	krb5_unparse_name(context, source, &name1);
-	printf("    %s\n", name1);
-	free(name1);
-	krb5_free_principal(context, source);
-	break;
-    case kadm_rename:
-	ret = krb5_data_alloc(&data, len);
-	if (ret)
-	    krb5_err (context, 1, ret, "kadm_rename: data alloc: %d", len);
-	krb5_ret_principal(sp, &source);
-	krb5_storage_read(sp, data.data, data.length);
-	hdb_value2entry(context, &data, &ent);
-	krb5_unparse_name(context, source, &name1);
-	krb5_unparse_name(context, ent.principal, &name2);
-	printf("    %s -> %s\n", name1, name2);
-	free(name1);
-	free(name2);
-	krb5_free_principal(context, source);
-	hdb_free_entry(context, &ent);
-	break;
-    case kadm_create:
-	ret = krb5_data_alloc(&data, len);
-	if (ret)
-	    krb5_err (context, 1, ret, "kadm_create: data alloc: %d", len);
-	krb5_storage_read(sp, data.data, data.length);
-	ret = hdb_value2entry(context, &data, &ent);
-	if(ret)
-	    abort();
-	mask = ~0;
-	goto foo;
-    case kadm_modify:
-	ret = krb5_data_alloc(&data, len);
-	if (ret)
-	    krb5_err (context, 1, ret, "kadm_modify: data alloc: %d", len);
-	krb5_ret_int32(sp, &mask);
-	krb5_storage_read(sp, data.data, data.length);
-	ret = hdb_value2entry(context, &data, &ent);
-	if(ret)
-	    abort();
-    foo:
-	if(ent.principal /* mask & KADM5_PRINCIPAL */) {
-	    krb5_unparse_name(context, ent.principal, &name1);
-	    printf("    principal = %s\n", name1);
-	    free(name1);
-	}
-	if(mask & KADM5_PRINC_EXPIRE_TIME) {
-	    if(ent.valid_end == NULL) {
-		strcpy(t, "never");
-	    } else {
-		strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S", 
-			 localtime(ent.valid_end));
-	    }
-	    printf("    expires = %s\n", t);
-	}
-	if(mask & KADM5_PW_EXPIRATION) {
-	    if(ent.pw_end == NULL) {
-		strcpy(t, "never");
-	    } else {
-		strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S", 
-			 localtime(ent.pw_end));
-	    }
-	    printf("    password exp = %s\n", t);
-	}
-	if(mask & KADM5_LAST_PWD_CHANGE) {
-	}
-	if(mask & KADM5_ATTRIBUTES) {
-	    unparse_flags(HDBFlags2int(ent.flags), 
-			  HDBFlags_units, t, sizeof(t));
-	    printf("    attributes = %s\n", t);
-	}
-	if(mask & KADM5_MAX_LIFE) {
-	    if(ent.max_life == NULL)
-		strcpy(t, "for ever");
-	    else
-		unparse_time(*ent.max_life, t, sizeof(t));
-	    printf("    max life = %s\n", t);
-	}
-	if(mask & KADM5_MAX_RLIFE) {
-	    if(ent.max_renew == NULL)
-		strcpy(t, "for ever");
-	    else
-		unparse_time(*ent.max_renew, t, sizeof(t));
-	    printf("    max rlife = %s\n", t);
-	}
-	if(mask & KADM5_MOD_TIME) {
-	    printf("    mod time\n");
-	}
-	if(mask & KADM5_MOD_NAME) {
-	    printf("    mod name\n");
-	}
-	if(mask & KADM5_KVNO) {
-	    printf("    kvno = %d\n", ent.kvno);
-	}
-	if(mask & KADM5_MKVNO) {
-	    printf("    mkvno\n");
-	}
-	if(mask & KADM5_AUX_ATTRIBUTES) {
-	    printf("    aux attributes\n");
-	}
-	if(mask & KADM5_POLICY) {
-	    printf("    policy\n");
-	}
-	if(mask & KADM5_POLICY_CLR) {
-	    printf("    mod time\n");
-	}
-	if(mask & KADM5_LAST_SUCCESS) {
-	    printf("    last success\n");
-	}
-	if(mask & KADM5_LAST_FAILED) {
-	    printf("    last failed\n");
-	}
-	if(mask & KADM5_FAIL_AUTH_COUNT) {
-	    printf("    fail auth count\n");
-	}
-	if(mask & KADM5_KEY_DATA) {
-	    printf("    key data\n");
-	}
-	if(mask & KADM5_TL_DATA) {
-	    printf("    tl data\n");
-	}
-	hdb_free_entry(context, &ent);
-	break;
-    case kadm_nop :
-	break;
-    default:
-	abort();
-    }
-    krb5_storage_seek(sp, end, SEEK_SET);
-}
-
-static char *realm;
-static int version_flag;
-static int help_flag;
-
-static struct getargs args[] = {
-    { "realm", 'r', arg_string, &realm },
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 0, arg_flag, &help_flag }
-};
-int num_args = sizeof(args) / sizeof(args[0]);
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    void *kadm_handle;
-    kadm5_server_context *server_context;
-    kadm5_config_params conf;
-
-    krb5_program_setup(&context, argc, argv, args, num_args, NULL);
-    
-    if(help_flag)
-	krb5_std_usage(0, args, num_args);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    memset(&conf, 0, sizeof(conf));
-    if(realm) {
-	conf.mask |= KADM5_CONFIG_REALM;
-	conf.realm = realm;
-    }
-    ret = kadm5_init_with_password_ctx (context,
-					KADM5_ADMIN_SERVICE,
-					NULL,
-					KADM5_ADMIN_SERVICE,
-					&conf, 0, 0, 
-					&kadm_handle);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_init_with_password_ctx");
-
-    server_context = (kadm5_server_context *)kadm_handle;
-
-    ret = kadm5_log_init (server_context);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_log_init");
-
-    ret = kadm5_log_foreach (server_context, print_entry);
-    if(ret)
-	krb5_warn(context, ret, "kadm5_log_foreach");
-
-    ret = kadm5_log_end (server_context);
-    if (ret)
-	krb5_warn(context, ret, "kadm5_log_end");
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/ent_setup.c b/crypto/heimdal/lib/kadm5/ent_setup.c
deleted file mode 100644
index dfc4a9b5aae0..000000000000
--- a/crypto/heimdal/lib/kadm5/ent_setup.c
+++ /dev/null
@@ -1,206 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: ent_setup.c 18823 2006-10-22 10:15:53Z lha $");
-
-#define set_value(X, V) do { if((X) == NULL) (X) = malloc(sizeof(*(X))); *(X) = V; } while(0)
-#define set_null(X)     do { if((X) != NULL) free((X)); (X) = NULL; } while (0)
-
-static void
-attr_to_flags(unsigned attr, HDBFlags *flags)
-{
-    flags->postdate =		!(attr & KRB5_KDB_DISALLOW_POSTDATED);
-    flags->forwardable =	!(attr & KRB5_KDB_DISALLOW_FORWARDABLE);
-    flags->initial =	       !!(attr & KRB5_KDB_DISALLOW_TGT_BASED);
-    flags->renewable =		!(attr & KRB5_KDB_DISALLOW_RENEWABLE);
-    flags->proxiable =		!(attr & KRB5_KDB_DISALLOW_PROXIABLE);
-    /* DUP_SKEY */
-    flags->invalid =	       !!(attr & KRB5_KDB_DISALLOW_ALL_TIX);
-    flags->require_preauth =   !!(attr & KRB5_KDB_REQUIRES_PRE_AUTH);
-    /* HW_AUTH */
-    flags->server =		!(attr & KRB5_KDB_DISALLOW_SVR);
-    flags->change_pw = 	       !!(attr & KRB5_KDB_PWCHANGE_SERVICE);
-    flags->client =	        1; /* XXX */
-    flags->ok_as_delegate =    !!(attr & KRB5_KDB_OK_AS_DELEGATE);
-    flags->trusted_for_delegation = !!(attr & KRB5_KDB_TRUSTED_FOR_DELEGATION);
-    flags->allow_kerberos4 =   !!(attr & KRB5_KDB_ALLOW_KERBEROS4);
-    flags->allow_digest =      !!(attr & KRB5_KDB_ALLOW_DIGEST);
-}
-
-/*
- * Modify the `ent' according to `tl_data'.
- */
-
-static kadm5_ret_t
-perform_tl_data(krb5_context context,
-		HDB *db,
-		hdb_entry_ex *ent, 
-		const krb5_tl_data *tl_data)
-{
-    kadm5_ret_t ret = 0;
-
-    if (tl_data->tl_data_type == KRB5_TL_PASSWORD) {
-	heim_utf8_string pw = tl_data->tl_data_contents;
-
-	if (pw[tl_data->tl_data_length] != '\0')
-	    return KADM5_BAD_TL_TYPE;
-
-	ret = hdb_entry_set_password(context, db, &ent->entry, pw);
-
-    } else if (tl_data->tl_data_type == KRB5_TL_LAST_PWD_CHANGE) {
-	unsigned char *s;
-	time_t t;
-
-	if (tl_data->tl_data_length != 4)
-	    return KADM5_BAD_TL_TYPE;
-
-	s = tl_data->tl_data_contents;
-
-	t = s[0] | (s[1] << 8) | (s[2] << 16) | (s[3] << 24);
-
-	ret = hdb_entry_set_pw_change_time(context, &ent->entry, t);
-
-    } else if (tl_data->tl_data_type == KRB5_TL_EXTENSION) {
-	HDB_extension ext;
-
-	ret = decode_HDB_extension(tl_data->tl_data_contents,
-				   tl_data->tl_data_length,
-				   &ext,
-				   NULL);
-	if (ret)
-	    return KADM5_BAD_TL_TYPE;
-	
-	ret = hdb_replace_extension(context, &ent->entry, &ext);
-	free_HDB_extension(&ext);
-    } else {
-	return KADM5_BAD_TL_TYPE;
-    }
-    return ret;
-}
-
-
-/*
- * Create the hdb entry `ent' based on data from `princ' with
- * `princ_mask' specifying what fields to be gotten from there and
- * `mask' specifying what fields we want filled in.
- */
-
-kadm5_ret_t
-_kadm5_setup_entry(kadm5_server_context *context,
-		   hdb_entry_ex *ent,
-		   uint32_t mask,
-		   kadm5_principal_ent_t princ, 
-		   uint32_t princ_mask,
-		   kadm5_principal_ent_t def,
-		   uint32_t def_mask)
-{
-    if(mask & KADM5_PRINC_EXPIRE_TIME
-       && princ_mask & KADM5_PRINC_EXPIRE_TIME) {
-	if (princ->princ_expire_time)
-	    set_value(ent->entry.valid_end, princ->princ_expire_time);
-	else
-	    set_null(ent->entry.valid_end);
-    }
-    if(mask & KADM5_PW_EXPIRATION
-       && princ_mask & KADM5_PW_EXPIRATION) {
-	if (princ->pw_expiration)
-	    set_value(ent->entry.pw_end, princ->pw_expiration);
-	else
-	    set_null(ent->entry.pw_end);
-    }
-    if(mask & KADM5_ATTRIBUTES) {
-	if (princ_mask & KADM5_ATTRIBUTES) {
-	    attr_to_flags(princ->attributes, &ent->entry.flags);
-	} else if(def_mask & KADM5_ATTRIBUTES) {
-	    attr_to_flags(def->attributes, &ent->entry.flags);
-	    ent->entry.flags.invalid = 0;
-	} else {
-	    ent->entry.flags.client      = 1;
-	    ent->entry.flags.server      = 1;
-	    ent->entry.flags.forwardable = 1;
-	    ent->entry.flags.proxiable   = 1;
-	    ent->entry.flags.renewable   = 1;
-	    ent->entry.flags.postdate    = 1;
-	}
-    }
-    if(mask & KADM5_MAX_LIFE) {
-	if(princ_mask & KADM5_MAX_LIFE) {
-	    if(princ->max_life)
-	      set_value(ent->entry.max_life, princ->max_life);
-	    else
-	      set_null(ent->entry.max_life);
-	} else if(def_mask & KADM5_MAX_LIFE) {
-	    if(def->max_life)
-	      set_value(ent->entry.max_life, def->max_life);
-	    else
-	      set_null(ent->entry.max_life);
-	}
-    }
-    if(mask & KADM5_KVNO
-       && princ_mask & KADM5_KVNO)
-	ent->entry.kvno = princ->kvno;
-    if(mask & KADM5_MAX_RLIFE) {
-	if(princ_mask & KADM5_MAX_RLIFE) {
-	  if(princ->max_renewable_life)
-	    set_value(ent->entry.max_renew, princ->max_renewable_life);
-	  else
-	    set_null(ent->entry.max_renew);
-	} else if(def_mask & KADM5_MAX_RLIFE) {
-	  if(def->max_renewable_life)
-	    set_value(ent->entry.max_renew, def->max_renewable_life);
-	  else
-	    set_null(ent->entry.max_renew);
-	}
-    }
-    if(mask & KADM5_KEY_DATA
-       && princ_mask & KADM5_KEY_DATA) {
-	_kadm5_set_keys2(context, &ent->entry,
-			 princ->n_key_data, princ->key_data);
-    }
-    if(mask & KADM5_TL_DATA) {
-	krb5_tl_data *tl;
-
-	for (tl = princ->tl_data; tl != NULL; tl = tl->tl_data_next) {
-	    kadm5_ret_t ret;
-	    ret = perform_tl_data(context->context, context->db, ent, tl);
-	    if (ret)
-		return ret;
-	}
-    }
-    if(mask & KADM5_FAIL_AUTH_COUNT) {
-	/* XXX */
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/error.c b/crypto/heimdal/lib/kadm5/error.c
deleted file mode 100644
index 46211d2b1111..000000000000
--- a/crypto/heimdal/lib/kadm5/error.c
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: error.c 7464 1999-12-02 17:05:13Z joda $");
-
-kadm5_ret_t
-_kadm5_error_code(kadm5_ret_t code)
-{
-    switch(code){
-    case HDB_ERR_EXISTS:
-	return KADM5_DUP;
-    case HDB_ERR_NOENTRY:
-	return KADM5_UNK_PRINC;
-    }
-    return code;
-}
diff --git a/crypto/heimdal/lib/kadm5/flush.c b/crypto/heimdal/lib/kadm5/flush.c
deleted file mode 100644
index ad1574f02883..000000000000
--- a/crypto/heimdal/lib/kadm5/flush.c
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: flush.c 7464 1999-12-02 17:05:13Z joda $");
-
-kadm5_ret_t 
-kadm5_s_flush(void *server_handle)
-{
-    return 0;
-}
-
-kadm5_ret_t 
-kadm5_c_flush(void *server_handle)
-{
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/flush_c.c b/crypto/heimdal/lib/kadm5/flush_c.c
deleted file mode 100644
index 748a49a8e2c5..000000000000
--- a/crypto/heimdal/lib/kadm5/flush_c.c
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: flush_c.c 5723 1999-03-23 18:23:37Z joda $");
-
-kadm5_ret_t 
-kadm5_c_flush(void *server_handle)
-{
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/flush_s.c b/crypto/heimdal/lib/kadm5/flush_s.c
deleted file mode 100644
index 9bed0c6ce0b4..000000000000
--- a/crypto/heimdal/lib/kadm5/flush_s.c
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: flush_s.c 5723 1999-03-23 18:23:37Z joda $");
-
-kadm5_ret_t 
-kadm5_s_flush(void *server_handle)
-{
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/free.c b/crypto/heimdal/lib/kadm5/free.c
deleted file mode 100644
index 1f1740d1eb16..000000000000
--- a/crypto/heimdal/lib/kadm5/free.c
+++ /dev/null
@@ -1,91 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: free.c 7464 1999-12-02 17:05:13Z joda $");
-
-void 
-kadm5_free_key_data(void *server_handle,
-		    int16_t *n_key_data, 
-		    krb5_key_data *key_data)
-{
-    int i;
-    for(i = 0; i < *n_key_data; i++){
-	if(key_data[i].key_data_contents[0]){
-	    memset(key_data[i].key_data_contents[0], 
-		   0,
-		   key_data[i].key_data_length[0]);
-	    free(key_data[i].key_data_contents[0]);
-	}
-	if(key_data[i].key_data_contents[1])
-	    free(key_data[i].key_data_contents[1]);
-    }
-    *n_key_data = 0;
-}
-
-
-void 
-kadm5_free_principal_ent(void *server_handle,
-			 kadm5_principal_ent_t princ)
-{
-    kadm5_server_context *context = server_handle;
-    if(princ->principal)
-	krb5_free_principal(context->context, princ->principal);
-    if(princ->mod_name)
-	krb5_free_principal(context->context, princ->mod_name);
-    kadm5_free_key_data(server_handle, &princ->n_key_data, princ->key_data);
-    while(princ->n_tl_data && princ->tl_data) {
-	krb5_tl_data *tp;
-	tp = princ->tl_data;
-	princ->tl_data = tp->tl_data_next;
-	princ->n_tl_data--;
-	memset(tp->tl_data_contents, 0, tp->tl_data_length);
-	free(tp->tl_data_contents);
-	free(tp);
-    }
-    if (princ->key_data != NULL)
-	free (princ->key_data);
-}
-
-void 
-kadm5_free_name_list(void *server_handle,
-		     char **names, 
-		     int *count)
-{
-    int i;
-    for(i = 0; i < *count; i++)
-	free(names[i]);
-    free(names);
-    *count = 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/get_c.c b/crypto/heimdal/lib/kadm5/get_c.c
deleted file mode 100644
index 5f9724f86f87..000000000000
--- a/crypto/heimdal/lib/kadm5/get_c.c
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000, 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: get_c.c 17445 2006-05-05 10:37:46Z lha $");
-
-kadm5_ret_t
-kadm5_c_get_principal(void *server_handle, 
-		      krb5_principal princ, 
-		      kadm5_principal_ent_t out, 
-		      uint32_t mask)
-{
-    kadm5_client_context *context = server_handle;
-    kadm5_ret_t ret;
-    krb5_storage *sp;
-    unsigned char buf[1024];
-    int32_t tmp;
-    krb5_data reply;
-
-    ret = _kadm5_connect(server_handle);
-    if(ret)
-	return ret;
-
-    sp = krb5_storage_from_mem(buf, sizeof(buf));
-    if (sp == NULL) {
-	krb5_clear_error_string(context->context);
-	return ENOMEM;
-    }
-    krb5_store_int32(sp, kadm_get);
-    krb5_store_principal(sp, princ);
-    krb5_store_int32(sp, mask);
-    ret = _kadm5_client_send(context, sp);
-    krb5_storage_free(sp);
-    if(ret)
-	return ret;
-    ret = _kadm5_client_recv(context, &reply);
-    if (ret)
-	return ret;
-    sp = krb5_storage_from_data (&reply);
-    if (sp == NULL) {
-	krb5_clear_error_string(context->context);
-	krb5_data_free (&reply);
-	return ENOMEM;
-    }
-    krb5_ret_int32(sp, &tmp);
-    ret = tmp;
-    krb5_clear_error_string(context->context);
-    if(ret == 0)
-	kadm5_ret_principal_ent(sp, out);
-    krb5_storage_free(sp);
-    krb5_data_free (&reply);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/kadm5/get_princs_c.c b/crypto/heimdal/lib/kadm5/get_princs_c.c
deleted file mode 100644
index 81a3cfdb7b19..000000000000
--- a/crypto/heimdal/lib/kadm5/get_princs_c.c
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: get_princs_c.c 15484 2005-06-17 05:21:07Z lha $");
-
-kadm5_ret_t
-kadm5_c_get_principals(void *server_handle, 
-		       const char *expression,
-		       char ***princs, 
-		       int *count)
-{
-    kadm5_client_context *context = server_handle;
-    kadm5_ret_t ret;
-    krb5_storage *sp;
-    unsigned char buf[1024];
-    int32_t tmp;
-    krb5_data reply;
-
-    ret = _kadm5_connect(server_handle);
-    if(ret)
-	return ret;
-
-    sp = krb5_storage_from_mem(buf, sizeof(buf));
-    if (sp == NULL)
-	return ENOMEM;
-    krb5_store_int32(sp, kadm_get_princs);
-    krb5_store_int32(sp, expression != NULL);
-    if(expression)
-	krb5_store_string(sp, expression);
-    ret = _kadm5_client_send(context, sp);
-    krb5_storage_free(sp);
-    ret = _kadm5_client_recv(context, &reply);
-    if(ret)
-	return ret;
-    sp = krb5_storage_from_data (&reply);
-    if (sp == NULL) {
-	krb5_data_free (&reply);
-	return ENOMEM;
-    }
-    krb5_ret_int32(sp, &tmp);
-    ret = tmp;
-    if(ret == 0) {
-	int i;
-	krb5_ret_int32(sp, &tmp);
-	*princs = calloc(tmp + 1, sizeof(**princs));
-	if (*princs == NULL) {
-	    ret = ENOMEM;
-	    goto out;
-	}
-	for(i = 0; i < tmp; i++)
-	    krb5_ret_string(sp, &(*princs)[i]);
-	*count = tmp;
-    }
-out:
-    krb5_storage_free(sp);
-    krb5_data_free (&reply);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/kadm5/get_princs_s.c b/crypto/heimdal/lib/kadm5/get_princs_s.c
deleted file mode 100644
index cab6ef7467cf..000000000000
--- a/crypto/heimdal/lib/kadm5/get_princs_s.c
+++ /dev/null
@@ -1,113 +0,0 @@
-/*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: get_princs_s.c 16378 2005-12-12 12:40:12Z lha $");
-
-struct foreach_data {
-    const char *exp;
-    char *exp2;
-    char **princs;
-    int count;
-};
-
-static krb5_error_code
-add_princ(struct foreach_data *d, char *princ)
-{
-    char **tmp;
-    tmp = realloc(d->princs, (d->count + 1) * sizeof(*tmp));
-    if(tmp == NULL)
-	return ENOMEM;
-    d->princs = tmp;
-    d->princs[d->count++] = princ;
-    return 0;
-}
-
-static krb5_error_code
-foreach(krb5_context context, HDB *db, hdb_entry_ex *ent, void *data)
-{
-    struct foreach_data *d = data;
-    char *princ;
-    krb5_error_code ret;
-    ret = krb5_unparse_name(context, ent->entry.principal, &princ);
-    if(ret)
-	return ret;
-    if(d->exp){
-	if(fnmatch(d->exp, princ, 0) == 0 || fnmatch(d->exp2, princ, 0) == 0)
-	    ret = add_princ(d, princ);
-	else
-	    free(princ);
-    }else{
-	ret = add_princ(d, princ);
-    }
-    if(ret)
-	free(princ);
-    return ret;
-}
-
-kadm5_ret_t
-kadm5_s_get_principals(void *server_handle, 
-		       const char *expression,
-		       char ***princs, 
-		       int *count)
-{
-    struct foreach_data d;
-    kadm5_server_context *context = server_handle;
-    kadm5_ret_t ret;
-    ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
-    if(ret) {
-	krb5_warn(context->context, ret, "opening database");
-	return ret;
-    }
-    d.exp = expression;
-    {
-	krb5_realm r;
-	krb5_get_default_realm(context->context, &r);
-	asprintf(&d.exp2, "%s@%s", expression, r);
-	free(r);
-    }
-    d.princs = NULL;
-    d.count = 0;
-    ret = hdb_foreach(context->context, context->db, 0, foreach, &d);
-    context->db->hdb_close(context->context, context->db);
-    if(ret == 0)
-	ret = add_princ(&d, NULL);
-    if(ret == 0){
-	*princs = d.princs;
-	*count = d.count - 1;
-    }else
-	kadm5_free_name_list(context, d.princs, &d.count);
-    free(d.exp2);
-    return _kadm5_error_code(ret);
-}
diff --git a/crypto/heimdal/lib/kadm5/get_s.c b/crypto/heimdal/lib/kadm5/get_s.c
deleted file mode 100644
index 5d0db9bc82a7..000000000000
--- a/crypto/heimdal/lib/kadm5/get_s.c
+++ /dev/null
@@ -1,284 +0,0 @@
-/*
- * Copyright (c) 1997 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: get_s.c 21745 2007-07-31 16:11:25Z lha $");
-
-static kadm5_ret_t
-add_tl_data(kadm5_principal_ent_t ent, int16_t type, 
-	    const void *data, size_t size)
-{
-    krb5_tl_data *tl;
-
-    tl = calloc(1, sizeof(*tl));
-    if (tl == NULL)
-	return _kadm5_error_code(ENOMEM);
-
-    tl->tl_data_type = type;
-    tl->tl_data_length = size;
-    tl->tl_data_contents = malloc(size);
-    if (tl->tl_data_contents == NULL) {
-	free(tl);
-	return _kadm5_error_code(ENOMEM);
-    }
-    memcpy(tl->tl_data_contents, data, size);
-
-    tl->tl_data_next = ent->tl_data;
-    ent->tl_data = tl;
-    ent->n_tl_data++;
-
-    return 0;
-}
-
-krb5_ssize_t KRB5_LIB_FUNCTION
-_krb5_put_int(void *buffer, unsigned long value, size_t size); /* XXX */
-
-kadm5_ret_t
-kadm5_s_get_principal(void *server_handle, 
-		      krb5_principal princ, 
-		      kadm5_principal_ent_t out, 
-		      uint32_t mask)
-{
-    kadm5_server_context *context = server_handle;
-    kadm5_ret_t ret;
-    hdb_entry_ex ent;
-    
-    memset(&ent, 0, sizeof(ent));
-    ret = context->db->hdb_open(context->context, context->db, O_RDONLY, 0);
-    if(ret)
-	return ret;
-    ret = context->db->hdb_fetch(context->context, context->db, princ,
-				 HDB_F_DECRYPT|HDB_F_GET_ANY, &ent);
-    context->db->hdb_close(context->context, context->db);
-    if(ret)
-	return _kadm5_error_code(ret);
-
-    memset(out, 0, sizeof(*out));
-    if(mask & KADM5_PRINCIPAL)
-	ret  = krb5_copy_principal(context->context, ent.entry.principal, 
-				   &out->principal);
-    if(ret)
-	goto out;
-    if(mask & KADM5_PRINC_EXPIRE_TIME && ent.entry.valid_end)
-	out->princ_expire_time = *ent.entry.valid_end;
-    if(mask & KADM5_PW_EXPIRATION && ent.entry.pw_end)
-	out->pw_expiration = *ent.entry.pw_end;
-    if(mask & KADM5_LAST_PWD_CHANGE)
-	hdb_entry_get_pw_change_time(&ent.entry, &out->last_pwd_change);
-    if(mask & KADM5_ATTRIBUTES){
-	out->attributes |= ent.entry.flags.postdate ? 0 : KRB5_KDB_DISALLOW_POSTDATED;
-	out->attributes |= ent.entry.flags.forwardable ? 0 : KRB5_KDB_DISALLOW_FORWARDABLE;
-	out->attributes |= ent.entry.flags.initial ? KRB5_KDB_DISALLOW_TGT_BASED : 0;
-	out->attributes |= ent.entry.flags.renewable ? 0 : KRB5_KDB_DISALLOW_RENEWABLE;
-	out->attributes |= ent.entry.flags.proxiable ? 0 : KRB5_KDB_DISALLOW_PROXIABLE;
-	out->attributes |= ent.entry.flags.invalid ? KRB5_KDB_DISALLOW_ALL_TIX : 0;
-	out->attributes |= ent.entry.flags.require_preauth ? KRB5_KDB_REQUIRES_PRE_AUTH : 0;
-	out->attributes |= ent.entry.flags.server ? 0 : KRB5_KDB_DISALLOW_SVR;
-	out->attributes |= ent.entry.flags.change_pw ? KRB5_KDB_PWCHANGE_SERVICE : 0;
-	out->attributes |= ent.entry.flags.ok_as_delegate ? KRB5_KDB_OK_AS_DELEGATE : 0;
-	out->attributes |= ent.entry.flags.trusted_for_delegation ? KRB5_KDB_TRUSTED_FOR_DELEGATION : 0;
-	out->attributes |= ent.entry.flags.allow_kerberos4 ? KRB5_KDB_ALLOW_KERBEROS4 : 0;
-	out->attributes |= ent.entry.flags.allow_digest ? KRB5_KDB_ALLOW_DIGEST : 0;
-    }
-    if(mask & KADM5_MAX_LIFE) {
-	if(ent.entry.max_life)
-	    out->max_life = *ent.entry.max_life;
-	else
-	    out->max_life = INT_MAX;
-    }
-    if(mask & KADM5_MOD_TIME) {
-	if(ent.entry.modified_by)
-	    out->mod_date = ent.entry.modified_by->time;
-	else
-	    out->mod_date = ent.entry.created_by.time;
-    }
-    if(mask & KADM5_MOD_NAME) {
-	if(ent.entry.modified_by) {
-	    if (ent.entry.modified_by->principal != NULL)
-		ret = krb5_copy_principal(context->context, 
-					  ent.entry.modified_by->principal,
-					  &out->mod_name);
-	} else if(ent.entry.created_by.principal != NULL)
-	    ret = krb5_copy_principal(context->context, 
-				      ent.entry.created_by.principal,
-				      &out->mod_name);
-	else
-	    out->mod_name = NULL;
-    }
-    if(ret)
-	goto out;
-
-    if(mask & KADM5_KVNO)
-	out->kvno = ent.entry.kvno;
-    if(mask & KADM5_MKVNO) {
-	int n;
-	out->mkvno = 0; /* XXX */
-	for(n = 0; n < ent.entry.keys.len; n++)
-	    if(ent.entry.keys.val[n].mkvno) {
-		out->mkvno = *ent.entry.keys.val[n].mkvno; /* XXX this isn't right */
-		break;
-	    }
-    }
-    if(mask & KADM5_AUX_ATTRIBUTES)
-	/* XXX implement */;
-    if(mask & KADM5_POLICY)
-	out->policy = NULL;
-    if(mask & KADM5_MAX_RLIFE) {
-	if(ent.entry.max_renew)
-	    out->max_renewable_life = *ent.entry.max_renew;
-	else
-	    out->max_renewable_life = INT_MAX;
-    }
-    if(mask & KADM5_LAST_SUCCESS)
-	/* XXX implement */;
-    if(mask & KADM5_LAST_FAILED)
-	/* XXX implement */;
-    if(mask & KADM5_FAIL_AUTH_COUNT)
-	/* XXX implement */;
-    if(mask & KADM5_KEY_DATA){
-	int i;
-	Key *key;
-	krb5_key_data *kd;
-	krb5_salt salt;
-	krb5_data *sp;
-	krb5_get_pw_salt(context->context, ent.entry.principal, &salt);
-	out->key_data = malloc(ent.entry.keys.len * sizeof(*out->key_data));
-	if (out->key_data == NULL) {
-	    ret = ENOMEM;
-	    goto out;
-	}
-	for(i = 0; i < ent.entry.keys.len; i++){
-	    key = &ent.entry.keys.val[i];
-	    kd = &out->key_data[i];
-	    kd->key_data_ver = 2;
-	    kd->key_data_kvno = ent.entry.kvno;
-	    kd->key_data_type[0] = key->key.keytype;
-	    if(key->salt)
-		kd->key_data_type[1] = key->salt->type;
-	    else
-		kd->key_data_type[1] = KRB5_PADATA_PW_SALT;
-	    /* setup key */
-	    kd->key_data_length[0] = key->key.keyvalue.length;
-	    kd->key_data_contents[0] = malloc(kd->key_data_length[0]);
-	    if(kd->key_data_contents[0] == NULL){
-		ret = ENOMEM;
-		break;
-	    }
-	    memcpy(kd->key_data_contents[0], key->key.keyvalue.data, 
-		   kd->key_data_length[0]);
-	    /* setup salt */
-	    if(key->salt)
-		sp = &key->salt->salt;
-	    else
-		sp = &salt.saltvalue;
-	    kd->key_data_length[1] = sp->length;
-	    kd->key_data_contents[1] = malloc(kd->key_data_length[1]);
-	    if(kd->key_data_length[1] != 0
-	       && kd->key_data_contents[1] == NULL) {
-		memset(kd->key_data_contents[0], 0, kd->key_data_length[0]);
-		ret = ENOMEM;
-		break;
-	    }
-	    memcpy(kd->key_data_contents[1], sp->data, kd->key_data_length[1]);
-	    out->n_key_data = i + 1;
-	}
-	krb5_free_salt(context->context, salt);
-    }
-    if(ret){
-	kadm5_free_principal_ent(context, out);
-	goto out;
-    }
-    if(mask & KADM5_TL_DATA) {
-	time_t last_pw_expire;
-	const HDB_Ext_Aliases *aliases;
-
-	ret = hdb_entry_get_pw_change_time(&ent.entry, &last_pw_expire);
-	if (ret == 0 && last_pw_expire) {
-	    unsigned char buf[4];
-	    _krb5_put_int(buf, last_pw_expire, sizeof(buf));
-	    ret = add_tl_data(out, KRB5_TL_LAST_PWD_CHANGE, buf, sizeof(buf));
-	}
-	if(ret){
-	    kadm5_free_principal_ent(context, out);
-	    goto out;
-	}
-	/* 
-	 * If the client was allowed to get key data, let it have the
-	 * password too.
-	 */
-	if(mask & KADM5_KEY_DATA) {
-	    heim_utf8_string pw;
-
-	    ret = hdb_entry_get_password(context->context, 
-					 context->db, &ent.entry, &pw);
-	    if (ret == 0) {
-		ret = add_tl_data(out, KRB5_TL_PASSWORD, pw, strlen(pw) + 1);
-		free(pw);
-	    }
-	    krb5_clear_error_string(context->context);
-	    ret = 0;
-	}
-
-	ret = hdb_entry_get_aliases(&ent.entry, &aliases);
-	if (ret == 0 && aliases) {
-	    krb5_data buf;
-	    size_t len;
-
-	    ASN1_MALLOC_ENCODE(HDB_Ext_Aliases, buf.data, buf.length,
-			       aliases, &len, ret);
-	    if (ret) {
-		kadm5_free_principal_ent(context, out);
-		goto out;
-	    }
-	    if (len != buf.length)
-		krb5_abortx(context->context,
-			    "internal ASN.1 encoder error");
-	    ret = add_tl_data(out, KRB5_TL_ALIASES, buf.data, buf.length);
-	    free(buf.data);
-	    if (ret) {
-		kadm5_free_principal_ent(context, out);
-		goto out;
-	    }
-	}
-	if(ret){
-	    kadm5_free_principal_ent(context, out);
-	    goto out;
-	}
-
-    }
-out:
-    hdb_free_entry(context->context, &ent);
-
-    return _kadm5_error_code(ret);
-}
diff --git a/crypto/heimdal/lib/kadm5/init_c.c b/crypto/heimdal/lib/kadm5/init_c.c
deleted file mode 100644
index be539924b4bc..000000000000
--- a/crypto/heimdal/lib/kadm5/init_c.c
+++ /dev/null
@@ -1,783 +0,0 @@
-/*
- * Copyright (c) 1997 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <netdb.h>
-
-RCSID("$Id: init_c.c 21972 2007-10-18 19:11:15Z lha $");
-
-static void
-set_funcs(kadm5_client_context *c)
-{
-#define SET(C, F) (C)->funcs.F = kadm5 ## _c_ ## F
-    SET(c, chpass_principal);
-    SET(c, chpass_principal_with_key);
-    SET(c, create_principal);
-    SET(c, delete_principal);
-    SET(c, destroy);
-    SET(c, flush);
-    SET(c, get_principal);
-    SET(c, get_principals);
-    SET(c, get_privs);
-    SET(c, modify_principal);
-    SET(c, randkey_principal);
-    SET(c, rename_principal);
-}
-
-kadm5_ret_t
-_kadm5_c_init_context(kadm5_client_context **ctx, 
-		      kadm5_config_params *params,
-		      krb5_context context)
-{
-    krb5_error_code ret;
-    char *colon;
-
-    *ctx = malloc(sizeof(**ctx));
-    if(*ctx == NULL)
-	return ENOMEM;
-    memset(*ctx, 0, sizeof(**ctx));
-    krb5_add_et_list (context, initialize_kadm5_error_table_r);
-    set_funcs(*ctx);
-    (*ctx)->context = context;
-    if(params->mask & KADM5_CONFIG_REALM) {
-	ret = 0;
-	(*ctx)->realm = strdup(params->realm);
-	if ((*ctx)->realm == NULL)
-	    ret = ENOMEM;
-    } else
-	ret = krb5_get_default_realm((*ctx)->context, &(*ctx)->realm);
-    if (ret) {
-	free(*ctx);
-	return ret;
-    }
-    if(params->mask & KADM5_CONFIG_ADMIN_SERVER)
-	(*ctx)->admin_server = strdup(params->admin_server);
-    else {
-	char **hostlist;
-
-	ret = krb5_get_krb_admin_hst (context, &(*ctx)->realm, &hostlist);
-	if (ret) {
-	    free((*ctx)->realm);
-	    free(*ctx);
-	    return ret;
-	}
-	(*ctx)->admin_server = strdup(*hostlist);
-	krb5_free_krbhst (context, hostlist);
-    }
-
-    if ((*ctx)->admin_server == NULL) {
-	free((*ctx)->realm);
-	free(*ctx);
-	return ENOMEM;
-    }
-    colon = strchr ((*ctx)->admin_server, ':');
-    if (colon != NULL)
-	*colon++ = '\0';
-
-    (*ctx)->kadmind_port = 0;
-
-    if(params->mask & KADM5_CONFIG_KADMIND_PORT)
-	(*ctx)->kadmind_port = params->kadmind_port;
-    else if (colon != NULL) {
-	char *end;
-
-	(*ctx)->kadmind_port = htons(strtol (colon, &end, 0));
-    }
-    if ((*ctx)->kadmind_port == 0)
-	(*ctx)->kadmind_port = krb5_getportbyname (context, "kerberos-adm", 
-						   "tcp", 749);
-    return 0;
-}
-
-static krb5_error_code
-get_kadm_ticket(krb5_context context,
-		krb5_ccache id,
-		krb5_principal client,
-		const char *server_name)
-{
-    krb5_error_code ret;
-    krb5_creds in, *out;
-    
-    memset(&in, 0, sizeof(in));
-    in.client = client;
-    ret = krb5_parse_name(context, server_name, &in.server);
-    if(ret) 
-	return ret;
-    ret = krb5_get_credentials(context, 0, id, &in, &out);
-    if(ret == 0)
-	krb5_free_creds(context, out);
-    krb5_free_principal(context, in.server);
-    return ret;
-}
-
-static krb5_error_code
-get_new_cache(krb5_context context,
-	      krb5_principal client,
-	      const char *password,
-	      krb5_prompter_fct prompter,
-	      const char *keytab,
-	      const char *server_name,
-	      krb5_ccache *ret_cache)
-{
-    krb5_error_code ret;
-    krb5_creds cred;
-    krb5_get_init_creds_opt *opt;
-    krb5_ccache id;
-    
-    ret = krb5_get_init_creds_opt_alloc (context, &opt);
-    if (ret)
-	return ret;
-
-    krb5_get_init_creds_opt_set_default_flags(context, "kadmin", 
-					      krb5_principal_get_realm(context, 
-								       client), 
-					      opt);
-
-
-    krb5_get_init_creds_opt_set_forwardable (opt, FALSE);
-    krb5_get_init_creds_opt_set_proxiable (opt, FALSE);
-
-    if(password == NULL && prompter == NULL) {
-	krb5_keytab kt;
-	if(keytab == NULL)
-	    ret = krb5_kt_default(context, &kt);
-	else
-	    ret = krb5_kt_resolve(context, keytab, &kt);
-	if(ret) {
-	    krb5_get_init_creds_opt_free(context, opt);
-	    return ret;
-	}
-	ret = krb5_get_init_creds_keytab (context,
-					  &cred,
-					  client,
-					  kt,
-					  0,
-					  server_name,
-					  opt);
-	krb5_kt_close(context, kt);
-    } else {
-	ret = krb5_get_init_creds_password (context,
-					    &cred,
-					    client,
-					    password,
-					    prompter,
-					    NULL,
-					    0,
-					    server_name,
-					    opt);
-    }
-    krb5_get_init_creds_opt_free(context, opt);
-    switch(ret){
-    case 0:
-	break;
-    case KRB5_LIBOS_PWDINTR:	/* don't print anything if it was just C-c:ed */
-    case KRB5KRB_AP_ERR_BAD_INTEGRITY:
-    case KRB5KRB_AP_ERR_MODIFIED:
-	return KADM5_BAD_PASSWORD;
-    default:
-	return ret;
-    }
-    ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &id);
-    if(ret)
-	return ret;
-    ret = krb5_cc_initialize (context, id, cred.client);
-    if (ret)
-	return ret;
-    ret = krb5_cc_store_cred (context, id, &cred);
-    if (ret)
-	return ret;
-    krb5_free_cred_contents (context, &cred);
-    *ret_cache = id;
-    return 0;
-}
-
-/*
- * Check the credential cache `id� to figure out what principal to use
- * when talking to the kadmind. If there is a initial kadmin/admin@
- * credential in the cache, use that client principal. Otherwise, use
- * the client principals first component and add /admin to the
- * principal.
- */
-
-static krb5_error_code
-get_cache_principal(krb5_context context,
-		    krb5_ccache *id,
-		    krb5_principal *client)
-{
-    krb5_error_code ret;
-    const char *name, *inst;
-    krb5_principal p1, p2;
-
-    ret = krb5_cc_default(context, id);
-    if(ret) {
-	*id = NULL;
-	return ret;
-    }
-    
-    ret = krb5_cc_get_principal(context, *id, &p1);
-    if(ret) {
-	krb5_cc_close(context, *id);
-	*id = NULL;
-	return ret;
-    }
-
-    ret = krb5_make_principal(context, &p2, NULL, 
-			      "kadmin", "admin", NULL);
-    if (ret) {
-	krb5_cc_close(context, *id);
-	*id = NULL;
-	krb5_free_principal(context, p1);
-	return ret;
-    }
-
-    {
-	krb5_creds in, *out;
-	krb5_kdc_flags flags;
-
-	flags.i = 0;
-	memset(&in, 0, sizeof(in));
-
-	in.client = p1;
-	in.server = p2;
-
-	/* check for initial ticket kadmin/admin */
-	ret = krb5_get_credentials_with_flags(context, KRB5_GC_CACHED, flags,
-					      *id, &in, &out);
-	krb5_free_principal(context, p2);
-	if (ret == 0) {
-	    if (out->flags.b.initial) {
-		*client = p1;
-		krb5_free_creds(context, out);
-		return 0;
-	    }
-	    krb5_free_creds(context, out);
-	}
-    }
-    krb5_cc_close(context, *id);
-    *id = NULL;
-
-    name = krb5_principal_get_comp_string(context, p1, 0);
-    inst = krb5_principal_get_comp_string(context, p1, 1);
-    if(inst == NULL || strcmp(inst, "admin") != 0) {
-	ret = krb5_make_principal(context, &p2, NULL, name, "admin", NULL);
-	krb5_free_principal(context, p1);
-	if(ret != 0)
-	    return ret;
-
-	*client = p2;
-	return 0;
-    }
-
-    *client = p1;
-
-    return 0;
-}
-
-krb5_error_code
-_kadm5_c_get_cred_cache(krb5_context context,
-			const char *client_name,
-			const char *server_name,
-			const char *password,
-			krb5_prompter_fct prompter,
-			const char *keytab,
-			krb5_ccache ccache,
-			krb5_ccache *ret_cache)
-{
-    krb5_error_code ret;
-    krb5_ccache id = NULL;
-    krb5_principal default_client = NULL, client = NULL;
-    
-    /* treat empty password as NULL */
-    if(password && *password == '\0')
-	password = NULL;
-    if(server_name == NULL)
-	server_name = KADM5_ADMIN_SERVICE;
-    
-    if(client_name != NULL) {
-	ret = krb5_parse_name(context, client_name, &client);
-	if(ret) 
-	    return ret;
-    }
-
-    if(ccache != NULL) {
-	id = ccache;
-	ret = krb5_cc_get_principal(context, id, &client);
-	if(ret)
-	    return ret;
-    } else {
-	/* get principal from default cache, ok if this doesn't work */
-
-	ret = get_cache_principal(context, &id, &default_client);
-	if (ret) {
-	    /* 
-	     * No client was specified by the caller and we cannot
-	     * determine the client from a credentials cache.
-	     */
-	    const char *user;
-
-	    user = get_default_username ();
-
-	    if(user == NULL) {
-		krb5_set_error_string(context, "Unable to find local user name");
-		return KADM5_FAILURE;
-	    }
-	    ret = krb5_make_principal(context, &default_client, 
-				      NULL, user, "admin", NULL);
-	    if(ret)
-		return ret;
-	}
-    }
-
-
-    /*
-     * No client was specified by the caller, but we have a client
-     * from the default credentials cache.
-     */
-    if (client == NULL && default_client != NULL)
-	client = default_client;
-
-    
-    if(id && (default_client == NULL || 
-	      krb5_principal_compare(context, client, default_client))) {
-	ret = get_kadm_ticket(context, id, client, server_name);
-	if(ret == 0) {
-	    *ret_cache = id;
-	    krb5_free_principal(context, default_client);
-	    if (default_client != client)
-		krb5_free_principal(context, client);
-	    return 0;
-	}
-	if(ccache != NULL)
-	    /* couldn't get ticket from cache */
-	    return -1;
-    }
-    /* get creds via AS request */
-    if(id && (id != ccache))
-	krb5_cc_close(context, id);
-    if (client != default_client)
-	krb5_free_principal(context, default_client);
-
-    ret = get_new_cache(context, client, password, prompter, keytab, 
-			server_name, ret_cache);
-    krb5_free_principal(context, client);
-    return ret;
-}
-
-static kadm5_ret_t
-kadm_connect(kadm5_client_context *ctx)
-{
-    kadm5_ret_t ret;
-    krb5_principal server;
-    krb5_ccache cc;
-    int s;
-    struct addrinfo *ai, *a;
-    struct addrinfo hints;
-    int error;
-    char portstr[NI_MAXSERV];
-    char *hostname, *slash;
-    char *service_name;
-    krb5_context context = ctx->context;
-
-    memset (&hints, 0, sizeof(hints));
-    hints.ai_socktype = SOCK_STREAM;
-    hints.ai_protocol = IPPROTO_TCP;
-    
-    snprintf (portstr, sizeof(portstr), "%u", ntohs(ctx->kadmind_port));
-
-    hostname = ctx->admin_server;
-    slash = strchr (hostname, '/');
-    if (slash != NULL)
-	hostname = slash + 1;
-
-    error = getaddrinfo (hostname, portstr, &hints, &ai);
-    if (error) {
-	krb5_clear_error_string(context);
-	return KADM5_BAD_SERVER_NAME;
-    }
-    
-    for (a = ai; a != NULL; a = a->ai_next) {
-	s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
-	if (s < 0)
-	    continue;
-	if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
-	    krb5_clear_error_string(context);
-	    krb5_warn (context, errno, "connect(%s)", hostname);
-	    close (s);
-	    continue;
-	}
-	break;
-    }
-    if (a == NULL) {
-	freeaddrinfo (ai);
-	krb5_clear_error_string(context);
-	krb5_warnx (context, "failed to contact %s", hostname);
-	return KADM5_FAILURE;
-    }
-    ret = _kadm5_c_get_cred_cache(context,
-				  ctx->client_name, 
-				  ctx->service_name, 
-				  NULL, ctx->prompter, ctx->keytab, 
-				  ctx->ccache, &cc);
-    
-    if(ret) {
-	freeaddrinfo (ai);
-	close(s);
-	return ret;
-    }
-
-    if (ctx->realm)
-	asprintf(&service_name, "%s@%s", KADM5_ADMIN_SERVICE, ctx->realm);
-    else
-	asprintf(&service_name, "%s", KADM5_ADMIN_SERVICE);
-
-    if (service_name == NULL) {
-	freeaddrinfo (ai);
-	close(s);
-	krb5_clear_error_string(context);
-	return ENOMEM;
-    }
-
-    ret = krb5_parse_name(context, service_name, &server);
-    free(service_name);
-    if(ret) {
-	freeaddrinfo (ai);
-	if(ctx->ccache == NULL)
-	    krb5_cc_close(context, cc);
-	close(s);
-	return ret;
-    }
-    ctx->ac = NULL;
-
-    ret = krb5_sendauth(context, &ctx->ac, &s, 
-			KADMIN_APPL_VERSION, NULL, 
-			server, AP_OPTS_MUTUAL_REQUIRED, 
-			NULL, NULL, cc, NULL, NULL, NULL);
-    if(ret == 0) {
-	krb5_data params;
-	kadm5_config_params p;
-	memset(&p, 0, sizeof(p));
-	if(ctx->realm) {
-	    p.mask |= KADM5_CONFIG_REALM;
-	    p.realm = ctx->realm;
-	}
-	ret = _kadm5_marshal_params(context, &p, &params);
-	
-	ret = krb5_write_priv_message(context, ctx->ac, &s, &params);
-	krb5_data_free(&params);
-	if(ret) {
-	    freeaddrinfo (ai);
-	    close(s);
-	    if(ctx->ccache == NULL)
-		krb5_cc_close(context, cc);
-	    return ret;
-	}
-    } else if(ret == KRB5_SENDAUTH_BADAPPLVERS) {
-	close(s);
-
-	s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
-	if (s < 0) {
-	    freeaddrinfo (ai);
-	    krb5_clear_error_string(context);
-	    return errno;
-	}
-	if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
-	    close (s);
-	    freeaddrinfo (ai);
-	    krb5_clear_error_string(context);
-	    return errno;
-	}
-	ret = krb5_sendauth(context, &ctx->ac, &s, 
-			    KADMIN_OLD_APPL_VERSION, NULL, 
-			    server, AP_OPTS_MUTUAL_REQUIRED, 
-			    NULL, NULL, cc, NULL, NULL, NULL);
-    }
-    freeaddrinfo (ai);
-    if(ret) {
-	close(s);
-	return ret;
-    }
-    
-    krb5_free_principal(context, server);
-    if(ctx->ccache == NULL)
-	krb5_cc_close(context, cc);
-    ctx->sock = s;
-    
-    return 0;
-}
-
-kadm5_ret_t
-_kadm5_connect(void *handle)
-{
-    kadm5_client_context *ctx = handle;
-    if(ctx->sock == -1)
-	return kadm_connect(ctx);
-    return 0;
-}
-
-static kadm5_ret_t 
-kadm5_c_init_with_context(krb5_context context,
-			  const char *client_name, 
-			  const char *password,
-			  krb5_prompter_fct prompter,
-			  const char *keytab,
-			  krb5_ccache ccache,
-			  const char *service_name,
-			  kadm5_config_params *realm_params,
-			  unsigned long struct_version,
-			  unsigned long api_version,
-			  void **server_handle)
-{
-    kadm5_ret_t ret;
-    kadm5_client_context *ctx;
-    krb5_ccache cc;
-
-    ret = _kadm5_c_init_context(&ctx, realm_params, context);
-    if(ret)
-	return ret;
-
-    if(password != NULL && *password != '\0') {
-	ret = _kadm5_c_get_cred_cache(context, 
-				      client_name,
-				      service_name, 
-				      password, prompter, keytab, ccache, &cc);
-	if(ret)
-	    return ret; /* XXX */
-	ccache = cc;
-    }
-    
-
-    if (client_name != NULL)
-	ctx->client_name = strdup(client_name);
-    else
-	ctx->client_name = NULL;
-    if (service_name != NULL)
-	ctx->service_name = strdup(service_name);
-    else
-	ctx->service_name = NULL;
-    ctx->prompter = prompter;
-    ctx->keytab = keytab;
-    ctx->ccache = ccache;
-    /* maybe we should copy the params here */
-    ctx->sock = -1;
-    
-    *server_handle = ctx;
-    return 0;
-}
-
-static kadm5_ret_t 
-init_context(const char *client_name, 
-	     const char *password,
-	     krb5_prompter_fct prompter,
-	     const char *keytab,
-	     krb5_ccache ccache,
-	     const char *service_name,
-	     kadm5_config_params *realm_params,
-	     unsigned long struct_version,
-	     unsigned long api_version,
-	     void **server_handle)
-{
-    krb5_context context;
-    kadm5_ret_t ret;
-    kadm5_server_context *ctx;
-    
-    ret = krb5_init_context(&context);
-    if (ret)
-	return ret;
-    ret = kadm5_c_init_with_context(context,
-				    client_name,
-				    password,
-				    prompter,
-				    keytab,
-				    ccache,
-				    service_name,
-				    realm_params,
-				    struct_version,
-				    api_version,
-				    server_handle);
-    if(ret){
-	krb5_free_context(context);
-	return ret;
-    }
-    ctx = *server_handle;
-    ctx->my_context = 1;
-    return 0;
-}
-
-kadm5_ret_t 
-kadm5_c_init_with_password_ctx(krb5_context context,
-			       const char *client_name, 
-			       const char *password,
-			       const char *service_name,
-			       kadm5_config_params *realm_params,
-			       unsigned long struct_version,
-			       unsigned long api_version,
-			       void **server_handle)
-{
-    return kadm5_c_init_with_context(context,
-				     client_name,
-				     password,
-				     krb5_prompter_posix,
-				     NULL,
-				     NULL,
-				     service_name,
-				     realm_params,
-				     struct_version,
-				     api_version,
-				     server_handle);
-}
-
-kadm5_ret_t 
-kadm5_c_init_with_password(const char *client_name, 
-			   const char *password,
-			   const char *service_name,
-			   kadm5_config_params *realm_params,
-			   unsigned long struct_version,
-			   unsigned long api_version,
-			   void **server_handle)
-{
-    return init_context(client_name, 
-			password, 
-			krb5_prompter_posix,
-			NULL,
-			NULL,
-			service_name, 
-			realm_params, 
-			struct_version, 
-			api_version, 
-			server_handle);
-}
-
-kadm5_ret_t 
-kadm5_c_init_with_skey_ctx(krb5_context context,
-			   const char *client_name, 
-			   const char *keytab,
-			   const char *service_name,
-			   kadm5_config_params *realm_params,
-			   unsigned long struct_version,
-			   unsigned long api_version,
-			   void **server_handle)
-{
-    return kadm5_c_init_with_context(context,
-				     client_name,
-				     NULL,
-				     NULL,
-				     keytab,
-				     NULL,
-				     service_name,
-				     realm_params,
-				     struct_version,
-				     api_version,
-				     server_handle);
-}
-
-
-kadm5_ret_t 
-kadm5_c_init_with_skey(const char *client_name, 
-		     const char *keytab,
-		     const char *service_name,
-		     kadm5_config_params *realm_params,
-		     unsigned long struct_version,
-		     unsigned long api_version,
-		     void **server_handle)
-{
-    return init_context(client_name, 
-			NULL,
-			NULL,
-			keytab,
-			NULL,
-			service_name, 
-			realm_params, 
-			struct_version, 
-			api_version, 
-			server_handle);
-}
-
-kadm5_ret_t 
-kadm5_c_init_with_creds_ctx(krb5_context context,
-			    const char *client_name,
-			    krb5_ccache ccache,
-			    const char *service_name,
-			    kadm5_config_params *realm_params,
-			    unsigned long struct_version,
-			    unsigned long api_version,
-			    void **server_handle)
-{
-    return kadm5_c_init_with_context(context,
-				     client_name,
-				     NULL,
-				     NULL,
-				     NULL,
-				     ccache,
-				     service_name,
-				     realm_params,
-				     struct_version,
-				     api_version,
-				     server_handle);
-}
-
-kadm5_ret_t 
-kadm5_c_init_with_creds(const char *client_name,
-			krb5_ccache ccache,
-			const char *service_name,
-			kadm5_config_params *realm_params,
-			unsigned long struct_version,
-			unsigned long api_version,
-			void **server_handle)
-{
-    return init_context(client_name, 
-			NULL,
-			NULL,
-			NULL,
-			ccache,
-			service_name, 
-			realm_params, 
-			struct_version, 
-			api_version, 
-			server_handle);
-}
-
-#if 0
-kadm5_ret_t 
-kadm5_init(char *client_name, char *pass,
-	   char *service_name,
-	   kadm5_config_params *realm_params,
-	   unsigned long struct_version,
-	   unsigned long api_version,
-	   void **server_handle)
-{
-}
-#endif
-
diff --git a/crypto/heimdal/lib/kadm5/init_s.c b/crypto/heimdal/lib/kadm5/init_s.c
deleted file mode 100644
index dee464b4b9a4..000000000000
--- a/crypto/heimdal/lib/kadm5/init_s.c
+++ /dev/null
@@ -1,238 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: init_s.c 9441 2000-12-31 08:01:16Z assar $");
-
-
-static kadm5_ret_t 
-kadm5_s_init_with_context(krb5_context context,
-			  const char *client_name, 
-			  const char *service_name,
-			  kadm5_config_params *realm_params,
-			  unsigned long struct_version,
-			  unsigned long api_version,
-			  void **server_handle)
-{
-    kadm5_ret_t ret;
-    kadm5_server_context *ctx;
-    ret = _kadm5_s_init_context(&ctx, realm_params, context);
-    if(ret)
-	return ret;
-
-    assert(ctx->config.dbname != NULL);
-    assert(ctx->config.stash_file != NULL);
-    assert(ctx->config.acl_file != NULL);
-    assert(ctx->log_context.log_file != NULL);
-    assert(ctx->log_context.socket_name.sun_path[0] != '\0');
-
-    ret = hdb_create(ctx->context, &ctx->db, ctx->config.dbname);
-    if(ret)
-	return ret;
-    ret = hdb_set_master_keyfile (ctx->context, 
-				  ctx->db, ctx->config.stash_file);
-    if(ret)
-	return ret;
-
-    ctx->log_context.log_fd   = -1;
-
-    ctx->log_context.socket_fd = socket (AF_UNIX, SOCK_DGRAM, 0);
-
-    ret = krb5_parse_name(ctx->context, client_name, &ctx->caller);
-    if(ret)
-	return ret;
-
-    ret = _kadm5_acl_init(ctx);
-    if(ret)
-	return ret;
-    
-    *server_handle = ctx;
-    return 0;
-}
-
-kadm5_ret_t 
-kadm5_s_init_with_password_ctx(krb5_context context,
-			       const char *client_name, 
-			       const char *password,
-			       const char *service_name,
-			       kadm5_config_params *realm_params,
-			       unsigned long struct_version,
-			       unsigned long api_version,
-			       void **server_handle)
-{
-    return kadm5_s_init_with_context(context,
-				     client_name,
-				     service_name,
-				     realm_params,
-				     struct_version,
-				     api_version,
-				     server_handle);
-}
-
-kadm5_ret_t 
-kadm5_s_init_with_password(const char *client_name, 
-			   const char *password,
-			   const char *service_name,
-			   kadm5_config_params *realm_params,
-			   unsigned long struct_version,
-			   unsigned long api_version,
-			   void **server_handle)
-{
-    krb5_context context;
-    kadm5_ret_t ret;
-    kadm5_server_context *ctx;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	return ret;
-    ret = kadm5_s_init_with_password_ctx(context, 
-					 client_name, 
-					 password, 
-					 service_name, 
-					 realm_params, 
-					 struct_version, 
-					 api_version, 
-					 server_handle);
-    if(ret){
-	krb5_free_context(context);
-	return ret;
-    }
-    ctx = *server_handle;
-    ctx->my_context = 1;
-    return 0;
-}
-
-kadm5_ret_t 
-kadm5_s_init_with_skey_ctx(krb5_context context,
-			   const char *client_name, 
-			   const char *keytab,
-			   const char *service_name,
-			   kadm5_config_params *realm_params,
-			   unsigned long struct_version,
-			   unsigned long api_version,
-			   void **server_handle)
-{
-    return kadm5_s_init_with_context(context,
-				     client_name,
-				     service_name,
-				     realm_params,
-				     struct_version,
-				     api_version,
-				     server_handle);
-}
-
-kadm5_ret_t 
-kadm5_s_init_with_skey(const char *client_name,
-		       const char *keytab,
-		       const char *service_name,
-		       kadm5_config_params *realm_params,
-		       unsigned long struct_version,
-		       unsigned long api_version,
-		       void **server_handle)
-{
-    krb5_context context;
-    kadm5_ret_t ret;
-    kadm5_server_context *ctx;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	return ret;
-    ret = kadm5_s_init_with_skey_ctx(context, 
-				     client_name, 
-				     keytab, 
-				     service_name, 
-				     realm_params, 
-				     struct_version, 
-				     api_version, 
-				     server_handle);
-    if(ret){
-	krb5_free_context(context);
-	return ret;
-    }
-    ctx = *server_handle;
-    ctx->my_context = 1;
-    return 0;
-}
-
-kadm5_ret_t 
-kadm5_s_init_with_creds_ctx(krb5_context context,
-			    const char *client_name,
-			    krb5_ccache ccache,
-			    const char *service_name,
-			    kadm5_config_params *realm_params,
-			    unsigned long struct_version,
-			    unsigned long api_version,
-			    void **server_handle)
-{
-    return kadm5_s_init_with_context(context,
-				     client_name,
-				     service_name,
-				     realm_params,
-				     struct_version,
-				     api_version,
-				     server_handle);
-}
-
-kadm5_ret_t 
-kadm5_s_init_with_creds(const char *client_name,
-			krb5_ccache ccache,
-			const char *service_name,
-			kadm5_config_params *realm_params,
-			unsigned long struct_version,
-			unsigned long api_version,
-			void **server_handle)
-{
-    krb5_context context;
-    kadm5_ret_t ret;
-    kadm5_server_context *ctx;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	return ret;
-    ret = kadm5_s_init_with_creds_ctx(context, 
-				      client_name, 
-				      ccache, 
-				      service_name, 
-				      realm_params, 
-				      struct_version, 
-				      api_version, 
-				      server_handle);
-    if(ret){
-	krb5_free_context(context);
-	return ret;
-    }
-    ctx = *server_handle;
-    ctx->my_context = 1;
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/iprop-commands.in b/crypto/heimdal/lib/kadm5/iprop-commands.in
deleted file mode 100644
index 438594e01f59..000000000000
--- a/crypto/heimdal/lib/kadm5/iprop-commands.in
+++ /dev/null
@@ -1,130 +0,0 @@
-/*
- * Copyright (c) 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-/* $Id: iprop-commands.in 20602 2007-05-08 03:08:35Z lha $ */
-
-command = {
-	name = "dump"
-	option = {
-		long = "config-file"
-		short = "c"
-		type = "string"
-		help = "configuration file"
-		argument = "file"
-	}
-	option = {
-		long = "realm"
-		short = "r"
-		type = "string"
-		help = "realm"
-	}
-	function = "iprop_dump"
-	help = "Prints the iprop transaction log in text."
-	max_args = "0"
-}
-command = {
-	name = "truncate"
-	option = {
-		long = "config-file"
-		short = "c"
-		type = "string"
-		help = "configuration file"
-		argument = "file"
-	}
-	option = {
-		long = "realm"
-		short = "r"
-		type = "string"
-		help = "realm"
-	}
-	function = "iprop_truncate"
-	help = "Truncate the log, preserve the version number."
-	max_args = "0"
-}
-command = {
-	name = "replay"
-	option = {
-		long = "start-version"
-		type = "integer"
-		help = "start replay with this version"
-		argument = "version-number"
-		default = "-1"
-	}
-	option = {
-		long = "end-version"
-		type = "integer"
-		help = "end replay with this version"
-		argument = "version-number"
-		default = "-1"
-	}
-	option = {
-		long = "config-file"
-		short = "c"
-		type = "string"
-		help = "configuration file"
-		argument = "file"
-	}
-	option = {
-		long = "realm"
-		short = "r"
-		type = "string"
-		help = "realm"
-	}
-	function = "iprop_replay"
-	help = "Replay the log on the database."
-	max_args = "0"
-}
-command = {
-	name = "last-version"
-	option = {
-		long = "config-file"
-		short = "c"
-		type = "string"
-		help = "configuration file"
-		argument = "file"
-	}
-	option = {
-		long = "realm"
-		short = "r"
-		type = "string"
-		help = "realm"
-	}
-	function = "last_version"
-	help = "Print the last version of the log-file."
-	max_args = "0"
-}
-command = {
-	name = "help"
-	argument = "command"
-	max_args = "1"
-	function = "help"
-}
diff --git a/crypto/heimdal/lib/kadm5/iprop-log.8 b/crypto/heimdal/lib/kadm5/iprop-log.8
deleted file mode 100644
index 599046b93fc3..000000000000
--- a/crypto/heimdal/lib/kadm5/iprop-log.8
+++ /dev/null
@@ -1,170 +0,0 @@
-.\" $Id: iprop-log.8 21713 2007-07-27 14:38:49Z lha $
-.\" 
-.\" Copyright (c) 2005 - 2007 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\"
-.\"	$Id: iprop-log.8 21713 2007-07-27 14:38:49Z lha $
-.\"
-.Dd February 18, 2007
-.Dt IPROP-LOG 8
-.Os Heimdal
-.Sh NAME
-.Nm iprop-log
-.Nd
-maintain the iprop log file
-.Sh SYNOPSIS
-.Nm
-.Op Fl -version
-.Op Fl h | Fl -help
-.Ar command
-.Pp
-.Nm iprop-log truncate
-.Oo Fl c Ar file \*(Ba Xo
-.Fl -config-file= Ns Ar file
-.Xc
-.Oc
-.Oo Fl r Ar string \*(Ba Xo
-.Fl -realm= Ns Ar string
-.Xc
-.Oc
-.Op Fl h | Fl -help
-.Pp
-.Nm iprop-log dump
-.Oo Fl c Ar file \*(Ba Xo
-.Fl -config-file= Ns Ar file
-.Xc
-.Oc
-.Oo Fl r Ar string \*(Ba Xo
-.Fl -realm= Ns Ar string
-.Xc
-.Oc
-.Op Fl h | Fl -help
-.Pp
-.Nm iprop-log replay
-.Op Fl -start-version= Ns Ar version-number
-.Op Fl -end-version= Ns Ar version-number
-.Oo Fl c Ar file \*(Ba Xo
-.Fl -config-file= Ns Ar file
-.Xc
-.Oc
-.Oo Fl r Ar string \*(Ba Xo
-.Fl -realm= Ns Ar string
-.Xc
-.Oc
-.Op Fl h | Fl -help
-.Sh DESCRIPTION
-Supported options:
-.Bl -tag -width Ds
-.It Xo
-.Fl -version
-.Xc
-.It Xo
-.Fl h ,
-.Fl -help
-.Xc
-.El
-.Pp
-command can be one of the following:
-.Bl -tag -width truncate
-.It truncate
-.Bl -tag -width Ds
-.It Xo
-.Fl c Ar file ,
-.Fl -config-file= Ns Ar file
-.Xc
-configuration file
-.It Xo
-.Fl r Ar string ,
-.Fl -realm= Ns Ar string
-.Xc
-realm
-.El
-.Pp
-Truncates the log. Sets the new logs version number for the to the
-last entry of the old log.  If the log is truncted by emptying the
-file, the log will start over at the first version (0).
-.It dump
-.Bl -tag -width Ds
-.It Xo
-.Fl c Ar file ,
-.Fl -config-file= Ns Ar file
-.Xc
-configuration file
-.It Xo
-.Fl r Ar string ,
-.Fl -realm= Ns Ar string
-.Xc
-realm
-.El
-.Pp
-Print out all entires in the log to standard output.
-.It replay
-.Bl -tag -width Ds
-.It Xo
-.Fl -start-version= Ns Ar version-number
-.Xc
-start replay with this version
-.It Xo
-.Fl -end-version= Ns Ar version-number
-.Xc
-end replay with this version
-.It Xo
-.Fl c Ar file ,
-.Fl -config-file= Ns Ar file
-.Xc
-configuration file
-.It Xo
-.Fl r Ar string ,
-.Fl -realm= Ns Ar string
-.Xc
-realm
-.El
-.Pp
-Replay the changes from specified entries (or all if none is
-specified) in the transaction log to the database.
-.It last-version
-.Bl -tag -width Ds
-.It Xo
-.Fl c Ar file ,
-.Fl -config-file= Ns Ar file
-.Xc
-configuration file
-.It Xo
-.Fl r Ar string ,
-.Fl -realm= Ns Ar string
-.Xc
-realm
-.El
-.Pp
-prints the version of the last log entry.
-.El
-.Sh SEE ALSO
-.Xr iprop 8
diff --git a/crypto/heimdal/lib/kadm5/iprop-log.c b/crypto/heimdal/lib/kadm5/iprop-log.c
deleted file mode 100644
index 7b43076832c3..000000000000
--- a/crypto/heimdal/lib/kadm5/iprop-log.c
+++ /dev/null
@@ -1,486 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "iprop.h"
-#include <sl.h>
-#include <parse_time.h>
-#include "iprop-commands.h"
-
-RCSID("$Id: iprop-log.c 22211 2007-12-07 19:27:27Z lha $");
-
-static krb5_context context;
-
-static kadm5_server_context *
-get_kadmin_context(const char *config_file, char *realm)
-{
-    kadm5_config_params conf;
-    krb5_error_code ret;
-    void *kadm_handle;
-    char **files;
-
-    if (config_file == NULL) {
-	char *file;
-	asprintf(&file, "%s/kdc.conf", hdb_db_dir(context));
-	if (file == NULL)
-	    errx(1, "out of memory");
-	config_file = file;
-    }
-
-    ret = krb5_prepend_config_files_default(config_file, &files);
-    if (ret)
-	krb5_err(context, 1, ret, "getting configuration files");
-
-    ret = krb5_set_config_files(context, files);
-    krb5_free_config_files(files);
-    if (ret)
-	krb5_err(context, 1, ret, "reading configuration files");
-
-    memset(&conf, 0, sizeof(conf));
-    if(realm) {
-	conf.mask |= KADM5_CONFIG_REALM;
-	conf.realm = realm;
-    }
-
-    ret = kadm5_init_with_password_ctx (context,
-					KADM5_ADMIN_SERVICE,
-					NULL,
-					KADM5_ADMIN_SERVICE,
-					&conf, 0, 0, 
-					&kadm_handle);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_init_with_password_ctx");
-
-    return (kadm5_server_context *)kadm_handle;
-}
-
-/*
- * dump log
- */
-
-static const char *op_names[] = {
-    "get",
-    "delete",
-    "create",
-    "rename",
-    "chpass",
-    "modify",
-    "randkey",
-    "get_privs",
-    "get_princs",
-    "chpass_with_key",
-    "nop"
-};
-
-static void
-print_entry(kadm5_server_context *server_context,
-	    uint32_t ver,
-	    time_t timestamp,
-	    enum kadm_ops op,
-	    uint32_t len,
-	    krb5_storage *sp,
-	    void *ctx)
-{
-    char t[256];
-    int32_t mask;
-    hdb_entry ent;
-    krb5_principal source;
-    char *name1, *name2;
-    krb5_data data;
-    krb5_context scontext = server_context->context;
-
-    off_t end = krb5_storage_seek(sp, 0, SEEK_CUR) + len;
-    
-    krb5_error_code ret;
-
-    strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S", localtime(&timestamp));
-
-    if(op < kadm_get || op > kadm_nop) {
-	printf("unknown op: %d\n", op);
-	krb5_storage_seek(sp, end, SEEK_SET);
-	return;
-    }
-
-    printf ("%s: ver = %u, timestamp = %s, len = %u\n",
-	    op_names[op], ver, t, len);
-    switch(op) {
-    case kadm_delete:
-	krb5_ret_principal(sp, &source);
-	krb5_unparse_name(scontext, source, &name1);
-	printf("    %s\n", name1);
-	free(name1);
-	krb5_free_principal(scontext, source);
-	break;
-    case kadm_rename:
-	ret = krb5_data_alloc(&data, len);
-	if (ret)
-	    krb5_err (scontext, 1, ret, "kadm_rename: data alloc: %d", len);
-	krb5_ret_principal(sp, &source);
-	krb5_storage_read(sp, data.data, data.length);
-	hdb_value2entry(scontext, &data, &ent);
-	krb5_unparse_name(scontext, source, &name1);
-	krb5_unparse_name(scontext, ent.principal, &name2);
-	printf("    %s -> %s\n", name1, name2);
-	free(name1);
-	free(name2);
-	krb5_free_principal(scontext, source);
-	free_hdb_entry(&ent);
-	break;
-    case kadm_create:
-	ret = krb5_data_alloc(&data, len);
-	if (ret)
-	    krb5_err (scontext, 1, ret, "kadm_create: data alloc: %d", len);
-	krb5_storage_read(sp, data.data, data.length);
-	ret = hdb_value2entry(scontext, &data, &ent);
-	if(ret)
-	    abort();
-	mask = ~0;
-	goto foo;
-    case kadm_modify:
-	ret = krb5_data_alloc(&data, len);
-	if (ret)
-	    krb5_err (scontext, 1, ret, "kadm_modify: data alloc: %d", len);
-	krb5_ret_int32(sp, &mask);
-	krb5_storage_read(sp, data.data, data.length);
-	ret = hdb_value2entry(scontext, &data, &ent);
-	if(ret)
-	    abort();
-    foo:
-	if(ent.principal /* mask & KADM5_PRINCIPAL */) {
-	    krb5_unparse_name(scontext, ent.principal, &name1);
-	    printf("    principal = %s\n", name1);
-	    free(name1);
-	}
-	if(mask & KADM5_PRINC_EXPIRE_TIME) {
-	    if(ent.valid_end == NULL) {
-		strlcpy(t, "never", sizeof(t));
-	    } else {
-		strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S", 
-			 localtime(ent.valid_end));
-	    }
-	    printf("    expires = %s\n", t);
-	}
-	if(mask & KADM5_PW_EXPIRATION) {
-	    if(ent.pw_end == NULL) {
-		strlcpy(t, "never", sizeof(t));
-	    } else {
-		strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S", 
-			 localtime(ent.pw_end));
-	    }
-	    printf("    password exp = %s\n", t);
-	}
-	if(mask & KADM5_LAST_PWD_CHANGE) {
-	}
-	if(mask & KADM5_ATTRIBUTES) {
-	    unparse_flags(HDBFlags2int(ent.flags), 
-			  asn1_HDBFlags_units(), t, sizeof(t));
-	    printf("    attributes = %s\n", t);
-	}
-	if(mask & KADM5_MAX_LIFE) {
-	    if(ent.max_life == NULL)
-		strlcpy(t, "for ever", sizeof(t));
-	    else
-		unparse_time(*ent.max_life, t, sizeof(t));
-	    printf("    max life = %s\n", t);
-	}
-	if(mask & KADM5_MAX_RLIFE) {
-	    if(ent.max_renew == NULL)
-		strlcpy(t, "for ever", sizeof(t));
-	    else
-		unparse_time(*ent.max_renew, t, sizeof(t));
-	    printf("    max rlife = %s\n", t);
-	}
-	if(mask & KADM5_MOD_TIME) {
-	    printf("    mod time\n");
-	}
-	if(mask & KADM5_MOD_NAME) {
-	    printf("    mod name\n");
-	}
-	if(mask & KADM5_KVNO) {
-	    printf("    kvno = %d\n", ent.kvno);
-	}
-	if(mask & KADM5_MKVNO) {
-	    printf("    mkvno\n");
-	}
-	if(mask & KADM5_AUX_ATTRIBUTES) {
-	    printf("    aux attributes\n");
-	}
-	if(mask & KADM5_POLICY) {
-	    printf("    policy\n");
-	}
-	if(mask & KADM5_POLICY_CLR) {
-	    printf("    mod time\n");
-	}
-	if(mask & KADM5_LAST_SUCCESS) {
-	    printf("    last success\n");
-	}
-	if(mask & KADM5_LAST_FAILED) {
-	    printf("    last failed\n");
-	}
-	if(mask & KADM5_FAIL_AUTH_COUNT) {
-	    printf("    fail auth count\n");
-	}
-	if(mask & KADM5_KEY_DATA) {
-	    printf("    key data\n");
-	}
-	if(mask & KADM5_TL_DATA) {
-	    printf("    tl data\n");
-	}
-	free_hdb_entry(&ent);
-	break;
-    case kadm_nop :
-	break;
-    default:
-	abort();
-    }
-    krb5_storage_seek(sp, end, SEEK_SET);
-}
-
-int
-iprop_dump(struct dump_options *opt, int argc, char **argv)
-{
-    kadm5_server_context *server_context;
-    krb5_error_code ret;
-
-    server_context = get_kadmin_context(opt->config_file_string, 
-					opt->realm_string);
-
-    ret = kadm5_log_init (server_context);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_log_init");
-
-    ret = kadm5_log_foreach (server_context, print_entry, NULL);
-    if(ret)
-	krb5_warn(context, ret, "kadm5_log_foreach");
-
-    ret = kadm5_log_end (server_context);
-    if (ret)
-	krb5_warn(context, ret, "kadm5_log_end");
-    return 0;
-}
-
-int
-iprop_truncate(struct truncate_options *opt, int argc, char **argv)
-{
-    kadm5_server_context *server_context;
-    krb5_error_code ret;
-
-    server_context = get_kadmin_context(opt->config_file_string, 
-					opt->realm_string);
-
-    ret = kadm5_log_truncate (server_context);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_log_truncate");
-
-    return 0;
-}
-
-int
-last_version(struct last_version_options *opt, int argc, char **argv)
-{
-    kadm5_server_context *server_context;
-    krb5_error_code ret;
-    uint32_t version;
-
-    server_context = get_kadmin_context(opt->config_file_string, 
-					opt->realm_string);
-
-    ret = kadm5_log_init (server_context);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_log_init");
-
-    ret = kadm5_log_get_version (server_context, &version);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_log_get_version");
-
-    ret = kadm5_log_end (server_context);
-    if (ret)
-	krb5_warn(context, ret, "kadm5_log_end");
-
-    printf("version: %lu\n", (unsigned long)version);
-
-    return 0;
-}
-
-/*
- * Replay log
- */
-
-int start_version = -1;
-int end_version = -1;
-
-static void
-apply_entry(kadm5_server_context *server_context,
-	    uint32_t ver,
-	    time_t timestamp,
-	    enum kadm_ops op,
-	    uint32_t len,
-	    krb5_storage *sp, 
-	    void *ctx)
-{
-    struct replay_options *opt = ctx;
-    krb5_error_code ret;
-
-    if((opt->start_version_integer != -1 && ver < opt->start_version_integer) ||
-       (opt->end_version_integer != -1 && ver > opt->end_version_integer)) {
-	/* XXX skip this entry */
-	krb5_storage_seek(sp, len, SEEK_CUR);
-	return;
-    }
-    printf ("ver %u... ", ver);
-    fflush (stdout);
-
-    ret = kadm5_log_replay (server_context,
-			    op, ver, len, sp);
-    if (ret)
-	krb5_warn (server_context->context, ret, "kadm5_log_replay");
-    
-    printf ("done\n");
-}
-
-int
-iprop_replay(struct replay_options *opt, int argc, char **argv)
-{
-    kadm5_server_context *server_context;
-    krb5_error_code ret;
-
-    server_context = get_kadmin_context(opt->config_file_string, 
-					opt->realm_string);
-
-    ret = server_context->db->hdb_open(context,
-				       server_context->db,
-				       O_RDWR | O_CREAT, 0600);
-    if (ret)
-	krb5_err (context, 1, ret, "db->open");
-
-    ret = kadm5_log_init (server_context);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_log_init");
-
-    ret = kadm5_log_foreach (server_context, apply_entry, opt);
-    if(ret)
-	krb5_warn(context, ret, "kadm5_log_foreach");
-    ret = kadm5_log_end (server_context);
-    if (ret)
-	krb5_warn(context, ret, "kadm5_log_end");
-    ret = server_context->db->hdb_close (context, server_context->db);
-    if (ret)
-	krb5_err (context, 1, ret, "db->close");
-
-    return 0;
-}
-
-static int help_flag;
-static int version_flag;
-
-static struct getargs args[] = {
-    { "version", 	0,	arg_flag, 	&version_flag,
-      NULL,		NULL 
-    }, 
-    { "help", 	'h', 	arg_flag, 	&help_flag, 
-      NULL, NULL
-    }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-int
-help(void *opt, int argc, char **argv)
-{
-    if(argc == 0) {
-	sl_help(commands, 1, argv - 1 /* XXX */);
-    } else {
-	SL_cmd *c = sl_match (commands, argv[0], 0);
- 	if(c == NULL) {
-	    fprintf (stderr, "No such command: %s. "
-		     "Try \"help\" for a list of commands\n",
-		     argv[0]);
-	} else {
-	    if(c->func) {
-		char *fake[] = { NULL, "--help", NULL };
-		fake[0] = argv[0];
-		(*c->func)(2, fake);
-		fprintf(stderr, "\n");
-	    }
-	    if(c->help && *c->help)
-		fprintf (stderr, "%s\n", c->help);
-	    if((++c)->name && c->func == NULL) {
-		int f = 0;
-		fprintf (stderr, "Synonyms:");
-		while (c->name && c->func == NULL) {
-		    fprintf (stderr, "%s%s", f ? ", " : " ", (c++)->name);
-		    f = 1;
-		}
-		fprintf (stderr, "\n");
-	    }
-	}
-    }
-    return 0;
-}
-
-static void
-usage(int status)
-{
-    arg_printusage(args, num_args, NULL, "command");
-    exit(status);
-}
-
-int
-main(int argc, char **argv)
-{
-    int optidx = 0;
-    krb5_error_code ret;
-
-    setprogname(argv[0]);
-
-    if(getarg(args, num_args, argc, argv, &optidx))
-	usage(1);
-    if(help_flag)
-	usage(0);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-    argc -= optidx;
-    argv += optidx;
-    if(argc == 0)
-	usage(1);
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx(1, "krb5_init_context failed with: %d\n", ret);
-
-    ret = sl_command(commands, argc, argv);
-    if(ret == -1)
-	warnx ("unrecognized command: %s", argv[0]);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/kadm5/iprop.8 b/crypto/heimdal/lib/kadm5/iprop.8
deleted file mode 100644
index d1e55cc61318..000000000000
--- a/crypto/heimdal/lib/kadm5/iprop.8
+++ /dev/null
@@ -1,223 +0,0 @@
-.\" $Id: iprop.8 21940 2007-09-28 22:28:09Z lha $
-.\" 
-.\" Copyright (c) 2005 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\"
-.Dd May 24, 2005
-.Dt IPROP 8
-.Os Heimdal
-.Sh NAME
-.Nm iprop ,
-.Nm ipropd-master ,
-.Nm ipropd-slave
-.Nd
-propagate changes to a Heimdal Kerberos master KDC to slave KDCs
-.Sh SYNOPSIS
-.Nm ipropd-master
-.Oo Fl c Ar string \*(Ba Xo
-.Fl -config-file= Ns Ar string
-.Xc
-.Oc
-.Oo Fl r Ar string \*(Ba Xo
-.Fl -realm= Ns Ar string
-.Xc
-.Oc
-.Oo Fl k Ar kspec \*(Ba Xo
-.Fl -keytab= Ns Ar kspec
-.Xc
-.Oc
-.Oo Fl d Ar file \*(Ba Xo
-.Fl -database= Ns Ar file
-.Xc
-.Oc
-.Op Fl -slave-stats-file= Ns Ar file
-.Op Fl -time-missing= Ns Ar time
-.Op Fl -time-gone= Ns Ar time
-.Op Fl -detach
-.Op Fl -version
-.Op Fl -help
-.Nm ipropd-slave
-.Oo Fl c Ar string \*(Ba Xo
-.Fl -config-file= Ns Ar string
-.Xc
-.Oc
-.Oo Fl r Ar string \*(Ba Xo
-.Fl -realm= Ns Ar string
-.Xc
-.Oc
-.Oo Fl k Ar kspec \*(Ba Xo
-.Fl -keytab= Ns Ar kspec
-.Xc
-.Oc
-.Op Fl -time-lost= Ns Ar time
-.Op Fl -detach
-.Op Fl -version
-.Op Fl -help
-.Ar master
-.Pp
-.Sh DESCRIPTION
-.Nm ipropd-master
-is used to propagate changes to a Heimdal Kerberos database from the
-master Kerberos server on which it runs to slave Kerberos servers
-running
-.Nm ipropd-slave .
-.Pp
-The slaves are specified by the contents of the
-.Pa slaves
-file in the KDC's database directory, e.g.\&
-.Pa /var/heimdal/slaves .
-This has principals one per-line of the form
-.Dl iprop/ Ns Ar slave Ns @ Ns Ar REALM
-where 
-.Ar slave 
-is the hostname of the slave server in the given 
-.Ar REALM ,
-e.g.\&
-.Dl iprop/kerberos-1.example.com@EXAMPLE.COM
-On a slave, the argument
-.Fa master
-specifies the hostname of the master server from which to receive updates.
-.Pp
-In contrast to
-.Xr hprop 8 ,
-which sends the whole database to the slaves regularly,
-.Nm
-normally sends only the changes as they happen on the master.  The
-master keeps track of all the changes by assigning a version number to
-every change to the database.  The slaves know which was the latest
-version they saw, and in this way it can be determined if they are in
-sync or not.  A log of all the changes is kept on the master.  When a
-slave is at an older version than the oldest one in the log, the whole
-database has to be sent.
-.Pp
-The changes are propagated over a secure channel (on port 2121 by
-default).  This should normally be defined as
-.Dq iprop/tcp
-in
-.Pa /etc/services
-or another source of the services database.  The master and slaves
-must each have access to a keytab with keys for the
-.Nm iprop
-service principal on the local host.
-.Pp
-There is a keep-alive feature logged in the master's
-.Pa slave-stats
-file (e.g.\&
-.Pa /var/heimdal/slave-stats ) .
-.Pp
-Supported options for
-.Nm ipropd-master :
-.Bl -tag -width Ds
-.It Xo
-.Fl c Ar string ,
-.Fl -config-file= Ns Ar string
-.Xc
-.It Xo
-.Fl r Ar string ,
-.Fl -realm= Ns Ar string
-.Xc
-.It Xo
-.Fl k Ar kspec ,
-.Fl -keytab= Ns Ar kspec
-.Xc
-keytab to get authentication from
-.It Xo
-.Fl d Ar file ,
-.Fl -database= Ns Ar file
-.Xc
-Database (default per KDC)
-.It Xo
-.Fl -slave-stats-file= Ns Ar file
-.Xc
-file for slave status information
-.It Xo
-.Fl -time-missing= Ns Ar time
-.Xc
-time before slave is polled for presence (default 2 min)
-.It Xo
-.Fl -time-gone= Ns Ar time
-.Xc
-time of inactivity after which a slave is considered gone (default 5 min)
-.It Xo
-.Fl -detach
-.Xc
-detach from console
-.It Xo
-.Fl -version
-.Xc
-.It Xo
-.Fl -help
-.Xc
-.El
-.Pp
-Supported options for
-.Nm ipropd-slave :
-.Bl -tag -width Ds
-.It Xo
-.Fl c Ar string ,
-.Fl -config-file= Ns Ar string
-.Xc
-.It Xo
-.Fl r Ar string ,
-.Fl -realm= Ns Ar string
-.Xc
-.It Xo
-.Fl k Ar kspec ,
-.Fl -keytab= Ns Ar kspec
-.Xc
-keytab to get authentication from
-.It Xo
-.Fl -time-lost= Ns Ar time
-.Xc
-time before server is considered lost (default 5 min)
-.It Xo
-.Fl -detach
-.Xc
-detach from console
-.It Xo
-.Fl -version
-.Xc
-.It Xo
-.Fl -help
-.Xc
-.El
-Time arguments for the relevant options above may be specified in forms
-like 5 min, 300 s, or simply a number of seconds.
-.Sh FILES
-.Pa slaves ,
-.Pa slave-stats
-in the database directory.
-.Sh SEE ALSO
-.Xr hpropd 8 ,
-.Xr hprop 8 ,
-.Xr krb5.conf 8 , 
-.Xr kdc 8 ,
-.Xr iprop-log 8 .
diff --git a/crypto/heimdal/lib/kadm5/iprop.h b/crypto/heimdal/lib/kadm5/iprop.h
deleted file mode 100644
index beb54142f2bd..000000000000
--- a/crypto/heimdal/lib/kadm5/iprop.h
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright (c) 1998-2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: iprop.h 22211 2007-12-07 19:27:27Z lha $ */
-
-#ifndef __IPROP_H__
-#define __IPROP_H__
-
-#include "kadm5_locl.h"
-#include <getarg.h>
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-#ifdef HAVE_UTIL_H
-#include <util.h>
-#endif
-
-#include <parse_time.h>
-
-#define IPROP_VERSION "iprop-0.0"
-
-#define IPROP_NAME "iprop"
-
-#define IPROP_SERVICE "iprop"
-
-#define IPROP_PORT 2121
-
-enum iprop_cmd { I_HAVE = 1,
-		 FOR_YOU = 2,
-		 TELL_YOU_EVERYTHING = 3,
-		 ONE_PRINC = 4,
-		 NOW_YOU_HAVE = 5,
-		 ARE_YOU_THERE = 6,
-		 I_AM_HERE = 7
-};
-
-extern sig_atomic_t exit_flag;
-void setup_signal(void);
-
-#endif /* __IPROP_H__ */
diff --git a/crypto/heimdal/lib/kadm5/ipropd_common.c b/crypto/heimdal/lib/kadm5/ipropd_common.c
deleted file mode 100644
index e6561596d111..000000000000
--- a/crypto/heimdal/lib/kadm5/ipropd_common.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright (c) 1997 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "iprop.h"
-RCSID("$Id$");
-
-sig_atomic_t exit_flag;
-
-static RETSIGTYPE
-sigterm(int sig)
-{
-    exit_flag = sig;
-}
-
-void
-setup_signal(void)
-{
-#ifdef HAVE_SIGACTION
-    {
-	struct sigaction sa;
-
-	sa.sa_flags = 0;
-	sa.sa_handler = sigterm;
-	sigemptyset(&sa.sa_mask);
-
-	sigaction(SIGINT, &sa, NULL);
-	sigaction(SIGTERM, &sa, NULL);
-	sigaction(SIGXCPU, &sa, NULL);
-
-	sa.sa_handler = SIG_IGN;
-	sigaction(SIGPIPE, &sa, NULL);
-    }
-#else
-    signal(SIGINT, sigterm);
-    signal(SIGTERM, sigterm);
-    signal(SIGXCPU, sigterm);
-    signal(SIGPIPE, SIG_IGN);
-#endif
-}
diff --git a/crypto/heimdal/lib/kadm5/ipropd_master.c b/crypto/heimdal/lib/kadm5/ipropd_master.c
deleted file mode 100644
index bd8f71fd7b3f..000000000000
--- a/crypto/heimdal/lib/kadm5/ipropd_master.c
+++ /dev/null
@@ -1,937 +0,0 @@
-/*
- * Copyright (c) 1997 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "iprop.h"
-#include <rtbl.h>
-
-RCSID("$Id: ipropd_master.c 22211 2007-12-07 19:27:27Z lha $");
-
-static krb5_log_facility *log_facility;
-
-const char *slave_stats_file;
-const char *slave_time_missing = "2 min";
-const char *slave_time_gone = "5 min";
-
-static int time_before_missing;
-static int time_before_gone;
-
-const char *master_hostname;
-
-static int
-make_signal_socket (krb5_context context)
-{
-    struct sockaddr_un addr;
-    const char *fn;
-    int fd;
-
-    fn = kadm5_log_signal_socket(context);
-
-    fd = socket (AF_UNIX, SOCK_DGRAM, 0);
-    if (fd < 0)
-	krb5_err (context, 1, errno, "socket AF_UNIX");
-    memset (&addr, 0, sizeof(addr));
-    addr.sun_family = AF_UNIX;
-    strlcpy (addr.sun_path, fn, sizeof(addr.sun_path));
-    unlink (addr.sun_path);
-    if (bind (fd, (struct sockaddr *)&addr, sizeof(addr)) < 0)
-	krb5_err (context, 1, errno, "bind %s", addr.sun_path);
-    return fd;
-}
-
-static int
-make_listen_socket (krb5_context context, const char *port_str)
-{
-    int fd;
-    int one = 1;
-    struct sockaddr_in addr;
-
-    fd = socket (AF_INET, SOCK_STREAM, 0);
-    if (fd < 0)
-	krb5_err (context, 1, errno, "socket AF_INET");
-    setsockopt (fd, SOL_SOCKET, SO_REUSEADDR, (void *)&one, sizeof(one));
-    memset (&addr, 0, sizeof(addr));
-    addr.sin_family = AF_INET;
-
-    if (port_str) {
-	addr.sin_port = krb5_getportbyname (context,
-					      port_str, "tcp", 
-					      0);
-	if (addr.sin_port == 0) {
-	    char *ptr;
-	    long port;
-
-	    port = strtol (port_str, &ptr, 10);
-	    if (port == 0 && ptr == port_str)
-		krb5_errx (context, 1, "bad port `%s'", port_str);
-	    addr.sin_port = htons(port);
-	}
-    } else {
-	addr.sin_port = krb5_getportbyname (context, IPROP_SERVICE, 
-					    "tcp", IPROP_PORT);
-    }
-    if(bind(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0)
-	krb5_err (context, 1, errno, "bind");
-    if (listen(fd, SOMAXCONN) < 0)
-	krb5_err (context, 1, errno, "listen");
-    return fd;
-}
-
-struct slave {
-    int fd;
-    struct sockaddr_in addr;
-    char *name;
-    krb5_auth_context ac;
-    uint32_t version;
-    time_t seen;
-    unsigned long flags;
-#define SLAVE_F_DEAD	0x1
-#define SLAVE_F_AYT	0x2
-    struct slave *next;
-};
-
-typedef struct slave slave;
-
-static int
-check_acl (krb5_context context, const char *name)
-{
-    const char *fn;
-    FILE *fp;
-    char buf[256];
-    int ret = 1;
-    char *slavefile;
-
-    asprintf(&slavefile, "%s/slaves", hdb_db_dir(context));
-
-    fn = krb5_config_get_string_default(context,
-					NULL,
-					slavefile,
-					"kdc",
-					"iprop-acl",
-					NULL);
-
-    fp = fopen (fn, "r");
-    free(slavefile);
-    if (fp == NULL)
-	return 1;
-    while (fgets(buf, sizeof(buf), fp) != NULL) {
-	buf[strcspn(buf, "\r\n")] = '\0';
-	if (strcmp (buf, name) == 0) {
-	    ret = 0;
-	    break;
-	}
-    }
-    fclose (fp);
-    return ret;
-}
-
-static void
-slave_seen(slave *s)
-{
-    s->flags &= ~SLAVE_F_AYT;
-    s->seen = time(NULL);
-}
-
-static int
-slave_missing_p (slave *s)
-{
-    if (time(NULL) > s->seen + time_before_missing)
-	return 1;
-    return 0;
-}
-
-static int
-slave_gone_p (slave *s)
-{
-    if (time(NULL) > s->seen + time_before_gone)
-	return 1;
-    return 0;
-}
-
-static void
-slave_dead(krb5_context context, slave *s)
-{
-    krb5_warnx(context, "slave %s dead", s->name);
-
-    if (s->fd >= 0) {
-	close (s->fd);
-	s->fd = -1;
-    }
-    s->flags |= SLAVE_F_DEAD;
-    slave_seen(s);
-}
-
-static void
-remove_slave (krb5_context context, slave *s, slave **root)
-{
-    slave **p;
-
-    if (s->fd >= 0)
-	close (s->fd);
-    if (s->name)
-	free (s->name);
-    if (s->ac)
-	krb5_auth_con_free (context, s->ac);
-
-    for (p = root; *p; p = &(*p)->next)
-	if (*p == s) {
-	    *p = s->next;
-	    break;
-	}
-    free (s);
-}
-
-static void
-add_slave (krb5_context context, krb5_keytab keytab, slave **root, int fd)
-{
-    krb5_principal server;
-    krb5_error_code ret;
-    slave *s;
-    socklen_t addr_len;
-    krb5_ticket *ticket = NULL;
-    char hostname[128];
-
-    s = malloc(sizeof(*s));
-    if (s == NULL) {
-	krb5_warnx (context, "add_slave: no memory");
-	return;
-    }
-    s->name = NULL;
-    s->ac = NULL;
-
-    addr_len = sizeof(s->addr);
-    s->fd = accept (fd, (struct sockaddr *)&s->addr, &addr_len);
-    if (s->fd < 0) {
-	krb5_warn (context, errno, "accept");
-	goto error;
-    }
-    if (master_hostname)
-	strlcpy(hostname, master_hostname, sizeof(hostname));
-    else
-	gethostname(hostname, sizeof(hostname));
-
-    ret = krb5_sname_to_principal (context, hostname, IPROP_NAME,
-				   KRB5_NT_SRV_HST, &server);
-    if (ret) {
-	krb5_warn (context, ret, "krb5_sname_to_principal");
-	goto error;
-    }
-
-    ret = krb5_recvauth (context, &s->ac, &s->fd,
-			 IPROP_VERSION, server, 0, keytab, &ticket);
-    krb5_free_principal (context, server);
-    if (ret) {
-	krb5_warn (context, ret, "krb5_recvauth");
-	goto error;
-    }
-    ret = krb5_unparse_name (context, ticket->client, &s->name);
-    if (ret) {
-	krb5_warn (context, ret, "krb5_unparse_name");
-	goto error;
-    }
-    if (check_acl (context, s->name)) {
-	krb5_warnx (context, "%s not in acl", s->name);
-	goto error;
-    }
-    krb5_free_ticket (context, ticket);
-    ticket = NULL;
-
-    {
-	slave *l = *root;
-
-	while (l) {
-	    if (strcmp(l->name, s->name) == 0)
-		break;
-	    l = l->next;
-	}
-	if (l) {
-	    if (l->flags & SLAVE_F_DEAD) {
-		remove_slave(context, l, root);
-	    } else {
-		krb5_warnx (context, "second connection from %s", s->name);
-		goto error;
-	    }
-	}
-    }
-
-    krb5_warnx (context, "connection from %s", s->name);
-
-    s->version = 0;
-    s->flags = 0;
-    slave_seen(s);
-    s->next = *root;
-    *root = s;
-    return;
-error:
-    remove_slave(context, s, root);
-}
-
-struct prop_context {
-    krb5_auth_context auth_context;
-    int fd;
-};
-
-static int
-prop_one (krb5_context context, HDB *db, hdb_entry_ex *entry, void *v)
-{
-    krb5_error_code ret;
-    krb5_storage *sp;
-    krb5_data data;
-    struct slave *s = (struct slave *)v;
-
-    ret = hdb_entry2value (context, &entry->entry, &data);
-    if (ret)
-	return ret;
-    ret = krb5_data_realloc (&data, data.length + 4);
-    if (ret) {
-	krb5_data_free (&data);
-	return ret;
-    }
-    memmove ((char *)data.data + 4, data.data, data.length - 4);
-    sp = krb5_storage_from_data(&data);
-    if (sp == NULL) {
-	krb5_data_free (&data);
-	return ENOMEM;
-    }
-    krb5_store_int32(sp, ONE_PRINC);
-    krb5_storage_free(sp);
-
-    ret = krb5_write_priv_message (context, s->ac, &s->fd, &data);
-    krb5_data_free (&data);
-    return ret;
-}
-
-static int
-send_complete (krb5_context context, slave *s,
-	       const char *database, uint32_t current_version)
-{
-    krb5_error_code ret;
-    krb5_storage *sp;
-    HDB *db;
-    krb5_data data;
-    char buf[8];
-
-    ret = hdb_create (context, &db, database);
-    if (ret)
-	krb5_err (context, 1, ret, "hdb_create: %s", database);
-    ret = db->hdb_open (context, db, O_RDONLY, 0);
-    if (ret)
-	krb5_err (context, 1, ret, "db->open");
-
-    sp = krb5_storage_from_mem (buf, 4);
-    if (sp == NULL)
-	krb5_errx (context, 1, "krb5_storage_from_mem");
-    krb5_store_int32 (sp, TELL_YOU_EVERYTHING);
-    krb5_storage_free (sp);
-
-    data.data   = buf;
-    data.length = 4;
-
-    ret = krb5_write_priv_message(context, s->ac, &s->fd, &data);
-
-    if (ret) {
-	krb5_warn (context, ret, "krb5_write_priv_message");
-	slave_dead(context, s);
-	return ret;
-    }
-
-    ret = hdb_foreach (context, db, 0, prop_one, s);
-    if (ret) {
-	krb5_warn (context, ret, "hdb_foreach");
-	slave_dead(context, s);
-	return ret;
-    }
-
-    (*db->hdb_close)(context, db);
-    (*db->hdb_destroy)(context, db);
-
-    sp = krb5_storage_from_mem (buf, 8);
-    if (sp == NULL)
-	krb5_errx (context, 1, "krb5_storage_from_mem");
-    krb5_store_int32 (sp, NOW_YOU_HAVE);
-    krb5_store_int32 (sp, current_version);
-    krb5_storage_free (sp);
-
-    data.length = 8;
-
-    s->version = current_version;
-
-    ret = krb5_write_priv_message(context, s->ac, &s->fd, &data);
-    if (ret) {
-	slave_dead(context, s);
-	krb5_warn (context, ret, "krb5_write_priv_message");
-	return ret;
-    }
-
-    slave_seen(s);
-
-    return 0;
-}
-
-static int
-send_are_you_there (krb5_context context, slave *s)
-{
-    krb5_storage *sp;
-    krb5_data data;
-    char buf[4];
-    int ret;
-
-    if (s->flags & (SLAVE_F_DEAD|SLAVE_F_AYT))
-	return 0;
-
-    s->flags |= SLAVE_F_AYT;
-
-    data.data = buf;
-    data.length = 4;
-
-    sp = krb5_storage_from_mem (buf, 4);
-    if (sp == NULL) {
-	krb5_warnx (context, "are_you_there: krb5_data_alloc");
-	slave_dead(context, s);
-	return 1;
-    }
-    krb5_store_int32 (sp, ARE_YOU_THERE);
-    krb5_storage_free (sp);
-
-    ret = krb5_write_priv_message(context, s->ac, &s->fd, &data);
-
-    if (ret) {
-	krb5_warn (context, ret, "are_you_there: krb5_write_priv_message");
-	slave_dead(context, s);
-	return 1;
-    }
-
-    return 0;
-}
-
-static int
-send_diffs (krb5_context context, slave *s, int log_fd,
-	    const char *database, uint32_t current_version)
-{
-    krb5_storage *sp;
-    uint32_t ver;
-    time_t timestamp;
-    enum kadm_ops op;
-    uint32_t len;
-    off_t right, left;
-    krb5_data data;
-    int ret = 0;
-
-    if (s->version == current_version) {
-	krb5_warnx(context, "slave %s in sync already at version %ld",
-		   s->name, (long)s->version);
-	return 0;
-    }
-
-    if (s->flags & SLAVE_F_DEAD)
-	return 0;
-
-    /* if slave is a fresh client, starting over */
-    if (s->version == 0) {
-	krb5_warnx(context, "sending complete log to fresh slave %s",
-		   s->name);
-	return send_complete (context, s, database, current_version);
-    }
-
-    sp = kadm5_log_goto_end (log_fd);
-    right = krb5_storage_seek(sp, 0, SEEK_CUR);
-    for (;;) {
-	ret = kadm5_log_previous (context, sp, &ver, &timestamp, &op, &len);
-	if (ret)
-	    krb5_err(context, 1, ret, 
-		     "send_diffs: failed to find previous entry");
-	left = krb5_storage_seek(sp, -16, SEEK_CUR);
-	if (ver == s->version)
-	    return 0;
-	if (ver == s->version + 1)
-	    break;
-	if (left == 0) {
-	    krb5_warnx(context,
-		       "slave %s (version %lu) out of sync with master "
-		       "(first version in log %lu), sending complete database",
-		       s->name, (unsigned long)s->version, (unsigned long)ver);
-	    return send_complete (context, s, database, current_version);
-	}
-    }
-
-    krb5_warnx(context,
-	       "syncing slave %s from version %lu to version %lu",
-	       s->name, (unsigned long)s->version,
-	       (unsigned long)current_version);
-
-    ret = krb5_data_alloc (&data, right - left + 4);
-    if (ret) {
-	krb5_warn (context, ret, "send_diffs: krb5_data_alloc");
-	slave_dead(context, s);
-	return 1;
-    }
-    krb5_storage_read (sp, (char *)data.data + 4, data.length - 4);
-    krb5_storage_free(sp);
-
-    sp = krb5_storage_from_data (&data);
-    if (sp == NULL) {
-	krb5_warnx (context, "send_diffs: krb5_storage_from_data");
-	slave_dead(context, s);
-	return 1;
-    }
-    krb5_store_int32 (sp, FOR_YOU);
-    krb5_storage_free(sp);
-
-    ret = krb5_write_priv_message(context, s->ac, &s->fd, &data);
-    krb5_data_free(&data);
-
-    if (ret) {
-	krb5_warn (context, ret, "send_diffs: krb5_write_priv_message");
-	slave_dead(context, s);
-	return 1;
-    }
-    slave_seen(s);
-
-    s->version = current_version;
-
-    return 0;
-}
-
-static int
-process_msg (krb5_context context, slave *s, int log_fd,
-	     const char *database, uint32_t current_version)
-{
-    int ret = 0;
-    krb5_data out;
-    krb5_storage *sp;
-    int32_t tmp;
-
-    ret = krb5_read_priv_message(context, s->ac, &s->fd, &out);
-    if(ret) {
-	krb5_warn (context, ret, "error reading message from %s", s->name);
-	return 1;
-    }
-
-    sp = krb5_storage_from_mem (out.data, out.length);
-    if (sp == NULL) {
-	krb5_warnx (context, "process_msg: no memory");
-	krb5_data_free (&out);
-	return 1;
-    }
-    if (krb5_ret_int32 (sp, &tmp) != 0) {
-	krb5_warnx (context, "process_msg: client send too short command");
-	krb5_data_free (&out);
-	return 1;
-    }
-    switch (tmp) {
-    case I_HAVE :
-	ret = krb5_ret_int32 (sp, &tmp);
-	if (ret != 0) {
-	    krb5_warnx (context, "process_msg: client send too I_HAVE data");
-	    break;
-	}
-	/* new started slave that have old log */
-	if (s->version == 0 && tmp != 0) {
-	    if (s->version < tmp) {
-		krb5_warnx (context, "Slave %s have later version the master "
-			    "OUT OF SYNC", s->name);
-	    } else {
-		s->version = tmp;
-	    }
-	}
-	if (tmp < s->version) {
-	    krb5_warnx (context, "Slave claims to not have "
-			"version we already sent to it");
-	} else {
-	    ret = send_diffs (context, s, log_fd, database, current_version);
-	}
-	break;
-    case I_AM_HERE :
-	break;
-    case ARE_YOU_THERE:
-    case FOR_YOU :
-    default :
-	krb5_warnx (context, "Ignoring command %d", tmp);
-	break;
-    }
-
-    krb5_data_free (&out);
-
-    slave_seen(s);
-
-    return ret;
-}
-
-#define SLAVE_NAME	"Name"
-#define SLAVE_ADDRESS	"Address"
-#define SLAVE_VERSION	"Version"
-#define SLAVE_STATUS	"Status"
-#define SLAVE_SEEN	"Last Seen"
-
-static FILE *
-open_stats(krb5_context context)
-{
-    char *statfile = NULL;
-    const char *fn;
-    FILE *f;
-
-    if (slave_stats_file)
-	fn = slave_stats_file;
-    else {
-	asprintf(&statfile,  "%s/slaves-stats", hdb_db_dir(context));
-	fn = krb5_config_get_string_default(context,
-					    NULL,
-					    statfile,
-					    "kdc",
-					    "iprop-stats",
-					    NULL);
-    }
-    f = fopen(fn, "w");
-    if (statfile)
-	free(statfile);
-
-    return f;
-}
-
-static void
-write_master_down(krb5_context context)
-{
-    char str[100];
-    time_t t = time(NULL);
-    FILE *fp;
-
-    fp = open_stats(context);
-    if (fp == NULL)
-	return;
-    krb5_format_time(context, t, str, sizeof(str), TRUE); 
-    fprintf(fp, "master down at %s\n", str);
-
-    fclose(fp);
-}
-
-static void
-write_stats(krb5_context context, slave *slaves, uint32_t current_version)
-{
-    char str[100];
-    rtbl_t tbl;
-    time_t t = time(NULL);
-    FILE *fp;
-
-    fp = open_stats(context);
-    if (fp == NULL)
-	return;
-
-    krb5_format_time(context, t, str, sizeof(str), TRUE); 
-    fprintf(fp, "Status for slaves, last updated: %s\n\n", str);
-
-    fprintf(fp, "Master version: %lu\n\n", (unsigned long)current_version);
-
-    tbl = rtbl_create();
-    if (tbl == NULL) {
-	fclose(fp);
-	return;
-    }
-
-    rtbl_add_column(tbl, SLAVE_NAME, 0);
-    rtbl_add_column(tbl, SLAVE_ADDRESS, 0);
-    rtbl_add_column(tbl, SLAVE_VERSION, RTBL_ALIGN_RIGHT);
-    rtbl_add_column(tbl, SLAVE_STATUS, 0);
-    rtbl_add_column(tbl, SLAVE_SEEN, 0);
-
-    rtbl_set_prefix(tbl, "  ");
-    rtbl_set_column_prefix(tbl, SLAVE_NAME, "");
-
-    while (slaves) {
-	krb5_address addr;
-	krb5_error_code ret;
-	rtbl_add_column_entry(tbl, SLAVE_NAME, slaves->name);
-	ret = krb5_sockaddr2address (context, 
-				     (struct sockaddr*)&slaves->addr, &addr);
-	if(ret == 0) {
-	    krb5_print_address(&addr, str, sizeof(str), NULL);
-	    krb5_free_address(context, &addr);
-	    rtbl_add_column_entry(tbl, SLAVE_ADDRESS, str);
-	} else
-	    rtbl_add_column_entry(tbl, SLAVE_ADDRESS, "<unknown>");
-	
-	snprintf(str, sizeof(str), "%u", (unsigned)slaves->version);
-	rtbl_add_column_entry(tbl, SLAVE_VERSION, str);
-
-	if (slaves->flags & SLAVE_F_DEAD)
-	    rtbl_add_column_entry(tbl, SLAVE_STATUS, "Down");
-	else
-	    rtbl_add_column_entry(tbl, SLAVE_STATUS, "Up");
-
-	ret = krb5_format_time(context, slaves->seen, str, sizeof(str), TRUE); 
-	rtbl_add_column_entry(tbl, SLAVE_SEEN, str);
-
-	slaves = slaves->next;
-    }
-
-    rtbl_format(tbl, fp);
-    rtbl_destroy(tbl);
-
-    fclose(fp);
-}
-
-
-static char *realm;
-static int version_flag;
-static int help_flag;
-static char *keytab_str = "HDB:";
-static char *database;
-static char *config_file;
-static char *port_str;
-static int detach_from_console = 0;
-
-static struct getargs args[] = {
-    { "config-file", 'c', arg_string, &config_file },
-    { "realm", 'r', arg_string, &realm },
-    { "keytab", 'k', arg_string, &keytab_str,
-      "keytab to get authentication from", "kspec" },
-    { "database", 'd', arg_string, &database, "database", "file"},
-    { "slave-stats-file", 0, arg_string, &slave_stats_file, 
-      "file for slave status information", "file"},
-    { "time-missing", 0, arg_string, &slave_time_missing, 
-      "time before slave is polled for presence", "time"},
-    { "time-gone", 0, arg_string, &slave_time_gone,
-      "time of inactivity after which a slave is considered gone", "time"},
-    { "port", 0, arg_string, &port_str,
-      "port ipropd will listen to", "port"},
-    { "detach", 0, arg_flag, &detach_from_console, 
-      "detach from console" },
-    { "hostname", 0, arg_string, &master_hostname, 
-      "hostname of master (if not same as hostname)", "hostname" },
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 0, arg_flag, &help_flag }
-};
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-int
-main(int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_context context;
-    void *kadm_handle;
-    kadm5_server_context *server_context;
-    kadm5_config_params conf;
-    int signal_fd, listen_fd;
-    int log_fd;
-    slave *slaves = NULL;
-    uint32_t current_version = 0, old_version = 0;
-    krb5_keytab keytab;
-    int optidx;
-    char **files;
-    
-    optidx = krb5_program_setup(&context, argc, argv, args, num_args, NULL);
-    
-    if(help_flag)
-	krb5_std_usage(0, args, num_args);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    setup_signal();
-
-    if (config_file == NULL) {
-	asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context));
-	if (config_file == NULL)
-	    errx(1, "out of memory");
-    }
-
-    ret = krb5_prepend_config_files_default(config_file, &files);
-    if (ret)
-	krb5_err(context, 1, ret, "getting configuration files");
-
-    ret = krb5_set_config_files(context, files);
-    krb5_free_config_files(files);
-    if (ret)
-	krb5_err(context, 1, ret, "reading configuration files");
-
-    time_before_gone = parse_time (slave_time_gone,  "s");
-    if (time_before_gone < 0)
-	krb5_errx (context, 1, "couldn't parse time: %s", slave_time_gone);
-    time_before_missing = parse_time (slave_time_missing,  "s");
-    if (time_before_missing < 0)
-	krb5_errx (context, 1, "couldn't parse time: %s", slave_time_missing);
-
-    if (detach_from_console)
-	daemon(0, 0);
-    pidfile (NULL);
-    krb5_openlog (context, "ipropd-master", &log_facility);
-    krb5_set_warn_dest(context, log_facility);
-
-    ret = krb5_kt_register(context, &hdb_kt_ops);
-    if(ret)
-	krb5_err(context, 1, ret, "krb5_kt_register");
-
-    ret = krb5_kt_resolve(context, keytab_str, &keytab);
-    if(ret)
-	krb5_err(context, 1, ret, "krb5_kt_resolve: %s", keytab_str);
-    
-    memset(&conf, 0, sizeof(conf));
-    if(realm) {
-	conf.mask |= KADM5_CONFIG_REALM;
-	conf.realm = realm;
-    }
-    ret = kadm5_init_with_skey_ctx (context,
-				    KADM5_ADMIN_SERVICE,
-				    NULL,
-				    KADM5_ADMIN_SERVICE,
-				    &conf, 0, 0, 
-				    &kadm_handle);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_init_with_password_ctx");
-
-    server_context = (kadm5_server_context *)kadm_handle;
-
-    log_fd = open (server_context->log_context.log_file, O_RDONLY, 0);
-    if (log_fd < 0)
-	krb5_err (context, 1, errno, "open %s",
-		  server_context->log_context.log_file);
-
-    signal_fd = make_signal_socket (context);
-    listen_fd = make_listen_socket (context, port_str);
-
-    kadm5_log_get_version_fd (log_fd, &current_version);
-
-    krb5_warnx(context, "ipropd-master started at version: %lu", 
-	       (unsigned long)current_version);
-
-    while(exit_flag == 0){
-	slave *p;
-	fd_set readset;
-	int max_fd = 0;
-	struct timeval to = {30, 0};
-	uint32_t vers;
-
-	if (signal_fd >= FD_SETSIZE || listen_fd >= FD_SETSIZE)
-	    krb5_errx (context, 1, "fd too large");
-
-	FD_ZERO(&readset);
-	FD_SET(signal_fd, &readset);
-	max_fd = max(max_fd, signal_fd);
-	FD_SET(listen_fd, &readset);
-	max_fd = max(max_fd, listen_fd);
-
-	for (p = slaves; p != NULL; p = p->next) {
-	    if (p->flags & SLAVE_F_DEAD)
-		continue;
-	    FD_SET(p->fd, &readset);
-	    max_fd = max(max_fd, p->fd);
-	}
-
-	ret = select (max_fd + 1,
-		      &readset, NULL, NULL, &to);
-	if (ret < 0) {
-	    if (errno == EINTR)
-		continue;
-	    else
-		krb5_err (context, 1, errno, "select");
-	}
-
-	if (ret == 0) {
-	    old_version = current_version;
-	    kadm5_log_get_version_fd (log_fd, &current_version);
-
-	    if (current_version > old_version) {
-		krb5_warnx(context, 
-			   "Missed a signal, updating slaves %lu to %lu",
-			   (unsigned long)old_version,
-			   (unsigned long)current_version);
-		for (p = slaves; p != NULL; p = p->next) {
-		    if (p->flags & SLAVE_F_DEAD)
-			continue;
-		    send_diffs (context, p, log_fd, database, current_version);
-		}
-	    }
-	}
-
-	if (ret && FD_ISSET(signal_fd, &readset)) {
-	    struct sockaddr_un peer_addr;
-	    socklen_t peer_len = sizeof(peer_addr);
-
-	    if(recvfrom(signal_fd, (void *)&vers, sizeof(vers), 0,
-			(struct sockaddr *)&peer_addr, &peer_len) < 0) {
-		krb5_warn (context, errno, "recvfrom");
-		continue;
-	    }
-	    --ret;
-	    assert(ret >= 0);
-	    old_version = current_version;
-	    kadm5_log_get_version_fd (log_fd, &current_version);
-	    if (current_version > old_version) {
-		krb5_warnx(context, 
-			   "Got a signal, updating slaves %lu to %lu",
-			   (unsigned long)old_version,
-			   (unsigned long)current_version);
-		for (p = slaves; p != NULL; p = p->next)
-		    send_diffs (context, p, log_fd, database, current_version);
-	    } else {
-		krb5_warnx(context, 
-			   "Got a signal, but no update in log version %lu",
-			   (unsigned long)current_version);
-	    }
-        }
-
-	for(p = slaves; p != NULL; p = p->next) {
-	    if (p->flags & SLAVE_F_DEAD)
-	        continue;
-	    if (ret && FD_ISSET(p->fd, &readset)) {
-		--ret;
-		assert(ret >= 0);
-		if(process_msg (context, p, log_fd, database, current_version))
-		    slave_dead(context, p);
-	    } else if (slave_gone_p (p))
-		slave_dead(context, p);
-	    else if (slave_missing_p (p)) {
-		krb5_warnx(context, "slave %s missing, sending AYT", p->name);
-		send_are_you_there (context, p);
-	    }
-	}
-
-	if (ret && FD_ISSET(listen_fd, &readset)) {
-	    add_slave (context, keytab, &slaves, listen_fd);
-	    --ret;
-	    assert(ret >= 0);
-	}
-	write_stats(context, slaves, current_version);
-    }
-
-    if(exit_flag == SIGXCPU)
-	krb5_warnx(context, "%s CPU time limit exceeded", getprogname());
-    else if(exit_flag == SIGINT || exit_flag == SIGTERM)
-	krb5_warnx(context, "%s terminated", getprogname());
-    else
-	krb5_warnx(context, "%s unexpected exit reason: %d", 
-		   getprogname(), exit_flag);
-
-    write_master_down(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/ipropd_slave.c b/crypto/heimdal/lib/kadm5/ipropd_slave.c
deleted file mode 100644
index 482a3f7a4095..000000000000
--- a/crypto/heimdal/lib/kadm5/ipropd_slave.c
+++ /dev/null
@@ -1,632 +0,0 @@
-/*
- * Copyright (c) 1997 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "iprop.h"
-
-RCSID("$Id: ipropd_slave.c 22211 2007-12-07 19:27:27Z lha $");
-
-static krb5_log_facility *log_facility;
-static char *server_time_lost = "5 min";
-static int time_before_lost;
-const char *slave_str = NULL;
-
-static int
-connect_to_master (krb5_context context, const char *master,
-		   const char *port_str)
-{
-    int fd;
-    struct sockaddr_in addr;
-    struct hostent *he;
-
-    fd = socket (AF_INET, SOCK_STREAM, 0);
-    if (fd < 0)
-	krb5_err (context, 1, errno, "socket AF_INET");
-    memset (&addr, 0, sizeof(addr));
-    addr.sin_family = AF_INET;
-    if (port_str) {
-	addr.sin_port = krb5_getportbyname (context,
-					    port_str, "tcp", 
-					    0);
-	if (addr.sin_port == 0) {
-	    char *ptr;
-	    long port;
-	    
-	    port = strtol (port_str, &ptr, 10);
-	    if (port == 0 && ptr == port_str)
-		krb5_errx (context, 1, "bad port `%s'", port_str);
-	    addr.sin_port = htons(port);
-	}
-    } else {
-	addr.sin_port = krb5_getportbyname (context, IPROP_SERVICE, 
-					    "tcp", IPROP_PORT);
-    }
-    he = roken_gethostbyname (master);
-    if (he == NULL)
-	krb5_errx (context, 1, "gethostbyname: %s", hstrerror(h_errno));
-    memcpy (&addr.sin_addr, he->h_addr, sizeof(addr.sin_addr));
-    if(connect(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0)
-	krb5_err (context, 1, errno, "connect");
-    return fd;
-}
-
-static void
-get_creds(krb5_context context, const char *keytab_str,
-	  krb5_ccache *cache, const char *serverhost)
-{
-    krb5_keytab keytab;
-    krb5_principal client;
-    krb5_error_code ret;
-    krb5_get_init_creds_opt *init_opts;
-    krb5_creds creds;
-    char *server;
-    char keytab_buf[256];
-    
-    if (keytab_str == NULL) {
-	ret = krb5_kt_default_name (context, keytab_buf, sizeof(keytab_buf));
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_kt_default_name");
-	keytab_str = keytab_buf;
-    }
-
-    ret = krb5_kt_resolve(context, keytab_str, &keytab);
-    if(ret)
-	krb5_err(context, 1, ret, "%s", keytab_str);
-    
-
-    ret = krb5_sname_to_principal (context, slave_str, IPROP_NAME,
-				   KRB5_NT_SRV_HST, &client);
-    if (ret) krb5_err(context, 1, ret, "krb5_sname_to_principal");
-
-    ret = krb5_get_init_creds_opt_alloc(context, &init_opts);
-    if (ret) krb5_err(context, 1, ret, "krb5_get_init_creds_opt_alloc");
-
-    asprintf (&server, "%s/%s", IPROP_NAME, serverhost);
-    if (server == NULL)
-	krb5_errx (context, 1, "malloc: no memory");
-
-    ret = krb5_get_init_creds_keytab(context, &creds, client, keytab,
-				     0, server, init_opts);
-    free (server);
-    krb5_get_init_creds_opt_free(context, init_opts);
-    if(ret) krb5_err(context, 1, ret, "krb5_get_init_creds");
-    
-    ret = krb5_kt_close(context, keytab);
-    if(ret) krb5_err(context, 1, ret, "krb5_kt_close");
-    
-    ret = krb5_cc_gen_new(context, &krb5_mcc_ops, cache);
-    if(ret) krb5_err(context, 1, ret, "krb5_cc_gen_new");
-
-    ret = krb5_cc_initialize(context, *cache, client);
-    if(ret) krb5_err(context, 1, ret, "krb5_cc_initialize");
-
-    ret = krb5_cc_store_cred(context, *cache, &creds);
-    if(ret) krb5_err(context, 1, ret, "krb5_cc_store_cred");
-}
-
-static void
-ihave (krb5_context context, krb5_auth_context auth_context,
-       int fd, uint32_t version)
-{
-    int ret;
-    u_char buf[8];
-    krb5_storage *sp;
-    krb5_data data;
-
-    sp = krb5_storage_from_mem (buf, 8);
-    krb5_store_int32 (sp, I_HAVE);
-    krb5_store_int32 (sp, version);
-    krb5_storage_free (sp);
-    data.length = 8;
-    data.data   = buf;
-    
-    ret = krb5_write_priv_message(context, auth_context, &fd, &data);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_write_priv_message");
-}
-
-static void
-receive_loop (krb5_context context,
-	      krb5_storage *sp,
-	      kadm5_server_context *server_context)
-{
-    int ret;
-    off_t left, right;
-    void *buf;
-    int32_t vers, vers2;
-    ssize_t sret;
-
-    /*
-     * Seek to the current version of the local database.
-     */
-    do {
-	int32_t len, timestamp, tmp;
-	enum kadm_ops op;
-
-	if(krb5_ret_int32 (sp, &vers) != 0)
-	    return;
-	krb5_ret_int32 (sp, &timestamp);
-	krb5_ret_int32 (sp, &tmp);
-	op = tmp;
-	krb5_ret_int32 (sp, &len);
-	if (vers <= server_context->log_context.version)
-	    krb5_storage_seek(sp, len + 8, SEEK_CUR);
-    } while(vers <= server_context->log_context.version);
-
-    /*
-     * Read up rest of the entires into the memory...
-     */
-    left  = krb5_storage_seek (sp, -16, SEEK_CUR);
-    right = krb5_storage_seek (sp, 0, SEEK_END);
-    buf = malloc (right - left);
-    if (buf == NULL && (right - left) != 0)
-	krb5_errx (context, 1, "malloc: no memory");
-
-    /*
-     * ...and then write them out to the on-disk log.
-     */
-    krb5_storage_seek (sp, left, SEEK_SET);
-    krb5_storage_read (sp, buf, right - left);
-    sret = write (server_context->log_context.log_fd, buf, right-left);
-    if (sret != right - left)
-	krb5_err(context, 1, errno, "Failed to write log to disk");
-    ret = fsync (server_context->log_context.log_fd);
-    if (ret)
-	krb5_err(context, 1, errno, "Failed to sync log to disk");
-    free (buf);
-
-    /*
-     * Go back to the startpoint and start to commit the entires to
-     * the database.
-     */
-    krb5_storage_seek (sp, left, SEEK_SET);
-
-    for(;;) {
-	int32_t len, len2, timestamp, tmp;
-	off_t cur, cur2;
-	enum kadm_ops op;
-
-	if(krb5_ret_int32 (sp, &vers) != 0)
-	    break;
-	ret = krb5_ret_int32 (sp, &timestamp);
-	if (ret) krb5_errx(context, 1, "entry %ld: too short", (long)vers);
-	ret = krb5_ret_int32 (sp, &tmp);
-	if (ret) krb5_errx(context, 1, "entry %ld: too short", (long)vers);
-	op = tmp;
-	ret = krb5_ret_int32 (sp, &len);
-	if (ret) krb5_errx(context, 1, "entry %ld: too short", (long)vers);
-	if (len < 0)
-	    krb5_errx(context, 1, "log is corrupted, "
-			"negative length of entry version %ld: %ld",
-			(long)vers, (long)len);
-	cur = krb5_storage_seek(sp, 0, SEEK_CUR);
-
-	krb5_warnx (context, "replaying entry %d", (int)vers);
-
-	ret = kadm5_log_replay (server_context,
-				op, vers, len, sp);
-	if (ret) {
-	    char *s = krb5_get_error_message(server_context->context, ret);
-	    krb5_warnx (context,
-		       "kadm5_log_replay: %ld. Lost entry entry, "
-		       "Database out of sync ?: %s (%d)",
-			(long)vers, s ? s : "unknown error", ret);
-	    krb5_xfree(s);
-	}
-
-	{
-	    /* 
-	     * Make sure the krb5_log_replay does the right thing wrt
-	     * reading out data from the sp.
-	     */
-	    cur2 = krb5_storage_seek(sp, 0, SEEK_CUR);
-	    if (cur + len != cur2)
-		krb5_errx(context, 1, 
-			  "kadm5_log_reply version: %ld didn't read the whole entry",
-			  (long)vers);
-	}
-
-	if (krb5_ret_int32 (sp, &len2) != 0)
-	    krb5_errx(context, 1, "entry %ld: postamble too short", (long)vers);
-	if(krb5_ret_int32 (sp, &vers2) != 0)
-	    krb5_errx(context, 1, "entry %ld: postamble too short", (long)vers);
-
-	if (len != len2)
-	    krb5_errx(context, 1, "entry %ld: len != len2", (long)vers);
-	if (vers != vers2)
-	    krb5_errx(context, 1, "entry %ld: vers != vers2", (long)vers);
-    }
-
-    /*
-     * Update version
-     */
-
-    server_context->log_context.version = vers;
-}
-
-static void
-receive (krb5_context context,
-	 krb5_storage *sp,
-	 kadm5_server_context *server_context)
-{
-    int ret;
-
-    ret = server_context->db->hdb_open(context,
-				       server_context->db,
-				       O_RDWR | O_CREAT, 0600);
-    if (ret)
-	krb5_err (context, 1, ret, "db->open");
-
-    receive_loop (context, sp, server_context);
-
-    ret = server_context->db->hdb_close (context, server_context->db);
-    if (ret)
-	krb5_err (context, 1, ret, "db->close");
-}
-
-static void
-send_im_here (krb5_context context, int fd,
-	      krb5_auth_context auth_context)
-{
-    krb5_storage *sp;
-    krb5_data data;
-    int ret;
-
-    ret = krb5_data_alloc (&data, 4);
-    if (ret)
-	krb5_err (context, 1, ret, "send_im_here");
-
-    sp = krb5_storage_from_data (&data);
-    if (sp == NULL)
-	krb5_errx (context, 1, "krb5_storage_from_data");
-    krb5_store_int32(sp, I_AM_HERE);
-    krb5_storage_free(sp);
-
-    ret = krb5_write_priv_message(context, auth_context, &fd, &data);
-    krb5_data_free(&data);
-
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_write_priv_message");
-}
-
-static void
-receive_everything (krb5_context context, int fd,
-		    kadm5_server_context *server_context,
-		    krb5_auth_context auth_context)
-{
-    int ret;
-    krb5_data data;
-    int32_t vno;
-    int32_t opcode;
-    krb5_storage *sp;
-
-    char *dbname;
-    HDB *mydb;
-  
-    krb5_warnx(context, "receive complete database");
-
-    asprintf(&dbname, "%s-NEW", server_context->db->hdb_name);
-    ret = hdb_create(context, &mydb, dbname);
-    if(ret)
-	krb5_err(context,1, ret, "hdb_create");
-    free(dbname);
- 
-    ret = hdb_set_master_keyfile (context,
-				  mydb, server_context->config.stash_file);
-    if(ret)
-	krb5_err(context,1, ret, "hdb_set_master_keyfile");
- 
-    /* I really want to use O_EXCL here, but given that I can't easily clean
-       up on error, I won't */
-    ret = mydb->hdb_open(context, mydb, O_RDWR | O_CREAT | O_TRUNC, 0600);
-    if (ret)
-	krb5_err (context, 1, ret, "db->open");
-
-    sp = NULL;
-    do {
-	ret = krb5_read_priv_message(context, auth_context, &fd, &data);
-
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_read_priv_message");
-
-	sp = krb5_storage_from_data (&data);
-	if (sp == NULL)
-	    krb5_errx (context, 1, "krb5_storage_from_data");
-	krb5_ret_int32 (sp, &opcode);
-	if (opcode == ONE_PRINC) {
-	    krb5_data fake_data;
-	    hdb_entry_ex entry;
-
-	    krb5_storage_free(sp);
-
-	    fake_data.data   = (char *)data.data + 4;
-	    fake_data.length = data.length - 4;
-
-	    memset(&entry, 0, sizeof(entry));
-
-	    ret = hdb_value2entry (context, &fake_data, &entry.entry);
-	    if (ret)
-		krb5_err (context, 1, ret, "hdb_value2entry");
-	    ret = mydb->hdb_store(server_context->context,
-				  mydb,
-				  0, &entry);
-	    if (ret)
-		krb5_err (context, 1, ret, "hdb_store");
-
-	    hdb_free_entry (context, &entry);
-	    krb5_data_free (&data);
-	} else if (opcode == NOW_YOU_HAVE)
-	    ;
-	else
-	    krb5_errx (context, 1, "strange opcode %d", opcode);
-    } while (opcode == ONE_PRINC);
-
-    if (opcode != NOW_YOU_HAVE)
-	krb5_errx (context, 1, "receive_everything: strange %d", opcode);
-
-    krb5_ret_int32 (sp, &vno);
-    krb5_storage_free(sp);
-
-    ret = kadm5_log_reinit (server_context);
-    if (ret)
-	krb5_err(context, 1, ret, "kadm5_log_reinit");
-
-    ret = kadm5_log_set_version (server_context, vno - 1);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_log_set_version");
-
-    ret = kadm5_log_nop (server_context);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_log_nop");
-
-    krb5_data_free (&data);
-
-    ret = mydb->hdb_rename (context, mydb, server_context->db->hdb_name);
-    if (ret)
-	krb5_err (context, 1, ret, "db->rename");
-
-    ret = mydb->hdb_close (context, mydb);
-    if (ret)
-	krb5_err (context, 1, ret, "db->close");
-
-    ret = mydb->hdb_destroy (context, mydb);
-    if (ret)
-	krb5_err (context, 1, ret, "db->destroy");
-
-    krb5_warnx(context, "receive complete database, version %ld", (long)vno);
-}
-
-static char *config_file;
-static char *realm;
-static int version_flag;
-static int help_flag;
-static char *keytab_str;
-static char *port_str;
-static int detach_from_console = 0;
-
-static struct getargs args[] = {
-    { "config-file", 'c', arg_string, &config_file },
-    { "realm", 'r', arg_string, &realm },
-    { "keytab", 'k', arg_string, &keytab_str,
-      "keytab to get authentication from", "kspec" },
-    { "time-lost", 0, arg_string, &server_time_lost,
-      "time before server is considered lost", "time" },
-    { "port", 0, arg_string, &port_str,
-      "port ipropd-slave will connect to", "port"},
-    { "detach", 0, arg_flag, &detach_from_console, 
-      "detach from console" },
-    { "hostname", 0, arg_string, &slave_str, 
-      "hostname of slave (if not same as hostname)", "hostname" },
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 0, arg_flag, &help_flag }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-int
-main(int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_context context;
-    krb5_auth_context auth_context;
-    void *kadm_handle;
-    kadm5_server_context *server_context;
-    kadm5_config_params conf;
-    int master_fd;
-    krb5_ccache ccache;
-    krb5_principal server;
-    char **files;
-    int optidx;
-
-    const char *master;
-    
-    optidx = krb5_program_setup(&context, argc, argv, args, num_args, NULL);
-    
-    if(help_flag)
-	krb5_std_usage(0, args, num_args);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    setup_signal();
-
-    if (config_file == NULL) {
-	asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context));
-	if (config_file == NULL)
-	    errx(1, "out of memory");
-    }
-
-    ret = krb5_prepend_config_files_default(config_file, &files);
-    if (ret)
-	krb5_err(context, 1, ret, "getting configuration files");
-
-    ret = krb5_set_config_files(context, files);
-    krb5_free_config_files(files);
-    if (ret)
-	krb5_err(context, 1, ret, "reading configuration files");
-
-    argc -= optidx;
-    argv += optidx;
-
-    if (argc != 1)
-	krb5_std_usage(1, args, num_args);
-
-    master = argv[0];
-
-    if (detach_from_console)
-	daemon(0, 0);
-    pidfile (NULL);
-    krb5_openlog (context, "ipropd-slave", &log_facility);
-    krb5_set_warn_dest(context, log_facility);
-
-    ret = krb5_kt_register(context, &hdb_kt_ops);
-    if(ret)
-	krb5_err(context, 1, ret, "krb5_kt_register");
-
-    time_before_lost = parse_time (server_time_lost,  "s");
-    if (time_before_lost < 0)
-	krb5_errx (context, 1, "couldn't parse time: %s", server_time_lost);
-
-    memset(&conf, 0, sizeof(conf));
-    if(realm) {
-	conf.mask |= KADM5_CONFIG_REALM;
-	conf.realm = realm;
-    }
-    ret = kadm5_init_with_password_ctx (context,
-					KADM5_ADMIN_SERVICE,
-					NULL,
-					KADM5_ADMIN_SERVICE,
-					&conf, 0, 0, 
-					&kadm_handle);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_init_with_password_ctx");
-
-    server_context = (kadm5_server_context *)kadm_handle;
-
-    ret = kadm5_log_init (server_context);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_log_init");
-
-    get_creds(context, keytab_str, &ccache, master);
-
-    master_fd = connect_to_master (context, master, port_str);
-
-    ret = krb5_sname_to_principal (context, master, IPROP_NAME,
-				   KRB5_NT_SRV_HST, &server);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_sname_to_principal");
-
-    auth_context = NULL;
-    ret = krb5_sendauth (context, &auth_context, &master_fd,
-			 IPROP_VERSION, NULL, server,
-			 AP_OPTS_MUTUAL_REQUIRED, NULL, NULL,
-			 ccache, NULL, NULL, NULL);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_sendauth");
-
-    krb5_warnx(context, "ipropd-slave started at version: %ld",
-	       (long)server_context->log_context.version);
-
-    ihave (context, auth_context, master_fd,
-	   server_context->log_context.version);
-
-    while (exit_flag == 0) {
-	krb5_data out;
-	krb5_storage *sp;
-	int32_t tmp;
-	fd_set readset;
-	struct timeval to;
-
-	if (master_fd >= FD_SETSIZE)
-	    krb5_errx (context, 1, "fd too large");
-
-	FD_ZERO(&readset);
-	FD_SET(master_fd, &readset);
-
-	to.tv_sec = time_before_lost;
-	to.tv_usec = 0;
-
-	ret = select (master_fd + 1,
-		      &readset, NULL, NULL, &to);
-	if (ret < 0) {
-	    if (errno == EINTR)
-		continue;
-	    else
-		krb5_err (context, 1, errno, "select");
-	}
-	if (ret == 0)
-	    krb5_errx (context, 1, "server didn't send a message "
-		       "in %d seconds", time_before_lost);
-
-	ret = krb5_read_priv_message(context, auth_context, &master_fd, &out);
-
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_read_priv_message");
-
-	sp = krb5_storage_from_mem (out.data, out.length);
-	krb5_ret_int32 (sp, &tmp);
-	switch (tmp) {
-	case FOR_YOU :
-	    receive (context, sp, server_context);
-	    ihave (context, auth_context, master_fd,
-		   server_context->log_context.version);
-	    break;
-	case TELL_YOU_EVERYTHING :
-	    receive_everything (context, master_fd, server_context,
-				auth_context);
-	    break;
-	case ARE_YOU_THERE :
-	    send_im_here (context, master_fd, auth_context);
-	    break;
-	case NOW_YOU_HAVE :
-	case I_HAVE :
-	case ONE_PRINC :
-	case I_AM_HERE :
-	default :
-	    krb5_warnx (context, "Ignoring command %d", tmp);
-	    break;
-	}
-	krb5_storage_free (sp);
-	krb5_data_free (&out);
-    }
-    
-    if(exit_flag == SIGXCPU)
-	krb5_warnx(context, "%s CPU time limit exceeded", getprogname());
-    else if(exit_flag == SIGINT || exit_flag == SIGTERM)
-	krb5_warnx(context, "%s terminated", getprogname());
-    else
-	krb5_warnx(context, "%s unexpected exit reason: %d", 
-		   getprogname(), exit_flag);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/kadm5-private.h b/crypto/heimdal/lib/kadm5/kadm5-private.h
deleted file mode 100644
index 56b2b3252d87..000000000000
--- a/crypto/heimdal/lib/kadm5/kadm5-private.h
+++ /dev/null
@@ -1,503 +0,0 @@
-/* This is a generated file */
-#ifndef __kadm5_private_h__
-#define __kadm5_private_h__
-
-#include <stdarg.h>
-
-kadm5_ret_t
-_kadm5_acl_check_permission (
-	kadm5_server_context */*context*/,
-	unsigned /*op*/,
-	krb5_const_principal /*princ*/);
-
-kadm5_ret_t
-_kadm5_acl_init (kadm5_server_context */*context*/);
-
-kadm5_ret_t
-_kadm5_bump_pw_expire (
-	kadm5_server_context */*context*/,
-	hdb_entry */*ent*/);
-
-krb5_error_code
-_kadm5_c_get_cred_cache (
-	krb5_context /*context*/,
-	const char */*client_name*/,
-	const char */*server_name*/,
-	const char */*password*/,
-	krb5_prompter_fct /*prompter*/,
-	const char */*keytab*/,
-	krb5_ccache /*ccache*/,
-	krb5_ccache */*ret_cache*/);
-
-kadm5_ret_t
-_kadm5_c_init_context (
-	kadm5_client_context **/*ctx*/,
-	kadm5_config_params */*params*/,
-	krb5_context /*context*/);
-
-kadm5_ret_t
-_kadm5_client_recv (
-	kadm5_client_context */*context*/,
-	krb5_data */*reply*/);
-
-kadm5_ret_t
-_kadm5_client_send (
-	kadm5_client_context */*context*/,
-	krb5_storage */*sp*/);
-
-int
-_kadm5_cmp_keys (
-	Key */*keys1*/,
-	int /*len1*/,
-	Key */*keys2*/,
-	int /*len2*/);
-
-kadm5_ret_t
-_kadm5_connect (void */*handle*/);
-
-kadm5_ret_t
-_kadm5_error_code (kadm5_ret_t /*code*/);
-
-void
-_kadm5_free_keys (
-	krb5_context /*context*/,
-	int /*len*/,
-	Key */*keys*/);
-
-void
-_kadm5_init_keys (
-	Key */*keys*/,
-	int /*len*/);
-
-kadm5_ret_t
-_kadm5_marshal_params (
-	krb5_context /*context*/,
-	kadm5_config_params */*params*/,
-	krb5_data */*out*/);
-
-kadm5_ret_t
-_kadm5_privs_to_string (
-	uint32_t /*privs*/,
-	char */*string*/,
-	size_t /*len*/);
-
-HDB *
-_kadm5_s_get_db (void */*server_handle*/);
-
-kadm5_ret_t
-_kadm5_s_init_context (
-	kadm5_server_context **/*ctx*/,
-	kadm5_config_params */*params*/,
-	krb5_context /*context*/);
-
-kadm5_ret_t
-_kadm5_set_keys (
-	kadm5_server_context */*context*/,
-	hdb_entry */*ent*/,
-	const char */*password*/);
-
-kadm5_ret_t
-_kadm5_set_keys2 (
-	kadm5_server_context */*context*/,
-	hdb_entry */*ent*/,
-	int16_t /*n_key_data*/,
-	krb5_key_data */*key_data*/);
-
-kadm5_ret_t
-_kadm5_set_keys3 (
-	kadm5_server_context */*context*/,
-	hdb_entry */*ent*/,
-	int /*n_keys*/,
-	krb5_keyblock */*keyblocks*/);
-
-kadm5_ret_t
-_kadm5_set_keys_randomly (
-	kadm5_server_context */*context*/,
-	hdb_entry */*ent*/,
-	krb5_keyblock **/*new_keys*/,
-	int */*n_keys*/);
-
-kadm5_ret_t
-_kadm5_set_modifier (
-	kadm5_server_context */*context*/,
-	hdb_entry */*ent*/);
-
-kadm5_ret_t
-_kadm5_setup_entry (
-	kadm5_server_context */*context*/,
-	hdb_entry_ex */*ent*/,
-	uint32_t /*mask*/,
-	kadm5_principal_ent_t /*princ*/,
-	uint32_t /*princ_mask*/,
-	kadm5_principal_ent_t /*def*/,
-	uint32_t /*def_mask*/);
-
-kadm5_ret_t
-_kadm5_string_to_privs (
-	const char */*s*/,
-	uint32_t* /*privs*/);
-
-kadm5_ret_t
-_kadm5_unmarshal_params (
-	krb5_context /*context*/,
-	krb5_data */*in*/,
-	kadm5_config_params */*params*/);
-
-kadm5_ret_t
-kadm5_c_chpass_principal (
-	void */*server_handle*/,
-	krb5_principal /*princ*/,
-	const char */*password*/);
-
-kadm5_ret_t
-kadm5_c_chpass_principal_with_key (
-	void */*server_handle*/,
-	krb5_principal /*princ*/,
-	int /*n_key_data*/,
-	krb5_key_data */*key_data*/);
-
-kadm5_ret_t
-kadm5_c_create_principal (
-	void */*server_handle*/,
-	kadm5_principal_ent_t /*princ*/,
-	uint32_t /*mask*/,
-	const char */*password*/);
-
-kadm5_ret_t
-kadm5_c_delete_principal (
-	void */*server_handle*/,
-	krb5_principal /*princ*/);
-
-kadm5_ret_t
-kadm5_c_destroy (void */*server_handle*/);
-
-kadm5_ret_t
-kadm5_c_flush (void */*server_handle*/);
-
-kadm5_ret_t
-kadm5_c_get_principal (
-	void */*server_handle*/,
-	krb5_principal /*princ*/,
-	kadm5_principal_ent_t /*out*/,
-	uint32_t /*mask*/);
-
-kadm5_ret_t
-kadm5_c_get_principals (
-	void */*server_handle*/,
-	const char */*expression*/,
-	char ***/*princs*/,
-	int */*count*/);
-
-kadm5_ret_t
-kadm5_c_get_privs (
-	void */*server_handle*/,
-	uint32_t */*privs*/);
-
-kadm5_ret_t
-kadm5_c_init_with_creds (
-	const char */*client_name*/,
-	krb5_ccache /*ccache*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_c_init_with_creds_ctx (
-	krb5_context /*context*/,
-	const char */*client_name*/,
-	krb5_ccache /*ccache*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_c_init_with_password (
-	const char */*client_name*/,
-	const char */*password*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_c_init_with_password_ctx (
-	krb5_context /*context*/,
-	const char */*client_name*/,
-	const char */*password*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_c_init_with_skey (
-	const char */*client_name*/,
-	const char */*keytab*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_c_init_with_skey_ctx (
-	krb5_context /*context*/,
-	const char */*client_name*/,
-	const char */*keytab*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_c_modify_principal (
-	void */*server_handle*/,
-	kadm5_principal_ent_t /*princ*/,
-	uint32_t /*mask*/);
-
-kadm5_ret_t
-kadm5_c_randkey_principal (
-	void */*server_handle*/,
-	krb5_principal /*princ*/,
-	krb5_keyblock **/*new_keys*/,
-	int */*n_keys*/);
-
-kadm5_ret_t
-kadm5_c_rename_principal (
-	void */*server_handle*/,
-	krb5_principal /*source*/,
-	krb5_principal /*target*/);
-
-kadm5_ret_t
-kadm5_log_create (
-	kadm5_server_context */*context*/,
-	hdb_entry */*ent*/);
-
-kadm5_ret_t
-kadm5_log_delete (
-	kadm5_server_context */*context*/,
-	krb5_principal /*princ*/);
-
-kadm5_ret_t
-kadm5_log_end (kadm5_server_context */*context*/);
-
-kadm5_ret_t
-kadm5_log_foreach (
-	kadm5_server_context */*context*/,
-	void (*/*func*/)(kadm5_server_context *server_context, uint32_t ver, time_t timestamp, enum kadm_ops op, uint32_t len, krb5_storage *, void *),
-	void */*ctx*/);
-
-kadm5_ret_t
-kadm5_log_get_version (
-	kadm5_server_context */*context*/,
-	uint32_t */*ver*/);
-
-kadm5_ret_t
-kadm5_log_get_version_fd (
-	int /*fd*/,
-	uint32_t */*ver*/);
-
-krb5_storage *
-kadm5_log_goto_end (int /*fd*/);
-
-kadm5_ret_t
-kadm5_log_init (kadm5_server_context */*context*/);
-
-kadm5_ret_t
-kadm5_log_modify (
-	kadm5_server_context */*context*/,
-	hdb_entry */*ent*/,
-	uint32_t /*mask*/);
-
-kadm5_ret_t
-kadm5_log_nop (kadm5_server_context */*context*/);
-
-kadm5_ret_t
-kadm5_log_previous (
-	krb5_context /*context*/,
-	krb5_storage */*sp*/,
-	uint32_t */*ver*/,
-	time_t */*timestamp*/,
-	enum kadm_ops */*op*/,
-	uint32_t */*len*/);
-
-kadm5_ret_t
-kadm5_log_reinit (kadm5_server_context */*context*/);
-
-kadm5_ret_t
-kadm5_log_rename (
-	kadm5_server_context */*context*/,
-	krb5_principal /*source*/,
-	hdb_entry */*ent*/);
-
-kadm5_ret_t
-kadm5_log_replay (
-	kadm5_server_context */*context*/,
-	enum kadm_ops /*op*/,
-	uint32_t /*ver*/,
-	uint32_t /*len*/,
-	krb5_storage */*sp*/);
-
-kadm5_ret_t
-kadm5_log_set_version (
-	kadm5_server_context */*context*/,
-	uint32_t /*vno*/);
-
-const char *
-kadm5_log_signal_socket (krb5_context /*context*/);
-
-kadm5_ret_t
-kadm5_log_truncate (kadm5_server_context */*server_context*/);
-
-kadm5_ret_t
-kadm5_s_chpass_principal (
-	void */*server_handle*/,
-	krb5_principal /*princ*/,
-	const char */*password*/);
-
-kadm5_ret_t
-kadm5_s_chpass_principal_cond (
-	void */*server_handle*/,
-	krb5_principal /*princ*/,
-	const char */*password*/);
-
-kadm5_ret_t
-kadm5_s_chpass_principal_with_key (
-	void */*server_handle*/,
-	krb5_principal /*princ*/,
-	int /*n_key_data*/,
-	krb5_key_data */*key_data*/);
-
-kadm5_ret_t
-kadm5_s_create_principal (
-	void */*server_handle*/,
-	kadm5_principal_ent_t /*princ*/,
-	uint32_t /*mask*/,
-	const char */*password*/);
-
-kadm5_ret_t
-kadm5_s_create_principal_with_key (
-	void */*server_handle*/,
-	kadm5_principal_ent_t /*princ*/,
-	uint32_t /*mask*/);
-
-kadm5_ret_t
-kadm5_s_delete_principal (
-	void */*server_handle*/,
-	krb5_principal /*princ*/);
-
-kadm5_ret_t
-kadm5_s_destroy (void */*server_handle*/);
-
-kadm5_ret_t
-kadm5_s_flush (void */*server_handle*/);
-
-kadm5_ret_t
-kadm5_s_get_principal (
-	void */*server_handle*/,
-	krb5_principal /*princ*/,
-	kadm5_principal_ent_t /*out*/,
-	uint32_t /*mask*/);
-
-kadm5_ret_t
-kadm5_s_get_principals (
-	void */*server_handle*/,
-	const char */*expression*/,
-	char ***/*princs*/,
-	int */*count*/);
-
-kadm5_ret_t
-kadm5_s_get_privs (
-	void */*server_handle*/,
-	uint32_t */*privs*/);
-
-kadm5_ret_t
-kadm5_s_init_with_creds (
-	const char */*client_name*/,
-	krb5_ccache /*ccache*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_s_init_with_creds_ctx (
-	krb5_context /*context*/,
-	const char */*client_name*/,
-	krb5_ccache /*ccache*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_s_init_with_password (
-	const char */*client_name*/,
-	const char */*password*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_s_init_with_password_ctx (
-	krb5_context /*context*/,
-	const char */*client_name*/,
-	const char */*password*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_s_init_with_skey (
-	const char */*client_name*/,
-	const char */*keytab*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_s_init_with_skey_ctx (
-	krb5_context /*context*/,
-	const char */*client_name*/,
-	const char */*keytab*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_s_modify_principal (
-	void */*server_handle*/,
-	kadm5_principal_ent_t /*princ*/,
-	uint32_t /*mask*/);
-
-kadm5_ret_t
-kadm5_s_randkey_principal (
-	void */*server_handle*/,
-	krb5_principal /*princ*/,
-	krb5_keyblock **/*new_keys*/,
-	int */*n_keys*/);
-
-kadm5_ret_t
-kadm5_s_rename_principal (
-	void */*server_handle*/,
-	krb5_principal /*source*/,
-	krb5_principal /*target*/);
-
-#endif /* __kadm5_private_h__ */
diff --git a/crypto/heimdal/lib/kadm5/kadm5-protos.h b/crypto/heimdal/lib/kadm5/kadm5-protos.h
deleted file mode 100644
index eebae95d8f28..000000000000
--- a/crypto/heimdal/lib/kadm5/kadm5-protos.h
+++ /dev/null
@@ -1,244 +0,0 @@
-/* This is a generated file */
-#ifndef __kadm5_protos_h__
-#define __kadm5_protos_h__
-
-#include <stdarg.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-kadm5_ret_t
-kadm5_ad_init_with_password (
-	const char */*client_name*/,
-	const char */*password*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_ad_init_with_password_ctx (
-	krb5_context /*context*/,
-	const char */*client_name*/,
-	const char */*password*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-krb5_error_code
-kadm5_add_passwd_quality_verifier (
-	krb5_context /*context*/,
-	const char */*check_library*/);
-
-const char *
-kadm5_check_password_quality (
-	krb5_context /*context*/,
-	krb5_principal /*principal*/,
-	krb5_data */*pwd_data*/);
-
-kadm5_ret_t
-kadm5_chpass_principal (
-	void */*server_handle*/,
-	krb5_principal /*princ*/,
-	const char */*password*/);
-
-kadm5_ret_t
-kadm5_chpass_principal_with_key (
-	void */*server_handle*/,
-	krb5_principal /*princ*/,
-	int /*n_key_data*/,
-	krb5_key_data */*key_data*/);
-
-kadm5_ret_t
-kadm5_create_principal (
-	void */*server_handle*/,
-	kadm5_principal_ent_t /*princ*/,
-	uint32_t /*mask*/,
-	const char */*password*/);
-
-kadm5_ret_t
-kadm5_delete_principal (
-	void */*server_handle*/,
-	krb5_principal /*princ*/);
-
-kadm5_ret_t
-kadm5_destroy (void */*server_handle*/);
-
-kadm5_ret_t
-kadm5_flush (void */*server_handle*/);
-
-void
-kadm5_free_key_data (
-	void */*server_handle*/,
-	int16_t */*n_key_data*/,
-	krb5_key_data */*key_data*/);
-
-void
-kadm5_free_name_list (
-	void */*server_handle*/,
-	char **/*names*/,
-	int */*count*/);
-
-void
-kadm5_free_principal_ent (
-	void */*server_handle*/,
-	kadm5_principal_ent_t /*princ*/);
-
-kadm5_ret_t
-kadm5_get_principal (
-	void */*server_handle*/,
-	krb5_principal /*princ*/,
-	kadm5_principal_ent_t /*out*/,
-	uint32_t /*mask*/);
-
-kadm5_ret_t
-kadm5_get_principals (
-	void */*server_handle*/,
-	const char */*expression*/,
-	char ***/*princs*/,
-	int */*count*/);
-
-kadm5_ret_t
-kadm5_get_privs (
-	void */*server_handle*/,
-	uint32_t */*privs*/);
-
-kadm5_ret_t
-kadm5_init_with_creds (
-	const char */*client_name*/,
-	krb5_ccache /*ccache*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_init_with_creds_ctx (
-	krb5_context /*context*/,
-	const char */*client_name*/,
-	krb5_ccache /*ccache*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_init_with_password (
-	const char */*client_name*/,
-	const char */*password*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_init_with_password_ctx (
-	krb5_context /*context*/,
-	const char */*client_name*/,
-	const char */*password*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_init_with_skey (
-	const char */*client_name*/,
-	const char */*keytab*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_init_with_skey_ctx (
-	krb5_context /*context*/,
-	const char */*client_name*/,
-	const char */*keytab*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_modify_principal (
-	void */*server_handle*/,
-	kadm5_principal_ent_t /*princ*/,
-	uint32_t /*mask*/);
-
-kadm5_ret_t
-kadm5_randkey_principal (
-	void */*server_handle*/,
-	krb5_principal /*princ*/,
-	krb5_keyblock **/*new_keys*/,
-	int */*n_keys*/);
-
-kadm5_ret_t
-kadm5_rename_principal (
-	void */*server_handle*/,
-	krb5_principal /*source*/,
-	krb5_principal /*target*/);
-
-kadm5_ret_t
-kadm5_ret_key_data (
-	krb5_storage */*sp*/,
-	krb5_key_data */*key*/);
-
-kadm5_ret_t
-kadm5_ret_principal_ent (
-	krb5_storage */*sp*/,
-	kadm5_principal_ent_t /*princ*/);
-
-kadm5_ret_t
-kadm5_ret_principal_ent_mask (
-	krb5_storage */*sp*/,
-	kadm5_principal_ent_t /*princ*/,
-	uint32_t */*mask*/);
-
-kadm5_ret_t
-kadm5_ret_tl_data (
-	krb5_storage */*sp*/,
-	krb5_tl_data */*tl*/);
-
-void
-kadm5_setup_passwd_quality_check (
-	krb5_context /*context*/,
-	const char */*check_library*/,
-	const char */*check_function*/);
-
-kadm5_ret_t
-kadm5_store_key_data (
-	krb5_storage */*sp*/,
-	krb5_key_data */*key*/);
-
-kadm5_ret_t
-kadm5_store_principal_ent (
-	krb5_storage */*sp*/,
-	kadm5_principal_ent_t /*princ*/);
-
-kadm5_ret_t
-kadm5_store_principal_ent_mask (
-	krb5_storage */*sp*/,
-	kadm5_principal_ent_t /*princ*/,
-	uint32_t /*mask*/);
-
-kadm5_ret_t
-kadm5_store_tl_data (
-	krb5_storage */*sp*/,
-	krb5_tl_data */*tl*/);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __kadm5_protos_h__ */
diff --git a/crypto/heimdal/lib/kadm5/kadm5-pwcheck.h b/crypto/heimdal/lib/kadm5/kadm5-pwcheck.h
deleted file mode 100644
index 96f3f1849f28..000000000000
--- a/crypto/heimdal/lib/kadm5/kadm5-pwcheck.h
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * Copyright (c) 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: kadm5-pwcheck.h 15489 2005-06-17 06:45:52Z lha $ */
-
-#ifndef KADM5_PWCHECK_H
-#define KADM5_PWCHECK_H 1
-
-
-#define KADM5_PASSWD_VERSION_V0 0
-#define KADM5_PASSWD_VERSION_V1 1
-
-typedef const char* (*kadm5_passwd_quality_check_func_v0)(krb5_context,
-							  krb5_principal,
-							  krb5_data*);
-
-/* 
- * The 4th argument, is a tuning parameter for the quality check
- * function, the lib/caller will providing it for the password quality
- * module.
- */
-
-typedef int
-(*kadm5_passwd_quality_check_func)(krb5_context context,
-				   krb5_principal principal,
-				   krb5_data *password,
-				   const char *tuning,
-				   char *message,
-				   size_t length);
-
-struct kadm5_pw_policy_check_func {
-    const char *name;
-    kadm5_passwd_quality_check_func func;
-};
-
-struct kadm5_pw_policy_verifier {
-    const char *name;
-    int version;
-    const char *vendor;
-    const struct kadm5_pw_policy_check_func *funcs;
-};
-
-#endif /* KADM5_PWCHECK_H */
diff --git a/crypto/heimdal/lib/kadm5/kadm5_err.et b/crypto/heimdal/lib/kadm5/kadm5_err.et
deleted file mode 100644
index 1ac624a9ef90..000000000000
--- a/crypto/heimdal/lib/kadm5/kadm5_err.et
+++ /dev/null
@@ -1,59 +0,0 @@
-#
-# Error messages for the kadm5 library
-#
-# This might look like a com_err file, but is not
-#
-id "$Id: kadm5_err.et 16683 2006-02-02 13:11:47Z lha $"
-
-error_table ovk kadm5
-
-prefix KADM5
-error_code FAILURE,		"Operation failed for unspecified reason"
-error_code AUTH_GET,		"Operation requires `get' privilege"
-error_code AUTH_ADD,		"Operation requires `add' privilege"
-error_code AUTH_MODIFY,		"Operation requires `modify' privilege"
-error_code AUTH_DELETE,		"Operation requires `delete' privilege"
-error_code AUTH_INSUFFICIENT,	"Insufficient authorization for operation"
-error_code BAD_DB,		"Database inconsistency detected"
-error_code DUP,			"Principal or policy already exists"
-error_code RPC_ERROR,		"Communication failure with server"
-error_code NO_SRV,		"No administration server found for realm"
-error_code BAD_HIST_KEY,	"Password history principal key version mismatch"
-error_code NOT_INIT,		"Connection to server not initialized"
-error_code UNK_PRINC,		"Principal does not exist"
-error_code UNK_POLICY,		"Policy does not exist"
-error_code BAD_MASK,		"Invalid field mask for operation"
-error_code BAD_CLASS,		"Invalid number of character classes"
-error_code BAD_LENGTH,		"Invalid password length"
-error_code BAD_POLICY,		"Invalid policy name"
-error_code BAD_PRINCIPAL,	"Invalid principal name."
-error_code BAD_AUX_ATTR,	"Invalid auxillary attributes"
-error_code BAD_HISTORY,		"Invalid password history count"
-error_code BAD_MIN_PASS_LIFE,	"Password minimum life is greater than password maximum life"
-error_code PASS_Q_TOOSHORT,	"Password is too short"
-error_code PASS_Q_CLASS,	"Password does not contain enough character classes"
-error_code PASS_Q_DICT,		"Password is in the password dictionary"
-error_code PASS_REUSE,		"Can't reuse password"
-error_code PASS_TOOSOON,	"Current password's minimum life has not expired"
-error_code POLICY_REF,		"Policy is in use"
-error_code INIT,		"Connection to server already initialized"
-error_code BAD_PASSWORD,	"Incorrect password"
-error_code PROTECT_PRINCIPAL,	"Can't change protected principal"
-error_code BAD_SERVER_HANDLE,	"Programmer error!  Bad Admin server handle"
-error_code BAD_STRUCT_VERSION,	"Programmer error!  Bad API structure version"
-error_code OLD_STRUCT_VERSION,	"API structure version specified by application is no longer supported"
-error_code NEW_STRUCT_VERSION,	"API structure version specified by application is unknown to libraries"
-error_code BAD_API_VERSION,	"Programmer error!  Bad API version"
-error_code OLD_LIB_API_VERSION,	"API version specified by application is no longer supported by libraries"
-error_code OLD_SERVER_API_VERSION,"API version specified by application is no longer supported by server"
-error_code NEW_LIB_API_VERSION,	"API version specified by application is unknown to libraries"
-error_code NEW_SERVER_API_VERSION,"API version specified by application is unknown to server"
-error_code SECURE_PRINC_MISSING,"Database error! Required principal missing"
-error_code NO_RENAME_SALT,	"The salt type of the specified principal does not support renaming"
-error_code BAD_CLIENT_PARAMS,	"Invalid configuration parameter for remote KADM5 client"
-error_code BAD_SERVER_PARAMS,	"Invalid configuration parameter for local KADM5 client."
-error_code AUTH_LIST,		"Operation requires `list' privilege"
-error_code AUTH_CHANGEPW,	"Operation requires `change-password' privilege"
-error_code BAD_TL_TYPE,		"Invalid tagged data list element type"
-error_code MISSING_CONF_PARAMS,	"Required parameters in kdc.conf missing"
-error_code BAD_SERVER_NAME,	"Bad krb5 admin server hostname"
diff --git a/crypto/heimdal/lib/kadm5/kadm5_locl.h b/crypto/heimdal/lib/kadm5/kadm5_locl.h
deleted file mode 100644
index c79e6442f1f5..000000000000
--- a/crypto/heimdal/lib/kadm5/kadm5_locl.h
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * Copyright (c) 1997-2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: kadm5_locl.h 8579 2000-07-08 11:57:40Z assar $ */
-
-#ifndef __KADM5_LOCL_H__
-#define __KADM5_LOCL_H__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include <assert.h>
-#include <limits.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_TIME_H
-#include <sys/time.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_SYS_FILE_H
-#include <sys/file.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_SYS_UN_H
-#include <sys/un.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#include <fnmatch.h>
-#include "admin.h"
-#include "kadm5_err.h"
-#include <hdb.h>
-#include <der.h>
-#include <roken.h>
-#include <parse_units.h>
-#include "private.h"
-
-#endif /* __KADM5_LOCL_H__ */
diff --git a/crypto/heimdal/lib/kadm5/kadm5_pwcheck.3 b/crypto/heimdal/lib/kadm5/kadm5_pwcheck.3
deleted file mode 100644
index ee045c9e773d..000000000000
--- a/crypto/heimdal/lib/kadm5/kadm5_pwcheck.3
+++ /dev/null
@@ -1,146 +0,0 @@
-.\" Copyright (c) 2003 - 2004 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: kadm5_pwcheck.3 15237 2005-05-25 13:16:27Z lha $
-.\"
-.Dd February 29, 2004
-.Dt KADM5_PWCHECK 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_pwcheck ,
-.Nm kadm5_setup_passwd_quality_check ,
-.Nm kadm5_add_passwd_quality_verifier ,
-.Nm kadm5_check_password_quality
-.Nd Heimdal warning and error functions
-.Sh LIBRARY
-Kerberos 5 Library (libkadm5srv, -lkadm5srv)
-.Sh SYNOPSIS
-.In kadm5-protos.h
-.In kadm5-pwcheck.h
-.Ft void
-.Fo kadm5_setup_passwd_quality_check
-.Fa "krb5_context context"
-.Fa "const char *check_library"
-.Fa "const char *check_function"
-.Fc
-.Ft "krb5_error_code"
-.Fo kadm5_add_passwd_quality_verifier
-.Fa "krb5_context context"
-.Fa "const char *check_library"
-.Fc
-.Ft "const char *"
-.Fo kadm5_check_password_quality
-.Fa "krb5_context context"
-.Fa "krb5_principal principal"
-.Fa "krb5_data *pwd_data"
-.Fc
-.Ft int
-.Fo "(*kadm5_passwd_quality_check_func)"
-.Fa "krb5_context context"
-.Fa "krb5_principal principal"
-.Fa "krb5_data *password"
-.Fa "const char *tuning"
-.Fa "char *message"
-.Fa "size_t length"
-.Fc
-.Sh DESCRIPTION
-These functions perform the quality check for the heimdal database
-library.
-.Pp
-There are two versions of the shared object API; the old version (0)
-is deprecated, but still supported.  The new version (1) supports
-multiple password quality checking modules in the same shared object.
-See below for details.
-.Pp
-The password quality checker will run over all tests that are
-configured by the user.
-.Pp
-Module names are of the form
-.Ql vendor:test-name
-or, if the the test name is unique enough, just
-.Ql test-name .
-.Sh IMPLEMENTING A PASSWORD QUALITY CHECKING SHARED OBJECT
-(This refers to the version 1 API only.)
-.Pp
-Module shared objects may conveniently be compiled and linked with
-.Xr libtool 1 .
-An object needs to export a symbol called
-.Ql kadm5_password_verifier
-of the type
-.Ft "struct kadm5_pw_policy_verifier" .
-.Pp
-Its
-.Ft name
-and
-.Ft vendor
-fields should be contain the obvious information and
-.Ft version
-should be
-.Dv KADM5_PASSWD_VERSION_V1 .
-.Ft funcs
-contains an array of
-.Ft "struct kadm5_pw_policy_check_func"
-structures that is terminated with an entry whose
-.Ft name
-component is
-.Dv NULL .
-The
-.Ft func
-Fields of the array elements are functions that are exported by the
-module to be called to check the password.  They get the following
-arguments:  the Kerberos context, principal, password, a tuning parameter, and
-a pointer to a message buffer and its length.  The tuning parameter
-for the quality check function is currently always
-.Dv NULL .
-If the password is acceptable, the function returns zero.  Otherwise
-it returns non-zero and fills in the message buffer with an
-appropriate explanation.
-.Sh RUNNING THE CHECKS
-.Nm kadm5_setup_passwd_quality_check
-sets up type 0 checks.  It sets up all type 0 checks defined in
-.Xr krb5.conf 5
-if called with the last two arguments null.
-.Pp
-.Nm kadm5_add_passwd_quality_verifier
-sets up type 1 checks.  It sets up all type 1 tests defined in
-.Xr krb5.conf 5
-if called with a null second argument.
-.Nm kadm5_check_password_quality
-runs the checks in the order in which they are defined in
-.Xr krb5.conf 5
-and the order in which they occur in a
-module's
-.Ft funcs
-array until one returns non-zero.
-.Sh SEE ALSO
-.Xr libtool 1 ,
-.Xr krb5 3 ,
-.Xr krb5.conf 5
diff --git a/crypto/heimdal/lib/kadm5/keys.c b/crypto/heimdal/lib/kadm5/keys.c
deleted file mode 100644
index 2521fae24385..000000000000
--- a/crypto/heimdal/lib/kadm5/keys.c
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: keys.c 14297 2004-10-11 23:50:25Z lha $");
-
-/*
- * free all the memory used by (len, keys)
- */
-
-void
-_kadm5_free_keys (krb5_context context,
-		  int len, Key *keys)
-{
-    hdb_free_keys(context, len, keys);
-}
-
-/*
- * null-ify `len', `keys'
- */
-
-void
-_kadm5_init_keys (Key *keys, int len)
-{
-    int i;
-
-    for (i = 0; i < len; ++i) {
-	keys[i].mkvno               = NULL;
-	keys[i].salt                = NULL;
-	keys[i].key.keyvalue.length = 0;
-	keys[i].key.keyvalue.data   = NULL;
-    }
-}
-
-/*
- * return 0 iff `keys1, len1' and `keys2, len2' are identical
- */
-
-int
-_kadm5_cmp_keys(Key *keys1, int len1, Key *keys2, int len2)
-{
-    int i;
-
-    if (len1 != len2)
-	return 1;
-
-    for (i = 0; i < len1; ++i) {
-	if ((keys1[i].salt != NULL && keys2[i].salt == NULL)
-	    || (keys1[i].salt == NULL && keys2[i].salt != NULL))
-	    return 1;
-	if (keys1[i].salt != NULL) {
-	    if (keys1[i].salt->type != keys2[i].salt->type)
-		return 1;
-	    if (keys1[i].salt->salt.length != keys2[i].salt->salt.length)
-		return 1;
-	    if (memcmp (keys1[i].salt->salt.data, keys2[i].salt->salt.data,
-			keys1[i].salt->salt.length) != 0)
-		return 1;
-	}
-	if (keys1[i].key.keytype != keys2[i].key.keytype)
-	    return 1;
-	if (keys1[i].key.keyvalue.length != keys2[i].key.keyvalue.length)
-	    return 1;
-	if (memcmp (keys1[i].key.keyvalue.data, keys2[i].key.keyvalue.data,
-		    keys1[i].key.keyvalue.length) != 0)
-	    return 1;
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/log.c b/crypto/heimdal/lib/kadm5/log.c
deleted file mode 100644
index 5c4aaefe707c..000000000000
--- a/crypto/heimdal/lib/kadm5/log.c
+++ /dev/null
@@ -1,982 +0,0 @@
-/*
- * Copyright (c) 1997 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-#include "heim_threads.h"
-
-RCSID("$Id: log.c 22211 2007-12-07 19:27:27Z lha $");
-
-/*
- * A log record consists of:
- *
- * version number		4 bytes
- * time in seconds		4 bytes
- * operation (enum kadm_ops)	4 bytes
- * length of record		4 bytes
- * data...			n bytes
- * length of record		4 bytes
- * version number		4 bytes
- *
- */
-
-kadm5_ret_t
-kadm5_log_get_version_fd (int fd,
-			  uint32_t *ver)
-{
-    int ret;
-    krb5_storage *sp;
-    int32_t old_version;
-
-    ret = lseek (fd, 0, SEEK_END);
-    if(ret < 0)
-	return errno;
-    if(ret == 0) {
-	*ver = 0;
-	return 0;
-    }
-    sp = krb5_storage_from_fd (fd);
-    krb5_storage_seek(sp, -4, SEEK_CUR);
-    krb5_ret_int32 (sp, &old_version);
-    *ver = old_version;
-    krb5_storage_free(sp);
-    lseek (fd, 0, SEEK_END);
-    return 0;
-}
-
-kadm5_ret_t
-kadm5_log_get_version (kadm5_server_context *context, uint32_t *ver)
-{
-    return kadm5_log_get_version_fd (context->log_context.log_fd, ver);
-}
-
-kadm5_ret_t
-kadm5_log_set_version (kadm5_server_context *context, uint32_t vno)
-{
-    kadm5_log_context *log_context = &context->log_context;
-
-    log_context->version = vno;
-    return 0;
-}
-
-kadm5_ret_t
-kadm5_log_init (kadm5_server_context *context)
-{
-    int fd;
-    kadm5_ret_t ret;
-    kadm5_log_context *log_context = &context->log_context;
-
-    if (log_context->log_fd != -1)
-	return 0;
-    fd = open (log_context->log_file, O_RDWR | O_CREAT, 0600);
-    if (fd < 0) {
-	krb5_set_error_string(context->context, "kadm5_log_init: open %s",
-			      log_context->log_file);
-	return errno;
-    }
-    if (flock (fd, LOCK_EX) < 0) {
-	krb5_set_error_string(context->context, "kadm5_log_init: flock %s",
-			      log_context->log_file);
-	close (fd);
-	return errno;
-    }
-
-    ret = kadm5_log_get_version_fd (fd, &log_context->version);
-    if (ret)
-	return ret;
-
-    log_context->log_fd  = fd;
-    return 0;
-}
-
-kadm5_ret_t
-kadm5_log_reinit (kadm5_server_context *context)
-{
-    int fd;
-    kadm5_log_context *log_context = &context->log_context;
-
-    if (log_context->log_fd != -1) {
-	flock (log_context->log_fd, LOCK_UN);
-	close (log_context->log_fd);
-	log_context->log_fd = -1;
-    }
-    fd = open (log_context->log_file, O_RDWR | O_CREAT | O_TRUNC, 0600);
-    if (fd < 0)
-	return errno;
-    if (flock (fd, LOCK_EX) < 0) {
-	close (fd);
-	return errno;
-    }
-
-    log_context->version = 0;
-    log_context->log_fd  = fd;
-    return 0;
-}
-
-
-kadm5_ret_t
-kadm5_log_end (kadm5_server_context *context)
-{
-    kadm5_log_context *log_context = &context->log_context;
-    int fd = log_context->log_fd;
-
-    flock (fd, LOCK_UN);
-    close(fd);
-    log_context->log_fd = -1;
-    return 0;
-}
-
-static kadm5_ret_t
-kadm5_log_preamble (kadm5_server_context *context,
-		    krb5_storage *sp,
-		    enum kadm_ops op)
-{
-    kadm5_log_context *log_context = &context->log_context;
-    kadm5_ret_t kadm_ret;
-
-    kadm_ret = kadm5_log_init (context);
-    if (kadm_ret)
-	return kadm_ret;
-
-    krb5_store_int32 (sp, ++log_context->version);
-    krb5_store_int32 (sp, time(NULL));
-    krb5_store_int32 (sp, op);
-    return 0;
-}
-
-static kadm5_ret_t
-kadm5_log_postamble (kadm5_log_context *context,
-		     krb5_storage *sp)
-{
-    krb5_store_int32 (sp, context->version);
-    return 0;
-}
-
-/*
- * flush the log record in `sp'.
- */
-
-static kadm5_ret_t
-kadm5_log_flush (kadm5_log_context *log_context,
-		 krb5_storage *sp)
-{
-    krb5_data data;
-    size_t len;
-    int ret;
-
-    krb5_storage_to_data(sp, &data);
-    len = data.length;
-    ret = write (log_context->log_fd, data.data, len);
-    if (ret != len) {
-	krb5_data_free(&data);
-	return errno;
-    }
-    if (fsync (log_context->log_fd) < 0) {
-	krb5_data_free(&data);
-	return errno;
-    }
-    /*
-     * Try to send a signal to any running `ipropd-master'
-     */
-    sendto (log_context->socket_fd,
-	    (void *)&log_context->version,
-	    sizeof(log_context->version),
-	    0,
-	    (struct sockaddr *)&log_context->socket_name,
-	    sizeof(log_context->socket_name));
-
-    krb5_data_free(&data);
-    return 0;
-}
-
-/*
- * Add a `create' operation to the log.
- */
-
-kadm5_ret_t
-kadm5_log_create (kadm5_server_context *context,
-		  hdb_entry *ent)
-{
-    krb5_storage *sp;
-    kadm5_ret_t ret;
-    krb5_data value;
-    kadm5_log_context *log_context = &context->log_context;
-
-    sp = krb5_storage_emem();
-    ret = hdb_entry2value (context->context, ent, &value);
-    if (ret) {
-	krb5_storage_free(sp);
-	return ret;
-    }
-    ret = kadm5_log_preamble (context, sp, kadm_create);
-    if (ret) {
-	krb5_data_free (&value);
-	krb5_storage_free(sp);
-	return ret;
-    }
-    krb5_store_int32 (sp, value.length);
-    krb5_storage_write(sp, value.data, value.length);
-    krb5_store_int32 (sp, value.length);
-    krb5_data_free (&value);
-    ret = kadm5_log_postamble (log_context, sp);
-    if (ret) {
-	krb5_storage_free (sp);
-	return ret;
-    }
-    ret = kadm5_log_flush (log_context, sp);
-    krb5_storage_free (sp);
-    if (ret)
-	return ret;
-    ret = kadm5_log_end (context);
-    return ret;
-}
-
-/*
- * Read the data of a create log record from `sp' and change the
- * database.
- */
-
-static kadm5_ret_t
-kadm5_log_replay_create (kadm5_server_context *context,
-			 uint32_t ver,
-			 uint32_t len,
-			 krb5_storage *sp)
-{
-    krb5_error_code ret;
-    krb5_data data;
-    hdb_entry_ex ent;
-
-    memset(&ent, 0, sizeof(ent));
-
-    ret = krb5_data_alloc (&data, len);
-    if (ret) {
-	krb5_set_error_string(context->context, "out of memory");
-	return ret;
-    }
-    krb5_storage_read (sp, data.data, len);
-    ret = hdb_value2entry (context->context, &data, &ent.entry);
-    krb5_data_free(&data);
-    if (ret) {
-	krb5_set_error_string(context->context, 
-			      "Unmarshaling hdb entry failed");
-	return ret;
-    }
-    ret = context->db->hdb_store(context->context, context->db, 0, &ent);
-    hdb_free_entry (context->context, &ent);
-    return ret;
-}
-
-/*
- * Add a `delete' operation to the log.
- */
-
-kadm5_ret_t
-kadm5_log_delete (kadm5_server_context *context,
-		  krb5_principal princ)
-{
-    krb5_storage *sp;
-    kadm5_ret_t ret;
-    off_t off;
-    off_t len;
-    kadm5_log_context *log_context = &context->log_context;
-
-    sp = krb5_storage_emem();
-    if (sp == NULL)
-	return ENOMEM;
-    ret = kadm5_log_preamble (context, sp, kadm_delete);
-    if (ret)
-	goto out;
-    ret = krb5_store_int32 (sp, 0);
-    if (ret)
-	goto out;
-    off = krb5_storage_seek (sp, 0, SEEK_CUR);
-    ret = krb5_store_principal (sp, princ);
-    if (ret)
-	goto out;
-    len = krb5_storage_seek (sp, 0, SEEK_CUR) - off;
-    krb5_storage_seek(sp, -(len + 4), SEEK_CUR);
-    ret = krb5_store_int32 (sp, len);
-    if (ret)
-	goto out;
-    krb5_storage_seek(sp, len, SEEK_CUR);
-    ret = krb5_store_int32 (sp, len);
-    if (ret)
-	goto out;
-    ret = kadm5_log_postamble (log_context, sp);
-    if (ret)
-	goto out;
-    ret = kadm5_log_flush (log_context, sp);
-    if (ret)
-	goto out;
-    ret = kadm5_log_end (context);
-out:
-    krb5_storage_free (sp);
-    return ret;
-}
-
-/*
- * Read a `delete' log operation from `sp' and apply it.
- */
-
-static kadm5_ret_t
-kadm5_log_replay_delete (kadm5_server_context *context,
-			 uint32_t ver,
-			 uint32_t len,
-			 krb5_storage *sp)
-{
-    krb5_error_code ret;
-    krb5_principal principal;
-
-    ret = krb5_ret_principal (sp, &principal);
-    if (ret) {
-	krb5_set_error_string(context->context,  "Failed to read deleted "
-			      "principal from log version: %ld",  (long)ver);
-	return ret;
-    }
-
-    ret = context->db->hdb_remove(context->context, context->db, principal);
-    krb5_free_principal (context->context, principal);
-    return ret;
-}
-
-/*
- * Add a `rename' operation to the log.
- */
-
-kadm5_ret_t
-kadm5_log_rename (kadm5_server_context *context,
-		  krb5_principal source,
-		  hdb_entry *ent)
-{
-    krb5_storage *sp;
-    kadm5_ret_t ret;
-    off_t off;
-    off_t len;
-    krb5_data value;
-    kadm5_log_context *log_context = &context->log_context;
-
-    krb5_data_zero(&value);
-
-    sp = krb5_storage_emem();
-    ret = hdb_entry2value (context->context, ent, &value);
-    if (ret)
-	goto failed;
-
-    ret = kadm5_log_preamble (context, sp, kadm_rename);
-    if (ret)
-	goto failed;
-
-    ret = krb5_store_int32 (sp, 0);
-    if (ret)
-	goto failed;
-    off = krb5_storage_seek (sp, 0, SEEK_CUR);
-    ret = krb5_store_principal (sp, source);
-    if (ret)
-	goto failed;
-
-    krb5_storage_write(sp, value.data, value.length);
-    len = krb5_storage_seek (sp, 0, SEEK_CUR) - off;
-
-    krb5_storage_seek(sp, -(len + 4), SEEK_CUR);
-    ret = krb5_store_int32 (sp, len);
-    if (ret)
-	goto failed;
-
-    krb5_storage_seek(sp, len, SEEK_CUR);
-    ret = krb5_store_int32 (sp, len);
-    if (ret)
-	goto failed;
-
-    ret = kadm5_log_postamble (log_context, sp);
-    if (ret)
-	goto failed;
-
-    ret = kadm5_log_flush (log_context, sp);
-    if (ret)
-	goto failed;
-    krb5_storage_free (sp);
-    krb5_data_free (&value);
-
-    return kadm5_log_end (context);
-
-failed:
-    krb5_data_free(&value);
-    krb5_storage_free(sp);
-    return ret;
-}
-
-/*
- * Read a `rename' log operation from `sp' and apply it.
- */
-
-static kadm5_ret_t
-kadm5_log_replay_rename (kadm5_server_context *context,
-			 uint32_t ver,
-			 uint32_t len,
-			 krb5_storage *sp)
-{
-    krb5_error_code ret;
-    krb5_principal source;
-    hdb_entry_ex target_ent;
-    krb5_data value;
-    off_t off;
-    size_t princ_len, data_len;
-
-    memset(&target_ent, 0, sizeof(target_ent));
-
-    off = krb5_storage_seek(sp, 0, SEEK_CUR);
-    ret = krb5_ret_principal (sp, &source);
-    if (ret) {
-	krb5_set_error_string(context->context, "Failed to read renamed "
-			      "principal in log, version: %ld", (long)ver);
-	return ret;
-    }
-    princ_len = krb5_storage_seek(sp, 0, SEEK_CUR) - off;
-    data_len = len - princ_len;
-    ret = krb5_data_alloc (&value, data_len);
-    if (ret) {
-	krb5_free_principal (context->context, source);
-	return ret;
-    }
-    krb5_storage_read (sp, value.data, data_len);
-    ret = hdb_value2entry (context->context, &value, &target_ent.entry);
-    krb5_data_free(&value);
-    if (ret) {
-	krb5_free_principal (context->context, source);
-	return ret;
-    }
-    ret = context->db->hdb_store (context->context, context->db, 
-				  0, &target_ent);
-    hdb_free_entry (context->context, &target_ent);
-    if (ret) {
-	krb5_free_principal (context->context, source);
-	return ret;
-    }
-    ret = context->db->hdb_remove (context->context, context->db, source);
-    krb5_free_principal (context->context, source);
-    return ret;
-}
-
-
-/*
- * Add a `modify' operation to the log.
- */
-
-kadm5_ret_t
-kadm5_log_modify (kadm5_server_context *context,
-		  hdb_entry *ent,
-		  uint32_t mask)
-{
-    krb5_storage *sp;
-    kadm5_ret_t ret;
-    krb5_data value;
-    uint32_t len;
-    kadm5_log_context *log_context = &context->log_context;
-
-    krb5_data_zero(&value);
-
-    sp = krb5_storage_emem();
-    ret = hdb_entry2value (context->context, ent, &value);
-    if (ret)
-	goto failed;
-
-    ret = kadm5_log_preamble (context, sp, kadm_modify);
-    if (ret)
-	goto failed;
-
-    len = value.length + 4;
-    ret = krb5_store_int32 (sp, len);
-    if (ret)
-	goto failed;
-    ret = krb5_store_int32 (sp, mask);
-    if (ret)
-	goto failed;
-    krb5_storage_write (sp, value.data, value.length);
-
-    ret = krb5_store_int32 (sp, len);
-    if (ret)
-	goto failed;
-    ret = kadm5_log_postamble (log_context, sp);
-    if (ret)
-	goto failed;
-    ret = kadm5_log_flush (log_context, sp);
-    if (ret)
-	goto failed;
-    krb5_data_free(&value);
-    krb5_storage_free (sp);
-    return kadm5_log_end (context);
-failed:
-    krb5_data_free(&value);
-    krb5_storage_free(sp);
-    return ret;
-}
-
-/*
- * Read a `modify' log operation from `sp' and apply it.
- */
-
-static kadm5_ret_t
-kadm5_log_replay_modify (kadm5_server_context *context,
-			 uint32_t ver,
-			 uint32_t len,
-			 krb5_storage *sp)
-{
-    krb5_error_code ret;
-    int32_t mask;
-    krb5_data value;
-    hdb_entry_ex ent, log_ent;
-
-    memset(&log_ent, 0, sizeof(log_ent));
-
-    krb5_ret_int32 (sp, &mask);
-    len -= 4;
-    ret = krb5_data_alloc (&value, len);
-    if (ret) {
-	krb5_set_error_string(context->context, "out of memory");
-	return ret;
-    }
-    krb5_storage_read (sp, value.data, len);
-    ret = hdb_value2entry (context->context, &value, &log_ent.entry);
-    krb5_data_free(&value);
-    if (ret)
-	return ret;
-
-    memset(&ent, 0, sizeof(ent));
-    ret = context->db->hdb_fetch(context->context, context->db,
-				 log_ent.entry.principal,
-				 HDB_F_DECRYPT|HDB_F_GET_ANY, &ent);
-    if (ret)
-	goto out;
-    if (mask & KADM5_PRINC_EXPIRE_TIME) {
-	if (log_ent.entry.valid_end == NULL) {
-	    ent.entry.valid_end = NULL;
-	} else {
-	    if (ent.entry.valid_end == NULL) {
-		ent.entry.valid_end = malloc(sizeof(*ent.entry.valid_end));
-		if (ent.entry.valid_end == NULL) {
-		    krb5_set_error_string(context->context, "out of memory");
-		    ret = ENOMEM;
-		    goto out;
-		}
-	    }
-	    *ent.entry.valid_end = *log_ent.entry.valid_end;
-	}
-    }
-    if (mask & KADM5_PW_EXPIRATION) {
-	if (log_ent.entry.pw_end == NULL) {
-	    ent.entry.pw_end = NULL;
-	} else {
-	    if (ent.entry.pw_end == NULL) {
-		ent.entry.pw_end = malloc(sizeof(*ent.entry.pw_end));
-		if (ent.entry.pw_end == NULL) {
-		    krb5_set_error_string(context->context, "out of memory");
-		    ret = ENOMEM;
-		    goto out;
-		}
-	    }
-	    *ent.entry.pw_end = *log_ent.entry.pw_end;
-	}
-    }
-    if (mask & KADM5_LAST_PWD_CHANGE) {
-	abort ();		/* XXX */
-    }
-    if (mask & KADM5_ATTRIBUTES) {
-	ent.entry.flags = log_ent.entry.flags;
-    }
-    if (mask & KADM5_MAX_LIFE) {
-	if (log_ent.entry.max_life == NULL) {
-	    ent.entry.max_life = NULL;
-	} else {
-	    if (ent.entry.max_life == NULL) {
-		ent.entry.max_life = malloc (sizeof(*ent.entry.max_life));
-		if (ent.entry.max_life == NULL) {
-		    krb5_set_error_string(context->context, "out of memory");
-		    ret = ENOMEM;
-		    goto out;
-		}
-	    }
-	    *ent.entry.max_life = *log_ent.entry.max_life;
-	}
-    }
-    if ((mask & KADM5_MOD_TIME) && (mask & KADM5_MOD_NAME)) {
-	if (ent.entry.modified_by == NULL) {
-	    ent.entry.modified_by = malloc(sizeof(*ent.entry.modified_by));
-	    if (ent.entry.modified_by == NULL) {
-		krb5_set_error_string(context->context, "out of memory");
-		ret = ENOMEM;
-		goto out;
-	    }
-	} else
-	    free_Event(ent.entry.modified_by);
-	ret = copy_Event(log_ent.entry.modified_by, ent.entry.modified_by);
-	if (ret) {
-	    krb5_set_error_string(context->context, "out of memory");
-	    goto out;
-	}
-    }
-    if (mask & KADM5_KVNO) {
-	ent.entry.kvno = log_ent.entry.kvno;
-    }
-    if (mask & KADM5_MKVNO) {
-	abort ();		/* XXX */
-    }
-    if (mask & KADM5_AUX_ATTRIBUTES) {
-	abort ();		/* XXX */
-    }
-    if (mask & KADM5_POLICY) {
-	abort ();		/* XXX */
-    }
-    if (mask & KADM5_POLICY_CLR) {
-	abort ();		/* XXX */
-    }
-    if (mask & KADM5_MAX_RLIFE) {
-	if (log_ent.entry.max_renew == NULL) {
-	    ent.entry.max_renew = NULL;
-	} else {
-	    if (ent.entry.max_renew == NULL) {
-		ent.entry.max_renew = malloc (sizeof(*ent.entry.max_renew));
-		if (ent.entry.max_renew == NULL) {
-		    krb5_set_error_string(context->context, "out of memory");
-		    ret = ENOMEM;
-		    goto out;
-		}
-	    }
-	    *ent.entry.max_renew = *log_ent.entry.max_renew;
-	}
-    }
-    if (mask & KADM5_LAST_SUCCESS) {
-	abort ();		/* XXX */
-    }
-    if (mask & KADM5_LAST_FAILED) {
-	abort ();		/* XXX */
-    }
-    if (mask & KADM5_FAIL_AUTH_COUNT) {
-	abort ();		/* XXX */
-    }
-    if (mask & KADM5_KEY_DATA) {
-	size_t num;
-	int i;
-
-	for (i = 0; i < ent.entry.keys.len; ++i)
-	    free_Key(&ent.entry.keys.val[i]);
-	free (ent.entry.keys.val);
-
-	num = log_ent.entry.keys.len;
-
-	ent.entry.keys.len = num;
-	ent.entry.keys.val = malloc(len * sizeof(*ent.entry.keys.val));
-	if (ent.entry.keys.val == NULL) {
-	    krb5_set_error_string(context->context, "out of memory");
-	    return ENOMEM;
-	}
-	for (i = 0; i < ent.entry.keys.len; ++i) {
-	    ret = copy_Key(&log_ent.entry.keys.val[i],
-			   &ent.entry.keys.val[i]);
-	    if (ret) {
-		krb5_set_error_string(context->context, "out of memory");
-		goto out;
-	    }
-	}
-    }
-    if ((mask & KADM5_TL_DATA) && log_ent.entry.extensions) {
-	HDB_extensions *es = ent.entry.extensions;
-
-	ent.entry.extensions = calloc(1, sizeof(*ent.entry.extensions));
-	if (ent.entry.extensions == NULL)
-	    goto out;
-
-	ret = copy_HDB_extensions(log_ent.entry.extensions,
-				  ent.entry.extensions);
-	if (ret) {
-	    krb5_set_error_string(context->context, "out of memory");
-	    free(ent.entry.extensions);
-	    ent.entry.extensions = es;
-	    goto out;
-	}
-	if (es) {
-	    free_HDB_extensions(es);
-	    free(es);
-	}
-    }
-    ret = context->db->hdb_store(context->context, context->db, 
-				 HDB_F_REPLACE, &ent);
- out:
-    hdb_free_entry (context->context, &ent);
-    hdb_free_entry (context->context, &log_ent);
-    return ret;
-}
-
-/*
- * Add a `nop' operation to the log. Does not close the log.
- */
-
-kadm5_ret_t
-kadm5_log_nop (kadm5_server_context *context)
-{
-    krb5_storage *sp;
-    kadm5_ret_t ret;
-    kadm5_log_context *log_context = &context->log_context;
-
-    sp = krb5_storage_emem();
-    ret = kadm5_log_preamble (context, sp, kadm_nop);
-    if (ret) {
-	krb5_storage_free (sp);
-	return ret;
-    }
-    krb5_store_int32 (sp, 0);
-    krb5_store_int32 (sp, 0);
-    ret = kadm5_log_postamble (log_context, sp);
-    if (ret) {
-	krb5_storage_free (sp);
-	return ret;
-    }
-    ret = kadm5_log_flush (log_context, sp);
-    krb5_storage_free (sp);
-
-    return ret;
-}
-
-/*
- * Read a `nop' log operation from `sp' and apply it.
- */
-
-static kadm5_ret_t
-kadm5_log_replay_nop (kadm5_server_context *context,
-		      uint32_t ver,
-		      uint32_t len,
-		      krb5_storage *sp)
-{
-    return 0;
-}
-
-/*
- * Call `func' for each log record in the log in `context'
- */
-
-kadm5_ret_t
-kadm5_log_foreach (kadm5_server_context *context,
-		   void (*func)(kadm5_server_context *server_context,
-				uint32_t ver,
-				time_t timestamp,
-				enum kadm_ops op,
-				uint32_t len,
-				krb5_storage *,
-				void *),
-		   void *ctx)
-{
-    int fd = context->log_context.log_fd;
-    krb5_storage *sp;
-
-    lseek (fd, 0, SEEK_SET);
-    sp = krb5_storage_from_fd (fd);
-    for (;;) {
-	int32_t ver, timestamp, op, len, len2, ver2;
-
-	if(krb5_ret_int32 (sp, &ver) != 0)
-	    break;
-	krb5_ret_int32 (sp, &timestamp);
-	krb5_ret_int32 (sp, &op);
-	krb5_ret_int32 (sp, &len);
-	(*func)(context, ver, timestamp, op, len, sp, ctx);
-	krb5_ret_int32 (sp, &len2);
-	krb5_ret_int32 (sp, &ver2);
-	if (len != len2)
-	    abort();
-	if (ver != ver2)
-	    abort();
-    }
-    krb5_storage_free(sp);
-    return 0;
-}
-
-/*
- * Go to end of log.
- */
-
-krb5_storage *
-kadm5_log_goto_end (int fd)
-{
-    krb5_storage *sp;
-
-    sp = krb5_storage_from_fd (fd);
-    krb5_storage_seek(sp, 0, SEEK_END);
-    return sp;
-}
-
-/*
- * Return previous log entry.
- * 
- * The pointer in `sp� is assumed to be at the top of the entry before
- * previous entry. On success, the `sp� pointer is set to data portion
- * of previous entry. In case of error, it's not changed at all.
- */
-
-kadm5_ret_t
-kadm5_log_previous (krb5_context context,
-		    krb5_storage *sp,
-		    uint32_t *ver,
-		    time_t *timestamp,
-		    enum kadm_ops *op,
-		    uint32_t *len)
-{
-    krb5_error_code ret;
-    off_t off, oldoff;
-    int32_t tmp;
-
-    oldoff = krb5_storage_seek(sp, 0, SEEK_CUR);
-
-    krb5_storage_seek(sp, -8, SEEK_CUR);
-    ret = krb5_ret_int32 (sp, &tmp);
-    if (ret)
-	goto end_of_storage;
-    *len = tmp;
-    ret = krb5_ret_int32 (sp, &tmp);
-    *ver = tmp;
-    off = 24 + *len;
-    krb5_storage_seek(sp, -off, SEEK_CUR);
-    ret = krb5_ret_int32 (sp, &tmp);
-    if (ret)
-	goto end_of_storage;
-    if (tmp != *ver) {
-	krb5_storage_seek(sp, oldoff, SEEK_SET);
-	krb5_set_error_string(context, "kadm5_log_previous: log entry "
-			      "have consistency failure, version number wrong");
-	return KADM5_BAD_DB;
-    }
-    ret = krb5_ret_int32 (sp, &tmp);
-    if (ret)
-	goto end_of_storage;
-    *timestamp = tmp;
-    ret = krb5_ret_int32 (sp, &tmp);
-    *op = tmp;
-    ret = krb5_ret_int32 (sp, &tmp);
-    if (ret)
-	goto end_of_storage;
-    if (tmp != *len) {
-	krb5_storage_seek(sp, oldoff, SEEK_SET);
-	krb5_set_error_string(context, "kadm5_log_previous: log entry "
-			      "have consistency failure, length wrong");
-	return KADM5_BAD_DB;
-    }
-    return 0;
-
- end_of_storage:
-    krb5_storage_seek(sp, oldoff, SEEK_SET);
-    krb5_set_error_string(context, "kadm5_log_previous: end of storage "
-			  "reached before end");
-    return ret;
-}
-
-/*
- * Replay a record from the log
- */
-
-kadm5_ret_t
-kadm5_log_replay (kadm5_server_context *context,
-		  enum kadm_ops op,
-		  uint32_t ver,
-		  uint32_t len,
-		  krb5_storage *sp)
-{
-    switch (op) {
-    case kadm_create :
-	return kadm5_log_replay_create (context, ver, len, sp);
-    case kadm_delete :
-	return kadm5_log_replay_delete (context, ver, len, sp);
-    case kadm_rename :
-	return kadm5_log_replay_rename (context, ver, len, sp);
-    case kadm_modify :
-	return kadm5_log_replay_modify (context, ver, len, sp);
-    case kadm_nop :
-	return kadm5_log_replay_nop (context, ver, len, sp);
-    default :
-	krb5_set_error_string(context->context, 
-			      "Unsupported replay op %d", (int)op);
-	return KADM5_FAILURE;
-    }
-}
-
-/*
- * truncate the log - i.e. create an empty file with just (nop vno + 2)
- */
-
-kadm5_ret_t
-kadm5_log_truncate (kadm5_server_context *server_context)
-{
-    kadm5_ret_t ret;
-    uint32_t vno;
-
-    ret = kadm5_log_init (server_context);
-    if (ret)
-	return ret;
-
-    ret = kadm5_log_get_version (server_context, &vno);
-    if (ret)
-	return ret;
-
-    ret = kadm5_log_reinit (server_context);
-    if (ret)
-	return ret;
-
-    ret = kadm5_log_set_version (server_context, vno);
-    if (ret)
-	return ret;
-
-    ret = kadm5_log_nop (server_context);
-    if (ret)
-	return ret;
-
-    ret = kadm5_log_end (server_context);
-    if (ret)
-	return ret;
-    return 0;
-
-}
-
-static char *default_signal = NULL;
-static HEIMDAL_MUTEX signal_mutex = HEIMDAL_MUTEX_INITIALIZER;
-
-const char *
-kadm5_log_signal_socket(krb5_context context)
-{
-    HEIMDAL_MUTEX_lock(&signal_mutex);
-    if (!default_signal)
-	asprintf(&default_signal, "%s/signal", hdb_db_dir(context));
-    HEIMDAL_MUTEX_unlock(&signal_mutex);
-
-    return krb5_config_get_string_default(context,
-					  NULL,
-					  default_signal,
-					  "kdc",
-					  "signal_socket",
-					  NULL);
-}
diff --git a/crypto/heimdal/lib/kadm5/marshall.c b/crypto/heimdal/lib/kadm5/marshall.c
deleted file mode 100644
index 05ca33ffaa0d..000000000000
--- a/crypto/heimdal/lib/kadm5/marshall.c
+++ /dev/null
@@ -1,336 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: marshall.c 21745 2007-07-31 16:11:25Z lha $");
-
-kadm5_ret_t
-kadm5_store_key_data(krb5_storage *sp,
-		     krb5_key_data *key)
-{
-    krb5_data c;
-    krb5_store_int32(sp, key->key_data_ver);
-    krb5_store_int32(sp, key->key_data_kvno);
-    krb5_store_int32(sp, key->key_data_type[0]);
-    c.length = key->key_data_length[0];
-    c.data = key->key_data_contents[0];
-    krb5_store_data(sp, c);
-    krb5_store_int32(sp, key->key_data_type[1]);
-    c.length = key->key_data_length[1];
-    c.data = key->key_data_contents[1];
-    krb5_store_data(sp, c);
-    return 0;
-}
-
-kadm5_ret_t
-kadm5_ret_key_data(krb5_storage *sp,
-		   krb5_key_data *key)
-{
-    krb5_data c;
-    int32_t tmp;
-    krb5_ret_int32(sp, &tmp);
-    key->key_data_ver = tmp;
-    krb5_ret_int32(sp, &tmp);
-    key->key_data_kvno = tmp;
-    krb5_ret_int32(sp, &tmp);
-    key->key_data_type[0] = tmp;
-    krb5_ret_data(sp, &c);
-    key->key_data_length[0] = c.length;
-    key->key_data_contents[0] = c.data;
-    krb5_ret_int32(sp, &tmp);
-    key->key_data_type[1] = tmp;
-    krb5_ret_data(sp, &c);
-    key->key_data_length[1] = c.length;
-    key->key_data_contents[1] = c.data;
-    return 0;
-}
-
-kadm5_ret_t
-kadm5_store_tl_data(krb5_storage *sp,
-		    krb5_tl_data *tl)
-{
-    krb5_data c;
-    krb5_store_int32(sp, tl->tl_data_type);
-    c.length = tl->tl_data_length;
-    c.data = tl->tl_data_contents;
-    krb5_store_data(sp, c);
-    return 0;
-}
-
-kadm5_ret_t
-kadm5_ret_tl_data(krb5_storage *sp,
-		  krb5_tl_data *tl)
-{
-    krb5_data c;
-    int32_t tmp;
-    krb5_ret_int32(sp, &tmp);
-    tl->tl_data_type = tmp;
-    krb5_ret_data(sp, &c);
-    tl->tl_data_length = c.length;
-    tl->tl_data_contents = c.data;
-    return 0;
-}
-
-static kadm5_ret_t
-store_principal_ent(krb5_storage *sp,
-		    kadm5_principal_ent_t princ,
-		    uint32_t mask)
-{
-    int i;
-
-    if (mask & KADM5_PRINCIPAL)
-	krb5_store_principal(sp, princ->principal);
-    if (mask & KADM5_PRINC_EXPIRE_TIME)
-	krb5_store_int32(sp, princ->princ_expire_time);
-    if (mask & KADM5_PW_EXPIRATION)
-	krb5_store_int32(sp, princ->pw_expiration);
-    if (mask & KADM5_LAST_PWD_CHANGE)
-	krb5_store_int32(sp, princ->last_pwd_change);
-    if (mask & KADM5_MAX_LIFE)
-	krb5_store_int32(sp, princ->max_life);
-    if (mask & KADM5_MOD_NAME) {
-	krb5_store_int32(sp, princ->mod_name != NULL);
-	if(princ->mod_name)
-	    krb5_store_principal(sp, princ->mod_name);
-    }
-    if (mask & KADM5_MOD_TIME)
-	krb5_store_int32(sp, princ->mod_date);
-    if (mask & KADM5_ATTRIBUTES)
-	krb5_store_int32(sp, princ->attributes);
-    if (mask & KADM5_KVNO)
-	krb5_store_int32(sp, princ->kvno);
-    if (mask & KADM5_MKVNO)
-	krb5_store_int32(sp, princ->mkvno);
-    if (mask & KADM5_POLICY) {
-	krb5_store_int32(sp, princ->policy != NULL);
-	if(princ->policy)
-	    krb5_store_string(sp, princ->policy);
-    }
-    if (mask & KADM5_AUX_ATTRIBUTES)
-	krb5_store_int32(sp, princ->aux_attributes);
-    if (mask & KADM5_MAX_RLIFE)
-	krb5_store_int32(sp, princ->max_renewable_life);
-    if (mask & KADM5_LAST_SUCCESS)
-	krb5_store_int32(sp, princ->last_success);
-    if (mask & KADM5_LAST_FAILED)
-	krb5_store_int32(sp, princ->last_failed);
-    if (mask & KADM5_FAIL_AUTH_COUNT)
-	krb5_store_int32(sp, princ->fail_auth_count);
-    if (mask & KADM5_KEY_DATA) {
-	krb5_store_int32(sp, princ->n_key_data);
-	for(i = 0; i < princ->n_key_data; i++)
-	    kadm5_store_key_data(sp, &princ->key_data[i]);
-    }
-    if (mask & KADM5_TL_DATA) {
-	krb5_tl_data *tp;
-
-	krb5_store_int32(sp, princ->n_tl_data);
-	for(tp = princ->tl_data; tp; tp = tp->tl_data_next)
-	    kadm5_store_tl_data(sp, tp);
-    }
-    return 0;
-}
-
-
-kadm5_ret_t
-kadm5_store_principal_ent(krb5_storage *sp,
-			  kadm5_principal_ent_t princ)
-{
-    return store_principal_ent (sp, princ, ~0);
-}
-
-kadm5_ret_t
-kadm5_store_principal_ent_mask(krb5_storage *sp,
-			       kadm5_principal_ent_t princ,
-			       uint32_t mask)
-{
-    krb5_store_int32(sp, mask);
-    return store_principal_ent (sp, princ, mask);
-}
-
-static kadm5_ret_t
-ret_principal_ent(krb5_storage *sp,
-		  kadm5_principal_ent_t princ,
-		  uint32_t mask)
-{
-    int i;
-    int32_t tmp;
-
-    if (mask & KADM5_PRINCIPAL)
-	krb5_ret_principal(sp, &princ->principal);
-    
-    if (mask & KADM5_PRINC_EXPIRE_TIME) {
-	krb5_ret_int32(sp, &tmp);
-	princ->princ_expire_time = tmp;
-    }
-    if (mask & KADM5_PW_EXPIRATION) {
-	krb5_ret_int32(sp, &tmp);
-	princ->pw_expiration = tmp;
-    }
-    if (mask & KADM5_LAST_PWD_CHANGE) {
-	krb5_ret_int32(sp, &tmp);
-	princ->last_pwd_change = tmp;
-    }
-    if (mask & KADM5_MAX_LIFE) {
-	krb5_ret_int32(sp, &tmp);
-	princ->max_life = tmp;
-    }
-    if (mask & KADM5_MOD_NAME) {
-	krb5_ret_int32(sp, &tmp);
-	if(tmp)
-	    krb5_ret_principal(sp, &princ->mod_name);
-	else
-	    princ->mod_name = NULL;
-    }
-    if (mask & KADM5_MOD_TIME) {
-	krb5_ret_int32(sp, &tmp);
-	princ->mod_date = tmp;
-    }
-    if (mask & KADM5_ATTRIBUTES) {
-	krb5_ret_int32(sp, &tmp);
-	princ->attributes = tmp;
-    }
-    if (mask & KADM5_KVNO) {
-	krb5_ret_int32(sp, &tmp);
-	princ->kvno = tmp;
-    }
-    if (mask & KADM5_MKVNO) {
-	krb5_ret_int32(sp, &tmp);
-	princ->mkvno = tmp;
-    }
-    if (mask & KADM5_POLICY) {
-	krb5_ret_int32(sp, &tmp);
-	if(tmp)
-	    krb5_ret_string(sp, &princ->policy);
-	else
-	    princ->policy = NULL;
-    }
-    if (mask & KADM5_AUX_ATTRIBUTES) {
-	krb5_ret_int32(sp, &tmp);
-	princ->aux_attributes = tmp;
-    }
-    if (mask & KADM5_MAX_RLIFE) {
-	krb5_ret_int32(sp, &tmp);
-	princ->max_renewable_life = tmp;
-    }
-    if (mask & KADM5_LAST_SUCCESS) {
-	krb5_ret_int32(sp, &tmp);
-	princ->last_success = tmp;
-    }
-    if (mask & KADM5_LAST_FAILED) {
-	krb5_ret_int32(sp, &tmp);
-	princ->last_failed = tmp;
-    }
-    if (mask & KADM5_FAIL_AUTH_COUNT) {
-	krb5_ret_int32(sp, &tmp);
-	princ->fail_auth_count = tmp;
-    }
-    if (mask & KADM5_KEY_DATA) {
-	krb5_ret_int32(sp, &tmp);
-	princ->n_key_data = tmp;
-	princ->key_data = malloc(princ->n_key_data * sizeof(*princ->key_data));
-	if (princ->key_data == NULL)
-	    return ENOMEM;
-	for(i = 0; i < princ->n_key_data; i++)
-	    kadm5_ret_key_data(sp, &princ->key_data[i]);
-    }
-    if (mask & KADM5_TL_DATA) {
-	krb5_ret_int32(sp, &tmp);
-	princ->n_tl_data = tmp;
-	princ->tl_data = NULL;
-	for(i = 0; i < princ->n_tl_data; i++){
-	    krb5_tl_data *tp = malloc(sizeof(*tp));
-	    if (tp == NULL)
-		return ENOMEM;
-	    kadm5_ret_tl_data(sp, tp);
-	    tp->tl_data_next = princ->tl_data;
-	    princ->tl_data = tp;
-	}
-    }
-    return 0;
-}
-
-kadm5_ret_t
-kadm5_ret_principal_ent(krb5_storage *sp,
-			kadm5_principal_ent_t princ)
-{
-    return ret_principal_ent (sp, princ, ~0);
-}
-
-kadm5_ret_t
-kadm5_ret_principal_ent_mask(krb5_storage *sp,
-			     kadm5_principal_ent_t princ,
-			     uint32_t *mask)
-{
-    int32_t tmp;
-
-    krb5_ret_int32 (sp, &tmp);
-    *mask = tmp;
-    return ret_principal_ent (sp, princ, *mask);
-}
-
-kadm5_ret_t
-_kadm5_marshal_params(krb5_context context, 
-		      kadm5_config_params *params, 
-		      krb5_data *out)
-{
-    krb5_storage *sp = krb5_storage_emem();
-    
-    krb5_store_int32(sp, params->mask & (KADM5_CONFIG_REALM));
-	
-    if(params->mask & KADM5_CONFIG_REALM)
-	krb5_store_string(sp, params->realm);
-    krb5_storage_to_data(sp, out);
-    krb5_storage_free(sp);
-
-    return 0;
-}
-
-kadm5_ret_t
-_kadm5_unmarshal_params(krb5_context context,
-			krb5_data *in,
-			kadm5_config_params *params)
-{
-    krb5_storage *sp = krb5_storage_from_data(in);
-    int32_t mask;
-    
-    krb5_ret_int32(sp, &mask);
-    params->mask = mask;
-	
-    if(params->mask & KADM5_CONFIG_REALM)
-	krb5_ret_string(sp, &params->realm);
-    krb5_storage_free(sp);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/modify_c.c b/crypto/heimdal/lib/kadm5/modify_c.c
deleted file mode 100644
index ed399b3ce8de..000000000000
--- a/crypto/heimdal/lib/kadm5/modify_c.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: modify_c.c 17445 2006-05-05 10:37:46Z lha $");
-
-kadm5_ret_t
-kadm5_c_modify_principal(void *server_handle,
-			 kadm5_principal_ent_t princ, 
-			 uint32_t mask)
-{
-    kadm5_client_context *context = server_handle;
-    kadm5_ret_t ret;
-    krb5_storage *sp;
-    unsigned char buf[1024];
-    int32_t tmp;
-    krb5_data reply;
-
-    ret = _kadm5_connect(server_handle);
-    if(ret)
-	return ret;
-
-    sp = krb5_storage_from_mem(buf, sizeof(buf));
-    if (sp == NULL) {
-	krb5_clear_error_string(context->context);
-	return ENOMEM;
-    }
-    krb5_store_int32(sp, kadm_modify);
-    kadm5_store_principal_ent(sp, princ);
-    krb5_store_int32(sp, mask);
-    ret = _kadm5_client_send(context, sp);
-    krb5_storage_free(sp);
-    if(ret)
-	return ret;
-    ret = _kadm5_client_recv(context, &reply);
-    if(ret)
-	return ret;
-    sp = krb5_storage_from_data (&reply);
-    if (sp == NULL) {
-	krb5_clear_error_string(context->context);
-	krb5_data_free (&reply);
-	return ENOMEM;
-    }
-    krb5_ret_int32(sp, &tmp);
-    krb5_clear_error_string(context->context);
-    krb5_storage_free(sp);
-    krb5_data_free (&reply);
-    return tmp;
-}
-
diff --git a/crypto/heimdal/lib/kadm5/modify_s.c b/crypto/heimdal/lib/kadm5/modify_s.c
deleted file mode 100644
index 449f6195cca8..000000000000
--- a/crypto/heimdal/lib/kadm5/modify_s.c
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- * Copyright (c) 1997-2001, 2003, 2005-2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: modify_s.c 20610 2007-05-08 07:12:37Z lha $");
-
-static kadm5_ret_t
-modify_principal(void *server_handle,
-		 kadm5_principal_ent_t princ, 
-		 uint32_t mask,
-		 uint32_t forbidden_mask)
-{
-    kadm5_server_context *context = server_handle;
-    hdb_entry_ex ent;
-    kadm5_ret_t ret;
-    if((mask & forbidden_mask))
-	return KADM5_BAD_MASK;
-    if((mask & KADM5_POLICY) && strcmp(princ->policy, "default"))
-	return KADM5_UNK_POLICY;
-    
-    memset(&ent, 0, sizeof(ent));
-    ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
-    if(ret)
-	return ret;
-    ret = context->db->hdb_fetch(context->context, context->db, 
-				 princ->principal, HDB_F_GET_ANY, &ent);
-    if(ret)
-	goto out;
-    ret = _kadm5_setup_entry(context, &ent, mask, princ, mask, NULL, 0);
-    if(ret)
-	goto out2;
-    ret = _kadm5_set_modifier(context, &ent.entry);
-    if(ret)
-	goto out2;
-
-    ret = hdb_seal_keys(context->context, context->db, &ent.entry);
-    if (ret)
-	goto out2;
-
-    ret = context->db->hdb_store(context->context, context->db, 
-			     HDB_F_REPLACE, &ent);
-    if (ret)
-	goto out2;
-
-    kadm5_log_modify (context,
-		      &ent.entry,
-		      mask | KADM5_MOD_NAME | KADM5_MOD_TIME);
-
-out2:
-    hdb_free_entry(context->context, &ent);
-out:
-    context->db->hdb_close(context->context, context->db);
-    return _kadm5_error_code(ret);
-}
-
-
-kadm5_ret_t
-kadm5_s_modify_principal(void *server_handle,
-			 kadm5_principal_ent_t princ, 
-			 uint32_t mask)
-{
-    return modify_principal(server_handle, princ, mask, 
-			    KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME 
-			    | KADM5_MOD_NAME | KADM5_MKVNO 
-			    | KADM5_AUX_ATTRIBUTES | KADM5_LAST_SUCCESS
-			    | KADM5_LAST_FAILED);
-}
diff --git a/crypto/heimdal/lib/kadm5/password_quality.c b/crypto/heimdal/lib/kadm5/password_quality.c
deleted file mode 100644
index 2610ce878490..000000000000
--- a/crypto/heimdal/lib/kadm5/password_quality.c
+++ /dev/null
@@ -1,512 +0,0 @@
-/*
- * Copyright (c) 1997-2000, 2003-2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-#include "kadm5-pwcheck.h"
-
-RCSID("$Id: password_quality.c 17595 2006-05-30 21:51:55Z lha $");
-
-#ifdef HAVE_SYS_WAIT_H
-#include <sys/wait.h>
-#endif
-#ifdef HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-static int
-min_length_passwd_quality (krb5_context context,
-			   krb5_principal principal,
-			   krb5_data *pwd,
-			   const char *opaque,
-			   char *message,
-			   size_t length)
-{
-    uint32_t min_length = krb5_config_get_int_default(context, NULL, 6,
-						      "password_quality",
-						      "min_length",
-						      NULL);
-
-    if (pwd->length < min_length) {
-	strlcpy(message, "Password too short", length);
-	return 1;
-    } else
-	return 0;
-}
-
-static const char *
-min_length_passwd_quality_v0 (krb5_context context,
-			      krb5_principal principal,
-			      krb5_data *pwd)
-{
-    static char message[1024];
-    int ret;
-
-    message[0] = '\0';
-
-    ret = min_length_passwd_quality(context, principal, pwd, NULL,
-				    message, sizeof(message));
-    if (ret)
-	return message;
-    return NULL;
-}
-
-
-static int
-char_class_passwd_quality (krb5_context context,
-			   krb5_principal principal,
-			   krb5_data *pwd,
-			   const char *opaque,
-			   char *message,
-			   size_t length)
-{
-    const char *classes[] = {
-	"ABCDEFGHIJKLMNOPQRSTUVWXYZ",
-	"abcdefghijklmnopqrstuvwxyz",
-	"1234567890",
-	"!@#$%^&*()/?<>,.{[]}\\|'~`\" "
-    };
-    int i, counter = 0, req_classes;
-    size_t len;
-    char *pw;
-
-    req_classes = krb5_config_get_int_default(context, NULL, 3,
-					      "password_quality",
-					      "min_classes",
-					      NULL);
-
-    len = pwd->length + 1;
-    pw = malloc(len);
-    if (pw == NULL) {
-	strlcpy(message, "out of memory", length);
-	return 1;
-    }
-    strlcpy(pw, pwd->data, len);
-    len = strlen(pw);
-
-    for (i = 0; i < sizeof(classes)/sizeof(classes[0]); i++) {
-	if (strcspn(pw, classes[i]) < len)
-	    counter++;
-    }
-    memset(pw, 0, pwd->length + 1);
-    free(pw);
-    if (counter < req_classes) {
-	snprintf(message, length,
-	    "Password doesn't meet complexity requirement.\n"
-	    "Add more characters from the following classes:\n"
-	    "1. English uppercase characters (A through Z)\n"
-	    "2. English lowercase characters (a through z)\n"
-	    "3. Base 10 digits (0 through 9)\n"
-	    "4. Nonalphanumeric characters (e.g., !, $, #, %%)");
-	return 1;
-    }
-    return 0;
-}
-
-static int
-external_passwd_quality (krb5_context context,
-			 krb5_principal principal,
-			 krb5_data *pwd,
-			 const char *opaque,
-			 char *message,
-			 size_t length)
-{
-    krb5_error_code ret;
-    const char *program;
-    char *p;
-    pid_t child;
-    int status;
-    char reply[1024];
-    FILE *in = NULL, *out = NULL, *error = NULL;
-
-    if (memchr(pwd->data, pwd->length, '\n') != NULL) {
-	snprintf(message, length, "password contains newline, "
-		 "not valid for external test");
-	return 1;
-    }
-
-    program = krb5_config_get_string(context, NULL,
-				     "password_quality",
-				     "external_program",
-				     NULL);
-    if (program == NULL) {
-	snprintf(message, length, "external password quality "
-		 "program not configured");
-	return 1;
-    }
-
-    ret = krb5_unparse_name(context, principal, &p);
-    if (ret) {
-	strlcpy(message, "out of memory", length);
-	return 1;
-    }
-
-    child = pipe_execv(&in, &out, &error, program, p, NULL);
-    if (child < 0) {
-	snprintf(message, length, "external password quality "
-		 "program failed to execute for principal %s", p);
-	free(p);
-	return 1;
-    }
-
-    fprintf(in, "principal: %s\n"
-	    "new-password: %.*s\n"
-	    "end\n",
-	    p, (int)pwd->length, (char *)pwd->data);
-    
-    fclose(in);
-
-    if (fgets(reply, sizeof(reply), out) == NULL) {
-
-	if (fgets(reply, sizeof(reply), error) == NULL) {
-	    snprintf(message, length, "external password quality "
-		     "program failed without error");
-
-	} else {
-	    reply[strcspn(reply, "\n")] = '\0';
-	    snprintf(message, length, "External password quality "
-		     "program failed: %s", reply);
-	}
-
-	fclose(out);
-	fclose(error);
-	waitpid(child, &status, 0);
-	return 1;
-    }
-    reply[strcspn(reply, "\n")] = '\0';
-
-    fclose(out);
-    fclose(error);
-
-    if (waitpid(child, &status, 0) < 0) {
-	snprintf(message, length, "external program failed: %s", reply);
-	free(p);
-	return 1;
-    }
-    if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) {
-	snprintf(message, length, "external program failed: %s", reply);
-	free(p);
-	return 1;
-    }
-
-    if (strcmp(reply, "APPROVED") != 0) {
-	snprintf(message, length, "%s", reply);
-	free(p);
-	return 1;
-    }
-
-    free(p);
-
-    return 0;
-}
-
-
-static kadm5_passwd_quality_check_func_v0 passwd_quality_check = 
-	min_length_passwd_quality_v0;
-
-struct kadm5_pw_policy_check_func builtin_funcs[] = {
-    { "minimum-length", min_length_passwd_quality },
-    { "character-class", char_class_passwd_quality },
-    { "external-check", external_passwd_quality },
-    { NULL }
-};
-struct kadm5_pw_policy_verifier builtin_verifier = {
-    "builtin", 
-    KADM5_PASSWD_VERSION_V1, 
-    "Heimdal builtin",
-    builtin_funcs
-};
-
-static struct kadm5_pw_policy_verifier **verifiers;
-static int num_verifiers;
-
-/*
- * setup the password quality hook
- */
-
-#ifndef RTLD_NOW
-#define RTLD_NOW 0
-#endif
-
-void
-kadm5_setup_passwd_quality_check(krb5_context context,
-				 const char *check_library,
-				 const char *check_function)
-{
-#ifdef HAVE_DLOPEN
-    void *handle;
-    void *sym;
-    int *version;
-    const char *tmp;
-
-    if(check_library == NULL) {
-	tmp = krb5_config_get_string(context, NULL, 
-				     "password_quality", 
-				     "check_library", 
-				     NULL);
-	if(tmp != NULL)
-	    check_library = tmp;
-    }
-    if(check_function == NULL) {
-	tmp = krb5_config_get_string(context, NULL, 
-				     "password_quality", 
-				     "check_function", 
-				     NULL);
-	if(tmp != NULL)
-	    check_function = tmp;
-    }
-    if(check_library != NULL && check_function == NULL)
-	check_function = "passwd_check";
-
-    if(check_library == NULL)
-	return;
-    handle = dlopen(check_library, RTLD_NOW);
-    if(handle == NULL) {
-	krb5_warnx(context, "failed to open `%s'", check_library);
-	return;
-    }
-    version = dlsym(handle, "version");
-    if(version == NULL) {
-	krb5_warnx(context,
-		   "didn't find `version' symbol in `%s'", check_library);
-	dlclose(handle);
-	return;
-    }
-    if(*version != KADM5_PASSWD_VERSION_V0) {
-	krb5_warnx(context,
-		   "version of loaded library is %d (expected %d)",
-		   *version, KADM5_PASSWD_VERSION_V0);
-	dlclose(handle);
-	return;
-    }
-    sym = dlsym(handle, check_function);
-    if(sym == NULL) {
-	krb5_warnx(context, 
-		   "didn't find `%s' symbol in `%s'", 
-		   check_function, check_library);
-	dlclose(handle);
-	return;
-    }
-    passwd_quality_check = (kadm5_passwd_quality_check_func_v0) sym;
-#endif /* HAVE_DLOPEN */
-}
-
-#ifdef HAVE_DLOPEN
-
-static krb5_error_code
-add_verifier(krb5_context context, const char *check_library)
-{
-    struct kadm5_pw_policy_verifier *v, **tmp;
-    void *handle;
-    int i;
-
-    handle = dlopen(check_library, RTLD_NOW);
-    if(handle == NULL) {
-	krb5_warnx(context, "failed to open `%s'", check_library);
-	return ENOENT;
-    }
-    v = dlsym(handle, "kadm5_password_verifier");
-    if(v == NULL) {
-	krb5_warnx(context,
-		   "didn't find `kadm5_password_verifier' symbol "
-		   "in `%s'", check_library);
-	dlclose(handle);
-	return ENOENT;
-    }
-    if(v->version != KADM5_PASSWD_VERSION_V1) {
-	krb5_warnx(context,
-		   "version of loaded library is %d (expected %d)",
-		   v->version, KADM5_PASSWD_VERSION_V1);
-	dlclose(handle);
-	return EINVAL;
-    }
-    for (i = 0; i < num_verifiers; i++) {
-	if (strcmp(v->name, verifiers[i]->name) == 0)
-	    break;
-    }
-    if (i < num_verifiers) {
-	krb5_warnx(context, "password verifier library `%s' is already loaded",
-		   v->name);
-	dlclose(handle);
-	return 0;
-    }
-
-    tmp = realloc(verifiers, (num_verifiers + 1) * sizeof(*verifiers));
-    if (tmp == NULL) {
-	krb5_warnx(context, "out of memory");
-	dlclose(handle);
-	return 0;
-    }
-    verifiers = tmp;
-    verifiers[num_verifiers] = v;
-    num_verifiers++;
-
-    return 0;
-}
-
-#endif
-
-krb5_error_code
-kadm5_add_passwd_quality_verifier(krb5_context context,
-				  const char *check_library)
-{
-#ifdef HAVE_DLOPEN
-
-    if(check_library == NULL) {
-	krb5_error_code ret;
-	char **tmp;
-
-	tmp = krb5_config_get_strings(context, NULL, 
-				      "password_quality", 
-				      "policy_libraries", 
-				      NULL);
-	if(tmp == NULL)
-	    return 0;
-
-	while(tmp) {
-	    ret = add_verifier(context, *tmp);
-	    if (ret)
-		return ret;
-	    tmp++;
-	}
-    }
-    return add_verifier(context, check_library);
-#else
-    return 0;
-#endif /* HAVE_DLOPEN */
-}
-
-/*
- *
- */
-
-static const struct kadm5_pw_policy_check_func *
-find_func(krb5_context context, const char *name)
-{
-    const struct kadm5_pw_policy_check_func *f;
-    char *module = NULL;
-    const char *p, *func;
-    int i;
-
-    p = strchr(name, ':');
-    if (p) {
-	func = p + 1;
-	module = strndup(name, p - name);
-	if (module == NULL)
-	    return NULL;
-    } else
-	func = name;
-
-    /* Find module in loaded modules first */
-    for (i = 0; i < num_verifiers; i++) {
-	if (module && strcmp(module, verifiers[i]->name) != 0)
-	    continue;
-	for (f = verifiers[i]->funcs; f->name ; f++)
-	    if (strcmp(name, f->name) == 0) {
-		if (module)
-		    free(module);
-		return f;
-	    }
-    }
-    /* Lets try try the builtin modules */
-    if (module == NULL || strcmp(module, "builtin") == 0) {
-	for (f = builtin_verifier.funcs; f->name ; f++)
-	    if (strcmp(func, f->name) == 0) {
-		if (module)
-		    free(module);
-		return f;
-	    }
-    }
-    if (module)
-	free(module);
-    return NULL;
-}
-
-const char *
-kadm5_check_password_quality (krb5_context context,
-			      krb5_principal principal,
-			      krb5_data *pwd_data)
-{
-    const struct kadm5_pw_policy_check_func *proc;
-    static char error_msg[1024];
-    const char *msg;
-    char **v, **vp;
-    int ret;
-
-    /*
-     * Check if we should use the old version of policy function.
-     */
-
-    v = krb5_config_get_strings(context, NULL, 
-				"password_quality", 
-				"policies", 
-				NULL);
-    if (v == NULL) {
-	msg = (*passwd_quality_check) (context, principal, pwd_data);
-	krb5_set_error_string(context, "password policy failed: %s", msg);
-	return msg;
-    }
-
-    error_msg[0] = '\0';
-
-    msg = NULL;
-    for(vp = v; *vp; vp++) {
-	proc = find_func(context, *vp);
-	if (proc == NULL) {
-	    msg = "failed to find password verifier function";
-	    krb5_set_error_string(context, "Failed to find password policy "
-				  "function: %s", *vp);
-	    break;
-	}
-	ret = (proc->func)(context, principal, pwd_data, NULL,
-			   error_msg, sizeof(error_msg));
-	if (ret) {
-	    krb5_set_error_string(context, "Password policy "
-				  "%s failed with %s", 
-				  proc->name, error_msg);
-	    msg = error_msg;
-	    break;
-	}
-    }
-    krb5_config_free_strings(v);
-
-    /* If the default quality check isn't used, lets check that the
-     * old quality function the user have set too */
-    if (msg == NULL && passwd_quality_check != min_length_passwd_quality_v0) {
-	msg = (*passwd_quality_check) (context, principal, pwd_data);
-	if (msg)
-	    krb5_set_error_string(context, "(old) password policy "
-				  "failed with %s", msg);
-	    
-    }
-    return msg;
-}
diff --git a/crypto/heimdal/lib/kadm5/private.h b/crypto/heimdal/lib/kadm5/private.h
deleted file mode 100644
index d5e1380752a3..000000000000
--- a/crypto/heimdal/lib/kadm5/private.h
+++ /dev/null
@@ -1,144 +0,0 @@
-/*
- * Copyright (c) 1997-2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: private.h 22211 2007-12-07 19:27:27Z lha $ */
-
-#ifndef __kadm5_privatex_h__
-#define __kadm5_privatex_h__
-
-struct kadm_func {
-    kadm5_ret_t (*chpass_principal) (void *, krb5_principal, const char*);
-    kadm5_ret_t (*create_principal) (void*, kadm5_principal_ent_t, 
-				     uint32_t, const char*);
-    kadm5_ret_t (*delete_principal) (void*, krb5_principal);
-    kadm5_ret_t (*destroy) (void*);
-    kadm5_ret_t (*flush) (void*);
-    kadm5_ret_t (*get_principal) (void*, krb5_principal, 
-				  kadm5_principal_ent_t, uint32_t);
-    kadm5_ret_t (*get_principals) (void*, const char*, char***, int*);
-    kadm5_ret_t (*get_privs) (void*, uint32_t*);
-    kadm5_ret_t (*modify_principal) (void*, kadm5_principal_ent_t, uint32_t);
-    kadm5_ret_t (*randkey_principal) (void*, krb5_principal, 
-				      krb5_keyblock**, int*);
-    kadm5_ret_t (*rename_principal) (void*, krb5_principal, krb5_principal);
-    kadm5_ret_t (*chpass_principal_with_key) (void *, krb5_principal,
-					      int, krb5_key_data *);
-};
-
-/* XXX should be integrated */
-typedef struct kadm5_common_context {
-    krb5_context context;
-    krb5_boolean my_context;
-    struct kadm_func funcs;
-    void *data;
-}kadm5_common_context;
-
-typedef struct kadm5_log_peer {
-    int fd;
-    char *name;
-    krb5_auth_context ac;
-    struct kadm5_log_peer *next;
-} kadm5_log_peer;
-
-typedef struct kadm5_log_context {
-    char *log_file;
-    int log_fd;
-    uint32_t version;
-    struct sockaddr_un socket_name;
-    int socket_fd;
-} kadm5_log_context;
-
-typedef struct kadm5_server_context {
-    krb5_context context;
-    krb5_boolean my_context;
-    struct kadm_func funcs;
-    /* */
-    kadm5_config_params config;
-    HDB *db;
-    krb5_principal caller;
-    unsigned acl_flags;
-    kadm5_log_context log_context;
-} kadm5_server_context;
-
-typedef struct kadm5_client_context {
-    krb5_context context;
-    krb5_boolean my_context;
-    struct kadm_func funcs;
-    /* */
-    krb5_auth_context ac;
-    char *realm;
-    char *admin_server;
-    int kadmind_port;
-    int sock;
-    char *client_name;
-    char *service_name;
-    krb5_prompter_fct prompter;
-    const char *keytab;
-    krb5_ccache ccache;
-    kadm5_config_params *realm_params;
-}kadm5_client_context;
-
-typedef struct kadm5_ad_context {
-    krb5_context context;
-    krb5_boolean my_context;
-    struct kadm_func funcs;
-    /* */
-    kadm5_config_params config;
-    krb5_principal caller;
-    krb5_ccache ccache;
-    char *client_name;
-    char *realm;
-    void *ldap_conn;
-    char *base_dn;
-} kadm5_ad_context;
-
-enum kadm_ops {
-    kadm_get,
-    kadm_delete,
-    kadm_create,
-    kadm_rename,
-    kadm_chpass,
-    kadm_modify,
-    kadm_randkey,
-    kadm_get_privs,
-    kadm_get_princs,
-    kadm_chpass_with_key,
-    kadm_nop
-};
-
-#define KADMIN_APPL_VERSION "KADM0.1"
-#define KADMIN_OLD_APPL_VERSION "KADM0.0"
-
-#include "kadm5-private.h"
-
-#endif /* __kadm5_privatex_h__ */
diff --git a/crypto/heimdal/lib/kadm5/privs_c.c b/crypto/heimdal/lib/kadm5/privs_c.c
deleted file mode 100644
index 58e6824dc11a..000000000000
--- a/crypto/heimdal/lib/kadm5/privs_c.c
+++ /dev/null
@@ -1,82 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: privs_c.c 17512 2006-05-08 13:43:17Z lha $");
-
-kadm5_ret_t
-kadm5_c_get_privs(void *server_handle, uint32_t *privs)
-{
-    kadm5_client_context *context = server_handle;
-    kadm5_ret_t ret;
-    krb5_storage *sp;
-    unsigned char buf[1024];
-    int32_t tmp;
-    krb5_data reply;
-
-    *privs = 0;
-
-    ret = _kadm5_connect(server_handle);
-    if(ret)
-	return ret;
-
-    sp = krb5_storage_from_mem(buf, sizeof(buf));
-    if (sp == NULL) {
-	krb5_clear_error_string(context->context);
-	return ENOMEM;
-    }
-    krb5_store_int32(sp, kadm_get_privs);
-    ret = _kadm5_client_send(context, sp);
-    krb5_storage_free(sp);
-    if(ret)
-	return ret;
-    ret = _kadm5_client_recv(context, &reply);
-    if (ret)
-	return ret;
-    sp = krb5_storage_from_data(&reply);
-    if (sp == NULL) {
-	krb5_clear_error_string(context->context);
-	krb5_data_free (&reply);
-	return ENOMEM;
-    }
-    krb5_ret_int32(sp, &tmp);
-    krb5_clear_error_string(context->context);
-    ret = tmp;
-    if(ret == 0){
-	krb5_ret_uint32(sp, privs);
-    }
-    krb5_storage_free(sp);
-    krb5_data_free (&reply);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/kadm5/privs_s.c b/crypto/heimdal/lib/kadm5/privs_s.c
deleted file mode 100644
index 9c345e3c0f08..000000000000
--- a/crypto/heimdal/lib/kadm5/privs_s.c
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: privs_s.c 17445 2006-05-05 10:37:46Z lha $");
-
-kadm5_ret_t
-kadm5_s_get_privs(void *server_handle, uint32_t *privs)
-{
-    kadm5_server_context *context = server_handle;
-    *privs = context->acl_flags;
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/randkey_c.c b/crypto/heimdal/lib/kadm5/randkey_c.c
deleted file mode 100644
index 60a3f53e1131..000000000000
--- a/crypto/heimdal/lib/kadm5/randkey_c.c
+++ /dev/null
@@ -1,97 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: randkey_c.c 16662 2006-01-25 12:53:09Z lha $");
-
-kadm5_ret_t
-kadm5_c_randkey_principal(void *server_handle, 
-			  krb5_principal princ,
-			  krb5_keyblock **new_keys, 
-			  int *n_keys)
-{
-    kadm5_client_context *context = server_handle;
-    kadm5_ret_t ret;
-    krb5_storage *sp;
-    unsigned char buf[1024];
-    int32_t tmp;
-    krb5_data reply;
-
-    ret = _kadm5_connect(server_handle);
-    if(ret)
-	return ret;
-
-    sp = krb5_storage_from_mem(buf, sizeof(buf));
-    if (sp == NULL) {
-	krb5_clear_error_string(context->context);
-	return ENOMEM;
-    }
-    krb5_store_int32(sp, kadm_randkey);
-    krb5_store_principal(sp, princ);
-    ret = _kadm5_client_send(context, sp);
-    krb5_storage_free(sp);
-    if (ret)
-	return ret;
-    ret = _kadm5_client_recv(context, &reply);
-    if(ret)
-	return ret;
-    sp = krb5_storage_from_data(&reply);
-    if (sp == NULL) {
-	krb5_clear_error_string(context->context);
-	krb5_data_free (&reply);
-	return ENOMEM;
-    }
-    krb5_clear_error_string(context->context);
-    krb5_ret_int32(sp, &tmp);
-    ret = tmp;
-    if(ret == 0){
-	krb5_keyblock *k;
-	int i;
-
-	krb5_ret_int32(sp, &tmp);
-	k = malloc(tmp * sizeof(*k));
-	if (k == NULL) {
-	    ret = ENOMEM;
-	    goto out;
-	}
-	for(i = 0; i < tmp; i++)
-	    krb5_ret_keyblock(sp, &k[i]);
-	*n_keys = tmp;
-	*new_keys = k;
-    }
-out:
-    krb5_storage_free(sp);
-    krb5_data_free (&reply);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/kadm5/randkey_s.c b/crypto/heimdal/lib/kadm5/randkey_s.c
deleted file mode 100644
index cb0f0fab24bd..000000000000
--- a/crypto/heimdal/lib/kadm5/randkey_s.c
+++ /dev/null
@@ -1,107 +0,0 @@
-/*
- * Copyright (c) 1997-2001, 2003-2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: randkey_s.c 20611 2007-05-08 07:13:07Z lha $");
-
-/*
- * Set the keys of `princ' to random values, returning the random keys
- * in `new_keys', `n_keys'.
- */
-
-kadm5_ret_t
-kadm5_s_randkey_principal(void *server_handle, 
-			  krb5_principal princ,
-			  krb5_keyblock **new_keys, 
-			  int *n_keys)
-{
-    kadm5_server_context *context = server_handle;
-    hdb_entry_ex ent;
-    kadm5_ret_t ret;
-
-    memset(&ent, 0, sizeof(ent));
-    ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
-    if(ret)
-	return ret;
-    ret = context->db->hdb_fetch(context->context, context->db, princ, 
-				 HDB_F_GET_ANY, &ent);
-    if(ret)
-	goto out;
-
-    ret = _kadm5_set_keys_randomly (context,
-				    &ent.entry,
-				    new_keys,
-				    n_keys);
-    if (ret)
-	goto out2;
-    ent.entry.kvno++;
-
-    ret = _kadm5_set_modifier(context, &ent.entry);
-    if(ret)
-	goto out3;
-    ret = _kadm5_bump_pw_expire(context, &ent.entry);
-    if (ret)
-	goto out2;
-
-    ret = hdb_seal_keys(context->context, context->db, &ent.entry);
-    if (ret)
-	goto out2;
-
-    ret = context->db->hdb_store(context->context, context->db, 
-				 HDB_F_REPLACE, &ent);
-    if (ret)
-	goto out2;
-
-    kadm5_log_modify (context,
-		      &ent.entry,
-		      KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME |
-		      KADM5_KEY_DATA | KADM5_KVNO | KADM5_PW_EXPIRATION |
-		      KADM5_TL_DATA);
-
-out3:
-    if (ret) {
-	int i;
-
-	for (i = 0; i < *n_keys; ++i)
-	    krb5_free_keyblock_contents (context->context, &(*new_keys)[i]);
-	free (*new_keys);
-	*new_keys = NULL;
-	*n_keys = 0;
-    }
-out2:
-    hdb_free_entry(context->context, &ent);
-out:
-    context->db->hdb_close(context->context, context->db);
-    return _kadm5_error_code(ret);
-}
diff --git a/crypto/heimdal/lib/kadm5/rename_c.c b/crypto/heimdal/lib/kadm5/rename_c.c
deleted file mode 100644
index cec2fd3d48dd..000000000000
--- a/crypto/heimdal/lib/kadm5/rename_c.c
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: rename_c.c 8655 2000-07-11 16:00:19Z joda $");
-
-kadm5_ret_t
-kadm5_c_rename_principal(void *server_handle, 
-			 krb5_principal source,
-			 krb5_principal target)
-{
-    kadm5_client_context *context = server_handle;
-    kadm5_ret_t ret;
-    krb5_storage *sp;
-    unsigned char buf[1024];
-    int32_t tmp;
-    krb5_data reply;
-
-    ret = _kadm5_connect(server_handle);
-    if(ret)
-	return ret;
-
-    sp = krb5_storage_from_mem(buf, sizeof(buf));
-    if (sp == NULL)
-	return ENOMEM;
-    krb5_store_int32(sp, kadm_rename);
-    krb5_store_principal(sp, source);
-    krb5_store_principal(sp, target);
-    ret = _kadm5_client_send(context, sp);
-    krb5_storage_free(sp);
-    if (ret)
-	return ret;
-    ret = _kadm5_client_recv(context, &reply);
-    if(ret)
-	return ret;
-    sp = krb5_storage_from_data (&reply);
-    if (sp == NULL) {
-	krb5_data_free (&reply);
-	return ENOMEM;
-    }
-    krb5_ret_int32(sp, &tmp);
-    ret = tmp;
-    krb5_storage_free(sp);
-    krb5_data_free (&reply);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/kadm5/rename_s.c b/crypto/heimdal/lib/kadm5/rename_s.c
deleted file mode 100644
index 2a19426a8b56..000000000000
--- a/crypto/heimdal/lib/kadm5/rename_s.c
+++ /dev/null
@@ -1,110 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001, 2003, 2005 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: rename_s.c 21745 2007-07-31 16:11:25Z lha $");
-
-kadm5_ret_t
-kadm5_s_rename_principal(void *server_handle, 
-			 krb5_principal source,
-			 krb5_principal target)
-{
-    kadm5_server_context *context = server_handle;
-    kadm5_ret_t ret;
-    hdb_entry_ex ent;
-    krb5_principal oldname;
-
-    memset(&ent, 0, sizeof(ent));
-    if(krb5_principal_compare(context->context, source, target))
-	return KADM5_DUP; /* XXX is this right? */
-    ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
-    if(ret)
-	return ret;
-    ret = context->db->hdb_fetch(context->context, context->db, 
-				 source, HDB_F_GET_ANY, &ent);
-    if(ret){
-	context->db->hdb_close(context->context, context->db);
-	goto out;
-    }
-    ret = _kadm5_set_modifier(context, &ent.entry);
-    if(ret)
-	goto out2;
-    {
-	/* fix salt */
-	int i;
-	Salt salt;
-	krb5_salt salt2;
-	krb5_get_pw_salt(context->context, source, &salt2);
-	salt.type = hdb_pw_salt;
-	salt.salt = salt2.saltvalue;
-	for(i = 0; i < ent.entry.keys.len; i++){
-	    if(ent.entry.keys.val[i].salt == NULL){
-		ent.entry.keys.val[i].salt = 
-		    malloc(sizeof(*ent.entry.keys.val[i].salt));
-		if(ent.entry.keys.val[i].salt == NULL)
-		    return ENOMEM;
-		ret = copy_Salt(&salt, ent.entry.keys.val[i].salt);
-		if(ret)
-		    break;
-	    }
-	}
-	krb5_free_salt(context->context, salt2);
-    }
-    if(ret)
-	goto out2;
-    oldname = ent.entry.principal;
-    ent.entry.principal = target;
-
-    ret = hdb_seal_keys(context->context, context->db, &ent.entry);
-    if (ret) {
-	ent.entry.principal = oldname;
-	goto out2;
-    }
-
-    kadm5_log_rename (context, source, &ent.entry);
-
-    ret = context->db->hdb_store(context->context, context->db, 0, &ent);
-    if(ret){
-	ent.entry.principal = oldname;
-	goto out2;
-    }
-    ret = context->db->hdb_remove(context->context, context->db, oldname);
-    ent.entry.principal = oldname;
-out2:
-    context->db->hdb_close(context->context, context->db);
-    hdb_free_entry(context->context, &ent);
-out:
-    return _kadm5_error_code(ret);
-}
-
diff --git a/crypto/heimdal/lib/kadm5/replay_log.c b/crypto/heimdal/lib/kadm5/replay_log.c
deleted file mode 100644
index 1b2d71635f49..000000000000
--- a/crypto/heimdal/lib/kadm5/replay_log.c
+++ /dev/null
@@ -1,129 +0,0 @@
-/*
- * Copyright (c) 1997-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "iprop.h"
-
-RCSID("$Id: replay_log.c,v 1.9 2002/05/24 15:19:22 joda Exp $");
-
-int start_version = -1;
-int end_version = -1;
-
-static void
-apply_entry(kadm5_server_context *server_context,
-	    u_int32_t ver,
-	    time_t timestamp,
-	    enum kadm_ops op,
-	    u_int32_t len,
-	    krb5_storage *sp)
-{
-    krb5_error_code ret;
-
-    if((start_version != -1 && ver < start_version) ||
-       (end_version != -1 && ver > end_version)) {
-	/* XXX skip this entry */
-	krb5_storage_seek(sp, len, SEEK_CUR);
-	return;
-    }
-    printf ("ver %u... ", ver);
-    fflush (stdout);
-
-    ret = kadm5_log_replay (server_context,
-			    op, ver, len, sp);
-    if (ret)
-	krb5_warn (server_context->context, ret, "kadm5_log_replay");
-
-    
-    printf ("done\n");
-}
-
-int version_flag;
-int help_flag;
-struct getargs args[] = {
-    { "start-version", 0, arg_integer, &start_version, "start replay with this version" },
-    { "end-version", 0, arg_integer, &end_version, "end replay with this version" },
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 0, arg_flag, &help_flag }
-};
-int num_args = sizeof(args) / sizeof(args[0]);
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    void *kadm_handle;
-    kadm5_config_params conf;
-    kadm5_server_context *server_context;
-
-    krb5_program_setup(&context, argc, argv, args, num_args, NULL);
-    
-    if(help_flag)
-	krb5_std_usage(0, args, num_args);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    memset(&conf, 0, sizeof(conf));
-    ret = kadm5_init_with_password_ctx (context,
-					KADM5_ADMIN_SERVICE,
-					NULL,
-					KADM5_ADMIN_SERVICE,
-					&conf, 0, 0, 
-					&kadm_handle);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_init_with_password_ctx");
-
-    server_context = (kadm5_server_context *)kadm_handle;
-
-    ret = server_context->db->open(context,
-				   server_context->db,
-				   O_RDWR | O_CREAT, 0);
-    if (ret)
-	krb5_err (context, 1, ret, "db->open");
-
-    ret = kadm5_log_init (server_context);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_log_init");
-
-    ret = kadm5_log_foreach (server_context, apply_entry);
-    if(ret)
-	krb5_warn(context, ret, "kadm5_log_foreach");
-    ret = kadm5_log_end (server_context);
-    if (ret)
-	krb5_warn(context, ret, "kadm5_log_end");
-    ret = server_context->db->close (context, server_context->db);
-    if (ret)
-	krb5_err (context, 1, ret, "db->close");
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/sample_passwd_check.c b/crypto/heimdal/lib/kadm5/sample_passwd_check.c
deleted file mode 100644
index 1a21c1099f80..000000000000
--- a/crypto/heimdal/lib/kadm5/sample_passwd_check.c
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-/* $Id: sample_passwd_check.c 21901 2007-08-10 06:05:35Z lha $ */
-
-#include <string.h>
-#include <stdlib.h>
-#include <krb5.h>
-
-const char* check_length(krb5_context, krb5_principal, krb5_data *);
-
-/* specify the api-version this library conforms to */
-
-int version = 0;
-
-/* just check the length of the password, this is what the default
-   check does, but this lets you specify the minimum length in
-   krb5.conf */
-const char*
-check_length(krb5_context context,
-             krb5_principal prinipal,
-             krb5_data *password)
-{
-    int min_length = krb5_config_get_int_default(context, NULL, 6,
-						 "password_quality",
-						 "min_length",
-						 NULL);
-    if(password->length < min_length)
-	return "Password too short";
-    return NULL;
-}
-
-#ifdef DICTPATH
-
-/* use cracklib to check password quality; this requires a patch for
-   cracklib that can be found at
-   ftp://ftp.pdc.kth.se/pub/krb/src/cracklib.patch */
-
-const char*
-check_cracklib(krb5_context context,
-	       krb5_principal principal,
-	       krb5_data *password)
-{
-    char *s = malloc(password->length + 1);
-    char *msg;
-    char *strings[2];
-    if(s == NULL)
-	return NULL; /* XXX */
-    strings[0] = principal->name.name_string.val[0]; /* XXX */
-    strings[1] = NULL;
-    memcpy(s, password->data, password->length);
-    s[password->length] = '\0';
-    msg = FascistCheck(s, DICTPATH, strings);
-    memset(s, 0, password->length);
-    free(s);
-    return msg;
-}
-#endif
diff --git a/crypto/heimdal/lib/kadm5/send_recv.c b/crypto/heimdal/lib/kadm5/send_recv.c
deleted file mode 100644
index b64bbfec6348..000000000000
--- a/crypto/heimdal/lib/kadm5/send_recv.c
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
- * Copyright (c) 1997-2003, 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: send_recv.c 17311 2006-04-27 11:10:07Z lha $");
-
-kadm5_ret_t 
-_kadm5_client_send(kadm5_client_context *context, krb5_storage *sp)
-{
-    krb5_data msg, out;
-    krb5_error_code ret;
-    size_t len;
-    krb5_storage *sock;
-
-    assert(context->sock != -1);
-
-    len = krb5_storage_seek(sp, 0, SEEK_CUR);
-    ret = krb5_data_alloc(&msg, len);
-    if (ret) {
-	krb5_clear_error_string(context->context);
-	return ret;
-    }
-    krb5_storage_seek(sp, 0, SEEK_SET);
-    krb5_storage_read(sp, msg.data, msg.length);
-    
-    ret = krb5_mk_priv(context->context, context->ac, &msg, &out, NULL);
-    krb5_data_free(&msg);
-    if(ret)
-	return ret;
-    
-    sock = krb5_storage_from_fd(context->sock);
-    if(sock == NULL) {
-	krb5_clear_error_string(context->context);
-	krb5_data_free(&out);
-	return ENOMEM;
-    }
-    
-    ret = krb5_store_data(sock, out);
-    if (ret)
-	krb5_clear_error_string(context->context);
-    krb5_storage_free(sock);
-    krb5_data_free(&out);
-    return ret;
-}
-
-kadm5_ret_t
-_kadm5_client_recv(kadm5_client_context *context, krb5_data *reply)
-{
-    krb5_error_code ret;
-    krb5_data data;
-    krb5_storage *sock;
-
-    sock = krb5_storage_from_fd(context->sock);
-    if(sock == NULL) {
-	krb5_clear_error_string(context->context);
-	return ENOMEM;
-    }
-    ret = krb5_ret_data(sock, &data);
-    krb5_storage_free(sock);
-    krb5_clear_error_string(context->context);
-    if(ret == KRB5_CC_END)
-	return KADM5_RPC_ERROR;
-    else if(ret)
-	return ret;
-
-    ret = krb5_rd_priv(context->context, context->ac, &data, reply, NULL);
-    krb5_data_free(&data);
-    return ret;
-}
-
diff --git a/crypto/heimdal/lib/kadm5/server_glue.c b/crypto/heimdal/lib/kadm5/server_glue.c
deleted file mode 100644
index 2862c36613a8..000000000000
--- a/crypto/heimdal/lib/kadm5/server_glue.c
+++ /dev/null
@@ -1,150 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: server_glue.c 7464 1999-12-02 17:05:13Z joda $");
-
-kadm5_ret_t
-kadm5_init_with_password(const char *client_name,
-			 const char *password,
-			 const char *service_name,
-			 kadm5_config_params *realm_params,
-			 unsigned long struct_version,
-			 unsigned long api_version,
-			 void **server_handle)
-{
-    return kadm5_s_init_with_password(client_name,
-				      password,
-				      service_name,
-				      realm_params,
-				      struct_version,
-				      api_version,
-				      server_handle);
-}
-
-kadm5_ret_t
-kadm5_init_with_password_ctx(krb5_context context,
-			     const char *client_name,
-			     const char *password,
-			     const char *service_name,
-			     kadm5_config_params *realm_params,
-			     unsigned long struct_version,
-			     unsigned long api_version,
-			     void **server_handle)
-{
-    return kadm5_s_init_with_password_ctx(context,
-					  client_name,
-					  password,
-					  service_name,
-					  realm_params,
-					  struct_version,
-					  api_version,
-					  server_handle);
-}
-
-kadm5_ret_t
-kadm5_init_with_skey(const char *client_name,
-		     const char *keytab,
-		     const char *service_name,
-		     kadm5_config_params *realm_params,
-		     unsigned long struct_version,
-		     unsigned long api_version,
-		     void **server_handle)
-{
-    return kadm5_s_init_with_skey(client_name,
-				  keytab,
-				  service_name,
-				  realm_params,
-				  struct_version,
-				  api_version,
-				  server_handle);
-}
-
-kadm5_ret_t
-kadm5_init_with_skey_ctx(krb5_context context,
-			 const char *client_name,
-			 const char *keytab,
-			 const char *service_name,
-			 kadm5_config_params *realm_params,
-			 unsigned long struct_version,
-			 unsigned long api_version,
-			 void **server_handle)
-{
-    return kadm5_s_init_with_skey_ctx(context,
-				      client_name,
-				      keytab,
-				      service_name,
-				      realm_params,
-				      struct_version,
-				      api_version,
-				      server_handle);
-}
-
-kadm5_ret_t
-kadm5_init_with_creds(const char *client_name,
-		      krb5_ccache ccache,
-		      const char *service_name,
-		      kadm5_config_params *realm_params,
-		      unsigned long struct_version,
-		      unsigned long api_version,
-		      void **server_handle)
-{
-    return kadm5_s_init_with_creds(client_name,
-				   ccache,
-				   service_name,
-				   realm_params,
-				   struct_version,
-				   api_version,
-				   server_handle);
-}
-
-kadm5_ret_t
-kadm5_init_with_creds_ctx(krb5_context context,
-			  const char *client_name,
-			  krb5_ccache ccache,
-			  const char *service_name,
-			  kadm5_config_params *realm_params,
-			  unsigned long struct_version,
-			  unsigned long api_version,
-			  void **server_handle)
-{
-    return kadm5_s_init_with_creds_ctx(context,
-				       client_name,
-				       ccache,
-				       service_name,
-				       realm_params,
-				       struct_version,
-				       api_version,
-				       server_handle);
-}
diff --git a/crypto/heimdal/lib/kadm5/set_keys.c b/crypto/heimdal/lib/kadm5/set_keys.c
deleted file mode 100644
index ee4de3b093fa..000000000000
--- a/crypto/heimdal/lib/kadm5/set_keys.c
+++ /dev/null
@@ -1,273 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: set_keys.c 15888 2005-08-11 13:40:35Z lha $");
-
-/*
- * Set the keys of `ent' to the string-to-key of `password'
- */
-
-kadm5_ret_t
-_kadm5_set_keys(kadm5_server_context *context,
-		hdb_entry *ent, 
-		const char *password)
-{
-    Key *keys;
-    size_t num_keys;
-    kadm5_ret_t ret;
-
-    ret = hdb_generate_key_set_password(context->context,
-					ent->principal, 
-					password, &keys, &num_keys);
-    if (ret)
-	return ret;
-
-    _kadm5_free_keys (context->context, ent->keys.len, ent->keys.val);
-    ent->keys.val = keys;
-    ent->keys.len = num_keys;
-
-    hdb_entry_set_pw_change_time(context->context, ent, 0);
-
-    if (krb5_config_get_bool_default(context->context, NULL, FALSE, 
-				     "kadmin", "save-password", NULL))
-    {
-	ret = hdb_entry_set_password(context->context, context->db,
-				     ent, password);
-	if (ret)
-	    return ret;
-    }
-
-    return 0;
-}
-
-/*
- * Set the keys of `ent' to (`n_key_data', `key_data')
- */
-
-kadm5_ret_t
-_kadm5_set_keys2(kadm5_server_context *context,
-		 hdb_entry *ent, 
-		 int16_t n_key_data, 
-		 krb5_key_data *key_data)
-{
-    krb5_error_code ret;
-    int i;
-    unsigned len;
-    Key *keys;
-
-    len  = n_key_data;
-    keys = malloc (len * sizeof(*keys));
-    if (keys == NULL)
-	return ENOMEM;
-
-    _kadm5_init_keys (keys, len);
-
-    for(i = 0; i < n_key_data; i++) {
-	keys[i].mkvno = NULL;
-	keys[i].key.keytype = key_data[i].key_data_type[0];
-	ret = krb5_data_copy(&keys[i].key.keyvalue,
-			     key_data[i].key_data_contents[0],
-			     key_data[i].key_data_length[0]);
-	if(ret)
-	    goto out;
-	if(key_data[i].key_data_ver == 2) {
-	    Salt *salt;
-
-	    salt = malloc(sizeof(*salt));
-	    if(salt == NULL) {
-		ret = ENOMEM;
-		goto out;
-	    }
-	    keys[i].salt = salt;
-	    salt->type = key_data[i].key_data_type[1];
-	    krb5_data_copy(&salt->salt, 
-			   key_data[i].key_data_contents[1],
-			   key_data[i].key_data_length[1]);
-	} else
-	    keys[i].salt = NULL;
-    }
-    _kadm5_free_keys (context->context, ent->keys.len, ent->keys.val);
-    ent->keys.len = len;
-    ent->keys.val = keys;
-
-    hdb_entry_set_pw_change_time(context->context, ent, 0);
-    hdb_entry_clear_password(context->context, ent);
-
-    return 0;
- out:
-    _kadm5_free_keys (context->context, len, keys);
-    return ret;
-}
-
-/*
- * Set the keys of `ent' to `n_keys, keys'
- */
-
-kadm5_ret_t
-_kadm5_set_keys3(kadm5_server_context *context,
-		 hdb_entry *ent,
-		 int n_keys,
-		 krb5_keyblock *keyblocks)
-{
-    krb5_error_code ret;
-    int i;
-    unsigned len;
-    Key *keys;
-
-    len  = n_keys;
-    keys = malloc (len * sizeof(*keys));
-    if (keys == NULL)
-	return ENOMEM;
-
-    _kadm5_init_keys (keys, len);
-
-    for(i = 0; i < n_keys; i++) {
-	keys[i].mkvno = NULL;
-	ret = krb5_copy_keyblock_contents (context->context,
-					   &keyblocks[i],
-					   &keys[i].key);
-	if(ret)
-	    goto out;
-	keys[i].salt = NULL;
-    }
-    _kadm5_free_keys (context->context, ent->keys.len, ent->keys.val);
-    ent->keys.len = len;
-    ent->keys.val = keys;
-
-    hdb_entry_set_pw_change_time(context->context, ent, 0);
-    hdb_entry_clear_password(context->context, ent);
-
-    return 0;
- out:
-    _kadm5_free_keys (context->context, len, keys);
-    return ret;
-}
-
-/*
- *
- */
-
-static int
-is_des_key_p(int keytype)
-{
-    return keytype == ETYPE_DES_CBC_CRC ||
-    	keytype == ETYPE_DES_CBC_MD4 ||
-	keytype == ETYPE_DES_CBC_MD5;
-}
-
-
-/*
- * Set the keys of `ent' to random keys and return them in `n_keys'
- * and `new_keys'.
- */
-
-kadm5_ret_t
-_kadm5_set_keys_randomly (kadm5_server_context *context,
-			  hdb_entry *ent,
-			  krb5_keyblock **new_keys,
-			  int *n_keys)
-{
-   krb5_keyblock *kblock = NULL;
-   kadm5_ret_t ret = 0;
-   int i, des_keyblock;
-   size_t num_keys;
-   Key *keys;
-
-   ret = hdb_generate_key_set(context->context, ent->principal,
-			       &keys, &num_keys, 1);
-   if (ret)
-	return ret;
-
-   kblock = malloc(num_keys * sizeof(kblock[0]));
-   if (kblock == NULL) {
-	ret = ENOMEM;
-	_kadm5_free_keys (context->context, num_keys, keys);
-	return ret;
-   }
-   memset(kblock, 0, num_keys * sizeof(kblock[0]));
-
-   des_keyblock = -1;
-   for (i = 0; i < num_keys; i++) {
-
-	/* 
-	 * To make sure all des keys are the the same we generate only
-	 * the first one and then copy key to all other des keys.
-	 */
-
-	if (des_keyblock != -1 && is_des_key_p(keys[i].key.keytype)) {
-	    ret = krb5_copy_keyblock_contents (context->context,
-					       &kblock[des_keyblock],
-					       &kblock[i]);
-	    if (ret)
-		goto out;
-	    kblock[i].keytype = keys[i].key.keytype;
-	} else {
-	    ret = krb5_generate_random_keyblock (context->context,
-						 keys[i].key.keytype,
-						 &kblock[i]);
-	    if (ret)
-		goto out;
-
-	    if (is_des_key_p(keys[i].key.keytype))
-		des_keyblock = i;
-	}
-
-	ret = krb5_copy_keyblock_contents (context->context,
-					   &kblock[i],
-					   &keys[i].key);
-	if (ret)
-	    goto out;
-   }
-
-out:
-   if(ret) {
-	for (i = 0; i < num_keys; ++i)
-	    krb5_free_keyblock_contents (context->context, &kblock[i]);
-	free(kblock);
-	_kadm5_free_keys (context->context, num_keys, keys);
-	return ret;
-   }
-   
-   _kadm5_free_keys (context->context, ent->keys.len, ent->keys.val);
-   ent->keys.val = keys;
-   ent->keys.len = num_keys;
-   *new_keys     = kblock;
-   *n_keys       = num_keys;
-
-   hdb_entry_set_pw_change_time(context->context, ent, 0);
-   hdb_entry_clear_password(context->context, ent);
-
-   return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/set_modifier.c b/crypto/heimdal/lib/kadm5/set_modifier.c
deleted file mode 100644
index 62965191bd71..000000000000
--- a/crypto/heimdal/lib/kadm5/set_modifier.c
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: set_modifier.c 7464 1999-12-02 17:05:13Z joda $");
-
-kadm5_ret_t
-_kadm5_set_modifier(kadm5_server_context *context,
-		    hdb_entry *ent)
-{
-    kadm5_ret_t ret;
-    if(ent->modified_by == NULL){
-	ent->modified_by = malloc(sizeof(*ent->modified_by));
-	if(ent->modified_by == NULL)
-	    return ENOMEM;
-    } else
-	free_Event(ent->modified_by);
-    ent->modified_by->time = time(NULL);
-    ret = krb5_copy_principal(context->context, context->caller, 
-			      &ent->modified_by->principal);
-    return ret;
-}
-
diff --git a/crypto/heimdal/lib/kadm5/test_pw_quality.c b/crypto/heimdal/lib/kadm5/test_pw_quality.c
deleted file mode 100644
index 745e03edc4cd..000000000000
--- a/crypto/heimdal/lib/kadm5/test_pw_quality.c
+++ /dev/null
@@ -1,95 +0,0 @@
-/*
- * Copyright (c) 2003, 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-#include <getarg.h>
-
-RCSID("$Id: test_pw_quality.c 15105 2005-05-09 19:13:29Z lha $");
-
-static int version_flag;
-static int help_flag;
-static char *principal;
-static char *password;
-
-static struct getargs args[] = {
-    { "principal", 0, arg_string, &principal },
-    { "password", 0, arg_string, &password },
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 0, arg_flag, &help_flag }
-};
-int num_args = sizeof(args) / sizeof(args[0]);
-
-int
-main(int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_context context;
-    krb5_principal p;
-    const char *s;
-    krb5_data pw_data;
-
-    krb5_program_setup(&context, argc, argv, args, num_args, NULL);
-    
-    if(help_flag)
-	krb5_std_usage(0, args, num_args);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    if (principal == NULL)
-	krb5_errx(context, 1, "no principal given");
-    if (password == NULL)
-	krb5_errx(context, 1, "no password given");
-
-    ret = krb5_parse_name(context, principal, &p);
-    if (ret)
-	krb5_errx(context, 1, "krb5_parse_name: %s", principal);
-
-    pw_data.data = password;
-    pw_data.length = strlen(password);
-
-    kadm5_setup_passwd_quality_check (context, NULL, NULL);
-    ret = kadm5_add_passwd_quality_verifier(context, NULL);
-    if (ret)
-	krb5_errx(context, 1, "kadm5_add_passwd_quality_verifier");
-
-    s = kadm5_check_password_quality (context, p, &pw_data);
-    if (s)
-	krb5_errx(context, 1, "kadm5_check_password_quality:\n%s", s);
-
-    krb5_free_principal(context, p);
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/truncate_log.c b/crypto/heimdal/lib/kadm5/truncate_log.c
deleted file mode 100644
index cf4af26e7300..000000000000
--- a/crypto/heimdal/lib/kadm5/truncate_log.c
+++ /dev/null
@@ -1,89 +0,0 @@
-/*
- * Copyright (c) 2000, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "iprop.h"
-
-RCSID("$Id: truncate_log.c,v 1.1.8.1 2003/10/14 15:58:46 joda Exp $");
-
-static char *realm;
-static int version_flag;
-static int help_flag;
-
-static struct getargs args[] = {
-    { "realm", 'r', arg_string, &realm },
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 0, arg_flag, &help_flag }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    void *kadm_handle;
-    kadm5_server_context *server_context;
-    kadm5_config_params conf;
-
-    krb5_program_setup(&context, argc, argv, args, num_args, NULL);
-    
-    if(help_flag)
-	krb5_std_usage(0, args, num_args);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    memset(&conf, 0, sizeof(conf));
-    if(realm) {
-	conf.mask |= KADM5_CONFIG_REALM;
-	conf.realm = realm;
-    }
-
-    ret = kadm5_init_with_password_ctx (context,
-					KADM5_ADMIN_SERVICE,
-					NULL,
-					KADM5_ADMIN_SERVICE,
-					&conf, 0, 0, 
-					&kadm_handle);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_init_with_password_ctx");
-
-    server_context = (kadm5_server_context *)kadm_handle;
-
-    ret = kadm5_log_truncate (server_context);
-    if(ret)
-	krb5_err (context, 1, ret, "kadm5_log_truncate");
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/version-script.map b/crypto/heimdal/lib/kadm5/version-script.map
deleted file mode 100644
index 90bd6fee10b1..000000000000
--- a/crypto/heimdal/lib/kadm5/version-script.map
+++ /dev/null
@@ -1,66 +0,0 @@
-# $Id$
-
-HEIMDAL_KAMD5_SERVER_1.0 {
-	global:
-		kadm5_ad_init_with_password;
-		kadm5_ad_init_with_password_ctx;
-		kadm5_add_passwd_quality_verifier;
-		kadm5_check_password_quality;
-		kadm5_chpass_principal;
-		kadm5_chpass_principal_with_key;
-		kadm5_create_principal;
-		kadm5_delete_principal;
-		kadm5_destroy;
-		kadm5_flush;
-		kadm5_free_key_data;
-		kadm5_free_name_list;
-		kadm5_free_principal_ent;
-		kadm5_get_principal;
-		kadm5_get_principals;
-		kadm5_get_privs;
-		kadm5_init_with_creds;
-		kadm5_init_with_creds_ctx;
-		kadm5_init_with_password;
-		kadm5_init_with_password_ctx;
-		kadm5_init_with_skey;
-		kadm5_init_with_skey_ctx;
-		kadm5_modify_principal;
-		kadm5_randkey_principal;
-		kadm5_rename_principal;
-		kadm5_ret_key_data;
-		kadm5_ret_principal_ent;
-		kadm5_ret_principal_ent_mask;
-		kadm5_ret_tl_data;
-		kadm5_setup_passwd_quality_check;
-		kadm5_store_key_data;
-		kadm5_store_principal_ent;
-		kadm5_store_principal_ent_mask;
-		kadm5_store_tl_data;
-		kadm5_s_init_with_password_ctx;
-		kadm5_s_init_with_password;
-		kadm5_s_init_with_skey_ctx;
-		kadm5_s_init_with_skey;
-		kadm5_s_init_with_creds_ctx;
-		kadm5_s_init_with_creds;
-		kadm5_s_chpass_principal_cond;
-		kadm5_log_set_version;
-		kadm5_log_signal_socket;
-		kadm5_log_previous;
-		kadm5_log_goto_end;
-		kadm5_log_foreach;
-		kadm5_log_get_version_fd;
-		kadm5_log_get_version;
-		kadm5_log_replay;
-		kadm5_log_end;
-		kadm5_log_reinit;
-		kadm5_log_init;
-		kadm5_log_nop;
-		kadm5_log_truncate;
-		kadm5_log_modify;
-		_kadm5_acl_check_permission;
-		_kadm5_unmarshal_params;
-		_kadm5_s_get_db;
-		_kadm5_privs_to_string;
-	local:
-		*;
-};
diff --git a/crypto/heimdal/lib/kafs/ChangeLog b/crypto/heimdal/lib/kafs/ChangeLog
deleted file mode 100644
index 861796a930aa..000000000000
--- a/crypto/heimdal/lib/kafs/ChangeLog
+++ /dev/null
@@ -1,562 +0,0 @@
-2007-07-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: New library version.
-
-2007-05-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kafs.h: Add VIOCSETTOK2
-	
-2006-10-21  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: unbreak previous
-	
-	* Makefile.am: split dist and nodist sources
-	
-2006-10-20  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: add more files
-	
-2006-05-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kafs.3: Spelling, from Bj�rn Sandell.
-	
-2006-04-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* afssys.c: use afs_ioctlnum, From Tomas Olsson <tol@it.su.se>
-	
-2006-04-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* afssys.c: Try harder to get the pioctl to work via the /proc or
-	/dev interface, OpenAFS choose to reuse the same ioctl number,
-	while Arla didn't.  Also, try new ioctl before the the old
-	syscalls.
-
-	* afskrb5.c (afslog_uid_int): use the simpler
-	krb5_principal_get_realm function.
-	
-2005-12-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Remove dependency on config.h, breaks IRIX build,
-	could depend on libkafs_la_OBJECTS, but that is just asking for
-	trubble.
-	
-2005-10-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* afssys.c (k_hasafs_recheck): new function, allow rechecking if
-	AFS client have started now, internaly it resets the internal
-	state from k_hasafs() and retry retry the probing. The problem
-	with calling k_hasaf() is that is plays around with signals, and
-	that cases problem for some systems/applications.
-	
-2005-10-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kafs_locl.h: Maybe include <sys/sysctl.h>.
-
-	* afssys.c: Mac OS X 10.4 needs a runtime check if we are going to
-	use the syscall, there is no cpp define to use to check the
-	version.  Every after 10.0 (darwin 8.0) uses the /dev/ version of
-	the pioctl.
-	
-2005-10-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* afssys.c: Support the new MacOS X 10.4 ioctl interface that is a
-	device node. Patched from Tomas Olson <tol@it.su.se>.
-	
-2005-08-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* afskrb5.c: Default to use 2b tokens.
-
-2005-06-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* common.c: rename index to idx
-
-	* afssys.c (k_afs_cell_of_file): unconst path
-	
-2005-06-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* use struct kafs_data everywhere, don't mix with the typedef
-	kafs_data
-
-	* roken_rename.h: rename more resolve.c symbols
-	
-	* afssys.c: Don't building map_syscall_name_to_number where its
-	not used.
-
-2005-02-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: bump version to 4:1:4
-
-2005-02-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kafs.h: de-__P
-	
-2004-12-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* afskrb5.c: s/KEYTYPE_DES/ETYPE_DES_CBC_CRC/
-	
-2004-08-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* afssysdefs.h: ifdef protect AFS_SYSCALL for DragonFly since they
-	still define __FreeBSD__ (and __FreeBSD_version), but claim that
-	they will stop doing it some time...
-	
-	* afssysdefs.h: dragonflybsd uses 339 just like freebsd5
-	
-2004-06-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* afssys.c: s/arla/nnpfs/
-	
-	* afssys.c: support the linux /proc/fs/mumel/afs_ioctl afs
-	"syscall" interface
-
-2004-01-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* common.c: search paths for AFS configuration files for the
-	OpenAFS MacOS X, fix comment
-	
-	* kafs.h: search paths for AFS configuration files for the OpenAFS
-	MacOS X
-
-2003-12-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* common.c: add _PATH_ARLA_OPENBSD & c/o
-	
-	* kafs.h: add _PATH_ARLA_OPENBSD & c/o
-	
-2003-11-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* common.c: typo, Bruno Rohee <bruno@rohee.com>
-	
-2003-11-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kafs.3: spelling, partly from jmc <jmc@prioris.mini.pw.edu.pl>
-	
-2003-09-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* afskrb5.c (krb5_afslog_uid_home): be even more friendly to the
-	user and fetch context and id ourself
-	
-2003-09-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* afskrb5.c (afslog_uid_int): just belive that realm hint the user
-	passed us
-
-2003-07-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: always include v4 symbols
-	
-	* afskrb.c: provide dummy krb_ function to there is no need to
-	bump major
-
-2003-06-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* afskrb5.c (v5_convert): rename one of the two c to cred4
-	
-2003-04-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* common.c, kafs.h: drop the int argument (the error code) from
-	the logging function
-
-2003-04-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* afskrb5.c (v5_convert): better match what other functions do
-	with values from krb5.conf, like case insensitivity
-
-2003-04-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kafs.3: Change .Fd #include <header.h> to .In header.h
-	from Thomas Klausner <wiz@netbsd.org>
-
-2003-04-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: (libkafs_la_LDFLAGS): update version
-	
-	* Makefile.am (ROKEN_SRCS): drop strupr.c
-	
-	* kafs.3: document kafs_set_verbose
-	
-	* common.c (kafs_set_verbose): add function that (re)sets the
-	logging function
-	(_kafs_try_get_cred): add function that does (krb_data->get_cred) to
-	make logging easier (that is now done in this function)
-	(*): use _kafs_try_get_cred
-
-	* afskrb5.c (get_cred): handle that inst can be the empty string too
-	(v5_convert): use _kafs_foldup
-	(krb5_afslog_uid_home): set name
-	(krb5_afslog_uid_home): ditto
-
-	* afskrb.c (krb_afslog_uid_home): set name
-	(krb_afslog_uid_home): ditto
-
-	* kafs_locl.h (kafs_data): add name
-	(_kafs_foldup): internally export
-
-2003-04-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kafs.3: tell that cell-name is uppercased
-	
-	* Makefile.am: add INCLUDE_krb4 when using krb4, add INCLUDE_des
-	when using krb5, add strupr.c
-	
-	* afskrb5.c: Check the cell part of the name, not the realm part
-	when checking if 2b should be used. The reson is afs@REALM might
-	have updated their servers but not afs/cell@REALM. Add constant
-	KAFS_RXKAD_2B_KVNO.
-
-2003-04-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kafs.3: s/kerberos/Kerberos/
-	
-2003-03-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kafs.3: spelling, from <jmc@prioris.mini.pw.edu.pl>
-	
-	* kafs.3: document the kafs_settoken functions write about the
-	krb5_appdefault option for kerberos 5 afs tokens fix prototypes
-	
-2003-03-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* afskrb5.c (kafs_settoken5): change signature to include a
-	krb5_context, use v5_convert
-	(v5_convert): new function, converts a krb5_ccreds to a kafs_token in
-	three diffrent ways, not at all, local 524/2b, and using 524
-	(v5_to_kt): add code to do local 524/2b
-	(get_cred): use v5_convert
-
-
-	* kafs.h (kafs_settoken5): change signature to include a
-	krb5_context
-
-	* Makefile.am: always build the libkafs library now that the
-	kerberos 5 can stand on their own
-	
-	* kafs.3: expose the krb5 functions
-	
-	* common.c (kafs_settoken_rxkad): move all content kerberos
-	version from kafs_settoken to kafs_settoken_rxkad
-	(_kafs_fixup_viceid): move the fixup the timestamp to make client
-	happy code here.
-	(_kafs_v4_to_kt): move all the kerberos 4 dependant parts from
-	kafs_settoken here.
-	(*): adapt to kafs_token
-
-	* afskrb5.c (kafs_settoken5): new function, inserts a krb5_creds
-	into kernel
-	(v5_to_kt): new function, stores a krb5_creds in struct kafs_token
-	(get_cred): add a appdefault boolean ("libkafs", realm, "afs-use-524")
-	that can used to toggle if there should v5 token should be used
-	directly or converted via 524 first.
-
-	* afskrb.c: move kafs_settoken here, use struct kafs_token
-	
-	* kafs_locl.h: include krb5-v4compat.h if needed, define an
-	internal structure struct kafs_token that carries around for rxkad
-	data that is independant of kerberos version
-	
-2003-02-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* dlfcn.h: s/intialize/initialize, from
-	<jmc@prioris.mini.pw.edu.pl>
-
-2003-02-08  Assar Westerlund  <assar@kth.se>
-
-	* afssysdefs.h: fix FreeBSD section
-
-2003-02-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* afssysdefs.h: use syscall 208 on openbsd (all version) use
-	syscall 339 on freebsd 5.0 and later, use 210 on 4.x and earlier
-	
-2002-08-28  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kafs.3: move around sections (from NetBSD)
-
-2002-05-31  Assar Westerlund  <assar@pdc.kth.se>
-
-	* common.c: remove the trial of afs@REALM for cell != realm, it
-	tries to use the wrong key for foreign cells
-
-2002-05-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: version number
-
-2002-04-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* common.c (find_cells): make file parameter const
-
-2001-11-01  Assar Westerlund  <assar@sics.se>
-
-	* add strsep, and bump version to 3:3:3
-
-2001-10-27  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkafs_la_LDFLAGS): set version to 3:2:3
-
-2001-10-24  Assar Westerlund  <assar@sics.se>
-
-	* afskrb.c (afslog_uid_int): handle krb_get_tf_fullname that
-	cannot take NULLs
-	(such as the MIT one)
-
-2001-10-22  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (ROKEN_SRCS): add strlcpy.c
-
-2001-10-09  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (ROKEN_SRCS): add strtok_r.c
-	* roken_rename.h (dns_srv_order): rename correctly
-	(strtok_r): add renaming
-
-2001-09-10  Assar Westerlund  <assar@sics.se>
-
-	* kafs.h, common.c: look for configuration files in /etc/arla (the
-	location in debian's arla package)
-
-2001-08-26  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: handle both krb5 and krb4 cases
-
-2001-07-19  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkafs_la_LDFLAGS): set version to 3:0:3
-
-2001-07-12  Assar Westerlund  <assar@sics.se>
-
-	* common.c: look in /etc/openafs for debian openafs
-	* kafs.h: add paths for openafs debian (/etc/openafs)
-
-	* Makefile.am: add required library dependencies
-
-2001-07-03  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkafs_la_LDFLAGS): set versoin to 2:4:2
-
-2001-06-19  Assar Westerlund  <assar@sics.se>
-
-	* common.c (_kafs_realm_of_cell): changed to first try exact match
-	in CellServDB, then exact match in DNS, and finally in-exact match
-	in CellServDB
-
-2001-05-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: only build resolve.c if doing renaming
-
-2001-02-12  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am, roken_rename.h: add rename of dns functions
-
-2000-12-11  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkafs_la_LDFLAGS): set version to 2:3:2
-
-2000-11-17  Assar Westerlund  <assar@sics.se>
-
-	* afssysdefs.h: solaris 8 apperently uses 65
-
-2000-09-19  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkafs_la_LDFLAGS): bump version to 2:2:2
-
-2000-09-12  Johan Danielsson  <joda@pdc.kth.se>
-
-	* dlfcn.c: correct arguments to some snprintf:s
-
-2000-07-25  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: bump version to 2:1:2
-
-2000-04-03  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 2:0:2
-
-2000-03-20  Assar Westerlund  <assar@sics.se>
-
-	* afssysdefs.h: make versions later than 5.7 of solaris also use
-	73
-
-2000-03-16  Assar Westerlund  <assar@sics.se>
-
-	* afskrb.c (afslog_uid_int): use krb_get_tf_fullname instead of
-	krb_get_default_principal
-
-2000-03-15  Assar Westerlund  <assar@sics.se>
-
-	* afssys.c (map_syscall_name_to_number): ignore # at
-	beginning-of-line
-
-2000-03-13  Assar Westerlund  <assar@sics.se>
-
-	* afssysdefs.h: add 230 for MacOS X per information from
-	<warner.c@apple.com>
-
-1999-12-06  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 1:2:1
-
-1999-11-22  Assar Westerlund  <assar@sics.se>
-
-	* afskrb5.c (afslog_uid_int): handle d->realm == NULL
-	
-1999-11-17  Assar Westerlund  <assar@sics.se>
-
-	* afskrb5.c (afslog_uid_int): don't look at the local realm at
- 	all.  just use the realm from the ticket file.
-
-1999-10-20  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 1:1:1
-
-	* afskrb5.c (get_cred): always request a DES key
-
-Mon Oct 18 17:40:21 1999  Bjoern Groenvall  <bg@mummel.sics.se>
-
-	* common.c (find_cells): Trim trailing whitespace from
- 	cellname. Lines starting with # are regarded as comments.
-
-Fri Oct  8 18:17:22 1999  Bjoern Groenvall  <bg@mummel.sics.se>
-
-	* afskrb.c, common.c : Change code to make a clear distinction
- 	between hinted realm and ticket realm.
-
-	* kafs_locl.h: Added argument realm_hint.
-
-	* common.c (_kafs_get_cred): Change code to acquire the ``best''
- 	possible ticket. Use cross-cell authentication only as method of
- 	last resort.
-
-	* afskrb.c (afslog_uid_int): Add realm_hint argument and extract
- 	realm from ticket file.
-
-	* afskrb5.c (afslog_uid_int): Added argument realm_hint.
-
-1999-10-03  Assar Westerlund  <assar@sics.se>
-
-	* afskrb5.c (get_cred): update to new krb524_convert_creds_kdc
-
-1999-08-12  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: ignore the comlicated aix construct if !krb4
-
-1999-07-26  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 1:0:1
-
-1999-07-22  Assar Westerlund  <assar@sics.se>
-
-	* afssysdefs.h: define AFS_SYSCALL to 73 for Solaris 2.7
-
-1999-07-07  Assar Westerlund  <assar@sics.se>
-
-	* afskrb5.c (krb5_realm_of_cell): new function
-
-	* afskrb.c (krb_realm_of_cell): new function
-	(afslog_uid_int): call krb_get_lrealm correctly
-
-1999-06-15  Assar Westerlund  <assar@sics.se>
-
-	* common.c (realm_of_cell): rename to _kafs_realm_of_cell and
- 	un-staticize
-
-Fri Mar 19 14:52:29 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: add version-info
-
-Thu Mar 18 11:24:02 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: include Makefile.am.common
-
-Sat Feb 27 19:46:21 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: remove EXTRA_DATA (as of autoconf 2.13/automake
- 	1.4)
-
-Thu Feb 11 22:57:37 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: set AIX_SRC also if !AIX
-
-Tue Dec  1 14:45:15 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: fix AIX linkage
-
-Sun Nov 22 10:40:44 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (WFLAGS): set
-
-Sat Nov 21 16:55:19 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* afskrb5.c: add homedir support
-
-Sun Sep  6 20:16:27 1998  Assar Westerlund  <assar@sics.se>
-
-	* add new functionality for specifying the homedir to krb_afslog
- 	et al
-
-Thu Jul 16 01:27:19 1998  Assar Westerlund  <assar@sics.se>
-
-	* afssys.c: reorganize order of definitions.
-	(try_one, try_two): conditionalize
-
-Thu Jul  9 18:31:52 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* common.c (realm_of_cell): make the dns fallback work
-
-Wed Jul  8 01:39:44 1998  Assar Westerlund  <assar@sics.se>
-
-	* afssys.c (map_syscall_name_to_number): new function for finding
- 	the number of a syscall given the name on solaris
-	(k_hasafs): try using map_syscall_name_to_number
-
-Tue Jun 30 17:19:00 1998  Assar Westerlund  <assar@sics.se>
-
-	* afssys.c: rewrite and add support for environment variable
- 	AFS_SYSCALL
-
-	* Makefile.in (distclean): don't remove roken_rename.h
-
-Fri May 29 19:03:20 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (roken_rename.h): remove dependency
-
-Mon May 25 05:25:54 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (clean): try to remove shared library debris
-
-Sun Apr 19 09:58:40 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in: add symlink magic for linux
-
-Sat Apr  4 15:08:48 1998  Assar Westerlund  <assar@sics.se>
-
-	* kafs.h: add arla paths
-
-	* common.c (_kafs_afslog_all_local_cells): Try _PATH_ARLA_*
-	(_realm_of_cell): Try _PATH_ARLA_CELLSERVDB
-
-Thu Feb 19 14:50:22 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* common.c: Don't store expired tokens (this broke when using
- 	pag-less rsh-sessions, and `non-standard' ticket files).
-
-Thu Feb 12 11:20:15 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* Makefile.in: Install/uninstall one library at a time.
-
-Thu Feb 12 05:38:58 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (install): one library at a time.
-
-Mon Feb  9 23:40:32 1998  Assar Westerlund  <assar@sics.se>
-
-	* common.c (find_cells): ignore empty lines
-
-Tue Jan  6 04:25:58 1998  Assar Westerlund  <assar@sics.se>
-
-	* afssysdefs.h (AFS_SYSCALL): add FreeBSD
-
-Fri Jan  2 17:08:24 1998  Assar Westerlund  <assar@sics.se>
-
-	* kafs.h: new VICEIOCTL's.  From <rb@stacken.kth.se>
-
-	* afssysdefs.h: Add OpenBSD
diff --git a/crypto/heimdal/lib/kafs/Makefile.am b/crypto/heimdal/lib/kafs/Makefile.am
deleted file mode 100644
index 15282f0fd69a..000000000000
--- a/crypto/heimdal/lib/kafs/Makefile.am
+++ /dev/null
@@ -1,107 +0,0 @@
-# $Id: Makefile.am 21446 2007-07-10 12:45:36Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-AM_CPPFLAGS += $(AFS_EXTRA_DEFS) $(ROKEN_RENAME)
-
-if KRB4
-DEPLIB_krb4 = $(LIB_krb4) $(LIB_hcrypto)
-krb4_am_workaround = $(INCLUDE_krb4)
-else
-DEPLIB_krb4  =
-krb4_am_workaround = 
-endif # KRB4
-AM_CPPFLAGS += $(krb4_am_workaround)
-
-if KRB5
-DEPLIB_krb5 = ../krb5/libkrb5.la 
-krb5_am_workaround = $(INCLUDE_hcrypto) -I$(top_srcdir)/lib/krb5
-else
-DEPLIB_krb5  =
-krb5_am_workaround = 
-endif # KRB5
-AM_CPPFLAGS += $(krb5_am_workaround)
-
-
-if AIX
-AFSL_EXP = $(srcdir)/afsl.exp
-
-if AIX4
-AFS_EXTRA_LD = -bnoentry
-else
-AFS_EXTRA_LD = -e _nostart
-endif
-
-if AIX_DYNAMIC_AFS
-if HAVE_DLOPEN
-AIX_SRC = 
-else
-AIX_SRC = dlfcn.c
-endif
-AFS_EXTRA_LIBS = afslib.so
-AFS_EXTRA_DEFS =
-else
-AIX_SRC = afslib.c
-AFS_EXTRA_LIBS = 
-AFS_EXTRA_DEFS = -DSTATIC_AFS
-endif
-
-else
-AFSL_EXP =
-AIX_SRC =
-endif # AIX
-
-libkafs_la_LIBADD = $(DEPLIB_krb5) $(LIBADD_roken) $(DEPLIB_krb4)
-
-lib_LTLIBRARIES = libkafs.la
-libkafs_la_LDFLAGS = -version-info 5:1:5
-foodir = $(libdir)
-foo_DATA = $(AFS_EXTRA_LIBS)
-# EXTRA_DATA = afslib.so
-
-CLEANFILES= $(AFS_EXTRA_LIBS) $(ROKEN_SRCS)
-
-include_HEADERS = kafs.h
-
-if KRB5
-afskrb5_c = afskrb5.c
-endif
-
-if do_roken_rename
-ROKEN_SRCS = resolve.c strtok_r.c strlcpy.c strsep.c
-endif
-
-dist_libkafs_la_SOURCES =			\
-	afssys.c				\
-	afskrb.c				\
-	$(afskrb5_c)				\
-	common.c				\
-	$(AIX_SRC)				\
-	kafs_locl.h				\
-	afssysdefs.h				\
-	roken_rename.h
-
-nodist_libkafs_la_SOURCES = $(ROKEN_SRCS)
-
-EXTRA_libkafs_la_SOURCES = afskrb.c afskrb5.c dlfcn.c afslib.c dlfcn.h
-
-EXTRA_DIST = README.dlfcn afsl.exp afslib.exp $(man_MANS)
-
-man_MANS = kafs.3
-
-# AIX: this almost works with gcc, but somehow it fails to use the
-# correct ld, use ld instead
-afslib.so: afslib.o
-	ld -o $@ -bM:SRE -bI:$(srcdir)/afsl.exp -bE:$(srcdir)/afslib.exp $(AFS_EXTRA_LD) afslib.o -lc
-
-resolve.c:
-	$(LN_S) $(srcdir)/../roken/resolve.c .
-
-strtok_r.c:
-	$(LN_S) $(srcdir)/../roken/strtok_r.c .
-
-strlcpy.c:
-	$(LN_S) $(srcdir)/../roken/strlcpy.c .
-
-strsep.c:
-	$(LN_S) $(srcdir)/../roken/strsep.c .
diff --git a/crypto/heimdal/lib/kafs/Makefile.in b/crypto/heimdal/lib/kafs/Makefile.in
deleted file mode 100644
index ae9a12a60ff8..000000000000
--- a/crypto/heimdal/lib/kafs/Makefile.in
+++ /dev/null
@@ -1,956 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 21446 2007-07-10 12:45:36Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(include_HEADERS) $(srcdir)/Makefile.am \
-	$(srcdir)/Makefile.in $(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common ChangeLog
-subdir = lib/kafs
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
-    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
-    *) f=$$p;; \
-  esac;
-am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
-am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(man3dir)" \
-	"$(DESTDIR)$(foodir)" "$(DESTDIR)$(includedir)"
-libLTLIBRARIES_INSTALL = $(INSTALL)
-LTLIBRARIES = $(lib_LTLIBRARIES)
-@KRB5_TRUE@am__DEPENDENCIES_1 = ../krb5/libkrb5.la
-am__DEPENDENCIES_2 =
-@KRB4_TRUE@am__DEPENDENCIES_3 = $(am__DEPENDENCIES_2) \
-@KRB4_TRUE@	$(am__DEPENDENCIES_2)
-libkafs_la_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \
-	$(am__DEPENDENCIES_3)
-am__dist_libkafs_la_SOURCES_DIST = afssys.c afskrb.c afskrb5.c \
-	common.c afslib.c dlfcn.c kafs_locl.h afssysdefs.h \
-	roken_rename.h
-@KRB5_TRUE@am__objects_1 = afskrb5.lo
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@am__objects_2 = afslib.lo
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@am__objects_2 =  \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@	dlfcn.lo
-dist_libkafs_la_OBJECTS = afssys.lo afskrb.lo $(am__objects_1) \
-	common.lo $(am__objects_2)
-@do_roken_rename_TRUE@am__objects_3 = resolve.lo strtok_r.lo \
-@do_roken_rename_TRUE@	strlcpy.lo strsep.lo
-nodist_libkafs_la_OBJECTS = $(am__objects_3)
-libkafs_la_OBJECTS = $(dist_libkafs_la_OBJECTS) \
-	$(nodist_libkafs_la_OBJECTS)
-libkafs_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(libkafs_la_LDFLAGS) $(LDFLAGS) -o $@
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-SOURCES = $(EXTRA_libkafs_la_SOURCES) $(dist_libkafs_la_SOURCES) \
-	$(nodist_libkafs_la_SOURCES)
-DIST_SOURCES = $(EXTRA_libkafs_la_SOURCES) \
-	$(am__dist_libkafs_la_SOURCES_DIST)
-man3dir = $(mandir)/man3
-MANS = $(man_MANS)
-fooDATA_INSTALL = $(INSTALL_DATA)
-DATA = $(foo_DATA)
-includeHEADERS_INSTALL = $(INSTALL_HEADER)
-HEADERS = $(include_HEADERS)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
-	$(AFS_EXTRA_DEFS) $(ROKEN_RENAME) $(krb4_am_workaround) \
-	$(krb5_am_workaround)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-@KRB4_FALSE@DEPLIB_krb4 = 
-@KRB4_TRUE@DEPLIB_krb4 = $(LIB_krb4) $(LIB_hcrypto)
-@KRB4_FALSE@krb4_am_workaround = 
-@KRB4_TRUE@krb4_am_workaround = $(INCLUDE_krb4)
-@KRB5_FALSE@DEPLIB_krb5 = 
-@KRB5_TRUE@DEPLIB_krb5 = ../krb5/libkrb5.la 
-@KRB5_FALSE@krb5_am_workaround = 
-@KRB5_TRUE@krb5_am_workaround = $(INCLUDE_hcrypto) -I$(top_srcdir)/lib/krb5
-@AIX_FALSE@AFSL_EXP = 
-@AIX_TRUE@AFSL_EXP = $(srcdir)/afsl.exp
-@AIX4_FALSE@@AIX_TRUE@AFS_EXTRA_LD = -e _nostart
-@AIX4_TRUE@@AIX_TRUE@AFS_EXTRA_LD = -bnoentry
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@AIX_SRC = afslib.c
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@AIX_SRC = dlfcn.c
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@AIX_SRC = 
-@AIX_FALSE@AIX_SRC = 
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@AFS_EXTRA_LIBS = 
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@AFS_EXTRA_LIBS = afslib.so
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@AFS_EXTRA_DEFS = -DSTATIC_AFS
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@AFS_EXTRA_DEFS = 
-libkafs_la_LIBADD = $(DEPLIB_krb5) $(LIBADD_roken) $(DEPLIB_krb4)
-lib_LTLIBRARIES = libkafs.la
-libkafs_la_LDFLAGS = -version-info 5:1:5
-foodir = $(libdir)
-foo_DATA = $(AFS_EXTRA_LIBS)
-# EXTRA_DATA = afslib.so
-CLEANFILES = $(AFS_EXTRA_LIBS) $(ROKEN_SRCS)
-include_HEADERS = kafs.h
-@KRB5_TRUE@afskrb5_c = afskrb5.c
-@do_roken_rename_TRUE@ROKEN_SRCS = resolve.c strtok_r.c strlcpy.c strsep.c
-dist_libkafs_la_SOURCES = \
-	afssys.c				\
-	afskrb.c				\
-	$(afskrb5_c)				\
-	common.c				\
-	$(AIX_SRC)				\
-	kafs_locl.h				\
-	afssysdefs.h				\
-	roken_rename.h
-
-nodist_libkafs_la_SOURCES = $(ROKEN_SRCS)
-EXTRA_libkafs_la_SOURCES = afskrb.c afskrb5.c dlfcn.c afslib.c dlfcn.h
-EXTRA_DIST = README.dlfcn afsl.exp afslib.exp $(man_MANS)
-man_MANS = kafs.3
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps lib/kafs/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps lib/kafs/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f=$(am__strip_dir) \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  p=$(am__strip_dir) \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
-	  $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test "$$dir" != "$$p" || dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-libkafs.la: $(libkafs_la_OBJECTS) $(libkafs_la_DEPENDENCIES) 
-	$(libkafs_la_LINK) -rpath $(libdir) $(libkafs_la_OBJECTS) $(libkafs_la_LIBADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-man3: $(man3_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	test -z "$(man3dir)" || $(MKDIR_P) "$(DESTDIR)$(man3dir)"
-	@list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.3*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    3*) ;; \
-	    *) ext='3' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \
-	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst"; \
-	done
-uninstall-man3:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.3*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    3*) ;; \
-	    *) ext='3' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f '$(DESTDIR)$(man3dir)/$$inst'"; \
-	  rm -f "$(DESTDIR)$(man3dir)/$$inst"; \
-	done
-install-fooDATA: $(foo_DATA)
-	@$(NORMAL_INSTALL)
-	test -z "$(foodir)" || $(MKDIR_P) "$(DESTDIR)$(foodir)"
-	@list='$(foo_DATA)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(fooDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(foodir)/$$f'"; \
-	  $(fooDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(foodir)/$$f"; \
-	done
-
-uninstall-fooDATA:
-	@$(NORMAL_UNINSTALL)
-	@list='$(foo_DATA)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(foodir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(foodir)/$$f"; \
-	done
-install-includeHEADERS: $(include_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
-	  $(includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-uninstall-includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA) $(HEADERS) all-local
-installdirs:
-	for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(man3dir)" "$(DESTDIR)$(foodir)" "$(DESTDIR)$(includedir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
-	mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-fooDATA install-includeHEADERS install-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am: install-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man: install-man3
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-fooDATA uninstall-includeHEADERS \
-	uninstall-libLTLIBRARIES uninstall-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-uninstall-man: uninstall-man3
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
-	clean clean-generic clean-libLTLIBRARIES clean-libtool ctags \
-	dist-hook distclean distclean-compile distclean-generic \
-	distclean-libtool distclean-tags distdir dvi dvi-am html \
-	html-am info info-am install install-am install-data \
-	install-data-am install-data-hook install-dvi install-dvi-am \
-	install-exec install-exec-am install-exec-hook install-fooDATA \
-	install-html install-html-am install-includeHEADERS \
-	install-info install-info-am install-libLTLIBRARIES \
-	install-man install-man3 install-pdf install-pdf-am install-ps \
-	install-ps-am install-strip installcheck installcheck-am \
-	installdirs maintainer-clean maintainer-clean-generic \
-	mostlyclean mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \
-	uninstall-am uninstall-fooDATA uninstall-hook \
-	uninstall-includeHEADERS uninstall-libLTLIBRARIES \
-	uninstall-man uninstall-man3
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-# AIX: this almost works with gcc, but somehow it fails to use the
-# correct ld, use ld instead
-afslib.so: afslib.o
-	ld -o $@ -bM:SRE -bI:$(srcdir)/afsl.exp -bE:$(srcdir)/afslib.exp $(AFS_EXTRA_LD) afslib.o -lc
-
-resolve.c:
-	$(LN_S) $(srcdir)/../roken/resolve.c .
-
-strtok_r.c:
-	$(LN_S) $(srcdir)/../roken/strtok_r.c .
-
-strlcpy.c:
-	$(LN_S) $(srcdir)/../roken/strlcpy.c .
-
-strsep.c:
-	$(LN_S) $(srcdir)/../roken/strsep.c .
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/kafs/README.dlfcn b/crypto/heimdal/lib/kafs/README.dlfcn
deleted file mode 100644
index cee1b751939e..000000000000
--- a/crypto/heimdal/lib/kafs/README.dlfcn
+++ /dev/null
@@ -1,246 +0,0 @@
-Copyright (c) 1992,1993,1995,1996, Jens-Uwe Mager, Helios Software GmbH
-Not derived from licensed software.
-
-Permission is granted to freely use, copy, modify, and redistribute
-this software, provided that the author is not construed to be liable
-for any results of using the software, alterations are clearly marked
-as such, and this notice is not modified.
-
-libdl.a
--------
-
-This is an emulation library to emulate the SunOS/System V.4 functions
-to access the runtime linker. The functions are emulated by using the
-AIX load() function and by reading the .loader section of the loaded
-module to find the exports. The to be loaded module should be linked as
-follows (if using AIX 3):
-
-	cc -o module.so -bM:SRE -bE:module.exp -e _nostart $(OBJS)
-
-For AIX 4:
-
-	cc -o module.so -bM:SRE -bE:module.exp -bnoentry $(OBJS)
-
-If you want to reference symbols from the main part of the program in a
-loaded module, you will have to link against the export file of the
-main part:
-
-	cc -o main -bE:main.exp $(MAIN_OBJS)
-	cc -o module.so -bM:SRE -bI:main.exp -bE:module.exp -bnoentry $(OBJS)
-
-Note that you explicitely have to specify what functions are supposed
-to be accessible from your loaded modules, this is different from
-SunOS/System V.4 where any global is automatically exported. If you
-want to export all globals, the following script might be of help:
-
-#!/bin/sh
-/usr/ucb/nm -g $* | awk '$2 == "B" || $2 == "D" { print $3 }'
-
-The module export file contains the symbols to be exported. Because
-this library uses the loader section, the final module.so file can be
-stripped. C++ users should build their shared objects using the script
-makeC++SharedLib (part of the IBM C++ compiler), this will make sure
-that constructors and destructors for static and global objects will be
-called upon loading and unloading the module. GNU C++ users should use
-the -shared option to g++ to link the shared object:
-
-	g++ -o module.so -shared $(OBJS)
-
-If the shared object does have permissions for anybody, the shared
-object will be loaded into the shared library segment and it will stay
-there even if the main application terminates. If you rebuild your
-shared object after a bugfix and you want to make sure that you really
-get the newest version you will have to use the "slibclean" command
-before starting the application again to garbage collect the shared
-library segment. If the performance utilities (bosperf) are installed
-you can use the following command to see what shared objects are
-loaded:
-
-/usr/lpp/bosperf/genkld | sort | uniq
-
-For easier debugging you can avoid loading the shared object into the
-shared library segment alltogether by removing permissions for others
-from the module.so file:
-
-chmod o-rwx module.so
-
-This will ensure you get a fresh copy of the shared object for every
-dlopen() call which is loaded into the application's data segment.
-
-Usage
------
-
-void *dlopen(const char *path, int mode);
-
-This routine loads the module pointed to by path and reads its export
-table. If the path does not contain a '/' character, dlopen will search
-for the module using the LIBPATH environment variable. It returns an
-opaque handle to the module or NULL on error. The mode parameter can be
-either RTLD_LAZY (for lazy function binding) or RTLD_NOW for immediate
-function binding. The AIX implementation currently does treat RTLD_NOW
-the same as RTLD_LAZY. The flag RTLD_GLOBAL might be or'ed into the
-mode parameter to allow loaded modules to bind to global variables or
-functions in other loaded modules loaded by dlopen(). If RTLD_GLOBAL is
-not specified, only globals from the main part of the executable or
-shared libraries are used to look for undefined symbols in loaded
-modules.
-
-
-void *dlsym(void *handle, const char *symbol);
-
-This routine searches for the symbol in the module referred to by
-handle and returns its address. If the symbol could not be found, the
-function returns NULL. The return value must be casted to a proper
-function pointer before it can be used. SunOS/System V.4 allows handle
-to be a NULL pointer to refer to the module the call is made from, this
-is not implemented.
-
-int dlclose(void *handle);
-
-This routine unloads the module referred to by the handle and disposes
-of any local storage. this function returns -1 on failure. Any function
-pointers obtained through dlsym() should be considered invalid after
-closing a module.
-
-As AIX caches shared objects in the shared library segment, function
-pointers obtained through dlsym() might still work even though the
-module has been unloaded. This can introduce subtle bugs that will
-segment fault later if AIX garbage collects or immediatly on
-SunOS/System V.4 as the text segment is unmapped.
-
-char *dlerror(void);
-
-This routine can be used to retrieve a text message describing the most
-recent error that occured on on of the above routines. This function
-returns NULL if there is no error information.
-
-Initialization and termination handlers
----------------------------------------
-
-The emulation provides for an initialization and a termination
-handler.  The dlfcn.h file contains a structure declaration named
-dl_info with following members:
-
-	void (*init)(void);
-	void (*fini)(void);
-
-The init function is called upon first referencing the library. The
-fini function is called at dlclose() time or when the process exits.
-The module should declare a variable named dl_info that contains this
-structure which must be exported.  These functions correspond to the
-documented _init() and _fini() functions of SunOS 4.x, but these are
-appearently not implemented in SunOS.  When using SunOS 5.0, these
-correspond to #pragma init and #pragma fini respectively. At the same
-time any static or global C++ object's constructors or destructors will
-be called.
-
-BUGS
-----
-
-Please note that there is currently a problem with implicitely loaded
-shared C++ libaries: if you refer to a shared C++ library from a loaded
-module that is not yet used by the main program, the dlopen() emulator
-does not notice this and does not call the static constructors for the
-implicitely loaded library. This can be easily demonstrated by
-referencing the C++ standard streams from a loaded module if the main
-program is a plain C program.
-
-Jens-Uwe Mager
-
-HELIOS Software GmbH
-Lavesstr. 80
-30159 Hannover
-Germany
-
-Phone:		+49 511 36482-0
-FAX:		+49 511 36482-69
-AppleLink:	helios.de/jum
-Internet:	jum@helios.de
-
-Revison History
----------------
-
-SCCS/s.dlfcn.h:
-
-D 1.4 95/04/25 09:36:52 jum 4 3	00018/00004/00028
-MRs:
-COMMENTS:
-added RTLD_GLOBAL, include and C++ guards
-
-D 1.3 92/12/27 20:58:32 jum 3 2	00001/00001/00031
-MRs:
-COMMENTS:
-we always have prototypes on RS/6000
-
-D 1.2 92/08/16 17:45:11 jum 2 1	00009/00000/00023
-MRs:
-COMMENTS:
-added dl_info structure to implement initialize and terminate functions
-
-D 1.1 92/08/02 18:08:45 jum 1 0	00023/00000/00000
-MRs:
-COMMENTS:
-Erstellungsdatum und -uhrzeit 92/08/02 18:08:45 von jum
-
-SCCS/s.dlfcn.c:
-
-D 1.11 96/04/10 20:12:51 jum 13 12	00037/00000/00533
-MRs:
-COMMENTS:
-Integrated the changes from John W. Eaton <jwe@bevo.che.wisc.edu> to initialize
-g++ generated shared objects.
-
-D 1.10 96/02/15 17:42:44 jum 12 10	00012/00007/00521
-MRs:
-COMMENTS:
-the C++ constructor and destructor chains are now called properly for either
-xlC 2 or xlC 3 (CSet++).
-
-D 1.9 95/09/22 11:09:38 markus 10 9	00001/00008/00527
-MRs:
-COMMENTS:
-Fix version number
-
-D 1.8 95/09/22 10:14:34 markus 9 8	00008/00001/00527
-MRs:
-COMMENTS:
-Added version number for dl lib
-
-D 1.7 95/08/14 19:08:38 jum 8 6	00026/00004/00502
-MRs:
-COMMENTS:
-Integrated the fixes from Kirk Benell (kirk@rsinc.com) to allow loading of
-shared objects generated under AIX 4. Fixed bug that symbols with exactly
-8 characters would use garbage characters from the following symbol value.
-
-D 1.6 95/04/25 09:38:03 jum 6 5	00046/00006/00460
-MRs:
-COMMENTS:
-added handling of C++ static constructors and destructors, added RTLD_GLOBAL to bind against other loaded modules
-
-D 1.5 93/02/14 20:14:17 jum 5 4	00002/00000/00464
-MRs:
-COMMENTS:
-added path to dlopen error message to make clear where there error occured.
-
-D 1.4 93/01/03 19:13:56 jum 4 3	00061/00005/00403
-MRs:
-COMMENTS:
-to allow calling symbols in the main module call load with L_NOAUTODEFER and 
-do a loadbind later with the main module.
-
-D 1.3 92/12/27 20:59:55 jum 3 2	00066/00008/00342
-MRs:
-COMMENTS:
-added search by L_GETINFO if module got loaded by LIBPATH
-
-D 1.2 92/08/16 17:45:43 jum 2 1	00074/00006/00276
-MRs:
-COMMENTS:
-implemented initialize and terminate functions, added reference counting to avoid multiple loads of the same library
-
-D 1.1 92/08/02 18:08:45 jum 1 0	00282/00000/00000
-MRs:
-COMMENTS:
-Erstellungsdatum und -uhrzeit 92/08/02 18:08:45 von jum
-
diff --git a/crypto/heimdal/lib/kafs/afskrb.c b/crypto/heimdal/lib/kafs/afskrb.c
deleted file mode 100644
index f5516a8b5269..000000000000
--- a/crypto/heimdal/lib/kafs/afskrb.c
+++ /dev/null
@@ -1,217 +0,0 @@
-/*
- * Copyright (c) 1995 - 2001, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kafs_locl.h"
-
-RCSID("$Id: afskrb.c 15342 2005-06-02 07:38:22Z lha $");
-
-#ifdef KRB4
-
-struct krb_kafs_data {
-    const char *realm;
-};
-
-static int
-get_cred(struct kafs_data *data, const char *name, const char *inst, 
-	 const char *realm, uid_t uid, struct kafs_token *kt)
-{
-    CREDENTIALS c;
-    KTEXT_ST tkt;
-    int ret = krb_get_cred((char*)name, (char*)inst, (char*)realm, &c);
-    
-    if (ret) {
-	ret = krb_mk_req(&tkt, (char*)name, (char*)inst, (char*)realm, 0);
-	if (ret == KSUCCESS)
-	    ret = krb_get_cred((char*)name, (char*)inst, (char*)realm, &c);
-    }
-    if (ret == 0)
-	ret = _kafs_v4_to_kt(&c, uid, kt);
-    return ret;
-}
-
-static int
-afslog_uid_int(struct kafs_data *data,
-	       const char *cell,
-	       const char *realm_hint,
-	       uid_t uid,
-	       const char *homedir)
-{
-    int ret;
-    struct kafs_token kt;
-    char name[ANAME_SZ];
-    char inst[INST_SZ];
-    char realm[REALM_SZ];
-    
-    kt.ticket = NULL;
-
-    if (cell == 0 || cell[0] == 0)
-	return _kafs_afslog_all_local_cells (data, uid, homedir);
-
-    /* Extract realm from ticket file. */
-    ret = krb_get_tf_fullname(tkt_string(), name, inst, realm);
-    if (ret != KSUCCESS)
-	return ret;
-
-    kt.ticket = NULL;
-    ret = _kafs_get_cred(data, cell, realm_hint, realm, uid, &kt);
-    
-    if (ret == 0) {
-	ret = kafs_settoken_rxkad(cell, &kt.ct, kt.ticket, kt.ticket_len);
-	free(kt.ticket);
-    }
-    return ret;
-}
-
-static char *
-get_realm(struct kafs_data *data, const char *host)
-{
-    char *r = krb_realmofhost(host);
-    if(r != NULL)
-	return strdup(r);
-    else
-	return NULL;
-}
-
-int
-krb_afslog_uid_home(const char *cell, const char *realm_hint, uid_t uid,
-		    const char *homedir)
-{
-    struct kafs_data kd;
-
-    kd.name = "krb4";
-    kd.afslog_uid = afslog_uid_int;
-    kd.get_cred = get_cred;
-    kd.get_realm = get_realm;
-    kd.data = 0;
-    return afslog_uid_int(&kd, cell, realm_hint, uid, homedir);
-}
-
-int
-krb_afslog_uid(const char *cell, const char *realm_hint, uid_t uid)
-{
-    return krb_afslog_uid_home(cell, realm_hint, uid, NULL);
-}
-
-int
-krb_afslog(const char *cell, const char *realm_hint)
-{
-    return krb_afslog_uid(cell, realm_hint, getuid());
-}
-
-int
-krb_afslog_home(const char *cell, const char *realm_hint, const char *homedir)
-{
-    return krb_afslog_uid_home(cell, realm_hint, getuid(), homedir);
-}
-
-/*
- *
- */
-
-int
-krb_realm_of_cell(const char *cell, char **realm)
-{
-    struct kafs_data kd;
-
-    kd.name = "krb4";
-    kd.get_realm = get_realm;
-    return _kafs_realm_of_cell(&kd, cell, realm);
-}
-
-int
-kafs_settoken(const char *cell, uid_t uid, CREDENTIALS *c)
-{
-    struct kafs_token kt;
-    int ret;
-
-    kt.ticket = NULL;
-
-    ret = _kafs_v4_to_kt(c, uid, &kt);
-    if (ret)
-	return ret;
-
-    if (kt.ct.EndTimestamp < time(NULL)) {
-	free(kt.ticket);
-	return 0;
-    }
-
-    ret = kafs_settoken_rxkad(cell, &kt.ct, kt.ticket, kt.ticket_len);
-    free(kt.ticket);
-    return ret;
-}
-
-#else /* KRB4 */
-
-#define KAFS_KRBET_KDC_SERVICE_EXP 39525378
-
-int
-krb_afslog_uid_home(const char *cell, const char *realm_hint, uid_t uid,
-		    const char *homedir)
-{
-    return KAFS_KRBET_KDC_SERVICE_EXP;
-}
-
-int
-krb_afslog_uid(const char *cell, const char *realm_hint, uid_t uid)
-{
-    return KAFS_KRBET_KDC_SERVICE_EXP;
-}
-
-int
-krb_afslog_home(const char *cell, const char *realm_hint, const char *homedir)
-{
-    return KAFS_KRBET_KDC_SERVICE_EXP;
-}
-
-int
-krb_afslog(const char *cell, const char *realm_hint)
-{
-    return KAFS_KRBET_KDC_SERVICE_EXP;
-}
-
-int
-krb_realm_of_cell(const char *cell, char **realm)
-{
-    *realm = NULL;
-    return KAFS_KRBET_KDC_SERVICE_EXP;
-}
-
-int kafs_settoken (const char*, uid_t, struct credentials *);
-
-int
-kafs_settoken(const char *cell, uid_t uid, struct credentials *c)
-{
-    return KAFS_KRBET_KDC_SERVICE_EXP;
-}
-
-#endif /* KRB4 */
diff --git a/crypto/heimdal/lib/kafs/afskrb5.c b/crypto/heimdal/lib/kafs/afskrb5.c
deleted file mode 100644
index 2b052672ffde..000000000000
--- a/crypto/heimdal/lib/kafs/afskrb5.c
+++ /dev/null
@@ -1,338 +0,0 @@
-/*
- * Copyright (c) 1995-2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kafs_locl.h"
-
-RCSID("$Id: afskrb5.c 17032 2006-04-10 08:45:04Z lha $");
-
-struct krb5_kafs_data {
-    krb5_context context;
-    krb5_ccache id;
-    krb5_const_realm realm;
-};
-
-enum { 
-    KAFS_RXKAD_2B_KVNO = 213,
-    KAFS_RXKAD_K5_KVNO = 256
-};
-
-static int
-v5_to_kt(krb5_creds *cred, uid_t uid, struct kafs_token *kt, int local524)
-{
-    int kvno, ret;
-
-    kt->ticket = NULL;
-
-    /* check if des key */
-    if (cred->session.keyvalue.length != 8)
-	return EINVAL;
-
-    if (local524) {
-	Ticket t;
-	unsigned char *buf;
-	size_t buf_len;
-	size_t len;
-
-	kvno = KAFS_RXKAD_2B_KVNO;
-
-	ret = decode_Ticket(cred->ticket.data, cred->ticket.length, &t, &len);
-	if (ret)
-	    return ret;
-	if (t.tkt_vno != 5)
-	    return -1;
-
-	ASN1_MALLOC_ENCODE(EncryptedData, buf, buf_len, &t.enc_part,
-			   &len, ret);
-	free_Ticket(&t);
-	if (ret)
-	    return ret;
-	if(buf_len != len) {
-	    free(buf);
-	    return KRB5KRB_ERR_GENERIC;
-	}
-
-	kt->ticket = buf;
-	kt->ticket_len = buf_len;
-
-    } else {
-	kvno = KAFS_RXKAD_K5_KVNO;
-	kt->ticket = malloc(cred->ticket.length);
-	if (kt->ticket == NULL)
-	    return ENOMEM;
-	kt->ticket_len = cred->ticket.length;
-	memcpy(kt->ticket, cred->ticket.data, kt->ticket_len);
-
-	ret = 0;
-    }
-
-
-    /*
-     * Build a struct ClearToken
-     */
-
-    kt->ct.AuthHandle = kvno;
-    memcpy(kt->ct.HandShakeKey, cred->session.keyvalue.data, 8);
-    kt->ct.ViceId = uid;
-    kt->ct.BeginTimestamp = cred->times.starttime;
-    kt->ct.EndTimestamp = cred->times.endtime;
-
-    _kafs_fixup_viceid(&kt->ct, uid);
-
-    return 0;
-}
-
-static krb5_error_code
-v5_convert(krb5_context context, krb5_ccache id,
-	   krb5_creds *cred, uid_t uid, 
-	   const char *cell,
-	   struct kafs_token *kt)
-{
-    krb5_error_code ret;
-    char *c, *val;
-
-    c = strdup(cell);
-    if (c == NULL)
-	return ENOMEM;
-    _kafs_foldup(c, c);
-    krb5_appdefault_string (context, "libkafs",
-			    c,
-			    "afs-use-524", "2b", &val);
-    free(c);
-
-    if (strcasecmp(val, "local") == 0 || 
-	strcasecmp(val, "2b") == 0)
-	ret = v5_to_kt(cred, uid, kt, 1);
-    else if(strcasecmp(val, "yes") == 0 ||
-	    strcasecmp(val, "true") == 0 ||
-	    atoi(val)) {
-	struct credentials cred4;
-	
-	if (id == NULL)
-	    ret = krb524_convert_creds_kdc(context, cred, &cred4);
-	else
-	    ret = krb524_convert_creds_kdc_ccache(context, id, cred, &cred4);
-	if (ret)
-	    goto out;
-
-	ret = _kafs_v4_to_kt(&cred4, uid, kt);
-    } else 
-	ret = v5_to_kt(cred, uid, kt, 0);
-
- out:
-    free(val);
-    return ret;
-}
-
-
-/*
- *
- */
-
-static int
-get_cred(struct kafs_data *data, const char *name, const char *inst, 
-	 const char *realm, uid_t uid, struct kafs_token *kt)
-{
-    krb5_error_code ret;
-    krb5_creds in_creds, *out_creds;
-    struct krb5_kafs_data *d = data->data;
-
-    memset(&in_creds, 0, sizeof(in_creds));
-    ret = krb5_425_conv_principal(d->context, name, inst, realm, 
-				  &in_creds.server);
-    if(ret)
-	return ret;
-    ret = krb5_cc_get_principal(d->context, d->id, &in_creds.client);
-    if(ret){
-	krb5_free_principal(d->context, in_creds.server);
-	return ret;
-    }
-    in_creds.session.keytype = ETYPE_DES_CBC_CRC;
-    ret = krb5_get_credentials(d->context, 0, d->id, &in_creds, &out_creds);
-    krb5_free_principal(d->context, in_creds.server);
-    krb5_free_principal(d->context, in_creds.client);
-    if(ret)
-	return ret;
-
-    ret = v5_convert(d->context, d->id, out_creds, uid, 
-		     (inst != NULL && inst[0] != '\0') ? inst : realm, kt);
-    krb5_free_creds(d->context, out_creds);
-
-    return ret;
-}
-
-static krb5_error_code
-afslog_uid_int(struct kafs_data *data, const char *cell, const char *rh,
-	       uid_t uid, const char *homedir)
-{
-    krb5_error_code ret;
-    struct kafs_token kt;
-    krb5_principal princ;
-    const char *trealm; /* ticket realm */
-    struct krb5_kafs_data *d = data->data;
-    
-    if (cell == 0 || cell[0] == 0)
-	return _kafs_afslog_all_local_cells (data, uid, homedir);
-
-    ret = krb5_cc_get_principal (d->context, d->id, &princ);
-    if (ret)
-	return ret;
-
-    trealm = krb5_principal_get_realm (d->context, princ);
-
-    kt.ticket = NULL;
-    ret = _kafs_get_cred(data, cell, d->realm, trealm, uid, &kt);
-    krb5_free_principal (d->context, princ);
-    
-    if(ret == 0) {
-	ret = kafs_settoken_rxkad(cell, &kt.ct, kt.ticket, kt.ticket_len);
-	free(kt.ticket);
-    }
-    return ret;
-}
-
-static char *
-get_realm(struct kafs_data *data, const char *host)
-{
-    struct krb5_kafs_data *d = data->data;
-    krb5_realm *realms;
-    char *r;
-    if(krb5_get_host_realm(d->context, host, &realms))
-	return NULL;
-    r = strdup(realms[0]);
-    krb5_free_host_realm(d->context, realms);
-    return r;
-}
-
-krb5_error_code
-krb5_afslog_uid_home(krb5_context context,
-		     krb5_ccache id,
-		     const char *cell,
-		     krb5_const_realm realm,
-		     uid_t uid,
-		     const char *homedir)
-{
-    struct kafs_data kd;
-    struct krb5_kafs_data d;
-    krb5_error_code ret;
-
-    kd.name = "krb5";
-    kd.afslog_uid = afslog_uid_int;
-    kd.get_cred = get_cred;
-    kd.get_realm = get_realm;
-    kd.data = &d;
-    if (context == NULL) {
-	ret = krb5_init_context(&d.context);
-	if (ret)
-	    return ret;
-    } else
-	d.context = context;
-    if (id == NULL) {
-	ret = krb5_cc_default(d.context, &d.id);
-	if (ret)
-	    goto out;
-    } else
-	d.id = id;
-    d.realm = realm;
-    ret = afslog_uid_int(&kd, cell, 0, uid, homedir);
-    if (id == NULL)
-	krb5_cc_close(context, d.id);
- out:
-    if (context == NULL)
-	krb5_free_context(d.context);
-    return ret;
-}
-
-krb5_error_code
-krb5_afslog_uid(krb5_context context,
-		krb5_ccache id,
-		const char *cell,
-		krb5_const_realm realm,
-		uid_t uid)
-{
-    return krb5_afslog_uid_home (context, id, cell, realm, uid, NULL);
-}
-
-krb5_error_code
-krb5_afslog(krb5_context context,
-	    krb5_ccache id, 
-	    const char *cell,
-	    krb5_const_realm realm)
-{
-    return krb5_afslog_uid (context, id, cell, realm, getuid());
-}
-
-krb5_error_code
-krb5_afslog_home(krb5_context context,
-		 krb5_ccache id, 
-		 const char *cell,
-		 krb5_const_realm realm,
-		 const char *homedir)
-{
-    return krb5_afslog_uid_home (context, id, cell, realm, getuid(), homedir);
-}
-
-/*
- *
- */
-
-krb5_error_code
-krb5_realm_of_cell(const char *cell, char **realm)
-{
-    struct kafs_data kd;
-
-    kd.name = "krb5";
-    kd.get_realm = get_realm;
-    return _kafs_realm_of_cell(&kd, cell, realm);
-}
-
-/*
- *
- */
-
-int
-kafs_settoken5(krb5_context context, const char *cell, uid_t uid,
-	       krb5_creds *cred)
-{
-    struct kafs_token kt;
-    int ret;
-
-    ret = v5_convert(context, NULL, cred, uid, cell, &kt);
-    if (ret)
-	return ret;
-
-    ret = kafs_settoken_rxkad(cell, &kt.ct, kt.ticket, kt.ticket_len);
-
-    free(kt.ticket);
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/kafs/afsl.exp b/crypto/heimdal/lib/kafs/afsl.exp
deleted file mode 100644
index 4d2b00e28337..000000000000
--- a/crypto/heimdal/lib/kafs/afsl.exp
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/unix
-
-* This mumbo jumbo creates entry points to syscalls in _AIX
-
-lpioctl	syscall
-lsetpag	syscall
diff --git a/crypto/heimdal/lib/kafs/afslib.c b/crypto/heimdal/lib/kafs/afslib.c
deleted file mode 100644
index 4845b7f36b7c..000000000000
--- a/crypto/heimdal/lib/kafs/afslib.c
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* 
- * This file is only used with AIX 
- */
-
-#include "kafs_locl.h"
-
-RCSID("$Id: afslib.c 7463 1999-12-02 16:58:55Z joda $");
-
-int
-aix_pioctl(char *a_path,
-	   int o_opcode,
-	   struct ViceIoctl *a_paramsP,
-	   int a_followSymlinks)
-{
-    return lpioctl(a_path, o_opcode, a_paramsP, a_followSymlinks);
-}
-
-int
-aix_setpag(void)
-{
-    return lsetpag();
-}
diff --git a/crypto/heimdal/lib/kafs/afslib.exp b/crypto/heimdal/lib/kafs/afslib.exp
deleted file mode 100644
index f288717706ea..000000000000
--- a/crypto/heimdal/lib/kafs/afslib.exp
+++ /dev/null
@@ -1,3 +0,0 @@
-#!
-aix_pioctl
-aix_setpag
diff --git a/crypto/heimdal/lib/kafs/afssys.c b/crypto/heimdal/lib/kafs/afssys.c
deleted file mode 100644
index d9c6b8066aa8..000000000000
--- a/crypto/heimdal/lib/kafs/afssys.c
+++ /dev/null
@@ -1,562 +0,0 @@
-/*
- * Copyright (c) 1995 - 2000, 2002, 2004, 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kafs_locl.h"
-
-RCSID("$Id: afssys.c 17050 2006-04-11 08:12:29Z lha $");
-
-struct procdata {
-    unsigned long param4;
-    unsigned long param3;
-    unsigned long param2;
-    unsigned long param1;
-    unsigned long syscall;
-};
-#define VIOC_SYSCALL_PROC _IOW('C', 1, void *)
-
-struct devdata {
-    unsigned long syscall;
-    unsigned long param1;
-    unsigned long param2;
-    unsigned long param3;
-    unsigned long param4;
-    unsigned long param5;
-    unsigned long param6;
-    unsigned long retval;
-};
-#define VIOC_SYSCALL_DEV _IOWR('C', 2, struct devdata)
-#define VIOC_SYSCALL_DEV_OPENAFS _IOWR('C', 1, struct devdata)
-
-
-int _kafs_debug; /* this should be done in a better way */
-
-#define UNKNOWN_ENTRY_POINT	(-1)
-#define NO_ENTRY_POINT		0
-#define SINGLE_ENTRY_POINT	1
-#define MULTIPLE_ENTRY_POINT	2
-#define SINGLE_ENTRY_POINT2	3
-#define SINGLE_ENTRY_POINT3	4
-#define LINUX_PROC_POINT	5
-#define AIX_ENTRY_POINTS	6
-#define MACOS_DEV_POINT		7
-
-static int afs_entry_point = UNKNOWN_ENTRY_POINT;
-static int afs_syscalls[2];
-static char *afs_ioctlpath;
-static unsigned long afs_ioctlnum;
-
-/* Magic to get AIX syscalls to work */
-#ifdef _AIX
-
-static int (*Pioctl)(char*, int, struct ViceIoctl*, int);
-static int (*Setpag)(void);
-
-#include "dlfcn.h"
-
-/*
- *
- */
-
-static int
-try_aix(void)
-{
-#ifdef STATIC_AFS_SYSCALLS
-    Pioctl = aix_pioctl;
-    Setpag = aix_setpag;
-#else
-    void *ptr;
-    char path[MaxPathLen], *p;
-    /*
-     * If we are root or running setuid don't trust AFSLIBPATH!
-     */
-    if (getuid() != 0 && !issuid() && (p = getenv("AFSLIBPATH")) != NULL)
-	strlcpy(path, p, sizeof(path));
-    else
-	snprintf(path, sizeof(path), "%s/afslib.so", LIBDIR);
-	
-    ptr = dlopen(path, RTLD_NOW);
-    if(ptr == NULL) {
-	if(_kafs_debug) {
-	    if(errno == ENOEXEC && (p = dlerror()) != NULL)
-		fprintf(stderr, "dlopen(%s): %s\n", path, p);
-	    else if (errno != ENOENT)
-		fprintf(stderr, "dlopen(%s): %s\n", path, strerror(errno));
-	}
-	return 1;
-    }
-    Setpag = (int (*)(void))dlsym(ptr, "aix_setpag");
-    Pioctl = (int (*)(char*, int, 
-		      struct ViceIoctl*, int))dlsym(ptr, "aix_pioctl");
-#endif
-    afs_entry_point = AIX_ENTRY_POINTS;
-    return 0;
-}
-#endif /* _AIX */
-
-/* 
- * This probably only works under Solaris and could get confused if
- * there's a /etc/name_to_sysnum file.  
- */
-
-#if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3)
-
-#define _PATH_ETC_NAME_TO_SYSNUM "/etc/name_to_sysnum"
-
-static int
-map_syscall_name_to_number (const char *str, int *res)
-{
-    FILE *f;
-    char buf[256];
-    size_t str_len = strlen (str);
-
-    f = fopen (_PATH_ETC_NAME_TO_SYSNUM, "r");
-    if (f == NULL)
-	return -1;
-    while (fgets (buf, sizeof(buf), f) != NULL) {
-	if (buf[0] == '#')
-	    continue;
-
-	if (strncmp (str, buf, str_len) == 0) {
-	    char *begptr = buf + str_len;
-	    char *endptr;
-	    long val = strtol (begptr, &endptr, 0);
-
-	    if (val != 0 && endptr != begptr) {
-		fclose (f);
-		*res = val;
-		return 0;
-	    }
-	}
-    }
-    fclose (f);
-    return -1;
-}
-#endif
-
-static int 
-try_ioctlpath(const char *path, unsigned long ioctlnum, int entrypoint)
-{
-    int fd, ret, saved_errno;
-
-    fd = open(path, O_RDWR);
-    if (fd < 0)
-	return 1;
-    switch (entrypoint) {
-    case LINUX_PROC_POINT: {
-	struct procdata data = { 0, 0, 0, 0, AFSCALL_PIOCTL };
-	data.param2 = (unsigned long)VIOCGETTOK;
-	ret = ioctl(fd, ioctlnum, &data);
-	break;
-    }
-    case MACOS_DEV_POINT: {
-	struct devdata data = { AFSCALL_PIOCTL, 0, 0, 0, 0, 0, 0, 0 };
-	data.param2 = (unsigned long)VIOCGETTOK;
-	ret = ioctl(fd, ioctlnum, &data);
-	break;
-    }
-    default:
-	abort();
-    }
-    saved_errno = errno;
-    close(fd);
-    /* 
-     * Be quite liberal in what error are ok, the first is the one
-     * that should trigger given that params is NULL.
-     */
-    if (ret && 
-	(saved_errno != EFAULT &&
-	 saved_errno != EDOM && 
-	 saved_errno != ENOTCONN))
-	return 1;
-    afs_ioctlnum = ioctlnum;
-    afs_ioctlpath = strdup(path);
-    if (afs_ioctlpath == NULL)
-	return 1;
-    afs_entry_point = entrypoint;
-    return 0;
-}
-
-static int
-do_ioctl(void *data)
-{
-    int fd, ret, saved_errno;
-    fd = open(afs_ioctlpath, O_RDWR);
-    if (fd < 0) {
-	errno = EINVAL;
-	return -1;
-    }
-    ret = ioctl(fd, afs_ioctlnum, data);
-    saved_errno = errno;
-    close(fd);
-    errno = saved_errno;
-    return ret;
-}
-
-int
-k_pioctl(char *a_path,
-	 int o_opcode,
-	 struct ViceIoctl *a_paramsP,
-	 int a_followSymlinks)
-{
-#ifndef NO_AFS
-    switch(afs_entry_point){
-#if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3)
-    case SINGLE_ENTRY_POINT:
-    case SINGLE_ENTRY_POINT2:
-    case SINGLE_ENTRY_POINT3:
-	return syscall(afs_syscalls[0], AFSCALL_PIOCTL,
-		       a_path, o_opcode, a_paramsP, a_followSymlinks);
-#endif
-#if defined(AFS_PIOCTL)
-    case MULTIPLE_ENTRY_POINT:
-	return syscall(afs_syscalls[0],
-		       a_path, o_opcode, a_paramsP, a_followSymlinks);
-#endif
-    case LINUX_PROC_POINT: {
-	struct procdata data = { 0, 0, 0, 0, AFSCALL_PIOCTL };
-	data.param1 = (unsigned long)a_path;
-	data.param2 = (unsigned long)o_opcode;
-	data.param3 = (unsigned long)a_paramsP;
-	data.param4 = (unsigned long)a_followSymlinks;
-	return do_ioctl(&data);
-    }
-    case MACOS_DEV_POINT: {
-	struct devdata data = { AFSCALL_PIOCTL, 0, 0, 0, 0, 0, 0, 0 };
-	int ret;
-	
-	data.param1 = (unsigned long)a_path;
-	data.param2 = (unsigned long)o_opcode;
-	data.param3 = (unsigned long)a_paramsP;
-	data.param4 = (unsigned long)a_followSymlinks;
-	
-	ret = do_ioctl(&data);
-	if (ret)
-	    return ret;
-	
-	return data.retval;
-    }
-#ifdef _AIX
-    case AIX_ENTRY_POINTS:
-	return Pioctl(a_path, o_opcode, a_paramsP, a_followSymlinks);
-#endif
-    }    
-    errno = ENOSYS;
-#ifdef SIGSYS
-    kill(getpid(), SIGSYS);	/* You lose! */
-#endif
-#endif /* NO_AFS */
-    return -1;
-}
-
-int
-k_afs_cell_of_file(const char *path, char *cell, int len)
-{
-    struct ViceIoctl parms;
-    parms.in = NULL;
-    parms.in_size = 0;
-    parms.out = cell;
-    parms.out_size = len;
-    return k_pioctl(rk_UNCONST(path), VIOC_FILE_CELL_NAME, &parms, 1);
-}
-
-int
-k_unlog(void)
-{
-    struct ViceIoctl parms;
-    memset(&parms, 0, sizeof(parms));
-    return k_pioctl(0, VIOCUNLOG, &parms, 0);
-}
-
-int
-k_setpag(void)
-{
-#ifndef NO_AFS
-    switch(afs_entry_point){
-#if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3)
-    case SINGLE_ENTRY_POINT:
-    case SINGLE_ENTRY_POINT2:
-    case SINGLE_ENTRY_POINT3:
-	return syscall(afs_syscalls[0], AFSCALL_SETPAG);
-#endif
-#if defined(AFS_PIOCTL)
-    case MULTIPLE_ENTRY_POINT:
-	return syscall(afs_syscalls[1]);
-#endif
-    case LINUX_PROC_POINT: {
-	struct procdata data = { 0, 0, 0, 0, AFSCALL_SETPAG };
-	return do_ioctl(&data);
-    }
-    case MACOS_DEV_POINT: {
-	struct devdata data = { AFSCALL_SETPAG, 0, 0, 0, 0, 0, 0, 0 };
-	int ret = do_ioctl(&data);
-	if (ret)
-	    return ret;
-	return data.retval;
-     }
-#ifdef _AIX
-    case AIX_ENTRY_POINTS:
-	return Setpag();
-#endif
-    }
-    
-    errno = ENOSYS;
-#ifdef SIGSYS
-    kill(getpid(), SIGSYS);	/* You lose! */
-#endif
-#endif /* NO_AFS */
-    return -1;
-}
-
-static jmp_buf catch_SIGSYS;
-
-#ifdef SIGSYS
-
-static RETSIGTYPE
-SIGSYS_handler(int sig)
-{
-    errno = 0;
-    signal(SIGSYS, SIGSYS_handler); /* Need to reinstall handler on SYSV */
-    longjmp(catch_SIGSYS, 1);
-}
-
-#endif
-
-/*
- * Try to see if `syscall' is a pioctl.  Return 0 iff succesful.
- */
-
-#if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3)
-static int
-try_one (int syscall_num)
-{
-    struct ViceIoctl parms;
-    memset(&parms, 0, sizeof(parms));
-
-    if (setjmp(catch_SIGSYS) == 0) {
-	syscall(syscall_num, AFSCALL_PIOCTL,
-		0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
-	if (errno == EINVAL) {
-	    afs_entry_point = SINGLE_ENTRY_POINT;
-	    afs_syscalls[0] = syscall_num;
-	    return 0;
-	}
-    }
-    return 1;
-}
-#endif
-
-/*
- * Try to see if `syscall_pioctl' is a pioctl syscall.  Return 0 iff
- * succesful.
- *
- */
-
-#ifdef AFS_PIOCTL
-static int
-try_two (int syscall_pioctl, int syscall_setpag)
-{
-    struct ViceIoctl parms;
-    memset(&parms, 0, sizeof(parms));
-
-    if (setjmp(catch_SIGSYS) == 0) {
-	syscall(syscall_pioctl,
-		0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
-	if (errno == EINVAL) {
-	    afs_entry_point = MULTIPLE_ENTRY_POINT;
-	    afs_syscalls[0] = syscall_pioctl;
-	    afs_syscalls[1] = syscall_setpag;
-	    return 0;
-	}
-    }
-    return 1;
-}
-#endif
-
-int
-k_hasafs(void)
-{
-#if !defined(NO_AFS) && defined(SIGSYS)
-    RETSIGTYPE (*saved_func)(int);
-#endif
-    int saved_errno, ret;
-    char *env = NULL;
-
-    if (!issuid())
-	env = getenv ("AFS_SYSCALL");
-  
-    /*
-     * Already checked presence of AFS syscalls?
-     */
-    if (afs_entry_point != UNKNOWN_ENTRY_POINT)
-	return afs_entry_point != NO_ENTRY_POINT;
-
-    /*
-     * Probe kernel for AFS specific syscalls,
-     * they (currently) come in two flavors.
-     * If the syscall is absent we recive a SIGSYS.
-     */
-    afs_entry_point = NO_ENTRY_POINT;
-  
-    saved_errno = errno;
-#ifndef NO_AFS
-#ifdef SIGSYS
-    saved_func = signal(SIGSYS, SIGSYS_handler);
-#endif
-    if (env && strstr(env, "..") == NULL) {
-
-	if (strncmp("/proc/", env, 6) == 0) {
-	    if (try_ioctlpath(env, VIOC_SYSCALL_PROC, LINUX_PROC_POINT) == 0)
-		goto done;
-	}
-	if (strncmp("/dev/", env, 5) == 0) {
-	    if (try_ioctlpath(env, VIOC_SYSCALL_DEV, MACOS_DEV_POINT) == 0)
-		goto done;
-	    if (try_ioctlpath(env,VIOC_SYSCALL_DEV_OPENAFS,MACOS_DEV_POINT) ==0)
-		goto done;
-	}
-    }
-
-    ret = try_ioctlpath("/proc/fs/openafs/afs_ioctl",
-			VIOC_SYSCALL_PROC, LINUX_PROC_POINT);
-    if (ret == 0)
-	goto done;
-    ret = try_ioctlpath("/proc/fs/nnpfs/afs_ioctl", 
-			VIOC_SYSCALL_PROC, LINUX_PROC_POINT);
-    if (ret == 0)
-	goto done;
-
-    ret = try_ioctlpath("/dev/openafs_ioctl", 
-			VIOC_SYSCALL_DEV_OPENAFS, MACOS_DEV_POINT);
-    if (ret == 0)
-	goto done;
-    ret = try_ioctlpath("/dev/nnpfs_ioctl", VIOC_SYSCALL_DEV, MACOS_DEV_POINT);
-    if (ret == 0)
-	goto done;
-
-#if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3)
-    {
-	int tmp;
-
-	if (env != NULL) {
-	    if (sscanf (env, "%d", &tmp) == 1) {
-		if (try_one (tmp) == 0)
-		    goto done;
-	    } else {
-		char *end = NULL;
-		char *p;
-		char *s = strdup (env);
-
-		if (s != NULL) {
-		    for (p = strtok_r (s, ",", &end);
-			 p != NULL;
-			 p = strtok_r (NULL, ",", &end)) {
-			if (map_syscall_name_to_number (p, &tmp) == 0)
-			    if (try_one (tmp) == 0) {
-				free (s);
-				goto done;
-			    }
-		    }
-		    free (s);
-		}
-	    }
-	}
-    }
-#endif /* AFS_SYSCALL || AFS_SYSCALL2 || AFS_SYSCALL3 */
-
-#ifdef AFS_SYSCALL
-    if (try_one (AFS_SYSCALL) == 0)
-	goto done;
-#endif /* AFS_SYSCALL */
-
-#ifdef AFS_PIOCTL
-    {
-	int tmp[2];
-
-	if (env != NULL && sscanf (env, "%d%d", &tmp[0], &tmp[1]) == 2)
-	    if (try_two (tmp[0], tmp[1]) == 2)
-		goto done;
-    }
-#endif /* AFS_PIOCTL */
-
-#ifdef AFS_PIOCTL
-    if (try_two (AFS_PIOCTL, AFS_SETPAG) == 0)
-	goto done;
-#endif /* AFS_PIOCTL */
-
-#ifdef AFS_SYSCALL2
-    if (try_one (AFS_SYSCALL2) == 0)
-	goto done;
-#endif /* AFS_SYSCALL2 */
-
-#ifdef AFS_SYSCALL3
-    if (try_one (AFS_SYSCALL3) == 0)
-	goto done;
-#endif /* AFS_SYSCALL3 */
-
-#ifdef _AIX
-#if 0
-    if (env != NULL) {
-	char *pos = NULL;
-	char *pioctl_name;
-	char *setpag_name;
-
-	pioctl_name = strtok_r (env, ", \t", &pos);
-	if (pioctl_name != NULL) {
-	    setpag_name = strtok_r (NULL, ", \t", &pos);
-	    if (setpag_name != NULL)
-		if (try_aix (pioctl_name, setpag_name) == 0)
-		    goto done;
-	}
-    }
-#endif
-
-    if(try_aix() == 0)
-	goto done;
-#endif
-
-
-done:
-#ifdef SIGSYS
-    signal(SIGSYS, saved_func);
-#endif
-#endif /* NO_AFS */
-    errno = saved_errno;
-    return afs_entry_point != NO_ENTRY_POINT;
-}
-
-int
-k_hasafs_recheck(void)
-{
-    afs_entry_point = UNKNOWN_ENTRY_POINT;
-    return k_hasafs();
-}
diff --git a/crypto/heimdal/lib/kafs/afssysdefs.h b/crypto/heimdal/lib/kafs/afssysdefs.h
deleted file mode 100644
index dd52a214bee0..000000000000
--- a/crypto/heimdal/lib/kafs/afssysdefs.h
+++ /dev/null
@@ -1,113 +0,0 @@
-/*
- * Copyright (c) 1995 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: afssysdefs.h 14102 2004-08-09 13:41:32Z lha $ */
-
-/*
- * This section is for machines using single entry point AFS syscalls!
- * and/or
- * This section is for machines using multiple entry point AFS syscalls!
- *
- * SunOS 4 is an example of single entry point and sgi of multiple
- * entry point syscalls.
- */
-
-#if SunOS == 40
-#define AFS_SYSCALL	31
-#endif
-
-#if SunOS >= 50 && SunOS < 57
-#define AFS_SYSCALL	105
-#endif
-
-#if SunOS == 57
-#define AFS_SYSCALL	73
-#endif
-
-#if SunOS >= 58
-#define AFS_SYSCALL	65
-#endif
-
-#if defined(__hpux)
-#define AFS_SYSCALL	50
-#define AFS_SYSCALL2	49
-#define AFS_SYSCALL3	48
-#endif
-
-#if defined(_AIX)
-/* _AIX is too weird */
-#endif
-
-#if defined(__sgi)
-#define AFS_PIOCTL      (64+1000)
-#define AFS_SETPAG      (65+1000)
-#endif
-
-#if defined(__osf__)
-#define AFS_SYSCALL	232
-#define AFS_SYSCALL2	258
-#endif
-
-#if defined(__ultrix)
-#define AFS_SYSCALL	31
-#endif
-
-#if defined(__FreeBSD__)
-#if __FreeBSD_version >= 500000
-#define AFS_SYSCALL 339
-#else
-#define AFS_SYSCALL 210
-#endif
-#endif /* __FreeBSD__ */
-
-#ifdef __DragonFly__
-#ifndef AFS_SYSCALL
-#define AFS_SYSCALL 339
-#endif
-#endif
-
-#ifdef __OpenBSD__
-#define AFS_SYSCALL 208
-#endif
-
-#if defined(__NetBSD__)
-#define AFS_SYSCALL 210
-#endif
-
-#ifdef __APPLE__		/* MacOS X */
-#define AFS_SYSCALL 230
-#endif
-
-#ifdef SYS_afs_syscall
-#define AFS_SYSCALL3	SYS_afs_syscall
-#endif
diff --git a/crypto/heimdal/lib/kafs/common.c b/crypto/heimdal/lib/kafs/common.c
deleted file mode 100644
index 3466d950d74e..000000000000
--- a/crypto/heimdal/lib/kafs/common.c
+++ /dev/null
@@ -1,492 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kafs_locl.h"
-
-RCSID("$Id: common.c 15461 2005-06-16 22:52:33Z lha $");
-
-#define AUTH_SUPERUSER "afs"
-
-/*
- * Here only ASCII characters are relevant.
- */
-
-#define IsAsciiLower(c) ('a' <= (c) && (c) <= 'z')
-
-#define ToAsciiUpper(c) ((c) - 'a' + 'A')
-
-static void (*kafs_verbose)(void *, const char *);
-static void *kafs_verbose_ctx;
-
-void
-_kafs_foldup(char *a, const char *b)
-{
-  for (; *b; a++, b++)
-    if (IsAsciiLower(*b))
-      *a = ToAsciiUpper(*b);
-    else
-      *a = *b;
-  *a = '\0';
-}
-
-void
-kafs_set_verbose(void (*f)(void *, const char *), void *ctx)
-{
-    if (f) {
-	kafs_verbose = f;
-	kafs_verbose_ctx = ctx;
-    }
-}
-
-int
-kafs_settoken_rxkad(const char *cell, struct ClearToken *ct,
-		    void *ticket, size_t ticket_len)
-{
-    struct ViceIoctl parms;
-    char buf[2048], *t;
-    int32_t sizeof_x;
-    
-    t = buf;
-    /*
-     * length of secret token followed by secret token
-     */
-    sizeof_x = ticket_len;
-    memcpy(t, &sizeof_x, sizeof(sizeof_x));
-    t += sizeof(sizeof_x);
-    memcpy(t, ticket, sizeof_x);
-    t += sizeof_x;
-    /*
-     * length of clear token followed by clear token
-     */
-    sizeof_x = sizeof(*ct);
-    memcpy(t, &sizeof_x, sizeof(sizeof_x));
-    t += sizeof(sizeof_x);
-    memcpy(t, ct, sizeof_x);
-    t += sizeof_x;
-
-    /*
-     * do *not* mark as primary cell
-     */
-    sizeof_x = 0;
-    memcpy(t, &sizeof_x, sizeof(sizeof_x));
-    t += sizeof(sizeof_x);
-    /*
-     * follow with cell name
-     */
-    sizeof_x = strlen(cell) + 1;
-    memcpy(t, cell, sizeof_x);
-    t += sizeof_x;
-
-    /*
-     * Build argument block
-     */
-    parms.in = buf;
-    parms.in_size = t - buf;
-    parms.out = 0;
-    parms.out_size = 0;
-
-    return k_pioctl(0, VIOCSETTOK, &parms, 0);
-}
-
-void
-_kafs_fixup_viceid(struct ClearToken *ct, uid_t uid)
-{
-#define ODD(x) ((x) & 1)
-    /* According to Transarc conventions ViceId is valid iff
-     * (EndTimestamp - BeginTimestamp) is odd. By decrementing EndTime
-     * the transformations:
-     *
-     * (issue_date, life) -> (StartTime, EndTime) -> (issue_date, life)
-     * preserves the original values.
-     */
-    if (uid != 0)		/* valid ViceId */
-    {
-	if (!ODD(ct->EndTimestamp - ct->BeginTimestamp))
-	    ct->EndTimestamp--;
-    }
-    else			/* not valid ViceId */
-    {
-	if (ODD(ct->EndTimestamp - ct->BeginTimestamp))
-	    ct->EndTimestamp--;
-    }
-}
-
-
-int
-_kafs_v4_to_kt(CREDENTIALS *c, uid_t uid, struct kafs_token *kt)
-{
-    kt->ticket = NULL;
-
-    if (c->ticket_st.length > MAX_KTXT_LEN)
-	return EINVAL;
-
-    kt->ticket = malloc(c->ticket_st.length);
-    if (kt->ticket == NULL)
-	return ENOMEM;
-    kt->ticket_len = c->ticket_st.length;
-    memcpy(kt->ticket, c->ticket_st.dat, kt->ticket_len);
-    
-    /*
-     * Build a struct ClearToken
-     */
-    kt->ct.AuthHandle = c->kvno;
-    memcpy (kt->ct.HandShakeKey, c->session, sizeof(c->session));
-    kt->ct.ViceId = uid;
-    kt->ct.BeginTimestamp = c->issue_date;
-    kt->ct.EndTimestamp = krb_life_to_time(c->issue_date, c->lifetime);
-
-    _kafs_fixup_viceid(&kt->ct, uid);
-
-    return 0;
-}
-
-/* Try to get a db-server for an AFS cell from a AFSDB record */
-
-static int
-dns_find_cell(const char *cell, char *dbserver, size_t len)
-{
-    struct dns_reply *r;
-    int ok = -1;
-    r = dns_lookup(cell, "afsdb");
-    if(r){
-	struct resource_record *rr = r->head;
-	while(rr){
-	    if(rr->type == T_AFSDB && rr->u.afsdb->preference == 1){
-		strlcpy(dbserver,
-				rr->u.afsdb->domain,
-				len);
-		ok = 0;
-		break;
-	    }
-	    rr = rr->next;
-	}
-	dns_free_data(r);
-    }
-    return ok;
-}
-
-
-/*
- * Try to find the cells we should try to klog to in "file".
- */
-static void
-find_cells(const char *file, char ***cells, int *idx)
-{
-    FILE *f;
-    char cell[64];
-    int i;
-    int ind = *idx;
-
-    f = fopen(file, "r");
-    if (f == NULL)
-	return;
-    while (fgets(cell, sizeof(cell), f)) {
-	char *t;
-	t = cell + strlen(cell);
-	for (; t >= cell; t--)
-	  if (*t == '\n' || *t == '\t' || *t == ' ')
-	    *t = 0;
-	if (cell[0] == '\0' || cell[0] == '#')
-	    continue;
-	for(i = 0; i < ind; i++)
-	    if(strcmp((*cells)[i], cell) == 0)
-		break;
-	if(i == ind){
-	    char **tmp;
-
-	    tmp = realloc(*cells, (ind + 1) * sizeof(**cells));
-	    if (tmp == NULL)
-		break;
-	    *cells = tmp;
-	    (*cells)[ind] = strdup(cell);
-	    if ((*cells)[ind] == NULL)
-		break;
-	    ++ind;
-	}
-    }
-    fclose(f);
-    *idx = ind;
-}
-
-/*
- * Get tokens for all cells[]
- */
-static int
-afslog_cells(struct kafs_data *data, char **cells, int max, uid_t uid,
-	     const char *homedir)
-{
-    int ret = 0;
-    int i;
-    for (i = 0; i < max; i++) {
-        int er = (*data->afslog_uid)(data, cells[i], 0, uid, homedir);
-	if (er)
-	    ret = er;
-    }
-    return ret;
-}
-
-int
-_kafs_afslog_all_local_cells(struct kafs_data *data,
-			     uid_t uid, const char *homedir)
-{
-    int ret;
-    char **cells = NULL;
-    int idx = 0;
-
-    if (homedir == NULL)
-	homedir = getenv("HOME");
-    if (homedir != NULL) {
-	char home[MaxPathLen];
-	snprintf(home, sizeof(home), "%s/.TheseCells", homedir);
-	find_cells(home, &cells, &idx);
-    }
-    find_cells(_PATH_THESECELLS, &cells, &idx);
-    find_cells(_PATH_THISCELL, &cells, &idx);
-    find_cells(_PATH_ARLA_THESECELLS, &cells, &idx);
-    find_cells(_PATH_ARLA_THISCELL, &cells, &idx);
-    find_cells(_PATH_OPENAFS_DEBIAN_THESECELLS, &cells, &idx);
-    find_cells(_PATH_OPENAFS_DEBIAN_THISCELL, &cells, &idx);
-    find_cells(_PATH_OPENAFS_MACOSX_THESECELLS, &cells, &idx);
-    find_cells(_PATH_OPENAFS_MACOSX_THISCELL, &cells, &idx);
-    find_cells(_PATH_ARLA_DEBIAN_THESECELLS, &cells, &idx);
-    find_cells(_PATH_ARLA_DEBIAN_THISCELL, &cells, &idx);
-    find_cells(_PATH_ARLA_OPENBSD_THESECELLS, &cells, &idx);
-    find_cells(_PATH_ARLA_OPENBSD_THISCELL, &cells, &idx);
-    
-    ret = afslog_cells(data, cells, idx, uid, homedir);
-    while(idx > 0)
-	free(cells[--idx]);
-    free(cells);
-    return ret;
-}
-
-
-static int
-file_find_cell(struct kafs_data *data, 
-	       const char *cell, char **realm, int exact)
-{
-    FILE *F;
-    char buf[1024];
-    char *p;
-    int ret = -1;
-
-    if ((F = fopen(_PATH_CELLSERVDB, "r"))
-	|| (F = fopen(_PATH_ARLA_CELLSERVDB, "r"))
-	|| (F = fopen(_PATH_OPENAFS_DEBIAN_CELLSERVDB, "r"))
-	|| (F = fopen(_PATH_OPENAFS_MACOSX_CELLSERVDB, "r"))
-	|| (F = fopen(_PATH_ARLA_DEBIAN_CELLSERVDB, "r"))) {
-	while (fgets(buf, sizeof(buf), F)) {
-	    int cmp;
-
-	    if (buf[0] != '>')
-		continue; /* Not a cell name line, try next line */
-	    p = buf;
-	    strsep(&p, " \t\n#");
-
-	    if (exact)
-		cmp = strcmp(buf + 1, cell);
-	    else
-		cmp = strncmp(buf + 1, cell, strlen(cell));
-
-	    if (cmp == 0) {
-		/*
-		 * We found the cell name we're looking for.
-		 * Read next line on the form ip-address '#' hostname
-		 */
-		if (fgets(buf, sizeof(buf), F) == NULL)
-		    break;	/* Read failed, give up */
-		p = strchr(buf, '#');
-		if (p == NULL)
-		    break;	/* No '#', give up */
-		p++;
-		if (buf[strlen(buf) - 1] == '\n')
-		    buf[strlen(buf) - 1] = '\0';
-		*realm = (*data->get_realm)(data, p);
-		if (*realm && **realm != '\0')
-		    ret = 0;
-		break;		/* Won't try any more */
-	    }
-	}
-	fclose(F);
-    }
-    return ret;
-}
-
-/* Find the realm associated with cell. Do this by opening CellServDB
-   file and getting the realm-of-host for the first VL-server for the
-   cell.
-
-   This does not work when the VL-server is living in one realm, but
-   the cell it is serving is living in another realm.
-
-   Return 0 on success, -1 otherwise.
-   */
-
-int
-_kafs_realm_of_cell(struct kafs_data *data,
-		    const char *cell, char **realm)
-{
-    char buf[1024];
-    int ret;
-
-    ret = file_find_cell(data, cell, realm, 1);
-    if (ret == 0)
-	return ret;
-    if (dns_find_cell(cell, buf, sizeof(buf)) == 0) {
-	*realm = (*data->get_realm)(data, buf);
-	if(*realm != NULL)
-	    return 0;
-    }
-    return file_find_cell(data, cell, realm, 0);
-}
-
-static int
-_kafs_try_get_cred(struct kafs_data *data, const char *user, const char *cell,
-		   const char *realm, uid_t uid, struct kafs_token *kt)
-{
-    int ret;
-
-    ret = (*data->get_cred)(data, user, cell, realm, uid, kt);
-    if (kafs_verbose) {
-	char *str;
-	asprintf(&str, "%s tried afs%s%s@%s -> %d",
-		 data->name, cell[0] == '\0' ? "" : "/", 
-		 cell, realm, ret);
-	(*kafs_verbose)(kafs_verbose_ctx, str);
-	free(str);
-    }
-
-    return ret;
-}
-
-
-int
-_kafs_get_cred(struct kafs_data *data,
-	       const char *cell, 
-	       const char *realm_hint,
-	       const char *realm,
-	       uid_t uid,
-	       struct kafs_token *kt)
-{
-    int ret = -1;
-    char *vl_realm;
-    char CELL[64];
-
-    /* We're about to find the realm that holds the key for afs in
-     * the specified cell. The problem is that null-instance
-     * afs-principals are common and that hitting the wrong realm might
-     * yield the wrong afs key. The following assumptions were made.
-     *
-     * Any realm passed to us is preferred.
-     *
-     * If there is a realm with the same name as the cell, it is most
-     * likely the correct realm to talk to.
-     *
-     * In most (maybe even all) cases the database servers of the cell
-     * will live in the realm we are looking for.
-     *
-     * Try the local realm, but if the previous cases fail, this is
-     * really a long shot.
-     *
-     */
-  
-    /* comments on the ordering of these tests */
-
-    /* If the user passes a realm, she probably knows something we don't
-     * know and we should try afs@realm_hint.
-     */
-  
-    if (realm_hint) {
-	ret = _kafs_try_get_cred(data, AUTH_SUPERUSER,
-				 cell, realm_hint, uid, kt);
-	if (ret == 0) return 0;
-	ret = _kafs_try_get_cred(data, AUTH_SUPERUSER,
-				 "", realm_hint, uid, kt);
-	if (ret == 0) return 0;
-    }
-
-    _kafs_foldup(CELL, cell);
-
-    /*
-     * If cell == realm we don't need no cross-cell authentication.
-     * Try afs@REALM.
-     */
-    if (strcmp(CELL, realm) == 0) {
-        ret = _kafs_try_get_cred(data, AUTH_SUPERUSER,
-				 "", realm, uid, kt);
-	if (ret == 0) return 0;
-	/* Try afs.cell@REALM below. */
-    }
-
-    /*
-     * If the AFS servers have a file /usr/afs/etc/krb.conf containing
-     * REALM we still don't have to resort to cross-cell authentication.
-     * Try afs.cell@REALM.
-     */
-    ret = _kafs_try_get_cred(data, AUTH_SUPERUSER, 
-			     cell, realm, uid, kt);
-    if (ret == 0) return 0;
-
-    /*
-     * We failed to get ``first class tickets'' for afs,
-     * fall back to cross-cell authentication.
-     * Try afs@CELL.
-     * Try afs.cell@CELL.
-     */
-    ret = _kafs_try_get_cred(data, AUTH_SUPERUSER,
-			     "", CELL, uid, kt);
-    if (ret == 0) return 0;
-    ret = _kafs_try_get_cred(data, AUTH_SUPERUSER, 
-			     cell, CELL, uid, kt);
-    if (ret == 0) return 0;
-
-    /*
-     * Perhaps the cell doesn't correspond to any realm?
-     * Use realm of first volume location DB server.
-     * Try afs.cell@VL_REALM.
-     * Try afs@VL_REALM???
-     */
-    if (_kafs_realm_of_cell(data, cell, &vl_realm) == 0
-	&& strcmp(vl_realm, realm) != 0
-	&& strcmp(vl_realm, CELL) != 0) {
-	ret = _kafs_try_get_cred(data, AUTH_SUPERUSER,
-				 cell, vl_realm, uid, kt);
-	if (ret)
-	    ret = _kafs_try_get_cred(data, AUTH_SUPERUSER,
-				     "", vl_realm, uid, kt);
-	free(vl_realm);
-	if (ret == 0) return 0;
-    }
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/kafs/dlfcn.c b/crypto/heimdal/lib/kafs/dlfcn.c
deleted file mode 100644
index 728cf5cdd768..000000000000
--- a/crypto/heimdal/lib/kafs/dlfcn.c
+++ /dev/null
@@ -1,581 +0,0 @@
-/*
- * @(#)dlfcn.c	1.11 revision of 96/04/10  20:12:51
- * This is an unpublished work copyright (c) 1992 HELIOS Software GmbH
- * 30159 Hannover, Germany
- */
-
-/*
- * Changes marked with `--jwe' were made on April 7 1996 by John W. Eaton
- * <jwe@bevo.che.wisc.edu> to support g++ and/or use with Octave.
- */
-
-/*
- * This makes my life easier with Octave.  --jwe
- */
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <errno.h>
-#include <string.h>
-#include <stdlib.h>
-#include <sys/types.h>
-#include <sys/ldr.h>
-#include <a.out.h>
-#include <ldfcn.h>
-#include "dlfcn.h"
-
-/*
- * We simulate dlopen() et al. through a call to load. Because AIX has
- * no call to find an exported symbol we read the loader section of the
- * loaded module and build a list of exported symbols and their virtual
- * address.
- */
-
-typedef struct {
-	char		*name;		/* the symbols's name */
-	void		*addr;		/* its relocated virtual address */
-} Export, *ExportPtr;
-
-/*
- * xlC uses the following structure to list its constructors and
- * destructors. This is gleaned from the output of munch.
- */
-typedef struct {
-	void (*init)(void);		/* call static constructors */
-	void (*term)(void);		/* call static destructors */
-} Cdtor, *CdtorPtr;
-
-typedef void (*GccCDtorPtr)(void);
-
-/*
- * The void * handle returned from dlopen is actually a ModulePtr.
- */
-typedef struct Module {
-	struct Module	*next;
-	char		*name;		/* module name for refcounting */
-	int		refCnt;		/* the number of references */
-	void		*entry;		/* entry point from load */
-	struct dl_info	*info;		/* optional init/terminate functions */
-	CdtorPtr	cdtors;		/* optional C++ constructors */
-	GccCDtorPtr	gcc_ctor;	/* g++ constructors  --jwe */
-	GccCDtorPtr	gcc_dtor;	/* g++ destructors  --jwe */
-	int		nExports;	/* the number of exports found */
-	ExportPtr	exports;	/* the array of exports */
-} Module, *ModulePtr;
-
-/*
- * We keep a list of all loaded modules to be able to call the fini
- * handlers and destructors at atexit() time.
- */
-static ModulePtr modList;
-
-/*
- * The last error from one of the dl* routines is kept in static
- * variables here. Each error is returned only once to the caller.
- */
-static char errbuf[BUFSIZ];
-static int errvalid;
-
-/*
- * The `fixed' gcc header files on AIX 3.2.5 provide a prototype for
- * strdup().  --jwe
- */
-#ifndef HAVE_STRDUP
-extern char *strdup(const char *);
-#endif
-static void caterr(char *);
-static int readExports(ModulePtr);
-static void terminate(void);
-static void *findMain(void);
-
-void *dlopen(const char *path, int mode)
-{
-	ModulePtr mp;
-	static void *mainModule;
-
-	/*
-	 * Upon the first call register a terminate handler that will
-	 * close all libraries. Also get a reference to the main module
-	 * for use with loadbind.
-	 */
-	if (!mainModule) {
-		if ((mainModule = findMain()) == NULL)
-			return NULL;
-		atexit(terminate);
-	}
-	/*
-	 * Scan the list of modules if we have the module already loaded.
-	 */
-	for (mp = modList; mp; mp = mp->next)
-		if (strcmp(mp->name, path) == 0) {
-			mp->refCnt++;
-			return mp;
-		}
-	if ((mp = (ModulePtr)calloc(1, sizeof(*mp))) == NULL) {
-		errvalid++;
-		snprintf (errbuf, sizeof(errbuf), "calloc: %s", strerror(errno));
-		return NULL;
-	}
-	if ((mp->name = strdup(path)) == NULL) {
-		errvalid++;
-		snprintf (errbuf, sizeof(errbuf), "strdup: %s", strerror(errno));
-		free(mp);
-		return NULL;
-	}
-	/*
-	 * load should be declared load(const char *...). Thus we
-	 * cast the path to a normal char *. Ugly.
-	 */
-	if ((mp->entry = (void *)load((char *)path, L_NOAUTODEFER, NULL)) == NULL) {
-		free(mp->name);
-		free(mp);
-		errvalid++;
-		snprintf (errbuf, sizeof(errbuf),
-			  "dlopen: %s: ", path);
-		/*
-		 * If AIX says the file is not executable, the error
-		 * can be further described by querying the loader about
-		 * the last error.
-		 */
-		if (errno == ENOEXEC) {
-			char *tmp[BUFSIZ/sizeof(char *)];
-			if (loadquery(L_GETMESSAGES, tmp, sizeof(tmp)) == -1)
-				strlcpy(errbuf,
-						strerror(errno),
-						sizeof(errbuf));
-			else {
-				char **p;
-				for (p = tmp; *p; p++)
-					caterr(*p);
-			}
-		} else
-			strlcat(errbuf,
-					strerror(errno),
-					sizeof(errbuf));
-		return NULL;
-	}
-	mp->refCnt = 1;
-	mp->next = modList;
-	modList = mp;
-	if (loadbind(0, mainModule, mp->entry) == -1) {
-		dlclose(mp);
-		errvalid++;
-		snprintf (errbuf, sizeof(errbuf),
-			  "loadbind: %s", strerror(errno));
-		return NULL;
-	}
-	/*
-	 * If the user wants global binding, loadbind against all other
-	 * loaded modules.
-	 */
-	if (mode & RTLD_GLOBAL) {
-		ModulePtr mp1;
-		for (mp1 = mp->next; mp1; mp1 = mp1->next)
-			if (loadbind(0, mp1->entry, mp->entry) == -1) {
-				dlclose(mp);
-				errvalid++;
-				snprintf (errbuf, sizeof(errbuf),
-					  "loadbind: %s",
-					  strerror(errno));
-				return NULL;
-			}
-	}
-	if (readExports(mp) == -1) {
-		dlclose(mp);
-		return NULL;
-	}
-	/*
-	 * If there is a dl_info structure, call the init function.
-	 */
-	if (mp->info = (struct dl_info *)dlsym(mp, "dl_info")) {
-		if (mp->info->init)
-			(*mp->info->init)();
-	} else
-		errvalid = 0;
-	/*
-	 * If the shared object was compiled using xlC we will need
-	 * to call static constructors (and later on dlclose destructors).
-	 */
-	if (mp->cdtors = (CdtorPtr)dlsym(mp, "__cdtors")) {
-		CdtorPtr cp = mp->cdtors;
-		while (cp->init || cp->term) {
-			if (cp->init && cp->init != (void (*)(void))0xffffffff)
-				(*cp->init)();
-			cp++;
-		}
-	/*
-	 * If the shared object was compiled using g++, we will need
-	 * to call global constructors using the _GLOBAL__DI function,
-	 * and later, global destructors using the _GLOBAL_DD
-	 * funciton.  --jwe
-	 */
-	} else if (mp->gcc_ctor = (GccCDtorPtr)dlsym(mp, "_GLOBAL__DI")) {
-		(*mp->gcc_ctor)();
-		mp->gcc_dtor = (GccCDtorPtr)dlsym(mp, "_GLOBAL__DD"); 
-	} else
-		errvalid = 0;
-	return mp;
-}
-
-/*
- * Attempt to decipher an AIX loader error message and append it
- * to our static error message buffer.
- */
-static void caterr(char *s)
-{
-	char *p = s;
-
-	while (*p >= '0' && *p <= '9')
-		p++;
-	switch(atoi(s)) {
-	case L_ERROR_TOOMANY:
-		strlcat(errbuf, "to many errors", sizeof(errbuf));
-		break;
-	case L_ERROR_NOLIB:
-		strlcat(errbuf, "can't load library", sizeof(errbuf));
-		strlcat(errbuf, p, sizeof(errbuf));
-		break;
-	case L_ERROR_UNDEF:
-		strlcat(errbuf, "can't find symbol", sizeof(errbuf));
-		strlcat(errbuf, p, sizeof(errbuf));
-		break;
-	case L_ERROR_RLDBAD:
-		strlcat(errbuf, "bad RLD", sizeof(errbuf));
-		strlcat(errbuf, p, sizeof(errbuf));
-		break;
-	case L_ERROR_FORMAT:
-		strlcat(errbuf, "bad exec format in", sizeof(errbuf));
-		strlcat(errbuf, p, sizeof(errbuf));
-		break;
-	case L_ERROR_ERRNO:
-		strlcat(errbuf, strerror(atoi(++p)), sizeof(errbuf));
-		break;
-	default:
-		strlcat(errbuf, s, sizeof(errbuf));
-		break;
-	}
-}
-
-void *dlsym(void *handle, const char *symbol)
-{
-	ModulePtr mp = (ModulePtr)handle;
-	ExportPtr ep;
-	int i;
-
-	/*
-	 * Could speed up the search, but I assume that one assigns
-	 * the result to function pointers anyways.
-	 */
-	for (ep = mp->exports, i = mp->nExports; i; i--, ep++)
-		if (strcmp(ep->name, symbol) == 0)
-			return ep->addr;
-	errvalid++;
-	snprintf (errbuf, sizeof(errbuf),
-		  "dlsym: undefined symbol %s", symbol);		  
-	return NULL;
-}
-
-char *dlerror(void)
-{
-	if (errvalid) {
-		errvalid = 0;
-		return errbuf;
-	}
-	return NULL;
-}
-
-int dlclose(void *handle)
-{
-	ModulePtr mp = (ModulePtr)handle;
-	int result;
-	ModulePtr mp1;
-
-	if (--mp->refCnt > 0)
-		return 0;
-	if (mp->info && mp->info->fini)
-		(*mp->info->fini)();
-	if (mp->cdtors) {
-		CdtorPtr cp = mp->cdtors;
-		while (cp->init || cp->term) {
-			if (cp->term && cp->init != (void (*)(void))0xffffffff)
-				(*cp->term)();
-			cp++;
-		}
-	/*
-	 * If the function to handle global destructors for g++
-	 * exists, call it.  --jwe
-	 */
-	} else if (mp->gcc_dtor) {
-	        (*mp->gcc_dtor)();
-	}
-	result = unload(mp->entry);
-	if (result == -1) {
-		errvalid++;
-		snprintf (errbuf, sizeof(errbuf),
-			  "%s", strerror(errno));
-	}
-	if (mp->exports) {
-		ExportPtr ep;
-		int i;
-		for (ep = mp->exports, i = mp->nExports; i; i--, ep++)
-			if (ep->name)
-				free(ep->name);
-		free(mp->exports);
-	}
-	if (mp == modList)
-		modList = mp->next;
-	else {
-		for (mp1 = modList; mp1; mp1 = mp1->next)
-			if (mp1->next == mp) {
-				mp1->next = mp->next;
-				break;
-			}
-	}
-	free(mp->name);
-	free(mp);
-	return result;
-}
-
-static void terminate(void)
-{
-	while (modList)
-		dlclose(modList);
-}
-
-/*
- * Build the export table from the XCOFF .loader section.
- */
-static int readExports(ModulePtr mp)
-{
-	LDFILE *ldp = NULL;
-	SCNHDR sh, shdata;
-	LDHDR *lhp;
-	char *ldbuf;
-	LDSYM *ls;
-	int i;
-	ExportPtr ep;
-
-	if ((ldp = ldopen(mp->name, ldp)) == NULL) {
-		struct ld_info *lp;
-		char *buf;
-		int size = 4*1024;
-		if (errno != ENOENT) {
-			errvalid++;
-			snprintf(errbuf, sizeof(errbuf),
-				 "readExports: %s",
-				 strerror(errno));
-			return -1;
-		}
-		/*
-		 * The module might be loaded due to the LIBPATH
-		 * environment variable. Search for the loaded
-		 * module using L_GETINFO.
-		 */
-		if ((buf = malloc(size)) == NULL) {
-			errvalid++;
-			snprintf(errbuf, sizeof(errbuf),
-				 "readExports: %s",
-				 strerror(errno));
-			return -1;
-		}
-		while ((i = loadquery(L_GETINFO, buf, size)) == -1 && errno == ENOMEM) {
-			free(buf);
-			size += 4*1024;
-			if ((buf = malloc(size)) == NULL) {
-				errvalid++;
-				snprintf(errbuf, sizeof(errbuf),
-					 "readExports: %s",
-					 strerror(errno));
-				return -1;
-			}
-		}
-		if (i == -1) {
-			errvalid++;
-			snprintf(errbuf, sizeof(errbuf),
-				 "readExports: %s",
-				 strerror(errno));
-			free(buf);
-			return -1;
-		}
-		/*
-		 * Traverse the list of loaded modules. The entry point
-		 * returned by load() does actually point to the data
-		 * segment origin.
-		 */
-		lp = (struct ld_info *)buf;
-		while (lp) {
-			if (lp->ldinfo_dataorg == mp->entry) {
-				ldp = ldopen(lp->ldinfo_filename, ldp);
-				break;
-			}
-			if (lp->ldinfo_next == 0)
-				lp = NULL;
-			else
-				lp = (struct ld_info *)((char *)lp + lp->ldinfo_next);
-		}
-		free(buf);
-		if (!ldp) {
-			errvalid++;
-			snprintf (errbuf, sizeof(errbuf),
-				  "readExports: %s", strerror(errno));
-			return -1;
-		}
-	}
-	if (TYPE(ldp) != U802TOCMAGIC) {
-		errvalid++;
-		snprintf(errbuf, sizeof(errbuf), "readExports: bad magic");
-		while(ldclose(ldp) == FAILURE)
-			;
-		return -1;
-	}
-	/*
-	 * Get the padding for the data section. This is needed for
-	 * AIX 4.1 compilers. This is used when building the final
-	 * function pointer to the exported symbol.
-	 */
-	if (ldnshread(ldp, _DATA, &shdata) != SUCCESS) {
-		errvalid++;
-		snprintf(errbuf, sizeof(errbuf),
-			 "readExports: cannot read data section header");
-		while(ldclose(ldp) == FAILURE)
-			;
-		return -1;
-	}
-	if (ldnshread(ldp, _LOADER, &sh) != SUCCESS) {
-		errvalid++;
-		snprintf(errbuf, sizeof(errbuf),
-			 "readExports: cannot read loader section header");
-		while(ldclose(ldp) == FAILURE)
-			;
-		return -1;
-	}
-	/*
-	 * We read the complete loader section in one chunk, this makes
-	 * finding long symbol names residing in the string table easier.
-	 */
-	if ((ldbuf = (char *)malloc(sh.s_size)) == NULL) {
-		errvalid++;
-		snprintf (errbuf, sizeof(errbuf),
-			  "readExports: %s", strerror(errno));
-		while(ldclose(ldp) == FAILURE)
-			;
-		return -1;
-	}
-	if (FSEEK(ldp, sh.s_scnptr, BEGINNING) != OKFSEEK) {
-		errvalid++;
-		snprintf(errbuf, sizeof(errbuf),
-			 "readExports: cannot seek to loader section");
-		free(ldbuf);
-		while(ldclose(ldp) == FAILURE)
-			;
-		return -1;
-	}
-	if (FREAD(ldbuf, sh.s_size, 1, ldp) != 1) {
-		errvalid++;
-		snprintf(errbuf, sizeof(errbuf),
-			 "readExports: cannot read loader section");
-		free(ldbuf);
-		while(ldclose(ldp) == FAILURE)
-			;
-		return -1;
-	}
-	lhp = (LDHDR *)ldbuf;
-	ls = (LDSYM *)(ldbuf+LDHDRSZ);
-	/*
-	 * Count the number of exports to include in our export table.
-	 */
-	for (i = lhp->l_nsyms; i; i--, ls++) {
-		if (!LDR_EXPORT(*ls))
-			continue;
-		mp->nExports++;
-	}
-	if ((mp->exports = (ExportPtr)calloc(mp->nExports, sizeof(*mp->exports))) == NULL) {
-		errvalid++;
-		snprintf (errbuf, sizeof(errbuf),
-			  "readExports: %s", strerror(errno));
-		free(ldbuf);
-		while(ldclose(ldp) == FAILURE)
-			;
-		return -1;
-	}
-	/*
-	 * Fill in the export table. All entries are relative to
-	 * the entry point we got from load.
-	 */
-	ep = mp->exports;
-	ls = (LDSYM *)(ldbuf+LDHDRSZ);
-	for (i = lhp->l_nsyms; i; i--, ls++) {
-		char *symname;
-		char tmpsym[SYMNMLEN+1];
-		if (!LDR_EXPORT(*ls))
-			continue;
-		if (ls->l_zeroes == 0)
-			symname = ls->l_offset+lhp->l_stoff+ldbuf;
-		else {
-			/*
-			 * The l_name member is not zero terminated, we
-			 * must copy the first SYMNMLEN chars and make
-			 * sure we have a zero byte at the end.
-			 */
-		        strlcpy (tmpsym, ls->l_name,
-					 SYMNMLEN + 1);
-			symname = tmpsym;
-		}
-		ep->name = strdup(symname);
-		ep->addr = (void *)((unsigned long)mp->entry +
-					ls->l_value - shdata.s_vaddr);
-		ep++;
-	}
-	free(ldbuf);
-	while(ldclose(ldp) == FAILURE)
-		;
-	return 0;
-}
-
-/*
- * Find the main modules entry point. This is used as export pointer
- * for loadbind() to be able to resolve references to the main part.
- */
-static void * findMain(void)
-{
-	struct ld_info *lp;
-	char *buf;
-	int size = 4*1024;
-	int i;
-	void *ret;
-
-	if ((buf = malloc(size)) == NULL) {
-		errvalid++;
-		snprintf (errbuf, sizeof(errbuf),
-			  "findMail: %s", strerror(errno));
-		return NULL;
-	}
-	while ((i = loadquery(L_GETINFO, buf, size)) == -1 && errno == ENOMEM) {
-		free(buf);
-		size += 4*1024;
-		if ((buf = malloc(size)) == NULL) {
-			errvalid++;
-			snprintf (errbuf, sizeof(errbuf),
-				  "findMail: %s", strerror(errno));
-			return NULL;
-		}
-	}
-	if (i == -1) {
-		errvalid++;
-		snprintf (errbuf, sizeof(errbuf),
-			  "findMail: %s", strerror(errno));
-		free(buf);
-		return NULL;
-	}
-	/*
-	 * The first entry is the main module. The entry point
-	 * returned by load() does actually point to the data
-	 * segment origin.
-	 */
-	lp = (struct ld_info *)buf;
-	ret = lp->ldinfo_dataorg;
-	free(buf);
-	return ret;
-}
diff --git a/crypto/heimdal/lib/kafs/dlfcn.h b/crypto/heimdal/lib/kafs/dlfcn.h
deleted file mode 100644
index b8dfd985a535..000000000000
--- a/crypto/heimdal/lib/kafs/dlfcn.h
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * @(#)dlfcn.h	1.4 revision of 95/04/25  09:36:52
- * This is an unpublished work copyright (c) 1992 HELIOS Software GmbH
- * 30159 Hannover, Germany
- */
-
-#ifndef __dlfcn_h__
-#define __dlfcn_h__
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * Mode flags for the dlopen routine.
- */
-#define RTLD_LAZY	1	/* lazy function call binding */
-#define RTLD_NOW	2	/* immediate function call binding */
-#define RTLD_GLOBAL	0x100	/* allow symbols to be global */
-
-/*
- * To be able to initialize, a library may provide a dl_info structure
- * that contains functions to be called to initialize and terminate.
- */
-struct dl_info {
-	void (*init)(void);
-	void (*fini)(void);
-};
-
-#if __STDC__ || defined(_IBMR2)
-void *dlopen(const char *path, int mode);
-void *dlsym(void *handle, const char *symbol);
-char *dlerror(void);
-int dlclose(void *handle);
-#else
-void *dlopen();
-void *dlsym();
-char *dlerror();
-int dlclose();
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __dlfcn_h__ */
diff --git a/crypto/heimdal/lib/kafs/kafs.3 b/crypto/heimdal/lib/kafs/kafs.3
deleted file mode 100644
index cd5b1fd5a070..000000000000
--- a/crypto/heimdal/lib/kafs/kafs.3
+++ /dev/null
@@ -1,284 +0,0 @@
-.\" Copyright (c) 1998 - 2006 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\"	$Id: kafs.3 17380 2006-05-01 07:01:18Z lha $
-.\"
-.Dd May  1, 2006
-.Os HEIMDAL
-.Dt KAFS 3
-.Sh NAME
-.Nm k_hasafs ,
-.Nm k_hasafs_recheck ,
-.Nm k_pioctl ,
-.Nm k_unlog ,
-.Nm k_setpag ,
-.Nm k_afs_cell_of_file ,
-.Nm kafs_set_verbose ,
-.Nm kafs_settoken_rxkad ,
-.Nm kafs_settoken ,
-.Nm krb_afslog ,
-.Nm krb_afslog_uid ,
-.Nm kafs_settoken5 ,
-.Nm krb5_afslog ,
-.Nm krb5_afslog_uid
-.Nd AFS library
-.Sh LIBRARY
-AFS cache manager access library (libkafs, -lkafs)
-.Sh SYNOPSIS
-.In kafs.h
-.Ft int
-.Fn k_afs_cell_of_file "const char *path" "char *cell" "int len"
-.Ft int
-.Fn k_hasafs "void"
-.Ft int
-.Fn k_hasafs_recheck "void"
-.Ft int
-.Fn k_pioctl "char *a_path" "int o_opcode" "struct ViceIoctl *a_paramsP" "int a_followSymlinks"
-.Ft int
-.Fn k_setpag "void"
-.Ft int
-.Fn k_unlog "void"
-.Ft void
-.Fn kafs_set_verbose "void (*func)(void *, const char *, int)" "void *"
-.Ft int
-.Fn kafs_settoken_rxkad "const char *cell" "struct ClearToken *token" "void *ticket" "size_t ticket_len"
-.Ft int
-.Fn kafs_settoken "const char *cell" "uid_t uid" "CREDENTIALS *c"
-.Fn krb_afslog "char *cell" "char *realm"
-.Ft int
-.Fn krb_afslog_uid "char *cell" "char *realm" "uid_t uid"
-.Ft krb5_error_code
-.Fn krb5_afslog_uid "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm" "uid_t uid"
-.Ft int
-.Fn kafs_settoken5 "const char *cell" "uid_t uid" "krb5_creds *c"
-.Ft krb5_error_code
-.Fn krb5_afslog "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm"
-.Sh DESCRIPTION
-.Fn k_hasafs
-initializes some library internal structures, and tests for the
-presence of AFS in the kernel, none of the other functions should be
-called before
-.Fn k_hasafs
-is called, or if it fails.
-.Pp
-.Fn k_hasafs_recheck
-forces a recheck if a AFS client has started since last time
-.Fn k_hasafs
-or
-.Fn k_hasafs_recheck
-was called.
-.Pp
-.Fn kafs_set_verbose
-set a log function that will be called each time the kafs library does
-something important so that the application using libkafs can output
-verbose logging.
-Calling the function
-.Fa kafs_set_verbose
-with the function argument set to
-.Dv NULL
-will stop libkafs from calling the logging function (if set).
-.Pp
-.Fn kafs_settoken_rxkad
-set
-.Li rxkad
-with the
-.Fa token
-and
-.Fa ticket
-(that have the length
-.Fa ticket_len )
-for a given
-.Fa cell .
-.Pp
-.Fn kafs_settoken
-and
-.Fn kafs_settoken5
-work the same way as
-.Fn kafs_settoken_rxkad
-but internally converts the Kerberos 4 or 5 credential to a afs
-cleartoken and ticket.
-.Pp
-.Fn krb_afslog ,
-and
-.Fn krb_afslog_uid
-obtains new tokens (and possibly tickets) for the specified
-.Fa cell
-and
-.Fa realm .
-If
-.Fa cell
-is
-.Dv NULL ,
-the local cell is used. If
-.Fa realm
-is
-.Dv NULL ,
-the function tries to guess what realm to use. Unless you  have some good knowledge of what cell or realm to use, you should pass
-.Dv NULL .
-.Fn krb_afslog
-will use the real user-id for the
-.Dv ViceId
-field in the token,
-.Fn krb_afslog_uid
-will use
-.Fa uid .
-.Pp
-.Fn krb5_afslog ,
-and
-.Fn krb5_afslog_uid
-are the Kerberos 5 equivalents of
-.Fn krb_afslog ,
-and
-.Fn krb_afslog_uid .
-.Pp
-.Fn krb5_afslog ,
-.Fn kafs_settoken5
-can be configured to behave differently via a 
-.Nm krb5_appdefault
-option
-.Li afs-use-524
-in
-.Pa krb5.conf .
-Possible values for
-.Li afs-use-524
-are:
-.Bl -tag -width local
-.It yes
-use the 524 server in the realm to convert the ticket
-.It no
-use the Kerberos 5 ticket directly, can be used with if the afs cell
-support 2b token.
-.It local, 2b
-convert the Kerberos 5 credential to a 2b token locally (the same work
-as a 2b 524 server should have done).
-.El
-.Pp
-Example:
-.Pp
-.Bd -literal
-[appdefaults]
-	SU.SE = { afs-use-524 = local }
-	PDC.KTH.SE = { afs-use-524 = yes }
-	afs-use-524 = yes
-.Ed
-.Pp
-libkafs will use the
-.Li libkafs
-as application name when running the
-.Nm krb5_appdefault
-function call.
-.Pp
-The (uppercased) cell name is used as the realm to the
-.Nm krb5_appdefault function.
-.Pp
-.\" The extra arguments are the ubiquitous context, and the cache id where
-.\" to store any obtained tickets. Since AFS servers normally can't handle
-.\" Kerberos 5 tickets directly, these functions will first obtain version
-.\" 5 tickets for the requested cells, and then convert them to version 4
-.\" tickets, that can be stashed in the kernel. To convert tickets the
-.\" .Fn krb524_convert_creds_kdc
-.\" function will be used.
-.\" .Pp
-.Fn k_afs_cell_of_file
-will in
-.Fa cell
-return the cell of a specified file, no more than
-.Fa len
-characters is put in
-.Fa cell .
-.Pp
-.Fn k_pioctl
-does a
-.Fn pioctl
-system call with the specified arguments. This function is equivalent to
-.Fn lpioctl .
-.Pp
-.Fn k_setpag
-initializes a new PAG.
-.Pp
-.Fn k_unlog
-removes destroys all tokens in the current PAG.
-.Sh RETURN VALUES
-.Fn k_hasafs
-returns 1 if AFS is present in the kernel, 0 otherwise.
-.Fn krb_afslog
-and
-.Fn krb_afslog_uid
-returns 0 on success, or a Kerberos error number on failure.
-.Fn k_afs_cell_of_file ,
-.Fn k_pioctl ,
-.Fn k_setpag ,
-and
-.Fn k_unlog
-all return the value of the underlaying system call, 0 on success.
-.Sh ENVIRONMENT
-The following environment variable affect the mode of operation of
-.Nm kafs :
-.Bl -tag -width AFS_SYSCALL
-.It Ev AFS_SYSCALL
-Normally,
-.Nm kafs
-will try to figure out the correct system call(s) that are used by AFS
-by itself.  If it does not manage to do that, or does it incorrectly,
-you can set this variable to the system call number or list of system
-call numbers that should be used.
-.El
-.Sh EXAMPLES
-The following code from
-.Nm login
-will obtain a new PAG and tokens for the local cell and the cell of
-the users home directory.
-.Bd -literal
-if (k_hasafs()) {
-	char cell[64];
-	k_setpag();
-	if(k_afs_cell_of_file(pwd->pw_dir, cell, sizeof(cell)) == 0)
-		krb_afslog(cell, NULL);
-	krb_afslog(NULL, NULL);
-}
-.Ed
-.Sh ERRORS
-If any of these functions (apart from
-.Fn k_hasafs )
-is called without AFS being present in the kernel, the process will
-usually (depending on the operating system) receive a SIGSYS signal.
-.Sh SEE ALSO
-.Xr krb5_appdefault 3 ,
-.Xr krb5.conf 5
-.Rs
-.%A Transarc Corporation
-.%J AFS-3 Programmer's Reference
-.%T File Server/Cache Manager Interface
-.%D 1991
-.Re
-.Sh BUGS
-.Ev AFS_SYSCALL
-has no effect under AIX.
diff --git a/crypto/heimdal/lib/kafs/kafs.h b/crypto/heimdal/lib/kafs/kafs.h
deleted file mode 100644
index d478039693e8..000000000000
--- a/crypto/heimdal/lib/kafs/kafs.h
+++ /dev/null
@@ -1,213 +0,0 @@
-/*
- * Copyright (c) 1995 - 2001, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: kafs.h 20652 2007-05-10 19:30:18Z lha $ */
-
-#ifndef __KAFS_H
-#define __KAFS_H
-
-/* XXX must include krb5.h or krb.h */
-
-/* sys/ioctl.h must be included manually before kafs.h */
-
-/*
- */
-#define AFSCALL_PIOCTL 20
-#define AFSCALL_SETPAG 21
-
-#ifndef _VICEIOCTL
-#define _VICEIOCTL(id)  ((unsigned int ) _IOW('V', id, struct ViceIoctl))
-#define _AFSCIOCTL(id)  ((unsigned int ) _IOW('C', id, struct ViceIoctl))
-#endif /* _VICEIOCTL */
-
-#define VIOCSETAL		_VICEIOCTL(1)
-#define VIOCGETAL		_VICEIOCTL(2)
-#define VIOCSETTOK		_VICEIOCTL(3)
-#define VIOCGETVOLSTAT		_VICEIOCTL(4)
-#define VIOCSETVOLSTAT		_VICEIOCTL(5)
-#define VIOCFLUSH		_VICEIOCTL(6)
-#define VIOCGETTOK		_VICEIOCTL(8)
-#define VIOCUNLOG		_VICEIOCTL(9)
-#define VIOCCKSERV		_VICEIOCTL(10)
-#define VIOCCKBACK		_VICEIOCTL(11)
-#define VIOCCKCONN		_VICEIOCTL(12)
-#define VIOCWHEREIS		_VICEIOCTL(14)
-#define VIOCACCESS		_VICEIOCTL(20)
-#define VIOCUNPAG		_VICEIOCTL(21)
-#define VIOCGETFID		_VICEIOCTL(22)
-#define VIOCSETCACHESIZE	_VICEIOCTL(24)
-#define VIOCFLUSHCB		_VICEIOCTL(25)
-#define VIOCNEWCELL		_VICEIOCTL(26)
-#define VIOCGETCELL		_VICEIOCTL(27)
-#define VIOC_AFS_DELETE_MT_PT	_VICEIOCTL(28)
-#define VIOC_AFS_STAT_MT_PT	_VICEIOCTL(29)
-#define VIOC_FILE_CELL_NAME	_VICEIOCTL(30)
-#define VIOC_GET_WS_CELL	_VICEIOCTL(31)
-#define VIOC_AFS_MARINER_HOST	_VICEIOCTL(32)
-#define VIOC_GET_PRIMARY_CELL	_VICEIOCTL(33)
-#define VIOC_VENUSLOG		_VICEIOCTL(34)
-#define VIOC_GETCELLSTATUS	_VICEIOCTL(35)
-#define VIOC_SETCELLSTATUS	_VICEIOCTL(36)
-#define VIOC_FLUSHVOLUME	_VICEIOCTL(37)
-#define VIOC_AFS_SYSNAME	_VICEIOCTL(38)
-#define VIOC_EXPORTAFS		_VICEIOCTL(39)
-#define VIOCGETCACHEPARAMS	_VICEIOCTL(40)
-#define VIOC_GCPAGS		_VICEIOCTL(48) 
-
-#define VIOCGETTOK2		_AFSCIOCTL(7)
-#define VIOCSETTOK2		_AFSCIOCTL(8)
-
-struct ViceIoctl {
-  caddr_t in, out;
-  short in_size;
-  short out_size;
-};
-
-struct ClearToken {
-  int32_t AuthHandle;
-  char HandShakeKey[8];
-  int32_t ViceId;
-  int32_t BeginTimestamp;
-  int32_t EndTimestamp;
-};
-
-/* Use k_hasafs() to probe if the machine supports AFS syscalls.
-   The other functions will generate a SIGSYS if AFS is not supported */
-
-int k_hasafs (void);
-int k_hasafs_recheck (void);
-
-int krb_afslog (const char *cell, const char *realm);
-int krb_afslog_uid (const char *cell, const char *realm, uid_t uid);
-int krb_afslog_home (const char *cell, const char *realm,
-			 const char *homedir);
-int krb_afslog_uid_home (const char *cell, const char *realm, uid_t uid,
-			     const char *homedir);
-
-int krb_realm_of_cell (const char *cell, char **realm);
-
-/* compat */
-#define k_afsklog krb_afslog
-#define k_afsklog_uid krb_afslog_uid
-
-int k_pioctl (char *a_path,
-		  int o_opcode,
-		  struct ViceIoctl *a_paramsP,
-		  int a_followSymlinks);
-int k_unlog (void);
-int k_setpag (void);
-int k_afs_cell_of_file (const char *path, char *cell, int len);
-
-
-
-/* XXX */
-#ifdef KFAILURE
-#define KRB_H_INCLUDED
-#endif
-
-#ifdef KRB5_RECVAUTH_IGNORE_VERSION
-#define KRB5_H_INCLUDED
-#endif
-
-void kafs_set_verbose (void (*kafs_verbose)(void *, const char *), void *);
-int kafs_settoken_rxkad (const char *, struct ClearToken *,
-			     void *ticket, size_t ticket_len);
-#ifdef KRB_H_INCLUDED
-int kafs_settoken (const char*, uid_t, CREDENTIALS*);
-#endif
-#ifdef KRB5_H_INCLUDED
-int kafs_settoken5 (krb5_context, const char*, uid_t, krb5_creds*);
-#endif
-
-
-#ifdef KRB5_H_INCLUDED
-krb5_error_code krb5_afslog_uid (krb5_context context,
-				     krb5_ccache id,
-				     const char *cell,
-				     krb5_const_realm realm,
-				     uid_t uid);
-krb5_error_code krb5_afslog (krb5_context context,
-				 krb5_ccache id, 
-				 const char *cell,
-				 krb5_const_realm realm);
-krb5_error_code krb5_afslog_uid_home (krb5_context context,
-					  krb5_ccache id,
-					  const char *cell,
-					  krb5_const_realm realm,
-					  uid_t uid,
-					  const char *homedir);
-
-krb5_error_code krb5_afslog_home (krb5_context context,
-				      krb5_ccache id,
-				      const char *cell,
-				      krb5_const_realm realm,
-				      const char *homedir);
-
-krb5_error_code krb5_realm_of_cell (const char *cell, char **realm);
-
-#endif
-
-
-#define _PATH_VICE		"/usr/vice/etc/"
-#define _PATH_THISCELL 		_PATH_VICE "ThisCell"
-#define _PATH_CELLSERVDB 	_PATH_VICE "CellServDB"
-#define _PATH_THESECELLS	_PATH_VICE "TheseCells"
-
-#define _PATH_ARLA_VICE		"/usr/arla/etc/"
-#define _PATH_ARLA_THISCELL	_PATH_ARLA_VICE "ThisCell"
-#define _PATH_ARLA_CELLSERVDB 	_PATH_ARLA_VICE "CellServDB"
-#define _PATH_ARLA_THESECELLS	_PATH_ARLA_VICE "TheseCells"
-
-#define _PATH_OPENAFS_DEBIAN_VICE		"/etc/openafs/"
-#define _PATH_OPENAFS_DEBIAN_THISCELL		_PATH_OPENAFS_DEBIAN_VICE "ThisCell"
-#define _PATH_OPENAFS_DEBIAN_CELLSERVDB 	_PATH_OPENAFS_DEBIAN_VICE "CellServDB"
-#define _PATH_OPENAFS_DEBIAN_THESECELLS		_PATH_OPENAFS_DEBIAN_VICE "TheseCells"
-
-#define _PATH_OPENAFS_MACOSX_VICE		"/var/db/openafs/etc/"
-#define _PATH_OPENAFS_MACOSX_THISCELL		_PATH_OPENAFS_MACOSX_VICE "ThisCell"
-#define _PATH_OPENAFS_MACOSX_CELLSERVDB		_PATH_OPENAFS_MACOSX_VICE "CellServDB"
-#define _PATH_OPENAFS_MACOSX_THESECELLS		_PATH_OPENAFS_MACOSX_VICE "TheseCells"
-
-#define _PATH_ARLA_DEBIAN_VICE			"/etc/arla/"
-#define _PATH_ARLA_DEBIAN_THISCELL		_PATH_ARLA_DEBIAN_VICE "ThisCell"
-#define _PATH_ARLA_DEBIAN_CELLSERVDB		_PATH_ARLA_DEBIAN_VICE "CellServDB"
-#define _PATH_ARLA_DEBIAN_THESECELLS		_PATH_ARLA_DEBIAN_VICE "TheseCells"
-
-#define _PATH_ARLA_OPENBSD_VICE			"/etc/afs/"
-#define _PATH_ARLA_OPENBSD_THISCELL		_PATH_ARLA_OPENBSD_VICE "ThisCell"
-#define _PATH_ARLA_OPENBSD_CELLSERVDB		_PATH_ARLA_OPENBSD_VICE "CellServDB"
-#define _PATH_ARLA_OPENBSD_THESECELLS		_PATH_ARLA_OPENBSD_VICE "TheseCells"
-
-extern int _kafs_debug;
-
-#endif /* __KAFS_H */
diff --git a/crypto/heimdal/lib/kafs/kafs_locl.h b/crypto/heimdal/lib/kafs/kafs_locl.h
deleted file mode 100644
index a564104a2942..000000000000
--- a/crypto/heimdal/lib/kafs/kafs_locl.h
+++ /dev/null
@@ -1,160 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: kafs_locl.h 16116 2005-10-02 03:14:47Z lha $ */
-
-#ifndef __KAFS_LOCL_H__
-#define __KAFS_LOCL_H__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <signal.h>
-#include <setjmp.h>
-#include <errno.h>
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
-#include <sys/ioctl.h>
-#endif
-#ifdef HAVE_SYS_FILIO_H
-#include <sys/filio.h>
-#endif
-#ifdef HAVE_SYS_SYSCTL_H
-#include <sys/sysctl.h>
-#endif
-
-#ifdef HAVE_SYS_SYSCALL_H
-#include <sys/syscall.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-#ifdef HAVE_NETINET6_IN6_H
-#include <netinet6/in6.h>
-#endif
-
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#ifdef HAVE_RESOLV_H
-#include <resolv.h>
-#endif
-#include <roken.h>
-
-#ifdef KRB5
-#include <krb5.h>
-#endif
-#ifdef KRB4
-#include <krb.h>
-#else
-#ifdef KRB5
-#include "crypto-headers.h"
-#include <krb5-v4compat.h>
-typedef struct credentials CREDENTIALS;
-#endif /* KRB5 */
-#endif /* KRB4 */
-#include <kafs.h>
-
-#include <resolve.h>
-
-#include "afssysdefs.h"
-
-struct kafs_data;
-struct kafs_token;
-typedef int (*afslog_uid_func_t)(struct kafs_data *,
-				 const char *,
-				 const char *,
-				 uid_t,
-				 const char *);
-
-typedef int (*get_cred_func_t)(struct kafs_data*, const char*, const char*, 
-			       const char*, uid_t, struct kafs_token *);
-
-typedef char* (*get_realm_func_t)(struct kafs_data*, const char*);
-
-struct kafs_data {
-    const char *name;
-    afslog_uid_func_t afslog_uid;
-    get_cred_func_t get_cred;
-    get_realm_func_t get_realm;
-    void *data;
-};
-
-struct kafs_token {
-    struct ClearToken ct;
-    void *ticket;
-    size_t ticket_len;
-};
-
-void _kafs_foldup(char *, const char *);
-
-int _kafs_afslog_all_local_cells(struct kafs_data*, uid_t, const char*);
-
-int _kafs_get_cred(struct kafs_data*, const char*, const char*, const char *, 
-		   uid_t, struct kafs_token *);
-
-int
-_kafs_realm_of_cell(struct kafs_data *, const char *, char **);
-
-int
-_kafs_v4_to_kt(CREDENTIALS *, uid_t, struct kafs_token *);
-
-void
-_kafs_fixup_viceid(struct ClearToken *, uid_t);
-
-#ifdef _AIX
-int aix_pioctl(char*, int, struct ViceIoctl*, int);
-int aix_setpag(void);
-#endif
-
-#endif /* __KAFS_LOCL_H__ */
diff --git a/crypto/heimdal/lib/kafs/roken_rename.h b/crypto/heimdal/lib/kafs/roken_rename.h
deleted file mode 100644
index 6eb61fa31898..000000000000
--- a/crypto/heimdal/lib/kafs/roken_rename.h
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Copyright (c) 2001-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: roken_rename.h 15341 2005-06-02 07:35:45Z lha $ */
-
-#ifndef __roken_rename_h__
-#define __roken_rename_h__
-
-/*
- * Libroken routines that are added libkafs
- */
-
-#define _resolve_debug _kafs_resolve_debug
-
-#define rk_dns_free_data _kafs_dns_free_data
-#define rk_dns_lookup _kafs_dns_lookup
-#define rk_dns_string_to_type _kafs_dns_string_to_type
-#define rk_dns_type_to_string _kafs_dns_type_to_string
-#define rk_dns_srv_order _kafs_dns_srv_order
-#define rk_dns_make_query _kafs_dns_make_query
-#define rk_dns_free_query _kafs_dns_free_query
-#define rk_dns_parse_reply _kafs_dns_parse_reply
-
-#ifndef HAVE_STRTOK_R
-#define strtok_r _kafs_strtok_r
-#endif
-#ifndef HAVE_STRLCPY
-#define strlcpy _kafs_strlcpy
-#endif
-#ifndef HAVE_STRSEP
-#define strsep _kafs_strsep
-#endif
-
-#endif /* __roken_rename_h__ */
diff --git a/crypto/heimdal/lib/krb5/Makefile.am b/crypto/heimdal/lib/krb5/Makefile.am
deleted file mode 100644
index ced9616e162c..000000000000
--- a/crypto/heimdal/lib/krb5/Makefile.am
+++ /dev/null
@@ -1,298 +0,0 @@
-# $Id: Makefile.am 22501 2008-01-21 15:43:21Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-AM_CPPFLAGS += $(INCLUDE_krb4) $(INCLUDE_hcrypto) -I../com_err -I$(srcdir)/../com_err
-
-bin_PROGRAMS = verify_krb5_conf
-
-noinst_PROGRAMS =				\
-	krbhst-test				\
-	test_alname				\
-	test_crypto				\
-	test_get_addrs				\
-	test_kuserok				\
-	test_renew				\
-	test_forward
-
-TESTS =						\
-	aes-test				\
-	derived-key-test			\
-	n-fold-test				\
-	name-45-test				\
-	parse-name-test				\
-	store-test				\
-	string-to-key-test			\
-	test_acl				\
-	test_addr				\
-	test_cc					\
-	test_config				\
-	test_prf				\
-	test_store				\
-	test_crypto_wrapping			\
-	test_keytab				\
-	test_mem				\
-	test_pac				\
-	test_plugin				\
-	test_princ				\
-	test_pkinit_dh2key			\
-	test_time
-
-check_PROGRAMS = $(TESTS) test_hostname
-
-LDADD = libkrb5.la \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken)
-
-if PKINIT
-LIB_pkinit = ../hx509/libhx509.la
-endif
-
-libkrb5_la_LIBADD = \
-	$(LIB_pkinit) \
-	$(LIB_com_err) \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIBADD_roken) \
-	$(LIB_door_create) \
-	$(LIB_dlopen)
-
-lib_LTLIBRARIES = libkrb5.la
-
-ERR_FILES = krb5_err.c krb_err.c heim_err.c k524_err.c
-
-libkrb5_la_CPPFLAGS = -DBUILD_KRB5_LIB $(AM_CPPFLAGS)
-
-dist_libkrb5_la_SOURCES =			\
-	acache.c				\
-	acl.c					\
-	add_et_list.c				\
-	addr_families.c				\
-	aname_to_localname.c			\
-	appdefault.c				\
-	asn1_glue.c				\
-	auth_context.c				\
-	build_ap_req.c				\
-	build_auth.c				\
-	cache.c					\
-	changepw.c				\
-	codec.c					\
-	config_file.c				\
-	config_file_netinfo.c			\
-	convert_creds.c				\
-	constants.c				\
-	context.c				\
-	copy_host_realm.c			\
-	crc.c					\
-	creds.c					\
-	crypto.c				\
-	doxygen.c				\
-	data.c					\
-	digest.c				\
-	eai_to_heim_errno.c			\
-	error_string.c				\
-	expand_hostname.c			\
-	fcache.c				\
-	free.c					\
-	free_host_realm.c			\
-	generate_seq_number.c			\
-	generate_subkey.c			\
-	get_addrs.c				\
-	get_cred.c				\
-	get_default_principal.c			\
-	get_default_realm.c			\
-	get_for_creds.c				\
-	get_host_realm.c			\
-	get_in_tkt.c				\
-	get_in_tkt_pw.c				\
-	get_in_tkt_with_keytab.c		\
-	get_in_tkt_with_skey.c			\
-	get_port.c				\
-	heim_threads.h				\
-	init_creds.c				\
-	init_creds_pw.c				\
-	kcm.c					\
-	kcm.h					\
-	keyblock.c				\
-	keytab.c				\
-	keytab_any.c				\
-	keytab_file.c				\
-	keytab_keyfile.c			\
-	keytab_krb4.c				\
-	keytab_memory.c				\
-	krb5_locl.h				\
-	krb5-v4compat.h				\
-	krbhst.c				\
-	kuserok.c				\
-	log.c					\
-	mcache.c				\
-	misc.c					\
-	mk_error.c				\
-	mk_priv.c				\
-	mk_rep.c				\
-	mk_req.c				\
-	mk_req_ext.c				\
-	mk_safe.c				\
-	mit_glue.c				\
-	net_read.c				\
-	net_write.c				\
-	n-fold.c				\
-	pac.c					\
-	padata.c				\
-	pkinit.c				\
-	principal.c				\
-	prog_setup.c				\
-	prompter_posix.c			\
-	rd_cred.c				\
-	rd_error.c				\
-	rd_priv.c				\
-	rd_rep.c				\
-	rd_req.c				\
-	rd_safe.c				\
-	read_message.c				\
-	recvauth.c				\
-	replay.c				\
-	send_to_kdc.c				\
-	sendauth.c				\
-	set_default_realm.c			\
-	sock_principal.c			\
-	store.c					\
-	store-int.h				\
-	store_emem.c				\
-	store_fd.c				\
-	store_mem.c				\
-	plugin.c				\
-	ticket.c				\
-	time.c					\
-	transited.c				\
-	v4_glue.c				\
-	verify_init.c				\
-	verify_user.c				\
-	version.c				\
-	warn.c					\
-	write_message.c
-
-nodist_libkrb5_la_SOURCES =			\
-	$(ERR_FILES)
-
-libkrb5_la_LDFLAGS = -version-info 24:0:0
-
-if versionscript
-libkrb5_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
-endif
-
-$(libkrb5_la_OBJECTS) $(verify_krb5_conf_OBJECTS): $(srcdir)/krb5-protos.h $(srcdir)/krb5-private.h
-
-$(srcdir)/krb5-protos.h:
-	cd $(srcdir) && perl ../../cf/make-proto.pl -E KRB5_LIB_FUNCTION -q -P comment -o krb5-protos.h $(dist_libkrb5_la_SOURCES) || rm -f krb5-protos.h
-
-$(srcdir)/krb5-private.h:
-	cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p krb5-private.h $(dist_libkrb5_la_SOURCES) || rm -f krb5-private.h
-
-man_MANS =					\
-	kerberos.8				\
-	krb5.3					\
-	krb5.conf.5				\
-	krb524_convert_creds_kdc.3		\
-	krb5_425_conv_principal.3		\
-	krb5_acl_match_file.3			\
-	krb5_address.3				\
-	krb5_aname_to_localname.3		\
-	krb5_appdefault.3			\
-	krb5_auth_context.3			\
-	krb5_c_make_checksum.3			\
-	krb5_ccache.3				\
-	krb5_check_transited.3			\
-	krb5_compare_creds.3			\
-	krb5_config.3				\
-	krb5_context.3				\
-	krb5_create_checksum.3			\
-	krb5_creds.3				\
-	krb5_crypto_init.3			\
-	krb5_data.3				\
-	krb5_digest.3				\
-	krb5_eai_to_heim_errno.3		\
-	krb5_encrypt.3				\
-	krb5_expand_hostname.3			\
-	krb5_find_padata.3			\
-	krb5_generate_random_block.3		\
-	krb5_get_all_client_addrs.3		\
-	krb5_get_credentials.3			\
-	krb5_get_creds.3			\
-	krb5_get_forwarded_creds.3		\
-	krb5_get_in_cred.3			\
-	krb5_get_init_creds.3			\
-	krb5_get_krbhst.3			\
-	krb5_getportbyname.3			\
-	krb5_init_context.3			\
-	krb5_is_thread_safe.3			\
-	krb5_keyblock.3				\
-	krb5_keytab.3				\
-	krb5_krbhst_init.3			\
-	krb5_kuserok.3				\
-	krb5_mk_req.3				\
-	krb5_mk_safe.3				\
-	krb5_openlog.3				\
-	krb5_parse_name.3			\
-	krb5_principal.3			\
-	krb5_rcache.3				\
-	krb5_rd_error.3				\
-	krb5_rd_safe.3				\
-	krb5_set_default_realm.3		\
-	krb5_set_password.3			\
-	krb5_storage.3				\
-	krb5_string_to_key.3			\
-	krb5_ticket.3				\
-	krb5_timeofday.3			\
-	krb5_unparse_name.3			\
-	krb5_verify_init_creds.3		\
-	krb5_verify_user.3			\
-	krb5_warn.3				\
-	verify_krb5_conf.8
-
-dist_include_HEADERS = \
-	krb5.h \
-	krb5-protos.h \
-	krb5-private.h \
-	krb5_ccapi.h
-
-nodist_include_HEADERS = krb5_err.h heim_err.h k524_err.h 
-
-# XXX use nobase_include_HEADERS = krb5/locate_plugin.h
-krb5dir = $(includedir)/krb5
-krb5_HEADERS = locate_plugin.h
-
-build_HEADERZ = \
-	heim_threads.h \
-	$(krb5_HEADERS) \
-	krb_err.h
-
-CLEANFILES = \
-	krb5_err.c krb5_err.h \
-	krb_err.c krb_err.h \
-	heim_err.c heim_err.h \
-	k524_err.c k524_err.h
-
-$(libkrb5_la_OBJECTS): krb5_err.h krb_err.h heim_err.h k524_err.h
-
-EXTRA_DIST = \
-	krb5_err.et \
-	krb_err.et \
-	heim_err.et \
-	k524_err.et \
-	$(man_MANS) \
-	version-script.map \
-	krb5.moduli
-
-#sysconf_DATA = krb5.moduli
-
-# to help stupid solaris make
-
-krb5_err.h: krb5_err.et
-
-krb_err.h: krb_err.et
-
-heim_err.h: heim_err.et
-
-k524_err.h: k524_err.et
diff --git a/crypto/heimdal/lib/krb5/Makefile.in b/crypto/heimdal/lib/krb5/Makefile.in
deleted file mode 100644
index 60e09251227f..000000000000
--- a/crypto/heimdal/lib/krb5/Makefile.in
+++ /dev/null
@@ -1,2021 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 22501 2008-01-21 15:43:21Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(dist_include_HEADERS) $(krb5_HEADERS) \
-	$(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common
-bin_PROGRAMS = verify_krb5_conf$(EXEEXT)
-noinst_PROGRAMS = krbhst-test$(EXEEXT) test_alname$(EXEEXT) \
-	test_crypto$(EXEEXT) test_get_addrs$(EXEEXT) \
-	test_kuserok$(EXEEXT) test_renew$(EXEEXT) \
-	test_forward$(EXEEXT)
-TESTS = aes-test$(EXEEXT) derived-key-test$(EXEEXT) \
-	n-fold-test$(EXEEXT) name-45-test$(EXEEXT) \
-	parse-name-test$(EXEEXT) store-test$(EXEEXT) \
-	string-to-key-test$(EXEEXT) test_acl$(EXEEXT) \
-	test_addr$(EXEEXT) test_cc$(EXEEXT) test_config$(EXEEXT) \
-	test_prf$(EXEEXT) test_store$(EXEEXT) \
-	test_crypto_wrapping$(EXEEXT) test_keytab$(EXEEXT) \
-	test_mem$(EXEEXT) test_pac$(EXEEXT) test_plugin$(EXEEXT) \
-	test_princ$(EXEEXT) test_pkinit_dh2key$(EXEEXT) \
-	test_time$(EXEEXT)
-check_PROGRAMS = $(am__EXEEXT_1) test_hostname$(EXEEXT)
-@versionscript_TRUE@am__append_1 = $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
-subdir = lib/krb5
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
-    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
-    *) f=$$p;; \
-  esac;
-am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
-am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" \
-	"$(DESTDIR)$(man3dir)" "$(DESTDIR)$(man5dir)" \
-	"$(DESTDIR)$(man8dir)" "$(DESTDIR)$(includedir)" \
-	"$(DESTDIR)$(krb5dir)" "$(DESTDIR)$(includedir)"
-libLTLIBRARIES_INSTALL = $(INSTALL)
-LTLIBRARIES = $(lib_LTLIBRARIES)
-am__DEPENDENCIES_1 =
-libkrb5_la_DEPENDENCIES = $(LIB_pkinit) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1)
-dist_libkrb5_la_OBJECTS = libkrb5_la-acache.lo libkrb5_la-acl.lo \
-	libkrb5_la-add_et_list.lo libkrb5_la-addr_families.lo \
-	libkrb5_la-aname_to_localname.lo libkrb5_la-appdefault.lo \
-	libkrb5_la-asn1_glue.lo libkrb5_la-auth_context.lo \
-	libkrb5_la-build_ap_req.lo libkrb5_la-build_auth.lo \
-	libkrb5_la-cache.lo libkrb5_la-changepw.lo libkrb5_la-codec.lo \
-	libkrb5_la-config_file.lo libkrb5_la-config_file_netinfo.lo \
-	libkrb5_la-convert_creds.lo libkrb5_la-constants.lo \
-	libkrb5_la-context.lo libkrb5_la-copy_host_realm.lo \
-	libkrb5_la-crc.lo libkrb5_la-creds.lo libkrb5_la-crypto.lo \
-	libkrb5_la-doxygen.lo libkrb5_la-data.lo libkrb5_la-digest.lo \
-	libkrb5_la-eai_to_heim_errno.lo libkrb5_la-error_string.lo \
-	libkrb5_la-expand_hostname.lo libkrb5_la-fcache.lo \
-	libkrb5_la-free.lo libkrb5_la-free_host_realm.lo \
-	libkrb5_la-generate_seq_number.lo \
-	libkrb5_la-generate_subkey.lo libkrb5_la-get_addrs.lo \
-	libkrb5_la-get_cred.lo libkrb5_la-get_default_principal.lo \
-	libkrb5_la-get_default_realm.lo libkrb5_la-get_for_creds.lo \
-	libkrb5_la-get_host_realm.lo libkrb5_la-get_in_tkt.lo \
-	libkrb5_la-get_in_tkt_pw.lo \
-	libkrb5_la-get_in_tkt_with_keytab.lo \
-	libkrb5_la-get_in_tkt_with_skey.lo libkrb5_la-get_port.lo \
-	libkrb5_la-init_creds.lo libkrb5_la-init_creds_pw.lo \
-	libkrb5_la-kcm.lo libkrb5_la-keyblock.lo libkrb5_la-keytab.lo \
-	libkrb5_la-keytab_any.lo libkrb5_la-keytab_file.lo \
-	libkrb5_la-keytab_keyfile.lo libkrb5_la-keytab_krb4.lo \
-	libkrb5_la-keytab_memory.lo libkrb5_la-krbhst.lo \
-	libkrb5_la-kuserok.lo libkrb5_la-log.lo libkrb5_la-mcache.lo \
-	libkrb5_la-misc.lo libkrb5_la-mk_error.lo \
-	libkrb5_la-mk_priv.lo libkrb5_la-mk_rep.lo \
-	libkrb5_la-mk_req.lo libkrb5_la-mk_req_ext.lo \
-	libkrb5_la-mk_safe.lo libkrb5_la-mit_glue.lo \
-	libkrb5_la-net_read.lo libkrb5_la-net_write.lo \
-	libkrb5_la-n-fold.lo libkrb5_la-pac.lo libkrb5_la-padata.lo \
-	libkrb5_la-pkinit.lo libkrb5_la-principal.lo \
-	libkrb5_la-prog_setup.lo libkrb5_la-prompter_posix.lo \
-	libkrb5_la-rd_cred.lo libkrb5_la-rd_error.lo \
-	libkrb5_la-rd_priv.lo libkrb5_la-rd_rep.lo \
-	libkrb5_la-rd_req.lo libkrb5_la-rd_safe.lo \
-	libkrb5_la-read_message.lo libkrb5_la-recvauth.lo \
-	libkrb5_la-replay.lo libkrb5_la-send_to_kdc.lo \
-	libkrb5_la-sendauth.lo libkrb5_la-set_default_realm.lo \
-	libkrb5_la-sock_principal.lo libkrb5_la-store.lo \
-	libkrb5_la-store_emem.lo libkrb5_la-store_fd.lo \
-	libkrb5_la-store_mem.lo libkrb5_la-plugin.lo \
-	libkrb5_la-ticket.lo libkrb5_la-time.lo \
-	libkrb5_la-transited.lo libkrb5_la-v4_glue.lo \
-	libkrb5_la-verify_init.lo libkrb5_la-verify_user.lo \
-	libkrb5_la-version.lo libkrb5_la-warn.lo \
-	libkrb5_la-write_message.lo
-am__objects_1 = libkrb5_la-krb5_err.lo libkrb5_la-krb_err.lo \
-	libkrb5_la-heim_err.lo libkrb5_la-k524_err.lo
-nodist_libkrb5_la_OBJECTS = $(am__objects_1)
-libkrb5_la_OBJECTS = $(dist_libkrb5_la_OBJECTS) \
-	$(nodist_libkrb5_la_OBJECTS)
-libkrb5_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(libkrb5_la_LDFLAGS) $(LDFLAGS) -o $@
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-am__EXEEXT_1 = aes-test$(EXEEXT) derived-key-test$(EXEEXT) \
-	n-fold-test$(EXEEXT) name-45-test$(EXEEXT) \
-	parse-name-test$(EXEEXT) store-test$(EXEEXT) \
-	string-to-key-test$(EXEEXT) test_acl$(EXEEXT) \
-	test_addr$(EXEEXT) test_cc$(EXEEXT) test_config$(EXEEXT) \
-	test_prf$(EXEEXT) test_store$(EXEEXT) \
-	test_crypto_wrapping$(EXEEXT) test_keytab$(EXEEXT) \
-	test_mem$(EXEEXT) test_pac$(EXEEXT) test_plugin$(EXEEXT) \
-	test_princ$(EXEEXT) test_pkinit_dh2key$(EXEEXT) \
-	test_time$(EXEEXT)
-PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS)
-aes_test_SOURCES = aes-test.c
-aes_test_OBJECTS = aes-test.$(OBJEXT)
-aes_test_LDADD = $(LDADD)
-aes_test_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-derived_key_test_SOURCES = derived-key-test.c
-derived_key_test_OBJECTS = derived-key-test.$(OBJEXT)
-derived_key_test_LDADD = $(LDADD)
-derived_key_test_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-krbhst_test_SOURCES = krbhst-test.c
-krbhst_test_OBJECTS = krbhst-test.$(OBJEXT)
-krbhst_test_LDADD = $(LDADD)
-krbhst_test_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-n_fold_test_SOURCES = n-fold-test.c
-n_fold_test_OBJECTS = n-fold-test.$(OBJEXT)
-n_fold_test_LDADD = $(LDADD)
-n_fold_test_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-name_45_test_SOURCES = name-45-test.c
-name_45_test_OBJECTS = name-45-test.$(OBJEXT)
-name_45_test_LDADD = $(LDADD)
-name_45_test_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-parse_name_test_SOURCES = parse-name-test.c
-parse_name_test_OBJECTS = parse-name-test.$(OBJEXT)
-parse_name_test_LDADD = $(LDADD)
-parse_name_test_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-store_test_SOURCES = store-test.c
-store_test_OBJECTS = store-test.$(OBJEXT)
-store_test_LDADD = $(LDADD)
-store_test_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-string_to_key_test_SOURCES = string-to-key-test.c
-string_to_key_test_OBJECTS = string-to-key-test.$(OBJEXT)
-string_to_key_test_LDADD = $(LDADD)
-string_to_key_test_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-test_acl_SOURCES = test_acl.c
-test_acl_OBJECTS = test_acl.$(OBJEXT)
-test_acl_LDADD = $(LDADD)
-test_acl_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-test_addr_SOURCES = test_addr.c
-test_addr_OBJECTS = test_addr.$(OBJEXT)
-test_addr_LDADD = $(LDADD)
-test_addr_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-test_alname_SOURCES = test_alname.c
-test_alname_OBJECTS = test_alname.$(OBJEXT)
-test_alname_LDADD = $(LDADD)
-test_alname_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-test_cc_SOURCES = test_cc.c
-test_cc_OBJECTS = test_cc.$(OBJEXT)
-test_cc_LDADD = $(LDADD)
-test_cc_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-test_config_SOURCES = test_config.c
-test_config_OBJECTS = test_config.$(OBJEXT)
-test_config_LDADD = $(LDADD)
-test_config_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-test_crypto_SOURCES = test_crypto.c
-test_crypto_OBJECTS = test_crypto.$(OBJEXT)
-test_crypto_LDADD = $(LDADD)
-test_crypto_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-test_crypto_wrapping_SOURCES = test_crypto_wrapping.c
-test_crypto_wrapping_OBJECTS = test_crypto_wrapping.$(OBJEXT)
-test_crypto_wrapping_LDADD = $(LDADD)
-test_crypto_wrapping_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-test_forward_SOURCES = test_forward.c
-test_forward_OBJECTS = test_forward.$(OBJEXT)
-test_forward_LDADD = $(LDADD)
-test_forward_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-test_get_addrs_SOURCES = test_get_addrs.c
-test_get_addrs_OBJECTS = test_get_addrs.$(OBJEXT)
-test_get_addrs_LDADD = $(LDADD)
-test_get_addrs_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-test_hostname_SOURCES = test_hostname.c
-test_hostname_OBJECTS = test_hostname.$(OBJEXT)
-test_hostname_LDADD = $(LDADD)
-test_hostname_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-test_keytab_SOURCES = test_keytab.c
-test_keytab_OBJECTS = test_keytab.$(OBJEXT)
-test_keytab_LDADD = $(LDADD)
-test_keytab_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-test_kuserok_SOURCES = test_kuserok.c
-test_kuserok_OBJECTS = test_kuserok.$(OBJEXT)
-test_kuserok_LDADD = $(LDADD)
-test_kuserok_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-test_mem_SOURCES = test_mem.c
-test_mem_OBJECTS = test_mem.$(OBJEXT)
-test_mem_LDADD = $(LDADD)
-test_mem_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-test_pac_SOURCES = test_pac.c
-test_pac_OBJECTS = test_pac.$(OBJEXT)
-test_pac_LDADD = $(LDADD)
-test_pac_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-test_pkinit_dh2key_SOURCES = test_pkinit_dh2key.c
-test_pkinit_dh2key_OBJECTS = test_pkinit_dh2key.$(OBJEXT)
-test_pkinit_dh2key_LDADD = $(LDADD)
-test_pkinit_dh2key_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-test_plugin_SOURCES = test_plugin.c
-test_plugin_OBJECTS = test_plugin.$(OBJEXT)
-test_plugin_LDADD = $(LDADD)
-test_plugin_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-test_prf_SOURCES = test_prf.c
-test_prf_OBJECTS = test_prf.$(OBJEXT)
-test_prf_LDADD = $(LDADD)
-test_prf_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-test_princ_SOURCES = test_princ.c
-test_princ_OBJECTS = test_princ.$(OBJEXT)
-test_princ_LDADD = $(LDADD)
-test_princ_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-test_renew_SOURCES = test_renew.c
-test_renew_OBJECTS = test_renew.$(OBJEXT)
-test_renew_LDADD = $(LDADD)
-test_renew_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-test_store_SOURCES = test_store.c
-test_store_OBJECTS = test_store.$(OBJEXT)
-test_store_LDADD = $(LDADD)
-test_store_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-test_time_SOURCES = test_time.c
-test_time_OBJECTS = test_time.$(OBJEXT)
-test_time_LDADD = $(LDADD)
-test_time_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-verify_krb5_conf_SOURCES = verify_krb5_conf.c
-verify_krb5_conf_OBJECTS = verify_krb5_conf.$(OBJEXT)
-verify_krb5_conf_LDADD = $(LDADD)
-verify_krb5_conf_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
-	$(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-SOURCES = $(dist_libkrb5_la_SOURCES) $(nodist_libkrb5_la_SOURCES) \
-	aes-test.c derived-key-test.c krbhst-test.c n-fold-test.c \
-	name-45-test.c parse-name-test.c store-test.c \
-	string-to-key-test.c test_acl.c test_addr.c test_alname.c \
-	test_cc.c test_config.c test_crypto.c test_crypto_wrapping.c \
-	test_forward.c test_get_addrs.c test_hostname.c test_keytab.c \
-	test_kuserok.c test_mem.c test_pac.c test_pkinit_dh2key.c \
-	test_plugin.c test_prf.c test_princ.c test_renew.c \
-	test_store.c test_time.c verify_krb5_conf.c
-DIST_SOURCES = $(dist_libkrb5_la_SOURCES) aes-test.c \
-	derived-key-test.c krbhst-test.c n-fold-test.c name-45-test.c \
-	parse-name-test.c store-test.c string-to-key-test.c test_acl.c \
-	test_addr.c test_alname.c test_cc.c test_config.c \
-	test_crypto.c test_crypto_wrapping.c test_forward.c \
-	test_get_addrs.c test_hostname.c test_keytab.c test_kuserok.c \
-	test_mem.c test_pac.c test_pkinit_dh2key.c test_plugin.c \
-	test_prf.c test_princ.c test_renew.c test_store.c test_time.c \
-	verify_krb5_conf.c
-man3dir = $(mandir)/man3
-man5dir = $(mandir)/man5
-man8dir = $(mandir)/man8
-MANS = $(man_MANS)
-dist_includeHEADERS_INSTALL = $(INSTALL_HEADER)
-krb5HEADERS_INSTALL = $(INSTALL_HEADER)
-nodist_includeHEADERS_INSTALL = $(INSTALL_HEADER)
-HEADERS = $(dist_include_HEADERS) $(krb5_HEADERS) \
-	$(nodist_include_HEADERS)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
-	$(INCLUDE_krb4) $(INCLUDE_hcrypto) -I../com_err \
-	-I$(srcdir)/../com_err
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-LDADD = libkrb5.la \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken)
-
-@PKINIT_TRUE@LIB_pkinit = ../hx509/libhx509.la
-libkrb5_la_LIBADD = \
-	$(LIB_pkinit) \
-	$(LIB_com_err) \
-	$(LIB_hcrypto) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIBADD_roken) \
-	$(LIB_door_create) \
-	$(LIB_dlopen)
-
-lib_LTLIBRARIES = libkrb5.la
-ERR_FILES = krb5_err.c krb_err.c heim_err.c k524_err.c
-libkrb5_la_CPPFLAGS = -DBUILD_KRB5_LIB $(AM_CPPFLAGS)
-dist_libkrb5_la_SOURCES = \
-	acache.c				\
-	acl.c					\
-	add_et_list.c				\
-	addr_families.c				\
-	aname_to_localname.c			\
-	appdefault.c				\
-	asn1_glue.c				\
-	auth_context.c				\
-	build_ap_req.c				\
-	build_auth.c				\
-	cache.c					\
-	changepw.c				\
-	codec.c					\
-	config_file.c				\
-	config_file_netinfo.c			\
-	convert_creds.c				\
-	constants.c				\
-	context.c				\
-	copy_host_realm.c			\
-	crc.c					\
-	creds.c					\
-	crypto.c				\
-	doxygen.c				\
-	data.c					\
-	digest.c				\
-	eai_to_heim_errno.c			\
-	error_string.c				\
-	expand_hostname.c			\
-	fcache.c				\
-	free.c					\
-	free_host_realm.c			\
-	generate_seq_number.c			\
-	generate_subkey.c			\
-	get_addrs.c				\
-	get_cred.c				\
-	get_default_principal.c			\
-	get_default_realm.c			\
-	get_for_creds.c				\
-	get_host_realm.c			\
-	get_in_tkt.c				\
-	get_in_tkt_pw.c				\
-	get_in_tkt_with_keytab.c		\
-	get_in_tkt_with_skey.c			\
-	get_port.c				\
-	heim_threads.h				\
-	init_creds.c				\
-	init_creds_pw.c				\
-	kcm.c					\
-	kcm.h					\
-	keyblock.c				\
-	keytab.c				\
-	keytab_any.c				\
-	keytab_file.c				\
-	keytab_keyfile.c			\
-	keytab_krb4.c				\
-	keytab_memory.c				\
-	krb5_locl.h				\
-	krb5-v4compat.h				\
-	krbhst.c				\
-	kuserok.c				\
-	log.c					\
-	mcache.c				\
-	misc.c					\
-	mk_error.c				\
-	mk_priv.c				\
-	mk_rep.c				\
-	mk_req.c				\
-	mk_req_ext.c				\
-	mk_safe.c				\
-	mit_glue.c				\
-	net_read.c				\
-	net_write.c				\
-	n-fold.c				\
-	pac.c					\
-	padata.c				\
-	pkinit.c				\
-	principal.c				\
-	prog_setup.c				\
-	prompter_posix.c			\
-	rd_cred.c				\
-	rd_error.c				\
-	rd_priv.c				\
-	rd_rep.c				\
-	rd_req.c				\
-	rd_safe.c				\
-	read_message.c				\
-	recvauth.c				\
-	replay.c				\
-	send_to_kdc.c				\
-	sendauth.c				\
-	set_default_realm.c			\
-	sock_principal.c			\
-	store.c					\
-	store-int.h				\
-	store_emem.c				\
-	store_fd.c				\
-	store_mem.c				\
-	plugin.c				\
-	ticket.c				\
-	time.c					\
-	transited.c				\
-	v4_glue.c				\
-	verify_init.c				\
-	verify_user.c				\
-	version.c				\
-	warn.c					\
-	write_message.c
-
-nodist_libkrb5_la_SOURCES = \
-	$(ERR_FILES)
-
-libkrb5_la_LDFLAGS = -version-info 24:0:0 $(am__append_1)
-man_MANS = \
-	kerberos.8				\
-	krb5.3					\
-	krb5.conf.5				\
-	krb524_convert_creds_kdc.3		\
-	krb5_425_conv_principal.3		\
-	krb5_acl_match_file.3			\
-	krb5_address.3				\
-	krb5_aname_to_localname.3		\
-	krb5_appdefault.3			\
-	krb5_auth_context.3			\
-	krb5_c_make_checksum.3			\
-	krb5_ccache.3				\
-	krb5_check_transited.3			\
-	krb5_compare_creds.3			\
-	krb5_config.3				\
-	krb5_context.3				\
-	krb5_create_checksum.3			\
-	krb5_creds.3				\
-	krb5_crypto_init.3			\
-	krb5_data.3				\
-	krb5_digest.3				\
-	krb5_eai_to_heim_errno.3		\
-	krb5_encrypt.3				\
-	krb5_expand_hostname.3			\
-	krb5_find_padata.3			\
-	krb5_generate_random_block.3		\
-	krb5_get_all_client_addrs.3		\
-	krb5_get_credentials.3			\
-	krb5_get_creds.3			\
-	krb5_get_forwarded_creds.3		\
-	krb5_get_in_cred.3			\
-	krb5_get_init_creds.3			\
-	krb5_get_krbhst.3			\
-	krb5_getportbyname.3			\
-	krb5_init_context.3			\
-	krb5_is_thread_safe.3			\
-	krb5_keyblock.3				\
-	krb5_keytab.3				\
-	krb5_krbhst_init.3			\
-	krb5_kuserok.3				\
-	krb5_mk_req.3				\
-	krb5_mk_safe.3				\
-	krb5_openlog.3				\
-	krb5_parse_name.3			\
-	krb5_principal.3			\
-	krb5_rcache.3				\
-	krb5_rd_error.3				\
-	krb5_rd_safe.3				\
-	krb5_set_default_realm.3		\
-	krb5_set_password.3			\
-	krb5_storage.3				\
-	krb5_string_to_key.3			\
-	krb5_ticket.3				\
-	krb5_timeofday.3			\
-	krb5_unparse_name.3			\
-	krb5_verify_init_creds.3		\
-	krb5_verify_user.3			\
-	krb5_warn.3				\
-	verify_krb5_conf.8
-
-dist_include_HEADERS = \
-	krb5.h \
-	krb5-protos.h \
-	krb5-private.h \
-	krb5_ccapi.h
-
-nodist_include_HEADERS = krb5_err.h heim_err.h k524_err.h 
-
-# XXX use nobase_include_HEADERS = krb5/locate_plugin.h
-krb5dir = $(includedir)/krb5
-krb5_HEADERS = locate_plugin.h
-build_HEADERZ = \
-	heim_threads.h \
-	$(krb5_HEADERS) \
-	krb_err.h
-
-CLEANFILES = \
-	krb5_err.c krb5_err.h \
-	krb_err.c krb_err.h \
-	heim_err.c heim_err.h \
-	k524_err.c k524_err.h
-
-EXTRA_DIST = \
-	krb5_err.et \
-	krb_err.et \
-	heim_err.et \
-	k524_err.et \
-	$(man_MANS) \
-	version-script.map \
-	krb5.moduli
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps lib/krb5/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps lib/krb5/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f=$(am__strip_dir) \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  p=$(am__strip_dir) \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
-	  $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test "$$dir" != "$$p" || dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-libkrb5.la: $(libkrb5_la_OBJECTS) $(libkrb5_la_DEPENDENCIES) 
-	$(libkrb5_la_LINK) -rpath $(libdir) $(libkrb5_la_OBJECTS) $(libkrb5_la_LIBADD) $(LIBS)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(bindir)/$$f"; \
-	done
-
-clean-binPROGRAMS:
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-
-clean-checkPROGRAMS:
-	@list='$(check_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-
-clean-noinstPROGRAMS:
-	@list='$(noinst_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-aes-test$(EXEEXT): $(aes_test_OBJECTS) $(aes_test_DEPENDENCIES) 
-	@rm -f aes-test$(EXEEXT)
-	$(LINK) $(aes_test_OBJECTS) $(aes_test_LDADD) $(LIBS)
-derived-key-test$(EXEEXT): $(derived_key_test_OBJECTS) $(derived_key_test_DEPENDENCIES) 
-	@rm -f derived-key-test$(EXEEXT)
-	$(LINK) $(derived_key_test_OBJECTS) $(derived_key_test_LDADD) $(LIBS)
-krbhst-test$(EXEEXT): $(krbhst_test_OBJECTS) $(krbhst_test_DEPENDENCIES) 
-	@rm -f krbhst-test$(EXEEXT)
-	$(LINK) $(krbhst_test_OBJECTS) $(krbhst_test_LDADD) $(LIBS)
-n-fold-test$(EXEEXT): $(n_fold_test_OBJECTS) $(n_fold_test_DEPENDENCIES) 
-	@rm -f n-fold-test$(EXEEXT)
-	$(LINK) $(n_fold_test_OBJECTS) $(n_fold_test_LDADD) $(LIBS)
-name-45-test$(EXEEXT): $(name_45_test_OBJECTS) $(name_45_test_DEPENDENCIES) 
-	@rm -f name-45-test$(EXEEXT)
-	$(LINK) $(name_45_test_OBJECTS) $(name_45_test_LDADD) $(LIBS)
-parse-name-test$(EXEEXT): $(parse_name_test_OBJECTS) $(parse_name_test_DEPENDENCIES) 
-	@rm -f parse-name-test$(EXEEXT)
-	$(LINK) $(parse_name_test_OBJECTS) $(parse_name_test_LDADD) $(LIBS)
-store-test$(EXEEXT): $(store_test_OBJECTS) $(store_test_DEPENDENCIES) 
-	@rm -f store-test$(EXEEXT)
-	$(LINK) $(store_test_OBJECTS) $(store_test_LDADD) $(LIBS)
-string-to-key-test$(EXEEXT): $(string_to_key_test_OBJECTS) $(string_to_key_test_DEPENDENCIES) 
-	@rm -f string-to-key-test$(EXEEXT)
-	$(LINK) $(string_to_key_test_OBJECTS) $(string_to_key_test_LDADD) $(LIBS)
-test_acl$(EXEEXT): $(test_acl_OBJECTS) $(test_acl_DEPENDENCIES) 
-	@rm -f test_acl$(EXEEXT)
-	$(LINK) $(test_acl_OBJECTS) $(test_acl_LDADD) $(LIBS)
-test_addr$(EXEEXT): $(test_addr_OBJECTS) $(test_addr_DEPENDENCIES) 
-	@rm -f test_addr$(EXEEXT)
-	$(LINK) $(test_addr_OBJECTS) $(test_addr_LDADD) $(LIBS)
-test_alname$(EXEEXT): $(test_alname_OBJECTS) $(test_alname_DEPENDENCIES) 
-	@rm -f test_alname$(EXEEXT)
-	$(LINK) $(test_alname_OBJECTS) $(test_alname_LDADD) $(LIBS)
-test_cc$(EXEEXT): $(test_cc_OBJECTS) $(test_cc_DEPENDENCIES) 
-	@rm -f test_cc$(EXEEXT)
-	$(LINK) $(test_cc_OBJECTS) $(test_cc_LDADD) $(LIBS)
-test_config$(EXEEXT): $(test_config_OBJECTS) $(test_config_DEPENDENCIES) 
-	@rm -f test_config$(EXEEXT)
-	$(LINK) $(test_config_OBJECTS) $(test_config_LDADD) $(LIBS)
-test_crypto$(EXEEXT): $(test_crypto_OBJECTS) $(test_crypto_DEPENDENCIES) 
-	@rm -f test_crypto$(EXEEXT)
-	$(LINK) $(test_crypto_OBJECTS) $(test_crypto_LDADD) $(LIBS)
-test_crypto_wrapping$(EXEEXT): $(test_crypto_wrapping_OBJECTS) $(test_crypto_wrapping_DEPENDENCIES) 
-	@rm -f test_crypto_wrapping$(EXEEXT)
-	$(LINK) $(test_crypto_wrapping_OBJECTS) $(test_crypto_wrapping_LDADD) $(LIBS)
-test_forward$(EXEEXT): $(test_forward_OBJECTS) $(test_forward_DEPENDENCIES) 
-	@rm -f test_forward$(EXEEXT)
-	$(LINK) $(test_forward_OBJECTS) $(test_forward_LDADD) $(LIBS)
-test_get_addrs$(EXEEXT): $(test_get_addrs_OBJECTS) $(test_get_addrs_DEPENDENCIES) 
-	@rm -f test_get_addrs$(EXEEXT)
-	$(LINK) $(test_get_addrs_OBJECTS) $(test_get_addrs_LDADD) $(LIBS)
-test_hostname$(EXEEXT): $(test_hostname_OBJECTS) $(test_hostname_DEPENDENCIES) 
-	@rm -f test_hostname$(EXEEXT)
-	$(LINK) $(test_hostname_OBJECTS) $(test_hostname_LDADD) $(LIBS)
-test_keytab$(EXEEXT): $(test_keytab_OBJECTS) $(test_keytab_DEPENDENCIES) 
-	@rm -f test_keytab$(EXEEXT)
-	$(LINK) $(test_keytab_OBJECTS) $(test_keytab_LDADD) $(LIBS)
-test_kuserok$(EXEEXT): $(test_kuserok_OBJECTS) $(test_kuserok_DEPENDENCIES) 
-	@rm -f test_kuserok$(EXEEXT)
-	$(LINK) $(test_kuserok_OBJECTS) $(test_kuserok_LDADD) $(LIBS)
-test_mem$(EXEEXT): $(test_mem_OBJECTS) $(test_mem_DEPENDENCIES) 
-	@rm -f test_mem$(EXEEXT)
-	$(LINK) $(test_mem_OBJECTS) $(test_mem_LDADD) $(LIBS)
-test_pac$(EXEEXT): $(test_pac_OBJECTS) $(test_pac_DEPENDENCIES) 
-	@rm -f test_pac$(EXEEXT)
-	$(LINK) $(test_pac_OBJECTS) $(test_pac_LDADD) $(LIBS)
-test_pkinit_dh2key$(EXEEXT): $(test_pkinit_dh2key_OBJECTS) $(test_pkinit_dh2key_DEPENDENCIES) 
-	@rm -f test_pkinit_dh2key$(EXEEXT)
-	$(LINK) $(test_pkinit_dh2key_OBJECTS) $(test_pkinit_dh2key_LDADD) $(LIBS)
-test_plugin$(EXEEXT): $(test_plugin_OBJECTS) $(test_plugin_DEPENDENCIES) 
-	@rm -f test_plugin$(EXEEXT)
-	$(LINK) $(test_plugin_OBJECTS) $(test_plugin_LDADD) $(LIBS)
-test_prf$(EXEEXT): $(test_prf_OBJECTS) $(test_prf_DEPENDENCIES) 
-	@rm -f test_prf$(EXEEXT)
-	$(LINK) $(test_prf_OBJECTS) $(test_prf_LDADD) $(LIBS)
-test_princ$(EXEEXT): $(test_princ_OBJECTS) $(test_princ_DEPENDENCIES) 
-	@rm -f test_princ$(EXEEXT)
-	$(LINK) $(test_princ_OBJECTS) $(test_princ_LDADD) $(LIBS)
-test_renew$(EXEEXT): $(test_renew_OBJECTS) $(test_renew_DEPENDENCIES) 
-	@rm -f test_renew$(EXEEXT)
-	$(LINK) $(test_renew_OBJECTS) $(test_renew_LDADD) $(LIBS)
-test_store$(EXEEXT): $(test_store_OBJECTS) $(test_store_DEPENDENCIES) 
-	@rm -f test_store$(EXEEXT)
-	$(LINK) $(test_store_OBJECTS) $(test_store_LDADD) $(LIBS)
-test_time$(EXEEXT): $(test_time_OBJECTS) $(test_time_DEPENDENCIES) 
-	@rm -f test_time$(EXEEXT)
-	$(LINK) $(test_time_OBJECTS) $(test_time_LDADD) $(LIBS)
-verify_krb5_conf$(EXEEXT): $(verify_krb5_conf_OBJECTS) $(verify_krb5_conf_DEPENDENCIES) 
-	@rm -f verify_krb5_conf$(EXEEXT)
-	$(LINK) $(verify_krb5_conf_OBJECTS) $(verify_krb5_conf_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-libkrb5_la-acache.lo: acache.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-acache.lo `test -f 'acache.c' || echo '$(srcdir)/'`acache.c
-
-libkrb5_la-acl.lo: acl.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-acl.lo `test -f 'acl.c' || echo '$(srcdir)/'`acl.c
-
-libkrb5_la-add_et_list.lo: add_et_list.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-add_et_list.lo `test -f 'add_et_list.c' || echo '$(srcdir)/'`add_et_list.c
-
-libkrb5_la-addr_families.lo: addr_families.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-addr_families.lo `test -f 'addr_families.c' || echo '$(srcdir)/'`addr_families.c
-
-libkrb5_la-aname_to_localname.lo: aname_to_localname.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-aname_to_localname.lo `test -f 'aname_to_localname.c' || echo '$(srcdir)/'`aname_to_localname.c
-
-libkrb5_la-appdefault.lo: appdefault.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-appdefault.lo `test -f 'appdefault.c' || echo '$(srcdir)/'`appdefault.c
-
-libkrb5_la-asn1_glue.lo: asn1_glue.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-asn1_glue.lo `test -f 'asn1_glue.c' || echo '$(srcdir)/'`asn1_glue.c
-
-libkrb5_la-auth_context.lo: auth_context.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-auth_context.lo `test -f 'auth_context.c' || echo '$(srcdir)/'`auth_context.c
-
-libkrb5_la-build_ap_req.lo: build_ap_req.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-build_ap_req.lo `test -f 'build_ap_req.c' || echo '$(srcdir)/'`build_ap_req.c
-
-libkrb5_la-build_auth.lo: build_auth.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-build_auth.lo `test -f 'build_auth.c' || echo '$(srcdir)/'`build_auth.c
-
-libkrb5_la-cache.lo: cache.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-cache.lo `test -f 'cache.c' || echo '$(srcdir)/'`cache.c
-
-libkrb5_la-changepw.lo: changepw.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-changepw.lo `test -f 'changepw.c' || echo '$(srcdir)/'`changepw.c
-
-libkrb5_la-codec.lo: codec.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-codec.lo `test -f 'codec.c' || echo '$(srcdir)/'`codec.c
-
-libkrb5_la-config_file.lo: config_file.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-config_file.lo `test -f 'config_file.c' || echo '$(srcdir)/'`config_file.c
-
-libkrb5_la-config_file_netinfo.lo: config_file_netinfo.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-config_file_netinfo.lo `test -f 'config_file_netinfo.c' || echo '$(srcdir)/'`config_file_netinfo.c
-
-libkrb5_la-convert_creds.lo: convert_creds.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-convert_creds.lo `test -f 'convert_creds.c' || echo '$(srcdir)/'`convert_creds.c
-
-libkrb5_la-constants.lo: constants.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-constants.lo `test -f 'constants.c' || echo '$(srcdir)/'`constants.c
-
-libkrb5_la-context.lo: context.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-context.lo `test -f 'context.c' || echo '$(srcdir)/'`context.c
-
-libkrb5_la-copy_host_realm.lo: copy_host_realm.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-copy_host_realm.lo `test -f 'copy_host_realm.c' || echo '$(srcdir)/'`copy_host_realm.c
-
-libkrb5_la-crc.lo: crc.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-crc.lo `test -f 'crc.c' || echo '$(srcdir)/'`crc.c
-
-libkrb5_la-creds.lo: creds.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-creds.lo `test -f 'creds.c' || echo '$(srcdir)/'`creds.c
-
-libkrb5_la-crypto.lo: crypto.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-crypto.lo `test -f 'crypto.c' || echo '$(srcdir)/'`crypto.c
-
-libkrb5_la-doxygen.lo: doxygen.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-doxygen.lo `test -f 'doxygen.c' || echo '$(srcdir)/'`doxygen.c
-
-libkrb5_la-data.lo: data.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-data.lo `test -f 'data.c' || echo '$(srcdir)/'`data.c
-
-libkrb5_la-digest.lo: digest.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-digest.lo `test -f 'digest.c' || echo '$(srcdir)/'`digest.c
-
-libkrb5_la-eai_to_heim_errno.lo: eai_to_heim_errno.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-eai_to_heim_errno.lo `test -f 'eai_to_heim_errno.c' || echo '$(srcdir)/'`eai_to_heim_errno.c
-
-libkrb5_la-error_string.lo: error_string.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-error_string.lo `test -f 'error_string.c' || echo '$(srcdir)/'`error_string.c
-
-libkrb5_la-expand_hostname.lo: expand_hostname.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-expand_hostname.lo `test -f 'expand_hostname.c' || echo '$(srcdir)/'`expand_hostname.c
-
-libkrb5_la-fcache.lo: fcache.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-fcache.lo `test -f 'fcache.c' || echo '$(srcdir)/'`fcache.c
-
-libkrb5_la-free.lo: free.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-free.lo `test -f 'free.c' || echo '$(srcdir)/'`free.c
-
-libkrb5_la-free_host_realm.lo: free_host_realm.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-free_host_realm.lo `test -f 'free_host_realm.c' || echo '$(srcdir)/'`free_host_realm.c
-
-libkrb5_la-generate_seq_number.lo: generate_seq_number.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-generate_seq_number.lo `test -f 'generate_seq_number.c' || echo '$(srcdir)/'`generate_seq_number.c
-
-libkrb5_la-generate_subkey.lo: generate_subkey.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-generate_subkey.lo `test -f 'generate_subkey.c' || echo '$(srcdir)/'`generate_subkey.c
-
-libkrb5_la-get_addrs.lo: get_addrs.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_addrs.lo `test -f 'get_addrs.c' || echo '$(srcdir)/'`get_addrs.c
-
-libkrb5_la-get_cred.lo: get_cred.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_cred.lo `test -f 'get_cred.c' || echo '$(srcdir)/'`get_cred.c
-
-libkrb5_la-get_default_principal.lo: get_default_principal.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_default_principal.lo `test -f 'get_default_principal.c' || echo '$(srcdir)/'`get_default_principal.c
-
-libkrb5_la-get_default_realm.lo: get_default_realm.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_default_realm.lo `test -f 'get_default_realm.c' || echo '$(srcdir)/'`get_default_realm.c
-
-libkrb5_la-get_for_creds.lo: get_for_creds.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_for_creds.lo `test -f 'get_for_creds.c' || echo '$(srcdir)/'`get_for_creds.c
-
-libkrb5_la-get_host_realm.lo: get_host_realm.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_host_realm.lo `test -f 'get_host_realm.c' || echo '$(srcdir)/'`get_host_realm.c
-
-libkrb5_la-get_in_tkt.lo: get_in_tkt.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_in_tkt.lo `test -f 'get_in_tkt.c' || echo '$(srcdir)/'`get_in_tkt.c
-
-libkrb5_la-get_in_tkt_pw.lo: get_in_tkt_pw.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_in_tkt_pw.lo `test -f 'get_in_tkt_pw.c' || echo '$(srcdir)/'`get_in_tkt_pw.c
-
-libkrb5_la-get_in_tkt_with_keytab.lo: get_in_tkt_with_keytab.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_in_tkt_with_keytab.lo `test -f 'get_in_tkt_with_keytab.c' || echo '$(srcdir)/'`get_in_tkt_with_keytab.c
-
-libkrb5_la-get_in_tkt_with_skey.lo: get_in_tkt_with_skey.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_in_tkt_with_skey.lo `test -f 'get_in_tkt_with_skey.c' || echo '$(srcdir)/'`get_in_tkt_with_skey.c
-
-libkrb5_la-get_port.lo: get_port.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_port.lo `test -f 'get_port.c' || echo '$(srcdir)/'`get_port.c
-
-libkrb5_la-init_creds.lo: init_creds.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-init_creds.lo `test -f 'init_creds.c' || echo '$(srcdir)/'`init_creds.c
-
-libkrb5_la-init_creds_pw.lo: init_creds_pw.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-init_creds_pw.lo `test -f 'init_creds_pw.c' || echo '$(srcdir)/'`init_creds_pw.c
-
-libkrb5_la-kcm.lo: kcm.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-kcm.lo `test -f 'kcm.c' || echo '$(srcdir)/'`kcm.c
-
-libkrb5_la-keyblock.lo: keyblock.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-keyblock.lo `test -f 'keyblock.c' || echo '$(srcdir)/'`keyblock.c
-
-libkrb5_la-keytab.lo: keytab.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-keytab.lo `test -f 'keytab.c' || echo '$(srcdir)/'`keytab.c
-
-libkrb5_la-keytab_any.lo: keytab_any.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-keytab_any.lo `test -f 'keytab_any.c' || echo '$(srcdir)/'`keytab_any.c
-
-libkrb5_la-keytab_file.lo: keytab_file.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-keytab_file.lo `test -f 'keytab_file.c' || echo '$(srcdir)/'`keytab_file.c
-
-libkrb5_la-keytab_keyfile.lo: keytab_keyfile.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-keytab_keyfile.lo `test -f 'keytab_keyfile.c' || echo '$(srcdir)/'`keytab_keyfile.c
-
-libkrb5_la-keytab_krb4.lo: keytab_krb4.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-keytab_krb4.lo `test -f 'keytab_krb4.c' || echo '$(srcdir)/'`keytab_krb4.c
-
-libkrb5_la-keytab_memory.lo: keytab_memory.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-keytab_memory.lo `test -f 'keytab_memory.c' || echo '$(srcdir)/'`keytab_memory.c
-
-libkrb5_la-krbhst.lo: krbhst.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-krbhst.lo `test -f 'krbhst.c' || echo '$(srcdir)/'`krbhst.c
-
-libkrb5_la-kuserok.lo: kuserok.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-kuserok.lo `test -f 'kuserok.c' || echo '$(srcdir)/'`kuserok.c
-
-libkrb5_la-log.lo: log.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-log.lo `test -f 'log.c' || echo '$(srcdir)/'`log.c
-
-libkrb5_la-mcache.lo: mcache.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-mcache.lo `test -f 'mcache.c' || echo '$(srcdir)/'`mcache.c
-
-libkrb5_la-misc.lo: misc.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-misc.lo `test -f 'misc.c' || echo '$(srcdir)/'`misc.c
-
-libkrb5_la-mk_error.lo: mk_error.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-mk_error.lo `test -f 'mk_error.c' || echo '$(srcdir)/'`mk_error.c
-
-libkrb5_la-mk_priv.lo: mk_priv.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-mk_priv.lo `test -f 'mk_priv.c' || echo '$(srcdir)/'`mk_priv.c
-
-libkrb5_la-mk_rep.lo: mk_rep.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-mk_rep.lo `test -f 'mk_rep.c' || echo '$(srcdir)/'`mk_rep.c
-
-libkrb5_la-mk_req.lo: mk_req.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-mk_req.lo `test -f 'mk_req.c' || echo '$(srcdir)/'`mk_req.c
-
-libkrb5_la-mk_req_ext.lo: mk_req_ext.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-mk_req_ext.lo `test -f 'mk_req_ext.c' || echo '$(srcdir)/'`mk_req_ext.c
-
-libkrb5_la-mk_safe.lo: mk_safe.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-mk_safe.lo `test -f 'mk_safe.c' || echo '$(srcdir)/'`mk_safe.c
-
-libkrb5_la-mit_glue.lo: mit_glue.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-mit_glue.lo `test -f 'mit_glue.c' || echo '$(srcdir)/'`mit_glue.c
-
-libkrb5_la-net_read.lo: net_read.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-net_read.lo `test -f 'net_read.c' || echo '$(srcdir)/'`net_read.c
-
-libkrb5_la-net_write.lo: net_write.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-net_write.lo `test -f 'net_write.c' || echo '$(srcdir)/'`net_write.c
-
-libkrb5_la-n-fold.lo: n-fold.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-n-fold.lo `test -f 'n-fold.c' || echo '$(srcdir)/'`n-fold.c
-
-libkrb5_la-pac.lo: pac.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-pac.lo `test -f 'pac.c' || echo '$(srcdir)/'`pac.c
-
-libkrb5_la-padata.lo: padata.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-padata.lo `test -f 'padata.c' || echo '$(srcdir)/'`padata.c
-
-libkrb5_la-pkinit.lo: pkinit.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-pkinit.lo `test -f 'pkinit.c' || echo '$(srcdir)/'`pkinit.c
-
-libkrb5_la-principal.lo: principal.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-principal.lo `test -f 'principal.c' || echo '$(srcdir)/'`principal.c
-
-libkrb5_la-prog_setup.lo: prog_setup.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-prog_setup.lo `test -f 'prog_setup.c' || echo '$(srcdir)/'`prog_setup.c
-
-libkrb5_la-prompter_posix.lo: prompter_posix.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-prompter_posix.lo `test -f 'prompter_posix.c' || echo '$(srcdir)/'`prompter_posix.c
-
-libkrb5_la-rd_cred.lo: rd_cred.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-rd_cred.lo `test -f 'rd_cred.c' || echo '$(srcdir)/'`rd_cred.c
-
-libkrb5_la-rd_error.lo: rd_error.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-rd_error.lo `test -f 'rd_error.c' || echo '$(srcdir)/'`rd_error.c
-
-libkrb5_la-rd_priv.lo: rd_priv.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-rd_priv.lo `test -f 'rd_priv.c' || echo '$(srcdir)/'`rd_priv.c
-
-libkrb5_la-rd_rep.lo: rd_rep.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-rd_rep.lo `test -f 'rd_rep.c' || echo '$(srcdir)/'`rd_rep.c
-
-libkrb5_la-rd_req.lo: rd_req.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-rd_req.lo `test -f 'rd_req.c' || echo '$(srcdir)/'`rd_req.c
-
-libkrb5_la-rd_safe.lo: rd_safe.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-rd_safe.lo `test -f 'rd_safe.c' || echo '$(srcdir)/'`rd_safe.c
-
-libkrb5_la-read_message.lo: read_message.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-read_message.lo `test -f 'read_message.c' || echo '$(srcdir)/'`read_message.c
-
-libkrb5_la-recvauth.lo: recvauth.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-recvauth.lo `test -f 'recvauth.c' || echo '$(srcdir)/'`recvauth.c
-
-libkrb5_la-replay.lo: replay.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-replay.lo `test -f 'replay.c' || echo '$(srcdir)/'`replay.c
-
-libkrb5_la-send_to_kdc.lo: send_to_kdc.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-send_to_kdc.lo `test -f 'send_to_kdc.c' || echo '$(srcdir)/'`send_to_kdc.c
-
-libkrb5_la-sendauth.lo: sendauth.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-sendauth.lo `test -f 'sendauth.c' || echo '$(srcdir)/'`sendauth.c
-
-libkrb5_la-set_default_realm.lo: set_default_realm.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-set_default_realm.lo `test -f 'set_default_realm.c' || echo '$(srcdir)/'`set_default_realm.c
-
-libkrb5_la-sock_principal.lo: sock_principal.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-sock_principal.lo `test -f 'sock_principal.c' || echo '$(srcdir)/'`sock_principal.c
-
-libkrb5_la-store.lo: store.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-store.lo `test -f 'store.c' || echo '$(srcdir)/'`store.c
-
-libkrb5_la-store_emem.lo: store_emem.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-store_emem.lo `test -f 'store_emem.c' || echo '$(srcdir)/'`store_emem.c
-
-libkrb5_la-store_fd.lo: store_fd.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-store_fd.lo `test -f 'store_fd.c' || echo '$(srcdir)/'`store_fd.c
-
-libkrb5_la-store_mem.lo: store_mem.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-store_mem.lo `test -f 'store_mem.c' || echo '$(srcdir)/'`store_mem.c
-
-libkrb5_la-plugin.lo: plugin.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-plugin.lo `test -f 'plugin.c' || echo '$(srcdir)/'`plugin.c
-
-libkrb5_la-ticket.lo: ticket.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-ticket.lo `test -f 'ticket.c' || echo '$(srcdir)/'`ticket.c
-
-libkrb5_la-time.lo: time.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-time.lo `test -f 'time.c' || echo '$(srcdir)/'`time.c
-
-libkrb5_la-transited.lo: transited.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-transited.lo `test -f 'transited.c' || echo '$(srcdir)/'`transited.c
-
-libkrb5_la-v4_glue.lo: v4_glue.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-v4_glue.lo `test -f 'v4_glue.c' || echo '$(srcdir)/'`v4_glue.c
-
-libkrb5_la-verify_init.lo: verify_init.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-verify_init.lo `test -f 'verify_init.c' || echo '$(srcdir)/'`verify_init.c
-
-libkrb5_la-verify_user.lo: verify_user.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-verify_user.lo `test -f 'verify_user.c' || echo '$(srcdir)/'`verify_user.c
-
-libkrb5_la-version.lo: version.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-version.lo `test -f 'version.c' || echo '$(srcdir)/'`version.c
-
-libkrb5_la-warn.lo: warn.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-warn.lo `test -f 'warn.c' || echo '$(srcdir)/'`warn.c
-
-libkrb5_la-write_message.lo: write_message.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-write_message.lo `test -f 'write_message.c' || echo '$(srcdir)/'`write_message.c
-
-libkrb5_la-krb5_err.lo: krb5_err.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-krb5_err.lo `test -f 'krb5_err.c' || echo '$(srcdir)/'`krb5_err.c
-
-libkrb5_la-krb_err.lo: krb_err.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-krb_err.lo `test -f 'krb_err.c' || echo '$(srcdir)/'`krb_err.c
-
-libkrb5_la-heim_err.lo: heim_err.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-heim_err.lo `test -f 'heim_err.c' || echo '$(srcdir)/'`heim_err.c
-
-libkrb5_la-k524_err.lo: k524_err.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-k524_err.lo `test -f 'k524_err.c' || echo '$(srcdir)/'`k524_err.c
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-man3: $(man3_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	test -z "$(man3dir)" || $(MKDIR_P) "$(DESTDIR)$(man3dir)"
-	@list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.3*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    3*) ;; \
-	    *) ext='3' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \
-	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst"; \
-	done
-uninstall-man3:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.3*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    3*) ;; \
-	    *) ext='3' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f '$(DESTDIR)$(man3dir)/$$inst'"; \
-	  rm -f "$(DESTDIR)$(man3dir)/$$inst"; \
-	done
-install-man5: $(man5_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)"
-	@list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.5*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    5*) ;; \
-	    *) ext='5' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \
-	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst"; \
-	done
-uninstall-man5:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.5*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    5*) ;; \
-	    *) ext='5' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f '$(DESTDIR)$(man5dir)/$$inst'"; \
-	  rm -f "$(DESTDIR)$(man5dir)/$$inst"; \
-	done
-install-man8: $(man8_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    8*) ;; \
-	    *) ext='8' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
-	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
-	done
-uninstall-man8:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    8*) ;; \
-	    *) ext='8' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
-	  rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
-	done
-install-dist_includeHEADERS: $(dist_include_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
-	@list='$(dist_include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(dist_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
-	  $(dist_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-uninstall-dist_includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(dist_include_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(includedir)/$$f"; \
-	done
-install-krb5HEADERS: $(krb5_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(krb5dir)" || $(MKDIR_P) "$(DESTDIR)$(krb5dir)"
-	@list='$(krb5_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(krb5HEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(krb5dir)/$$f'"; \
-	  $(krb5HEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(krb5dir)/$$f"; \
-	done
-
-uninstall-krb5HEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(krb5_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(krb5dir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(krb5dir)/$$f"; \
-	done
-install-nodist_includeHEADERS: $(nodist_include_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
-	@list='$(nodist_include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(nodist_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
-	  $(nodist_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-uninstall-nodist_includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(nodist_include_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-check-TESTS: $(TESTS)
-	@failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[	 ]'; \
-	srcdir=$(srcdir); export srcdir; \
-	list=' $(TESTS) '; \
-	if test -n "$$list"; then \
-	  for tst in $$list; do \
-	    if test -f ./$$tst; then dir=./; \
-	    elif test -f $$tst; then dir=; \
-	    else dir="$(srcdir)/"; fi; \
-	    if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xpass=`expr $$xpass + 1`; \
-		failed=`expr $$failed + 1`; \
-		echo "XPASS: $$tst"; \
-	      ;; \
-	      *) \
-		echo "PASS: $$tst"; \
-	      ;; \
-	      esac; \
-	    elif test $$? -ne 77; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xfail=`expr $$xfail + 1`; \
-		echo "XFAIL: $$tst"; \
-	      ;; \
-	      *) \
-		failed=`expr $$failed + 1`; \
-		echo "FAIL: $$tst"; \
-	      ;; \
-	      esac; \
-	    else \
-	      skip=`expr $$skip + 1`; \
-	      echo "SKIP: $$tst"; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    if test "$$xfail" -eq 0; then \
-	      banner="All $$all tests passed"; \
-	    else \
-	      banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
-	    fi; \
-	  else \
-	    if test "$$xpass" -eq 0; then \
-	      banner="$$failed of $$all tests failed"; \
-	    else \
-	      banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
-	    fi; \
-	  fi; \
-	  dashes="$$banner"; \
-	  skipped=""; \
-	  if test "$$skip" -ne 0; then \
-	    skipped="($$skip tests were not run)"; \
-	    test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$skipped"; \
-	  fi; \
-	  report=""; \
-	  if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
-	    report="Please report to $(PACKAGE_BUGREPORT)"; \
-	    test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$report"; \
-	  fi; \
-	  dashes=`echo "$$dashes" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  test -z "$$skipped" || echo "$$skipped"; \
-	  test -z "$$report" || echo "$$report"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	else :; fi
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
-	$(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(MANS) $(HEADERS) \
-		all-local
-install-binPROGRAMS: install-libLTLIBRARIES
-
-installdirs:
-	for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man3dir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(includedir)" "$(DESTDIR)$(krb5dir)" "$(DESTDIR)$(includedir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-checkPROGRAMS clean-generic \
-	clean-libLTLIBRARIES clean-libtool clean-noinstPROGRAMS \
-	mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-dist_includeHEADERS install-krb5HEADERS \
-	install-man install-nodist_includeHEADERS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am: install-binPROGRAMS install-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man: install-man3 install-man5 install-man8
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-binPROGRAMS uninstall-dist_includeHEADERS \
-	uninstall-krb5HEADERS uninstall-libLTLIBRARIES uninstall-man \
-	uninstall-nodist_includeHEADERS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-uninstall-man: uninstall-man3 uninstall-man5 uninstall-man8
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-TESTS check-am \
-	check-local clean clean-binPROGRAMS clean-checkPROGRAMS \
-	clean-generic clean-libLTLIBRARIES clean-libtool \
-	clean-noinstPROGRAMS ctags dist-hook distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-binPROGRAMS install-data \
-	install-data-am install-data-hook install-dist_includeHEADERS \
-	install-dvi install-dvi-am install-exec install-exec-am \
-	install-exec-hook install-html install-html-am install-info \
-	install-info-am install-krb5HEADERS install-libLTLIBRARIES \
-	install-man install-man3 install-man5 install-man8 \
-	install-nodist_includeHEADERS install-pdf install-pdf-am \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-binPROGRAMS \
-	uninstall-dist_includeHEADERS uninstall-hook \
-	uninstall-krb5HEADERS uninstall-libLTLIBRARIES uninstall-man \
-	uninstall-man3 uninstall-man5 uninstall-man8 \
-	uninstall-nodist_includeHEADERS
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-$(libkrb5_la_OBJECTS) $(verify_krb5_conf_OBJECTS): $(srcdir)/krb5-protos.h $(srcdir)/krb5-private.h
-
-$(srcdir)/krb5-protos.h:
-	cd $(srcdir) && perl ../../cf/make-proto.pl -E KRB5_LIB_FUNCTION -q -P comment -o krb5-protos.h $(dist_libkrb5_la_SOURCES) || rm -f krb5-protos.h
-
-$(srcdir)/krb5-private.h:
-	cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p krb5-private.h $(dist_libkrb5_la_SOURCES) || rm -f krb5-private.h
-
-$(libkrb5_la_OBJECTS): krb5_err.h krb_err.h heim_err.h k524_err.h
-
-#sysconf_DATA = krb5.moduli
-
-# to help stupid solaris make
-
-krb5_err.h: krb5_err.et
-
-krb_err.h: krb_err.et
-
-heim_err.h: heim_err.et
-
-k524_err.h: k524_err.et
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/krb5/acache.c b/crypto/heimdal/lib/krb5/acache.c
deleted file mode 100644
index 30a6d90c3451..000000000000
--- a/crypto/heimdal/lib/krb5/acache.c
+++ /dev/null
@@ -1,961 +0,0 @@
-/*
- * Copyright (c) 2004 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-#include <krb5_ccapi.h>
-#ifdef HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-RCSID("$Id: acache.c 22099 2007-12-03 17:14:34Z lha $");
-
-/* XXX should we fetch these for each open ? */
-static HEIMDAL_MUTEX acc_mutex = HEIMDAL_MUTEX_INITIALIZER;
-static cc_initialize_func init_func;
-
-#ifdef HAVE_DLOPEN
-static void *cc_handle; 
-#endif
-
-typedef struct krb5_acc {
-    char *cache_name;
-    cc_context_t context;
-    cc_ccache_t ccache;
-} krb5_acc;
-
-static krb5_error_code acc_close(krb5_context, krb5_ccache);
-
-#define ACACHE(X) ((krb5_acc *)(X)->data.data)
-
-static const struct {
-    cc_int32 error;
-    krb5_error_code ret;
-} cc_errors[] = {
-    { ccErrBadName,		KRB5_CC_BADNAME },
-    { ccErrCredentialsNotFound,	KRB5_CC_NOTFOUND },
-    { ccErrCCacheNotFound,	KRB5_FCC_NOFILE },
-    { ccErrContextNotFound,	KRB5_CC_NOTFOUND },
-    { ccIteratorEnd,		KRB5_CC_END },
-    { ccErrNoMem,		KRB5_CC_NOMEM },
-    { ccErrServerUnavailable,	KRB5_CC_NOSUPP },
-    { ccNoError,		0 }
-};
-
-static krb5_error_code
-translate_cc_error(krb5_context context, cc_int32 error)
-{
-    int i;
-    krb5_clear_error_string(context);
-    for(i = 0; i < sizeof(cc_errors)/sizeof(cc_errors[0]); i++)
-	if (cc_errors[i].error == error)
-	    return cc_errors[i].ret;
-    return KRB5_FCC_INTERNAL;
-}
-
-static krb5_error_code
-init_ccapi(krb5_context context)
-{
-    const char *lib;
-
-    HEIMDAL_MUTEX_lock(&acc_mutex);
-    if (init_func) {
-	HEIMDAL_MUTEX_unlock(&acc_mutex);
-	krb5_clear_error_string(context);
-	return 0;
-    }
-
-    lib = krb5_config_get_string(context, NULL,
-				 "libdefaults", "ccapi_library", 
-				 NULL);
-    if (lib == NULL) {
-#ifdef __APPLE__
-	lib = "/System/Library/Frameworks/Kerberos.framework/Kerberos";
-#else
-	lib = "/usr/lib/libkrb5_cc.so";
-#endif
-    }
-
-#ifdef HAVE_DLOPEN
-
-#ifndef RTLD_LAZY
-#define RTLD_LAZY 0
-#endif
-
-    cc_handle = dlopen(lib, RTLD_LAZY);
-    if (cc_handle == NULL) {
-	HEIMDAL_MUTEX_unlock(&acc_mutex);
-	krb5_set_error_string(context, "Failed to load %s", lib);
-	return KRB5_CC_NOSUPP;
-    }
-
-    init_func = (cc_initialize_func)dlsym(cc_handle, "cc_initialize");
-    HEIMDAL_MUTEX_unlock(&acc_mutex);
-    if (init_func == NULL) {
-	krb5_set_error_string(context, "Failed to find cc_initialize"
-			      "in %s: %s", lib, dlerror());
-	dlclose(cc_handle);
-	return KRB5_CC_NOSUPP;
-    }
-
-    return 0;
-#else
-    HEIMDAL_MUTEX_unlock(&acc_mutex);
-    krb5_set_error_string(context, "no support for shared object");
-    return KRB5_CC_NOSUPP;
-#endif
-}    
-
-static krb5_error_code
-make_cred_from_ccred(krb5_context context,
-		     const cc_credentials_v5_t *incred,
-		     krb5_creds *cred)
-{
-    krb5_error_code ret;
-    int i;
-
-    memset(cred, 0, sizeof(*cred));
-
-    ret = krb5_parse_name(context, incred->client, &cred->client);
-    if (ret)
-	goto fail;
-
-    ret = krb5_parse_name(context, incred->server, &cred->server);
-    if (ret)
-	goto fail;
-
-    cred->session.keytype = incred->keyblock.type;
-    cred->session.keyvalue.length = incred->keyblock.length;
-    cred->session.keyvalue.data = malloc(incred->keyblock.length);
-    if (cred->session.keyvalue.data == NULL)
-	goto nomem;
-    memcpy(cred->session.keyvalue.data, incred->keyblock.data,
-	   incred->keyblock.length);
-
-    cred->times.authtime = incred->authtime;
-    cred->times.starttime = incred->starttime;
-    cred->times.endtime = incred->endtime;
-    cred->times.renew_till = incred->renew_till;
-
-    ret = krb5_data_copy(&cred->ticket,
-			 incred->ticket.data,
-			 incred->ticket.length);
-    if (ret)
-	goto nomem;
-
-    ret = krb5_data_copy(&cred->second_ticket,
-			 incred->second_ticket.data,
-			 incred->second_ticket.length);
-    if (ret)
-	goto nomem;
-
-    cred->authdata.val = NULL;
-    cred->authdata.len = 0;
-    
-    cred->addresses.val = NULL;
-    cred->addresses.len = 0;
-    
-    for (i = 0; incred->authdata && incred->authdata[i]; i++)
-	;
-    
-    if (i) {
-	cred->authdata.val = calloc(i, sizeof(cred->authdata.val[0]));
-	if (cred->authdata.val == NULL)
-	    goto nomem;
-	cred->authdata.len = i;
-	for (i = 0; i < cred->authdata.len; i++) {
-	    cred->authdata.val[i].ad_type = incred->authdata[i]->type;
-	    ret = krb5_data_copy(&cred->authdata.val[i].ad_data,
-				 incred->authdata[i]->data,
-				 incred->authdata[i]->length);
-	    if (ret)
-		goto nomem;
-	}
-    }
-    
-    for (i = 0; incred->addresses && incred->addresses[i]; i++)
-	;
-    
-    if (i) {
-	cred->addresses.val = calloc(i, sizeof(cred->addresses.val[0]));
-	if (cred->addresses.val == NULL)
-	    goto nomem;
-	cred->addresses.len = i;
-	
-	for (i = 0; i < cred->addresses.len; i++) {
-	    cred->addresses.val[i].addr_type = incred->addresses[i]->type;
-	    ret = krb5_data_copy(&cred->addresses.val[i].address,
-				 incred->addresses[i]->data,
-				 incred->addresses[i]->length);
-	    if (ret)
-		goto nomem;
-	}
-    }
-    
-    cred->flags.i = 0;
-    if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_FORWARDABLE)
-	cred->flags.b.forwardable = 1;
-    if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_FORWARDED)
-	cred->flags.b.forwarded = 1;
-    if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_PROXIABLE)
-	cred->flags.b.proxiable = 1;
-    if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_PROXY)
-	cred->flags.b.proxy = 1;
-    if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_MAY_POSTDATE)
-	cred->flags.b.may_postdate = 1;
-    if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_POSTDATED)
-	cred->flags.b.postdated = 1;
-    if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_INVALID)
-	cred->flags.b.invalid = 1;
-    if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_RENEWABLE)
-	cred->flags.b.renewable = 1;
-    if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_INITIAL)
-	cred->flags.b.initial = 1;
-    if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_PRE_AUTH)
-	cred->flags.b.pre_authent = 1;
-    if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_HW_AUTH)
-	cred->flags.b.hw_authent = 1;
-    if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_TRANSIT_POLICY_CHECKED)
-	cred->flags.b.transited_policy_checked = 1;
-    if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_OK_AS_DELEGATE)
-	cred->flags.b.ok_as_delegate = 1;
-    if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_ANONYMOUS)
-	cred->flags.b.anonymous = 1;
-
-    return 0;
-    
-nomem:
-    ret = ENOMEM;
-    krb5_set_error_string(context, "malloc - out of memory");
-    
-fail:
-    krb5_free_cred_contents(context, cred);
-    return ret;
-}
-
-static void
-free_ccred(cc_credentials_v5_t *cred)
-{
-    int i;
-
-    if (cred->addresses) {
-	for (i = 0; cred->addresses[i] != 0; i++) {
-	    if (cred->addresses[i]->data)
-		free(cred->addresses[i]->data);
-	    free(cred->addresses[i]);
-	}
-	free(cred->addresses);
-    }
-    if (cred->server)
-	free(cred->server);
-    if (cred->client)
-	free(cred->client);
-    memset(cred, 0, sizeof(*cred));
-}
-
-static krb5_error_code
-make_ccred_from_cred(krb5_context context,
-		     const krb5_creds *incred,
-		     cc_credentials_v5_t *cred)
-{
-    krb5_error_code ret;
-    int i;
-
-    memset(cred, 0, sizeof(*cred));
-
-    ret = krb5_unparse_name(context, incred->client, &cred->client);
-    if (ret)
-	goto fail;
-
-    ret = krb5_unparse_name(context, incred->server, &cred->server);
-    if (ret)
-	goto fail;
-
-    cred->keyblock.type = incred->session.keytype;
-    cred->keyblock.length = incred->session.keyvalue.length;
-    cred->keyblock.data = incred->session.keyvalue.data;
-
-    cred->authtime = incred->times.authtime;
-    cred->starttime = incred->times.starttime;
-    cred->endtime = incred->times.endtime;
-    cred->renew_till = incred->times.renew_till;
-
-    cred->ticket.length = incred->ticket.length;
-    cred->ticket.data = incred->ticket.data;
-
-    cred->second_ticket.length = incred->second_ticket.length;
-    cred->second_ticket.data = incred->second_ticket.data;
-
-    /* XXX this one should also be filled in */
-    cred->authdata = NULL;
-    
-    cred->addresses = calloc(incred->addresses.len + 1, 
-			     sizeof(cred->addresses[0]));
-    if (cred->addresses == NULL) {
-
-	ret = ENOMEM;
-	goto fail;
-    }
-
-    for (i = 0; i < incred->addresses.len; i++) {
-	cc_data *addr;
-	addr = malloc(sizeof(*addr));
-	if (addr == NULL) {
-	    ret = ENOMEM;
-	    goto fail;
-	}
-	addr->type = incred->addresses.val[i].addr_type;
-	addr->length = incred->addresses.val[i].address.length;
-	addr->data = malloc(addr->length);
-	if (addr->data == NULL) {
-	    ret = ENOMEM;
-	    goto fail;
-	}
-	memcpy(addr->data, incred->addresses.val[i].address.data, 
-	       addr->length);
-	cred->addresses[i] = addr;
-    }
-    cred->addresses[i] = NULL;
-
-    cred->ticket_flags = 0;
-    if (incred->flags.b.forwardable)
-	cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_FORWARDABLE;
-    if (incred->flags.b.forwarded)
-	cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_FORWARDED;
-    if (incred->flags.b.proxiable)
-	cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_PROXIABLE;
-    if (incred->flags.b.proxy)
-	cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_PROXY;
-    if (incred->flags.b.may_postdate)
-	cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_MAY_POSTDATE;
-    if (incred->flags.b.postdated)
-	cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_POSTDATED;
-    if (incred->flags.b.invalid)
-	cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_INVALID;
-    if (incred->flags.b.renewable)
-	cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_RENEWABLE;
-    if (incred->flags.b.initial)
-	cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_INITIAL;
-    if (incred->flags.b.pre_authent)
-	cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_PRE_AUTH;
-    if (incred->flags.b.hw_authent)
-	cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_HW_AUTH;
-    if (incred->flags.b.transited_policy_checked)
-	cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_TRANSIT_POLICY_CHECKED;
-    if (incred->flags.b.ok_as_delegate)
-	cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_OK_AS_DELEGATE;
-    if (incred->flags.b.anonymous)
-	cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_ANONYMOUS;
-
-    return 0;
-
-fail:    
-    free_ccred(cred);
-
-    krb5_clear_error_string(context);
-    return ret;
-}
-
-static char *
-get_cc_name(cc_ccache_t cache)
-{
-    cc_string_t name;
-    cc_int32 error;
-    char *str;
-
-    error = (*cache->func->get_name)(cache, &name);
-    if (error)
-	return NULL;
-
-    str = strdup(name->data);
-    (*name->func->release)(name);
-    return str;
-}
-
-
-static const char*
-acc_get_name(krb5_context context,
-	     krb5_ccache id)
-{
-    krb5_acc *a = ACACHE(id);
-    static char n[255];
-    char *name;
-
-    name = get_cc_name(a->ccache);
-    if (name == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return NULL;
-    }
-    strlcpy(n, name, sizeof(n));
-    free(name);
-    return n;
-}
-
-static krb5_error_code
-acc_alloc(krb5_context context, krb5_ccache *id)
-{
-    krb5_error_code ret;
-    cc_int32 error;
-    krb5_acc *a;
-
-    ret = init_ccapi(context);
-    if (ret)
-	return ret;
-
-    ret = krb5_data_alloc(&(*id)->data, sizeof(*a));
-    if (ret) {
-	krb5_clear_error_string(context);
-	return ret;
-    }
-    
-    a = ACACHE(*id);
-
-    error = (*init_func)(&a->context, ccapi_version_3, NULL, NULL);
-    if (error) {
-	krb5_data_free(&(*id)->data);
-	return translate_cc_error(context, error);
-    }
-
-    a->cache_name = NULL;
-
-    return 0;
-}
-
-static krb5_error_code
-acc_resolve(krb5_context context, krb5_ccache *id, const char *res)
-{
-    krb5_error_code ret;
-    cc_int32 error;
-    krb5_acc *a;
-
-    ret = acc_alloc(context, id);
-    if (ret)
-	return ret;
-
-    a = ACACHE(*id);
-
-    error = (*a->context->func->open_ccache)(a->context, res,
-					     &a->ccache);
-    if (error == 0) {
-	a->cache_name = get_cc_name(a->ccache);
-	if (a->cache_name == NULL) {
-	    acc_close(context, *id);
-	    *id = NULL;
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-    } else if (error == ccErrCCacheNotFound) {
-	a->ccache = NULL;
-	a->cache_name = NULL;
-	error = 0;
-    } else {
-	*id = NULL;
-	return translate_cc_error(context, error);
-    }
-
-    return 0;
-}
-
-static krb5_error_code
-acc_gen_new(krb5_context context, krb5_ccache *id)
-{
-    krb5_error_code ret;
-    krb5_acc *a;
-
-    ret = acc_alloc(context, id);
-    if (ret)
-	return ret;
-
-    a = ACACHE(*id);
-
-    a->ccache = NULL;
-    a->cache_name = NULL;
-
-    return 0;
-}
-
-static krb5_error_code
-acc_initialize(krb5_context context,
-	       krb5_ccache id,
-	       krb5_principal primary_principal)
-{
-    krb5_acc *a = ACACHE(id);
-    krb5_error_code ret;
-    int32_t error;
-    char *name;
-
-    ret = krb5_unparse_name(context, primary_principal, &name);
-    if (ret)
-	return ret;
-
-    error = (*a->context->func->create_new_ccache)(a->context,
-						   cc_credentials_v5,
-						   name,
-						   &a->ccache);
-    free(name);
-
-    return translate_cc_error(context, error);
-}
-
-static krb5_error_code
-acc_close(krb5_context context,
-	  krb5_ccache id)
-{
-    krb5_acc *a = ACACHE(id);
-
-    if (a->ccache) {
-	(*a->ccache->func->release)(a->ccache);
-	a->ccache = NULL;
-    }
-    if (a->cache_name) {
-	free(a->cache_name);
-	a->cache_name = NULL;
-    }
-    (*a->context->func->release)(a->context);
-    a->context = NULL;
-    krb5_data_free(&id->data);
-    return 0;
-}
-
-static krb5_error_code
-acc_destroy(krb5_context context,
-	    krb5_ccache id)
-{
-    krb5_acc *a = ACACHE(id);
-    cc_int32 error = 0;
-
-    if (a->ccache) {
-	error = (*a->ccache->func->destroy)(a->ccache);
-	a->ccache = NULL;
-    }
-    if (a->context) {
-	error = (a->context->func->release)(a->context);
-	a->context = NULL;
-    }
-    return translate_cc_error(context, error);
-}
-
-static krb5_error_code
-acc_store_cred(krb5_context context,
-	       krb5_ccache id,
-	       krb5_creds *creds)
-{
-    krb5_acc *a = ACACHE(id);
-    cc_credentials_union cred;
-    cc_credentials_v5_t v5cred;
-    krb5_error_code ret;
-    cc_int32 error;
-    
-    if (a->ccache == NULL) {
-	krb5_set_error_string(context, "No API credential found");
-	return KRB5_CC_NOTFOUND;
-    }
-
-    cred.version = cc_credentials_v5;
-    cred.credentials.credentials_v5 = &v5cred;
-
-    ret = make_ccred_from_cred(context, 
-			       creds,
-			       &v5cred);
-    if (ret)
-	return ret;
-
-    error = (*a->ccache->func->store_credentials)(a->ccache, &cred);
-    if (error)
-	ret = translate_cc_error(context, error);
-
-    free_ccred(&v5cred);
-
-    return ret;
-}
-
-static krb5_error_code
-acc_get_principal(krb5_context context,
-		  krb5_ccache id,
-		  krb5_principal *principal)
-{
-    krb5_acc *a = ACACHE(id);
-    krb5_error_code ret;
-    int32_t error;
-    cc_string_t name;
-
-    if (a->ccache == NULL) {
-	krb5_set_error_string(context, "No API credential found");
-	return KRB5_CC_NOTFOUND;
-    }
-
-    error = (*a->ccache->func->get_principal)(a->ccache,
-					      cc_credentials_v5,
-					      &name);
-    if (error)
-	return translate_cc_error(context, error);
-    
-    ret = krb5_parse_name(context, name->data, principal);
-    
-    (*name->func->release)(name);
-    return ret;
-}
-
-static krb5_error_code
-acc_get_first (krb5_context context,
-	       krb5_ccache id,
-	       krb5_cc_cursor *cursor)
-{
-    cc_credentials_iterator_t iter;
-    krb5_acc *a = ACACHE(id);
-    int32_t error;
-    
-    if (a->ccache == NULL) {
-	krb5_set_error_string(context, "No API credential found");
-	return KRB5_CC_NOTFOUND;
-    }
-
-    error = (*a->ccache->func->new_credentials_iterator)(a->ccache, &iter);
-    if (error) {
-	krb5_clear_error_string(context);
-	return ENOENT;
-    }
-    *cursor = iter;
-    return 0;
-}
-
-
-static krb5_error_code
-acc_get_next (krb5_context context,
-	      krb5_ccache id,
-	      krb5_cc_cursor *cursor,
-	      krb5_creds *creds)
-{
-    cc_credentials_iterator_t iter = *cursor;
-    cc_credentials_t cred;
-    krb5_error_code ret;
-    int32_t error;
-
-    while (1) {
-	error = (*iter->func->next)(iter, &cred);
-	if (error)
-	    return translate_cc_error(context, error);
-	if (cred->data->version == cc_credentials_v5)
-	    break;
-	(*cred->func->release)(cred);
-    }
-
-    ret = make_cred_from_ccred(context, 
-			       cred->data->credentials.credentials_v5,
-			       creds);
-    (*cred->func->release)(cred);
-    return ret;
-}
-
-static krb5_error_code
-acc_end_get (krb5_context context,
-	     krb5_ccache id,
-	     krb5_cc_cursor *cursor)
-{
-    cc_credentials_iterator_t iter = *cursor;
-    (*iter->func->release)(iter);
-    return 0;
-}
-
-static krb5_error_code
-acc_remove_cred(krb5_context context,
-		krb5_ccache id,
-		krb5_flags which,
-		krb5_creds *cred)
-{
-    cc_credentials_iterator_t iter;
-    krb5_acc *a = ACACHE(id);
-    cc_credentials_t ccred;
-    krb5_error_code ret;
-    cc_int32 error;
-    char *client, *server;
-    
-    if (a->ccache == NULL) {
-	krb5_set_error_string(context, "No API credential found");
-	return KRB5_CC_NOTFOUND;
-    }
-
-    if (cred->client) {
-	ret = krb5_unparse_name(context, cred->client, &client);
-	if (ret)
-	    return ret;
-    } else
-	client = NULL;
-
-    ret = krb5_unparse_name(context, cred->server, &server);
-    if (ret) {
-	free(client);
-	return ret;
-    }
-
-    error = (*a->ccache->func->new_credentials_iterator)(a->ccache, &iter);
-    if (error) {
-	free(server);
-	free(client);
-	return translate_cc_error(context, error);
-    }
-
-    ret = KRB5_CC_NOTFOUND;
-    while (1) {
-	cc_credentials_v5_t *v5cred;
-
-	error = (*iter->func->next)(iter, &ccred);
-	if (error)
-	    break;
-
-	if (ccred->data->version != cc_credentials_v5)
-	    goto next;
-
-	v5cred = ccred->data->credentials.credentials_v5;
-
-	if (client && strcmp(v5cred->client, client) != 0)
-	    goto next;
-
-	if (strcmp(v5cred->server, server) != 0)
-	    goto next;
-
-	(*a->ccache->func->remove_credentials)(a->ccache, ccred);
-	ret = 0;
-    next:
-	(*ccred->func->release)(ccred);
-    }
-
-    (*iter->func->release)(iter);
-
-    if (ret)
-	krb5_set_error_string(context, "Can't find credential %s in cache", 
-			      server);
-    free(server);
-    free(client);
-
-    return ret;
-}
-
-static krb5_error_code
-acc_set_flags(krb5_context context,
-	      krb5_ccache id,
-	      krb5_flags flags)
-{
-    return 0;
-}
-
-static krb5_error_code
-acc_get_version(krb5_context context,
-		krb5_ccache id)
-{
-    return 0;
-}
-		    
-struct cache_iter {
-    cc_context_t context;
-    cc_ccache_iterator_t iter;
-};
-
-static krb5_error_code
-acc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor)
-{
-    struct cache_iter *iter;
-    krb5_error_code ret;
-    cc_int32 error;
-
-    ret = init_ccapi(context);
-    if (ret)
-	return ret;
-
-    iter = calloc(1, sizeof(*iter));
-    if (iter == NULL) {
-	krb5_set_error_string(context, "malloc - out of memory");
-	return ENOMEM;
-    }
-
-    error = (*init_func)(&iter->context, ccapi_version_3, NULL, NULL);
-    if (error) {
-	free(iter);
-	return translate_cc_error(context, error);
-    }
-
-    error = (*iter->context->func->new_ccache_iterator)(iter->context,
-							&iter->iter);
-    if (error) {
-	free(iter);
-	krb5_clear_error_string(context);
-	return ENOENT;
-    }
-    *cursor = iter;
-    return 0;
-}
-
-static krb5_error_code
-acc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id)
-{
-    struct cache_iter *iter = cursor;
-    cc_ccache_t cache;
-    krb5_acc *a;
-    krb5_error_code ret;
-    int32_t error;
-
-    error = (*iter->iter->func->next)(iter->iter, &cache);
-    if (error)
-	return translate_cc_error(context, error);
-
-    ret = _krb5_cc_allocate(context, &krb5_acc_ops, id);
-    if (ret) {
-	(*cache->func->release)(cache);
-	return ret;
-    }
-
-    ret = acc_alloc(context, id);
-    if (ret) {
-	(*cache->func->release)(cache);
-	free(*id);
-	return ret;
-    }
-
-    a = ACACHE(*id);
-    a->ccache = cache;
-
-    a->cache_name = get_cc_name(a->ccache);
-    if (a->cache_name == NULL) {
-	acc_close(context, *id);
-	*id = NULL;
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }	
-    return 0;
-}
-
-static krb5_error_code
-acc_end_cache_get(krb5_context context, krb5_cc_cursor cursor)
-{
-    struct cache_iter *iter = cursor;
-
-    (*iter->iter->func->release)(iter->iter);
-    iter->iter = NULL;
-    (*iter->context->func->release)(iter->context);
-    iter->context = NULL;
-    free(iter);
-    return 0;
-}
-
-static krb5_error_code
-acc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
-{
-    krb5_acc *afrom = ACACHE(from);
-    krb5_acc *ato = ACACHE(to);
-    int32_t error;
-
-    if (ato->ccache == NULL) {
-	cc_string_t name;
-
-	error = (*afrom->ccache->func->get_principal)(afrom->ccache,
-						      cc_credentials_v5,
-						      &name);
-	if (error)
-	    return translate_cc_error(context, error);
-    
-	error = (*ato->context->func->create_new_ccache)(ato->context,
-							 cc_credentials_v5,
-							 name->data,
-							 &ato->ccache);
-	(*name->func->release)(name);
-	if (error)
-	    return translate_cc_error(context, error);
-    }
-
-
-    error = (*ato->ccache->func->move)(afrom->ccache, ato->ccache);
-    return translate_cc_error(context, error);
-}
-
-static krb5_error_code
-acc_default_name(krb5_context context, char **str)
-{
-    krb5_error_code ret;
-    cc_context_t cc;
-    cc_string_t name;
-    int32_t error;
-
-    ret = init_ccapi(context);
-    if (ret)
-	return ret;
-
-    error = (*init_func)(&cc, ccapi_version_3, NULL, NULL);
-    if (error)
-	return translate_cc_error(context, error);
-
-    error = (*cc->func->get_default_ccache_name)(cc, &name);
-    if (error) {
-	(*cc->func->release)(cc);
-	return translate_cc_error(context, error);
-    }
-	
-    asprintf(str, "API:%s", name->data);
-    (*name->func->release)(name);
-    (*cc->func->release)(cc);
-
-    if (*str == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    return 0;
-}
-
-
-/**
- * Variable containing the API based credential cache implemention.
- *
- * @ingroup krb5_ccache
- */
-
-const krb5_cc_ops krb5_acc_ops = {
-    "API",
-    acc_get_name,
-    acc_resolve,
-    acc_gen_new,
-    acc_initialize,
-    acc_destroy,
-    acc_close,
-    acc_store_cred,
-    NULL, /* acc_retrieve */
-    acc_get_principal,
-    acc_get_first,
-    acc_get_next,
-    acc_end_get,
-    acc_remove_cred,
-    acc_set_flags,
-    acc_get_version,
-    acc_get_cache_first,
-    acc_get_cache_next,
-    acc_end_cache_get,
-    acc_move,
-    acc_default_name
-};
diff --git a/crypto/heimdal/lib/krb5/acl.c b/crypto/heimdal/lib/krb5/acl.c
deleted file mode 100644
index cab68367f80a..000000000000
--- a/crypto/heimdal/lib/krb5/acl.c
+++ /dev/null
@@ -1,293 +0,0 @@
-/*
- * Copyright (c) 2000 - 2002, 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb5_locl.h"
-#include <fnmatch.h>
-
-RCSID("$Id: acl.c 22119 2007-12-03 22:02:48Z lha $");
-
-struct acl_field {
-    enum { acl_string, acl_fnmatch, acl_retval } type;
-    union {
-	const char *cstr;
-	char **retv;
-    } u;
-    struct acl_field *next, **last;
-};
-
-static void
-free_retv(struct acl_field *acl)
-{
-    while(acl != NULL) {
-	if (acl->type == acl_retval) {
-	    if (*acl->u.retv)
-		free(*acl->u.retv);
-	    *acl->u.retv = NULL;
-	}
-	acl = acl->next;
-    }
-}
-
-static void
-acl_free_list(struct acl_field *acl, int retv)
-{
-    struct acl_field *next;
-    if (retv)
-	free_retv(acl);
-    while(acl != NULL) {
-	next = acl->next;
-	free(acl);
-	acl = next;
-    }
-}
-
-static krb5_error_code
-acl_parse_format(krb5_context context,
-		 struct acl_field **acl_ret,
-		 const char *format,
-		 va_list ap)
-{
-    const char *p;
-    struct acl_field *acl = NULL, *tmp;
-
-    for(p = format; *p != '\0'; p++) {
-	tmp = malloc(sizeof(*tmp));
-	if(tmp == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    acl_free_list(acl, 0);
-	    return ENOMEM;
-	}
-	if(*p == 's') {
-	    tmp->type = acl_string;
-	    tmp->u.cstr = va_arg(ap, const char*);
-	} else if(*p == 'f') {
-	    tmp->type = acl_fnmatch;
-	    tmp->u.cstr = va_arg(ap, const char*);
-	} else if(*p == 'r') {
-	    tmp->type = acl_retval;
-	    tmp->u.retv = va_arg(ap, char **);
-	    *tmp->u.retv = NULL;
-	} else {
-	    krb5_set_error_string(context, "acl_parse_format: "
-				  "unknown format specifier %c", *p);
-	    acl_free_list(acl, 0);
-	    free(tmp);
-	    return EINVAL;
-	}
-	tmp->next = NULL;
-	if(acl == NULL)
-	    acl = tmp;
-	else
-	    *acl->last = tmp;
-	acl->last = &tmp->next;
-    }
-    *acl_ret = acl;
-    return 0;
-}
-
-static krb5_boolean
-acl_match_field(krb5_context context,
-		const char *string,
-		struct acl_field *field)
-{
-    if(field->type == acl_string) {
-	return !strcmp(field->u.cstr, string);
-    } else if(field->type == acl_fnmatch) {
-	return !fnmatch(field->u.cstr, string, 0);
-    } else if(field->type == acl_retval) {
-	*field->u.retv = strdup(string);
-	return TRUE;
-    }
-    return FALSE;
-}
-
-static krb5_boolean
-acl_match_acl(krb5_context context,
-	      struct acl_field *acl,
-	      const char *string)
-{
-    char buf[256];
-    while(strsep_copy(&string, " \t", buf, sizeof(buf)) != -1) {
-	if(buf[0] == '\0')
-	    continue; /* skip ws */
-	if (acl == NULL)
-	    return FALSE;
-	if(!acl_match_field(context, buf, acl)) {
-	    return FALSE;
-	}
-	acl = acl->next;
-    }
-    if (acl)
-	return FALSE;
-    return TRUE;
-}
-
-/**
- * krb5_acl_match_string matches ACL format against a string.
- *
- * The ACL format has three format specifiers: s, f, and r.  Each
- * specifier will retrieve one argument from the variable arguments
- * for either matching or storing data.  The input string is split up
- * using " " (space) and "\t" (tab) as a delimiter; multiple and "\t"
- * in a row are considered to be the same.
- *
- * List of format specifiers:
- * - s Matches a string using strcmp(3) (case sensitive).
- * - f Matches the string with fnmatch(3). Theflags
- *     argument (the last argument) passed to the fnmatch function is 0.
- * - r Returns a copy of the string in the char ** passed in; the copy
- *     must be freed with free(3). There is no need to free(3) the
- *     string on error: the function will clean up and set the pointer
- *     to NULL.
- *
- * @param context Kerberos 5 context
- * @param string string to match with
- * @param format format to match
- * @param ... parameter to format string
- *
- * @return Return an error code or 0.
- *
- *
- * @code
- * char *s;
- * 
- * ret = krb5_acl_match_string(context, "foo", "s", "foo");
- * if (ret)
- *     krb5_errx(context, 1, "acl didn't match");
- * ret = krb5_acl_match_string(context, "foo foo baz/kaka",
- *     "ss", "foo", &s, "foo/\\*");
- * if (ret) {
- *     // no need to free(s) on error
- *     assert(s == NULL);
- *     krb5_errx(context, 1, "acl didn't match");
- * }
- * free(s);
- * @endcode
- *
- * @sa krb5_acl_match_file
- * @ingroup krb5_support
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_acl_match_string(krb5_context context,
-		      const char *string,
-		      const char *format,
-		      ...)
-{
-    krb5_error_code ret;
-    krb5_boolean found;
-    struct acl_field *acl;
-
-    va_list ap;
-    va_start(ap, format);
-    ret = acl_parse_format(context, &acl, format, ap);
-    va_end(ap);
-    if(ret)
-	return ret;
-
-    found = acl_match_acl(context, acl, string);
-    acl_free_list(acl, !found);
-    if (found) {
-	return 0;
-    } else {
-	krb5_set_error_string(context, "ACL did not match");
-	return EACCES;
-    }
-}
-	       
-/**
- * krb5_acl_match_file matches ACL format against each line in a file
- * using krb5_acl_match_string(). Lines starting with # are treated
- * like comments and ignored.
- *
- * @param context Kerberos 5 context.
- * @param file file with acl listed in the file.
- * @param format format to match.
- * @param ... parameter to format string.
- *
- * @return Return an error code or 0.
- *
- * @sa krb5_acl_match_string
- * @ingroup krb5_support
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_acl_match_file(krb5_context context,
-		    const char *file,
-		    const char *format,
-		    ...)
-{
-    krb5_error_code ret;
-    struct acl_field *acl;
-    char buf[256];
-    va_list ap;
-    FILE *f;
-    krb5_boolean found;
-
-    f = fopen(file, "r");
-    if(f == NULL) {
-	int save_errno = errno;
-
-	krb5_set_error_string(context, "open(%s): %s", file,
-			      strerror(save_errno));
-	return save_errno;
-    }
-
-    va_start(ap, format);
-    ret = acl_parse_format(context, &acl, format, ap);
-    va_end(ap);
-    if(ret) {
-	fclose(f);
-	return ret;
-    }
-
-    found = FALSE;
-    while(fgets(buf, sizeof(buf), f)) {
-	if(buf[0] == '#')
-	    continue;
-	if(acl_match_acl(context, acl, buf)) {
-	    found = TRUE;
-	    break;
-	}
-	free_retv(acl);
-    }
-
-    fclose(f);
-    acl_free_list(acl, !found);
-    if (found) {
-	return 0;
-    } else {
-	krb5_set_error_string(context, "ACL did not match");
-	return EACCES;
-    }
-}
diff --git a/crypto/heimdal/lib/krb5/add_et_list.c b/crypto/heimdal/lib/krb5/add_et_list.c
deleted file mode 100644
index a6005c685903..000000000000
--- a/crypto/heimdal/lib/krb5/add_et_list.c
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: add_et_list.c 13713 2004-04-13 14:33:45Z lha $");
-
-/*
- * Add a specified list of error messages to the et list in context.
- * Call func (probably a comerr-generated function) with a pointer to
- * the current et_list.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_add_et_list (krb5_context context,
-		  void (*func)(struct et_list **))
-{
-    (*func)(&context->et_list);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/addr_families.c b/crypto/heimdal/lib/krb5/addr_families.c
deleted file mode 100644
index f364f5974d47..000000000000
--- a/crypto/heimdal/lib/krb5/addr_families.c
+++ /dev/null
@@ -1,1463 +0,0 @@
-/*
- * Copyright (c) 1997-2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: addr_families.c 22039 2007-11-10 11:47:35Z lha $");
-
-struct addr_operations {
-    int af;
-    krb5_address_type atype;
-    size_t max_sockaddr_size;
-    krb5_error_code (*sockaddr2addr)(const struct sockaddr *, krb5_address *);
-    krb5_error_code (*sockaddr2port)(const struct sockaddr *, int16_t *);
-    void (*addr2sockaddr)(const krb5_address *, struct sockaddr *,
-			  krb5_socklen_t *sa_size, int port);
-    void (*h_addr2sockaddr)(const char *, struct sockaddr *, krb5_socklen_t *, int);
-    krb5_error_code (*h_addr2addr)(const char *, krb5_address *);
-    krb5_boolean (*uninteresting)(const struct sockaddr *);
-    void (*anyaddr)(struct sockaddr *, krb5_socklen_t *, int);
-    int (*print_addr)(const krb5_address *, char *, size_t);
-    int (*parse_addr)(krb5_context, const char*, krb5_address *);
-    int (*order_addr)(krb5_context, const krb5_address*, const krb5_address*);
-    int (*free_addr)(krb5_context, krb5_address*);
-    int (*copy_addr)(krb5_context, const krb5_address*, krb5_address*);
-    int (*mask_boundary)(krb5_context, const krb5_address*, unsigned long, 
-				     krb5_address*, krb5_address*);
-};
-
-/*
- * AF_INET - aka IPv4 implementation
- */
-
-static krb5_error_code
-ipv4_sockaddr2addr (const struct sockaddr *sa, krb5_address *a)
-{
-    const struct sockaddr_in *sin4 = (const struct sockaddr_in *)sa;
-    unsigned char buf[4];
-
-    a->addr_type = KRB5_ADDRESS_INET;
-    memcpy (buf, &sin4->sin_addr, 4);
-    return krb5_data_copy(&a->address, buf, 4);
-}
-
-static krb5_error_code
-ipv4_sockaddr2port (const struct sockaddr *sa, int16_t *port)
-{
-    const struct sockaddr_in *sin4 = (const struct sockaddr_in *)sa;
-
-    *port = sin4->sin_port;
-    return 0;
-}
-
-static void
-ipv4_addr2sockaddr (const krb5_address *a,
-		    struct sockaddr *sa,
-		    krb5_socklen_t *sa_size,
-		    int port)
-{
-    struct sockaddr_in tmp;
-
-    memset (&tmp, 0, sizeof(tmp));
-    tmp.sin_family = AF_INET;
-    memcpy (&tmp.sin_addr, a->address.data, 4);
-    tmp.sin_port = port;
-    memcpy(sa, &tmp, min(sizeof(tmp), *sa_size));
-    *sa_size = sizeof(tmp);
-}
-
-static void
-ipv4_h_addr2sockaddr(const char *addr,
-		     struct sockaddr *sa,
-		     krb5_socklen_t *sa_size,
-		     int port)
-{
-    struct sockaddr_in tmp;
-
-    memset (&tmp, 0, sizeof(tmp));
-    tmp.sin_family = AF_INET;
-    tmp.sin_port   = port;
-    tmp.sin_addr   = *((const struct in_addr *)addr);
-    memcpy(sa, &tmp, min(sizeof(tmp), *sa_size));
-    *sa_size = sizeof(tmp);
-}
-
-static krb5_error_code
-ipv4_h_addr2addr (const char *addr,
-		  krb5_address *a)
-{
-    unsigned char buf[4];
-
-    a->addr_type = KRB5_ADDRESS_INET;
-    memcpy(buf, addr, 4);
-    return krb5_data_copy(&a->address, buf, 4);
-}
-
-/*
- * Are there any addresses that should be considered `uninteresting'?
- */
-
-static krb5_boolean
-ipv4_uninteresting (const struct sockaddr *sa)
-{
-    const struct sockaddr_in *sin4 = (const struct sockaddr_in *)sa;
-
-    if (sin4->sin_addr.s_addr == INADDR_ANY)
-	return TRUE;
-
-    return FALSE;
-}
-
-static void
-ipv4_anyaddr (struct sockaddr *sa, krb5_socklen_t *sa_size, int port)
-{
-    struct sockaddr_in tmp;
-
-    memset (&tmp, 0, sizeof(tmp));
-    tmp.sin_family = AF_INET;
-    tmp.sin_port   = port;
-    tmp.sin_addr.s_addr = INADDR_ANY;
-    memcpy(sa, &tmp, min(sizeof(tmp), *sa_size));
-    *sa_size = sizeof(tmp);
-}
-
-static int
-ipv4_print_addr (const krb5_address *addr, char *str, size_t len)
-{
-    struct in_addr ia;
-
-    memcpy (&ia, addr->address.data, 4);
-
-    return snprintf (str, len, "IPv4:%s", inet_ntoa(ia));
-}
-
-static int
-ipv4_parse_addr (krb5_context context, const char *address, krb5_address *addr)
-{
-    const char *p;
-    struct in_addr a;
-
-    p = strchr(address, ':');
-    if(p) {
-	p++;
-	if(strncasecmp(address, "ip:", p - address) != 0 &&
-	   strncasecmp(address, "ip4:", p - address) != 0 &&
-	   strncasecmp(address, "ipv4:", p - address) != 0 &&
-	   strncasecmp(address, "inet:", p - address) != 0)
-	    return -1;
-    } else
-	p = address;
-#ifdef HAVE_INET_ATON
-    if(inet_aton(p, &a) == 0)
-	return -1;
-#elif defined(HAVE_INET_ADDR)
-    a.s_addr = inet_addr(p);
-    if(a.s_addr == INADDR_NONE)
-	return -1;
-#else
-    return -1;
-#endif
-    addr->addr_type = KRB5_ADDRESS_INET;
-    if(krb5_data_alloc(&addr->address, 4) != 0)
-	return -1;
-    _krb5_put_int(addr->address.data, ntohl(a.s_addr), addr->address.length);
-    return 0;
-}
-
-static int
-ipv4_mask_boundary(krb5_context context, const krb5_address *inaddr,
-		   unsigned long len, krb5_address *low, krb5_address *high)
-{
-    unsigned long ia;
-    uint32_t l, h, m = 0xffffffff;
-
-    if (len > 32) {
-	krb5_set_error_string(context, "IPv4 prefix too large (%ld)", len);
-	return KRB5_PROG_ATYPE_NOSUPP;
-    }
-    m = m << (32 - len);
-
-    _krb5_get_int(inaddr->address.data, &ia, inaddr->address.length);
-
-    l = ia & m;
-    h = l | ~m;
-
-    low->addr_type = KRB5_ADDRESS_INET;
-    if(krb5_data_alloc(&low->address, 4) != 0)
-	return -1;
-    _krb5_put_int(low->address.data, l, low->address.length);
-
-    high->addr_type = KRB5_ADDRESS_INET;
-    if(krb5_data_alloc(&high->address, 4) != 0) {
-	krb5_free_address(context, low);
-	return -1;
-    }
-    _krb5_put_int(high->address.data, h, high->address.length);
-
-    return 0;
-}
-
-
-/*
- * AF_INET6 - aka IPv6 implementation
- */
-
-#ifdef HAVE_IPV6
-
-static krb5_error_code
-ipv6_sockaddr2addr (const struct sockaddr *sa, krb5_address *a)
-{
-    const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa;
-
-    if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) {
-	unsigned char buf[4];
-
-	a->addr_type      = KRB5_ADDRESS_INET;
-#ifndef IN6_ADDR_V6_TO_V4
-#ifdef IN6_EXTRACT_V4ADDR
-#define IN6_ADDR_V6_TO_V4(x) (&IN6_EXTRACT_V4ADDR(x))
-#else
-#define IN6_ADDR_V6_TO_V4(x) ((const struct in_addr *)&(x)->s6_addr[12])
-#endif
-#endif
-	memcpy (buf, IN6_ADDR_V6_TO_V4(&sin6->sin6_addr), 4);
-	return krb5_data_copy(&a->address, buf, 4);
-    } else {
-	a->addr_type = KRB5_ADDRESS_INET6;
-	return krb5_data_copy(&a->address,
-			      &sin6->sin6_addr,
-			      sizeof(sin6->sin6_addr));
-    }
-}
-
-static krb5_error_code
-ipv6_sockaddr2port (const struct sockaddr *sa, int16_t *port)
-{
-    const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa;
-
-    *port = sin6->sin6_port;
-    return 0;
-}
-
-static void
-ipv6_addr2sockaddr (const krb5_address *a,
-		    struct sockaddr *sa,
-		    krb5_socklen_t *sa_size,
-		    int port)
-{
-    struct sockaddr_in6 tmp;
-
-    memset (&tmp, 0, sizeof(tmp));
-    tmp.sin6_family = AF_INET6;
-    memcpy (&tmp.sin6_addr, a->address.data, sizeof(tmp.sin6_addr));
-    tmp.sin6_port = port;
-    memcpy(sa, &tmp, min(sizeof(tmp), *sa_size));
-    *sa_size = sizeof(tmp);
-}
-
-static void
-ipv6_h_addr2sockaddr(const char *addr,
-		     struct sockaddr *sa,
-		     krb5_socklen_t *sa_size,
-		     int port)
-{
-    struct sockaddr_in6 tmp;
-
-    memset (&tmp, 0, sizeof(tmp));
-    tmp.sin6_family = AF_INET6;
-    tmp.sin6_port   = port;
-    tmp.sin6_addr   = *((const struct in6_addr *)addr);
-    memcpy(sa, &tmp, min(sizeof(tmp), *sa_size));
-    *sa_size = sizeof(tmp);
-}
-
-static krb5_error_code
-ipv6_h_addr2addr (const char *addr,
-		  krb5_address *a)
-{
-    a->addr_type = KRB5_ADDRESS_INET6;
-    return krb5_data_copy(&a->address, addr, sizeof(struct in6_addr));
-}
-
-/*
- * 
- */
-
-static krb5_boolean
-ipv6_uninteresting (const struct sockaddr *sa)
-{
-    const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa;
-    const struct in6_addr *in6 = (const struct in6_addr *)&sin6->sin6_addr;
-    
-    return
-	IN6_IS_ADDR_LINKLOCAL(in6)
-	|| IN6_IS_ADDR_V4COMPAT(in6);
-}
-
-static void
-ipv6_anyaddr (struct sockaddr *sa, krb5_socklen_t *sa_size, int port)
-{
-    struct sockaddr_in6 tmp;
-
-    memset (&tmp, 0, sizeof(tmp));
-    tmp.sin6_family = AF_INET6;
-    tmp.sin6_port   = port;
-    tmp.sin6_addr   = in6addr_any;
-    *sa_size = sizeof(tmp);
-}
-
-static int
-ipv6_print_addr (const krb5_address *addr, char *str, size_t len)
-{
-    char buf[128], buf2[3];
-#ifdef HAVE_INET_NTOP
-    if(inet_ntop(AF_INET6, addr->address.data, buf, sizeof(buf)) == NULL)
-#endif
-	{
-	    /* XXX this is pretty ugly, but better than abort() */
-	    int i;
-	    unsigned char *p = addr->address.data;
-	    buf[0] = '\0';
-	    for(i = 0; i < addr->address.length; i++) {
-		snprintf(buf2, sizeof(buf2), "%02x", p[i]);
-		if(i > 0 && (i & 1) == 0)
-		    strlcat(buf, ":", sizeof(buf));
-		strlcat(buf, buf2, sizeof(buf));
-	    }
-	}
-    return snprintf(str, len, "IPv6:%s", buf);
-}
-
-static int
-ipv6_parse_addr (krb5_context context, const char *address, krb5_address *addr)
-{
-    int ret;
-    struct in6_addr in6;
-    const char *p;
-
-    p = strchr(address, ':');
-    if(p) {
-	p++;
-	if(strncasecmp(address, "ip6:", p - address) == 0 ||
-	   strncasecmp(address, "ipv6:", p - address) == 0 ||
-	   strncasecmp(address, "inet6:", p - address) == 0)
-	    address = p;
-    }
-
-    ret = inet_pton(AF_INET6, address, &in6.s6_addr);
-    if(ret == 1) {
-	addr->addr_type = KRB5_ADDRESS_INET6;
-	ret = krb5_data_alloc(&addr->address, sizeof(in6.s6_addr));
-	if (ret)
-	    return -1;
-	memcpy(addr->address.data, in6.s6_addr, sizeof(in6.s6_addr));
-	return 0;
-    }
-    return -1;
-}
-
-static int
-ipv6_mask_boundary(krb5_context context, const krb5_address *inaddr,
-		   unsigned long len, krb5_address *low, krb5_address *high)
-{
-    struct in6_addr addr, laddr, haddr;
-    uint32_t m;
-    int i, sub_len;
-
-    if (len > 128) {
-	krb5_set_error_string(context, "IPv6 prefix too large (%ld)", len);
-	return KRB5_PROG_ATYPE_NOSUPP;
-    }
-
-    if (inaddr->address.length != sizeof(addr)) {
-	krb5_set_error_string(context, "IPv6 addr bad length");
-	return KRB5_PROG_ATYPE_NOSUPP;
-    }
-
-    memcpy(&addr, inaddr->address.data, inaddr->address.length);
-
-    for (i = 0; i < 16; i++) {
-	sub_len = min(8, len);
-
-	m = 0xff << (8 - sub_len);
-	
-	laddr.s6_addr[i] = addr.s6_addr[i] & m;
-	haddr.s6_addr[i] = (addr.s6_addr[i] & m) | ~m;
-
-	if (len > 8)
-	    len -= 8;
-	else
-	    len = 0;
-    }
-
-    low->addr_type = KRB5_ADDRESS_INET6;
-    if (krb5_data_alloc(&low->address, sizeof(laddr.s6_addr)) != 0)
-	return -1;
-    memcpy(low->address.data, laddr.s6_addr, sizeof(laddr.s6_addr));
-
-    high->addr_type = KRB5_ADDRESS_INET6;
-    if (krb5_data_alloc(&high->address, sizeof(haddr.s6_addr)) != 0) {
-	krb5_free_address(context, low);
-	return -1;
-    }
-    memcpy(high->address.data, haddr.s6_addr, sizeof(haddr.s6_addr));
-
-    return 0;
-}
-
-#endif /* IPv6 */
-
-/*
- * table
- */
-
-#define KRB5_ADDRESS_ARANGE	(-100)
-
-struct arange {
-    krb5_address low;
-    krb5_address high;
-};
-
-static int
-arange_parse_addr (krb5_context context, 
-		   const char *address, krb5_address *addr)
-{
-    char buf[1024], *p;
-    krb5_address low0, high0;
-    struct arange *a;
-    krb5_error_code ret;
-    
-    if(strncasecmp(address, "RANGE:", 6) != 0)
-	return -1;
-    
-    address += 6;
-
-    p = strrchr(address, '/');
-    if (p) {
-	krb5_addresses addrmask;
-	char *q;
-	long num;
-
-	if (strlcpy(buf, address, sizeof(buf)) > sizeof(buf))
-	    return -1;
-	buf[p - address] = '\0';
-	ret = krb5_parse_address(context, buf, &addrmask);
-	if (ret)
-	    return ret;
-	if(addrmask.len != 1) {
-	    krb5_free_addresses(context, &addrmask);
-	    return -1;
-	}
-	
-	address += p - address + 1;
-
-	num = strtol(address, &q, 10);
-	if (q == address || *q != '\0' || num < 0) {
-	    krb5_free_addresses(context, &addrmask);
-	    return -1;
-	}
-
-	ret = krb5_address_prefixlen_boundary(context, &addrmask.val[0], num,
-					      &low0, &high0);
-	krb5_free_addresses(context, &addrmask);
-	if (ret)
-	    return ret;
-
-    } else {
-	krb5_addresses low, high;
-	
-	strsep_copy(&address, "-", buf, sizeof(buf));
-	ret = krb5_parse_address(context, buf, &low);
-	if(ret)
-	    return ret;
-	if(low.len != 1) {
-	    krb5_free_addresses(context, &low);
-	    return -1;
-	}
-	
-	strsep_copy(&address, "-", buf, sizeof(buf));
-	ret = krb5_parse_address(context, buf, &high);
-	if(ret) {
-	    krb5_free_addresses(context, &low);
-	    return ret;
-	}
-	
-	if(high.len != 1 && high.val[0].addr_type != low.val[0].addr_type) {
-	    krb5_free_addresses(context, &low);
-	    krb5_free_addresses(context, &high);
-	    return -1;
-	}
-
-	ret = krb5_copy_address(context, &high.val[0], &high0);
-	if (ret == 0) {
-	    ret = krb5_copy_address(context, &low.val[0], &low0);
-	    if (ret)
-		krb5_free_address(context, &high0);
-	}
-	krb5_free_addresses(context, &low);
-	krb5_free_addresses(context, &high);
-	if (ret)
-	    return ret;
-    }
-
-    krb5_data_alloc(&addr->address, sizeof(*a));
-    addr->addr_type = KRB5_ADDRESS_ARANGE;
-    a = addr->address.data;
-
-    if(krb5_address_order(context, &low0, &high0) < 0) {
-	a->low = low0;
-	a->high = high0;
-    } else {
-	a->low = high0;
-	a->high = low0;
-    }
-    return 0;
-}
-
-static int
-arange_free (krb5_context context, krb5_address *addr)
-{
-    struct arange *a;
-    a = addr->address.data;
-    krb5_free_address(context, &a->low);
-    krb5_free_address(context, &a->high);
-    krb5_data_free(&addr->address);
-    return 0;
-}
-
-
-static int
-arange_copy (krb5_context context, const krb5_address *inaddr, 
-	     krb5_address *outaddr)
-{
-    krb5_error_code ret;
-    struct arange *i, *o;
-
-    outaddr->addr_type = KRB5_ADDRESS_ARANGE;
-    ret = krb5_data_alloc(&outaddr->address, sizeof(*o));
-    if(ret)
-	return ret;
-    i = inaddr->address.data;
-    o = outaddr->address.data;
-    ret = krb5_copy_address(context, &i->low, &o->low);
-    if(ret) {
-	krb5_data_free(&outaddr->address);
-	return ret;
-    }
-    ret = krb5_copy_address(context, &i->high, &o->high);
-    if(ret) {
-	krb5_free_address(context, &o->low);
-	krb5_data_free(&outaddr->address);
-	return ret;
-    }
-    return 0;
-}
-
-static int
-arange_print_addr (const krb5_address *addr, char *str, size_t len)
-{
-    struct arange *a;
-    krb5_error_code ret;
-    size_t l, size, ret_len;
-
-    a = addr->address.data;
-
-    l = strlcpy(str, "RANGE:", len);
-    ret_len = l;
-    if (l > len)
-	l = len;
-    size = l;
-	
-    ret = krb5_print_address (&a->low, str + size, len - size, &l);
-    if (ret)
-	return ret;
-    ret_len += l;
-    if (len - size > l)
-	size += l;
-    else
-	size = len;
-
-    l = strlcat(str + size, "-", len - size);
-    ret_len += l;
-    if (len - size > l)
-	size += l;
-    else
-	size = len;
-
-    ret = krb5_print_address (&a->high, str + size, len - size, &l);
-    if (ret)
-	return ret;
-    ret_len += l;
-
-    return ret_len;
-}
-
-static int
-arange_order_addr(krb5_context context, 
-		  const krb5_address *addr1, 
-		  const krb5_address *addr2)
-{
-    int tmp1, tmp2, sign;
-    struct arange *a;
-    const krb5_address *a2;
-
-    if(addr1->addr_type == KRB5_ADDRESS_ARANGE) {
-	a = addr1->address.data;
-	a2 = addr2;
-	sign = 1;
-    } else if(addr2->addr_type == KRB5_ADDRESS_ARANGE) {
-	a = addr2->address.data;
-	a2 = addr1;
-	sign = -1;
-    } else
-	abort();
-	
-    if(a2->addr_type == KRB5_ADDRESS_ARANGE) {
-	struct arange *b = a2->address.data;
-	tmp1 = krb5_address_order(context, &a->low, &b->low);
-	if(tmp1 != 0)
-	    return sign * tmp1;
-	return sign * krb5_address_order(context, &a->high, &b->high);
-    } else if(a2->addr_type == a->low.addr_type) {
-	tmp1 = krb5_address_order(context, &a->low, a2);
-	if(tmp1 > 0)
-	    return sign;
-	tmp2 = krb5_address_order(context, &a->high, a2);
-	if(tmp2 < 0)
-	    return -sign;
-	return 0;
-    } else {
-	return sign * (addr1->addr_type - addr2->addr_type);
-    }
-}
-
-static int
-addrport_print_addr (const krb5_address *addr, char *str, size_t len)
-{
-    krb5_error_code ret;
-    krb5_address addr1, addr2;
-    uint16_t port = 0;
-    size_t ret_len = 0, l, size = 0;
-    krb5_storage *sp;
-
-    sp = krb5_storage_from_data((krb5_data*)rk_UNCONST(&addr->address));
-    /* for totally obscure reasons, these are not in network byteorder */
-    krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_LE);
-
-    krb5_storage_seek(sp, 2, SEEK_CUR); /* skip first two bytes */
-    krb5_ret_address(sp, &addr1);
-
-    krb5_storage_seek(sp, 2, SEEK_CUR); /* skip two bytes */
-    krb5_ret_address(sp, &addr2);
-    krb5_storage_free(sp);
-    if(addr2.addr_type == KRB5_ADDRESS_IPPORT && addr2.address.length == 2) {
-	unsigned long value;
-	_krb5_get_int(addr2.address.data, &value, 2);
-	port = value;
-    }
-    l = strlcpy(str, "ADDRPORT:", len);
-    ret_len += l;
-    if (len > l)
-	size += l;
-    else
-	size = len;
-
-    ret = krb5_print_address(&addr1, str + size, len - size, &l);
-    if (ret)
-	return ret;
-    ret_len += l;
-    if (len - size > l)
-	size += l;
-    else
-	size = len;
-
-    ret = snprintf(str + size, len - size, ",PORT=%u", port);
-    if (ret < 0)
-	return EINVAL;
-    ret_len += ret;
-    return ret_len;
-}
-
-static struct addr_operations at[] = {
-    {AF_INET,	KRB5_ADDRESS_INET, sizeof(struct sockaddr_in),
-     ipv4_sockaddr2addr, 
-     ipv4_sockaddr2port,
-     ipv4_addr2sockaddr,
-     ipv4_h_addr2sockaddr,
-     ipv4_h_addr2addr,
-     ipv4_uninteresting, ipv4_anyaddr, ipv4_print_addr, ipv4_parse_addr,
-     NULL, NULL, NULL, ipv4_mask_boundary },
-#ifdef HAVE_IPV6
-    {AF_INET6,	KRB5_ADDRESS_INET6, sizeof(struct sockaddr_in6),
-     ipv6_sockaddr2addr, 
-     ipv6_sockaddr2port,
-     ipv6_addr2sockaddr,
-     ipv6_h_addr2sockaddr,
-     ipv6_h_addr2addr,
-     ipv6_uninteresting, ipv6_anyaddr, ipv6_print_addr, ipv6_parse_addr,
-     NULL, NULL, NULL, ipv6_mask_boundary } ,
-#endif
-    {KRB5_ADDRESS_ADDRPORT, KRB5_ADDRESS_ADDRPORT, 0,
-     NULL, NULL, NULL, NULL, NULL, 
-     NULL, NULL, addrport_print_addr, NULL, NULL, NULL, NULL },
-    /* fake address type */
-    {KRB5_ADDRESS_ARANGE, KRB5_ADDRESS_ARANGE, sizeof(struct arange),
-     NULL, NULL, NULL, NULL, NULL, NULL, NULL,
-     arange_print_addr, arange_parse_addr, 
-     arange_order_addr, arange_free, arange_copy }
-};
-
-static int num_addrs = sizeof(at) / sizeof(at[0]);
-
-static size_t max_sockaddr_size = 0;
-
-/*
- * generic functions
- */
-
-static struct addr_operations *
-find_af(int af)
-{
-    struct addr_operations *a;
-
-    for (a = at; a < at + num_addrs; ++a)
-	if (af == a->af)
-	    return a;
-    return NULL;
-}
-
-static struct addr_operations *
-find_atype(int atype)
-{
-    struct addr_operations *a;
-
-    for (a = at; a < at + num_addrs; ++a)
-	if (atype == a->atype)
-	    return a;
-    return NULL;
-}
-
-/**
- * krb5_sockaddr2address stores a address a "struct sockaddr" sa in
- * the krb5_address addr. 
- *
- * @param context a Keberos context
- * @param sa a struct sockaddr to extract the address from
- * @param addr an Kerberos 5 address to store the address in.
- *
- * @return Return an error code or 0.
- *
- * @ingroup krb5_address
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_sockaddr2address (krb5_context context,
-		       const struct sockaddr *sa, krb5_address *addr)
-{
-    struct addr_operations *a = find_af(sa->sa_family);
-    if (a == NULL) {
-	krb5_set_error_string (context, "Address family %d not supported",
-			       sa->sa_family);
-	return KRB5_PROG_ATYPE_NOSUPP;
-    }
-    return (*a->sockaddr2addr)(sa, addr);
-}
-
-/**
- * krb5_sockaddr2port extracts a port (if possible) from a "struct
- * sockaddr.
- *
- * @param context a Keberos context
- * @param sa a struct sockaddr to extract the port from
- * @param port a pointer to an int16_t store the port in.
- *
- * @return Return an error code or 0. Will return
- * KRB5_PROG_ATYPE_NOSUPP in case address type is not supported.
- *
- * @ingroup krb5_address
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_sockaddr2port (krb5_context context,
-		    const struct sockaddr *sa, int16_t *port)
-{
-    struct addr_operations *a = find_af(sa->sa_family);
-    if (a == NULL) {
-	krb5_set_error_string (context, "Address family %d not supported",
-			       sa->sa_family);
-	return KRB5_PROG_ATYPE_NOSUPP;
-    }
-    return (*a->sockaddr2port)(sa, port);
-}
-
-/**
- * krb5_addr2sockaddr sets the "struct sockaddr sockaddr" from addr
- * and port. The argument sa_size should initially contain the size of
- * the sa and after the call, it will contain the actual length of the
- * address. In case of the sa is too small to fit the whole address,
- * the up to *sa_size will be stored, and then *sa_size will be set to
- * the required length.
- *
- * @param context a Keberos context
- * @param addr the address to copy the from
- * @param sa the struct sockaddr that will be filled in
- * @param sa_size pointer to length of sa, and after the call, it will
- * contain the actual length of the address.
- * @param port set port in sa.
- *
- * @return Return an error code or 0. Will return
- * KRB5_PROG_ATYPE_NOSUPP in case address type is not supported.
- *
- * @ingroup krb5_address
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_addr2sockaddr (krb5_context context,
-		    const krb5_address *addr,
-		    struct sockaddr *sa,
-		    krb5_socklen_t *sa_size,
-		    int port)
-{
-    struct addr_operations *a = find_atype(addr->addr_type);
-
-    if (a == NULL) {
-	krb5_set_error_string (context, "Address type %d not supported",
-			       addr->addr_type);
-	return KRB5_PROG_ATYPE_NOSUPP;
-    }
-    if (a->addr2sockaddr == NULL) {
-	krb5_set_error_string (context,
-			       "Can't convert address type %d to sockaddr",
-			       addr->addr_type);
-	return KRB5_PROG_ATYPE_NOSUPP;
-    }
-    (*a->addr2sockaddr)(addr, sa, sa_size, port);
-    return 0;
-}
-
-/**
- * krb5_max_sockaddr_size returns the max size of the .Li struct
- * sockaddr that the Kerberos library will return.
- *
- * @return Return an size_t of the maximum struct sockaddr.
- *
- * @ingroup krb5_address
- */
-
-size_t KRB5_LIB_FUNCTION
-krb5_max_sockaddr_size (void)
-{
-    if (max_sockaddr_size == 0) {
-	struct addr_operations *a;
-
-	for(a = at; a < at + num_addrs; ++a)
-	    max_sockaddr_size = max(max_sockaddr_size, a->max_sockaddr_size);
-    }
-    return max_sockaddr_size;
-}
-
-/**
- * krb5_sockaddr_uninteresting returns TRUE for all .Fa sa that the
- * kerberos library thinks are uninteresting.  One example are link
- * local addresses.
- *
- * @param sa pointer to struct sockaddr that might be interesting.
- *
- * @return Return a non zero for uninteresting addresses.
- *
- * @ingroup krb5_address
- */
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_sockaddr_uninteresting(const struct sockaddr *sa)
-{
-    struct addr_operations *a = find_af(sa->sa_family);
-    if (a == NULL || a->uninteresting == NULL)
-	return TRUE;
-    return (*a->uninteresting)(sa);
-}
-
-/**
- * krb5_h_addr2sockaddr initializes a "struct sockaddr sa" from af and
- * the "struct hostent" (see gethostbyname(3) ) h_addr_list
- * component. The argument sa_size should initially contain the size
- * of the sa, and after the call, it will contain the actual length of
- * the address.
- *
- * @param context a Keberos context
- * @param af addresses
- * @param addr address
- * @param sa returned struct sockaddr
- * @param sa_size size of sa
- * @param port port to set in sa.
- *
- * @return Return an error code or 0.
- *
- * @ingroup krb5_address
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_h_addr2sockaddr (krb5_context context,
-		      int af,
-		      const char *addr, struct sockaddr *sa,
-		      krb5_socklen_t *sa_size,
-		      int port)
-{
-    struct addr_operations *a = find_af(af);
-    if (a == NULL) {
-	krb5_set_error_string (context, "Address family %d not supported", af);
-	return KRB5_PROG_ATYPE_NOSUPP;
-    }
-    (*a->h_addr2sockaddr)(addr, sa, sa_size, port);
-    return 0;
-}
-
-/**
- * krb5_h_addr2addr works like krb5_h_addr2sockaddr with the exception
- * that it operates on a krb5_address instead of a struct sockaddr.
- *
- * @param context a Keberos context
- * @param af address family
- * @param haddr host address from struct hostent.
- * @param addr returned krb5_address.
- *
- * @return Return an error code or 0.
- *
- * @ingroup krb5_address
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_h_addr2addr (krb5_context context,
-		  int af,
-		  const char *haddr, krb5_address *addr)
-{
-    struct addr_operations *a = find_af(af);
-    if (a == NULL) {
-	krb5_set_error_string (context, "Address family %d not supported", af);
-	return KRB5_PROG_ATYPE_NOSUPP;
-    }
-    return (*a->h_addr2addr)(haddr, addr);
-}
-
-/**
- * krb5_anyaddr fills in a "struct sockaddr sa" that can be used to
- * bind(2) to.  The argument sa_size should initially contain the size
- * of the sa, and after the call, it will contain the actual length
- * of the address.
- *
- * @param context a Keberos context
- * @param af address family
- * @param sa sockaddr
- * @param sa_size lenght of sa.
- * @param port for to fill into sa.
- *
- * @return Return an error code or 0.
- *
- * @ingroup krb5_address
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_anyaddr (krb5_context context,
-	      int af,
-	      struct sockaddr *sa,
-	      krb5_socklen_t *sa_size,
-	      int port)
-{
-    struct addr_operations *a = find_af (af);
-
-    if (a == NULL) {
-	krb5_set_error_string (context, "Address family %d not supported", af);
-	return KRB5_PROG_ATYPE_NOSUPP;
-    }
-
-    (*a->anyaddr)(sa, sa_size, port);
-    return 0;
-}
-
-/**
- * krb5_print_address prints the address in addr to the string string
- * that have the length len. If ret_len is not NULL, it will be filled
- * with the length of the string if size were unlimited (not including
- * the final NUL) .
- *
- * @param addr address to be printed
- * @param str pointer string to print the address into
- * @param len length that will fit into area pointed to by "str".
- * @param ret_len return length the str.
- *
- * @return Return an error code or 0.
- *
- * @ingroup krb5_address
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_print_address (const krb5_address *addr, 
-		    char *str, size_t len, size_t *ret_len)
-{
-    struct addr_operations *a = find_atype(addr->addr_type);
-    int ret;
-
-    if (a == NULL || a->print_addr == NULL) {
-	char *s;
-	int l;
-	int i;
-
-	s = str;
-	l = snprintf(s, len, "TYPE_%d:", addr->addr_type);
-	if (l < 0 || l >= len)
-	    return EINVAL;
-	s += l;
-	len -= l;
-	for(i = 0; i < addr->address.length; i++) {
-	    l = snprintf(s, len, "%02x", ((char*)addr->address.data)[i]);
-	    if (l < 0 || l >= len)
-		return EINVAL;
-	    len -= l;
-	    s += l;
-	}
-	if(ret_len != NULL)
-	    *ret_len = s - str;
-	return 0;
-    }
-    ret = (*a->print_addr)(addr, str, len);
-    if (ret < 0)
-	return EINVAL;
-    if(ret_len != NULL)
-	*ret_len = ret;
-    return 0;
-}
-
-/**
- * krb5_parse_address returns the resolved hostname in string to the
- * krb5_addresses addresses .
- *
- * @param context a Keberos context
- * @param string
- * @param addresses
- *
- * @return Return an error code or 0.
- *
- * @ingroup krb5_address
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_parse_address(krb5_context context,
-		   const char *string,
-		   krb5_addresses *addresses)
-{
-    int i, n;
-    struct addrinfo *ai, *a;
-    int error;
-    int save_errno;
-
-    addresses->len = 0;
-    addresses->val = NULL;
-
-    for(i = 0; i < num_addrs; i++) {
-	if(at[i].parse_addr) {
-	    krb5_address addr;
-	    if((*at[i].parse_addr)(context, string, &addr) == 0) {
-		ALLOC_SEQ(addresses, 1);
-		if (addresses->val == NULL) {
-		    krb5_set_error_string(context, "malloc: out of memory");
-		    return ENOMEM;
-		}
-		addresses->val[0] = addr;
-		return 0;
-	    }
-	}
-    }
-
-    error = getaddrinfo (string, NULL, NULL, &ai);
-    if (error) {
-	save_errno = errno;
-	krb5_set_error_string (context, "%s: %s", string, gai_strerror(error));
-	return krb5_eai_to_heim_errno(error, save_errno);
-    }
-    
-    n = 0;
-    for (a = ai; a != NULL; a = a->ai_next)
-	++n;
-
-    ALLOC_SEQ(addresses, n);
-    if (addresses->val == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	freeaddrinfo(ai);
-	return ENOMEM;
-    }
-
-    addresses->len = 0;
-    for (a = ai, i = 0; a != NULL; a = a->ai_next) {
-	if (krb5_sockaddr2address (context, ai->ai_addr, &addresses->val[i]))
-	    continue;
-	if(krb5_address_search(context, &addresses->val[i], addresses))
-	    continue;
-	addresses->len = i;
-	i++;
-    }
-    freeaddrinfo (ai);
-    return 0;
-}
-
-/**
- * krb5_address_order compares the addresses addr1 and addr2 so that
- * it can be used for sorting addresses. If the addresses are the same
- * address krb5_address_order will return 0. Behavies like memcmp(2). 
- *
- * @param context a Keberos context
- * @param addr1 krb5_address to compare
- * @param addr2 krb5_address to compare
- *
- * @return < 0 if address addr1 in "less" then addr2. 0 if addr1 and
- * addr2 is the same address, > 0 if addr2 is "less" then addr1.
- *
- * @ingroup krb5_address
- */
-
-int KRB5_LIB_FUNCTION
-krb5_address_order(krb5_context context,
-		   const krb5_address *addr1,
-		   const krb5_address *addr2)
-{
-    /* this sucks; what if both addresses have order functions, which
-       should we call? this works for now, though */
-    struct addr_operations *a;
-    a = find_atype(addr1->addr_type); 
-    if(a == NULL) {
-	krb5_set_error_string (context, "Address family %d not supported", 
-			       addr1->addr_type);
-	return KRB5_PROG_ATYPE_NOSUPP;
-    }
-    if(a->order_addr != NULL) 
-	return (*a->order_addr)(context, addr1, addr2); 
-    a = find_atype(addr2->addr_type); 
-    if(a == NULL) {
-	krb5_set_error_string (context, "Address family %d not supported", 
-			       addr2->addr_type);
-	return KRB5_PROG_ATYPE_NOSUPP;
-    }
-    if(a->order_addr != NULL) 
-	return (*a->order_addr)(context, addr1, addr2);
-
-    if(addr1->addr_type != addr2->addr_type)
-	return addr1->addr_type - addr2->addr_type;
-    if(addr1->address.length != addr2->address.length)
-	return addr1->address.length - addr2->address.length;
-    return memcmp (addr1->address.data,
-		   addr2->address.data,
-		   addr1->address.length);
-}
-
-/**
- * krb5_address_compare compares the addresses  addr1 and addr2.
- * Returns TRUE if the two addresses are the same.
- *
- * @param context a Keberos context
- * @param addr1 address to compare
- * @param addr2 address to compare
- *
- * @return Return an TRUE is the address are the same FALSE if not
- *
- * @ingroup krb5_address
- */
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_address_compare(krb5_context context,
-		     const krb5_address *addr1,
-		     const krb5_address *addr2)
-{
-    return krb5_address_order (context, addr1, addr2) == 0;
-}
-
-/**
- * krb5_address_search checks if the address addr is a member of the
- * address set list addrlist .
- *
- * @param context a Keberos context.
- * @param addr address to search for.
- * @param addrlist list of addresses to look in for addr.
- *
- * @return Return an error code or 0.
- *
- * @ingroup krb5_address
- */
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_address_search(krb5_context context,
-		    const krb5_address *addr,
-		    const krb5_addresses *addrlist)
-{
-    int i;
-
-    for (i = 0; i < addrlist->len; ++i)
-	if (krb5_address_compare (context, addr, &addrlist->val[i]))
-	    return TRUE;
-    return FALSE;
-}
-
-/**
- * krb5_free_address frees the data stored in the address that is
- * alloced with any of the krb5_address functions.
- *
- * @param context a Keberos context
- * @param address addresss to be freed.
- *
- * @return Return an error code or 0.
- *
- * @ingroup krb5_address
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_free_address(krb5_context context,
-		  krb5_address *address)
-{
-    struct addr_operations *a = find_atype (address->addr_type);
-    if(a != NULL && a->free_addr != NULL)
-	return (*a->free_addr)(context, address);
-    krb5_data_free (&address->address);
-    memset(address, 0, sizeof(*address));
-    return 0;
-}
-
-/**
- * krb5_free_addresses frees the data stored in the address that is
- * alloced with any of the krb5_address functions.
- *
- * @param context a Keberos context
- * @param addresses addressses to be freed.
- *
- * @return Return an error code or 0.
- *
- * @ingroup krb5_address
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_free_addresses(krb5_context context,
-		    krb5_addresses *addresses)
-{
-    int i;
-    for(i = 0; i < addresses->len; i++)
-	krb5_free_address(context, &addresses->val[i]);
-    free(addresses->val);
-    addresses->len = 0;
-    addresses->val = NULL;
-    return 0;
-}
-
-/**
- * krb5_copy_address copies the content of address
- * inaddr to outaddr.
- *
- * @param context a Keberos context
- * @param inaddr pointer to source address
- * @param outaddr pointer to destination address
- *
- * @return Return an error code or 0.
- *
- * @ingroup krb5_address
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_address(krb5_context context,
-		  const krb5_address *inaddr,
-		  krb5_address *outaddr)
-{
-    struct addr_operations *a = find_af (inaddr->addr_type);
-    if(a != NULL && a->copy_addr != NULL)
-	return (*a->copy_addr)(context, inaddr, outaddr);
-    return copy_HostAddress(inaddr, outaddr);
-}
-
-/**
- * krb5_copy_addresses copies the content of addresses
- * inaddr to outaddr.
- *
- * @param context a Keberos context
- * @param inaddr pointer to source addresses
- * @param outaddr pointer to destination addresses
- *
- * @return Return an error code or 0.
- *
- * @ingroup krb5_address
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_addresses(krb5_context context,
-		    const krb5_addresses *inaddr,
-		    krb5_addresses *outaddr)
-{
-    int i;
-    ALLOC_SEQ(outaddr, inaddr->len);
-    if(inaddr->len > 0 && outaddr->val == NULL)
-	return ENOMEM;
-    for(i = 0; i < inaddr->len; i++)
-	krb5_copy_address(context, &inaddr->val[i], &outaddr->val[i]);
-    return 0;
-}
-
-/**
- * krb5_append_addresses adds the set of addresses in source to
- * dest. While copying the addresses, duplicates are also sorted out.
- *
- * @param context a Keberos context
- * @param dest destination of copy operation
- * @param source adresses that are going to be added to dest
- *
- * @return Return an error code or 0.
- *
- * @ingroup krb5_address
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_append_addresses(krb5_context context,
-		      krb5_addresses *dest,
-		      const krb5_addresses *source)
-{
-    krb5_address *tmp;
-    krb5_error_code ret;
-    int i;
-    if(source->len > 0) {
-	tmp = realloc(dest->val, (dest->len + source->len) * sizeof(*tmp));
-	if(tmp == NULL) {
-	    krb5_set_error_string(context, "realloc: out of memory");
-	    return ENOMEM;
-	}
-	dest->val = tmp;
-	for(i = 0; i < source->len; i++) {
-	    /* skip duplicates */
-	    if(krb5_address_search(context, &source->val[i], dest))
-		continue;
-	    ret = krb5_copy_address(context, 
-				    &source->val[i], 
-				    &dest->val[dest->len]);
-	    if(ret)
-		return ret;
-	    dest->len++;
-	}
-    }
-    return 0;
-}
-
-/**
- * Create an address of type KRB5_ADDRESS_ADDRPORT from (addr, port)
- *
- * @param context a Keberos context
- * @param res built address from addr/port
- * @param addr address to use
- * @param port port to use
- *
- * @return Return an error code or 0.
- *
- * @ingroup krb5_address
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_make_addrport (krb5_context context,
-		    krb5_address **res, const krb5_address *addr, int16_t port)
-{
-    krb5_error_code ret;
-    size_t len = addr->address.length + 2 + 4 * 4;
-    u_char *p;
-
-    *res = malloc (sizeof(**res));
-    if (*res == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    (*res)->addr_type = KRB5_ADDRESS_ADDRPORT;
-    ret = krb5_data_alloc (&(*res)->address, len);
-    if (ret) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	free (*res);
-	*res = NULL;
-	return ret;
-    }
-    p = (*res)->address.data;
-    *p++ = 0;
-    *p++ = 0;
-    *p++ = (addr->addr_type     ) & 0xFF;
-    *p++ = (addr->addr_type >> 8) & 0xFF;
-
-    *p++ = (addr->address.length      ) & 0xFF;
-    *p++ = (addr->address.length >>  8) & 0xFF;
-    *p++ = (addr->address.length >> 16) & 0xFF;
-    *p++ = (addr->address.length >> 24) & 0xFF;
-
-    memcpy (p, addr->address.data, addr->address.length);
-    p += addr->address.length;
-
-    *p++ = 0;
-    *p++ = 0;
-    *p++ = (KRB5_ADDRESS_IPPORT     ) & 0xFF;
-    *p++ = (KRB5_ADDRESS_IPPORT >> 8) & 0xFF;
-
-    *p++ = (2      ) & 0xFF;
-    *p++ = (2 >>  8) & 0xFF;
-    *p++ = (2 >> 16) & 0xFF;
-    *p++ = (2 >> 24) & 0xFF;
-
-    memcpy (p, &port, 2);
-    p += 2;
-
-    return 0;
-}
-
-/**
- * Calculate the boundary addresses of `inaddr'/`prefixlen' and store
- * them in `low' and `high'.
- *
- * @param context a Keberos context
- * @param inaddr address in prefixlen that the bondery searched
- * @param prefixlen width of boundery
- * @param low lowest address
- * @param high highest address
- *
- * @return Return an error code or 0.
- *
- * @ingroup krb5_address
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_address_prefixlen_boundary(krb5_context context,
-				const krb5_address *inaddr,
-				unsigned long prefixlen,
-				krb5_address *low,
-				krb5_address *high)
-{
-    struct addr_operations *a = find_atype (inaddr->addr_type);
-    if(a != NULL && a->mask_boundary != NULL)
-	return (*a->mask_boundary)(context, inaddr, prefixlen, low, high);
-    krb5_set_error_string(context, "Address family %d doesn't support "
-			  "address mask operation", inaddr->addr_type);
-    return KRB5_PROG_ATYPE_NOSUPP;
-}
diff --git a/crypto/heimdal/lib/krb5/aes-test.c b/crypto/heimdal/lib/krb5/aes-test.c
deleted file mode 100644
index 82b3431add54..000000000000
--- a/crypto/heimdal/lib/krb5/aes-test.c
+++ /dev/null
@@ -1,778 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <hex.h>
-#include <err.h>
-
-#ifdef HAVE_OPENSSL
-#include <openssl/evp.h>
-#endif
-
-RCSID("$Id: aes-test.c 18301 2006-10-07 13:50:34Z lha $");
-
-static int verbose = 0;
-
-static void
-hex_dump_data(const void *data, size_t length)
-{
-    char *p;
-
-    hex_encode(data, length, &p);
-    printf("%s\n", p);
-    free(p);
-}
-
-struct {
-    char *password;
-    char *salt;
-    int saltlen;
-    int iterations;
-    krb5_enctype enctype;
-    size_t keylen;
-    char *pbkdf2;
-    char *key;
-} keys[] = {
-    { 
-	"password", "ATHENA.MIT.EDUraeburn", -1,
-	1, 
-	ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
-	"\xcd\xed\xb5\x28\x1b\xb2\xf8\x01\x56\x5a\x11\x22\xb2\x56\x35\x15",
-	"\x42\x26\x3c\x6e\x89\xf4\xfc\x28\xb8\xdf\x68\xee\x09\x79\x9f\x15"
-    },
-    {
-	"password", "ATHENA.MIT.EDUraeburn", -1,
-	1, 
-	ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
-	"\xcd\xed\xb5\x28\x1b\xb2\xf8\x01\x56\x5a\x11\x22\xb2\x56\x35\x15"
-	"\x0a\xd1\xf7\xa0\x4b\xb9\xf3\xa3\x33\xec\xc0\xe2\xe1\xf7\x08\x37",
-	"\xfe\x69\x7b\x52\xbc\x0d\x3c\xe1\x44\x32\xba\x03\x6a\x92\xe6\x5b"
-	"\xbb\x52\x28\x09\x90\xa2\xfa\x27\x88\x39\x98\xd7\x2a\xf3\x01\x61"
-    },
-    {
-	"password", "ATHENA.MIT.EDUraeburn", -1,
-	2,
-	ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
-	"\x01\xdb\xee\x7f\x4a\x9e\x24\x3e\x98\x8b\x62\xc7\x3c\xda\x93\x5d",
-	"\xc6\x51\xbf\x29\xe2\x30\x0a\xc2\x7f\xa4\x69\xd6\x93\xbd\xda\x13"
-    },
-    {
-	"password", "ATHENA.MIT.EDUraeburn", -1,
-	2, 
-	ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
-	"\x01\xdb\xee\x7f\x4a\x9e\x24\x3e\x98\x8b\x62\xc7\x3c\xda\x93\x5d"
-	"\xa0\x53\x78\xb9\x32\x44\xec\x8f\x48\xa9\x9e\x61\xad\x79\x9d\x86",
-	"\xa2\xe1\x6d\x16\xb3\x60\x69\xc1\x35\xd5\xe9\xd2\xe2\x5f\x89\x61"
-	"\x02\x68\x56\x18\xb9\x59\x14\xb4\x67\xc6\x76\x22\x22\x58\x24\xff"
-    },
-    {
-	"password", "ATHENA.MIT.EDUraeburn", -1,
-	1200, 
-	ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
-	"\x5c\x08\xeb\x61\xfd\xf7\x1e\x4e\x4e\xc3\xcf\x6b\xa1\xf5\x51\x2b",
-	"\x4c\x01\xcd\x46\xd6\x32\xd0\x1e\x6d\xbe\x23\x0a\x01\xed\x64\x2a"
-    },
-    {
-	"password", "ATHENA.MIT.EDUraeburn", -1,
-	1200, 
-	ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
-	"\x5c\x08\xeb\x61\xfd\xf7\x1e\x4e\x4e\xc3\xcf\x6b\xa1\xf5\x51\x2b"
-	"\xa7\xe5\x2d\xdb\xc5\xe5\x14\x2f\x70\x8a\x31\xe2\xe6\x2b\x1e\x13",
-	"\x55\xa6\xac\x74\x0a\xd1\x7b\x48\x46\x94\x10\x51\xe1\xe8\xb0\xa7"
-	"\x54\x8d\x93\xb0\xab\x30\xa8\xbc\x3f\xf1\x62\x80\x38\x2b\x8c\x2a"
-    },
-    {
-	"password", "\x12\x34\x56\x78\x78\x56\x34\x12", 8,
-	5,
-	ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
-	"\xd1\xda\xa7\x86\x15\xf2\x87\xe6\xa1\xc8\xb1\x20\xd7\x06\x2a\x49",
-	"\xe9\xb2\x3d\x52\x27\x37\x47\xdd\x5c\x35\xcb\x55\xbe\x61\x9d\x8e"
-    },
-    {
-	"password", "\x12\x34\x56\x78\x78\x56\x34\x12", 8,
-	5,
-	ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
-	"\xd1\xda\xa7\x86\x15\xf2\x87\xe6\xa1\xc8\xb1\x20\xd7\x06\x2a\x49"
-	"\x3f\x98\xd2\x03\xe6\xbe\x49\xa6\xad\xf4\xfa\x57\x4b\x6e\x64\xee",
-	"\x97\xa4\xe7\x86\xbe\x20\xd8\x1a\x38\x2d\x5e\xbc\x96\xd5\x90\x9c"
-	"\xab\xcd\xad\xc8\x7c\xa4\x8f\x57\x45\x04\x15\x9f\x16\xc3\x6e\x31"
-    },
-    {
-	"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
-	"pass phrase equals block size", -1,
-	1200,
-	ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
-	"\x13\x9c\x30\xc0\x96\x6b\xc3\x2b\xa5\x5f\xdb\xf2\x12\x53\x0a\xc9",
-	"\x59\xd1\xbb\x78\x9a\x82\x8b\x1a\xa5\x4e\xf9\xc2\x88\x3f\x69\xed"
-    },
-    {
-	"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
-	"pass phrase equals block size", -1,
-	1200,
-	ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
-	"\x13\x9c\x30\xc0\x96\x6b\xc3\x2b\xa5\x5f\xdb\xf2\x12\x53\x0a\xc9"
-	"\xc5\xec\x59\xf1\xa4\x52\xf5\xcc\x9a\xd9\x40\xfe\xa0\x59\x8e\xd1",
-	"\x89\xad\xee\x36\x08\xdb\x8b\xc7\x1f\x1b\xfb\xfe\x45\x94\x86\xb0"
-	"\x56\x18\xb7\x0c\xba\xe2\x20\x92\x53\x4e\x56\xc5\x53\xba\x4b\x34"
-    },
-    {
-	"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
-	"pass phrase exceeds block size", -1,
-	1200,
-	ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
-	"\x9c\xca\xd6\xd4\x68\x77\x0c\xd5\x1b\x10\xe6\xa6\x87\x21\xbe\x61",
-	"\xcb\x80\x05\xdc\x5f\x90\x17\x9a\x7f\x02\x10\x4c\x00\x18\x75\x1d"
-    },
-    {
-	"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
-	"pass phrase exceeds block size", -1,
-	1200,
-	ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
-	"\x9c\xca\xd6\xd4\x68\x77\x0c\xd5\x1b\x10\xe6\xa6\x87\x21\xbe\x61"
-	"\x1a\x8b\x4d\x28\x26\x01\xdb\x3b\x36\xbe\x92\x46\x91\x5e\xc8\x2a",
-	"\xd7\x8c\x5c\x9c\xb8\x72\xa8\xc9\xda\xd4\x69\x7f\x0b\xb5\xb2\xd2"
-	"\x14\x96\xc8\x2b\xeb\x2c\xae\xda\x21\x12\xfc\xee\xa0\x57\x40\x1b"
-
-    },
-    {
-	"\xf0\x9d\x84\x9e" /* g-clef */, "EXAMPLE.COMpianist", -1,
-	50,
-	ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
-	"\x6b\x9c\xf2\x6d\x45\x45\x5a\x43\xa5\xb8\xbb\x27\x6a\x40\x3b\x39",
-	"\xf1\x49\xc1\xf2\xe1\x54\xa7\x34\x52\xd4\x3e\x7f\xe6\x2a\x56\xe5"
-    },
-    {
-	"\xf0\x9d\x84\x9e" /* g-clef */, "EXAMPLE.COMpianist", -1,
-	50,
-	ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
-	"\x6b\x9c\xf2\x6d\x45\x45\x5a\x43\xa5\xb8\xbb\x27\x6a\x40\x3b\x39"
-	"\xe7\xfe\x37\xa0\xc4\x1e\x02\xc2\x81\xff\x30\x69\xe1\xe9\x4f\x52",
-	"\x4b\x6d\x98\x39\xf8\x44\x06\xdf\x1f\x09\xcc\x16\x6d\xb4\xb8\x3c"
-	"\x57\x18\x48\xb7\x84\xa3\xd6\xbd\xc3\x46\x58\x9a\x3e\x39\x3f\x9e"
-    },
-    {
-	"foo", "", -1, 
-	0,
-	ETYPE_ARCFOUR_HMAC_MD5, 16,
-	NULL,
-	"\xac\x8e\x65\x7f\x83\xdf\x82\xbe\xea\x5d\x43\xbd\xaf\x78\x00\xcc"
-    },
-    {
-	"test", "", -1, 
-	0,
-	ETYPE_ARCFOUR_HMAC_MD5, 16,
-	NULL,
-	"\x0c\xb6\x94\x88\x05\xf7\x97\xbf\x2a\x82\x80\x79\x73\xb8\x95\x37"
-    }
-};
-
-static int
-string_to_key_test(krb5_context context)
-{
-    krb5_data password, opaque;
-    krb5_error_code ret;
-    krb5_salt salt;
-    int i, val = 0;
-    char iter[4];
-
-    for (i = 0; i < sizeof(keys)/sizeof(keys[0]); i++) {
-
-	password.data = keys[i].password;
-	password.length = strlen(password.data);
-
-	salt.salttype = KRB5_PW_SALT;
-	salt.saltvalue.data = keys[i].salt;
-	if (keys[i].saltlen == -1)
-	    salt.saltvalue.length = strlen(salt.saltvalue.data);
-	else
-	    salt.saltvalue.length = keys[i].saltlen;
-    
-	opaque.data = iter;
-	opaque.length = sizeof(iter);
-	_krb5_put_int(iter, keys[i].iterations, 4);
-	
-	if (keys[i].pbkdf2) {
-	    unsigned char keyout[32];
-
-	    if (keys[i].keylen > sizeof(keyout))
-		abort();
-
-	    PKCS5_PBKDF2_HMAC_SHA1(password.data, password.length,
-				   salt.saltvalue.data, salt.saltvalue.length,
-				   keys[i].iterations, 
-				   keys[i].keylen, keyout);
-	    
-	    if (memcmp(keyout, keys[i].pbkdf2, keys[i].keylen) != 0) {
-		krb5_warnx(context, "%d: pbkdf2", i);
-		val = 1;
-		continue;
-	    }
-	    
-	    if (verbose) {
-		printf("PBKDF2:\n");
-		hex_dump_data(keyout, keys[i].keylen);
-	    }
-	}
-
-	{
-	    krb5_keyblock key;
-
-	    ret = krb5_string_to_key_data_salt_opaque (context,
-						       keys[i].enctype,
-						       password, 
-						       salt, 
-						       opaque, 
-						       &key);
-	    if (ret) {
-		krb5_warn(context, ret, "%d: string_to_key_data_salt_opaque", 
-			  i);
-		val = 1;
-		continue;
-	    }
-	    
-	    if (key.keyvalue.length != keys[i].keylen) {
-		krb5_warnx(context, "%d: key wrong length (%lu/%lu)",
-			   i, (unsigned long)key.keyvalue.length, 
-			   (unsigned long)keys[i].keylen);
-		val = 1;
-		continue;
-	    }
-	    
-	    if (memcmp(key.keyvalue.data, keys[i].key, keys[i].keylen) != 0) {
-		krb5_warnx(context, "%d: key wrong", i);
-		val = 1;
-		continue;
-	    }
-	    
-	    if (verbose) {
-		printf("key:\n");
-		hex_dump_data(key.keyvalue.data, key.keyvalue.length);
-	    }
-	    krb5_free_keyblock_contents(context, &key);
-	}
-    }
-    return val;
-}
-
-struct enc_test {
-    size_t len;
-    char *input;
-    char *output;
-    char *nextiv;
-};
-
-struct enc_test encs1[] = {
-    {
-	17,
-	"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
-	"\x20",
-	"\xc6\x35\x35\x68\xf2\xbf\x8c\xb4\xd8\xa5\x80\x36\x2d\xa7\xff\x7f"
-	"\x97",
-	"\xc6\x35\x35\x68\xf2\xbf\x8c\xb4\xd8\xa5\x80\x36\x2d\xa7\xff\x7f"
-    },
-    {
-	31,
-	"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
-	"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20",
-	"\xfc\x00\x78\x3e\x0e\xfd\xb2\xc1\xd4\x45\xd4\xc8\xef\xf7\xed\x22"
-	"\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5",
-	"\xfc\x00\x78\x3e\x0e\xfd\xb2\xc1\xd4\x45\xd4\xc8\xef\xf7\xed\x22"
-    },
-    {
-	32,
-	"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
-	"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43",
-	"\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8"
-	"\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84",
-	"\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8"
-    },
-    {
-	47,
-	"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
-	"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
-	"\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c",
-	"\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
-	"\xb3\xff\xfd\x94\x0c\x16\xa1\x8c\x1b\x55\x49\xd2\xf8\x38\x02\x9e"
-	"\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5",
-	"\xb3\xff\xfd\x94\x0c\x16\xa1\x8c\x1b\x55\x49\xd2\xf8\x38\x02\x9e"
-    },
-    {
-	48,
-	"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
-	"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
-	"\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20",
-	"\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
-	"\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8"
-	"\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8",
-	"\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8"
-    },
-    {
-	64,
-	"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
-	"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
-	"\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20"
-	"\x61\x6e\x64\x20\x77\x6f\x6e\x74\x6f\x6e\x20\x73\x6f\x75\x70\x2e",
-	"\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
-	"\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8"
-	"\x48\x07\xef\xe8\x36\xee\x89\xa5\x26\x73\x0d\xbc\x2f\x7b\xc8\x40"
-	"\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8",
-	"\x48\x07\xef\xe8\x36\xee\x89\xa5\x26\x73\x0d\xbc\x2f\x7b\xc8\x40"
-    }
-};
-	
-
-struct enc_test encs2[] = {
-    {
-	17,
-	"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
-	"\x20",
-	"\x5c\x13\x26\x27\xc4\xcb\xca\x04\x14\x43\x8a\xb5\x97\x97\x7c\x10"
-	"\x16"
-    },
-    {
-	31,
-	"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
-	"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20",
-	"\x16\xb3\xd8\xe5\xcd\x93\xe6\x2c\x28\x70\xa0\x36\x6e\x9a\xb9\x74"
-	"\x16\xc1\xee\xdf\x39\xc8\x3f\xfb\xc5\xf6\x72\xe9\xc1\x6e\x53"
-    },
-    {
-	32,
-	"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
-	"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43",
-	"\x69\xde\xce\x59\x83\x6a\x82\xe1\xcd\x21\x93\xd0\x9e\x2a\xff\xc8"
-	"\x16\xc1\xee\xdf\x39\xc8\x3f\xfb\xc5\xf6\x72\xe9\xc1\x6e\x53\x0c"
-    },
-    {
-	47,
-	"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
-	"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
-	"\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c",
-	"\x16\xc1\xee\xdf\x39\xc8\x3f\xfb\xc5\xf6\x72\xe9\xc1\x6e\x53\x0c"
-	"\xe5\x56\xb4\x88\x41\xb9\xde\x27\xf0\x07\xa1\x6e\x89\x94\x47\xf1"
-	"\x69\xde\xce\x59\x83\x6a\x82\xe1\xcd\x21\x93\xd0\x9e\x2a\xff"
-    },
-    {
-	48,
-	"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
-	"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
-	"\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20",
-	"\x16\xc1\xee\xdf\x39\xc8\x3f\xfb\xc5\xf6\x72\xe9\xc1\x6e\x53\x0c"
-	"\xfd\x68\xd1\x56\x32\x23\x7b\xfa\xb0\x09\x86\x3b\x17\x53\xfa\x30"
-	"\x69\xde\xce\x59\x83\x6a\x82\xe1\xcd\x21\x93\xd0\x9e\x2a\xff\xc8"
-    },
-    {
-	64,
-	"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
-	"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
-	"\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20"
-	"\x61\x6e\x64\x20\x77\x6f\x6e\x74\x6f\x6e\x20\x73\x6f\x75\x70\x2e",
-	"\x16\xc1\xee\xdf\x39\xc8\x3f\xfb\xc5\xf6\x72\xe9\xc1\x6e\x53\x0c"
-	"\x69\xde\xce\x59\x83\x6a\x82\xe1\xcd\x21\x93\xd0\x9e\x2a\xff\xc8"
-	"\x70\x29\xf2\x6f\x7c\x79\xc1\x77\x91\xad\x94\xb0\x78\x62\x27\x67"
-	"\xfd\x68\xd1\x56\x32\x23\x7b\xfa\xb0\x09\x86\x3b\x17\x53\xfa\x30"
-    },
-    {
-	78,
-	"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
-	"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
-	"\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20"
-	"\x61\x6e\x64\x20\x77\x6f\x6e\x74\x6f\x6e\x20\x73\x6f\x75\x70\x2e"
-	"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41",
-	"\x16\xc1\xee\xdf\x39\xc8\x3f\xfb\xc5\xf6\x72\xe9\xc1\x6e\x53\x0c"
-	"\x69\xde\xce\x59\x83\x6a\x82\xe1\xcd\x21\x93\xd0\x9e\x2a\xff\xc8"
-	"\xfd\x68\xd1\x56\x32\x23\x7b\xfa\xb0\x09\x86\x3b\x17\x53\xfa\x30"
-	"\x73\xfb\x2c\x36\x76\xaf\xcf\x31\xff\xe3\x8a\x89\x0c\x7e\x99\x3f"
-	"\x70\x29\xf2\x6f\x7c\x79\xc1\x77\x91\xad\x94\xb0\x78\x62"
-    },
-    {
-	83,
-	"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
-	"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
-	"\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20"
-	"\x61\x6e\x64\x20\x77\x6f\x6e\x74\x6f\x6e\x20\x73\x6f\x75\x70\x2e"
-	"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
-	"\x41\x41\x41",
-	"\x16\xc1\xee\xdf\x39\xc8\x3f\xfb\xc5\xf6\x72\xe9\xc1\x6e\x53\x0c"
-	"\x69\xde\xce\x59\x83\x6a\x82\xe1\xcd\x21\x93\xd0\x9e\x2a\xff\xc8"
-	"\xfd\x68\xd1\x56\x32\x23\x7b\xfa\xb0\x09\x86\x3b\x17\x53\xfa\x30"
-	"\x70\x29\xf2\x6f\x7c\x79\xc1\x77\x91\xad\x94\xb0\x78\x62\x27\x67"
-	"\x65\x39\x3a\xdb\x92\x05\x4d\x4f\x08\xa1\xfa\x59\xda\x56\x58\x0e"
-	"\x3b\xac\x12"
-    },
-    {
-	92,
-	"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
-	"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
-	"\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20"
-	"\x61\x6e\x64\x20\x77\x6f\x6e\x74\x6f\x6e\x20\x73\x6f\x75\x70\x2e"
-	"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
-	"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41",
-	"\x16\xc1\xee\xdf\x39\xc8\x3f\xfb\xc5\xf6\x72\xe9\xc1\x6e\x53\x0c"
-	"\x69\xde\xce\x59\x83\x6a\x82\xe1\xcd\x21\x93\xd0\x9e\x2a\xff\xc8"
-	"\xfd\x68\xd1\x56\x32\x23\x7b\xfa\xb0\x09\x86\x3b\x17\x53\xfa\x30"
-	"\x70\x29\xf2\x6f\x7c\x79\xc1\x77\x91\xad\x94\xb0\x78\x62\x27\x67"
-	"\x0c\xff\xd7\x63\x50\xf8\x4e\xf9\xec\x56\x1c\x79\xc5\xc8\xfe\x50"
-	"\x3b\xac\x12\x6e\xd3\x2d\x02\xc4\xe5\x06\x43\x5f"
-    },
-    {
-	96,
-	"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
-	"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
-	"\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20"
-	"\x61\x6e\x64\x20\x77\x6f\x6e\x74\x6f\x6e\x20\x73\x6f\x75\x70\x2e"
-	"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
-	"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41",
-	"\x16\xc1\xee\xdf\x39\xc8\x3f\xfb\xc5\xf6\x72\xe9\xc1\x6e\x53\x0c"
-	"\x69\xde\xce\x59\x83\x6a\x82\xe1\xcd\x21\x93\xd0\x9e\x2a\xff\xc8"
-	"\xfd\x68\xd1\x56\x32\x23\x7b\xfa\xb0\x09\x86\x3b\x17\x53\xfa\x30"
-	"\x70\x29\xf2\x6f\x7c\x79\xc1\x77\x91\xad\x94\xb0\x78\x62\x27\x67"
-	"\x08\x28\x49\xad\xfc\x2d\x8e\x86\xae\x69\xa5\xa8\xd9\x29\x9e\xe4"
-	"\x3b\xac\x12\x6e\xd3\x2d\x02\xc4\xe5\x06\x43\x5f\x4c\x41\xd1\xb8"
-    }
-};
-
-
-
-char *aes_key1 = 
-	"\x63\x68\x69\x63\x6b\x65\x6e\x20\x74\x65\x72\x69\x79\x61\x6b\x69";
-
-char *aes_key2 =
-	"\x63\x68\x69\x63\x6b\x65\x6e\x20\x74\x65\x72\x69\x79\x61\x6b\x69"
-	"\x2c\x20\x79\x75\x6d\x6d\x79\x20\x79\x75\x6d\x6d\x79\x21\x21\x21";
-
-
-static int
-samep(int testn, char *type, const void *pp1, const void *pp2, size_t len)
-{
-    const unsigned char *p1 = pp1, *p2 = pp2;
-    size_t i;
-    int val = 1;
-
-    for (i = 0; i < len; i++) {
-	if (p1[i] != p2[i]) {
-	    if (verbose)
-		printf("M");
-	    val = 0;
-	} else {
-	    if (verbose)
-		printf(".");
-	}
-    }
-    if (verbose)
-	printf("\n");
-    return val;
-}
-
-static int
-encryption_test(krb5_context context, const void *key, size_t keylen,
-		struct enc_test *enc, int numenc)
-{
-    unsigned char iv[AES_BLOCK_SIZE];
-    int i, val, failed = 0;
-    AES_KEY ekey, dkey;
-    unsigned char *p;
-
-    AES_set_encrypt_key(key, keylen, &ekey);
-    AES_set_decrypt_key(key, keylen, &dkey);
-
-    for (i = 0; i < numenc; i++) {
-	val = 0;
-
-	if (verbose)
-	    printf("test: %d\n", i);
-	memset(iv, 0, sizeof(iv));
-
-	p = malloc(enc[i].len + 1);
-	if (p == NULL)
-	    krb5_errx(context, 1, "malloc");
-
-	p[enc[i].len] = '\0';
-
-	memcpy(p, enc[i].input, enc[i].len);
-
-	_krb5_aes_cts_encrypt(p, p, enc[i].len,
-			      &ekey, iv, AES_ENCRYPT);
-
-	if (p[enc[i].len] != '\0') {
-	    krb5_warnx(context, "%d: encrypt modified off end", i);
-	    val = 1;
-	}
-
-	if (!samep(i, "cipher", p, enc[i].output, enc[i].len)) {
-	    krb5_warnx(context, "%d: cipher", i);
-	    val = 1;
-	}
-
-	if (enc[i].nextiv && !samep(i, "iv", iv, enc[i].nextiv, 16)){ /*XXX*/ 
-	    krb5_warnx(context, "%d: iv", i);
-	    val = 1;
-	}
-
-	memset(iv, 0, sizeof(iv));
-
-	_krb5_aes_cts_encrypt(p, p, enc[i].len,
-			      &dkey, iv, AES_DECRYPT);
-
-	if (p[enc[i].len] != '\0') {
-	    krb5_warnx(context, "%d: decrypt modified off end", i);
-	    val = 1;
-	}
-
-	if (!samep(i, "clear", p, enc[i].input, enc[i].len))
-	    val = 1;
-
-	if (enc[i].nextiv && !samep(i, "iv", iv, enc[i].nextiv, 16)){ /*XXX*/ 
-	    krb5_warnx(context, "%d: iv", i);
-	    val = 1;
-	}
-
-	free(p);
-
-	if (val) {
-	    printf("test %d failed\n", i);
-	    failed = 1;
-	}
-	val = 0;
-    }
-    return failed;
-}
-
-static int
-krb_enc(krb5_context context,
-	krb5_crypto crypto, 
-	unsigned usage,
-	krb5_data *cipher, 
-	krb5_data *clear)
-{
-    krb5_data decrypt;
-    krb5_error_code ret;
-
-    krb5_data_zero(&decrypt);
-
-    ret = krb5_decrypt(context,
-		       crypto,
-		       usage,
-		       cipher->data,
-		       cipher->length,
-		       &decrypt);
-
-    if (ret) {
-	krb5_warn(context, ret, "krb5_decrypt");
-	return ret;
-    }
-
-    if (decrypt.length != clear->length ||
-	memcmp(decrypt.data, clear->data, decrypt.length) != 0) {
-	krb5_warnx(context, "clear text not same");
-	return EINVAL;
-    }
-
-    krb5_data_free(&decrypt);
-
-    return 0;
-}
-
-static int
-krb_enc_mit(krb5_context context,
-	    krb5_enctype enctype,
-	    krb5_keyblock *key,
-	    unsigned usage,
-	    krb5_data *cipher, 
-	    krb5_data *clear)
-{
-    krb5_error_code ret;
-    krb5_enc_data e;
-    krb5_data decrypt;
-    size_t len;
-
-    e.kvno = 0;
-    e.enctype = enctype;
-    e.ciphertext = *cipher;
-
-    ret = krb5_c_decrypt(context, *key, usage, NULL, &e, &decrypt);
-    if (ret)
-	return ret;
-
-    if (decrypt.length != clear->length ||
-	memcmp(decrypt.data, clear->data, decrypt.length) != 0) {
-	krb5_warnx(context, "clear text not same");
-	return EINVAL;
-    }
-
-    krb5_data_free(&decrypt);
-
-    ret = krb5_c_encrypt_length(context, enctype, clear->length, &len);
-    if (ret)
-	return ret;
-
-    if (len != cipher->length) {
-	krb5_warnx(context, "c_encrypt_length wrong %lu != %lu",
-		   (unsigned long)len, (unsigned long)cipher->length);
-	return EINVAL;
-    }
-
-    return 0;
-}
-
-
-struct {
-    krb5_enctype enctype;
-    unsigned usage;
-    size_t keylen;
-    void *key;
-    size_t elen;
-    void* edata;
-    size_t plen;
-    void *pdata;
-} krbencs[] =  {
-    { 
-	ETYPE_AES256_CTS_HMAC_SHA1_96,
-	7,
-	32,   
-	"\x47\x75\x69\x64\x65\x6c\x69\x6e\x65\x73\x20\x74\x6f\x20\x41\x75"
-	"\x74\x68\x6f\x72\x73\x20\x6f\x66\x20\x49\x6e\x74\x65\x72\x6e\x65",
-	44,
-	"\xcf\x79\x8f\x0d\x76\xf3\xe0\xbe\x8e\x66\x94\x70\xfa\xcc\x9e\x91"
-	"\xa9\xec\x1c\x5c\x21\xfb\x6e\xef\x1a\x7a\xc8\xc1\xcc\x5a\x95\x24"
-	"\x6f\x9f\xf4\xd5\xbe\x5d\x59\x97\x44\xd8\x47\xcd",
-	16,
-	"\x54\x68\x69\x73\x20\x69\x73\x20\x61\x20\x74\x65\x73\x74\x2e\x0a"
-    }
-};
-
-
-static int
-krb_enc_test(krb5_context context)
-{
-    krb5_error_code ret;
-    krb5_crypto crypto;
-    krb5_keyblock kb;
-    krb5_data cipher, plain;
-    int i, failed = 0;
-
-    for (i = 0; i < sizeof(krbencs)/sizeof(krbencs[0]); i++) {
-
-	kb.keytype = krbencs[i].enctype;
-	kb.keyvalue.length = krbencs[i].keylen;
-	kb.keyvalue.data = krbencs[i].key;
-
-	ret = krb5_crypto_init(context, &kb, krbencs[i].enctype, &crypto);
-
-	cipher.length = krbencs[i].elen;
-	cipher.data = krbencs[i].edata;
-	plain.length = krbencs[i].plen;
-	plain.data = krbencs[i].pdata;
-	
-	ret = krb_enc(context, crypto, krbencs[i].usage, &cipher, &plain);
-		       
-	if (ret) {
-	    failed = 1;
-	    printf("krb_enc failed with %d\n", ret);
-	}
-	krb5_crypto_destroy(context, crypto);
-
-	ret = krb_enc_mit(context, krbencs[i].enctype, &kb, 
-			  krbencs[i].usage, &cipher, &plain);
-	if (ret) {
-	    failed = 1;
-	    printf("krb_enc_mit failed with %d\n", ret);
-	}
-
-    }
-
-    return failed;
-}
-
-
-static int
-random_to_key(krb5_context context)
-{
-    krb5_error_code ret;
-    krb5_keyblock key;
-
-    ret = krb5_random_to_key(context,
-			     ETYPE_DES3_CBC_SHA1,
-			     "\x21\x39\x04\x58\x6A\xBD\x7F"
-			     "\x21\x39\x04\x58\x6A\xBD\x7F"
-			     "\x21\x39\x04\x58\x6A\xBD\x7F",
-			     21,
-			     &key);
-    if (ret){
-	krb5_warn(context, ret, "random_to_key");
-	return 1;
-    }
-    if (key.keyvalue.length != 24)
-	return 1;
-
-    if (memcmp(key.keyvalue.data,
-	       "\x20\x38\x04\x58\x6b\xbc\x7f\xc7"
-	       "\x20\x38\x04\x58\x6b\xbc\x7f\xc7"
-	       "\x20\x38\x04\x58\x6b\xbc\x7f\xc7",
-	       24) != 0)
-	return 1;
-
-    krb5_free_keyblock_contents(context, &key);
-
-    return 0;
-}
-
-
-int
-main(int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_context context;
-    int val = 0;
-    
-    ret = krb5_init_context (&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    val |= string_to_key_test(context);
-
-    val |= encryption_test(context, aes_key1, 128,
-			   encs1, sizeof(encs1)/sizeof(encs1[0]));
-    val |= encryption_test(context, aes_key2, 256, 
-			   encs2, sizeof(encs2)/sizeof(encs2[0]));
-    val |= krb_enc_test(context);
-    val |= random_to_key(context);
-
-    if (verbose && val == 0)
-	printf("all ok\n");
-    if (val)
-	printf("tests failed\n");
-
-    krb5_free_context(context);
-
-    return val;
-}
diff --git a/crypto/heimdal/lib/krb5/aname_to_localname.c b/crypto/heimdal/lib/krb5/aname_to_localname.c
deleted file mode 100644
index 5800404d9819..000000000000
--- a/crypto/heimdal/lib/krb5/aname_to_localname.c
+++ /dev/null
@@ -1,92 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999, 2002 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: aname_to_localname.c 13863 2004-05-25 21:46:46Z lha $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_aname_to_localname (krb5_context context,
-			 krb5_const_principal aname,
-			 size_t lnsize,
-			 char *lname)
-{
-    krb5_error_code ret;
-    krb5_realm *lrealms, *r;
-    int valid;
-    size_t len;
-    const char *res;
-
-    ret = krb5_get_default_realms (context, &lrealms);
-    if (ret)
-	return ret;
-
-    valid = 0;
-    for (r = lrealms; *r != NULL; ++r) {
-	if (strcmp (*r, aname->realm) == 0) {
-	    valid = 1;
-	    break;
-	}
-    }
-    krb5_free_host_realm (context, lrealms);
-    if (valid == 0)
-	return KRB5_NO_LOCALNAME;
-
-    if (aname->name.name_string.len == 1)
-	res = aname->name.name_string.val[0];
-    else if (aname->name.name_string.len == 2
-	     && strcmp (aname->name.name_string.val[1], "root") == 0) {
-	krb5_principal rootprinc;
-	krb5_boolean userok;
-
-	res = "root";
-
-	ret = krb5_copy_principal(context, aname, &rootprinc);
-	if (ret)
-	    return ret;
-	
-	userok = krb5_kuserok(context, rootprinc, res);
-	krb5_free_principal(context, rootprinc);
-	if (!userok)
-	    return KRB5_NO_LOCALNAME;
-
-    } else
-	return KRB5_NO_LOCALNAME;
-
-    len = strlen (res);
-    if (len >= lnsize)
-	return ERANGE;
-    strlcpy (lname, res, lnsize);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/appdefault.c b/crypto/heimdal/lib/krb5/appdefault.c
deleted file mode 100644
index b0bb171f4a14..000000000000
--- a/crypto/heimdal/lib/krb5/appdefault.c
+++ /dev/null
@@ -1,142 +0,0 @@
-/*
- * Copyright (c) 2000 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: appdefault.c 14465 2005-01-05 05:40:59Z lukeh $");
-
-void KRB5_LIB_FUNCTION
-krb5_appdefault_boolean(krb5_context context, const char *appname, 
-			krb5_const_realm realm, const char *option,
-			krb5_boolean def_val, krb5_boolean *ret_val)
-{
-    
-    if(appname == NULL)
-	appname = getprogname();
-
-    def_val = krb5_config_get_bool_default(context, NULL, def_val, 
-					   "libdefaults", option, NULL);
-    if(realm != NULL)
-	def_val = krb5_config_get_bool_default(context, NULL, def_val, 
-					       "realms", realm, option, NULL);
-	
-    def_val = krb5_config_get_bool_default(context, NULL, def_val, 
-					   "appdefaults", 
-					   option, 
-					   NULL);
-    if(realm != NULL)
-	def_val = krb5_config_get_bool_default(context, NULL, def_val,
-					       "appdefaults", 
-					       realm, 
-					       option, 
-					       NULL);
-    if(appname != NULL) {
-	def_val = krb5_config_get_bool_default(context, NULL, def_val, 
-					       "appdefaults", 
-					       appname, 
-					       option, 
-					       NULL);
-	if(realm != NULL)
-	    def_val = krb5_config_get_bool_default(context, NULL, def_val,
-						   "appdefaults", 
-						   appname, 
-						   realm, 
-						   option, 
-						   NULL);
-    }
-    *ret_val = def_val;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_appdefault_string(krb5_context context, const char *appname, 
-		       krb5_const_realm realm, const char *option,
-		       const char *def_val, char **ret_val)
-{
-    if(appname == NULL)
-	appname = getprogname();
-
-    def_val = krb5_config_get_string_default(context, NULL, def_val, 
-					     "libdefaults", option, NULL);
-    if(realm != NULL)
-	def_val = krb5_config_get_string_default(context, NULL, def_val, 
-						 "realms", realm, option, NULL);
-
-    def_val = krb5_config_get_string_default(context, NULL, def_val, 
-					     "appdefaults", 
-					     option, 
-					     NULL);
-    if(realm != NULL)
-	def_val = krb5_config_get_string_default(context, NULL, def_val,
-						 "appdefaults", 
-						 realm, 
-						 option, 
-						 NULL);
-    if(appname != NULL) {
-	def_val = krb5_config_get_string_default(context, NULL, def_val, 
-						 "appdefaults", 
-						 appname, 
-						 option, 
-						 NULL);
-	if(realm != NULL)
-	    def_val = krb5_config_get_string_default(context, NULL, def_val,
-						     "appdefaults", 
-						     appname, 
-						     realm, 
-						     option, 
-						     NULL);
-    }
-    if(def_val != NULL)
-	*ret_val = strdup(def_val);
-    else
-	*ret_val = NULL;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_appdefault_time(krb5_context context, const char *appname,
-		     krb5_const_realm realm, const char *option,
-		     time_t def_val, time_t *ret_val)
-{
-    krb5_deltat t;
-    char *val;
-
-    krb5_appdefault_string(context, appname, realm, option, NULL, &val);
-    if (val == NULL) {
-	*ret_val = def_val;
-	return;
-    }
-    if (krb5_string_to_deltat(val, &t))
-	*ret_val = def_val;
-    else
-	*ret_val = t;
-    free(val);
-}
diff --git a/crypto/heimdal/lib/krb5/asn1_glue.c b/crypto/heimdal/lib/krb5/asn1_glue.c
deleted file mode 100644
index b3f775b4bea3..000000000000
--- a/crypto/heimdal/lib/krb5/asn1_glue.c
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/*
- *
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: asn1_glue.c 21745 2007-07-31 16:11:25Z lha $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_principal2principalname (PrincipalName *p,
-			       const krb5_principal from)
-{
-    return copy_PrincipalName(&from->name, p);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_principalname2krb5_principal (krb5_context context,
-				    krb5_principal *principal,
-				    const PrincipalName from,
-				    const Realm realm)
-{
-    krb5_principal p = malloc(sizeof(*p));
-    if (p == NULL)
-	return ENOMEM;
-    copy_PrincipalName(&from, &p->name);
-    p->realm = strdup(realm);
-    if (p->realm == NULL)
-	return ENOMEM;
-    *principal = p;
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/auth_context.c b/crypto/heimdal/lib/krb5/auth_context.c
deleted file mode 100644
index 323f17a24534..000000000000
--- a/crypto/heimdal/lib/krb5/auth_context.c
+++ /dev/null
@@ -1,519 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: auth_context.c 21745 2007-07-31 16:11:25Z lha $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_init(krb5_context context,
-		   krb5_auth_context *auth_context)
-{
-    krb5_auth_context p;
-
-    ALLOC(p, 1);
-    if(!p) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    memset(p, 0, sizeof(*p));
-    ALLOC(p->authenticator, 1);
-    if (!p->authenticator) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	free(p);
-	return ENOMEM;
-    }
-    memset (p->authenticator, 0, sizeof(*p->authenticator));
-    p->flags = KRB5_AUTH_CONTEXT_DO_TIME;
-
-    p->local_address  = NULL;
-    p->remote_address = NULL;
-    p->local_port     = 0;
-    p->remote_port    = 0;
-    p->keytype        = KEYTYPE_NULL;
-    p->cksumtype      = CKSUMTYPE_NONE;
-    *auth_context     = p;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_free(krb5_context context,
-		   krb5_auth_context auth_context)
-{
-    if (auth_context != NULL) {
-	krb5_free_authenticator(context, &auth_context->authenticator);
-	if(auth_context->local_address){
-	    free_HostAddress(auth_context->local_address);
-	    free(auth_context->local_address);
-	}
-	if(auth_context->remote_address){
-	    free_HostAddress(auth_context->remote_address);
-	    free(auth_context->remote_address);
-	}
-	krb5_free_keyblock(context, auth_context->keyblock);
-	krb5_free_keyblock(context, auth_context->remote_subkey);
-	krb5_free_keyblock(context, auth_context->local_subkey);
-	free (auth_context);
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setflags(krb5_context context,
-		       krb5_auth_context auth_context,
-		       int32_t flags)
-{
-    auth_context->flags = flags;
-    return 0;
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_getflags(krb5_context context,
-		       krb5_auth_context auth_context,
-		       int32_t *flags)
-{
-    *flags = auth_context->flags;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_addflags(krb5_context context,
-		       krb5_auth_context auth_context,
-		       int32_t addflags,
-		       int32_t *flags)
-{
-    if (flags)
-	*flags = auth_context->flags;
-    auth_context->flags |= addflags;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_removeflags(krb5_context context,
-			  krb5_auth_context auth_context,
-			  int32_t removeflags,
-			  int32_t *flags)
-{
-    if (flags)
-	*flags = auth_context->flags;
-    auth_context->flags &= ~removeflags;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setaddrs(krb5_context context,
-		       krb5_auth_context auth_context,
-		       krb5_address *local_addr,
-		       krb5_address *remote_addr)
-{
-    if (local_addr) {
-	if (auth_context->local_address)
-	    krb5_free_address (context, auth_context->local_address);
-	else
-	    if ((auth_context->local_address = malloc(sizeof(krb5_address))) == NULL)
-		return ENOMEM;
-	krb5_copy_address(context, local_addr, auth_context->local_address);
-    }
-    if (remote_addr) {
-	if (auth_context->remote_address)
-	    krb5_free_address (context, auth_context->remote_address);
-	else
-	    if ((auth_context->remote_address = malloc(sizeof(krb5_address))) == NULL)
-		return ENOMEM;
-	krb5_copy_address(context, remote_addr, auth_context->remote_address);
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_genaddrs(krb5_context context, 
-		       krb5_auth_context auth_context, 
-		       int fd, int flags)
-{
-    krb5_error_code ret;
-    krb5_address local_k_address, remote_k_address;
-    krb5_address *lptr = NULL, *rptr = NULL;
-    struct sockaddr_storage ss_local, ss_remote;
-    struct sockaddr *local  = (struct sockaddr *)&ss_local;
-    struct sockaddr *remote = (struct sockaddr *)&ss_remote;
-    socklen_t len;
-
-    if(flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR) {
-	if (auth_context->local_address == NULL) {
-	    len = sizeof(ss_local);
-	    if(getsockname(fd, local, &len) < 0) {
-		ret = errno;
-		krb5_set_error_string (context, "getsockname: %s",
-				       strerror(ret));
-		goto out;
-	    }
-	    ret = krb5_sockaddr2address (context, local, &local_k_address);
-	    if(ret) goto out;
-	    if(flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR) {
-		krb5_sockaddr2port (context, local, &auth_context->local_port);
-	    } else
-		auth_context->local_port = 0;
-	    lptr = &local_k_address;
-	}
-    }
-    if(flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR) {
-	len = sizeof(ss_remote);
-	if(getpeername(fd, remote, &len) < 0) {
-	    ret = errno;
-	    krb5_set_error_string (context, "getpeername: %s", strerror(ret));
-	    goto out;
-	}
-	ret = krb5_sockaddr2address (context, remote, &remote_k_address);
-	if(ret) goto out;
-	if(flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR) {
-	    krb5_sockaddr2port (context, remote, &auth_context->remote_port);
-	} else
-	    auth_context->remote_port = 0;
-	rptr = &remote_k_address;
-    }
-    ret = krb5_auth_con_setaddrs (context,
-				  auth_context,
-				  lptr,
-				  rptr);
-  out:
-    if (lptr)
-	krb5_free_address (context, lptr);
-    if (rptr)
-	krb5_free_address (context, rptr);
-    return ret;
-
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setaddrs_from_fd (krb5_context context,
-				krb5_auth_context auth_context,
-				void *p_fd)
-{
-    int fd = *(int*)p_fd;
-    int flags = 0;
-    if(auth_context->local_address == NULL)
-	flags |= KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR;
-    if(auth_context->remote_address == NULL)
-	flags |= KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR;
-    return krb5_auth_con_genaddrs(context, auth_context, fd, flags);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_getaddrs(krb5_context context,
-		       krb5_auth_context auth_context,
-		       krb5_address **local_addr,
-		       krb5_address **remote_addr)
-{
-    if(*local_addr)
-	krb5_free_address (context, *local_addr);
-    *local_addr = malloc (sizeof(**local_addr));
-    if (*local_addr == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    krb5_copy_address(context,
-		      auth_context->local_address,
-		      *local_addr);
-
-    if(*remote_addr)
-	krb5_free_address (context, *remote_addr);
-    *remote_addr = malloc (sizeof(**remote_addr));
-    if (*remote_addr == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	krb5_free_address (context, *local_addr);
-	*local_addr = NULL;
-	return ENOMEM;
-    }
-    krb5_copy_address(context,
-		      auth_context->remote_address,
-		      *remote_addr);
-    return 0;
-}
-
-static krb5_error_code
-copy_key(krb5_context context,
-	 krb5_keyblock *in,
-	 krb5_keyblock **out)
-{
-    if(in)
-	return krb5_copy_keyblock(context, in, out);
-    *out = NULL; /* is this right? */
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_getkey(krb5_context context,
-		     krb5_auth_context auth_context,
-		     krb5_keyblock **keyblock)
-{
-    return copy_key(context, auth_context->keyblock, keyblock);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_getlocalsubkey(krb5_context context,
-			     krb5_auth_context auth_context,
-			     krb5_keyblock **keyblock)
-{
-    return copy_key(context, auth_context->local_subkey, keyblock);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_getremotesubkey(krb5_context context,
-			      krb5_auth_context auth_context,
-			      krb5_keyblock **keyblock)
-{
-    return copy_key(context, auth_context->remote_subkey, keyblock);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setkey(krb5_context context,
-		     krb5_auth_context auth_context,
-		     krb5_keyblock *keyblock)
-{
-    if(auth_context->keyblock)
-	krb5_free_keyblock(context, auth_context->keyblock);
-    return copy_key(context, keyblock, &auth_context->keyblock);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setlocalsubkey(krb5_context context,
-			     krb5_auth_context auth_context,
-			     krb5_keyblock *keyblock)
-{
-    if(auth_context->local_subkey)
-	krb5_free_keyblock(context, auth_context->local_subkey);
-    return copy_key(context, keyblock, &auth_context->local_subkey);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_generatelocalsubkey(krb5_context context,
-				  krb5_auth_context auth_context,
-				  krb5_keyblock *key)
-{
-    krb5_error_code ret;
-    krb5_keyblock *subkey;
-
-    ret = krb5_generate_subkey_extended (context, key,
-					 auth_context->keytype,
-					 &subkey);
-    if(ret)
-	return ret;
-    if(auth_context->local_subkey)
-	krb5_free_keyblock(context, auth_context->local_subkey);
-    auth_context->local_subkey = subkey;
-    return 0;
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setremotesubkey(krb5_context context,
-			      krb5_auth_context auth_context,
-			      krb5_keyblock *keyblock)
-{
-    if(auth_context->remote_subkey)
-	krb5_free_keyblock(context, auth_context->remote_subkey);
-    return copy_key(context, keyblock, &auth_context->remote_subkey);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setcksumtype(krb5_context context,
-			   krb5_auth_context auth_context,
-			   krb5_cksumtype cksumtype)
-{
-    auth_context->cksumtype = cksumtype;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_getcksumtype(krb5_context context,
-			   krb5_auth_context auth_context,
-			   krb5_cksumtype *cksumtype)
-{
-    *cksumtype = auth_context->cksumtype;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setkeytype (krb5_context context,
-			  krb5_auth_context auth_context,
-			  krb5_keytype keytype)
-{
-    auth_context->keytype = keytype;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_getkeytype (krb5_context context,
-			  krb5_auth_context auth_context,
-			  krb5_keytype *keytype)
-{
-    *keytype = auth_context->keytype;
-    return 0;
-}
-
-#if 0
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setenctype(krb5_context context,
-			 krb5_auth_context auth_context,
-			 krb5_enctype etype)
-{
-    if(auth_context->keyblock)
-	krb5_free_keyblock(context, auth_context->keyblock);
-    ALLOC(auth_context->keyblock, 1);
-    if(auth_context->keyblock == NULL)
-	return ENOMEM;
-    auth_context->keyblock->keytype = etype;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_getenctype(krb5_context context,
-			 krb5_auth_context auth_context,
-			 krb5_enctype *etype)
-{
-    krb5_abortx(context, "unimplemented krb5_auth_getenctype called");
-}
-#endif
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_getlocalseqnumber(krb5_context context,
-			    krb5_auth_context auth_context,
-			    int32_t *seqnumber)
-{
-  *seqnumber = auth_context->local_seqnumber;
-  return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setlocalseqnumber (krb5_context context,
-			     krb5_auth_context auth_context,
-			     int32_t seqnumber)
-{
-  auth_context->local_seqnumber = seqnumber;
-  return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_getremoteseqnumber(krb5_context context,
-			     krb5_auth_context auth_context,
-			     int32_t *seqnumber)
-{
-  *seqnumber = auth_context->remote_seqnumber;
-  return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setremoteseqnumber (krb5_context context,
-			      krb5_auth_context auth_context,
-			      int32_t seqnumber)
-{
-  auth_context->remote_seqnumber = seqnumber;
-  return 0;
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_getauthenticator(krb5_context context,
-			   krb5_auth_context auth_context,
-			   krb5_authenticator *authenticator)
-{
-    *authenticator = malloc(sizeof(**authenticator));
-    if (*authenticator == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    copy_Authenticator(auth_context->authenticator,
-		       *authenticator);
-    return 0;
-}
-
-
-void KRB5_LIB_FUNCTION
-krb5_free_authenticator(krb5_context context,
-			krb5_authenticator *authenticator)
-{
-    free_Authenticator (*authenticator);
-    free (*authenticator);
-    *authenticator = NULL;
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setuserkey(krb5_context context,
-			 krb5_auth_context auth_context,
-			 krb5_keyblock *keyblock)
-{
-    if(auth_context->keyblock)
-	krb5_free_keyblock(context, auth_context->keyblock);
-    return krb5_copy_keyblock(context, keyblock, &auth_context->keyblock);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_getrcache(krb5_context context,
-			krb5_auth_context auth_context,
-			krb5_rcache *rcache)
-{
-    *rcache = auth_context->rcache;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setrcache(krb5_context context,
-			krb5_auth_context auth_context,
-			krb5_rcache rcache)
-{
-    auth_context->rcache = rcache;
-    return 0;
-}
-
-#if 0 /* not implemented */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_initivector(krb5_context context,
-			  krb5_auth_context auth_context)
-{
-    krb5_abortx(context, "unimplemented krb5_auth_con_initivector called");
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setivector(krb5_context context,
-			 krb5_auth_context auth_context,
-			 krb5_pointer ivector)
-{
-    krb5_abortx(context, "unimplemented krb5_auth_con_setivector called");
-}
-
-#endif /* not implemented */
diff --git a/crypto/heimdal/lib/krb5/build_ap_req.c b/crypto/heimdal/lib/krb5/build_ap_req.c
deleted file mode 100644
index b1968fe817b7..000000000000
--- a/crypto/heimdal/lib/krb5/build_ap_req.c
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: build_ap_req.c 13863 2004-05-25 21:46:46Z lha $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_build_ap_req (krb5_context context,
-		   krb5_enctype enctype,
-		   krb5_creds *cred,
-		   krb5_flags ap_options,
-		   krb5_data authenticator,
-		   krb5_data *retdata)
-{
-  krb5_error_code ret = 0;
-  AP_REQ ap;
-  Ticket t;
-  size_t len;
-  
-  ap.pvno = 5;
-  ap.msg_type = krb_ap_req;
-  memset(&ap.ap_options, 0, sizeof(ap.ap_options));
-  ap.ap_options.use_session_key = (ap_options & AP_OPTS_USE_SESSION_KEY) > 0;
-  ap.ap_options.mutual_required = (ap_options & AP_OPTS_MUTUAL_REQUIRED) > 0;
-  
-  ap.ticket.tkt_vno = 5;
-  copy_Realm(&cred->server->realm, &ap.ticket.realm);
-  copy_PrincipalName(&cred->server->name, &ap.ticket.sname);
-
-  decode_Ticket(cred->ticket.data, cred->ticket.length, &t, &len);
-  copy_EncryptedData(&t.enc_part, &ap.ticket.enc_part);
-  free_Ticket(&t);
-
-  ap.authenticator.etype = enctype;
-  ap.authenticator.kvno  = NULL;
-  ap.authenticator.cipher = authenticator;
-
-  ASN1_MALLOC_ENCODE(AP_REQ, retdata->data, retdata->length,
-		     &ap, &len, ret);
-  if(ret == 0 && retdata->length != len)
-      krb5_abortx(context, "internal error in ASN.1 encoder");
-  free_AP_REQ(&ap);
-  return ret;
-
-}
diff --git a/crypto/heimdal/lib/krb5/build_auth.c b/crypto/heimdal/lib/krb5/build_auth.c
deleted file mode 100644
index f8739c044d16..000000000000
--- a/crypto/heimdal/lib/krb5/build_auth.c
+++ /dev/null
@@ -1,202 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: build_auth.c 17033 2006-04-10 08:53:21Z lha $");
-
-static krb5_error_code
-make_etypelist(krb5_context context,
-	       krb5_authdata **auth_data)
-{
-    EtypeList etypes;
-    krb5_error_code ret;
-    krb5_authdata ad;
-    u_char *buf;
-    size_t len;
-    size_t buf_size;
-     
-    ret = krb5_init_etype(context, &etypes.len, &etypes.val, NULL);
-    if (ret)
-	return ret;
-
-    ASN1_MALLOC_ENCODE(EtypeList, buf, buf_size, &etypes, &len, ret);
-    if (ret) {
-	free_EtypeList(&etypes);
-	return ret;
-    }
-    if(buf_size != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-    free_EtypeList(&etypes);
-
-    ALLOC_SEQ(&ad, 1);
-    if (ad.val == NULL) {
-	free(buf);
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    ad.val[0].ad_type = KRB5_AUTHDATA_GSS_API_ETYPE_NEGOTIATION;
-    ad.val[0].ad_data.length = len;
-    ad.val[0].ad_data.data = buf;
-
-    ASN1_MALLOC_ENCODE(AD_IF_RELEVANT, buf, buf_size, &ad, &len, ret);
-    if (ret) {
-	free_AuthorizationData(&ad);
-	return ret;
-    } 
-    if(buf_size != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-    free_AuthorizationData(&ad);
-
-    ALLOC(*auth_data, 1);
-    if (*auth_data == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    ALLOC_SEQ(*auth_data, 1);
-    if ((*auth_data)->val == NULL) {
-	free(buf);
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    (*auth_data)->val[0].ad_type = KRB5_AUTHDATA_IF_RELEVANT;
-    (*auth_data)->val[0].ad_data.length = len;
-    (*auth_data)->val[0].ad_data.data = buf;
-
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_build_authenticator (krb5_context context,
-			  krb5_auth_context auth_context,
-			  krb5_enctype enctype,
-			  krb5_creds *cred,
-			  Checksum *cksum,
-			  Authenticator **auth_result,
-			  krb5_data *result,
-			  krb5_key_usage usage)
-{
-    Authenticator *auth;
-    u_char *buf = NULL;
-    size_t buf_size;
-    size_t len;
-    krb5_error_code ret;
-    krb5_crypto crypto;
-
-    auth = calloc(1, sizeof(*auth));
-    if (auth == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    auth->authenticator_vno = 5;
-    copy_Realm(&cred->client->realm, &auth->crealm);
-    copy_PrincipalName(&cred->client->name, &auth->cname);
-
-    krb5_us_timeofday (context, &auth->ctime, &auth->cusec);
-    
-    ret = krb5_auth_con_getlocalsubkey(context, auth_context, &auth->subkey);
-    if(ret)
-	goto fail;
-
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
-	if(auth_context->local_seqnumber == 0)
-	    krb5_generate_seq_number (context,
-				      &cred->session, 
-				      &auth_context->local_seqnumber);
-	ALLOC(auth->seq_number, 1);
-	if(auth->seq_number == NULL) {
-	    ret = ENOMEM;
-	    goto fail;
-	}
-	*auth->seq_number = auth_context->local_seqnumber;
-    } else
-	auth->seq_number = NULL;
-    auth->authorization_data = NULL;
-    auth->cksum = cksum;
-
-    if (cksum != NULL && cksum->cksumtype == CKSUMTYPE_GSSAPI) {
-	/*
-	 * This is not GSS-API specific, we only enable it for
-	 * GSS for now
-	 */
-	ret = make_etypelist(context, &auth->authorization_data);
-	if (ret)
-	    goto fail;
-    }
-
-    /* XXX - Copy more to auth_context? */
-
-    auth_context->authenticator->ctime = auth->ctime;
-    auth_context->authenticator->cusec = auth->cusec;
-
-    ASN1_MALLOC_ENCODE(Authenticator, buf, buf_size, auth, &len, ret);
-    if (ret)
-	goto fail;
-    if(buf_size != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-
-    ret = krb5_crypto_init(context, &cred->session, enctype, &crypto);
-    if (ret)
-	goto fail;
-    ret = krb5_encrypt (context,
-			crypto,
-			usage /* KRB5_KU_AP_REQ_AUTH */,
-			buf + buf_size - len, 
-			len,
-			result);
-    krb5_crypto_destroy(context, crypto);
-
-    if (ret)
-	goto fail;
-
-    free (buf);
-
-    if (auth_result)
-	*auth_result = auth;
-    else {
-	/* Don't free the `cksum', it's allocated by the caller */
-	auth->cksum = NULL;
-	free_Authenticator (auth);
-	free (auth);
-    }
-    return ret;
-  fail:
-    free_Authenticator (auth);
-    free (auth);
-    free (buf);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/cache.c b/crypto/heimdal/lib/krb5/cache.c
deleted file mode 100644
index 5db6d2b2cf8a..000000000000
--- a/crypto/heimdal/lib/krb5/cache.c
+++ /dev/null
@@ -1,1073 +0,0 @@
-/*
- * Copyright (c) 1997 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: cache.c 22127 2007-12-04 00:54:37Z lha $");
-
-/**
- * Add a new ccache type with operations `ops', overwriting any
- * existing one if `override'.
- *
- * @param context a Keberos context
- * @param ops type of plugin symbol
- * @param override flag to select if the registration is to overide
- * an existing ops with the same name.
- *
- * @return Return an error code or 0.
- *
- * @ingroup krb5_ccache
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_register(krb5_context context, 
-		 const krb5_cc_ops *ops, 
-		 krb5_boolean override)
-{
-    int i;
-
-    for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) {
-	if(strcmp(context->cc_ops[i].prefix, ops->prefix) == 0) {
-	    if(!override) {
-		krb5_set_error_string(context,
-				      "ccache type %s already exists",
-				      ops->prefix);
-		return KRB5_CC_TYPE_EXISTS;
-	    }
-	    break;
-	}
-    }
-    if(i == context->num_cc_ops) {
-	krb5_cc_ops *o = realloc(context->cc_ops,
-				 (context->num_cc_ops + 1) *
-				 sizeof(*context->cc_ops));
-	if(o == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return KRB5_CC_NOMEM;
-	}
-	context->num_cc_ops++;
-	context->cc_ops = o;
-	memset(context->cc_ops + i, 0, 
-	       (context->num_cc_ops - i) * sizeof(*context->cc_ops));
-    }
-    memcpy(&context->cc_ops[i], ops, sizeof(context->cc_ops[i]));
-    return 0;
-}
-
-/*
- * Allocate the memory for a `id' and the that function table to
- * `ops'. Returns 0 or and error code.
- */
-
-krb5_error_code
-_krb5_cc_allocate(krb5_context context, 
-		  const krb5_cc_ops *ops,
-		  krb5_ccache *id)
-{
-    krb5_ccache p;
-
-    p = malloc (sizeof(*p));
-    if(p == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return KRB5_CC_NOMEM;
-    }
-    p->ops = ops;
-    *id = p;
-
-    return 0;
-}
-
-/*
- * Allocate memory for a new ccache in `id' with operations `ops'
- * and name `residual'. Return 0 or an error code.
- */
-
-static krb5_error_code
-allocate_ccache (krb5_context context,
-		 const krb5_cc_ops *ops,
-		 const char *residual,
-		 krb5_ccache *id)
-{
-    krb5_error_code ret;
-
-    ret = _krb5_cc_allocate(context, ops, id);
-    if (ret)
-	return ret;
-    ret = (*id)->ops->resolve(context, id, residual);
-    if(ret)
-	free(*id);
-    return ret;
-}
-
-/**
- * Find and allocate a ccache in `id' from the specification in `residual'.
- * If the ccache name doesn't contain any colon, interpret it as a file name.
- *
- * @param context a Keberos context.
- * @param name string name of a credential cache.
- * @param id return pointer to a found credential cache.
- *
- * @return Return 0 or an error code. In case of an error, id is set
- * to NULL.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_resolve(krb5_context context,
-		const char *name,
-		krb5_ccache *id)
-{
-    int i;
-
-    *id = NULL;
-
-    for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) {
-	size_t prefix_len = strlen(context->cc_ops[i].prefix);
-
-	if(strncmp(context->cc_ops[i].prefix, name, prefix_len) == 0
-	   && name[prefix_len] == ':') {
-	    return allocate_ccache (context, &context->cc_ops[i],
-				    name + prefix_len + 1,
-				    id);
-	}
-    }
-    if (strchr (name, ':') == NULL)
-	return allocate_ccache (context, &krb5_fcc_ops, name, id);
-    else {
-	krb5_set_error_string(context, "unknown ccache type %s", name);
-	return KRB5_CC_UNKNOWN_TYPE;
-    }
-}
-
-/**
- * Generate a new ccache of type `ops' in `id'.
- *
- * @return Return 0 or an error code.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_gen_new(krb5_context context,
-		const krb5_cc_ops *ops,
-		krb5_ccache *id)
-{
-    return krb5_cc_new_unique(context, ops->prefix, NULL, id);
-}
-
-/**
- * Generates a new unique ccache of `type` in `id'. If `type' is NULL,
- * the library chooses the default credential cache type. The supplied
- * `hint' (that can be NULL) is a string that the credential cache
- * type can use to base the name of the credential on, this is to make
- * it easier for the user to differentiate the credentials.
- *
- * @return Returns 0 or an error code.
- *
- * @ingroup krb5_ccache
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_new_unique(krb5_context context, const char *type, 
-		   const char *hint, krb5_ccache *id)
-{
-    const krb5_cc_ops *ops = KRB5_DEFAULT_CCTYPE;
-    krb5_error_code ret;
-
-    if (type) {
-	ops = krb5_cc_get_prefix_ops(context, type);
-	if (ops == NULL) {
-	    krb5_set_error_string(context,
-				  "Credential cache type %s is unknown", type);
-	    return KRB5_CC_UNKNOWN_TYPE;
-	}
-    }
-
-    ret = _krb5_cc_allocate(context, ops, id);
-    if (ret)
-	return ret;
-    return (*id)->ops->gen_new(context, id);
-}
-
-/**
- * Return the name of the ccache `id'
- *
- * @ingroup krb5_ccache
- */
-
-
-const char* KRB5_LIB_FUNCTION
-krb5_cc_get_name(krb5_context context,
-		 krb5_ccache id)
-{
-    return id->ops->get_name(context, id);
-}
-
-/**
- * Return the type of the ccache `id'.
- *
- * @ingroup krb5_ccache
- */
-
-
-const char* KRB5_LIB_FUNCTION
-krb5_cc_get_type(krb5_context context,
-		 krb5_ccache id)
-{
-    return id->ops->prefix;
-}
-
-/**
- * Return the complete resolvable name the ccache `id' in `str�.
- * `str` should be freed with free(3).
- * Returns 0 or an error (and then *str is set to NULL).
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_get_full_name(krb5_context context,
-		      krb5_ccache id,
-		      char **str)
-{
-    const char *type, *name;
-
-    *str = NULL;
-
-    type = krb5_cc_get_type(context, id);
-    if (type == NULL) {
-	krb5_set_error_string(context, "cache have no name of type");
-	return KRB5_CC_UNKNOWN_TYPE;
-    }
-
-    name = krb5_cc_get_name(context, id);
-    if (name == NULL) {
-	krb5_set_error_string(context, "cache of type %s have no name", type);
-	return KRB5_CC_BADNAME;
-    }
-    
-    if (asprintf(str, "%s:%s", type, name) == -1) {
-	krb5_set_error_string(context, "malloc - out of memory");
-	*str = NULL;
-	return ENOMEM;
-    }
-    return 0;
-}
-
-/**
- * Return krb5_cc_ops of a the ccache `id'.
- *
- * @ingroup krb5_ccache
- */
-
-
-const krb5_cc_ops *
-krb5_cc_get_ops(krb5_context context, krb5_ccache id)
-{
-    return id->ops;
-}
-
-/*
- * Expand variables in `str' into `res'
- */
-
-krb5_error_code
-_krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
-{
-    size_t tlen, len = 0;
-    char *tmp, *tmp2, *append;
-
-    *res = NULL;
-
-    while (str && *str) {
-	tmp = strstr(str, "%{");
-	if (tmp && tmp != str) {
-	    append = malloc((tmp - str) + 1);
-	    if (append) {
-		memcpy(append, str, tmp - str);
-		append[tmp - str] = '\0';
-	    }
-	    str = tmp;
-	} else if (tmp) {
-	    tmp2 = strchr(tmp, '}');
-	    if (tmp2 == NULL) {
-		free(*res);
-		*res = NULL;
-		krb5_set_error_string(context, "variable missing }");
-		return KRB5_CONFIG_BADFORMAT;
-	    }
-	    if (strncasecmp(tmp, "%{uid}", 6) == 0)
-		asprintf(&append, "%u", (unsigned)getuid());
-	    else if (strncasecmp(tmp, "%{null}", 7) == 0)
-		append = strdup("");
-	    else {
-		free(*res);
-		*res = NULL;
-		krb5_set_error_string(context, 
-				      "expand default cache unknown "
-				      "variable \"%.*s\"",
-				      (int)(tmp2 - tmp) - 2, tmp + 2);
-		return KRB5_CONFIG_BADFORMAT;
-	    }
-	    str = tmp2 + 1;
-	} else {
-	    append = strdup(str);
-	    str = NULL;
-	}
-	if (append == NULL) {
-	    free(*res);
-	    *res = NULL;
-	    krb5_set_error_string(context, "malloc - out of memory");
-	    return ENOMEM;
-	}
-	
-	tlen = strlen(append);
-	tmp = realloc(*res, len + tlen + 1);
-	if (tmp == NULL) {
-	    free(append);
-	    free(*res);
-	    *res = NULL;
-	    krb5_set_error_string(context, "malloc - out of memory");
-	    return ENOMEM;
-	}
-	*res = tmp;
-	memcpy(*res + len, append, tlen + 1);
-	len = len + tlen;
-	free(append);
-    }    
-    return 0;
-}
-
-/*
- * Return non-zero if envirnoment that will determine default krb5cc
- * name has changed.
- */
-
-static int
-environment_changed(krb5_context context)
-{
-    const char *e;
-
-    /* if the cc name was set, don't change it */
-    if (context->default_cc_name_set)
-	return 0;
-
-    if(issuid())
-	return 0;
-
-    e = getenv("KRB5CCNAME");
-    if (e == NULL) {
-	if (context->default_cc_name_env) {
-	    free(context->default_cc_name_env);
-	    context->default_cc_name_env = NULL;
-	    return 1;
-	}
-    } else {
-	if (context->default_cc_name_env == NULL)
-	    return 1;
-	if (strcmp(e, context->default_cc_name_env) != 0)
-	    return 1;
-    }
-    return 0;
-}
-
-/**
- * Set the default cc name for `context' to `name'.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_set_default_name(krb5_context context, const char *name)
-{
-    krb5_error_code ret = 0;
-    char *p;
-
-    if (name == NULL) {
-	const char *e = NULL;
-
-	if(!issuid()) {
-	    e = getenv("KRB5CCNAME");
-	    if (e) {
-		p = strdup(e);
-		if (context->default_cc_name_env)
-		    free(context->default_cc_name_env);
-		context->default_cc_name_env = strdup(e);
-	    }
-	}
-	if (e == NULL) {
-	    e = krb5_config_get_string(context, NULL, "libdefaults",
-				       "default_cc_name", NULL);
-	    if (e) {
-		ret = _krb5_expand_default_cc_name(context, e, &p);
-		if (ret)
-		    return ret;
-	    }
-	    if (e == NULL) {
-		const krb5_cc_ops *ops = KRB5_DEFAULT_CCTYPE;
-		ret = (*ops->default_name)(context, &p);
-		if (ret)
-		    return ret;
-	    }
-	}
-	context->default_cc_name_set = 0;
-    } else {
-	p = strdup(name);
-	context->default_cc_name_set = 1;
-    }
-
-    if (p == NULL) {
-	krb5_set_error_string(context, "malloc - out of memory");
-	return ENOMEM;
-    }
-
-    if (context->default_cc_name)
-	free(context->default_cc_name);
-
-    context->default_cc_name = p;
-
-    return ret;
-}
-
-/**
- * Return a pointer to a context static string containing the default
- * ccache name.
- *
- * @return String to the default credential cache name.
- *
- * @ingroup krb5_ccache
- */
-
-
-const char* KRB5_LIB_FUNCTION
-krb5_cc_default_name(krb5_context context)
-{
-    if (context->default_cc_name == NULL || environment_changed(context))
-	krb5_cc_set_default_name(context, NULL);
-
-    return context->default_cc_name;
-}
-
-/**
- * Open the default ccache in `id'.
- *
- * @return Return 0 or an error code.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_default(krb5_context context,
-		krb5_ccache *id)
-{
-    const char *p = krb5_cc_default_name(context);
-
-    if (p == NULL) {
-	krb5_set_error_string(context, "malloc - out of memory");
-	return ENOMEM;
-    }
-    return krb5_cc_resolve(context, p, id);
-}
-
-/**
- * Create a new ccache in `id' for `primary_principal'.
- *
- * @return Return 0 or an error code.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_initialize(krb5_context context,
-		   krb5_ccache id,
-		   krb5_principal primary_principal)
-{
-    return (*id->ops->init)(context, id, primary_principal);
-}
-
-
-/**
- * Remove the ccache `id'.
- *
- * @return Return 0 or an error code.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_destroy(krb5_context context,
-		krb5_ccache id)
-{
-    krb5_error_code ret;
-
-    ret = (*id->ops->destroy)(context, id);
-    krb5_cc_close (context, id);
-    return ret;
-}
-
-/**
- * Stop using the ccache `id' and free the related resources.
- *
- * @return Return 0 or an error code.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_close(krb5_context context,
-	      krb5_ccache id)
-{
-    krb5_error_code ret;
-    ret = (*id->ops->close)(context, id);
-    free(id);
-    return ret;
-}
-
-/**
- * Store `creds' in the ccache `id'.
- *
- * @return Return 0 or an error code.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_store_cred(krb5_context context,
-		   krb5_ccache id,
-		   krb5_creds *creds)
-{
-    return (*id->ops->store)(context, id, creds);
-}
-
-/**
- * Retrieve the credential identified by `mcreds' (and `whichfields')
- * from `id' in `creds'. 'creds' must be free by the caller using
- * krb5_free_cred_contents.
- *
- * @return Return 0 or an error code.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_retrieve_cred(krb5_context context,
-		      krb5_ccache id,
-		      krb5_flags whichfields,
-		      const krb5_creds *mcreds,
-		      krb5_creds *creds)
-{
-    krb5_error_code ret;
-    krb5_cc_cursor cursor;
-
-    if (id->ops->retrieve != NULL) {
-	return (*id->ops->retrieve)(context, id, whichfields,
-				    mcreds, creds);
-    }
-
-    ret = krb5_cc_start_seq_get(context, id, &cursor);
-    if (ret)
-	return ret;
-    while((ret = krb5_cc_next_cred(context, id, &cursor, creds)) == 0){
-	if(krb5_compare_creds(context, whichfields, mcreds, creds)){
-	    ret = 0;
-	    break;
-	}
-	krb5_free_cred_contents (context, creds);
-    }
-    krb5_cc_end_seq_get(context, id, &cursor);
-    return ret;
-}
-
-/**
- * Return the principal of `id' in `principal'.
- *
- * @return Return 0 or an error code.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_get_principal(krb5_context context,
-		      krb5_ccache id,
-		      krb5_principal *principal)
-{
-    return (*id->ops->get_princ)(context, id, principal);
-}
-
-/**
- * Start iterating over `id', `cursor' is initialized to the
- * beginning.
- *
- * @return Return 0 or an error code.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_start_seq_get (krb5_context context,
-		       const krb5_ccache id,
-		       krb5_cc_cursor *cursor)
-{
-    return (*id->ops->get_first)(context, id, cursor);
-}
-
-/**
- * Retrieve the next cred pointed to by (`id', `cursor') in `creds'
- * and advance `cursor'.
- *
- * @return Return 0 or an error code.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_next_cred (krb5_context context,
-		   const krb5_ccache id,
-		   krb5_cc_cursor *cursor,
-		   krb5_creds *creds)
-{
-    return (*id->ops->get_next)(context, id, cursor, creds);
-}
-
-/**
- * Like krb5_cc_next_cred, but allow for selective retrieval
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_next_cred_match(krb5_context context,
-			const krb5_ccache id,
-			krb5_cc_cursor * cursor,
-			krb5_creds * creds,
-			krb5_flags whichfields,
-			const krb5_creds * mcreds)
-{
-    krb5_error_code ret;
-    while (1) {
-	ret = krb5_cc_next_cred(context, id, cursor, creds);
-	if (ret)
-	    return ret;
-	if (mcreds == NULL || krb5_compare_creds(context, whichfields, mcreds, creds))
-	    return 0;
-	krb5_free_cred_contents(context, creds);
-    }
-}
-
-/**
- * Destroy the cursor `cursor'.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_end_seq_get (krb5_context context,
-		     const krb5_ccache id,
-		     krb5_cc_cursor *cursor)
-{
-    return (*id->ops->end_get)(context, id, cursor);
-}
-
-/**
- * Remove the credential identified by `cred', `which' from `id'.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_remove_cred(krb5_context context,
-		    krb5_ccache id,
-		    krb5_flags which,
-		    krb5_creds *cred)
-{
-    if(id->ops->remove_cred == NULL) {
-	krb5_set_error_string(context,
-			      "ccache %s does not support remove_cred",
-			      id->ops->prefix);
-	return EACCES; /* XXX */
-    }
-    return (*id->ops->remove_cred)(context, id, which, cred);
-}
-
-/**
- * Set the flags of `id' to `flags'.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_set_flags(krb5_context context,
-		  krb5_ccache id,
-		  krb5_flags flags)
-{
-    return (*id->ops->set_flags)(context, id, flags);
-}
-		    
-/**
- * Copy the contents of `from' to `to'.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_copy_cache_match(krb5_context context,
-			 const krb5_ccache from,
-			 krb5_ccache to,
-			 krb5_flags whichfields,
-			 const krb5_creds * mcreds,
-			 unsigned int *matched)
-{
-    krb5_error_code ret;
-    krb5_cc_cursor cursor;
-    krb5_creds cred;
-    krb5_principal princ;
-
-    ret = krb5_cc_get_principal(context, from, &princ);
-    if (ret)
-	return ret;
-    ret = krb5_cc_initialize(context, to, princ);
-    if (ret) {
-	krb5_free_principal(context, princ);
-	return ret;
-    }
-    ret = krb5_cc_start_seq_get(context, from, &cursor);
-    if (ret) {
-	krb5_free_principal(context, princ);
-	return ret;
-    }
-    if (matched)
-	*matched = 0;
-    while (ret == 0 &&
-	   krb5_cc_next_cred_match(context, from, &cursor, &cred,
-				   whichfields, mcreds) == 0) {
-	if (matched)
-	    (*matched)++;
-	ret = krb5_cc_store_cred(context, to, &cred);
-	krb5_free_cred_contents(context, &cred);
-    }
-    krb5_cc_end_seq_get(context, from, &cursor);
-    krb5_free_principal(context, princ);
-    return ret;
-}
-
-/**
- * Just like krb5_cc_copy_cache_match, but copy everything.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_copy_cache(krb5_context context,
-		   const krb5_ccache from,
-		   krb5_ccache to)
-{
-    return krb5_cc_copy_cache_match(context, from, to, 0, NULL, NULL);
-}
-
-/**
- * Return the version of `id'.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_get_version(krb5_context context,
-		    const krb5_ccache id)
-{
-    if(id->ops->get_version)
-	return (*id->ops->get_version)(context, id);
-    else
-	return 0;
-}
-
-/**
- * Clear `mcreds' so it can be used with krb5_cc_retrieve_cred
- *
- * @ingroup krb5_ccache
- */
-
-
-void KRB5_LIB_FUNCTION
-krb5_cc_clear_mcred(krb5_creds *mcred)
-{
-    memset(mcred, 0, sizeof(*mcred));
-}
-
-/**
- * Get the cc ops that is registered in `context' to handle the
- * `prefix'. `prefix' can be a complete credential cache name or a
- * prefix, the function will only use part up to the first colon (:)
- * if there is one.
- * Returns NULL if ops not found.
- *
- * @ingroup krb5_ccache
- */
-
-
-const krb5_cc_ops *
-krb5_cc_get_prefix_ops(krb5_context context, const char *prefix)
-{
-    char *p, *p1;
-    int i;
-    
-    if (prefix[0] == '/')
-	return &krb5_fcc_ops;
-
-    p = strdup(prefix);
-    if (p == NULL) {
-	krb5_set_error_string(context, "malloc - out of memory");
-	return NULL;
-    }
-    p1 = strchr(p, ':');
-    if (p1)
-	*p1 = '\0';
-
-    for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) {
-	if(strcmp(context->cc_ops[i].prefix, p) == 0) {
-	    free(p);
-	    return &context->cc_ops[i];
-	}
-    }
-    free(p);
-    return NULL;
-}
-
-struct krb5_cc_cache_cursor_data {
-    const krb5_cc_ops *ops;
-    krb5_cc_cursor cursor;
-};
-
-/**
- * Start iterating over all caches of `type'. If `type' is NULL, the
- * default type is * used. `cursor' is initialized to the beginning.
- *
- * @return Return 0 or an error code.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_cache_get_first (krb5_context context,
-			 const char *type,
-			 krb5_cc_cache_cursor *cursor)
-{
-    const krb5_cc_ops *ops;
-    krb5_error_code ret;
-
-    if (type == NULL)
-	type = krb5_cc_default_name(context);
-
-    ops = krb5_cc_get_prefix_ops(context, type);
-    if (ops == NULL) {
-	krb5_set_error_string(context, "Unknown type \"%s\" when iterating "
-			      "trying to iterate the credential caches", type);
-	return KRB5_CC_UNKNOWN_TYPE;
-    }
-
-    if (ops->get_cache_first == NULL) {
-	krb5_set_error_string(context, "Credential cache type %s doesn't support "
-			      "iterations over caches", ops->prefix);
-	return KRB5_CC_NOSUPP;
-    }
-
-    *cursor = calloc(1, sizeof(**cursor));
-    if (*cursor == NULL) {
-	krb5_set_error_string(context, "malloc - out of memory");
-	return ENOMEM;
-    }
-
-    (*cursor)->ops = ops;
-
-    ret = ops->get_cache_first(context, &(*cursor)->cursor);
-    if (ret) {
-	free(*cursor);
-	*cursor = NULL;
-    }
-    return ret;
-}
-
-/**
- * Retrieve the next cache pointed to by (`cursor') in `id'
- * and advance `cursor'.
- *
- * @return Return 0 or an error code.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_cache_next (krb5_context context,
-		   krb5_cc_cache_cursor cursor,
-		   krb5_ccache *id)
-{
-    return cursor->ops->get_cache_next(context, cursor->cursor, id);
-}
-
-/**
- * Destroy the cursor `cursor'.
- *
- * @return Return 0 or an error code.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_cache_end_seq_get (krb5_context context,
-			   krb5_cc_cache_cursor cursor)
-{
-    krb5_error_code ret;
-    ret = cursor->ops->end_cache_get(context, cursor->cursor);
-    cursor->ops = NULL;
-    free(cursor);
-    return ret;
-}
-
-/**
- * Search for a matching credential cache of type `type' that have the
- * `principal' as the default principal. If NULL is used for `type',
- * the default type is used. On success, `id' needs to be freed with
- * krb5_cc_close or krb5_cc_destroy.
- *
- * @return On failure, error code is returned and `id' is set to NULL.
- *
- * @ingroup krb5_ccache
- */
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_cache_match (krb5_context context,
-		     krb5_principal client,
-		     const char *type,
-		     krb5_ccache *id)
-{
-    krb5_cc_cache_cursor cursor;
-    krb5_error_code ret;
-    krb5_ccache cache = NULL;
-
-    *id = NULL;
-
-    ret = krb5_cc_cache_get_first (context, type, &cursor);
-    if (ret)
-	return ret;
-
-    while ((ret = krb5_cc_cache_next (context, cursor, &cache)) == 0) {
-	krb5_principal principal;
-
-	ret = krb5_cc_get_principal(context, cache, &principal);
-	if (ret == 0) {
-	    krb5_boolean match;
-	    
-	    match = krb5_principal_compare(context, principal, client);
-	    krb5_free_principal(context, principal);
-	    if (match)
-		break;
-	}
-
-	krb5_cc_close(context, cache);
-	cache = NULL;
-    }
-
-    krb5_cc_cache_end_seq_get(context, cursor);
-
-    if (cache == NULL) {
-	char *str;
-
-	krb5_unparse_name(context, client, &str);
-
-	krb5_set_error_string(context, "Principal %s not found in a "
-			  "credential cache", str ? str : "<out of memory>");
-	if (str)
-	    free(str);
-	return KRB5_CC_NOTFOUND;
-    }
-    *id = cache;
-
-    return 0;
-}
-
-/**
- * Move the content from one credential cache to another. The
- * operation is an atomic switch. 
- *
- * @param context a Keberos context
- * @param from the credential cache to move the content from
- * @param to the credential cache to move the content to
-
- * @return On sucess, from is freed. On failure, error code is
- * returned and from and to are both still allocated.
- *
- * @ingroup krb5_ccache
- */
-
-krb5_error_code
-krb5_cc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
-{
-    krb5_error_code ret;
-
-    if (strcmp(from->ops->prefix, to->ops->prefix) != 0) {
-	krb5_set_error_string(context, "Moving credentials between diffrent "
-			      "types not yet supported");
-	return KRB5_CC_NOSUPP;
-    }
-
-    ret = (*to->ops->move)(context, from, to);
-    if (ret == 0) {
-	memset(from, 0, sizeof(*from));
-	free(from);
-    }
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/changepw.c b/crypto/heimdal/lib/krb5/changepw.c
deleted file mode 100644
index 703cf43eb6fb..000000000000
--- a/crypto/heimdal/lib/krb5/changepw.c
+++ /dev/null
@@ -1,823 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: changepw.c 21505 2007-07-12 12:28:38Z lha $");
-
-static void
-str2data (krb5_data *d,
-	  const char *fmt,
-	  ...) __attribute__ ((format (printf, 2, 3)));
-
-static void
-str2data (krb5_data *d,
-	  const char *fmt,
-	  ...)
-{
-    va_list args;
-    char *str;
-
-    va_start(args, fmt);
-    d->length = vasprintf (&str, fmt, args);
-    va_end(args);
-    d->data = str;
-}
-
-/*
- * Change password protocol defined by
- * draft-ietf-cat-kerb-chg-password-02.txt
- * 
- * Share the response part of the protocol with MS set password
- * (RFC3244)
- */
-
-static krb5_error_code
-chgpw_send_request (krb5_context context,
-		    krb5_auth_context *auth_context,
-		    krb5_creds *creds,
-		    krb5_principal targprinc,
-		    int is_stream,
-		    int sock,
-		    const char *passwd,
-		    const char *host)
-{
-    krb5_error_code ret;
-    krb5_data ap_req_data;
-    krb5_data krb_priv_data;
-    krb5_data passwd_data;
-    size_t len;
-    u_char header[6];
-    u_char *p;
-    struct iovec iov[3];
-    struct msghdr msghdr;
-
-    if (is_stream)
-	return KRB5_KPASSWD_MALFORMED;
-
-    if (targprinc &&
-	krb5_principal_compare(context, creds->client, targprinc) != TRUE)
-	return KRB5_KPASSWD_MALFORMED;
-
-    krb5_data_zero (&ap_req_data);
-
-    ret = krb5_mk_req_extended (context,
-				auth_context,
-				AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SUBKEY,
-				NULL, /* in_data */
-				creds,
-				&ap_req_data);
-    if (ret)
-	return ret;
-
-    passwd_data.data   = rk_UNCONST(passwd);
-    passwd_data.length = strlen(passwd);
-
-    krb5_data_zero (&krb_priv_data);
-
-    ret = krb5_mk_priv (context,
-			*auth_context,
-			&passwd_data,
-			&krb_priv_data,
-			NULL);
-    if (ret)
-	goto out2;
-
-    len = 6 + ap_req_data.length + krb_priv_data.length;
-    p = header;
-    *p++ = (len >> 8) & 0xFF;
-    *p++ = (len >> 0) & 0xFF;
-    *p++ = 0;
-    *p++ = 1;
-    *p++ = (ap_req_data.length >> 8) & 0xFF;
-    *p++ = (ap_req_data.length >> 0) & 0xFF;
-
-    memset(&msghdr, 0, sizeof(msghdr));
-    msghdr.msg_name       = NULL;
-    msghdr.msg_namelen    = 0;
-    msghdr.msg_iov        = iov;
-    msghdr.msg_iovlen     = sizeof(iov)/sizeof(*iov);
-#if 0
-    msghdr.msg_control    = NULL;
-    msghdr.msg_controllen = 0;
-#endif
-
-    iov[0].iov_base    = (void*)header;
-    iov[0].iov_len     = 6;
-    iov[1].iov_base    = ap_req_data.data;
-    iov[1].iov_len     = ap_req_data.length;
-    iov[2].iov_base    = krb_priv_data.data;
-    iov[2].iov_len     = krb_priv_data.length;
-
-    if (sendmsg (sock, &msghdr, 0) < 0) {
-	ret = errno;
-	krb5_set_error_string(context, "sendmsg %s: %s", host, strerror(ret));
-    }
-
-    krb5_data_free (&krb_priv_data);
-out2:
-    krb5_data_free (&ap_req_data);
-    return ret;
-}
-
-/*
- * Set password protocol as defined by RFC3244 --
- * Microsoft Windows 2000 Kerberos Change Password and Set Password Protocols
- */
-
-static krb5_error_code
-setpw_send_request (krb5_context context,
-		    krb5_auth_context *auth_context,
-		    krb5_creds *creds,
-		    krb5_principal targprinc,
-		    int is_stream,
-		    int sock,
-		    const char *passwd,
-		    const char *host)
-{
-    krb5_error_code ret;
-    krb5_data ap_req_data;
-    krb5_data krb_priv_data;
-    krb5_data pwd_data;
-    ChangePasswdDataMS chpw;
-    size_t len;
-    u_char header[4 + 6];
-    u_char *p;
-    struct iovec iov[3];
-    struct msghdr msghdr;
-
-    krb5_data_zero (&ap_req_data);
-
-    ret = krb5_mk_req_extended (context,
-				auth_context,
-				AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SUBKEY,
-				NULL, /* in_data */
-				creds,
-				&ap_req_data);
-    if (ret)
-	return ret;
-
-    chpw.newpasswd.length = strlen(passwd);
-    chpw.newpasswd.data = rk_UNCONST(passwd);
-    if (targprinc) {
-	chpw.targname = &targprinc->name;
-	chpw.targrealm = &targprinc->realm;
-    } else {
-	chpw.targname = NULL;
-	chpw.targrealm = NULL;
-    }
-	
-    ASN1_MALLOC_ENCODE(ChangePasswdDataMS, pwd_data.data, pwd_data.length,
-		       &chpw, &len, ret);
-    if (ret) {
-	krb5_data_free (&ap_req_data);
-	return ret;
-    }
-
-    if(pwd_data.length != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-
-    ret = krb5_mk_priv (context,
-			*auth_context,
-			&pwd_data,
-			&krb_priv_data,
-			NULL);
-    if (ret)
-	goto out2;
-
-    len = 6 + ap_req_data.length + krb_priv_data.length;
-    p = header;
-    if (is_stream) {
-	_krb5_put_int(p, len, 4);
-	p += 4;
-    }
-    *p++ = (len >> 8) & 0xFF;
-    *p++ = (len >> 0) & 0xFF;
-    *p++ = 0xff;
-    *p++ = 0x80;
-    *p++ = (ap_req_data.length >> 8) & 0xFF;
-    *p++ = (ap_req_data.length >> 0) & 0xFF;
-
-    memset(&msghdr, 0, sizeof(msghdr));
-    msghdr.msg_name       = NULL;
-    msghdr.msg_namelen    = 0;
-    msghdr.msg_iov        = iov;
-    msghdr.msg_iovlen     = sizeof(iov)/sizeof(*iov);
-#if 0
-    msghdr.msg_control    = NULL;
-    msghdr.msg_controllen = 0;
-#endif
-
-    iov[0].iov_base    = (void*)header;
-    if (is_stream)
-	iov[0].iov_len     = 10;
-    else
-	iov[0].iov_len     = 6;
-    iov[1].iov_base    = ap_req_data.data;
-    iov[1].iov_len     = ap_req_data.length;
-    iov[2].iov_base    = krb_priv_data.data;
-    iov[2].iov_len     = krb_priv_data.length;
-
-    if (sendmsg (sock, &msghdr, 0) < 0) {
-	ret = errno;
-	krb5_set_error_string(context, "sendmsg %s: %s", host, strerror(ret));
-    }
-
-    krb5_data_free (&krb_priv_data);
-out2:
-    krb5_data_free (&ap_req_data);
-    krb5_data_free (&pwd_data);
-    return ret;
-}
-
-static krb5_error_code
-process_reply (krb5_context context,
-	       krb5_auth_context auth_context,
-	       int is_stream,
-	       int sock,
-	       int *result_code,
-	       krb5_data *result_code_string,
-	       krb5_data *result_string,
-	       const char *host)
-{
-    krb5_error_code ret;
-    u_char reply[1024 * 3];
-    ssize_t len;
-    uint16_t pkt_len, pkt_ver;
-    krb5_data ap_rep_data;
-    int save_errno;
-
-    len = 0;
-    if (is_stream) {
-	while (len < sizeof(reply)) {
-	    unsigned long size;
-
-	    ret = recvfrom (sock, reply + len, sizeof(reply) - len, 
-			    0, NULL, NULL);
-	    if (ret < 0) {
-		save_errno = errno;
-		krb5_set_error_string(context, "recvfrom %s: %s",
-				      host, strerror(save_errno));
-		return save_errno;
-	    } else if (ret == 0) {
-		krb5_set_error_string(context, "recvfrom timeout %s", host);
-		return 1;
-	    }
-	    len += ret;
-	    if (len < 4)
-		continue;
-	    _krb5_get_int(reply, &size, 4);
-	    if (size + 4 < len)
-		continue;
-	    memmove(reply, reply + 4, size);		
-	    len = size;
-	    break;
-	}
-	if (len == sizeof(reply)) {
-	    krb5_set_error_string(context, "message too large from %s",
-				  host);
-	    return ENOMEM;
-	}
-    } else {
-	ret = recvfrom (sock, reply, sizeof(reply), 0, NULL, NULL);
-	if (ret < 0) {
-	    save_errno = errno;
-	    krb5_set_error_string(context, "recvfrom %s: %s",
-				  host, strerror(save_errno));
-	    return save_errno;
-	}
-	len = ret;
-    }
-
-    if (len < 6) {
-	str2data (result_string, "server %s sent to too short message "
-		  "(%ld bytes)", host, (long)len);
-	*result_code = KRB5_KPASSWD_MALFORMED;
-	return 0;
-    }
-
-    pkt_len = (reply[0] << 8) | (reply[1]);
-    pkt_ver = (reply[2] << 8) | (reply[3]);
-
-    if ((pkt_len != len) || (reply[1] == 0x7e || reply[1] == 0x5e)) {
-	KRB_ERROR error;
-	size_t size;
-	u_char *p;
-
-	memset(&error, 0, sizeof(error));
-
-	ret = decode_KRB_ERROR(reply, len, &error, &size);
-	if (ret)
-	    return ret;
-
-	if (error.e_data->length < 2) {
-	    str2data(result_string, "server %s sent too short "
-		     "e_data to print anything usable", host);
-	    free_KRB_ERROR(&error);
-	    *result_code = KRB5_KPASSWD_MALFORMED;
-	    return 0;
-	}
-
-	p = error.e_data->data;
-	*result_code = (p[0] << 8) | p[1];
-	if (error.e_data->length == 2)
-	    str2data(result_string, "server only sent error code");
-	else 
-	    krb5_data_copy (result_string,
-			    p + 2,
-			    error.e_data->length - 2);
-	free_KRB_ERROR(&error);
-	return 0;
-    }
-
-    if (pkt_len != len) {
-	str2data (result_string, "client: wrong len in reply");
-	*result_code = KRB5_KPASSWD_MALFORMED;
-	return 0;
-    }
-    if (pkt_ver != KRB5_KPASSWD_VERS_CHANGEPW) {
-	str2data (result_string,
-		  "client: wrong version number (%d)", pkt_ver);
-	*result_code = KRB5_KPASSWD_MALFORMED;
-	return 0;
-    }
-
-    ap_rep_data.data = reply + 6;
-    ap_rep_data.length  = (reply[4] << 8) | (reply[5]);
-  
-    if (reply + len < (u_char *)ap_rep_data.data + ap_rep_data.length) {
-	str2data (result_string, "client: wrong AP len in reply");
-	*result_code = KRB5_KPASSWD_MALFORMED;
-	return 0;
-    }
-
-    if (ap_rep_data.length) {
-	krb5_ap_rep_enc_part *ap_rep;
-	krb5_data priv_data;
-	u_char *p;
-
-	priv_data.data   = (u_char*)ap_rep_data.data + ap_rep_data.length;
-	priv_data.length = len - ap_rep_data.length - 6;
-
-	ret = krb5_rd_rep (context,
-			   auth_context,
-			   &ap_rep_data,
-			   &ap_rep);
-	if (ret)
-	    return ret;
-
-	krb5_free_ap_rep_enc_part (context, ap_rep);
-
-	ret = krb5_rd_priv (context,
-			    auth_context,
-			    &priv_data,
-			    result_code_string,
-			    NULL);
-	if (ret) {
-	    krb5_data_free (result_code_string);
-	    return ret;
-	}
-
-	if (result_code_string->length < 2) {
-	    *result_code = KRB5_KPASSWD_MALFORMED;
-	    str2data (result_string,
-		      "client: bad length in result");
-	    return 0;
-	}
-
-        p = result_code_string->data;
-      
-        *result_code = (p[0] << 8) | p[1];
-        krb5_data_copy (result_string,
-                        (unsigned char*)result_code_string->data + 2,
-                        result_code_string->length - 2);
-        return 0;
-    } else {
-	KRB_ERROR error;
-	size_t size;
-	u_char *p;
-      
-	ret = decode_KRB_ERROR(reply + 6, len - 6, &error, &size);
-	if (ret) {
-	    return ret;
-	}
-	if (error.e_data->length < 2) {
-	    krb5_warnx (context, "too short e_data to print anything usable");
-	    return 1;		/* XXX */
-	}
-
-	p = error.e_data->data;
-	*result_code = (p[0] << 8) | p[1];
-	krb5_data_copy (result_string,
-			p + 2,
-			error.e_data->length - 2);
-	return 0;
-    }
-}
-
-
-/*
- * change the password using the credentials in `creds' (for the
- * principal indicated in them) to `newpw', storing the result of
- * the operation in `result_*' and an error code or 0.
- */
-
-typedef krb5_error_code (*kpwd_send_request) (krb5_context,
-					      krb5_auth_context *,
-					      krb5_creds *,
-					      krb5_principal,
-					      int,
-					      int,
-					      const char *,
-					      const char *);
-typedef krb5_error_code (*kpwd_process_reply) (krb5_context,
-					       krb5_auth_context,
-					       int,
-					       int,
-					       int *,
-					       krb5_data *,
-					       krb5_data *,
-					       const char *);
-
-static struct kpwd_proc {
-    const char *name;
-    int flags;
-#define SUPPORT_TCP	1
-#define SUPPORT_UDP	2
-    kpwd_send_request send_req;
-    kpwd_process_reply process_rep;
-} procs[] = {
-    {
-	"MS set password", 
-	SUPPORT_TCP|SUPPORT_UDP,
-	setpw_send_request, 
-	process_reply
-    },
-    {
-	"change password",
-	SUPPORT_UDP,
-	chgpw_send_request,
-	process_reply
-    },
-    { NULL }
-};
-
-static struct kpwd_proc *
-find_chpw_proto(const char *name)
-{
-    struct kpwd_proc *p;
-    for (p = procs; p->name != NULL; p++) {
-	if (strcmp(p->name, name) == 0)
-	    return p;
-    }
-    return NULL;
-}
-
-/*
- *
- */
-
-static krb5_error_code
-change_password_loop (krb5_context	context,
-		      krb5_creds	*creds,
-		      krb5_principal	targprinc,
-		      const char	*newpw,
-		      int		*result_code,
-		      krb5_data		*result_code_string,
-		      krb5_data		*result_string,
-		      struct kpwd_proc	*proc)
-{
-    krb5_error_code ret;
-    krb5_auth_context auth_context = NULL;
-    krb5_krbhst_handle handle = NULL;
-    krb5_krbhst_info *hi;
-    int sock;
-    int i;
-    int done = 0;
-    krb5_realm realm;
-
-    if (targprinc)
-	realm = targprinc->realm;
-    else
-	realm = creds->client->realm;
-
-    ret = krb5_auth_con_init (context, &auth_context);
-    if (ret)
-	return ret;
-
-    krb5_auth_con_setflags (context, auth_context,
-			    KRB5_AUTH_CONTEXT_DO_SEQUENCE);
-
-    ret = krb5_krbhst_init (context, realm, KRB5_KRBHST_CHANGEPW, &handle);
-    if (ret)
-	goto out;
-
-    while (!done && (ret = krb5_krbhst_next(context, handle, &hi)) == 0) {
-	struct addrinfo *ai, *a;
-	int is_stream;
-
-	switch (hi->proto) {
-	case KRB5_KRBHST_UDP:
-	    if ((proc->flags & SUPPORT_UDP) == 0)
-		continue;
-	    is_stream = 0;
-	    break;
-	case KRB5_KRBHST_TCP:
-	    if ((proc->flags & SUPPORT_TCP) == 0)
-		continue;
-	    is_stream = 1;
-	    break;
-	default:
-	    continue;
-	}
-
-	ret = krb5_krbhst_get_addrinfo(context, hi, &ai);
-	if (ret)
-	    continue;
-
-	for (a = ai; !done && a != NULL; a = a->ai_next) {
-	    int replied = 0;
-
-	    sock = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
-	    if (sock < 0)
-		continue;
-
-	    ret = connect(sock, a->ai_addr, a->ai_addrlen);
-	    if (ret < 0) {
-		close (sock);
-		goto out;
-	    }
-
-	    ret = krb5_auth_con_genaddrs (context, auth_context, sock,
-					  KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR);
-	    if (ret) {
-		close (sock);
-		goto out;
-	    }
-
-	    for (i = 0; !done && i < 5; ++i) {
-		fd_set fdset;
-		struct timeval tv;
-
-		if (!replied) {
-		    replied = 0;
-		    
-		    ret = (*proc->send_req) (context,
-					     &auth_context,
-					     creds,
-					     targprinc,
-					     is_stream,
-					     sock,
-					     newpw,
-					     hi->hostname);
-		    if (ret) {
-			close(sock);
-			goto out;
-		    }
-		}
-	    
-		if (sock >= FD_SETSIZE) {
-		    krb5_set_error_string(context, "fd %d too large", sock);
-		    ret = ERANGE;
-		    close (sock);
-		    goto out;
-		}
-
-		FD_ZERO(&fdset);
-		FD_SET(sock, &fdset);
-		tv.tv_usec = 0;
-		tv.tv_sec  = 1 + (1 << i);
-
-		ret = select (sock + 1, &fdset, NULL, NULL, &tv);
-		if (ret < 0 && errno != EINTR) {
-		    close(sock);
-		    goto out;
-		}
-		if (ret == 1) {
-		    ret = (*proc->process_rep) (context,
-						auth_context,
-						is_stream,
-						sock,
-						result_code,
-						result_code_string,
-						result_string,
-						hi->hostname);
-		    if (ret == 0)
-			done = 1;
-		    else if (i > 0 && ret == KRB5KRB_AP_ERR_MUT_FAIL)
-			replied = 1;
-		} else {
-		    ret = KRB5_KDC_UNREACH;
-		}
-	    }
-	    close (sock);
-	}
-    }
-
- out:
-    krb5_krbhst_free (context, handle);
-    krb5_auth_con_free (context, auth_context);
-    if (done)
-	return 0;
-    else {
-	if (ret == KRB5_KDC_UNREACH) {
-	    krb5_set_error_string(context,
-				  "unable to reach any changepw server "
-				  " in realm %s", realm);
-	    *result_code = KRB5_KPASSWD_HARDERROR;
-	}
-	return ret;
-    }
-}
-
-
-/*
- * change the password using the credentials in `creds' (for the
- * principal indicated in them) to `newpw', storing the result of
- * the operation in `result_*' and an error code or 0.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_change_password (krb5_context	context,
-		      krb5_creds	*creds,
-		      const char	*newpw,
-		      int		*result_code,
-		      krb5_data		*result_code_string,
-		      krb5_data		*result_string)
-{
-    struct kpwd_proc *p = find_chpw_proto("change password");
-
-    *result_code = KRB5_KPASSWD_MALFORMED;
-    result_code_string->data = result_string->data = NULL;
-    result_code_string->length = result_string->length = 0;
-
-    if (p == NULL)
-	return KRB5_KPASSWD_MALFORMED;
-
-    return change_password_loop(context, creds, NULL, newpw, 
-				result_code, result_code_string, 
-				result_string, p);
-}
-
-/*
- *
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_password(krb5_context context,
-		  krb5_creds *creds,
-		  const char *newpw,
-		  krb5_principal targprinc,
-		  int *result_code,
-		  krb5_data *result_code_string,
-		  krb5_data *result_string)
-{
-    krb5_principal principal = NULL;
-    krb5_error_code ret = 0;
-    int i;
-
-    *result_code = KRB5_KPASSWD_MALFORMED;
-    result_code_string->data = result_string->data = NULL;
-    result_code_string->length = result_string->length = 0;
-
-    if (targprinc == NULL) {
-	ret = krb5_get_default_principal(context, &principal);
-	if (ret)
-	    return ret;
-    } else
-	principal = targprinc;
-
-    for (i = 0; procs[i].name != NULL; i++) {
-	*result_code = 0;
-	ret = change_password_loop(context, creds, principal, newpw, 
-				   result_code, result_code_string, 
-				   result_string, 
-				   &procs[i]);
-	if (ret == 0 && *result_code == 0)
-	    break;
-    }
-
-    if (targprinc == NULL)
-	krb5_free_principal(context, principal);
-    return ret;
-}
-
-/*
- *
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_password_using_ccache(krb5_context context,
-			       krb5_ccache ccache,
-			       const char *newpw,
-			       krb5_principal targprinc,
-			       int *result_code,
-			       krb5_data *result_code_string,
-			       krb5_data *result_string)
-{
-    krb5_creds creds, *credsp;
-    krb5_error_code ret;
-    krb5_principal principal = NULL;
-
-    *result_code = KRB5_KPASSWD_MALFORMED;
-    result_code_string->data = result_string->data = NULL;
-    result_code_string->length = result_string->length = 0;
-
-    memset(&creds, 0, sizeof(creds));
-
-    if (targprinc == NULL) {
-	ret = krb5_cc_get_principal(context, ccache, &principal);
-	if (ret)
-	    return ret;
-    } else
-	principal = targprinc;
-
-    ret = krb5_make_principal(context, &creds.server, 
-			      krb5_principal_get_realm(context, principal),
-			      "kadmin", "changepw", NULL);
-    if (ret)
-	goto out;
-
-    ret = krb5_cc_get_principal(context, ccache, &creds.client);
-    if (ret) {
-        krb5_free_principal(context, creds.server);
-	goto out;
-    }
-
-    ret = krb5_get_credentials(context, 0, ccache, &creds, &credsp);
-    krb5_free_principal(context, creds.server);
-    krb5_free_principal(context, creds.client);
-    if (ret)
-	goto out;
-
-    ret = krb5_set_password(context,
-			    credsp,
-			    newpw,
-			    principal,
-			    result_code,
-			    result_code_string,
-			    result_string);
-
-    krb5_free_creds(context, credsp); 
-
-    return ret;
- out:
-    if (targprinc == NULL)
-	krb5_free_principal(context, principal);
-    return ret;
-}
-
-/*
- *
- */
-
-const char* KRB5_LIB_FUNCTION
-krb5_passwd_result_to_string (krb5_context context,
-			      int result)
-{
-    static const char *strings[] = {
-	"Success",
-	"Malformed",
-	"Hard error",
-	"Auth error",
-	"Soft error" ,
-	"Access denied",
-	"Bad version",
-	"Initial flag needed"
-    };
-
-    if (result < 0 || result > KRB5_KPASSWD_INITIAL_FLAG_NEEDED)
-	return "unknown result code";
-    else
-	return strings[result];
-}
diff --git a/crypto/heimdal/lib/krb5/codec.c b/crypto/heimdal/lib/krb5/codec.c
deleted file mode 100644
index 0d36b4b44268..000000000000
--- a/crypto/heimdal/lib/krb5/codec.c
+++ /dev/null
@@ -1,196 +0,0 @@
-/*
- * Copyright (c) 1998 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: codec.c 13863 2004-05-25 21:46:46Z lha $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decode_EncTicketPart (krb5_context context,
-			   const void *data,
-			   size_t length,
-			   EncTicketPart *t,
-			   size_t *len)
-{
-    return decode_EncTicketPart(data, length, t, len);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encode_EncTicketPart (krb5_context context,
-			   void *data,
-			   size_t length,
-			   EncTicketPart *t,
-			   size_t *len)
-{
-    return encode_EncTicketPart(data, length, t, len);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decode_EncASRepPart (krb5_context context,
-			  const void *data,
-			  size_t length,
-			  EncASRepPart *t,
-			  size_t *len)
-{
-    return decode_EncASRepPart(data, length, t, len);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encode_EncASRepPart (krb5_context context,
-			  void *data,
-			  size_t length,
-			  EncASRepPart *t,
-			  size_t *len)
-{
-    return encode_EncASRepPart(data, length, t, len);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decode_EncTGSRepPart (krb5_context context,
-			   const void *data,
-			   size_t length,
-			   EncTGSRepPart *t,
-			   size_t *len)
-{
-    return decode_EncTGSRepPart(data, length, t, len);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encode_EncTGSRepPart (krb5_context context,
-			   void *data,
-			   size_t length,
-			   EncTGSRepPart *t,
-			   size_t *len)
-{
-    return encode_EncTGSRepPart(data, length, t, len);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decode_EncAPRepPart (krb5_context context,
-			  const void *data,
-			  size_t length,
-			  EncAPRepPart *t,
-			  size_t *len)
-{
-    return decode_EncAPRepPart(data, length, t, len);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encode_EncAPRepPart (krb5_context context,
-			  void *data,
-			  size_t length,
-			  EncAPRepPart *t,
-			  size_t *len)
-{
-    return encode_EncAPRepPart(data, length, t, len);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decode_Authenticator (krb5_context context,
-			   const void *data,
-			   size_t length,
-			   Authenticator *t,
-			   size_t *len)
-{
-    return decode_Authenticator(data, length, t, len);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encode_Authenticator (krb5_context context,
-			   void *data,
-			   size_t length,
-			   Authenticator *t,
-			   size_t *len)
-{
-    return encode_Authenticator(data, length, t, len);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decode_EncKrbCredPart (krb5_context context,
-			    const void *data,
-			    size_t length,
-			    EncKrbCredPart *t,
-			    size_t *len)
-{
-    return decode_EncKrbCredPart(data, length, t, len);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encode_EncKrbCredPart (krb5_context context,
-			    void *data,
-			    size_t length,
-			    EncKrbCredPart *t,
-			    size_t *len)
-{
-    return encode_EncKrbCredPart (data, length, t, len);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decode_ETYPE_INFO (krb5_context context,
-			const void *data,
-			size_t length,
-			ETYPE_INFO *t,
-			size_t *len)
-{
-    return decode_ETYPE_INFO(data, length, t, len);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encode_ETYPE_INFO (krb5_context context,
-			void *data,
-			size_t length,
-			ETYPE_INFO *t,
-			size_t *len)
-{
-    return encode_ETYPE_INFO (data, length, t, len);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decode_ETYPE_INFO2 (krb5_context context,
-			const void *data,
-			size_t length,
-			ETYPE_INFO2 *t,
-			size_t *len)
-{
-    return decode_ETYPE_INFO2(data, length, t, len);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encode_ETYPE_INFO2 (krb5_context context,
-			 void *data,
-			 size_t length,
-			 ETYPE_INFO2 *t,
-			 size_t *len)
-{
-    return encode_ETYPE_INFO2 (data, length, t, len);
-}
diff --git a/crypto/heimdal/lib/krb5/config_file.c b/crypto/heimdal/lib/krb5/config_file.c
deleted file mode 100644
index ac5eba39dcff..000000000000
--- a/crypto/heimdal/lib/krb5/config_file.c
+++ /dev/null
@@ -1,771 +0,0 @@
-/*
- * Copyright (c) 1997 - 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-RCSID("$Id: config_file.c 19213 2006-12-04 23:36:36Z lha $");
-
-#ifndef HAVE_NETINFO
-
-/* Gaah! I want a portable funopen */
-struct fileptr {
-    const char *s;
-    FILE *f;
-};
-
-static char *
-config_fgets(char *str, size_t len, struct fileptr *ptr)
-{
-    /* XXX this is not correct, in that they don't do the same if the
-       line is longer than len */
-    if(ptr->f != NULL)
-	return fgets(str, len, ptr->f);
-    else {
-	/* this is almost strsep_copy */
-	const char *p;
-	ssize_t l;
-	if(*ptr->s == '\0')
-	    return NULL;
-	p = ptr->s + strcspn(ptr->s, "\n");
-	if(*p == '\n')
-	    p++;
-	l = min(len, p - ptr->s);
-	if(len > 0) {
-	    memcpy(str, ptr->s, l);
-	    str[l] = '\0';
-	}
-	ptr->s = p;
-	return str;
-    }
-}
-
-static krb5_error_code parse_section(char *p, krb5_config_section **s,
-				     krb5_config_section **res,
-				     const char **error_message);
-static krb5_error_code parse_binding(struct fileptr *f, unsigned *lineno, char *p,
-				     krb5_config_binding **b,
-				     krb5_config_binding **parent,
-				     const char **error_message);
-static krb5_error_code parse_list(struct fileptr *f, unsigned *lineno,
-				  krb5_config_binding **parent,
-				  const char **error_message);
-
-static krb5_config_section *
-get_entry(krb5_config_section **parent, const char *name, int type)
-{
-    krb5_config_section **q;
-
-    for(q = parent; *q != NULL; q = &(*q)->next)
-	if(type == krb5_config_list && 
-	   type == (*q)->type &&
-	   strcmp(name, (*q)->name) == 0)
-	    return *q;
-    *q = calloc(1, sizeof(**q));
-    if(*q == NULL)
-	return NULL;
-    (*q)->name = strdup(name);
-    (*q)->type = type;
-    if((*q)->name == NULL) {
-	free(*q);
-	*q = NULL;
-	return NULL;
-    }
-    return *q;
-}
-
-/*
- * Parse a section:
- *
- * [section]
- *	foo = bar
- *	b = {
- *		a
- *	    }
- * ...
- * 
- * starting at the line in `p', storing the resulting structure in
- * `s' and hooking it into `parent'.
- * Store the error message in `error_message'.
- */
-
-static krb5_error_code
-parse_section(char *p, krb5_config_section **s, krb5_config_section **parent,
-	      const char **error_message)
-{
-    char *p1;
-    krb5_config_section *tmp;
-
-    p1 = strchr (p + 1, ']');
-    if (p1 == NULL) {
-	*error_message = "missing ]";
-	return KRB5_CONFIG_BADFORMAT;
-    }
-    *p1 = '\0';
-    tmp = get_entry(parent, p + 1, krb5_config_list);
-    if(tmp == NULL) {
-	*error_message = "out of memory";
-	return KRB5_CONFIG_BADFORMAT;
-    }
-    *s = tmp;
-    return 0;
-}
-
-/*
- * Parse a brace-enclosed list from `f', hooking in the structure at
- * `parent'.
- * Store the error message in `error_message'.
- */
-
-static krb5_error_code
-parse_list(struct fileptr *f, unsigned *lineno, krb5_config_binding **parent,
-	   const char **error_message)
-{
-    char buf[BUFSIZ];
-    krb5_error_code ret;
-    krb5_config_binding *b = NULL;
-    unsigned beg_lineno = *lineno;
-
-    while(config_fgets(buf, sizeof(buf), f) != NULL) {
-	char *p;
-
-	++*lineno;
-	buf[strcspn(buf, "\r\n")] = '\0';
-	p = buf;
-	while(isspace((unsigned char)*p))
-	    ++p;
-	if (*p == '#' || *p == ';' || *p == '\0')
-	    continue;
-	while(isspace((unsigned char)*p))
-	    ++p;
-	if (*p == '}')
-	    return 0;
-	if (*p == '\0')
-	    continue;
-	ret = parse_binding (f, lineno, p, &b, parent, error_message);
-	if (ret)
-	    return ret;
-    }
-    *lineno = beg_lineno;
-    *error_message = "unclosed {";
-    return KRB5_CONFIG_BADFORMAT;
-}
-
-/*
- *
- */
-
-static krb5_error_code
-parse_binding(struct fileptr *f, unsigned *lineno, char *p,
-	      krb5_config_binding **b, krb5_config_binding **parent,
-	      const char **error_message)
-{
-    krb5_config_binding *tmp;
-    char *p1, *p2;
-    krb5_error_code ret = 0;
-
-    p1 = p;
-    while (*p && *p != '=' && !isspace((unsigned char)*p))
-	++p;
-    if (*p == '\0') {
-	*error_message = "missing =";
-	return KRB5_CONFIG_BADFORMAT;
-    }
-    p2 = p;
-    while (isspace((unsigned char)*p))
-	++p;
-    if (*p != '=') {
-	*error_message = "missing =";
-	return KRB5_CONFIG_BADFORMAT;
-    }
-    ++p;
-    while(isspace((unsigned char)*p))
-	++p;
-    *p2 = '\0';
-    if (*p == '{') {
-	tmp = get_entry(parent, p1, krb5_config_list);
-	if (tmp == NULL) {
-	    *error_message = "out of memory";
-	    return KRB5_CONFIG_BADFORMAT;
-	}
-	ret = parse_list (f, lineno, &tmp->u.list, error_message);
-    } else {
-	tmp = get_entry(parent, p1, krb5_config_string);
-	if (tmp == NULL) {
-	    *error_message = "out of memory";
-	    return KRB5_CONFIG_BADFORMAT;
-	}
-	p1 = p;
-	p = p1 + strlen(p1);
-	while(p > p1 && isspace((unsigned char)*(p-1)))
-	    --p;
-	*p = '\0';
-	tmp->u.string = strdup(p1);
-    }
-    *b = tmp;
-    return ret;
-}
-
-/*
- * Parse the config file `fname', generating the structures into `res'
- * returning error messages in `error_message'
- */
-
-static krb5_error_code
-krb5_config_parse_debug (struct fileptr *f,
-			 krb5_config_section **res,
-			 unsigned *lineno,
-			 const char **error_message)
-{
-    krb5_config_section *s = NULL;
-    krb5_config_binding *b = NULL;
-    char buf[BUFSIZ];
-    krb5_error_code ret;
-
-    while (config_fgets(buf, sizeof(buf), f) != NULL) {
-	char *p;
-
-	++*lineno;
-	buf[strcspn(buf, "\r\n")] = '\0';
-	p = buf;
-	while(isspace((unsigned char)*p))
-	    ++p;
-	if (*p == '#' || *p == ';')
-	    continue;
-	if (*p == '[') {
-	    ret = parse_section(p, &s, res, error_message);
-	    if (ret) 
-		return ret;
-	    b = NULL;
-	} else if (*p == '}') {
-	    *error_message = "unmatched }";
-	    return EINVAL;	/* XXX */
-	} else if(*p != '\0') {
-	    if (s == NULL) {
-		*error_message = "binding before section";
-		return EINVAL;
-	    }
-	    ret = parse_binding(f, lineno, p, &b, &s->u.list, error_message);
-	    if (ret)
-		return ret;
-	}
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_config_parse_string_multi(krb5_context context,
-			       const char *string,
-			       krb5_config_section **res)
-{
-    const char *str;
-    unsigned lineno = 0;
-    krb5_error_code ret;
-    struct fileptr f;
-    f.f = NULL;
-    f.s = string;
-
-    ret = krb5_config_parse_debug (&f, res, &lineno, &str);
-    if (ret) {
-	krb5_set_error_string (context, "%s:%u: %s", "<constant>", lineno, str);
-	return ret;
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_config_parse_file_multi (krb5_context context,
-			      const char *fname,
-			      krb5_config_section **res)
-{
-    const char *str;
-    unsigned lineno = 0;
-    krb5_error_code ret;
-    struct fileptr f;
-    f.f = fopen(fname, "r");
-    f.s = NULL;
-    if(f.f == NULL) {
-	ret = errno;
-	krb5_set_error_string (context, "open %s: %s", fname, strerror(ret));
-	return ret;
-    }
-
-    ret = krb5_config_parse_debug (&f, res, &lineno, &str);
-    fclose(f.f);
-    if (ret) {
-	krb5_set_error_string (context, "%s:%u: %s", fname, lineno, str);
-	return ret;
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_config_parse_file (krb5_context context,
-			const char *fname,
-			krb5_config_section **res)
-{
-    *res = NULL;
-    return krb5_config_parse_file_multi(context, fname, res);
-}
-
-#endif /* !HAVE_NETINFO */
-
-static void
-free_binding (krb5_context context, krb5_config_binding *b)
-{
-    krb5_config_binding *next_b;
-
-    while (b) {
-	free (b->name);
-	if (b->type == krb5_config_string)
-	    free (b->u.string);
-	else if (b->type == krb5_config_list)
-	    free_binding (context, b->u.list);
-	else
-	    krb5_abortx(context, "unknown binding type (%d) in free_binding", 
-			b->type);
-	next_b = b->next;
-	free (b);
-	b = next_b;
-    }
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_config_file_free (krb5_context context, krb5_config_section *s)
-{
-    free_binding (context, s);
-    return 0;
-}
-
-const void *
-krb5_config_get_next (krb5_context context,
-		      const krb5_config_section *c,
-		      const krb5_config_binding **pointer,
-		      int type,
-		      ...)
-{
-    const char *ret;
-    va_list args;
-
-    va_start(args, type);
-    ret = krb5_config_vget_next (context, c, pointer, type, args);
-    va_end(args);
-    return ret;
-}
-
-static const void *
-vget_next(krb5_context context,
-	  const krb5_config_binding *b,
-	  const krb5_config_binding **pointer,
-	  int type,
-	  const char *name,
-	  va_list args)
-{
-    const char *p = va_arg(args, const char *);
-    while(b != NULL) {
-	if(strcmp(b->name, name) == 0) {
-	    if(b->type == type && p == NULL) {
-		*pointer = b;
-		return b->u.generic;
-	    } else if(b->type == krb5_config_list && p != NULL) {
-		return vget_next(context, b->u.list, pointer, type, p, args);
-	    }
-	}
-	b = b->next;
-    }
-    return NULL;
-}
-
-const void *
-krb5_config_vget_next (krb5_context context,
-		       const krb5_config_section *c,
-		       const krb5_config_binding **pointer,
-		       int type,
-		       va_list args)
-{
-    const krb5_config_binding *b;
-    const char *p;
-
-    if(c == NULL)
-	c = context->cf;
-
-    if (c == NULL)
-	return NULL;
-
-    if (*pointer == NULL) {
-	/* first time here, walk down the tree looking for the right
-           section */
-	p = va_arg(args, const char *);
-	if (p == NULL)
-	    return NULL;
-	return vget_next(context, c, pointer, type, p, args);
-    }
-
-    /* we were called again, so just look for more entries with the
-       same name and type */
-    for (b = (*pointer)->next; b != NULL; b = b->next) {
-	if(strcmp(b->name, (*pointer)->name) == 0 && b->type == type) {
-	    *pointer = b;
-	    return b->u.generic;
-	}
-    }
-    return NULL;
-}
-
-const void *
-krb5_config_get (krb5_context context,
-		 const krb5_config_section *c,
-		 int type,
-		 ...)
-{
-    const void *ret;
-    va_list args;
-
-    va_start(args, type);
-    ret = krb5_config_vget (context, c, type, args);
-    va_end(args);
-    return ret;
-}
-
-const void *
-krb5_config_vget (krb5_context context,
-		  const krb5_config_section *c,
-		  int type,
-		  va_list args)
-{
-    const krb5_config_binding *foo = NULL;
-
-    return krb5_config_vget_next (context, c, &foo, type, args);
-}
-
-const krb5_config_binding *
-krb5_config_get_list (krb5_context context,
-		      const krb5_config_section *c,
-		      ...)
-{
-    const krb5_config_binding *ret;
-    va_list args;
-
-    va_start(args, c);
-    ret = krb5_config_vget_list (context, c, args);
-    va_end(args);
-    return ret;
-}
-
-const krb5_config_binding *
-krb5_config_vget_list (krb5_context context,
-		       const krb5_config_section *c,
-		       va_list args)
-{
-    return krb5_config_vget (context, c, krb5_config_list, args);
-}
-
-const char* KRB5_LIB_FUNCTION
-krb5_config_get_string (krb5_context context,
-			const krb5_config_section *c,
-			...)
-{
-    const char *ret;
-    va_list args;
-
-    va_start(args, c);
-    ret = krb5_config_vget_string (context, c, args);
-    va_end(args);
-    return ret;
-}
-
-const char* KRB5_LIB_FUNCTION
-krb5_config_vget_string (krb5_context context,
-			 const krb5_config_section *c,
-			 va_list args)
-{
-    return krb5_config_vget (context, c, krb5_config_string, args);
-}
-
-const char* KRB5_LIB_FUNCTION
-krb5_config_vget_string_default (krb5_context context,
-				 const krb5_config_section *c,
-				 const char *def_value,
-				 va_list args)
-{
-    const char *ret;
-
-    ret = krb5_config_vget_string (context, c, args);
-    if (ret == NULL)
-	ret = def_value;
-    return ret;
-}
-
-const char* KRB5_LIB_FUNCTION
-krb5_config_get_string_default (krb5_context context,
-				const krb5_config_section *c,
-				const char *def_value,
-				...)
-{
-    const char *ret;
-    va_list args;
-
-    va_start(args, def_value);
-    ret = krb5_config_vget_string_default (context, c, def_value, args);
-    va_end(args);
-    return ret;
-}
-
-char ** KRB5_LIB_FUNCTION
-krb5_config_vget_strings(krb5_context context,
-			 const krb5_config_section *c,
-			 va_list args)
-{
-    char **strings = NULL;
-    int nstr = 0;
-    const krb5_config_binding *b = NULL;
-    const char *p;
-
-    while((p = krb5_config_vget_next(context, c, &b, 
-				     krb5_config_string, args))) {
-	char *tmp = strdup(p);
-	char *pos = NULL;
-	char *s;
-	if(tmp == NULL)
-	    goto cleanup;
-	s = strtok_r(tmp, " \t", &pos);
-	while(s){
-	    char **tmp2 = realloc(strings, (nstr + 1) * sizeof(*strings));
-	    if(tmp2 == NULL)
-		goto cleanup;
-	    strings = tmp2;
-	    strings[nstr] = strdup(s);
-	    nstr++;
-	    if(strings[nstr-1] == NULL)
-		goto cleanup;
-	    s = strtok_r(NULL, " \t", &pos);
-	}
-	free(tmp);
-    }
-    if(nstr){
-	char **tmp = realloc(strings, (nstr + 1) * sizeof(*strings));
-	if(tmp == NULL)
-	    goto cleanup;
-	strings = tmp;
-	strings[nstr] = NULL;
-    }
-    return strings;
-cleanup:
-    while(nstr--)
-	free(strings[nstr]);
-    free(strings);
-    return NULL;
-
-}
-
-char**
-krb5_config_get_strings(krb5_context context,
-			const krb5_config_section *c,
-			...)
-{
-    va_list ap;
-    char **ret;
-    va_start(ap, c);
-    ret = krb5_config_vget_strings(context, c, ap);
-    va_end(ap);
-    return ret;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_config_free_strings(char **strings)
-{
-    char **s = strings;
-    while(s && *s){
-	free(*s);
-	s++;
-    }
-    free(strings);
-}
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_config_vget_bool_default (krb5_context context,
-			       const krb5_config_section *c,
-			       krb5_boolean def_value,
-			       va_list args)
-{
-    const char *str;
-    str = krb5_config_vget_string (context, c, args);
-    if(str == NULL)
-	return def_value;
-    if(strcasecmp(str, "yes") == 0 ||
-       strcasecmp(str, "true") == 0 ||
-       atoi(str)) return TRUE;
-    return FALSE;
-}
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_config_vget_bool  (krb5_context context,
-			const krb5_config_section *c,
-			va_list args)
-{
-    return krb5_config_vget_bool_default (context, c, FALSE, args);
-}
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_config_get_bool_default (krb5_context context,
-			      const krb5_config_section *c,
-			      krb5_boolean def_value,
-			      ...)
-{
-    va_list ap;
-    krb5_boolean ret;
-    va_start(ap, def_value);
-    ret = krb5_config_vget_bool_default(context, c, def_value, ap);
-    va_end(ap);
-    return ret;
-}
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_config_get_bool (krb5_context context,
-		      const krb5_config_section *c,
-		      ...)
-{
-    va_list ap;
-    krb5_boolean ret;
-    va_start(ap, c);
-    ret = krb5_config_vget_bool (context, c, ap);
-    va_end(ap);
-    return ret;
-}
-
-int KRB5_LIB_FUNCTION
-krb5_config_vget_time_default (krb5_context context,
-			       const krb5_config_section *c,
-			       int def_value,
-			       va_list args)
-{
-    const char *str;
-    krb5_deltat t;
-
-    str = krb5_config_vget_string (context, c, args);
-    if(str == NULL)
-	return def_value;
-    if (krb5_string_to_deltat(str, &t))
-	return def_value;
-    return t;
-}
-
-int KRB5_LIB_FUNCTION
-krb5_config_vget_time  (krb5_context context,
-			const krb5_config_section *c,
-			va_list args)
-{
-    return krb5_config_vget_time_default (context, c, -1, args);
-}
-
-int KRB5_LIB_FUNCTION
-krb5_config_get_time_default (krb5_context context,
-			      const krb5_config_section *c,
-			      int def_value,
-			      ...)
-{
-    va_list ap;
-    int ret;
-    va_start(ap, def_value);
-    ret = krb5_config_vget_time_default(context, c, def_value, ap);
-    va_end(ap);
-    return ret;
-}
-
-int KRB5_LIB_FUNCTION
-krb5_config_get_time (krb5_context context,
-		      const krb5_config_section *c,
-		      ...)
-{
-    va_list ap;
-    int ret;
-    va_start(ap, c);
-    ret = krb5_config_vget_time (context, c, ap);
-    va_end(ap);
-    return ret;
-}
-
-
-int KRB5_LIB_FUNCTION
-krb5_config_vget_int_default (krb5_context context,
-			      const krb5_config_section *c,
-			      int def_value,
-			      va_list args)
-{
-    const char *str;
-    str = krb5_config_vget_string (context, c, args);
-    if(str == NULL)
-	return def_value;
-    else { 
-	char *endptr; 
-	long l; 
-	l = strtol(str, &endptr, 0); 
-	if (endptr == str) 
-	    return def_value; 
-	else 
-	    return l;
-    }
-}
-
-int KRB5_LIB_FUNCTION
-krb5_config_vget_int  (krb5_context context,
-		       const krb5_config_section *c,
-		       va_list args)
-{
-    return krb5_config_vget_int_default (context, c, -1, args);
-}
-
-int KRB5_LIB_FUNCTION
-krb5_config_get_int_default (krb5_context context,
-			     const krb5_config_section *c,
-			     int def_value,
-			     ...)
-{
-    va_list ap;
-    int ret;
-    va_start(ap, def_value);
-    ret = krb5_config_vget_int_default(context, c, def_value, ap);
-    va_end(ap);
-    return ret;
-}
-
-int KRB5_LIB_FUNCTION
-krb5_config_get_int (krb5_context context,
-		     const krb5_config_section *c,
-		     ...)
-{
-    va_list ap;
-    int ret;
-    va_start(ap, c);
-    ret = krb5_config_vget_int (context, c, ap);
-    va_end(ap);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/config_file_netinfo.c b/crypto/heimdal/lib/krb5/config_file_netinfo.c
deleted file mode 100644
index 1e01e7c5ffbc..000000000000
--- a/crypto/heimdal/lib/krb5/config_file_netinfo.c
+++ /dev/null
@@ -1,180 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-RCSID("$Id: config_file_netinfo.c 13863 2004-05-25 21:46:46Z lha $");
-
-/*
- * Netinfo implementation from Luke Howard <lukeh@xedoc.com.au>
- */
-
-#ifdef HAVE_NETINFO
-#include <netinfo/ni.h>
-static ni_status
-ni_proplist2binding(ni_proplist *pl, krb5_config_section **ret)
-{
-    int i, j;
-    krb5_config_section **next = NULL;
-
-    for (i = 0; i < pl->ni_proplist_len; i++) {
-	if (!strcmp(pl->nipl_val[i].nip_name, "name"))
-	    continue;
-
-	for (j = 0; j < pl->nipl_val[i].nip_val.ni_namelist_len; j++) {
-	    krb5_config_binding *b;
-
-	    b = malloc(sizeof(*b));
-	    if (b == NULL)
-		return NI_FAILED;
-	
-	    b->next = NULL;
-	    b->type = krb5_config_string;
-	    b->name = ni_name_dup(pl->nipl_val[i].nip_name);
-	    b->u.string = ni_name_dup(pl->nipl_val[i].nip_val.ninl_val[j]);
-
-	    if (next == NULL) {
-		*ret = b;
-	    } else {
-		*next = b;
-	    }
-	    next = &b->next;
-	}
-    }
-    return NI_OK;
-}
-
-static ni_status
-ni_idlist2binding(void *ni, ni_idlist *idlist, krb5_config_section **ret)
-{
-    int i;
-    ni_status nis;
-    krb5_config_section **next;
-
-    for (i = 0; i < idlist->ni_idlist_len; i++) {
-	ni_proplist pl;
-        ni_id nid;
-	ni_idlist children;
-	krb5_config_binding *b;
-	ni_index index;
-
-	nid.nii_instance = 0;
-	nid.nii_object = idlist->ni_idlist_val[i];
-
-	nis = ni_read(ni, &nid, &pl);
-
-	if (nis != NI_OK) {
-	     return nis;
-	}
-	index = ni_proplist_match(pl, "name", NULL);
-	b = malloc(sizeof(*b));
-	if (b == NULL) return NI_FAILED;
-
-	if (i == 0) {
-	    *ret = b;
-	} else {
-	    *next = b;
-	}
-
-	b->type = krb5_config_list;
-	b->name = ni_name_dup(pl.nipl_val[index].nip_val.ninl_val[0]);
-	b->next = NULL;
-	b->u.list = NULL;
-
-	/* get the child directories */
-	nis = ni_children(ni, &nid, &children);
-	if (nis == NI_OK) {
-	    nis = ni_idlist2binding(ni, &children, &b->u.list);
-	    if (nis != NI_OK) {
-		return nis;
-	    }
-	}
-
-	nis = ni_proplist2binding(&pl, b->u.list == NULL ? &b->u.list : &b->u.list->next);
-	ni_proplist_free(&pl);
-	if (nis != NI_OK) {
-	    return nis;
-	}
-	next = &b->next;
-    }
-    ni_idlist_free(idlist);
-    return NI_OK;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_config_parse_file (krb5_context context,
-			const char *fname,
-			krb5_config_section **res)
-{
-    void *ni = NULL, *lastni = NULL;
-    int i;
-    ni_status nis;
-    ni_id nid;
-    ni_idlist children;
-
-    krb5_config_section *s;
-    int ret;
-
-    s = NULL;
-
-    for (i = 0; i < 256; i++) {
-	if (i == 0) {
-	    nis = ni_open(NULL, ".", &ni);
-	} else {
-	    if (lastni != NULL) ni_free(lastni);
-	    lastni = ni;
-	    nis = ni_open(lastni, "..", &ni);
-	}
-	if (nis != NI_OK)
-	    break;
-	nis = ni_pathsearch(ni, &nid, "/locations/kerberos");
-	if (nis == NI_OK) {
-	    nis = ni_children(ni, &nid, &children);
-	    if (nis != NI_OK)
-		break;
-	    nis = ni_idlist2binding(ni, &children, &s);
-	    break;
-	}
-    }
-
-    if (ni != NULL) ni_free(ni);
-    if (ni != lastni && lastni != NULL) ni_free(lastni);
-
-    ret = (nis == NI_OK) ? 0 : -1;
-    if (ret == 0) {
-	*res = s;
-    } else {
-	*res = NULL;
-    }
-    return ret;
-}
-#endif /* HAVE_NETINFO */
diff --git a/crypto/heimdal/lib/krb5/constants.c b/crypto/heimdal/lib/krb5/constants.c
deleted file mode 100644
index 5188a1d3a864..000000000000
--- a/crypto/heimdal/lib/krb5/constants.c
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright (c) 1997-2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: constants.c 14253 2004-09-23 07:57:37Z joda $");
-
-const char *krb5_config_file = 
-#ifdef __APPLE__
-"/Library/Preferences/edu.mit.Kerberos:"
-#endif
-SYSCONFDIR "/krb5.conf:/etc/krb5.conf";
-const char *krb5_defkeyname = KEYTAB_DEFAULT;
diff --git a/crypto/heimdal/lib/krb5/context.c b/crypto/heimdal/lib/krb5/context.c
deleted file mode 100644
index 256783310e93..000000000000
--- a/crypto/heimdal/lib/krb5/context.c
+++ /dev/null
@@ -1,1033 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-#include <com_err.h>
-
-RCSID("$Id: context.c 22293 2007-12-14 05:25:59Z lha $");
-
-#define INIT_FIELD(C, T, E, D, F)					\
-    (C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), 	\
-						"libdefaults", F, NULL)
-
-#define INIT_FLAG(C, O, V, D, F)					\
-    do {								\
-	if (krb5_config_get_bool_default((C), NULL, (D),"libdefaults", F, NULL)) { \
-	    (C)->O |= V;						\
-        }								\
-    } while(0)
-
-/*
- * Set the list of etypes `ret_etypes' from the configuration variable
- * `name'
- */
-
-static krb5_error_code
-set_etypes (krb5_context context,
-	    const char *name,
-	    krb5_enctype **ret_enctypes)
-{
-    char **etypes_str;
-    krb5_enctype *etypes = NULL;
-
-    etypes_str = krb5_config_get_strings(context, NULL, "libdefaults", 
-					 name, NULL);
-    if(etypes_str){
-	int i, j, k;
-	for(i = 0; etypes_str[i]; i++);
-	etypes = malloc((i+1) * sizeof(*etypes));
-	if (etypes == NULL) {
-	    krb5_config_free_strings (etypes_str);
-	    krb5_set_error_string (context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	for(j = 0, k = 0; j < i; j++) {
-	    krb5_enctype e;
-	    if(krb5_string_to_enctype(context, etypes_str[j], &e) != 0)
-		continue;
-	    if (krb5_enctype_valid(context, e) != 0)
-		continue;
-	    etypes[k++] = e;
-	}
-	etypes[k] = ETYPE_NULL;
-	krb5_config_free_strings(etypes_str);
-    } 
-    *ret_enctypes = etypes;
-    return 0;
-}
-
-/*
- * read variables from the configuration file and set in `context'
- */
-
-static krb5_error_code
-init_context_from_config_file(krb5_context context)
-{
-    krb5_error_code ret;
-    const char * tmp;
-    krb5_enctype *tmptypes;
-
-    INIT_FIELD(context, time, max_skew, 5 * 60, "clockskew");
-    INIT_FIELD(context, time, kdc_timeout, 3, "kdc_timeout");
-    INIT_FIELD(context, int, max_retries, 3, "max_retries");
-
-    INIT_FIELD(context, string, http_proxy, NULL, "http_proxy");
-    
-    ret = set_etypes (context, "default_etypes", &tmptypes);
-    if(ret)
-	return ret;
-    free(context->etypes);
-    context->etypes = tmptypes;
-    
-    ret = set_etypes (context, "default_etypes_des", &tmptypes);
-    if(ret)
-	return ret;
-    free(context->etypes_des);
-    context->etypes_des = tmptypes;
-
-    /* default keytab name */
-    tmp = NULL;
-    if(!issuid())
-	tmp = getenv("KRB5_KTNAME");
-    if(tmp != NULL)
-	context->default_keytab = tmp;
-    else
-	INIT_FIELD(context, string, default_keytab, 
-		   KEYTAB_DEFAULT, "default_keytab_name");
-
-    INIT_FIELD(context, string, default_keytab_modify, 
-	       NULL, "default_keytab_modify_name");
-
-    INIT_FIELD(context, string, time_fmt, 
-	       "%Y-%m-%dT%H:%M:%S", "time_format");
-
-    INIT_FIELD(context, string, date_fmt, 
-	       "%Y-%m-%d", "date_format");
-
-    INIT_FIELD(context, bool, log_utc, 
-	       FALSE, "log_utc");
-
-
-    
-    /* init dns-proxy slime */
-    tmp = krb5_config_get_string(context, NULL, "libdefaults", 
-				 "dns_proxy", NULL);
-    if(tmp) 
-	roken_gethostby_setup(context->http_proxy, tmp);
-    krb5_free_host_realm (context, context->default_realms);
-    context->default_realms = NULL;
-
-    {
-	krb5_addresses addresses;
-	char **adr, **a;
-
-	krb5_set_extra_addresses(context, NULL);
-	adr = krb5_config_get_strings(context, NULL, 
-				      "libdefaults", 
-				      "extra_addresses", 
-				      NULL);
-	memset(&addresses, 0, sizeof(addresses));
-	for(a = adr; a && *a; a++) {
-	    ret = krb5_parse_address(context, *a, &addresses);
-	    if (ret == 0) {
-		krb5_add_extra_addresses(context, &addresses);
-		krb5_free_addresses(context, &addresses);
-	    }
-	}
-	krb5_config_free_strings(adr);
-
-	krb5_set_ignore_addresses(context, NULL);
-	adr = krb5_config_get_strings(context, NULL, 
-				      "libdefaults", 
-				      "ignore_addresses", 
-				      NULL);
-	memset(&addresses, 0, sizeof(addresses));
-	for(a = adr; a && *a; a++) {
-	    ret = krb5_parse_address(context, *a, &addresses);
-	    if (ret == 0) {
-		krb5_add_ignore_addresses(context, &addresses);
-		krb5_free_addresses(context, &addresses);
-	    }
-	}
-	krb5_config_free_strings(adr);
-    }
-    
-    INIT_FIELD(context, bool, scan_interfaces, TRUE, "scan_interfaces");
-    INIT_FIELD(context, int, fcache_vno, 0, "fcache_version");
-    /* prefer dns_lookup_kdc over srv_lookup. */
-    INIT_FIELD(context, bool, srv_lookup, TRUE, "srv_lookup");
-    INIT_FIELD(context, bool, srv_lookup, context->srv_lookup, "dns_lookup_kdc");
-    INIT_FIELD(context, int, large_msg_size, 1400, "large_message_size");
-    INIT_FLAG(context, flags, KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME, TRUE, "dns_canonicalize_hostname");
-    INIT_FLAG(context, flags, KRB5_CTX_F_CHECK_PAC, TRUE, "check_pac");
-    context->default_cc_name = NULL;
-    context->default_cc_name_set = 0;
-    return 0;
-}
-
-/**
- * Initializes the context structure and reads the configuration file
- * /etc/krb5.conf. The structure should be freed by calling
- * krb5_free_context() when it is no longer being used.
- *
- * @param context pointer to returned context
- *
- * @return Returns 0 to indicate success.  Otherwise an errno code is
- * returned.  Failure means either that something bad happened during
- * initialization (typically ENOMEM) or that Kerberos should not be
- * used ENXIO.
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_init_context(krb5_context *context)
-{
-    krb5_context p;
-    krb5_error_code ret;
-    char **files;
-
-    *context = NULL;
-
-    p = calloc(1, sizeof(*p));
-    if(!p)
-	return ENOMEM;
-
-    p->mutex = malloc(sizeof(HEIMDAL_MUTEX));
-    if (p->mutex == NULL) {
-	free(p);
-	return ENOMEM;
-    }
-    HEIMDAL_MUTEX_init(p->mutex);
-
-    ret = krb5_get_default_config_files(&files);
-    if(ret) 
-	goto out;
-    ret = krb5_set_config_files(p, files);
-    krb5_free_config_files(files);
-    if(ret) 
-	goto out;
-
-    /* init error tables */
-    krb5_init_ets(p);
-
-    p->cc_ops = NULL;
-    p->num_cc_ops = 0;
-    krb5_cc_register(p, &krb5_acc_ops, TRUE);
-    krb5_cc_register(p, &krb5_fcc_ops, TRUE);
-    krb5_cc_register(p, &krb5_mcc_ops, TRUE);
-#ifdef HAVE_KCM
-    krb5_cc_register(p, &krb5_kcm_ops, TRUE);
-#endif
-
-    p->num_kt_types = 0;
-    p->kt_types     = NULL;
-    krb5_kt_register (p, &krb5_fkt_ops);
-    krb5_kt_register (p, &krb5_wrfkt_ops);
-    krb5_kt_register (p, &krb5_javakt_ops);
-    krb5_kt_register (p, &krb5_mkt_ops);
-    krb5_kt_register (p, &krb5_akf_ops);
-    krb5_kt_register (p, &krb4_fkt_ops);
-    krb5_kt_register (p, &krb5_srvtab_fkt_ops);
-    krb5_kt_register (p, &krb5_any_ops);
-
-out:
-    if(ret) {
-	krb5_free_context(p);
-	p = NULL;
-    }
-    *context = p;
-    return ret;
-}
-
-/**
- * Frees the krb5_context allocated by krb5_init_context().
- *
- * @param context context to be freed.
- *
- *  @ingroup krb5
-*/
-
-void KRB5_LIB_FUNCTION
-krb5_free_context(krb5_context context)
-{
-    if (context->default_cc_name)
-	free(context->default_cc_name);
-    if (context->default_cc_name_env)
-	free(context->default_cc_name_env);
-    free(context->etypes);
-    free(context->etypes_des);
-    krb5_free_host_realm (context, context->default_realms);
-    krb5_config_file_free (context, context->cf);
-    free_error_table (context->et_list);
-    free(context->cc_ops);
-    free(context->kt_types);
-    krb5_clear_error_string(context);
-    if(context->warn_dest != NULL)
-	krb5_closelog(context, context->warn_dest);
-    krb5_set_extra_addresses(context, NULL);
-    krb5_set_ignore_addresses(context, NULL);
-    krb5_set_send_to_kdc_func(context, NULL, NULL);
-    if (context->mutex != NULL) {
-	HEIMDAL_MUTEX_destroy(context->mutex);
-	free(context->mutex);
-    }
-    memset(context, 0, sizeof(*context));
-    free(context);
-}
-
-/**
- * Reinit the context from a new set of filenames.
- *
- * @param context context to add configuration too.
- * @param filenames array of filenames, end of list is indicated with a NULL filename.
- *
- * @return Returns 0 to indicate success.  Otherwise an kerberos et
- * error code is returned, see krb5_get_error_message().
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_config_files(krb5_context context, char **filenames)
-{
-    krb5_error_code ret;
-    krb5_config_binding *tmp = NULL;
-    while(filenames != NULL && *filenames != NULL && **filenames != '\0') {
-	ret = krb5_config_parse_file_multi(context, *filenames, &tmp);
-	if(ret != 0 && ret != ENOENT && ret != EACCES) {
-	    krb5_config_file_free(context, tmp);
-	    return ret;
-	}
-	filenames++;
-    }
-#if 0
-    /* with this enabled and if there are no config files, Kerberos is
-       considererd disabled */
-    if(tmp == NULL)
-	return ENXIO;
-#endif
-    krb5_config_file_free(context, context->cf);
-    context->cf = tmp;
-    ret = init_context_from_config_file(context);
-    return ret;
-}
-
-static krb5_error_code
-add_file(char ***pfilenames, int *len, char *file)
-{
-    char **pp = *pfilenames;
-    int i;
-
-    for(i = 0; i < *len; i++) {
-	if(strcmp(pp[i], file) == 0) {
-	    free(file);
-	    return 0;
-	}
-    }
-
-    pp = realloc(*pfilenames, (*len + 2) * sizeof(*pp));
-    if (pp == NULL) {
-	free(file);
-	return ENOMEM;
-    }
-
-    pp[*len] = file;
-    pp[*len + 1] = NULL;
-    *pfilenames = pp;
-    *len += 1;
-    return 0;
-}
-
-/*
- *  `pq' isn't free, it's up the the caller
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_prepend_config_files(const char *filelist, char **pq, char ***ret_pp)
-{
-    krb5_error_code ret;
-    const char *p, *q;
-    char **pp;
-    int len;
-    char *fn;
-
-    pp = NULL;
-
-    len = 0;
-    p = filelist;
-    while(1) {
-	ssize_t l;
-	q = p;
-	l = strsep_copy(&q, ":", NULL, 0);
-	if(l == -1)
-	    break;
-	fn = malloc(l + 1);
-	if(fn == NULL) {
-	    krb5_free_config_files(pp);
-	    return ENOMEM;
-	}
-	l = strsep_copy(&p, ":", fn, l + 1);
-	ret = add_file(&pp, &len, fn);
-	if (ret) {
-	    krb5_free_config_files(pp);
-	    return ret;
-	}
-    }
-
-    if (pq != NULL) {
-	int i;
-
-	for (i = 0; pq[i] != NULL; i++) {
-	    fn = strdup(pq[i]);
-	    if (fn == NULL) {
-		krb5_free_config_files(pp);
-		return ENOMEM;
-	    }
-	    ret = add_file(&pp, &len, fn);
-	    if (ret) {
-		krb5_free_config_files(pp);
-		return ret;
-	    }
-	}
-    }
-
-    *ret_pp = pp;
-    return 0;
-}
-
-/**
- * Prepend the filename to the global configuration list.
- *
- * @param filelist a filename to add to the default list of filename
- * @param pfilenames return array of filenames, should be freed with krb5_free_config_files().
- *
- * @return Returns 0 to indicate success.  Otherwise an kerberos et
- * error code is returned, see krb5_get_error_message().
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_prepend_config_files_default(const char *filelist, char ***pfilenames)
-{
-    krb5_error_code ret;
-    char **defpp, **pp = NULL;
-    
-    ret = krb5_get_default_config_files(&defpp);
-    if (ret)
-	return ret;
-
-    ret = krb5_prepend_config_files(filelist, defpp, &pp);
-    krb5_free_config_files(defpp);
-    if (ret) {
-	return ret;
-    }	
-    *pfilenames = pp;
-    return 0;
-}
-
-/**
- * Get the global configuration list.
- *
- * @param pfilenames return array of filenames, should be freed with krb5_free_config_files().
- *
- * @return Returns 0 to indicate success.  Otherwise an kerberos et
- * error code is returned, see krb5_get_error_message().
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION 
-krb5_get_default_config_files(char ***pfilenames)
-{
-    const char *files = NULL;
-
-    if (pfilenames == NULL)
-        return EINVAL;
-    if(!issuid())
-	files = getenv("KRB5_CONFIG");
-    if (files == NULL)
-	files = krb5_config_file;
-
-    return krb5_prepend_config_files(files, NULL, pfilenames);
-}
-
-/**
- * Free a list of configuration files.
- *
- * @param filenames list to be freed.
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned, see krb5_get_error_message().
- *
- * @ingroup krb5
- */
-
-void KRB5_LIB_FUNCTION
-krb5_free_config_files(char **filenames)
-{
-    char **p;
-    for(p = filenames; *p != NULL; p++)
-	free(*p);
-    free(filenames);
-}
-
-/**
- * Returns the list of Kerberos encryption types sorted in order of
- * most preferred to least preferred encryption type.  Note that some
- * encryption types might be disabled, so you need to check with
- * krb5_enctype_valid() before using the encryption type.
- *
- * @return list of enctypes, terminated with ETYPE_NULL. Its a static
- * array completed into the Kerberos library so the content doesn't
- * need to be freed.
- *
- * @ingroup krb5
- */
-
-const krb5_enctype * KRB5_LIB_FUNCTION
-krb5_kerberos_enctypes(krb5_context context)
-{
-    static const krb5_enctype p[] = {
-	ETYPE_AES256_CTS_HMAC_SHA1_96,
-	ETYPE_AES128_CTS_HMAC_SHA1_96,
-	ETYPE_DES3_CBC_SHA1,
-	ETYPE_DES3_CBC_MD5,
-	ETYPE_ARCFOUR_HMAC_MD5,
-	ETYPE_DES_CBC_MD5,
-	ETYPE_DES_CBC_MD4,
-	ETYPE_DES_CBC_CRC,
-	ETYPE_NULL
-    };
-    return p;
-}
-
-/*
- * set `etype' to a malloced list of the default enctypes
- */
-
-static krb5_error_code
-default_etypes(krb5_context context, krb5_enctype **etype)
-{
-    const krb5_enctype *p;
-    krb5_enctype *e = NULL, *ep;
-    int i, n = 0;
-
-    p = krb5_kerberos_enctypes(context);
-
-    for (i = 0; p[i] != ETYPE_NULL; i++) {
-	if (krb5_enctype_valid(context, p[i]) != 0)
-	    continue;
-	ep = realloc(e, (n + 2) * sizeof(*e));
-	if (ep == NULL) {
-	    free(e);
-	    krb5_set_error_string (context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	e = ep;
-	e[n] = p[i];
-	e[n + 1] = ETYPE_NULL;
-	n++;
-    }
-    *etype = e;
-    return 0;
-}
-
-/**
- * Set the default encryption types that will be use in communcation
- * with the KDC, clients and servers.
- *
- * @param context Kerberos 5 context.
- * @param etypes Encryption types, array terminated with ETYPE_NULL (0).
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned, see krb5_get_error_message().
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_default_in_tkt_etypes(krb5_context context, 
-			       const krb5_enctype *etypes)
-{
-    krb5_enctype *p = NULL;
-    int i;
-
-    if(etypes) {
-	for (i = 0; etypes[i]; ++i) {
-	    krb5_error_code ret;
-	    ret = krb5_enctype_valid(context, etypes[i]);
-	    if (ret)
-		return ret;
-	}
-	++i;
-	ALLOC(p, i);
-	if(!p) {
-	    krb5_set_error_string (context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	memmove(p, etypes, i * sizeof(krb5_enctype));
-    }
-    if(context->etypes)
-	free(context->etypes);
-    context->etypes = p;
-    return 0;
-}
-
-/**
- * Get the default encryption types that will be use in communcation
- * with the KDC, clients and servers.
- *
- * @param context Kerberos 5 context.
- * @param etypes Encryption types, array terminated with
- * ETYPE_NULL(0), caller should free array with krb5_xfree():
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned, see krb5_get_error_message().
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_default_in_tkt_etypes(krb5_context context,
-			       krb5_enctype **etypes)
-{
-  krb5_enctype *p;
-  int i;
-  krb5_error_code ret;
-
-  if(context->etypes) {
-    for(i = 0; context->etypes[i]; i++);
-    ++i;
-    ALLOC(p, i);
-    if(!p) {
-      krb5_set_error_string (context, "malloc: out of memory");
-      return ENOMEM;
-    }
-    memmove(p, context->etypes, i * sizeof(krb5_enctype));
-  } else {
-    ret = default_etypes(context, &p);
-    if (ret)
-      return ret;
-  }
-  *etypes = p;
-  return 0;
-}
-
-/**
- * Return the error string for the error code. The caller must not
- * free the string.
- *
- * @param context Kerberos 5 context.
- * @param code Kerberos error code.
- *
- * @return the error message matching code
- *
- * @ingroup krb5
- */
-
-const char* KRB5_LIB_FUNCTION
-krb5_get_err_text(krb5_context context, krb5_error_code code)
-{
-    const char *p = NULL;
-    if(context != NULL)
-	p = com_right(context->et_list, code);
-    if(p == NULL)
-	p = strerror(code);
-    if (p == NULL)
-	p = "Unknown error";
-    return p;
-}
-
-/**
- * Init the built-in ets in the Kerberos library. 
- *
- * @param context kerberos context to add the ets too
- *
- * @ingroup krb5
- */
-
-void KRB5_LIB_FUNCTION
-krb5_init_ets(krb5_context context)
-{
-    if(context->et_list == NULL){
-	krb5_add_et_list(context, initialize_krb5_error_table_r);
-	krb5_add_et_list(context, initialize_asn1_error_table_r);
-	krb5_add_et_list(context, initialize_heim_error_table_r);
-	krb5_add_et_list(context, initialize_k524_error_table_r);
-#ifdef PKINIT
-	krb5_add_et_list(context, initialize_hx_error_table_r);
-#endif
-    }
-}
-
-/**
- * Make the kerberos library default to the admin KDC.
- *
- * @param context Kerberos 5 context.
- * @param flag boolean flag to select if the use the admin KDC or not.
- *
- * @ingroup krb5
- */
-
-void KRB5_LIB_FUNCTION
-krb5_set_use_admin_kdc (krb5_context context, krb5_boolean flag)
-{
-    context->use_admin_kdc = flag;
-}
-
-/**
- * Make the kerberos library default to the admin KDC.
- *
- * @param context Kerberos 5 context.
- *
- * @return boolean flag to telling the context will use admin KDC as the default KDC.
- *
- * @ingroup krb5
- */
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_get_use_admin_kdc (krb5_context context)
-{
-    return context->use_admin_kdc;
-}
-
-/**
- * Add extra address to the address list that the library will add to
- * the client's address list when communicating with the KDC.
- *
- * @param context Kerberos 5 context.
- * @param addresses addreses to add
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned, see krb5_get_error_message().
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_add_extra_addresses(krb5_context context, krb5_addresses *addresses)
-{
-
-    if(context->extra_addresses)
-	return krb5_append_addresses(context, 
-				     context->extra_addresses, addresses);
-    else
-	return krb5_set_extra_addresses(context, addresses);
-}
-
-/**
- * Set extra address to the address list that the library will add to
- * the client's address list when communicating with the KDC.
- *
- * @param context Kerberos 5 context.
- * @param addresses addreses to set
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned, see krb5_get_error_message().
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses)
-{
-    if(context->extra_addresses)
-	krb5_free_addresses(context, context->extra_addresses);
-
-    if(addresses == NULL) {
-	if(context->extra_addresses != NULL) {
-	    free(context->extra_addresses);
-	    context->extra_addresses = NULL;
-	}
-	return 0;
-    }
-    if(context->extra_addresses == NULL) {
-	context->extra_addresses = malloc(sizeof(*context->extra_addresses));
-	if(context->extra_addresses == NULL) {
-	    krb5_set_error_string (context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-    }
-    return krb5_copy_addresses(context, addresses, context->extra_addresses);
-}
-
-/**
- * Get extra address to the address list that the library will add to
- * the client's address list when communicating with the KDC.
- *
- * @param context Kerberos 5 context.
- * @param addresses addreses to set
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned, see krb5_get_error_message().
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_extra_addresses(krb5_context context, krb5_addresses *addresses)
-{
-    if(context->extra_addresses == NULL) {
-	memset(addresses, 0, sizeof(*addresses));
-	return 0;
-    }
-    return krb5_copy_addresses(context,context->extra_addresses, addresses);
-}
-
-/**
- * Add extra addresses to ignore when fetching addresses from the
- * underlaying operating system.
- *
- * @param context Kerberos 5 context.
- * @param addresses addreses to ignore
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned, see krb5_get_error_message().
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_add_ignore_addresses(krb5_context context, krb5_addresses *addresses)
-{
-
-    if(context->ignore_addresses)
-	return krb5_append_addresses(context, 
-				     context->ignore_addresses, addresses);
-    else
-	return krb5_set_ignore_addresses(context, addresses);
-}
-
-/**
- * Set extra addresses to ignore when fetching addresses from the
- * underlaying operating system.
- *
- * @param context Kerberos 5 context.
- * @param addresses addreses to ignore
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned, see krb5_get_error_message().
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_ignore_addresses(krb5_context context, const krb5_addresses *addresses)
-{
-    if(context->ignore_addresses)
-	krb5_free_addresses(context, context->ignore_addresses);
-    if(addresses == NULL) {
-	if(context->ignore_addresses != NULL) {
-	    free(context->ignore_addresses);
-	    context->ignore_addresses = NULL;
-	}
-	return 0;
-    }
-    if(context->ignore_addresses == NULL) {
-	context->ignore_addresses = malloc(sizeof(*context->ignore_addresses));
-	if(context->ignore_addresses == NULL) {
-	    krb5_set_error_string (context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-    }
-    return krb5_copy_addresses(context, addresses, context->ignore_addresses);
-}
-
-/**
- * Get extra addresses to ignore when fetching addresses from the
- * underlaying operating system.
- *
- * @param context Kerberos 5 context.
- * @param addresses list addreses ignored
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned, see krb5_get_error_message().
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_ignore_addresses(krb5_context context, krb5_addresses *addresses)
-{
-    if(context->ignore_addresses == NULL) {
-	memset(addresses, 0, sizeof(*addresses));
-	return 0;
-    }
-    return krb5_copy_addresses(context, context->ignore_addresses, addresses);
-}
-
-/**
- * Set version of fcache that the library should use.
- *
- * @param context Kerberos 5 context.
- * @param version version number.
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned, see krb5_get_error_message().
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_fcache_version(krb5_context context, int version)
-{
-    context->fcache_vno = version;
-    return 0;
-}
-
-/**
- * Get version of fcache that the library should use.
- *
- * @param context Kerberos 5 context.
- * @param version version number.
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned, see krb5_get_error_message().
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_fcache_version(krb5_context context, int *version)
-{
-    *version = context->fcache_vno;
-    return 0;
-}
-
-/**
- * Runtime check if the Kerberos library was complied with thread support.
- *
- * @return TRUE if the library was compiled with thread support, FALSE if not.
- *
- * @ingroup krb5
- */
-
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_is_thread_safe(void)
-{
-#ifdef ENABLE_PTHREAD_SUPPORT
-    return TRUE;
-#else
-    return FALSE;
-#endif
-}
-
-/**
- * Set if the library should use DNS to canonicalize hostnames.
- *
- * @param context Kerberos 5 context.
- * @param flag if its dns canonicalizion is used or not.
- *
- * @ingroup krb5
- */
-
-void KRB5_LIB_FUNCTION
-krb5_set_dns_canonicalize_hostname (krb5_context context, krb5_boolean flag)
-{
-    if (flag)
-	context->flags |= KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME;
-    else
-	context->flags &= ~KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME;
-}
-
-/**
- * Get if the library uses DNS to canonicalize hostnames.
- *
- * @param context Kerberos 5 context.
- *
- * @return return non zero if the library uses DNS to canonicalize hostnames.
- *
- * @ingroup krb5
- */
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_get_dns_canonicalize_hostname (krb5_context context)
-{
-    return (context->flags & KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME) ? 1 : 0;
-}
-
-/**
- * Get current offset in time to the KDC.
- *
- * @param context Kerberos 5 context.
- * @param sec seconds part of offset.
- * @param usec micro seconds part of offset.
- *
- * @return return non zero if the library uses DNS to canonicalize hostnames.
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_kdc_sec_offset (krb5_context context, int32_t *sec, int32_t *usec)
-{
-    if (sec)
-	*sec = context->kdc_sec_offset;
-    if (usec)
-	*usec = context->kdc_usec_offset;
-    return 0;
-}
-
-/**
- * Get max time skew allowed.
- *
- * @param context Kerberos 5 context.
- *
- * @return timeskew in seconds.
- *
- * @ingroup krb5
- */
-
-time_t KRB5_LIB_FUNCTION
-krb5_get_max_time_skew (krb5_context context)
-{
-    return context->max_skew;
-}
-
-/**
- * Set max time skew allowed.
- *
- * @param context Kerberos 5 context.
- * @param t timeskew in seconds.
- *
- * @ingroup krb5
- */
-
-void KRB5_LIB_FUNCTION
-krb5_set_max_time_skew (krb5_context context, time_t t)
-{
-    context->max_skew = t;
-}
diff --git a/crypto/heimdal/lib/krb5/convert_creds.c b/crypto/heimdal/lib/krb5/convert_creds.c
deleted file mode 100644
index b2af0187eac3..000000000000
--- a/crypto/heimdal/lib/krb5/convert_creds.c
+++ /dev/null
@@ -1,204 +0,0 @@
-/*
- * Copyright (c) 1997 - 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-RCSID("$Id: convert_creds.c 22050 2007-11-11 11:20:46Z lha $");
-
-#include "krb5-v4compat.h"
-
-static krb5_error_code
-check_ticket_flags(TicketFlags f)
-{
-    return 0; /* maybe add some more tests here? */
-}
-
-/**
- * Convert the v5 credentials in in_cred to v4-dito in v4creds.  This
- * is done by sending them to the 524 function in the KDC.  If
- * `in_cred' doesn't contain a DES session key, then a new one is
- * gotten from the KDC and stored in the cred cache `ccache'.
- *
- * @param context Kerberos 5 context.
- * @param in_cred the credential to convert
- * @param v4creds the converted credential
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned, see krb5_get_error_message().
- *
- * @ingroup krb5_v4compat
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb524_convert_creds_kdc(krb5_context context, 
-			 krb5_creds *in_cred,
-			 struct credentials *v4creds)
-{
-    krb5_error_code ret;
-    krb5_data reply;
-    krb5_storage *sp;
-    int32_t tmp;
-    krb5_data ticket;
-    char realm[REALM_SZ];
-    krb5_creds *v5_creds = in_cred;
-
-    ret = check_ticket_flags(v5_creds->flags.b);
-    if(ret)
-	goto out2;
-
-    {
-	krb5_krbhst_handle handle;
-
-	ret = krb5_krbhst_init(context,
-			       krb5_principal_get_realm(context, 
-							v5_creds->server),
-			       KRB5_KRBHST_KRB524,
-			       &handle);
-	if (ret)
-	    goto out2;
-
-	ret = krb5_sendto (context,
-			   &v5_creds->ticket,
-			   handle,
-			   &reply);
-	krb5_krbhst_free(context, handle);
-	if (ret)
-	    goto out2;
-    }
-    sp = krb5_storage_from_mem(reply.data, reply.length);
-    if(sp == NULL) {
-	ret = ENOMEM;
-	krb5_set_error_string (context, "malloc: out of memory");
-	goto out2;
-    }
-    krb5_ret_int32(sp, &tmp);
-    ret = tmp;
-    if(ret == 0) {
-	memset(v4creds, 0, sizeof(*v4creds));
-	ret = krb5_ret_int32(sp, &tmp);
-	if(ret)
-	    goto out;
-	v4creds->kvno = tmp;
-	ret = krb5_ret_data(sp, &ticket);
-	if(ret)
-	    goto out;
-	v4creds->ticket_st.length = ticket.length;
-	memcpy(v4creds->ticket_st.dat, ticket.data, ticket.length);
-	krb5_data_free(&ticket);
-	ret = krb5_524_conv_principal(context, 
-				      v5_creds->server, 
-				      v4creds->service, 
-				      v4creds->instance, 
-				      v4creds->realm);
-	if(ret)
-	    goto out;
-	v4creds->issue_date = v5_creds->times.starttime;
-	v4creds->lifetime = _krb5_krb_time_to_life(v4creds->issue_date,
-						   v5_creds->times.endtime);
-	ret = krb5_524_conv_principal(context, v5_creds->client, 
-				      v4creds->pname, 
-				      v4creds->pinst, 
-				      realm);
-	if(ret)
-	    goto out;
-	memcpy(v4creds->session, v5_creds->session.keyvalue.data, 8);
-    } else {
-	krb5_set_error_string(context, "converting credentials: %s", 
-			      krb5_get_err_text(context, ret));
-    }
-out:
-    krb5_storage_free(sp);
-    krb5_data_free(&reply);
-out2:
-    if (v5_creds != in_cred)
-	krb5_free_creds (context, v5_creds);
-    return ret;
-}
-
-/**
- * Convert the v5 credentials in in_cred to v4-dito in v4creds,
- * check the credential cache ccache before checking with the KDC.
- *
- * @param context Kerberos 5 context.
- * @param ccache credential cache used to check for des-ticket.
- * @param in_cred the credential to convert
- * @param v4creds the converted credential
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned, see krb5_get_error_message().
- *
- * @ingroup krb5_v4compat
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb524_convert_creds_kdc_ccache(krb5_context context, 
-				krb5_ccache ccache,
-				krb5_creds *in_cred,
-				struct credentials *v4creds)
-{
-    krb5_error_code ret;
-    krb5_creds *v5_creds = in_cred;
-    krb5_keytype keytype;
-
-    keytype = v5_creds->session.keytype;
-
-    if (keytype != ENCTYPE_DES_CBC_CRC) {
-	/* MIT krb524d doesn't like nothing but des-cbc-crc tickets,
-           so go get one */
-	krb5_creds template;
-
-	memset (&template, 0, sizeof(template));
-	template.session.keytype = ENCTYPE_DES_CBC_CRC;
-	ret = krb5_copy_principal (context, in_cred->client, &template.client);
-	if (ret) {
-	    krb5_free_cred_contents (context, &template);
-	    return ret;
-	}
-	ret = krb5_copy_principal (context, in_cred->server, &template.server);
-	if (ret) {
-	    krb5_free_cred_contents (context, &template);
-	    return ret;
-	}
-
-	ret = krb5_get_credentials (context, 0, ccache,
-				    &template, &v5_creds);
-	krb5_free_cred_contents (context, &template);
-	if (ret)
-	    return ret;
-    }
-
-    ret = krb524_convert_creds_kdc(context, v5_creds, v4creds);
-
-    if (v5_creds != in_cred)
-	krb5_free_creds (context, v5_creds);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/copy_host_realm.c b/crypto/heimdal/lib/krb5/copy_host_realm.c
deleted file mode 100644
index 8c4f39b4ac4c..000000000000
--- a/crypto/heimdal/lib/krb5/copy_host_realm.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: copy_host_realm.c 22057 2007-11-11 15:13:13Z lha $");
-
-/**
- * Copy the list of realms from `from' to `to'.
- *
- * @param context Kerberos 5 context.
- * @param from list of realms to copy from.
- * @param to list of realms to copy to, free list of krb5_free_host_realm().
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned, see krb5_get_error_message().
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_host_realm(krb5_context context,
-		     const krb5_realm *from,
-		     krb5_realm **to)
-{
-    int n, i;
-    const krb5_realm *p;
-
-    for (n = 0, p = from; *p != NULL; ++p)
-	++n;
-    ++n;
-    *to = malloc (n * sizeof(**to));
-    if (*to == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    for (i = 0; i < n; ++i)
-	(*to)[i] = NULL;
-    for (i = 0, p = from; *p != NULL; ++p, ++i) {
-	(*to)[i] = strdup(*p);
-	if ((*to)[i] == NULL) {
-	    krb5_free_host_realm (context, *to);
-	    krb5_set_error_string (context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/crc.c b/crypto/heimdal/lib/krb5/crc.c
deleted file mode 100644
index 072c29d68974..000000000000
--- a/crypto/heimdal/lib/krb5/crc.c
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: crc.c 17442 2006-05-05 09:31:15Z lha $");
-
-static u_long table[256];
-
-#define CRC_GEN 0xEDB88320L
-
-void
-_krb5_crc_init_table(void)
-{
-    static int flag = 0;
-    unsigned long crc, poly;
-    int     i, j;
-    
-    if(flag) return;
-    poly = CRC_GEN;
-    for (i = 0; i < 256; i++) {
-	crc = i;
-	for (j = 8; j > 0; j--) {
-	    if (crc & 1) {
-		crc = (crc >> 1) ^ poly;
-	    } else {
-		crc >>= 1;
-	    }
-	}
-	table[i] = crc;
-    }
-    flag = 1;
-}
-
-uint32_t
-_krb5_crc_update (const char *p, size_t len, uint32_t res)
-{
-    while (len--)
-	res = table[(res ^ *p++) & 0xFF] ^ (res >> 8);
-    return res & 0xFFFFFFFF;
-}
diff --git a/crypto/heimdal/lib/krb5/creds.c b/crypto/heimdal/lib/krb5/creds.c
deleted file mode 100644
index 17ef46dfa3b6..000000000000
--- a/crypto/heimdal/lib/krb5/creds.c
+++ /dev/null
@@ -1,269 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: creds.c 22062 2007-11-11 15:41:50Z lha $");
-
-#undef __attribute__
-#define __attribute__(X)
-
-/* keep this for compatibility with older code */
-krb5_error_code KRB5_LIB_FUNCTION __attribute__((deprecated))
-krb5_free_creds_contents (krb5_context context, krb5_creds *c)
-{
-    return krb5_free_cred_contents (context, c);
-}    
-
-/**
- * Free content of krb5_creds.
- *
- * @param context Kerberos 5 context.
- * @param c krb5_creds to free.
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned, see krb5_get_error_message().
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_free_cred_contents (krb5_context context, krb5_creds *c)
-{
-    krb5_free_principal (context, c->client);
-    c->client = NULL;
-    krb5_free_principal (context, c->server);
-    c->server = NULL;
-    krb5_free_keyblock_contents (context, &c->session);
-    krb5_data_free (&c->ticket);
-    krb5_data_free (&c->second_ticket);
-    free_AuthorizationData (&c->authdata);
-    krb5_free_addresses (context, &c->addresses);
-    memset(c, 0, sizeof(*c));
-    return 0;
-}
-
-/**
- * Copy content of krb5_creds.
- *
- * @param context Kerberos 5 context.
- * @param incred source credential
- * @param c destination credential, free with krb5_free_cred_contents().
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned, see krb5_get_error_message().
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_creds_contents (krb5_context context,
-			  const krb5_creds *incred,
-			  krb5_creds *c)
-{
-    krb5_error_code ret;
-
-    memset(c, 0, sizeof(*c));
-    ret = krb5_copy_principal (context, incred->client, &c->client);
-    if (ret)
-	goto fail;
-    ret = krb5_copy_principal (context, incred->server, &c->server);
-    if (ret)
-	goto fail;
-    ret = krb5_copy_keyblock_contents (context, &incred->session, &c->session);
-    if (ret)
-	goto fail;
-    c->times = incred->times;
-    ret = krb5_data_copy (&c->ticket,
-			  incred->ticket.data,
-			  incred->ticket.length);
-    if (ret)
-	goto fail;
-    ret = krb5_data_copy (&c->second_ticket,
-			  incred->second_ticket.data,
-			  incred->second_ticket.length);
-    if (ret)
-	goto fail;
-    ret = copy_AuthorizationData(&incred->authdata, &c->authdata);
-    if (ret)
-	goto fail;
-    ret = krb5_copy_addresses (context,
-			       &incred->addresses,
-			       &c->addresses);
-    if (ret)
-	goto fail;
-    c->flags = incred->flags;
-    return 0;
-
-fail:
-    krb5_free_cred_contents (context, c);
-    return ret;
-}
-
-/**
- * Copy krb5_creds.
- *
- * @param context Kerberos 5 context.
- * @param incred source credential
- * @param outcred destination credential, free with krb5_free_creds().
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned, see krb5_get_error_message().
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_creds (krb5_context context,
-		 const krb5_creds *incred,
-		 krb5_creds **outcred)
-{
-    krb5_creds *c;
-
-    c = malloc (sizeof (*c));
-    if (c == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    memset (c, 0, sizeof(*c));
-    *outcred = c;
-    return krb5_copy_creds_contents (context, incred, c);
-}
-
-/**
- * Free krb5_creds.
- *
- * @param context Kerberos 5 context.
- * @param c krb5_creds to free.
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned, see krb5_get_error_message().
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_free_creds (krb5_context context, krb5_creds *c)
-{
-    krb5_free_cred_contents (context, c);
-    free (c);
-    return 0;
-}
-
-/* XXX this do not belong here */
-static krb5_boolean
-krb5_times_equal(const krb5_times *a, const krb5_times *b)
-{
-    return a->starttime == b->starttime &&
-	a->authtime == b->authtime &&
-	a->endtime == b->endtime &&
-	a->renew_till == b->renew_till;
-}
-
-/**
- * Return TRUE if `mcreds' and `creds' are equal (`whichfields'
- * determines what equal means).
- *
- * @param context Kerberos 5 context.
- * @param whichfields which fields to compare.
- * @param mcreds cred to compare with.
- * @param creds cred to compare with.
- *
- * @return return TRUE if mcred and creds are equal, FALSE if not.
- *
- * @ingroup krb5
- */
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_compare_creds(krb5_context context, krb5_flags whichfields,
-		   const krb5_creds * mcreds, const krb5_creds * creds)
-{
-    krb5_boolean match = TRUE;
-    
-    if (match && mcreds->server) {
-	if (whichfields & (KRB5_TC_DONT_MATCH_REALM | KRB5_TC_MATCH_SRV_NAMEONLY)) 
-	    match = krb5_principal_compare_any_realm (context, mcreds->server, 
-						      creds->server);
-	else
-	    match = krb5_principal_compare (context, mcreds->server, 
-					    creds->server);
-    }
-
-    if (match && mcreds->client) {
-	if(whichfields & KRB5_TC_DONT_MATCH_REALM)
-	    match = krb5_principal_compare_any_realm (context, mcreds->client, 
-						      creds->client);
-	else
-	    match = krb5_principal_compare (context, mcreds->client, 
-					    creds->client);
-    }
-	    
-    if (match && (whichfields & KRB5_TC_MATCH_KEYTYPE))
-	match = krb5_enctypes_compatible_keys(context,
-					      mcreds->session.keytype,
-					      creds->session.keytype);
-
-    if (match && (whichfields & KRB5_TC_MATCH_FLAGS_EXACT))
-	match = mcreds->flags.i == creds->flags.i;
-
-    if (match && (whichfields & KRB5_TC_MATCH_FLAGS))
-	match = (creds->flags.i & mcreds->flags.i) == mcreds->flags.i;
-
-    if (match && (whichfields & KRB5_TC_MATCH_TIMES_EXACT))
-	match = krb5_times_equal(&mcreds->times, &creds->times);
-    
-    if (match && (whichfields & KRB5_TC_MATCH_TIMES))
-	/* compare only expiration times */
-	match = (mcreds->times.renew_till <= creds->times.renew_till) &&
-	    (mcreds->times.endtime <= creds->times.endtime);
-
-    if (match && (whichfields & KRB5_TC_MATCH_AUTHDATA)) {
-	unsigned int i;
-	if(mcreds->authdata.len != creds->authdata.len)
-	    match = FALSE;
-	else
-	    for(i = 0; match && i < mcreds->authdata.len; i++)
-		match = (mcreds->authdata.val[i].ad_type == 
-			 creds->authdata.val[i].ad_type) &&
-		    (krb5_data_cmp(&mcreds->authdata.val[i].ad_data,
-				   &creds->authdata.val[i].ad_data) == 0);
-    }
-    if (match && (whichfields & KRB5_TC_MATCH_2ND_TKT))
-	match = (krb5_data_cmp(&mcreds->second_ticket, &creds->second_ticket) == 0);
-
-    if (match && (whichfields & KRB5_TC_MATCH_IS_SKEY))
-	match = ((mcreds->second_ticket.length == 0) == 
-		 (creds->second_ticket.length == 0));
-
-    return match;
-}
diff --git a/crypto/heimdal/lib/krb5/crypto.c b/crypto/heimdal/lib/krb5/crypto.c
deleted file mode 100644
index 2e6349094683..000000000000
--- a/crypto/heimdal/lib/krb5/crypto.c
+++ /dev/null
@@ -1,4192 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-RCSID("$Id: crypto.c 22200 2007-12-07 13:48:01Z lha $");
-
-#undef CRYPTO_DEBUG
-#ifdef CRYPTO_DEBUG
-static void krb5_crypto_debug(krb5_context, int, size_t, krb5_keyblock*);
-#endif
-
-
-struct key_data {
-    krb5_keyblock *key;
-    krb5_data *schedule;
-};
-
-struct key_usage {
-    unsigned usage;
-    struct key_data key;
-};
-
-struct krb5_crypto_data {
-    struct encryption_type *et;
-    struct key_data key;
-    int num_key_usage;
-    struct key_usage *key_usage;
-};
-
-#define CRYPTO_ETYPE(C) ((C)->et->type)
-
-/* bits for `flags' below */
-#define F_KEYED		 1	/* checksum is keyed */
-#define F_CPROOF	 2	/* checksum is collision proof */
-#define F_DERIVED	 4	/* uses derived keys */
-#define F_VARIANT	 8	/* uses `variant' keys (6.4.3) */
-#define F_PSEUDO	16	/* not a real protocol type */
-#define F_SPECIAL	32	/* backwards */
-#define F_DISABLED	64	/* enctype/checksum disabled */
-
-struct salt_type {
-    krb5_salttype type;
-    const char *name;
-    krb5_error_code (*string_to_key)(krb5_context, krb5_enctype, krb5_data, 
-				     krb5_salt, krb5_data, krb5_keyblock*);
-};
-
-struct key_type {
-    krb5_keytype type; /* XXX */
-    const char *name;
-    size_t bits;
-    size_t size;
-    size_t schedule_size;
-#if 0
-    krb5_enctype best_etype;
-#endif
-    void (*random_key)(krb5_context, krb5_keyblock*);
-    void (*schedule)(krb5_context, struct key_data *);
-    struct salt_type *string_to_key;
-    void (*random_to_key)(krb5_context, krb5_keyblock*, const void*, size_t);
-};
-
-struct checksum_type {
-    krb5_cksumtype type;
-    const char *name;
-    size_t blocksize;
-    size_t checksumsize;
-    unsigned flags;
-    void (*checksum)(krb5_context context,
-		     struct key_data *key,
-		     const void *buf, size_t len,
-		     unsigned usage,
-		     Checksum *csum);
-    krb5_error_code (*verify)(krb5_context context,
-			      struct key_data *key,
-			      const void *buf, size_t len,
-			      unsigned usage,
-			      Checksum *csum);
-};
-
-struct encryption_type {
-    krb5_enctype type;
-    const char *name;
-    heim_oid *oid;
-    size_t blocksize;
-    size_t padsize;
-    size_t confoundersize;
-    struct key_type *keytype;
-    struct checksum_type *checksum;
-    struct checksum_type *keyed_checksum;
-    unsigned flags;
-    krb5_error_code (*encrypt)(krb5_context context,
-			       struct key_data *key,
-			       void *data, size_t len,
-			       krb5_boolean encryptp,
-			       int usage,
-			       void *ivec);
-    size_t prf_length;
-    krb5_error_code (*prf)(krb5_context,
-			   krb5_crypto, const krb5_data *, krb5_data *);
-};
-
-#define ENCRYPTION_USAGE(U) (((U) << 8) | 0xAA)
-#define INTEGRITY_USAGE(U) (((U) << 8) | 0x55)
-#define CHECKSUM_USAGE(U) (((U) << 8) | 0x99)
-
-static struct checksum_type *_find_checksum(krb5_cksumtype type);
-static struct encryption_type *_find_enctype(krb5_enctype type);
-static struct key_type *_find_keytype(krb5_keytype type);
-static krb5_error_code _get_derived_key(krb5_context, krb5_crypto, 
-					unsigned, struct key_data**);
-static struct key_data *_new_derived_key(krb5_crypto crypto, unsigned usage);
-static krb5_error_code derive_key(krb5_context context,
-				  struct encryption_type *et,
-				  struct key_data *key,
-				  const void *constant,
-				  size_t len);
-static krb5_error_code hmac(krb5_context context,
-			    struct checksum_type *cm, 
-			    const void *data, 
-			    size_t len, 
-			    unsigned usage,
-			    struct key_data *keyblock,
-			    Checksum *result);
-static void free_key_data(krb5_context context, struct key_data *key);
-static krb5_error_code usage2arcfour (krb5_context, unsigned *);
-static void xor (DES_cblock *, const unsigned char *);
-
-/************************************************************
- *                                                          *
- ************************************************************/
-
-static HEIMDAL_MUTEX crypto_mutex = HEIMDAL_MUTEX_INITIALIZER;
-
-
-static void
-krb5_DES_random_key(krb5_context context,
-	       krb5_keyblock *key)
-{
-    DES_cblock *k = key->keyvalue.data;
-    do {
-	krb5_generate_random_block(k, sizeof(DES_cblock));
-	DES_set_odd_parity(k);
-    } while(DES_is_weak_key(k));
-}
-
-static void
-krb5_DES_schedule(krb5_context context,
-		  struct key_data *key)
-{
-    DES_set_key(key->key->keyvalue.data, key->schedule->data);
-}
-
-#ifdef ENABLE_AFS_STRING_TO_KEY
-
-/* This defines the Andrew string_to_key function.  It accepts a password
- * string as input and converts it via a one-way encryption algorithm to a DES
- * encryption key.  It is compatible with the original Andrew authentication
- * service password database.
- */
-
-/*
- * Short passwords, i.e 8 characters or less.
- */
-static void
-krb5_DES_AFS3_CMU_string_to_key (krb5_data pw,
-			    krb5_data cell,
-			    DES_cblock *key)
-{
-    char  password[8+1];	/* crypt is limited to 8 chars anyway */
-    int   i;
-    
-    for(i = 0; i < 8; i++) {
-	char c = ((i < pw.length) ? ((char*)pw.data)[i] : 0) ^
-		 ((i < cell.length) ?
-		  tolower(((unsigned char*)cell.data)[i]) : 0);
-	password[i] = c ? c : 'X';
-    }
-    password[8] = '\0';
-
-    memcpy(key, crypt(password, "p1") + 2, sizeof(DES_cblock));
-
-    /* parity is inserted into the LSB so left shift each byte up one
-       bit. This allows ascii characters with a zero MSB to retain as
-       much significance as possible. */
-    for (i = 0; i < sizeof(DES_cblock); i++)
-	((unsigned char*)key)[i] <<= 1;
-    DES_set_odd_parity (key);
-}
-
-/*
- * Long passwords, i.e 9 characters or more.
- */
-static void
-krb5_DES_AFS3_Transarc_string_to_key (krb5_data pw,
-				 krb5_data cell,
-				 DES_cblock *key)
-{
-    DES_key_schedule schedule;
-    DES_cblock temp_key;
-    DES_cblock ivec;
-    char password[512];
-    size_t passlen;
-
-    memcpy(password, pw.data, min(pw.length, sizeof(password)));
-    if(pw.length < sizeof(password)) {
-	int len = min(cell.length, sizeof(password) - pw.length);
-	int i;
-
-	memcpy(password + pw.length, cell.data, len);
-	for (i = pw.length; i < pw.length + len; ++i)
-	    password[i] = tolower((unsigned char)password[i]);
-    }
-    passlen = min(sizeof(password), pw.length + cell.length);
-    memcpy(&ivec, "kerberos", 8);
-    memcpy(&temp_key, "kerberos", 8);
-    DES_set_odd_parity (&temp_key);
-    DES_set_key (&temp_key, &schedule);
-    DES_cbc_cksum ((void*)password, &ivec, passlen, &schedule, &ivec);
-
-    memcpy(&temp_key, &ivec, 8);
-    DES_set_odd_parity (&temp_key);
-    DES_set_key (&temp_key, &schedule);
-    DES_cbc_cksum ((void*)password, key, passlen, &schedule, &ivec);
-    memset(&schedule, 0, sizeof(schedule));
-    memset(&temp_key, 0, sizeof(temp_key));
-    memset(&ivec, 0, sizeof(ivec));
-    memset(password, 0, sizeof(password));
-
-    DES_set_odd_parity (key);
-}
-
-static krb5_error_code
-DES_AFS3_string_to_key(krb5_context context,
-		       krb5_enctype enctype,
-		       krb5_data password,
-		       krb5_salt salt,
-		       krb5_data opaque,
-		       krb5_keyblock *key)
-{
-    DES_cblock tmp;
-    if(password.length > 8)
-	krb5_DES_AFS3_Transarc_string_to_key(password, salt.saltvalue, &tmp);
-    else
-	krb5_DES_AFS3_CMU_string_to_key(password, salt.saltvalue, &tmp);
-    key->keytype = enctype;
-    krb5_data_copy(&key->keyvalue, tmp, sizeof(tmp));
-    memset(&key, 0, sizeof(key));
-    return 0;
-}
-#endif /* ENABLE_AFS_STRING_TO_KEY */
-
-static void
-DES_string_to_key_int(unsigned char *data, size_t length, DES_cblock *key)
-{
-    DES_key_schedule schedule;
-    int i;
-    int reverse = 0;
-    unsigned char *p;
-
-    unsigned char swap[] = { 0x0, 0x8, 0x4, 0xc, 0x2, 0xa, 0x6, 0xe, 
-			     0x1, 0x9, 0x5, 0xd, 0x3, 0xb, 0x7, 0xf };
-    memset(key, 0, 8);
-    
-    p = (unsigned char*)key;
-    for (i = 0; i < length; i++) {
-	unsigned char tmp = data[i];
-	if (!reverse)
-	    *p++ ^= (tmp << 1);
-	else
-	    *--p ^= (swap[tmp & 0xf] << 4) | swap[(tmp & 0xf0) >> 4];
-	if((i % 8) == 7)
-	    reverse = !reverse;
-    }
-    DES_set_odd_parity(key);
-    if(DES_is_weak_key(key))
-	(*key)[7] ^= 0xF0;
-    DES_set_key(key, &schedule);
-    DES_cbc_cksum((void*)data, key, length, &schedule, key);
-    memset(&schedule, 0, sizeof(schedule));
-    DES_set_odd_parity(key);
-    if(DES_is_weak_key(key))
-	(*key)[7] ^= 0xF0;
-}
-
-static krb5_error_code
-krb5_DES_string_to_key(krb5_context context,
-		  krb5_enctype enctype,
-		  krb5_data password,
-		  krb5_salt salt,
-		  krb5_data opaque,
-		  krb5_keyblock *key)
-{
-    unsigned char *s;
-    size_t len;
-    DES_cblock tmp;
-
-#ifdef ENABLE_AFS_STRING_TO_KEY
-    if (opaque.length == 1) {
-	unsigned long v;
-	_krb5_get_int(opaque.data, &v, 1);
-	if (v == 1)
-	    return DES_AFS3_string_to_key(context, enctype, password,
-					  salt, opaque, key);
-    }
-#endif
-
-    len = password.length + salt.saltvalue.length;
-    s = malloc(len);
-    if(len > 0 && s == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    memcpy(s, password.data, password.length);
-    memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length);
-    DES_string_to_key_int(s, len, &tmp);
-    key->keytype = enctype;
-    krb5_data_copy(&key->keyvalue, tmp, sizeof(tmp));
-    memset(&tmp, 0, sizeof(tmp));
-    memset(s, 0, len);
-    free(s);
-    return 0;
-}
-
-static void
-krb5_DES_random_to_key(krb5_context context,
-		       krb5_keyblock *key,
-		       const void *data,
-		       size_t size)
-{
-    DES_cblock *k = key->keyvalue.data;
-    memcpy(k, data, key->keyvalue.length);
-    DES_set_odd_parity(k);
-    if(DES_is_weak_key(k))
-	xor(k, (const unsigned char*)"\0\0\0\0\0\0\0\xf0");
-}
-
-/*
- *
- */
-
-static void
-DES3_random_key(krb5_context context,
-		krb5_keyblock *key)
-{
-    DES_cblock *k = key->keyvalue.data;
-    do {
-	krb5_generate_random_block(k, 3 * sizeof(DES_cblock));
-	DES_set_odd_parity(&k[0]);
-	DES_set_odd_parity(&k[1]);
-	DES_set_odd_parity(&k[2]);
-    } while(DES_is_weak_key(&k[0]) ||
-	    DES_is_weak_key(&k[1]) ||
-	    DES_is_weak_key(&k[2]));
-}
-
-static void
-DES3_schedule(krb5_context context,
-	      struct key_data *key)
-{
-    DES_cblock *k = key->key->keyvalue.data;
-    DES_key_schedule *s = key->schedule->data;
-    DES_set_key(&k[0], &s[0]);
-    DES_set_key(&k[1], &s[1]);
-    DES_set_key(&k[2], &s[2]);
-}
-
-/*
- * A = A xor B. A & B are 8 bytes.
- */
-
-static void
-xor (DES_cblock *key, const unsigned char *b)
-{
-    unsigned char *a = (unsigned char*)key;
-    a[0] ^= b[0];
-    a[1] ^= b[1];
-    a[2] ^= b[2];
-    a[3] ^= b[3];
-    a[4] ^= b[4];
-    a[5] ^= b[5];
-    a[6] ^= b[6];
-    a[7] ^= b[7];
-}
-
-static krb5_error_code
-DES3_string_to_key(krb5_context context,
-		   krb5_enctype enctype,
-		   krb5_data password,
-		   krb5_salt salt,
-		   krb5_data opaque,
-		   krb5_keyblock *key)
-{
-    char *str;
-    size_t len;
-    unsigned char tmp[24];
-    DES_cblock keys[3];
-    krb5_error_code ret;
-    
-    len = password.length + salt.saltvalue.length;
-    str = malloc(len);
-    if(len != 0 && str == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    memcpy(str, password.data, password.length);
-    memcpy(str + password.length, salt.saltvalue.data, salt.saltvalue.length);
-    {
-	DES_cblock ivec;
-	DES_key_schedule s[3];
-	int i;
-	
-	ret = _krb5_n_fold(str, len, tmp, 24);
-	if (ret) {
-	    memset(str, 0, len);
-	    free(str);
-	    krb5_set_error_string(context, "out of memory");
-	    return ret;
-	}
-	
-	for(i = 0; i < 3; i++){
-	    memcpy(keys + i, tmp + i * 8, sizeof(keys[i]));
-	    DES_set_odd_parity(keys + i);
-	    if(DES_is_weak_key(keys + i))
-		xor(keys + i, (const unsigned char*)"\0\0\0\0\0\0\0\xf0");
-	    DES_set_key(keys + i, &s[i]);
-	}
-	memset(&ivec, 0, sizeof(ivec));
-	DES_ede3_cbc_encrypt(tmp,
-			     tmp, sizeof(tmp), 
-			     &s[0], &s[1], &s[2], &ivec, DES_ENCRYPT);
-	memset(s, 0, sizeof(s));
-	memset(&ivec, 0, sizeof(ivec));
-	for(i = 0; i < 3; i++){
-	    memcpy(keys + i, tmp + i * 8, sizeof(keys[i]));
-	    DES_set_odd_parity(keys + i);
-	    if(DES_is_weak_key(keys + i))
-		xor(keys + i, (const unsigned char*)"\0\0\0\0\0\0\0\xf0");
-	}
-	memset(tmp, 0, sizeof(tmp));
-    }
-    key->keytype = enctype;
-    krb5_data_copy(&key->keyvalue, keys, sizeof(keys));
-    memset(keys, 0, sizeof(keys));
-    memset(str, 0, len);
-    free(str);
-    return 0;
-}
-
-static krb5_error_code
-DES3_string_to_key_derived(krb5_context context,
-			   krb5_enctype enctype,
-			   krb5_data password,
-			   krb5_salt salt,
-			   krb5_data opaque,
-			   krb5_keyblock *key)
-{
-    krb5_error_code ret;
-    size_t len = password.length + salt.saltvalue.length;
-    char *s;
-
-    s = malloc(len);
-    if(len != 0 && s == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    memcpy(s, password.data, password.length);
-    memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length);
-    ret = krb5_string_to_key_derived(context,
-				     s,
-				     len,
-				     enctype,
-				     key);
-    memset(s, 0, len);
-    free(s);
-    return ret;
-}
-
-static void
-DES3_random_to_key(krb5_context context,
-		   krb5_keyblock *key,
-		   const void *data,
-		   size_t size)
-{
-    unsigned char *x = key->keyvalue.data;
-    const u_char *q = data;
-    DES_cblock *k;
-    int i, j;
-
-    memset(x, 0, sizeof(x));
-    for (i = 0; i < 3; ++i) {
-	unsigned char foo;
-	for (j = 0; j < 7; ++j) {
-	    unsigned char b = q[7 * i + j];
-
-	    x[8 * i + j] = b;
-	}
-	foo = 0;
-	for (j = 6; j >= 0; --j) {
-	    foo |= q[7 * i + j] & 1;
-	    foo <<= 1;
-	}
-	x[8 * i + 7] = foo;
-    }
-    k = key->keyvalue.data;
-    for (i = 0; i < 3; i++) {
-	DES_set_odd_parity(&k[i]);
-	if(DES_is_weak_key(&k[i]))
-	    xor(&k[i], (const unsigned char*)"\0\0\0\0\0\0\0\xf0");
-    }    
-}
-
-/*
- * ARCFOUR
- */
-
-static void
-ARCFOUR_schedule(krb5_context context, 
-		 struct key_data *kd)
-{
-    RC4_set_key (kd->schedule->data,
-		 kd->key->keyvalue.length, kd->key->keyvalue.data);
-}
-
-static krb5_error_code
-ARCFOUR_string_to_key(krb5_context context,
-		  krb5_enctype enctype,
-		  krb5_data password,
-		  krb5_salt salt,
-		  krb5_data opaque,
-		  krb5_keyblock *key)
-{
-    char *s, *p;
-    size_t len;
-    int i;
-    MD4_CTX m;
-    krb5_error_code ret;
-
-    len = 2 * password.length;
-    s = malloc (len);
-    if (len != 0 && s == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	ret = ENOMEM;
-	goto out;
-    }
-    for (p = s, i = 0; i < password.length; ++i) {
-	*p++ = ((char *)password.data)[i];
-	*p++ = 0;
-    }
-    MD4_Init (&m);
-    MD4_Update (&m, s, len);
-    key->keytype = enctype;
-    ret = krb5_data_alloc (&key->keyvalue, 16);
-    if (ret) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	goto out;
-    }
-    MD4_Final (key->keyvalue.data, &m);
-    memset (s, 0, len);
-    ret = 0;
-out:
-    free (s);
-    return ret;
-}
-
-/*
- * AES
- */
-
-int _krb5_AES_string_to_default_iterator = 4096;
-
-static krb5_error_code
-AES_string_to_key(krb5_context context,
-		  krb5_enctype enctype,
-		  krb5_data password,
-		  krb5_salt salt,
-		  krb5_data opaque,
-		  krb5_keyblock *key)
-{
-    krb5_error_code ret;
-    uint32_t iter;
-    struct encryption_type *et;
-    struct key_data kd;
-
-    if (opaque.length == 0)
-	iter = _krb5_AES_string_to_default_iterator;
-    else if (opaque.length == 4) {
-	unsigned long v;
-	_krb5_get_int(opaque.data, &v, 4);
-	iter = ((uint32_t)v);
-    } else
-	return KRB5_PROG_KEYTYPE_NOSUPP; /* XXX */
-	
-    et = _find_enctype(enctype);
-    if (et == NULL)
-	return KRB5_PROG_KEYTYPE_NOSUPP;
-
-    kd.schedule = NULL;
-    ALLOC(kd.key, 1);
-    if(kd.key == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    kd.key->keytype = enctype;
-    ret = krb5_data_alloc(&kd.key->keyvalue, et->keytype->size);
-    if (ret) {
-	krb5_set_error_string(context, "Failed to allocate pkcs5 key");
-	return ret;
-    }
-
-    ret = PKCS5_PBKDF2_HMAC_SHA1(password.data, password.length,
-				 salt.saltvalue.data, salt.saltvalue.length,
-				 iter, 
-				 et->keytype->size, kd.key->keyvalue.data);
-    if (ret != 1) {
-	free_key_data(context, &kd);
-	krb5_set_error_string(context, "Error calculating s2k");
-	return KRB5_PROG_KEYTYPE_NOSUPP;
-    }
-
-    ret = derive_key(context, et, &kd, "kerberos", strlen("kerberos"));
-    if (ret == 0)
-	ret = krb5_copy_keyblock_contents(context, kd.key, key);
-    free_key_data(context, &kd);
-
-    return ret;
-}
-
-struct krb5_aes_schedule {
-    AES_KEY ekey;
-    AES_KEY dkey;
-};
-
-static void
-AES_schedule(krb5_context context,
-	     struct key_data *kd)
-{
-    struct krb5_aes_schedule *key = kd->schedule->data;
-    int bits = kd->key->keyvalue.length * 8;
-
-    memset(key, 0, sizeof(*key));
-    AES_set_encrypt_key(kd->key->keyvalue.data, bits, &key->ekey);
-    AES_set_decrypt_key(kd->key->keyvalue.data, bits, &key->dkey);
-}
-
-/*
- *
- */
-
-static struct salt_type des_salt[] = {
-    {
-	KRB5_PW_SALT,
-	"pw-salt",
-	krb5_DES_string_to_key
-    },
-#ifdef ENABLE_AFS_STRING_TO_KEY
-    {
-	KRB5_AFS3_SALT,
-	"afs3-salt",
-	DES_AFS3_string_to_key
-    },
-#endif
-    { 0 }
-};
-
-static struct salt_type des3_salt[] = {
-    {
-	KRB5_PW_SALT,
-	"pw-salt",
-	DES3_string_to_key
-    },
-    { 0 }
-};
-
-static struct salt_type des3_salt_derived[] = {
-    {
-	KRB5_PW_SALT,
-	"pw-salt",
-	DES3_string_to_key_derived
-    },
-    { 0 }
-};
-
-static struct salt_type AES_salt[] = {
-    {
-	KRB5_PW_SALT,
-	"pw-salt",
-	AES_string_to_key
-    },
-    { 0 }
-};
-
-static struct salt_type arcfour_salt[] = {
-    {
-	KRB5_PW_SALT,
-	"pw-salt",
-	ARCFOUR_string_to_key
-    },
-    { 0 }
-};
-
-/*
- *
- */
-
-static struct key_type keytype_null = {
-    KEYTYPE_NULL,
-    "null",
-    0,
-    0,
-    0,
-    NULL,
-    NULL,
-    NULL
-};
-
-static struct key_type keytype_des = {
-    KEYTYPE_DES,
-    "des",
-    56,
-    sizeof(DES_cblock),
-    sizeof(DES_key_schedule),
-    krb5_DES_random_key,
-    krb5_DES_schedule,
-    des_salt,
-    krb5_DES_random_to_key
-};
-
-static struct key_type keytype_des3 = {
-    KEYTYPE_DES3,
-    "des3",
-    168,
-    3 * sizeof(DES_cblock), 
-    3 * sizeof(DES_key_schedule), 
-    DES3_random_key,
-    DES3_schedule,
-    des3_salt,
-    DES3_random_to_key
-};
-
-static struct key_type keytype_des3_derived = {
-    KEYTYPE_DES3,
-    "des3",
-    168,
-    3 * sizeof(DES_cblock),
-    3 * sizeof(DES_key_schedule), 
-    DES3_random_key,
-    DES3_schedule,
-    des3_salt_derived,
-    DES3_random_to_key
-};
-
-static struct key_type keytype_aes128 = {
-    KEYTYPE_AES128,
-    "aes-128",
-    128,
-    16,
-    sizeof(struct krb5_aes_schedule),
-    NULL,
-    AES_schedule,
-    AES_salt
-};
-
-static struct key_type keytype_aes256 = {
-    KEYTYPE_AES256,
-    "aes-256",
-    256,
-    32,
-    sizeof(struct krb5_aes_schedule),
-    NULL,
-    AES_schedule,
-    AES_salt
-};
-
-static struct key_type keytype_arcfour = {
-    KEYTYPE_ARCFOUR,
-    "arcfour",
-    128,
-    16,
-    sizeof(RC4_KEY),
-    NULL,
-    ARCFOUR_schedule,
-    arcfour_salt
-};
-
-static struct key_type *keytypes[] = {
-    &keytype_null,
-    &keytype_des,
-    &keytype_des3_derived,
-    &keytype_des3,
-    &keytype_aes128,
-    &keytype_aes256,
-    &keytype_arcfour
-};
-
-static int num_keytypes = sizeof(keytypes) / sizeof(keytypes[0]);
-
-static struct key_type *
-_find_keytype(krb5_keytype type)
-{
-    int i;
-    for(i = 0; i < num_keytypes; i++)
-	if(keytypes[i]->type == type)
-	    return keytypes[i];
-    return NULL;
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_salttype_to_string (krb5_context context,
-			 krb5_enctype etype,
-			 krb5_salttype stype,
-			 char **string)
-{
-    struct encryption_type *e;
-    struct salt_type *st;
-
-    e = _find_enctype (etype);
-    if (e == NULL) {
-	krb5_set_error_string(context, "encryption type %d not supported",
-			      etype);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    for (st = e->keytype->string_to_key; st && st->type; st++) {
-	if (st->type == stype) {
-	    *string = strdup (st->name);
-	    if (*string == NULL) {
-		krb5_set_error_string(context, "malloc: out of memory");
-		return ENOMEM;
-	    }
-	    return 0;
-	}
-    }
-    krb5_set_error_string(context, "salttype %d not supported", stype);
-    return HEIM_ERR_SALTTYPE_NOSUPP;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_salttype (krb5_context context,
-			 krb5_enctype etype,
-			 const char *string,
-			 krb5_salttype *salttype)
-{
-    struct encryption_type *e;
-    struct salt_type *st;
-
-    e = _find_enctype (etype);
-    if (e == NULL) {
-	krb5_set_error_string(context, "encryption type %d not supported",
-			      etype);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    for (st = e->keytype->string_to_key; st && st->type; st++) {
-	if (strcasecmp (st->name, string) == 0) {
-	    *salttype = st->type;
-	    return 0;
-	}
-    }
-    krb5_set_error_string(context, "salttype %s not supported", string);
-    return HEIM_ERR_SALTTYPE_NOSUPP;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_pw_salt(krb5_context context,
-		 krb5_const_principal principal,
-		 krb5_salt *salt)
-{
-    size_t len;
-    int i;
-    krb5_error_code ret;
-    char *p;
-     
-    salt->salttype = KRB5_PW_SALT;
-    len = strlen(principal->realm);
-    for (i = 0; i < principal->name.name_string.len; ++i)
-	len += strlen(principal->name.name_string.val[i]);
-    ret = krb5_data_alloc (&salt->saltvalue, len);
-    if (ret)
-	return ret;
-    p = salt->saltvalue.data;
-    memcpy (p, principal->realm, strlen(principal->realm));
-    p += strlen(principal->realm);
-    for (i = 0; i < principal->name.name_string.len; ++i) {
-	memcpy (p,
-		principal->name.name_string.val[i],
-		strlen(principal->name.name_string.val[i]));
-	p += strlen(principal->name.name_string.val[i]);
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_free_salt(krb5_context context, 
-	       krb5_salt salt)
-{
-    krb5_data_free(&salt.saltvalue);
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_key_data (krb5_context context,
-			 krb5_enctype enctype,
-			 krb5_data password,
-			 krb5_principal principal,
-			 krb5_keyblock *key)
-{
-    krb5_error_code ret;
-    krb5_salt salt;
-
-    ret = krb5_get_pw_salt(context, principal, &salt);
-    if(ret)
-	return ret;
-    ret = krb5_string_to_key_data_salt(context, enctype, password, salt, key);
-    krb5_free_salt(context, salt);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_key (krb5_context context,
-		    krb5_enctype enctype,
-		    const char *password,
-		    krb5_principal principal,
-		    krb5_keyblock *key)
-{
-    krb5_data pw;
-    pw.data = rk_UNCONST(password);
-    pw.length = strlen(password);
-    return krb5_string_to_key_data(context, enctype, pw, principal, key);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_key_data_salt (krb5_context context,
-			      krb5_enctype enctype,
-			      krb5_data password,
-			      krb5_salt salt,
-			      krb5_keyblock *key)
-{
-    krb5_data opaque;
-    krb5_data_zero(&opaque);
-    return krb5_string_to_key_data_salt_opaque(context, enctype, password, 
-					       salt, opaque, key);
-}
-
-/*
- * Do a string -> key for encryption type `enctype' operation on
- * `password' (with salt `salt' and the enctype specific data string
- * `opaque'), returning the resulting key in `key'
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_key_data_salt_opaque (krb5_context context,
-				     krb5_enctype enctype,
-				     krb5_data password,
-				     krb5_salt salt,
-				     krb5_data opaque,
-				     krb5_keyblock *key)
-{
-    struct encryption_type *et =_find_enctype(enctype);
-    struct salt_type *st;
-    if(et == NULL) {
-	krb5_set_error_string(context, "encryption type %d not supported",
-			      enctype);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    for(st = et->keytype->string_to_key; st && st->type; st++) 
-	if(st->type == salt.salttype)
-	    return (*st->string_to_key)(context, enctype, password, 
-					salt, opaque, key);
-    krb5_set_error_string(context, "salt type %d not supported",
-			  salt.salttype);
-    return HEIM_ERR_SALTTYPE_NOSUPP;
-}
-
-/*
- * Do a string -> key for encryption type `enctype' operation on the
- * string `password' (with salt `salt'), returning the resulting key
- * in `key'
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_key_salt (krb5_context context,
-			 krb5_enctype enctype,
-			 const char *password,
-			 krb5_salt salt,
-			 krb5_keyblock *key)
-{
-    krb5_data pw;
-    pw.data = rk_UNCONST(password);
-    pw.length = strlen(password);
-    return krb5_string_to_key_data_salt(context, enctype, pw, salt, key);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_key_salt_opaque (krb5_context context,
-				krb5_enctype enctype,
-				const char *password,
-				krb5_salt salt,
-				krb5_data opaque,
-				krb5_keyblock *key)
-{
-    krb5_data pw;
-    pw.data = rk_UNCONST(password);
-    pw.length = strlen(password);
-    return krb5_string_to_key_data_salt_opaque(context, enctype, 
-					       pw, salt, opaque, key);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_keytype_to_string(krb5_context context,
-		       krb5_keytype keytype,
-		       char **string)
-{
-    struct key_type *kt = _find_keytype(keytype);
-    if(kt == NULL) {
-	krb5_set_error_string(context, "key type %d not supported", keytype);
-	return KRB5_PROG_KEYTYPE_NOSUPP;
-    }
-    *string = strdup(kt->name);
-    if(*string == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_keytype(krb5_context context,
-		       const char *string,
-		       krb5_keytype *keytype)
-{
-    int i;
-    for(i = 0; i < num_keytypes; i++)
-	if(strcasecmp(keytypes[i]->name, string) == 0){
-	    *keytype = keytypes[i]->type;
-	    return 0;
-	}
-    krb5_set_error_string(context, "key type %s not supported", string);
-    return KRB5_PROG_KEYTYPE_NOSUPP;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_enctype_keysize(krb5_context context,
-		     krb5_enctype type,
-		     size_t *keysize)
-{
-    struct encryption_type *et = _find_enctype(type);
-    if(et == NULL) {
-	krb5_set_error_string(context, "encryption type %d not supported",
-			      type);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    *keysize = et->keytype->size;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_enctype_keybits(krb5_context context,
-		     krb5_enctype type,
-		     size_t *keybits)
-{
-    struct encryption_type *et = _find_enctype(type);
-    if(et == NULL) {
-	krb5_set_error_string(context, "encryption type %d not supported",
-			      type);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    *keybits = et->keytype->bits;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_generate_random_keyblock(krb5_context context,
-			      krb5_enctype type,
-			      krb5_keyblock *key)
-{
-    krb5_error_code ret;
-    struct encryption_type *et = _find_enctype(type);
-    if(et == NULL) {
-	krb5_set_error_string(context, "encryption type %d not supported",
-			      type);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    ret = krb5_data_alloc(&key->keyvalue, et->keytype->size);
-    if(ret) 
-	return ret;
-    key->keytype = type;
-    if(et->keytype->random_key)
-	(*et->keytype->random_key)(context, key);
-    else
-	krb5_generate_random_block(key->keyvalue.data, 
-				   key->keyvalue.length);
-    return 0;
-}
-
-static krb5_error_code
-_key_schedule(krb5_context context,
-	      struct key_data *key)
-{
-    krb5_error_code ret;
-    struct encryption_type *et = _find_enctype(key->key->keytype);
-    struct key_type *kt = et->keytype;
-
-    if(kt->schedule == NULL)
-	return 0;
-    if (key->schedule != NULL)
-	return 0;
-    ALLOC(key->schedule, 1);
-    if(key->schedule == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    ret = krb5_data_alloc(key->schedule, kt->schedule_size);
-    if(ret) {
-	free(key->schedule);
-	key->schedule = NULL;
-	return ret;
-    }
-    (*kt->schedule)(context, key);
-    return 0;
-}
-
-/************************************************************
- *                                                          *
- ************************************************************/
-
-static void
-NONE_checksum(krb5_context context,
-	      struct key_data *key,
-	      const void *data,
-	      size_t len,
-	      unsigned usage,
-	      Checksum *C)
-{
-}
-
-static void
-CRC32_checksum(krb5_context context,
-	       struct key_data *key,
-	       const void *data,
-	       size_t len,
-	       unsigned usage,
-	       Checksum *C)
-{
-    uint32_t crc;
-    unsigned char *r = C->checksum.data;
-    _krb5_crc_init_table ();
-    crc = _krb5_crc_update (data, len, 0);
-    r[0] = crc & 0xff;
-    r[1] = (crc >> 8)  & 0xff;
-    r[2] = (crc >> 16) & 0xff;
-    r[3] = (crc >> 24) & 0xff;
-}
-
-static void
-RSA_MD4_checksum(krb5_context context,
-		 struct key_data *key,
-		 const void *data,
-		 size_t len,
-		 unsigned usage,
-		 Checksum *C)
-{
-    MD4_CTX m;
-
-    MD4_Init (&m);
-    MD4_Update (&m, data, len);
-    MD4_Final (C->checksum.data, &m);
-}
-
-static void
-RSA_MD4_DES_checksum(krb5_context context, 
-		     struct key_data *key,
-		     const void *data, 
-		     size_t len, 
-		     unsigned usage,
-		     Checksum *cksum)
-{
-    MD4_CTX md4;
-    DES_cblock ivec;
-    unsigned char *p = cksum->checksum.data;
-    
-    krb5_generate_random_block(p, 8);
-    MD4_Init (&md4);
-    MD4_Update (&md4, p, 8);
-    MD4_Update (&md4, data, len);
-    MD4_Final (p + 8, &md4);
-    memset (&ivec, 0, sizeof(ivec));
-    DES_cbc_encrypt(p, 
-		    p, 
-		    24, 
-		    key->schedule->data, 
-		    &ivec, 
-		    DES_ENCRYPT);
-}
-
-static krb5_error_code
-RSA_MD4_DES_verify(krb5_context context,
-		   struct key_data *key,
-		   const void *data,
-		   size_t len,
-		   unsigned usage,
-		   Checksum *C)
-{
-    MD4_CTX md4;
-    unsigned char tmp[24];
-    unsigned char res[16];
-    DES_cblock ivec;
-    krb5_error_code ret = 0;
-
-    memset(&ivec, 0, sizeof(ivec));
-    DES_cbc_encrypt(C->checksum.data,
-		    (void*)tmp, 
-		    C->checksum.length, 
-		    key->schedule->data,
-		    &ivec,
-		    DES_DECRYPT);
-    MD4_Init (&md4);
-    MD4_Update (&md4, tmp, 8); /* confounder */
-    MD4_Update (&md4, data, len);
-    MD4_Final (res, &md4);
-    if(memcmp(res, tmp + 8, sizeof(res)) != 0) {
-	krb5_clear_error_string (context);
-	ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-    }
-    memset(tmp, 0, sizeof(tmp));
-    memset(res, 0, sizeof(res));
-    return ret;
-}
-
-static void
-RSA_MD5_checksum(krb5_context context,
-		 struct key_data *key,
-		 const void *data,
-		 size_t len,
-		 unsigned usage,
-		 Checksum *C)
-{
-    MD5_CTX m;
-
-    MD5_Init  (&m);
-    MD5_Update(&m, data, len);
-    MD5_Final (C->checksum.data, &m);
-}
-
-static void
-RSA_MD5_DES_checksum(krb5_context context,
-		     struct key_data *key,
-		     const void *data,
-		     size_t len,
-		     unsigned usage,
-		     Checksum *C)
-{
-    MD5_CTX md5;
-    DES_cblock ivec;
-    unsigned char *p = C->checksum.data;
-    
-    krb5_generate_random_block(p, 8);
-    MD5_Init (&md5);
-    MD5_Update (&md5, p, 8);
-    MD5_Update (&md5, data, len);
-    MD5_Final (p + 8, &md5);
-    memset (&ivec, 0, sizeof(ivec));
-    DES_cbc_encrypt(p, 
-		    p, 
-		    24, 
-		    key->schedule->data, 
-		    &ivec, 
-		    DES_ENCRYPT);
-}
-
-static krb5_error_code
-RSA_MD5_DES_verify(krb5_context context,
-		   struct key_data *key,
-		   const void *data,
-		   size_t len,
-		   unsigned usage,
-		   Checksum *C)
-{
-    MD5_CTX md5;
-    unsigned char tmp[24];
-    unsigned char res[16];
-    DES_cblock ivec;
-    DES_key_schedule *sched = key->schedule->data;
-    krb5_error_code ret = 0;
-
-    memset(&ivec, 0, sizeof(ivec));
-    DES_cbc_encrypt(C->checksum.data, 
-		    (void*)tmp, 
-		    C->checksum.length, 
-		    &sched[0],
-		    &ivec,
-		    DES_DECRYPT);
-    MD5_Init (&md5);
-    MD5_Update (&md5, tmp, 8); /* confounder */
-    MD5_Update (&md5, data, len);
-    MD5_Final (res, &md5);
-    if(memcmp(res, tmp + 8, sizeof(res)) != 0) {
-	krb5_clear_error_string (context);
-	ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-    }
-    memset(tmp, 0, sizeof(tmp));
-    memset(res, 0, sizeof(res));
-    return ret;
-}
-
-static void
-RSA_MD5_DES3_checksum(krb5_context context,
-		      struct key_data *key,
-		      const void *data,
-		      size_t len,
-		      unsigned usage,
-		      Checksum *C)
-{
-    MD5_CTX md5;
-    DES_cblock ivec;
-    unsigned char *p = C->checksum.data;
-    DES_key_schedule *sched = key->schedule->data;
-    
-    krb5_generate_random_block(p, 8);
-    MD5_Init (&md5);
-    MD5_Update (&md5, p, 8);
-    MD5_Update (&md5, data, len);
-    MD5_Final (p + 8, &md5);
-    memset (&ivec, 0, sizeof(ivec));
-    DES_ede3_cbc_encrypt(p, 
-			 p, 
-			 24, 
-			 &sched[0], &sched[1], &sched[2],
-			 &ivec, 
-			 DES_ENCRYPT);
-}
-
-static krb5_error_code
-RSA_MD5_DES3_verify(krb5_context context,
-		    struct key_data *key,
-		    const void *data,
-		    size_t len,
-		    unsigned usage,
-		    Checksum *C)
-{
-    MD5_CTX md5;
-    unsigned char tmp[24];
-    unsigned char res[16];
-    DES_cblock ivec;
-    DES_key_schedule *sched = key->schedule->data;
-    krb5_error_code ret = 0;
-
-    memset(&ivec, 0, sizeof(ivec));
-    DES_ede3_cbc_encrypt(C->checksum.data, 
-			 (void*)tmp, 
-			 C->checksum.length, 
-			 &sched[0], &sched[1], &sched[2],
-			 &ivec,
-			 DES_DECRYPT);
-    MD5_Init (&md5);
-    MD5_Update (&md5, tmp, 8); /* confounder */
-    MD5_Update (&md5, data, len);
-    MD5_Final (res, &md5);
-    if(memcmp(res, tmp + 8, sizeof(res)) != 0) {
-	krb5_clear_error_string (context);
-	ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-    }
-    memset(tmp, 0, sizeof(tmp));
-    memset(res, 0, sizeof(res));
-    return ret;
-}
-
-static void
-SHA1_checksum(krb5_context context,
-	      struct key_data *key,
-	      const void *data,
-	      size_t len,
-	      unsigned usage,
-	      Checksum *C)
-{
-    SHA_CTX m;
-
-    SHA1_Init(&m);
-    SHA1_Update(&m, data, len);
-    SHA1_Final(C->checksum.data, &m);
-}
-
-/* HMAC according to RFC2104 */
-static krb5_error_code
-hmac(krb5_context context,
-     struct checksum_type *cm, 
-     const void *data, 
-     size_t len, 
-     unsigned usage,
-     struct key_data *keyblock,
-     Checksum *result)
-{
-    unsigned char *ipad, *opad;
-    unsigned char *key;
-    size_t key_len;
-    int i;
-    
-    ipad = malloc(cm->blocksize + len);
-    if (ipad == NULL)
-	return ENOMEM;
-    opad = malloc(cm->blocksize + cm->checksumsize);
-    if (opad == NULL) {
-	free(ipad);
-	return ENOMEM;
-    }
-    memset(ipad, 0x36, cm->blocksize);
-    memset(opad, 0x5c, cm->blocksize);
-
-    if(keyblock->key->keyvalue.length > cm->blocksize){
-	(*cm->checksum)(context, 
-			keyblock, 
-			keyblock->key->keyvalue.data, 
-			keyblock->key->keyvalue.length, 
-			usage,
-			result);
-	key = result->checksum.data;
-	key_len = result->checksum.length;
-    } else {
-	key = keyblock->key->keyvalue.data;
-	key_len = keyblock->key->keyvalue.length;
-    }
-    for(i = 0; i < key_len; i++){
-	ipad[i] ^= key[i];
-	opad[i] ^= key[i];
-    }
-    memcpy(ipad + cm->blocksize, data, len);
-    (*cm->checksum)(context, keyblock, ipad, cm->blocksize + len,
-		    usage, result);
-    memcpy(opad + cm->blocksize, result->checksum.data, 
-	   result->checksum.length);
-    (*cm->checksum)(context, keyblock, opad, 
-		    cm->blocksize + cm->checksumsize, usage, result);
-    memset(ipad, 0, cm->blocksize + len);
-    free(ipad);
-    memset(opad, 0, cm->blocksize + cm->checksumsize);
-    free(opad);
-
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_hmac(krb5_context context,
-	  krb5_cksumtype cktype,
-	  const void *data,
-	  size_t len,
-	  unsigned usage, 
-	  krb5_keyblock *key,
-	  Checksum *result)
-{
-    struct checksum_type *c = _find_checksum(cktype);
-    struct key_data kd;
-    krb5_error_code ret;
-
-    if (c == NULL) {
-	krb5_set_error_string (context, "checksum type %d not supported",
-			       cktype);
-	return KRB5_PROG_SUMTYPE_NOSUPP;
-    }
-
-    kd.key = key;
-    kd.schedule = NULL;
-
-    ret = hmac(context, c, data, len, usage, &kd, result);
-
-    if (kd.schedule)
-	krb5_free_data(context, kd.schedule);
-
-    return ret;
- }
-
-static void
-SP_HMAC_SHA1_checksum(krb5_context context,
-		      struct key_data *key, 
-		      const void *data, 
-		      size_t len, 
-		      unsigned usage,
-		      Checksum *result)
-{
-    struct checksum_type *c = _find_checksum(CKSUMTYPE_SHA1);
-    Checksum res;
-    char sha1_data[20];
-    krb5_error_code ret;
-
-    res.checksum.data = sha1_data;
-    res.checksum.length = sizeof(sha1_data);
-
-    ret = hmac(context, c, data, len, usage, key, &res);
-    if (ret)
-	krb5_abortx(context, "hmac failed");
-    memcpy(result->checksum.data, res.checksum.data, result->checksum.length);
-}
-
-/*
- * checksum according to section 5. of draft-brezak-win2k-krb-rc4-hmac-03.txt
- */
-
-static void
-HMAC_MD5_checksum(krb5_context context,
-		  struct key_data *key,
-		  const void *data,
-		  size_t len,
-		  unsigned usage,
-		  Checksum *result)
-{
-    MD5_CTX md5;
-    struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5);
-    const char signature[] = "signaturekey";
-    Checksum ksign_c;
-    struct key_data ksign;
-    krb5_keyblock kb;
-    unsigned char t[4];
-    unsigned char tmp[16];
-    unsigned char ksign_c_data[16];
-    krb5_error_code ret;
-
-    ksign_c.checksum.length = sizeof(ksign_c_data);
-    ksign_c.checksum.data   = ksign_c_data;
-    ret = hmac(context, c, signature, sizeof(signature), 0, key, &ksign_c);
-    if (ret)
-	krb5_abortx(context, "hmac failed");
-    ksign.key = &kb;
-    kb.keyvalue = ksign_c.checksum;
-    MD5_Init (&md5);
-    t[0] = (usage >>  0) & 0xFF;
-    t[1] = (usage >>  8) & 0xFF;
-    t[2] = (usage >> 16) & 0xFF;
-    t[3] = (usage >> 24) & 0xFF;
-    MD5_Update (&md5, t, 4);
-    MD5_Update (&md5, data, len);
-    MD5_Final (tmp, &md5);
-    ret = hmac(context, c, tmp, sizeof(tmp), 0, &ksign, result);
-    if (ret)
-	krb5_abortx(context, "hmac failed");
-}
-
-/*
- * same as previous but being used while encrypting.
- */
-
-static void
-HMAC_MD5_checksum_enc(krb5_context context,
-		      struct key_data *key,
-		      const void *data,
-		      size_t len,
-		      unsigned usage,
-		      Checksum *result)
-{
-    struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5);
-    Checksum ksign_c;
-    struct key_data ksign;
-    krb5_keyblock kb;
-    unsigned char t[4];
-    unsigned char ksign_c_data[16];
-    krb5_error_code ret;
-
-    t[0] = (usage >>  0) & 0xFF;
-    t[1] = (usage >>  8) & 0xFF;
-    t[2] = (usage >> 16) & 0xFF;
-    t[3] = (usage >> 24) & 0xFF;
-
-    ksign_c.checksum.length = sizeof(ksign_c_data);
-    ksign_c.checksum.data   = ksign_c_data;
-    ret = hmac(context, c, t, sizeof(t), 0, key, &ksign_c);
-    if (ret)
-	krb5_abortx(context, "hmac failed");
-    ksign.key = &kb;
-    kb.keyvalue = ksign_c.checksum;
-    ret = hmac(context, c, data, len, 0, &ksign, result);
-    if (ret)
-	krb5_abortx(context, "hmac failed");
-}
-
-static struct checksum_type checksum_none = {
-    CKSUMTYPE_NONE, 
-    "none", 
-    1, 
-    0, 
-    0,
-    NONE_checksum, 
-    NULL
-};
-static struct checksum_type checksum_crc32 = {
-    CKSUMTYPE_CRC32,
-    "crc32",
-    1,
-    4,
-    0,
-    CRC32_checksum,
-    NULL
-};
-static struct checksum_type checksum_rsa_md4 = {
-    CKSUMTYPE_RSA_MD4,
-    "rsa-md4",
-    64,
-    16,
-    F_CPROOF,
-    RSA_MD4_checksum,
-    NULL
-};
-static struct checksum_type checksum_rsa_md4_des = {
-    CKSUMTYPE_RSA_MD4_DES,
-    "rsa-md4-des",
-    64,
-    24,
-    F_KEYED | F_CPROOF | F_VARIANT,
-    RSA_MD4_DES_checksum,
-    RSA_MD4_DES_verify
-};
-#if 0
-static struct checksum_type checksum_des_mac = { 
-    CKSUMTYPE_DES_MAC,
-    "des-mac",
-    0,
-    0,
-    0,
-    DES_MAC_checksum
-};
-static struct checksum_type checksum_des_mac_k = {
-    CKSUMTYPE_DES_MAC_K,
-    "des-mac-k",
-    0,
-    0,
-    0,
-    DES_MAC_K_checksum
-};
-static struct checksum_type checksum_rsa_md4_des_k = {
-    CKSUMTYPE_RSA_MD4_DES_K, 
-    "rsa-md4-des-k", 
-    0, 
-    0, 
-    0, 
-    RSA_MD4_DES_K_checksum,
-    RSA_MD4_DES_K_verify
-};
-#endif
-static struct checksum_type checksum_rsa_md5 = {
-    CKSUMTYPE_RSA_MD5,
-    "rsa-md5",
-    64,
-    16,
-    F_CPROOF,
-    RSA_MD5_checksum,
-    NULL
-};
-static struct checksum_type checksum_rsa_md5_des = {
-    CKSUMTYPE_RSA_MD5_DES,
-    "rsa-md5-des",
-    64,
-    24,
-    F_KEYED | F_CPROOF | F_VARIANT,
-    RSA_MD5_DES_checksum,
-    RSA_MD5_DES_verify
-};
-static struct checksum_type checksum_rsa_md5_des3 = {
-    CKSUMTYPE_RSA_MD5_DES3,
-    "rsa-md5-des3",
-    64,
-    24,
-    F_KEYED | F_CPROOF | F_VARIANT,
-    RSA_MD5_DES3_checksum,
-    RSA_MD5_DES3_verify
-};
-static struct checksum_type checksum_sha1 = {
-    CKSUMTYPE_SHA1,
-    "sha1",
-    64,
-    20,
-    F_CPROOF,
-    SHA1_checksum,
-    NULL
-};
-static struct checksum_type checksum_hmac_sha1_des3 = {
-    CKSUMTYPE_HMAC_SHA1_DES3,
-    "hmac-sha1-des3",
-    64,
-    20,
-    F_KEYED | F_CPROOF | F_DERIVED,
-    SP_HMAC_SHA1_checksum,
-    NULL
-};
-
-static struct checksum_type checksum_hmac_sha1_aes128 = {
-    CKSUMTYPE_HMAC_SHA1_96_AES_128,
-    "hmac-sha1-96-aes128",
-    64,
-    12,
-    F_KEYED | F_CPROOF | F_DERIVED,
-    SP_HMAC_SHA1_checksum,
-    NULL
-};
-
-static struct checksum_type checksum_hmac_sha1_aes256 = {
-    CKSUMTYPE_HMAC_SHA1_96_AES_256,
-    "hmac-sha1-96-aes256",
-    64,
-    12,
-    F_KEYED | F_CPROOF | F_DERIVED,
-    SP_HMAC_SHA1_checksum,
-    NULL
-};
-
-static struct checksum_type checksum_hmac_md5 = {
-    CKSUMTYPE_HMAC_MD5,
-    "hmac-md5",
-    64,
-    16,
-    F_KEYED | F_CPROOF,
-    HMAC_MD5_checksum,
-    NULL
-};
-
-static struct checksum_type checksum_hmac_md5_enc = {
-    CKSUMTYPE_HMAC_MD5_ENC,
-    "hmac-md5-enc",
-    64,
-    16,
-    F_KEYED | F_CPROOF | F_PSEUDO,
-    HMAC_MD5_checksum_enc,
-    NULL
-};
-
-static struct checksum_type *checksum_types[] = {
-    &checksum_none,
-    &checksum_crc32,
-    &checksum_rsa_md4,
-    &checksum_rsa_md4_des,
-#if 0
-    &checksum_des_mac, 
-    &checksum_des_mac_k,
-    &checksum_rsa_md4_des_k,
-#endif
-    &checksum_rsa_md5,
-    &checksum_rsa_md5_des,
-    &checksum_rsa_md5_des3,
-    &checksum_sha1,
-    &checksum_hmac_sha1_des3,
-    &checksum_hmac_sha1_aes128,
-    &checksum_hmac_sha1_aes256,
-    &checksum_hmac_md5,
-    &checksum_hmac_md5_enc
-};
-
-static int num_checksums = sizeof(checksum_types) / sizeof(checksum_types[0]);
-
-static struct checksum_type *
-_find_checksum(krb5_cksumtype type)
-{
-    int i;
-    for(i = 0; i < num_checksums; i++)
-	if(checksum_types[i]->type == type)
-	    return checksum_types[i];
-    return NULL;
-}
-
-static krb5_error_code
-get_checksum_key(krb5_context context, 
-		 krb5_crypto crypto,
-		 unsigned usage,  /* not krb5_key_usage */
-		 struct checksum_type *ct, 
-		 struct key_data **key)
-{
-    krb5_error_code ret = 0;
-
-    if(ct->flags & F_DERIVED)
-	ret = _get_derived_key(context, crypto, usage, key);
-    else if(ct->flags & F_VARIANT) {
-	int i;
-
-	*key = _new_derived_key(crypto, 0xff/* KRB5_KU_RFC1510_VARIANT */);
-	if(*key == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	ret = krb5_copy_keyblock(context, crypto->key.key, &(*key)->key);
-	if(ret) 
-	    return ret;
-	for(i = 0; i < (*key)->key->keyvalue.length; i++)
-	    ((unsigned char*)(*key)->key->keyvalue.data)[i] ^= 0xF0;
-    } else {
-	*key = &crypto->key; 
-    }
-    if(ret == 0)
-	ret = _key_schedule(context, *key);
-    return ret;
-}
-
-static krb5_error_code
-create_checksum (krb5_context context,
-		 struct checksum_type *ct,
-		 krb5_crypto crypto,
-		 unsigned usage,
-		 void *data,
-		 size_t len,
-		 Checksum *result)
-{
-    krb5_error_code ret;
-    struct key_data *dkey;
-    int keyed_checksum;
-    
-    if (ct->flags & F_DISABLED) {
-	krb5_clear_error_string (context);
-	return KRB5_PROG_SUMTYPE_NOSUPP;
-    }
-    keyed_checksum = (ct->flags & F_KEYED) != 0;
-    if(keyed_checksum && crypto == NULL) {
-	krb5_set_error_string (context, "Checksum type %s is keyed "
-			       "but no crypto context (key) was passed in",
-			       ct->name);
-	return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */
-    }
-    if(keyed_checksum) {
-	ret = get_checksum_key(context, crypto, usage, ct, &dkey);
-	if (ret)
-	    return ret;
-    } else
-	dkey = NULL;
-    result->cksumtype = ct->type;
-    ret = krb5_data_alloc(&result->checksum, ct->checksumsize);
-    if (ret)
-	return (ret);
-    (*ct->checksum)(context, dkey, data, len, usage, result);
-    return 0;
-}
-
-static int
-arcfour_checksum_p(struct checksum_type *ct, krb5_crypto crypto)
-{
-    return (ct->type == CKSUMTYPE_HMAC_MD5) &&
-	(crypto->key.key->keytype == KEYTYPE_ARCFOUR);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_create_checksum(krb5_context context,
-		     krb5_crypto crypto,
-		     krb5_key_usage usage,
-		     int type,
-		     void *data,
-		     size_t len,
-		     Checksum *result)
-{
-    struct checksum_type *ct = NULL;
-    unsigned keyusage;
-
-    /* type 0 -> pick from crypto */
-    if (type) {
-	ct = _find_checksum(type);
-    } else if (crypto) {
-	ct = crypto->et->keyed_checksum;
-	if (ct == NULL)
-	    ct = crypto->et->checksum;
-    }
-
-    if(ct == NULL) {
-	krb5_set_error_string (context, "checksum type %d not supported",
-			       type);
-	return KRB5_PROG_SUMTYPE_NOSUPP;
-    }
-
-    if (arcfour_checksum_p(ct, crypto)) {
-	keyusage = usage;
-	usage2arcfour(context, &keyusage);
-    } else
-	keyusage = CHECKSUM_USAGE(usage);
-
-    return create_checksum(context, ct, crypto, keyusage,
-			   data, len, result);
-}
-
-static krb5_error_code
-verify_checksum(krb5_context context,
-		krb5_crypto crypto,
-		unsigned usage, /* not krb5_key_usage */
-		void *data,
-		size_t len,
-		Checksum *cksum)
-{
-    krb5_error_code ret;
-    struct key_data *dkey;
-    int keyed_checksum;
-    Checksum c;
-    struct checksum_type *ct;
-
-    ct = _find_checksum(cksum->cksumtype);
-    if (ct == NULL || (ct->flags & F_DISABLED)) {
-	krb5_set_error_string (context, "checksum type %d not supported",
-			       cksum->cksumtype);
-	return KRB5_PROG_SUMTYPE_NOSUPP;
-    }
-    if(ct->checksumsize != cksum->checksum.length) {
-	krb5_clear_error_string (context);
-	return KRB5KRB_AP_ERR_BAD_INTEGRITY; /* XXX */
-    }
-    keyed_checksum = (ct->flags & F_KEYED) != 0;
-    if(keyed_checksum && crypto == NULL) {
-	krb5_set_error_string (context, "Checksum type %s is keyed "
-			       "but no crypto context (key) was passed in",
-			       ct->name);
-	return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */
-    }
-    if(keyed_checksum)
-	ret = get_checksum_key(context, crypto, usage, ct, &dkey);
-    else
-	dkey = NULL;
-    if(ct->verify)
-	return (*ct->verify)(context, dkey, data, len, usage, cksum);
-
-    ret = krb5_data_alloc (&c.checksum, ct->checksumsize);
-    if (ret)
-	return ret;
-
-    (*ct->checksum)(context, dkey, data, len, usage, &c);
-
-    if(c.checksum.length != cksum->checksum.length || 
-       memcmp(c.checksum.data, cksum->checksum.data, c.checksum.length)) {
-	krb5_clear_error_string (context);
-	ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-    } else {
-	ret = 0;
-    }
-    krb5_data_free (&c.checksum);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_verify_checksum(krb5_context context,
-		     krb5_crypto crypto,
-		     krb5_key_usage usage, 
-		     void *data,
-		     size_t len,
-		     Checksum *cksum)
-{
-    struct checksum_type *ct;
-    unsigned keyusage;
-
-    ct = _find_checksum(cksum->cksumtype);
-    if(ct == NULL) {
-	krb5_set_error_string (context, "checksum type %d not supported",
-			       cksum->cksumtype);
-	return KRB5_PROG_SUMTYPE_NOSUPP;
-    }
-
-    if (arcfour_checksum_p(ct, crypto)) {
-	keyusage = usage;
-	usage2arcfour(context, &keyusage);
-    } else
-	keyusage = CHECKSUM_USAGE(usage);
-
-    return verify_checksum(context, crypto, keyusage,
-			   data, len, cksum);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_crypto_get_checksum_type(krb5_context context,
-                              krb5_crypto crypto,
-			      krb5_cksumtype *type)
-{
-    struct checksum_type *ct = NULL;
-    
-    if (crypto != NULL) {
-        ct = crypto->et->keyed_checksum;
-        if (ct == NULL)
-            ct = crypto->et->checksum;
-    }
-    
-    if (ct == NULL) {
-	krb5_set_error_string (context, "checksum type not found");
-        return KRB5_PROG_SUMTYPE_NOSUPP;
-    }    
-
-    *type = ct->type;
-    
-    return 0;      
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_checksumsize(krb5_context context,
-		  krb5_cksumtype type,
-		  size_t *size)
-{
-    struct checksum_type *ct = _find_checksum(type);
-    if(ct == NULL) {
-	krb5_set_error_string (context, "checksum type %d not supported",
-			       type);
-	return KRB5_PROG_SUMTYPE_NOSUPP;
-    }
-    *size = ct->checksumsize;
-    return 0;
-}
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_checksum_is_keyed(krb5_context context,
-		       krb5_cksumtype type)
-{
-    struct checksum_type *ct = _find_checksum(type);
-    if(ct == NULL) {
-	if (context)
-	    krb5_set_error_string (context, "checksum type %d not supported",
-				   type);
-	return KRB5_PROG_SUMTYPE_NOSUPP;
-    }
-    return ct->flags & F_KEYED;
-}
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_checksum_is_collision_proof(krb5_context context,
-				 krb5_cksumtype type)
-{
-    struct checksum_type *ct = _find_checksum(type);
-    if(ct == NULL) {
-	if (context)
-	    krb5_set_error_string (context, "checksum type %d not supported",
-				   type);
-	return KRB5_PROG_SUMTYPE_NOSUPP;
-    }
-    return ct->flags & F_CPROOF;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_checksum_disable(krb5_context context,
-		      krb5_cksumtype type)
-{
-    struct checksum_type *ct = _find_checksum(type);
-    if(ct == NULL) {
-	if (context)
-	    krb5_set_error_string (context, "checksum type %d not supported",
-				   type);
-	return KRB5_PROG_SUMTYPE_NOSUPP;
-    }
-    ct->flags |= F_DISABLED;
-    return 0;
-}
-
-/************************************************************
- *                                                          *
- ************************************************************/
-
-static krb5_error_code
-NULL_encrypt(krb5_context context,
-	     struct key_data *key, 
-	     void *data, 
-	     size_t len, 
-	     krb5_boolean encryptp,
-	     int usage,
-	     void *ivec)
-{
-    return 0;
-}
-
-static krb5_error_code
-DES_CBC_encrypt_null_ivec(krb5_context context,
-			  struct key_data *key, 
-			  void *data, 
-			  size_t len, 
-			  krb5_boolean encryptp,
-			  int usage,
-			  void *ignore_ivec)
-{
-    DES_cblock ivec;
-    DES_key_schedule *s = key->schedule->data;
-    memset(&ivec, 0, sizeof(ivec));
-    DES_cbc_encrypt(data, data, len, s, &ivec, encryptp);
-    return 0;
-}
-
-static krb5_error_code
-DES_CBC_encrypt_key_ivec(krb5_context context,
-			 struct key_data *key, 
-			 void *data, 
-			 size_t len, 
-			 krb5_boolean encryptp,
-			 int usage,
-			 void *ignore_ivec)
-{
-    DES_cblock ivec;
-    DES_key_schedule *s = key->schedule->data;
-    memcpy(&ivec, key->key->keyvalue.data, sizeof(ivec));
-    DES_cbc_encrypt(data, data, len, s, &ivec, encryptp);
-    return 0;
-}
-
-static krb5_error_code
-DES3_CBC_encrypt(krb5_context context,
-		 struct key_data *key, 
-		 void *data, 
-		 size_t len, 
-		 krb5_boolean encryptp,
-		 int usage,
-		 void *ivec)
-{
-    DES_cblock local_ivec;
-    DES_key_schedule *s = key->schedule->data;
-    if(ivec == NULL) {
-	ivec = &local_ivec;
-	memset(local_ivec, 0, sizeof(local_ivec));
-    }
-    DES_ede3_cbc_encrypt(data, data, len, &s[0], &s[1], &s[2], ivec, encryptp);
-    return 0;
-}
-
-static krb5_error_code
-DES_CFB64_encrypt_null_ivec(krb5_context context,
-			    struct key_data *key, 
-			    void *data, 
-			    size_t len, 
-			    krb5_boolean encryptp,
-			    int usage,
-			    void *ignore_ivec)
-{
-    DES_cblock ivec;
-    int num = 0;
-    DES_key_schedule *s = key->schedule->data;
-    memset(&ivec, 0, sizeof(ivec));
-
-    DES_cfb64_encrypt(data, data, len, s, &ivec, &num, encryptp);
-    return 0;
-}
-
-static krb5_error_code
-DES_PCBC_encrypt_key_ivec(krb5_context context,
-			  struct key_data *key, 
-			  void *data, 
-			  size_t len, 
-			  krb5_boolean encryptp,
-			  int usage,
-			  void *ignore_ivec)
-{
-    DES_cblock ivec;
-    DES_key_schedule *s = key->schedule->data;
-    memcpy(&ivec, key->key->keyvalue.data, sizeof(ivec));
-
-    DES_pcbc_encrypt(data, data, len, s, &ivec, encryptp);
-    return 0;
-}
-
-/*
- * AES draft-raeburn-krb-rijndael-krb-02
- */
-
-void KRB5_LIB_FUNCTION
-_krb5_aes_cts_encrypt(const unsigned char *in, unsigned char *out,
-		      size_t len, const AES_KEY *key,
-		      unsigned char *ivec, const int encryptp)
-{
-    unsigned char tmp[AES_BLOCK_SIZE];
-    int i;
-
-    /*
-     * In the framework of kerberos, the length can never be shorter
-     * then at least one blocksize.
-     */
-
-    if (encryptp) {
-
-	while(len > AES_BLOCK_SIZE) {
-	    for (i = 0; i < AES_BLOCK_SIZE; i++)
-		tmp[i] = in[i] ^ ivec[i];
-	    AES_encrypt(tmp, out, key);
-	    memcpy(ivec, out, AES_BLOCK_SIZE);
-	    len -= AES_BLOCK_SIZE;
-	    in += AES_BLOCK_SIZE;
-	    out += AES_BLOCK_SIZE;
-	}
-
-	for (i = 0; i < len; i++)
-	    tmp[i] = in[i] ^ ivec[i];
-	for (; i < AES_BLOCK_SIZE; i++)
-	    tmp[i] = 0 ^ ivec[i];
-
-	AES_encrypt(tmp, out - AES_BLOCK_SIZE, key);
-
-	memcpy(out, ivec, len);
-	memcpy(ivec, out - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
-
-    } else {
-	unsigned char tmp2[AES_BLOCK_SIZE];
-	unsigned char tmp3[AES_BLOCK_SIZE];
-
-	while(len > AES_BLOCK_SIZE * 2) {
-	    memcpy(tmp, in, AES_BLOCK_SIZE);
-	    AES_decrypt(in, out, key);
-	    for (i = 0; i < AES_BLOCK_SIZE; i++)
-		out[i] ^= ivec[i];
-	    memcpy(ivec, tmp, AES_BLOCK_SIZE);
-	    len -= AES_BLOCK_SIZE;
-	    in += AES_BLOCK_SIZE;
-	    out += AES_BLOCK_SIZE;
-	}
-
-	len -= AES_BLOCK_SIZE;
-
-	memcpy(tmp, in, AES_BLOCK_SIZE); /* save last iv */
-	AES_decrypt(in, tmp2, key);
-
-	memcpy(tmp3, in + AES_BLOCK_SIZE, len);
-	memcpy(tmp3 + len, tmp2 + len, AES_BLOCK_SIZE - len); /* xor 0 */
-
-	for (i = 0; i < len; i++)
-	    out[i + AES_BLOCK_SIZE] = tmp2[i] ^ tmp3[i];
-
-	AES_decrypt(tmp3, out, key);
-	for (i = 0; i < AES_BLOCK_SIZE; i++)
-	    out[i] ^= ivec[i];
-	memcpy(ivec, tmp, AES_BLOCK_SIZE);
-    }
-}
-
-static krb5_error_code
-AES_CTS_encrypt(krb5_context context,
-		struct key_data *key,
-		void *data,
-		size_t len,
-		krb5_boolean encryptp,
-		int usage,
-		void *ivec)
-{
-    struct krb5_aes_schedule *aeskey = key->schedule->data;
-    char local_ivec[AES_BLOCK_SIZE];
-    AES_KEY *k;
-
-    if (encryptp)
-	k = &aeskey->ekey;
-    else
-	k = &aeskey->dkey;
-    
-    if (len < AES_BLOCK_SIZE)
-	krb5_abortx(context, "invalid use of AES_CTS_encrypt");
-    if (len == AES_BLOCK_SIZE) {
-	if (encryptp)
-	    AES_encrypt(data, data, k);
-	else
-	    AES_decrypt(data, data, k);
-    } else {
-	if(ivec == NULL) {
-	    memset(local_ivec, 0, sizeof(local_ivec));
-	    ivec = local_ivec;
-	}
-	_krb5_aes_cts_encrypt(data, data, len, k, ivec, encryptp);
-    }
-
-    return 0;
-}
-
-/*
- * section 6 of draft-brezak-win2k-krb-rc4-hmac-03
- *
- * warning: not for small children
- */
-
-static krb5_error_code
-ARCFOUR_subencrypt(krb5_context context,
-		   struct key_data *key,
-		   void *data,
-		   size_t len,
-		   unsigned usage,
-		   void *ivec)
-{
-    struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5);
-    Checksum k1_c, k2_c, k3_c, cksum;
-    struct key_data ke;
-    krb5_keyblock kb;
-    unsigned char t[4];
-    RC4_KEY rc4_key;
-    unsigned char *cdata = data;
-    unsigned char k1_c_data[16], k2_c_data[16], k3_c_data[16];
-    krb5_error_code ret;
-
-    t[0] = (usage >>  0) & 0xFF;
-    t[1] = (usage >>  8) & 0xFF;
-    t[2] = (usage >> 16) & 0xFF;
-    t[3] = (usage >> 24) & 0xFF;
-
-    k1_c.checksum.length = sizeof(k1_c_data);
-    k1_c.checksum.data   = k1_c_data;
-
-    ret = hmac(NULL, c, t, sizeof(t), 0, key, &k1_c);
-    if (ret)
-	krb5_abortx(context, "hmac failed");
-
-    memcpy (k2_c_data, k1_c_data, sizeof(k1_c_data));
-
-    k2_c.checksum.length = sizeof(k2_c_data);
-    k2_c.checksum.data   = k2_c_data;
-
-    ke.key = &kb;
-    kb.keyvalue = k2_c.checksum;
-
-    cksum.checksum.length = 16;
-    cksum.checksum.data   = data;
-
-    ret = hmac(NULL, c, cdata + 16, len - 16, 0, &ke, &cksum);
-    if (ret)
-	krb5_abortx(context, "hmac failed");
-
-    ke.key = &kb;
-    kb.keyvalue = k1_c.checksum;
-
-    k3_c.checksum.length = sizeof(k3_c_data);
-    k3_c.checksum.data   = k3_c_data;
-
-    ret = hmac(NULL, c, data, 16, 0, &ke, &k3_c);
-    if (ret)
-	krb5_abortx(context, "hmac failed");
-
-    RC4_set_key (&rc4_key, k3_c.checksum.length, k3_c.checksum.data);
-    RC4 (&rc4_key, len - 16, cdata + 16, cdata + 16);
-    memset (k1_c_data, 0, sizeof(k1_c_data));
-    memset (k2_c_data, 0, sizeof(k2_c_data));
-    memset (k3_c_data, 0, sizeof(k3_c_data));
-    return 0;
-}
-
-static krb5_error_code
-ARCFOUR_subdecrypt(krb5_context context,
-		   struct key_data *key,
-		   void *data,
-		   size_t len,
-		   unsigned usage,
-		   void *ivec)
-{
-    struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5);
-    Checksum k1_c, k2_c, k3_c, cksum;
-    struct key_data ke;
-    krb5_keyblock kb;
-    unsigned char t[4];
-    RC4_KEY rc4_key;
-    unsigned char *cdata = data;
-    unsigned char k1_c_data[16], k2_c_data[16], k3_c_data[16];
-    unsigned char cksum_data[16];
-    krb5_error_code ret;
-
-    t[0] = (usage >>  0) & 0xFF;
-    t[1] = (usage >>  8) & 0xFF;
-    t[2] = (usage >> 16) & 0xFF;
-    t[3] = (usage >> 24) & 0xFF;
-
-    k1_c.checksum.length = sizeof(k1_c_data);
-    k1_c.checksum.data   = k1_c_data;
-
-    ret = hmac(NULL, c, t, sizeof(t), 0, key, &k1_c);
-    if (ret)
-	krb5_abortx(context, "hmac failed");
-
-    memcpy (k2_c_data, k1_c_data, sizeof(k1_c_data));
-
-    k2_c.checksum.length = sizeof(k2_c_data);
-    k2_c.checksum.data   = k2_c_data;
-
-    ke.key = &kb;
-    kb.keyvalue = k1_c.checksum;
-
-    k3_c.checksum.length = sizeof(k3_c_data);
-    k3_c.checksum.data   = k3_c_data;
-
-    ret = hmac(NULL, c, cdata, 16, 0, &ke, &k3_c);
-    if (ret)
-	krb5_abortx(context, "hmac failed");
-
-    RC4_set_key (&rc4_key, k3_c.checksum.length, k3_c.checksum.data);
-    RC4 (&rc4_key, len - 16, cdata + 16, cdata + 16);
-
-    ke.key = &kb;
-    kb.keyvalue = k2_c.checksum;
-
-    cksum.checksum.length = 16;
-    cksum.checksum.data   = cksum_data;
-
-    ret = hmac(NULL, c, cdata + 16, len - 16, 0, &ke, &cksum);
-    if (ret)
-	krb5_abortx(context, "hmac failed");
-
-    memset (k1_c_data, 0, sizeof(k1_c_data));
-    memset (k2_c_data, 0, sizeof(k2_c_data));
-    memset (k3_c_data, 0, sizeof(k3_c_data));
-
-    if (memcmp (cksum.checksum.data, data, 16) != 0) {
-	krb5_clear_error_string (context);
-	return KRB5KRB_AP_ERR_BAD_INTEGRITY;
-    } else {
-	return 0;
-    }
-}
-
-/*
- * convert the usage numbers used in
- * draft-ietf-cat-kerb-key-derivation-00.txt to the ones in
- * draft-brezak-win2k-krb-rc4-hmac-04.txt
- */
-
-static krb5_error_code
-usage2arcfour (krb5_context context, unsigned *usage)
-{
-    switch (*usage) {
-    case KRB5_KU_AS_REP_ENC_PART : /* 3 */
-    case KRB5_KU_TGS_REP_ENC_PART_SUB_KEY : /* 9 */
-	*usage = 8;
-	return 0;
-    case KRB5_KU_USAGE_SEAL :  /* 22 */
-	*usage = 13;
-	return 0;
-    case KRB5_KU_USAGE_SIGN : /* 23 */
-        *usage = 15;
-        return 0;
-    case KRB5_KU_USAGE_SEQ: /* 24 */
-	*usage = 0;
-	return 0;
-    default :
-	return 0;
-    }
-}
-
-static krb5_error_code
-ARCFOUR_encrypt(krb5_context context,
-		struct key_data *key,
-		void *data,
-		size_t len,
-		krb5_boolean encryptp,
-		int usage,
-		void *ivec)
-{
-    krb5_error_code ret;
-    unsigned keyusage = usage;
-
-    if((ret = usage2arcfour (context, &keyusage)) != 0)
-	return ret;
-
-    if (encryptp)
-	return ARCFOUR_subencrypt (context, key, data, len, keyusage, ivec);
-    else
-	return ARCFOUR_subdecrypt (context, key, data, len, keyusage, ivec);
-}
-
-
-/*
- *
- */
-
-static krb5_error_code
-AES_PRF(krb5_context context,
-	krb5_crypto crypto,
-	const krb5_data *in,
-	krb5_data *out)
-{
-    struct checksum_type *ct = crypto->et->checksum;
-    krb5_error_code ret;
-    Checksum result;
-    krb5_keyblock *derived;
-
-    result.cksumtype = ct->type;
-    ret = krb5_data_alloc(&result.checksum, ct->checksumsize);
-    if (ret) {
-	krb5_set_error_string(context, "out memory");
-	return ret;
-    }
-
-    (*ct->checksum)(context, NULL, in->data, in->length, 0, &result);
-
-    if (result.checksum.length < crypto->et->blocksize)
-	krb5_abortx(context, "internal prf error");
-
-    derived = NULL;
-    ret = krb5_derive_key(context, crypto->key.key, 
-			  crypto->et->type, "prf", 3, &derived);
-    if (ret)
-	krb5_abortx(context, "krb5_derive_key");
-
-    ret = krb5_data_alloc(out, crypto->et->blocksize);
-    if (ret)
-	krb5_abortx(context, "malloc failed");
-    
-    { 
-	AES_KEY key;
-
-	AES_set_encrypt_key(derived->keyvalue.data, 
-			    crypto->et->keytype->bits, &key);
-	AES_encrypt(result.checksum.data, out->data, &key);
-	memset(&key, 0, sizeof(key));
-    }
-
-    krb5_data_free(&result.checksum);
-    krb5_free_keyblock(context, derived);
-
-    return ret;
-}
-
-/*
- * these should currently be in reverse preference order.
- * (only relevant for !F_PSEUDO) */
-
-static struct encryption_type enctype_null = {
-    ETYPE_NULL,
-    "null",
-    NULL,
-    1,
-    1,
-    0,
-    &keytype_null,
-    &checksum_none,
-    NULL,
-    F_DISABLED,
-    NULL_encrypt,
-    0,
-    NULL
-};
-static struct encryption_type enctype_des_cbc_crc = {
-    ETYPE_DES_CBC_CRC,
-    "des-cbc-crc",
-    NULL,
-    8,
-    8,
-    8,
-    &keytype_des,
-    &checksum_crc32,
-    NULL,
-    0,
-    DES_CBC_encrypt_key_ivec,
-    0,
-    NULL
-};
-static struct encryption_type enctype_des_cbc_md4 = {
-    ETYPE_DES_CBC_MD4,
-    "des-cbc-md4",
-    NULL,
-    8,
-    8,
-    8,
-    &keytype_des,
-    &checksum_rsa_md4,
-    &checksum_rsa_md4_des,
-    0,
-    DES_CBC_encrypt_null_ivec,
-    0,
-    NULL
-};
-static struct encryption_type enctype_des_cbc_md5 = {
-    ETYPE_DES_CBC_MD5,
-    "des-cbc-md5",
-    NULL,
-    8,
-    8,
-    8,
-    &keytype_des,
-    &checksum_rsa_md5,
-    &checksum_rsa_md5_des,
-    0,
-    DES_CBC_encrypt_null_ivec,
-    0,
-    NULL
-};
-static struct encryption_type enctype_arcfour_hmac_md5 = {
-    ETYPE_ARCFOUR_HMAC_MD5,
-    "arcfour-hmac-md5",
-    NULL,
-    1,
-    1,
-    8,
-    &keytype_arcfour,
-    &checksum_hmac_md5,
-    NULL,
-    F_SPECIAL,
-    ARCFOUR_encrypt,
-    0,
-    NULL
-};
-static struct encryption_type enctype_des3_cbc_md5 = { 
-    ETYPE_DES3_CBC_MD5,
-    "des3-cbc-md5",
-    NULL,
-    8,
-    8,
-    8,
-    &keytype_des3,
-    &checksum_rsa_md5,
-    &checksum_rsa_md5_des3,
-    0,
-    DES3_CBC_encrypt,
-    0,
-    NULL
-};
-static struct encryption_type enctype_des3_cbc_sha1 = {
-    ETYPE_DES3_CBC_SHA1,
-    "des3-cbc-sha1",
-    NULL,
-    8,
-    8,
-    8,
-    &keytype_des3_derived,
-    &checksum_sha1,
-    &checksum_hmac_sha1_des3,
-    F_DERIVED,
-    DES3_CBC_encrypt,
-    0,
-    NULL
-};
-static struct encryption_type enctype_old_des3_cbc_sha1 = {
-    ETYPE_OLD_DES3_CBC_SHA1,
-    "old-des3-cbc-sha1",
-    NULL,
-    8,
-    8,
-    8,
-    &keytype_des3,
-    &checksum_sha1,
-    &checksum_hmac_sha1_des3,
-    0,
-    DES3_CBC_encrypt,
-    0,
-    NULL
-};
-static struct encryption_type enctype_aes128_cts_hmac_sha1 = {
-    ETYPE_AES128_CTS_HMAC_SHA1_96,
-    "aes128-cts-hmac-sha1-96",
-    NULL,
-    16,
-    1,
-    16,
-    &keytype_aes128,
-    &checksum_sha1,
-    &checksum_hmac_sha1_aes128,
-    F_DERIVED,
-    AES_CTS_encrypt,
-    16,
-    AES_PRF
-};
-static struct encryption_type enctype_aes256_cts_hmac_sha1 = {
-    ETYPE_AES256_CTS_HMAC_SHA1_96,
-    "aes256-cts-hmac-sha1-96",
-    NULL,
-    16,
-    1,
-    16,
-    &keytype_aes256,
-    &checksum_sha1,
-    &checksum_hmac_sha1_aes256,
-    F_DERIVED,
-    AES_CTS_encrypt,
-    16,
-    AES_PRF
-};
-static struct encryption_type enctype_des_cbc_none = {
-    ETYPE_DES_CBC_NONE,
-    "des-cbc-none",
-    NULL,
-    8,
-    8,
-    0,
-    &keytype_des,
-    &checksum_none,
-    NULL,
-    F_PSEUDO,
-    DES_CBC_encrypt_null_ivec,
-    0,
-    NULL
-};
-static struct encryption_type enctype_des_cfb64_none = {
-    ETYPE_DES_CFB64_NONE,
-    "des-cfb64-none",
-    NULL,
-    1,
-    1,
-    0,
-    &keytype_des,
-    &checksum_none,
-    NULL,
-    F_PSEUDO,
-    DES_CFB64_encrypt_null_ivec,
-    0,
-    NULL
-};
-static struct encryption_type enctype_des_pcbc_none = {
-    ETYPE_DES_PCBC_NONE,
-    "des-pcbc-none",
-    NULL,
-    8,
-    8,
-    0,
-    &keytype_des,
-    &checksum_none,
-    NULL,
-    F_PSEUDO,
-    DES_PCBC_encrypt_key_ivec,
-    0,
-    NULL
-};
-static struct encryption_type enctype_des3_cbc_none = {
-    ETYPE_DES3_CBC_NONE,
-    "des3-cbc-none",
-    NULL,
-    8,
-    8,
-    0,
-    &keytype_des3_derived,
-    &checksum_none,
-    NULL,
-    F_PSEUDO,
-    DES3_CBC_encrypt,
-    0,
-    NULL
-};
-
-static struct encryption_type *etypes[] = {
-    &enctype_null,
-    &enctype_des_cbc_crc,
-    &enctype_des_cbc_md4,
-    &enctype_des_cbc_md5,
-    &enctype_arcfour_hmac_md5,
-    &enctype_des3_cbc_md5, 
-    &enctype_des3_cbc_sha1,
-    &enctype_old_des3_cbc_sha1,
-    &enctype_aes128_cts_hmac_sha1,
-    &enctype_aes256_cts_hmac_sha1,
-    &enctype_des_cbc_none,
-    &enctype_des_cfb64_none,
-    &enctype_des_pcbc_none,
-    &enctype_des3_cbc_none
-};
-
-static unsigned num_etypes = sizeof(etypes) / sizeof(etypes[0]);
-
-
-static struct encryption_type *
-_find_enctype(krb5_enctype type)
-{
-    int i;
-    for(i = 0; i < num_etypes; i++)
-	if(etypes[i]->type == type)
-	    return etypes[i];
-    return NULL;
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_enctype_to_string(krb5_context context,
-		       krb5_enctype etype,
-		       char **string)
-{
-    struct encryption_type *e;
-    e = _find_enctype(etype);
-    if(e == NULL) {
-	krb5_set_error_string (context, "encryption type %d not supported",
-			       etype);
-	*string = NULL;
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    *string = strdup(e->name);
-    if(*string == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_enctype(krb5_context context,
-		       const char *string,
-		       krb5_enctype *etype)
-{
-    int i;
-    for(i = 0; i < num_etypes; i++)
-	if(strcasecmp(etypes[i]->name, string) == 0){
-	    *etype = etypes[i]->type;
-	    return 0;
-	}
-    krb5_set_error_string (context, "encryption type %s not supported",
-			   string);
-    return KRB5_PROG_ETYPE_NOSUPP;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_enctype_to_oid(krb5_context context,
-		    krb5_enctype etype,
-		    heim_oid *oid)
-{
-    struct encryption_type *et = _find_enctype(etype);
-    if(et == NULL) {
-	krb5_set_error_string (context, "encryption type %d not supported",
-			       etype);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    if(et->oid == NULL) {
-	krb5_set_error_string (context, "%s have not oid", et->name);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    krb5_clear_error_string(context);
-    return der_copy_oid(et->oid, oid);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_oid_to_enctype(krb5_context context,
-		     const heim_oid *oid,
-		     krb5_enctype *etype)
-{
-    int i;
-    for(i = 0; i < num_etypes; i++) {
-	if(etypes[i]->oid && der_heim_oid_cmp(etypes[i]->oid, oid) == 0) {
-	    *etype = etypes[i]->type;
-	    return 0;
-	}
-    }
-    krb5_set_error_string(context, "enctype for oid not supported");
-    return KRB5_PROG_ETYPE_NOSUPP;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_enctype_to_keytype(krb5_context context,
-			krb5_enctype etype,
-			krb5_keytype *keytype)
-{
-    struct encryption_type *e = _find_enctype(etype);
-    if(e == NULL) {
-	krb5_set_error_string (context, "encryption type %d not supported",
-			       etype);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    *keytype = e->keytype->type; /* XXX */
-    return 0;
-}
-
-#if 0
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_keytype_to_enctype(krb5_context context,
-			krb5_keytype keytype,
-			krb5_enctype *etype)
-{
-    struct key_type *kt = _find_keytype(keytype);
-    krb5_warnx(context, "krb5_keytype_to_enctype(%u)", keytype);
-    if(kt == NULL)
-	return KRB5_PROG_KEYTYPE_NOSUPP;
-    *etype = kt->best_etype;
-    return 0;
-}
-#endif
-    
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_keytype_to_enctypes (krb5_context context,
-			  krb5_keytype keytype,
-			  unsigned *len,
-			  krb5_enctype **val)
-{
-    int i;
-    unsigned n = 0;
-    krb5_enctype *ret;
-
-    for (i = num_etypes - 1; i >= 0; --i) {
-	if (etypes[i]->keytype->type == keytype
-	    && !(etypes[i]->flags & F_PSEUDO))
-	    ++n;
-    }
-    ret = malloc(n * sizeof(*ret));
-    if (ret == NULL && n != 0) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    n = 0;
-    for (i = num_etypes - 1; i >= 0; --i) {
-	if (etypes[i]->keytype->type == keytype
-	    && !(etypes[i]->flags & F_PSEUDO))
-	    ret[n++] = etypes[i]->type;
-    }
-    *len = n;
-    *val = ret;
-    return 0;
-}
-
-/*
- * First take the configured list of etypes for `keytype' if available,
- * else, do `krb5_keytype_to_enctypes'.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_keytype_to_enctypes_default (krb5_context context,
-				  krb5_keytype keytype,
-				  unsigned *len,
-				  krb5_enctype **val)
-{
-    int i, n;
-    krb5_enctype *ret;
-
-    if (keytype != KEYTYPE_DES || context->etypes_des == NULL)
-	return krb5_keytype_to_enctypes (context, keytype, len, val);
-
-    for (n = 0; context->etypes_des[n]; ++n)
-	;
-    ret = malloc (n * sizeof(*ret));
-    if (ret == NULL && n != 0) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    for (i = 0; i < n; ++i)
-	ret[i] = context->etypes_des[i];
-    *len = n;
-    *val = ret;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_enctype_valid(krb5_context context, 
-		 krb5_enctype etype)
-{
-    struct encryption_type *e = _find_enctype(etype);
-    if(e == NULL) {
-	krb5_set_error_string (context, "encryption type %d not supported",
-			       etype);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    if (e->flags & F_DISABLED) {
-	krb5_set_error_string (context, "encryption type %s is disabled",
-			       e->name);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cksumtype_valid(krb5_context context, 
-		     krb5_cksumtype ctype)
-{
-    struct checksum_type *c = _find_checksum(ctype);
-    if (c == NULL) {
-	krb5_set_error_string (context, "checksum type %d not supported",
-			       ctype);
-	return KRB5_PROG_SUMTYPE_NOSUPP;
-    }
-    if (c->flags & F_DISABLED) {
-	krb5_set_error_string (context, "checksum type %s is disabled",
-			       c->name);
-	return KRB5_PROG_SUMTYPE_NOSUPP;
-    }
-    return 0;
-}
-
-
-/* if two enctypes have compatible keys */
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_enctypes_compatible_keys(krb5_context context,
-			      krb5_enctype etype1,
-			      krb5_enctype etype2)
-{
-    struct encryption_type *e1 = _find_enctype(etype1);
-    struct encryption_type *e2 = _find_enctype(etype2);
-    return e1 != NULL && e2 != NULL && e1->keytype == e2->keytype;
-}
-
-static krb5_boolean
-derived_crypto(krb5_context context,
-	       krb5_crypto crypto)
-{
-    return (crypto->et->flags & F_DERIVED) != 0;
-}
-
-static krb5_boolean
-special_crypto(krb5_context context,
-	       krb5_crypto crypto)
-{
-    return (crypto->et->flags & F_SPECIAL) != 0;
-}
-
-#define CHECKSUMSIZE(C) ((C)->checksumsize)
-#define CHECKSUMTYPE(C) ((C)->type)
-
-static krb5_error_code
-encrypt_internal_derived(krb5_context context,
-			 krb5_crypto crypto,
-			 unsigned usage,
-			 const void *data,
-			 size_t len,
-			 krb5_data *result,
-			 void *ivec)
-{
-    size_t sz, block_sz, checksum_sz, total_sz;
-    Checksum cksum;
-    unsigned char *p, *q;
-    krb5_error_code ret;
-    struct key_data *dkey;
-    const struct encryption_type *et = crypto->et;
-    
-    checksum_sz = CHECKSUMSIZE(et->keyed_checksum);
-
-    sz = et->confoundersize + len;
-    block_sz = (sz + et->padsize - 1) &~ (et->padsize - 1); /* pad */
-    total_sz = block_sz + checksum_sz;
-    p = calloc(1, total_sz);
-    if(p == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    
-    q = p;
-    krb5_generate_random_block(q, et->confoundersize); /* XXX */
-    q += et->confoundersize;
-    memcpy(q, data, len);
-    
-    ret = create_checksum(context, 
-			  et->keyed_checksum,
-			  crypto, 
-			  INTEGRITY_USAGE(usage),
-			  p, 
-			  block_sz,
-			  &cksum);
-    if(ret == 0 && cksum.checksum.length != checksum_sz) {
-	free_Checksum (&cksum);
-	krb5_clear_error_string (context);
-	ret = KRB5_CRYPTO_INTERNAL;
-    }
-    if(ret)
-	goto fail;
-    memcpy(p + block_sz, cksum.checksum.data, cksum.checksum.length);
-    free_Checksum (&cksum);
-    ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey);
-    if(ret)
-	goto fail;
-    ret = _key_schedule(context, dkey);
-    if(ret)
-	goto fail;
-#ifdef CRYPTO_DEBUG
-    krb5_crypto_debug(context, 1, block_sz, dkey->key);
-#endif
-    ret = (*et->encrypt)(context, dkey, p, block_sz, 1, usage, ivec);
-    if (ret)
-	goto fail;
-    result->data = p;
-    result->length = total_sz;
-    return 0;
- fail:
-    memset(p, 0, total_sz);
-    free(p);
-    return ret;
-}
-
-
-static krb5_error_code
-encrypt_internal(krb5_context context,
-		 krb5_crypto crypto,
-		 const void *data,
-		 size_t len,
-		 krb5_data *result,
-		 void *ivec)
-{
-    size_t sz, block_sz, checksum_sz;
-    Checksum cksum;
-    unsigned char *p, *q;
-    krb5_error_code ret;
-    const struct encryption_type *et = crypto->et;
-    
-    checksum_sz = CHECKSUMSIZE(et->checksum);
-    
-    sz = et->confoundersize + checksum_sz + len;
-    block_sz = (sz + et->padsize - 1) &~ (et->padsize - 1); /* pad */
-    p = calloc(1, block_sz);
-    if(p == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    
-    q = p;
-    krb5_generate_random_block(q, et->confoundersize); /* XXX */
-    q += et->confoundersize;
-    memset(q, 0, checksum_sz);
-    q += checksum_sz;
-    memcpy(q, data, len);
-
-    ret = create_checksum(context, 
-			  et->checksum,
-			  crypto,
-			  0,
-			  p, 
-			  block_sz,
-			  &cksum);
-    if(ret == 0 && cksum.checksum.length != checksum_sz) {
-	krb5_clear_error_string (context);
-	free_Checksum(&cksum);
-	ret = KRB5_CRYPTO_INTERNAL;
-    }
-    if(ret)
-	goto fail;
-    memcpy(p + et->confoundersize, cksum.checksum.data, cksum.checksum.length);
-    free_Checksum(&cksum);
-    ret = _key_schedule(context, &crypto->key);
-    if(ret)
-	goto fail;
-#ifdef CRYPTO_DEBUG
-    krb5_crypto_debug(context, 1, block_sz, crypto->key.key);
-#endif
-    ret = (*et->encrypt)(context, &crypto->key, p, block_sz, 1, 0, ivec);
-    if (ret) {
-	memset(p, 0, block_sz);
-	free(p);
-	return ret;
-    }
-    result->data = p;
-    result->length = block_sz;
-    return 0;
- fail:
-    memset(p, 0, block_sz);
-    free(p);
-    return ret;
-}
-
-static krb5_error_code
-encrypt_internal_special(krb5_context context,
-			 krb5_crypto crypto,
-			 int usage,
-			 const void *data,
-			 size_t len,
-			 krb5_data *result,
-			 void *ivec)
-{
-    struct encryption_type *et = crypto->et;
-    size_t cksum_sz = CHECKSUMSIZE(et->checksum);
-    size_t sz = len + cksum_sz + et->confoundersize;
-    char *tmp, *p;
-    krb5_error_code ret;
-
-    tmp = malloc (sz);
-    if (tmp == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    p = tmp;
-    memset (p, 0, cksum_sz);
-    p += cksum_sz;
-    krb5_generate_random_block(p, et->confoundersize);
-    p += et->confoundersize;
-    memcpy (p, data, len);
-    ret = (*et->encrypt)(context, &crypto->key, tmp, sz, TRUE, usage, ivec);
-    if (ret) {
-	memset(tmp, 0, sz);
-	free(tmp);
-	return ret;
-    }
-    result->data   = tmp;
-    result->length = sz;
-    return 0;
-}
-
-static krb5_error_code
-decrypt_internal_derived(krb5_context context,
-			 krb5_crypto crypto,
-			 unsigned usage,
-			 void *data,
-			 size_t len,
-			 krb5_data *result,
-			 void *ivec)
-{
-    size_t checksum_sz;
-    Checksum cksum;
-    unsigned char *p;
-    krb5_error_code ret;
-    struct key_data *dkey;
-    struct encryption_type *et = crypto->et;
-    unsigned long l;
-    
-    checksum_sz = CHECKSUMSIZE(et->keyed_checksum);
-    if (len < checksum_sz + et->confoundersize) {
-	krb5_set_error_string(context, "Encrypted data shorter then "
-			      "checksum + confunder");
-	return KRB5_BAD_MSIZE;
-    }
-
-    if (((len - checksum_sz) % et->padsize) != 0) {
-	krb5_clear_error_string(context);
-	return KRB5_BAD_MSIZE;
-    }
-
-    p = malloc(len);
-    if(len != 0 && p == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    memcpy(p, data, len);
-
-    len -= checksum_sz;
-
-    ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey);
-    if(ret) {
-	free(p);
-	return ret;
-    }
-    ret = _key_schedule(context, dkey);
-    if(ret) {
-	free(p);
-	return ret;
-    }
-#ifdef CRYPTO_DEBUG
-    krb5_crypto_debug(context, 0, len, dkey->key);
-#endif
-    ret = (*et->encrypt)(context, dkey, p, len, 0, usage, ivec);
-    if (ret) {
-	free(p);
-	return ret;
-    }
-
-    cksum.checksum.data   = p + len;
-    cksum.checksum.length = checksum_sz;
-    cksum.cksumtype       = CHECKSUMTYPE(et->keyed_checksum);
-
-    ret = verify_checksum(context,
-			  crypto,
-			  INTEGRITY_USAGE(usage),
-			  p,
-			  len,
-			  &cksum);
-    if(ret) {
-	free(p);
-	return ret;
-    }
-    l = len - et->confoundersize;
-    memmove(p, p + et->confoundersize, l);
-    result->data = realloc(p, l);
-    if(result->data == NULL && l != 0) {
-	free(p);
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    result->length = l;
-    return 0;
-}
-
-static krb5_error_code
-decrypt_internal(krb5_context context,
-		 krb5_crypto crypto,
-		 void *data,
-		 size_t len,
-		 krb5_data *result,
-		 void *ivec)
-{
-    krb5_error_code ret;
-    unsigned char *p;
-    Checksum cksum;
-    size_t checksum_sz, l;
-    struct encryption_type *et = crypto->et;
-    
-    if ((len % et->padsize) != 0) {
-	krb5_clear_error_string(context);
-	return KRB5_BAD_MSIZE;
-    }
-
-    checksum_sz = CHECKSUMSIZE(et->checksum);
-    p = malloc(len);
-    if(len != 0 && p == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    memcpy(p, data, len);
-    
-    ret = _key_schedule(context, &crypto->key);
-    if(ret) {
-	free(p);
-	return ret;
-    }
-#ifdef CRYPTO_DEBUG
-    krb5_crypto_debug(context, 0, len, crypto->key.key);
-#endif
-    ret = (*et->encrypt)(context, &crypto->key, p, len, 0, 0, ivec);
-    if (ret) {
-	free(p);
-	return ret;
-    }
-    ret = krb5_data_copy(&cksum.checksum, p + et->confoundersize, checksum_sz);
-    if(ret) {
- 	free(p);
- 	return ret;
-    }
-    memset(p + et->confoundersize, 0, checksum_sz);
-    cksum.cksumtype = CHECKSUMTYPE(et->checksum);
-    ret = verify_checksum(context, NULL, 0, p, len, &cksum);
-    free_Checksum(&cksum);
-    if(ret) {
-	free(p);
-	return ret;
-    }
-    l = len - et->confoundersize - checksum_sz;
-    memmove(p, p + et->confoundersize + checksum_sz, l);
-    result->data = realloc(p, l);
-    if(result->data == NULL && l != 0) {
-	free(p);
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    result->length = l;
-    return 0;
-}
-
-static krb5_error_code
-decrypt_internal_special(krb5_context context,
-			 krb5_crypto crypto,
-			 int usage,
-			 void *data,
-			 size_t len,
-			 krb5_data *result,
-			 void *ivec)
-{
-    struct encryption_type *et = crypto->et;
-    size_t cksum_sz = CHECKSUMSIZE(et->checksum);
-    size_t sz = len - cksum_sz - et->confoundersize;
-    unsigned char *p;
-    krb5_error_code ret;
-
-    if ((len % et->padsize) != 0) {
-	krb5_clear_error_string(context);
-	return KRB5_BAD_MSIZE;
-    }
-
-    p = malloc (len);
-    if (p == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    memcpy(p, data, len);
-    
-    ret = (*et->encrypt)(context, &crypto->key, p, len, FALSE, usage, ivec);
-    if (ret) {
-	free(p);
-	return ret;
-    }
-
-    memmove (p, p + cksum_sz + et->confoundersize, sz);
-    result->data = realloc(p, sz);
-    if(result->data == NULL && sz != 0) {
-	free(p);
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    result->length = sz;
-    return 0;
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encrypt_ivec(krb5_context context,
-		  krb5_crypto crypto,
-		  unsigned usage,
-		  const void *data,
-		  size_t len,
-		  krb5_data *result,
-		  void *ivec)
-{
-    if(derived_crypto(context, crypto))
-	return encrypt_internal_derived(context, crypto, usage, 
-					data, len, result, ivec);
-    else if (special_crypto(context, crypto))
-	return encrypt_internal_special (context, crypto, usage,
-					 data, len, result, ivec);
-    else
-	return encrypt_internal(context, crypto, data, len, result, ivec);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encrypt(krb5_context context,
-	     krb5_crypto crypto,
-	     unsigned usage,
-	     const void *data,
-	     size_t len,
-	     krb5_data *result)
-{
-    return krb5_encrypt_ivec(context, crypto, usage, data, len, result, NULL);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encrypt_EncryptedData(krb5_context context,
-			   krb5_crypto crypto,
-			   unsigned usage,
-			   void *data,
-			   size_t len,
-			   int kvno,
-			   EncryptedData *result)
-{
-    result->etype = CRYPTO_ETYPE(crypto);
-    if(kvno){
-	ALLOC(result->kvno, 1);
-	*result->kvno = kvno;
-    }else
-	result->kvno = NULL;
-    return krb5_encrypt(context, crypto, usage, data, len, &result->cipher);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decrypt_ivec(krb5_context context,
-		  krb5_crypto crypto,
-		  unsigned usage,
-		  void *data,
-		  size_t len,
-		  krb5_data *result,
-		  void *ivec)
-{
-    if(derived_crypto(context, crypto))
-	return decrypt_internal_derived(context, crypto, usage, 
-					data, len, result, ivec);
-    else if (special_crypto (context, crypto))
-	return decrypt_internal_special(context, crypto, usage,
-					data, len, result, ivec);
-    else
-	return decrypt_internal(context, crypto, data, len, result, ivec);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decrypt(krb5_context context,
-	     krb5_crypto crypto,
-	     unsigned usage,
-	     void *data,
-	     size_t len,
-	     krb5_data *result)
-{
-    return krb5_decrypt_ivec (context, crypto, usage, data, len, result,
-			      NULL);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decrypt_EncryptedData(krb5_context context,
-			   krb5_crypto crypto,
-			   unsigned usage,
-			   const EncryptedData *e,
-			   krb5_data *result)
-{
-    return krb5_decrypt(context, crypto, usage, 
-			e->cipher.data, e->cipher.length, result);
-}
-
-/************************************************************
- *                                                          *
- ************************************************************/
-
-#define ENTROPY_NEEDED 128
-
-static int
-seed_something(void)
-{
-    char buf[1024], seedfile[256];
-
-    /* If there is a seed file, load it. But such a file cannot be trusted,
-       so use 0 for the entropy estimate */
-    if (RAND_file_name(seedfile, sizeof(seedfile))) {
-	int fd;
-	fd = open(seedfile, O_RDONLY);
-	if (fd >= 0) {
-	    ssize_t ret;
-	    ret = read(fd, buf, sizeof(buf));
-	    if (ret > 0)
-		RAND_add(buf, ret, 0.0);
-	    close(fd);
-	} else
-	    seedfile[0] = '\0';
-    } else
-	seedfile[0] = '\0';
-
-    /* Calling RAND_status() will try to use /dev/urandom if it exists so
-       we do not have to deal with it. */
-    if (RAND_status() != 1) {
-	krb5_context context;
-	const char *p;
-
-	/* Try using egd */
-	if (!krb5_init_context(&context)) {
-	    p = krb5_config_get_string(context, NULL, "libdefaults",
-		"egd_socket", NULL);
-	    if (p != NULL)
-		RAND_egd_bytes(p, ENTROPY_NEEDED);
-	    krb5_free_context(context);
-	}
-    }
-    
-    if (RAND_status() == 1)	{
-	/* Update the seed file */
-	if (seedfile[0])
-	    RAND_write_file(seedfile);
-
-	return 0;
-    } else
-	return -1;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_generate_random_block(void *buf, size_t len)
-{
-    static int rng_initialized = 0;
-    
-    HEIMDAL_MUTEX_lock(&crypto_mutex);
-    if (!rng_initialized) {
-	if (seed_something())
-	    krb5_abortx(NULL, "Fatal: could not seed the "
-			"random number generator");
-	
-	rng_initialized = 1;
-    }
-    HEIMDAL_MUTEX_unlock(&crypto_mutex);
-    if (RAND_bytes(buf, len) != 1)
-	krb5_abortx(NULL, "Failed to generate random block");
-}
-
-static void
-DES3_postproc(krb5_context context,
-	      unsigned char *k, size_t len, struct key_data *key)
-{
-    DES3_random_to_key(context, key->key, k, len);
-
-    if (key->schedule) {
-	krb5_free_data(context, key->schedule);
-	key->schedule = NULL;
-    }
-}
-
-static krb5_error_code
-derive_key(krb5_context context,
-	   struct encryption_type *et,
-	   struct key_data *key,
-	   const void *constant,
-	   size_t len)
-{
-    unsigned char *k;
-    unsigned int nblocks = 0, i;
-    krb5_error_code ret = 0;
-    struct key_type *kt = et->keytype;
-
-    ret = _key_schedule(context, key);
-    if(ret)
-	return ret;
-    if(et->blocksize * 8 < kt->bits || len != et->blocksize) {
-	nblocks = (kt->bits + et->blocksize * 8 - 1) / (et->blocksize * 8);
-	k = malloc(nblocks * et->blocksize);
-	if(k == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	ret = _krb5_n_fold(constant, len, k, et->blocksize);
-	if (ret) {
-	    free(k);
-	    krb5_set_error_string(context, "out of memory");
-	    return ret;
-	}
-	for(i = 0; i < nblocks; i++) {
-	    if(i > 0)
-		memcpy(k + i * et->blocksize, 
-		       k + (i - 1) * et->blocksize,
-		       et->blocksize);
-	    (*et->encrypt)(context, key, k + i * et->blocksize, et->blocksize,
-			   1, 0, NULL);
-	}
-    } else {
-	/* this case is probably broken, but won't be run anyway */
-	void *c = malloc(len);
-	size_t res_len = (kt->bits + 7) / 8;
-
-	if(len != 0 && c == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	memcpy(c, constant, len);
-	(*et->encrypt)(context, key, c, len, 1, 0, NULL);
-	k = malloc(res_len);
-	if(res_len != 0 && k == NULL) {
-	    free(c);
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	ret = _krb5_n_fold(c, len, k, res_len);
-	if (ret) {
-	    free(k);
-	    krb5_set_error_string(context, "out of memory");
-	    return ret;
-	}
-	free(c);
-    }
-    
-    /* XXX keytype dependent post-processing */
-    switch(kt->type) {
-    case KEYTYPE_DES3:
-	DES3_postproc(context, k, nblocks * et->blocksize, key);
-	break;
-    case KEYTYPE_AES128:
-    case KEYTYPE_AES256:
-	memcpy(key->key->keyvalue.data, k, key->key->keyvalue.length);
-	break;
-    default:
-	krb5_set_error_string(context,
-			      "derive_key() called with unknown keytype (%u)", 
-			      kt->type);
-	ret = KRB5_CRYPTO_INTERNAL;
-	break;
-    }
-    if (key->schedule) {
-	krb5_free_data(context, key->schedule);
-	key->schedule = NULL;
-    }
-    memset(k, 0, nblocks * et->blocksize);
-    free(k);
-    return ret;
-}
-
-static struct key_data *
-_new_derived_key(krb5_crypto crypto, unsigned usage)
-{
-    struct key_usage *d = crypto->key_usage;
-    d = realloc(d, (crypto->num_key_usage + 1) * sizeof(*d));
-    if(d == NULL)
-	return NULL;
-    crypto->key_usage = d;
-    d += crypto->num_key_usage++;
-    memset(d, 0, sizeof(*d));
-    d->usage = usage;
-    return &d->key;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_derive_key(krb5_context context,
-		const krb5_keyblock *key,
-		krb5_enctype etype,
-		const void *constant,
-		size_t constant_len,
-		krb5_keyblock **derived_key)
-{
-    krb5_error_code ret;
-    struct encryption_type *et;
-    struct key_data d;
-
-    *derived_key = NULL;
-
-    et = _find_enctype (etype);
-    if (et == NULL) {
-	krb5_set_error_string(context, "encryption type %d not supported",
-			      etype);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-
-    ret = krb5_copy_keyblock(context, key, &d.key);
-    if (ret)
-	return ret;
-
-    d.schedule = NULL;
-    ret = derive_key(context, et, &d, constant, constant_len);
-    if (ret == 0)
-	ret = krb5_copy_keyblock(context, d.key, derived_key);
-    free_key_data(context, &d);    
-    return ret;
-}
-
-static krb5_error_code
-_get_derived_key(krb5_context context, 
-		 krb5_crypto crypto, 
-		 unsigned usage, 
-		 struct key_data **key)
-{
-    int i;
-    struct key_data *d;
-    unsigned char constant[5];
-
-    for(i = 0; i < crypto->num_key_usage; i++)
-	if(crypto->key_usage[i].usage == usage) {
-	    *key = &crypto->key_usage[i].key;
-	    return 0;
-	}
-    d = _new_derived_key(crypto, usage);
-    if(d == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    krb5_copy_keyblock(context, crypto->key.key, &d->key);
-    _krb5_put_int(constant, usage, 5);
-    derive_key(context, crypto->et, d, constant, sizeof(constant));
-    *key = d;
-    return 0;
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_crypto_init(krb5_context context,
-		 const krb5_keyblock *key,
-		 krb5_enctype etype,
-		 krb5_crypto *crypto)
-{
-    krb5_error_code ret;
-    ALLOC(*crypto, 1);
-    if(*crypto == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    if(etype == ETYPE_NULL)
-	etype = key->keytype;
-    (*crypto)->et = _find_enctype(etype);
-    if((*crypto)->et == NULL || ((*crypto)->et->flags & F_DISABLED)) {
-	free(*crypto);
-	*crypto = NULL;
-	krb5_set_error_string (context, "encryption type %d not supported",
-			       etype);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    if((*crypto)->et->keytype->size != key->keyvalue.length) {
-	free(*crypto);
-	*crypto = NULL;
-	krb5_set_error_string (context, "encryption key has bad length");
-	return KRB5_BAD_KEYSIZE;
-    }
-    ret = krb5_copy_keyblock(context, key, &(*crypto)->key.key);
-    if(ret) {
-	free(*crypto);
-	*crypto = NULL;
-	return ret;
-    }
-    (*crypto)->key.schedule = NULL;
-    (*crypto)->num_key_usage = 0;
-    (*crypto)->key_usage = NULL;
-    return 0;
-}
-
-static void
-free_key_data(krb5_context context, struct key_data *key)
-{
-    krb5_free_keyblock(context, key->key);
-    if(key->schedule) {
-	memset(key->schedule->data, 0, key->schedule->length);
-	krb5_free_data(context, key->schedule);
-    }
-}
-
-static void
-free_key_usage(krb5_context context, struct key_usage *ku)
-{
-    free_key_data(context, &ku->key);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_crypto_destroy(krb5_context context,
-		    krb5_crypto crypto)
-{
-    int i;
-    
-    for(i = 0; i < crypto->num_key_usage; i++)
-	free_key_usage(context, &crypto->key_usage[i]);
-    free(crypto->key_usage);
-    free_key_data(context, &crypto->key);
-    free (crypto);
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_crypto_getblocksize(krb5_context context,
-			 krb5_crypto crypto,
-			 size_t *blocksize)
-{
-    *blocksize = crypto->et->blocksize;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_crypto_getenctype(krb5_context context,
-		       krb5_crypto crypto,
-		       krb5_enctype *enctype)
-{
-    *enctype = crypto->et->type;
-     return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_crypto_getpadsize(krb5_context context,
-                       krb5_crypto crypto,
-                       size_t *padsize)      
-{
-    *padsize = crypto->et->padsize;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_crypto_getconfoundersize(krb5_context context,
-                              krb5_crypto crypto,
-                              size_t *confoundersize)
-{
-    *confoundersize = crypto->et->confoundersize;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_enctype_disable(krb5_context context,
-		     krb5_enctype enctype)
-{
-    struct encryption_type *et = _find_enctype(enctype);
-    if(et == NULL) {
-	if (context)
-	    krb5_set_error_string (context, "encryption type %d not supported",
-				   enctype);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    et->flags |= F_DISABLED;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_key_derived(krb5_context context,
-			   const void *str,
-			   size_t len,
-			   krb5_enctype etype,
-			   krb5_keyblock *key)
-{
-    struct encryption_type *et = _find_enctype(etype);
-    krb5_error_code ret;
-    struct key_data kd;
-    size_t keylen;
-    u_char *tmp;
-
-    if(et == NULL) {
-	krb5_set_error_string (context, "encryption type %d not supported",
-			       etype);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    keylen = et->keytype->bits / 8;
-
-    ALLOC(kd.key, 1);
-    if(kd.key == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    ret = krb5_data_alloc(&kd.key->keyvalue, et->keytype->size);
-    if(ret) {
-	free(kd.key);
-	return ret;
-    }
-    kd.key->keytype = etype;
-    tmp = malloc (keylen);
-    if(tmp == NULL) {
-	krb5_free_keyblock(context, kd.key);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    ret = _krb5_n_fold(str, len, tmp, keylen);
-    if (ret) {
-	free(tmp);
-	krb5_set_error_string(context, "out of memory");
-	return ret;
-    }
-    kd.schedule = NULL;
-    DES3_postproc (context, tmp, keylen, &kd); /* XXX */
-    memset(tmp, 0, keylen);
-    free(tmp);
-    ret = derive_key(context, 
-		     et,
-		     &kd,
-		     "kerberos", /* XXX well known constant */
-		     strlen("kerberos"));
-    ret = krb5_copy_keyblock_contents(context, kd.key, key);
-    free_key_data(context, &kd);
-    return ret;
-}
-
-static size_t
-wrapped_length (krb5_context context,
-		krb5_crypto  crypto,
-		size_t       data_len)
-{
-    struct encryption_type *et = crypto->et;
-    size_t padsize = et->padsize;
-    size_t checksumsize = CHECKSUMSIZE(et->checksum);
-    size_t res;
-
-    res =  et->confoundersize + checksumsize + data_len;
-    res =  (res + padsize - 1) / padsize * padsize;
-    return res;
-}
-
-static size_t
-wrapped_length_dervied (krb5_context context,
-			krb5_crypto  crypto,
-			size_t       data_len)
-{
-    struct encryption_type *et = crypto->et;
-    size_t padsize = et->padsize;
-    size_t res;
-
-    res =  et->confoundersize + data_len;
-    res =  (res + padsize - 1) / padsize * padsize;
-    if (et->keyed_checksum)
-	res += et->keyed_checksum->checksumsize;
-    else
-	res += et->checksum->checksumsize;
-    return res;
-}
-
-/*
- * Return the size of an encrypted packet of length `data_len'
- */
-
-size_t
-krb5_get_wrapped_length (krb5_context context,
-			 krb5_crypto  crypto,
-			 size_t       data_len)
-{
-    if (derived_crypto (context, crypto))
-	return wrapped_length_dervied (context, crypto, data_len);
-    else
-	return wrapped_length (context, crypto, data_len);
-}
-
-/*
- * Return the size of an encrypted packet of length `data_len'
- */
-
-static size_t
-crypto_overhead (krb5_context context,
-		 krb5_crypto  crypto)
-{
-    struct encryption_type *et = crypto->et;
-    size_t res;
-
-    res = CHECKSUMSIZE(et->checksum);
-    res += et->confoundersize;
-    if (et->padsize > 1)
-	res += et->padsize;
-    return res;
-}
-
-static size_t
-crypto_overhead_dervied (krb5_context context,
-			 krb5_crypto  crypto)
-{
-    struct encryption_type *et = crypto->et;
-    size_t res;
-
-    if (et->keyed_checksum)
-	res = CHECKSUMSIZE(et->keyed_checksum);
-    else
-	res = CHECKSUMSIZE(et->checksum);
-    res += et->confoundersize;
-    if (et->padsize > 1)
-	res += et->padsize;
-    return res;
-}
-
-size_t
-krb5_crypto_overhead (krb5_context context, krb5_crypto crypto)
-{
-    if (derived_crypto (context, crypto))
-	return crypto_overhead_dervied (context, crypto);
-    else
-	return crypto_overhead (context, crypto);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_random_to_key(krb5_context context,
-		   krb5_enctype type,
-		   const void *data,
-		   size_t size,
-		   krb5_keyblock *key)
-{
-    krb5_error_code ret;
-    struct encryption_type *et = _find_enctype(type);
-    if(et == NULL) {
-	krb5_set_error_string(context, "encryption type %d not supported",
-			      type);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    if ((et->keytype->bits + 7) / 8 > size) {
-	krb5_set_error_string(context, "encryption key %s needs %d bytes "
-			      "of random to make an encryption key out of it",
-			      et->name, (int)et->keytype->size);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    ret = krb5_data_alloc(&key->keyvalue, et->keytype->size);
-    if(ret) 
-	return ret;
-    key->keytype = type;
-    if (et->keytype->random_to_key)
- 	(*et->keytype->random_to_key)(context, key, data, size);
-    else
-	memcpy(key->keyvalue.data, data, et->keytype->size);
-
-    return 0;
-}
-
-krb5_error_code
-_krb5_pk_octetstring2key(krb5_context context,
-			 krb5_enctype type,
-			 const void *dhdata,
-			 size_t dhsize,
-			 const heim_octet_string *c_n,
-			 const heim_octet_string *k_n,
-			 krb5_keyblock *key)
-{
-    struct encryption_type *et = _find_enctype(type);
-    krb5_error_code ret;
-    size_t keylen, offset;
-    void *keydata;
-    unsigned char counter;
-    unsigned char shaoutput[20];
-
-    if(et == NULL) {
-	krb5_set_error_string(context, "encryption type %d not supported",
-			      type);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    keylen = (et->keytype->bits + 7) / 8;
-
-    keydata = malloc(keylen);
-    if (keydata == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    counter = 0;
-    offset = 0;
-    do {
-	SHA_CTX m;
-	
-	SHA1_Init(&m);
-	SHA1_Update(&m, &counter, 1);
-	SHA1_Update(&m, dhdata, dhsize);
-	if (c_n)
-	    SHA1_Update(&m, c_n->data, c_n->length);
-	if (k_n)
-	    SHA1_Update(&m, k_n->data, k_n->length);
-	SHA1_Final(shaoutput, &m);
-
-	memcpy((unsigned char *)keydata + offset,
-	       shaoutput,
-	       min(keylen - offset, sizeof(shaoutput)));
-
-	offset += sizeof(shaoutput);
-	counter++;
-    } while(offset < keylen);
-    memset(shaoutput, 0, sizeof(shaoutput));
-
-    ret = krb5_random_to_key(context, type, keydata, keylen, key);
-    memset(keydata, 0, sizeof(keylen));
-    free(keydata);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_crypto_prf_length(krb5_context context,
-		       krb5_enctype type,
-		       size_t *length)
-{
-    struct encryption_type *et = _find_enctype(type);
-
-    if(et == NULL || et->prf_length == 0) {
-	krb5_set_error_string(context, "encryption type %d not supported",
-			      type);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-
-    *length = et->prf_length;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_crypto_prf(krb5_context context,
-		const krb5_crypto crypto,
-		const krb5_data *input, 
-		krb5_data *output)
-{
-    struct encryption_type *et = crypto->et;
-
-    krb5_data_zero(output);
-
-    if(et->prf == NULL) {
-	krb5_set_error_string(context, "kerberos prf for %s not supported",
-			      et->name);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-
-    return (*et->prf)(context, crypto, input, output);
-}
-	
-
-
-
-#ifdef CRYPTO_DEBUG
-
-static krb5_error_code
-krb5_get_keyid(krb5_context context,
-	       krb5_keyblock *key,
-	       uint32_t *keyid)
-{
-    MD5_CTX md5;
-    unsigned char tmp[16];
-
-    MD5_Init (&md5);
-    MD5_Update (&md5, key->keyvalue.data, key->keyvalue.length);
-    MD5_Final (tmp, &md5);
-    *keyid = (tmp[12] << 24) | (tmp[13] << 16) | (tmp[14] << 8) | tmp[15];
-    return 0;
-}
-
-static void
-krb5_crypto_debug(krb5_context context,
-		  int encryptp,
-		  size_t len,
-		  krb5_keyblock *key)
-{
-    uint32_t keyid;
-    char *kt;
-    krb5_get_keyid(context, key, &keyid);
-    krb5_enctype_to_string(context, key->keytype, &kt);
-    krb5_warnx(context, "%s %lu bytes with key-id %#x (%s)", 
-	       encryptp ? "encrypting" : "decrypting",
-	       (unsigned long)len,
-	       keyid,
-	       kt);
-    free(kt);
-}
-
-#endif /* CRYPTO_DEBUG */
-
-#if 0
-int
-main()
-{
-#if 0
-    int i;
-    krb5_context context;
-    krb5_crypto crypto;
-    struct key_data *d;
-    krb5_keyblock key;
-    char constant[4];
-    unsigned usage = ENCRYPTION_USAGE(3);
-    krb5_error_code ret;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    key.keytype = ETYPE_NEW_DES3_CBC_SHA1;
-    key.keyvalue.data = "\xb3\x85\x58\x94\xd9\xdc\x7c\xc8"
-	"\x25\xe9\x85\xab\x3e\xb5\xfb\x0e"
-	"\xc8\xdf\xab\x26\x86\x64\x15\x25";
-    key.keyvalue.length = 24;
-
-    krb5_crypto_init(context, &key, 0, &crypto);
-
-    d = _new_derived_key(crypto, usage);
-    if(d == NULL)
-	krb5_errx(context, 1, "_new_derived_key failed");
-    krb5_copy_keyblock(context, crypto->key.key, &d->key);
-    _krb5_put_int(constant, usage, 4);
-    derive_key(context, crypto->et, d, constant, sizeof(constant));
-    return 0;
-#else
-    int i;
-    krb5_context context;
-    krb5_crypto crypto;
-    struct key_data *d;
-    krb5_keyblock key;
-    krb5_error_code ret;
-    Checksum res;
-
-    char *data = "what do ya want for nothing?";
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    key.keytype = ETYPE_NEW_DES3_CBC_SHA1;
-    key.keyvalue.data = "Jefe";
-    /* "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
-       "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; */
-    key.keyvalue.length = 4;
-
-    d = ecalloc(1, sizeof(*d));
-    d->key = &key;
-    res.checksum.length = 20;
-    res.checksum.data = emalloc(res.checksum.length);
-    SP_HMAC_SHA1_checksum(context, d, data, 28, &res);
-
-    return 0;
-#endif
-}
-#endif
diff --git a/crypto/heimdal/lib/krb5/data.c b/crypto/heimdal/lib/krb5/data.c
deleted file mode 100644
index eda1a8b2598b..000000000000
--- a/crypto/heimdal/lib/krb5/data.c
+++ /dev/null
@@ -1,224 +0,0 @@
-/*
- * Copyright (c) 1997 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: data.c 22064 2007-11-11 16:28:14Z lha $");
-
-/**
- * Reset the (potentially uninitalized) krb5_data structure.
- *
- * @param p krb5_data to reset.
- *
- * @ingroup krb5
- */
-
-void KRB5_LIB_FUNCTION
-krb5_data_zero(krb5_data *p)
-{
-    p->length = 0;
-    p->data   = NULL;
-}
-
-/**
- * Free the content of krb5_data structure, its ok to free a zeroed
- * structure. When done, the structure will be zeroed.
- * 
- * @param p krb5_data to free.
- *
- * @ingroup krb5
- */
-
-void KRB5_LIB_FUNCTION
-krb5_data_free(krb5_data *p)
-{
-    if(p->data != NULL)
-	free(p->data);
-    krb5_data_zero(p);
-}
-
-/**
- * Same as krb5_data_free().
- * 
- * @param context Kerberos 5 context.
- * @param data krb5_data to free.
- *
- * @ingroup krb5
- */
-
-void KRB5_LIB_FUNCTION 
-krb5_free_data_contents(krb5_context context, krb5_data *data)
-{
-    krb5_data_free(data);
-}
-
-/**
- * Free krb5_data (and its content).
- * 
- * @param context Kerberos 5 context.
- * @param p krb5_data to free.
- *
- * @ingroup krb5
- */
-
-void KRB5_LIB_FUNCTION
-krb5_free_data(krb5_context context,
-	       krb5_data *p)
-{
-    krb5_data_free(p);
-    free(p);
-}
-
-/**
- * Allocate data of and krb5_data.
- * 
- * @param p krb5_data to free.
- * @param len size to allocate.
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned.
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_data_alloc(krb5_data *p, int len)
-{
-    p->data = malloc(len);
-    if(len && p->data == NULL)
-	return ENOMEM;
-    p->length = len;
-    return 0;
-}
-
-/**
- * Grow (or shrink) the content of krb5_data to a new size.
- * 
- * @param p krb5_data to free.
- * @param len new size.
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned.
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_data_realloc(krb5_data *p, int len)
-{
-    void *tmp;
-    tmp = realloc(p->data, len);
-    if(len && !tmp)
-	return ENOMEM;
-    p->data = tmp;
-    p->length = len;
-    return 0;
-}
-
-/**
- * Copy the data of len into the krb5_data.
- * 
- * @param p krb5_data to copy into.
- * @param data data to copy..
- * @param len new size.
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned.
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_data_copy(krb5_data *p, const void *data, size_t len)
-{
-    if (len) {
-	if(krb5_data_alloc(p, len))
-	    return ENOMEM;
-	memmove(p->data, data, len);
-    } else
-	p->data = NULL;
-    p->length = len;
-    return 0;
-}
-
-/**
- * Copy the data into a newly allocated krb5_data.
- * 
- * @param context Kerberos 5 context.
- * @param indata the krb5_data data to copy
- * @param outdata new krb5_date to copy too. Free with krb5_free_data().
- *
- * @return Returns 0 to indicate success. Otherwise an kerberos et
- * error code is returned.
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_data(krb5_context context, 
-	       const krb5_data *indata, 
-	       krb5_data **outdata)
-{
-    krb5_error_code ret;
-    ALLOC(*outdata, 1);
-    if(*outdata == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    ret = der_copy_octet_string(indata, *outdata);
-    if(ret) {
-	krb5_clear_error_string (context);
-	free(*outdata);
-	*outdata = NULL;
-    }
-    return ret;
-}
-
-/**
- * Compare to data.
- * 
- * @param data1 krb5_data to compare
- * @param data2 krb5_data to compare
- *
- * @return return the same way as memcmp(), useful when sorting.
- *
- * @ingroup krb5
- */
-
-int KRB5_LIB_FUNCTION
-krb5_data_cmp(const krb5_data *data1, const krb5_data *data2)
-{
-    if (data1->length != data2->length)
-	return data1->length - data2->length;
-    return memcmp(data1->data, data2->data, data1->length);
-}
diff --git a/crypto/heimdal/lib/krb5/derived-key-test.c b/crypto/heimdal/lib/krb5/derived-key-test.c
deleted file mode 100644
index debadb8bb956..000000000000
--- a/crypto/heimdal/lib/krb5/derived-key-test.c
+++ /dev/null
@@ -1,123 +0,0 @@
-/*
- * Copyright (c) 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <err.h>
-
-RCSID("$Id: derived-key-test.c 16342 2005-12-02 14:14:43Z lha $");
-
-enum { MAXSIZE = 24 };
-
-static struct testcase {
-    krb5_enctype enctype;
-    unsigned char constant[MAXSIZE];
-    size_t constant_len;
-    unsigned char key[MAXSIZE];
-    unsigned char res[MAXSIZE];
-} tests[] = {
-    {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0x55}, 5,
-    {0xdc, 0xe0, 0x6b, 0x1f, 0x64, 0xc8, 0x57, 0xa1, 0x1c, 0x3d, 0xb5, 0x7c, 0x51, 0x89, 0x9b, 0x2c, 0xc1, 0x79, 0x10, 0x08, 0xce, 0x97, 0x3b, 0x92},
-    {0x92, 0x51, 0x79, 0xd0, 0x45, 0x91, 0xa7, 0x9b, 0x5d, 0x31, 0x92, 0xc4, 0xa7, 0xe9, 0xc2, 0x89, 0xb0, 0x49, 0xc7, 0x1f, 0x6e, 0xe6, 0x04, 0xcd}},
-    {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0xaa}, 5,
-     {0x5e, 0x13, 0xd3, 0x1c, 0x70, 0xef, 0x76, 0x57, 0x46, 0x57, 0x85, 0x31, 0xcb, 0x51, 0xc1, 0x5b, 0xf1, 0x1c, 0xa8, 0x2c, 0x97, 0xce, 0xe9, 0xf2},
-     {0x9e, 0x58, 0xe5, 0xa1, 0x46, 0xd9, 0x94, 0x2a, 0x10, 0x1c, 0x46, 0x98, 0x45, 0xd6, 0x7a, 0x20, 0xe3, 0xc4, 0x25, 0x9e, 0xd9, 0x13, 0xf2, 0x07}},
-    {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0x55}, 5,
-     {0x98, 0xe6, 0xfd, 0x8a, 0x04, 0xa4, 0xb6, 0x85, 0x9b, 0x75, 0xa1, 0x76, 0x54, 0x0b, 0x97, 0x52, 0xba, 0xd3, 0xec, 0xd6, 0x10, 0xa2, 0x52, 0xbc},
-     {0x13, 0xfe, 0xf8, 0x0d, 0x76, 0x3e, 0x94, 0xec, 0x6d, 0x13, 0xfd, 0x2c, 0xa1, 0xd0, 0x85, 0x07, 0x02, 0x49, 0xda, 0xd3, 0x98, 0x08, 0xea, 0xbf}},
-    {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0xaa}, 5,
-     {0x62, 0x2a, 0xec, 0x25, 0xa2, 0xfe, 0x2c, 0xad, 0x70, 0x94, 0x68, 0x0b, 0x7c, 0x64, 0x94, 0x02, 0x80, 0x08, 0x4c, 0x1a, 0x7c, 0xec, 0x92, 0xb5},
-     {0xf8, 0xdf, 0xbf, 0x04, 0xb0, 0x97, 0xe6, 0xd9, 0xdc, 0x07, 0x02, 0x68, 0x6b, 0xcb, 0x34, 0x89, 0xd9, 0x1f, 0xd9, 0xa4, 0x51, 0x6b, 0x70, 0x3e}},
-    {ETYPE_DES3_CBC_SHA1, {0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73}, 8,
-     {0xd3, 0xf8, 0x29, 0x8c, 0xcb, 0x16, 0x64, 0x38, 0xdc, 0xb9, 0xb9, 0x3e, 0xe5, 0xa7, 0x62, 0x92, 0x86, 0xa4, 0x91, 0xf8, 0x38, 0xf8, 0x02, 0xfb},
-     {0x23, 0x70, 0xda, 0x57, 0x5d, 0x2a, 0x3d, 0xa8, 0x64, 0xce, 0xbf, 0xdc, 0x52, 0x04, 0xd5, 0x6d, 0xf7, 0x79, 0xa7, 0xdf, 0x43, 0xd9, 0xda, 0x43}},
-    {ETYPE_DES3_CBC_SHA1, {0x63, 0x6f, 0x6d, 0x62, 0x69, 0x6e, 0x65}, 7,
-     {0xb5, 0x5e, 0x98, 0x34, 0x67, 0xe5, 0x51, 0xb3, 0xe5, 0xd0, 0xe5, 0xb6, 0xc8, 0x0d, 0x45, 0x76, 0x94, 0x23, 0xa8, 0x73, 0xdc, 0x62, 0xb3, 0x0e},
-     {0x01, 0x26, 0x38, 0x8a, 0xad, 0xc8, 0x1a, 0x1f, 0x2a, 0x62, 0xbc, 0x45, 0xf8, 0xd5, 0xc1, 0x91, 0x51, 0xba, 0xcd, 0xd5, 0xcb, 0x79, 0x8a, 0x3e}},
-    {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0x55}, 5,
-     {0xc1, 0x08, 0x16, 0x49, 0xad, 0xa7, 0x43, 0x62, 0xe6, 0xa1, 0x45, 0x9d, 0x01, 0xdf, 0xd3, 0x0d, 0x67, 0xc2, 0x23, 0x4c, 0x94, 0x07, 0x04, 0xda},
-     {0x34, 0x80, 0x57, 0xec, 0x98, 0xfd, 0xc4, 0x80, 0x16, 0x16, 0x1c, 0x2a, 0x4c, 0x7a, 0x94, 0x3e, 0x92, 0xae, 0x49, 0x2c, 0x98, 0x91, 0x75, 0xf7}},
-    {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0xaa}, 5,
-     {0x5d, 0x15, 0x4a, 0xf2, 0x38, 0xf4, 0x67, 0x13, 0x15, 0x57, 0x19, 0xd5, 0x5e, 0x2f, 0x1f, 0x79, 0x0d, 0xd6, 0x61, 0xf2, 0x79, 0xa7, 0x91, 0x7c},
-     {0xa8, 0x80, 0x8a, 0xc2, 0x67, 0xda, 0xda, 0x3d, 0xcb, 0xe9, 0xa7, 0xc8, 0x46, 0x26, 0xfb, 0xc7, 0x61, 0xc2, 0x94, 0xb0, 0x13, 0x15, 0xe5, 0xc1}},
-    {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0x55}, 5,
-     {0x79, 0x85, 0x62, 0xe0, 0x49, 0x85, 0x2f, 0x57, 0xdc, 0x8c, 0x34, 0x3b, 0xa1, 0x7f, 0x2c, 0xa1, 0xd9, 0x73, 0x94, 0xef, 0xc8, 0xad, 0xc4, 0x43},
-     {0xc8, 0x13, 0xf8, 0x8a, 0x3b, 0xe3, 0xb3, 0x34, 0xf7, 0x54, 0x25, 0xce, 0x91, 0x75, 0xfb, 0xe3, 0xc8, 0x49, 0x3b, 0x89, 0xc8, 0x70, 0x3b, 0x49}},
-    {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0xaa}, 5,
-     {0x26, 0xdc, 0xe3, 0x34, 0xb5, 0x45, 0x29, 0x2f, 0x2f, 0xea, 0xb9, 0xa8, 0x70, 0x1a, 0x89, 0xa4, 0xb9, 0x9e, 0xb9, 0x94, 0x2c, 0xec, 0xd0, 0x16},
-     {0xf4, 0x8f, 0xfd, 0x6e, 0x83, 0xf8, 0x3e, 0x73, 0x54, 0xe6, 0x94, 0xfd, 0x25, 0x2c, 0xf8, 0x3b, 0xfe, 0x58, 0xf7, 0xd5, 0xba, 0x37, 0xec, 0x5d}},
-    {0}
-};
-
-int KRB5_LIB_FUNCTION
-main(int argc, char **argv)
-{
-    struct testcase *t;
-    krb5_context context;
-    krb5_error_code ret;
-    int val = 0;
-
-    ret = krb5_init_context (&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    for (t = tests; t->enctype != 0; ++t) {
-	krb5_keyblock key;
-	krb5_keyblock *dkey;
-
-	key.keytype = KEYTYPE_DES3;
-	key.keyvalue.length = MAXSIZE;
-	key.keyvalue.data   = t->key;
-
-	ret = krb5_derive_key(context, &key, t->enctype, t->constant,
-			      t->constant_len, &dkey);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_derive_key");
-	if (memcmp (dkey->keyvalue.data, t->res, dkey->keyvalue.length) != 0) {
-	    const unsigned char *p = dkey->keyvalue.data;
-	    int i;
-
-	    printf ("derive_key failed\n");
-	    printf ("should be: ");
-	    for (i = 0; i < dkey->keyvalue.length; ++i)
-		printf ("%02x", t->res[i]);
-	    printf ("\nresult was: ");
-	    for (i = 0; i < dkey->keyvalue.length; ++i)
-		printf ("%02x", p[i]);
-	    printf ("\n");
-	    val = 1;
-	}
-	krb5_free_keyblock(context, dkey);
-    }
-    krb5_free_context(context);
-
-    return val;
-}
diff --git a/crypto/heimdal/lib/krb5/digest.c b/crypto/heimdal/lib/krb5/digest.c
deleted file mode 100644
index 6e612ed6bbb0..000000000000
--- a/crypto/heimdal/lib/krb5/digest.c
+++ /dev/null
@@ -1,1199 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-RCSID("$Id: digest.c 22156 2007-12-04 20:02:49Z lha $");
-#include "digest_asn1.h"
-
-struct krb5_digest_data {
-    char *cbtype;
-    char *cbbinding;
-
-    DigestInit init;
-    DigestInitReply initReply;
-    DigestRequest request;
-    DigestResponse response;
-};
-
-krb5_error_code
-krb5_digest_alloc(krb5_context context, krb5_digest *digest)
-{
-    krb5_digest d;
-
-    d = calloc(1, sizeof(*d));
-    if (d == NULL) {
-	*digest = NULL;
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    *digest = d;
-
-    return 0;
-}
-
-void
-krb5_digest_free(krb5_digest digest)
-{
-    if (digest == NULL)
-	return;
-    free_DigestInit(&digest->init);
-    free_DigestInitReply(&digest->initReply);
-    free_DigestRequest(&digest->request);
-    free_DigestResponse(&digest->response);
-    memset(digest, 0, sizeof(*digest));
-    free(digest);
-    return;
-}
-
-krb5_error_code
-krb5_digest_set_server_cb(krb5_context context,
-			  krb5_digest digest,
-			  const char *type,
-			  const char *binding)
-{
-    if (digest->init.channel) {
-	krb5_set_error_string(context, "server channel binding already set");
-	return EINVAL;
-    }
-    digest->init.channel = calloc(1, sizeof(*digest->init.channel));
-    if (digest->init.channel == NULL)
-	goto error;
-
-    digest->init.channel->cb_type = strdup(type);
-    if (digest->init.channel->cb_type == NULL)
-	goto error;
-
-    digest->init.channel->cb_binding = strdup(binding);
-    if (digest->init.channel->cb_binding == NULL) 
-	goto error;
-    return 0;
-error:
-    if (digest->init.channel) {
-	free(digest->init.channel->cb_type);
-	free(digest->init.channel->cb_binding);
-	free(digest->init.channel);
-	digest->init.channel = NULL;
-    }
-    krb5_set_error_string(context, "out of memory");
-    return ENOMEM;
-}
-
-krb5_error_code
-krb5_digest_set_type(krb5_context context,
-		     krb5_digest digest,
-		     const char *type)
-{
-    if (digest->init.type) {
-	krb5_set_error_string(context, "client type already set");
-	return EINVAL;
-    }
-    digest->init.type = strdup(type);
-    if (digest->init.type == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_digest_set_hostname(krb5_context context,
-			 krb5_digest digest,
-			 const char *hostname)
-{
-    if (digest->init.hostname) {
-	krb5_set_error_string(context, "server hostname already set");
-	return EINVAL;
-    }
-    digest->init.hostname = malloc(sizeof(*digest->init.hostname));
-    if (digest->init.hostname == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    *digest->init.hostname = strdup(hostname);
-    if (*digest->init.hostname == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	free(digest->init.hostname);
-	digest->init.hostname = NULL;
-	return ENOMEM;
-    }
-    return 0;
-}
-
-const char *
-krb5_digest_get_server_nonce(krb5_context context,
-			     krb5_digest digest)
-{
-    return digest->initReply.nonce;
-}
-
-krb5_error_code
-krb5_digest_set_server_nonce(krb5_context context,
-			     krb5_digest digest,
-			     const char *nonce)
-{
-    if (digest->request.serverNonce) {
-	krb5_set_error_string(context, "nonce already set");
-	return EINVAL;
-    }
-    digest->request.serverNonce = strdup(nonce);
-    if (digest->request.serverNonce == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    return 0;
-}
-
-const char *
-krb5_digest_get_opaque(krb5_context context,
-		       krb5_digest digest)
-{
-    return digest->initReply.opaque;
-}
-
-krb5_error_code
-krb5_digest_set_opaque(krb5_context context,
-		       krb5_digest digest,
-		       const char *opaque)
-{
-    if (digest->request.opaque) {
-	krb5_set_error_string(context, "opaque already set");
-	return EINVAL;
-    }
-    digest->request.opaque = strdup(opaque);
-    if (digest->request.opaque == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    return 0;
-}
-
-const char *
-krb5_digest_get_identifier(krb5_context context,
-			   krb5_digest digest)
-{
-    if (digest->initReply.identifier == NULL)
-	return NULL;
-    return *digest->initReply.identifier;
-}
-
-krb5_error_code
-krb5_digest_set_identifier(krb5_context context,
-			   krb5_digest digest,
-			   const char *id)
-{
-    if (digest->request.identifier) {
-	krb5_set_error_string(context, "identifier already set");
-	return EINVAL;
-    }
-    digest->request.identifier = calloc(1, sizeof(*digest->request.identifier));
-    if (digest->request.identifier == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    *digest->request.identifier = strdup(id);
-    if (*digest->request.identifier == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	free(digest->request.identifier);
-	digest->request.identifier = NULL;
-	return ENOMEM;
-    }
-    return 0;
-}
-
-static krb5_error_code
-digest_request(krb5_context context,
-	       krb5_realm realm,
-	       krb5_ccache ccache,
-	       krb5_key_usage usage,
-	       const DigestReqInner *ireq,
-	       DigestRepInner *irep)
-{
-    DigestREQ req;
-    DigestREP rep;
-    krb5_error_code ret;
-    krb5_data data, data2;
-    size_t size;
-    krb5_crypto crypto = NULL;
-    krb5_auth_context ac = NULL;
-    krb5_principal principal = NULL;
-    krb5_ccache id = NULL;
-    krb5_realm r = NULL;
-
-    krb5_data_zero(&data);
-    krb5_data_zero(&data2);
-    memset(&req, 0, sizeof(req));
-    memset(&rep, 0, sizeof(rep));
-
-    if (ccache == NULL) {
-	ret = krb5_cc_default(context, &id);
-	if (ret)
-	    goto out;
-    } else
-	id = ccache;
-
-    if (realm == NULL) {
-	ret = krb5_get_default_realm(context, &r);
-	if (ret)
-	    goto out;
-    } else
-	r = realm;
-
-    /*
-     *
-     */
-
-    ret = krb5_make_principal(context, &principal, 
-			      r, KRB5_DIGEST_NAME, r, NULL);
-    if (ret)
-	goto out;
-
-    ASN1_MALLOC_ENCODE(DigestReqInner, data.data, data.length,
-		       ireq, &size, ret);
-    if (ret) {
-	krb5_set_error_string(context,
-			      "Failed to encode digest inner request");
-	goto out;
-    }
-    if (size != data.length)
-	krb5_abortx(context, "ASN.1 internal encoder error");
-
-    ret = krb5_mk_req_exact(context, &ac, 
-			    AP_OPTS_USE_SUBKEY|AP_OPTS_MUTUAL_REQUIRED,
-			    principal, NULL, id, &req.apReq);
-    if (ret)
-	goto out;
-
-    {
-	krb5_keyblock *key;
-
-	ret = krb5_auth_con_getlocalsubkey(context, ac, &key);
-	if (ret)
-	    goto out;
-	if (key == NULL) {
-	    krb5_set_error_string(context, "Digest failed to get local subkey");
-	    ret = EINVAL;
-	    goto out;
-	}
-
-	ret = krb5_crypto_init(context, key, 0, &crypto);
-	krb5_free_keyblock (context, key);
-	if (ret)
-	    goto out;
-    }
-
-    ret = krb5_encrypt_EncryptedData(context, crypto, usage,
-				     data.data, data.length, 0, 
-				     &req.innerReq);
-    if (ret)
-	goto out;
-
-    krb5_data_free(&data);
-
-    ASN1_MALLOC_ENCODE(DigestREQ, data.data, data.length,
-		       &req, &size, ret);
-    if (ret) {
-	krb5_set_error_string(context, "Failed to encode DigestREQest");
-	goto out;
-    }
-    if (size != data.length)
-	krb5_abortx(context, "ASN.1 internal encoder error");
-
-    ret = krb5_sendto_kdc(context, &data, &r, &data2);
-    if (ret)
-	goto out;
-
-    ret = decode_DigestREP(data2.data, data2.length, &rep, NULL);
-    if (ret) {
-	krb5_set_error_string(context, "Failed to parse digest response");
-	goto out;
-    }
-
-    {
-	krb5_ap_rep_enc_part *repl;
-
-	ret = krb5_rd_rep(context, ac, &rep.apRep, &repl);
-	if (ret)
-	    goto out;
-
-	krb5_free_ap_rep_enc_part(context, repl);
-    }
-    {
-	krb5_keyblock *key;
-
-	ret = krb5_auth_con_getremotesubkey(context, ac, &key);
-	if (ret)
-	    goto out;
-	if (key == NULL) {
-	    ret = EINVAL;
-	    krb5_set_error_string(context, 
-				  "Digest reply have no remote subkey");
-	    goto out;
-	}
-
-	krb5_crypto_destroy(context, crypto);
-	ret = krb5_crypto_init(context, key, 0, &crypto);
-	krb5_free_keyblock (context, key);
-	if (ret)
-	    goto out;
-    }
-
-    krb5_data_free(&data);
-    ret = krb5_decrypt_EncryptedData(context, crypto, usage,
-				     &rep.innerRep, &data);
-    if (ret)
-	goto out;
-    
-    ret = decode_DigestRepInner(data.data, data.length, irep, NULL);
-    if (ret) {
-	krb5_set_error_string(context, "Failed to decode digest inner reply");
-	goto out;
-    }
-
-out:
-    if (ccache == NULL && id)
-	krb5_cc_close(context, id);
-    if (realm == NULL && r)
-	free(r);
-    if (crypto)
-	krb5_crypto_destroy(context, crypto);
-    if (ac)
-	krb5_auth_con_free(context, ac);
-    if (principal)
-	krb5_free_principal(context, principal);
-
-    krb5_data_free(&data);
-    krb5_data_free(&data2);
-
-    free_DigestREQ(&req);
-    free_DigestREP(&rep);
-
-    return ret;
-}
-
-krb5_error_code
-krb5_digest_init_request(krb5_context context,
-			 krb5_digest digest,
-			 krb5_realm realm,
-			 krb5_ccache ccache)
-{
-    DigestReqInner ireq;
-    DigestRepInner irep;
-    krb5_error_code ret;
-
-    memset(&ireq, 0, sizeof(ireq));
-    memset(&irep, 0, sizeof(irep));
-
-    if (digest->init.type == NULL) {
-	krb5_set_error_string(context, "Type missing from init req");
-	return EINVAL;
-    }
-
-    ireq.element = choice_DigestReqInner_init;
-    ireq.u.init = digest->init;
-
-    ret = digest_request(context, realm, ccache,
-			 KRB5_KU_DIGEST_ENCRYPT, &ireq, &irep);
-    if (ret)
-	goto out;
-
-    if (irep.element == choice_DigestRepInner_error) {
-	krb5_set_error_string(context, "Digest init error: %s",
-			      irep.u.error.reason);
-	ret = irep.u.error.code;
-	goto out;
-    }
-
-    if (irep.element != choice_DigestRepInner_initReply) {
-	krb5_set_error_string(context, "digest reply not an initReply");
-	ret = EINVAL;
-	goto out;
-    }
-
-    ret = copy_DigestInitReply(&irep.u.initReply, &digest->initReply);
-    if (ret) {
-	krb5_set_error_string(context, "Failed to copy initReply");
-	goto out;
-    }
-
-out:
-    free_DigestRepInner(&irep);
-
-    return ret;
-}
-
-
-krb5_error_code
-krb5_digest_set_client_nonce(krb5_context context,
-			     krb5_digest digest,
-			     const char *nonce)
-{
-    if (digest->request.clientNonce) {
-	krb5_set_error_string(context, "clientNonce already set");
-	return EINVAL;
-    }
-    digest->request.clientNonce = 
-	calloc(1, sizeof(*digest->request.clientNonce));
-    if (digest->request.clientNonce == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    *digest->request.clientNonce = strdup(nonce);
-    if (*digest->request.clientNonce == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	free(digest->request.clientNonce);
-	digest->request.clientNonce = NULL;
-	return ENOMEM;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_digest_set_digest(krb5_context context,
-		       krb5_digest digest,
-		       const char *dgst)
-{
-    if (digest->request.digest) {
-	krb5_set_error_string(context, "digest already set");
-	return EINVAL;
-    }
-    digest->request.digest = strdup(dgst);
-    if (digest->request.digest == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_digest_set_username(krb5_context context,
-			 krb5_digest digest,
-			 const char *username)
-{
-    if (digest->request.username) {
-	krb5_set_error_string(context, "username already set");
-	return EINVAL;
-    }
-    digest->request.username = strdup(username);
-    if (digest->request.username == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_digest_set_authid(krb5_context context,
-		       krb5_digest digest,
-		       const char *authid)
-{
-    if (digest->request.authid) {
-	krb5_set_error_string(context, "authid already set");
-	return EINVAL;
-    }
-    digest->request.authid = malloc(sizeof(*digest->request.authid));
-    if (digest->request.authid == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    *digest->request.authid = strdup(authid);
-    if (*digest->request.authid == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	free(digest->request.authid);
-	digest->request.authid = NULL;
-	return ENOMEM;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_digest_set_authentication_user(krb5_context context,
-				    krb5_digest digest,
-				    krb5_principal authentication_user)
-{
-    krb5_error_code ret;
-
-    if (digest->request.authentication_user) {
-	krb5_set_error_string(context, "authentication_user already set");
-	return EINVAL;
-    }
-    ret = krb5_copy_principal(context,
-			      authentication_user,
-			      &digest->request.authentication_user);
-    if (digest->request.authentication_user == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_digest_set_realm(krb5_context context,
-		      krb5_digest digest,
-		      const char *realm)
-{
-    if (digest->request.realm) {
-	krb5_set_error_string(context, "realm already set");
-	return EINVAL;
-    }
-    digest->request.realm = malloc(sizeof(*digest->request.realm));
-    if (digest->request.realm == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    *digest->request.realm = strdup(realm);
-    if (*digest->request.realm == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	free(digest->request.realm);
-	digest->request.realm = NULL;
-	return ENOMEM;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_digest_set_method(krb5_context context,
-		       krb5_digest digest,
-		       const char *method)
-{
-    if (digest->request.method) {
-	krb5_set_error_string(context, "method already set");
-	return EINVAL;
-    }
-    digest->request.method = malloc(sizeof(*digest->request.method));
-    if (digest->request.method == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    *digest->request.method = strdup(method);
-    if (*digest->request.method == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	free(digest->request.method);
-	digest->request.method = NULL;
-	return ENOMEM;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_digest_set_uri(krb5_context context,
-		    krb5_digest digest,
-		    const char *uri)
-{
-    if (digest->request.uri) {
-	krb5_set_error_string(context, "uri already set");
-	return EINVAL;
-    }
-    digest->request.uri = malloc(sizeof(*digest->request.uri));
-    if (digest->request.uri == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    *digest->request.uri = strdup(uri);
-    if (*digest->request.uri == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	free(digest->request.uri);
-	digest->request.uri = NULL;
-	return ENOMEM;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_digest_set_nonceCount(krb5_context context,
-			   krb5_digest digest,
-			   const char *nonce_count)
-{
-    if (digest->request.nonceCount) {
-	krb5_set_error_string(context, "nonceCount already set");
-	return EINVAL;
-    }
-    digest->request.nonceCount = 
-	malloc(sizeof(*digest->request.nonceCount));
-    if (digest->request.nonceCount == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    *digest->request.nonceCount = strdup(nonce_count);
-    if (*digest->request.nonceCount == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	free(digest->request.nonceCount);
-	digest->request.nonceCount = NULL;
-	return ENOMEM;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_digest_set_qop(krb5_context context,
-		    krb5_digest digest,
-		    const char *qop)
-{
-    if (digest->request.qop) {
-	krb5_set_error_string(context, "qop already set");
-	return EINVAL;
-    }
-    digest->request.qop = malloc(sizeof(*digest->request.qop));
-    if (digest->request.qop == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    *digest->request.qop = strdup(qop);
-    if (*digest->request.qop == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	free(digest->request.qop);
-	digest->request.qop = NULL;
-	return ENOMEM;
-    }
-    return 0;
-}
-
-int
-krb5_digest_set_responseData(krb5_context context,
-			     krb5_digest digest,
-			     const char *response)
-{
-    digest->request.responseData = strdup(response);
-    if (digest->request.responseData == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_digest_request(krb5_context context,
-		    krb5_digest digest,
-		    krb5_realm realm,
-		    krb5_ccache ccache)
-{
-    DigestReqInner ireq;
-    DigestRepInner irep;
-    krb5_error_code ret;
-
-    memset(&ireq, 0, sizeof(ireq));
-    memset(&irep, 0, sizeof(irep));
-
-    ireq.element = choice_DigestReqInner_digestRequest;
-    ireq.u.digestRequest = digest->request;
-
-    if (digest->request.type == NULL) {
-	if (digest->init.type == NULL) {
-	    krb5_set_error_string(context, "Type missing from req");
-	    return EINVAL;
-	}
-	ireq.u.digestRequest.type = digest->init.type;
-    }
-
-    if (ireq.u.digestRequest.digest == NULL)
-	ireq.u.digestRequest.digest = "md5";
-
-    ret = digest_request(context, realm, ccache,
-			 KRB5_KU_DIGEST_ENCRYPT, &ireq, &irep);
-    if (ret)
-	return ret;
-
-    if (irep.element == choice_DigestRepInner_error) {
-	krb5_set_error_string(context, "Digest response error: %s",
-			      irep.u.error.reason);
-	ret = irep.u.error.code;
-	goto out;
-    }
-
-    if (irep.element != choice_DigestRepInner_response) {
-	krb5_set_error_string(context, "digest reply not an DigestResponse");
-	ret = EINVAL;
-	goto out;
-    }
-
-    ret = copy_DigestResponse(&irep.u.response, &digest->response);
-    if (ret) {
-	krb5_set_error_string(context, "Failed to copy initReply");
-	goto out;
-    }
-
-out:
-    free_DigestRepInner(&irep);
-
-    return ret;
-}
-
-krb5_boolean
-krb5_digest_rep_get_status(krb5_context context, 
-			   krb5_digest digest)
-{
-    return digest->response.success ? TRUE : FALSE;
-}
-
-const char *
-krb5_digest_get_rsp(krb5_context context,
-		    krb5_digest digest)
-{
-    if (digest->response.rsp == NULL)
-	return NULL;
-    return *digest->response.rsp;
-}
-
-krb5_error_code
-krb5_digest_get_tickets(krb5_context context,
-			krb5_digest digest,
-			Ticket **tickets)
-{
-    *tickets = NULL;
-    return 0;
-}
-
-
-krb5_error_code
-krb5_digest_get_client_binding(krb5_context context,
-			       krb5_digest digest,
-			       char **type,
-			       char **binding)
-{
-    if (digest->response.channel) {
-	*type = strdup(digest->response.channel->cb_type);
-	*binding = strdup(digest->response.channel->cb_binding);
-	if (*type == NULL || *binding == NULL) {
-	    free(*type);
-	    free(*binding);
-	    krb5_set_error_string(context, "out of memory");
-	    return ENOMEM;
-	}
-    } else {
-	*type = NULL;
-	*binding = NULL;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_digest_get_session_key(krb5_context context,
-			    krb5_digest digest,
-			    krb5_data *data)
-{
-    krb5_error_code ret;
-
-    krb5_data_zero(data);
-    if (digest->response.session_key == NULL)
-	return 0;
-    ret = der_copy_octet_string(digest->response.session_key, data);
-    if (ret)
-	krb5_clear_error_string(context);
-
-    return ret;
-}
-
-struct krb5_ntlm_data {
-    NTLMInit init;
-    NTLMInitReply initReply;
-    NTLMRequest request;
-    NTLMResponse response;
-};
-
-krb5_error_code
-krb5_ntlm_alloc(krb5_context context, 
-		krb5_ntlm *ntlm)
-{
-    *ntlm = calloc(1, sizeof(**ntlm));
-    if (*ntlm == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_ntlm_free(krb5_context context, krb5_ntlm ntlm)
-{
-    free_NTLMInit(&ntlm->init);
-    free_NTLMInitReply(&ntlm->initReply);
-    free_NTLMRequest(&ntlm->request);
-    free_NTLMResponse(&ntlm->response);
-    memset(ntlm, 0, sizeof(*ntlm));
-    free(ntlm);
-    return 0;
-}
-
-
-krb5_error_code
-krb5_ntlm_init_request(krb5_context context, 
-		       krb5_ntlm ntlm,
-		       krb5_realm realm,
-		       krb5_ccache ccache,
-		       uint32_t flags,
-		       const char *hostname,
-		       const char *domainname)
-{
-    DigestReqInner ireq;
-    DigestRepInner irep;
-    krb5_error_code ret;
-
-    memset(&ireq, 0, sizeof(ireq));
-    memset(&irep, 0, sizeof(irep));
-
-    ntlm->init.flags = flags;
-    if (hostname) {
-	ALLOC(ntlm->init.hostname, 1);
-	*ntlm->init.hostname = strdup(hostname);
-    }
-    if (domainname) {
-	ALLOC(ntlm->init.domain, 1);
-	*ntlm->init.domain = strdup(domainname);
-    }
-
-    ireq.element = choice_DigestReqInner_ntlmInit;
-    ireq.u.ntlmInit = ntlm->init;
-
-    ret = digest_request(context, realm, ccache,
-			 KRB5_KU_DIGEST_ENCRYPT, &ireq, &irep);
-    if (ret)
-	goto out;
-
-    if (irep.element == choice_DigestRepInner_error) {
-	krb5_set_error_string(context, "Digest init error: %s",
-			      irep.u.error.reason);
-	ret = irep.u.error.code;
-	goto out;
-    }
-
-    if (irep.element != choice_DigestRepInner_ntlmInitReply) {
-	krb5_set_error_string(context, "ntlm reply not an initReply");
-	ret = EINVAL;
-	goto out;
-    }
-
-    ret = copy_NTLMInitReply(&irep.u.ntlmInitReply, &ntlm->initReply);
-    if (ret) {
-	krb5_set_error_string(context, "Failed to copy initReply");
-	goto out;
-    }
-
-out:
-    free_DigestRepInner(&irep);
-
-    return ret;
-}
-
-krb5_error_code
-krb5_ntlm_init_get_flags(krb5_context context,
-			 krb5_ntlm ntlm,
-			 uint32_t *flags)
-{
-    *flags = ntlm->initReply.flags;
-    return 0;
-}
-
-krb5_error_code
-krb5_ntlm_init_get_challange(krb5_context context,
-			     krb5_ntlm ntlm,
-			     krb5_data *challange)
-{
-    krb5_error_code ret;
-
-    ret = der_copy_octet_string(&ntlm->initReply.challange, challange);
-    if (ret)
-	krb5_clear_error_string(context);
-
-    return ret;
-}
-
-krb5_error_code
-krb5_ntlm_init_get_opaque(krb5_context context,
-			  krb5_ntlm ntlm,
-			  krb5_data *opaque)
-{
-    krb5_error_code ret;
-
-    ret = der_copy_octet_string(&ntlm->initReply.opaque, opaque);
-    if (ret)
-	krb5_clear_error_string(context);
-
-    return ret;
-}
-
-krb5_error_code
-krb5_ntlm_init_get_targetname(krb5_context context,
-			      krb5_ntlm ntlm,
-			      char **name)
-{
-    *name = strdup(ntlm->initReply.targetname);
-    if (*name == NULL) {
-	krb5_clear_error_string(context);
-	return ENOMEM;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_ntlm_init_get_targetinfo(krb5_context context,
-			      krb5_ntlm ntlm,
-			      krb5_data *data)
-{
-    krb5_error_code ret;
-
-    if (ntlm->initReply.targetinfo == NULL) {
-	krb5_data_zero(data);
-	return 0;
-    }
-
-    ret = krb5_data_copy(data,
-			 ntlm->initReply.targetinfo->data,
-			 ntlm->initReply.targetinfo->length);
-    if (ret) {
-	krb5_clear_error_string(context);
-	return ret;
-    }
-    return 0;
-}
-
-
-krb5_error_code
-krb5_ntlm_request(krb5_context context,
-		  krb5_ntlm ntlm,
-		  krb5_realm realm,
-		  krb5_ccache ccache)
-{
-    DigestReqInner ireq;
-    DigestRepInner irep;
-    krb5_error_code ret;
-
-    memset(&ireq, 0, sizeof(ireq));
-    memset(&irep, 0, sizeof(irep));
-
-    ireq.element = choice_DigestReqInner_ntlmRequest;
-    ireq.u.ntlmRequest = ntlm->request;
-
-    ret = digest_request(context, realm, ccache,
-			 KRB5_KU_DIGEST_ENCRYPT, &ireq, &irep);
-    if (ret)
-	return ret;
-
-    if (irep.element == choice_DigestRepInner_error) {
-	krb5_set_error_string(context, "NTLM response error: %s",
-			      irep.u.error.reason);
-	ret = irep.u.error.code;
-	goto out;
-    }
-
-    if (irep.element != choice_DigestRepInner_ntlmResponse) {
-	krb5_set_error_string(context, "NTLM reply not an NTLMResponse");
-	ret = EINVAL;
-	goto out;
-    }
-
-    ret = copy_NTLMResponse(&irep.u.ntlmResponse, &ntlm->response);
-    if (ret) {
-	krb5_set_error_string(context, "Failed to copy NTLMResponse");
-	goto out;
-    }
-
-out:
-    free_DigestRepInner(&irep);
-
-    return ret;
-}
-
-krb5_error_code
-krb5_ntlm_req_set_flags(krb5_context context, 
-			krb5_ntlm ntlm,
-			uint32_t flags)
-{
-    ntlm->request.flags = flags;
-    return 0;
-}
-
-krb5_error_code
-krb5_ntlm_req_set_username(krb5_context context, 
-			   krb5_ntlm ntlm,
-			   const char *username)
-{
-    ntlm->request.username = strdup(username);
-    if (ntlm->request.username == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_ntlm_req_set_targetname(krb5_context context, 
-			     krb5_ntlm ntlm,
-			     const char *targetname)
-{
-    ntlm->request.targetname = strdup(targetname);
-    if (ntlm->request.targetname == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_ntlm_req_set_lm(krb5_context context, 
-		     krb5_ntlm ntlm,
-		     void *hash, size_t len)
-{
-    ntlm->request.lm.data = malloc(len);
-    if (ntlm->request.lm.data == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    ntlm->request.lm.length = len;
-    memcpy(ntlm->request.lm.data, hash, len);
-    return 0;
-}
-
-krb5_error_code
-krb5_ntlm_req_set_ntlm(krb5_context context, 
-		       krb5_ntlm ntlm,
-		       void *hash, size_t len)
-{
-    ntlm->request.ntlm.data = malloc(len);
-    if (ntlm->request.ntlm.data == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    ntlm->request.ntlm.length = len;
-    memcpy(ntlm->request.ntlm.data, hash, len);
-    return 0;
-}
-
-krb5_error_code
-krb5_ntlm_req_set_opaque(krb5_context context, 
-			 krb5_ntlm ntlm,
-			 krb5_data *opaque)
-{
-    ntlm->request.opaque.data = malloc(opaque->length);
-    if (ntlm->request.opaque.data == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    ntlm->request.opaque.length = opaque->length;
-    memcpy(ntlm->request.opaque.data, opaque->data, opaque->length);
-    return 0;
-}
-
-krb5_error_code
-krb5_ntlm_req_set_session(krb5_context context, 
-			  krb5_ntlm ntlm,
-			  void *sessionkey, size_t length)
-{
-    ntlm->request.sessionkey = calloc(1, sizeof(*ntlm->request.sessionkey));
-    if (ntlm->request.sessionkey == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    ntlm->request.sessionkey->data = malloc(length);
-    if (ntlm->request.sessionkey->data == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    memcpy(ntlm->request.sessionkey->data, sessionkey, length);
-    ntlm->request.sessionkey->length = length;
-    return 0;
-}
-
-krb5_boolean
-krb5_ntlm_rep_get_status(krb5_context context, 
-			 krb5_ntlm ntlm)
-{
-    return ntlm->response.success ? TRUE : FALSE;
-}
-
-krb5_error_code
-krb5_ntlm_rep_get_sessionkey(krb5_context context, 
-			     krb5_ntlm ntlm,
-			     krb5_data *data)
-{
-    if (ntlm->response.sessionkey == NULL) {
-	krb5_set_error_string(context, "no ntlm session key");
-	return EINVAL;
-    }
-    krb5_clear_error_string(context);
-    return krb5_data_copy(data,
-			  ntlm->response.sessionkey->data,
-			  ntlm->response.sessionkey->length);
-}
-
-/**
- * Get the supported/allowed mechanism for this principal.
- *
- * @param context A Keberos context.
- * @param realm The realm of the KDC.
- * @param ccache The credential cache to use when talking to the KDC.
- * @param flags The supported mechanism.
- *
- * @return Return an error code or 0.
- *
- * @ingroup krb5_digest
- */
-
-krb5_error_code
-krb5_digest_probe(krb5_context context,
-		  krb5_realm realm,
-		  krb5_ccache ccache,
-		  unsigned *flags)
-{
-    DigestReqInner ireq;
-    DigestRepInner irep;
-    krb5_error_code ret;
-
-    memset(&ireq, 0, sizeof(ireq));
-    memset(&irep, 0, sizeof(irep));
-
-    ireq.element = choice_DigestReqInner_supportedMechs;
-
-    ret = digest_request(context, realm, ccache,
-			 KRB5_KU_DIGEST_ENCRYPT, &ireq, &irep);
-    if (ret)
-	goto out;
-
-    if (irep.element == choice_DigestRepInner_error) {
-	krb5_set_error_string(context, "Digest probe error: %s",
-			      irep.u.error.reason);
-	ret = irep.u.error.code;
-	goto out;
-    }
-
-    if (irep.element != choice_DigestRepInner_supportedMechs) {
-	krb5_set_error_string(context, "Digest reply not an probe");
-	ret = EINVAL;
-	goto out;
-    }
-
-    *flags = DigestTypes2int(irep.u.supportedMechs);
-
-out:
-    free_DigestRepInner(&irep);
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/doxygen.c b/crypto/heimdal/lib/krb5/doxygen.c
deleted file mode 100644
index b7c6f8fcfdd0..000000000000
--- a/crypto/heimdal/lib/krb5/doxygen.c
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * Copyright (c) 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-RCSID("$Id$");
-
-/**
- * 
- */
-
-/*! \mainpage Heimdal Kerberos 5 library
- *
- * \section intro Introduction
- *
- * Heimdal libkrb5 library is a implementation of the Kerberos
- * protocol.
- * 
- * Kerberos is a system for authenticating users and services on a
- * network.  It is built upon the assumption that the network is
- * ``unsafe''.  For example, data sent over the network can be
- * eavesdropped and altered, and addresses can also be faked.
- * Therefore they cannot be used for authentication purposes.
- *
- * The project web page:\n
- * http://www.h5l.org/
- *
- */
-
-/** @defgroup krb5 Heimdal Kerberos 5 library */
-/** @defgroup krb5_address Heimdal Kerberos 5 address functions */
-/** @defgroup krb5_ccache Heimdal Kerberos 5 credential cache functions */
-/** @defgroup krb5_credential Heimdal Kerberos 5 credential handing functions */
-/** @defgroup krb5_deprecated Heimdal Kerberos 5 deprecated functions */
-/** @defgroup krb5_digest Heimdal Kerberos 5 digest service */
-/** @defgroup krb5_error Heimdal Kerberos 5 error reporting functions */
-/** @defgroup krb5_v4compat Heimdal Kerberos 4 compatiblity functions */
-/** @defgroup krb5_support Heimdal Kerberos 5 support functions */
diff --git a/crypto/heimdal/lib/krb5/dump_config.c b/crypto/heimdal/lib/krb5/dump_config.c
deleted file mode 100644
index 074595e2139c..000000000000
--- a/crypto/heimdal/lib/krb5/dump_config.c
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: dump_config.c,v 1.2 1999/10/28 23:22:41 assar Exp $");
-
-/* print contents of krb5.conf */
-
-static void
-print_tree(struct krb5_config_binding *b, int level)
-{
-    if (b == NULL)
-	return;
-
-    printf("%*s%s%s%s", level * 4, "", 
-	   (level == 0) ? "[" : "", b->name, (level == 0) ? "]" : "");
-    if(b->type == krb5_config_list) {
-	if(level > 0)
-	    printf(" = {");
-	printf("\n");
-	print_tree(b->u.list, level + 1);
-	if(level > 0)
-	    printf("%*s}\n", level * 4, "");
-    } else if(b->type == krb5_config_string) {
-	printf(" = %s\n", b->u.string);
-    }
-    if(b->next)
-	print_tree(b->next, level);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret = krb5_init_context(&context);
-    if(ret == 0) {
-	print_tree(context->cf, 0);
-	return 0;
-    }
-    return 1;
-}
diff --git a/crypto/heimdal/lib/krb5/eai_to_heim_errno.c b/crypto/heimdal/lib/krb5/eai_to_heim_errno.c
deleted file mode 100644
index 19315cea8678..000000000000
--- a/crypto/heimdal/lib/krb5/eai_to_heim_errno.c
+++ /dev/null
@@ -1,114 +0,0 @@
-/*
- * Copyright (c) 2000 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: eai_to_heim_errno.c 22065 2007-11-11 16:41:06Z lha $");
-
-/**
- * Convert the getaddrinfo() error code to a Kerberos et error code.
- *
- * @param eai_errno contains the error code from getaddrinfo().
- * @param system_error should have the value of errno after the failed getaddrinfo().
- *
- * @return Kerberos error code representing the EAI errors.
- *
- * @ingroup krb5_error
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_eai_to_heim_errno(int eai_errno, int system_error)
-{
-    switch(eai_errno) {
-    case EAI_NOERROR:
-	return 0;
-#ifdef EAI_ADDRFAMILY
-    case EAI_ADDRFAMILY:
-	return HEIM_EAI_ADDRFAMILY;
-#endif
-    case EAI_AGAIN:
-	return HEIM_EAI_AGAIN;
-    case EAI_BADFLAGS:
-	return HEIM_EAI_BADFLAGS;
-    case EAI_FAIL:
-	return HEIM_EAI_FAIL;
-    case EAI_FAMILY:
-	return HEIM_EAI_FAMILY;
-    case EAI_MEMORY:
-	return HEIM_EAI_MEMORY;
-#if defined(EAI_NODATA) && EAI_NODATA != EAI_NONAME
-    case EAI_NODATA:
-	return HEIM_EAI_NODATA;
-#endif
-    case EAI_NONAME:
-	return HEIM_EAI_NONAME;
-    case EAI_SERVICE:
-	return HEIM_EAI_SERVICE;
-    case EAI_SOCKTYPE:
-	return HEIM_EAI_SOCKTYPE;
-    case EAI_SYSTEM:
-	return system_error;
-    default:
-	return HEIM_EAI_UNKNOWN; /* XXX */
-    }
-}
-
-/**
- * Convert the gethostname() error code (h_error) to a Kerberos et
- * error code.
- *
- * @param eai_errno contains the error code from gethostname().
- *
- * @return Kerberos error code representing the gethostname errors.
- *
- * @ingroup krb5_error
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_h_errno_to_heim_errno(int eai_errno)
-{
-    switch(eai_errno) {
-    case 0:
-	return 0;
-    case HOST_NOT_FOUND:
-	return HEIM_EAI_NONAME;
-    case TRY_AGAIN:
-	return HEIM_EAI_AGAIN;
-    case NO_RECOVERY:
-	return HEIM_EAI_FAIL;
-    case NO_DATA:
-	return HEIM_EAI_NONAME;
-    default:
-	return HEIM_EAI_UNKNOWN; /* XXX */
-    }
-}
diff --git a/crypto/heimdal/lib/krb5/error_string.c b/crypto/heimdal/lib/krb5/error_string.c
deleted file mode 100644
index ff6e98a3dcaf..000000000000
--- a/crypto/heimdal/lib/krb5/error_string.c
+++ /dev/null
@@ -1,155 +0,0 @@
-/*
- * Copyright (c) 2001, 2003, 2005 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: error_string.c 22142 2007-12-04 16:56:02Z lha $");
-
-#undef __attribute__
-#define __attribute__(X)
-
-void KRB5_LIB_FUNCTION
-krb5_free_error_string(krb5_context context, char *str)
-{
-    HEIMDAL_MUTEX_lock(context->mutex);
-    if (str != context->error_buf)
-	free(str);
-    HEIMDAL_MUTEX_unlock(context->mutex);
-}
-
-void KRB5_LIB_FUNCTION
-krb5_clear_error_string(krb5_context context)
-{
-    HEIMDAL_MUTEX_lock(context->mutex);
-    if (context->error_string != NULL
-	&& context->error_string != context->error_buf)
-	free(context->error_string);
-    context->error_string = NULL;
-    HEIMDAL_MUTEX_unlock(context->mutex);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_error_string(krb5_context context, const char *fmt, ...)
-    __attribute__((format (printf, 2, 3)))
-{
-    krb5_error_code ret;
-    va_list ap;
-
-    va_start(ap, fmt);
-    ret = krb5_vset_error_string (context, fmt, ap);
-    va_end(ap);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_vset_error_string(krb5_context context, const char *fmt, va_list args)
-    __attribute__ ((format (printf, 2, 0)))
-{
-    krb5_clear_error_string(context);
-    HEIMDAL_MUTEX_lock(context->mutex);
-    vasprintf(&context->error_string, fmt, args);
-    if(context->error_string == NULL) {
-	vsnprintf (context->error_buf, sizeof(context->error_buf), fmt, args);
-	context->error_string = context->error_buf;
-    }
-    HEIMDAL_MUTEX_unlock(context->mutex);
-    return 0;
-}
-
-/**
- * Return the error message in context. On error or no error string,
- * the function returns NULL.
- *
- * @param context Kerberos 5 context
- *
- * @return an error string, needs to be freed with
- * krb5_free_error_string(). The functions return NULL on error.
- *
- * @ingroup krb5_error
- */
-
-char * KRB5_LIB_FUNCTION
-krb5_get_error_string(krb5_context context)
-{
-    char *ret = NULL;
-
-    HEIMDAL_MUTEX_lock(context->mutex);
-    if (context->error_string)
-	ret = strdup(context->error_string);
-    HEIMDAL_MUTEX_unlock(context->mutex);
-    return ret;
-}
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_have_error_string(krb5_context context)
-{
-    char *str;
-    HEIMDAL_MUTEX_lock(context->mutex);
-    str = context->error_string;
-    HEIMDAL_MUTEX_unlock(context->mutex);
-    return str != NULL;
-}
-
-/**
- * Return the error message for `code' in context. On error the
- * function returns NULL.
- *
- * @param context Kerberos 5 context
- * @param code Error code related to the error
- *
- * @return an error string, needs to be freed with
- * krb5_free_error_string(). The functions return NULL on error.
- *
- * @ingroup krb5_error
- */
-
-char * KRB5_LIB_FUNCTION
-krb5_get_error_message(krb5_context context, krb5_error_code code)
-{
-    const char *cstr;
-    char *str;
-
-    str = krb5_get_error_string(context);
-    if (str)
-	return str;
-
-    cstr = krb5_get_err_text(context, code);
-    if (cstr)
-	return strdup(cstr);
-
-    if (asprintf(&str, "<unknown error: %d>", code) == -1)
-	return NULL;
-
-    return str;
-}
-
diff --git a/crypto/heimdal/lib/krb5/expand_hostname.c b/crypto/heimdal/lib/krb5/expand_hostname.c
deleted file mode 100644
index 28e39afb42f7..000000000000
--- a/crypto/heimdal/lib/krb5/expand_hostname.c
+++ /dev/null
@@ -1,160 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: expand_hostname.c 22229 2007-12-08 21:40:59Z lha $");
-
-static krb5_error_code
-copy_hostname(krb5_context context,
-	      const char *orig_hostname,
-	      char **new_hostname)
-{
-    *new_hostname = strdup (orig_hostname);
-    if (*new_hostname == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    strlwr (*new_hostname);
-    return 0;
-}
-
-/*
- * Try to make `orig_hostname' into a more canonical one in the newly
- * allocated space returned in `new_hostname'.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_expand_hostname (krb5_context context,
-		      const char *orig_hostname,
-		      char **new_hostname)
-{
-    struct addrinfo *ai, *a, hints;
-    int error;
-
-    if ((context->flags & KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME) == 0)
-	return copy_hostname (context, orig_hostname, new_hostname);
-
-    memset (&hints, 0, sizeof(hints));
-    hints.ai_flags = AI_CANONNAME;
-
-    error = getaddrinfo (orig_hostname, NULL, &hints, &ai);
-    if (error)
-	return copy_hostname (context, orig_hostname, new_hostname);
-    for (a = ai; a != NULL; a = a->ai_next) {
-	if (a->ai_canonname != NULL) {
-	    *new_hostname = strdup (a->ai_canonname);
-	    freeaddrinfo (ai);
-	    if (*new_hostname == NULL) {
-		krb5_set_error_string(context, "malloc: out of memory");
-		return ENOMEM;
-	    } else {
-		return 0;
-	    }
-	}
-    }
-    freeaddrinfo (ai);
-    return copy_hostname (context, orig_hostname, new_hostname);
-}
-
-/*
- * handle the case of the hostname being unresolvable and thus identical
- */
-
-static krb5_error_code
-vanilla_hostname (krb5_context context,
-		  const char *orig_hostname,
-		  char **new_hostname,
-		  char ***realms)
-{
-    krb5_error_code ret;
-
-    ret = copy_hostname (context, orig_hostname, new_hostname);
-    if (ret)
-	return ret;
-    strlwr (*new_hostname);
-
-    ret = krb5_get_host_realm (context, *new_hostname, realms);
-    if (ret) {
-	free (*new_hostname);
-	return ret;
-    }
-    return 0;
-}
-
-/*
- * expand `hostname' to a name we believe to be a hostname in newly
- * allocated space in `host' and return realms in `realms'.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_expand_hostname_realms (krb5_context context,
-			     const char *orig_hostname,
-			     char **new_hostname,
-			     char ***realms)
-{
-    struct addrinfo *ai, *a, hints;
-    int error;
-    krb5_error_code ret = 0;
-
-    if ((context->flags & KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME) == 0)
-	return vanilla_hostname (context, orig_hostname, new_hostname,
-				 realms);
-
-    memset (&hints, 0, sizeof(hints));
-    hints.ai_flags = AI_CANONNAME;
-
-    error = getaddrinfo (orig_hostname, NULL, &hints, &ai);
-    if (error)
-	return vanilla_hostname (context, orig_hostname, new_hostname,
-				 realms);
-
-    for (a = ai; a != NULL; a = a->ai_next) {
-	if (a->ai_canonname != NULL) {
-	    ret = copy_hostname (context, a->ai_canonname, new_hostname);
-	    if (ret) {
-		freeaddrinfo (ai);
-		return ret;
-	    }
-	    strlwr (*new_hostname);
-	    ret = krb5_get_host_realm (context, *new_hostname, realms);
-	    if (ret == 0) {
-		freeaddrinfo (ai);
-		return 0;
-	    }
-	    free (*new_hostname);
-	}
-    }
-    freeaddrinfo(ai);
-    return vanilla_hostname (context, orig_hostname, new_hostname, realms);
-}
diff --git a/crypto/heimdal/lib/krb5/fcache.c b/crypto/heimdal/lib/krb5/fcache.c
deleted file mode 100644
index 3857b58bf675..000000000000
--- a/crypto/heimdal/lib/krb5/fcache.c
+++ /dev/null
@@ -1,881 +0,0 @@
-/*
- * Copyright (c) 1997 - 2008 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: fcache.c 22522 2008-01-24 11:56:25Z lha $");
-
-typedef struct krb5_fcache{
-    char *filename;
-    int version;
-}krb5_fcache;
-
-struct fcc_cursor {
-    int fd;
-    krb5_storage *sp;
-};
-
-#define KRB5_FCC_FVNO_1 1
-#define KRB5_FCC_FVNO_2 2
-#define KRB5_FCC_FVNO_3 3
-#define KRB5_FCC_FVNO_4 4
-
-#define FCC_TAG_DELTATIME 1
-
-#define FCACHE(X) ((krb5_fcache*)(X)->data.data)
-
-#define FILENAME(X) (FCACHE(X)->filename)
-
-#define FCC_CURSOR(C) ((struct fcc_cursor*)(C))
-
-static const char*
-fcc_get_name(krb5_context context,
-	     krb5_ccache id)
-{
-    return FILENAME(id);
-}
-
-int
-_krb5_xlock(krb5_context context, int fd, krb5_boolean exclusive,
-	    const char *filename)
-{
-    int ret;
-#ifdef HAVE_FCNTL
-    struct flock l;
-
-    l.l_start = 0;
-    l.l_len = 0;
-    l.l_type = exclusive ? F_WRLCK : F_RDLCK;
-    l.l_whence = SEEK_SET;
-    ret = fcntl(fd, F_SETLKW, &l);
-#else
-    ret = flock(fd, exclusive ? LOCK_EX : LOCK_SH);
-#endif
-    if(ret < 0)
-	ret = errno;
-    if(ret == EACCES) /* fcntl can return EACCES instead of EAGAIN */
-	ret = EAGAIN;
-
-    switch (ret) {
-    case 0:
-	break;
-    case EINVAL: /* filesystem doesn't support locking, let the user have it */
-	ret = 0; 
-	break;
-    case EAGAIN:
-	krb5_set_error_string(context, "timed out locking cache file %s", 
-			      filename);
-	break;
-    default:
-	krb5_set_error_string(context, "error locking cache file %s: %s",
-			      filename, strerror(ret));
-	break;
-    }
-    return ret;
-}
-
-int
-_krb5_xunlock(krb5_context context, int fd)
-{
-    int ret;
-#ifdef HAVE_FCNTL
-    struct flock l;
-    l.l_start = 0;
-    l.l_len = 0;
-    l.l_type = F_UNLCK;
-    l.l_whence = SEEK_SET;
-    ret = fcntl(fd, F_SETLKW, &l);
-#else
-    ret = flock(fd, LOCK_UN);
-#endif
-    if (ret < 0)
-	ret = errno;
-    switch (ret) {
-    case 0:
-	break;
-    case EINVAL: /* filesystem doesn't support locking, let the user have it */
-	ret = 0; 
-	break;
-    default:
-	krb5_set_error_string(context, 
-			      "Failed to unlock file: %s", strerror(ret));
-	break;
-    }
-    return ret;
-}
-
-static krb5_error_code
-fcc_lock(krb5_context context, krb5_ccache id,
-	 int fd, krb5_boolean exclusive)
-{
-    return _krb5_xlock(context, fd, exclusive, fcc_get_name(context, id));
-}
-
-static krb5_error_code
-fcc_unlock(krb5_context context, int fd)
-{
-    return _krb5_xunlock(context, fd);
-}
-
-static krb5_error_code
-fcc_resolve(krb5_context context, krb5_ccache *id, const char *res)
-{
-    krb5_fcache *f;
-    f = malloc(sizeof(*f));
-    if(f == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return KRB5_CC_NOMEM;
-    }
-    f->filename = strdup(res);
-    if(f->filename == NULL){
-	free(f);
-	krb5_set_error_string(context, "malloc: out of memory");
-	return KRB5_CC_NOMEM;
-    }
-    f->version = 0;
-    (*id)->data.data = f;
-    (*id)->data.length = sizeof(*f);
-    return 0;
-}
-
-/*
- * Try to scrub the contents of `filename' safely.
- */
-
-static int
-scrub_file (int fd)
-{
-    off_t pos;
-    char buf[128];
-
-    pos = lseek(fd, 0, SEEK_END);
-    if (pos < 0)
-        return errno;
-    if (lseek(fd, 0, SEEK_SET) < 0)
-        return errno;
-    memset(buf, 0, sizeof(buf));
-    while(pos > 0) {
-        ssize_t tmp = write(fd, buf, min(sizeof(buf), pos));
-
-	if (tmp < 0)
-	    return errno;
-	pos -= tmp;
-    }
-    fsync (fd);
-    return 0;
-}
-
-/*
- * Erase `filename' if it exists, trying to remove the contents if
- * it's `safe'.  We always try to remove the file, it it exists.  It's
- * only overwritten if it's a regular file (not a symlink and not a
- * hardlink)
- */
-
-static krb5_error_code
-erase_file(const char *filename)
-{
-    int fd;
-    struct stat sb1, sb2;
-    int ret;
-
-    ret = lstat (filename, &sb1);
-    if (ret < 0)
-	return errno;
-
-    fd = open(filename, O_RDWR | O_BINARY);
-    if(fd < 0) {
-	if(errno == ENOENT)
-	    return 0;
-	else
-	    return errno;
-    }
-    if (unlink(filename) < 0) {
-        close (fd);
-        return errno;
-    }
-    ret = fstat (fd, &sb2);
-    if (ret < 0) {
-	close (fd);
-	return errno;
-    }
-
-    /* check if someone was playing with symlinks */
-
-    if (sb1.st_dev != sb2.st_dev || sb1.st_ino != sb2.st_ino) {
-	close (fd);
-	return EPERM;
-    }
-
-    /* there are still hard links to this file */
-
-    if (sb2.st_nlink != 0) {
-        close (fd);
-        return 0;
-    }
-
-    ret = scrub_file (fd);
-    close (fd);
-    return ret;
-}
-
-static krb5_error_code
-fcc_gen_new(krb5_context context, krb5_ccache *id)
-{
-    krb5_fcache *f;
-    int fd;
-    char *file;
-
-    f = malloc(sizeof(*f));
-    if(f == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return KRB5_CC_NOMEM;
-    }
-    asprintf (&file, "%sXXXXXX", KRB5_DEFAULT_CCFILE_ROOT);
-    if(file == NULL) {
-	free(f);
-	krb5_set_error_string(context, "malloc: out of memory");
-	return KRB5_CC_NOMEM;
-    }
-    fd = mkstemp(file);
-    if(fd < 0) {
-	int ret = errno;
-	krb5_set_error_string(context, "mkstemp %s", file);
-	free(f);
-	free(file);
-	return ret;
-    }
-    close(fd);
-    f->filename = file;
-    f->version = 0;
-    (*id)->data.data = f;
-    (*id)->data.length = sizeof(*f);
-    return 0;
-}
-
-static void
-storage_set_flags(krb5_context context, krb5_storage *sp, int vno)
-{
-    int flags = 0;
-    switch(vno) {
-    case KRB5_FCC_FVNO_1:
-	flags |= KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS;
-	flags |= KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE;
-	flags |= KRB5_STORAGE_HOST_BYTEORDER;
-	break;
-    case KRB5_FCC_FVNO_2:
-	flags |= KRB5_STORAGE_HOST_BYTEORDER;
-	break;
-    case KRB5_FCC_FVNO_3:
-	flags |= KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE;
-	break;
-    case KRB5_FCC_FVNO_4:
-	break;
-    default:
-	krb5_abortx(context, 
-		    "storage_set_flags called with bad vno (%x)", vno);
-    }
-    krb5_storage_set_flags(sp, flags);
-}
-
-static krb5_error_code
-fcc_open(krb5_context context,
-	 krb5_ccache id,
-	 int *fd_ret,
-	 int flags,
-	 mode_t mode)
-{
-    krb5_boolean exclusive = ((flags | O_WRONLY) == flags ||
-			      (flags | O_RDWR) == flags);
-    krb5_error_code ret;
-    const char *filename = FILENAME(id);
-    int fd;
-    fd = open(filename, flags, mode);
-    if(fd < 0) {
-	ret = errno;
-	krb5_set_error_string(context, "open(%s): %s", filename,
-			      strerror(ret));
-	return ret;
-    }
-	
-    if((ret = fcc_lock(context, id, fd, exclusive)) != 0) {
-	close(fd);
-	return ret;
-    }
-    *fd_ret = fd;
-    return 0;
-}
-
-static krb5_error_code
-fcc_initialize(krb5_context context,
-	       krb5_ccache id,
-	       krb5_principal primary_principal)
-{
-    krb5_fcache *f = FCACHE(id);
-    int ret = 0;
-    int fd;
-    char *filename = f->filename;
-
-    unlink (filename);
-  
-    ret = fcc_open(context, id, &fd, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600);
-    if(ret)
-	return ret;
-    {
-	krb5_storage *sp;    
-	sp = krb5_storage_from_fd(fd);
-	krb5_storage_set_eof_code(sp, KRB5_CC_END);
-	if(context->fcache_vno != 0)
-	    f->version = context->fcache_vno;
-	else
-	    f->version = KRB5_FCC_FVNO_4;
-	ret |= krb5_store_int8(sp, 5);
-	ret |= krb5_store_int8(sp, f->version);
-	storage_set_flags(context, sp, f->version);
-	if(f->version == KRB5_FCC_FVNO_4 && ret == 0) {
-	    /* V4 stuff */
-	    if (context->kdc_sec_offset) {
-		ret |= krb5_store_int16 (sp, 12); /* length */
-		ret |= krb5_store_int16 (sp, FCC_TAG_DELTATIME); /* Tag */
-		ret |= krb5_store_int16 (sp, 8); /* length of data */
-		ret |= krb5_store_int32 (sp, context->kdc_sec_offset);
-		ret |= krb5_store_int32 (sp, context->kdc_usec_offset);
-	    } else {
-		ret |= krb5_store_int16 (sp, 0);
-	    }
-	}
-	ret |= krb5_store_principal(sp, primary_principal);
-	
-	krb5_storage_free(sp);
-    }
-    fcc_unlock(context, fd);
-    if (close(fd) < 0)
-	if (ret == 0) {
-	    ret = errno;
-	    krb5_set_error_string (context, "close %s: %s", 
-				   FILENAME(id), strerror(ret));
-	}
-    return ret;
-}
-
-static krb5_error_code
-fcc_close(krb5_context context,
-	  krb5_ccache id)
-{
-    free (FILENAME(id));
-    krb5_data_free(&id->data);
-    return 0;
-}
-
-static krb5_error_code
-fcc_destroy(krb5_context context,
-	    krb5_ccache id)
-{
-    erase_file(FILENAME(id));
-    return 0;
-}
-
-static krb5_error_code
-fcc_store_cred(krb5_context context,
-	       krb5_ccache id,
-	       krb5_creds *creds)
-{
-    int ret;
-    int fd;
-
-    ret = fcc_open(context, id, &fd, O_WRONLY | O_APPEND | O_BINARY, 0);
-    if(ret)
-	return ret;
-    {
-	krb5_storage *sp;
-	sp = krb5_storage_from_fd(fd);
-	krb5_storage_set_eof_code(sp, KRB5_CC_END);
-	storage_set_flags(context, sp, FCACHE(id)->version);
-	if (!krb5_config_get_bool_default(context, NULL, TRUE,
-					  "libdefaults",
-					  "fcc-mit-ticketflags",
-					  NULL))
-	    krb5_storage_set_flags(sp, KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER);
-	ret = krb5_store_creds(sp, creds);
-	krb5_storage_free(sp);
-    }
-    fcc_unlock(context, fd);
-    if (close(fd) < 0)
-	if (ret == 0) {
-	    ret = errno;
-	    krb5_set_error_string (context, "close %s: %s", 
-				   FILENAME(id), strerror(ret));
-	}
-    return ret;
-}
-
-static krb5_error_code
-init_fcc (krb5_context context,
-	  krb5_ccache id,
-	  krb5_storage **ret_sp,
-	  int *ret_fd)
-{
-    int fd;
-    int8_t pvno, tag;
-    krb5_storage *sp;
-    krb5_error_code ret;
-
-    ret = fcc_open(context, id, &fd, O_RDONLY | O_BINARY, 0);
-    if(ret)
-	return ret;
-    
-    sp = krb5_storage_from_fd(fd);
-    if(sp == NULL) {
-	krb5_clear_error_string(context);
-	ret = ENOMEM;
-	goto out;
-    }
-    krb5_storage_set_eof_code(sp, KRB5_CC_END);
-    ret = krb5_ret_int8(sp, &pvno);
-    if(ret != 0) {
-	if(ret == KRB5_CC_END) {
-	    krb5_set_error_string(context, "Empty credential cache file: %s",
-				  FILENAME(id));
-	    ret = ENOENT;
-	} else
-	    krb5_set_error_string(context, "Error reading pvno in "
-				  "cache file: %s", FILENAME(id));
-	goto out;
-    }
-    if(pvno != 5) {
-	krb5_set_error_string(context, "Bad version number in credential "
-			      "cache file: %s", FILENAME(id));
-	ret = KRB5_CCACHE_BADVNO;
-	goto out;
-    }
-    ret = krb5_ret_int8(sp, &tag); /* should not be host byte order */
-    if(ret != 0) {
-	krb5_set_error_string(context, "Error reading tag in "
-			      "cache file: %s", FILENAME(id));
-	ret = KRB5_CC_FORMAT;
-	goto out;
-    }
-    FCACHE(id)->version = tag;
-    storage_set_flags(context, sp, FCACHE(id)->version);
-    switch (tag) {
-    case KRB5_FCC_FVNO_4: {
-	int16_t length;
-
-	ret = krb5_ret_int16 (sp, &length);
-	if(ret) {
-	    ret = KRB5_CC_FORMAT;
-	    krb5_set_error_string(context, "Error reading tag length in "
-			      "cache file: %s", FILENAME(id));
-	    goto out;
-	}
-	while(length > 0) {
-	    int16_t dtag, data_len;
-	    int i;
-	    int8_t dummy;
-
-	    ret = krb5_ret_int16 (sp, &dtag);
-	    if(ret) {
-		krb5_set_error_string(context, "Error reading dtag in "
-				      "cache file: %s", FILENAME(id));
-		ret = KRB5_CC_FORMAT;
-		goto out;
-	    }
-	    ret = krb5_ret_int16 (sp, &data_len);
-	    if(ret) {
-		krb5_set_error_string(context, "Error reading dlength in "
-				      "cache file: %s", FILENAME(id));
-		ret = KRB5_CC_FORMAT;
-		goto out;
-	    }
-	    switch (dtag) {
-	    case FCC_TAG_DELTATIME :
-		ret = krb5_ret_int32 (sp, &context->kdc_sec_offset);
-		if(ret) {
-		    krb5_set_error_string(context, "Error reading kdc_sec in "
-					  "cache file: %s", FILENAME(id));
-		    ret = KRB5_CC_FORMAT;
-		    goto out;
-		}
-		ret = krb5_ret_int32 (sp, &context->kdc_usec_offset);
-		if(ret) {
-		    krb5_set_error_string(context, "Error reading kdc_usec in "
-					  "cache file: %s", FILENAME(id));
-		    ret = KRB5_CC_FORMAT;
-		    goto out;
-		}
-		break;
-	    default :
-		for (i = 0; i < data_len; ++i) {
-		    ret = krb5_ret_int8 (sp, &dummy);
-		    if(ret) {
-			krb5_set_error_string(context, "Error reading unknown "
-					      "tag in cache file: %s", 
-					      FILENAME(id));
-			ret = KRB5_CC_FORMAT;
-			goto out;
-		    }
-		}
-		break;
-	    }
-	    length -= 4 + data_len;
-	}
-	break;
-    }
-    case KRB5_FCC_FVNO_3:
-    case KRB5_FCC_FVNO_2:
-    case KRB5_FCC_FVNO_1:
-	break;
-    default :
-	ret = KRB5_CCACHE_BADVNO;
-	krb5_set_error_string(context, "Unknown version number (%d) in "
-			      "credential cache file: %s",
-			      (int)tag, FILENAME(id));
-	goto out;
-    }
-    *ret_sp = sp;
-    *ret_fd = fd;
-    
-    return 0;
-  out:
-    if(sp != NULL)
-	krb5_storage_free(sp);
-    fcc_unlock(context, fd);
-    close(fd);
-    return ret;
-}
-
-static krb5_error_code
-fcc_get_principal(krb5_context context,
-		  krb5_ccache id,
-		  krb5_principal *principal)
-{
-    krb5_error_code ret;
-    int fd;
-    krb5_storage *sp;
-
-    ret = init_fcc (context, id, &sp, &fd);
-    if (ret)
-	return ret;
-    ret = krb5_ret_principal(sp, principal);
-    if (ret)
-	krb5_clear_error_string(context);
-    krb5_storage_free(sp);
-    fcc_unlock(context, fd);
-    close(fd);
-    return ret;
-}
-
-static krb5_error_code
-fcc_end_get (krb5_context context,
-	     krb5_ccache id,
-	     krb5_cc_cursor *cursor);
-
-static krb5_error_code
-fcc_get_first (krb5_context context,
-	       krb5_ccache id,
-	       krb5_cc_cursor *cursor)
-{
-    krb5_error_code ret;
-    krb5_principal principal;
-
-    *cursor = malloc(sizeof(struct fcc_cursor));
-    if (*cursor == NULL) {
-        krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    memset(*cursor, 0, sizeof(struct fcc_cursor));
-
-    ret = init_fcc (context, id, &FCC_CURSOR(*cursor)->sp, 
-		    &FCC_CURSOR(*cursor)->fd);
-    if (ret) {
-	free(*cursor);
-	*cursor = NULL;
-	return ret;
-    }
-    ret = krb5_ret_principal (FCC_CURSOR(*cursor)->sp, &principal);
-    if(ret) {
-	krb5_clear_error_string(context);
-	fcc_end_get(context, id, cursor);
-	return ret;
-    }
-    krb5_free_principal (context, principal);
-    fcc_unlock(context, FCC_CURSOR(*cursor)->fd);
-    return 0;
-}
-
-static krb5_error_code
-fcc_get_next (krb5_context context,
-	      krb5_ccache id,
-	      krb5_cc_cursor *cursor,
-	      krb5_creds *creds)
-{
-    krb5_error_code ret;
-    if((ret = fcc_lock(context, id, FCC_CURSOR(*cursor)->fd, FALSE)) != 0)
-	return ret;
-
-    ret = krb5_ret_creds(FCC_CURSOR(*cursor)->sp, creds);
-    if (ret)
-	krb5_clear_error_string(context);
-
-    fcc_unlock(context, FCC_CURSOR(*cursor)->fd);
-    return ret;
-}
-
-static krb5_error_code
-fcc_end_get (krb5_context context,
-	     krb5_ccache id,
-	     krb5_cc_cursor *cursor)
-{
-    krb5_storage_free(FCC_CURSOR(*cursor)->sp);
-    close (FCC_CURSOR(*cursor)->fd);
-    free(*cursor);
-    *cursor = NULL;
-    return 0;
-}
-
-static krb5_error_code
-fcc_remove_cred(krb5_context context,
-		 krb5_ccache id,
-		 krb5_flags which,
-		 krb5_creds *cred)
-{
-    krb5_error_code ret;
-    krb5_ccache copy;
-
-    ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &copy);
-    if (ret)
-	return ret;
-
-    ret = krb5_cc_copy_cache(context, id, copy);
-    if (ret) {
-	krb5_cc_destroy(context, copy);
-	return ret;
-    }
-
-    ret = krb5_cc_remove_cred(context, copy, which, cred);
-    if (ret) {
-	krb5_cc_destroy(context, copy);
-	return ret;
-    }
-
-    fcc_destroy(context, id);
-
-    ret = krb5_cc_copy_cache(context, copy, id);
-    krb5_cc_destroy(context, copy);
-
-    return ret;
-}
-
-static krb5_error_code
-fcc_set_flags(krb5_context context,
-	      krb5_ccache id,
-	      krb5_flags flags)
-{
-    return 0; /* XXX */
-}
-
-static krb5_error_code
-fcc_get_version(krb5_context context,
-		krb5_ccache id)
-{
-    return FCACHE(id)->version;
-}
-		    
-struct fcache_iter {
-    int first;
-};
-
-static krb5_error_code
-fcc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor)
-{
-    struct fcache_iter *iter;
-
-    iter = calloc(1, sizeof(*iter));
-    if (iter == NULL) {
-	krb5_set_error_string(context, "malloc - out of memory");
-	return ENOMEM;
-    }    
-    iter->first = 1;
-    *cursor = iter;
-    return 0;
-}
-
-static krb5_error_code
-fcc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id)
-{
-    struct fcache_iter *iter = cursor;
-    krb5_error_code ret;
-    const char *fn;
-    char *expandedfn = NULL;
-
-    if (!iter->first) {
-	krb5_clear_error_string(context);
-	return KRB5_CC_END;
-    }
-    iter->first = 0;
-
-    fn = krb5_cc_default_name(context);
-    if (strncasecmp(fn, "FILE:", 5) != 0) {
-	ret = _krb5_expand_default_cc_name(context, 
-					   KRB5_DEFAULT_CCNAME_FILE,
-					   &expandedfn);
-	if (ret)
-	    return ret;
-    }
-    ret = krb5_cc_resolve(context, fn, id);
-    if (expandedfn)
-	free(expandedfn);
-    
-    return ret;
-}
-
-static krb5_error_code
-fcc_end_cache_get(krb5_context context, krb5_cc_cursor cursor)
-{
-    struct fcache_iter *iter = cursor;
-    free(iter);
-    return 0;
-}
-
-static krb5_error_code
-fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
-{
-    krb5_error_code ret = 0;
-
-    ret = rename(FILENAME(from), FILENAME(to));
-    if (ret && errno != EXDEV) {
-	ret = errno;
-	krb5_set_error_string(context,
-			      "Rename of file from %s to %s failed: %s", 
-			      FILENAME(from), FILENAME(to),
-			      strerror(ret));
-	return ret;
-    } else if (ret && errno == EXDEV) {
-	/* make a copy and delete the orignal */
-	krb5_ssize_t sz1, sz2;
-	int fd1, fd2;
-	char buf[BUFSIZ];
-
-	ret = fcc_open(context, from, &fd1, O_RDONLY | O_BINARY, 0);
-	if(ret)
-	    return ret;
-
-	unlink(FILENAME(to));
-
-	ret = fcc_open(context, to, &fd2, 
-		       O_WRONLY | O_CREAT | O_EXCL | O_BINARY, 0600);
-	if(ret)
-	    goto out1;
-
-	while((sz1 = read(fd1, buf, sizeof(buf))) > 0) {
-	    sz2 = write(fd2, buf, sz1);
-	    if (sz1 != sz2) {
-		ret = EIO;
-		krb5_set_error_string(context,
-				      "Failed to write data from one file "
-				      "credential cache to the other");
-		goto out2;
-	    }
-	}
-	if (sz1 < 0) {
-	    ret = EIO;
-	    krb5_set_error_string(context,
-				  "Failed to read data from one file "
-				  "credential cache to the other");
-	    goto out2;
-	}
-	erase_file(FILENAME(from));
-	    
-    out2:
-	fcc_unlock(context, fd2);
-	close(fd2);
-
-    out1:
-	fcc_unlock(context, fd1);
-	close(fd1);
-
-	if (ret) {
-	    erase_file(FILENAME(to));
-	    return ret;
-	}
-    }
-
-    /* make sure ->version is uptodate */
-    {
-	krb5_storage *sp;
-	int fd;
-	ret = init_fcc (context, to, &sp, &fd);
-	krb5_storage_free(sp);
-	fcc_unlock(context, fd);
-	close(fd);
-    }    
-    return ret;
-}
-
-static krb5_error_code
-fcc_default_name(krb5_context context, char **str)
-{
-    return _krb5_expand_default_cc_name(context, 
-					KRB5_DEFAULT_CCNAME_FILE,
-					str);
-}
-
-/**
- * Variable containing the FILE based credential cache implemention.
- *
- * @ingroup krb5_ccache
- */
-
-const krb5_cc_ops krb5_fcc_ops = {
-    "FILE",
-    fcc_get_name,
-    fcc_resolve,
-    fcc_gen_new,
-    fcc_initialize,
-    fcc_destroy,
-    fcc_close,
-    fcc_store_cred,
-    NULL, /* fcc_retrieve */
-    fcc_get_principal,
-    fcc_get_first,
-    fcc_get_next,
-    fcc_end_get,
-    fcc_remove_cred,
-    fcc_set_flags,
-    fcc_get_version,
-    fcc_get_cache_first,
-    fcc_get_cache_next,
-    fcc_end_cache_get,
-    fcc_move,
-    fcc_default_name
-};
diff --git a/crypto/heimdal/lib/krb5/free.c b/crypto/heimdal/lib/krb5/free.c
deleted file mode 100644
index 1b0bd05412f2..000000000000
--- a/crypto/heimdal/lib/krb5/free.c
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999, 2004 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: free.c 15175 2005-05-18 10:06:16Z lha $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_free_kdc_rep(krb5_context context, krb5_kdc_rep *rep)
-{
-    free_KDC_REP(&rep->kdc_rep);
-    free_EncTGSRepPart(&rep->enc_part);
-    free_KRB_ERROR(&rep->error);
-    memset(rep, 0, sizeof(*rep));
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_xfree (void *ptr)
-{
-    free (ptr);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/free_host_realm.c b/crypto/heimdal/lib/krb5/free_host_realm.c
deleted file mode 100644
index 6b13ce7d0e04..000000000000
--- a/crypto/heimdal/lib/krb5/free_host_realm.c
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Copyright (c) 1997, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: free_host_realm.c 13863 2004-05-25 21:46:46Z lha $");
-
-/*
- * Free all memory allocated by `realmlist'
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_free_host_realm(krb5_context context,
-		     krb5_realm *realmlist)
-{
-    krb5_realm *p;
-
-    if(realmlist == NULL)
-	return 0;
-    for (p = realmlist; *p; ++p)
-	free (*p);
-    free (realmlist);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/generate_seq_number.c b/crypto/heimdal/lib/krb5/generate_seq_number.c
deleted file mode 100644
index 8a04f048c8c8..000000000000
--- a/crypto/heimdal/lib/krb5/generate_seq_number.c
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: generate_seq_number.c 17442 2006-05-05 09:31:15Z lha $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_generate_seq_number(krb5_context context,
-			 const krb5_keyblock *key,
-			 uint32_t *seqno)
-{
-    krb5_error_code ret;
-    krb5_keyblock *subkey;
-    uint32_t q;
-    u_char *p;
-    int i;
-
-    ret = krb5_generate_subkey (context, key, &subkey);
-    if (ret)
-	return ret;
-
-    q = 0;
-    for (p = (u_char *)subkey->keyvalue.data, i = 0;
-	 i < subkey->keyvalue.length;
-	 ++i, ++p)
-	q = (q << 8) | *p;
-    q &= 0xffffffff;
-    *seqno = q;
-    krb5_free_keyblock (context, subkey);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/generate_subkey.c b/crypto/heimdal/lib/krb5/generate_subkey.c
deleted file mode 100644
index fb99cbbf3f74..000000000000
--- a/crypto/heimdal/lib/krb5/generate_subkey.c
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: generate_subkey.c 14455 2005-01-05 02:39:21Z lukeh $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_generate_subkey(krb5_context context,
-		     const krb5_keyblock *key,
-		     krb5_keyblock **subkey)
-{
-    return krb5_generate_subkey_extended(context, key, key->keytype, subkey);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_generate_subkey_extended(krb5_context context,
-			      const krb5_keyblock *key,
-			      krb5_enctype etype,
-			      krb5_keyblock **subkey)
-{
-    krb5_error_code ret;
-
-    ALLOC(*subkey, 1);
-    if (*subkey == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    if (etype == ETYPE_NULL)
-	etype = key->keytype; /* use session key etype */
-
-    /* XXX should we use the session key as input to the RF? */
-    ret = krb5_generate_random_keyblock(context, etype, *subkey);
-    if (ret != 0) {
-	free(*subkey);
-	*subkey = NULL;
-    }
-
-    return ret;
-}
-
diff --git a/crypto/heimdal/lib/krb5/get_addrs.c b/crypto/heimdal/lib/krb5/get_addrs.c
deleted file mode 100644
index a7fd2ea84b1b..000000000000
--- a/crypto/heimdal/lib/krb5/get_addrs.c
+++ /dev/null
@@ -1,291 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: get_addrs.c 13863 2004-05-25 21:46:46Z lha $");
-
-#ifdef __osf__
-/* hate */
-struct rtentry;
-struct mbuf;
-#endif
-#ifdef HAVE_NET_IF_H
-#include <net/if.h>
-#endif
-#include <ifaddrs.h>
-
-static krb5_error_code
-gethostname_fallback (krb5_context context, krb5_addresses *res)
-{
-    krb5_error_code ret;
-    char hostname[MAXHOSTNAMELEN];
-    struct hostent *hostent;
-
-    if (gethostname (hostname, sizeof(hostname))) {
-	ret = errno;
-	krb5_set_error_string (context, "gethostname: %s", strerror(ret));
-	return ret;
-    }
-    hostent = roken_gethostbyname (hostname);
-    if (hostent == NULL) {
-	ret = errno;
-	krb5_set_error_string (context, "gethostbyname %s: %s",
-			       hostname, strerror(ret));
-	return ret;
-    }
-    res->len = 1;
-    res->val = malloc (sizeof(*res->val));
-    if (res->val == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    res->val[0].addr_type = hostent->h_addrtype;
-    res->val[0].address.data = NULL;
-    res->val[0].address.length = 0;
-    ret = krb5_data_copy (&res->val[0].address,
-			  hostent->h_addr,
-			  hostent->h_length);
-    if (ret) {
-	free (res->val);
-	return ret;
-    }
-    return 0;
-}
-
-enum {
-    LOOP            = 1,	/* do include loopback interfaces */
-    LOOP_IF_NONE    = 2,	/* include loopback if no other if's */
-    EXTRA_ADDRESSES = 4,	/* include extra addresses */
-    SCAN_INTERFACES = 8		/* scan interfaces for addresses */
-};
-
-/*
- * Try to figure out the addresses of all configured interfaces with a
- * lot of magic ioctls.
- */
-
-static krb5_error_code
-find_all_addresses (krb5_context context, krb5_addresses *res, int flags)
-{
-    struct sockaddr sa_zero;
-    struct ifaddrs *ifa0, *ifa;
-    krb5_error_code ret = ENXIO; 
-    int num, idx;
-    krb5_addresses ignore_addresses;
-
-    res->val = NULL;
-
-    if (getifaddrs(&ifa0) == -1) {
-	ret = errno;
-	krb5_set_error_string(context, "getifaddrs: %s", strerror(ret));
-	return (ret);
-    }
-
-    memset(&sa_zero, 0, sizeof(sa_zero));
-
-    /* First, count all the ifaddrs. */
-    for (ifa = ifa0, num = 0; ifa != NULL; ifa = ifa->ifa_next, num++)
-	/* nothing */;
-
-    if (num == 0) {
-	freeifaddrs(ifa0);
-	krb5_set_error_string(context, "no addresses found");
-	return (ENXIO);
-    }
-
-    if (flags & EXTRA_ADDRESSES) {
-	/* we'll remove the addresses we don't care about */
-	ret = krb5_get_ignore_addresses(context, &ignore_addresses);
-	if(ret)
-	    return ret;
-    }
-
-    /* Allocate storage for them. */
-    res->val = calloc(num, sizeof(*res->val));
-    if (res->val == NULL) {
-	krb5_free_addresses(context, &ignore_addresses);
-	freeifaddrs(ifa0);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return (ENOMEM);
-    }
-
-    /* Now traverse the list. */
-    for (ifa = ifa0, idx = 0; ifa != NULL; ifa = ifa->ifa_next) {
-	if ((ifa->ifa_flags & IFF_UP) == 0)
-	    continue;
-	if (ifa->ifa_addr == NULL)
-	    continue;
-	if (memcmp(ifa->ifa_addr, &sa_zero, sizeof(sa_zero)) == 0)
-	    continue;
-	if (krb5_sockaddr_uninteresting(ifa->ifa_addr))
-	    continue;
-	if ((ifa->ifa_flags & IFF_LOOPBACK) != 0) {
-	    /* We'll deal with the LOOP_IF_NONE case later. */
-	    if ((flags & LOOP) == 0)
-		continue;
-	}
-
-	ret = krb5_sockaddr2address(context, ifa->ifa_addr, &res->val[idx]);
-	if (ret) {
-	    /*
-	     * The most likely error here is going to be "Program
-	     * lacks support for address type".  This is no big
-	     * deal -- just continue, and we'll listen on the
-	     * addresses who's type we *do* support.
-	     */
-	    continue;
-	}
-	/* possibly skip this address? */
-	if((flags & EXTRA_ADDRESSES) && 
-	   krb5_address_search(context, &res->val[idx], &ignore_addresses)) {
-	    krb5_free_address(context, &res->val[idx]);
-	    flags &= ~LOOP_IF_NONE; /* we actually found an address,
-                                       so don't add any loop-back
-                                       addresses */
-	    continue;
-	}
-
-	idx++;
-    }
-
-    /*
-     * If no addresses were found, and LOOP_IF_NONE is set, then find
-     * the loopback addresses and add them to our list.
-     */
-    if ((flags & LOOP_IF_NONE) != 0 && idx == 0) {
-	for (ifa = ifa0; ifa != NULL; ifa = ifa->ifa_next) {
-	    if ((ifa->ifa_flags & IFF_UP) == 0)
-		continue;
-	    if (ifa->ifa_addr == NULL)
-		continue;
-	    if (memcmp(ifa->ifa_addr, &sa_zero, sizeof(sa_zero)) == 0)
-		continue;
-	    if (krb5_sockaddr_uninteresting(ifa->ifa_addr))
-		continue;
-
-	    if ((ifa->ifa_flags & IFF_LOOPBACK) != 0) {
-		ret = krb5_sockaddr2address(context,
-					    ifa->ifa_addr, &res->val[idx]);
-		if (ret) {
-		    /*
-		     * See comment above.
-		     */
-		    continue;
-		}
-		if((flags & EXTRA_ADDRESSES) && 
-		   krb5_address_search(context, &res->val[idx], 
-				       &ignore_addresses)) {
-		    krb5_free_address(context, &res->val[idx]);
-		    continue;
-		}
-		idx++;
-	    }
-	}
-    }
-
-    if (flags & EXTRA_ADDRESSES)
-	krb5_free_addresses(context, &ignore_addresses);
-    freeifaddrs(ifa0);
-    if (ret)
-	free(res->val);
-    else
-	res->len = idx;        /* Now a count. */
-    return (ret);
-}
-
-static krb5_error_code
-get_addrs_int (krb5_context context, krb5_addresses *res, int flags)
-{
-    krb5_error_code ret = -1;
-
-    if (flags & SCAN_INTERFACES) {
-	ret = find_all_addresses (context, res, flags);
-	if(ret || res->len == 0)
-	    ret = gethostname_fallback (context, res);
-    } else {
-	res->len = 0;
-	res->val = NULL;
-	ret = 0;
-    }
-
-    if(ret == 0 && (flags & EXTRA_ADDRESSES)) {
-	krb5_addresses a;
-	/* append user specified addresses */
-	ret = krb5_get_extra_addresses(context, &a);
-	if(ret) {
-	    krb5_free_addresses(context, res);
-	    return ret;
-	}
-	ret = krb5_append_addresses(context, res, &a);
-	if(ret) {
-	    krb5_free_addresses(context, res);
-	    return ret;
-	}
-	krb5_free_addresses(context, &a);
-    }
-    if(res->len == 0) {
-	free(res->val);
-	res->val = NULL;
-    }
-    return ret;
-}
-
-/*
- * Try to get all addresses, but return the one corresponding to
- * `hostname' if we fail.
- *
- * Only include loopback address if there are no other.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_all_client_addrs (krb5_context context, krb5_addresses *res)
-{
-    int flags = LOOP_IF_NONE | EXTRA_ADDRESSES;
-
-    if (context->scan_interfaces)
-	flags |= SCAN_INTERFACES;
-
-    return get_addrs_int (context, res, flags);
-}
-
-/*
- * Try to get all local addresses that a server should listen to.
- * If that fails, we return the address corresponding to `hostname'.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_all_server_addrs (krb5_context context, krb5_addresses *res)
-{
-    return get_addrs_int (context, res, LOOP | SCAN_INTERFACES);
-}
diff --git a/crypto/heimdal/lib/krb5/get_cred.c b/crypto/heimdal/lib/krb5/get_cred.c
deleted file mode 100644
index ce0ec6d29283..000000000000
--- a/crypto/heimdal/lib/krb5/get_cred.c
+++ /dev/null
@@ -1,1277 +0,0 @@
-/*
- * Copyright (c) 1997 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: get_cred.c 21668 2007-07-22 11:28:05Z lha $");
-
-/*
- * Take the `body' and encode it into `padata' using the credentials
- * in `creds'.
- */
-
-static krb5_error_code
-make_pa_tgs_req(krb5_context context, 
-		krb5_auth_context ac,
-		KDC_REQ_BODY *body,
-		PA_DATA *padata,
-		krb5_creds *creds,
-		krb5_key_usage usage)
-{
-    u_char *buf;
-    size_t buf_size;
-    size_t len;
-    krb5_data in_data;
-    krb5_error_code ret;
-
-    ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, body, &len, ret);
-    if (ret)
-	goto out;
-    if(buf_size != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-
-    in_data.length = len;
-    in_data.data   = buf;
-    ret = _krb5_mk_req_internal(context, &ac, 0, &in_data, creds,
-				&padata->padata_value,
-				KRB5_KU_TGS_REQ_AUTH_CKSUM,
-				usage
-				/* KRB5_KU_TGS_REQ_AUTH */);
- out:
-    free (buf);
-    if(ret)
-	return ret;
-    padata->padata_type = KRB5_PADATA_TGS_REQ;
-    return 0;
-}
-
-/*
- * Set the `enc-authorization-data' in `req_body' based on `authdata'
- */
-
-static krb5_error_code
-set_auth_data (krb5_context context,
-	       KDC_REQ_BODY *req_body,
-	       krb5_authdata *authdata,
-	       krb5_keyblock *key)
-{
-    if(authdata->len) {
-	size_t len, buf_size;
-	unsigned char *buf;
-	krb5_crypto crypto;
-	krb5_error_code ret;
-
-	ASN1_MALLOC_ENCODE(AuthorizationData, buf, buf_size, authdata,
-			   &len, ret);
-	if (ret)
-	    return ret;
-	if (buf_size != len)
-	    krb5_abortx(context, "internal error in ASN.1 encoder");
-
-	ALLOC(req_body->enc_authorization_data, 1);
-	if (req_body->enc_authorization_data == NULL) {
-	    free (buf);
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	ret = krb5_crypto_init(context, key, 0, &crypto);
-	if (ret) {
-	    free (buf);
-	    free (req_body->enc_authorization_data);
-	    req_body->enc_authorization_data = NULL;
-	    return ret;
-	}
-	krb5_encrypt_EncryptedData(context, 
-				   crypto,
-				   KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY, 
-				   /* KRB5_KU_TGS_REQ_AUTH_DAT_SESSION? */
-				   buf,
-				   len,
-				   0,
-				   req_body->enc_authorization_data);
-	free (buf);
-	krb5_crypto_destroy(context, crypto);
-    } else {
-	req_body->enc_authorization_data = NULL;
-    }
-    return 0;
-}    
-
-/*
- * Create a tgs-req in `t' with `addresses', `flags', `second_ticket'
- * (if not-NULL), `in_creds', `krbtgt', and returning the generated
- * subkey in `subkey'.
- */
-
-static krb5_error_code
-init_tgs_req (krb5_context context,
-	      krb5_ccache ccache,
-	      krb5_addresses *addresses,
-	      krb5_kdc_flags flags,
-	      Ticket *second_ticket,
-	      krb5_creds *in_creds,
-	      krb5_creds *krbtgt,
-	      unsigned nonce,
-	      const METHOD_DATA *padata,
-	      krb5_keyblock **subkey,
-	      TGS_REQ *t,
-	      krb5_key_usage usage)
-{
-    krb5_error_code ret = 0;
-
-    memset(t, 0, sizeof(*t));
-    t->pvno = 5;
-    t->msg_type = krb_tgs_req;
-    if (in_creds->session.keytype) {
-	ALLOC_SEQ(&t->req_body.etype, 1);
-	if(t->req_body.etype.val == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    goto fail;
-	}
-	t->req_body.etype.val[0] = in_creds->session.keytype;
-    } else {
-	ret = krb5_init_etype(context, 
-			      &t->req_body.etype.len, 
-			      &t->req_body.etype.val, 
-			      NULL);
-    }
-    if (ret)
-	goto fail;
-    t->req_body.addresses = addresses;
-    t->req_body.kdc_options = flags.b;
-    ret = copy_Realm(&in_creds->server->realm, &t->req_body.realm);
-    if (ret)
-	goto fail;
-    ALLOC(t->req_body.sname, 1);
-    if (t->req_body.sname == NULL) {
-	ret = ENOMEM;
-	krb5_set_error_string(context, "malloc: out of memory");
-	goto fail;
-    }
-
-    /* some versions of some code might require that the client be
-       present in TGS-REQs, but this is clearly against the spec */
-
-    ret = copy_PrincipalName(&in_creds->server->name, t->req_body.sname);
-    if (ret)
-	goto fail;
-
-    /* req_body.till should be NULL if there is no endtime specified,
-       but old MIT code (like DCE secd) doesn't like that */
-    ALLOC(t->req_body.till, 1);
-    if(t->req_body.till == NULL){
-	ret = ENOMEM;
-	krb5_set_error_string(context, "malloc: out of memory");
-	goto fail;
-    }
-    *t->req_body.till = in_creds->times.endtime;
-    
-    t->req_body.nonce = nonce;
-    if(second_ticket){
-	ALLOC(t->req_body.additional_tickets, 1);
-	if (t->req_body.additional_tickets == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    goto fail;
-	}
-	ALLOC_SEQ(t->req_body.additional_tickets, 1);
-	if (t->req_body.additional_tickets->val == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    goto fail;
-	}
-	ret = copy_Ticket(second_ticket, t->req_body.additional_tickets->val); 
-	if (ret)
-	    goto fail;
-    }
-    ALLOC(t->padata, 1);
-    if (t->padata == NULL) {
-	ret = ENOMEM;
-	krb5_set_error_string(context, "malloc: out of memory");
-	goto fail;
-    }
-    ALLOC_SEQ(t->padata, 1 + padata->len);
-    if (t->padata->val == NULL) {
-	ret = ENOMEM;
-	krb5_set_error_string(context, "malloc: out of memory");
-	goto fail;
-    }
-    {
-	int i;
-	for (i = 0; i < padata->len; i++) {
-	    ret = copy_PA_DATA(&padata->val[i], &t->padata->val[i + 1]);
-	    if (ret) {
-		krb5_set_error_string(context, "malloc: out of memory");
-		goto fail;
-	    }
-	}
-    }
-
-    {
-	krb5_auth_context ac;
-	krb5_keyblock *key = NULL;
-
-	ret = krb5_auth_con_init(context, &ac);
-	if(ret)
-	    goto fail;
-
-	if (krb5_config_get_bool_default(context, NULL, FALSE,
-					 "realms",
-					 krbtgt->server->realm,
-					 "tgs_require_subkey",
-					 NULL))
-	{
-	    ret = krb5_generate_subkey (context, &krbtgt->session, &key);
-	    if (ret) {
-		krb5_auth_con_free (context, ac);
-		goto fail;
-	    }
-
-	    ret = krb5_auth_con_setlocalsubkey(context, ac, key);
-	    if (ret) {
-		if (key)
-		    krb5_free_keyblock (context, key);
-		krb5_auth_con_free (context, ac);
-		goto fail;
-	    }
-	}
-
-	ret = set_auth_data (context, &t->req_body, &in_creds->authdata,
-			     key ? key : &krbtgt->session);
-	if (ret) {
-	    if (key)
-		krb5_free_keyblock (context, key);
-	    krb5_auth_con_free (context, ac);
-	    goto fail;
-	}
-
-	ret = make_pa_tgs_req(context,
-			      ac,
-			      &t->req_body, 
-			      &t->padata->val[0],
-			      krbtgt,
-			      usage);
-	if(ret) {
-	    if (key)
-		krb5_free_keyblock (context, key);
-	    krb5_auth_con_free(context, ac);
-	    goto fail;
-	}
-	*subkey = key;
-	
-	krb5_auth_con_free(context, ac);
-    }
-fail:
-    if (ret) {
-	t->req_body.addresses = NULL;
-	free_TGS_REQ (t);
-    }
-    return ret;
-}
-
-krb5_error_code
-_krb5_get_krbtgt(krb5_context context,
-		 krb5_ccache  id,
-		 krb5_realm realm,
-		 krb5_creds **cred)
-{
-    krb5_error_code ret;
-    krb5_creds tmp_cred;
-
-    memset(&tmp_cred, 0, sizeof(tmp_cred));
-
-    ret = krb5_cc_get_principal(context, id, &tmp_cred.client);
-    if (ret)
-	return ret;
-
-    ret = krb5_make_principal(context, 
-			      &tmp_cred.server,
-			      realm,
-			      KRB5_TGS_NAME,
-			      realm,
-			      NULL);
-    if(ret) {
-	krb5_free_principal(context, tmp_cred.client);
-	return ret;
-    }
-    ret = krb5_get_credentials(context,
-			       KRB5_GC_CACHED,
-			       id,
-			       &tmp_cred,
-			       cred);
-    krb5_free_principal(context, tmp_cred.client);
-    krb5_free_principal(context, tmp_cred.server);
-    if(ret)
-	return ret;
-    return 0;
-}
-
-/* DCE compatible decrypt proc */
-static krb5_error_code
-decrypt_tkt_with_subkey (krb5_context context,
-			 krb5_keyblock *key,
-			 krb5_key_usage usage,
-			 krb5_const_pointer subkey,
-			 krb5_kdc_rep *dec_rep)
-{
-    krb5_error_code ret;
-    krb5_data data;
-    size_t size;
-    krb5_crypto crypto;
-    
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret)
-	return ret;
-    ret = krb5_decrypt_EncryptedData (context,
-				      crypto,
-				      usage,
-				      &dec_rep->kdc_rep.enc_part,
-				      &data);
-    krb5_crypto_destroy(context, crypto);
-    if(ret && subkey){
-	/* DCE compat -- try to decrypt with subkey */
-	ret = krb5_crypto_init(context, subkey, 0, &crypto);
-	if (ret)
-	    return ret;
-	ret = krb5_decrypt_EncryptedData (context,
-					  crypto,
-					  KRB5_KU_TGS_REP_ENC_PART_SUB_KEY,
-					  &dec_rep->kdc_rep.enc_part,
-					  &data);
-	krb5_crypto_destroy(context, crypto);
-    }
-    if (ret)
-	return ret;
-    
-    ret = krb5_decode_EncASRepPart(context,
-				   data.data,
-				   data.length,
-				   &dec_rep->enc_part, 
-				   &size);
-    if (ret)
-	ret = krb5_decode_EncTGSRepPart(context,
-					data.data,
-					data.length,
-					&dec_rep->enc_part, 
-					&size);
-    krb5_data_free (&data);
-    return ret;
-}
-
-static krb5_error_code
-get_cred_kdc_usage(krb5_context context, 
-		   krb5_ccache id, 
-		   krb5_kdc_flags flags,
-		   krb5_addresses *addresses, 
-		   krb5_creds *in_creds,
-		   krb5_creds *krbtgt,
-		   krb5_principal impersonate_principal,
-		   Ticket *second_ticket,
-		   krb5_creds *out_creds,
-		   krb5_key_usage usage)
-{
-    TGS_REQ req;
-    krb5_data enc;
-    krb5_data resp;
-    krb5_kdc_rep rep;
-    KRB_ERROR error;
-    krb5_error_code ret;
-    unsigned nonce;
-    krb5_keyblock *subkey = NULL;
-    size_t len;
-    Ticket second_ticket_data;
-    METHOD_DATA padata;
-    
-    krb5_data_zero(&resp);
-    krb5_data_zero(&enc);
-    padata.val = NULL;
-    padata.len = 0;
-
-    krb5_generate_random_block(&nonce, sizeof(nonce));
-    nonce &= 0xffffffff;
-    
-    if(flags.b.enc_tkt_in_skey && second_ticket == NULL){
-	ret = decode_Ticket(in_creds->second_ticket.data, 
-			    in_creds->second_ticket.length, 
-			    &second_ticket_data, &len);
-	if(ret)
-	    return ret;
-	second_ticket = &second_ticket_data;
-    }
-
-
-    if (impersonate_principal) {
-	krb5_crypto crypto;
-	PA_S4U2Self self;
-	krb5_data data;
-	void *buf;
-	size_t size;
-
-	self.name = impersonate_principal->name;
-	self.realm = impersonate_principal->realm;
-	self.auth = estrdup("Kerberos");
-	
-	ret = _krb5_s4u2self_to_checksumdata(context, &self, &data);
-	if (ret) {
-	    free(self.auth);
-	    goto out;
-	}
-
-	ret = krb5_crypto_init(context, &krbtgt->session, 0, &crypto);
-	if (ret) {
-	    free(self.auth);
-	    krb5_data_free(&data);
-	    goto out;
-	}
-
-	ret = krb5_create_checksum(context,
-				   crypto,
-				   KRB5_KU_OTHER_CKSUM,
-				   0,
-				   data.data,
-				   data.length, 
-				   &self.cksum);
-	krb5_crypto_destroy(context, crypto);
-	krb5_data_free(&data);
-	if (ret) {
-	    free(self.auth);
-	    goto out;
-	}
-
-	ASN1_MALLOC_ENCODE(PA_S4U2Self, buf, len, &self, &size, ret);
-	free(self.auth);
-	free_Checksum(&self.cksum);
-	if (ret)
-	    goto out;
-	if (len != size)
-	    krb5_abortx(context, "internal asn1 error");
-	
-	ret = krb5_padata_add(context, &padata, KRB5_PADATA_S4U2SELF, buf, len);
-	if (ret)
-	    goto out;
-    }
-
-    ret = init_tgs_req (context,
-			id,
-			addresses,
-			flags,
-			second_ticket,
-			in_creds,
-			krbtgt,
-			nonce,
-			&padata,
-			&subkey, 
-			&req,
-			usage);
-    if (ret)
-	goto out;
-
-    ASN1_MALLOC_ENCODE(TGS_REQ, enc.data, enc.length, &req, &len, ret);
-    if (ret) 
-	goto out;
-    if(enc.length != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-
-    /* don't free addresses */
-    req.req_body.addresses = NULL;
-    free_TGS_REQ(&req);
-
-    /*
-     * Send and receive
-     */
-    {
-	krb5_sendto_ctx stctx;
-	ret = krb5_sendto_ctx_alloc(context, &stctx);
-	if (ret)
-	    return ret;
-	krb5_sendto_ctx_set_func(stctx, _krb5_kdc_retry, NULL);
-
-	ret = krb5_sendto_context (context, stctx, &enc,
-				   krbtgt->server->name.name_string.val[1],
-				   &resp);
-	krb5_sendto_ctx_free(context, stctx);
-    }
-    if(ret)
-	goto out;
-
-    memset(&rep, 0, sizeof(rep));
-    if(decode_TGS_REP(resp.data, resp.length, &rep.kdc_rep, &len) == 0){
-	ret = krb5_copy_principal(context, 
-				  in_creds->client, 
-				  &out_creds->client);
-	if(ret)
-	    goto out;
-	ret = krb5_copy_principal(context, 
-				  in_creds->server, 
-				  &out_creds->server);
-	if(ret)
-	    goto out;
-	/* this should go someplace else */
-	out_creds->times.endtime = in_creds->times.endtime;
-
-	ret = _krb5_extract_ticket(context,
-				   &rep,
-				   out_creds,
-				   &krbtgt->session,
-				   NULL,
-				   KRB5_KU_TGS_REP_ENC_PART_SESSION,
-				   &krbtgt->addresses,
-				   nonce,
-				   EXTRACT_TICKET_ALLOW_CNAME_MISMATCH|
-				   EXTRACT_TICKET_ALLOW_SERVER_MISMATCH,
-				   decrypt_tkt_with_subkey,
-				   subkey);
-	krb5_free_kdc_rep(context, &rep);
-    } else if(krb5_rd_error(context, &resp, &error) == 0) {
-	ret = krb5_error_from_rd_error(context, &error, in_creds);
-	krb5_free_error_contents(context, &error);
-    } else if(resp.data && ((char*)resp.data)[0] == 4) {
-	ret = KRB5KRB_AP_ERR_V4_REPLY;
-	krb5_clear_error_string(context);
-    } else {
-	ret = KRB5KRB_AP_ERR_MSG_TYPE;
-	krb5_clear_error_string(context);
-    }
-
-out:
-    if (second_ticket == &second_ticket_data)
-	free_Ticket(&second_ticket_data);
-    free_METHOD_DATA(&padata);
-    krb5_data_free(&resp);
-    krb5_data_free(&enc);
-    if(subkey){
-	krb5_free_keyblock_contents(context, subkey);
-	free(subkey);
-    }
-    return ret;
-    
-}
-
-static krb5_error_code
-get_cred_kdc(krb5_context context, 
-	     krb5_ccache id, 
-	     krb5_kdc_flags flags,
-	     krb5_addresses *addresses, 
-	     krb5_creds *in_creds, 
-	     krb5_creds *krbtgt,
-	     krb5_principal impersonate_principal,
-	     Ticket *second_ticket,
-	     krb5_creds *out_creds)
-{
-    krb5_error_code ret;
-
-    ret = get_cred_kdc_usage(context, id, flags, addresses, in_creds,
-			     krbtgt, impersonate_principal, second_ticket,
-			     out_creds, KRB5_KU_TGS_REQ_AUTH);
-    if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
-	krb5_clear_error_string (context);
-	ret = get_cred_kdc_usage(context, id, flags, addresses, in_creds,
-				 krbtgt, impersonate_principal, second_ticket,
-				 out_creds, KRB5_KU_AP_REQ_AUTH);
-    }
-    return ret;
-}
-
-/* same as above, just get local addresses first */
-
-static krb5_error_code
-get_cred_kdc_la(krb5_context context, krb5_ccache id, krb5_kdc_flags flags, 
-		krb5_creds *in_creds, krb5_creds *krbtgt, 
-		krb5_principal impersonate_principal, Ticket *second_ticket,
-		krb5_creds *out_creds)
-{
-    krb5_error_code ret;
-    krb5_addresses addresses, *addrs = &addresses;
-    
-    krb5_get_all_client_addrs(context, &addresses);
-    /* XXX this sucks. */
-    if(addresses.len == 0)
-	addrs = NULL;
-    ret = get_cred_kdc(context, id, flags, addrs, 
-		       in_creds, krbtgt, impersonate_principal, second_ticket,
-		       out_creds);
-    krb5_free_addresses(context, &addresses);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_kdc_cred(krb5_context context,
-		  krb5_ccache id,
-		  krb5_kdc_flags flags,
-		  krb5_addresses *addresses,
-		  Ticket  *second_ticket,
-		  krb5_creds *in_creds,
-		  krb5_creds **out_creds
-		  )
-{
-    krb5_error_code ret;
-    krb5_creds *krbtgt;
-
-    *out_creds = calloc(1, sizeof(**out_creds));
-    if(*out_creds == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    ret = _krb5_get_krbtgt (context,
-			    id,
-			    in_creds->server->realm,
-			    &krbtgt);
-    if(ret) {
-	free(*out_creds);
-	return ret;
-    }
-    ret = get_cred_kdc(context, id, flags, addresses, 
-		       in_creds, krbtgt, NULL, NULL, *out_creds);
-    krb5_free_creds (context, krbtgt);
-    if(ret)
-	free(*out_creds);
-    return ret;
-}
-
-static void
-not_found(krb5_context context, krb5_const_principal p)
-{
-    krb5_error_code ret;
-    char *str;
-
-    ret = krb5_unparse_name(context, p, &str);
-    if(ret) {
-	krb5_clear_error_string(context);
-	return;
-    }
-    krb5_set_error_string(context, "Matching credential (%s) not found", str);
-    free(str);
-}
-
-static krb5_error_code
-find_cred(krb5_context context,
-	  krb5_ccache id,
-	  krb5_principal server,
-	  krb5_creds **tgts,
-	  krb5_creds *out_creds)
-{
-    krb5_error_code ret;
-    krb5_creds mcreds;
-
-    krb5_cc_clear_mcred(&mcreds);
-    mcreds.server = server;
-    ret = krb5_cc_retrieve_cred(context, id, KRB5_TC_DONT_MATCH_REALM, 
-				&mcreds, out_creds);
-    if(ret == 0)
-	return 0;
-    while(tgts && *tgts){
-	if(krb5_compare_creds(context, KRB5_TC_DONT_MATCH_REALM, 
-			      &mcreds, *tgts)){
-	    ret = krb5_copy_creds_contents(context, *tgts, out_creds);
-	    return ret;
-	}
-	tgts++;
-    }
-    not_found(context, server);
-    return KRB5_CC_NOTFOUND;
-}
-
-static krb5_error_code
-add_cred(krb5_context context, krb5_creds ***tgts, krb5_creds *tkt)
-{
-    int i;
-    krb5_error_code ret;
-    krb5_creds **tmp = *tgts;
-
-    for(i = 0; tmp && tmp[i]; i++); /* XXX */
-    tmp = realloc(tmp, (i+2)*sizeof(*tmp));
-    if(tmp == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    *tgts = tmp;
-    ret = krb5_copy_creds(context, tkt, &tmp[i]);
-    tmp[i+1] = NULL;
-    return ret;
-}
-
-/*
-get_cred(server)
-	creds = cc_get_cred(server)
-	if(creds) return creds
-	tgt = cc_get_cred(krbtgt/server_realm@any_realm)
-	if(tgt)
-		return get_cred_tgt(server, tgt)
-	if(client_realm == server_realm)
-		return NULL
-	tgt = get_cred(krbtgt/server_realm@client_realm)
-	while(tgt_inst != server_realm)
-		tgt = get_cred(krbtgt/server_realm@tgt_inst)
-	return get_cred_tgt(server, tgt)
-	*/
-
-static krb5_error_code
-get_cred_from_kdc_flags(krb5_context context,
-			krb5_kdc_flags flags,
-			krb5_ccache ccache,
-			krb5_creds *in_creds,
-			krb5_principal impersonate_principal,
-			Ticket *second_ticket,			
-			krb5_creds **out_creds,
-			krb5_creds ***ret_tgts)
-{
-    krb5_error_code ret;
-    krb5_creds *tgt, tmp_creds;
-    krb5_const_realm client_realm, server_realm, try_realm;
-
-    *out_creds = NULL;
-
-    client_realm = krb5_principal_get_realm(context, in_creds->client);
-    server_realm = krb5_principal_get_realm(context, in_creds->server);
-    memset(&tmp_creds, 0, sizeof(tmp_creds));
-    ret = krb5_copy_principal(context, in_creds->client, &tmp_creds.client);
-    if(ret)
-	return ret;
-
-    try_realm = krb5_config_get_string(context, NULL, "capaths", 
-				       client_realm, server_realm, NULL);
-    
-#if 1
-    /* XXX remove in future release */
-    if(try_realm == NULL)
-	try_realm = krb5_config_get_string(context, NULL, "libdefaults", 
-					   "capath", server_realm, NULL);
-#endif
-
-    if (try_realm == NULL)
-	try_realm = client_realm;
-
-    ret = krb5_make_principal(context,
-			      &tmp_creds.server,
-			      try_realm,
-			      KRB5_TGS_NAME,
-			      server_realm, 
-			      NULL);
-    if(ret){
-	krb5_free_principal(context, tmp_creds.client);
-	return ret;
-    }
-    {
-	krb5_creds tgts;
-	/* XXX try krb5_cc_retrieve_cred first? */
-	ret = find_cred(context, ccache, tmp_creds.server, 
-			*ret_tgts, &tgts);
-	if(ret == 0){
-	    *out_creds = calloc(1, sizeof(**out_creds));
-	    if(*out_creds == NULL) {
-		krb5_set_error_string(context, "malloc: out of memory");
-		ret = ENOMEM;
-	    } else {
-		krb5_boolean noaddr;
-
-		krb5_appdefault_boolean(context, NULL, tgts.server->realm,
-					"no-addresses", FALSE, &noaddr);
-
-		if (noaddr)
-		    ret = get_cred_kdc(context, ccache, flags, NULL,
-				       in_creds, &tgts,
-				       impersonate_principal, 
-				       second_ticket,
-				       *out_creds);
-		else
-		    ret = get_cred_kdc_la(context, ccache, flags, 
-					  in_creds, &tgts, 
-					  impersonate_principal, 
-					  second_ticket,
-					  *out_creds);
-		if (ret) {
-		    free (*out_creds);
-		    *out_creds = NULL;
-		}
-	    }
-	    krb5_free_cred_contents(context, &tgts);
-	    krb5_free_principal(context, tmp_creds.server);
-	    krb5_free_principal(context, tmp_creds.client);
-	    return ret;
-	}
-    }
-    if(krb5_realm_compare(context, in_creds->client, in_creds->server)) {
-	not_found(context, in_creds->server);
-	return KRB5_CC_NOTFOUND;
-    }
-    /* XXX this can loop forever */
-    while(1){
-	heim_general_string tgt_inst;
-
-	ret = get_cred_from_kdc_flags(context, flags, ccache, &tmp_creds, 
-				      NULL, NULL, &tgt, ret_tgts);
-	if(ret) {
-	    krb5_free_principal(context, tmp_creds.server);
-	    krb5_free_principal(context, tmp_creds.client);
-	    return ret;
-	}
-	ret = add_cred(context, ret_tgts, tgt);
-	if(ret) {
-	    krb5_free_principal(context, tmp_creds.server);
-	    krb5_free_principal(context, tmp_creds.client);
-	    return ret;
-	}
-	tgt_inst = tgt->server->name.name_string.val[1];
-	if(strcmp(tgt_inst, server_realm) == 0)
-	    break;
-	krb5_free_principal(context, tmp_creds.server);
-	ret = krb5_make_principal(context, &tmp_creds.server, 
-				  tgt_inst, KRB5_TGS_NAME, server_realm, NULL);
-	if(ret) {
-	    krb5_free_principal(context, tmp_creds.server);
-	    krb5_free_principal(context, tmp_creds.client);
-	    return ret;
-	}
-	ret = krb5_free_creds(context, tgt);
-	if(ret) {
-	    krb5_free_principal(context, tmp_creds.server);
-	    krb5_free_principal(context, tmp_creds.client);
-	    return ret;
-	}
-    }
-	
-    krb5_free_principal(context, tmp_creds.server);
-    krb5_free_principal(context, tmp_creds.client);
-    *out_creds = calloc(1, sizeof(**out_creds));
-    if(*out_creds == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	ret = ENOMEM;
-    } else {
-	krb5_boolean noaddr;
-
-	krb5_appdefault_boolean(context, NULL, tgt->server->realm,
-				"no-addresses", KRB5_ADDRESSLESS_DEFAULT,
-				&noaddr);
-	if (noaddr)
-	    ret = get_cred_kdc (context, ccache, flags, NULL,
-				in_creds, tgt, NULL, NULL,
-				*out_creds);
-	else
-	    ret = get_cred_kdc_la(context, ccache, flags, 
-				  in_creds, tgt, NULL, NULL,
-				  *out_creds);
-	if (ret) {
-	    free (*out_creds);
-	    *out_creds = NULL;
-	}
-    }
-    krb5_free_creds(context, tgt);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_cred_from_kdc_opt(krb5_context context,
-			   krb5_ccache ccache,
-			   krb5_creds *in_creds,
-			   krb5_creds **out_creds,
-			   krb5_creds ***ret_tgts,
-			   krb5_flags flags)
-{
-    krb5_kdc_flags f;
-    f.i = flags;
-    return get_cred_from_kdc_flags(context, f, ccache, 
-				   in_creds, NULL, NULL,
-				   out_creds, ret_tgts);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_cred_from_kdc(krb5_context context,
-		       krb5_ccache ccache,
-		       krb5_creds *in_creds,
-		       krb5_creds **out_creds,
-		       krb5_creds ***ret_tgts)
-{
-    return krb5_get_cred_from_kdc_opt(context, ccache, 
-				      in_creds, out_creds, ret_tgts, 0);
-}
-     
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_credentials_with_flags(krb5_context context,
-				krb5_flags options,
-				krb5_kdc_flags flags,
-				krb5_ccache ccache,
-				krb5_creds *in_creds,
-				krb5_creds **out_creds)
-{
-    krb5_error_code ret;
-    krb5_creds **tgts;
-    krb5_creds *res_creds;
-    int i;
-    
-    *out_creds = NULL;
-    res_creds = calloc(1, sizeof(*res_creds));
-    if (res_creds == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    if (in_creds->session.keytype)
-	options |= KRB5_TC_MATCH_KEYTYPE;
-
-    /* 
-     * If we got a credential, check if credential is expired before
-     * returning it.
-     */
-    ret = krb5_cc_retrieve_cred(context,
-                                ccache,
-                                in_creds->session.keytype ?
-                                KRB5_TC_MATCH_KEYTYPE : 0,
-                                in_creds, res_creds);
-    /* 
-     * If we got a credential, check if credential is expired before
-     * returning it, but only if KRB5_GC_EXPIRED_OK is not set.
-     */
-    if (ret == 0) {
-	krb5_timestamp timeret;
-
-	/* If expired ok, don't bother checking */
-        if(options & KRB5_GC_EXPIRED_OK) {
-            *out_creds = res_creds;
-            return 0;
-        }
-	    
-	krb5_timeofday(context, &timeret);
-	if(res_creds->times.endtime > timeret) {
-	    *out_creds = res_creds;
-	    return 0;
-	}
-	if(options & KRB5_GC_CACHED)
-	    krb5_cc_remove_cred(context, ccache, 0, res_creds);
-
-    } else if(ret != KRB5_CC_END) {
-        free(res_creds);
-        return ret;
-    }
-    free(res_creds);
-    if(options & KRB5_GC_CACHED) {
-	not_found(context, in_creds->server);
-        return KRB5_CC_NOTFOUND;
-    }
-    if(options & KRB5_GC_USER_USER)
-	flags.b.enc_tkt_in_skey = 1;
-    if (flags.b.enc_tkt_in_skey)
-	options |= KRB5_GC_NO_STORE;
-
-    tgts = NULL;
-    ret = get_cred_from_kdc_flags(context, flags, ccache, 
-				  in_creds, NULL, NULL, out_creds, &tgts);
-    for(i = 0; tgts && tgts[i]; i++) {
-	krb5_cc_store_cred(context, ccache, tgts[i]);
-	krb5_free_creds(context, tgts[i]);
-    }
-    free(tgts);
-    if(ret == 0 && (options & KRB5_GC_NO_STORE) == 0)
-	krb5_cc_store_cred(context, ccache, *out_creds);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_credentials(krb5_context context,
-		     krb5_flags options,
-		     krb5_ccache ccache,
-		     krb5_creds *in_creds,
-		     krb5_creds **out_creds)
-{
-    krb5_kdc_flags flags;
-    flags.i = 0;
-    return krb5_get_credentials_with_flags(context, options, flags,
-					   ccache, in_creds, out_creds);
-}
-
-struct krb5_get_creds_opt_data {
-    krb5_principal self;
-    krb5_flags options;
-    krb5_enctype enctype;
-    Ticket *ticket;
-};
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_creds_opt_alloc(krb5_context context, krb5_get_creds_opt *opt)
-{
-    *opt = calloc(1, sizeof(**opt));
-    if (*opt == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    return 0;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_get_creds_opt_free(krb5_context context, krb5_get_creds_opt opt)
-{
-    if (opt->self)
-	krb5_free_principal(context, opt->self);
-    memset(opt, 0, sizeof(*opt));
-    free(opt);
-}
-
-void KRB5_LIB_FUNCTION
-krb5_get_creds_opt_set_options(krb5_context context,
-			       krb5_get_creds_opt opt,
-			       krb5_flags options)
-{
-    opt->options = options;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_get_creds_opt_add_options(krb5_context context,
-			       krb5_get_creds_opt opt,
-			       krb5_flags options)
-{
-    opt->options |= options;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_get_creds_opt_set_enctype(krb5_context context,
-			       krb5_get_creds_opt opt,
-			       krb5_enctype enctype)
-{
-    opt->enctype = enctype;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_creds_opt_set_impersonate(krb5_context context,
-				   krb5_get_creds_opt opt,
-				   krb5_const_principal self)
-{
-    if (opt->self)
-	krb5_free_principal(context, opt->self);
-    return krb5_copy_principal(context, self, &opt->self);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_creds_opt_set_ticket(krb5_context context,
-			      krb5_get_creds_opt opt,
-			      const Ticket *ticket)
-{
-    if (opt->ticket) {
-	free_Ticket(opt->ticket);
-	free(opt->ticket);
-	opt->ticket = NULL;
-    }
-    if (ticket) {
-	krb5_error_code ret;
-
-	opt->ticket = malloc(sizeof(*ticket));
-	if (opt->ticket == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	ret = copy_Ticket(ticket, opt->ticket);
-	if (ret) {
-	    free(opt->ticket);
-	    opt->ticket = NULL;
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ret;
-	}
-    }
-    return 0;
-}
-
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_creds(krb5_context context,
-	       krb5_get_creds_opt opt,
-	       krb5_ccache ccache,
-	       krb5_const_principal inprinc,
-	       krb5_creds **out_creds)
-{
-    krb5_kdc_flags flags;
-    krb5_flags options;
-    krb5_creds in_creds;
-    krb5_error_code ret;
-    krb5_creds **tgts;
-    krb5_creds *res_creds;
-    int i;
-    
-    memset(&in_creds, 0, sizeof(in_creds));
-    in_creds.server = rk_UNCONST(inprinc);
-
-    ret = krb5_cc_get_principal(context, ccache, &in_creds.client);
-    if (ret)
-	return ret;
-
-    options = opt->options;
-    flags.i = 0;
-
-    *out_creds = NULL;
-    res_creds = calloc(1, sizeof(*res_creds));
-    if (res_creds == NULL) {
-	krb5_free_principal(context, in_creds.client);
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    if (opt->enctype) {
-	in_creds.session.keytype = opt->enctype;
-	options |= KRB5_TC_MATCH_KEYTYPE;
-    }
-
-    /* 
-     * If we got a credential, check if credential is expired before
-     * returning it.
-     */
-    ret = krb5_cc_retrieve_cred(context,
-                                ccache,
-				opt->enctype ? KRB5_TC_MATCH_KEYTYPE : 0,
-                                &in_creds, res_creds);
-    /* 
-     * If we got a credential, check if credential is expired before
-     * returning it, but only if KRB5_GC_EXPIRED_OK is not set.
-     */
-    if (ret == 0) {
-	krb5_timestamp timeret;
-
-	/* If expired ok, don't bother checking */
-        if(options & KRB5_GC_EXPIRED_OK) {
-            *out_creds = res_creds;
-	    krb5_free_principal(context, in_creds.client);
-            return 0;
-        }
-	    
-	krb5_timeofday(context, &timeret);
-	if(res_creds->times.endtime > timeret) {
-	    *out_creds = res_creds;
-	    krb5_free_principal(context, in_creds.client);
-	    return 0;
-	}
-	if(options & KRB5_GC_CACHED)
-	    krb5_cc_remove_cred(context, ccache, 0, res_creds);
-
-    } else if(ret != KRB5_CC_END) {
-        free(res_creds);
-	krb5_free_principal(context, in_creds.client);
-        return ret;
-    }
-    free(res_creds);
-    if(options & KRB5_GC_CACHED) {
-	not_found(context, in_creds.server);
-	krb5_free_principal(context, in_creds.client);
-        return KRB5_CC_NOTFOUND;
-    }
-    if(options & KRB5_GC_USER_USER) {
-	flags.b.enc_tkt_in_skey = 1;
-	options |= KRB5_GC_NO_STORE;
-    }
-    if (options & KRB5_GC_FORWARDABLE)
-	flags.b.forwardable = 1;
-    if (options & KRB5_GC_NO_TRANSIT_CHECK)
-	flags.b.disable_transited_check = 1;
-    if (options & KRB5_GC_CONSTRAINED_DELEGATION) {
-	flags.b.request_anonymous = 1; /* XXX ARGH confusion */
-	flags.b.constrained_delegation = 1;
-    }
-
-    tgts = NULL;
-    ret = get_cred_from_kdc_flags(context, flags, ccache, 
-				  &in_creds, opt->self, opt->ticket,
-				  out_creds, &tgts);
-    krb5_free_principal(context, in_creds.client);
-    for(i = 0; tgts && tgts[i]; i++) {
-	krb5_cc_store_cred(context, ccache, tgts[i]);
-	krb5_free_creds(context, tgts[i]);
-    }
-    free(tgts);
-    if(ret == 0 && (options & KRB5_GC_NO_STORE) == 0)
-	krb5_cc_store_cred(context, ccache, *out_creds);
-    return ret;
-}
-
-/*
- *
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_renewed_creds(krb5_context context,
-		       krb5_creds *creds,
-		       krb5_const_principal client,
-		       krb5_ccache ccache,
-		       const char *in_tkt_service)
-{
-    krb5_error_code ret;
-    krb5_kdc_flags flags;
-    krb5_creds in, *template, *out = NULL;
-
-    memset(&in, 0, sizeof(in));
-    memset(creds, 0, sizeof(*creds));
-
-    ret = krb5_copy_principal(context, client, &in.client);
-    if (ret)
-	return ret;
-
-    if (in_tkt_service) {
-	ret = krb5_parse_name(context, in_tkt_service, &in.server);
-	if (ret) {
-	    krb5_free_principal(context, in.client);
-	    return ret;
-	}
-    } else {
-	const char *realm = krb5_principal_get_realm(context, client);
-	
-	ret = krb5_make_principal(context, &in.server, realm, KRB5_TGS_NAME,
-				  realm, NULL);
-	if (ret) {
-	    krb5_free_principal(context, in.client);
-	    return ret;
-	}
-    }
-
-    flags.i = 0;
-    flags.b.renewable = flags.b.renew = 1;
-
-    /*
-     * Get template from old credential cache for the same entry, if
-     * this failes, no worries.
-     */
-    ret = krb5_get_credentials(context, KRB5_GC_CACHED, ccache, &in, &template);
-    if (ret == 0) {
-	flags.b.forwardable = template->flags.b.forwardable;
-	flags.b.proxiable = template->flags.b.proxiable;
-	krb5_free_creds (context, template);
-    }
-
-    ret = krb5_get_kdc_cred(context, ccache, flags, NULL, NULL, &in, &out);
-    krb5_free_principal(context, in.client);
-    krb5_free_principal(context, in.server);
-    if (ret)
-	return ret;
-
-    ret = krb5_copy_creds_contents(context, out, creds);
-    krb5_free_creds(context, out);
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/get_default_principal.c b/crypto/heimdal/lib/krb5/get_default_principal.c
deleted file mode 100644
index 83fb2b0fa984..000000000000
--- a/crypto/heimdal/lib/krb5/get_default_principal.c
+++ /dev/null
@@ -1,115 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: get_default_principal.c 14870 2005-04-20 20:53:29Z lha $");
-
-/*
- * Try to find out what's a reasonable default principal.
- */
-
-static const char*
-get_env_user(void)
-{
-    const char *user = getenv("USER");
-    if(user == NULL)
-	user = getenv("LOGNAME");
-    if(user == NULL)
-	user = getenv("USERNAME");
-    return user;
-}
-
-/*
- * Will only use operating-system dependant operation to get the
- * default principal, for use of functions that in ccache layer to
- * avoid recursive calls.
- */
-
-krb5_error_code
-_krb5_get_default_principal_local (krb5_context context, 
-				   krb5_principal *princ)
-{
-    krb5_error_code ret;
-    const char *user;
-    uid_t uid;
-
-    *princ = NULL;
-
-    uid = getuid();    
-    if(uid == 0) {
-	user = getlogin();
-	if(user == NULL)
-	    user = get_env_user();
-	if(user != NULL && strcmp(user, "root") != 0)
-	    ret = krb5_make_principal(context, princ, NULL, user, "root", NULL);
-	else
-	    ret = krb5_make_principal(context, princ, NULL, "root", NULL);
-    } else {
-	struct passwd *pw = getpwuid(uid);	
-	if(pw != NULL)
-	    user = pw->pw_name;
-	else {
-	    user = get_env_user();
-	    if(user == NULL)
-		user = getlogin();
-	}
-	if(user == NULL) {
-	    krb5_set_error_string(context,
-				  "unable to figure out current principal");
-	    return ENOTTY; /* XXX */
-	}
-	ret = krb5_make_principal(context, princ, NULL, user, NULL);
-    }
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_default_principal (krb5_context context,
-			    krb5_principal *princ)
-{
-    krb5_error_code ret;
-    krb5_ccache id;
-
-    *princ = NULL;
-
-    ret = krb5_cc_default (context, &id);
-    if (ret == 0) {
-	ret = krb5_cc_get_principal (context, id, princ);
-	krb5_cc_close (context, id);
-	if (ret == 0)
-	    return 0;
-    }
-
-    return _krb5_get_default_principal_local(context, princ);
-}
diff --git a/crypto/heimdal/lib/krb5/get_default_realm.c b/crypto/heimdal/lib/krb5/get_default_realm.c
deleted file mode 100644
index 09c8577b2601..000000000000
--- a/crypto/heimdal/lib/krb5/get_default_realm.c
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001, 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: get_default_realm.c 13863 2004-05-25 21:46:46Z lha $");
-
-/*
- * Return a NULL-terminated list of default realms in `realms'.
- * Free this memory with krb5_free_host_realm.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_default_realms (krb5_context context,
-			 krb5_realm **realms)
-{
-    if (context->default_realms == NULL) {
-	krb5_error_code ret = krb5_set_default_realm (context, NULL);
-	if (ret)
-	    return KRB5_CONFIG_NODEFREALM;
-    }
-
-    return krb5_copy_host_realm (context,
-				 context->default_realms,
-				 realms);
-}
-
-/*
- * Return the first default realm.  For compatibility.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_default_realm(krb5_context context,
-		       krb5_realm *realm)
-{
-    krb5_error_code ret;
-    char *res;
-
-    if (context->default_realms == NULL
-	|| context->default_realms[0] == NULL) {
-	krb5_clear_error_string(context);
-	ret = krb5_set_default_realm (context, NULL);
-	if (ret)
-	    return ret;
-    }
-
-    res = strdup (context->default_realms[0]);
-    if (res == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    *realm = res;
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/get_for_creds.c b/crypto/heimdal/lib/krb5/get_for_creds.c
deleted file mode 100644
index cb8b7c8641a6..000000000000
--- a/crypto/heimdal/lib/krb5/get_for_creds.c
+++ /dev/null
@@ -1,460 +0,0 @@
-/*
- * Copyright (c) 1997 - 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: get_for_creds.c 22504 2008-01-21 15:49:58Z lha $");
-
-static krb5_error_code
-add_addrs(krb5_context context,
-	  krb5_addresses *addr,
-	  struct addrinfo *ai)
-{
-    krb5_error_code ret;
-    unsigned n, i;
-    void *tmp;
-    struct addrinfo *a;
-
-    n = 0;
-    for (a = ai; a != NULL; a = a->ai_next)
-	++n;
-
-    tmp = realloc(addr->val, (addr->len + n) * sizeof(*addr->val));
-    if (tmp == NULL && (addr->len + n) != 0) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	ret = ENOMEM;
-	goto fail;
-    }
-    addr->val = tmp;
-    for (i = addr->len; i < (addr->len + n); ++i) {
-	addr->val[i].addr_type = 0;
-	krb5_data_zero(&addr->val[i].address);
-    }
-    i = addr->len;
-    for (a = ai; a != NULL; a = a->ai_next) {
-	krb5_address ad;
-
-	ret = krb5_sockaddr2address (context, a->ai_addr, &ad);
-	if (ret == 0) {
-	    if (krb5_address_search(context, &ad, addr))
-		krb5_free_address(context, &ad);
-	    else
-		addr->val[i++] = ad;
-	}
-	else if (ret == KRB5_PROG_ATYPE_NOSUPP)
-	    krb5_clear_error_string (context);
-	else
-	    goto fail;
-	addr->len = i;
-    }
-    return 0;
-fail:
-    krb5_free_addresses (context, addr);
-    return ret;
-}
-
-/**
- * Forward credentials for client to host hostname , making them
- * forwardable if forwardable, and returning the blob of data to sent
- * in out_data.  If hostname == NULL, pick it from server.
- *
- * @param context A kerberos 5 context.
- * @param auth_context the auth context with the key to encrypt the out_data.
- * @param hostname the host to forward the tickets too.
- * @param client the client to delegate from.
- * @param server the server to delegate the credential too.
- * @param ccache credential cache to use.
- * @param forwardable make the forwarded ticket forwabledable.
- * @param out_data the resulting credential.
- *
- * @return Return an error code or 0.
- *
- * @ingroup krb5_credential
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_fwd_tgt_creds (krb5_context	context,
-		    krb5_auth_context	auth_context,
-		    const char		*hostname,
-		    krb5_principal	client,
-		    krb5_principal	server,
-		    krb5_ccache		ccache,
-		    int			forwardable,
-		    krb5_data		*out_data)
-{
-    krb5_flags flags = 0;
-    krb5_creds creds;
-    krb5_error_code ret;
-    krb5_const_realm client_realm;
-
-    flags |= KDC_OPT_FORWARDED;
-
-    if (forwardable)
-	flags |= KDC_OPT_FORWARDABLE;
-
-    if (hostname == NULL &&
-	krb5_principal_get_type(context, server) == KRB5_NT_SRV_HST) {
-	const char *inst = krb5_principal_get_comp_string(context, server, 0);
-	const char *host = krb5_principal_get_comp_string(context, server, 1);
-
-	if (inst != NULL &&
-	    strcmp(inst, "host") == 0 &&
-	    host != NULL && 
-	    krb5_principal_get_comp_string(context, server, 2) == NULL)
-	    hostname = host;
-    }
-
-    client_realm = krb5_principal_get_realm(context, client);
-    
-    memset (&creds, 0, sizeof(creds));
-    creds.client = client;
-
-    ret = krb5_build_principal(context,
-			       &creds.server,
-			       strlen(client_realm),
-			       client_realm,
-			       KRB5_TGS_NAME,
-			       client_realm,
-			       NULL);
-    if (ret)
-	return ret;
-
-    ret = krb5_get_forwarded_creds (context,
-				    auth_context,
-				    ccache,
-				    flags,
-				    hostname,
-				    &creds,
-				    out_data);
-    return ret;
-}
-
-/**
- * Gets tickets forwarded to hostname. If the tickets that are
- * forwarded are address-less, the forwarded tickets will also be
- * address-less.
- * 
- * If the ticket have any address, hostname will be used for figure
- * out the address to forward the ticket too. This since this might
- * use DNS, its insecure and also doesn't represent configured all
- * addresses of the host. For example, the host might have two
- * adresses, one IPv4 and one IPv6 address where the later is not
- * published in DNS. This IPv6 address might be used communications
- * and thus the resulting ticket useless.
- *
- * @param context A kerberos 5 context.
- * @param auth_context the auth context with the key to encrypt the out_data.
- * @param ccache credential cache to use
- * @param flags the flags to control the resulting ticket flags
- * @param hostname the host to forward the tickets too.
- * @param in_creds the in client and server ticket names.  The client
- * and server components forwarded to the remote host.
- * @param out_data the resulting credential.
- *
- * @return Return an error code or 0.
- *
- * @ingroup krb5_credential
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_forwarded_creds (krb5_context	    context,
-			  krb5_auth_context auth_context,
-			  krb5_ccache       ccache,
-			  krb5_flags        flags,
-			  const char        *hostname,
-			  krb5_creds        *in_creds,
-			  krb5_data         *out_data)
-{
-    krb5_error_code ret;
-    krb5_creds *out_creds;
-    krb5_addresses addrs, *paddrs;
-    KRB_CRED cred;
-    KrbCredInfo *krb_cred_info;
-    EncKrbCredPart enc_krb_cred_part;
-    size_t len;
-    unsigned char *buf;
-    size_t buf_size;
-    krb5_kdc_flags kdc_flags;
-    krb5_crypto crypto;
-    struct addrinfo *ai;
-    int save_errno;
-    krb5_creds *ticket;
-
-    paddrs = NULL;
-    addrs.len = 0;
-    addrs.val = NULL;
-
-    ret = krb5_get_credentials(context, 0, ccache, in_creds, &ticket);
-    if(ret == 0) {
-	if (ticket->addresses.len)
-	    paddrs = &addrs;
-	krb5_free_creds (context, ticket);
-    } else {
-	krb5_boolean noaddr;
-	krb5_appdefault_boolean(context, NULL,
-				krb5_principal_get_realm(context, 
-							 in_creds->client),
-				"no-addresses", KRB5_ADDRESSLESS_DEFAULT,
-				&noaddr);
-	if (!noaddr)
-	    paddrs = &addrs;
-    }
-	
-    /*
-     * If tickets have addresses, get the address of the remote host.
-     */
-
-    if (paddrs != NULL) {
-
-	ret = getaddrinfo (hostname, NULL, NULL, &ai);
-	if (ret) {
-	    save_errno = errno;
-	    krb5_set_error_string(context, "resolving %s: %s",
-				  hostname, gai_strerror(ret));
-	    return krb5_eai_to_heim_errno(ret, save_errno);
-	}
-	
-	ret = add_addrs (context, &addrs, ai);
-	freeaddrinfo (ai);
-	if (ret)
-	    return ret;
-    }
-    
-    kdc_flags.b = int2KDCOptions(flags);
-
-    ret = krb5_get_kdc_cred (context,
-			     ccache,
-			     kdc_flags,
-			     paddrs,
-			     NULL,
-			     in_creds,
-			     &out_creds);
-    krb5_free_addresses (context, &addrs);
-    if (ret)
-	return ret;
-
-    memset (&cred, 0, sizeof(cred));
-    cred.pvno = 5;
-    cred.msg_type = krb_cred;
-    ALLOC_SEQ(&cred.tickets, 1);
-    if (cred.tickets.val == NULL) {
-	ret = ENOMEM;
-	krb5_set_error_string(context, "malloc: out of memory");
-	goto out2;
-    }
-    ret = decode_Ticket(out_creds->ticket.data,
-			out_creds->ticket.length,
-			cred.tickets.val, &len);
-    if (ret)
-	goto out3;
-
-    memset (&enc_krb_cred_part, 0, sizeof(enc_krb_cred_part));
-    ALLOC_SEQ(&enc_krb_cred_part.ticket_info, 1);
-    if (enc_krb_cred_part.ticket_info.val == NULL) {
-	ret = ENOMEM;
-	krb5_set_error_string(context, "malloc: out of memory");
-	goto out4;
-    }
-    
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
-	krb5_timestamp sec;
-	int32_t usec;
-	
-	krb5_us_timeofday (context, &sec, &usec);
-	
-	ALLOC(enc_krb_cred_part.timestamp, 1);
-	if (enc_krb_cred_part.timestamp == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    goto out4;
-	}
-	*enc_krb_cred_part.timestamp = sec;
-	ALLOC(enc_krb_cred_part.usec, 1);
-	if (enc_krb_cred_part.usec == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    goto out4;
-	}
-	*enc_krb_cred_part.usec      = usec;
-    } else {
-	enc_krb_cred_part.timestamp = NULL;
-	enc_krb_cred_part.usec = NULL;
-    }
-
-    if (auth_context->local_address && auth_context->local_port && paddrs) {
-
-	ret = krb5_make_addrport (context,
-				  &enc_krb_cred_part.s_address,
-				  auth_context->local_address,
-				  auth_context->local_port);
-	if (ret)
-	    goto out4;
-    }
-
-    if (auth_context->remote_address) {
-	if (auth_context->remote_port) {
-	    krb5_boolean noaddr;
-	    krb5_const_realm srealm;
-
-	    srealm = krb5_principal_get_realm(context, out_creds->server);
-	    /* Is this correct, and should we use the paddrs == NULL
-               trick here as well? Having an address-less ticket may
-               indicate that we don't know our own global address, but
-               it does not necessary mean that we don't know the
-               server's. */
-	    krb5_appdefault_boolean(context, NULL, srealm, "no-addresses",
-				    FALSE, &noaddr);
-	    if (!noaddr) {
-		ret = krb5_make_addrport (context,
-					  &enc_krb_cred_part.r_address,
-					  auth_context->remote_address,
-					  auth_context->remote_port);
-		if (ret)
-		    goto out4;
-	    }
-	} else {
-	    ALLOC(enc_krb_cred_part.r_address, 1);
-	    if (enc_krb_cred_part.r_address == NULL) {
-		ret = ENOMEM;
-		krb5_set_error_string(context, "malloc: out of memory");
-		goto out4;
-	    }
-
-	    ret = krb5_copy_address (context, auth_context->remote_address,
-				     enc_krb_cred_part.r_address);
-	    if (ret)
-		goto out4;
-	}
-    }
-
-    /* fill ticket_info.val[0] */
-
-    enc_krb_cred_part.ticket_info.len = 1;
-
-    krb_cred_info = enc_krb_cred_part.ticket_info.val;
-
-    copy_EncryptionKey (&out_creds->session, &krb_cred_info->key);
-    ALLOC(krb_cred_info->prealm, 1);
-    copy_Realm (&out_creds->client->realm, krb_cred_info->prealm);
-    ALLOC(krb_cred_info->pname, 1);
-    copy_PrincipalName(&out_creds->client->name, krb_cred_info->pname);
-    ALLOC(krb_cred_info->flags, 1);
-    *krb_cred_info->flags          = out_creds->flags.b;
-    ALLOC(krb_cred_info->authtime, 1);
-    *krb_cred_info->authtime       = out_creds->times.authtime;
-    ALLOC(krb_cred_info->starttime, 1);
-    *krb_cred_info->starttime      = out_creds->times.starttime;
-    ALLOC(krb_cred_info->endtime, 1);
-    *krb_cred_info->endtime        = out_creds->times.endtime;
-    ALLOC(krb_cred_info->renew_till, 1);
-    *krb_cred_info->renew_till = out_creds->times.renew_till;
-    ALLOC(krb_cred_info->srealm, 1);
-    copy_Realm (&out_creds->server->realm, krb_cred_info->srealm);
-    ALLOC(krb_cred_info->sname, 1);
-    copy_PrincipalName (&out_creds->server->name, krb_cred_info->sname);
-    ALLOC(krb_cred_info->caddr, 1);
-    copy_HostAddresses (&out_creds->addresses, krb_cred_info->caddr);
-
-    krb5_free_creds (context, out_creds);
-
-    /* encode EncKrbCredPart */
-
-    ASN1_MALLOC_ENCODE(EncKrbCredPart, buf, buf_size, 
-		       &enc_krb_cred_part, &len, ret);
-    free_EncKrbCredPart (&enc_krb_cred_part);
-    if (ret) {
-	free_KRB_CRED(&cred);
-	return ret;
-    }
-    if(buf_size != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-
-    /**
-     * Some older of the MIT gssapi library used clear-text tickets
-     * (warped inside AP-REQ encryption), use the krb5_auth_context
-     * flag KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED to support those
-     * tickets. The session key is used otherwise to encrypt the
-     * forwarded ticket.
-     */
-
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED) {
-	cred.enc_part.etype = ENCTYPE_NULL;
-	cred.enc_part.kvno = NULL;
-	cred.enc_part.cipher.data = buf;
-	cred.enc_part.cipher.length = buf_size;
-    } else {
-	/* 
-	 * Here older versions then 0.7.2 of Heimdal used the local or
-	 * remote subkey. That is wrong, the session key should be
-	 * used. Heimdal 0.7.2 and newer have code to try both in the
-	 * receiving end.
-	 */
-	
-	ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto);
-	if (ret) {
-	    free(buf);
-	    free_KRB_CRED(&cred);
-	    return ret;
-	}
-	ret = krb5_encrypt_EncryptedData (context,
-					  crypto,
-					  KRB5_KU_KRB_CRED,
-					  buf,
-					  len,
-					  0,
-					  &cred.enc_part);
-	free(buf);
-	krb5_crypto_destroy(context, crypto);
-	if (ret) {
-	    free_KRB_CRED(&cred);
-	    return ret;
-	}
-    }
-
-    ASN1_MALLOC_ENCODE(KRB_CRED, buf, buf_size, &cred, &len, ret);
-    free_KRB_CRED (&cred);
-    if (ret)
-	return ret;
-    if(buf_size != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-    out_data->length = len;
-    out_data->data   = buf;
-    return 0;
- out4:
-    free_EncKrbCredPart(&enc_krb_cred_part);
- out3:
-    free_KRB_CRED(&cred);
- out2:
-    krb5_free_creds (context, out_creds);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/get_host_realm.c b/crypto/heimdal/lib/krb5/get_host_realm.c
deleted file mode 100644
index d709e4b38d17..000000000000
--- a/crypto/heimdal/lib/krb5/get_host_realm.c
+++ /dev/null
@@ -1,257 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-#include <resolve.h>
-
-RCSID("$Id: get_host_realm.c 18541 2006-10-17 19:28:36Z lha $");
-
-/* To automagically find the correct realm of a host (without
- * [domain_realm] in krb5.conf) add a text record for your domain with
- * the name of your realm, like this:
- *
- * _kerberos	IN	TXT	"FOO.SE"
- *
- * The search is recursive, so you can add entries for specific
- * hosts. To find the realm of host a.b.c, it first tries
- * _kerberos.a.b.c, then _kerberos.b.c and so on.
- *
- * This method is described in draft-ietf-cat-krb-dns-locate-03.txt.
- *
- */
-
-static int
-copy_txt_to_realms (struct resource_record *head,
-		    krb5_realm **realms)
-{
-    struct resource_record *rr;
-    int n, i;
-
-    for(n = 0, rr = head; rr; rr = rr->next)
-	if (rr->type == T_TXT)
-	    ++n;
-
-    if (n == 0)
-	return -1;
-
-    *realms = malloc ((n + 1) * sizeof(krb5_realm));
-    if (*realms == NULL)
-	return -1;
-
-    for (i = 0; i < n + 1; ++i)
-	(*realms)[i] = NULL;
-
-    for (i = 0, rr = head; rr; rr = rr->next) {
-	if (rr->type == T_TXT) {
-	    char *tmp;
-
-	    tmp = strdup(rr->u.txt);
-	    if (tmp == NULL) {
-		for (i = 0; i < n; ++i)
-		    free ((*realms)[i]);
-		free (*realms);
-		return -1;
-	    }
-	    (*realms)[i] = tmp;
-	    ++i;
-	}
-    }
-    return 0;
-}
-
-static int
-dns_find_realm(krb5_context context,
-	       const char *domain,
-	       krb5_realm **realms)
-{
-    static const char *default_labels[] = { "_kerberos", NULL };
-    char dom[MAXHOSTNAMELEN];
-    struct dns_reply *r;
-    const char **labels;
-    char **config_labels;
-    int i, ret;
-    
-    config_labels = krb5_config_get_strings(context, NULL, "libdefaults",
-					    "dns_lookup_realm_labels", NULL);
-    if(config_labels != NULL)
-	labels = (const char **)config_labels;
-    else
-	labels = default_labels;
-    if(*domain == '.')
-	domain++;
-    for (i = 0; labels[i] != NULL; i++) {
-	ret = snprintf(dom, sizeof(dom), "%s.%s.", labels[i], domain);
-	if(ret < 0 || ret >= sizeof(dom)) {
-	    if (config_labels)
-		krb5_config_free_strings(config_labels);
-	    return -1;
-	}
-    	r = dns_lookup(dom, "TXT");
-    	if(r != NULL) {
-	    ret = copy_txt_to_realms (r->head, realms);
-	    dns_free_data(r);
-	    if(ret == 0) {
-		if (config_labels)
-		    krb5_config_free_strings(config_labels);
-		return 0;
-	    }
-	}
-    }
-    if (config_labels)
-	krb5_config_free_strings(config_labels);
-    return -1;
-}
-
-/*
- * Try to figure out what realms host in `domain' belong to from the
- * configuration file.
- */
-
-static int
-config_find_realm(krb5_context context, 
-		  const char *domain, 
-		  krb5_realm **realms)
-{
-    char **tmp = krb5_config_get_strings (context, NULL,
-					  "domain_realm",
-					  domain,
-					  NULL);
-
-    if (tmp == NULL)
-	return -1;
-    *realms = tmp;
-    return 0;
-}
-
-/*
- * This function assumes that `host' is a FQDN (and doesn't handle the
- * special case of host == NULL either).
- * Try to find mapping in the config file or DNS and it that fails,
- * fall back to guessing
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_get_host_realm_int (krb5_context context,
-			  const char *host,
-			  krb5_boolean use_dns,
-			  krb5_realm **realms)
-{
-    const char *p, *q;
-    krb5_boolean dns_locate_enable;
-
-    dns_locate_enable = krb5_config_get_bool_default(context, NULL, TRUE,
-	"libdefaults", "dns_lookup_realm", NULL);
-    for (p = host; p != NULL; p = strchr (p + 1, '.')) {
-	if(config_find_realm(context, p, realms) == 0) {
-	    if(strcasecmp(*realms[0], "dns_locate") == 0) {
-		if(use_dns)
-		    for (q = host; q != NULL; q = strchr(q + 1, '.'))
-			if(dns_find_realm(context, q, realms) == 0)
-			    return 0;
-		continue; 
-	    } else 
-	    	return 0;
-	}
-	else if(use_dns && dns_locate_enable) {
-	    if(dns_find_realm(context, p, realms) == 0)
-		return 0;
-	}
-    }
-    p = strchr(host, '.');
-    if(p != NULL) {
-	p++;
-	*realms = malloc(2 * sizeof(krb5_realm));
-	if (*realms == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-
-	(*realms)[0] = strdup(p);
-	if((*realms)[0] == NULL) {
-	    free(*realms);
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	strupr((*realms)[0]);
-	(*realms)[1] = NULL;
-	return 0;
-    }
-    krb5_set_error_string(context, "unable to find realm of host %s", host);
-    return KRB5_ERR_HOST_REALM_UNKNOWN;
-}
-
-/*
- * Return the realm(s) of `host' as a NULL-terminated list in
- * `realms'. Free `realms' with krb5_free_host_realm().
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_host_realm(krb5_context context,
-		    const char *targethost,
-		    krb5_realm **realms)
-{
-    const char *host = targethost;
-    char hostname[MAXHOSTNAMELEN];
-    krb5_error_code ret;
-    int use_dns;
-
-    if (host == NULL) {
-	if (gethostname (hostname, sizeof(hostname))) {
-	    *realms = NULL;
-	    return errno;
-	}
-	host = hostname;
-    }
-
-    /* 
-     * If our local hostname is without components, don't even try to dns.
-     */
-
-    use_dns = (strchr(host, '.') != NULL);
-
-    ret = _krb5_get_host_realm_int (context, host, use_dns, realms);
-    if (ret && targethost != NULL) {
-	/*
-	 * If there was no realm mapping for the host (and we wasn't
-	 * looking for ourself), guess at the local realm, maybe our
-	 * KDC knows better then we do and we get a referral back.
-	 */
-	ret = krb5_get_default_realms(context, realms);
-	if (ret) {
-	    krb5_set_error_string(context, "Unable to find realm of host %s",
-				  host);
-	    return KRB5_ERR_HOST_REALM_UNKNOWN;
-	}
-    }
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/get_in_tkt.c b/crypto/heimdal/lib/krb5/get_in_tkt.c
deleted file mode 100644
index ffd4ca2b04e4..000000000000
--- a/crypto/heimdal/lib/krb5/get_in_tkt.c
+++ /dev/null
@@ -1,834 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: get_in_tkt.c 20226 2007-02-16 03:31:50Z lha $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_init_etype (krb5_context context,
-		 unsigned *len,
-		 krb5_enctype **val,
-		 const krb5_enctype *etypes)
-{
-    int i;
-    krb5_error_code ret;
-    krb5_enctype *tmp = NULL;
-
-    ret = 0;
-    if (etypes == NULL) {
-	ret = krb5_get_default_in_tkt_etypes(context,
-					     &tmp);
-	if (ret)
-	    return ret;
-	etypes = tmp;
-    }
-
-    for (i = 0; etypes[i]; ++i)
-	;
-    *len = i;
-    *val = malloc(i * sizeof(**val));
-    if (i != 0 && *val == NULL) {
-	ret = ENOMEM;
-	krb5_set_error_string(context, "malloc: out of memory");
-	goto cleanup;
-    }
-    memmove (*val,
-	     etypes,
-	     i * sizeof(*tmp));
-cleanup:
-    if (tmp != NULL)
-	free (tmp);
-    return ret;
-}
-
-
-static krb5_error_code
-decrypt_tkt (krb5_context context,
-	     krb5_keyblock *key,
-	     krb5_key_usage usage,
-	     krb5_const_pointer decrypt_arg,
-	     krb5_kdc_rep *dec_rep)
-{
-    krb5_error_code ret;
-    krb5_data data;
-    size_t size;
-    krb5_crypto crypto;
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret)
-	return ret;
-
-    ret = krb5_decrypt_EncryptedData (context,
-				      crypto,
-				      usage,
-				      &dec_rep->kdc_rep.enc_part,
-				      &data);
-    krb5_crypto_destroy(context, crypto);
-
-    if (ret)
-	return ret;
-
-    ret = krb5_decode_EncASRepPart(context,
-				   data.data,
-				   data.length,
-				   &dec_rep->enc_part, 
-				   &size);
-    if (ret)
-	ret = krb5_decode_EncTGSRepPart(context,
-					data.data,
-					data.length,
-					&dec_rep->enc_part, 
-					&size);
-    krb5_data_free (&data);
-    if (ret)
-	return ret;
-    return 0;
-}
-
-int
-_krb5_extract_ticket(krb5_context context, 
-		     krb5_kdc_rep *rep, 
-		     krb5_creds *creds,		
-		     krb5_keyblock *key,
-		     krb5_const_pointer keyseed,
-		     krb5_key_usage key_usage,
-		     krb5_addresses *addrs,
-		     unsigned nonce,
-		     unsigned flags,
-		     krb5_decrypt_proc decrypt_proc,
-		     krb5_const_pointer decryptarg)
-{
-    krb5_error_code ret;
-    krb5_principal tmp_principal;
-    int tmp;
-    size_t len;
-    time_t tmp_time;
-    krb5_timestamp sec_now;
-
-    ret = _krb5_principalname2krb5_principal (context,
-					      &tmp_principal,
-					      rep->kdc_rep.cname,
-					      rep->kdc_rep.crealm);
-    if (ret)
-	goto out;
-
-    /* compare client */
-
-    if((flags & EXTRACT_TICKET_ALLOW_CNAME_MISMATCH) == 0){
-	tmp = krb5_principal_compare (context, tmp_principal, creds->client);
-	if (!tmp) {
-	    krb5_free_principal (context, tmp_principal);
-	    krb5_clear_error_string (context);
-	    ret = KRB5KRB_AP_ERR_MODIFIED;
-	    goto out;
-	}
-    }
-
-    krb5_free_principal (context, creds->client);
-    creds->client = tmp_principal;
-
-    /* extract ticket */
-    ASN1_MALLOC_ENCODE(Ticket, creds->ticket.data, creds->ticket.length, 
-		       &rep->kdc_rep.ticket, &len, ret);
-    if(ret)
-	goto out;
-    if (creds->ticket.length != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-    creds->second_ticket.length = 0;
-    creds->second_ticket.data   = NULL;
-
-    /* compare server */
-
-    ret = _krb5_principalname2krb5_principal (context,
-					      &tmp_principal,
-					      rep->kdc_rep.ticket.sname,
-					      rep->kdc_rep.ticket.realm);
-    if (ret)
-	goto out;
-    if(flags & EXTRACT_TICKET_ALLOW_SERVER_MISMATCH){
-	krb5_free_principal(context, creds->server);
-	creds->server = tmp_principal;
-	tmp_principal = NULL;
-    } else {
-	tmp = krb5_principal_compare (context, tmp_principal,
-				      creds->server);
-	krb5_free_principal (context, tmp_principal);
-	if (!tmp) {
-	    ret = KRB5KRB_AP_ERR_MODIFIED;
-	    krb5_clear_error_string (context);
-	    goto out;
-	}
-    }
-    
-    /* decrypt */
-
-    if (decrypt_proc == NULL)
-	decrypt_proc = decrypt_tkt;
-    
-    ret = (*decrypt_proc)(context, key, key_usage, decryptarg, rep);
-    if (ret)
-	goto out;
-
-    /* verify names */
-    if(flags & EXTRACT_TICKET_MATCH_REALM){
-	const char *srealm = krb5_principal_get_realm(context, creds->server);
-	const char *crealm = krb5_principal_get_realm(context, creds->client);
-
-	if (strcmp(rep->enc_part.srealm, srealm) != 0 ||
-	    strcmp(rep->enc_part.srealm, crealm) != 0)
-	{
-	    ret = KRB5KRB_AP_ERR_MODIFIED;
-	    krb5_clear_error_string(context);
-	    goto out;
-	}
-    }
-
-    /* compare nonces */
-
-    if (nonce != rep->enc_part.nonce) {
-	ret = KRB5KRB_AP_ERR_MODIFIED;
-	krb5_set_error_string(context, "malloc: out of memory");
-	goto out;
-    }
-
-    /* set kdc-offset */
-
-    krb5_timeofday (context, &sec_now);
-    if (rep->enc_part.flags.initial
-	&& context->kdc_sec_offset == 0
-	&& krb5_config_get_bool (context, NULL,
-				 "libdefaults",
-				 "kdc_timesync",
-				 NULL)) {
-	context->kdc_sec_offset = rep->enc_part.authtime - sec_now;
-	krb5_timeofday (context, &sec_now);
-    }
-
-    /* check all times */
-
-    if (rep->enc_part.starttime) {
-	tmp_time = *rep->enc_part.starttime;
-    } else
-	tmp_time = rep->enc_part.authtime;
-
-    if (creds->times.starttime == 0
-	&& abs(tmp_time - sec_now) > context->max_skew) {
-	ret = KRB5KRB_AP_ERR_SKEW;
-	krb5_set_error_string (context,
-			       "time skew (%d) larger than max (%d)",
-			       abs(tmp_time - sec_now),
-			       (int)context->max_skew);
-	goto out;
-    }
-
-    if (creds->times.starttime != 0
-	&& tmp_time != creds->times.starttime) {
-	krb5_clear_error_string (context);
-	ret = KRB5KRB_AP_ERR_MODIFIED;
-	goto out;
-    }
-
-    creds->times.starttime = tmp_time;
-
-    if (rep->enc_part.renew_till) {
-	tmp_time = *rep->enc_part.renew_till;
-    } else
-	tmp_time = 0;
-
-    if (creds->times.renew_till != 0
-	&& tmp_time > creds->times.renew_till) {
-	krb5_clear_error_string (context);
-	ret = KRB5KRB_AP_ERR_MODIFIED;
-	goto out;
-    }
-
-    creds->times.renew_till = tmp_time;
-
-    creds->times.authtime = rep->enc_part.authtime;
-
-    if (creds->times.endtime != 0
-	&& rep->enc_part.endtime > creds->times.endtime) {
-	krb5_clear_error_string (context);
-	ret = KRB5KRB_AP_ERR_MODIFIED;
-	goto out;
-    }
-
-    creds->times.endtime  = rep->enc_part.endtime;
-
-    if(rep->enc_part.caddr)
-	krb5_copy_addresses (context, rep->enc_part.caddr, &creds->addresses);
-    else if(addrs)
-	krb5_copy_addresses (context, addrs, &creds->addresses);
-    else {
-	creds->addresses.len = 0;
-	creds->addresses.val = NULL;
-    }
-    creds->flags.b = rep->enc_part.flags;
-	  
-    creds->authdata.len = 0;
-    creds->authdata.val = NULL;
-    creds->session.keyvalue.length = 0;
-    creds->session.keyvalue.data   = NULL;
-    creds->session.keytype = rep->enc_part.key.keytype;
-    ret = krb5_data_copy (&creds->session.keyvalue,
-			  rep->enc_part.key.keyvalue.data,
-			  rep->enc_part.key.keyvalue.length);
-
-out:
-    memset (rep->enc_part.key.keyvalue.data, 0,
-	    rep->enc_part.key.keyvalue.length);
-    return ret;
-}
-
-
-static krb5_error_code
-make_pa_enc_timestamp(krb5_context context, PA_DATA *pa, 
-		      krb5_enctype etype, krb5_keyblock *key)
-{
-    PA_ENC_TS_ENC p;
-    unsigned char *buf;
-    size_t buf_size;
-    size_t len;
-    EncryptedData encdata;
-    krb5_error_code ret;
-    int32_t usec;
-    int usec2;
-    krb5_crypto crypto;
-    
-    krb5_us_timeofday (context, &p.patimestamp, &usec);
-    usec2         = usec;
-    p.pausec      = &usec2;
-
-    ASN1_MALLOC_ENCODE(PA_ENC_TS_ENC, buf, buf_size, &p, &len, ret);
-    if (ret)
-	return ret;
-    if(buf_size != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret) {
-	free(buf);
-	return ret;
-    }
-    ret = krb5_encrypt_EncryptedData(context, 
-				     crypto,
-				     KRB5_KU_PA_ENC_TIMESTAMP,
-				     buf,
-				     len,
-				     0,
-				     &encdata);
-    free(buf);
-    krb5_crypto_destroy(context, crypto);
-    if (ret)
-	return ret;
-		    
-    ASN1_MALLOC_ENCODE(EncryptedData, buf, buf_size, &encdata, &len, ret);
-    free_EncryptedData(&encdata);
-    if (ret)
-	return ret;
-    if(buf_size != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-    pa->padata_type = KRB5_PADATA_ENC_TIMESTAMP;
-    pa->padata_value.length = len;
-    pa->padata_value.data = buf;
-    return 0;
-}
-
-static krb5_error_code
-add_padata(krb5_context context,
-	   METHOD_DATA *md, 
-	   krb5_principal client,
-	   krb5_key_proc key_proc,
-	   krb5_const_pointer keyseed,
-	   krb5_enctype *enctypes,
-	   unsigned netypes,
-	   krb5_salt *salt)
-{
-    krb5_error_code ret;
-    PA_DATA *pa2;
-    krb5_salt salt2;
-    krb5_enctype *ep;
-    int i;
-    
-    if(salt == NULL) {
-	/* default to standard salt */
-	ret = krb5_get_pw_salt (context, client, &salt2);
-	salt = &salt2;
-    }
-    if (!enctypes) {
-	enctypes = context->etypes;
-	netypes = 0;
-	for (ep = enctypes; *ep != ETYPE_NULL; ep++)
-	    netypes++;
-    }
-    pa2 = realloc (md->val, (md->len + netypes) * sizeof(*md->val));
-    if (pa2 == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    md->val = pa2;
-
-    for (i = 0; i < netypes; ++i) {
-	krb5_keyblock *key;
-
-	ret = (*key_proc)(context, enctypes[i], *salt, keyseed, &key);
-	if (ret)
-	    continue;
-	ret = make_pa_enc_timestamp (context, &md->val[md->len],
-				     enctypes[i], key);
-	krb5_free_keyblock (context, key);
-	if (ret)
-	    return ret;
-	++md->len;
-    }
-    if(salt == &salt2)
-	krb5_free_salt(context, salt2);
-    return 0;
-}
-
-static krb5_error_code
-init_as_req (krb5_context context,
-	     KDCOptions opts,
-	     krb5_creds *creds,
-	     const krb5_addresses *addrs,
-	     const krb5_enctype *etypes,
-	     const krb5_preauthtype *ptypes,
-	     const krb5_preauthdata *preauth,
-	     krb5_key_proc key_proc,
-	     krb5_const_pointer keyseed,
-	     unsigned nonce,
-	     AS_REQ *a)
-{
-    krb5_error_code ret;
-    krb5_salt salt;
-
-    memset(a, 0, sizeof(*a));
-
-    a->pvno = 5;
-    a->msg_type = krb_as_req;
-    a->req_body.kdc_options = opts;
-    a->req_body.cname = malloc(sizeof(*a->req_body.cname));
-    if (a->req_body.cname == NULL) {
-	ret = ENOMEM;
-	krb5_set_error_string(context, "malloc: out of memory");
-	goto fail;
-    }
-    a->req_body.sname = malloc(sizeof(*a->req_body.sname));
-    if (a->req_body.sname == NULL) {
-	ret = ENOMEM;
-	krb5_set_error_string(context, "malloc: out of memory");
-	goto fail;
-    }
-    ret = _krb5_principal2principalname (a->req_body.cname, creds->client);
-    if (ret)
-	goto fail;
-    ret = _krb5_principal2principalname (a->req_body.sname, creds->server);
-    if (ret)
-	goto fail;
-    ret = copy_Realm(&creds->client->realm, &a->req_body.realm);
-    if (ret)
-	goto fail;
-
-    if(creds->times.starttime) {
-	a->req_body.from = malloc(sizeof(*a->req_body.from));
-	if (a->req_body.from == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    goto fail;
-	}
-	*a->req_body.from = creds->times.starttime;
-    }
-    if(creds->times.endtime){
-	ALLOC(a->req_body.till, 1);
-	*a->req_body.till = creds->times.endtime;
-    }
-    if(creds->times.renew_till){
-	a->req_body.rtime = malloc(sizeof(*a->req_body.rtime));
-	if (a->req_body.rtime == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    goto fail;
-	}
-	*a->req_body.rtime = creds->times.renew_till;
-    }
-    a->req_body.nonce = nonce;
-    ret = krb5_init_etype (context,
-			   &a->req_body.etype.len,
-			   &a->req_body.etype.val,
-			   etypes);
-    if (ret)
-	goto fail;
-
-    /*
-     * This means no addresses
-     */
-
-    if (addrs && addrs->len == 0) {
-	a->req_body.addresses = NULL;
-    } else {
-	a->req_body.addresses = malloc(sizeof(*a->req_body.addresses));
-	if (a->req_body.addresses == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    goto fail;
-	}
-
-	if (addrs)
-	    ret = krb5_copy_addresses(context, addrs, a->req_body.addresses);
-	else {
-	    ret = krb5_get_all_client_addrs (context, a->req_body.addresses);
-	    if(ret == 0 && a->req_body.addresses->len == 0) {
-		free(a->req_body.addresses);
-		a->req_body.addresses = NULL;
-	    }
-	}
-	if (ret)
-	    return ret;
-    }
-
-    a->req_body.enc_authorization_data = NULL;
-    a->req_body.additional_tickets = NULL;
-
-    if(preauth != NULL) {
-	int i;
-	ALLOC(a->padata, 1);
-	if(a->padata == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    goto fail;
-	}
-	a->padata->val = NULL;
-	a->padata->len = 0;
-	for(i = 0; i < preauth->len; i++) {
-	    if(preauth->val[i].type == KRB5_PADATA_ENC_TIMESTAMP){
-		int j;
-
-		for(j = 0; j < preauth->val[i].info.len; j++) {
-		    krb5_salt *sp = &salt;
-		    if(preauth->val[i].info.val[j].salttype)
-			salt.salttype = *preauth->val[i].info.val[j].salttype;
-		    else
-			salt.salttype = KRB5_PW_SALT;
-		    if(preauth->val[i].info.val[j].salt)
-			salt.saltvalue = *preauth->val[i].info.val[j].salt;
-		    else
-			if(salt.salttype == KRB5_PW_SALT)
-			    sp = NULL;
-			else
-			    krb5_data_zero(&salt.saltvalue);
-		    ret = add_padata(context, a->padata, creds->client, 
-				     key_proc, keyseed, 
-				     &preauth->val[i].info.val[j].etype, 1,
-				     sp);
-		    if (ret == 0)
-			break;
-		}
-	    }
-	}
-    } else 
-    /* not sure this is the way to use `ptypes' */
-    if (ptypes == NULL || *ptypes == KRB5_PADATA_NONE)
-	a->padata = NULL;
-    else if (*ptypes ==  KRB5_PADATA_ENC_TIMESTAMP) {
-	ALLOC(a->padata, 1);
-	if (a->padata == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    goto fail;
-	}
-	a->padata->len = 0;
-	a->padata->val = NULL;
-
-	/* make a v5 salted pa-data */
-	add_padata(context, a->padata, creds->client, 
-		   key_proc, keyseed, a->req_body.etype.val,
-		   a->req_body.etype.len, NULL);
-	
-	/* make a v4 salted pa-data */
-	salt.salttype = KRB5_PW_SALT;
-	krb5_data_zero(&salt.saltvalue);
-	add_padata(context, a->padata, creds->client, 
-		   key_proc, keyseed, a->req_body.etype.val,
-		   a->req_body.etype.len, &salt);
-    } else {
-	krb5_set_error_string (context, "pre-auth type %d not supported",
-			       *ptypes);
-	ret = KRB5_PREAUTH_BAD_TYPE;
-	goto fail;
-    }
-    return 0;
-fail:
-    free_AS_REQ(a);
-    return ret;
-}
-
-static int
-set_ptypes(krb5_context context,
-	   KRB_ERROR *error, 
-	   const krb5_preauthtype **ptypes,
-	   krb5_preauthdata **preauth)
-{
-    static krb5_preauthdata preauth2;
-    static krb5_preauthtype ptypes2[] = { KRB5_PADATA_ENC_TIMESTAMP, KRB5_PADATA_NONE };
-
-    if(error->e_data) {
-	METHOD_DATA md;
-	int i;
-	decode_METHOD_DATA(error->e_data->data, 
-			   error->e_data->length, 
-			   &md, 
-			   NULL);
-	for(i = 0; i < md.len; i++){
-	    switch(md.val[i].padata_type){
-	    case KRB5_PADATA_ENC_TIMESTAMP:
-		*ptypes = ptypes2;
-		break;
-	    case KRB5_PADATA_ETYPE_INFO:
-		*preauth = &preauth2;
-		ALLOC_SEQ(*preauth, 1);
-		(*preauth)->val[0].type = KRB5_PADATA_ENC_TIMESTAMP;
-		krb5_decode_ETYPE_INFO(context,
-				       md.val[i].padata_value.data, 
-				       md.val[i].padata_value.length,
-				       &(*preauth)->val[0].info,
-				       NULL);
-		break;
-	    default:
-		break;
-	    }
-	}
-	free_METHOD_DATA(&md);
-    } else {
-	*ptypes = ptypes2;
-    }
-    return(1);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_in_cred(krb5_context context,
-		 krb5_flags options,
-		 const krb5_addresses *addrs,
-		 const krb5_enctype *etypes,
-		 const krb5_preauthtype *ptypes,
-		 const krb5_preauthdata *preauth,
-		 krb5_key_proc key_proc,
-		 krb5_const_pointer keyseed,
-		 krb5_decrypt_proc decrypt_proc,
-		 krb5_const_pointer decryptarg,
-		 krb5_creds *creds,
-		 krb5_kdc_rep *ret_as_reply)
-{
-    krb5_error_code ret;
-    AS_REQ a;
-    krb5_kdc_rep rep;
-    krb5_data req, resp;
-    size_t len;
-    krb5_salt salt;
-    krb5_keyblock *key;
-    size_t size;
-    KDCOptions opts;
-    PA_DATA *pa;
-    krb5_enctype etype;
-    krb5_preauthdata *my_preauth = NULL;
-    unsigned nonce;
-    int done;
-
-    opts = int2KDCOptions(options);
-
-    krb5_generate_random_block (&nonce, sizeof(nonce));
-    nonce &= 0xffffffff;
-
-    do {
-	done = 1;
-	ret = init_as_req (context,
-			   opts,
-			   creds,
-			   addrs,
-			   etypes,
-			   ptypes,
-			   preauth,
-			   key_proc,
-			   keyseed,
-			   nonce,
-			   &a);
-	if (my_preauth) {
-	    free_ETYPE_INFO(&my_preauth->val[0].info);
-	    free (my_preauth->val);
-	    my_preauth = NULL;
-	}
-	if (ret)
-	    return ret;
-
-	ASN1_MALLOC_ENCODE(AS_REQ, req.data, req.length, &a, &len, ret);
-	free_AS_REQ(&a);
-	if (ret)
-	    return ret;
-	if(len != req.length)
-	    krb5_abortx(context, "internal error in ASN.1 encoder");
-
-	ret = krb5_sendto_kdc (context, &req, &creds->client->realm, &resp);
-	krb5_data_free(&req);
-	if (ret)
-	    return ret;
-
-	memset (&rep, 0, sizeof(rep));
-	ret = decode_AS_REP(resp.data, resp.length, &rep.kdc_rep, &size);
-	if(ret) {
-	    /* let's try to parse it as a KRB-ERROR */
-	    KRB_ERROR error;
-	    int ret2;
-
-	    ret2 = krb5_rd_error(context, &resp, &error);
-	    if(ret2 && resp.data && ((char*)resp.data)[0] == 4)
-		ret = KRB5KRB_AP_ERR_V4_REPLY;
-	    krb5_data_free(&resp);
-	    if (ret2 == 0) {
-		ret = krb5_error_from_rd_error(context, &error, creds);
-		/* if no preauth was set and KDC requires it, give it
-                   one more try */
-		if (!ptypes && !preauth
-		    && ret == KRB5KDC_ERR_PREAUTH_REQUIRED
-#if 0
-			|| ret == KRB5KDC_ERR_BADOPTION
-#endif
-		    && set_ptypes(context, &error, &ptypes, &my_preauth)) {
-		    done = 0;
-		    preauth = my_preauth;
-		    krb5_free_error_contents(context, &error);
-		    krb5_clear_error_string(context);
-		    continue;
-		}
-		if(ret_as_reply)
-		    ret_as_reply->error = error;
-		else
-		    free_KRB_ERROR (&error);
-		return ret;
-	    }
-	    return ret;
-	}
-	krb5_data_free(&resp);
-    } while(!done);
-    
-    pa = NULL;
-    etype = rep.kdc_rep.enc_part.etype;
-    if(rep.kdc_rep.padata){
-	int i = 0;
-	pa = krb5_find_padata(rep.kdc_rep.padata->val, rep.kdc_rep.padata->len, 
-			      KRB5_PADATA_PW_SALT, &i);
-	if(pa == NULL) {
-	    i = 0;
-	    pa = krb5_find_padata(rep.kdc_rep.padata->val, 
-				  rep.kdc_rep.padata->len, 
-				  KRB5_PADATA_AFS3_SALT, &i);
-	}
-    }
-    if(pa) {
-	salt.salttype = pa->padata_type;
-	salt.saltvalue = pa->padata_value;
-	
-	ret = (*key_proc)(context, etype, salt, keyseed, &key);
-    } else {
-	/* make a v5 salted pa-data */
-	ret = krb5_get_pw_salt (context, creds->client, &salt);
-	
-	if (ret)
-	    goto out;
-	ret = (*key_proc)(context, etype, salt, keyseed, &key);
-	krb5_free_salt(context, salt);
-    }
-    if (ret)
-	goto out;
-	
-    {
-	unsigned flags = 0;
-	if (opts.request_anonymous)
-	    flags |= EXTRACT_TICKET_ALLOW_SERVER_MISMATCH;
-
-	ret = _krb5_extract_ticket(context, 
-				   &rep, 
-				   creds, 
-				   key, 
-				   keyseed, 
-				   KRB5_KU_AS_REP_ENC_PART,
-				   NULL, 
-				   nonce, 
-				   flags,
-				   decrypt_proc, 
-				   decryptarg);
-    }
-    memset (key->keyvalue.data, 0, key->keyvalue.length);
-    krb5_free_keyblock_contents (context, key);
-    free (key);
-
-out:
-    if (ret == 0 && ret_as_reply)
-	*ret_as_reply = rep;
-    else
-	krb5_free_kdc_rep (context, &rep);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_in_tkt(krb5_context context,
-		krb5_flags options,
-		const krb5_addresses *addrs,
-		const krb5_enctype *etypes,
-		const krb5_preauthtype *ptypes,
-		krb5_key_proc key_proc,
-		krb5_const_pointer keyseed,
-		krb5_decrypt_proc decrypt_proc,
-		krb5_const_pointer decryptarg,
-		krb5_creds *creds,
-		krb5_ccache ccache,
-		krb5_kdc_rep *ret_as_reply)
-{
-    krb5_error_code ret;
-    
-    ret = krb5_get_in_cred (context,
-			    options,
-			    addrs,
-			    etypes,
-			    ptypes,
-			    NULL,
-			    key_proc,
-			    keyseed,
-			    decrypt_proc,
-			    decryptarg,
-			    creds,
-			    ret_as_reply);
-    if(ret) 
-	return ret;
-    if (ccache)
-	ret = krb5_cc_store_cred (context, ccache, creds);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/get_in_tkt_pw.c b/crypto/heimdal/lib/krb5/get_in_tkt_pw.c
deleted file mode 100644
index 21b27c61b47e..000000000000
--- a/crypto/heimdal/lib/krb5/get_in_tkt_pw.c
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: get_in_tkt_pw.c 13863 2004-05-25 21:46:46Z lha $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_password_key_proc (krb5_context context,
-			krb5_enctype type,
-			krb5_salt salt,
-			krb5_const_pointer keyseed,
-			krb5_keyblock **key)
-{
-    krb5_error_code ret;
-    const char *password = (const char *)keyseed;
-    char buf[BUFSIZ];
-     
-    *key = malloc (sizeof (**key));
-    if (*key == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    if (password == NULL) {
-	if(UI_UTIL_read_pw_string (buf, sizeof(buf), "Password: ", 0)) {
-	    free (*key);
-	    krb5_clear_error_string(context);
-	    return KRB5_LIBOS_PWDINTR;
-	}
-	password = buf;
-    }
-    ret = krb5_string_to_key_salt (context, type, password, salt, *key);
-    memset (buf, 0, sizeof(buf));
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_in_tkt_with_password (krb5_context context,
-			       krb5_flags options,
-			       krb5_addresses *addrs,
-			       const krb5_enctype *etypes,
-			       const krb5_preauthtype *pre_auth_types,
-			       const char *password,
-			       krb5_ccache ccache,
-			       krb5_creds *creds,
-			       krb5_kdc_rep *ret_as_reply)
-{
-     return krb5_get_in_tkt (context,
-			     options,
-			     addrs,
-			     etypes,
-			     pre_auth_types,
-			     krb5_password_key_proc,
-			     password,
-			     NULL,
-			     NULL,
-			     creds,
-			     ccache,
-			     ret_as_reply);
-}
diff --git a/crypto/heimdal/lib/krb5/get_in_tkt_with_keytab.c b/crypto/heimdal/lib/krb5/get_in_tkt_with_keytab.c
deleted file mode 100644
index 52f95c4bc45e..000000000000
--- a/crypto/heimdal/lib/krb5/get_in_tkt_with_keytab.c
+++ /dev/null
@@ -1,99 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: get_in_tkt_with_keytab.c 15477 2005-06-17 04:56:44Z lha $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_keytab_key_proc (krb5_context context,
-		      krb5_enctype enctype,
-		      krb5_salt salt,
-		      krb5_const_pointer keyseed,
-		      krb5_keyblock **key)
-{
-    krb5_keytab_key_proc_args *args  = rk_UNCONST(keyseed);
-    krb5_keytab keytab = args->keytab;
-    krb5_principal principal  = args->principal;
-    krb5_error_code ret;
-    krb5_keytab real_keytab;
-    krb5_keytab_entry entry;
-
-    if(keytab == NULL)
-	krb5_kt_default(context, &real_keytab);
-    else
-	real_keytab = keytab;
-
-    ret = krb5_kt_get_entry (context, real_keytab, principal,
-			     0, enctype, &entry);
-
-    if (keytab == NULL)
-	krb5_kt_close (context, real_keytab);
-
-    if (ret)
-	return ret;
-
-    ret = krb5_copy_keyblock (context, &entry.keyblock, key);
-    krb5_kt_free_entry(context, &entry);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_in_tkt_with_keytab (krb5_context context,
-			     krb5_flags options,
-			     krb5_addresses *addrs,
-			     const krb5_enctype *etypes,
-			     const krb5_preauthtype *pre_auth_types,
-			     krb5_keytab keytab,
-			     krb5_ccache ccache,
-			     krb5_creds *creds,
-			     krb5_kdc_rep *ret_as_reply)
-{
-    krb5_keytab_key_proc_args a;
-
-    a.principal = creds->client;
-    a.keytab    = keytab;
-
-    return krb5_get_in_tkt (context,
-			    options,
-			    addrs,
-			    etypes,
-			    pre_auth_types,
-			    krb5_keytab_key_proc,
-			    &a,
-			    NULL,
-			    NULL,
-			    creds,
-			    ccache,
-			    ret_as_reply);
-}
diff --git a/crypto/heimdal/lib/krb5/get_in_tkt_with_skey.c b/crypto/heimdal/lib/krb5/get_in_tkt_with_skey.c
deleted file mode 100644
index 1936fa166458..000000000000
--- a/crypto/heimdal/lib/krb5/get_in_tkt_with_skey.c
+++ /dev/null
@@ -1,82 +0,0 @@
-/*
- * Copyright (c) 1997, 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: get_in_tkt_with_skey.c 13863 2004-05-25 21:46:46Z lha $");
-
-static krb5_error_code
-krb5_skey_key_proc (krb5_context context,
-		    krb5_enctype type,
-		    krb5_salt salt,
-		    krb5_const_pointer keyseed,
-		    krb5_keyblock **key)
-{
-    return krb5_copy_keyblock (context, keyseed, key);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_in_tkt_with_skey (krb5_context context,
-			   krb5_flags options,
-			   krb5_addresses *addrs,
-			   const krb5_enctype *etypes,
-			   const krb5_preauthtype *pre_auth_types,
-			   const krb5_keyblock *key,
-			   krb5_ccache ccache,
-			   krb5_creds *creds,
-			   krb5_kdc_rep *ret_as_reply)
-{
-    if(key == NULL)
-	return krb5_get_in_tkt_with_keytab (context,
-					    options,
-					    addrs,
-					    etypes,
-					    pre_auth_types,
-					    NULL,
-					    ccache,
-					    creds,
-					    ret_as_reply);
-    else
-	return krb5_get_in_tkt (context,
-				options,
-				addrs,
-				etypes,
-				pre_auth_types,
-				krb5_skey_key_proc,
-				key,
-				NULL,
-				NULL,
-				creds,
-				ccache,
-				ret_as_reply);
-}
diff --git a/crypto/heimdal/lib/krb5/get_port.c b/crypto/heimdal/lib/krb5/get_port.c
deleted file mode 100644
index 85587ea76620..000000000000
--- a/crypto/heimdal/lib/krb5/get_port.c
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Copyright (c) 1997-2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: get_port.c 13863 2004-05-25 21:46:46Z lha $");
-
-int KRB5_LIB_FUNCTION
-krb5_getportbyname (krb5_context context,
-		    const char *service,
-		    const char *proto,
-		    int default_port)
-{
-    struct servent *sp;
-
-    if ((sp = roken_getservbyname (service, proto)) == NULL) {
-#if 0
-	krb5_warnx(context, "%s/%s unknown service, using default port %d", 
-		   service, proto, default_port);
-#endif
-	return htons(default_port);
-    } else
-	return sp->s_port;
-}
diff --git a/crypto/heimdal/lib/krb5/heim_err.et b/crypto/heimdal/lib/krb5/heim_err.et
deleted file mode 100644
index 1b8ab49bc11e..000000000000
--- a/crypto/heimdal/lib/krb5/heim_err.et
+++ /dev/null
@@ -1,44 +0,0 @@
-#
-# Error messages for the krb5 library
-#
-# This might look like a com_err file, but is not
-#
-id "$Id: heim_err.et 13352 2004-02-13 16:23:40Z lha $"
-
-error_table heim
-
-prefix HEIM_ERR
-
-error_code LOG_PARSE,		"Error parsing log destination"
-error_code V4_PRINC_NO_CONV,	"Failed to convert v4 principal"
-error_code SALTTYPE_NOSUPP,	"Salt type is not supported by enctype"
-error_code NOHOST,		"Host not found"
-error_code OPNOTSUPP,		"Operation not supported"
-error_code EOF,			"End of file"
-error_code BAD_MKEY,		"Failed to get the master key"
-error_code SERVICE_NOMATCH,	"Unacceptable service used"
-
-index 64
-prefix HEIM_PKINIT
-error_code NO_CERTIFICATE,	"Certificate missing"
-error_code NO_PRIVATE_KEY,	"Private key missing"
-error_code NO_VALID_CA,		"No valid certificate authority"
-error_code CERTIFICATE_INVALID,	"Certificate invalid"
-error_code PRIVATE_KEY_INVALID,	"Private key invalid"
-
-index 128
-prefix HEIM_EAI
-#error_code NOERROR,		"no error"
-error_code UNKNOWN,		"unknown error from getaddrinfo"
-error_code ADDRFAMILY,		"address family for nodename not supported"
-error_code AGAIN,		"temporary failure in name resolution"
-error_code BADFLAGS,		"invalid value for ai_flags"
-error_code FAIL,		"non-recoverable failure in name resolution"
-error_code FAMILY,		"ai_family not supported"
-error_code MEMORY,		"memory allocation failure"
-error_code NODATA,		"no address associated with nodename"
-error_code NONAME,		"nodename nor servname provided, or not known"
-error_code SERVICE,		"servname not supported for ai_socktype"
-error_code SOCKTYPE,		"ai_socktype not supported"
-error_code SYSTEM,		"system error returned in errno"
-end
diff --git a/crypto/heimdal/lib/krb5/heim_threads.h b/crypto/heimdal/lib/krb5/heim_threads.h
deleted file mode 100644
index 3c27d13d81b9..000000000000
--- a/crypto/heimdal/lib/krb5/heim_threads.h
+++ /dev/null
@@ -1,175 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: heim_threads.h 14409 2004-12-18 16:03:38Z lha $ */
-
-/*
- * Provide wrapper macros for thread synchronization primitives so we
- * can use native thread functions for those operating system that
- * supports it.
- *
- * This is so libkrb5.so (or more importantly, libgssapi.so) can have
- * thread support while the program that that dlopen(3)s the library
- * don't need to be linked to libpthread.
- */
-
-#ifndef HEIM_THREADS_H
-#define HEIM_THREADS_H 1
-
-/* assume headers already included */
-
-#if defined(__NetBSD__) && __NetBSD_Version__ >= 106120000 && __NetBSD_Version__< 299001200 && defined(ENABLE_PTHREAD_SUPPORT)
-
-/* 
- * NetBSD have a thread lib that we can use that part of libc that
- * works regardless if application are linked to pthreads or not.
- * NetBSD newer then 2.99.11 just use pthread.h, and the same thing
- * will happen.
- */
-#include <threadlib.h>
-
-#define HEIMDAL_MUTEX mutex_t
-#define HEIMDAL_MUTEX_INITIALIZER MUTEX_INITIALIZER
-#define HEIMDAL_MUTEX_init(m) mutex_init(m, NULL)
-#define HEIMDAL_MUTEX_lock(m) mutex_lock(m)
-#define HEIMDAL_MUTEX_unlock(m) mutex_unlock(m)
-#define HEIMDAL_MUTEX_destroy(m) mutex_destroy(m)
-
-#define HEIMDAL_RWLOCK rwlock_t
-#define HEIMDAL_RWLOCK_INITIALIZER RWLOCK_INITIALIZER
-#define	HEIMDAL_RWLOCK_init(l) rwlock_init(l, NULL)	
-#define	HEIMDAL_RWLOCK_rdlock(l) rwlock_rdlock(l)	
-#define	HEIMDAL_RWLOCK_wrlock(l) rwlock_wrlock(l)	
-#define	HEIMDAL_RWLOCK_tryrdlock(l) rwlock_tryrdlock(l)	
-#define	HEIMDAL_RWLOCK_trywrlock(l) rwlock_trywrlock(l)	
-#define	HEIMDAL_RWLOCK_unlock(l) rwlock_unlock(l)	
-#define	HEIMDAL_RWLOCK_destroy(l) rwlock_destroy(l)	
-
-#define HEIMDAL_thread_key thread_key_t
-#define HEIMDAL_key_create(k,d,r) do { r = thr_keycreate(k,d); } while(0)
-#define HEIMDAL_setspecific(k,s,r) do { r = thr_setspecific(k,s); } while(0)
-#define HEIMDAL_getspecific(k) thr_getspecific(k)
-#define HEIMDAL_key_delete(k) thr_keydelete(k)
-
-#elif defined(ENABLE_PTHREAD_SUPPORT) && (!defined(__NetBSD__) || __NetBSD_Version__ >= 299001200)
-
-#include <pthread.h>
-
-#define HEIMDAL_MUTEX pthread_mutex_t
-#define HEIMDAL_MUTEX_INITIALIZER PTHREAD_MUTEX_INITIALIZER
-#define HEIMDAL_MUTEX_init(m) pthread_mutex_init(m, NULL)
-#define HEIMDAL_MUTEX_lock(m) pthread_mutex_lock(m)
-#define HEIMDAL_MUTEX_unlock(m) pthread_mutex_unlock(m)
-#define HEIMDAL_MUTEX_destroy(m) pthread_mutex_destroy(m)
-
-#define HEIMDAL_RWLOCK rwlock_t
-#define HEIMDAL_RWLOCK_INITIALIZER RWLOCK_INITIALIZER
-#define	HEIMDAL_RWLOCK_init(l) pthread_rwlock_init(l, NULL)	
-#define	HEIMDAL_RWLOCK_rdlock(l) pthread_rwlock_rdlock(l)	
-#define	HEIMDAL_RWLOCK_wrlock(l) pthread_rwlock_wrlock(l)	
-#define	HEIMDAL_RWLOCK_tryrdlock(l) pthread_rwlock_tryrdlock(l)	
-#define	HEIMDAL_RWLOCK_trywrlock(l) pthread_rwlock_trywrlock(l)	
-#define	HEIMDAL_RWLOCK_unlock(l) pthread_rwlock_unlock(l)	
-#define	HEIMDAL_RWLOCK_destroy(l) pthread_rwlock_destroy(l)	
-
-#define HEIMDAL_thread_key pthread_key_t
-#define HEIMDAL_key_create(k,d,r) do { r = pthread_key_create(k,d); } while(0)
-#define HEIMDAL_setspecific(k,s,r) do { r = pthread_setspecific(k,s); } while(0)
-#define HEIMDAL_getspecific(k) pthread_getspecific(k)
-#define HEIMDAL_key_delete(k) pthread_key_delete(k)
-
-#elif defined(HEIMDAL_DEBUG_THREADS)
-
-/* no threads support, just do consistency checks */
-#include <stdlib.h>
-
-#define HEIMDAL_MUTEX int
-#define HEIMDAL_MUTEX_INITIALIZER 0
-#define HEIMDAL_MUTEX_init(m)  do { (*(m)) = 0; } while(0)
-#define HEIMDAL_MUTEX_lock(m)  do { if ((*(m))++ != 0) abort(); } while(0)
-#define HEIMDAL_MUTEX_unlock(m) do { if ((*(m))-- != 1) abort(); } while(0)
-#define HEIMDAL_MUTEX_destroy(m) do {if ((*(m)) != 0) abort(); } while(0)
-
-#define HEIMDAL_RWLOCK rwlock_t int
-#define HEIMDAL_RWLOCK_INITIALIZER 0
-#define	HEIMDAL_RWLOCK_init(l) do { } while(0)
-#define	HEIMDAL_RWLOCK_rdlock(l) do { } while(0)
-#define	HEIMDAL_RWLOCK_wrlock(l) do { } while(0)
-#define	HEIMDAL_RWLOCK_tryrdlock(l) do { } while(0)
-#define	HEIMDAL_RWLOCK_trywrlock(l) do { } while(0)
-#define	HEIMDAL_RWLOCK_unlock(l) do { } while(0)
-#define	HEIMDAL_RWLOCK_destroy(l) do { } while(0)
-
-#define HEIMDAL_internal_thread_key 1
-
-#else /* no thread support, no debug case */
-
-#define HEIMDAL_MUTEX int
-#define HEIMDAL_MUTEX_INITIALIZER 0
-#define HEIMDAL_MUTEX_init(m)  do { (void)(m); } while(0)
-#define HEIMDAL_MUTEX_lock(m)  do { (void)(m); } while(0)
-#define HEIMDAL_MUTEX_unlock(m) do { (void)(m); } while(0)
-#define HEIMDAL_MUTEX_destroy(m) do { (void)(m); } while(0)
-
-#define HEIMDAL_RWLOCK rwlock_t int
-#define HEIMDAL_RWLOCK_INITIALIZER 0
-#define	HEIMDAL_RWLOCK_init(l) do { } while(0)
-#define	HEIMDAL_RWLOCK_rdlock(l) do { } while(0)
-#define	HEIMDAL_RWLOCK_wrlock(l) do { } while(0)
-#define	HEIMDAL_RWLOCK_tryrdlock(l) do { } while(0)
-#define	HEIMDAL_RWLOCK_trywrlock(l) do { } while(0)
-#define	HEIMDAL_RWLOCK_unlock(l) do { } while(0)
-#define	HEIMDAL_RWLOCK_destroy(l) do { } while(0)
-
-#define HEIMDAL_internal_thread_key 1
-
-#endif /* no thread support */
-
-#ifdef HEIMDAL_internal_thread_key
-
-typedef struct heim_thread_key {
-    void *value;
-    void (*destructor)(void *);
-} heim_thread_key;
-
-#define HEIMDAL_thread_key heim_thread_key
-#define HEIMDAL_key_create(k,d,r) \
-	do { (k)->value = NULL; (k)->destructor = (d); r = 0; } while(0)
-#define HEIMDAL_setspecific(k,s,r) do { (k).value = s ; r = 0; } while(0)
-#define HEIMDAL_getspecific(k) ((k).value)
-#define HEIMDAL_key_delete(k) do { (*(k).destructor)((k).value); } while(0)
-
-#undef HEIMDAL_internal_thread_key
-#endif /* HEIMDAL_internal_thread_key */
-
-#endif /* HEIM_THREADS_H */
diff --git a/crypto/heimdal/lib/krb5/init_creds.c b/crypto/heimdal/lib/krb5/init_creds.c
deleted file mode 100644
index a59c903bd9e1..000000000000
--- a/crypto/heimdal/lib/krb5/init_creds.c
+++ /dev/null
@@ -1,442 +0,0 @@
-/*
- * Copyright (c) 1997 - 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: init_creds.c 21711 2007-07-27 14:22:02Z lha $");
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt)
-{
-    memset (opt, 0, sizeof(*opt));
-    opt->flags = 0;
-    opt->opt_private = NULL;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_alloc(krb5_context context, 
-			      krb5_get_init_creds_opt **opt)
-{
-    krb5_get_init_creds_opt *o;
-    
-    *opt = NULL;
-    o = calloc(1, sizeof(*o));
-    if (o == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    krb5_get_init_creds_opt_init(o);
-    o->opt_private = calloc(1, sizeof(*o->opt_private));
-    if (o->opt_private == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	free(o);
-	return ENOMEM;
-    }
-    o->opt_private->refcount = 1;
-    *opt = o;
-    return 0;
-}
-
-krb5_error_code
-_krb5_get_init_creds_opt_copy(krb5_context context, 
-			      const krb5_get_init_creds_opt *in,
-			      krb5_get_init_creds_opt **out)
-{
-    krb5_get_init_creds_opt *opt;
-
-    *out = NULL;
-    opt = calloc(1, sizeof(*opt));
-    if (opt == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    if (in)
-	*opt = *in;
-    if(opt->opt_private == NULL) {
-	opt->opt_private = calloc(1, sizeof(*opt->opt_private));
-	if (opt->opt_private == NULL) {
-	    krb5_set_error_string(context, "out of memory");
-	    free(opt);
-	    return ENOMEM;
-	}
-	opt->opt_private->refcount = 1;
-    } else
-	opt->opt_private->refcount++;
-    *out = opt;
-    return 0;
-}
-
-void KRB5_LIB_FUNCTION
-_krb5_get_init_creds_opt_free_krb5_error(krb5_get_init_creds_opt *opt)
-{
-    if (opt->opt_private == NULL || opt->opt_private->error == NULL)
-	return;
-    free_KRB_ERROR(opt->opt_private->error);
-    free(opt->opt_private->error);
-    opt->opt_private->error = NULL;
-}
-
-void KRB5_LIB_FUNCTION
-_krb5_get_init_creds_opt_set_krb5_error(krb5_context context,
-					krb5_get_init_creds_opt *opt, 
-					const KRB_ERROR *error)
-{
-    krb5_error_code ret;
-
-    if (opt->opt_private == NULL)
-	return;
-
-    _krb5_get_init_creds_opt_free_krb5_error(opt);
-
-    opt->opt_private->error = malloc(sizeof(*opt->opt_private->error));
-    if (opt->opt_private->error == NULL)
-	return;
-    ret = copy_KRB_ERROR(error, opt->opt_private->error);
-    if (ret) {
-	free(opt->opt_private->error);
-	opt->opt_private->error = NULL;
-    }	
-}
-
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_free(krb5_context context,
-			     krb5_get_init_creds_opt *opt)
-{
-    if (opt == NULL || opt->opt_private == NULL)
-	return;
-    if (opt->opt_private->refcount < 1) /* abort ? */
-	return;
-    if (--opt->opt_private->refcount == 0) {
-	_krb5_get_init_creds_opt_free_krb5_error(opt);
-	_krb5_get_init_creds_opt_free_pkinit(opt);
-	free(opt->opt_private);
-    }
-    memset(opt, 0, sizeof(*opt));
-    free(opt);
-}
-
-static int
-get_config_time (krb5_context context,
-		 const char *realm,
-		 const char *name,
-		 int def)
-{
-    int ret;
-
-    ret = krb5_config_get_time (context, NULL,
-				"realms",
-				realm,
-				name,
-				NULL);
-    if (ret >= 0)
-	return ret;
-    ret = krb5_config_get_time (context, NULL,
-				"libdefaults",
-				name,
-				NULL);
-    if (ret >= 0)
-	return ret;
-    return def;
-}
-
-static krb5_boolean
-get_config_bool (krb5_context context,
-		 const char *realm,
-		 const char *name)
-{
-    return krb5_config_get_bool (context,
-				 NULL,
-				 "realms",
-				 realm,
-				 name,
-				 NULL)
-	|| krb5_config_get_bool (context,
-				 NULL,
-				 "libdefaults",
-				 name,
-				 NULL);
-}
-
-/*
- * set all the values in `opt' to the appropriate values for
- * application `appname' (default to getprogname() if NULL), and realm
- * `realm'.  First looks in [appdefaults] but falls back to
- * [realms] or [libdefaults] for some of the values.
- */
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_default_flags(krb5_context context,
-					  const char *appname,
-					  krb5_const_realm realm,
-					  krb5_get_init_creds_opt *opt)
-{
-    krb5_boolean b;
-    time_t t;
-
-    b = get_config_bool (context, realm, "forwardable");
-    krb5_appdefault_boolean(context, appname, realm, "forwardable", b, &b);
-    krb5_get_init_creds_opt_set_forwardable(opt, b);
-
-    b = get_config_bool (context, realm, "proxiable");
-    krb5_appdefault_boolean(context, appname, realm, "proxiable", b, &b);
-    krb5_get_init_creds_opt_set_proxiable (opt, b);
-
-    krb5_appdefault_time(context, appname, realm, "ticket_lifetime", 0, &t);
-    if (t == 0)
-	t = get_config_time (context, realm, "ticket_lifetime", 0);
-    if(t != 0)
-	krb5_get_init_creds_opt_set_tkt_life(opt, t);
-
-    krb5_appdefault_time(context, appname, realm, "renew_lifetime", 0, &t);
-    if (t == 0)
-	t = get_config_time (context, realm, "renew_lifetime", 0);
-    if(t != 0)
-	krb5_get_init_creds_opt_set_renew_life(opt, t);
-
-    krb5_appdefault_boolean(context, appname, realm, "no-addresses", 
-			    KRB5_ADDRESSLESS_DEFAULT, &b);
-    krb5_get_init_creds_opt_set_addressless (context, opt, b);
-
-#if 0
-    krb5_appdefault_boolean(context, appname, realm, "anonymous", FALSE, &b);
-    krb5_get_init_creds_opt_set_anonymous (opt, b);
-
-    krb5_get_init_creds_opt_set_etype_list(opt, enctype,
-					   etype_str.num_strings);
-
-    krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt,
-				     krb5_data *salt);
-
-    krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt,
-					     krb5_preauthtype *preauth_list,
-					     int preauth_list_length);
-#endif
-}
-
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_tkt_life(krb5_get_init_creds_opt *opt,
-				     krb5_deltat tkt_life)
-{
-    opt->flags |= KRB5_GET_INIT_CREDS_OPT_TKT_LIFE;
-    opt->tkt_life = tkt_life;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_renew_life(krb5_get_init_creds_opt *opt,
-				       krb5_deltat renew_life)
-{
-    opt->flags |= KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE;
-    opt->renew_life = renew_life;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_forwardable(krb5_get_init_creds_opt *opt,
-					int forwardable)
-{
-    opt->flags |= KRB5_GET_INIT_CREDS_OPT_FORWARDABLE;
-    opt->forwardable = forwardable;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_proxiable(krb5_get_init_creds_opt *opt,
-				      int proxiable)
-{
-    opt->flags |= KRB5_GET_INIT_CREDS_OPT_PROXIABLE;
-    opt->proxiable = proxiable;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_etype_list(krb5_get_init_creds_opt *opt,
-				       krb5_enctype *etype_list,
-				       int etype_list_length)
-{
-    opt->flags |= KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST;
-    opt->etype_list = etype_list;
-    opt->etype_list_length = etype_list_length;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_address_list(krb5_get_init_creds_opt *opt,
-					 krb5_addresses *addresses)
-{
-    opt->flags |= KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST;
-    opt->address_list = addresses;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt,
-					 krb5_preauthtype *preauth_list,
-					 int preauth_list_length)
-{
-    opt->flags |= KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST;
-    opt->preauth_list_length = preauth_list_length;
-    opt->preauth_list = preauth_list;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt,
-				 krb5_data *salt)
-{
-    opt->flags |= KRB5_GET_INIT_CREDS_OPT_SALT;
-    opt->salt = salt;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_anonymous(krb5_get_init_creds_opt *opt,
-				      int anonymous)
-{
-    opt->flags |= KRB5_GET_INIT_CREDS_OPT_ANONYMOUS;
-    opt->anonymous = anonymous;
-}
-
-static krb5_error_code
-require_ext_opt(krb5_context context,
-		krb5_get_init_creds_opt *opt,
-		const char *type)
-{
-    if (opt->opt_private == NULL) {
-	krb5_set_error_string(context, "%s on non extendable opt", type);
-	return EINVAL;
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_pa_password(krb5_context context,
-					krb5_get_init_creds_opt *opt,
-					const char *password,
-					krb5_s2k_proc key_proc)
-{
-    krb5_error_code ret;
-    ret = require_ext_opt(context, opt, "init_creds_opt_set_pa_password");
-    if (ret)
-	return ret;
-    opt->opt_private->password = password;
-    opt->opt_private->key_proc = key_proc;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_pac_request(krb5_context context,
-					krb5_get_init_creds_opt *opt,
-					krb5_boolean req_pac)
-{
-    krb5_error_code ret;
-    ret = require_ext_opt(context, opt, "init_creds_opt_set_pac_req");
-    if (ret)
-	return ret;
-    opt->opt_private->req_pac = req_pac ?
-	KRB5_INIT_CREDS_TRISTATE_TRUE :
-	KRB5_INIT_CREDS_TRISTATE_FALSE;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_get_error(krb5_context context,
-				  krb5_get_init_creds_opt *opt,
-				  KRB_ERROR **error)
-{
-    krb5_error_code ret;
-
-    *error = NULL;
-
-    ret = require_ext_opt(context, opt, "init_creds_opt_get_error");
-    if (ret)
-	return ret;
-
-    if (opt->opt_private->error == NULL)
-	return 0;
-
-    *error = malloc(sizeof(**error));
-    if (*error == NULL) {
-	krb5_set_error_string(context, "malloc - out memory");
-	return ENOMEM;
-    }
-
-    ret = copy_KRB_ERROR(opt->opt_private->error, *error);
-    if (ret)
-	krb5_clear_error_string(context);
-
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_addressless(krb5_context context,
-					krb5_get_init_creds_opt *opt,
-					krb5_boolean addressless)
-{
-    krb5_error_code ret;
-    ret = require_ext_opt(context, opt, "init_creds_opt_set_pac_req");
-    if (ret)
-	return ret;
-    if (addressless)
-	opt->opt_private->addressless = KRB5_INIT_CREDS_TRISTATE_TRUE;
-    else
-	opt->opt_private->addressless = KRB5_INIT_CREDS_TRISTATE_FALSE;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_canonicalize(krb5_context context,
-					 krb5_get_init_creds_opt *opt,
-					 krb5_boolean req)
-{
-    krb5_error_code ret;
-    ret = require_ext_opt(context, opt, "init_creds_opt_set_canonicalize");
-    if (ret)
-	return ret;
-    if (req)
-	opt->opt_private->flags |= KRB5_INIT_CREDS_CANONICALIZE;
-    else
-	opt->opt_private->flags &= ~KRB5_INIT_CREDS_CANONICALIZE;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_win2k(krb5_context context,
-				  krb5_get_init_creds_opt *opt,
-				  krb5_boolean req)
-{
-    krb5_error_code ret;
-    ret = require_ext_opt(context, opt, "init_creds_opt_set_win2k");
-    if (ret)
-	return ret;
-    if (req)
-	opt->opt_private->flags |= KRB5_INIT_CREDS_NO_C_CANON_CHECK;
-    else
-	opt->opt_private->flags &= ~KRB5_INIT_CREDS_NO_C_CANON_CHECK;
-    return 0;
-}
-
diff --git a/crypto/heimdal/lib/krb5/init_creds_pw.c b/crypto/heimdal/lib/krb5/init_creds_pw.c
deleted file mode 100644
index 441adff8fdf9..000000000000
--- a/crypto/heimdal/lib/krb5/init_creds_pw.c
+++ /dev/null
@@ -1,1658 +0,0 @@
-/*
- * Copyright (c) 1997 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: init_creds_pw.c 21931 2007-08-27 14:11:55Z lha $");
-
-typedef struct krb5_get_init_creds_ctx {
-    KDCOptions flags;
-    krb5_creds cred;
-    krb5_addresses *addrs;
-    krb5_enctype *etypes;
-    krb5_preauthtype *pre_auth_types;
-    const char *in_tkt_service;
-    unsigned nonce;
-    unsigned pk_nonce;
-
-    krb5_data req_buffer;
-    AS_REQ as_req;
-    int pa_counter;
-
-    const char *password;
-    krb5_s2k_proc key_proc;
-
-    krb5_get_init_creds_tristate req_pac;
-
-    krb5_pk_init_ctx pk_init_ctx;
-    int ic_flags;
-} krb5_get_init_creds_ctx;
-
-static krb5_error_code
-default_s2k_func(krb5_context context, krb5_enctype type, 
-		 krb5_const_pointer keyseed,
-		 krb5_salt salt, krb5_data *s2kparms,
-		 krb5_keyblock **key)
-{
-    krb5_error_code ret;
-    krb5_data password;
-    krb5_data opaque;
-
-    password.data = rk_UNCONST(keyseed);
-    password.length = strlen(keyseed);
-    if (s2kparms)
-	opaque = *s2kparms;
-    else
-	krb5_data_zero(&opaque);
-	
-    *key = malloc(sizeof(**key));
-    if (*key == NULL)
-	return ENOMEM;
-    ret = krb5_string_to_key_data_salt_opaque(context, type, password,
-					      salt, opaque, *key);
-    if (ret) {
-	free(*key);
-	*key = NULL;
-    }
-    return ret;
-}
-
-static void
-free_init_creds_ctx(krb5_context context, krb5_get_init_creds_ctx *ctx)
-{
-    if (ctx->etypes)
-	free(ctx->etypes);
-    if (ctx->pre_auth_types)
-	free (ctx->pre_auth_types);
-    free_AS_REQ(&ctx->as_req);
-    memset(&ctx->as_req, 0, sizeof(ctx->as_req));
-}
-
-static int
-get_config_time (krb5_context context,
-		 const char *realm,
-		 const char *name,
-		 int def)
-{
-    int ret;
-
-    ret = krb5_config_get_time (context, NULL,
-				"realms",
-				realm,
-				name,
-				NULL);
-    if (ret >= 0)
-	return ret;
-    ret = krb5_config_get_time (context, NULL,
-				"libdefaults",
-				name,
-				NULL);
-    if (ret >= 0)
-	return ret;
-    return def;
-}
-
-static krb5_error_code
-init_cred (krb5_context context,
-	   krb5_creds *cred,
-	   krb5_principal client,
-	   krb5_deltat start_time,
-	   const char *in_tkt_service,
-	   krb5_get_init_creds_opt *options)
-{
-    krb5_error_code ret;
-    krb5_const_realm client_realm;
-    int tmp;
-    krb5_timestamp now;
-
-    krb5_timeofday (context, &now);
-
-    memset (cred, 0, sizeof(*cred));
-    
-    if (client)
-	krb5_copy_principal(context, client, &cred->client);
-    else {
-	ret = krb5_get_default_principal (context,
-					  &cred->client);
-	if (ret)
-	    goto out;
-    }
-
-    client_realm = krb5_principal_get_realm (context, cred->client);
-
-    if (start_time)
-	cred->times.starttime  = now + start_time;
-
-    if (options->flags & KRB5_GET_INIT_CREDS_OPT_TKT_LIFE)
-	tmp = options->tkt_life;
-    else
-	tmp = 10 * 60 * 60;
-    cred->times.endtime = now + tmp;
-
-    if ((options->flags & KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE) &&
-	options->renew_life > 0) {
-	cred->times.renew_till = now + options->renew_life;
-    }
-
-    if (in_tkt_service) {
-	krb5_realm server_realm;
-
-	ret = krb5_parse_name (context, in_tkt_service, &cred->server);
-	if (ret)
-	    goto out;
-	server_realm = strdup (client_realm);
-	free (*krb5_princ_realm(context, cred->server));
-	krb5_princ_set_realm (context, cred->server, &server_realm);
-    } else {
-	ret = krb5_make_principal(context, &cred->server, 
-				  client_realm, KRB5_TGS_NAME, client_realm,
-				  NULL);
-	if (ret)
-	    goto out;
-    }
-    return 0;
-
-out:
-    krb5_free_cred_contents (context, cred);
-    return ret;
-}
-
-/*
- * Print a message (str) to the user about the expiration in `lr'
- */
-
-static void
-report_expiration (krb5_context context,
-		   krb5_prompter_fct prompter,
-		   krb5_data *data,
-		   const char *str,
-		   time_t now)
-{
-    char *p;
-	    
-    asprintf (&p, "%s%s", str, ctime(&now));
-    (*prompter) (context, data, NULL, p, 0, NULL);
-    free (p);
-}
-
-/*
- * Parse the last_req data and show it to the user if it's interesting
- */
-
-static void
-print_expire (krb5_context context,
-	      krb5_const_realm realm,
-	      krb5_kdc_rep *rep,
-	      krb5_prompter_fct prompter,
-	      krb5_data *data)
-{
-    int i;
-    LastReq *lr = &rep->enc_part.last_req;
-    krb5_timestamp sec;
-    time_t t;
-    krb5_boolean reported = FALSE;
-
-    krb5_timeofday (context, &sec);
-
-    t = sec + get_config_time (context,
-			       realm,
-			       "warn_pwexpire",
-			       7 * 24 * 60 * 60);
-
-    for (i = 0; i < lr->len; ++i) {
-	if (lr->val[i].lr_value <= t) {
-	    switch (abs(lr->val[i].lr_type)) {
-	    case LR_PW_EXPTIME :
-		report_expiration(context, prompter, data,
-				  "Your password will expire at ",
-				  lr->val[i].lr_value);
-		reported = TRUE;
-		break;
-	    case LR_ACCT_EXPTIME :
-		report_expiration(context, prompter, data,
-				  "Your account will expire at ",
-				  lr->val[i].lr_value);
-		reported = TRUE;
-		break;
-	    }
-	}
-    }
-
-    if (!reported
-	&& rep->enc_part.key_expiration
-	&& *rep->enc_part.key_expiration <= t) {
-	report_expiration(context, prompter, data,
-			  "Your password/account will expire at ",
-			  *rep->enc_part.key_expiration);
-    }
-}
-
-static krb5_addresses no_addrs = { 0, NULL };
-
-static krb5_error_code
-get_init_creds_common(krb5_context context,
-		      krb5_principal client,
-		      krb5_deltat start_time,
-		      const char *in_tkt_service,
-		      krb5_get_init_creds_opt *options,
-		      krb5_get_init_creds_ctx *ctx)
-{
-    krb5_get_init_creds_opt default_opt;
-    krb5_error_code ret;
-    krb5_enctype *etypes;
-    krb5_preauthtype *pre_auth_types;
-
-    memset(ctx, 0, sizeof(*ctx));
-
-    if (options == NULL) {
-	krb5_get_init_creds_opt_init (&default_opt);
-	options = &default_opt;
-    } else {
-	_krb5_get_init_creds_opt_free_krb5_error(options);
-    }
-
-    if (options->opt_private) {
-	ctx->password = options->opt_private->password;
-	ctx->key_proc = options->opt_private->key_proc;
-	ctx->req_pac = options->opt_private->req_pac;
-	ctx->pk_init_ctx = options->opt_private->pk_init_ctx;
-	ctx->ic_flags = options->opt_private->flags;
-    } else
-	ctx->req_pac = KRB5_INIT_CREDS_TRISTATE_UNSET;
-
-    if (ctx->key_proc == NULL)
-	ctx->key_proc = default_s2k_func;
-
-    if (ctx->ic_flags & KRB5_INIT_CREDS_CANONICALIZE)
-	ctx->flags.canonicalize = 1;
-
-    ctx->pre_auth_types = NULL;
-    ctx->addrs = NULL;
-    ctx->etypes = NULL;
-    ctx->pre_auth_types = NULL;
-    ctx->in_tkt_service = in_tkt_service;
-
-    ret = init_cred (context, &ctx->cred, client, start_time,
-		     in_tkt_service, options);
-    if (ret)
-	return ret;
-
-    if (options->flags & KRB5_GET_INIT_CREDS_OPT_FORWARDABLE)
-	ctx->flags.forwardable = options->forwardable;
-
-    if (options->flags & KRB5_GET_INIT_CREDS_OPT_PROXIABLE)
-	ctx->flags.proxiable = options->proxiable;
-
-    if (start_time)
-	ctx->flags.postdated = 1;
-    if (ctx->cred.times.renew_till)
-	ctx->flags.renewable = 1;
-    if (options->flags & KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST) {
-	ctx->addrs = options->address_list;
-    } else if (options->opt_private) {
-	switch (options->opt_private->addressless) {
-	case KRB5_INIT_CREDS_TRISTATE_UNSET:
-#if KRB5_ADDRESSLESS_DEFAULT == TRUE
-	    ctx->addrs = &no_addrs;
-#else
-	    ctx->addrs = NULL;
-#endif
-	    break;
-	case KRB5_INIT_CREDS_TRISTATE_FALSE:
-	    ctx->addrs = NULL;
-	    break;
-	case KRB5_INIT_CREDS_TRISTATE_TRUE:
-	    ctx->addrs = &no_addrs;
-	    break;
-	}
-    }
-    if (options->flags & KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST) {
-	etypes = malloc((options->etype_list_length + 1)
-			* sizeof(krb5_enctype));
-	if (etypes == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	memcpy (etypes, options->etype_list,
-		options->etype_list_length * sizeof(krb5_enctype));
-	etypes[options->etype_list_length] = ETYPE_NULL;
-	ctx->etypes = etypes;
-    }
-    if (options->flags & KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST) {
-	pre_auth_types = malloc((options->preauth_list_length + 1)
-				* sizeof(krb5_preauthtype));
-	if (pre_auth_types == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	memcpy (pre_auth_types, options->preauth_list,
-		options->preauth_list_length * sizeof(krb5_preauthtype));
-	pre_auth_types[options->preauth_list_length] = KRB5_PADATA_NONE;
-	ctx->pre_auth_types = pre_auth_types;
-    }
-    if (options->flags & KRB5_GET_INIT_CREDS_OPT_SALT)
-	;			/* XXX */
-    if (options->flags & KRB5_GET_INIT_CREDS_OPT_ANONYMOUS)
-	ctx->flags.request_anonymous = options->anonymous;
-    return 0;
-}
-
-static krb5_error_code
-change_password (krb5_context context,
-		 krb5_principal client,
-		 const char *password,
-		 char *newpw,
-		 size_t newpw_sz,
-		 krb5_prompter_fct prompter,
-		 void *data,
-		 krb5_get_init_creds_opt *old_options)
-{
-    krb5_prompt prompts[2];
-    krb5_error_code ret;
-    krb5_creds cpw_cred;
-    char buf1[BUFSIZ], buf2[BUFSIZ];
-    krb5_data password_data[2];
-    int result_code;
-    krb5_data result_code_string;
-    krb5_data result_string;
-    char *p;
-    krb5_get_init_creds_opt options;
-
-    memset (&cpw_cred, 0, sizeof(cpw_cred));
-
-    krb5_get_init_creds_opt_init (&options);
-    krb5_get_init_creds_opt_set_tkt_life (&options, 60);
-    krb5_get_init_creds_opt_set_forwardable (&options, FALSE);
-    krb5_get_init_creds_opt_set_proxiable (&options, FALSE);
-    if (old_options && old_options->flags & KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST)
-	krb5_get_init_creds_opt_set_preauth_list (&options,
-						  old_options->preauth_list,
-						  old_options->preauth_list_length);					      
-
-    krb5_data_zero (&result_code_string);
-    krb5_data_zero (&result_string);
-
-    ret = krb5_get_init_creds_password (context,
-					&cpw_cred,
-					client,
-					password,
-					prompter,
-					data,
-					0,
-					"kadmin/changepw",
-					&options);
-    if (ret)
-	goto out;
-
-    for(;;) {
-	password_data[0].data   = buf1;
-	password_data[0].length = sizeof(buf1);
-
-	prompts[0].hidden = 1;
-	prompts[0].prompt = "New password: ";
-	prompts[0].reply  = &password_data[0];
-	prompts[0].type   = KRB5_PROMPT_TYPE_NEW_PASSWORD;
-
-	password_data[1].data   = buf2;
-	password_data[1].length = sizeof(buf2);
-
-	prompts[1].hidden = 1;
-	prompts[1].prompt = "Repeat new password: ";
-	prompts[1].reply  = &password_data[1];
-	prompts[1].type   = KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN;
-
-	ret = (*prompter) (context, data, NULL, "Changing password",
-			   2, prompts);
-	if (ret) {
-	    memset (buf1, 0, sizeof(buf1));
-	    memset (buf2, 0, sizeof(buf2));
-	    goto out;
-	}
-
-	if (strcmp (buf1, buf2) == 0)
-	    break;
-	memset (buf1, 0, sizeof(buf1));
-	memset (buf2, 0, sizeof(buf2));
-    }
-    
-    ret = krb5_change_password (context,
-				&cpw_cred,
-				buf1,
-				&result_code,
-				&result_code_string,
-				&result_string);
-    if (ret)
-	goto out;
-    asprintf (&p, "%s: %.*s\n",
-	      result_code ? "Error" : "Success",
-	      (int)result_string.length,
-	      result_string.length > 0 ? (char*)result_string.data : "");
-
-    ret = (*prompter) (context, data, NULL, p, 0, NULL);
-    free (p);
-    if (result_code == 0) {
-	strlcpy (newpw, buf1, newpw_sz);
-	ret = 0;
-    } else {
-	krb5_set_error_string (context, "failed changing password");
-	ret = ENOTTY;
-    }
-
-out:
-    memset (buf1, 0, sizeof(buf1));
-    memset (buf2, 0, sizeof(buf2));
-    krb5_data_free (&result_string);
-    krb5_data_free (&result_code_string);
-    krb5_free_cred_contents (context, &cpw_cred);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_keyblock_key_proc (krb5_context context,
-			krb5_keytype type,
-			krb5_data *salt,
-			krb5_const_pointer keyseed,
-			krb5_keyblock **key)
-{
-    return krb5_copy_keyblock (context, keyseed, key);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_keytab(krb5_context context,
-			   krb5_creds *creds,
-			   krb5_principal client,
-			   krb5_keytab keytab,
-			   krb5_deltat start_time,
-			   const char *in_tkt_service,
-			   krb5_get_init_creds_opt *options)
-{
-    krb5_get_init_creds_ctx ctx;
-    krb5_error_code ret;
-    krb5_keytab_key_proc_args *a;
-    
-    ret = get_init_creds_common(context, client, start_time,
-				in_tkt_service, options, &ctx);
-    if (ret)
-	goto out;
-
-    a = malloc (sizeof(*a));
-    if (a == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	ret = ENOMEM;
-	goto out;
-    }
-    a->principal = ctx.cred.client;
-    a->keytab    = keytab;
-
-    ret = krb5_get_in_cred (context,
-			    KDCOptions2int(ctx.flags),
-			    ctx.addrs,
-			    ctx.etypes,
-			    ctx.pre_auth_types,
-			    NULL,
-			    krb5_keytab_key_proc,
-			    a,
-			    NULL,
-			    NULL,
-			    &ctx.cred,
-			    NULL);
-    free (a);
-
-    if (ret == 0 && creds)
-	*creds = ctx.cred;
-    else
-	krb5_free_cred_contents (context, &ctx.cred);
-
- out:
-    free_init_creds_ctx(context, &ctx);
-    return ret;
-}
-
-/*
- *
- */
-
-static krb5_error_code
-init_creds_init_as_req (krb5_context context,
-			KDCOptions opts,
-			const krb5_creds *creds,
-			const krb5_addresses *addrs,
-			const krb5_enctype *etypes,
-			AS_REQ *a)
-{
-    krb5_error_code ret;
-
-    memset(a, 0, sizeof(*a));
-
-    a->pvno = 5;
-    a->msg_type = krb_as_req;
-    a->req_body.kdc_options = opts;
-    a->req_body.cname = malloc(sizeof(*a->req_body.cname));
-    if (a->req_body.cname == NULL) {
-	ret = ENOMEM;
-	krb5_set_error_string(context, "malloc: out of memory");
-	goto fail;
-    }
-    a->req_body.sname = malloc(sizeof(*a->req_body.sname));
-    if (a->req_body.sname == NULL) {
-	ret = ENOMEM;
-	krb5_set_error_string(context, "malloc: out of memory");
-	goto fail;
-    }
-
-    ret = _krb5_principal2principalname (a->req_body.cname, creds->client);
-    if (ret)
-	goto fail;
-    ret = copy_Realm(&creds->client->realm, &a->req_body.realm);
-    if (ret)
-	goto fail;
-
-    ret = _krb5_principal2principalname (a->req_body.sname, creds->server);
-    if (ret)
-	goto fail;
-
-    if(creds->times.starttime) {
-	a->req_body.from = malloc(sizeof(*a->req_body.from));
-	if (a->req_body.from == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    goto fail;
-	}
-	*a->req_body.from = creds->times.starttime;
-    }
-    if(creds->times.endtime){
-	ALLOC(a->req_body.till, 1);
-	*a->req_body.till = creds->times.endtime;
-    }
-    if(creds->times.renew_till){
-	a->req_body.rtime = malloc(sizeof(*a->req_body.rtime));
-	if (a->req_body.rtime == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    goto fail;
-	}
-	*a->req_body.rtime = creds->times.renew_till;
-    }
-    a->req_body.nonce = 0;
-    ret = krb5_init_etype (context,
-			   &a->req_body.etype.len,
-			   &a->req_body.etype.val,
-			   etypes);
-    if (ret)
-	goto fail;
-
-    /*
-     * This means no addresses
-     */
-
-    if (addrs && addrs->len == 0) {
-	a->req_body.addresses = NULL;
-    } else {
-	a->req_body.addresses = malloc(sizeof(*a->req_body.addresses));
-	if (a->req_body.addresses == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    goto fail;
-	}
-
-	if (addrs)
-	    ret = krb5_copy_addresses(context, addrs, a->req_body.addresses);
-	else {
-	    ret = krb5_get_all_client_addrs (context, a->req_body.addresses);
-	    if(ret == 0 && a->req_body.addresses->len == 0) {
-		free(a->req_body.addresses);
-		a->req_body.addresses = NULL;
-	    }
-	}
-	if (ret)
-	    goto fail;
-    }
-
-    a->req_body.enc_authorization_data = NULL;
-    a->req_body.additional_tickets = NULL;
-
-    a->padata = NULL;
-
-    return 0;
- fail:
-    free_AS_REQ(a);
-    memset(a, 0, sizeof(*a));
-    return ret;
-}
-
-struct pa_info_data {
-    krb5_enctype etype;
-    krb5_salt salt;
-    krb5_data *s2kparams;
-};
-
-static void
-free_paid(krb5_context context, struct pa_info_data *ppaid)
-{
-    krb5_free_salt(context, ppaid->salt);
-    if (ppaid->s2kparams)
-	krb5_free_data(context, ppaid->s2kparams);
-}
-
-
-static krb5_error_code
-set_paid(struct pa_info_data *paid, krb5_context context,
-	 krb5_enctype etype,
-	 krb5_salttype salttype, void *salt_string, size_t salt_len,
-	 krb5_data *s2kparams)
-{
-    paid->etype = etype;
-    paid->salt.salttype = salttype;
-    paid->salt.saltvalue.data = malloc(salt_len + 1);
-    if (paid->salt.saltvalue.data == NULL) {
-	krb5_clear_error_string(context);
-	return ENOMEM;
-    }
-    memcpy(paid->salt.saltvalue.data, salt_string, salt_len);
-    ((char *)paid->salt.saltvalue.data)[salt_len] = '\0';
-    paid->salt.saltvalue.length = salt_len;
-    if (s2kparams) {
-	krb5_error_code ret;
-
-	ret = krb5_copy_data(context, s2kparams, &paid->s2kparams);
-	if (ret) {
-	    krb5_clear_error_string(context);
-	    krb5_free_salt(context, paid->salt);
-	    return ret;
-	}
-    } else
-	paid->s2kparams = NULL;
-
-    return 0;
-}
-
-static struct pa_info_data *
-pa_etype_info2(krb5_context context,
-	       const krb5_principal client, 
-	       const AS_REQ *asreq,
-	       struct pa_info_data *paid, 
-	       heim_octet_string *data)
-{
-    krb5_error_code ret;
-    ETYPE_INFO2 e;
-    size_t sz;
-    int i, j;
-
-    memset(&e, 0, sizeof(e));
-    ret = decode_ETYPE_INFO2(data->data, data->length, &e, &sz);
-    if (ret)
-	goto out;
-    if (e.len == 0)
-	goto out;
-    for (j = 0; j < asreq->req_body.etype.len; j++) {
-	for (i = 0; i < e.len; i++) {
-	    if (asreq->req_body.etype.val[j] == e.val[i].etype) {
-		krb5_salt salt;
-		if (e.val[i].salt == NULL)
-		    ret = krb5_get_pw_salt(context, client, &salt);
-		else {
-		    salt.saltvalue.data = *e.val[i].salt;
-		    salt.saltvalue.length = strlen(*e.val[i].salt);
-		    ret = 0;
-		}
-		if (ret == 0)
-		    ret = set_paid(paid, context, e.val[i].etype,
-				   KRB5_PW_SALT,
-				   salt.saltvalue.data, 
-				   salt.saltvalue.length,
-				   e.val[i].s2kparams);
-		if (e.val[i].salt == NULL)
-		    krb5_free_salt(context, salt);
-		if (ret == 0) {
-		    free_ETYPE_INFO2(&e);
-		    return paid;
-		}
-	    }
-	}
-    }
- out:
-    free_ETYPE_INFO2(&e);
-    return NULL;
-}
-
-static struct pa_info_data *
-pa_etype_info(krb5_context context,
-	      const krb5_principal client, 
-	      const AS_REQ *asreq,
-	      struct pa_info_data *paid,
-	      heim_octet_string *data)
-{
-    krb5_error_code ret;
-    ETYPE_INFO e;
-    size_t sz;
-    int i, j;
-
-    memset(&e, 0, sizeof(e));
-    ret = decode_ETYPE_INFO(data->data, data->length, &e, &sz);
-    if (ret)
-	goto out;
-    if (e.len == 0)
-	goto out;
-    for (j = 0; j < asreq->req_body.etype.len; j++) {
-	for (i = 0; i < e.len; i++) {
-	    if (asreq->req_body.etype.val[j] == e.val[i].etype) {
-		krb5_salt salt;
-		salt.salttype = KRB5_PW_SALT;
-		if (e.val[i].salt == NULL)
-		    ret = krb5_get_pw_salt(context, client, &salt);
-		else {
-		    salt.saltvalue = *e.val[i].salt;
-		    ret = 0;
-		}
-		if (e.val[i].salttype)
-		    salt.salttype = *e.val[i].salttype;
-		if (ret == 0) {
-		    ret = set_paid(paid, context, e.val[i].etype,
-				   salt.salttype,
-				   salt.saltvalue.data, 
-				   salt.saltvalue.length,
-				   NULL);
-		    if (e.val[i].salt == NULL)
-			krb5_free_salt(context, salt);
-		}
-		if (ret == 0) {
-		    free_ETYPE_INFO(&e);
-		    return paid;
-		}
-	    }
-	}
-    }
- out:
-    free_ETYPE_INFO(&e);
-    return NULL;
-}
-
-static struct pa_info_data *
-pa_pw_or_afs3_salt(krb5_context context,
-		   const krb5_principal client, 
-		   const AS_REQ *asreq,
-		   struct pa_info_data *paid,
-		   heim_octet_string *data)
-{
-    krb5_error_code ret;
-    if (paid->etype == ENCTYPE_NULL)
-	return NULL;
-    ret = set_paid(paid, context, 
-		   paid->etype,
-		   paid->salt.salttype,
-		   data->data, 
-		   data->length,
-		   NULL);
-    if (ret)
-	return NULL;
-    return paid;
-}
-
-
-struct pa_info {
-    krb5_preauthtype type;
-    struct pa_info_data *(*salt_info)(krb5_context,
-				      const krb5_principal, 
-				      const AS_REQ *,
-				      struct pa_info_data *, 
-				      heim_octet_string *);
-};
-
-static struct pa_info pa_prefs[] = {
-    { KRB5_PADATA_ETYPE_INFO2, pa_etype_info2 },
-    { KRB5_PADATA_ETYPE_INFO, pa_etype_info },
-    { KRB5_PADATA_PW_SALT, pa_pw_or_afs3_salt },
-    { KRB5_PADATA_AFS3_SALT, pa_pw_or_afs3_salt }
-};
-    
-static PA_DATA *
-find_pa_data(const METHOD_DATA *md, int type)
-{
-    int i;
-    if (md == NULL)
-	return NULL;
-    for (i = 0; i < md->len; i++)
-	if (md->val[i].padata_type == type)
-	    return &md->val[i];
-    return NULL;
-}
-
-static struct pa_info_data *
-process_pa_info(krb5_context context, 
-		const krb5_principal client, 
-		const AS_REQ *asreq,
-		struct pa_info_data *paid,
-		METHOD_DATA *md)
-{
-    struct pa_info_data *p = NULL;
-    int i;
-
-    for (i = 0; p == NULL && i < sizeof(pa_prefs)/sizeof(pa_prefs[0]); i++) {
-	PA_DATA *pa = find_pa_data(md, pa_prefs[i].type);
-	if (pa == NULL)
-	    continue;
-	paid->salt.salttype = pa_prefs[i].type;
-	p = (*pa_prefs[i].salt_info)(context, client, asreq,
-				     paid, &pa->padata_value);
-    }
-    return p;
-}
-
-static krb5_error_code
-make_pa_enc_timestamp(krb5_context context, METHOD_DATA *md, 
-		      krb5_enctype etype, krb5_keyblock *key)
-{
-    PA_ENC_TS_ENC p;
-    unsigned char *buf;
-    size_t buf_size;
-    size_t len;
-    EncryptedData encdata;
-    krb5_error_code ret;
-    int32_t usec;
-    int usec2;
-    krb5_crypto crypto;
-    
-    krb5_us_timeofday (context, &p.patimestamp, &usec);
-    usec2         = usec;
-    p.pausec      = &usec2;
-
-    ASN1_MALLOC_ENCODE(PA_ENC_TS_ENC, buf, buf_size, &p, &len, ret);
-    if (ret)
-	return ret;
-    if(buf_size != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret) {
-	free(buf);
-	return ret;
-    }
-    ret = krb5_encrypt_EncryptedData(context, 
-				     crypto,
-				     KRB5_KU_PA_ENC_TIMESTAMP,
-				     buf,
-				     len,
-				     0,
-				     &encdata);
-    free(buf);
-    krb5_crypto_destroy(context, crypto);
-    if (ret)
-	return ret;
-		    
-    ASN1_MALLOC_ENCODE(EncryptedData, buf, buf_size, &encdata, &len, ret);
-    free_EncryptedData(&encdata);
-    if (ret)
-	return ret;
-    if(buf_size != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-
-    ret = krb5_padata_add(context, md, KRB5_PADATA_ENC_TIMESTAMP, buf, len);
-    if (ret)
-	free(buf);
-    return ret;
-}
-
-static krb5_error_code
-add_enc_ts_padata(krb5_context context,
-		  METHOD_DATA *md, 
-		  krb5_principal client,
-		  krb5_s2k_proc key_proc,
-		  krb5_const_pointer keyseed,
-		  krb5_enctype *enctypes,
-		  unsigned netypes,
-		  krb5_salt *salt,
-		  krb5_data *s2kparams)
-{
-    krb5_error_code ret;
-    krb5_salt salt2;
-    krb5_enctype *ep;
-    int i;
-    
-    if(salt == NULL) {
-	/* default to standard salt */
-	ret = krb5_get_pw_salt (context, client, &salt2);
-	salt = &salt2;
-    }
-    if (!enctypes) {
-	enctypes = context->etypes;
-	netypes = 0;
-	for (ep = enctypes; *ep != ETYPE_NULL; ep++)
-	    netypes++;
-    }
-
-    for (i = 0; i < netypes; ++i) {
-	krb5_keyblock *key;
-
-	ret = (*key_proc)(context, enctypes[i], keyseed,
-			  *salt, s2kparams, &key);
-	if (ret)
-	    continue;
-	ret = make_pa_enc_timestamp (context, md, enctypes[i], key);
-	krb5_free_keyblock (context, key);
-	if (ret)
-	    return ret;
-    }
-    if(salt == &salt2)
-	krb5_free_salt(context, salt2);
-    return 0;
-}
-
-static krb5_error_code
-pa_data_to_md_ts_enc(krb5_context context,
-		     const AS_REQ *a,
-		     const krb5_principal client,
-		     krb5_get_init_creds_ctx *ctx,
-		     struct pa_info_data *ppaid,
-		     METHOD_DATA *md)
-{
-    if (ctx->key_proc == NULL || ctx->password == NULL)
-	return 0;
-
-    if (ppaid) {
-	add_enc_ts_padata(context, md, client, 
-			  ctx->key_proc, ctx->password,
-			  &ppaid->etype, 1,
-			  &ppaid->salt, ppaid->s2kparams);
-    } else {
-	krb5_salt salt;
-	
-	/* make a v5 salted pa-data */
-	add_enc_ts_padata(context, md, client, 
-			  ctx->key_proc, ctx->password,
-			  a->req_body.etype.val, a->req_body.etype.len, 
-			  NULL, NULL);
-	
-	/* make a v4 salted pa-data */
-	salt.salttype = KRB5_PW_SALT;
-	krb5_data_zero(&salt.saltvalue);
-	add_enc_ts_padata(context, md, client, 
-			  ctx->key_proc, ctx->password, 
-			  a->req_body.etype.val, a->req_body.etype.len, 
-			  &salt, NULL);
-    }
-    return 0;
-}
-
-static krb5_error_code
-pa_data_to_key_plain(krb5_context context,
-		     const krb5_principal client,
-		     krb5_get_init_creds_ctx *ctx,
-		     krb5_salt salt,
-		     krb5_data *s2kparams,
-		     krb5_enctype etype,
-		     krb5_keyblock **key)
-{
-    krb5_error_code ret;
-
-    ret = (*ctx->key_proc)(context, etype, ctx->password,
-			   salt, s2kparams, key);
-    return ret;
-}
-
-
-static krb5_error_code
-pa_data_to_md_pkinit(krb5_context context,
-		     const AS_REQ *a,
-		     const krb5_principal client,
-		     krb5_get_init_creds_ctx *ctx,
-		     METHOD_DATA *md)
-{
-    if (ctx->pk_init_ctx == NULL)
-	return 0;
-#ifdef PKINIT
-    return _krb5_pk_mk_padata(context,
-			     ctx->pk_init_ctx,
-			     &a->req_body,
-			     ctx->pk_nonce,
-			     md);
-#else
-    krb5_set_error_string(context, "no support for PKINIT compiled in");
-    return EINVAL;
-#endif
-}
-
-static krb5_error_code
-pa_data_add_pac_request(krb5_context context,
-			krb5_get_init_creds_ctx *ctx,
-			METHOD_DATA *md)
-{
-    size_t len, length;
-    krb5_error_code ret;
-    PA_PAC_REQUEST req;
-    void *buf;
-    
-    switch (ctx->req_pac) {
-    case KRB5_INIT_CREDS_TRISTATE_UNSET:
-	return 0; /* don't bother */
-    case KRB5_INIT_CREDS_TRISTATE_TRUE:
-	req.include_pac = 1;
-	break;
-    case KRB5_INIT_CREDS_TRISTATE_FALSE:
-	req.include_pac = 0;
-    }	
-
-    ASN1_MALLOC_ENCODE(PA_PAC_REQUEST, buf, length, 
-		       &req, &len, ret);
-    if (ret)
-	return ret;
-    if(len != length)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-
-    ret = krb5_padata_add(context, md, KRB5_PADATA_PA_PAC_REQUEST, buf, len);
-    if (ret)
-	free(buf);
-
-    return 0;
-}
-
-/*
- * Assumes caller always will free `out_md', even on error.
- */
-
-static krb5_error_code
-process_pa_data_to_md(krb5_context context,
-		      const krb5_creds *creds,
-		      const AS_REQ *a,
-		      krb5_get_init_creds_ctx *ctx,
-		      METHOD_DATA *in_md,
-		      METHOD_DATA **out_md,
-		      krb5_prompter_fct prompter,
-		      void *prompter_data)
-{
-    krb5_error_code ret;
-
-    ALLOC(*out_md, 1);
-    if (*out_md == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    (*out_md)->len = 0;
-    (*out_md)->val = NULL;
-    
-    /*
-     * Make sure we don't sent both ENC-TS and PK-INIT pa data, no
-     * need to expose our password protecting our PKCS12 key.
-     */
-
-    if (ctx->pk_init_ctx) {
-
-	ret = pa_data_to_md_pkinit(context, a, creds->client, ctx, *out_md);
-	if (ret)
-	    return ret;
-
-    } else if (in_md->len != 0) {
-	struct pa_info_data paid, *ppaid;
-	
-	memset(&paid, 0, sizeof(paid));
-	
-	paid.etype = ENCTYPE_NULL;
-	ppaid = process_pa_info(context, creds->client, a, &paid, in_md);
-	
-	pa_data_to_md_ts_enc(context, a, creds->client, ctx, ppaid, *out_md);
-	if (ppaid)
-	    free_paid(context, ppaid);
-    }
-
-    pa_data_add_pac_request(context, ctx, *out_md);
-
-    if ((*out_md)->len == 0) {
-	free(*out_md);
-	*out_md = NULL;
-    }
-
-    return 0;
-}
-
-static krb5_error_code
-process_pa_data_to_key(krb5_context context,
-		       krb5_get_init_creds_ctx *ctx,
-		       krb5_creds *creds,
-		       AS_REQ *a,
-		       krb5_kdc_rep *rep,
-		       const krb5_krbhst_info *hi,
-		       krb5_keyblock **key)
-{
-    struct pa_info_data paid, *ppaid = NULL;
-    krb5_error_code ret;
-    krb5_enctype etype;
-    PA_DATA *pa;
-
-    memset(&paid, 0, sizeof(paid));
-
-    etype = rep->kdc_rep.enc_part.etype;
-
-    if (rep->kdc_rep.padata) {
-	paid.etype = etype;
-	ppaid = process_pa_info(context, creds->client, a, &paid, 
-				rep->kdc_rep.padata);
-    }
-    if (ppaid == NULL) {
-	ret = krb5_get_pw_salt (context, creds->client, &paid.salt);
-	if (ret)
-	    return ret;
-	paid.etype = etype;
-	paid.s2kparams = NULL;
-    }
-
-    pa = NULL;
-    if (rep->kdc_rep.padata) {
-	int idx = 0;
-	pa = krb5_find_padata(rep->kdc_rep.padata->val, 
-			      rep->kdc_rep.padata->len,
-			      KRB5_PADATA_PK_AS_REP,
-			      &idx);
-	if (pa == NULL) {
-	    idx = 0;
-	    pa = krb5_find_padata(rep->kdc_rep.padata->val, 
-				  rep->kdc_rep.padata->len,
-				  KRB5_PADATA_PK_AS_REP_19,
-				  &idx);
-	}
-    }
-    if (pa && ctx->pk_init_ctx) {
-#ifdef PKINIT
-	ret = _krb5_pk_rd_pa_reply(context,
-				   a->req_body.realm,
-				   ctx->pk_init_ctx,
-				   etype,
-				   hi,
-				   ctx->pk_nonce,
-				   &ctx->req_buffer,
-				   pa,
-				   key);
-#else
-	krb5_set_error_string(context, "no support for PKINIT compiled in");
-	ret = EINVAL;
-#endif
-    } else if (ctx->password)
-	ret = pa_data_to_key_plain(context, creds->client, ctx, 
-				   paid.salt, paid.s2kparams, etype, key);
-    else {
-	krb5_set_error_string(context, "No usable pa data type");
-	ret = EINVAL;
-    }
-
-    free_paid(context, &paid);
-    return ret;
-}
-
-static krb5_error_code
-init_cred_loop(krb5_context context,
-	       krb5_get_init_creds_opt *init_cred_opts,
-	       const krb5_prompter_fct prompter,
-	       void *prompter_data,
-	       krb5_get_init_creds_ctx *ctx,
-	       krb5_creds *creds,
-	       krb5_kdc_rep *ret_as_reply)
-{
-    krb5_error_code ret;
-    krb5_kdc_rep rep;
-    METHOD_DATA md;
-    krb5_data resp;
-    size_t len;
-    size_t size;
-    krb5_krbhst_info *hi = NULL;
-    krb5_sendto_ctx stctx = NULL;
-
-
-    memset(&md, 0, sizeof(md));
-    memset(&rep, 0, sizeof(rep));
-
-    _krb5_get_init_creds_opt_free_krb5_error(init_cred_opts);
-
-    if (ret_as_reply)
-	memset(ret_as_reply, 0, sizeof(*ret_as_reply));
-
-    ret = init_creds_init_as_req(context, ctx->flags, creds,
-				 ctx->addrs, ctx->etypes, &ctx->as_req);
-    if (ret)
-	return ret;
-
-    ret = krb5_sendto_ctx_alloc(context, &stctx);
-    if (ret)
-	goto out;
-    krb5_sendto_ctx_set_func(stctx, _krb5_kdc_retry, NULL);
-
-    /* Set a new nonce. */
-    krb5_generate_random_block (&ctx->nonce, sizeof(ctx->nonce));
-    ctx->nonce &= 0xffffffff;
-    /* XXX these just needs to be the same when using Windows PK-INIT */
-    ctx->pk_nonce = ctx->nonce;
-
-    /*
-     * Increase counter when we want other pre-auth types then
-     * KRB5_PA_ENC_TIMESTAMP.
-     */
-#define MAX_PA_COUNTER 3 
-
-    ctx->pa_counter = 0;
-    while (ctx->pa_counter < MAX_PA_COUNTER) {
-
-	ctx->pa_counter++;
-
-	if (ctx->as_req.padata) {
-	    free_METHOD_DATA(ctx->as_req.padata);
-	    free(ctx->as_req.padata);
-	    ctx->as_req.padata = NULL;
-	}
-
-	/* Set a new nonce. */
-	ctx->as_req.req_body.nonce = ctx->nonce;
-
-	/* fill_in_md_data */
-	ret = process_pa_data_to_md(context, creds, &ctx->as_req, ctx,
-				    &md, &ctx->as_req.padata,
-				    prompter, prompter_data);
-	if (ret)
-	    goto out;
-
-	krb5_data_free(&ctx->req_buffer);
-
-	ASN1_MALLOC_ENCODE(AS_REQ, 
-			   ctx->req_buffer.data, ctx->req_buffer.length, 
-			   &ctx->as_req, &len, ret);
-	if (ret)
-	    goto out;
-	if(len != ctx->req_buffer.length)
-	    krb5_abortx(context, "internal error in ASN.1 encoder");
-
-	ret = krb5_sendto_context (context, stctx, &ctx->req_buffer,
-				   creds->client->realm, &resp);
-    	if (ret)
-	    goto out;
-
-	memset (&rep, 0, sizeof(rep));
-	ret = decode_AS_REP(resp.data, resp.length, &rep.kdc_rep, &size);
-	if (ret == 0) {
-	    krb5_data_free(&resp);
-	    krb5_clear_error_string(context);
-	    break;
-	} else {
-	    /* let's try to parse it as a KRB-ERROR */
-	    KRB_ERROR error;
-
-	    ret = krb5_rd_error(context, &resp, &error);
-	    if(ret && resp.data && ((char*)resp.data)[0] == 4)
-		ret = KRB5KRB_AP_ERR_V4_REPLY;
-	    krb5_data_free(&resp);
-	    if (ret)
-		goto out;
-
-	    ret = krb5_error_from_rd_error(context, &error, creds);
-
-	    /*
-	     * If no preauth was set and KDC requires it, give it one
-	     * more try.
-	     */
-
-	    if (ret == KRB5KDC_ERR_PREAUTH_REQUIRED) {
-		free_METHOD_DATA(&md);
-		memset(&md, 0, sizeof(md));
-
-		if (error.e_data) {
-		    ret = decode_METHOD_DATA(error.e_data->data, 
-					     error.e_data->length, 
-					     &md, 
-					     NULL);
-		    if (ret)
-			krb5_set_error_string(context,
-					      "failed to decode METHOD DATA");
-		} else {
-		    /* XXX guess what the server want here add add md */
-		}
-		krb5_free_error_contents(context, &error);
-		if (ret)
-		    goto out;
-	    } else {
-		_krb5_get_init_creds_opt_set_krb5_error(context,
-							init_cred_opts,
-							&error);
-		if (ret_as_reply)
-		    rep.error = error;
-		else
-		    krb5_free_error_contents(context, &error);
-		goto out;
-	    }
-	}
-    }
-
-    {
-	krb5_keyblock *key = NULL;
-	unsigned flags = 0;
-
-	if (ctx->flags.request_anonymous)
-	    flags |= EXTRACT_TICKET_ALLOW_SERVER_MISMATCH;
-	if (ctx->flags.canonicalize) {
-	    flags |= EXTRACT_TICKET_ALLOW_CNAME_MISMATCH;
-	    flags |= EXTRACT_TICKET_ALLOW_SERVER_MISMATCH;
-	    flags |= EXTRACT_TICKET_MATCH_REALM;
-	}
-
-	ret = process_pa_data_to_key(context, ctx, creds, 
-				     &ctx->as_req, &rep, hi, &key);
-	if (ret)
-	    goto out;
-	
-	ret = _krb5_extract_ticket(context,
-				   &rep,
-				   creds,
-				   key,
-				   NULL,
-				   KRB5_KU_AS_REP_ENC_PART,
-				   NULL,
-				   ctx->nonce,
-				   flags,
-				   NULL,
-				   NULL);
-	krb5_free_keyblock(context, key);
-    }
-    /*
-     * Verify referral data
-     */
-    if ((ctx->ic_flags & KRB5_INIT_CREDS_CANONICALIZE) &&
-	(ctx->ic_flags & KRB5_INIT_CREDS_NO_C_CANON_CHECK) == 0)
-    {
-	PA_ClientCanonicalized canon;
-	krb5_crypto crypto;
-	krb5_data data;
-	PA_DATA *pa;
-	size_t len;
-
-	pa = find_pa_data(rep.kdc_rep.padata, KRB5_PADATA_CLIENT_CANONICALIZED);
-	if (pa == NULL) {
-	    ret = EINVAL;
-	    krb5_set_error_string(context, "Client canonicalizion not signed");
-	    goto out;
-	}
-	
-	ret = decode_PA_ClientCanonicalized(pa->padata_value.data, 
-					    pa->padata_value.length,
-					    &canon, &len);
-	if (ret) {
-	    krb5_set_error_string(context, "Failed to decode "
-				  "PA_ClientCanonicalized");
-	    goto out;
-	}
-
-	ASN1_MALLOC_ENCODE(PA_ClientCanonicalizedNames, data.data, data.length,
-			   &canon.names, &len, ret);
-	if (ret) 
-	    goto out;
-	if (data.length != len)
-	    krb5_abortx(context, "internal asn.1 error");
-
-	ret = krb5_crypto_init(context, &creds->session, 0, &crypto);
-	if (ret) {
-	    free(data.data);
-	    free_PA_ClientCanonicalized(&canon);
-	    goto out;
-	}
-
-	ret = krb5_verify_checksum(context, crypto, KRB5_KU_CANONICALIZED_NAMES,
-				   data.data, data.length,
-				   &canon.canon_checksum);
-	krb5_crypto_destroy(context, crypto);
-	free(data.data);
-	free_PA_ClientCanonicalized(&canon);
-	if (ret) {
-	    krb5_set_error_string(context, "Failed to verify "
-				  "client canonicalized data");
-	    goto out;
-	}
-    }
-out:
-    if (stctx)
-	krb5_sendto_ctx_free(context, stctx);
-    krb5_data_free(&ctx->req_buffer);
-    free_METHOD_DATA(&md);
-    memset(&md, 0, sizeof(md));
-
-    if (ret == 0 && ret_as_reply)
-	*ret_as_reply = rep;
-    else 
-	krb5_free_kdc_rep (context, &rep);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds(krb5_context context,
-		    krb5_creds *creds,
-		    krb5_principal client,
-		    krb5_prompter_fct prompter,
-		    void *data,
-		    krb5_deltat start_time,
-		    const char *in_tkt_service,
-		    krb5_get_init_creds_opt *options)
-{
-    krb5_get_init_creds_ctx ctx;
-    krb5_kdc_rep kdc_reply;
-    krb5_error_code ret;
-    char buf[BUFSIZ];
-    int done;
-
-    memset(&kdc_reply, 0, sizeof(kdc_reply));
-
-    ret = get_init_creds_common(context, client, start_time,
-				in_tkt_service, options, &ctx);
-    if (ret)
-	goto out;
-
-    done = 0;
-    while(!done) {
-	memset(&kdc_reply, 0, sizeof(kdc_reply));
-
-	ret = init_cred_loop(context,
-			     options,
-			     prompter,
-			     data,
-			     &ctx,
-			     &ctx.cred,
-			     &kdc_reply);
-	
-	switch (ret) {
-	case 0 :
-	    done = 1;
-	    break;
-	case KRB5KDC_ERR_KEY_EXPIRED :
-	    /* try to avoid recursion */
-
-	    /* don't try to change password where then where none */
-	    if (prompter == NULL || ctx.password == NULL)
-		goto out;
-
-	    krb5_clear_error_string (context);
-
-	    if (ctx.in_tkt_service != NULL
-		&& strcmp (ctx.in_tkt_service, "kadmin/changepw") == 0)
-		goto out;
-
-	    ret = change_password (context,
-				   client,
-				   ctx.password,
-				   buf,
-				   sizeof(buf),
-				   prompter,
-				   data,
-				   options);
-	    if (ret)
-		goto out;
-	    ctx.password = buf;
-	    break;
-	default:
-	    goto out;
-	}
-    }
-
-    if (prompter)
-	print_expire (context,
-		      krb5_principal_get_realm (context, ctx.cred.client),
-		      &kdc_reply,
-		      prompter,
-		      data);
-
- out:
-    memset (buf, 0, sizeof(buf));
-    free_init_creds_ctx(context, &ctx);
-    krb5_free_kdc_rep (context, &kdc_reply);
-    if (ret == 0)
-	*creds = ctx.cred;
-    else
-	krb5_free_cred_contents (context, &ctx.cred);
-
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_password(krb5_context context,
-			     krb5_creds *creds,
-			     krb5_principal client,
-			     const char *password,
-			     krb5_prompter_fct prompter,
-			     void *data,
-			     krb5_deltat start_time,
-			     const char *in_tkt_service,
-			     krb5_get_init_creds_opt *in_options)
-{
-    krb5_get_init_creds_opt *options;
-    char buf[BUFSIZ];
-    krb5_error_code ret;
-
-    if (in_options == NULL) {
-	const char *realm = krb5_principal_get_realm(context, client);
-	ret = krb5_get_init_creds_opt_alloc(context, &options);
-	if (ret == 0)
-	    krb5_get_init_creds_opt_set_default_flags(context, 
-						      NULL, 
-						      realm, 
-						      options);
-    } else
-	ret = _krb5_get_init_creds_opt_copy(context, in_options, &options);
-    if (ret)
-	return ret;
-
-    if (password == NULL &&
-	options->opt_private->password == NULL &&
-	options->opt_private->pk_init_ctx == NULL)
-    {
-	krb5_prompt prompt;
-	krb5_data password_data;
-	char *p, *q;
-
-	krb5_unparse_name (context, client, &p);
-	asprintf (&q, "%s's Password: ", p);
-	free (p);
-	prompt.prompt = q;
-	password_data.data   = buf;
-	password_data.length = sizeof(buf);
-	prompt.hidden = 1;
-	prompt.reply  = &password_data;
-	prompt.type   = KRB5_PROMPT_TYPE_PASSWORD;
-
-	ret = (*prompter) (context, data, NULL, NULL, 1, &prompt);
-	free (q);
-	if (ret) {
-	    memset (buf, 0, sizeof(buf));
-	    krb5_get_init_creds_opt_free(context, options);
-	    ret = KRB5_LIBOS_PWDINTR;
-	    krb5_clear_error_string (context);
-	    return ret;
-	}
-	password = password_data.data;
-    }
-
-    if (options->opt_private->password == NULL) {
-	ret = krb5_get_init_creds_opt_set_pa_password(context, options,
-						      password, NULL);
-	if (ret) {
-	    krb5_get_init_creds_opt_free(context, options);
-	    memset(buf, 0, sizeof(buf));
-	    return ret;
-	}
-    }
-
-    ret = krb5_get_init_creds(context, creds, client, prompter,
-			      data, start_time, in_tkt_service, options);
-    krb5_get_init_creds_opt_free(context, options);
-    memset(buf, 0, sizeof(buf));
-    return ret;
-}
-
-static krb5_error_code
-init_creds_keyblock_key_proc (krb5_context context,
-			      krb5_enctype type,
-			      krb5_salt salt,
-			      krb5_const_pointer keyseed,
-			      krb5_keyblock **key)
-{
-    return krb5_copy_keyblock (context, keyseed, key);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_keyblock(krb5_context context,
-			     krb5_creds *creds,
-			     krb5_principal client,
-			     krb5_keyblock *keyblock,
-			     krb5_deltat start_time,
-			     const char *in_tkt_service,
-			     krb5_get_init_creds_opt *options)
-{
-    struct krb5_get_init_creds_ctx ctx;
-    krb5_error_code ret;
-    
-    ret = get_init_creds_common(context, client, start_time,
-				in_tkt_service, options, &ctx);
-    if (ret)
-	goto out;
-
-    ret = krb5_get_in_cred (context,
-			    KDCOptions2int(ctx.flags),
-			    ctx.addrs,
-			    ctx.etypes,
-			    ctx.pre_auth_types,
-			    NULL,
-			    init_creds_keyblock_key_proc,
-			    keyblock,
-			    NULL,
-			    NULL,
-			    &ctx.cred,
-			    NULL);
-
-    if (ret == 0 && creds)
-	*creds = ctx.cred;
-    else
-	krb5_free_cred_contents (context, &ctx.cred);
-
- out:
-    free_init_creds_ctx(context, &ctx);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/k524_err.et b/crypto/heimdal/lib/krb5/k524_err.et
deleted file mode 100644
index 0ca25f74d474..000000000000
--- a/crypto/heimdal/lib/krb5/k524_err.et
+++ /dev/null
@@ -1,20 +0,0 @@
-#
-# Error messages for the k524 functions
-#
-# This might look like a com_err file, but is not
-#
-id "$Id: k524_err.et 10141 2001-06-20 02:45:58Z joda $"
-
-error_table k524
-
-prefix KRB524
-error_code BADKEY,		"wrong keytype in ticket"
-error_code BADADDR,		"incorrect network address"
-error_code BADPRINC,		"cannot convert V5 principal"		#unused
-error_code BADREALM,		"V5 realm name longer than V4 maximum"	#unused
-error_code V4ERR,		"kerberos V4 error server"
-error_code ENCFULL,		"encoding too large at server"
-error_code DECEMPTY,		"decoding out of data"			#unused
-error_code NOTRESP,		"service not responding"		#unused
-end
-
diff --git a/crypto/heimdal/lib/krb5/kcm.c b/crypto/heimdal/lib/krb5/kcm.c
deleted file mode 100644
index 8afaa6ea80a1..000000000000
--- a/crypto/heimdal/lib/krb5/kcm.c
+++ /dev/null
@@ -1,1122 +0,0 @@
-/*
- * Copyright (c) 2005, PADL Software Pty Ltd.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of PADL Software nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb5_locl.h"
-
-#ifdef HAVE_KCM
-/*
- * Client library for Kerberos Credentials Manager (KCM) daemon
- */
-
-#ifdef HAVE_SYS_UN_H
-#include <sys/un.h>
-#endif
-
-#include "kcm.h"
-
-RCSID("$Id: kcm.c 22108 2007-12-03 17:23:53Z lha $");
-
-typedef struct krb5_kcmcache {
-    char *name;
-    struct sockaddr_un path;
-    char *door_path;
-} krb5_kcmcache;
-
-#define KCMCACHE(X)	((krb5_kcmcache *)(X)->data.data)
-#define CACHENAME(X)	(KCMCACHE(X)->name)
-#define KCMCURSOR(C)	(*(uint32_t *)(C))
-
-static krb5_error_code
-try_door(krb5_context context, const krb5_kcmcache *k,
-	 krb5_data *request_data,
-	 krb5_data *response_data)
-{
-#ifdef HAVE_DOOR_CREATE
-    door_arg_t arg;
-    int fd;
-    int ret;
-
-    memset(&arg, 0, sizeof(arg));
-	   
-    fd = open(k->door_path, O_RDWR);
-    if (fd < 0)
-	return KRB5_CC_IO;
-
-    arg.data_ptr = request_data->data;
-    arg.data_size = request_data->length;
-    arg.desc_ptr = NULL;
-    arg.desc_num = 0;
-    arg.rbuf = NULL;
-    arg.rsize = 0;
-
-    ret = door_call(fd, &arg);
-    close(fd);
-    if (ret != 0)
-	return KRB5_CC_IO;
-
-    ret = krb5_data_copy(response_data, arg.rbuf, arg.rsize);
-    munmap(arg.rbuf, arg.rsize);
-    if (ret)
-	return ret;
-
-    return 0;
-#else
-    return KRB5_CC_IO;
-#endif
-}
-
-static krb5_error_code
-try_unix_socket(krb5_context context, const krb5_kcmcache *k,
-		krb5_data *request_data,
-		krb5_data *response_data)
-{
-    krb5_error_code ret;
-    int fd;
-
-    fd = socket(AF_UNIX, SOCK_STREAM, 0);
-    if (fd < 0)
-	return KRB5_CC_IO;
-    
-    if (connect(fd, rk_UNCONST(&k->path), sizeof(k->path)) != 0) {
-	close(fd);
-	return KRB5_CC_IO;
-    }
-    
-    ret = _krb5_send_and_recv_tcp(fd, context->kdc_timeout,
-				  request_data, response_data);
-    close(fd);
-    return ret;
-}
-    
-static krb5_error_code
-kcm_send_request(krb5_context context,
-		 krb5_kcmcache *k,
-		 krb5_storage *request,
-		 krb5_data *response_data)
-{
-    krb5_error_code ret;
-    krb5_data request_data;
-    int i;
-
-    response_data->data = NULL;
-    response_data->length = 0;
-
-    ret = krb5_storage_to_data(request, &request_data);
-    if (ret) {
-	krb5_clear_error_string(context);
-	return KRB5_CC_NOMEM;
-    }
-
-    ret = KRB5_CC_IO;
-
-    for (i = 0; i < context->max_retries; i++) {
-	ret = try_door(context, k, &request_data, response_data);
-	if (ret == 0 && response_data->length != 0)
-	    break;
-	ret = try_unix_socket(context, k, &request_data, response_data);
-	if (ret == 0 && response_data->length != 0)
-	    break;
-    }
-
-    krb5_data_free(&request_data);
-
-    if (ret) {
-	krb5_clear_error_string(context);
-	ret = KRB5_CC_IO;
-    }
-
-    return ret;
-}
-
-static krb5_error_code
-kcm_storage_request(krb5_context context,
-		    kcm_operation opcode,
-		    krb5_storage **storage_p)
-{
-    krb5_storage *sp;
-    krb5_error_code ret;
-
-    *storage_p = NULL;
-
-    sp = krb5_storage_emem();
-    if (sp == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return KRB5_CC_NOMEM;
-    }
-
-    /* Send MAJOR | VERSION | OPCODE */
-    ret  = krb5_store_int8(sp, KCM_PROTOCOL_VERSION_MAJOR);
-    if (ret)
-	goto fail;
-    ret = krb5_store_int8(sp, KCM_PROTOCOL_VERSION_MINOR);
-    if (ret)
-	goto fail;
-    ret = krb5_store_int16(sp, opcode);
-    if (ret)
-	goto fail;
-
-    *storage_p = sp;
- fail:
-    if (ret) {
-	krb5_set_error_string(context, "Failed to encode request");
-	krb5_storage_free(sp);
-    }
-   
-    return ret; 
-}
-
-static krb5_error_code
-kcm_alloc(krb5_context context, const char *name, krb5_ccache *id)
-{
-    krb5_kcmcache *k;
-    const char *path;
-
-    k = malloc(sizeof(*k));
-    if (k == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return KRB5_CC_NOMEM;
-    }
-
-    if (name != NULL) {
-	k->name = strdup(name);
-	if (k->name == NULL) {
-	    free(k);
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return KRB5_CC_NOMEM;
-	}
-    } else
-	k->name = NULL;
-
-    path = krb5_config_get_string_default(context, NULL,
-					  _PATH_KCM_SOCKET,
-					  "libdefaults", 
-					  "kcm_socket",
-					  NULL);
-    
-    k->path.sun_family = AF_UNIX;
-    strlcpy(k->path.sun_path, path, sizeof(k->path.sun_path));
-
-    path = krb5_config_get_string_default(context, NULL,
-					  _PATH_KCM_DOOR,
-					  "libdefaults", 
-					  "kcm_door",
-					  NULL);
-    k->door_path = strdup(path);
-
-    (*id)->data.data = k;
-    (*id)->data.length = sizeof(*k);
-
-    return 0;
-}
-
-static krb5_error_code
-kcm_call(krb5_context context,
-	 krb5_kcmcache *k,
-	 krb5_storage *request,
-	 krb5_storage **response_p,
-	 krb5_data *response_data_p)
-{
-    krb5_data response_data;
-    krb5_error_code ret;
-    int32_t status;
-    krb5_storage *response;
-
-    if (response_p != NULL)
-	*response_p = NULL;
-
-    ret = kcm_send_request(context, k, request, &response_data);
-    if (ret) {
-	return ret;
-    }
-
-    response = krb5_storage_from_data(&response_data);
-    if (response == NULL) {
-	krb5_data_free(&response_data);
-	return KRB5_CC_IO;
-    }
-
-    ret = krb5_ret_int32(response, &status);
-    if (ret) {
-	krb5_storage_free(response);
-	krb5_data_free(&response_data);
-	return KRB5_CC_FORMAT;
-    }
-
-    if (status) {
-	krb5_storage_free(response);
-	krb5_data_free(&response_data);
-	return status;
-    }
-
-    if (response_p != NULL) {
-	*response_data_p = response_data;
-	*response_p = response;
-
-	return 0;
-    }
-
-    krb5_storage_free(response);
-    krb5_data_free(&response_data);
-
-    return 0;
-}
-
-static void
-kcm_free(krb5_context context, krb5_ccache *id)
-{
-    krb5_kcmcache *k = KCMCACHE(*id);
-
-    if (k != NULL) {
-	if (k->name != NULL)
-	    free(k->name);
-	if (k->door_path)
-	    free(k->door_path);
-	memset(k, 0, sizeof(*k));
-	krb5_data_free(&(*id)->data);
-    }
-
-    *id = NULL;
-}
-
-static const char *
-kcm_get_name(krb5_context context,
-	     krb5_ccache id)
-{
-    return CACHENAME(id);
-}
-
-static krb5_error_code
-kcm_resolve(krb5_context context, krb5_ccache *id, const char *res)
-{
-    return kcm_alloc(context, res, id);
-}
-
-/*
- * Request:
- *
- * Response:
- *      NameZ
- */
-static krb5_error_code
-kcm_gen_new(krb5_context context, krb5_ccache *id)
-{
-    krb5_kcmcache *k;
-    krb5_error_code ret;
-    krb5_storage *request, *response;
-    krb5_data response_data;
-
-    ret = kcm_alloc(context, NULL, id);
-    if (ret)
-	return ret;
-
-    k = KCMCACHE(*id);
-
-    ret = kcm_storage_request(context, KCM_OP_GEN_NEW, &request);
-    if (ret) {
-	kcm_free(context, id);
-	return ret;
-    }
-
-    ret = kcm_call(context, k, request, &response, &response_data);
-    if (ret) {
-	krb5_storage_free(request);
-	kcm_free(context, id);
-	return ret;
-    }
-
-    ret = krb5_ret_stringz(response, &k->name);
-    if (ret)
-	ret = KRB5_CC_IO;
-
-    krb5_storage_free(request);
-    krb5_storage_free(response);
-    krb5_data_free(&response_data);
-
-    if (ret)
-	kcm_free(context, id);
-
-    return ret;
-}
-
-/*
- * Request:
- *      NameZ
- *      Principal
- *
- * Response:
- *
- */
-static krb5_error_code
-kcm_initialize(krb5_context context,
-	       krb5_ccache id,
-	       krb5_principal primary_principal)
-{
-    krb5_error_code ret;
-    krb5_kcmcache *k = KCMCACHE(id);
-    krb5_storage *request;
-
-    ret = kcm_storage_request(context, KCM_OP_INITIALIZE, &request);
-    if (ret)
-	return ret;
-
-    ret = krb5_store_stringz(request, k->name);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = krb5_store_principal(request, primary_principal);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = kcm_call(context, k, request, NULL, NULL);
-
-    krb5_storage_free(request);
-    return ret;
-}
-
-static krb5_error_code
-kcm_close(krb5_context context,
-	  krb5_ccache id)
-{
-    kcm_free(context, &id);
-    return 0;
-}
-
-/*
- * Request:
- *      NameZ
- *
- * Response:
- *
- */
-static krb5_error_code
-kcm_destroy(krb5_context context,
-	    krb5_ccache id)
-{
-    krb5_error_code ret;
-    krb5_kcmcache *k = KCMCACHE(id);
-    krb5_storage *request;
-
-    ret = kcm_storage_request(context, KCM_OP_DESTROY, &request);
-    if (ret)
-	return ret;
-
-    ret = krb5_store_stringz(request, k->name);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = kcm_call(context, k, request, NULL, NULL);
-
-    krb5_storage_free(request);
-    return ret;
-}
-
-/*
- * Request:
- *      NameZ
- *      Creds
- *
- * Response:
- *
- */
-static krb5_error_code
-kcm_store_cred(krb5_context context,
-	       krb5_ccache id,
-	       krb5_creds *creds)
-{
-    krb5_error_code ret;
-    krb5_kcmcache *k = KCMCACHE(id);
-    krb5_storage *request;
-
-    ret = kcm_storage_request(context, KCM_OP_STORE, &request);
-    if (ret)
-	return ret;
-
-    ret = krb5_store_stringz(request, k->name);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = krb5_store_creds(request, creds);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = kcm_call(context, k, request, NULL, NULL);
-
-    krb5_storage_free(request);
-    return ret;
-}
-
-/*
- * Request:
- *      NameZ
- *      WhichFields
- *      MatchCreds
- *
- * Response:
- *      Creds
- *
- */
-static krb5_error_code
-kcm_retrieve(krb5_context context,
-	     krb5_ccache id,
-	     krb5_flags which,
-	     const krb5_creds *mcred,
-	     krb5_creds *creds)
-{
-    krb5_error_code ret;
-    krb5_kcmcache *k = KCMCACHE(id);
-    krb5_storage *request, *response;
-    krb5_data response_data;
-
-    ret = kcm_storage_request(context, KCM_OP_RETRIEVE, &request);
-    if (ret)
-	return ret;
-
-    ret = krb5_store_stringz(request, k->name);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = krb5_store_int32(request, which);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = krb5_store_creds_tag(request, rk_UNCONST(mcred));
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = kcm_call(context, k, request, &response, &response_data);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = krb5_ret_creds(response, creds);
-    if (ret)
-	ret = KRB5_CC_IO;
-
-    krb5_storage_free(request);
-    krb5_storage_free(response);
-    krb5_data_free(&response_data);
-
-    return ret;
-}
-
-/*
- * Request:
- *      NameZ
- *
- * Response:
- *      Principal
- */
-static krb5_error_code
-kcm_get_principal(krb5_context context,
-		  krb5_ccache id,
-		  krb5_principal *principal)
-{
-    krb5_error_code ret;
-    krb5_kcmcache *k = KCMCACHE(id);
-    krb5_storage *request, *response;
-    krb5_data response_data;
-
-    ret = kcm_storage_request(context, KCM_OP_GET_PRINCIPAL, &request);
-    if (ret)
-	return ret;
-
-    ret = krb5_store_stringz(request, k->name);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = kcm_call(context, k, request, &response, &response_data);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = krb5_ret_principal(response, principal);
-    if (ret)
-	ret = KRB5_CC_IO;
-
-    krb5_storage_free(request);
-    krb5_storage_free(response);
-    krb5_data_free(&response_data);
-
-    return ret;
-}
-
-/*
- * Request:
- *      NameZ
- *
- * Response:
- *      Cursor
- *
- */
-static krb5_error_code
-kcm_get_first (krb5_context context,
-	       krb5_ccache id,
-	       krb5_cc_cursor *cursor)
-{
-    krb5_error_code ret;
-    krb5_kcmcache *k = KCMCACHE(id);
-    krb5_storage *request, *response;
-    krb5_data response_data;
-    int32_t tmp;
-
-    ret = kcm_storage_request(context, KCM_OP_GET_FIRST, &request);
-    if (ret)
-	return ret;
-
-    ret = krb5_store_stringz(request, k->name);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = kcm_call(context, k, request, &response, &response_data);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = krb5_ret_int32(response, &tmp);
-    if (ret || tmp < 0)
-	ret = KRB5_CC_IO;
-
-    krb5_storage_free(request);
-    krb5_storage_free(response);
-    krb5_data_free(&response_data);
-
-    if (ret)
-	return ret;
-
-    *cursor = malloc(sizeof(tmp));
-    if (*cursor == NULL)
-	return KRB5_CC_NOMEM;
-
-    KCMCURSOR(*cursor) = tmp;
-
-    return 0;
-}
-
-/*
- * Request:
- *      NameZ
- *      Cursor
- *
- * Response:
- *      Creds
- */
-static krb5_error_code
-kcm_get_next (krb5_context context,
-		krb5_ccache id,
-		krb5_cc_cursor *cursor,
-		krb5_creds *creds)
-{
-    krb5_error_code ret;
-    krb5_kcmcache *k = KCMCACHE(id);
-    krb5_storage *request, *response;
-    krb5_data response_data;
-
-    ret = kcm_storage_request(context, KCM_OP_GET_NEXT, &request);
-    if (ret)
-	return ret;
-
-    ret = krb5_store_stringz(request, k->name);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = krb5_store_int32(request, KCMCURSOR(*cursor));
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = kcm_call(context, k, request, &response, &response_data);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = krb5_ret_creds(response, creds);
-    if (ret)
-	ret = KRB5_CC_IO;
-
-    krb5_storage_free(request);
-    krb5_storage_free(response);
-    krb5_data_free(&response_data);
-
-    return ret;
-}
-
-/*
- * Request:
- *      NameZ
- *      Cursor
- *
- * Response:
- *
- */
-static krb5_error_code
-kcm_end_get (krb5_context context,
-	     krb5_ccache id,
-	     krb5_cc_cursor *cursor)
-{
-    krb5_error_code ret;
-    krb5_kcmcache *k = KCMCACHE(id);
-    krb5_storage *request;
-
-    ret = kcm_storage_request(context, KCM_OP_END_GET, &request);
-    if (ret)
-	return ret;
-
-    ret = krb5_store_stringz(request, k->name);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = krb5_store_int32(request, KCMCURSOR(*cursor));
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = kcm_call(context, k, request, NULL, NULL);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-  
-    krb5_storage_free(request);
-
-    KCMCURSOR(*cursor) = 0;
-    free(*cursor);
-    *cursor = NULL;
-
-    return ret;
-}
-
-/*
- * Request:
- *      NameZ
- *      WhichFields
- *      MatchCreds
- *
- * Response:
- *
- */
-static krb5_error_code
-kcm_remove_cred(krb5_context context,
-		krb5_ccache id,
-		krb5_flags which,
-		krb5_creds *cred)
-{
-    krb5_error_code ret;
-    krb5_kcmcache *k = KCMCACHE(id);
-    krb5_storage *request;
-
-    ret = kcm_storage_request(context, KCM_OP_REMOVE_CRED, &request);
-    if (ret)
-	return ret;
-
-    ret = krb5_store_stringz(request, k->name);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = krb5_store_int32(request, which);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = krb5_store_creds_tag(request, cred);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = kcm_call(context, k, request, NULL, NULL);
-
-    krb5_storage_free(request);
-    return ret;
-}
-
-static krb5_error_code
-kcm_set_flags(krb5_context context,
-	      krb5_ccache id,
-	      krb5_flags flags)
-{
-    krb5_error_code ret;
-    krb5_kcmcache *k = KCMCACHE(id);
-    krb5_storage *request;
-
-    ret = kcm_storage_request(context, KCM_OP_SET_FLAGS, &request);
-    if (ret)
-	return ret;
-
-    ret = krb5_store_stringz(request, k->name);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = krb5_store_int32(request, flags);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = kcm_call(context, k, request, NULL, NULL);
-
-    krb5_storage_free(request);
-    return ret;
-}
-
-static krb5_error_code
-kcm_get_version(krb5_context context,
-		krb5_ccache id)
-{
-    return 0;
-}
-
-static krb5_error_code
-kcm_move(krb5_context context, krb5_ccache from, krb5_ccache to)
-{
-    krb5_set_error_string(context, "kcm_move not implemented");
-    return EINVAL;
-}
-
-static krb5_error_code
-kcm_default_name(krb5_context context, char **str)
-{
-    return _krb5_expand_default_cc_name(context, 
-					KRB5_DEFAULT_CCNAME_KCM,
-					str);
-}
-
-/**
- * Variable containing the KCM based credential cache implemention.
- *
- * @ingroup krb5_ccache
- */
-
-const krb5_cc_ops krb5_kcm_ops = {
-    "KCM",
-    kcm_get_name,
-    kcm_resolve,
-    kcm_gen_new,
-    kcm_initialize,
-    kcm_destroy,
-    kcm_close,
-    kcm_store_cred,
-    kcm_retrieve,
-    kcm_get_principal,
-    kcm_get_first,
-    kcm_get_next,
-    kcm_end_get,
-    kcm_remove_cred,
-    kcm_set_flags,
-    kcm_get_version,
-    NULL,
-    NULL,
-    NULL,
-    kcm_move,
-    kcm_default_name
-};
-
-krb5_boolean
-_krb5_kcm_is_running(krb5_context context)
-{
-    krb5_error_code ret;
-    krb5_ccache_data ccdata;
-    krb5_ccache id = &ccdata;
-    krb5_boolean running;
-
-    ret = kcm_alloc(context, NULL, &id);
-    if (ret)
-	return 0;
-
-    running = (_krb5_kcm_noop(context, id) == 0);
-
-    kcm_free(context, &id);
-
-    return running;
-}
-
-/*
- * Request:
- *
- * Response:
- *
- */
-krb5_error_code
-_krb5_kcm_noop(krb5_context context,
-	       krb5_ccache id)
-{
-    krb5_error_code ret;
-    krb5_kcmcache *k = KCMCACHE(id);
-    krb5_storage *request;
-
-    ret = kcm_storage_request(context, KCM_OP_NOOP, &request);
-    if (ret)
-	return ret;
-
-    ret = kcm_call(context, k, request, NULL, NULL);
-
-    krb5_storage_free(request);
-    return ret;
-}
-
-
-/*
- * Request:
- *      NameZ
- *      Mode
- *
- * Response:
- *
- */
-krb5_error_code
-_krb5_kcm_chmod(krb5_context context,
-		krb5_ccache id,
-		uint16_t mode)
-{
-    krb5_error_code ret;
-    krb5_kcmcache *k = KCMCACHE(id);
-    krb5_storage *request;
-
-    ret = kcm_storage_request(context, KCM_OP_CHMOD, &request);
-    if (ret)
-	return ret;
-
-    ret = krb5_store_stringz(request, k->name);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = krb5_store_int16(request, mode);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = kcm_call(context, k, request, NULL, NULL);
-
-    krb5_storage_free(request);
-    return ret;
-}
-
-
-/*
- * Request:
- *      NameZ
- *      UID
- *      GID
- *
- * Response:
- *
- */
-krb5_error_code
-_krb5_kcm_chown(krb5_context context,
-		krb5_ccache id,
-		uint32_t uid,
-		uint32_t gid)
-{
-    krb5_error_code ret;
-    krb5_kcmcache *k = KCMCACHE(id);
-    krb5_storage *request;
-
-    ret = kcm_storage_request(context, KCM_OP_CHOWN, &request);
-    if (ret)
-	return ret;
-
-    ret = krb5_store_stringz(request, k->name);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = krb5_store_int32(request, uid);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = krb5_store_int32(request, gid);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = kcm_call(context, k, request, NULL, NULL);
-
-    krb5_storage_free(request);
-    return ret;
-}
-
-
-/*
- * Request:
- *      NameZ
- *      ServerPrincipalPresent
- *      ServerPrincipal OPTIONAL
- *      Key
- *
- * Repsonse:
- *
- */
-krb5_error_code
-_krb5_kcm_get_initial_ticket(krb5_context context,
-			     krb5_ccache id,
-			     krb5_principal server,
-			     krb5_keyblock *key)
-{
-    krb5_error_code ret;
-    krb5_kcmcache *k = KCMCACHE(id);
-    krb5_storage *request;
-
-    ret = kcm_storage_request(context, KCM_OP_GET_INITIAL_TICKET, &request);
-    if (ret)
-	return ret;
-
-    ret = krb5_store_stringz(request, k->name);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = krb5_store_int8(request, (server == NULL) ? 0 : 1);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    if (server != NULL) {
-	ret = krb5_store_principal(request, server);
-	if (ret) {
-	    krb5_storage_free(request);
-	    return ret;
-	}
-    }
-
-    ret = krb5_store_keyblock(request, *key);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = kcm_call(context, k, request, NULL, NULL);
-
-    krb5_storage_free(request);
-    return ret;
-}
-
-
-/*
- * Request:
- *      NameZ
- *      KDCFlags
- *      EncryptionType
- *      ServerPrincipal
- *
- * Repsonse:
- *
- */
-krb5_error_code
-_krb5_kcm_get_ticket(krb5_context context,
-		     krb5_ccache id,
-		     krb5_kdc_flags flags,
-		     krb5_enctype enctype,
-		     krb5_principal server)
-{
-    krb5_error_code ret;
-    krb5_kcmcache *k = KCMCACHE(id);
-    krb5_storage *request;
-
-    ret = kcm_storage_request(context, KCM_OP_GET_TICKET, &request);
-    if (ret)
-	return ret;
-
-    ret = krb5_store_stringz(request, k->name);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = krb5_store_int32(request, flags.i);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = krb5_store_int32(request, enctype);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = krb5_store_principal(request, server);
-    if (ret) {
-	krb5_storage_free(request);
-	return ret;
-    }
-
-    ret = kcm_call(context, k, request, NULL, NULL);
-
-    krb5_storage_free(request);
-    return ret;
-}
-
-
-#endif /* HAVE_KCM */
diff --git a/crypto/heimdal/lib/krb5/kcm.h b/crypto/heimdal/lib/krb5/kcm.h
deleted file mode 100644
index 10dfa440f1d7..000000000000
--- a/crypto/heimdal/lib/krb5/kcm.h
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright (c) 2005, PADL Software Pty Ltd.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of PADL Software nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef __KCM_H__
-#define __KCM_H__
-
-/*
- * KCM protocol definitions
- */
-
-#define KCM_PROTOCOL_VERSION_MAJOR	1
-#define KCM_PROTOCOL_VERSION_MINOR	0
-
-typedef enum kcm_operation {
-    KCM_OP_NOOP,
-    KCM_OP_GET_NAME,
-    KCM_OP_RESOLVE,
-    KCM_OP_GEN_NEW,
-    KCM_OP_INITIALIZE,
-    KCM_OP_DESTROY,
-    KCM_OP_STORE,
-    KCM_OP_RETRIEVE,
-    KCM_OP_GET_PRINCIPAL,
-    KCM_OP_GET_FIRST,
-    KCM_OP_GET_NEXT,
-    KCM_OP_END_GET,
-    KCM_OP_REMOVE_CRED,
-    KCM_OP_SET_FLAGS,
-    KCM_OP_CHOWN,
-    KCM_OP_CHMOD,
-    KCM_OP_GET_INITIAL_TICKET,
-    KCM_OP_GET_TICKET,
-    KCM_OP_MAX
-} kcm_operation;
-
-#define _PATH_KCM_SOCKET      "/var/run/.kcm_socket"
-#define _PATH_KCM_DOOR      "/var/run/.kcm_door"
-
-#endif /* __KCM_H__ */
-
diff --git a/crypto/heimdal/lib/krb5/kerberos.8 b/crypto/heimdal/lib/krb5/kerberos.8
deleted file mode 100644
index e45c947d10c8..000000000000
--- a/crypto/heimdal/lib/krb5/kerberos.8
+++ /dev/null
@@ -1,107 +0,0 @@
-.\" Copyright (c) 2000 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: kerberos.8 16121 2005-10-03 14:24:36Z lha $
-.\"
-.Dd September 1, 2000
-.Dt KERBEROS 8
-.Os HEIMDAL
-.Sh NAME
-.Nm kerberos
-.Nd introduction to the Kerberos system
-.Sh DESCRIPTION
-Kerberos is a network authentication system. Its purpose is to
-securely authenticate users and services in an insecure network
-environment.
-.Pp
-This is done with a Kerberos server acting as a trusted third party,
-keeping a database with secret keys for all users and services
-(collectively called
-.Em principals ) .
-.Pp
-Each principal belongs to exactly one
-.Em realm ,
-which is the administrative domain in Kerberos. A realm usually
-corresponds to an organisation, and the realm should normally be
-derived from that organisation's domain name. A realm is served by one
-or more Kerberos servers.
-.Pp
-The authentication process involves exchange of
-.Sq tickets
-and
-.Sq authenticators
-which together prove the principal's identity.
-.Pp
-When you login to the Kerberos system, either through the normal
-system login or with the
-.Xr kinit 1
-program, you acquire a
-.Em ticket granting ticket
-which allows you to get new tickets for other services, such as
-.Ic telnet
-or
-.Ic ftp ,
-without giving your password.
-.Pp
-For more information on how Kerberos works, and other general Kerberos
-questions see the Kerberos FAQ at
-.Pa http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html .
-.Pp
-For setup instructions see the Heimdal Texinfo manual.
-.Sh SEE ALSO
-.Xr ftp 1 ,
-.Xr kdestroy 1 ,
-.Xr kinit 1 ,
-.Xr klist 1 ,
-.Xr kpasswd 1 ,
-.Xr telnet 1
-.Sh HISTORY
-The Kerberos authentication system was developed in the late 1980's as
-part of the Athena Project at the Massachusetts Institute of
-Technology. Versions one through three never reached outside MIT, but
-version 4 was (and still is) quite popular, especially in the academic
-community, but is also used in commercial products like the AFS
-filesystem.
-.Pp
-The problems with version 4 are that it has many limitations, the code
-was not too well written (since it had been developed over a long
-time), and it has a number of known security problems. To resolve many
-of these issues work on version five started, and resulted in IETF RFC
-1510 in 1993. IETF RFC 1510 was obsoleted in 2005 with IETF RFC 4120,
-also known as Kerberos clarifications. With the arrival of IETF RFC
-4120, the work on adding extensibility and internationalization have
-started (Kerberos extensions), and a new RFC will hopefully appear
-soon.
-.Pp
-This manual page is part of the
-.Nm Heimdal
-Kerberos 5 distribution, which has been in development at the Royal
-Institute of Technology in Stockholm, Sweden, since about 1997.
diff --git a/crypto/heimdal/lib/krb5/keyblock.c b/crypto/heimdal/lib/krb5/keyblock.c
deleted file mode 100644
index ff4f972e57d7..000000000000
--- a/crypto/heimdal/lib/krb5/keyblock.c
+++ /dev/null
@@ -1,133 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: keyblock.c 15167 2005-05-18 04:21:57Z lha $");
-
-void KRB5_LIB_FUNCTION
-krb5_keyblock_zero(krb5_keyblock *keyblock)
-{
-    keyblock->keytype = 0;
-    krb5_data_zero(&keyblock->keyvalue);
-}
-
-void KRB5_LIB_FUNCTION
-krb5_free_keyblock_contents(krb5_context context,
-			    krb5_keyblock *keyblock)
-{
-    if(keyblock) {
-	if (keyblock->keyvalue.data != NULL)
-	    memset(keyblock->keyvalue.data, 0, keyblock->keyvalue.length);
-	krb5_data_free (&keyblock->keyvalue);
-	keyblock->keytype = ENCTYPE_NULL;
-    }
-}
-
-void KRB5_LIB_FUNCTION
-krb5_free_keyblock(krb5_context context,
-		   krb5_keyblock *keyblock)
-{
-    if(keyblock){
-	krb5_free_keyblock_contents(context, keyblock);
-	free(keyblock);
-    }
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_keyblock_contents (krb5_context context,
-			     const krb5_keyblock *inblock,
-			     krb5_keyblock *to)
-{
-    return copy_EncryptionKey(inblock, to);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_keyblock (krb5_context context,
-		    const krb5_keyblock *inblock,
-		    krb5_keyblock **to)
-{
-    krb5_keyblock *k;
-
-    k = malloc (sizeof(*k));
-    if (k == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    *to = k;
-    return krb5_copy_keyblock_contents (context, inblock, k);
-}
-
-krb5_enctype
-krb5_keyblock_get_enctype(const krb5_keyblock *block)
-{
-    return block->keytype;
-}
-
-/*
- * Fill in `key' with key data of type `enctype' from `data' of length
- * `size'. Key should be freed using krb5_free_keyblock_contents.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_keyblock_init(krb5_context context,
-		   krb5_enctype type,
-		   const void *data,
-		   size_t size,
-		   krb5_keyblock *key)
-{
-    krb5_error_code ret;
-    size_t len;
-
-    memset(key, 0, sizeof(*key));
-
-    ret = krb5_enctype_keysize(context, type, &len);
-    if (ret)
-	return ret;
-
-    if (len != size) {
-	krb5_set_error_string(context, "Encryption key %d is %lu bytes "
-			      "long, %lu was passed in",
-			      type, (unsigned long)len, (unsigned long)size);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    ret = krb5_data_copy(&key->keyvalue, data, len);
-    if(ret) {
-	krb5_set_error_string(context, "malloc failed: %lu",
-			      (unsigned long)len);
-	return ret;
-    }
-    key->keytype = type;
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/keytab.c b/crypto/heimdal/lib/krb5/keytab.c
deleted file mode 100644
index f6c7858c12ec..000000000000
--- a/crypto/heimdal/lib/krb5/keytab.c
+++ /dev/null
@@ -1,528 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: keytab.c 20211 2007-02-09 07:11:03Z lha $");
-
-/*
- * Register a new keytab in `ops'
- * Return 0 or an error.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_register(krb5_context context,
-		 const krb5_kt_ops *ops)
-{
-    struct krb5_keytab_data *tmp;
-
-    if (strlen(ops->prefix) > KRB5_KT_PREFIX_MAX_LEN - 1) {
-	krb5_set_error_string(context, "krb5_kt_register; prefix too long");
-	return KRB5_KT_BADNAME;
-    }
-
-    tmp = realloc(context->kt_types,
-		  (context->num_kt_types + 1) * sizeof(*context->kt_types));
-    if(tmp == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    memcpy(&tmp[context->num_kt_types], ops,
-	   sizeof(tmp[context->num_kt_types]));
-    context->kt_types = tmp;
-    context->num_kt_types++;
-    return 0;
-}
-
-/*
- * Resolve the keytab name (of the form `type:residual') in `name'
- * into a keytab in `id'.
- * Return 0 or an error
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_resolve(krb5_context context,
-		const char *name,
-		krb5_keytab *id)
-{
-    krb5_keytab k;
-    int i;
-    const char *type, *residual;
-    size_t type_len;
-    krb5_error_code ret;
-
-    residual = strchr(name, ':');
-    if(residual == NULL) {
-	type = "FILE";
-	type_len = strlen(type);
-	residual = name;
-    } else {
-	type = name;
-	type_len = residual - name;
-	residual++;
-    }
-    
-    for(i = 0; i < context->num_kt_types; i++) {
-	if(strncasecmp(type, context->kt_types[i].prefix, type_len) == 0)
-	    break;
-    }
-    if(i == context->num_kt_types) {
-	krb5_set_error_string(context, "unknown keytab type %.*s", 
-			      (int)type_len, type);
-	return KRB5_KT_UNKNOWN_TYPE;
-    }
-    
-    k = malloc (sizeof(*k));
-    if (k == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    memcpy(k, &context->kt_types[i], sizeof(*k));
-    k->data = NULL;
-    ret = (*k->resolve)(context, residual, k);
-    if(ret) {
-	free(k);
-	k = NULL;
-    }
-    *id = k;
-    return ret;
-}
-
-/*
- * copy the name of the default keytab into `name'.
- * Return 0 or KRB5_CONFIG_NOTENUFSPACE if `namesize' is too short.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_default_name(krb5_context context, char *name, size_t namesize)
-{
-    if (strlcpy (name, context->default_keytab, namesize) >= namesize) {
-	krb5_clear_error_string (context);
-	return KRB5_CONFIG_NOTENUFSPACE;
-    }
-    return 0;
-}
-
-/*
- * copy the name of the default modify keytab into `name'.
- * Return 0 or KRB5_CONFIG_NOTENUFSPACE if `namesize' is too short.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_default_modify_name(krb5_context context, char *name, size_t namesize)
-{
-    const char *kt = NULL;
-    if(context->default_keytab_modify == NULL) {
-	if(strncasecmp(context->default_keytab, "ANY:", 4) != 0)
-	    kt = context->default_keytab;
-	else {
-	    size_t len = strcspn(context->default_keytab + 4, ",");
-	    if(len >= namesize) {
-		krb5_clear_error_string(context);
-		return KRB5_CONFIG_NOTENUFSPACE;
-	    }
-	    strlcpy(name, context->default_keytab + 4, namesize);
-	    name[len] = '\0';
-	    return 0;
-	}    
-    } else
-	kt = context->default_keytab_modify;
-    if (strlcpy (name, kt, namesize) >= namesize) {
-	krb5_clear_error_string (context);
-	return KRB5_CONFIG_NOTENUFSPACE;
-    }
-    return 0;
-}
-
-/*
- * Set `id' to the default keytab.
- * Return 0 or an error.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_default(krb5_context context, krb5_keytab *id)
-{
-    return krb5_kt_resolve (context, context->default_keytab, id);
-}
-
-/*
- * Read the key identified by `(principal, vno, enctype)' from the
- * keytab in `keyprocarg' (the default if == NULL) into `*key'.
- * Return 0 or an error.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_read_service_key(krb5_context context,
-			 krb5_pointer keyprocarg,
-			 krb5_principal principal,
-			 krb5_kvno vno,
-			 krb5_enctype enctype,
-			 krb5_keyblock **key)
-{
-    krb5_keytab keytab;
-    krb5_keytab_entry entry;
-    krb5_error_code ret;
-
-    if (keyprocarg)
-	ret = krb5_kt_resolve (context, keyprocarg, &keytab);
-    else
-	ret = krb5_kt_default (context, &keytab);
-
-    if (ret)
-	return ret;
-
-    ret = krb5_kt_get_entry (context, keytab, principal, vno, enctype, &entry);
-    krb5_kt_close (context, keytab);
-    if (ret)
-	return ret;
-    ret = krb5_copy_keyblock (context, &entry.keyblock, key);
-    krb5_kt_free_entry(context, &entry);
-    return ret;
-}
-
-/*
- * Return the type of the `keytab' in the string `prefix of length
- * `prefixsize'.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_get_type(krb5_context context,
-		 krb5_keytab keytab,
-		 char *prefix,
-		 size_t prefixsize)
-{
-    strlcpy(prefix, keytab->prefix, prefixsize);
-    return 0;
-}
-
-/*
- * Retrieve the name of the keytab `keytab' into `name', `namesize'
- * Return 0 or an error.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_get_name(krb5_context context, 
-		 krb5_keytab keytab,
-		 char *name,
-		 size_t namesize)
-{
-    return (*keytab->get_name)(context, keytab, name, namesize);
-}
-
-/*
- * Retrieve the full name of the keytab `keytab' and store the name in
- * `str'. `str' needs to be freed by the caller using free(3).
- * Returns 0 or an error. On error, *str is set to NULL.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_get_full_name(krb5_context context, 
-		      krb5_keytab keytab,
-		      char **str)
-{
-    char type[KRB5_KT_PREFIX_MAX_LEN];
-    char name[MAXPATHLEN];
-    krb5_error_code ret;
-	      
-    *str = NULL;
-
-    ret = krb5_kt_get_type(context, keytab, type, sizeof(type));
-    if (ret)
-	return ret;
-
-    ret = krb5_kt_get_name(context, keytab, name, sizeof(name));
-    if (ret)
-	return ret;
-
-    if (asprintf(str, "%s:%s", type, name) == -1) {
-	krb5_set_error_string(context, "malloc - out of memory");
-	*str = NULL;
-	return ENOMEM;
-    }
-
-    return 0;
-}
-
-/*
- * Finish using the keytab in `id'.  All resources will be released,
- * even on errors.  Return 0 or an error.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_close(krb5_context context, 
-	      krb5_keytab id)
-{
-    krb5_error_code ret;
-
-    ret = (*id->close)(context, id);
-    memset(id, 0, sizeof(*id));
-    free(id);
-    return ret;
-}
-
-/*
- * Compare `entry' against `principal, vno, enctype'.
- * Any of `principal, vno, enctype' might be 0 which acts as a wildcard.
- * Return TRUE if they compare the same, FALSE otherwise.
- */
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_kt_compare(krb5_context context,
-		krb5_keytab_entry *entry, 
-		krb5_const_principal principal,
-		krb5_kvno vno,
-		krb5_enctype enctype)
-{
-    if(principal != NULL && 
-       !krb5_principal_compare(context, entry->principal, principal))
-	return FALSE;
-    if(vno && vno != entry->vno)
-	return FALSE;
-    if(enctype && enctype != entry->keyblock.keytype)
-	return FALSE;
-    return TRUE;
-}
-
-/*
- * Retrieve the keytab entry for `principal, kvno, enctype' into `entry'
- * from the keytab `id'.
- * kvno == 0 is a wildcard and gives the keytab with the highest vno.
- * Return 0 or an error.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_get_entry(krb5_context context,
-		  krb5_keytab id,
-		  krb5_const_principal principal,
-		  krb5_kvno kvno,
-		  krb5_enctype enctype,
-		  krb5_keytab_entry *entry)
-{
-    krb5_keytab_entry tmp;
-    krb5_error_code ret;
-    krb5_kt_cursor cursor;
-
-    if(id->get)
-	return (*id->get)(context, id, principal, kvno, enctype, entry);
-
-    ret = krb5_kt_start_seq_get (context, id, &cursor);
-    if (ret) {
-	krb5_clear_error_string(context);
-	return KRB5_KT_NOTFOUND; /* XXX i.e. file not found */
-    }
-
-    entry->vno = 0;
-    while (krb5_kt_next_entry(context, id, &tmp, &cursor) == 0) {
-	if (krb5_kt_compare(context, &tmp, principal, 0, enctype)) {
-	    /* the file keytab might only store the lower 8 bits of
-	       the kvno, so only compare those bits */
-	    if (kvno == tmp.vno
-		|| (tmp.vno < 256 && kvno % 256 == tmp.vno)) {
-		krb5_kt_copy_entry_contents (context, &tmp, entry);
-		krb5_kt_free_entry (context, &tmp);
-		krb5_kt_end_seq_get(context, id, &cursor);
-		return 0;
-	    } else if (kvno == 0 && tmp.vno > entry->vno) {
-		if (entry->vno)
-		    krb5_kt_free_entry (context, entry);
-		krb5_kt_copy_entry_contents (context, &tmp, entry);
-	    }
-	}
-	krb5_kt_free_entry(context, &tmp);
-    }
-    krb5_kt_end_seq_get (context, id, &cursor);
-    if (entry->vno) {
-	return 0;
-    } else {
-	char princ[256], kvno_str[25], *kt_name;
-	char *enctype_str = NULL;
-
-	krb5_unparse_name_fixed (context, principal, princ, sizeof(princ));
-	krb5_kt_get_full_name (context, id, &kt_name);
-	krb5_enctype_to_string(context, enctype, &enctype_str);
-
-	if (kvno)
-	    snprintf(kvno_str, sizeof(kvno_str), "(kvno %d)", kvno);
-	else
-	    kvno_str[0] = '\0';
-
-	krb5_set_error_string (context,
- 			       "Failed to find %s%s in keytab %s (%s)",
-			       princ,
-			       kvno_str,
-			       kt_name ? kt_name : "unknown keytab",
-			       enctype_str ? enctype_str : "unknown enctype");
-	free(kt_name);
-	free(enctype_str);
-	return KRB5_KT_NOTFOUND;
-    }
-}
-
-/*
- * Copy the contents of `in' into `out'.
- * Return 0 or an error.  */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_copy_entry_contents(krb5_context context,
-			    const krb5_keytab_entry *in,
-			    krb5_keytab_entry *out)
-{
-    krb5_error_code ret;
-
-    memset(out, 0, sizeof(*out));
-    out->vno = in->vno;
-
-    ret = krb5_copy_principal (context, in->principal, &out->principal);
-    if (ret)
-	goto fail;
-    ret = krb5_copy_keyblock_contents (context,
-				       &in->keyblock,
-				       &out->keyblock);
-    if (ret)
-	goto fail;
-    out->timestamp = in->timestamp;
-    return 0;
-fail:
-    krb5_kt_free_entry (context, out);
-    return ret;
-}
-
-/*
- * Free the contents of `entry'.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_free_entry(krb5_context context,
-		   krb5_keytab_entry *entry)
-{
-    krb5_free_principal (context, entry->principal);
-    krb5_free_keyblock_contents (context, &entry->keyblock);
-    memset(entry, 0, sizeof(*entry));
-    return 0;
-}
-
-/*
- * Set `cursor' to point at the beginning of `id'.
- * Return 0 or an error.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_start_seq_get(krb5_context context,
-		      krb5_keytab id,
-		      krb5_kt_cursor *cursor)
-{
-    if(id->start_seq_get == NULL) {
-	krb5_set_error_string(context,
-			      "start_seq_get is not supported in the %s "
-			      " keytab", id->prefix);
-	return HEIM_ERR_OPNOTSUPP;
-    }
-    return (*id->start_seq_get)(context, id, cursor);
-}
-
-/*
- * Get the next entry from `id' pointed to by `cursor' and advance the
- * `cursor'.
- * Return 0 or an error.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_next_entry(krb5_context context,
-		   krb5_keytab id,
-		   krb5_keytab_entry *entry,
-		   krb5_kt_cursor *cursor)
-{
-    if(id->next_entry == NULL) {
-	krb5_set_error_string(context,
-			      "next_entry is not supported in the %s "
-			      " keytab", id->prefix);
-	return HEIM_ERR_OPNOTSUPP;
-    }
-    return (*id->next_entry)(context, id, entry, cursor);
-}
-
-/*
- * Release all resources associated with `cursor'.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_end_seq_get(krb5_context context,
-		    krb5_keytab id,
-		    krb5_kt_cursor *cursor)
-{
-    if(id->end_seq_get == NULL) {
-	krb5_set_error_string(context,
-			      "end_seq_get is not supported in the %s "
-			      " keytab", id->prefix);
-	return HEIM_ERR_OPNOTSUPP;
-    }
-    return (*id->end_seq_get)(context, id, cursor);
-}
-
-/*
- * Add the entry in `entry' to the keytab `id'.
- * Return 0 or an error.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_add_entry(krb5_context context,
-		  krb5_keytab id,
-		  krb5_keytab_entry *entry)
-{
-    if(id->add == NULL) {
-	krb5_set_error_string(context, "Add is not supported in the %s keytab",
-			      id->prefix);
-	return KRB5_KT_NOWRITE;
-    }
-    entry->timestamp = time(NULL);
-    return (*id->add)(context, id,entry);
-}
-
-/*
- * Remove the entry `entry' from the keytab `id'.
- * Return 0 or an error.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_remove_entry(krb5_context context,
-		     krb5_keytab id,
-		     krb5_keytab_entry *entry)
-{
-    if(id->remove == NULL) {
-	krb5_set_error_string(context,
-			      "Remove is not supported in the %s keytab",
-			      id->prefix);
-	return KRB5_KT_NOWRITE;
-    }
-    return (*id->remove)(context, id, entry);
-}
diff --git a/crypto/heimdal/lib/krb5/keytab_any.c b/crypto/heimdal/lib/krb5/keytab_any.c
deleted file mode 100644
index 54272d48453f..000000000000
--- a/crypto/heimdal/lib/krb5/keytab_any.c
+++ /dev/null
@@ -1,255 +0,0 @@
-/*
- * Copyright (c) 2001-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: keytab_any.c 17035 2006-04-10 09:20:13Z lha $");
-
-struct any_data {
-    krb5_keytab kt;
-    char *name;
-    struct any_data *next;
-};
-
-static void
-free_list (krb5_context context, struct any_data *a)
-{
-    struct any_data *next;
-
-    for (; a != NULL; a = next) {
-	next = a->next;
-	free (a->name);
-	if(a->kt)
-	    krb5_kt_close(context, a->kt);
-	free (a);
-    }
-}
-
-static krb5_error_code
-any_resolve(krb5_context context, const char *name, krb5_keytab id)
-{
-    struct any_data *a, *a0 = NULL, *prev = NULL;
-    krb5_error_code ret;
-    char buf[256];
-
-    while (strsep_copy(&name, ",", buf, sizeof(buf)) != -1) {
-	a = malloc(sizeof(*a));
-	if (a == NULL) {
-	    ret = ENOMEM;
-	    goto fail;
-	}
-	if (a0 == NULL) {
-	    a0 = a;
-	    a->name = strdup(buf);
-	    if (a->name == NULL) {
-		krb5_set_error_string(context, "malloc: out of memory");
-		ret = ENOMEM;
-		goto fail;
-	    }
-	} else
-	    a->name = NULL;
-	if (prev != NULL)
-	    prev->next = a;
-	a->next = NULL;
-	ret = krb5_kt_resolve (context, buf, &a->kt);
-	if (ret)
-	    goto fail;
-	prev = a;
-    }
-    if (a0 == NULL) {
-	krb5_set_error_string(context, "empty ANY: keytab");
-	return ENOENT;
-    }
-    id->data = a0;
-    return 0;
- fail:
-    free_list (context, a0);
-    return ret;
-}
-
-static krb5_error_code
-any_get_name (krb5_context context,
-	      krb5_keytab id,
-	      char *name,
-	      size_t namesize)
-{
-    struct any_data *a = id->data;
-    strlcpy(name, a->name, namesize);
-    return 0;
-}
-
-static krb5_error_code
-any_close (krb5_context context,
-	   krb5_keytab id)
-{
-    struct any_data *a = id->data;
-
-    free_list (context, a);
-    return 0;
-}
-
-struct any_cursor_extra_data {
-    struct any_data *a;
-    krb5_kt_cursor cursor;
-};
-
-static krb5_error_code
-any_start_seq_get(krb5_context context, 
-		  krb5_keytab id, 
-		  krb5_kt_cursor *c)
-{
-    struct any_data *a = id->data;
-    struct any_cursor_extra_data *ed;
-    krb5_error_code ret;
-
-    c->data = malloc (sizeof(struct any_cursor_extra_data));
-    if(c->data == NULL){
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    ed = (struct any_cursor_extra_data *)c->data;
-    ed->a = a;
-    ret = krb5_kt_start_seq_get(context, ed->a->kt, &ed->cursor);
-    if (ret) {
-	free (c->data);
-	c->data = NULL;
-	return ret;
-    }
-    return 0;
-}
-
-static krb5_error_code
-any_next_entry (krb5_context context,
-		krb5_keytab id,
-		krb5_keytab_entry *entry,
-		krb5_kt_cursor *cursor)
-{
-    krb5_error_code ret, ret2;
-    struct any_cursor_extra_data *ed;
-
-    ed = (struct any_cursor_extra_data *)cursor->data;
-    do {
-	ret = krb5_kt_next_entry(context, ed->a->kt, entry, &ed->cursor);
-	if (ret == 0)
-	    return 0;
-	else if (ret != KRB5_KT_END)
-	    return ret;
-
-	ret2 = krb5_kt_end_seq_get (context, ed->a->kt, &ed->cursor);
-	if (ret2)
-	    return ret2;
-	while ((ed->a = ed->a->next) != NULL) {
-	    ret2 = krb5_kt_start_seq_get(context, ed->a->kt, &ed->cursor);
-	    if (ret2 == 0)
-		break;
-	}
-	if (ed->a == NULL) {
-	    krb5_clear_error_string (context);
-	    return KRB5_KT_END;
-	}
-    } while (1);
-}
-
-static krb5_error_code
-any_end_seq_get(krb5_context context,
-		krb5_keytab id,
-		krb5_kt_cursor *cursor)
-{
-    krb5_error_code ret = 0;
-    struct any_cursor_extra_data *ed;
-
-    ed = (struct any_cursor_extra_data *)cursor->data;
-    if (ed->a != NULL)
-	ret = krb5_kt_end_seq_get(context, ed->a->kt, &ed->cursor);
-    free (ed);
-    cursor->data = NULL;
-    return ret;
-}
-
-static krb5_error_code
-any_add_entry(krb5_context context,
-	      krb5_keytab id,
-	      krb5_keytab_entry *entry)
-{
-    struct any_data *a = id->data;
-    krb5_error_code ret;
-    while(a != NULL) {
-	ret = krb5_kt_add_entry(context, a->kt, entry);
-	if(ret != 0 && ret != KRB5_KT_NOWRITE) {
-	    krb5_set_error_string(context, "failed to add entry to %s", 
-				  a->name);
-	    return ret;
-	}
-	a = a->next;
-    }
-    return 0;
-}
-
-static krb5_error_code
-any_remove_entry(krb5_context context,
-		 krb5_keytab id,
-		 krb5_keytab_entry *entry)
-{
-    struct any_data *a = id->data;
-    krb5_error_code ret;
-    int found = 0;
-    while(a != NULL) {
-	ret = krb5_kt_remove_entry(context, a->kt, entry);
-	if(ret == 0)
-	    found++;
-	else {
-	    if(ret != KRB5_KT_NOWRITE && ret != KRB5_KT_NOTFOUND) {
-		krb5_set_error_string(context, "failed to remove entry from %s", 
-				      a->name);
-		return ret;
-	    }
-	}
-	a = a->next;
-    }
-    if(!found)
-	return KRB5_KT_NOTFOUND;
-    return 0;
-}
-
-const krb5_kt_ops krb5_any_ops = {
-    "ANY",
-    any_resolve,
-    any_get_name,
-    any_close,
-    NULL, /* get */
-    any_start_seq_get,
-    any_next_entry,
-    any_end_seq_get,
-    any_add_entry,
-    any_remove_entry
-};
diff --git a/crypto/heimdal/lib/krb5/keytab_file.c b/crypto/heimdal/lib/krb5/keytab_file.c
deleted file mode 100644
index 4ada3a463ea8..000000000000
--- a/crypto/heimdal/lib/krb5/keytab_file.c
+++ /dev/null
@@ -1,696 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: keytab_file.c 17457 2006-05-05 12:36:57Z lha $");
-
-#define KRB5_KT_VNO_1 1
-#define KRB5_KT_VNO_2 2
-#define KRB5_KT_VNO   KRB5_KT_VNO_2
-
-#define KRB5_KT_FL_JAVA 1
-
-
-/* file operations -------------------------------------------- */
-
-struct fkt_data {
-    char *filename;
-    int flags;
-};
-
-static krb5_error_code
-krb5_kt_ret_data(krb5_context context,
-		 krb5_storage *sp,
-		 krb5_data *data)
-{
-    int ret;
-    int16_t size;
-    ret = krb5_ret_int16(sp, &size);
-    if(ret)
-	return ret;
-    data->length = size;
-    data->data = malloc(size);
-    if (data->data == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    ret = krb5_storage_read(sp, data->data, size);
-    if(ret != size)
-	return (ret < 0)? errno : KRB5_KT_END;
-    return 0;
-}
-
-static krb5_error_code
-krb5_kt_ret_string(krb5_context context,
-		   krb5_storage *sp,
-		   heim_general_string *data)
-{
-    int ret;
-    int16_t size;
-    ret = krb5_ret_int16(sp, &size);
-    if(ret)
-	return ret;
-    *data = malloc(size + 1);
-    if (*data == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    ret = krb5_storage_read(sp, *data, size);
-    (*data)[size] = '\0';
-    if(ret != size)
-	return (ret < 0)? errno : KRB5_KT_END;
-    return 0;
-}
-
-static krb5_error_code
-krb5_kt_store_data(krb5_context context,
-		   krb5_storage *sp,
-		   krb5_data data)
-{
-    int ret;
-    ret = krb5_store_int16(sp, data.length);
-    if(ret < 0)
-	return ret;
-    ret = krb5_storage_write(sp, data.data, data.length);
-    if(ret != data.length){
-	if(ret < 0)
-	    return errno;
-	return KRB5_KT_END;
-    }
-    return 0;
-}
-
-static krb5_error_code
-krb5_kt_store_string(krb5_storage *sp,
-		     heim_general_string data)
-{
-    int ret;
-    size_t len = strlen(data);
-    ret = krb5_store_int16(sp, len);
-    if(ret < 0)
-	return ret;
-    ret = krb5_storage_write(sp, data, len);
-    if(ret != len){
-	if(ret < 0)
-	    return errno;
-	return KRB5_KT_END;
-    }
-    return 0;
-}
-
-static krb5_error_code
-krb5_kt_ret_keyblock(krb5_context context, krb5_storage *sp, krb5_keyblock *p)
-{
-    int ret;
-    int16_t tmp;
-
-    ret = krb5_ret_int16(sp, &tmp); /* keytype + etype */
-    if(ret) return ret;
-    p->keytype = tmp;
-    ret = krb5_kt_ret_data(context, sp, &p->keyvalue);
-    return ret;
-}
-
-static krb5_error_code
-krb5_kt_store_keyblock(krb5_context context,
-		       krb5_storage *sp, 
-		       krb5_keyblock *p)
-{
-    int ret;
-
-    ret = krb5_store_int16(sp, p->keytype); /* keytype + etype */
-    if(ret) return ret;
-    ret = krb5_kt_store_data(context, sp, p->keyvalue);
-    return ret;
-}
-
-
-static krb5_error_code
-krb5_kt_ret_principal(krb5_context context,
-		      krb5_storage *sp,
-		      krb5_principal *princ)
-{
-    int i;
-    int ret;
-    krb5_principal p;
-    int16_t len;
-    
-    ALLOC(p, 1);
-    if(p == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    ret = krb5_ret_int16(sp, &len);
-    if(ret) {
-	krb5_set_error_string(context,
-			      "Failed decoding length of keytab principal");
-	goto out;
-    }
-    if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS))
-	len--;
-    if (len < 0) {
-	krb5_set_error_string(context, 
-			      "Keytab principal contains invalid length");
-	ret = KRB5_KT_END;
-	goto out;
-    }
-    ret = krb5_kt_ret_string(context, sp, &p->realm);
-    if(ret)
-	goto out;
-    p->name.name_string.val = calloc(len, sizeof(*p->name.name_string.val));
-    if(p->name.name_string.val == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	ret = ENOMEM;
-	goto out;
-    }
-    p->name.name_string.len = len;
-    for(i = 0; i < p->name.name_string.len; i++){
-	ret = krb5_kt_ret_string(context, sp, p->name.name_string.val + i);
-	if(ret)
-	    goto out;
-    }
-    if (krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE))
-	p->name.name_type = KRB5_NT_UNKNOWN;
-    else {
-	int32_t tmp32;
-	ret = krb5_ret_int32(sp, &tmp32);
-	p->name.name_type = tmp32;
-	if (ret)
-	    goto out;
-    }
-    *princ = p;
-    return 0;
-out:
-    krb5_free_principal(context, p);
-    return ret;
-}
-
-static krb5_error_code
-krb5_kt_store_principal(krb5_context context,
-			krb5_storage *sp,
-			krb5_principal p)
-{
-    int i;
-    int ret;
-    
-    if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS))
-	ret = krb5_store_int16(sp, p->name.name_string.len + 1);
-    else
-	ret = krb5_store_int16(sp, p->name.name_string.len);
-    if(ret) return ret;
-    ret = krb5_kt_store_string(sp, p->realm);
-    if(ret) return ret;
-    for(i = 0; i < p->name.name_string.len; i++){
-	ret = krb5_kt_store_string(sp, p->name.name_string.val[i]);
-	if(ret)
-	    return ret;
-    }
-    if(!krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE)) {
-	ret = krb5_store_int32(sp, p->name.name_type);
-	if(ret)
-	    return ret;
-    }
-
-    return 0;
-}
-
-static krb5_error_code
-fkt_resolve(krb5_context context, const char *name, krb5_keytab id)
-{
-    struct fkt_data *d;
-
-    d = malloc(sizeof(*d));
-    if(d == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    d->filename = strdup(name);
-    if(d->filename == NULL) {
-	free(d);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    d->flags = 0;
-    id->data = d;
-    return 0;
-}
-
-static krb5_error_code
-fkt_resolve_java14(krb5_context context, const char *name, krb5_keytab id)
-{
-    krb5_error_code ret;
-
-    ret = fkt_resolve(context, name, id);
-    if (ret == 0) {
-	struct fkt_data *d = id->data;
-	d->flags |= KRB5_KT_FL_JAVA;
-    }
-    return ret;
-}
-
-static krb5_error_code
-fkt_close(krb5_context context, krb5_keytab id)
-{
-    struct fkt_data *d = id->data;
-    free(d->filename);
-    free(d);
-    return 0;
-}
-
-static krb5_error_code 
-fkt_get_name(krb5_context context, 
-	     krb5_keytab id, 
-	     char *name, 
-	     size_t namesize)
-{
-    /* This function is XXX */
-    struct fkt_data *d = id->data;
-    strlcpy(name, d->filename, namesize);
-    return 0;
-}
-
-static void
-storage_set_flags(krb5_context context, krb5_storage *sp, int vno)
-{
-    int flags = 0;
-    switch(vno) {
-    case KRB5_KT_VNO_1:
-	flags |= KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS;
-	flags |= KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE;
-	flags |= KRB5_STORAGE_HOST_BYTEORDER;
-	break;
-    case KRB5_KT_VNO_2:
-	break;
-    default:
-	krb5_warnx(context, 
-		   "storage_set_flags called with bad vno (%d)", vno);
-    }
-    krb5_storage_set_flags(sp, flags);
-}
-
-static krb5_error_code
-fkt_start_seq_get_int(krb5_context context, 
-		      krb5_keytab id, 
-		      int flags,
-		      int exclusive,
-		      krb5_kt_cursor *c)
-{
-    int8_t pvno, tag;
-    krb5_error_code ret;
-    struct fkt_data *d = id->data;
-    
-    c->fd = open (d->filename, flags);
-    if (c->fd < 0) {
-	ret = errno;
-	krb5_set_error_string(context, "%s: %s", d->filename,
-			      strerror(ret));
-	return ret;
-    }
-    ret = _krb5_xlock(context, c->fd, exclusive, d->filename);
-    if (ret) {
-	close(c->fd);
-	return ret;
-    }
-    c->sp = krb5_storage_from_fd(c->fd);
-    if (c->sp == NULL) {
-	_krb5_xunlock(context, c->fd);
-	close(c->fd);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    krb5_storage_set_eof_code(c->sp, KRB5_KT_END);
-    ret = krb5_ret_int8(c->sp, &pvno);
-    if(ret) {
-	krb5_storage_free(c->sp);
-	_krb5_xunlock(context, c->fd);
-	close(c->fd);
-	krb5_clear_error_string(context);
-	return ret;
-    }
-    if(pvno != 5) {
-	krb5_storage_free(c->sp);
-	_krb5_xunlock(context, c->fd);
-	close(c->fd);
-	krb5_clear_error_string (context);
-	return KRB5_KEYTAB_BADVNO;
-    }
-    ret = krb5_ret_int8(c->sp, &tag);
-    if (ret) {
-	krb5_storage_free(c->sp);
-	_krb5_xunlock(context, c->fd);
-	close(c->fd);
-	krb5_clear_error_string(context);
-	return ret;
-    }
-    id->version = tag;
-    storage_set_flags(context, c->sp, id->version);
-    return 0;
-}
-
-static krb5_error_code
-fkt_start_seq_get(krb5_context context, 
-		  krb5_keytab id, 
-		  krb5_kt_cursor *c)
-{
-    return fkt_start_seq_get_int(context, id, O_RDONLY | O_BINARY, 0, c);
-}
-
-static krb5_error_code
-fkt_next_entry_int(krb5_context context, 
-		   krb5_keytab id, 
-		   krb5_keytab_entry *entry, 
-		   krb5_kt_cursor *cursor,
-		   off_t *start,
-		   off_t *end)
-{
-    int32_t len;
-    int ret;
-    int8_t tmp8;
-    int32_t tmp32;
-    off_t pos, curpos;
-
-    pos = krb5_storage_seek(cursor->sp, 0, SEEK_CUR);
-loop:
-    ret = krb5_ret_int32(cursor->sp, &len);
-    if (ret)
-	return ret;
-    if(len < 0) {
-	pos = krb5_storage_seek(cursor->sp, -len, SEEK_CUR);
-	goto loop;
-    }
-    ret = krb5_kt_ret_principal (context, cursor->sp, &entry->principal);
-    if (ret)
-	goto out;
-    ret = krb5_ret_int32(cursor->sp, &tmp32);
-    entry->timestamp = tmp32;
-    if (ret)
-	goto out;
-    ret = krb5_ret_int8(cursor->sp, &tmp8);
-    if (ret)
-	goto out;
-    entry->vno = tmp8;
-    ret = krb5_kt_ret_keyblock (context, cursor->sp, &entry->keyblock);
-    if (ret)
-	goto out;
-    /* there might be a 32 bit kvno here
-     * if it's zero, assume that the 8bit one was right,
-     * otherwise trust the new value */
-    curpos = krb5_storage_seek(cursor->sp, 0, SEEK_CUR);
-    if(len + 4 + pos - curpos >= 4) {
-	ret = krb5_ret_int32(cursor->sp, &tmp32);
-	if (ret == 0 && tmp32 != 0) {
-	    entry->vno = tmp32;
-	}
-    }
-    if(start) *start = pos;
-    if(end) *end = pos + 4 + len;
- out:
-    krb5_storage_seek(cursor->sp, pos + 4 + len, SEEK_SET);
-    return ret;
-}
-
-static krb5_error_code
-fkt_next_entry(krb5_context context, 
-	       krb5_keytab id, 
-	       krb5_keytab_entry *entry, 
-	       krb5_kt_cursor *cursor)
-{
-    return fkt_next_entry_int(context, id, entry, cursor, NULL, NULL);
-}
-
-static krb5_error_code
-fkt_end_seq_get(krb5_context context, 
-		krb5_keytab id,
-		krb5_kt_cursor *cursor)
-{
-    krb5_storage_free(cursor->sp);
-    _krb5_xunlock(context, cursor->fd);
-    close(cursor->fd);
-    return 0;
-}
-
-static krb5_error_code
-fkt_setup_keytab(krb5_context context,
-		 krb5_keytab id,
-		 krb5_storage *sp)
-{
-    krb5_error_code ret;
-    ret = krb5_store_int8(sp, 5);
-    if(ret)
-	return ret;
-    if(id->version == 0)
-	id->version = KRB5_KT_VNO;
-    return krb5_store_int8 (sp, id->version);
-}
-		 
-static krb5_error_code
-fkt_add_entry(krb5_context context,
-	      krb5_keytab id,
-	      krb5_keytab_entry *entry)
-{
-    int ret;
-    int fd;
-    krb5_storage *sp;
-    struct fkt_data *d = id->data;
-    krb5_data keytab;
-    int32_t len;
-    
-    fd = open (d->filename, O_RDWR | O_BINARY);
-    if (fd < 0) {
-	fd = open (d->filename, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600);
-	if (fd < 0) {
-	    ret = errno;
-	    krb5_set_error_string(context, "open(%s): %s", d->filename,
-				  strerror(ret));
-	    return ret;
-	}
-	ret = _krb5_xlock(context, fd, 1, d->filename);
-	if (ret) {
-	    close(fd);
-	    return ret;
-	}
-	sp = krb5_storage_from_fd(fd);
-	krb5_storage_set_eof_code(sp, KRB5_KT_END);
-	ret = fkt_setup_keytab(context, id, sp);
-	if(ret) {
-	    goto out;
-	}
-	storage_set_flags(context, sp, id->version);
-    } else {
-	int8_t pvno, tag;
-	ret = _krb5_xlock(context, fd, 1, d->filename);
-	if (ret) {
-	    close(fd);
-	    return ret;
-	}
-	sp = krb5_storage_from_fd(fd);
-	krb5_storage_set_eof_code(sp, KRB5_KT_END);
-	ret = krb5_ret_int8(sp, &pvno);
-	if(ret) {
-	    /* we probably have a zero byte file, so try to set it up
-               properly */
-	    ret = fkt_setup_keytab(context, id, sp);
-	    if(ret) {
-		krb5_set_error_string(context, "%s: keytab is corrupted: %s", 
-				      d->filename, strerror(ret));
-		goto out;
-	    }
-	    storage_set_flags(context, sp, id->version);
-	} else {
-	    if(pvno != 5) {
-		ret = KRB5_KEYTAB_BADVNO;
-		krb5_set_error_string(context, "%s: %s", 
-				      d->filename, strerror(ret));
-		goto out;
-	    }
-	    ret = krb5_ret_int8 (sp, &tag);
-	    if (ret) {
-		krb5_set_error_string(context, "%s: reading tag: %s", 
-				      d->filename, strerror(ret));
-		goto out;
-	    }
-	    id->version = tag;
-	    storage_set_flags(context, sp, id->version);
-	}
-    }
-
-    {
-	krb5_storage *emem;
-	emem = krb5_storage_emem();
-	if(emem == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string (context, "malloc: out of memory");
-	    goto out;
-	}
-	ret = krb5_kt_store_principal(context, emem, entry->principal);
-	if(ret) {
-	    krb5_storage_free(emem);
-	    goto out;
-	}
-	ret = krb5_store_int32 (emem, entry->timestamp);
-	if(ret) {
-	    krb5_storage_free(emem);
-	    goto out;
-	}
-	ret = krb5_store_int8 (emem, entry->vno % 256);
-	if(ret) {
-	    krb5_storage_free(emem);
-	    goto out;
-	}
-	ret = krb5_kt_store_keyblock (context, emem, &entry->keyblock);
-	if(ret) {
-	    krb5_storage_free(emem);
-	    goto out;
-	}
-	if ((d->flags & KRB5_KT_FL_JAVA) == 0) {
-	    ret = krb5_store_int32 (emem, entry->vno);
-	    if (ret) {
-		krb5_storage_free(emem);
-		goto out;
-	    }
-	}
-
-	ret = krb5_storage_to_data(emem, &keytab);
-	krb5_storage_free(emem);
-	if(ret)
-	    goto out;
-    }
-    
-    while(1) {
-	ret = krb5_ret_int32(sp, &len);
-	if(ret == KRB5_KT_END) {
-	    len = keytab.length;
-	    break;
-	}
-	if(len < 0) {
-	    len = -len;
-	    if(len >= keytab.length) {
-		krb5_storage_seek(sp, -4, SEEK_CUR);
-		break;
-	    }
-	}
-	krb5_storage_seek(sp, len, SEEK_CUR);
-    }
-    ret = krb5_store_int32(sp, len);
-    if(krb5_storage_write(sp, keytab.data, keytab.length) < 0)
-	ret = errno;
-    memset(keytab.data, 0, keytab.length);
-    krb5_data_free(&keytab);
-  out:
-    krb5_storage_free(sp);
-    _krb5_xunlock(context, fd);
-    close(fd);
-    return ret;
-}
-
-static krb5_error_code
-fkt_remove_entry(krb5_context context,
-		 krb5_keytab id,
-		 krb5_keytab_entry *entry)
-{
-    krb5_keytab_entry e;
-    krb5_kt_cursor cursor;
-    off_t pos_start, pos_end;
-    int found = 0;
-    krb5_error_code ret;
-    
-    ret = fkt_start_seq_get_int(context, id, O_RDWR | O_BINARY, 1, &cursor);
-    if(ret != 0) 
-	goto out; /* return other error here? */
-    while(fkt_next_entry_int(context, id, &e, &cursor, 
-			     &pos_start, &pos_end) == 0) {
-	if(krb5_kt_compare(context, &e, entry->principal, 
-			   entry->vno, entry->keyblock.keytype)) {
-	    int32_t len;
-	    unsigned char buf[128];
-	    found = 1;
-	    krb5_storage_seek(cursor.sp, pos_start, SEEK_SET);
-	    len = pos_end - pos_start - 4;
-	    krb5_store_int32(cursor.sp, -len);
-	    memset(buf, 0, sizeof(buf));
-	    while(len > 0) {
-		krb5_storage_write(cursor.sp, buf, min(len, sizeof(buf)));
-		len -= min(len, sizeof(buf));
-	    }
-	}
-	krb5_kt_free_entry(context, &e);
-    }
-    krb5_kt_end_seq_get(context, id, &cursor);
-  out:
-    if (!found) {
-	krb5_clear_error_string (context);
-	return KRB5_KT_NOTFOUND;
-    }
-    return 0;
-}
-
-const krb5_kt_ops krb5_fkt_ops = {
-    "FILE",
-    fkt_resolve,
-    fkt_get_name,
-    fkt_close,
-    NULL, /* get */
-    fkt_start_seq_get,
-    fkt_next_entry,
-    fkt_end_seq_get,
-    fkt_add_entry,
-    fkt_remove_entry
-};
-
-const krb5_kt_ops krb5_wrfkt_ops = {
-    "WRFILE",
-    fkt_resolve,
-    fkt_get_name,
-    fkt_close,
-    NULL, /* get */
-    fkt_start_seq_get,
-    fkt_next_entry,
-    fkt_end_seq_get,
-    fkt_add_entry,
-    fkt_remove_entry
-};
-
-const krb5_kt_ops krb5_javakt_ops = {
-    "JAVA14",
-    fkt_resolve_java14,
-    fkt_get_name,
-    fkt_close,
-    NULL, /* get */
-    fkt_start_seq_get,
-    fkt_next_entry,
-    fkt_end_seq_get,
-    fkt_add_entry,
-    fkt_remove_entry
-};
diff --git a/crypto/heimdal/lib/krb5/keytab_keyfile.c b/crypto/heimdal/lib/krb5/keytab_keyfile.c
deleted file mode 100644
index 77455ba5f7c2..000000000000
--- a/crypto/heimdal/lib/krb5/keytab_keyfile.c
+++ /dev/null
@@ -1,420 +0,0 @@
-/*
- * Copyright (c) 1997 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: keytab_keyfile.c 20695 2007-05-30 14:09:09Z lha $");
-
-/* afs keyfile operations --------------------------------------- */
-
-/*
- * Minimum tools to handle the AFS KeyFile.
- * 
- * Format of the KeyFile is:
- * <int32_t numkeys> {[<int32_t kvno> <char[8] deskey>] * numkeys}
- *
- * It just adds to the end of the keyfile, deleting isn't implemented.
- * Use your favorite text/hex editor to delete keys.
- *
- */
-
-#define AFS_SERVERTHISCELL "/usr/afs/etc/ThisCell"
-#define AFS_SERVERMAGICKRBCONF "/usr/afs/etc/krb.conf"
-
-struct akf_data {
-    int num_entries;
-    char *filename;
-    char *cell;
-    char *realm;
-};
-
-/*
- * set `d->cell' and `d->realm'
- */
-
-static int
-get_cell_and_realm (krb5_context context, struct akf_data *d)
-{
-    FILE *f;
-    char buf[BUFSIZ], *cp;
-    int ret;
-
-    f = fopen (AFS_SERVERTHISCELL, "r");
-    if (f == NULL) {
-	ret = errno;
-	krb5_set_error_string (context, "open %s: %s", AFS_SERVERTHISCELL,
-			       strerror(ret));
-	return ret;
-    }
-    if (fgets (buf, sizeof(buf), f) == NULL) {
-	fclose (f);
-	krb5_set_error_string (context, "no cell in %s", AFS_SERVERTHISCELL);
-	return EINVAL;
-    }
-    buf[strcspn(buf, "\n")] = '\0';
-    fclose(f);
-
-    d->cell = strdup (buf);
-    if (d->cell == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    f = fopen (AFS_SERVERMAGICKRBCONF, "r");
-    if (f != NULL) {
-	if (fgets (buf, sizeof(buf), f) == NULL) {
-	    free (d->cell);
-	    d->cell = NULL;
-	    fclose (f);
-	    krb5_set_error_string (context, "no realm in %s",
-				   AFS_SERVERMAGICKRBCONF);
-	    return EINVAL;
-	}
-	buf[strcspn(buf, "\n")] = '\0';
-	fclose(f);
-    }
-    /* uppercase */
-    for (cp = buf; *cp != '\0'; cp++)
-	*cp = toupper((unsigned char)*cp);
-    
-    d->realm = strdup (buf);
-    if (d->realm == NULL) {
-	free (d->cell);
-	d->cell = NULL;
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    return 0;
-}
-
-/*
- * init and get filename
- */
-
-static krb5_error_code
-akf_resolve(krb5_context context, const char *name, krb5_keytab id)
-{
-    int ret;
-    struct akf_data *d = malloc(sizeof (struct akf_data));
-
-    if (d == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    
-    d->num_entries = 0;
-    ret = get_cell_and_realm (context, d);
-    if (ret) {
-	free (d);
-	return ret;
-    }
-    d->filename = strdup (name);
-    if (d->filename == NULL) {
-	free (d->cell);
-	free (d->realm);
-	free (d);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    id->data = d;
-    
-    return 0;
-}
-
-/*
- * cleanup
- */
-
-static krb5_error_code
-akf_close(krb5_context context, krb5_keytab id)
-{
-    struct akf_data *d = id->data;
-
-    free (d->filename);
-    free (d->cell);
-    free (d);
-    return 0;
-}
-
-/*
- * Return filename
- */
-
-static krb5_error_code 
-akf_get_name(krb5_context context, 
-	     krb5_keytab id, 
-	     char *name, 
-	     size_t name_sz)
-{
-    struct akf_data *d = id->data;
-
-    strlcpy (name, d->filename, name_sz);
-    return 0;
-}
-
-/*
- * Init 
- */
-
-static krb5_error_code
-akf_start_seq_get(krb5_context context, 
-		  krb5_keytab id, 
-		  krb5_kt_cursor *c)
-{
-    int32_t ret;
-    struct akf_data *d = id->data;
-
-    c->fd = open (d->filename, O_RDONLY|O_BINARY, 0600);
-    if (c->fd < 0) {
-	ret = errno;
-	krb5_set_error_string(context, "open(%s): %s", d->filename,
-			      strerror(ret));
-	return ret;
-    }
-
-    c->sp = krb5_storage_from_fd(c->fd);
-    ret = krb5_ret_int32(c->sp, &d->num_entries);
-    if(ret) {
-	krb5_storage_free(c->sp);
-	close(c->fd);
-	krb5_clear_error_string (context);
-	if(ret == KRB5_KT_END)
-	    return KRB5_KT_NOTFOUND;
-	return ret;
-    }
-
-    return 0;
-}
-
-static krb5_error_code
-akf_next_entry(krb5_context context, 
-	       krb5_keytab id, 
-	       krb5_keytab_entry *entry, 
-	       krb5_kt_cursor *cursor)
-{
-    struct akf_data *d = id->data;
-    int32_t kvno;
-    off_t pos;
-    int ret;
-
-    pos = krb5_storage_seek(cursor->sp, 0, SEEK_CUR);
-
-    if ((pos - 4) / (4 + 8) >= d->num_entries)
-	return KRB5_KT_END;
-
-    ret = krb5_make_principal (context, &entry->principal,
-			       d->realm, "afs", d->cell, NULL);
-    if (ret)
-	goto out;
-
-    ret = krb5_ret_int32(cursor->sp, &kvno);
-    if (ret) {
-	krb5_free_principal (context, entry->principal);
-	goto out;
-    }
-
-    entry->vno = kvno;
-
-    entry->keyblock.keytype         = ETYPE_DES_CBC_MD5;
-    entry->keyblock.keyvalue.length = 8;
-    entry->keyblock.keyvalue.data   = malloc (8);
-    if (entry->keyblock.keyvalue.data == NULL) {
-	krb5_free_principal (context, entry->principal);
-	krb5_set_error_string (context, "malloc: out of memory");
-	ret = ENOMEM;
-	goto out;
-    }
-
-    ret = krb5_storage_read(cursor->sp, entry->keyblock.keyvalue.data, 8);
-    if(ret != 8)
-	ret = (ret < 0) ? errno : KRB5_KT_END;
-    else
-	ret = 0;
-
-    entry->timestamp = time(NULL);
-
- out:
-    krb5_storage_seek(cursor->sp, pos + 4 + 8, SEEK_SET);
-    return ret;
-}
-
-static krb5_error_code
-akf_end_seq_get(krb5_context context, 
-		krb5_keytab id,
-		krb5_kt_cursor *cursor)
-{
-    krb5_storage_free(cursor->sp);
-    close(cursor->fd);
-    return 0;
-}
-
-static krb5_error_code
-akf_add_entry(krb5_context context,
-	      krb5_keytab id,
-	      krb5_keytab_entry *entry)
-{
-    struct akf_data *d = id->data;
-    int fd, created = 0;
-    krb5_error_code ret;
-    int32_t len;
-    krb5_storage *sp;
-
-
-    if (entry->keyblock.keyvalue.length != 8)
-	return 0;
-    switch(entry->keyblock.keytype) {
-    case ETYPE_DES_CBC_CRC:
-    case ETYPE_DES_CBC_MD4:
-    case ETYPE_DES_CBC_MD5:
-	break;
-    default:
-	return 0;
-    }
-
-    fd = open (d->filename, O_RDWR | O_BINARY);
-    if (fd < 0) {
-	fd = open (d->filename,
-		   O_RDWR | O_BINARY | O_CREAT | O_EXCL, 0600);
-	if (fd < 0) {
-	    ret = errno;
-	    krb5_set_error_string(context, "open(%s): %s", d->filename,
-				  strerror(ret));
-	    return ret;
-	}
-	created = 1;
-    }
-
-    sp = krb5_storage_from_fd(fd);
-    if(sp == NULL) {
-	close(fd);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    if (created)
-	len = 0;
-    else {
-	if(krb5_storage_seek(sp, 0, SEEK_SET) < 0) {
-	    ret = errno;
-	    krb5_storage_free(sp);
-	    close(fd);
-	    krb5_set_error_string (context, "seek: %s", strerror(ret));
-	    return ret;
-	}
-	    
-	ret = krb5_ret_int32(sp, &len);
-	if(ret) {
-	    krb5_storage_free(sp);
-	    close(fd);
-	    return ret;
-	}
-    }
-
-    /*
-     * Make sure we don't add the entry twice, assumes the DES
-     * encryption types are all the same key.
-     */
-    if (len > 0) {
-	int32_t kvno;
-	int i;
-
-	for (i = 0; i < len; i++) {
-	    ret = krb5_ret_int32(sp, &kvno);
-	    if (ret) {
-		krb5_set_error_string (context, "Failed to get kvno ");
-		goto out;
-	    }
-	    if(krb5_storage_seek(sp, 8, SEEK_CUR) < 0) {
-		krb5_set_error_string (context, "seek: %s", strerror(ret));
-		goto out;
-	    }
-	    if (kvno == entry->vno) {
-		ret = 0;
-		goto out;
-	    }
-	}
-    }
-
-    len++;
-	
-    if(krb5_storage_seek(sp, 0, SEEK_SET) < 0) {
-	ret = errno;
-	krb5_set_error_string (context, "seek: %s", strerror(ret));
-	goto out;
-    }
-	
-    ret = krb5_store_int32(sp, len);
-    if(ret) {
-	krb5_set_error_string(context, "keytab keyfile failed new length");
-	return ret;
-    }
-
-    if(krb5_storage_seek(sp, (len - 1) * (8 + 4), SEEK_CUR) < 0) {
-	ret = errno;
-	krb5_set_error_string (context, "seek to end: %s", strerror(ret));
-	goto out;
-    }
-	
-    ret = krb5_store_int32(sp, entry->vno);
-    if(ret) {
-	krb5_set_error_string(context, "keytab keyfile failed store kvno");
-	goto out;
-    }
-    ret = krb5_storage_write(sp, entry->keyblock.keyvalue.data, 
-			     entry->keyblock.keyvalue.length);
-    if(ret != entry->keyblock.keyvalue.length) {
-	if (ret < 0)
-	    ret = errno;
-	else
-	    ret = ENOTTY;
-	krb5_set_error_string(context, "keytab keyfile failed to add key");
-	goto out;
-    }
-    ret = 0;
-out:
-    krb5_storage_free(sp);
-    close (fd);
-    return ret;
-}
-
-const krb5_kt_ops krb5_akf_ops = {
-    "AFSKEYFILE",
-    akf_resolve,
-    akf_get_name,
-    akf_close,
-    NULL, /* get */
-    akf_start_seq_get,
-    akf_next_entry,
-    akf_end_seq_get,
-    akf_add_entry,
-    NULL /* remove */
-};
diff --git a/crypto/heimdal/lib/krb5/keytab_krb4.c b/crypto/heimdal/lib/krb5/keytab_krb4.c
deleted file mode 100644
index 907836c144f7..000000000000
--- a/crypto/heimdal/lib/krb5/keytab_krb4.c
+++ /dev/null
@@ -1,448 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: keytab_krb4.c 17046 2006-04-10 17:10:53Z lha $");
-
-struct krb4_kt_data {
-    char *filename;
-};
-
-static krb5_error_code
-krb4_kt_resolve(krb5_context context, const char *name, krb5_keytab id)
-{
-    struct krb4_kt_data *d;
-
-    d = malloc (sizeof(*d));
-    if (d == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    d->filename = strdup (name);
-    if (d->filename == NULL) {
-	free(d);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    id->data = d;
-    return 0;
-}
-
-static krb5_error_code
-krb4_kt_get_name (krb5_context context,
-		  krb5_keytab id,
-		  char *name,
-		  size_t name_sz)
-{
-    struct krb4_kt_data *d = id->data;
-
-    strlcpy (name, d->filename, name_sz);
-    return 0;
-}
-
-static krb5_error_code
-krb4_kt_close (krb5_context context,
-	       krb5_keytab id)
-{
-    struct krb4_kt_data *d = id->data;
-
-    free (d->filename);
-    free (d);
-    return 0;
-}
-
-struct krb4_cursor_extra_data {
-    krb5_keytab_entry entry;
-    int num;
-};
-
-static int
-open_flock(const char *filename, int flags, int mode)
-{
-    int lock_mode;
-    int tries = 0;
-    int fd = open(filename, flags, mode);
-    if(fd < 0)
-	return fd;
-    if((flags & O_ACCMODE) == O_RDONLY)
-	lock_mode = LOCK_SH | LOCK_NB;
-    else
-	lock_mode = LOCK_EX | LOCK_NB;
-    while(flock(fd, lock_mode) < 0) {
-	if(++tries < 5) {
-	    sleep(1);
-	} else {
-	    close(fd);
-	    return -1;
-	}
-    }
-    return fd;
-}
-
-
-
-static krb5_error_code
-krb4_kt_start_seq_get_int (krb5_context context,
-			   krb5_keytab id,
-			   int flags,
-			   krb5_kt_cursor *c)
-{
-    struct krb4_kt_data *d = id->data;
-    struct krb4_cursor_extra_data *ed;
-    int ret;
-
-    ed = malloc (sizeof(*ed));
-    if (ed == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    ed->entry.principal = NULL;
-    ed->num = -1;
-    c->data = ed;
-    c->fd = open_flock (d->filename, flags, 0);
-    if (c->fd < 0) {
-	ret = errno;
-	free (ed);
-	krb5_set_error_string(context, "open(%s): %s", d->filename,
-			      strerror(ret));
-	return ret;
-    }
-    c->sp = krb5_storage_from_fd(c->fd);
-    if(c->sp == NULL) {
-	close(c->fd);
-	free(ed);
-	return ENOMEM;
-    }
-    krb5_storage_set_eof_code(c->sp, KRB5_KT_END);
-    return 0;
-}
-
-static krb5_error_code
-krb4_kt_start_seq_get (krb5_context context,
-		       krb5_keytab id,
-		       krb5_kt_cursor *c)
-{
-    return krb4_kt_start_seq_get_int (context, id, O_BINARY | O_RDONLY, c);
-}
-
-static krb5_error_code
-read_v4_entry (krb5_context context,
-	       struct krb4_kt_data *d,
-	       krb5_kt_cursor *c,
-	       struct krb4_cursor_extra_data *ed)
-{
-    unsigned char des_key[8];
-    krb5_error_code ret;
-    char *service, *instance, *realm;
-    int8_t kvno;
-
-    ret = krb5_ret_stringz(c->sp, &service);
-    if (ret)
-	return ret;
-    ret = krb5_ret_stringz(c->sp, &instance);
-    if (ret) {
-	free (service);
-	return ret;
-    }
-    ret = krb5_ret_stringz(c->sp, &realm);
-    if (ret) {
-	free (service);
-	free (instance);
-	return ret;
-    }
-    ret = krb5_425_conv_principal (context, service, instance, realm,
-				   &ed->entry.principal);
-    free (service);
-    free (instance);
-    free (realm);
-    if (ret)
-	return ret;
-    ret = krb5_ret_int8(c->sp, &kvno);
-    if (ret) {
-	krb5_free_principal (context, ed->entry.principal);
-	return ret;
-    }
-    ret = krb5_storage_read(c->sp, des_key, sizeof(des_key));
-    if (ret < 0) {
-	krb5_free_principal(context, ed->entry.principal);
-	return ret;
-    }
-    if (ret < 8) {
-	krb5_free_principal(context, ed->entry.principal);
-	return EINVAL;
-    }
-    ed->entry.vno = kvno;
-    ret = krb5_data_copy (&ed->entry.keyblock.keyvalue,
-			  des_key, sizeof(des_key));
-    if (ret)
-	return ret;
-    ed->entry.timestamp = time(NULL);
-    ed->num = 0;
-    return 0;
-}
-
-static krb5_error_code
-krb4_kt_next_entry (krb5_context context,
-		    krb5_keytab id,
-		    krb5_keytab_entry *entry,
-		    krb5_kt_cursor *c)
-{
-    krb5_error_code ret;
-    struct krb4_kt_data *d = id->data;
-    struct krb4_cursor_extra_data *ed = c->data;
-    const krb5_enctype keytypes[] = {ETYPE_DES_CBC_MD5,
-				     ETYPE_DES_CBC_MD4,
-				     ETYPE_DES_CBC_CRC};
-
-    if (ed->num == -1) {
-	ret = read_v4_entry (context, d, c, ed);
-	if (ret)
-	    return ret;
-    }
-    ret = krb5_kt_copy_entry_contents (context,
-				       &ed->entry,
-				       entry);
-    if (ret)
-	return ret;
-    entry->keyblock.keytype = keytypes[ed->num];
-    if (++ed->num == 3) {
-	krb5_kt_free_entry (context, &ed->entry);
-	ed->num = -1;
-    }
-    return 0;
-}
-
-static krb5_error_code
-krb4_kt_end_seq_get (krb5_context context,
-		     krb5_keytab id,
-		     krb5_kt_cursor *c)
-{
-    struct krb4_cursor_extra_data *ed = c->data;
-
-    krb5_storage_free (c->sp);
-    if (ed->num != -1)
-	krb5_kt_free_entry (context, &ed->entry);
-    free (c->data);
-    close (c->fd);
-    return 0;
-}
-
-static krb5_error_code
-krb4_store_keytab_entry(krb5_context context, 
-			krb5_keytab_entry *entry, 
-			krb5_storage *sp)
-{
-    krb5_error_code ret;
-#define ANAME_SZ 40
-#define INST_SZ 40
-#define REALM_SZ 40
-    char service[ANAME_SZ];
-    char instance[INST_SZ];
-    char realm[REALM_SZ];
-    ret = krb5_524_conv_principal (context, entry->principal,
-				   service, instance, realm);
-    if (ret)
-	return ret;
-    if (entry->keyblock.keyvalue.length == 8
-	&& entry->keyblock.keytype == ETYPE_DES_CBC_MD5) {
-	ret = krb5_store_stringz(sp, service);
-	ret = krb5_store_stringz(sp, instance);
-	ret = krb5_store_stringz(sp, realm);
-	ret = krb5_store_int8(sp, entry->vno);
-	ret = krb5_storage_write(sp, entry->keyblock.keyvalue.data, 8);
-    }
-    return 0;
-}
-
-static krb5_error_code
-krb4_kt_add_entry (krb5_context context,
-		   krb5_keytab id,
-		   krb5_keytab_entry *entry)
-{
-    struct krb4_kt_data *d = id->data;
-    krb5_storage *sp;
-    krb5_error_code ret;
-    int fd;
-
-    fd = open_flock (d->filename, O_WRONLY | O_APPEND | O_BINARY, 0);
-    if (fd < 0) {
-	fd = open_flock (d->filename,
-		   O_WRONLY | O_APPEND | O_BINARY | O_CREAT, 0600);
-	if (fd < 0) {
-	    ret = errno;
-	    krb5_set_error_string(context, "open(%s): %s", d->filename,
-				  strerror(ret));
-	    return ret;
-	}
-    }
-    sp = krb5_storage_from_fd(fd);
-    if(sp == NULL) {
-	close(fd);
-	return ENOMEM;
-    }
-    krb5_storage_set_eof_code(sp, KRB5_KT_END);
-    ret = krb4_store_keytab_entry(context, entry, sp);
-    krb5_storage_free(sp);
-    if(close (fd) < 0)
-	return errno;
-    return ret;
-}
-
-static krb5_error_code
-krb4_kt_remove_entry(krb5_context context,
-		     krb5_keytab id,
-		     krb5_keytab_entry *entry)
-{
-    struct krb4_kt_data *d = id->data;
-    krb5_error_code ret;
-    krb5_keytab_entry e;
-    krb5_kt_cursor cursor;
-    krb5_storage *sp;
-    int remove_flag = 0;
-    
-    sp = krb5_storage_emem();
-    if (sp == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    ret = krb5_kt_start_seq_get(context, id, &cursor);
-    if (ret) {
-	krb5_storage_free(sp);
-	return ret;
-    }	
-    while(krb5_kt_next_entry(context, id, &e, &cursor) == 0) {
-	if(!krb5_kt_compare(context, &e, entry->principal, 
-			    entry->vno, entry->keyblock.keytype)) {
-	    ret = krb4_store_keytab_entry(context, &e, sp);
-	    if(ret) {
-		krb5_kt_free_entry(context, &e);
-		krb5_storage_free(sp);
-		return ret;
-	    }
-	} else
-	    remove_flag = 1;
-	krb5_kt_free_entry(context, &e);
-    }
-    krb5_kt_end_seq_get(context, id, &cursor);
-    if(remove_flag) {
-	int fd;
-	unsigned char buf[1024];
-	ssize_t n;
-	krb5_data data;
-	struct stat st;
-
-	krb5_storage_to_data(sp, &data);
-	krb5_storage_free(sp);
-
-	fd = open_flock (d->filename, O_RDWR | O_BINARY, 0);
-	if(fd < 0) {
-	    memset(data.data, 0, data.length);
-	    krb5_data_free(&data);
-	    if(errno == EACCES || errno == EROFS) 
-		return KRB5_KT_NOWRITE;
-	    return errno;
-	}
-
-	if(write(fd, data.data, data.length) != data.length) {
-	    memset(data.data, 0, data.length);
-	    krb5_data_free(&data);
-	    close(fd);
-	    krb5_set_error_string(context, "failed writing to \"%s\"", d->filename);
-	    return errno;
-	}
-	memset(data.data, 0, data.length);
-	if(fstat(fd, &st) < 0) {
-	    krb5_data_free(&data);
-	    close(fd);
-	    krb5_set_error_string(context, "failed getting size of \"%s\"", d->filename);
-	    return errno;
-	}
-	st.st_size -= data.length;
-	memset(buf, 0, sizeof(buf));
-	while(st.st_size > 0) {
-	    n = min(st.st_size, sizeof(buf));
-	    n = write(fd, buf, n);
-	    if(n <= 0) {
-		krb5_data_free(&data);
-		close(fd);
-		krb5_set_error_string(context, "failed writing to \"%s\"", d->filename);
-		return errno;
-		
-	    }
-	    st.st_size -= n;
-	}
-	if(ftruncate(fd, data.length) < 0) {
-	    krb5_data_free(&data);
-	    close(fd);
-	    krb5_set_error_string(context, "failed truncating \"%s\"", d->filename);
-	    return errno;
-	}
-	krb5_data_free(&data);
-	if(close(fd) < 0) {
-	    krb5_set_error_string(context, "error closing \"%s\"", d->filename);
-	    return errno;
-	}
-	return 0;
-    } else {
-	krb5_storage_free(sp);
-	return KRB5_KT_NOTFOUND;
-    }
-}
-
-
-const krb5_kt_ops krb4_fkt_ops = {
-    "krb4",
-    krb4_kt_resolve,
-    krb4_kt_get_name,
-    krb4_kt_close,
-    NULL,			/* get */
-    krb4_kt_start_seq_get,
-    krb4_kt_next_entry,
-    krb4_kt_end_seq_get,
-    krb4_kt_add_entry,		/* add_entry */
-    krb4_kt_remove_entry	/* remove_entry */
-};
-
-const krb5_kt_ops krb5_srvtab_fkt_ops = {
-    "SRVTAB",
-    krb4_kt_resolve,
-    krb4_kt_get_name,
-    krb4_kt_close,
-    NULL,			/* get */
-    krb4_kt_start_seq_get,
-    krb4_kt_next_entry,
-    krb4_kt_end_seq_get,
-    krb4_kt_add_entry,		/* add_entry */
-    krb4_kt_remove_entry	/* remove_entry */
-};
diff --git a/crypto/heimdal/lib/krb5/keytab_memory.c b/crypto/heimdal/lib/krb5/keytab_memory.c
deleted file mode 100644
index 0ad8720c3fb8..000000000000
--- a/crypto/heimdal/lib/krb5/keytab_memory.c
+++ /dev/null
@@ -1,234 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: keytab_memory.c 16352 2005-12-05 18:39:46Z lha $");
-
-/* memory operations -------------------------------------------- */
-
-struct mkt_data {
-    krb5_keytab_entry *entries;
-    int num_entries;
-    char *name;
-    int refcount;
-    struct mkt_data *next;
-};
-
-/* this mutex protects mkt_head, ->refcount, and ->next 
- * content is not protected (name is static and need no protection)
- */
-static HEIMDAL_MUTEX mkt_mutex = HEIMDAL_MUTEX_INITIALIZER;
-static struct mkt_data *mkt_head;
-
-
-static krb5_error_code
-mkt_resolve(krb5_context context, const char *name, krb5_keytab id)
-{
-    struct mkt_data *d;
-
-    HEIMDAL_MUTEX_lock(&mkt_mutex);
-
-    for (d = mkt_head; d != NULL; d = d->next)
-	if (strcmp(d->name, name) == 0)
-	    break;
-    if (d) {
-	if (d->refcount < 1)
-	    krb5_abortx(context, "Double close on memory keytab, "
-			"refcount < 1 %d", d->refcount);
-	d->refcount++;
-	id->data = d;
-	HEIMDAL_MUTEX_unlock(&mkt_mutex);
-	return 0;
-    }
-
-    d = calloc(1, sizeof(*d));
-    if(d == NULL) {
-	HEIMDAL_MUTEX_unlock(&mkt_mutex);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    d->name = strdup(name);
-    if (d->name == NULL) {
-	HEIMDAL_MUTEX_unlock(&mkt_mutex);
-	free(d);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    d->entries = NULL;
-    d->num_entries = 0;
-    d->refcount = 1;
-    d->next = mkt_head;
-    mkt_head = d;
-    HEIMDAL_MUTEX_unlock(&mkt_mutex);
-    id->data = d;
-    return 0;
-}
-
-static krb5_error_code
-mkt_close(krb5_context context, krb5_keytab id)
-{
-    struct mkt_data *d = id->data, **dp;
-    int i;
-
-    HEIMDAL_MUTEX_lock(&mkt_mutex);
-    if (d->refcount < 1)
-	krb5_abortx(context, 
-		    "krb5 internal error, memory keytab refcount < 1 on close");
-
-    if (--d->refcount > 0) {
-	HEIMDAL_MUTEX_unlock(&mkt_mutex);
-	return 0;
-    }
-    for (dp = &mkt_head; *dp != NULL; dp = &(*dp)->next) {
-	if (*dp == d) {
-	    *dp = d->next;
-	    break;
-	}
-    }
-    HEIMDAL_MUTEX_unlock(&mkt_mutex);
-
-    free(d->name);
-    for(i = 0; i < d->num_entries; i++)
-	krb5_kt_free_entry(context, &d->entries[i]);
-    free(d->entries);
-    free(d);
-    return 0;
-}
-
-static krb5_error_code 
-mkt_get_name(krb5_context context, 
-	     krb5_keytab id, 
-	     char *name, 
-	     size_t namesize)
-{
-    struct mkt_data *d = id->data;
-    strlcpy(name, d->name, namesize);
-    return 0;
-}
-
-static krb5_error_code
-mkt_start_seq_get(krb5_context context, 
-		  krb5_keytab id, 
-		  krb5_kt_cursor *c)
-{
-    /* XXX */
-    c->fd = 0;
-    return 0;
-}
-
-static krb5_error_code
-mkt_next_entry(krb5_context context, 
-	       krb5_keytab id, 
-	       krb5_keytab_entry *entry, 
-	       krb5_kt_cursor *c)
-{
-    struct mkt_data *d = id->data;
-    if(c->fd >= d->num_entries)
-	return KRB5_KT_END;
-    return krb5_kt_copy_entry_contents(context, &d->entries[c->fd++], entry);
-}
-
-static krb5_error_code
-mkt_end_seq_get(krb5_context context, 
-		krb5_keytab id,
-		krb5_kt_cursor *cursor)
-{
-    return 0;
-}
-
-static krb5_error_code
-mkt_add_entry(krb5_context context,
-	      krb5_keytab id,
-	      krb5_keytab_entry *entry)
-{
-    struct mkt_data *d = id->data;
-    krb5_keytab_entry *tmp;
-    tmp = realloc(d->entries, (d->num_entries + 1) * sizeof(*d->entries));
-    if(tmp == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    d->entries = tmp;
-    return krb5_kt_copy_entry_contents(context, entry, 
-				       &d->entries[d->num_entries++]);
-}
-
-static krb5_error_code
-mkt_remove_entry(krb5_context context,
-		 krb5_keytab id,
-		 krb5_keytab_entry *entry)
-{
-    struct mkt_data *d = id->data;
-    krb5_keytab_entry *e, *end;
-    int found = 0;
-    
-    if (d->num_entries == 0) {
-	krb5_clear_error_string(context);
-        return KRB5_KT_NOTFOUND;
-    }
-
-    /* do this backwards to minimize copying */
-    for(end = d->entries + d->num_entries, e = end - 1; e >= d->entries; e--) {
-	if(krb5_kt_compare(context, e, entry->principal, 
-			   entry->vno, entry->keyblock.keytype)) {
-	    krb5_kt_free_entry(context, e);
-	    memmove(e, e + 1, (end - e - 1) * sizeof(*e));
-	    memset(end - 1, 0, sizeof(*end));
-	    d->num_entries--;
-	    end--;
-	    found = 1;
-	}
-    }
-    if (!found) {
-	krb5_clear_error_string (context);
-	return KRB5_KT_NOTFOUND;
-    }
-    e = realloc(d->entries, d->num_entries * sizeof(*d->entries));
-    if(e != NULL || d->num_entries == 0)
-	d->entries = e;
-    return 0;
-}
-
-const krb5_kt_ops krb5_mkt_ops = {
-    "MEMORY",
-    mkt_resolve,
-    mkt_get_name,
-    mkt_close,
-    NULL, /* get */
-    mkt_start_seq_get,
-    mkt_next_entry,
-    mkt_end_seq_get,
-    mkt_add_entry,
-    mkt_remove_entry
-};
diff --git a/crypto/heimdal/lib/krb5/krb5-private.h b/crypto/heimdal/lib/krb5/krb5-private.h
deleted file mode 100644
index 7e04446fe07c..000000000000
--- a/crypto/heimdal/lib/krb5/krb5-private.h
+++ /dev/null
@@ -1,447 +0,0 @@
-/* This is a generated file */
-#ifndef __krb5_private_h__
-#define __krb5_private_h__
-
-#include <stdarg.h>
-
-void KRB5_LIB_FUNCTION
-_krb5_aes_cts_encrypt (
-	const unsigned char */*in*/,
-	unsigned char */*out*/,
-	size_t /*len*/,
-	const AES_KEY */*key*/,
-	unsigned char */*ivec*/,
-	const int /*encryptp*/);
-
-krb5_error_code
-_krb5_cc_allocate (
-	krb5_context /*context*/,
-	const krb5_cc_ops */*ops*/,
-	krb5_ccache */*id*/);
-
-void
-_krb5_crc_init_table (void);
-
-uint32_t
-_krb5_crc_update (
-	const char */*p*/,
-	size_t /*len*/,
-	uint32_t /*res*/);
-
-krb5_error_code
-_krb5_dh_group_ok (
-	krb5_context /*context*/,
-	unsigned long /*bits*/,
-	heim_integer */*p*/,
-	heim_integer */*g*/,
-	heim_integer */*q*/,
-	struct krb5_dh_moduli **/*moduli*/,
-	char **/*name*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_enctype_to_oid (
-	krb5_context /*context*/,
-	krb5_enctype /*etype*/,
-	heim_oid */*oid*/);
-
-krb5_error_code
-_krb5_expand_default_cc_name (
-	krb5_context /*context*/,
-	const char */*str*/,
-	char **/*res*/);
-
-int
-_krb5_extract_ticket (
-	krb5_context /*context*/,
-	krb5_kdc_rep */*rep*/,
-	krb5_creds */*creds*/,
-	krb5_keyblock */*key*/,
-	krb5_const_pointer /*keyseed*/,
-	krb5_key_usage /*key_usage*/,
-	krb5_addresses */*addrs*/,
-	unsigned /*nonce*/,
-	unsigned /*flags*/,
-	krb5_decrypt_proc /*decrypt_proc*/,
-	krb5_const_pointer /*decryptarg*/);
-
-void
-_krb5_free_krbhst_info (krb5_krbhst_info */*hi*/);
-
-void
-_krb5_free_moduli (struct krb5_dh_moduli **/*moduli*/);
-
-krb5_error_code
-_krb5_get_default_principal_local (
-	krb5_context /*context*/,
-	krb5_principal */*princ*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_get_host_realm_int (
-	krb5_context /*context*/,
-	const char */*host*/,
-	krb5_boolean /*use_dns*/,
-	krb5_realm **/*realms*/);
-
-krb5_error_code
-_krb5_get_init_creds_opt_copy (
-	krb5_context /*context*/,
-	const krb5_get_init_creds_opt */*in*/,
-	krb5_get_init_creds_opt **/*out*/);
-
-void KRB5_LIB_FUNCTION
-_krb5_get_init_creds_opt_free_krb5_error (krb5_get_init_creds_opt */*opt*/);
-
-void KRB5_LIB_FUNCTION
-_krb5_get_init_creds_opt_free_pkinit (krb5_get_init_creds_opt */*opt*/);
-
-void KRB5_LIB_FUNCTION
-_krb5_get_init_creds_opt_set_krb5_error (
-	krb5_context /*context*/,
-	krb5_get_init_creds_opt */*opt*/,
-	const KRB_ERROR */*error*/);
-
-krb5_ssize_t KRB5_LIB_FUNCTION
-_krb5_get_int (
-	void */*buffer*/,
-	unsigned long */*value*/,
-	size_t /*size*/);
-
-krb5_error_code
-_krb5_get_krbtgt (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/,
-	krb5_realm /*realm*/,
-	krb5_creds **/*cred*/);
-
-krb5_error_code
-_krb5_kcm_chmod (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/,
-	uint16_t /*mode*/);
-
-krb5_error_code
-_krb5_kcm_chown (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/,
-	uint32_t /*uid*/,
-	uint32_t /*gid*/);
-
-krb5_error_code
-_krb5_kcm_get_initial_ticket (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/,
-	krb5_principal /*server*/,
-	krb5_keyblock */*key*/);
-
-krb5_error_code
-_krb5_kcm_get_ticket (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/,
-	krb5_kdc_flags /*flags*/,
-	krb5_enctype /*enctype*/,
-	krb5_principal /*server*/);
-
-krb5_boolean
-_krb5_kcm_is_running (krb5_context /*context*/);
-
-krb5_error_code
-_krb5_kcm_noop (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/);
-
-krb5_error_code
-_krb5_kdc_retry (
-	krb5_context /*context*/,
-	krb5_sendto_ctx /*ctx*/,
-	void */*data*/,
-	const krb5_data */*reply*/,
-	int */*action*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_krb_cr_err_reply (
-	krb5_context /*context*/,
-	const char */*name*/,
-	const char */*inst*/,
-	const char */*realm*/,
-	uint32_t /*time_ws*/,
-	uint32_t /*e*/,
-	const char */*e_string*/,
-	krb5_data */*data*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_krb_create_auth_reply (
-	krb5_context /*context*/,
-	const char */*pname*/,
-	const char */*pinst*/,
-	const char */*prealm*/,
-	int32_t /*time_ws*/,
-	int /*n*/,
-	uint32_t /*x_date*/,
-	unsigned char /*kvno*/,
-	const krb5_data */*cipher*/,
-	krb5_data */*data*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_krb_create_ciph (
-	krb5_context /*context*/,
-	const krb5_keyblock */*session*/,
-	const char */*service*/,
-	const char */*instance*/,
-	const char */*realm*/,
-	uint32_t /*life*/,
-	unsigned char /*kvno*/,
-	const krb5_data */*ticket*/,
-	uint32_t /*kdc_time*/,
-	const krb5_keyblock */*key*/,
-	krb5_data */*enc_data*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_krb_create_ticket (
-	krb5_context /*context*/,
-	unsigned char /*flags*/,
-	const char */*pname*/,
-	const char */*pinstance*/,
-	const char */*prealm*/,
-	int32_t /*paddress*/,
-	const krb5_keyblock */*session*/,
-	int16_t /*life*/,
-	int32_t /*life_sec*/,
-	const char */*sname*/,
-	const char */*sinstance*/,
-	const krb5_keyblock */*key*/,
-	krb5_data */*enc_data*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_krb_decomp_ticket (
-	krb5_context /*context*/,
-	const krb5_data */*enc_ticket*/,
-	const krb5_keyblock */*key*/,
-	const char */*local_realm*/,
-	char **/*sname*/,
-	char **/*sinstance*/,
-	struct _krb5_krb_auth_data */*ad*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_krb_dest_tkt (
-	krb5_context /*context*/,
-	const char */*tkfile*/);
-
-void KRB5_LIB_FUNCTION
-_krb5_krb_free_auth_data (
-	krb5_context /*context*/,
-	struct _krb5_krb_auth_data */*ad*/);
-
-time_t KRB5_LIB_FUNCTION
-_krb5_krb_life_to_time (
-	int /*start*/,
-	int /*life_*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_krb_rd_req (
-	krb5_context /*context*/,
-	krb5_data */*authent*/,
-	const char */*service*/,
-	const char */*instance*/,
-	const char */*local_realm*/,
-	int32_t /*from_addr*/,
-	const krb5_keyblock */*key*/,
-	struct _krb5_krb_auth_data */*ad*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_krb_tf_setup (
-	krb5_context /*context*/,
-	struct credentials */*v4creds*/,
-	const char */*tkfile*/,
-	int /*append*/);
-
-int KRB5_LIB_FUNCTION
-_krb5_krb_time_to_life (
-	time_t /*start*/,
-	time_t /*end*/);
-
-krb5_error_code
-_krb5_krbhost_info_move (
-	krb5_context /*context*/,
-	krb5_krbhst_info */*from*/,
-	krb5_krbhst_info **/*to*/);
-
-krb5_error_code
-_krb5_mk_req_internal (
-	krb5_context /*context*/,
-	krb5_auth_context */*auth_context*/,
-	const krb5_flags /*ap_req_options*/,
-	krb5_data */*in_data*/,
-	krb5_creds */*in_creds*/,
-	krb5_data */*outbuf*/,
-	krb5_key_usage /*checksum_usage*/,
-	krb5_key_usage /*encrypt_usage*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_n_fold (
-	const void */*str*/,
-	size_t /*len*/,
-	void */*key*/,
-	size_t /*size*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_oid_to_enctype (
-	krb5_context /*context*/,
-	const heim_oid */*oid*/,
-	krb5_enctype */*etype*/);
-
-krb5_error_code
-_krb5_pac_sign (
-	krb5_context /*context*/,
-	krb5_pac /*p*/,
-	time_t /*authtime*/,
-	krb5_principal /*principal*/,
-	const krb5_keyblock */*server_key*/,
-	const krb5_keyblock */*priv_key*/,
-	krb5_data */*data*/);
-
-krb5_error_code
-_krb5_parse_moduli (
-	krb5_context /*context*/,
-	const char */*file*/,
-	struct krb5_dh_moduli ***/*moduli*/);
-
-krb5_error_code
-_krb5_parse_moduli_line (
-	krb5_context /*context*/,
-	const char */*file*/,
-	int /*lineno*/,
-	char */*p*/,
-	struct krb5_dh_moduli **/*m*/);
-
-void KRB5_LIB_FUNCTION
-_krb5_pk_allow_proxy_certificate (
-	struct krb5_pk_identity */*id*/,
-	int /*boolean*/);
-
-void KRB5_LIB_FUNCTION
-_krb5_pk_cert_free (struct krb5_pk_cert */*cert*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_pk_load_id (
-	krb5_context /*context*/,
-	struct krb5_pk_identity **/*ret_id*/,
-	const char */*user_id*/,
-	const char */*anchor_id*/,
-	char * const */*chain_list*/,
-	char * const */*revoke_list*/,
-	krb5_prompter_fct /*prompter*/,
-	void */*prompter_data*/,
-	char */*password*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_pk_mk_ContentInfo (
-	krb5_context /*context*/,
-	const krb5_data */*buf*/,
-	const heim_oid */*oid*/,
-	struct ContentInfo */*content_info*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_pk_mk_padata (
-	krb5_context /*context*/,
-	void */*c*/,
-	const KDC_REQ_BODY */*req_body*/,
-	unsigned /*nonce*/,
-	METHOD_DATA */*md*/);
-
-krb5_error_code
-_krb5_pk_octetstring2key (
-	krb5_context /*context*/,
-	krb5_enctype /*type*/,
-	const void */*dhdata*/,
-	size_t /*dhsize*/,
-	const heim_octet_string */*c_n*/,
-	const heim_octet_string */*k_n*/,
-	krb5_keyblock */*key*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_pk_rd_pa_reply (
-	krb5_context /*context*/,
-	const char */*realm*/,
-	void */*c*/,
-	krb5_enctype /*etype*/,
-	const krb5_krbhst_info */*hi*/,
-	unsigned /*nonce*/,
-	const krb5_data */*req_buffer*/,
-	PA_DATA */*pa*/,
-	krb5_keyblock **/*key*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_pk_verify_sign (
-	krb5_context /*context*/,
-	const void */*data*/,
-	size_t /*length*/,
-	struct krb5_pk_identity */*id*/,
-	heim_oid */*contentType*/,
-	krb5_data */*content*/,
-	struct krb5_pk_cert **/*signer*/);
-
-krb5_error_code
-_krb5_plugin_find (
-	krb5_context /*context*/,
-	enum krb5_plugin_type /*type*/,
-	const char */*name*/,
-	struct krb5_plugin **/*list*/);
-
-void
-_krb5_plugin_free (struct krb5_plugin */*list*/);
-
-struct krb5_plugin *
-_krb5_plugin_get_next (struct krb5_plugin */*p*/);
-
-void *
-_krb5_plugin_get_symbol (struct krb5_plugin */*p*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_principal2principalname (
-	PrincipalName */*p*/,
-	const krb5_principal /*from*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_principalname2krb5_principal (
-	krb5_context /*context*/,
-	krb5_principal */*principal*/,
-	const PrincipalName /*from*/,
-	const Realm /*realm*/);
-
-krb5_ssize_t KRB5_LIB_FUNCTION
-_krb5_put_int (
-	void */*buffer*/,
-	unsigned long /*value*/,
-	size_t /*size*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_rd_req_out_ctx_alloc (
-	krb5_context /*context*/,
-	krb5_rd_req_out_ctx */*ctx*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_s4u2self_to_checksumdata (
-	krb5_context /*context*/,
-	const PA_S4U2Self */*self*/,
-	krb5_data */*data*/);
-
-int
-_krb5_send_and_recv_tcp (
-	int /*fd*/,
-	time_t /*tmout*/,
-	const krb5_data */*req*/,
-	krb5_data */*rep*/);
-
-int
-_krb5_xlock (
-	krb5_context /*context*/,
-	int /*fd*/,
-	krb5_boolean /*exclusive*/,
-	const char */*filename*/);
-
-int
-_krb5_xunlock (
-	krb5_context /*context*/,
-	int /*fd*/);
-
-#endif /* __krb5_private_h__ */
diff --git a/crypto/heimdal/lib/krb5/krb5-protos.h b/crypto/heimdal/lib/krb5/krb5-protos.h
deleted file mode 100644
index 647d8886b7cc..000000000000
--- a/crypto/heimdal/lib/krb5/krb5-protos.h
+++ /dev/null
@@ -1,4114 +0,0 @@
-/* This is a generated file */
-#ifndef __krb5_protos_h__
-#define __krb5_protos_h__
-
-#include <stdarg.h>
-
-#if !defined(__GNUC__) && !defined(__attribute__)
-#define __attribute__(x)
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef KRB5_LIB_FUNCTION
-#if defined(_WIN32)
-#define KRB5_LIB_FUNCTION _stdcall
-#else
-#define KRB5_LIB_FUNCTION
-#endif
-#endif
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb524_convert_creds_kdc (
-	krb5_context /*context*/,
-	krb5_creds */*in_cred*/,
-	struct credentials */*v4creds*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb524_convert_creds_kdc_ccache (
-	krb5_context /*context*/,
-	krb5_ccache /*ccache*/,
-	krb5_creds */*in_cred*/,
-	struct credentials */*v4creds*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_425_conv_principal (
-	krb5_context /*context*/,
-	const char */*name*/,
-	const char */*instance*/,
-	const char */*realm*/,
-	krb5_principal */*princ*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_425_conv_principal_ext (
-	krb5_context /*context*/,
-	const char */*name*/,
-	const char */*instance*/,
-	const char */*realm*/,
-	krb5_boolean (*/*func*/)(krb5_context, krb5_principal),
-	krb5_boolean /*resolve*/,
-	krb5_principal */*principal*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_425_conv_principal_ext2 (
-	krb5_context /*context*/,
-	const char */*name*/,
-	const char */*instance*/,
-	const char */*realm*/,
-	krb5_boolean (*/*func*/)(krb5_context, void *, krb5_principal),
-	void */*funcctx*/,
-	krb5_boolean /*resolve*/,
-	krb5_principal */*princ*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_524_conv_principal (
-	krb5_context /*context*/,
-	const krb5_principal /*principal*/,
-	char */*name*/,
-	char */*instance*/,
-	char */*realm*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_abort (
-	krb5_context /*context*/,
-	krb5_error_code /*code*/,
-	const char */*fmt*/,
-	...)
-    __attribute__ ((noreturn, format (printf, 3, 4)));
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_abortx (
-	krb5_context /*context*/,
-	const char */*fmt*/,
-	...)
-    __attribute__ ((noreturn, format (printf, 2, 3)));
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_acl_match_file (
-	krb5_context /*context*/,
-	const char */*file*/,
-	const char */*format*/,
-	...);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_acl_match_string (
-	krb5_context /*context*/,
-	const char */*string*/,
-	const char */*format*/,
-	...);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_add_et_list (
-	krb5_context /*context*/,
-	void (*/*func*/)(struct et_list **));
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_add_extra_addresses (
-	krb5_context /*context*/,
-	krb5_addresses */*addresses*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_add_ignore_addresses (
-	krb5_context /*context*/,
-	krb5_addresses */*addresses*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_addlog_dest (
-	krb5_context /*context*/,
-	krb5_log_facility */*f*/,
-	const char */*orig*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_addlog_func (
-	krb5_context /*context*/,
-	krb5_log_facility */*fac*/,
-	int /*min*/,
-	int /*max*/,
-	krb5_log_log_func_t /*log_func*/,
-	krb5_log_close_func_t /*close_func*/,
-	void */*data*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_addr2sockaddr (
-	krb5_context /*context*/,
-	const krb5_address */*addr*/,
-	struct sockaddr */*sa*/,
-	krb5_socklen_t */*sa_size*/,
-	int /*port*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_address_compare (
-	krb5_context /*context*/,
-	const krb5_address */*addr1*/,
-	const krb5_address */*addr2*/);
-
-int KRB5_LIB_FUNCTION
-krb5_address_order (
-	krb5_context /*context*/,
-	const krb5_address */*addr1*/,
-	const krb5_address */*addr2*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_address_prefixlen_boundary (
-	krb5_context /*context*/,
-	const krb5_address */*inaddr*/,
-	unsigned long /*prefixlen*/,
-	krb5_address */*low*/,
-	krb5_address */*high*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_address_search (
-	krb5_context /*context*/,
-	const krb5_address */*addr*/,
-	const krb5_addresses */*addrlist*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_aname_to_localname (
-	krb5_context /*context*/,
-	krb5_const_principal /*aname*/,
-	size_t /*lnsize*/,
-	char */*lname*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_anyaddr (
-	krb5_context /*context*/,
-	int /*af*/,
-	struct sockaddr */*sa*/,
-	krb5_socklen_t */*sa_size*/,
-	int /*port*/);
-
-void KRB5_LIB_FUNCTION
-krb5_appdefault_boolean (
-	krb5_context /*context*/,
-	const char */*appname*/,
-	krb5_const_realm /*realm*/,
-	const char */*option*/,
-	krb5_boolean /*def_val*/,
-	krb5_boolean */*ret_val*/);
-
-void KRB5_LIB_FUNCTION
-krb5_appdefault_string (
-	krb5_context /*context*/,
-	const char */*appname*/,
-	krb5_const_realm /*realm*/,
-	const char */*option*/,
-	const char */*def_val*/,
-	char **/*ret_val*/);
-
-void KRB5_LIB_FUNCTION
-krb5_appdefault_time (
-	krb5_context /*context*/,
-	const char */*appname*/,
-	krb5_const_realm /*realm*/,
-	const char */*option*/,
-	time_t /*def_val*/,
-	time_t */*ret_val*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_append_addresses (
-	krb5_context /*context*/,
-	krb5_addresses */*dest*/,
-	const krb5_addresses */*source*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_addflags (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	int32_t /*addflags*/,
-	int32_t */*flags*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_free (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_genaddrs (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	int /*fd*/,
-	int /*flags*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_generatelocalsubkey (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_keyblock */*key*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_getaddrs (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_address **/*local_addr*/,
-	krb5_address **/*remote_addr*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_getauthenticator (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_authenticator */*authenticator*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_getcksumtype (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_cksumtype */*cksumtype*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_getflags (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	int32_t */*flags*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_getkey (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_keyblock **/*keyblock*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_getkeytype (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_keytype */*keytype*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_getlocalseqnumber (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	int32_t */*seqnumber*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_getlocalsubkey (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_keyblock **/*keyblock*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_getrcache (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_rcache */*rcache*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_getremotesubkey (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_keyblock **/*keyblock*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_init (
-	krb5_context /*context*/,
-	krb5_auth_context */*auth_context*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_removeflags (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	int32_t /*removeflags*/,
-	int32_t */*flags*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setaddrs (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_address */*local_addr*/,
-	krb5_address */*remote_addr*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setaddrs_from_fd (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	void */*p_fd*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setcksumtype (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_cksumtype /*cksumtype*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setflags (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	int32_t /*flags*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setkey (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_keyblock */*keyblock*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setkeytype (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_keytype /*keytype*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setlocalseqnumber (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	int32_t /*seqnumber*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setlocalsubkey (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_keyblock */*keyblock*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setrcache (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_rcache /*rcache*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setremoteseqnumber (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	int32_t /*seqnumber*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setremotesubkey (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_keyblock */*keyblock*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_con_setuserkey (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_keyblock */*keyblock*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_auth_getremoteseqnumber (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	int32_t */*seqnumber*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_build_ap_req (
-	krb5_context /*context*/,
-	krb5_enctype /*enctype*/,
-	krb5_creds */*cred*/,
-	krb5_flags /*ap_options*/,
-	krb5_data /*authenticator*/,
-	krb5_data */*retdata*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_build_authenticator (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_enctype /*enctype*/,
-	krb5_creds */*cred*/,
-	Checksum */*cksum*/,
-	Authenticator **/*auth_result*/,
-	krb5_data */*result*/,
-	krb5_key_usage /*usage*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_build_principal (
-	krb5_context /*context*/,
-	krb5_principal */*principal*/,
-	int /*rlen*/,
-	krb5_const_realm /*realm*/,
-	...);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_build_principal_ext (
-	krb5_context /*context*/,
-	krb5_principal */*principal*/,
-	int /*rlen*/,
-	krb5_const_realm /*realm*/,
-	...);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_build_principal_va (
-	krb5_context /*context*/,
-	krb5_principal */*principal*/,
-	int /*rlen*/,
-	krb5_const_realm /*realm*/,
-	va_list /*ap*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_build_principal_va_ext (
-	krb5_context /*context*/,
-	krb5_principal */*principal*/,
-	int /*rlen*/,
-	krb5_const_realm /*realm*/,
-	va_list /*ap*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_block_size (
-	krb5_context /*context*/,
-	krb5_enctype /*enctype*/,
-	size_t */*blocksize*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_checksum_length (
-	krb5_context /*context*/,
-	krb5_cksumtype /*cksumtype*/,
-	size_t */*length*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_decrypt (
-	krb5_context /*context*/,
-	const krb5_keyblock /*key*/,
-	krb5_keyusage /*usage*/,
-	const krb5_data */*ivec*/,
-	krb5_enc_data */*input*/,
-	krb5_data */*output*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_encrypt (
-	krb5_context /*context*/,
-	const krb5_keyblock */*key*/,
-	krb5_keyusage /*usage*/,
-	const krb5_data */*ivec*/,
-	const krb5_data */*input*/,
-	krb5_enc_data */*output*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_encrypt_length (
-	krb5_context /*context*/,
-	krb5_enctype /*enctype*/,
-	size_t /*inputlen*/,
-	size_t */*length*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_enctype_compare (
-	krb5_context /*context*/,
-	krb5_enctype /*e1*/,
-	krb5_enctype /*e2*/,
-	krb5_boolean */*similar*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_get_checksum (
-	krb5_context /*context*/,
-	const krb5_checksum */*cksum*/,
-	krb5_cksumtype */*type*/,
-	krb5_data **/*data*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_c_is_coll_proof_cksum (krb5_cksumtype /*ctype*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_c_is_keyed_cksum (krb5_cksumtype /*ctype*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_keylengths (
-	krb5_context /*context*/,
-	krb5_enctype /*enctype*/,
-	size_t */*ilen*/,
-	size_t */*keylen*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_make_checksum (
-	krb5_context /*context*/,
-	krb5_cksumtype /*cksumtype*/,
-	const krb5_keyblock */*key*/,
-	krb5_keyusage /*usage*/,
-	const krb5_data */*input*/,
-	krb5_checksum */*cksum*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_make_random_key (
-	krb5_context /*context*/,
-	krb5_enctype /*enctype*/,
-	krb5_keyblock */*random_key*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_prf (
-	krb5_context /*context*/,
-	const krb5_keyblock */*key*/,
-	const krb5_data */*input*/,
-	krb5_data */*output*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_prf_length (
-	krb5_context /*context*/,
-	krb5_enctype /*type*/,
-	size_t */*length*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_set_checksum (
-	krb5_context /*context*/,
-	krb5_checksum */*cksum*/,
-	krb5_cksumtype /*type*/,
-	const krb5_data */*data*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_c_valid_cksumtype (krb5_cksumtype /*ctype*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_c_valid_enctype (krb5_enctype /*etype*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_verify_checksum (
-	krb5_context /*context*/,
-	const krb5_keyblock */*key*/,
-	krb5_keyusage /*usage*/,
-	const krb5_data */*data*/,
-	const krb5_checksum */*cksum*/,
-	krb5_boolean */*valid*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_cache_end_seq_get (
-	krb5_context /*context*/,
-	krb5_cc_cache_cursor /*cursor*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_cache_get_first (
-	krb5_context /*context*/,
-	const char */*type*/,
-	krb5_cc_cache_cursor */*cursor*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_cache_match (
-	krb5_context /*context*/,
-	krb5_principal /*client*/,
-	const char */*type*/,
-	krb5_ccache */*id*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_cache_next (
-	krb5_context /*context*/,
-	krb5_cc_cache_cursor /*cursor*/,
-	krb5_ccache */*id*/);
-
-void KRB5_LIB_FUNCTION
-krb5_cc_clear_mcred (krb5_creds */*mcred*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_close (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_copy_cache (
-	krb5_context /*context*/,
-	const krb5_ccache /*from*/,
-	krb5_ccache /*to*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_copy_cache_match (
-	krb5_context /*context*/,
-	const krb5_ccache /*from*/,
-	krb5_ccache /*to*/,
-	krb5_flags /*whichfields*/,
-	const krb5_creds * /*mcreds*/,
-	unsigned int */*matched*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_default (
-	krb5_context /*context*/,
-	krb5_ccache */*id*/);
-
-const char* KRB5_LIB_FUNCTION
-krb5_cc_default_name (krb5_context /*context*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_destroy (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_end_seq_get (
-	krb5_context /*context*/,
-	const krb5_ccache /*id*/,
-	krb5_cc_cursor */*cursor*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_gen_new (
-	krb5_context /*context*/,
-	const krb5_cc_ops */*ops*/,
-	krb5_ccache */*id*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_get_full_name (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/,
-	char **/*str*/);
-
-const char* KRB5_LIB_FUNCTION
-krb5_cc_get_name (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/);
-
-const krb5_cc_ops *
-krb5_cc_get_ops (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/);
-
-const krb5_cc_ops *
-krb5_cc_get_prefix_ops (
-	krb5_context /*context*/,
-	const char */*prefix*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_get_principal (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/,
-	krb5_principal */*principal*/);
-
-const char* KRB5_LIB_FUNCTION
-krb5_cc_get_type (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_get_version (
-	krb5_context /*context*/,
-	const krb5_ccache /*id*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_initialize (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/,
-	krb5_principal /*primary_principal*/);
-
-krb5_error_code
-krb5_cc_move (
-	krb5_context /*context*/,
-	krb5_ccache /*from*/,
-	krb5_ccache /*to*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_new_unique (
-	krb5_context /*context*/,
-	const char */*type*/,
-	const char */*hint*/,
-	krb5_ccache */*id*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_next_cred (
-	krb5_context /*context*/,
-	const krb5_ccache /*id*/,
-	krb5_cc_cursor */*cursor*/,
-	krb5_creds */*creds*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_next_cred_match (
-	krb5_context /*context*/,
-	const krb5_ccache /*id*/,
-	krb5_cc_cursor * /*cursor*/,
-	krb5_creds * /*creds*/,
-	krb5_flags /*whichfields*/,
-	const krb5_creds * /*mcreds*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_register (
-	krb5_context /*context*/,
-	const krb5_cc_ops */*ops*/,
-	krb5_boolean /*override*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_remove_cred (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/,
-	krb5_flags /*which*/,
-	krb5_creds */*cred*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_resolve (
-	krb5_context /*context*/,
-	const char */*name*/,
-	krb5_ccache */*id*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_retrieve_cred (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/,
-	krb5_flags /*whichfields*/,
-	const krb5_creds */*mcreds*/,
-	krb5_creds */*creds*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_set_default_name (
-	krb5_context /*context*/,
-	const char */*name*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_set_flags (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/,
-	krb5_flags /*flags*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_start_seq_get (
-	krb5_context /*context*/,
-	const krb5_ccache /*id*/,
-	krb5_cc_cursor */*cursor*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_store_cred (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/,
-	krb5_creds */*creds*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_change_password (
-	krb5_context /*context*/,
-	krb5_creds */*creds*/,
-	const char */*newpw*/,
-	int */*result_code*/,
-	krb5_data */*result_code_string*/,
-	krb5_data */*result_string*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_check_transited (
-	krb5_context /*context*/,
-	krb5_const_realm /*client_realm*/,
-	krb5_const_realm /*server_realm*/,
-	krb5_realm */*realms*/,
-	int /*num_realms*/,
-	int */*bad_realm*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_check_transited_realms (
-	krb5_context /*context*/,
-	const char *const */*realms*/,
-	int /*num_realms*/,
-	int */*bad_realm*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_checksum_disable (
-	krb5_context /*context*/,
-	krb5_cksumtype /*type*/);
-
-void KRB5_LIB_FUNCTION
-krb5_checksum_free (
-	krb5_context /*context*/,
-	krb5_checksum */*cksum*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_checksum_is_collision_proof (
-	krb5_context /*context*/,
-	krb5_cksumtype /*type*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_checksum_is_keyed (
-	krb5_context /*context*/,
-	krb5_cksumtype /*type*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_checksumsize (
-	krb5_context /*context*/,
-	krb5_cksumtype /*type*/,
-	size_t */*size*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_cksumtype_valid (
-	krb5_context /*context*/,
-	krb5_cksumtype /*ctype*/);
-
-void KRB5_LIB_FUNCTION
-krb5_clear_error_string (krb5_context /*context*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_closelog (
-	krb5_context /*context*/,
-	krb5_log_facility */*fac*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_compare_creds (
-	krb5_context /*context*/,
-	krb5_flags /*whichfields*/,
-	const krb5_creds * /*mcreds*/,
-	const krb5_creds * /*creds*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_config_file_free (
-	krb5_context /*context*/,
-	krb5_config_section */*s*/);
-
-void KRB5_LIB_FUNCTION
-krb5_config_free_strings (char **/*strings*/);
-
-const void *
-krb5_config_get (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	int /*type*/,
-	...);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_config_get_bool (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	...);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_config_get_bool_default (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	krb5_boolean /*def_value*/,
-	...);
-
-int KRB5_LIB_FUNCTION
-krb5_config_get_int (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	...);
-
-int KRB5_LIB_FUNCTION
-krb5_config_get_int_default (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	int /*def_value*/,
-	...);
-
-const krb5_config_binding *
-krb5_config_get_list (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	...);
-
-const void *
-krb5_config_get_next (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	const krb5_config_binding **/*pointer*/,
-	int /*type*/,
-	...);
-
-const char* KRB5_LIB_FUNCTION
-krb5_config_get_string (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	...);
-
-const char* KRB5_LIB_FUNCTION
-krb5_config_get_string_default (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	const char */*def_value*/,
-	...);
-
-char**
-krb5_config_get_strings (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	...);
-
-int KRB5_LIB_FUNCTION
-krb5_config_get_time (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	...);
-
-int KRB5_LIB_FUNCTION
-krb5_config_get_time_default (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	int /*def_value*/,
-	...);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_config_parse_file (
-	krb5_context /*context*/,
-	const char */*fname*/,
-	krb5_config_section **/*res*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_config_parse_file_multi (
-	krb5_context /*context*/,
-	const char */*fname*/,
-	krb5_config_section **/*res*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_config_parse_string_multi (
-	krb5_context /*context*/,
-	const char */*string*/,
-	krb5_config_section **/*res*/);
-
-const void *
-krb5_config_vget (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	int /*type*/,
-	va_list /*args*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_config_vget_bool (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	va_list /*args*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_config_vget_bool_default (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	krb5_boolean /*def_value*/,
-	va_list /*args*/);
-
-int KRB5_LIB_FUNCTION
-krb5_config_vget_int (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	va_list /*args*/);
-
-int KRB5_LIB_FUNCTION
-krb5_config_vget_int_default (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	int /*def_value*/,
-	va_list /*args*/);
-
-const krb5_config_binding *
-krb5_config_vget_list (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	va_list /*args*/);
-
-const void *
-krb5_config_vget_next (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	const krb5_config_binding **/*pointer*/,
-	int /*type*/,
-	va_list /*args*/);
-
-const char* KRB5_LIB_FUNCTION
-krb5_config_vget_string (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	va_list /*args*/);
-
-const char* KRB5_LIB_FUNCTION
-krb5_config_vget_string_default (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	const char */*def_value*/,
-	va_list /*args*/);
-
-char ** KRB5_LIB_FUNCTION
-krb5_config_vget_strings (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	va_list /*args*/);
-
-int KRB5_LIB_FUNCTION
-krb5_config_vget_time (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	va_list /*args*/);
-
-int KRB5_LIB_FUNCTION
-krb5_config_vget_time_default (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	int /*def_value*/,
-	va_list /*args*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_address (
-	krb5_context /*context*/,
-	const krb5_address */*inaddr*/,
-	krb5_address */*outaddr*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_addresses (
-	krb5_context /*context*/,
-	const krb5_addresses */*inaddr*/,
-	krb5_addresses */*outaddr*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_checksum (
-	krb5_context /*context*/,
-	const krb5_checksum */*old*/,
-	krb5_checksum **/*new*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_creds (
-	krb5_context /*context*/,
-	const krb5_creds */*incred*/,
-	krb5_creds **/*outcred*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_creds_contents (
-	krb5_context /*context*/,
-	const krb5_creds */*incred*/,
-	krb5_creds */*c*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_data (
-	krb5_context /*context*/,
-	const krb5_data */*indata*/,
-	krb5_data **/*outdata*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_host_realm (
-	krb5_context /*context*/,
-	const krb5_realm */*from*/,
-	krb5_realm **/*to*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_keyblock (
-	krb5_context /*context*/,
-	const krb5_keyblock */*inblock*/,
-	krb5_keyblock **/*to*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_keyblock_contents (
-	krb5_context /*context*/,
-	const krb5_keyblock */*inblock*/,
-	krb5_keyblock */*to*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_principal (
-	krb5_context /*context*/,
-	krb5_const_principal /*inprinc*/,
-	krb5_principal */*outprinc*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_ticket (
-	krb5_context /*context*/,
-	const krb5_ticket */*from*/,
-	krb5_ticket **/*to*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_create_checksum (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/,
-	krb5_key_usage /*usage*/,
-	int /*type*/,
-	void */*data*/,
-	size_t /*len*/,
-	Checksum */*result*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_crypto_destroy (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_crypto_get_checksum_type (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/,
-	krb5_cksumtype */*type*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_crypto_getblocksize (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/,
-	size_t */*blocksize*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_crypto_getconfoundersize (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/,
-	size_t */*confoundersize*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_crypto_getenctype (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/,
-	krb5_enctype */*enctype*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_crypto_getpadsize (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/,
-	size_t */*padsize*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_crypto_init (
-	krb5_context /*context*/,
-	const krb5_keyblock */*key*/,
-	krb5_enctype /*etype*/,
-	krb5_crypto */*crypto*/);
-
-size_t
-krb5_crypto_overhead (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_crypto_prf (
-	krb5_context /*context*/,
-	const krb5_crypto /*crypto*/,
-	const krb5_data */*input*/,
-	krb5_data */*output*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_crypto_prf_length (
-	krb5_context /*context*/,
-	krb5_enctype /*type*/,
-	size_t */*length*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_data_alloc (
-	krb5_data */*p*/,
-	int /*len*/);
-
-int KRB5_LIB_FUNCTION
-krb5_data_cmp (
-	const krb5_data */*data1*/,
-	const krb5_data */*data2*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_data_copy (
-	krb5_data */*p*/,
-	const void */*data*/,
-	size_t /*len*/);
-
-void KRB5_LIB_FUNCTION
-krb5_data_free (krb5_data */*p*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_data_realloc (
-	krb5_data */*p*/,
-	int /*len*/);
-
-void KRB5_LIB_FUNCTION
-krb5_data_zero (krb5_data */*p*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decode_Authenticator (
-	krb5_context /*context*/,
-	const void */*data*/,
-	size_t /*length*/,
-	Authenticator */*t*/,
-	size_t */*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decode_ETYPE_INFO (
-	krb5_context /*context*/,
-	const void */*data*/,
-	size_t /*length*/,
-	ETYPE_INFO */*t*/,
-	size_t */*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decode_ETYPE_INFO2 (
-	krb5_context /*context*/,
-	const void */*data*/,
-	size_t /*length*/,
-	ETYPE_INFO2 */*t*/,
-	size_t */*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decode_EncAPRepPart (
-	krb5_context /*context*/,
-	const void */*data*/,
-	size_t /*length*/,
-	EncAPRepPart */*t*/,
-	size_t */*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decode_EncASRepPart (
-	krb5_context /*context*/,
-	const void */*data*/,
-	size_t /*length*/,
-	EncASRepPart */*t*/,
-	size_t */*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decode_EncKrbCredPart (
-	krb5_context /*context*/,
-	const void */*data*/,
-	size_t /*length*/,
-	EncKrbCredPart */*t*/,
-	size_t */*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decode_EncTGSRepPart (
-	krb5_context /*context*/,
-	const void */*data*/,
-	size_t /*length*/,
-	EncTGSRepPart */*t*/,
-	size_t */*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decode_EncTicketPart (
-	krb5_context /*context*/,
-	const void */*data*/,
-	size_t /*length*/,
-	EncTicketPart */*t*/,
-	size_t */*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decode_ap_req (
-	krb5_context /*context*/,
-	const krb5_data */*inbuf*/,
-	krb5_ap_req */*ap_req*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decrypt (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/,
-	unsigned /*usage*/,
-	void */*data*/,
-	size_t /*len*/,
-	krb5_data */*result*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decrypt_EncryptedData (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/,
-	unsigned /*usage*/,
-	const EncryptedData */*e*/,
-	krb5_data */*result*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decrypt_ivec (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/,
-	unsigned /*usage*/,
-	void */*data*/,
-	size_t /*len*/,
-	krb5_data */*result*/,
-	void */*ivec*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decrypt_ticket (
-	krb5_context /*context*/,
-	Ticket */*ticket*/,
-	krb5_keyblock */*key*/,
-	EncTicketPart */*out*/,
-	krb5_flags /*flags*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_derive_key (
-	krb5_context /*context*/,
-	const krb5_keyblock */*key*/,
-	krb5_enctype /*etype*/,
-	const void */*constant*/,
-	size_t /*constant_len*/,
-	krb5_keyblock **/*derived_key*/);
-
-krb5_error_code
-krb5_digest_alloc (
-	krb5_context /*context*/,
-	krb5_digest */*digest*/);
-
-void
-krb5_digest_free (krb5_digest /*digest*/);
-
-krb5_error_code
-krb5_digest_get_client_binding (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	char **/*type*/,
-	char **/*binding*/);
-
-const char *
-krb5_digest_get_identifier (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/);
-
-const char *
-krb5_digest_get_opaque (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/);
-
-const char *
-krb5_digest_get_rsp (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/);
-
-const char *
-krb5_digest_get_server_nonce (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/);
-
-krb5_error_code
-krb5_digest_get_session_key (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	krb5_data */*data*/);
-
-krb5_error_code
-krb5_digest_get_tickets (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	Ticket **/*tickets*/);
-
-krb5_error_code
-krb5_digest_init_request (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	krb5_realm /*realm*/,
-	krb5_ccache /*ccache*/);
-
-krb5_error_code
-krb5_digest_probe (
-	krb5_context /*context*/,
-	krb5_realm /*realm*/,
-	krb5_ccache /*ccache*/,
-	unsigned */*flags*/);
-
-krb5_boolean
-krb5_digest_rep_get_status (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/);
-
-krb5_error_code
-krb5_digest_request (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	krb5_realm /*realm*/,
-	krb5_ccache /*ccache*/);
-
-krb5_error_code
-krb5_digest_set_authentication_user (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	krb5_principal /*authentication_user*/);
-
-krb5_error_code
-krb5_digest_set_authid (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	const char */*authid*/);
-
-krb5_error_code
-krb5_digest_set_client_nonce (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	const char */*nonce*/);
-
-krb5_error_code
-krb5_digest_set_digest (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	const char */*dgst*/);
-
-krb5_error_code
-krb5_digest_set_hostname (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	const char */*hostname*/);
-
-krb5_error_code
-krb5_digest_set_identifier (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	const char */*id*/);
-
-krb5_error_code
-krb5_digest_set_method (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	const char */*method*/);
-
-krb5_error_code
-krb5_digest_set_nonceCount (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	const char */*nonce_count*/);
-
-krb5_error_code
-krb5_digest_set_opaque (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	const char */*opaque*/);
-
-krb5_error_code
-krb5_digest_set_qop (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	const char */*qop*/);
-
-krb5_error_code
-krb5_digest_set_realm (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	const char */*realm*/);
-
-int
-krb5_digest_set_responseData (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	const char */*response*/);
-
-krb5_error_code
-krb5_digest_set_server_cb (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	const char */*type*/,
-	const char */*binding*/);
-
-krb5_error_code
-krb5_digest_set_server_nonce (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	const char */*nonce*/);
-
-krb5_error_code
-krb5_digest_set_type (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	const char */*type*/);
-
-krb5_error_code
-krb5_digest_set_uri (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	const char */*uri*/);
-
-krb5_error_code
-krb5_digest_set_username (
-	krb5_context /*context*/,
-	krb5_digest /*digest*/,
-	const char */*username*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_domain_x500_decode (
-	krb5_context /*context*/,
-	krb5_data /*tr*/,
-	char ***/*realms*/,
-	int */*num_realms*/,
-	const char */*client_realm*/,
-	const char */*server_realm*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_domain_x500_encode (
-	char **/*realms*/,
-	int /*num_realms*/,
-	krb5_data */*encoding*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_eai_to_heim_errno (
-	int /*eai_errno*/,
-	int /*system_error*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encode_Authenticator (
-	krb5_context /*context*/,
-	void */*data*/,
-	size_t /*length*/,
-	Authenticator */*t*/,
-	size_t */*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encode_ETYPE_INFO (
-	krb5_context /*context*/,
-	void */*data*/,
-	size_t /*length*/,
-	ETYPE_INFO */*t*/,
-	size_t */*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encode_ETYPE_INFO2 (
-	krb5_context /*context*/,
-	void */*data*/,
-	size_t /*length*/,
-	ETYPE_INFO2 */*t*/,
-	size_t */*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encode_EncAPRepPart (
-	krb5_context /*context*/,
-	void */*data*/,
-	size_t /*length*/,
-	EncAPRepPart */*t*/,
-	size_t */*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encode_EncASRepPart (
-	krb5_context /*context*/,
-	void */*data*/,
-	size_t /*length*/,
-	EncASRepPart */*t*/,
-	size_t */*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encode_EncKrbCredPart (
-	krb5_context /*context*/,
-	void */*data*/,
-	size_t /*length*/,
-	EncKrbCredPart */*t*/,
-	size_t */*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encode_EncTGSRepPart (
-	krb5_context /*context*/,
-	void */*data*/,
-	size_t /*length*/,
-	EncTGSRepPart */*t*/,
-	size_t */*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encode_EncTicketPart (
-	krb5_context /*context*/,
-	void */*data*/,
-	size_t /*length*/,
-	EncTicketPart */*t*/,
-	size_t */*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encrypt (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/,
-	unsigned /*usage*/,
-	const void */*data*/,
-	size_t /*len*/,
-	krb5_data */*result*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encrypt_EncryptedData (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/,
-	unsigned /*usage*/,
-	void */*data*/,
-	size_t /*len*/,
-	int /*kvno*/,
-	EncryptedData */*result*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_encrypt_ivec (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/,
-	unsigned /*usage*/,
-	const void */*data*/,
-	size_t /*len*/,
-	krb5_data */*result*/,
-	void */*ivec*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_enctype_disable (
-	krb5_context /*context*/,
-	krb5_enctype /*enctype*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_enctype_keybits (
-	krb5_context /*context*/,
-	krb5_enctype /*type*/,
-	size_t */*keybits*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_enctype_keysize (
-	krb5_context /*context*/,
-	krb5_enctype /*type*/,
-	size_t */*keysize*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_enctype_to_keytype (
-	krb5_context /*context*/,
-	krb5_enctype /*etype*/,
-	krb5_keytype */*keytype*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_enctype_to_string (
-	krb5_context /*context*/,
-	krb5_enctype /*etype*/,
-	char **/*string*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_enctype_valid (
-	krb5_context /*context*/,
-	krb5_enctype /*etype*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_enctypes_compatible_keys (
-	krb5_context /*context*/,
-	krb5_enctype /*etype1*/,
-	krb5_enctype /*etype2*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_err (
-	krb5_context /*context*/,
-	int /*eval*/,
-	krb5_error_code /*code*/,
-	const char */*fmt*/,
-	...)
-    __attribute__ ((noreturn, format (printf, 4, 5)));
-
-krb5_error_code KRB5_LIB_FUNCTION 
-    __attribute__((deprecated)) krb5_free_creds_contents (krb5_context context, krb5_creds *c);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_error_from_rd_error (
-	krb5_context /*context*/,
-	const krb5_error */*error*/,
-	const krb5_creds */*creds*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_errx (
-	krb5_context /*context*/,
-	int /*eval*/,
-	const char */*fmt*/,
-	...)
-    __attribute__ ((noreturn, format (printf, 3, 4)));
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_expand_hostname (
-	krb5_context /*context*/,
-	const char */*orig_hostname*/,
-	char **/*new_hostname*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_expand_hostname_realms (
-	krb5_context /*context*/,
-	const char */*orig_hostname*/,
-	char **/*new_hostname*/,
-	char ***/*realms*/);
-
-PA_DATA *
-krb5_find_padata (
-	PA_DATA */*val*/,
-	unsigned /*len*/,
-	int /*type*/,
-	int */*idx*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_format_time (
-	krb5_context /*context*/,
-	time_t /*t*/,
-	char */*s*/,
-	size_t /*len*/,
-	krb5_boolean /*include_time*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_free_address (
-	krb5_context /*context*/,
-	krb5_address */*address*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_free_addresses (
-	krb5_context /*context*/,
-	krb5_addresses */*addresses*/);
-
-void KRB5_LIB_FUNCTION
-krb5_free_ap_rep_enc_part (
-	krb5_context /*context*/,
-	krb5_ap_rep_enc_part */*val*/);
-
-void KRB5_LIB_FUNCTION
-krb5_free_authenticator (
-	krb5_context /*context*/,
-	krb5_authenticator */*authenticator*/);
-
-void KRB5_LIB_FUNCTION
-krb5_free_checksum (
-	krb5_context /*context*/,
-	krb5_checksum */*cksum*/);
-
-void KRB5_LIB_FUNCTION
-krb5_free_checksum_contents (
-	krb5_context /*context*/,
-	krb5_checksum */*cksum*/);
-
-void KRB5_LIB_FUNCTION
-krb5_free_config_files (char **/*filenames*/);
-
-void KRB5_LIB_FUNCTION
-krb5_free_context (krb5_context /*context*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_free_cred_contents (
-	krb5_context /*context*/,
-	krb5_creds */*c*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_free_creds (
-	krb5_context /*context*/,
-	krb5_creds */*c*/);
-
-void KRB5_LIB_FUNCTION
-krb5_free_data (
-	krb5_context /*context*/,
-	krb5_data */*p*/);
-
-void KRB5_LIB_FUNCTION
-krb5_free_data_contents (
-	krb5_context /*context*/,
-	krb5_data */*data*/);
-
-void KRB5_LIB_FUNCTION
-krb5_free_error (
-	krb5_context /*context*/,
-	krb5_error */*error*/);
-
-void KRB5_LIB_FUNCTION
-krb5_free_error_contents (
-	krb5_context /*context*/,
-	krb5_error */*error*/);
-
-void KRB5_LIB_FUNCTION
-krb5_free_error_string (
-	krb5_context /*context*/,
-	char */*str*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_free_host_realm (
-	krb5_context /*context*/,
-	krb5_realm */*realmlist*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_free_kdc_rep (
-	krb5_context /*context*/,
-	krb5_kdc_rep */*rep*/);
-
-void KRB5_LIB_FUNCTION
-krb5_free_keyblock (
-	krb5_context /*context*/,
-	krb5_keyblock */*keyblock*/);
-
-void KRB5_LIB_FUNCTION
-krb5_free_keyblock_contents (
-	krb5_context /*context*/,
-	krb5_keyblock */*keyblock*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_free_krbhst (
-	krb5_context /*context*/,
-	char **/*hostlist*/);
-
-void KRB5_LIB_FUNCTION
-krb5_free_principal (
-	krb5_context /*context*/,
-	krb5_principal /*p*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_free_salt (
-	krb5_context /*context*/,
-	krb5_salt /*salt*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_free_ticket (
-	krb5_context /*context*/,
-	krb5_ticket */*ticket*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_fwd_tgt_creds (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	const char */*hostname*/,
-	krb5_principal /*client*/,
-	krb5_principal /*server*/,
-	krb5_ccache /*ccache*/,
-	int /*forwardable*/,
-	krb5_data */*out_data*/);
-
-void KRB5_LIB_FUNCTION
-krb5_generate_random_block (
-	void */*buf*/,
-	size_t /*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_generate_random_keyblock (
-	krb5_context /*context*/,
-	krb5_enctype /*type*/,
-	krb5_keyblock */*key*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_generate_seq_number (
-	krb5_context /*context*/,
-	const krb5_keyblock */*key*/,
-	uint32_t */*seqno*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_generate_subkey (
-	krb5_context /*context*/,
-	const krb5_keyblock */*key*/,
-	krb5_keyblock **/*subkey*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_generate_subkey_extended (
-	krb5_context /*context*/,
-	const krb5_keyblock */*key*/,
-	krb5_enctype /*etype*/,
-	krb5_keyblock **/*subkey*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_all_client_addrs (
-	krb5_context /*context*/,
-	krb5_addresses */*res*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_all_server_addrs (
-	krb5_context /*context*/,
-	krb5_addresses */*res*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_cred_from_kdc (
-	krb5_context /*context*/,
-	krb5_ccache /*ccache*/,
-	krb5_creds */*in_creds*/,
-	krb5_creds **/*out_creds*/,
-	krb5_creds ***/*ret_tgts*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_cred_from_kdc_opt (
-	krb5_context /*context*/,
-	krb5_ccache /*ccache*/,
-	krb5_creds */*in_creds*/,
-	krb5_creds **/*out_creds*/,
-	krb5_creds ***/*ret_tgts*/,
-	krb5_flags /*flags*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_credentials (
-	krb5_context /*context*/,
-	krb5_flags /*options*/,
-	krb5_ccache /*ccache*/,
-	krb5_creds */*in_creds*/,
-	krb5_creds **/*out_creds*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_credentials_with_flags (
-	krb5_context /*context*/,
-	krb5_flags /*options*/,
-	krb5_kdc_flags /*flags*/,
-	krb5_ccache /*ccache*/,
-	krb5_creds */*in_creds*/,
-	krb5_creds **/*out_creds*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_creds (
-	krb5_context /*context*/,
-	krb5_get_creds_opt /*opt*/,
-	krb5_ccache /*ccache*/,
-	krb5_const_principal /*inprinc*/,
-	krb5_creds **/*out_creds*/);
-
-void KRB5_LIB_FUNCTION
-krb5_get_creds_opt_add_options (
-	krb5_context /*context*/,
-	krb5_get_creds_opt /*opt*/,
-	krb5_flags /*options*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_creds_opt_alloc (
-	krb5_context /*context*/,
-	krb5_get_creds_opt */*opt*/);
-
-void KRB5_LIB_FUNCTION
-krb5_get_creds_opt_free (
-	krb5_context /*context*/,
-	krb5_get_creds_opt /*opt*/);
-
-void KRB5_LIB_FUNCTION
-krb5_get_creds_opt_set_enctype (
-	krb5_context /*context*/,
-	krb5_get_creds_opt /*opt*/,
-	krb5_enctype /*enctype*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_creds_opt_set_impersonate (
-	krb5_context /*context*/,
-	krb5_get_creds_opt /*opt*/,
-	krb5_const_principal /*self*/);
-
-void KRB5_LIB_FUNCTION
-krb5_get_creds_opt_set_options (
-	krb5_context /*context*/,
-	krb5_get_creds_opt /*opt*/,
-	krb5_flags /*options*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_creds_opt_set_ticket (
-	krb5_context /*context*/,
-	krb5_get_creds_opt /*opt*/,
-	const Ticket */*ticket*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_default_config_files (char ***/*pfilenames*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_default_in_tkt_etypes (
-	krb5_context /*context*/,
-	krb5_enctype **/*etypes*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_default_principal (
-	krb5_context /*context*/,
-	krb5_principal */*princ*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_default_realm (
-	krb5_context /*context*/,
-	krb5_realm */*realm*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_default_realms (
-	krb5_context /*context*/,
-	krb5_realm **/*realms*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_get_dns_canonicalize_hostname (krb5_context /*context*/);
-
-const char* KRB5_LIB_FUNCTION
-krb5_get_err_text (
-	krb5_context /*context*/,
-	krb5_error_code /*code*/);
-
-char * KRB5_LIB_FUNCTION
-krb5_get_error_message (
-	krb5_context /*context*/,
-	krb5_error_code /*code*/);
-
-char * KRB5_LIB_FUNCTION
-krb5_get_error_string (krb5_context /*context*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_extra_addresses (
-	krb5_context /*context*/,
-	krb5_addresses */*addresses*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_fcache_version (
-	krb5_context /*context*/,
-	int */*version*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_forwarded_creds (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_ccache /*ccache*/,
-	krb5_flags /*flags*/,
-	const char */*hostname*/,
-	krb5_creds */*in_creds*/,
-	krb5_data */*out_data*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_host_realm (
-	krb5_context /*context*/,
-	const char */*targethost*/,
-	krb5_realm **/*realms*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_ignore_addresses (
-	krb5_context /*context*/,
-	krb5_addresses */*addresses*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_in_cred (
-	krb5_context /*context*/,
-	krb5_flags /*options*/,
-	const krb5_addresses */*addrs*/,
-	const krb5_enctype */*etypes*/,
-	const krb5_preauthtype */*ptypes*/,
-	const krb5_preauthdata */*preauth*/,
-	krb5_key_proc /*key_proc*/,
-	krb5_const_pointer /*keyseed*/,
-	krb5_decrypt_proc /*decrypt_proc*/,
-	krb5_const_pointer /*decryptarg*/,
-	krb5_creds */*creds*/,
-	krb5_kdc_rep */*ret_as_reply*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_in_tkt (
-	krb5_context /*context*/,
-	krb5_flags /*options*/,
-	const krb5_addresses */*addrs*/,
-	const krb5_enctype */*etypes*/,
-	const krb5_preauthtype */*ptypes*/,
-	krb5_key_proc /*key_proc*/,
-	krb5_const_pointer /*keyseed*/,
-	krb5_decrypt_proc /*decrypt_proc*/,
-	krb5_const_pointer /*decryptarg*/,
-	krb5_creds */*creds*/,
-	krb5_ccache /*ccache*/,
-	krb5_kdc_rep */*ret_as_reply*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_in_tkt_with_keytab (
-	krb5_context /*context*/,
-	krb5_flags /*options*/,
-	krb5_addresses */*addrs*/,
-	const krb5_enctype */*etypes*/,
-	const krb5_preauthtype */*pre_auth_types*/,
-	krb5_keytab /*keytab*/,
-	krb5_ccache /*ccache*/,
-	krb5_creds */*creds*/,
-	krb5_kdc_rep */*ret_as_reply*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_in_tkt_with_password (
-	krb5_context /*context*/,
-	krb5_flags /*options*/,
-	krb5_addresses */*addrs*/,
-	const krb5_enctype */*etypes*/,
-	const krb5_preauthtype */*pre_auth_types*/,
-	const char */*password*/,
-	krb5_ccache /*ccache*/,
-	krb5_creds */*creds*/,
-	krb5_kdc_rep */*ret_as_reply*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_in_tkt_with_skey (
-	krb5_context /*context*/,
-	krb5_flags /*options*/,
-	krb5_addresses */*addrs*/,
-	const krb5_enctype */*etypes*/,
-	const krb5_preauthtype */*pre_auth_types*/,
-	const krb5_keyblock */*key*/,
-	krb5_ccache /*ccache*/,
-	krb5_creds */*creds*/,
-	krb5_kdc_rep */*ret_as_reply*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds (
-	krb5_context /*context*/,
-	krb5_creds */*creds*/,
-	krb5_principal /*client*/,
-	krb5_prompter_fct /*prompter*/,
-	void */*data*/,
-	krb5_deltat /*start_time*/,
-	const char */*in_tkt_service*/,
-	krb5_get_init_creds_opt */*options*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_keyblock (
-	krb5_context /*context*/,
-	krb5_creds */*creds*/,
-	krb5_principal /*client*/,
-	krb5_keyblock */*keyblock*/,
-	krb5_deltat /*start_time*/,
-	const char */*in_tkt_service*/,
-	krb5_get_init_creds_opt */*options*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_keytab (
-	krb5_context /*context*/,
-	krb5_creds */*creds*/,
-	krb5_principal /*client*/,
-	krb5_keytab /*keytab*/,
-	krb5_deltat /*start_time*/,
-	const char */*in_tkt_service*/,
-	krb5_get_init_creds_opt */*options*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_alloc (
-	krb5_context /*context*/,
-	krb5_get_init_creds_opt **/*opt*/);
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_free (
-	krb5_context /*context*/,
-	krb5_get_init_creds_opt */*opt*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_get_error (
-	krb5_context /*context*/,
-	krb5_get_init_creds_opt */*opt*/,
-	KRB_ERROR **/*error*/);
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_init (krb5_get_init_creds_opt */*opt*/);
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_address_list (
-	krb5_get_init_creds_opt */*opt*/,
-	krb5_addresses */*addresses*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_addressless (
-	krb5_context /*context*/,
-	krb5_get_init_creds_opt */*opt*/,
-	krb5_boolean /*addressless*/);
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_anonymous (
-	krb5_get_init_creds_opt */*opt*/,
-	int /*anonymous*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_canonicalize (
-	krb5_context /*context*/,
-	krb5_get_init_creds_opt */*opt*/,
-	krb5_boolean /*req*/);
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_default_flags (
-	krb5_context /*context*/,
-	const char */*appname*/,
-	krb5_const_realm /*realm*/,
-	krb5_get_init_creds_opt */*opt*/);
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_etype_list (
-	krb5_get_init_creds_opt */*opt*/,
-	krb5_enctype */*etype_list*/,
-	int /*etype_list_length*/);
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_forwardable (
-	krb5_get_init_creds_opt */*opt*/,
-	int /*forwardable*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_pa_password (
-	krb5_context /*context*/,
-	krb5_get_init_creds_opt */*opt*/,
-	const char */*password*/,
-	krb5_s2k_proc /*key_proc*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_pac_request (
-	krb5_context /*context*/,
-	krb5_get_init_creds_opt */*opt*/,
-	krb5_boolean /*req_pac*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_pkinit (
-	krb5_context /*context*/,
-	krb5_get_init_creds_opt */*opt*/,
-	krb5_principal /*principal*/,
-	const char */*user_id*/,
-	const char */*x509_anchors*/,
-	char * const * /*pool*/,
-	char * const * /*pki_revoke*/,
-	int /*flags*/,
-	krb5_prompter_fct /*prompter*/,
-	void */*prompter_data*/,
-	char */*password*/);
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_preauth_list (
-	krb5_get_init_creds_opt */*opt*/,
-	krb5_preauthtype */*preauth_list*/,
-	int /*preauth_list_length*/);
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_proxiable (
-	krb5_get_init_creds_opt */*opt*/,
-	int /*proxiable*/);
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_renew_life (
-	krb5_get_init_creds_opt */*opt*/,
-	krb5_deltat /*renew_life*/);
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_salt (
-	krb5_get_init_creds_opt */*opt*/,
-	krb5_data */*salt*/);
-
-void KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_tkt_life (
-	krb5_get_init_creds_opt */*opt*/,
-	krb5_deltat /*tkt_life*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_win2k (
-	krb5_context /*context*/,
-	krb5_get_init_creds_opt */*opt*/,
-	krb5_boolean /*req*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_password (
-	krb5_context /*context*/,
-	krb5_creds */*creds*/,
-	krb5_principal /*client*/,
-	const char */*password*/,
-	krb5_prompter_fct /*prompter*/,
-	void */*data*/,
-	krb5_deltat /*start_time*/,
-	const char */*in_tkt_service*/,
-	krb5_get_init_creds_opt */*in_options*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_kdc_cred (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/,
-	krb5_kdc_flags /*flags*/,
-	krb5_addresses */*addresses*/,
-	Ticket */*second_ticket*/,
-	krb5_creds */*in_creds*/,
-	krb5_creds **out_creds );
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_kdc_sec_offset (
-	krb5_context /*context*/,
-	int32_t */*sec*/,
-	int32_t */*usec*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_krb524hst (
-	krb5_context /*context*/,
-	const krb5_realm */*realm*/,
-	char ***/*hostlist*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_krb_admin_hst (
-	krb5_context /*context*/,
-	const krb5_realm */*realm*/,
-	char ***/*hostlist*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_krb_changepw_hst (
-	krb5_context /*context*/,
-	const krb5_realm */*realm*/,
-	char ***/*hostlist*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_krbhst (
-	krb5_context /*context*/,
-	const krb5_realm */*realm*/,
-	char ***/*hostlist*/);
-
-time_t KRB5_LIB_FUNCTION
-krb5_get_max_time_skew (krb5_context /*context*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_pw_salt (
-	krb5_context /*context*/,
-	krb5_const_principal /*principal*/,
-	krb5_salt */*salt*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_renewed_creds (
-	krb5_context /*context*/,
-	krb5_creds */*creds*/,
-	krb5_const_principal /*client*/,
-	krb5_ccache /*ccache*/,
-	const char */*in_tkt_service*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_server_rcache (
-	krb5_context /*context*/,
-	const krb5_data */*piece*/,
-	krb5_rcache */*id*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_get_use_admin_kdc (krb5_context /*context*/);
-
-krb5_log_facility * KRB5_LIB_FUNCTION
-krb5_get_warn_dest (krb5_context /*context*/);
-
-size_t
-krb5_get_wrapped_length (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/,
-	size_t /*data_len*/);
-
-int KRB5_LIB_FUNCTION
-krb5_getportbyname (
-	krb5_context /*context*/,
-	const char */*service*/,
-	const char */*proto*/,
-	int /*default_port*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_h_addr2addr (
-	krb5_context /*context*/,
-	int /*af*/,
-	const char */*haddr*/,
-	krb5_address */*addr*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_h_addr2sockaddr (
-	krb5_context /*context*/,
-	int /*af*/,
-	const char */*addr*/,
-	struct sockaddr */*sa*/,
-	krb5_socklen_t */*sa_size*/,
-	int /*port*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_h_errno_to_heim_errno (int /*eai_errno*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_have_error_string (krb5_context /*context*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_hmac (
-	krb5_context /*context*/,
-	krb5_cksumtype /*cktype*/,
-	const void */*data*/,
-	size_t /*len*/,
-	unsigned /*usage*/,
-	krb5_keyblock */*key*/,
-	Checksum */*result*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_init_context (krb5_context */*context*/);
-
-void KRB5_LIB_FUNCTION
-krb5_init_ets (krb5_context /*context*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_init_etype (
-	krb5_context /*context*/,
-	unsigned */*len*/,
-	krb5_enctype **/*val*/,
-	const krb5_enctype */*etypes*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_initlog (
-	krb5_context /*context*/,
-	const char */*program*/,
-	krb5_log_facility **/*fac*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_is_thread_safe (void);
-
-const krb5_enctype * KRB5_LIB_FUNCTION
-krb5_kerberos_enctypes (krb5_context /*context*/);
-
-krb5_enctype
-krb5_keyblock_get_enctype (const krb5_keyblock */*block*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_keyblock_init (
-	krb5_context /*context*/,
-	krb5_enctype /*type*/,
-	const void */*data*/,
-	size_t /*size*/,
-	krb5_keyblock */*key*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_keyblock_key_proc (
-	krb5_context /*context*/,
-	krb5_keytype /*type*/,
-	krb5_data */*salt*/,
-	krb5_const_pointer /*keyseed*/,
-	krb5_keyblock **/*key*/);
-
-void KRB5_LIB_FUNCTION
-krb5_keyblock_zero (krb5_keyblock */*keyblock*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_keytab_key_proc (
-	krb5_context /*context*/,
-	krb5_enctype /*enctype*/,
-	krb5_salt /*salt*/,
-	krb5_const_pointer /*keyseed*/,
-	krb5_keyblock **/*key*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_keytype_to_enctypes (
-	krb5_context /*context*/,
-	krb5_keytype /*keytype*/,
-	unsigned */*len*/,
-	krb5_enctype **/*val*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_keytype_to_enctypes_default (
-	krb5_context /*context*/,
-	krb5_keytype /*keytype*/,
-	unsigned */*len*/,
-	krb5_enctype **/*val*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_keytype_to_string (
-	krb5_context /*context*/,
-	krb5_keytype /*keytype*/,
-	char **/*string*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_krbhst_format_string (
-	krb5_context /*context*/,
-	const krb5_krbhst_info */*host*/,
-	char */*hostname*/,
-	size_t /*hostlen*/);
-
-void KRB5_LIB_FUNCTION
-krb5_krbhst_free (
-	krb5_context /*context*/,
-	krb5_krbhst_handle /*handle*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_krbhst_get_addrinfo (
-	krb5_context /*context*/,
-	krb5_krbhst_info */*host*/,
-	struct addrinfo **/*ai*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_krbhst_init (
-	krb5_context /*context*/,
-	const char */*realm*/,
-	unsigned int /*type*/,
-	krb5_krbhst_handle */*handle*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_krbhst_init_flags (
-	krb5_context /*context*/,
-	const char */*realm*/,
-	unsigned int /*type*/,
-	int /*flags*/,
-	krb5_krbhst_handle */*handle*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_krbhst_next (
-	krb5_context /*context*/,
-	krb5_krbhst_handle /*handle*/,
-	krb5_krbhst_info **/*host*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_krbhst_next_as_string (
-	krb5_context /*context*/,
-	krb5_krbhst_handle /*handle*/,
-	char */*hostname*/,
-	size_t /*hostlen*/);
-
-void KRB5_LIB_FUNCTION
-krb5_krbhst_reset (
-	krb5_context /*context*/,
-	krb5_krbhst_handle /*handle*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_add_entry (
-	krb5_context /*context*/,
-	krb5_keytab /*id*/,
-	krb5_keytab_entry */*entry*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_close (
-	krb5_context /*context*/,
-	krb5_keytab /*id*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_kt_compare (
-	krb5_context /*context*/,
-	krb5_keytab_entry */*entry*/,
-	krb5_const_principal /*principal*/,
-	krb5_kvno /*vno*/,
-	krb5_enctype /*enctype*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_copy_entry_contents (
-	krb5_context /*context*/,
-	const krb5_keytab_entry */*in*/,
-	krb5_keytab_entry */*out*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_default (
-	krb5_context /*context*/,
-	krb5_keytab */*id*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_default_modify_name (
-	krb5_context /*context*/,
-	char */*name*/,
-	size_t /*namesize*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_default_name (
-	krb5_context /*context*/,
-	char */*name*/,
-	size_t /*namesize*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_end_seq_get (
-	krb5_context /*context*/,
-	krb5_keytab /*id*/,
-	krb5_kt_cursor */*cursor*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_free_entry (
-	krb5_context /*context*/,
-	krb5_keytab_entry */*entry*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_get_entry (
-	krb5_context /*context*/,
-	krb5_keytab /*id*/,
-	krb5_const_principal /*principal*/,
-	krb5_kvno /*kvno*/,
-	krb5_enctype /*enctype*/,
-	krb5_keytab_entry */*entry*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_get_full_name (
-	krb5_context /*context*/,
-	krb5_keytab /*keytab*/,
-	char **/*str*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_get_name (
-	krb5_context /*context*/,
-	krb5_keytab /*keytab*/,
-	char */*name*/,
-	size_t /*namesize*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_get_type (
-	krb5_context /*context*/,
-	krb5_keytab /*keytab*/,
-	char */*prefix*/,
-	size_t /*prefixsize*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_next_entry (
-	krb5_context /*context*/,
-	krb5_keytab /*id*/,
-	krb5_keytab_entry */*entry*/,
-	krb5_kt_cursor */*cursor*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_read_service_key (
-	krb5_context /*context*/,
-	krb5_pointer /*keyprocarg*/,
-	krb5_principal /*principal*/,
-	krb5_kvno /*vno*/,
-	krb5_enctype /*enctype*/,
-	krb5_keyblock **/*key*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_register (
-	krb5_context /*context*/,
-	const krb5_kt_ops */*ops*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_remove_entry (
-	krb5_context /*context*/,
-	krb5_keytab /*id*/,
-	krb5_keytab_entry */*entry*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_resolve (
-	krb5_context /*context*/,
-	const char */*name*/,
-	krb5_keytab */*id*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_kt_start_seq_get (
-	krb5_context /*context*/,
-	krb5_keytab /*id*/,
-	krb5_kt_cursor */*cursor*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_kuserok (
-	krb5_context /*context*/,
-	krb5_principal /*principal*/,
-	const char */*luser*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_log (
-	krb5_context /*context*/,
-	krb5_log_facility */*fac*/,
-	int /*level*/,
-	const char */*fmt*/,
-	...)
-    __attribute__((format (printf, 4, 5)));
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_log_msg (
-	krb5_context /*context*/,
-	krb5_log_facility */*fac*/,
-	int /*level*/,
-	char **/*reply*/,
-	const char */*fmt*/,
-	...)
-    __attribute__((format (printf, 5, 6)));
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_make_addrport (
-	krb5_context /*context*/,
-	krb5_address **/*res*/,
-	const krb5_address */*addr*/,
-	int16_t /*port*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_make_principal (
-	krb5_context /*context*/,
-	krb5_principal */*principal*/,
-	krb5_const_realm /*realm*/,
-	...);
-
-size_t KRB5_LIB_FUNCTION
-krb5_max_sockaddr_size (void);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_mk_error (
-	krb5_context /*context*/,
-	krb5_error_code /*error_code*/,
-	const char */*e_text*/,
-	const krb5_data */*e_data*/,
-	const krb5_principal /*client*/,
-	const krb5_principal /*server*/,
-	time_t */*client_time*/,
-	int */*client_usec*/,
-	krb5_data */*reply*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_mk_priv (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	const krb5_data */*userdata*/,
-	krb5_data */*outbuf*/,
-	krb5_replay_data */*outdata*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_mk_rep (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_data */*outbuf*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_mk_req (
-	krb5_context /*context*/,
-	krb5_auth_context */*auth_context*/,
-	const krb5_flags /*ap_req_options*/,
-	const char */*service*/,
-	const char */*hostname*/,
-	krb5_data */*in_data*/,
-	krb5_ccache /*ccache*/,
-	krb5_data */*outbuf*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_mk_req_exact (
-	krb5_context /*context*/,
-	krb5_auth_context */*auth_context*/,
-	const krb5_flags /*ap_req_options*/,
-	const krb5_principal /*server*/,
-	krb5_data */*in_data*/,
-	krb5_ccache /*ccache*/,
-	krb5_data */*outbuf*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_mk_req_extended (
-	krb5_context /*context*/,
-	krb5_auth_context */*auth_context*/,
-	const krb5_flags /*ap_req_options*/,
-	krb5_data */*in_data*/,
-	krb5_creds */*in_creds*/,
-	krb5_data */*outbuf*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_mk_safe (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	const krb5_data */*userdata*/,
-	krb5_data */*outbuf*/,
-	krb5_replay_data */*outdata*/);
-
-krb5_ssize_t KRB5_LIB_FUNCTION
-krb5_net_read (
-	krb5_context /*context*/,
-	void */*p_fd*/,
-	void */*buf*/,
-	size_t /*len*/);
-
-krb5_ssize_t KRB5_LIB_FUNCTION
-krb5_net_write (
-	krb5_context /*context*/,
-	void */*p_fd*/,
-	const void */*buf*/,
-	size_t /*len*/);
-
-krb5_ssize_t KRB5_LIB_FUNCTION
-krb5_net_write_block (
-	krb5_context /*context*/,
-	void */*p_fd*/,
-	const void */*buf*/,
-	size_t /*len*/,
-	time_t /*timeout*/);
-
-krb5_error_code
-krb5_ntlm_alloc (
-	krb5_context /*context*/,
-	krb5_ntlm */*ntlm*/);
-
-krb5_error_code
-krb5_ntlm_free (
-	krb5_context /*context*/,
-	krb5_ntlm /*ntlm*/);
-
-krb5_error_code
-krb5_ntlm_init_get_challange (
-	krb5_context /*context*/,
-	krb5_ntlm /*ntlm*/,
-	krb5_data */*challange*/);
-
-krb5_error_code
-krb5_ntlm_init_get_flags (
-	krb5_context /*context*/,
-	krb5_ntlm /*ntlm*/,
-	uint32_t */*flags*/);
-
-krb5_error_code
-krb5_ntlm_init_get_opaque (
-	krb5_context /*context*/,
-	krb5_ntlm /*ntlm*/,
-	krb5_data */*opaque*/);
-
-krb5_error_code
-krb5_ntlm_init_get_targetinfo (
-	krb5_context /*context*/,
-	krb5_ntlm /*ntlm*/,
-	krb5_data */*data*/);
-
-krb5_error_code
-krb5_ntlm_init_get_targetname (
-	krb5_context /*context*/,
-	krb5_ntlm /*ntlm*/,
-	char **/*name*/);
-
-krb5_error_code
-krb5_ntlm_init_request (
-	krb5_context /*context*/,
-	krb5_ntlm /*ntlm*/,
-	krb5_realm /*realm*/,
-	krb5_ccache /*ccache*/,
-	uint32_t /*flags*/,
-	const char */*hostname*/,
-	const char */*domainname*/);
-
-krb5_error_code
-krb5_ntlm_rep_get_sessionkey (
-	krb5_context /*context*/,
-	krb5_ntlm /*ntlm*/,
-	krb5_data */*data*/);
-
-krb5_boolean
-krb5_ntlm_rep_get_status (
-	krb5_context /*context*/,
-	krb5_ntlm /*ntlm*/);
-
-krb5_error_code
-krb5_ntlm_req_set_flags (
-	krb5_context /*context*/,
-	krb5_ntlm /*ntlm*/,
-	uint32_t /*flags*/);
-
-krb5_error_code
-krb5_ntlm_req_set_lm (
-	krb5_context /*context*/,
-	krb5_ntlm /*ntlm*/,
-	void */*hash*/,
-	size_t /*len*/);
-
-krb5_error_code
-krb5_ntlm_req_set_ntlm (
-	krb5_context /*context*/,
-	krb5_ntlm /*ntlm*/,
-	void */*hash*/,
-	size_t /*len*/);
-
-krb5_error_code
-krb5_ntlm_req_set_opaque (
-	krb5_context /*context*/,
-	krb5_ntlm /*ntlm*/,
-	krb5_data */*opaque*/);
-
-krb5_error_code
-krb5_ntlm_req_set_session (
-	krb5_context /*context*/,
-	krb5_ntlm /*ntlm*/,
-	void */*sessionkey*/,
-	size_t /*length*/);
-
-krb5_error_code
-krb5_ntlm_req_set_targetname (
-	krb5_context /*context*/,
-	krb5_ntlm /*ntlm*/,
-	const char */*targetname*/);
-
-krb5_error_code
-krb5_ntlm_req_set_username (
-	krb5_context /*context*/,
-	krb5_ntlm /*ntlm*/,
-	const char */*username*/);
-
-krb5_error_code
-krb5_ntlm_request (
-	krb5_context /*context*/,
-	krb5_ntlm /*ntlm*/,
-	krb5_realm /*realm*/,
-	krb5_ccache /*ccache*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_openlog (
-	krb5_context /*context*/,
-	const char */*program*/,
-	krb5_log_facility **/*fac*/);
-
-krb5_error_code
-krb5_pac_add_buffer (
-	krb5_context /*context*/,
-	krb5_pac /*p*/,
-	uint32_t /*type*/,
-	const krb5_data */*data*/);
-
-void
-krb5_pac_free (
-	krb5_context /*context*/,
-	krb5_pac /*pac*/);
-
-krb5_error_code
-krb5_pac_get_buffer (
-	krb5_context /*context*/,
-	krb5_pac /*p*/,
-	uint32_t /*type*/,
-	krb5_data */*data*/);
-
-krb5_error_code
-krb5_pac_get_types (
-	krb5_context /*context*/,
-	krb5_pac /*p*/,
-	size_t */*len*/,
-	uint32_t **/*types*/);
-
-krb5_error_code
-krb5_pac_init (
-	krb5_context /*context*/,
-	krb5_pac */*pac*/);
-
-krb5_error_code
-krb5_pac_parse (
-	krb5_context /*context*/,
-	const void */*ptr*/,
-	size_t /*len*/,
-	krb5_pac */*pac*/);
-
-krb5_error_code
-krb5_pac_verify (
-	krb5_context /*context*/,
-	const krb5_pac /*pac*/,
-	time_t /*authtime*/,
-	krb5_const_principal /*principal*/,
-	const krb5_keyblock */*server*/,
-	const krb5_keyblock */*privsvr*/);
-
-int KRB5_LIB_FUNCTION
-krb5_padata_add (
-	krb5_context /*context*/,
-	METHOD_DATA */*md*/,
-	int /*type*/,
-	void */*buf*/,
-	size_t /*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_parse_address (
-	krb5_context /*context*/,
-	const char */*string*/,
-	krb5_addresses */*addresses*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_parse_name (
-	krb5_context /*context*/,
-	const char */*name*/,
-	krb5_principal */*principal*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_parse_name_flags (
-	krb5_context /*context*/,
-	const char */*name*/,
-	int /*flags*/,
-	krb5_principal */*principal*/);
-
-krb5_error_code
-krb5_parse_nametype (
-	krb5_context /*context*/,
-	const char */*str*/,
-	int32_t */*nametype*/);
-
-const char* KRB5_LIB_FUNCTION
-krb5_passwd_result_to_string (
-	krb5_context /*context*/,
-	int /*result*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_password_key_proc (
-	krb5_context /*context*/,
-	krb5_enctype /*type*/,
-	krb5_salt /*salt*/,
-	krb5_const_pointer /*keyseed*/,
-	krb5_keyblock **/*key*/);
-
-krb5_error_code
-krb5_plugin_register (
-	krb5_context /*context*/,
-	enum krb5_plugin_type /*type*/,
-	const char */*name*/,
-	void */*symbol*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_prepend_config_files (
-	const char */*filelist*/,
-	char **/*pq*/,
-	char ***/*ret_pp*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_prepend_config_files_default (
-	const char */*filelist*/,
-	char ***/*pfilenames*/);
-
-krb5_realm * KRB5_LIB_FUNCTION
-krb5_princ_realm (
-	krb5_context /*context*/,
-	krb5_principal /*principal*/);
-
-void KRB5_LIB_FUNCTION
-krb5_princ_set_realm (
-	krb5_context /*context*/,
-	krb5_principal /*principal*/,
-	krb5_realm */*realm*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_principal_compare (
-	krb5_context /*context*/,
-	krb5_const_principal /*princ1*/,
-	krb5_const_principal /*princ2*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_principal_compare_any_realm (
-	krb5_context /*context*/,
-	krb5_const_principal /*princ1*/,
-	krb5_const_principal /*princ2*/);
-
-const char* KRB5_LIB_FUNCTION
-krb5_principal_get_comp_string (
-	krb5_context /*context*/,
-	krb5_const_principal /*principal*/,
-	unsigned int /*component*/);
-
-const char* KRB5_LIB_FUNCTION
-krb5_principal_get_realm (
-	krb5_context /*context*/,
-	krb5_const_principal /*principal*/);
-
-int KRB5_LIB_FUNCTION
-krb5_principal_get_type (
-	krb5_context /*context*/,
-	krb5_const_principal /*principal*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_principal_match (
-	krb5_context /*context*/,
-	krb5_const_principal /*princ*/,
-	krb5_const_principal /*pattern*/);
-
-void KRB5_LIB_FUNCTION
-krb5_principal_set_type (
-	krb5_context /*context*/,
-	krb5_principal /*principal*/,
-	int /*type*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_print_address (
-	const krb5_address */*addr*/,
-	char */*str*/,
-	size_t /*len*/,
-	size_t */*ret_len*/);
-
-int KRB5_LIB_FUNCTION
-krb5_program_setup (
-	krb5_context */*context*/,
-	int /*argc*/,
-	char **/*argv*/,
-	struct getargs */*args*/,
-	int /*num_args*/,
-	void (*/*usage*/)(int, struct getargs*, int));
-
-int KRB5_LIB_FUNCTION
-krb5_prompter_posix (
-	krb5_context /*context*/,
-	void */*data*/,
-	const char */*name*/,
-	const char */*banner*/,
-	int /*num_prompts*/,
-	krb5_prompt prompts[]);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_random_to_key (
-	krb5_context /*context*/,
-	krb5_enctype /*type*/,
-	const void */*data*/,
-	size_t /*size*/,
-	krb5_keyblock */*key*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_close (
-	krb5_context /*context*/,
-	krb5_rcache /*id*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_default (
-	krb5_context /*context*/,
-	krb5_rcache */*id*/);
-
-const char* KRB5_LIB_FUNCTION
-krb5_rc_default_name (krb5_context /*context*/);
-
-const char* KRB5_LIB_FUNCTION
-krb5_rc_default_type (krb5_context /*context*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_destroy (
-	krb5_context /*context*/,
-	krb5_rcache /*id*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_expunge (
-	krb5_context /*context*/,
-	krb5_rcache /*id*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_get_lifespan (
-	krb5_context /*context*/,
-	krb5_rcache /*id*/,
-	krb5_deltat */*auth_lifespan*/);
-
-const char* KRB5_LIB_FUNCTION
-krb5_rc_get_name (
-	krb5_context /*context*/,
-	krb5_rcache /*id*/);
-
-const char* KRB5_LIB_FUNCTION
-krb5_rc_get_type (
-	krb5_context /*context*/,
-	krb5_rcache /*id*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_initialize (
-	krb5_context /*context*/,
-	krb5_rcache /*id*/,
-	krb5_deltat /*auth_lifespan*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_recover (
-	krb5_context /*context*/,
-	krb5_rcache /*id*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_resolve (
-	krb5_context /*context*/,
-	krb5_rcache /*id*/,
-	const char */*name*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_resolve_full (
-	krb5_context /*context*/,
-	krb5_rcache */*id*/,
-	const char */*string_name*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_resolve_type (
-	krb5_context /*context*/,
-	krb5_rcache */*id*/,
-	const char */*type*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_store (
-	krb5_context /*context*/,
-	krb5_rcache /*id*/,
-	krb5_donot_replay */*rep*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_cred (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_data */*in_data*/,
-	krb5_creds ***/*ret_creds*/,
-	krb5_replay_data */*outdata*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_cred2 (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_ccache /*ccache*/,
-	krb5_data */*in_data*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_error (
-	krb5_context /*context*/,
-	const krb5_data */*msg*/,
-	KRB_ERROR */*result*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_priv (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	const krb5_data */*inbuf*/,
-	krb5_data */*outbuf*/,
-	krb5_replay_data */*outdata*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_rep (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	const krb5_data */*inbuf*/,
-	krb5_ap_rep_enc_part **/*repl*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req (
-	krb5_context /*context*/,
-	krb5_auth_context */*auth_context*/,
-	const krb5_data */*inbuf*/,
-	krb5_const_principal /*server*/,
-	krb5_keytab /*keytab*/,
-	krb5_flags */*ap_req_options*/,
-	krb5_ticket **/*ticket*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req_ctx (
-	krb5_context /*context*/,
-	krb5_auth_context */*auth_context*/,
-	const krb5_data */*inbuf*/,
-	krb5_const_principal /*server*/,
-	krb5_rd_req_in_ctx /*inctx*/,
-	krb5_rd_req_out_ctx */*outctx*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req_in_ctx_alloc (
-	krb5_context /*context*/,
-	krb5_rd_req_in_ctx */*ctx*/);
-
-void KRB5_LIB_FUNCTION
-krb5_rd_req_in_ctx_free (
-	krb5_context /*context*/,
-	krb5_rd_req_in_ctx /*ctx*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req_in_set_keyblock (
-	krb5_context /*context*/,
-	krb5_rd_req_in_ctx /*in*/,
-	krb5_keyblock */*keyblock*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req_in_set_keytab (
-	krb5_context /*context*/,
-	krb5_rd_req_in_ctx /*in*/,
-	krb5_keytab /*keytab*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req_in_set_pac_check (
-	krb5_context /*context*/,
-	krb5_rd_req_in_ctx /*in*/,
-	krb5_boolean /*flag*/);
-
-void KRB5_LIB_FUNCTION
-krb5_rd_req_out_ctx_free (
-	krb5_context /*context*/,
-	krb5_rd_req_out_ctx /*ctx*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req_out_get_ap_req_options (
-	krb5_context /*context*/,
-	krb5_rd_req_out_ctx /*out*/,
-	krb5_flags */*ap_req_options*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req_out_get_keyblock (
-	krb5_context /*context*/,
-	krb5_rd_req_out_ctx /*out*/,
-	krb5_keyblock **/*keyblock*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req_out_get_ticket (
-	krb5_context /*context*/,
-	krb5_rd_req_out_ctx /*out*/,
-	krb5_ticket **/*ticket*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req_with_keyblock (
-	krb5_context /*context*/,
-	krb5_auth_context */*auth_context*/,
-	const krb5_data */*inbuf*/,
-	krb5_const_principal /*server*/,
-	krb5_keyblock */*keyblock*/,
-	krb5_flags */*ap_req_options*/,
-	krb5_ticket **/*ticket*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_safe (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	const krb5_data */*inbuf*/,
-	krb5_data */*outbuf*/,
-	krb5_replay_data */*outdata*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_read_message (
-	krb5_context /*context*/,
-	krb5_pointer /*p_fd*/,
-	krb5_data */*data*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_read_priv_message (
-	krb5_context /*context*/,
-	krb5_auth_context /*ac*/,
-	krb5_pointer /*p_fd*/,
-	krb5_data */*data*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_read_safe_message (
-	krb5_context /*context*/,
-	krb5_auth_context /*ac*/,
-	krb5_pointer /*p_fd*/,
-	krb5_data */*data*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_realm_compare (
-	krb5_context /*context*/,
-	krb5_const_principal /*princ1*/,
-	krb5_const_principal /*princ2*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_recvauth (
-	krb5_context /*context*/,
-	krb5_auth_context */*auth_context*/,
-	krb5_pointer /*p_fd*/,
-	const char */*appl_version*/,
-	krb5_principal /*server*/,
-	int32_t /*flags*/,
-	krb5_keytab /*keytab*/,
-	krb5_ticket **/*ticket*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_recvauth_match_version (
-	krb5_context /*context*/,
-	krb5_auth_context */*auth_context*/,
-	krb5_pointer /*p_fd*/,
-	krb5_boolean (*/*match_appl_version*/)(const void *, const char*),
-	const void */*match_data*/,
-	krb5_principal /*server*/,
-	int32_t /*flags*/,
-	krb5_keytab /*keytab*/,
-	krb5_ticket **/*ticket*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_address (
-	krb5_storage */*sp*/,
-	krb5_address */*adr*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_addrs (
-	krb5_storage */*sp*/,
-	krb5_addresses */*adr*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_authdata (
-	krb5_storage */*sp*/,
-	krb5_authdata */*auth*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_creds (
-	krb5_storage */*sp*/,
-	krb5_creds */*creds*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_creds_tag (
-	krb5_storage */*sp*/,
-	krb5_creds */*creds*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_data (
-	krb5_storage */*sp*/,
-	krb5_data */*data*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_int16 (
-	krb5_storage */*sp*/,
-	int16_t */*value*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_int32 (
-	krb5_storage */*sp*/,
-	int32_t */*value*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_int8 (
-	krb5_storage */*sp*/,
-	int8_t */*value*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_keyblock (
-	krb5_storage */*sp*/,
-	krb5_keyblock */*p*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_principal (
-	krb5_storage */*sp*/,
-	krb5_principal */*princ*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_string (
-	krb5_storage */*sp*/,
-	char **/*string*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_stringnl (
-	krb5_storage */*sp*/,
-	char **/*string*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_stringz (
-	krb5_storage */*sp*/,
-	char **/*string*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_times (
-	krb5_storage */*sp*/,
-	krb5_times */*times*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_uint16 (
-	krb5_storage */*sp*/,
-	uint16_t */*value*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_uint32 (
-	krb5_storage */*sp*/,
-	uint32_t */*value*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_uint8 (
-	krb5_storage */*sp*/,
-	uint8_t */*value*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_salttype_to_string (
-	krb5_context /*context*/,
-	krb5_enctype /*etype*/,
-	krb5_salttype /*stype*/,
-	char **/*string*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_sendauth (
-	krb5_context /*context*/,
-	krb5_auth_context */*auth_context*/,
-	krb5_pointer /*p_fd*/,
-	const char */*appl_version*/,
-	krb5_principal /*client*/,
-	krb5_principal /*server*/,
-	krb5_flags /*ap_req_options*/,
-	krb5_data */*in_data*/,
-	krb5_creds */*in_creds*/,
-	krb5_ccache /*ccache*/,
-	krb5_error **/*ret_error*/,
-	krb5_ap_rep_enc_part **/*rep_result*/,
-	krb5_creds **/*out_creds*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_sendto (
-	krb5_context /*context*/,
-	const krb5_data */*send_data*/,
-	krb5_krbhst_handle /*handle*/,
-	krb5_data */*receive*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_sendto_context (
-	krb5_context /*context*/,
-	krb5_sendto_ctx /*ctx*/,
-	const krb5_data */*send_data*/,
-	const krb5_realm /*realm*/,
-	krb5_data */*receive*/);
-
-void KRB5_LIB_FUNCTION
-krb5_sendto_ctx_add_flags (
-	krb5_sendto_ctx /*ctx*/,
-	int /*flags*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_sendto_ctx_alloc (
-	krb5_context /*context*/,
-	krb5_sendto_ctx */*ctx*/);
-
-void KRB5_LIB_FUNCTION
-krb5_sendto_ctx_free (
-	krb5_context /*context*/,
-	krb5_sendto_ctx /*ctx*/);
-
-int KRB5_LIB_FUNCTION
-krb5_sendto_ctx_get_flags (krb5_sendto_ctx /*ctx*/);
-
-void KRB5_LIB_FUNCTION
-krb5_sendto_ctx_set_func (
-	krb5_sendto_ctx /*ctx*/,
-	krb5_sendto_ctx_func /*func*/,
-	void */*data*/);
-
-void KRB5_LIB_FUNCTION
-krb5_sendto_ctx_set_type (
-	krb5_sendto_ctx /*ctx*/,
-	int /*type*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_sendto_kdc (
-	krb5_context /*context*/,
-	const krb5_data */*send_data*/,
-	const krb5_realm */*realm*/,
-	krb5_data */*receive*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_sendto_kdc_flags (
-	krb5_context /*context*/,
-	const krb5_data */*send_data*/,
-	const krb5_realm */*realm*/,
-	krb5_data */*receive*/,
-	int /*flags*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_config_files (
-	krb5_context /*context*/,
-	char **/*filenames*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_default_in_tkt_etypes (
-	krb5_context /*context*/,
-	const krb5_enctype */*etypes*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_default_realm (
-	krb5_context /*context*/,
-	const char */*realm*/);
-
-void KRB5_LIB_FUNCTION
-krb5_set_dns_canonicalize_hostname (
-	krb5_context /*context*/,
-	krb5_boolean /*flag*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_error_string (
-	krb5_context /*context*/,
-	const char */*fmt*/,
-	...)
-    __attribute__((format (printf, 2, 3)));
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_extra_addresses (
-	krb5_context /*context*/,
-	const krb5_addresses */*addresses*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_fcache_version (
-	krb5_context /*context*/,
-	int /*version*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_ignore_addresses (
-	krb5_context /*context*/,
-	const krb5_addresses */*addresses*/);
-
-void KRB5_LIB_FUNCTION
-krb5_set_max_time_skew (
-	krb5_context /*context*/,
-	time_t /*t*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_password (
-	krb5_context /*context*/,
-	krb5_creds */*creds*/,
-	const char */*newpw*/,
-	krb5_principal /*targprinc*/,
-	int */*result_code*/,
-	krb5_data */*result_code_string*/,
-	krb5_data */*result_string*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_password_using_ccache (
-	krb5_context /*context*/,
-	krb5_ccache /*ccache*/,
-	const char */*newpw*/,
-	krb5_principal /*targprinc*/,
-	int */*result_code*/,
-	krb5_data */*result_code_string*/,
-	krb5_data */*result_string*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_real_time (
-	krb5_context /*context*/,
-	krb5_timestamp /*sec*/,
-	int32_t /*usec*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_send_to_kdc_func (
-	krb5_context /*context*/,
-	krb5_send_to_kdc_func /*func*/,
-	void */*data*/);
-
-void KRB5_LIB_FUNCTION
-krb5_set_use_admin_kdc (
-	krb5_context /*context*/,
-	krb5_boolean /*flag*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_warn_dest (
-	krb5_context /*context*/,
-	krb5_log_facility */*fac*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_sname_to_principal (
-	krb5_context /*context*/,
-	const char */*hostname*/,
-	const char */*sname*/,
-	int32_t /*type*/,
-	krb5_principal */*ret_princ*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_sock_to_principal (
-	krb5_context /*context*/,
-	int /*sock*/,
-	const char */*sname*/,
-	int32_t /*type*/,
-	krb5_principal */*ret_princ*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_sockaddr2address (
-	krb5_context /*context*/,
-	const struct sockaddr */*sa*/,
-	krb5_address */*addr*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_sockaddr2port (
-	krb5_context /*context*/,
-	const struct sockaddr */*sa*/,
-	int16_t */*port*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_sockaddr_uninteresting (const struct sockaddr */*sa*/);
-
-void KRB5_LIB_FUNCTION
-krb5_std_usage (
-	int /*code*/,
-	struct getargs */*args*/,
-	int /*num_args*/);
-
-void KRB5_LIB_FUNCTION
-krb5_storage_clear_flags (
-	krb5_storage */*sp*/,
-	krb5_flags /*flags*/);
-
-krb5_storage * KRB5_LIB_FUNCTION
-krb5_storage_emem (void);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_storage_free (krb5_storage */*sp*/);
-
-krb5_storage * KRB5_LIB_FUNCTION
-krb5_storage_from_data (krb5_data */*data*/);
-
-krb5_storage * KRB5_LIB_FUNCTION
-krb5_storage_from_fd (int /*fd*/);
-
-krb5_storage * KRB5_LIB_FUNCTION
-krb5_storage_from_mem (
-	void */*buf*/,
-	size_t /*len*/);
-
-krb5_storage * KRB5_LIB_FUNCTION
-krb5_storage_from_readonly_mem (
-	const void */*buf*/,
-	size_t /*len*/);
-
-krb5_flags KRB5_LIB_FUNCTION
-krb5_storage_get_byteorder (
-	krb5_storage */*sp*/,
-	krb5_flags /*byteorder*/);
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_storage_is_flags (
-	krb5_storage */*sp*/,
-	krb5_flags /*flags*/);
-
-krb5_ssize_t KRB5_LIB_FUNCTION
-krb5_storage_read (
-	krb5_storage */*sp*/,
-	void */*buf*/,
-	size_t /*len*/);
-
-off_t KRB5_LIB_FUNCTION
-krb5_storage_seek (
-	krb5_storage */*sp*/,
-	off_t /*offset*/,
-	int /*whence*/);
-
-void KRB5_LIB_FUNCTION
-krb5_storage_set_byteorder (
-	krb5_storage */*sp*/,
-	krb5_flags /*byteorder*/);
-
-void KRB5_LIB_FUNCTION
-krb5_storage_set_eof_code (
-	krb5_storage */*sp*/,
-	int /*code*/);
-
-void KRB5_LIB_FUNCTION
-krb5_storage_set_flags (
-	krb5_storage */*sp*/,
-	krb5_flags /*flags*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_storage_to_data (
-	krb5_storage */*sp*/,
-	krb5_data */*data*/);
-
-krb5_ssize_t KRB5_LIB_FUNCTION
-krb5_storage_write (
-	krb5_storage */*sp*/,
-	const void */*buf*/,
-	size_t /*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_address (
-	krb5_storage */*sp*/,
-	krb5_address /*p*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_addrs (
-	krb5_storage */*sp*/,
-	krb5_addresses /*p*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_authdata (
-	krb5_storage */*sp*/,
-	krb5_authdata /*auth*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_creds (
-	krb5_storage */*sp*/,
-	krb5_creds */*creds*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_creds_tag (
-	krb5_storage */*sp*/,
-	krb5_creds */*creds*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_data (
-	krb5_storage */*sp*/,
-	krb5_data /*data*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_int16 (
-	krb5_storage */*sp*/,
-	int16_t /*value*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_int32 (
-	krb5_storage */*sp*/,
-	int32_t /*value*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_int8 (
-	krb5_storage */*sp*/,
-	int8_t /*value*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_keyblock (
-	krb5_storage */*sp*/,
-	krb5_keyblock /*p*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_principal (
-	krb5_storage */*sp*/,
-	krb5_const_principal /*p*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_string (
-	krb5_storage */*sp*/,
-	const char */*s*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_stringnl (
-	krb5_storage */*sp*/,
-	const char */*s*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_stringz (
-	krb5_storage */*sp*/,
-	const char */*s*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_times (
-	krb5_storage */*sp*/,
-	krb5_times /*times*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_uint16 (
-	krb5_storage */*sp*/,
-	uint16_t /*value*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_uint32 (
-	krb5_storage */*sp*/,
-	uint32_t /*value*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_uint8 (
-	krb5_storage */*sp*/,
-	uint8_t /*value*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_deltat (
-	const char */*string*/,
-	krb5_deltat */*deltat*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_enctype (
-	krb5_context /*context*/,
-	const char */*string*/,
-	krb5_enctype */*etype*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_key (
-	krb5_context /*context*/,
-	krb5_enctype /*enctype*/,
-	const char */*password*/,
-	krb5_principal /*principal*/,
-	krb5_keyblock */*key*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_key_data (
-	krb5_context /*context*/,
-	krb5_enctype /*enctype*/,
-	krb5_data /*password*/,
-	krb5_principal /*principal*/,
-	krb5_keyblock */*key*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_key_data_salt (
-	krb5_context /*context*/,
-	krb5_enctype /*enctype*/,
-	krb5_data /*password*/,
-	krb5_salt /*salt*/,
-	krb5_keyblock */*key*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_key_data_salt_opaque (
-	krb5_context /*context*/,
-	krb5_enctype /*enctype*/,
-	krb5_data /*password*/,
-	krb5_salt /*salt*/,
-	krb5_data /*opaque*/,
-	krb5_keyblock */*key*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_key_derived (
-	krb5_context /*context*/,
-	const void */*str*/,
-	size_t /*len*/,
-	krb5_enctype /*etype*/,
-	krb5_keyblock */*key*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_key_salt (
-	krb5_context /*context*/,
-	krb5_enctype /*enctype*/,
-	const char */*password*/,
-	krb5_salt /*salt*/,
-	krb5_keyblock */*key*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_key_salt_opaque (
-	krb5_context /*context*/,
-	krb5_enctype /*enctype*/,
-	const char */*password*/,
-	krb5_salt /*salt*/,
-	krb5_data /*opaque*/,
-	krb5_keyblock */*key*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_keytype (
-	krb5_context /*context*/,
-	const char */*string*/,
-	krb5_keytype */*keytype*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_salttype (
-	krb5_context /*context*/,
-	krb5_enctype /*etype*/,
-	const char */*string*/,
-	krb5_salttype */*salttype*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ticket_get_authorization_data_type (
-	krb5_context /*context*/,
-	krb5_ticket */*ticket*/,
-	int /*type*/,
-	krb5_data */*data*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ticket_get_client (
-	krb5_context /*context*/,
-	const krb5_ticket */*ticket*/,
-	krb5_principal */*client*/);
-
-time_t KRB5_LIB_FUNCTION
-krb5_ticket_get_endtime (
-	krb5_context /*context*/,
-	const krb5_ticket */*ticket*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ticket_get_server (
-	krb5_context /*context*/,
-	const krb5_ticket */*ticket*/,
-	krb5_principal */*server*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_timeofday (
-	krb5_context /*context*/,
-	krb5_timestamp */*timeret*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_unparse_name (
-	krb5_context /*context*/,
-	krb5_const_principal /*principal*/,
-	char **/*name*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_unparse_name_fixed (
-	krb5_context /*context*/,
-	krb5_const_principal /*principal*/,
-	char */*name*/,
-	size_t /*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_unparse_name_fixed_flags (
-	krb5_context /*context*/,
-	krb5_const_principal /*principal*/,
-	int /*flags*/,
-	char */*name*/,
-	size_t /*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_unparse_name_fixed_short (
-	krb5_context /*context*/,
-	krb5_const_principal /*principal*/,
-	char */*name*/,
-	size_t /*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_unparse_name_flags (
-	krb5_context /*context*/,
-	krb5_const_principal /*principal*/,
-	int /*flags*/,
-	char **/*name*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_unparse_name_short (
-	krb5_context /*context*/,
-	krb5_const_principal /*principal*/,
-	char **/*name*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_us_timeofday (
-	krb5_context /*context*/,
-	krb5_timestamp */*sec*/,
-	int32_t */*usec*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_vabort (
-	krb5_context /*context*/,
-	krb5_error_code /*code*/,
-	const char */*fmt*/,
-	va_list /*ap*/)
-    __attribute__ ((noreturn, format (printf, 3, 0)));
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_vabortx (
-	krb5_context /*context*/,
-	const char */*fmt*/,
-	va_list /*ap*/)
-    __attribute__ ((noreturn, format (printf, 2, 0)));
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_verify_ap_req (
-	krb5_context /*context*/,
-	krb5_auth_context */*auth_context*/,
-	krb5_ap_req */*ap_req*/,
-	krb5_const_principal /*server*/,
-	krb5_keyblock */*keyblock*/,
-	krb5_flags /*flags*/,
-	krb5_flags */*ap_req_options*/,
-	krb5_ticket **/*ticket*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_verify_ap_req2 (
-	krb5_context /*context*/,
-	krb5_auth_context */*auth_context*/,
-	krb5_ap_req */*ap_req*/,
-	krb5_const_principal /*server*/,
-	krb5_keyblock */*keyblock*/,
-	krb5_flags /*flags*/,
-	krb5_flags */*ap_req_options*/,
-	krb5_ticket **/*ticket*/,
-	krb5_key_usage /*usage*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_verify_authenticator_checksum (
-	krb5_context /*context*/,
-	krb5_auth_context /*ac*/,
-	void */*data*/,
-	size_t /*len*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_verify_checksum (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/,
-	krb5_key_usage /*usage*/,
-	void */*data*/,
-	size_t /*len*/,
-	Checksum */*cksum*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_verify_init_creds (
-	krb5_context /*context*/,
-	krb5_creds */*creds*/,
-	krb5_principal /*ap_req_server*/,
-	krb5_keytab /*ap_req_keytab*/,
-	krb5_ccache */*ccache*/,
-	krb5_verify_init_creds_opt */*options*/);
-
-void KRB5_LIB_FUNCTION
-krb5_verify_init_creds_opt_init (krb5_verify_init_creds_opt */*options*/);
-
-void KRB5_LIB_FUNCTION
-krb5_verify_init_creds_opt_set_ap_req_nofail (
-	krb5_verify_init_creds_opt */*options*/,
-	int /*ap_req_nofail*/);
-
-int KRB5_LIB_FUNCTION
-krb5_verify_opt_alloc (
-	krb5_context /*context*/,
-	krb5_verify_opt **/*opt*/);
-
-void KRB5_LIB_FUNCTION
-krb5_verify_opt_free (krb5_verify_opt */*opt*/);
-
-void KRB5_LIB_FUNCTION
-krb5_verify_opt_init (krb5_verify_opt */*opt*/);
-
-void KRB5_LIB_FUNCTION
-krb5_verify_opt_set_ccache (
-	krb5_verify_opt */*opt*/,
-	krb5_ccache /*ccache*/);
-
-void KRB5_LIB_FUNCTION
-krb5_verify_opt_set_flags (
-	krb5_verify_opt */*opt*/,
-	unsigned int /*flags*/);
-
-void KRB5_LIB_FUNCTION
-krb5_verify_opt_set_keytab (
-	krb5_verify_opt */*opt*/,
-	krb5_keytab /*keytab*/);
-
-void KRB5_LIB_FUNCTION
-krb5_verify_opt_set_secure (
-	krb5_verify_opt */*opt*/,
-	krb5_boolean /*secure*/);
-
-void KRB5_LIB_FUNCTION
-krb5_verify_opt_set_service (
-	krb5_verify_opt */*opt*/,
-	const char */*service*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_verify_user (
-	krb5_context /*context*/,
-	krb5_principal /*principal*/,
-	krb5_ccache /*ccache*/,
-	const char */*password*/,
-	krb5_boolean /*secure*/,
-	const char */*service*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_verify_user_lrealm (
-	krb5_context /*context*/,
-	krb5_principal /*principal*/,
-	krb5_ccache /*ccache*/,
-	const char */*password*/,
-	krb5_boolean /*secure*/,
-	const char */*service*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_verify_user_opt (
-	krb5_context /*context*/,
-	krb5_principal /*principal*/,
-	const char */*password*/,
-	krb5_verify_opt */*opt*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_verr (
-	krb5_context /*context*/,
-	int /*eval*/,
-	krb5_error_code /*code*/,
-	const char */*fmt*/,
-	va_list /*ap*/)
-    __attribute__ ((noreturn, format (printf, 4, 0)));
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_verrx (
-	krb5_context /*context*/,
-	int /*eval*/,
-	const char */*fmt*/,
-	va_list /*ap*/)
-    __attribute__ ((noreturn, format (printf, 3, 0)));
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_vlog (
-	krb5_context /*context*/,
-	krb5_log_facility */*fac*/,
-	int /*level*/,
-	const char */*fmt*/,
-	va_list /*ap*/)
-    __attribute__((format (printf, 4, 0)));
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_vlog_msg (
-	krb5_context /*context*/,
-	krb5_log_facility */*fac*/,
-	char **/*reply*/,
-	int /*level*/,
-	const char */*fmt*/,
-	va_list /*ap*/)
-    __attribute__((format (printf, 5, 0)));
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_vset_error_string (
-	krb5_context /*context*/,
-	const char */*fmt*/,
-	va_list /*args*/)
-    __attribute__ ((format (printf, 2, 0)));
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_vwarn (
-	krb5_context /*context*/,
-	krb5_error_code /*code*/,
-	const char */*fmt*/,
-	va_list /*ap*/)
-    __attribute__ ((format (printf, 3, 0)));
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_vwarnx (
-	krb5_context /*context*/,
-	const char */*fmt*/,
-	va_list /*ap*/)
-    __attribute__ ((format (printf, 2, 0)));
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_warn (
-	krb5_context /*context*/,
-	krb5_error_code /*code*/,
-	const char */*fmt*/,
-	...)
-    __attribute__ ((format (printf, 3, 4)));
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_warnx (
-	krb5_context /*context*/,
-	const char */*fmt*/,
-	...)
-    __attribute__ ((format (printf, 2, 3)));
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_write_message (
-	krb5_context /*context*/,
-	krb5_pointer /*p_fd*/,
-	krb5_data */*data*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_write_priv_message (
-	krb5_context /*context*/,
-	krb5_auth_context /*ac*/,
-	krb5_pointer /*p_fd*/,
-	krb5_data */*data*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_write_safe_message (
-	krb5_context /*context*/,
-	krb5_auth_context /*ac*/,
-	krb5_pointer /*p_fd*/,
-	krb5_data */*data*/);
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_xfree (void */*ptr*/);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __krb5_protos_h__ */
diff --git a/crypto/heimdal/lib/krb5/krb5-v4compat.h b/crypto/heimdal/lib/krb5/krb5-v4compat.h
deleted file mode 100644
index dfd7e944607f..000000000000
--- a/crypto/heimdal/lib/krb5/krb5-v4compat.h
+++ /dev/null
@@ -1,132 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: krb5-v4compat.h 21575 2007-07-16 07:44:54Z lha $ */
-
-#ifndef __KRB5_V4COMPAT_H__
-#define __KRB5_V4COMPAT_H__
-
-#include "krb_err.h"
-
-/* 
- * This file must only be included with v4 compat glue stuff in
- * heimdal sources.
- *
- * It MUST NOT be installed.
- */
-
-#define		KRB_PROT_VERSION 	4
-
-#define		AUTH_MSG_KDC_REQUEST			 (1<<1)
-#define 	AUTH_MSG_KDC_REPLY			 (2<<1)
-#define		AUTH_MSG_APPL_REQUEST			 (3<<1)
-#define		AUTH_MSG_APPL_REQUEST_MUTUAL		 (4<<1)
-#define		AUTH_MSG_ERR_REPLY			 (5<<1)
-#define		AUTH_MSG_PRIVATE			 (6<<1)
-#define		AUTH_MSG_SAFE				 (7<<1)
-#define		AUTH_MSG_APPL_ERR			 (8<<1)
-#define		AUTH_MSG_KDC_FORWARD			 (9<<1)
-#define		AUTH_MSG_KDC_RENEW			(10<<1)
-#define 	AUTH_MSG_DIE				(63<<1)
-
-/* General definitions */
-#define		KSUCCESS	0
-#define		KFAILURE	255
-
-/* */
-
-#define		MAX_KTXT_LEN	1250
-
-#define 	ANAME_SZ	40
-#define		REALM_SZ	40
-#define		SNAME_SZ	40
-#define		INST_SZ		40
-
-struct ktext {
-    unsigned int length;		/* Length of the text */
-    unsigned char dat[MAX_KTXT_LEN];	/* The data itself */
-    uint32_t mbz;		/* zero to catch runaway strings */
-};
-
-struct credentials {
-    char    service[ANAME_SZ];	/* Service name */
-    char    instance[INST_SZ];	/* Instance */
-    char    realm[REALM_SZ];	/* Auth domain */
-    char    session[8];		/* Session key */
-    int     lifetime;		/* Lifetime */
-    int     kvno;		/* Key version number */
-    struct ktext ticket_st;	/* The ticket itself */
-    int32_t    issue_date;	/* The issue time */
-    char    pname[ANAME_SZ];	/* Principal's name */
-    char    pinst[INST_SZ];	/* Principal's instance */
-};
-
-#define TKTLIFENUMFIXED 64
-#define TKTLIFEMINFIXED 0x80
-#define TKTLIFEMAXFIXED 0xBF
-#define TKTLIFENOEXPIRE 0xFF
-#define MAXTKTLIFETIME	(30*24*3600)	/* 30 days */
-#ifndef NEVERDATE
-#define NEVERDATE ((time_t)0x7fffffffL)
-#endif
-
-#define		KERB_ERR_NULL_KEY	10
-
-#define 	CLOCK_SKEW	5*60
-
-#ifndef TKT_ROOT
-#define TKT_ROOT "/tmp/tkt"
-#endif
-
-struct _krb5_krb_auth_data {
-    int8_t  k_flags;		/* Flags from ticket */
-    char    *pname;		/* Principal's name */
-    char    *pinst;		/* His Instance */
-    char    *prealm;		/* His Realm */
-    uint32_t checksum;		/* Data checksum (opt) */
-    krb5_keyblock session;	/* Session Key */
-    unsigned char life;		/* Life of ticket */
-    uint32_t time_sec;		/* Time ticket issued */
-    uint32_t address;		/* Address in ticket */
-};
-
-time_t		_krb5_krb_life_to_time (int, int);
-int		_krb5_krb_time_to_life (time_t, time_t);
-krb5_error_code	_krb5_krb_tf_setup (krb5_context, struct credentials *,
-				    const char *, int);
-krb5_error_code	_krb5_krb_dest_tkt(krb5_context, const char *);
-
-#define krb_time_to_life	_krb5_krb_time_to_life
-#define krb_life_to_time	_krb5_krb_life_to_time
-
-#endif /*  __KRB5_V4COMPAT_H__ */
diff --git a/crypto/heimdal/lib/krb5/krb5.3 b/crypto/heimdal/lib/krb5/krb5.3
deleted file mode 100644
index 3ce8c1fe9c11..000000000000
--- a/crypto/heimdal/lib/krb5/krb5.3
+++ /dev/null
@@ -1,526 +0,0 @@
-.\" Copyright (c) 2001, 2003 - 2006 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5.3 18212 2006-10-03 10:39:35Z lha $
-.\"
-.Dd May  1, 2006
-.Dt KRB5 3
-.Os
-.Sh NAME
-.Nm krb5
-.Nd Kerberos 5 library
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Sh DESCRIPTION
-These functions constitute the Kerberos 5 library,
-.Em libkrb5 .
-.Sh LIST OF FUNCTIONS
-.sp 2
-.nf
-.ta \w'krb5_ticket_get_authorization_data_type.3'u+2n +\w'Description goes here'u
-\fIName/Page\fP	\fIDescription\fP
-.ta \w'krb5_ticket_get_authorization_data_type.3'u+2n +\w'Description goes here'u+6nC
-.sp 5p
-krb524_convert_creds_kdc.3
-krb524_convert_creds_kdc_cache.3
-krb5_425_conv_principal.3
-krb5_425_conv_principal_ext.3
-krb5_524_conv_principal.3
-krb5_abort.3
-krb5_abortx.3
-krb5_acl_match_file.3
-krb5_acl_match_string.3
-krb5_add_et_list.3
-krb5_add_extra_addresses.3
-krb5_add_ignore_addresses.3
-krb5_addlog_dest.3
-krb5_addlog_func.3
-krb5_addr2sockaddr.3
-krb5_address.3
-krb5_address_compare.3
-krb5_address_order.3
-krb5_address_search.3
-krb5_addresses.3
-krb5_aname_to_localname.3
-krb5_anyaddr.3
-krb5_appdefault_boolean.3
-krb5_appdefault_string.3
-krb5_appdefault_time.3
-krb5_append_addresses.3
-krb5_auth_con_addflags.3
-krb5_auth_con_free.3
-krb5_auth_con_genaddrs.3
-krb5_auth_con_generatelocalsubkey.3
-krb5_auth_con_getaddrs.3
-krb5_auth_con_getauthenticator.3
-krb5_auth_con_getcksumtype.3
-krb5_auth_con_getflags.3
-krb5_auth_con_getkey.3
-krb5_auth_con_getkeytype.3
-krb5_auth_con_getlocalseqnumber.3
-krb5_auth_con_getlocalsubkey.3
-krb5_auth_con_getrcache.3
-krb5_auth_con_getremotesubkey.3
-krb5_auth_con_getuserkey.3
-krb5_auth_con_init.3
-krb5_auth_con_initivector.3
-krb5_auth_con_removeflags.3
-krb5_auth_con_setaddrs.3
-krb5_auth_con_setaddrs_from_fd.3
-krb5_auth_con_setcksumtype.3
-krb5_auth_con_setflags.3
-krb5_auth_con_setivector.3
-krb5_auth_con_setkey.3
-krb5_auth_con_setkeytype.3
-krb5_auth_con_setlocalseqnumber.3
-krb5_auth_con_setlocalsubkey.3
-krb5_auth_con_setrcache.3
-krb5_auth_con_setremoteseqnumber.3
-krb5_auth_con_setremotesubkey.3
-krb5_auth_con_setuserkey.3
-krb5_auth_context.3
-krb5_auth_getremoteseqnumber.3
-krb5_build_principal.3
-krb5_build_principal_ext.3
-krb5_build_principal_va.3
-krb5_build_principal_va_ext.3
-krb5_c_block_size.3
-krb5_c_checksum_length.3
-krb5_c_decrypt.3
-krb5_c_encrypt.3
-krb5_c_encrypt_length.3
-krb5_c_enctype_compare.3
-krb5_c_get_checksum.3
-krb5_c_is_coll_proof_cksum.3
-krb5_c_is_keyed_cksum.3
-krb5_c_make_checksum.3
-krb5_c_make_random_key.3
-krb5_c_set_checksum.3
-krb5_c_valid_cksumtype.3
-krb5_c_valid_enctype.3
-krb5_c_verify_checksum.3
-krb5_cc_cache_end_seq_get.3
-krb5_cc_cache_get_first.3
-krb5_cc_cache_match.3
-krb5_cc_cache_next.3
-krb5_cc_close.3
-krb5_cc_copy_cache.3
-krb5_cc_default.3
-krb5_cc_default_name.3
-krb5_cc_destroy.3
-krb5_cc_end_seq_get.3
-krb5_cc_gen_new.3
-krb5_cc_get_full_name.3
-krb5_cc_get_name.3
-krb5_cc_get_ops.3
-krb5_cc_get_principal.3
-krb5_cc_get_type.3
-krb5_cc_get_version.3
-krb5_cc_initialize.3
-krb5_cc_new_unique.3
-krb5_cc_next_cred.3
-krb5_cc_register.3
-krb5_cc_remove_cred.3
-krb5_cc_resolve.3
-krb5_cc_retrieve_cred.3
-krb5_cc_set_default_name.3
-krb5_cc_set_flags.3
-krb5_cc_store_cred.3
-krb5_change_password.3
-krb5_check_transited.3
-krb5_check_transited_realms.3
-krb5_checksum_disable.3
-krb5_checksum_free.3
-krb5_checksum_is_collision_proof.3
-krb5_checksum_is_keyed.3
-krb5_checksumsize.3
-krb5_clear_error_string.3
-krb5_closelog.3
-krb5_config_file_free.3
-krb5_config_free_strings.3
-krb5_config_get.3
-krb5_config_get_bool.3
-krb5_config_get_bool_default.3
-krb5_config_get_int.3
-krb5_config_get_int_default.3
-krb5_config_get_list.3
-krb5_config_get_next.3
-krb5_config_get_string.3
-krb5_config_get_string_default.3
-krb5_config_get_strings.3
-krb5_config_get_time.3
-krb5_config_get_time_default.3
-krb5_config_parse_file.3
-krb5_config_parse_file_multi.3
-krb5_config_vget.3
-krb5_config_vget_bool.3
-krb5_config_vget_bool_default.3
-krb5_config_vget_int.3
-krb5_config_vget_int_default.3
-krb5_config_vget_list.3
-krb5_config_vget_next.3
-krb5_config_vget_string.3
-krb5_config_vget_string_default.3
-krb5_config_vget_strings.3
-krb5_config_vget_time.3
-krb5_config_vget_time_default.3
-krb5_context.3
-krb5_copy_address.3
-krb5_copy_addresses.3
-krb5_copy_checksum.3
-krb5_copy_data.3
-krb5_copy_host_realm.3
-krb5_copy_keyblock.3
-krb5_copy_keyblock_contents.3
-krb5_copy_principal.3
-krb5_copy_ticket.3
-krb5_create_checksum.3
-krb5_creds.3
-krb5_crypto_destroy.3
-krb5_crypto_get_checksum_type.3
-krb5_crypto_getblocksize.3
-krb5_crypto_getconfoundersize.3
-krb5_crypto_getenctype.3
-krb5_crypto_getpadsize.3
-krb5_crypto_init.3
-krb5_data_alloc.3
-krb5_data_copy.3
-krb5_data_free.3
-krb5_data_realloc.3
-krb5_data_zero.3
-krb5_decrypt.3
-krb5_decrypt_EncryptedData.3
-krb5_digest.3
-krb5_digest_alloc.3
-krb5_digest_free.3
-krb5_digest_get_a1_hash.3
-krb5_digest_get_client_binding.3
-krb5_digest_get_identifier.3
-krb5_digest_get_opaque.3
-krb5_digest_get_responseData.3
-krb5_digest_get_rsp.3
-krb5_digest_get_server_nonce.3
-krb5_digest_get_tickets.3
-krb5_digest_init_request.3
-krb5_digest_request.3
-krb5_digest_set_authentication_user.3
-krb5_digest_set_authid.3
-krb5_digest_set_client_nonce.3
-krb5_digest_set_digest.3
-krb5_digest_set_hostname.3
-krb5_digest_set_identifier.3
-krb5_digest_set_method.3
-krb5_digest_set_nonceCount.3
-krb5_digest_set_opaque.3
-krb5_digest_set_qop.3
-krb5_digest_set_realm.3
-krb5_digest_set_server_cb.3
-krb5_digest_set_server_nonce.3
-krb5_digest_set_type.3
-krb5_digest_set_uri.3
-krb5_digest_set_username.3
-krb5_domain_x500_decode.3
-krb5_domain_x500_encode.3
-krb5_eai_to_heim_errno.3
-krb5_encrypt.3
-krb5_encrypt_EncryptedData.3
-krb5_enctype_disable.3
-krb5_enctype_to_string.3
-krb5_enctype_valid.3
-krb5_err.3
-krb5_errx.3
-krb5_expand_hostname.3
-krb5_expand_hostname_realms.3
-krb5_find_padata.3
-krb5_format_time.3
-krb5_free_address.3
-krb5_free_addresses.3
-krb5_free_authenticator.3
-krb5_free_checksum.3
-krb5_free_checksum_contents.3
-krb5_free_config_files.3
-krb5_free_context.3
-krb5_free_data.3
-krb5_free_data_contents.3
-krb5_free_error_string.3
-krb5_free_host_realm.3
-krb5_free_kdc_rep.3
-krb5_free_keyblock.3
-krb5_free_keyblock_contents.3
-krb5_free_krbhst.3
-krb5_free_principal.3
-krb5_free_salt.3
-krb5_free_ticket.3
-krb5_fwd_tgt_creds.3
-krb5_generate_random_block.3
-krb5_generate_random_keyblock.3
-krb5_generate_subkey.3
-krb5_get_all_client_addrs.3
-krb5_get_all_server_addrs.3
-krb5_get_cred_from_kdc.3
-krb5_get_cred_from_kdc_opt.3
-krb5_get_credentials.3
-krb5_get_credentials_with_flags.3
-krb5_get_default_config_files.3
-krb5_get_default_principal.3
-krb5_get_default_realm.3
-krb5_get_default_realms.3
-krb5_get_err_text.3
-krb5_get_error_message.3
-krb5_get_error_string.3
-krb5_get_extra_addresses.3
-krb5_get_fcache_version.3
-krb5_get_forwarded_creds.3
-krb5_get_host_realm.3
-krb5_get_ignore_addresses.3
-krb5_get_in_cred.3
-krb5_get_in_tkt.3
-krb5_get_in_tkt_with_keytab.3
-krb5_get_in_tkt_with_password.3
-krb5_get_in_tkt_with_skey.3
-krb5_get_init_creds.3
-krb5_get_init_creds_keytab.3
-krb5_get_init_creds_opt_alloc.3
-krb5_get_init_creds_opt_free.3
-krb5_get_init_creds_opt_free_pkinit.3
-krb5_get_init_creds_opt_init.3
-krb5_get_init_creds_opt_set_address_list.3
-krb5_get_init_creds_opt_set_anonymous.3
-krb5_get_init_creds_opt_set_default_flags.3
-krb5_get_init_creds_opt_set_etype_list.3
-krb5_get_init_creds_opt_set_forwardable.3
-krb5_get_init_creds_opt_set_pa_password.3
-krb5_get_init_creds_opt_set_paq_request.3
-krb5_get_init_creds_opt_set_pkinit.3
-krb5_get_init_creds_opt_set_preauth_list.3
-krb5_get_init_creds_opt_set_proxiable.3
-krb5_get_init_creds_opt_set_renew_life.3
-krb5_get_init_creds_opt_set_salt.3
-krb5_get_init_creds_opt_set_tkt_life.3
-krb5_get_init_creds_password.3
-krb5_get_kdc_cred.3
-krb5_get_krb524hst.3
-krb5_get_krb_admin_hst.3
-krb5_get_krb_changepw_hst.3
-krb5_get_krbhst.3
-krb5_get_pw_salt.3
-krb5_get_server_rcache.3
-krb5_get_use_admin_kdc.3
-krb5_get_wrapped_length.3
-krb5_getportbyname.3
-krb5_h_addr2addr.3
-krb5_h_addr2sockaddr.3
-krb5_h_errno_to_heim_errno.3
-krb5_have_error_string.3
-krb5_hmac.3
-krb5_init_context.3
-krb5_init_ets.3
-krb5_initlog.3
-krb5_keyblock_get_enctype.3
-krb5_keyblock_zero.3
-krb5_keytab_entry.3
-krb5_krbhst_format_string.3
-krb5_krbhst_free.3
-krb5_krbhst_get_addrinfo.3
-krb5_krbhst_init.3
-krb5_krbhst_init_flags.3
-krb5_krbhst_next.3
-krb5_krbhst_next_as_string.3
-krb5_krbhst_reset.3
-krb5_kt_add_entry.3
-krb5_kt_close.3
-krb5_kt_compare.3
-krb5_kt_copy_entry_contents.3
-krb5_kt_cursor.3
-krb5_kt_default.3
-krb5_kt_default_modify_name.3
-krb5_kt_default_name.3
-krb5_kt_end_seq_get.3
-krb5_kt_free_entry.3
-krb5_kt_get_entry.3
-krb5_kt_get_name.3
-krb5_kt_get_type.3
-krb5_kt_next_entry.3
-krb5_kt_ops.3
-krb5_kt_read_service_key.3
-krb5_kt_register.3
-krb5_kt_remove_entry.3
-krb5_kt_resolve.3.3
-krb5_kt_start_seq_get
-krb5_kuserok.3
-krb5_log.3
-krb5_log_msg.3
-krb5_make_addrport.3
-krb5_make_principal.3
-krb5_max_sockaddr_size.3
-krb5_openlog.3
-krb5_padata_add.3
-krb5_parse_address.3
-krb5_parse_name.3
-krb5_passwd_result_to_string.3
-krb5_password_key_proc.3
-krb5_prepend_config_files.3
-krb5_prepend_config_files_default.3
-krb5_princ_realm.3
-krb5_princ_set_realm.3
-krb5_principal.3
-krb5_principal_compare.3
-krb5_principal_compare_any_realm.3
-krb5_principal_get_comp_string.3
-krb5_principal_get_realm.3
-krb5_principal_get_type.3
-krb5_principal_match.3
-krb5_principal_set_type.3
-krb5_print_address.3
-krb5_rc_close.3
-krb5_rc_default.3
-krb5_rc_default_name.3
-krb5_rc_default_type.3
-krb5_rc_destroy.3
-krb5_rc_expunge.3
-krb5_rc_get_lifespan.3
-krb5_rc_get_name.3
-krb5_rc_get_type.3
-krb5_rc_initialize.3
-krb5_rc_recover.3
-krb5_rc_resolve.3
-krb5_rc_resolve_full.3
-krb5_rc_resolve_type.3
-krb5_rc_store.3
-krb5_rcache.3
-krb5_realm_compare.3
-krb5_ret_address.3
-krb5_ret_addrs.3
-krb5_ret_authdata.3
-krb5_ret_creds.3
-krb5_ret_data.3
-krb5_ret_int16.3
-krb5_ret_int32.3
-krb5_ret_int8.3
-krb5_ret_keyblock.3
-krb5_ret_principal.3
-krb5_ret_string.3
-krb5_ret_stringz.3
-krb5_ret_times.3
-krb5_set_config_files.3
-krb5_set_default_realm.3
-krb5_set_error_string.3
-krb5_set_extra_addresses.3
-krb5_set_fcache_version.3
-krb5_set_ignore_addresses.3
-krb5_set_password.3
-krb5_set_password_using_ccache.3
-krb5_set_real_time.3
-krb5_set_use_admin_kdc.3
-krb5_set_warn_dest.3
-krb5_sname_to_principal.3
-krb5_sock_to_principal.3
-krb5_sockaddr2address.3
-krb5_sockaddr2port.3
-krb5_sockaddr_uninteresting.3
-krb5_storage.3
-krb5_storage_clear_flags.3
-krb5_storage_emem.3
-krb5_storage_free.3
-krb5_storage_from_data.3
-krb5_storage_from_fd.3
-krb5_storage_from_mem.3
-krb5_storage_get_byteorder.3
-krb5_storage_is_flags.3
-krb5_storage_read.3
-krb5_storage_seek.3
-krb5_storage_set_byteorder.3
-krb5_storage_set_eof_code.3
-krb5_storage_set_flags.3
-krb5_storage_to_data.3
-krb5_storage_write.3
-krb5_store_address.3
-krb5_store_addrs.3
-krb5_store_authdata.3
-krb5_store_creds.3
-krb5_store_data.3
-krb5_store_int16.3
-krb5_store_int32.3
-krb5_store_int8.3
-krb5_store_keyblock.3
-krb5_store_principal.3
-krb5_store_string.3
-krb5_store_stringz.3
-krb5_store_times.3
-krb5_string_to_deltat.3
-krb5_string_to_enctype.3
-krb5_string_to_key.3
-krb5_string_to_key_data.3
-krb5_string_to_key_data_salt.3
-krb5_string_to_key_data_salt_opaque.3
-krb5_string_to_key_salt.3
-krb5_string_to_key_salt_opaque.3
-krb5_ticket.3
-krb5_ticket_get_authorization_data_type.3
-krb5_ticket_get_client.3
-krb5_ticket_get_server.3
-krb5_timeofday.3
-krb5_unparse_name.3
-krb5_unparse_name_fixed.3
-krb5_unparse_name_fixed_short.3
-krb5_unparse_name_short.3
-krb5_us_timeofday.3
-krb5_vabort.3
-krb5_vabortx.3
-krb5_verify_checksum.3
-krb5_verify_init_creds.3
-krb5_verify_init_creds_opt_init.3
-krb5_verify_init_creds_opt_set_ap_req_nofail.3
-krb5_verify_opt_init.3
-krb5_verify_opt_set_ccache.3
-krb5_verify_opt_set_flags.3
-krb5_verify_opt_set_keytab.3
-krb5_verify_opt_set_secure.3
-krb5_verify_opt_set_service.3
-krb5_verify_user.3
-krb5_verify_user_lrealm.3
-krb5_verify_user_opt.3
-krb5_verr.3
-krb5_verrx.3
-krb5_vlog.3
-krb5_vlog_msg.3
-krb5_vset_error_string.3
-krb5_vwarn.3
-krb5_vwarnx.3
-krb5_warn.3
-krb5_warnx.3
-.ta
-.Fi
-.Sh SEE ALSO
-.Xr krb5.conf 5 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5.conf.5 b/crypto/heimdal/lib/krb5/krb5.conf.5
deleted file mode 100644
index ceb16a401aa6..000000000000
--- a/crypto/heimdal/lib/krb5/krb5.conf.5
+++ /dev/null
@@ -1,530 +0,0 @@
-.\" Copyright (c) 1999 - 2005 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5.conf.5 15514 2005-06-23 18:43:34Z lha $
-.\"
-.Dd May  4, 2005
-.Dt KRB5.CONF 5
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5.conf
-.Nd configuration file for Kerberos 5
-.Sh SYNOPSIS
-.In krb5.h
-.Sh DESCRIPTION
-The
-.Nm
-file specifies several configuration parameters for the Kerberos 5
-library, as well as for some programs.
-.Pp
-The file consists of one or more sections, containing a number of
-bindings.
-The value of each binding can be either a string or a list of other
-bindings.
-The grammar looks like:
-.Bd -literal -offset indent
-file:
-	/* empty */
-	sections
-
-sections:
-	section sections
-	section
-
-section:
-	'[' section_name ']' bindings
-
-section_name:
-	STRING
-
-bindings:
-	binding bindings
-	binding
-
-binding:
-	name '=' STRING
-	name '=' '{' bindings '}'
-
-name:
-	STRING
-
-.Ed
-.Li STRINGs
-consists of one or more non-whitespace characters.
-.Pp
-STRINGs that are specified later in this man-page uses the following
-notation.
-.Bl -tag -width "xxx" -offset indent
-.It boolean
-values can be either yes/true or no/false.
-.It time
-values can be a list of year, month, day, hour, min, second.
-Example: 1 month 2 days 30 min.
-If no unit is given, seconds is assumed.
-.It etypes
-valid encryption types are: des-cbc-crc, des-cbc-md4, des-cbc-md5,
-des3-cbc-sha1, arcfour-hmac-md5, aes128-cts-hmac-sha1-96, and
-aes256-cts-hmac-sha1-96 .
-.It address
-an address can be either a IPv4 or a IPv6 address.
-.El
-.Pp
-Currently recognised sections and bindings are:
-.Bl -tag -width "xxx" -offset indent
-.It Li [appdefaults]
-Specifies the default values to be used for Kerberos applications.
-You can specify defaults per application, realm, or a combination of
-these.
-The preference order is:
-.Bl -enum -compact
-.It
-.Va application Va realm Va option
-.It
-.Va application Va option
-.It
-.Va realm Va option
-.It
-.Va option
-.El
-.Pp
-The supported options are:
-.Bl -tag -width "xxx" -offset indent
-.It Li forwardable = Va boolean
-When obtaining initial credentials, make the credentials forwardable.
-.It Li proxiable = Va boolean
-When obtaining initial credentials, make the credentials proxiable.
-.It Li no-addresses = Va boolean
-When obtaining initial credentials, request them for an empty set of
-addresses, making the tickets valid from any address.
-.It Li ticket_lifetime = Va time
-Default ticket lifetime.
-.It Li renew_lifetime = Va time
-Default renewable ticket lifetime.
-.It Li encrypt = Va boolean
-Use encryption, when available.
-.It Li forward = Va boolean
-Forward credentials to remote host (for
-.Xr rsh 1 ,
-.Xr telnet 1 ,
-etc).
-.El
-.It Li [libdefaults]
-.Bl -tag -width "xxx" -offset indent
-.It Li default_realm = Va REALM
-Default realm to use, this is also known as your
-.Dq local realm .
-The default is the result of
-.Fn krb5_get_host_realm "local hostname" .
-.It Li clockskew = Va time
-Maximum time differential (in seconds) allowed when comparing
-times.
-Default is 300 seconds (five minutes).
-.It Li kdc_timeout = Va time
-Maximum time to wait for a reply from the kdc, default is 3 seconds.
-.It Li v4_name_convert
-.It Li v4_instance_resolve
-These are described in the
-.Xr krb5_425_conv_principal  3
-manual page.
-.It Li capath = {
-.Bl -tag -width "xxx" -offset indent
-.It Va destination-realm Li = Va next-hop-realm
-.It ...
-.It Li }
-.El
-This is deprecated, see the 
-.Li capaths
-section below.
-.It Li default_cc_name = Va ccname
-the default credentials cache name.
-The string can contain variables that are expanded on runtime.
-Only support variable now is
-.Li %{uid}
-that expands to the current user id.
-.It Li default_etypes = Va etypes ...
-A list of default encryption types to use.
-.It Li default_etypes_des = Va etypes ...
-A list of default encryption types to use when requesting a DES credential.
-.It Li default_keytab_name = Va keytab
-The keytab to use if no other is specified, default is
-.Dq FILE:/etc/krb5.keytab .
-.It Li dns_lookup_kdc = Va boolean
-Use DNS SRV records to lookup KDC services location.
-.It Li dns_lookup_realm = Va boolean
-Use DNS TXT records to lookup domain to realm mappings.
-.It Li kdc_timesync = Va boolean
-Try to keep track of the time differential between the local machine
-and the KDC, and then compensate for that when issuing requests.
-.It Li max_retries = Va number
-The max number of times to try to contact each KDC.
-.It Li large_msg_size = Va number
-The threshold where protocols with tiny maximum message sizes are not
-considered usable to send messages to the KDC.
-.It Li ticket_lifetime = Va time
-Default ticket lifetime.
-.It Li renew_lifetime = Va time
-Default renewable ticket lifetime.
-.It Li forwardable = Va boolean
-When obtaining initial credentials, make the credentials forwardable.
-This option is also valid in the [realms] section.
-.It Li proxiable = Va boolean
-When obtaining initial credentials, make the credentials proxiable.
-This option is also valid in the [realms] section.
-.It Li verify_ap_req_nofail = Va boolean
-If enabled, failure to verify credentials against a local key is a
-fatal error.
-The application has to be able to read the corresponding service key
-for this to work.
-Some applications, like
-.Xr su 1 ,
-enable this option unconditionally.
-.It Li warn_pwexpire = Va time
-How soon to warn for expiring password.
-Default is seven days.
-.It Li http_proxy = Va proxy-spec
-A HTTP-proxy to use when talking to the KDC via HTTP.
-.It Li dns_proxy = Va proxy-spec
-Enable using DNS via HTTP.
-.It Li extra_addresses = Va address ...
-A list of addresses to get tickets for along with all local addresses.
-.It Li time_format = Va string
-How to print time strings in logs, this string is passed to
-.Xr strftime 3 .
-.It Li date_format = Va string
-How to print date strings in logs, this string is passed to
-.Xr strftime 3 .
-.It Li log_utc = Va boolean
-Write log-entries using UTC instead of your local time zone.
-.It Li scan_interfaces = Va boolean
-Scan all network interfaces for addresses, as opposed to simply using
-the address associated with the system's host name.
-.It Li fcache_version = Va int
-Use file credential cache format version specified.
-.It Li krb4_get_tickets = Va boolean
-Also get Kerberos 4 tickets in
-.Nm kinit ,
-.Nm login ,
-and other programs.
-This option is also valid in the [realms] section.
-.It Li fcc-mit-ticketflags = Va boolean
-Use MIT compatible format for file credential cache.
-It's the field ticketflags that is stored in reverse bit order for
-older than Heimdal 0.7.
-Setting this flag to
-.Dv TRUE
-make it store the MIT way, this is default for Heimdal 0.7.
-.El
-.It Li [domain_realm]
-This is a list of mappings from DNS domain to Kerberos realm.
-Each binding in this section looks like:
-.Pp
-.Dl domain = realm
-.Pp
-The domain can be either a full name of a host or a trailing
-component, in the latter case the domain-string should start with a
-period.
-The trailing component only matches hosts that are in the same domain, ie
-.Dq .example.com
-matches
-.Dq foo.example.com ,
-but not
-.Dq foo.test.example.com .
-.Pp
-The realm may be the token `dns_locate', in which case the actual
-realm will be determined using DNS (independently of the setting
-of the `dns_lookup_realm' option).
-.It Li [realms]
-.Bl -tag -width "xxx" -offset indent
-.It Va REALM Li = {
-.Bl -tag -width "xxx" -offset indent
-.It Li kdc = Va [service/]host[:port]
-Specifies a list of kdcs for this realm.
-If the optional
-.Va port
-is absent, the
-default value for the
-.Dq kerberos/udp
-.Dq kerberos/tcp ,
-and
-.Dq http/tcp
-port (depending on service) will be used.
-The kdcs will be used in the order that they are specified.
-.Pp
-The optional
-.Va service
-specifies over what medium the kdc should be
-contacted.
-Possible services are
-.Dq udp ,
-.Dq tcp ,
-and
-.Dq http .
-Http can also be written as
-.Dq http:// .
-Default service is
-.Dq udp
-and
-.Dq tcp .
-.It Li admin_server = Va host[:port]
-Specifies the admin server for this realm, where all the modifications
-to the database are performed.
-.It Li kpasswd_server = Va host[:port]
-Points to the server where all the password changes are performed.
-If there is no such entry, the kpasswd port on the admin_server host
-will be tried.
-.It Li krb524_server = Va host[:port]
-Points to the server that does 524 conversions.
-If it is not mentioned, the krb524 port on the kdcs will be tried.
-.It Li v4_instance_convert
-.It Li v4_name_convert
-.It Li default_domain
-See
-.Xr krb5_425_conv_principal 3 .
-.It Li tgs_require_subkey
-a boolan variable that defaults to false.
-Old DCE secd (pre 1.1) might need this to be true.
-.El
-.It Li }
-.El
-.It Li [capaths]
-.Bl -tag -width "xxx" -offset indent
-.It Va client-realm Li = {
-.Bl -tag -width "xxx" -offset indent
-.It Va server-realm Li = Va hop-realm ...
-This serves two purposes. First the first listed
-.Va hop-realm
-tells a client which realm it should contact in order to ultimately
-obtain credentials for a service in the
-.Va server-realm .
-Secondly, it tells the KDC (and other servers) which realms are
-allowed in a multi-hop traversal from
-.Va client-realm 
-to
-.Va server-realm .
-Except for the client case, the order of the realms are not important.
-.El
-.It Va }
-.El
-.It Li [logging]
-.Bl -tag -width "xxx" -offset indent
-.It Va entity Li = Va destination
-Specifies that
-.Va entity
-should use the specified
-.Li destination
-for logging.
-See the
-.Xr krb5_openlog 3
-manual page for a list of defined destinations.
-.El
-.It Li [kdc]
-.Bl -tag -width "xxx" -offset indent
-.It Li database Li = {
-.Bl -tag -width "xxx" -offset indent
-.It Li dbname Li = Va DATABASENAME
-Use this database for this realm.
-See the info documetation how to configure diffrent database backends.
-.It Li realm Li = Va REALM
-Specifies the realm that will be stored in this database.
-It realm isn't set, it will used as the default database, there can
-only be one entry that doesn't have a
-.Li realm
-stanza.
-.It Li mkey_file Li = Pa FILENAME
-Use this keytab file for the master key of this database.
-If not specified
-.Va DATABASENAME Ns .mkey
-will be used.
-.It Li acl_file Li = PA FILENAME
-Use this file for the ACL list of this database.
-.It Li log_file Li = Pa FILENAME
-Use this file as the log of changes performed to the database.
-This file is used by
-.Nm ipropd-master
-for propagating changes to slaves.
-.El
-.It Li }
-.It Li max-request = Va SIZE
-Maximum size of a kdc request.
-.It Li require-preauth = Va BOOL
-If set pre-authentication is required.
-Since krb4 requests are not pre-authenticated they will be rejected.
-.It Li ports = Va "list of ports"
-List of ports the kdc should listen to.
-.It Li addresses = Va "list of interfaces"
-List of addresses the kdc should bind to.
-.It Li enable-kerberos4 = Va BOOL
-Turn on Kerberos 4 support.
-.It Li v4-realm = Va REALM
-To what realm v4 requests should be mapped.
-.It Li enable-524 = Va BOOL
-Should the Kerberos 524 converting facility be turned on.
-Default is the same as
-.Va enable-kerberos4 .
-.It Li enable-http = Va BOOL
-Should the kdc answer kdc-requests over http.
-.It Li enable-kaserver = Va BOOL
-If this kdc should emulate the AFS kaserver.
-.It Li check-ticket-addresses = Va BOOL
-Verify the addresses in the tickets used in tgs requests.
-.\" XXX
-.It Li allow-null-ticket-addresses = Va BOOL
-Allow address-less tickets.
-.\" XXX
-.It Li allow-anonymous = Va BOOL
-If the kdc is allowed to hand out anonymous tickets.
-.It Li encode_as_rep_as_tgs_rep = Va BOOL
-Encode as-rep as tgs-rep tobe compatible with mistakes older DCE secd did.
-.\" XXX
-.It Li kdc_warn_pwexpire = Va TIME
-The time before expiration that the user should be warned that her
-password is about to expire.
-.It Li logging = Va Logging
-What type of logging the kdc should use, see also [logging]/kdc.
-.It Li use_2b = {
-.Bl -tag -width "xxx" -offset indent
-.It Va principal Li = Va BOOL
-boolean value if the 524 daemon should return AFS 2b tokens for
-.Fa principal .
-.It ...
-.El
-.It Li }
-.It Li hdb-ldap-structural-object Va structural object
-If the LDAP backend is used for storing principals, this is the
-structural object that will be used when creating and when reading
-objects.
-The default value is account .
-.It Li hdb-ldap-create-base Va creation dn
-is the dn that will be appended to the principal when creating entries.
-Default value is the search dn.
-.El
-.It Li [kadmin]
-.Bl -tag -width "xxx" -offset indent
-.It Li require-preauth = Va BOOL
-If pre-authentication is required to talk to the kadmin server.
-.It Li password_lifetime = Va time
-If a principal already have its password set for expiration, this is
-the time it will be valid for after a change.
-.It Li default_keys = Va keytypes...
-For each entry in
-.Va default_keys
-try to parse it as a sequence of
-.Va etype:salttype:salt
-syntax of this if something like:
-.Pp
-[(des|des3|etype):](pw-salt|afs3-salt)[:string]
-.Pp
-If
-.Ar etype
-is omitted it means everything, and if string is omitted it means the
-default salt string (for that principal and encryption type).
-Additional special values of keytypes are:
-.Bl -tag -width "xxx" -offset indent
-.It Li v5
-The Kerberos 5 salt
-.Va pw-salt
-.It Li v4
-The Kerberos 4 salt
-.Va des:pw-salt:
-.El
-.It Li use_v4_salt = Va BOOL
-When true, this is the same as
-.Pp
-.Va default_keys = Va des3:pw-salt Va v4
-.Pp
-and is only left for backwards compatibility.
-.El
-.It Li [password-quality]
-Check the Password quality assurance in the info documentation for
-more information.
-.Bl -tag -width "xxx" -offset indent
-.It Li check_library = Va library-name
-Library name that contains the password check_function
-.It Li check_function = Va function-name
-Function name for checking passwords in check_library
-.It Li policy_libraries = Va library1 ... libraryN
-List of libraries that can do password policy checks
-.It Li policies = Va policy1 ... policyN
-List of policy names to apply to the password. Builtin policies are
-among other minimum-length, character-class, external-check.
-.El
-.El
-.Sh ENVIRONMENT
-.Ev KRB5_CONFIG
-points to the configuration file to read.
-.Sh FILES
-.Bl -tag -width "/etc/krb5.conf"
-.It Pa /etc/krb5.conf
-configuration file for Kerberos 5.
-.El
-.Sh EXAMPLES
-.Bd -literal -offset indent
-[libdefaults]
-	default_realm = FOO.SE
-[domain_realm]
-	.foo.se = FOO.SE
-	.bar.se = FOO.SE
-[realms]
-	FOO.SE = {
-		kdc = kerberos.foo.se
-		v4_name_convert = {
-			rcmd = host
-		}
-		v4_instance_convert = {
-			xyz = xyz.bar.se
-		}
-		default_domain = foo.se
-	}
-[logging]
-	kdc = FILE:/var/heimdal/kdc.log
-	kdc = SYSLOG:INFO
-	default = SYSLOG:INFO:USER
-.Ed
-.Sh DIAGNOSTICS
-Since
-.Nm
-is read and parsed by the krb5 library, there is not a lot of
-opportunities for programs to report parsing errors in any useful
-format.
-To help overcome this problem, there is a program
-.Nm verify_krb5_conf
-that reads
-.Nm
-and tries to emit useful diagnostics from parsing errors.
-Note that this program does not have any way of knowing what options
-are actually used and thus cannot warn about unknown or misspelled
-ones.
-.Sh SEE ALSO
-.Xr kinit 1 ,
-.Xr krb5_425_conv_principal 3 ,
-.Xr krb5_openlog 3 ,
-.Xr strftime 3 ,
-.Xr verify_krb5_conf 8
diff --git a/crypto/heimdal/lib/krb5/krb5.h b/crypto/heimdal/lib/krb5/krb5.h
deleted file mode 100644
index 571eb6192ae0..000000000000
--- a/crypto/heimdal/lib/krb5/krb5.h
+++ /dev/null
@@ -1,780 +0,0 @@
-/*
- * Copyright (c) 1997 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: krb5.h 22100 2007-12-03 17:15:00Z lha $ */
-
-#ifndef __KRB5_H__
-#define __KRB5_H__
-
-#include <time.h>
-#include <krb5-types.h>
-
-#include <asn1_err.h>
-#include <krb5_err.h>
-#include <heim_err.h>
-#include <k524_err.h>
-
-#include <krb5_asn1.h>
-
-/* name confusion with MIT */
-#ifndef KRB5KDC_ERR_KEY_EXP
-#define KRB5KDC_ERR_KEY_EXP KRB5KDC_ERR_KEY_EXPIRED
-#endif
-
-/* simple constants */
-
-#ifndef TRUE
-#define TRUE  1
-#define FALSE 0
-#endif
-
-typedef int krb5_boolean;
-
-typedef int32_t krb5_error_code;
-
-typedef int krb5_kvno;
-
-typedef uint32_t krb5_flags;
-
-typedef void *krb5_pointer;
-typedef const void *krb5_const_pointer;
-
-struct krb5_crypto_data;
-typedef struct krb5_crypto_data *krb5_crypto;
-
-struct krb5_get_creds_opt_data;
-typedef struct krb5_get_creds_opt_data *krb5_get_creds_opt;
-
-struct krb5_digest_data;
-typedef struct krb5_digest_data *krb5_digest;
-struct krb5_ntlm_data;
-typedef struct krb5_ntlm_data *krb5_ntlm;
-
-struct krb5_pac_data;
-typedef struct krb5_pac_data *krb5_pac;
-
-typedef struct krb5_rd_req_in_ctx_data *krb5_rd_req_in_ctx;
-typedef struct krb5_rd_req_out_ctx_data *krb5_rd_req_out_ctx;
-
-typedef CKSUMTYPE krb5_cksumtype;
-
-typedef Checksum krb5_checksum;
-
-typedef ENCTYPE krb5_enctype;
-
-typedef heim_octet_string krb5_data;
-
-/* PKINIT related forward declarations */
-struct ContentInfo;
-struct krb5_pk_identity;
-struct krb5_pk_cert;
-
-/* krb5_enc_data is a mit compat structure */
-typedef struct krb5_enc_data {
-    krb5_enctype enctype;
-    krb5_kvno kvno;
-    krb5_data ciphertext;
-} krb5_enc_data;
-
-/* alternative names */
-enum {
-    ENCTYPE_NULL		= ETYPE_NULL,
-    ENCTYPE_DES_CBC_CRC		= ETYPE_DES_CBC_CRC,
-    ENCTYPE_DES_CBC_MD4		= ETYPE_DES_CBC_MD4,
-    ENCTYPE_DES_CBC_MD5		= ETYPE_DES_CBC_MD5,
-    ENCTYPE_DES3_CBC_MD5	= ETYPE_DES3_CBC_MD5,
-    ENCTYPE_OLD_DES3_CBC_SHA1	= ETYPE_OLD_DES3_CBC_SHA1,
-    ENCTYPE_SIGN_DSA_GENERATE	= ETYPE_SIGN_DSA_GENERATE,
-    ENCTYPE_ENCRYPT_RSA_PRIV	= ETYPE_ENCRYPT_RSA_PRIV,
-    ENCTYPE_ENCRYPT_RSA_PUB	= ETYPE_ENCRYPT_RSA_PUB,
-    ENCTYPE_DES3_CBC_SHA1	= ETYPE_DES3_CBC_SHA1,
-    ENCTYPE_AES128_CTS_HMAC_SHA1_96 = ETYPE_AES128_CTS_HMAC_SHA1_96,
-    ENCTYPE_AES256_CTS_HMAC_SHA1_96 = ETYPE_AES256_CTS_HMAC_SHA1_96,
-    ENCTYPE_ARCFOUR_HMAC	= ETYPE_ARCFOUR_HMAC_MD5,
-    ENCTYPE_ARCFOUR_HMAC_MD5	= ETYPE_ARCFOUR_HMAC_MD5,
-    ENCTYPE_ARCFOUR_HMAC_MD5_56	= ETYPE_ARCFOUR_HMAC_MD5_56,
-    ENCTYPE_ENCTYPE_PK_CROSS	= ETYPE_ENCTYPE_PK_CROSS,
-    ENCTYPE_DES_CBC_NONE	= ETYPE_DES_CBC_NONE,
-    ENCTYPE_DES3_CBC_NONE	= ETYPE_DES3_CBC_NONE,
-    ENCTYPE_DES_CFB64_NONE	= ETYPE_DES_CFB64_NONE,
-    ENCTYPE_DES_PCBC_NONE	= ETYPE_DES_PCBC_NONE
-};
-
-typedef PADATA_TYPE krb5_preauthtype;
-
-typedef enum krb5_key_usage {
-    KRB5_KU_PA_ENC_TIMESTAMP = 1,
-    /* AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the
-       client key (section 5.4.1) */
-    KRB5_KU_TICKET = 2,
-    /* AS-REP Ticket and TGS-REP Ticket (includes tgs session key or
-       application session key), encrypted with the service key
-       (section 5.4.2) */
-    KRB5_KU_AS_REP_ENC_PART = 3,
-    /* AS-REP encrypted part (includes tgs session key or application
-       session key), encrypted with the client key (section 5.4.2) */
-    KRB5_KU_TGS_REQ_AUTH_DAT_SESSION = 4,
-    /* TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
-       session key (section 5.4.1) */
-    KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY = 5,
-    /* TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
-          authenticator subkey (section 5.4.1) */
-    KRB5_KU_TGS_REQ_AUTH_CKSUM = 6,
-    /* TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed
-       with the tgs session key (sections 5.3.2, 5.4.1) */
-    KRB5_KU_TGS_REQ_AUTH = 7,
-    /* TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes tgs
-       authenticator subkey), encrypted with the tgs session key
-       (section 5.3.2) */
-    KRB5_KU_TGS_REP_ENC_PART_SESSION = 8,
-    /* TGS-REP encrypted part (includes application session key),
-       encrypted with the tgs session key (section 5.4.2) */
-    KRB5_KU_TGS_REP_ENC_PART_SUB_KEY = 9,
-    /* TGS-REP encrypted part (includes application session key),
-       encrypted with the tgs authenticator subkey (section 5.4.2) */
-    KRB5_KU_AP_REQ_AUTH_CKSUM = 10,
-    /* AP-REQ Authenticator cksum, keyed with the application session
-       key (section 5.3.2) */
-    KRB5_KU_AP_REQ_AUTH = 11,
-    /* AP-REQ Authenticator (includes application authenticator
-       subkey), encrypted with the application session key (section
-       5.3.2) */
-    KRB5_KU_AP_REQ_ENC_PART = 12,
-    /* AP-REP encrypted part (includes application session subkey),
-       encrypted with the application session key (section 5.5.2) */
-    KRB5_KU_KRB_PRIV = 13,
-    /* KRB-PRIV encrypted part, encrypted with a key chosen by the
-       application (section 5.7.1) */
-    KRB5_KU_KRB_CRED = 14,
-    /* KRB-CRED encrypted part, encrypted with a key chosen by the
-       application (section 5.8.1) */
-    KRB5_KU_KRB_SAFE_CKSUM = 15,
-    /* KRB-SAFE cksum, keyed with a key chosen by the application
-       (section 5.6.1) */
-    KRB5_KU_OTHER_ENCRYPTED = 16,
-    /* Data which is defined in some specification outside of
-       Kerberos to be encrypted using an RFC1510 encryption type. */
-    KRB5_KU_OTHER_CKSUM = 17,
-    /* Data which is defined in some specification outside of
-       Kerberos to be checksummed using an RFC1510 checksum type. */
-    KRB5_KU_KRB_ERROR = 18,
-    /* Krb-error checksum */
-    KRB5_KU_AD_KDC_ISSUED = 19,
-    /* AD-KDCIssued checksum */
-    KRB5_KU_MANDATORY_TICKET_EXTENSION = 20,
-    /* Checksum for Mandatory Ticket Extensions */
-    KRB5_KU_AUTH_DATA_TICKET_EXTENSION = 21,
-    /* Checksum in Authorization Data in Ticket Extensions */
-    KRB5_KU_USAGE_SEAL = 22,
-    /* seal in GSSAPI krb5 mechanism */
-    KRB5_KU_USAGE_SIGN = 23,
-    /* sign in GSSAPI krb5 mechanism */
-    KRB5_KU_USAGE_SEQ = 24,
-    /* SEQ in GSSAPI krb5 mechanism */
-    KRB5_KU_USAGE_ACCEPTOR_SEAL = 22,
-    /* acceptor sign in GSSAPI CFX krb5 mechanism */
-    KRB5_KU_USAGE_ACCEPTOR_SIGN = 23,
-    /* acceptor seal in GSSAPI CFX krb5 mechanism */
-    KRB5_KU_USAGE_INITIATOR_SEAL = 24,       
-    /* initiator sign in GSSAPI CFX krb5 mechanism */
-    KRB5_KU_USAGE_INITIATOR_SIGN = 25,
-    /* initiator seal in GSSAPI CFX krb5 mechanism */
-    KRB5_KU_PA_SERVER_REFERRAL_DATA = 22,
-    /* encrypted server referral data */
-    KRB5_KU_SAM_CHECKSUM = 25,
-    /* Checksum for the SAM-CHECKSUM field */
-    KRB5_KU_SAM_ENC_TRACK_ID = 26,
-    /* Encryption of the SAM-TRACK-ID field */
-    KRB5_KU_PA_SERVER_REFERRAL = 26,
-    /* Keyusage for the server referral in a TGS req */
-    KRB5_KU_SAM_ENC_NONCE_SAD = 27,
-    /* Encryption of the SAM-NONCE-OR-SAD field */
-    KRB5_KU_DIGEST_ENCRYPT = -18,
-    /* Encryption key usage used in the digest encryption field */
-    KRB5_KU_DIGEST_OPAQUE = -19,
-    /* Checksum key usage used in the digest opaque field */
-    KRB5_KU_KRB5SIGNEDPATH = -21,
-    /* Checksum key usage on KRB5SignedPath */
-    KRB5_KU_CANONICALIZED_NAMES = -23
-    /* Checksum key usage on PA-CANONICALIZED */
-} krb5_key_usage;
-
-typedef krb5_key_usage krb5_keyusage;
-
-typedef enum krb5_salttype {
-    KRB5_PW_SALT = KRB5_PADATA_PW_SALT,
-    KRB5_AFS3_SALT = KRB5_PADATA_AFS3_SALT
-}krb5_salttype;
-
-typedef struct krb5_salt {
-    krb5_salttype salttype;
-    krb5_data saltvalue;
-} krb5_salt;
-
-typedef ETYPE_INFO krb5_preauthinfo;
-
-typedef struct {
-    krb5_preauthtype type;
-    krb5_preauthinfo info; /* list of preauthinfo for this type */
-} krb5_preauthdata_entry;
-
-typedef struct krb5_preauthdata {
-    unsigned len;
-    krb5_preauthdata_entry *val;
-}krb5_preauthdata;
-
-typedef enum krb5_address_type { 
-    KRB5_ADDRESS_INET     =   2,
-    KRB5_ADDRESS_NETBIOS  =  20,
-    KRB5_ADDRESS_INET6    =  24,
-    KRB5_ADDRESS_ADDRPORT = 256,
-    KRB5_ADDRESS_IPPORT   = 257
-} krb5_address_type;
-
-enum {
-  AP_OPTS_USE_SESSION_KEY = 1,
-  AP_OPTS_MUTUAL_REQUIRED = 2,
-  AP_OPTS_USE_SUBKEY = 4		/* library internal */
-};
-
-typedef HostAddress krb5_address;
-
-typedef HostAddresses krb5_addresses;
-
-typedef enum krb5_keytype { 
-    KEYTYPE_NULL	= 0,
-    KEYTYPE_DES		= 1,
-    KEYTYPE_DES3	= 7,
-    KEYTYPE_AES128	= 17,
-    KEYTYPE_AES256	= 18,
-    KEYTYPE_ARCFOUR	= 23,
-    KEYTYPE_ARCFOUR_56	= 24
-} krb5_keytype;
-
-typedef EncryptionKey krb5_keyblock;
-
-typedef AP_REQ krb5_ap_req;
-
-struct krb5_cc_ops;
-
-#define KRB5_DEFAULT_CCFILE_ROOT "/tmp/krb5cc_"
-
-#define KRB5_DEFAULT_CCROOT "FILE:" KRB5_DEFAULT_CCFILE_ROOT
-
-#define KRB5_ACCEPT_NULL_ADDRESSES(C) 					 \
-    krb5_config_get_bool_default((C), NULL, TRUE, 			 \
-				 "libdefaults", "accept_null_addresses", \
-				 NULL)
-
-typedef void *krb5_cc_cursor;
-
-typedef struct krb5_ccache_data {
-    const struct krb5_cc_ops *ops;
-    krb5_data data;
-}krb5_ccache_data;
-
-typedef struct krb5_ccache_data *krb5_ccache;
-
-typedef struct krb5_context_data *krb5_context;
-
-typedef Realm krb5_realm;
-typedef const char *krb5_const_realm; /* stupid language */
-
-#define krb5_realm_length(r) strlen(r)
-#define krb5_realm_data(r) (r)
-
-typedef Principal krb5_principal_data;
-typedef struct Principal *krb5_principal;
-typedef const struct Principal *krb5_const_principal;
-
-typedef time_t krb5_deltat;
-typedef time_t krb5_timestamp;
-
-typedef struct krb5_times {
-  krb5_timestamp authtime;
-  krb5_timestamp starttime;
-  krb5_timestamp endtime;
-  krb5_timestamp renew_till;
-} krb5_times;
-
-typedef union {
-    TicketFlags b;
-    krb5_flags i;
-} krb5_ticket_flags;
-
-/* options for krb5_get_in_tkt() */
-#define KDC_OPT_FORWARDABLE		(1 << 1)
-#define KDC_OPT_FORWARDED		(1 << 2)
-#define KDC_OPT_PROXIABLE		(1 << 3)
-#define KDC_OPT_PROXY			(1 << 4)
-#define KDC_OPT_ALLOW_POSTDATE		(1 << 5)
-#define KDC_OPT_POSTDATED		(1 << 6)
-#define KDC_OPT_RENEWABLE		(1 << 8)
-#define KDC_OPT_REQUEST_ANONYMOUS	(1 << 14)
-#define KDC_OPT_DISABLE_TRANSITED_CHECK	(1 << 26)
-#define KDC_OPT_RENEWABLE_OK		(1 << 27)
-#define KDC_OPT_ENC_TKT_IN_SKEY		(1 << 28)
-#define KDC_OPT_RENEW			(1 << 30)
-#define KDC_OPT_VALIDATE		(1 << 31)
-
-typedef union {
-    KDCOptions b;
-    krb5_flags i;
-} krb5_kdc_flags;
-
-/* flags for krb5_verify_ap_req */
-
-#define KRB5_VERIFY_AP_REQ_IGNORE_INVALID	(1 << 0)
-
-#define KRB5_GC_CACHED			(1U << 0)
-#define KRB5_GC_USER_USER		(1U << 1)
-#define KRB5_GC_EXPIRED_OK		(1U << 2)
-#define KRB5_GC_NO_STORE		(1U << 3)
-#define KRB5_GC_FORWARDABLE		(1U << 4)
-#define KRB5_GC_NO_TRANSIT_CHECK	(1U << 5)
-#define KRB5_GC_CONSTRAINED_DELEGATION	(1U << 6)
-
-/* constants for compare_creds (and cc_retrieve_cred) */
-#define KRB5_TC_DONT_MATCH_REALM	(1U << 31)
-#define KRB5_TC_MATCH_KEYTYPE		(1U << 30)
-#define KRB5_TC_MATCH_KTYPE		KRB5_TC_MATCH_KEYTYPE    /* MIT name */
-#define KRB5_TC_MATCH_SRV_NAMEONLY	(1 << 29)
-#define KRB5_TC_MATCH_FLAGS_EXACT	(1 << 28)
-#define KRB5_TC_MATCH_FLAGS		(1 << 27)
-#define KRB5_TC_MATCH_TIMES_EXACT	(1 << 26)
-#define KRB5_TC_MATCH_TIMES		(1 << 25)
-#define KRB5_TC_MATCH_AUTHDATA		(1 << 24)
-#define KRB5_TC_MATCH_2ND_TKT		(1 << 23)
-#define KRB5_TC_MATCH_IS_SKEY		(1 << 22)
-
-typedef AuthorizationData krb5_authdata;
-
-typedef KRB_ERROR krb5_error;
-
-typedef struct krb5_creds {
-    krb5_principal client;
-    krb5_principal server;
-    krb5_keyblock session;
-    krb5_times times;
-    krb5_data ticket;
-    krb5_data second_ticket;
-    krb5_authdata authdata;
-    krb5_addresses addresses;
-    krb5_ticket_flags flags;
-} krb5_creds;
-
-typedef struct krb5_cc_cache_cursor_data *krb5_cc_cache_cursor;
-
-typedef struct krb5_cc_ops {
-    const char *prefix;
-    const char* (*get_name)(krb5_context, krb5_ccache);
-    krb5_error_code (*resolve)(krb5_context, krb5_ccache *, const char *);
-    krb5_error_code (*gen_new)(krb5_context, krb5_ccache *);
-    krb5_error_code (*init)(krb5_context, krb5_ccache, krb5_principal);
-    krb5_error_code (*destroy)(krb5_context, krb5_ccache);
-    krb5_error_code (*close)(krb5_context, krb5_ccache);
-    krb5_error_code (*store)(krb5_context, krb5_ccache, krb5_creds*);
-    krb5_error_code (*retrieve)(krb5_context, krb5_ccache, 
-				krb5_flags, const krb5_creds*, krb5_creds *);
-    krb5_error_code (*get_princ)(krb5_context, krb5_ccache, krb5_principal*);
-    krb5_error_code (*get_first)(krb5_context, krb5_ccache, krb5_cc_cursor *);
-    krb5_error_code (*get_next)(krb5_context, krb5_ccache, 
-				krb5_cc_cursor*, krb5_creds*);
-    krb5_error_code (*end_get)(krb5_context, krb5_ccache, krb5_cc_cursor*);
-    krb5_error_code (*remove_cred)(krb5_context, krb5_ccache, 
-				   krb5_flags, krb5_creds*);
-    krb5_error_code (*set_flags)(krb5_context, krb5_ccache, krb5_flags);
-    int (*get_version)(krb5_context, krb5_ccache);
-    krb5_error_code (*get_cache_first)(krb5_context, krb5_cc_cursor *);
-    krb5_error_code (*get_cache_next)(krb5_context, krb5_cc_cursor, krb5_ccache *);
-    krb5_error_code (*end_cache_get)(krb5_context, krb5_cc_cursor);
-    krb5_error_code (*move)(krb5_context, krb5_ccache, krb5_ccache);
-    krb5_error_code (*default_name)(krb5_context, char **);
-} krb5_cc_ops;
-
-struct krb5_log_facility;
-
-struct krb5_config_binding {
-    enum { krb5_config_string, krb5_config_list } type;
-    char *name;
-    struct krb5_config_binding *next;
-    union {
-	char *string;
-	struct krb5_config_binding *list;
-	void *generic;
-    } u;
-};
-
-typedef struct krb5_config_binding krb5_config_binding;
-
-typedef krb5_config_binding krb5_config_section;
-
-typedef struct krb5_ticket {
-    EncTicketPart ticket;
-    krb5_principal client;
-    krb5_principal server;
-} krb5_ticket;
-
-typedef Authenticator krb5_authenticator_data;
-
-typedef krb5_authenticator_data *krb5_authenticator;
-
-struct krb5_rcache_data;
-typedef struct krb5_rcache_data *krb5_rcache;
-typedef Authenticator krb5_donot_replay;
-
-#define KRB5_STORAGE_HOST_BYTEORDER			0x01 /* old */
-#define KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS	0x02
-#define KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE		0x04
-#define KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE		0x08
-#define KRB5_STORAGE_BYTEORDER_MASK			0x60
-#define KRB5_STORAGE_BYTEORDER_BE			0x00 /* default */
-#define KRB5_STORAGE_BYTEORDER_LE			0x20
-#define KRB5_STORAGE_BYTEORDER_HOST			0x40
-#define KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER		0x80
-
-struct krb5_storage_data;
-typedef struct krb5_storage_data krb5_storage;
-
-typedef struct krb5_keytab_entry {
-    krb5_principal principal;
-    krb5_kvno vno;
-    krb5_keyblock keyblock;
-    uint32_t timestamp;
-} krb5_keytab_entry;
-
-typedef struct krb5_kt_cursor {
-    int fd;
-    krb5_storage *sp;
-    void *data;
-} krb5_kt_cursor;
-
-struct krb5_keytab_data;
-
-typedef struct krb5_keytab_data *krb5_keytab;
-
-#define KRB5_KT_PREFIX_MAX_LEN	30
-
-struct krb5_keytab_data {
-    const char *prefix;
-    krb5_error_code (*resolve)(krb5_context, const char*, krb5_keytab);
-    krb5_error_code (*get_name)(krb5_context, krb5_keytab, char*, size_t);
-    krb5_error_code (*close)(krb5_context, krb5_keytab);
-    krb5_error_code (*get)(krb5_context, krb5_keytab, krb5_const_principal, 
-			   krb5_kvno, krb5_enctype, krb5_keytab_entry*);
-    krb5_error_code (*start_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*);
-    krb5_error_code (*next_entry)(krb5_context, krb5_keytab, 
-				  krb5_keytab_entry*, krb5_kt_cursor*);
-    krb5_error_code (*end_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*);
-    krb5_error_code (*add)(krb5_context, krb5_keytab, krb5_keytab_entry*);
-    krb5_error_code (*remove)(krb5_context, krb5_keytab, krb5_keytab_entry*);
-    void *data;
-    int32_t version;
-};
-
-typedef struct krb5_keytab_data krb5_kt_ops;
-
-struct krb5_keytab_key_proc_args {
-    krb5_keytab keytab;
-    krb5_principal principal;
-};
-
-typedef struct krb5_keytab_key_proc_args krb5_keytab_key_proc_args;
-
-typedef struct krb5_replay_data {
-    krb5_timestamp timestamp;
-    int32_t usec;
-    uint32_t seq;
-} krb5_replay_data;
-
-/* flags for krb5_auth_con_setflags */
-enum {
-    KRB5_AUTH_CONTEXT_DO_TIME      		= 1,
-    KRB5_AUTH_CONTEXT_RET_TIME     		= 2,
-    KRB5_AUTH_CONTEXT_DO_SEQUENCE  		= 4,
-    KRB5_AUTH_CONTEXT_RET_SEQUENCE 		= 8,
-    KRB5_AUTH_CONTEXT_PERMIT_ALL   		= 16,
-    KRB5_AUTH_CONTEXT_USE_SUBKEY   		= 32,
-    KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED	= 64
-};
-
-/* flags for krb5_auth_con_genaddrs */
-enum {
-    KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR       = 1,
-    KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR  = 3,
-    KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR      = 4,
-    KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR = 12
-};
-
-typedef struct krb5_auth_context_data {
-    unsigned int flags;
-
-    krb5_address *local_address;
-    krb5_address *remote_address;
-    int16_t local_port;
-    int16_t remote_port;
-    krb5_keyblock *keyblock;
-    krb5_keyblock *local_subkey;
-    krb5_keyblock *remote_subkey;
-
-    uint32_t local_seqnumber;
-    uint32_t remote_seqnumber;
-
-    krb5_authenticator authenticator;
-  
-    krb5_pointer i_vector;
-  
-    krb5_rcache rcache;
-
-    krb5_keytype keytype;	/* �requested key type ? */
-    krb5_cksumtype cksumtype;	/* �requested checksum type! */
-  
-}krb5_auth_context_data, *krb5_auth_context;
-
-typedef struct {
-    KDC_REP kdc_rep;
-    EncKDCRepPart enc_part;
-    KRB_ERROR error;
-} krb5_kdc_rep;
-
-extern const char *heimdal_version, *heimdal_long_version;
-
-typedef void (*krb5_log_log_func_t)(const char*, const char*, void*);
-typedef void (*krb5_log_close_func_t)(void*);
-
-typedef struct krb5_log_facility {
-    char *program;
-    int len;
-    struct facility *val;
-} krb5_log_facility;
-
-typedef EncAPRepPart krb5_ap_rep_enc_part;
-
-#define KRB5_RECVAUTH_IGNORE_VERSION 1
-
-#define KRB5_SENDAUTH_VERSION "KRB5_SENDAUTH_V1.0"
-
-#define KRB5_TGS_NAME_SIZE (6)
-#define KRB5_TGS_NAME ("krbtgt")
-
-#define KRB5_DIGEST_NAME ("digest")
-
-/* variables */
-
-extern const char *krb5_config_file;
-extern const char *krb5_defkeyname;
-
-typedef enum {
-    KRB5_PROMPT_TYPE_PASSWORD		= 0x1,
-    KRB5_PROMPT_TYPE_NEW_PASSWORD	= 0x2,
-    KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN = 0x3,
-    KRB5_PROMPT_TYPE_PREAUTH		= 0x4,
-    KRB5_PROMPT_TYPE_INFO		= 0x5
-} krb5_prompt_type;
-
-typedef struct _krb5_prompt {
-    const char *prompt;
-    int hidden;
-    krb5_data *reply;
-    krb5_prompt_type type;
-} krb5_prompt;
-
-typedef int (*krb5_prompter_fct)(krb5_context /*context*/,
-				 void * /*data*/,
-				 const char * /*name*/,
-				 const char * /*banner*/,
-				 int /*num_prompts*/,
-				 krb5_prompt /*prompts*/[]);
-typedef krb5_error_code (*krb5_key_proc)(krb5_context /*context*/,
-					 krb5_enctype /*type*/,
-					 krb5_salt /*salt*/,
-					 krb5_const_pointer /*keyseed*/,
-					 krb5_keyblock ** /*key*/);
-typedef krb5_error_code (*krb5_decrypt_proc)(krb5_context /*context*/,
-					     krb5_keyblock * /*key*/,
-					     krb5_key_usage /*usage*/,
-					     krb5_const_pointer /*decrypt_arg*/,
-					     krb5_kdc_rep * /*dec_rep*/);
-typedef krb5_error_code (*krb5_s2k_proc)(krb5_context /*context*/,
-					 krb5_enctype /*type*/,
-					 krb5_const_pointer /*keyseed*/,
-					 krb5_salt /*salt*/,
-					 krb5_data * /*s2kparms*/,
-					 krb5_keyblock ** /*key*/);
-
-struct _krb5_get_init_creds_opt_private;
-
-typedef struct _krb5_get_init_creds_opt {
-    krb5_flags flags;
-    krb5_deltat tkt_life;
-    krb5_deltat renew_life;
-    int forwardable;
-    int proxiable;
-    int anonymous;
-    krb5_enctype *etype_list;
-    int etype_list_length;
-    krb5_addresses *address_list;
-    /* XXX the next three should not be used, as they may be
-       removed later */
-    krb5_preauthtype *preauth_list;
-    int preauth_list_length;
-    krb5_data *salt;
-    struct _krb5_get_init_creds_opt_private *opt_private;
-} krb5_get_init_creds_opt;
-
-#define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE	0x0001
-#define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE	0x0002
-#define KRB5_GET_INIT_CREDS_OPT_FORWARDABLE	0x0004
-#define KRB5_GET_INIT_CREDS_OPT_PROXIABLE	0x0008
-#define KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST	0x0010
-#define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST	0x0020
-#define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST	0x0040
-#define KRB5_GET_INIT_CREDS_OPT_SALT		0x0080
-#define KRB5_GET_INIT_CREDS_OPT_ANONYMOUS	0x0100
-#define KRB5_GET_INIT_CREDS_OPT_DISABLE_TRANSITED_CHECK	0x0200
-
-typedef struct _krb5_verify_init_creds_opt {
-    krb5_flags flags;
-    int ap_req_nofail;
-} krb5_verify_init_creds_opt;
-
-#define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL	0x0001
-
-typedef struct krb5_verify_opt {
-    unsigned int flags;
-    krb5_ccache ccache;
-    krb5_keytab keytab;
-    krb5_boolean secure;
-    const char *service;
-} krb5_verify_opt;
-
-#define KRB5_VERIFY_LREALMS		1
-#define KRB5_VERIFY_NO_ADDRESSES	2
-
-extern const krb5_cc_ops krb5_acc_ops;
-extern const krb5_cc_ops krb5_fcc_ops;
-extern const krb5_cc_ops krb5_mcc_ops;
-extern const krb5_cc_ops krb5_kcm_ops;
-
-extern const krb5_kt_ops krb5_fkt_ops;
-extern const krb5_kt_ops krb5_wrfkt_ops;
-extern const krb5_kt_ops krb5_javakt_ops;
-extern const krb5_kt_ops krb5_mkt_ops;
-extern const krb5_kt_ops krb5_akf_ops;
-extern const krb5_kt_ops krb4_fkt_ops;
-extern const krb5_kt_ops krb5_srvtab_fkt_ops;
-extern const krb5_kt_ops krb5_any_ops;
-
-#define KRB5_KPASSWD_VERS_CHANGEPW      1
-#define KRB5_KPASSWD_VERS_SETPW         0xff80
-
-#define KRB5_KPASSWD_SUCCESS	0
-#define KRB5_KPASSWD_MALFORMED	1
-#define KRB5_KPASSWD_HARDERROR	2
-#define KRB5_KPASSWD_AUTHERROR	3
-#define KRB5_KPASSWD_SOFTERROR	4
-#define KRB5_KPASSWD_ACCESSDENIED 5
-#define KRB5_KPASSWD_BAD_VERSION 6
-#define KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7
-
-#define KPASSWD_PORT 464
-
-/* types for the new krbhst interface */
-struct krb5_krbhst_data;
-typedef struct krb5_krbhst_data *krb5_krbhst_handle;
-
-#define KRB5_KRBHST_KDC		1
-#define KRB5_KRBHST_ADMIN	2
-#define KRB5_KRBHST_CHANGEPW	3
-#define KRB5_KRBHST_KRB524	4
-#define KRB5_KRBHST_KCA		5
-
-typedef struct krb5_krbhst_info {
-    enum { KRB5_KRBHST_UDP,
-	   KRB5_KRBHST_TCP,
-	   KRB5_KRBHST_HTTP } proto;
-    unsigned short port;
-    unsigned short def_port;
-    struct addrinfo *ai;
-    struct krb5_krbhst_info *next;
-    char hostname[1]; /* has to come last */
-} krb5_krbhst_info;
-
-/* flags for krb5_krbhst_init_flags (and krb5_send_to_kdc_flags) */
-enum {
-    KRB5_KRBHST_FLAGS_MASTER      = 1,
-    KRB5_KRBHST_FLAGS_LARGE_MSG	  = 2
-};
-
-typedef krb5_error_code (*krb5_send_to_kdc_func)(krb5_context, 
-						 void *, 
-						 krb5_krbhst_info *,
-						 const krb5_data *,
-						 krb5_data *);
-
-/* flags for krb5_parse_name_flags */
-enum {
-    KRB5_PRINCIPAL_PARSE_NO_REALM = 1,
-    KRB5_PRINCIPAL_PARSE_MUST_REALM = 2,
-    KRB5_PRINCIPAL_PARSE_ENTERPRISE = 4
-};
-
-/* flags for krb5_unparse_name_flags */
-enum {
-    KRB5_PRINCIPAL_UNPARSE_SHORT = 1,
-    KRB5_PRINCIPAL_UNPARSE_NO_REALM = 2,
-    KRB5_PRINCIPAL_UNPARSE_DISPLAY = 4
-};
-
-typedef struct krb5_sendto_ctx_data *krb5_sendto_ctx;
-
-#define KRB5_SENDTO_DONE	0
-#define KRB5_SENDTO_RESTART	1
-#define KRB5_SENDTO_CONTINUE	2
-
-typedef krb5_error_code (*krb5_sendto_ctx_func)(krb5_context, krb5_sendto_ctx, void *, const krb5_data *, int *);
-
-struct krb5_plugin;
-enum krb5_plugin_type {
-    PLUGIN_TYPE_DATA = 1,
-    PLUGIN_TYPE_FUNC
-};
-
-struct credentials; /* this is to keep the compiler happy */
-struct getargs;
-struct sockaddr;
-
-#include <krb5-protos.h>
-
-#endif /* __KRB5_H__ */
-
diff --git a/crypto/heimdal/lib/krb5/krb5.moduli b/crypto/heimdal/lib/krb5/krb5.moduli
deleted file mode 100644
index f67d2b29be86..000000000000
--- a/crypto/heimdal/lib/krb5/krb5.moduli
+++ /dev/null
@@ -1,3 +0,0 @@
-# $Id: krb5.moduli 16154 2005-10-08 15:39:42Z lha $
-# comment security-bits-decimal secure-prime(p)-hex generator(g)-hex (q)-hex
-rfc3526-MODP-group14 1760 FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF 02 7FFFFFFFFFFFFFFFE487ED5110B4611A62633145C06E0E68948127044533E63A0105DF531D89CD9128A5043CC71A026EF7CA8CD9E69D218D98158536F92F8A1BA7F09AB6B6A8E122F242DABB312F3F637A262174D31BF6B585FFAE5B7A035BF6F71C35FDAD44CFD2D74F9208BE258FF324943328F6722D9EE1003E5C50B1DF82CC6D241B0E2AE9CD348B1FD47E9267AFC1B2AE91EE51D6CB0E3179AB1042A95DCF6A9483B84B4B36B3861AA7255E4C0278BA3604650C10BE19482F23171B671DF1CF3B960C074301CD93C1D17603D147DAE2AEF837A62964EF15E5FB4AAC0B8C1CCAA4BE754AB5728AE9130C4C7D02880AB9472D455655347FFFFFFFFFFFFFFF
diff --git a/crypto/heimdal/lib/krb5/krb524_convert_creds_kdc.3 b/crypto/heimdal/lib/krb5/krb524_convert_creds_kdc.3
deleted file mode 100644
index 1f4b9bf8a9ec..000000000000
--- a/crypto/heimdal/lib/krb5/krb524_convert_creds_kdc.3
+++ /dev/null
@@ -1,86 +0,0 @@
-.\" Copyright (c) 2004 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb524_convert_creds_kdc.3 15239 2005-05-25 13:19:16Z lha $
-.\"
-.Dd March 20, 2004
-.Dt KRB524_CONVERT_CREDS_KDC 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb524_convert_creds_kdc ,
-.Nm krb524_convert_creds_kdc_ccache
-.Nd converts Kerberos 5 credentials to Kerberos 4 credentials
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fo krb524_convert_creds_kdc
-.Fa "krb5_context context"
-.Fa "krb5_creds *in_cred"
-.Fa "struct credentials *v4creds"
-.Fc
-.Ft krb5_error_code
-.Fo krb524_convert_creds_kdc_ccache
-.Fa "krb5_context context"
-.Fa "krb5_ccache ccache"
-.Fa "krb5_creds *in_cred"
-.Fa "struct credentials *v4creds"
-.Fc
-.Sh DESCRIPTION
-Convert the Kerberos 5 credential to Kerberos 4 credential.
-This is done by sending them to the 524 service in the KDC.
-.Pp
-.Fn krb524_convert_creds_kdc
-converts the Kerberos 5 credential in
-.Fa in_cred
-to Kerberos 4 credential that is stored in
-.Fa credentials .
-.Pp
-.Fn krb524_convert_creds_kdc_ccache
-is diffrent from
-.Fn krb524_convert_creds_kdc
-in that way that if
-.Fa in_cred
-doesn't contain a DES session key, then a new one is fetched from the
-KDC and stored in the cred cache
-.Fa ccache ,
-and then the KDC is queried to convert the credential.
-.Pp
-This interfaces are used to make the migration to Kerberos 5 from
-Kerberos 4 easier.
-There are few services that still need Kerberos 4, and this is mainly
-for compatibility for those services.
-Some services, like AFS, really have Kerberos 5 supports, but still
-uses the 524 interface to make the migration easier.
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5.conf 5
diff --git a/crypto/heimdal/lib/krb5/krb5_425_conv_principal.3 b/crypto/heimdal/lib/krb5/krb5_425_conv_principal.3
deleted file mode 100644
index 16c118f8ace7..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_425_conv_principal.3
+++ /dev/null
@@ -1,224 +0,0 @@
-.\" Copyright (c) 1997-2003 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_425_conv_principal.3 12734 2003-09-03 00:13:07Z lha $
-.\"
-.Dd September  3, 2003
-.Dt KRB5_425_CONV_PRINCIPAL 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_425_conv_principal ,
-.Nm krb5_425_conv_principal_ext ,
-.Nm krb5_524_conv_principal
-.Nd converts to and from version 4 principals
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fn krb5_425_conv_principal "krb5_context context" "const char *name" "const char *instance" "const char *realm" "krb5_principal *principal"
-.Ft krb5_error_code
-.Fn krb5_425_conv_principal_ext "krb5_context context" "const char *name" "const char *instance" "const char *realm" "krb5_boolean (*func)(krb5_context, krb5_principal)" "krb5_boolean resolve" "krb5_principal *principal"
-.Ft krb5_error_code
-.Fn krb5_524_conv_principal "krb5_context context" "const krb5_principal principal" "char *name" "char *instance" "char *realm"
-.Sh DESCRIPTION
-Converting between version 4 and version 5 principals can at best be
-described as a mess.
-.Pp
-A version 4 principal consists of a name, an instance, and a realm. A
-version 5 principal consists of one or more components, and a
-realm. In some cases also the first component/name will differ between
-version 4 and version 5.  Furthermore the second component of a host
-principal will be the fully qualified domain name of the host in
-question, while the instance of a version 4 principal will only
-contain the first part (short hostname).  Because of these problems
-the conversion between principals will have to be site customized.
-.Pp
-.Fn krb5_425_conv_principal_ext
-will try to convert a version 4 principal, given by
-.Fa name ,
-.Fa instance ,
-and
-.Fa realm ,
-to a version 5 principal. This can result in several possible
-principals, and if
-.Fa func
-is non-NULL, it will be called for each candidate principal.
-.Fa func
-should return true if the principal was
-.Dq good .
-To accomplish this,
-.Fn krb5_425_conv_principal_ext
-will look up the name in
-.Pa krb5.conf .
-It first looks in the
-.Li v4_name_convert/host
-subsection, which should contain a list of version 4 names whose
-instance should be treated as a hostname. This list can be specified
-for each realm (in the
-.Li realms
-section), or in the
-.Li libdefaults
-section.  If the name is found the resulting name of the principal
-will be the value of this binding. The instance is then first looked
-up in
-.Li v4_instance_convert
-for the specified realm. If found the resulting value will be used as
-instance (this can be used for special cases), no further attempts
-will be made to find a conversion if this fails (with
-.Fa func ) .
-If the
-.Fa resolve
-parameter is true, the instance will be looked up with
-.Fn gethostbyname .
-This can be a time consuming, error prone, and unsafe operation.  Next
-a list of hostnames will be created from the instance and the
-.Li v4_domains
-variable, which should contain a list of possible domains for the
-specific realm.
-.Pp
-On the other hand, if the name is not found in a
-.Li host
-section, it is looked up in a
-.Li v4_name_convert/plain
-binding. If found here the name will be converted, but the instance
-will be untouched.
-.Pp
-This list of default host-type conversions is compiled-in:
-.Bd -literal -offset indent
-v4_name_convert = {
-	host = {
-		ftp = ftp
-		hprop = hprop
-		imap = imap
-		pop = pop
-		rcmd = host
-		smtp = smtp
-	}
-}
-.Ed
-.Pp
-It will only be used if there isn't an entry for these names in the
-config file, so you can override these defaults.
-.Pp
-.Fn krb5_425_conv_principal
-will call
-.Fn krb5_425_conv_principal_ext
-with
-.Dv NULL
-as
-.Fa func ,
-and the value of
-.Li v4_instance_resolve
-(from the
-.Li libdefaults
-section) as
-.Fa resolve .
-.Pp
-.Fn krb5_524_conv_principal
-basically does the opposite of
-.Fn krb5_425_conv_principal ,
-it just doesn't have to look up any names, but will instead truncate
-instances found to belong to a host principal. The
-.Fa name ,
-.Fa instance ,
-and
-.Fa realm
-should be at least 40 characters long.
-.Sh EXAMPLES
-Since this is confusing an example is in place.
-.Pp
-Assume that we have the
-.Dq foo.com ,
-and
-.Dq bar.com
-domains that have shared a single version 4 realm, FOO.COM. The version 4
-.Pa krb.realms
-file looked like:
-.Bd -literal -offset indent
-foo.com		FOO.COM
-\&.foo.com	FOO.COM
-\&.bar.com	FOO.COM
-.Ed
-.Pp
-A
-.Pa krb5.conf
-file that covers this case might look like:
-.Bd -literal -offset indent
-[libdefaults]
-	v4_instance_resolve = yes
-[realms]
-	FOO.COM = {
-		kdc = kerberos.foo.com
-		v4_instance_convert = {
-			foo = foo.com
-		}
-		v4_domains = foo.com
-	}
-.Ed
-.Pp
-With this setup and the following host table:
-.Bd -literal -offset indent
-foo.com
-a-host.foo.com
-b-host.bar.com
-.Ed
-the following conversions will be made:
-.Bd -literal -offset indent
-rcmd.a-host	-\*(Gt host/a-host.foo.com
-ftp.b-host	-\*(Gt ftp/b-host.bar.com
-pop.foo		-\*(Gt pop/foo.com
-ftp.other	-\*(Gt ftp/other.foo.com
-other.a-host	-\*(Gt other/a-host
-.Ed
-.Pp
-The first three are what you expect. If you remove the
-.Dq v4_domains ,
-the fourth entry will result in an error (since the host
-.Dq other
-can't be found). Even if
-.Dq a-host
-is a valid host name, the last entry will not be converted, since the
-.Dq other
-name is not known to represent a host-type principal.
-If you turn off
-.Dq v4_instance_resolve
-the second example will result in
-.Dq ftp/b-host.foo.com
-(because of the default domain). And all of this is of course only
-valid if you have working name resolving.
-.Sh SEE ALSO
-.Xr krb5_build_principal 3 ,
-.Xr krb5_free_principal 3 ,
-.Xr krb5_parse_name 3 ,
-.Xr krb5_sname_to_principal 3 ,
-.Xr krb5_unparse_name 3 ,
-.Xr krb5.conf 5
diff --git a/crypto/heimdal/lib/krb5/krb5_acl_match_file.3 b/crypto/heimdal/lib/krb5/krb5_acl_match_file.3
deleted file mode 100644
index 342645edd2d2..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_acl_match_file.3
+++ /dev/null
@@ -1,111 +0,0 @@
-.\" Copyright (c) 2004, 2006 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_acl_match_file.3 17534 2006-05-11 22:43:44Z lha $
-.\"
-.Dd May 12, 2006
-.Dt KRB5_ACL_MATCH_FILE 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_acl_match_file ,
-.Nm krb5_acl_match_string
-.Nd ACL matching functions
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.Ft krb5_error_code
-.Fo krb5_acl_match_file
-.Fa "krb5_context context"
-.Fa "const char *file"
-.Fa "const char *format"
-.Fa "..."
-.Fc
-.Ft krb5_error_code
-.Fo krb5_acl_match_string
-.Fa "krb5_context context"
-.Fa "const char *string"
-.Fa "const char *format"
-.Fa "..."
-.Fc
-.Sh DESCRIPTION
-.Nm krb5_acl_match_file
-matches ACL format against each line in a file.
-Lines starting with # are treated like comments and ignored.
-.Pp
-.Nm krb5_acl_match_string
-matches ACL format against a string.
-.Pp
-The ACL format has three format specifiers: s, f, and r.
-Each specifier will retrieve one argument from the variable arguments
-for either matching or storing data.
-The input string is split up using " " and "\et" as a delimiter; multiple
-" " and "\et" in a row are considered to be the same.
-.Pp
-.Bl -tag -width "fXX" -offset indent
-.It s
-Matches a string using
-.Xr strcmp 3
-(case sensitive).
-.It f
-Matches the string with
-.Xr fnmatch 3 .
-The
-.Fa flags
-argument (the last argument) passed to the fnmatch function is 0.
-.It r
-Returns a copy of the string in the char ** passed in; the copy must be
-freed with
-.Xr free 3 .
-There is no need to
-.Xr free 3
-the string on error: the function will clean up and set the pointer to
-.Dv NULL .
-.El
-.Pp
-All unknown format specifiers cause an error.
-.Sh EXAMPLES
-.Bd -literal -offset indent
-char *s;
-
-ret = krb5_acl_match_string(context, "foo", "s", "foo");
-if (ret)
-    krb5_errx(context, 1, "acl didn't match");
-ret = krb5_acl_match_string(context, "foo foo baz/kaka",
-    "ss", "foo", &s, "foo/*");
-if (ret) {
-    /* no need to free(s) on error */
-    assert(s == NULL);
-    krb5_errx(context, 1, "acl didn't match");
-}
-free(s);
-.Ed
-.Sh SEE ALSO
-.Xr krb5 3
diff --git a/crypto/heimdal/lib/krb5/krb5_address.3 b/crypto/heimdal/lib/krb5/krb5_address.3
deleted file mode 100644
index 06f7fa5cd02c..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_address.3
+++ /dev/null
@@ -1,359 +0,0 @@
-.\" Copyright (c) 2003, 2005 - 2006 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_address.3 17461 2006-05-05 13:13:18Z lha $
-.\"
-.Dd May  1, 2006
-.Dt KRB5_ADDRESS 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_address ,
-.Nm krb5_addresses ,
-.Nm krb5_sockaddr2address ,
-.Nm krb5_sockaddr2port ,
-.Nm krb5_addr2sockaddr ,
-.Nm krb5_max_sockaddr_size ,
-.Nm krb5_sockaddr_uninteresting ,
-.Nm krb5_h_addr2sockaddr ,
-.Nm krb5_h_addr2addr ,
-.Nm krb5_anyaddr ,
-.Nm krb5_print_address ,
-.Nm krb5_parse_address ,
-.Nm krb5_address_order ,
-.Nm krb5_address_compare ,
-.Nm krb5_address_search ,
-.Nm krb5_free_address ,
-.Nm krb5_free_addresses ,
-.Nm krb5_copy_address ,
-.Nm krb5_copy_addresses ,
-.Nm krb5_append_addresses ,
-.Nm krb5_make_addrport
-.Nd mange addresses in Kerberos
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Ft krb5_error_code
-.Fo krb5_sockaddr2address
-.Fa "krb5_context context"
-.Fa "const struct sockaddr *sa"
-.Fa "krb5_address *addr"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_sockaddr2port
-.Fa "krb5_context context"
-.Fa "const struct sockaddr *sa"
-.Fa "int16_t *port"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_addr2sockaddr
-.Fa "krb5_context context"
-.Fa "const krb5_address *addr"
-.Fa "struct sockaddr *sa"
-.Fa "krb5_socklen_t *sa_size"
-.Fa "int port"
-.Fc
-.Ft size_t
-.Fo krb5_max_sockaddr_size
-.Fa "void"
-.Fc
-.Ft "krb5_boolean"
-.Fo krb5_sockaddr_uninteresting
-.Fa "const struct sockaddr *sa"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_h_addr2sockaddr
-.Fa "krb5_context context"
-.Fa "int af"
-.Fa "const char *addr"
-.Fa "struct sockaddr *sa"
-.Fa "krb5_socklen_t *sa_size"
-.Fa "int port"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_h_addr2addr
-.Fa "krb5_context context"
-.Fa "int af"
-.Fa "const char *haddr"
-.Fa "krb5_address *addr"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_anyaddr
-.Fa "krb5_context context"
-.Fa "int af"
-.Fa "struct sockaddr *sa"
-.Fa "krb5_socklen_t *sa_size"
-.Fa "int port"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_print_address
-.Fa "const krb5_address *addr"
-.Fa "char *str"
-.Fa "size_t len"
-.Fa "size_t *ret_len"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_parse_address
-.Fa "krb5_context context"
-.Fa "const char *string"
-.Fa "krb5_addresses *addresses"
-.Fc
-.Ft int
-.Fo "krb5_address_order"
-.Fa "krb5_context context"
-.Fa "const krb5_address *addr1"
-.Fa "const krb5_address *addr2"
-.Fc
-.Ft "krb5_boolean"
-.Fo krb5_address_compare
-.Fa "krb5_context context"
-.Fa "const krb5_address *addr1"
-.Fa "const krb5_address *addr2"
-.Fc
-.Ft "krb5_boolean"
-.Fo krb5_address_search
-.Fa "krb5_context context"
-.Fa "const krb5_address *addr"
-.Fa "const krb5_addresses *addrlist"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_free_address
-.Fa "krb5_context context"
-.Fa "krb5_address *address"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_free_addresses
-.Fa "krb5_context context"
-.Fa "krb5_addresses *addresses"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_copy_address
-.Fa "krb5_context context"
-.Fa "const krb5_address *inaddr"
-.Fa "krb5_address *outaddr"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_copy_addresses
-.Fa "krb5_context context"
-.Fa "const krb5_addresses *inaddr"
-.Fa "krb5_addresses *outaddr"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_append_addresses
-.Fa "krb5_context context"
-.Fa "krb5_addresses *dest"
-.Fa "const krb5_addresses *source"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_make_addrport
-.Fa "krb5_context context"
-.Fa "krb5_address **res"
-.Fa "const krb5_address *addr"
-.Fa "int16_t port"
-.Fc
-.Sh DESCRIPTION
-The
-.Li krb5_address
-structure holds a address that can be used in Kerberos API
-calls. There are help functions to set and extract address information
-of the address.
-.Pp
-The
-.Li krb5_addresses
-structure holds a set of krb5_address:es.
-.Pp
-.Fn krb5_sockaddr2address
-stores a address a
-.Li "struct sockaddr"
-.Fa sa
-in the krb5_address
-.Fa addr .
-.Pp
-.Fn krb5_sockaddr2port
-extracts a
-.Fa port
-(if possible) from a
-.Li "struct sockaddr"
-.Fa sa .
-.Pp
-.Fn krb5_addr2sockaddr
-sets the
-struct sockaddr
-.Fa sockaddr
-from
-.Fa addr
-and
-.Fa port .
-The argument
-.Fa sa_size
-should initially contain the size of the
-.Fa sa ,
-and after the call, it will contain the actual length of the address.
-.Pp
-.Fn krb5_max_sockaddr_size
-returns the max size of the
-.Li struct sockaddr
-that the Kerberos library will return.
-.Pp
-.Fn krb5_sockaddr_uninteresting
-returns
-.Dv TRUE
-for all
-.Fa sa
-that the kerberos library thinks are uninteresting.
-One example are link local addresses.
-.Pp
-.Fn krb5_h_addr2sockaddr
-initializes a
-.Li "struct sockaddr"
-.Fa sa
-from
-.Fa af
-and the
-.Li "struct hostent"
-(see
-.Xr gethostbyname 3 )
-.Fa h_addr_list
-component.
-The argument
-.Fa sa_size
-should initially contain the size of the
-.Fa sa ,
-and after the call, it will contain the actual length of the address.
-.Pp
-.Fn krb5_h_addr2addr
-works like
-.Fn krb5_h_addr2sockaddr
-with the exception that it operates on a
-.Li krb5_address
-instead of a
-.Li struct sockaddr .
-.Pp
-.Fn krb5_anyaddr
-fills in a
-.Li "struct sockaddr"
-.Fa sa
-that can be used to
-.Xr bind 2
-to.
-The argument
-.Fa sa_size
-should initially contain the size of the
-.Fa sa ,
-and after the call, it will contain the actual length of the address.
-.Pp
-.Fn krb5_print_address
-prints the address in
-.Fa addr
-to the string
-.Fa string
-that have the length
-.Fa len .
-If
-.Fa ret_len
-is not
-.Dv NULL ,
-it will be filled with the length of the string if size were unlimited (not
-including the final
-.Ql \e0 ) .
-.Pp
-.Fn krb5_parse_address
-Returns the resolved hostname in
-.Fa string
-to the
-.Li krb5_addresses
-.Fa addresses .
-.Pp
-.Fn krb5_address_order
-compares the addresses
-.Fa addr1
-and
-.Fa addr2
-so that it can be used for sorting addresses. If the addresses are the
-same address
-.Fa krb5_address_order
-will return 0.
-.Pp
-.Fn krb5_address_compare
-compares the addresses
-.Fa addr1
-and
-.Fa addr2 .
-Returns
-.Dv TRUE
-if the two addresses are the same.
-.Pp
-.Fn krb5_address_search
-checks if the address
-.Fa addr
-is a member of the address set list
-.Fa addrlist .
-.Pp
-.Fn krb5_free_address
-frees the data stored in the
-.Fa address
-that is alloced with any of the krb5_address functions.
-.Pp
-.Fn krb5_free_addresses
-frees the data stored in the
-.Fa addresses
-that is alloced with any of the krb5_address functions.
-.Pp
-.Fn krb5_copy_address
-copies the content of address
-.Fa inaddr
-to
-.Fa outaddr .
-.Pp
-.Fn krb5_copy_addresses
-copies the content of the address list
-.Fa inaddr
-to
-.Fa outaddr .
-.Pp
-.Fn krb5_append_addresses
-adds the set of addresses in
-.Fa source
-to
-.Fa dest .
-While copying the addresses, duplicates are also sorted out.
-.Pp
-.Fn krb5_make_addrport
-allocates and creates an
-krb5_address in
-.Fa res
-of type KRB5_ADDRESS_ADDRPORT from
-.Fa ( addr , port ) .
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5.conf 5 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_aname_to_localname.3 b/crypto/heimdal/lib/krb5/krb5_aname_to_localname.3
deleted file mode 100644
index a0c3e4b41507..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_aname_to_localname.3
+++ /dev/null
@@ -1,80 +0,0 @@
-.\" Copyright (c) 2003 - 2007 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_aname_to_localname.3 22071 2007-11-14 20:04:50Z lha $
-.\"
-.Dd February 18, 2006
-.Dt KRB5_ANAME_TO_LOCALNAME 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_aname_to_localname
-.Nd converts a principal to a system local name
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_boolean
-.Fo krb5_aname_to_localname
-.Fa "krb5_context context"
-.Fa "krb5_const_principal name"
-.Fa "size_t lnsize"
-.Fa "char *lname"
-.Fc
-.Sh DESCRIPTION
-This function takes a principal
-.Fa name ,
-verifies that it is in the local realm (using
-.Fn krb5_get_default_realms )
-and then returns the local name of the principal.
-.Pp
-If
-.Fa name
-isn't in one of the local realms an error is returned.
-.Pp
-If the size
-.Fa ( lnsize )
-of the local name
-.Fa ( lname )
-is too small, an error is returned.
-.Pp
-.Fn krb5_aname_to_localname
-should only be use by an application that implements protocols that
-don't transport the login name and thus needs to convert a principal
-to a local name.
-.Pp
-Protocols should be designed so that they authenticate using
-Kerberos, send over the login name and then verify the principal
-that is authenticated is allowed to login and the login name.
-A way to check if a user is allowed to login is using the function
-.Fn krb5_kuserok .
-.Sh SEE ALSO
-.Xr krb5_get_default_realms 3 ,
-.Xr krb5_kuserok 3
diff --git a/crypto/heimdal/lib/krb5/krb5_appdefault.3 b/crypto/heimdal/lib/krb5/krb5_appdefault.3
deleted file mode 100644
index f5b532937db4..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_appdefault.3
+++ /dev/null
@@ -1,88 +0,0 @@
-.\" Copyright (c) 2000 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_appdefault.3 12329 2003-05-26 14:09:04Z lha $
-.\"
-.Dd July 25, 2000
-.Dt KRB5_APPDEFAULT 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_appdefault_boolean ,
-.Nm krb5_appdefault_string ,
-.Nm krb5_appdefault_time
-.Nd get application configuration value
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft void
-.Fn krb5_appdefault_boolean "krb5_context context" "const char *appname" "krb5_realm realm" "const char *option" "krb5_boolean def_val" "krb5_boolean *ret_val"
-.Ft void
-.Fn krb5_appdefault_string "krb5_context context" "const char *appname" "krb5_realm realm" "const char *option" "const char *def_val" "char **ret_val"
-.Ft void
-.Fn krb5_appdefault_time "krb5_context context" "const char *appname" "krb5_realm realm" "const char *option" "time_t def_val" "time_t *ret_val"
-.Sh DESCRIPTION
-These functions get application defaults from the
-.Dv appdefaults
-section of the
-.Xr krb5.conf 5
-configuration file. These defaults can be specified per application,
-and/or per realm.
-.Pp
-These values will be looked for in
-.Xr krb5.conf 5 ,
-in order of descending importance.
-.Bd -literal -offset indent
-[appdefaults]
-	appname = {
-		realm = {
-			option = value
-		}
-	}
-	appname = {
-		option = value
-	}
-	realm = {
-		option = value
-	}
-	option = value
-.Ed
-.Fa appname
-is the name of the application, and
-.Fa realm
-is the realm name. If the realm is omitted it will not be used for
-resolving values.
-.Fa def_val
-is the value to return if no value is found in
-.Xr krb5.conf 5 .
-.Sh SEE ALSO
-.Xr krb5_config 3 ,
-.Xr krb5.conf 5
diff --git a/crypto/heimdal/lib/krb5/krb5_auth_context.3 b/crypto/heimdal/lib/krb5/krb5_auth_context.3
deleted file mode 100644
index 66d150ef8589..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_auth_context.3
+++ /dev/null
@@ -1,395 +0,0 @@
-.\" Copyright (c) 2001 - 2005 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_auth_context.3 15240 2005-05-25 13:47:58Z lha $
-.\"
-.Dd May 17, 2005
-.Dt KRB5_AUTH_CONTEXT 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_auth_con_addflags ,
-.Nm krb5_auth_con_free ,
-.Nm krb5_auth_con_genaddrs ,
-.Nm krb5_auth_con_generatelocalsubkey ,
-.Nm krb5_auth_con_getaddrs ,
-.Nm krb5_auth_con_getauthenticator ,
-.Nm krb5_auth_con_getflags ,
-.Nm krb5_auth_con_getkey ,
-.Nm krb5_auth_con_getlocalsubkey ,
-.Nm krb5_auth_con_getrcache ,
-.Nm krb5_auth_con_getremotesubkey ,
-.Nm krb5_auth_con_getuserkey ,
-.Nm krb5_auth_con_init ,
-.Nm krb5_auth_con_initivector ,
-.Nm krb5_auth_con_removeflags ,
-.Nm krb5_auth_con_setaddrs ,
-.Nm krb5_auth_con_setaddrs_from_fd ,
-.Nm krb5_auth_con_setflags ,
-.Nm krb5_auth_con_setivector ,
-.Nm krb5_auth_con_setkey ,
-.Nm krb5_auth_con_setlocalsubkey ,
-.Nm krb5_auth_con_setrcache ,
-.Nm krb5_auth_con_setremotesubkey ,
-.Nm krb5_auth_con_setuserkey ,
-.Nm krb5_auth_context ,
-.Nm krb5_auth_getcksumtype ,
-.Nm krb5_auth_getkeytype ,
-.Nm krb5_auth_getlocalseqnumber ,
-.Nm krb5_auth_getremoteseqnumber ,
-.Nm krb5_auth_setcksumtype ,
-.Nm krb5_auth_setkeytype ,
-.Nm krb5_auth_setlocalseqnumber ,
-.Nm krb5_auth_setremoteseqnumber ,
-.Nm krb5_free_authenticator
-.Nd manage authentication on connection level
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fo krb5_auth_con_init
-.Fa "krb5_context context"
-.Fa "krb5_auth_context *auth_context"
-.Fc
-.Ft void
-.Fo krb5_auth_con_free
-.Fa "krb5_context context"
-.Fa "krb5_auth_context auth_context"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_auth_con_setflags
-.Fa "krb5_context context"
-.Fa "krb5_auth_context auth_context"
-.Fa "int32_t flags"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_auth_con_getflags
-.Fa "krb5_context context"
-.Fa "krb5_auth_context auth_context"
-.Fa "int32_t *flags"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_auth_con_addflags
-.Fa "krb5_context context"
-.Fa "krb5_auth_context auth_context"
-.Fa "int32_t addflags"
-.Fa "int32_t *flags"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_auth_con_removeflags
-.Fa "krb5_context context"
-.Fa "krb5_auth_context auth_context"
-.Fa "int32_t removelags"
-.Fa "int32_t *flags"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_auth_con_setaddrs
-.Fa "krb5_context context"
-.Fa "krb5_auth_context auth_context"
-.Fa "krb5_address *local_addr"
-.Fa "krb5_address *remote_addr"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_auth_con_getaddrs
-.Fa "krb5_context context"
-.Fa "krb5_auth_context auth_context"
-.Fa "krb5_address **local_addr"
-.Fa "krb5_address **remote_addr"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_auth_con_genaddrs
-.Fa "krb5_context context"
-.Fa "krb5_auth_context auth_context"
-.Fa "int fd"
-.Fa "int flags"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_auth_con_setaddrs_from_fd
-.Fa "krb5_context context"
-.Fa "krb5_auth_context auth_context"
-.Fa "void *p_fd"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_auth_con_getkey
-.Fa "krb5_context context"
-.Fa "krb5_auth_context auth_context"
-.Fa "krb5_keyblock **keyblock"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_auth_con_getlocalsubkey
-.Fa "krb5_context context"
-.Fa "krb5_auth_context auth_context"
-.Fa "krb5_keyblock **keyblock"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_auth_con_getremotesubkey
-.Fa "krb5_context context"
-.Fa "krb5_auth_context auth_context"
-.Fa "krb5_keyblock **keyblock"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_auth_con_generatelocalsubkey
-.Fa "krb5_context context"
-.Fa "krb5_auth_context auth_context"
-.Fa krb5_keyblock *key"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_auth_con_initivector
-.Fa "krb5_context context"
-.Fa "krb5_auth_context auth_context"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_auth_con_setivector
-.Fa "krb5_context context"
-.Fa "krb5_auth_context *auth_context"
-.Fa "krb5_pointer ivector"
-.Fc
-.Ft void
-.Fo krb5_free_authenticator
-.Fa "krb5_context context"
-.Fa "krb5_authenticator *authenticator"
-.Fc
-.Sh DESCRIPTION
-The
-.Nm krb5_auth_context
-structure holds all context related to an authenticated connection, in
-a similar way to
-.Nm krb5_context
-that holds the context for the thread or process.
-.Nm krb5_auth_context
-is used by various functions that are directly related to
-authentication between the server/client. Example of data that this
-structure contains are various flags, addresses of client and server,
-port numbers, keyblocks (and subkeys), sequence numbers, replay cache,
-and checksum-type.
-.Pp
-.Fn krb5_auth_con_init
-allocates and initializes the
-.Nm krb5_auth_context
-structure. Default values can be changed with
-.Fn krb5_auth_con_setcksumtype
-and
-.Fn krb5_auth_con_setflags .
-The
-.Nm auth_context
-structure must be freed by
-.Fn krb5_auth_con_free .
-.Pp
-.Fn krb5_auth_con_getflags ,
-.Fn krb5_auth_con_setflags ,
-.Fn krb5_auth_con_addflags
-and
-.Fn krb5_auth_con_removeflags
-gets and modifies the flags for a
-.Nm krb5_auth_context
-structure. Possible flags to set are:
-.Bl -tag -width Ds
-.It Dv KRB5_AUTH_CONTEXT_DO_SEQUENCE
-Generate and check sequence-number on each packet.
-.It Dv KRB5_AUTH_CONTEXT_DO_TIME
-Check timestamp on incoming packets.
-.It Dv KRB5_AUTH_CONTEXT_RET_SEQUENCE , Dv KRB5_AUTH_CONTEXT_RET_TIME
-Return sequence numbers and time stamps in the outdata parameters.
-.It Dv KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED
-will force
-.Fn krb5_get_forwarded_creds
-and
-.Fn krb5_fwd_tgt_creds
-to create unencrypted )
-.Dv ENCTYPE_NULL )
-credentials.
-This is for use with old MIT server and JAVA based servers as
-they can't handle encrypted
-.Dv KRB-CRED .
-Note that sending such
-.Dv KRB-CRED
-is clear exposes crypto keys and tickets and is insecure,
-make sure the packet is encrypted in the protocol.
-.Xr krb5_rd_cred 3 ,
-.Xr krb5_rd_priv 3 ,
-.Xr krb5_rd_safe 3 ,
-.Xr krb5_mk_priv 3
-and
-.Xr krb5_mk_safe 3 .
-Setting this flag requires that parameter to be passed to these
-functions.
-.Pp
-The flags
-.Dv KRB5_AUTH_CONTEXT_DO_TIME
-also modifies the behavior the function
-.Fn krb5_get_forwarded_creds
-by removing the timestamp in the forward credential message, this have
-backward compatibility problems since not all versions of the heimdal
-supports timeless credentional messages.
-Is very useful since it always the sender of the message to cache
-forward message and thus avoiding a round trip to the KDC for each
-time a credential is forwarded.
-The same functionality can be obtained by using address-less tickets.
-.\".It Dv KRB5_AUTH_CONTEXT_PERMIT_ALL
-.El
-.Pp
-.Fn krb5_auth_con_setaddrs ,
-.Fn krb5_auth_con_setaddrs_from_fd
-and
-.Fn krb5_auth_con_getaddrs
-gets and sets the addresses that are checked when a packet is received.
-It is mandatory to set an address for the remote
-host. If the local address is not set, it iss deduced from the underlaying
-operating system.
-.Fn krb5_auth_con_getaddrs
-will call
-.Fn krb5_free_address
-on any address that is passed in
-.Fa local_addr
-or
-.Fa remote_addr .
-.Fn krb5_auth_con_setaddr
-allows passing in a
-.Dv NULL
-pointer as
-.Fa local_addr
-and
-.Fa remote_addr ,
-in that case it will just not set that address.
-.Pp
-.Fn krb5_auth_con_setaddrs_from_fd
-fetches the addresses from a file descriptor.
-.Pp
-.Fn krb5_auth_con_genaddrs
-fetches the address information from the given file descriptor
-.Fa fd
-depending on the bitmap argument
-.Fa flags .
-.Pp
-Possible values on
-.Fa flags
-are:
-.Bl -tag -width Ds
-.It Va KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR
-fetches the local address from
-.Fa fd .
-.It Va KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR
-fetches the remote address from
-.Fa fd .
-.El
-.Pp
-.Fn krb5_auth_con_setkey ,
-.Fn krb5_auth_con_setuserkey
-and
-.Fn krb5_auth_con_getkey
-gets and sets the key used for this auth context. The keyblock returned by
-.Fn krb5_auth_con_getkey
-should be freed with
-.Fn krb5_free_keyblock .
-The keyblock send into
-.Fn krb5_auth_con_setkey
-is copied into the
-.Nm krb5_auth_context ,
-and thus no special handling is needed.
-.Dv NULL
-is not a valid keyblock to
-.Fn krb5_auth_con_setkey .
-.Pp
-.Fn krb5_auth_con_setuserkey
-is only useful when doing user to user authentication.
-.Fn krb5_auth_con_setkey
-is equivalent to
-.Fn krb5_auth_con_setuserkey .
-.Pp
-.Fn krb5_auth_con_getlocalsubkey ,
-.Fn krb5_auth_con_setlocalsubkey ,
-.Fn krb5_auth_con_getremotesubkey
-and
-.Fn krb5_auth_con_setremotesubkey
-gets and sets the keyblock for the local and remote subkey.
-The keyblock returned by
-.Fn krb5_auth_con_getlocalsubkey
-and
-.Fn krb5_auth_con_getremotesubkey
-must be freed with
-.Fn krb5_free_keyblock .
-.Pp
-.Fn krb5_auth_setcksumtype
-and
-.Fn krb5_auth_getcksumtype
-sets and gets the checksum type that should be used for this
-connection.
-.Pp
-.Fn krb5_auth_con_generatelocalsubkey
-generates a local subkey that have the same encryption type as
-.Fa key .
-.Pp
-.Fn krb5_auth_getremoteseqnumber
-.Fn krb5_auth_setremoteseqnumber ,
-.Fn krb5_auth_getlocalseqnumber
-and
-.Fn krb5_auth_setlocalseqnumber
-gets and sets the sequence-number for the local and remote
-sequence-number counter.
-.Pp
-.Fn krb5_auth_setkeytype
-and
-.Fn krb5_auth_getkeytype
-gets and gets the keytype of the keyblock in
-.Nm krb5_auth_context .
-.Pp
-.Fn krb5_auth_con_getauthenticator
-Retrieves the authenticator that was used during mutual
-authentication. The
-.Dv authenticator
-returned should be freed by calling
-.Fn krb5_free_authenticator .
-.Pp
-.Fn krb5_auth_con_getrcache
-and
-.Fn krb5_auth_con_setrcache
-gets and sets the replay-cache.
-.Pp
-.Fn krb5_auth_con_initivector
-allocates memory for and zeros the initial vector in the
-.Fa auth_context
-keyblock.
-.Pp
-.Fn krb5_auth_con_setivector
-sets the i_vector portion of
-.Fa auth_context
-to
-.Fa ivector .
-.Pp
-.Fn krb5_free_authenticator
-free the content of
-.Fa authenticator
-and
-.Fa authenticator
-itself.
-.Sh SEE ALSO
-.Xr krb5_context 3 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_build_principal.3 b/crypto/heimdal/lib/krb5/krb5_build_principal.3
deleted file mode 100644
index e74c7543bd74..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_build_principal.3
+++ /dev/null
@@ -1,101 +0,0 @@
-.\" Copyright (c) 1997, 2001 - 2002 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\"
-.\" $Id: krb5_build_principal.3,v 1.7 2003/04/16 13:58:14 lha Exp $
-.\"
-.Dd August 8, 1997
-.Dt KRB5_BUILD_PRINCIPAL 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_build_principal ,
-.Nm krb5_build_principal_ext ,
-.Nm krb5_build_principal_va ,
-.Nm krb5_build_principal_va_ext ,
-.Nm krb5_make_principal
-.Nd principal creation functions
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fn krb5_build_principal "krb5_context context" "krb5_principal *principal" "int realm_len" "krb5_const_realm realm" "..."
-.Ft krb5_error_code
-.Fn krb5_build_principal_ext "krb5_context context" "krb5_principal *principal" "int realm_len" "krb5_const_realm realm" "..."
-.Ft krb5_error_code
-.Fn krb5_build_principal_va "krb5_context context" "krb5_principal *principal" "int realm_len" "krb5_const_realm realm" "va_list ap"
-.Ft krb5_error_code
-.Fn krb5_build_principal_va_ext "krb5_context context" "krb5_principal *principal" "int realm_len" "krb5_const_realm realm" "va_list ap"
-.Ft krb5_error_code
-.Fn krb5_make_principal "krb5_context context" "krb5_principal *principal" "krb5_const_realm realm" "..."
-.Sh DESCRIPTION
-These functions create a Kerberos 5 principal from a realm and a list
-of components.
-All of these functions return an allocated principal in the
-.Fa principal
-parameter, this should be freed with
-.Fn krb5_free_principal
-after use.
-.Pp
-The
-.Dq build
-functions take a
-.Fa realm
-and the length of the realm.  The
-.Fn krb5_build_principal
-and
-.Fn krb5_build_principal_va
-also takes a list of components (zero-terminated strings), terminated
-with
-.Dv NULL .
-The
-.Fn krb5_build_principal_ext
-and
-.Fn krb5_build_principal_va_ext
-takes a list of length-value pairs, the list is terminated with a zero
-length.
-.Pp
-The
-.Fn krb5_make_principal
-is a wrapper around
-.Fn krb5_build_principal .
-If the realm is
-.Dv NULL ,
-the default realm will be used.
-.Sh BUGS
-You can not have a NUL in a component. Until someone can give a good
-example of where it would be a good idea to have NUL's in a component,
-this will not be fixed.
-.Sh SEE ALSO
-.Xr krb5_425_conv_principal 3 ,
-.Xr krb5_free_principal 3 ,
-.Xr krb5_parse_name 3 ,
-.Xr krb5_sname_to_principal 3 ,
-.Xr krb5_unparse_name 3
diff --git a/crypto/heimdal/lib/krb5/krb5_c_make_checksum.3 b/crypto/heimdal/lib/krb5/krb5_c_make_checksum.3
deleted file mode 100644
index a323ccee1d32..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_c_make_checksum.3
+++ /dev/null
@@ -1,297 +0,0 @@
-.\" Copyright (c) 2003 - 2006 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_c_make_checksum.3 19066 2006-11-17 22:09:25Z lha $
-.\"
-.Dd Nov  17, 2006
-.Dt KRB5_C_MAKE_CHECKSUM 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_c_block_size ,
-.Nm krb5_c_decrypt ,
-.Nm krb5_c_encrypt ,
-.Nm krb5_c_encrypt_length ,
-.Nm krb5_c_enctype_compare ,
-.Nm krb5_c_get_checksum ,
-.Nm krb5_c_is_coll_proof_cksum ,
-.Nm krb5_c_is_keyed_cksum ,
-.Nm krb5_c_keylength ,
-.Nm krb5_c_make_checksum ,
-.Nm krb5_c_make_random_key ,
-.Nm krb5_c_set_checksum ,
-.Nm krb5_c_valid_cksumtype ,
-.Nm krb5_c_valid_enctype ,
-.Nm krb5_c_verify_checksum ,
-.Nm krb5_c_checksum_length
-.Nd Kerberos 5 crypto API
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Ft krb5_error_code
-.Fo krb5_c_block_size
-.Fa "krb5_context context"
-.Fa "krb5_enctype enctype"
-.Fa "size_t *blocksize"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_c_decrypt
-.Fa "krb5_context context"
-.Fa "const krb5_keyblock key"
-.Fa "krb5_keyusage usage"
-.Fa "const krb5_data *ivec"
-.Fa "krb5_enc_data *input"
-.Fa "krb5_data *output"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_c_encrypt
-.Fa "krb5_context context"
-.Fa "const krb5_keyblock *key"
-.Fa "krb5_keyusage usage"
-.Fa "const krb5_data *ivec"
-.Fa "const krb5_data *input"
-.Fa "krb5_enc_data *output"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_c_encrypt_length
-.Fa "krb5_context context"
-.Fa "krb5_enctype enctype"
-.Fa "size_t inputlen"
-.Fa "size_t *length"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_c_enctype_compare
-.Fa "krb5_context context"
-.Fa "krb5_enctype e1"
-.Fa "krb5_enctype e2"
-.Fa "krb5_boolean *similar"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_c_make_random_key
-.Fa "krb5_context context"
-.Fa "krb5_enctype enctype"
-.Fa "krb5_keyblock *random_key"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_c_make_checksum
-.Fa "krb5_context context"
-.Fa "krb5_cksumtype cksumtype"
-.Fa "const krb5_keyblock *key"
-.Fa "krb5_keyusage usage"
-.Fa "const krb5_data *input"
-.Fa "krb5_checksum *cksum"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_c_verify_checksum
-.Fa "krb5_context context
-.Fa "const krb5_keyblock *key"
-.Fa "krb5_keyusage usage"
-.Fa "const krb5_data *data"
-.Fa "const krb5_checksum *cksum"
-.Fa "krb5_boolean *valid"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_c_checksum_length
-.Fa "krb5_context context"
-.Fa "krb5_cksumtype cksumtype"
-.Fa "size_t *length"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_c_get_checksum
-.Fa "krb5_context context"
-.Fa "const krb5_checksum *cksum"
-.Fa "krb5_cksumtype *type"
-.Fa "krb5_data **data"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_c_set_checksum
-.Fa "krb5_context context"
-.Fa "krb5_checksum *cksum"
-.Fa "krb5_cksumtype type"
-.Fa "const krb5_data *data"
-.Fc
-.Ft krb5_boolean
-.Fo krb5_c_valid_enctype
-.Fa krb5_enctype etype"
-.Fc
-.Ft krb5_boolean
-.Fo krb5_c_valid_cksumtype
-.Fa "krb5_cksumtype ctype"
-.Fc
-.Ft krb5_boolean
-.Fo krb5_c_is_coll_proof_cksum
-.Fa "krb5_cksumtype ctype"
-.Fc
-.Ft krb5_boolean
-.Fo krb5_c_is_keyed_cksum
-.Fa "krb5_cksumtype ctype"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_c_keylengths
-.Fa "krb5_context context"
-.Fa "krb5_enctype enctype"
-.Fa "size_t *inlength"
-.Fa "size_t *keylength"
-.Fc
-.Sh DESCRIPTION
-The functions starting with krb5_c are compat functions with MIT kerberos.
-.Pp
-The
-.Li krb5_enc_data
-structure holds and encrypted data.
-There are two public accessable members of
-.Li krb5_enc_data .
-.Li enctype
-that holds the encryption type of the data encrypted and
-.Li ciphertext
-that is a
-.Ft krb5_data
-that might contain the encrypted data.
-.Pp
-.Fn krb5_c_block_size
-returns the blocksize of the encryption type.
-.Pp
-.Fn krb5_c_decrypt
-decrypts
-.Fa input
-and store the data in
-.Fa output.
-If 
-.Fa ivec
-is
-.Dv NULL
-the default initialization vector for that encryption type will be used.
-.Pp
-.Fn krb5_c_encrypt
-encrypts the plaintext in
-.Fa input
-and store the ciphertext in
-.Fa output .
-.Pp
-.Fn krb5_c_encrypt_length
-returns the length the encrypted data given the plaintext length.
-.Pp
-.Fn krb5_c_enctype_compare
-compares to encryption types and returns if they use compatible
-encryption key types.
-.Pp
-.Fn krb5_c_make_checksum
-creates a checksum
-.Fa cksum
-with the checksum type
-.Fa cksumtype
-of the data in
-.Fa data .
-.Fa key
-and
-.Fa usage
-are used if the checksum is a keyed checksum type.
-Returns 0 or an error code.
-.Pp
-.Fn krb5_c_verify_checksum
-verifies the checksum
-of
-.Fa data
-in
-.Fa cksum
-that was created with
-.Fa key
-using the key usage
-.Fa usage .
-.Fa verify
-is set to non-zero if the checksum verifies correctly and zero if not.
-Returns 0 or an error code.
-.Pp
-.Fn krb5_c_checksum_length
-returns the length of the checksum.
-.Pp
-.Fn krb5_c_set_checksum
-sets the
-.Li krb5_checksum
-structure given
-.Fa type
-and
-.Fa data .
-The content of
-.Fa cksum
-should be freeed with
-.Fn krb5_c_free_checksum_contents .
-.Pp
-.Fn krb5_c_get_checksum
-retrieves the components of the
-.Li krb5_checksum .
-structure.
-.Fa data
-should be free with
-.Fn krb5_free_data .
-If some either of
-.Fa data
-or
-.Fa checksum
-is not needed for the application, 
-.Dv NULL
-can be passed in.
-.Pp
-.Fn krb5_c_valid_enctype
-returns true if
-.Fa etype
-is a valid encryption type.
-.Pp
-.Fn krb5_c_valid_cksumtype
-returns true if
-.Fa ctype
-is a valid checksum type.
-.Pp
-.Fn krb5_c_is_keyed_cksum
-return true if
-.Fa ctype
-is a keyed checksum type.
-.Pp
-.Fn krb5_c_is_coll_proof_cksum
-returns true if
-.Fa ctype
-is a collition proof checksum type.
-.Pp
-.Fn krb5_c_keylengths
-return the minimum length (
-.Fa inlength )
-bytes needed to create a key and the
-length (
-.Fa keylength )
-of the resulting key
-for the
-.Fa enctype .
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5_create_checksum 3 ,
-.Xr krb5_free_data 3 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_ccache.3 b/crypto/heimdal/lib/krb5/krb5_ccache.3
deleted file mode 100644
index 3fca5956e7dd..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_ccache.3
+++ /dev/null
@@ -1,517 +0,0 @@
-.\" Copyright (c) 2003 - 2005 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_ccache.3 22071 2007-11-14 20:04:50Z lha $
-.\"
-.Dd October 19, 2005
-.Dt KRB5_CCACHE 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_ccache ,
-.Nm krb5_cc_cursor ,
-.Nm krb5_cc_ops ,
-.Nm krb5_fcc_ops ,
-.Nm krb5_mcc_ops ,
-.Nm krb5_cc_clear_mcred ,
-.Nm krb5_cc_close ,
-.Nm krb5_cc_copy_cache ,
-.Nm krb5_cc_default ,
-.Nm krb5_cc_default_name ,
-.Nm krb5_cc_destroy ,
-.Nm krb5_cc_end_seq_get ,
-.Nm krb5_cc_gen_new ,
-.Nm krb5_cc_get_full_name ,
-.Nm krb5_cc_get_name ,
-.Nm krb5_cc_get_ops ,
-.Nm krb5_cc_get_prefix_ops ,
-.Nm krb5_cc_get_principal ,
-.Nm krb5_cc_get_type ,
-.Nm krb5_cc_get_version ,
-.Nm krb5_cc_initialize ,
-.Nm krb5_cc_next_cred ,
-.Nm krb5_cc_next_cred_match ,
-.Nm krb5_cc_new_unique ,
-.Nm krb5_cc_register ,
-.Nm krb5_cc_remove_cred ,
-.Nm krb5_cc_resolve ,
-.Nm krb5_cc_retrieve_cred ,
-.Nm krb5_cc_set_default_name ,
-.Nm krb5_cc_set_flags ,
-.Nm krb5_cc_start_seq_get ,
-.Nm krb5_cc_store_cred
-.Nd mange credential cache
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Li "struct krb5_ccache;"
-.Pp
-.Li "struct krb5_cc_cursor;"
-.Pp
-.Li "struct krb5_cc_ops;"
-.Pp
-.Li "struct krb5_cc_ops *krb5_fcc_ops;"
-.Pp
-.Li "struct krb5_cc_ops *krb5_mcc_ops;"
-.Pp
-.Ft void
-.Fo krb5_cc_clear_mcred
-.Fa "krb5_creds *mcred"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_close
-.Fa "krb5_context context"
-.Fa "krb5_ccache id"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_copy_cache
-.Fa "krb5_context context"
-.Fa "const krb5_ccache from"
-.Fa "krb5_ccache to"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_default
-.Fa "krb5_context context"
-.Fa "krb5_ccache *id"
-.Fc
-.Ft "const char *"
-.Fo krb5_cc_default_name
-.Fa "krb5_context context"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_destroy
-.Fa "krb5_context context"
-.Fa "krb5_ccache id"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_end_seq_get
-.Fa "krb5_context context"
-.Fa "const krb5_ccache id"
-.Fa "krb5_cc_cursor *cursor"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_gen_new
-.Fa "krb5_context context"
-.Fa "const krb5_cc_ops *ops"
-.Fa "krb5_ccache *id"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_get_full_name
-.Fa "krb5_context context"
-.Fa "krb5_ccache id"
-.Fa "char **str"
-.Fc
-.Ft "const char *"
-.Fo krb5_cc_get_name
-.Fa "krb5_context context"
-.Fa "krb5_ccache id"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_get_principal
-.Fa "krb5_context context"
-.Fa "krb5_ccache id"
-.Fa "krb5_principal *principal"
-.Fc
-.Ft "const char *"
-.Fo krb5_cc_get_type
-.Fa "krb5_context context"
-.Fa "krb5_ccache id"
-.Fc
-.Ft "const krb5_cc_ops *"
-.Fo krb5_cc_get_ops
-.Fa "krb5_context context"
-.Fa "krb5_ccache id"
-.Fc
-.Ft "const krb5_cc_ops *"
-.Fo krb5_cc_get_prefix_ops
-.Fa "krb5_context context"
-.Fa "const char *prefix"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_get_version
-.Fa "krb5_context context"
-.Fa "const krb5_ccache id"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_initialize
-.Fa "krb5_context context"
-.Fa "krb5_ccache id"
-.Fa "krb5_principal primary_principal"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_register
-.Fa "krb5_context context"
-.Fa "const krb5_cc_ops *ops"
-.Fa "krb5_boolean override"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_resolve
-.Fa "krb5_context context"
-.Fa "const char *name"
-.Fa "krb5_ccache *id"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_retrieve_cred
-.Fa "krb5_context context"
-.Fa "krb5_ccache id"
-.Fa "krb5_flags whichfields"
-.Fa "const krb5_creds *mcreds"
-.Fa "krb5_creds *creds"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_remove_cred
-.Fa "krb5_context context"
-.Fa "krb5_ccache id"
-.Fa "krb5_flags which"
-.Fa "krb5_creds *cred"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_set_default_name
-.Fa "krb5_context context"
-.Fa "const char *name"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_start_seq_get
-.Fa "krb5_context context"
-.Fa "const krb5_ccache id"
-.Fa "krb5_cc_cursor *cursor"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_store_cred
-.Fa "krb5_context context"
-.Fa "krb5_ccache id"
-.Fa "krb5_creds *creds"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_set_flags
-.Fa "krb5_context context"
-.Fa "krb5_cc_set_flags id"
-.Fa "krb5_flags flags"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_next_cred
-.Fa "krb5_context context"
-.Fa "const krb5_ccache id"
-.Fa "krb5_cc_cursor *cursor"
-.Fa "krb5_creds *creds"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_next_cred_match
-.Fa "krb5_context context"
-.Fa "const krb5_ccache id"
-.Fa "krb5_cc_cursor *cursor"
-.Fa "krb5_creds *creds"
-.Fa "krb5_flags whichfields"
-.Fa "const krb5_creds *mcreds"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_new_unique
-.Fa "krb5_context context"
-.Fa "const char *type"
-.Fa "const char *hint"
-.Fa "krb5_ccache *id"
-.Fc
-.Sh DESCRIPTION
-The
-.Li krb5_ccache
-structure holds a Kerberos credential cache.
-.Pp
-The
-.Li krb5_cc_cursor
-structure holds current position in a credential cache when
-iterating over the cache.
-.Pp
-The
-.Li krb5_cc_ops
-structure holds a set of operations that can me preformed on a
-credential cache.
-.Pp
-There is no component inside
-.Li krb5_ccache ,
-.Li krb5_cc_cursor
-nor
-.Li krb5_fcc_ops
-that is directly referable.
-.Pp
-The
-.Li krb5_creds
-holds a Kerberos credential, see manpage for
-.Xr krb5_creds 3 .
-.Pp
-.Fn krb5_cc_default_name
-and
-.Fn krb5_cc_set_default_name
-gets and sets the default name for the
-.Fa context .
-.Pp
-.Fn krb5_cc_default
-opens the default credential cache in
-.Fa id .
-Return 0 or an error code.
-.Pp
-.Fn krb5_cc_gen_new
-generates a new credential cache of type
-.Fa ops
-in
-.Fa id .
-Return 0 or an error code.
-The Heimdal version of this function also runs
-.Fn krb5_cc_initialize
-on the credential cache, but since the MIT version doesn't, portable
-code must call krb5_cc_initialize.
-.Pp
-.Fn krb5_cc_new_unique
-generates a new unique credential cache of
-.Fa type
-in
-.Fa id .
-If type is
-.Dv NULL ,
-the library chooses the default credential cache type.
-The supplied
-.Fa hint
-(that can be
-.Dv NULL )
-is a string that the credential cache type can use to base the name of
-the credential on, this is to make it easier for the user to
-differentiate the credentials.
-The returned credential cache
-.Fa id
-should be freed using
-.Fn krb5_cc_close
-or
-.Fn krb5_cc_destroy .
-Returns 0 or an error code.
-.Pp
-.Fn krb5_cc_resolve
-finds and allocates a credential cache in
-.Fa id
-from the specification in
-.Fa residual .
-If the credential cache name doesn't contain any colon (:), interpret it as a
-file name.
-Return 0 or an error code.
-.Pp
-.Fn krb5_cc_initialize
-creates a new credential cache in
-.Fa id
-for
-.Fa primary_principal .
-Return 0 or an error code.
-.Pp
-.Fn krb5_cc_close
-stops using the credential cache
-.Fa id
-and frees the related resources.
-Return 0 or an error code.
-.Fn krb5_cc_destroy
-removes the credential cache
-and closes (by calling
-.Fn krb5_cc_close )
-.Fa id .
-Return 0 or an error code.
-.Pp
-.Fn krb5_cc_copy_cache
-copys the contents of
-.Fa from
-to
-.Fa to .
-.Pp
-.Fn krb5_cc_get_full_name
-returns the complete resolvable name of the credential cache
-.Fa id
-in
-.Fa str .
-.Fa str
-should be freed with
-.Xr free 3 .
-Returns 0 or an error, on error
-.Fa *str
-is set to
-.Dv NULL .
-.Pp
-.Fn krb5_cc_get_name
-returns the name of the credential cache
-.Fa id .
-.Pp
-.Fn krb5_cc_get_principal
-returns the principal of
-.Fa id
-in
-.Fa principal .
-Return 0 or an error code.
-.Pp
-.Fn krb5_cc_get_type
-returns the type of the credential cache
-.Fa id .
-.Pp
-.Fn krb5_cc_get_ops
-returns the ops of the credential cache
-.Fa id .
-.Pp
-.Fn krb5_cc_get_version
-returns the version of
-.Fa id .
-.Pp
-.Fn krb5_cc_register
-Adds a new credential cache type with operations
-.Fa ops ,
-overwriting any existing one if
-.Fa override .
-Return an error code or 0.
-.Pp
-.Fn krb5_cc_get_prefix_ops
-Get the cc ops that is registered in
-.Fa context
-to handle the
-.Fa prefix .
-Returns
-.Dv NULL
-if ops not found.
-.Pp
-.Fn krb5_cc_remove_cred
-removes the credential identified by
-.Fa ( cred ,
-.Fa which )
-from
-.Fa id .
-.Pp
-.Fn krb5_cc_store_cred
-stores
-.Fa creds
-in the credential cache
-.Fa id .
-Return 0 or an error code.
-.Pp
-.Fn krb5_cc_set_flags
-sets the flags of
-.Fa id
-to
-.Fa flags .
-.Pp
-.Fn krb5_cc_clear_mcred
-clears the
-.Fa mcreds
-argument so it is reset and can be used with
-.Fa krb5_cc_retrieve_cred .
-.Pp
-.Fn krb5_cc_retrieve_cred ,
-retrieves the credential identified by
-.Fa mcreds
-(and
-.Fa whichfields )
-from
-.Fa id
-in
-.Fa creds .
-.Fa creds
-should be freed using
-.Fn krb5_free_cred_contents .
-Return 0 or an error code.
-.Pp
-.Fn krb5_cc_start_seq_get
-initiates the
-.Li krb5_cc_cursor
-structure to be used for iteration over the credential cache.
-.Pp
-.Fn krb5_cc_next_cred
-retrieves the next cred pointed to by
-.Fa ( id ,
-.Fa cursor )
-in
-.Fa creds ,
-and advance
-.Fa cursor .
-Return 0 or an error code.
-.Pp
-.Fn krb5_cc_next_cred_match
-is similar to
-.Fn krb5_cc_next_cred
-except that it will only return creds matching 
-.Fa whichfields
-and
-.Fa mcreds
-(as interpreted by 
-.Xr krb5_compare_creds 3 . )
-.Pp
-.Fn krb5_cc_end_seq_get
-Destroys the cursor
-.Fa cursor .
-.Sh EXAMPLE
-This is a minimalistic version of
-.Nm klist .
-.Pp
-.Bd -literal
-#include <krb5.h>
-
-int
-main (int argc, char **argv)
-{
-    krb5_context context;
-    krb5_cc_cursor cursor;
-    krb5_error_code ret;
-    krb5_ccache id;
-    krb5_creds creds;
-
-    if (krb5_init_context (&context) != 0)
-	errx(1, "krb5_context");
-
-    ret = krb5_cc_default (context, &id);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_default");
-
-    ret = krb5_cc_start_seq_get(context, id, &cursor);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_start_seq_get");
-
-    while((ret = krb5_cc_next_cred(context, id, &cursor, &creds)) == 0){
-        char *principal;
-
-	krb5_unparse_name_short(context, creds.server, &principal);
-	printf("principal: %s\\n", principal);
-	free(principal);
-	krb5_free_cred_contents (context, &creds);
-    }
-    ret = krb5_cc_end_seq_get(context, id, &cursor);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_end_seq_get");
-
-    krb5_cc_close(context, id);
-
-    krb5_free_context(context);
-    return 0;
-}
-.Ed
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5.conf 5 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_ccapi.h b/crypto/heimdal/lib/krb5/krb5_ccapi.h
deleted file mode 100644
index 59a38425c252..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_ccapi.h
+++ /dev/null
@@ -1,230 +0,0 @@
-/*
- * Copyright (c) 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: krb5_ccapi.h 22090 2007-12-02 23:23:43Z lha $ */
-
-#ifndef KRB5_CCAPI_H
-#define KRB5_CCAPI_H 1
-
-#include <krb5-types.h>
-
-enum {
-    cc_credentials_v5 = 2
-};
-
-enum {
-    ccapi_version_3 = 3,
-    ccapi_version_4 = 4
-};
-
-enum {
-    ccNoError						= 0,
-    
-    ccIteratorEnd					= 201,
-    ccErrBadParam,
-    ccErrNoMem,
-    ccErrInvalidContext,
-    ccErrInvalidCCache,
-
-    ccErrInvalidString,					/* 206 */
-    ccErrInvalidCredentials,
-    ccErrInvalidCCacheIterator,
-    ccErrInvalidCredentialsIterator,
-    ccErrInvalidLock,
-    
-    ccErrBadName,					/* 211 */
-    ccErrBadCredentialsVersion,
-    ccErrBadAPIVersion,
-    ccErrContextLocked,
-    ccErrContextUnlocked,
-    
-    ccErrCCacheLocked,					/* 216 */
-    ccErrCCacheUnlocked,
-    ccErrBadLockType,
-    ccErrNeverDefault,
-    ccErrCredentialsNotFound,
-    
-    ccErrCCacheNotFound,				/* 221 */
-    ccErrContextNotFound,
-    ccErrServerUnavailable,
-    ccErrServerInsecure,
-    ccErrServerCantBecomeUID,
-    
-    ccErrTimeOffsetNotSet				/* 226 */
-};
-
-typedef int32_t cc_int32;
-typedef uint32_t cc_uint32;
-typedef struct cc_context_t *cc_context_t;
-typedef struct cc_ccache_t *cc_ccache_t;
-typedef struct cc_ccache_iterator_t *cc_ccache_iterator_t;
-typedef struct cc_credentials_v5_t cc_credentials_v5_t;
-typedef struct cc_credentials_t *cc_credentials_t;
-typedef struct cc_credentials_iterator_t *cc_credentials_iterator_t;
-typedef struct cc_string_t *cc_string_t;
-typedef time_t cc_time_t;
-
-typedef struct cc_data {
-    cc_uint32 type;
-    cc_uint32 length;
-    void *data;
-} cc_data;
-
-struct cc_credentials_v5_t {
-    char *client;
-    char *server;
-    cc_data keyblock;
-    cc_time_t authtime;
-    cc_time_t starttime;
-    cc_time_t endtime;
-    cc_time_t renew_till;
-    cc_uint32 is_skey;
-    cc_uint32 ticket_flags;
-#define	KRB5_CCAPI_TKT_FLG_FORWARDABLE			0x40000000
-#define	KRB5_CCAPI_TKT_FLG_FORWARDED			0x20000000
-#define	KRB5_CCAPI_TKT_FLG_PROXIABLE			0x10000000
-#define	KRB5_CCAPI_TKT_FLG_PROXY			0x08000000
-#define	KRB5_CCAPI_TKT_FLG_MAY_POSTDATE			0x04000000
-#define	KRB5_CCAPI_TKT_FLG_POSTDATED			0x02000000
-#define	KRB5_CCAPI_TKT_FLG_INVALID			0x01000000
-#define	KRB5_CCAPI_TKT_FLG_RENEWABLE			0x00800000
-#define	KRB5_CCAPI_TKT_FLG_INITIAL			0x00400000
-#define	KRB5_CCAPI_TKT_FLG_PRE_AUTH			0x00200000
-#define	KRB5_CCAPI_TKT_FLG_HW_AUTH			0x00100000
-#define	KRB5_CCAPI_TKT_FLG_TRANSIT_POLICY_CHECKED	0x00080000
-#define	KRB5_CCAPI_TKT_FLG_OK_AS_DELEGATE		0x00040000
-#define	KRB5_CCAPI_TKT_FLG_ANONYMOUS			0x00020000
-    cc_data **addresses;
-    cc_data ticket;
-    cc_data second_ticket;
-    cc_data **authdata;
-};
-
-
-typedef struct cc_string_functions {
-    cc_int32 (*release)(cc_string_t);
-} cc_string_functions;
-
-struct cc_string_t {
-    const char *data;
-    const cc_string_functions *func;
-};
-
-typedef struct cc_credentials_union {
-    cc_int32 version;
-    union {
-	cc_credentials_v5_t* credentials_v5;
-    } credentials;
-} cc_credentials_union;
-
-struct cc_credentials_functions {
-    cc_int32 (*release)(cc_credentials_t);
-    cc_int32 (*compare)(cc_credentials_t, cc_credentials_t, cc_uint32*);
-};
-
-struct cc_credentials_t {
-    const cc_credentials_union* data;
-    const struct cc_credentials_functions* func;
-};
-
-struct cc_credentials_iterator_functions {
-    cc_int32 (*release)(cc_credentials_iterator_t);
-    cc_int32 (*next)(cc_credentials_iterator_t, cc_credentials_t*);
-};
-
-struct cc_credentials_iterator_t {
-    const struct cc_credentials_iterator_functions *func;
-};
-
-struct cc_ccache_iterator_functions {
-    cc_int32 (*release) (cc_ccache_iterator_t);
-    cc_int32 (*next)(cc_ccache_iterator_t, cc_ccache_t*);
-};
-
-struct cc_ccache_iterator_t {
-    const struct cc_ccache_iterator_functions* func;
-};
-
-typedef struct cc_ccache_functions {
-    cc_int32 (*release)(cc_ccache_t);
-    cc_int32 (*destroy)(cc_ccache_t);
-    cc_int32 (*set_default)(cc_ccache_t);
-    cc_int32 (*get_credentials_version)(cc_ccache_t, cc_uint32*);
-    cc_int32 (*get_name)(cc_ccache_t, cc_string_t*);
-    cc_int32 (*get_principal)(cc_ccache_t, cc_uint32, cc_string_t*);
-    cc_int32 (*set_principal)(cc_ccache_t, cc_uint32, const char*);
-    cc_int32 (*store_credentials)(cc_ccache_t, const cc_credentials_union*);
-    cc_int32 (*remove_credentials)(cc_ccache_t, cc_credentials_t);
-    cc_int32 (*new_credentials_iterator)(cc_ccache_t,
-					 cc_credentials_iterator_t*);
-    cc_int32 (*move)(cc_ccache_t, cc_ccache_t);
-    cc_int32 (*lock)(cc_ccache_t, cc_uint32, cc_uint32);
-    cc_int32 (*unlock)(cc_ccache_t);
-    cc_int32 (*get_last_default_time)(cc_ccache_t, cc_time_t*);
-    cc_int32 (*get_change_time)(cc_ccache_t, cc_time_t*);
-    cc_int32 (*compare)(cc_ccache_t, cc_ccache_t, cc_uint32*);
-    cc_int32 (*get_kdc_time_offset)(cc_ccache_t, cc_int32, cc_time_t *);
-    cc_int32 (*set_kdc_time_offset)(cc_ccache_t, cc_int32, cc_time_t);
-    cc_int32 (*clear_kdc_time_offset)(cc_ccache_t, cc_int32);
-} cc_ccache_functions;
-
-struct cc_ccache_t {
-    const cc_ccache_functions *func;
-};
-
-struct  cc_context_functions {
-    cc_int32 (*release)(cc_context_t);
-    cc_int32 (*get_change_time)(cc_context_t, cc_time_t *);
-    cc_int32 (*get_default_ccache_name)(cc_context_t, cc_string_t*);
-    cc_int32 (*open_ccache)(cc_context_t, const char*, cc_ccache_t *);
-    cc_int32 (*open_default_ccache)(cc_context_t, cc_ccache_t*);
-    cc_int32 (*create_ccache)(cc_context_t,const char*, cc_uint32,
-			      const char*, cc_ccache_t*);
-    cc_int32 (*create_default_ccache)(cc_context_t, cc_uint32,
-				      const char*, cc_ccache_t*);
-    cc_int32 (*create_new_ccache)(cc_context_t, cc_uint32,
-				  const char*, cc_ccache_t*);
-    cc_int32 (*new_ccache_iterator)(cc_context_t, cc_ccache_iterator_t*);
-    cc_int32 (*lock)(cc_context_t, cc_uint32, cc_uint32);
-    cc_int32 (*unlock)(cc_context_t);
-    cc_int32 (*compare)(cc_context_t, cc_context_t, cc_uint32*);
-};
-
-struct cc_context_t {
-    const struct cc_context_functions* func;
-};
-
-typedef cc_int32 
-(*cc_initialize_func)(cc_context_t*, cc_int32, cc_int32 *, char const **);
-
-#endif /* KRB5_CCAPI_H */
diff --git a/crypto/heimdal/lib/krb5/krb5_check_transited.3 b/crypto/heimdal/lib/krb5/krb5_check_transited.3
deleted file mode 100644
index 65ce0774225f..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_check_transited.3
+++ /dev/null
@@ -1,106 +0,0 @@
-.\" Copyright (c) 2004, 2006 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_check_transited.3 17382 2006-05-01 07:09:16Z lha $
-.\"
-.Dd May  1, 2006
-.Dt KRB5_CHECK_TRANSITED 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_check_transited ,
-.Nm krb5_check_transited_realms ,
-.Nm krb5_domain_x500_decode ,
-.Nm krb5_domain_x500_encode
-.Nd realm transit verification and encoding/decoding functions
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fo krb5_check_transited
-.Fa "krb5_context context"
-.Fa "krb5_const_realm client_realm"
-.Fa "krb5_const_realm server_realm"
-.Fa "krb5_realm *realms"
-.Fa "int num_realms"
-.Fa "int *bad_realm"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_check_transited_realms
-.Fa "krb5_context context"
-.Fa "const char *const *realms"
-.Fa "int num_realms"
-.Fa "int *bad_realm"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_domain_x500_decode
-.Fa "krb5_context context"
-.Fa "krb5_data tr"
-.Fa "char ***realms"
-.Fa "int *num_realms"
-.Fa "const char *client_realm"
-.Fa "const char *server_realm"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_domain_x500_encode
-.Fa "char **realms"
-.Fa "int num_realms"
-.Fa "krb5_data *encoding"
-.Fc
-.Sh DESCRIPTION
-.Fn krb5_check_transited
-checks the path from
-.Fa client_realm
-to
-.Fa server_realm
-where
-.Fa realms
-and
-.Fa num_realms
-is the realms between them.
-If the function returns an error value, 
-.Fa bad_realm
-will be set to the realm in the list causing the error.
-.Fn krb5_check_transited
-is used internally by the KDC and libkrb5 and should not be called by
-client applications.
-.Pp
-.Fn krb5_check_transited_realms
-is deprecated.
-.Pp
-.Fn krb5_domain_x500_encode
-and
-.Fn krb5_domain_x500_decode
-encodes and decodes the realm names in the X500 format that Kerberos
-uses to describe the transited realms in krbtgts.
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5.conf 5
diff --git a/crypto/heimdal/lib/krb5/krb5_compare_creds.3 b/crypto/heimdal/lib/krb5/krb5_compare_creds.3
deleted file mode 100644
index 9fd2bbbbb684..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_compare_creds.3
+++ /dev/null
@@ -1,104 +0,0 @@
-.\" Copyright (c) 2004-2005 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_compare_creds.3 15110 2005-05-10 09:21:06Z lha $
-.\"
-.Dd May 10, 2005
-.Dt KRB5_COMPARE_CREDS 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_compare_creds
-.Nd compare Kerberos 5 credentials
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_boolean
-.Fo krb5_compare_creds
-.Fa "krb5_context context"
-.Fa "krb5_flags whichfields"
-.Fa "const krb5_creds *mcreds"
-.Fa "const krb5_creds *creds"
-.Fc
-.Sh DESCRIPTION
-.Fn krb5_compare_creds
-compares
-.Fa mcreds
-(usually filled in by the application)
-to
-.Fa creds
-(most often from a credentials cache)
-and return
-.Dv TRUE
-if they are equal.
-Unless
-.Va mcreds-\*[Gt]server
-is
-.Dv NULL ,
-the service of the credentials are always compared.  If the client
-name in
-.Fa mcreds
-is present, the client names are also compared. This function is
-normally only called indirectly via
-.Xr krb5_cc_retrieve_cred 3 .
-.Pp
-The following flags, set in
-.Fa whichfields ,
-affects the comparison:
-.Bl -tag -width KRB5_TC_MATCH_SRV_NAMEONLY -compact -offset indent
-.It KRB5_TC_MATCH_SRV_NAMEONLY
-Consider all realms equal when comparing the service principal.
-.It KRB5_TC_MATCH_KEYTYPE
-Compare enctypes.
-.It KRB5_TC_MATCH_FLAGS_EXACT
-Make sure that the ticket flags are identical.
-.It KRB5_TC_MATCH_FLAGS
-Make sure that all ticket flags set in
-.Fa mcreds
-are also present  in
-.Fa creds .
-.It KRB5_TC_MATCH_TIMES_EXACT
-Compares the ticket times exactly.
-.It KRB5_TC_MATCH_TIMES
-Compares only the expiration times of the creds.
-.It KRB5_TC_MATCH_AUTHDATA
-Compares the authdata fields.
-.It KRB5_TC_MATCH_2ND_TKT
-Compares the second tickets (used by user-to-user authentication).
-.It KRB5_TC_MATCH_IS_SKEY
-Compares the existance of the second ticket.
-.El
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5_cc_retrieve_cred 3 ,
-.Xr krb5_creds 3 ,
-.Xr krb5_get_init_creds 3 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_config.3 b/crypto/heimdal/lib/krb5/krb5_config.3
deleted file mode 100644
index 9c302ae2f3a3..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_config.3
+++ /dev/null
@@ -1,307 +0,0 @@
-.\" Copyright (c) 2000 - 2007 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\"
-.\" $Id: krb5_config.3 21905 2007-08-10 10:16:45Z lha $
-.\"
-.Dd August 10, 2007
-.Dt KRB5_CONFIG_GET 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_config_file_free ,
-.Nm krb5_config_free_strings ,
-.Nm krb5_config_get ,
-.Nm krb5_config_get_bool ,
-.Nm krb5_config_get_bool_default ,
-.Nm krb5_config_get_int ,
-.Nm krb5_config_get_int_default ,
-.Nm krb5_config_get_list ,
-.Nm krb5_config_get_next ,
-.Nm krb5_config_get_string ,
-.Nm krb5_config_get_string_default ,
-.Nm krb5_config_get_strings ,
-.Nm krb5_config_get_time ,
-.Nm krb5_config_get_time_default ,
-.Nm krb5_config_parse_file ,
-.Nm krb5_config_parse_file_multi ,
-.Nm krb5_config_vget ,
-.Nm krb5_config_vget_bool ,
-.Nm krb5_config_vget_bool_default ,
-.Nm krb5_config_vget_int ,
-.Nm krb5_config_vget_int_default ,
-.Nm krb5_config_vget_list ,
-.Nm krb5_config_vget_next ,
-.Nm krb5_config_vget_string ,
-.Nm krb5_config_vget_string_default ,
-.Nm krb5_config_vget_strings ,
-.Nm krb5_config_vget_time ,
-.Nm krb5_config_vget_time_default
-.Nd get configuration value
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fo krb5_config_file_free
-.Fa "krb5_context context"
-.Fa "krb5_config_section *s"
-.Fc
-.Ft void
-.Fo krb5_config_free_strings
-.Fa "char **strings"
-.Fc
-.Ft "const void *"
-.Fo krb5_config_get
-.Fa "krb5_context context"
-.Fa "const krb5_config_section *c"
-.Fa "int type"
-.Fa "..."
-.Fc
-.Ft krb5_boolean
-.Fo krb5_config_get_bool
-.Fa "krb5_context context"
-.Fa "krb5_config_section *c"
-.Fa "..."
-.Fc
-.Ft krb5_boolean
-.Fo krb5_config_get_bool_default
-.Fa "krb5_context context"
-.Fa "krb5_config_section *c"
-.Fa "krb5_boolean def_value"
-.Fa "..."
-.Fc
-.Ft int
-.Fo krb5_config_get_int
-.Fa "krb5_context context"
-.Fa "krb5_config_section *c"
-.Fa "..."
-.Fc
-.Ft int
-.Fo krb5_config_get_int_default
-.Fa "krb5_context context"
-.Fa "krb5_config_section *c"
-.Fa "int def_value"
-.Fa "..."
-.Fc
-.Ft const char*
-.Fo krb5_config_get_string
-.Fa "krb5_context context"
-.Fa "krb5_config_section *c"
-.Fa "..."
-.Fc
-.Ft const char*
-.Fo krb5_config_get_string_default
-.Fa "krb5_context context"
-.Fa "krb5_config_section *c"
-.Fa "const char *def_value"
-.Fa "..."
-.Fc
-.Ft "char**"
-.Fo krb5_config_get_strings
-.Fa "krb5_context context"
-.Fa "const krb5_config_section *c"
-.Fa "..."
-.Fc
-.Ft int
-.Fo krb5_config_get_time
-.Fa "krb5_context context"
-.Fa "krb5_config_section *c"
-.Fa "..."
-.Fc
-.Ft int
-.Fo krb5_config_get_time_default
-.Fa "krb5_context context"
-.Fa "krb5_config_section *c"
-.Fa "int def_value"
-.Fa "..."
-.Fc
-.Ft krb5_error_code
-.Fo krb5_config_parse_file
-.Fa "krb5_context context"
-.Fa "const char *fname"
-.Fa "krb5_config_section **res"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_config_parse_file_multi
-.Fa "krb5_context context"
-.Fa "const char *fname"
-.Fa "krb5_config_section **res"
-.Fc
-.Ft "const void *"
-.Fo krb5_config_vget
-.Fa "krb5_context context"
-.Fa "const krb5_config_section *c"
-.Fa "int type"
-.Fa "va_list args"
-.Fc
-.Ft krb5_boolean
-.Fo krb5_config_vget_bool
-.Fa "krb5_context context"
-.Fa "const krb5_config_section *c"
-.Fa "va_list args"
-.Fc
-.Ft krb5_boolean
-.Fo krb5_config_vget_bool_default
-.Fa "krb5_context context"
-.Fa "const krb5_config_section *c"
-.Fa "krb5_boolean def_value"
-.Fa "va_list args"
-.Fc
-.Ft int
-.Fo krb5_config_vget_int
-.Fa "krb5_context context"
-.Fa "const krb5_config_section *c"
-.Fa "va_list args"
-.Fc
-.Ft int
-.Fo krb5_config_vget_int_default
-.Fa "krb5_context context"
-.Fa "const krb5_config_section *c"
-.Fa "int def_value"
-.Fa "va_list args"
-.Fc
-.Ft "const krb5_config_binding *"
-.Fo krb5_config_vget_list
-.Fa "krb5_context context"
-.Fa "const krb5_config_section *c"
-.Fa "va_list args"
-.Fc
-.Ft "const void *"
-.Fo krb5_config_vget_next
-.Fa "krb5_context context"
-.Fa "const krb5_config_section *c"
-.Fa "const krb5_config_binding **pointer"
-.Fa "int type"
-.Fa "va_list args"
-.Fc
-.Ft "const char *"
-.Fo krb5_config_vget_string
-.Fa "krb5_context context"
-.Fa "const krb5_config_section *c"
-.Fa "va_list args"
-.Fc
-.Ft "const char *"
-.Fo krb5_config_vget_string_default
-.Fa "krb5_context context"
-.Fa "const krb5_config_section *c"
-.Fa "const char *def_value"
-.Fa "va_list args"
-.Fc
-.Ft char **
-.Fo krb5_config_vget_strings
-.Fa "krb5_context context"
-.Fa "const krb5_config_section *c"
-.Fa "va_list args"
-.Fc
-.Ft int
-.Fo krb5_config_vget_time
-.Fa "krb5_context context"
-.Fa "const krb5_config_section *c"
-.Fa "va_list args"
-.Fc
-.Ft int
-.Fo krb5_config_vget_time_default
-.Fa "krb5_context context"
-.Fa "const krb5_config_section *c"
-.Fa "int def_value"
-.Fa "va_list args"
-.Fc
-.Sh DESCRIPTION
-These functions get values from the
-.Xr krb5.conf 5
-configuration file, or another configuration database specified by the
-.Fa c
-parameter.
-.Pp
-The variable arguments should be a list of strings naming each
-subsection to look for. For example:
-.Bd -literal -offset indent
-krb5_config_get_bool_default(context, NULL, FALSE, 
-     "libdefaults", "log_utc", NULL);
-.Ed
-.Pp
-gets the boolean value for the
-.Dv log_utc
-option, defaulting to
-.Dv FALSE .
-.Pp
-.Fn krb5_config_get_bool_default
-will convert the option value to a boolean value, where
-.Sq yes ,
-.Sq true ,
-and any non-zero number means
-.Dv TRUE ,
-and any other value
-.Dv FALSE .
-.Pp
-.Fn krb5_config_get_int_default
-will convert the value to an integer.
-.Pp
-.Fn krb5_config_get_time_default
-will convert the value to a period of time (not a time stamp) in
-seconds, so the string
-.Sq 2 weeks
-will be converted to
-1209600 (2 * 7 * 24 * 60 * 60).
-.Pp
-.Fn krb5_config_get_string
-returns a
-.Ft "const char *"
-to a string in the configuration database.  The string not be valid
-after reload of the configuration database
-.\" or a call to .Fn krb5_config_set_string ,
-so a caller should make a local copy if its need to keep the database.
-.Pp
-.Fn krb5_config_free_strings
-free
-.Fa strings
-as returned by
-.Fn krb5_config_get_strings
-and
-.Fn krb5_config_vget_strings .
-If the argument
-.Fa strings
-is a 
-.Dv NULL
-pointer, no action occurs.
-.Pp
-.Fn krb5_config_file_free
-free the result of
-.Fn krb5_config_parse_file
-and
-.Fn krb5_config_parse_file_multi .
-.Sh SEE ALSO
-.Xr krb5_appdefault 3 ,
-.Xr krb5_init_context 3 ,
-.Xr krb5.conf 5
-.Sh BUGS
-For the default functions, other than for the string case, there's no
-way to tell whether there was a value specified or not.
diff --git a/crypto/heimdal/lib/krb5/krb5_context.3 b/crypto/heimdal/lib/krb5/krb5_context.3
deleted file mode 100644
index 5bfcc26c7103..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_context.3
+++ /dev/null
@@ -1,56 +0,0 @@
-.\" Copyright (c) 2001 - 2003 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_context.3 12329 2003-05-26 14:09:04Z lha $
-.\"
-.Dd January 21, 2001
-.Dt KRB5_CONTEXT 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_context
-.Nd krb5 state structure
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Sh DESCRIPTION
-The
-.Nm
-structure is designed to hold all per thread state. All global
-variables that are context specific are stored in this structure,
-including default encryption types, credentials-cache (ticket file), and
-default realms.
-.Pp
-The internals of the structure should never be accessed directly,
-functions exist for extracting information.
-.Sh SEE ALSO
-.Xr krb5_init_context 3 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_create_checksum.3 b/crypto/heimdal/lib/krb5/krb5_create_checksum.3
deleted file mode 100644
index 43d5b4e5d32c..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_create_checksum.3
+++ /dev/null
@@ -1,226 +0,0 @@
-.\" Copyright (c) 1999-2005 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_create_checksum.3 15921 2005-08-12 09:01:22Z lha $
-.\"
-.Dd August 12, 2005
-.Dt NAME 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_checksum ,
-.Nm krb5_checksum_disable ,
-.Nm krb5_checksum_is_collision_proof ,
-.Nm krb5_checksum_is_keyed ,
-.Nm krb5_checksumsize ,
-.Nm krb5_cksumtype_valid ,
-.Nm krb5_copy_checksum ,
-.Nm krb5_create_checksum ,
-.Nm krb5_crypto_get_checksum_type
-.Nm krb5_free_checksum ,
-.Nm krb5_free_checksum_contents ,
-.Nm krb5_hmac ,
-.Nm krb5_verify_checksum
-.Nd creates, handles and verifies checksums
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Li "typedef Checksum krb5_checksum;"
-.Ft void
-.Fo krb5_checksum_disable
-.Fa "krb5_context context"
-.Fa "krb5_cksumtype type"
-.Fc
-.Ft krb5_boolean
-.Fo krb5_checksum_is_collision_proof
-.Fa "krb5_context context"
-.Fa "krb5_cksumtype type"
-.Fc
-.Ft krb5_boolean
-.Fo krb5_checksum_is_keyed
-.Fa "krb5_context context"
-.Fa "krb5_cksumtype type"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cksumtype_valid
-.Fa "krb5_context context"
-.Fa "krb5_cksumtype ctype"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_checksumsize
-.Fa "krb5_context context"
-.Fa "krb5_cksumtype type"
-.Fa "size_t *size"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_create_checksum
-.Fa "krb5_context context"
-.Fa "krb5_crypto crypto"
-.Fa "krb5_key_usage usage"
-.Fa "int type"
-.Fa "void *data"
-.Fa "size_t len"
-.Fa "Checksum *result"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_verify_checksum
-.Fa "krb5_context context"
-.Fa "krb5_crypto crypto"
-.Fa "krb5_key_usage usage"
-.Fa "void *data"
-.Fa "size_t len"
-.Fa "Checksum *cksum"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_crypto_get_checksum_type
-.Fa "krb5_context context"
-.Fa "krb5_crypto crypto"
-.Fa "krb5_cksumtype *type"
-.Fc
-.Ft void
-.Fo krb5_free_checksum
-.Fa "krb5_context context"
-.Fa "krb5_checksum *cksum"
-.Fc
-.Ft void
-.Fo krb5_free_checksum_contents
-.Fa "krb5_context context"
-.Fa "krb5_checksum *cksum"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_hmac
-.Fa "krb5_context context"
-.Fa "krb5_cksumtype cktype"
-.Fa "const void *data"
-.Fa "size_t len"
-.Fa "unsigned usage"
-.Fa "krb5_keyblock *key"
-.Fa "Checksum *result"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_copy_checksum
-.Fa "krb5_context context"
-.Fa "const krb5_checksum *old"
-.Fa "krb5_checksum **new"
-.Fc
-.Sh DESCRIPTION
-The
-.Li krb5_checksum
-structure holds a Kerberos checksum.
-There is no component inside
-.Li krb5_checksum
-that is directly referable.
-.Pp
-The functions are used to create and verify checksums.
-.Fn krb5_create_checksum
-creates a checksum of the specified data, and puts it in
-.Fa result .
-If
-.Fa crypto
-is
-.Dv NULL ,
-.Fa usage_or_type
-specifies the checksum type to use; it must not be keyed. Otherwise
-.Fa crypto
-is an encryption context created by
-.Fn krb5_crypto_init ,
-and
-.Fa usage_or_type
-specifies a key-usage.
-.Pp
-.Fn krb5_verify_checksum
-verifies the
-.Fa checksum
-against the provided data.
-.Pp
-.Fn krb5_checksum_is_collision_proof
-returns true is the specified checksum is collision proof (that it's
-very unlikely that two strings has the same hash value, and that it's
-hard to find two strings that has the same hash). Examples of
-collision proof checksums are MD5, and SHA1, while CRC32 is not.
-.Pp
-.Fn krb5_checksum_is_keyed
-returns true if the specified checksum type is keyed (that the hash
-value is a function of both the data, and a separate key). Examples of
-keyed hash algorithms are HMAC-SHA1-DES3, and RSA-MD5-DES. The
-.Dq plain
-hash functions MD5, and SHA1 are not keyed.
-.Pp
-.Fn krb5_crypto_get_checksum_type
-returns the checksum type that will be used when creating a checksum for the given
-.Fa crypto
-context.
-This function is useful in combination with
-.Fn krb5_checksumsize
-when you want to know the size a checksum will
-use when you create it.
-.Pp
-.Fn krb5_cksumtype_valid
-returns 0 or an error if the checksumtype is implemented and not
-currently disabled in this kerberos library.
-.Pp
-.Fn krb5_checksumsize
-returns the size of the outdata of checksum function.
-.Pp
-.Fn krb5_copy_checksum
-returns a copy of the checksum
-.Fn krb5_free_checksum
-should use used to free the
-.Fa new
-checksum.
-.Pp
-.Fn krb5_free_checksum
-free the checksum and the content of the checksum.
-.Pp
-.Fn krb5_free_checksum_contents
-frees the content of checksum in
-.Fa cksum .
-.Pp
-.Fn krb5_hmac
-calculates the HMAC over
-.Fa data
-(with length
-.Fa len )
-using the keyusage
-.Fa usage
-and keyblock
-.Fa key .
-Note that keyusage is not always used in checksums.
-.Pp
-.Nm krb5_checksum_disable
-globally disables the checksum type. 
-.\" .Sh EXAMPLE
-.\" .Sh BUGS
-.Sh SEE ALSO
-.Xr krb5_crypto_init 3 ,
-.Xr krb5_c_encrypt 3 ,
-.Xr krb5_encrypt 3
diff --git a/crypto/heimdal/lib/krb5/krb5_creds.3 b/crypto/heimdal/lib/krb5/krb5_creds.3
deleted file mode 100644
index 9eb9a2be9492..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_creds.3
+++ /dev/null
@@ -1,119 +0,0 @@
-.\" Copyright (c) 2004, 2006 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_creds.3 17383 2006-05-01 07:13:03Z lha $
-.\"
-.Dd May  1, 2006
-.Dt KRB5_CREDS 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_creds ,
-.Nm krb5_copy_creds ,
-.Nm krb5_copy_creds_contents ,
-.Nm krb5_free_creds ,
-.Nm krb5_free_cred_contents
-.Nd Kerberos 5 credential handling functions
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fo krb5_copy_creds
-.Fa "krb5_context context"
-.Fa "const krb5_creds *incred"
-.Fa "krb5_creds **outcred"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_copy_creds_contents
-.Fa "krb5_context context"
-.Fa "const krb5_creds *incred"
-.Fa "krb5_creds *outcred"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_free_creds
-.Fa "krb5_context context"
-.Fa "krb5_creds *outcred"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_free_cred_contents
-.Fa "krb5_context context"
-.Fa "krb5_creds *cred"
-.Fc
-.Sh DESCRIPTION
-.Vt krb5_creds
-holds Kerberos credentials:
-.Bd -literal -offset
-typedef struct krb5_creds {
-    krb5_principal	client;
-    krb5_principal	server;
-    krb5_keyblock	session;
-    krb5_times		times;
-    krb5_data		ticket;
-    krb5_data		second_ticket;
-    krb5_authdata	authdata;
-    krb5_addresses	addresses;
-    krb5_ticket_flags	flags;
-} krb5_creds;
-.Ed
-.Pp
-.Fn krb5_copy_creds
-makes a copy of
-.Fa incred
-to
-.Fa outcred .
-.Fa outcred
-should be freed with
-.Fn krb5_free_creds
-by the caller.
-.Pp
-.Fn krb5_copy_creds_contents
-makes a copy of the content of
-.Fa incred
-to
-.Fa outcreds .
-.Fa outcreds
-should be freed by the called with
-.Fn krb5_free_creds_contents .
-.Pp
-.Fn krb5_free_creds
-frees the content of the 
-.Fa cred
-structure and the structure itself.
-.Pp
-.Fn krb5_free_cred_contents
-frees the content of the
-.Fa cred
-structure.
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5_compare_creds 3 ,
-.Xr krb5_get_init_creds 3 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_crypto_init.3 b/crypto/heimdal/lib/krb5/krb5_crypto_init.3
deleted file mode 100644
index 822006e08f4c..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_crypto_init.3
+++ /dev/null
@@ -1,67 +0,0 @@
-.\" Copyright (c) 1999 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_crypto_init.3 13563 2004-03-20 12:00:01Z lha $
-.\"
-.Dd April  7, 1999
-.Dt NAME 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_crypto_destroy ,
-.Nm krb5_crypto_init
-.Nd encryption support in krb5
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fn krb5_crypto_init "krb5_context context" "krb5_keyblock *key" "krb5_enctype enctype" "krb5_crypto *crypto"
-.Ft krb5_error_code
-.Fn krb5_crypto_destroy "krb5_context context" "krb5_crypto crypto"
-.Sh DESCRIPTION
-Heimdal exports parts of the Kerberos crypto interface for applications.
-.Pp
-Each kerberos encrytion/checksum function takes a crypto context.
-.Pp
-To setup and destroy crypto contextes there are two functions
-.Fn krb5_crypto_init
-and
-.Fn krb5_crypto_destroy .
-The encryption type to use is taken from the key, but can be overridden
-with the
-.Fa enctype parameter .
-This can be useful for encryptions types which is compatiable (DES for
-example).
-.\" .Sh EXAMPLE
-.\" .Sh BUGS
-.Sh SEE ALSO
-.Xr krb5_create_checksum 3 ,
-.Xr krb5_encrypt 3
diff --git a/crypto/heimdal/lib/krb5/krb5_data.3 b/crypto/heimdal/lib/krb5/krb5_data.3
deleted file mode 100644
index 2ccff19251da..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_data.3
+++ /dev/null
@@ -1,159 +0,0 @@
-.\" Copyright (c) 2003 - 2005, 2007 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_data.3 20040 2007-01-23 20:35:12Z lha $
-.\"
-.Dd Jan 23, 2007
-.Dt KRB5_DATA 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_data ,
-.Nm krb5_data_zero ,
-.Nm krb5_data_free ,
-.Nm krb5_free_data_contents ,
-.Nm krb5_free_data ,
-.Nm krb5_data_alloc ,
-.Nm krb5_data_realloc ,
-.Nm krb5_data_copy ,
-.Nm krb5_copy_data ,
-.Nm krb5_data_cmp
-.Nd operates on the Kerberos datatype krb5_data
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Li "struct krb5_data;"
-.Ft void
-.Fn krb5_data_zero "krb5_data *p"
-.Ft void
-.Fn krb5_data_free "krb5_data *p"
-.Ft void
-.Fn krb5_free_data_contents "krb5_context context" "krb5_data *p"
-.Ft void
-.Fn krb5_free_data "krb5_context context" "krb5_data *p"
-.Ft krb5_error_code
-.Fn krb5_data_alloc "krb5_data *p" "int len"
-.Ft krb5_error_code
-.Fn krb5_data_realloc "krb5_data *p" "int len"
-.Ft krb5_error_code
-.Fn krb5_data_copy "krb5_data *p" "const void *data" "size_t len"
-.Ft krb5_error_code
-.Fn krb5_copy_data "krb5_context context" "const krb5_data *indata" "krb5_data **outdata"
-.Ft krb5_error_code
-.Fn krb5_data_cmp "const krb5_data *data1" "const krb5_data *data2"
-.Sh DESCRIPTION
-The
-.Li krb5_data
-structure holds a data element.
-The structure contains two public accessible elements
-.Fa length
-(the length of data)
-and
-.Fa data
-(the data itself).
-The structure must always be initiated and freed by the functions
-documented in this manual.
-.Pp
-.Fn krb5_data_zero
-resets the content of
-.Fa p .
-.Pp
-.Fn krb5_data_free
-free the data in
-.Fa p
-and reset the content of the structure with
-.Fn krb5_data_zero .
-.Pp
-.Fn krb5_free_data_contents
-works the same way as
-.Fa krb5_data_free .
-The diffrence is that krb5_free_data_contents is more portable (exists
-in MIT api).
-.Pp
-.Fn krb5_free_data
-frees the data in
-.Fa p
-and
-.Fa p
-itself.
-.Pp
-.Fn krb5_data_alloc
-allocates
-.Fa len
-bytes in
-.Fa p .
-Returns 0 or an error.
-.Pp
-.Fn  krb5_data_realloc
-reallocates the length of
-.Fa p
-to the length in
-.Fa len .
-Returns 0 or an error.
-.Pp
-.Fn krb5_data_copy
-copies the
-.Fa data
-that have the length
-.Fa len
-into
-.Fa p .
-.Fa p
-is not freed so the calling function should make sure the
-.Fa p
-doesn't contain anything needs to be freed.
-Returns 0 or an error.
-.Pp
-.Fn krb5_copy_data
-copies the
-.Li krb5_data
-in
-.Fa indata
-to
-.Fa outdata .
-.Fa outdata
-is not freed so the calling function should make sure the
-.Fa outdata
-doesn't contain anything needs to be freed.
-.Fa outdata
-should be freed using
-.Fn krb5_free_data .
-Returns 0 or an error.
-.Pp
-.Fn krb5_data_cmp
-will compare two data object and check if they are the same in a
-simular way as memcmp does it.  The return value can be used for
-sorting.
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5_storage 3 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_digest.3 b/crypto/heimdal/lib/krb5/krb5_digest.3
deleted file mode 100644
index f9d7571b072d..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_digest.3
+++ /dev/null
@@ -1,260 +0,0 @@
-.\" Copyright (c) 2006 - 2007 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_digest.3 20259 2007-02-17 23:49:54Z lha $
-.\"
-.Dd February  18, 2007
-.Dt KRB5_DIGEST 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_digest ,
-.Nm krb5_digest_alloc ,
-.Nm krb5_digest_free ,
-.Nm krb5_digest_set_server_cb ,
-.Nm krb5_digest_set_type ,
-.Nm krb5_digest_set_hostname ,
-.Nm krb5_digest_get_server_nonce ,
-.Nm krb5_digest_set_server_nonce ,
-.Nm krb5_digest_get_opaque ,
-.Nm krb5_digest_set_opaque ,
-.Nm krb5_digest_get_identifier ,
-.Nm krb5_digest_set_identifier ,
-.Nm krb5_digest_init_request ,
-.Nm krb5_digest_set_client_nonce ,
-.Nm krb5_digest_set_digest ,
-.Nm krb5_digest_set_username ,
-.Nm krb5_digest_set_authid ,
-.Nm krb5_digest_set_authentication_user ,
-.Nm krb5_digest_set_realm ,
-.Nm krb5_digest_set_method ,
-.Nm krb5_digest_set_uri ,
-.Nm krb5_digest_set_nonceCount ,
-.Nm krb5_digest_set_qop ,
-.Nm krb5_digest_request ,
-.Nm krb5_digest_get_responseData ,
-.Nm krb5_digest_get_rsp ,
-.Nm krb5_digest_get_tickets ,
-.Nm krb5_digest_get_client_binding ,
-.Nm krb5_digest_get_a1_hash
-.Nd remote digest (HTTP-DIGEST, SASL, CHAP) suppport
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Li "typedef struct krb5_digest *krb5_digest;"
-.Pp
-.Ft krb5_error_code
-.Fo krb5_digest_alloc
-.Fa "krb5_context context"
-.Fa "krb5_digest *digest"
-.Fc
-.Ft void
-.Fo krb5_digest_free
-.Fa "krb5_digest digest"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_digest_set_type
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fa "const char *type"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_digest_set_server_cb
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fa "const char *type"
-.Fa "const char *binding"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_digest_set_hostname
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fa "const char *hostname"
-.Fc
-.Ft "const char *"
-.Fo krb5_digest_get_server_nonce
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_digest_set_server_nonce
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fa "const char *nonce"
-.Fc
-.Ft "const char *"
-.Fo krb5_digest_get_opaque
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_digest_set_opaque
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fa "const char *opaque"
-.Fc
-.Ft "const char *"
-.Fo krb5_digest_get_identifier
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_digest_set_identifier
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fa "const char *id"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_digest_init_request
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fa "krb5_realm realm"
-.Fa "krb5_ccache ccache"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_digest_set_client_nonce
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fa "const char *nonce"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_digest_set_digest
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fa "const char *dgst"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_digest_set_username
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fa "const char *username"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_digest_set_authid
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fa "const char *authid"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_digest_set_authentication_user
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fa "krb5_principal authentication_user"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_digest_set_realm
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fa "const char *realm"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_digest_set_method
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fa "const char *method"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_digest_set_uri
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fa "const char *uri"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_digest_set_nonceCount
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fa "const char *nonce_count"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_digest_set_qop
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fa "const char *qop"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_digest_request
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fa "krb5_realm realm"
-.Fa "krb5_ccache ccache"
-.Fc
-.Ft "const char *"
-.Fo krb5_digest_get_responseData
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fc
-.Ft "const char *"
-.Fo krb5_digest_get_rsp
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_digest_get_tickets
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fa "Ticket **tickets"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_digest_get_client_binding
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fa "char **type"
-.Fa "char **binding"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_digest_get_a1_hash
-.Fa "krb5_context context"
-.Fa "krb5_digest digest"
-.Fa "krb5_data *data"
-.Fc
-.Sh DESCRIPTION
-The
-.Fn krb5_digest_alloc
-function allocatates the
-.Fa digest
-structure.  The structure should be freed with
-.Fn krb5_digest_free
-when it is no longer being used.
-.Pp
-.Fn krb5_digest_alloc
-returns 0 to indicate success.
-Otherwise an kerberos code is returned and the pointer that
-.Fa digest
-points to is set to
-.Dv NULL .
-.Pp
-.Fn krb5_digest_free
-free the structure
-.Fa digest .
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_eai_to_heim_errno.3 b/crypto/heimdal/lib/krb5/krb5_eai_to_heim_errno.3
deleted file mode 100644
index fcada92bc94b..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_eai_to_heim_errno.3
+++ /dev/null
@@ -1,68 +0,0 @@
-.\" Copyright (c) 2004 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_eai_to_heim_errno.3 14086 2004-08-03 11:13:46Z lha $
-.\"
-.Dd April 13, 2004
-.Dt KRB5_EAI_TO_HEIM_ERRNO 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_eai_to_heim_errno ,
-.Nm krb5_h_errno_to_heim_errno
-.Nd convert resolver error code to com_err error codes
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fo krb5_eai_to_heim_errno
-.Fa "int eai_errno"
-.Fa "int system_error"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_h_errno_to_heim_errno
-.Fa "int eai_errno"
-.Fc
-.Sh DESCRIPTION
-.Fn krb5_eai_to_heim_errno
-and
-.Fn krb5_h_errno_to_heim_errno
-convert
-.Xr getaddrinfo 3 ,
-.Xr getnameinfo 3 ,
-and
-.Xr h_errno 3
-to com_err error code that are used by Heimdal, this is useful for for
-function returning kerberos errors and needs to communicate failures
-from resolver function.
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_encrypt.3 b/crypto/heimdal/lib/krb5/krb5_encrypt.3
deleted file mode 100644
index 76cb4c700c1c..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_encrypt.3
+++ /dev/null
@@ -1,278 +0,0 @@
-.\" Copyright (c) 1999 - 2004 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_encrypt.3 22071 2007-11-14 20:04:50Z lha $
-.\"
-.Dd March 20, 2004
-.Dt KRB5_ENCRYPT 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_crypto_getblocksize ,
-.Nm krb5_crypto_getconfoundersize
-.Nm krb5_crypto_getenctype ,
-.Nm krb5_crypto_getpadsize ,
-.Nm krb5_crypto_overhead ,
-.Nm krb5_decrypt ,
-.Nm krb5_decrypt_EncryptedData ,
-.Nm krb5_decrypt_ivec ,
-.Nm krb5_decrypt_ticket ,
-.Nm krb5_encrypt ,
-.Nm krb5_encrypt_EncryptedData ,
-.Nm krb5_encrypt_ivec ,
-.Nm krb5_enctype_disable ,
-.Nm krb5_enctype_keysize ,
-.Nm krb5_enctype_to_string ,
-.Nm krb5_enctype_valid ,
-.Nm krb5_get_wrapped_length ,
-.Nm krb5_string_to_enctype
-.Nd "encrypt and decrypt data, set and get encryption type parameters"
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fo krb5_encrypt
-.Fa "krb5_context context"
-.Fa "krb5_crypto crypto"
-.Fa "unsigned usage"
-.Fa "void *data"
-.Fa "size_t len"
-.Fa "krb5_data *result"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_encrypt_EncryptedData
-.Fa "krb5_context context"
-.Fa "krb5_crypto crypto"
-.Fa "unsigned usage"
-.Fa "void *data"
-.Fa "size_t len"
-.Fa "int kvno"
-.Fa "EncryptedData *result"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_encrypt_ivec
-.Fa "krb5_context context"
-.Fa "krb5_crypto crypto"
-.Fa "unsigned usage"
-.Fa "void *data"
-.Fa "size_t len"
-.Fa "krb5_data *result"
-.Fa "void *ivec"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_decrypt
-.Fa "krb5_context context"
-.Fa "krb5_crypto crypto"
-.Fa "unsigned usage"
-.Fa "void *data"
-.Fa "size_t len"
-.Fa "krb5_data *result"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_decrypt_EncryptedData
-.Fa "krb5_context context"
-.Fa "krb5_crypto crypto"
-.Fa "unsigned usage"
-.Fa "EncryptedData *e"
-.Fa "krb5_data *result"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_decrypt_ivec
-.Fa "krb5_context context"
-.Fa "krb5_crypto crypto"
-.Fa "unsigned usage"
-.Fa "void *data"
-.Fa "size_t len"
-.Fa "krb5_data *result"
-.Fa "void *ivec"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_decrypt_ticket
-.Fa "krb5_context context"
-.Fa "Ticket *ticket"
-.Fa "krb5_keyblock *key"
-.Fa "EncTicketPart *out"
-.Fa "krb5_flags flags"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_crypto_getblocksize
-.Fa "krb5_context context"
-.Fa "size_t *blocksize"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_crypto_getenctype
-.Fa "krb5_context context"
-.Fa "krb5_crypto crypto"
-.Fa "krb5_enctype *enctype"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_crypto_getpadsize
-.Fa "krb5_context context"
-.Fa size_t *padsize"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_crypto_getconfoundersize
-.Fa "krb5_context context"
-.Fa "krb5_crypto crypto
-.Fa size_t *confoundersize"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_enctype_keysize
-.Fa "krb5_context context"
-.Fa "krb5_enctype type"
-.Fa "size_t *keysize"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_crypto_overhead
-.Fa "krb5_context context"
-.Fa size_t *padsize"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_string_to_enctype
-.Fa "krb5_context context"
-.Fa "const char *string"
-.Fa "krb5_enctype *etype"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_enctype_to_string
-.Fa "krb5_context context"
-.Fa "krb5_enctype etype"
-.Fa "char **string"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_enctype_valid
-.Fa "krb5_context context"
-.Fa "krb5_enctype etype"
-.Fc
-.Ft void
-.Fo krb5_enctype_disable
-.Fa "krb5_context context"
-.Fa "krb5_enctype etype"
-.Fc
-.Ft size_t
-.Fo krb5_get_wrapped_length
-.Fa "krb5_context context"
-.Fa "krb5_crypto crypto"
-.Fa "size_t data_len"
-.Fc
-.Sh DESCRIPTION
-These functions are used to encrypt and decrypt data.
-.Pp
-.Fn krb5_encrypt_ivec
-puts the encrypted version of
-.Fa data
-(of size
-.Fa len )
-in
-.Fa result .
-If the encryption type supports using derived keys,
-.Fa usage
-should be the appropriate key-usage.
-.Fa ivec
-is a pointer to a initial IV, it is modified to the end IV at the end of
-the round.
-Ivec should be the size of 
-If
-.Dv NULL
-is passed in, the default IV is used.
-.Fn krb5_encrypt
-does the same as
-.Fn krb5_encrypt_ivec
-but with
-.Fa ivec
-being
-.Dv NULL .
-.Fn krb5_encrypt_EncryptedData
-does the same as
-.Fn krb5_encrypt ,
-but it puts the encrypted data in a
-.Fa EncryptedData
-structure instead. If
-.Fa kvno
-is not zero, it will be put in the (optional)
-.Fa kvno
-field in the
-.Fa EncryptedData .
-.Pp
-.Fn krb5_decrypt_ivec ,
-.Fn krb5_decrypt ,
-and
-.Fn krb5_decrypt_EncryptedData
-works similarly.
-.Pp
-.Fn krb5_decrypt_ticket
-decrypts the encrypted part of 
-.Fa ticket
-with
-.Fa key .
-.Fn krb5_decrypt_ticket
-also verifies the timestamp in the ticket, invalid flag and if the KDC
-haven't verified the transited path, the transit path.
-.Pp
-.Fn krb5_enctype_keysize ,
-.Fn krb5_crypto_getconfoundersize ,
-.Fn krb5_crypto_getblocksize ,
-.Fn krb5_crypto_getenctype ,
-.Fn krb5_crypto_getpadsize ,
-.Fn krb5_crypto_overhead
-all returns various (sometimes) useful information from a crypto context.
-.Fn krb5_crypto_overhead
-is the combination of krb5_crypto_getconfoundersize,
-krb5_crypto_getblocksize and krb5_crypto_getpadsize and return the
-maximum overhead size.
-.Pp
-.Fn krb5_enctype_to_string
-converts a encryption type number to a string that can be printable
-and stored. The strings returned should be freed with
-.Xr free 3 .
-.Pp
-.Fn krb5_string_to_enctype
-converts a encryption type strings to a encryption type number that
-can use used for other Kerberos crypto functions.
-.Pp
-.Fn krb5_enctype_valid
-returns 0 if the encrypt is supported and not disabled, otherwise and
-error code is returned.
-.Pp
-.Fn krb5_enctype_disable
-(globally, for all contextes) disables the
-.Fa enctype .
-.Pp
-.Fn krb5_get_wrapped_length
-returns the size of an encrypted packet by
-.Fa crypto
-of length
-.Fa data_len .
-.\" .Sh EXAMPLE
-.\" .Sh BUGS
-.Sh SEE ALSO
-.Xr krb5_create_checksum 3 ,
-.Xr krb5_crypto_init 3
diff --git a/crypto/heimdal/lib/krb5/krb5_err.et b/crypto/heimdal/lib/krb5/krb5_err.et
deleted file mode 100644
index 6714401e4503..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_err.et
+++ /dev/null
@@ -1,266 +0,0 @@
-#
-# Error messages for the krb5 library
-#
-# This might look like a com_err file, but is not
-#
-id "$Id: krb5_err.et 21050 2007-06-12 02:00:40Z lha $"
-
-error_table krb5
-
-prefix KRB5KDC_ERR
-error_code NONE,		"No error"
-error_code NAME_EXP,		"Client's entry in database has expired"
-error_code SERVICE_EXP,		"Server's entry in database has expired"
-error_code BAD_PVNO,		"Requested protocol version not supported"
-error_code C_OLD_MAST_KVNO,	"Client's key is encrypted in an old master key"
-error_code S_OLD_MAST_KVNO,	"Server's key is encrypted in an old master key"
-error_code C_PRINCIPAL_UNKNOWN,	"Client not found in Kerberos database"
-error_code S_PRINCIPAL_UNKNOWN,	"Server not found in Kerberos database"
-error_code PRINCIPAL_NOT_UNIQUE,"Principal has multiple entries in Kerberos database"
-error_code NULL_KEY,		"Client or server has a null key"
-error_code CANNOT_POSTDATE,	"Ticket is ineligible for postdating"
-error_code NEVER_VALID,		"Requested effective lifetime is negative or too short"
-error_code POLICY,		"KDC policy rejects request"
-error_code BADOPTION,		"KDC can't fulfill requested option"
-error_code ETYPE_NOSUPP,	"KDC has no support for encryption type"
-error_code SUMTYPE_NOSUPP,	"KDC has no support for checksum type"
-error_code PADATA_TYPE_NOSUPP,	"KDC has no support for padata type"
-error_code TRTYPE_NOSUPP,	"KDC has no support for transited type"
-error_code CLIENT_REVOKED,	"Clients credentials have been revoked"
-error_code SERVICE_REVOKED,	"Credentials for server have been revoked"
-error_code TGT_REVOKED,		"TGT has been revoked"
-error_code CLIENT_NOTYET,	"Client not yet valid - try again later"
-error_code SERVICE_NOTYET,	"Server not yet valid - try again later"
-error_code KEY_EXPIRED,		"Password has expired"
-error_code PREAUTH_FAILED,	"Preauthentication failed"
-error_code PREAUTH_REQUIRED,	"Additional pre-authentication required"
-error_code SERVER_NOMATCH,	"Requested server and ticket don't match"
-error_code KDC_ERR_MUST_USE_USER2USER, "Server principal valid for user2user only"
-error_code PATH_NOT_ACCEPTED,   "KDC Policy rejects transited path"
-error_code SVC_UNAVAILABLE, 	"A service is not available"
-
-index 31
-prefix KRB5KRB_AP
-error_code ERR_BAD_INTEGRITY,	"Decrypt integrity check failed"
-error_code ERR_TKT_EXPIRED,	"Ticket expired"
-error_code ERR_TKT_NYV,		"Ticket not yet valid"
-error_code ERR_REPEAT,		"Request is a replay"
-error_code ERR_NOT_US,		"The ticket isn't for us"
-error_code ERR_BADMATCH,	"Ticket/authenticator don't match"
-error_code ERR_SKEW,		"Clock skew too great"
-error_code ERR_BADADDR,		"Incorrect net address"
-error_code ERR_BADVERSION,	"Protocol version mismatch"
-error_code ERR_MSG_TYPE,	"Invalid message type"
-error_code ERR_MODIFIED,	"Message stream modified"
-error_code ERR_BADORDER,	"Message out of order"
-error_code ERR_ILL_CR_TKT,	"Invalid cross-realm ticket"
-error_code ERR_BADKEYVER,	"Key version is not available"
-error_code ERR_NOKEY,		"Service key not available"
-error_code ERR_MUT_FAIL,	"Mutual authentication failed"
-error_code ERR_BADDIRECTION,	"Incorrect message direction"
-error_code ERR_METHOD,		"Alternative authentication method required"
-error_code ERR_BADSEQ,		"Incorrect sequence number in message"
-error_code ERR_INAPP_CKSUM,	"Inappropriate type of checksum in message"
-error_code PATH_NOT_ACCEPTED,	"Policy rejects transited path"
-
-prefix KRB5KRB_ERR
-error_code RESPONSE_TOO_BIG,	"Response too big for UDP, retry with TCP"
-# 53-59 are reserved
-index 60
-error_code GENERIC,		"Generic error (see e-text)"
-error_code FIELD_TOOLONG,	"Field is too long for this implementation"
-
-# pkinit
-index 62
-prefix KRB5_KDC_ERR
-error_code CLIENT_NOT_TRUSTED,	"Client not trusted"
-error_code KDC_NOT_TRUSTED,	"KDC not trusted"
-error_code INVALID_SIG,		"Invalid signature"
-error_code DH_KEY_PARAMETERS_NOT_ACCEPTED, "DH parameters not accepted"
-
-index 68
-prefix KRB5_KDC_ERR
-error_code WRONG_REALM,		"Wrong realm"
-
-index 69
-prefix KRB5_AP_ERR
-error_code USER_TO_USER_REQUIRED, "User to user required"
-
-index 70
-prefix KRB5_KDC_ERR
-error_code CANT_VERIFY_CERTIFICATE, "Cannot verify certificate"
-error_code INVALID_CERTIFICATE, "Certificate invalid"
-error_code REVOKED_CERTIFICATE, "Certificate revoked"
-error_code REVOCATION_STATUS_UNKNOWN, "Revocation status unknown"
-error_code REVOCATION_STATUS_UNAVAILABLE, "Revocation status unavaible"
-error_code CLIENT_NAME_MISMATCH, "Client name mismatch in certificate"
-error_code INCONSISTENT_KEY_PURPOSE, "Inconsistent key purpose"
-error_code DIGEST_IN_CERT_NOT_ACCEPTED, "Digest in certificate not accepted"
-error_code PA_CHECKSUM_MUST_BE_INCLUDED, "paChecksum must be included"
-error_code DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED, "Digest in signedData not accepted"
-error_code PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED, "Public key encryption not supported"
-
-## these are never used
-#index 80
-#prefix KRB5_IAKERB
-#error_code ERR_KDC_NOT_FOUND,	"IAKERB proxy could not find a KDC"
-#error_code ERR_KDC_NO_RESPONSE,	"IAKERB proxy never reeived a response from a KDC"
-
-# 82-127 are reserved
-
-index 128
-prefix
-error_code KRB5_ERR_RCSID,	"$Id: krb5_err.et 21050 2007-06-12 02:00:40Z lha $"
-
-error_code KRB5_LIBOS_BADLOCKFLAG,	"Invalid flag for file lock mode"
-error_code KRB5_LIBOS_CANTREADPWD,	"Cannot read password"
-error_code KRB5_LIBOS_BADPWDMATCH,	"Password mismatch"
-error_code KRB5_LIBOS_PWDINTR,		"Password read interrupted"
-
-error_code KRB5_PARSE_ILLCHAR,		"Invalid character in component name"
-error_code KRB5_PARSE_MALFORMED,	"Malformed representation of principal"
-
-error_code KRB5_CONFIG_CANTOPEN,	"Can't open/find configuration file"
-error_code KRB5_CONFIG_BADFORMAT,	"Improper format of configuration file"
-error_code KRB5_CONFIG_NOTENUFSPACE,	"Insufficient space to return complete information"
-
-error_code KRB5_BADMSGTYPE,		"Invalid message type specified for encoding"
-
-error_code KRB5_CC_BADNAME,		"Credential cache name malformed"
-error_code KRB5_CC_UNKNOWN_TYPE,	"Unknown credential cache type" 
-error_code KRB5_CC_NOTFOUND,		"Matching credential not found"
-error_code KRB5_CC_END,			"End of credential cache reached"
-
-error_code KRB5_NO_TKT_SUPPLIED,	"Request did not supply a ticket"
-
-error_code KRB5KRB_AP_WRONG_PRINC,		"Wrong principal in request"
-error_code KRB5KRB_AP_ERR_TKT_INVALID,	"Ticket has invalid flag set"
-
-error_code KRB5_PRINC_NOMATCH,		"Requested principal and ticket don't match"
-error_code KRB5_KDCREP_MODIFIED,	"KDC reply did not match expectations"
-error_code KRB5_KDCREP_SKEW,		"Clock skew too great in KDC reply"
-error_code KRB5_IN_TKT_REALM_MISMATCH,	"Client/server realm mismatch in initial ticket request"
-
-error_code KRB5_PROG_ETYPE_NOSUPP,	"Program lacks support for encryption type"
-error_code KRB5_PROG_KEYTYPE_NOSUPP,	"Program lacks support for key type"
-error_code KRB5_WRONG_ETYPE,		"Requested encryption type not used in message"
-error_code KRB5_PROG_SUMTYPE_NOSUPP,	"Program lacks support for checksum type"
-
-error_code KRB5_REALM_UNKNOWN,		"Cannot find KDC for requested realm"
-error_code KRB5_SERVICE_UNKNOWN,	"Kerberos service unknown"
-error_code KRB5_KDC_UNREACH,		"Cannot contact any KDC for requested realm"
-error_code KRB5_NO_LOCALNAME,		"No local name found for principal name"
-
-error_code KRB5_MUTUAL_FAILED,		"Mutual authentication failed"
-
-# some of these should be combined/supplanted by system codes
-
-error_code KRB5_RC_TYPE_EXISTS,		"Replay cache type is already registered"
-error_code KRB5_RC_MALLOC,		"No more memory to allocate (in replay cache code)"
-error_code KRB5_RC_TYPE_NOTFOUND,	"Replay cache type is unknown"
-error_code KRB5_RC_UNKNOWN,		"Generic unknown RC error"
-error_code KRB5_RC_REPLAY,		"Message is a replay"
-error_code KRB5_RC_IO,			"Replay I/O operation failed XXX"
-error_code KRB5_RC_NOIO,		"Replay cache type does not support non-volatile storage"
-error_code KRB5_RC_PARSE,		"Replay cache name parse/format error"
-
-error_code KRB5_RC_IO_EOF,		"End-of-file on replay cache I/O"
-error_code KRB5_RC_IO_MALLOC,		"No more memory to allocate (in replay cache I/O code)"
-error_code KRB5_RC_IO_PERM,		"Permission denied in replay cache code"
-error_code KRB5_RC_IO_IO,		"I/O error in replay cache i/o code"
-error_code KRB5_RC_IO_UNKNOWN,		"Generic unknown RC/IO error"
-error_code KRB5_RC_IO_SPACE,		"Insufficient system space to store replay information"
-
-error_code KRB5_TRANS_CANTOPEN,		"Can't open/find realm translation file"
-error_code KRB5_TRANS_BADFORMAT,	"Improper format of realm translation file"
-
-error_code KRB5_LNAME_CANTOPEN,		"Can't open/find lname translation database"
-error_code KRB5_LNAME_NOTRANS,		"No translation available for requested principal"
-error_code KRB5_LNAME_BADFORMAT,	"Improper format of translation database entry"
-
-error_code KRB5_CRYPTO_INTERNAL,	"Cryptosystem internal error"
-
-error_code KRB5_KT_BADNAME,		"Key table name malformed"
-error_code KRB5_KT_UNKNOWN_TYPE,	"Unknown Key table type" 
-error_code KRB5_KT_NOTFOUND,		"Key table entry not found"
-error_code KRB5_KT_END,			"End of key table reached"
-error_code KRB5_KT_NOWRITE,		"Cannot write to specified key table"
-error_code KRB5_KT_IOERR,		"Error writing to key table"
-
-error_code KRB5_NO_TKT_IN_RLM,		"Cannot find ticket for requested realm"
-error_code KRB5DES_BAD_KEYPAR,		"DES key has bad parity"
-error_code KRB5DES_WEAK_KEY,		"DES key is a weak key"
-
-error_code KRB5_BAD_ENCTYPE,		"Bad encryption type"
-error_code KRB5_BAD_KEYSIZE,		"Key size is incompatible with encryption type"
-error_code KRB5_BAD_MSIZE,		"Message size is incompatible with encryption type"
-
-error_code KRB5_CC_TYPE_EXISTS,		"Credentials cache type is already registered."
-error_code KRB5_KT_TYPE_EXISTS,		"Key table type is already registered."
-
-error_code KRB5_CC_IO,			"Credentials cache I/O operation failed XXX"
-error_code KRB5_FCC_PERM,		"Credentials cache file permissions incorrect"
-error_code KRB5_FCC_NOFILE,		"No credentials cache file found"
-error_code KRB5_FCC_INTERNAL,		"Internal file credentials cache error"
-error_code KRB5_CC_WRITE,		"Error writing to credentials cache file"
-error_code KRB5_CC_NOMEM,		"No more memory to allocate (in credentials cache code)"
-error_code KRB5_CC_FORMAT,		"Bad format in credentials cache"
-error_code KRB5_CC_NOT_KTYPE,		"No credentials found with supported encryption types"
-
-# errors for dual tgt library calls
-error_code KRB5_INVALID_FLAGS,		"Invalid KDC option combination (library internal error)"
-error_code KRB5_NO_2ND_TKT,		"Request missing second ticket"
-
-error_code KRB5_NOCREDS_SUPPLIED,	"No credentials supplied to library routine"
-
-# errors for sendauth (and recvauth)
-
-error_code KRB5_SENDAUTH_BADAUTHVERS,	"Bad sendauth version was sent"
-error_code KRB5_SENDAUTH_BADAPPLVERS,	"Bad application version was sent (via sendauth)"
-error_code KRB5_SENDAUTH_BADRESPONSE,	"Bad response (during sendauth exchange)"
-error_code KRB5_SENDAUTH_REJECTED,	"Server rejected authentication (during sendauth exchange)"
-
-# errors for preauthentication
-
-error_code KRB5_PREAUTH_BAD_TYPE,	"Unsupported preauthentication type"
-error_code KRB5_PREAUTH_NO_KEY,		"Required preauthentication key not supplied"
-error_code KRB5_PREAUTH_FAILED,		"Generic preauthentication failure"
-
-# version number errors
-
-error_code KRB5_RCACHE_BADVNO,	"Unsupported replay cache format version number"
-error_code KRB5_CCACHE_BADVNO,	"Unsupported credentials cache format version number"
-error_code KRB5_KEYTAB_BADVNO,	"Unsupported key table format version number"
-
-#
-#
-
-error_code KRB5_PROG_ATYPE_NOSUPP,	"Program lacks support for address type"
-error_code KRB5_RC_REQUIRED,	"Message replay detection requires rcache parameter"
-error_code KRB5_ERR_BAD_HOSTNAME,	"Hostname cannot be canonicalized"
-error_code KRB5_ERR_HOST_REALM_UNKNOWN,	"Cannot determine realm for host"
-error_code KRB5_SNAME_UNSUPP_NAMETYPE,	"Conversion to service principal undefined for name type"
-
-error_code KRB5KRB_AP_ERR_V4_REPLY, "Initial Ticket response appears to be Version 4"
-error_code KRB5_REALM_CANT_RESOLVE,	"Cannot resolve KDC for requested realm"
-error_code KRB5_TKT_NOT_FORWARDABLE,	"Requesting ticket can't get forwardable tickets"
-error_code KRB5_FWD_BAD_PRINCIPAL, "Bad principal name while trying to forward credentials"
-
-error_code KRB5_GET_IN_TKT_LOOP,  "Looping detected inside krb5_get_in_tkt"
-error_code KRB5_CONFIG_NODEFREALM,	"Configuration file does not specify default realm"
-
-error_code KRB5_SAM_UNSUPPORTED,  "Bad SAM flags in obtain_sam_padata"
-error_code KRB5_SAM_INVALID_ETYPE,  "Invalid encryption type in SAM challenge"
-error_code KRB5_SAM_NO_CHECKSUM,  "Missing checksum in SAM challenge"
-error_code KRB5_SAM_BAD_CHECKSUM,  "Bad checksum in SAM challenge"
-
-index 238
-error_code KRB5_OBSOLETE_FN,	"Program called an obsolete, deleted function"
-
-index 245
-error_code KRB5_ERR_BAD_S2K_PARAMS, "Invalid key generation parameters from KDC"
-error_code KRB5_ERR_NO_SERVICE,	"Service not available"
-error_code KRB5_CC_NOSUPP,      "Credential cache function not supported"
-error_code KRB5_DELTAT_BADFORMAT,	"Invalid format of Kerberos lifetime or clock skew string"
-
-end
diff --git a/crypto/heimdal/lib/krb5/krb5_expand_hostname.3 b/crypto/heimdal/lib/krb5/krb5_expand_hostname.3
deleted file mode 100644
index ffd98dad1688..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_expand_hostname.3
+++ /dev/null
@@ -1,93 +0,0 @@
-.\" Copyright (c) 2004 - 2006 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_expand_hostname.3 17461 2006-05-05 13:13:18Z lha $
-.\"
-.Dd May  5, 2006
-.Dt KRB5_EXPAND_HOSTNAME 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_expand_hostname ,
-.Nm krb5_expand_hostname_realms
-.Nd Kerberos 5 host name canonicalization functions
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Ft krb5_error_code
-.Fo krb5_expand_hostname
-.Fa "krb5_context context"
-.Fa "const char *orig_hostname"
-.Fa "char **new_hostname"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_expand_hostname_realms
-.Fa "krb5_context context"
-.Fa "const char *orig_hostname"
-.Fa "char **new_hostname"
-.Fa "char ***realms"
-.Fc
-.Sh DESCRIPTION
-.Fn krb5_expand_hostname
-tries to make
-.Fa orig_hostname
-into a more canonical one in the newly allocated space returned in
-.Fa new_hostname .
-Caller must free the hostname with
-.Xr free 3 .
-.Pp
-.Fn krb5_expand_hostname_realms
-expands
-.Fa orig_hostname
-to a name we believe to be a hostname in newly
-allocated space in
-.Fa new_hostname
-and return the realms
-.Fa new_hostname
-is belive to belong to in
-.Fa realms .
-.Fa Realms
-is a array terminated with
-.Dv NULL .
-Caller must free the
-.Fa realms
-with
-.Fn krb5_free_host_realm 
-and
-.Fa new_hostname
-with
-.Xr free 3 .
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5_free_host_realm 3 ,
-.Xr krb5_get_host_realm 3 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_find_padata.3 b/crypto/heimdal/lib/krb5/krb5_find_padata.3
deleted file mode 100644
index b72678493152..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_find_padata.3
+++ /dev/null
@@ -1,87 +0,0 @@
-.\" Copyright (c) 2004 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_find_padata.3 13595 2004-03-21 13:17:41Z lha $
-.\"
-.Dd March 21, 2004
-.Dt KRB5_FIND_PADATA 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_find_padata ,
-.Nm krb5_padata_add
-.Nd Kerberos 5 pre-authentication data handling functions
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Ft "PA_DATA *"
-.Fo krb5_find_padata
-.Fa "PA_DATA *val"
-.Fa "unsigned len"
-.Fa "int type"
-.Fa "int *index"
-.Fc
-.Ft int
-.Fo krb5_padata_add
-.Fa "krb5_context context"
-.Fa "METHOD_DATA *md"
-.Fa "int type"
-.Fa "void *buf"
-.Fa "size_t len"
-.Fc
-.Sh DESCRIPTION
-.Fn krb5_find_padata
-tries to find the pre-authentication data entry of type
-.Fa type
-in the array
-.Fa val
-of length
-.Fa len .
-The search is started at entry pointed out by
-.Fa *index
-(zero based indexing).
-If the type isn't found,
-.Dv NULL
-is returned.
-.Pp
-.Fn krb5_padata_add
-adds a pre-authentication data entry of type
-.Fa type
-pointed out by
-.Fa buf
-and
-.Fa len
-to
-.Fa md .
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_free_addresses.3 b/crypto/heimdal/lib/krb5/krb5_free_addresses.3
deleted file mode 100644
index 6ac46d44f3b3..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_free_addresses.3
+++ /dev/null
@@ -1,53 +0,0 @@
-.\" Copyright (c) 2001 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\"
-.\" $Id: krb5_free_addresses.3,v 1.5 2003/04/16 13:58:15 lha Exp $
-.\"
-.Dd November 20, 2001
-.Dt KRB5_FREE_ADDRESSES 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_free_addresses
-.Nd free list of addresses
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft void
-.Fn krb5_free_addresses "krb5_context context" "krb5_addresses *addresses"
-.Sh DESCRIPTION
-The
-.Fn krb5_free_addresses
-will free a list of addresses that has been created with
-.Fn krb5_get_all_client_addrs
-or with some other function.
-.Sh SEE ALSO
-.Xr krb5_get_all_client_addrs 3
diff --git a/crypto/heimdal/lib/krb5/krb5_free_principal.3 b/crypto/heimdal/lib/krb5/krb5_free_principal.3
deleted file mode 100644
index e9900a7981cc..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_free_principal.3
+++ /dev/null
@@ -1,58 +0,0 @@
-.\" Copyright (c) 1997, 2001 - 2002 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" Copyright (c) 1997 Kungliga Tekniska H�gskolan
-.\" $Id: krb5_free_principal.3,v 1.7 2003/04/16 13:58:11 lha Exp $
-.Dd August 8, 1997
-.Dt KRB5_FREE_PRINCIPAL 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_free_principal
-.Nd principal free function
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft void
-.Fn krb5_free_principal "krb5_context context" "krb5_principal principal"
-.Sh DESCRIPTION
-The
-.Fn krb5_free_principal
-will free a principal that has been created with
-.Fn krb5_build_principal ,
-.Fn krb5_parse_name ,
-or with some other function.
-.Sh SEE ALSO
-.Xr krb5_425_conv_principal 3 ,
-.Xr krb5_build_principal 3 ,
-.Xr krb5_parse_name 3 ,
-.Xr krb5_sname_to_principal 3 ,
-.Xr krb5_unparse_name 3
diff --git a/crypto/heimdal/lib/krb5/krb5_generate_random_block.3 b/crypto/heimdal/lib/krb5/krb5_generate_random_block.3
deleted file mode 100644
index 4b46954fa90a..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_generate_random_block.3
+++ /dev/null
@@ -1,57 +0,0 @@
-.\" Copyright (c) 2004 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_generate_random_block.3 17385 2006-05-01 08:48:55Z lha $
-.\"
-.Dd March 21, 2004
-.Dt KRB5_GENERATE_RANDOM_BLOCK 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_generate_random_block
-.Nd Kerberos 5 random functions
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft void
-.Fo krb5_generate_random_block
-.Fa "void *buf"
-.Fa "size_t len"
-.Fc
-.Sh DESCRIPTION
-.Fn krb5_generate_random_block
-generates a cryptographically strong pseudo-random block into the buffer
-.Fa buf
-of length
-.Fa len .
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5.conf 5
diff --git a/crypto/heimdal/lib/krb5/krb5_get_all_client_addrs.3 b/crypto/heimdal/lib/krb5/krb5_get_all_client_addrs.3
deleted file mode 100644
index f6f4c85c97aa..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_get_all_client_addrs.3
+++ /dev/null
@@ -1,74 +0,0 @@
-.\" Copyright (c) 2001 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_get_all_client_addrs.3 12329 2003-05-26 14:09:04Z lha $
-.\"
-.Dd July  1, 2001
-.Dt KRB5_GET_ADDRS 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_get_all_client_addrs ,
-.Nm krb5_get_all_server_addrs
-.Nd return local addresses
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft "krb5_error_code"
-.Fn krb5_get_all_client_addrs "krb5_context context" "krb5_addresses *addrs"
-.Ft "krb5_error_code"
-.Fn krb5_get_all_server_addrs "krb5_context context" "krb5_addresses *addrs"
-.Sh DESCRIPTION
-These functions return in
-.Fa addrs
-a list of addresses associated with the local
-host.
-.Pp
-The server variant returns all configured interface addresses (if
-possible), including loop-back addresses. This is useful if you want
-to create sockets to listen to.
-.Pp
-The client version will also scan local interfaces (can be turned off
-by setting
-.Li libdefaults/scan_interfaces
-to false in
-.Pa krb5.conf ) ,
-but will not include loop-back addresses, unless there are no other
-addresses found. It will remove all addresses included in
-.Li libdefaults/ignore_addresses
-but will unconditionally include addresses in
-.Li libdefaults/extra_addresses .
-.Pp
-The returned addresses should be freed by calling
-.Fn krb5_free_addresses .
-.\".Sh EXAMPLE
-.Sh SEE ALSO
-.Xr krb5_free_addresses 3
diff --git a/crypto/heimdal/lib/krb5/krb5_get_credentials.3 b/crypto/heimdal/lib/krb5/krb5_get_credentials.3
deleted file mode 100644
index 32e0ffe1eef3..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_get_credentials.3
+++ /dev/null
@@ -1,208 +0,0 @@
-.\" Copyright (c) 2004 - 2005 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_get_credentials.3 22071 2007-11-14 20:04:50Z lha $
-.\"
-.Dd July 26, 2004
-.Dt KRB5_GET_CREDENTIALS 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_get_credentials ,
-.Nm krb5_get_credentials_with_flags ,
-.Nm krb5_get_cred_from_kdc ,
-.Nm krb5_get_cred_from_kdc_opt ,
-.Nm krb5_get_kdc_cred ,
-.Nm krb5_get_renewed_creds
-.Nd get credentials from the KDC using krbtgt
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fo krb5_get_credentials
-.Fa "krb5_context context"
-.Fa "krb5_flags options"
-.Fa "krb5_ccache ccache"
-.Fa "krb5_creds *in_creds"
-.Fa "krb5_creds **out_creds"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_credentials_with_flags
-.Fa "krb5_context context"
-.Fa "krb5_flags options"
-.Fa "krb5_kdc_flags flags"
-.Fa "krb5_ccache ccache"
-.Fa "krb5_creds *in_creds"
-.Fa "krb5_creds **out_creds"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_cred_from_kdc
-.Fa "krb5_context context"
-.Fa "krb5_ccache ccache"
-.Fa "krb5_creds *in_creds"
-.Fa "krb5_creds **out_creds"
-.Fa "krb5_creds ***ret_tgts"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_cred_from_kdc_opt
-.Fa "krb5_context context"
-.Fa "krb5_ccache ccache"
-.Fa "krb5_creds *in_creds"
-.Fa "krb5_creds **out_creds"
-.Fa "krb5_creds ***ret_tgts"
-.Fa "krb5_flags flags"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_kdc_cred
-.Fa "krb5_context context"
-.Fa "krb5_ccache id"
-.Fa "krb5_kdc_flags flags"
-.Fa "krb5_addresses *addresses"
-.Fa "Ticket  *second_ticket"
-.Fa "krb5_creds *in_creds"
-.Fa "krb5_creds **out_creds"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_renewed_creds
-.Fa "krb5_context context"
-.Fa "krb5_creds *creds"
-.Fa "krb5_const_principal client"
-.Fa "krb5_ccache ccache"
-.Fa "const char *in_tkt_service"
-.Fc
-.Sh DESCRIPTION
-.Fn krb5_get_credentials_with_flags
-get credentials specified by
-.Fa in_creds->server
-and
-.Fa in_creds->client
-(the rest of the
-.Fa in_creds
-structure is ignored)
-by first looking in the
-.Fa ccache
-and if doesn't exists or is expired, fetch the credential from the KDC
-using the krbtgt in
-.Fa ccache .
-The credential is returned in
-.Fa out_creds
-and should be freed using the function
-.Fn krb5_free_creds .
-.Pp
-Valid flags to pass into
-.Fa options
-argument are:
-.Pp
-.Bl -tag -width "KRB5_GC_USER_USER" -compact
-.It KRB5_GC_CACHED
-Only check the
-.Fa ccache ,
-don't got out on network to fetch credential.
-.It KRB5_GC_USER_USER
-Request a user to user ticket.
-This option doesn't store the resulting user to user credential in
-the
-.Fa ccache .
-.It KRB5_GC_EXPIRED_OK
-returns the credential even if it is expired, default behavior is trying
-to refetch the credential from the KDC.
-.El
-.Pp
-.Fa Flags
-are KDCOptions, note the caller must fill in the bit-field and not
-use the integer associated structure.
-.Pp
-.Fn krb5_get_credentials
-works the same way as
-.Fn krb5_get_credentials_with_flags
-except that the
-.Fa flags
-field is missing.
-.Pp
-.Fn krb5_get_cred_from_kdc
-and
-.Fn krb5_get_cred_from_kdc_opt
-fetches the credential from the KDC very much like
-.Fn krb5_get_credentials, but doesn't look in the
-.Fa ccache
-if the credential exists there first.
-.Pp
-.Fn krb5_get_kdc_cred
-does the same as the functions above, but the caller must fill in all
-the information andits closer to the wire protocol.
-.Pp
-.Fn krb5_get_renewed_creds
-renews a credential given by
-.Fa in_tkt_service
-(if
-.Dv NULL
-the default
-.Li krbtgt )
-using the credential cache
-.Fa ccache .
-The result is stored in
-.Fa creds
-and should be freed using
-.Fa krb5_free_creds .
-.Sh EXAMPLES
-Here is a example function that get a credential from a credential cache
-.Fa id
-or the KDC and returns it to the caller.
-.Bd -literal
-#include <krb5.h>
-
-int
-getcred(krb5_context context, krb5_ccache id, krb5_creds **creds)
-{
-    krb5_error_code ret;
-    krb5_creds in;
-
-    ret = krb5_parse_name(context, "client@EXAMPLE.COM", 
-			  &in.client);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    ret = krb5_parse_name(context, "host/server.example.com@EXAMPLE.COM",
-			  &in.server);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    ret = krb5_get_credentials(context, 0, id, &in, creds);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_get_credentials");
-
-    return 0;
-}
-.Ed
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5_get_forwarded_creds 3 ,
-.Xr krb5.conf 5
diff --git a/crypto/heimdal/lib/krb5/krb5_get_creds.3 b/crypto/heimdal/lib/krb5/krb5_get_creds.3
deleted file mode 100644
index 189c93f408da..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_get_creds.3
+++ /dev/null
@@ -1,173 +0,0 @@
-.\" Copyright (c) 2006 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_get_creds.3 22071 2007-11-14 20:04:50Z lha $
-.\"
-.Dd June 15, 2006
-.Dt KRB5_GET_CREDS 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_get_creds ,
-.Nm krb5_get_creds_opt_add_options ,
-.Nm krb5_get_creds_opt_alloc ,
-.Nm krb5_get_creds_opt_free ,
-.Nm krb5_get_creds_opt_set_enctype ,
-.Nm krb5_get_creds_opt_set_impersonate ,
-.Nm krb5_get_creds_opt_set_options ,
-.Nm krb5_get_creds_opt_set_ticket
-.Nd get credentials from the KDC
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fo krb5_get_creds
-.Fa "krb5_context context"
-.Fa "krb5_get_creds_opt opt"
-.Fa "krb5_ccache ccache"
-.Fa "krb5_const_principal inprinc"
-.Fa "krb5_creds **out_creds"
-.Fc
-.Ft void
-.Fo krb5_get_creds_opt_add_options
-.Fa "krb5_context context"
-.Fa "krb5_get_creds_opt opt"
-.Fa "krb5_flags options"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_creds_opt_alloc
-.Fa "krb5_context context"
-.Fa "krb5_get_creds_opt *opt"
-.Fc
-.Ft void
-.Fo krb5_get_creds_opt_free
-.Fa "krb5_context context"
-.Fa "krb5_get_creds_opt opt"
-.Fc
-.Ft void
-.Fo krb5_get_creds_opt_set_enctype
-.Fa "krb5_context context"
-.Fa "krb5_get_creds_opt opt"
-.Fa "krb5_enctype enctype"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_creds_opt_set_impersonate
-.Fa "krb5_context context"
-.Fa "krb5_get_creds_opt opt"
-.Fa "krb5_const_principal self"
-.Fc
-.Ft void
-.Fo krb5_get_creds_opt_set_options
-.Fa "krb5_context context"
-.Fa "krb5_get_creds_opt opt"
-.Fa "krb5_flags options"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_creds_opt_set_ticket
-.Fa "krb5_context context"
-.Fa "krb5_get_creds_opt opt"
-.Fa "const Ticket *ticket"
-.Fc
-.Sh DESCRIPTION
-.Fn krb5_get_creds
-fetches credentials specified by
-.Fa opt
-by first looking in the
-.Fa ccache ,
-and then it doesn't exists, fetch the credential from the KDC
-using the krbtgts in
-.Fa ccache .
-The credential is returned in
-.Fa out_creds
-and should be freed using the function
-.Fn krb5_free_creds .
-.Pp
-The structure
-.Li krb5_get_creds_opt
-controls the behavior of
-.Fn krb5_get_creds .
-The structure is opaque to consumers that can set the content of the
-structure with accessors functions. All accessor functions make copies
-of the data that is passed into accessor functions, so external
-consumers free the memory before calling
-.Fn krb5_get_creds .
-.Pp
-The structure
-.Li krb5_get_creds_opt
-is allocated with
-.Fn krb5_get_creds_opt_alloc
-and freed with
-.Fn krb5_get_creds_opt_free .
-The free function also frees the content of the structure set by the
-accessor functions.
-.Pp
-.Fn krb5_get_creds_opt_add_options
-and
-.Fn krb5_get_creds_opt_set_options
-adds and sets options to the
-.Fi krb5_get_creds_opt
-structure .
-The possible options to set are
-.Bl -tag -width "KRB5_GC_USER_USER" -compact
-.It KRB5_GC_CACHED
-Only check the
-.Fa ccache ,
-don't got out on network to fetch credential.
-.It KRB5_GC_USER_USER
-request a user to user ticket.
-This options doesn't store the resulting user to user credential in
-the
-.Fa ccache .
-.It KRB5_GC_EXPIRED_OK
-returns the credential even if it is expired, default behavior is trying
-to refetch the credential from the KDC.
-.It KRB5_GC_NO_STORE
-Do not store the resulting credentials in the
-.Fa ccache .
-.El
-.Pp
-.Fn krb5_get_creds_opt_set_enctype
-sets the preferred encryption type of the application. Don't set this
-unless you have to since if there is no match in the KDC, the function
-call will fail.
-.Pp
-.Fn krb5_get_creds_opt_set_impersonate
-sets the principal to impersonate., Returns a ticket that have the
-impersonation principal as a client and the requestor as the
-service. Note that the requested principal have to be the same as the
-client principal in the krbtgt.
-.Pp
-.Fn krb5_get_creds_opt_set_ticket
-sets the extra ticket used in user-to-user or contrained delegation use case.
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5_get_credentials 3 ,
-.Xr krb5.conf 5
diff --git a/crypto/heimdal/lib/krb5/krb5_get_forwarded_creds.3 b/crypto/heimdal/lib/krb5/krb5_get_forwarded_creds.3
deleted file mode 100644
index bbe46ec44784..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_get_forwarded_creds.3
+++ /dev/null
@@ -1,79 +0,0 @@
-.\" Copyright (c) 2004 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_get_forwarded_creds.3 14068 2004-07-26 13:34:33Z lha $
-.\"
-.Dd July 26, 2004
-.Dt KRB5_GET_FORWARDED_CREDS 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_get_forwarded_creds ,
-.Nm krb5_fwd_tgt_creds
-.Nd get forwarded credentials from the KDC
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fo krb5_get_forwarded_creds
-.Fa "krb5_context context"
-.Fa "krb5_auth_context auth_context"
-.Fa "krb5_ccache ccache"
-.Fa "krb5_flags flags"
-.Fa "const char *hostname"
-.Fa "krb5_creds *in_creds"
-.Fa "krb5_data *out_data"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_fwd_tgt_creds
-.Fa "krb5_context context"
-.Fa "krb5_auth_context auth_context"
-.Fa "const char *hostname"
-.Fa "krb5_principal client"
-.Fa "krb5_principal server"
-.Fa "krb5_ccache ccache"
-.Fa "int forwardable"
-.Fa "krb5_data *out_data"
-.Fc
-.Sh DESCRIPTION
-.Fn krb5_get_forwarded_creds
-and
-.Fn krb5_fwd_tgt_creds
-get tickets forwarded to
-.Fa hostname.
-If the tickets that are forwarded are address-less, the forwarded
-tickets will also be address-less, otherwise
-.Fa hostname
-will be used for figure out the address to forward the ticket too.
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5_get_credentials 3 ,
-.Xr krb5.conf 5
diff --git a/crypto/heimdal/lib/krb5/krb5_get_in_cred.3 b/crypto/heimdal/lib/krb5/krb5_get_in_cred.3
deleted file mode 100644
index 290e3c5c694d..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_get_in_cred.3
+++ /dev/null
@@ -1,274 +0,0 @@
-.\" Copyright (c) 2003 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_get_in_cred.3 17593 2006-05-29 14:55:18Z lha $
-.\"
-.Dd May 31, 2003
-.Dt KRB5_GET_IN_TKT 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_get_in_tkt ,
-.Nm krb5_get_in_cred ,
-.Nm krb5_get_in_tkt_with_password ,
-.Nm krb5_get_in_tkt_with_keytab ,
-.Nm krb5_get_in_tkt_with_skey ,
-.Nm krb5_free_kdc_rep ,
-.Nm krb5_password_key_proc
-.Nd deprecated initial authentication functions
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Ft krb5_error_code
-.Fo krb5_get_in_tkt
-.Fa "krb5_context context"
-.Fa "krb5_flags options"
-.Fa "const krb5_addresses *addrs"
-.Fa "const krb5_enctype *etypes"
-.Fa "const krb5_preauthtype *ptypes"
-.Fa "krb5_key_proc key_proc"
-.Fa "krb5_const_pointer keyseed"
-.Fa "krb5_decrypt_proc decrypt_proc"
-.Fa "krb5_const_pointer decryptarg"
-.Fa "krb5_creds *creds"
-.Fa "krb5_ccache ccache"
-.Fa "krb5_kdc_rep *ret_as_reply"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_in_cred
-.Fa "krb5_context context"
-.Fa "krb5_flags options"
-.Fa "const krb5_addresses *addrs"
-.Fa "const krb5_enctype *etypes"
-.Fa "const krb5_preauthtype *ptypes"
-.Fa "const krb5_preauthdata *preauth"
-.Fa "krb5_key_proc key_proc"
-.Fa "krb5_const_pointer keyseed"
-.Fa "krb5_decrypt_proc decrypt_proc"
-.Fa "krb5_const_pointer decryptarg"
-.Fa "krb5_creds *creds"
-.Fa "krb5_kdc_rep *ret_as_reply"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_in_tkt_with_password
-.Fa "krb5_context context"
-.Fa "krb5_flags options"
-.Fa "krb5_addresses *addrs"
-.Fa "const krb5_enctype *etypes"
-.Fa "const krb5_preauthtype *pre_auth_types"
-.Fa "const char *password"
-.Fa "krb5_ccache ccache"
-.Fa "krb5_creds *creds"
-.Fa "krb5_kdc_rep *ret_as_reply"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_in_tkt_with_keytab
-.Fa "krb5_context context"
-.Fa "krb5_flags options"
-.Fa "krb5_addresses *addrs"
-.Fa "const krb5_enctype *etypes"
-.Fa "const krb5_preauthtype *pre_auth_types"
-.Fa "krb5_keytab keytab"
-.Fa "krb5_ccache ccache"
-.Fa "krb5_creds *creds"
-.Fa "krb5_kdc_rep *ret_as_reply"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_in_tkt_with_skey
-.Fa "krb5_context context"
-.Fa "krb5_flags options"
-.Fa "krb5_addresses *addrs"
-.Fa "const krb5_enctype *etypes"
-.Fa "const krb5_preauthtype *pre_auth_types"
-.Fa "const krb5_keyblock *key"
-.Fa "krb5_ccache ccache"
-.Fa "krb5_creds *creds"
-.Fa "krb5_kdc_rep *ret_as_reply"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_free_kdc_rep
-.Fa "krb5_context context"
-.Fa "krb5_kdc_rep *rep"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_password_key_proc
-.Fa "krb5_context context"
-.Fa "krb5_enctype type"
-.Fa "krb5_salt salt"
-.Fa "krb5_const_pointer keyseed"
-.Fa "krb5_keyblock **key"
-.Fc
-.Sh DESCRIPTION
-.Bf Em
-All the functions in this manual page are deprecated in the MIT
-implementation, and will soon be deprecated in Heimdal too, don't use them.
-.Ef
-.Pp
-Getting initial credential ticket for a principal.
-.Nm krb5_get_in_cred
-is the function all other krb5_get_in function uses to fetch tickets.
-The other krb5_get_in function are more specialized and therefor
-somewhat easier to use.
-.Pp
-If your need is only to verify a user and password, consider using
-.Xr krb5_verify_user 3
-instead, it have a much simpler interface.
-.Pp
-.Nm krb5_get_in_tkt
-and
-.Nm krb5_get_in_cred
-fetches initial credential, queries after key using the
-.Fa key_proc
-argument.
-The differences between the two function is that
-.Nm krb5_get_in_tkt
-stores the credential in a
-.Li krb5_creds
-while
-.Nm krb5_get_in_cred
-stores the credential in a
-.Li krb5_ccache .
-.Pp
-.Nm krb5_get_in_tkt_with_password ,
-.Nm krb5_get_in_tkt_with_keytab ,
-and
-.Nm krb5_get_in_tkt_with_skey
-does the same work as
-.Nm krb5_get_in_cred
-but are more specialized.
-.Pp
-.Nm krb5_get_in_tkt_with_password
-uses the clients password to authenticate.
-If the password argument is
-.DV NULL
-the user user queried with the default password query function.
-.Pp
-.Nm krb5_get_in_tkt_with_keytab
-searches the given keytab for a service entry for the client principal.
-If the keytab is
-.Dv NULL
-the default keytab is used.
-.Pp
-.Nm krb5_get_in_tkt_with_skey
-uses a key to get the initial credential.
-.Pp
-There are some common arguments to the krb5_get_in functions, these are:
-.Pp
-.Fa options
-are the
-.Dv KDC_OPT
-flags.
-.Pp
-.Fa etypes
-is a
-.Dv NULL
-terminated array of encryption types that the client approves.
-.Pp
-.Fa addrs
-a list of the addresses that the initial ticket.
-If it is
-.Dv NULL
-the list will be generated by the library.
-.Pp
-.Fa pre_auth_types
-a
-.Dv NULL
-terminated array of pre-authentication types.
-If
-.Fa pre_auth_types
-is
-.Dv NULL
-the function will try without pre-authentication and return those
-pre-authentication that the KDC returned.
-.Pp
-.Fa ret_as_reply
-will (if not
-.Dv NULL )
-be filled in with the response of the KDC and should be free with
-.Fn krb5_free_kdc_rep .
-.Pp
-.Fa key_proc
-is a pointer to a function that should return a key salted appropriately.
-Using
-.Dv NULL
-will use the default password query function.
-.Pp
-.Fa decrypt_proc
-Using
-.Dv NULL
-will use the default decryption function.
-.Pp
-.Fa decryptarg
-will be passed to the decryption function
-.Fa decrypt_proc .
-.Pp
-.Fa creds
-creds should be filled in with the template for a credential that
-should be requested.
-The client and server elements of the creds structure must be filled in.
-Upon return of the function it will be contain the content of the
-requested credential
-.Fa ( krb5_get_in_cred ) ,
-or it will be freed with
-.Xr krb5_free_creds 3
-(all the other krb5_get_in functions).
-.Pp
-.Fa ccache
-will store the credential in the credential cache
-.Fa ccache .
-The credential cache will not be initialized, thats up the the caller.
-.Pp
-.Nm krb5_password_key_proc
-is a library function that is suitable using as the
-.Fa krb5_key_proc
-argument to
-.Nm krb5_get_in_cred
-or
-.Nm krb5_get_in_tkt .
-.Fa keyseed
-should be a pointer to a
-.Dv NUL
-terminated string or
-.Dv NULL .
-.Nm krb5_password_key_proc
-will query the user for the pass on the console if the password isn't
-given as the argument
-.Fa keyseed .
-.Pp
-.Fn krb5_free_kdc_rep
-frees the content of
-.Fa rep .
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5_verify_user 3 ,
-.Xr krb5.conf 5 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_get_init_creds.3 b/crypto/heimdal/lib/krb5/krb5_get_init_creds.3
deleted file mode 100644
index 3838c1449a57..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_get_init_creds.3
+++ /dev/null
@@ -1,398 +0,0 @@
-.\" Copyright (c) 2003 - 2007 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_get_init_creds.3 20266 2007-02-18 10:41:10Z lha $
-.\"
-.Dd Sep  16, 2006
-.Dt KRB5_GET_INIT_CREDS 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_get_init_creds ,
-.Nm krb5_get_init_creds_keytab ,
-.Nm krb5_get_init_creds_opt ,
-.Nm krb5_get_init_creds_opt_alloc ,
-.Nm krb5_get_init_creds_opt_free ,
-.Nm krb5_get_init_creds_opt_init ,
-.Nm krb5_get_init_creds_opt_set_address_list ,
-.Nm krb5_get_init_creds_opt_set_addressless ,
-.Nm krb5_get_init_creds_opt_set_anonymous ,
-.Nm krb5_get_init_creds_opt_set_default_flags ,
-.Nm krb5_get_init_creds_opt_set_etype_list ,
-.Nm krb5_get_init_creds_opt_set_forwardable ,
-.Nm krb5_get_init_creds_opt_set_pa_password ,
-.Nm krb5_get_init_creds_opt_set_paq_request ,
-.Nm krb5_get_init_creds_opt_set_preauth_list ,
-.Nm krb5_get_init_creds_opt_set_proxiable ,
-.Nm krb5_get_init_creds_opt_set_renew_life ,
-.Nm krb5_get_init_creds_opt_set_salt ,
-.Nm krb5_get_init_creds_opt_set_tkt_life ,
-.Nm krb5_get_init_creds_opt_set_canonicalize ,
-.Nm krb5_get_init_creds_opt_set_win2k ,
-.Nm krb5_get_init_creds_password ,
-.Nm krb5_prompt ,
-.Nm krb5_prompter_posix
-.Nd Kerberos 5 initial authentication functions
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Ft krb5_get_init_creds_opt;
-.Pp
-.Ft krb5_error_code
-.Fo krb5_get_init_creds_opt_alloc
-.Fa "krb5_context context"
-.Fa "krb5_get_init_creds_opt **opt"
-.Fc
-.Ft void
-.Fo krb5_get_init_creds_opt_free
-.Fa "krb5_context context"
-.Fa "krb5_get_init_creds_opt *opt"
-.Fc
-.Ft void
-.Fo krb5_get_init_creds_opt_init
-.Fa "krb5_get_init_creds_opt *opt"
-.Fc
-.Ft void
-.Fo krb5_get_init_creds_opt_set_address_list
-.Fa "krb5_get_init_creds_opt *opt"
-.Fa "krb5_addresses *addresses"
-.Fc
-.Ft void
-.Fo krb5_get_init_creds_opt_set_addressless
-.Fa "krb5_get_init_creds_opt *opt"
-.Fa "krb5_boolean addressless"
-.Fc
-.Ft void
-.Fo krb5_get_init_creds_opt_set_anonymous
-.Fa "krb5_get_init_creds_opt *opt"
-.Fa "int anonymous"
-.Fc
-.Ft void
-.Fo krb5_get_init_creds_opt_set_default_flags
-.Fa "krb5_context context"
-.Fa "const char *appname"
-.Fa "krb5_const_realm realm"
-.Fa "krb5_get_init_creds_opt *opt"
-.Fc
-.Ft void
-.Fo krb5_get_init_creds_opt_set_etype_list
-.Fa "krb5_get_init_creds_opt *opt"
-.Fa "krb5_enctype *etype_list"
-.Fa "int etype_list_length"
-.Fc
-.Ft void
-.Fo krb5_get_init_creds_opt_set_forwardable
-.Fa "krb5_get_init_creds_opt *opt"
-.Fa "int forwardable"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_init_creds_opt_set_pa_password
-.Fa "krb5_context context"
-.Fa "krb5_get_init_creds_opt *opt"
-.Fa "const char *password"
-.Fa "krb5_s2k_proc key_proc"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_init_creds_opt_set_paq_request
-.Fa "krb5_context context"
-.Fa "krb5_get_init_creds_opt *opt"
-.Fa "krb5_boolean req_pac"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_init_creds_opt_set_pkinit
-.Fa "krb5_context context"
-.Fa "krb5_get_init_creds_opt *opt"
-.Fa "const char *cert_file"
-.Fa "const char *key_file"
-.Fa "const char *x509_anchors"
-.Fa "int flags"
-.Fa "char *password"
-.Fc
-.Ft void
-.Fo krb5_get_init_creds_opt_set_preauth_list
-.Fa "krb5_get_init_creds_opt *opt"
-.Fa "krb5_preauthtype *preauth_list"
-.Fa "int preauth_list_length"
-.Fc
-.Ft void
-.Fo krb5_get_init_creds_opt_set_proxiable
-.Fa "krb5_get_init_creds_opt *opt"
-.Fa "int proxiable"
-.Fc
-.Ft void
-.Fo krb5_get_init_creds_opt_set_renew_life
-.Fa "krb5_get_init_creds_opt *opt"
-.Fa "krb5_deltat renew_life"
-.Fc
-.Ft void
-.Fo krb5_get_init_creds_opt_set_salt
-.Fa "krb5_get_init_creds_opt *opt"
-.Fa "krb5_data *salt"
-.Fc
-.Ft void
-.Fo krb5_get_init_creds_opt_set_tkt_life
-.Fa "krb5_get_init_creds_opt *opt"
-.Fa "krb5_deltat tkt_life"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_init_creds_opt_set_canonicalize
-.Fa "krb5_context context"
-.Fa "krb5_get_init_creds_opt *opt"
-.Fa "krb5_boolean req"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_init_creds_opt_set_win2k
-.Fa "krb5_context context"
-.Fa "krb5_get_init_creds_opt *opt"
-.Fa "krb5_boolean req"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_init_creds
-.Fa "krb5_context context"
-.Fa "krb5_creds *creds"
-.Fa "krb5_principal client"
-.Fa "krb5_prompter_fct prompter"
-.Fa "void *prompter_data"
-.Fa "krb5_deltat start_time"
-.Fa "const char *in_tkt_service"
-.Fa "krb5_get_init_creds_opt *options"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_init_creds_password
-.Fa "krb5_context context"
-.Fa "krb5_creds *creds"
-.Fa "krb5_principal client"
-.Fa "const char *password"
-.Fa "krb5_prompter_fct prompter"
-.Fa "void *prompter_data"
-.Fa "krb5_deltat start_time"
-.Fa "const char *in_tkt_service"
-.Fa "krb5_get_init_creds_opt *in_options"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_init_creds_keytab
-.Fa "krb5_context context"
-.Fa "krb5_creds *creds"
-.Fa "krb5_principal client"
-.Fa "krb5_keytab keytab"
-.Fa "krb5_deltat start_time"
-.Fa "const char *in_tkt_service"
-.Fa "krb5_get_init_creds_opt *options"
-.Fc
-.Ft int
-.Fo krb5_prompter_posix
-.Fa "krb5_context context"
-.Fa "void *data"
-.Fa "const char *name"
-.Fa "const char *banner"
-.Fa "int num_prompts"
-.Fa "krb5_prompt prompts[]"
-.Fc
-.Sh DESCRIPTION
-Getting initial credential ticket for a principal.
-That may include changing an expired password, and doing preauthentication.
-This interface that replaces the deprecated
-.Fa krb5_in_tkt
-and 
-.Fa krb5_in_cred
-functions.
-.Pp
-If you only want to verify a username and password, consider using
-.Xr krb5_verify_user 3
-instead, since it also verifies that initial credentials with using a
-keytab to make sure the response was from the KDC.
-.Pp
-First a
-.Li krb5_get_init_creds_opt
-structure is initialized
-with
-.Fn krb5_get_init_creds_opt_alloc
-or
-.Fn krb5_get_init_creds_opt_init .
-.Fn krb5_get_init_creds_opt_alloc
-allocates a extendible structures that needs to be freed with
-.Fn krb5_get_init_creds_opt_free .
-The structure may be modified by any of the
-.Fn krb5_get_init_creds_opt_set
-functions to change request parameters and authentication information.
-.Pp
-If the caller want to use the default options,
-.Dv NULL
-can be passed instead.
-.Pp
-The the actual request to the KDC is done by any of the
-.Fn krb5_get_init_creds ,
-.Fn krb5_get_init_creds_password ,
-or
-.Fn krb5_get_init_creds_keytab
-functions.
-.Fn krb5_get_init_creds
-is the least specialized function and can, with the right in data,
-behave like the latter two.
-The latter two are there for compatibility with older releases and
-they are slightly easier to use.
-.Pp
-.Li krb5_prompt
-is a structure containing the following elements:
-.Bd -literal
-typedef struct {
-    const char *prompt;
-    int hidden;
-    krb5_data *reply;
-    krb5_prompt_type type
-} krb5_prompt;
-.Ed
-.Pp
-.Fa prompt
-is the prompt that should shown to the user
-If
-.Fa hidden
-is set, the prompter function shouldn't echo the output to the display
-device.
-.Fa reply
-must be preallocated; it will not be allocated by the prompter
-function.
-Possible values for the
-.Fa type
-element are:
-.Pp
-.Bl -tag -width Ds -compact -offset indent
-.It KRB5_PROMPT_TYPE_PASSWORD
-.It KRB5_PROMPT_TYPE_NEW_PASSWORD
-.It KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN
-.It KRB5_PROMPT_TYPE_PREAUTH
-.It KRB5_PROMPT_TYPE_INFO
-.El
-.Pp
-.Fn krb5_prompter_posix
-is the default prompter function in a POSIX environment.
-It matches the
-.Fa krb5_prompter_fct
-and can be used in the
-.Fa krb5_get_init_creds
-functions.
-.Fn krb5_prompter_posix
-doesn't require
-.Fa prompter_data.
-.Pp
-If the
-.Fa start_time
-is zero, then the requested ticket will be valid
-beginning immediately.
-Otherwise, the
-.Fa start_time
-indicates how far in the future the ticket should be postdated.
-.Pp
-If the
-.Fa in_tkt_service
-name is
-.Dv non-NULL ,
-that principal name will be
-used as the server name for the initial ticket request.
-The realm of the name specified will be ignored and will be set to the
-realm of the client name.
-If no in_tkt_service name is specified,
-krbtgt/CLIENT-REALM@CLIENT-REALM will be used.
-.Pp
-For the rest of arguments, a configuration or library default will be
-used if no value is specified in the options structure.
-.Pp
-.Fn krb5_get_init_creds_opt_set_address_list
-sets the list of
-.Fa addresses
-that is should be stored in the ticket.
-.Pp
-.Fn krb5_get_init_creds_opt_set_addressless
-controls if the ticket is requested with addresses or not,
-.Fn krb5_get_init_creds_opt_set_address_list
-overrides this option.
-.Pp
-.Fn krb5_get_init_creds_opt_set_anonymous
-make the request anonymous if the
-.Fa anonymous
-parameter is non-zero.
-.Pp
-.Fn krb5_get_init_creds_opt_set_default_flags
-sets the default flags using the configuration file.
-.Pp
-.Fn krb5_get_init_creds_opt_set_etype_list
-set a list of enctypes that the client is willing to support in the
-request.
-.Pp
-.Fn krb5_get_init_creds_opt_set_forwardable
-request a forwardable ticket.
-.Pp
-.Fn krb5_get_init_creds_opt_set_pa_password
-set the
-.Fa password
-and
-.Fa key_proc
-that is going to be used to get a new ticket.
-.Fa password
-or
-.Fa key_proc
-can be
-.Dv NULL
-if the caller wants to use the default values.
-If the
-.Fa password
-is unset and needed, the user will be prompted for it.
-.Pp
-.Fn krb5_get_init_creds_opt_set_paq_request
-sets the password that is going to be used to get a new ticket.
-.Pp
-.Fn krb5_get_init_creds_opt_set_preauth_list
-sets the list of client-supported preauth types.
-.Pp
-.Fn krb5_get_init_creds_opt_set_proxiable
-makes the request proxiable.
-.Pp
-.Fn krb5_get_init_creds_opt_set_renew_life
-sets the requested renewable lifetime.
-.Pp
-.Fn krb5_get_init_creds_opt_set_salt
-sets the salt that is going to be used in the request.
-.Pp
-.Fn krb5_get_init_creds_opt_set_tkt_life
-sets requested ticket lifetime.
-.Pp
-.Fn krb5_get_init_creds_opt_set_canonicalize
-requests that the KDC canonicalize the client pricipal if possible.
-.Pp
-.Fn krb5_get_init_creds_opt_set_win2k
-turns on compatibility with Windows 2000.
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5_creds 3 ,
-.Xr krb5_verify_user 3 ,
-.Xr krb5.conf 5 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_get_krbhst.3 b/crypto/heimdal/lib/krb5/krb5_get_krbhst.3
deleted file mode 100644
index d613a0d6df11..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_get_krbhst.3
+++ /dev/null
@@ -1,86 +0,0 @@
-.\" Copyright (c) 2001 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_get_krbhst.3 14905 2005-04-24 07:46:59Z lha $
-.\"
-.Dd April 24, 2005
-.Dt KRB5_GET_KRBHST 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_get_krbhst ,
-.Nm krb5_get_krb_admin_hst ,
-.Nm krb5_get_krb_changepw_hst ,
-.Nm krb5_get_krb524hst ,
-.Nm krb5_free_krbhst
-.Nd lookup Kerberos KDC hosts
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fn krb5_get_krbhst "krb5_context context" "const krb5_realm *realm" "char ***hostlist"
-.Ft krb5_error_code
-.Fn krb5_get_krb_admin_hst "krb5_context context" "const krb5_realm *realm" "char ***hostlist"
-.Ft krb5_error_code
-.Fn krb5_get_krb_changepw_hst "krb5_context context" "const krb5_realm *realm" "char ***hostlist"
-.Ft krb5_error_code
-.Fn krb5_get_krb524hst "krb5_context context" "const krb5_realm *realm" "char ***hostlist"
-.Ft krb5_error_code
-.Fn krb5_free_krbhst "krb5_context context" "char **hostlist"
-.Sh DESCRIPTION
-These functions implement the old API to get a list of Kerberos hosts,
-and are thus similar to the
-.Fn krb5_krbhst_init
-functions. However, since these functions returns
-.Em all
-hosts in one go, they potentially have to do more lookups than
-necessary. These functions remain for compatibility reasons.
-.Pp
-After a call to one of these functions,
-.Fa hostlist
-is a
-.Dv NULL
-terminated list of strings, pointing to the requested Kerberos hosts. These should be freed with
-.Fn krb5_free_krbhst
-when done with.
-.Sh EXAMPLES
-The following code will print the KDCs of the realm
-.Dq MY.REALM .
-.Bd -literal -offset indent
-char **hosts, **p;
-krb5_get_krbhst(context, "MY.REALM", &hosts);
-for(p = hosts; *p; p++)
-    printf("%s\\n", *p);
-krb5_free_krbhst(context, hosts);
-.Ed
-.\" .Sh BUGS
-.Sh SEE ALSO
-.Xr krb5_krbhst_init 3
diff --git a/crypto/heimdal/lib/krb5/krb5_getportbyname.3 b/crypto/heimdal/lib/krb5/krb5_getportbyname.3
deleted file mode 100644
index 143606090031..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_getportbyname.3
+++ /dev/null
@@ -1,67 +0,0 @@
-.\" Copyright (c) 2004 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_getportbyname.3 22071 2007-11-14 20:04:50Z lha $
-.\"
-.Dd August 15, 2004
-.Dt NAME 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_getportbyname
-.Nd get port number by name
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft int
-.Fo krb5_getportbyname
-.Fa "krb5_context context"
-.Fa "const char *service"
-.Fa "const char *proto"
-.Fa "int default_port"
-.Fc
-.Sh DESCRIPTION
-.Fn krb5_getportbyname
-gets the port number for
-.Fa service /
-.Fa proto
-pair from the global service table for and returns it in network order.
-If it isn't found in the global table, the
-.Fa default_port
-(given in host order)
-is returned.
-.Sh EXAMPLE
-.Bd -literal
-int port = krb5_getportbyname(context, "kerberos", "tcp", 88);
-.Ed
-.\" .Sh BUGS
-.Sh SEE ALSO
-.Xr krb5 3
diff --git a/crypto/heimdal/lib/krb5/krb5_init_context.3 b/crypto/heimdal/lib/krb5/krb5_init_context.3
deleted file mode 100644
index cf9d69698501..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_init_context.3
+++ /dev/null
@@ -1,308 +0,0 @@
-.\" Copyright (c) 2001 - 2004 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_init_context.3 19980 2007-01-17 18:06:33Z lha $
-.\"
-.Dd December  8, 2004
-.Dt KRB5_CONTEXT 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_add_et_list ,
-.Nm krb5_add_extra_addresses ,
-.Nm krb5_add_ignore_addresses ,
-.Nm krb5_context ,
-.Nm krb5_free_config_files ,
-.Nm krb5_free_context ,
-.Nm krb5_get_default_config_files ,
-.Nm krb5_get_dns_canonize_hostname ,
-.Nm krb5_get_extra_addresses ,
-.Nm krb5_get_fcache_version ,
-.Nm krb5_get_ignore_addresses ,
-.Nm krb5_get_kdc_sec_offset ,
-.Nm krb5_get_max_time_skew ,
-.Nm krb5_get_use_admin_kdc
-.Nm krb5_init_context ,
-.Nm krb5_init_ets ,
-.Nm krb5_prepend_config_files ,
-.Nm krb5_prepend_config_files_default ,
-.Nm krb5_set_config_files ,
-.Nm krb5_set_dns_canonize_hostname ,
-.Nm krb5_set_extra_addresses ,
-.Nm krb5_set_fcache_version ,
-.Nm krb5_set_ignore_addresses ,
-.Nm krb5_set_max_time_skew ,
-.Nm krb5_set_use_admin_kdc ,
-.Nd create, modify and delete krb5_context structures
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Li "struct krb5_context;"
-.Pp
-.Ft krb5_error_code
-.Fo krb5_init_context
-.Fa "krb5_context *context"
-.Fc
-.Ft void
-.Fo krb5_free_context
-.Fa "krb5_context context"
-.Fc
-.Ft void
-.Fo krb5_init_ets
-.Fa "krb5_context context"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_add_et_list
-.Fa "krb5_context context"
-.Fa "void (*func)(struct et_list **)"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_add_extra_addresses
-.Fa "krb5_context context"
-.Fa "krb5_addresses *addresses"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_set_extra_addresses
-.Fa "krb5_context context"
-.Fa "const krb5_addresses *addresses"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_extra_addresses
-.Fa "krb5_context context"
-.Fa "krb5_addresses *addresses"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_add_ignore_addresses
-.Fa "krb5_context context"
-.Fa "krb5_addresses *addresses"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_set_ignore_addresses
-.Fa "krb5_context context"
-.Fa "const krb5_addresses *addresses"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_ignore_addresses
-.Fa "krb5_context context"
-.Fa "krb5_addresses *addresses"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_set_fcache_version
-.Fa "krb5_context context"
-.Fa "int version"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_fcache_version
-.Fa "krb5_context context"
-.Fa "int *version"
-.Fc
-.Ft void
-.Fo krb5_set_dns_canonize_hostname
-.Fa "krb5_context context"
-.Fa "krb5_boolean flag"
-.Fc
-.Ft krb5_boolean
-.Fo krb5_get_dns_canonize_hostname
-.Fa "krb5_context context"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_kdc_sec_offset
-.Fa "krb5_context context"
-.Fa "int32_t *sec"
-.Fa "int32_t *usec"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_set_config_files
-.Fa "krb5_context context"
-.Fa "char **filenames"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_prepend_config_files
-.Fa "const char *filelist"
-.Fa "char **pq"
-.Fa "char ***ret_pp"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_prepend_config_files_default
-.Fa "const char *filelist"
-.Fa "char ***pfilenames"
-.Fc
-.Ft krb5_error_code 
-.Fo krb5_get_default_config_files
-.Fa "char ***pfilenames"
-.Fc
-.Ft void
-.Fo krb5_free_config_files
-.Fa "char **filenames"
-.Fc
-.Ft void
-.Fo krb5_set_use_admin_kdc
-.Fa "krb5_context context"
-.Fa "krb5_boolean flag"
-.Fc
-.Ft krb5_boolean
-.Fo krb5_get_use_admin_kdc
-.Fa "krb5_context context"
-.Fc
-.Ft time_t
-.Fo krb5_get_max_time_skew
-.Fa "krb5_context context"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_set_max_time_skew
-.Fa "krb5_context context"
-.Fa "time_t time"
-.Fc
-.Sh DESCRIPTION
-The
-.Fn krb5_init_context
-function initializes the
-.Fa context
-structure and reads the configuration file
-.Pa /etc/krb5.conf .
-.Pp
-The structure should be freed by calling
-.Fn krb5_free_context
-when it is no longer being used.
-.Pp
-.Fn krb5_init_context
-returns 0 to indicate success.
-Otherwise an errno code is returned.
-Failure means either that something bad happened during initialization
-(typically
-.Bq ENOMEM )
-or that Kerberos should not be used
-.Bq ENXIO .
-.Pp
-.Fn krb5_init_ets
-adds all
-.Xr com_err 3
-libs to
-.Fa context .
-This is done by
-.Fn krb5_init_context .
-.Pp
-.Fn krb5_add_et_list 
-adds a
-.Xr com_err 3
-error-code handler
-.Fa func
-to the specified
-.Fa context .
-The error handler must generated by the the re-rentrant version of the
-.Xr compile_et 3
-program.
-.Fn krb5_add_extra_addresses
-add a list of addresses that should be added when requesting tickets.
-.Pp
-.Fn krb5_add_ignore_addresses
-add a list of addresses that should be ignored when requesting tickets.
-.Pp
-.Fn krb5_get_extra_addresses
-get the list of addresses that should be added when requesting tickets.
-.Pp
-.Fn krb5_get_ignore_addresses
-get the list of addresses that should be ignored when requesting tickets.
-.Pp
-.Fn krb5_set_ignore_addresses
-set the list of addresses that should be ignored when requesting tickets.
-.Pp
-.Fn krb5_set_extra_addresses
-set the list of addresses that should be added when requesting tickets.
-.Pp
-.Fn krb5_set_fcache_version
-sets the version of file credentials caches that should be used.
-.Pp
-.Fn krb5_get_fcache_version
-gets the version of file credentials caches that should be used.
-.Pp
-.Fn krb5_set_dns_canonize_hostname
-sets if the context is configured to canonicalize hostnames using DNS.
-.Pp
-.Fn krb5_get_dns_canonize_hostname
-returns if the context is configured to canonicalize hostnames using DNS.
-.Pp
-.Fn krb5_get_kdc_sec_offset
-returns the offset between the localtime and the KDC's time.
-.Fa sec
-and
-.Fa usec
-are both optional argument and
-.Dv NULL
-can be passed in.
-.Pp
-.Fn krb5_set_config_files
-set the list of configuration files to use and re-initialize the
-configuration from the files.
-.Pp
-.Fn krb5_prepend_config_files
-parse the 
-.Fa filelist
-and prepend the result to the already existing list
-.Fa pq
-The result is returned in
-.Fa ret_pp
-and should be freed with
-.Fn krb5_free_config_files .
-.Pp
-.Fn krb5_prepend_config_files_default
-parse the 
-.Fa filelist
-and append that to the default
-list of configuration files.
-.Pp
-.Fn krb5_get_default_config_files
-get a list of default configuration files.
-.Pp
-.Fn krb5_free_config_files
-free a list of configuration files returned by
-.Fn krb5_get_default_config_files ,
-.Fn krb5_prepend_config_files_default ,
-or
-.Fn krb5_prepend_config_files .
-.Pp
-.Fn krb5_set_use_admin_kdc
-sets if all KDC requests should go admin KDC.
-.Pp
-.Fn krb5_get_use_admin_kdc
-gets if all KDC requests should go admin KDC.
-.Pp
-.Fn krb5_get_max_time_skew
-and
-.Fn krb5_set_max_time_skew
-get and sets the maximum allowed time skew between client and server.
-.Sh SEE ALSO
-.Xr errno 2 ,
-.Xr krb5 3 ,
-.Xr krb5_config 3 ,
-.Xr krb5_context 3 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_is_thread_safe.3 b/crypto/heimdal/lib/krb5/krb5_is_thread_safe.3
deleted file mode 100644
index 9f0a919d3571..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_is_thread_safe.3
+++ /dev/null
@@ -1,58 +0,0 @@
-.\" Copyright (c) 2005 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_is_thread_safe.3 17462 2006-05-05 13:18:39Z lha $
-.\"
-.Dd May  5, 2006
-.Dt KRB5_IS_THREAD_SAFE 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_is_thread_safe
-.Nd "is the Kerberos library compiled with multithread support"
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_boolean
-.Fn krb5_is_thread_safe "void"
-.Sh DESCRIPTION
-.Nm
-returns
-.Dv TRUE
-if the library was compiled with with multithread support.
-If the library isn't compiled, the consumer have to use a global lock
-to make sure Kerboros functions are not called at the same time by
-diffrent threads.
-.\" .Sh EXAMPLE
-.\" .Sh BUGS
-.Sh SEE ALSO
-.Xr krb5_create_checksum 3 ,
-.Xr krb5_encrypt 3
diff --git a/crypto/heimdal/lib/krb5/krb5_keyblock.3 b/crypto/heimdal/lib/krb5/krb5_keyblock.3
deleted file mode 100644
index 9fabd32a0d01..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_keyblock.3
+++ /dev/null
@@ -1,218 +0,0 @@
-.\" Copyright (c) 2003 - 2004 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_keyblock.3 17385 2006-05-01 08:48:55Z lha $
-.\"
-.Dd May  1, 2006
-.Dt KRB5_KEYBLOCK 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_keyblock ,
-.Nm krb5_keyblock_get_enctype ,
-.Nm krb5_copy_keyblock ,
-.Nm krb5_copy_keyblock_contents ,
-.Nm krb5_free_keyblock ,
-.Nm krb5_free_keyblock_contents ,
-.Nm krb5_generate_random_keyblock ,
-.Nm krb5_generate_subkey ,
-.Nm krb5_generate_subkey_extended ,
-.Nm krb5_keyblock_init ,
-.Nm krb5_keyblock_zero ,
-.Nm krb5_random_to_key
-.Nd Kerberos 5 key handling functions
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Li krb5_keyblock ;
-.Ft krb5_enctype
-.Fo krb5_keyblock_get_enctype
-.Fa "const krb5_keyblock *block"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_copy_keyblock
-.Fa "krb5_context context"
-.Fa "krb5_keyblock **to"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_copy_keyblock_contents
-.Fa "krb5_context context"
-.Fa "const krb5_keyblock *inblock"
-.Fa "krb5_keyblock *to"
-.Fc
-.Ft void
-.Fo krb5_free_keyblock
-.Fa "krb5_context context"
-.Fa "krb5_keyblock *keyblock"
-.Fc
-.Ft void
-.Fo krb5_free_keyblock_contents
-.Fa "krb5_context context"
-.Fa "krb5_keyblock *keyblock"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_generate_random_keyblock
-.Fa "krb5_context context"
-.Fa "krb5_enctype type"
-.Fa "krb5_keyblock *key"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_generate_subkey
-.Fa "krb5_context context"
-.Fa "const krb5_keyblock *key"
-.Fa "krb5_keyblock **subkey"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_generate_subkey_extended
-.Fa "krb5_context context"
-.Fa "const krb5_keyblock *key"
-.Fa "krb5_enctype enctype"
-.Fa "krb5_keyblock **subkey"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_keyblock_init
-.Fa "krb5_context context"
-.Fa "krb5_enctype type"
-.Fa "const void *data"
-.Fa "size_t size"
-.Fa "krb5_keyblock *key"
-.Fc
-.Ft void
-.Fo krb5_keyblock_zero
-.Fa "krb5_keyblock *keyblock"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_random_to_key
-.Fa "krb5_context context"
-.Fa "krb5_enctype type"
-.Fa "const void *data"
-.Fa "size_t size"
-.Fa "krb5_keyblock *key"
-.Fc
-.Sh DESCRIPTION
-.Li krb5_keyblock
-holds the encryption key for a specific encryption type.
-There is no component inside
-.Li krb5_keyblock
-that is directly referable.
-.Pp
-.Fn krb5_keyblock_get_enctype
-returns the encryption type of the keyblock.
-.Pp
-.Fn krb5_copy_keyblock
-makes a copy the keyblock
-.Fa inblock
-to the
-output
-.Fa out .
-.Fa out
-should be freed by the caller with
-.Fa krb5_free_keyblock .
-.Pp
-.Fn krb5_copy_keyblock_contents
-copies the contents of
-.Fa inblock
-to the
-.Fa to
-keyblock.
-The destination keyblock is overritten.
-.Pp
-.Fn krb5_free_keyblock
-zeros out and frees the content and the keyblock itself.
-.Pp
-.Fn krb5_free_keyblock_contents
-zeros out and frees the content of the keyblock.
-.Pp
-.Fn krb5_generate_random_keyblock
-creates a new content of the keyblock
-.Fa key
-of type encrytion type
-.Fa type .
-The content of
-.Fa key
-is overwritten and not freed, so the caller should be sure it is
-freed before calling the function.
-.Pp
-.Fn krb5_generate_subkey
-generates a
-.Fa subkey
-of the same type as
-.Fa key .
-The caller must free the subkey with
-.Fa krb5_free_keyblock .
-.Pp
-.Fn krb5_generate_subkey_extended
-generates a
-.Fa subkey
-of the specified encryption type
-.Fa type .
-If
-.Fa type
-is
-.Dv ETYPE_NULL ,
-of the same type as
-.Fa key .
-The caller must free the subkey with
-.Fa krb5_free_keyblock .
-.Pp
-.Fn krb5_keyblock_init
-Fill in
-.Fa key
-with key data of type
-.Fa enctype
-from 
-.Fa data
-of length
-.Fa size .
-Key should be freed using
-.Fn krb5_free_keyblock_contents .
-.Pp
-.Fn krb5_keyblock_zero
-zeros out the keyblock to to make sure no keymaterial is in
-memory.
-Note that
-.Fn krb5_free_keyblock_contents
-also zeros out the memory.
-.Pp
-.Fn krb5_random_to_key
-converts the random bytestring to a protocol key according to Kerberos
-crypto frame work.
-It the resulting key will be of type
-.Fa enctype .
-It may be assumed that all the bits of the input string are equally
-random, even though the entropy present in the random source may be
-limited
-.\" .Sh EXAMPLES
-.Sh SEE ALSO
-.Xr krb5_crypto_init 3 ,
-.Xr krb5 3 ,
-.Xr krb5.conf 5
diff --git a/crypto/heimdal/lib/krb5/krb5_keytab.3 b/crypto/heimdal/lib/krb5/krb5_keytab.3
deleted file mode 100644
index b6cb1a26cc00..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_keytab.3
+++ /dev/null
@@ -1,482 +0,0 @@
-.\" Copyright (c) 2001 - 2005 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_keytab.3 22071 2007-11-14 20:04:50Z lha $
-.\"
-.Dd August 12, 2005
-.Dt KRB5_KEYTAB 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_kt_ops ,
-.Nm krb5_keytab_entry ,
-.Nm krb5_kt_cursor ,
-.Nm krb5_kt_add_entry ,
-.Nm krb5_kt_close ,
-.Nm krb5_kt_compare ,
-.Nm krb5_kt_copy_entry_contents ,
-.Nm krb5_kt_default ,
-.Nm krb5_kt_default_modify_name ,
-.Nm krb5_kt_default_name ,
-.Nm krb5_kt_end_seq_get ,
-.Nm krb5_kt_free_entry ,
-.Nm krb5_kt_get_entry ,
-.Nm krb5_kt_get_name ,
-.Nm krb5_kt_get_type ,
-.Nm krb5_kt_next_entry ,
-.Nm krb5_kt_read_service_key ,
-.Nm krb5_kt_register ,
-.Nm krb5_kt_remove_entry ,
-.Nm krb5_kt_resolve ,
-.Nm krb5_kt_start_seq_get
-.Nd manage keytab (key storage) files
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Ft krb5_error_code
-.Fo krb5_kt_add_entry
-.Fa "krb5_context context"
-.Fa "krb5_keytab id"
-.Fa "krb5_keytab_entry *entry"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_close
-.Fa "krb5_context context"
-.Fa "krb5_keytab id"
-.Fc
-.Ft krb5_boolean
-.Fo krb5_kt_compare
-.Fa "krb5_context context"
-.Fa "krb5_keytab_entry *entry"
-.Fa "krb5_const_principal principal"
-.Fa "krb5_kvno vno"
-.Fa "krb5_enctype enctype"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_copy_entry_contents
-.Fa "krb5_context context"
-.Fa "const krb5_keytab_entry *in"
-.Fa "krb5_keytab_entry *out"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_default
-.Fa "krb5_context context"
-.Fa "krb5_keytab *id"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_default_modify_name
-.Fa "krb5_context context"
-.Fa "char *name"
-.Fa "size_t namesize"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_default_name
-.Fa "krb5_context context"
-.Fa "char *name"
-.Fa "size_t namesize"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_end_seq_get
-.Fa "krb5_context context"
-.Fa "krb5_keytab id"
-.Fa "krb5_kt_cursor *cursor"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_free_entry
-.Fa "krb5_context context"
-.Fa "krb5_keytab_entry *entry"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_get_entry
-.Fa "krb5_context context"
-.Fa "krb5_keytab id"
-.Fa "krb5_const_principal principal"
-.Fa "krb5_kvno kvno"
-.Fa "krb5_enctype enctype"
-.Fa "krb5_keytab_entry *entry"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_get_name
-.Fa "krb5_context context"
-.Fa "krb5_keytab keytab"
-.Fa "char *name"
-.Fa "size_t namesize"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_get_type
-.Fa "krb5_context context"
-.Fa "krb5_keytab keytab"
-.Fa "char *prefix"
-.Fa "size_t prefixsize"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_next_entry
-.Fa "krb5_context context"
-.Fa "krb5_keytab id"
-.Fa "krb5_keytab_entry *entry"
-.Fa "krb5_kt_cursor *cursor"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_read_service_key
-.Fa "krb5_context context"
-.Fa "krb5_pointer keyprocarg"
-.Fa "krb5_principal principal"
-.Fa "krb5_kvno vno"
-.Fa "krb5_enctype enctype"
-.Fa "krb5_keyblock **key"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_register
-.Fa "krb5_context context"
-.Fa "const krb5_kt_ops *ops"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_remove_entry
-.Fa "krb5_context context"
-.Fa "krb5_keytab id"
-.Fa "krb5_keytab_entry *entry"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_resolve
-.Fa "krb5_context context"
-.Fa "const char *name"
-.Fa "krb5_keytab *id"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_start_seq_get
-.Fa "krb5_context context"
-.Fa "krb5_keytab id"
-.Fa "krb5_kt_cursor *cursor"
-.Fc
-.Sh DESCRIPTION
-A keytab name is on the form
-.Li type:residual .
-The
-.Li residual
-part is specific to each keytab-type.
-.Pp
-When a keytab-name is resolved, the type is matched with an internal
-list of keytab types. If there is no matching keytab type,
-the default keytab is used. The current default type is
-.Nm file .
-The default value can be changed in the configuration file
-.Pa /etc/krb5.conf
-by setting the variable
-.Li [defaults]default_keytab_name .
-.Pp
-The keytab types that are implemented in Heimdal
-are:
-.Bl -tag -width Ds
-.It Nm file
-store the keytab in a file, the type's name is
-.Li FILE .
-The residual part is a filename.
-For compatibility with other Kerberos implemtation
-.Li WRFILE
-and
-.LI JAVA14
-is also accepted.
-.Li WRFILE
-has the same format as
-.Li FILE .
-.Li JAVA14
-have a format that is compatible with older versions of MIT kerberos
-and SUN's Java based installation.  They store a truncted kvno, so
-when the knvo excess 255, they are truncted in this format.
-.It Nm keyfile
-store the keytab in a
-.Li AFS
-keyfile (usually
-.Pa /usr/afs/etc/KeyFile ) ,
-the type's name is
-.Li AFSKEYFILE .
-The residual part is a filename.
-.It Nm krb4
-the keytab is a Kerberos 4
-.Pa srvtab
-that is on-the-fly converted to a keytab. The type's name is
-.Li krb4 .
-The residual part is a filename.
-.It Nm memory
-The keytab is stored in a memory segment. This allows sensitive and/or
-temporary data not to be stored on disk. The type's name is
-.Li MEMORY .
-Each
-.Li MEMORY
-keytab is referenced counted by and opened by the residual name, so two
-handles can point to the same memory area.
-When the last user closes the entry, it disappears.
-.El
-.Pp
-.Nm krb5_keytab_entry
-holds all data for an entry in a keytab file, like principal name,
-key-type, key, key-version number, etc.
-.Nm krb5_kt_cursor
-holds the current position that is used when iterating through a
-keytab entry with
-.Fn krb5_kt_start_seq_get ,
-.Fn krb5_kt_next_entry ,
-and
-.Fn krb5_kt_end_seq_get .
-.Pp
-.Nm krb5_kt_ops
-contains the different operations that can be done to a keytab. This
-structure is normally only used when doing a new keytab-type
-implementation.
-.Pp
-.Fn krb5_kt_resolve
-is the equivalent of an
-.Xr open 2
-on keytab. Resolve the keytab name in
-.Fa name
-into a keytab in
-.Fa id .
-Returns 0 or an error. The opposite of
-.Fn krb5_kt_resolve
-is
-.Fn krb5_kt_close .
-.Pp
-.Fn krb5_kt_close
-frees all resources allocated to the keytab, even on failure.
-Returns 0 or an error.
-.Pp
-.Fn krb5_kt_default
-sets the argument
-.Fa id
-to the default keytab.
-Returns 0 or an error.
-.Pp
-.Fn krb5_kt_default_modify_name
-copies the name of the default modify keytab into
-.Fa name .
-Return 0 or KRB5_CONFIG_NOTENUFSPACE if
-.Fa namesize
-is too short.
-.Pp
-.Fn krb5_kt_default_name
-copies the name of the default keytab into
-.Fa name .
-Return 0 or KRB5_CONFIG_NOTENUFSPACE if
-.Fa namesize
-is too short.
-.Pp
-.Fn krb5_kt_add_entry
-adds a new
-.Fa entry
-to the keytab
-.Fa id .
-.Li KRB5_KT_NOWRITE
-is returned if the keytab is a readonly keytab.
-.Pp
-.Fn krb5_kt_compare
-compares the passed in
-.Fa entry
-against
-.Fa principal ,
-.Fa vno ,
-and
-.Fa enctype .
-Any of
-.Fa principal ,
-.Fa vno
-or
-.Fa enctype
-might be 0 which acts as a wildcard. Return TRUE if they compare the
-same, FALSE otherwise.
-.Pp
-.Fn krb5_kt_copy_entry_contents
-copies the contents of
-.Fa in
-into
-.Fa out .
-Returns 0 or an error.
-.Pp
-.Fn krb5_kt_get_name
-retrieves the name of the keytab
-.Fa keytab
-into
-.Fa name ,
-.Fa namesize .
-Returns 0 or an error.
-.Pp
-.Fn krb5_kt_get_type
-retrieves the type of the keytab
-.Fa keytab
-and store the prefix/name for type of the keytab into
-.Fa prefix ,
-.Fa prefixsize .
-The prefix will have the maximum length of
-.Dv KRB5_KT_PREFIX_MAX_LEN
-(including terminating
-.Dv NUL ) .
-Returns 0 or an error.
-.Pp
-.Fn krb5_kt_free_entry
-frees the contents of
-.Fa entry .
-.Pp
-.Fn krb5_kt_start_seq_get
-sets
-.Fa cursor
-to point at the beginning of
-.Fa id .
-Returns 0 or an error.
-.Pp
-.Fn krb5_kt_next_entry
-gets the next entry from
-.Fa id
-pointed to by
-.Fa cursor
-and advance the
-.Fa cursor .
-On success the returne entry must be freed with
-.Fn krb5_kt_free_entry .
-Returns 0 or an error.
-.Pp
-.Fn krb5_kt_end_seq_get
-releases all resources associated with
-.Fa cursor .
-.Pp
-.Fn krb5_kt_get_entry
-retrieves the keytab entry for
-.Fa principal ,
-.Fa kvno ,
-.Fa enctype
-into
-.Fa entry
-from the keytab
-.Fa id .
-When comparing an entry in the keytab to determine a match, the
-function
-.Fn krb5_kt_compare
-is used, so the wildcard rules applies to the argument of
-.F krb5_kt_get_entry
-too.
-On success the returne entry must be freed with
-.Fn krb5_kt_free_entry .
-Returns 0 or an error.
-.Pp
-.Fn krb5_kt_read_service_key
-reads the key identified by
-.Fa ( principal ,
-.Fa vno ,
-.Fa enctype )
-from the keytab in
-.Fa keyprocarg
-(the system default keytab if 
-.Dv NULL
-is used) into
-.Fa *key .
-.Fa keyprocarg
-is the same argument as to
-.Fa name
-argument to
-.Fn krb5_kt_resolve .
-Internal
-.Fn krb5_kt_compare
-will be used, so the same wildcard rules applies
-to
-.Fn krb5_kt_read_service_key .
-On success the returned key must be freed with
-.Fa krb5_free_keyblock .
-Returns 0 or an error.
-.Pp
-.Fn krb5_kt_remove_entry
-removes the entry
-.Fa entry
-from the keytab
-.Fa id .
-When comparing an entry in the keytab to determine a match, the
-function
-.Fn krb5_kt_compare
-is use, so the wildcard rules applies to the argument of
-.Fn krb5_kt_remove_entry .
-Returns 0, 
-.Dv KRB5_KT_NOTFOUND
-if not entry matched or another error.
-.Pp
-.Fn krb5_kt_register
-registers a new keytab type
-.Fa ops .
-Returns 0 or an error.
-.Sh EXAMPLES
-This is a minimalistic version of
-.Nm ktutil .
-.Pp
-.Bd -literal
-int
-main (int argc, char **argv)
-{
-    krb5_context context;
-    krb5_keytab keytab;
-    krb5_kt_cursor cursor;
-    krb5_keytab_entry entry;
-    krb5_error_code ret;
-    char *principal;
-
-    if (krb5_init_context (&context) != 0)
-	errx(1, "krb5_context");
-
-    ret = krb5_kt_default (context, &keytab);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_kt_default");
-
-    ret = krb5_kt_start_seq_get(context, keytab, &cursor);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_kt_start_seq_get");
-    while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0){
-	krb5_unparse_name_short(context, entry.principal, &principal);
-	printf("principal: %s\\n", principal);
-	free(principal);
-	krb5_kt_free_entry(context, &entry);
-    }
-    ret = krb5_kt_end_seq_get(context, keytab, &cursor);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_kt_end_seq_get");
-    ret = krb5_kt_close(context, keytab);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_kt_close");
-    krb5_free_context(context);
-    return 0;
-}
-.Ed
-.Sh COMPATIBILITY
-Heimdal stored the ticket flags in machine bit-field order before
-Heimdal 0.7.  The behavior is possible to change in with the option
-.Li [libdefaults]fcc-mit-ticketflags .
-Heimdal 0.7 also code to detech that ticket flags was in the wrong
-order and correct them.  This matters when doing delegation in GSS-API
-because the client code looks at the flag to determin if it is possible
-to do delegation if the user requested it.
-.Sh SEE ALSO
-.Xr krb5.conf 5 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_krbhst_init.3 b/crypto/heimdal/lib/krb5/krb5_krbhst_init.3
deleted file mode 100644
index 1d906bfafc0b..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_krbhst_init.3
+++ /dev/null
@@ -1,174 +0,0 @@
-.\" Copyright (c) 2001-2005 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_krbhst_init.3 15110 2005-05-10 09:21:06Z lha $
-.\"
-.Dd May 10, 2005
-.Dt KRB5_KRBHST_INIT 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_krbhst_init ,
-.Nm krb5_krbhst_init_flags ,
-.Nm krb5_krbhst_next ,
-.Nm krb5_krbhst_next_as_string ,
-.Nm krb5_krbhst_reset ,
-.Nm krb5_krbhst_free ,
-.Nm krb5_krbhst_format_string ,
-.Nm krb5_krbhst_get_addrinfo
-.Nd lookup Kerberos KDC hosts
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fn krb5_krbhst_init "krb5_context context" "const char *realm" "unsigned int type" "krb5_krbhst_handle *handle"
-.Ft krb5_error_code
-.Fn krb5_krbhst_init_flags "krb5_context context" "const char *realm" "unsigned int type" "int flags" "krb5_krbhst_handle *handle"
-.Ft krb5_error_code
-.Fn "krb5_krbhst_next" "krb5_context context" "krb5_krbhst_handle handle" "krb5_krbhst_info **host"
-.Ft krb5_error_code
-.Fn krb5_krbhst_next_as_string "krb5_context context" "krb5_krbhst_handle handle" "char *hostname" "size_t hostlen"
-.Ft void
-.Fn krb5_krbhst_reset "krb5_context context" "krb5_krbhst_handle handle"
-.Ft void
-.Fn krb5_krbhst_free "krb5_context context" "krb5_krbhst_handle handle"
-.Ft krb5_error_code
-.Fn krb5_krbhst_format_string "krb5_context context" "const krb5_krbhst_info *host" "char *hostname" "size_t hostlen"
-.Ft krb5_error_code
-.Fn krb5_krbhst_get_addrinfo "krb5_context context" "krb5_krbhst_info *host" "struct addrinfo **ai"
-.Sh DESCRIPTION
-These functions are used to sequence through all Kerberos hosts of a
-particular realm and service. The service type can be the KDCs, the
-administrative servers, the password changing servers, or the servers
-for Kerberos 4 ticket conversion.
-.Pp
-First a handle to a particular service is obtained by calling
-.Fn krb5_krbhst_init
-(or
-.Fn krb5_krbhst_init_flags )
-with the
-.Fa realm
-of interest and the type of service to lookup. The
-.Fa type
-can be one of:
-.Pp
-.Bl -tag -width Ds -compact -offset indent
-.It KRB5_KRBHST_KDC
-.It KRB5_KRBHST_ADMIN
-.It KRB5_KRBHST_CHANGEPW
-.It KRB5_KRBHST_KRB524
-.El
-.Pp
-The
-.Fa handle
-is returned to the caller, and should be passed to the other
-functions.
-.Pp
-The
-.Fa flag
-argument to
-.Nm krb5_krbhst_init_flags
-is the same flags as
-.Fn krb5_send_to_kdc_flags
-uses.
-Possible values are:
-.Pp
-.Bl -tag -width KRB5_KRBHST_FLAGS_LARGE_MSG -compact -offset indent
-.It KRB5_KRBHST_FLAGS_MASTER
-only talk to master (readwrite) KDC
-.It KRB5_KRBHST_FLAGS_LARGE_MSG
-this is a large message, so use transport that can handle that.
-.El
-.Pp
-For each call to
-.Fn krb5_krbhst_next
-information on a new host is returned. The former function returns in
-.Fa host
-a pointer to a structure containing information about the host, such
-as protocol, hostname, and port:
-.Bd -literal -offset indent
-typedef struct krb5_krbhst_info {
-    enum { KRB5_KRBHST_UDP,
-	   KRB5_KRBHST_TCP,
-	   KRB5_KRBHST_HTTP } proto;
-    unsigned short port;
-    struct addrinfo *ai;
-    struct krb5_krbhst_info *next;
-    char hostname[1];
-} krb5_krbhst_info;
-.Ed
-.Pp
-The related function,
-.Fn krb5_krbhst_next_as_string ,
-return the same information as a URL-like string.
-.Pp
-When there are no more hosts, these functions return
-.Dv KRB5_KDC_UNREACH .
-.Pp
-To re-iterate over all hosts, call
-.Fn krb5_krbhst_reset
-and the next call to
-.Fn krb5_krbhst_next
-will return the first host.
-.Pp
-When done with the handle,
-.Fn krb5_krbhst_free
-should be called.
-.Pp
-To use a
-.Va krb5_krbhst_info ,
-there are two functions:
-.Fn krb5_krbhst_format_string
-that will return a printable representation of that struct
-and
-.Fn krb5_krbhst_get_addrinfo
-that will return a
-.Va struct addrinfo
-that can then be used for communicating with the server mentioned.
-.Sh EXAMPLES
-The following code will print the KDCs of the realm
-.Dq MY.REALM :
-.Bd -literal -offset indent
-krb5_krbhst_handle handle;
-char host[MAXHOSTNAMELEN];
-krb5_krbhst_init(context, "MY.REALM", KRB5_KRBHST_KDC, &handle);
-while(krb5_krbhst_next_as_string(context, handle,
-				 host, sizeof(host)) == 0)
-    printf("%s\\n", host);
-krb5_krbhst_free(context, handle);
-.Ed
-.\" .Sh BUGS
-.Sh SEE ALSO
-.Xr getaddrinfo 3 ,
-.Xr krb5_get_krbhst 3 ,
-.Xr krb5_send_to_kdc_flags 3
-.Sh HISTORY
-These functions first appeared in Heimdal 0.3g.
diff --git a/crypto/heimdal/lib/krb5/krb5_kuserok.3 b/crypto/heimdal/lib/krb5/krb5_kuserok.3
deleted file mode 100644
index e5e5c9937de3..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_kuserok.3
+++ /dev/null
@@ -1,103 +0,0 @@
-.\" Copyright (c) 2003-2005 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_kuserok.3 15083 2005-05-04 12:11:22Z joda $
-.\"
-.Dd May 4, 2005
-.Dt KRB5_KUSEROK 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_kuserok
-.Nd "checks if a principal is permitted to login as a user"
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_boolean
-.Fo krb5_kuserok
-.Fa "krb5_context context"
-.Fa "krb5_principal principal"
-.Fa "const char *user"
-.Fc
-.Sh DESCRIPTION
-This function takes the name of a local
-.Fa user
-and checks if
-.Fa principal
-is allowed to log in as that user.
-.Pp
-The
-.Fa user
-may have a
-.Pa ~/.k5login
-file listing principals that are allowed to login as that user. If
-that file does not exist, all principals with a first component
-identical to the username, and a realm considered local, are allowed
-access.
-.Pp
-The
-.Pa .k5login
-file must contain one principal per line, be owned by
-.Fa user ,
-and not be writable by group or other (but must be readable by
-anyone).
-.Pp
-Note that if the file exists, no implicit access rights are given to
-.Fa user Ns @ Ns Aq localrealm .
-.Pp
-Optionally, a set of files may be put in 
-.Pa ~/.k5login.d ( Ns
-a directory), in which case they will all be checked in the same
-manner as
-.Pa .k5login .
-The files may be called anything, but files starting with a hash
-.Dq ( # ) ,
-or ending with a tilde
-.Dq ( ~ )
-are ignored. Subdirectories are not traversed. Note that this
-directory may not be checked by other implementations.
-.Sh RETURN VALUES
-.Nm
-returns
-.Dv TRUE
-if access should be granted,
-.Dv FALSE
-otherwise.
-.Sh HISTORY
-The
-.Pa ~/.k5login.d
-feature appeared in Heimdal 0.7.
-.Sh SEE ALSO
-.Xr krb5_get_default_realms 3 ,
-.Xr krb5_verify_user 3 ,
-.Xr krb5_verify_user_lrealm 3 ,
-.Xr krb5_verify_user_opt 3 ,
-.Xr krb5.conf 5
diff --git a/crypto/heimdal/lib/krb5/krb5_locl.h b/crypto/heimdal/lib/krb5/krb5_locl.h
deleted file mode 100644
index 8b7c41cc80d9..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_locl.h
+++ /dev/null
@@ -1,267 +0,0 @@
-/*
- * Copyright (c) 1997-2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: krb5_locl.h 22226 2007-12-08 21:31:53Z lha $ */
-
-#ifndef __KRB5_LOCL_H__
-#define __KRB5_LOCL_H__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <errno.h>
-#include <ctype.h>
-#include <string.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <limits.h>
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_MMAN_H
-#include <sys/mman.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-
-#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
-#include <sys/ioctl.h>
-#endif
-#ifdef HAVE_PWD_H
-#undef _POSIX_PTHREAD_SEMANTICS
-/* This gets us the 5-arg getpwnam_r on Solaris 9.  */
-#define _POSIX_PTHREAD_SEMANTICS
-#include <pwd.h>
-#endif
-
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-#include <time.h>
-#ifdef HAVE_SYS_TIME_H
-#include <sys/time.h>
-#endif
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-#ifdef HAVE_NETINET6_IN6_H
-#include <netinet6/in6.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef _AIX
-struct ether_addr;
-struct mbuf;
-struct sockaddr_dl;
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#ifdef HAVE_SYS_UIO_H
-#include <sys/uio.h>
-#endif
-#ifdef HAVE_SYS_FILIO_H
-#include <sys/filio.h>
-#endif
-#ifdef HAVE_SYS_FILE_H
-#include <sys/file.h>
-#endif
-
-#ifdef HAVE_CRYPT_H
-#undef des_encrypt
-#define des_encrypt wingless_pigs_mostly_fail_to_fly
-#include <crypt.h>
-#undef des_encrypt
-#endif
-
-#ifdef HAVE_DOOR_CREATE
-#include <door.h>
-#endif
-
-#include <roken.h>
-#include <parse_time.h>
-#include <base64.h>
-
-#include "crypto-headers.h"
-
-
-#include <krb5_asn1.h>
-
-struct send_to_kdc;
-
-/* XXX glue for pkinit */
-struct krb5_pk_identity;
-struct krb5_pk_cert;
-struct ContentInfo;
-typedef struct krb5_pk_init_ctx_data *krb5_pk_init_ctx;
-struct krb5_dh_moduli;
-
-/* v4 glue */
-struct _krb5_krb_auth_data;
-
-#include <der.h>
-
-#include <krb5.h>
-#include <krb5_err.h>
-#include <asn1_err.h>
-#ifdef PKINIT
-#include <hx509_err.h>
-#endif
-#include <krb5-private.h>
-
-#include "heim_threads.h"
-
-#define ALLOC(X, N) (X) = calloc((N), sizeof(*(X)))
-#define ALLOC_SEQ(X, N) do { (X)->len = (N); ALLOC((X)->val, (N)); } while(0)
-
-/* should this be public? */
-#define KEYTAB_DEFAULT "ANY:FILE:" SYSCONFDIR "/krb5.keytab,krb4:" SYSCONFDIR "/srvtab"
-#define KEYTAB_DEFAULT_MODIFY "FILE:" SYSCONFDIR "/krb5.keytab"
-
-#define MODULI_FILE SYSCONFDIR "/krb5.moduli"
-
-#ifndef O_BINARY
-#define O_BINARY 0
-#endif
-
-#define KRB5_BUFSIZ 1024
-
-typedef enum {
-    KRB5_INIT_CREDS_TRISTATE_UNSET = 0,
-    KRB5_INIT_CREDS_TRISTATE_TRUE,
-    KRB5_INIT_CREDS_TRISTATE_FALSE
-} krb5_get_init_creds_tristate;
-
-struct _krb5_get_init_creds_opt_private {
-    int refcount;
-    /* ENC_TIMESTAMP */
-    const char *password;
-    krb5_s2k_proc key_proc;
-    /* PA_PAC_REQUEST */
-    krb5_get_init_creds_tristate req_pac;
-    /* PKINIT */
-    krb5_pk_init_ctx pk_init_ctx;
-    KRB_ERROR *error;
-    krb5_get_init_creds_tristate addressless;
-    int flags;
-#define KRB5_INIT_CREDS_CANONICALIZE		1
-#define KRB5_INIT_CREDS_NO_C_CANON_CHECK	2
-};
-
-typedef struct krb5_context_data {
-    krb5_enctype *etypes;
-    krb5_enctype *etypes_des;
-    char **default_realms;
-    time_t max_skew;
-    time_t kdc_timeout;
-    unsigned max_retries;
-    int32_t kdc_sec_offset;
-    int32_t kdc_usec_offset;
-    krb5_config_section *cf;
-    struct et_list *et_list;
-    struct krb5_log_facility *warn_dest;
-    krb5_cc_ops *cc_ops;
-    int num_cc_ops;
-    const char *http_proxy;
-    const char *time_fmt;
-    krb5_boolean log_utc;
-    const char *default_keytab;
-    const char *default_keytab_modify;
-    krb5_boolean use_admin_kdc;
-    krb5_addresses *extra_addresses;
-    krb5_boolean scan_interfaces;	/* `ifconfig -a' */
-    krb5_boolean srv_lookup;		/* do SRV lookups */
-    krb5_boolean srv_try_txt;		/* try TXT records also */
-    int32_t fcache_vno;			/* create cache files w/ this
-                                           version */
-    int num_kt_types;			/* # of registered keytab types */
-    struct krb5_keytab_data *kt_types;  /* registered keytab types */
-    const char *date_fmt;
-    char *error_string;
-    char error_buf[256];
-    krb5_addresses *ignore_addresses;
-    char *default_cc_name;
-    char *default_cc_name_env;
-    int default_cc_name_set;
-    void *mutex;			/* protects error_string/error_buf */
-    int large_msg_size;
-    int flags;
-#define KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME	1
-#define KRB5_CTX_F_CHECK_PAC			2
-    struct send_to_kdc *send_to_kdc;
-} krb5_context_data;
-
-#define KRB5_DEFAULT_CCNAME_FILE "FILE:/tmp/krb5cc_%{uid}"
-#define KRB5_DEFAULT_CCNAME_API "API:"
-#define KRB5_DEFAULT_CCNAME_KCM "KCM:%{uid}"
-
-#define EXTRACT_TICKET_ALLOW_CNAME_MISMATCH		1
-#define EXTRACT_TICKET_ALLOW_SERVER_MISMATCH		2
-#define EXTRACT_TICKET_MATCH_REALM			4
-
-/*
- * Configurable options
- */
-
-#ifndef KRB5_DEFAULT_CCTYPE
-#ifdef __APPLE__
-#define KRB5_DEFAULT_CCTYPE (&krb5_acc_ops)
-#else
-#define KRB5_DEFAULT_CCTYPE (&krb5_fcc_ops)
-#endif
-#endif
-
-#ifndef KRB5_ADDRESSLESS_DEFAULT
-#define KRB5_ADDRESSLESS_DEFAULT TRUE
-#endif
-
-#endif /* __KRB5_LOCL_H__ */
diff --git a/crypto/heimdal/lib/krb5/krb5_mk_req.3 b/crypto/heimdal/lib/krb5/krb5_mk_req.3
deleted file mode 100644
index e37d8e7e975f..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_mk_req.3
+++ /dev/null
@@ -1,187 +0,0 @@
-.\" Copyright (c) 2005 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_mk_req.3 16100 2005-09-26 05:38:55Z lha $
-.\"
-.Dd August 27, 2005
-.Dt KRB5_MK_REQ 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_mk_req ,
-.Nm krb5_mk_req_exact ,
-.Nm krb5_mk_req_extended ,
-.Nm krb5_rd_req ,
-.Nm krb5_rd_req_with_keyblock ,
-.Nm krb5_mk_rep ,
-.Nm krb5_mk_rep_exact ,
-.Nm krb5_mk_rep_extended ,
-.Nm krb5_rd_rep ,
-.Nm krb5_build_ap_req ,
-.Nm krb5_verify_ap_req
-.Nd create and read application authentication request
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fo krb5_mk_req
-.Fa "krb5_context context"
-.Fa "krb5_auth_context *auth_context"
-.Fa "const krb5_flags ap_req_options"
-.Fa "const char *service"
-.Fa "const char *hostname"
-.Fa "krb5_data *in_data"
-.Fa "krb5_ccache ccache"
-.Fa "krb5_data *outbuf"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_mk_req_extended
-.Fa "krb5_context context"
-.Fa "krb5_auth_context *auth_context"
-.Fa "const krb5_flags ap_req_options"
-.Fa "krb5_data *in_data"
-.Fa "krb5_creds *in_creds"
-.Fa "krb5_data *outbuf"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_rd_req
-.Fa "krb5_context context"
-.Fa "krb5_auth_context *auth_context"
-.Fa "const krb5_data *inbuf"
-.Fa "krb5_const_principal server"
-.Fa "krb5_keytab keytab"
-.Fa "krb5_flags *ap_req_options"
-.Fa "krb5_ticket **ticket"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_build_ap_req
-.Fa "krb5_context context"
-.Fa "krb5_enctype enctype"
-.Fa "krb5_creds *cred"
-.Fa "krb5_flags ap_options"
-.Fa "krb5_data authenticator"
-.Fa "krb5_data *retdata"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_verify_ap_req
-.Fa "krb5_context context"
-.Fa "krb5_auth_context *auth_context"
-.Fa "krb5_ap_req *ap_req"
-.Fa "krb5_const_principal server"
-.Fa "krb5_keyblock *keyblock"
-.Fa "krb5_flags flags"
-.Fa "krb5_flags *ap_req_options"
-.Fa "krb5_ticket **ticket"
-.Fc
-.Sh DESCRIPTION
-The functions documented in this manual page document the functions
-that facilitates the exchange between a Kerberos client and server.
-They are the core functions used in the authentication exchange
-between the client and the server.
-.Pp
-The
-.Nm krb5_mk_req
-and
-.Nm krb5_mk_req_extended
-creates the Kerberos message
-.Dv KRB_AP_REQ
-that is sent from the client to the server as the first packet in a client/server exchange.  The result that should be sent to server is stored in
-.Fa outbuf .
-.Pp
-.Fa auth_context
-should be allocated with
-.Fn krb5_auth_con_init
-or
-.Dv NULL
-passed in, in that case, it will be allocated and freed internally.
-.Pp
-The input data 
-.Fa in_data
-will have a checksum calculated over it and checksum will be
-transported in the message to the server.
-.Pp
-.Fa ap_req_options
-can be set to one or more of the following flags:
-.Pp
-.Bl -tag -width indent
-.It Dv AP_OPTS_USE_SESSION_KEY
-Use the session key when creating the request, used for user to user
-authentication.
-.It Dv AP_OPTS_MUTUAL_REQUIRED
-Mark the request as mutual authenticate required so that the receiver
-returns a mutual authentication packet.
-.El
-.Pp
-The
-.Nm krb5_rd_req
-read the AP_REQ in
-.Fa inbuf
-and verify and extract the content.
-If
-.Fa server
-is specified, that server will be fetched from the
-.Fa keytab
-and used unconditionally.
-If
-.Fa server
-is
-.Dv NULL ,
-the
-.Fa keytab
-will be search for a matching principal.
-.Pp
-The
-.Fa keytab
-argument specifies what keytab to search for receiving principals.
-The arguments
-.Fa ap_req_options
-and
-.Fa ticket
-returns the content.
-.Pp
-When the AS-REQ is a user to user request, neither of
-.Fa keytab
-or
-.Fa principal
-are used, instead
-.Fn krb5_rd_req
-expects the session key to be set in
-.Fa auth_context .
-.Pp
-The
-.Nm krb5_verify_ap_req
-and
-.Nm krb5_build_ap_req
-both constructs and verify the AP_REQ message, should not be used by
-external code.
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5.conf 5
diff --git a/crypto/heimdal/lib/krb5/krb5_mk_safe.3 b/crypto/heimdal/lib/krb5/krb5_mk_safe.3
deleted file mode 100644
index 25b65411f80b..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_mk_safe.3
+++ /dev/null
@@ -1,82 +0,0 @@
-.\" Copyright (c) 2003 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_mk_safe.3 17385 2006-05-01 08:48:55Z lha $
-.\"
-.Dd May  1, 2006
-.Dt KRB5_MK_SAFE 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_mk_safe ,
-.Nm krb5_mk_priv
-.Nd generates integrity protected and/or encrypted messages
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Ft krb5_error_code
-.Fn krb5_mk_priv "krb5_context context" "krb5_auth_context auth_context" "const krb5_data *userdata" "krb5_data *outbuf" "krb5_replay_data *outdata"
-.Ft krb5_error_code
-.Fn krb5_mk_safe "krb5_context context" "krb5_auth_context auth_context" "const krb5_data *userdata" "krb5_data *outbuf" "krb5_replay_data *outdata"
-.Sh DESCRIPTION
-.Fn krb5_mk_safe
-and
-.Fn krb5_mk_priv
-formats
-.Li KRB-SAFE
-(integrity protected)
-and
-.Li KRB-PRIV
-(also encrypted)
-messages into
-.Fa outbuf .
-The actual message data is taken from
-.Fa userdata .
-If the
-.Dv KRB5_AUTH_CONTEXT_DO_SEQUENCE
-or
-.Dv KRB5_AUTH_CONTEXT_DO_TIME
-flags are set in the
-.Fa auth_context ,
-sequence numbers and time stamps are generated.
-If the
-.Dv KRB5_AUTH_CONTEXT_RET_SEQUENCE
-or
-.Dv KRB5_AUTH_CONTEXT_RET_TIME
-flags are set
-they are also returned in the
-.Fa outdata
-parameter.
-.Sh SEE ALSO
-.Xr krb5_auth_con_init 3 ,
-.Xr krb5_rd_priv 3 ,
-.Xr krb5_rd_safe 3
diff --git a/crypto/heimdal/lib/krb5/krb5_openlog.3 b/crypto/heimdal/lib/krb5/krb5_openlog.3
deleted file mode 100644
index 4acad4175ae8..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_openlog.3
+++ /dev/null
@@ -1,242 +0,0 @@
-.\" Copyright (c) 1997, 1999, 2001 - 2002 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_openlog.3 12329 2003-05-26 14:09:04Z lha $
-.Dd August 6, 1997
-.Dt KRB5_OPENLOG 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_initlog ,
-.Nm krb5_openlog ,
-.Nm krb5_closelog ,
-.Nm krb5_addlog_dest ,
-.Nm krb5_addlog_func ,
-.Nm krb5_log ,
-.Nm krb5_vlog ,
-.Nm krb5_log_msg ,
-.Nm krb5_vlog_msg
-.Nd Heimdal logging functions
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft "typedef void"
-.Fn "\*(lp*krb5_log_log_func_t\*(rp" "const char *time" "const char *message" "void *data"
-.Ft "typedef void"
-.Fn "\*(lp*krb5_log_close_func_t\*(rp" "void *data"
-.Ft krb5_error_code
-.Fn krb5_addlog_dest "krb5_context context" "krb5_log_facility *facility" "const char *destination"
-.Ft krb5_error_code
-.Fn krb5_addlog_func "krb5_context context" "krb5_log_facility *facility" "int min" "int max" "krb5_log_log_func_t log" "krb5_log_close_func_t close" "void *data"
-.Ft krb5_error_code
-.Fn krb5_closelog "krb5_context context" "krb5_log_facility *facility"
-.Ft krb5_error_code
-.Fn krb5_initlog "krb5_context context" "const char *program" "krb5_log_facility **facility"
-.Ft krb5_error_code
-.Fn krb5_log "krb5_context context" "krb5_log_facility *facility" "int level" "const char *format" "..."
-.Ft krb5_error_code
-.Fn krb5_log_msg "krb5_context context" "krb5_log_facility *facility" "char **reply" "int level" "const char *format" "..."
-.Ft krb5_error_code
-.Fn krb5_openlog "krb5_context context" "const char *program" "krb5_log_facility **facility"
-.Ft krb5_error_code
-.Fn krb5_vlog "krb5_context context" "krb5_log_facility *facility" "int level" "const char *format" "va_list arglist"
-.Ft krb5_error_code
-.Fn krb5_vlog_msg "krb5_context context" "krb5_log_facility *facility" "char **reply" "int level" "const char *format" "va_list arglist"
-.Sh DESCRIPTION
-These functions logs messages to one or more destinations.
-.Pp
-The
-.Fn krb5_openlog
-function creates a logging
-.Fa facility ,
-that is used to log messages. A facility consists of one or more
-destinations (which can be files or syslog or some other device). The
-.Fa program
-parameter should be the generic name of the program that is doing the
-logging. This name is used to lookup which destinations to use. This
-information is contained in the
-.Li logging
-section of the
-.Pa krb5.conf
-configuration file.  If no entry is found for
-.Fa program ,
-the entry for
-.Li default
-is used, or if that is missing too,
-.Li SYSLOG
-will be used as destination.
-.Pp
-To close a logging facility, use the
-.Fn krb5_closelog
-function.
-.Pp
-To log a message to a facility use one of the functions
-.Fn krb5_log ,
-.Fn krb5_log_msg ,
-.Fn krb5_vlog ,
-or
-.Fn krb5_vlog_msg .
-The functions ending in
-.Li _msg
-return in
-.Fa reply
-a pointer to the message that just got logged. This string is allocated,
-and should be freed with
-.Fn free .
-The
-.Fa format
-is a standard
-.Fn printf
-style format string (but see the BUGS section).
-.Pp
-If you want better control of where things gets logged, you can instead of using
-.Fn krb5_openlog
-call
-.Fn krb5_initlog ,
-which just initializes a facility, but doesn't define any actual logging
-destinations. You can then add destinations with the
-.Fn krb5_addlog_dest
-and
-.Fn krb5_addlog_func
-functions.  The first of these takes a string specifying a logging
-destination, and adds this to the facility. If you want to do some
-non-standard logging you can use the
-.Fn krb5_addlog_func
-function, which takes a function to use when logging.
-The
-.Fa log
-function is called for each message with
-.Fa time
-being a string specifying the current time, and
-.Fa message
-the message to log.
-.Fa close
-is called when the facility is closed. You can pass application specific data in the
-.Fa data
-parameter. The
-.Fa min
-and
-.Fa max
-parameter are the same as in a destination (defined below). To specify a
-max of infinity, pass -1.
-.Pp
-.Fn krb5_openlog
-calls
-.Fn krb5_initlog
-and then calls
-.Fn krb5_addlog_dest
-for each destination found.
-.Ss Destinations
-The defined destinations (as specified in
-.Pa krb5.conf )
-follows:
-.Bl -tag -width "xxx" -offset indent
-.It Li STDERR
-This logs to the program's stderr.
-.It Li FILE: Ns Pa /file
-.It Li FILE= Ns Pa /file
-Log to the specified file. The form using a colon appends to the file, the
-form with an equal truncates the file. The truncating form keeps the file
-open, while the appending form closes it after each log message (which
-makes it possible to rotate logs). The truncating form is mainly for
-compatibility with the MIT libkrb5.
-.It Li DEVICE= Ns Pa /device
-This logs to the specified device, at present this is the same as
-.Li FILE:/device .
-.It Li CONSOLE
-Log to the console, this is the same as
-.Li DEVICE=/dev/console .
-.It Li SYSLOG Ns Op :priority Ns Op :facility
-Send messages to the syslog system, using priority, and facility. To
-get the name for one of these, you take the name of the macro passed
-to
-.Xr syslog 3 ,
-and remove the leading
-.Li LOG_
-.No ( Li LOG_NOTICE
-becomes
-.Li NOTICE ) .
-The default values (as well as the values used for unrecognised
-values), are
-.Li ERR ,
-and
-.Li AUTH ,
-respectively.  See
-.Xr syslog 3
-for a list of priorities and facilities.
-.El
-.Pp
-Each destination may optionally be prepended with a range of logging
-levels, specified as
-.Li min-max/ .
-If the
-.Fa level
-parameter to
-.Fn krb5_log
-is within this range (inclusive) the message gets logged to this
-destination, otherwise not. Either of the min and max valued may be
-omitted, in this case min is assumed to be zero, and max is assumed to be
-infinity.  If you don't include a dash, both min and max gets set to the
-specified value. If no range is specified, all messages gets logged.
-.Sh EXAMPLES
-.Bd -literal -offset indent
-[logging]
-	kdc = 0/FILE:/var/log/kdc.log
-	kdc = 1-/SYSLOG:INFO:USER
-	default = STDERR
-.Ed
-.Pp
-This will log all messages from the
-.Nm kdc
-program with level 0 to
-.Pa /var/log/kdc.log ,
-other messages will be logged to syslog with priority
-.Li LOG_INFO ,
-and facility
-.Li LOG_USER .
-All other programs will log all messages to their stderr.
-.Sh SEE ALSO
-.Xr syslog 3 ,
-.Xr krb5.conf 5
-.Sh BUGS
-These functions use
-.Fn asprintf
-to format the message. If your operating system does not have a working
-.Fn asprintf ,
-a replacement will be used. At present this replacement does not handle
-some correct conversion specifications (like floating point numbers). Until
-this is fixed, the use of these conversions should be avoided.
-.Pp
-If logging is done to the syslog facility, these functions might not be
-thread-safe, depending on the implementation of
-.Fn openlog ,
-and
-.Fn syslog .
diff --git a/crypto/heimdal/lib/krb5/krb5_parse_name.3 b/crypto/heimdal/lib/krb5/krb5_parse_name.3
deleted file mode 100644
index e876ee3cb0b3..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_parse_name.3
+++ /dev/null
@@ -1,68 +0,0 @@
-.\" Copyright (c) 1997 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_parse_name.3 17385 2006-05-01 08:48:55Z lha $
-.\"
-.Dd May  1, 2006
-.Dt KRB5_PARSE_NAME 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_parse_name
-.Nd string to principal conversion
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fn krb5_parse_name "krb5_context context" "const char *name" "krb5_principal *principal"
-.Sh DESCRIPTION
-.Fn krb5_parse_name
-converts a string representation of a principal name to
-.Nm krb5_principal .
-The
-.Fa principal
-will point to allocated data that should be freed with
-.Fn krb5_free_principal .
-.Pp
-The string should consist of one or more name components separated with slashes
-.Pq Dq / ,
-optionally followed with an
-.Dq @
-and a realm name. A slash or @ may be contained in a name component by
-quoting it with a backslash
-.Pq Dq \e .
-A realm should not contain slashes or colons.
-.Sh SEE ALSO
-.Xr krb5_425_conv_principal 3 ,
-.Xr krb5_build_principal 3 ,
-.Xr krb5_free_principal 3 ,
-.Xr krb5_sname_to_principal 3 ,
-.Xr krb5_unparse_name 3
diff --git a/crypto/heimdal/lib/krb5/krb5_principal.3 b/crypto/heimdal/lib/krb5/krb5_principal.3
deleted file mode 100644
index 1b0c2da32a97..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_principal.3
+++ /dev/null
@@ -1,384 +0,0 @@
-.\" Copyright (c) 2003 - 2007 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_principal.3 21255 2007-06-21 04:36:31Z lha $
-.\"
-.Dd May  1, 2006
-.Dt KRB5_PRINCIPAL 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_get_default_principal ,
-.Nm krb5_principal ,
-.Nm krb5_build_principal ,
-.Nm krb5_build_principal_ext ,
-.Nm krb5_build_principal_va ,
-.Nm krb5_build_principal_va_ext ,
-.Nm krb5_copy_principal ,
-.Nm krb5_free_principal ,
-.Nm krb5_make_principal ,
-.Nm krb5_parse_name ,
-.Nm krb5_parse_name_flags ,
-.Nm krb5_parse_nametype ,
-.Nm krb5_princ_realm ,
-.Nm krb5_princ_set_realm ,
-.Nm krb5_principal_compare ,
-.Nm krb5_principal_compare_any_realm ,
-.Nm krb5_principal_get_comp_string ,
-.Nm krb5_principal_get_realm ,
-.Nm krb5_principal_get_type ,
-.Nm krb5_principal_match ,
-.Nm krb5_principal_set_type ,
-.Nm krb5_realm_compare ,
-.Nm krb5_sname_to_principal ,
-.Nm krb5_sock_to_principal ,
-.Nm krb5_unparse_name ,
-.Nm krb5_unparse_name_flags ,
-.Nm krb5_unparse_name_fixed ,
-.Nm krb5_unparse_name_fixed_flags ,
-.Nm krb5_unparse_name_fixed_short ,
-.Nm krb5_unparse_name_short
-.Nd Kerberos 5 principal handling functions
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Li krb5_principal ;
-.Ft void
-.Fn krb5_free_principal "krb5_context context" "krb5_principal principal"
-.Ft krb5_error_code
-.Fn krb5_parse_name "krb5_context context" "const char *name" "krb5_principal *principal"
-.Ft krb5_error_code
-.Fn krb5_parse_name_flags "krb5_context context" "const char *name" "int flags" "krb5_principal *principal"
-.Ft krb5_error_code
-.Fn "krb5_unparse_name" "krb5_context context" "krb5_const_principal principal" "char **name"
-.Ft krb5_error_code
-.Fn "krb5_unparse_name_flags" "krb5_context context" "krb5_const_principal principal" "int flags" "char **name"
-.Ft krb5_error_code
-.Fn krb5_unparse_name_fixed "krb5_context context" "krb5_const_principal principal" "char *name" "size_t len"
-.Ft krb5_error_code
-.Fn krb5_unparse_name_fixed_flags "krb5_context context" "krb5_const_principal principal" "int flags" "char *name" "size_t len"
-.Ft krb5_error_code
-.Fn "krb5_unparse_name_short" "krb5_context context" "krb5_const_principal principal" "char **name"
-.Ft krb5_error_code
-.Fn krb5_unparse_name_fixed_short "krb5_context context" "krb5_const_principal principal" "char *name" "size_t len"
-.Ft krb5_realm *
-.Fn krb5_princ_realm "krb5_context context" "krb5_principal principal"
-.Ft void
-.Fn krb5_princ_set_realm "krb5_context context" "krb5_principal principal" "krb5_realm *realm"
-.Ft krb5_error_code
-.Fn krb5_build_principal "krb5_context context" "krb5_principal *principal" "int rlen" "krb5_const_realm realm" "..."
-.Ft krb5_error_code
-.Fn krb5_build_principal_va "krb5_context context" "krb5_principal *principal" "int rlen" "krb5_const_realm realm" "va_list ap"
-.Ft krb5_error_code
-.Fn "krb5_build_principal_ext" "krb5_context context" "krb5_principal *principal" "int rlen" "krb5_const_realm realm" "..."
-.Ft krb5_error_code
-.Fn krb5_build_principal_va_ext "krb5_context context" "krb5_principal *principal" "int rlen" "krb5_const_realm realm" "va_list ap"
-.Ft krb5_error_code
-.Fn krb5_make_principal "krb5_context context" "krb5_principal *principal" "krb5_const_realm realm" "..."
-.Ft krb5_error_code
-.Fn krb5_copy_principal "krb5_context context" "krb5_const_principal inprinc" "krb5_principal *outprinc"
-.Ft krb5_boolean
-.Fn krb5_principal_compare "krb5_context context" "krb5_const_principal princ1" "krb5_const_principal princ2"
-.Ft krb5_boolean
-.Fn krb5_principal_compare_any_realm "krb5_context context" "krb5_const_principal princ1" "krb5_const_principal princ2"
-.Ft "const char *"
-.Fn krb5_principal_get_comp_string "krb5_context context" "krb5_const_principal principal" "unsigned int component"
-.Ft "const char *"
-.Fn krb5_principal_get_realm "krb5_context context" "krb5_const_principal principal"
-.Ft int
-.Fn krb5_principal_get_type "krb5_context context" "krb5_const_principal principal"
-.Ft krb5_boolean
-.Fn krb5_principal_match "krb5_context context" "krb5_const_principal principal" "krb5_const_principal pattern"
-.Ft void
-.Fn krb5_principal_set_type "krb5_context context" "krb5_principal principal" "int type"
-.Ft krb5_boolean
-.Fn krb5_realm_compare "krb5_context context" "krb5_const_principal princ1" "krb5_const_principal princ2"
-.Ft krb5_error_code
-.Fn krb5_sname_to_principal  "krb5_context context" "const char *hostname" "const char *sname" "int32_t type" "krb5_principal *ret_princ"
-.Ft krb5_error_code
-.Fn krb5_sock_to_principal "krb5_context context" "int socket" "const char *sname" "int32_t type" "krb5_principal *principal"
-.Ft krb5_error_code
-.Fn krb5_get_default_principal "krb5_context context" "krb5_principal *princ"
-.Ft krb5_error_code
-.Fn krb5_parse_nametype "krb5_context context" "const char *str" "int32_t *type"
-.Sh DESCRIPTION
-.Li krb5_principal
-holds the name of a user or service in Kerberos.
-.Pp
-A principal has two parts, a
-.Li PrincipalName
-and a
-.Li realm .
-The PrincipalName consists of one or more components. In printed form,
-the components are separated by /.
-The PrincipalName also has a name-type.
-.Pp
-Examples of a principal are
-.Li nisse/root@EXAMPLE.COM
-and
-.Li host/datan.kth.se@KTH.SE .
-.Fn krb5_parse_name
-and
-.Fn krb5_parse_name_flags
-passes a principal name in
-.Fa name
-to the kerberos principal structure.
-.Fn krb5_parse_name_flags
-takes an extra
-.Fa flags
-argument the following flags can be passed in
-.Bl -tag -width Ds
-.It Dv KRB5_PRINCIPAL_PARSE_NO_REALM
-requries the input string to be without a realm, and no realm is
-stored in the
-.Fa principal
-return argument.
-.It Dv KRB5_PRINCIPAL_PARSE_MUST_REALM
-requries the input string to with a realm.
-.El
-.Pp
-.Fn krb5_unparse_name
-and
-.Fn krb5_unparse_name_flags
-prints the principal
-.Fa princ
-to the string
-.Fa name .
-.Fa name
-should be freed with
-.Xr free 3 .
-To the 
-.Fa flags
-argument the following flags can be passed in
-.Bl -tag -width Ds
-.It Dv KRB5_PRINCIPAL_UNPARSE_SHORT
-no realm if the realm is one of the local realms.
-.It Dv KRB5_PRINCIPAL_UNPARSE_NO_REALM
-never include any realm in the principal name.
-.It Dv KRB5_PRINCIPAL_UNPARSE_DISPLAY
-don't quote
-.El
-On failure
-.Fa name
-is set to
-.Dv NULL .
-.Fn krb5_unparse_name_fixed
-and
-.Fn krb5_unparse_name_fixed_flags
-behaves just like
-.Fn krb5_unparse ,
-but instead unparses the principal into a fixed size buffer.
-.Pp
-.Fn krb5_unparse_name_short
-just returns the principal without the realm if the principal is
-in the default realm. If the principal isn't, the full name is
-returned.
-.Fn krb5_unparse_name_fixed_short
-works just like
-.Fn krb5_unparse_name_short
-but on a fixed size buffer.
-.Pp
-.Fn krb5_build_principal
-builds a principal from the realm
-.Fa realm
-that has the length
-.Fa rlen .
-The following arguments form the components of the principal.
-The list of components is terminated with
-.Dv NULL .
-.Pp
-.Fn krb5_build_principal_va
-works like
-.Fn krb5_build_principal
-using vargs.
-.Pp
-.Fn krb5_build_principal_ext
-and
-.Fn krb5_build_principal_va_ext
-take a list of length-value pairs, the list is terminated with a zero
-length.
-.Pp
-.Fn krb5_make_principal
-works the same way as
-.Fn krb5_build_principal ,
-except it figures out the length of the realm itself.
-.Pp
-.Fn krb5_copy_principal
-makes a copy of a principal.
-The copy needs to be freed with
-.Fn krb5_free_principal .
-.Pp
-.Fn krb5_principal_compare
-compares the two principals, including realm of the principals and returns
-.Dv TRUE
-if they are the same and
-.Dv FALSE
-if not.
-.Pp
-.Fn krb5_principal_compare_any_realm
-works the same way as
-.Fn krb5_principal_compare
-but doesn't compare the realm component of the principal.
-.Pp
-.Fn krb5_realm_compare
-compares the realms of the two principals and returns
-.Dv TRUE
-is they are the same, and
-.Dv FALSE
-if not.
-.Pp
-.Fn krb5_principal_match
-matches a
-.Fa principal
-against a
-.Fa pattern .
-The pattern is a globbing expression, where each component (separated
-by /) is matched against the corresponding component of the principal.
-.Pp
-The
-.Fn krb5_principal_get_realm
-and
-.Fn krb5_principal_get_comp_string
-functions return parts of the
-.Fa principal ,
-either the realm or a specific component.
-Both functions return string pointers to data inside the principal, so
-they are valid only as long as the principal exists.
-.Pp
-The
-.Fa component
-argument to
-.Fn krb5_principal_get_comp_string
-is the index of the component to return, from zero to the total number of
-components minus one. If the index is out of range
-.Dv NULL
-is returned.
-.Pp
-.Fn krb5_principal_get_realm
-and
-.Fn krb5_principal_get_comp_string
-are replacements for
-.Fn krb5_princ_realm ,
-.Fn krb5_princ_component
-and related macros, described as internal in the MIT API
-specification.
-Unlike the macros, these functions return strings, not
-.Dv krb5_data .
-A reason to return
-.Dv krb5_data
-was that it was believed that principal components could contain
-binary data, but this belief was unfounded, and it has been decided
-that principal components are infact UTF8, so it's safe to use zero
-terminated strings.
-.Pp
-It's generally not necessary to look at the components of a principal.
-.Pp
-.Fn krb5_principal_get_type
-and
-.Fn krb5_principal_set_type
-get and sets the name type for a principal.
-Name type handling is tricky and not often needed,
-don't use this unless you know what you do.
-.Pp
-.Fn krb5_princ_realm
-returns the realm component of the principal.
-The caller must not free realm unless
-.Fn krb5_princ_set_realm
-is called to set a new realm after freeing the realm.
-.Fn krb5_princ_set_realm
-sets the realm component of a principal. The old realm is not freed.
-.Pp
-.Fn krb5_sname_to_principal
-and
-.Fn krb5_sock_to_principal
-are for easy creation of
-.Dq service
-principals that can, for instance, be used to lookup a key in a keytab.
-For both functions the
-.Fa sname
-parameter will be used for the first component of the created principal.
-If
-.Fa sname
-is
-.Dv NULL ,
-.Dq host
-will be used instead.
-.Pp
-.Fn krb5_sname_to_principal
-will use the passed
-.Fa hostname
-for the second component.
-If
-.Fa type
-is
-.Dv KRB5_NT_SRV_HST
-this name will be looked up with
-.Fn gethostbyname .
-If
-.Fa hostname
-is
-.Dv NULL ,
-the local hostname will be used.
-.Pp
-.Fn krb5_sock_to_principal
-will use the
-.Dq sockname
-of the passed
-.Fa socket ,
-which should be a bound
-.Dv AF_INET
-or
-.Dv AF_INET6
-socket.
-There must be a mapping between the address and
-.Dq sockname .
-The function may try to resolve the name in DNS.
-.Pp
-.Fn krb5_get_default_principal
-tries to find out what's a reasonable default principal by looking at
-the environment it is running in.
-.Pp
-.Fn krb5_parse_nametype
-parses and returns the name type integer value in
-.Fa type .
-On failure the function returns an error code and set the error
-string.
-.\" .Sh EXAMPLES
-.Sh SEE ALSO
-.Xr krb5_425_conv_principal 3 ,
-.Xr krb5_config 3 ,
-.Xr krb5.conf 5
-.Sh BUGS
-You can not have a NUL in a component in some of the variable argument
-functions above.
-Until someone can give a good example of where it would be a good idea
-to have NUL's in a component, this will not be fixed.
diff --git a/crypto/heimdal/lib/krb5/krb5_principal_get_realm.3 b/crypto/heimdal/lib/krb5/krb5_principal_get_realm.3
deleted file mode 100644
index 1ece7986adc7..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_principal_get_realm.3
+++ /dev/null
@@ -1,81 +0,0 @@
-.\" Copyright (c) 2001 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\"
-.\" $Id: krb5_principal_get_realm.3,v 1.6 2003/04/16 13:58:17 lha Exp $
-.\"
-.Dd June 20, 2001
-.Dt KRB5_PRINCIPAL_GET_REALM 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_principal_get_realm ,
-.Nm krb5_principal_get_comp_string
-.Nd decompose a principal
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft "const char *"
-.Fn krb5_principal_get_realm "krb5_context context" "krb5_principal principal"
-.Ft "const char *"
-.Fn krb5_principal_get_comp_string "krb5_context context" "krb5_principal principal" "unsigned int component"
-.Sh DESCRIPTION
-These functions return parts of the
-.Fa principal ,
-either the realm or a specific component. The returned string points
-to data inside the principal, so they are valid only as long as the
-principal exists.
-.Pp
-The
-.Fa component
-argument to
-.Fn krb5_principal_get_comp_string
-is the component number to return, from zero to the total number of
-components minus one. If a the requested component number is out of range,
-.Dv NULL
-is returned.
-.Pp
-These functions can be seen as a replacement for the
-.Fn krb5_princ_realm ,
-.Fn krb5_princ_component
-and related macros, described as intermal in the MIT API
-specification. A difference is that these functions return strings,
-not
-.Dv krb5_data .
-A reason to return
-.Dv krb5_data
-was that it was believed that principal components could contain
-binary data, but this belief was unfounded, and it has been decided
-that principal components are infact UTF8, so it's safe to use zero
-terminated strings.
-.Pp
-It's generally not necessary to look at the components of a principal.
-.Sh SEE ALSO
-.Xr krb5_unparse_name 3
diff --git a/crypto/heimdal/lib/krb5/krb5_rcache.3 b/crypto/heimdal/lib/krb5/krb5_rcache.3
deleted file mode 100644
index 0b7e83aa0717..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_rcache.3
+++ /dev/null
@@ -1,163 +0,0 @@
-.\" Copyright (c) 2004 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_rcache.3 17462 2006-05-05 13:18:39Z lha $
-.\"
-.Dd May  1, 2006
-.Dt KRB5_RCACHE 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_rcache ,
-.Nm krb5_rc_close ,
-.Nm krb5_rc_default ,
-.Nm krb5_rc_default_name ,
-.Nm krb5_rc_default_type ,
-.Nm krb5_rc_destroy ,
-.Nm krb5_rc_expunge ,
-.Nm krb5_rc_get_lifespan ,
-.Nm krb5_rc_get_name ,
-.Nm krb5_rc_get_type ,
-.Nm krb5_rc_initialize ,
-.Nm krb5_rc_recover ,
-.Nm krb5_rc_resolve ,
-.Nm krb5_rc_resolve_full ,
-.Nm krb5_rc_resolve_type ,
-.Nm krb5_rc_store ,
-.Nm krb5_get_server_rcache
-.Nd Kerberos 5 replay cache
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Li "struct krb5_rcache;"
-.Pp
-.Ft krb5_error_code
-.Fo krb5_rc_close
-.Fa "krb5_context context"
-.Fa "krb5_rcache id"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_rc_default
-.Fa "krb5_context context"
-.Fa "krb5_rcache *id"
-.Fc
-.Ft "const char *"
-.Fo krb5_rc_default_name
-.Fa "krb5_context context"
-.Fc
-.Ft "const char *"
-.Fo krb5_rc_default_type
-.Fa "krb5_context context"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_rc_destroy
-.Fa "krb5_context context"
-.Fa "krb5_rcache id"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_rc_expunge
-.Fa "krb5_context context"
-.Fa "krb5_rcache id"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_rc_get_lifespan
-.Fa "krb5_context context"
-.Fa "krb5_rcache id"
-.Fa "krb5_deltat *auth_lifespan"
-.Fc
-.Ft "const char*"
-.Fo krb5_rc_get_name
-.Fa "krb5_context context"
-.Fa "krb5_rcache id"
-.Fc
-.Ft "const char*"
-.Fo "krb5_rc_get_type"
-.Fa "krb5_context context"
-.Fa "krb5_rcache id"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_rc_initialize
-.Fa "krb5_context context"
-.Fa "krb5_rcache id"
-.Fa "krb5_deltat auth_lifespan"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_rc_recover
-.Fa "krb5_context context"
-.Fa "krb5_rcache id"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_rc_resolve
-.Fa "krb5_context context"
-.Fa "krb5_rcache id"
-.Fa "const char *name"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_rc_resolve_full
-.Fa "krb5_context context"
-.Fa "krb5_rcache *id"
-.Fa "const char *string_name"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_rc_resolve_type
-.Fa "krb5_context context"
-.Fa "krb5_rcache *id"
-.Fa "const char *type"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_rc_store
-.Fa "krb5_context context"
-.Fa "krb5_rcache id"
-.Fa "krb5_donot_replay *rep"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_server_rcache
-.Fa "krb5_context context"
-.Fa "const krb5_data *piece"
-.Fa "krb5_rcache *id"
-.Fc
-.Sh DESCRIPTION
-The
-.Li krb5_rcache
-structure holds a storage element that is used for data manipulation.
-The structure contains no public accessible elements.
-.Pp
-.Fn krb5_rc_initialize
-Creates the reply cache
-.Fa id
-and sets it lifespan to
-.Fa auth_lifespan .
-If the cache already exists, the content is destroyed.
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5_data 3 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_rd_error.3 b/crypto/heimdal/lib/krb5/krb5_rd_error.3
deleted file mode 100644
index 00203cdae240..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_rd_error.3
+++ /dev/null
@@ -1,98 +0,0 @@
-.\" Copyright (c) 2004 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_rd_error.3 21059 2007-06-12 17:52:46Z lha $
-.\"
-.Dd July 26, 2004
-.Dt KRB5_RD_ERROR 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_rd_error ,
-.Nm krb5_free_error ,
-.Nm krb5_free_error_contents ,
-.Nm krb5_error_from_rd_error
-.Nd parse, free and read error from KRB-ERROR message
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fo krb5_rd_error
-.Fa "krb5_context context"
-.Fa "const krb5_data *msg"
-.Fa "KRB_ERROR *result"
-.Fc
-.Ft void
-.Fo krb5_free_error
-.Fa "krb5_context context"
-.Fa "krb5_error *error"
-.Fc
-.Ft void
-.Fo krb5_free_error_contents
-.Fa "krb5_context context"
-.Fa "krb5_error *error"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_error_from_rd_error
-.Fa "krb5_context context"
-.Fa "const krb5_error *error"
-.Fa "const krb5_creds *creds"
-.Fc
-.Sh DESCRIPTION
-Usually applications never needs to parse and understand Kerberos
-error messages since higher level functions will parse and push up the
-error in the krb5_context.
-These functions are described for completeness.
-.Pp
-.Fn krb5_rd_error
-parses and returns the kerboeros error message, the structure should be freed with
-.Fn krb5_free_error_contents
-when the caller is done with the structure.
-.Pp
-.Fn krb5_free_error
-frees the content and the memory region holding the structure iself.
-.Pp
-.Fn krb5_free_error_contents
-free the content of the KRB-ERROR message.
-.Pp
-.Fn krb5_error_from_rd_error
-will parse the error message and set the error buffer in krb5_context
-to the error string passed back or the matching error code in the
-KRB-ERROR message.
-Caller should pick up the message with
-.Fn krb5_get_error_string 3
-(don't forget to free the returned string with
-.Fn krb5_free_error_string ) .
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5_set_error_string 3 ,
-.Xr krb5_get_error_string 3 ,
-.Xr krb5.conf 5
diff --git a/crypto/heimdal/lib/krb5/krb5_rd_safe.3 b/crypto/heimdal/lib/krb5/krb5_rd_safe.3
deleted file mode 100644
index d024ae48e206..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_rd_safe.3
+++ /dev/null
@@ -1,81 +0,0 @@
-.\" Copyright (c) 2003 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_rd_safe.3 17385 2006-05-01 08:48:55Z lha $
-.\"
-.Dd May  1, 2006
-.Dt KRB5_RD_SAFE 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_rd_safe ,
-.Nm krb5_rd_priv
-.Nd verifies authenticity of messages
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Ft krb5_error_code
-.Fn krb5_rd_priv "krb5_context context" "krb5_auth_context auth_context" "const krb5_data *inbuf" "krb5_data *outbuf" "krb5_replay_data *outdata"
-.Ft krb5_error_code
-.Fn krb5_rd_safe "krb5_context context" "krb5_auth_context auth_context" "const krb5_data *inbuf" "krb5_data *outbuf" "krb5_replay_data *outdata"
-.Sh DESCRIPTION
-.Fn krb5_rd_safe
-and
-.Fn krb5_rd_priv
-parses
-.Li KRB-SAFE
-and
-.Li KRB-PRIV
-messages (as generated by
-.Xr krb5_mk_safe 3
-and
-.Xr krb5_mk_priv 3 )
-from
-.Fa inbuf
-and verifies its integrity. The user data part of the message in put
-in
-.Fa outbuf .
-The encryption state, including keyblocks and addresses, is taken from
-.Fa auth_context .
-If the
-.Dv KRB5_AUTH_CONTEXT_RET_SEQUENCE
-or
-.Dv KRB5_AUTH_CONTEXT_RET_TIME
-flags are set in the
-.Fa auth_context
-the sequence number and time are returned in the
-.Fa outdata
-parameter.
-.Sh SEE ALSO
-.Xr krb5_auth_con_init 3 ,
-.Xr krb5_mk_priv 3 ,
-.Xr krb5_mk_safe 3
diff --git a/crypto/heimdal/lib/krb5/krb5_set_default_realm.3 b/crypto/heimdal/lib/krb5/krb5_set_default_realm.3
deleted file mode 100644
index 27467d816b3b..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_set_default_realm.3
+++ /dev/null
@@ -1,164 +0,0 @@
-.\" Copyright (c) 2003 - 2005 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_set_default_realm.3 17462 2006-05-05 13:18:39Z lha $
-.\"
-.Dd April 24, 2005
-.Dt KRB5_SET_DEFAULT_REALM 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_copy_host_realm ,
-.Nm krb5_free_host_realm ,
-.Nm krb5_get_default_realm ,
-.Nm krb5_get_default_realms ,
-.Nm krb5_get_host_realm ,
-.Nm krb5_set_default_realm
-.Nd default and host realm read and manipulation routines
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fo krb5_copy_host_realm
-.Fa "krb5_context context"
-.Fa "const krb5_realm *from"
-.Fa "krb5_realm **to"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_free_host_realm
-.Fa "krb5_context context"
-.Fa "krb5_realm *realmlist"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_default_realm
-.Fa "krb5_context context"
-.Fa "krb5_realm *realm"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_default_realms
-.Fa "krb5_context context"
-.Fa "krb5_realm **realm"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_host_realm
-.Fa "krb5_context context"
-.Fa "const char *host"
-.Fa "krb5_realm **realms"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_set_default_realm
-.Fa "krb5_context context"
-.Fa "const char *realm"
-.Fc
-.Sh DESCRIPTION
-.Fn krb5_copy_host_realm
-copies the list of realms from
-.Fa from
-to
-.Fa to .
-.Fa to
-should be freed by the caller using
-.Fa krb5_free_host_realm .
-.Pp
-.Fn krb5_free_host_realm
-frees all memory allocated by
-.Fa realmlist .
-.Pp
-.Fn krb5_get_default_realm
-returns the first default realm for this host.
-The realm returned should be freed with
-.Fn free .
-.Pp
-.Fn krb5_get_default_realms
-returns a
-.Dv NULL
-terminated list of default realms for this context.
-Realms returned by
-.Fn krb5_get_default_realms
-should be freed with
-.Fn krb5_free_host_realm .
-.Pp
-.Fn krb5_get_host_realm
-returns a
-.Dv NULL
-terminated list of realms for
-.Fa host
-by looking up the information in the
-.Li [domain_realm]
-in
-.Pa krb5.conf
-or in
-.Li DNS .
-If the mapping in
-.Li [domain_realm]
-results in the string
-.Li dns_locate ,
-DNS is used to lookup the realm.
-.Pp
-When using
-.Li DNS
-to a resolve the domain for the host a.b.c,
-.Fn krb5_get_host_realm
-looks for a
-.Dv TXT
-resource record named
-.Li _kerberos.a.b.c ,
-and if not found, it strips off the first component and tries a again
-(_kerberos.b.c) until it reaches the root.
-.Pp
-If there is no configuration or DNS information found,
-.Fn krb5_get_host_realm
-assumes it can use the domain part of the
-.Fa host
-to form a realm.
-Caller must free
-.Fa realmlist
-with
-.Fn krb5_free_host_realm .
-.Pp
-.Fn krb5_set_default_realm
-sets the default realm for the
-.Fa context .
-If
-.Dv NULL
-is used as a
-.Fa realm ,
-the
-.Li [libdefaults]default_realm
-stanza in
-.Pa krb5.conf
-is used.
-If there is no such stanza in the configuration file, the
-.Fn krb5_get_host_realm
-function is used to form a default realm.
-.Sh SEE ALSO
-.Xr free 3 ,
-.Xr krb5.conf 5
diff --git a/crypto/heimdal/lib/krb5/krb5_set_password.3 b/crypto/heimdal/lib/krb5/krb5_set_password.3
deleted file mode 100644
index 45ed41d477f6..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_set_password.3
+++ /dev/null
@@ -1,143 +0,0 @@
-.\" Copyright (c) 2003 - 2004 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_set_password.3 14052 2004-07-15 14:39:06Z lha $
-.\"
-.Dd July 15, 2004
-.Dt KRB5_SET_PASSWORD 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_change_password ,
-.Nm krb5_set_password ,
-.Nm krb5_set_password_using_ccache ,
-.Nm krb5_passwd_result_to_string
-.Nd change password functions
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fo krb5_change_password
-.Fa "krb5_context context"
-.Fa "krb5_creds *creds"
-.Fa "char *newpw"
-.Fa "int *result_code"
-.Fa "krb5_data *result_code_string"
-.Fa "krb5_data *result_string"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_set_password
-.Fa "krb5_context context"
-.Fa "krb5_creds *creds"
-.Fa "char *newpw"
-.Fa "krb5_principal targprinc"
-.Fa "int *result_code"
-.Fa "krb5_data *result_code_string"
-.Fa "krb5_data *result_string"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_set_password_using_ccache
-.Fa "krb5_context context"
-.Fa "krb5_ccache ccache"
-.Fa "char *newpw"
-.Fa "krb5_principal targprinc"
-.Fa "int *result_code"
-.Fa "krb5_data *result_code_string"
-.Fa "krb5_data *result_string"
-.Fc
-.Ft "const char *"
-.Fo krb5_passwd_result_to_string
-.Fa "krb5_context context"
-.Fa "int result"
-.Fc
-.Sh DESCRIPTION
-These functions change the password for a given principal.
-.Pp
-.Fn krb5_set_password
-and
-.Fn krb5_set_password_using_ccache
-are the newer of the three functions, and use a newer version of the
-protocol (and also fall back to the older set-password protocol if the
-newer protocol doesn't work).
-.Pp
-.Fn krb5_change_password
-sets the password
-.Fa newpasswd
-for the client principal in
-.Fa creds .
-The server principal of creds must be
-.Li kadmin/changepw .
-.Pp
-.Fn krb5_set_password
-and
-.Fn krb5_set_password_using_ccache
-change the password for the principal
-.Fa targprinc .
-.Pp
-.Fn krb5_set_password
-requires that the credential for
-.Li kadmin/changepw@REALM
-is in
-.Fa creds .
-If the user caller isn't an administrator, this credential
-needs to be an initial credential, see
-.Xr krb5_get_init_creds 3
-how to get such credentials.
-.Pp
-.Fn krb5_set_password_using_ccache
-will get the credential from
-.Fa ccache .
-.Pp
-If
-.Fa targprinc
-is
-.Dv NULL ,
-.Fn krb5_set_password_using_ccache
-uses the the default principal in
-.Fa ccache
-and
-.Fn krb5_set_password
-uses the global the default principal.
-.Pp
-All three functions return an error in
-.Fa result_code
-and maybe an error string to print in
-.Fa result_string .
-.Pp
-.Fn krb5_passwd_result_to_string
-returns an human readable string describing the error code in
-.Fa result_code
-from the
-.Fn krb5_set_password
-functions.
-.Sh SEE ALSO
-.Xr krb5_ccache 3 ,
-.Xr krb5_init_context 3
diff --git a/crypto/heimdal/lib/krb5/krb5_sname_to_principal.3 b/crypto/heimdal/lib/krb5/krb5_sname_to_principal.3
deleted file mode 100644
index 5724ce1876c8..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_sname_to_principal.3
+++ /dev/null
@@ -1,85 +0,0 @@
-.\" Copyright (c) 1997 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\"
-.\" $Id: krb5_sname_to_principal.3,v 1.7 2003/04/16 13:58:17 lha Exp $
-.\"
-.Dd August 8, 1997
-.Dt KRB5_PRINCIPAL 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_sname_to_principal ,
-.Nm krb5_sock_to_principal
-.Nd create a service principal
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fn krb5_sname_to_principal "krb5_context context" "const char *hostname" "const char *sname" "int32_t type" "krb5_principal *principal"
-.Ft krb5_error_code
-.Fn krb5_sock_to_principal "krb5_context context" "int socket" "const char *sname" "int32_t type" "krb5_principal *principal"
-.Sh DESCRIPTION
-These functions create a
-.Dq service
-principal that can, for instance, be used to lookup a key in a keytab. For both these function the
-.Fa sname
-parameter will be used for the first component of the created principal. If
-.Fa sname
-is
-.Dv NULL ,
-.Dq host
-will be used instead.
-.Fn krb5_sname_to_principal
-will use the passed
-.Fa hostname
-for the second component. If type
-.Dv KRB5_NT_SRV_HST
-this name will be looked up with
-.Fn gethostbyname .
-If
-.Fa hostname is
-.Dv NULL ,
-the local hostname will be used.
-.Pp
-.Fn krb5_sock_to_principal
-will use the
-.Dq sockname
-of the passed
-.Fa socket ,
-which should be a bound
-.Dv AF_INET
-socket.
-.Sh SEE ALSO
-.Xr krb5_425_conv_principal 3 ,
-.Xr krb5_build_principal 3 ,
-.Xr krb5_free_principal 3 ,
-.Xr krb5_parse_name 3 ,
-.Xr krb5_unparse_name 3
diff --git a/crypto/heimdal/lib/krb5/krb5_storage.3 b/crypto/heimdal/lib/krb5/krb5_storage.3
deleted file mode 100644
index cc03c5b5e24a..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_storage.3
+++ /dev/null
@@ -1,427 +0,0 @@
-.\" Copyright (c) 2003 - 2006 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_storage.3 17884 2006-08-18 08:41:09Z lha $
-.\"
-.Dd Aug 18, 2006
-.Dt KRB5_STORAGE 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_storage ,
-.Nm krb5_storage_emem ,
-.Nm krb5_storage_from_data ,
-.Nm krb5_storage_from_fd ,
-.Nm krb5_storage_from_mem ,
-.Nm krb5_storage_set_flags ,
-.Nm krb5_storage_clear_flags ,
-.Nm krb5_storage_is_flags ,
-.Nm krb5_storage_set_byteorder ,
-.Nm krb5_storage_get_byteorder ,
-.Nm krb5_storage_set_eof_code ,
-.Nm krb5_storage_seek ,
-.Nm krb5_storage_read ,
-.Nm krb5_storage_write ,
-.Nm krb5_storage_free ,
-.Nm krb5_storage_to_data ,
-.Nm krb5_store_int32 ,
-.Nm krb5_ret_int32 ,
-.Nm krb5_store_uint32 ,
-.Nm krb5_ret_uint32 ,
-.Nm krb5_store_int16 ,
-.Nm krb5_ret_int16 ,
-.Nm krb5_store_uint16 ,
-.Nm krb5_ret_uint16 ,
-.Nm krb5_store_int8 ,
-.Nm krb5_ret_int8 ,
-.Nm krb5_store_uint8 ,
-.Nm krb5_ret_uint8 ,
-.Nm krb5_store_data ,
-.Nm krb5_ret_data ,
-.Nm krb5_store_string ,
-.Nm krb5_ret_string ,
-.Nm krb5_store_stringnl ,
-.Nm krb5_ret_stringnl ,
-.Nm krb5_store_stringz ,
-.Nm krb5_ret_stringz ,
-.Nm krb5_store_principal ,
-.Nm krb5_ret_principal ,
-.Nm krb5_store_keyblock ,
-.Nm krb5_ret_keyblock ,
-.Nm krb5_store_times ,
-.Nm krb5_ret_times ,
-.Nm krb5_store_address ,
-.Nm krb5_ret_address ,
-.Nm krb5_store_addrs ,
-.Nm krb5_ret_addrs ,
-.Nm krb5_store_authdata ,
-.Nm krb5_ret_authdata ,
-.Nm krb5_store_creds ,
-.Nm krb5_ret_creds
-.Nd operates on the Kerberos datatype krb5_storage
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Li "struct krb5_storage;"
-.Pp
-.Ft "krb5_storage *"
-.Fn krb5_storage_from_fd "int fd"
-.Ft "krb5_storage *"
-.Fn krb5_storage_emem "void"
-.Ft "krb5_storage *"
-.Fn krb5_storage_from_mem "void *buf" "size_t len"
-.Ft "krb5_storage *"
-.Fn krb5_storage_from_data "krb5_data *data"
-.Ft void
-.Fn krb5_storage_set_flags "krb5_storage *sp" "krb5_flags flags"
-.Ft void
-.Fn krb5_storage_clear_flags "krb5_storage *sp" "krb5_flags flags"
-.Ft krb5_boolean
-.Fn krb5_storage_is_flags "krb5_storage *sp" "krb5_flags flags"
-.Ft void
-.Fn krb5_storage_set_byteorder "krb5_storage *sp" "krb5_flags byteorder"
-.Ft krb5_flags
-.Fn krb5_storage_get_byteorder "krb5_storage *sp" "krb5_flags byteorder"
-.Ft void
-.Fn krb5_storage_set_eof_code "krb5_storage *sp" "int code"
-.Ft off_t
-.Fn krb5_storage_seek "krb5_storage *sp" "off_t offset" "int whence"
-.Ft krb5_ssize_t
-.Fn krb5_storage_read "krb5_storage *sp" "void *buf" "size_t len"
-.Ft krb5_ssize_t
-.Fn krb5_storage_write "krb5_storage *sp" "const void *buf" "size_t len"
-.Ft krb5_error_code
-.Fn krb5_storage_free "krb5_storage *sp"
-.Ft krb5_error_code
-.Fn krb5_storage_to_data "krb5_storage *sp" "krb5_data *data"
-.Ft krb5_error_code
-.Fn krb5_store_int32 "krb5_storage *sp" "int32_t value"
-.Ft krb5_error_code
-.Fn krb5_ret_int32 "krb5_storage *sp" "int32_t *value"
-.Ft krb5_error_code
-.Fn krb5_ret_uint32 "krb5_storage *sp" "uint32_t *value"
-.Ft krb5_error_code
-.Fn krb5_store_uint32 "krb5_storage *sp" "uint32_t value"
-.Ft krb5_error_code
-.Fn krb5_store_int16 "krb5_storage *sp" "int16_t value"
-.Ft krb5_error_code
-.Fn krb5_ret_int16 "krb5_storage *sp" "int16_t *value"
-.Ft krb5_error_code
-.Fn krb5_store_uint16 "krb5_storage *sp" "uint16_t value"
-.Ft krb5_error_code
-.Fn krb5_ret_uint16 "krb5_storage *sp" "u_int16_t *value"
-.Ft krb5_error_code
-.Fn krb5_store_int8 "krb5_storage *sp" "int8_t value"
-.Ft krb5_error_code
-.Fn krb5_ret_int8 "krb5_storage *sp" "int8_t *value"
-.Ft krb5_error_code
-.Fn krb5_store_uint8 "krb5_storage *sp" "u_int8_t value"
-.Ft krb5_error_code
-.Fn krb5_ret_uint8 "krb5_storage *sp" "u_int8_t *value"
-.Ft krb5_error_code
-.Fn krb5_store_data "krb5_storage *sp" "krb5_data data"
-.Ft krb5_error_code
-.Fn krb5_ret_data "krb5_storage *sp" "krb5_data *data"
-.Ft krb5_error_code
-.Fn krb5_store_string "krb5_storage *sp" "const char *s"
-.Ft krb5_error_code
-.Fn krb5_ret_string "krb5_storage *sp" "char **string"
-.Ft krb5_error_code
-.Fn krb5_store_stringnl "krb5_storage *sp" "const char *s"
-.Ft krb5_error_code
-.Fn krb5_ret_stringnl "krb5_storage *sp" "char **string"
-.Ft krb5_error_code
-.Fn krb5_store_stringz "krb5_storage *sp" "const char *s"
-.Ft krb5_error_code
-.Fn krb5_ret_stringz "krb5_storage *sp" "char **string"
-.Ft krb5_error_code
-.Fn krb5_store_principal "krb5_storage *sp" "krb5_const_principal p"
-.Ft krb5_error_code
-.Fn krb5_ret_principal "krb5_storage *sp" "krb5_principal *princ"
-.Ft krb5_error_code
-.Fn krb5_store_keyblock "krb5_storage *sp" "krb5_keyblock p"
-.Ft krb5_error_code
-.Fn krb5_ret_keyblock "krb5_storage *sp" "krb5_keyblock *p"
-.Ft krb5_error_code
-.Fn krb5_store_times "krb5_storage *sp" "krb5_times times"
-.Ft krb5_error_code
-.Fn krb5_ret_times "krb5_storage *sp" "krb5_times *times"
-.Ft krb5_error_code
-.Fn krb5_store_address "krb5_storage *sp" "krb5_address p"
-.Ft krb5_error_code
-.Fn krb5_ret_address "krb5_storage *sp" "krb5_address *adr"
-.Ft krb5_error_code
-.Fn krb5_store_addrs "krb5_storage *sp" "krb5_addresses p"
-.Ft krb5_error_code
-.Fn krb5_ret_addrs "krb5_storage *sp" "krb5_addresses *adr"
-.Ft krb5_error_code
-.Fn krb5_store_authdata "krb5_storage *sp" "krb5_authdata auth"
-.Ft krb5_error_code
-.Fn krb5_ret_authdata "krb5_storage *sp" "krb5_authdata *auth"
-.Ft krb5_error_code
-.Fn krb5_store_creds "krb5_storage *sp" "krb5_creds *creds"
-.Ft krb5_error_code
-.Fn krb5_ret_creds "krb5_storage *sp" "krb5_creds *creds"
-.Sh DESCRIPTION
-The
-.Li krb5_storage
-structure holds a storage element that is used for data manipulation.
-The structure contains no public accessible elements.
-.Pp
-.Fn krb5_storage_emem
-create a memory based krb5 storage unit that dynamicly resized to the
-ammount of data stored in.
-The storage never returns errors, on memory allocation errors
-.Xr exit 3
-will be called.
-.Pp
-.Fn krb5_storage_from_data
-create a krb5 storage unit that will read is data from a
-.Li krb5_data .
-There is no copy made of the
-.Fa data ,
-so the caller must not free
-.Fa data
-until the storage is freed.
-.Pp
-.Fn krb5_storage_from_fd
-create a krb5 storage unit that will read is data from a
-file descriptor.
-The descriptor must be seekable if
-.Fn krb5_storage_seek
-is used.
-Caller must not free the file descriptor before the storage is freed.
-.Pp
-.Fn krb5_storage_from_mem
-create a krb5 storage unit that will read is data from a
-memory region.
-There is no copy made of the
-.Fa data ,
-so the caller must not free
-.Fa data
-until the storage is freed.
-.Pp
-.Fn krb5_storage_set_flags
-and
-.Fn krb5_storage_clear_flags
-modifies the behavior of the storage functions.
-.Fn krb5_storage_is_flags
-tests if the
-.Fa flags
-are set on the
-.Li krb5_storage .
-Valid flags to set, is and clear is are:
-.Pp
-.Bl -tag -width "Fan vet..." -compact -offset indent
-.It KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS
-Stores the number of principal componets one too many when storing
-principal namees, used for compatibility with version 1 of file
-keytabs and version 1 of file credential caches.
-.It KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE
-Doesn't store the name type in when storing a principal name, used for
-compatibility with version 1 of file keytabs and version 1 of file
-credential caches.
-.It KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE
-Stores the keyblock type twice storing a keyblock, used for
-compatibility version 3 of file credential caches.
-.It KRB5_STORAGE_BYTEORDER_MASK
-bitmask that can be used to and out what type of byte order order is used.
-.It KRB5_STORAGE_BYTEORDER_BE
-Store integers in in big endian byte order, this is the default mode.
-.It KRB5_STORAGE_BYTEORDER_LE
-Store integers in in little endian byte order.
-.It KRB5_STORAGE_BYTEORDER_HOST
-Stores the integers in host byte order, used for compatibility with
-version 1 of file keytabs and version 1 and 2 of file credential
-caches.
-.It KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER
-Store the credential flags in a krb5_creds in the reverse bit order.
-.El
-.Pp
-.Fn krb5_storage_set_byteorder
-and
-.Fn krb5_storage_get_byteorder
-modifies the byte order used in the storage for integers.
-The flags used is same as above.
-The valid flags are
-.Dv KRB5_STORAGE_BYTEORDER_BE ,
-.Dv KRB5_STORAGE_BYTEORDER_LE
-and
-.Dv KRB5_STORAGE_BYTEORDER_HOST .
-.Pp
-.Fn krb5_storage_set_eof_code
-sets the error code that will be returned on end of file condition to
-.Fa code .
-.Pp
-.Fn krb5_storage_seek
-seeks
-.Fa offset
-bytes in the storage
-.Fa sp .
-The
-.Fa whence
-argument is one of
-.Bl -tag -width SEEK_SET -compact -offset indent
-.It SEEK_SET
-offset is from begining of storage.
-.It SEEK_CUR
-offset is relative from current offset.
-.It SEEK_END
-offset is from end of storage.
-.El
-.Pp
-.Fn krb5_storage_read
-reads
-.Fa len
-(or less bytes in case of end of file) into
-.Fa buf
-from the current offset in the storage
-.Fa sp .
-.Pp
-.Fn krb5_storage_write
-writes
-.Fa len
-or (less bytes in case of end of file) from
-.Fa buf
-from the current offset in the storage
-.Fa sp .
-.Pp
-.Fn krb5_storage_free
-frees the storage
-.Fa sp .
-.Pp
-.Fn krb5_storage_to_data
-converts the data in storage
-.Fa sp
-into a
-.Li krb5_data
-structure.
-.Fa data
-must be freed with
-.Fn krb5_data_free
-by the caller when done with the
-.Fa data .
-.Pp
-All
-.Li krb5_store
-and
-.Li krb5_ret
-functions move the current offset forward when the functions returns.
-.Pp
-.Fn krb5_store_int32 ,
-.Fn krb5_ret_int32 ,
-.Fn krb5_store_uint32 ,
-.Fn krb5_ret_uint32 ,
-.Fn krb5_store_int16 ,
-.Fn krb5_ret_int16 ,
-.Fn krb5_store_uint16 ,
-.Fn krb5_ret_uint16 ,
-.Fn krb5_store_int8 ,
-.Fn krb5_ret_int8 
-.Fn krb5_store_uint8 ,
-and
-.Fn krb5_ret_uint8 
-stores and reads an integer from
-.Fa sp
-in the byte order specified by the flags set on the
-.Fa sp .
-.Pp
-.Fn krb5_store_data
-and
-.Fn krb5_ret_data
-store and reads a krb5_data.
-The length of the data is stored with
-.Fn krb5_store_int32 .
-.Pp
-.Fn krb5_store_string
-and
-.Fn krb5_ret_string
-store and reads a string by storing the length of the string with
-.Fn krb5_store_int32
-followed by the string itself.
-.Pp
-.Fn krb5_store_stringnl
-and 
-.Fn krb5_ret_stringnl
-store and reads a string by storing string followed by a
-.Dv '\n' .
-.Pp
-.Fn krb5_store_stringz
-and 
-.Fn krb5_ret_stringz
-store and reads a string by storing string followed by a
-.Dv NUL .
-.Pp
-.Fn krb5_store_principal
-and
-.Fn krb5_ret_principal
-store and reads a principal.
-.Pp
-.Fn krb5_store_keyblock
-and
-.Fn krb5_ret_keyblock
-store and reads a
-.Li krb5_keyblock .
-.Pp
-.Fn krb5_store_times
-.Fn krb5_ret_times
-store and reads
-.Li krb5_times 
-structure .
-.Pp
-.Fn krb5_store_address
-and
-.Fn krb5_ret_address
-store and reads a 
-.Li krb5_address .
-.Pp
-.Fn krb5_store_addrs
-and
-.Fn krb5_ret_addrs
-store and reads a 
-.Li krb5_addresses .
-.Pp
-.Fn krb5_store_authdata
-and
-.Fn krb5_ret_authdata
-store and reads a
-.Li krb5_authdata .
-.Pp
-.Fn krb5_store_creds
-and
-.Fn krb5_ret_creds
-store and reads a
-.Li krb5_creds .
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5_data 3 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_string_to_key.3 b/crypto/heimdal/lib/krb5/krb5_string_to_key.3
deleted file mode 100644
index cf96f4e013bf..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_string_to_key.3
+++ /dev/null
@@ -1,156 +0,0 @@
-.\" Copyright (c) 2004 - 2006 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_string_to_key.3 17820 2006-07-10 14:28:01Z lha $
-.\"
-.Dd July 10, 2006
-.Dt KRB5_STRING_TO_KEY 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_string_to_key ,
-.Nm krb5_string_to_key_data ,
-.Nm krb5_string_to_key_data_salt ,
-.Nm krb5_string_to_key_data_salt_opaque ,
-.Nm krb5_string_to_key_salt ,
-.Nm krb5_string_to_key_salt_opaque ,
-.Nm krb5_get_pw_salt ,
-.Nm krb5_free_salt
-.Nd turns a string to a Kerberos key
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fo krb5_string_to_key
-.Fa "krb5_context context"
-.Fa "krb5_enctype enctype"
-.Fa "const char *password"
-.Fa "krb5_principal principal"
-.Fa "krb5_keyblock *key"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_string_to_key_data
-.Fa "krb5_context context"
-.Fa "krb5_enctype enctype"
-.Fa "krb5_data password"
-.Fa "krb5_principal principal"
-.Fa "krb5_keyblock *key"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_string_to_key_data_salt
-.Fa "krb5_context context"
-.Fa "krb5_enctype enctype"
-.Fa "krb5_data password"
-.Fa "krb5_salt salt"
-.Fa "krb5_keyblock *key"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_string_to_key_data_salt_opaque
-.Fa "krb5_context context"
-.Fa "krb5_enctype enctype"
-.Fa "krb5_data password"
-.Fa "krb5_salt salt"
-.Fa "krb5_data opaque"
-.Fa "krb5_keyblock *key"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_string_to_key_salt
-.Fa "krb5_context context"
-.Fa "krb5_enctype enctype"
-.Fa "const char *password"
-.Fa "krb5_salt salt"
-.Fa "krb5_keyblock *key"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_string_to_key_salt_opaque
-.Fa "krb5_context context"
-.Fa "krb5_enctype enctype"
-.Fa "const char *password"
-.Fa "krb5_salt salt"
-.Fa "krb5_data opaque"
-.Fa "krb5_keyblock *key"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_pw_salt
-.Fa "krb5_context context"
-.Fa "krb5_const_principal principal"
-.Fa "krb5_salt *salt"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_free_salt
-.Fa "krb5_context context"
-.Fa "krb5_salt salt"
-.Fc
-.Sh DESCRIPTION
-The string to key functions convert a string to a kerberos key.
-.Pp
-.Fn krb5_string_to_key_data_salt_opaque
-is the function that does all the work, the rest of the functions are
-just wrapers around
-.Fn krb5_string_to_key_data_salt_opaque
-that calls it with default values.
-.Pp
-.Fn krb5_string_to_key_data_salt_opaque
-transforms the
-.Fa password
-with the given salt-string
-.Fa salt
-and the opaque, encryption type specific parameter
-.Fa opaque
-to a encryption key
-.Fa key
-according to the string to key function associated with
-.Fa enctype .
-.Pp
-The
-.Fa key
-should be freed with
-.Fn krb5_free_keyblock_contents .
-.Pp
-If one of the functions that doesn't take a
-.Li krb5_salt
-as it argument
-.Fn krb5_get_pw_salt
-is used to get the salt value.
-.Pp
-.Fn krb5_get_pw_salt
-get the default password salt for a principal, use
-.Fn krb5_free_salt
-to free the salt when done.
-.Pp
-.Fn krb5_free_salt
-frees the content of
-.Fa salt .
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5_data 3 ,
-.Xr krb5_keyblock 3 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_ticket.3 b/crypto/heimdal/lib/krb5/krb5_ticket.3
deleted file mode 100644
index 4f6d45ba5765..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_ticket.3
+++ /dev/null
@@ -1,137 +0,0 @@
-.\" Copyright (c) 2003 - 2004 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_ticket.3 19543 2006-12-28 20:48:50Z lha $
-.\"
-.Dd May  1, 2006
-.Dt KRB5_TICKET 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_ticket ,
-.Nm krb5_free_ticket ,
-.Nm krb5_copy_ticket ,
-.Nm krb5_ticket_get_authorization_data_type ,
-.Nm krb5_ticket_get_client ,
-.Nm krb5_ticket_get_server ,
-.Nm krb5_ticket_get_endtime
-.Nd Kerberos 5 ticket access and handling functions
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Li krb5_ticket ;
-.Pp
-.Ft krb5_error_code
-.Fo krb5_free_ticket
-.Fa "krb5_context context"
-.Fa "krb5_ticket *ticket"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_copy_ticket
-.Fa "krb5_context context"
-.Fa "const krb5_ticket *from"
-.Fa "krb5_ticket **to"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_ticket_get_authorization_data_type
-.Fa "krb5_context context"
-.Fa "krb5_ticket *ticket"
-.Fa "int type"
-.Fa "krb5_data *data"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_ticket_get_client
-.Fa "krb5_context context"
-.Fa "const krb5_ticket *ticket"
-.Fa "krb5_principal *client"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_ticket_get_server
-.Fa "krb5_context context"
-.Fa "const krb5_ticket *ticket"
-.Fa "krb5_principal *server"
-.Fc
-.Ft time_t
-.Fo krb5_ticket_get_endtime
-.Fa "krb5_context context"
-.Fa "const krb5_ticket *ticket"
-.Fc
-.Sh DESCRIPTION
-.Li krb5_ticket
-holds a kerberos ticket.
-The internals of the structure should never be accessed directly,
-functions exist for extracting information.
-.Pp
-.Fn krb5_free_ticket
-frees the
-.Fa ticket
-and its content.
-Used to free the result of
-.Fn krb5_copy_ticket
-and
-.Fn krb5_recvauth .
-.Pp
-.Fn krb5_copy_ticket
-copies the content of the ticket
-.Fa from
-to the ticket
-.Fa to .
-The result
-.Fa to
-should be freed with
-.Fn krb5_free_ticket .
-.Pp
-.Fn krb5_ticket_get_authorization_data_type
-fetches the authorization data of the type
-.Fa type
-from the
-.Fa ticket .
-If there isn't any authorization data of type
-.Fa type ,
-.Dv ENOENT
-is returned.
-.Fa data
-needs to be freed with
-.Fn krb5_data_free
-on success.
-.Pp
-.Fn krb5_ticket_get_client
-and
-.Fn krb5_ticket_get_server
-returns a copy of the client/server principal from the ticket.
-The principal returned should be free using
-.Xr krb5_free_principal 3 .
-.Pp
-.Fn krb5_ticket_get_endtime
-return the end time of the ticket.
-.Sh SEE ALSO
-.Xr krb5 3
diff --git a/crypto/heimdal/lib/krb5/krb5_timeofday.3 b/crypto/heimdal/lib/krb5/krb5_timeofday.3
deleted file mode 100644
index 4163cc1b7165..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_timeofday.3
+++ /dev/null
@@ -1,118 +0,0 @@
-.\" $Id: krb5_timeofday.3 18093 2006-09-16 09:27:28Z lha $
-.\"
-.\" Copyright (c) 2001, 2003, 2006 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_timeofday.3 18093 2006-09-16 09:27:28Z lha $
-.\"
-.Dd Sepember  16, 2006
-.Dt KRB5_TIMEOFDAY 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_timeofday ,
-.Nm krb5_set_real_time ,
-.Nm krb5_us_timeofday ,
-.Nm krb5_format_time ,
-.Nm krb5_string_to_deltat
-.Nd Kerberos 5 time handling functions
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Li krb5_timestamp ;
-.Pp
-.Li krb5_deltat ;
-.Ft krb5_error_code
-.Fo krb5_set_real_time
-.Fa "krb5_context context"
-.Fa "krb5_timestamp sec"
-.Fa "int32_t usec"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_timeofday
-.Fa "krb5_context context"
-.Fa "krb5_timestamp *timeret"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_us_timeofday
-.Fa "krb5_context context"
-.Fa "krb5_timestamp *sec"
-.Fa "int32_t *usec"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_format_time
-.Fa "krb5_context context"
-.Fa "time_t t"
-.Fa "char *s"
-.Fa "size_t len"
-.Fa "krb5_boolean include_time"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_string_to_deltat
-.Fa "const char *string"
-.Fa "krb5_deltat *deltat"
-.Fc
-.Sh DESCRIPTION
-.Nm krb5_set_real_time
-sets the absolute time that the caller knows the KDC has.
-With this the Kerberos library can calculate the relative
-difference between the KDC time and the local system time and store it
-in the
-.Fa context .
-With this information the Kerberos library can adjust all time stamps
-in Kerberos packages.
-.Pp
-.Fn krb5_timeofday
-returns the current time, but adjusted with the time difference
-between the local host and the KDC.
-.Fn krb5_us_timeofday
-also returns microseconds.
-.Pp
-.Nm krb5_format_time
-formats the time
-.Fa t
-into the string
-.Fa s
-of length
-.Fa len .
-If
-.Fa include_time
-is set, the time is set include_time.
-.Pp
-.Nm krb5_string_to_deltat
-parses delta time
-.Fa string
-into
-.Fa deltat .
-.Sh SEE ALSO
-.Xr gettimeofday 2 ,
-.Xr krb5 3
diff --git a/crypto/heimdal/lib/krb5/krb5_unparse_name.3 b/crypto/heimdal/lib/krb5/krb5_unparse_name.3
deleted file mode 100644
index 274d638d6694..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_unparse_name.3
+++ /dev/null
@@ -1,62 +0,0 @@
-.\" Copyright (c) 1997 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_unparse_name.3 12329 2003-05-26 14:09:04Z lha $
-.\"
-.Dd August 8, 1997
-.Dt KRB5_UNPARSE_NAME 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_unparse_name
-.\" .Nm krb5_unparse_name_ext
-.Nd principal to string conversion
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fn krb5_unparse_name "krb5_context context" "krb5_principal principal" "char **name"
-.\" .Ft krb5_error_code
-.\" .Fn krb5_unparse_name_ext "krb5_context context" "krb5_const_principal principal" "char **name" "size_t *size"
-.Sh DESCRIPTION
-This function takes a
-.Fa principal ,
-and will convert in to a printable representation with the same syntax
-as described in
-.Xr krb5_parse_name 3 .
-.Fa *name
-will point to allocated data and should be freed by the caller.
-.Sh SEE ALSO
-.Xr krb5_425_conv_principal 3 ,
-.Xr krb5_build_principal 3 ,
-.Xr krb5_free_principal 3 ,
-.Xr krb5_parse_name 3 ,
-.Xr krb5_sname_to_principal 3
diff --git a/crypto/heimdal/lib/krb5/krb5_verify_init_creds.3 b/crypto/heimdal/lib/krb5/krb5_verify_init_creds.3
deleted file mode 100644
index 9a34648981b4..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_verify_init_creds.3
+++ /dev/null
@@ -1,103 +0,0 @@
-.\" Copyright (c) 2003 - 2006 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_verify_init_creds.3 22071 2007-11-14 20:04:50Z lha $
-.\"
-.Dd May  1, 2006
-.Dt KRB5_VERIFY_INIT_CREDS 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_verify_init_creds_opt_init ,
-.Nm krb5_verify_init_creds_opt_set_ap_req_nofail ,
-.Nm krb5_verify_init_creds
-.Nd "verifies a credential cache is correct by using a local keytab"
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Li "struct krb5_verify_init_creds_opt;"
-.Ft void
-.Fo krb5_verify_init_creds_opt_init
-.Fa "krb5_verify_init_creds_opt *options"
-.Fc
-.Ft void
-.Fo krb5_verify_init_creds_opt_set_ap_req_nofail
-.Fa "krb5_verify_init_creds_opt *options"
-.Fa "int ap_req_nofail"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_verify_init_creds
-.Fa "krb5_context context"
-.Fa "krb5_creds *creds"
-.Fa "krb5_principal ap_req_server"
-.Fa "krb5_ccache *ccache"
-.Fa "krb5_verify_init_creds_opt *options"
-.Fc
-.Sh DESCRIPTION
-The
-.Nm krb5_verify_init_creds
-function verifies the initial tickets with the local keytab to make
-sure the response of the KDC was spoof-ed.
-.Pp
-.Nm krb5_verify_init_creds
-will use principal
-.Fa ap_req_server
-from the local keytab, if
-.Dv NULL
-is passed in, the code will guess the local hostname and use that to
-form host/hostname/GUESSED-REALM-FOR-HOSTNAME.
-.Fa creds
-is the credential that
-.Nm krb5_verify_init_creds
-should verify.
-If
-.Fa ccache
-is given
-.Fn krb5_verify_init_creds
-stores all credentials it fetched from the KDC there, otherwise it
-will use a memory credential cache that is destroyed when done.
-.Pp
-.Fn krb5_verify_init_creds_opt_init
-cleans the the structure, must be used before trying to pass it in to
-.Fn krb5_verify_init_creds .
-.Pp
-.Fn krb5_verify_init_creds_opt_set_ap_req_nofail
-controls controls the behavior if
-.Fa ap_req_server
-doesn't exists in the local keytab or in the KDC's database, if it's
-true, the error will be ignored.  Note that this use is possible
-insecure.
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5_get_init_creds 3 ,
-.Xr krb5_verify_user 3 ,
-.Xr krb5.conf 5
diff --git a/crypto/heimdal/lib/krb5/krb5_verify_user.3 b/crypto/heimdal/lib/krb5/krb5_verify_user.3
deleted file mode 100644
index 8086bc04baf4..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_verify_user.3
+++ /dev/null
@@ -1,241 +0,0 @@
-.\" Copyright (c) 2001 - 2006 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_verify_user.3 22071 2007-11-14 20:04:50Z lha $
-.\"
-.Dd May  1, 2006
-.Dt KRB5_VERIFY_USER 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_verify_user ,
-.Nm krb5_verify_user_lrealm ,
-.Nm krb5_verify_user_opt ,
-.Nm krb5_verify_opt_init ,
-.Nm krb5_verify_opt_alloc ,
-.Nm krb5_verify_opt_free ,
-.Nm krb5_verify_opt_set_ccache ,
-.Nm krb5_verify_opt_set_flags ,
-.Nm krb5_verify_opt_set_service ,
-.Nm krb5_verify_opt_set_secure ,
-.Nm krb5_verify_opt_set_keytab
-.Nd Heimdal password verifying functions
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fn "krb5_verify_user" "krb5_context context" " krb5_principal principal" "krb5_ccache ccache" "const char *password" "krb5_boolean secure" "const char *service"
-.Ft krb5_error_code
-.Fn "krb5_verify_user_lrealm" "krb5_context context" "krb5_principal principal" "krb5_ccache ccache" "const char *password" "krb5_boolean secure" "const char *service"
-.Ft void
-.Fn krb5_verify_opt_init "krb5_verify_opt *opt"
-.Ft void
-.Fn krb5_verify_opt_alloc "krb5_verify_opt **opt"
-.Ft void
-.Fn krb5_verify_opt_free "krb5_verify_opt *opt"
-.Ft void
-.Fn krb5_verify_opt_set_ccache "krb5_verify_opt *opt" "krb5_ccache ccache"
-.Ft void
-.Fn krb5_verify_opt_set_keytab "krb5_verify_opt *opt" "krb5_keytab keytab"
-.Ft void
-.Fn krb5_verify_opt_set_secure "krb5_verify_opt *opt" "krb5_boolean secure"
-.Ft void
-.Fn krb5_verify_opt_set_service "krb5_verify_opt *opt" "const char *service"
-.Ft void
-.Fn krb5_verify_opt_set_flags "krb5_verify_opt *opt" "unsigned int flags"
-.Ft krb5_error_code
-.Fo krb5_verify_user_opt
-.Fa "krb5_context context"
-.Fa "krb5_principal principal"
-.Fa "const char *password"
-.Fa "krb5_verify_opt *opt"
-.Fc
-.Sh DESCRIPTION
-The
-.Nm krb5_verify_user
-function verifies the password supplied by a user.
-The principal whose password will be verified is specified in
-.Fa principal .
-New tickets will be obtained as a side-effect and stored in
-.Fa ccache
-(if
-.Dv NULL ,
-the default ccache is used).
-.Fn krb5_verify_user
-will call
-.Fn krb5_cc_initialize
-on the given
-.Fa ccache ,
-so
-.Fa ccache
-must only initialized with
-.Fn krb5_cc_resolve
-or
-.Fn krb5_cc_gen_new .
-If the password is not supplied in
-.Fa password
-(and is given as
-.Dv NULL )
-the user will be prompted for it.
-If
-.Fa secure
-the ticket will be verified against the locally stored service key
-.Fa service
-(by default
-.Ql host
-if given as
-.Dv NULL
-).
-.Pp
-The
-.Fn krb5_verify_user_lrealm
-function does the same, except that it ignores the realm in
-.Fa principal
-and tries all the local realms (see
-.Xr krb5.conf 5 ) .
-After a successful return, the principal is set to the authenticated
-realm. If the call fails, the principal will not be meaningful, and
-should only be freed with
-.Xr krb5_free_principal 3 .
-.Pp
-.Fn krb5_verify_opt_alloc
-and
-.Fn krb5_verify_opt_free
-allocates and frees a
-.Li krb5_verify_opt .
-You should use the the alloc and free function instead of allocation
-the structure yourself, this is because in a future release the
-structure wont be exported.
-.Pp
-.Fn krb5_verify_opt_init
-resets all opt to default values.
-.Pp
-None of the krb5_verify_opt_set function makes a copy of the data
-structure that they are called with. It's up the caller to free them
-after the
-.Fn krb5_verify_user_opt
-is called.
-.Pp
-.Fn krb5_verify_opt_set_ccache
-sets the
-.Fa ccache
-that user of
-.Fa opt
-will use. If not set, the default credential cache will be used.
-.Pp
-.Fn krb5_verify_opt_set_keytab
-sets the
-.Fa keytab
-that user of
-.Fa opt
-will use. If not set, the default keytab will be used.
-.Pp
-.Fn krb5_verify_opt_set_secure
-if
-.Fa secure
-if true, the password verification will require that the ticket will
-be verified against the locally stored service key. If not set,
-default value is true.
-.Pp
-.Fn krb5_verify_opt_set_service
-sets the
-.Fa service
-principal that user of
-.Fa opt
-will use. If not set, the
-.Ql host
-service will be used.
-.Pp
-.Fn krb5_verify_opt_set_flags
-sets
-.Fa flags
-that user of
-.Fa opt
-will use.
-If the flag
-.Dv KRB5_VERIFY_LREALMS
-is used, the
-.Fa principal
-will be modified like
-.Fn krb5_verify_user_lrealm
-modifies it.
-.Pp
-.Fn krb5_verify_user_opt
-function verifies the
-.Fa password
-supplied by a user.
-The principal whose password will be verified is specified in
-.Fa principal .
-Options the to the verification process is pass in in
-.Fa opt .
-.Sh EXAMPLES
-Here is a example program that verifies a password. it uses the
-.Ql host/`hostname`
-service principal in
-.Pa krb5.keytab .
-.Bd -literal
-#include <krb5.h>
-
-int
-main(int argc, char **argv)
-{
-    char *user;
-    krb5_error_code error;
-    krb5_principal princ;
-    krb5_context context;
-
-    if (argc != 2)
-	errx(1, "usage: verify_passwd <principal-name>");
-
-    user = argv[1];
-
-    if (krb5_init_context(&context) < 0)
-	errx(1, "krb5_init_context");
-
-    if ((error = krb5_parse_name(context, user, &princ)) != 0)
-	krb5_err(context, 1, error, "krb5_parse_name");
-
-    error = krb5_verify_user(context, princ, NULL, NULL, TRUE, NULL);
-    if (error)
-        krb5_err(context, 1, error, "krb5_verify_user");
-
-    return 0;
-}
-.Ed
-.Sh SEE ALSO
-.Xr krb5_cc_gen_new 3 ,
-.Xr krb5_cc_initialize 3 ,
-.Xr krb5_cc_resolve 3 ,
-.Xr krb5_err 3 ,
-.Xr krb5_free_principal 3 ,
-.Xr krb5_init_context 3 ,
-.Xr krb5_kt_default 3 ,
-.Xr krb5.conf 5
diff --git a/crypto/heimdal/lib/krb5/krb5_warn.3 b/crypto/heimdal/lib/krb5/krb5_warn.3
deleted file mode 100644
index 5610cd8dc42e..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_warn.3
+++ /dev/null
@@ -1,233 +0,0 @@
-.\" Copyright (c) 1997, 2001 - 2006 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_warn.3 19085 2006-11-21 07:55:20Z lha $
-.\"
-.Dd May  1, 2006
-.Dt KRB5_WARN 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_abort ,
-.Nm krb5_abortx ,
-.Nm krb5_clear_error_string ,
-.Nm krb5_err ,
-.Nm krb5_errx ,
-.Nm krb5_free_error_string ,
-.Nm krb5_get_err_text ,
-.Nm krb5_get_error_message ,
-.Nm krb5_get_error_string ,
-.Nm krb5_have_error_string ,
-.Nm krb5_set_error_string ,
-.Nm krb5_set_warn_dest ,
-.Nm krb5_get_warn_dest ,
-.Nm krb5_vabort ,
-.Nm krb5_vabortx ,
-.Nm krb5_verr ,
-.Nm krb5_verrx ,
-.Nm krb5_vset_error_string ,
-.Nm krb5_vwarn ,
-.Nm krb5_vwarnx ,
-.Nm krb5_warn ,
-.Nm krb5_warnx
-.Nd Heimdal warning and error functions
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fn krb5_abort "krb5_context context" "krb5_error_code code" "const char *fmt"  "..."
-.Ft krb5_error_code
-.Fn krb5_abortx "krb5_context context" "krb5_error_code code" "const char *fmt"  "..."
-.Ft void
-.Fn krb5_clear_error_string "krb5_context context"
-.Ft krb5_error_code
-.Fn krb5_err "krb5_context context" "int eval" "krb5_error_code code" "const char *format" "..."
-.Ft krb5_error_code
-.Fn krb5_errx "krb5_context context" "int eval" "const char *format" "..."
-.Ft void
-.Fn krb5_free_error_string "krb5_context context" "char *str"
-.Ft krb5_error_code
-.Fn krb5_verr "krb5_context context" "int eval" "krb5_error_code code" "const char *format" "va_list ap"
-.Ft krb5_error_code
-.Fn krb5_verrx "krb5_context context" "int eval" "const char *format" "va_list ap"
-.Ft krb5_error_code
-.Fn krb5_vset_error_string "krb5_context context" "const char *fmt" "va_list args"
-.Ft krb5_error_code
-.Fn krb5_vwarn "krb5_context context" "krb5_error_code code" "const char *format" "va_list ap"
-.Ft krb5_error_code
-.Fn krb5_vwarnx "krb5_context context" "const char *format" "va_list ap"
-.Ft krb5_error_code
-.Fn krb5_warn "krb5_context context" "krb5_error_code code" "const char *format" "..."
-.Ft krb5_error_code
-.Fn krb5_warnx "krb5_context context" "const char *format" "..."
-.Ft krb5_error_code
-.Fn krb5_set_error_string "krb5_context context" "const char *fmt" "..."
-.Ft krb5_error_code
-.Fn krb5_set_warn_dest "krb5_context context" "krb5_log_facility *facility"
-.Ft "char *"
-.Ft krb5_log_facility *
-.Fo krb5_get_warn_dest
-.Fa "krb5_context context"
-.Fc
-.Fn krb5_get_err_text "krb5_context context" "krb5_error_code code"
-.Ft char*
-.Fn krb5_get_error_string "krb5_context context"
-.Ft char*
-.Fn krb5_get_error_message "krb5_context context, krb5_error_code code"
-.Ft krb5_boolean
-.Fn krb5_have_error_string "krb5_context context"
-.Ft krb5_error_code
-.Fn krb5_vabortx "krb5_context context" "const char *fmt" "va_list ap"
-.Ft krb5_error_code
-.Fn krb5_vabort "krb5_context context" "const char *fmt" "va_list ap"
-.Sh DESCRIPTION
-These functions print a warning message to some destination.
-.Fa format
-is a printf style format specifying the message to print. The forms not ending in an
-.Dq x
-print the error string associated with
-.Fa code
-along with the message.
-The
-.Dq err
-functions exit with exit status
-.Fa eval
-after printing the message.
-.Pp
-Applications that want to get the error message to report it to a user
-or store it in a log want to use
-.Fn krb5_get_error_message .
-.Pp
-The
-.Fn krb5_set_warn_func
-function sets the destination for warning messages to the specified
-.Fa facility .
-Messages logged with the
-.Dq warn
-functions have a log level of 1, while the
-.Dq err
-functions log with level 0.
-.Pp
-.Fn krb5_get_err_text
-fetches the human readable strings describing the error-code.
-.Pp
-.Fn krb5_abort
-and 
-.Nm krb5_abortx
-behaves like
-.Nm krb5_err
-and
-.Nm krb5_errx
-but instead of exiting using the
-.Xr exit 3
-call,
-.Xr abort 3
-is used.
-.Pp
-.Fn krb5_free_error_string
-frees the error string
-.Fa str
-returned by
-.Fn krb5_get_error_string .
-.Pp
-.Fn krb5_clear_error_string
-clears the error string from the
-.Fa context .
-.Pp
-.Fn krb5_set_error_string
-and
-.Fn krb5_vset_error_string
-sets an verbose error string in
-.Fa context .
-.Pp
-.Fn krb5_get_error_string
-fetches the error string from
-.Fa context .
-The error message in the context is consumed and must be freed using
-.Fn krb5_free_error_string
-by the caller.
-See also
-.Fn krb5_get_error_message ,
-what is usually less verbose to use.
-.Pp
-.Fn krb5_have_error_string
-returns
-.Dv TRUE
-if there is a verbose error message in the
-.Fa context .
-.Pp
-.Fn krb5_get_error_message
-fetches the error string from the context, or if there
-is no customized error string in
-.Fa context ,
-uses
-.Fa code
-to return a error string.
-In either case, the error message in the context is consumed and must
-be freed using
-.Fn krb5_free_error_string
-by the caller.
-.Pp
-.Fn krb5_set_warn_dest
-and
-.Fn krb5_get_warn_dest
-sets and get the log context that is used by
-.Fn krb5_warn
-and friends.  By using this the application can control where the
-output should go.  For example, this is imperative to inetd servers
-where logging status and error message will end up on the output
-stream to the client.
-.Sh EXAMPLES
-Below is a simple example how to report error messages from the
-Kerberos library in an application.
-.Bd -literal
-#include <krb5.h>
-
-krb5_error_code
-function (krb5_context context)
-{
-    krb5_error_code ret;
-
-    ret = krb5_function (context, arg1, arg2);
-    if (ret) {
-	char *s = krb5_get_error_message(context, ret);
-	if (s == NULL)
-	     errx(1, "kerberos error: %d (and out of memory)", ret);
-	application_logger("krb5_function failed: %s", s);
-	krb5_free_error_string(context, s);
-	return ret;
-    }
-    return 0;
-}
-.Ed
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5_openlog 3
diff --git a/crypto/heimdal/lib/krb5/krb_err.et b/crypto/heimdal/lib/krb5/krb_err.et
deleted file mode 100644
index f7dbb6ce7a66..000000000000
--- a/crypto/heimdal/lib/krb5/krb_err.et
+++ /dev/null
@@ -1,63 +0,0 @@
-#
-# Error messages for the krb4 library
-#
-# This might look like a com_err file, but is not
-#
-id "$Id: krb_err.et,v 1.7 1998/03/29 14:19:52 bg Exp $"
-
-error_table krb
-
-prefix KRB4ET
-ec KSUCCESS,		"Kerberos 4 successful"
-ec KDC_NAME_EXP,	"Kerberos 4 principal expired"
-ec KDC_SERVICE_EXP,	"Kerberos 4 service expired"
-ec KDC_AUTH_EXP,	"Kerberos 4 auth expired"
-ec KDC_PKT_VER,		"Incorrect Kerberos 4 master key version"
-ec KDC_P_MKEY_VER,	"Incorrect Kerberos 4 master key version"
-ec KDC_S_MKEY_VER,	"Incorrect Kerberos 4 master key version"
-ec KDC_BYTE_ORDER,	"Kerberos 4 byte order unknown"
-ec KDC_PR_UNKNOWN,	"Kerberos 4 principal unknown"
-ec KDC_PR_N_UNIQUE,	"Kerberos 4 principal not unique"
-ec KDC_NULL_KEY,	"Kerberos 4 principal has null key"
-index 20
-ec KDC_GEN_ERR,		"Generic error from KDC (Kerberos 4)"
-ec GC_TKFIL,		"Can't read Kerberos 4 ticket file"
-ec GC_NOTKT,		"Can't find Kerberos 4 ticket or TGT"
-index 26
-ec MK_AP_TGTEXP,	"Kerberos 4 TGT Expired"
-index 31
-ec RD_AP_UNDEC,		"Kerberos 4: Can't decode authenticator"
-ec RD_AP_EXP,		"Kerberos 4 ticket expired"
-ec RD_AP_NYV,		"Kerberos 4 ticket not yet valid"
-ec RD_AP_REPEAT,	"Kerberos 4: Repeated request"
-ec RD_AP_NOT_US,	"The Kerberos 4 ticket isn't for us"
-ec RD_AP_INCON,		"Kerberos 4 request inconsistent"
-ec RD_AP_TIME,		"Kerberos 4: delta_t too big"
-ec RD_AP_BADD,		"Kerberos 4: incorrect net address"
-ec RD_AP_VERSION,	"Kerberos protocol not version 4"
-ec RD_AP_MSG_TYPE,	"Kerberos 4: invalid msg type"
-ec RD_AP_MODIFIED,	"Kerberos 4: message stream modified"
-ec RD_AP_ORDER,		"Kerberos 4: message out of order"
-ec RD_AP_UNAUTHOR,	"Kerberos 4: unauthorized request"
-index 51
-ec GT_PW_NULL,		"Kerberos 4: current PW is null"
-ec GT_PW_BADPW,		"Kerberos 4: Incorrect current password"
-ec GT_PW_PROT,		"Kerberos 4 protocol error"
-ec GT_PW_KDCERR,	"Error returned by KDC (Kerberos 4)"
-ec GT_PW_NULLTKT,	"Null Kerberos 4 ticket returned by KDC"
-ec SKDC_RETRY,		"Kerberos 4: Retry count exceeded"
-ec SKDC_CANT,		"Kerberos 4: Can't send request"
-index 61
-ec INTK_W_NOTALL,	"Kerberos 4: not all tickets returned"
-ec INTK_BADPW,		"Kerberos 4: incorrect password"
-ec INTK_PROT,		"Kerberos 4: Protocol Error"
-index 70
-ec INTK_ERR,		"Other error in Kerberos 4"
-ec AD_NOTGT,		"Don't have Kerberos 4 ticket-granting ticket"
-index 76
-ec NO_TKT_FIL,		"No Kerberos 4 ticket file found"
-ec TKT_FIL_ACC,		"Couldn't access Kerberos 4 ticket file"
-ec TKT_FIL_LCK,		"Couldn't lock Kerberos 4 ticket file"
-ec TKT_FIL_FMT,		"Bad Kerberos 4 ticket file format"
-ec TKT_FIL_INI,		"Kerberos 4: tf_init not called first"
-ec KNAME_FMT,		"Bad Kerberos 4 name format"
diff --git a/crypto/heimdal/lib/krb5/krbhst-test.c b/crypto/heimdal/lib/krb5/krbhst-test.c
deleted file mode 100644
index 38b0b6a36c30..000000000000
--- a/crypto/heimdal/lib/krb5/krbhst-test.c
+++ /dev/null
@@ -1,104 +0,0 @@
-/*
- * Copyright (c) 2001 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-#include <err.h>
-#include <getarg.h>
-
-RCSID("$Id: krbhst-test.c 15466 2005-06-17 04:21:47Z lha $");
-
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    {"version",	0,	arg_flag,	&version_flag,
-     "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,
-     NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "[realms ...]");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    int i, j;
-    krb5_context context;
-    int types[] = {KRB5_KRBHST_KDC, KRB5_KRBHST_ADMIN, KRB5_KRBHST_CHANGEPW,
-		   KRB5_KRBHST_KRB524};
-    const char *type_str[] = {"kdc", "admin", "changepw", "krb524"};
-    int optidx = 0;
-    
-    setprogname (argv[0]);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    krb5_init_context (&context);
-    for(i = 0; i < argc; i++) {
-	krb5_krbhst_handle handle;
-	char host[MAXHOSTNAMELEN];
-
-	for (j = 0; j < sizeof(types)/sizeof(*types); ++j) {
-	    printf ("%s for %s:\n", type_str[j], argv[i]);
-
-	    krb5_krbhst_init(context, argv[i], types[j], &handle);
-	    while(krb5_krbhst_next_as_string(context, handle,
-					     host, sizeof(host)) == 0)
-		printf("%s\n", host);
-	    krb5_krbhst_reset(context, handle);
-	    printf ("\n");
-	}
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/krbhst.c b/crypto/heimdal/lib/krb5/krbhst.c
deleted file mode 100644
index 094fd4f9c64d..000000000000
--- a/crypto/heimdal/lib/krb5/krbhst.c
+++ /dev/null
@@ -1,1010 +0,0 @@
-/*
- * Copyright (c) 2001 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-#include <resolve.h>
-#include "locate_plugin.h"
-
-RCSID("$Id: krbhst.c 21457 2007-07-10 12:53:25Z lha $");
-
-static int
-string_to_proto(const char *string)
-{
-    if(strcasecmp(string, "udp") == 0)
-	return KRB5_KRBHST_UDP;
-    else if(strcasecmp(string, "tcp") == 0) 
-	return KRB5_KRBHST_TCP;
-    else if(strcasecmp(string, "http") == 0) 
-	return KRB5_KRBHST_HTTP;
-    return -1;
-}
-
-/*
- * set `res' and `count' to the result of looking up SRV RR in DNS for
- * `proto', `proto', `realm' using `dns_type'.
- * if `port' != 0, force that port number
- */
-
-static krb5_error_code
-srv_find_realm(krb5_context context, krb5_krbhst_info ***res, int *count, 
-	       const char *realm, const char *dns_type,
-	       const char *proto, const char *service, int port)
-{
-    char domain[1024];
-    struct dns_reply *r;
-    struct resource_record *rr;
-    int num_srv;
-    int proto_num;
-    int def_port;
-
-    *res = NULL;
-    *count = 0;
-
-    proto_num = string_to_proto(proto);
-    if(proto_num < 0) {
-	krb5_set_error_string(context, "unknown protocol `%s'", proto);
-	return EINVAL;
-    }
-
-    if(proto_num == KRB5_KRBHST_HTTP)
-	def_port = ntohs(krb5_getportbyname (context, "http", "tcp", 80));
-    else if(port == 0)
-	def_port = ntohs(krb5_getportbyname (context, service, proto, 88));
-    else
-	def_port = port;
-
-    snprintf(domain, sizeof(domain), "_%s._%s.%s.", service, proto, realm);
-
-    r = dns_lookup(domain, dns_type);
-    if(r == NULL)
-	return KRB5_KDC_UNREACH;
-
-    for(num_srv = 0, rr = r->head; rr; rr = rr->next) 
-	if(rr->type == T_SRV)
-	    num_srv++;
-
-    *res = malloc(num_srv * sizeof(**res));
-    if(*res == NULL) {
-	dns_free_data(r);
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    dns_srv_order(r);
-
-    for(num_srv = 0, rr = r->head; rr; rr = rr->next) 
-	if(rr->type == T_SRV) {
-	    krb5_krbhst_info *hi;
-	    size_t len = strlen(rr->u.srv->target);
-
-	    hi = calloc(1, sizeof(*hi) + len);
-	    if(hi == NULL) {
-		dns_free_data(r);
-		while(--num_srv >= 0)
-		    free((*res)[num_srv]);
-		free(*res);
-		*res = NULL;
-		return ENOMEM;
-	    }
-	    (*res)[num_srv++] = hi;
-
-	    hi->proto = proto_num;
-	    
-	    hi->def_port = def_port;
-	    if (port != 0)
-		hi->port = port;
-	    else
-		hi->port = rr->u.srv->port;
-
-	    strlcpy(hi->hostname, rr->u.srv->target, len + 1);
-	}
-
-    *count = num_srv;
-	    
-    dns_free_data(r);
-    return 0;
-}
-
-
-struct krb5_krbhst_data {
-    char *realm;
-    unsigned int flags;
-    int def_port;
-    int port;			/* hardwired port number if != 0 */
-#define KD_CONFIG		 1
-#define KD_SRV_UDP		 2
-#define KD_SRV_TCP		 4
-#define KD_SRV_HTTP		 8
-#define KD_FALLBACK		16
-#define KD_CONFIG_EXISTS	32
-#define KD_LARGE_MSG		64
-#define KD_PLUGIN	       128
-    krb5_error_code (*get_next)(krb5_context, struct krb5_krbhst_data *, 
-				krb5_krbhst_info**);
-
-    unsigned int fallback_count;
-
-    struct krb5_krbhst_info *hosts, **index, **end;
-};
-
-static krb5_boolean
-krbhst_empty(const struct krb5_krbhst_data *kd)
-{
-    return kd->index == &kd->hosts;
-}
-
-/*
- * Return the default protocol for the `kd' (either TCP or UDP)
- */
-
-static int
-krbhst_get_default_proto(struct krb5_krbhst_data *kd)
-{
-    if (kd->flags & KD_LARGE_MSG)
-	return KRB5_KRBHST_TCP;
-    return KRB5_KRBHST_UDP;
-}
-
-
-/*
- * parse `spec' into a krb5_krbhst_info, defaulting the port to `def_port'
- * and forcing it to `port' if port != 0
- */
-
-static struct krb5_krbhst_info*
-parse_hostspec(krb5_context context, struct krb5_krbhst_data *kd,
-	       const char *spec, int def_port, int port)
-{
-    const char *p = spec;
-    struct krb5_krbhst_info *hi;
-    
-    hi = calloc(1, sizeof(*hi) + strlen(spec));
-    if(hi == NULL)
-	return NULL;
-       
-    hi->proto = krbhst_get_default_proto(kd);
-
-    if(strncmp(p, "http://", 7) == 0){
-	hi->proto = KRB5_KRBHST_HTTP;
-	p += 7;
-    } else if(strncmp(p, "http/", 5) == 0) {
-	hi->proto = KRB5_KRBHST_HTTP;
-	p += 5;
-	def_port = ntohs(krb5_getportbyname (context, "http", "tcp", 80));
-    }else if(strncmp(p, "tcp/", 4) == 0){
-	hi->proto = KRB5_KRBHST_TCP;
-	p += 4;
-    } else if(strncmp(p, "udp/", 4) == 0) {
-	p += 4;
-    }
-
-    if(strsep_copy(&p, ":", hi->hostname, strlen(spec) + 1) < 0) {
-	free(hi);
-	return NULL;
-    }
-    /* get rid of trailing /, and convert to lower case */
-    hi->hostname[strcspn(hi->hostname, "/")] = '\0';
-    strlwr(hi->hostname);
-
-    hi->port = hi->def_port = def_port;
-    if(p != NULL) {
-	char *end;
-	hi->port = strtol(p, &end, 0);
-	if(end == p) {
-	    free(hi);
-	    return NULL;
-	}
-    }
-    if (port)
-	hi->port = port;
-    return hi;
-}
-
-void
-_krb5_free_krbhst_info(krb5_krbhst_info *hi)
-{
-    if (hi->ai != NULL)
-	freeaddrinfo(hi->ai);
-    free(hi);
-}
-
-krb5_error_code
-_krb5_krbhost_info_move(krb5_context context,
-			krb5_krbhst_info *from,
-			krb5_krbhst_info **to)
-{
-    size_t hostnamelen = strlen(from->hostname);
-    /* trailing NUL is included in structure */
-    *to = calloc(1, sizeof(**to) + hostnamelen); 
-    if(*to == NULL) {
-	krb5_set_error_string(context, "malloc - out of memory");
-	return ENOMEM;
-    }
-
-    (*to)->proto = from->proto;
-    (*to)->port = from->port;
-    (*to)->def_port = from->def_port;
-    (*to)->ai = from->ai;
-    from->ai = NULL;
-    (*to)->next = NULL;
-    memcpy((*to)->hostname, from->hostname, hostnamelen + 1);
-    return 0;
-}
-
-
-static void
-append_host_hostinfo(struct krb5_krbhst_data *kd, struct krb5_krbhst_info *host)
-{
-    struct krb5_krbhst_info *h;
-
-    for(h = kd->hosts; h; h = h->next)
-	if(h->proto == host->proto && 
-	   h->port == host->port && 
-	   strcmp(h->hostname, host->hostname) == 0) {
-	    _krb5_free_krbhst_info(host);
-	    return;
-	}
-    *kd->end = host;
-    kd->end = &host->next;
-}
-
-static krb5_error_code
-append_host_string(krb5_context context, struct krb5_krbhst_data *kd,
-		   const char *host, int def_port, int port)
-{
-    struct krb5_krbhst_info *hi;
-
-    hi = parse_hostspec(context, kd, host, def_port, port);
-    if(hi == NULL)
-	return ENOMEM;
-    
-    append_host_hostinfo(kd, hi);
-    return 0;
-}
-
-/*
- * return a readable representation of `host' in `hostname, hostlen'
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_krbhst_format_string(krb5_context context, const krb5_krbhst_info *host, 
-			  char *hostname, size_t hostlen)
-{
-    const char *proto = "";
-    char portstr[7] = "";
-    if(host->proto == KRB5_KRBHST_TCP)
-	proto = "tcp/";
-    else if(host->proto == KRB5_KRBHST_HTTP)
-	proto = "http://";
-    if(host->port != host->def_port)
-	snprintf(portstr, sizeof(portstr), ":%d", host->port);
-    snprintf(hostname, hostlen, "%s%s%s", proto, host->hostname, portstr);
-    return 0;
-}
-
-/*
- * create a getaddrinfo `hints' based on `proto'
- */
-
-static void
-make_hints(struct addrinfo *hints, int proto)
-{
-    memset(hints, 0, sizeof(*hints));
-    hints->ai_family = AF_UNSPEC;
-    switch(proto) {
-    case KRB5_KRBHST_UDP :
-	hints->ai_socktype = SOCK_DGRAM;
-	break;
-    case KRB5_KRBHST_HTTP :
-    case KRB5_KRBHST_TCP :
-	hints->ai_socktype = SOCK_STREAM;
-	break;
-    }
-}
-
-/*
- * return an `struct addrinfo *' in `ai' corresponding to the information
- * in `host'.  free:ing is handled by krb5_krbhst_free.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_krbhst_get_addrinfo(krb5_context context, krb5_krbhst_info *host,
-			 struct addrinfo **ai)
-{
-    struct addrinfo hints;
-    char portstr[NI_MAXSERV];
-    int ret;
-
-    if (host->ai == NULL) {
-	make_hints(&hints, host->proto);
-	snprintf (portstr, sizeof(portstr), "%d", host->port);
-	ret = getaddrinfo(host->hostname, portstr, &hints, &host->ai);
-	if (ret)
-	    return krb5_eai_to_heim_errno(ret, errno);
-    }
-    *ai = host->ai;
-    return 0;
-}
-
-static krb5_boolean
-get_next(struct krb5_krbhst_data *kd, krb5_krbhst_info **host)
-{
-    struct krb5_krbhst_info *hi = *kd->index;
-    if(hi != NULL) {
-	*host = hi;
-	kd->index = &(*kd->index)->next;
-	return TRUE;
-    }
-    return FALSE;
-}
-
-static void
-srv_get_hosts(krb5_context context, struct krb5_krbhst_data *kd, 
-	      const char *proto, const char *service)
-{
-    krb5_krbhst_info **res;
-    int count, i;
-
-    if (srv_find_realm(context, &res, &count, kd->realm, "SRV", proto, service,
-		       kd->port))
-	return;
-    for(i = 0; i < count; i++)
-	append_host_hostinfo(kd, res[i]);
-    free(res);
-}
-
-/*
- * read the configuration for `conf_string', defaulting to kd->def_port and
- * forcing it to `kd->port' if kd->port != 0
- */
-
-static void
-config_get_hosts(krb5_context context, struct krb5_krbhst_data *kd, 
-		 const char *conf_string)
-{
-    int i;
-	
-    char **hostlist;
-    hostlist = krb5_config_get_strings(context, NULL, 
-				       "realms", kd->realm, conf_string, NULL);
-
-    if(hostlist == NULL)
-	return;
-    kd->flags |= KD_CONFIG_EXISTS;
-    for(i = 0; hostlist && hostlist[i] != NULL; i++)
-	append_host_string(context, kd, hostlist[i], kd->def_port, kd->port);
-
-    krb5_config_free_strings(hostlist);
-}
-
-/*
- * as a fallback, look for `serv_string.kd->realm' (typically
- * kerberos.REALM, kerberos-1.REALM, ...
- * `port' is the default port for the service, and `proto' the 
- * protocol
- */
-
-static krb5_error_code
-fallback_get_hosts(krb5_context context, struct krb5_krbhst_data *kd, 
-		   const char *serv_string, int port, int proto)
-{
-    char *host;
-    int ret;
-    struct addrinfo *ai;
-    struct addrinfo hints;
-    char portstr[NI_MAXSERV];
-
-    /* 
-     * Don't try forever in case the DNS server keep returning us
-     * entries (like wildcard entries or the .nu TLD)
-     */
-    if(kd->fallback_count >= 5) {
-	kd->flags |= KD_FALLBACK;
-	return 0;
-    }
-
-    if(kd->fallback_count == 0)
-	asprintf(&host, "%s.%s.", serv_string, kd->realm);
-    else
-	asprintf(&host, "%s-%d.%s.", 
-		 serv_string, kd->fallback_count, kd->realm);	    
-
-    if (host == NULL)
-	return ENOMEM;
-    
-    make_hints(&hints, proto);
-    snprintf(portstr, sizeof(portstr), "%d", port);
-    ret = getaddrinfo(host, portstr, &hints, &ai);
-    if (ret) {
-	/* no more hosts, so we're done here */
-	free(host);
-	kd->flags |= KD_FALLBACK;
-    } else {
-	struct krb5_krbhst_info *hi;
-	size_t hostlen = strlen(host);
-
-	hi = calloc(1, sizeof(*hi) + hostlen);
-	if(hi == NULL) {
-	    free(host);
-	    return ENOMEM;
-	}
-
-	hi->proto = proto;
-	hi->port  = hi->def_port = port;
-	hi->ai    = ai;
-	memmove(hi->hostname, host, hostlen);
-	hi->hostname[hostlen] = '\0';
-	free(host);
-	append_host_hostinfo(kd, hi);
-	kd->fallback_count++;
-    }
-    return 0;
-}
-
-/*
- * Fetch hosts from plugin
- */
-
-static krb5_error_code 
-add_locate(void *ctx, int type, struct sockaddr *addr)
-{
-    struct krb5_krbhst_info *hi;
-    struct krb5_krbhst_data *kd = ctx;
-    char host[NI_MAXHOST], port[NI_MAXSERV];
-    struct addrinfo hints, *ai;
-    socklen_t socklen;
-    size_t hostlen;
-    int ret;
-
-    socklen = socket_sockaddr_size(addr);
-
-    ret = getnameinfo(addr, socklen, host, sizeof(host), port, sizeof(port),
-		      NI_NUMERICHOST|NI_NUMERICSERV);
-    if (ret != 0)
-	return 0;
-
-    make_hints(&hints, krbhst_get_default_proto(kd));
-    ret = getaddrinfo(host, port, &hints, &ai);
-    if (ret)
-	return 0;
-
-    hostlen = strlen(host);
-
-    hi = calloc(1, sizeof(*hi) + hostlen);
-    if(hi == NULL)
-	return ENOMEM;
-    
-    hi->proto = krbhst_get_default_proto(kd);
-    hi->port  = hi->def_port = socket_get_port(addr);
-    hi->ai    = ai;
-    memmove(hi->hostname, host, hostlen);
-    hi->hostname[hostlen] = '\0';
-    append_host_hostinfo(kd, hi);
-
-    return 0;
-}
-
-static void
-plugin_get_hosts(krb5_context context,
-		 struct krb5_krbhst_data *kd,
-		 enum locate_service_type type)
-{
-    struct krb5_plugin *list = NULL, *e;
-    krb5_error_code ret;
-
-    ret = _krb5_plugin_find(context, PLUGIN_TYPE_DATA, "resolve", &list);
-    if(ret != 0 || list == NULL)
-	return;
-
-    kd->flags |= KD_CONFIG_EXISTS;
-
-    for (e = list; e != NULL; e = _krb5_plugin_get_next(e)) {
-	krb5plugin_service_locate_ftable *service;
-	void *ctx;
-
-	service = _krb5_plugin_get_symbol(e);
-	if (service->minor_version != 0)
-	    continue;
-	
-	(*service->init)(context, &ctx);
-	ret = (*service->lookup)(ctx, type, kd->realm, 0, 0, add_locate, kd);
-	(*service->fini)(ctx);
-	if (ret) {
-	    krb5_set_error_string(context, "Plugin failed to lookup");
-	    break;
-	}
-    }
-    _krb5_plugin_free(list);
-}
-
-/*
- *
- */
-
-static krb5_error_code
-kdc_get_next(krb5_context context,
-	     struct krb5_krbhst_data *kd,
-	     krb5_krbhst_info **host)
-{
-    krb5_error_code ret;
-
-    if ((kd->flags & KD_PLUGIN) == 0) {
-	plugin_get_hosts(context, kd, locate_service_kdc);
-	kd->flags |= KD_PLUGIN;
-	if(get_next(kd, host))
-	    return 0;
-    }
-
-    if((kd->flags & KD_CONFIG) == 0) {
-	config_get_hosts(context, kd, "kdc");
-	kd->flags |= KD_CONFIG;
-	if(get_next(kd, host))
-	    return 0;
-    }
-
-    if (kd->flags & KD_CONFIG_EXISTS)
-	return KRB5_KDC_UNREACH; /* XXX */
-
-    if(context->srv_lookup) {
-	if((kd->flags & KD_SRV_UDP) == 0 && (kd->flags & KD_LARGE_MSG) == 0) {
-	    srv_get_hosts(context, kd, "udp", "kerberos");
-	    kd->flags |= KD_SRV_UDP;
-	    if(get_next(kd, host))
-		return 0;
-	}
-
-	if((kd->flags & KD_SRV_TCP) == 0) {
-	    srv_get_hosts(context, kd, "tcp", "kerberos");
-	    kd->flags |= KD_SRV_TCP;
-	    if(get_next(kd, host))
-		return 0;
-	}
-	if((kd->flags & KD_SRV_HTTP) == 0) {
-	    srv_get_hosts(context, kd, "http", "kerberos");
-	    kd->flags |= KD_SRV_HTTP;
-	    if(get_next(kd, host))
-		return 0;
-	}
-    }
-
-    while((kd->flags & KD_FALLBACK) == 0) {
-	ret = fallback_get_hosts(context, kd, "kerberos",
-				 kd->def_port, 
-				 krbhst_get_default_proto(kd));
-	if(ret)
-	    return ret;
-	if(get_next(kd, host))
-	    return 0;
-    }
-
-    return KRB5_KDC_UNREACH; /* XXX */
-}
-
-static krb5_error_code
-admin_get_next(krb5_context context,
-	       struct krb5_krbhst_data *kd,
-	       krb5_krbhst_info **host)
-{
-    krb5_error_code ret;
-
-    if ((kd->flags & KD_PLUGIN) == 0) {
-	plugin_get_hosts(context, kd, locate_service_kadmin);
-	kd->flags |= KD_PLUGIN;
-	if(get_next(kd, host))
-	    return 0;
-    }
-
-    if((kd->flags & KD_CONFIG) == 0) {
-	config_get_hosts(context, kd, "admin_server");
-	kd->flags |= KD_CONFIG;
-	if(get_next(kd, host))
-	    return 0;
-    }
-
-    if (kd->flags & KD_CONFIG_EXISTS)
-	return KRB5_KDC_UNREACH; /* XXX */
-
-    if(context->srv_lookup) {
-	if((kd->flags & KD_SRV_TCP) == 0) {
-	    srv_get_hosts(context, kd, "tcp", "kerberos-adm");
-	    kd->flags |= KD_SRV_TCP;
-	    if(get_next(kd, host))
-		return 0;
-	}
-    }
-
-    if (krbhst_empty(kd)
-	&& (kd->flags & KD_FALLBACK) == 0) {
-	ret = fallback_get_hosts(context, kd, "kerberos",
-				 kd->def_port,
-				 krbhst_get_default_proto(kd));
-	if(ret)
-	    return ret;
-	kd->flags |= KD_FALLBACK;
-	if(get_next(kd, host))
-	    return 0;
-    }
-
-    return KRB5_KDC_UNREACH;	/* XXX */
-}
-
-static krb5_error_code
-kpasswd_get_next(krb5_context context,
-		 struct krb5_krbhst_data *kd,
-		 krb5_krbhst_info **host)
-{
-    krb5_error_code ret;
-
-    if ((kd->flags & KD_PLUGIN) == 0) {
-	plugin_get_hosts(context, kd, locate_service_kpasswd);
-	kd->flags |= KD_PLUGIN;
-	if(get_next(kd, host))
-	    return 0;
-    }
-
-    if((kd->flags & KD_CONFIG) == 0) {
-	config_get_hosts(context, kd, "kpasswd_server");
-	kd->flags |= KD_CONFIG;
-	if(get_next(kd, host))
-	    return 0;
-    }
-
-    if (kd->flags & KD_CONFIG_EXISTS)
-	return KRB5_KDC_UNREACH; /* XXX */
-
-    if(context->srv_lookup) {
-	if((kd->flags & KD_SRV_UDP) == 0) {
-	    srv_get_hosts(context, kd, "udp", "kpasswd");
-	    kd->flags |= KD_SRV_UDP;
-	    if(get_next(kd, host))
-		return 0;
-	}
-	if((kd->flags & KD_SRV_TCP) == 0) {
-	    srv_get_hosts(context, kd, "tcp", "kpasswd");
-	    kd->flags |= KD_SRV_TCP;
-	    if(get_next(kd, host))
-		return 0;
-	}
-    }
-
-    /* no matches -> try admin */
-
-    if (krbhst_empty(kd)) {
-	kd->flags = 0;
-	kd->port  = kd->def_port;
-	kd->get_next = admin_get_next;
-	ret = (*kd->get_next)(context, kd, host);
-	if (ret == 0)
-	    (*host)->proto = krbhst_get_default_proto(kd);
-	return ret;
-    }
-
-    return KRB5_KDC_UNREACH; /* XXX */
-}
-
-static krb5_error_code
-krb524_get_next(krb5_context context,
-		struct krb5_krbhst_data *kd,
-		krb5_krbhst_info **host)
-{
-    if ((kd->flags & KD_PLUGIN) == 0) {
-	plugin_get_hosts(context, kd, locate_service_krb524);
-	kd->flags |= KD_PLUGIN;
-	if(get_next(kd, host))
-	    return 0;
-    }
-
-    if((kd->flags & KD_CONFIG) == 0) {
-	config_get_hosts(context, kd, "krb524_server");
-	if(get_next(kd, host))
-	    return 0;
-	kd->flags |= KD_CONFIG;
-    }
-
-    if (kd->flags & KD_CONFIG_EXISTS)
-	return KRB5_KDC_UNREACH; /* XXX */
-
-    if(context->srv_lookup) {
-	if((kd->flags & KD_SRV_UDP) == 0) {
-	    srv_get_hosts(context, kd, "udp", "krb524");
-	    kd->flags |= KD_SRV_UDP;
-	    if(get_next(kd, host))
-		return 0;
-	}
-
-	if((kd->flags & KD_SRV_TCP) == 0) {
-	    srv_get_hosts(context, kd, "tcp", "krb524");
-	    kd->flags |= KD_SRV_TCP;
-	    if(get_next(kd, host))
-		return 0;
-	}
-    }
-
-    /* no matches -> try kdc */
-
-    if (krbhst_empty(kd)) {
-	kd->flags = 0;
-	kd->port  = kd->def_port;
-	kd->get_next = kdc_get_next;
-	return (*kd->get_next)(context, kd, host);
-    }
-
-    return KRB5_KDC_UNREACH; /* XXX */
-}
-
-static struct krb5_krbhst_data*
-common_init(krb5_context context,
-	    const char *realm,
-	    int flags)
-{
-    struct krb5_krbhst_data *kd;
-
-    if((kd = calloc(1, sizeof(*kd))) == NULL)
-	return NULL;
-
-    if((kd->realm = strdup(realm)) == NULL) {
-	free(kd);
-	return NULL;
-    }
-
-    /* For 'realms' without a . do not even think of going to DNS */
-    if (!strchr(realm, '.'))
-	kd->flags |= KD_CONFIG_EXISTS;
-
-    if (flags & KRB5_KRBHST_FLAGS_LARGE_MSG)
-	kd->flags |= KD_LARGE_MSG;
-    kd->end = kd->index = &kd->hosts;
-    return kd;
-}
-
-/*
- * initialize `handle' to look for hosts of type `type' in realm `realm'
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_krbhst_init(krb5_context context,
-		 const char *realm,
-		 unsigned int type,
-		 krb5_krbhst_handle *handle)
-{
-    return krb5_krbhst_init_flags(context, realm, type, 0, handle);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_krbhst_init_flags(krb5_context context,
-		       const char *realm,
-		       unsigned int type,
-		       int flags,
-		       krb5_krbhst_handle *handle)
-{
-    struct krb5_krbhst_data *kd;
-    krb5_error_code (*next)(krb5_context, struct krb5_krbhst_data *, 
-			    krb5_krbhst_info **);
-    int def_port;
-
-    switch(type) {
-    case KRB5_KRBHST_KDC:
-	next = kdc_get_next;
-	def_port = ntohs(krb5_getportbyname (context, "kerberos", "udp", 88));
-	break;
-    case KRB5_KRBHST_ADMIN:
-	next = admin_get_next;
-	def_port = ntohs(krb5_getportbyname (context, "kerberos-adm",
-					     "tcp", 749));
-	break;
-    case KRB5_KRBHST_CHANGEPW:
-	next = kpasswd_get_next;
-	def_port = ntohs(krb5_getportbyname (context, "kpasswd", "udp",
-					     KPASSWD_PORT));
-	break;
-    case KRB5_KRBHST_KRB524:
-	next = krb524_get_next;
-	def_port = ntohs(krb5_getportbyname (context, "krb524", "udp", 4444));
-	break;
-    default:
-	krb5_set_error_string(context, "unknown krbhst type (%u)", type);
-	return ENOTTY;
-    }
-    if((kd = common_init(context, realm, flags)) == NULL)
-	return ENOMEM;
-    kd->get_next = next;
-    kd->def_port = def_port;
-    *handle = kd;
-    return 0;
-}
-
-/*
- * return the next host information from `handle' in `host'
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_krbhst_next(krb5_context context,
-		 krb5_krbhst_handle handle,
-		 krb5_krbhst_info **host)
-{
-    if(get_next(handle, host))
-	return 0;
-
-    return (*handle->get_next)(context, handle, host);
-}
-
-/*
- * return the next host information from `handle' as a host name
- * in `hostname' (or length `hostlen)
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_krbhst_next_as_string(krb5_context context,
-			   krb5_krbhst_handle handle,
-			   char *hostname,
-			   size_t hostlen)
-{
-    krb5_error_code ret;
-    krb5_krbhst_info *host;
-    ret = krb5_krbhst_next(context, handle, &host);
-    if(ret)
-	return ret;
-    return krb5_krbhst_format_string(context, host, hostname, hostlen);
-}
-
-
-void KRB5_LIB_FUNCTION
-krb5_krbhst_reset(krb5_context context, krb5_krbhst_handle handle)
-{
-    handle->index = &handle->hosts;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_krbhst_free(krb5_context context, krb5_krbhst_handle handle)
-{
-    krb5_krbhst_info *h, *next;
-
-    if (handle == NULL)
-	return;
-
-    for (h = handle->hosts; h != NULL; h = next) {
-	next = h->next;
-	_krb5_free_krbhst_info(h);
-    }
-
-    free(handle->realm);
-    free(handle);
-}
-
-/* backwards compatibility ahead */
-
-static krb5_error_code
-gethostlist(krb5_context context, const char *realm, 
-	    unsigned int type, char ***hostlist)
-{
-    krb5_error_code ret;
-    int nhost = 0;
-    krb5_krbhst_handle handle;
-    char host[MAXHOSTNAMELEN];
-    krb5_krbhst_info *hostinfo;
-
-    ret = krb5_krbhst_init(context, realm, type, &handle);
-    if (ret)
-	return ret;
-
-    while(krb5_krbhst_next(context, handle, &hostinfo) == 0)
-	nhost++;
-    if(nhost == 0) {
-	krb5_set_error_string(context, "No KDC found for realm %s", realm);
-	return KRB5_KDC_UNREACH;
-    }
-    *hostlist = calloc(nhost + 1, sizeof(**hostlist));
-    if(*hostlist == NULL) {
-	krb5_krbhst_free(context, handle);
-	return ENOMEM;
-    }
-
-    krb5_krbhst_reset(context, handle);
-    nhost = 0;
-    while(krb5_krbhst_next_as_string(context, handle, 
-				     host, sizeof(host)) == 0) {
-	if(((*hostlist)[nhost++] = strdup(host)) == NULL) {
-	    krb5_free_krbhst(context, *hostlist);
-	    krb5_krbhst_free(context, handle);
-	    return ENOMEM;
-	}
-    }
-    (*hostlist)[nhost++] = NULL;
-    krb5_krbhst_free(context, handle);
-    return 0;
-}
-
-/*
- * return an malloced list of kadmin-hosts for `realm' in `hostlist'
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_krb_admin_hst (krb5_context context,
-			const krb5_realm *realm,
-			char ***hostlist)
-{
-    return gethostlist(context, *realm, KRB5_KRBHST_ADMIN, hostlist);
-}
-
-/*
- * return an malloced list of changepw-hosts for `realm' in `hostlist'
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_krb_changepw_hst (krb5_context context,
-			   const krb5_realm *realm,
-			   char ***hostlist)
-{
-    return gethostlist(context, *realm, KRB5_KRBHST_CHANGEPW, hostlist);
-}
-
-/*
- * return an malloced list of 524-hosts for `realm' in `hostlist'
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_krb524hst (krb5_context context,
-		    const krb5_realm *realm,
-		    char ***hostlist)
-{
-    return gethostlist(context, *realm, KRB5_KRBHST_KRB524, hostlist);
-}
-
-
-/*
- * return an malloced list of KDC's for `realm' in `hostlist'
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_krbhst (krb5_context context,
-		 const krb5_realm *realm,
-		 char ***hostlist)
-{
-    return gethostlist(context, *realm, KRB5_KRBHST_KDC, hostlist);
-}
-
-/*
- * free all the memory allocated in `hostlist'
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_free_krbhst (krb5_context context,
-		  char **hostlist)
-{
-    char **p;
-
-    for (p = hostlist; *p; ++p)
-	free (*p);
-    free (hostlist);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/kuserok.c b/crypto/heimdal/lib/krb5/kuserok.c
deleted file mode 100644
index 8f0ff996960d..000000000000
--- a/crypto/heimdal/lib/krb5/kuserok.c
+++ /dev/null
@@ -1,262 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-#include <dirent.h>
-
-RCSID("$Id: kuserok.c 16048 2005-09-09 10:33:33Z lha $");
-
-/* see if principal is mentioned in the filename access file, return
-   TRUE (in result) if so, FALSE otherwise */
-
-static krb5_error_code
-check_one_file(krb5_context context, 
-	       const char *filename, 
-	       struct passwd *pwd,
-	       krb5_principal principal, 
-	       krb5_boolean *result)
-{
-    FILE *f;
-    char buf[BUFSIZ];
-    krb5_error_code ret;
-    struct stat st;
-    
-    *result = FALSE;
-
-    f = fopen (filename, "r");
-    if (f == NULL)
-	return errno;
-    
-    /* check type and mode of file */
-    if (fstat(fileno(f), &st) != 0) {
-	fclose (f);
-	return errno;
-    }
-    if (S_ISDIR(st.st_mode)) {
-	fclose (f);
-	return EISDIR;
-    }
-    if (st.st_uid != pwd->pw_uid && st.st_uid != 0) {
-	fclose (f);
-	return EACCES;
-    }
-    if ((st.st_mode & (S_IWGRP | S_IWOTH)) != 0) {
-	fclose (f);
-	return EACCES;
-    }
-
-    while (fgets (buf, sizeof(buf), f) != NULL) {
-	krb5_principal tmp;
-	char *newline = buf + strcspn(buf, "\n");
-
-	if(*newline != '\n') {
-	    int c;
-	    c = fgetc(f);
-	    if(c != EOF) {
-		while(c != EOF && c != '\n')
-		    c = fgetc(f);
-		/* line was too long, so ignore it */
-		continue;
-	    }
-	}
-	*newline = '\0';
-	ret = krb5_parse_name (context, buf, &tmp);
-	if (ret)
-	    continue;
-	*result = krb5_principal_compare (context, principal, tmp);
-	krb5_free_principal (context, tmp);
-	if (*result) {
-	    fclose (f);
-	    return 0;
-	}
-    }
-    fclose (f);
-    return 0;
-}
-
-static krb5_error_code
-check_directory(krb5_context context, 
-		const char *dirname, 
-		struct passwd *pwd,
-		krb5_principal principal, 
-		krb5_boolean *result)
-{
-    DIR *d;
-    struct dirent *dent;
-    char filename[MAXPATHLEN];
-    krb5_error_code ret = 0;
-    struct stat st;
-
-    *result = FALSE;
-
-    if(lstat(dirname, &st) < 0)
-	return errno;
-
-    if (!S_ISDIR(st.st_mode))
-	return ENOTDIR;
-    
-    if (st.st_uid != pwd->pw_uid && st.st_uid != 0)
-	return EACCES;
-    if ((st.st_mode & (S_IWGRP | S_IWOTH)) != 0)
-	return EACCES;
-
-    if((d = opendir(dirname)) == NULL) 
-	return errno;
-
-#ifdef HAVE_DIRFD
-    {
-	int fd;
-	struct stat st2;
-
-	fd = dirfd(d);
-	if(fstat(fd, &st2) < 0) {
-	    closedir(d);
-	    return errno;
-	}
-	if(st.st_dev != st2.st_dev || st.st_ino != st2.st_ino) {
-	    closedir(d);
-	    return EACCES;
-	}
-    }
-#endif
-
-    while((dent = readdir(d)) != NULL) {
-	if(strcmp(dent->d_name, ".") == 0 ||
-	   strcmp(dent->d_name, "..") == 0 ||
-	   dent->d_name[0] == '#' ||			  /* emacs autosave */
-	   dent->d_name[strlen(dent->d_name) - 1] == '~') /* emacs backup */
-	    continue;
-	snprintf(filename, sizeof(filename), "%s/%s", dirname, dent->d_name);
-	ret = check_one_file(context, filename, pwd, principal, result);
-	if(ret == 0 && *result == TRUE)
-	    break;
-	ret = 0; /* don't propagate errors upstream */
-    }
-    closedir(d);
-    return ret;
-}
-
-static krb5_boolean
-match_local_principals(krb5_context context,
-		       krb5_principal principal,
-		       const char *luser)
-{
-    krb5_error_code ret;
-    krb5_realm *realms, *r;
-    krb5_boolean result = FALSE;
-    
-    /* multi-component principals can never match */
-    if(krb5_principal_get_comp_string(context, principal, 1) != NULL)
-	return FALSE;
-
-    ret = krb5_get_default_realms (context, &realms);
-    if (ret)
-	return FALSE;
-	
-    for (r = realms; *r != NULL; ++r) {
-	if(strcmp(krb5_principal_get_realm(context, principal),
-		  *r) != 0)
-	    continue;
-	if(strcmp(krb5_principal_get_comp_string(context, principal, 0),
-		  luser) == 0) {
-	    result = TRUE;
-	    break;
-	}
-    }
-    krb5_free_host_realm (context, realms);
-    return result;
-}
-
-/**
- * Return TRUE iff `principal' is allowed to login as `luser'.
- */
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_kuserok (krb5_context context,
-	      krb5_principal principal,
-	      const char *luser)
-{
-    char *buf;
-    size_t buflen;
-    struct passwd *pwd;
-    krb5_error_code ret;
-    krb5_boolean result = FALSE;
-
-    krb5_boolean found_file = FALSE;
-
-#ifdef POSIX_GETPWNAM_R
-    char pwbuf[2048];
-    struct passwd pw;
-
-    if(getpwnam_r(luser, &pw, pwbuf, sizeof(pwbuf), &pwd) != 0)
-	return FALSE;
-#else
-    pwd = getpwnam (luser);
-#endif
-    if (pwd == NULL)
-	return FALSE;
-
-#define KLOGIN "/.k5login"
-    buflen = strlen(pwd->pw_dir) + sizeof(KLOGIN) + 2; /* 2 for .d */
-    buf = malloc(buflen);
-    if(buf == NULL)
-	return FALSE;
-    /* check user's ~/.k5login */
-    strlcpy(buf, pwd->pw_dir, buflen);
-    strlcat(buf, KLOGIN, buflen);
-    ret = check_one_file(context, buf, pwd, principal, &result);
-
-    if(ret == 0 && result == TRUE) {
-	free(buf);
-	return TRUE;
-    }
-
-    if(ret != ENOENT) 
-	found_file = TRUE;
-
-    strlcat(buf, ".d", buflen);
-    ret = check_directory(context, buf, pwd, principal, &result);
-    free(buf);
-    if(ret == 0 && result == TRUE)
-	return TRUE;
-
-    if(ret != ENOENT && ret != ENOTDIR) 
-	found_file = TRUE;
-
-    /* finally if no files exist, allow all principals matching
-       <localuser>@<LOCALREALM> */
-    if(found_file == FALSE)
-	return match_local_principals(context, principal, luser);
-
-    return FALSE;
-}
diff --git a/crypto/heimdal/lib/krb5/locate_plugin.h b/crypto/heimdal/lib/krb5/locate_plugin.h
deleted file mode 100644
index 251712c8940d..000000000000
--- a/crypto/heimdal/lib/krb5/locate_plugin.h
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: locate_plugin.h 18998 2006-11-12 19:00:03Z lha $ */
-
-#ifndef HEIMDAL_KRB5_LOCATE_PLUGIN_H
-#define HEIMDAL_KRB5_LOCATE_PLUGIN_H 1
-
-#include <krb5.h>
-
-enum locate_service_type {
-    locate_service_kdc = 1,
-    locate_service_master_kdc,
-    locate_service_kadmin,
-    locate_service_krb524,
-    locate_service_kpasswd
-};
-
-typedef krb5_error_code 
-(*krb5plugin_service_locate_lookup) (void *, enum locate_service_type,
-				     const char *, int, int, 
-				     int (*)(void *,int,struct sockaddr *),
-				     void *);
-
-
-typedef struct krb5plugin_service_locate_ftable {
-    int			minor_version;
-    krb5_error_code	(*init)(krb5_context, void **);
-    void		(*fini)(void *);
-    krb5plugin_service_locate_lookup lookup;
-} krb5plugin_service_locate_ftable;
-
-#endif /* HEIMDAL_KRB5_LOCATE_PLUGIN_H */
-
diff --git a/crypto/heimdal/lib/krb5/log.c b/crypto/heimdal/lib/krb5/log.c
deleted file mode 100644
index c04f50fd9aa8..000000000000
--- a/crypto/heimdal/lib/krb5/log.c
+++ /dev/null
@@ -1,471 +0,0 @@
-/*
- * Copyright (c) 1997-2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: log.c 19088 2006-11-21 08:08:46Z lha $");
-
-struct facility {
-    int min;
-    int max;
-    krb5_log_log_func_t log_func;
-    krb5_log_close_func_t close_func;
-    void *data;
-};
-
-static struct facility*
-log_realloc(krb5_log_facility *f)
-{
-    struct facility *fp;
-    fp = realloc(f->val, (f->len + 1) * sizeof(*f->val));
-    if(fp == NULL)
-	return NULL;
-    f->len++;
-    f->val = fp;
-    fp += f->len - 1;
-    return fp;
-}
-
-struct s2i {
-    const char *s;
-    int val;
-};
-
-#define L(X) { #X, LOG_ ## X }
-
-static struct s2i syslogvals[] = {
-    L(EMERG),
-    L(ALERT),
-    L(CRIT),
-    L(ERR),
-    L(WARNING),
-    L(NOTICE),
-    L(INFO),
-    L(DEBUG),
-
-    L(AUTH),
-#ifdef LOG_AUTHPRIV
-    L(AUTHPRIV),
-#endif
-#ifdef LOG_CRON
-    L(CRON),
-#endif
-    L(DAEMON),
-#ifdef LOG_FTP
-    L(FTP),
-#endif
-    L(KERN),
-    L(LPR),
-    L(MAIL),
-#ifdef LOG_NEWS
-    L(NEWS),
-#endif
-    L(SYSLOG),
-    L(USER),
-#ifdef LOG_UUCP
-    L(UUCP),
-#endif
-    L(LOCAL0),
-    L(LOCAL1),
-    L(LOCAL2),
-    L(LOCAL3),
-    L(LOCAL4),
-    L(LOCAL5),
-    L(LOCAL6),
-    L(LOCAL7),
-    { NULL, -1 }
-};
-
-static int
-find_value(const char *s, struct s2i *table)
-{
-    while(table->s && strcasecmp(table->s, s))
-	table++;
-    return table->val;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_initlog(krb5_context context,
-	     const char *program,
-	     krb5_log_facility **fac)
-{
-    krb5_log_facility *f = calloc(1, sizeof(*f));
-    if(f == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    f->program = strdup(program);
-    if(f->program == NULL){
-	free(f);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    *fac = f;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_addlog_func(krb5_context context,
-		 krb5_log_facility *fac,
-		 int min,
-		 int max,
-		 krb5_log_log_func_t log_func,
-		 krb5_log_close_func_t close_func,
-		 void *data)
-{
-    struct facility *fp = log_realloc(fac);
-    if(fp == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    fp->min = min;
-    fp->max = max;
-    fp->log_func = log_func;
-    fp->close_func = close_func;
-    fp->data = data;
-    return 0;
-}
-
-
-struct _heimdal_syslog_data{
-    int priority;
-};
-
-static void
-log_syslog(const char *timestr,
-	   const char *msg,
-	   void *data)
-     
-{
-    struct _heimdal_syslog_data *s = data;
-    syslog(s->priority, "%s", msg);
-}
-
-static void
-close_syslog(void *data)
-{
-    free(data);
-    closelog();
-}
-
-static krb5_error_code
-open_syslog(krb5_context context,
-	    krb5_log_facility *facility, int min, int max,
-	    const char *sev, const char *fac)
-{
-    struct _heimdal_syslog_data *sd = malloc(sizeof(*sd));
-    int i;
-
-    if(sd == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    i = find_value(sev, syslogvals);
-    if(i == -1)
-	i = LOG_ERR;
-    sd->priority = i;
-    i = find_value(fac, syslogvals);
-    if(i == -1)
-	i = LOG_AUTH;
-    sd->priority |= i;
-    roken_openlog(facility->program, LOG_PID | LOG_NDELAY, i);
-    return krb5_addlog_func(context, facility, min, max,
-			    log_syslog, close_syslog, sd);
-}
-
-struct file_data{
-    const char *filename;
-    const char *mode;
-    FILE *fd;
-    int keep_open;
-};
-
-static void
-log_file(const char *timestr,
-	 const char *msg,
-	 void *data)
-{
-    struct file_data *f = data;
-    if(f->keep_open == 0)
-	f->fd = fopen(f->filename, f->mode);
-    if(f->fd == NULL)
-	return;
-    fprintf(f->fd, "%s %s\n", timestr, msg);
-    if(f->keep_open == 0) {
-	fclose(f->fd);
-	f->fd = NULL;
-    }
-}
-
-static void
-close_file(void *data)
-{
-    struct file_data *f = data;
-    if(f->keep_open && f->filename)
-	fclose(f->fd);
-    free(data);
-}
-
-static krb5_error_code
-open_file(krb5_context context, krb5_log_facility *fac, int min, int max,
-	  const char *filename, const char *mode, FILE *f, int keep_open)
-{
-    struct file_data *fd = malloc(sizeof(*fd));
-    if(fd == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    fd->filename = filename;
-    fd->mode = mode;
-    fd->fd = f;
-    fd->keep_open = keep_open;
-
-    return krb5_addlog_func(context, fac, min, max, log_file, close_file, fd);
-}
-
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig)
-{
-    krb5_error_code ret = 0;
-    int min = 0, max = -1, n;
-    char c;
-    const char *p = orig;
-
-    n = sscanf(p, "%d%c%d/", &min, &c, &max);
-    if(n == 2){
-	if(c == '/') {
-	    if(min < 0){
-		max = -min;
-		min = 0;
-	    }else{
-		max = min;
-	    }
-	}
-    }
-    if(n){
-	p = strchr(p, '/');
-	if(p == NULL) {
-	    krb5_set_error_string (context, "failed to parse \"%s\"", orig);
-	    return HEIM_ERR_LOG_PARSE;
-	}
-	p++;
-    }
-    if(strcmp(p, "STDERR") == 0){
-	ret = open_file(context, f, min, max, NULL, NULL, stderr, 1);
-    }else if(strcmp(p, "CONSOLE") == 0){
-	ret = open_file(context, f, min, max, "/dev/console", "w", NULL, 0);
-    }else if(strncmp(p, "FILE", 4) == 0 && (p[4] == ':' || p[4] == '=')){
-	char *fn;
-	FILE *file = NULL;
-	int keep_open = 0;
-	fn = strdup(p + 5);
-	if(fn == NULL) {
-	    krb5_set_error_string (context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	if(p[4] == '='){
-	    int i = open(fn, O_WRONLY | O_CREAT | 
-			 O_TRUNC | O_APPEND, 0666);
-	    if(i < 0) {
-		ret = errno;
-		krb5_set_error_string (context, "open(%s): %s", fn,
-				       strerror(ret));
-		free(fn);
-		return ret;
-	    }
-	    file = fdopen(i, "a");
-	    if(file == NULL){
-		ret = errno;
-		close(i);
-		krb5_set_error_string (context, "fdopen(%s): %s", fn,
-				       strerror(ret));
-		free(fn);
-		return ret;
-	    }
-	    keep_open = 1;
-	}
-	ret = open_file(context, f, min, max, fn, "a", file, keep_open);
-    }else if(strncmp(p, "DEVICE", 6) == 0 && (p[6] == ':' || p[6] == '=')){
-	ret = open_file(context, f, min, max, strdup(p + 7), "w", NULL, 0);
-    }else if(strncmp(p, "SYSLOG", 6) == 0 && (p[6] == '\0' || p[6] == ':')){
-	char severity[128] = "";
-	char facility[128] = "";
-	p += 6;
-	if(*p != '\0')
-	    p++;
-	if(strsep_copy(&p, ":", severity, sizeof(severity)) != -1)
-	    strsep_copy(&p, ":", facility, sizeof(facility));
-	if(*severity == '\0')
-	    strlcpy(severity, "ERR", sizeof(severity));
- 	if(*facility == '\0')
-	    strlcpy(facility, "AUTH", sizeof(facility));
-	ret = open_syslog(context, f, min, max, severity, facility);
-    }else{
-	krb5_set_error_string (context, "unknown log type: %s", p);
-	ret = HEIM_ERR_LOG_PARSE; /* XXX */
-    }
-    return ret;
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_openlog(krb5_context context,
-	     const char *program,
-	     krb5_log_facility **fac)
-{
-    krb5_error_code ret;
-    char **p, **q;
-
-    ret = krb5_initlog(context, program, fac);
-    if(ret)
-	return ret;
-
-    p = krb5_config_get_strings(context, NULL, "logging", program, NULL);
-    if(p == NULL)
-	p = krb5_config_get_strings(context, NULL, "logging", "default", NULL);
-    if(p){
-	for(q = p; *q; q++)
-	    ret = krb5_addlog_dest(context, *fac, *q);
-	krb5_config_free_strings(p);
-    }else
-	ret = krb5_addlog_dest(context, *fac, "SYSLOG");
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_closelog(krb5_context context,
-	      krb5_log_facility *fac)
-{
-    int i;
-    for(i = 0; i < fac->len; i++)
-	(*fac->val[i].close_func)(fac->val[i].data);
-    free(fac->val);
-    free(fac->program);
-    fac->val = NULL;
-    fac->len = 0;
-    fac->program = NULL;
-    free(fac);
-    return 0;
-}
-
-#undef __attribute__
-#define __attribute__(X)
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_vlog_msg(krb5_context context,
-	      krb5_log_facility *fac,
-	      char **reply,
-	      int level,
-	      const char *fmt,
-	      va_list ap)
-     __attribute__((format (printf, 5, 0)))
-{
-    
-    char *msg = NULL;
-    const char *actual = NULL;
-    char buf[64];
-    time_t t = 0;
-    int i;
-
-    for(i = 0; fac && i < fac->len; i++)
-	if(fac->val[i].min <= level && 
-	   (fac->val[i].max < 0 || fac->val[i].max >= level)) {
-	    if(t == 0) {
-		t = time(NULL);
-		krb5_format_time(context, t, buf, sizeof(buf), TRUE);
-	    }
-	    if(actual == NULL) {
-		vasprintf(&msg, fmt, ap);
-		if(msg == NULL)
-		    actual = fmt;
-		else
-		    actual = msg;
-	    }
-	    (*fac->val[i].log_func)(buf, actual, fac->val[i].data);
-	}
-    if(reply == NULL)
-	free(msg);
-    else
-	*reply = msg;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_vlog(krb5_context context,
-	  krb5_log_facility *fac,
-	  int level,
-	  const char *fmt,
-	  va_list ap)
-     __attribute__((format (printf, 4, 0)))
-{
-    return krb5_vlog_msg(context, fac, NULL, level, fmt, ap);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_log_msg(krb5_context context,
-	     krb5_log_facility *fac,
-	     int level,
-	     char **reply,
-	     const char *fmt,
-	     ...)
-     __attribute__((format (printf, 5, 6)))
-{
-    va_list ap;
-    krb5_error_code ret;
-
-    va_start(ap, fmt);
-    ret = krb5_vlog_msg(context, fac, reply, level, fmt, ap);
-    va_end(ap);
-    return ret;
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_log(krb5_context context,
-	 krb5_log_facility *fac,
-	 int level,
-	 const char *fmt,
-	 ...)
-     __attribute__((format (printf, 4, 5)))
-{
-    va_list ap;
-    krb5_error_code ret;
-
-    va_start(ap, fmt);
-    ret = krb5_vlog(context, fac, level, fmt, ap);
-    va_end(ap);
-    return ret;
-}
-
diff --git a/crypto/heimdal/lib/krb5/mcache.c b/crypto/heimdal/lib/krb5/mcache.c
deleted file mode 100644
index 01bcb09d3bea..000000000000
--- a/crypto/heimdal/lib/krb5/mcache.c
+++ /dev/null
@@ -1,477 +0,0 @@
-/*
- * Copyright (c) 1997-2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: mcache.c 22107 2007-12-03 17:22:51Z lha $");
-
-typedef struct krb5_mcache {
-    char *name;
-    unsigned int refcnt;
-    int dead;
-    krb5_principal primary_principal;
-    struct link {
-	krb5_creds cred;
-	struct link *next;
-    } *creds;
-    struct krb5_mcache *next;
-} krb5_mcache;
-
-static HEIMDAL_MUTEX mcc_mutex = HEIMDAL_MUTEX_INITIALIZER;
-static struct krb5_mcache *mcc_head;
-
-#define	MCACHE(X)	((krb5_mcache *)(X)->data.data)
-
-#define MISDEAD(X)	((X)->dead)
-
-static const char*
-mcc_get_name(krb5_context context,
-	     krb5_ccache id)
-{
-    return MCACHE(id)->name;
-}
-
-static krb5_mcache *
-mcc_alloc(const char *name)
-{
-    krb5_mcache *m, *m_c;
-
-    ALLOC(m, 1);
-    if(m == NULL)
-	return NULL;
-    if(name == NULL)
-	asprintf(&m->name, "%p", m);
-    else
-	m->name = strdup(name);
-    if(m->name == NULL) {
-	free(m);
-	return NULL;
-    }
-    /* check for dups first */
-    HEIMDAL_MUTEX_lock(&mcc_mutex);
-    for (m_c = mcc_head; m_c != NULL; m_c = m_c->next)
-	if (strcmp(m->name, m_c->name) == 0)
-	    break;
-    if (m_c) {
-	free(m->name);
-	free(m);
-	HEIMDAL_MUTEX_unlock(&mcc_mutex);
-	return NULL;
-    }
-
-    m->dead = 0;
-    m->refcnt = 1;
-    m->primary_principal = NULL;
-    m->creds = NULL;
-    m->next = mcc_head;
-    mcc_head = m;
-    HEIMDAL_MUTEX_unlock(&mcc_mutex);
-    return m;
-}
-
-static krb5_error_code
-mcc_resolve(krb5_context context, krb5_ccache *id, const char *res)
-{
-    krb5_mcache *m;
-
-    HEIMDAL_MUTEX_lock(&mcc_mutex);
-    for (m = mcc_head; m != NULL; m = m->next)
-	if (strcmp(m->name, res) == 0)
-	    break;
-    HEIMDAL_MUTEX_unlock(&mcc_mutex);
-
-    if (m != NULL) {
-	m->refcnt++;
-	(*id)->data.data = m;
-	(*id)->data.length = sizeof(*m);
-	return 0;
-    }
-
-    m = mcc_alloc(res);
-    if (m == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return KRB5_CC_NOMEM;
-    }
-    
-    (*id)->data.data = m;
-    (*id)->data.length = sizeof(*m);
-
-    return 0;
-}
-
-
-static krb5_error_code
-mcc_gen_new(krb5_context context, krb5_ccache *id)
-{
-    krb5_mcache *m;
-
-    m = mcc_alloc(NULL);
-
-    if (m == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return KRB5_CC_NOMEM;
-    }
-
-    (*id)->data.data = m;
-    (*id)->data.length = sizeof(*m);
-
-    return 0;
-}
-
-static krb5_error_code
-mcc_initialize(krb5_context context,
-	       krb5_ccache id,
-	       krb5_principal primary_principal)
-{
-    krb5_mcache *m = MCACHE(id);
-    m->dead = 0;
-    return krb5_copy_principal (context,
-				primary_principal,
-				&m->primary_principal);
-}
-
-static int
-mcc_close_internal(krb5_mcache *m)
-{
-    if (--m->refcnt != 0)
-	return 0;
-
-    if (MISDEAD(m)) {
-	free (m->name);
-	return 1;
-    }
-    return 0;
-}
-
-static krb5_error_code
-mcc_close(krb5_context context,
-	  krb5_ccache id)
-{
-    if (mcc_close_internal(MCACHE(id)))
-	krb5_data_free(&id->data);
-    return 0;
-}
-
-static krb5_error_code
-mcc_destroy(krb5_context context,
-	    krb5_ccache id)
-{
-    krb5_mcache **n, *m = MCACHE(id);
-    struct link *l;
-
-    if (m->refcnt == 0)
-	krb5_abortx(context, "mcc_destroy: refcnt already 0");
-
-    if (!MISDEAD(m)) {
-	/* if this is an active mcache, remove it from the linked
-           list, and free all data */
-	HEIMDAL_MUTEX_lock(&mcc_mutex);
-	for(n = &mcc_head; n && *n; n = &(*n)->next) {
-	    if(m == *n) {
-		*n = m->next;
-		break;
-	    }
-	}
-	HEIMDAL_MUTEX_unlock(&mcc_mutex);
-	if (m->primary_principal != NULL) {
-	    krb5_free_principal (context, m->primary_principal);
-	    m->primary_principal = NULL;
-	}
-	m->dead = 1;
-
-	l = m->creds;
-	while (l != NULL) {
-	    struct link *old;
-	    
-	    krb5_free_cred_contents (context, &l->cred);
-	    old = l;
-	    l = l->next;
-	    free (old);
-	}
-	m->creds = NULL;
-    }
-    return 0;
-}
-
-static krb5_error_code
-mcc_store_cred(krb5_context context,
-	       krb5_ccache id,
-	       krb5_creds *creds)
-{
-    krb5_mcache *m = MCACHE(id);
-    krb5_error_code ret;
-    struct link *l;
-
-    if (MISDEAD(m))
-	return ENOENT;
-
-    l = malloc (sizeof(*l));
-    if (l == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return KRB5_CC_NOMEM;
-    }
-    l->next = m->creds;
-    m->creds = l;
-    memset (&l->cred, 0, sizeof(l->cred));
-    ret = krb5_copy_creds_contents (context, creds, &l->cred);
-    if (ret) {
-	m->creds = l->next;
-	free (l);
-	return ret;
-    }
-    return 0;
-}
-
-static krb5_error_code
-mcc_get_principal(krb5_context context,
-		  krb5_ccache id,
-		  krb5_principal *principal)
-{
-    krb5_mcache *m = MCACHE(id);
-
-    if (MISDEAD(m) || m->primary_principal == NULL)
-	return ENOENT;
-    return krb5_copy_principal (context,
-				m->primary_principal,
-				principal);
-}
-
-static krb5_error_code
-mcc_get_first (krb5_context context,
-	       krb5_ccache id,
-	       krb5_cc_cursor *cursor)
-{
-    krb5_mcache *m = MCACHE(id);
-
-    if (MISDEAD(m))
-	return ENOENT;
-
-    *cursor = m->creds;
-    return 0;
-}
-
-static krb5_error_code
-mcc_get_next (krb5_context context,
-	      krb5_ccache id,
-	      krb5_cc_cursor *cursor,
-	      krb5_creds *creds)
-{
-    krb5_mcache *m = MCACHE(id);
-    struct link *l;
-
-    if (MISDEAD(m))
-	return ENOENT;
-
-    l = *cursor;
-    if (l != NULL) {
-	*cursor = l->next;
-	return krb5_copy_creds_contents (context,
-					 &l->cred,
-					 creds);
-    } else
-	return KRB5_CC_END;
-}
-
-static krb5_error_code
-mcc_end_get (krb5_context context,
-	     krb5_ccache id,
-	     krb5_cc_cursor *cursor)
-{
-    return 0;
-}
-
-static krb5_error_code
-mcc_remove_cred(krb5_context context,
-		 krb5_ccache id,
-		 krb5_flags which,
-		 krb5_creds *mcreds)
-{
-    krb5_mcache *m = MCACHE(id);
-    struct link **q, *p;
-    for(q = &m->creds, p = *q; p; p = *q) {
-	if(krb5_compare_creds(context, which, mcreds, &p->cred)) {
-	    *q = p->next;
-	    krb5_free_cred_contents(context, &p->cred);
-	    free(p);
-	} else
-	    q = &p->next;
-    }
-    return 0;
-}
-
-static krb5_error_code
-mcc_set_flags(krb5_context context,
-	      krb5_ccache id,
-	      krb5_flags flags)
-{
-    return 0; /* XXX */
-}
-		    
-struct mcache_iter {
-    krb5_mcache *cache;
-};
-
-static krb5_error_code
-mcc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor)
-{
-    struct mcache_iter *iter;
-
-    iter = calloc(1, sizeof(*iter));
-    if (iter == NULL) {
-	krb5_set_error_string(context, "malloc - out of memory");
-	return ENOMEM;
-    }    
-
-    HEIMDAL_MUTEX_lock(&mcc_mutex);
-    iter->cache = mcc_head;
-    if (iter->cache)
-	iter->cache->refcnt++;
-    HEIMDAL_MUTEX_unlock(&mcc_mutex);
-
-    *cursor = iter;
-    return 0;
-}
-
-static krb5_error_code
-mcc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id)
-{
-    struct mcache_iter *iter = cursor;
-    krb5_error_code ret;
-    krb5_mcache *m;
-
-    if (iter->cache == NULL)
-	return KRB5_CC_END;
-
-    HEIMDAL_MUTEX_lock(&mcc_mutex);
-    m = iter->cache;
-    if (m->next)
-	m->next->refcnt++;
-    iter->cache = m->next;
-    HEIMDAL_MUTEX_unlock(&mcc_mutex);
-
-    ret = _krb5_cc_allocate(context, &krb5_mcc_ops, id);
-    if (ret)
-	return ret;
-
-    (*id)->data.data = m;
-    (*id)->data.length = sizeof(*m);
-
-    return 0;
-}
-
-static krb5_error_code
-mcc_end_cache_get(krb5_context context, krb5_cc_cursor cursor)
-{
-    struct mcache_iter *iter = cursor;
-
-    if (iter->cache)
-	mcc_close_internal(iter->cache);
-    iter->cache = NULL;
-    free(iter);
-    return 0;
-}
-
-static krb5_error_code
-mcc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
-{
-    krb5_mcache *mfrom = MCACHE(from), *mto = MCACHE(to);
-    struct link *creds;
-    krb5_principal principal;
-    krb5_mcache **n;
-
-    HEIMDAL_MUTEX_lock(&mcc_mutex);
-
-    /* drop the from cache from the linked list to avoid lookups */
-    for(n = &mcc_head; n && *n; n = &(*n)->next) {
-	if(mfrom == *n) {
-	    *n = mfrom->next;
-	    break;
-	}
-    }
-
-    /* swap creds */
-    creds = mto->creds;
-    mto->creds = mfrom->creds;
-    mfrom->creds = creds;
-    /* swap principal */
-    principal = mto->primary_principal;
-    mto->primary_principal = mfrom->primary_principal;
-    mfrom->primary_principal = principal;
-
-    HEIMDAL_MUTEX_unlock(&mcc_mutex);
-    mcc_destroy(context, from);
-
-    return 0;
-}
-
-static krb5_error_code
-mcc_default_name(krb5_context context, char **str)
-{
-    *str = strdup("MEMORY:");
-    if (*str == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    return 0;
-}
-
-
-/**
- * Variable containing the MEMORY based credential cache implemention.
- *
- * @ingroup krb5_ccache
- */
-
-const krb5_cc_ops krb5_mcc_ops = {
-    "MEMORY",
-    mcc_get_name,
-    mcc_resolve,
-    mcc_gen_new,
-    mcc_initialize,
-    mcc_destroy,
-    mcc_close,
-    mcc_store_cred,
-    NULL, /* mcc_retrieve */
-    mcc_get_principal,
-    mcc_get_first,
-    mcc_get_next,
-    mcc_end_get,
-    mcc_remove_cred,
-    mcc_set_flags,
-    NULL,
-    mcc_get_cache_first,
-    mcc_get_cache_next,
-    mcc_end_cache_get,
-    mcc_move,
-    mcc_default_name
-};
diff --git a/crypto/heimdal/lib/krb5/misc.c b/crypto/heimdal/lib/krb5/misc.c
deleted file mode 100644
index 8050bdb9b467..000000000000
--- a/crypto/heimdal/lib/krb5/misc.c
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: misc.c 21174 2007-06-19 10:10:58Z lha $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_s4u2self_to_checksumdata(krb5_context context, 
-			       const PA_S4U2Self *self, 
-			       krb5_data *data)
-{
-    krb5_error_code ret;
-    krb5_ssize_t ssize;
-    krb5_storage *sp;
-    size_t size;
-    int i;
-
-    sp = krb5_storage_emem();
-    if (sp == NULL) {
-	krb5_clear_error_string(context);
-	return ENOMEM;
-    }
-    krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
-    ret = krb5_store_int32(sp, self->name.name_type);
-    if (ret)
-	goto out;
-    for (i = 0; i < self->name.name_string.len; i++) {
-	size = strlen(self->name.name_string.val[i]);
-	ssize = krb5_storage_write(sp, self->name.name_string.val[i], size);
-	if (ssize != size) {
-	    ret = ENOMEM;
-	    goto out;
-	}
-    }
-    size = strlen(self->realm);
-    ssize = krb5_storage_write(sp, self->realm, size);
-    if (ssize != size) {
-	ret = ENOMEM;
-	goto out;
-    }
-    size = strlen(self->auth);
-    ssize = krb5_storage_write(sp, self->auth, size);
-    if (ssize != size) {
-	ret = ENOMEM;
-	goto out;
-    }
-
-    ret = krb5_storage_to_data(sp, data);
-    krb5_storage_free(sp);
-    return ret;
-
-out:
-    krb5_clear_error_string(context);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/mit_glue.c b/crypto/heimdal/lib/krb5/mit_glue.c
deleted file mode 100644
index 7440d5476279..000000000000
--- a/crypto/heimdal/lib/krb5/mit_glue.c
+++ /dev/null
@@ -1,369 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-RCSID("$Id: mit_glue.c 20042 2007-01-23 20:37:43Z lha $");
-
-/*
- * Glue for MIT API
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_make_checksum(krb5_context context, 
-		     krb5_cksumtype cksumtype, 
-		     const krb5_keyblock *key, 
-		     krb5_keyusage usage,
-		     const krb5_data *input, 
-		     krb5_checksum *cksum)
-{
-    krb5_error_code ret;
-    krb5_crypto crypto;
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret)
-	return ret;
-
-    ret = krb5_create_checksum(context, crypto,  usage, cksumtype,
-			       input->data, input->length, cksum);
-    krb5_crypto_destroy(context, crypto);
-
-    return ret ;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_verify_checksum(krb5_context context, const krb5_keyblock *key,
-		       krb5_keyusage usage, const krb5_data *data,
-		       const krb5_checksum *cksum, krb5_boolean *valid)
-{
-    krb5_error_code ret;
-    krb5_checksum data_cksum;
-
-    *valid = 0;
-
-    ret = krb5_c_make_checksum(context, cksum->cksumtype,
-			       key, usage, data, &data_cksum);
-    if (ret)
-	return ret;
-
-    if (data_cksum.cksumtype == cksum->cksumtype
-	&& data_cksum.checksum.length == cksum->checksum.length
-	&& memcmp(data_cksum.checksum.data, cksum->checksum.data, cksum->checksum.length) == 0)
-	*valid = 1;
-
-    krb5_free_checksum_contents(context, &data_cksum);
-
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_get_checksum(krb5_context context, const krb5_checksum *cksum,
-		    krb5_cksumtype *type, krb5_data **data)
-{
-    krb5_error_code ret;
-
-    if (type)
-	*type = cksum->cksumtype;
-    if (data) {
-	*data = malloc(sizeof(**data));
-	if (*data == NULL)
-	    return ENOMEM;
-
-	ret = der_copy_octet_string(&cksum->checksum, *data);
-	if (ret) {
-	    free(*data);
-	    *data = NULL;
-	    return ret;
-	}
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_set_checksum(krb5_context context, krb5_checksum *cksum,
-		    krb5_cksumtype type, const krb5_data *data)
-{
-    cksum->cksumtype = type;
-    return der_copy_octet_string(data, &cksum->checksum);
-}
-
-void KRB5_LIB_FUNCTION 
-krb5_free_checksum (krb5_context context, krb5_checksum *cksum)
-{
-    krb5_checksum_free(context, cksum);
-    free(cksum);
-}
-
-void KRB5_LIB_FUNCTION
-krb5_free_checksum_contents(krb5_context context, krb5_checksum *cksum)
-{
-    krb5_checksum_free(context, cksum);
-    memset(cksum, 0, sizeof(*cksum));
-}
-
-void KRB5_LIB_FUNCTION
-krb5_checksum_free(krb5_context context, krb5_checksum *cksum)
-{
-    free_Checksum(cksum);
-}
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_c_valid_enctype (krb5_enctype etype)
-{
-    return krb5_enctype_valid(NULL, etype);
-}
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_c_valid_cksumtype(krb5_cksumtype ctype)
-{
-    return krb5_cksumtype_valid(NULL, ctype);
-}
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_c_is_coll_proof_cksum(krb5_cksumtype ctype)
-{
-    return krb5_checksum_is_collision_proof(NULL, ctype);
-}
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_c_is_keyed_cksum(krb5_cksumtype ctype)
-{
-    return krb5_checksum_is_keyed(NULL, ctype);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_checksum (krb5_context context,
-		    const krb5_checksum *old,
-		    krb5_checksum **new)
-{
-    *new = malloc(sizeof(**new));
-    if (*new == NULL)
-	return ENOMEM;
-    return copy_Checksum(old, *new);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_checksum_length (krb5_context context, krb5_cksumtype cksumtype,
-			size_t *length)
-{
-    return krb5_checksumsize(context, cksumtype, length);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_block_size(krb5_context context, 
-		  krb5_enctype enctype, 
-		  size_t *blocksize)
-{
-    krb5_error_code ret;
-    krb5_crypto crypto;
-    krb5_keyblock key;
-
-    ret = krb5_generate_random_keyblock(context, enctype, &key);
-    if (ret)
-	return ret;
-
-    ret = krb5_crypto_init(context, &key, 0, &crypto);
-    krb5_free_keyblock_contents(context, &key);
-    if (ret)
-	return ret;
-    ret = krb5_crypto_getblocksize(context, crypto, blocksize);
-    krb5_crypto_destroy(context, crypto);
-
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_decrypt(krb5_context context, 
-	       const krb5_keyblock key, 
-	       krb5_keyusage usage, 
-	       const krb5_data *ivec, 
-	       krb5_enc_data *input, 
-	       krb5_data *output)
-{
-    krb5_error_code ret;
-    krb5_crypto crypto;
-
-    ret = krb5_crypto_init(context, &key, input->enctype, &crypto);
-    if (ret)
-	return ret;
-
-    if (ivec) {
-	size_t blocksize;
-
-	ret = krb5_crypto_getblocksize(context, crypto, &blocksize);
-	if (ret) {
-	krb5_crypto_destroy(context, crypto);
-	return ret;
-	}
-	
-	if (blocksize > ivec->length) {
-	    krb5_crypto_destroy(context, crypto);
-	    return KRB5_BAD_MSIZE;
-	}
-    }
-
-    ret = krb5_decrypt_ivec(context, crypto, usage, 
-			    input->ciphertext.data, input->ciphertext.length, 
-			    output, 
-			    ivec ? ivec->data : NULL);
-
-    krb5_crypto_destroy(context, crypto);
-
-    return ret ;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_encrypt(krb5_context context, 
-	       const krb5_keyblock *key, 
-	       krb5_keyusage usage,
-	       const krb5_data *ivec, 
-	       const krb5_data *input,
-	       krb5_enc_data *output)
-{
-    krb5_error_code ret;
-    krb5_crypto crypto;
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret)
-	return ret;
-
-    if (ivec) {
-	size_t blocksize;
-
-	ret = krb5_crypto_getblocksize(context, crypto, &blocksize);
-	if (ret) {
-	    krb5_crypto_destroy(context, crypto);
-	    return ret;
-	}
-
-	if (blocksize > ivec->length) {
-	    krb5_crypto_destroy(context, crypto);
-	    return KRB5_BAD_MSIZE;
-	}
-    }
-
-    ret = krb5_encrypt_ivec(context, crypto, usage, 
-			    input->data, input->length, 
-			    &output->ciphertext, 
-			    ivec ? ivec->data : NULL);
-    output->kvno = 0;
-    krb5_crypto_getenctype(context, crypto, &output->enctype);
-
-    krb5_crypto_destroy(context, crypto);
-
-    return ret ;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_encrypt_length(krb5_context context, 
-		      krb5_enctype enctype, 
-		      size_t inputlen,
-		      size_t *length)
-{
-    krb5_error_code ret;
-    krb5_crypto crypto;
-    krb5_keyblock key;
-
-    ret = krb5_generate_random_keyblock(context, enctype, &key);
-    if (ret)
-	return ret;
-
-    ret = krb5_crypto_init(context, &key, 0, &crypto);
-    krb5_free_keyblock_contents(context, &key);
-    if (ret)
-	return ret;
-
-    *length = krb5_get_wrapped_length(context, crypto, inputlen);
-    krb5_crypto_destroy(context, crypto);
-
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_enctype_compare(krb5_context context, 
-		       krb5_enctype e1,
-		       krb5_enctype e2, 
-		       krb5_boolean *similar)
-{
-    *similar = krb5_enctypes_compatible_keys(context, e1, e2);
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_make_random_key(krb5_context context,
-		       krb5_enctype enctype, 
-		       krb5_keyblock *random_key)
-{
-    return krb5_generate_random_keyblock(context, enctype, random_key);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_keylengths(krb5_context context,
-		  krb5_enctype enctype,
-		  size_t *ilen,
-		  size_t *keylen)
-{
-    krb5_error_code ret;
-
-    ret = krb5_enctype_keybits(context, enctype, ilen);
-    if (ret)
-	return ret;
-    *ilen = (*ilen + 7) / 8;
-    return krb5_enctype_keysize(context, enctype, keylen);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_prf_length(krb5_context context,
-		  krb5_enctype type,
-		  size_t *length)
-{
-    return krb5_crypto_prf_length(context, type, length);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_c_prf(krb5_context context,
-	   const krb5_keyblock *key,
-	   const krb5_data *input, 
-	   krb5_data *output)
-{
-    krb5_crypto crypto;
-    krb5_error_code ret;
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret)
-	return ret;
-
-    ret = krb5_crypto_prf(context, crypto, input, output);
-    krb5_crypto_destroy(context, crypto);
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/mk_error.c b/crypto/heimdal/lib/krb5/mk_error.c
deleted file mode 100644
index 704664993435..000000000000
--- a/crypto/heimdal/lib/krb5/mk_error.c
+++ /dev/null
@@ -1,92 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: mk_error.c 15457 2005-06-16 21:16:40Z lha $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_mk_error(krb5_context context,
-	      krb5_error_code error_code,
-	      const char *e_text,
-	      const krb5_data *e_data,
-	      const krb5_principal client,
-	      const krb5_principal server,
-	      time_t *client_time,
-	      int *client_usec,
-	      krb5_data *reply)
-{
-    KRB_ERROR msg;
-    krb5_timestamp sec;
-    int32_t usec;
-    size_t len;
-    krb5_error_code ret = 0;
-
-    krb5_us_timeofday (context, &sec, &usec);
-
-    memset(&msg, 0, sizeof(msg));
-    msg.pvno     = 5;
-    msg.msg_type = krb_error;
-    msg.stime    = sec;
-    msg.susec    = usec;
-    msg.ctime    = client_time;
-    msg.cusec    = client_usec;
-    /* Make sure we only send `protocol' error codes */
-    if(error_code < KRB5KDC_ERR_NONE || error_code >= KRB5_ERR_RCSID) {
-	if(e_text == NULL)
-	    e_text = krb5_get_err_text(context, error_code);
-	error_code = KRB5KRB_ERR_GENERIC;
-    }
-    msg.error_code = error_code - KRB5KDC_ERR_NONE;
-    if (e_text)
-	msg.e_text = rk_UNCONST(&e_text);
-    if (e_data)
-	msg.e_data = rk_UNCONST(e_data);
-    if(server){
-	msg.realm = server->realm;
-	msg.sname = server->name;
-    }else{
-	msg.realm = "<unspecified realm>";
-    }
-    if(client){
-	msg.crealm = &client->realm;
-	msg.cname = &client->name;
-    }
-
-    ASN1_MALLOC_ENCODE(KRB_ERROR, reply->data, reply->length, &msg, &len, ret);
-    if (ret)
-	return ret;
-    if(reply->length != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/mk_priv.c b/crypto/heimdal/lib/krb5/mk_priv.c
deleted file mode 100644
index 87e429af8cba..000000000000
--- a/crypto/heimdal/lib/krb5/mk_priv.c
+++ /dev/null
@@ -1,155 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: mk_priv.c 16680 2006-02-01 12:39:26Z lha $");
-
-      
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_mk_priv(krb5_context context,
-	     krb5_auth_context auth_context,
-	     const krb5_data *userdata,
-	     krb5_data *outbuf,
-	     krb5_replay_data *outdata)
-{
-    krb5_error_code ret;
-    KRB_PRIV s;
-    EncKrbPrivPart part;
-    u_char *buf = NULL;
-    size_t buf_size;
-    size_t len;
-    krb5_crypto crypto;
-    krb5_keyblock *key;
-    krb5_replay_data rdata;
-
-    if ((auth_context->flags & 
-	 (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
-	outdata == NULL)
-	return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */
-
-    if (auth_context->local_subkey)
-	key = auth_context->local_subkey;
-    else if (auth_context->remote_subkey)
-	key = auth_context->remote_subkey;
-    else
-	key = auth_context->keyblock;
-
-    memset(&rdata, 0, sizeof(rdata));
-
-    part.user_data = *userdata;
-
-    krb5_us_timeofday (context, &rdata.timestamp, &rdata.usec);
-
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
-	part.timestamp = &rdata.timestamp;
-	part.usec      = &rdata.usec;
-    } else {
-	part.timestamp = NULL;
-	part.usec      = NULL;
-    }
-
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_RET_TIME) {
-	outdata->timestamp = rdata.timestamp;
-	outdata->usec = rdata.usec;
-    }
-
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
-	rdata.seq = auth_context->local_seqnumber;
-	part.seq_number = &rdata.seq;
-    } else
-	part.seq_number = NULL;
-
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)
-	outdata->seq = auth_context->local_seqnumber;
-    
-    part.s_address = auth_context->local_address;
-    part.r_address = auth_context->remote_address;
-
-    krb5_data_zero (&s.enc_part.cipher);
-
-    ASN1_MALLOC_ENCODE(EncKrbPrivPart, buf, buf_size, &part, &len, ret);
-    if (ret)
-	goto fail;
-    if (buf_size != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-
-    s.pvno = 5;
-    s.msg_type = krb_priv;
-    s.enc_part.etype = key->keytype;
-    s.enc_part.kvno = NULL;
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret) {
-	free (buf);
-	return ret;
-    }
-    ret = krb5_encrypt (context, 
-			crypto,
-			KRB5_KU_KRB_PRIV,
-			buf + buf_size - len, 
-			len,
-			&s.enc_part.cipher);
-    krb5_crypto_destroy(context, crypto);
-    if (ret) {
-	free(buf);
-	return ret;
-    }
-    free(buf);
-
-
-    ASN1_MALLOC_ENCODE(KRB_PRIV, buf, buf_size, &s, &len, ret);
-    if (ret)
-	goto fail;
-    if (buf_size != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-
-    krb5_data_free (&s.enc_part.cipher);
-
-    ret = krb5_data_copy(outbuf, buf + buf_size - len, len);
-    if (ret) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	free(buf);
-	return ENOMEM;
-    }
-    free (buf);
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE)
-	auth_context->local_seqnumber =
-	    (auth_context->local_seqnumber + 1) & 0xFFFFFFFF;
-    return 0;
-
-  fail:
-    free (buf);
-    krb5_data_free (&s.enc_part.cipher);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/mk_rep.c b/crypto/heimdal/lib/krb5/mk_rep.c
deleted file mode 100644
index 570a83720132..000000000000
--- a/crypto/heimdal/lib/krb5/mk_rep.c
+++ /dev/null
@@ -1,126 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: mk_rep.c 13863 2004-05-25 21:46:46Z lha $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_mk_rep(krb5_context context,
-	    krb5_auth_context auth_context,
-	    krb5_data *outbuf)
-{
-    krb5_error_code ret;
-    AP_REP ap;
-    EncAPRepPart body;
-    u_char *buf = NULL;
-    size_t buf_size;
-    size_t len;
-    krb5_crypto crypto;
-
-    ap.pvno = 5;
-    ap.msg_type = krb_ap_rep;
-
-    memset (&body, 0, sizeof(body));
-
-    body.ctime = auth_context->authenticator->ctime;
-    body.cusec = auth_context->authenticator->cusec;
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_USE_SUBKEY) {
-	if (auth_context->local_subkey == NULL) {
-	    ret = krb5_auth_con_generatelocalsubkey(context,
-						    auth_context,
-						    auth_context->keyblock);
-	    if(ret) {
-		krb5_set_error_string (context,
-				       "krb5_mk_rep: generating subkey");
-		free_EncAPRepPart(&body);
-		return ret;
-	    }
-	}
-	ret = krb5_copy_keyblock(context, auth_context->local_subkey,
-				 &body.subkey);
-	if (ret) {
-	    krb5_set_error_string (context,
-				   "krb5_copy_keyblock: out of memory");
-	    free_EncAPRepPart(&body);
-	    return ENOMEM;
-	}
-    } else
-	body.subkey = NULL;
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
-	if(auth_context->local_seqnumber == 0) 
-	    krb5_generate_seq_number (context,
-				      auth_context->keyblock,
-				      &auth_context->local_seqnumber);
-	ALLOC(body.seq_number, 1);
-	if (body.seq_number == NULL) {
-	    krb5_set_error_string (context, "malloc: out of memory");
-	    free_EncAPRepPart(&body);
-	    return ENOMEM;
-	}
-	*(body.seq_number) = auth_context->local_seqnumber;
-    } else
-	body.seq_number = NULL;
-
-    ap.enc_part.etype = auth_context->keyblock->keytype;
-    ap.enc_part.kvno  = NULL;
-
-    ASN1_MALLOC_ENCODE(EncAPRepPart, buf, buf_size, &body, &len, ret);
-    free_EncAPRepPart (&body);
-    if(ret)
-	return ret;
-    if (buf_size != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-    ret = krb5_crypto_init(context, auth_context->keyblock, 
-			   0 /* ap.enc_part.etype */, &crypto);
-    if (ret) {
-	free (buf);
-	return ret;
-    }
-    ret = krb5_encrypt (context,
-			crypto,
-			KRB5_KU_AP_REQ_ENC_PART,
-			buf + buf_size - len, 
-			len,
-			&ap.enc_part.cipher);
-    krb5_crypto_destroy(context, crypto);
-    free(buf);
-    if (ret)
-	return ret;
-
-    ASN1_MALLOC_ENCODE(AP_REP, outbuf->data, outbuf->length, &ap, &len, ret);
-    if (ret == 0 && outbuf->length != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-    free_AP_REP (&ap);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/mk_req.c b/crypto/heimdal/lib/krb5/mk_req.c
deleted file mode 100644
index 5f64f01e9560..000000000000
--- a/crypto/heimdal/lib/krb5/mk_req.c
+++ /dev/null
@@ -1,116 +0,0 @@
-/*
- * Copyright (c) 1997 - 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: mk_req.c 13863 2004-05-25 21:46:46Z lha $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_mk_req_exact(krb5_context context,
-		  krb5_auth_context *auth_context,
-		  const krb5_flags ap_req_options,
-		  const krb5_principal server,
-		  krb5_data *in_data,
-		  krb5_ccache ccache,
-		  krb5_data *outbuf)
-{
-    krb5_error_code ret;
-    krb5_creds this_cred, *cred;
-
-    memset(&this_cred, 0, sizeof(this_cred));
-
-    ret = krb5_cc_get_principal(context, ccache, &this_cred.client);
-  
-    if(ret)
-	return ret;
-
-    ret = krb5_copy_principal (context, server, &this_cred.server);
-    if (ret) {
-	krb5_free_cred_contents (context, &this_cred);
-	return ret;
-    }
-
-    this_cred.times.endtime = 0;
-    if (auth_context && *auth_context && (*auth_context)->keytype)
-	this_cred.session.keytype = (*auth_context)->keytype;
-
-    ret = krb5_get_credentials (context, 0, ccache, &this_cred, &cred);
-    krb5_free_cred_contents(context, &this_cred);
-    if (ret)
-	return ret;
-
-    ret = krb5_mk_req_extended (context,
-				auth_context,
-				ap_req_options,
-				in_data,
-				cred,
-				outbuf);
-    krb5_free_creds(context, cred);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_mk_req(krb5_context context,
-	    krb5_auth_context *auth_context,
-	    const krb5_flags ap_req_options,
-	    const char *service,
-	    const char *hostname,
-	    krb5_data *in_data,
-	    krb5_ccache ccache,
-	    krb5_data *outbuf)
-{
-    krb5_error_code ret;
-    char **realms;
-    char *real_hostname;
-    krb5_principal server;
-
-    ret = krb5_expand_hostname_realms (context, hostname,
-				       &real_hostname, &realms);
-    if (ret)
-	return ret;
-
-    ret = krb5_build_principal (context, &server,
-				strlen(*realms),
-				*realms,
-				service,
-				real_hostname,
-				NULL);
-    free (real_hostname);
-    krb5_free_host_realm (context, realms);
-    if (ret)
-	return ret;
-    ret = krb5_mk_req_exact (context, auth_context, ap_req_options,
-			     server, in_data, ccache, outbuf);
-    krb5_free_principal (context, server);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/mk_req_ext.c b/crypto/heimdal/lib/krb5/mk_req_ext.c
deleted file mode 100644
index b6d55c8815ac..000000000000
--- a/crypto/heimdal/lib/krb5/mk_req_ext.c
+++ /dev/null
@@ -1,165 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: mk_req_ext.c 19511 2006-12-27 12:07:22Z lha $");
-
-krb5_error_code
-_krb5_mk_req_internal(krb5_context context,
-		      krb5_auth_context *auth_context,
-		      const krb5_flags ap_req_options,
-		      krb5_data *in_data,
-		      krb5_creds *in_creds,
-		      krb5_data *outbuf,
-		      krb5_key_usage checksum_usage,
-		      krb5_key_usage encrypt_usage)
-{
-    krb5_error_code ret;
-    krb5_data authenticator;
-    Checksum c;
-    Checksum *c_opt;
-    krb5_auth_context ac;
-
-    if(auth_context) {
-	if(*auth_context == NULL)
-	    ret = krb5_auth_con_init(context, auth_context);
-	else
-	    ret = 0;
-	ac = *auth_context;
-    } else
-	ret = krb5_auth_con_init(context, &ac);
-    if(ret)
-	return ret;
-      
-    if(ac->local_subkey == NULL && (ap_req_options & AP_OPTS_USE_SUBKEY)) {
-	ret = krb5_auth_con_generatelocalsubkey(context,
-						ac, 
-						&in_creds->session);
-	if(ret)
-	    goto out;
-    }
-
-    krb5_free_keyblock(context, ac->keyblock);
-    ret = krb5_copy_keyblock(context, &in_creds->session, &ac->keyblock);
-    if (ret)
-	goto out;
-  
-    /* it's unclear what type of checksum we can use.  try the best one, except:
-     * a) if it's configured differently for the current realm, or
-     * b) if the session key is des-cbc-crc
-     */
-
-    if (in_data) {
-	if(ac->keyblock->keytype == ETYPE_DES_CBC_CRC) {
-	    /* this is to make DCE secd (and older MIT kdcs?) happy */
-	    ret = krb5_create_checksum(context, 
-				       NULL,
-				       0,
-				       CKSUMTYPE_RSA_MD4,
-				       in_data->data,
-				       in_data->length,
-				       &c);
-	} else if(ac->keyblock->keytype == ETYPE_ARCFOUR_HMAC_MD5 ||
-		  ac->keyblock->keytype == ETYPE_ARCFOUR_HMAC_MD5_56 ||
-		  ac->keyblock->keytype == ETYPE_DES_CBC_MD4 ||
-		  ac->keyblock->keytype == ETYPE_DES_CBC_MD5) {
-	    /* this is to make MS kdc happy */ 
-	    ret = krb5_create_checksum(context, 
-				       NULL,
-				       0,
-				       CKSUMTYPE_RSA_MD5,
-				       in_data->data,
-				       in_data->length,
-				       &c);
-	} else {
-	    krb5_crypto crypto;
-
-	    ret = krb5_crypto_init(context, ac->keyblock, 0, &crypto);
-	    if (ret)
-		goto out;
-	    ret = krb5_create_checksum(context, 
-				       crypto,
-				       checksum_usage,
-				       0,
-				       in_data->data,
-				       in_data->length,
-				       &c);
-	    krb5_crypto_destroy(context, crypto);
-	}
-	c_opt = &c;
-    } else {
-	c_opt = NULL;
-    }
-
-    if (ret)
-	goto out;
-  
-    ret = krb5_build_authenticator (context,
-				    ac,
-				    ac->keyblock->keytype,
-				    in_creds,
-				    c_opt,
-				    NULL,
-				    &authenticator,
-				    encrypt_usage);
-    if (c_opt)
-	free_Checksum (c_opt);
-    if (ret)
-	goto out;
-
-    ret = krb5_build_ap_req (context, ac->keyblock->keytype, 
-			     in_creds, ap_req_options, authenticator, outbuf);
-out:
-    if(auth_context == NULL)
-	krb5_auth_con_free(context, ac);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_mk_req_extended(krb5_context context,
-		     krb5_auth_context *auth_context,
-		     const krb5_flags ap_req_options,
-		     krb5_data *in_data,
-		     krb5_creds *in_creds,
-		     krb5_data *outbuf)
-{
-    return _krb5_mk_req_internal (context,
-				 auth_context,
-				 ap_req_options,
-				 in_data,
-				 in_creds,
-				 outbuf,
-				 KRB5_KU_AP_REQ_AUTH_CKSUM,
-				 KRB5_KU_AP_REQ_AUTH);
-}
diff --git a/crypto/heimdal/lib/krb5/mk_safe.c b/crypto/heimdal/lib/krb5/mk_safe.c
deleted file mode 100644
index 0b75759a5f65..000000000000
--- a/crypto/heimdal/lib/krb5/mk_safe.c
+++ /dev/null
@@ -1,141 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: mk_safe.c 13863 2004-05-25 21:46:46Z lha $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_mk_safe(krb5_context context,
-	     krb5_auth_context auth_context,
-	     const krb5_data *userdata,
-	     krb5_data *outbuf,
-	     krb5_replay_data *outdata)
-{
-    krb5_error_code ret;
-    KRB_SAFE s;
-    u_char *buf = NULL;
-    size_t buf_size;
-    size_t len;
-    krb5_crypto crypto;
-    krb5_keyblock *key;
-    krb5_replay_data rdata;
-
-    if ((auth_context->flags & 
-	 (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
-	outdata == NULL)
-	return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */
-
-    if (auth_context->local_subkey)
-	key = auth_context->local_subkey;
-    else if (auth_context->remote_subkey)
-	key = auth_context->remote_subkey;
-    else
-	key = auth_context->keyblock;
-
-    s.pvno = 5;
-    s.msg_type = krb_safe;
-
-    memset(&rdata, 0, sizeof(rdata));
-
-    s.safe_body.user_data = *userdata;
-
-    krb5_us_timeofday (context, &rdata.timestamp, &rdata.usec);
-
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
-	s.safe_body.timestamp  = &rdata.timestamp;
-	s.safe_body.usec       = &rdata.usec;
-    } else {
-	s.safe_body.timestamp  = NULL;
-	s.safe_body.usec       = NULL;
-    }
-    
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_RET_TIME) {
-	outdata->timestamp = rdata.timestamp;
-	outdata->usec = rdata.usec;
-    }
-
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
-	rdata.seq = auth_context->local_seqnumber;
-	s.safe_body.seq_number = &rdata.seq;
-    } else 
-	s.safe_body.seq_number = NULL;
-
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)
-	outdata->seq = auth_context->local_seqnumber;
-    
-    s.safe_body.s_address = auth_context->local_address;
-    s.safe_body.r_address = auth_context->remote_address;
-
-    s.cksum.cksumtype       = 0;
-    s.cksum.checksum.data   = NULL;
-    s.cksum.checksum.length = 0;
-
-    ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, &s, &len, ret);
-    if (ret)
-	return ret;
-    if(buf_size != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret) {
-	free (buf);
-	return ret;
-    }
-    ret = krb5_create_checksum(context, 
-			       crypto,
-			       KRB5_KU_KRB_SAFE_CKSUM,
-			       0,
-			       buf,
-			       len,
-			       &s.cksum);
-    krb5_crypto_destroy(context, crypto);
-    if (ret) {
-	free (buf);
-	return ret;
-    }
-
-    free(buf);
-    ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, &s, &len, ret);
-    free_Checksum (&s.cksum);
-    if(ret)
-	return ret;
-    if(buf_size != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-
-    outbuf->length = len;
-    outbuf->data   = buf;
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE)
-	auth_context->local_seqnumber =
-	    (auth_context->local_seqnumber + 1) & 0xFFFFFFFF;
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/n-fold-test.c b/crypto/heimdal/lib/krb5/n-fold-test.c
deleted file mode 100644
index 248e232c0569..000000000000
--- a/crypto/heimdal/lib/krb5/n-fold-test.c
+++ /dev/null
@@ -1,121 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: n-fold-test.c 21745 2007-07-31 16:11:25Z lha $");
-
-enum { MAXSIZE = 24 };
-
-static struct testcase {
-    const char *str;
-    unsigned n;
-    unsigned char res[MAXSIZE];
-} tests[] = {
-    {"012345",		8,
-     {0xbe, 0x07, 0x26, 0x31, 0x27, 0x6b, 0x19, 0x55}
-    },
-    {"basch",		24,
-     {0x1a, 0xab, 0x6b, 0x42, 0x96, 0x4b, 0x98, 0xb2, 0x1f, 0x8c, 0xde,
-      0x2d, 0x24, 0x48, 0xba, 0x34, 0x55, 0xd7, 0x86, 0x2c, 0x97, 0x31,
-      0x64, 0x3f}
-    },
-    {"eichin",		24,
-     {0x65, 0x69, 0x63, 0x68, 0x69, 0x6e, 0x4b, 0x73, 0x2b, 0x4b,
-      0x1b, 0x43, 0xda, 0x1a, 0x5b, 0x99, 0x5a, 0x58, 0xd2, 0xc6, 0xd0,
-      0xd2, 0xdc, 0xca}
-    },
-    {"sommerfeld",	24,
-     {0x2f, 0x7a, 0x98, 0x55, 0x7c, 0x6e, 0xe4, 0xab, 0xad, 0xf4,
-      0xe7, 0x11, 0x92, 0xdd, 0x44, 0x2b, 0xd4, 0xff, 0x53, 0x25, 0xa5,
-      0xde, 0xf7, 0x5c}
-    },
-    {"MASSACHVSETTS INSTITVTE OF TECHNOLOGY", 24,
-     {0xdb, 0x3b, 0x0d, 0x8f, 0x0b, 0x06, 0x1e, 0x60, 0x32, 0x82,
-      0xb3, 0x08, 0xa5, 0x08, 0x41, 0x22, 0x9a, 0xd7, 0x98, 0xfa, 0xb9,
-      0x54, 0x0c, 0x1b}
-    },
-    {"assar@NADA.KTH.SE", 24,
-     {0x5c, 0x06, 0xc3, 0x4d, 0x2c, 0x89, 0x05, 0xbe, 0x7a, 0x51,
-      0x83, 0x6c, 0xd6, 0xf8, 0x1c, 0x4b, 0x7a, 0x93, 0x49, 0x16, 0x5a,
-      0xb3, 0xfa, 0xa9}
-    },
-    {"testKRBTEST.MIT.EDUtestkey", 24,
-     {0x50, 0x2c, 0xf8, 0x29, 0x78, 0xe5, 0xfb, 0x1a, 0x29, 0x06,
-      0xbd, 0x22, 0x28, 0x91, 0x56, 0xc0, 0x06, 0xa0, 0xdc, 0xf5, 0xb6,
-      0xc2, 0xda, 0x6c}
-    },
-    {"password", 7,
-     {0x78, 0xa0, 0x7b, 0x6c, 0xaf, 0x85, 0xfa}
-    },
-    {"Rough Consensus, and Running Code", 8,
-     {0xbb, 0x6e, 0xd3, 0x08, 0x70, 0xb7, 0xf0, 0xe0},
-    },
-    {"password", 21,
-     {0x59, 0xe4, 0xa8, 0xca, 0x7c, 0x03, 0x85, 0xc3, 0xc3, 0x7b, 0x3f,
-      0x6d, 0x20, 0x00, 0x24, 0x7c, 0xb6, 0xe6, 0xbd, 0x5b, 0x3e},
-    },
-    {"MASSACHVSETTS INSTITVTE OF TECHNOLOGY", 24,
-     {0xdb, 0x3b, 0x0d, 0x8f, 0x0b, 0x06, 0x1e, 0x60, 0x32, 0x82, 0xb3,
-      0x08, 0xa5, 0x08, 0x41, 0x22, 0x9a, 0xd7, 0x98, 0xfa, 0xb9, 0x54,
-      0x0c, 0x1b}
-    },
-    {NULL, 0}
-};
-
-int
-main(int argc, char **argv)
-{
-    unsigned char data[MAXSIZE];
-    struct testcase *t;
-    int ret = 0;
-
-    for (t = tests; t->str; ++t) {
-	int i;
-
-	ret = _krb5_n_fold (t->str, strlen(t->str), data, t->n);
-	if (ret)
-	    errx(1, "out of memory");
-	if (memcmp (data, t->res, t->n) != 0) {
-	    printf ("n-fold(\"%s\", %d) failed\n", t->str, t->n);
-	    printf ("should be: ");
-	    for (i = 0; i < t->n; ++i)
-		printf ("%02x", t->res[i]);
-	    printf ("\nresult was: ");
-	    for (i = 0; i < t->n; ++i)
-		printf ("%02x", data[i]);
-	    printf ("\n");
-	    ret = 1;
-	}
-    }
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/n-fold.c b/crypto/heimdal/lib/krb5/n-fold.c
deleted file mode 100644
index 53528cfd1f78..000000000000
--- a/crypto/heimdal/lib/krb5/n-fold.c
+++ /dev/null
@@ -1,137 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: n-fold.c 22190 2007-12-06 16:24:22Z lha $");
-
-static krb5_error_code
-rr13(unsigned char *buf, size_t len)
-{
-    unsigned char *tmp;
-    int bytes = (len + 7) / 8;
-    int i;
-    if(len == 0)
-	return 0;
-    {
-	const int bits = 13 % len;
-	const int lbit = len % 8;
-    
-	tmp = malloc(bytes);
-	if (tmp == NULL)
-	    return ENOMEM;
-	memcpy(tmp, buf, bytes);
-	if(lbit) {
-	    /* pad final byte with inital bits */
-	    tmp[bytes - 1] &= 0xff << (8 - lbit);
-	    for(i = lbit; i < 8; i += len)
-		tmp[bytes - 1] |= buf[0] >> i;
-	}
-	for(i = 0; i < bytes; i++) {
-	    int bb;
-	    int b1, s1, b2, s2;
-	    /* calculate first bit position of this byte */
-	    bb = 8 * i - bits;
-	    while(bb < 0)
-		bb += len;
-	    /* byte offset and shift count */
-	    b1 = bb / 8;
-	    s1 = bb % 8;
-	
-	    if(bb + 8 > bytes * 8) 
-		/* watch for wraparound */
-		s2 = (len + 8 - s1) % 8;
-	    else 
-		s2 = 8 - s1;
-	    b2 = (b1 + 1) % bytes;
-	    buf[i] = (tmp[b1] << s1) | (tmp[b2] >> s2);
-	}
-	free(tmp);
-    }
-    return 0;
-}
-
-/* Add `b' to `a', both being one's complement numbers. */
-static void
-add1(unsigned char *a, unsigned char *b, size_t len)
-{
-    int i;
-    int carry = 0;
-    for(i = len - 1; i >= 0; i--){
-	int x = a[i] + b[i] + carry;
-	carry = x > 0xff;
-	a[i] = x & 0xff;
-    }
-    for(i = len - 1; carry && i >= 0; i--){
-	int x = a[i] + carry;
-	carry = x > 0xff;
-	a[i] = x & 0xff;
-    }
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_n_fold(const void *str, size_t len, void *key, size_t size)
-{
-    /* if len < size we need at most N * len bytes, ie < 2 * size;
-       if len > size we need at most 2 * len */
-    krb5_error_code ret = 0;
-    size_t maxlen = 2 * max(size, len);
-    size_t l = 0;
-    unsigned char *tmp = malloc(maxlen);
-    unsigned char *buf = malloc(len);
-    
-    if (tmp == NULL || buf == NULL) 
-	return ENOMEM;
-
-    memcpy(buf, str, len);
-    memset(key, 0, size);
-    do {
-	memcpy(tmp + l, buf, len);
-	l += len;
-	ret = rr13(buf, len * 8);
-	if (ret)
-	    goto out;
-	while(l >= size) {
-	    add1(key, tmp, size);
-	    l -= size;
-	    if(l == 0)
-		break;
-	    memmove(tmp, tmp + size, l);
-	}
-    } while(l != 0);
-out:
-    memset(buf, 0, len);
-    free(buf);
-    memset(tmp, 0, maxlen);
-    free(tmp);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/name-45-test.c b/crypto/heimdal/lib/krb5/name-45-test.c
deleted file mode 100644
index 0bb05f5531a5..000000000000
--- a/crypto/heimdal/lib/krb5/name-45-test.c
+++ /dev/null
@@ -1,294 +0,0 @@
-/*
- * Copyright (c) 2002 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <err.h>
-
-RCSID("$Id: name-45-test.c 19763 2007-01-08 13:35:49Z lha $");
-
-enum { MAX_COMPONENTS = 3 };
-
-static struct testcase {
-    const char *v4_name;
-    const char *v4_inst;
-    const char *v4_realm;
-
-    krb5_realm v5_realm;
-    unsigned ncomponents;
-    char *comp_val[MAX_COMPONENTS];
-
-    const char *config_file;
-    krb5_error_code ret;	/* expected error code from 524 */
-
-    krb5_error_code ret2;	/* expected error code from 425 */
-} tests[] = {
-    {"", "", "", "", 1, {""}, NULL, 0, 0},
-    {"a", "", "", "", 1, {"a"}, NULL, 0, 0},
-    {"a", "b", "", "", 2, {"a", "b"}, NULL, 0, 0},
-    {"a", "b", "c", "c", 2, {"a", "b"}, NULL, 0, 0},
-
-    {"krbtgt", "FOO.SE", "FOO.SE", "FOO.SE", 2,
-     {"krbtgt", "FOO.SE"}, NULL, 0, 0},
-
-    {"foo", "bar2", "BAZ", "BAZ", 2,
-     {"foo", "bar2"}, NULL, 0, 0},
-    {"foo", "bar2", "BAZ", "BAZ", 2,
-     {"foo", "bar2"},
-     "[libdefaults]\n"
-     "	v4_name_convert = {\n"
-     "		host = {\n"
-     "			foo = foo5\n"
-     "		}\n"
-     "}\n",
-    HEIM_ERR_V4_PRINC_NO_CONV, 0},
-    {"foo", "bar2", "BAZ", "BAZ", 2,
-     {"foo5", "bar2.baz"},
-     "[realms]\n"
-     "  BAZ = {\n"
-     "		v4_name_convert = {\n"
-     "			host = {\n"
-     "				foo = foo5\n"
-     "			}\n"
-     "		}\n"
-     "		v4_instance_convert = {\n"
-     "			bar2 = bar2.baz\n"
-     "		}\n"
-     "  }\n",
-     0, 0},
-
-    {"rcmd", "foo", "realm", "realm", 2, {"host", "foo"}, NULL,
-     HEIM_ERR_V4_PRINC_NO_CONV, 0},
-    {"rcmd", "foo", "realm", "realm", 2, {"host", "foo.realm"},
-     "[realms]\n"
-     "	realm = {\n"
-     "		v4_instance_convert = {\n"
-     "			foo = foo.realm\n"
-     "		}\n"
-     "	}\n",
-     0, 0},
-
-    {"pop", "mail0", "NADA.KTH.SE", "NADA.KTH.SE", 2,
-     {"pop", "mail0.nada.kth.se"}, "", HEIM_ERR_V4_PRINC_NO_CONV, 0},
-    {"pop", "mail0", "NADA.KTH.SE", "NADA.KTH.SE", 2,
-     {"pop", "mail0.nada.kth.se"},
-     "[realms]\n"
-     "	NADA.KTH.SE = {\n"
-     "		default_domain = nada.kth.se\n"
-     "	}\n",
-     0, 0},
-    {"pop", "mail0", "NADA.KTH.SE", "NADA.KTH.SE", 2,
-     {"pop", "mail0.nada.kth.se"},
-     "[libdefaults]\n"
-     "	v4_instance_resolve = true\n",
-     HEIM_ERR_V4_PRINC_NO_CONV, 0},
-
-    {"rcmd", "hokkigai", "NADA.KTH.SE", "NADA.KTH.SE", 2,
-     {"host", "hokkigai.pdc.kth.se"}, "", HEIM_ERR_V4_PRINC_NO_CONV, 0},
-    {"rcmd", "hokkigai", "NADA.KTH.SE", "NADA.KTH.SE", 2,
-     {"host", "hokkigai.pdc.kth.se"},
-     "[libdefaults]\n"
-     "	v4_instance_resolve = true\n"
-     "[realms]\n"
-     "	NADA.KTH.SE = {\n"
-     "		v4_name_convert = {\n"
-     "			host = {\n"
-     "				rcmd = host\n"
-     "			}\n"
-     "		}\n"
-     "		default_domain = pdc.kth.se\n"
-     "	}\n",
-     0, 0},
-
-    {"0123456789012345678901234567890123456789",
-     "0123456789012345678901234567890123456789",
-     "0123456789012345678901234567890123456789",
-     "0123456789012345678901234567890123456789",
-     2, {"0123456789012345678901234567890123456789",
-	 "0123456789012345678901234567890123456789"}, NULL,
-     0, KRB5_PARSE_MALFORMED},
-
-    {"012345678901234567890123456789012345678",
-     "012345678901234567890123456789012345678",
-     "012345678901234567890123456789012345678",
-     "012345678901234567890123456789012345678",
-     2, {"012345678901234567890123456789012345678",
-	 "012345678901234567890123456789012345678"}, NULL,
-     0, 0},
-
-    {NULL, NULL, NULL, NULL, 0, {NULL}, NULL, 0}
-};
-
-int
-main(int argc, char **argv)
-{
-    struct testcase *t;
-    krb5_context context;
-    krb5_error_code ret;
-    char hostname[1024];
-    int val = 0;
-
-    setprogname(argv[0]);
-
-    gethostname(hostname, sizeof(hostname));
-    if (!(strstr(hostname, "kth.se") != NULL || strstr(hostname, "su.se") != NULL))
-	return 0;
-
-    for (t = tests; t->v4_name; ++t) {
-	krb5_principal princ;
-	int i;
-	char name[40], inst[40], realm[40];
-	char printable_princ[256];
-
-	ret = krb5_init_context (&context);
-	if (ret)
-	    errx (1, "krb5_init_context failed: %d", ret);
-
-	if (t->config_file != NULL) {
-	    char template[] = "/tmp/krb5-conf-XXXXXX";
-	    int fd = mkstemp(template);
-	    char *files[2];
-
-	    if (fd < 0)
-		krb5_err (context, 1, errno, "mkstemp %s", template);
-
-	    if (write (fd, t->config_file, strlen(t->config_file))
-		!= strlen(t->config_file))
-		krb5_err (context, 1, errno, "write %s", template);
-	    close (fd);
-	    files[0] = template;
-	    files[1] = NULL;
-
-	    ret = krb5_set_config_files (context, files);
-	    unlink (template);
-	    if (ret)
-		krb5_err (context, 1, ret, "krb5_set_config_files");
-	}
-
-	ret = krb5_425_conv_principal (context,
-				       t->v4_name,
-				       t->v4_inst,
-				       t->v4_realm,
-				       &princ);
-	if (ret) {
-	    if (ret != t->ret) {
-		krb5_warn (context, ret,
-			   "krb5_425_conv_principal %s.%s@%s",
-			   t->v4_name, t->v4_inst, t->v4_realm);
-		val = 1;
-	    }
-	} else {
-	    if (t->ret) {
-		char *s;
-		krb5_unparse_name(context, princ, &s);
-		krb5_warnx (context,
-			    "krb5_425_conv_principal %s.%s@%s "
-			    "passed unexpected: %s",
-			    t->v4_name, t->v4_inst, t->v4_realm, s);
-		free(s);
-		val = 1;
-		krb5_free_context(context);
-		continue;
-	    }
-	}
-
-	if (ret) {
-	    krb5_free_context(context);
-	    continue;
-	}
-
-	if (strcmp (t->v5_realm, princ->realm) != 0) {
-	    printf ("wrong realm (\"%s\" should be \"%s\")"
-		    " for \"%s.%s@%s\"\n",
-		    princ->realm, t->v5_realm,
-		    t->v4_name,
-		    t->v4_inst,
-		    t->v4_realm);
-	    val = 1;
-	}
-
-	if (t->ncomponents != princ->name.name_string.len) {
-	    printf ("wrong number of components (%u should be %u)"
-		    " for \"%s.%s@%s\"\n",
-		    princ->name.name_string.len, t->ncomponents,
-		    t->v4_name,
-		    t->v4_inst,
-		    t->v4_realm);
-	    val = 1;
-	} else {
-	    for (i = 0; i < t->ncomponents; ++i) {
-		if (strcmp(t->comp_val[i],
-			   princ->name.name_string.val[i]) != 0) {
-		    printf ("bad component %d (\"%s\" should be \"%s\")"
-			    " for \"%s.%s@%s\"\n",
-			    i,
-			    princ->name.name_string.val[i],
-			    t->comp_val[i],
-			    t->v4_name,
-			    t->v4_inst,
-			    t->v4_realm);
-		    val = 1;
-		}
-	    }
-	}
-	ret = krb5_524_conv_principal (context, princ,
-				       name, inst, realm);
-	if (krb5_unparse_name_fixed(context, princ,
-				    printable_princ, sizeof(printable_princ)))
-	    strlcpy(printable_princ, "unknown principal",
-		    sizeof(printable_princ));
-	if (ret) {
-	    if (ret != t->ret2) {
-		krb5_warn (context, ret,
-			   "krb5_524_conv_principal %s", printable_princ);
-		val = 1;
-	    }
-	} else {
-	    if (t->ret2) {
-		krb5_warnx (context,
-			    "krb5_524_conv_principal %s "
-			    "passed unexpected", printable_princ);
-		val = 1;
-		krb5_free_context(context);
-		continue;
-	    }
-	}
-	if (ret) {
-	    krb5_free_principal (context, princ);
-	    krb5_free_context(context);
-	    continue;
-	}
-
-	krb5_free_principal (context, princ);
-	krb5_free_context(context);
-    }
-    return val;
-}
diff --git a/crypto/heimdal/lib/krb5/net_read.c b/crypto/heimdal/lib/krb5/net_read.c
deleted file mode 100644
index f0fa2ce7a0e9..000000000000
--- a/crypto/heimdal/lib/krb5/net_read.c
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright (c) 1997, 1998, 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: net_read.c 13863 2004-05-25 21:46:46Z lha $");
-
-krb5_ssize_t KRB5_LIB_FUNCTION
-krb5_net_read (krb5_context context,
-	       void *p_fd,
-	       void *buf,
-	       size_t len)
-{
-  int fd = *((int *)p_fd);
-
-  return net_read (fd, buf, len);
-}
diff --git a/crypto/heimdal/lib/krb5/net_write.c b/crypto/heimdal/lib/krb5/net_write.c
deleted file mode 100644
index 868015fa9214..000000000000
--- a/crypto/heimdal/lib/krb5/net_write.c
+++ /dev/null
@@ -1,105 +0,0 @@
-/*
- * Copyright (c) 1997, 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: net_write.c 13863 2004-05-25 21:46:46Z lha $");
-
-krb5_ssize_t KRB5_LIB_FUNCTION
-krb5_net_write (krb5_context context,
-		void *p_fd,
-		const void *buf,
-		size_t len)
-{
-  int fd = *((int *)p_fd);
-
-  return net_write (fd, buf, len);
-}
-
-krb5_ssize_t KRB5_LIB_FUNCTION
-krb5_net_write_block(krb5_context context,
-		     void *p_fd,
-		     const void *buf,
-		     size_t len,
-		     time_t timeout)
-{
-  int fd = *((int *)p_fd);
-  int ret;
-  struct timeval tv, *tvp;
-  const char *cbuf = (const char *)buf;
-  size_t rem = len;
-  ssize_t count;
-  fd_set wfds;
-
-  do {
-      FD_ZERO(&wfds);
-      FD_SET(fd, &wfds);
-      
-      if (timeout != 0) {
-	  tv.tv_sec = timeout;
-	  tv.tv_usec = 0;
-	  tvp = &tv;
-      } else
-	  tvp = NULL;
-
-      ret = select(fd + 1, NULL, &wfds, NULL, tvp);
-      if (ret < 0) {
-	  if (errno == EINTR)
-	      continue;
-	  return -1;
-      } else if (ret == 0)
-	  return 0;
-      
-      if (!FD_ISSET(fd, &wfds)) {
-	  errno = ETIMEDOUT;
-	  return -1;
-      }
-
-#ifdef WIN32
-      count = send (fd, cbuf, rem, 0);
-#else
-      count = write (fd, cbuf, rem);
-#endif
-      if (count < 0) {
-	  if (errno == EINTR)
-	      continue;
-	  else
-	      return count;
-      }
-      cbuf += count;
-      rem -= count;
-
-  } while (rem > 0);
-
-  return len;
-}
diff --git a/crypto/heimdal/lib/krb5/pac.c b/crypto/heimdal/lib/krb5/pac.c
deleted file mode 100644
index 1b21750e5d4d..000000000000
--- a/crypto/heimdal/lib/krb5/pac.c
+++ /dev/null
@@ -1,1041 +0,0 @@
-/*
- * Copyright (c) 2006 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: pac.c 21934 2007-08-27 14:21:04Z lha $");
-
-struct PAC_INFO_BUFFER {
-    uint32_t type;
-    uint32_t buffersize;
-    uint32_t offset_hi;
-    uint32_t offset_lo;
-};
-
-struct PACTYPE {
-    uint32_t numbuffers;
-    uint32_t version;                         
-    struct PAC_INFO_BUFFER buffers[1];
-};
-
-struct krb5_pac_data {
-    struct PACTYPE *pac;
-    krb5_data data;
-    struct PAC_INFO_BUFFER *server_checksum;
-    struct PAC_INFO_BUFFER *privsvr_checksum;
-    struct PAC_INFO_BUFFER *logon_name;
-};
-
-#define PAC_ALIGNMENT			8
-
-#define PACTYPE_SIZE			8
-#define PAC_INFO_BUFFER_SIZE		16
-
-#define PAC_SERVER_CHECKSUM		6
-#define PAC_PRIVSVR_CHECKSUM		7
-#define PAC_LOGON_NAME			10
-#define PAC_CONSTRAINED_DELEGATION	11
-
-#define CHECK(r,f,l)						\
-	do {							\
-		if (((r) = f ) != 0) {				\
-			krb5_clear_error_string(context);	\
-			goto l;					\
-		}						\
-	} while(0)
-
-static const char zeros[PAC_ALIGNMENT] = { 0 };
-
-/*
- *
- */
-
-krb5_error_code
-krb5_pac_parse(krb5_context context, const void *ptr, size_t len,
-	       krb5_pac *pac)
-{
-    krb5_error_code ret;
-    krb5_pac p;
-    krb5_storage *sp = NULL;
-    uint32_t i, tmp, tmp2, header_end;
-
-    p = calloc(1, sizeof(*p));
-    if (p == NULL) {
-	ret = ENOMEM;
-	krb5_set_error_string(context, "out of memory");
-	goto out;
-    }
-
-    sp = krb5_storage_from_readonly_mem(ptr, len);
-    if (sp == NULL) {
-	ret = ENOMEM;
-	krb5_set_error_string(context, "out of memory");
-	goto out;
-    }
-    krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
-
-    CHECK(ret, krb5_ret_uint32(sp, &tmp), out);
-    CHECK(ret, krb5_ret_uint32(sp, &tmp2), out);
-    if (tmp < 1) {
-	krb5_set_error_string(context, "PAC have too few buffer");
-	ret = EINVAL; /* Too few buffers */
-	goto out;
-    }
-    if (tmp2 != 0) {
-	krb5_set_error_string(context, "PAC have wrong version");
-	ret = EINVAL; /* Wrong version */
-	goto out;
-    }
-
-    p->pac = calloc(1, 
-		    sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * (tmp - 1)));
-    if (p->pac == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	ret = ENOMEM;
-	goto out;
-    }
-
-    p->pac->numbuffers = tmp;
-    p->pac->version = tmp2;
-
-    header_end = PACTYPE_SIZE + (PAC_INFO_BUFFER_SIZE * p->pac->numbuffers);
-    if (header_end > len) {
-	ret = EINVAL;
-	goto out;
-    }
-
-    for (i = 0; i < p->pac->numbuffers; i++) {
-	CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].type), out);
-	CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].buffersize), out);
-	CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].offset_lo), out);
-	CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].offset_hi), out);
-
-	/* consistency checks */
-	if (p->pac->buffers[i].offset_lo & (PAC_ALIGNMENT - 1)) {
-	    krb5_set_error_string(context, "PAC out of allignment");
-	    ret = EINVAL;
-	    goto out;
-	}
-	if (p->pac->buffers[i].offset_hi) {
-	    krb5_set_error_string(context, "PAC high offset set");
-	    ret = EINVAL;
-	    goto out;
-	}
-	if (p->pac->buffers[i].offset_lo > len) {
-	    krb5_set_error_string(context, "PAC offset off end");
-	    ret = EINVAL;
-	    goto out;
-	}
-	if (p->pac->buffers[i].offset_lo < header_end) {
-	    krb5_set_error_string(context, "PAC offset inside header: %d %d",
-				  p->pac->buffers[i].offset_lo, header_end);
-	    ret = EINVAL;
-	    goto out;
-	}
-	if (p->pac->buffers[i].buffersize > len - p->pac->buffers[i].offset_lo){
-	    krb5_set_error_string(context, "PAC length off end");
-	    ret = EINVAL;
-	    goto out;
-	}
-
-	/* let save pointer to data we need later */
-	if (p->pac->buffers[i].type == PAC_SERVER_CHECKSUM) {
-	    if (p->server_checksum) {
-		krb5_set_error_string(context, "PAC have two server checksums");
-		ret = EINVAL;
-		goto out;
-	    }
-	    p->server_checksum = &p->pac->buffers[i];
-	} else if (p->pac->buffers[i].type == PAC_PRIVSVR_CHECKSUM) {
-	    if (p->privsvr_checksum) {
-		krb5_set_error_string(context, "PAC have two KDC checksums");
-		ret = EINVAL;
-		goto out;
-	    }
-	    p->privsvr_checksum = &p->pac->buffers[i];
-	} else if (p->pac->buffers[i].type == PAC_LOGON_NAME) {
-	    if (p->logon_name) {
-		krb5_set_error_string(context, "PAC have two logon names");
-		ret = EINVAL;
-		goto out;
-	    }
-	    p->logon_name = &p->pac->buffers[i];
-	}
-    }
-
-    ret = krb5_data_copy(&p->data, ptr, len);
-    if (ret)
-	goto out;
-
-    krb5_storage_free(sp);
-
-    *pac = p;
-    return 0;
-
-out:
-    if (sp)
-	krb5_storage_free(sp);
-    if (p) {
-	if (p->pac)
-	    free(p->pac);
-	free(p);
-    }
-    *pac = NULL;
-
-    return ret;
-}
-
-krb5_error_code
-krb5_pac_init(krb5_context context, krb5_pac *pac)
-{
-    krb5_error_code ret;
-    krb5_pac p;
-
-    p = calloc(1, sizeof(*p));
-    if (p == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-
-    p->pac = calloc(1, sizeof(*p->pac));
-    if (p->pac == NULL) {
-	free(p);
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-
-    ret = krb5_data_alloc(&p->data, PACTYPE_SIZE);
-    if (ret) {
-	free (p->pac);
-	free(p);
-	krb5_set_error_string(context, "out of memory");
-	return ret;
-    }
-
-
-    *pac = p;
-    return 0;
-}
-
-krb5_error_code
-krb5_pac_add_buffer(krb5_context context, krb5_pac p,
-		    uint32_t type, const krb5_data *data)
-{
-    krb5_error_code ret;
-    void *ptr;
-    size_t len, offset, header_end, old_end;
-    uint32_t i;
-
-    len = p->pac->numbuffers;
-
-    ptr = realloc(p->pac,
-		  sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * len));
-    if (ptr == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    p->pac = ptr;
-
-    for (i = 0; i < len; i++)
-	p->pac->buffers[i].offset_lo += PAC_INFO_BUFFER_SIZE;
-
-    offset = p->data.length + PAC_INFO_BUFFER_SIZE;
-
-    p->pac->buffers[len].type = type;
-    p->pac->buffers[len].buffersize = data->length;
-    p->pac->buffers[len].offset_lo = offset;
-    p->pac->buffers[len].offset_hi = 0;
-
-    old_end = p->data.length;
-    len = p->data.length + data->length + PAC_INFO_BUFFER_SIZE;
-    if (len < p->data.length) {
-	krb5_set_error_string(context, "integer overrun");
-	return EINVAL;
-    }
-    
-    /* align to PAC_ALIGNMENT */
-    len = ((len + PAC_ALIGNMENT - 1) / PAC_ALIGNMENT) * PAC_ALIGNMENT;
-
-    ret = krb5_data_realloc(&p->data, len);
-    if (ret) {
-	krb5_set_error_string(context, "out of memory");
-	return ret;
-    }
-
-    /* 
-     * make place for new PAC INFO BUFFER header
-     */
-    header_end = PACTYPE_SIZE + (PAC_INFO_BUFFER_SIZE * p->pac->numbuffers);
-    memmove((unsigned char *)p->data.data + header_end + PAC_INFO_BUFFER_SIZE,
-	    (unsigned char *)p->data.data + header_end ,
-	    old_end - header_end);
-    memset((unsigned char *)p->data.data + header_end, 0, PAC_INFO_BUFFER_SIZE);
-
-    /*
-     * copy in new data part
-     */
-
-    memcpy((unsigned char *)p->data.data + offset,
-	   data->data, data->length);
-    memset((unsigned char *)p->data.data + offset + data->length,
-	   0, p->data.length - offset - data->length);
-
-    p->pac->numbuffers += 1;
-
-    return 0;
-}
-
-krb5_error_code
-krb5_pac_get_buffer(krb5_context context, krb5_pac p,
-		    uint32_t type, krb5_data *data)
-{
-    krb5_error_code ret;
-    uint32_t i;
-
-    /*
-     * Hide the checksums from external consumers
-     */
-
-    if (type == PAC_PRIVSVR_CHECKSUM || type == PAC_SERVER_CHECKSUM) {
-	ret = krb5_data_alloc(data, 16);
-	if (ret) {
-	    krb5_set_error_string(context, "out of memory");
-	    return ret;
-	}
-	memset(data->data, 0, data->length);
-	return 0;
-    }
-
-    for (i = 0; i < p->pac->numbuffers; i++) {
-	size_t len = p->pac->buffers[i].buffersize;
-	size_t offset = p->pac->buffers[i].offset_lo;
-
-	if (p->pac->buffers[i].type != type)
-	    continue;
-
-	ret = krb5_data_copy(data, (unsigned char *)p->data.data + offset, len);
-	if (ret) {
-	    krb5_set_error_string(context, "Out of memory");
-	    return ret;
-	}
-	return 0;
-    }
-    krb5_set_error_string(context, "No PAC buffer of type %lu was found",
-			  (unsigned long)type);
-    return ENOENT;
-}
-
-/*
- *
- */
-
-krb5_error_code
-krb5_pac_get_types(krb5_context context,
-		   krb5_pac p,
-		   size_t *len,
-		   uint32_t **types)
-{
-    size_t i;
-
-    *types = calloc(p->pac->numbuffers, sizeof(*types));
-    if (*types == NULL) {
-	*len = 0;
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    for (i = 0; i < p->pac->numbuffers; i++)
-	(*types)[i] = p->pac->buffers[i].type;
-    *len = p->pac->numbuffers;
-
-    return 0;
-}
-
-/*
- *
- */
-
-void
-krb5_pac_free(krb5_context context, krb5_pac pac)
-{
-    krb5_data_free(&pac->data);
-    free(pac->pac);
-    free(pac);
-}
-
-/*
- *
- */
-
-static krb5_error_code
-verify_checksum(krb5_context context,
-		const struct PAC_INFO_BUFFER *sig,
-		const krb5_data *data,
-		void *ptr, size_t len,
-		const krb5_keyblock *key)
-{
-    krb5_crypto crypto = NULL;
-    krb5_storage *sp = NULL;
-    uint32_t type;
-    krb5_error_code ret;
-    Checksum cksum;
-
-    memset(&cksum, 0, sizeof(cksum));
-
-    sp = krb5_storage_from_mem((char *)data->data + sig->offset_lo,
-			       sig->buffersize);
-    if (sp == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
-
-    CHECK(ret, krb5_ret_uint32(sp, &type), out);
-    cksum.cksumtype = type;
-    cksum.checksum.length = 
-	sig->buffersize - krb5_storage_seek(sp, 0, SEEK_CUR);
-    cksum.checksum.data = malloc(cksum.checksum.length);
-    if (cksum.checksum.data == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	ret = ENOMEM;
-	goto out;
-    }
-    ret = krb5_storage_read(sp, cksum.checksum.data, cksum.checksum.length);
-    if (ret != cksum.checksum.length) {
-	krb5_set_error_string(context, "PAC checksum missing checksum");
-	ret = EINVAL;
-	goto out;
-    }
-
-    if (!krb5_checksum_is_keyed(context, cksum.cksumtype)) {
-	krb5_set_error_string (context, "Checksum type %d not keyed",
-			       cksum.cksumtype);
-	ret = EINVAL;
-	goto out;
-    }
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret)
-	goto out;
-
-    ret = krb5_verify_checksum(context, crypto, KRB5_KU_OTHER_CKSUM,
-			       ptr, len, &cksum);
-    free(cksum.checksum.data);
-    krb5_crypto_destroy(context, crypto);
-    krb5_storage_free(sp);
-
-    return ret;
-
-out:
-    if (cksum.checksum.data)
-	free(cksum.checksum.data);
-    if (sp)
-	krb5_storage_free(sp);
-    if (crypto)
-	krb5_crypto_destroy(context, crypto);
-    return ret;
-}
-
-static krb5_error_code
-create_checksum(krb5_context context,
-		const krb5_keyblock *key,
-		void *data, size_t datalen,
-		void *sig, size_t siglen)
-{
-    krb5_crypto crypto = NULL;
-    krb5_error_code ret;
-    Checksum cksum;
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret)
-	return ret;
-
-    ret = krb5_create_checksum(context, crypto, KRB5_KU_OTHER_CKSUM, 0,
-			       data, datalen, &cksum);
-    krb5_crypto_destroy(context, crypto);
-    if (ret)
-	return ret;
-
-    if (cksum.checksum.length != siglen) {
-	krb5_set_error_string(context, "pac checksum wrong length");
-	free_Checksum(&cksum);
-	return EINVAL;
-    }
-
-    memcpy(sig, cksum.checksum.data, siglen);
-    free_Checksum(&cksum);
-
-    return 0;
-}
-
-
-/*
- *
- */
-
-#define NTTIME_EPOCH 0x019DB1DED53E8000LL
-
-static uint64_t
-unix2nttime(time_t unix_time)
-{
-    long long wt;
-    wt = unix_time * (uint64_t)10000000 + (uint64_t)NTTIME_EPOCH;
-    return wt;
-}
-
-static krb5_error_code
-verify_logonname(krb5_context context,
-		 const struct PAC_INFO_BUFFER *logon_name,
-		 const krb5_data *data,
-		 time_t authtime,
-		 krb5_const_principal principal)
-{
-    krb5_error_code ret;
-    krb5_principal p2;
-    uint32_t time1, time2;
-    krb5_storage *sp;
-    uint16_t len;
-    char *s;
-
-    sp = krb5_storage_from_readonly_mem((const char *)data->data + logon_name->offset_lo,
-					logon_name->buffersize);
-    if (sp == NULL) {
-	krb5_set_error_string(context, "Out of memory");
-	return ENOMEM;
-    }
-
-    krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
-
-    CHECK(ret, krb5_ret_uint32(sp, &time1), out);
-    CHECK(ret, krb5_ret_uint32(sp, &time2), out);
-
-    {
-	uint64_t t1, t2;
-	t1 = unix2nttime(authtime);
-	t2 = ((uint64_t)time2 << 32) | time1;
-	if (t1 != t2) {
-	    krb5_storage_free(sp);
-	    krb5_set_error_string(context, "PAC timestamp mismatch");
-	    return EINVAL;
-	}
-    }
-    CHECK(ret, krb5_ret_uint16(sp, &len), out);
-    if (len == 0) {
-	krb5_storage_free(sp);
-	krb5_set_error_string(context, "PAC logon name length missing");
-	return EINVAL;
-    }
-
-    s = malloc(len);
-    if (s == NULL) {
-	krb5_storage_free(sp);
-	krb5_set_error_string(context, "Out of memory");
-	return ENOMEM;
-    }
-    ret = krb5_storage_read(sp, s, len);
-    if (ret != len) {
-	krb5_storage_free(sp);
-	krb5_set_error_string(context, "Failed to read pac logon name");
-	return EINVAL;
-    }
-    krb5_storage_free(sp);
-#if 1 /* cheat for now */
-    {
-	size_t i;
-
-	if (len & 1) {
-	    krb5_set_error_string(context, "PAC logon name malformed");
-	    return EINVAL;
-	}
-
-	for (i = 0; i < len / 2; i++) {
-	    if (s[(i * 2) + 1]) {
-		krb5_set_error_string(context, "PAC logon name not ASCII");
-		return EINVAL;
-	    }
-	    s[i] = s[i * 2];
-	}
-	s[i] = '\0';
-    }
-#else
-    {
-	uint16_t *ucs2;
-	ssize_t ucs2len;
-	size_t u8len;
-
-	ucs2 = malloc(sizeof(ucs2[0]) * len / 2);
-	if (ucs2)
-	    abort();
-	ucs2len = wind_ucs2read(s, len / 2, ucs2);
-	free(s);
-	if (len < 0)
-	    return -1;
-	ret = wind_ucs2toutf8(ucs2, ucs2len, NULL, &u8len);
-	if (ret < 0)
-	    abort();
-	s = malloc(u8len + 1);
-	if (s == NULL)
-	    abort();
-	wind_ucs2toutf8(ucs2, ucs2len, s, &u8len);
-	free(ucs2);
-    }
-#endif
-    ret = krb5_parse_name_flags(context, s, KRB5_PRINCIPAL_PARSE_NO_REALM, &p2);
-    free(s);
-    if (ret)
-	return ret;
-    
-    if (krb5_principal_compare_any_realm(context, principal, p2) != TRUE) {
-	krb5_set_error_string(context, "PAC logon name mismatch");
-	ret = EINVAL;
-    }
-    krb5_free_principal(context, p2);
-    return ret;
-out:
-    return ret;
-}
-
-/*
- *
- */
-
-static krb5_error_code
-build_logon_name(krb5_context context, 
-		 time_t authtime,
-		 krb5_const_principal principal, 
-		 krb5_data *logon)
-{
-    krb5_error_code ret;
-    krb5_storage *sp;
-    uint64_t t;
-    char *s, *s2;
-    size_t i, len;
-
-    t = unix2nttime(authtime);
-
-    krb5_data_zero(logon);
-
-    sp = krb5_storage_emem();
-    if (sp == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
-
-    CHECK(ret, krb5_store_uint32(sp, t & 0xffffffff), out);
-    CHECK(ret, krb5_store_uint32(sp, t >> 32), out);
-
-    ret = krb5_unparse_name_flags(context, principal,
-				  KRB5_PRINCIPAL_UNPARSE_NO_REALM, &s);
-    if (ret)
-	goto out;
-
-    len = strlen(s);
-    
-    CHECK(ret, krb5_store_uint16(sp, len * 2), out);
-
-#if 1 /* cheat for now */
-    s2 = malloc(len * 2);
-    if (s2 == NULL) {
-	ret = ENOMEM;
-	free(s);
-	goto out;
-    }
-    for (i = 0; i < len; i++) {
-	s2[i * 2] = s[i];
-	s2[i * 2 + 1] = 0;
-    }
-    free(s);
-#else
-    /* write libwind code here */
-#endif
-
-    ret = krb5_storage_write(sp, s2, len * 2);
-    free(s2);
-    if (ret != len * 2) {
-	ret = ENOMEM;
-	goto out;
-    }
-    ret = krb5_storage_to_data(sp, logon);
-    if (ret)
-	goto out;
-    krb5_storage_free(sp);
-
-    return 0;
-out:
-    krb5_storage_free(sp);
-    return ret;
-}
-
-
-/*
- *
- */
-
-krb5_error_code
-krb5_pac_verify(krb5_context context, 
-		const krb5_pac pac,
-		time_t authtime,
-		krb5_const_principal principal,
-		const krb5_keyblock *server,
-		const krb5_keyblock *privsvr)
-{
-    krb5_error_code ret;
-
-    if (pac->server_checksum == NULL) {
-	krb5_set_error_string(context, "PAC missing server checksum");
-	return EINVAL;
-    }
-    if (pac->privsvr_checksum == NULL) {
-	krb5_set_error_string(context, "PAC missing kdc checksum");
-	return EINVAL;
-    }
-    if (pac->logon_name == NULL) {
-	krb5_set_error_string(context, "PAC missing logon name");
-	return EINVAL;
-    }
-
-    ret = verify_logonname(context, 
-			   pac->logon_name,
-			   &pac->data,
-			   authtime,
-			   principal);
-    if (ret)
-	return ret;
-
-    /* 
-     * in the service case, clean out data option of the privsvr and
-     * server checksum before checking the checksum.
-     */
-    {
-	krb5_data *copy;
-
-	ret = krb5_copy_data(context, &pac->data, &copy);
-	if (ret)
-	    return ret;
-
-	if (pac->server_checksum->buffersize < 4)
-	    return EINVAL;
-	if (pac->privsvr_checksum->buffersize < 4)
-	    return EINVAL;
-
-	memset((char *)copy->data + pac->server_checksum->offset_lo + 4,
-	       0,
-	       pac->server_checksum->buffersize - 4);
-
-	memset((char *)copy->data + pac->privsvr_checksum->offset_lo + 4,
-	       0,
-	       pac->privsvr_checksum->buffersize - 4);
-
-	ret = verify_checksum(context,
-			      pac->server_checksum,
-			      &pac->data,
-			      copy->data,
-			      copy->length,
-			      server);
-	krb5_free_data(context, copy);
-	if (ret)
-	    return ret;
-    }
-    if (privsvr) {
-	ret = verify_checksum(context,
-			      pac->privsvr_checksum,
-			      &pac->data,
-			      (char *)pac->data.data
-			      + pac->server_checksum->offset_lo + 4,
-			      pac->server_checksum->buffersize - 4,
-			      privsvr);
-	if (ret)
-	    return ret;
-    }
-
-    return 0;
-}
-
-/*
- *
- */
-
-static krb5_error_code
-fill_zeros(krb5_context context, krb5_storage *sp, size_t len)
-{
-    ssize_t sret;
-    size_t l;
-
-    while (len) {
-	l = len;
-	if (l > sizeof(zeros))
-	    l = sizeof(zeros);
-	sret = krb5_storage_write(sp, zeros, l);
-	if (sret <= 0) {
-	    krb5_set_error_string(context, "out of memory");
-	    return ENOMEM;
-	}
-	len -= sret;
-    }
-    return 0;
-}
-
-static krb5_error_code
-pac_checksum(krb5_context context, 
-	     const krb5_keyblock *key,
-	     uint32_t *cksumtype,
-	     size_t *cksumsize)
-{
-    krb5_cksumtype cktype;
-    krb5_error_code ret;
-    krb5_crypto crypto = NULL;
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret)
-	return ret;
-
-    ret = krb5_crypto_get_checksum_type(context, crypto, &cktype);
-    ret = krb5_crypto_destroy(context, crypto);
-    if (ret)
-	return ret;
-
-    if (krb5_checksum_is_keyed(context, cktype) == FALSE) {
-	krb5_set_error_string(context, "PAC checksum type is not keyed");
-	return EINVAL;
-    }
-
-    ret = krb5_checksumsize(context, cktype, cksumsize);
-    if (ret)
-	return ret;
-    
-    *cksumtype = (uint32_t)cktype;
-
-    return 0;
-}
-
-krb5_error_code
-_krb5_pac_sign(krb5_context context,
-	       krb5_pac p,
-	       time_t authtime,
-	       krb5_principal principal,
-	       const krb5_keyblock *server_key,
-	       const krb5_keyblock *priv_key,
-	       krb5_data *data)
-{
-    krb5_error_code ret;
-    krb5_storage *sp = NULL, *spdata = NULL;
-    uint32_t end;
-    size_t server_size, priv_size;
-    uint32_t server_offset = 0, priv_offset = 0;
-    uint32_t server_cksumtype = 0, priv_cksumtype = 0;
-    int i, num = 0;
-    krb5_data logon, d;
-
-    krb5_data_zero(&logon);
-
-    if (p->logon_name == NULL)
-	num++;
-    if (p->server_checksum == NULL)
-	num++;
-    if (p->privsvr_checksum == NULL)
-	num++;
-
-    if (num) {
-	void *ptr;
-
-	ptr = realloc(p->pac, sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * (p->pac->numbuffers + num - 1)));
-	if (ptr == NULL) {
-	    krb5_set_error_string(context, "out of memory");
-	    return ENOMEM;
-	}
-	p->pac = ptr;
-
-	if (p->logon_name == NULL) {
-	    p->logon_name = &p->pac->buffers[p->pac->numbuffers++];
-	    memset(p->logon_name, 0, sizeof(*p->logon_name));
-	    p->logon_name->type = PAC_LOGON_NAME;
-	}
-	if (p->server_checksum == NULL) {
-	    p->server_checksum = &p->pac->buffers[p->pac->numbuffers++];
-	    memset(p->server_checksum, 0, sizeof(*p->server_checksum));
-	    p->server_checksum->type = PAC_SERVER_CHECKSUM;
-	}
-	if (p->privsvr_checksum == NULL) {
-	    p->privsvr_checksum = &p->pac->buffers[p->pac->numbuffers++];
-	    memset(p->privsvr_checksum, 0, sizeof(*p->privsvr_checksum));
-	    p->privsvr_checksum->type = PAC_PRIVSVR_CHECKSUM;
-	}
-    }
-
-    /* Calculate LOGON NAME */
-    ret = build_logon_name(context, authtime, principal, &logon);
-    if (ret)
-	goto out;
-
-    /* Set lengths for checksum */
-    ret = pac_checksum(context, server_key, &server_cksumtype, &server_size);
-    if (ret)
-	goto out;
-    ret = pac_checksum(context, priv_key, &priv_cksumtype, &priv_size);
-    if (ret)
-	goto out;
-
-    /* Encode PAC */
-    sp = krb5_storage_emem();
-    if (sp == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
-
-    spdata = krb5_storage_emem();
-    if (spdata == NULL) {
-	krb5_storage_free(sp);
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    krb5_storage_set_flags(spdata, KRB5_STORAGE_BYTEORDER_LE);
-
-    CHECK(ret, krb5_store_uint32(sp, p->pac->numbuffers), out);
-    CHECK(ret, krb5_store_uint32(sp, p->pac->version), out);
-
-    end = PACTYPE_SIZE + (PAC_INFO_BUFFER_SIZE * p->pac->numbuffers);
-
-    for (i = 0; i < p->pac->numbuffers; i++) {
-	uint32_t len;
-	size_t sret;
-	void *ptr = NULL;
-
-	/* store data */
-
-	if (p->pac->buffers[i].type == PAC_SERVER_CHECKSUM) {
-	    len = server_size + 4;
-	    server_offset = end + 4;
-	    CHECK(ret, krb5_store_uint32(spdata, server_cksumtype), out);
-	    CHECK(ret, fill_zeros(context, spdata, server_size), out);
-	} else if (p->pac->buffers[i].type == PAC_PRIVSVR_CHECKSUM) {
-	    len = priv_size + 4;
-	    priv_offset = end + 4;
-	    CHECK(ret, krb5_store_uint32(spdata, priv_cksumtype), out);
-	    CHECK(ret, fill_zeros(context, spdata, priv_size), out);
-	} else if (p->pac->buffers[i].type == PAC_LOGON_NAME) {
-	    len = krb5_storage_write(spdata, logon.data, logon.length);
-	    if (logon.length != len) {
-		ret = EINVAL;
-		goto out;
-	    }
-	} else {
-	    len = p->pac->buffers[i].buffersize;
-	    ptr = (char *)p->data.data + p->pac->buffers[i].offset_lo;
-
-	    sret = krb5_storage_write(spdata, ptr, len);
-	    if (sret != len) {
-		krb5_set_error_string(context, "out of memory");
-		ret = ENOMEM;
-		goto out;
-	    }
-	    /* XXX if not aligned, fill_zeros */
-	}
-
-	/* write header */
-	CHECK(ret, krb5_store_uint32(sp, p->pac->buffers[i].type), out);
-	CHECK(ret, krb5_store_uint32(sp, len), out);
-	CHECK(ret, krb5_store_uint32(sp, end), out);
-	CHECK(ret, krb5_store_uint32(sp, 0), out);
-
-	/* advance data endpointer and align */
-	{
-	    int32_t e;
-
-	    end += len;
-	    e = ((end + PAC_ALIGNMENT - 1) / PAC_ALIGNMENT) * PAC_ALIGNMENT;
-	    if (end != e) {
-		CHECK(ret, fill_zeros(context, spdata, e - end), out);
-	    }
-	    end = e;
-	}
-
-    }
-
-    /* assert (server_offset != 0 && priv_offset != 0); */
-
-    /* export PAC */
-    ret = krb5_storage_to_data(spdata, &d);
-    if (ret) {
-	krb5_set_error_string(context, "out of memory");
-	goto out;
-    }
-    ret = krb5_storage_write(sp, d.data, d.length);
-    if (ret != d.length) {
-	krb5_data_free(&d);
-	krb5_set_error_string(context, "out of memory");
-	ret = ENOMEM;
-	goto out;
-    }
-    krb5_data_free(&d);
-
-    ret = krb5_storage_to_data(sp, &d);
-    if (ret) {
-	krb5_set_error_string(context, "out of memory");
-	goto out;
-    }
-
-    /* sign */
-
-    ret = create_checksum(context, server_key,
-			  d.data, d.length,
-			  (char *)d.data + server_offset, server_size);
-    if (ret) {
-	krb5_data_free(&d);
-	goto out;
-    }
-
-    ret = create_checksum(context, priv_key,
-			  (char *)d.data + server_offset, server_size,
-			  (char *)d.data + priv_offset, priv_size);
-    if (ret) {
-	krb5_data_free(&d);
-	goto out;
-    }
-
-    /* done */
-    *data = d;
-
-    krb5_data_free(&logon);
-    krb5_storage_free(sp);
-    krb5_storage_free(spdata);
-
-    return 0;
-out:
-    krb5_data_free(&logon);
-    if (sp)
-	krb5_storage_free(sp);
-    if (spdata)
-	krb5_storage_free(spdata);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/padata.c b/crypto/heimdal/lib/krb5/padata.c
deleted file mode 100644
index b2b70f52e786..000000000000
--- a/crypto/heimdal/lib/krb5/padata.c
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: padata.c 15469 2005-06-17 04:28:35Z lha $");
-
-PA_DATA *
-krb5_find_padata(PA_DATA *val, unsigned len, int type, int *idx)
-{
-    for(; *idx < len; (*idx)++)
-	if(val[*idx].padata_type == type)
-	    return val + *idx;
-    return NULL;    
-}
-
-int KRB5_LIB_FUNCTION
-krb5_padata_add(krb5_context context, METHOD_DATA *md,
-		int type, void *buf, size_t len)
-{
-    PA_DATA *pa;
-
-    pa = realloc (md->val, (md->len + 1) * sizeof(*md->val));
-    if (pa == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    md->val = pa;
-
-    pa[md->len].padata_type = type;
-    pa[md->len].padata_value.length = len;
-    pa[md->len].padata_value.data = buf;
-    md->len++;    
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/parse-name-test.c b/crypto/heimdal/lib/krb5/parse-name-test.c
deleted file mode 100644
index 7e6070538904..000000000000
--- a/crypto/heimdal/lib/krb5/parse-name-test.c
+++ /dev/null
@@ -1,194 +0,0 @@
-/*
- * Copyright (c) 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <err.h>
-
-RCSID("$Id: parse-name-test.c 16342 2005-12-02 14:14:43Z lha $");
-
-enum { MAX_COMPONENTS = 3 };
-
-static struct testcase {
-    const char *input_string;
-    const char *output_string;
-    krb5_realm realm;
-    unsigned ncomponents;
-    char *comp_val[MAX_COMPONENTS];
-    int realmp;
-} tests[] = {
-    {"", "@", "", 1, {""}, FALSE},
-    {"a", "a@", "", 1, {"a"}, FALSE},
-    {"\\n", "\\n@", "", 1, {"\n"}, FALSE},
-    {"\\ ", "\\ @", "", 1, {" "}, FALSE},
-    {"\\t", "\\t@", "", 1, {"\t"}, FALSE},
-    {"\\b", "\\b@", "", 1, {"\b"}, FALSE},
-    {"\\\\", "\\\\@", "", 1, {"\\"}, FALSE},
-    {"\\/", "\\/@", "", 1, {"/"}, FALSE},
-    {"\\@", "\\@@", "", 1, {"@"}, FALSE},
-    {"@", "@", "", 1, {""}, TRUE},
-    {"a/b", "a/b@", "", 2, {"a", "b"}, FALSE},
-    {"a/", "a/@", "", 2, {"a", ""}, FALSE},
-    {"a\\//\\/", "a\\//\\/@", "", 2, {"a/", "/"}, FALSE},
-    {"/a", "/a@", "", 2, {"", "a"}, FALSE},
-    {"\\@@\\@", "\\@@\\@", "@", 1, {"@"}, TRUE},
-    {"a/b/c", "a/b/c@", "", 3, {"a", "b", "c"}, FALSE},
-    {NULL, NULL, "", 0, { NULL }, FALSE}};
-
-int KRB5_LIB_FUNCTION
-main(int argc, char **argv)
-{
-    struct testcase *t;
-    krb5_context context;
-    krb5_error_code ret;
-    int val = 0;
-
-    ret = krb5_init_context (&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    /* to enable realm-less principal name above */
-
-    krb5_set_default_realm(context, "");
-
-    for (t = tests; t->input_string; ++t) {
-	krb5_principal princ;
-	int i, j;
-	char name_buf[1024];
-	char *s;
-
-	ret = krb5_parse_name(context, t->input_string, &princ);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_parse_name %s",
-		      t->input_string);
-	if (strcmp (t->realm, princ->realm) != 0) {
-	    printf ("wrong realm (\"%s\" should be \"%s\")"
-		    " for \"%s\"\n",
-		    princ->realm, t->realm,
-		    t->input_string);
-	    val = 1;
-	}
-
-	if (t->ncomponents != princ->name.name_string.len) {
-	    printf ("wrong number of components (%u should be %u)"
-		    " for \"%s\"\n",
-		    princ->name.name_string.len, t->ncomponents,
-		    t->input_string);
-	    val = 1;
-	} else {
-	    for (i = 0; i < t->ncomponents; ++i) {
-		if (strcmp(t->comp_val[i],
-			   princ->name.name_string.val[i]) != 0) {
-		    printf ("bad component %d (\"%s\" should be \"%s\")"
-			    " for \"%s\"\n",
-			    i,
-			    princ->name.name_string.val[i],
-			    t->comp_val[i],
-			    t->input_string);
-		    val = 1;
-		}
-	    }
-	}
-	for (j = 0; j < strlen(t->output_string); ++j) {
-	    ret = krb5_unparse_name_fixed(context, princ,
-					  name_buf, j);
-	    if (ret != ERANGE) {
-		printf ("unparse_name %s with length %d should have failed\n",
-			t->input_string, j);
-		val = 1;
-		break;
-	    }
-	}
-	ret = krb5_unparse_name_fixed(context, princ,
-				      name_buf, sizeof(name_buf));
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_unparse_name_fixed");
-
-	if (strcmp (t->output_string, name_buf) != 0) {
-	    printf ("failed comparing the re-parsed"
-		    " (\"%s\" should be \"%s\")\n",
-		    name_buf, t->output_string);
-	    val = 1;
-	}
-
-	ret = krb5_unparse_name(context, princ, &s);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_unparse_name");
-
-	if (strcmp (t->output_string, s) != 0) {
-	    printf ("failed comparing the re-parsed"
-		    " (\"%s\" should be \"%s\"\n",
-		    s, t->output_string);
-	    val = 1;
-	}
-	free(s);
-
-	if (!t->realmp) {
-	    for (j = 0; j < strlen(t->input_string); ++j) {
-		ret = krb5_unparse_name_fixed_short(context, princ,
-						    name_buf, j);
-		if (ret != ERANGE) {
-		    printf ("unparse_name_short %s with length %d"
-			    " should have failed\n",
-			    t->input_string, j);
-		    val = 1;
-		    break;
-		}
-	    }
-	    ret = krb5_unparse_name_fixed_short(context, princ,
-						name_buf, sizeof(name_buf));
-	    if (ret)
-		krb5_err (context, 1, ret, "krb5_unparse_name_fixed");
-
-	    if (strcmp (t->input_string, name_buf) != 0) {
-		printf ("failed comparing the re-parsed"
-			" (\"%s\" should be \"%s\")\n",
-			name_buf, t->input_string);
-		val = 1;
-	    }
-
-	    ret = krb5_unparse_name_short(context, princ, &s);
-	    if (ret)
-		krb5_err (context, 1, ret, "krb5_unparse_name_short");
-
-	    if (strcmp (t->input_string, s) != 0) {
-		printf ("failed comparing the re-parsed"
-			" (\"%s\" should be \"%s\"\n",
-			s, t->input_string);
-		val = 1;
-	    }
-	    free(s);
-	}
-	krb5_free_principal (context, princ);
-    }
-    krb5_free_context(context);
-    return val;
-}
diff --git a/crypto/heimdal/lib/krb5/pkinit.c b/crypto/heimdal/lib/krb5/pkinit.c
deleted file mode 100644
index a0b6a4e07938..000000000000
--- a/crypto/heimdal/lib/krb5/pkinit.c
+++ /dev/null
@@ -1,2070 +0,0 @@
-/*
- * Copyright (c) 2003 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: pkinit.c 22433 2008-01-13 14:11:46Z lha $");
-
-struct krb5_dh_moduli {
-    char *name;
-    unsigned long bits;
-    heim_integer p;
-    heim_integer g;
-    heim_integer q;
-};
-
-#ifdef PKINIT
-
-#include <heim_asn1.h>
-#include <rfc2459_asn1.h>
-#include <cms_asn1.h>
-#include <pkcs8_asn1.h>
-#include <pkcs9_asn1.h>
-#include <pkcs12_asn1.h>
-#include <pkinit_asn1.h>
-#include <asn1_err.h>
-
-#include <der.h>
-
-#include <hx509.h>
-
-enum {
-    COMPAT_WIN2K = 1,
-    COMPAT_IETF = 2
-};
-
-struct krb5_pk_identity {
-    hx509_context hx509ctx;
-    hx509_verify_ctx verify_ctx;
-    hx509_certs certs;
-    hx509_certs anchors;
-    hx509_certs certpool;
-    hx509_revoke_ctx revokectx;
-};
-
-struct krb5_pk_cert {
-    hx509_cert cert;
-};
-
-struct krb5_pk_init_ctx_data {
-    struct krb5_pk_identity *id;
-    DH *dh;
-    krb5_data *clientDHNonce;
-    struct krb5_dh_moduli **m;
-    hx509_peer_info peer;
-    int type;
-    unsigned int require_binding:1;
-    unsigned int require_eku:1;
-    unsigned int require_krbtgt_otherName:1;
-    unsigned int require_hostname_match:1;
-    unsigned int trustedCertifiers:1;
-};
-
-static void
-_krb5_pk_copy_error(krb5_context context,
-		    hx509_context hx509ctx,
-		    int hxret,
-		    const char *fmt,
-		    ...)
-    __attribute__ ((format (printf, 4, 5)));
-
-/*
- *
- */
-
-void KRB5_LIB_FUNCTION
-_krb5_pk_cert_free(struct krb5_pk_cert *cert)
-{
-    if (cert->cert) {
-	hx509_cert_free(cert->cert);
-    }
-    free(cert);
-}
-
-static krb5_error_code
-BN_to_integer(krb5_context context, BIGNUM *bn, heim_integer *integer)
-{
-    integer->length = BN_num_bytes(bn);
-    integer->data = malloc(integer->length);
-    if (integer->data == NULL) {
-	krb5_clear_error_string(context);
-	return ENOMEM;
-    }
-    BN_bn2bin(bn, integer->data);
-    integer->negative = BN_is_negative(bn);
-    return 0;
-}
-
-static BIGNUM *
-integer_to_BN(krb5_context context, const char *field, const heim_integer *f)
-{
-    BIGNUM *bn;
-
-    bn = BN_bin2bn((const unsigned char *)f->data, f->length, NULL);
-    if (bn == NULL) {
-	krb5_set_error_string(context, "PKINIT: parsing BN failed %s", field);
-	return NULL;
-    }
-    BN_set_negative(bn, f->negative);
-    return bn;
-}
-
-
-static krb5_error_code
-_krb5_pk_create_sign(krb5_context context,
-		     const heim_oid *eContentType,
-		     krb5_data *eContent,
-		     struct krb5_pk_identity *id,
-		     hx509_peer_info peer,
-		     krb5_data *sd_data)
-{
-    hx509_cert cert;
-    hx509_query *q;
-    int ret;
-
-    ret = hx509_query_alloc(id->hx509ctx, &q);
-    if (ret) {
-	_krb5_pk_copy_error(context, id->hx509ctx, ret, 
-			    "Allocate query to find signing certificate");
-	return ret;
-    }
-
-    hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
-    hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE);
-
-    ret = hx509_certs_find(id->hx509ctx, id->certs, q, &cert);
-    hx509_query_free(id->hx509ctx, q);
-    if (ret) {
-	_krb5_pk_copy_error(context, id->hx509ctx, ret, 
-			    "Find certificate to signed CMS data");
-	return ret;
-    }
-
-    ret = hx509_cms_create_signed_1(id->hx509ctx,
-				    0,
-				    eContentType,
-				    eContent->data,
-				    eContent->length,
-				    NULL,
-				    cert,
-				    peer,
-				    NULL,
-				    id->certs,
-				    sd_data);
-    if (ret)
-	_krb5_pk_copy_error(context, id->hx509ctx, ret, "create CMS signedData");
-    hx509_cert_free(cert);
-
-    return ret;
-}
-
-static int
-cert2epi(hx509_context context, void *ctx, hx509_cert c)
-{
-    ExternalPrincipalIdentifiers *ids = ctx;
-    ExternalPrincipalIdentifier id;
-    hx509_name subject = NULL;
-    void *p;
-    int ret;
-
-    memset(&id, 0, sizeof(id));
-
-    ret = hx509_cert_get_subject(c, &subject);
-    if (ret)
-	return ret;
-
-    if (hx509_name_is_null_p(subject) != 0) {
-
-	id.subjectName = calloc(1, sizeof(*id.subjectName));
-	if (id.subjectName == NULL) {
-	    hx509_name_free(&subject);
-	    free_ExternalPrincipalIdentifier(&id);
-	    return ENOMEM;
-	}
-    
-	ret = hx509_name_binary(subject, id.subjectName);
-	if (ret) {
-	    hx509_name_free(&subject);
-	    free_ExternalPrincipalIdentifier(&id);
-	    return ret;
-	}
-    }
-    hx509_name_free(&subject);
-
-
-    id.issuerAndSerialNumber = calloc(1, sizeof(*id.issuerAndSerialNumber));
-    if (id.issuerAndSerialNumber == NULL) {
-	free_ExternalPrincipalIdentifier(&id);
-	return ENOMEM;
-    }
-
-    {
-	IssuerAndSerialNumber iasn;
-	hx509_name issuer;
-	size_t size;
-	
-	memset(&iasn, 0, sizeof(iasn));
-
-	ret = hx509_cert_get_issuer(c, &issuer);
-	if (ret) {
-	    free_ExternalPrincipalIdentifier(&id);
-	    return ret;
-	}
-
-	ret = hx509_name_to_Name(issuer, &iasn.issuer);
-	hx509_name_free(&issuer);
-	if (ret) {
-	    free_ExternalPrincipalIdentifier(&id);
-	    return ret;
-	}
-	
-	ret = hx509_cert_get_serialnumber(c, &iasn.serialNumber);
-	if (ret) {
-	    free_IssuerAndSerialNumber(&iasn);
-	    free_ExternalPrincipalIdentifier(&id);
-	    return ret;
-	}
-
-	ASN1_MALLOC_ENCODE(IssuerAndSerialNumber,
-			   id.issuerAndSerialNumber->data, 
-			   id.issuerAndSerialNumber->length,
-			   &iasn, &size, ret);
-	free_IssuerAndSerialNumber(&iasn);
-	if (ret)
-	    return ret;
-	if (id.issuerAndSerialNumber->length != size)
-	    abort();
-    }
-
-    id.subjectKeyIdentifier = NULL;
-
-    p = realloc(ids->val, sizeof(ids->val[0]) * (ids->len + 1)); 
-    if (p == NULL) {
-	free_ExternalPrincipalIdentifier(&id);
-	return ENOMEM;
-    }
-
-    ids->val = p;
-    ids->val[ids->len] = id;
-    ids->len++;
-
-    return 0;
-}
-
-static krb5_error_code
-build_edi(krb5_context context,
-	  hx509_context hx509ctx,
-	  hx509_certs certs,
-	  ExternalPrincipalIdentifiers *ids)
-{
-    return hx509_certs_iter(hx509ctx, certs, cert2epi, ids);
-}
-
-static krb5_error_code
-build_auth_pack(krb5_context context,
-		unsigned nonce,
-		krb5_pk_init_ctx ctx,
-		DH *dh,
-		const KDC_REQ_BODY *body,
-		AuthPack *a)
-{
-    size_t buf_size, len;
-    krb5_error_code ret;
-    void *buf;
-    krb5_timestamp sec;
-    int32_t usec;
-    Checksum checksum;
-
-    krb5_clear_error_string(context);
-
-    memset(&checksum, 0, sizeof(checksum));
-
-    krb5_us_timeofday(context, &sec, &usec);
-    a->pkAuthenticator.ctime = sec;
-    a->pkAuthenticator.nonce = nonce;
-
-    ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, body, &len, ret);
-    if (ret)
-	return ret;
-    if (buf_size != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-
-    ret = krb5_create_checksum(context,
-			       NULL,
-			       0,
-			       CKSUMTYPE_SHA1,
-			       buf,
-			       len,
-			       &checksum);
-    free(buf);
-    if (ret) 
-	return ret;
-
-    ALLOC(a->pkAuthenticator.paChecksum, 1);
-    if (a->pkAuthenticator.paChecksum == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    ret = krb5_data_copy(a->pkAuthenticator.paChecksum,
-			 checksum.checksum.data, checksum.checksum.length);
-    free_Checksum(&checksum);
-    if (ret)
-	return ret;
-
-    if (dh) {
-	DomainParameters dp;
-	heim_integer dh_pub_key;
-	krb5_data dhbuf;
-	size_t size;
-
-	if (1 /* support_cached_dh */) {
-	    ALLOC(a->clientDHNonce, 1);
-	    if (a->clientDHNonce == NULL) {
-		krb5_clear_error_string(context);
-		return ENOMEM;
-	    }
-	    ret = krb5_data_alloc(a->clientDHNonce, 40);
-	    if (a->clientDHNonce == NULL) {
-		krb5_clear_error_string(context);
-		return ENOMEM;
-	    }
-	    memset(a->clientDHNonce->data, 0, a->clientDHNonce->length);
-	    ret = krb5_copy_data(context, a->clientDHNonce, 
-				 &ctx->clientDHNonce);
-	    if (ret)
-		return ret;
-	}
-
-	ALLOC(a->clientPublicValue, 1);
-	if (a->clientPublicValue == NULL)
-	    return ENOMEM;
-	ret = der_copy_oid(oid_id_dhpublicnumber(),
-			   &a->clientPublicValue->algorithm.algorithm);
-	if (ret)
-	    return ret;
-	
-	memset(&dp, 0, sizeof(dp));
-
-	ret = BN_to_integer(context, dh->p, &dp.p);
-	if (ret) {
-	    free_DomainParameters(&dp);
-	    return ret;
-	}
-	ret = BN_to_integer(context, dh->g, &dp.g);
-	if (ret) {
-	    free_DomainParameters(&dp);
-	    return ret;
-	}
-	ret = BN_to_integer(context, dh->q, &dp.q);
-	if (ret) {
-	    free_DomainParameters(&dp);
-	    return ret;
-	}
-	dp.j = NULL;
-	dp.validationParms = NULL;
-
-	a->clientPublicValue->algorithm.parameters = 
-	    malloc(sizeof(*a->clientPublicValue->algorithm.parameters));
-	if (a->clientPublicValue->algorithm.parameters == NULL) {
-	    free_DomainParameters(&dp);
-	    return ret;
-	}
-
-	ASN1_MALLOC_ENCODE(DomainParameters,
-			   a->clientPublicValue->algorithm.parameters->data,
-			   a->clientPublicValue->algorithm.parameters->length,
-			   &dp, &size, ret);
-	free_DomainParameters(&dp);
-	if (ret)
-	    return ret;
-	if (size != a->clientPublicValue->algorithm.parameters->length)
-	    krb5_abortx(context, "Internal ASN1 encoder error");
-
-	ret = BN_to_integer(context, dh->pub_key, &dh_pub_key);
-	if (ret)
-	    return ret;
-
-	ASN1_MALLOC_ENCODE(DHPublicKey, dhbuf.data, dhbuf.length,
-			   &dh_pub_key, &size, ret);
-	der_free_heim_integer(&dh_pub_key);
-	if (ret)
-	    return ret;
-	if (size != dhbuf.length)
-	    krb5_abortx(context, "asn1 internal error");
-
-	a->clientPublicValue->subjectPublicKey.length = dhbuf.length * 8;
-	a->clientPublicValue->subjectPublicKey.data = dhbuf.data;
-    }
-
-    {
-	a->supportedCMSTypes = calloc(1, sizeof(*a->supportedCMSTypes));
-	if (a->supportedCMSTypes == NULL)
-	    return ENOMEM;
-
-	ret = hx509_crypto_available(ctx->id->hx509ctx, HX509_SELECT_ALL, NULL,
-				     &a->supportedCMSTypes->val,
-				     &a->supportedCMSTypes->len);
-	if (ret)
-	    return ret;
-    }
-
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_pk_mk_ContentInfo(krb5_context context,
-			const krb5_data *buf, 
-			const heim_oid *oid,
-			struct ContentInfo *content_info)
-{
-    krb5_error_code ret;
-
-    ret = der_copy_oid(oid, &content_info->contentType);
-    if (ret)
-	return ret;
-    ALLOC(content_info->content, 1);
-    if (content_info->content == NULL)
-	return ENOMEM;
-    content_info->content->data = malloc(buf->length);
-    if (content_info->content->data == NULL)
-	return ENOMEM;
-    memcpy(content_info->content->data, buf->data, buf->length);
-    content_info->content->length = buf->length;
-    return 0;
-}
-
-static krb5_error_code
-pk_mk_padata(krb5_context context,
-	     krb5_pk_init_ctx ctx,
-	     const KDC_REQ_BODY *req_body,
-	     unsigned nonce,
-	     METHOD_DATA *md)
-{
-    struct ContentInfo content_info;
-    krb5_error_code ret;
-    const heim_oid *oid;
-    size_t size;
-    krb5_data buf, sd_buf;
-    int pa_type;
-
-    krb5_data_zero(&buf);
-    krb5_data_zero(&sd_buf);
-    memset(&content_info, 0, sizeof(content_info));
-
-    if (ctx->type == COMPAT_WIN2K) {
-	AuthPack_Win2k ap;
-	krb5_timestamp sec;
-	int32_t usec;
-
-	memset(&ap, 0, sizeof(ap));
-
-	/* fill in PKAuthenticator */
-	ret = copy_PrincipalName(req_body->sname, &ap.pkAuthenticator.kdcName);
-	if (ret) {
-	    free_AuthPack_Win2k(&ap);
-	    krb5_clear_error_string(context);
-	    goto out;
-	}
-	ret = copy_Realm(&req_body->realm, &ap.pkAuthenticator.kdcRealm);
-	if (ret) {
-	    free_AuthPack_Win2k(&ap);
-	    krb5_clear_error_string(context);
-	    goto out;
-	}
-
-	krb5_us_timeofday(context, &sec, &usec);
-	ap.pkAuthenticator.ctime = sec;
-	ap.pkAuthenticator.cusec = usec;
-	ap.pkAuthenticator.nonce = nonce;
-
-	ASN1_MALLOC_ENCODE(AuthPack_Win2k, buf.data, buf.length,
-			   &ap, &size, ret);
-	free_AuthPack_Win2k(&ap);
-	if (ret) {
-	    krb5_set_error_string(context, "AuthPack_Win2k: %d", ret);
-	    goto out;
-	}
-	if (buf.length != size)
-	    krb5_abortx(context, "internal ASN1 encoder error");
-
-	oid = oid_id_pkcs7_data();
-    } else if (ctx->type == COMPAT_IETF) {
-	AuthPack ap;
-	
-	memset(&ap, 0, sizeof(ap));
-
-	ret = build_auth_pack(context, nonce, ctx, ctx->dh, req_body, &ap);
-	if (ret) {
-	    free_AuthPack(&ap);
-	    goto out;
-	}
-
-	ASN1_MALLOC_ENCODE(AuthPack, buf.data, buf.length, &ap, &size, ret);
-	free_AuthPack(&ap);
-	if (ret) {
-	    krb5_set_error_string(context, "AuthPack: %d", ret);
-	    goto out;
-	}
-	if (buf.length != size)
-	    krb5_abortx(context, "internal ASN1 encoder error");
-
-	oid = oid_id_pkauthdata();
-    } else
-	krb5_abortx(context, "internal pkinit error");
-
-    ret = _krb5_pk_create_sign(context,
-			       oid,
-			       &buf,
-			       ctx->id,
-			       ctx->peer,
-			       &sd_buf);
-    krb5_data_free(&buf);
-    if (ret)
-	goto out;
-
-    ret = hx509_cms_wrap_ContentInfo(oid_id_pkcs7_signedData(), &sd_buf, &buf);
-    krb5_data_free(&sd_buf);
-    if (ret) {
-	krb5_set_error_string(context,
-			      "ContentInfo wrapping of signedData failed");
-	goto out;
-    }
-
-    if (ctx->type == COMPAT_WIN2K) {
-	PA_PK_AS_REQ_Win2k winreq;
-
-	pa_type = KRB5_PADATA_PK_AS_REQ_WIN;
-
-	memset(&winreq, 0, sizeof(winreq));
-
-	winreq.signed_auth_pack = buf;
-
-	ASN1_MALLOC_ENCODE(PA_PK_AS_REQ_Win2k, buf.data, buf.length,
-			   &winreq, &size, ret);
-	free_PA_PK_AS_REQ_Win2k(&winreq);
-
-    } else if (ctx->type == COMPAT_IETF) {
-	PA_PK_AS_REQ req;
-
-	pa_type = KRB5_PADATA_PK_AS_REQ;
-
-	memset(&req, 0, sizeof(req));
-	req.signedAuthPack = buf;	
-
-	if (ctx->trustedCertifiers) {
-
-	    req.trustedCertifiers = calloc(1, sizeof(*req.trustedCertifiers));
-	    if (req.trustedCertifiers == NULL) {
-		krb5_set_error_string(context, "malloc: out of memory");
-		free_PA_PK_AS_REQ(&req);
-		goto out;
-	    }
-	    ret = build_edi(context, ctx->id->hx509ctx, 
-			    ctx->id->anchors, req.trustedCertifiers);
-	    if (ret) {
-		krb5_set_error_string(context, "pk-init: failed to build trustedCertifiers");
-		free_PA_PK_AS_REQ(&req);
-		goto out;
-	    }
-	}
-	req.kdcPkId = NULL;
-
-	ASN1_MALLOC_ENCODE(PA_PK_AS_REQ, buf.data, buf.length,
-			   &req, &size, ret);
-
-	free_PA_PK_AS_REQ(&req);
-
-    } else
-	krb5_abortx(context, "internal pkinit error");
-    if (ret) {
-	krb5_set_error_string(context, "PA-PK-AS-REQ %d", ret);
-	goto out;
-    }
-    if (buf.length != size)
-	krb5_abortx(context, "Internal ASN1 encoder error");
-
-    ret = krb5_padata_add(context, md, pa_type, buf.data, buf.length);
-    if (ret)
-	free(buf.data);
-
-    if (ret == 0 && ctx->type == COMPAT_WIN2K)
-	krb5_padata_add(context, md, KRB5_PADATA_PK_AS_09_BINDING, NULL, 0);
-
-out:
-    free_ContentInfo(&content_info);
-
-    return ret;
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION 
-_krb5_pk_mk_padata(krb5_context context,
-		   void *c,
-		   const KDC_REQ_BODY *req_body,
-		   unsigned nonce,
-		   METHOD_DATA *md)
-{
-    krb5_pk_init_ctx ctx = c;
-    int win2k_compat;
-
-    win2k_compat = krb5_config_get_bool_default(context, NULL,
-						FALSE,
-						"realms",
-						req_body->realm,
-						"pkinit_win2k",
-						NULL);
-
-    if (win2k_compat) {
-	ctx->require_binding = 
-	    krb5_config_get_bool_default(context, NULL,
-					 FALSE,
-					 "realms",
-					 req_body->realm,
-					 "pkinit_win2k_require_binding",
-					 NULL);
-	ctx->type = COMPAT_WIN2K;
-    } else
-	ctx->type = COMPAT_IETF;
-
-    ctx->require_eku = 
-	krb5_config_get_bool_default(context, NULL,
-				     TRUE,
-				     "realms",
-				     req_body->realm,
-				     "pkinit_require_eku",
-				     NULL);
-    ctx->require_krbtgt_otherName = 
-	krb5_config_get_bool_default(context, NULL,
-				     TRUE,
-				     "realms",
-				     req_body->realm,
-				     "pkinit_require_krbtgt_otherName",
-				     NULL);
-
-    ctx->require_hostname_match = 
-	krb5_config_get_bool_default(context, NULL,
-				     FALSE,
-				     "realms",
-				     req_body->realm,
-				     "pkinit_require_hostname_match",
-				     NULL);
-
-    ctx->trustedCertifiers = 
-	krb5_config_get_bool_default(context, NULL,
-				     TRUE,
-				     "realms",
-				     req_body->realm,
-				     "pkinit_trustedCertifiers",
-				     NULL);
-
-    return pk_mk_padata(context, ctx, req_body, nonce, md);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_pk_verify_sign(krb5_context context,
-		     const void *data,
-		     size_t length,
-		     struct krb5_pk_identity *id,
-		     heim_oid *contentType,
-		     krb5_data *content,
-		     struct krb5_pk_cert **signer)
-{
-    hx509_certs signer_certs;
-    int ret;
-
-    *signer = NULL;
-
-    ret = hx509_cms_verify_signed(id->hx509ctx,
-				  id->verify_ctx,
-				  data,
-				  length,
-				  NULL,
-				  id->certpool,
-				  contentType,
-				  content,
-				  &signer_certs);
-    if (ret) {
-	_krb5_pk_copy_error(context, id->hx509ctx, ret,
-			    "CMS verify signed failed");
-	return ret;
-    }
-
-    *signer = calloc(1, sizeof(**signer));
-    if (*signer == NULL) {
-	krb5_clear_error_string(context);
-	ret = ENOMEM;
-	goto out;
-    }
-	
-    ret = hx509_get_one_cert(id->hx509ctx, signer_certs, &(*signer)->cert);
-    if (ret) {
-	_krb5_pk_copy_error(context, id->hx509ctx, ret,
-			    "Failed to get on of the signer certs");
-	goto out;
-    }
-
-out:
-    hx509_certs_free(&signer_certs);
-    if (ret) {
-	if (*signer) {
-	    hx509_cert_free((*signer)->cert);
-	    free(*signer);
-	    *signer = NULL;
-	}
-    }
-
-    return ret;
-}
-
-static krb5_error_code
-get_reply_key_win(krb5_context context,
-		  const krb5_data *content,
-		  unsigned nonce,
-		  krb5_keyblock **key)
-{
-    ReplyKeyPack_Win2k key_pack;
-    krb5_error_code ret;
-    size_t size;
-
-    ret = decode_ReplyKeyPack_Win2k(content->data,
-				    content->length,
-				    &key_pack,
-				    &size);
-    if (ret) {
-	krb5_set_error_string(context, "PKINIT decoding reply key failed");
-	free_ReplyKeyPack_Win2k(&key_pack);
-	return ret;
-    }
-     
-    if (key_pack.nonce != nonce) {
-	krb5_set_error_string(context, "PKINIT enckey nonce is wrong");
-	free_ReplyKeyPack_Win2k(&key_pack);
-	return KRB5KRB_AP_ERR_MODIFIED;
-    }
-
-    *key = malloc (sizeof (**key));
-    if (*key == NULL) {
-	krb5_set_error_string(context, "PKINIT failed allocating reply key");
-	free_ReplyKeyPack_Win2k(&key_pack);
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    ret = copy_EncryptionKey(&key_pack.replyKey, *key);
-    free_ReplyKeyPack_Win2k(&key_pack);
-    if (ret) {
-	krb5_set_error_string(context, "PKINIT failed copying reply key");
-	free(*key);
-	*key = NULL;
-    }
-
-    return ret;
-}
-
-static krb5_error_code
-get_reply_key(krb5_context context,
-	      const krb5_data *content,
-	      const krb5_data *req_buffer,
-	      krb5_keyblock **key)
-{
-    ReplyKeyPack key_pack;
-    krb5_error_code ret;
-    size_t size;
-
-    ret = decode_ReplyKeyPack(content->data,
-			      content->length,
-			      &key_pack,
-			      &size);
-    if (ret) {
-	krb5_set_error_string(context, "PKINIT decoding reply key failed");
-	free_ReplyKeyPack(&key_pack);
-	return ret;
-    }
-    
-    {
-	krb5_crypto crypto;
-
-	/* 
-	 * XXX Verify kp.replyKey is a allowed enctype in the
-	 * configuration file
-	 */
-
-	ret = krb5_crypto_init(context, &key_pack.replyKey, 0, &crypto);
-	if (ret) {
-	    free_ReplyKeyPack(&key_pack);
-	    return ret;
-	}
-
-	ret = krb5_verify_checksum(context, crypto, 6,
-				   req_buffer->data, req_buffer->length,
-				   &key_pack.asChecksum);
-	krb5_crypto_destroy(context, crypto);
-	if (ret) {
-	    free_ReplyKeyPack(&key_pack);
-	    return ret;
-	}
-    }
-
-    *key = malloc (sizeof (**key));
-    if (*key == NULL) {
-	krb5_set_error_string(context, "PKINIT failed allocating reply key");
-	free_ReplyKeyPack(&key_pack);
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    ret = copy_EncryptionKey(&key_pack.replyKey, *key);
-    free_ReplyKeyPack(&key_pack);
-    if (ret) {
-	krb5_set_error_string(context, "PKINIT failed copying reply key");
-	free(*key);
-	*key = NULL;
-    }
-
-    return ret;
-}
-
-
-static krb5_error_code
-pk_verify_host(krb5_context context,
-	       const char *realm,
-	       const krb5_krbhst_info *hi,
-	       struct krb5_pk_init_ctx_data *ctx,
-	       struct krb5_pk_cert *host)
-{
-    krb5_error_code ret = 0;
-
-    if (ctx->require_eku) {
-	ret = hx509_cert_check_eku(ctx->id->hx509ctx, host->cert,
-				   oid_id_pkkdcekuoid(), 0);
-	if (ret) {
-	    krb5_set_error_string(context, "No PK-INIT KDC EKU in kdc certificate");
-	    return ret;
-	}
-    }
-    if (ctx->require_krbtgt_otherName) {
-	hx509_octet_string_list list;
-	int i;
-
-	ret = hx509_cert_find_subjectAltName_otherName(ctx->id->hx509ctx,
-						       host->cert,
-						       oid_id_pkinit_san(),
-						       &list);
-	if (ret) {
-	    krb5_set_error_string(context, "Failed to find the PK-INIT "
-				  "subjectAltName in the KDC certificate");
-
-	    return ret;
-	}
-
-	for (i = 0; i < list.len; i++) {
-	    KRB5PrincipalName r;
-
-	    ret = decode_KRB5PrincipalName(list.val[i].data,
-					   list.val[i].length,
-					   &r,
-					   NULL);
-	    if (ret) {
-		krb5_set_error_string(context, "Failed to decode the PK-INIT "
-				      "subjectAltName in the KDC certificate");
-
-		break;
-	    }
-
-	    if (r.principalName.name_string.len != 2 ||
-		strcmp(r.principalName.name_string.val[0], KRB5_TGS_NAME) != 0 ||
-		strcmp(r.principalName.name_string.val[1], realm) != 0 ||
-		strcmp(r.realm, realm) != 0)
-	    {
-		krb5_set_error_string(context, "KDC have wrong realm name in "
-				      "the certificate");
-		ret = KRB5_KDC_ERR_INVALID_CERTIFICATE;
-	    }
-
-	    free_KRB5PrincipalName(&r);
-	    if (ret)
-		break;
-	}
-	hx509_free_octet_string_list(&list);
-    }
-    if (ret)
-	return ret;
-    
-    if (hi) {
-	ret = hx509_verify_hostname(ctx->id->hx509ctx, host->cert, 
-				    ctx->require_hostname_match,
-				    HX509_HN_HOSTNAME,
-				    hi->hostname,
-				    hi->ai->ai_addr, hi->ai->ai_addrlen);
-
-	if (ret)
-	    krb5_set_error_string(context, "Address mismatch in "
-				  "the KDC certificate");
-    }
-    return ret;
-}
-
-static krb5_error_code
-pk_rd_pa_reply_enckey(krb5_context context,
-		      int type,
-		      const heim_octet_string *indata,
-		      const heim_oid *dataType,
-		      const char *realm,
-		      krb5_pk_init_ctx ctx,
-		      krb5_enctype etype,
-		      const krb5_krbhst_info *hi,
-	       	      unsigned nonce,
-		      const krb5_data *req_buffer,
-	       	      PA_DATA *pa,
-	       	      krb5_keyblock **key) 
-{
-    krb5_error_code ret;
-    struct krb5_pk_cert *host = NULL;
-    krb5_data content;
-    heim_oid contentType = { 0, NULL };
-
-    if (der_heim_oid_cmp(oid_id_pkcs7_envelopedData(), dataType)) {
-	krb5_set_error_string(context, "PKINIT: Invalid content type");
-	return EINVAL;
-    }
-
-    ret = hx509_cms_unenvelope(ctx->id->hx509ctx,
-			       ctx->id->certs,
-			       HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT,
-			       indata->data,
-			       indata->length,
-			       NULL,
-			       &contentType,
-			       &content);
-    if (ret) {
-	_krb5_pk_copy_error(context, ctx->id->hx509ctx, ret,
-			    "Failed to unenvelope CMS data in PK-INIT reply");
-	return ret;
-    }
-    der_free_oid(&contentType);
-
-#if 0 /* windows LH with interesting CMS packets, leaks memory */
-    {
-	size_t ph = 1 + der_length_len (length);
-	unsigned char *ptr = malloc(length + ph);
-	size_t l;
-
-	memcpy(ptr + ph, p, length);
-
-	ret = der_put_length_and_tag (ptr + ph - 1, ph, length,
-				      ASN1_C_UNIV, CONS, UT_Sequence, &l);
-	if (ret)
-	    return ret;
-	ptr += ph - l;
-	length += l;
-	p = ptr;
-    }
-#endif
-
-    /* win2k uses ContentInfo */
-    if (type == COMPAT_WIN2K) {
-	heim_oid type;
-	heim_octet_string out;
-
-	ret = hx509_cms_unwrap_ContentInfo(&content, &type, &out, NULL);
-	if (der_heim_oid_cmp(&type, oid_id_pkcs7_signedData())) {
-	    ret = EINVAL; /* XXX */
-	    krb5_set_error_string(context, "PKINIT: Invalid content type");
-	    der_free_oid(&type);
-	    der_free_octet_string(&out);
-	    goto out;
-	}
-	der_free_oid(&type);
-	krb5_data_free(&content);
-	ret = krb5_data_copy(&content, out.data, out.length);
-	der_free_octet_string(&out);
-	if (ret) {
-	    krb5_set_error_string(context, "PKINIT: out of memory");
-	    goto out;
-	}
-    }
-
-    ret = _krb5_pk_verify_sign(context, 
-			       content.data,
-			       content.length,
-			       ctx->id,
-			       &contentType,
-			       &content,
-			       &host);
-    if (ret)
-	goto out;
-
-    /* make sure that it is the kdc's certificate */
-    ret = pk_verify_host(context, realm, hi, ctx, host);
-    if (ret) {
-	goto out;
-    }
-
-#if 0
-    if (type == COMPAT_WIN2K) {
-	if (der_heim_oid_cmp(&contentType, oid_id_pkcs7_data()) != 0) {
-	    krb5_set_error_string(context, "PKINIT: reply key, wrong oid");
-	    ret = KRB5KRB_AP_ERR_MSG_TYPE;
-	    goto out;
-	}
-    } else {
-	if (der_heim_oid_cmp(&contentType, oid_id_pkrkeydata()) != 0) {
-	    krb5_set_error_string(context, "PKINIT: reply key, wrong oid");
-	    ret = KRB5KRB_AP_ERR_MSG_TYPE;
-	    goto out;
-	}
-    }
-#endif
-
-    switch(type) {
-    case COMPAT_WIN2K:
-	ret = get_reply_key(context, &content, req_buffer, key);
-	if (ret != 0 && ctx->require_binding == 0)
-	    ret = get_reply_key_win(context, &content, nonce, key);
-	break;
-    case COMPAT_IETF:
-	ret = get_reply_key(context, &content, req_buffer, key);
-	break;
-    }
-    if (ret)
-	goto out;
-
-    /* XXX compare given etype with key->etype */
-
- out:
-    if (host)
-	_krb5_pk_cert_free(host);
-    der_free_oid(&contentType);
-    krb5_data_free(&content);
-
-    return ret;
-}
-
-static krb5_error_code
-pk_rd_pa_reply_dh(krb5_context context,
-		  const heim_octet_string *indata,
-		  const heim_oid *dataType,
-		  const char *realm,
-		  krb5_pk_init_ctx ctx,
-		  krb5_enctype etype,
-		  const krb5_krbhst_info *hi,
-		  const DHNonce *c_n,
-		  const DHNonce *k_n,
-                  unsigned nonce,
-                  PA_DATA *pa,
-                  krb5_keyblock **key)
-{
-    unsigned char *p, *dh_gen_key = NULL;
-    struct krb5_pk_cert *host = NULL;
-    BIGNUM *kdc_dh_pubkey = NULL;
-    KDCDHKeyInfo kdc_dh_info;
-    heim_oid contentType = { 0, NULL };
-    krb5_data content;
-    krb5_error_code ret;
-    int dh_gen_keylen;
-    size_t size;
-
-    krb5_data_zero(&content);
-    memset(&kdc_dh_info, 0, sizeof(kdc_dh_info));
-
-    if (der_heim_oid_cmp(oid_id_pkcs7_signedData(), dataType)) {
-	krb5_set_error_string(context, "PKINIT: Invalid content type");
-	return EINVAL;
-    }
-
-    ret = _krb5_pk_verify_sign(context, 
-			       indata->data,
-			       indata->length,
-			       ctx->id,
-			       &contentType,
-			       &content,
-			       &host);
-    if (ret)
-	goto out;
-
-    /* make sure that it is the kdc's certificate */
-    ret = pk_verify_host(context, realm, hi, ctx, host);
-    if (ret)
-	goto out;
-
-    if (der_heim_oid_cmp(&contentType, oid_id_pkdhkeydata())) {
-	krb5_set_error_string(context, "pkinit - dh reply contains wrong oid");
-	ret = KRB5KRB_AP_ERR_MSG_TYPE;
-	goto out;
-    }
-
-    ret = decode_KDCDHKeyInfo(content.data,
-			      content.length,
-			      &kdc_dh_info,
-			      &size);
-
-    if (ret) {
-	krb5_set_error_string(context, "pkinit - "
-			      "failed to decode KDC DH Key Info");
-	goto out;
-    }
-
-    if (kdc_dh_info.nonce != nonce) {
-	krb5_set_error_string(context, "PKINIT: DH nonce is wrong");
-	ret = KRB5KRB_AP_ERR_MODIFIED;
-	goto out;
-    }
-
-    if (kdc_dh_info.dhKeyExpiration) {
-	if (k_n == NULL) {
-	    krb5_set_error_string(context, "pkinit; got key expiration "
-				  "without server nonce");
-	    ret = KRB5KRB_ERR_GENERIC;
-	    goto out;
-	}
-	if (c_n == NULL) {
-	    krb5_set_error_string(context, "pkinit; got DH reuse but no "
-				  "client nonce");
-	    ret = KRB5KRB_ERR_GENERIC;
-	    goto out;
-	}
-    } else {
-	if (k_n) {
-	    krb5_set_error_string(context, "pkinit: got server nonce "
-				  "without key expiration");
-	    ret = KRB5KRB_ERR_GENERIC;
-	    goto out;
-	}
-	c_n = NULL;
-    }
-
-
-    p = kdc_dh_info.subjectPublicKey.data;
-    size = (kdc_dh_info.subjectPublicKey.length + 7) / 8;
-
-    {
-	DHPublicKey k;
-	ret = decode_DHPublicKey(p, size, &k, NULL);
-	if (ret) {
-	    krb5_set_error_string(context, "pkinit: can't decode "
-				  "without key expiration");
-	    goto out;
-	}
-
-	kdc_dh_pubkey = integer_to_BN(context, "DHPublicKey", &k);
-	free_DHPublicKey(&k);
-	if (kdc_dh_pubkey == NULL) {
-	    ret = KRB5KRB_ERR_GENERIC;
-	    goto out;
-	}
-    }
-    
-    dh_gen_keylen = DH_size(ctx->dh);
-    size = BN_num_bytes(ctx->dh->p);
-    if (size < dh_gen_keylen)
-	size = dh_gen_keylen;
-
-    dh_gen_key = malloc(size);
-    if (dh_gen_key == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	ret = ENOMEM;
-	goto out;
-    }
-    memset(dh_gen_key, 0, size - dh_gen_keylen);
-
-    dh_gen_keylen = DH_compute_key(dh_gen_key + (size - dh_gen_keylen),
-				   kdc_dh_pubkey, ctx->dh);
-    if (dh_gen_keylen == -1) {
-	krb5_set_error_string(context, 
-			      "PKINIT: Can't compute Diffie-Hellman key");
-	ret = KRB5KRB_ERR_GENERIC;
-	goto out;
-    }
-
-    *key = malloc (sizeof (**key));
-    if (*key == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	ret = ENOMEM;
-	goto out;
-    }
-
-    ret = _krb5_pk_octetstring2key(context,
-				   etype,
-				   dh_gen_key, dh_gen_keylen,
-				   c_n, k_n,
-				   *key);
-    if (ret) {
-	krb5_set_error_string(context,
-			      "PKINIT: can't create key from DH key");
-	free(*key);
-	*key = NULL;
-	goto out;
-    }
-
- out:
-    if (kdc_dh_pubkey)
-	BN_free(kdc_dh_pubkey);
-    if (dh_gen_key) {
-	memset(dh_gen_key, 0, DH_size(ctx->dh));
-	free(dh_gen_key);
-    }
-    if (host)
-	_krb5_pk_cert_free(host);
-    if (content.data)
-	krb5_data_free(&content);
-    der_free_oid(&contentType);
-    free_KDCDHKeyInfo(&kdc_dh_info);
-
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_pk_rd_pa_reply(krb5_context context,
-		     const char *realm,
-		     void *c,
-		     krb5_enctype etype,
-		     const krb5_krbhst_info *hi,
-		     unsigned nonce,
-		     const krb5_data *req_buffer,
-		     PA_DATA *pa,
-		     krb5_keyblock **key)
-{
-    krb5_pk_init_ctx ctx = c;
-    krb5_error_code ret;
-    size_t size;
-
-    /* Check for IETF PK-INIT first */
-    if (ctx->type == COMPAT_IETF) {
-	PA_PK_AS_REP rep;
-	heim_octet_string os, data;
-	heim_oid oid;
-	
-	if (pa->padata_type != KRB5_PADATA_PK_AS_REP) {
-	    krb5_set_error_string(context, "PKINIT: wrong padata recv");
-	    return EINVAL;
-	}
-
-	ret = decode_PA_PK_AS_REP(pa->padata_value.data,
-				  pa->padata_value.length,
-				  &rep,
-				  &size);
-	if (ret) {
-	    krb5_set_error_string(context, "Failed to decode pkinit AS rep");
-	    return ret;
-	}
-
-	switch (rep.element) {
-	case choice_PA_PK_AS_REP_dhInfo:
-	    os = rep.u.dhInfo.dhSignedData;
-	    break;
-	case choice_PA_PK_AS_REP_encKeyPack:
-	    os = rep.u.encKeyPack;
-	    break;
-	default:
-	    free_PA_PK_AS_REP(&rep);
-	    krb5_set_error_string(context, "PKINIT: -27 reply "
-				  "invalid content type");
-	    return EINVAL;
-	}
-
-	ret = hx509_cms_unwrap_ContentInfo(&os, &oid, &data, NULL);
-	if (ret) {
-	    free_PA_PK_AS_REP(&rep);
-	    krb5_set_error_string(context, "PKINIT: failed to unwrap CI");
-	    return ret;
-	}
-
-	switch (rep.element) {
-	case choice_PA_PK_AS_REP_dhInfo:
-	    ret = pk_rd_pa_reply_dh(context, &data, &oid, realm, ctx, etype, hi,
-				    ctx->clientDHNonce,
-				    rep.u.dhInfo.serverDHNonce,
-				    nonce, pa, key);
-	    break;
-	case choice_PA_PK_AS_REP_encKeyPack:
-	    ret = pk_rd_pa_reply_enckey(context, COMPAT_IETF, &data, &oid, realm, 
-					ctx, etype, hi, nonce, req_buffer, pa, key);
-	    break;
-	default:
-	    krb5_abortx(context, "pk-init as-rep case not possible to happen");
-	}
-	der_free_octet_string(&data);
-	der_free_oid(&oid);
-	free_PA_PK_AS_REP(&rep);
-
-    } else if (ctx->type == COMPAT_WIN2K) {
-	PA_PK_AS_REP_Win2k w2krep;
-
-	/* Check for Windows encoding of the AS-REP pa data */ 
-
-#if 0 /* should this be ? */
-	if (pa->padata_type != KRB5_PADATA_PK_AS_REP) {
-	    krb5_set_error_string(context, "PKINIT: wrong padata recv");
-	    return EINVAL;
-	}
-#endif
-
-	memset(&w2krep, 0, sizeof(w2krep));
-	
-	ret = decode_PA_PK_AS_REP_Win2k(pa->padata_value.data,
-					pa->padata_value.length,
-					&w2krep,
-					&size);
-	if (ret) {
-	    krb5_set_error_string(context, "PKINIT: Failed decoding windows "
-				  "pkinit reply %d", ret);
-	    return ret;
-	}
-
-	krb5_clear_error_string(context);
-	
-	switch (w2krep.element) {
-	case choice_PA_PK_AS_REP_Win2k_encKeyPack: {
-	    heim_octet_string data;
-	    heim_oid oid;
-	    
-	    ret = hx509_cms_unwrap_ContentInfo(&w2krep.u.encKeyPack, 
-					       &oid, &data, NULL);
-	    free_PA_PK_AS_REP_Win2k(&w2krep);
-	    if (ret) {
-		krb5_set_error_string(context, "PKINIT: failed to unwrap CI");
-		return ret;
-	    }
-
-	    ret = pk_rd_pa_reply_enckey(context, COMPAT_WIN2K, &data, &oid, realm,
-					ctx, etype, hi, nonce, req_buffer, pa, key);
-	    der_free_octet_string(&data);
-	    der_free_oid(&oid);
-
-	    break;
-	}
-	default:
-	    free_PA_PK_AS_REP_Win2k(&w2krep);
-	    krb5_set_error_string(context, "PKINIT: win2k reply invalid "
-				  "content type");
-	    ret = EINVAL;
-	    break;
-	}
-    
-    } else {
-	krb5_set_error_string(context, "PKINIT: unknown reply type");
-	ret = EINVAL;
-    }
-
-    return ret;
-}
-
-struct prompter {
-    krb5_context context;
-    krb5_prompter_fct prompter;
-    void *prompter_data;
-};
-
-static int 
-hx_pass_prompter(void *data, const hx509_prompt *prompter)
-{
-    krb5_error_code ret;
-    krb5_prompt prompt;
-    krb5_data password_data;
-    struct prompter *p = data;
-   
-    password_data.data   = prompter->reply.data;
-    password_data.length = prompter->reply.length;
-
-    prompt.prompt = prompter->prompt;
-    prompt.hidden = hx509_prompt_hidden(prompter->type);
-    prompt.reply  = &password_data;
-
-    switch (prompter->type) {
-    case HX509_PROMPT_TYPE_INFO:
-	prompt.type   = KRB5_PROMPT_TYPE_INFO;
-	break;
-    case HX509_PROMPT_TYPE_PASSWORD:
-    case HX509_PROMPT_TYPE_QUESTION:
-    default:
-	prompt.type   = KRB5_PROMPT_TYPE_PASSWORD;
-	break;
-    }	
-   
-    ret = (*p->prompter)(p->context, p->prompter_data, NULL, NULL, 1, &prompt);
-    if (ret) {
-	memset (prompter->reply.data, 0, prompter->reply.length);
-	return 1;
-    }
-    return 0;
-}
-
-
-void KRB5_LIB_FUNCTION
-_krb5_pk_allow_proxy_certificate(struct krb5_pk_identity *id,
-				 int boolean)
-{
-    hx509_verify_set_proxy_certificate(id->verify_ctx, boolean);
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_pk_load_id(krb5_context context,
-		 struct krb5_pk_identity **ret_id,
-		 const char *user_id,
-		 const char *anchor_id,
-		 char * const *chain_list,
-		 char * const *revoke_list,
-		 krb5_prompter_fct prompter,
-		 void *prompter_data,
-		 char *password)
-{
-    struct krb5_pk_identity *id = NULL;
-    hx509_lock lock = NULL;
-    struct prompter p;
-    int ret;
-
-    *ret_id = NULL;
-
-    if (anchor_id == NULL) {
-	krb5_set_error_string(context, "PKINIT: No anchor given");
-	return HEIM_PKINIT_NO_VALID_CA;
-    }
-
-    if (user_id == NULL) {
-	krb5_set_error_string(context,
-			      "PKINIT: No user certificate given");
-	return HEIM_PKINIT_NO_PRIVATE_KEY;
-    }
-
-    /* load cert */
-
-    id = calloc(1, sizeof(*id));
-    if (id == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }	
-
-    ret = hx509_context_init(&id->hx509ctx);
-    if (ret)
-	goto out;
-
-    ret = hx509_lock_init(id->hx509ctx, &lock);
-    if (password && password[0])
-	hx509_lock_add_password(lock, password);
-
-    if (prompter) {
-	p.context = context;
-	p.prompter = prompter;
-	p.prompter_data = prompter_data;
-
-	ret = hx509_lock_set_prompter(lock, hx_pass_prompter, &p);
-	if (ret)
-	    goto out;
-    }
-
-    ret = hx509_certs_init(id->hx509ctx, user_id, 0, lock, &id->certs);
-    if (ret) {
-	_krb5_pk_copy_error(context, id->hx509ctx, ret,
-			    "Failed to init cert certs");
-	goto out;
-    }
-
-    ret = hx509_certs_init(id->hx509ctx, anchor_id, 0, NULL, &id->anchors);
-    if (ret) {
-	_krb5_pk_copy_error(context, id->hx509ctx, ret,
-			    "Failed to init anchors");
-	goto out;
-    }
-
-    ret = hx509_certs_init(id->hx509ctx, "MEMORY:pkinit-cert-chain", 
-			   0, NULL, &id->certpool);
-    if (ret) {
-	_krb5_pk_copy_error(context, id->hx509ctx, ret,
-			    "Failed to init chain");
-	goto out;
-    }
-
-    while (chain_list && *chain_list) {
-	ret = hx509_certs_append(id->hx509ctx, id->certpool,
-				 NULL, *chain_list);
-	if (ret) {
-	    _krb5_pk_copy_error(context, id->hx509ctx, ret,
-				"Failed to laod chain %s",
-				*chain_list);
-	    goto out;
-	}
-	chain_list++;
-    }
-
-    if (revoke_list) {
-	ret = hx509_revoke_init(id->hx509ctx, &id->revokectx);
-	if (ret) {
-	    _krb5_pk_copy_error(context, id->hx509ctx, ret,
-				"Failed init revoke list");
-	    goto out;
-	}
-
-	while (*revoke_list) {
-	    ret = hx509_revoke_add_crl(id->hx509ctx, 
-				       id->revokectx,
-				       *revoke_list);
-	    if (ret) {
-		_krb5_pk_copy_error(context, id->hx509ctx, ret, 
-				    "Failed load revoke list");
-		goto out;
-	    }
-	    revoke_list++;
-	}
-    } else
-	hx509_context_set_missing_revoke(id->hx509ctx, 1);
-
-    ret = hx509_verify_init_ctx(id->hx509ctx, &id->verify_ctx);
-    if (ret) {
-	_krb5_pk_copy_error(context, id->hx509ctx, ret, 
-			    "Failed init verify context");
-	goto out;
-    }
-
-    hx509_verify_attach_anchors(id->verify_ctx, id->anchors);
-    hx509_verify_attach_revoke(id->verify_ctx, id->revokectx);
-
-out:
-    if (ret) {
-	hx509_verify_destroy_ctx(id->verify_ctx);
-	hx509_certs_free(&id->certs);
-	hx509_certs_free(&id->anchors);
-	hx509_certs_free(&id->certpool);
-	hx509_revoke_free(&id->revokectx);
-	hx509_context_free(&id->hx509ctx);
-	free(id);
-    } else
-	*ret_id = id;
-
-    hx509_lock_free(lock);
-
-    return ret;
-}
-
-static krb5_error_code
-select_dh_group(krb5_context context, DH *dh, unsigned long bits, 
-		struct krb5_dh_moduli **moduli)
-{
-    const struct krb5_dh_moduli *m;
-
-    if (bits == 0) {
-	m = moduli[1]; /* XXX */
-	if (m == NULL)
-	    m = moduli[0]; /* XXX */
-    } else {
-	int i;
-	for (i = 0; moduli[i] != NULL; i++) {
-	    if (bits < moduli[i]->bits)
-		break;
-	}
-	if (moduli[i] == NULL) {
-	    krb5_set_error_string(context, 
-				  "Did not find a DH group parameter "
-				  "matching requirement of %lu bits",
-				  bits);
-	    return EINVAL;
-	}
-	m = moduli[i];
-    }
-
-    dh->p = integer_to_BN(context, "p", &m->p);
-    if (dh->p == NULL)
-	return ENOMEM;
-    dh->g = integer_to_BN(context, "g", &m->g);
-    if (dh->g == NULL)
-	return ENOMEM;
-    dh->q = integer_to_BN(context, "q", &m->q);
-    if (dh->q == NULL)
-	return ENOMEM;
-
-    return 0;
-}
-
-#endif /* PKINIT */
-
-static int
-parse_integer(krb5_context context, char **p, const char *file, int lineno, 
-	      const char *name, heim_integer *integer)
-{
-    int ret;
-    char *p1;
-    p1 = strsep(p, " \t");
-    if (p1 == NULL) {
-	krb5_set_error_string(context, "moduli file %s missing %s on line %d",
-			      file, name, lineno);
-	return EINVAL;
-    }
-    ret = der_parse_hex_heim_integer(p1, integer);
-    if (ret) {
-	krb5_set_error_string(context, "moduli file %s failed parsing %s "
-			      "on line %d",
-			      file, name, lineno);
-	return ret;
-    }
-
-    return 0;
-}
-
-krb5_error_code
-_krb5_parse_moduli_line(krb5_context context, 
-			const char *file,
-			int lineno,
-			char *p,
-			struct krb5_dh_moduli **m)
-{
-    struct krb5_dh_moduli *m1;
-    char *p1;
-    int ret;
-
-    *m = NULL;
-
-    m1 = calloc(1, sizeof(*m1));
-    if (m1 == NULL) {
-	krb5_set_error_string(context, "malloc - out of memory");
-	return ENOMEM;
-    }
-
-    while (isspace((unsigned char)*p))
-	p++;
-    if (*p  == '#')
-	return 0;
-    ret = EINVAL;
-
-    p1 = strsep(&p, " \t");
-    if (p1 == NULL) {
-	krb5_set_error_string(context, "moduli file %s missing name "
-			      "on line %d", file, lineno);
-	goto out;
-    }
-    m1->name = strdup(p1);
-    if (p1 == NULL) {
-	krb5_set_error_string(context, "malloc - out of memeory");
-	ret = ENOMEM;
-	goto out;
-    }
-
-    p1 = strsep(&p, " \t");
-    if (p1 == NULL) {
-	krb5_set_error_string(context, "moduli file %s missing bits on line %d",
-			      file, lineno);
-	goto out;
-    }
-
-    m1->bits = atoi(p1);
-    if (m1->bits == 0) {
-	krb5_set_error_string(context, "moduli file %s have un-parsable "
-			      "bits on line %d", file, lineno);
-	goto out;
-    }
-	
-    ret = parse_integer(context, &p, file, lineno, "p", &m1->p);
-    if (ret)
-	goto out;
-    ret = parse_integer(context, &p, file, lineno, "g", &m1->g);
-    if (ret)
-	goto out;
-    ret = parse_integer(context, &p, file, lineno, "q", &m1->q);
-    if (ret)
-	goto out;
-
-    *m = m1;
-
-    return 0;
-out:
-    free(m1->name);
-    der_free_heim_integer(&m1->p);
-    der_free_heim_integer(&m1->g);
-    der_free_heim_integer(&m1->q);
-    free(m1);
-    return ret;
-}
-
-void
-_krb5_free_moduli(struct krb5_dh_moduli **moduli)
-{
-    int i;
-    for (i = 0; moduli[i] != NULL; i++) {
-	free(moduli[i]->name);
-	der_free_heim_integer(&moduli[i]->p);
-	der_free_heim_integer(&moduli[i]->g);
-	der_free_heim_integer(&moduli[i]->q);
-	free(moduli[i]);
-    }
-    free(moduli);
-}
-
-static const char *default_moduli_RFC2412_MODP_group2 =
-    /* name */
-    "RFC2412-MODP-group2 "
-    /* bits */
-    "1024 "
-    /* p */
-    "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
-    "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
-    "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"
-    "E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED"
-    "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE65381"
-    "FFFFFFFF" "FFFFFFFF "
-    /* g */
-    "02 "
-    /* q */
-    "7FFFFFFF" "FFFFFFFF" "E487ED51" "10B4611A" "62633145" "C06E0E68"
-    "94812704" "4533E63A" "0105DF53" "1D89CD91" "28A5043C" "C71A026E"
-    "F7CA8CD9" "E69D218D" "98158536" "F92F8A1B" "A7F09AB6" "B6A8E122"
-    "F242DABB" "312F3F63" "7A262174" "D31BF6B5" "85FFAE5B" "7A035BF6"
-    "F71C35FD" "AD44CFD2" "D74F9208" "BE258FF3" "24943328" "F67329C0"
-    "FFFFFFFF" "FFFFFFFF";
-
-static const char *default_moduli_rfc3526_MODP_group14 =
-    /* name */
-    "rfc3526-MODP-group14 "
-    /* bits */
-    "1760 "
-    /* p */
-    "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
-    "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
-    "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"
-    "E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED"
-    "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE45B3D"
-    "C2007CB8" "A163BF05" "98DA4836" "1C55D39A" "69163FA8" "FD24CF5F"
-    "83655D23" "DCA3AD96" "1C62F356" "208552BB" "9ED52907" "7096966D"
-    "670C354E" "4ABC9804" "F1746C08" "CA18217C" "32905E46" "2E36CE3B"
-    "E39E772C" "180E8603" "9B2783A2" "EC07A28F" "B5C55DF0" "6F4C52C9"
-    "DE2BCBF6" "95581718" "3995497C" "EA956AE5" "15D22618" "98FA0510"
-    "15728E5A" "8AACAA68" "FFFFFFFF" "FFFFFFFF "
-    /* g */
-    "02 "
-    /* q */
-    "7FFFFFFF" "FFFFFFFF" "E487ED51" "10B4611A" "62633145" "C06E0E68"
-    "94812704" "4533E63A" "0105DF53" "1D89CD91" "28A5043C" "C71A026E"
-    "F7CA8CD9" "E69D218D" "98158536" "F92F8A1B" "A7F09AB6" "B6A8E122"
-    "F242DABB" "312F3F63" "7A262174" "D31BF6B5" "85FFAE5B" "7A035BF6"
-    "F71C35FD" "AD44CFD2" "D74F9208" "BE258FF3" "24943328" "F6722D9E"
-    "E1003E5C" "50B1DF82" "CC6D241B" "0E2AE9CD" "348B1FD4" "7E9267AF"
-    "C1B2AE91" "EE51D6CB" "0E3179AB" "1042A95D" "CF6A9483" "B84B4B36"
-    "B3861AA7" "255E4C02" "78BA3604" "650C10BE" "19482F23" "171B671D"
-    "F1CF3B96" "0C074301" "CD93C1D1" "7603D147" "DAE2AEF8" "37A62964"
-    "EF15E5FB" "4AAC0B8C" "1CCAA4BE" "754AB572" "8AE9130C" "4C7D0288"
-    "0AB9472D" "45565534" "7FFFFFFF" "FFFFFFFF";
-
-krb5_error_code
-_krb5_parse_moduli(krb5_context context, const char *file,
-		   struct krb5_dh_moduli ***moduli)
-{
-    /* name bits P G Q */
-    krb5_error_code ret;
-    struct krb5_dh_moduli **m = NULL, **m2;
-    char buf[4096];
-    FILE *f;
-    int lineno = 0, n = 0;
-
-    *moduli = NULL;
-
-    m = calloc(1, sizeof(m[0]) * 3);
-    if (m == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    strlcpy(buf, default_moduli_rfc3526_MODP_group14, sizeof(buf));
-    ret = _krb5_parse_moduli_line(context, "builtin", 1, buf,  &m[0]);
-    if (ret) {
-	_krb5_free_moduli(m);
-	return ret;
-    }
-    n++;
-
-    strlcpy(buf, default_moduli_RFC2412_MODP_group2, sizeof(buf));
-    ret = _krb5_parse_moduli_line(context, "builtin", 1, buf,  &m[1]);
-    if (ret) {
-	_krb5_free_moduli(m);
-	return ret;
-    }
-    n++;
-
-
-    if (file == NULL)
-	file = MODULI_FILE;
-
-    f = fopen(file, "r");
-    if (f == NULL) {
-	*moduli = m;
-	return 0;
-    }
-
-    while(fgets(buf, sizeof(buf), f) != NULL) {
-	struct krb5_dh_moduli *element;
-
-	buf[strcspn(buf, "\n")] = '\0';
-	lineno++;
-
-	m2 = realloc(m, (n + 2) * sizeof(m[0]));
-	if (m2 == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    _krb5_free_moduli(m);
-	    return ENOMEM;
-	}
-	m = m2;
-	
-	m[n] = NULL;
-
-	ret = _krb5_parse_moduli_line(context, file, lineno, buf,  &element);
-	if (ret) {
-	    _krb5_free_moduli(m);
-	    return ret;
-	}
-	if (element == NULL)
-	    continue;
-
-	m[n] = element;
-	m[n + 1] = NULL;
-	n++;
-    }
-    *moduli = m;
-    return 0;
-}
-
-krb5_error_code
-_krb5_dh_group_ok(krb5_context context, unsigned long bits,
-		  heim_integer *p, heim_integer *g, heim_integer *q,
-		  struct krb5_dh_moduli **moduli,
-		  char **name)
-{
-    int i;
-
-    if (name)
-	*name = NULL;
-
-    for (i = 0; moduli[i] != NULL; i++) {
-	if (der_heim_integer_cmp(&moduli[i]->g, g) == 0 &&
-	    der_heim_integer_cmp(&moduli[i]->p, p) == 0 &&
-	    (q == NULL || der_heim_integer_cmp(&moduli[i]->q, q) == 0))
-	{
-	    if (bits && bits > moduli[i]->bits) {
-		krb5_set_error_string(context, "PKINIT: DH group parameter %s "
-				      "no accepted, not enough bits generated",
-				      moduli[i]->name);
-		return KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED;
-	    }
-	    if (name)
-		*name = strdup(moduli[i]->name);
-	    return 0;
-	}
-    }
-    krb5_set_error_string(context, "PKINIT: DH group parameter no ok");
-    return KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED;
-}
-
-void KRB5_LIB_FUNCTION
-_krb5_get_init_creds_opt_free_pkinit(krb5_get_init_creds_opt *opt)
-{
-#ifdef PKINIT
-    krb5_pk_init_ctx ctx;
-
-    if (opt->opt_private == NULL || opt->opt_private->pk_init_ctx == NULL)
-	return;
-    ctx = opt->opt_private->pk_init_ctx;
-    if (ctx->dh)
-	DH_free(ctx->dh);
-	ctx->dh = NULL;
-    if (ctx->id) {
-	hx509_verify_destroy_ctx(ctx->id->verify_ctx);
-	hx509_certs_free(&ctx->id->certs);
-	hx509_certs_free(&ctx->id->anchors);
-	hx509_certs_free(&ctx->id->certpool);
-	hx509_context_free(&ctx->id->hx509ctx);
-
-	if (ctx->clientDHNonce) {
-	    krb5_free_data(NULL, ctx->clientDHNonce);
-	    ctx->clientDHNonce = NULL;
-	}
-	if (ctx->m)
-	    _krb5_free_moduli(ctx->m);
-	free(ctx->id);
-	ctx->id = NULL;
-    }
-    free(opt->opt_private->pk_init_ctx);
-    opt->opt_private->pk_init_ctx = NULL;
-#endif
-}
-    
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_init_creds_opt_set_pkinit(krb5_context context,
-				   krb5_get_init_creds_opt *opt,
-				   krb5_principal principal,
-				   const char *user_id,
-				   const char *x509_anchors,
-				   char * const * pool,
-				   char * const * pki_revoke,
-				   int flags,
-				   krb5_prompter_fct prompter,
-				   void *prompter_data,
-				   char *password)
-{
-#ifdef PKINIT
-    krb5_error_code ret;
-    char *anchors = NULL;
-
-    if (opt->opt_private == NULL) {
-	krb5_set_error_string(context, "PKINIT: on non extendable opt");
-	return EINVAL;
-    }
-
-    opt->opt_private->pk_init_ctx = 
-	calloc(1, sizeof(*opt->opt_private->pk_init_ctx));
-    if (opt->opt_private->pk_init_ctx == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    opt->opt_private->pk_init_ctx->dh = NULL;
-    opt->opt_private->pk_init_ctx->id = NULL;
-    opt->opt_private->pk_init_ctx->clientDHNonce = NULL;
-    opt->opt_private->pk_init_ctx->require_binding = 0;
-    opt->opt_private->pk_init_ctx->require_eku = 1;
-    opt->opt_private->pk_init_ctx->require_krbtgt_otherName = 1;
-    opt->opt_private->pk_init_ctx->peer = NULL;
-
-    /* XXX implement krb5_appdefault_strings  */
-    if (pool == NULL)
-	pool = krb5_config_get_strings(context, NULL,
-				       "appdefaults", 
-				       "pkinit_pool", 
-				       NULL);
-
-    if (pki_revoke == NULL)
-	pki_revoke = krb5_config_get_strings(context, NULL,
-					     "appdefaults", 
-					     "pkinit_revoke", 
-					     NULL);
-
-    if (x509_anchors == NULL) {
-	krb5_appdefault_string(context, "kinit",
-			       krb5_principal_get_realm(context, principal), 
-			       "pkinit_anchors", NULL, &anchors);
-	x509_anchors = anchors;
-    }
-
-    ret = _krb5_pk_load_id(context,
-			   &opt->opt_private->pk_init_ctx->id,
-			   user_id,
-			   x509_anchors,
-			   pool,
-			   pki_revoke,
-			   prompter,
-			   prompter_data,
-			   password);
-    if (ret) {
-	free(opt->opt_private->pk_init_ctx);
-	opt->opt_private->pk_init_ctx = NULL;
-	return ret;
-    }
-
-    if ((flags & 2) == 0) {
-	const char *moduli_file;
-	unsigned long dh_min_bits;
-
-	moduli_file = krb5_config_get_string(context, NULL,
-					     "libdefaults",
-					     "moduli",
-					     NULL);
-
-	dh_min_bits =
-	    krb5_config_get_int_default(context, NULL, 0,
-					"libdefaults",
-					"pkinit_dh_min_bits",
-					NULL);
-
-	ret = _krb5_parse_moduli(context, moduli_file, 
-				 &opt->opt_private->pk_init_ctx->m);
-	if (ret) {
-	    _krb5_get_init_creds_opt_free_pkinit(opt);
-	    return ret;
-	}
-	
-	opt->opt_private->pk_init_ctx->dh = DH_new();
-	if (opt->opt_private->pk_init_ctx->dh == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    _krb5_get_init_creds_opt_free_pkinit(opt);
-	    return ENOMEM;
-	}
-
-	ret = select_dh_group(context, opt->opt_private->pk_init_ctx->dh,
-			      dh_min_bits, 
-			      opt->opt_private->pk_init_ctx->m);
-	if (ret) {
-	    _krb5_get_init_creds_opt_free_pkinit(opt);
-	    return ret;
-	}
-
-	if (DH_generate_key(opt->opt_private->pk_init_ctx->dh) != 1) {
-	    krb5_set_error_string(context, "pkinit: failed to generate DH key");
-	    _krb5_get_init_creds_opt_free_pkinit(opt);
-	    return ENOMEM;
-	}
-    }
-
-    return 0;
-#else
-    krb5_set_error_string(context, "no support for PKINIT compiled in");
-    return EINVAL;
-#endif
-}
-
-/*
- *
- */
-
-static void
-_krb5_pk_copy_error(krb5_context context,
-		    hx509_context hx509ctx,
-		    int hxret,
-		    const char *fmt,
-		    ...)
-{
-    va_list va;
-    char *s, *f;
-
-    va_start(va, fmt);
-    vasprintf(&f, fmt, va);
-    va_end(va);
-    if (f == NULL) {
-	krb5_clear_error_string(context);
-	return;
-    }
-
-    s = hx509_get_error_string(hx509ctx, hxret);
-    if (s == NULL) {
-	krb5_clear_error_string(context);
-	free(f);
-	return;
-    }
-    krb5_set_error_string(context, "%s: %s", f, s);
-    free(s);
-    free(f);
-}
diff --git a/crypto/heimdal/lib/krb5/plugin.c b/crypto/heimdal/lib/krb5/plugin.c
deleted file mode 100644
index bae28496aaf8..000000000000
--- a/crypto/heimdal/lib/krb5/plugin.c
+++ /dev/null
@@ -1,264 +0,0 @@
-/*
- * Copyright (c) 2006 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-RCSID("$Id: plugin.c 22033 2007-11-10 10:39:47Z lha $");
-#ifdef HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-#include <dirent.h>
-
-struct krb5_plugin {
-    void *symbol;
-    void *dsohandle;
-    struct krb5_plugin *next;
-};
-
-struct plugin {
-    enum krb5_plugin_type type;
-    void *name;
-    void *symbol;
-    struct plugin *next;
-};
-
-static HEIMDAL_MUTEX plugin_mutex = HEIMDAL_MUTEX_INITIALIZER;
-static struct plugin *registered = NULL;
-
-static const char *plugin_dir = LIBDIR "/plugin/krb5";
-
-/*
- *
- */
-
-void *
-_krb5_plugin_get_symbol(struct krb5_plugin *p)
-{
-    return p->symbol;
-}
-
-struct krb5_plugin *
-_krb5_plugin_get_next(struct krb5_plugin *p)
-{
-    return p->next;
-}
-
-/*
- *
- */
-
-#ifdef HAVE_DLOPEN
-
-static krb5_error_code
-loadlib(krb5_context context,
-	enum krb5_plugin_type type,
-	const char *name,
-	const char *lib,
-	struct krb5_plugin **e)
-{
-    *e = calloc(1, sizeof(**e));
-    if (*e == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-
-#ifndef RTLD_LAZY
-#define RTLD_LAZY 0
-#endif
-
-    (*e)->dsohandle = dlopen(lib, RTLD_LAZY);
-    if ((*e)->dsohandle == NULL) {
-	free(*e);
-	*e = NULL;
-	krb5_set_error_string(context, "Failed to load %s: %s", 
-			      lib, dlerror());
-	return ENOMEM;
-    }
-
-    /* dlsym doesn't care about the type */
-    (*e)->symbol = dlsym((*e)->dsohandle, name);
-    if ((*e)->symbol == NULL) {
-	dlclose((*e)->dsohandle);
-	free(*e);
-	krb5_clear_error_string(context);
-	return ENOMEM;
-    }
-
-    return 0;
-}
-#endif /* HAVE_DLOPEN */
-
-/**
- * Register a plugin symbol name of specific type.
- * @param context a Keberos context
- * @param type type of plugin symbol
- * @param name name of plugin symbol
- * @param symbol a pointer to the named symbol
- * @return In case of error a non zero error com_err error is returned
- * and the Kerberos error string is set.
- *
- * @ingroup krb5_support
- */
-
-krb5_error_code
-krb5_plugin_register(krb5_context context,
-		     enum krb5_plugin_type type,
-		     const char *name, 
-		     void *symbol)
-{
-    struct plugin *e;
-
-    e = calloc(1, sizeof(*e));
-    if (e == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    e->type = type;
-    e->name = strdup(name);
-    if (e->name == NULL) {
-	free(e);
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    e->symbol = symbol;
-
-    HEIMDAL_MUTEX_lock(&plugin_mutex);
-    e->next = registered;
-    registered = e;
-    HEIMDAL_MUTEX_unlock(&plugin_mutex);
-
-    return 0;
-}
-
-krb5_error_code
-_krb5_plugin_find(krb5_context context,
-		  enum krb5_plugin_type type,
-		  const char *name, 
-		  struct krb5_plugin **list)
-{
-    struct krb5_plugin *e;
-    struct plugin *p;
-    krb5_error_code ret;
-    char *sysdirs[2] = { NULL, NULL };
-    char **dirs = NULL, **di;
-    struct dirent *entry;
-    char *path;
-    DIR *d = NULL;
-
-    *list = NULL;
-
-    HEIMDAL_MUTEX_lock(&plugin_mutex);
-
-    for (p = registered; p != NULL; p = p->next) {
-	if (p->type != type || strcmp(p->name, name) != 0)
-	    continue;
-
-	e = calloc(1, sizeof(*e));
-	if (e == NULL) {
-	    HEIMDAL_MUTEX_unlock(&plugin_mutex);
-	    krb5_set_error_string(context, "out of memory");
-	    ret = ENOMEM;
-	    goto out;
-	}
-	e->symbol = p->symbol;
-	e->dsohandle = NULL;
-	e->next = *list;
-	*list = e;
-    }
-    HEIMDAL_MUTEX_unlock(&plugin_mutex);
-
-#ifdef HAVE_DLOPEN
-
-    dirs = krb5_config_get_strings(context, NULL, "libdefaults", 
-				   "plugin_dir", NULL);
-    if (dirs == NULL) {
-	sysdirs[0] = rk_UNCONST(plugin_dir);
-	dirs = sysdirs;
-    }
-
-    for (di = dirs; *di != NULL; di++) {
-
-	d = opendir(*di);
-	if (d == NULL)
-	    continue;
-
-	while ((entry = readdir(d)) != NULL) {
-	    asprintf(&path, "%s/%s", *di, entry->d_name);
-	    if (path == NULL) {
-		krb5_set_error_string(context, "out of memory");
-		ret = ENOMEM;
-		goto out;
-	    }
-	    ret = loadlib(context, type, name, path, &e);
-	    free(path);
-	    if (ret)
-		continue;
-	    
-	    e->next = *list;
-	    *list = e;
-	}
-	closedir(d);
-    }
-    if (dirs != sysdirs)
-	krb5_config_free_strings(dirs);
-#endif /* HAVE_DLOPEN */
-
-    if (*list == NULL) {
-	krb5_set_error_string(context, "Did not find a plugin for %s", name);
-	return ENOENT;
-    }
-
-    return 0;
-
-out:
-    if (dirs && dirs != sysdirs)
-	krb5_config_free_strings(dirs);
-    if (d)
-	closedir(d);
-    _krb5_plugin_free(*list);
-    *list = NULL;
-
-    return ret;
-}
-
-void
-_krb5_plugin_free(struct krb5_plugin *list)
-{
-    struct krb5_plugin *next;
-    while (list) {
-	next = list->next;
-	if (list->dsohandle)
-	    dlclose(list->dsohandle);
-	free(list);
-	list = next;
-    }
-}
diff --git a/crypto/heimdal/lib/krb5/principal.c b/crypto/heimdal/lib/krb5/principal.c
deleted file mode 100644
index 8d9c8805415a..000000000000
--- a/crypto/heimdal/lib/krb5/principal.c
+++ /dev/null
@@ -1,1254 +0,0 @@
-/*
- * Copyright (c) 1997-2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-#ifdef HAVE_RES_SEARCH
-#define USE_RESOLVER
-#endif
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#include <fnmatch.h>
-#include "resolve.h"
-
-RCSID("$Id: principal.c 21741 2007-07-31 16:00:37Z lha $");
-
-#define princ_num_comp(P) ((P)->name.name_string.len)
-#define princ_type(P) ((P)->name.name_type)
-#define princ_comp(P) ((P)->name.name_string.val)
-#define princ_ncomp(P, N) ((P)->name.name_string.val[(N)])
-#define princ_realm(P) ((P)->realm)
-
-void KRB5_LIB_FUNCTION
-krb5_free_principal(krb5_context context,
-		    krb5_principal p)
-{
-    if(p){
-	free_Principal(p);
-	free(p);
-    }
-}
-
-void KRB5_LIB_FUNCTION
-krb5_principal_set_type(krb5_context context,
-			krb5_principal principal,
-			int type)
-{
-    princ_type(principal) = type;
-}
-
-int KRB5_LIB_FUNCTION
-krb5_principal_get_type(krb5_context context,
-			krb5_const_principal principal)
-{
-    return princ_type(principal);
-}
-
-const char* KRB5_LIB_FUNCTION
-krb5_principal_get_realm(krb5_context context,
-			 krb5_const_principal principal)
-{
-    return princ_realm(principal);
-}			 
-
-const char* KRB5_LIB_FUNCTION
-krb5_principal_get_comp_string(krb5_context context,
-			       krb5_const_principal principal,
-			       unsigned int component)
-{
-    if(component >= princ_num_comp(principal))
-       return NULL;
-    return princ_ncomp(principal, component);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_parse_name_flags(krb5_context context,
-		      const char *name,
-		      int flags,
-		      krb5_principal *principal)
-{
-    krb5_error_code ret;
-    heim_general_string *comp;
-    heim_general_string realm = NULL;
-    int ncomp;
-
-    const char *p;
-    char *q;
-    char *s;
-    char *start;
-
-    int n;
-    char c;
-    int got_realm = 0;
-    int first_at = 1;
-    int enterprise = (flags & KRB5_PRINCIPAL_PARSE_ENTERPRISE);
-  
-    *principal = NULL;
-
-#define RFLAGS (KRB5_PRINCIPAL_PARSE_NO_REALM|KRB5_PRINCIPAL_PARSE_MUST_REALM)
-
-    if ((flags & RFLAGS) == RFLAGS) {
-	krb5_set_error_string(context, "Can't require both realm and "
-			      "no realm at the same time");
-	return KRB5_ERR_NO_SERVICE;
-    }
-#undef RFLAGS
-
-    /* count number of component,
-     * enterprise names only have one component
-     */
-    ncomp = 1;
-    if (!enterprise) {
-	for(p = name; *p; p++){
-	    if(*p=='\\'){
-		if(!p[1]) {
-		    krb5_set_error_string (context,
-					   "trailing \\ in principal name");
-		    return KRB5_PARSE_MALFORMED;
-		}
-		p++;
-	    } else if(*p == '/')
-		ncomp++;
-	    else if(*p == '@')
-		break;
-	}
-    }
-    comp = calloc(ncomp, sizeof(*comp));
-    if (comp == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-  
-    n = 0;
-    p = start = q = s = strdup(name);
-    if (start == NULL) {
-	free (comp);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    while(*p){
-	c = *p++;
-	if(c == '\\'){
-	    c = *p++;
-	    if(c == 'n')
-		c = '\n';
-	    else if(c == 't')
-		c = '\t';
-	    else if(c == 'b')
-		c = '\b';
-	    else if(c == '0')
-		c = '\0';
-	    else if(c == '\0') {
-		krb5_set_error_string (context,
-				       "trailing \\ in principal name");
-		ret = KRB5_PARSE_MALFORMED;
-		goto exit;
-	    }
-	}else if(enterprise && first_at) {
-	    if (c == '@')
-		first_at = 0;
-	}else if((c == '/' && !enterprise) || c == '@'){
-	    if(got_realm){
-		krb5_set_error_string (context,
-				       "part after realm in principal name");
-		ret = KRB5_PARSE_MALFORMED;
-		goto exit;
-	    }else{
-		comp[n] = malloc(q - start + 1);
-		if (comp[n] == NULL) {
-		    krb5_set_error_string (context, "malloc: out of memory");
-		    ret = ENOMEM;
-		    goto exit;
-		}
-		memcpy(comp[n], start, q - start);
-		comp[n][q - start] = 0;
-		n++;
-	    }
-	    if(c == '@')
-		got_realm = 1;
-	    start = q;
-	    continue;
-	}
-	if(got_realm && (c == ':' || c == '/' || c == '\0')) {
-	    krb5_set_error_string (context,
-				   "part after realm in principal name");
-	    ret = KRB5_PARSE_MALFORMED;
-	    goto exit;
-	}
-	*q++ = c;
-    }
-    if(got_realm){
-	if (flags & KRB5_PRINCIPAL_PARSE_NO_REALM) {
-	    krb5_set_error_string (context, "realm found in 'short' principal "
-				   "expected to be without one");
-	    ret = KRB5_PARSE_MALFORMED;
-	    goto exit;
-	}
-	realm = malloc(q - start + 1);
-	if (realm == NULL) {
-	    krb5_set_error_string (context, "malloc: out of memory");
-	    ret = ENOMEM;
-	    goto exit;
-	}
-	memcpy(realm, start, q - start);
-	realm[q - start] = 0;
-    }else{
-	if (flags & KRB5_PRINCIPAL_PARSE_MUST_REALM) {
-	    krb5_set_error_string (context, "realm NOT found in principal "
-				   "expected to be with one");
-	    ret = KRB5_PARSE_MALFORMED;
-	    goto exit;
-	} else if (flags & KRB5_PRINCIPAL_PARSE_NO_REALM) {
-	    realm = NULL;
-	} else {
-	    ret = krb5_get_default_realm (context, &realm);
-	    if (ret)
-		goto exit;
-	}
-
-	comp[n] = malloc(q - start + 1);
-	if (comp[n] == NULL) {
-	    krb5_set_error_string (context, "malloc: out of memory");
-	    ret = ENOMEM;
-	    goto exit;
-	}
-	memcpy(comp[n], start, q - start);
-	comp[n][q - start] = 0;
-	n++;
-    }
-    *principal = malloc(sizeof(**principal));
-    if (*principal == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	ret = ENOMEM;
-	goto exit;
-    }
-    if (enterprise)
-	(*principal)->name.name_type = KRB5_NT_ENTERPRISE_PRINCIPAL;
-    else
-	(*principal)->name.name_type = KRB5_NT_PRINCIPAL;
-    (*principal)->name.name_string.val = comp;
-    princ_num_comp(*principal) = n;
-    (*principal)->realm = realm;
-    free(s);
-    return 0;
-exit:
-    while(n>0){
-	free(comp[--n]);
-    }
-    free(comp);
-    free(realm);
-    free(s);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_parse_name(krb5_context context,
-		const char *name,
-		krb5_principal *principal)
-{
-    return krb5_parse_name_flags(context, name, 0, principal);
-}
-
-static const char quotable_chars[] = " \n\t\b\\/@";
-static const char replace_chars[] = " ntb\\/@";
-static const char nq_chars[] = "    \\/@";
-
-#define add_char(BASE, INDEX, LEN, C) do { if((INDEX) < (LEN)) (BASE)[(INDEX)++] = (C); }while(0);
-
-static size_t
-quote_string(const char *s, char *out, size_t idx, size_t len, int display)
-{
-    const char *p, *q;
-    for(p = s; *p && idx < len; p++){
-	q = strchr(quotable_chars, *p);
-	if (q && display) {
-	    add_char(out, idx, len, replace_chars[q - quotable_chars]);
-	} else if (q) {
-	    add_char(out, idx, len, '\\');
-	    add_char(out, idx, len, replace_chars[q - quotable_chars]);
-	}else
-	    add_char(out, idx, len, *p);
-    }
-    if(idx < len)
-	out[idx] = '\0';
-    return idx;
-}
-
-
-static krb5_error_code
-unparse_name_fixed(krb5_context context,
-		   krb5_const_principal principal,
-		   char *name,
-		   size_t len,
-		   int flags)
-{
-    size_t idx = 0;
-    int i;
-    int short_form = (flags & KRB5_PRINCIPAL_UNPARSE_SHORT) != 0;
-    int no_realm = (flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) != 0;
-    int display = (flags & KRB5_PRINCIPAL_UNPARSE_DISPLAY) != 0;
-
-    if (!no_realm && princ_realm(principal) == NULL) {
-	krb5_set_error_string(context, "Realm missing from principal, "
-			      "can't unparse");
-	return ERANGE;
-    }
-
-    for(i = 0; i < princ_num_comp(principal); i++){
-	if(i)
-	    add_char(name, idx, len, '/');
-	idx = quote_string(princ_ncomp(principal, i), name, idx, len, display);
-	if(idx == len) {
-	    krb5_set_error_string(context, "Out of space printing principal");
-	    return ERANGE;
-	}
-    } 
-    /* add realm if different from default realm */
-    if(short_form && !no_realm) {
-	krb5_realm r;
-	krb5_error_code ret;
-	ret = krb5_get_default_realm(context, &r);
-	if(ret)
-	    return ret;
-	if(strcmp(princ_realm(principal), r) != 0)
-	    short_form = 0;
-	free(r);
-    }
-    if(!short_form && !no_realm) {
-	add_char(name, idx, len, '@');
-	idx = quote_string(princ_realm(principal), name, idx, len, display);
-	if(idx == len) {
-	    krb5_set_error_string(context, 
-				  "Out of space printing realm of principal");
-	    return ERANGE;
-	}
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_unparse_name_fixed(krb5_context context,
-			krb5_const_principal principal,
-			char *name,
-			size_t len)
-{
-    return unparse_name_fixed(context, principal, name, len, 0);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_unparse_name_fixed_short(krb5_context context,
-			      krb5_const_principal principal,
-			      char *name,
-			      size_t len)
-{
-    return unparse_name_fixed(context, principal, name, len, 
-			      KRB5_PRINCIPAL_UNPARSE_SHORT);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_unparse_name_fixed_flags(krb5_context context,
-			      krb5_const_principal principal,
-			      int flags,
-			      char *name,
-			      size_t len)
-{
-    return unparse_name_fixed(context, principal, name, len, flags);
-}
-
-static krb5_error_code
-unparse_name(krb5_context context,
-	     krb5_const_principal principal,
-	     char **name,
-	     int flags)
-{
-    size_t len = 0, plen;
-    int i;
-    krb5_error_code ret;
-    /* count length */
-    if (princ_realm(principal)) {
-	plen = strlen(princ_realm(principal));
-
-	if(strcspn(princ_realm(principal), quotable_chars) == plen)
-	    len += plen;
-	else
-	    len += 2*plen;
-	len++; /* '@' */
-    }
-    for(i = 0; i < princ_num_comp(principal); i++){
-	plen = strlen(princ_ncomp(principal, i));
-	if(strcspn(princ_ncomp(principal, i), quotable_chars) == plen)
-	    len += plen;
-	else
-	    len += 2*plen;
-	len++;
-    }
-    len++; /* '\0' */
-    *name = malloc(len);
-    if(*name == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    ret = unparse_name_fixed(context, principal, *name, len, flags);
-    if(ret) {
-	free(*name);
-	*name = NULL;
-    }
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_unparse_name(krb5_context context,
-		  krb5_const_principal principal,
-		  char **name)
-{
-    return unparse_name(context, principal, name, 0);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_unparse_name_flags(krb5_context context,
-			krb5_const_principal principal,
-			int flags,
-			char **name)
-{
-    return unparse_name(context, principal, name, flags);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_unparse_name_short(krb5_context context,
-			krb5_const_principal principal,
-			char **name)
-{
-    return unparse_name(context, principal, name, KRB5_PRINCIPAL_UNPARSE_SHORT);
-}
-
-#if 0 /* not implemented */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_unparse_name_ext(krb5_context context,
-		      krb5_const_principal principal,
-		      char **name,
-		      size_t *size)
-{
-    krb5_abortx(context, "unimplemented krb5_unparse_name_ext called");
-}
-
-#endif
-
-krb5_realm * KRB5_LIB_FUNCTION
-krb5_princ_realm(krb5_context context,
-		 krb5_principal principal)
-{
-    return &princ_realm(principal);
-}
-
-
-void KRB5_LIB_FUNCTION
-krb5_princ_set_realm(krb5_context context,
-		     krb5_principal principal,
-		     krb5_realm *realm)
-{
-    princ_realm(principal) = *realm;
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_build_principal(krb5_context context,
-		     krb5_principal *principal,
-		     int rlen,
-		     krb5_const_realm realm,
-		     ...)
-{
-    krb5_error_code ret;
-    va_list ap;
-    va_start(ap, realm);
-    ret = krb5_build_principal_va(context, principal, rlen, realm, ap);
-    va_end(ap);
-    return ret;
-}
-
-static krb5_error_code
-append_component(krb5_context context, krb5_principal p, 
-		 const char *comp,
-		 size_t comp_len)
-{
-    heim_general_string *tmp;
-    size_t len = princ_num_comp(p);
-
-    tmp = realloc(princ_comp(p), (len + 1) * sizeof(*tmp));
-    if(tmp == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    princ_comp(p) = tmp;
-    princ_ncomp(p, len) = malloc(comp_len + 1);
-    if (princ_ncomp(p, len) == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    memcpy (princ_ncomp(p, len), comp, comp_len);
-    princ_ncomp(p, len)[comp_len] = '\0';
-    princ_num_comp(p)++;
-    return 0;
-}
-
-static void
-va_ext_princ(krb5_context context, krb5_principal p, va_list ap)
-{
-    while(1){
-	const char *s;
-	int len;
-	len = va_arg(ap, int);
-	if(len == 0)
-	    break;
-	s = va_arg(ap, const char*);
-	append_component(context, p, s, len);
-    }
-}
-
-static void
-va_princ(krb5_context context, krb5_principal p, va_list ap)
-{
-    while(1){
-	const char *s;
-	s = va_arg(ap, const char*);
-	if(s == NULL)
-	    break;
-	append_component(context, p, s, strlen(s));
-    }
-}
-
-
-static krb5_error_code
-build_principal(krb5_context context,
-		krb5_principal *principal,
-		int rlen,
-		krb5_const_realm realm,
-		void (*func)(krb5_context, krb5_principal, va_list),
-		va_list ap)
-{
-    krb5_principal p;
-  
-    p = calloc(1, sizeof(*p));
-    if (p == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    princ_type(p) = KRB5_NT_PRINCIPAL;
-
-    princ_realm(p) = strdup(realm);
-    if(p->realm == NULL){
-	free(p);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-  
-    (*func)(context, p, ap);
-    *principal = p;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_make_principal(krb5_context context,
-		    krb5_principal *principal,
-		    krb5_const_realm realm,
-		    ...)
-{
-    krb5_error_code ret;
-    krb5_realm r = NULL;
-    va_list ap;
-    if(realm == NULL) {
-	ret = krb5_get_default_realm(context, &r);
-	if(ret)
-	    return ret;
-	realm = r;
-    }
-    va_start(ap, realm);
-    ret = krb5_build_principal_va(context, principal, strlen(realm), realm, ap);
-    va_end(ap);
-    if(r)
-	free(r);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_build_principal_va(krb5_context context, 
-			krb5_principal *principal, 
-			int rlen,
-			krb5_const_realm realm,
-			va_list ap)
-{
-    return build_principal(context, principal, rlen, realm, va_princ, ap);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_build_principal_va_ext(krb5_context context, 
-			    krb5_principal *principal, 
-			    int rlen,
-			    krb5_const_realm realm,
-			    va_list ap)
-{
-    return build_principal(context, principal, rlen, realm, va_ext_princ, ap);
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_build_principal_ext(krb5_context context,
-			 krb5_principal *principal,
-			 int rlen,
-			 krb5_const_realm realm,
-			 ...)
-{
-    krb5_error_code ret;
-    va_list ap;
-    va_start(ap, realm);
-    ret = krb5_build_principal_va_ext(context, principal, rlen, realm, ap);
-    va_end(ap);
-    return ret;
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_principal(krb5_context context,
-		    krb5_const_principal inprinc,
-		    krb5_principal *outprinc)
-{
-    krb5_principal p = malloc(sizeof(*p));
-    if (p == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    if(copy_Principal(inprinc, p)) {
-	free(p);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    *outprinc = p;
-    return 0;
-}
-
-/*
- * return TRUE iff princ1 == princ2 (without considering the realm)
- */
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_principal_compare_any_realm(krb5_context context,
-				 krb5_const_principal princ1,
-				 krb5_const_principal princ2)
-{
-    int i;
-    if(princ_num_comp(princ1) != princ_num_comp(princ2))
-	return FALSE;
-    for(i = 0; i < princ_num_comp(princ1); i++){
-	if(strcmp(princ_ncomp(princ1, i), princ_ncomp(princ2, i)) != 0)
-	    return FALSE;
-    }
-    return TRUE;
-}
-
-/*
- * return TRUE iff princ1 == princ2
- */
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_principal_compare(krb5_context context,
-		       krb5_const_principal princ1,
-		       krb5_const_principal princ2)
-{
-    if(!krb5_realm_compare(context, princ1, princ2))
-	return FALSE;
-    return krb5_principal_compare_any_realm(context, princ1, princ2);
-}
-
-/*
- * return TRUE iff realm(princ1) == realm(princ2)
- */
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_realm_compare(krb5_context context,
-		   krb5_const_principal princ1,
-		   krb5_const_principal princ2)
-{
-    return strcmp(princ_realm(princ1), princ_realm(princ2)) == 0;
-}
-
-/*
- * return TRUE iff princ matches pattern
- */
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_principal_match(krb5_context context,
-		     krb5_const_principal princ,
-		     krb5_const_principal pattern)
-{
-    int i;
-    if(princ_num_comp(princ) != princ_num_comp(pattern))
-	return FALSE;
-    if(fnmatch(princ_realm(pattern), princ_realm(princ), 0) != 0)
-	return FALSE;
-    for(i = 0; i < princ_num_comp(princ); i++){
-	if(fnmatch(princ_ncomp(pattern, i), princ_ncomp(princ, i), 0) != 0)
-	    return FALSE;
-    }
-    return TRUE;
-}
-
-
-static struct v4_name_convert {
-    const char *from;
-    const char *to; 
-} default_v4_name_convert[] = {
-    { "ftp",	"ftp" },
-    { "hprop",	"hprop" },
-    { "pop",	"pop" },
-    { "imap",	"imap" },
-    { "rcmd",	"host" },
-    { "smtp",	"smtp" },
-    { NULL, NULL }
-};
-
-/*
- * return the converted instance name of `name' in `realm'.
- * look in the configuration file and then in the default set above.
- * return NULL if no conversion is appropriate.
- */
-
-static const char*
-get_name_conversion(krb5_context context, const char *realm, const char *name)
-{
-    struct v4_name_convert *q;
-    const char *p;
-
-    p = krb5_config_get_string(context, NULL, "realms", realm,
-			       "v4_name_convert", "host", name, NULL);
-    if(p == NULL)
-	p = krb5_config_get_string(context, NULL, "libdefaults", 
-				   "v4_name_convert", "host", name, NULL);
-    if(p)
-	return p;
-
-    /* XXX should be possible to override default list */
-    p = krb5_config_get_string(context, NULL,
-			       "realms",
-			       realm,
-			       "v4_name_convert",
-			       "plain",
-			       name,
-			       NULL);
-    if(p)
-	return NULL;
-    p = krb5_config_get_string(context, NULL,
-			       "libdefaults",
-			       "v4_name_convert",
-			       "plain",
-			       name,
-			       NULL);
-    if(p)
-	return NULL;
-    for(q = default_v4_name_convert; q->from; q++)
-	if(strcmp(q->from, name) == 0)
-	    return q->to;
-    return NULL;
-}
-
-/*
- * convert the v4 principal `name.instance@realm' to a v5 principal in `princ'.
- * if `resolve', use DNS.
- * if `func', use that function for validating the conversion
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_425_conv_principal_ext2(krb5_context context,
-			     const char *name,
-			     const char *instance,
-			     const char *realm,
-			     krb5_boolean (*func)(krb5_context, 
-						  void *, krb5_principal),
-			     void *funcctx,
-			     krb5_boolean resolve,
-			     krb5_principal *princ)
-{
-    const char *p;
-    krb5_error_code ret;
-    krb5_principal pr;
-    char host[MAXHOSTNAMELEN];
-    char local_hostname[MAXHOSTNAMELEN];
-
-    /* do the following: if the name is found in the
-       `v4_name_convert:host' part, is assumed to be a `host' type
-       principal, and the instance is looked up in the
-       `v4_instance_convert' part. if not found there the name is
-       (optionally) looked up as a hostname, and if that doesn't yield
-       anything, the `default_domain' is appended to the instance
-       */
-
-    if(instance == NULL)
-	goto no_host;
-    if(instance[0] == 0){
-	instance = NULL;
-	goto no_host;
-    }
-    p = get_name_conversion(context, realm, name);
-    if(p == NULL)
-	goto no_host;
-    name = p;
-    p = krb5_config_get_string(context, NULL, "realms", realm, 
-			       "v4_instance_convert", instance, NULL);
-    if(p){
-	instance = p;
-	ret = krb5_make_principal(context, &pr, realm, name, instance, NULL);
-	if(func == NULL || (*func)(context, funcctx, pr)){
-	    *princ = pr;
-	    return 0;
-	}
-	krb5_free_principal(context, pr);
-	*princ = NULL;
-	krb5_clear_error_string (context);
-	return HEIM_ERR_V4_PRINC_NO_CONV;
-    }
-    if(resolve){
-	krb5_boolean passed = FALSE;
-	char *inst = NULL;
-#ifdef USE_RESOLVER
-	struct dns_reply *r;
-
-	r = dns_lookup(instance, "aaaa");
-	if (r) {
-	    if (r->head && r->head->type == T_AAAA) {
-		inst = strdup(r->head->domain);
-		passed = TRUE;
-	    }
-	    dns_free_data(r);
-	} else {
-	    r = dns_lookup(instance, "a");
-	    if (r) {
-		if(r->head && r->head->type == T_A) {
-		    inst = strdup(r->head->domain);
-		    passed = TRUE;
-		}
-		dns_free_data(r);
-	    }
-	}
-#else
-	struct addrinfo hints, *ai;
-	
-	memset (&hints, 0, sizeof(hints));
-	hints.ai_flags = AI_CANONNAME;
-	ret = getaddrinfo(instance, NULL, &hints, &ai);
-	if (ret == 0) {
-	    const struct addrinfo *a;
-	    for (a = ai; a != NULL; a = a->ai_next) {
-		if (a->ai_canonname != NULL) {
-		    inst = strdup (a->ai_canonname);
-		    passed = TRUE;
-		    break;
-		}
-	    }
-	    freeaddrinfo (ai);
-	}
-#endif
-	if (passed) {
-	    if (inst == NULL) {
-		krb5_set_error_string (context, "malloc: out of memory");
-		return ENOMEM;
-	    }
-	    strlwr(inst);
-	    ret = krb5_make_principal(context, &pr, realm, name, inst,
-				      NULL);
-	    free (inst);
-	    if(ret == 0) {
-		if(func == NULL || (*func)(context, funcctx, pr)){
-		    *princ = pr;
-		    return 0;
-		}
-		krb5_free_principal(context, pr);
-	    }
-	}
-    }
-    if(func != NULL) {
-	snprintf(host, sizeof(host), "%s.%s", instance, realm);
-	strlwr(host);
-	ret = krb5_make_principal(context, &pr, realm, name, host, NULL);
-	if((*func)(context, funcctx, pr)){
-	    *princ = pr;
-	    return 0;
-	}
-	krb5_free_principal(context, pr);
-    }
-
-    /*
-     * if the instance is the first component of the local hostname,
-     * the converted host should be the long hostname.
-     */
-
-    if (func == NULL && 
-        gethostname (local_hostname, sizeof(local_hostname)) == 0 &&
-        strncmp(instance, local_hostname, strlen(instance)) == 0 && 
-	local_hostname[strlen(instance)] == '.') {
-	strlcpy(host, local_hostname, sizeof(host));
-	goto local_host;
-    }
-
-    {
-	char **domains, **d;
-	domains = krb5_config_get_strings(context, NULL, "realms", realm,
-					  "v4_domains", NULL);
-	for(d = domains; d && *d; d++){
-	    snprintf(host, sizeof(host), "%s.%s", instance, *d);
-	    ret = krb5_make_principal(context, &pr, realm, name, host, NULL);
-	    if(func == NULL || (*func)(context, funcctx, pr)){
-		*princ = pr;
-		krb5_config_free_strings(domains);
-		return 0;
-	    }
-	    krb5_free_principal(context, pr);
-	}
-	krb5_config_free_strings(domains);
-    }
-
-    
-    p = krb5_config_get_string(context, NULL, "realms", realm, 
-			       "default_domain", NULL);
-    if(p == NULL){
-	/* this should be an error, just faking a name is not good */
-	krb5_clear_error_string (context);
-	return HEIM_ERR_V4_PRINC_NO_CONV;
-    }
-	
-    if (*p == '.')
-	++p;
-    snprintf(host, sizeof(host), "%s.%s", instance, p);
-local_host:
-    ret = krb5_make_principal(context, &pr, realm, name, host, NULL);
-    if(func == NULL || (*func)(context, funcctx, pr)){
-	*princ = pr;
-	return 0;
-    }
-    krb5_free_principal(context, pr);
-    krb5_clear_error_string (context);
-    return HEIM_ERR_V4_PRINC_NO_CONV;
-no_host:
-    p = krb5_config_get_string(context, NULL,
-			       "realms",
-			       realm,
-			       "v4_name_convert",
-			       "plain",
-			       name,
-			       NULL);
-    if(p == NULL)
-	p = krb5_config_get_string(context, NULL,
-				   "libdefaults",
-				   "v4_name_convert",
-				   "plain",
-				   name,
-				   NULL);
-    if(p)
-	name = p;
-    
-    ret = krb5_make_principal(context, &pr, realm, name, instance, NULL);
-    if(func == NULL || (*func)(context, funcctx, pr)){
-	*princ = pr;
-	return 0;
-    }
-    krb5_free_principal(context, pr);
-    krb5_clear_error_string (context);
-    return HEIM_ERR_V4_PRINC_NO_CONV;
-}
-
-static krb5_boolean
-convert_func(krb5_context conxtext, void *funcctx, krb5_principal principal)
-{
-    krb5_boolean (*func)(krb5_context, krb5_principal) = funcctx;
-    return (*func)(conxtext, principal);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_425_conv_principal_ext(krb5_context context,
-			    const char *name,
-			    const char *instance,
-			    const char *realm,
-			    krb5_boolean (*func)(krb5_context, krb5_principal),
-			    krb5_boolean resolve,
-			    krb5_principal *principal)
-{
-    return krb5_425_conv_principal_ext2(context,
-					name,
-					instance,
-					realm,
-					func ? convert_func : NULL,
-					func,
-					resolve,
-					principal);
-}
-
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_425_conv_principal(krb5_context context,
-			const char *name,
-			const char *instance,
-			const char *realm,
-			krb5_principal *princ)
-{
-    krb5_boolean resolve = krb5_config_get_bool(context,
-						NULL,
-						"libdefaults", 
-						"v4_instance_resolve", 
-						NULL);
-
-    return krb5_425_conv_principal_ext(context, name, instance, realm, 
-				       NULL, resolve, princ);
-}
-
-
-static int
-check_list(const krb5_config_binding *l, const char *name, const char **out)
-{
-    while(l){
-	if (l->type != krb5_config_string)
-	    continue;
-	if(strcmp(name, l->u.string) == 0) {
-	    *out = l->name;
-	    return 1;
-	}
-	l = l->next;
-    }
-    return 0;
-}
-
-static int
-name_convert(krb5_context context, const char *name, const char *realm, 
-	     const char **out)
-{
-    const krb5_config_binding *l;
-    l = krb5_config_get_list (context,
-			      NULL,
-			      "realms",
-			      realm,
-			      "v4_name_convert",
-			      "host",
-			      NULL);
-    if(l && check_list(l, name, out))
-	return KRB5_NT_SRV_HST;
-    l = krb5_config_get_list (context,
-			      NULL,
-			      "libdefaults",
-			      "v4_name_convert",
-			      "host",
-			      NULL);
-    if(l && check_list(l, name, out))
-	return KRB5_NT_SRV_HST;
-    l = krb5_config_get_list (context,
-			      NULL,
-			      "realms",
-			      realm,
-			      "v4_name_convert",
-			      "plain",
-			      NULL);
-    if(l && check_list(l, name, out))
-	return KRB5_NT_UNKNOWN;
-    l = krb5_config_get_list (context,
-			      NULL,
-			      "libdefaults",
-			      "v4_name_convert",
-			      "host",
-			      NULL);
-    if(l && check_list(l, name, out))
-	return KRB5_NT_UNKNOWN;
-    
-    /* didn't find it in config file, try built-in list */
-    {
-	struct v4_name_convert *q;
-	for(q = default_v4_name_convert; q->from; q++) {
-	    if(strcmp(name, q->to) == 0) {
-		*out = q->from;
-		return KRB5_NT_SRV_HST;
-	    }
-	}
-    }
-    return -1;
-}
-
-/*
- * convert the v5 principal in `principal' into a v4 corresponding one
- * in `name, instance, realm'
- * this is limited interface since there's no length given for these
- * three parameters.  They have to be 40 bytes each (ANAME_SZ).
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_524_conv_principal(krb5_context context,
-			const krb5_principal principal,
-			char *name, 
-			char *instance,
-			char *realm)
-{
-    const char *n, *i, *r;
-    char tmpinst[40];
-    int type = princ_type(principal);
-    const int aname_sz = 40;
-
-    r = principal->realm;
-
-    switch(principal->name.name_string.len){
-    case 1:
-	n = principal->name.name_string.val[0];
-	i = "";
-	break;
-    case 2:
-	n = principal->name.name_string.val[0];
-	i = principal->name.name_string.val[1];
-	break;
-    default:
-	krb5_set_error_string (context,
-			       "cannot convert a %d component principal",
-			       principal->name.name_string.len);
-	return KRB5_PARSE_MALFORMED;
-    }
-
-    {
-	const char *tmp;
-	int t = name_convert(context, n, r, &tmp);
-	if(t >= 0) {
-	    type = t;
-	    n = tmp;
-	}
-    }
-
-    if(type == KRB5_NT_SRV_HST){
-	char *p;
-
-	strlcpy (tmpinst, i, sizeof(tmpinst));
-	p = strchr(tmpinst, '.');
-	if(p)
-	    *p = 0;
-	i = tmpinst;
-    }
-    
-    if (strlcpy (name, n, aname_sz) >= aname_sz) {
-	krb5_set_error_string (context,
-			       "too long name component to convert");
-	return KRB5_PARSE_MALFORMED;
-    }
-    if (strlcpy (instance, i, aname_sz) >= aname_sz) {
-	krb5_set_error_string (context,
-			       "too long instance component to convert");
-	return KRB5_PARSE_MALFORMED;
-    }
-    if (strlcpy (realm, r, aname_sz) >= aname_sz) {
-	krb5_set_error_string (context,
-			       "too long realm component to convert");
-	return KRB5_PARSE_MALFORMED;
-    }
-    return 0;
-}
-
-/*
- * Create a principal in `ret_princ' for the service `sname' running
- * on host `hostname'.  */
-			
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_sname_to_principal (krb5_context context,
-			 const char *hostname,
-			 const char *sname,
-			 int32_t type,
-			 krb5_principal *ret_princ)
-{
-    krb5_error_code ret;
-    char localhost[MAXHOSTNAMELEN];
-    char **realms, *host = NULL;
-	
-    if(type != KRB5_NT_SRV_HST && type != KRB5_NT_UNKNOWN) {
-	krb5_set_error_string (context, "unsupported name type %d",
-			       type);
-	return KRB5_SNAME_UNSUPP_NAMETYPE;
-    }
-    if(hostname == NULL) {
-	gethostname(localhost, sizeof(localhost));
-	hostname = localhost;
-    }
-    if(sname == NULL)
-	sname = "host";
-    if(type == KRB5_NT_SRV_HST) {
-	ret = krb5_expand_hostname_realms (context, hostname,
-					   &host, &realms);
-	if (ret)
-	    return ret;
-	strlwr(host);
-	hostname = host;
-    } else {
-	ret = krb5_get_host_realm(context, hostname, &realms);
-	if(ret)
-	    return ret;
-    }
-
-    ret = krb5_make_principal(context, ret_princ, realms[0], sname,
-			      hostname, NULL);
-    if(host)
-	free(host);
-    krb5_free_host_realm(context, realms);
-    return ret;
-}
-
-static const struct {
-    const char *type;
-    int32_t value;
-} nametypes[] = {
-    { "UNKNOWN", KRB5_NT_UNKNOWN },
-    { "PRINCIPAL", KRB5_NT_PRINCIPAL },
-    { "SRV_INST", KRB5_NT_SRV_INST },
-    { "SRV_HST", KRB5_NT_SRV_HST },
-    { "SRV_XHST", KRB5_NT_SRV_XHST },
-    { "UID", KRB5_NT_UID },
-    { "X500_PRINCIPAL", KRB5_NT_X500_PRINCIPAL },
-    { "SMTP_NAME", KRB5_NT_SMTP_NAME },
-    { "ENTERPRISE_PRINCIPAL", KRB5_NT_ENTERPRISE_PRINCIPAL },
-    { "ENT_PRINCIPAL_AND_ID", KRB5_NT_ENT_PRINCIPAL_AND_ID },
-    { "MS_PRINCIPAL", KRB5_NT_MS_PRINCIPAL },
-    { "MS_PRINCIPAL_AND_ID", KRB5_NT_MS_PRINCIPAL_AND_ID },
-    { NULL }
-};
-
-krb5_error_code
-krb5_parse_nametype(krb5_context context, const char *str, int32_t *nametype)
-{
-    size_t i;
-    
-    for(i = 0; nametypes[i].type; i++) {
-	if (strcasecmp(nametypes[i].type, str) == 0) {
-	    *nametype = nametypes[i].value;
-	    return 0;
-	}
-    }
-    krb5_set_error_string(context, "Failed to find name type %s", str);
-    return KRB5_PARSE_MALFORMED;
-}
diff --git a/crypto/heimdal/lib/krb5/prog_setup.c b/crypto/heimdal/lib/krb5/prog_setup.c
deleted file mode 100644
index 0586155ac461..000000000000
--- a/crypto/heimdal/lib/krb5/prog_setup.c
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-#include <getarg.h>
-#include <err.h>
-
-RCSID("$Id: prog_setup.c 15470 2005-06-17 04:29:41Z lha $");
-
-void KRB5_LIB_FUNCTION
-krb5_std_usage(int code, struct getargs *args, int num_args)
-{
-    arg_printusage(args, num_args, NULL, "");
-    exit(code);
-}
-
-int KRB5_LIB_FUNCTION
-krb5_program_setup(krb5_context *context, int argc, char **argv,
-		   struct getargs *args, int num_args, 
-		   void (*usage)(int, struct getargs*, int))
-{
-    krb5_error_code ret;
-    int optidx = 0;
-
-    if(usage == NULL)
-	usage = krb5_std_usage;
-
-    setprogname(argv[0]);
-    ret = krb5_init_context(context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-    
-    if(getarg(args, num_args, argc, argv, &optidx))
-	(*usage)(1, args, num_args);
-    return optidx;
-}
diff --git a/crypto/heimdal/lib/krb5/prompter_posix.c b/crypto/heimdal/lib/krb5/prompter_posix.c
deleted file mode 100644
index e0f407fb247e..000000000000
--- a/crypto/heimdal/lib/krb5/prompter_posix.c
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: prompter_posix.c 13863 2004-05-25 21:46:46Z lha $");
-
-int KRB5_LIB_FUNCTION
-krb5_prompter_posix (krb5_context context,
-		     void *data,
-		     const char *name,
-		     const char *banner,
-		     int num_prompts,
-		     krb5_prompt prompts[])
-{
-    int i;
-
-    if (name)
-	fprintf (stderr, "%s\n", name);
-    if (banner)
-	fprintf (stderr, "%s\n", banner);
-    if (name || banner)
-	fflush(stderr);
-    for (i = 0; i < num_prompts; ++i) {
-	if (prompts[i].hidden) {
-	    if(UI_UTIL_read_pw_string(prompts[i].reply->data,
-				  prompts[i].reply->length,
-				  prompts[i].prompt,
-				  0))
-	       return 1;
-	} else {
-	    char *s = prompts[i].reply->data;
-
-	    fputs (prompts[i].prompt, stdout);
-	    fflush (stdout);
-	    if(fgets(prompts[i].reply->data,
-		     prompts[i].reply->length,
-		     stdin) == NULL)
-		return 1;
-	    s[strcspn(s, "\n")] = '\0';
-	}
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/rd_cred.c b/crypto/heimdal/lib/krb5/rd_cred.c
deleted file mode 100644
index c3f732201f3d..000000000000
--- a/crypto/heimdal/lib/krb5/rd_cred.c
+++ /dev/null
@@ -1,340 +0,0 @@
-/*
- * Copyright (c) 1997 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: rd_cred.c 20304 2007-04-11 11:15:05Z lha $");
-
-static krb5_error_code
-compare_addrs(krb5_context context,
-	      krb5_address *a,
-	      krb5_address *b,
-	      const char *message)
-{
-    char a_str[64], b_str[64];
-    size_t len;
-
-    if(krb5_address_compare (context, a, b))
-	return 0;
-
-    krb5_print_address (a, a_str, sizeof(a_str), &len);
-    krb5_print_address (b, b_str, sizeof(b_str), &len);
-    krb5_set_error_string(context, "%s: %s != %s", message, b_str, a_str);
-    return KRB5KRB_AP_ERR_BADADDR;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_cred(krb5_context context,
-	     krb5_auth_context auth_context,
-	     krb5_data *in_data,
-	     krb5_creds ***ret_creds,
-	     krb5_replay_data *outdata)
-{
-    krb5_error_code ret;
-    size_t len;
-    KRB_CRED cred;
-    EncKrbCredPart enc_krb_cred_part;
-    krb5_data enc_krb_cred_part_data;
-    krb5_crypto crypto;
-    int i;
-
-    memset(&enc_krb_cred_part, 0, sizeof(enc_krb_cred_part));
-
-    if ((auth_context->flags & 
-	 (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
-	outdata == NULL)
-	return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */
-
-    *ret_creds = NULL;
-
-    ret = decode_KRB_CRED(in_data->data, in_data->length, 
-			  &cred, &len);
-    if(ret) {
-	krb5_clear_error_string(context);
-	return ret;
-    }
-
-    if (cred.pvno != 5) {
-	ret = KRB5KRB_AP_ERR_BADVERSION;
-	krb5_clear_error_string (context);
-	goto out;
-    }
-
-    if (cred.msg_type != krb_cred) {
-	ret = KRB5KRB_AP_ERR_MSG_TYPE;
-	krb5_clear_error_string (context);
-	goto out;
-    }
-
-    if (cred.enc_part.etype == ETYPE_NULL) {  
-	/* DK: MIT GSS-API Compatibility */
-	enc_krb_cred_part_data.length = cred.enc_part.cipher.length;
-	enc_krb_cred_part_data.data   = cred.enc_part.cipher.data;
-    } else {
-	/* Try both subkey and session key.
-	 * 
-	 * RFC4120 claims we should use the session key, but Heimdal
-	 * before 0.8 used the remote subkey if it was send in the
-	 * auth_context.
-	 */
-
-	if (auth_context->remote_subkey) {
-	    ret = krb5_crypto_init(context, auth_context->remote_subkey,
-				   0, &crypto);
-	    if (ret)
-		goto out;
-
-	    ret = krb5_decrypt_EncryptedData(context,
-					     crypto,
-					     KRB5_KU_KRB_CRED,
-					     &cred.enc_part,
-					     &enc_krb_cred_part_data);
-	    
-	    krb5_crypto_destroy(context, crypto);
-	}
-
-	/* 
-	 * If there was not subkey, or we failed using subkey, 
-	 * retry using the session key
-	 */
-	if (auth_context->remote_subkey == NULL || ret == KRB5KRB_AP_ERR_BAD_INTEGRITY)
-	{
-
-	    ret = krb5_crypto_init(context, auth_context->keyblock,
-				   0, &crypto);
-
-	    if (ret)
-		goto out;
-	    
-	    ret = krb5_decrypt_EncryptedData(context,
-					     crypto,
-					     KRB5_KU_KRB_CRED,
-					     &cred.enc_part,
-					     &enc_krb_cred_part_data);
-	    
-	    krb5_crypto_destroy(context, crypto);
-	}
-	if (ret)
-	    goto out;
-    }
-
-    ret = krb5_decode_EncKrbCredPart (context,
-				      enc_krb_cred_part_data.data,
-				      enc_krb_cred_part_data.length,
-				      &enc_krb_cred_part,
-				      &len);
-    if (enc_krb_cred_part_data.data != cred.enc_part.cipher.data)
-	krb5_data_free(&enc_krb_cred_part_data);
-    if (ret)
-	goto out;
-
-    /* check sender address */
-
-    if (enc_krb_cred_part.s_address
-	&& auth_context->remote_address
-	&& auth_context->remote_port) {
-	krb5_address *a;
-
-	ret = krb5_make_addrport (context, &a,
-				  auth_context->remote_address,
-				  auth_context->remote_port);
-	if (ret)
-	    goto out;
-
-
-	ret = compare_addrs(context, a, enc_krb_cred_part.s_address, 
-			    "sender address is wrong in received creds");
-	krb5_free_address(context, a);
-	free(a);
-	if(ret)
-	    goto out;
-    }
-
-    /* check receiver address */
-
-    if (enc_krb_cred_part.r_address
-	&& auth_context->local_address) {
-	if(auth_context->local_port &&
-	   enc_krb_cred_part.r_address->addr_type == KRB5_ADDRESS_ADDRPORT) {
-	    krb5_address *a;
-	    ret = krb5_make_addrport (context, &a,
-				      auth_context->local_address,
-				      auth_context->local_port);
-	    if (ret)
-		goto out;
-	    
-	    ret = compare_addrs(context, a, enc_krb_cred_part.r_address, 
-				"receiver address is wrong in received creds");
-	    krb5_free_address(context, a);
-	    free(a);
-	    if(ret)
-		goto out;
-	} else {
-	    ret = compare_addrs(context, auth_context->local_address,
-				enc_krb_cred_part.r_address,
-				"receiver address is wrong in received creds");
-	    if(ret)
-		goto out;
-	}
-    }
-
-    /* check timestamp */
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
-	krb5_timestamp sec;
-
-	krb5_timeofday (context, &sec);
-
-	if (enc_krb_cred_part.timestamp == NULL ||
-	    enc_krb_cred_part.usec      == NULL ||
-	    abs(*enc_krb_cred_part.timestamp - sec)
-	    > context->max_skew) {
-	    krb5_clear_error_string (context);
-	    ret = KRB5KRB_AP_ERR_SKEW;
-	    goto out;
-	}
-    }
-
-    if ((auth_context->flags & 
-	 (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) {
-	/* if these fields are not present in the cred-part, silently
-           return zero */
-	memset(outdata, 0, sizeof(*outdata));
-	if(enc_krb_cred_part.timestamp)
-	    outdata->timestamp = *enc_krb_cred_part.timestamp;
-	if(enc_krb_cred_part.usec)
-	    outdata->usec = *enc_krb_cred_part.usec;
-	if(enc_krb_cred_part.nonce)
-	    outdata->seq = *enc_krb_cred_part.nonce;
-    }
-    
-    /* Convert to NULL terminated list of creds */
-
-    *ret_creds = calloc(enc_krb_cred_part.ticket_info.len + 1, 
-			sizeof(**ret_creds));
-
-    if (*ret_creds == NULL) {
-	ret = ENOMEM;
-	krb5_set_error_string (context, "malloc: out of memory");
-	goto out;
-    }
-
-    for (i = 0; i < enc_krb_cred_part.ticket_info.len; ++i) {
-	KrbCredInfo *kci = &enc_krb_cred_part.ticket_info.val[i];
-	krb5_creds *creds;
-
-	creds = calloc(1, sizeof(*creds));
-	if(creds == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string (context, "malloc: out of memory");
-	    goto out;
-	}
-
-	ASN1_MALLOC_ENCODE(Ticket, creds->ticket.data, creds->ticket.length, 
-			   &cred.tickets.val[i], &len, ret);
-	if (ret) {
-	    free(creds);
-	    goto out;
-	}
-	if(creds->ticket.length != len)
-	    krb5_abortx(context, "internal error in ASN.1 encoder");
-	copy_EncryptionKey (&kci->key, &creds->session);
-	if (kci->prealm && kci->pname)
-	    _krb5_principalname2krb5_principal (context,
-						&creds->client,
-						*kci->pname,
-						*kci->prealm);
-	if (kci->flags)
-	    creds->flags.b = *kci->flags;
-	if (kci->authtime)
-	    creds->times.authtime = *kci->authtime;
-	if (kci->starttime)
-	    creds->times.starttime = *kci->starttime;
-	if (kci->endtime)
-	    creds->times.endtime = *kci->endtime;
-	if (kci->renew_till)
-	    creds->times.renew_till = *kci->renew_till;
-	if (kci->srealm && kci->sname)
-	    _krb5_principalname2krb5_principal (context,
-						&creds->server,
-						*kci->sname,
-						*kci->srealm);
-	if (kci->caddr)
-	    krb5_copy_addresses (context,
-				 kci->caddr,
-				 &creds->addresses);
-	
-	(*ret_creds)[i] = creds;
-	
-    }
-    (*ret_creds)[i] = NULL;
-
-    free_KRB_CRED (&cred);
-    free_EncKrbCredPart(&enc_krb_cred_part);
-
-    return 0;
-
-  out:
-    free_EncKrbCredPart(&enc_krb_cred_part);
-    free_KRB_CRED (&cred);
-    if(*ret_creds) {
-	for(i = 0; (*ret_creds)[i]; i++)
-	    krb5_free_creds(context, (*ret_creds)[i]);
-	free(*ret_creds);
-	*ret_creds = NULL;
-    }
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_cred2 (krb5_context      context,
-	       krb5_auth_context auth_context,
-	       krb5_ccache       ccache,
-	       krb5_data         *in_data)
-{
-    krb5_error_code ret;
-    krb5_creds **creds;
-    int i;
-
-    ret = krb5_rd_cred(context, auth_context, in_data, &creds, NULL);
-    if(ret)
-	return ret;
-
-    /* Store the creds in the ccache */
-
-    for(i = 0; creds && creds[i]; i++) {
-	krb5_cc_store_cred(context, ccache, creds[i]);
-	krb5_free_creds(context, creds[i]);
-    }
-    free(creds);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/rd_error.c b/crypto/heimdal/lib/krb5/rd_error.c
deleted file mode 100644
index e7646467afdb..000000000000
--- a/crypto/heimdal/lib/krb5/rd_error.c
+++ /dev/null
@@ -1,123 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: rd_error.c 21057 2007-06-12 17:22:31Z lha $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_error(krb5_context context,
-	      const krb5_data *msg,
-	      KRB_ERROR *result)
-{
-    
-    size_t len;
-    krb5_error_code ret;
-
-    ret = decode_KRB_ERROR(msg->data, msg->length, result, &len);
-    if(ret) {
-	krb5_clear_error_string(context);
-	return ret;
-    }
-    result->error_code += KRB5KDC_ERR_NONE;
-    return 0;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_free_error_contents (krb5_context context,
-			  krb5_error *error)
-{
-    free_KRB_ERROR(error);
-    memset(error, 0, sizeof(*error));
-}
-
-void KRB5_LIB_FUNCTION
-krb5_free_error (krb5_context context,
-		 krb5_error *error)
-{
-    krb5_free_error_contents (context, error);
-    free (error);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_error_from_rd_error(krb5_context context,
-			 const krb5_error *error,
-			 const krb5_creds *creds)
-{
-    krb5_error_code ret;
-
-    ret = error->error_code;
-    if (error->e_text != NULL) {
-	krb5_set_error_string(context, "%s", *error->e_text);
-    } else {
-	char clientname[256], servername[256];
-
-	if (creds != NULL) {
-	    krb5_unparse_name_fixed(context, creds->client,
-				    clientname, sizeof(clientname));
-	    krb5_unparse_name_fixed(context, creds->server,
-				    servername, sizeof(servername));
-	}
-
-	switch (ret) {
-	case KRB5KDC_ERR_NAME_EXP :
-	    krb5_set_error_string(context, "Client %s%s%s expired",
-				  creds ? "(" : "",
-				  creds ? clientname : "",
-				  creds ? ")" : "");
-	    break;
-	case KRB5KDC_ERR_SERVICE_EXP :
-	    krb5_set_error_string(context, "Server %s%s%s expired",
-				  creds ? "(" : "",
-				  creds ? servername : "",
-				  creds ? ")" : "");
-	    break;
-	case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN :
-	    krb5_set_error_string(context, "Client %s%s%s unknown",
-				  creds ? "(" : "",
-				  creds ? clientname : "",
-				  creds ? ")" : "");
-	    break;
-	case KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN :
-	    krb5_set_error_string(context, "Server %s%s%s unknown",
-				  creds ? "(" : "",
-				  creds ? servername : "",
-				  creds ? ")" : "");
-	    break;
-	default :
-	    krb5_clear_error_string(context);
-	    break;
-	}
-    }
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/rd_priv.c b/crypto/heimdal/lib/krb5/rd_priv.c
deleted file mode 100644
index ed7a2ccc5278..000000000000
--- a/crypto/heimdal/lib/krb5/rd_priv.c
+++ /dev/null
@@ -1,185 +0,0 @@
-/*
- * Copyright (c) 1997-2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: rd_priv.c 21751 2007-07-31 20:42:20Z lha $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_priv(krb5_context context,
-	     krb5_auth_context auth_context,
-	     const krb5_data *inbuf,
-	     krb5_data *outbuf,
-	     krb5_replay_data *outdata)
-{
-    krb5_error_code ret;
-    KRB_PRIV priv;
-    EncKrbPrivPart part;
-    size_t len;
-    krb5_data plain;
-    krb5_keyblock *key;
-    krb5_crypto crypto;
-
-    if (outbuf)
-	krb5_data_zero(outbuf);
-
-    if ((auth_context->flags & 
-	 (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
-	outdata == NULL) {
-	krb5_clear_error_string (context);
-	return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */
-    }
-
-    memset(&priv, 0, sizeof(priv));
-    ret = decode_KRB_PRIV (inbuf->data, inbuf->length, &priv, &len);
-    if (ret) {
-	krb5_clear_error_string (context);
-	goto failure;
-    }
-    if (priv.pvno != 5) {
-	krb5_clear_error_string (context);
-	ret = KRB5KRB_AP_ERR_BADVERSION;
-	goto failure;
-    }
-    if (priv.msg_type != krb_priv) {
-	krb5_clear_error_string (context);
-	ret = KRB5KRB_AP_ERR_MSG_TYPE;
-	goto failure;
-    }
-
-    if (auth_context->remote_subkey)
-	key = auth_context->remote_subkey;
-    else if (auth_context->local_subkey)
-	key = auth_context->local_subkey;
-    else
-	key = auth_context->keyblock;
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret)
-	goto failure;
-    ret = krb5_decrypt_EncryptedData(context,
-				     crypto,
-				     KRB5_KU_KRB_PRIV,
-				     &priv.enc_part,
-				     &plain);
-    krb5_crypto_destroy(context, crypto);
-    if (ret) 
-	goto failure;
-
-    ret = decode_EncKrbPrivPart (plain.data, plain.length, &part, &len);
-    krb5_data_free (&plain);
-    if (ret) {
-	krb5_clear_error_string (context);
-	goto failure;
-    }
-  
-    /* check sender address */
-
-    if (part.s_address
-	&& auth_context->remote_address
-	&& !krb5_address_compare (context,
-				  auth_context->remote_address,
-				  part.s_address)) {
-	krb5_clear_error_string (context);
-	ret = KRB5KRB_AP_ERR_BADADDR;
-	goto failure_part;
-    }
-
-    /* check receiver address */
-
-    if (part.r_address
-	&& auth_context->local_address
-	&& !krb5_address_compare (context,
-				  auth_context->local_address,
-				  part.r_address)) {
-	krb5_clear_error_string (context);
-	ret = KRB5KRB_AP_ERR_BADADDR;
-	goto failure_part;
-    }
-
-    /* check timestamp */
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
-	krb5_timestamp sec;
-
-	krb5_timeofday (context, &sec);
-	if (part.timestamp == NULL ||
-	    part.usec      == NULL ||
-	    abs(*part.timestamp - sec) > context->max_skew) {
-	    krb5_clear_error_string (context);
-	    ret = KRB5KRB_AP_ERR_SKEW;
-	    goto failure_part;
-	}
-    }
-
-    /* XXX - check replay cache */
-
-    /* check sequence number. since MIT krb5 cannot generate a sequence
-       number of zero but instead generates no sequence number, we accept that
-    */
-
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
-	if ((part.seq_number == NULL
-	     && auth_context->remote_seqnumber != 0)
-	    || (part.seq_number != NULL
-		&& *part.seq_number != auth_context->remote_seqnumber)) {
-	    krb5_clear_error_string (context);
-	    ret = KRB5KRB_AP_ERR_BADORDER;
-	    goto failure_part;
-	}
-	auth_context->remote_seqnumber++;
-    }
-
-    ret = krb5_data_copy (outbuf, part.user_data.data, part.user_data.length);
-    if (ret)
-	goto failure_part;
-
-    if ((auth_context->flags & 
-	 (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) {
-	/* if these fields are not present in the priv-part, silently
-           return zero */
-	memset(outdata, 0, sizeof(*outdata));
-	if(part.timestamp)
-	    outdata->timestamp = *part.timestamp;
-	if(part.usec)
-	    outdata->usec = *part.usec;
-	if(part.seq_number)
-	    outdata->seq = *part.seq_number;
-    }
-
-  failure_part:
-    free_EncKrbPrivPart (&part);
-
-  failure:
-    free_KRB_PRIV (&priv);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/rd_rep.c b/crypto/heimdal/lib/krb5/rd_rep.c
deleted file mode 100644
index 8c9b7bb441d7..000000000000
--- a/crypto/heimdal/lib/krb5/rd_rep.c
+++ /dev/null
@@ -1,124 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: rd_rep.c 17890 2006-08-21 09:19:22Z lha $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_rep(krb5_context context,
-	    krb5_auth_context auth_context,
-	    const krb5_data *inbuf,
-	    krb5_ap_rep_enc_part **repl)
-{
-    krb5_error_code ret;
-    AP_REP ap_rep;
-    size_t len;
-    krb5_data data;
-    krb5_crypto crypto;
-
-    krb5_data_zero (&data);
-    ret = 0;
-
-    ret = decode_AP_REP(inbuf->data, inbuf->length, &ap_rep, &len);
-    if (ret)
-	return ret;
-    if (ap_rep.pvno != 5) {
-	ret = KRB5KRB_AP_ERR_BADVERSION;
-	krb5_clear_error_string (context);
-	goto out;
-    }
-    if (ap_rep.msg_type != krb_ap_rep) {
-	ret = KRB5KRB_AP_ERR_MSG_TYPE;
-	krb5_clear_error_string (context);
-	goto out;
-    }
-
-    ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto);
-    if (ret)
-	goto out;
-    ret = krb5_decrypt_EncryptedData (context, 
-				      crypto,	
-				      KRB5_KU_AP_REQ_ENC_PART,
-				      &ap_rep.enc_part,
-				      &data);
-    krb5_crypto_destroy(context, crypto);
-    if (ret)
-	goto out;
-
-    *repl = malloc(sizeof(**repl));
-    if (*repl == NULL) {
-	ret = ENOMEM;
-	krb5_set_error_string (context, "malloc: out of memory");
-	goto out;
-    }
-    ret = krb5_decode_EncAPRepPart(context,
-				   data.data,
-				   data.length,
-				   *repl, 
-				   &len);
-    if (ret)
-	return ret;
-  
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) { 
-	if ((*repl)->ctime != auth_context->authenticator->ctime ||
-	    (*repl)->cusec != auth_context->authenticator->cusec) 
-	{
-	    krb5_free_ap_rep_enc_part(context, *repl);
-	    *repl = NULL;
-	    ret = KRB5KRB_AP_ERR_MUT_FAIL;
-	    krb5_clear_error_string (context);
-	    goto out;
-	}
-    }
-    if ((*repl)->seq_number)
-	krb5_auth_con_setremoteseqnumber(context, auth_context,
-					 *((*repl)->seq_number));
-    if ((*repl)->subkey)
-	krb5_auth_con_setremotesubkey(context, auth_context, (*repl)->subkey);
-  
- out:
-    krb5_data_free (&data);
-    free_AP_REP (&ap_rep);
-    return ret;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_free_ap_rep_enc_part (krb5_context context,
-			   krb5_ap_rep_enc_part *val)
-{
-    if (val) {
-	free_EncAPRepPart (val);
-	free (val);
-    }
-}
diff --git a/crypto/heimdal/lib/krb5/rd_req.c b/crypto/heimdal/lib/krb5/rd_req.c
deleted file mode 100644
index 0f33b9716454..000000000000
--- a/crypto/heimdal/lib/krb5/rd_req.c
+++ /dev/null
@@ -1,892 +0,0 @@
-/*
- * Copyright (c) 1997 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: rd_req.c 22235 2007-12-08 21:52:07Z lha $");
-
-static krb5_error_code
-decrypt_tkt_enc_part (krb5_context context,
-		      krb5_keyblock *key,
-		      EncryptedData *enc_part,
-		      EncTicketPart *decr_part)
-{
-    krb5_error_code ret;
-    krb5_data plain;
-    size_t len;
-    krb5_crypto crypto;
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret)
-	return ret;
-    ret = krb5_decrypt_EncryptedData (context,
-				      crypto,
-				      KRB5_KU_TICKET,
-				      enc_part,
-				      &plain);
-    krb5_crypto_destroy(context, crypto);
-    if (ret)
-	return ret;
-
-    ret = krb5_decode_EncTicketPart(context, plain.data, plain.length, 
-				    decr_part, &len);
-    krb5_data_free (&plain);
-    return ret;
-}
-
-static krb5_error_code
-decrypt_authenticator (krb5_context context,
-		       EncryptionKey *key,
-		       EncryptedData *enc_part,
-		       Authenticator *authenticator,
-		       krb5_key_usage usage)
-{
-    krb5_error_code ret;
-    krb5_data plain;
-    size_t len;
-    krb5_crypto crypto;
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret)
-	return ret;
-    ret = krb5_decrypt_EncryptedData (context,
-				      crypto,
-				      usage /* KRB5_KU_AP_REQ_AUTH */,
-				      enc_part,
-				      &plain);
-    /* for backwards compatibility, also try the old usage */
-    if (ret && usage == KRB5_KU_TGS_REQ_AUTH)
-	ret = krb5_decrypt_EncryptedData (context,
-					  crypto,
-					  KRB5_KU_AP_REQ_AUTH,
-					  enc_part,
-					  &plain);
-    krb5_crypto_destroy(context, crypto);
-    if (ret)
-	return ret;
-
-    ret = krb5_decode_Authenticator(context, plain.data, plain.length, 
-				    authenticator, &len);
-    krb5_data_free (&plain);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decode_ap_req(krb5_context context,
-		   const krb5_data *inbuf,
-		   krb5_ap_req *ap_req)
-{
-    krb5_error_code ret;
-    size_t len;
-    ret = decode_AP_REQ(inbuf->data, inbuf->length, ap_req, &len);
-    if (ret)
-	return ret;
-    if (ap_req->pvno != 5){
-	free_AP_REQ(ap_req);
-	krb5_clear_error_string (context);
-	return KRB5KRB_AP_ERR_BADVERSION;
-    }
-    if (ap_req->msg_type != krb_ap_req){
-	free_AP_REQ(ap_req);
-	krb5_clear_error_string (context);
-	return KRB5KRB_AP_ERR_MSG_TYPE;
-    }
-    if (ap_req->ticket.tkt_vno != 5){
-	free_AP_REQ(ap_req);
-	krb5_clear_error_string (context);
-	return KRB5KRB_AP_ERR_BADVERSION;
-    }
-    return 0;
-}
-
-static krb5_error_code
-check_transited(krb5_context context, Ticket *ticket, EncTicketPart *enc)
-{
-    char **realms;
-    int num_realms;
-    krb5_error_code ret;
-	    
-    /* 
-     * Windows 2000 and 2003 uses this inside their TGT so it's normaly
-     * not seen by others, however, samba4 joined with a Windows AD as
-     * a Domain Controller gets exposed to this.
-     */
-    if(enc->transited.tr_type == 0 && enc->transited.contents.length == 0)
-	return 0;
-
-    if(enc->transited.tr_type != DOMAIN_X500_COMPRESS)
-	return KRB5KDC_ERR_TRTYPE_NOSUPP;
-
-    if(enc->transited.contents.length == 0)
-	return 0;
-
-    ret = krb5_domain_x500_decode(context, enc->transited.contents, 
-				  &realms, &num_realms, 
-				  enc->crealm,
-				  ticket->realm);
-    if(ret)
-	return ret;
-    ret = krb5_check_transited(context, enc->crealm, 
-			       ticket->realm, 
-			       realms, num_realms, NULL);
-    free(realms);
-    return ret;
-}
-
-static krb5_error_code
-find_etypelist(krb5_context context,
-	       krb5_auth_context auth_context,
-	       EtypeList *etypes)
-{
-    krb5_error_code ret;
-    krb5_authdata *ad;
-    krb5_authdata adIfRelevant;
-    unsigned i;
-
-    adIfRelevant.len = 0;
-
-    etypes->len = 0;
-    etypes->val = NULL;
-
-    ad = auth_context->authenticator->authorization_data;
-    if (ad == NULL)
-	return 0;
-
-    for (i = 0; i < ad->len; i++) {
-	if (ad->val[i].ad_type == KRB5_AUTHDATA_IF_RELEVANT) {
-	    ret = decode_AD_IF_RELEVANT(ad->val[i].ad_data.data,
-					ad->val[i].ad_data.length,
-					&adIfRelevant,
-					NULL);
-	    if (ret)
-		return ret;
-
-	    if (adIfRelevant.len == 1 &&
-		adIfRelevant.val[0].ad_type ==
-			KRB5_AUTHDATA_GSS_API_ETYPE_NEGOTIATION) {
-		break;
-	    }
-	    free_AD_IF_RELEVANT(&adIfRelevant);
-	    adIfRelevant.len = 0;
-	}
-    }
-
-    if (adIfRelevant.len == 0)
-	return 0;
-
-    ret = decode_EtypeList(adIfRelevant.val[0].ad_data.data,
-			   adIfRelevant.val[0].ad_data.length,
-			   etypes,
-			   NULL);
-    if (ret)
-	krb5_clear_error_string(context);
-
-    free_AD_IF_RELEVANT(&adIfRelevant);
-
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_decrypt_ticket(krb5_context context,
-		    Ticket *ticket,
-		    krb5_keyblock *key,
-		    EncTicketPart *out,
-		    krb5_flags flags)
-{
-    EncTicketPart t;
-    krb5_error_code ret;
-    ret = decrypt_tkt_enc_part (context, key, &ticket->enc_part, &t);
-    if (ret)
-	return ret;
-    
-    {
-	krb5_timestamp now;
-	time_t start = t.authtime;
-
-	krb5_timeofday (context, &now);
-	if(t.starttime)
-	    start = *t.starttime;
-	if(start - now > context->max_skew
-	   || (t.flags.invalid
-	       && !(flags & KRB5_VERIFY_AP_REQ_IGNORE_INVALID))) {
-	    free_EncTicketPart(&t);
-	    krb5_clear_error_string (context);
-	    return KRB5KRB_AP_ERR_TKT_NYV;
-	}
-	if(now - t.endtime > context->max_skew) {
-	    free_EncTicketPart(&t);
-	    krb5_clear_error_string (context);
-	    return KRB5KRB_AP_ERR_TKT_EXPIRED;
-	}
-	
-	if(!t.flags.transited_policy_checked) {
-	    ret = check_transited(context, ticket, &t);
-	    if(ret) {
-		free_EncTicketPart(&t);
-		return ret;
-	    }
-	}
-    }
-    
-    if(out)
-	*out = t;
-    else
-	free_EncTicketPart(&t);
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_verify_authenticator_checksum(krb5_context context,
-				   krb5_auth_context ac,
-				   void *data,
-				   size_t len)
-{
-    krb5_error_code ret;
-    krb5_keyblock *key;
-    krb5_authenticator authenticator;
-    krb5_crypto crypto;
-    
-    ret = krb5_auth_con_getauthenticator (context,
-				      ac,
-				      &authenticator);
-    if(ret)
-	return ret;
-    if(authenticator->cksum == NULL) {
-	krb5_free_authenticator(context, &authenticator);
-	return -17;
-    }
-    ret = krb5_auth_con_getkey(context, ac, &key);
-    if(ret) {
-	krb5_free_authenticator(context, &authenticator);
-	return ret;
-    }
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if(ret)
-	goto out;
-    ret = krb5_verify_checksum (context,
-				crypto,
-				KRB5_KU_AP_REQ_AUTH_CKSUM,
-				data,
-				len,
-				authenticator->cksum);
-    krb5_crypto_destroy(context, crypto);
-out:
-    krb5_free_authenticator(context, &authenticator);
-    krb5_free_keyblock(context, key);
-    return ret;
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_verify_ap_req(krb5_context context,
-		   krb5_auth_context *auth_context,
-		   krb5_ap_req *ap_req,
-		   krb5_const_principal server,
-		   krb5_keyblock *keyblock,
-		   krb5_flags flags,
-		   krb5_flags *ap_req_options,
-		   krb5_ticket **ticket)
-{
-    return krb5_verify_ap_req2 (context,
-				auth_context,
-				ap_req,
-				server,
-				keyblock,
-				flags,
-				ap_req_options,
-				ticket,
-				KRB5_KU_AP_REQ_AUTH);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_verify_ap_req2(krb5_context context,
-		    krb5_auth_context *auth_context,
-		    krb5_ap_req *ap_req,
-		    krb5_const_principal server,
-		    krb5_keyblock *keyblock,
-		    krb5_flags flags,
-		    krb5_flags *ap_req_options,
-		    krb5_ticket **ticket,
-		    krb5_key_usage usage)
-{
-    krb5_ticket *t;
-    krb5_auth_context ac;
-    krb5_error_code ret;
-    EtypeList etypes;
-    
-    if (ticket)
-	*ticket = NULL;
-
-    if (auth_context && *auth_context) {
-	ac = *auth_context;
-    } else {
-	ret = krb5_auth_con_init (context, &ac);
-	if (ret)
-	    return ret;
-    }
-
-    t = calloc(1, sizeof(*t));
-    if (t == NULL) {
-	ret = ENOMEM;
-	krb5_clear_error_string (context);
-	goto out;
-    }
-
-    if (ap_req->ap_options.use_session_key && ac->keyblock){
-	ret = krb5_decrypt_ticket(context, &ap_req->ticket, 
-				  ac->keyblock, 
-				  &t->ticket,
-				  flags);
-	krb5_free_keyblock(context, ac->keyblock);
-	ac->keyblock = NULL;
-    }else
-	ret = krb5_decrypt_ticket(context, &ap_req->ticket, 
-				  keyblock, 
-				  &t->ticket,
-				  flags);
-    
-    if(ret)
-	goto out;
-
-    ret = _krb5_principalname2krb5_principal(context,
-					     &t->server,
-					     ap_req->ticket.sname, 
-					     ap_req->ticket.realm);
-    if (ret) goto out;
-    ret = _krb5_principalname2krb5_principal(context,
-					     &t->client,
-					     t->ticket.cname, 
-					     t->ticket.crealm);
-    if (ret) goto out;
-
-    /* save key */
-
-    ret = krb5_copy_keyblock(context, &t->ticket.key, &ac->keyblock);
-    if (ret) goto out;
-
-    ret = decrypt_authenticator (context,
-				 &t->ticket.key,
-				 &ap_req->authenticator,
-				 ac->authenticator,
-				 usage);
-    if (ret)
-	goto out;
-
-    {
-	krb5_principal p1, p2;
-	krb5_boolean res;
-	
-	_krb5_principalname2krb5_principal(context,
-					   &p1,
-					   ac->authenticator->cname,
-					   ac->authenticator->crealm);
-	_krb5_principalname2krb5_principal(context,
-					   &p2, 
-					   t->ticket.cname,
-					   t->ticket.crealm);
-	res = krb5_principal_compare (context, p1, p2);
-	krb5_free_principal (context, p1);
-	krb5_free_principal (context, p2);
-	if (!res) {
-	    ret = KRB5KRB_AP_ERR_BADMATCH;
-	    krb5_clear_error_string (context);
-	    goto out;
-	}
-    }
-
-    /* check addresses */
-
-    if (t->ticket.caddr
-	&& ac->remote_address
-	&& !krb5_address_search (context,
-				 ac->remote_address,
-				 t->ticket.caddr)) {
-	ret = KRB5KRB_AP_ERR_BADADDR;
-	krb5_clear_error_string (context);
-	goto out;
-    }
-
-    /* check timestamp in authenticator */
-    {
-	krb5_timestamp now;
-
-	krb5_timeofday (context, &now);
-
-	if (abs(ac->authenticator->ctime - now) > context->max_skew) {
-	    ret = KRB5KRB_AP_ERR_SKEW;
-	    krb5_clear_error_string (context);
-	    goto out;
-	}
-    }
-
-    if (ac->authenticator->seq_number)
-	krb5_auth_con_setremoteseqnumber(context, ac,
-					 *ac->authenticator->seq_number);
-
-    /* XXX - Xor sequence numbers */
-
-    if (ac->authenticator->subkey) {
-	ret = krb5_auth_con_setremotesubkey(context, ac,
-					    ac->authenticator->subkey);
-	if (ret)
-	    goto out;
-    }
-
-    ret = find_etypelist(context, ac, &etypes);
-    if (ret)
-	goto out;
-
-    ac->keytype = ETYPE_NULL;
-
-    if (etypes.val) {
-	int i;
-
-	for (i = 0; i < etypes.len; i++) {
-	    if (krb5_enctype_valid(context, etypes.val[i]) == 0) {
-		ac->keytype = etypes.val[i];
-		break;
-	    }
-	}
-    }
-
-    if (ap_req_options) {
-	*ap_req_options = 0;
-	if (ac->keytype != ETYPE_NULL)
-	    *ap_req_options |= AP_OPTS_USE_SUBKEY;
-	if (ap_req->ap_options.use_session_key)
-	    *ap_req_options |= AP_OPTS_USE_SESSION_KEY;
-	if (ap_req->ap_options.mutual_required)
-	    *ap_req_options |= AP_OPTS_MUTUAL_REQUIRED;
-    }
-
-    if(ticket)
-	*ticket = t;
-    else
-	krb5_free_ticket (context, t);
-    if (auth_context) {
-	if (*auth_context == NULL)
-	    *auth_context = ac;
-    } else
-	krb5_auth_con_free (context, ac);
-    free_EtypeList(&etypes);
-    return 0;
- out:
-    if (t)
-	krb5_free_ticket (context, t);
-    if (auth_context == NULL || *auth_context == NULL)
-	krb5_auth_con_free (context, ac);
-    return ret;
-}
-		   
-/*
- *
- */
-
-struct krb5_rd_req_in_ctx_data {
-    krb5_keytab keytab;
-    krb5_keyblock *keyblock;
-    krb5_boolean check_pac;
-};
-
-struct krb5_rd_req_out_ctx_data {
-    krb5_keyblock *keyblock;
-    krb5_flags ap_req_options;
-    krb5_ticket *ticket;
-};
-
-/*
- *
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req_in_ctx_alloc(krb5_context context, krb5_rd_req_in_ctx *ctx)
-{
-    *ctx = calloc(1, sizeof(**ctx));
-    if (*ctx == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    (*ctx)->check_pac = (context->flags & KRB5_CTX_F_CHECK_PAC) ? 1 : 0;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req_in_set_keytab(krb5_context context, 
-			  krb5_rd_req_in_ctx in,
-			  krb5_keytab keytab)
-{
-    in->keytab = keytab; /* XXX should make copy */
-    return 0;
-}
-
-/**
- * Set if krb5_rq_red() is going to check the Windows PAC or not
- * 
- * @param context Keberos 5 context.
- * @param in krb5_rd_req_in_ctx to check the option on.
- * @param flag flag to select if to check the pac (TRUE) or not (FALSE).
- *
- * @return Kerberos 5 error code, see krb5_get_error_message().
- *
- * @ingroup krb5
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req_in_set_pac_check(krb5_context context, 
-			     krb5_rd_req_in_ctx in,
-			     krb5_boolean flag)
-{
-    in->check_pac = flag;
-    return 0;
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req_in_set_keyblock(krb5_context context, 
-			    krb5_rd_req_in_ctx in,
-			    krb5_keyblock *keyblock)
-{
-    in->keyblock = keyblock; /* XXX should make copy */
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req_out_get_ap_req_options(krb5_context context, 
-				   krb5_rd_req_out_ctx out,
-				   krb5_flags *ap_req_options)
-{
-    *ap_req_options = out->ap_req_options;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req_out_get_ticket(krb5_context context, 
-			    krb5_rd_req_out_ctx out,
-			    krb5_ticket **ticket)
-{
-    return krb5_copy_ticket(context, out->ticket, ticket);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req_out_get_keyblock(krb5_context context, 
-			    krb5_rd_req_out_ctx out,
-			    krb5_keyblock **keyblock)
-{
-    return krb5_copy_keyblock(context, out->keyblock, keyblock);
-}
-
-void  KRB5_LIB_FUNCTION
-krb5_rd_req_in_ctx_free(krb5_context context, krb5_rd_req_in_ctx ctx)
-{
-    free(ctx);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_rd_req_out_ctx_alloc(krb5_context context, krb5_rd_req_out_ctx *ctx)
-{
-    *ctx = calloc(1, sizeof(**ctx));
-    if (*ctx == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    return 0;
-}
-
-void  KRB5_LIB_FUNCTION
-krb5_rd_req_out_ctx_free(krb5_context context, krb5_rd_req_out_ctx ctx)
-{
-    krb5_free_keyblock(context, ctx->keyblock);
-    free(ctx);
-}
-
-/*
- *
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req(krb5_context context,
-	    krb5_auth_context *auth_context,
-	    const krb5_data *inbuf,
-	    krb5_const_principal server,
-	    krb5_keytab keytab,
-	    krb5_flags *ap_req_options,
-	    krb5_ticket **ticket)
-{
-    krb5_error_code ret;
-    krb5_rd_req_in_ctx in;
-    krb5_rd_req_out_ctx out;
-
-    ret = krb5_rd_req_in_ctx_alloc(context, &in);
-    if (ret)
-	return ret;
-    
-    ret = krb5_rd_req_in_set_keytab(context, in, keytab);
-    if (ret) {
-	krb5_rd_req_in_ctx_free(context, in);
-	return ret;
-    }
-
-    ret = krb5_rd_req_ctx(context, auth_context, inbuf, server, in, &out);
-    krb5_rd_req_in_ctx_free(context, in);
-    if (ret)
-	return ret;
-
-    if (ap_req_options)
-	*ap_req_options = out->ap_req_options;
-    if (ticket) {
-	ret = krb5_copy_ticket(context, out->ticket, ticket);
-	if (ret)
-	    goto out;
-    }
-
-out:
-    krb5_rd_req_out_ctx_free(context, out);
-    return ret;
-}
-
-/*
- *
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req_with_keyblock(krb5_context context,
-			  krb5_auth_context *auth_context,
-			  const krb5_data *inbuf,
-			  krb5_const_principal server,
-			  krb5_keyblock *keyblock,
-			  krb5_flags *ap_req_options,
-			  krb5_ticket **ticket)
-{
-    krb5_error_code ret;
-    krb5_rd_req_in_ctx in;
-    krb5_rd_req_out_ctx out;
-
-    ret = krb5_rd_req_in_ctx_alloc(context, &in);
-    if (ret)
-	return ret;
-    
-    ret = krb5_rd_req_in_set_keyblock(context, in, keyblock);
-    if (ret) {
-	krb5_rd_req_in_ctx_free(context, in);
-	return ret;
-    }
-
-    ret = krb5_rd_req_ctx(context, auth_context, inbuf, server, in, &out);
-    krb5_rd_req_in_ctx_free(context, in);
-    if (ret)
-	return ret;
-
-    if (ap_req_options)
-	*ap_req_options = out->ap_req_options;
-    if (ticket) {
-	ret = krb5_copy_ticket(context, out->ticket, ticket);
-	if (ret)
-	    goto out;
-    }
-
-out:
-    krb5_rd_req_out_ctx_free(context, out);
-    return ret;
-}
-
-/*
- *
- */
-
-static krb5_error_code
-get_key_from_keytab(krb5_context context,
-		    krb5_auth_context *auth_context,
-		    krb5_ap_req *ap_req,
-		    krb5_const_principal server,
-		    krb5_keytab keytab,
-		    krb5_keyblock **out_key)
-{
-    krb5_keytab_entry entry;
-    krb5_error_code ret;
-    int kvno;
-    krb5_keytab real_keytab;
-
-    if(keytab == NULL)
-	krb5_kt_default(context, &real_keytab);
-    else
-	real_keytab = keytab;
-    
-    if (ap_req->ticket.enc_part.kvno)
-	kvno = *ap_req->ticket.enc_part.kvno;
-    else
-	kvno = 0;
-
-    ret = krb5_kt_get_entry (context,
-			     real_keytab,
-			     server,
-			     kvno,
-			     ap_req->ticket.enc_part.etype,
-			     &entry);
-    if(ret)
-	goto out;
-    ret = krb5_copy_keyblock(context, &entry.keyblock, out_key);
-    krb5_kt_free_entry (context, &entry);
-out:    
-    if(keytab == NULL)
-	krb5_kt_close(context, real_keytab);
-    
-    return ret;
-}
-
-/*
- *
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req_ctx(krb5_context context,
-		krb5_auth_context *auth_context,
-		const krb5_data *inbuf,
-		krb5_const_principal server,
-		krb5_rd_req_in_ctx inctx,
-		krb5_rd_req_out_ctx *outctx)
-{
-    krb5_error_code ret;
-    krb5_ap_req ap_req;
-    krb5_principal service = NULL;
-    krb5_rd_req_out_ctx o = NULL;
-
-    ret = _krb5_rd_req_out_ctx_alloc(context, &o);
-    if (ret)
-	goto out;
-
-    if (*auth_context == NULL) {
-	ret = krb5_auth_con_init(context, auth_context);
-	if (ret)
-	    goto out;
-    }
-
-    ret = krb5_decode_ap_req(context, inbuf, &ap_req);
-    if(ret)
-	goto out;
-
-    if(server == NULL){
-	ret = _krb5_principalname2krb5_principal(context,
-						 &service,
-						 ap_req.ticket.sname,
-						 ap_req.ticket.realm);
-	if (ret)
-	    goto out;
-	server = service;
-    }
-    if (ap_req.ap_options.use_session_key &&
-	(*auth_context)->keyblock == NULL) {
-	krb5_set_error_string(context, "krb5_rd_req: user to user auth "
-			      "without session key given");
-	ret = KRB5KRB_AP_ERR_NOKEY;
-	goto out;
-    }
-
-    if((*auth_context)->keyblock){
-	ret = krb5_copy_keyblock(context,
-				 (*auth_context)->keyblock,
-				 &o->keyblock);
-	if (ret)
-	    goto out;
-    } else if(inctx->keyblock){
-	ret = krb5_copy_keyblock(context,
-				 inctx->keyblock,
-				 &o->keyblock);
-	if (ret)
-	    goto out;
-    } else {
-	krb5_keytab keytab = NULL;
-
-	if (inctx && inctx->keytab)
-	    keytab = inctx->keytab;
-
-	ret = get_key_from_keytab(context, 
-				  auth_context, 
-				  &ap_req,
-				  server,
-				  keytab,
-				  &o->keyblock);
-	if(ret)
-	    goto out;
-    }
-
-    ret = krb5_verify_ap_req2(context,
-			      auth_context,
-			      &ap_req,
-			      server,
-			      o->keyblock,
-			      0,
-			      &o->ap_req_options,
-			      &o->ticket,
-			      KRB5_KU_AP_REQ_AUTH);
-
-    if (ret)
-	goto out;
-
-    /* If there is a PAC, verify its server signature */
-    if (inctx->check_pac) {
-	krb5_pac pac;
-	krb5_data data;
-
-	ret = krb5_ticket_get_authorization_data_type(context,
-						      o->ticket,
-						      KRB5_AUTHDATA_WIN2K_PAC,
-						      &data);
-	if (ret == 0) {
-	    ret = krb5_pac_parse(context, data.data, data.length, &pac);
-	    krb5_data_free(&data);
-	    if (ret)
-		goto out;
-	
-	    ret = krb5_pac_verify(context,
-				  pac, 
-				  o->ticket->ticket.authtime,
-				  o->ticket->client, 
-				  o->keyblock, 
-				  NULL);
-	    krb5_pac_free(context, pac);
-	    if (ret)
-		goto out;
-	}
-	ret = 0;
-    }
-out:
-    if (ret || outctx == NULL) {
-	krb5_rd_req_out_ctx_free(context, o);
-    } else 
-	*outctx = o;
-
-    free_AP_REQ(&ap_req);
-    if(service)
-	krb5_free_principal(context, service);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/rd_safe.c b/crypto/heimdal/lib/krb5/rd_safe.c
deleted file mode 100644
index b2fb5c59d776..000000000000
--- a/crypto/heimdal/lib/krb5/rd_safe.c
+++ /dev/null
@@ -1,213 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: rd_safe.c 19827 2007-01-11 02:54:59Z lha $");
-
-static krb5_error_code
-verify_checksum(krb5_context context,
-		krb5_auth_context auth_context,
-		KRB_SAFE *safe)
-{
-    krb5_error_code ret;
-    u_char *buf;
-    size_t buf_size;
-    size_t len;
-    Checksum c;
-    krb5_crypto crypto;
-    krb5_keyblock *key;
-
-    c = safe->cksum;
-    safe->cksum.cksumtype       = 0;
-    safe->cksum.checksum.data   = NULL;
-    safe->cksum.checksum.length = 0;
-
-    ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, safe, &len, ret);
-    if(ret)
-	return ret;
-    if(buf_size != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-
-    if (auth_context->remote_subkey)
-	key = auth_context->remote_subkey;
-    else if (auth_context->local_subkey)
-	key = auth_context->local_subkey;
-    else
-	key = auth_context->keyblock;
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret)
-	goto out;
-    ret = krb5_verify_checksum (context,
-				crypto,
-				KRB5_KU_KRB_SAFE_CKSUM,
-				buf + buf_size - len,
-				len,
-				&c);
-    krb5_crypto_destroy(context, crypto);
-out:
-    safe->cksum = c;
-    free (buf);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_safe(krb5_context context,
-	     krb5_auth_context auth_context,
-	     const krb5_data *inbuf,
-	     krb5_data *outbuf,
-	     krb5_replay_data *outdata)
-{
-    krb5_error_code ret;
-    KRB_SAFE safe;
-    size_t len;
-
-    if (outbuf)
-	krb5_data_zero(outbuf);
-
-    if ((auth_context->flags & 
-	 (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
-	outdata == NULL) {
-	krb5_set_error_string(context, "rd_safe: need outdata to return data");
-	return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */
-    }
-
-    ret = decode_KRB_SAFE (inbuf->data, inbuf->length, &safe, &len);
-    if (ret) 
-	return ret;
-    if (safe.pvno != 5) {
-	ret = KRB5KRB_AP_ERR_BADVERSION;
-	krb5_clear_error_string (context);
-	goto failure;
-    }
-    if (safe.msg_type != krb_safe) {
-	ret = KRB5KRB_AP_ERR_MSG_TYPE;
-	krb5_clear_error_string (context);
-	goto failure;
-    }
-    if (!krb5_checksum_is_keyed(context, safe.cksum.cksumtype)
-	|| !krb5_checksum_is_collision_proof(context, safe.cksum.cksumtype)) {
-	ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
-	krb5_clear_error_string (context);
-	goto failure;
-    }
-
-    /* check sender address */
-
-    if (safe.safe_body.s_address
-	&& auth_context->remote_address
-	&& !krb5_address_compare (context,
-				  auth_context->remote_address,
-				  safe.safe_body.s_address)) {
-	ret = KRB5KRB_AP_ERR_BADADDR;
-	krb5_clear_error_string (context);
-	goto failure;
-    }
-
-    /* check receiver address */
-
-    if (safe.safe_body.r_address
-	&& auth_context->local_address
-	&& !krb5_address_compare (context,
-				  auth_context->local_address,
-				  safe.safe_body.r_address)) {
-	ret = KRB5KRB_AP_ERR_BADADDR;
-	krb5_clear_error_string (context);
-	goto failure;
-    }
-
-    /* check timestamp */
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
-	krb5_timestamp sec;
-
-	krb5_timeofday (context, &sec);
-
-	if (safe.safe_body.timestamp == NULL ||
-	    safe.safe_body.usec      == NULL ||
-	    abs(*safe.safe_body.timestamp - sec) > context->max_skew) {
-	    ret = KRB5KRB_AP_ERR_SKEW;
-	    krb5_clear_error_string (context);
-	    goto failure;
-	}
-    }
-    /* XXX - check replay cache */
-
-    /* check sequence number. since MIT krb5 cannot generate a sequence
-       number of zero but instead generates no sequence number, we accept that
-    */
-
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
-	if ((safe.safe_body.seq_number == NULL
-	     && auth_context->remote_seqnumber != 0)
-	    || (safe.safe_body.seq_number != NULL
-		&& *safe.safe_body.seq_number !=
-		auth_context->remote_seqnumber)) {
-	    ret = KRB5KRB_AP_ERR_BADORDER;
-	    krb5_clear_error_string (context);
-	    goto failure;
-	}
-	auth_context->remote_seqnumber++;
-    }
-
-    ret = verify_checksum (context, auth_context, &safe);
-    if (ret)
-	goto failure;
-  
-    outbuf->length = safe.safe_body.user_data.length;
-    outbuf->data   = malloc(outbuf->length);
-    if (outbuf->data == NULL && outbuf->length != 0) {
-	ret = ENOMEM;
-	krb5_set_error_string (context, "malloc: out of memory");
-	krb5_data_zero(outbuf);
-	goto failure;
-    }
-    memcpy (outbuf->data, safe.safe_body.user_data.data, outbuf->length);
-
-    if ((auth_context->flags & 
-	 (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) {
-	/* if these fields are not present in the safe-part, silently
-           return zero */
-	memset(outdata, 0, sizeof(*outdata));
-	if(safe.safe_body.timestamp)
-	    outdata->timestamp = *safe.safe_body.timestamp;
-	if(safe.safe_body.usec)
-	    outdata->usec = *safe.safe_body.usec;
-	if(safe.safe_body.seq_number)
-	    outdata->seq = *safe.safe_body.seq_number;
-    }
-
-  failure:
-    free_KRB_SAFE (&safe);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/read_message.c b/crypto/heimdal/lib/krb5/read_message.c
deleted file mode 100644
index 5e03507b66a5..000000000000
--- a/crypto/heimdal/lib/krb5/read_message.c
+++ /dev/null
@@ -1,106 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: read_message.c 21750 2007-07-31 20:41:25Z lha $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_read_message (krb5_context context,
-		   krb5_pointer p_fd,
-		   krb5_data *data)
-{
-    krb5_error_code ret;
-    uint32_t len;
-    uint8_t buf[4];
-
-    krb5_data_zero(data);
-
-    ret = krb5_net_read (context, p_fd, buf, 4);
-    if(ret == -1) {
-	ret = errno;
-	krb5_clear_error_string (context);
-	return ret;
-    }
-    if(ret < 4) {
-	krb5_clear_error_string(context);
-	return HEIM_ERR_EOF;
-    }
-    len = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
-    ret = krb5_data_alloc (data, len);
-    if (ret) {
-	krb5_clear_error_string(context);
-	return ret;
-    }
-    if (krb5_net_read (context, p_fd, data->data, len) != len) {
-	ret = errno;
-	krb5_data_free (data);
-	krb5_clear_error_string (context);
-	return ret;
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_read_priv_message(krb5_context context,
-		       krb5_auth_context ac,
-		       krb5_pointer p_fd,
-		       krb5_data *data)
-{
-    krb5_error_code ret;
-    krb5_data packet;
-
-    ret = krb5_read_message(context, p_fd, &packet);
-    if(ret)
-	return ret;
-    ret = krb5_rd_priv (context, ac, &packet, data, NULL);
-    krb5_data_free(&packet);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_read_safe_message(krb5_context context,
-		       krb5_auth_context ac,
-		       krb5_pointer p_fd,
-		       krb5_data *data)
-{
-    krb5_error_code ret;
-    krb5_data packet;
-
-    ret = krb5_read_message(context, p_fd, &packet);
-    if(ret)
-	return ret;
-    ret = krb5_rd_safe (context, ac, &packet, data, NULL);
-    krb5_data_free(&packet);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/recvauth.c b/crypto/heimdal/lib/krb5/recvauth.c
deleted file mode 100644
index 03482851268c..000000000000
--- a/crypto/heimdal/lib/krb5/recvauth.c
+++ /dev/null
@@ -1,211 +0,0 @@
-/*
- * Copyright (c) 1997-2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: recvauth.c 20306 2007-04-11 11:15:55Z lha $");
-
-/*
- * See `sendauth.c' for the format.
- */
-
-static krb5_boolean
-match_exact(const void *data, const char *appl_version)
-{
-    return strcmp(data, appl_version) == 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_recvauth(krb5_context context,
-	      krb5_auth_context *auth_context,
-	      krb5_pointer p_fd,
-	      const char *appl_version,
-	      krb5_principal server,
-	      int32_t flags,
-	      krb5_keytab keytab,
-	      krb5_ticket **ticket)
-{
-    return krb5_recvauth_match_version(context, auth_context, p_fd,
-				       match_exact, appl_version,
-				       server, flags,
-				       keytab, ticket);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_recvauth_match_version(krb5_context context,
-			    krb5_auth_context *auth_context,
-			    krb5_pointer p_fd,
-			    krb5_boolean (*match_appl_version)(const void *, 
-							       const char*),
-			    const void *match_data,
-			    krb5_principal server,
-			    int32_t flags,
-			    krb5_keytab keytab,
-			    krb5_ticket **ticket)
-{
-    krb5_error_code ret;
-    const char *version = KRB5_SENDAUTH_VERSION;
-    char her_version[sizeof(KRB5_SENDAUTH_VERSION)];
-    char *her_appl_version;
-    uint32_t len;
-    u_char repl;
-    krb5_data data;
-    krb5_flags ap_options;
-    ssize_t n;
-
-    /*
-     * If there are no addresses in auth_context, get them from `fd'.
-     */
-
-    if (*auth_context == NULL) {
-	ret = krb5_auth_con_init (context, auth_context);
-	if (ret)
-	    return ret;
-    }
-
-    ret = krb5_auth_con_setaddrs_from_fd (context,
-					  *auth_context,
-					  p_fd);
-    if (ret)
-	return ret;
-
-    if(!(flags & KRB5_RECVAUTH_IGNORE_VERSION)) {
-	n = krb5_net_read (context, p_fd, &len, 4);
-	if (n < 0) {
-	    ret = errno;
-	    krb5_set_error_string (context, "read: %s", strerror(errno));
-	    return ret;
-	}
-	if (n == 0) {
-	    krb5_set_error_string (context, "Failed to receive sendauth data");
-	    return KRB5_SENDAUTH_BADAUTHVERS;
-	}
-	len = ntohl(len);
-	if (len != sizeof(her_version)
-	    || krb5_net_read (context, p_fd, her_version, len) != len
-	    || strncmp (version, her_version, len)) {
-	    repl = 1;
-	    krb5_net_write (context, p_fd, &repl, 1);
-	    krb5_clear_error_string (context);
-	    return KRB5_SENDAUTH_BADAUTHVERS;
-	}
-    }
-
-    n = krb5_net_read (context, p_fd, &len, 4);
-    if (n < 0) {
-	ret = errno;
-	krb5_set_error_string (context, "read: %s", strerror(errno));
-	return ret;
-    }
-    if (n == 0) {
-	krb5_clear_error_string (context);
-	return KRB5_SENDAUTH_BADAPPLVERS;
-    }
-    len = ntohl(len);
-    her_appl_version = malloc (len);
-    if (her_appl_version == NULL) {
-	repl = 2;
-	krb5_net_write (context, p_fd, &repl, 1);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    if (krb5_net_read (context, p_fd, her_appl_version, len) != len
-	|| !(*match_appl_version)(match_data, her_appl_version)) {
-	repl = 2;
-	krb5_net_write (context, p_fd, &repl, 1);
-	krb5_set_error_string (context, "wrong sendauth version (%s)",
-			       her_appl_version);
-	free (her_appl_version);
-	return KRB5_SENDAUTH_BADAPPLVERS;
-    }
-    free (her_appl_version);
-
-    repl = 0;
-    if (krb5_net_write (context, p_fd, &repl, 1) != 1) {
-	ret = errno;
-	krb5_set_error_string (context, "write: %s", strerror(errno));
-	return ret;
-    }
-
-    krb5_data_zero (&data);
-    ret = krb5_read_message (context, p_fd, &data);
-    if (ret)
-	return ret;
-
-    ret = krb5_rd_req (context,
-		       auth_context,
-		       &data,
-		       server,
-		       keytab,
-		       &ap_options,
-		       ticket);
-    krb5_data_free (&data);
-    if (ret) {
-	krb5_data error_data;
-	krb5_error_code ret2;
-
-	ret2 = krb5_mk_error (context,
-			      ret,
-			      NULL,
-			      NULL,
-			      NULL,
-			      server,
-			      NULL,
-			      NULL,
-			      &error_data);
-	if (ret2 == 0) {
-	    krb5_write_message (context, p_fd, &error_data);
-	    krb5_data_free (&error_data);
-	}
-	return ret;
-    }      
-
-    len = 0;
-    if (krb5_net_write (context, p_fd, &len, 4) != 4) {
-	ret = errno;
-	krb5_set_error_string (context, "write: %s", strerror(errno));
-	return ret;
-    }
-
-    if (ap_options & AP_OPTS_MUTUAL_REQUIRED) {
-	ret = krb5_mk_rep (context, *auth_context, &data);
-	if (ret)
-	    return ret;
-
-	ret = krb5_write_message (context, p_fd, &data);
-	if (ret)
-	    return ret;
-	krb5_data_free (&data);
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/replay.c b/crypto/heimdal/lib/krb5/replay.c
deleted file mode 100644
index 12894d96a95e..000000000000
--- a/crypto/heimdal/lib/krb5/replay.c
+++ /dev/null
@@ -1,312 +0,0 @@
-/*
- * Copyright (c) 1997-2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-#include <vis.h>
-
-RCSID("$Id: replay.c 17047 2006-04-10 17:13:49Z lha $");
-
-struct krb5_rcache_data {
-    char *name;
-};
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_resolve(krb5_context context,
-		krb5_rcache id,
-		const char *name)
-{
-    id->name = strdup(name);
-    if(id->name == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return KRB5_RC_MALLOC;
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_resolve_type(krb5_context context,
-		     krb5_rcache *id,
-		     const char *type)
-{
-    *id = NULL;
-    if(strcmp(type, "FILE")) {
-	krb5_set_error_string (context, "replay cache type %s not supported",
-			       type);
-	return KRB5_RC_TYPE_NOTFOUND;
-    }
-    *id = calloc(1, sizeof(**id));
-    if(*id == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return KRB5_RC_MALLOC;
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_resolve_full(krb5_context context,
-		     krb5_rcache *id,
-		     const char *string_name)
-{
-    krb5_error_code ret;
-
-    *id = NULL;
-
-    if(strncmp(string_name, "FILE:", 5)) {
-	krb5_set_error_string (context, "replay cache type %s not supported",
-			       string_name);
-	return KRB5_RC_TYPE_NOTFOUND;
-    }
-    ret = krb5_rc_resolve_type(context, id, "FILE");
-    if(ret)
-	return ret;
-    ret = krb5_rc_resolve(context, *id, string_name + 5);
-    if (ret) {
-	krb5_rc_close(context, *id);
-	*id = NULL;
-    }
-    return ret;
-}
-
-const char* KRB5_LIB_FUNCTION
-krb5_rc_default_name(krb5_context context)
-{
-    return "FILE:/var/run/default_rcache";
-}
-
-const char* KRB5_LIB_FUNCTION
-krb5_rc_default_type(krb5_context context)
-{
-    return "FILE";
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_default(krb5_context context,
-		krb5_rcache *id)
-{
-    return krb5_rc_resolve_full(context, id, krb5_rc_default_name(context));
-}
-
-struct rc_entry{
-    time_t stamp;
-    unsigned char data[16];
-};
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_initialize(krb5_context context,
-		   krb5_rcache id,
-		   krb5_deltat auth_lifespan)
-{
-    FILE *f = fopen(id->name, "w");
-    struct rc_entry tmp;
-    int ret;
-
-    if(f == NULL) {
-	ret = errno;
-	krb5_set_error_string (context, "open(%s): %s", id->name,
-			       strerror(ret));
-	return ret;
-    }
-    tmp.stamp = auth_lifespan;
-    fwrite(&tmp, 1, sizeof(tmp), f);
-    fclose(f);
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_recover(krb5_context context,
-		krb5_rcache id)
-{
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_destroy(krb5_context context,
-		krb5_rcache id)
-{
-    int ret;
-
-    if(remove(id->name) < 0) {
-	ret = errno;
-	krb5_set_error_string (context, "remove(%s): %s", id->name,
-			       strerror(ret));
-	return ret;
-    }
-    return krb5_rc_close(context, id);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_close(krb5_context context,
-	      krb5_rcache id)
-{
-    free(id->name);
-    free(id);
-    return 0;
-}
-
-static void
-checksum_authenticator(Authenticator *auth, void *data)
-{
-    MD5_CTX md5;
-    int i;
-
-    MD5_Init (&md5);
-    MD5_Update (&md5, auth->crealm, strlen(auth->crealm));
-    for(i = 0; i < auth->cname.name_string.len; i++)
-	MD5_Update(&md5, auth->cname.name_string.val[i], 
-		   strlen(auth->cname.name_string.val[i]));
-    MD5_Update (&md5, &auth->ctime, sizeof(auth->ctime));
-    MD5_Update (&md5, &auth->cusec, sizeof(auth->cusec));
-    MD5_Final (data, &md5);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_store(krb5_context context,
-	      krb5_rcache id,
-	      krb5_donot_replay *rep)
-{
-    struct rc_entry ent, tmp;
-    time_t t;
-    FILE *f;
-    int ret;
-
-    ent.stamp = time(NULL);
-    checksum_authenticator(rep, ent.data);
-    f = fopen(id->name, "r");
-    if(f == NULL) {
-	ret = errno;
-	krb5_set_error_string (context, "open(%s): %s", id->name,
-			       strerror(ret));
-	return ret;
-    }
-    fread(&tmp, sizeof(ent), 1, f);
-    t = ent.stamp - tmp.stamp;
-    while(fread(&tmp, sizeof(ent), 1, f)){
-	if(tmp.stamp < t)
-	    continue;
-	if(memcmp(tmp.data, ent.data, sizeof(ent.data)) == 0){
-	    fclose(f);
-	    krb5_clear_error_string (context);
-	    return KRB5_RC_REPLAY;
-	}
-    }
-    if(ferror(f)){
-	ret = errno;
-	fclose(f);
-	krb5_set_error_string (context, "%s: %s", id->name, strerror(ret));
-	return ret;
-    }
-    fclose(f);
-    f = fopen(id->name, "a");
-    if(f == NULL) {
-	krb5_set_error_string (context, "open(%s): %s", id->name,
-			       strerror(errno));
-	return KRB5_RC_IO_UNKNOWN;
-    }
-    fwrite(&ent, 1, sizeof(ent), f);
-    fclose(f);
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_expunge(krb5_context context,
-		krb5_rcache id)
-{
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_rc_get_lifespan(krb5_context context,
-		     krb5_rcache id,
-		     krb5_deltat *auth_lifespan)
-{
-    FILE *f = fopen(id->name, "r");
-    int r;
-    struct rc_entry ent;
-    r = fread(&ent, sizeof(ent), 1, f);
-    fclose(f);
-    if(r){
-	*auth_lifespan = ent.stamp;
-	return 0;
-    }
-    krb5_clear_error_string (context);
-    return KRB5_RC_IO_UNKNOWN;
-}
-
-const char* KRB5_LIB_FUNCTION
-krb5_rc_get_name(krb5_context context,
-		 krb5_rcache id)
-{
-    return id->name;
-}
-		 
-const char* KRB5_LIB_FUNCTION
-krb5_rc_get_type(krb5_context context,
-		 krb5_rcache id)
-{
-    return "FILE";
-}
-		 
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_get_server_rcache(krb5_context context, 
-		       const krb5_data *piece, 
-		       krb5_rcache *id)
-{
-    krb5_rcache rcache;
-    krb5_error_code ret;
-
-    char *tmp = malloc(4 * piece->length + 1);
-    char *name;
-
-    if(tmp == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    strvisx(tmp, piece->data, piece->length, VIS_WHITE | VIS_OCTAL);
-#ifdef HAVE_GETEUID
-    asprintf(&name, "FILE:rc_%s_%u", tmp, (unsigned)geteuid());
-#else
-    asprintf(&name, "FILE:rc_%s", tmp);
-#endif
-    free(tmp);
-    if(name == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    ret = krb5_rc_resolve_full(context, &rcache, name);
-    free(name);
-    if(ret)
-	return ret;
-    *id = rcache;
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/send_to_kdc.c b/crypto/heimdal/lib/krb5/send_to_kdc.c
deleted file mode 100644
index 2582a615c052..000000000000
--- a/crypto/heimdal/lib/krb5/send_to_kdc.c
+++ /dev/null
@@ -1,604 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: send_to_kdc.c 21934 2007-08-27 14:21:04Z lha $");
-
-struct send_to_kdc {
-    krb5_send_to_kdc_func func;
-    void *data;
-};
-
-/*
- * send the data in `req' on the socket `fd' (which is datagram iff udp)
- * waiting `tmout' for a reply and returning the reply in `rep'.
- * iff limit read up to this many bytes
- * returns 0 and data in `rep' if succesful, otherwise -1
- */
-
-static int
-recv_loop (int fd,
-	   time_t tmout,
-	   int udp,
-	   size_t limit,
-	   krb5_data *rep)
-{
-     fd_set fdset;
-     struct timeval timeout;
-     int ret;
-     int nbytes;
-
-     if (fd >= FD_SETSIZE) {
-	 return -1;
-     }
-
-     krb5_data_zero(rep);
-     do {
-	 FD_ZERO(&fdset);
-	 FD_SET(fd, &fdset);
-	 timeout.tv_sec  = tmout;
-	 timeout.tv_usec = 0;
-	 ret = select (fd + 1, &fdset, NULL, NULL, &timeout);
-	 if (ret < 0) {
-	     if (errno == EINTR)
-		 continue;
-	     return -1;
-	 } else if (ret == 0) {
-	     return 0;
-	 } else {
-	     void *tmp;
-
-	     if (ioctl (fd, FIONREAD, &nbytes) < 0) {
-		 krb5_data_free (rep);
-		 return -1;
-	     }
-	     if(nbytes <= 0)
-		 return 0;
-
-	     if (limit)
-		 nbytes = min(nbytes, limit - rep->length);
-
-	     tmp = realloc (rep->data, rep->length + nbytes);
-	     if (tmp == NULL) {
-		 krb5_data_free (rep);
-		 return -1;
-	     }
-	     rep->data = tmp;
-	     ret = recv (fd, (char*)tmp + rep->length, nbytes, 0);
-	     if (ret < 0) {
-		 krb5_data_free (rep);
-		 return -1;
-	     }
-	     rep->length += ret;
-	 }
-     } while(!udp && (limit == 0 || rep->length < limit));
-     return 0;
-}
-
-/*
- * Send kerberos requests and receive a reply on a udp or any other kind
- * of a datagram socket.  See `recv_loop'.
- */
-
-static int
-send_and_recv_udp(int fd, 
-		  time_t tmout,
-		  const krb5_data *req,
-		  krb5_data *rep)
-{
-    if (send (fd, req->data, req->length, 0) < 0)
-	return -1;
-
-    return recv_loop(fd, tmout, 1, 0, rep);
-}
-
-/*
- * `send_and_recv' for a TCP (or any other stream) socket.
- * Since there are no record limits on a stream socket the protocol here
- * is to prepend the request with 4 bytes of its length and the reply
- * is similarly encoded.
- */
-
-static int
-send_and_recv_tcp(int fd, 
-		  time_t tmout,
-		  const krb5_data *req,
-		  krb5_data *rep)
-{
-    unsigned char len[4];
-    unsigned long rep_len;
-    krb5_data len_data;
-
-    _krb5_put_int(len, req->length, 4);
-    if(net_write(fd, len, sizeof(len)) < 0)
-	return -1;
-    if(net_write(fd, req->data, req->length) < 0)
-	return -1;
-    if (recv_loop (fd, tmout, 0, 4, &len_data) < 0)
-	return -1;
-    if (len_data.length != 4) {
-	krb5_data_free (&len_data);
-	return -1;
-    }
-    _krb5_get_int(len_data.data, &rep_len, 4);
-    krb5_data_free (&len_data);
-    if (recv_loop (fd, tmout, 0, rep_len, rep) < 0)
-	return -1;
-    if(rep->length != rep_len) {
-	krb5_data_free (rep);
-	return -1;
-    }
-    return 0;
-}
-
-int
-_krb5_send_and_recv_tcp(int fd,
-			time_t tmout,
-			const krb5_data *req,
-			krb5_data *rep)
-{
-    return send_and_recv_tcp(fd, tmout, req, rep);
-}
-
-/*
- * `send_and_recv' tailored for the HTTP protocol.
- */
-
-static int
-send_and_recv_http(int fd, 
-		   time_t tmout,
-		   const char *prefix,
-		   const krb5_data *req,
-		   krb5_data *rep)
-{
-    char *request;
-    char *str;
-    int ret;
-    int len = base64_encode(req->data, req->length, &str);
-
-    if(len < 0)
-	return -1;
-    asprintf(&request, "GET %s%s HTTP/1.0\r\n\r\n", prefix, str);
-    free(str);
-    if (request == NULL)
-	return -1;
-    ret = net_write (fd, request, strlen(request));
-    free (request);
-    if (ret < 0)
-	return ret;
-    ret = recv_loop(fd, tmout, 0, 0, rep);
-    if(ret)
-	return ret;
-    {
-	unsigned long rep_len;
-	char *s, *p;
-
-	s = realloc(rep->data, rep->length + 1);
-	if (s == NULL) {
-	    krb5_data_free (rep);
-	    return -1;
-	}
-	s[rep->length] = 0;
-	p = strstr(s, "\r\n\r\n");
-	if(p == NULL) {
-	    krb5_data_zero(rep);
-	    free(s);
-	    return -1;
-	}
-	p += 4;
-	rep->data = s;
-	rep->length -= p - s;
-	if(rep->length < 4) { /* remove length */
-	    krb5_data_zero(rep);
-	    free(s);
-	    return -1;
-	}
-	rep->length -= 4;
-	_krb5_get_int(p, &rep_len, 4);
-	if (rep_len != rep->length) {
-	    krb5_data_zero(rep);
-	    free(s);
-	    return -1;
-	}
-	memmove(rep->data, p + 4, rep->length);
-    }
-    return 0;
-}
-
-static int
-init_port(const char *s, int fallback)
-{
-    if (s) {
-	int tmp;
-
-	sscanf (s, "%d", &tmp);
-	return htons(tmp);
-    } else
-	return fallback;
-}
-
-/*
- * Return 0 if succesful, otherwise 1
- */
-
-static int
-send_via_proxy (krb5_context context,
-		const krb5_krbhst_info *hi,
-		const krb5_data *send_data,
-		krb5_data *receive)
-{
-    char *proxy2 = strdup(context->http_proxy);
-    char *proxy  = proxy2;
-    char *prefix;
-    char *colon;
-    struct addrinfo hints;
-    struct addrinfo *ai, *a;
-    int ret;
-    int s = -1;
-    char portstr[NI_MAXSERV];
-		 
-    if (proxy == NULL)
-	return ENOMEM;
-    if (strncmp (proxy, "http://", 7) == 0)
-	proxy += 7;
-
-    colon = strchr(proxy, ':');
-    if(colon != NULL)
-	*colon++ = '\0';
-    memset (&hints, 0, sizeof(hints));
-    hints.ai_family   = PF_UNSPEC;
-    hints.ai_socktype = SOCK_STREAM;
-    snprintf (portstr, sizeof(portstr), "%d",
-	      ntohs(init_port (colon, htons(80))));
-    ret = getaddrinfo (proxy, portstr, &hints, &ai);
-    free (proxy2);
-    if (ret)
-	return krb5_eai_to_heim_errno(ret, errno);
-
-    for (a = ai; a != NULL; a = a->ai_next) {
-	s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
-	if (s < 0)
-	    continue;
-	if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
-	    close (s);
-	    continue;
-	}
-	break;
-    }
-    if (a == NULL) {
-	freeaddrinfo (ai);
-	return 1;
-    }
-    freeaddrinfo (ai);
-
-    asprintf(&prefix, "http://%s/", hi->hostname);
-    if(prefix == NULL) {
-	close(s);
-	return 1;
-    }
-    ret = send_and_recv_http(s, context->kdc_timeout,
-			     prefix, send_data, receive);
-    close (s);
-    free(prefix);
-    if(ret == 0 && receive->length != 0)
-	return 0;
-    return 1;
-}
-
-/*
- * Send the data `send' to one host from `handle` and get back the reply
- * in `receive'.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_sendto (krb5_context context,
-	     const krb5_data *send_data,
-	     krb5_krbhst_handle handle,	     
-	     krb5_data *receive)
-{
-     krb5_error_code ret;
-     int fd;
-     int i;
-
-     krb5_data_zero(receive);
-
-     for (i = 0; i < context->max_retries; ++i) {
-	 krb5_krbhst_info *hi;
-
-	 while (krb5_krbhst_next(context, handle, &hi) == 0) {
-	     struct addrinfo *ai, *a;
-
-	     if (context->send_to_kdc) {
-		 struct send_to_kdc *s = context->send_to_kdc;
-
-		 ret = (*s->func)(context, s->data, 
-				  hi, send_data, receive);
-		 if (ret == 0 && receive->length != 0)
-		     goto out;
-		 continue;
-	     }
-
-	     if(hi->proto == KRB5_KRBHST_HTTP && context->http_proxy) {
-		 if (send_via_proxy (context, hi, send_data, receive) == 0) {
-		     ret = 0;
-		     goto out;
-		 }
-		 continue;
-	     }
-
-	     ret = krb5_krbhst_get_addrinfo(context, hi, &ai);
-	     if (ret)
-		 continue;
-
-	     for (a = ai; a != NULL; a = a->ai_next) {
-		 fd = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
-		 if (fd < 0)
-		     continue;
-		 if (connect (fd, a->ai_addr, a->ai_addrlen) < 0) {
-		     close (fd);
-		     continue;
-		 }
-		 switch (hi->proto) {
-		 case KRB5_KRBHST_HTTP :
-		     ret = send_and_recv_http(fd, context->kdc_timeout,
-					      "", send_data, receive);
-		     break;
-		 case KRB5_KRBHST_TCP :
-		     ret = send_and_recv_tcp (fd, context->kdc_timeout,
-					      send_data, receive);
-		     break;
-		 case KRB5_KRBHST_UDP :
-		     ret = send_and_recv_udp (fd, context->kdc_timeout,
-					      send_data, receive);
-		     break;
-		 }
-		 close (fd);
-		 if(ret == 0 && receive->length != 0)
-		     goto out;
-	     }
-	 }
-	 krb5_krbhst_reset(context, handle);
-     }
-     krb5_clear_error_string (context);
-     ret = KRB5_KDC_UNREACH;
-out:
-     return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_sendto_kdc(krb5_context context,
-		const krb5_data *send_data,
-		const krb5_realm *realm,
-		krb5_data *receive)
-{
-    return krb5_sendto_kdc_flags(context, send_data, realm, receive, 0);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_sendto_kdc_flags(krb5_context context,
-		      const krb5_data *send_data,
-		      const krb5_realm *realm,
-		      krb5_data *receive,
-		      int flags)
-{
-    krb5_error_code ret;
-    krb5_sendto_ctx ctx;
-
-    ret = krb5_sendto_ctx_alloc(context, &ctx);
-    if (ret)
-	return ret;
-    krb5_sendto_ctx_add_flags(ctx, flags);
-    krb5_sendto_ctx_set_func(ctx, _krb5_kdc_retry, NULL);
-
-    ret = krb5_sendto_context(context, ctx, send_data, *realm, receive);
-    krb5_sendto_ctx_free(context, ctx);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_send_to_kdc_func(krb5_context context, 
-			  krb5_send_to_kdc_func func,
-			  void *data)
-{
-    free(context->send_to_kdc);
-    if (func == NULL) {
-	context->send_to_kdc = NULL;
-	return 0;
-    }
-
-    context->send_to_kdc = malloc(sizeof(*context->send_to_kdc));
-    if (context->send_to_kdc == NULL) {
-	krb5_set_error_string(context, "Out of memory");
-	return ENOMEM;
-    }
-
-    context->send_to_kdc->func = func;
-    context->send_to_kdc->data = data;
-    return 0;
-}
-
-struct krb5_sendto_ctx_data {
-    int flags;
-    int type;
-    krb5_sendto_ctx_func func;
-    void *data;
-};
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_sendto_ctx_alloc(krb5_context context, krb5_sendto_ctx *ctx)
-{
-    *ctx = calloc(1, sizeof(**ctx));
-    if (*ctx == NULL) {
-	krb5_set_error_string(context, "out of memory");
-	return ENOMEM;
-    }
-    return 0;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_sendto_ctx_add_flags(krb5_sendto_ctx ctx, int flags)
-{
-    ctx->flags |= flags;
-}
-
-int KRB5_LIB_FUNCTION
-krb5_sendto_ctx_get_flags(krb5_sendto_ctx ctx)
-{
-    return ctx->flags;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_sendto_ctx_set_type(krb5_sendto_ctx ctx, int type)
-{
-    ctx->type = type;
-}
-
-
-void KRB5_LIB_FUNCTION
-krb5_sendto_ctx_set_func(krb5_sendto_ctx ctx,
-			 krb5_sendto_ctx_func func,
-			 void *data)
-{
-    ctx->func = func;
-    ctx->data = data;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_sendto_ctx_free(krb5_context context, krb5_sendto_ctx ctx)
-{
-    memset(ctx, 0, sizeof(*ctx));
-    free(ctx);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_sendto_context(krb5_context context,
-		    krb5_sendto_ctx ctx,
-		    const krb5_data *send_data,
-		    const krb5_realm realm,
-		    krb5_data *receive)
-{
-    krb5_error_code ret;
-    krb5_krbhst_handle handle = NULL;
-    int type, freectx = 0;
-    int action;
-
-    krb5_data_zero(receive);
-
-    if (ctx == NULL) {
-	freectx = 1;
-	ret = krb5_sendto_ctx_alloc(context, &ctx);
-	if (ret)
-	    return ret;
-    }
-
-    type = ctx->type;
-    if (type == 0) {
-	if ((ctx->flags & KRB5_KRBHST_FLAGS_MASTER) || context->use_admin_kdc)
-	    type = KRB5_KRBHST_ADMIN;
-	else
-	    type = KRB5_KRBHST_KDC;
-    }
-
-    if (send_data->length > context->large_msg_size)
-	ctx->flags |= KRB5_KRBHST_FLAGS_LARGE_MSG;
-
-    /* loop until we get back a appropriate response */
-
-    do {
-	action = KRB5_SENDTO_DONE;
-
-	krb5_data_free(receive);
-
-	if (handle == NULL) {
-	    ret = krb5_krbhst_init_flags(context, realm, type, 
-					 ctx->flags, &handle);
-	    if (ret) {
-		if (freectx)
-		    krb5_sendto_ctx_free(context, ctx);
-		return ret;
-	    }
-	}
-    
-	ret = krb5_sendto(context, send_data, handle, receive);
-	if (ret)
-	    break;
-	if (ctx->func) {
-	    ret = (*ctx->func)(context, ctx, ctx->data, receive, &action);
-	    if (ret)
-		break;
-	}
-	if (action != KRB5_SENDTO_CONTINUE) {
-	    krb5_krbhst_free(context, handle);
-	    handle = NULL;
-	}
-    } while (action != KRB5_SENDTO_DONE);
-    if (handle)
-	krb5_krbhst_free(context, handle);
-    if (ret == KRB5_KDC_UNREACH)
-	krb5_set_error_string(context, 
-			      "unable to reach any KDC in realm %s", realm);
-    if (ret)
-	krb5_data_free(receive);
-    if (freectx)
-	krb5_sendto_ctx_free(context, ctx);
-    return ret;
-}
-
-krb5_error_code
-_krb5_kdc_retry(krb5_context context, krb5_sendto_ctx ctx, void *data,
-		const krb5_data *reply, int *action)
-{
-    krb5_error_code ret;
-    KRB_ERROR error;
-
-    if(krb5_rd_error(context, reply, &error))
-	return 0;
-
-    ret = krb5_error_from_rd_error(context, &error, NULL);
-    krb5_free_error_contents(context, &error);
-
-    switch(ret) {
-    case KRB5KRB_ERR_RESPONSE_TOO_BIG: {
-	if (krb5_sendto_ctx_get_flags(ctx) & KRB5_KRBHST_FLAGS_LARGE_MSG)
-	    break;
-	krb5_sendto_ctx_add_flags(ctx, KRB5_KRBHST_FLAGS_LARGE_MSG);
-	*action = KRB5_SENDTO_RESTART;
-	break;
-    }
-    case KRB5KDC_ERR_SVC_UNAVAILABLE:
-	*action = KRB5_SENDTO_CONTINUE;
-	break;
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/sendauth.c b/crypto/heimdal/lib/krb5/sendauth.c
deleted file mode 100644
index a7242f0daf9c..000000000000
--- a/crypto/heimdal/lib/krb5/sendauth.c
+++ /dev/null
@@ -1,233 +0,0 @@
-/*
- * Copyright (c) 1997 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: sendauth.c 17442 2006-05-05 09:31:15Z lha $");
-
-/*
- * The format seems to be:
- * client -> server
- *
- * 4 bytes - length
- * KRB5_SENDAUTH_V1.0 (including zero)
- * 4 bytes - length
- * protocol string (with terminating zero)
- *
- * server -> client
- * 1 byte - (0 = OK, else some kind of error)
- *
- * client -> server
- * 4 bytes - length
- * AP-REQ
- *
- * server -> client
- * 4 bytes - length (0 = OK, else length of error)
- * (error)
- *
- * if(mutual) {
- * server -> client
- * 4 bytes - length
- * AP-REP
- * }
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_sendauth(krb5_context context,
-	      krb5_auth_context *auth_context,
-	      krb5_pointer p_fd,
-	      const char *appl_version,
-	      krb5_principal client,
-	      krb5_principal server,
-	      krb5_flags ap_req_options,
-	      krb5_data *in_data,
-	      krb5_creds *in_creds,
-	      krb5_ccache ccache,
-	      krb5_error **ret_error,
-	      krb5_ap_rep_enc_part **rep_result,
-	      krb5_creds **out_creds)
-{
-    krb5_error_code ret;
-    uint32_t len, net_len;
-    const char *version = KRB5_SENDAUTH_VERSION;
-    u_char repl;
-    krb5_data ap_req, error_data;
-    krb5_creds this_cred;
-    krb5_principal this_client = NULL;
-    krb5_creds *creds;
-    ssize_t sret;
-    krb5_boolean my_ccache = FALSE;
-
-    len = strlen(version) + 1;
-    net_len = htonl(len);
-    if (krb5_net_write (context, p_fd, &net_len, 4) != 4
-	|| krb5_net_write (context, p_fd, version, len) != len) {
-	ret = errno;
-	krb5_set_error_string (context, "write: %s", strerror(ret));
-	return ret;
-    }
-
-    len = strlen(appl_version) + 1;
-    net_len = htonl(len);
-    if (krb5_net_write (context, p_fd, &net_len, 4) != 4
-	|| krb5_net_write (context, p_fd, appl_version, len) != len) {
-	ret = errno;
-	krb5_set_error_string (context, "write: %s", strerror(ret));
-	return ret;
-    }
-
-    sret = krb5_net_read (context, p_fd, &repl, sizeof(repl));
-    if (sret < 0) {
-	ret = errno;
-	krb5_set_error_string (context, "read: %s", strerror(ret));
-	return ret;
-    } else if (sret != sizeof(repl)) {
-	krb5_clear_error_string (context);
-	return KRB5_SENDAUTH_BADRESPONSE;
-    }
-
-    if (repl != 0) {
-	krb5_clear_error_string (context);
-	return KRB5_SENDAUTH_REJECTED;
-    }
-
-    if (in_creds == NULL) {
-	if (ccache == NULL) {
-	    ret = krb5_cc_default (context, &ccache);
-	    if (ret)
-		return ret;
-	    my_ccache = TRUE;
-	}
-
-	if (client == NULL) {
-	    ret = krb5_cc_get_principal (context, ccache, &this_client);
-	    if (ret) {
-		if(my_ccache)
-		    krb5_cc_close(context, ccache);
-		return ret;
-	    }
-	    client = this_client;
-	}
-	memset(&this_cred, 0, sizeof(this_cred));
-	this_cred.client = client;
-	this_cred.server = server;
-	this_cred.times.endtime = 0;
-	this_cred.ticket.length = 0;
-	in_creds = &this_cred;
-    }
-    if (in_creds->ticket.length == 0) {
-	ret = krb5_get_credentials (context, 0, ccache, in_creds, &creds);
-	if (ret) {
-	    if(my_ccache)
-		krb5_cc_close(context, ccache);
-	    return ret;
-	}
-    } else {
-	creds = in_creds;
-    }
-    if(my_ccache)
-	krb5_cc_close(context, ccache);
-    ret = krb5_mk_req_extended (context,
-				auth_context,
-				ap_req_options,
-				in_data,
-				creds,
-				&ap_req);
-
-    if (out_creds)
-	*out_creds = creds;
-    else
-	krb5_free_creds(context, creds);
-    if(this_client)
-	krb5_free_principal(context, this_client);
-
-    if (ret)
-	return ret;
-
-    ret = krb5_write_message (context,
-			      p_fd,
-			      &ap_req);
-    if (ret)
-	return ret;
-
-    krb5_data_free (&ap_req);
-
-    ret = krb5_read_message (context, p_fd, &error_data);
-    if (ret)
-	return ret;
-
-    if (error_data.length != 0) {
-	KRB_ERROR error;
-
-	ret = krb5_rd_error (context, &error_data, &error);
-	krb5_data_free (&error_data);
-	if (ret == 0) {
-	    ret = krb5_error_from_rd_error(context, &error, NULL);
-	    if (ret_error != NULL) {
-		*ret_error = malloc (sizeof(krb5_error));
-		if (*ret_error == NULL) {
-		    krb5_free_error_contents (context, &error);
-		} else {
-		    **ret_error = error;
-		}
-	    } else {
-		krb5_free_error_contents (context, &error);
-	    }
-	    return ret;
-	} else {
-	    krb5_clear_error_string(context);
-	    return ret;
-	}
-    }
-
-    if (ap_req_options & AP_OPTS_MUTUAL_REQUIRED) {
-	krb5_data ap_rep;
-	krb5_ap_rep_enc_part *ignore;
-
-	krb5_data_zero (&ap_rep);
-	ret = krb5_read_message (context,
-				 p_fd,
-				 &ap_rep);
-	if (ret)
-	    return ret;
-
-	ret = krb5_rd_rep (context, *auth_context, &ap_rep,
-			   rep_result ? rep_result : &ignore);
-	krb5_data_free (&ap_rep);
-	if (ret)
-	    return ret;
-	if (rep_result == NULL)
-	    krb5_free_ap_rep_enc_part (context, ignore);
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/set_default_realm.c b/crypto/heimdal/lib/krb5/set_default_realm.c
deleted file mode 100644
index 98040bc2e9d6..000000000000
--- a/crypto/heimdal/lib/krb5/set_default_realm.c
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: set_default_realm.c 13863 2004-05-25 21:46:46Z lha $");
-
-/*
- * Convert the simple string `s' into a NULL-terminated and freshly allocated 
- * list in `list'.  Return an error code.
- */
-
-static krb5_error_code
-string_to_list (krb5_context context, const char *s, krb5_realm **list)
-{
-
-    *list = malloc (2 * sizeof(**list));
-    if (*list == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    (*list)[0] = strdup (s);
-    if ((*list)[0] == NULL) {
-	free (*list);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    (*list)[1] = NULL;
-    return 0;
-}
-
-/*
- * Set the knowledge of the default realm(s) in `context'.
- * If realm != NULL, that's the new default realm.
- * Otherwise, the realm(s) are figured out from configuration or DNS.  
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_default_realm(krb5_context context,
-		       const char *realm)
-{
-    krb5_error_code ret = 0;
-    krb5_realm *realms = NULL;
-
-    if (realm == NULL) {
-	realms = krb5_config_get_strings (context, NULL,
-					  "libdefaults",
-					  "default_realm",
-					  NULL);
-	if (realms == NULL)
-	    ret = krb5_get_host_realm(context, NULL, &realms);
-    } else {
-	ret = string_to_list (context, realm, &realms);
-    }
-    if (ret)
-	return ret;
-    krb5_free_host_realm (context, context->default_realms);
-    context->default_realms = realms;
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/sock_principal.c b/crypto/heimdal/lib/krb5/sock_principal.c
deleted file mode 100644
index 9b4ba978a1b6..000000000000
--- a/crypto/heimdal/lib/krb5/sock_principal.c
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: sock_principal.c 13863 2004-05-25 21:46:46Z lha $");
-			
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_sock_to_principal (krb5_context context,
-			int sock,
-			const char *sname,
-			int32_t type,
-			krb5_principal *ret_princ)
-{
-    krb5_error_code ret;
-    struct sockaddr_storage __ss;
-    struct sockaddr *sa = (struct sockaddr *)&__ss;
-    socklen_t salen = sizeof(__ss);
-    char hostname[NI_MAXHOST];
-
-    if (getsockname (sock, sa, &salen) < 0) {
-	ret = errno;
-	krb5_set_error_string (context, "getsockname: %s", strerror(ret));
-	return ret;
-    }
-    ret = getnameinfo (sa, salen, hostname, sizeof(hostname), NULL, 0, 0);
-    if (ret) {
-	int save_errno = errno;
-
-	krb5_set_error_string (context, "getnameinfo: %s", gai_strerror(ret));
-	return krb5_eai_to_heim_errno(ret, save_errno);
-    }
-
-    ret = krb5_sname_to_principal (context,
-				   hostname,
-				   sname,
-				   type,
-				   ret_princ);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/store-int.h b/crypto/heimdal/lib/krb5/store-int.h
deleted file mode 100644
index 42e695a11bc6..000000000000
--- a/crypto/heimdal/lib/krb5/store-int.h
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright (c) 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifndef __store_int_h__
-#define __store_int_h__
-
-struct krb5_storage_data {
-    void *data;
-    ssize_t (*fetch)(struct krb5_storage_data*, void*, size_t);
-    ssize_t (*store)(struct krb5_storage_data*, const void*, size_t);
-    off_t (*seek)(struct krb5_storage_data*, off_t, int);
-    void (*free)(struct krb5_storage_data*);
-    krb5_flags flags;
-    int eof_code;
-};
-
-#endif /* __store_int_h__ */
diff --git a/crypto/heimdal/lib/krb5/store-test.c b/crypto/heimdal/lib/krb5/store-test.c
deleted file mode 100644
index aec2dfe7cb35..000000000000
--- a/crypto/heimdal/lib/krb5/store-test.c
+++ /dev/null
@@ -1,118 +0,0 @@
-/*
- * Copyright (c) 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: store-test.c 16344 2005-12-02 15:15:43Z lha $");
-
-static void
-print_data(unsigned char *data, size_t len)
-{
-    int i;
-    for(i = 0; i < len; i++) {
-	if(i > 0 && (i % 16) == 0)
-	    printf("\n            ");
-	printf("%02x ", data[i]);
-    }
-    printf("\n");
-}
-
-static int
-compare(const char *name, krb5_storage *sp, void *expected, size_t len)
-{
-    int ret = 0;
-    krb5_data data;
-    krb5_storage_to_data(sp, &data);
-    krb5_storage_free(sp);
-    if(data.length != len || memcmp(data.data, expected, len) != 0) {
-	printf("%s mismatch\n", name);
-	printf("  Expected: ");
-	print_data(expected, len);
-	printf("  Actual:   ");
-	print_data(data.data, data.length);
-	ret++;
-    }
-    krb5_data_free(&data);
-    return ret;
-}
-
-int
-main(int argc, char **argv)
-{
-    int nerr = 0;
-    krb5_storage *sp;
-    krb5_context context;
-    krb5_principal principal;
-	
-
-    krb5_init_context(&context);
-
-    sp = krb5_storage_emem();
-    krb5_store_int32(sp, 0x01020304);
-    nerr += compare("Integer", sp, "\x1\x2\x3\x4", 4);
-
-    sp = krb5_storage_emem();
-    krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_LE);
-    krb5_store_int32(sp, 0x01020304);
-    nerr += compare("Integer (LE)", sp, "\x4\x3\x2\x1", 4);
-
-    sp = krb5_storage_emem();
-    krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE);
-    krb5_store_int32(sp, 0x01020304);
-    nerr += compare("Integer (BE)", sp, "\x1\x2\x3\x4", 4);
-
-    sp = krb5_storage_emem();
-    krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_HOST);
-    krb5_store_int32(sp, 0x01020304);
-    {
-	int test = 1;
-	void *data;
-	if(*(char*)&test) 
-	    data = "\x4\x3\x2\x1";
-	else 
-	    data = "\x1\x2\x3\x4";
-	nerr += compare("Integer (host)", sp, data, 4);
-    }
-
-    sp = krb5_storage_emem();
-    krb5_make_principal(context, &principal, "TEST", "foobar", NULL);
-    krb5_store_principal(sp, principal);
-    krb5_free_principal(context, principal);
-    nerr += compare("Principal", sp, "\x0\x0\x0\x1"
-		    "\x0\x0\x0\x1"
-		    "\x0\x0\x0\x4TEST"
-		    "\x0\x0\x0\x6""foobar", 26);
-    
-    krb5_free_context(context);
-
-    return nerr ? 1 : 0;
-}
diff --git a/crypto/heimdal/lib/krb5/store.c b/crypto/heimdal/lib/krb5/store.c
deleted file mode 100644
index c9cbbb5cef33..000000000000
--- a/crypto/heimdal/lib/krb5/store.c
+++ /dev/null
@@ -1,1035 +0,0 @@
-/*
- * Copyright (c) 1997-2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-#include "store-int.h"
-
-RCSID("$Id: store.c 22071 2007-11-14 20:04:50Z lha $");
-
-#define BYTEORDER_IS(SP, V) (((SP)->flags & KRB5_STORAGE_BYTEORDER_MASK) == (V))
-#define BYTEORDER_IS_LE(SP) BYTEORDER_IS((SP), KRB5_STORAGE_BYTEORDER_LE)
-#define BYTEORDER_IS_BE(SP) BYTEORDER_IS((SP), KRB5_STORAGE_BYTEORDER_BE)
-#define BYTEORDER_IS_HOST(SP) (BYTEORDER_IS((SP), KRB5_STORAGE_BYTEORDER_HOST) || \
-			       krb5_storage_is_flags((SP), KRB5_STORAGE_HOST_BYTEORDER))
-
-void KRB5_LIB_FUNCTION
-krb5_storage_set_flags(krb5_storage *sp, krb5_flags flags)
-{
-    sp->flags |= flags;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_storage_clear_flags(krb5_storage *sp, krb5_flags flags)
-{
-    sp->flags &= ~flags;
-}
-
-krb5_boolean KRB5_LIB_FUNCTION
-krb5_storage_is_flags(krb5_storage *sp, krb5_flags flags)
-{
-    return (sp->flags & flags) == flags;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_storage_set_byteorder(krb5_storage *sp, krb5_flags byteorder)
-{
-    sp->flags &= ~KRB5_STORAGE_BYTEORDER_MASK;
-    sp->flags |= byteorder;
-}
-
-krb5_flags KRB5_LIB_FUNCTION
-krb5_storage_get_byteorder(krb5_storage *sp, krb5_flags byteorder)
-{
-    return sp->flags & KRB5_STORAGE_BYTEORDER_MASK;
-}
-
-off_t KRB5_LIB_FUNCTION
-krb5_storage_seek(krb5_storage *sp, off_t offset, int whence)
-{
-    return (*sp->seek)(sp, offset, whence);
-}
-
-krb5_ssize_t KRB5_LIB_FUNCTION
-krb5_storage_read(krb5_storage *sp, void *buf, size_t len)
-{
-    return sp->fetch(sp, buf, len);
-}
-
-krb5_ssize_t KRB5_LIB_FUNCTION
-krb5_storage_write(krb5_storage *sp, const void *buf, size_t len)
-{
-    return sp->store(sp, buf, len);
-}
-
-void KRB5_LIB_FUNCTION
-krb5_storage_set_eof_code(krb5_storage *sp, int code)
-{
-    sp->eof_code = code;
-}
-
-krb5_ssize_t KRB5_LIB_FUNCTION
-_krb5_put_int(void *buffer, unsigned long value, size_t size)
-{
-    unsigned char *p = buffer;
-    int i;
-    for (i = size - 1; i >= 0; i--) {
-	p[i] = value & 0xff;
-	value >>= 8;
-    }
-    return size;
-}
-
-krb5_ssize_t KRB5_LIB_FUNCTION
-_krb5_get_int(void *buffer, unsigned long *value, size_t size)
-{
-    unsigned char *p = buffer;
-    unsigned long v = 0;
-    int i;
-    for (i = 0; i < size; i++)
-	v = (v << 8) + p[i];
-    *value = v;
-    return size;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_storage_free(krb5_storage *sp)
-{
-    if(sp->free)
-	(*sp->free)(sp);
-    free(sp->data);
-    free(sp);
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_storage_to_data(krb5_storage *sp, krb5_data *data)
-{
-    off_t pos;
-    size_t size;
-    krb5_error_code ret;
-
-    pos = sp->seek(sp, 0, SEEK_CUR);
-    size = (size_t)sp->seek(sp, 0, SEEK_END);
-    ret = krb5_data_alloc (data, size);
-    if (ret) {
-	sp->seek(sp, pos, SEEK_SET);
-	return ret;
-    }
-    if (size) {
-	sp->seek(sp, 0, SEEK_SET);
-	sp->fetch(sp, data->data, data->length);
-	sp->seek(sp, pos, SEEK_SET);
-    }
-    return 0;
-}
-
-static krb5_error_code
-krb5_store_int(krb5_storage *sp,
-	       int32_t value,
-	       size_t len)
-{
-    int ret;
-    unsigned char v[16];
-
-    if(len > sizeof(v))
-	return EINVAL;
-    _krb5_put_int(v, value, len);
-    ret = sp->store(sp, v, len);
-    if (ret != len)
-	return (ret<0)?errno:sp->eof_code;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_int32(krb5_storage *sp,
-		 int32_t value)
-{
-    if(BYTEORDER_IS_HOST(sp))
-	value = htonl(value);
-    else if(BYTEORDER_IS_LE(sp))
-	value = bswap32(value);
-    return krb5_store_int(sp, value, 4);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_uint32(krb5_storage *sp,
-		  uint32_t value)
-{
-    return krb5_store_int32(sp, (int32_t)value);
-}
-
-static krb5_error_code
-krb5_ret_int(krb5_storage *sp,
-	     int32_t *value,
-	     size_t len)
-{
-    int ret;
-    unsigned char v[4];
-    unsigned long w;
-    ret = sp->fetch(sp, v, len);
-    if(ret != len)
-	return (ret<0)?errno:sp->eof_code;
-    _krb5_get_int(v, &w, len);
-    *value = w;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_int32(krb5_storage *sp,
-	       int32_t *value)
-{
-    krb5_error_code ret = krb5_ret_int(sp, value, 4);
-    if(ret)
-	return ret;
-    if(BYTEORDER_IS_HOST(sp))
-	*value = htonl(*value);
-    else if(BYTEORDER_IS_LE(sp))
-	*value = bswap32(*value);
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_uint32(krb5_storage *sp,
-		uint32_t *value)
-{
-    krb5_error_code ret;
-    int32_t v;
-
-    ret = krb5_ret_int32(sp, &v);
-    if (ret == 0)
-	*value = (uint32_t)v;
-
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_int16(krb5_storage *sp,
-		 int16_t value)
-{
-    if(BYTEORDER_IS_HOST(sp))
-	value = htons(value);
-    else if(BYTEORDER_IS_LE(sp))
-	value = bswap16(value);
-    return krb5_store_int(sp, value, 2);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_uint16(krb5_storage *sp,
-		  uint16_t value)
-{
-    return krb5_store_int16(sp, (int16_t)value);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_int16(krb5_storage *sp,
-	       int16_t *value)
-{
-    int32_t v;
-    int ret;
-    ret = krb5_ret_int(sp, &v, 2);
-    if(ret)
-	return ret;
-    *value = v;
-    if(BYTEORDER_IS_HOST(sp))
-	*value = htons(*value);
-    else if(BYTEORDER_IS_LE(sp))
-	*value = bswap16(*value);
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_uint16(krb5_storage *sp,
-		uint16_t *value)
-{
-    krb5_error_code ret;
-    int16_t v;
-
-    ret = krb5_ret_int16(sp, &v);
-    if (ret == 0)
-	*value = (uint16_t)v;
-
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_int8(krb5_storage *sp,
-		int8_t value)
-{
-    int ret;
-
-    ret = sp->store(sp, &value, sizeof(value));
-    if (ret != sizeof(value))
-	return (ret<0)?errno:sp->eof_code;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_uint8(krb5_storage *sp,
-		 uint8_t value)
-{
-    return krb5_store_int8(sp, (int8_t)value);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_int8(krb5_storage *sp,
-	      int8_t *value)
-{
-    int ret;
-
-    ret = sp->fetch(sp, value, sizeof(*value));
-    if (ret != sizeof(*value))
-	return (ret<0)?errno:sp->eof_code;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_uint8(krb5_storage *sp,
-	       uint8_t *value)
-{
-    krb5_error_code ret;
-    int8_t v;
-
-    ret = krb5_ret_int8(sp, &v);
-    if (ret == 0)
-	*value = (uint8_t)v;
-
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_data(krb5_storage *sp,
-		krb5_data data)
-{
-    int ret;
-    ret = krb5_store_int32(sp, data.length);
-    if(ret < 0)
-	return ret;
-    ret = sp->store(sp, data.data, data.length);
-    if(ret != data.length){
-	if(ret < 0)
-	    return errno;
-	return sp->eof_code;
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_data(krb5_storage *sp,
-	      krb5_data *data)
-{
-    int ret;
-    int32_t size;
-
-    ret = krb5_ret_int32(sp, &size);
-    if(ret)
-	return ret;
-    ret = krb5_data_alloc (data, size);
-    if (ret)
-	return ret;
-    if (size) {
-	ret = sp->fetch(sp, data->data, size);
-	if(ret != size)
-	    return (ret < 0)? errno : sp->eof_code;
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_string(krb5_storage *sp, const char *s)
-{
-    krb5_data data;
-    data.length = strlen(s);
-    data.data = rk_UNCONST(s);
-    return krb5_store_data(sp, data);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_string(krb5_storage *sp,
-		char **string)
-{
-    int ret;
-    krb5_data data;
-    ret = krb5_ret_data(sp, &data);
-    if(ret)
-	return ret;
-    *string = realloc(data.data, data.length + 1);
-    if(*string == NULL){
-	free(data.data);
-	return ENOMEM;
-    }
-    (*string)[data.length] = 0;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_stringz(krb5_storage *sp, const char *s)
-{
-    size_t len = strlen(s) + 1;
-    ssize_t ret;
-
-    ret = sp->store(sp, s, len);
-    if(ret != len) {
-	if(ret < 0)
-	    return ret;
-	else
-	    return sp->eof_code;
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_stringz(krb5_storage *sp,
-		char **string)
-{
-    char c;
-    char *s = NULL;
-    size_t len = 0;
-    ssize_t ret;
-
-    while((ret = sp->fetch(sp, &c, 1)) == 1){
-	char *tmp;
-
-	len++;
-	tmp = realloc (s, len);
-	if (tmp == NULL) {
-	    free (s);
-	    return ENOMEM;
-	}
-	s = tmp;
-	s[len - 1] = c;
-	if(c == 0)
-	    break;
-    }
-    if(ret != 1){
-	free(s);
-	if(ret == 0)
-	    return sp->eof_code;
-	return ret;
-    }
-    *string = s;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_stringnl(krb5_storage *sp, const char *s)
-{
-    size_t len = strlen(s);
-    ssize_t ret;
-
-    ret = sp->store(sp, s, len);
-    if(ret != len) {
-	if(ret < 0)
-	    return ret;
-	else
-	    return sp->eof_code;
-    }
-    ret = sp->store(sp, "\n", 1);
-    if(ret != 1) {
-	if(ret < 0)
-	    return ret;
-	else
-	    return sp->eof_code;
-    }
-
-    return 0;
-
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_stringnl(krb5_storage *sp,
-		  char **string)
-{
-    int expect_nl = 0;
-    char c;
-    char *s = NULL;
-    size_t len = 0;
-    ssize_t ret;
-
-    while((ret = sp->fetch(sp, &c, 1)) == 1){
-	char *tmp;
-
-	if (c == '\r') {
-	    expect_nl = 1;
-	    continue;
-	}
-	if (expect_nl && c != '\n') {
-	    free(s);
-	    return KRB5_BADMSGTYPE;
-	}
-
-	len++;
-	tmp = realloc (s, len);
-	if (tmp == NULL) {
-	    free (s);
-	    return ENOMEM;
-	}
-	s = tmp;
-	if(c == '\n') {
-	    s[len - 1] = '\0';
-	    break;
-	}
-	s[len - 1] = c;
-    }
-    if(ret != 1){
-	free(s);
-	if(ret == 0)
-	    return sp->eof_code;
-	return ret;
-    }
-    *string = s;
-    return 0;
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_principal(krb5_storage *sp,
-		     krb5_const_principal p)
-{
-    int i;
-    int ret;
-
-    if(!krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE)) {
-	ret = krb5_store_int32(sp, p->name.name_type);
-	if(ret) return ret;
-    }
-    if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS))
-	ret = krb5_store_int32(sp, p->name.name_string.len + 1);
-    else
-	ret = krb5_store_int32(sp, p->name.name_string.len);
-    
-    if(ret) return ret;
-    ret = krb5_store_string(sp, p->realm);
-    if(ret) return ret;
-    for(i = 0; i < p->name.name_string.len; i++){
-	ret = krb5_store_string(sp, p->name.name_string.val[i]);
-	if(ret) return ret;
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_principal(krb5_storage *sp,
-		   krb5_principal *princ)
-{
-    int i;
-    int ret;
-    krb5_principal p;
-    int32_t type;
-    int32_t ncomp;
-    
-    p = calloc(1, sizeof(*p));
-    if(p == NULL)
-	return ENOMEM;
-
-    if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE))
-	type = KRB5_NT_UNKNOWN;
-    else if((ret = krb5_ret_int32(sp, &type))){
-	free(p);
-	return ret;
-    }
-    if((ret = krb5_ret_int32(sp, &ncomp))){
-	free(p);
-	return ret;
-    }
-    if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS))
-	ncomp--;
-    if (ncomp < 0) {
-	free(p);
-	return EINVAL;
-    }
-    p->name.name_type = type;
-    p->name.name_string.len = ncomp;
-    ret = krb5_ret_string(sp, &p->realm);
-    if(ret) {
-	free(p);
-	return ret;
-    }
-    p->name.name_string.val = calloc(ncomp, sizeof(*p->name.name_string.val));
-    if(p->name.name_string.val == NULL && ncomp != 0){
-	free(p->realm);
-	free(p);
-	return ENOMEM;
-    }
-    for(i = 0; i < ncomp; i++){
-	ret = krb5_ret_string(sp, &p->name.name_string.val[i]);
-	if(ret) {
-	    while (i >= 0)
-		free(p->name.name_string.val[i--]);
-	    free(p->realm);
-	    free(p);
-	    return ret;
-	}
-    }
-    *princ = p;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_keyblock(krb5_storage *sp, krb5_keyblock p)
-{
-    int ret;
-    ret = krb5_store_int16(sp, p.keytype);
-    if(ret) return ret;
-
-    if(krb5_storage_is_flags(sp, KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE)){
-	/* this should really be enctype, but it is the same as
-           keytype nowadays */
-    ret = krb5_store_int16(sp, p.keytype);
-    if(ret) return ret;
-    }
-
-    ret = krb5_store_data(sp, p.keyvalue);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_keyblock(krb5_storage *sp, krb5_keyblock *p)
-{
-    int ret;
-    int16_t tmp;
-
-    ret = krb5_ret_int16(sp, &tmp);
-    if(ret) return ret;
-    p->keytype = tmp;
-
-    if(krb5_storage_is_flags(sp, KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE)){
-    ret = krb5_ret_int16(sp, &tmp);
-    if(ret) return ret;
-    }
-
-    ret = krb5_ret_data(sp, &p->keyvalue);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_times(krb5_storage *sp, krb5_times times)
-{
-    int ret;
-    ret = krb5_store_int32(sp, times.authtime);
-    if(ret) return ret;
-    ret = krb5_store_int32(sp, times.starttime);
-    if(ret) return ret;
-    ret = krb5_store_int32(sp, times.endtime);
-    if(ret) return ret;
-    ret = krb5_store_int32(sp, times.renew_till);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_times(krb5_storage *sp, krb5_times *times)
-{
-    int ret;
-    int32_t tmp;
-    ret = krb5_ret_int32(sp, &tmp);
-    times->authtime = tmp;
-    if(ret) return ret;
-    ret = krb5_ret_int32(sp, &tmp);
-    times->starttime = tmp;
-    if(ret) return ret;
-    ret = krb5_ret_int32(sp, &tmp);
-    times->endtime = tmp;
-    if(ret) return ret;
-    ret = krb5_ret_int32(sp, &tmp);
-    times->renew_till = tmp;
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_address(krb5_storage *sp, krb5_address p)
-{
-    int ret;
-    ret = krb5_store_int16(sp, p.addr_type);
-    if(ret) return ret;
-    ret = krb5_store_data(sp, p.address);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_address(krb5_storage *sp, krb5_address *adr)
-{
-    int16_t t;
-    int ret;
-    ret = krb5_ret_int16(sp, &t);
-    if(ret) return ret;
-    adr->addr_type = t;
-    ret = krb5_ret_data(sp, &adr->address);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_addrs(krb5_storage *sp, krb5_addresses p)
-{
-    int i;
-    int ret;
-    ret = krb5_store_int32(sp, p.len);
-    if(ret) return ret;
-    for(i = 0; i<p.len; i++){
-	ret = krb5_store_address(sp, p.val[i]);
-	if(ret) break;
-    }
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_addrs(krb5_storage *sp, krb5_addresses *adr)
-{
-    int i;
-    int ret;
-    int32_t tmp;
-
-    ret = krb5_ret_int32(sp, &tmp);
-    if(ret) return ret;
-    adr->len = tmp;
-    ALLOC(adr->val, adr->len);
-    if (adr->val == NULL && adr->len != 0)
-	return ENOMEM;
-    for(i = 0; i < adr->len; i++){
-	ret = krb5_ret_address(sp, &adr->val[i]);
-	if(ret) break;
-    }
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_authdata(krb5_storage *sp, krb5_authdata auth)
-{
-    krb5_error_code ret;
-    int i;
-    ret = krb5_store_int32(sp, auth.len);
-    if(ret) return ret;
-    for(i = 0; i < auth.len; i++){
-	ret = krb5_store_int16(sp, auth.val[i].ad_type);
-	if(ret) break;
-	ret = krb5_store_data(sp, auth.val[i].ad_data);
-	if(ret) break;
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_authdata(krb5_storage *sp, krb5_authdata *auth)
-{
-    krb5_error_code ret;
-    int32_t tmp;
-    int16_t tmp2;
-    int i;
-    ret = krb5_ret_int32(sp, &tmp);
-    if(ret) return ret;
-    ALLOC_SEQ(auth, tmp);
-    if (auth->val == NULL && tmp != 0)
-	return ENOMEM;
-    for(i = 0; i < tmp; i++){
-	ret = krb5_ret_int16(sp, &tmp2);
-	if(ret) break;
-	auth->val[i].ad_type = tmp2;
-	ret = krb5_ret_data(sp, &auth->val[i].ad_data);
-	if(ret) break;
-    }
-    return ret;
-}
-
-static int32_t
-bitswap32(int32_t b)
-{
-    int32_t r = 0;
-    int i;
-    for (i = 0; i < 32; i++) {
-	r = r << 1 | (b & 1);
-	b = b >> 1;
-    }
-    return r;
-}
-
-
-/*
- *
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_creds(krb5_storage *sp, krb5_creds *creds)
-{
-    int ret;
-
-    ret = krb5_store_principal(sp, creds->client);
-    if(ret)
-	return ret;
-    ret = krb5_store_principal(sp, creds->server);
-    if(ret)
-	return ret;
-    ret = krb5_store_keyblock(sp, creds->session);
-    if(ret)
-	return ret;
-    ret = krb5_store_times(sp, creds->times);
-    if(ret)
-	return ret;
-    ret = krb5_store_int8(sp, creds->second_ticket.length != 0); /* is_skey */
-    if(ret)
-	return ret;
-
-    if(krb5_storage_is_flags(sp, KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER))
-	ret = krb5_store_int32(sp, creds->flags.i);
-    else
-	ret = krb5_store_int32(sp, bitswap32(TicketFlags2int(creds->flags.b)));
-    if(ret)
-	return ret;
-
-    ret = krb5_store_addrs(sp, creds->addresses);
-    if(ret)
-	return ret;
-    ret = krb5_store_authdata(sp, creds->authdata);
-    if(ret)
-	return ret;
-    ret = krb5_store_data(sp, creds->ticket);
-    if(ret)
-	return ret;
-    ret = krb5_store_data(sp, creds->second_ticket);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_creds(krb5_storage *sp, krb5_creds *creds)
-{
-    krb5_error_code ret;
-    int8_t dummy8;
-    int32_t dummy32;
-
-    memset(creds, 0, sizeof(*creds));
-    ret = krb5_ret_principal (sp,  &creds->client);
-    if(ret) goto cleanup;
-    ret = krb5_ret_principal (sp,  &creds->server);
-    if(ret) goto cleanup;
-    ret = krb5_ret_keyblock (sp,  &creds->session);
-    if(ret) goto cleanup;
-    ret = krb5_ret_times (sp,  &creds->times);
-    if(ret) goto cleanup;
-    ret = krb5_ret_int8 (sp,  &dummy8);
-    if(ret) goto cleanup;
-    ret = krb5_ret_int32 (sp,  &dummy32);
-    if(ret) goto cleanup;
-    /*
-     * Runtime detect the what is the higher bits of the bitfield. If
-     * any of the higher bits are set in the input data, it's either a
-     * new ticket flag (and this code need to be removed), or it's a
-     * MIT cache (or new Heimdal cache), lets change it to our current
-     * format.
-     */
-    {
-	uint32_t mask = 0xffff0000;
-	creds->flags.i = 0;
-	creds->flags.b.anonymous = 1;
-	if (creds->flags.i & mask)
-	    mask = ~mask;
-	if (dummy32 & mask)
-	    dummy32 = bitswap32(dummy32);
-    }
-    creds->flags.i = dummy32;
-    ret = krb5_ret_addrs (sp,  &creds->addresses);
-    if(ret) goto cleanup;
-    ret = krb5_ret_authdata (sp,  &creds->authdata);
-    if(ret) goto cleanup;
-    ret = krb5_ret_data (sp,  &creds->ticket);
-    if(ret) goto cleanup;
-    ret = krb5_ret_data (sp,  &creds->second_ticket);
-cleanup:
-    if(ret) {
-#if 0	
-	krb5_free_cred_contents(context, creds); /* XXX */
-#endif
-    }
-    return ret;
-}
-
-#define SC_CLIENT_PRINCIPAL	    0x0001
-#define SC_SERVER_PRINCIPAL	    0x0002
-#define SC_SESSION_KEY		    0x0004
-#define SC_TICKET		    0x0008
-#define SC_SECOND_TICKET	    0x0010
-#define SC_AUTHDATA		    0x0020
-#define SC_ADDRESSES		    0x0040
-
-/*
- *
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_store_creds_tag(krb5_storage *sp, krb5_creds *creds)
-{
-    int ret;
-    int32_t header = 0;
-
-    if (creds->client)
-	header |= SC_CLIENT_PRINCIPAL;
-    if (creds->server)
-	header |= SC_SERVER_PRINCIPAL;
-    if (creds->session.keytype != ETYPE_NULL)
-	header |= SC_SESSION_KEY;
-    if (creds->ticket.data)
-	header |= SC_TICKET;
-    if (creds->second_ticket.length)
-	header |= SC_SECOND_TICKET;
-    if (creds->authdata.len)
-	header |= SC_AUTHDATA;
-    if (creds->addresses.len)
-	header |= SC_ADDRESSES;
-
-    ret = krb5_store_int32(sp, header);
-
-    if (creds->client) {
-	ret = krb5_store_principal(sp, creds->client);
-	if(ret)
-	    return ret;
-    }
-
-    if (creds->server) {
-	ret = krb5_store_principal(sp, creds->server);
-	if(ret)
-	    return ret;
-    }
-
-    if (creds->session.keytype != ETYPE_NULL) {
-	ret = krb5_store_keyblock(sp, creds->session);
-	if(ret)
-	    return ret;
-    }
-
-    ret = krb5_store_times(sp, creds->times);
-    if(ret)
-	return ret;
-    ret = krb5_store_int8(sp, creds->second_ticket.length != 0); /* is_skey */
-    if(ret)
-	return ret;
-
-    ret = krb5_store_int32(sp, bitswap32(TicketFlags2int(creds->flags.b)));
-    if(ret)
-	return ret;
-
-    if (creds->addresses.len) {
-	ret = krb5_store_addrs(sp, creds->addresses);
-	if(ret)
-	    return ret;
-    }
-
-    if (creds->authdata.len) {
-	ret = krb5_store_authdata(sp, creds->authdata);
-	if(ret)
-	    return ret;
-    }
-
-    if (creds->ticket.data) {
-	ret = krb5_store_data(sp, creds->ticket);
-	if(ret)
-	    return ret;
-    }
-
-    if (creds->second_ticket.data) {
-	ret = krb5_store_data(sp, creds->second_ticket);
-	if (ret)
-	    return ret;
-    }
-
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ret_creds_tag(krb5_storage *sp,
-		   krb5_creds *creds)
-{
-    krb5_error_code ret;
-    int8_t dummy8;
-    int32_t dummy32, header;
-
-    memset(creds, 0, sizeof(*creds));
-
-    ret = krb5_ret_int32 (sp, &header);
-    if (ret) goto cleanup;
-
-    if (header & SC_CLIENT_PRINCIPAL) {
-	ret = krb5_ret_principal (sp,  &creds->client);
-	if(ret) goto cleanup;
-    }
-    if (header & SC_SERVER_PRINCIPAL) {
-	ret = krb5_ret_principal (sp,  &creds->server);
-	if(ret) goto cleanup;
-    }
-    if (header & SC_SESSION_KEY) {
-	ret = krb5_ret_keyblock (sp,  &creds->session);
-	if(ret) goto cleanup;
-    }
-    ret = krb5_ret_times (sp,  &creds->times);
-    if(ret) goto cleanup;
-    ret = krb5_ret_int8 (sp,  &dummy8);
-    if(ret) goto cleanup;
-    ret = krb5_ret_int32 (sp,  &dummy32);
-    if(ret) goto cleanup;
-    /*
-     * Runtime detect the what is the higher bits of the bitfield. If
-     * any of the higher bits are set in the input data, it's either a
-     * new ticket flag (and this code need to be removed), or it's a
-     * MIT cache (or new Heimdal cache), lets change it to our current
-     * format.
-     */
-    {
-	uint32_t mask = 0xffff0000;
-	creds->flags.i = 0;
-	creds->flags.b.anonymous = 1;
-	if (creds->flags.i & mask)
-	    mask = ~mask;
-	if (dummy32 & mask)
-	    dummy32 = bitswap32(dummy32);
-    }
-    creds->flags.i = dummy32;
-    if (header & SC_ADDRESSES) {
-	ret = krb5_ret_addrs (sp,  &creds->addresses);
-	if(ret) goto cleanup;
-    }
-    if (header & SC_AUTHDATA) {
-	ret = krb5_ret_authdata (sp,  &creds->authdata);
-	if(ret) goto cleanup;
-    }
-    if (header & SC_TICKET) {
-	ret = krb5_ret_data (sp,  &creds->ticket);
-	if(ret) goto cleanup;
-    }
-    if (header & SC_SECOND_TICKET) {
-	ret = krb5_ret_data (sp,  &creds->second_ticket);
-	if(ret) goto cleanup;
-    }
-
-cleanup:
-    if(ret) {
-#if 0	
-	krb5_free_cred_contents(context, creds); /* XXX */
-#endif
-    }
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/store_emem.c b/crypto/heimdal/lib/krb5/store_emem.c
deleted file mode 100644
index b59a647f8043..000000000000
--- a/crypto/heimdal/lib/krb5/store_emem.c
+++ /dev/null
@@ -1,143 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-#include "store-int.h"
-
-RCSID("$Id: store_emem.c 21745 2007-07-31 16:11:25Z lha $");
-
-typedef struct emem_storage{
-    unsigned char *base;
-    size_t size;
-    size_t len;
-    unsigned char *ptr;
-}emem_storage;
-
-static ssize_t
-emem_fetch(krb5_storage *sp, void *data, size_t size)
-{
-    emem_storage *s = (emem_storage*)sp->data;
-    if(s->base + s->len - s->ptr < size)
-	size = s->base + s->len - s->ptr;
-    memmove(data, s->ptr, size);
-    sp->seek(sp, size, SEEK_CUR);
-    return size;
-}
-
-static ssize_t
-emem_store(krb5_storage *sp, const void *data, size_t size)
-{
-    emem_storage *s = (emem_storage*)sp->data;
-    if(size > s->base + s->size - s->ptr){
-	void *base;
-	size_t sz, off;
-	off = s->ptr - s->base;
-	sz = off + size;
-	if (sz < 4096)
-	    sz *= 2;
-	base = realloc(s->base, sz);
-	if(base == NULL)
-	    return 0;
-	s->size = sz;
-	s->base = base;
-	s->ptr = (unsigned char*)base + off;
-    }
-    memmove(s->ptr, data, size);
-    sp->seek(sp, size, SEEK_CUR);
-    return size;
-}
-
-static off_t
-emem_seek(krb5_storage *sp, off_t offset, int whence)
-{
-    emem_storage *s = (emem_storage*)sp->data;
-    switch(whence){
-    case SEEK_SET:
-	if(offset > s->size)
-	    offset = s->size;
-	if(offset < 0)
-	    offset = 0;
-	s->ptr = s->base + offset;
-	if(offset > s->len)
-	    s->len = offset;
-	break;
-    case SEEK_CUR:
-	sp->seek(sp,s->ptr - s->base + offset, SEEK_SET);
-	break;
-    case SEEK_END:
-	sp->seek(sp, s->len + offset, SEEK_SET);
-	break;
-    default:
-	errno = EINVAL;
-	return -1;
-    }
-    return s->ptr - s->base;
-}
-
-static void
-emem_free(krb5_storage *sp)
-{
-    emem_storage *s = sp->data;
-    memset(s->base, 0, s->len);
-    free(s->base);
-}
-
-krb5_storage * KRB5_LIB_FUNCTION
-krb5_storage_emem(void)
-{
-    krb5_storage *sp = malloc(sizeof(krb5_storage));
-    if (sp == NULL)
-	return NULL;
-    emem_storage *s = malloc(sizeof(*s));
-    if (s == NULL) {
-	free(sp);
-	return NULL;
-    }
-    sp->data = s;
-    sp->flags = 0;
-    sp->eof_code = HEIM_ERR_EOF;
-    s->size = 1024;
-    s->base = malloc(s->size);
-    if (s->base == NULL) {
-	free(sp);
-	free(s);
-	return NULL;
-    }
-    s->len = 0;
-    s->ptr = s->base;
-    sp->fetch = emem_fetch;
-    sp->store = emem_store;
-    sp->seek = emem_seek;
-    sp->free = emem_free;
-    return sp;
-}
diff --git a/crypto/heimdal/lib/krb5/store_fd.c b/crypto/heimdal/lib/krb5/store_fd.c
deleted file mode 100644
index 15f86fcac30b..000000000000
--- a/crypto/heimdal/lib/krb5/store_fd.c
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- * Copyright (c) 1997 - 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb5_locl.h"
-#include "store-int.h"
-
-RCSID("$Id: store_fd.c 17779 2006-06-30 21:23:19Z lha $");
-
-typedef struct fd_storage {
-    int fd;
-} fd_storage;
-
-#define FD(S) (((fd_storage*)(S)->data)->fd)
-
-static ssize_t
-fd_fetch(krb5_storage * sp, void *data, size_t size)
-{
-    return net_read(FD(sp), data, size);
-}
-
-static ssize_t
-fd_store(krb5_storage * sp, const void *data, size_t size)
-{
-    return net_write(FD(sp), data, size);
-}
-
-static off_t
-fd_seek(krb5_storage * sp, off_t offset, int whence)
-{
-    return lseek(FD(sp), offset, whence);
-}
-
-static void
-fd_free(krb5_storage * sp)
-{
-    close(FD(sp));
-}
-
-krb5_storage * KRB5_LIB_FUNCTION
-krb5_storage_from_fd(int fd)
-{
-    krb5_storage *sp;
-
-    fd = dup(fd);
-    if (fd < 0)
-	return NULL;
-
-    sp = malloc(sizeof(krb5_storage));
-    if (sp == NULL) {
-	close(fd);
-	return NULL;
-    }
-
-    sp->data = malloc(sizeof(fd_storage));
-    if (sp->data == NULL) {
-	close(fd);
-	free(sp);
-	return NULL;
-    }
-    sp->flags = 0;
-    sp->eof_code = HEIM_ERR_EOF;
-    FD(sp) = fd;
-    sp->fetch = fd_fetch;
-    sp->store = fd_store;
-    sp->seek = fd_seek;
-    sp->free = fd_free;
-    return sp;
-}
diff --git a/crypto/heimdal/lib/krb5/store_mem.c b/crypto/heimdal/lib/krb5/store_mem.c
deleted file mode 100644
index e6e62b5a62e4..000000000000
--- a/crypto/heimdal/lib/krb5/store_mem.c
+++ /dev/null
@@ -1,150 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000, 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-#include "store-int.h"
-
-RCSID("$Id: store_mem.c 20307 2007-04-11 11:16:28Z lha $");
-
-typedef struct mem_storage{
-    unsigned char *base;
-    size_t size;
-    unsigned char *ptr;
-}mem_storage;
-
-static ssize_t
-mem_fetch(krb5_storage *sp, void *data, size_t size)
-{
-    mem_storage *s = (mem_storage*)sp->data;
-    if(size > s->base + s->size - s->ptr)
-	size = s->base + s->size - s->ptr;
-    memmove(data, s->ptr, size);
-    sp->seek(sp, size, SEEK_CUR);
-    return size;
-}
-
-static ssize_t
-mem_store(krb5_storage *sp, const void *data, size_t size)
-{
-    mem_storage *s = (mem_storage*)sp->data;
-    if(size > s->base + s->size - s->ptr)
-	size = s->base + s->size - s->ptr;
-    memmove(s->ptr, data, size);
-    sp->seek(sp, size, SEEK_CUR);
-    return size;
-}
-
-static ssize_t
-mem_no_store(krb5_storage *sp, const void *data, size_t size)
-{
-    return -1;
-}
-
-static off_t
-mem_seek(krb5_storage *sp, off_t offset, int whence)
-{
-    mem_storage *s = (mem_storage*)sp->data;
-    switch(whence){
-    case SEEK_SET:
-	if(offset > s->size)
-	    offset = s->size;
-	if(offset < 0)
-	    offset = 0;
-	s->ptr = s->base + offset;
-	break;
-    case SEEK_CUR:
-	return sp->seek(sp, s->ptr - s->base + offset, SEEK_SET);
-    case SEEK_END:
-	return sp->seek(sp, s->size + offset, SEEK_SET);
-    default:
-	errno = EINVAL;
-	return -1;
-    }
-    return s->ptr - s->base;
-}
-
-krb5_storage * KRB5_LIB_FUNCTION
-krb5_storage_from_mem(void *buf, size_t len)
-{
-    krb5_storage *sp = malloc(sizeof(krb5_storage));
-    mem_storage *s;
-    if(sp == NULL)
-	return NULL;
-    s = malloc(sizeof(*s));
-    if(s == NULL) {
-	free(sp);
-	return NULL;
-    }
-    sp->data = s;
-    sp->flags = 0;
-    sp->eof_code = HEIM_ERR_EOF;
-    s->base = buf;
-    s->size = len;
-    s->ptr = buf;
-    sp->fetch = mem_fetch;
-    sp->store = mem_store;
-    sp->seek = mem_seek;
-    sp->free = NULL;
-    return sp;
-}
-
-krb5_storage * KRB5_LIB_FUNCTION
-krb5_storage_from_data(krb5_data *data)
-{
-    return krb5_storage_from_mem(data->data, data->length);
-}
-
-krb5_storage * KRB5_LIB_FUNCTION
-krb5_storage_from_readonly_mem(const void *buf, size_t len)
-{
-    krb5_storage *sp = malloc(sizeof(krb5_storage));
-    mem_storage *s;
-    if(sp == NULL)
-	return NULL;
-    s = malloc(sizeof(*s));
-    if(s == NULL) {
-	free(sp);
-	return NULL;
-    }
-    sp->data = s;
-    sp->flags = 0;
-    sp->eof_code = HEIM_ERR_EOF;
-    s->base = rk_UNCONST(buf);
-    s->size = len;
-    s->ptr = rk_UNCONST(buf);
-    sp->fetch = mem_fetch;
-    sp->store = mem_no_store;
-    sp->seek = mem_seek;
-    sp->free = NULL;
-    return sp;
-}
diff --git a/crypto/heimdal/lib/krb5/string-to-key-test.c b/crypto/heimdal/lib/krb5/string-to-key-test.c
deleted file mode 100644
index 30075ea6b956..000000000000
--- a/crypto/heimdal/lib/krb5/string-to-key-test.c
+++ /dev/null
@@ -1,140 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <err.h>
-
-RCSID("$Id: string-to-key-test.c 16344 2005-12-02 15:15:43Z lha $");
-
-enum { MAXSIZE = 24 };
-
-static struct testcase {
-    const char *principal_name;
-    const char *password;
-    krb5_enctype enctype;
-    unsigned char res[MAXSIZE];
-} tests[] = {
-    {"@", "", ETYPE_DES_CBC_MD5,
-     {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0xf1}},
-    {"nisse@FOO.SE", "hej", ETYPE_DES_CBC_MD5,
-     {0xfe, 0x67, 0xbf, 0x9e, 0x57, 0x6b, 0xfe, 0x52}},
-    {"assar/liten@FOO.SE", "hemligt", ETYPE_DES_CBC_MD5,
-     {0x5b, 0x9b, 0xcb, 0xf2, 0x97, 0x43, 0xc8, 0x40}},
-#if 0
-    {"@", "", ETYPE_DES3_CBC_SHA1,
-     {0xce, 0xa2, 0x2f, 0x9b, 0x52, 0x2c, 0xb0, 0x15, 0x6e, 0x6b, 0x64,
-      0x73, 0x62, 0x64, 0x73, 0x4f, 0x6e, 0x73, 0xce, 0xa2, 0x2f, 0x9b,
-      0x52, 0x57}},
-#endif
-    {"nisse@FOO.SE", "hej", ETYPE_DES3_CBC_SHA1,
-     {0x0e, 0xbc, 0x23, 0x9d, 0x68, 0x46, 0xf2, 0xd5, 0x51, 0x98, 0x5b,
-      0x57, 0xc1, 0x57, 0x01, 0x79, 0x04, 0xc4, 0xe9, 0xfe, 0xc1, 0x0e,
-      0x13, 0xd0}},
-    {"assar/liten@FOO.SE", "hemligt", ETYPE_DES3_CBC_SHA1,
-     {0x7f, 0x40, 0x67, 0xb9, 0xbc, 0xc4, 0x40, 0xfb, 0x43, 0x73, 0xd9,
-      0xd3, 0xcd, 0x7c, 0xc7, 0x67, 0xe6, 0x79, 0x94, 0xd0, 0xa8, 0x34,
-      0xdf, 0x62}},
-    {"does/not@MATTER", "foo", ETYPE_ARCFOUR_HMAC_MD5,
-     {0xac, 0x8e, 0x65, 0x7f, 0x83, 0xdf, 0x82, 0xbe,
-      0xea, 0x5d, 0x43, 0xbd, 0xaf, 0x78, 0x00, 0xcc}},
-    {"raeburn@ATHENA.MIT.EDU", "password", ETYPE_DES_CBC_MD5,
-     {0xcb, 0xc2, 0x2f, 0xae, 0x23, 0x52, 0x98, 0xe3}},
-    {"danny@WHITEHOUSE.GOV", "potatoe", ETYPE_DES_CBC_MD5,
-     {0xdf, 0x3d, 0x32, 0xa7, 0x4f, 0xd9, 0x2a, 0x01}},
-    {"buckaroo@EXAMPLE.COM", "penny", ETYPE_DES_CBC_MD5,
-     {0x94, 0x43, 0xa2, 0xe5, 0x32, 0xfd, 0xc4, 0xf1}},
-    {"Juri\xc5\xa1i\xc4\x87@ATHENA.MIT.EDU", "\xc3\x9f", ETYPE_DES_CBC_MD5,
-     {0x62, 0xc8, 0x1a, 0x52, 0x32, 0xb5, 0xe6, 0x9d}},
-    {"AAAAAAAA", "11119999", ETYPE_DES_CBC_MD5,
-     {0x98, 0x40, 0x54, 0xd0, 0xf1, 0xa7, 0x3e, 0x31}},
-    {"FFFFAAAA", "NNNN6666", ETYPE_DES_CBC_MD5,
-     {0xc4, 0xbf, 0x6b, 0x25, 0xad, 0xf7, 0xa4, 0xf8}},
-    {"raeburn@ATHENA.MIT.EDU", "password", ETYPE_DES3_CBC_SHA1,
-     {0x85, 0x0b, 0xb5, 0x13, 0x58, 0x54, 0x8c, 0xd0, 0x5e, 0x86, 0x76, 0x8c, 0x31, 0x3e, 0x3b, 0xfe, 0xf7, 0x51, 0x19, 0x37, 0xdc, 0xf7, 0x2c, 0x3e}},
-    {"danny@WHITEHOUSE.GOV", "potatoe", ETYPE_DES3_CBC_SHA1,
-     {0xdf, 0xcd, 0x23, 0x3d, 0xd0, 0xa4, 0x32, 0x04, 0xea, 0x6d, 0xc4, 0x37, 0xfb, 0x15, 0xe0, 0x61, 0xb0, 0x29, 0x79, 0xc1, 0xf7, 0x4f, 0x37, 0x7a}},
-    {"buckaroo@EXAMPLE.COM", "penny", ETYPE_DES3_CBC_SHA1,
-     {0x6d, 0x2f, 0xcd, 0xf2, 0xd6, 0xfb, 0xbc, 0x3d, 0xdc, 0xad, 0xb5, 0xda, 0x57, 0x10, 0xa2, 0x34, 0x89, 0xb0, 0xd3, 0xb6, 0x9d, 0x5d, 0x9d, 0x4a}},
-    {"Juri\xc5\xa1i\xc4\x87@ATHENA.MIT.EDU", "\xc3\x9f", ETYPE_DES3_CBC_SHA1,
-     {0x16, 0xd5, 0xa4, 0x0e, 0x1c, 0xe3, 0xba, 0xcb, 0x61, 0xb9, 0xdc, 0xe0, 0x04, 0x70, 0x32, 0x4c, 0x83, 0x19, 0x73, 0xa7, 0xb9, 0x52, 0xfe, 0xb0}},
-    {NULL}
-};
-
-int
-main(int argc, char **argv)
-{
-    struct testcase *t;
-    krb5_context context;
-    krb5_error_code ret;
-    int val = 0;
-
-    ret = krb5_init_context (&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    /* to enable realm-less principal name above */
-
-    krb5_set_default_realm(context, "");
-
-    for (t = tests; t->principal_name; ++t) {
-	krb5_keyblock key;
-	krb5_principal principal;
-	int i;
-
-	ret = krb5_parse_name (context, t->principal_name, &principal);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_parse_name %s",
-		      t->principal_name);
-	ret = krb5_string_to_key (context, t->enctype, t->password,
-				  principal, &key);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_string_to_key");
-	krb5_free_principal (context, principal);
-	if (memcmp (key.keyvalue.data, t->res, key.keyvalue.length) != 0) {
-	    const unsigned char *p = key.keyvalue.data;
-
-	    printf ("string_to_key(%s, %s) failed\n",
-		    t->principal_name, t->password);
-	    printf ("should be: ");
-	    for (i = 0; i < key.keyvalue.length; ++i)
-		printf ("%02x", t->res[i]);
-	    printf ("\nresult was: ");
-	    for (i = 0; i < key.keyvalue.length; ++i)
-		printf ("%02x", p[i]);
-	    printf ("\n");
-	    val = 1;
-	}
-	krb5_free_keyblock_contents(context, &key);
-    }
-    krb5_free_context(context);
-    return val;
-}
diff --git a/crypto/heimdal/lib/krb5/test_acl.c b/crypto/heimdal/lib/krb5/test_acl.c
deleted file mode 100644
index e52f31a8b5a1..000000000000
--- a/crypto/heimdal/lib/krb5/test_acl.c
+++ /dev/null
@@ -1,113 +0,0 @@
-/*
- * Copyright (c) 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <err.h>
-
-RCSID("$Id: test_acl.c 15036 2005-04-30 15:19:58Z lha $");
-
-#define RETVAL(c, r, e, s) \
-	do { if (r != e) krb5_errx(c, 1, "%s", s); } while (0)
-#define STRINGMATCH(c, s, _s1, _s2) \
-	do {							\
-		if (_s1 == NULL || _s2 == NULL) 		\
-			krb5_errx(c, 1, "s1 or s2 is NULL");	\
-		if (strcmp(_s1,_s2) != 0) 			\
-			krb5_errx(c, 1, "%s", s);		\
-	} while (0)
-
-static void
-test_match_string(krb5_context context)
-{
-    krb5_error_code ret;
-    char *s1, *s2;
-
-    ret = krb5_acl_match_string(context, "foo", "s", "foo");
-    RETVAL(context, ret, 0, "single s");
-    ret = krb5_acl_match_string(context, "foo foo", "s", "foo");
-    RETVAL(context, ret, EACCES, "too many strings");
-    ret = krb5_acl_match_string(context, "foo bar", "ss", "foo", "bar");
-    RETVAL(context, ret, 0, "two strings");
-    ret = krb5_acl_match_string(context, "foo  bar", "ss", "foo", "bar");
-    RETVAL(context, ret, 0, "two strings double space");
-    ret = krb5_acl_match_string(context, "foo \tbar", "ss", "foo", "bar");
-    RETVAL(context, ret, 0, "two strings space + tab");
-    ret = krb5_acl_match_string(context, "foo", "ss", "foo", "bar");
-    RETVAL(context, ret, EACCES, "one string, two format strings");
-    ret = krb5_acl_match_string(context, "foo", "ss", "foo", "foo");
-    RETVAL(context, ret, EACCES, "one string, two format strings (same)");
-    ret = krb5_acl_match_string(context, "foo  \t", "s", "foo");
-    RETVAL(context, ret, 0, "ending space");
-
-    ret = krb5_acl_match_string(context, "foo/bar", "f", "foo/bar");
-    RETVAL(context, ret, 0, "liternal fnmatch");
-    ret = krb5_acl_match_string(context, "foo/bar", "f", "foo/*");
-    RETVAL(context, ret, 0, "foo/*");
-    ret = krb5_acl_match_string(context, "foo/bar/baz", "f", "foo/*/baz");
-    RETVAL(context, ret, 0, "foo/*/baz");
-
-    ret = krb5_acl_match_string(context, "foo", "r", &s1);
-    RETVAL(context, ret, 0, "ret 1");
-    STRINGMATCH(context, "ret 1 match", s1, "foo"); free(s1);
-
-    ret = krb5_acl_match_string(context, "foo bar", "rr", &s1, &s2);
-    RETVAL(context, ret, 0, "ret 2");
-    STRINGMATCH(context, "ret 2 match 1", s1, "foo"); free(s1);
-    STRINGMATCH(context, "ret 2 match 2", s2, "bar"); free(s2);
-
-    ret = krb5_acl_match_string(context, "foo bar", "sr", "bar", &s1);
-    RETVAL(context, ret, EACCES, "ret mismatch");
-    if (s1 != NULL) krb5_errx(context, 1, "s1 not NULL");
-
-    ret = krb5_acl_match_string(context, "foo", "l", "foo");
-    RETVAL(context, ret, EINVAL, "unknown letter");
-}
-
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-
-    setprogname(argv[0]);
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    test_match_string(context);
-
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/test_addr.c b/crypto/heimdal/lib/krb5/test_addr.c
deleted file mode 100644
index 1ab47aecc028..000000000000
--- a/crypto/heimdal/lib/krb5/test_addr.c
+++ /dev/null
@@ -1,202 +0,0 @@
-/*
- * Copyright (c) 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <err.h>
-
-RCSID("$Id: test_addr.c 15036 2005-04-30 15:19:58Z lha $");
-
-static void
-print_addr(krb5_context context, const char *addr)
-{
-    krb5_addresses addresses;
-    krb5_error_code ret;
-    char buf[38];
-    char buf2[1000];
-    size_t len;
-    int i;
-
-    ret = krb5_parse_address(context, addr, &addresses);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_address");
-
-    if (addresses.len < 1)
-	krb5_err(context, 1, ret, "too few addresses");
-    
-    for (i = 0; i < addresses.len; i++) {
-	krb5_print_address(&addresses.val[i], buf, sizeof(buf), &len);
-#if 0
-	printf("addr %d: %s (%d/%d)\n", i, buf, (int)len, (int)strlen(buf)); 
-#endif
-	if (strlen(buf) > sizeof(buf))
-	    abort();
-	krb5_print_address(&addresses.val[i], buf2, sizeof(buf2), &len);
-#if 0
-	printf("addr %d: %s (%d/%d)\n", i, buf2, (int)len, (int)strlen(buf2)); 
-#endif
-	if (strlen(buf2) > sizeof(buf2))
-	    abort();
-
-    }
-    krb5_free_addresses(context, &addresses);
-
-}
-
-static void
-truncated_addr(krb5_context context, const char *addr, 
-	       size_t truncate_len, size_t outlen)
-{
-    krb5_addresses addresses;
-    krb5_error_code ret;
-    char *buf;
-    size_t len;
-
-    buf = ecalloc(1, outlen + 1);
-
-    ret = krb5_parse_address(context, addr, &addresses);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_address");
-
-    if (addresses.len != 1)
-	krb5_err(context, 1, ret, "addresses should be one");
-    
-    krb5_print_address(&addresses.val[0], buf, truncate_len, &len);
-    
-#if 0
-    printf("addr %s (%d/%d)\n", buf, (int)len, (int)strlen(buf)); 
-#endif
-    
-    if (truncate_len > strlen(buf) + 1)
-	abort();
-    if (outlen != len)
-	abort();
-    
-    krb5_print_address(&addresses.val[0], buf, outlen + 1, &len);
-
-#if 0
-    printf("addr %s (%d/%d)\n", buf, (int)len, (int)strlen(buf)); 
-#endif
-
-    if (len != outlen)
-	abort();
-    if (strlen(buf) != len)
-	abort();
-
-    krb5_free_addresses(context, &addresses);
-    free(buf);
-}
-
-static void
-check_truncation(krb5_context context, const char *addr)
-{
-    int i, len = strlen(addr);
-
-    for (i = 0; i < len; i++)
-	truncated_addr(context, addr, i, len);
-}
-
-static void
-match_addr(krb5_context context, const char *range_addr, 
-	   const char *one_addr, int match)
-{
-    krb5_addresses range, one;
-    krb5_error_code ret;
-
-    ret = krb5_parse_address(context, range_addr, &range);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_address");
-
-    if (range.len != 1)
-	krb5_err(context, 1, ret, "wrong num of addresses");
-    
-    ret = krb5_parse_address(context, one_addr, &one);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_address");
-
-    if (one.len != 1)
-	krb5_err(context, 1, ret, "wrong num of addresses");
-
-    if (krb5_address_order(context, &range.val[0], &one.val[0]) == 0) {
-	if (!match)
-	    krb5_errx(context, 1, "match when one shouldn't be");
-    } else {
-	if (match)
-	    krb5_errx(context, 1, "no match when one should be");
-    }
-
-    krb5_free_addresses(context, &range);
-    krb5_free_addresses(context, &one);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-
-    setprogname(argv[0]);
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    print_addr(context, "RANGE:127.0.0.0/8");
-    print_addr(context, "RANGE:127.0.0.0/24");
-    print_addr(context, "RANGE:IPv4:127.0.0.0-IPv4:127.0.0.255");
-    print_addr(context, "RANGE:130.237.237.4/29");
-#ifdef HAVE_IPV6
-    print_addr(context, "RANGE:fe80::209:6bff:fea0:e522/64");
-    print_addr(context, "RANGE:IPv6:fe80::209:6bff:fea0:e522/64");
-    print_addr(context, "RANGE:IPv6:fe80::-IPv6:fe80::ffff:ffff:ffff:ffff");
-    print_addr(context, "RANGE:fe80::-fe80::ffff:ffff:ffff:ffff");
-#endif
-
-    check_truncation(context, "IPv4:127.0.0.0");
-    check_truncation(context, "RANGE:IPv4:127.0.0.0-IPv4:127.0.0.255");
-#ifdef HAVE_IPV6
-    check_truncation(context, "IPv6:::1");
-    check_truncation(context, "IPv6:fe80::ffff:ffff:ffff:ffff");
-#endif
-
-    match_addr(context, "RANGE:127.0.0.0/8", "inet:127.0.0.0", 1);
-    match_addr(context, "RANGE:127.0.0.0/8", "inet:127.255.255.255", 1);
-    match_addr(context, "RANGE:127.0.0.0/8", "inet:128.0.0.0", 0);
-
-    match_addr(context, "RANGE:130.237.237.8/29", "inet:130.237.237.7", 0);
-    match_addr(context, "RANGE:130.237.237.8/29", "inet:130.237.237.8", 1);
-    match_addr(context, "RANGE:130.237.237.8/29", "inet:130.237.237.15", 1);
-    match_addr(context, "RANGE:130.237.237.8/29", "inet:130.237.237.16", 0);
-
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/test_alname.c b/crypto/heimdal/lib/krb5/test_alname.c
deleted file mode 100644
index e8397b748026..000000000000
--- a/crypto/heimdal/lib/krb5/test_alname.c
+++ /dev/null
@@ -1,156 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <getarg.h>
-#include <err.h>
-
-RCSID("$Id: test_alname.c 15474 2005-06-17 04:48:02Z lha $");
-
-static void
-test_alname(krb5_context context, krb5_const_realm realm,
-	    const char *user, const char *inst, 
-	    const char *localuser, int ok)
-{
-    krb5_principal p;
-    char localname[1024];
-    krb5_error_code ret;
-    char *princ;
-
-    ret = krb5_make_principal(context, &p, realm, user, inst, NULL);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_build_principal");
-
-    ret = krb5_unparse_name(context, p, &princ);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_unparse_name");
-
-    ret = krb5_aname_to_localname(context, p, sizeof(localname), localname);
-    krb5_free_principal(context, p);
-    free(princ);
-    if (ret) {
-	if (!ok)
-	    return;
-	krb5_err(context, 1, ret, "krb5_aname_to_localname: %s -> %s", 
-		 princ, localuser);
-    }
-
-    if (strcmp(localname, localuser) != 0) {
-	if (ok)
-	    errx(1, "compared failed %s != %s (should have succeded)", 
-		 localname, localuser);
-    } else {
-	if (!ok)
-	    errx(1, "compared failed %s == %s (should have failed)", 
-		 localname, localuser);
-    }
-    
-}
-
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    {"version",	0,	arg_flag,	&version_flag,
-     "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,
-     NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    krb5_realm realm;
-    int optidx = 0;
-    char *user;
-
-    setprogname(argv[0]);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    if (argc != 1)
-	errx(1, "first argument should be a local user that in root .k5login");
-
-    user = argv[0];
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    ret = krb5_get_default_realm(context, &realm);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_get_default_realm");
-
-    test_alname(context, realm, user, NULL, user, 1);
-    test_alname(context, realm, user, "root", "root", 1);
-
-    test_alname(context, "FOO.BAR.BAZ.KAKA", user, NULL, user, 0);
-    test_alname(context, "FOO.BAR.BAZ.KAKA", user, "root", "root", 0);
-
-    test_alname(context, realm, user, NULL, 
-		"not-same-as-user", 0);
-    test_alname(context, realm, user, "root",
-		"not-same-as-user", 0);
-
-    test_alname(context, "FOO.BAR.BAZ.KAKA", user, NULL, 
-		"not-same-as-user", 0);
-    test_alname(context, "FOO.BAR.BAZ.KAKA", user, "root",
-		"not-same-as-user", 0);
-
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/test_cc.c b/crypto/heimdal/lib/krb5/test_cc.c
deleted file mode 100644
index 075cfe237fba..000000000000
--- a/crypto/heimdal/lib/krb5/test_cc.c
+++ /dev/null
@@ -1,532 +0,0 @@
-/*
- * Copyright (c) 2003 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <getarg.h>
-#include <err.h>
-
-RCSID("$Id: test_cc.c 22115 2007-12-03 21:21:42Z lha $");
-
-static int debug_flag	= 0;
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static void
-test_default_name(krb5_context context)
-{
-    krb5_error_code ret;
-    const char *p, *test_cc_name = "/tmp/krb5-cc-test-foo";
-    char *p1, *p2, *p3;
-
-    p = krb5_cc_default_name(context);
-    if (p == NULL)
-	krb5_errx (context, 1, "krb5_cc_default_name 1 failed");
-    p1 = estrdup(p);
-
-    ret = krb5_cc_set_default_name(context, NULL);
-    if (p == NULL)
-	krb5_errx (context, 1, "krb5_cc_set_default_name failed");
-
-    p = krb5_cc_default_name(context);
-    if (p == NULL)
-	krb5_errx (context, 1, "krb5_cc_default_name 2 failed");
-    p2 = estrdup(p);
-
-    if (strcmp(p1, p2) != 0)
-	krb5_errx (context, 1, "krb5_cc_default_name no longer same");
-	
-    ret = krb5_cc_set_default_name(context, test_cc_name);
-    if (p == NULL)
-	krb5_errx (context, 1, "krb5_cc_set_default_name 1 failed");
-    
-    p = krb5_cc_default_name(context);
-    if (p == NULL)
-	krb5_errx (context, 1, "krb5_cc_default_name 2 failed");
-    p3 = estrdup(p);
-    
-    if (strcmp(p3, test_cc_name) != 0)
-	krb5_errx (context, 1, "krb5_cc_set_default_name 1 failed");
-
-    free(p1);
-    free(p2);
-    free(p3);
-}
-
-/*
- * Check that a closed cc still keeps it data and that it's no longer
- * there when it's destroyed.
- */
-
-static void
-test_mcache(krb5_context context)
-{
-    krb5_error_code ret;
-    krb5_ccache id, id2;
-    const char *nc, *tc;
-    char *c;
-    krb5_principal p, p2;
-
-    ret = krb5_parse_name(context, "lha@SU.SE", &p);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &id);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_gen_new");
-
-    ret = krb5_cc_initialize(context, id, p);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_initialize");
-
-    nc = krb5_cc_get_name(context, id);
-    if (nc == NULL)
-	krb5_errx(context, 1, "krb5_cc_get_name");
-
-    tc = krb5_cc_get_type(context, id);
-    if (tc == NULL)
-	krb5_errx(context, 1, "krb5_cc_get_name");
-
-    asprintf(&c, "%s:%s", tc, nc);
-    
-    krb5_cc_close(context, id);
-    
-    ret = krb5_cc_resolve(context, c, &id2);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_resolve");
-
-    ret = krb5_cc_get_principal(context, id2, &p2);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_get_principal");
-
-    if (krb5_principal_compare(context, p, p2) == FALSE)
-	krb5_errx(context, 1, "p != p2");
-
-    krb5_cc_destroy(context, id2);
-    krb5_free_principal(context, p);
-    krb5_free_principal(context, p2);
-
-    ret = krb5_cc_resolve(context, c, &id2);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_resolve");
-
-    ret = krb5_cc_get_principal(context, id2, &p2);
-    if (ret == 0)
-	krb5_errx(context, 1, "krb5_cc_get_principal");
-
-    krb5_cc_destroy(context, id2);
-    free(c);
-}
-
-/*
- * Test that init works on a destroyed cc.
- */
-
-static void
-test_init_vs_destroy(krb5_context context, const krb5_cc_ops *ops)
-{
-    krb5_error_code ret;
-    krb5_ccache id, id2;
-    krb5_principal p, p2;
-    char *n;
-
-    ret = krb5_parse_name(context, "lha@SU.SE", &p);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    ret = krb5_cc_gen_new(context, ops, &id);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_gen_new");
-
-    asprintf(&n, "%s:%s",
-	     krb5_cc_get_type(context, id),
-	     krb5_cc_get_name(context, id));
-
-    ret = krb5_cc_resolve(context, n, &id2);
-    free(n);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_resolve");
-
-    krb5_cc_destroy(context, id);
-
-    ret = krb5_cc_initialize(context, id2, p);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_initialize");
-
-    ret = krb5_cc_get_principal(context, id2, &p2);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_get_principal");
-
-    krb5_cc_destroy(context, id2);
-    krb5_free_principal(context, p);
-    krb5_free_principal(context, p2);
-}
-
-static void
-test_fcache_remove(krb5_context context)
-{
-    krb5_error_code ret;
-    krb5_ccache id;
-    krb5_principal p;
-    krb5_creds cred;
-
-    ret = krb5_parse_name(context, "lha@SU.SE", &p);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    ret = krb5_cc_gen_new(context, &krb5_fcc_ops, &id);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_gen_new");
-
-    ret = krb5_cc_initialize(context, id, p);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_initialize");
-
-    /* */
-    memset(&cred, 0, sizeof(cred));
-    ret = krb5_parse_name(context, "krbtgt/SU.SE@SU.SE", &cred.server);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-    ret = krb5_parse_name(context, "lha@SU.SE", &cred.client);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    ret = krb5_cc_store_cred(context, id, &cred);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_store_cred");
-
-    ret = krb5_cc_remove_cred(context, id, 0, &cred);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_remove_cred");
-
-    ret = krb5_cc_destroy(context, id);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_destroy");
-
-    krb5_free_principal(context, p);
-    krb5_free_principal(context, cred.server);
-    krb5_free_principal(context, cred.client);
-}
-
-static void
-test_mcc_default(void)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    krb5_ccache id, id2;
-    int i;
-
-    for (i = 0; i < 10; i++) {
-
-	ret = krb5_init_context(&context);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_init_context");
-
-	ret = krb5_cc_set_default_name(context, "MEMORY:foo");
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_cc_set_default_name");
-
-	ret = krb5_cc_default(context, &id);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_cc_default");
-
-	ret = krb5_cc_default(context, &id2);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_cc_default");
-
-	ret = krb5_cc_close(context, id);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_cc_close");
-
-	ret = krb5_cc_close(context, id2);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_cc_close");
-
-	krb5_free_context(context);
-    }
-}
-
-struct {
-    char *str;
-    int fail;
-    char *res;
-} cc_names[] = {
-    { "foo", 0, "foo" },
-    { "%{uid}", 0 },
-    { "foo%{null}", 0, "foo" },
-    { "foo%{null}bar", 0, "foobar" },
-    { "%{", 1 },
-    { "%{foo %{", 1 },
-    { "%{{", 1 },
-};
-
-static void
-test_def_cc_name(krb5_context context)
-{
-    krb5_error_code ret;
-    char *str;
-    int i;
-
-    for (i = 0; i < sizeof(cc_names)/sizeof(cc_names[0]); i++) {
-	ret = _krb5_expand_default_cc_name(context, cc_names[i].str, &str);
-	if (ret) {
-	    if (cc_names[i].fail == 0)
-		krb5_errx(context, 1, "test %d \"%s\" failed", 
-			  i, cc_names[i].str);
-	} else {
-	    if (cc_names[i].fail)
-		krb5_errx(context, 1, "test %d \"%s\" was successful", 
-			  i, cc_names[i].str);
-	    if (cc_names[i].res && strcmp(cc_names[i].res, str) != 0)
-		krb5_errx(context, 1, "test %d %s != %s", 
-			  i, cc_names[i].res, str);
-	    if (debug_flag)
-		printf("%s => %s\n", cc_names[i].str, str);
-	    free(str);
-	}
-    }
-}
-
-static void
-test_cache_find(krb5_context context, const char *type, const char *principal,
-		int find)
-{
-    krb5_principal client;
-    krb5_error_code ret;
-    krb5_ccache id = NULL;
-
-    ret = krb5_parse_name(context, principal, &client);
-    if (ret)
-	krb5_err(context, 1, ret, "parse_name for %s failed", principal);
-    
-    ret = krb5_cc_cache_match(context, client, type, &id);
-    if (ret && find)
-	krb5_err(context, 1, ret, "cc_cache_match for %s failed", principal);
-    if (ret == 0 && !find)
-	krb5_err(context, 1, ret, "cc_cache_match for %s found", principal);
-
-    if (id)
-	krb5_cc_close(context, id);
-    krb5_free_principal(context, client);
-}
-
-
-static void
-test_cache_iter(krb5_context context, const char *type, int destroy)
-{
-    krb5_cc_cache_cursor cursor;
-    krb5_error_code ret;
-    krb5_ccache id;
-    
-    ret = krb5_cc_cache_get_first (context, type, &cursor);
-    if (ret == KRB5_CC_NOSUPP)
-	return;
-    else if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_cache_get_first(%s)", type);
-
-
-    while ((ret = krb5_cc_cache_next (context, cursor, &id)) == 0) {
-	krb5_principal principal;
-	char *name;
-
-	if (debug_flag)
-	    printf("name: %s\n", krb5_cc_get_name(context, id));
-	ret = krb5_cc_get_principal(context, id, &principal);
-	if (ret == 0) {
-	    ret = krb5_unparse_name(context, principal, &name);
-	    if (ret == 0) {
-		if (debug_flag)
-		    printf("\tprincipal: %s\n", name);
-		free(name);
-	    }
-	    krb5_free_principal(context, principal);
-	}
-	if (destroy)
-	    krb5_cc_destroy(context, id);
-	else
-	    krb5_cc_close(context, id);
-    }
-
-    krb5_cc_cache_end_seq_get(context, cursor);
-}
-
-static void
-test_copy(krb5_context context, const char *fromtype, const char *totype)
-{
-    const krb5_cc_ops *from, *to;
-    krb5_ccache fromid, toid;
-    krb5_error_code ret;
-    krb5_principal p, p2;
-
-    from = krb5_cc_get_prefix_ops(context, fromtype);
-    if (from == NULL)
-	krb5_errx(context, 1, "%s isn't a type", fromtype);
-
-    to = krb5_cc_get_prefix_ops(context, totype);
-    if (to == NULL)
-	krb5_errx(context, 1, "%s isn't a type", totype);
-
-    ret = krb5_parse_name(context, "lha@SU.SE", &p);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    ret = krb5_cc_gen_new(context, from, &fromid);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_gen_new");
-
-    ret = krb5_cc_initialize(context, fromid, p);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_initialize");
-
-    ret = krb5_cc_gen_new(context, to, &toid);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_gen_new");
-
-    ret = krb5_cc_copy_cache(context, fromid, toid);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_copy_cache");
-
-    ret = krb5_cc_get_principal(context, toid, &p2);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_get_principal");
-
-    if (krb5_principal_compare(context, p, p2) == FALSE)
-	krb5_errx(context, 1, "p != p2");
-
-    krb5_free_principal(context, p);
-    krb5_free_principal(context, p2);
-
-    krb5_cc_destroy(context, fromid);
-    krb5_cc_destroy(context, toid);
-}
-
-static void
-test_prefix_ops(krb5_context context, const char *name, const krb5_cc_ops *ops)
-{
-    const krb5_cc_ops *o;
-
-    o = krb5_cc_get_prefix_ops(context, name);
-    if (o == NULL)
-	krb5_errx(context, 1, "found no match for prefix '%s'", name);
-    if (strcmp(o->prefix, ops->prefix) != 0)
-	krb5_errx(context, 1, "ops for prefix '%s' is not "
-		  "the expected %s != %s", name, o->prefix, ops->prefix);
-}
-
-
-static struct getargs args[] = {
-    {"debug",	'd',	arg_flag,	&debug_flag,
-     "turn on debuggin", NULL },
-    {"version",	0,	arg_flag,	&version_flag,
-     "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,
-     NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args, sizeof(args)/sizeof(*args), NULL, "hostname ...");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    int optidx = 0;
-    krb5_ccache id1, id2;
-
-    setprogname(argv[0]);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    test_fcache_remove(context);
-    test_default_name(context);
-    test_mcache(context);
-    test_init_vs_destroy(context, &krb5_mcc_ops);
-    test_init_vs_destroy(context, &krb5_fcc_ops);
-    test_mcc_default();
-    test_def_cc_name(context);
-    test_cache_iter(context, "MEMORY", 0);
-    {
-	krb5_principal p;
-	krb5_cc_new_unique(context, "MEMORY", "bar", &id1);
-	krb5_cc_new_unique(context, "MEMORY", "baz", &id2);
-	krb5_parse_name(context, "lha@SU.SE", &p);
-	krb5_cc_initialize(context, id1, p);
-	krb5_free_principal(context, p);
-    }
-
-    test_cache_find(context, "MEMORY", "lha@SU.SE", 1);
-    test_cache_find(context, "MEMORY", "hulabundulahotentot@SU.SE", 0);
-
-    test_cache_iter(context, "MEMORY", 0);
-    test_cache_iter(context, "MEMORY", 1);
-    test_cache_iter(context, "MEMORY", 0);
-    test_cache_iter(context, "FILE", 0);
-    test_cache_iter(context, "API", 0);
-
-    test_copy(context, "FILE", "FILE");
-    test_copy(context, "MEMORY", "MEMORY");
-    test_copy(context, "FILE", "MEMORY");
-    test_copy(context, "MEMORY", "FILE");
-
-    test_prefix_ops(context, "FILE:/tmp/foo", &krb5_fcc_ops);
-    test_prefix_ops(context, "FILE", &krb5_fcc_ops);
-    test_prefix_ops(context, "MEMORY", &krb5_mcc_ops);
-    test_prefix_ops(context, "MEMORY:foo", &krb5_mcc_ops);
-    test_prefix_ops(context, "/tmp/kaka", &krb5_fcc_ops);
-
-    krb5_cc_destroy(context, id1);
-    krb5_cc_destroy(context, id2);
-
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/test_config.c b/crypto/heimdal/lib/krb5/test_config.c
deleted file mode 100644
index 7fe224e68812..000000000000
--- a/crypto/heimdal/lib/krb5/test_config.c
+++ /dev/null
@@ -1,124 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "krb5_locl.h"
-#include <err.h>
-
-RCSID("$Id: test_config.c 15036 2005-04-30 15:19:58Z lha $");
-
-static int
-check_config_file(krb5_context context, char *filelist, char **res, int def)
-{
-    krb5_error_code ret;
-    char **pp;
-    int i;
-
-    pp = NULL;
-
-    if (def)
-	ret = krb5_prepend_config_files_default(filelist, &pp);
-    else
-	ret = krb5_prepend_config_files(filelist, NULL, &pp);
-    
-    if (ret)
-	krb5_err(context, 1, ret, "prepend_config_files");
-    
-    for (i = 0; res[i] && pp[i]; i++)
-	if (strcmp(pp[i], res[i]) != 0)
-	    krb5_errx(context, 1, "'%s' != '%s'", pp[i], res[i]);
-    
-    if (res[i] != NULL)
-	krb5_errx(context, 1, "pp ended before res list");
-    
-    if (def) {
-	char **deflist;
-	int j;
-	
-	ret = krb5_get_default_config_files(&deflist);
-	if (ret)
-	    krb5_err(context, 1, ret, "get_default_config_files");
-	
-	for (j = 0 ; pp[i] && deflist[j]; i++, j++)
-	    if (strcmp(pp[i], deflist[j]) != 0)
-		krb5_errx(context, 1, "'%s' != '%s'", pp[i], deflist[j]);
-	
-	if (deflist[j] != NULL)
-	    krb5_errx(context, 1, "pp ended before def list");
-	krb5_free_config_files(deflist);
-    }
-    
-    if (pp[i] != NULL)
-	krb5_errx(context, 1, "pp ended after res (and def) list");
-    
-    krb5_free_config_files(pp);
-    
-    return 0;
-}
-
-char *list0[] =  { "/tmp/foo", NULL };
-char *list1[] =  { "/tmp/foo", "/tmp/foo/bar", NULL };
-char *list2[] =  { "", NULL };
-
-struct {
-    char *fl;
-    char **res;
-} test[] = {
-    { "/tmp/foo", NULL },
-    { "/tmp/foo:/tmp/foo/bar", NULL },
-    { "", NULL }
-};
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    int i;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx(1, "krb5_init_context %d", ret);
-
-    test[0].res = list0;
-    test[1].res = list1;
-    test[2].res = list2;
-
-    for (i = 0; i < sizeof(test)/sizeof(*test); i++) {
-	check_config_file(context, test[i].fl, test[i].res, 0);
-	check_config_file(context, test[i].fl, test[i].res, 1);
-    }
-
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/test_crypto.c b/crypto/heimdal/lib/krb5/test_crypto.c
deleted file mode 100644
index 0837911f26aa..000000000000
--- a/crypto/heimdal/lib/krb5/test_crypto.c
+++ /dev/null
@@ -1,215 +0,0 @@
-/*
- * Copyright (c) 2003-2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <err.h>
-#include <getarg.h>
-
-RCSID("$Id: test_crypto.c 16290 2005-11-24 09:57:50Z lha $");
-
-static void
-time_encryption(krb5_context context, size_t size,
-		krb5_enctype etype, int iterations)
-{
-    struct timeval tv1, tv2;
-    krb5_error_code ret;
-    krb5_keyblock key;
-    krb5_crypto crypto;
-    krb5_data data;
-    char *etype_name;
-    void *buf;
-    int i;
-
-    ret = krb5_generate_random_keyblock(context, etype, &key);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_generate_random_keyblock");
-
-    ret = krb5_enctype_to_string(context, etype, &etype_name);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_enctype_to_string");
-
-    buf = malloc(size);
-    if (buf == NULL)
-	krb5_errx(context, 1, "out of memory");
-    memset(buf, 0, size);
-
-    ret = krb5_crypto_init(context, &key, 0, &crypto);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_crypto_init");
-
-    gettimeofday(&tv1, NULL);
-
-    for (i = 0; i < iterations; i++) {
-	ret = krb5_encrypt(context, crypto, 0, buf, size, &data);
-	if (ret)
-	    krb5_err(context, 1, ret, "encrypt: %d", i);
-	krb5_data_free(&data);
-    }
-
-    gettimeofday(&tv2, NULL);
-
-    timevalsub(&tv2, &tv1);
-
-    printf("%s size: %7lu iterations: %d time: %3ld.%06ld\n", 
-	   etype_name, (unsigned long)size, iterations,
-	   (long)tv2.tv_sec, (long)tv2.tv_usec);
-
-    free(buf);
-    free(etype_name);
-    krb5_crypto_destroy(context, crypto);
-    krb5_free_keyblock_contents(context, &key);
-}
-
-static void
-time_s2k(krb5_context context,
-	 krb5_enctype etype, 
-	 const char *password,
-	 krb5_salt salt,
-	 int iterations)
-{
-    struct timeval tv1, tv2;
-    krb5_error_code ret;
-    krb5_keyblock key;
-    krb5_data opaque;
-    char *etype_name;
-    int i;
-
-    ret = krb5_enctype_to_string(context, etype, &etype_name);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_enctype_to_string");
-
-    opaque.data = NULL;
-    opaque.length = 0;
-
-    gettimeofday(&tv1, NULL);
-
-    for (i = 0; i < iterations; i++) {
-	ret = krb5_string_to_key_salt_opaque(context, etype, password, salt,
-					 opaque, &key);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_string_to_key_data_salt_opaque");
-	krb5_free_keyblock_contents(context, &key);
-    }
-
-    gettimeofday(&tv2, NULL);
-
-    timevalsub(&tv2, &tv1);
-
-    printf("%s string2key %d iterations time: %3ld.%06ld\n", 
-	   etype_name, iterations, (long)tv2.tv_sec, (long)tv2.tv_usec);
-    free(etype_name);
-
-}
-
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    {"version",	0,	arg_flag,	&version_flag,
-     "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,
-     NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    int i, enciter, s2kiter;
-    int optidx = 0;
-    krb5_salt salt;
-
-    krb5_enctype enctypes[] = { 
-	ETYPE_DES_CBC_CRC,
-	ETYPE_DES3_CBC_SHA1,
-	ETYPE_ARCFOUR_HMAC_MD5,
-	ETYPE_AES128_CTS_HMAC_SHA1_96,
-	ETYPE_AES256_CTS_HMAC_SHA1_96
-    };
-
-    setprogname(argv[0]);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    salt.salttype = KRB5_PW_SALT;
-    salt.saltvalue.data = NULL;
-    salt.saltvalue.length = 0;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    enciter = 1000;
-    s2kiter = 100;
-
-    for (i = 0; i < sizeof(enctypes)/sizeof(enctypes[0]); i++) {
-
-	time_encryption(context, 16, enctypes[i], enciter);
-	time_encryption(context, 32, enctypes[i], enciter);
-	time_encryption(context, 512, enctypes[i], enciter);
-	time_encryption(context, 1024, enctypes[i], enciter);
-	time_encryption(context, 2048, enctypes[i], enciter);
-	time_encryption(context, 4096, enctypes[i], enciter);
-	time_encryption(context, 8192, enctypes[i], enciter);
-	time_encryption(context, 16384, enctypes[i], enciter);
-	time_encryption(context, 32768, enctypes[i], enciter);
-
-	time_s2k(context, enctypes[i], "mYsecreitPassword", salt, s2kiter);
-    }
-
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/test_crypto_wrapping.c b/crypto/heimdal/lib/krb5/test_crypto_wrapping.c
deleted file mode 100644
index 1618fdf11797..000000000000
--- a/crypto/heimdal/lib/krb5/test_crypto_wrapping.c
+++ /dev/null
@@ -1,164 +0,0 @@
-/*
- * Copyright (c) 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <err.h>
-#include <getarg.h>
-
-RCSID("$Id: test_crypto_wrapping.c 18809 2006-10-22 07:11:43Z lha $");
-
-static void
-test_wrapping(krb5_context context,
-	      size_t min_size,
-	      size_t max_size,
-	      size_t step,
-	      krb5_enctype etype)
-{
-    krb5_error_code ret;
-    krb5_keyblock key;
-    krb5_crypto crypto;
-    krb5_data data;
-    char *etype_name;
-    void *buf;
-    size_t size;
-
-    ret = krb5_generate_random_keyblock(context, etype, &key);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_generate_random_keyblock");
-
-    ret = krb5_enctype_to_string(context, etype, &etype_name);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_enctype_to_string");
-
-    buf = malloc(max_size);
-    if (buf == NULL)
-	krb5_errx(context, 1, "out of memory");
-    memset(buf, 0, max_size);
-
-    ret = krb5_crypto_init(context, &key, 0, &crypto);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_crypto_init");
-
-    for (size = min_size; size < max_size; size += step) {
-	size_t wrapped_size;
-
-	ret = krb5_encrypt(context, crypto, 0, buf, size, &data);
-	if (ret)
-	    krb5_err(context, 1, ret, "encrypt size %lu using %s",
-		     (unsigned long)size, etype_name);
-
-	wrapped_size = krb5_get_wrapped_length(context, crypto, size);
-
-	if (wrapped_size != data.length)
-	    krb5_errx(context, 1, "calculated wrapped length %lu != "
-		      "real wrapped length %lu for data length %lu using "
-		      "enctype %s",
-		      (unsigned long)wrapped_size,
-		      (unsigned long)data.length,
-		      (unsigned long)size,
-		      etype_name);
-	krb5_data_free(&data);
-    }
-
-    free(etype_name);
-    free(buf);
-    krb5_crypto_destroy(context, crypto);
-    krb5_free_keyblock_contents(context, &key);
-}
-
-
-
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    {"version",	0,	arg_flag,	&version_flag,
-     "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,
-     NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    int i, optidx = 0;
-
-    krb5_enctype enctypes[] = { 
-	ETYPE_DES_CBC_CRC,
-	ETYPE_DES_CBC_MD4,
-	ETYPE_DES_CBC_MD5,
-	ETYPE_DES3_CBC_SHA1,
-	ETYPE_ARCFOUR_HMAC_MD5,
-	ETYPE_AES128_CTS_HMAC_SHA1_96,
-	ETYPE_AES256_CTS_HMAC_SHA1_96
-    };
-
-    setprogname(argv[0]);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    for (i = 0; i < sizeof(enctypes)/sizeof(enctypes[0]); i++) {
-	test_wrapping(context, 0, 1024, 1, enctypes[i]);
-	test_wrapping(context, 1024, 1024 * 100, 1024, enctypes[i]);
-    }
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/test_forward.c b/crypto/heimdal/lib/krb5/test_forward.c
deleted file mode 100644
index 163995334ed9..000000000000
--- a/crypto/heimdal/lib/krb5/test_forward.c
+++ /dev/null
@@ -1,136 +0,0 @@
-/*
- * Copyright (c) 2008 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <err.h>
-#include <getarg.h>
-
-RCSID("$Id$");
-
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    {"version",	0,	arg_flag,	&version_flag,
-     "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,
-     NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "hostname");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    const char *hostname;
-    krb5_context context;
-    krb5_auth_context ac;
-    krb5_error_code ret;
-    krb5_creds cred;
-    krb5_ccache id;
-    krb5_data data;
-    int optidx = 0;
-
-    setprogname (argv[0]);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    if (argc < 1)
-	usage(1);
-
-    hostname = argv[0];
-
-    memset(&cred, 0, sizeof(cred));
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    ret = krb5_cc_default(context, &id);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_default failed: %d", ret);
-
-    ret = krb5_auth_con_init(context, &ac);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_auth_con_init failed: %d", ret);
-
-    krb5_auth_con_addflags(context, ac,
-			   KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED, NULL);
-
-    ret = krb5_cc_get_principal(context, id, &cred.client);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_get_principal");
-
-    ret = krb5_make_principal(context,
-			      &cred.server,
-			      krb5_principal_get_realm(context, cred.client),
-			      KRB5_TGS_NAME,
-			      krb5_principal_get_realm(context, cred.client),
-			      NULL);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_make_principal(server)");
-
-    ret = krb5_get_forwarded_creds (context,
-				    ac,
-				    id,
-				    KDC_OPT_FORWARDABLE,
-				    hostname,
-				    &cred,
-				    &data);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_get_forwarded_creds");
-
-    krb5_data_free(&data);
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/test_get_addrs.c b/crypto/heimdal/lib/krb5/test_get_addrs.c
deleted file mode 100644
index 1d53e0eb8c68..000000000000
--- a/crypto/heimdal/lib/krb5/test_get_addrs.c
+++ /dev/null
@@ -1,116 +0,0 @@
-/*
- * Copyright (c) 2000 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <err.h>
-#include <getarg.h>
-
-RCSID("$Id: test_get_addrs.c 15474 2005-06-17 04:48:02Z lha $");
-
-/* print all addresses that we find */
-
-static void
-print_addresses (krb5_context context, const krb5_addresses *addrs)
-{
-    int i;
-    char buf[256];
-    size_t len;
-    
-    for (i = 0; i < addrs->len; ++i) {
-	krb5_print_address (&addrs->val[i], buf, sizeof(buf), &len);
-	printf ("%s\n", buf);
-    }
-}
-
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    {"version",	0,	arg_flag,	&version_flag,
-     "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,
-     NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    krb5_addresses addrs;
-    int optidx = 0;
-
-    setprogname (argv[0]);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    ret = krb5_get_all_client_addrs (context, &addrs);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_get_all_client_addrs");
-    printf ("client addresses\n");
-    print_addresses (context, &addrs);
-    krb5_free_addresses (context, &addrs);
-
-    ret = krb5_get_all_server_addrs (context, &addrs);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_get_all_server_addrs");
-    printf ("server addresses\n");
-    print_addresses (context, &addrs);
-    krb5_free_addresses (context, &addrs);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/test_hostname.c b/crypto/heimdal/lib/krb5/test_hostname.c
deleted file mode 100644
index 095cb391633e..000000000000
--- a/crypto/heimdal/lib/krb5/test_hostname.c
+++ /dev/null
@@ -1,152 +0,0 @@
-/*
- * Copyright (c) 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <err.h>
-#include <getarg.h>
-
-RCSID("$Id: test_hostname.c 15965 2005-08-23 20:18:55Z lha $");
-
-static int debug_flag	= 0;
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static int
-expand_hostname(krb5_context context, const char *host)
-{
-    krb5_error_code ret;
-    char *h, **r;
-
-    ret = krb5_expand_hostname(context, host, &h);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_expand_hostname(%s)", host);
-
-    free(h);
-
-    if (debug_flag)
-	printf("hostname: %s -> %s\n", host, h);
-
-    ret = krb5_expand_hostname_realms(context, host, &h, &r);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_expand_hostname_realms(%s)", host);
-
-    if (debug_flag) {
-	int j;
-
-	printf("hostname: %s -> %s\n", host, h);
-	for (j = 0; r[j]; j++) {
-	    printf("\trealm: %s\n", r[j]);
-	}
-    }
-    free(h);
-    krb5_free_host_realm(context, r);
-
-    return 0;
-}
-
-static int
-test_expand_hostname(krb5_context context)
-{
-    int i, errors = 0;
-
-    struct t {
-	krb5_error_code ret;
-	const char *orig_hostname;
-	const char *new_hostname;
-    } tests[] = {
-	{ 0, "pstn1.su.se", "pstn1.su.se" },
-	{ 0, "pstnproxy.su.se", "pstnproxy.su.se" },
-    };
-
-    for (i = 0; i < sizeof(tests)/sizeof(tests[0]); i++) {
-	errors += expand_hostname(context, tests[i].orig_hostname);
-    }
-
-    return errors;
-}
-
-static struct getargs args[] = {
-    {"debug",	'd',	arg_flag,	&debug_flag,
-     "turn on debuggin", NULL },
-    {"version",	0,	arg_flag,	&version_flag,
-     "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,
-     NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args, sizeof(args)/sizeof(*args), NULL, "hostname ...");
-    exit (ret);
-}
-
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    int optidx = 0, errors = 0;
-
-    setprogname(argv[0]);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    if (argc > 0) {
-	while (argc-- > 0)
-	    errors += expand_hostname(context, *argv++);
-	return errors;
-    }
-
-    errors += test_expand_hostname(context);
-
-    krb5_free_context(context);
-
-    return errors;
-}
diff --git a/crypto/heimdal/lib/krb5/test_keytab.c b/crypto/heimdal/lib/krb5/test_keytab.c
deleted file mode 100644
index 97361cc19a31..000000000000
--- a/crypto/heimdal/lib/krb5/test_keytab.c
+++ /dev/null
@@ -1,191 +0,0 @@
-/*
- * Copyright (c) 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <err.h>
-
-RCSID("$Id: test_keytab.c 18809 2006-10-22 07:11:43Z lha $");
-
-/*
- * Test that removal entry from of empty keytab doesn't corrupts
- * memory.
- */
-
-static void
-test_empty_keytab(krb5_context context, const char *keytab)
-{
-    krb5_error_code ret;
-    krb5_keytab id;
-    krb5_keytab_entry entry;
-
-    ret = krb5_kt_resolve(context, keytab, &id);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_kt_resolve");
-
-    memset(&entry, 0, sizeof(entry));
-
-    krb5_kt_remove_entry(context, id, &entry);
-
-    ret = krb5_kt_close(context, id);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_kt_close");
-}
-
-/*
- * Test that memory keytab are refcounted.
- */
-
-static void
-test_memory_keytab(krb5_context context, const char *keytab, const char *keytab2)
-{
-    krb5_error_code ret;
-    krb5_keytab id, id2, id3;
-    krb5_keytab_entry entry, entry2, entry3;
-
-    ret = krb5_kt_resolve(context, keytab, &id);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_kt_resolve");
-
-    memset(&entry, 0, sizeof(entry));
-    ret = krb5_parse_name(context, "lha@SU.SE", &entry.principal);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-    entry.vno = 1;
-    ret = krb5_generate_random_keyblock(context,
-					ETYPE_AES256_CTS_HMAC_SHA1_96,
-					&entry.keyblock);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_generate_random_keyblock");
-
-    krb5_kt_add_entry(context, id, &entry);
-
-    ret = krb5_kt_resolve(context, keytab, &id2);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_kt_resolve");
-
-    ret = krb5_kt_get_entry(context, id,
-			    entry.principal,
-			    0,
-			    ETYPE_AES256_CTS_HMAC_SHA1_96,
-			    &entry2);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_kt_get_entry");
-    krb5_kt_free_entry(context, &entry2);
-
-    ret = krb5_kt_close(context, id);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_kt_close");
-
-    ret = krb5_kt_get_entry(context, id2,
-			    entry.principal,
-			    0,
-			    ETYPE_AES256_CTS_HMAC_SHA1_96,
-			    &entry2);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_kt_get_entry");
-    krb5_kt_free_entry(context, &entry2);
-
-    ret = krb5_kt_close(context, id2);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_kt_close");
-
-
-    ret = krb5_kt_resolve(context, keytab2, &id3);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_kt_resolve");
-
-    memset(&entry3, 0, sizeof(entry3));
-    ret = krb5_parse_name(context, "lha3@SU.SE", &entry3.principal);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-    entry3.vno = 1;
-    ret = krb5_generate_random_keyblock(context,
-					ETYPE_AES256_CTS_HMAC_SHA1_96,
-					&entry3.keyblock);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_generate_random_keyblock");
-
-    krb5_kt_add_entry(context, id3, &entry3);
-
-
-    ret = krb5_kt_resolve(context, keytab, &id);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_kt_resolve");
-
-    ret = krb5_kt_get_entry(context, id,
-			    entry.principal,
-			    0,
-			    ETYPE_AES256_CTS_HMAC_SHA1_96,
-			    &entry2);
-    if (ret == 0)
-	krb5_errx(context, 1, "krb5_kt_get_entry when if should fail");
-
-    krb5_kt_remove_entry(context, id, &entry);
-
-    ret = krb5_kt_close(context, id);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_kt_close");
-
-    krb5_kt_free_entry(context, &entry);
-
-    krb5_kt_remove_entry(context, id3, &entry3);
-
-    ret = krb5_kt_close(context, id3);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_kt_close");
-
-    krb5_free_principal(context, entry3.principal);
-    krb5_free_keyblock_contents(context, &entry3.keyblock);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-
-    setprogname(argv[0]);
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    test_empty_keytab(context, "MEMORY:foo");
-    test_empty_keytab(context, "FILE:foo");
-    test_empty_keytab(context, "KRB4:foo");
-
-    test_memory_keytab(context, "MEMORY:foo", "MEMORY:foo2");
-
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/test_kuserok.c b/crypto/heimdal/lib/krb5/test_kuserok.c
deleted file mode 100644
index 04a6f210a05e..000000000000
--- a/crypto/heimdal/lib/krb5/test_kuserok.c
+++ /dev/null
@@ -1,106 +0,0 @@
-/*
- * Copyright (c) 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <getarg.h>
-#include <err.h>
-
-RCSID("$Id: test_kuserok.c 15033 2005-04-30 15:15:38Z lha $");
-
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    {"version",	0,	arg_flag,	&version_flag,
-     "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,
-     NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "principal luser");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    krb5_principal principal;
-    char *p;
-    int o = 0;
-
-    setprogname(argv[0]);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &o))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= o;
-    argv += o;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    if (argc != 2)
-	usage(1);
-
-    ret = krb5_parse_name(context, argv[0], &principal);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-    
-    ret = krb5_unparse_name(context, principal, &p);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_unparse_name");
-
-    ret = krb5_kuserok(context, principal, argv[1]);
-
-    krb5_free_context(context);
-
-    printf("%s is %sallowed to login as %s\n", p, ret ? "" : "NOT ", argv[1]);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/test_mem.c b/crypto/heimdal/lib/krb5/test_mem.c
deleted file mode 100644
index 8989caed7484..000000000000
--- a/crypto/heimdal/lib/krb5/test_mem.c
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * Copyright (c) 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <err.h>
-
-RCSID("$Id: test_mem.c 15931 2005-08-12 13:43:46Z lha $");
-
-/*
- * Test run functions, to be used with valgrind to detect memoryleaks.
- */
-
-static void
-check_log(void)
-{
-    int i;
-
-    for (i = 0; i < 10; i++) {
-	krb5_log_facility *logfacility;
-	krb5_context context;
-	krb5_error_code ret;
-
-	ret = krb5_init_context(&context);
-	if (ret)
-	    errx (1, "krb5_init_context failed: %d", ret);
-    
-	krb5_initlog(context, "test-mem", &logfacility);
-	krb5_addlog_dest(context, logfacility, "0/STDERR:");
-	krb5_set_warn_dest(context, logfacility);
-    
-	krb5_free_context(context);
-    }
-}
-
-
-int
-main(int argc, char **argv)
-{
-    setprogname(argv[0]);
-
-    check_log();
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/test_pac.c b/crypto/heimdal/lib/krb5/test_pac.c
deleted file mode 100644
index a22fe3a8c6c5..000000000000
--- a/crypto/heimdal/lib/krb5/test_pac.c
+++ /dev/null
@@ -1,295 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: test_pac.c 21934 2007-08-27 14:21:04Z lha $");
-
-/*
- * This PAC and keys are copied (with permission) from Samba torture
- * regression test suite, they where created by Andrew Bartlet.
- */
-
-static const unsigned char saved_pac[] = {
-	0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0xd8, 0x01, 0x00, 0x00, 
-	0x48, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00,
-	0x20, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,
-	0x40, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,
-	0x58, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc,
-	0xc8, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x30, 0xdf, 0xa6, 0xcb, 
-	0x4f, 0x7d, 0xc5, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff, 
-	0xff, 0xff, 0xff, 0x7f, 0xc0, 0x3c, 0x4e, 0x59, 0x62, 0x73, 0xc5, 0x01, 0xc0, 0x3c, 0x4e, 0x59,
-	0x62, 0x73, 0xc5, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0x16, 0x00, 0x16, 0x00,
-	0x04, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x0c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 
-	0x14, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x02, 0x00, 0x65, 0x00, 0x00, 0x00, 
-	0xed, 0x03, 0x00, 0x00, 0x04, 0x02, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x02, 0x00,
-	0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x14, 0x00, 0x16, 0x00, 0x20, 0x00, 0x02, 0x00, 0x16, 0x00, 0x18, 0x00,
-	0x24, 0x00, 0x02, 0x00, 0x28, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x01, 0x00, 0x00, 0x00, 0x2c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00,
-	0x57, 0x00, 0x32, 0x00, 0x30, 0x00, 0x30, 0x00, 0x33, 0x00, 0x46, 0x00, 0x49, 0x00, 0x4e, 0x00,
-	0x41, 0x00, 0x4c, 0x00, 0x24, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x04, 0x02, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00,
-	0x0b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x57, 0x00, 0x32, 0x00,
-	0x30, 0x00, 0x30, 0x00, 0x33, 0x00, 0x46, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x41, 0x00, 0x4c, 0x00,
-	0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x57, 0x00, 0x49, 0x00,
-	0x4e, 0x00, 0x32, 0x00, 0x4b, 0x00, 0x33, 0x00, 0x54, 0x00, 0x48, 0x00, 0x49, 0x00, 0x4e, 0x00,
-	0x4b, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
-	0x15, 0x00, 0x00, 0x00, 0x11, 0x2f, 0xaf, 0xb5, 0x90, 0x04, 0x1b, 0xec, 0x50, 0x3b, 0xec, 0xdc,
-	0x01, 0x00, 0x00, 0x00, 0x30, 0x00, 0x02, 0x00, 0x07, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
-	0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x80, 0x66, 0x28, 0xea, 0x37, 0x80, 0xc5, 0x01, 0x16, 0x00, 0x77, 0x00, 0x32, 0x00, 0x30, 0x00,
-	0x30, 0x00, 0x33, 0x00, 0x66, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x61, 0x00, 0x6c, 0x00, 0x24, 0x00,
-	0x76, 0xff, 0xff, 0xff, 0x37, 0xd5, 0xb0, 0xf7, 0x24, 0xf0, 0xd6, 0xd4, 0xec, 0x09, 0x86, 0x5a,
-	0xa0, 0xe8, 0xc3, 0xa9, 0x00, 0x00, 0x00, 0x00, 0x76, 0xff, 0xff, 0xff, 0xb4, 0xd8, 0xb8, 0xfe,
-	0x83, 0xb3, 0x13, 0x3f, 0xfc, 0x5c, 0x41, 0xad, 0xe2, 0x64, 0x83, 0xe0, 0x00, 0x00, 0x00, 0x00
-};
-
-static int type_1_length = 472;
-
-static const krb5_keyblock kdc_keyblock = {
-    ETYPE_ARCFOUR_HMAC_MD5,
-    { 16, "\xB2\x86\x75\x71\x48\xAF\x7F\xD2\x52\xC5\x36\x03\xA1\x50\xB7\xE7" }
-};
-
-static const krb5_keyblock member_keyblock = {
-    ETYPE_ARCFOUR_HMAC_MD5,
-    { 16, "\xD2\x17\xFA\xEA\xE5\xE6\xB5\xF9\x5C\xCC\x94\x07\x7A\xB8\xA5\xFC" }
-};
-
-static time_t authtime = 1120440609;
-static const char *user = "w2003final$@WIN2K3.THINKER.LOCAL";
-
-int
-main(int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_context context;
-    krb5_pac pac;
-    krb5_data data;
-    krb5_principal p;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx(1, "krb5_init_contex");
-
-    ret = krb5_parse_name(context, user, &p);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    ret = krb5_pac_parse(context, saved_pac, sizeof(saved_pac), &pac);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_pac_parse");
-
-    ret = krb5_pac_verify(context, pac, authtime, p,
-			   &member_keyblock, &kdc_keyblock);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_pac_verify");
-
-    ret = _krb5_pac_sign(context, pac, authtime, p, 
-			 &member_keyblock, &kdc_keyblock, &data);
-    if (ret)
-	krb5_err(context, 1, ret, "_krb5_pac_sign");
-
-    krb5_pac_free(context, pac);
-
-    ret = krb5_pac_parse(context, data.data, data.length, &pac);
-    krb5_data_free(&data);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_pac_parse 2");
-
-    ret = krb5_pac_verify(context, pac, authtime, p,
-			   &member_keyblock, &kdc_keyblock);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_pac_verify 2");
-
-    /* make a copy and try to reproduce it */
-    {
-	uint32_t *list;
-	size_t len, i;
-	krb5_pac pac2;
-
-	ret = krb5_pac_init(context, &pac2);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_pac_init");
-
-	/* our two user buffer plus the three "system" buffers */
-	ret = krb5_pac_get_types(context, pac, &len, &list);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_pac_get_types");
-
-	for (i = 0; i < len; i++) {
-	    /* skip server_cksum, privsvr_cksum, and logon_name */
-	    if (list[i] == 6 || list[i] == 7 || list[i] == 10)
-		continue;
-
-	    ret = krb5_pac_get_buffer(context, pac, list[i], &data);
-	    if (ret)
-		krb5_err(context, 1, ret, "krb5_pac_get_buffer");
-
-	    if (list[i] == 1) {
-		if (type_1_length != data.length)
-		    krb5_errx(context, 1, "type 1 have wrong length: %lu", 
-			      (unsigned long)data.length);
-	    } else
-		krb5_errx(context, 1, "unknown type %lu", 
-			  (unsigned long)list[i]);
-
-	    ret = krb5_pac_add_buffer(context, pac2, list[i], &data);
-	    if (ret)
-		krb5_err(context, 1, ret, "krb5_pac_add_buffer");
-	    krb5_data_free(&data);
-	}
-	free(list);
-	
-	ret = _krb5_pac_sign(context, pac2, authtime, p, 
-			     &member_keyblock, &kdc_keyblock, &data);
-	if (ret)
-	    krb5_err(context, 1, ret, "_krb5_pac_sign 4");
-	
-	krb5_pac_free(context, pac2);
-
-	ret = krb5_pac_parse(context, data.data, data.length, &pac2);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_pac_parse 4");
-	
-	ret = krb5_pac_verify(context, pac2, authtime, p,
-			      &member_keyblock, &kdc_keyblock);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_pac_verify 4");
-	
-	krb5_pac_free(context, pac2);
-    }
-
-    krb5_pac_free(context, pac);
-
-    /*
-     * Test empty free
-     */
-
-    ret = krb5_pac_init(context, &pac);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_pac_init");
-    krb5_pac_free(context, pac);
-
-    /*
-     * Test add remove buffer
-     */
-
-    ret = krb5_pac_init(context, &pac);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_pac_init");
-
-    {
-	const krb5_data cdata = { 2, "\x00\x01" } ;
-
-	ret = krb5_pac_add_buffer(context, pac, 1, &cdata);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_pac_add_buffer");
-    }
-    {
-	ret = krb5_pac_get_buffer(context, pac, 1, &data);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_pac_get_buffer");
-	if (data.length != 2 || memcmp(data.data, "\x00\x01", 2) != 0)
-	    krb5_errx(context, 1, "krb5_pac_get_buffer data not the same");
-	krb5_data_free(&data);
-    }
-
-    {
-	const krb5_data cdata = { 2, "\x02\x00" } ;
-
-	ret = krb5_pac_add_buffer(context, pac, 2, &cdata);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_pac_add_buffer");
-    }
-    {
-	ret = krb5_pac_get_buffer(context, pac, 1, &data);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_pac_get_buffer");
-	if (data.length != 2 || memcmp(data.data, "\x00\x01", 2) != 0)
-	    krb5_errx(context, 1, "krb5_pac_get_buffer data not the same");
-	krb5_data_free(&data);
-	/* */
-	ret = krb5_pac_get_buffer(context, pac, 2, &data);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_pac_get_buffer");
-	if (data.length != 2 || memcmp(data.data, "\x02\x00", 2) != 0)
-	    krb5_errx(context, 1, "krb5_pac_get_buffer data not the same");
-	krb5_data_free(&data);
-    }
-
-    ret = _krb5_pac_sign(context, pac, authtime, p, 
-			 &member_keyblock, &kdc_keyblock, &data);
-    if (ret)
-	krb5_err(context, 1, ret, "_krb5_pac_sign");
-
-    krb5_pac_free(context, pac);
-
-    ret = krb5_pac_parse(context, data.data, data.length, &pac);
-    krb5_data_free(&data);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_pac_parse 3");
-
-    ret = krb5_pac_verify(context, pac, authtime, p,
-			   &member_keyblock, &kdc_keyblock);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_pac_verify 3");
-
-    {
-	uint32_t *list;
-	size_t len;
-
-	/* our two user buffer plus the three "system" buffers */
-	ret = krb5_pac_get_types(context, pac, &len, &list);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_pac_get_types");
-	if (len != 5)
-	    krb5_errx(context, 1, "list wrong length");
-	free(list);
-    }
-
-    krb5_pac_free(context, pac);
-
-    krb5_free_principal(context, p);
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/test_pkinit_dh2key.c b/crypto/heimdal/lib/krb5/test_pkinit_dh2key.c
deleted file mode 100644
index e23bef9a9ee0..000000000000
--- a/crypto/heimdal/lib/krb5/test_pkinit_dh2key.c
+++ /dev/null
@@ -1,218 +0,0 @@
-/*
- * Copyright (c) 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <err.h>
-#include <getarg.h>
-
-RCSID("$Id: test_pkinit_dh2key.c 18809 2006-10-22 07:11:43Z lha $");
-
-static void
-test_dh2key(int i,
-	    krb5_context context, 
-	    const heim_octet_string *dh,
-	    const heim_octet_string *c_n,
-	    const heim_octet_string *k_n,
-	    krb5_enctype etype,
-	    const heim_octet_string *result)
-{
-    krb5_error_code ret;
-    krb5_keyblock key;
-
-    ret = _krb5_pk_octetstring2key(context,
-				   etype,
-				   dh->data, dh->length,
-				   c_n,
-				   k_n,
-				   &key);
-    if (ret != 0)
-	krb5_err(context, 1, ret, "_krb5_pk_octetstring2key: %d", i);
-
-    if (key.keyvalue.length != result->length ||
-	memcmp(key.keyvalue.data, result->data, result->length) != 0)
-	krb5_errx(context, 1, "resulting key wrong: %d", i);
-
-    krb5_free_keyblock_contents(context, &key);
-}
-
-
-struct {
-    krb5_enctype type;
-    krb5_data X;
-    krb5_data key;
-} tests[] = {
-    /* 0 */
-    {
-	ETYPE_AES256_CTS_HMAC_SHA1_96,
-	{
-	    256,
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	},
-	{
-	    32,
-	    "\x5e\xe5\x0d\x67\x5c\x80\x9f\xe5\x9e\x4a\x77\x62\xc5\x4b\x65\x83"
-	    "\x75\x47\xea\xfb\x15\x9b\xd8\xcd\xc7\x5f\xfc\xa5\x91\x1e\x4c\x41"
-	}
-    },
-    /* 1 */
-    {
-	ETYPE_AES256_CTS_HMAC_SHA1_96,
-	{
-	    128,
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
-	},
-	{
-	    32,
-	    "\xac\xf7\x70\x7c\x08\x97\x3d\xdf\xdb\x27\xcd\x36\x14\x42\xcc\xfb"
-	    "\xa3\x55\xc8\x88\x4c\xb4\x72\xf3\x7d\xa6\x36\xd0\x7d\x56\x78\x7e"
-	}
-    },
-    /* 2 */
-    {
-	ETYPE_AES256_CTS_HMAC_SHA1_96,
-	{
-	    128,
-	    "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
-	    "\x10\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e"
-	    "\x0f\x10\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d"
-	    "\x0e\x0f\x10\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c"
-	    "\x0d\x0e\x0f\x10\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b"
-	    "\x0c\x0d\x0e\x0f\x10\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a"
-	    "\x0b\x0c\x0d\x0e\x0f\x10\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09"
-	    "\x0a\x0b\x0c\x0d\x0e\x0f\x10\x00\x01\x02\x03\x04\x05\x06\x07\x08"
-	},
-	{
-	    32,
-	    "\xc4\x42\xda\x58\x5f\xcb\x80\xe4\x3b\x47\x94\x6f\x25\x40\x93\xe3"
-	    "\x73\x29\xd9\x90\x01\x38\x0d\xb7\x83\x71\xdb\x3a\xcf\x5c\x79\x7e"
-	}
-    },
-    /* 3 */
-    {
-	ETYPE_AES256_CTS_HMAC_SHA1_96,
-	{
-	    77,
-	    "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
-	    "\x10\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e"
-	    "\x0f\x10\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d"
-	    "\x0e\x0f\x10\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c"
-	    "\x0d\x0e\x0f\x10\x00\x01\x02\x03"
-	    "\x04\x05\x06\x07\x08"
-	},
-	{
-	    32,
-	    "\x00\x53\x95\x3b\x84\xc8\x96\xf4\xeb\x38\x5c\x3f\x2e\x75\x1c\x4a"
-	    "\x59\x0e\xd6\xff\xad\xca\x6f\xf6\x4f\x47\xeb\xeb\x8d\x78\x0f\xfc"
-	}
-    }
-};
-
-
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    {"version",	0,	arg_flag,	&version_flag,
-     "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,
-     NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "");
-    exit (ret);
-}
-
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    int i, optidx = 0;
-
-    setprogname(argv[0]);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    for (i = 0; i < sizeof(tests)/sizeof(tests[0]); i++) {
-	test_dh2key(i, context, &tests[i].X, NULL, NULL, 
-		    tests[i].type, &tests[i].key);
-    }
-
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/test_plugin.c b/crypto/heimdal/lib/krb5/test_plugin.c
deleted file mode 100644
index 18e9fcd28674..000000000000
--- a/crypto/heimdal/lib/krb5/test_plugin.c
+++ /dev/null
@@ -1,126 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-RCSID("$Id: test_plugin.c 22024 2007-11-03 21:36:55Z lha $");
-#include "locate_plugin.h"
-
-static krb5_error_code
-resolve_init(krb5_context context, void **ctx)
-{
-    *ctx = NULL;
-    return 0;
-}
-
-static void
-resolve_fini(void *ctx)
-{
-}
-
-static krb5_error_code
-resolve_lookup(void *ctx,
-	       enum locate_service_type service,
-	       const char *realm,
-	       int domain,
-	       int type, 
-	       int (*add)(void *,int,struct sockaddr *),
-	       void *addctx)
-{
-    struct sockaddr_in s;
-
-    memset(&s, 0, sizeof(s));
-
-#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
-    s.sin_len = sizeof(s);
-#endif
-    s.sin_family = AF_INET;
-    s.sin_port = htons(88);
-    s.sin_addr.s_addr = htonl(0x7f000002);
-
-    if (strcmp(realm, "NOTHERE.H5L.SE") == 0)
-	(*add)(addctx, type, (struct sockaddr *)&s);
-
-    return 0;
-}
-
-
-krb5plugin_service_locate_ftable resolve = {
-    0,
-    resolve_init,
-    resolve_fini,
-    resolve_lookup
-};
-
-
-int
-main(int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_context context;
-    krb5_krbhst_handle handle;
-    char host[MAXHOSTNAMELEN];
-    int found = 0;
-
-    setprogname(argv[0]);
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx(1, "krb5_init_contex");
-
-    ret = krb5_plugin_register(context, PLUGIN_TYPE_DATA, "resolve", &resolve);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_plugin_register");
-
-
-    ret = krb5_krbhst_init_flags(context,
-				 "NOTHERE.H5L.SE",
-				 KRB5_KRBHST_KDC,
-				 0,
-				 &handle);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_krbhst_init_flags");
-
-    
-    while(krb5_krbhst_next_as_string(context, handle, host, sizeof(host)) == 0){
-	found++;
- 	if (strcmp(host, "127.0.0.2") != 0)
-	    krb5_errx(context, 1, "wrong address: %s", host);
-    }
-    if (!found)
-	krb5_errx(context, 1, "failed to find host");
-
-    krb5_krbhst_free(context, handle);
-
-    krb5_free_context(context);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/test_prf.c b/crypto/heimdal/lib/krb5/test_prf.c
deleted file mode 100644
index 94fb67dffaee..000000000000
--- a/crypto/heimdal/lib/krb5/test_prf.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * Copyright (c) 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: test_prf.c 20843 2007-06-03 14:23:20Z lha $");
-
-#include <hex.h>
-#include <err.h>
-
-/*
- * key: string2key(aes256, "testkey", "testkey", default_params)
- * input: unhex(1122334455667788)
- * output: 58b594b8a61df6e9439b7baa991ff5c1
- * 
- * key: string2key(aes128, "testkey", "testkey", default_params)
- * input: unhex(1122334455667788)
- * output: ffa2f823aa7f83a8ce3c5fb730587129
- */
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    krb5_keyblock key;
-    krb5_crypto crypto;
-    size_t length;
-    krb5_data input, output, output2;
-    krb5_enctype etype = ETYPE_AES256_CTS_HMAC_SHA1_96;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx(1, "krb5_init_context %d", ret);
-
-    ret = krb5_generate_random_keyblock(context, etype, &key);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_generate_random_keyblock");
-
-    ret = krb5_crypto_prf_length(context, etype, &length);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_crypto_prf_length");
-
-    ret = krb5_crypto_init(context, &key, 0, &crypto);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_crypto_init");
-
-    input.data = rk_UNCONST("foo");
-    input.length = 3;
-
-    ret = krb5_crypto_prf(context, crypto, &input, &output);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_crypto_prf");
-
-    ret = krb5_crypto_prf(context, crypto, &input, &output2);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_crypto_prf");
-
-    if (krb5_data_cmp(&output, &output2) != 0)
-	krb5_errx(context, 1, "krb5_data_cmp");
-
-    krb5_data_free(&output);
-    krb5_data_free(&output2);
-
-    krb5_crypto_destroy(context, crypto);
-    
-    krb5_free_keyblock_contents(context, &key);
-
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/test_princ.c b/crypto/heimdal/lib/krb5/test_princ.c
deleted file mode 100644
index d1036c1b3b44..000000000000
--- a/crypto/heimdal/lib/krb5/test_princ.c
+++ /dev/null
@@ -1,366 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <err.h>
-
-RCSID("$Id: test_princ.c 22071 2007-11-14 20:04:50Z lha $");
-
-/*
- * Check that a closed cc still keeps it data and that it's no longer
- * there when it's destroyed.
- */
-
-static void
-test_princ(krb5_context context)
-{
-    const char *princ = "lha@SU.SE";
-    const char *princ_short = "lha";
-    const char *noquote;
-    krb5_error_code ret;
-    char *princ_unparsed;
-    char *princ_reformed = NULL;
-    const char *realm;
-
-    krb5_principal p, p2;
-
-    ret = krb5_parse_name(context, princ, &p);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    ret = krb5_unparse_name(context, p, &princ_unparsed);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    if (strcmp(princ, princ_unparsed)) {
-	krb5_errx(context, 1, "%s != %s", princ, princ_unparsed);
-    }
-
-    free(princ_unparsed);
-
-    ret = krb5_unparse_name_flags(context, p, 
-				  KRB5_PRINCIPAL_UNPARSE_NO_REALM,
-				  &princ_unparsed);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    if (strcmp(princ_short, princ_unparsed))
-	krb5_errx(context, 1, "%s != %s", princ_short, princ_unparsed);
-    free(princ_unparsed);
-    
-    realm = krb5_principal_get_realm(context, p);
-
-    asprintf(&princ_reformed, "%s@%s", princ_short, realm);
-
-    ret = krb5_parse_name(context, princ_reformed, &p2);
-    free(princ_reformed);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    if (!krb5_principal_compare(context, p, p2)) {
-	krb5_errx(context, 1, "p != p2");
-    }    
-
-    krb5_free_principal(context, p2);
-
-    ret = krb5_set_default_realm(context, "SU.SE");
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    ret = krb5_unparse_name_flags(context, p, 
-				  KRB5_PRINCIPAL_UNPARSE_SHORT,
-				  &princ_unparsed);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    if (strcmp(princ_short, princ_unparsed))
-	krb5_errx(context, 1, "'%s' != '%s'", princ_short, princ_unparsed);
-    free(princ_unparsed);
-
-    ret = krb5_parse_name(context, princ_short, &p2);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    if (!krb5_principal_compare(context, p, p2))
-	krb5_errx(context, 1, "p != p2");
-    krb5_free_principal(context, p2);
-
-    ret = krb5_unparse_name(context, p, &princ_unparsed);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    if (strcmp(princ, princ_unparsed))
-	krb5_errx(context, 1, "'%s' != '%s'", princ, princ_unparsed);
-    free(princ_unparsed);
-
-    ret = krb5_set_default_realm(context, "SAMBA.ORG");
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    ret = krb5_parse_name(context, princ_short, &p2);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    if (krb5_principal_compare(context, p, p2))
-	krb5_errx(context, 1, "p == p2");
-
-    if (!krb5_principal_compare_any_realm(context, p, p2))
-	krb5_errx(context, 1, "(ignoring realms) p != p2");
-
-    ret = krb5_unparse_name(context, p2, &princ_unparsed);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    if (strcmp(princ, princ_unparsed) == 0)
-	krb5_errx(context, 1, "%s == %s", princ, princ_unparsed);
-    free(princ_unparsed);
-
-    krb5_free_principal(context, p2);
-
-    ret = krb5_parse_name(context, princ, &p2);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    if (!krb5_principal_compare(context, p, p2))
-	krb5_errx(context, 1, "p != p2");
-
-    ret = krb5_unparse_name(context, p2, &princ_unparsed);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    if (strcmp(princ, princ_unparsed))
-	krb5_errx(context, 1, "'%s' != '%s'", princ, princ_unparsed);
-    free(princ_unparsed);
-
-    krb5_free_principal(context, p2);
-
-    ret = krb5_unparse_name_flags(context, p,
-				  KRB5_PRINCIPAL_UNPARSE_SHORT,
-				  &princ_unparsed);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_unparse_name_short");
-
-    if (strcmp(princ, princ_unparsed) != 0)
-	krb5_errx(context, 1, "'%s' != '%s'", princ, princ_unparsed);
-    free(princ_unparsed);
-
-    ret = krb5_unparse_name(context, p, &princ_unparsed);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_unparse_name_short");
-
-    if (strcmp(princ, princ_unparsed))
-	krb5_errx(context, 1, "'%s' != '%s'", princ, princ_unparsed);
-    free(princ_unparsed);
-
-    ret = krb5_parse_name_flags(context, princ, 
-				KRB5_PRINCIPAL_PARSE_NO_REALM,
-				&p2);
-    if (!ret)
-	krb5_err(context, 1, ret, "Should have failed to parse %s a "
-		 "short name", princ);
-
-    ret = krb5_parse_name_flags(context, princ_short, 
-				KRB5_PRINCIPAL_PARSE_NO_REALM,
-				&p2);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    ret = krb5_unparse_name_flags(context, p2, 
-				  KRB5_PRINCIPAL_UNPARSE_NO_REALM,
-				  &princ_unparsed);
-    krb5_free_principal(context, p2);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_unparse_name_norealm");
-
-    if (strcmp(princ_short, princ_unparsed))
-	krb5_errx(context, 1, "'%s' != '%s'", princ_short, princ_unparsed);
-    free(princ_unparsed);
-
-    ret = krb5_parse_name_flags(context, princ_short, 
-				KRB5_PRINCIPAL_PARSE_MUST_REALM,
-				&p2);
-    if (!ret)
-	krb5_err(context, 1, ret, "Should have failed to parse %s "
-		 "because it lacked a realm", princ_short);
-
-    ret = krb5_parse_name_flags(context, princ,
-				KRB5_PRINCIPAL_PARSE_MUST_REALM,
-				&p2);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-    
-    if (!krb5_principal_compare(context, p, p2))
-	krb5_errx(context, 1, "p != p2");
-
-    ret = krb5_unparse_name_flags(context, p2, 
-				  KRB5_PRINCIPAL_UNPARSE_NO_REALM,
-				  &princ_unparsed);
-    krb5_free_principal(context, p2);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_unparse_name_norealm");
-
-    if (strcmp(princ_short, princ_unparsed))
-	krb5_errx(context, 1, "'%s' != '%s'", princ_short, princ_unparsed);
-    free(princ_unparsed);
-
-    krb5_free_principal(context, p);
-
-    /* test quoting */
-
-    princ = "test\\ principal@SU.SE";
-    noquote = "test principal@SU.SE";
-
-    ret = krb5_parse_name_flags(context, princ, 0, &p);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    ret = krb5_unparse_name_flags(context, p, 0, &princ_unparsed);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_unparse_name_flags");
-
-    if (strcmp(princ, princ_unparsed))
-	krb5_errx(context, 1, "q '%s' != '%s'", princ, princ_unparsed);
-    free(princ_unparsed);
-
-    ret = krb5_unparse_name_flags(context, p, KRB5_PRINCIPAL_UNPARSE_DISPLAY,
-				  &princ_unparsed);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_unparse_name_flags");
-
-    if (strcmp(noquote, princ_unparsed))
-	krb5_errx(context, 1, "nq '%s' != '%s'", noquote, princ_unparsed);
-    free(princ_unparsed);
-
-    krb5_free_principal(context, p);
-}
-
-static void
-test_enterprise(krb5_context context)
-{
-    krb5_error_code ret;
-    char *unparsed;
-    krb5_principal p;
-
-    ret = krb5_set_default_realm(context, "SAMBA.ORG");
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    ret = krb5_parse_name_flags(context, "lha@su.se@WIN.SU.SE", 
-				KRB5_PRINCIPAL_PARSE_ENTERPRISE, &p);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name_flags");
-
-    ret = krb5_unparse_name(context, p, &unparsed);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_unparse_name");
-
-    krb5_free_principal(context, p);
-
-    if (strcmp(unparsed, "lha\\@su.se@WIN.SU.SE") != 0)
-	krb5_errx(context, 1, "enterprise name failed 1");
-    free(unparsed);
-
-    /*
-     *
-     */
-
-    ret = krb5_parse_name_flags(context, "lha\\@su.se@WIN.SU.SE", 
-				KRB5_PRINCIPAL_PARSE_ENTERPRISE, &p);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name_flags");
-
-    ret = krb5_unparse_name(context, p, &unparsed);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_unparse_name");
-
-    krb5_free_principal(context, p);
-    if (strcmp(unparsed, "lha\\@su.se\\@WIN.SU.SE@SAMBA.ORG") != 0)
-	krb5_errx(context, 1, "enterprise name failed 2: %s", unparsed);
-    free(unparsed);
-
-    /*
-     *
-     */
-
-    ret = krb5_parse_name_flags(context, "lha\\@su.se@WIN.SU.SE", 0, &p);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name_flags");
-
-    ret = krb5_unparse_name(context, p, &unparsed);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_unparse_name");
-
-    krb5_free_principal(context, p);
-    if (strcmp(unparsed, "lha\\@su.se@WIN.SU.SE") != 0)
-	krb5_errx(context, 1, "enterprise name failed 3");
-    free(unparsed);
-
-    /*
-     *
-     */
-
-    ret = krb5_parse_name_flags(context, "lha@su.se", 
-				KRB5_PRINCIPAL_PARSE_ENTERPRISE, &p);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name_flags");
-
-    ret = krb5_unparse_name(context, p, &unparsed);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_unparse_name");
-
-    krb5_free_principal(context, p);
-    if (strcmp(unparsed, "lha\\@su.se@SAMBA.ORG") != 0)
-	krb5_errx(context, 1, "enterprise name failed 2: %s", unparsed);
-    free(unparsed);
-}
-
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-
-    setprogname(argv[0]);
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    test_princ(context);
-
-    test_enterprise(context);
-
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/test_renew.c b/crypto/heimdal/lib/krb5/test_renew.c
deleted file mode 100644
index 5fa2de1b9fa0..000000000000
--- a/crypto/heimdal/lib/krb5/test_renew.c
+++ /dev/null
@@ -1,122 +0,0 @@
-/*
- * Copyright (c) 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "krb5_locl.h"
-#include <err.h>
-#include <getarg.h>
-
-RCSID("$Id$");
-
-
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    {"version",	0,	arg_flag,	&version_flag,
-     "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,
-     NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "[principal]");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_principal client;
-    krb5_context context;
-    const char *in_tkt_service = NULL;
-    krb5_ccache id;
-    krb5_error_code ret;
-    krb5_creds out;;
-    int optidx = 0;
-
-    setprogname(argv[0]);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    if (argc > 0)
-	in_tkt_service = argv[0];
-
-    memset(&out, 0, sizeof(out));
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_init_context");
-
-    ret = krb5_cc_default(context, &id);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_default");
-
-    ret = krb5_cc_get_principal(context, id, &client);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_default");
-
-    ret = krb5_get_renewed_creds(context,
-				 &out,
-				 client,
-				 id,
-				 in_tkt_service);
-
-    if(ret)
-	krb5_err(context, 1, ret, "krb5_get_kdc_cred");
-
-    if (krb5_principal_compare(context, out.client, client) != TRUE)
-	krb5_errx(context, 1, "return principal is not as expected");
-
-    krb5_free_cred_contents(context, &out);
-
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/test_store.c b/crypto/heimdal/lib/krb5/test_store.c
deleted file mode 100644
index 2ce6c8dac363..000000000000
--- a/crypto/heimdal/lib/krb5/test_store.c
+++ /dev/null
@@ -1,252 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <getarg.h>
-
-RCSID("$Id: test_store.c 20192 2007-02-05 23:21:03Z lha $");
-
-static void
-test_int8(krb5_context context, krb5_storage *sp)
-{
-    krb5_error_code ret;
-    int i;
-    int8_t val[] = {
-	0, 1, -1, 128, -127
-    }, v;
-
-    for (i = 0; i < sizeof(val[0])/sizeof(val); i++) {
-
-	ret = krb5_store_int8(sp, val[i]);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_store_int8");
-	krb5_storage_seek(sp, 0, SEEK_SET);
-	ret = krb5_ret_int8(sp, &v);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_ret_int8");
-	if (v != val[i])
-	    krb5_errx(context, 1, "store and ret mismatch");
-    }
-}
-
-static void
-test_int16(krb5_context context, krb5_storage *sp)
-{
-    krb5_error_code ret;
-    int i;
-    int16_t val[] = {
-	0, 1, -1, 32768, -32767
-    }, v;
-
-    for (i = 0; i < sizeof(val[0])/sizeof(val); i++) {
-
-	ret = krb5_store_int16(sp, val[i]);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_store_int16");
-	krb5_storage_seek(sp, 0, SEEK_SET);
-	ret = krb5_ret_int16(sp, &v);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_ret_int16");
-	if (v != val[i])
-	    krb5_errx(context, 1, "store and ret mismatch");
-    }
-}
-
-static void
-test_int32(krb5_context context, krb5_storage *sp)
-{
-    krb5_error_code ret;
-    int i;
-    int32_t val[] = {
-	0, 1, -1, 2147483647, -2147483646
-    }, v;
-
-    for (i = 0; i < sizeof(val[0])/sizeof(val); i++) {
-
-	ret = krb5_store_int32(sp, val[i]);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_store_int32");
-	krb5_storage_seek(sp, 0, SEEK_SET);
-	ret = krb5_ret_int32(sp, &v);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_ret_int32");
-	if (v != val[i])
-	    krb5_errx(context, 1, "store and ret mismatch");
-    }
-}
-
-static void
-test_uint8(krb5_context context, krb5_storage *sp)
-{
-    krb5_error_code ret;
-    int i;
-    uint8_t val[] = {
-	0, 1, 255
-    }, v;
-
-    for (i = 0; i < sizeof(val[0])/sizeof(val); i++) {
-
-	ret = krb5_store_uint8(sp, val[i]);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_store_uint8");
-	krb5_storage_seek(sp, 0, SEEK_SET);
-	ret = krb5_ret_uint8(sp, &v);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_ret_uint8");
-	if (v != val[i])
-	    krb5_errx(context, 1, "store and ret mismatch");
-    }
-}
-
-static void
-test_uint16(krb5_context context, krb5_storage *sp)
-{
-    krb5_error_code ret;
-    int i;
-    uint16_t val[] = {
-	0, 1, 65535
-    }, v;
-
-    for (i = 0; i < sizeof(val[0])/sizeof(val); i++) {
-
-	ret = krb5_store_uint16(sp, val[i]);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_store_uint16");
-	krb5_storage_seek(sp, 0, SEEK_SET);
-	ret = krb5_ret_uint16(sp, &v);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_ret_uint16");
-	if (v != val[i])
-	    krb5_errx(context, 1, "store and ret mismatch");
-    }
-}
-
-static void
-test_uint32(krb5_context context, krb5_storage *sp)
-{
-    krb5_error_code ret;
-    int i;
-    uint32_t val[] = {
-	0, 1, 4294967295UL
-    }, v;
-
-    for (i = 0; i < sizeof(val[0])/sizeof(val); i++) {
-
-	ret = krb5_store_uint32(sp, val[i]);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_store_uint32");
-	krb5_storage_seek(sp, 0, SEEK_SET);
-	ret = krb5_ret_uint32(sp, &v);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_ret_uint32");
-	if (v != val[i])
-	    krb5_errx(context, 1, "store and ret mismatch");
-    }
-}
-
-
-static void
-test_storage(krb5_context context)
-{
-    krb5_storage *sp;
-
-    sp = krb5_storage_emem();
-    if (sp == NULL)
-	krb5_errx(context, 1, "krb5_storage_emem: no mem");
-
-    test_int8(context, sp);
-    test_int16(context, sp);
-    test_int32(context, sp);
-    test_uint8(context, sp);
-    test_uint16(context, sp);
-    test_uint32(context, sp);
-
-    krb5_storage_free(sp);
-}
-
-/*
- *
- */
-
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    {"version",	0,	arg_flag,	&version_flag,
-     "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,
-     NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    int optidx = 0;
-
-    setprogname(argv[0]);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    ret = krb5_init_context (&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    test_storage(context);
-
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/test_time.c b/crypto/heimdal/lib/krb5/test_time.c
deleted file mode 100644
index 02a0204477c7..000000000000
--- a/crypto/heimdal/lib/krb5/test_time.c
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "krb5_locl.h"
-#include <err.h>
-
-RCSID("$Id: test_time.c 18809 2006-10-22 07:11:43Z lha $");
-
-static void
-check_set_time(krb5_context context)
-{
-    krb5_error_code ret;
-    krb5_timestamp sec;
-    int32_t usec;
-    struct timeval tv;
-    int diff = 10;
-    int diff2;
-
-    gettimeofday(&tv, NULL);
-
-    ret = krb5_set_real_time(context, tv.tv_sec + diff, tv.tv_usec);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_us_timeofday");
-    
-    ret = krb5_us_timeofday(context, &sec, &usec);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_us_timeofday");
-
-    diff2 = abs(sec - tv.tv_sec);
-
-    if (diff2 < 9 || diff > 11)
-	krb5_errx(context, 1, "set time error: diff: %d",
-		  abs(sec - tv.tv_sec));
-}
-
-
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx(1, "krb5_init_context %d", ret);
-
-    check_set_time(context);
-    check_set_time(context);
-    check_set_time(context);
-    check_set_time(context);
-    check_set_time(context);
-
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/ticket.c b/crypto/heimdal/lib/krb5/ticket.c
deleted file mode 100644
index 7eb4d32fad57..000000000000
--- a/crypto/heimdal/lib/krb5/ticket.c
+++ /dev/null
@@ -1,272 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: ticket.c 19544 2006-12-28 20:49:18Z lha $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_free_ticket(krb5_context context,
-		 krb5_ticket *ticket)
-{
-    free_EncTicketPart(&ticket->ticket);
-    krb5_free_principal(context, ticket->client);
-    krb5_free_principal(context, ticket->server);
-    free(ticket);
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_copy_ticket(krb5_context context,
-		 const krb5_ticket *from,
-		 krb5_ticket **to)
-{
-    krb5_error_code ret;
-    krb5_ticket *tmp;
-
-    *to = NULL;
-    tmp = malloc(sizeof(*tmp));
-    if(tmp == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    if((ret = copy_EncTicketPart(&from->ticket, &tmp->ticket))){
-	free(tmp);
-	return ret;
-    }
-    ret = krb5_copy_principal(context, from->client, &tmp->client);
-    if(ret){
-	free_EncTicketPart(&tmp->ticket);
-	free(tmp);
-	return ret;
-    }
-    ret = krb5_copy_principal(context, from->server, &tmp->server);
-    if(ret){
-	krb5_free_principal(context, tmp->client);
-	free_EncTicketPart(&tmp->ticket);
-	free(tmp);
-	return ret;
-    }
-    *to = tmp;
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ticket_get_client(krb5_context context,
-		       const krb5_ticket *ticket,
-		       krb5_principal *client)
-{
-    return krb5_copy_principal(context, ticket->client, client);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ticket_get_server(krb5_context context,
-		       const krb5_ticket *ticket,
-		       krb5_principal *server)
-{
-    return krb5_copy_principal(context, ticket->server, server);
-}
-
-time_t KRB5_LIB_FUNCTION
-krb5_ticket_get_endtime(krb5_context context,
-			const krb5_ticket *ticket)
-{
-    return ticket->ticket.endtime;
-}
-
-static int
-find_type_in_ad(krb5_context context,
-		int type, 
-		krb5_data *data,
-		krb5_boolean *found,
-		krb5_boolean failp,
-		krb5_keyblock *sessionkey,
-		const AuthorizationData *ad,
-		int level)
-{
-    krb5_error_code ret = 0;
-    int i;
-
-    if (level > 9) {
-	krb5_set_error_string(context, "Authorization data nested deeper "
-			      "then %d levels, stop searching", level);
-	ret = ENOENT; /* XXX */
-	goto out;
-    }
-
-    /*
-     * Only copy out the element the first time we get to it, we need
-     * to run over the whole authorization data fields to check if
-     * there are any container clases we need to care about.
-     */
-    for (i = 0; i < ad->len; i++) {
-	if (!*found && ad->val[i].ad_type == type) {
-	    ret = der_copy_octet_string(&ad->val[i].ad_data, data);
-	    if (ret) {
-		krb5_set_error_string(context, "malloc - out of memory");
-		goto out;
-	    }
-	    *found = TRUE;
-	    continue;
-	}
-	switch (ad->val[i].ad_type) {
-	case KRB5_AUTHDATA_IF_RELEVANT: {
-	    AuthorizationData child;
-	    ret = decode_AuthorizationData(ad->val[i].ad_data.data,
-					   ad->val[i].ad_data.length,
-					   &child,
-					   NULL);
-	    if (ret) {
-		krb5_set_error_string(context, "Failed to decode "
-				      "IF_RELEVANT with %d", ret);
-		goto out;
-	    }
-	    ret = find_type_in_ad(context, type, data, found, FALSE,
-				  sessionkey, &child, level + 1);
-	    free_AuthorizationData(&child);
-	    if (ret)
-		goto out;
-	    break;
-	}
-#if 0 /* XXX test */
-	case KRB5_AUTHDATA_KDC_ISSUED: {
-	    AD_KDCIssued child;
-
-	    ret = decode_AD_KDCIssued(ad->val[i].ad_data.data,
-				      ad->val[i].ad_data.length,
-				      &child,
-				      NULL);
-	    if (ret) {
-		krb5_set_error_string(context, "Failed to decode "
-				      "AD_KDCIssued with %d", ret);
-		goto out;
-	    }
-	    if (failp) {
-		krb5_boolean valid;
-		krb5_data buf;
-		size_t len;
-
-		ASN1_MALLOC_ENCODE(AuthorizationData, buf.data, buf.length, 
-				   &child.elements, &len, ret);
-		if (ret) {
-		    free_AD_KDCIssued(&child);
-		    krb5_clear_error_string(context);
-		    goto out;
-		}
-		if(buf.length != len)
-		    krb5_abortx(context, "internal error in ASN.1 encoder");
-
-		ret = krb5_c_verify_checksum(context, sessionkey, 19, &buf,
-					     &child.ad_checksum, &valid);
-		krb5_data_free(&buf);
-		if (ret) {
-		    free_AD_KDCIssued(&child);
-		    goto out;
-		}
-		if (!valid) {
-		    krb5_clear_error_string(context);
-		    ret = ENOENT;
-		    free_AD_KDCIssued(&child);
-		    goto out;
-		}
-	    }
-	    ret = find_type_in_ad(context, type, data, found, failp, sessionkey,
-				  &child.elements, level + 1);
-	    free_AD_KDCIssued(&child);
-	    if (ret)
-		goto out;
-	    break;
-	}
-#endif
-	case KRB5_AUTHDATA_AND_OR:
-	    if (!failp)
-		break;
-	    krb5_set_error_string(context, "Authorization data contains "
-				  "AND-OR element that is unknown to the "
-				  "application");
-	    ret = ENOENT; /* XXX */
-	    goto out;
-	default:
-	    if (!failp)
-		break;
-	    krb5_set_error_string(context, "Authorization data contains "
-				  "unknown type (%d) ", ad->val[i].ad_type);
-	    ret = ENOENT; /* XXX */
-	    goto out;
-	}
-    }
-out:
-    if (ret) {
-	if (*found) {
-	    krb5_data_free(data);
-	    *found = 0;
-	}
-    }
-    return ret;
-}
-
-/*
- * Extract the authorization data type of `type' from the
- * 'ticket'. Store the field in `data'. This function is to use for
- * kerberos applications.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_ticket_get_authorization_data_type(krb5_context context,
-					krb5_ticket *ticket,
-					int type,
-					krb5_data *data)
-{
-    AuthorizationData *ad;
-    krb5_error_code ret;
-    krb5_boolean found = FALSE;
-
-    krb5_data_zero(data);
-
-    ad = ticket->ticket.authorization_data;
-    if (ticket->ticket.authorization_data == NULL) {
-	krb5_set_error_string(context, "Ticket have not authorization data");
-	return ENOENT; /* XXX */
-    }
-
-    ret = find_type_in_ad(context, type, data, &found, TRUE,
-			  &ticket->ticket.key, ad, 0);
-    if (ret)
-	return ret;
-    if (!found) {
-	krb5_set_error_string(context, "Ticket have not authorization "
-			  "data of type %d", type);
-	return ENOENT; /* XXX */
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/time.c b/crypto/heimdal/lib/krb5/time.c
deleted file mode 100644
index 4cd992d48f27..000000000000
--- a/crypto/heimdal/lib/krb5/time.c
+++ /dev/null
@@ -1,114 +0,0 @@
-/*
- * Copyright (c) 1997-2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: time.c 14308 2004-10-13 17:57:11Z lha $");
-
-/*
- * Set the absolute time that the caller knows the kdc has so the
- * kerberos library can calculate the relative diffrence beteen the
- * KDC time and local system time.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_real_time (krb5_context context,
-		    krb5_timestamp sec,
-		    int32_t usec)
-{
-    struct timeval tv;
-    
-    gettimeofday(&tv, NULL);
-
-    context->kdc_sec_offset = sec - tv.tv_sec;
-    context->kdc_usec_offset = usec - tv.tv_usec;
-
-    if (context->kdc_usec_offset < 0) {
-	context->kdc_sec_offset--;
-	context->kdc_usec_offset += 1000000;
-    }
-    return 0;
-}
-
-/*
- * return ``corrected'' time in `timeret'.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_timeofday (krb5_context context,
-		krb5_timestamp *timeret)
-{
-    *timeret = time(NULL) + context->kdc_sec_offset;
-    return 0;
-}
-
-/*
- * like gettimeofday but with time correction to the KDC
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_us_timeofday (krb5_context context,
-		   krb5_timestamp *sec,
-		   int32_t *usec)
-{
-    struct timeval tv;
-
-    gettimeofday (&tv, NULL);
-
-    *sec  = tv.tv_sec + context->kdc_sec_offset;
-    *usec = tv.tv_usec;		/* XXX */
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_format_time(krb5_context context, time_t t, 
-		 char *s, size_t len, krb5_boolean include_time)
-{
-    struct tm *tm;
-    if(context->log_utc)
-	tm = gmtime (&t);
-    else
-	tm = localtime(&t);
-    if(tm == NULL ||
-       strftime(s, len, include_time ? context->time_fmt : context->date_fmt, tm) == 0)
-	snprintf(s, len, "%ld", (long)t);
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_string_to_deltat(const char *string, krb5_deltat *deltat)
-{
-    if((*deltat = parse_time(string, "s")) == -1)
-	return KRB5_DELTAT_BADFORMAT;
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/transited.c b/crypto/heimdal/lib/krb5/transited.c
deleted file mode 100644
index 9b67ecc04f26..000000000000
--- a/crypto/heimdal/lib/krb5/transited.c
+++ /dev/null
@@ -1,503 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: transited.c 21745 2007-07-31 16:11:25Z lha $");
-
-/* this is an attempt at one of the most horrible `compression'
-   schemes that has ever been invented; it's so amazingly brain-dead
-   that words can not describe it, and all this just to save a few
-   silly bytes */
-
-struct tr_realm {
-    char *realm;
-    unsigned leading_space:1;
-    unsigned leading_slash:1;
-    unsigned trailing_dot:1;
-    struct tr_realm *next;
-};
-
-static void
-free_realms(struct tr_realm *r)
-{
-    struct tr_realm *p;
-    while(r){
-	p = r;
-	r = r->next;
-	free(p->realm);
-	free(p);
-    }	
-}
-
-static int
-make_path(krb5_context context, struct tr_realm *r,
-	  const char *from, const char *to)
-{
-    const char *p;
-    struct tr_realm *path = r->next;
-    struct tr_realm *tmp;
-
-    if(strlen(from) < strlen(to)){
-	const char *str;
-	str = from;
-	from = to;
-	to = str;
-    }
-	
-    if(strcmp(from + strlen(from) - strlen(to), to) == 0){
-	p = from;
-	while(1){
-	    p = strchr(p, '.');
-	    if(p == NULL) {
-		krb5_clear_error_string (context);
-		return KRB5KDC_ERR_POLICY;
-	    }
-	    p++;
-	    if(strcmp(p, to) == 0)
-		break;
-	    tmp = calloc(1, sizeof(*tmp));
-	    if(tmp == NULL){
-		krb5_set_error_string (context, "malloc: out of memory");
-		return ENOMEM;
-	    }
-	    tmp->next = path;
-	    path = tmp;
-	    path->realm = strdup(p);
-	    if(path->realm == NULL){
-		r->next = path; /* XXX */
-		krb5_set_error_string (context, "malloc: out of memory");
-		return ENOMEM;;
-	    }
-	}
-    }else if(strncmp(from, to, strlen(to)) == 0){
-	p = from + strlen(from);
-	while(1){
-	    while(p >= from && *p != '/') p--;
-	    if(p == from) {
-		r->next = path; /* XXX */
-		return KRB5KDC_ERR_POLICY;
-	    }
-	    if(strncmp(to, from, p - from) == 0)
-		break;
-	    tmp = calloc(1, sizeof(*tmp));
-	    if(tmp == NULL){
-		krb5_set_error_string (context, "malloc: out of memory");
-		return ENOMEM;
-	    }
-	    tmp->next = path;
-	    path = tmp;
-	    path->realm = malloc(p - from + 1);
-	    if(path->realm == NULL){
-		r->next = path; /* XXX */
-		krb5_set_error_string (context, "malloc: out of memory");
-		return ENOMEM;
-	    }
-	    memcpy(path->realm, from, p - from);
-	    path->realm[p - from] = '\0';
-	    p--;
-	}
-    } else {
-	krb5_clear_error_string (context);
-	return KRB5KDC_ERR_POLICY;
-    }
-    r->next = path;
-    
-    return 0;
-}
-
-static int
-make_paths(krb5_context context,
-	   struct tr_realm *realms, const char *client_realm, 
-	   const char *server_realm)
-{
-    struct tr_realm *r;
-    int ret;
-    const char *prev_realm = client_realm;
-    const char *next_realm = NULL;
-    for(r = realms; r; r = r->next){
-	/* it *might* be that you can have more than one empty
-	   component in a row, at least that's how I interpret the
-	   "," exception in 1510 */
-	if(r->realm[0] == '\0'){
-	    while(r->next && r->next->realm[0] == '\0')
-		r = r->next;
-	    if(r->next)
-		next_realm = r->next->realm;
-	    else
-		next_realm = server_realm;
-	    ret = make_path(context, r, prev_realm, next_realm);
-	    if(ret){
-		free_realms(realms);
-		return ret;
-	    }
-	}
-	prev_realm = r->realm;
-    }
-    return 0;
-}
-
-static int
-expand_realms(krb5_context context,
-	      struct tr_realm *realms, const char *client_realm)
-{
-    struct tr_realm *r;
-    const char *prev_realm = NULL;
-    for(r = realms; r; r = r->next){
-	if(r->trailing_dot){
-	    char *tmp;
-	    size_t len;
-
-	    if(prev_realm == NULL)
-		prev_realm = client_realm;
-
-	    len = strlen(r->realm) + strlen(prev_realm) + 1;
-
-	    tmp = realloc(r->realm, len);
-	    if(tmp == NULL){
-		free_realms(realms);
-		krb5_set_error_string (context, "malloc: out of memory");
-		return ENOMEM;
-	    }
-	    r->realm = tmp;
-	    strlcat(r->realm, prev_realm, len);
-	}else if(r->leading_slash && !r->leading_space && prev_realm){
-	    /* yet another exception: if you use x500-names, the
-               leading realm doesn't have to be "quoted" with a space */
-	    char *tmp;
-	    size_t len = strlen(r->realm) + strlen(prev_realm) + 1;
-
-	    tmp = malloc(len);
-	    if(tmp == NULL){
-		free_realms(realms);
-		krb5_set_error_string (context, "malloc: out of memory");
-		return ENOMEM;
-	    }
-	    strlcpy(tmp, prev_realm, len);
-	    strlcat(tmp, r->realm, len);
-	    free(r->realm);
-	    r->realm = tmp;
-	}
-	prev_realm = r->realm;
-    }
-    return 0;
-}
-
-static struct tr_realm *
-make_realm(char *realm)
-{
-    struct tr_realm *r;
-    char *p, *q;
-    int quote = 0;
-    r = calloc(1, sizeof(*r));
-    if(r == NULL){
-	free(realm);
-	return NULL;
-    }
-    r->realm = realm;
-    for(p = q = r->realm; *p; p++){
-	if(p == r->realm && *p == ' '){
-	    r->leading_space = 1;
-	    continue;
-	}
-	if(q == r->realm && *p == '/')
-	    r->leading_slash = 1;
-	if(quote){
-	    *q++ = *p;
-	    quote = 0;
-	    continue;
-	}
-	if(*p == '\\'){
-	    quote = 1;
-	    continue;
-	}
-	if(p[0] == '.' && p[1] == '\0')
-	    r->trailing_dot = 1;
-	*q++ = *p;
-    }
-    *q = '\0';
-    return r;
-}
-
-static struct tr_realm*
-append_realm(struct tr_realm *head, struct tr_realm *r)
-{
-    struct tr_realm *p;
-    if(head == NULL){
-	r->next = NULL;
-	return r;
-    }
-    p = head;
-    while(p->next) p = p->next;
-    p->next = r;
-    return head;
-}
-
-static int
-decode_realms(krb5_context context,
-	      const char *tr, int length, struct tr_realm **realms)
-{
-    struct tr_realm *r = NULL;
-
-    char *tmp;
-    int quote = 0;
-    const char *start = tr;
-    int i;
-
-    for(i = 0; i < length; i++){
-	if(quote){
-	    quote = 0;
-	    continue;
-	}
-	if(tr[i] == '\\'){
-	    quote = 1;
-	    continue;
-	}
-	if(tr[i] == ','){
-	    tmp = malloc(tr + i - start + 1);
-	    if(tmp == NULL){
-		krb5_set_error_string (context, "malloc: out of memory");
-		return ENOMEM;
-	    }
-	    memcpy(tmp, start, tr + i - start);
-	    tmp[tr + i - start] = '\0';
-	    r = make_realm(tmp);
-	    if(r == NULL){
-		free_realms(*realms);
-		krb5_set_error_string (context, "malloc: out of memory");
-		return ENOMEM;
-	    }
-	    *realms = append_realm(*realms, r);
-	    start = tr + i + 1;
-	}
-    }
-    tmp = malloc(tr + i - start + 1);
-    if(tmp == NULL){
-	free(*realms);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    memcpy(tmp, start, tr + i - start);
-    tmp[tr + i - start] = '\0';
-    r = make_realm(tmp);
-    if(r == NULL){
-	free_realms(*realms);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    *realms = append_realm(*realms, r);
-    
-    return 0;
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_domain_x500_decode(krb5_context context,
-			krb5_data tr, char ***realms, int *num_realms, 
-			const char *client_realm, const char *server_realm)
-{
-    struct tr_realm *r = NULL;
-    struct tr_realm *p, **q;
-    int ret;
-    
-    if(tr.length == 0) {
-	*realms = NULL;
-	*num_realms = 0;
-	return 0;
-    }
-
-    /* split string in components */
-    ret = decode_realms(context, tr.data, tr.length, &r);
-    if(ret)
-	return ret;
-    
-    /* apply prefix rule */
-    ret = expand_realms(context, r, client_realm);
-    if(ret)
-	return ret;
-    
-    ret = make_paths(context, r, client_realm, server_realm);
-    if(ret)
-	return ret;
-    
-    /* remove empty components and count realms */
-    q = &r;
-    *num_realms = 0;
-    for(p = r; p; ){
-	if(p->realm[0] == '\0'){
-	    free(p->realm);
-	    *q = p->next;
-	    free(p);
-	    p = *q;
-	}else{
-	    q = &p->next;
-	    p = p->next;
-	    (*num_realms)++;
-	}
-    }
-    if (*num_realms < 0 || *num_realms + 1 > UINT_MAX/sizeof(**realms))
-	return ERANGE;
-
-    {
-	char **R;
-	R = malloc((*num_realms + 1) * sizeof(*R));
-	if (R == NULL)
-	    return ENOMEM;
-	*realms = R;
-	while(r){
-	    *R++ = r->realm;
-	    p = r->next;
-	    free(r);
-	    r = p;
-	}
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_domain_x500_encode(char **realms, int num_realms, krb5_data *encoding)
-{
-    char *s = NULL;
-    int len = 0;
-    int i;
-    krb5_data_zero(encoding);
-    if (num_realms == 0)
-	return 0;
-    for(i = 0; i < num_realms; i++){
-	len += strlen(realms[i]);
-	if(realms[i][0] == '/')
-	    len++;
-    }
-    len += num_realms - 1;
-    s = malloc(len + 1);
-    if (s == NULL)
-	return ENOMEM;
-    *s = '\0';
-    for(i = 0; i < num_realms; i++){
-	if(i && i < num_realms - 1)
-	    strlcat(s, ",", len + 1);
-	if(realms[i][0] == '/')
-	    strlcat(s, " ", len + 1);
-	strlcat(s, realms[i], len + 1);
-    }
-    encoding->data = s;
-    encoding->length = strlen(s);
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_check_transited(krb5_context context,
-		     krb5_const_realm client_realm,
-		     krb5_const_realm server_realm,
-		     krb5_realm *realms,
-		     int num_realms,
-		     int *bad_realm)
-{
-    char **tr_realms;
-    char **p;
-    int i;
-
-    if(num_realms == 0)
-	return 0;
-    
-    tr_realms = krb5_config_get_strings(context, NULL, 
-					"capaths", 
-					client_realm, 
-					server_realm, 
-					NULL);
-    for(i = 0; i < num_realms; i++) {
-	for(p = tr_realms; p && *p; p++) {
-	    if(strcmp(*p, realms[i]) == 0)
-		break;
-	}
-	if(p == NULL || *p == NULL) {
-	    krb5_config_free_strings(tr_realms);
-	    krb5_set_error_string (context, "no transit through realm %s",
-				   realms[i]);
-	    if(bad_realm)
-		*bad_realm = i;
-	    return KRB5KRB_AP_ERR_ILL_CR_TKT;
-	}
-    }
-    krb5_config_free_strings(tr_realms);
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_check_transited_realms(krb5_context context,
-			    const char *const *realms, 
-			    int num_realms, 
-			    int *bad_realm)
-{
-    int i;
-    int ret = 0;
-    char **bad_realms = krb5_config_get_strings(context, NULL, 
-						"libdefaults", 
-						"transited_realms_reject", 
-						NULL);
-    if(bad_realms == NULL)
-	return 0;
-
-    for(i = 0; i < num_realms; i++) {
-	char **p;
-	for(p = bad_realms; *p; p++)
-	    if(strcmp(*p, realms[i]) == 0) {
-		krb5_set_error_string (context, "no transit through realm %s",
-				       *p);
-		ret = KRB5KRB_AP_ERR_ILL_CR_TKT;
-		if(bad_realm)
-		    *bad_realm = i;
-		break;
-	    }
-    }
-    krb5_config_free_strings(bad_realms);
-    return ret;
-}
-
-#if 0
-int
-main(int argc, char **argv)
-{
-    krb5_data x;
-    char **r;
-    int num, i;
-    x.data = argv[1];
-    x.length = strlen(x.data);
-    if(domain_expand(x, &r, &num, argv[2], argv[3]))
-	exit(1);
-    for(i = 0; i < num; i++)
-	printf("%s\n", r[i]);
-    return 0;
-}
-#endif
-
diff --git a/crypto/heimdal/lib/krb5/v4_glue.c b/crypto/heimdal/lib/krb5/v4_glue.c
deleted file mode 100644
index 37b1e35dd188..000000000000
--- a/crypto/heimdal/lib/krb5/v4_glue.c
+++ /dev/null
@@ -1,939 +0,0 @@
-/*
- * Copyright (c) 1997 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-RCSID("$Id: v4_glue.c 22071 2007-11-14 20:04:50Z lha $");
-
-#include "krb5-v4compat.h"
-
-/*
- *
- */
-
-#define RCHECK(r,func,label) \
-	do { (r) = func ; if (r) goto label; } while(0);
-
-
-/* include this here, to avoid dependencies on libkrb */
-
-static const int _tkt_lifetimes[TKTLIFENUMFIXED] = {
-   38400,   41055,   43894,   46929,   50174,   53643,   57352,   61318,
-   65558,   70091,   74937,   80119,   85658,   91581,   97914,  104684,
-  111922,  119661,  127935,  136781,  146239,  156350,  167161,  178720,
-  191077,  204289,  218415,  233517,  249664,  266926,  285383,  305116,
-  326213,  348769,  372885,  398668,  426234,  455705,  487215,  520904,
-  556921,  595430,  636601,  680618,  727680,  777995,  831789,  889303,
-  950794, 1016537, 1086825, 1161973, 1242318, 1328218, 1420057, 1518247,
- 1623226, 1735464, 1855462, 1983758, 2120925, 2267576, 2424367, 2592000
-};
-
-int KRB5_LIB_FUNCTION
-_krb5_krb_time_to_life(time_t start, time_t end)
-{
-    int i;
-    time_t life = end - start;
-
-    if (life > MAXTKTLIFETIME || life <= 0) 
-	return 0;
-#if 0    
-    if (krb_no_long_lifetimes) 
-	return (life + 5*60 - 1)/(5*60);
-#endif
-    
-    if (end >= NEVERDATE)
-	return TKTLIFENOEXPIRE;
-    if (life < _tkt_lifetimes[0]) 
-	return (life + 5*60 - 1)/(5*60);
-    for (i=0; i<TKTLIFENUMFIXED; i++)
-	if (life <= _tkt_lifetimes[i])
-	    return i + TKTLIFEMINFIXED;
-    return 0;
-    
-}
-
-time_t KRB5_LIB_FUNCTION
-_krb5_krb_life_to_time(int start, int life_)
-{
-    unsigned char life = (unsigned char) life_;
-
-#if 0    
-    if (krb_no_long_lifetimes)
-	return start + life*5*60;
-#endif
-
-    if (life == TKTLIFENOEXPIRE)
-	return NEVERDATE;
-    if (life < TKTLIFEMINFIXED)
-	return start + life*5*60;
-    if (life > TKTLIFEMAXFIXED)
-	return start + MAXTKTLIFETIME;
-    return start + _tkt_lifetimes[life - TKTLIFEMINFIXED];
-}
-
-/*
- * Get the name of the krb4 credentials cache, will use `tkfile' as
- * the name if that is passed in. `cc' must be free()ed by caller,
- */
-
-static krb5_error_code
-get_krb4_cc_name(const char *tkfile, char **cc)
-{
-
-    *cc = NULL;
-    if(tkfile == NULL) {
-	char *path;
-	if(!issuid()) {
-	    path = getenv("KRBTKFILE");
-	    if (path)
-		*cc = strdup(path);
-	}
-	if(*cc == NULL)
-	    if (asprintf(cc, "%s%u", TKT_ROOT, (unsigned)getuid()) < 0)
-		return errno;
-    } else {
-	*cc = strdup(tkfile);
-	if (*cc == NULL)
-	    return ENOMEM;
-    }
-    return 0;
-}
-
-/*
- * Write a Kerberos 4 ticket file
- */
-
-#define KRB5_TF_LCK_RETRY_COUNT 50
-#define KRB5_TF_LCK_RETRY 1
-
-static krb5_error_code
-write_v4_cc(krb5_context context, const char *tkfile, 
-	    krb5_storage *sp, int append)
-{
-    krb5_error_code ret;
-    struct stat sb;
-    krb5_data data;
-    char *path;
-    int fd, i;
-
-    ret = get_krb4_cc_name(tkfile, &path);
-    if (ret) {
-	krb5_set_error_string(context, 
-			      "krb5_krb_tf_setup: failed getting "
-			      "the krb4 credentials cache name"); 
-	return ret;
-    }
-
-    fd = open(path, O_WRONLY|O_CREAT, 0600);
-    if (fd < 0) {
-	ret = errno;
-	krb5_set_error_string(context, 
-			      "krb5_krb_tf_setup: error opening file %s", 
-			      path);
-	free(path);
-	return ret;
-    }
-
-    if (fstat(fd, &sb) != 0 || !S_ISREG(sb.st_mode)) {
-	krb5_set_error_string(context, 
-			      "krb5_krb_tf_setup: tktfile %s is not a file",
-			      path);
-	free(path);
-	close(fd);
-	return KRB5_FCC_PERM;
-    }
-
-    for (i = 0; i < KRB5_TF_LCK_RETRY_COUNT; i++) {
-	if (flock(fd, LOCK_EX | LOCK_NB) < 0) {
-	    sleep(KRB5_TF_LCK_RETRY);
-	} else
-	    break;
-    }
-    if (i == KRB5_TF_LCK_RETRY_COUNT) {
-	krb5_set_error_string(context,
-			      "krb5_krb_tf_setup: failed to lock %s",
-			      path);
-	free(path);
-	close(fd);
-	return KRB5_FCC_PERM;
-    }
-
-    if (!append) {
-	ret = ftruncate(fd, 0);
-	if (ret < 0) {
-	    flock(fd, LOCK_UN);
-	    krb5_set_error_string(context,
-				  "krb5_krb_tf_setup: failed to truncate %s",
-				  path);
-	    free(path);
-	    close(fd);
-	    return KRB5_FCC_PERM;
-	}
-    }
-    ret = lseek(fd, 0L, SEEK_END);
-    if (ret < 0) {
-	ret = errno;
-	flock(fd, LOCK_UN);
-	free(path);
-	close(fd);
-	return ret;
-    }
-
-    krb5_storage_to_data(sp, &data);
-
-    ret = write(fd, data.data, data.length);
-    if (ret != data.length)
-	ret = KRB5_CC_IO;
-
-    krb5_free_data_contents(context, &data);
-
-    flock(fd, LOCK_UN);
-    free(path);
-    close(fd);
-
-    return 0;
-}
-
-/*
- *
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_krb_tf_setup(krb5_context context, 
-		   struct credentials *v4creds, 
-		   const char *tkfile,
-		   int append)
-{
-    krb5_error_code ret;
-    krb5_storage *sp;
-
-    sp = krb5_storage_emem();
-    if (sp == NULL)
-	return ENOMEM;
-
-    krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_HOST);
-    krb5_storage_set_eof_code(sp, KRB5_CC_IO);
-
-    krb5_clear_error_string(context);
-
-    if (!append) {
-	RCHECK(ret, krb5_store_stringz(sp, v4creds->pname), error);
-	RCHECK(ret, krb5_store_stringz(sp, v4creds->pinst), error);
-    }
-
-    /* cred */
-    RCHECK(ret, krb5_store_stringz(sp, v4creds->service), error);
-    RCHECK(ret, krb5_store_stringz(sp, v4creds->instance), error);
-    RCHECK(ret, krb5_store_stringz(sp, v4creds->realm), error);
-    ret = krb5_storage_write(sp, v4creds->session, 8);
-    if (ret != 8) {
-	ret = KRB5_CC_IO;
-	goto error;
-    }
-    RCHECK(ret, krb5_store_int32(sp, v4creds->lifetime), error);
-    RCHECK(ret, krb5_store_int32(sp, v4creds->kvno), error);
-    RCHECK(ret, krb5_store_int32(sp, v4creds->ticket_st.length), error);
-
-    ret = krb5_storage_write(sp, v4creds->ticket_st.dat, 
-			     v4creds->ticket_st.length);
-    if (ret != v4creds->ticket_st.length) {
-	ret = KRB5_CC_IO;
-	goto error;
-    }
-    RCHECK(ret, krb5_store_int32(sp, v4creds->issue_date), error);
-
-    ret = write_v4_cc(context, tkfile, sp, append);
-
- error:
-    krb5_storage_free(sp);
-
-    return ret;
-}
-
-/*
- *
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_krb_dest_tkt(krb5_context context, const char *tkfile)
-{
-    krb5_error_code ret;
-    char *path;
-
-    ret = get_krb4_cc_name(tkfile, &path);
-    if (ret) {
-	krb5_set_error_string(context, 
-			      "krb5_krb_tf_setup: failed getting "
-			      "the krb4 credentials cache name"); 
-	return ret;
-    }
-
-    if (unlink(path) < 0) {
-	ret = errno;
-	krb5_set_error_string(context, 
-			      "krb5_krb_dest_tkt failed removing the cache "
-			      "with error %s", strerror(ret));
-    }
-    free(path);
-
-    return ret;
-}
-
-/*
- *
- */
-
-static krb5_error_code
-decrypt_etext(krb5_context context, const krb5_keyblock *key,
-	      const krb5_data *cdata, krb5_data *data)
-{
-    krb5_error_code ret;
-    krb5_crypto crypto;
-
-    ret = krb5_crypto_init(context, key, ETYPE_DES_PCBC_NONE, &crypto);
-    if (ret)
-	return ret;
-
-    ret = krb5_decrypt(context, crypto, 0, cdata->data, cdata->length, data);
-    krb5_crypto_destroy(context, crypto);
-
-    return ret;
-}
-
-
-/*
- *
- */
-
-static const char eightzeros[8] = "\x00\x00\x00\x00\x00\x00\x00\x00";
-
-static krb5_error_code
-storage_to_etext(krb5_context context,
-		 krb5_storage *sp,
-		 const krb5_keyblock *key, 
-		 krb5_data *enc_data)
-{
-    krb5_error_code ret;
-    krb5_crypto crypto;
-    krb5_ssize_t size;
-    krb5_data data;
-
-    /* multiple of eight bytes */
-
-    size = krb5_storage_seek(sp, 0, SEEK_END);
-    if (size < 0)
-	return KRB4ET_RD_AP_UNDEC;
-    size = 8 - (size & 7);
-
-    ret = krb5_storage_write(sp, eightzeros, size);
-    if (ret != size)
-	return KRB4ET_RD_AP_UNDEC;
-
-    ret = krb5_storage_to_data(sp, &data);
-    if (ret)
-	return ret;
-
-    ret = krb5_crypto_init(context, key, ETYPE_DES_PCBC_NONE, &crypto);
-    if (ret) {
-	krb5_data_free(&data);
-	return ret;
-    }
-
-    ret = krb5_encrypt(context, crypto, 0, data.data, data.length, enc_data);
-
-    krb5_data_free(&data);
-    krb5_crypto_destroy(context, crypto);
-
-    return ret;
-}
-
-/*
- *
- */
-
-static krb5_error_code
-put_nir(krb5_storage *sp, const char *name,
-	const char *instance, const char *realm)
-{
-    krb5_error_code ret;
-
-    RCHECK(ret, krb5_store_stringz(sp, name), error);
-    RCHECK(ret, krb5_store_stringz(sp, instance), error);
-    if (realm) {
-	RCHECK(ret, krb5_store_stringz(sp, realm), error);
-    }
- error:
-    return ret;
-}
-
-/*
- *
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_krb_create_ticket(krb5_context context,
-			unsigned char flags,
-			const char *pname,
-			const char *pinstance,
-			const char *prealm,
-			int32_t paddress,
-			const krb5_keyblock *session,
-			int16_t life,
-			int32_t life_sec,
-			const char *sname,
-			const char *sinstance,
-			const krb5_keyblock *key,
-			krb5_data *enc_data)
-{
-    krb5_error_code ret;
-    krb5_storage *sp;
-
-    krb5_data_zero(enc_data);
-
-    sp = krb5_storage_emem();
-    if (sp == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE);
-
-    RCHECK(ret, krb5_store_int8(sp, flags), error);
-    RCHECK(ret, put_nir(sp, pname, pinstance, prealm), error);
-    RCHECK(ret, krb5_store_int32(sp, ntohl(paddress)), error);
-
-    /* session key */
-    ret = krb5_storage_write(sp,
-			     session->keyvalue.data, 
-			     session->keyvalue.length);
-    if (ret != session->keyvalue.length) {
-	ret = KRB4ET_INTK_PROT;
-	goto error;
-    }
-
-    RCHECK(ret, krb5_store_int8(sp, life), error);
-    RCHECK(ret, krb5_store_int32(sp, life_sec), error);
-    RCHECK(ret, put_nir(sp, sname, sinstance, NULL), error);
-
-    ret = storage_to_etext(context, sp, key, enc_data);
-
- error:
-    krb5_storage_free(sp);
-    if (ret)
-	krb5_set_error_string(context, "Failed to encode kerberos 4 ticket");
-
-    return ret;
-}
-
-/*
- *
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_krb_create_ciph(krb5_context context,
-		      const krb5_keyblock *session,
-		      const char *service,
-		      const char *instance,
-		      const char *realm,
-		      uint32_t life,
-		      unsigned char kvno,
-		      const krb5_data *ticket,
-		      uint32_t kdc_time,
-		      const krb5_keyblock *key,
-		      krb5_data *enc_data)
-{
-    krb5_error_code ret;
-    krb5_storage *sp;
-
-    krb5_data_zero(enc_data);
-
-    sp = krb5_storage_emem();
-    if (sp == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE);
-
-    /* session key */
-    ret = krb5_storage_write(sp,
-			     session->keyvalue.data, 
-			     session->keyvalue.length);
-    if (ret != session->keyvalue.length) {
-	ret = KRB4ET_INTK_PROT;
-	goto error;
-    }
-
-    RCHECK(ret, put_nir(sp, service, instance, realm), error);
-    RCHECK(ret, krb5_store_int8(sp, life), error);
-    RCHECK(ret, krb5_store_int8(sp, kvno), error);
-    RCHECK(ret, krb5_store_int8(sp, ticket->length), error);
-    ret = krb5_storage_write(sp, ticket->data, ticket->length);
-    if (ret != ticket->length) {
-	ret = KRB4ET_INTK_PROT;
-	goto error;
-    }
-    RCHECK(ret, krb5_store_int32(sp, kdc_time), error);
-
-    ret = storage_to_etext(context, sp, key, enc_data);
-
- error:
-    krb5_storage_free(sp);
-    if (ret)
-	krb5_set_error_string(context, "Failed to encode kerberos 4 ticket");
-
-    return ret;
-}
-
-/*
- *
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_krb_create_auth_reply(krb5_context context,
-			    const char *pname,
-			    const char *pinst,
-			    const char *prealm,
-			    int32_t time_ws,
-			    int n,
-			    uint32_t x_date,
-			    unsigned char kvno,
-			    const krb5_data *cipher,
-			    krb5_data *data)
-{
-    krb5_error_code ret;
-    krb5_storage *sp;
-
-    krb5_data_zero(data);
-
-    sp = krb5_storage_emem();
-    if (sp == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE);
-
-    RCHECK(ret, krb5_store_int8(sp, KRB_PROT_VERSION), error);
-    RCHECK(ret, krb5_store_int8(sp, AUTH_MSG_KDC_REPLY), error);
-    RCHECK(ret, put_nir(sp, pname, pinst, prealm), error);
-    RCHECK(ret, krb5_store_int32(sp, time_ws), error);
-    RCHECK(ret, krb5_store_int8(sp, n), error);
-    RCHECK(ret, krb5_store_int32(sp, x_date), error);
-    RCHECK(ret, krb5_store_int8(sp, kvno), error);
-    RCHECK(ret, krb5_store_int16(sp, cipher->length), error);
-    ret = krb5_storage_write(sp, cipher->data, cipher->length);
-    if (ret != cipher->length) {
-	ret = KRB4ET_INTK_PROT;
-	goto error;
-    }
-
-    ret = krb5_storage_to_data(sp, data);
-
- error:
-    krb5_storage_free(sp);
-    if (ret)
-	krb5_set_error_string(context, "Failed to encode kerberos 4 ticket");
-	
-    return ret;
-}
-
-/*
- *
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_krb_cr_err_reply(krb5_context context,
-		       const char *name,
-		       const char *inst,
-		       const char *realm,
-		       uint32_t time_ws,
-		       uint32_t e,
-		       const char *e_string,
-		       krb5_data *data)
-{
-    krb5_error_code ret;
-    krb5_storage *sp;
-
-    krb5_data_zero(data);
-
-    if (name == NULL) name = "";
-    if (inst == NULL) inst = "";
-    if (realm == NULL) realm = "";
-    if (e_string == NULL) e_string = "";
-
-    sp = krb5_storage_emem();
-    if (sp == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE);
-
-    RCHECK(ret, krb5_store_int8(sp, KRB_PROT_VERSION), error);
-    RCHECK(ret, krb5_store_int8(sp, AUTH_MSG_ERR_REPLY), error);
-    RCHECK(ret, put_nir(sp, name, inst, realm), error);
-    RCHECK(ret, krb5_store_int32(sp, time_ws), error);
-    /* If it is a Kerberos 4 error-code, remove the et BASE */
-    if (e >= ERROR_TABLE_BASE_krb && e <= ERROR_TABLE_BASE_krb + 255)
-	e -= ERROR_TABLE_BASE_krb;
-    RCHECK(ret, krb5_store_int32(sp, e), error);
-    RCHECK(ret, krb5_store_stringz(sp, e_string), error);
-
-    ret = krb5_storage_to_data(sp, data);
-
- error:
-    krb5_storage_free(sp);
-    if (ret)
-	krb5_set_error_string(context, "Failed to encode kerberos 4 error");
-	
-    return 0;
-}
-
-static krb5_error_code
-get_v4_stringz(krb5_storage *sp, char **str, size_t max_len)
-{
-    krb5_error_code ret;
-
-    ret = krb5_ret_stringz(sp, str);
-    if (ret)
-	return ret;
-    if (strlen(*str) > max_len) {
-	free(*str);
-	*str = NULL;
-	return KRB4ET_INTK_PROT;
-    }
-    return 0;
-}
-
-/*
- *
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_krb_decomp_ticket(krb5_context context,
-			const krb5_data *enc_ticket,
-			const krb5_keyblock *key,
-			const char *local_realm,
-			char **sname,
-			char **sinstance,
-			struct _krb5_krb_auth_data *ad)
-{
-    krb5_error_code ret;
-    krb5_ssize_t size;
-    krb5_storage *sp = NULL;
-    krb5_data ticket;
-    unsigned char des_key[8];
-
-    memset(ad, 0, sizeof(*ad));
-    krb5_data_zero(&ticket);
-
-    *sname = NULL;
-    *sinstance = NULL;
-
-    RCHECK(ret, decrypt_etext(context, key, enc_ticket, &ticket), error);
-
-    sp = krb5_storage_from_data(&ticket);
-    if (sp == NULL) {
-	krb5_data_free(&ticket);
-	krb5_set_error_string(context, "alloc: out of memory");
-	return ENOMEM;
-    }
-
-    krb5_storage_set_eof_code(sp, KRB4ET_INTK_PROT);
-
-    RCHECK(ret, krb5_ret_int8(sp, &ad->k_flags), error);
-    RCHECK(ret, get_v4_stringz(sp, &ad->pname, ANAME_SZ), error);
-    RCHECK(ret, get_v4_stringz(sp, &ad->pinst, INST_SZ), error);
-    RCHECK(ret, get_v4_stringz(sp, &ad->prealm, REALM_SZ), error);
-    RCHECK(ret, krb5_ret_uint32(sp, &ad->address), error);
-	
-    size = krb5_storage_read(sp, des_key, sizeof(des_key));
-    if (size != sizeof(des_key)) {
-	ret = KRB4ET_INTK_PROT;
-	goto error;
-    }
-
-    RCHECK(ret, krb5_ret_uint8(sp, &ad->life), error);
-
-    if (ad->k_flags & 1)
-	krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_LE);
-    else
-	krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE);
-
-    RCHECK(ret, krb5_ret_uint32(sp, &ad->time_sec), error);
-
-    RCHECK(ret, get_v4_stringz(sp, sname, ANAME_SZ), error);
-    RCHECK(ret, get_v4_stringz(sp, sinstance, INST_SZ), error);
-
-    ret = krb5_keyblock_init(context, ETYPE_DES_PCBC_NONE,
-			     des_key, sizeof(des_key), &ad->session);
-    if (ret)
-	goto error;
-
-    if (strlen(ad->prealm) == 0) {
-	free(ad->prealm);
-	ad->prealm = strdup(local_realm);
-	if (ad->prealm == NULL) {
-	    ret = ENOMEM;
-	    goto error;
-	}
-    }
-
- error:
-    memset(des_key, 0, sizeof(des_key));
-    if (sp)
-	krb5_storage_free(sp);
-    krb5_data_free(&ticket);
-    if (ret) {
-	if (*sname) {
-	    free(*sname);
-	    *sname = NULL;
-	}
-	if (*sinstance) {
-	    free(*sinstance);
-	    *sinstance = NULL;
-	}
-	_krb5_krb_free_auth_data(context, ad);
-	krb5_set_error_string(context, "Failed to decode v4 ticket");
-    }
-    return ret;
-}
-
-/*
- *
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-_krb5_krb_rd_req(krb5_context context,
-		 krb5_data *authent,
-		 const char *service,
-		 const char *instance,
-		 const char *local_realm,
-		 int32_t from_addr,
-		 const krb5_keyblock *key,
-		 struct _krb5_krb_auth_data *ad)
-{
-    krb5_error_code ret;
-    krb5_storage *sp;
-    krb5_data ticket, eaut, aut;
-    krb5_ssize_t size;
-    int little_endian;
-    int8_t pvno;
-    int8_t type;
-    int8_t s_kvno;
-    uint8_t ticket_length;
-    uint8_t eaut_length;
-    uint8_t time_5ms;
-    char *realm = NULL;
-    char *sname = NULL;
-    char *sinstance = NULL;
-    char *r_realm = NULL;
-    char *r_name = NULL;
-    char *r_instance = NULL;
-
-    uint32_t r_time_sec;	/* Coarse time from authenticator */
-    unsigned long delta_t;      /* Time in authenticator - local time */
-    long tkt_age;		/* Age of ticket */
-
-    struct timeval tv;
-
-    krb5_data_zero(&ticket);
-    krb5_data_zero(&eaut);
-    krb5_data_zero(&aut);
-
-    sp = krb5_storage_from_data(authent);
-    if (sp == NULL) {
-	krb5_set_error_string(context, "alloc: out of memory");
-	return ENOMEM;
-    }
-
-    krb5_storage_set_eof_code(sp, KRB4ET_INTK_PROT);
-
-    ret = krb5_ret_int8(sp, &pvno);
-    if (ret) {
-	krb5_set_error_string(context, "Failed reading v4 pvno");
-	goto error;
-    }
-
-    if (pvno != KRB_PROT_VERSION) {
-	ret = KRB4ET_RD_AP_VERSION;
-	krb5_set_error_string(context, "Failed v4 pvno not 4");
-	goto error;
-    }
-
-    ret = krb5_ret_int8(sp, &type);
-    if (ret) {
-	krb5_set_error_string(context, "Failed readin v4 type");
-	goto error;
-    }
-
-    little_endian = type & 1;
-    type &= ~1;
-    
-    if(type != AUTH_MSG_APPL_REQUEST && type != AUTH_MSG_APPL_REQUEST_MUTUAL) {
-	ret = KRB4ET_RD_AP_MSG_TYPE;
-	krb5_set_error_string(context, "Not a valid v4 request type");
-	goto error;
-    }
-
-    RCHECK(ret, krb5_ret_int8(sp, &s_kvno), error);
-    RCHECK(ret, get_v4_stringz(sp, &realm, REALM_SZ), error);
-    RCHECK(ret, krb5_ret_uint8(sp, &ticket_length), error);
-    RCHECK(ret, krb5_ret_uint8(sp, &eaut_length), error);
-    RCHECK(ret, krb5_data_alloc(&ticket, ticket_length), error);
-
-    size = krb5_storage_read(sp, ticket.data, ticket.length);
-    if (size != ticket.length) {
-	ret = KRB4ET_INTK_PROT;
-	krb5_set_error_string(context, "Failed reading v4 ticket");
-	goto error;
-    }
-
-    /* Decrypt and take apart ticket */
-    ret = _krb5_krb_decomp_ticket(context, &ticket, key, local_realm, 
-				  &sname, &sinstance, ad);
-    if (ret)
-	goto error;
-
-    RCHECK(ret, krb5_data_alloc(&eaut, eaut_length), error);
-
-    size = krb5_storage_read(sp, eaut.data, eaut.length);
-    if (size != eaut.length) {
-	ret = KRB4ET_INTK_PROT;
-	krb5_set_error_string(context, "Failed reading v4 authenticator");
-	goto error;
-    }
-
-    krb5_storage_free(sp);
-    sp = NULL;
-
-    ret = decrypt_etext(context, &ad->session, &eaut, &aut);
-    if (ret)
-	goto error;
-
-    sp = krb5_storage_from_data(&aut);
-    if (sp == NULL) {
-	ret = ENOMEM;
-	krb5_set_error_string(context, "alloc: out of memory");
-	goto error;
-    }
-
-    if (little_endian)
-	krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_LE);
-    else
-	krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE);
-
-    RCHECK(ret, get_v4_stringz(sp, &r_name, ANAME_SZ), error);
-    RCHECK(ret, get_v4_stringz(sp, &r_instance, INST_SZ), error);
-    RCHECK(ret, get_v4_stringz(sp, &r_realm, REALM_SZ), error);
-
-    RCHECK(ret, krb5_ret_uint32(sp, &ad->checksum), error);
-    RCHECK(ret, krb5_ret_uint8(sp, &time_5ms), error);
-    RCHECK(ret, krb5_ret_uint32(sp, &r_time_sec), error);
-
-    if (strcmp(ad->pname, r_name) != 0 ||
-	strcmp(ad->pinst, r_instance) != 0 ||
-	strcmp(ad->prealm, r_realm) != 0) {
-	krb5_set_error_string(context, "v4 principal mismatch");
-	ret = KRB4ET_RD_AP_INCON;
-	goto error;
-    }
-    
-    if (from_addr && ad->address && from_addr != ad->address) {
-	krb5_set_error_string(context, "v4 bad address in ticket");
-	ret = KRB4ET_RD_AP_BADD;
-	goto error;
-    }
-
-    gettimeofday(&tv, NULL);
-    delta_t = abs((int)(tv.tv_sec - r_time_sec));
-    if (delta_t > CLOCK_SKEW) {
-        ret = KRB4ET_RD_AP_TIME;
-	krb5_set_error_string(context, "v4 clock skew");
-	goto error;
-    }
-
-    /* Now check for expiration of ticket */
-
-    tkt_age = tv.tv_sec - ad->time_sec;
-    
-    if ((tkt_age < 0) && (-tkt_age > CLOCK_SKEW)) {
-        ret = KRB4ET_RD_AP_NYV;
-	krb5_set_error_string(context, "v4 clock skew for expiration");
-	goto error;
-    }
-
-    if (tv.tv_sec > _krb5_krb_life_to_time(ad->time_sec, ad->life)) {
-	ret = KRB4ET_RD_AP_EXP;
-	krb5_set_error_string(context, "v4 ticket expired");
-	goto error;
-    }
-
-    ret = 0;
- error:
-    krb5_data_free(&ticket);
-    krb5_data_free(&eaut);
-    krb5_data_free(&aut);
-    if (realm)
-	free(realm);
-    if (sname)
-	free(sname);
-    if (sinstance)
-	free(sinstance);
-    if (r_name)
-	free(r_name);
-    if (r_instance)
-	free(r_instance);
-    if (r_realm)
-	free(r_realm);
-    if (sp)
-	krb5_storage_free(sp);
-
-    if (ret)
-	krb5_clear_error_string(context);
-
-    return ret;
-}
-
-/*
- *
- */
-
-void KRB5_LIB_FUNCTION
-_krb5_krb_free_auth_data(krb5_context context, struct _krb5_krb_auth_data *ad)
-{
-    if (ad->pname)
-	free(ad->pname);
-    if (ad->pinst)
-	free(ad->pinst);
-    if (ad->prealm)
-	free(ad->prealm);
-    krb5_free_keyblock_contents(context, &ad->session);
-    memset(ad, 0, sizeof(*ad));
-}
diff --git a/crypto/heimdal/lib/krb5/verify_init.c b/crypto/heimdal/lib/krb5/verify_init.c
deleted file mode 100644
index 37db34669290..000000000000
--- a/crypto/heimdal/lib/krb5/verify_init.c
+++ /dev/null
@@ -1,199 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: verify_init.c 15555 2005-07-06 00:48:16Z lha $");
-
-void KRB5_LIB_FUNCTION
-krb5_verify_init_creds_opt_init(krb5_verify_init_creds_opt *options)
-{
-    memset (options, 0, sizeof(*options));
-}
-
-void KRB5_LIB_FUNCTION
-krb5_verify_init_creds_opt_set_ap_req_nofail(krb5_verify_init_creds_opt *options,
-					     int ap_req_nofail)
-{
-    options->flags |= KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL;
-    options->ap_req_nofail = ap_req_nofail;
-}
-
-/*
- *
- */
-
-static krb5_boolean
-fail_verify_is_ok (krb5_context context,
-		   krb5_verify_init_creds_opt *options)
-{
-    if ((options->flags & KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL
-	 && options->ap_req_nofail != 0)
-	|| krb5_config_get_bool (context,
-				 NULL,
-				 "libdefaults",
-				 "verify_ap_req_nofail",
-				 NULL))
-	return FALSE;
-    else
-	return TRUE;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_verify_init_creds(krb5_context context,
-		       krb5_creds *creds,
-		       krb5_principal ap_req_server,
-		       krb5_keytab ap_req_keytab,
-		       krb5_ccache *ccache,
-		       krb5_verify_init_creds_opt *options)
-{
-    krb5_error_code ret;
-    krb5_data req;
-    krb5_ccache local_ccache = NULL;
-    krb5_creds *new_creds = NULL;
-    krb5_auth_context auth_context = NULL;
-    krb5_principal server = NULL;
-    krb5_keytab keytab = NULL;
-
-    krb5_data_zero (&req);
-
-    if (ap_req_server == NULL) {
-	char local_hostname[MAXHOSTNAMELEN];
-
-	if (gethostname (local_hostname, sizeof(local_hostname)) < 0) {
-	    ret = errno;
-	    krb5_set_error_string (context, "gethostname: %s",
-				   strerror(ret));
-	    return ret;
-	}
-
-	ret = krb5_sname_to_principal (context,
-				       local_hostname,
-				       "host",
-				       KRB5_NT_SRV_HST,
-				       &server);
-	if (ret)
-	    goto cleanup;
-    } else
-	server = ap_req_server;
-
-    if (ap_req_keytab == NULL) {
-	ret = krb5_kt_default (context, &keytab);
-	if (ret)
-	    goto cleanup;
-    } else
-	keytab = ap_req_keytab;
-
-    if (ccache && *ccache)
-	local_ccache = *ccache;
-    else {
-	ret = krb5_cc_gen_new (context, &krb5_mcc_ops, &local_ccache);
-	if (ret)
-	    goto cleanup;
-	ret = krb5_cc_initialize (context,
-				  local_ccache,
-				  creds->client);
-	if (ret)
-	    goto cleanup;
-	ret = krb5_cc_store_cred (context,
-				  local_ccache,
-				  creds);
-	if (ret)
-	    goto cleanup;
-    }
-
-    if (!krb5_principal_compare (context, server, creds->server)) {
-	krb5_creds match_cred;
-
-	memset (&match_cred, 0, sizeof(match_cred));
-
-	match_cred.client = creds->client;
-	match_cred.server = server;
-
-	ret = krb5_get_credentials (context,
-				    0,
-				    local_ccache,
-				    &match_cred,
-				    &new_creds);
-	if (ret) {
-	    if (fail_verify_is_ok (context, options))
-		ret = 0;
-	    goto cleanup;
-	}
-	creds = new_creds;
-    }
-
-    ret = krb5_mk_req_extended (context,
-				&auth_context,
-				0,
-				NULL,
-				creds,
-				&req);
-    
-    krb5_auth_con_free (context, auth_context);
-    auth_context = NULL;
-
-    if (ret)
-	goto cleanup;
-
-    ret = krb5_rd_req (context,
-		       &auth_context,
-		       &req,
-		       server,
-		       keytab,
-		       0,
-		       NULL);
-
-    if (ret == KRB5_KT_NOTFOUND && fail_verify_is_ok (context, options))
-	ret = 0;
-cleanup:
-    if (auth_context)
-	krb5_auth_con_free (context, auth_context);
-    krb5_data_free (&req);
-    if (new_creds != NULL)
-	krb5_free_creds (context, new_creds);
-    if (ap_req_server == NULL && server)
-	krb5_free_principal (context, server);
-    if (ap_req_keytab == NULL && keytab)
-	krb5_kt_close (context, keytab);
-    if (local_ccache != NULL
-	&&
-	(ccache == NULL
-	 || (ret != 0 && *ccache == NULL)))
-	krb5_cc_destroy (context, local_ccache);
-
-    if (ret == 0 && ccache != NULL && *ccache == NULL)
-	*ccache = local_ccache;
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/verify_krb5_conf.8 b/crypto/heimdal/lib/krb5/verify_krb5_conf.8
deleted file mode 100644
index 28f84aba41e0..000000000000
--- a/crypto/heimdal/lib/krb5/verify_krb5_conf.8
+++ /dev/null
@@ -1,95 +0,0 @@
-.\" Copyright (c) 2000 - 2004 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: verify_krb5_conf.8 14375 2004-12-08 17:52:41Z lha $
-.\"
-.Dd December  8, 2004
-.Dt VERIFY_KRB5_CONF 8
-.Os HEIMDAL
-.Sh NAME
-.Nm verify_krb5_conf
-.Nd checks krb5.conf for obvious errors
-.Sh SYNOPSIS
-.Nm
-.Ar [config-file]
-.Sh DESCRIPTION
-.Nm
-reads the configuration file
-.Pa krb5.conf ,
-or the file given on the command line,
-and parses it, thereby verifying that the syntax is not correctly wrong.
-.Pp
-If the file is syntactically correct,
-.Nm
-tries to verify that the contents of the file is of relevant nature.
-.Sh ENVIRONMENT
-.Ev KRB5_CONFIG
-points to the configuration file to read.
-.Sh FILES
-.Bl -tag -width /etc/krb5.conf -compact
-.It Pa /etc/krb5.conf
-Kerberos 5 configuration file
-.El
-.Sh DIAGNOSTICS
-Possible output from
-.Nm
-include:
-.Bl -tag -width "FpathF"
-.It "<path>: failed to parse <something> as size/time/number/boolean"
-Usually means that <something> is misspelled, or that it contains
-weird characters. The parsing done by
-.Nm
-is more strict than the one performed by libkrb5, so strings that
-work in real life might be reported as bad.
-.It "<path>: host not found (<hostname>)"
-Means that <path> is supposed to point to a host, but it can't be
-recognised as one.
-.It <path>: unknown or wrong type
-Means that <path> is either a string when it should be a list, vice
-versa, or just that
-.Nm
-is confused.
-.It <path>: unknown entry
-Means that <string> is not known by
-.Nm "" .
-.El
-.Sh SEE ALSO
-.Xr krb5.conf 5
-.Sh BUGS
-Since each application can put almost anything in the config file,
-it's hard to come up with a watertight verification process. Most of
-the default settings are sanity checked, but this does not mean that
-every problem is discovered, or that everything that is reported as a
-possible problem actually is one. This tool should thus be used with
-some care.
-.Pp
-It should warn about obsolete data, or bad practice, but currently
-doesn't.
diff --git a/crypto/heimdal/lib/krb5/verify_krb5_conf.c b/crypto/heimdal/lib/krb5/verify_krb5_conf.c
deleted file mode 100644
index b55fbd7a86b0..000000000000
--- a/crypto/heimdal/lib/krb5/verify_krb5_conf.c
+++ /dev/null
@@ -1,676 +0,0 @@
-/*
- * Copyright (c) 1999 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-#include <getarg.h>
-#include <parse_bytes.h>
-#include <err.h>
-RCSID("$Id: verify_krb5_conf.c 22233 2007-12-08 21:43:37Z lha $");
-
-/* verify krb5.conf */
-
-static int dumpconfig_flag = 0;
-static int version_flag = 0;
-static int help_flag	= 0;
-static int warn_mit_syntax_flag = 0;
-
-static struct getargs args[] = {
-    {"dumpconfig", 0,      arg_flag,       &dumpconfig_flag, 
-     "show the parsed config files", NULL },
-    {"warn-mit-syntax", 0, arg_flag,       &warn_mit_syntax_flag, 
-     "show the parsed config files", NULL },
-    {"version",	0,	arg_flag,	&version_flag,
-     "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,
-     NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "[config-file]");
-    exit (ret);
-}
-
-static int
-check_bytes(krb5_context context, const char *path, char *data)
-{
-    if(parse_bytes(data, NULL) == -1) {
-	krb5_warnx(context, "%s: failed to parse \"%s\" as size", path, data);
-	return 1;
-    }
-    return 0;
-}
-
-static int
-check_time(krb5_context context, const char *path, char *data)
-{
-    if(parse_time(data, NULL) == -1) {
-	krb5_warnx(context, "%s: failed to parse \"%s\" as time", path, data);
-	return 1;
-    }
-    return 0;
-}
-
-static int
-check_numeric(krb5_context context, const char *path, char *data)
-{
-    long int v;
-    char *end;
-    v = strtol(data, &end, 0);
-    if(*end != '\0') {
-	krb5_warnx(context, "%s: failed to parse \"%s\" as a number", 
-		   path, data);
-	return 1;
-    }
-    return 0;
-}
-
-static int
-check_boolean(krb5_context context, const char *path, char *data)
-{
-    long int v;
-    char *end;
-    if(strcasecmp(data, "yes") == 0 ||
-       strcasecmp(data, "true") == 0 ||
-       strcasecmp(data, "no") == 0 ||
-       strcasecmp(data, "false") == 0)
-	return 0;
-    v = strtol(data, &end, 0);
-    if(*end != '\0') {
-	krb5_warnx(context, "%s: failed to parse \"%s\" as a boolean", 
-		   path, data);
-	return 1;
-    }
-    if(v != 0 && v != 1)
-	krb5_warnx(context, "%s: numeric value \"%s\" is treated as \"true\"", 
-		   path, data);
-    return 0;
-}
-
-static int
-check_524(krb5_context context, const char *path, char *data)
-{
-    if(strcasecmp(data, "yes") == 0 ||
-       strcasecmp(data, "no") == 0 ||
-       strcasecmp(data, "2b") == 0 ||
-       strcasecmp(data, "local") == 0)
-	return 0;
-
-    krb5_warnx(context, "%s: didn't contain a valid option `%s'", 
-	       path, data);
-    return 1;
-}
-
-static int
-check_host(krb5_context context, const char *path, char *data)
-{
-    int ret;
-    char hostname[128];
-    const char *p = data;
-    struct addrinfo hints;
-    char service[32];
-    int defport;
-    struct addrinfo *ai;
-
-    hints.ai_flags = 0;
-    hints.ai_family = PF_UNSPEC;
-    hints.ai_socktype = 0;
-    hints.ai_protocol = 0;
-
-    hints.ai_addrlen = 0;
-    hints.ai_canonname = NULL;
-    hints.ai_addr = NULL;
-    hints.ai_next = NULL;
-    
-    /* XXX data could be a list of hosts that this code can't handle */
-    /* XXX copied from krbhst.c */
-    if(strncmp(p, "http://", 7) == 0){
-        p += 7;
-	hints.ai_socktype = SOCK_STREAM;
-	strlcpy(service, "http", sizeof(service));
-	defport = 80;
-    } else if(strncmp(p, "http/", 5) == 0) {
-        p += 5;
-	hints.ai_socktype = SOCK_STREAM;
-	strlcpy(service, "http", sizeof(service));
-	defport = 80;
-    }else if(strncmp(p, "tcp/", 4) == 0){
-        p += 4;
-	hints.ai_socktype = SOCK_STREAM;
-	strlcpy(service, "kerberos", sizeof(service));
-	defport = 88;
-    } else if(strncmp(p, "udp/", 4) == 0) {
-        p += 4;
-	hints.ai_socktype = SOCK_DGRAM;
-	strlcpy(service, "kerberos", sizeof(service));
-	defport = 88;
-    } else {
-	hints.ai_socktype = SOCK_DGRAM;
-	strlcpy(service, "kerberos", sizeof(service));
-	defport = 88;
-    }
-    if(strsep_copy(&p, ":", hostname, sizeof(hostname)) < 0) {
-	return 1;
-    }
-    hostname[strcspn(hostname, "/")] = '\0';
-    if(p != NULL) {
-	char *end;
-	int tmp = strtol(p, &end, 0);
-	if(end == p) {
-	    krb5_warnx(context, "%s: failed to parse port number in %s", 
-		       path, data);
-	    return 1;
-	}
-	defport = tmp;
-	snprintf(service, sizeof(service), "%u", defport);
-    }
-    ret = getaddrinfo(hostname, service, &hints, &ai);
-    if(ret == EAI_SERVICE && !isdigit((unsigned char)service[0])) {
-	snprintf(service, sizeof(service), "%u", defport);
-	ret = getaddrinfo(hostname, service, &hints, &ai);
-    }
-    if(ret != 0) {
-	krb5_warnx(context, "%s: %s (%s)", path, gai_strerror(ret), hostname);
-	return 1;
-    }
-    return 0;
-}
-
-static int
-mit_entry(krb5_context context, const char *path, char *data)
-{
-    if (warn_mit_syntax_flag)
-	krb5_warnx(context, "%s is only used by MIT Kerberos", path);
-    return 0;
-}
-
-struct s2i {
-    const char *s;
-    int val;
-};
-
-#define L(X) { #X, LOG_ ## X }
-
-static struct s2i syslogvals[] = {
-    /* severity */
-    L(EMERG),
-    L(ALERT),
-    L(CRIT),
-    L(ERR),
-    L(WARNING),
-    L(NOTICE),
-    L(INFO),
-    L(DEBUG),
-    /* facility */
-    L(AUTH),
-#ifdef LOG_AUTHPRIV
-    L(AUTHPRIV),
-#endif
-#ifdef LOG_CRON
-    L(CRON),
-#endif
-    L(DAEMON),
-#ifdef LOG_FTP
-    L(FTP),
-#endif
-    L(KERN),
-    L(LPR),
-    L(MAIL),
-#ifdef LOG_NEWS
-    L(NEWS),
-#endif
-    L(SYSLOG),
-    L(USER),
-#ifdef LOG_UUCP
-    L(UUCP),
-#endif
-    L(LOCAL0),
-    L(LOCAL1),
-    L(LOCAL2),
-    L(LOCAL3),
-    L(LOCAL4),
-    L(LOCAL5),
-    L(LOCAL6),
-    L(LOCAL7),
-    { NULL, -1 }
-};
-
-static int
-find_value(const char *s, struct s2i *table)
-{
-    while(table->s && strcasecmp(table->s, s))
-	table++;
-    return table->val;
-}
-
-static int
-check_log(krb5_context context, const char *path, char *data)
-{
-    /* XXX sync with log.c */
-    int min = 0, max = -1, n;
-    char c;
-    const char *p = data;
-
-    n = sscanf(p, "%d%c%d/", &min, &c, &max);
-    if(n == 2){
-	if(c == '/') {
-	    if(min < 0){
-		max = -min;
-		min = 0;
-	    }else{
-		max = min;
-	    }
-	}
-    }
-    if(n){
-	p = strchr(p, '/');
-	if(p == NULL) {
-	    krb5_warnx(context, "%s: failed to parse \"%s\"", path, data);
-	    return 1;
-	}
-	p++;
-    }
-    if(strcmp(p, "STDERR") == 0 || 
-       strcmp(p, "CONSOLE") == 0 ||
-       (strncmp(p, "FILE", 4) == 0 && (p[4] == ':' || p[4] == '=')) ||
-       (strncmp(p, "DEVICE", 6) == 0 && p[6] == '='))
-	return 0;
-    if(strncmp(p, "SYSLOG", 6) == 0){
-	int ret = 0;
-	char severity[128] = "";
-	char facility[128] = "";
-	p += 6;
-	if(*p != '\0')
-	    p++;
-	if(strsep_copy(&p, ":", severity, sizeof(severity)) != -1)
-	    strsep_copy(&p, ":", facility, sizeof(facility));
-	if(*severity == '\0')
-	    strlcpy(severity, "ERR", sizeof(severity));
- 	if(*facility == '\0')
-	    strlcpy(facility, "AUTH", sizeof(facility));
-	if(find_value(severity, syslogvals) == -1) {
-	    krb5_warnx(context, "%s: unknown syslog facility \"%s\"", 
-		       path, facility);
-	    ret++;
-	}
-	if(find_value(severity, syslogvals) == -1) {
-	    krb5_warnx(context, "%s: unknown syslog severity \"%s\"", 
-		       path, severity);
-	    ret++;
-	}
-	return ret;
-    }else{
-	krb5_warnx(context, "%s: unknown log type: \"%s\"", path, data);
-	return 1;
-    }
-}
-
-typedef int (*check_func_t)(krb5_context, const char*, char*);
-struct entry {
-    const char *name;
-    int type;
-    void *check_data;
-};
-
-struct entry all_strings[] = {
-    { "", krb5_config_string, NULL },
-    { NULL }
-};
-
-struct entry all_boolean[] = {
-    { "", krb5_config_string, check_boolean },
-    { NULL }
-};
-
-
-struct entry v4_name_convert_entries[] = {
-    { "host", krb5_config_list, all_strings },
-    { "plain", krb5_config_list, all_strings },
-    { NULL }
-};
-
-struct entry libdefaults_entries[] = {
-    { "accept_null_addresses", krb5_config_string, check_boolean },
-    { "capath", krb5_config_list, all_strings },
-    { "check_pac", krb5_config_string, check_boolean },
-    { "clockskew", krb5_config_string, check_time },
-    { "date_format", krb5_config_string, NULL },
-    { "default_cc_name", krb5_config_string, NULL },
-    { "default_etypes", krb5_config_string, NULL },
-    { "default_etypes_des", krb5_config_string, NULL },
-    { "default_keytab_modify_name", krb5_config_string, NULL },
-    { "default_keytab_name", krb5_config_string, NULL },
-    { "default_realm", krb5_config_string, NULL },
-    { "dns_canonize_hostname", krb5_config_string, check_boolean },
-    { "dns_proxy", krb5_config_string, NULL },
-    { "dns_lookup_kdc", krb5_config_string, check_boolean },
-    { "dns_lookup_realm", krb5_config_string, check_boolean },
-    { "dns_lookup_realm_labels", krb5_config_string, NULL },
-    { "egd_socket", krb5_config_string, NULL },
-    { "encrypt", krb5_config_string, check_boolean },
-    { "extra_addresses", krb5_config_string, NULL },
-    { "fcache_version", krb5_config_string, check_numeric },
-    { "fcc-mit-ticketflags", krb5_config_string, check_boolean },
-    { "forward", krb5_config_string, check_boolean },
-    { "forwardable", krb5_config_string, check_boolean },
-    { "http_proxy", krb5_config_string, check_host /* XXX */ },
-    { "ignore_addresses", krb5_config_string, NULL },
-    { "kdc_timeout", krb5_config_string, check_time },
-    { "kdc_timesync", krb5_config_string, check_boolean },
-    { "log_utc", krb5_config_string, check_boolean },
-    { "maxretries", krb5_config_string, check_numeric },
-    { "scan_interfaces", krb5_config_string, check_boolean },
-    { "srv_lookup", krb5_config_string, check_boolean },
-    { "srv_try_txt", krb5_config_string, check_boolean }, 
-    { "ticket_lifetime", krb5_config_string, check_time },
-    { "time_format", krb5_config_string, NULL },
-    { "transited_realms_reject", krb5_config_string, NULL },
-    { "no-addresses", krb5_config_string, check_boolean },
-    { "v4_instance_resolve", krb5_config_string, check_boolean },
-    { "v4_name_convert", krb5_config_list, v4_name_convert_entries },
-    { "verify_ap_req_nofail", krb5_config_string, check_boolean },
-    { "max_retries", krb5_config_string, check_time },
-    { "renew_lifetime", krb5_config_string, check_time },
-    { "proxiable", krb5_config_string, check_boolean },
-    { "warn_pwexpire", krb5_config_string, check_time },
-    /* MIT stuff */
-    { "permitted_enctypes", krb5_config_string, mit_entry },
-    { "default_tgs_enctypes", krb5_config_string, mit_entry },
-    { "default_tkt_enctypes", krb5_config_string, mit_entry },
-    { NULL }
-};
-
-struct entry appdefaults_entries[] = {
-    { "afslog", krb5_config_string, check_boolean },
-    { "afs-use-524", krb5_config_string, check_524 },
-    { "encrypt", krb5_config_string, check_boolean },
-    { "forward", krb5_config_string, check_boolean },
-    { "forwardable", krb5_config_string, check_boolean },
-    { "proxiable", krb5_config_string, check_boolean },
-    { "ticket_lifetime", krb5_config_string, check_time },
-    { "renew_lifetime", krb5_config_string, check_time },
-    { "no-addresses", krb5_config_string, check_boolean },
-    { "krb4_get_tickets", krb5_config_string, check_boolean },
-    { "pkinit_anchors", krb5_config_string, NULL },
-    { "pkinit_win2k", krb5_config_string, NULL },
-    { "pkinit_win2k_require_binding", krb5_config_string, NULL },
-    { "pkinit_require_eku", krb5_config_string, NULL },
-    { "pkinit_require_krbtgt_otherName", krb5_config_string, NULL },
-    { "pkinit_require_hostname_match", krb5_config_string, NULL },
-#if 0
-    { "anonymous", krb5_config_string, check_boolean },
-#endif
-    { "", krb5_config_list, appdefaults_entries },
-    { NULL }
-};
-
-struct entry realms_entries[] = {
-    { "forwardable", krb5_config_string, check_boolean },
-    { "proxiable", krb5_config_string, check_boolean },
-    { "ticket_lifetime", krb5_config_string, check_time },
-    { "renew_lifetime", krb5_config_string, check_time },
-    { "warn_pwexpire", krb5_config_string, check_time },
-    { "kdc", krb5_config_string, check_host },
-    { "admin_server", krb5_config_string, check_host },
-    { "kpasswd_server", krb5_config_string, check_host },
-    { "krb524_server", krb5_config_string, check_host },
-    { "v4_name_convert", krb5_config_list, v4_name_convert_entries },
-    { "v4_instance_convert", krb5_config_list, all_strings },
-    { "v4_domains", krb5_config_string, NULL },
-    { "default_domain", krb5_config_string, NULL },
-    { "win2k_pkinit", krb5_config_string, NULL },
-    /* MIT stuff */
-    { "admin_keytab", krb5_config_string, mit_entry },
-    { "acl_file", krb5_config_string, mit_entry },
-    { "dict_file", krb5_config_string, mit_entry },
-    { "kadmind_port", krb5_config_string, mit_entry },
-    { "kpasswd_port", krb5_config_string, mit_entry },
-    { "master_key_name", krb5_config_string, mit_entry },
-    { "master_key_type", krb5_config_string, mit_entry },
-    { "key_stash_file", krb5_config_string, mit_entry },
-    { "max_life", krb5_config_string, mit_entry },
-    { "max_renewable_life", krb5_config_string, mit_entry },
-    { "default_principal_expiration", krb5_config_string, mit_entry },
-    { "default_principal_flags", krb5_config_string, mit_entry },
-    { "supported_enctypes", krb5_config_string, mit_entry },
-    { "database_name", krb5_config_string, mit_entry },
-    { NULL }
-};
-
-struct entry realms_foobar[] = {
-    { "", krb5_config_list, realms_entries },
-    { NULL }
-};
-
-
-struct entry kdc_database_entries[] = {
-    { "realm", krb5_config_string, NULL },
-    { "dbname", krb5_config_string, NULL },
-    { "mkey_file", krb5_config_string, NULL },
-    { "acl_file", krb5_config_string, NULL },
-    { "log_file", krb5_config_string, NULL },
-    { NULL }
-};
-
-struct entry kdc_entries[] = {
-    { "database", krb5_config_list, kdc_database_entries },
-    { "key-file", krb5_config_string, NULL },
-    { "logging", krb5_config_string, check_log },
-    { "max-request", krb5_config_string, check_bytes },
-    { "require-preauth", krb5_config_string, check_boolean },
-    { "ports", krb5_config_string, NULL },
-    { "addresses", krb5_config_string, NULL },
-    { "enable-kerberos4", krb5_config_string, check_boolean },
-    { "enable-524", krb5_config_string, check_boolean },
-    { "enable-http", krb5_config_string, check_boolean },
-    { "check-ticket-addresses", krb5_config_string, check_boolean },
-    { "allow-null-ticket-addresses", krb5_config_string, check_boolean },
-    { "allow-anonymous", krb5_config_string, check_boolean },
-    { "v4_realm", krb5_config_string, NULL },
-    { "enable-kaserver", krb5_config_string, check_boolean },
-    { "encode_as_rep_as_tgs_rep", krb5_config_string, check_boolean },
-    { "kdc_warn_pwexpire", krb5_config_string, check_time },
-    { "use_2b", krb5_config_list, NULL },
-    { "enable-pkinit", krb5_config_string, check_boolean },
-    { "pkinit_identity", krb5_config_string, NULL },
-    { "pkinit_anchors", krb5_config_string, NULL },
-    { "pkinit_pool", krb5_config_string, NULL },
-    { "pkinit_revoke", krb5_config_string, NULL },
-    { "pkinit_kdc_ocsp", krb5_config_string, NULL },
-    { "pkinit_principal_in_certificate", krb5_config_string, NULL },
-    { "pkinit_dh_min_bits", krb5_config_string, NULL },
-    { "pkinit_allow_proxy_certificate", krb5_config_string, NULL },
-    { "hdb-ldap-create-base", krb5_config_string, NULL },
-    { "v4-realm", krb5_config_string, NULL },
-    { NULL }
-};
-
-struct entry kadmin_entries[] = {
-    { "password_lifetime", krb5_config_string, check_time },
-    { "default_keys", krb5_config_string, NULL },
-    { "use_v4_salt", krb5_config_string, NULL },
-    { "require-preauth", krb5_config_string, check_boolean },
-    { NULL }
-};
-struct entry log_strings[] = {
-    { "", krb5_config_string, check_log },
-    { NULL }
-};
-
-
-/* MIT stuff */
-struct entry kdcdefaults_entries[] = {
-    { "kdc_ports", krb5_config_string, mit_entry },
-    { "v4_mode", krb5_config_string, mit_entry },
-    { NULL }
-};
-
-struct entry capaths_entries[] = {
-    { "", krb5_config_list, all_strings },
-    { NULL }
-};
-
-struct entry password_quality_entries[] = {
-    { "policies", krb5_config_string, NULL },
-    { "external_program", krb5_config_string, NULL },
-    { "min_classes", krb5_config_string, check_numeric },
-    { "min_length", krb5_config_string, check_numeric },
-    { "", krb5_config_list, all_strings },
-    { NULL }
-};
-
-struct entry toplevel_sections[] = {
-    { "libdefaults" , krb5_config_list, libdefaults_entries },
-    { "realms", krb5_config_list, realms_foobar },
-    { "domain_realm", krb5_config_list, all_strings },
-    { "logging", krb5_config_list, log_strings },
-    { "kdc", krb5_config_list, kdc_entries },
-    { "kadmin", krb5_config_list, kadmin_entries },
-    { "appdefaults", krb5_config_list, appdefaults_entries },
-    { "gssapi", krb5_config_list, NULL },
-    { "capaths", krb5_config_list, capaths_entries },
-    { "password_quality", krb5_config_list, password_quality_entries },
-    /* MIT stuff */
-    { "kdcdefaults", krb5_config_list, kdcdefaults_entries },
-    { NULL }
-};
-
-
-static int
-check_section(krb5_context context, const char *path, krb5_config_section *cf, 
-	      struct entry *entries)
-{
-    int error = 0;
-    krb5_config_section *p;
-    struct entry *e;
-    
-    char *local;
-    
-    for(p = cf; p != NULL; p = p->next) {
-	asprintf(&local, "%s/%s", path, p->name);
-	for(e = entries; e->name != NULL; e++) {
-	    if(*e->name == '\0' || strcmp(e->name, p->name) == 0) {
-		if(e->type != p->type) {
-		    krb5_warnx(context, "%s: unknown or wrong type", local);
-		    error |= 1;
-		} else if(p->type == krb5_config_string && e->check_data != NULL) {
-		    error |= (*(check_func_t)e->check_data)(context, local, p->u.string);
-		} else if(p->type == krb5_config_list && e->check_data != NULL) {
-		    error |= check_section(context, local, p->u.list, e->check_data);
-		}
-		break;
-	    }
-	}
-	if(e->name == NULL) {
-	    krb5_warnx(context, "%s: unknown entry", local);
-	    error |= 1;
-	}
-	free(local);
-    }
-    return error;
-}
-
-
-static void
-dumpconfig(int level, krb5_config_section *top)
-{
-    krb5_config_section *x;
-    for(x = top; x; x = x->next) {
-	switch(x->type) {
-	case krb5_config_list:
-	    if(level == 0) {
-		printf("[%s]\n", x->name);
-	    } else {
-		printf("%*s%s = {\n", 4 * level, " ", x->name);
-	    }
-	    dumpconfig(level + 1, x->u.list);
-	    if(level > 0)
-		printf("%*s}\n", 4 * level, " ");
-	    break;
-	case krb5_config_string:
-	    printf("%*s%s = %s\n", 4 * level, " ", x->name, x->u.string);
-	    break;
-	}
-    }
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    krb5_config_section *tmp_cf;
-    int optidx = 0;
-
-    setprogname (argv[0]);
-
-    ret = krb5_init_context(&context);
-    if (ret == KRB5_CONFIG_BADFORMAT)
-	errx (1, "krb5_init_context failed to parse configuration file");
-    else if (ret)
-	errx (1, "krb5_init_context failed with %d", ret);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    tmp_cf = NULL;
-    if(argc == 0)
-	krb5_get_default_config_files(&argv);
-
-    while(*argv) {
-	ret = krb5_config_parse_file_multi(context, *argv, &tmp_cf);
-	if (ret != 0)
-	    krb5_warn (context, ret, "krb5_config_parse_file");
-	argv++;
-    }
-
-    if(dumpconfig_flag)
-	dumpconfig(0, tmp_cf);
-    
-    return check_section(context, "", tmp_cf, toplevel_sections);
-}
diff --git a/crypto/heimdal/lib/krb5/verify_user.c b/crypto/heimdal/lib/krb5/verify_user.c
deleted file mode 100644
index 1edbaff7e23b..000000000000
--- a/crypto/heimdal/lib/krb5/verify_user.c
+++ /dev/null
@@ -1,265 +0,0 @@
-/*
- * Copyright (c) 1997-2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: verify_user.c 19078 2006-11-20 18:12:41Z lha $");
-
-static krb5_error_code
-verify_common (krb5_context context,
-	       krb5_principal principal,
-	       krb5_ccache ccache,
-	       krb5_keytab keytab,
-	       krb5_boolean secure,
-	       const char *service,
-	       krb5_creds cred)
-{
-    krb5_error_code ret;
-    krb5_principal server;
-    krb5_verify_init_creds_opt vopt;
-    krb5_ccache id;
-
-    ret = krb5_sname_to_principal (context, NULL, service, KRB5_NT_SRV_HST,
-				   &server);
-    if(ret)
-	return ret;
-
-    krb5_verify_init_creds_opt_init(&vopt);
-    krb5_verify_init_creds_opt_set_ap_req_nofail(&vopt, secure);
-
-    ret = krb5_verify_init_creds(context,
-				 &cred,
-				 server,
-				 keytab,
-				 NULL,
-				 &vopt);
-    krb5_free_principal(context, server);
-    if(ret)
-	return ret;
-    if(ccache == NULL)
-	ret = krb5_cc_default (context, &id);
-    else
-	id = ccache;
-    if(ret == 0){
-	ret = krb5_cc_initialize(context, id, principal);
-	if(ret == 0){
-	    ret = krb5_cc_store_cred(context, id, &cred);
-	}
-	if(ccache == NULL)
-	    krb5_cc_close(context, id);
-    }
-    krb5_free_cred_contents(context, &cred);
-    return ret;
-}
-
-/*
- * Verify user `principal' with `password'.
- *
- * If `secure', also verify against local service key for `service'.
- *
- * As a side effect, fresh tickets are obtained and stored in `ccache'.
- */
-
-void KRB5_LIB_FUNCTION
-krb5_verify_opt_init(krb5_verify_opt *opt)
-{
-    memset(opt, 0, sizeof(*opt));
-    opt->secure = TRUE;
-    opt->service = "host";
-}
-
-int KRB5_LIB_FUNCTION
-krb5_verify_opt_alloc(krb5_context context, krb5_verify_opt **opt)
-{
-    *opt = calloc(1, sizeof(**opt));
-    if ((*opt) == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    krb5_verify_opt_init(*opt);
-    return 0;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_verify_opt_free(krb5_verify_opt *opt)
-{
-    free(opt);
-}
-
-void KRB5_LIB_FUNCTION
-krb5_verify_opt_set_ccache(krb5_verify_opt *opt, krb5_ccache ccache)
-{
-    opt->ccache = ccache;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_verify_opt_set_keytab(krb5_verify_opt *opt, krb5_keytab keytab)
-{
-    opt->keytab = keytab;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_verify_opt_set_secure(krb5_verify_opt *opt, krb5_boolean secure)
-{
-    opt->secure = secure;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_verify_opt_set_service(krb5_verify_opt *opt, const char *service)
-{
-    opt->service = service;
-}
-
-void KRB5_LIB_FUNCTION
-krb5_verify_opt_set_flags(krb5_verify_opt *opt, unsigned int flags)
-{
-    opt->flags |= flags;
-}
-
-static krb5_error_code
-verify_user_opt_int(krb5_context context,
-		    krb5_principal principal,
-		    const char *password,
-		    krb5_verify_opt *vopt)
-
-{
-    krb5_error_code ret;
-    krb5_get_init_creds_opt *opt;
-    krb5_creds cred;
-
-    ret = krb5_get_init_creds_opt_alloc (context, &opt);
-    if (ret)
-	return ret;
-    krb5_get_init_creds_opt_set_default_flags(context, NULL, 
-					      krb5_principal_get_realm(context, principal), 
-					      opt);
-    ret = krb5_get_init_creds_password (context,
-					&cred,
-					principal,
-					password,
-					krb5_prompter_posix,
-					NULL,
-					0,
-					NULL,
-					opt);
-    krb5_get_init_creds_opt_free(context, opt);
-    if(ret)
-	return ret;
-#define OPT(V, D) ((vopt && (vopt->V)) ? (vopt->V) : (D))
-    return verify_common (context, principal, OPT(ccache, NULL), 
-			  OPT(keytab, NULL), vopt ? vopt->secure : TRUE, 
-			  OPT(service, "host"), cred);
-#undef OPT
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_verify_user_opt(krb5_context context,
-		     krb5_principal principal,
-		     const char *password,
-		     krb5_verify_opt *opt)
-{
-    krb5_error_code ret;
-
-    if(opt && (opt->flags & KRB5_VERIFY_LREALMS)) {
-	krb5_realm *realms, *r;
-	ret = krb5_get_default_realms (context, &realms);
-	if (ret)
-	    return ret;
-	ret = KRB5_CONFIG_NODEFREALM;
-	
-	for (r = realms; *r != NULL && ret != 0; ++r) {
-	    char *tmp = strdup (*r);
-	    
-	    if (tmp == NULL) {
-		krb5_free_host_realm (context, realms);
-		krb5_set_error_string (context, "malloc: out of memory");
-		return ENOMEM;
-	    }
-	    free (*krb5_princ_realm (context, principal));
-	    krb5_princ_set_realm (context, principal, &tmp);
-	    
-	    ret = verify_user_opt_int(context, principal, password, opt);
-	}
-	krb5_free_host_realm (context, realms);
-	if(ret)
-	    return ret;
-    } else
-	ret = verify_user_opt_int(context, principal, password, opt);
-    return ret;
-}
-
-/* compat function that calls above */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_verify_user(krb5_context context, 
-		 krb5_principal principal,
-		 krb5_ccache ccache,
-		 const char *password,
-		 krb5_boolean secure,
-		 const char *service)
-{
-    krb5_verify_opt opt;
-    
-    krb5_verify_opt_init(&opt);
-    
-    krb5_verify_opt_set_ccache(&opt, ccache);
-    krb5_verify_opt_set_secure(&opt, secure);
-    krb5_verify_opt_set_service(&opt, service);
-    
-    return krb5_verify_user_opt(context, principal, password, &opt);
-}
-
-/*
- * A variant of `krb5_verify_user'.  The realm of `principal' is
- * ignored and all the local realms are tried.
- */
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_verify_user_lrealm(krb5_context context, 
-			krb5_principal principal,
-			krb5_ccache ccache,
-			const char *password,
-			krb5_boolean secure,
-			const char *service)
-{
-    krb5_verify_opt opt;
-    
-    krb5_verify_opt_init(&opt);
-    
-    krb5_verify_opt_set_ccache(&opt, ccache);
-    krb5_verify_opt_set_secure(&opt, secure);
-    krb5_verify_opt_set_service(&opt, service);
-    krb5_verify_opt_set_flags(&opt, KRB5_VERIFY_LREALMS);
-    
-    return krb5_verify_user_opt(context, principal, password, &opt);
-}
diff --git a/crypto/heimdal/lib/krb5/version-script.map b/crypto/heimdal/lib/krb5/version-script.map
deleted file mode 100644
index df8804a4e316..000000000000
--- a/crypto/heimdal/lib/krb5/version-script.map
+++ /dev/null
@@ -1,722 +0,0 @@
-# $Id$
-
-HEIMDAL_KRB5_1.0 {
-	global:
-		krb524_convert_creds_kdc;
-		krb524_convert_creds_kdc_ccache;
-		krb5_425_conv_principal;
-		krb5_425_conv_principal_ext2;
-		krb5_425_conv_principal_ext;
-		krb5_524_conv_principal;
-		krb5_abort;
-		krb5_abortx;
-		krb5_acl_match_file;
-		krb5_acl_match_string;
-		krb5_add_et_list;
-		krb5_add_extra_addresses;
-		krb5_add_ignore_addresses;
-		krb5_addlog_dest;
-		krb5_addlog_func;
-		krb5_addr2sockaddr;
-		krb5_address_compare;
-		krb5_address_order;
-		krb5_address_prefixlen_boundary;
-		krb5_address_search;
-		krb5_aname_to_localname;
-		krb5_anyaddr;
-		krb5_appdefault_boolean;
-		krb5_appdefault_string;
-		krb5_appdefault_time;
-		krb5_append_addresses;
-		krb5_auth_con_addflags;
-		krb5_auth_con_free;
-		krb5_auth_con_genaddrs;
-		krb5_auth_con_generatelocalsubkey;
-		krb5_auth_con_getaddrs;
-		krb5_auth_con_getauthenticator;
-		krb5_auth_con_getcksumtype;
-		krb5_auth_con_getflags;
-		krb5_auth_con_getkey;
-		krb5_auth_con_getkeytype;
-		krb5_auth_con_getlocalseqnumber;
-		krb5_auth_con_getlocalsubkey;
-		krb5_auth_con_getrcache;
-		krb5_auth_con_getremotesubkey;
-		krb5_auth_con_init;
-		krb5_auth_con_removeflags;
-		krb5_auth_con_setaddrs;
-		krb5_auth_con_setaddrs_from_fd;
-		krb5_auth_con_setcksumtype;
-		krb5_auth_con_setflags;
-		krb5_auth_con_setkey;
-		krb5_auth_con_setkeytype;
-		krb5_auth_con_setlocalseqnumber;
-		krb5_auth_con_setlocalsubkey;
-		krb5_auth_con_setrcache;
-		krb5_auth_con_setremoteseqnumber;
-		krb5_auth_con_setremotesubkey;
-		krb5_auth_con_setuserkey;
-		krb5_auth_getremoteseqnumber;
-		krb5_build_ap_req;
-		krb5_build_authenticator;
-		krb5_build_principal;
-		krb5_build_principal_ext;
-		krb5_build_principal_va;
-		krb5_build_principal_va_ext;
-		krb5_c_block_size;
-		krb5_c_checksum_length;
-		krb5_c_decrypt;
-		krb5_c_encrypt;
-		krb5_c_encrypt_length;
-		krb5_c_enctype_compare;
-		krb5_c_get_checksum;
-		krb5_c_is_coll_proof_cksum;
-		krb5_c_is_keyed_cksum;
-		krb5_c_keylengths;
-		krb5_c_make_checksum;
-		krb5_c_make_random_key;
-		krb5_c_prf;
-		krb5_c_prf_length;
-		krb5_c_set_checksum;
-		krb5_c_valid_cksumtype;
-		krb5_c_valid_enctype;
-		krb5_c_verify_checksum;
-		krb5_cc_cache_end_seq_get;
-		krb5_cc_cache_get_first;
-		krb5_cc_cache_match;
-		krb5_cc_cache_next;
-		krb5_cc_clear_mcred;
-		krb5_cc_close;
-		krb5_cc_copy_cache;
-		krb5_cc_copy_cache_match;
-		krb5_cc_default;
-		krb5_cc_default_name;
-		krb5_cc_destroy;
-		krb5_cc_end_seq_get;
-		krb5_cc_gen_new;
-		krb5_cc_get_full_name;
-		krb5_cc_get_name;
-		krb5_cc_get_ops;
-		krb5_cc_get_prefix_ops;
-		krb5_cc_get_principal;
-		krb5_cc_get_type;
-		krb5_cc_get_version;
-		krb5_cc_initialize;
-		krb5_cc_move;
-		krb5_cc_new_unique;
-		krb5_cc_next_cred;
-		krb5_cc_next_cred_match;
-		krb5_cc_register;
-		krb5_cc_remove_cred;
-		krb5_cc_resolve;
-		krb5_cc_retrieve_cred;
-		krb5_cc_set_default_name;
-		krb5_cc_set_flags;
-		krb5_cc_start_seq_get;
-		krb5_cc_store_cred;
-		krb5_change_password;
-		krb5_check_transited;
-		krb5_check_transited_realms;
-		krb5_checksum_disable;
-		krb5_checksum_free;
-		krb5_checksum_is_collision_proof;
-		krb5_checksum_is_keyed;
-		krb5_checksumsize;
-		krb5_cksumtype_valid;
-		krb5_clear_error_string;
-		krb5_closelog;
-		krb5_compare_creds;
-		krb5_config_file_free;
-		krb5_config_free_strings;
-		krb5_config_get;
-		krb5_config_get_bool;
-		krb5_config_get_bool_default;
-		krb5_config_get_int;
-		krb5_config_get_int_default;
-		krb5_config_get_list;
-		krb5_config_get_next;
-		krb5_config_get_string;
-		krb5_config_get_string_default;
-		krb5_config_get_strings;
-		krb5_config_get_time;
-		krb5_config_get_time_default;
-		krb5_config_parse_file;
-		krb5_config_parse_file_multi;
-		krb5_config_parse_string_multi;
-		krb5_config_vget;
-		krb5_config_vget_bool;
-		krb5_config_vget_bool_default;
-		krb5_config_vget_int;
-		krb5_config_vget_int_default;
-		krb5_config_vget_list;
-		krb5_config_vget_next;
-		krb5_config_vget_string;
-		krb5_config_vget_string_default;
-		krb5_config_vget_strings;
-		krb5_config_vget_time;
-		krb5_config_vget_time_default;
-		krb5_copy_address;
-		krb5_copy_addresses;
-		krb5_copy_checksum;
-		krb5_copy_creds;
-		krb5_copy_creds_contents;
-		krb5_copy_data;
-		krb5_copy_host_realm;
-		krb5_copy_keyblock;
-		krb5_copy_keyblock_contents;
-		krb5_copy_principal;
-		krb5_copy_ticket;
-		krb5_create_checksum;
-		krb5_crypto_destroy;
-		krb5_crypto_get_checksum_type;
-		krb5_crypto_getblocksize;
-		krb5_crypto_getconfoundersize;
-		krb5_crypto_getenctype;
-		krb5_crypto_getpadsize;
-		krb5_crypto_init;
-		krb5_crypto_overhead;
-		krb5_crypto_prf;
-		krb5_crypto_prf_length;
-		krb5_data_alloc;
-		krb5_data_cmp;
-		krb5_data_copy;
-		krb5_data_free;
-		krb5_data_realloc;
-		krb5_data_zero;
-		krb5_decode_Authenticator;
-		krb5_decode_ETYPE_INFO2;
-		krb5_decode_ETYPE_INFO;
-		krb5_decode_EncAPRepPart;
-		krb5_decode_EncASRepPart;
-		krb5_decode_EncKrbCredPart;
-		krb5_decode_EncTGSRepPart;
-		krb5_decode_EncTicketPart;
-		krb5_decode_ap_req;
-		krb5_decrypt;
-		krb5_decrypt_EncryptedData;
-		krb5_decrypt_ivec;
-		krb5_decrypt_ticket;
-		krb5_derive_key;
-		krb5_digest_alloc;
-		krb5_digest_free;
-		krb5_digest_get_client_binding;
-		krb5_digest_get_identifier;
-		krb5_digest_get_opaque;
-		krb5_digest_get_rsp;
-		krb5_digest_get_server_nonce;
-		krb5_digest_get_session_key;
-		krb5_digest_get_tickets;
-		krb5_digest_init_request;
-		krb5_digest_probe;
-		krb5_digest_rep_get_status;
-		krb5_digest_request;
-		krb5_digest_set_authentication_user;
-		krb5_digest_set_authid;
-		krb5_digest_set_client_nonce;
-		krb5_digest_set_digest;
-		krb5_digest_set_hostname;
-		krb5_digest_set_identifier;
-		krb5_digest_set_method;
-		krb5_digest_set_nonceCount;
-		krb5_digest_set_opaque;
-		krb5_digest_set_qop;
-		krb5_digest_set_realm;
-		krb5_digest_set_responseData;
-		krb5_digest_set_server_cb;
-		krb5_digest_set_server_nonce;
-		krb5_digest_set_type;
-		krb5_digest_set_uri;
-		krb5_digest_set_username;
-		krb5_domain_x500_decode;
-		krb5_domain_x500_encode;
-		krb5_eai_to_heim_errno;
-		krb5_encode_Authenticator;
-		krb5_encode_ETYPE_INFO2;
-		krb5_encode_ETYPE_INFO;
-		krb5_encode_EncAPRepPart;
-		krb5_encode_EncASRepPart;
-		krb5_encode_EncKrbCredPart;
-		krb5_encode_EncTGSRepPart;
-		krb5_encode_EncTicketPart;
-		krb5_encrypt;
-		krb5_encrypt_EncryptedData;
-		krb5_encrypt_ivec;
-		krb5_enctype_disable;
-		krb5_enctype_keybits;
-		krb5_enctype_keysize;
-		krb5_enctype_to_keytype;
-		krb5_enctype_to_string;
-		krb5_enctype_valid;
-		krb5_enctypes_compatible_keys;
-		krb5_err;
-		krb5_error_from_rd_error;
-		krb5_errx;
-		krb5_expand_hostname;
-		krb5_expand_hostname_realms;
-		krb5_find_padata;
-		krb5_format_time;
-		krb5_free_address;
-		krb5_free_addresses;
-		krb5_free_ap_rep_enc_part;
-		krb5_free_authenticator;
-		krb5_free_checksum;
-		krb5_free_checksum_contents;
-		krb5_free_config_files;
-		krb5_free_context;
-		krb5_free_cred_contents;
-		krb5_free_creds;
-		krb5_free_creds_contents;
-		krb5_free_data;
-		krb5_free_data_contents;
-		krb5_free_error;
-		krb5_free_error_contents;
-		krb5_free_error_string;
-		krb5_free_host_realm;
-		krb5_free_kdc_rep;
-		krb5_free_keyblock;
-		krb5_free_keyblock_contents;
-		krb5_free_krbhst;
-		krb5_free_principal;
-		krb5_free_salt;
-		krb5_free_ticket;
-		krb5_fwd_tgt_creds;
-		krb5_generate_random_block;
-		krb5_generate_random_keyblock;
-		krb5_generate_seq_number;
-		krb5_generate_subkey;
-		krb5_generate_subkey_extended;
-		krb5_get_all_client_addrs;
-		krb5_get_all_server_addrs;
-		krb5_get_cred_from_kdc;
-		krb5_get_cred_from_kdc_opt;
-		krb5_get_credentials;
-		krb5_get_credentials_with_flags;
-		krb5_get_creds;
-		krb5_get_creds_opt_add_options;
-		krb5_get_creds_opt_alloc;
-		krb5_get_creds_opt_free;
-		krb5_get_creds_opt_set_enctype;
-		krb5_get_creds_opt_set_impersonate;
-		krb5_get_creds_opt_set_options;
-		krb5_get_creds_opt_set_ticket;
-		krb5_get_default_config_files;
-		krb5_get_default_in_tkt_etypes;
-		krb5_get_default_principal;
-		krb5_get_default_realm;
-		krb5_get_default_realms;
-		krb5_get_dns_canonicalize_hostname;
-		krb5_get_err_text;
-		krb5_get_error_message;
-		krb5_get_error_string;
-		krb5_get_extra_addresses;
-		krb5_get_fcache_version;
-		krb5_get_forwarded_creds;
-		krb5_get_host_realm;
-		krb5_get_ignore_addresses;
-		krb5_get_in_cred;
-		krb5_get_in_tkt;
-		krb5_get_in_tkt_with_keytab;
-		krb5_get_in_tkt_with_password;
-		krb5_get_in_tkt_with_skey;
-		krb5_get_init_creds;
-		krb5_get_init_creds_keyblock;
-		krb5_get_init_creds_keytab;
-		krb5_get_init_creds_opt_alloc;
-		krb5_get_init_creds_opt_free;
-		krb5_get_init_creds_opt_get_error;
-		krb5_get_init_creds_opt_init;
-		krb5_get_init_creds_opt_set_address_list;
-		krb5_get_init_creds_opt_set_addressless;
-		krb5_get_init_creds_opt_set_anonymous;
-		krb5_get_init_creds_opt_set_canonicalize;
-		krb5_get_init_creds_opt_set_default_flags;
-		krb5_get_init_creds_opt_set_etype_list;
-		krb5_get_init_creds_opt_set_forwardable;
-		krb5_get_init_creds_opt_set_pa_password;
-		krb5_get_init_creds_opt_set_pac_request;
-		krb5_get_init_creds_opt_set_pkinit;
-		krb5_get_init_creds_opt_set_preauth_list;
-		krb5_get_init_creds_opt_set_proxiable;
-		krb5_get_init_creds_opt_set_renew_life;
-		krb5_get_init_creds_opt_set_salt;
-		krb5_get_init_creds_opt_set_tkt_life;
-		krb5_get_init_creds_opt_set_win2k;
-		krb5_get_init_creds_password;
-		krb5_get_kdc_cred;
-		krb5_get_kdc_sec_offset;
-		krb5_get_krb524hst;
-		krb5_get_krb_admin_hst;
-		krb5_get_krb_changepw_hst;
-		krb5_get_krbhst;
-		krb5_get_max_time_skew;
-		krb5_get_pw_salt;
-		krb5_get_renewed_creds;
-		krb5_get_server_rcache;
-		krb5_get_use_admin_kdc;
-		krb5_get_warn_dest;
-		krb5_get_wrapped_length;
-		krb5_getportbyname;
-		krb5_h_addr2addr;
-		krb5_h_addr2sockaddr;
-		krb5_h_errno_to_heim_errno;
-		krb5_have_error_string;
-		krb5_hmac;
-		krb5_init_context;
-		krb5_init_ets;
-		krb5_init_etype;
-		krb5_initlog;
-		krb5_is_thread_safe;
-		krb5_kerberos_enctypes;
-		krb5_keyblock_get_enctype;
-		krb5_keyblock_init;
-		krb5_keyblock_key_proc;
-		krb5_keyblock_zero;
-		krb5_keytab_key_proc;
-		krb5_keytype_to_enctypes;
-		krb5_keytype_to_enctypes_default;
-		krb5_keytype_to_string;
-		krb5_krbhst_format_string;
-		krb5_krbhst_free;
-		krb5_krbhst_get_addrinfo;
-		krb5_krbhst_init;
-		krb5_krbhst_init_flags;
-		krb5_krbhst_next;
-		krb5_krbhst_next_as_string;
-		krb5_krbhst_reset;
-		krb5_kt_add_entry;
-		krb5_kt_close;
-		krb5_kt_compare;
-		krb5_kt_copy_entry_contents;
-		krb5_kt_default;
-		krb5_kt_default_modify_name;
-		krb5_kt_default_name;
-		krb5_kt_end_seq_get;
-		krb5_kt_free_entry;
-		krb5_kt_get_entry;
-		krb5_kt_get_full_name;
-		krb5_kt_get_name;
-		krb5_kt_get_type;
-		krb5_kt_next_entry;
-		krb5_kt_read_service_key;
-		krb5_kt_register;
-		krb5_kt_remove_entry;
-		krb5_kt_resolve;
-		krb5_kt_start_seq_get;
-		krb5_kuserok;
-		krb5_log;
-		krb5_log_msg;
-		krb5_make_addrport;
-		krb5_make_principal;
-		krb5_max_sockaddr_size;
-		krb5_mk_error;
-		krb5_mk_priv;
-		krb5_mk_rep;
-		krb5_mk_req;
-		krb5_mk_req_exact;
-		krb5_mk_req_extended;
-		krb5_mk_safe;
-		krb5_net_read;
-		krb5_net_write;
-		krb5_net_write_block;
-		krb5_ntlm_alloc;
-		krb5_ntlm_free;
-		krb5_ntlm_init_get_challange;
-		krb5_ntlm_init_get_flags;
-		krb5_ntlm_init_get_opaque;
-		krb5_ntlm_init_get_targetinfo;
-		krb5_ntlm_init_get_targetname;
-		krb5_ntlm_init_request;
-		krb5_ntlm_rep_get_sessionkey;
-		krb5_ntlm_rep_get_status;
-		krb5_ntlm_req_set_flags;
-		krb5_ntlm_req_set_lm;
-		krb5_ntlm_req_set_ntlm;
-		krb5_ntlm_req_set_opaque;
-		krb5_ntlm_req_set_session;
-		krb5_ntlm_req_set_targetname;
-		krb5_ntlm_req_set_username;
-		krb5_ntlm_request;
-		krb5_openlog;
-		krb5_pac_add_buffer;
-		krb5_pac_free;
-		krb5_pac_get_buffer;
-		krb5_pac_get_types;
-		krb5_pac_init;
-		krb5_pac_parse;
-		krb5_pac_verify;
-		krb5_padata_add;
-		krb5_parse_address;
-		krb5_parse_name;
-		krb5_parse_name_flags;
-		krb5_parse_nametype;
-		krb5_passwd_result_to_string;
-		krb5_password_key_proc;
-		krb5_plugin_register;
-		krb5_prepend_config_files;
-		krb5_prepend_config_files_default;
-		krb5_princ_realm;
-		krb5_princ_set_realm;
-		krb5_principal_compare;
-		krb5_principal_compare_any_realm;
-		krb5_principal_get_comp_string;
-		krb5_principal_get_realm;
-		krb5_principal_get_type;
-		krb5_principal_match;
-		krb5_principal_set_type;
-		krb5_print_address;
-		krb5_program_setup;
-		krb5_prompter_posix;
-		krb5_random_to_key;
-		krb5_rc_close;
-		krb5_rc_default;
-		krb5_rc_default_name;
-		krb5_rc_default_type;
-		krb5_rc_destroy;
-		krb5_rc_expunge;
-		krb5_rc_get_lifespan;
-		krb5_rc_get_name;
-		krb5_rc_get_type;
-		krb5_rc_initialize;
-		krb5_rc_recover;
-		krb5_rc_resolve;
-		krb5_rc_resolve_full;
-		krb5_rc_resolve_type;
-		krb5_rc_store;
-		krb5_rd_cred2;
-		krb5_rd_cred;
-		krb5_rd_error;
-		krb5_rd_priv;
-		krb5_rd_rep;
-		krb5_rd_req;
-		krb5_rd_req_ctx;
-		krb5_rd_req_in_ctx_alloc;
-		krb5_rd_req_in_ctx_free;
-		krb5_rd_req_in_set_keyblock;
-		krb5_rd_req_in_set_keytab;
-		krb5_rd_req_in_set_pac_check;
-		krb5_rd_req_out_ctx_free;
-		krb5_rd_req_out_get_ap_req_options;
-		krb5_rd_req_out_get_keyblock;
-		krb5_rd_req_out_get_ticket;
-		krb5_rd_req_with_keyblock;
-		krb5_rd_safe;
-		krb5_read_message;
-		krb5_read_priv_message;
-		krb5_read_safe_message;
-		krb5_realm_compare;
-		krb5_recvauth;
-		krb5_recvauth_match_version;
-		krb5_ret_address;
-		krb5_ret_addrs;
-		krb5_ret_authdata;
-		krb5_ret_creds;
-		krb5_ret_creds_tag;
-		krb5_ret_data;
-		krb5_ret_int16;
-		krb5_ret_int32;
-		krb5_ret_int8;
-		krb5_ret_keyblock;
-		krb5_ret_principal;
-		krb5_ret_string;
-		krb5_ret_stringnl;
-		krb5_ret_stringz;
-		krb5_ret_times;
-		krb5_ret_uint16;
-		krb5_ret_uint32;
-		krb5_ret_uint8;
-		krb5_salttype_to_string;
-		krb5_sendauth;
-		krb5_sendto;
-		krb5_sendto_context;
-		krb5_sendto_ctx_add_flags;
-		krb5_sendto_ctx_alloc;
-		krb5_sendto_ctx_free;
-		krb5_sendto_ctx_get_flags;
-		krb5_sendto_ctx_set_func;
-		krb5_sendto_ctx_set_type;
-		krb5_sendto_kdc;
-		krb5_sendto_kdc_flags;
-		krb5_set_config_files;
-		krb5_set_default_in_tkt_etypes;
-		krb5_set_default_realm;
-		krb5_set_dns_canonicalize_hostname;
-		krb5_set_error_string;
-		krb5_set_extra_addresses;
-		krb5_set_fcache_version;
-		krb5_set_ignore_addresses;
-		krb5_set_max_time_skew;
-		krb5_set_password;
-		krb5_set_password_using_ccache;
-		krb5_set_real_time;
-		krb5_set_send_to_kdc_func;
-		krb5_set_use_admin_kdc;
-		krb5_set_warn_dest;
-		krb5_sname_to_principal;
-		krb5_sock_to_principal;
-		krb5_sockaddr2address;
-		krb5_sockaddr2port;
-		krb5_sockaddr_uninteresting;
-		krb5_std_usage;
-		krb5_storage_clear_flags;
-		krb5_storage_emem;
-		krb5_storage_free;
-		krb5_storage_from_data;
-		krb5_storage_from_fd;
-		krb5_storage_from_mem;
-		krb5_storage_from_readonly_mem;
-		krb5_storage_get_byteorder;
-		krb5_storage_is_flags;
-		krb5_storage_read;
-		krb5_storage_seek;
-		krb5_storage_set_byteorder;
-		krb5_storage_set_eof_code;
-		krb5_storage_set_flags;
-		krb5_storage_to_data;
-		krb5_storage_write;
-		krb5_store_address;
-		krb5_store_addrs;
-		krb5_store_authdata;
-		krb5_store_creds;
-		krb5_store_creds_tag;
-		krb5_store_data;
-		krb5_store_int16;
-		krb5_store_int32;
-		krb5_store_int8;
-		krb5_store_keyblock;
-		krb5_store_principal;
-		krb5_store_string;
-		krb5_store_stringnl;
-		krb5_store_stringz;
-		krb5_store_times;
-		krb5_store_uint16;
-		krb5_store_uint32;
-		krb5_store_uint8;
-		krb5_string_to_deltat;
-		krb5_string_to_enctype;
-		krb5_string_to_key;
-		krb5_string_to_key_data;
-		krb5_string_to_key_data_salt;
-		krb5_string_to_key_data_salt_opaque;
-		krb5_string_to_key_derived;
-		krb5_string_to_key_salt;
-		krb5_string_to_key_salt_opaque;
-		krb5_string_to_keytype;
-		krb5_string_to_salttype;
-		krb5_ticket_get_authorization_data_type;
-		krb5_ticket_get_client;
-		krb5_ticket_get_endtime;
-		krb5_ticket_get_server;
-		krb5_timeofday;
-		krb5_unparse_name;
-		krb5_unparse_name_fixed;
-		krb5_unparse_name_fixed_flags;
-		krb5_unparse_name_fixed_short;
-		krb5_unparse_name_flags;
-		krb5_unparse_name_short;
-		krb5_us_timeofday;
-		krb5_vabort;
-		krb5_vabortx;
-		krb5_verify_ap_req2;
-		krb5_verify_ap_req;
-		krb5_verify_authenticator_checksum;
-		krb5_verify_checksum;
-		krb5_verify_init_creds;
-		krb5_verify_init_creds_opt_init;
-		krb5_verify_init_creds_opt_set_ap_req_nofail;
-		krb5_verify_opt_alloc;
-		krb5_verify_opt_free;
-		krb5_verify_opt_init;
-		krb5_verify_opt_set_ccache;
-		krb5_verify_opt_set_flags;
-		krb5_verify_opt_set_keytab;
-		krb5_verify_opt_set_secure;
-		krb5_verify_opt_set_service;
-		krb5_verify_user;
-		krb5_verify_user_lrealm;
-		krb5_verify_user_opt;
-		krb5_verr;
-		krb5_verrx;
-		krb5_vlog;
-		krb5_vlog_msg;
-		krb5_vset_error_string;
-		krb5_vwarn;
-		krb5_vwarnx;
-		krb5_warn;
-		krb5_warnx;
-		krb5_write_message;
-		krb5_write_priv_message;
-		krb5_write_safe_message;
-		krb5_xfree;
-
-		# com_err error tables
-		initialize_krb5_error_table_r;
-		initialize_krb5_error_table;
-		initialize_krb_error_table_r;
-		initialize_krb_error_table;
-		initialize_heim_error_table_r;
-		initialize_heim_error_table;
-		initialize_k524_error_table_r;
-		initialize_k524_error_table;
-
-		# variables
-		krb5_mcc_ops;
-		krb5_acc_ops;
-		krb5_fcc_ops;
-		krb5_kcm_ops;
-		krb4_fkt_ops;
-		krb5_wrfkt_ops;
-		krb5_mkt_ops;
-		krb5_fkt_ops;
-		krb5_akf_ops;
-		krb5_srvtab_fkt_ops;
-		krb5_any_ops;
-		heimdal_version;
-		heimdal_long_version;
-		krb5_config_file;
-		krb5_defkeyname;
-
-		# Shared with GSSAPI krb5
-		_krb5_crc_init_table;		
-		_krb5_crc_update;		
-
-		# V4 compat glue
-		_krb5_krb_tf_setup;
-		_krb5_krb_dest_tkt;
-		_krb5_krb_life_to_time;
-		_krb5_krb_decomp_ticket;
-		_krb5_krb_decomp_ticket;
-		_krb5_krb_create_ticket;
-		_krb5_krb_create_ciph;
-		_krb5_krb_create_auth_reply;
-		_krb5_krb_rd_req;
-		_krb5_krb_free_auth_data;
-		_krb5_krb_time_to_life;
-		_krb5_krb_cr_err_reply;
-
-		# Shared with libkdc
-		_krb5_principalname2krb5_principal;
-		_krb5_principal2principalname;
-		_krb5_s4u2self_to_checksumdata;
-		_krb5_put_int;
-		_krb5_get_int;
-		_krb5_pk_load_id;
-		_krb5_parse_moduli;
-		_krb5_pk_mk_ContentInfo;
-		_krb5_dh_group_ok;
-		_krb5_pk_octetstring2key;
-		_krb5_pk_allow_proxy_certificate;
-		_krb5_pac_sign;
-		_krb5_plugin_find;
-		_krb5_plugin_get_symbol;
-		_krb5_plugin_get_next;
-		_krb5_plugin_free;
-		_krb5_AES_string_to_default_iterator;
-		_krb5_get_host_realm_int;
-
-		# testing
-		_krb5_aes_cts_encrypt;
-		_krb5_n_fold;
-		_krb5_expand_default_cc_name;
-	local:
-		*;
-};
diff --git a/crypto/heimdal/lib/krb5/version.c b/crypto/heimdal/lib/krb5/version.c
deleted file mode 100644
index f7ccff5bc882..000000000000
--- a/crypto/heimdal/lib/krb5/version.c
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: version.c 7464 1999-12-02 17:05:13Z joda $");
-
-/* this is just to get a version stamp in the library file */
-
-#define heimdal_version __heimdal_version
-#define heimdal_long_version __heimdal_long_version
-#include "version.h"
-
diff --git a/crypto/heimdal/lib/krb5/warn.c b/crypto/heimdal/lib/krb5/warn.c
deleted file mode 100644
index 85f143b8b4b6..000000000000
--- a/crypto/heimdal/lib/krb5/warn.c
+++ /dev/null
@@ -1,211 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-#include <err.h>
-
-RCSID("$Id: warn.c 19086 2006-11-21 08:06:40Z lha $");
-
-static krb5_error_code _warnerr(krb5_context context, int do_errtext, 
-	 krb5_error_code code, int level, const char *fmt, va_list ap)
-	__attribute__((__format__(__printf__, 5, 0)));
-	
-static krb5_error_code
-_warnerr(krb5_context context, int do_errtext, 
-	 krb5_error_code code, int level, const char *fmt, va_list ap)
-{
-    char xfmt[7] = "";
-    const char *args[2], **arg;
-    char *msg = NULL;
-    char *err_str = NULL;
-    
-    args[0] = args[1] = NULL;
-    arg = args;
-    if(fmt){
-	strlcat(xfmt, "%s", sizeof(xfmt));
-	if(do_errtext)
-	    strlcat(xfmt, ": ", sizeof(xfmt));
-	vasprintf(&msg, fmt, ap);
-	if(msg == NULL)
-	    return ENOMEM;
-	*arg++ = msg;
-    }
-    if(context && do_errtext){
-	const char *err_msg;
-
-	strlcat(xfmt, "%s", sizeof(xfmt));
-
-	err_str = krb5_get_error_string(context);
-	if (err_str != NULL) {
-	    *arg++ = err_str;
-	} else {
-	    err_msg = krb5_get_err_text(context, code);
-	    if (err_msg)
-		*arg++ = err_msg;
-	    else
-		*arg++ = "<unknown error>";
-	}
-    }
-	
-    if(context && context->warn_dest)
-	krb5_log(context, context->warn_dest, level, xfmt, args[0], args[1]);
-    else
-	warnx(xfmt, args[0], args[1]);
-    free(msg);
-    free(err_str);
-    return 0;
-}
-
-#define FUNC(ETEXT, CODE, LEVEL)					\
-    krb5_error_code ret;						\
-    va_list ap;								\
-    va_start(ap, fmt);							\
-    ret = _warnerr(context, ETEXT, CODE, LEVEL, fmt, ap); 		\
-    va_end(ap);
-
-#undef __attribute__
-#define __attribute__(X)
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_vwarn(krb5_context context, krb5_error_code code, 
-	   const char *fmt, va_list ap)
-     __attribute__ ((format (printf, 3, 0)))
-{
-    return _warnerr(context, 1, code, 1, fmt, ap);
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_warn(krb5_context context, krb5_error_code code, const char *fmt, ...)
-     __attribute__ ((format (printf, 3, 4)))
-{
-    FUNC(1, code, 1);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_vwarnx(krb5_context context, const char *fmt, va_list ap)
-     __attribute__ ((format (printf, 2, 0)))
-{
-    return _warnerr(context, 0, 0, 1, fmt, ap);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_warnx(krb5_context context, const char *fmt, ...)
-     __attribute__ ((format (printf, 2, 3)))
-{
-    FUNC(0, 0, 1);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_verr(krb5_context context, int eval, krb5_error_code code, 
-	  const char *fmt, va_list ap)
-     __attribute__ ((noreturn, format (printf, 4, 0)))
-{
-    _warnerr(context, 1, code, 0, fmt, ap);
-    exit(eval);
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_err(krb5_context context, int eval, krb5_error_code code, 
-	 const char *fmt, ...)
-     __attribute__ ((noreturn, format (printf, 4, 5)))
-{
-    FUNC(1, code, 0);
-    exit(eval);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_verrx(krb5_context context, int eval, const char *fmt, va_list ap)
-     __attribute__ ((noreturn, format (printf, 3, 0)))
-{
-    _warnerr(context, 0, 0, 0, fmt, ap);
-    exit(eval);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_errx(krb5_context context, int eval, const char *fmt, ...)
-     __attribute__ ((noreturn, format (printf, 3, 4)))
-{
-    FUNC(0, 0, 0);
-    exit(eval);
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_vabort(krb5_context context, krb5_error_code code, 
-	    const char *fmt, va_list ap)
-     __attribute__ ((noreturn, format (printf, 3, 0)))
-{
-    _warnerr(context, 1, code, 0, fmt, ap);
-    abort();
-}
-
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_abort(krb5_context context, krb5_error_code code, const char *fmt, ...)
-     __attribute__ ((noreturn, format (printf, 3, 4)))
-{
-    FUNC(1, code, 0);
-    abort();
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_vabortx(krb5_context context, const char *fmt, va_list ap)
-     __attribute__ ((noreturn, format (printf, 2, 0)))
-{
-    _warnerr(context, 0, 0, 0, fmt, ap);
-    abort();
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_abortx(krb5_context context, const char *fmt, ...)
-     __attribute__ ((noreturn, format (printf, 2, 3)))
-{
-    FUNC(0, 0, 0);
-    abort();
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_set_warn_dest(krb5_context context, krb5_log_facility *fac)
-{
-    context->warn_dest = fac;
-    return 0;
-}
-
-krb5_log_facility * KRB5_LIB_FUNCTION
-krb5_get_warn_dest(krb5_context context)
-{
-    return context->warn_dest;
-}
diff --git a/crypto/heimdal/lib/krb5/write_message.c b/crypto/heimdal/lib/krb5/write_message.c
deleted file mode 100644
index 1694a1075e41..000000000000
--- a/crypto/heimdal/lib/krb5/write_message.c
+++ /dev/null
@@ -1,89 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: write_message.c 17442 2006-05-05 09:31:15Z lha $");
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_write_message (krb5_context context,
-		    krb5_pointer p_fd,
-		    krb5_data *data)
-{
-    uint32_t len;
-    uint8_t buf[4];
-    int ret;
-
-    len = data->length;
-    _krb5_put_int(buf, len, 4);
-    if (krb5_net_write (context, p_fd, buf, 4) != 4
-	|| krb5_net_write (context, p_fd, data->data, len) != len) {
-	ret = errno;
-	krb5_set_error_string (context, "write: %s", strerror(ret));
-	return ret;
-    }
-    return 0;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_write_priv_message(krb5_context context,
-			krb5_auth_context ac,
-			krb5_pointer p_fd,
-			krb5_data *data)
-{
-    krb5_error_code ret;
-    krb5_data packet;
-
-    ret = krb5_mk_priv (context, ac, data, &packet, NULL);
-    if(ret)
-	return ret;
-    ret = krb5_write_message(context, p_fd, &packet);
-    krb5_data_free(&packet);
-    return ret;
-}
-
-krb5_error_code KRB5_LIB_FUNCTION
-krb5_write_safe_message(krb5_context context,
-			krb5_auth_context ac,
-			krb5_pointer p_fd,
-			krb5_data *data)
-{
-    krb5_error_code ret;
-    krb5_data packet;
-    ret = krb5_mk_safe (context, ac, data, &packet, NULL);
-    if(ret)
-	return ret;
-    ret = krb5_write_message(context, p_fd, &packet);
-    krb5_data_free(&packet);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/ntlm/ChangeLog b/crypto/heimdal/lib/ntlm/ChangeLog
deleted file mode 100644
index b38ae91c4606..000000000000
--- a/crypto/heimdal/lib/ntlm/ChangeLog
+++ /dev/null
@@ -1,112 +0,0 @@
-2007-12-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* heimntlm.h: Add NTLM_TARGET_*
-
-	* ntlm.c: Make heim_ntlm_decode_type3 more useful and provide a
-	username. From Ming Yang.
-
-2007-11-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* move doxygen into the main file
-
-	* write doxygen documentation
-
-	* export heim_ntlm_free_buf, start doxygen documentation
-	
-2007-07-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ntlm.c: Use unsigned char * as argument to HMAC_Update to please
-	OpenSSL and gcc.
-
-	* test_ntlm.c: more verbose what we are testing.
-
-2007-07-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: New library version.
-
-2007-06-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_ntlm.c: heim_ntlm_calculate_ntlm2_sess_resp
-
-	* ntlm.c: Change prototype to match other heim_ntlm_calculate
-	functions.
-
-	* test_ntlm.c: Its ok if infotarget2 length is longer.
-
-	* ntlm.c: Merge in changes from Puneet Mehra and make work again.
-
-	* ntlm.c (heim_ntlm_ntlmv2_key): target should be uppercase.
-	From Puneet Mehra.
-
-	* version-script.map: Add heim_ntlm_calculate_ntlm2_sess_resp from
-	Puneet Mehra.
-
-	* ntlm.c: Add heim_ntlm_calculate_ntlm2_sess_resp from Puneet
-	Mehra.
-	
-	* test_ntlm.c: Test heim_ntlm_calculate_ntlm2_sess_resp from
-	Puneet Mehra.
-	
-2007-06-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: EXTRA_DIST += version-script.map.
-	
-2007-06-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_ntlm.c: Free memory diffrently.
-
-	* ntlm.c: Make free functions free memory.
-	
-2007-04-22  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: symbol versioning.
-	
-	* version-script.map: symbol versioning.
-	
-2007-01-31  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_ntlm.c: No need to include <gssapi.h>.
-	
-2007-01-04  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: add LIB_roken for test_ntlm
-	
-2006-12-26  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* test_ntlm.c: Verify infotarget.
-
-	* ntlm.c: Extract the infotarget from the answer.
-
-	* ntlm.c (heim_ntlm_verify_ntlm2): verify the ntlmv2 reply
-	
-2006-12-22  Dave Love  <fx@gnu.org>
-
-	* ntlm.c: Include <limits.h>.
-	
-2006-12-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_ntlm.c: add some new tests.
-
-	* ntlm.c: Add ntlmv2 answer calculating functions.
-
-	* ntlm.c: sent lm hashes, needed for NTLM2 session
-
-	* heimntlm.h: Add NTLM_NEG_NTLM2_SESSION, NTLMv2 session security.
-	
-2006-12-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ntlm.c (heim_ntlm_build_ntlm1_master): return session master
-	key.
-	
-2006-12-18  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ntlm.c (heim_ntlm_build_ntlm1_master): calculate the ntlm
-	version 1 "master" key.
-	
-2006-12-13  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* test_ntlm.c: Add simple parser test app.
-
-	* inital version of a NTLM library, only handles ntml version 1 and
-	ascii strings for now
-
diff --git a/crypto/heimdal/lib/ntlm/Makefile.am b/crypto/heimdal/lib/ntlm/Makefile.am
deleted file mode 100644
index 8d6214168933..000000000000
--- a/crypto/heimdal/lib/ntlm/Makefile.am
+++ /dev/null
@@ -1,34 +0,0 @@
-# $Id: Makefile.am 22045 2007-11-11 08:57:47Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-lib_LTLIBRARIES	= libheimntlm.la
-
-include_HEADERS = heimntlm.h heimntlm-protos.h
-
-libheimntlm_la_SOURCES	= ntlm.c heimntlm.h
-
-libheimntlm_la_LDFLAGS = -version-info 1:0:1
-
-if versionscript
-libheimntlm_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
-endif
-$(libheimntlm_la_OBJECTS): $(srcdir)/version-script.map
-
-libheimntlm_la_LIBADD = \
-	../krb5/libkrb5.la \
-	$(LIBADD_roken)
-
-$(srcdir)/heimntlm-protos.h:
-	cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -o heimntlm-protos.h $(libheimntlm_la_SOURCES) || rm -f heimntlm-protos.h
-
-$(libheimntlm_la_OBJECTS): $(srcdir)/heimntlm-protos.h
-
-
-TESTS = test_ntlm
-
-check_PROGRAMS = test_ntlm
-
-LDADD = libheimntlm.la $(LIB_roken)
-
-EXTRA_DIST = version-script.map
diff --git a/crypto/heimdal/lib/ntlm/Makefile.in b/crypto/heimdal/lib/ntlm/Makefile.in
deleted file mode 100644
index b5c614f89425..000000000000
--- a/crypto/heimdal/lib/ntlm/Makefile.in
+++ /dev/null
@@ -1,909 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 22045 2007-11-11 08:57:47Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(include_HEADERS) $(srcdir)/Makefile.am \
-	$(srcdir)/Makefile.in $(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common ChangeLog
-@versionscript_TRUE@am__append_1 = $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
-TESTS = test_ntlm$(EXEEXT)
-check_PROGRAMS = test_ntlm$(EXEEXT)
-subdir = lib/ntlm
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
-    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
-    *) f=$$p;; \
-  esac;
-am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
-am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)"
-libLTLIBRARIES_INSTALL = $(INSTALL)
-LTLIBRARIES = $(lib_LTLIBRARIES)
-am__DEPENDENCIES_1 =
-libheimntlm_la_DEPENDENCIES = ../krb5/libkrb5.la $(am__DEPENDENCIES_1)
-am_libheimntlm_la_OBJECTS = ntlm.lo
-libheimntlm_la_OBJECTS = $(am_libheimntlm_la_OBJECTS)
-libheimntlm_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(libheimntlm_la_LDFLAGS) $(LDFLAGS) -o $@
-test_ntlm_SOURCES = test_ntlm.c
-test_ntlm_OBJECTS = test_ntlm.$(OBJEXT)
-test_ntlm_LDADD = $(LDADD)
-test_ntlm_DEPENDENCIES = libheimntlm.la $(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-SOURCES = $(libheimntlm_la_SOURCES) test_ntlm.c
-DIST_SOURCES = $(libheimntlm_la_SOURCES) test_ntlm.c
-includeHEADERS_INSTALL = $(INSTALL_HEADER)
-HEADERS = $(include_HEADERS)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-lib_LTLIBRARIES = libheimntlm.la
-include_HEADERS = heimntlm.h heimntlm-protos.h
-libheimntlm_la_SOURCES = ntlm.c heimntlm.h
-libheimntlm_la_LDFLAGS = -version-info 1:0:1 $(am__append_1)
-libheimntlm_la_LIBADD = \
-	../krb5/libkrb5.la \
-	$(LIBADD_roken)
-
-LDADD = libheimntlm.la $(LIB_roken)
-EXTRA_DIST = version-script.map
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps lib/ntlm/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps lib/ntlm/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f=$(am__strip_dir) \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  p=$(am__strip_dir) \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
-	  $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test "$$dir" != "$$p" || dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-libheimntlm.la: $(libheimntlm_la_OBJECTS) $(libheimntlm_la_DEPENDENCIES) 
-	$(libheimntlm_la_LINK) -rpath $(libdir) $(libheimntlm_la_OBJECTS) $(libheimntlm_la_LIBADD) $(LIBS)
-
-clean-checkPROGRAMS:
-	@list='$(check_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-test_ntlm$(EXEEXT): $(test_ntlm_OBJECTS) $(test_ntlm_DEPENDENCIES) 
-	@rm -f test_ntlm$(EXEEXT)
-	$(LINK) $(test_ntlm_OBJECTS) $(test_ntlm_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-includeHEADERS: $(include_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
-	  $(includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-uninstall-includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-check-TESTS: $(TESTS)
-	@failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[	 ]'; \
-	srcdir=$(srcdir); export srcdir; \
-	list=' $(TESTS) '; \
-	if test -n "$$list"; then \
-	  for tst in $$list; do \
-	    if test -f ./$$tst; then dir=./; \
-	    elif test -f $$tst; then dir=; \
-	    else dir="$(srcdir)/"; fi; \
-	    if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xpass=`expr $$xpass + 1`; \
-		failed=`expr $$failed + 1`; \
-		echo "XPASS: $$tst"; \
-	      ;; \
-	      *) \
-		echo "PASS: $$tst"; \
-	      ;; \
-	      esac; \
-	    elif test $$? -ne 77; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xfail=`expr $$xfail + 1`; \
-		echo "XFAIL: $$tst"; \
-	      ;; \
-	      *) \
-		failed=`expr $$failed + 1`; \
-		echo "FAIL: $$tst"; \
-	      ;; \
-	      esac; \
-	    else \
-	      skip=`expr $$skip + 1`; \
-	      echo "SKIP: $$tst"; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    if test "$$xfail" -eq 0; then \
-	      banner="All $$all tests passed"; \
-	    else \
-	      banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
-	    fi; \
-	  else \
-	    if test "$$xpass" -eq 0; then \
-	      banner="$$failed of $$all tests failed"; \
-	    else \
-	      banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
-	    fi; \
-	  fi; \
-	  dashes="$$banner"; \
-	  skipped=""; \
-	  if test "$$skip" -ne 0; then \
-	    skipped="($$skip tests were not run)"; \
-	    test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$skipped"; \
-	  fi; \
-	  report=""; \
-	  if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
-	    report="Please report to $(PACKAGE_BUGREPORT)"; \
-	    test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$report"; \
-	  fi; \
-	  dashes=`echo "$$dashes" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  test -z "$$skipped" || echo "$$skipped"; \
-	  test -z "$$report" || echo "$$report"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	else :; fi
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
-	$(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(HEADERS) all-local
-installdirs:
-	for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-checkPROGRAMS clean-generic clean-libLTLIBRARIES \
-	clean-libtool mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-includeHEADERS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am: install-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-includeHEADERS uninstall-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-TESTS check-am \
-	check-local clean clean-checkPROGRAMS clean-generic \
-	clean-libLTLIBRARIES clean-libtool ctags dist-hook distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am \
-	install-data-hook install-dvi install-dvi-am install-exec \
-	install-exec-am install-exec-hook install-html install-html-am \
-	install-includeHEADERS install-info install-info-am \
-	install-libLTLIBRARIES install-man install-pdf install-pdf-am \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-hook \
-	uninstall-includeHEADERS uninstall-libLTLIBRARIES
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-$(libheimntlm_la_OBJECTS): $(srcdir)/version-script.map
-
-$(srcdir)/heimntlm-protos.h:
-	cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -o heimntlm-protos.h $(libheimntlm_la_SOURCES) || rm -f heimntlm-protos.h
-
-$(libheimntlm_la_OBJECTS): $(srcdir)/heimntlm-protos.h
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/ntlm/heimntlm-protos.h b/crypto/heimdal/lib/ntlm/heimntlm-protos.h
deleted file mode 100644
index bc64791b4396..000000000000
--- a/crypto/heimdal/lib/ntlm/heimntlm-protos.h
+++ /dev/null
@@ -1,131 +0,0 @@
-/* This is a generated file */
-#ifndef __heimntlm_protos_h__
-#define __heimntlm_protos_h__
-
-#include <stdarg.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-int
-heim_ntlm_build_ntlm1_master (
-	void */*key*/,
-	size_t /*len*/,
-	struct ntlm_buf */*session*/,
-	struct ntlm_buf */*master*/);
-
-int
-heim_ntlm_calculate_ntlm1 (
-	void */*key*/,
-	size_t /*len*/,
-	unsigned char challange[8],
-	struct ntlm_buf */*answer*/);
-
-int
-heim_ntlm_calculate_ntlm2 (
-	const void */*key*/,
-	size_t /*len*/,
-	const char */*username*/,
-	const char */*target*/,
-	const unsigned char serverchallange[8],
-	const struct ntlm_buf */*infotarget*/,
-	unsigned char ntlmv2[16],
-	struct ntlm_buf */*answer*/);
-
-int
-heim_ntlm_calculate_ntlm2_sess (
-	const unsigned char clnt_nonce[8],
-	const unsigned char svr_chal[8],
-	const unsigned char ntlm_hash[16],
-	struct ntlm_buf */*lm*/,
-	struct ntlm_buf */*ntlm*/);
-
-int
-heim_ntlm_decode_targetinfo (
-	const struct ntlm_buf */*data*/,
-	int /*ucs2*/,
-	struct ntlm_targetinfo */*ti*/);
-
-int
-heim_ntlm_decode_type1 (
-	const struct ntlm_buf */*buf*/,
-	struct ntlm_type1 */*data*/);
-
-int
-heim_ntlm_decode_type2 (
-	const struct ntlm_buf */*buf*/,
-	struct ntlm_type2 */*type2*/);
-
-int
-heim_ntlm_decode_type3 (
-	const struct ntlm_buf */*buf*/,
-	int /*ucs2*/,
-	struct ntlm_type3 */*type3*/);
-
-int
-heim_ntlm_encode_targetinfo (
-	const struct ntlm_targetinfo */*ti*/,
-	int /*ucs2*/,
-	struct ntlm_buf */*data*/);
-
-int
-heim_ntlm_encode_type1 (
-	const struct ntlm_type1 */*type1*/,
-	struct ntlm_buf */*data*/);
-
-int
-heim_ntlm_encode_type2 (
-	const struct ntlm_type2 */*type2*/,
-	struct ntlm_buf */*data*/);
-
-int
-heim_ntlm_encode_type3 (
-	const struct ntlm_type3 */*type3*/,
-	struct ntlm_buf */*data*/);
-
-void
-heim_ntlm_free_buf (struct ntlm_buf */*p*/);
-
-void
-heim_ntlm_free_targetinfo (struct ntlm_targetinfo */*ti*/);
-
-void
-heim_ntlm_free_type1 (struct ntlm_type1 */*data*/);
-
-void
-heim_ntlm_free_type2 (struct ntlm_type2 */*data*/);
-
-void
-heim_ntlm_free_type3 (struct ntlm_type3 */*data*/);
-
-int
-heim_ntlm_nt_key (
-	const char */*password*/,
-	struct ntlm_buf */*key*/);
-
-void
-heim_ntlm_ntlmv2_key (
-	const void */*key*/,
-	size_t /*len*/,
-	const char */*username*/,
-	const char */*target*/,
-	unsigned char ntlmv2[16]);
-
-int
-heim_ntlm_verify_ntlm2 (
-	const void */*key*/,
-	size_t /*len*/,
-	const char */*username*/,
-	const char */*target*/,
-	time_t /*now*/,
-	const unsigned char serverchallange[8],
-	const struct ntlm_buf */*answer*/,
-	struct ntlm_buf */*infotarget*/,
-	unsigned char ntlmv2[16]);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __heimntlm_protos_h__ */
diff --git a/crypto/heimdal/lib/ntlm/heimntlm.h b/crypto/heimdal/lib/ntlm/heimntlm.h
deleted file mode 100644
index 09d2205fd213..000000000000
--- a/crypto/heimdal/lib/ntlm/heimntlm.h
+++ /dev/null
@@ -1,124 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: heimntlm.h 22376 2007-12-28 18:38:23Z lha $ */
-
-#ifndef HEIM_NTLM_H
-#define HEIM_NTLM_H
-
-/**
- * Buffer for storing data in the NTLM library. When filled in by the
- * library it should be freed with heim_ntlm_free_buf().
- */
-struct ntlm_buf {
-    size_t length; /**< length buffer data */
-    void *data; /**< pointer to the data itself */
-};
-
-#define NTLM_NEG_UNICODE		0x00000001
-#define NTLM_NEG_TARGET			0x00000004
-#define NTLM_NEG_SIGN			0x00000010
-#define NTLM_NEG_SEAL			0x00000020
-#define NTLM_NEG_NTLM			0x00000200
-
-#define NTLM_SUPPLIED_DOMAIN		0x00001000
-#define NTLM_SUPPLIED_WORKSTAION	0x00002000
-
-#define NTLM_NEG_ALWAYS_SIGN		0x00008000
-#define NTLM_NEG_NTLM2_SESSION		0x00080000
-
-#define NTLM_TARGET_DOMAIN		0x00010000
-#define NTLM_TARGET_SERVER		0x00020000
-#define NTLM_ENC_128			0x20000000
-#define NTLM_NEG_KEYEX			0x40000000
-
-/**
- * Struct for the NTLM target info, the strings is assumed to be in
- * UTF8.  When filled in by the library it should be freed with
- * heim_ntlm_free_targetinfo().
- */
-struct ntlm_targetinfo {
-    char *servername; /**< */
-    char *domainname; /**< */
-    char *dnsdomainname; /**< */
-    char *dnsservername; /**< */
-};
-
-/**
- * Struct for the NTLM type1 message info, the strings is assumed to
- * be in UTF8.  When filled in by the library it should be freed with
- * heim_ntlm_free_type1().
- */
-
-struct ntlm_type1 {
-    uint32_t flags; /**< */
-    char *domain; /**< */
-    char *hostname; /**< */
-    uint32_t os[2]; /**< */
-};
-
-/**
- * Struct for the NTLM type2 message info, the strings is assumed to
- * be in UTF8.  When filled in by the library it should be freed with
- * heim_ntlm_free_type2().
- */
-
-struct ntlm_type2 {
-    uint32_t flags; /**< */
-    char *targetname; /**< */
-    struct ntlm_buf targetinfo; /**< */
-    unsigned char challange[8]; /**< */
-    uint32_t context[2]; /**< */
-    uint32_t os[2]; /**< */
-};
-
-/**
- * Struct for the NTLM type3 message info, the strings is assumed to
- * be in UTF8.  When filled in by the library it should be freed with
- * heim_ntlm_free_type3().
- */
-
-struct ntlm_type3 {
-    uint32_t flags; /**< */
-    char *username; /**< */
-    char *targetname; /**< */
-    struct ntlm_buf lm; /**< */
-    struct ntlm_buf ntlm; /**< */
-    struct ntlm_buf sessionkey; /**< */
-    char *ws; /**< */
-    uint32_t os[2]; /**< */
-};
-
-#include <heimntlm-protos.h>
-
-#endif /* NTLM_NTLM_H */
diff --git a/crypto/heimdal/lib/ntlm/ntlm.c b/crypto/heimdal/lib/ntlm/ntlm.c
deleted file mode 100644
index f3dccfaca165..000000000000
--- a/crypto/heimdal/lib/ntlm/ntlm.c
+++ /dev/null
@@ -1,1364 +0,0 @@
-/*
- * Copyright (c) 2006 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <config.h>
-
-RCSID("$Id: ntlm.c 22370 2007-12-28 16:12:01Z lha $");
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <assert.h>
-#include <string.h>
-#include <ctype.h>
-#include <errno.h>
-#include <limits.h>
-
-#include <krb5.h>
-#include <roken.h>
-
-#include "krb5-types.h"
-#include "crypto-headers.h"
-
-#include <heimntlm.h>
-
-/*! \mainpage Heimdal NTLM library
- *
- * \section intro Introduction
- *
- * Heimdal libheimntlm library is a implementation of the NTLM
- * protocol, both version 1 and 2. The GSS-API mech that uses this
- * library adds support for transport encryption and integrity
- * checking.
- * 
- * NTLM is a protocol for mutual authentication, its still used in
- * many protocol where Kerberos is not support, one example is
- * EAP/X802.1x mechanism LEAP from Microsoft and Cisco.
- *
- * This is a support library for the core protocol, its used in
- * Heimdal to implement and GSS-API mechanism. There is also support
- * in the KDC to do remote digest authenticiation, this to allow
- * services to authenticate users w/o direct access to the users ntlm
- * hashes (same as Kerberos arcfour enctype hashes).
- *
- * More information about the NTLM protocol can found here
- * http://davenport.sourceforge.net/ntlm.html .
- * 
- * The Heimdal projects web page: http://www.h5l.org/
- */
-
-/** @defgroup ntlm_core Heimdal NTLM library 
- * 
- * The NTLM core functions implement the string2key generation
- * function, message encode and decode function, and the hash function
- * functions.
- */
-
-struct sec_buffer {
-    uint16_t length;
-    uint16_t allocated;
-    uint32_t offset;
-};
-
-static const unsigned char ntlmsigature[8] = "NTLMSSP\x00";
-
-/*
- *
- */
-
-#define CHECK(f, e)							\
-    do { ret = f ; if (ret != (e)) { ret = EINVAL; goto out; } } while(0)
-
-/**
- * heim_ntlm_free_buf frees the ntlm buffer
- *
- * @param p buffer to be freed
- *
- * @ingroup ntlm_core
- */
-
-void
-heim_ntlm_free_buf(struct ntlm_buf *p)
-{
-    if (p->data)
-	free(p->data);
-    p->data = NULL;
-    p->length = 0;
-}
-    
-
-static int
-ascii2ucs2le(const char *string, int up, struct ntlm_buf *buf)
-{
-    unsigned char *p;
-    size_t len, i;
-
-    len = strlen(string);
-    if (len / 2 > UINT_MAX)
-	return ERANGE;
-
-    buf->length = len * 2;
-    buf->data = malloc(buf->length);
-    if (buf->data == NULL && len != 0) {
-	heim_ntlm_free_buf(buf);
-	return ENOMEM;
-    }
-
-    p = buf->data;
-    for (i = 0; i < len; i++) {
-	unsigned char t = (unsigned char)string[i];
-	if (t & 0x80) {
-	    heim_ntlm_free_buf(buf);
-	    return EINVAL;
-	}
-	if (up)
-	    t = toupper(t);
-	p[(i * 2) + 0] = t;
-	p[(i * 2) + 1] = 0;
-    }
-    return 0;
-}
-
-/*
- *
- */
-
-static krb5_error_code
-ret_sec_buffer(krb5_storage *sp, struct sec_buffer *buf)
-{
-    krb5_error_code ret;
-    CHECK(krb5_ret_uint16(sp, &buf->length), 0);
-    CHECK(krb5_ret_uint16(sp, &buf->allocated), 0);
-    CHECK(krb5_ret_uint32(sp, &buf->offset), 0);
-out:
-    return ret;
-}
-
-static krb5_error_code
-store_sec_buffer(krb5_storage *sp, const struct sec_buffer *buf)
-{
-    krb5_error_code ret;
-    CHECK(krb5_store_uint16(sp, buf->length), 0);
-    CHECK(krb5_store_uint16(sp, buf->allocated), 0);
-    CHECK(krb5_store_uint32(sp, buf->offset), 0);
-out:
-    return ret;
-}
-
-/*
- * Strings are either OEM or UNICODE. The later is encoded as ucs2 on
- * wire, but using utf8 in memory.
- */
-
-static krb5_error_code
-len_string(int ucs2, const char *s)
-{
-    size_t len = strlen(s);
-    if (ucs2)
-	len *= 2;
-    return len;
-}
-
-static krb5_error_code
-ret_string(krb5_storage *sp, int ucs2, struct sec_buffer *desc, char **s)
-{
-    krb5_error_code ret;
-
-    *s = malloc(desc->length + 1);
-    CHECK(krb5_storage_seek(sp, desc->offset, SEEK_SET), desc->offset);
-    CHECK(krb5_storage_read(sp, *s, desc->length), desc->length);
-    (*s)[desc->length] = '\0';
-
-    if (ucs2) {
-	size_t i;
-	for (i = 0; i < desc->length / 2; i++) {
-	    (*s)[i] = (*s)[i * 2];
-	    if ((*s)[i * 2 + 1]) {
-		free(*s);
-		*s = NULL;
-		return EINVAL;
-	    }
-	}
-	(*s)[i] = '\0';
-    }
-    ret = 0;
-out:
-    return ret;
-
-    return 0;
-}
-
-static krb5_error_code
-put_string(krb5_storage *sp, int ucs2, const char *s)
-{
-    krb5_error_code ret;
-    struct ntlm_buf buf;
-
-    if (ucs2) {
-	ret = ascii2ucs2le(s, 0, &buf);
-	if (ret)
-	    return ret;
-    } else {
-	buf.data = rk_UNCONST(s);
-	buf.length = strlen(s);
-    }
-
-    CHECK(krb5_storage_write(sp, buf.data, buf.length), buf.length);
-    if (ucs2)
-	heim_ntlm_free_buf(&buf);
-    ret = 0;
-out:
-    return ret;
-}
-
-/*
- *
- */
-
-static krb5_error_code
-ret_buf(krb5_storage *sp, struct sec_buffer *desc, struct ntlm_buf *buf)
-{
-    krb5_error_code ret;
-
-    buf->data = malloc(desc->length);
-    buf->length = desc->length;
-    CHECK(krb5_storage_seek(sp, desc->offset, SEEK_SET), desc->offset);
-    CHECK(krb5_storage_read(sp, buf->data, buf->length), buf->length);
-    ret = 0;
-out:
-    return ret;
-}
-
-static krb5_error_code
-put_buf(krb5_storage *sp, const struct ntlm_buf *buf)
-{
-    krb5_error_code ret;
-    CHECK(krb5_storage_write(sp, buf->data, buf->length), buf->length);
-    ret = 0;
-out:
-    return ret;
-}
-
-/**
- * Frees the ntlm_targetinfo message
- *
- * @param ti targetinfo to be freed
- *
- * @ingroup ntlm_core
- */
-
-void
-heim_ntlm_free_targetinfo(struct ntlm_targetinfo *ti)
-{
-    free(ti->servername);
-    free(ti->domainname);
-    free(ti->dnsdomainname);
-    free(ti->dnsservername);
-    memset(ti, 0, sizeof(*ti));
-}
-
-static int
-encode_ti_blob(krb5_storage *out, uint16_t type, int ucs2, char *s)
-{
-    krb5_error_code ret;
-    CHECK(krb5_store_uint16(out, type), 0);
-    CHECK(krb5_store_uint16(out, len_string(ucs2, s)), 0);
-    CHECK(put_string(out, ucs2, s), 0);
-out:
-    return ret;
-}
-
-/**
- * Encodes a ntlm_targetinfo message.
- *
- * @param ti the ntlm_targetinfo message to encode.
- * @param ucs2 if the strings should be encoded with ucs2 (selected by flag in message).
- * @param data is the return buffer with the encoded message, should be
- * freed with heim_ntlm_free_buf().
- *
- * @return In case of success 0 is return, an errors, a errno in what
- * went wrong.
- *
- * @ingroup ntlm_core
- */
-
-int
-heim_ntlm_encode_targetinfo(const struct ntlm_targetinfo *ti,
-			    int ucs2, 
-			    struct ntlm_buf *data)
-{
-    krb5_error_code ret;
-    krb5_storage *out;
-
-    data->data = NULL;
-    data->length = 0;
-
-    out = krb5_storage_emem();
-    if (out == NULL)
-	return ENOMEM;
-
-    if (ti->servername)
-	CHECK(encode_ti_blob(out, 1, ucs2, ti->servername), 0);
-    if (ti->domainname)
-	CHECK(encode_ti_blob(out, 2, ucs2, ti->domainname), 0);
-    if (ti->dnsservername)
-	CHECK(encode_ti_blob(out, 3, ucs2, ti->dnsservername), 0);
-    if (ti->dnsdomainname)
-	CHECK(encode_ti_blob(out, 4, ucs2, ti->dnsdomainname), 0);
-
-    /* end tag */
-    CHECK(krb5_store_int16(out, 0), 0);
-    CHECK(krb5_store_int16(out, 0), 0);
-
-    {
-	krb5_data d;
-	ret = krb5_storage_to_data(out, &d);
-	data->data = d.data;
-	data->length = d.length;
-    }
-out:
-    krb5_storage_free(out);
-    return ret;
-}
-
-/**
- * Decodes an NTLM targetinfo message
- *
- * @param data input data buffer with the encode NTLM targetinfo message
- * @param ucs2 if the strings should be encoded with ucs2 (selected by flag in message).
- * @param ti the decoded target info, should be freed with heim_ntlm_free_targetinfo().
- *
- * @return In case of success 0 is return, an errors, a errno in what
- * went wrong.
- *
- * @ingroup ntlm_core
- */
-
-int
-heim_ntlm_decode_targetinfo(const struct ntlm_buf *data,
-			    int ucs2,
-			    struct ntlm_targetinfo *ti)
-{
-    memset(ti, 0, sizeof(*ti));
-    return 0;
-}
-
-/**
- * Frees the ntlm_type1 message
- *
- * @param data message to be freed
- *
- * @ingroup ntlm_core
- */
-
-void
-heim_ntlm_free_type1(struct ntlm_type1 *data)
-{
-    if (data->domain)
-	free(data->domain);
-    if (data->hostname)
-	free(data->hostname);
-    memset(data, 0, sizeof(*data));
-}
-
-int
-heim_ntlm_decode_type1(const struct ntlm_buf *buf, struct ntlm_type1 *data)
-{
-    krb5_error_code ret;
-    unsigned char sig[8];
-    uint32_t type;
-    struct sec_buffer domain, hostname;
-    krb5_storage *in;
-    
-    memset(data, 0, sizeof(*data));
-
-    in = krb5_storage_from_readonly_mem(buf->data, buf->length);
-    if (in == NULL) {
-	ret = EINVAL;
-	goto out;
-    }
-    krb5_storage_set_byteorder(in, KRB5_STORAGE_BYTEORDER_LE);
-
-    CHECK(krb5_storage_read(in, sig, sizeof(sig)), sizeof(sig));
-    CHECK(memcmp(ntlmsigature, sig, sizeof(ntlmsigature)), 0);
-    CHECK(krb5_ret_uint32(in, &type), 0);
-    CHECK(type, 1);
-    CHECK(krb5_ret_uint32(in, &data->flags), 0);
-    if (data->flags & NTLM_SUPPLIED_DOMAIN)
-	CHECK(ret_sec_buffer(in, &domain), 0);
-    if (data->flags & NTLM_SUPPLIED_WORKSTAION)
-	CHECK(ret_sec_buffer(in, &hostname), 0);
-#if 0
-    if (domain.offset > 32) {
-	CHECK(krb5_ret_uint32(in, &data->os[0]), 0);
-	CHECK(krb5_ret_uint32(in, &data->os[1]), 0);
-    }
-#endif
-    if (data->flags & NTLM_SUPPLIED_DOMAIN)
-	CHECK(ret_string(in, 0, &domain, &data->domain), 0);
-    if (data->flags & NTLM_SUPPLIED_WORKSTAION)
-	CHECK(ret_string(in, 0, &hostname, &data->hostname), 0);
-
-out:
-    krb5_storage_free(in);
-    if (ret)
-	heim_ntlm_free_type1(data);
-
-    return ret;
-}
-
-/**
- * Encodes an ntlm_type1 message.
- *
- * @param type1 the ntlm_type1 message to encode.
- * @param data is the return buffer with the encoded message, should be
- * freed with heim_ntlm_free_buf().
- *
- * @return In case of success 0 is return, an errors, a errno in what
- * went wrong.
- *
- * @ingroup ntlm_core
- */
-
-int
-heim_ntlm_encode_type1(const struct ntlm_type1 *type1, struct ntlm_buf *data)
-{
-    krb5_error_code ret;
-    struct sec_buffer domain, hostname;
-    krb5_storage *out;
-    uint32_t base, flags;
-    
-    flags = type1->flags;
-    base = 16;
-
-    if (type1->domain) {
-	base += 8;
-	flags |= NTLM_SUPPLIED_DOMAIN;
-    }
-    if (type1->hostname) {
-	base += 8;
-	flags |= NTLM_SUPPLIED_WORKSTAION;
-    }
-    if (type1->os[0])
-	base += 8;
-
-    if (type1->domain) {
-	domain.offset = base;
-	domain.length = len_string(0, type1->domain);
-	domain.allocated = domain.length;
-    }
-    if (type1->hostname) {
-	hostname.offset = domain.allocated + domain.offset;
-	hostname.length = len_string(0, type1->hostname);
-	hostname.allocated = hostname.length;
-    }
-
-    out = krb5_storage_emem();
-    if (out == NULL)
-	return ENOMEM;
-
-    krb5_storage_set_byteorder(out, KRB5_STORAGE_BYTEORDER_LE);
-    CHECK(krb5_storage_write(out, ntlmsigature, sizeof(ntlmsigature)), 
-	  sizeof(ntlmsigature));
-    CHECK(krb5_store_uint32(out, 1), 0);
-    CHECK(krb5_store_uint32(out, flags), 0);
-    
-    if (type1->domain)
-	CHECK(store_sec_buffer(out, &domain), 0);
-    if (type1->hostname)
-	CHECK(store_sec_buffer(out, &hostname), 0);
-    if (type1->os[0]) {
-	CHECK(krb5_store_uint32(out, type1->os[0]), 0);
-	CHECK(krb5_store_uint32(out, type1->os[1]), 0);
-    }
-    if (type1->domain)
-	CHECK(put_string(out, 0, type1->domain), 0);
-    if (type1->hostname)
-	CHECK(put_string(out, 0, type1->hostname), 0);
-
-    {
-	krb5_data d;
-	ret = krb5_storage_to_data(out, &d);
-	data->data = d.data;
-	data->length = d.length;
-    }
-out:
-    krb5_storage_free(out);
-
-    return ret;
-}
-
-/**
- * Frees the ntlm_type2 message
- *
- * @param data message to be freed
- *
- * @ingroup ntlm_core
- */
-
-void
-heim_ntlm_free_type2(struct ntlm_type2 *data)
-{
-    if (data->targetname)
-	free(data->targetname);
-    heim_ntlm_free_buf(&data->targetinfo);
-    memset(data, 0, sizeof(*data));
-}
-
-int
-heim_ntlm_decode_type2(const struct ntlm_buf *buf, struct ntlm_type2 *type2)
-{
-    krb5_error_code ret;
-    unsigned char sig[8];
-    uint32_t type, ctx[2];
-    struct sec_buffer targetname, targetinfo;
-    krb5_storage *in;
-    int ucs2 = 0;
-    
-    memset(type2, 0, sizeof(*type2));
-
-    in = krb5_storage_from_readonly_mem(buf->data, buf->length);
-    if (in == NULL) {
-	ret = EINVAL;
-	goto out;
-    }
-    krb5_storage_set_byteorder(in, KRB5_STORAGE_BYTEORDER_LE);
-
-    CHECK(krb5_storage_read(in, sig, sizeof(sig)), sizeof(sig));
-    CHECK(memcmp(ntlmsigature, sig, sizeof(ntlmsigature)), 0);
-    CHECK(krb5_ret_uint32(in, &type), 0);
-    CHECK(type, 2);
-
-    CHECK(ret_sec_buffer(in, &targetname), 0);
-    CHECK(krb5_ret_uint32(in, &type2->flags), 0);
-    if (type2->flags & NTLM_NEG_UNICODE)
-	ucs2 = 1;
-    CHECK(krb5_storage_read(in, type2->challange, sizeof(type2->challange)),
-	  sizeof(type2->challange));
-    CHECK(krb5_ret_uint32(in, &ctx[0]), 0); /* context */
-    CHECK(krb5_ret_uint32(in, &ctx[1]), 0);
-    CHECK(ret_sec_buffer(in, &targetinfo), 0);
-    /* os version */
-#if 0
-    CHECK(krb5_ret_uint32(in, &type2->os[0]), 0);
-    CHECK(krb5_ret_uint32(in, &type2->os[1]), 0);
-#endif
-
-    CHECK(ret_string(in, ucs2, &targetname, &type2->targetname), 0);
-    CHECK(ret_buf(in, &targetinfo, &type2->targetinfo), 0);
-    ret = 0;
-
-out:
-    krb5_storage_free(in);
-    if (ret)
-	heim_ntlm_free_type2(type2);
-
-    return ret;
-}
-
-/**
- * Encodes an ntlm_type2 message.
- *
- * @param type2 the ntlm_type2 message to encode.
- * @param data is the return buffer with the encoded message, should be
- * freed with heim_ntlm_free_buf().
- *
- * @return In case of success 0 is return, an errors, a errno in what
- * went wrong.
- *
- * @ingroup ntlm_core
- */
-
-int
-heim_ntlm_encode_type2(const struct ntlm_type2 *type2, struct ntlm_buf *data)
-{
-    struct sec_buffer targetname, targetinfo;
-    krb5_error_code ret;
-    krb5_storage *out = NULL;
-    uint32_t base;
-    int ucs2 = 0;
-
-    if (type2->os[0])
-	base = 56;
-    else
-	base = 48;
-
-    if (type2->flags & NTLM_NEG_UNICODE)
-	ucs2 = 1;
-
-    targetname.offset = base;
-    targetname.length = len_string(ucs2, type2->targetname);
-    targetname.allocated = targetname.length;
-
-    targetinfo.offset = targetname.allocated + targetname.offset;
-    targetinfo.length = type2->targetinfo.length;
-    targetinfo.allocated = type2->targetinfo.length;
-
-    out = krb5_storage_emem();
-    if (out == NULL)
-	return ENOMEM;
-
-    krb5_storage_set_byteorder(out, KRB5_STORAGE_BYTEORDER_LE);
-    CHECK(krb5_storage_write(out, ntlmsigature, sizeof(ntlmsigature)), 
-	  sizeof(ntlmsigature));
-    CHECK(krb5_store_uint32(out, 2), 0);
-    CHECK(store_sec_buffer(out, &targetname), 0);
-    CHECK(krb5_store_uint32(out, type2->flags), 0);
-    CHECK(krb5_storage_write(out, type2->challange, sizeof(type2->challange)),
-	  sizeof(type2->challange));
-    CHECK(krb5_store_uint32(out, 0), 0); /* context */
-    CHECK(krb5_store_uint32(out, 0), 0);
-    CHECK(store_sec_buffer(out, &targetinfo), 0);
-    /* os version */
-    if (type2->os[0]) {
-	CHECK(krb5_store_uint32(out, type2->os[0]), 0);
-	CHECK(krb5_store_uint32(out, type2->os[1]), 0);
-    }
-    CHECK(put_string(out, ucs2, type2->targetname), 0);
-    CHECK(krb5_storage_write(out, type2->targetinfo.data, 
-			     type2->targetinfo.length),
-	  type2->targetinfo.length);
-    
-    {
-	krb5_data d;
-	ret = krb5_storage_to_data(out, &d);
-	data->data = d.data;
-	data->length = d.length;
-    }
-
-out:
-    krb5_storage_free(out);
-
-    return ret;
-}
-
-/**
- * Frees the ntlm_type3 message
- *
- * @param data message to be freed
- *
- * @ingroup ntlm_core
- */
-
-void
-heim_ntlm_free_type3(struct ntlm_type3 *data)
-{
-    heim_ntlm_free_buf(&data->lm);
-    heim_ntlm_free_buf(&data->ntlm);
-    if (data->targetname)
-	free(data->targetname);
-    if (data->username)
-	free(data->username);
-    if (data->ws)
-	free(data->ws);
-    heim_ntlm_free_buf(&data->sessionkey);
-    memset(data, 0, sizeof(*data));
-}
-
-/*
- *
- */
-
-int
-heim_ntlm_decode_type3(const struct ntlm_buf *buf,
-		       int ucs2,
-		       struct ntlm_type3 *type3)
-{
-    krb5_error_code ret;
-    unsigned char sig[8];
-    uint32_t type;
-    krb5_storage *in;
-    struct sec_buffer lm, ntlm, target, username, sessionkey, ws;
-
-    memset(type3, 0, sizeof(*type3));
-    memset(&sessionkey, 0, sizeof(sessionkey));
-
-    in = krb5_storage_from_readonly_mem(buf->data, buf->length);
-    if (in == NULL) {
-	ret = EINVAL;
-	goto out;
-    }
-    krb5_storage_set_byteorder(in, KRB5_STORAGE_BYTEORDER_LE);
-
-    CHECK(krb5_storage_read(in, sig, sizeof(sig)), sizeof(sig));
-    CHECK(memcmp(ntlmsigature, sig, sizeof(ntlmsigature)), 0);
-    CHECK(krb5_ret_uint32(in, &type), 0);
-    CHECK(type, 3);
-    CHECK(ret_sec_buffer(in, &lm), 0);
-    CHECK(ret_sec_buffer(in, &ntlm), 0);
-    CHECK(ret_sec_buffer(in, &target), 0);
-    CHECK(ret_sec_buffer(in, &username), 0);
-    CHECK(ret_sec_buffer(in, &ws), 0);
-    if (lm.offset >= 60) {
-	CHECK(ret_sec_buffer(in, &sessionkey), 0);
-    }
-    if (lm.offset >= 64) {
-	CHECK(krb5_ret_uint32(in, &type3->flags), 0);
-    }
-    if (lm.offset >= 72) {
-	CHECK(krb5_ret_uint32(in, &type3->os[0]), 0);
-	CHECK(krb5_ret_uint32(in, &type3->os[1]), 0);
-    }
-    CHECK(ret_buf(in, &lm, &type3->lm), 0);
-    CHECK(ret_buf(in, &ntlm, &type3->ntlm), 0);
-    CHECK(ret_string(in, ucs2, &target, &type3->targetname), 0);
-    CHECK(ret_string(in, ucs2, &username, &type3->username), 0);
-    CHECK(ret_string(in, ucs2, &ws, &type3->ws), 0);
-    if (sessionkey.offset)
-	CHECK(ret_buf(in, &sessionkey, &type3->sessionkey), 0);
-
-out:
-    krb5_storage_free(in);
-    if (ret)
-	heim_ntlm_free_type3(type3);
-
-    return ret;
-}
-
-/**
- * Encodes an ntlm_type3 message.
- *
- * @param type3 the ntlm_type3 message to encode.
- * @param data is the return buffer with the encoded message, should be
- * freed with heim_ntlm_free_buf().
- *
- * @return In case of success 0 is return, an errors, a errno in what
- * went wrong.
- *
- * @ingroup ntlm_core
- */
-
-int
-heim_ntlm_encode_type3(const struct ntlm_type3 *type3, struct ntlm_buf *data)
-{
-    struct sec_buffer lm, ntlm, target, username, sessionkey, ws;
-    krb5_error_code ret;
-    krb5_storage *out = NULL;
-    uint32_t base;
-    int ucs2 = 0;
-
-    memset(&lm, 0, sizeof(lm));
-    memset(&ntlm, 0, sizeof(ntlm));
-    memset(&target, 0, sizeof(target));
-    memset(&username, 0, sizeof(username));
-    memset(&ws, 0, sizeof(ws));
-    memset(&sessionkey, 0, sizeof(sessionkey));
-
-    base = 52;
-    if (type3->sessionkey.length) {
-	base += 8; /* sessionkey sec buf */
-	base += 4; /* flags */
-    }
-    if (type3->os[0]) {
-	base += 8;
-    }
-
-    if (type3->flags & NTLM_NEG_UNICODE)
-	ucs2 = 1;
-
-    lm.offset = base;
-    lm.length = type3->lm.length;
-    lm.allocated = type3->lm.length;
-
-    ntlm.offset = lm.offset + lm.allocated;
-    ntlm.length = type3->ntlm.length;
-    ntlm.allocated = ntlm.length;
-
-    target.offset = ntlm.offset + ntlm.allocated;
-    target.length = len_string(ucs2, type3->targetname);
-    target.allocated = target.length;
-
-    username.offset = target.offset + target.allocated;
-    username.length = len_string(ucs2, type3->username);
-    username.allocated = username.length;
-
-    ws.offset = username.offset + username.allocated;
-    ws.length = len_string(ucs2, type3->ws);
-    ws.allocated = ws.length;
-
-    sessionkey.offset = ws.offset + ws.allocated;
-    sessionkey.length = type3->sessionkey.length;
-    sessionkey.allocated = type3->sessionkey.length;
-
-    out = krb5_storage_emem();
-    if (out == NULL)
-	return ENOMEM;
-
-    krb5_storage_set_byteorder(out, KRB5_STORAGE_BYTEORDER_LE);
-    CHECK(krb5_storage_write(out, ntlmsigature, sizeof(ntlmsigature)), 
-	  sizeof(ntlmsigature));
-    CHECK(krb5_store_uint32(out, 3), 0);
-
-    CHECK(store_sec_buffer(out, &lm), 0);
-    CHECK(store_sec_buffer(out, &ntlm), 0);
-    CHECK(store_sec_buffer(out, &target), 0);
-    CHECK(store_sec_buffer(out, &username), 0);
-    CHECK(store_sec_buffer(out, &ws), 0);
-    /* optional */
-    if (type3->sessionkey.length) {
-	CHECK(store_sec_buffer(out, &sessionkey), 0);
-	CHECK(krb5_store_uint32(out, type3->flags), 0);
-    }
-#if 0
-    CHECK(krb5_store_uint32(out, 0), 0); /* os0 */
-    CHECK(krb5_store_uint32(out, 0), 0); /* os1 */
-#endif
-
-    CHECK(put_buf(out, &type3->lm), 0);
-    CHECK(put_buf(out, &type3->ntlm), 0);
-    CHECK(put_string(out, ucs2, type3->targetname), 0);
-    CHECK(put_string(out, ucs2, type3->username), 0);
-    CHECK(put_string(out, ucs2, type3->ws), 0);
-    CHECK(put_buf(out, &type3->sessionkey), 0);
-    
-    {
-	krb5_data d;
-	ret = krb5_storage_to_data(out, &d);
-	data->data = d.data;
-	data->length = d.length;
-    }
-
-out:
-    krb5_storage_free(out);
-
-    return ret;
-}
-
-
-/*
- *
- */
-
-static void
-splitandenc(unsigned char *hash, 
-	    unsigned char *challange,
-	    unsigned char *answer)
-{
-    DES_cblock key;
-    DES_key_schedule sched;
-
-    ((unsigned char*)key)[0] =  hash[0];
-    ((unsigned char*)key)[1] = (hash[0] << 7) | (hash[1] >> 1);
-    ((unsigned char*)key)[2] = (hash[1] << 6) | (hash[2] >> 2);
-    ((unsigned char*)key)[3] = (hash[2] << 5) | (hash[3] >> 3);
-    ((unsigned char*)key)[4] = (hash[3] << 4) | (hash[4] >> 4);
-    ((unsigned char*)key)[5] = (hash[4] << 3) | (hash[5] >> 5);
-    ((unsigned char*)key)[6] = (hash[5] << 2) | (hash[6] >> 6);
-    ((unsigned char*)key)[7] = (hash[6] << 1);
-
-    DES_set_odd_parity(&key);
-    DES_set_key(&key, &sched);
-    DES_ecb_encrypt((DES_cblock *)challange, (DES_cblock *)answer, &sched, 1);
-    memset(&sched, 0, sizeof(sched));
-    memset(key, 0, sizeof(key));
-}
-
-/**
- * Calculate the NTLM key, the password is assumed to be in UTF8.
- *
- * @param password password to calcute the key for.
- * @param key calcuted key, should be freed with heim_ntlm_free_buf().
- *
- * @return In case of success 0 is return, an errors, a errno in what
- * went wrong.
- *
- * @ingroup ntlm_core
- */
-
-int
-heim_ntlm_nt_key(const char *password, struct ntlm_buf *key)
-{
-    struct ntlm_buf buf;
-    MD4_CTX ctx;
-    int ret;
-
-    key->data = malloc(MD5_DIGEST_LENGTH);
-    if (key->data == NULL)
-	return ENOMEM;
-    key->length = MD5_DIGEST_LENGTH;
-
-    ret = ascii2ucs2le(password, 0, &buf);
-    if (ret) {
-	heim_ntlm_free_buf(key);
-	return ret;
-    }
-    MD4_Init(&ctx);
-    MD4_Update(&ctx, buf.data, buf.length);
-    MD4_Final(key->data, &ctx);
-    heim_ntlm_free_buf(&buf);
-    return 0;
-}
-
-/**
- * Calculate NTLMv1 response hash
- *
- * @param key the ntlm v1 key
- * @param len length of key
- * @param challange sent by the server
- * @param answer calculated answer, should be freed with heim_ntlm_free_buf().
- *
- * @return In case of success 0 is return, an errors, a errno in what
- * went wrong.
- *
- * @ingroup ntlm_core
- */
-
-int
-heim_ntlm_calculate_ntlm1(void *key, size_t len,
-			  unsigned char challange[8],
-			  struct ntlm_buf *answer)
-{
-    unsigned char res[21];
-
-    if (len != MD4_DIGEST_LENGTH)
-	return EINVAL;
-
-    memcpy(res, key, len);
-    memset(&res[MD4_DIGEST_LENGTH], 0, sizeof(res) - MD4_DIGEST_LENGTH);
-
-    answer->data = malloc(24);
-    if (answer->data == NULL)
-	return ENOMEM;
-    answer->length = 24;
-
-    splitandenc(&res[0],  challange, ((unsigned char *)answer->data) + 0);
-    splitandenc(&res[7],  challange, ((unsigned char *)answer->data) + 8);
-    splitandenc(&res[14], challange, ((unsigned char *)answer->data) + 16);
-
-    return 0;
-}
-
-/**
- * Generates an NTLMv1 session random with assosited session master key.
- *
- * @param key the ntlm v1 key
- * @param len length of key
- * @param session generated session nonce, should be freed with heim_ntlm_free_buf().
- * @param master calculated session master key, should be freed with heim_ntlm_free_buf().
- *
- * @return In case of success 0 is return, an errors, a errno in what
- * went wrong.
- *
- * @ingroup ntlm_core
- */
-
-int
-heim_ntlm_build_ntlm1_master(void *key, size_t len,
-			     struct ntlm_buf *session,
-			     struct ntlm_buf *master)
-{
-    RC4_KEY rc4;
-
-    memset(master, 0, sizeof(*master));
-    memset(session, 0, sizeof(*session));
-
-    if (len != MD4_DIGEST_LENGTH)
-	return EINVAL;
-    
-    session->length = MD4_DIGEST_LENGTH;
-    session->data = malloc(session->length);
-    if (session->data == NULL) {
-	session->length = 0;
-	return EINVAL;
-    }    
-    master->length = MD4_DIGEST_LENGTH;
-    master->data = malloc(master->length);
-    if (master->data == NULL) {
-	heim_ntlm_free_buf(master);
-	heim_ntlm_free_buf(session);
-	return EINVAL;
-    }
-    
-    {
-	unsigned char sessionkey[MD4_DIGEST_LENGTH];
-	MD4_CTX ctx;
-    
-	MD4_Init(&ctx);
-	MD4_Update(&ctx, key, len);
-	MD4_Final(sessionkey, &ctx);
-	
-	RC4_set_key(&rc4, sizeof(sessionkey), sessionkey);
-    }
-    
-    if (RAND_bytes(session->data, session->length) != 1) {
-	heim_ntlm_free_buf(master);
-	heim_ntlm_free_buf(session);
-	return EINVAL;
-    }
-    
-    RC4(&rc4, master->length, session->data, master->data);
-    memset(&rc4, 0, sizeof(rc4));
-    
-    return 0;
-}
-
-/**
- * Generates an NTLMv2 session key.
- *
- * @param key the ntlm key
- * @param len length of key
- * @param username name of the user, as sent in the message, assumed to be in UTF8.
- * @param target the name of the target, assumed to be in UTF8.
- * @param ntlmv2 the ntlmv2 session key
- *
- * @ingroup ntlm_core
- */
-
-void
-heim_ntlm_ntlmv2_key(const void *key, size_t len,
-		     const char *username,
-		     const char *target,
-		     unsigned char ntlmv2[16])
-{
-    unsigned int hmaclen;
-    HMAC_CTX c;
-
-    HMAC_CTX_init(&c);
-    HMAC_Init_ex(&c, key, len, EVP_md5(), NULL);
-    {
-	struct ntlm_buf buf;
-	/* uppercase username and turn it inte ucs2-le */
-	ascii2ucs2le(username, 1, &buf);
-	HMAC_Update(&c, buf.data, buf.length);
-	free(buf.data);
-	/* uppercase target and turn into ucs2-le */
-	ascii2ucs2le(target, 1, &buf);
-	HMAC_Update(&c, buf.data, buf.length);
-	free(buf.data);
-    }
-    HMAC_Final(&c, ntlmv2, &hmaclen);
-    HMAC_CTX_cleanup(&c);
-
-}
-
-/*
- *
- */
-
-#define NTTIME_EPOCH 0x019DB1DED53E8000LL
-
-static uint64_t
-unix2nttime(time_t unix_time)
-{
-    long long wt;
-    wt = unix_time * (uint64_t)10000000 + (uint64_t)NTTIME_EPOCH;
-    return wt;
-}
-
-static time_t
-nt2unixtime(uint64_t t)
-{
-    t = ((t - (uint64_t)NTTIME_EPOCH) / (uint64_t)10000000);
-    if (t > (((time_t)(~(uint64_t)0)) >> 1))
-	return 0;
-    return (time_t)t;
-}
-
-
-/**
- * Calculate NTLMv2 response
- *
- * @param key the ntlm key
- * @param len length of key
- * @param username name of the user, as sent in the message, assumed to be in UTF8.
- * @param target the name of the target, assumed to be in UTF8.
- * @param serverchallange challange as sent by the server in the type2 message.
- * @param infotarget infotarget as sent by the server in the type2 message.
- * @param ntlmv2 calculated session key
- * @param answer ntlm response answer, should be freed with heim_ntlm_free_buf().
- *
- * @return In case of success 0 is return, an errors, a errno in what
- * went wrong.
- *
- * @ingroup ntlm_core
- */
-
-int
-heim_ntlm_calculate_ntlm2(const void *key, size_t len,
-			  const char *username,
-			  const char *target,
-			  const unsigned char serverchallange[8],
-			  const struct ntlm_buf *infotarget,
-			  unsigned char ntlmv2[16],
-			  struct ntlm_buf *answer)
-{
-    krb5_error_code ret;
-    krb5_data data;
-    unsigned int hmaclen;
-    unsigned char ntlmv2answer[16];
-    krb5_storage *sp;
-    unsigned char clientchallange[8];
-    HMAC_CTX c;
-    uint64_t t;
-    
-    t = unix2nttime(time(NULL));
-
-    if (RAND_bytes(clientchallange, sizeof(clientchallange)) != 1)
-	return EINVAL;
-    
-    /* calculate ntlmv2 key */
-
-    heim_ntlm_ntlmv2_key(key, len, username, target, ntlmv2);
-
-    /* calculate and build ntlmv2 answer */
-
-    sp = krb5_storage_emem();
-    if (sp == NULL)
-	return ENOMEM;
-    krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
-
-    CHECK(krb5_store_uint32(sp, 0x00000101), 0);
-    CHECK(krb5_store_uint32(sp, 0), 0);
-    /* timestamp le 64 bit ts */
-    CHECK(krb5_store_uint32(sp, t & 0xffffffff), 0);
-    CHECK(krb5_store_uint32(sp, t >> 32), 0);
-
-    CHECK(krb5_storage_write(sp, clientchallange, 8), 8);
-
-    CHECK(krb5_store_uint32(sp, 0), 0);  /* unknown but zero will work */
-    CHECK(krb5_storage_write(sp, infotarget->data, infotarget->length), 
-	  infotarget->length);
-    CHECK(krb5_store_uint32(sp, 0), 0); /* unknown but zero will work */
-    
-    CHECK(krb5_storage_to_data(sp, &data), 0);
-    krb5_storage_free(sp);
-    sp = NULL;
-
-    HMAC_CTX_init(&c);
-    HMAC_Init_ex(&c, ntlmv2, 16, EVP_md5(), NULL);
-    HMAC_Update(&c, serverchallange, 8);
-    HMAC_Update(&c, data.data, data.length);
-    HMAC_Final(&c, ntlmv2answer, &hmaclen);
-    HMAC_CTX_cleanup(&c);
-
-    sp = krb5_storage_emem();
-    if (sp == NULL) {
-	krb5_data_free(&data);
-	return ENOMEM;
-    }
-
-    CHECK(krb5_storage_write(sp, ntlmv2answer, 16), 16);
-    CHECK(krb5_storage_write(sp, data.data, data.length), data.length);
-    krb5_data_free(&data);
-    
-    CHECK(krb5_storage_to_data(sp, &data), 0);
-    krb5_storage_free(sp);
-    sp = NULL;
-
-    answer->data = data.data;
-    answer->length = data.length;
-
-    return 0;
-out:
-    if (sp)
-	krb5_storage_free(sp);
-    return ret;
-}
-
-static const int authtimediff = 3600 * 2; /* 2 hours */
-
-/**
- * Verify NTLMv2 response.
- *
- * @param key the ntlm key
- * @param len length of key
- * @param username name of the user, as sent in the message, assumed to be in UTF8.
- * @param target the name of the target, assumed to be in UTF8.
- * @param now the time now (0 if the library should pick it up itself)
- * @param serverchallange challange as sent by the server in the type2 message.
- * @param answer ntlm response answer, should be freed with heim_ntlm_free_buf().
- * @param infotarget infotarget as sent by the server in the type2 message.
- * @param ntlmv2 calculated session key
- *
- * @return In case of success 0 is return, an errors, a errno in what
- * went wrong.
- *
- * @ingroup ntlm_core
- */
-
-int
-heim_ntlm_verify_ntlm2(const void *key, size_t len,
-		       const char *username,
-		       const char *target,
-		       time_t now,
-		       const unsigned char serverchallange[8],
-		       const struct ntlm_buf *answer,
-		       struct ntlm_buf *infotarget,
-		       unsigned char ntlmv2[16])
-{
-    krb5_error_code ret;
-    unsigned int hmaclen;
-    unsigned char clientanswer[16];
-    unsigned char clientnonce[8];
-    unsigned char serveranswer[16];
-    krb5_storage *sp;
-    HMAC_CTX c;
-    uint64_t t;
-    time_t authtime;
-    uint32_t temp;
-
-    infotarget->length = 0;    
-    infotarget->data = NULL;    
-
-    if (answer->length < 16)
-	return EINVAL;
-
-    if (now == 0)
-	now = time(NULL);
-
-    /* calculate ntlmv2 key */
-
-    heim_ntlm_ntlmv2_key(key, len, username, target, ntlmv2);
-
-    /* calculate and build ntlmv2 answer */
-
-    sp = krb5_storage_from_readonly_mem(answer->data, answer->length);
-    if (sp == NULL)
-	return ENOMEM;
-    krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
-
-    CHECK(krb5_storage_read(sp, clientanswer, 16), 16);
-
-    CHECK(krb5_ret_uint32(sp, &temp), 0);
-    CHECK(temp, 0x00000101);
-    CHECK(krb5_ret_uint32(sp, &temp), 0);
-    CHECK(temp, 0);
-    /* timestamp le 64 bit ts */
-    CHECK(krb5_ret_uint32(sp, &temp), 0);
-    t = temp;
-    CHECK(krb5_ret_uint32(sp, &temp), 0);
-    t |= ((uint64_t)temp)<< 32;
-
-    authtime = nt2unixtime(t);
-
-    if (abs((int)(authtime - now)) > authtimediff) {
-	ret = EINVAL;
-	goto out;
-    }
-
-    /* client challange */
-    CHECK(krb5_storage_read(sp, clientnonce, 8), 8);
-
-    CHECK(krb5_ret_uint32(sp, &temp), 0); /* unknown */
-
-    /* should really unparse the infotarget, but lets pick up everything */
-    infotarget->length = answer->length - krb5_storage_seek(sp, 0, SEEK_CUR);
-    infotarget->data = malloc(infotarget->length);
-    if (infotarget->data == NULL) {
-	ret = ENOMEM;
-	goto out;
-    }
-    CHECK(krb5_storage_read(sp, infotarget->data, infotarget->length), 
-	  infotarget->length);
-    /* XXX remove the unknown ?? */
-    krb5_storage_free(sp);
-    sp = NULL;
-
-    HMAC_CTX_init(&c);
-    HMAC_Init_ex(&c, ntlmv2, 16, EVP_md5(), NULL);
-    HMAC_Update(&c, serverchallange, 8);
-    HMAC_Update(&c, ((unsigned char *)answer->data) + 16, answer->length - 16);
-    HMAC_Final(&c, serveranswer, &hmaclen);
-    HMAC_CTX_cleanup(&c);
-
-    if (memcmp(serveranswer, clientanswer, 16) != 0) {
-	heim_ntlm_free_buf(infotarget);
-	return EINVAL;
-    }
-
-    return 0;
-out:
-    heim_ntlm_free_buf(infotarget);
-    if (sp)
-	krb5_storage_free(sp);
-    return ret;
-}
-
-
-/*
- * Calculate the NTLM2 Session Response
- *
- * @param clnt_nonce client nonce
- * @param svr_chal server challage
- * @param ntlm2_hash ntlm hash
- * @param lm The LM response, should be freed with heim_ntlm_free_buf().
- * @param ntlm The NTLM response, should be freed with heim_ntlm_free_buf().
- *
- * @return In case of success 0 is return, an errors, a errno in what
- * went wrong.
- *
- * @ingroup ntlm_core
- */
-
-int
-heim_ntlm_calculate_ntlm2_sess(const unsigned char clnt_nonce[8],
-			       const unsigned char svr_chal[8],
-			       const unsigned char ntlm_hash[16],
-			       struct ntlm_buf *lm,
-			       struct ntlm_buf *ntlm)
-{
-    unsigned char ntlm2_sess_hash[MD5_DIGEST_LENGTH];
-    unsigned char res[21], *resp;
-    MD5_CTX md5;
-
-    lm->data = malloc(24);
-    if (lm->data == NULL)
-	return ENOMEM;
-    lm->length = 24;
-
-    ntlm->data = malloc(24);
-    if (ntlm->data == NULL) {
-	free(lm->data);
-	lm->data = NULL;
-	return ENOMEM;
-    }
-    ntlm->length = 24;
-
-    /* first setup the lm resp */
-    memset(lm->data, 0, 24);
-    memcpy(lm->data, clnt_nonce, 8);
-
-    MD5_Init(&md5);
-    MD5_Update(&md5, svr_chal, 8); /* session nonce part 1 */
-    MD5_Update(&md5, clnt_nonce, 8); /* session nonce part 2 */
-    MD5_Final(ntlm2_sess_hash, &md5); /* will only use first 8 bytes */
-
-    memset(res, 0, sizeof(res));
-    memcpy(res, ntlm_hash, 16);
-
-    resp = ntlm->data;
-    splitandenc(&res[0], ntlm2_sess_hash, resp + 0);
-    splitandenc(&res[7], ntlm2_sess_hash, resp + 8);
-    splitandenc(&res[14], ntlm2_sess_hash, resp + 16);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/ntlm/test_ntlm.c b/crypto/heimdal/lib/ntlm/test_ntlm.c
deleted file mode 100644
index 11eceb01cc6d..000000000000
--- a/crypto/heimdal/lib/ntlm/test_ntlm.c
+++ /dev/null
@@ -1,339 +0,0 @@
-/*
- * Copyright (c) 2006 - 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "config.h"
-
-#include <stdio.h>
-#include <err.h>
-#include <roken.h>
-#include <getarg.h>
-
-RCSID("$Id: test_ntlm.c 22377 2007-12-28 18:38:53Z lha $");
-
-#include <krb5.h>
-#include <heimntlm.h>
-
-static int
-test_parse(void)
-{
-    const char *user = "foo", 
-	*domain = "mydomain",
-	*password = "digestpassword",
-	*target = "DOMAIN";
-    struct ntlm_type1 type1;
-    struct ntlm_type2 type2;
-    struct ntlm_type3 type3;
-    struct ntlm_buf data;
-    krb5_error_code ret;
-    int flags;
-    
-    memset(&type1, 0, sizeof(type1));
-
-    type1.flags = NTLM_NEG_UNICODE|NTLM_NEG_TARGET|NTLM_NEG_NTLM;
-    type1.domain = rk_UNCONST(domain);
-    type1.hostname = NULL;
-    type1.os[0] = 0;
-    type1.os[1] = 0;
-
-    ret = heim_ntlm_encode_type1(&type1, &data);
-    if (ret)
-	errx(1, "heim_ntlm_encode_type1");
-
-    memset(&type1, 0, sizeof(type1));
-
-    ret = heim_ntlm_decode_type1(&data, &type1);
-    free(data.data);
-    if (ret)
-	errx(1, "heim_ntlm_encode_type1");
-
-    heim_ntlm_free_type1(&type1);
-
-    /*
-     *
-     */
-
-    memset(&type2, 0, sizeof(type2));
-
-    flags = NTLM_NEG_UNICODE | NTLM_NEG_NTLM | NTLM_TARGET_DOMAIN;
-    type2.flags = flags;
-
-    memset(type2.challange, 0x7f, sizeof(type2.challange));
-    type2.targetname = rk_UNCONST(target);
-    type2.targetinfo.data = NULL;
-    type2.targetinfo.length = 0;
-
-    ret = heim_ntlm_encode_type2(&type2, &data);
-    if (ret)
-	errx(1, "heim_ntlm_encode_type2");
-
-    memset(&type2, 0, sizeof(type2));
-
-    ret = heim_ntlm_decode_type2(&data, &type2);
-    free(data.data);
-    if (ret)
-	errx(1, "heim_ntlm_decode_type2");
-
-    heim_ntlm_free_type2(&type2);
-
-    /*
-     *
-     */
-
-    memset(&type3, 0, sizeof(type3));
-
-    type3.flags = flags;
-    type3.username = rk_UNCONST(user);
-    type3.targetname = rk_UNCONST(target);
-    type3.ws = rk_UNCONST("workstation");
-
-    {
-	struct ntlm_buf key;
-	heim_ntlm_nt_key(password, &key);
-
-	heim_ntlm_calculate_ntlm1(key.data, key.length,
-				  type2.challange,
-				  &type3.ntlm);
-	free(key.data);
-    }
-
-    ret = heim_ntlm_encode_type3(&type3, &data);
-    if (ret)
-	errx(1, "heim_ntlm_encode_type3");
-
-    free(type3.ntlm.data);
-
-    memset(&type3, 0, sizeof(type3));
-
-    ret = heim_ntlm_decode_type3(&data, 1, &type3);
-    free(data.data);
-    if (ret)
-	errx(1, "heim_ntlm_decode_type3");
-
-    if (strcmp("workstation", type3.ws) != 0)
-	errx(1, "type3 ws wrong");
-
-    if (strcmp(target, type3.targetname) != 0)
-	errx(1, "type3 targetname wrong");
-
-    if (strcmp(user, type3.username) != 0)
-	errx(1, "type3 username wrong");
-
-
-    heim_ntlm_free_type3(&type3);
-
-    /*
-     * NTLMv2
-     */
-
-    memset(&type2, 0, sizeof(type2));
-
-    flags = NTLM_NEG_UNICODE | NTLM_NEG_NTLM | NTLM_TARGET_DOMAIN;
-    type2.flags = flags;
-
-    memset(type2.challange, 0x7f, sizeof(type2.challange));
-    type2.targetname = rk_UNCONST(target);
-    type2.targetinfo.data = "\x00\x00";
-    type2.targetinfo.length = 2;
-
-    ret = heim_ntlm_encode_type2(&type2, &data);
-    if (ret)
-	errx(1, "heim_ntlm_encode_type2");
-
-    memset(&type2, 0, sizeof(type2));
-
-    ret = heim_ntlm_decode_type2(&data, &type2);
-    free(data.data);
-    if (ret)
-	errx(1, "heim_ntlm_decode_type2");
-
-    heim_ntlm_free_type2(&type2);
-
-    return 0;
-}
-
-static int
-test_keys(void)
-{
-    const char
-	*username = "test",
-	*password = "test1234",
-	*target = "TESTNT";
-    const unsigned char 
-	serverchallange[8] = "\x67\x7f\x1c\x55\x7a\x5e\xe9\x6c";
-    struct ntlm_buf infotarget, infotarget2, answer, key;
-    unsigned char ntlmv2[16], ntlmv2_1[16];
-    int ret;
-    
-    infotarget.length = 70;
-    infotarget.data =
-	"\x02\x00\x0c\x00\x54\x00\x45\x00\x53\x00\x54\x00\x4e\x00\x54\x00"
-	"\x01\x00\x0c\x00\x4d\x00\x45\x00\x4d\x00\x42\x00\x45\x00\x52\x00"
-	"\x03\x00\x1e\x00\x6d\x00\x65\x00\x6d\x00\x62\x00\x65\x00\x72\x00"
-	    "\x2e\x00\x74\x00\x65\x00\x73\x00\x74\x00\x2e\x00\x63\x00\x6f"
-	    "\x00\x6d\x00"
-	"\x00\x00\x00\x00";
-
-    answer.length = 0;
-    answer.data = NULL;
-
-    heim_ntlm_nt_key(password, &key);
-
-    ret = heim_ntlm_calculate_ntlm2(key.data,
-				    key.length,
-				    username,
-				    target,
-				    serverchallange,
-				    &infotarget,
-				    ntlmv2,
-				    &answer);
-    if (ret)
-	errx(1, "heim_ntlm_calculate_ntlm2");
-
-    ret = heim_ntlm_verify_ntlm2(key.data,
-				 key.length,
-				 username,
-				 target,
-				 0,
-				 serverchallange,
-				 &answer,
-				 &infotarget2,
-				 ntlmv2_1);
-    if (ret)
-	errx(1, "heim_ntlm_verify_ntlm2");
-
-    if (memcmp(ntlmv2, ntlmv2_1, sizeof(ntlmv2)) != 0)
-	errx(1, "ntlm master key not same");
-
-    if (infotarget.length > infotarget2.length)
-	errx(1, "infotarget length");
-
-    if (memcmp(infotarget.data, infotarget2.data, infotarget.length) != 0)
-	errx(1, "infotarget not the same");
-
-    free(key.data);
-    free(answer.data);
-    free(infotarget2.data);
-
-    return 0;
-}
-
-static int
-test_ntlm2_session_resp(void)
-{
-    int ret;
-    struct ntlm_buf lm, ntlm;
-
-    const unsigned char lm_resp[24] = 
-	"\xff\xff\xff\x00\x11\x22\x33\x44"
-	"\x00\x00\x00\x00\x00\x00\x00\x00"
-	"\x00\x00\x00\x00\x00\x00\x00\x00";
-    const unsigned char ntlm2_sess_resp[24] = 
-	"\x10\xd5\x50\x83\x2d\x12\xb2\xcc"
-	"\xb7\x9d\x5a\xd1\xf4\xee\xd3\xdf"
-	"\x82\xac\xa4\xc3\x68\x1d\xd4\x55";
-    
-    const unsigned char client_nonce[8] =
-	"\xff\xff\xff\x00\x11\x22\x33\x44";
-    const unsigned char server_challange[8] =
-	"\x01\x23\x45\x67\x89\xab\xcd\xef";
-
-    const unsigned char ntlm_hash[16] =
-	"\xcd\x06\xca\x7c\x7e\x10\xc9\x9b"
-	"\x1d\x33\xb7\x48\x5a\x2e\xd8\x08";
-
-    ret = heim_ntlm_calculate_ntlm2_sess(client_nonce,
-					 server_challange,
-					 ntlm_hash,
-					 &lm,
-					 &ntlm);
-    if (ret)
-	errx(1, "heim_ntlm_calculate_ntlm2_sess_resp");
-
-    if (lm.length != 24 || memcmp(lm.data, lm_resp, 24) != 0)
-	errx(1, "lm_resp wrong");
-    if (ntlm.length != 24 || memcmp(ntlm.data, ntlm2_sess_resp, 24) != 0)
-	errx(1, "ntlm2_sess_resp wrong");
-    
-    free(lm.data);
-    free(ntlm.data);
-
-
-    return 0;
-}
-
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    {"version",	0,	arg_flag,	&version_flag, "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,  NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args, sizeof(args)/sizeof(*args),
-		    NULL, "");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    int ret = 0, optind = 0;
-
-    setprogname(argv[0]);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optind;
-    argv += optind;
-
-    printf("test_parse\n");
-    ret += test_parse();
-    printf("test_keys\n");
-    ret += test_keys();
-    printf("test_ntlm2_session_resp\n");
-    ret += test_ntlm2_session_resp();
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/ntlm/version-script.map b/crypto/heimdal/lib/ntlm/version-script.map
deleted file mode 100644
index 654a630cec15..000000000000
--- a/crypto/heimdal/lib/ntlm/version-script.map
+++ /dev/null
@@ -1,27 +0,0 @@
-# $Id: version-script.map 22041 2007-11-11 07:43:27Z lha $
-
-HEIMDAL_NTLM_1.0 {
-	global:
-		heim_ntlm_build_ntlm1_master;
-		heim_ntlm_calculate_ntlm1;
-		heim_ntlm_calculate_ntlm2;
-		heim_ntlm_calculate_ntlm2_sess;
-		heim_ntlm_decode_targetinfo;
-		heim_ntlm_decode_type1;
-		heim_ntlm_decode_type2;
-		heim_ntlm_decode_type3;
-		heim_ntlm_encode_targetinfo;
-		heim_ntlm_encode_type1;
-		heim_ntlm_encode_type2;
-		heim_ntlm_encode_type3;
-		heim_ntlm_free_buf;
-		heim_ntlm_free_targetinfo;
-		heim_ntlm_free_type1;
-		heim_ntlm_free_type2;
-		heim_ntlm_free_type3;
-		heim_ntlm_nt_key;
-		heim_ntlm_ntlmv2_key;
-		heim_ntlm_verify_ntlm2;
-	local:
-		*;
-};
diff --git a/crypto/heimdal/lib/roken/ChangeLog b/crypto/heimdal/lib/roken/ChangeLog
deleted file mode 100644
index 6a9abe72078e..000000000000
--- a/crypto/heimdal/lib/roken/ChangeLog
+++ /dev/null
@@ -1,2196 +0,0 @@
-2008-01-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: add missing files.
-
-2007-08-09  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* strftime.c: rewrite str[pf]time for testing.
-
-	* strptime.c: rewrite str[pf]time for testing.
-
-	* Makefile.am: add TEST_STRPFTIME
-	
-2007-07-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ndbm_wrap.c (dbm_get): set dsize to 0 on failure.
-
-	* Makefile.am: add ndbm_wrap.[ch] to EXTRA_DIST
-
-	* ndbm_wrap.c (dbm_fetch): set dsize to 0 on failure.
-
-2007-07-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* socket_wrapper.c: Implement swrap_dup too.
-
-	* socket_wrapper.c: Add dup(dummy stub) and dup2(real).
-
-	* socket_wrapper.h: Add dup(dummy stub) and dup2(real).
-
-2007-07-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: New library version.
-
-2007-06-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* roken_gethostby.c: set proxy_port to 0 to pacify BEAM.
-
-2007-06-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* use "roken.h" consitantly
-
-2007-06-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test-readenv.c: Free environment.
-
-	* environment.c (free_environment): free result of
-	read_environment().
-
-	* roken-common.h (free_environment): free result of
-	read_environment().
-	
-2007-05-10  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* fnmatch.c: Do recursive call to rk_fnmatch
-	
-2007-01-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* resolve.c: Try harder to call res_ndestroy().
-	
-2006-12-27  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: make sure built headers are copied to the
-	${build_topdir}/include
-	
-2006-12-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* unvis.c: Use internal version of rk_unvis
-
-	* unvis.c: Always include rk_versions.
-
-	* vis.c: Always include rk_versions.
-
-	* vis.hin: Fix argument for unvis and strsvisx.
-	
-	* unvis.c: prefix unvis functions with rk_, and prototypes.
-	
-2006-12-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* vis.c: Provide some prototypes for the rk_vis functions.
-	
-2006-12-11  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* ifaddrs.hin: Prefix getifaddrs functions with rk_ and do symbol
-	renaming.
-
-	* fnmatch.c: Prefix fnmatch functions with rk_ and do symbol
-	renaming.
-
-	* vis.hin: Prefix strvis functions with rk_ and do symbol
-	renaming.
-
-	* vis.c: prefix strvis functions with rk_
-
-	* Makefile.am: Install extra posix headers in <roken/...> to avoid
-	dup headers.
-	
-2006-11-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* socket_wrapper.c (swrap_sendto): fail on to unknown si->type
-	
-2006-11-06  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* socket_wrapper.c: A few fixes to have Heimdal pass the make
-	check under socket_wrapper. The first is a missing 'break' before
-	the (heimdal specific) IPv6 support. The second works around the
-	fact that sendto() *may* object to a destination being specified.
-	It appears to be that on Linux, this objects (with EISCONN) for
-	unix stream sockets, but not for TCP sockets. The alternate fix
-	would be to have the KDC use 'send()' in this case. Andrew Bartlett.
-
-2006-10-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: split dist and nondist HEADERS
-	
-2006-10-19  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* roken.h.in: Add timegm glue.
-
-	* timegm.c: add timegm()
-	
-	* socket_wrapper.c: Include <roken.h>, gives os socklen_t on IRIX
-	6.4.
-	
-	* socket_wrapper.c: Maybe include <sys/time.h> and/or maybe
-	include <time.h>.
-	
-2006-10-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* roken.h.in: Revert prevois for now, the problem is that we have
-	to include symbols unconditionally, even for those that just needs
-	protos.
-
-	* roken.h.in: Provide symbol renaming, let see what breaks.
-
-	* socket_wrapper.c: Maybe include <sys/filio.h>.
-	
-2006-10-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* socket_wrapper.c: more consitity check, remove dead code, add
-	socket length code, add missing break, make diffrent chars of type
-	type files for case-insensitiv filesystems
-
-	* socket_wrapper.c: try even hard to not use socket wrapper for
-	socket_wrapper itself.
-
-	* socket_wrapper.c: Force no socket wrapper for socket_wrapper
-	itself.
-	
-2006-10-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* socket_wrapper.c: Maybe include <config.h>.
-
-	* socket_wrapper.c: Protect AF_INET6 with #ifdef HAVE_IPV6.
-
-	* socket_wrapper.c: Use a symbol for the v6 address.
-
-	* socket_wrapper.c: Add IPv6 suppport.
-	
-	* socket_wrapper.[ch]: Include socket wrapper from samba4 (rev
-	19179).
-	
-2006-10-07 Love H�rnquist �strand <lha@it.su.se>
-
-	* Makefile.am: Add build_HEADERZ to EXTRA_DIST
-
-	* Makefile.am: Add man_MANS to EXTRA_DIST
-
-	* Makefile.am: Add to all objects BUILD_ROKEN_LIB.
-	
-2006-09-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* roken.h.in: Add samba socket wrapper fragment.
-
-	* Makefile.am: Add samba socket wrapper fragment.
-	
-2006-09-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* snprintf.c: reapply patch that went away in last commit
-	
-	* snprintf-test.c: unbreak from previous commit
-
-	* snprintf.c: Add size_t formater (z modifer).
-
-	* snprintf-test.c: add tests for size_t printf formater
-	
-2006-06-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* rtbl.h: Add extern "C" for C++.
-
-	* rtbl.c: Add rtbl_add_column_entryv functions, printf like
-
-	* rtbl.h: Add rtbl_add_column_entryv functions, printf like
-	
-2006-06-22  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* glob.hin: Add extern "C" for C++. From joerg at britannica dot
-	bec dot de
-
-	* fnmatch.hin: Add extern "C" for C++. From joerg at britannica
-	dot bec dot de
-	
-2006-04-20  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* fnmatch.hin (fnmatch): CPP rename to rk_fnmatch
-	
-2006-04-14  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* resolve.c (dns_srv_order): change a if (ptr == NULL) continue
-	into a assert(ptr != NULL) since it could never happen, found by
-	the IBM code checker (beam).  Thanks to Florian Krohm for
-	explaining it.
-	
-2006-04-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* roken_gethostby.c (roken_gethostby): make addr_list one larger
-	to avoid a off-by-one error. Found by IBM checker.
-
-	* resolve.c: Plug memory leak found by IBM checker (and try to
-	please it).
-	
-2006-02-06  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* resolve.c: Spelling, from Alexey Dobriyan, via Jason McIntyre
-	
-2006-01-13  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* getcap.c: Don't use db support unless its build into libc but we
-	dont check for that now, so just disable the code. This removes
-	the dependency on libdb for roken, and that is a good thing since
-	it causes problem with nss plugins that uses DB3 that also
-	provides the same symbol, but with a diffrent ABI. so when the
-	application calls getpwnamn() and it linked to roken, it craches
-	in the nss functions.
-	
-2006-01-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* hex.c (hex_decode): support decoding odd number of characters,
-	in the odd len case, the first character ends up in the first byte
-	in the lower nibble.
-
-	* hex-test.c: Check that we can decode single character hex chars.
-
-2005-12-12  Love H�rnquist �strand <lha@it.su.se>
-
-	* getifaddrs.c: Try handle HP/UX 11.nn, its diffrent from Solaris
-	large SIOCGIFCONF.
-	
-2005-09-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* roken-common.h: Move rk_UNCONST to roken.h.in since it might use
-	uintptr_t depending on avaibility.
-
-	* roken.h.in: Include <stdint.h> if it exists.  If avaiable, use
-	uintptr_t to define rk_UNCONST.
-	
-2005-09-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* roken-common.h: Add rk_dumpdata.
-	
-	* dumpdata.c: Add rk_dumpdata() that write a chunk of data into a
-	file for later processing by some other tool (like asn1_print).
-	
-2005-09-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* strptime.c: cast to unsigned char to make sure its not negative
-	when passing it to is* functions
-	
-2005-09-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* socket.c: Add socket_set_ipv6only.
-
-	* roken-common.h: Add socket_set_ipv6only, remove some argument
-	names.
-	
-2005-08-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* strpool.c (rk_strpoolprintf): remove debug printf, plug memory
-	leak
-	
-2005-08-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* setprogname.c (setprogname): const poision
-	
-	* print_version.c: Removed, moved to libvers.
-
-2005-08-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* resolve.c (dns_lookup_int): if we have res_ndestroy, prefeer
-	that before res_nclose
-
-2005-08-12 Love H�rnquist �strand  <lha@it.su.se>
-
-	* getaddrinfo-test.c: Rename optind to optidx to avoid shadowing.
-
-2005-08-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gai_strerror.c: sprinkel more const
-	
-	* gai_strerror.c, roken.h.in: Make return value of gai_strerror
-	const to match SUSv3.  Prompted by Stefan Metzmacher change to
-	Samba.
-
-2005-07-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* roken.h.in: Remove parameter names to avoid shadow warnings.
-
-2005-07-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* getifaddrs.c (nl_getlist): poll to get messages from kernel, and
-	retry if the message was lost
-	(free_nlmsglist): free all linked elements, not just the first one
-
-2005-07-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* snprintf-test.c: Check a very simple format string
-	
-2005-07-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* roken.h.in: If we have <strings.h> include it, its needed for
-	strcasecmp() on those platforms that are SUS3/iso c99 strict (like
-	AIX)
-
-	* roken-common.h: remove duplicate ;
-	
-2005-07-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* roken-common.h: rk_strpoolprintf first variable identifier is 3
-
-2005-06-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* base64.h: remove variable names
-	
-2005-06-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* roken-common.h: fix format attribute
-
-	* Makefile.am (libroken_la_SOURCES): += strpool.c
-	
-	* roken-common.h: add strpool, a printf collector to make it
-	eaiser to collect strings into one string
-	
-	* strpool.c: add strpool, a printf collector to make it eaiser to
-	collect strings into one string
-
-2005-06-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* base64.c: Add const, from Andrew Abartlet <abartlet@samba.org>
-
-2005-06-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* strpftime-test.c: test for "%Y%m"
-
-	* esetenv.c: unconst
-
-	* strptime.c: Write a new parse_number function that is possible
-	to limit that amount of numbers used, with this strptime can
-	handle strptime("200505", "%Y%m", &tm);
-
-2005-06-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* getaddrinfo.c: avoid shadowing sin
-	
-	* resolve-test.c: rename optind to optidx to avoid shadowing
-	
-	* strptime.c: UNCONST return value from strptime
-	
-	* strftime.c: rk_UNCONST argument mktime
-	
-	* getnameinfo.c: avoid shadowing sin
-	
-	* socket.c: avoid shadowing sin
-
-	* resolve.c (parse_record): fix casting to avoid losing const
-	
-	* roken.awk: since we got no feedback regarding people running
-	heimdal on the crays, remove the quoted # version
-	
-	* environment.c: rename index to idx to avoid shadowing
-
-2005-05-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* parse_reply-test.c: avoid signedness warnings
-
-	* test-mem.c: avoid signedness warnings
-
-2005-05-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* hex.c: include "roken.h" to avoid undefined size_t/ssize_t
-
-2005-05-24  Dave Love  <fx@gnu.org>
-
-	* Makefile.am (snprintf_test_SOURCES): Add snprintf-test.h.
-
-2005-05-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* environment.c (rk_read_env_file): move assignment to later to
-	make pre c99 compiler happy
-
-2005-05-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* strptime.c: use english spelling of March
-
-2005-05-17  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: only link with dblib if we need it
-	
-	* Makefile.am: add test_readenv
-	
-	* test-readenv.c: test for read_environment()
-	
-	* environment.c: eliminate duplicates
-	
-2005-05-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* issuid.c (issuid): change the #ifdef order to avoid unreachable
-	code warning.
-
-2005-05-10  Dave Love  <fx@gnu.org>
-
-	* roken.h.in: Get daemon declared on Solaris (it's in unistd.h but
-	masked by a feature test), just to avoid a warning, since it has
-	int args. Include err.h unconditionally, since it's always
-	supplied.
-
-2005-05-04  Dave Love  <fx@gnu.org>
-
-	* snprintf-test.c: Include snprintf-test.h earlier.
-
-2005-05-03  Dave Love  <fx@gnu.org>
-
-	* snprintf.c: Include snprintf-test.h earlier.
-	
-	* test-mem.c: Add member fd to map.
-	(rk_test_mem_alloc, rk_test_mem_free): Use it.
-
-2005-04-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* getifaddrs.c: add break on default: statements, from Douglas
-	E. Engert
-
-	* snprintf.c (vsnprintf): don't write the NUL into the string if
-	the length was 0
-
-	* snprintf-test.c: add check that snprintf doesn't write the NUL
-	into the last byte when its a zero length input string
-
-	* parse_time-test.c: Include <err.h>.
-	
-2005-04-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* parse_time-test.c: improve testing
-	
-	* roken-common.h: add rk_realloc
-
-	* Makefile.am: add realloc
-
-	* realloc.c: add rk_realloc, unbroken version of realloc
-
-2005-04-26  Dave Love  <fx@gnu.org>
-
-	* getusershell.c: Include roken.h
-
-2005-04-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* unvis.c: cast to unsigned char to make sure its not negative
-	when passing it to is* functions
-
-	* strptime.c: cast to unsigned char to make sure its not negative
-	when passing it to to* functions
-
-2005-04-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* simple_exec.c: don't close stderr, close all fd that is num 3
-	and larger
-
-	* simple_exec.c (pipe_execv): use closefrom
-
-	* add closefrom
-
-2005-04-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* add ROKEN_LIB_FUNCTION to all exported functions
-
-2005-04-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* resolve-test.c: print DS
-
-2005-04-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* parse_time-test.c: remove unused variable
-	
-2005-04-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* strpftime-test.c: print size_t by casting to unsigned long
-	
-	* base64-test.c: print size_t by casting to unsigned long
-	
-	* hex-test.c: print size_t by casting to unsigned long
-	
-	* resolve-test.c: print size_t by casting to unsigned long
-	
-2005-04-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* snprintf-test.c (try): reset va_list argument between reuse,
-	from Peter Kruty <xkruty@fi.muni.cz>
-
-2005-03-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* roken_gethostby.c (roken_gethostby): s/sin/addr/ to avoid
-	shadowing
-
-	* resolve.c (dns_lookup_int): s/stat/state/ to avoid shadowing
-
-	* parse_units.c: avoid shadowing div
-
-2005-03-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* snprintf.c: use defined(TEST_SNPRINTF) like on all other places
-	in the same file
-
-2005-03-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* hex.c: check for overflows
-
-2005-03-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* vis.c: use RCSID instead of __RCSID
-
-2005-03-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: check_PROGRAMS += hex-test
-	
-	* hex-test.c: hex encoding/decoding test
-	
-	* hex.c: fix decodeing, it processed to much data and thus
-	returned the wrong length
-
-2005-03-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: add hex.[ch]
-
-	* hex.c: add hex encoder/decoder
-
-2005-03-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* daemon.c fnmatch.c fnmatch.hin getcap.c getopt.c getusershell.c
-	glob.c glob.hin iruserok.c unvis.c vis.hin:
-	
-	In 1997, the University of California, Berkeley issued a statement
-	retroactively relicensing all code held under their copyright from
-	a 4-clause 'traditional' BSD license to a new 3-clause 'revised'
-	BSD license, which removed the advertising clause.
-
-	From NetBSD, via Joel Baker, and Alistair G. Crooks
-	
-	* getaddrinfo-test.c: remove stray ( in output
-	
-	* vis.c: Update new revision from NetBSD (copyright update)
-
-2005-02-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: bump version to 17:0:1
-
-2005-01-19  Dave Love  <d.love@dl.ac.uk>
-
-	* getusershell.c: Include ctype.h, cast argument to isspace to
-	unsigned char.
-
-2004-10-31  Love H�rnquist �strand  <lha@it.su.se>
-
-	* parse_time.3, parse_units.c: Change the behavior of the
-	parse_unit code to return the number of bytes needed to print the
-	whole string (minus the trailing '\0'), just like snprintf.  Idea
-	from bugreport from Gabriel Kihlman <gk@stacken.kth.se>.
-
-	* parse_time-test.c Makefile.am test-mem.c test-mem.h: test parse_time
-
-2004-10-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* resolve.c: put dns_type_to_string and dns_string_to_type in the
-	abi
-
-	* resolve.c: add ds_record
-	
-	* resolve.h: add ds_record
-	
-2004-10-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ndbm_wrap.c: undefine open so this works on solaris with large
-	file support From netbsd's pkgsrc via Gavan Fantom
-	
-2004-09-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* resolve-test.c: add --version/--help
-	
-2004-09-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: make resolve-test a noinst program
-	
-2004-09-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* resolve-test.c: test program for libroken resolve from resolve.c
-	
-	* Makefile.am: add resolve-test
-	
-	* resolve.h: add constant for max DNS protocol packet size
-	
-	* resolve.c (dns_lookup_int): grow the answer buffer to the size
-	the server send to us if the answer buffer was too small (limited
-	to the dns protocol max packet size)
-	
-2004-08-26  Johan Danielsson  <joda@pdc.kth.se>
-
-	* err.hin: no need to declare __progname here
-
-	* Makefile.am: always clean generated headers
-
-2004-06-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* rtbl.3: use .In for header, remove trailing space
-	
-2004-06-23  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rtbl.h: add protos and macros
-	
-	* rtbl.c: implement a bunch of stuff:
-	  - column separator (instead of global column prefix)
-	  - per column suffix
-	  - indexing columns by id-number instead of column header
-	  - optional header supression (via settable flags)
-	  - ability to end a row
-	  - don't extend last column to full width
-	
-2004-06-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* resolve.[ch]: add and use and bind9 version of rr type
-	(rk_ns_t_XXX) instead of the old bind4 version (T_XXX)
-
-2004-05-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* resolve.c (stot): add AAAA
-	
-2004-02-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* getarg.c (add_string): catch error from realloc
-	
-2004-02-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* roken-common.h: add simple_execve_timed
-	
-	* roken-common.h: add timed simple_exec
-	
-	* simple_exec.c: add timed simple_exec
-	
-2004-01-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gai_strerror.c: correct ifdef for EAI_ADDRFAMILY
-
-2003-12-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* resolve.c: parse dns header, add support for SSHFP
-	
-	* resolve.h: add cpp rewrite for sshfp_record
-	
-	* resolve.h: add SSHFP, clean up the the dns_header
-	
-2003-12-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* resolve.h: remove HEADER (only used for crays)
-	
-	* resolve.c: number-of fields no longer stored in network order
-	
-2003-12-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* resolve.c: remove depency on c99 types in resolv.h
-	
-	* resolve.h: remove depency on c99 types
-	
-2003-12-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* resolv.h: add more T_ types and inline the dns headers, all this
-	for bind9 resolvers
-
-2003-12-02  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* gai_strerror.c: EAI_ADDRFAMILY and EAI_NODATA is deprecated
-	
-	* roken-common.h: use EAI_NONAME instead of EAI_ADDRFAMILY to
-	check for if we need EAI_ macros
-
-2003-10-04   Love H�rnquist �strand  <lha@it.su.se>
-
-	* strptime.c: let t and n match zero or more whitespaces
-	
-2003-08-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ndbm_wrap.c: patch for working with DB4 on heimdal-discuss
-	From: Luke Howard <lukeh@PADL.COM>
-	
-2003-08-27  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: don't include discovered files in EXTRA_SOURCES;
-	don't depend on all header files, just the built ones
-
-2003-08-15  Johan Danielsson  <joda@pdc.kth.se>
-
-	* emalloc.3: manpage
-	
-2003-07-11  Love  <lha@stacken.kth.se>
-
-	* resolve.c: AIX have broken res_nsearch() in 5.1 (5.0 also ?)  so
-	just don't use res_nsearch on AIX
-
-2003-06-29  Johan Danielsson  <joda@pdc.kth.se>
-
-	* snprintf.c: * don't ever print sign for unsigned conversions *
-	don't break when right justifying a number past the end of the
-	buffer * handle zero precision and the value zero more correctly
-
-2003-06-14  Love  <lha@stacken.kth.se>
-
-	* glob.hin: prefix glob symbols with rk_
-	
-2003-04-22  Love  <lha@stacken.kth.se>
-
-	* resolve.c: copy NUL too, from janj@wenf.org via openbsd
-	
-2003-04-16  Love  <lha@stacken.kth.se>
-
-	* parse_units.h: remove typedef for units to avoid problems with
-	shadowing
-
-	* resolve.c: use strlcpy, from openbsd
-	
-	* getcap.c: use strlcpy, from openbsd
-	
-	* getarg.3: Change .Fd #include <header.h> to .In header.h
-	from Thomas Klausner <wiz@netbsd.org>
-
-2003-04-15  Love  <lha@stacken.kth.se>
-
-	* socket.c (socket_set_tos): if setsockopt failed with EINVAL
-	failed, just ignore it, sock was probably a just a non AF_INET
-	socket
-
-2003-04-14  Love  <lha@stacken.kth.se>
-
-	* strncasecmp.c: cast argument to toupper to unsigned char, from
-	Christian Biere <christianbiere@gmx.de> via NetBSD
-	
-	* strlwr.c: cast argument to tolower to unsigned char, from
-	Christian Biere <christianbiere@gmx.de> via NetBSD
-	
-	* strcasecmp.c: cast argument to toupper to unsigned char, from
-	Christian Biere <christianbiere@gmx.de> via NetBSD
-	
-2003-03-19  Love  <lha@stacken.kth.se>
-
-	* getarg.3: spelling, from <jmc@prioris.mini.pw.edu.pl>
-	
-2003-03-07  Love  <lha@stacken.kth.se>
-
-	* parse_bytes.c: use struct units instead of units
-	
-	* parse_time.c: use struct units instead of units
-	
-2003-03-04  Love  <lha@stacken.kth.se>
-
-	* roken.awk: use full prototype for main
-	
-2002-10-15  Johan Danielsson  <joda@pdc.kth.se>
-
-	* resolve.c: check length of txt records
-
-2002-09-10  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken.awk: include config.h before stdio.h (breaks with
-	_FILE_OFFSET_BITS on solaris otherwise)
-
-2002-09-09  Johan Danielsson  <joda@pdc.kth.se>
-
-	* resolve.c: fix res_nsearch call, but don't use it for now, AIX5
-	has a broken version that trashes memory
-
-	* roken-common.h: fix typo in previous
-
-	* roken-common.h: change IRIX == 4 to IRIX4
-
-2002-09-04  Assar Westerlund  <assar@kth.se>
-
-	* getifaddrs.c: remove some warnings from the linux-portion
-
-	* getnameinfo_verified.c (getnameinfo_verified): handle the case
-	of forward but no backward DNS information, and also describe the
-	desired behaviour.  from Love <lha@stacken.kth.se>
-
-2002-09-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rtbl.c (rtbl_destroy): free whole table
-
-	* resolve.c: use res_nsearch if we have it (from Larry Greenfield)
-
-2002-09-03  Assar Westerlund  <assar@kth.se>
-
-	* getifaddrs.c: add Linux AF_NETLINK getifaddrs from Hideaki
-	YOSHIFUJI of the Usagi project
-	
-	* parse_reply-test.c: make this build and return 77 if there is no
-	mmap
-
-	* Makefile.am (parse_reply-test): add
-	* parse_reply-test.c: add a test case for parse_reply reading past
-	the given buffer
-	* resolve.c (parse_reply): update the arguments to more reasonable
-	types.  allow parse_reply-test to call it
-
-2002-08-28  Johan Danielsson  <joda@pdc.kth.se>
-
-	* resolve.c (dns_srv_order): do alignment tricks with the random()
-	state (from NetBSD)
-
-2002-08-27  Assar Westerlund  <assar@kth.se>
-
-	* resolve.c (parse_reply): verify the lengths (both external and
-	internal) are consistent and not too long
-	(dns_lookup_int): be conservative in the length sent in to to
-	parse_reply
-
-2002-08-26  Assar Westerlund  <assar@kth.se>
-
-	* roken.h.in: add prototypes for str, unvis functions
-	* resolve.h: add fallback definition for T_AAAA
-
-2002-08-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken.h.in: we may need a prototype for strndup
-
-2002-08-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken.h.in: typedef ssize_t here
-
-	* getarg.c: don't put Ns before comma
-
-	* resolve.c: _res might not be available
-
-	* localtime_r.c: include stdio.h and roken.h
-
-	* strftime.c: only use altzone if we have it
-
-	* roken-common.h: AI_NUMERICHOST needs special handling
-
-	* strlcat.c: add some consistency checks
-
-	* strlcpy.c: make the logic simpler, and handle dst_sz == 0
-
-2002-08-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* resolve.h: prefix these functions to avoid conflicts with other
-	packages
-
-2002-08-14  Johan Danielsson  <joda@pdc.kth.se>
-
-	* strsep_copy.c: don't write to buf if len == 0
-
-2002-05-31  Assar Westerlund  <assar@pdc.kth.se>
-
-	* Makefile.am: *_LDADD: add LDADD, so that libroken is used
-
-2002-05-17  Johan Danielsson  <joda@pdc.kth.se>
-
-	* xdbm.h: remove old dbm part
-
-2002-04-30  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ndbm_wrap.{c,h}: ndbm wrapper for newer db libraries
-
-2002-04-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken.h.in: move mini_inetd protos to after addrinfo definition
-
-	* snprintf.c (append_number): make rep const
-
-	* getarg.h: rename optind and optarg to avoid some gcc warnings
-
-	* getarg.c: rename optind and optarg to avoid some gcc warnings
-
-2002-02-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* mini_inetd.c: mini_inetd_addrinfo that takes an addrinfo instead
-	of a port number
-
-2001-11-30  Assar Westerlund  <assar@sics.se>
-
-	* getifaddrs.c: support SIOCGLIFCONF and SIOCGLIFFLAGS which are
-	used on Solaris 8 to retrieve addresses larger than `struct
-	sockaddr'.  From Magnus Ahltorp <ahltorp@nada.kth.se> (with some
-	modifications by me)
-
-2001-10-27  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libroken_la_LDFLAGS): set version to 15:0:6
-
-2001-10-22  Assar Westerlund  <assar@sics.se>
-
-	* localtime_r.c: add
-
-2001-10-02  Johan Danielsson  <joda@pdc.kth.se>
-
-	* resolve.c (dns_srv_order): don't try to return a value
-
-2001-09-24  Johan Danielsson  <joda@pdc.kth.se>
-
-	* snprintf.c: va_{start,end} fixes; from Thomas Klausner
-
-2001-09-20  Assar Westerlund  <assar@sics.se>
-
-	* resolve.c (dns_srv_order): make sure of not reading after the
-	array
-
-2001-09-17  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libroken_la_LDFLAGS): bump to 14:4:5
-	* snprintf.c: rename 'struct state' -> 'struct snprintf_test' to
-	avoid collision with resolv.h on aix
-
-2001-09-04  Assar Westerlund  <assar@sics.se>
-
-	* parse_bytes-test.c, parse_bytes.c, parse_bytes.h, parse_units.c,
-	parse_units.h: use int instead of size_t as return values to be
-	compatible with snprintf
-
-	* strftime.c (strftime): check for return values from snprintf() <
-	0
-
-2001-09-03  Johan Danielsson  <joda@pdc.kth.se>
-
-	* socket.c: restrict is a keyword
-
-2001-09-03  Assar Westerlund  <assar@sics.se>
-
-	* write_pid.c: handle atexit or on_exit
-
-	* Makefile.am (EXTRA_libroken_la_SOURCES): add vis.hin to help
-	solaris make
-
-2001-08-30  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: use LDADD directly
-
-2001-08-28  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libroken_la_LDFLAGS): set to 14:3:5
-
-	* issuid.c (issuid): call issetugid if it exists
-
-2001-08-24  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: make it play better with recent automake
-
-2001-08-21  Assar Westerlund  <assar@sics.se>
-
-	* glob.c: provide a fallback for ARG_MAX.  from <tol@stacken.kth.se>
-
-	* roken.h.in: remove all winsock.h
-	for now, it does more harm than good under cygwin and if it should be
-	used, the correct conditional needs to be found
-	from <tol@stacken.kth.se>
-
-2001-08-17  Johan Danielsson  <joda@pdc.kth.se>
-
-	* getaddrinfo.c: include a definition of in6addr_loopback if it
-	doesn't exist
-
-2001-08-10  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libroken_la_LDFLAGS): update to 14:2:5
-
-2001-08-08  Assar Westerlund  <assar@sics.se>
-
-	* hstrerror.c: move h_errno to its own file (h_errno.c)
-
-2001-08-04  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: add getarg.3
-
-2001-08-01  Assar Westerlund  <assar@sics.se>
-
-	* mini_inetd.c (mini_inetd): explicitly use PF_UNSPEC.  be more
-	resilient to bind/listen failing.
-
-2001-07-31  Assar Westerlund  <assar@sics.se>
-
-	* getifaddrs.c (getifaddrs2): remove unused variables
-
-2001-07-31  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libroken_la_LDFLAGS): update version to 14:1:5
-
-2001-07-23  Assar Westerlund  <assar@sics.se>
-
-	* getarg.c (arg_match_long): fix parsing of arg_counter optional
-	argument
-
-2001-07-19  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libroken_la_LDFLAGS): bump version to 14:0:5
-	
-2001-07-17  Assar Westerlund  <assar@sics.se>
-
-	* snprintf-test.h: add a file with renaming of the snprintf
-	functions, to be used for running the tests
-
-2001-07-11  Assar Westerlund  <assar@sics.se>
-
-	* snprintf-test.c: add more %X tests, and long and conditional
-	long long tests
-	* snprintf.c: add support for printing long long (if available)
-
-2001-07-10  Assar Westerlund  <assar@sics.se>
-
-	* getaddrinfo.c (add_hostent): adapt to const hostent_find_fqdn
-	* hostent_find_fqdn.c (hostent_find_fqdn): const-ize
-
-2001-07-09  Assar Westerlund  <assar@sics.se>
-
-	* roken-common.h (hostent_find_fqdn): add
-	* hostent_find_fqdn.c: separate out hostent_find_fqdn
-
-	* warnerr.c: move out getprogname, setprogname
-
-2001-07-03  Assar Westerlund  <assar@sics.se>
-
-	* warnerr.c (setprogname): add const cast
-	* vis.c (SVIS): add some (unsigned char) before calling isfoo*
-	* Makefile.am (libroken_la_LDFLAGS:) set version to 13:0:4
-
-	* Makefile.am: add snprintf_test
-	* snprintf.c: rewrite so that it does not stop as soon as there
-	are no more characters to print, we need to figure out how long
-	the string would have to be.  this also fixes snprintf(NULL, 0
-
-2001-06-21  Assar Westerlund  <assar@sics.se>
-
-	* simple_exec.c (pipe_execv): remove unused variable
-
-2001-06-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* getdtablesize.c: fix typo in obviously never used sysctl case
-
-	* simple_exec.c: rename check_status to wait_for_process, and
-	export it; function pipe_execv similar to popen, but with more
-	control over input and output
-
-	* roken-common.h: prototypes for wait_for_process and pipe_execv
-
-2001-06-17  Assar Westerlund  <assar@sics.se>
-
-	* roken-common.h: move emalloc et al to roken.h.in
-	* Makefile.am: make emalloc,ecalloc,erealloc,estrdup conditional
-	* emalloc.c, erealloc.c, estrup.c: use errx, since errno might not
-	be set reliably
-	* ecalloc.c: add for symmetry
-
-2001-06-09  Johan Danielsson  <joda@pdc.kth.se>
-
-	* resolve.c: dns_srv_order to order srv records
-
-2001-06-08  Johan Danielsson  <joda@pdc.kth.se>
-
-	* getarg.c: Grog tries to figure out if to use mdoc.old instead of
-	mdoc by looking at some macros that were only present in the old
-	version, and by looking at the number of .Oo's present. In
-	mdoc.old .Oo was a toggle, but in mdoc it's closed by .Oc, so if
-	the number of .Oo's is bigger than the number of .Oc's, it figures
-	it must be mdoc.old. This doesn't however account for called Oc's,
-	and thus grog thinks that valid pages are mdoc.old when they
-	infact are mdoc. So let's make sure that Oc's are not called by
-	other macros.
-
-2001-05-29  Assar Westerlund  <assar@sics.se>
-
-	* base64-test.c (main): initialize numerr
-
-2001-05-28  Johan Danielsson  <joda@pdc.kth.se>
-
-	* base64.c: clean up the decode mess somewhat
-
-	* base64-test.c: base64 tests
-
-2001-05-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken.h.in: just use standard C types with bswap*
-
-	* bswap.c: just use standard C types
-
-2001-05-17  Assar Westerlund  <assar@sics.se>
-
-	* roken.h.in: include all the headers that AC_GROK_TYPES tries for
-	finding u_int17_t et al
-
-	* Makefile.am: bump version to 12:0:3
-	* roken.h.in: re-add set_progname and get_progname for backwards
-	compatability
-	* warnerr.c: re-add set_progname and get_progname for backwards
-	compatability
-
-2001-05-12  Assar Westerlund  <assar@sics.se>
-
-	* glob.c: add limits.h, from <shadow@dementia.org>
-
-2001-05-11  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: bswap.c
-	
-	* bswap.c: bswap{16,32}
-	
-2001-05-08  Assar Westerlund  <assar@sics.se>
-
-	* freeaddrinfo.c (freeaddrinfo): also free every `struct
-	addrinfo'.  from <tmartin@mirapoint.com>
-
-2001-04-25  Assar Westerlund  <assar@sics.se>
-
-	* getarg.h (free_getarg_strings): add prototype
-	* getarg.c (free_getarg_strings): add function
-
-2001-04-21  Johan Danielsson  <joda@pdc.kth.se>
-
-	* getarg.c: pack short flag options togther, to shorten the usage
-	string
-
-2001-04-17  Johan Danielsson  <joda@pdc.kth.se>
-
-	* getifaddrs.c (getifaddrs2): close socket when done
-
-2001-03-26  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken.awk: END has to be last with Sun's awk
-
-2001-03-26  Assar Westerlund  <assar@sics.se>
-
-	* parse_units.c (parse_something): do not check the return value
-	from strtod, it might return != 0.0 when the string has no digits.
-	just testing if it consumed any characters is enough and more
-	resilient
-	* glob.c: add GLOB_LIMIT (from NetBSD)
-
-2001-02-20  Assar Westerlund  <assar@sics.se>
-
-	* warnerr.c (warnerr): do not use __progname
-	* roken.h.in (setprogname, getprogname): add prototypes
-	* warnerr.c (setprogname, getprogname): rename to. change all
-	callers
-	
-2001-02-12  Assar Westerlund  <assar@sics.se>
-
-	* getnameinfo_verified.c (getnameinfo_verified): do the first
-	getnameinfo with NI_NUMERICSERV to avoid the error that bind 8.2.3
-	reports on not finding the service
-	(ENI_NOSERVNAME).  reported by Ake Sandgren <ake@cs.umu.se>
-
-2001-02-09  Assar Westerlund  <assar@sics.se>
-
-	* getnameinfo.c (doit): call inet_ntop with correct af, noted by
-	Ake Sandgren <ake@cs.umu.se>
-
-2001-02-08  Assar Westerlund  <assar@sics.se>
-
-	* getnameinfo_verified.c (getnameinfo_verified): always capture
-	the service from getnameinfo so it can be sent back to getaddrinfo
-	and set socktype to avoid getaddrinfo not returning any addresses
-
-2001-01-30  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libroken_la_LDFLAGS): bump version to 11:1:2
-	* print_version.c (print_version): add 2001
-
-2001-01-29  Assar Westerlund  <assar@sics.se>
-
-	* getifaddrs.c (getifaddrs2): copy the entire sockaddr
-
-	* roken-common.h (_PATH_BSHELL): add
-
-2001-01-27  Assar Westerlund  <assar@sics.se>
-
-	* roken.h.in: move __attribute__ to roken-common.h
-
-	* esetenv.c (esetenv): cast to handle a setenv that takes a `char
- 	* which is the case on Unicos
-
-2000-12-29  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (EXTRA_libroken_la_SOURCES): ifaddrs.h ->
-	ifaddrs.hin
-
-2000-12-25  Assar Westerlund  <assar@sics.se>
-
-	* getarg.c (print_arg): add a case for arg_strings
-
-2000-12-15  Johan Danielsson  <joda@pdc.kth.se>
-
-	* snprintf.c (append_string): handle NULL strings by printing
-	`(null)'
-
-2000-12-12  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken-common.h: add c++ externs
-
-	* roken.h.in: fix last commit differently
-
-2000-12-11  Assar Westerlund  <assar@sics.se>
-
-	* err.hin (warnerr): remove, it's not part of the err.h interface
-	* roken-common.h (warnerr): moved here from err.hin
-	* Makefile.am (libroken_la_LDFLAGS): set version to 11:0:2
-	* vis.c: s/u_int32_t/unsigned/ for systems that do not define
-	u_int32_t
-
-2000-12-10  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: rename some headers to avoid conflict with possible
-	system headers
-
-2000-12-06  Johan Danielsson  <joda@pdc.kth.se>
-
-	* vis.c: make sure _DIAGASSERT is defined
-
-	* unvis.c: make sure _DIAGASSERT is defined
-
-	* Makefile.am: unvis.c, and vis.h
-
-	* vis.h: vis.h from NetBSD
-
-	* unvis.c: unvis from NetBSD
-
-	* roken.h.in: cleanup previous
-
-	* roken-common.h: make `extern "C"' into a macro, this make emacs
-	much happier
-
-	* vis.c: strvis implementation from NetBSD
-
-	* roken.h.in: add prototypes for strvis*
-
-2000-12-05  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ifaddrs.h: fix freeifaddrs prototype, and add ifa_broadaddr
-	macro
-
-	* getifaddrs.c: free some memory
-
-2000-12-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ifaddrs.h: getifaddrs implementation using SIOCGIFCONFIG etc
-
-	* getifaddrs.c: getifaddrs implementation using SIOCGIFCONFIG etc
-
-2000-10-08  Assar Westerlund  <assar@sics.se>
-
-	* mini_inetd.c (mini_inetd): check that fds are not too large to
-	select on
-
-2000-09-24  Assar Westerlund  <assar@sics.se>
-
-	*  esetenv.c: new file/function
-
-2000-08-16  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump version to 10:0:1
-
-2000-08-10  Assar Westerlund  <assar@sics.se>
-
-	* mini_inetd.c (accept_it): type-correctness on parameters to
-	accept
-
-2000-08-07  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken.h.in: add proto compat for getsockname
-
-2000-08-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* write_pid.c: conditionalise pidfile
-
-	* write_pid.c: add pidfile function
-
-2000-07-25  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: bump version to 9:0:0
-
-	* warnerr.c: add get_progname
-
-2000-07-24  Assar Westerlund  <assar@sics.se>
-
-	* getaddrinfo.c (add_hostent): if there's no fqdn in `he' try
-	reverse resolving to see if there's a fuller name there.  don't
-	use just-freed memory
-
-2000-07-22  Assar Westerlund  <assar@sics.se>
-
-	* xdbm.h: do not define ndbm functions in terms of dbm functions
-	if we're using db
-
-2000-07-20  Assar Westerlund  <assar@sics.se>
-
-	* rtbl.c (rtbl_format): avoid printing an empty row at the end
-
-2000-07-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: make this compatible with `make dist'
-
-	* Makefile.am: revert version number for now
-
-2000-07-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* configure.in: AM_PROG_LIBTOOL -> AC_PROG_LIBTOOL
-
-2000-07-17  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: set ACLOCAL_AMFLAGS
-
-2000-07-15  Johan Danielsson  <joda@pdc.kth.se>
-
-	* getaddrinfo_hostspec.c: add new function that takes socktype
-	hint as parameter
-
-2000-07-09  Assar Westerlund  <assar@sics.se>
-
-	* rtbl.c (rtbl_add_column): initialize `col' completely
-
-	* configure.in: bring headers and functions more in-line with
-	what's actually being used
-
-2000-07-08  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken.h.in: declare ether_addr and sockaddr_dl for AIX
-
-	* rtbl.{c,h}: simple table functions
-
-2000-07-08  Assar Westerlund  <assar@sics.se>
-
-	* configure.in (AM_INIT_AUTOMAKE): bump version to 10
-	* configure.in (AC_BROKEN): add strsep_copy
-	* Makefile.am (ACLOCAL): fetch files from cf
-
-2000-07-01  Assar Westerlund  <assar@sics.se>
-
-	* roken-common.h (pid_file_*): fix protos
-
-2000-06-28  Assar Westerlund  <assar@sics.se>
-
-	* getnameinfo_verified.c (getnameinfo_verified): free memory
-	returned from getaddrinfo
-
-2000-06-27  Assar Westerlund  <assar@sics.se>
-
-	* resolve.c: export string_to_type and type_to_string
-	* resolve.c: add key,sig,cert update test-program
-	* resolve.h: add key,sig,cert
-
-2000-06-21  Assar Westerlund  <assar@sics.se>
-
-	* resolve.h: add T_SIG, T_KEY
-	* resolve.c: add SIG and KEY
-	* Makefile.am (libroken_la_SOURCES): add environment.c and
-	write_pid.c
-
-	* write_pid.c: new file for writing a pid file.
-
-	* environment.c: new file with functionality for reading
-	/etc/environment.  From Ake Sandgren <ake@cs.umu.se>
-
-2000-06-12  Johan Danielsson  <joda@pdc.kth.se>
-
-	* strsep_copy.c: strsep, but with const stringp so returns string
-	in separate buffer
-
-2000-05-23  Assar Westerlund  <assar@sics.se>
-
-	* vsyslog.c (vsyslog): calculate length of new format string
-	correctly
-
-2000-05-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* getusershell.c: implment the AIX version use
-	/etc/security/login.cfg
-
-2000-05-21  Assar Westerlund  <assar@sics.se>
-
-	* vsyslog.c (vsyslog): actually handle `%m'
-
-2000-05-15  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libroken_la_LDFLAGS): set version to 8:1:3
-
-	* roken-common.h: moved __attribute__ to roken.h.in
-
-2000-04-14  Assar Westerlund  <assar@sics.se>
-
-	* getaddrinfo_hostspec.c (roken_getaddrinfo_hostspec): copy the
-	correct length from `hostspec'.  based on a patch from Love
-	<lha@s3.kth.se>
-
-2000-04-09  Assar Westerlund  <assar@sics.se>
-
-	* xdbm.h: only include one of db.h and the dbm-series
-
-2000-04-05  Assar Westerlund  <assar@sics.se>
-
-	* resolve.c (_resolve_debug): explicitly set to zero.  this moves
-	the variable from bss to data and the dynamic linker on MacOS
-	X/Darwin seems unhappy with stuff in the bss segment.
-
-2000-04-03  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 8:0:3
-
-2000-03-11  Assar Westerlund  <assar@sics.se>
-
-	* roken.h.in (_SS_PAD1SIZE): try to write an inpenetrable
-	expression that also works on Crays
-
-2000-03-09  Assar Westerlund  <assar@sics.se>
-
-	* getarg.c (arg_match_short): backup optind when there's a missing
-	argument so that the error can point at the flag and not the
-	non-existant argument
-
-2000-03-03  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (SOURCES): add timeval.c
-	* Makefile.am (libroken_la_SOURCES): add timeval.c
-	* timeval.c: new file
-
-2000-02-19  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 7:1:2
-	
-2000-02-16  Assar Westerlund  <assar@sics.se>
-
-	* snprintf.c (PARSE_INT_FORMAT): note that shorts are actually
-	transmitted as ints
-	(according to the integer protomotion rules) in variable arguments
-	lists.  Therefore, we should not call va_arg with short but rather
-	with int.  See <http://www.debian.org/Bugs/db/57/57919.html> for
-	original bug report
-
-2000-02-13  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump version to 7:0:2
-
-	* getarg.c (mandoc_template): also fix no- prefix in .Sh OPTIONS
-	* getarg.c (mandoc_template): better man-stuff for negative
-	options
-
-2000-02-07  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 6:0:1
-
-2000-02-06  Assar Westerlund  <assar@sics.se>
-
-	* xdbm.h: hopefully catch a few more declarations by including
-	<ndbm.h> even if <db.h> was found
-
-2000-01-26  Assar Westerlund  <assar@sics.se>
-
-	* mini_inetd.c (mini_inetd): separate number of allocated sockets
-	and number of actual ones
-	* mini_inetd.c (mini_inetd): count sockets properly.  and fail if
-	we cannot bind any
-	* mini_inetd.c (mini_inetd): make failing to create a socket
-	non-fatal
-
-2000-01-09  Assar Westerlund  <assar@sics.se>
-
- 	* Makefile.am(libroken_la_SOURCES): add strcollect.c
-	* Makefile.in: add strcollect.[co]
-	* simple_exec.c: use vstrcollect
-	* roken-common.h (_PATH_DEV): add
-	(strcollect, vstrcollect): add prototypes
-	* strcollect.c: new file.  functions for collapsing an `va_list'
-	into an `char **'
-
-2000-01-06  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump version to 5:0:0
-
-1999-12-30  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (strpftime_test_SOURCES): correct source file name
-
-	* roken.h.in (sockaddr_storage): change padding so that we have
- 	one char[] of pad and then an unsigned long[] (for alignment and
- 	padding).  this works much better in practice.
-
-1999-12-22  Assar Westerlund  <assar@sics.se>
-
-	* roken.h.in (sockaddr_storage): drop leading underscore on
- 	`public' fields.  this was the consensus on the ipng mailing list
-
-1999-12-21  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (strpftime-test): define sources to avoid having
- 	'.o'
-	* Makefile.am (print_version.h): use $(EXEEXT)
-	* Makefile.am (roken.h): add $(EXEEXT) to make this work on cygwin
- 	et al
-
-1999-12-20  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libroken_la_LDFLAGS): bump version to 4:3:0
-
-	* getaddrinfo.c (get_nodes): use getipnodebyname instead of
-	gethostbyname(2)
-
-1999-12-16  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libroken_la_LDFLAGS): bump version to 4:2:0
-
-	* roken.h.in (struct sockaddr_storage): redefine with the example
- 	code from rfc2553
-
-	* getaddrinfo.c (get_null): set loopback with correct endianess
-	for v4.  dunno about v6.
-
-1999-12-13  Assar Westerlund  <assar@sics.se>
-
-	* roken.h.in: add prototypes for str[pf]time
-
-	* signal.c: macosx = rhapsody ~= nextstep also can't handle
- 	various definitions of the same symbol.
-
-1999-12-12  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump version to 4:1:0
-
-1999-12-06  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump version to 4:0:0
-
-1999-12-05  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in: replace inaddr2str with getnameinfo_verified
-
-	* roken-common.h (INADDR_LOOPBACK): add fallback definition
-
-	* roken-common.h: move getnameinfo_verified to roken.h.in
-	* roken.h.in (inaddr2str): remove
-	* Makefile.am (libroken_la_SOURCES); removed inaddr2str
-	* roken-common.h (getnameinfo_verified): add prototype
-	* getnameinfo_verified.c: new file
-
-1999-12-04  Assar Westerlund  <assar@sics.se>
-
-	* roken-common.h: add constants for getaddrinfo, getnameinfo
-	* roken.h.in (socklen_t): make independent of sockaddr_storage
-	(AI_*, NI_*, EAI_*): move to roken-common.h
-
-1999-12-03  Assar Westerlund  <assar@sics.se>
-
-	* mini_inetd.c (mini_inted): rewrite to use `getaddrinfo'
-	* getaddrinfo.c (const_v*): no sizeof(sizeof())
-	* getaddrinfo.c (add_hostent): search for the canonical name among
-	all aliases
-	(getaddrinfo): handle AI_NUMERICHOST correctly
-	* Makefile.am (EXTRA_libroken_la_SOURCES): add freeaddinfo,
-	getaddrinfo, getnameinfo, gai_strerror
-	(getaddrinfo_test): add
-	* Makefile.in (SOURCES): add freeaddinfo, getaddrinfo,
-	getnameinfo, gai_strerror
-	(getaddrinfo_test): add
-	* roken.h.in: arpa/inet.h: include
-	(socklen_t): add
-	(struct addrinfo): add
-	(EAI_*): add
-	(NI_*): add
-	(AI_*): add
-	(getaddrinfo, getnameinfo, freeaddrinfo, gai_strerror): add
-	* getnameinfo.c: new file
-	* getaddrinfo-test.c: new file
-	* gai_strerror.c: new file
-	* getaddrinfo.c: new file
-	* freeaddrinfo.c: new file
-
-1999-11-25  Assar Westerlund  <assar@sics.se>
-
-	* getopt.c (getopt): return -1 instead of EOF.  From
-	<art@stacken.kth.se>
-
-1999-11-13  Assar Westerlund  <assar@sics.se>
-
-	* strftime.c (strftime): handle `%z' and `%Z' in a tm_gmtoff-less
-	world
-
-	* getcap.c: make sure to use db only if we have both the library
-	and the header file
-	
-1999-11-12  Assar Westerlund  <assar@sics.se>
-
-	* getarg.h: add arg_counter
-	* getarg.c: add a new type of argument: `arg_counter' re-organize
-	the code somewhat
-	
-	* Makefile.am: add strptime and strpftime-test
-	
-	* snprintf.c (xyzprintf): try to do the right thing with an % at
-	the end of the format string
-	
-	* strptime.c (strptime): implement '%U', '%V', '%W'
-	* strftime.c (strftime): implement '%U', '%V', '%W', '%z'
-	
-	* strftime.c (strftime): correct %E and %O handling.  do something
- 	reasonable with "...%"
-
-	* strftime.c: replace the BSD implementation by one of our own
-	coding
-
-	* strptime.c : new file
-	* strpftime-test.c: new file
-
-1999-11-07  Assar Westerlund  <assar@sics.se>
-
-	* parse_bytes-test.c: new file
-
-	* Makefile.am: add parse_bytes-test
-
-	* parse_units.c (parse_something): try to handle the case of no
- 	value specified a little bit better
-
-1999-11-04  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump version to 3:2:0
-
-1999-10-30  Assar Westerlund  <assar@sics.se>
-
-	* snprintf.c (PARSE_INT_FORMAT): add redundant casts to work
- 	around a gcc-bug that manifests itself on Linux-PPC.  From Tom
- 	Rini <trini@kernel.crashing.org>
-
-1999-10-28  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump version to 3:1:0
-
-	* roken.h.in: use `unsigned char' instead of `u_int8_t' to avoid
- 	having to have that definition.  this is the easy way out instead
- 	of getting the definition here where it's needed.  flame me.
-
-Fri Oct 22 15:39:31 1999  Bjoern Groenvall  <bg@sics.se>
-
-	* k_getpwuid.c (k_getpwuid): getspuid() does not exist (even
- 	though it should), use getspnam().
-
-1999-10-20  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 3:0:0
-
-1999-10-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* getarg.3: document arg_collect
-
-	* getarg.c: change the way arg_collect works; it's still quite
-	horrible though
-
-	* getarg.h: change type of the collect function
-
-1999-10-17  Assar Westerlund  <assar@sics.se>
-
-	* xdbm.h: undo last commit
-
-	* xdbm.h: reorder db includes
-
-1999-10-10  Assar Westerlund  <assar@sics.se>
-
-	* socket.c: const-ize and comment
-
-	* net_write.c: const-ize
-
-	* base64.c: const-ize
-
-1999-10-06  Assar Westerlund  <assar@sics.se>
-
-	* getarg.c (getarg): also set optind when returning error
-
-1999-09-26  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: add parse_bytes.[ch]
-
-1999-09-24  Johan Danielsson  <joda@pdc.kth.se>
-
-	* getarg.3: getarg manpage
-
-	* getarg.{c,h}: add a callback type to do more complicated processing
-
-	* getarg.{c,h}: add floating point support
-
-1999-09-16  Assar Westerlund  <assar@sics.se>
-
-	* strlcat.c (strlcat): call strlcpy
-
-	* strlcpy.c: update name and prototype
-
-	* strlcat.c: update name and prototype
-
-	* roken.h.in: rename strc{py,at}_truncate to strlc{py,at}
-
-	* Makefile.am: rename strc{py,at}_truncate -> strlc{py,at}
-
-	* Makefile.in: rename strc{py,at}_truncate -> strlc{py,at}
-
- 	* strcpy_truncate.c (strcpy_truncate): change return value to be
- 	the length of `src'
-
-1999-08-16  Assar Westerlund  <assar@sics.se>
-
-	* getcap.c: try to make this work on systems with DB
-
-1999-08-16  Johan Danielsson  <joda@pdc.kth.se>
-
-	* getcap.c: protect from db-less systems
-
-1999-08-09  Johan Danielsson  <joda@pdc.kth.se>
-
-	* simple_exec.c: add simple_exec{ve,le}
-
-	* getcap.c: getcap from NetBSD
-
-1999-08-06  Assar Westerlund  <assar@sics.se>
-
-	* roken.h.in (sockaddr_storage): cater for those that have
- 	v6-support also
-
-1999-08-05  Assar Westerlund  <assar@sics.se>
-
-	* inet_ntop.c (inet_ntop_v4): remember to call ntohl
-
-1999-08-04  Assar Westerlund  <assar@sics.se>
-
-	* roken-common.h: add shutdown constants
-
-	* mini_inetd.c (listen_v4, listen_v6): handle the case of the
- 	protocol not being supported
-
-1999-08-01  Assar Westerlund  <assar@sics.se>
-
-	* mini_inetd.c (socket_set_reuseaddr): remove duplicate
-
-1999-07-29  Assar Westerlund  <assar@sics.se>
-
-	* mini_inetd.c (mini_inetd): fix my stupid bugs
-
-1999-07-28  Assar Westerlund  <assar@sics.se>
-
-	* roken-common.h: add socket* functions
-
-	* Makefile.am (libroken_la_SOURCES): add socket.c
-
-	* socket.c: new file, originally from appl/ftp/common
-
-	* Makefile.am: set version to 2:0:2
-
-	* roken.h.in (inet_pton): add prototype
-
-	* Makefile.am (EXTRA_libroken_la_SOURCES): add inet_pton
-
-	* inet_pton.c: new file
-
-	* getipnodebyname.c (getipnodebyname): try gethostbyname2 if we
- 	have it
-
-1999-07-27  Assar Westerlund  <assar@sics.se>
-
-	* mini_inetd.c: support IPv6
-
-1999-07-26  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 1:0:1
-
-	* roken.h.in (inet_ntop): add prototype
-
- 	* roken-common.h: (INET{,6}_ADDRSTRLEN): add
-
-	* inet_ntop.c: new file
-
-	* Makefile.am (EXTRA_libroken_la_SOURCES): add inet_ntop.c
-
-	* Makefile.am: move some files from libroken_la_SOURCES to
- 	EXTRA_libroken_la_SOURCES
-
-	* snprintf.c: some signed vs unsigned casts
-	
-1999-07-24  Assar Westerlund  <assar@sics.se>
-
-	* roken.h.in (struct sockaddr_storage): define it needed
-
-1999-07-19  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libroken_la_SOURCES): add copyhostent.c,
- 	freehostent.c, getipnodebyname.c, getipnodebyaddr.c
-	
-	* roken.h.in: <netdb.h>: include
-	(copyhostent, freehostent, getipnodebyname, getipnodebyaddr): add
-	prototypes
-
-	* roken-common.h: new constants for getipnodeby*
-
-	* Makefile.in (SOURCES): add freehostent, copyhostent,
- 	getipnodebyname, getipnodebyaddr
-
-	* freehostent.c: new file
-
-	* copyhostent.c: new file
-
-	* getipnodebyaddr.c: new file
-
-	* getipnodebyname.c: new file
-
-1999-07-13  Assar Westerlund  <assar@sics.se>
-
-	* roken.h.in (k_getpwnam): update prototype
-
-	* k_getpwnam.c (k_getpwnam): const-ize
-
-	* get_default_username.c (get_default_username): a better way of
- 	guessing when the user has su:ed
-
-1999-07-08  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken.awk: use puts, as suggested by Jeffrey Hutzelman
-	<jhutz+@cmu.edu>
-
-1999-07-06  Assar Westerlund  <assar@sics.se>
-
-	* readv.c (readv): typo
-
-1999-07-03  Assar Westerlund  <assar@sics.se>
-
-	* writev.c (writev): error check malloc properly
-
-	* sendmsg.c (sendmsg): error check malloc properly
-
-	* resolve.c (parse_reply): error check malloc properly
-
-	* recvmsg.c (recvmsg): error check malloc properly
-
-	* readv.c (readv): error check malloc properly
-
-1999-06-23  Assar Westerlund  <assar@sics.se>
-
-	* parse_units.c (acc_units): move the special case of 0 -> 1 to
- 	parse_something to avoid having it happen at the end of the string
-
-1999-06-15  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in: add get_default_username
-
-	* get_default_username.c: new file
-
-	* roken.h.in (get_default_username): add prototype
-
-	* Makefile.am: add get_default_username
-
-1999-05-08  Assar Westerlund  <assar@sics.se>
-
-	* xdbm.h: also try <db.h> with DB_DBM_HSEARCH == 1
-
-	* strnlen.c (strnlen): update prototype
-
-	* Makefile.am: strndup.c: add
-
-	* Makefile.in: strndup.c: add
-
-	* roken.h.in (strndup): add
-	(strnlen): update prototype
-
-	* strndup.c: new file
-
-Fri Apr 16 17:59:30 1999  Assar Westerlund  <assar@sics.se>
-
-	* roken.h.in: include strsep prototype if needed
-
-Thu Apr 15 14:04:03 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: make make-print-version.o depend on version.h
-
-Wed Apr  7 14:11:00 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: make it compile w/o krb4
-
-Sat Mar 27 17:33:03 1999  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* snprintf.c (vasnprintf): correct check if realloc returns NULL
-
-Sat Mar 27 12:37:55 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: link print_version with -ldes to avoid unresolved
- 	references if -lkrb is shared
-
-Sat Mar 20 03:42:30 1999  Assar Westerlund  <assar@sics.se>
-
-	* roken-common.h (eread, ewrite): add
-
-	* simple_exec.c: add <roken.h>
-
-Fri Mar 19 21:29:58 1999  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in: add eread, ewrite
-
-	* eread.c, ewrite.c: new files
-
-	* Makefile.am (libroken_la_SOURCES): add eread and ewrite
-
-Fri Mar 19 14:52:57 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: add version-info
-
-Thu Mar 18 12:53:32 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: remove include_dir hack
-
-	* Makefile.am: parse_units.h
-
-	* Makefile.am: include Makefile.am.common
-
-Sat Mar 13 23:31:35 1999  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (SOURCES): add glob.c
-
-Thu Mar 11 15:02:21 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* iruserok.c: move innetgr() to separate file
-
-	* innetgr.c: move innetgr() to separate file
-
-	* hstrerror.c (hstrerror): add const to return type
-
-	* erealloc.c: fix types in format string
-
-	* emalloc.c: fix types in format string
-
-Wed Mar 10 16:36:55 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* resolve.c: ugly fix for crays
-
-Mon Mar  8 11:52:20 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* roken.h.in: protos for {un,}setenv
-
-1999-02-16  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (SOURCES): add fnmatch
-
-	* roken-common.h (abs): add
-
-Sat Feb 13 17:12:53 1999  Assar Westerlund  <assar@sics.se>
-
-	* emalloc.c, erealloc.c, estrup.c: new files
-
-	* roken.h.in (mkstemp, gethostname): also includes prototypes if
- 	they are needed.
-
-1998-12-23  Assar Westerlund  <assar@sics.se>
-
-	* roken.h.in: mkstemp: add prototype
-
-1998-12-20  Assar Westerlund  <assar@sics.se>
-
-	* snprintf.c, iruserok.c, parse-units.c: unsigned char-correctness
-
-	* roken.h.in (inet_aton): also chedk NEED_INET_ATON_PROTO
-
-	* roken-common.h: __attribute__: check for autoconf'd
-	HAVE___ATTRIBUTE__ instead of GNUC
-
-Sun Dec  6 19:53:21 1998  Assar Westerlund  <assar@sics.se>
-
-	* parse_units.c (parse_something): func is called with val == 0 if
- 	no unit was given
-	(acc_flags, acc_units): update to new standard
-
-Fri Nov 27 03:09:42 1998  Assar Westerlund  <assar@sics.se>
-
-	* resolve.c (stot): constify
-	(type_to_string): always declare
-	(dns_lookup_int): correct debug output
-
-Thu Nov 26 23:43:55 1998  Assar Westerlund  <assar@sics.se>
-
-	* resolve.c (dns_lookup_int): send rr_class to res_search
-
-Thu Nov 26 17:09:47 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* resolve.c: some cleanup
-
-	* resolve.h: add T_NAPTR
-
-Sun Nov 22 10:23:07 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (WFLAGS): set
-
-	* k_getpwnam.c (k_getpwnam): check for `struct spwd'
-
-	* k_getpwuid.c (k_getpwuid): check for `struct spwd'
-
-Tue Sep  8 05:18:31 1998  Assar Westerlund  <assar@sics.se>
-
-	* recvmsg.c (recvmsg): patch from bpreece@unity.ncsu.edu
-
-Fri Sep  4 16:29:27 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* vsyslog.c: asprintf -> vasprintf
-
-Tue Aug 18 22:25:52 1998  Assar Westerlund  <assar@sics.se>
-
-	* getarg.h (arg_printusage): new signature
-
-	* getarg.c (arg_printusage): new parameter `progname'.  NULL means
- 	__progname.
-
-Sun Aug  9 14:53:44 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* Makefile.am: net_{read,write}.c
-
-Fri Jul 24 21:56:02 1998  Assar Westerlund  <assar@sics.se>
-
-	* simple_exec.c (simple_execvp): loop around waitpid when errno ==
- 	EINTR
-
-Thu Jul 23 20:24:35 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* Makefile.am: net_{read,write}.c
-
-Wed Jul 22 21:38:35 1998  Assar Westerlund  <assar@sics.se>
-
-	* simple_exec.c (simple_execlp): initialize `argv'
-
-Mon Jul 13 23:01:22 1998  Assar Westerlund  <assar@sics.se>
-
-	* inaddr2str.c (inaddr2str): don't advance hostent->h_addr_list,
- 	use a copy instead
-
-Fri Jul 10 01:20:08 1998  Assar Westerlund  <assar@sics.se>
-
-	* roken.h.in (net_write, net_read): add prototypes
-
-	* Makefile.in: net_{read,write}.c: add
-
-	* net_{read,write}.c: new files
-
-Tue Jun 30 17:29:09 1998  Assar Westerlund  <assar@sics.se>
-
-	* roken.h.in (issuid): add
-
-	* get_window_size.c: fix misspelling of TIOCGWINSZ and bad use of
- 	fields
-
-Sun May 31 03:24:34 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* getarg.c (mandoc_template): Put short and long options in
- 	SYNOPSIS within the same [ ] pair.
-
-Sat May 30 00:13:01 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* getarg.c (arg_printusage): try to keep options shorter than
- 	column width
-
-	* get_window_size.c (get_window_size): check COLUMNS and LINES
-
-Fri May 29 00:05:04 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* getarg.c (mandoc_template): Put short and long options in
- 	DESCRIPTION on the same line.
-
-	* getarg.c (arg_match_long): make sure you only get an exact match
- 	if the strings are the same length
-
-Thu May 14 02:23:40 1998  Assar Westerlund  <assar@sics.se>
-
-	* roken.awk: stupid cray awk wants \#
-
-Fri May  1 01:29:36 1998  Assar Westerlund  <assar@sics.se>
-
-	* print_version.c (print_version): according to ISO/ANSI C the
- 	elements of `arg' are not constant and therefore not settable at
- 	compile-time.  Set the at run-time instead.
-
-Sun Apr 19 10:00:06 1998  Assar Westerlund  <assar@sics.se>
-
-	* roken.h.in: include paths.h
-
-Sun Apr  5 12:30:49 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (SOURCES): add roken_gethostby.c to make solaris
- 	make happy
-
-Thu Mar 19 20:41:25 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* simple_exec.c: Simple fork+exec system() replacement.
-
-Fri Mar  6 00:21:53 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* roken_gethostby.c: Make `roken_gethostby_setup' take URL-like
- 	specification instead of split up versions. Makes it easier for
- 	calling applications.
-
-	* roken_gethostby.c: Another miracle of the 20th century:
- 	gethostby* over HTTP.
-
-Sat Feb 21 15:18:36 1998  assar westerlund  <assar@sics.se>
-
-	* parse_time.c (unparse_time_approx): new function that calls
- 	`unparse_units_approx'
-
-	* parse_units.c (unparse_units_approx): new function that will
- 	only print the first unit.
-
-	* Makefile.in: include parse_{time,units}
-
-Thu Feb 12 03:30:08 1998  Assar Westerlund  <assar@sics.se>
-
-	* parse_time.c (print_time_table): don't return a void value.
-
-Tue Feb  3 11:06:24 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* getarg.c (mandoc_template): Change date format to full month
- 	name, and day of month without leading zero.
-
-Thu Jan 22 21:23:23 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* getarg.c: Fix long form of negative flags.
-
-Mon Dec 29 23:31:10 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* roken.h.in: Include <err.h>, to get linux __progname.
-
-Sun Dec 21 09:45:18 1997  Assar Westerlund  <assar@sics.se>
-
-	* parse_time.c (print_time_table): new function
-
-	* parse_units.c (print_flags_table, print_units_table): new
- 	functions.
-
-Thu Dec  4 02:51:46 1997  Assar Westerlund  <assar@sics.se>
-
-	* iruserok.c: moved here.
-
-	* snprintf.c (sn_append_char): don't write any terminating zero.
-	(as_reserve): don't loop.  better heuristic for how much space to
- 	realloc.
-	(vasnprintf): simplify initializing to one.
-
-Sun Nov 30 14:56:59 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* getarg.c: Add mandoc help back-end to getarg.
-
-Wed Nov 12 01:09:17 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* verr.c, verrx.c: Fix warnings by moving exit from.
-
-Tue Nov 11 21:12:09 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* parse_units.c: Change the list of separating characters (between
- 	units) to comma, space, and tab, removing digits. Having digits in
- 	this list makes a flag like `T42 generate a parse error. This
- 	change makes `17m3s' an invalid time-spec (you need a space).
-
-Tue Nov 11 02:38:44 1997  Assar Westerlund  <assar@sics.se>
-
-	* roken.h: add <sys/socket.h>
-
-Sun Nov  9 04:48:46 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* fnmatch.c: Add fnmatch from NetBSD
-
-Sun Nov  9 02:00:08 1997  Assar Westerlund  <assar@sics.se>
-
-	* parse_units.c (parse_something): ignore white-space and ','
-
-Mon Nov  3 22:38:32 1997  Assar Westerlund  <assar@sics.se>
-	
-	* roken.h: fclose prototype
-
-	* roken.h: add prototype for vsyslog
-
-	* Makefile.in: add some more source files to make soriasis make
- 	happy
-
-Sat Nov  1 00:19:21 1997  Assar Westerlund  <assar@sics.se>
-
-	* roken.h: include <sys/uio.h> and <errno.h>.
-	prototypes for readv and writev
-
-	* readv.c, writev.c: new files
-
-Wed Oct 29 02:21:38 1997  Assar Westerlund  <assar@sics.se>
-
-	* roken.h: Add ugly macros for openlog, gethostbyname,
- 	gethostbyaddr, and getservbyname for the benefit of Crays.  Add
- 	default definition of MAXPATHLEN
diff --git a/crypto/heimdal/lib/roken/Makefile.am b/crypto/heimdal/lib/roken/Makefile.am
deleted file mode 100644
index b1a4251fcddc..000000000000
--- a/crypto/heimdal/lib/roken/Makefile.am
+++ /dev/null
@@ -1,194 +0,0 @@
-# $Id: Makefile.am 22409 2008-01-12 05:53:37Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-ACLOCAL_AMFLAGS = -I ../../cf
-
-CLEANFILES = roken.h make-roken.c $(XHEADERS)
-
-lib_LTLIBRARIES = libroken.la
-libroken_la_LDFLAGS = -version-info 19:0:1
-libroken_la_CPPFLAGS = -DBUILD_ROKEN_LIB
-
-# XXX this is needed for the LIBOBJS objects
-CPPFLAGS = $(libroken_la_CPPFLAGS)
-
-noinst_PROGRAMS = make-roken snprintf-test resolve-test
-
-nodist_make_roken_SOURCES = make-roken.c
-
-check_PROGRAMS = 				\
-		base64-test			\
-		getaddrinfo-test		\
-		hex-test			\
-		test-readenv			\
-		parse_bytes-test		\
-		parse_reply-test		\
-		parse_time-test			\
-		snprintf-test			\
-		strpftime-test
-
-TESTS = $(check_PROGRAMS)
-
-LDADD = libroken.la $(LIB_crypt)
-make_roken_LDADD = 
-
-noinst_LTLIBRARIES = libtest.la
-libtest_la_SOURCES = strftime.c strptime.c snprintf.c
-libtest_la_CFLAGS = -DTEST_SNPRINTF -DTEST_STRPFTIME
-
-parse_reply_test_SOURCES = parse_reply-test.c resolve.c
-parse_reply_test_CFLAGS  = -DTEST_RESOLVE
-
-test_readenv_SOURCES = test-readenv.c test-mem.c
-
-parse_time_test_SOURCES = parse_time-test.c test-mem.c
-
-strpftime_test_SOURCES	= strpftime-test.c strpftime-test.h
-strpftime_test_LDADD = libtest.la $(LDADD)
-strpftime_test_CFLAGS = -DTEST_STRPFTIME
-snprintf_test_SOURCES	= snprintf-test.c snprintf-test.h
-snprintf_test_LDADD = libtest.la $(LDADD)
-snprintf_test_CFLAGS	= -DTEST_SNPRINTF
-
-resolve_test_SOURCES = resolve-test.c
-
-libroken_la_SOURCES =		\
-	base64.c		\
-	bswap.c			\
-	concat.c		\
-	dumpdata.c		\
-	environment.c		\
-	eread.c			\
-	esetenv.c		\
-	ewrite.c		\
-	getaddrinfo_hostspec.c	\
-	get_default_username.c	\
-	get_window_size.c	\
-	getarg.c		\
-	getnameinfo_verified.c	\
-	getprogname.c		\
-	h_errno.c		\
-	hex.c			\
-	hostent_find_fqdn.c	\
-	issuid.c		\
-	k_getpwnam.c		\
-	k_getpwuid.c		\
-	mini_inetd.c		\
-	net_read.c		\
-	net_write.c		\
-	parse_bytes.c		\
-	parse_time.c		\
-	parse_units.c		\
-	realloc.c		\
-	resolve.c		\
-	roken_gethostby.c	\
-	rtbl.c			\
-	rtbl.h			\
-	setprogname.c		\
-	signal.c		\
-	simple_exec.c		\
-	snprintf.c		\
-	socket.c		\
-	strcollect.c		\
-	strpool.c		\
-	timeval.c		\
-	tm2time.c		\
-	unvis.c			\
-	verify.c		\
-	vis.c			\
-	vis.h			\
-	warnerr.c		\
-	write_pid.c		\
-	xdbm.h
-
-EXTRA_libroken_la_SOURCES =	\
-	err.hin			\
-	glob.hin		\
-	fnmatch.hin		\
-	ifaddrs.hin		\
-	vis.hin	
-
-libroken_la_LIBADD = @LTLIBOBJS@
-
-$(LTLIBOBJS) $(libroken_la_OBJECTS): roken.h $(XHEADERS)
-
-BUILT_SOURCES = make-roken.c roken.h
-
-if have_err_h
-err_h =
-else
-err_h = err.h
-endif
-
-if have_fnmatch_h
-fnmatch_h =
-else
-fnmatch_h = fnmatch.h
-endif
-
-if have_glob_h
-glob_h =
-else
-glob_h = glob.h
-endif
-
-if have_ifaddrs_h
-ifaddrs_h =
-else
-ifaddrs_h = ifaddrs.h
-endif
-
-if have_vis_h
-vis_h = 
-else
-vis_h = vis.h
-endif
-
-## these are controlled by configure
-XHEADERS = $(err_h) $(fnmatch_h) $(glob_h) $(ifaddrs_h) $(vis_h)
-CLEANFILES += err.h fnmatch.h glob.h ifaddrs.h vis.h
-
-dist_include_HEADERS = 				\
-	base64.h				\
-	getarg.h				\
-	hex.h					\
-	parse_bytes.h 				\
-	parse_time.h 				\
-	parse_units.h				\
-	resolve.h 				\
-	roken-common.h 				\
-	rtbl.h 					\
-	xdbm.h
-
-if have_socket_wrapper
-libroken_la_SOURCES += socket_wrapper.c socket_wrapper.h
-dist_include_HEADERS += socket_wrapper.h
-endif
-
-build_HEADERZ = test-mem.h $(XHEADERS)
-
-nodist_include_HEADERS = roken.h
-rokenincludedir = $(includedir)/roken
-nodist_rokeninclude_HEADERS = $(XHEADERS)
-
-man_MANS = getarg.3 parse_time.3 rtbl.3 ecalloc.3
-
-SUFFIXES += .hin
-.hin.h:
-	cp $< $@
-
-roken.h: make-roken$(EXEEXT)
-	@./make-roken$(EXEEXT) > tmp.h ;\
-	if [ -f roken.h ] && cmp -s tmp.h roken.h ; then rm -f tmp.h ; \
-	else rm -f roken.h; mv tmp.h roken.h; fi
-
-make-roken.c: roken.h.in roken.awk
-	$(AWK) -f $(srcdir)/roken.awk $(srcdir)/roken.h.in > make-roken.c
-
-EXTRA_DIST = \
-	roken.awk roken.h.in \
-	$(man_MANS) \
-	test-mem.h \
-	ndbm_wrap.c \
-	ndbm_wrap.h
diff --git a/crypto/heimdal/lib/roken/Makefile.in b/crypto/heimdal/lib/roken/Makefile.in
deleted file mode 100644
index 0398523aae57..000000000000
--- a/crypto/heimdal/lib/roken/Makefile.in
+++ /dev/null
@@ -1,1426 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 22409 2008-01-12 05:53:37Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(am__dist_include_HEADERS_DIST) $(srcdir)/Makefile.am \
-	$(srcdir)/Makefile.in $(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common ChangeLog chown.c \
-	closefrom.c copyhostent.c daemon.c ecalloc.c emalloc.c \
-	erealloc.c err.c errx.c estrdup.c fchown.c flock.c fnmatch.c \
-	freeaddrinfo.c freehostent.c gai_strerror.c getaddrinfo.c \
-	getcap.c getcwd.c getdtablesize.c getegid.c geteuid.c getgid.c \
-	gethostname.c getifaddrs.c getipnodebyaddr.c getipnodebyname.c \
-	getnameinfo.c getopt.c gettimeofday.c getuid.c getusershell.c \
-	glob.c hstrerror.c inet_aton.c inet_ntop.c inet_pton.c \
-	initgroups.c innetgr.c install-sh iruserok.c localtime_r.c \
-	lstat.c memmove.c missing mkinstalldirs mkstemp.c putenv.c \
-	rcmd.c readv.c recvmsg.c sendmsg.c setegid.c setenv.c \
-	seteuid.c strcasecmp.c strdup.c strerror.c strftime.c \
-	strlcat.c strlcpy.c strlwr.c strncasecmp.c strndup.c strnlen.c \
-	strptime.c strsep.c strsep_copy.c strtok_r.c strupr.c swab.c \
-	timegm.c unsetenv.c verr.c verrx.c vsyslog.c vwarn.c vwarnx.c \
-	warn.c warnx.c writev.c
-noinst_PROGRAMS = make-roken$(EXEEXT) snprintf-test$(EXEEXT) \
-	resolve-test$(EXEEXT)
-check_PROGRAMS = base64-test$(EXEEXT) getaddrinfo-test$(EXEEXT) \
-	hex-test$(EXEEXT) test-readenv$(EXEEXT) \
-	parse_bytes-test$(EXEEXT) parse_reply-test$(EXEEXT) \
-	parse_time-test$(EXEEXT) snprintf-test$(EXEEXT) \
-	strpftime-test$(EXEEXT)
-@have_socket_wrapper_TRUE@am__append_1 = socket_wrapper.c socket_wrapper.h
-@have_socket_wrapper_TRUE@am__append_2 = socket_wrapper.h
-subdir = lib/roken
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
-    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
-    *) f=$$p;; \
-  esac;
-am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
-am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(man3dir)" \
-	"$(DESTDIR)$(includedir)" "$(DESTDIR)$(includedir)" \
-	"$(DESTDIR)$(rokenincludedir)"
-libLTLIBRARIES_INSTALL = $(INSTALL)
-LTLIBRARIES = $(lib_LTLIBRARIES) $(noinst_LTLIBRARIES)
-libroken_la_DEPENDENCIES = @LTLIBOBJS@
-am__libroken_la_SOURCES_DIST = base64.c bswap.c concat.c dumpdata.c \
-	environment.c eread.c esetenv.c ewrite.c \
-	getaddrinfo_hostspec.c get_default_username.c \
-	get_window_size.c getarg.c getnameinfo_verified.c \
-	getprogname.c h_errno.c hex.c hostent_find_fqdn.c issuid.c \
-	k_getpwnam.c k_getpwuid.c mini_inetd.c net_read.c net_write.c \
-	parse_bytes.c parse_time.c parse_units.c realloc.c resolve.c \
-	roken_gethostby.c rtbl.c rtbl.h setprogname.c signal.c \
-	simple_exec.c snprintf.c socket.c strcollect.c strpool.c \
-	timeval.c tm2time.c unvis.c verify.c vis.c vis.h warnerr.c \
-	write_pid.c xdbm.h socket_wrapper.c socket_wrapper.h
-@have_socket_wrapper_TRUE@am__objects_1 =  \
-@have_socket_wrapper_TRUE@	libroken_la-socket_wrapper.lo
-am_libroken_la_OBJECTS = libroken_la-base64.lo libroken_la-bswap.lo \
-	libroken_la-concat.lo libroken_la-dumpdata.lo \
-	libroken_la-environment.lo libroken_la-eread.lo \
-	libroken_la-esetenv.lo libroken_la-ewrite.lo \
-	libroken_la-getaddrinfo_hostspec.lo \
-	libroken_la-get_default_username.lo \
-	libroken_la-get_window_size.lo libroken_la-getarg.lo \
-	libroken_la-getnameinfo_verified.lo libroken_la-getprogname.lo \
-	libroken_la-h_errno.lo libroken_la-hex.lo \
-	libroken_la-hostent_find_fqdn.lo libroken_la-issuid.lo \
-	libroken_la-k_getpwnam.lo libroken_la-k_getpwuid.lo \
-	libroken_la-mini_inetd.lo libroken_la-net_read.lo \
-	libroken_la-net_write.lo libroken_la-parse_bytes.lo \
-	libroken_la-parse_time.lo libroken_la-parse_units.lo \
-	libroken_la-realloc.lo libroken_la-resolve.lo \
-	libroken_la-roken_gethostby.lo libroken_la-rtbl.lo \
-	libroken_la-setprogname.lo libroken_la-signal.lo \
-	libroken_la-simple_exec.lo libroken_la-snprintf.lo \
-	libroken_la-socket.lo libroken_la-strcollect.lo \
-	libroken_la-strpool.lo libroken_la-timeval.lo \
-	libroken_la-tm2time.lo libroken_la-unvis.lo \
-	libroken_la-verify.lo libroken_la-vis.lo \
-	libroken_la-warnerr.lo libroken_la-write_pid.lo \
-	$(am__objects_1)
-libroken_la_OBJECTS = $(am_libroken_la_OBJECTS)
-libroken_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(libroken_la_LDFLAGS) $(LDFLAGS) -o $@
-libtest_la_LIBADD =
-am_libtest_la_OBJECTS = libtest_la-strftime.lo libtest_la-strptime.lo \
-	libtest_la-snprintf.lo
-libtest_la_OBJECTS = $(am_libtest_la_OBJECTS)
-libtest_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(libtest_la_CFLAGS) \
-	$(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
-PROGRAMS = $(noinst_PROGRAMS)
-base64_test_SOURCES = base64-test.c
-base64_test_OBJECTS = base64-test.$(OBJEXT)
-base64_test_LDADD = $(LDADD)
-am__DEPENDENCIES_1 =
-base64_test_DEPENDENCIES = libroken.la $(am__DEPENDENCIES_1)
-getaddrinfo_test_SOURCES = getaddrinfo-test.c
-getaddrinfo_test_OBJECTS = getaddrinfo-test.$(OBJEXT)
-getaddrinfo_test_LDADD = $(LDADD)
-getaddrinfo_test_DEPENDENCIES = libroken.la $(am__DEPENDENCIES_1)
-hex_test_SOURCES = hex-test.c
-hex_test_OBJECTS = hex-test.$(OBJEXT)
-hex_test_LDADD = $(LDADD)
-hex_test_DEPENDENCIES = libroken.la $(am__DEPENDENCIES_1)
-nodist_make_roken_OBJECTS = make-roken.$(OBJEXT)
-make_roken_OBJECTS = $(nodist_make_roken_OBJECTS)
-make_roken_DEPENDENCIES =
-parse_bytes_test_SOURCES = parse_bytes-test.c
-parse_bytes_test_OBJECTS = parse_bytes-test.$(OBJEXT)
-parse_bytes_test_LDADD = $(LDADD)
-parse_bytes_test_DEPENDENCIES = libroken.la $(am__DEPENDENCIES_1)
-am_parse_reply_test_OBJECTS =  \
-	parse_reply_test-parse_reply-test.$(OBJEXT) \
-	parse_reply_test-resolve.$(OBJEXT)
-parse_reply_test_OBJECTS = $(am_parse_reply_test_OBJECTS)
-parse_reply_test_LDADD = $(LDADD)
-parse_reply_test_DEPENDENCIES = libroken.la $(am__DEPENDENCIES_1)
-parse_reply_test_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(parse_reply_test_CFLAGS) \
-	$(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
-am_parse_time_test_OBJECTS = parse_time-test.$(OBJEXT) \
-	test-mem.$(OBJEXT)
-parse_time_test_OBJECTS = $(am_parse_time_test_OBJECTS)
-parse_time_test_LDADD = $(LDADD)
-parse_time_test_DEPENDENCIES = libroken.la $(am__DEPENDENCIES_1)
-am_resolve_test_OBJECTS = resolve-test.$(OBJEXT)
-resolve_test_OBJECTS = $(am_resolve_test_OBJECTS)
-resolve_test_LDADD = $(LDADD)
-resolve_test_DEPENDENCIES = libroken.la $(am__DEPENDENCIES_1)
-am_snprintf_test_OBJECTS = snprintf_test-snprintf-test.$(OBJEXT)
-snprintf_test_OBJECTS = $(am_snprintf_test_OBJECTS)
-am__DEPENDENCIES_2 = libroken.la $(am__DEPENDENCIES_1)
-snprintf_test_DEPENDENCIES = libtest.la $(am__DEPENDENCIES_2)
-snprintf_test_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(snprintf_test_CFLAGS) \
-	$(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
-am_strpftime_test_OBJECTS = strpftime_test-strpftime-test.$(OBJEXT)
-strpftime_test_OBJECTS = $(am_strpftime_test_OBJECTS)
-strpftime_test_DEPENDENCIES = libtest.la $(am__DEPENDENCIES_2)
-strpftime_test_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(strpftime_test_CFLAGS) \
-	$(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
-am_test_readenv_OBJECTS = test-readenv.$(OBJEXT) test-mem.$(OBJEXT)
-test_readenv_OBJECTS = $(am_test_readenv_OBJECTS)
-test_readenv_LDADD = $(LDADD)
-test_readenv_DEPENDENCIES = libroken.la $(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-SOURCES = $(libroken_la_SOURCES) $(EXTRA_libroken_la_SOURCES) \
-	$(libtest_la_SOURCES) base64-test.c getaddrinfo-test.c \
-	hex-test.c $(nodist_make_roken_SOURCES) parse_bytes-test.c \
-	$(parse_reply_test_SOURCES) $(parse_time_test_SOURCES) \
-	$(resolve_test_SOURCES) $(snprintf_test_SOURCES) \
-	$(strpftime_test_SOURCES) $(test_readenv_SOURCES)
-DIST_SOURCES = $(am__libroken_la_SOURCES_DIST) \
-	$(EXTRA_libroken_la_SOURCES) $(libtest_la_SOURCES) \
-	base64-test.c getaddrinfo-test.c hex-test.c parse_bytes-test.c \
-	$(parse_reply_test_SOURCES) $(parse_time_test_SOURCES) \
-	$(resolve_test_SOURCES) $(snprintf_test_SOURCES) \
-	$(strpftime_test_SOURCES) $(test_readenv_SOURCES)
-man3dir = $(mandir)/man3
-MANS = $(man_MANS)
-am__dist_include_HEADERS_DIST = base64.h getarg.h hex.h parse_bytes.h \
-	parse_time.h parse_units.h resolve.h roken-common.h rtbl.h \
-	xdbm.h socket_wrapper.h
-dist_includeHEADERS_INSTALL = $(INSTALL_HEADER)
-nodist_includeHEADERS_INSTALL = $(INSTALL_HEADER)
-nodist_rokenincludeHEADERS_INSTALL = $(INSTALL_HEADER)
-HEADERS = $(dist_include_HEADERS) $(nodist_include_HEADERS) \
-	$(nodist_rokeninclude_HEADERS)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-
-# XXX this is needed for the LIBOBJS objects
-CPPFLAGS = $(libroken_la_CPPFLAGS)
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .hin
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-ACLOCAL_AMFLAGS = -I ../../cf
-CLEANFILES = roken.h make-roken.c $(XHEADERS) err.h fnmatch.h glob.h \
-	ifaddrs.h vis.h
-lib_LTLIBRARIES = libroken.la
-libroken_la_LDFLAGS = -version-info 19:0:1
-libroken_la_CPPFLAGS = -DBUILD_ROKEN_LIB
-nodist_make_roken_SOURCES = make-roken.c
-TESTS = $(check_PROGRAMS)
-LDADD = libroken.la $(LIB_crypt)
-make_roken_LDADD = 
-noinst_LTLIBRARIES = libtest.la
-libtest_la_SOURCES = strftime.c strptime.c snprintf.c
-libtest_la_CFLAGS = -DTEST_SNPRINTF -DTEST_STRPFTIME
-parse_reply_test_SOURCES = parse_reply-test.c resolve.c
-parse_reply_test_CFLAGS = -DTEST_RESOLVE
-test_readenv_SOURCES = test-readenv.c test-mem.c
-parse_time_test_SOURCES = parse_time-test.c test-mem.c
-strpftime_test_SOURCES = strpftime-test.c strpftime-test.h
-strpftime_test_LDADD = libtest.la $(LDADD)
-strpftime_test_CFLAGS = -DTEST_STRPFTIME
-snprintf_test_SOURCES = snprintf-test.c snprintf-test.h
-snprintf_test_LDADD = libtest.la $(LDADD)
-snprintf_test_CFLAGS = -DTEST_SNPRINTF
-resolve_test_SOURCES = resolve-test.c
-libroken_la_SOURCES = base64.c bswap.c concat.c dumpdata.c \
-	environment.c eread.c esetenv.c ewrite.c \
-	getaddrinfo_hostspec.c get_default_username.c \
-	get_window_size.c getarg.c getnameinfo_verified.c \
-	getprogname.c h_errno.c hex.c hostent_find_fqdn.c issuid.c \
-	k_getpwnam.c k_getpwuid.c mini_inetd.c net_read.c net_write.c \
-	parse_bytes.c parse_time.c parse_units.c realloc.c resolve.c \
-	roken_gethostby.c rtbl.c rtbl.h setprogname.c signal.c \
-	simple_exec.c snprintf.c socket.c strcollect.c strpool.c \
-	timeval.c tm2time.c unvis.c verify.c vis.c vis.h warnerr.c \
-	write_pid.c xdbm.h $(am__append_1)
-EXTRA_libroken_la_SOURCES = \
-	err.hin			\
-	glob.hin		\
-	fnmatch.hin		\
-	ifaddrs.hin		\
-	vis.hin	
-
-libroken_la_LIBADD = @LTLIBOBJS@
-BUILT_SOURCES = make-roken.c roken.h
-@have_err_h_FALSE@err_h = err.h
-@have_err_h_TRUE@err_h = 
-@have_fnmatch_h_FALSE@fnmatch_h = fnmatch.h
-@have_fnmatch_h_TRUE@fnmatch_h = 
-@have_glob_h_FALSE@glob_h = glob.h
-@have_glob_h_TRUE@glob_h = 
-@have_ifaddrs_h_FALSE@ifaddrs_h = ifaddrs.h
-@have_ifaddrs_h_TRUE@ifaddrs_h = 
-@have_vis_h_FALSE@vis_h = vis.h
-@have_vis_h_TRUE@vis_h = 
-XHEADERS = $(err_h) $(fnmatch_h) $(glob_h) $(ifaddrs_h) $(vis_h)
-dist_include_HEADERS = base64.h getarg.h hex.h parse_bytes.h \
-	parse_time.h parse_units.h resolve.h roken-common.h rtbl.h \
-	xdbm.h $(am__append_2)
-build_HEADERZ = test-mem.h $(XHEADERS)
-nodist_include_HEADERS = roken.h
-rokenincludedir = $(includedir)/roken
-nodist_rokeninclude_HEADERS = $(XHEADERS)
-man_MANS = getarg.3 parse_time.3 rtbl.3 ecalloc.3
-EXTRA_DIST = \
-	roken.awk roken.h.in \
-	$(man_MANS) \
-	test-mem.h \
-	ndbm_wrap.c \
-	ndbm_wrap.h
-
-all: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .hin .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps lib/roken/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps lib/roken/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f=$(am__strip_dir) \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  p=$(am__strip_dir) \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
-	  $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test "$$dir" != "$$p" || dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-
-clean-noinstLTLIBRARIES:
-	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
-	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test "$$dir" != "$$p" || dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-libroken.la: $(libroken_la_OBJECTS) $(libroken_la_DEPENDENCIES) 
-	$(libroken_la_LINK) -rpath $(libdir) $(libroken_la_OBJECTS) $(libroken_la_LIBADD) $(LIBS)
-libtest.la: $(libtest_la_OBJECTS) $(libtest_la_DEPENDENCIES) 
-	$(libtest_la_LINK)  $(libtest_la_OBJECTS) $(libtest_la_LIBADD) $(LIBS)
-
-clean-checkPROGRAMS:
-	@list='$(check_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-
-clean-noinstPROGRAMS:
-	@list='$(noinst_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-base64-test$(EXEEXT): $(base64_test_OBJECTS) $(base64_test_DEPENDENCIES) 
-	@rm -f base64-test$(EXEEXT)
-	$(LINK) $(base64_test_OBJECTS) $(base64_test_LDADD) $(LIBS)
-getaddrinfo-test$(EXEEXT): $(getaddrinfo_test_OBJECTS) $(getaddrinfo_test_DEPENDENCIES) 
-	@rm -f getaddrinfo-test$(EXEEXT)
-	$(LINK) $(getaddrinfo_test_OBJECTS) $(getaddrinfo_test_LDADD) $(LIBS)
-hex-test$(EXEEXT): $(hex_test_OBJECTS) $(hex_test_DEPENDENCIES) 
-	@rm -f hex-test$(EXEEXT)
-	$(LINK) $(hex_test_OBJECTS) $(hex_test_LDADD) $(LIBS)
-make-roken$(EXEEXT): $(make_roken_OBJECTS) $(make_roken_DEPENDENCIES) 
-	@rm -f make-roken$(EXEEXT)
-	$(LINK) $(make_roken_OBJECTS) $(make_roken_LDADD) $(LIBS)
-parse_bytes-test$(EXEEXT): $(parse_bytes_test_OBJECTS) $(parse_bytes_test_DEPENDENCIES) 
-	@rm -f parse_bytes-test$(EXEEXT)
-	$(LINK) $(parse_bytes_test_OBJECTS) $(parse_bytes_test_LDADD) $(LIBS)
-parse_reply-test$(EXEEXT): $(parse_reply_test_OBJECTS) $(parse_reply_test_DEPENDENCIES) 
-	@rm -f parse_reply-test$(EXEEXT)
-	$(parse_reply_test_LINK) $(parse_reply_test_OBJECTS) $(parse_reply_test_LDADD) $(LIBS)
-parse_time-test$(EXEEXT): $(parse_time_test_OBJECTS) $(parse_time_test_DEPENDENCIES) 
-	@rm -f parse_time-test$(EXEEXT)
-	$(LINK) $(parse_time_test_OBJECTS) $(parse_time_test_LDADD) $(LIBS)
-resolve-test$(EXEEXT): $(resolve_test_OBJECTS) $(resolve_test_DEPENDENCIES) 
-	@rm -f resolve-test$(EXEEXT)
-	$(LINK) $(resolve_test_OBJECTS) $(resolve_test_LDADD) $(LIBS)
-snprintf-test$(EXEEXT): $(snprintf_test_OBJECTS) $(snprintf_test_DEPENDENCIES) 
-	@rm -f snprintf-test$(EXEEXT)
-	$(snprintf_test_LINK) $(snprintf_test_OBJECTS) $(snprintf_test_LDADD) $(LIBS)
-strpftime-test$(EXEEXT): $(strpftime_test_OBJECTS) $(strpftime_test_DEPENDENCIES) 
-	@rm -f strpftime-test$(EXEEXT)
-	$(strpftime_test_LINK) $(strpftime_test_OBJECTS) $(strpftime_test_LDADD) $(LIBS)
-test-readenv$(EXEEXT): $(test_readenv_OBJECTS) $(test_readenv_DEPENDENCIES) 
-	@rm -f test-readenv$(EXEEXT)
-	$(LINK) $(test_readenv_OBJECTS) $(test_readenv_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-libroken_la-base64.lo: base64.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-base64.lo `test -f 'base64.c' || echo '$(srcdir)/'`base64.c
-
-libroken_la-bswap.lo: bswap.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-bswap.lo `test -f 'bswap.c' || echo '$(srcdir)/'`bswap.c
-
-libroken_la-concat.lo: concat.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-concat.lo `test -f 'concat.c' || echo '$(srcdir)/'`concat.c
-
-libroken_la-dumpdata.lo: dumpdata.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-dumpdata.lo `test -f 'dumpdata.c' || echo '$(srcdir)/'`dumpdata.c
-
-libroken_la-environment.lo: environment.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-environment.lo `test -f 'environment.c' || echo '$(srcdir)/'`environment.c
-
-libroken_la-eread.lo: eread.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-eread.lo `test -f 'eread.c' || echo '$(srcdir)/'`eread.c
-
-libroken_la-esetenv.lo: esetenv.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-esetenv.lo `test -f 'esetenv.c' || echo '$(srcdir)/'`esetenv.c
-
-libroken_la-ewrite.lo: ewrite.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-ewrite.lo `test -f 'ewrite.c' || echo '$(srcdir)/'`ewrite.c
-
-libroken_la-getaddrinfo_hostspec.lo: getaddrinfo_hostspec.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-getaddrinfo_hostspec.lo `test -f 'getaddrinfo_hostspec.c' || echo '$(srcdir)/'`getaddrinfo_hostspec.c
-
-libroken_la-get_default_username.lo: get_default_username.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-get_default_username.lo `test -f 'get_default_username.c' || echo '$(srcdir)/'`get_default_username.c
-
-libroken_la-get_window_size.lo: get_window_size.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-get_window_size.lo `test -f 'get_window_size.c' || echo '$(srcdir)/'`get_window_size.c
-
-libroken_la-getarg.lo: getarg.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-getarg.lo `test -f 'getarg.c' || echo '$(srcdir)/'`getarg.c
-
-libroken_la-getnameinfo_verified.lo: getnameinfo_verified.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-getnameinfo_verified.lo `test -f 'getnameinfo_verified.c' || echo '$(srcdir)/'`getnameinfo_verified.c
-
-libroken_la-getprogname.lo: getprogname.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-getprogname.lo `test -f 'getprogname.c' || echo '$(srcdir)/'`getprogname.c
-
-libroken_la-h_errno.lo: h_errno.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-h_errno.lo `test -f 'h_errno.c' || echo '$(srcdir)/'`h_errno.c
-
-libroken_la-hex.lo: hex.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-hex.lo `test -f 'hex.c' || echo '$(srcdir)/'`hex.c
-
-libroken_la-hostent_find_fqdn.lo: hostent_find_fqdn.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-hostent_find_fqdn.lo `test -f 'hostent_find_fqdn.c' || echo '$(srcdir)/'`hostent_find_fqdn.c
-
-libroken_la-issuid.lo: issuid.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-issuid.lo `test -f 'issuid.c' || echo '$(srcdir)/'`issuid.c
-
-libroken_la-k_getpwnam.lo: k_getpwnam.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-k_getpwnam.lo `test -f 'k_getpwnam.c' || echo '$(srcdir)/'`k_getpwnam.c
-
-libroken_la-k_getpwuid.lo: k_getpwuid.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-k_getpwuid.lo `test -f 'k_getpwuid.c' || echo '$(srcdir)/'`k_getpwuid.c
-
-libroken_la-mini_inetd.lo: mini_inetd.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-mini_inetd.lo `test -f 'mini_inetd.c' || echo '$(srcdir)/'`mini_inetd.c
-
-libroken_la-net_read.lo: net_read.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-net_read.lo `test -f 'net_read.c' || echo '$(srcdir)/'`net_read.c
-
-libroken_la-net_write.lo: net_write.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-net_write.lo `test -f 'net_write.c' || echo '$(srcdir)/'`net_write.c
-
-libroken_la-parse_bytes.lo: parse_bytes.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-parse_bytes.lo `test -f 'parse_bytes.c' || echo '$(srcdir)/'`parse_bytes.c
-
-libroken_la-parse_time.lo: parse_time.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-parse_time.lo `test -f 'parse_time.c' || echo '$(srcdir)/'`parse_time.c
-
-libroken_la-parse_units.lo: parse_units.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-parse_units.lo `test -f 'parse_units.c' || echo '$(srcdir)/'`parse_units.c
-
-libroken_la-realloc.lo: realloc.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-realloc.lo `test -f 'realloc.c' || echo '$(srcdir)/'`realloc.c
-
-libroken_la-resolve.lo: resolve.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-resolve.lo `test -f 'resolve.c' || echo '$(srcdir)/'`resolve.c
-
-libroken_la-roken_gethostby.lo: roken_gethostby.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-roken_gethostby.lo `test -f 'roken_gethostby.c' || echo '$(srcdir)/'`roken_gethostby.c
-
-libroken_la-rtbl.lo: rtbl.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-rtbl.lo `test -f 'rtbl.c' || echo '$(srcdir)/'`rtbl.c
-
-libroken_la-setprogname.lo: setprogname.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-setprogname.lo `test -f 'setprogname.c' || echo '$(srcdir)/'`setprogname.c
-
-libroken_la-signal.lo: signal.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-signal.lo `test -f 'signal.c' || echo '$(srcdir)/'`signal.c
-
-libroken_la-simple_exec.lo: simple_exec.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-simple_exec.lo `test -f 'simple_exec.c' || echo '$(srcdir)/'`simple_exec.c
-
-libroken_la-snprintf.lo: snprintf.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-snprintf.lo `test -f 'snprintf.c' || echo '$(srcdir)/'`snprintf.c
-
-libroken_la-socket.lo: socket.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-socket.lo `test -f 'socket.c' || echo '$(srcdir)/'`socket.c
-
-libroken_la-strcollect.lo: strcollect.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-strcollect.lo `test -f 'strcollect.c' || echo '$(srcdir)/'`strcollect.c
-
-libroken_la-strpool.lo: strpool.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-strpool.lo `test -f 'strpool.c' || echo '$(srcdir)/'`strpool.c
-
-libroken_la-timeval.lo: timeval.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-timeval.lo `test -f 'timeval.c' || echo '$(srcdir)/'`timeval.c
-
-libroken_la-tm2time.lo: tm2time.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-tm2time.lo `test -f 'tm2time.c' || echo '$(srcdir)/'`tm2time.c
-
-libroken_la-unvis.lo: unvis.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-unvis.lo `test -f 'unvis.c' || echo '$(srcdir)/'`unvis.c
-
-libroken_la-verify.lo: verify.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-verify.lo `test -f 'verify.c' || echo '$(srcdir)/'`verify.c
-
-libroken_la-vis.lo: vis.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-vis.lo `test -f 'vis.c' || echo '$(srcdir)/'`vis.c
-
-libroken_la-warnerr.lo: warnerr.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-warnerr.lo `test -f 'warnerr.c' || echo '$(srcdir)/'`warnerr.c
-
-libroken_la-write_pid.lo: write_pid.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-write_pid.lo `test -f 'write_pid.c' || echo '$(srcdir)/'`write_pid.c
-
-libroken_la-socket_wrapper.lo: socket_wrapper.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-socket_wrapper.lo `test -f 'socket_wrapper.c' || echo '$(srcdir)/'`socket_wrapper.c
-
-libtest_la-strftime.lo: strftime.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-strftime.lo `test -f 'strftime.c' || echo '$(srcdir)/'`strftime.c
-
-libtest_la-strptime.lo: strptime.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-strptime.lo `test -f 'strptime.c' || echo '$(srcdir)/'`strptime.c
-
-libtest_la-snprintf.lo: snprintf.c
-	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-snprintf.lo `test -f 'snprintf.c' || echo '$(srcdir)/'`snprintf.c
-
-parse_reply_test-parse_reply-test.o: parse_reply-test.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-parse_reply-test.o `test -f 'parse_reply-test.c' || echo '$(srcdir)/'`parse_reply-test.c
-
-parse_reply_test-parse_reply-test.obj: parse_reply-test.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-parse_reply-test.obj `if test -f 'parse_reply-test.c'; then $(CYGPATH_W) 'parse_reply-test.c'; else $(CYGPATH_W) '$(srcdir)/parse_reply-test.c'; fi`
-
-parse_reply_test-resolve.o: resolve.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-resolve.o `test -f 'resolve.c' || echo '$(srcdir)/'`resolve.c
-
-parse_reply_test-resolve.obj: resolve.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-resolve.obj `if test -f 'resolve.c'; then $(CYGPATH_W) 'resolve.c'; else $(CYGPATH_W) '$(srcdir)/resolve.c'; fi`
-
-snprintf_test-snprintf-test.o: snprintf-test.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(snprintf_test_CFLAGS) $(CFLAGS) -c -o snprintf_test-snprintf-test.o `test -f 'snprintf-test.c' || echo '$(srcdir)/'`snprintf-test.c
-
-snprintf_test-snprintf-test.obj: snprintf-test.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(snprintf_test_CFLAGS) $(CFLAGS) -c -o snprintf_test-snprintf-test.obj `if test -f 'snprintf-test.c'; then $(CYGPATH_W) 'snprintf-test.c'; else $(CYGPATH_W) '$(srcdir)/snprintf-test.c'; fi`
-
-strpftime_test-strpftime-test.o: strpftime-test.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(strpftime_test_CFLAGS) $(CFLAGS) -c -o strpftime_test-strpftime-test.o `test -f 'strpftime-test.c' || echo '$(srcdir)/'`strpftime-test.c
-
-strpftime_test-strpftime-test.obj: strpftime-test.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(strpftime_test_CFLAGS) $(CFLAGS) -c -o strpftime_test-strpftime-test.obj `if test -f 'strpftime-test.c'; then $(CYGPATH_W) 'strpftime-test.c'; else $(CYGPATH_W) '$(srcdir)/strpftime-test.c'; fi`
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-man3: $(man3_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	test -z "$(man3dir)" || $(MKDIR_P) "$(DESTDIR)$(man3dir)"
-	@list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.3*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    3*) ;; \
-	    *) ext='3' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \
-	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst"; \
-	done
-uninstall-man3:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.3*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    3*) ;; \
-	    *) ext='3' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f '$(DESTDIR)$(man3dir)/$$inst'"; \
-	  rm -f "$(DESTDIR)$(man3dir)/$$inst"; \
-	done
-install-dist_includeHEADERS: $(dist_include_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
-	@list='$(dist_include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(dist_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
-	  $(dist_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-uninstall-dist_includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(dist_include_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(includedir)/$$f"; \
-	done
-install-nodist_includeHEADERS: $(nodist_include_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
-	@list='$(nodist_include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(nodist_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
-	  $(nodist_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-uninstall-nodist_includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(nodist_include_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(includedir)/$$f"; \
-	done
-install-nodist_rokenincludeHEADERS: $(nodist_rokeninclude_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(rokenincludedir)" || $(MKDIR_P) "$(DESTDIR)$(rokenincludedir)"
-	@list='$(nodist_rokeninclude_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(nodist_rokenincludeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(rokenincludedir)/$$f'"; \
-	  $(nodist_rokenincludeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(rokenincludedir)/$$f"; \
-	done
-
-uninstall-nodist_rokenincludeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(nodist_rokeninclude_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(rokenincludedir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(rokenincludedir)/$$f"; \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-check-TESTS: $(TESTS)
-	@failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[	 ]'; \
-	srcdir=$(srcdir); export srcdir; \
-	list=' $(TESTS) '; \
-	if test -n "$$list"; then \
-	  for tst in $$list; do \
-	    if test -f ./$$tst; then dir=./; \
-	    elif test -f $$tst; then dir=; \
-	    else dir="$(srcdir)/"; fi; \
-	    if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xpass=`expr $$xpass + 1`; \
-		failed=`expr $$failed + 1`; \
-		echo "XPASS: $$tst"; \
-	      ;; \
-	      *) \
-		echo "PASS: $$tst"; \
-	      ;; \
-	      esac; \
-	    elif test $$? -ne 77; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xfail=`expr $$xfail + 1`; \
-		echo "XFAIL: $$tst"; \
-	      ;; \
-	      *) \
-		failed=`expr $$failed + 1`; \
-		echo "FAIL: $$tst"; \
-	      ;; \
-	      esac; \
-	    else \
-	      skip=`expr $$skip + 1`; \
-	      echo "SKIP: $$tst"; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    if test "$$xfail" -eq 0; then \
-	      banner="All $$all tests passed"; \
-	    else \
-	      banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
-	    fi; \
-	  else \
-	    if test "$$xpass" -eq 0; then \
-	      banner="$$failed of $$all tests failed"; \
-	    else \
-	      banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
-	    fi; \
-	  fi; \
-	  dashes="$$banner"; \
-	  skipped=""; \
-	  if test "$$skip" -ne 0; then \
-	    skipped="($$skip tests were not run)"; \
-	    test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$skipped"; \
-	  fi; \
-	  report=""; \
-	  if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
-	    report="Please report to $(PACKAGE_BUGREPORT)"; \
-	    test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$report"; \
-	  fi; \
-	  dashes=`echo "$$dashes" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  test -z "$$skipped" || echo "$$skipped"; \
-	  test -z "$$report" || echo "$$report"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	else :; fi
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
-	$(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
-check: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(MANS) $(HEADERS) \
-		all-local
-installdirs:
-	for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(man3dir)" "$(DESTDIR)$(includedir)" "$(DESTDIR)$(includedir)" "$(DESTDIR)$(rokenincludedir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-	-test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
-clean: clean-am
-
-clean-am: clean-checkPROGRAMS clean-generic clean-libLTLIBRARIES \
-	clean-libtool clean-noinstLTLIBRARIES clean-noinstPROGRAMS \
-	mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-dist_includeHEADERS install-man \
-	install-nodist_includeHEADERS \
-	install-nodist_rokenincludeHEADERS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am: install-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man: install-man3
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-dist_includeHEADERS uninstall-libLTLIBRARIES \
-	uninstall-man uninstall-nodist_includeHEADERS \
-	uninstall-nodist_rokenincludeHEADERS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-uninstall-man: uninstall-man3
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-TESTS check-am \
-	check-local clean clean-checkPROGRAMS clean-generic \
-	clean-libLTLIBRARIES clean-libtool clean-noinstLTLIBRARIES \
-	clean-noinstPROGRAMS ctags dist-hook distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am \
-	install-data-hook install-dist_includeHEADERS install-dvi \
-	install-dvi-am install-exec install-exec-am install-exec-hook \
-	install-html install-html-am install-info install-info-am \
-	install-libLTLIBRARIES install-man install-man3 \
-	install-nodist_includeHEADERS \
-	install-nodist_rokenincludeHEADERS install-pdf install-pdf-am \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-dist_includeHEADERS \
-	uninstall-hook uninstall-libLTLIBRARIES uninstall-man \
-	uninstall-man3 uninstall-nodist_includeHEADERS \
-	uninstall-nodist_rokenincludeHEADERS
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-$(LTLIBOBJS) $(libroken_la_OBJECTS): roken.h $(XHEADERS)
-.hin.h:
-	cp $< $@
-
-roken.h: make-roken$(EXEEXT)
-	@./make-roken$(EXEEXT) > tmp.h ;\
-	if [ -f roken.h ] && cmp -s tmp.h roken.h ; then rm -f tmp.h ; \
-	else rm -f roken.h; mv tmp.h roken.h; fi
-
-make-roken.c: roken.h.in roken.awk
-	$(AWK) -f $(srcdir)/roken.awk $(srcdir)/roken.h.in > make-roken.c
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/roken/acconfig.h b/crypto/heimdal/lib/roken/acconfig.h
deleted file mode 100644
index 5fbe685ce386..000000000000
--- a/crypto/heimdal/lib/roken/acconfig.h
+++ /dev/null
@@ -1,36 +0,0 @@
-@BOTTOM@
-
-#ifdef BROKEN_REALLOC
-#define realloc(X, Y) isoc_realloc((X), (Y))
-#define isoc_realloc(X, Y) ((X) ? realloc((X), (Y)) : malloc(Y))
-#endif
-
-#ifdef VOID_RETSIGTYPE
-#define SIGRETURN(x) return
-#else
-#define SIGRETURN(x) return (RETSIGTYPE)(x)
-#endif
-
-#define RCSID(msg) \
-static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg }
-
-#undef PROTOTYPES
-
-/* Maximum values on all known systems */
-#define MaxHostNameLen (64+4)
-#define MaxPathLen (1024+4)
-
-/*
- * Define NDBM if you are using the 4.3 ndbm library (which is part of
- * libc).  If not defined, 4.2 dbm will be assumed.
- */
-#if defined(HAVE_DBM_FIRSTKEY)
-#define NDBM
-#endif
-
-/*
- * Defining this enables lots of useful (and used) extensions on
- * glibc-based systems such as Linux
- */
-
-#define _GNU_SOURCE
diff --git a/crypto/heimdal/lib/roken/acinclude.m4 b/crypto/heimdal/lib/roken/acinclude.m4
deleted file mode 100644
index 1d0197c5ce37..000000000000
--- a/crypto/heimdal/lib/roken/acinclude.m4
+++ /dev/null
@@ -1,9 +0,0 @@
-dnl $Id$
-dnl
-dnl Only put things that for some reason can't live in the `cf'
-dnl directory in this file.
-dnl
-
-dnl $xId: misc.m4,v 1.1 1997/12/14 15:59:04 joda Exp $
-dnl
-define(upcase,`echo $1 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`)dnl
diff --git a/crypto/heimdal/lib/roken/base64-test.c b/crypto/heimdal/lib/roken/base64-test.c
deleted file mode 100644
index 435e41b1832a..000000000000
--- a/crypto/heimdal/lib/roken/base64-test.c
+++ /dev/null
@@ -1,99 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: base64-test.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#include "roken.h"
-#include <base64.h>
-
-int
-main(int argc, char **argv)
-{
-    int numerr = 0;
-    int numtest = 1;
-    struct test {
-	void *data;
-	size_t len;
-	const char *result;
-    } *t, tests[] = {
-	{ "", 0 , "" },
-	{ "1", 1, "MQ==" },
-	{ "22", 2, "MjI=" },
-	{ "333", 3, "MzMz" },
-	{ "4444", 4, "NDQ0NA==" },
-	{ "55555", 5, "NTU1NTU=" },
-	{ "abc:def", 7, "YWJjOmRlZg==" },
-	{ NULL }
-    };
-    for(t = tests; t->data; t++) {
-	char *str;
-	int len;
-	len = base64_encode(t->data, t->len, &str);
-	if(strcmp(str, t->result) != 0) {
-	    fprintf(stderr, "failed test %d: %s != %s\n", numtest, 
-		    str, t->result);
-	    numerr++;
-	}
-	free(str);
-	str = strdup(t->result);
-	len = base64_decode(t->result, str);
-	if(len != t->len) {
-	    fprintf(stderr, "failed test %d: len %lu != %lu\n", numtest,
-		    (unsigned long)len, (unsigned long)t->len);
-	    numerr++;
-	} else if(memcmp(str, t->data, t->len) != 0) {
-	    fprintf(stderr, "failed test %d: data\n", numtest);
-	    numerr++;
-	}
-	free(str);
-	numtest++;
-    }
-
-    {
-	char str[32];
-	if(base64_decode("M=M=", str) != -1) {
-	    fprintf(stderr, "failed test %d: successful decode of `M=M='\n", 
-		    numtest++);
-	    numerr++;
-	}
-	if(base64_decode("MQ===", str) != -1) {
-	    fprintf(stderr, "failed test %d: successful decode of `MQ==='\n", 
-		    numtest++);
-	    numerr++;
-	}
-    }
-    return numerr;
-}
diff --git a/crypto/heimdal/lib/roken/base64.c b/crypto/heimdal/lib/roken/base64.c
deleted file mode 100644
index daf7fc567161..000000000000
--- a/crypto/heimdal/lib/roken/base64.c
+++ /dev/null
@@ -1,136 +0,0 @@
-/*
- * Copyright (c) 1995-2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: base64.c 15506 2005-06-23 10:47:57Z lha $");
-#endif
-#include <stdlib.h>
-#include <string.h>
-#include "base64.h"
-
-static const char base64_chars[] = 
-    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
-
-static int 
-pos(char c)
-{
-    const char *p;
-    for (p = base64_chars; *p; p++)
-	if (*p == c)
-	    return p - base64_chars;
-    return -1;
-}
-
-int ROKEN_LIB_FUNCTION
-base64_encode(const void *data, int size, char **str)
-{
-    char *s, *p;
-    int i;
-    int c;
-    const unsigned char *q;
-
-    p = s = (char *) malloc(size * 4 / 3 + 4);
-    if (p == NULL)
-	return -1;
-    q = (const unsigned char *) data;
-    i = 0;
-    for (i = 0; i < size;) {
-	c = q[i++];
-	c *= 256;
-	if (i < size)
-	    c += q[i];
-	i++;
-	c *= 256;
-	if (i < size)
-	    c += q[i];
-	i++;
-	p[0] = base64_chars[(c & 0x00fc0000) >> 18];
-	p[1] = base64_chars[(c & 0x0003f000) >> 12];
-	p[2] = base64_chars[(c & 0x00000fc0) >> 6];
-	p[3] = base64_chars[(c & 0x0000003f) >> 0];
-	if (i > size)
-	    p[3] = '=';
-	if (i > size + 1)
-	    p[2] = '=';
-	p += 4;
-    }
-    *p = 0;
-    *str = s;
-    return strlen(s);
-}
-
-#define DECODE_ERROR 0xffffffff
-
-static unsigned int
-token_decode(const char *token)
-{
-    int i;
-    unsigned int val = 0;
-    int marker = 0;
-    if (strlen(token) < 4)
-	return DECODE_ERROR;
-    for (i = 0; i < 4; i++) {
-	val *= 64;
-	if (token[i] == '=')
-	    marker++;
-	else if (marker > 0)
-	    return DECODE_ERROR;
-	else
-	    val += pos(token[i]);
-    }
-    if (marker > 2)
-	return DECODE_ERROR;
-    return (marker << 24) | val;
-}
-
-int ROKEN_LIB_FUNCTION
-base64_decode(const char *str, void *data)
-{
-    const char *p;
-    unsigned char *q;
-
-    q = data;
-    for (p = str; *p && (*p == '=' || strchr(base64_chars, *p)); p += 4) {
-	unsigned int val = token_decode(p);
-	unsigned int marker = (val >> 24) & 0xff;
-	if (val == DECODE_ERROR)
-	    return -1;
-	*q++ = (val >> 16) & 0xff;
-	if (marker < 2)
-	    *q++ = (val >> 8) & 0xff;
-	if (marker < 1)
-	    *q++ = val & 0xff;
-    }
-    return q - (unsigned char *) data;
-}
diff --git a/crypto/heimdal/lib/roken/base64.h b/crypto/heimdal/lib/roken/base64.h
deleted file mode 100644
index 09aadffe7c41..000000000000
--- a/crypto/heimdal/lib/roken/base64.h
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: base64.h 15535 2005-06-30 07:13:33Z lha $ */
-
-#ifndef _BASE64_H_
-#define _BASE64_H_
-
-#ifndef ROKEN_LIB_FUNCTION
-#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
-#else
-#define ROKEN_LIB_FUNCTION
-#endif
-#endif
-
-int ROKEN_LIB_FUNCTION
-base64_encode(const void *, int, char **);
-
-int ROKEN_LIB_FUNCTION
-base64_decode(const char *, void *);
-
-#endif
diff --git a/crypto/heimdal/lib/roken/bswap.c b/crypto/heimdal/lib/roken/bswap.c
deleted file mode 100644
index e669eb2e4c0b..000000000000
--- a/crypto/heimdal/lib/roken/bswap.c
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Copyright (c) 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-
-RCSID("$Id: bswap.c 14773 2005-04-12 11:29:18Z lha $");
-
-#ifndef HAVE_BSWAP32
-
-unsigned int ROKEN_LIB_FUNCTION
-bswap32 (unsigned int val)
-{
-    return (val & 0xff) << 24 |
-	(val & 0xff00) << 8 |
-	(val & 0xff0000) >> 8 |
-	(val & 0xff000000) >> 24;
-}
-#endif
-
-#ifndef HAVE_BSWAP16
-
-unsigned short ROKEN_LIB_FUNCTION
-bswap16 (unsigned short val)
-{
-    return (val & 0xff) << 8 |
-	(val & 0xff00) >> 8;
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/chown.c b/crypto/heimdal/lib/roken/chown.c
deleted file mode 100644
index 5eb9c92c806d..000000000000
--- a/crypto/heimdal/lib/roken/chown.c
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: chown.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-int ROKEN_LIB_FUNCTION
-chown(const char *path, uid_t owner, gid_t group)
-{
-  return 0;
-}
diff --git a/crypto/heimdal/lib/roken/closefrom.c b/crypto/heimdal/lib/roken/closefrom.c
deleted file mode 100644
index f56e556a81d9..000000000000
--- a/crypto/heimdal/lib/roken/closefrom.c
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Copyright (c) 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: closefrom.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-#include "roken.h"
-
-int ROKEN_LIB_FUNCTION
-closefrom(int fd)
-{
-    int num = getdtablesize();
-
-    if (num < 0)
-	num = 1024; /* XXX */
-
-    for (; fd <= num; fd++)
-	close(fd);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/roken/concat.c b/crypto/heimdal/lib/roken/concat.c
deleted file mode 100644
index 94e0fcc31103..000000000000
--- a/crypto/heimdal/lib/roken/concat.c
+++ /dev/null
@@ -1,112 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: concat.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-#include "roken.h"
-
-int ROKEN_LIB_FUNCTION
-roken_concat (char *s, size_t len, ...)
-{
-    int ret;
-    va_list args;
-
-    va_start(args, len);
-    ret = roken_vconcat (s, len, args);
-    va_end(args);
-    return ret;
-}
-
-int ROKEN_LIB_FUNCTION
-roken_vconcat (char *s, size_t len, va_list args)
-{
-    const char *a;
-
-    while ((a = va_arg(args, const char*))) {
-	size_t n = strlen (a);
-
-	if (n >= len)
-	    return -1;
-	memcpy (s, a, n);
-	s += n;
-	len -= n;
-    }
-    *s = '\0';
-    return 0;
-}
-
-size_t ROKEN_LIB_FUNCTION
-roken_vmconcat (char **s, size_t max_len, va_list args)
-{
-    const char *a;
-    char *p, *q;
-    size_t len = 0;
-    *s = NULL;
-    p = malloc(1);
-    if(p == NULL)
-	return 0;
-    len = 1;
-    while ((a = va_arg(args, const char*))) {
-	size_t n = strlen (a);
-	
-	if(max_len && len + n > max_len){
-	    free(p);
-	    return 0;
-	}
-	q = realloc(p, len + n);
-	if(q == NULL){
-	    free(p);
-	    return 0;
-	}
-	p = q;
-	memcpy (p + len - 1, a, n);
-	len += n;
-    }
-    p[len - 1] = '\0';
-    *s = p;
-    return len;
-}
-
-size_t ROKEN_LIB_FUNCTION
-roken_mconcat (char **s, size_t max_len, ...)
-{
-    int ret;
-    va_list args;
-
-    va_start(args, max_len);
-    ret = roken_vmconcat (s, max_len, args);
-    va_end(args);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/copyhostent.c b/crypto/heimdal/lib/roken/copyhostent.c
deleted file mode 100644
index 6410449ffbe6..000000000000
--- a/crypto/heimdal/lib/roken/copyhostent.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: copyhostent.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-/*
- * return a malloced copy of `h'
- */
-
-struct hostent * ROKEN_LIB_FUNCTION
-copyhostent (const struct hostent *h)
-{
-    struct hostent *res;
-    char **p;
-    int i, n;
-
-    res = malloc (sizeof (*res));
-    if (res == NULL)
-	return NULL;
-    res->h_name      = NULL;
-    res->h_aliases   = NULL;
-    res->h_addrtype  = h->h_addrtype;
-    res->h_length    = h->h_length;
-    res->h_addr_list = NULL;
-    res->h_name = strdup (h->h_name);
-    if (res->h_name == NULL) {
-	freehostent (res);
-	return NULL;
-    }
-    for (n = 0, p = h->h_aliases; *p != NULL; ++p)
-	++n;
-    res->h_aliases = malloc ((n + 1) * sizeof(*res->h_aliases));
-    if (res->h_aliases == NULL) {
-	freehostent (res);
-	return NULL;
-    }
-    for (i = 0; i < n + 1; ++i)
-	res->h_aliases[i] = NULL;
-    for (i = 0; i < n; ++i) {
-	res->h_aliases[i] = strdup (h->h_aliases[i]);
-	if (res->h_aliases[i] == NULL) {
-	    freehostent (res);
-	    return NULL;
-	}
-    }
-
-    for (n = 0, p = h->h_addr_list; *p != NULL; ++p)
-	++n;
-    res->h_addr_list = malloc ((n + 1) * sizeof(*res->h_addr_list));
-    if (res->h_addr_list == NULL) {
-	freehostent (res);
-	return NULL;
-    }
-    for (i = 0; i < n + 1; ++i) {
-	res->h_addr_list[i] = NULL;
-    }
-    for (i = 0; i < n; ++i) {
-	res->h_addr_list[i] = malloc (h->h_length);
-	if (res->h_addr_list[i] == NULL) {
-	    freehostent (res);
-	    return NULL;
-	}
-	memcpy (res->h_addr_list[i], h->h_addr_list[i], h->h_length);
-    }
-    return res;
-}
-
diff --git a/crypto/heimdal/lib/roken/daemon.c b/crypto/heimdal/lib/roken/daemon.c
deleted file mode 100644
index 2bc2350054c8..000000000000
--- a/crypto/heimdal/lib/roken/daemon.c
+++ /dev/null
@@ -1,84 +0,0 @@
-/*-
- * Copyright (c) 1990, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#if defined(LIBC_SCCS) && !defined(lint)
-static char sccsid[] = "@(#)daemon.c	8.1 (Berkeley) 6/4/93";
-#endif /* LIBC_SCCS and not lint */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-RCSID("$Id: daemon.c 14773 2005-04-12 11:29:18Z lha $");
-
-#ifndef HAVE_DAEMON
-
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#ifdef HAVE_PATHS_H
-#include <paths.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-#include "roken.h"
-
-int ROKEN_LIB_FUNCTION
-daemon(int nochdir, int noclose)
-{
-    int fd;
-
-    switch (fork()) {
-    case -1:
-	return (-1);
-    case 0:
-	break;
-    default:
-	_exit(0);
-    }
-
-    if (setsid() == -1)
-	return (-1);
-
-    if (!nochdir)
-	chdir("/");
-
-    if (!noclose && (fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
-	dup2(fd, STDIN_FILENO);
-	dup2(fd, STDOUT_FILENO);
-	dup2(fd, STDERR_FILENO);
-	if (fd > 2)
-	    close (fd);
-    }
-    return (0);
-}
-
-#endif /* HAVE_DAEMON */
diff --git a/crypto/heimdal/lib/roken/dumpdata.c b/crypto/heimdal/lib/roken/dumpdata.c
deleted file mode 100644
index 4750cac1a5bb..000000000000
--- a/crypto/heimdal/lib/roken/dumpdata.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: dumpdata.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#include <unistd.h>
-
-#include "roken.h"
-
-/*
- * Write datablob to a filename, don't care about errors.
- */
-
-void ROKEN_LIB_FUNCTION
-rk_dumpdata (const char *filename, const void *buf, size_t size)
-{
-    int fd;
-
-    fd = open(filename, O_WRONLY|O_TRUNC|O_CREAT, 0640);
-    if (fd < 0)
-	return;
-    net_write(fd, buf, size);
-    close(fd);
-}
diff --git a/crypto/heimdal/lib/roken/ecalloc.3 b/crypto/heimdal/lib/roken/ecalloc.3
deleted file mode 100644
index 194ad271cf9a..000000000000
--- a/crypto/heimdal/lib/roken/ecalloc.3
+++ /dev/null
@@ -1,84 +0,0 @@
-.\" Copyright (c) 2001, 2003 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" $Id: ecalloc.3 12527 2003-08-15 12:28:14Z joda $
-.\"
-.Dd August 14, 2003
-.Dt ECALLOC 3
-.Os HEIMDAL
-.Sh NAME
-.Nm ecalloc ,
-.Nm emalloc ,
-.Nm eread ,
-.Nm erealloc ,
-.Nm esetenv ,
-.Nm estrdup ,
-.Nm ewrite
-.Nd exit-on-failure wrapper functions
-.Sh LIBRARY
-The roken library (libroken, -lroken)
-.Sh SYNOPSIS
-.Fd #include <roken.h>
-.Ft "void *"
-.Fn ecalloc "size_t number" "size_t size"
-.Ft "void *"
-.Fn emalloc "size_t sz"
-.Ft ssize_t
-.Fn eread "int fd" "void *buf" "size_t nbytes"
-.Ft "void *"
-.Fn erealloc "void *ptr" "size_t sz"
-.Ft void
-.Fn esetenv "const char *var" "const char *val" "int rewrite"
-.Ft "char *"
-.Fn estrdup "const char *str"
-.Ft ssize_t
-.Fn ewrite "int fd" "const void *buf" "size_t nbytes"
-.Sh DESCRIPTION
-These functions do the same as the ones without the 
-.Dq e
-prefix, but if there is an error they will print a message with 
-.Xr errx 3 ,
-and exit. For
-.Nm eread
-and 
-.Nm ewrite
-this is also true for partial data.
-.Pp
-This is useful in applications when there is no need for a more
-advanced failure mode.
-.Sh SEE ALSO
-.Xr read 2 ,
-.Xr write 2 ,
-.Xr calloc 3 ,
-.Xr errx 3 ,
-.Xr malloc 3 ,
-.Xr realloc 3 ,
-.Xr setenv 3 ,
-.Xr strdup 3
diff --git a/crypto/heimdal/lib/roken/ecalloc.c b/crypto/heimdal/lib/roken/ecalloc.c
deleted file mode 100644
index c5ef4a7b2450..000000000000
--- a/crypto/heimdal/lib/roken/ecalloc.c
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: ecalloc.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#include <stdlib.h>
-#include <err.h>
-
-#include "roken.h"
-
-/*
- * Like calloc but never fails.
- */
-
-void * ROKEN_LIB_FUNCTION
-ecalloc (size_t number, size_t size)
-{
-    void *tmp = calloc (number, size);
-
-    if (tmp == NULL && number * size != 0)
-	errx (1, "calloc %lu failed", (unsigned long)number * size);
-    return tmp;
-}
diff --git a/crypto/heimdal/lib/roken/emalloc.c b/crypto/heimdal/lib/roken/emalloc.c
deleted file mode 100644
index a39fcc0d22bf..000000000000
--- a/crypto/heimdal/lib/roken/emalloc.c
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: emalloc.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#include <stdlib.h>
-#include <err.h>
-
-#include "roken.h"
-
-/*
- * Like malloc but never fails.
- */
-
-void * ROKEN_LIB_FUNCTION
-emalloc (size_t sz)
-{
-    void *tmp = malloc (sz);
-
-    if (tmp == NULL && sz != 0)
-	errx (1, "malloc %lu failed", (unsigned long)sz);
-    return tmp;
-}
diff --git a/crypto/heimdal/lib/roken/environment.c b/crypto/heimdal/lib/roken/environment.c
deleted file mode 100644
index 3822e4c6ffe5..000000000000
--- a/crypto/heimdal/lib/roken/environment.c
+++ /dev/null
@@ -1,156 +0,0 @@
-/*
- * Copyright (c) 2000, 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: environment.c 20866 2007-06-03 21:00:29Z lha $");
-#endif
-
-#include <stdio.h>
-#include <string.h>
-#include <ctype.h>
-#include "roken.h"
-
-/* find assignment in env list; len is length of variable including
- * equal 
- */
-
-static int
-find_var(char **env, char *assignment, size_t len)
-{
-    int i;
-    for(i = 0; env != NULL && env[i] != NULL; i++)
-	if(strncmp(env[i], assignment, len) == 0)
-	    return i;
-    return -1;
-}
-
-/*
- * return count of environment assignments from open file F in
- * assigned and list of malloced strings in env, return 0 or errno
- * number
- */
-
-static int
-rk_read_env_file(FILE *F, char ***env, int *assigned)
-{
-    int idx = 0;
-    int i;
-    char **l;
-    char buf[BUFSIZ], *p, *r;
-    char **tmp;
-    int ret = 0;
-
-    *assigned = 0;
-
-    for(idx = 0; *env != NULL && (*env)[idx] != NULL; idx++);
-    l = *env;
-
-    /* This is somewhat more relaxed on what it accepts then
-     * Wietses sysv_environ from K4 was...
-     */
-    while (fgets(buf, BUFSIZ, F) != NULL) {
-	buf[strcspn(buf, "#\n")] = '\0';
-
-	for(p = buf; isspace((unsigned char)*p); p++);
-	if (*p == '\0')
-	    continue;
-
-	/* Here one should check that it's a 'valid' env string... */
-	r = strchr(p, '=');
-	if (r == NULL)
-	    continue;
-
-	if((i = find_var(l, p, r - p + 1)) >= 0) {
-	    char *val = strdup(p);
-	    if(val == NULL) {
-		ret = ENOMEM;
-		break;
-	    }
-	    free(l[i]);
-	    l[i] = val;
-	    (*assigned)++;
-	    continue;
-	}
-
-	tmp = realloc(l, (idx+2) * sizeof (char *));
-	if(tmp == NULL) {
-	    ret = ENOMEM;
-	    break;
-	}
-
-	l = tmp;
-	l[idx] = strdup(p);
-	if(l[idx] == NULL) {
-	    ret = ENOMEM;
-	    break;
-	}
-	l[++idx] = NULL;
-	(*assigned)++;
-    }
-    if(ferror(F))
-	ret = errno;
-    *env = l;
-    return ret;
-}
-
-/*
- * return count of environment assignments from file and 
- * list of malloced strings in `env'
- */
-
-int ROKEN_LIB_FUNCTION
-read_environment(const char *file, char ***env)
-{
-    int assigned;
-    FILE *F;
-
-    if ((F = fopen(file, "r")) == NULL)
-	return 0;
-
-    rk_read_env_file(F, env, &assigned);
-    fclose(F);
-    return assigned;
-}
-
-void ROKEN_LIB_FUNCTION
-free_environment(char **env)
-{
-    int i;
-    if (env == NULL)
-	return;
-    for (i = 0; env[i]; i++)
-	free(env[i]);
-    free(env);
-}
diff --git a/crypto/heimdal/lib/roken/eread.c b/crypto/heimdal/lib/roken/eread.c
deleted file mode 100644
index ec4eed412e10..000000000000
--- a/crypto/heimdal/lib/roken/eread.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: eread.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#include <unistd.h>
-#include <err.h>
-
-#include "roken.h"
-
-/*
- * Like read but never fails (and never returns partial data).
- */
-
-ssize_t ROKEN_LIB_FUNCTION
-eread (int fd, void *buf, size_t nbytes)
-{
-    ssize_t ret;
-
-    ret = net_read (fd, buf, nbytes);
-    if (ret < 0)
-	err (1, "read");
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/erealloc.c b/crypto/heimdal/lib/roken/erealloc.c
deleted file mode 100644
index c38236085cb1..000000000000
--- a/crypto/heimdal/lib/roken/erealloc.c
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: erealloc.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#include <stdlib.h>
-#include <err.h>
-
-#include "roken.h"
-
-/*
- * Like realloc but never fails.
- */
-
-void * ROKEN_LIB_FUNCTION
-erealloc (void *ptr, size_t sz)
-{
-    void *tmp = realloc (ptr, sz);
-
-    if (tmp == NULL && sz != 0)
-	errx (1, "realloc %lu failed", (unsigned long)sz);
-    return tmp;
-}
diff --git a/crypto/heimdal/lib/roken/err.c b/crypto/heimdal/lib/roken/err.c
deleted file mode 100644
index dcb820bba6b5..000000000000
--- a/crypto/heimdal/lib/roken/err.c
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan 
- * (Royal Institute of Technology, Stockholm, Sweden).  
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: err.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "err.h"
-
-void ROKEN_LIB_FUNCTION
-err(int eval, const char *fmt, ...)
-{
-  va_list ap;
-  va_start(ap, fmt);
-  verr(eval, fmt, ap);
-  va_end(ap);
-}
diff --git a/crypto/heimdal/lib/roken/err.hin b/crypto/heimdal/lib/roken/err.hin
deleted file mode 100644
index 2f1232d3e7f8..000000000000
--- a/crypto/heimdal/lib/roken/err.hin
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
- * Copyright (c) 1995 - 2004 Kungliga Tekniska H�gskolan 
- * (Royal Institute of Technology, Stockholm, Sweden).  
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: err.hin 14773 2005-04-12 11:29:18Z lha $ */
-
-#ifndef __ERR_H__
-#define __ERR_H__
-
-#include <errno.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <stdarg.h>
-
-#if !defined(__GNUC__) && !defined(__attribute__)
-#define __attribute__(x)
-#endif
-
-#ifndef ROKEN_LIB_FUNCTION
-#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
-#else
-#define ROKEN_LIB_FUNCTION
-#endif
-#endif
-
-void ROKEN_LIB_FUNCTION
-verr(int eval, const char *fmt, va_list ap)
-     __attribute__ ((noreturn, format (printf, 2, 0)));
-
-void ROKEN_LIB_FUNCTION
-err(int eval, const char *fmt, ...)
-     __attribute__ ((noreturn, format (printf, 2, 3)));
-
-void ROKEN_LIB_FUNCTION
-verrx(int eval, const char *fmt, va_list ap)
-     __attribute__ ((noreturn, format (printf, 2, 0)));
-
-void ROKEN_LIB_FUNCTION
-errx(int eval, const char *fmt, ...)
-     __attribute__ ((noreturn, format (printf, 2, 3)));
-void ROKEN_LIB_FUNCTION
-vwarn(const char *fmt, va_list ap)
-     __attribute__ ((format (printf, 1, 0)));
-
-void ROKEN_LIB_FUNCTION
-warn(const char *fmt, ...)
-     __attribute__ ((format (printf, 1, 2)));
-
-void ROKEN_LIB_FUNCTION
-vwarnx(const char *fmt, va_list ap)
-     __attribute__ ((format (printf, 1, 0)));
-
-void ROKEN_LIB_FUNCTION
-warnx(const char *fmt, ...)
-     __attribute__ ((format (printf, 1, 2)));
-
-#endif /* __ERR_H__ */
diff --git a/crypto/heimdal/lib/roken/errx.c b/crypto/heimdal/lib/roken/errx.c
deleted file mode 100644
index 1090ac79d029..000000000000
--- a/crypto/heimdal/lib/roken/errx.c
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan 
- * (Royal Institute of Technology, Stockholm, Sweden).  
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: errx.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "err.h"
-
-void ROKEN_LIB_FUNCTION
-errx(int eval, const char *fmt, ...)
-{
-  va_list ap;
-  va_start(ap, fmt);
-  verrx(eval, fmt, ap);
-  va_end(ap);
-}
diff --git a/crypto/heimdal/lib/roken/esetenv.c b/crypto/heimdal/lib/roken/esetenv.c
deleted file mode 100644
index e92f04ab32f0..000000000000
--- a/crypto/heimdal/lib/roken/esetenv.c
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (c) 2000, 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: esetenv.c 15502 2005-06-21 18:56:15Z lha $");
-#endif
-
-#include "roken.h"
-
-#include <err.h>
-
-void ROKEN_LIB_FUNCTION
-esetenv(const char *var, const char *val, int rewrite)
-{
-    if (setenv (rk_UNCONST(var), rk_UNCONST(val), rewrite))
-	errx (1, "failed setting environment variable %s", var);
-}
diff --git a/crypto/heimdal/lib/roken/estrdup.c b/crypto/heimdal/lib/roken/estrdup.c
deleted file mode 100644
index 262412bd35e8..000000000000
--- a/crypto/heimdal/lib/roken/estrdup.c
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: estrdup.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#include <stdlib.h>
-#include <err.h>
-
-#include "roken.h"
-
-/*
- * Like strdup but never fails.
- */
-
-char * ROKEN_LIB_FUNCTION
-estrdup (const char *str)
-{
-    char *tmp = strdup (str);
-
-    if (tmp == NULL)
-	errx (1, "strdup failed");
-    return tmp;
-}
diff --git a/crypto/heimdal/lib/roken/ewrite.c b/crypto/heimdal/lib/roken/ewrite.c
deleted file mode 100644
index a2323d6ffd9e..000000000000
--- a/crypto/heimdal/lib/roken/ewrite.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: ewrite.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#include <unistd.h>
-#include <err.h>
-
-#include "roken.h"
-
-/*
- * Like write but never fails (and never returns partial data).
- */
-
-ssize_t ROKEN_LIB_FUNCTION
-ewrite (int fd, const void *buf, size_t nbytes)
-{
-    ssize_t ret;
-
-    ret = net_write (fd, buf, nbytes);
-    if (ret < 0)
-	err (1, "write");
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/fchown.c b/crypto/heimdal/lib/roken/fchown.c
deleted file mode 100644
index 87a205179f2d..000000000000
--- a/crypto/heimdal/lib/roken/fchown.c
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: fchown.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-int ROKEN_LIB_FUNCTION
-fchown(int fd, uid_t owner, gid_t group)
-{
-  return 0;
-}
diff --git a/crypto/heimdal/lib/roken/flock.c b/crypto/heimdal/lib/roken/flock.c
deleted file mode 100644
index 911d5ff31ed3..000000000000
--- a/crypto/heimdal/lib/roken/flock.c
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#ifndef HAVE_FLOCK
-RCSID("$Id: flock.c 14773 2005-04-12 11:29:18Z lha $");
-
-#include "roken.h"
-
-
-#define OP_MASK (LOCK_SH | LOCK_EX | LOCK_UN)
-
-int ROKEN_LIB_FUNCTION
-flock(int fd, int operation)
-{
-#if defined(HAVE_FCNTL) && defined(F_SETLK)
-  struct flock arg;
-  int code, cmd;
-  
-  arg.l_whence = SEEK_SET;
-  arg.l_start = 0;
-  arg.l_len = 0;		/* means to EOF */
-
-  if (operation & LOCK_NB)
-    cmd = F_SETLK;
-  else
-    cmd = F_SETLKW;		/* Blocking */
-
-  switch (operation & OP_MASK) {
-  case LOCK_UN:
-    arg.l_type = F_UNLCK;
-    code = fcntl(fd, F_SETLK, &arg);
-    break;
-  case LOCK_SH:
-    arg.l_type = F_RDLCK;
-    code = fcntl(fd, cmd, &arg);
-    break;
-  case LOCK_EX:
-    arg.l_type = F_WRLCK;
-    code = fcntl(fd, cmd, &arg);
-    break;
-  default:
-    errno = EINVAL;
-    code = -1;
-    break;
-  }
-  return code;
-#else
-  return -1;
-#endif
-}
-
-#endif
-
diff --git a/crypto/heimdal/lib/roken/fnmatch.c b/crypto/heimdal/lib/roken/fnmatch.c
deleted file mode 100644
index 126949a8e08d..000000000000
--- a/crypto/heimdal/lib/roken/fnmatch.c
+++ /dev/null
@@ -1,169 +0,0 @@
-/*	$NetBSD: fnmatch.c,v 1.11 1995/02/27 03:43:06 cgd Exp $	*/
-
-/*
- * Copyright (c) 1989, 1993, 1994
- *	The Regents of the University of California.  All rights reserved.
- *
- * This code is derived from software contributed to Berkeley by
- * Guido van Rossum.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#if defined(LIBC_SCCS) && !defined(lint)
-#if 0
-static char sccsid[] = "@(#)fnmatch.c	8.2 (Berkeley) 4/16/94";
-#else
-static char rcsid[] = "$NetBSD: fnmatch.c,v 1.11 1995/02/27 03:43:06 cgd Exp $";
-#endif
-#endif /* LIBC_SCCS and not lint */
-
-/*
- * Function fnmatch() as specified in POSIX 1003.2-1992, section B.6.
- * Compares a filename or pathname to a pattern.
- */
-
-#include <fnmatch.h>
-#include <string.h>
-
-#define	EOS	'\0'
-
-static const char *rangematch (const char *, int, int);
-
-int ROKEN_LIB_FUNCTION
-rk_fnmatch(const char *pattern, const char *string, int flags)
-{
-	const char *stringstart;
-	char c, test;
-
-	for (stringstart = string;;)
-		switch (c = *pattern++) {
-		case EOS:
-			return (*string == EOS ? 0 : FNM_NOMATCH);
-		case '?':
-			if (*string == EOS)
-				return (FNM_NOMATCH);
-			if (*string == '/' && (flags & FNM_PATHNAME))
-				return (FNM_NOMATCH);
-			if (*string == '.' && (flags & FNM_PERIOD) &&
-			    (string == stringstart ||
-			    ((flags & FNM_PATHNAME) && *(string - 1) == '/')))
-				return (FNM_NOMATCH);
-			++string;
-			break;
-		case '*':
-			c = *pattern;
-			/* Collapse multiple stars. */
-			while (c == '*')
-				c = *++pattern;
-
-			if (*string == '.' && (flags & FNM_PERIOD) &&
-			    (string == stringstart ||
-			    ((flags & FNM_PATHNAME) && *(string - 1) == '/')))
-				return (FNM_NOMATCH);
-
-			/* Optimize for pattern with * at end or before /. */
-			if (c == EOS)
-				if (flags & FNM_PATHNAME)
-					return (strchr(string, '/') == NULL ?
-					    0 : FNM_NOMATCH);
-				else
-					return (0);
-			else if (c == '/' && flags & FNM_PATHNAME) {
-				if ((string = strchr(string, '/')) == NULL)
-					return (FNM_NOMATCH);
-				break;
-			}
-
-			/* General case, use recursion. */
-			while ((test = *string) != EOS) {
-				if (!rk_fnmatch(pattern, string, flags & ~FNM_PERIOD))
-					return (0);
-				if (test == '/' && flags & FNM_PATHNAME)
-					break;
-				++string;
-			}
-			return (FNM_NOMATCH);
-		case '[':
-			if (*string == EOS)
-				return (FNM_NOMATCH);
-			if (*string == '/' && flags & FNM_PATHNAME)
-				return (FNM_NOMATCH);
-			if ((pattern =
-			    rangematch(pattern, *string, flags)) == NULL)
-				return (FNM_NOMATCH);
-			++string;
-			break;
-		case '\\':
-			if (!(flags & FNM_NOESCAPE)) {
-				if ((c = *pattern++) == EOS) {
-					c = '\\';
-					--pattern;
-				}
-			}
-			/* FALLTHROUGH */
-		default:
-			if (c != *string++)
-				return (FNM_NOMATCH);
-			break;
-		}
-	/* NOTREACHED */
-}
-
-static const char *
-rangematch(const char *pattern, int test, int flags)
-{
-	int negate, ok;
-	char c, c2;
-
-	/*
-	 * A bracket expression starting with an unquoted circumflex
-	 * character produces unspecified results (IEEE 1003.2-1992,
-	 * 3.13.2).  This implementation treats it like '!', for
-	 * consistency with the regular expression syntax.
-	 * J.T. Conklin (conklin@ngai.kaleida.com)
-	 */
-	if (negate = (*pattern == '!' || *pattern == '^'))
-		++pattern;
-	
-	for (ok = 0; (c = *pattern++) != ']';) {
-		if (c == '\\' && !(flags & FNM_NOESCAPE))
-			c = *pattern++;
-		if (c == EOS)
-			return (NULL);
-		if (*pattern == '-' 
-		    && (c2 = *(pattern+1)) != EOS && c2 != ']') {
-			pattern += 2;
-			if (c2 == '\\' && !(flags & FNM_NOESCAPE))
-				c2 = *pattern++;
-			if (c2 == EOS)
-				return (NULL);
-			if (c <= test && test <= c2)
-				ok = 1;
-		} else if (c == test)
-			ok = 1;
-	}
-	return (ok == negate ? NULL : pattern);
-}
diff --git a/crypto/heimdal/lib/roken/fnmatch.hin b/crypto/heimdal/lib/roken/fnmatch.hin
deleted file mode 100644
index d5d54a56225e..000000000000
--- a/crypto/heimdal/lib/roken/fnmatch.hin
+++ /dev/null
@@ -1,64 +0,0 @@
-/*	$NetBSD: fnmatch.h,v 1.5 1994/10/26 00:55:53 cgd Exp $	*/
-
-/*-
- * Copyright (c) 1992, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)fnmatch.h	8.1 (Berkeley) 6/2/93
- */
-
-#ifndef	_FNMATCH_H_
-#define	_FNMATCH_H_
-
-#ifndef ROKEN_LIB_FUNCTION
-#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
-#else
-#define ROKEN_LIB_FUNCTION
-#endif
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define	FNM_NOMATCH	1	/* Match failed. */
-
-#define	FNM_NOESCAPE	0x01	/* Disable backslash escaping. */
-#define	FNM_PATHNAME	0x02	/* Slash must be matched by slash. */
-#define	FNM_PERIOD	0x04	/* Period must be matched by period. */
-
-int ROKEN_LIB_FUNCTION
-rk_fnmatch (const char *, const char *, int);
-
-#define fnmatch(a,b,c) rk_fnmatch(a,b,c)
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* !_FNMATCH_H_ */
diff --git a/crypto/heimdal/lib/roken/freeaddrinfo.c b/crypto/heimdal/lib/roken/freeaddrinfo.c
deleted file mode 100644
index a61536ddf881..000000000000
--- a/crypto/heimdal/lib/roken/freeaddrinfo.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: freeaddrinfo.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-/*
- * free the list of `struct addrinfo' starting at `ai'
- */
-
-void ROKEN_LIB_FUNCTION
-freeaddrinfo(struct addrinfo *ai)
-{
-    struct addrinfo *tofree;
-
-    while(ai != NULL) {
-	free (ai->ai_canonname);
-	free (ai->ai_addr);
-	tofree = ai;
-	ai = ai->ai_next;
-	free (tofree);
-    }
-}
diff --git a/crypto/heimdal/lib/roken/freehostent.c b/crypto/heimdal/lib/roken/freehostent.c
deleted file mode 100644
index 54fc49532b20..000000000000
--- a/crypto/heimdal/lib/roken/freehostent.c
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: freehostent.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-/*
- * free a malloced hostent
- */
-
-void ROKEN_LIB_FUNCTION
-freehostent (struct hostent *h)
-{
-    char **p;
-
-    free (h->h_name);
-    if (h->h_aliases != NULL) {
-	for (p = h->h_aliases; *p != NULL; ++p)
-	    free (*p);
-	free (h->h_aliases);
-    }
-    if (h->h_addr_list != NULL) {
-	for (p = h->h_addr_list; *p != NULL; ++p)
-	    free (*p);
-	free (h->h_addr_list);
-    }
-    free (h);
-}
diff --git a/crypto/heimdal/lib/roken/gai_strerror.c b/crypto/heimdal/lib/roken/gai_strerror.c
deleted file mode 100644
index c86274358b66..000000000000
--- a/crypto/heimdal/lib/roken/gai_strerror.c
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: gai_strerror.c 15837 2005-08-05 09:31:35Z lha $");
-#endif
-
-#include "roken.h"
-
-static struct gai_error {
-    int code;
-    const char *str;
-} errors[] = {
-{EAI_NOERROR,		"no error"},
-#ifdef EAI_ADDRFAMILY
-{EAI_ADDRFAMILY,	"address family for nodename not supported"},
-#endif
-{EAI_AGAIN,		"temporary failure in name resolution"},
-{EAI_BADFLAGS,		"invalid value for ai_flags"},
-{EAI_FAIL,		"non-recoverable failure in name resolution"},
-{EAI_FAMILY,		"ai_family not supported"},
-{EAI_MEMORY,		"memory allocation failure"},
-#ifdef EAI_NODATA
-{EAI_NODATA,		"no address associated with nodename"},
-#endif
-{EAI_NONAME,		"nodename nor servname provided, or not known"},
-{EAI_SERVICE,		"servname not supported for ai_socktype"},
-{EAI_SOCKTYPE,		"ai_socktype not supported"},
-{EAI_SYSTEM,		"system error returned in errno"},
-{0,			NULL},
-};
-
-/*
- *
- */
-
-const char * ROKEN_LIB_FUNCTION
-gai_strerror(int ecode)
-{
-    struct gai_error *g;
-
-    for (g = errors; g->str != NULL; ++g)
-	if (g->code == ecode)
-	    return g->str;
-    return "unknown error code in gai_strerror";
-}
diff --git a/crypto/heimdal/lib/roken/get_default_username.c b/crypto/heimdal/lib/roken/get_default_username.c
deleted file mode 100644
index 754b60d2a8b1..000000000000
--- a/crypto/heimdal/lib/roken/get_default_username.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: get_default_username.c 14773 2005-04-12 11:29:18Z lha $");
-#endif /* HAVE_CONFIG_H */
-
-#include "roken.h"
-
-/*
- * Try to return what should be considered the default username or
- * NULL if we can't guess at all.
- */
-
-const char * ROKEN_LIB_FUNCTION
-get_default_username (void)
-{
-    const char *user;
-
-    user = getenv ("USER");
-    if (user == NULL)
-	user = getenv ("LOGNAME");
-    if (user == NULL)
-	user = getenv ("USERNAME");
-
-#if defined(HAVE_GETLOGIN) && !defined(POSIX_GETLOGIN)
-    if (user == NULL) {
-	user = (const char *)getlogin ();
-	if (user != NULL)
-	    return user;
-    }
-#endif
-#ifdef HAVE_PWD_H
-    {
-	uid_t uid = getuid ();
-	struct passwd *pwd;
-
-	if (user != NULL) {
-	    pwd = k_getpwnam (user);
-	    if (pwd != NULL && pwd->pw_uid == uid)
-		return user;
-	}
-	pwd = k_getpwuid (uid);
-	if (pwd != NULL)
-	    return pwd->pw_name;
-    }
-#endif
-    return user;
-}
diff --git a/crypto/heimdal/lib/roken/get_window_size.c b/crypto/heimdal/lib/roken/get_window_size.c
deleted file mode 100644
index 7fa91d652270..000000000000
--- a/crypto/heimdal/lib/roken/get_window_size.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: get_window_size.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#include <stdlib.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-
-#if 0 /* Where were those needed? /confused */
-#ifdef HAVE_SYS_PROC_H
-#include <sys/proc.h>
-#endif
-
-#ifdef HAVE_SYS_TTY_H
-#include <sys/tty.h>
-#endif
-#endif
-
-#ifdef HAVE_TERMIOS_H
-#include <termios.h>
-#endif
-
-#include "roken.h"
-
-int ROKEN_LIB_FUNCTION
-get_window_size(int fd, struct winsize *wp)
-{
-    int ret = -1;
-    
-    memset(wp, 0, sizeof(*wp));
-
-#if defined(TIOCGWINSZ)
-    ret = ioctl(fd, TIOCGWINSZ, wp);
-#elif defined(TIOCGSIZE)
-    {
-	struct ttysize ts;
-	
-	ret = ioctl(fd, TIOCGSIZE, &ts);
-	if(ret == 0) {
-	    wp->ws_row = ts.ts_lines;
-	    wp->ws_col = ts.ts_cols;
-	}
-    }
-#elif defined(HAVE__SCRSIZE)
-    {
-	int dst[2];
-	
-	_scrsize(dst);
-	wp->ws_row = dst[1];
-	wp->ws_col = dst[0];
-	ret = 0;
-    }
-#endif
-    if (ret != 0) {
-        char *s;
-        if((s = getenv("COLUMNS")))
-	    wp->ws_col = atoi(s);
-	if((s = getenv("LINES")))
-	    wp->ws_row = atoi(s);
-	if(wp->ws_col > 0 && wp->ws_row > 0)
-	    ret = 0;
-    }
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/getaddrinfo-test.c b/crypto/heimdal/lib/roken/getaddrinfo-test.c
deleted file mode 100644
index 027e32a742c8..000000000000
--- a/crypto/heimdal/lib/roken/getaddrinfo-test.c
+++ /dev/null
@@ -1,144 +0,0 @@
-/*
- * Copyright (c) 1999 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: getaddrinfo-test.c 15930 2005-08-12 13:42:17Z lha $");
-#endif
-
-#include "roken.h"
-#include "getarg.h"
-
-static int flags;
-static int family;
-static int socktype;
-
-static int version_flag;
-static int help_flag;
-
-static struct getargs args[] = {
-    {"flags",	0,	arg_integer,	&flags,		"flags",	NULL},
-    {"family",	0,	arg_integer,	&family,	"family",	NULL},
-    {"socktype",0,	arg_integer,	&socktype,	"socktype",	NULL},
-    {"version",	0,	arg_flag,	&version_flag,	"print version",NULL},
-    {"help",	0,	arg_flag,	&help_flag,	NULL,		NULL}
-};
-
-static void
-usage(int ret)
-{
-    arg_printusage (args,
-		    sizeof(args) / sizeof(args[0]),
-		    NULL,
-		    "[nodename servname...]");
-    exit (ret);
-}
-
-static void
-doit (const char *nodename, const char *servname)
-{
-    struct addrinfo hints;
-    struct addrinfo *res, *r;
-    int ret;
-
-    printf ("(%s,%s)... ", nodename ? nodename : "null", servname);
-
-    memset (&hints, 0, sizeof(hints));
-    hints.ai_flags    = flags;
-    hints.ai_family   = family;
-    hints.ai_socktype = socktype;
-
-    ret = getaddrinfo (nodename, servname, &hints, &res);
-    if (ret) {
-	printf ("error: %s\n", gai_strerror(ret));
-	return;
-    }
-    printf ("\n");
-
-    for (r = res; r != NULL; r = r->ai_next) {
-	char addrstr[256];
-
-	if (inet_ntop (r->ai_family, 
-		       socket_get_address (r->ai_addr),
-		       addrstr, sizeof(addrstr)) == NULL) {
-	    printf ("\tbad address?\n");
-	    continue;
-	} 
-	printf ("\tfamily = %d, socktype = %d, protocol = %d, "
-		"address = \"%s\", port = %d",
-		r->ai_family, r->ai_socktype, r->ai_protocol,
-		addrstr,
-		ntohs(socket_get_port (r->ai_addr)));
-	if (r->ai_canonname)
-	    printf (", canonname = \"%s\"", r->ai_canonname);
-	printf ("\n");
-    }
-    freeaddrinfo (res);
-}
-
-int
-main(int argc, char **argv)
-{
-    int optidx = 0;
-    int i;
-
-    setprogname (argv[0]);
-
-    if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
-		&optidx))
-	usage (1);
-
-    if (help_flag)
-	usage (0);
-
-    if (version_flag) {
-	fprintf (stderr, "%s from %s-%s)\n", getprogname(), PACKAGE, VERSION);
-	return 0;
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    if (argc % 2 != 0)
-	usage (1);
-
-    for (i = 0; i < argc; i += 2) {
-	const char *nodename = argv[i];
-
-	if (strcmp (nodename, "null") == 0)
-	    nodename = NULL;
-
-	doit (nodename, argv[i+1]);
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/lib/roken/getaddrinfo.c b/crypto/heimdal/lib/roken/getaddrinfo.c
deleted file mode 100644
index f9ffcd865142..000000000000
--- a/crypto/heimdal/lib/roken/getaddrinfo.c
+++ /dev/null
@@ -1,417 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: getaddrinfo.c 15417 2005-06-16 17:49:29Z lha $");
-#endif
-
-#include "roken.h"
-
-/*
- * uses hints->ai_socktype and hints->ai_protocol
- */
-
-static int
-get_port_protocol_socktype (const char *servname,
-			    const struct addrinfo *hints,
-			    int *port,
-			    int *protocol,
-			    int *socktype)
-{
-    struct servent *se;
-    const char *proto_str = NULL;
-
-    *socktype = 0;
-
-    if (hints != NULL && hints->ai_protocol != 0) {
-	struct protoent *protoent = getprotobynumber (hints->ai_protocol);
-
-	if (protoent == NULL)
-	    return EAI_SOCKTYPE; /* XXX */
-
-	proto_str = protoent->p_name;
-	*protocol = protoent->p_proto;
-    }
-
-    if (hints != NULL)
-	*socktype = hints->ai_socktype;
-
-    if (*socktype == SOCK_STREAM) {
-	se = getservbyname (servname, proto_str ? proto_str : "tcp");
-	if (proto_str == NULL)
-	    *protocol = IPPROTO_TCP;
-    } else if (*socktype == SOCK_DGRAM) {
-	se = getservbyname (servname, proto_str ? proto_str : "udp");
-	if (proto_str == NULL)
-	    *protocol = IPPROTO_UDP;
-    } else if (*socktype == 0) {
-	if (proto_str != NULL) {
-	    se = getservbyname (servname, proto_str);
-	} else {
-	    se = getservbyname (servname, "tcp");
-	    *protocol = IPPROTO_TCP;
-	    *socktype = SOCK_STREAM;
-	    if (se == NULL) {
-		se = getservbyname (servname, "udp");
-		*protocol = IPPROTO_UDP;
-		*socktype = SOCK_DGRAM;
-	    }
-	}
-    } else
-	return EAI_SOCKTYPE;
-
-    if (se == NULL) {
-	char *endstr;
-
-	*port = htons(strtol (servname, &endstr, 10));
-	if (servname == endstr)
-	    return EAI_NONAME;
-    } else {
-	*port = se->s_port;
-    }
-    return 0;
-}
-
-static int
-add_one (int port, int protocol, int socktype,
-	 struct addrinfo ***ptr,
-	 int (*func)(struct addrinfo *, void *data, int port),
-	 void *data,
-	 char *canonname)
-{
-    struct addrinfo *a;
-    int ret;
-
-    a = malloc (sizeof (*a));
-    if (a == NULL)
-	return EAI_MEMORY;
-    memset (a, 0, sizeof(*a));
-    a->ai_flags     = 0;
-    a->ai_next      = NULL;
-    a->ai_protocol  = protocol;
-    a->ai_socktype  = socktype;
-    a->ai_canonname = canonname;
-    ret = (*func)(a, data, port);
-    if (ret) {
-	free (a);
-	return ret;
-    }
-    **ptr = a;
-    *ptr = &a->ai_next;
-    return 0;
-}
-
-static int
-const_v4 (struct addrinfo *a, void *data, int port)
-{
-    struct sockaddr_in *sin4;
-    struct in_addr *addr = (struct in_addr *)data;
-
-    a->ai_family  = PF_INET;
-    a->ai_addrlen = sizeof(*sin4);
-    a->ai_addr    = malloc (sizeof(*sin4));
-    if (a->ai_addr == NULL)
-	return EAI_MEMORY;
-    sin4 = (struct sockaddr_in *)a->ai_addr;
-    memset (sin4, 0, sizeof(*sin4));
-    sin4->sin_family = AF_INET;
-    sin4->sin_port   = port;
-    sin4->sin_addr   = *addr;
-    return 0;
-}
-
-#ifdef HAVE_IPV6
-static int
-const_v6 (struct addrinfo *a, void *data, int port)
-{
-    struct sockaddr_in6 *sin6;
-    struct in6_addr *addr = (struct in6_addr *)data;
-
-    a->ai_family  = PF_INET6;
-    a->ai_addrlen = sizeof(*sin6);
-    a->ai_addr    = malloc (sizeof(*sin6));
-    if (a->ai_addr == NULL)
-	return EAI_MEMORY;
-    sin6 = (struct sockaddr_in6 *)a->ai_addr;
-    memset (sin6, 0, sizeof(*sin6));
-    sin6->sin6_family = AF_INET6;
-    sin6->sin6_port   = port;
-    sin6->sin6_addr   = *addr;
-    return 0;
-}
-#endif
-
-/* this is mostly a hack for some versions of AIX that has a prototype
-   for in6addr_loopback but no actual symbol in libc */
-#if defined(HAVE_IPV6) && !defined(HAVE_IN6ADDR_LOOPBACK) && defined(IN6ADDR_LOOPBACK_INIT)
-#define in6addr_loopback _roken_in6addr_loopback
-struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT;
-#endif
-
-static int
-get_null (const struct addrinfo *hints,
-	  int port, int protocol, int socktype,
-	  struct addrinfo **res)
-{
-    struct in_addr v4_addr;
-#ifdef HAVE_IPV6
-    struct in6_addr v6_addr;
-#endif
-    struct addrinfo *first = NULL;
-    struct addrinfo **current = &first;
-    int family = PF_UNSPEC;
-    int ret;
-
-    if (hints != NULL)
-	family = hints->ai_family;
-
-    if (hints && hints->ai_flags & AI_PASSIVE) {
-	v4_addr.s_addr = INADDR_ANY;
-#ifdef HAVE_IPV6
-	v6_addr        = in6addr_any;
-#endif
-    } else {
-	v4_addr.s_addr = htonl(INADDR_LOOPBACK);
-#ifdef HAVE_IPV6
-	v6_addr        = in6addr_loopback;
-#endif
-    }
-
-#ifdef HAVE_IPV6
-    if (family == PF_INET6 || family == PF_UNSPEC) {
-	ret = add_one (port, protocol, socktype,
-		       &current, const_v6, &v6_addr, NULL);
-    }
-#endif
-    if (family == PF_INET || family == PF_UNSPEC) {
-	ret = add_one (port, protocol, socktype,
-		       &current, const_v4, &v4_addr, NULL);
-    }
-    *res = first;
-    return 0;
-}
-
-static int
-add_hostent (int port, int protocol, int socktype,
-	     struct addrinfo ***current,
-	     int (*func)(struct addrinfo *, void *data, int port),
-	     struct hostent *he, int *flags)
-{
-    int ret;
-    char *canonname = NULL;
-    char **h;
-
-    if (*flags & AI_CANONNAME) {
-	struct hostent *he2 = NULL;
-	const char *tmp_canon;
-
-	tmp_canon = hostent_find_fqdn (he);
-	if (strchr (tmp_canon, '.') == NULL) {
-	    int error;
-
-	    he2 = getipnodebyaddr (he->h_addr_list[0], he->h_length,
-				   he->h_addrtype, &error);
-	    if (he2 != NULL) {
-		const char *tmp = hostent_find_fqdn (he2);
-
-		if (strchr (tmp, '.') != NULL)
-		    tmp_canon = tmp;
-	    }
-	}
-
-	canonname = strdup (tmp_canon);
-	if (he2 != NULL)
-	    freehostent (he2);
-	if (canonname == NULL)
-	    return EAI_MEMORY;
-    }
-
-    for (h = he->h_addr_list; *h != NULL; ++h) {
-	ret = add_one (port, protocol, socktype,
-		       current, func, *h, canonname);
-	if (ret)
-	    return ret;
-	if (*flags & AI_CANONNAME) {
-	    *flags &= ~AI_CANONNAME;
-	    canonname = NULL;
-	}
-    }
-    return 0;
-}
-
-static int
-get_number (const char *nodename,
-	    const struct addrinfo *hints,
-	    int port, int protocol, int socktype,
-	    struct addrinfo **res)
-{
-    struct addrinfo *first = NULL;
-    struct addrinfo **current = &first;
-    int family = PF_UNSPEC;
-    int ret;
-
-    if (hints != NULL) {
-	family = hints->ai_family;
-    }
-
-#ifdef HAVE_IPV6
-    if (family == PF_INET6 || family == PF_UNSPEC) {
-	struct in6_addr v6_addr;
-
-	if (inet_pton (PF_INET6, nodename, &v6_addr) == 1) {
-	    ret = add_one (port, protocol, socktype,
-			   &current, const_v6, &v6_addr, NULL);
-	    *res = first;
-	    return ret;
-	}
-    }
-#endif
-    if (family == PF_INET || family == PF_UNSPEC) {
-	struct in_addr v4_addr;
-
-	if (inet_pton (PF_INET, nodename, &v4_addr) == 1) {
-	    ret = add_one (port, protocol, socktype,
-			   &current, const_v4, &v4_addr, NULL);
-	    *res = first;
-	    return ret;
-	}
-    }
-    return EAI_NONAME;
-}
-
-static int
-get_nodes (const char *nodename,
-	   const struct addrinfo *hints,
-	   int port, int protocol, int socktype,
-	   struct addrinfo **res)
-{
-    struct addrinfo *first = NULL;
-    struct addrinfo **current = &first;
-    int family = PF_UNSPEC;
-    int flags  = 0;
-    int ret = EAI_NONAME;
-    int error;
-
-    if (hints != NULL) {
-	family = hints->ai_family;
-	flags  = hints->ai_flags;
-    }
-
-#ifdef HAVE_IPV6
-    if (family == PF_INET6 || family == PF_UNSPEC) {
-	struct hostent *he;
-
-	he = getipnodebyname (nodename, PF_INET6, 0, &error);
-
-	if (he != NULL) {
-	    ret = add_hostent (port, protocol, socktype,
-			       &current, const_v6, he, &flags);
-	    freehostent (he);
-	}
-    }
-#endif
-    if (family == PF_INET || family == PF_UNSPEC) {
-	struct hostent *he;
-
-	he = getipnodebyname (nodename, PF_INET, 0, &error);
-
-	if (he != NULL) {
-	    ret = add_hostent (port, protocol, socktype,
-			       &current, const_v4, he, &flags);
-	    freehostent (he);
-	}
-    }
-    *res = first;
-    return ret;
-}
-
-/*
- * hints:
- *
- * struct addrinfo {
- *     int    ai_flags;
- *     int    ai_family;
- *     int    ai_socktype;
- *     int    ai_protocol;
- * ...
- * };
- */
-
-int ROKEN_LIB_FUNCTION
-getaddrinfo(const char *nodename,
-	    const char *servname,
-	    const struct addrinfo *hints,
-	    struct addrinfo **res)
-{
-    int ret;
-    int port     = 0;
-    int protocol = 0;
-    int socktype = 0;
-
-    *res = NULL;
-
-    if (servname == NULL && nodename == NULL)
-	return EAI_NONAME;
-
-    if (hints != NULL
-	&& hints->ai_family != PF_UNSPEC
-	&& hints->ai_family != PF_INET
-#ifdef HAVE_IPV6
-	&& hints->ai_family != PF_INET6
-#endif
-	)
-	return EAI_FAMILY;
-
-    if (servname != NULL) {
-	ret = get_port_protocol_socktype (servname, hints,
-					  &port, &protocol, &socktype);
-	if (ret)
-	    return ret;
-    }
-    if (nodename != NULL) {
-	ret = get_number (nodename, hints, port, protocol, socktype, res);
-	if (ret) {
-	    if(hints && hints->ai_flags & AI_NUMERICHOST)
-		ret = EAI_NONAME;
-	    else
-		ret = get_nodes (nodename, hints, port, protocol, socktype,
-				 res);
-	}
-    } else {
-	ret = get_null (hints, port, protocol, socktype, res);
-    }
-    if (ret)
-	freeaddrinfo (*res);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/getaddrinfo_hostspec.c b/crypto/heimdal/lib/roken/getaddrinfo_hostspec.c
deleted file mode 100644
index 29eae31e4caa..000000000000
--- a/crypto/heimdal/lib/roken/getaddrinfo_hostspec.c
+++ /dev/null
@@ -1,104 +0,0 @@
-/*
- * Copyright (c) 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: getaddrinfo_hostspec.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-/* getaddrinfo via string specifying host and port */
-
-int ROKEN_LIB_FUNCTION
-roken_getaddrinfo_hostspec2(const char *hostspec, 
-			    int socktype,
-			    int port,
-			    struct addrinfo **ai)
-{
-    const char *p;
-    char portstr[NI_MAXSERV];
-    char host[MAXHOSTNAMELEN];
-    struct addrinfo hints;
-    int hostspec_len;
-
-    struct hst {
-	const char *prefix;
-	int socktype;
-	int protocol;
-	int port;
-    } *hstp, hst[] = {
-	{ "http://", SOCK_STREAM, IPPROTO_TCP, 80 },
-	{ "http/", SOCK_STREAM, IPPROTO_TCP, 80 },
-	{ "tcp/", SOCK_STREAM, IPPROTO_TCP },
-	{ "udp/", SOCK_DGRAM, IPPROTO_UDP },
-	{ NULL }
-    };
-
-    memset(&hints, 0, sizeof(hints));
-
-    hints.ai_socktype = socktype;
-	
-    for(hstp = hst; hstp->prefix; hstp++) {
-	if(strncmp(hostspec, hstp->prefix, strlen(hstp->prefix)) == 0) {
-	    hints.ai_socktype = hstp->socktype;
-	    hints.ai_protocol = hstp->protocol;
-	    if(port == 0)
-		port = hstp->port;
-	    hostspec += strlen(hstp->prefix);
-	    break;
-	}
-    }
-    
-    p = strchr (hostspec, ':');
-    if (p != NULL) {
-	char *end;
-
-	port = strtol (p + 1, &end, 0);
-	hostspec_len = p - hostspec;
-    } else {
-	hostspec_len = strlen(hostspec);
-    }
-    snprintf (portstr, sizeof(portstr), "%u", port);
-    
-    snprintf (host, sizeof(host), "%.*s", hostspec_len, hostspec);
-    return getaddrinfo (host, portstr, &hints, ai);
-}
-
-int ROKEN_LIB_FUNCTION
-roken_getaddrinfo_hostspec(const char *hostspec, 
-			   int port,
-			   struct addrinfo **ai)
-{
-    return roken_getaddrinfo_hostspec2(hostspec, 0, port, ai);
-}
diff --git a/crypto/heimdal/lib/roken/getarg.3 b/crypto/heimdal/lib/roken/getarg.3
deleted file mode 100644
index fd5ed3de0e82..000000000000
--- a/crypto/heimdal/lib/roken/getarg.3
+++ /dev/null
@@ -1,341 +0,0 @@
-.\" Copyright (c) 1999 - 2002 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: getarg.3 13380 2004-02-17 12:04:59Z lha $
-.Dd September 24, 1999
-.Dt GETARG 3
-.Os ROKEN
-.Sh NAME
-.Nm getarg ,
-.Nm arg_printusage
-.Nd collect command line options
-.Sh SYNOPSIS
-.In getarg.h
-.Ft int
-.Fn getarg "struct getargs *args" "size_t num_args" "int argc" "char **argv" "int *optind"
-.Ft void
-.Fn arg_printusage "struct getargs *args" "size_t num_args" "const char *progname" "const char *extra_string"
-.Sh DESCRIPTION
-.Fn getarg
-collects any command line options given to a program in an easily used way.
-.Fn arg_printusage
-pretty-prints the available options, with a short help text.
-.Pp
-.Fa args
-is the option specification to use, and it's an array of
-.Fa struct getargs
-elements.
-.Fa num_args
-is the size of
-.Fa args
-(in elements).
-.Fa argc
-and
-.Fa argv
-are the argument count and argument vector to extract option from.
-.Fa optind
-is a pointer to an integer where the index to the last processed
-argument is stored, it must be initialised to the first index (minus
-one) to process (normally 0) before the first call.
-.Pp
-.Fa arg_printusage
-take the same
-.Fa args
-and
-.Fa num_args
-as getarg;
-.Fa progname
-is the name of the program (to be used in the help text), and
-.Fa extra_string
-is a string to print after the actual options to indicate more
-arguments. The usefulness of this function is realised only be people
-who has used programs that has help strings that doesn't match what
-the code does.
-.Pp
-The
-.Fa getargs
-struct has the following elements.
-.Bd -literal
-struct getargs{
-    const char *long_name;
-    char short_name;
-    enum { arg_integer,
-	   arg_string,
-	   arg_flag,
-	   arg_negative_flag,
-	   arg_strings,
-	   arg_double,
-           arg_collect
-    } type;
-    void *value;
-    const char *help;
-    const char *arg_help;
-};
-.Ed
-.Pp
-.Fa long_name
-is the long name of the option, it can be
-.Dv NULL ,
-if you don't want a long name.
-.Fa short_name
-is the characted to use as short option, it can be zero. If the option
-has a value the
-.Fa value
-field gets filled in with that value interpreted as specified by the
-.Fa type
-field.
-.Fa help
-is a longer help string for the option as a whole, if it's
-.Dv NULL
-the help text for the option is omitted (but it's still displayed in
-the synopsis).
-.Fa arg_help
-is a description of the argument, if
-.Dv NULL
-a default value will be used, depending on the type of the option:
-.Pp
-.Bl -hang -width arg_negative_flag
-.It arg_integer
-the argument is a signed integer, and
-.Fa value
-should point to an
-.Fa int .
-.It Fa arg_string
-the argument is a string, and
-.Fa value
-should point to a
-.Fa char* .
-.It Fa arg_flag
-the argument is a flag, and
-.Fa value
-should point to a
-.Fa int .
-It gets filled in with either zero or one, depending on how the option
-is given, the normal case being one. Note that if the option isn't
-given, the value isn't altered, so it should be initialised to some
-useful default.
-.It Fa arg_negative_flag
-this is the same as
-.Fa arg_flag
-but it reverses the meaning of the flag (a given short option clears
-the flag), and the synopsis of a long option is negated.
-.It Fa arg_strings
-the argument can be given multiple times, and the values are collected
-in an array;
-.Fa value
-should be a pointer to a
-.Fa struct getarg_strings
-structure, which holds a length and a string pointer.
-.It Fa arg_double
-argument is a double precision floating point value, and
-.Fa value
-should point to a
-.Fa double .
-.It Fa arg_collect
-allows more fine-grained control of the option parsing process.
-.Fa value
-should be a pointer to a
-.Fa getarg_collect_info
-structure:
-.Bd -literal
-typedef int (*getarg_collect_func)(int short_opt,
-				   int argc,
-				   char **argv,
-				   int *optind,
-				   int *optarg,
-				   void *data);
-
-typedef struct getarg_collect_info {
-    getarg_collect_func func;
-    void *data;
-} getarg_collect_info;
-.Ed
-.Pp
-With the
-.Fa func
-member set to a function to call, and
-.Fa data
-to some application specific data. The parameters to the collect function are:
-.Bl -inset
-.It Fa short_flag
-non-zero if this call is via a short option flag, zero otherwise
-.It Fa argc , argv
-the whole argument list
-.It Fa optind
-pointer to the index in argv where the flag is
-.It Fa optarg
-pointer to the index in argv[*optind] where the flag name starts
-.It Fa data
-application specific data
-.El
-.Pp
-You can modify
-.Fa *optind ,
-and
-.Fa *optarg ,
-but to do this correct you (more or less) have to know about the inner
-workings of getarg.
-.Pp
-You can skip parts of arguments by increasing
-.Fa *optarg
-(you could
-implement the
-.Fl z Ns Ar 3
-set of flags from
-.Nm gzip
-with this), or whole argument strings by increasing
-.Fa *optind
-(let's say you want a flag
-.Fl c Ar x y z
-to specify a coordinate); if you also have to set
-.Fa *optarg
-to a sane value.
-.Pp
-The collect function should return one of
-.Dv ARG_ERR_NO_MATCH , ARG_ERR_BAD_ARG , ARG_ERR_NO_ARG, ENOMEM
-on error, zero otherwise.
-.Pp
-For your convenience there is a function,
-.Fn getarg_optarg ,
-that returns the traditional argument string, and you pass it all
-arguments, sans data, that where given to the collection function.
-.Pp
-Don't use this more this unless you absolutely have to.
-.El
-.Pp
-Option parsing is similar to what
-.Xr getopt
-uses. Short options without arguments can be compressed
-.Pf ( Fl xyz
-is the same as
-.Fl x y z ) ,
-and short
-options with arguments take these as either the rest of the
-argv-string or as the next option
-.Pf ( Fl o Ns Ar foo ,
-or
-.Fl o Ar foo ) .
-.Pp
-Long option names are prefixed with -- (double dash), and the value
-with a = (equal),
-.Fl -foo= Ns Ar bar .
-Long option flags can either be specified as they are
-.Pf ( Fl -help ) ,
-or with an (boolean parsable) option
-.Pf ( Fl -help= Ns Ar yes ,
-.Fl -help= Ns Ar true ,
-or similar), or they can also be negated
-.Pf ( Fl -no-help
-is the same as
-.Fl -help= Ns no ) ,
-and if you're really confused you can do it multiple times
-.Pf ( Fl -no-no-help= Ns Ar false ,
-or even
-.Fl -no-no-help= Ns Ar maybe ) .
-.Sh EXAMPLE
-.Bd -literal
-#include <stdio.h>
-#include <string.h>
-#include <getarg.h>
-
-char *source = "Ouagadougou";
-char *destination;
-int weight;
-int include_catalog = 1;
-int help_flag;
-
-struct getargs args[] = {
-    { "source",      's', arg_string,  &source,
-      "source of shippment", "city" },
-    { "destination", 'd', arg_string,  &destination,
-      "destination of shippment", "city" },
-    { "weight",      'w', arg_integer, &weight,
-      "weight of shippment", "tons" },
-    { "catalog",     'c', arg_negative_flag, &include_catalog,
-      "include product catalog" },
-    { "help",        'h', arg_flag, &help_flag }
-};
-
-int num_args = sizeof(args) / sizeof(args[0]); /* number of elements in args */
-
-const char *progname = "ship++";
-
-int
-main(int argc, char **argv)
-{
-    int optind = 0;
-    if (getarg(args, num_args, argc, argv, &optind)) {
-	arg_printusage(args, num_args, progname, "stuff...");
-	exit (1);
-    }
-    if (help_flag) {
-	arg_printusage(args, num_args, progname, "stuff...");
-	exit (0);
-    }
-    if (destination == NULL) {
-	fprintf(stderr, "%s: must specify destination\en", progname);
-	exit(1);
-    }
-    if (strcmp(source, destination) == 0) {
-	fprintf(stderr, "%s: destination must be different from source\en");
-	exit(1);
-    }
-    /* include more stuff here ... */
-    exit(2);
-}
-.Ed
-.Pp
-The output help output from this program looks like this:
-.Bd -literal
-$ ship++ --help
-Usage: ship++ [--source=city] [-s city] [--destination=city] [-d city]
-   [--weight=tons] [-w tons] [--no-catalog] [-c] [--help] [-h] stuff...
--s city, --source=city      source of shippment
--d city, --destination=city destination of shippment
--w tons, --weight=tons      weight of shippment
--c, --no-catalog            include product catalog
-.Ed
-.Sh BUGS
-It should be more flexible, so it would be possible to use other more
-complicated option syntaxes, such as what
-.Xr ps 1 ,
-and
-.Xr tar 1 ,
-uses, or the AFS model where you can skip the flag names as long as
-the options come in the correct order.
-.Pp
-Options with multiple arguments should be handled better.
-.Pp
-Should be integreated with SL.
-.Pp
-It's very confusing that the struct you pass in is called getargS.
-.Sh SEE ALSO
-.Xr getopt 3
diff --git a/crypto/heimdal/lib/roken/getarg.c b/crypto/heimdal/lib/roken/getarg.c
deleted file mode 100644
index c732d2fd43a5..000000000000
--- a/crypto/heimdal/lib/roken/getarg.c
+++ /dev/null
@@ -1,595 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: getarg.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "roken.h"
-#include "getarg.h"
-
-#define ISFLAG(X) ((X).type == arg_flag || (X).type == arg_negative_flag)
-
-static size_t
-print_arg (char *string, size_t len, int mdoc, int longp, struct getargs *arg)
-{
-    const char *s;
-
-    *string = '\0';
-
-    if (ISFLAG(*arg) || (!longp && arg->type == arg_counter))
-	return 0;
-
-    if(mdoc){
-	if(longp)
-	    strlcat(string, "= Ns", len);
-	strlcat(string, " Ar ", len);
-    } else {
-	if (longp)
-	    strlcat (string, "=", len);
-	else
-	    strlcat (string, " ", len);
-    }
-
-    if (arg->arg_help)
-	s = arg->arg_help;
-    else if (arg->type == arg_integer || arg->type == arg_counter)
-	s = "integer";
-    else if (arg->type == arg_string)
-	s = "string";
-    else if (arg->type == arg_strings)
-	s = "strings";
-    else if (arg->type == arg_double)
-	s = "float";
-    else
-	s = "<undefined>";
-
-    strlcat(string, s, len);
-    return 1 + strlen(s);
-}
-
-static void
-mandoc_template(struct getargs *args,
-		size_t num_args,
-		const char *progname,
-		const char *extra_string)
-{
-    int i;
-    char timestr[64], cmd[64];
-    char buf[128];
-    const char *p;
-    time_t t;
-
-    printf(".\\\" Things to fix:\n");
-    printf(".\\\"   * correct section, and operating system\n");
-    printf(".\\\"   * remove Op from mandatory flags\n");
-    printf(".\\\"   * use better macros for arguments (like .Pa for files)\n");
-    printf(".\\\"\n");
-    t = time(NULL);
-    strftime(timestr, sizeof(timestr), "%B %e, %Y", localtime(&t));
-    printf(".Dd %s\n", timestr);
-    p = strrchr(progname, '/');
-    if(p) p++; else p = progname;
-    strlcpy(cmd, p, sizeof(cmd));
-    strupr(cmd);
-       
-    printf(".Dt %s SECTION\n", cmd);
-    printf(".Os OPERATING_SYSTEM\n");
-    printf(".Sh NAME\n");
-    printf(".Nm %s\n", p);
-    printf(".Nd\n");
-    printf("in search of a description\n");
-    printf(".Sh SYNOPSIS\n");
-    printf(".Nm\n");
-    for(i = 0; i < num_args; i++){
-	/* we seem to hit a limit on number of arguments if doing
-           short and long flags with arguments -- split on two lines */
-	if(ISFLAG(args[i]) || 
-	   args[i].short_name == 0 || args[i].long_name == NULL) {
-	    printf(".Op ");
-
-	    if(args[i].short_name) {
-		print_arg(buf, sizeof(buf), 1, 0, args + i);
-		printf("Fl %c%s", args[i].short_name, buf);
-		if(args[i].long_name)
-		    printf(" | ");
-	    }
-	    if(args[i].long_name) {
-		print_arg(buf, sizeof(buf), 1, 1, args + i);
-		printf("Fl -%s%s%s",
-		       args[i].type == arg_negative_flag ? "no-" : "",
-		       args[i].long_name, buf);
-	    }
-	    printf("\n");
-	} else {
-	    print_arg(buf, sizeof(buf), 1, 0, args + i);
-	    printf(".Oo Fl %c%s \\*(Ba Xo\n", args[i].short_name, buf);
-	    print_arg(buf, sizeof(buf), 1, 1, args + i);
-	    printf(".Fl -%s%s\n.Xc\n.Oc\n", args[i].long_name, buf);
-	}
-    /*
-	    if(args[i].type == arg_strings)
-		fprintf (stderr, "...");
-		*/
-    }
-    if (extra_string && *extra_string)
-	printf (".Ar %s\n", extra_string);
-    printf(".Sh DESCRIPTION\n");
-    printf("Supported options:\n");
-    printf(".Bl -tag -width Ds\n");
-    for(i = 0; i < num_args; i++){
-	printf(".It Xo\n");
-	if(args[i].short_name){
-	    printf(".Fl %c", args[i].short_name);
-	    print_arg(buf, sizeof(buf), 1, 0, args + i);
-	    printf("%s", buf);
-	    if(args[i].long_name)
-		printf(" ,");
-	    printf("\n");
-	}
-	if(args[i].long_name){
-	    printf(".Fl -%s%s",
-		   args[i].type == arg_negative_flag ? "no-" : "",
-		   args[i].long_name);
-	    print_arg(buf, sizeof(buf), 1, 1, args + i);
-	    printf("%s\n", buf);
-	}
-	printf(".Xc\n");
-	if(args[i].help)
-	    printf("%s\n", args[i].help);
-    /*
-	    if(args[i].type == arg_strings)
-		fprintf (stderr, "...");
-		*/
-    }
-    printf(".El\n");
-    printf(".\\\".Sh ENVIRONMENT\n");
-    printf(".\\\".Sh FILES\n");
-    printf(".\\\".Sh EXAMPLES\n");
-    printf(".\\\".Sh DIAGNOSTICS\n");
-    printf(".\\\".Sh SEE ALSO\n");
-    printf(".\\\".Sh STANDARDS\n");
-    printf(".\\\".Sh HISTORY\n");
-    printf(".\\\".Sh AUTHORS\n");
-    printf(".\\\".Sh BUGS\n");
-}
-
-static int
-check_column(FILE *f, int col, int len, int columns)
-{
-    if(col + len > columns) {
-	fprintf(f, "\n");
-	col = fprintf(f, "  ");
-    }
-    return col;
-}
-
-void ROKEN_LIB_FUNCTION
-arg_printusage (struct getargs *args,
-		size_t num_args,
-		const char *progname,
-		const char *extra_string)
-{
-    int i;
-    size_t max_len = 0;
-    char buf[128];
-    int col = 0, columns;
-    struct winsize ws;
-
-    if (progname == NULL)
-	progname = getprogname();
-
-    if(getenv("GETARGMANDOC")){
-	mandoc_template(args, num_args, progname, extra_string);
-	return;
-    }
-    if(get_window_size(2, &ws) == 0)
-	columns = ws.ws_col;
-    else
-	columns = 80;
-    col = 0;
-    col += fprintf (stderr, "Usage: %s", progname);
-    buf[0] = '\0';
-    for (i = 0; i < num_args; ++i) {
-	if(args[i].short_name && ISFLAG(args[i])) {
-	    char s[2];
-	    if(buf[0] == '\0')
-		strlcpy(buf, "[-", sizeof(buf));
-	    s[0] = args[i].short_name;
-	    s[1] = '\0';
-	    strlcat(buf, s, sizeof(buf));
-	}
-    }
-    if(buf[0] != '\0') {
-	strlcat(buf, "]", sizeof(buf));
-	col = check_column(stderr, col, strlen(buf) + 1, columns);
-	col += fprintf(stderr, " %s", buf);
-    }
-
-    for (i = 0; i < num_args; ++i) {
-	size_t len = 0;
-
-	if (args[i].long_name) {
-	    buf[0] = '\0';
-	    strlcat(buf, "[--", sizeof(buf));
-	    len += 2;
-	    if(args[i].type == arg_negative_flag) {
-		strlcat(buf, "no-", sizeof(buf));
-		len += 3;
-	    }
-	    strlcat(buf, args[i].long_name, sizeof(buf));
-	    len += strlen(args[i].long_name);
-	    len += print_arg(buf + strlen(buf), sizeof(buf) - strlen(buf), 
-			     0, 1, &args[i]);
-	    strlcat(buf, "]", sizeof(buf));
-	    if(args[i].type == arg_strings)
-		strlcat(buf, "...", sizeof(buf));
-	    col = check_column(stderr, col, strlen(buf) + 1, columns);
-	    col += fprintf(stderr, " %s", buf);
-	}
-	if (args[i].short_name && !ISFLAG(args[i])) {
-	    snprintf(buf, sizeof(buf), "[-%c", args[i].short_name);
-	    len += 2;
-	    len += print_arg(buf + strlen(buf), sizeof(buf) - strlen(buf), 
-			     0, 0, &args[i]);
-	    strlcat(buf, "]", sizeof(buf));
-	    if(args[i].type == arg_strings)
-		strlcat(buf, "...", sizeof(buf));
-	    col = check_column(stderr, col, strlen(buf) + 1, columns);
-	    col += fprintf(stderr, " %s", buf);
-	}
-	if (args[i].long_name && args[i].short_name)
-	    len += 2; /* ", " */
-	max_len = max(max_len, len);
-    }
-    if (extra_string) {
-	col = check_column(stderr, col, strlen(extra_string) + 1, columns);
-	fprintf (stderr, " %s\n", extra_string);
-    } else
-	fprintf (stderr, "\n");
-    for (i = 0; i < num_args; ++i) {
-	if (args[i].help) {
-	    size_t count = 0;
-
-	    if (args[i].short_name) {
-		count += fprintf (stderr, "-%c", args[i].short_name);
-		print_arg (buf, sizeof(buf), 0, 0, &args[i]);
-		count += fprintf(stderr, "%s", buf);
-	    }
-	    if (args[i].short_name && args[i].long_name)
-		count += fprintf (stderr, ", ");
-	    if (args[i].long_name) {
-		count += fprintf (stderr, "--");
-		if (args[i].type == arg_negative_flag)
-		    count += fprintf (stderr, "no-");
-		count += fprintf (stderr, "%s", args[i].long_name);
-		print_arg (buf, sizeof(buf), 0, 1, &args[i]);
-		count += fprintf(stderr, "%s", buf);
-	    }
-	    while(count++ <= max_len)
-		putc (' ', stderr);
-	    fprintf (stderr, "%s\n", args[i].help);
-	}
-    }
-}
-
-static int
-add_string(getarg_strings *s, char *value)
-{
-    char **strings;
-
-    strings = realloc(s->strings, (s->num_strings + 1) * sizeof(*s->strings));
-    if (strings == NULL) {
-	free(s->strings);
-	s->strings = NULL;
-	s->num_strings = 0;
-	return ENOMEM;
-    }
-    s->strings = strings;
-    s->strings[s->num_strings] = value;
-    s->num_strings++;
-    return 0;
-}
-
-static int
-arg_match_long(struct getargs *args, size_t num_args,
-	       char *argv, int argc, char **rargv, int *goptind)
-{
-    int i;
-    char *goptarg = NULL;
-    int negate = 0;
-    int partial_match = 0;
-    struct getargs *partial = NULL;
-    struct getargs *current = NULL;
-    int argv_len;
-    char *p;
-    int p_len;
-
-    argv_len = strlen(argv);
-    p = strchr (argv, '=');
-    if (p != NULL)
-	argv_len = p - argv;
-
-    for (i = 0; i < num_args; ++i) {
-	if(args[i].long_name) {
-	    int len = strlen(args[i].long_name);
-	    p = argv;
-	    p_len = argv_len;
-	    negate = 0;
-
-	    for (;;) {
-		if (strncmp (args[i].long_name, p, p_len) == 0) {
-		    if(p_len == len)
-			current = &args[i];
-		    else {
-			++partial_match;
-			partial = &args[i];
-		    }
-		    goptarg  = p + p_len;
-		} else if (ISFLAG(args[i]) && strncmp (p, "no-", 3) == 0) {
-		    negate = !negate;
-		    p += 3;
-		    p_len -= 3;
-		    continue;
-		}
-		break;
-	    }
-	    if (current)
-		break;
-	}
-    }
-    if (current == NULL) {
-	if (partial_match == 1)
-	    current = partial;
-	else
-	    return ARG_ERR_NO_MATCH;
-    }
-    
-    if(*goptarg == '\0'
-       && !ISFLAG(*current)
-       && current->type != arg_collect
-       && current->type != arg_counter)
-	return ARG_ERR_NO_MATCH;
-    switch(current->type){
-    case arg_integer:
-    {
-	int tmp;
-	if(sscanf(goptarg + 1, "%d", &tmp) != 1)
-	    return ARG_ERR_BAD_ARG;
-	*(int*)current->value = tmp;
-	return 0;
-    }
-    case arg_string:
-    {
-	*(char**)current->value = goptarg + 1;
-	return 0;
-    }
-    case arg_strings:
-    {
-	return add_string((getarg_strings*)current->value, goptarg + 1);
-    }
-    case arg_flag:
-    case arg_negative_flag:
-    {
-	int *flag = current->value;
-	if(*goptarg == '\0' ||
-	   strcmp(goptarg + 1, "yes") == 0 || 
-	   strcmp(goptarg + 1, "true") == 0){
-	    *flag = !negate;
-	    return 0;
-	} else if (*goptarg && strcmp(goptarg + 1, "maybe") == 0) {
-#ifdef HAVE_RANDOM
-	    *flag = random() & 1;
-#else
-	    *flag = rand() & 1;
-#endif
-	} else {
-	    *flag = negate;
-	    return 0;
-	}
-	return ARG_ERR_BAD_ARG;
-    }
-    case arg_counter :
-    {
-	int val;
-
-	if (*goptarg == '\0')
-	    val = 1;
-	else if(sscanf(goptarg + 1, "%d", &val) != 1)
-	    return ARG_ERR_BAD_ARG;
-	*(int *)current->value += val;
-	return 0;
-    }
-    case arg_double:
-    {
-	double tmp;
-	if(sscanf(goptarg + 1, "%lf", &tmp) != 1)
-	    return ARG_ERR_BAD_ARG;
-	*(double*)current->value = tmp;
-	return 0;
-    }
-    case arg_collect:{
-	struct getarg_collect_info *c = current->value;
-	int o = argv - rargv[*goptind];
-	return (*c->func)(FALSE, argc, rargv, goptind, &o, c->data);
-    }
-
-    default:
-	abort ();
-    }
-}
-
-static int
-arg_match_short (struct getargs *args, size_t num_args,
-		 char *argv, int argc, char **rargv, int *goptind)
-{
-    int j, k;
-
-    for(j = 1; j > 0 && j < strlen(rargv[*goptind]); j++) {
-	for(k = 0; k < num_args; k++) {
-	    char *goptarg;
-
-	    if(args[k].short_name == 0)
-		continue;
-	    if(argv[j] == args[k].short_name) {
-		if(args[k].type == arg_flag) {
-		    *(int*)args[k].value = 1;
-		    break;
-		}
-		if(args[k].type == arg_negative_flag) {
-		    *(int*)args[k].value = 0;
-		    break;
-		} 
-		if(args[k].type == arg_counter) {
-		    ++*(int *)args[k].value;
-		    break;
-		}
-		if(args[k].type == arg_collect) {
-		    struct getarg_collect_info *c = args[k].value;
-
-		    if((*c->func)(TRUE, argc, rargv, goptind, &j, c->data))
-			return ARG_ERR_BAD_ARG;
-		    break;
-		}
-
-		if(argv[j + 1])
-		    goptarg = &argv[j + 1];
-		else {
-		    ++*goptind;
-		    goptarg = rargv[*goptind];
-		}
-		if(goptarg == NULL) {
-		    --*goptind;
-		    return ARG_ERR_NO_ARG;
-		}
-		if(args[k].type == arg_integer) {
-		    int tmp;
-		    if(sscanf(goptarg, "%d", &tmp) != 1)
-			return ARG_ERR_BAD_ARG;
-		    *(int*)args[k].value = tmp;
-		    return 0;
-		} else if(args[k].type == arg_string) {
-		    *(char**)args[k].value = goptarg;
-		    return 0;
-		} else if(args[k].type == arg_strings) {
-		    return add_string((getarg_strings*)args[k].value, goptarg);
-		} else if(args[k].type == arg_double) {
-		    double tmp;
-		    if(sscanf(goptarg, "%lf", &tmp) != 1)
-			return ARG_ERR_BAD_ARG;
-		    *(double*)args[k].value = tmp;
-		    return 0;
-		}
-		return ARG_ERR_BAD_ARG;
-	    }
-	}
-	if (k == num_args)
-	    return ARG_ERR_NO_MATCH;
-    }
-    return 0;
-}
-
-int ROKEN_LIB_FUNCTION
-getarg(struct getargs *args, size_t num_args, 
-       int argc, char **argv, int *goptind)
-{
-    int i;
-    int ret = 0;
-
-#if defined(HAVE_SRANDOMDEV)
-    srandomdev();
-#elif defined(HAVE_RANDOM)
-    srandom(time(NULL));
-#else
-    srand (time(NULL));
-#endif
-    (*goptind)++;
-    for(i = *goptind; i < argc; i++) {
-	if(argv[i][0] != '-')
-	    break;
-	if(argv[i][1] == '-'){
-	    if(argv[i][2] == 0){
-		i++;
-		break;
-	    }
-	    ret = arg_match_long (args, num_args, argv[i] + 2, 
-				  argc, argv, &i);
-	} else {
-	    ret = arg_match_short (args, num_args, argv[i],
-				   argc, argv, &i);
-	}
-	if(ret)
-	    break;
-    }
-    *goptind = i;
-    return ret;
-}
-
-void ROKEN_LIB_FUNCTION
-free_getarg_strings (getarg_strings *s)
-{
-    free (s->strings);
-}
-
-#if TEST
-int foo_flag = 2;
-int flag1 = 0;
-int flag2 = 0;
-int bar_int;
-char *baz_string;
-
-struct getargs args[] = {
-    { NULL, '1', arg_flag, &flag1, "one", NULL },
-    { NULL, '2', arg_flag, &flag2, "two", NULL },
-    { "foo", 'f', arg_negative_flag, &foo_flag, "foo", NULL },
-    { "bar", 'b', arg_integer, &bar_int, "bar", "seconds"},
-    { "baz", 'x', arg_string, &baz_string, "baz", "name" },
-};
-
-int main(int argc, char **argv)
-{
-    int goptind = 0;
-    while(getarg(args, 5, argc, argv, &goptind))
-	printf("Bad arg: %s\n", argv[goptind]);
-    printf("flag1 = %d\n", flag1);  
-    printf("flag2 = %d\n", flag2);  
-    printf("foo_flag = %d\n", foo_flag);  
-    printf("bar_int = %d\n", bar_int);
-    printf("baz_flag = %s\n", baz_string);
-    arg_printusage (args, 5, argv[0], "nothing here");
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/getarg.h b/crypto/heimdal/lib/roken/getarg.h
deleted file mode 100644
index 62d1b6687c36..000000000000
--- a/crypto/heimdal/lib/roken/getarg.h
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: getarg.h 14776 2005-04-13 05:52:27Z lha $ */
-
-#ifndef __GETARG_H__
-#define __GETARG_H__
-
-#include <stddef.h>
-
-#ifndef ROKEN_LIB_FUNCTION
-#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
-#else
-#define ROKEN_LIB_FUNCTION
-#endif
-#endif
-
-struct getargs{
-    const char *long_name;
-    char short_name;
-    enum { arg_integer, 
-	   arg_string, 
-	   arg_flag, 
-	   arg_negative_flag, 
-	   arg_strings,
-	   arg_double,
-	   arg_collect,
-	   arg_counter
-    } type;
-    void *value;
-    const char *help;
-    const char *arg_help;
-};
-
-enum {
-    ARG_ERR_NO_MATCH  = 1,
-    ARG_ERR_BAD_ARG,
-    ARG_ERR_NO_ARG
-};
-
-typedef struct getarg_strings {
-    int num_strings;
-    char **strings;
-} getarg_strings;
-
-typedef int (*getarg_collect_func)(int short_opt,
-				   int argc,
-				   char **argv,
-				   int *goptind,
-				   int *goptarg,
-				   void *data);
-
-typedef struct getarg_collect_info {
-    getarg_collect_func func;
-    void *data;
-} getarg_collect_info;
-
-int ROKEN_LIB_FUNCTION
-getarg(struct getargs *args, size_t num_args, 
-       int argc, char **argv, int *goptind);
-
-void ROKEN_LIB_FUNCTION
-arg_printusage (struct getargs *args,
-		size_t num_args,
-		const char *progname,
-		const char *extra_string);
-
-void ROKEN_LIB_FUNCTION
-free_getarg_strings (getarg_strings *);
-
-#endif /* __GETARG_H__ */
diff --git a/crypto/heimdal/lib/roken/getcap.c b/crypto/heimdal/lib/roken/getcap.c
deleted file mode 100644
index a4e3a7de5d98..000000000000
--- a/crypto/heimdal/lib/roken/getcap.c
+++ /dev/null
@@ -1,1122 +0,0 @@
-/*	$NetBSD: getcap.c,v 1.29 1999/03/29 09:27:29 abs Exp $	*/
-
-/*-
- * Copyright (c) 1992, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * This code is derived from software contributed to Berkeley by
- * Casey Leedom of Lawrence Livermore National Laboratory.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-RCSID("$Id: getcap.c 22071 2007-11-14 20:04:50Z lha $");
-
-#include <sys/types.h>
-#include <ctype.h>
-#if defined(HAVE_DB_185_H)
-#include <db_185.h>
-#elif defined(HAVE_DB_H)
-#include <db.h>
-#endif
-#include <errno.h>	
-#include <fcntl.h>
-#include <limits.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-#define	BFRAG		1024
-#if 0
-#define	BSIZE		1024
-#endif
-#define	ESC		('[' & 037)	/* ASCII ESC */
-#define	MAX_RECURSION	32		/* maximum getent recursion */
-#define	SFRAG		100		/* cgetstr mallocs in SFRAG chunks */
-
-#define RECOK	(char)0
-#define TCERR	(char)1
-#define	SHADOW	(char)2
-
-static size_t	 topreclen;	/* toprec length */
-static char	*toprec;	/* Additional record specified by cgetset() */
-static int	 gottoprec;	/* Flag indicating retrieval of toprecord */
-
-#if 0 /*
-       * Don't use db support unless it's build into libc but we don't
-       * check for that now, so just disable the code.
-       */
-#if defined(HAVE_DBOPEN) && defined(HAVE_DB_H)
-#define USE_DB
-#endif
-#endif
-
-#ifdef USE_DB
-static int	cdbget (DB *, char **, const char *);
-#endif
-static int 	getent (char **, size_t *, char **, int, const char *, int, char *);
-static int	nfcmp (char *, char *);
-
-
-int ROKEN_LIB_FUNCTION cgetset(const char *ent);
-char *ROKEN_LIB_FUNCTION cgetcap(char *buf, const char *cap, int type);
-int ROKEN_LIB_FUNCTION cgetent(char **buf, char **db_array, const char *name);
-int ROKEN_LIB_FUNCTION cgetmatch(const char *buf, const char *name);
-int ROKEN_LIB_FUNCTION cgetclose(void);
-#if 0
-int cgetfirst(char **buf, char **db_array);
-int cgetnext(char **bp, char **db_array);
-#endif
-int ROKEN_LIB_FUNCTION cgetstr(char *buf, const char *cap, char **str);
-int ROKEN_LIB_FUNCTION cgetustr(char *buf, const char *cap, char **str);
-int ROKEN_LIB_FUNCTION cgetnum(char *buf, const char *cap, long *num);
-/*
- * Cgetset() allows the addition of a user specified buffer to be added
- * to the database array, in effect "pushing" the buffer on top of the
- * virtual database. 0 is returned on success, -1 on failure.
- */
-int ROKEN_LIB_FUNCTION
-cgetset(const char *ent)
-{
-    const char *source, *check;
-    char *dest;
-
-    if (ent == NULL) {
-	if (toprec)
-	    free(toprec);
-	toprec = NULL;
-	topreclen = 0;
-	return (0);
-    }
-    topreclen = strlen(ent);
-    if ((toprec = malloc (topreclen + 1)) == NULL) {
-	errno = ENOMEM;
-	return (-1);
-    }
-    gottoprec = 0;
-
-    source=ent;
-    dest=toprec;
-    while (*source) { /* Strip whitespace */
-	*dest++ = *source++; /* Do not check first field */
-	while (*source == ':') {
-	    check=source+1;
-	    while (*check && (isspace((unsigned char)*check) ||
-			      (*check=='\\' && isspace((unsigned char)check[1]))))
-		++check;
-	    if( *check == ':' )
-		source=check;
-	    else
-		break;
-
-	}
-    }
-    *dest=0;
-
-    return (0);
-}
-
-/*
- * Cgetcap searches the capability record buf for the capability cap with
- * type `type'.  A pointer to the value of cap is returned on success, NULL
- * if the requested capability couldn't be found.
- *
- * Specifying a type of ':' means that nothing should follow cap (:cap:).
- * In this case a pointer to the terminating ':' or NUL will be returned if
- * cap is found.
- *
- * If (cap, '@') or (cap, terminator, '@') is found before (cap, terminator)
- * return NULL.
- */
-char * ROKEN_LIB_FUNCTION
-cgetcap(char *buf, const char *cap, int type)
-{
-    char *bp;
-    const char *cp;
-
-    bp = buf;
-    for (;;) {
-	/*
-	 * Skip past the current capability field - it's either the
-	 * name field if this is the first time through the loop, or
-	 * the remainder of a field whose name failed to match cap.
-	 */
-	for (;;)
-	    if (*bp == '\0')
-		return (NULL);
-	    else
-		if (*bp++ == ':')
-		    break;
-
-	/*
-	 * Try to match (cap, type) in buf.
-	 */
-	for (cp = cap; *cp == *bp && *bp != '\0'; cp++, bp++)
-	    continue;
-	if (*cp != '\0')
-	    continue;
-	if (*bp == '@')
-	    return (NULL);
-	if (type == ':') {
-	    if (*bp != '\0' && *bp != ':')
-		continue;
-	    return(bp);
-	}
-	if (*bp != type)
-	    continue;
-	bp++;
-	return (*bp == '@' ? NULL : bp);
-    }
-    /* NOTREACHED */
-}
-
-/*
- * Cgetent extracts the capability record name from the NULL terminated file
- * array db_array and returns a pointer to a malloc'd copy of it in buf.
- * Buf must be retained through all subsequent calls to cgetcap, cgetnum,
- * cgetflag, and cgetstr, but may then be free'd.  0 is returned on success,
- * -1 if the requested record couldn't be found, -2 if a system error was
- * encountered (couldn't open/read a file, etc.), and -3 if a potential
- * reference loop is detected.
- */
-int ROKEN_LIB_FUNCTION
-cgetent(char **buf, char **db_array, const char *name)
-{
-    size_t dummy;
-
-    return (getent(buf, &dummy, db_array, -1, name, 0, NULL));
-}
-
-/*
- * Getent implements the functions of cgetent.  If fd is non-negative,
- * *db_array has already been opened and fd is the open file descriptor.  We
- * do this to save time and avoid using up file descriptors for tc=
- * recursions.
- *
- * Getent returns the same success/failure codes as cgetent.  On success, a
- * pointer to a malloc'ed capability record with all tc= capabilities fully
- * expanded and its length (not including trailing ASCII NUL) are left in
- * *cap and *len.
- *
- * Basic algorithm:
- *	+ Allocate memory incrementally as needed in chunks of size BFRAG
- *	  for capability buffer.
- *	+ Recurse for each tc=name and interpolate result.  Stop when all
- *	  names interpolated, a name can't be found, or depth exceeds
- *	  MAX_RECURSION.
- */
-static int
-getent(char **cap, size_t *len, char **db_array, int fd, 
-       const char *name, int depth, char *nfield)
-{
-    char *r_end, *rp = NULL, **db_p;	/* pacify gcc */
-    int myfd = 0, eof, foundit;
-    char *record;
-    int tc_not_resolved;
-	
-    /*
-     * Return with ``loop detected'' error if we've recursed more than
-     * MAX_RECURSION times.
-     */
-    if (depth > MAX_RECURSION)
-	return (-3);
-
-    /*
-     * Check if we have a top record from cgetset().
-     */
-    if (depth == 0 && toprec != NULL && cgetmatch(toprec, name) == 0) {
-	size_t len = topreclen + BFRAG;
-	if ((record = malloc (len)) == NULL) {
-	    errno = ENOMEM;
-	    return (-2);
-	}
-	(void)strlcpy(record, toprec, len);
-	db_p = db_array;
-	rp = record + topreclen + 1;
-	r_end = rp + BFRAG;
-	goto tc_exp;
-    }
-    /*
-     * Allocate first chunk of memory.
-     */
-    if ((record = malloc(BFRAG)) == NULL) {
-	errno = ENOMEM;
-	return (-2);
-    }
-    r_end = record + BFRAG;
-    foundit = 0;
-    /*
-     * Loop through database array until finding the record.
-     */
-
-    for (db_p = db_array; *db_p != NULL; db_p++) {
-	eof = 0;
-
-	/*
-	 * Open database if not already open.
-	 */
-
-	if (fd >= 0) {
-	    (void)lseek(fd, (off_t)0, SEEK_SET);
-	} else {
-#ifdef USE_DB
-	    char pbuf[_POSIX_PATH_MAX];
-	    char *cbuf;
-	    size_t clen;
-	    int retval;
-	    DB *capdbp;
-
-	    (void)snprintf(pbuf, sizeof(pbuf), "%s.db", *db_p);
-	    if ((capdbp = dbopen(pbuf, O_RDONLY, 0, DB_HASH, 0))
-		!= NULL) {
-		free(record);
-		retval = cdbget(capdbp, &record, name);
-		if (retval < 0) {
-		    /* no record available */
-		    (void)capdbp->close(capdbp);
-		    return (retval);
-		}
-				/* save the data; close frees it */
-		clen = strlen(record);
-		cbuf = malloc(clen + 1);
-		if (cbuf == NULL)
-		    return (-2);
-		memmove(cbuf, record, clen + 1);
-		if (capdbp->close(capdbp) < 0) {
-		    free(cbuf);
-		    return (-2);
-		}
-		*len = clen;
-		*cap = cbuf;
-		return (retval);
-	    } else
-#endif
-	    {
-		fd = open(*db_p, O_RDONLY, 0);
-		if (fd < 0) {
-		    /* No error on unfound file. */
-		    continue;
-		}
-		myfd = 1;
-	    }
-	}
-	/*
-	 * Find the requested capability record ...
-	 */
-	{
-	    char buf[BUFSIZ];
-	    char *b_end, *bp, *cp;
-	    int c, slash;
-
-	    /*
-	     * Loop invariants:
-	     *	There is always room for one more character in record.
-	     *	R_end always points just past end of record.
-	     *	Rp always points just past last character in record.
-	     *	B_end always points just past last character in buf.
-	     *	Bp always points at next character in buf.
-	     *	Cp remembers where the last colon was.
-	     */
-	    b_end = buf;
-	    bp = buf;
-	    cp = 0;
-	    slash = 0;
-	    for (;;) {
-
-		/*
-		 * Read in a line implementing (\, newline)
-		 * line continuation.
-		 */
-		rp = record;
-		for (;;) {
-		    if (bp >= b_end) {
-			int n;
-		
-			n = read(fd, buf, sizeof(buf));
-			if (n <= 0) {
-			    if (myfd)
-				(void)close(fd);
-			    if (n < 0) {
-				free(record);
-				return (-2);
-			    } else {
-				fd = -1;
-				eof = 1;
-				break;
-			    }
-			}
-			b_end = buf+n;
-			bp = buf;
-		    }
-	
-		    c = *bp++;
-		    if (c == '\n') {
-			if (slash) {
-			    slash = 0;
-			    rp--;
-			    continue;
-			} else
-			    break;
-		    }
-		    if (slash) {
-			slash = 0;
-			cp = 0;
-		    }
-		    if (c == ':') {
-			/*
-			 * If the field was `empty' (i.e.
-			 * contained only white space), back up
-			 * to the colon (eliminating the
-			 * field).
-			 */
-			if (cp)
-			    rp = cp;
-			else
-			    cp = rp;
-		    } else if (c == '\\') {
-			slash = 1;
-		    } else if (c != ' ' && c != '\t') {
-			/*
-			 * Forget where the colon was, as this
-			 * is not an empty field.
-			 */
-			cp = 0;
-		    }
-		    *rp++ = c;
-
-				/*
-				 * Enforce loop invariant: if no room 
-				 * left in record buffer, try to get
-				 * some more.
-				 */
-		    if (rp >= r_end) {
-			u_int pos;
-			size_t newsize;
-
-			pos = rp - record;
-			newsize = r_end - record + BFRAG;
-			record = realloc(record, newsize);
-			if (record == NULL) {
-			    errno = ENOMEM;
-			    if (myfd)
-				(void)close(fd);
-			    return (-2);
-			}
-			r_end = record + newsize;
-			rp = record + pos;
-		    }
-		}
-		/* Eliminate any white space after the last colon. */
-		if (cp)
-		    rp = cp + 1;
-		/* Loop invariant lets us do this. */
-		*rp++ = '\0';
-
-		/*
-		 * If encountered eof check next file.
-		 */
-		if (eof)
-		    break;
-				
-		/*
-		 * Toss blank lines and comments.
-		 */
-		if (*record == '\0' || *record == '#')
-		    continue;
-	
-		/*
-		 * See if this is the record we want ...
-		 */
-		if (cgetmatch(record, name) == 0) {
-		    if (nfield == NULL || !nfcmp(nfield, record)) {
-			foundit = 1;
-			break;	/* found it! */
-		    }
-		}
-	    }
-	}
-	if (foundit)
-	    break;
-    }
-
-    if (!foundit)
-	return (-1);
-
-    /*
-     * Got the capability record, but now we have to expand all tc=name
-     * references in it ...
-     */
- tc_exp:	{
-	char *newicap, *s;
-	size_t ilen, newilen;
-	int diff, iret, tclen;
-	char *icap, *scan, *tc, *tcstart, *tcend;
-
-	/*
-	 * Loop invariants:
-	 *	There is room for one more character in record.
-	 *	R_end points just past end of record.
-	 *	Rp points just past last character in record.
-	 *	Scan points at remainder of record that needs to be
-	 *	scanned for tc=name constructs.
-	 */
-	scan = record;
-	tc_not_resolved = 0;
-	for (;;) {
-	    if ((tc = cgetcap(scan, "tc", '=')) == NULL)
-		break;
-
-	    /*
-	     * Find end of tc=name and stomp on the trailing `:'
-	     * (if present) so we can use it to call ourselves.
-	     */
-	    s = tc;
-	    for (;;)
-		if (*s == '\0')
-		    break;
-		else
-		    if (*s++ == ':') {
-			*(s - 1) = '\0';
-			break;
-		    }
-	    tcstart = tc - 3;
-	    tclen = s - tcstart;
-	    tcend = s;
-
-	    iret = getent(&icap, &ilen, db_p, fd, tc, depth+1, 
-			  NULL);
-	    newicap = icap;		/* Put into a register. */
-	    newilen = ilen;
-	    if (iret != 0) {
-				/* an error */
-		if (iret < -1) {
-		    if (myfd)
-			(void)close(fd);
-		    free(record);
-		    return (iret);
-		}
-		if (iret == 1)
-		    tc_not_resolved = 1;
-				/* couldn't resolve tc */
-		if (iret == -1) {
-		    *(s - 1) = ':';			
-		    scan = s - 1;
-		    tc_not_resolved = 1;
-		    continue;
-					
-		}
-	    }
-	    /* not interested in name field of tc'ed record */
-	    s = newicap;
-	    for (;;)
-		if (*s == '\0')
-		    break;
-		else
-		    if (*s++ == ':')
-			break;
-	    newilen -= s - newicap;
-	    newicap = s;
-
-	    /* make sure interpolated record is `:'-terminated */
-	    s += newilen;
-	    if (*(s-1) != ':') {
-		*s = ':';	/* overwrite NUL with : */
-		newilen++;
-	    }
-
-	    /*
-	     * Make sure there's enough room to insert the
-	     * new record.
-	     */
-	    diff = newilen - tclen;
-	    if (diff >= r_end - rp) {
-		u_int pos, tcpos, tcposend;
-		size_t newsize;
-
-		pos = rp - record;
-		newsize = r_end - record + diff + BFRAG;
-		tcpos = tcstart - record;
-		tcposend = tcend - record;
-		record = realloc(record, newsize);
-		if (record == NULL) {
-		    errno = ENOMEM;
-		    if (myfd)
-			(void)close(fd);
-		    free(icap);
-		    return (-2);
-		}
-		r_end = record + newsize;
-		rp = record + pos;
-		tcstart = record + tcpos;
-		tcend = record + tcposend;
-	    }
-
-	    /*
-	     * Insert tc'ed record into our record.
-	     */
-	    s = tcstart + newilen;
-	    memmove(s, tcend,  (size_t)(rp - tcend));
-	    memmove(tcstart, newicap, newilen);
-	    rp += diff;
-	    free(icap);
-
-	    /*
-	     * Start scan on `:' so next cgetcap works properly
-	     * (cgetcap always skips first field).
-	     */
-	    scan = s-1;
-	}
-	
-    }
-    /*
-     * Close file (if we opened it), give back any extra memory, and
-     * return capability, length and success.
-     */
-    if (myfd)
-	(void)close(fd);
-    *len = rp - record - 1;	/* don't count NUL */
-    if (r_end > rp)
-	if ((record = 
-	     realloc(record, (size_t)(rp - record))) == NULL) {
-	    errno = ENOMEM;
-	    return (-2);
-	}
-		
-    *cap = record;
-    if (tc_not_resolved)
-	return (1);
-    return (0);
-}	
-
-#ifdef USE_DB
-static int
-cdbget(DB *capdbp, char **bp, const char *name)
-{
-	DBT key;
-	DBT data;
-
-	/* LINTED key is not modified */
-	key.data = (char *)name;
-	key.size = strlen(name);
-
-	for (;;) {
-		/* Get the reference. */
-		switch(capdbp->get(capdbp, &key, &data, 0)) {
-		case -1:
-			return (-2);
-		case 1:
-			return (-1);
-		}
-
-		/* If not an index to another record, leave. */
-		if (((char *)data.data)[0] != SHADOW)
-			break;
-
-		key.data = (char *)data.data + 1;
-		key.size = data.size - 1;
-	}
-	
-	*bp = (char *)data.data + 1;
-	return (((char *)(data.data))[0] == TCERR ? 1 : 0);
-}
-#endif /* USE_DB */
-
-/*
- * Cgetmatch will return 0 if name is one of the names of the capability
- * record buf, -1 if not.
- */
-int
-cgetmatch(const char *buf, const char *name)
-{
-    const char *np, *bp;
-
-    /*
-     * Start search at beginning of record.
-     */
-    bp = buf;
-    for (;;) {
-	/*
-	 * Try to match a record name.
-	 */
-	np = name;
-	for (;;)
-	    if (*np == '\0') {
-		if (*bp == '|' || *bp == ':' || *bp == '\0')
-		    return (0);
-		else
-		    break;
-	    } else
-		if (*bp++ != *np++)
-		    break;
-
-	/*
-	 * Match failed, skip to next name in record.
-	 */
-	bp--;	/* a '|' or ':' may have stopped the match */
-	for (;;)
-	    if (*bp == '\0' || *bp == ':')
-		return (-1);	/* match failed totally */
-	    else
-		if (*bp++ == '|')
-		    break;	/* found next name */
-    }
-}
-
-#if 0
-int
-cgetfirst(char **buf, char **db_array)
-{
-    (void)cgetclose();
-    return (cgetnext(buf, db_array));
-}
-#endif
-
-static FILE *pfp;
-static int slash;
-static char **dbp;
-
-int ROKEN_LIB_FUNCTION
-cgetclose(void)
-{
-    if (pfp != NULL) {
-	(void)fclose(pfp);
-	pfp = NULL;
-    }
-    dbp = NULL;
-    gottoprec = 0;
-    slash = 0;
-    return(0);
-}
-
-#if 0
-/*
- * Cgetnext() gets either the first or next entry in the logical database 
- * specified by db_array.  It returns 0 upon completion of the database, 1
- * upon returning an entry with more remaining, and -1 if an error occurs.
- */
-int
-cgetnext(char **bp, char **db_array)
-{
-    size_t len;
-    int status, done;
-    char *cp, *line, *rp, *np, buf[BSIZE], nbuf[BSIZE];
-    size_t dummy;
-
-    if (dbp == NULL)
-	dbp = db_array;
-
-    if (pfp == NULL && (pfp = fopen(*dbp, "r")) == NULL) {
-	(void)cgetclose();
-	return (-1);
-    }
-    for(;;) {
-	if (toprec && !gottoprec) {
-	    gottoprec = 1;
-	    line = toprec;
-	} else {
-	    line = fgetln(pfp, &len);
-	    if (line == NULL && pfp) {
-		if (ferror(pfp)) {
-		    (void)cgetclose();
-		    return (-1);
-		} else {
-		    (void)fclose(pfp);
-		    pfp = NULL;
-		    if (*++dbp == NULL) {
-			(void)cgetclose();
-			return (0);
-		    } else if ((pfp =
-				fopen(*dbp, "r")) == NULL) {
-			(void)cgetclose();
-			return (-1);
-		    } else
-			continue;
-		}
-	    } else
-		line[len - 1] = '\0';
-	    if (len == 1) {
-		slash = 0;
-		continue;
-	    }
-	    if (isspace((unsigned char)*line) ||
-		*line == ':' || *line == '#' || slash) {
-		if (line[len - 2] == '\\')
-		    slash = 1;
-		else
-		    slash = 0;
-		continue;
-	    }
-	    if (line[len - 2] == '\\')
-		slash = 1;
-	    else
-		slash = 0;
-	}			
-
-
-	/* 
-	 * Line points to a name line.
-	 */
-	done = 0;
-	np = nbuf;
-	for (;;) {
-	    for (cp = line; *cp != '\0'; cp++) {
-		if (*cp == ':') {
-		    *np++ = ':';
-		    done = 1;
-		    break;
-		}
-		if (*cp == '\\')
-		    break;
-		*np++ = *cp;
-	    }
-	    if (done) {
-		*np = '\0';
-		break;
-	    } else { /* name field extends beyond the line */
-		line = fgetln(pfp, &len);
-		if (line == NULL && pfp) {
-		    if (ferror(pfp)) {
-			(void)cgetclose();
-			return (-1);
-		    }
-		    (void)fclose(pfp);
-		    pfp = NULL;
-		    *np = '\0';
-		    break;
-		} else
-		    line[len - 1] = '\0';
-	    }
-	}
-	rp = buf;
-	for(cp = nbuf; *cp != '\0'; cp++)
-	    if (*cp == '|' || *cp == ':')
-		break;
-	    else
-		*rp++ = *cp;
-
-	*rp = '\0';
-	/* 
-	 * XXX 
-	 * Last argument of getent here should be nbuf if we want true
-	 * sequential access in the case of duplicates.  
-	 * With NULL, getent will return the first entry found
-	 * rather than the duplicate entry record.  This is a 
-	 * matter of semantics that should be resolved.
-	 */
-	status = getent(bp, &dummy, db_array, -1, buf, 0, NULL);
-	if (status == -2 || status == -3)
-	    (void)cgetclose();
-
-	return (status + 1);
-    }
-    /* NOTREACHED */
-}
-#endif
-
-/*
- * Cgetstr retrieves the value of the string capability cap from the
- * capability record pointed to by buf.  A pointer to a decoded, NUL
- * terminated, malloc'd copy of the string is returned in the char *
- * pointed to by str.  The length of the string not including the trailing
- * NUL is returned on success, -1 if the requested string capability
- * couldn't be found, -2 if a system error was encountered (storage
- * allocation failure).
- */
-int ROKEN_LIB_FUNCTION
-cgetstr(char *buf, const char *cap, char **str)
-{
-    u_int m_room;
-    const char *bp;
-    char *mp;
-    int len;
-    char *mem;
-
-    /*
-     * Find string capability cap
-     */
-    bp = cgetcap(buf, cap, '=');
-    if (bp == NULL)
-	return (-1);
-
-    /*
-     * Conversion / storage allocation loop ...  Allocate memory in
-     * chunks SFRAG in size.
-     */
-    if ((mem = malloc(SFRAG)) == NULL) {
-	errno = ENOMEM;
-	return (-2);	/* couldn't even allocate the first fragment */
-    }
-    m_room = SFRAG;
-    mp = mem;
-
-    while (*bp != ':' && *bp != '\0') {
-	/*
-	 * Loop invariants:
-	 *	There is always room for one more character in mem.
-	 *	Mp always points just past last character in mem.
-	 *	Bp always points at next character in buf.
-	 */
-	if (*bp == '^') {
-	    bp++;
-	    if (*bp == ':' || *bp == '\0')
-		break;	/* drop unfinished escape */
-	    *mp++ = *bp++ & 037;
-	} else if (*bp == '\\') {
-	    bp++;
-	    if (*bp == ':' || *bp == '\0')
-		break;	/* drop unfinished escape */
-	    if ('0' <= *bp && *bp <= '7') {
-		int n, i;
-
-		n = 0;
-		i = 3;	/* maximum of three octal digits */
-		do {
-		    n = n * 8 + (*bp++ - '0');
-		} while (--i && '0' <= *bp && *bp <= '7');
-		*mp++ = n;
-	    }
-	    else switch (*bp++) {
-	    case 'b': case 'B':
-		*mp++ = '\b';
-		break;
-	    case 't': case 'T':
-		*mp++ = '\t';
-		break;
-	    case 'n': case 'N':
-		*mp++ = '\n';
-		break;
-	    case 'f': case 'F':
-		*mp++ = '\f';
-		break;
-	    case 'r': case 'R':
-		*mp++ = '\r';
-		break;
-	    case 'e': case 'E':
-		*mp++ = ESC;
-		break;
-	    case 'c': case 'C':
-		*mp++ = ':';
-		break;
-	    default:
-		/*
-		 * Catches '\', '^', and
-		 *  everything else.
-		 */
-		*mp++ = *(bp-1);
-		break;
-	    }
-	} else
-	    *mp++ = *bp++;
-	m_room--;
-
-	/*
-	 * Enforce loop invariant: if no room left in current
-	 * buffer, try to get some more.
-	 */
-	if (m_room == 0) {
-	    size_t size = mp - mem;
-
-	    if ((mem = realloc(mem, size + SFRAG)) == NULL)
-		return (-2);
-	    m_room = SFRAG;
-	    mp = mem + size;
-	}
-    }
-    *mp++ = '\0';	/* loop invariant let's us do this */
-    m_room--;
-    len = mp - mem - 1;
-
-    /*
-     * Give back any extra memory and return value and success.
-     */
-    if (m_room != 0)
-	if ((mem = realloc(mem, (size_t)(mp - mem))) == NULL)
-	    return (-2);
-    *str = mem;
-    return (len);
-}
-
-/*
- * Cgetustr retrieves the value of the string capability cap from the
- * capability record pointed to by buf.  The difference between cgetustr()
- * and cgetstr() is that cgetustr does not decode escapes but rather treats
- * all characters literally.  A pointer to a  NUL terminated malloc'd 
- * copy of the string is returned in the char pointed to by str.  The 
- * length of the string not including the trailing NUL is returned on success,
- * -1 if the requested string capability couldn't be found, -2 if a system 
- * error was encountered (storage allocation failure).
- */
-int ROKEN_LIB_FUNCTION
-cgetustr(char *buf, const char *cap, char **str)
-{
-    u_int m_room;
-    const char *bp;
-    char *mp;
-    int len;
-    char *mem;
-
-    /*
-     * Find string capability cap
-     */
-    if ((bp = cgetcap(buf, cap, '=')) == NULL)
-	return (-1);
-
-    /*
-     * Conversion / storage allocation loop ...  Allocate memory in
-     * chunks SFRAG in size.
-     */
-    if ((mem = malloc(SFRAG)) == NULL) {
-	errno = ENOMEM;
-	return (-2);	/* couldn't even allocate the first fragment */
-    }
-    m_room = SFRAG;
-    mp = mem;
-
-    while (*bp != ':' && *bp != '\0') {
-	/*
-	 * Loop invariants:
-	 *	There is always room for one more character in mem.
-	 *	Mp always points just past last character in mem.
-	 *	Bp always points at next character in buf.
-	 */
-	*mp++ = *bp++;
-	m_room--;
-
-	/*
-	 * Enforce loop invariant: if no room left in current
-	 * buffer, try to get some more.
-	 */
-	if (m_room == 0) {
-	    size_t size = mp - mem;
-
-	    if ((mem = realloc(mem, size + SFRAG)) == NULL)
-		return (-2);
-	    m_room = SFRAG;
-	    mp = mem + size;
-	}
-    }
-    *mp++ = '\0';	/* loop invariant let's us do this */
-    m_room--;
-    len = mp - mem - 1;
-
-    /*
-     * Give back any extra memory and return value and success.
-     */
-    if (m_room != 0)
-	if ((mem = realloc(mem, (size_t)(mp - mem))) == NULL)
-	    return (-2);
-    *str = mem;
-    return (len);
-}
-
-/*
- * Cgetnum retrieves the value of the numeric capability cap from the
- * capability record pointed to by buf.  The numeric value is returned in
- * the long pointed to by num.  0 is returned on success, -1 if the requested
- * numeric capability couldn't be found.
- */
-int ROKEN_LIB_FUNCTION
-cgetnum(char *buf, const char *cap, long *num)
-{
-    long n;
-    int base, digit;
-    const char *bp;
-
-    /*
-     * Find numeric capability cap
-     */
-    bp = cgetcap(buf, cap, '#');
-    if (bp == NULL)
-	return (-1);
-
-    /*
-     * Look at value and determine numeric base:
-     *	0x... or 0X...	hexadecimal,
-     * else	0...		octal,
-     * else			decimal.
-     */
-    if (*bp == '0') {
-	bp++;
-	if (*bp == 'x' || *bp == 'X') {
-	    bp++;
-	    base = 16;
-	} else
-	    base = 8;
-    } else
-	base = 10;
-
-    /*
-     * Conversion loop ...
-     */
-    n = 0;
-    for (;;) {
-	if ('0' <= *bp && *bp <= '9')
-	    digit = *bp - '0';
-	else if ('a' <= *bp && *bp <= 'f')
-	    digit = 10 + *bp - 'a';
-	else if ('A' <= *bp && *bp <= 'F')
-	    digit = 10 + *bp - 'A';
-	else
-	    break;
-
-	if (digit >= base)
-	    break;
-
-	n = n * base + digit;
-	bp++;
-    }
-
-    /*
-     * Return value and success.
-     */
-    *num = n;
-    return (0);
-}
-
-
-/*
- * Compare name field of record.
- */
-static int
-nfcmp(char *nf, char *rec)
-{
-    char *cp, tmp;
-    int ret;
-	
-    for (cp = rec; *cp != ':'; cp++)
-	;
-	
-    tmp = *(cp + 1);
-    *(cp + 1) = '\0';
-    ret = strcmp(nf, rec);
-    *(cp + 1) = tmp;
-
-    return (ret);
-}
diff --git a/crypto/heimdal/lib/roken/getcwd.c b/crypto/heimdal/lib/roken/getcwd.c
deleted file mode 100644
index a32149c21294..000000000000
--- a/crypto/heimdal/lib/roken/getcwd.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: getcwd.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-
-#include "roken.h"
-
-char* ROKEN_LIB_FUNCTION
-getcwd(char *path, size_t size)
-{
-    char xxx[MaxPathLen];
-    char *ret;
-    ret = getwd(xxx);
-    if(ret)
-	strlcpy(path, xxx, size);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/getdtablesize.c b/crypto/heimdal/lib/roken/getdtablesize.c
deleted file mode 100644
index a6ef38b2957f..000000000000
--- a/crypto/heimdal/lib/roken/getdtablesize.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * Copyright (c) 1995-2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: getdtablesize.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef TIME_WITH_SYS_TIME
-#include <sys/time.h>
-#include <time.h>
-#elif defined(HAVE_SYS_TIME_H)
-#include <sys/time.h>
-#else
-#include <time.h>
-#endif
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-#ifdef HAVE_SYS_RESOURCE_H
-#include <sys/resource.h>
-#endif
-
-#ifdef HAVE_SYS_SYSCTL_H
-#include <sys/sysctl.h>
-#endif
-
-int ROKEN_LIB_FUNCTION
-getdtablesize(void)
-{
-  int files = -1;
-#if defined(HAVE_SYSCONF) && defined(_SC_OPEN_MAX)
-  files = sysconf(_SC_OPEN_MAX);
-#else /* !defined(HAVE_SYSCONF) */
-#if defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE)
-  struct rlimit res;
-  if (getrlimit(RLIMIT_NOFILE, &res) == 0)
-    files = res.rlim_cur;
-#else /* !definded(HAVE_GETRLIMIT) */
-#if defined(HAVE_SYSCTL) && defined(CTL_KERN) && defined(KERN_MAXFILES)
-  int mib[2];
-  size_t len;
-    
-  mib[0] = CTL_KERN;
-  mib[1] = KERN_MAXFILES;
-  len = sizeof(files);
-  sysctl(&mib, 2, &files, sizeof(files), NULL, 0);
-#endif /* defined(HAVE_SYSCTL) */
-#endif /* !definded(HAVE_GETRLIMIT) */
-#endif /* !defined(HAVE_SYSCONF) */
-
-#ifdef OPEN_MAX
-  if (files < 0)
-    files = OPEN_MAX;
-#endif
-
-#ifdef NOFILE
-  if (files < 0)
-    files = NOFILE;
-#endif    
-    
-  return files;
-}
diff --git a/crypto/heimdal/lib/roken/getegid.c b/crypto/heimdal/lib/roken/getegid.c
deleted file mode 100644
index 57ea19857388..000000000000
--- a/crypto/heimdal/lib/roken/getegid.c
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-
-#ifndef HAVE_GETEGID
-
-RCSID("$Id: getegid.c 14773 2005-04-12 11:29:18Z lha $");
-
-int ROKEN_LIB_FUNCTION
-getegid(void)
-{
-    return getgid();
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/geteuid.c b/crypto/heimdal/lib/roken/geteuid.c
deleted file mode 100644
index f2f771ede073..000000000000
--- a/crypto/heimdal/lib/roken/geteuid.c
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-
-#ifndef HAVE_GETEUID
-
-RCSID("$Id: geteuid.c 14773 2005-04-12 11:29:18Z lha $");
-
-int ROKEN_LIB_FUNCTION
-geteuid(void)
-{
-    return getuid();
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/getgid.c b/crypto/heimdal/lib/roken/getgid.c
deleted file mode 100644
index fbe4f6d1d272..000000000000
--- a/crypto/heimdal/lib/roken/getgid.c
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-
-#ifndef HAVE_GETGID
-
-RCSID("$Id: getgid.c 14773 2005-04-12 11:29:18Z lha $");
-
-int ROKEN_LIB_FUNCTION
-getgid(void)
-{
-    return 17;
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/gethostname.c b/crypto/heimdal/lib/roken/gethostname.c
deleted file mode 100644
index f291ce2cb77c..000000000000
--- a/crypto/heimdal/lib/roken/gethostname.c
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-
-#ifndef HAVE_GETHOSTNAME
-
-#ifdef HAVE_SYS_UTSNAME_H
-#include <sys/utsname.h>
-#endif
-
-/*
- * Return the local host's name in "name", up to "namelen" characters.
- * "name" will be null-terminated if "namelen" is big enough.
- * The return code is 0 on success, -1 on failure.  (The calling
- * interface is identical to gethostname(2).)
- */
-
-int ROKEN_LIB_FUNCTION
-gethostname(char *name, int namelen)
-{
-#if defined(HAVE_UNAME)
-    {
-	struct utsname utsname;
-	int ret;
-
-	ret = uname (&utsname);
-	if (ret < 0)
-	    return ret;
-	strlcpy (name, utsname.nodename, namelen);
-	return 0;
-    }
-#else
-    strlcpy (name, "some.random.host", namelen);
-    return 0;
-#endif
-}
-
-#endif /* GETHOSTNAME */
diff --git a/crypto/heimdal/lib/roken/getifaddrs.c b/crypto/heimdal/lib/roken/getifaddrs.c
deleted file mode 100644
index 485c0d622215..000000000000
--- a/crypto/heimdal/lib/roken/getifaddrs.c
+++ /dev/null
@@ -1,1250 +0,0 @@
-/*
- * Copyright (c) 2000 - 2002, 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: getifaddrs.c 21745 2007-07-31 16:11:25Z lha $");
-#endif
-#include "roken.h"
-
-#ifdef __osf__
-/* hate */
-struct rtentry;
-struct mbuf;
-#endif
-#ifdef HAVE_NET_IF_H
-#include <net/if.h>
-#endif
-
-#ifdef HAVE_SYS_SOCKIO_H
-#include <sys/sockio.h>
-#endif /* HAVE_SYS_SOCKIO_H */
-
-#ifdef HAVE_NETINET_IN6_VAR_H
-#include <netinet/in6_var.h>
-#endif /* HAVE_NETINET_IN6_VAR_H */
-
-#include <ifaddrs.h>
-
-#ifdef __hpux
-#define lifconf if_laddrconf
-#define lifc_len iflc_len
-#define lifc_buf iflc_buf
-#define lifc_req iflc_req
-
-#define lifreq if_laddrreq
-#define lifr_addr iflr_addr
-#define lifr_name iflr_name
-#define lifr_dstaddr iflr_dstaddr
-#define lifr_broadaddr iflr_broadaddr
-#define lifr_flags iflr_flags
-#define lifr_index iflr_index
-#endif
-
-#ifdef AF_NETLINK
-
-/*
- * The linux - AF_NETLINK version of getifaddrs - from Usagi.
- * Linux does not return v6 addresses from SIOCGIFCONF.
- */
-
-/* $USAGI: ifaddrs.c,v 1.18 2002/03/06 01:50:46 yoshfuji Exp $ */
-
-/**************************************************************************
- * ifaddrs.c
- * Copyright (C)2000 Hideaki YOSHIFUJI, All Rights Reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the author nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "config.h"
-
-#include <string.h>
-#include <time.h>
-#include <malloc.h>
-#include <errno.h>
-#include <unistd.h>
-
-#include <sys/socket.h>
-#include <asm/types.h>
-#include <linux/netlink.h>
-#include <linux/rtnetlink.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <sys/poll.h>
-#include <netpacket/packet.h>
-#include <net/ethernet.h>     /* the L2 protocols */
-#include <sys/uio.h>
-#include <net/if.h>
-#include <net/if_arp.h>
-#include <ifaddrs.h>
-#include <netinet/in.h>
-
-#define __set_errno(e) (errno = (e))
-#define __close(fd) (close(fd))
-#undef ifa_broadaddr
-#define ifa_broadaddr ifa_dstaddr
-#define IFA_NETMASK
-
-/* ====================================================================== */
-struct nlmsg_list{
-    struct nlmsg_list *nlm_next;
-    struct nlmsghdr *nlh;
-    int size;
-    time_t seq;
-};
-
-struct rtmaddr_ifamap {
-  void *address;
-  void *local;
-#ifdef IFA_NETMASK
-  void *netmask;
-#endif
-  void *broadcast;
-#ifdef HAVE_IFADDRS_IFA_ANYCAST
-  void *anycast;
-#endif
-  int address_len;
-  int local_len;
-#ifdef IFA_NETMASK
-  int netmask_len;
-#endif
-  int broadcast_len;
-#ifdef HAVE_IFADDRS_IFA_ANYCAST
-  int anycast_len;
-#endif
-};
-
-/* ====================================================================== */
-static size_t
-ifa_sa_len(sa_family_t family, int len)
-{
-  size_t size;
-  switch(family){
-  case AF_INET:
-    size = sizeof(struct sockaddr_in);
-    break;
-  case AF_INET6:
-    size = sizeof(struct sockaddr_in6);
-    break;
-  case AF_PACKET:
-    size = (size_t)(((struct sockaddr_ll *)NULL)->sll_addr) + len;
-    if (size < sizeof(struct sockaddr_ll))
-      size = sizeof(struct sockaddr_ll);
-    break;
-  default:
-    size = (size_t)(((struct sockaddr *)NULL)->sa_data) + len;
-    if (size < sizeof(struct sockaddr))
-      size = sizeof(struct sockaddr);
-    break;
-  }
-  return size;
-}
-
-static void 
-ifa_make_sockaddr(sa_family_t family, 
-		  struct sockaddr *sa, 
-		  void *p, size_t len,
-		  uint32_t scope, uint32_t scopeid)
-{
-  if (sa == NULL) return;
-  switch(family){
-  case AF_INET:
-    memcpy(&((struct sockaddr_in*)sa)->sin_addr, (char *)p, len);
-    break;
-  case AF_INET6:
-    memcpy(&((struct sockaddr_in6*)sa)->sin6_addr, (char *)p, len);
-    if (IN6_IS_ADDR_LINKLOCAL(p) ||
-	IN6_IS_ADDR_MC_LINKLOCAL(p)){
-      ((struct sockaddr_in6*)sa)->sin6_scope_id = scopeid;
-    }
-    break;
-  case AF_PACKET:
-    memcpy(((struct sockaddr_ll*)sa)->sll_addr, (char *)p, len);
-    ((struct sockaddr_ll*)sa)->sll_halen = len;
-    break;
-  default:
-    memcpy(sa->sa_data, p, len);	/*XXX*/
-    break;
-  }
-  sa->sa_family = family;
-#ifdef HAVE_SOCKADDR_SA_LEN
-  sa->sa_len = ifa_sa_len(family, len);
-#endif
-}
-
-#ifndef IFA_NETMASK
-static struct sockaddr *
-ifa_make_sockaddr_mask(sa_family_t family, 
-		       struct sockaddr *sa, 
-		       uint32_t prefixlen)
-{
-  int i;
-  char *p = NULL, c;
-  uint32_t max_prefixlen = 0;
-
-  if (sa == NULL) return NULL;
-  switch(family){
-  case AF_INET:
-    memset(&((struct sockaddr_in*)sa)->sin_addr, 0, sizeof(((struct sockaddr_in*)sa)->sin_addr));
-    p = (char *)&((struct sockaddr_in*)sa)->sin_addr;
-    max_prefixlen = 32;
-    break;
-  case AF_INET6:
-    memset(&((struct sockaddr_in6*)sa)->sin6_addr, 0, sizeof(((struct sockaddr_in6*)sa)->sin6_addr));
-    p = (char *)&((struct sockaddr_in6*)sa)->sin6_addr;
-#if 0	/* XXX: fill scope-id? */
-    if (IN6_IS_ADDR_LINKLOCAL(p) ||
-	IN6_IS_ADDR_MC_LINKLOCAL(p)){
-      ((struct sockaddr_in6*)sa)->sin6_scope_id = scopeid;
-    }
-#endif
-    max_prefixlen = 128;
-    break;
-  default:
-    return NULL;
-  }
-  sa->sa_family = family;
-#ifdef HAVE_SOCKADDR_SA_LEN
-  sa->sa_len = ifa_sa_len(family, len);
-#endif
-  if (p){
-    if (prefixlen > max_prefixlen)
-      prefixlen = max_prefixlen;
-    for (i=0; i<(prefixlen / 8); i++)
-      *p++ = 0xff;
-    c = 0xff;
-    c <<= (8 - (prefixlen % 8));
-    *p = c;
-  }
-  return sa;
-}
-#endif
-
-/* ====================================================================== */
-static int 
-nl_sendreq(int sd, int request, int flags, int *seq)
-{
-  char reqbuf[NLMSG_ALIGN(sizeof(struct nlmsghdr)) +
-	      NLMSG_ALIGN(sizeof(struct rtgenmsg))];
-  struct sockaddr_nl nladdr;
-  struct nlmsghdr *req_hdr;
-  struct rtgenmsg *req_msg;
-  time_t t = time(NULL);
-
-  if (seq) *seq = t;
-  memset(&reqbuf, 0, sizeof(reqbuf));
-  req_hdr = (struct nlmsghdr *)reqbuf;
-  req_msg = (struct rtgenmsg *)NLMSG_DATA(req_hdr);
-  req_hdr->nlmsg_len = NLMSG_LENGTH(sizeof(*req_msg));
-  req_hdr->nlmsg_type = request;
-  req_hdr->nlmsg_flags = flags | NLM_F_REQUEST;
-  req_hdr->nlmsg_pid = 0;
-  req_hdr->nlmsg_seq = t;
-  req_msg->rtgen_family = AF_UNSPEC;
-  memset(&nladdr, 0, sizeof(nladdr));
-  nladdr.nl_family = AF_NETLINK;
-  return (sendto(sd, (void *)req_hdr, req_hdr->nlmsg_len, 0,
-		 (struct sockaddr *)&nladdr, sizeof(nladdr)));
-}
-
-static int 
-nl_recvmsg(int sd, int request, int seq, 
-	   void *buf, size_t buflen, 
-	   int *flags)
-{
-  struct msghdr msg;
-  struct iovec iov = { buf, buflen };
-  struct sockaddr_nl nladdr;
-  int read_len;
-
-  for (;;){
-    msg.msg_name = (void *)&nladdr;
-    msg.msg_namelen = sizeof(nladdr);
-    msg.msg_iov = &iov;
-    msg.msg_iovlen = 1;
-    msg.msg_control = NULL;
-    msg.msg_controllen = 0;
-    msg.msg_flags = 0;
-    read_len = recvmsg(sd, &msg, 0);
-    if ((read_len < 0 && errno == EINTR) || (msg.msg_flags & MSG_TRUNC))
-      continue;
-    if (flags) *flags = msg.msg_flags;
-    break;
-  }
-  return read_len;
-}
-
-static int 
-nl_getmsg(int sd, int request, int seq, 
-	  struct nlmsghdr **nlhp,
-	  int *done)
-{
-  struct nlmsghdr *nh;
-  size_t bufsize = 65536, lastbufsize = 0;
-  void *buff = NULL;
-  int result = 0, read_size;
-  int msg_flags;
-  pid_t pid = getpid();
-  for (;;){
-    void *newbuff = realloc(buff, bufsize);
-    if (newbuff == NULL || bufsize < lastbufsize) {
-      result = -1;
-      break;
-    }
-    buff = newbuff;
-    result = read_size = nl_recvmsg(sd, request, seq, buff, bufsize, &msg_flags);
-    if (read_size < 0 || (msg_flags & MSG_TRUNC)){
-      lastbufsize = bufsize;
-      bufsize *= 2;
-      continue;
-    }
-    if (read_size == 0) break;
-    nh = (struct nlmsghdr *)buff;
-    for (nh = (struct nlmsghdr *)buff;
-	 NLMSG_OK(nh, read_size);
-	 nh = (struct nlmsghdr *)NLMSG_NEXT(nh, read_size)){
-      if (nh->nlmsg_pid != pid ||
-	  nh->nlmsg_seq != seq)
-	continue;
-      if (nh->nlmsg_type == NLMSG_DONE){
-	(*done)++;
-	break; /* ok */
-      }
-      if (nh->nlmsg_type == NLMSG_ERROR){
-	struct nlmsgerr *nlerr = (struct nlmsgerr *)NLMSG_DATA(nh);
-	result = -1;
-	if (nh->nlmsg_len < NLMSG_LENGTH(sizeof(struct nlmsgerr)))
-	  __set_errno(EIO);
-	else
-	  __set_errno(-nlerr->error);
-	break;
-      }
-    }
-    break;
-  }
-  if (result < 0)
-    if (buff){
-      int saved_errno = errno;
-      free(buff);
-      __set_errno(saved_errno);
-    }
-  *nlhp = (struct nlmsghdr *)buff;
-  return result;
-}
-
-static int
-nl_getlist(int sd, int seq,
-	   int request,
-	   struct nlmsg_list **nlm_list,
-	   struct nlmsg_list **nlm_end)
-{
-  struct nlmsghdr *nlh = NULL;
-  int status;
-  int done = 0;
-  int tries = 3;
-
- try_again:
-  status = nl_sendreq(sd, request, NLM_F_ROOT|NLM_F_MATCH, &seq);
-  if (status < 0)
-    return status;
-  if (seq == 0)
-    seq = (int)time(NULL);
-  while(!done){
-    struct pollfd pfd;
-
-    pfd.fd = sd;
-    pfd.events = POLLIN | POLLPRI;
-    pfd.revents = 0;
-    status = poll(&pfd, 1, 1000);
-    if (status < 0)
-	return status;
-    else if (status == 0) {
-	seq++;
-	if (tries-- > 0)
-	    goto try_again;
-	return -1;
-    }
-
-    status = nl_getmsg(sd, request, seq, &nlh, &done);
-    if (status < 0)
-      return status;
-    if (nlh){
-      struct nlmsg_list *nlm_next = (struct nlmsg_list *)malloc(sizeof(struct nlmsg_list));
-      if (nlm_next == NULL){
-	int saved_errno = errno;
-	free(nlh);
-	__set_errno(saved_errno);
-	status = -1;
-      } else {
-	nlm_next->nlm_next = NULL;
-	nlm_next->nlh = (struct nlmsghdr *)nlh;
-	nlm_next->size = status;
-	nlm_next->seq = seq;
-	if (*nlm_list == NULL){
-	  *nlm_list = nlm_next;
-	  *nlm_end = nlm_next;
-	} else {
-	  (*nlm_end)->nlm_next = nlm_next;
-	  *nlm_end = nlm_next;
-	}
-      }
-    }
-  }
-  return status >= 0 ? seq : status;
-}
-
-/* ---------------------------------------------------------------------- */
-static void 
-free_nlmsglist(struct nlmsg_list *nlm0)
-{
-  struct nlmsg_list *nlm, *nlm_next;
-  int saved_errno;
-  if (!nlm0)
-    return;
-  saved_errno = errno;
-  for (nlm=nlm0; nlm; nlm=nlm_next){
-    if (nlm->nlh)
-      free(nlm->nlh);
-    nlm_next=nlm->nlm_next;
-    free(nlm);
-  }
-  __set_errno(saved_errno);
-}
-
-static void 
-free_data(void *data, void *ifdata)
-{
-  int saved_errno = errno;
-  if (data != NULL) free(data);
-  if (ifdata != NULL) free(ifdata);
-  __set_errno(saved_errno);
-}
-
-/* ---------------------------------------------------------------------- */
-static void 
-nl_close(int sd)
-{
-  int saved_errno = errno;
-  if (sd >= 0) __close(sd);
-  __set_errno(saved_errno);
-}
-
-/* ---------------------------------------------------------------------- */
-static int 
-nl_open(void)
-{
-  struct sockaddr_nl nladdr;
-  int sd;
-
-  sd = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
-  if (sd < 0) return -1;
-  memset(&nladdr, 0, sizeof(nladdr));
-  nladdr.nl_family = AF_NETLINK;
-  if (bind(sd, (struct sockaddr*)&nladdr, sizeof(nladdr)) < 0){
-    nl_close(sd);
-    return -1;
-  }
-  return sd;
-}
-
-/* ====================================================================== */
-int ROKEN_LIB_FUNCTION
-rk_getifaddrs(struct ifaddrs **ifap)
-{
-  int sd;
-  struct nlmsg_list *nlmsg_list, *nlmsg_end, *nlm;
-  /* - - - - - - - - - - - - - - - */
-  int icnt;
-  size_t dlen, xlen, nlen;
-  uint32_t max_ifindex = 0;
-
-  pid_t pid = getpid();
-  int seq;
-  int result;
-  int build     ; /* 0 or 1 */
-
-/* ---------------------------------- */
-  /* initialize */
-  icnt = dlen = xlen = nlen = 0;
-  nlmsg_list = nlmsg_end = NULL;
-
-  if (ifap)
-    *ifap = NULL;
-
-/* ---------------------------------- */
-  /* open socket and bind */
-  sd = nl_open();
-  if (sd < 0)
-    return -1;
-
-/* ---------------------------------- */
-   /* gather info */
-  if ((seq = nl_getlist(sd, 0, RTM_GETLINK,
-			&nlmsg_list, &nlmsg_end)) < 0){
-    free_nlmsglist(nlmsg_list);
-    nl_close(sd);
-    return -1;
-  }
-  if ((seq = nl_getlist(sd, seq+1, RTM_GETADDR,
-			&nlmsg_list, &nlmsg_end)) < 0){
-    free_nlmsglist(nlmsg_list);
-    nl_close(sd);
-    return -1;
-  }
-
-/* ---------------------------------- */
-  /* Estimate size of result buffer and fill it */
-  for (build=0; build<=1; build++){
-    struct ifaddrs *ifl = NULL, *ifa = NULL;
-    struct nlmsghdr *nlh, *nlh0;
-    char *data = NULL, *xdata = NULL;
-    void *ifdata = NULL;
-    char *ifname = NULL, **iflist = NULL;
-    uint16_t *ifflist = NULL;
-    struct rtmaddr_ifamap ifamap;
-
-    if (build){
-      data = calloc(1,
-		    NLMSG_ALIGN(sizeof(struct ifaddrs[icnt]))
-		    + dlen + xlen + nlen);
-      ifa = (struct ifaddrs *)data;
-      ifdata = calloc(1, 
-		      NLMSG_ALIGN(sizeof(char *[max_ifindex+1]))
-		      + NLMSG_ALIGN(sizeof(uint16_t [max_ifindex+1])));
-      if (ifap != NULL)
-	*ifap = (ifdata != NULL) ? ifa : NULL;
-      else{
-	free_data(data, ifdata);
-	result = 0;
-	break;
-      }
-      if (data == NULL || ifdata == NULL){
-	free_data(data, ifdata);
-	result = -1;
-	break;
-      }
-      ifl = NULL;
-      data += NLMSG_ALIGN(sizeof(struct ifaddrs)) * icnt;
-      xdata = data + dlen;
-      ifname = xdata + xlen;
-      iflist = ifdata;
-      ifflist = (uint16_t *)(((char *)iflist) + NLMSG_ALIGN(sizeof(char *[max_ifindex+1])));
-    }
-
-    for (nlm=nlmsg_list; nlm; nlm=nlm->nlm_next){
-      int nlmlen = nlm->size;
-      if (!(nlh0 = nlm->nlh))
-	continue;
-      for (nlh = nlh0; 
-	   NLMSG_OK(nlh, nlmlen); 
-	   nlh=NLMSG_NEXT(nlh,nlmlen)){
-	struct ifinfomsg *ifim = NULL;
-	struct ifaddrmsg *ifam = NULL;
-	struct rtattr *rta;
-
-	size_t nlm_struct_size = 0;
-	sa_family_t nlm_family = 0;
-	uint32_t nlm_scope = 0, nlm_index = 0;
-	size_t sockaddr_size = 0;
-	uint32_t nlm_prefixlen = 0;
-	size_t rtasize;
-
-	memset(&ifamap, 0, sizeof(ifamap));
-
-	/* check if the message is what we want */
-	if (nlh->nlmsg_pid != pid ||
-	    nlh->nlmsg_seq != nlm->seq)
-	  continue;
-	if (nlh->nlmsg_type == NLMSG_DONE){
-	  break; /* ok */
-	}
-	switch (nlh->nlmsg_type){
-	case RTM_NEWLINK:
-	  ifim = (struct ifinfomsg *)NLMSG_DATA(nlh);
-	  nlm_struct_size = sizeof(*ifim);
-	  nlm_family = ifim->ifi_family;
-	  nlm_scope = 0;
-	  nlm_index = ifim->ifi_index;
-	  nlm_prefixlen = 0;
-	  if (build)
-	    ifflist[nlm_index] = ifa->ifa_flags = ifim->ifi_flags;
-	  break;
-	case RTM_NEWADDR:
-	  ifam = (struct ifaddrmsg *)NLMSG_DATA(nlh);
-	  nlm_struct_size = sizeof(*ifam);
-	  nlm_family = ifam->ifa_family;
-	  nlm_scope = ifam->ifa_scope;
-	  nlm_index = ifam->ifa_index;
-	  nlm_prefixlen = ifam->ifa_prefixlen;
-	  if (build)
-	    ifa->ifa_flags = ifflist[nlm_index];
-	  break;
-	default:
-	  continue;
-	}
-	
-	if (!build){
-	  if (max_ifindex < nlm_index)
-	    max_ifindex = nlm_index;
-	} else {
-	  if (ifl != NULL)
-	    ifl->ifa_next = ifa;
-	}
-
-	rtasize = NLMSG_PAYLOAD(nlh, nlmlen) - NLMSG_ALIGN(nlm_struct_size);
-	for (rta = (struct rtattr *)(((char *)NLMSG_DATA(nlh)) + NLMSG_ALIGN(nlm_struct_size));
-	     RTA_OK(rta, rtasize);
-	     rta = RTA_NEXT(rta, rtasize)){
-	  struct sockaddr **sap = NULL;
-	  void *rtadata = RTA_DATA(rta);
-	  size_t rtapayload = RTA_PAYLOAD(rta);
-	  socklen_t sa_len;
-
-	  switch(nlh->nlmsg_type){
-	  case RTM_NEWLINK:
-	    switch(rta->rta_type){
-	    case IFLA_ADDRESS:
-	    case IFLA_BROADCAST:
-	      if (build){
-		sap = (rta->rta_type == IFLA_ADDRESS) ? &ifa->ifa_addr : &ifa->ifa_broadaddr;
-		*sap = (struct sockaddr *)data;
-	      }
-	      sa_len = ifa_sa_len(AF_PACKET, rtapayload);
-	      if (rta->rta_type == IFLA_ADDRESS)
-		sockaddr_size = NLMSG_ALIGN(sa_len);
-	      if (!build){
-		dlen += NLMSG_ALIGN(sa_len);
-	      } else {
-		memset(*sap, 0, sa_len);
-		ifa_make_sockaddr(AF_PACKET, *sap, rtadata,rtapayload, 0,0);
-		((struct sockaddr_ll *)*sap)->sll_ifindex = nlm_index;
-		((struct sockaddr_ll *)*sap)->sll_hatype = ifim->ifi_type;
-		data += NLMSG_ALIGN(sa_len);
-	      }
-	      break;
-	    case IFLA_IFNAME:/* Name of Interface */
-	      if (!build)
-		nlen += NLMSG_ALIGN(rtapayload + 1);
-	      else{
-		ifa->ifa_name = ifname;
-		if (iflist[nlm_index] == NULL)
-		  iflist[nlm_index] = ifa->ifa_name;
-		strncpy(ifa->ifa_name, rtadata, rtapayload);
-		ifa->ifa_name[rtapayload] = '\0';
-		ifname += NLMSG_ALIGN(rtapayload + 1);
-	      }
-	      break;
-	    case IFLA_STATS:/* Statistics of Interface */
-	      if (!build)
-		xlen += NLMSG_ALIGN(rtapayload);
-	      else{
-		ifa->ifa_data = xdata;
-		memcpy(ifa->ifa_data, rtadata, rtapayload);
-		xdata += NLMSG_ALIGN(rtapayload);
-	      }
-	      break;
-	    case IFLA_UNSPEC:
-	      break;
-	    case IFLA_MTU:
-	      break;
-	    case IFLA_LINK:
-	      break;
-	    case IFLA_QDISC:
-	      break;
-	    default:
-	      break;
-	    }
-	    break;
-	  case RTM_NEWADDR:
-	    if (nlm_family == AF_PACKET) break;
-	    switch(rta->rta_type){
-	    case IFA_ADDRESS:
-		ifamap.address = rtadata;
-		ifamap.address_len = rtapayload;
-		break;
-	    case IFA_LOCAL:
-		ifamap.local = rtadata;
-		ifamap.local_len = rtapayload;
-		break;
-	    case IFA_BROADCAST:
-		ifamap.broadcast = rtadata;
-		ifamap.broadcast_len = rtapayload;
-		break;
-#ifdef HAVE_IFADDRS_IFA_ANYCAST
-	    case IFA_ANYCAST:
-		ifamap.anycast = rtadata;
-		ifamap.anycast_len = rtapayload;
-		break;
-#endif
-	    case IFA_LABEL:
-	      if (!build)
-		nlen += NLMSG_ALIGN(rtapayload + 1);
-	      else{
-		ifa->ifa_name = ifname;
-		if (iflist[nlm_index] == NULL)
-		  iflist[nlm_index] = ifname;
-		strncpy(ifa->ifa_name, rtadata, rtapayload);
-		ifa->ifa_name[rtapayload] = '\0';
-		ifname += NLMSG_ALIGN(rtapayload + 1);
-	      }
-	      break;
-	    case IFA_UNSPEC:
-	      break;
-	    case IFA_CACHEINFO:
-	      break;
-	    default:
-	      break;
-	    }
-	  }
-	}
-	if (nlh->nlmsg_type == RTM_NEWADDR &&
-	    nlm_family != AF_PACKET) {
-	  if (!ifamap.local) {
-	    ifamap.local = ifamap.address;
-	    ifamap.local_len = ifamap.address_len;
-	  }
-	  if (!ifamap.address) {
-	    ifamap.address = ifamap.local;
-	    ifamap.address_len = ifamap.local_len;
-	  }
-	  if (ifamap.address_len != ifamap.local_len ||
-	      (ifamap.address != NULL &&
-	       memcmp(ifamap.address, ifamap.local, ifamap.address_len))) {
-	    /* p2p; address is peer and local is ours */
-	    ifamap.broadcast = ifamap.address;
-	    ifamap.broadcast_len = ifamap.address_len;
-	    ifamap.address = ifamap.local;
-	    ifamap.address_len = ifamap.local_len;
-	  }
-	  if (ifamap.address) {
-#ifndef IFA_NETMASK
-	    sockaddr_size = NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.address_len));
-#endif
-	    if (!build)
-	      dlen += NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.address_len));
-	    else {
-	      ifa->ifa_addr = (struct sockaddr *)data;
-	      ifa_make_sockaddr(nlm_family, ifa->ifa_addr, ifamap.address, ifamap.address_len,
-				nlm_scope, nlm_index);
-	      data += NLMSG_ALIGN(ifa_sa_len(nlm_family, ifamap.address_len));
-	    }
-	  }
-#ifdef IFA_NETMASK
-	  if (ifamap.netmask) {
-	    if (!build)
-	      dlen += NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.netmask_len));
-	    else {
-	      ifa->ifa_netmask = (struct sockaddr *)data;
-	      ifa_make_sockaddr(nlm_family, ifa->ifa_netmask, ifamap.netmask, ifamap.netmask_len,
-				nlm_scope, nlm_index);
-	      data += NLMSG_ALIGN(ifa_sa_len(nlm_family, ifamap.netmask_len));
-	    }
-	  }
-#endif
-	  if (ifamap.broadcast) {
-	    if (!build)
-	      dlen += NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.broadcast_len));
-	    else {
-	      ifa->ifa_broadaddr = (struct sockaddr *)data;
-	      ifa_make_sockaddr(nlm_family, ifa->ifa_broadaddr, ifamap.broadcast, ifamap.broadcast_len,
-				nlm_scope, nlm_index);
-	      data += NLMSG_ALIGN(ifa_sa_len(nlm_family, ifamap.broadcast_len));
-	    }
-	  }
-#ifdef HAVE_IFADDRS_IFA_ANYCAST
-	  if (ifamap.anycast) {
-	    if (!build)
-	      dlen += NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.anycast_len));
-	    else {
-	      ifa->ifa_anycast = (struct sockaddr *)data;
-	      ifa_make_sockaddr(nlm_family, ifa->ifa_anyaddr, ifamap.anycast, ifamap.anycast_len,
-				nlm_scope, nlm_index);
-	      data += NLMSG_ALIGN(ifa_sa_len(nlm_family, ifamap.anycast_len));
-	    }
-	  }
-#endif
-	}
-	if (!build){
-#ifndef IFA_NETMASK
-	  dlen += sockaddr_size;
-#endif
-	  icnt++;
-	} else {
-	  if (ifa->ifa_name == NULL)
-	    ifa->ifa_name = iflist[nlm_index];
-#ifndef IFA_NETMASK
-	  if (ifa->ifa_addr && 
-	      ifa->ifa_addr->sa_family != AF_UNSPEC && 
-	      ifa->ifa_addr->sa_family != AF_PACKET){
-	    ifa->ifa_netmask = (struct sockaddr *)data;
-	    ifa_make_sockaddr_mask(ifa->ifa_addr->sa_family, ifa->ifa_netmask, nlm_prefixlen);
-	  }
-	  data += sockaddr_size;
-#endif
-	  ifl = ifa++;
-	}
-      }
-    }
-    if (!build){
-      if (icnt == 0 && (dlen + nlen + xlen == 0)){
-	if (ifap != NULL)
-	  *ifap = NULL;
-	break; /* cannot found any addresses */
-      }
-    }
-    else
-      free_data(NULL, ifdata);
-  }
-
-/* ---------------------------------- */
-  /* Finalize */
-  free_nlmsglist(nlmsg_list);
-  nl_close(sd);
-  return 0;
-}
-
-#else /* !AF_NETLINK */
-
-/*
- * The generic SIOCGIFCONF version.
- */
-
-static int
-getifaddrs2(struct ifaddrs **ifap, 
-	    int af, int siocgifconf, int siocgifflags,
-	    size_t ifreq_sz)
-{
-    int ret;
-    int fd;
-    size_t buf_size;
-    char *buf;
-    struct ifconf ifconf;
-    char *p;
-    size_t sz;
-    struct sockaddr sa_zero;
-    struct ifreq *ifr;
-    struct ifaddrs *start = NULL, **end = &start;
-
-    buf = NULL;
-
-    memset (&sa_zero, 0, sizeof(sa_zero));
-    fd = socket(af, SOCK_DGRAM, 0);
-    if (fd < 0)
-	return -1;
-
-    buf_size = 8192;
-    for (;;) {
-	buf = calloc(1, buf_size);
-	if (buf == NULL) {
-	    ret = ENOMEM;
-	    goto error_out;
-	}
-	ifconf.ifc_len = buf_size;
-	ifconf.ifc_buf = buf;
-
-	/*
-	 * Solaris returns EINVAL when the buffer is too small.
-	 */
-	if (ioctl (fd, siocgifconf, &ifconf) < 0 && errno != EINVAL) {
-	    ret = errno;
-	    goto error_out;
-	}
-	/*
-	 * Can the difference between a full and a overfull buf
-	 * be determined?
-	 */
-
-	if (ifconf.ifc_len < buf_size)
-	    break;
-	free (buf);
-	buf_size *= 2;
-    }
-
-    for (p = ifconf.ifc_buf;
-	 p < ifconf.ifc_buf + ifconf.ifc_len;
-	 p += sz) {
-	struct ifreq ifreq;
-	struct sockaddr *sa;
-	size_t salen;
-
-	ifr = (struct ifreq *)p;
-	sa  = &ifr->ifr_addr;
-
-	sz = ifreq_sz;
-	salen = sizeof(struct sockaddr);
-#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
-	salen = sa->sa_len;
-	sz = max(sz, sizeof(ifr->ifr_name) + sa->sa_len);
-#endif
-#ifdef SA_LEN
-	salen = SA_LEN(sa);
-	sz = max(sz, sizeof(ifr->ifr_name) + SA_LEN(sa));
-#endif
-	memset (&ifreq, 0, sizeof(ifreq));
-	memcpy (ifreq.ifr_name, ifr->ifr_name, sizeof(ifr->ifr_name));
-
-	if (ioctl(fd, siocgifflags, &ifreq) < 0) {
-	    ret = errno;
-	    goto error_out;
-	}
-
-	*end = malloc(sizeof(**end));
-	if (*end == NULL) {
-	    ret = ENOMEM;
-	    goto error_out;
-	}
-
-	(*end)->ifa_next = NULL;
-	(*end)->ifa_name = strdup(ifr->ifr_name);
-	if ((*end)->ifa_name == NULL) {
-	    ret = ENOMEM;
-	    goto error_out;
-	}
-	(*end)->ifa_flags = ifreq.ifr_flags;
-	(*end)->ifa_addr = malloc(salen);
-	if ((*end)->ifa_addr == NULL) {
-	    ret = ENOMEM;
-	    goto error_out;
-	}
-	memcpy((*end)->ifa_addr, sa, salen);
-	(*end)->ifa_netmask = NULL;
-
-#if 0
-	/* fix these when we actually need them */
-	if(ifreq.ifr_flags & IFF_BROADCAST) {
-	    (*end)->ifa_broadaddr = malloc(sizeof(ifr->ifr_broadaddr));
-	    if ((*end)->ifa_broadaddr == NULL) {
-		ret = ENOMEM;
-		goto error_out;
-	    }
-	    memcpy((*end)->ifa_broadaddr, &ifr->ifr_broadaddr, 
-		   sizeof(ifr->ifr_broadaddr));
-	} else if(ifreq.ifr_flags & IFF_POINTOPOINT) {
-	    (*end)->ifa_dstaddr = malloc(sizeof(ifr->ifr_dstaddr));
-	    if ((*end)->ifa_dstaddr == NULL) {
-		ret = ENOMEM;
-		goto error_out;
-	    }
-	    memcpy((*end)->ifa_dstaddr, &ifr->ifr_dstaddr, 
-		   sizeof(ifr->ifr_dstaddr));
-	} else
-	    (*end)->ifa_dstaddr = NULL;
-#else
-	    (*end)->ifa_dstaddr = NULL;
-#endif
-
-	(*end)->ifa_data = NULL;
-
-	end = &(*end)->ifa_next;
-	
-    }
-    *ifap = start;
-    close(fd);
-    free(buf);
-    return 0;
-  error_out:
-    rk_freeifaddrs(start);
-    close(fd);
-    free(buf);
-    errno = ret;
-    return -1;
-}
-
-#if defined(HAVE_IPV6) && defined(SIOCGLIFCONF) && defined(SIOCGLIFFLAGS)
-static int
-getlifaddrs2(struct ifaddrs **ifap, 
-	     int af, int siocgifconf, int siocgifflags,
-	     size_t ifreq_sz)
-{
-    int ret;
-    int fd;
-    size_t buf_size;
-    char *buf;
-    struct lifconf ifconf;
-    char *p;
-    size_t sz;
-    struct sockaddr sa_zero;
-    struct lifreq *ifr;
-    struct ifaddrs *start = NULL, **end = &start;
-
-    buf = NULL;
-
-    memset (&sa_zero, 0, sizeof(sa_zero));
-    fd = socket(af, SOCK_DGRAM, 0);
-    if (fd < 0)
-	return -1;
-
-    buf_size = 8192;
-    for (;;) {
-	buf = calloc(1, buf_size);
-	if (buf == NULL) {
-	    ret = ENOMEM;
-	    goto error_out;
-	}
-#ifndef __hpux
-	ifconf.lifc_family = AF_UNSPEC;
-	ifconf.lifc_flags  = 0;
-#endif
-	ifconf.lifc_len    = buf_size;
-	ifconf.lifc_buf    = buf;
-
-	/*
-	 * Solaris returns EINVAL when the buffer is too small.
-	 */
-	if (ioctl (fd, siocgifconf, &ifconf) < 0 && errno != EINVAL) {
-	    ret = errno;
-	    goto error_out;
-	}
-	/*
-	 * Can the difference between a full and a overfull buf
-	 * be determined?
-	 */
-
-	if (ifconf.lifc_len < buf_size)
-	    break;
-	free (buf);
-	buf_size *= 2;
-    }
-
-    for (p = ifconf.lifc_buf;
-	 p < ifconf.lifc_buf + ifconf.lifc_len;
-	 p += sz) {
-	struct lifreq ifreq;
-	struct sockaddr_storage *sa;
-	size_t salen;
-
-	ifr = (struct lifreq *)p;
-	sa  = &ifr->lifr_addr;
-
-	sz = ifreq_sz;
-	salen = sizeof(struct sockaddr_storage);
-#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
-	salen = sa->sa_len;
-	sz = max(sz, sizeof(ifr->ifr_name) + sa->sa_len);
-#endif
-#ifdef SA_LEN
-	salen = SA_LEN(sa);
-	sz = max(sz, sizeof(ifr->ifr_name) + SA_LEN(sa));
-#endif
-	memset (&ifreq, 0, sizeof(ifreq));
-	memcpy (ifreq.lifr_name, ifr->lifr_name, sizeof(ifr->lifr_name));
-
-	if (ioctl(fd, siocgifflags, &ifreq) < 0) {
-	    ret = errno;
-	    goto error_out;
-	}
-
-	*end = malloc(sizeof(**end));
-	if (*end == NULL) {
-	    ret = ENOMEM;
-	    goto error_out;
-	}
-
-	(*end)->ifa_next = NULL;
-	(*end)->ifa_name = strdup(ifr->lifr_name);
-	if ((*end)->ifa_name == NULL) {
-	    ret = ENOMEM;
-	    goto error_out;
-	}
-	(*end)->ifa_flags = ifreq.lifr_flags;
-	(*end)->ifa_addr = malloc(salen);
-	if ((*end)->ifa_addr == NULL) {
-	    ret = ENOMEM;
-	    goto error_out;
-	}
-	memcpy((*end)->ifa_addr, sa, salen);
-	(*end)->ifa_netmask = NULL;
-
-#if 0
-	/* fix these when we actually need them */
-	if(ifreq.ifr_flags & IFF_BROADCAST) {
-	    (*end)->ifa_broadaddr = malloc(sizeof(ifr->ifr_broadaddr));
-	    if ((*end)->ifa_broadaddr == NULL) {
-		ret = ENOMEM;
-		goto error_out;
-	    }
-	    memcpy((*end)->ifa_broadaddr, &ifr->ifr_broadaddr, 
-		   sizeof(ifr->ifr_broadaddr));
-	} else if(ifreq.ifr_flags & IFF_POINTOPOINT) {
-	    (*end)->ifa_dstaddr = malloc(sizeof(ifr->ifr_dstaddr));
-	    if ((*end)->ifa_dstaddr == NULL) {
-		ret = ENOMEM;
-		goto error_out;
-	    }
-	    memcpy((*end)->ifa_dstaddr, &ifr->ifr_dstaddr, 
-		   sizeof(ifr->ifr_dstaddr));
-	} else
-	    (*end)->ifa_dstaddr = NULL;
-#else
-	    (*end)->ifa_dstaddr = NULL;
-#endif
-
-	(*end)->ifa_data = NULL;
-
-	end = &(*end)->ifa_next;
-	
-    }
-    *ifap = start;
-    close(fd);
-    free(buf);
-    return 0;
-  error_out:
-    rk_freeifaddrs(start);
-    close(fd);
-    free(buf);
-    errno = ret;
-    return -1;
-}
-#endif /* defined(HAVE_IPV6) && defined(SIOCGLIFCONF) && defined(SIOCGLIFFLAGS) */
-
-int ROKEN_LIB_FUNCTION
-rk_getifaddrs(struct ifaddrs **ifap) 
-{
-    int ret = -1;
-    errno = ENXIO;
-#if defined(AF_INET6) && defined(SIOCGIF6CONF) && defined(SIOCGIF6FLAGS)
-    if (ret)
-	ret = getifaddrs2 (ifap, AF_INET6, SIOCGIF6CONF, SIOCGIF6FLAGS,
-			   sizeof(struct in6_ifreq));
-#endif
-#if defined(HAVE_IPV6) && defined(SIOCGLIFCONF) && defined(SIOCGLIFFLAGS)
-    if (ret)
-	ret = getlifaddrs2 (ifap, AF_INET6, SIOCGLIFCONF, SIOCGLIFFLAGS,
-			    sizeof(struct lifreq));
-#endif
-#if defined(HAVE_IPV6) && defined(SIOCGIFCONF)
-    if (ret)
-	ret = getifaddrs2 (ifap, AF_INET6, SIOCGIFCONF, SIOCGIFFLAGS,
-			   sizeof(struct ifreq));
-#endif
-#if defined(AF_INET) && defined(SIOCGIFCONF) && defined(SIOCGIFFLAGS)
-    if (ret)
-	ret = getifaddrs2 (ifap, AF_INET, SIOCGIFCONF, SIOCGIFFLAGS,
-			   sizeof(struct ifreq));
-#endif
-    return ret;
-}
-
-#endif /* !AF_NETLINK */
-
-void ROKEN_LIB_FUNCTION
-rk_freeifaddrs(struct ifaddrs *ifp)
-{
-    struct ifaddrs *p, *q;
-    
-    for(p = ifp; p; ) {
-	free(p->ifa_name);
-	if(p->ifa_addr)
-	    free(p->ifa_addr);
-	if(p->ifa_dstaddr) 
-	    free(p->ifa_dstaddr);
-	if(p->ifa_netmask) 
-	    free(p->ifa_netmask);
-	if(p->ifa_data)
-	    free(p->ifa_data);
-	q = p;
-	p = p->ifa_next;
-	free(q);
-    }
-}
-
-#ifdef TEST
-
-void
-print_addr(const char *s, struct sockaddr *sa)
-{
-    int i;
-    printf("  %s=%d/", s, sa->sa_family);
-#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
-    for(i = 0; i < sa->sa_len - ((long)sa->sa_data - (long)&sa->sa_family); i++)
-	printf("%02x", ((unsigned char*)sa->sa_data)[i]);
-#else
-    for(i = 0; i < sizeof(sa->sa_data); i++) 
-	printf("%02x", ((unsigned char*)sa->sa_data)[i]);
-#endif
-    printf("\n");
-}
-
-void 
-print_ifaddrs(struct ifaddrs *x)
-{
-    struct ifaddrs *p;
-    
-    for(p = x; p; p = p->ifa_next) {
-	printf("%s\n", p->ifa_name);
-	printf("  flags=%x\n", p->ifa_flags);
-	if(p->ifa_addr)
-	    print_addr("addr", p->ifa_addr);
-	if(p->ifa_dstaddr) 
-	    print_addr("dstaddr", p->ifa_dstaddr);
-	if(p->ifa_netmask) 
-	    print_addr("netmask", p->ifa_netmask);
-	printf("  %p\n", p->ifa_data);
-    }
-}
-
-int
-main()
-{
-    struct ifaddrs *a = NULL, *b;
-    getifaddrs2(&a, AF_INET, SIOCGIFCONF, SIOCGIFFLAGS, sizeof(struct ifreq));
-    print_ifaddrs(a);
-    printf("---\n");
-    getifaddrs(&b);
-    print_ifaddrs(b);
-    return 0;
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/getipnodebyaddr.c b/crypto/heimdal/lib/roken/getipnodebyaddr.c
deleted file mode 100644
index 56ae860aff15..000000000000
--- a/crypto/heimdal/lib/roken/getipnodebyaddr.c
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: getipnodebyaddr.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-/*
- * lookup `src, len' (address family `af') in DNS and return a pointer
- * to a malloced struct hostent or NULL.
- */
-
-struct hostent * ROKEN_LIB_FUNCTION
-getipnodebyaddr (const void *src, size_t len, int af, int *error_num)
-{
-    struct hostent *tmp;
-
-    tmp = gethostbyaddr (src, len, af);
-    if (tmp == NULL) {
-	switch (h_errno) {
-	case HOST_NOT_FOUND :
-	case TRY_AGAIN :
-	case NO_RECOVERY :
-	    *error_num = h_errno;
-	    break;
-	case NO_DATA :
-	    *error_num = NO_ADDRESS;
-	    break;
-	default :
-	    *error_num = NO_RECOVERY;
-	    break;
-	}
-	return NULL;
-    }
-    tmp = copyhostent (tmp);
-    if (tmp == NULL) {
-	*error_num = TRY_AGAIN;
-	return NULL;
-    }
-    return tmp;
-}
diff --git a/crypto/heimdal/lib/roken/getipnodebyname.c b/crypto/heimdal/lib/roken/getipnodebyname.c
deleted file mode 100644
index 739b329e21a2..000000000000
--- a/crypto/heimdal/lib/roken/getipnodebyname.c
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: getipnodebyname.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-#ifndef HAVE_H_ERRNO
-static int h_errno = NO_RECOVERY;
-#endif
-
-/*
- * lookup `name' (address family `af') in DNS and return a pointer
- * to a malloced struct hostent or NULL.
- */
-
-struct hostent * ROKEN_LIB_FUNCTION
-getipnodebyname (const char *name, int af, int flags, int *error_num)
-{
-    struct hostent *tmp;
-
-#ifdef HAVE_GETHOSTBYNAME2
-    tmp = gethostbyname2 (name, af);
-#else
-    if (af != AF_INET) {
-	*error_num = NO_ADDRESS;
-	return NULL;
-    }
-    tmp = gethostbyname (name);
-#endif
-    if (tmp == NULL) {
-	switch (h_errno) {
-	case HOST_NOT_FOUND :
-	case TRY_AGAIN :
-	case NO_RECOVERY :
-	    *error_num = h_errno;
-	    break;
-	case NO_DATA :
-	    *error_num = NO_ADDRESS;
-	    break;
-	default :
-	    *error_num = NO_RECOVERY;
-	    break;
-	}
-	return NULL;
-    }
-    tmp = copyhostent (tmp);
-    if (tmp == NULL) {
-	*error_num = TRY_AGAIN;
-	return NULL;
-    }
-    return tmp;
-}
diff --git a/crypto/heimdal/lib/roken/getnameinfo.c b/crypto/heimdal/lib/roken/getnameinfo.c
deleted file mode 100644
index 4f820f0a74a0..000000000000
--- a/crypto/heimdal/lib/roken/getnameinfo.c
+++ /dev/null
@@ -1,127 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: getnameinfo.c 15412 2005-06-16 16:53:09Z lha $");
-#endif
-
-#include "roken.h"
-
-static int
-doit (int af,
-      const void *addr,
-      size_t addrlen,
-      int port,
-      char *host, size_t hostlen,
-      char *serv, size_t servlen,
-      int flags)
-{
-    if (host != NULL) {
-	if (flags & NI_NUMERICHOST) {
-	    if (inet_ntop (af, addr, host, hostlen) == NULL)
-		return EAI_SYSTEM;
-	} else {
-	    struct hostent *he = gethostbyaddr (addr,
-						addrlen,
-						af);
-	    if (he != NULL) {
-		strlcpy (host, hostent_find_fqdn(he), hostlen);
-		if (flags & NI_NOFQDN) {
-		    char *dot = strchr (host, '.');
-		    if (dot != NULL)
-			*dot = '\0';
-		}
-	    } else if (flags & NI_NAMEREQD) {
-		return EAI_NONAME;
-	    } else if (inet_ntop (af, addr, host, hostlen) == NULL)
-		return EAI_SYSTEM;
-	}
-    }
-
-    if (serv != NULL) {
-	if (flags & NI_NUMERICSERV) {
-	    snprintf (serv, servlen, "%u", ntohs(port));
-	} else {
-	    const char *proto = "tcp";
-	    struct servent *se;
-
-	    if (flags & NI_DGRAM)
-		proto = "udp";
-
-	    se = getservbyport (port, proto);
-	    if (se == NULL) {
-		snprintf (serv, servlen, "%u", ntohs(port));
-	    } else {
-		strlcpy (serv, se->s_name, servlen);
-	    }
-	}
-    }
-    return 0;
-}
-
-/*
- *
- */
-
-int ROKEN_LIB_FUNCTION
-getnameinfo(const struct sockaddr *sa, socklen_t salen,
-	    char *host, size_t hostlen,
-	    char *serv, size_t servlen,
-	    int flags)
-{
-    switch (sa->sa_family) {
-#ifdef HAVE_IPV6
-    case AF_INET6 : {
-	const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa;
-
-	return doit (AF_INET6, &sin6->sin6_addr, sizeof(sin6->sin6_addr),
-		     sin6->sin6_port,
-		     host, hostlen,
-		     serv, servlen,
-		     flags);
-    }
-#endif
-    case AF_INET : {
-	const struct sockaddr_in *sin4 = (const struct sockaddr_in *)sa;
-
-	return doit (AF_INET, &sin4->sin_addr, sizeof(sin4->sin_addr),
-		     sin4->sin_port,
-		     host, hostlen,
-		     serv, servlen,
-		     flags);
-    }
-    default :
-	return EAI_FAMILY;
-    }
-}
diff --git a/crypto/heimdal/lib/roken/getnameinfo_verified.c b/crypto/heimdal/lib/roken/getnameinfo_verified.c
deleted file mode 100644
index 91f938a8b22a..000000000000
--- a/crypto/heimdal/lib/roken/getnameinfo_verified.c
+++ /dev/null
@@ -1,92 +0,0 @@
-/*
- * Copyright (c) 1999 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: getnameinfo_verified.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-/*
- * Try to obtain a verified name for the address in `sa, salen' (much
- * similar to getnameinfo).
- * Verified in this context means that forwards and backwards lookups
- * in DNS are consistent.  If that fails, return an error if the
- * NI_NAMEREQD flag is set or return the numeric address as a string.
- */
-
-int ROKEN_LIB_FUNCTION
-getnameinfo_verified(const struct sockaddr *sa, socklen_t salen,
-		     char *host, size_t hostlen,
-		     char *serv, size_t servlen,
-		     int flags)
-{
-    int ret;
-    struct addrinfo *ai, *a;
-    char servbuf[NI_MAXSERV];
-    struct addrinfo hints;
-
-    if (host == NULL)
-	return EAI_NONAME;
-
-    if (serv == NULL) {
-	serv = servbuf;
-	servlen = sizeof(servbuf);
-    }
-
-    ret = getnameinfo (sa, salen, host, hostlen, serv, servlen,
-		       flags | NI_NUMERICSERV);
-    if (ret)
-	goto fail;
-
-    memset (&hints, 0, sizeof(hints));
-    hints.ai_socktype = SOCK_STREAM;
-    ret = getaddrinfo (host, serv, &hints, &ai);
-    if (ret)
-	goto fail;
-    for (a = ai; a != NULL; a = a->ai_next) {
-	if (a->ai_addrlen == salen
-	    && memcmp (a->ai_addr, sa, salen) == 0) {
-	    freeaddrinfo (ai);
-	    return 0;
-	}
-    }
-    freeaddrinfo (ai);
- fail:
-    if (flags & NI_NAMEREQD)
-	return EAI_NONAME;
-    ret = getnameinfo (sa, salen, host, hostlen, serv, servlen,
-		       flags | NI_NUMERICSERV | NI_NUMERICHOST);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/getopt.c b/crypto/heimdal/lib/roken/getopt.c
deleted file mode 100644
index 12bf138d0263..000000000000
--- a/crypto/heimdal/lib/roken/getopt.c
+++ /dev/null
@@ -1,124 +0,0 @@
-/*
- * Copyright (c) 1987, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#if defined(LIBC_SCCS) && !defined(lint)
-static char sccsid[] = "@(#)getopt.c	8.1 (Berkeley) 6/4/93";
-#endif /* LIBC_SCCS and not lint */
-
-#ifndef __STDC__
-#define const
-#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-/*
- * get option letter from argument vector
- */
-int	opterr = 1,		/* if error message should be printed */
-	optind = 1,		/* index into parent argv vector */
-	optopt,			/* character checked for validity */
-	optreset;		/* reset getopt */
-char	*optarg;		/* argument associated with option */
-
-#define	BADCH	(int)'?'
-#define	BADARG	(int)':'
-#define	EMSG	""
-
-int ROKEN_LIB_FUNCTION
-getopt(nargc, nargv, ostr)
-	int nargc;
-	char * const *nargv;
-	const char *ostr;
-{
-	static char *place = EMSG;		/* option letter processing */
-	char *oli;			/* option letter list index */
-	char *p;
-
-	if (optreset || !*place) {		/* update scanning pointer */
-		optreset = 0;
-		if (optind >= nargc || *(place = nargv[optind]) != '-') {
-			place = EMSG;
-			return(-1);
-		}
-		if (place[1] && *++place == '-') {	/* found "--" */
-			++optind;
-			place = EMSG;
-			return(-1);
-		}
-	}					/* option letter okay? */
-	if ((optopt = (int)*place++) == (int)':' ||
-	    !(oli = strchr(ostr, optopt))) {
-		/*
-		 * if the user didn't specify '-' as an option,
-		 * assume it means -1 (EOF).
-		 */
-		if (optopt == (int)'-')
-			return(-1);
-		if (!*place)
-			++optind;
-		if (opterr && *ostr != ':') {
-			if (!(p = strrchr(*nargv, '/')))
-				p = *nargv;
-			else
-				++p;
-			fprintf(stderr, "%s: illegal option -- %c\n",
-			    p, optopt);
-		}
-		return(BADCH);
-	}
-	if (*++oli != ':') {			/* don't need argument */
-		optarg = NULL;
-		if (!*place)
-			++optind;
-	}
-	else {					/* need an argument */
-		if (*place)			/* no white space */
-			optarg = place;
-		else if (nargc <= ++optind) {	/* no arg */
-			place = EMSG;
-			if (!(p = strrchr(*nargv, '/')))
-				p = *nargv;
-			else
-				++p;
-			if (*ostr == ':')
-				return(BADARG);
-			if (opterr)
-				fprintf(stderr,
-				    "%s: option requires an argument -- %c\n",
-				    p, optopt);
-			return(BADCH);
-		}
-	 	else				/* white space */
-			optarg = nargv[optind];
-		place = EMSG;
-		++optind;
-	}
-	return(optopt);				/* dump back option letter */
-}
diff --git a/crypto/heimdal/lib/roken/getprogname.c b/crypto/heimdal/lib/roken/getprogname.c
deleted file mode 100644
index 6d0bfeec9ba1..000000000000
--- a/crypto/heimdal/lib/roken/getprogname.c
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * Copyright (c) 1995-2004 Kungliga Tekniska H�gskolan 
- * (Royal Institute of Technology, Stockholm, Sweden).  
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: getprogname.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-#ifndef HAVE___PROGNAME
-const char *__progname;
-#endif
-
-#ifndef HAVE_GETPROGNAME
-const char * ROKEN_LIB_FUNCTION
-getprogname(void)
-{
-    return __progname;
-}
-#endif /* HAVE_GETPROGNAME */
diff --git a/crypto/heimdal/lib/roken/gettimeofday.c b/crypto/heimdal/lib/roken/gettimeofday.c
deleted file mode 100644
index d8e4e750026a..000000000000
--- a/crypto/heimdal/lib/roken/gettimeofday.c
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-#ifndef HAVE_GETTIMEOFDAY
-
-RCSID("$Id: gettimeofday.c 14773 2005-04-12 11:29:18Z lha $");
-
-/*
- * Simple gettimeofday that only returns seconds.
- */
-int ROKEN_LIB_FUNCTION
-gettimeofday (struct timeval *tp, void *ignore)
-{
-     time_t t;
-
-     t = time(NULL);
-     tp->tv_sec  = t;
-     tp->tv_usec = 0;
-     return 0;
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/getuid.c b/crypto/heimdal/lib/roken/getuid.c
deleted file mode 100644
index f558ab6815dd..000000000000
--- a/crypto/heimdal/lib/roken/getuid.c
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-
-#ifndef HAVE_GETUID
-
-RCSID("$Id: getuid.c 14773 2005-04-12 11:29:18Z lha $");
-
-int ROKEN_LIB_FUNCTION
-getuid(void)
-{
-    return 17;
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/getusershell.c b/crypto/heimdal/lib/roken/getusershell.c
deleted file mode 100644
index 8def1ca10f8a..000000000000
--- a/crypto/heimdal/lib/roken/getusershell.c
+++ /dev/null
@@ -1,189 +0,0 @@
-/*
- * Copyright (c) 1985, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-RCSID("$Id: getusershell.c 21005 2007-06-08 01:54:35Z lha $");
-
-#ifndef HAVE_GETUSERSHELL
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#ifdef HAVE_PATHS_H
-#include <paths.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-#include <sys/stat.h>
-#endif
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-
-#ifdef HAVE_USERSEC_H
-struct aud_rec;
-#include <usersec.h>
-#endif
-#ifdef HAVE_USERCONF_H
-#include <userconf.h>
-#endif
-#include "roken.h"
-
-#ifndef _PATH_SHELLS
-#define _PATH_SHELLS "/etc/shells"
-#endif
-
-#ifndef _PATH_BSHELL
-#define _PATH_BSHELL "/bin/sh"
-#endif
-
-#ifndef _PATH_CSHELL
-#define _PATH_CSHELL "/bin/csh"
-#endif
-
-/*
- * Local shells should NOT be added here.  They should be added in
- * /etc/shells.
- */
-
-static char *okshells[] = { _PATH_BSHELL, _PATH_CSHELL, NULL };
-static char **curshell, **shells, *strings;
-static char **initshells (void);
-
-/*
- * Get a list of shells from _PATH_SHELLS, if it exists.
- */
-char * ROKEN_LIB_FUNCTION
-getusershell()
-{
-    char *ret;
-
-    if (curshell == NULL)
-	curshell = initshells();
-    ret = *curshell;
-    if (ret != NULL)
-	curshell++;
-    return (ret);
-}
-
-void ROKEN_LIB_FUNCTION
-endusershell()
-{
-    if (shells != NULL)
-	free(shells);
-    shells = NULL;
-    if (strings != NULL)
-	free(strings);
-    strings = NULL;
-    curshell = NULL;
-}
-
-void ROKEN_LIB_FUNCTION
-setusershell()
-{
-    curshell = initshells();
-}
-
-static char **
-initshells()
-{
-    char **sp, *cp;
-#ifdef HAVE_GETCONFATTR
-    char *tmp;
-    int nsh;
-#else
-    FILE *fp;
-#endif
-    struct stat statb;
-
-    free(shells);
-    shells = NULL;
-    free(strings);
-    strings = NULL;
-#ifdef HAVE_GETCONFATTR
-    if(getconfattr(SC_SYS_LOGIN, SC_SHELLS, &tmp, SEC_LIST) != 0)
-	return okshells;
-
-    for(cp = tmp, nsh = 0; *cp; cp += strlen(cp) + 1, nsh++);
-
-    shells = calloc(nsh + 1, sizeof(*shells));
-    if(shells == NULL)
-	return okshells;
-
-    strings = malloc(cp - tmp);
-    if(strings == NULL) {
-	free(shells);
-	shells = NULL;
-	return okshells;
-    }
-    memcpy(strings, tmp, cp - tmp);
-    for(sp = shells, cp = strings; *cp; cp += strlen(cp) + 1, sp++)
-	*sp = cp;
-#else
-    if ((fp = fopen(_PATH_SHELLS, "r")) == NULL)
-	return (okshells);
-    if (fstat(fileno(fp), &statb) == -1) {
-	fclose(fp);
-	return (okshells);
-    }
-    if ((strings = malloc((u_int)statb.st_size)) == NULL) {
-	fclose(fp);
-	return (okshells);
-    }
-    shells = calloc((unsigned)statb.st_size / 3, sizeof (char *));
-    if (shells == NULL) {
-	fclose(fp);
-	free(strings);
-	strings = NULL;
-	return (okshells);
-    }
-    sp = shells;
-    cp = strings;
-    while (fgets(cp, MaxPathLen + 1, fp) != NULL) {
-	while (*cp != '#' && *cp != '/' && *cp != '\0')
-	    cp++;
-	if (*cp == '#' || *cp == '\0')
-	    continue;
-	*sp++ = cp;
-	while (!isspace((unsigned char)*cp) && *cp != '#' && *cp != '\0')
-	    cp++;
-	*cp++ = '\0';
-    }
-    fclose(fp);
-#endif
-    *sp = NULL;
-    return (shells);
-}
-#endif /* HAVE_GETUSERSHELL */
diff --git a/crypto/heimdal/lib/roken/glob.c b/crypto/heimdal/lib/roken/glob.c
deleted file mode 100644
index 803eda17d1e7..000000000000
--- a/crypto/heimdal/lib/roken/glob.c
+++ /dev/null
@@ -1,850 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * This code is derived from software contributed to Berkeley by
- * Guido van Rossum.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/*
- * glob(3) -- a superset of the one defined in POSIX 1003.2.
- *
- * The [!...] convention to negate a range is supported (SysV, Posix, ksh).
- *
- * Optional extra services, controlled by flags not defined by POSIX:
- *
- * GLOB_QUOTE:
- *	Escaping convention: \ inhibits any special meaning the following
- *	character might have (except \ at end of string is retained).
- * GLOB_MAGCHAR:
- *	Set in gl_flags if pattern contained a globbing character.
- * GLOB_NOMAGIC:
- *	Same as GLOB_NOCHECK, but it will only append pattern if it did
- *	not contain any magic characters.  [Used in csh style globbing]
- * GLOB_ALTDIRFUNC:
- *	Use alternately specified directory access functions.
- * GLOB_TILDE:
- *	expand ~user/foo to the /home/dir/of/user/foo
- * GLOB_BRACE:
- *	expand {1,2}{a,b} to 1a 1b 2a 2b 
- * gl_matchc:
- *	Number of matches in the current invocation of glob.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-#include <sys/stat.h>
-#endif
-
-#include <ctype.h>
-#ifdef HAVE_DIRENT_H
-#include <dirent.h>
-#endif
-#include <errno.h>
-#ifdef HAVE_PWD_H
-#include <pwd.h>
-#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_LIMITS_H
-#include <limits.h>
-#endif
-
-#include "glob.h"
-#include "roken.h"
-
-#ifndef ARG_MAX
-#define ARG_MAX _POSIX_ARG_MAX
-#endif
-
-#define	CHAR_DOLLAR		'$'
-#define	CHAR_DOT		'.'
-#define	CHAR_EOS		'\0'
-#define	CHAR_LBRACKET		'['
-#define	CHAR_NOT		'!'
-#define	CHAR_QUESTION		'?'
-#define	CHAR_QUOTE		'\\'
-#define	CHAR_RANGE		'-'
-#define	CHAR_RBRACKET		']'
-#define	CHAR_SEP		'/'
-#define	CHAR_STAR		'*'
-#define	CHAR_TILDE		'~'
-#define	CHAR_UNDERSCORE		'_'
-#define	CHAR_LBRACE		'{'
-#define	CHAR_RBRACE		'}'
-#define	CHAR_SLASH		'/'
-#define	CHAR_COMMA		','
-
-#ifndef DEBUG
-
-#define	M_QUOTE		0x8000
-#define	M_PROTECT	0x4000
-#define	M_MASK		0xffff
-#define	M_ASCII		0x00ff
-
-typedef u_short Char;
-
-#else
-
-#define	M_QUOTE		0x80
-#define	M_PROTECT	0x40
-#define	M_MASK		0xff
-#define	M_ASCII		0x7f
-
-typedef char Char;
-
-#endif
-
-
-#define	CHAR(c)		((Char)((c)&M_ASCII))
-#define	META(c)		((Char)((c)|M_QUOTE))
-#define	M_ALL		META('*')
-#define	M_END		META(']')
-#define	M_NOT		META('!')
-#define	M_ONE		META('?')
-#define	M_RNG		META('-')
-#define	M_SET		META('[')
-#define	ismeta(c)	(((c)&M_QUOTE) != 0)
-
-
-static int	 compare (const void *, const void *);
-static void	 g_Ctoc (const Char *, char *);
-static int	 g_lstat (Char *, struct stat *, glob_t *);
-static DIR	*g_opendir (Char *, glob_t *);
-static Char	*g_strchr (const Char *, int);
-#ifdef notdef
-static Char	*g_strcat (Char *, const Char *);
-#endif
-static int	 g_stat (Char *, struct stat *, glob_t *);
-static int	 glob0 (const Char *, glob_t *);
-static int	 glob1 (Char *, glob_t *, size_t *);
-static int	 glob2 (Char *, Char *, Char *, glob_t *, size_t *);
-static int	 glob3 (Char *, Char *, Char *, Char *, glob_t *, size_t *);
-static int	 globextend (const Char *, glob_t *, size_t *);
-static const Char *	 globtilde (const Char *, Char *, glob_t *);
-static int	 globexp1 (const Char *, glob_t *);
-static int	 globexp2 (const Char *, const Char *, glob_t *, int *);
-static int	 match (Char *, Char *, Char *);
-#ifdef DEBUG
-static void	 qprintf (const char *, Char *);
-#endif
-
-int ROKEN_LIB_FUNCTION
-glob(const char *pattern, 
-     int flags, 
-     int (*errfunc)(const char *, int), 
-     glob_t *pglob)
-{
-	const u_char *patnext;
-	int c;
-	Char *bufnext, *bufend, patbuf[MaxPathLen+1];
-
-	patnext = (const u_char *) pattern;
-	if (!(flags & GLOB_APPEND)) {
-		pglob->gl_pathc = 0;
-		pglob->gl_pathv = NULL;
-		if (!(flags & GLOB_DOOFFS))
-			pglob->gl_offs = 0;
-	}
-	pglob->gl_flags = flags & ~GLOB_MAGCHAR;
-	pglob->gl_errfunc = errfunc;
-	pglob->gl_matchc = 0;
-
-	bufnext = patbuf;
-	bufend = bufnext + MaxPathLen;
-	if (flags & GLOB_QUOTE) {
-		/* Protect the quoted characters. */
-		while (bufnext < bufend && (c = *patnext++) != CHAR_EOS) 
-			if (c == CHAR_QUOTE) {
-				if ((c = *patnext++) == CHAR_EOS) {
-					c = CHAR_QUOTE;
-					--patnext;
-				}
-				*bufnext++ = c | M_PROTECT;
-			}
-			else
-				*bufnext++ = c;
-	}
-	else 
-	    while (bufnext < bufend && (c = *patnext++) != CHAR_EOS) 
-		    *bufnext++ = c;
-	*bufnext = CHAR_EOS;
-
-	if (flags & GLOB_BRACE)
-	    return globexp1(patbuf, pglob);
-	else
-	    return glob0(patbuf, pglob);
-}
-
-/*
- * Expand recursively a glob {} pattern. When there is no more expansion
- * invoke the standard globbing routine to glob the rest of the magic
- * characters
- */
-static int globexp1(const Char *pattern, glob_t *pglob)
-{
-	const Char* ptr = pattern;
-	int rv;
-
-	/* Protect a single {}, for find(1), like csh */
-	if (pattern[0] == CHAR_LBRACE && pattern[1] == CHAR_RBRACE && pattern[2] == CHAR_EOS)
-		return glob0(pattern, pglob);
-
-	while ((ptr = (const Char *) g_strchr(ptr, CHAR_LBRACE)) != NULL)
-		if (!globexp2(ptr, pattern, pglob, &rv))
-			return rv;
-
-	return glob0(pattern, pglob);
-}
-
-
-/*
- * Recursive brace globbing helper. Tries to expand a single brace.
- * If it succeeds then it invokes globexp1 with the new pattern.
- * If it fails then it tries to glob the rest of the pattern and returns.
- */
-static int globexp2(const Char *ptr, const Char *pattern, 
-		    glob_t *pglob, int *rv)
-{
-	int     i;
-	Char   *lm, *ls;
-	const Char *pe, *pm, *pl;
-	Char    patbuf[MaxPathLen + 1];
-
-	/* copy part up to the brace */
-	for (lm = patbuf, pm = pattern; pm != ptr; *lm++ = *pm++)
-		continue;
-	ls = lm;
-
-	/* Find the balanced brace */
-	for (i = 0, pe = ++ptr; *pe; pe++)
-		if (*pe == CHAR_LBRACKET) {
-			/* Ignore everything between [] */
-			for (pm = pe++; *pe != CHAR_RBRACKET && *pe != CHAR_EOS; pe++)
-				continue;
-			if (*pe == CHAR_EOS) {
-				/* 
-				 * We could not find a matching CHAR_RBRACKET.
-				 * Ignore and just look for CHAR_RBRACE
-				 */
-				pe = pm;
-			}
-		}
-		else if (*pe == CHAR_LBRACE)
-			i++;
-		else if (*pe == CHAR_RBRACE) {
-			if (i == 0)
-				break;
-			i--;
-		}
-
-	/* Non matching braces; just glob the pattern */
-	if (i != 0 || *pe == CHAR_EOS) {
-		*rv = glob0(patbuf, pglob);
-		return 0;
-	}
-
-	for (i = 0, pl = pm = ptr; pm <= pe; pm++)
-		switch (*pm) {
-		case CHAR_LBRACKET:
-			/* Ignore everything between [] */
-			for (pl = pm++; *pm != CHAR_RBRACKET && *pm != CHAR_EOS; pm++)
-				continue;
-			if (*pm == CHAR_EOS) {
-				/* 
-				 * We could not find a matching CHAR_RBRACKET.
-				 * Ignore and just look for CHAR_RBRACE
-				 */
-				pm = pl;
-			}
-			break;
-
-		case CHAR_LBRACE:
-			i++;
-			break;
-
-		case CHAR_RBRACE:
-			if (i) {
-			    i--;
-			    break;
-			}
-			/* FALLTHROUGH */
-		case CHAR_COMMA:
-			if (i && *pm == CHAR_COMMA)
-				break;
-			else {
-				/* Append the current string */
-				for (lm = ls; (pl < pm); *lm++ = *pl++)
-					continue;
-				/* 
-				 * Append the rest of the pattern after the
-				 * closing brace
-				 */
-				for (pl = pe + 1; (*lm++ = *pl++) != CHAR_EOS;)
-					continue;
-
-				/* Expand the current pattern */
-#ifdef DEBUG
-				qprintf("globexp2:", patbuf);
-#endif
-				*rv = globexp1(patbuf, pglob);
-
-				/* move after the comma, to the next string */
-				pl = pm + 1;
-			}
-			break;
-
-		default:
-			break;
-		}
-	*rv = 0;
-	return 0;
-}
-
-
-
-/*
- * expand tilde from the passwd file.
- */
-static const Char *
-globtilde(const Char *pattern, Char *patbuf, glob_t *pglob)
-{
-	struct passwd *pwd;
-	char *h;
-	const Char *p;
-	Char *b;
-
-	if (*pattern != CHAR_TILDE || !(pglob->gl_flags & GLOB_TILDE))
-		return pattern;
-
-	/* Copy up to the end of the string or / */
-	for (p = pattern + 1, h = (char *) patbuf; *p && *p != CHAR_SLASH; 
-	     *h++ = *p++)
-		continue;
-
-	*h = CHAR_EOS;
-
-	if (((char *) patbuf)[0] == CHAR_EOS) {
-		/* 
-		 * handle a plain ~ or ~/ by expanding $HOME 
-		 * first and then trying the password file
-		 */
-		if ((h = getenv("HOME")) == NULL) {
-			if ((pwd = k_getpwuid(getuid())) == NULL)
-				return pattern;
-			else
-				h = pwd->pw_dir;
-		}
-	}
-	else {
-		/*
-		 * Expand a ~user
-		 */
-		if ((pwd = k_getpwnam((char*) patbuf)) == NULL)
-			return pattern;
-		else
-			h = pwd->pw_dir;
-	}
-
-	/* Copy the home directory */
-	for (b = patbuf; *h; *b++ = *h++)
-		continue;
-	
-	/* Append the rest of the pattern */
-	while ((*b++ = *p++) != CHAR_EOS)
-		continue;
-
-	return patbuf;
-}
-	
-
-/*
- * The main glob() routine: compiles the pattern (optionally processing
- * quotes), calls glob1() to do the real pattern matching, and finally
- * sorts the list (unless unsorted operation is requested).  Returns 0
- * if things went well, nonzero if errors occurred.  It is not an error
- * to find no matches.
- */
-static int
-glob0(const Char *pattern, glob_t *pglob)
-{
-	const Char *qpatnext;
-	int c, err, oldpathc;
-	Char *bufnext, patbuf[MaxPathLen+1];
-	size_t limit = 0;
-
-	qpatnext = globtilde(pattern, patbuf, pglob);
-	oldpathc = pglob->gl_pathc;
-	bufnext = patbuf;
-
-	/* We don't need to check for buffer overflow any more. */
-	while ((c = *qpatnext++) != CHAR_EOS) {
-		switch (c) {
-		case CHAR_LBRACKET:
-			c = *qpatnext;
-			if (c == CHAR_NOT)
-				++qpatnext;
-			if (*qpatnext == CHAR_EOS ||
-			    g_strchr(qpatnext+1, CHAR_RBRACKET) == NULL) {
-				*bufnext++ = CHAR_LBRACKET;
-				if (c == CHAR_NOT)
-					--qpatnext;
-				break;
-			}
-			*bufnext++ = M_SET;
-			if (c == CHAR_NOT)
-				*bufnext++ = M_NOT;
-			c = *qpatnext++;
-			do {
-				*bufnext++ = CHAR(c);
-				if (*qpatnext == CHAR_RANGE &&
-				    (c = qpatnext[1]) != CHAR_RBRACKET) {
-					*bufnext++ = M_RNG;
-					*bufnext++ = CHAR(c);
-					qpatnext += 2;
-				}
-			} while ((c = *qpatnext++) != CHAR_RBRACKET);
-			pglob->gl_flags |= GLOB_MAGCHAR;
-			*bufnext++ = M_END;
-			break;
-		case CHAR_QUESTION:
-			pglob->gl_flags |= GLOB_MAGCHAR;
-			*bufnext++ = M_ONE;
-			break;
-		case CHAR_STAR:
-			pglob->gl_flags |= GLOB_MAGCHAR;
-			/* collapse adjacent stars to one, 
-			 * to avoid exponential behavior
-			 */
-			if (bufnext == patbuf || bufnext[-1] != M_ALL)
-			    *bufnext++ = M_ALL;
-			break;
-		default:
-			*bufnext++ = CHAR(c);
-			break;
-		}
-	}
-	*bufnext = CHAR_EOS;
-#ifdef DEBUG
-	qprintf("glob0:", patbuf);
-#endif
-
-	if ((err = glob1(patbuf, pglob, &limit)) != 0)
-		return(err);
-
-	/*
-	 * If there was no match we are going to append the pattern 
-	 * if GLOB_NOCHECK was specified or if GLOB_NOMAGIC was specified
-	 * and the pattern did not contain any magic characters
-	 * GLOB_NOMAGIC is there just for compatibility with csh.
-	 */
-	if (pglob->gl_pathc == oldpathc && 
-	    ((pglob->gl_flags & GLOB_NOCHECK) || 
-	      ((pglob->gl_flags & GLOB_NOMAGIC) &&
-	       !(pglob->gl_flags & GLOB_MAGCHAR))))
-		return(globextend(pattern, pglob, &limit));
-	else if (!(pglob->gl_flags & GLOB_NOSORT)) 
-		qsort(pglob->gl_pathv + pglob->gl_offs + oldpathc,
-		    pglob->gl_pathc - oldpathc, sizeof(char *), compare);
-	return(0);
-}
-
-static int
-compare(const void *p, const void *q)
-{
-	return(strcmp(*(char **)p, *(char **)q));
-}
-
-static int
-glob1(Char *pattern, glob_t *pglob, size_t *limit)
-{
-	Char pathbuf[MaxPathLen+1];
-
-	/* A null pathname is invalid -- POSIX 1003.1 sect. 2.4. */
-	if (*pattern == CHAR_EOS)
-		return(0);
-	return(glob2(pathbuf, pathbuf, pattern, pglob, limit));
-}
-
-/*
- * The functions glob2 and glob3 are mutually recursive; there is one level
- * of recursion for each segment in the pattern that contains one or more
- * meta characters.
- */
-
-#ifndef S_ISLNK
-#if defined(S_IFLNK) && defined(S_IFMT)
-#define S_ISLNK(mode) (((mode) & S_IFMT) == S_IFLNK)
-#else
-#define S_ISLNK(mode) 0
-#endif
-#endif
-
-static int
-glob2(Char *pathbuf, Char *pathend, Char *pattern, glob_t *pglob,
-      size_t *limit)
-{
-	struct stat sb;
-	Char *p, *q;
-	int anymeta;
-
-	/*
-	 * Loop over pattern segments until end of pattern or until
-	 * segment with meta character found.
-	 */
-	for (anymeta = 0;;) {
-		if (*pattern == CHAR_EOS) {		/* End of pattern? */
-			*pathend = CHAR_EOS;
-			if (g_lstat(pathbuf, &sb, pglob))
-				return(0);
-		
-			if (((pglob->gl_flags & GLOB_MARK) &&
-			    pathend[-1] != CHAR_SEP) && (S_ISDIR(sb.st_mode)
-			    || (S_ISLNK(sb.st_mode) &&
-			    (g_stat(pathbuf, &sb, pglob) == 0) &&
-			    S_ISDIR(sb.st_mode)))) {
-				*pathend++ = CHAR_SEP;
-				*pathend = CHAR_EOS;
-			}
-			++pglob->gl_matchc;
-			return(globextend(pathbuf, pglob, limit));
-		}
-
-		/* Find end of next segment, copy tentatively to pathend. */
-		q = pathend;
-		p = pattern;
-		while (*p != CHAR_EOS && *p != CHAR_SEP) {
-			if (ismeta(*p))
-				anymeta = 1;
-			*q++ = *p++;
-		}
-
-		if (!anymeta) {		/* No expansion, do next segment. */
-			pathend = q;
-			pattern = p;
-			while (*pattern == CHAR_SEP)
-				*pathend++ = *pattern++;
-		} else			/* Need expansion, recurse. */
-			return(glob3(pathbuf, pathend, pattern, p, pglob,
-			    limit));
-	}
-	/* NOTREACHED */
-}
-
-static int
-glob3(Char *pathbuf, Char *pathend, Char *pattern, Char *restpattern, 
-      glob_t *pglob, size_t *limit)
-{
-	struct dirent *dp;
-	DIR *dirp;
-	int err;
-	char buf[MaxPathLen];
-
-	/*
-	 * The readdirfunc declaration can't be prototyped, because it is
-	 * assigned, below, to two functions which are prototyped in glob.h
-	 * and dirent.h as taking pointers to differently typed opaque
-	 * structures.
-	 */
-	struct dirent *(*readdirfunc)(void *);
-
-	*pathend = CHAR_EOS;
-	errno = 0;
-	    
-	if ((dirp = g_opendir(pathbuf, pglob)) == NULL) {
-		/* TODO: don't call for ENOENT or ENOTDIR? */
-		if (pglob->gl_errfunc) {
-			g_Ctoc(pathbuf, buf);
-			if (pglob->gl_errfunc(buf, errno) ||
-			    pglob->gl_flags & GLOB_ERR)
-				return (GLOB_ABEND);
-		}
-		return(0);
-	}
-
-	err = 0;
-
-	/* Search directory for matching names. */
-	if (pglob->gl_flags & GLOB_ALTDIRFUNC)
-		readdirfunc = pglob->gl_readdir;
-	else
-		readdirfunc = (struct dirent *(*)(void *))readdir;
-	while ((dp = (*readdirfunc)(dirp))) {
-		u_char *sc;
-		Char *dc;
-
-		/* Initial CHAR_DOT must be matched literally. */
-		if (dp->d_name[0] == CHAR_DOT && *pattern != CHAR_DOT)
-			continue;
-		for (sc = (u_char *) dp->d_name, dc = pathend; 
-		     (*dc++ = *sc++) != CHAR_EOS;)
-			continue;
-		if (!match(pathend, pattern, restpattern)) {
-			*pathend = CHAR_EOS;
-			continue;
-		}
-		err = glob2(pathbuf, --dc, restpattern, pglob, limit);
-		if (err)
-			break;
-	}
-
-	if (pglob->gl_flags & GLOB_ALTDIRFUNC)
-		(*pglob->gl_closedir)(dirp);
-	else
-		closedir(dirp);
-	return(err);
-}
-
-
-/*
- * Extend the gl_pathv member of a glob_t structure to accomodate a new item,
- * add the new item, and update gl_pathc.
- *
- * This assumes the BSD realloc, which only copies the block when its size
- * crosses a power-of-two boundary; for v7 realloc, this would cause quadratic
- * behavior.
- *
- * Return 0 if new item added, error code if memory couldn't be allocated.
- *
- * Invariant of the glob_t structure:
- *	Either gl_pathc is zero and gl_pathv is NULL; or gl_pathc > 0 and
- *	gl_pathv points to (gl_offs + gl_pathc + 1) items.
- */
-static int
-globextend(const Char *path, glob_t *pglob, size_t *limit)
-{
-	char **pathv;
-	int i;
-	size_t newsize, len;
-	char *copy;
-	const Char *p;
-
-	newsize = sizeof(*pathv) * (2 + pglob->gl_pathc + pglob->gl_offs);
-	pathv = pglob->gl_pathv ? 
-		    realloc(pglob->gl_pathv, newsize) :
-		    malloc(newsize);
-	if (pathv == NULL)
-		return(GLOB_NOSPACE);
-
-	if (pglob->gl_pathv == NULL && pglob->gl_offs > 0) {
-		/* first time around -- clear initial gl_offs items */
-		pathv += pglob->gl_offs;
-		for (i = pglob->gl_offs; --i >= 0; )
-			*--pathv = NULL;
-	}
-	pglob->gl_pathv = pathv;
-
-	for (p = path; *p++;)
-		continue;
-	len = (size_t)(p - path);
-	*limit += len;
-	if ((copy = malloc(len)) != NULL) {
-		g_Ctoc(path, copy);
-		pathv[pglob->gl_offs + pglob->gl_pathc++] = copy;
-	}
-	pathv[pglob->gl_offs + pglob->gl_pathc] = NULL;
-
-	if ((pglob->gl_flags & GLOB_LIMIT) && (newsize + *limit) >= ARG_MAX) {
-		errno = 0;
-		return(GLOB_NOSPACE);
-	}
-
-	return(copy == NULL ? GLOB_NOSPACE : 0);
-}
-
-
-/*
- * pattern matching function for filenames.  Each occurrence of the *
- * pattern causes a recursion level.
- */
-static int
-match(Char *name, Char *pat, Char *patend)
-{
-	int ok, negate_range;
-	Char c, k;
-
-	while (pat < patend) {
-		c = *pat++;
-		switch (c & M_MASK) {
-		case M_ALL:
-			if (pat == patend)
-				return(1);
-			do 
-			    if (match(name, pat, patend))
-				    return(1);
-			while (*name++ != CHAR_EOS);
-			return(0);
-		case M_ONE:
-			if (*name++ == CHAR_EOS)
-				return(0);
-			break;
-		case M_SET:
-			ok = 0;
-			if ((k = *name++) == CHAR_EOS)
-				return(0);
-			if ((negate_range = ((*pat & M_MASK) == M_NOT)) != CHAR_EOS)
-				++pat;
-			while (((c = *pat++) & M_MASK) != M_END)
-				if ((*pat & M_MASK) == M_RNG) {
-					if (c <= k && k <= pat[1])
-						ok = 1;
-					pat += 2;
-				} else if (c == k)
-					ok = 1;
-			if (ok == negate_range)
-				return(0);
-			break;
-		default:
-			if (*name++ != c)
-				return(0);
-			break;
-		}
-	}
-	return(*name == CHAR_EOS);
-}
-
-/* Free allocated data belonging to a glob_t structure. */
-void ROKEN_LIB_FUNCTION
-globfree(glob_t *pglob)
-{
-	int i;
-	char **pp;
-
-	if (pglob->gl_pathv != NULL) {
-		pp = pglob->gl_pathv + pglob->gl_offs;
-		for (i = pglob->gl_pathc; i--; ++pp)
-			if (*pp)
-				free(*pp);
-		free(pglob->gl_pathv);
-		pglob->gl_pathv = NULL;
-	}
-}
-
-static DIR *
-g_opendir(Char *str, glob_t *pglob)
-{
-	char buf[MaxPathLen];
-
-	if (!*str)
-		strlcpy(buf, ".", sizeof(buf));
-	else
-		g_Ctoc(str, buf);
-
-	if (pglob->gl_flags & GLOB_ALTDIRFUNC)
-		return((*pglob->gl_opendir)(buf));
-
-	return(opendir(buf));
-}
-
-static int
-g_lstat(Char *fn, struct stat *sb, glob_t *pglob)
-{
-	char buf[MaxPathLen];
-
-	g_Ctoc(fn, buf);
-	if (pglob->gl_flags & GLOB_ALTDIRFUNC)
-		return((*pglob->gl_lstat)(buf, sb));
-	return(lstat(buf, sb));
-}
-
-static int
-g_stat(Char *fn, struct stat *sb, glob_t *pglob)
-{
-	char buf[MaxPathLen];
-
-	g_Ctoc(fn, buf);
-	if (pglob->gl_flags & GLOB_ALTDIRFUNC)
-		return((*pglob->gl_stat)(buf, sb));
-	return(stat(buf, sb));
-}
-
-static Char *
-g_strchr(const Char *str, int ch)
-{
-	do {
-		if (*str == ch)
-			return (Char *)str;
-	} while (*str++);
-	return (NULL);
-}
-
-#ifdef notdef
-static Char *
-g_strcat(Char *dst, const Char *src)
-{
-	Char *sdst = dst;
-
-	while (*dst++)
-		continue;
-	--dst;
-	while((*dst++ = *src++) != CHAR_EOS)
-	    continue;
-
-	return (sdst);
-}
-#endif
-
-static void
-g_Ctoc(const Char *str, char *buf)
-{
-	char *dc;
-
-	for (dc = buf; (*dc++ = *str++) != CHAR_EOS;)
-		continue;
-}
-
-#ifdef DEBUG
-static void 
-qprintf(const Char *str, Char *s)
-{
-	Char *p;
-
-	printf("%s:\n", str);
-	for (p = s; *p; p++)
-		printf("%c", CHAR(*p));
-	printf("\n");
-	for (p = s; *p; p++)
-		printf("%c", *p & M_PROTECT ? '"' : ' ');
-	printf("\n");
-	for (p = s; *p; p++)
-		printf("%c", ismeta(*p) ? '_' : ' ');
-	printf("\n");
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/glob.hin b/crypto/heimdal/lib/roken/glob.hin
deleted file mode 100644
index ffb6081046fe..000000000000
--- a/crypto/heimdal/lib/roken/glob.hin
+++ /dev/null
@@ -1,104 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * This code is derived from software contributed to Berkeley by
- * Guido van Rossum.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)glob.h	8.1 (Berkeley) 6/2/93
- */
-
-#ifndef _GLOB_H_
-#define	_GLOB_H_
-
-#ifndef ROKEN_LIB_FUNCTION
-#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
-#else
-#define ROKEN_LIB_FUNCTION
-#endif
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define glob_t rk_glob_t
-#define	glob rk_glob
-#define	globfree rk_globfree
-
-struct stat;
-typedef struct {
-	int gl_pathc;		/* Count of total paths so far. */
-	int gl_matchc;		/* Count of paths matching pattern. */
-	int gl_offs;		/* Reserved at beginning of gl_pathv. */
-	int gl_flags;		/* Copy of flags parameter to glob. */
-	char **gl_pathv;	/* List of paths matching pattern. */
-				/* Copy of errfunc parameter to glob. */
-	int (*gl_errfunc) (const char *, int);
-
-	/*
-	 * Alternate filesystem access methods for glob; replacement
-	 * versions of closedir(3), readdir(3), opendir(3), stat(2)
-	 * and lstat(2).
-	 */
-	void (*gl_closedir) (void *);
-	struct dirent *(*gl_readdir) (void *);	
-	void *(*gl_opendir) (const char *);
-	int (*gl_lstat) (const char *, struct stat *);
-	int (*gl_stat) (const char *, struct stat *);
-} glob_t;
-
-#define	GLOB_APPEND	0x0001	/* Append to output from previous call. */
-#define	GLOB_DOOFFS	0x0002	/* Use gl_offs. */
-#define	GLOB_ERR	0x0004	/* Return on error. */
-#define	GLOB_MARK	0x0008	/* Append / to matching directories. */
-#define	GLOB_NOCHECK	0x0010	/* Return pattern itself if nothing matches. */
-#define	GLOB_NOSORT	0x0020	/* Don't sort. */
-
-#define	GLOB_ALTDIRFUNC	0x0040	/* Use alternately specified directory funcs. */
-#define	GLOB_BRACE	0x0080	/* Expand braces ala csh. */
-#define	GLOB_MAGCHAR	0x0100	/* Pattern had globbing characters. */
-#define	GLOB_NOMAGIC	0x0200	/* GLOB_NOCHECK without magic chars (csh). */
-#define	GLOB_QUOTE	0x0400	/* Quote special chars with \. */
-#define	GLOB_TILDE	0x0800	/* Expand tilde names from the passwd file. */
-#define GLOB_LIMIT	0x1000	/* Limit memory used by matches to ARG_MAX */
-
-#define	GLOB_NOSPACE	(-1)	/* Malloc call failed. */
-#define	GLOB_ABEND	(-2)	/* Unignored error. */
-
-int ROKEN_LIB_FUNCTION
-glob (const char *, int, int (*)(const char *, int), glob_t *);
-
-void ROKEN_LIB_FUNCTION
-globfree (glob_t *);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* !_GLOB_H_ */
diff --git a/crypto/heimdal/lib/roken/h_errno.c b/crypto/heimdal/lib/roken/h_errno.c
deleted file mode 100644
index 11dcb08ac243..000000000000
--- a/crypto/heimdal/lib/roken/h_errno.c
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright (c) 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: h_errno.c 10442 2001-08-08 03:47:23Z assar $");
-#endif
-
-#ifndef HAVE_H_ERRNO
-int h_errno = -17; /* Some magic number */
-#endif
diff --git a/crypto/heimdal/lib/roken/hex-test.c b/crypto/heimdal/lib/roken/hex-test.c
deleted file mode 100644
index 72aea1ed7135..000000000000
--- a/crypto/heimdal/lib/roken/hex-test.c
+++ /dev/null
@@ -1,110 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001, 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-
-RCSID("$Id: hex-test.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#include "roken.h"
-#include <hex.h>
-
-int
-main(int argc, char **argv)
-{
-    int numerr = 0;
-    int numtest = 1;
-    struct test {
-	void *data;
-	size_t len;
-	const char *result;
-    } *t, tests[] = {
-	{ "", 0 , "" },
-	{ "a", 1, "61" },
-	{ "ab", 2, "6162" },
-	{ "abc", 3, "616263" },
-	{ "abcd", 4, "61626364" },
-	{ "abcde", 5, "6162636465" },
-	{ "abcdef", 6, "616263646566" },
-	{ "abcdefg", 7, "61626364656667" },
-	{ "=", 1, "3D" },
-	{ NULL }
-    };
-    for(t = tests; t->data; t++) {
-	char *str;
-	int len;
-	len = hex_encode(t->data, t->len, &str);
-	if(strcmp(str, t->result) != 0) {
-	    fprintf(stderr, "failed test %d: %s != %s\n", numtest, 
-		    str, t->result);
-	    numerr++;
-	}
-	free(str);
-	str = strdup(t->result);
-	len = strlen(str);
-	len = hex_decode(t->result, str, len);
-	if(len != t->len) {
-	    fprintf(stderr, "failed test %d: len %lu != %lu\n", numtest,
-		    (unsigned long)len, (unsigned long)t->len);
-	    numerr++;
-	} else if(memcmp(str, t->data, t->len) != 0) {
-	    fprintf(stderr, "failed test %d: data\n", numtest);
-	    numerr++;
-	}
-	free(str);
-	numtest++;
-    }
-
-    {
-	unsigned char buf[2] = { 0, 0xff } ;
-	int len;
-
-	len = hex_decode("A", buf, 1);
-	if (len != 1) {
-	    fprintf(stderr, "len != 1");
-	    numerr++;
-	}
-	if (buf[0] != 10) {
-	    fprintf(stderr, "buf != 10");
-	    numerr++;
-	}
-	if (buf[1] != 0xff) {
-	    fprintf(stderr, "buf != 0xff");
-	    numerr++;
-	}
-
-    }
-
-    return numerr;
-}
diff --git a/crypto/heimdal/lib/roken/hex.c b/crypto/heimdal/lib/roken/hex.c
deleted file mode 100644
index 89fb0e116ef0..000000000000
--- a/crypto/heimdal/lib/roken/hex.c
+++ /dev/null
@@ -1,103 +0,0 @@
-/*
- * Copyright (c) 2004-2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: hex.c 16504 2006-01-09 17:09:29Z lha $");
-#endif
-#include "roken.h"
-#include <ctype.h>
-#include "hex.h"
-
-const static char hexchar[] = "0123456789ABCDEF";
-
-static int 
-pos(char c)
-{
-    const char *p;
-    c = toupper((unsigned char)c);
-    for (p = hexchar; *p; p++)
-	if (*p == c)
-	    return p - hexchar;
-    return -1;
-}
-
-ssize_t ROKEN_LIB_FUNCTION
-hex_encode(const void *data, size_t size, char **str)
-{
-    const unsigned char *q = data;
-    size_t i;
-    char *p;
-
-    /* check for overflow */
-    if (size * 2 < size)
-	return -1;
-
-    p = malloc(size * 2 + 1);
-    if (p == NULL)
-	return -1;
-    
-    for (i = 0; i < size; i++) {
-	p[i * 2] = hexchar[(*q >> 4) & 0xf];
-	p[i * 2 + 1] = hexchar[*q & 0xf];
-	q++;
-    }
-    p[i * 2] = '\0';
-    *str = p;
-
-    return i * 2;
-}
-
-ssize_t ROKEN_LIB_FUNCTION
-hex_decode(const char *str, void *data, size_t len)
-{
-    size_t l;
-    unsigned char *p = data;
-    size_t i;
-	
-    l = strlen(str);
-    
-    /* check for overflow, same as (l+1)/2 but overflow safe */
-    if ((l/2) + (l&1) > len)
-	return -1;
-
-    i = 0;
-    if (l & 1) {
-	p[0] = pos(str[0]);
-	str++;
-	p++;
-    }
-    for (i = 0; i < l / 2; i++)
-	p[i] = pos(str[i * 2]) << 4 | pos(str[(i * 2) + 1]);
-    return i + (l & 1);
-}
diff --git a/crypto/heimdal/lib/roken/hex.h b/crypto/heimdal/lib/roken/hex.h
deleted file mode 100644
index 4c4b8508ed4d..000000000000
--- a/crypto/heimdal/lib/roken/hex.h
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (c) 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: hex.h 14773 2005-04-12 11:29:18Z lha $ */
-
-#ifndef _rk_HEX_H_
-#define _rk_HEX_H_ 1
-
-#ifndef ROKEN_LIB_FUNCTION
-#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
-#else
-#define ROKEN_LIB_FUNCTION
-#endif
-#endif
-
-#define hex_encode rk_hex_encode
-#define hex_decode rk_hex_decode
-
-ssize_t	ROKEN_LIB_FUNCTION
-	hex_encode(const void *, size_t, char **);
-ssize_t ROKEN_LIB_FUNCTION
-	hex_decode(const char *, void *, size_t);
-
-#endif /* _rk_HEX_H_ */
diff --git a/crypto/heimdal/lib/roken/hostent_find_fqdn.c b/crypto/heimdal/lib/roken/hostent_find_fqdn.c
deleted file mode 100644
index 299ed6d38b46..000000000000
--- a/crypto/heimdal/lib/roken/hostent_find_fqdn.c
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: hostent_find_fqdn.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-/*
- * Try to find a fqdn (with `.') in he if possible, else return h_name
- */
-
-const char * ROKEN_LIB_FUNCTION
-hostent_find_fqdn (const struct hostent *he)
-{
-    const char *ret = he->h_name;
-    const char **h;
-
-    if (strchr (ret, '.') == NULL)
-	for (h = (const char **)he->h_aliases; *h != NULL; ++h) {
-	    if (strchr (*h, '.') != NULL) {
-		ret = *h;
-		break;
-	    }
-	}
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/hstrerror.c b/crypto/heimdal/lib/roken/hstrerror.c
deleted file mode 100644
index 32dab23f13d3..000000000000
--- a/crypto/heimdal/lib/roken/hstrerror.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * Copyright (c) 1995 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: hstrerror.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#ifndef HAVE_HSTRERROR
-
-#if (defined(SunOS) && (SunOS >= 50))
-#define hstrerror broken_proto
-#endif
-#include "roken.h"
-#if (defined(SunOS) && (SunOS >= 50))
-#undef hstrerror
-#endif
-
-#if !(defined(HAVE_H_ERRLIST) && defined(HAVE_H_NERR))
-static const char *const h_errlist[] = {
-    "Resolver Error 0 (no error)",
-    "Unknown host",		/* 1 HOST_NOT_FOUND */
-    "Host name lookup failure",	/* 2 TRY_AGAIN */
-    "Unknown server error",	/* 3 NO_RECOVERY */
-    "No address associated with name", /* 4 NO_ADDRESS */
-};
-
-static
-const
-int h_nerr = { sizeof h_errlist / sizeof h_errlist[0] };
-#else
-
-#if !HAVE_DECL_H_ERRLIST
-extern const char *h_errlist[];
-extern int h_nerr;
-#endif
-
-#endif
-
-const char * ROKEN_LIB_FUNCTION
-hstrerror(int herr)
-{
-    if (0 <= herr && herr < h_nerr)
-	return h_errlist[herr];
-    else if(herr == -17)
-	return "unknown error";
-    else
-	return "Error number out of range (hstrerror)";
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/ifaddrs.hin b/crypto/heimdal/lib/roken/ifaddrs.hin
deleted file mode 100644
index 0951c8cbc1b2..000000000000
--- a/crypto/heimdal/lib/roken/ifaddrs.hin
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- * Copyright (c) 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: ifaddrs.hin 19309 2006-12-11 18:58:15Z lha $ */
-
-#ifndef __ifaddrs_h__
-#define __ifaddrs_h__
-
-#ifndef ROKEN_LIB_FUNCTION
-#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
-#else
-#define ROKEN_LIB_FUNCTION
-#endif
-#endif
-
-/*
- * the interface is defined in terms of the fields below, and this is
- * sometimes #define'd, so there seems to be no simple way of solving
- * this and this seemed the best. */
-
-#undef ifa_dstaddr
-
-struct ifaddrs {
-    struct ifaddrs *ifa_next;
-    char *ifa_name;
-    unsigned int ifa_flags;
-    struct sockaddr *ifa_addr;
-    struct sockaddr *ifa_netmask;
-    struct sockaddr *ifa_dstaddr;
-    void *ifa_data;
-};
-
-#ifndef ifa_broadaddr
-#define ifa_broadaddr ifa_dstaddr
-#endif
-
-int ROKEN_LIB_FUNCTION
-rk_getifaddrs(struct ifaddrs**);
-
-void ROKEN_LIB_FUNCTION
-rk_freeifaddrs(struct ifaddrs*);
-
-#define getifaddrs(a) rk_getifaddrs(a)
-#define freeifaddrs(a) rk_freeifaddrs(a)
-
-#endif /* __ifaddrs_h__ */
diff --git a/crypto/heimdal/lib/roken/inet_aton.c b/crypto/heimdal/lib/roken/inet_aton.c
deleted file mode 100644
index 3010935045f2..000000000000
--- a/crypto/heimdal/lib/roken/inet_aton.c
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: inet_aton.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-/* Minimal implementation of inet_aton.
- * Cannot distinguish between failure and a local broadcast address. */
-
-int ROKEN_LIB_FUNCTION
-inet_aton(const char *cp, struct in_addr *addr)
-{
-  addr->s_addr = inet_addr(cp);
-  return (addr->s_addr == INADDR_NONE) ? 0 : 1;
-}
diff --git a/crypto/heimdal/lib/roken/inet_ntop.c b/crypto/heimdal/lib/roken/inet_ntop.c
deleted file mode 100644
index 7433c3725e28..000000000000
--- a/crypto/heimdal/lib/roken/inet_ntop.c
+++ /dev/null
@@ -1,133 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: inet_ntop.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#include "roken.h"
-
-/*
- *
- */
-
-static const char *
-inet_ntop_v4 (const void *src, char *dst, size_t size)
-{
-    const char digits[] = "0123456789";
-    int i;
-    struct in_addr *addr = (struct in_addr *)src;
-    u_long a = ntohl(addr->s_addr);
-    const char *orig_dst = dst;
-
-    if (size < INET_ADDRSTRLEN) {
-	errno = ENOSPC;
-	return NULL;
-    }
-    for (i = 0; i < 4; ++i) {
-	int n = (a >> (24 - i * 8)) & 0xFF;
-	int non_zerop = 0;
-
-	if (non_zerop || n / 100 > 0) {
-	    *dst++ = digits[n / 100];
-	    n %= 100;
-	    non_zerop = 1;
-	}
-	if (non_zerop || n / 10 > 0) {
-	    *dst++ = digits[n / 10];
-	    n %= 10;
-	    non_zerop = 1;
-	}
-	*dst++ = digits[n];
-	if (i != 3)
-	    *dst++ = '.';
-    }
-    *dst++ = '\0';
-    return orig_dst;
-}
-
-#ifdef HAVE_IPV6
-static const char *
-inet_ntop_v6 (const void *src, char *dst, size_t size)
-{
-    const char xdigits[] = "0123456789abcdef";
-    int i;
-    const struct in6_addr *addr = (struct in6_addr *)src;
-    const u_char *ptr = addr->s6_addr;
-    const char *orig_dst = dst;
-
-    if (size < INET6_ADDRSTRLEN) {
-	errno = ENOSPC;
-	return NULL;
-    }
-    for (i = 0; i < 8; ++i) {
-	int non_zerop = 0;
-
-	if (non_zerop || (ptr[0] >> 4)) {
-	    *dst++ = xdigits[ptr[0] >> 4];
-	    non_zerop = 1;
-	}
-	if (non_zerop || (ptr[0] & 0x0F)) {
-	    *dst++ = xdigits[ptr[0] & 0x0F];
-	    non_zerop = 1;
-	}
-	if (non_zerop || (ptr[1] >> 4)) {
-	    *dst++ = xdigits[ptr[1] >> 4];
-	    non_zerop = 1;
-	}
-	*dst++ = xdigits[ptr[1] & 0x0F];
-	if (i != 7)
-	    *dst++ = ':';
-	ptr += 2;
-    }
-    *dst++ = '\0';
-    return orig_dst;
-}
-#endif /* HAVE_IPV6 */
-
-const char * ROKEN_LIB_FUNCTION
-inet_ntop(int af, const void *src, char *dst, size_t size)
-{
-    switch (af) {
-    case AF_INET :
-	return inet_ntop_v4 (src, dst, size);
-#ifdef HAVE_IPV6
-    case AF_INET6 :
-	return inet_ntop_v6 (src, dst, size);
-#endif
-    default :
-	errno = EAFNOSUPPORT;
-	return NULL;
-    }
-}
diff --git a/crypto/heimdal/lib/roken/inet_pton.c b/crypto/heimdal/lib/roken/inet_pton.c
deleted file mode 100644
index 390233a72d01..000000000000
--- a/crypto/heimdal/lib/roken/inet_pton.c
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 1999 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: inet_pton.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#include "roken.h"
-
-int ROKEN_LIB_FUNCTION
-inet_pton(int af, const char *src, void *dst)
-{
-    if (af != AF_INET) {
-	errno = EAFNOSUPPORT;
-	return -1;
-    }
-    return inet_aton (src, dst);
-}
diff --git a/crypto/heimdal/lib/roken/initgroups.c b/crypto/heimdal/lib/roken/initgroups.c
deleted file mode 100644
index f326e5f1fd2d..000000000000
--- a/crypto/heimdal/lib/roken/initgroups.c
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: initgroups.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-int ROKEN_LIB_FUNCTION
-initgroups(const char *name, gid_t basegid)
-{
-  return 0;
-}
diff --git a/crypto/heimdal/lib/roken/innetgr.c b/crypto/heimdal/lib/roken/innetgr.c
deleted file mode 100644
index 598bad21c2ac..000000000000
--- a/crypto/heimdal/lib/roken/innetgr.c
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-
-#ifndef HAVE_INNETGR
-
-RCSID("$Id: innetgr.c 14773 2005-04-12 11:29:18Z lha $");
-
-int ROKEN_LIB_FUNCTION
-innetgr(const char *netgroup, const char *machine, 
-	const char *user, const char *domain)
-{
-    return 0;
-}
-#endif
-
diff --git a/crypto/heimdal/lib/roken/install-sh b/crypto/heimdal/lib/roken/install-sh
deleted file mode 100755
index e9de23842dcd..000000000000
--- a/crypto/heimdal/lib/roken/install-sh
+++ /dev/null
@@ -1,251 +0,0 @@
-#!/bin/sh
-#
-# install - install a program, script, or datafile
-# This comes from X11R5 (mit/util/scripts/install.sh).
-#
-# Copyright 1991 by the Massachusetts Institute of Technology
-#
-# Permission to use, copy, modify, distribute, and sell this software and its
-# documentation for any purpose is hereby granted without fee, provided that
-# the above copyright notice appear in all copies and that both that
-# copyright notice and this permission notice appear in supporting
-# documentation, and that the name of M.I.T. not be used in advertising or
-# publicity pertaining to distribution of the software without specific,
-# written prior permission.  M.I.T. makes no representations about the
-# suitability of this software for any purpose.  It is provided "as is"
-# without express or implied warranty.
-#
-# Calling this script install-sh is preferred over install.sh, to prevent
-# `make' implicit rules from creating a file called install from it
-# when there is no Makefile.
-#
-# This script is compatible with the BSD install script, but was written
-# from scratch.  It can only install one file at a time, a restriction
-# shared with many OS's install programs.
-
-
-# set DOITPROG to echo to test this script
-
-# Don't use :- since 4.3BSD and earlier shells don't like it.
-doit="${DOITPROG-}"
-
-
-# put in absolute paths if you don't have them in your path; or use env. vars.
-
-mvprog="${MVPROG-mv}"
-cpprog="${CPPROG-cp}"
-chmodprog="${CHMODPROG-chmod}"
-chownprog="${CHOWNPROG-chown}"
-chgrpprog="${CHGRPPROG-chgrp}"
-stripprog="${STRIPPROG-strip}"
-rmprog="${RMPROG-rm}"
-mkdirprog="${MKDIRPROG-mkdir}"
-
-transformbasename=""
-transform_arg=""
-instcmd="$mvprog"
-chmodcmd="$chmodprog 0755"
-chowncmd=""
-chgrpcmd=""
-stripcmd=""
-rmcmd="$rmprog -f"
-mvcmd="$mvprog"
-src=""
-dst=""
-dir_arg=""
-
-while [ x"$1" != x ]; do
-    case $1 in
-	-c) instcmd="$cpprog"
-	    shift
-	    continue;;
-
-	-d) dir_arg=true
-	    shift
-	    continue;;
-
-	-m) chmodcmd="$chmodprog $2"
-	    shift
-	    shift
-	    continue;;
-
-	-o) chowncmd="$chownprog $2"
-	    shift
-	    shift
-	    continue;;
-
-	-g) chgrpcmd="$chgrpprog $2"
-	    shift
-	    shift
-	    continue;;
-
-	-s) stripcmd="$stripprog"
-	    shift
-	    continue;;
-
-	-t=*) transformarg=`echo $1 | sed 's/-t=//'`
-	    shift
-	    continue;;
-
-	-b=*) transformbasename=`echo $1 | sed 's/-b=//'`
-	    shift
-	    continue;;
-
-	*)  if [ x"$src" = x ]
-	    then
-		src=$1
-	    else
-		# this colon is to work around a 386BSD /bin/sh bug
-		:
-		dst=$1
-	    fi
-	    shift
-	    continue;;
-    esac
-done
-
-if [ x"$src" = x ]
-then
-	echo "install:	no input file specified"
-	exit 1
-else
-	true
-fi
-
-if [ x"$dir_arg" != x ]; then
-	dst=$src
-	src=""
-	
-	if [ -d $dst ]; then
-		instcmd=:
-		chmodcmd=""
-	else
-		instcmd=mkdir
-	fi
-else
-
-# Waiting for this to be detected by the "$instcmd $src $dsttmp" command
-# might cause directories to be created, which would be especially bad 
-# if $src (and thus $dsttmp) contains '*'.
-
-	if [ -f $src -o -d $src ]
-	then
-		true
-	else
-		echo "install:  $src does not exist"
-		exit 1
-	fi
-	
-	if [ x"$dst" = x ]
-	then
-		echo "install:	no destination specified"
-		exit 1
-	else
-		true
-	fi
-
-# If destination is a directory, append the input filename; if your system
-# does not like double slashes in filenames, you may need to add some logic
-
-	if [ -d $dst ]
-	then
-		dst="$dst"/`basename $src`
-	else
-		true
-	fi
-fi
-
-## this sed command emulates the dirname command
-dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'`
-
-# Make sure that the destination directory exists.
-#  this part is taken from Noah Friedman's mkinstalldirs script
-
-# Skip lots of stat calls in the usual case.
-if [ ! -d "$dstdir" ]; then
-defaultIFS='	
-'
-IFS="${IFS-${defaultIFS}}"
-
-oIFS="${IFS}"
-# Some sh's can't handle IFS=/ for some reason.
-IFS='%'
-set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'`
-IFS="${oIFS}"
-
-pathcomp=''
-
-while [ $# -ne 0 ] ; do
-	pathcomp="${pathcomp}${1}"
-	shift
-
-	if [ ! -d "${pathcomp}" ] ;
-        then
-		$mkdirprog "${pathcomp}"
-	else
-		true
-	fi
-
-	pathcomp="${pathcomp}/"
-done
-fi
-
-if [ x"$dir_arg" != x ]
-then
-	$doit $instcmd $dst &&
-
-	if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi &&
-	if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi &&
-	if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi &&
-	if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi
-else
-
-# If we're going to rename the final executable, determine the name now.
-
-	if [ x"$transformarg" = x ] 
-	then
-		dstfile=`basename $dst`
-	else
-		dstfile=`basename $dst $transformbasename | 
-			sed $transformarg`$transformbasename
-	fi
-
-# don't allow the sed command to completely eliminate the filename
-
-	if [ x"$dstfile" = x ] 
-	then
-		dstfile=`basename $dst`
-	else
-		true
-	fi
-
-# Make a temp file name in the proper directory.
-
-	dsttmp=$dstdir/#inst.$$#
-
-# Move or copy the file name to the temp name
-
-	$doit $instcmd $src $dsttmp &&
-
-	trap "rm -f ${dsttmp}" 0 &&
-
-# and set any options; do chmod last to preserve setuid bits
-
-# If any of these fail, we abort the whole thing.  If we want to
-# ignore errors from any of these, just make sure not to ignore
-# errors from the above "$doit $instcmd $src $dsttmp" command.
-
-	if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi &&
-	if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi &&
-	if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi &&
-	if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi &&
-
-# Now rename the file to the real destination.
-
-	$doit $rmcmd -f $dstdir/$dstfile &&
-	$doit $mvcmd $dsttmp $dstdir/$dstfile 
-
-fi &&
-
-
-exit 0
diff --git a/crypto/heimdal/lib/roken/iruserok.c b/crypto/heimdal/lib/roken/iruserok.c
deleted file mode 100644
index ca93e1cc5eb5..000000000000
--- a/crypto/heimdal/lib/roken/iruserok.c
+++ /dev/null
@@ -1,284 +0,0 @@
-/*
- * Copyright (c) 1983, 1993, 1994
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: iruserok.c 17879 2006-08-08 21:50:40Z lha $");
-#endif
-
-#include <stdio.h>
-#include <ctype.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-#ifdef HAVE_NETINET6_IN6_H
-#include <netinet6/in6.h>
-#endif
-#ifdef HAVE_RPCSVC_YPCLNT_H
-#include <rpcsvc/ypclnt.h>
-#endif
-
-#include "roken.h"
-
-int     __check_rhosts_file = 1;
-char    *__rcmd_errstr = 0;
-
-/*
- * Returns "true" if match, 0 if no match.
- */
-static
-int
-__icheckhost(unsigned raddr, const char *lhost)
-{
-	struct hostent *hp;
-	u_long laddr;
-	char **pp;
-
-	/* Try for raw ip address first. */
-	if (isdigit((unsigned char)*lhost)
-	    && (long)(laddr = inet_addr(lhost)) != -1)
-		return (raddr == laddr);
-
-	/* Better be a hostname. */
-	if ((hp = gethostbyname(lhost)) == NULL)
-		return (0);
-
-	/* Spin through ip addresses. */
-	for (pp = hp->h_addr_list; *pp; ++pp)
-	        if (memcmp(&raddr, *pp, sizeof(u_long)) == 0)
-			return (1);
-
-	/* No match. */
-	return (0);
-}
-
-/*
- * Returns 0 if ok, -1 if not ok.
- */
-static
-int
-__ivaliduser(FILE *hostf, unsigned raddr, const char *luser,
-	     const char *ruser)
-{
-	char *user, *p;
-	int ch;
-	char buf[MaxHostNameLen + 128];		/* host + login */
-	char hname[MaxHostNameLen];
-	struct hostent *hp;
-	/* Presumed guilty until proven innocent. */
-	int userok = 0, hostok = 0;
-#ifdef HAVE_YP_GET_DEFAULT_DOMAIN
-	char *ypdomain;
-
-	if (yp_get_default_domain(&ypdomain))
-		ypdomain = NULL;
-#else
-#define	ypdomain NULL
-#endif
-	/* We need to get the damn hostname back for netgroup matching. */
-	if ((hp = gethostbyaddr((char *)&raddr,
-				sizeof(u_long),
-				AF_INET)) == NULL)
-		return (-1);
-	strlcpy(hname, hp->h_name, sizeof(hname));
-
-	while (fgets(buf, sizeof(buf), hostf)) {
-		p = buf;
-		/* Skip lines that are too long. */
-		if (strchr(p, '\n') == NULL) {
-			while ((ch = getc(hostf)) != '\n' && ch != EOF);
-			continue;
-		}
-		if (*p == '\n' || *p == '#') {
-			/* comment... */
-			continue;
-		}
-		while (*p != '\n' && *p != ' ' && *p != '\t' && *p != '\0') {
-		        if (isupper((unsigned char)*p))
-			    *p = tolower((unsigned char)*p);
-			p++;
-		}
-		if (*p == ' ' || *p == '\t') {
-			*p++ = '\0';
-			while (*p == ' ' || *p == '\t')
-				p++;
-			user = p;
-			while (*p != '\n' && *p != ' ' &&
-			    *p != '\t' && *p != '\0')
-				p++;
-		} else
-			user = p;
-		*p = '\0';
-		/*
-		 * Do +/- and +@/-@ checking. This looks really nasty,
-		 * but it matches SunOS's behavior so far as I can tell.
-		 */
-		switch(buf[0]) {
-		case '+':
-			if (!buf[1]) {     /* '+' matches all hosts */
-				hostok = 1;
-				break;
-			}
-			if (buf[1] == '@')  /* match a host by netgroup */
-				hostok = innetgr((char *)&buf[2],
-					(char *)&hname, NULL, ypdomain);
-			else		/* match a host by addr */
-				hostok = __icheckhost(raddr,(char *)&buf[1]);
-			break;
-		case '-':     /* reject '-' hosts and all their users */
-			if (buf[1] == '@') {
-				if (innetgr((char *)&buf[2],
-					      (char *)&hname, NULL, ypdomain))
-					return(-1);
-			} else {
-				if (__icheckhost(raddr,(char *)&buf[1]))
-					return(-1);
-			}
-			break;
-		default:  /* if no '+' or '-', do a simple match */
-			hostok = __icheckhost(raddr, buf);
-			break;
-		}
-		switch(*user) {
-		case '+':
-			if (!*(user+1)) {      /* '+' matches all users */
-				userok = 1;
-				break;
-			}
-			if (*(user+1) == '@')  /* match a user by netgroup */
-				userok = innetgr(user+2, NULL, (char *)ruser,
-						 ypdomain);
-			else	   /* match a user by direct specification */
-				userok = !(strcmp(ruser, user+1));
-			break;
-		case '-': 		/* if we matched a hostname, */
-			if (hostok) {   /* check for user field rejections */
-				if (!*(user+1))
-					return(-1);
-				if (*(user+1) == '@') {
-					if (innetgr(user+2, NULL,
-						    (char *)ruser, ypdomain))
-						return(-1);
-				} else {
-					if (!strcmp(ruser, user+1))
-						return(-1);
-				}
-			}
-			break;
-		default:	/* no rejections: try to match the user */
-			if (hostok)
-				userok = !(strcmp(ruser,*user ? user : luser));
-			break;
-		}
-		if (hostok && userok)
-			return(0);
-	}
-	return (-1);
-}
-
-/*
- * New .rhosts strategy: We are passed an ip address. We spin through
- * hosts.equiv and .rhosts looking for a match. When the .rhosts only
- * has ip addresses, we don't have to trust a nameserver.  When it
- * contains hostnames, we spin through the list of addresses the nameserver
- * gives us and look for a match.
- *
- * Returns 0 if ok, -1 if not ok.
- */
-int ROKEN_LIB_FUNCTION
-iruserok(unsigned raddr, int superuser, const char *ruser, const char *luser)
-{
-	char *cp;
-	struct stat sbuf;
-	struct passwd *pwd;
-	FILE *hostf;
-	uid_t uid;
-	int first;
-	char pbuf[MaxPathLen];
-
-	first = 1;
-	hostf = superuser ? NULL : fopen(_PATH_HEQUIV, "r");
-again:
-	if (hostf) {
-		if (__ivaliduser(hostf, raddr, luser, ruser) == 0) {
-			fclose(hostf);
-			return (0);
-		}
-		fclose(hostf);
-	}
-	if (first == 1 && (__check_rhosts_file || superuser)) {
-		first = 0;
-		if ((pwd = k_getpwnam((char*)luser)) == NULL)
-			return (-1);
-		snprintf (pbuf, sizeof(pbuf), "%s/.rhosts", pwd->pw_dir);
-
-		/*
-		 * Change effective uid while opening .rhosts.  If root and
-		 * reading an NFS mounted file system, can't read files that
-		 * are protected read/write owner only.
-		 */
-		uid = geteuid();
-		if (seteuid(pwd->pw_uid) < 0)
-			return (-1);
-		hostf = fopen(pbuf, "r");
-		seteuid(uid);
-
-		if (hostf == NULL)
-			return (-1);
-		/*
-		 * If not a regular file, or is owned by someone other than
-		 * user or root or if writeable by anyone but the owner, quit.
-		 */
-		cp = NULL;
-		if (lstat(pbuf, &sbuf) < 0)
-			cp = ".rhosts lstat failed";
-		else if (!S_ISREG(sbuf.st_mode))
-			cp = ".rhosts not regular file";
-		else if (fstat(fileno(hostf), &sbuf) < 0)
-			cp = ".rhosts fstat failed";
-		else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid)
-			cp = "bad .rhosts owner";
-		else if (sbuf.st_mode & (S_IWGRP|S_IWOTH))
-			cp = ".rhosts writeable by other than owner";
-		/* If there were any problems, quit. */
-		if (cp) {
-			__rcmd_errstr = cp;
-			fclose(hostf);
-			return (-1);
-		}
-		goto again;
-	}
-	return (-1);
-}
diff --git a/crypto/heimdal/lib/roken/issuid.c b/crypto/heimdal/lib/roken/issuid.c
deleted file mode 100644
index 46bde77b7854..000000000000
--- a/crypto/heimdal/lib/roken/issuid.c
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Copyright (c) 1998 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: issuid.c 15131 2005-05-13 07:42:03Z lha $");
-#endif
-
-#include "roken.h"
-
-int ROKEN_LIB_FUNCTION
-issuid(void)
-{
-#if defined(HAVE_ISSETUGID)
-    return issetugid();
-#else /* !HAVE_ISSETUGID */
-
-#if defined(HAVE_GETUID) && defined(HAVE_GETEUID)
-    if(getuid() != geteuid())
-	return 1;
-#endif
-#if defined(HAVE_GETGID) && defined(HAVE_GETEGID)
-    if(getgid() != getegid())
-	return 2;
-#endif
-
-    return 0;
-#endif /* HAVE_ISSETUGID */
-}
diff --git a/crypto/heimdal/lib/roken/k_getpwnam.c b/crypto/heimdal/lib/roken/k_getpwnam.c
deleted file mode 100644
index 81eba2869206..000000000000
--- a/crypto/heimdal/lib/roken/k_getpwnam.c
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: k_getpwnam.c 14773 2005-04-12 11:29:18Z lha $");
-#endif /* HAVE_CONFIG_H */
-
-#include "roken.h"
-#ifdef HAVE_SHADOW_H
-#include <shadow.h>
-#endif
-
-struct passwd * ROKEN_LIB_FUNCTION
-k_getpwnam (const char *user)
-{
-     struct passwd *p;
-
-     p = getpwnam (user);
-#if defined(HAVE_GETSPNAM) && defined(HAVE_STRUCT_SPWD)
-     if(p)
-     {
-	  struct spwd *spwd;
-
-	  spwd = getspnam (user);
-	  if (spwd)
-	       p->pw_passwd = spwd->sp_pwdp;
-	  endspent ();
-     }
-#else
-     endpwent ();
-#endif
-     return p;
-}
diff --git a/crypto/heimdal/lib/roken/k_getpwuid.c b/crypto/heimdal/lib/roken/k_getpwuid.c
deleted file mode 100644
index 7fe03b98f8cf..000000000000
--- a/crypto/heimdal/lib/roken/k_getpwuid.c
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: k_getpwuid.c 14773 2005-04-12 11:29:18Z lha $");
-#endif /* HAVE_CONFIG_H */
-
-#include "roken.h"
-#ifdef HAVE_SHADOW_H
-#include <shadow.h>
-#endif
-
-struct passwd * ROKEN_LIB_FUNCTION
-k_getpwuid (uid_t uid)
-{
-     struct passwd *p;
-
-     p = getpwuid (uid);
-#if defined(HAVE_GETSPNAM) && defined(HAVE_STRUCT_SPWD)
-     if (p)
-     {
-	  struct spwd *spwd;
-
-	  spwd = getspnam (p->pw_name);
-	  if (spwd)
-	       p->pw_passwd = spwd->sp_pwdp;
-	  endspent ();
-     }
-#else
-     endpwent ();
-#endif
-     return p;
-}
diff --git a/crypto/heimdal/lib/roken/localtime_r.c b/crypto/heimdal/lib/roken/localtime_r.c
deleted file mode 100644
index ad515c146566..000000000000
--- a/crypto/heimdal/lib/roken/localtime_r.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: localtime_r.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include <stdio.h>
-#include <time.h>
-#include "roken.h"
-
-#ifndef HAVE_LOCALTIME_R
-
-struct tm * ROKEN_LIB_FUNCTION
-localtime_r(const time_t *timer, struct tm *result)
-{
-    struct tm *tm;
-    
-    tm = localtime((time_t *)timer);
-    if (tm == NULL)
-	return NULL;
-    *result = *tm;
-    return result;
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/lstat.c b/crypto/heimdal/lib/roken/lstat.c
deleted file mode 100644
index 9357e1234587..000000000000
--- a/crypto/heimdal/lib/roken/lstat.c
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: lstat.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-int ROKEN_LIB_FUNCTION
-lstat(const char *path, struct stat *buf)
-{
-  return stat(path, buf);
-}
diff --git a/crypto/heimdal/lib/roken/memmove.c b/crypto/heimdal/lib/roken/memmove.c
deleted file mode 100644
index 5f78ac293fdd..000000000000
--- a/crypto/heimdal/lib/roken/memmove.c
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: memmove.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-/* 
- * memmove for systems that doesn't have it 
- */
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-
-void* ROKEN_LIB_FUNCTION
-memmove(void *s1, const void *s2, size_t n)
-{
-  char *s=(char*)s2, *d=(char*)s1;
-
-  if(d > s){
-    s+=n-1;
-    d+=n-1;
-    while(n){
-      *d--=*s--;
-      n--;
-    }
-  }else if(d < s)
-    while(n){
-      *d++=*s++;
-      n--;
-    }
-  return s1;
-}
diff --git a/crypto/heimdal/lib/roken/mini_inetd.c b/crypto/heimdal/lib/roken/mini_inetd.c
deleted file mode 100644
index 9eb114d74e7f..000000000000
--- a/crypto/heimdal/lib/roken/mini_inetd.c
+++ /dev/null
@@ -1,148 +0,0 @@
-/*
- * Copyright (c) 1995 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: mini_inetd.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include <err.h>
-#include "roken.h"
-
-/*
- * accept a connection on `s' and pretend it's served by inetd.
- */
-
-static void
-accept_it (int s)
-{
-    int s2;
-
-    s2 = accept(s, NULL, NULL);
-    if(s2 < 0)
-	err (1, "accept");
-    close(s);
-    dup2(s2, STDIN_FILENO);
-    dup2(s2, STDOUT_FILENO);
-    /* dup2(s2, STDERR_FILENO); */
-    close(s2);
-}
-
-/*
- * Listen on a specified port, emulating inetd.
- */
-
-void ROKEN_LIB_FUNCTION
-mini_inetd_addrinfo (struct addrinfo *ai)
-{
-    int ret;
-    struct addrinfo *a;
-    int n, nalloc, i;
-    int *fds;
-    fd_set orig_read_set, read_set;
-    int max_fd = -1;
-
-    for (nalloc = 0, a = ai; a != NULL; a = a->ai_next)
-	++nalloc;
-
-    fds = malloc (nalloc * sizeof(*fds));
-    if (fds == NULL)
-	errx (1, "mini_inetd: out of memory");
-
-    FD_ZERO(&orig_read_set);
-
-    for (i = 0, a = ai; a != NULL; a = a->ai_next) {
-	fds[i] = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
-	if (fds[i] < 0) {
-	    warn ("socket af = %d", a->ai_family);
-	    continue;
-	}
-	socket_set_reuseaddr (fds[i], 1);
-	if (bind (fds[i], a->ai_addr, a->ai_addrlen) < 0) {
-	    warn ("bind af = %d", a->ai_family);
-	    close(fds[i]);
-	    continue;
-	}
-	if (listen (fds[i], SOMAXCONN) < 0) {
-	    warn ("listen af = %d", a->ai_family);
-	    close(fds[i]);
-	    continue;
-	}
-	if (fds[i] >= FD_SETSIZE)
-	    errx (1, "fd too large");
-	FD_SET(fds[i], &orig_read_set);
-	max_fd = max(max_fd, fds[i]);
-	++i;
-    }
-    if (i == 0)
-	errx (1, "no sockets");
-    n = i;
-
-    do {
-	read_set = orig_read_set;
-
-	ret = select (max_fd + 1, &read_set, NULL, NULL, NULL);
-	if (ret < 0 && errno != EINTR)
-	    err (1, "select");
-    } while (ret <= 0);
-
-    for (i = 0; i < n; ++i)
-	if (FD_ISSET (fds[i], &read_set)) {
-	    accept_it (fds[i]);
-	    return;
-	}
-    abort ();
-}
-
-void ROKEN_LIB_FUNCTION
-mini_inetd (int port)
-{
-    int error;
-    struct addrinfo *ai, hints;
-    char portstr[NI_MAXSERV];
-
-    memset (&hints, 0, sizeof(hints));
-    hints.ai_flags    = AI_PASSIVE;
-    hints.ai_socktype = SOCK_STREAM;
-    hints.ai_family   = PF_UNSPEC;
-
-    snprintf (portstr, sizeof(portstr), "%d", ntohs(port));
-
-    error = getaddrinfo (NULL, portstr, &hints, &ai);
-    if (error)
-	errx (1, "getaddrinfo: %s", gai_strerror (error));
-
-    mini_inetd_addrinfo(ai);
-    
-    freeaddrinfo(ai);
-}
diff --git a/crypto/heimdal/lib/roken/missing b/crypto/heimdal/lib/roken/missing
deleted file mode 100755
index 7789652e877f..000000000000
--- a/crypto/heimdal/lib/roken/missing
+++ /dev/null
@@ -1,190 +0,0 @@
-#! /bin/sh
-# Common stub for a few missing GNU programs while installing.
-# Copyright (C) 1996, 1997 Free Software Foundation, Inc.
-# Franc,ois Pinard <pinard@iro.umontreal.ca>, 1996.
-
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
-# 02111-1307, USA.
-
-if test $# -eq 0; then
-  echo 1>&2 "Try \`$0 --help' for more information"
-  exit 1
-fi
-
-case "$1" in
-
-  -h|--h|--he|--hel|--help)
-    echo "\
-$0 [OPTION]... PROGRAM [ARGUMENT]...
-
-Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an
-error status if there is no known handling for PROGRAM.
-
-Options:
-  -h, --help      display this help and exit
-  -v, --version   output version information and exit
-
-Supported PROGRAM values:
-  aclocal      touch file \`aclocal.m4'
-  autoconf     touch file \`configure'
-  autoheader   touch file \`config.h.in'
-  automake     touch all \`Makefile.in' files
-  bison        create \`y.tab.[ch]', if possible, from existing .[ch]
-  flex         create \`lex.yy.c', if possible, from existing .c
-  lex          create \`lex.yy.c', if possible, from existing .c
-  makeinfo     touch the output file
-  yacc         create \`y.tab.[ch]', if possible, from existing .[ch]"
-    ;;
-
-  -v|--v|--ve|--ver|--vers|--versi|--versio|--version)
-    echo "missing - GNU libit 0.0"
-    ;;
-
-  -*)
-    echo 1>&2 "$0: Unknown \`$1' option"
-    echo 1>&2 "Try \`$0 --help' for more information"
-    exit 1
-    ;;
-
-  aclocal)
-    echo 1>&2 "\
-WARNING: \`$1' is missing on your system.  You should only need it if
-         you modified \`acinclude.m4' or \`configure.in'.  You might want
-         to install the \`Automake' and \`Perl' packages.  Grab them from
-         any GNU archive site."
-    touch aclocal.m4
-    ;;
-
-  autoconf)
-    echo 1>&2 "\
-WARNING: \`$1' is missing on your system.  You should only need it if
-         you modified \`configure.in'.  You might want to install the
-         \`Autoconf' and \`GNU m4' packages.  Grab them from any GNU
-         archive site."
-    touch configure
-    ;;
-
-  autoheader)
-    echo 1>&2 "\
-WARNING: \`$1' is missing on your system.  You should only need it if
-         you modified \`acconfig.h' or \`configure.in'.  You might want
-         to install the \`Autoconf' and \`GNU m4' packages.  Grab them
-         from any GNU archive site."
-    files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' configure.in`
-    test -z "$files" && files="config.h"
-    touch_files=
-    for f in $files; do
-      case "$f" in
-      *:*) touch_files="$touch_files "`echo "$f" |
-				       sed -e 's/^[^:]*://' -e 's/:.*//'`;;
-      *) touch_files="$touch_files $f.in";;
-      esac
-    done
-    touch $touch_files
-    ;;
-
-  automake)
-    echo 1>&2 "\
-WARNING: \`$1' is missing on your system.  You should only need it if
-         you modified \`Makefile.am', \`acinclude.m4' or \`configure.in'.
-         You might want to install the \`Automake' and \`Perl' packages.
-         Grab them from any GNU archive site."
-    find . -type f -name Makefile.am -print |
-	   sed 's/\.am$/.in/' |
-	   while read f; do touch "$f"; done
-    ;;
-
-  bison|yacc)
-    echo 1>&2 "\
-WARNING: \`$1' is missing on your system.  You should only need it if
-         you modified a \`.y' file.  You may need the \`Bison' package
-         in order for those modifications to take effect.  You can get
-         \`Bison' from any GNU archive site."
-    rm -f y.tab.c y.tab.h
-    if [ $# -ne 1 ]; then
-        eval LASTARG="\${$#}"
-	case "$LASTARG" in
-	*.y)
-	    SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'`
-	    if [ -f "$SRCFILE" ]; then
-	         cp "$SRCFILE" y.tab.c
-	    fi
-	    SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'`
-	    if [ -f "$SRCFILE" ]; then
-	         cp "$SRCFILE" y.tab.h
-	    fi
-	  ;;
-	esac
-    fi
-    if [ ! -f y.tab.h ]; then
-	echo >y.tab.h
-    fi
-    if [ ! -f y.tab.c ]; then
-	echo 'main() { return 0; }' >y.tab.c
-    fi
-    ;;
-
-  lex|flex)
-    echo 1>&2 "\
-WARNING: \`$1' is missing on your system.  You should only need it if
-         you modified a \`.l' file.  You may need the \`Flex' package
-         in order for those modifications to take effect.  You can get
-         \`Flex' from any GNU archive site."
-    rm -f lex.yy.c
-    if [ $# -ne 1 ]; then
-        eval LASTARG="\${$#}"
-	case "$LASTARG" in
-	*.l)
-	    SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'`
-	    if [ -f "$SRCFILE" ]; then
-	         cp "$SRCFILE" lex.yy.c
-	    fi
-	  ;;
-	esac
-    fi
-    if [ ! -f lex.yy.c ]; then
-	echo 'main() { return 0; }' >lex.yy.c
-    fi
-    ;;
-
-  makeinfo)
-    echo 1>&2 "\
-WARNING: \`$1' is missing on your system.  You should only need it if
-         you modified a \`.texi' or \`.texinfo' file, or any other file
-         indirectly affecting the aspect of the manual.  The spurious
-         call might also be the consequence of using a buggy \`make' (AIX,
-         DU, IRIX).  You might want to install the \`Texinfo' package or
-         the \`GNU make' package.  Grab either from any GNU archive site."
-    file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'`
-    if test -z "$file"; then
-      file=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'`
-      file=`sed -n '/^@setfilename/ { s/.* \([^ ]*\) *$/\1/; p; q; }' $file`
-    fi
-    touch $file
-    ;;
-
-  *)
-    echo 1>&2 "\
-WARNING: \`$1' is needed, and you do not seem to have it handy on your
-         system.  You might have modified some files without having the
-         proper tools for further handling them.  Check the \`README' file,
-         it often tells you about the needed prerequirements for installing
-         this package.  You may also peek at any GNU archive site, in case
-         some other package would contain this missing \`$1' program."
-    exit 1
-    ;;
-esac
-
-exit 0
diff --git a/crypto/heimdal/lib/roken/mkinstalldirs b/crypto/heimdal/lib/roken/mkinstalldirs
deleted file mode 100755
index 6b3b5fc5d4d3..000000000000
--- a/crypto/heimdal/lib/roken/mkinstalldirs
+++ /dev/null
@@ -1,40 +0,0 @@
-#! /bin/sh
-# mkinstalldirs --- make directory hierarchy
-# Author: Noah Friedman <friedman@prep.ai.mit.edu>
-# Created: 1993-05-16
-# Public domain
-
-# $Id$
-
-errstatus=0
-
-for file
-do
-   set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'`
-   shift
-
-   pathcomp=
-   for d
-   do
-     pathcomp="$pathcomp$d"
-     case "$pathcomp" in
-       -* ) pathcomp=./$pathcomp ;;
-     esac
-
-     if test ! -d "$pathcomp"; then
-        echo "mkdir $pathcomp"
-
-        mkdir "$pathcomp" || lasterr=$?
-
-        if test ! -d "$pathcomp"; then
-  	  errstatus=$lasterr
-        fi
-     fi
-
-     pathcomp="$pathcomp/"
-   done
-done
-
-exit $errstatus
-
-# mkinstalldirs ends here
diff --git a/crypto/heimdal/lib/roken/mkstemp.c b/crypto/heimdal/lib/roken/mkstemp.c
deleted file mode 100644
index ccb2e700b895..000000000000
--- a/crypto/heimdal/lib/roken/mkstemp.c
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <string.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#include <errno.h>
-
-RCSID("$Id: mkstemp.c 14773 2005-04-12 11:29:18Z lha $");
-
-#ifndef HAVE_MKSTEMP
-
-int ROKEN_LIB_FUNCTION
-mkstemp(char *template)
-{
-    int start, i;
-    pid_t val;
-    val = getpid();
-    start = strlen(template) - 1;
-    while(template[start] == 'X') {
-	template[start] = '0' + val % 10;
-	val /= 10;
-	start--;
-    }
-    
-    do{
-	int fd;
-	fd = open(template, O_RDWR | O_CREAT | O_EXCL, 0600);
-	if(fd >= 0 || errno != EEXIST)
-	    return fd;
-	i = start + 1;
-	do{
-	    if(template[i] == 0)
-		return -1;
-	    template[i]++;
-	    if(template[i] == '9' + 1)
-		template[i] = 'a';
-	    if(template[i] <= 'z')
-		break;
-	    template[i] = 'a';
-	    i++;
-	}while(1);
-    }while(1);
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/ndbm_wrap.c b/crypto/heimdal/lib/roken/ndbm_wrap.c
deleted file mode 100644
index 8bc5d93e48fe..000000000000
--- a/crypto/heimdal/lib/roken/ndbm_wrap.c
+++ /dev/null
@@ -1,221 +0,0 @@
-/*
- * Copyright (c) 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: ndbm_wrap.c 21634 2007-07-17 11:30:36Z lha $");
-#endif
-
-#include "ndbm_wrap.h"
-#if defined(HAVE_DB4_DB_H)
-#include <db4/db.h>
-#elif defined(HAVE_DB3_DB_H)
-#include <db3/db.h>
-#else
-#include <db.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <fcntl.h>
-
-/* XXX undefine open so this works on Solaris with large file support */
-#undef open
-
-#define DBT2DATUM(DBT, DATUM) do { (DATUM)->dptr = (DBT)->data; (DATUM)->dsize = (DBT)->size; } while(0)
-#define DATUM2DBT(DATUM, DBT) do { (DBT)->data = (DATUM)->dptr; (DBT)->size = (DATUM)->dsize; } while(0)
-#define RETURN(X) return ((X) == 0) ? 0 : -1
-
-#ifdef HAVE_DB3
-static DBC *cursor;
-#endif
-
-#define D(X) ((DB*)(X))
-
-void ROKEN_LIB_FUNCTION
-dbm_close (DBM *db)
-{
-#ifdef HAVE_DB3
-    D(db)->close(D(db), 0);
-    cursor = NULL;
-#else
-    D(db)->close(D(db));
-#endif
-}
-
-int ROKEN_LIB_FUNCTION
-dbm_delete (DBM *db, datum dkey)
-{
-    DBT key;
-    DATUM2DBT(&dkey, &key);
-#ifdef HAVE_DB3
-    RETURN(D(db)->del(D(db), NULL, &key, 0));
-#else
-    RETURN(D(db)->del(D(db), &key, 0));
-#endif
-}
-
-datum
-dbm_fetch (DBM *db, datum dkey)
-{
-    datum dvalue;
-    DBT key, value;
-    DATUM2DBT(&dkey, &key);
-    if(D(db)->get(D(db), 
-#ifdef HAVE_DB3
-	       NULL, 
-#endif
-	       &key, &value, 0) != 0) {
-	dvalue.dptr = NULL;
-	dvalue.dsize = 0;
-    }
-    else
-	DBT2DATUM(&value, &dvalue);
-
-    return dvalue;
-}
-
-static datum
-dbm_get (DB *db, int flags)
-{
-    DBT key, value;
-    datum datum;
-#ifdef HAVE_DB3
-    if(cursor == NULL) 
-	db->cursor(db, NULL, &cursor, 0);
-    if(cursor->c_get(cursor, &key, &value, flags) != 0) {
-	datum.dptr = NULL;
-	datum.dsize = 0;
-    } else 
-	DBT2DATUM(&value, &datum);
-#else
-    db->seq(db, &key, &value, flags);
-#endif
-    return datum;
-}
-
-#ifndef DB_FIRST
-#define DB_FIRST	R_FIRST
-#define DB_NEXT		R_NEXT
-#define DB_NOOVERWRITE	R_NOOVERWRITE
-#define DB_KEYEXIST	1
-#endif
-
-datum ROKEN_LIB_FUNCTION
-dbm_firstkey (DBM *db)
-{
-    return dbm_get(D(db), DB_FIRST);
-}
-
-datum ROKEN_LIB_FUNCTION
-dbm_nextkey (DBM *db)
-{
-    return dbm_get(D(db), DB_NEXT);
-}
-
-DBM* ROKEN_LIB_FUNCTION
-dbm_open (const char *file, int flags, mode_t mode)
-{
-    DB *db;
-    int myflags = 0;
-    char *fn = malloc(strlen(file) + 4);
-    if(fn == NULL)
-	return NULL;
-    strcpy(fn, file);
-    strcat(fn, ".db");
-#ifdef HAVE_DB3
-    if (flags & O_CREAT)
-	myflags |= DB_CREATE;
-
-    if (flags & O_EXCL)
-	myflags |= DB_EXCL;
-
-    if (flags & O_RDONLY)
-	myflags |= DB_RDONLY;
-
-    if (flags & O_TRUNC)
-	myflags |= DB_TRUNCATE;
-    if(db_create(&db, NULL, 0) != 0) {
-	free(fn);
-	return NULL;
-    }
-
-#if (DB_VERSION_MAJOR > 3) && (DB_VERSION_MINOR > 0)
-    if(db->open(db, NULL, fn, NULL, DB_BTREE, myflags, mode) != 0) {
-#else
-    if(db->open(db, fn, NULL, DB_BTREE, myflags, mode) != 0) {
-#endif
-	free(fn);
-	db->close(db, 0);
-	return NULL;
-    }
-#else
-    db = dbopen(fn, flags, mode, DB_BTREE, NULL);
-#endif
-    free(fn);
-    return (DBM*)db;
-}
-
-int ROKEN_LIB_FUNCTION
-dbm_store (DBM *db, datum dkey, datum dvalue, int flags)
-{
-    int ret;
-    DBT key, value;
-    int myflags = 0;
-    if((flags & DBM_REPLACE) == 0)
-	myflags |= DB_NOOVERWRITE;
-    DATUM2DBT(&dkey, &key);
-    DATUM2DBT(&dvalue, &value);    
-    ret = D(db)->put(D(db), 
-#ifdef HAVE_DB3
-		     NULL, 
-#endif
-&key, &value, myflags);
-    if(ret == DB_KEYEXIST)
-	return 1;
-    RETURN(ret);
-}
-
-int ROKEN_LIB_FUNCTION
-dbm_error (DBM *db)
-{
-    return 0;
-}
-
-int ROKEN_LIB_FUNCTION
-dbm_clearerr (DBM *db)
-{
-    return 0;
-}
-
diff --git a/crypto/heimdal/lib/roken/ndbm_wrap.h b/crypto/heimdal/lib/roken/ndbm_wrap.h
deleted file mode 100644
index 414940249dba..000000000000
--- a/crypto/heimdal/lib/roken/ndbm_wrap.h
+++ /dev/null
@@ -1,91 +0,0 @@
-/*
- * Copyright (c) 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: ndbm_wrap.h 14773 2005-04-12 11:29:18Z lha $ */
-
-#ifndef __ndbm_wrap_h__
-#define __ndbm_wrap_h__
-
-#include <stdio.h>
-#include <sys/types.h>
-
-#ifndef ROKEN_LIB_FUNCTION
-#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
-#else
-#define ROKEN_LIB_FUNCTION
-#endif
-#endif
-
-#ifndef dbm_rename
-#define dbm_rename(X)	__roken_ ## X
-#endif
-
-#define dbm_open	dbm_rename(dbm_open)
-#define dbm_close	dbm_rename(dbm_close)
-#define dbm_delete	dbm_rename(dbm_delete)
-#define dbm_fetch	dbm_rename(dbm_fetch)
-#define dbm_get		dbm_rename(dbm_get)
-#define dbm_firstkey	dbm_rename(dbm_firstkey)
-#define dbm_nextkey	dbm_rename(dbm_nextkey)
-#define dbm_store	dbm_rename(dbm_store)
-#define dbm_error	dbm_rename(dbm_error)
-#define dbm_clearerr	dbm_rename(dbm_clearerr)
-
-#define datum		dbm_rename(datum)
-
-typedef struct {
-    void *dptr;
-    size_t dsize;
-} datum;
-
-#define DBM_REPLACE 1
-typedef struct DBM DBM;
-
-#if 0
-typedef struct {
-    int dummy;
-} DBM;
-#endif
-
-int ROKEN_LIB_FUNCTION dbm_clearerr (DBM*);
-void ROKEN_LIB_FUNCTION dbm_close (DBM*);
-int ROKEN_LIB_FUNCTION dbm_delete (DBM*, datum);
-int ROKEN_LIB_FUNCTION dbm_error (DBM*);
-datum ROKEN_LIB_FUNCTION dbm_fetch (DBM*, datum);
-datum ROKEN_LIB_FUNCTION dbm_firstkey (DBM*);
-datum ROKEN_LIB_FUNCTION dbm_nextkey (DBM*);
-DBM* ROKEN_LIB_FUNCTION dbm_open (const char*, int, mode_t);
-int ROKEN_LIB_FUNCTION dbm_store (DBM*, datum, datum, int);
-
-#endif /* __ndbm_wrap_h__ */
diff --git a/crypto/heimdal/lib/roken/net_read.c b/crypto/heimdal/lib/roken/net_read.c
deleted file mode 100644
index effc00112b7d..000000000000
--- a/crypto/heimdal/lib/roken/net_read.c
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: net_read.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#include <sys/types.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include "roken.h"
-
-/*
- * Like read but never return partial data.
- */
-
-ssize_t ROKEN_LIB_FUNCTION
-net_read (int fd, void *buf, size_t nbytes)
-{
-    char *cbuf = (char *)buf;
-    ssize_t count;
-    size_t rem = nbytes;
-
-    while (rem > 0) {
-#ifdef WIN32
-	count = recv (fd, cbuf, rem, 0);
-#else
-	count = read (fd, cbuf, rem);
-#endif
-	if (count < 0) {
-	    if (errno == EINTR)
-		continue;
-	    else
-		return count;
-	} else if (count == 0) {
-	    return count;
-	}
-	cbuf += count;
-	rem -= count;
-    }
-    return nbytes;
-}
diff --git a/crypto/heimdal/lib/roken/net_write.c b/crypto/heimdal/lib/roken/net_write.c
deleted file mode 100644
index a68317f61247..000000000000
--- a/crypto/heimdal/lib/roken/net_write.c
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: net_write.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#include <sys/types.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include "roken.h"
-
-/*
- * Like write but never return partial data.
- */
-
-ssize_t ROKEN_LIB_FUNCTION
-net_write (int fd, const void *buf, size_t nbytes)
-{
-    const char *cbuf = (const char *)buf;
-    ssize_t count;
-    size_t rem = nbytes;
-
-    while (rem > 0) {
-#ifdef WIN32
-	count = send (fd, cbuf, rem, 0);
-#else
-	count = write (fd, cbuf, rem);
-#endif
-	if (count < 0) {
-	    if (errno == EINTR)
-		continue;
-	    else
-		return count;
-	}
-	cbuf += count;
-	rem -= count;
-    }
-    return nbytes;
-}
diff --git a/crypto/heimdal/lib/roken/parse_bytes-test.c b/crypto/heimdal/lib/roken/parse_bytes-test.c
deleted file mode 100644
index 5e55b307c163..000000000000
--- a/crypto/heimdal/lib/roken/parse_bytes-test.c
+++ /dev/null
@@ -1,92 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: parse_bytes-test.c 10655 2001-09-04 09:56:00Z assar $");
-#endif
-
-#include "roken.h"
-#include "parse_bytes.h"
-
-static struct testcase {
-    int canonicalp;
-    int val;
-    const char *def_unit;
-    const char *str;
-} tests[] = {
-    {0, 0, NULL, "0 bytes"},
-    {1, 0, NULL, "0"},
-    {0, 1, NULL, "1"},
-    {1, 1, NULL, "1 byte"},
-    {0, 0, "kilobyte", "0"},
-    {0, 1024, "kilobyte", "1"},
-    {1, 1024, "kilobyte", "1 kilobyte"},
-    {1, 1024 * 1024, NULL, "1 megabyte"},
-    {0, 1025, NULL, "1 kilobyte 1"},
-    {1, 1025, NULL, "1 kilobyte 1 byte"},
-};
-
-int
-main(int argc, char **argv)
-{
-    int i;
-    int ret = 0;
-
-    for (i = 0; i < sizeof(tests)/sizeof(tests[0]); ++i) {
-	char buf[256];
-	int val = parse_bytes (tests[i].str, tests[i].def_unit);
-	int len;
-
-	if (val != tests[i].val) {
-	    printf ("parse_bytes (%s, %s) = %d != %d\n",
-		    tests[i].str,
-		    tests[i].def_unit ? tests[i].def_unit : "none",
-		    val, tests[i].val);
-	    ++ret;
-	}
-	if (tests[i].canonicalp) {
-	    len = unparse_bytes (tests[i].val, buf, sizeof(buf));
-	    if (strcmp (tests[i].str, buf) != 0) {
-		printf ("unparse_bytes (%d) = \"%s\" != \"%s\"\n",
-			tests[i].val, buf, tests[i].str);
-		++ret;
-	    }
-	}    
-    }
-    if (ret) {
-	printf ("%d errors\n", ret);
-	return 1;
-    } else
-	return 0;
-}
diff --git a/crypto/heimdal/lib/roken/parse_bytes.c b/crypto/heimdal/lib/roken/parse_bytes.c
deleted file mode 100644
index 4ab02b41557c..000000000000
--- a/crypto/heimdal/lib/roken/parse_bytes.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: parse_bytes.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include <parse_units.h>
-#include "parse_bytes.h"
-
-static struct units bytes_units[] = {
-    { "gigabyte", 1024 * 1024 * 1024 },
-    { "gbyte", 1024 * 1024 * 1024 },
-    { "GB", 1024 * 1024 * 1024 },
-    { "megabyte", 1024 * 1024 },
-    { "mbyte", 1024 * 1024 },
-    { "MB", 1024 * 1024 },
-    { "kilobyte", 1024 },
-    { "KB", 1024 },
-    { "byte", 1 },
-    { NULL, 0 }
-};
-
-static struct units bytes_short_units[] = {
-    { "GB", 1024 * 1024 * 1024 },
-    { "MB", 1024 * 1024 },
-    { "KB", 1024 },
-    { NULL, 0 }
-};
-
-int ROKEN_LIB_FUNCTION
-parse_bytes (const char *s, const char *def_unit)
-{
-    return parse_units (s, bytes_units, def_unit);
-}
-
-int ROKEN_LIB_FUNCTION
-unparse_bytes (int t, char *s, size_t len)
-{
-    return unparse_units (t, bytes_units, s, len);
-}
-
-int ROKEN_LIB_FUNCTION
-unparse_bytes_short (int t, char *s, size_t len)
-{
-    return unparse_units_approx (t, bytes_short_units, s, len);
-}
diff --git a/crypto/heimdal/lib/roken/parse_bytes.h b/crypto/heimdal/lib/roken/parse_bytes.h
deleted file mode 100644
index 1998f70736ad..000000000000
--- a/crypto/heimdal/lib/roken/parse_bytes.h
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: parse_bytes.h 14787 2005-04-13 13:19:07Z lha $ */
-
-#ifndef __PARSE_BYTES_H__
-#define __PARSE_BYTES_H__
-
-#ifndef ROKEN_LIB_FUNCTION
-#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
-#else
-#define ROKEN_LIB_FUNCTION
-#endif
-#endif
-
-int ROKEN_LIB_FUNCTION
-parse_bytes (const char *s, const char *def_unit);
-
-int ROKEN_LIB_FUNCTION
-unparse_bytes (int t, char *s, size_t len);
-
-int ROKEN_LIB_FUNCTION
-unparse_bytes_short (int t, char *s, size_t len);
-
-#endif /* __PARSE_BYTES_H__ */
diff --git a/crypto/heimdal/lib/roken/parse_reply-test.c b/crypto/heimdal/lib/roken/parse_reply-test.c
deleted file mode 100644
index f6342efd7e35..000000000000
--- a/crypto/heimdal/lib/roken/parse_reply-test.c
+++ /dev/null
@@ -1,129 +0,0 @@
-/*
- * Copyright (c) 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: parse_reply-test.c 15287 2005-05-29 21:21:12Z lha $");
-#endif
-
-#include <sys/types.h>
-#ifdef HAVE_SYS_MMAN_H
-#include <sys/mman.h>
-#endif
-#include <fcntl.h>
-
-#include "roken.h"
-#include "resolve.h"
-
-struct dns_reply*
-parse_reply(const unsigned char *, size_t);
-
-enum { MAX_BUF = 36};
-
-static struct testcase {
-    unsigned char buf[MAX_BUF];
-    size_t buf_len;
-} tests[] = {
-    {{0x12, 0x67, 0x84, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
-     0x03, 'f', 'o', 'o', 0x00,
-     0x00, 0x10, 0x00, 0x01,
-     0x03, 'f', 'o', 'o', 0x00,
-     0x00, 0x10, 0x00, 0x01,
-      0x00, 0x00, 0x12, 0x67, 0xff, 0xff}, 36}
-};
-
-#ifndef MAP_FAILED
-#define MAP_FAILED (-1)
-#endif
-
-static sig_atomic_t val = 0;
-
-static RETSIGTYPE
-segv_handler(int sig)
-{
-    val = 1;
-}
-
-int
-main(int argc, char **argv)
-{
-#ifndef HAVE_MMAP
-    return 77;			/* signal to automake that this test
-                                   cannot be run */
-#else /* HAVE_MMAP */
-    int ret;
-    int i;
-    struct sigaction sa;
-
-    sigemptyset (&sa.sa_mask);
-    sa.sa_flags = 0;
-    sa.sa_handler = segv_handler;
-    sigaction (SIGSEGV, &sa, NULL);
-
-    for (i = 0; val == 0 && i < sizeof(tests)/sizeof(tests[0]); ++i) {
-	const struct testcase *t = &tests[i];
-	unsigned char *p1, *p2;
-	int flags;
-	int fd;
-	size_t pagesize = getpagesize();
-	unsigned char *buf;
-
-#ifdef MAP_ANON
-	flags = MAP_ANON;
-	fd = -1;
-#else
-	flags = 0;
-	fd = open ("/dev/zero", O_RDONLY);
-	if(fd < 0)
-	    err (1, "open /dev/zero");
-#endif
-	flags |= MAP_PRIVATE;
-
-	p1 = (unsigned char *)mmap(0, 2 * pagesize, PROT_READ | PROT_WRITE,
-		  flags, fd, 0);
-	if (p1 == (unsigned char *)MAP_FAILED)
-	    err (1, "mmap");
-	p2 = p1 + pagesize;
-	ret = mprotect ((void *)p2, pagesize, 0);
-	if (ret < 0)
-	    err (1, "mprotect");
-	buf = p2 - t->buf_len;
-	memcpy (buf, t->buf, t->buf_len);
-	parse_reply (buf, t->buf_len);
-	ret = munmap ((void *)p1, 2 * pagesize);
-	if (ret < 0)
-	    err (1, "munmap");
-    }
-    return val;
-#endif /* HAVE_MMAP */
-}
diff --git a/crypto/heimdal/lib/roken/parse_time-test.c b/crypto/heimdal/lib/roken/parse_time-test.c
deleted file mode 100644
index 0ce7063b381f..000000000000
--- a/crypto/heimdal/lib/roken/parse_time-test.c
+++ /dev/null
@@ -1,118 +0,0 @@
-/*
- * Copyright (c) 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: parse_time-test.c 15028 2005-04-30 14:48:29Z lha $");
-#endif
-
-#include "roken.h"
-#include "parse_time.h"
-#include "test-mem.h"
-#include "err.h"
-
-static struct testcase {
-    size_t size;
-    time_t val;
-    char *str;
-} tests[] = {
-    { 8, 1,		"1 second" },
-    { 17, 61,		"1 minute 1 second" },
-    { 18, 62,		"1 minute 2 seconds" },
-    { 8, 60,		"1 minute" },
-    { 6, 3600,	 	"1 hour" },
-    { 15, 3601,	 	"1 hour 1 second" },
-    { 16, 3602,	 	"1 hour 2 seconds" }
-};
-
-int
-main(int argc, char **argv)
-{
-    size_t sz;
-    size_t buf_sz;
-    int i, j;
-
-    for (i = 0; i < sizeof(tests)/sizeof(tests[0]); ++i) {
-	char *buf;
-
-	sz = unparse_time(tests[i].val, NULL, 0);
-	if  (sz != tests[i].size)
-	    errx(1, "sz (%lu) != tests[%d].size (%lu)",
-		 (unsigned long)sz, i, (unsigned long)tests[i].size);
-	
-	for (buf_sz = 0; buf_sz < tests[i].size + 2; buf_sz++) {
-
-	    buf = rk_test_mem_alloc(RK_TM_OVERRUN, "overrun",
-				    NULL, buf_sz);
-	    sz = unparse_time(tests[i].val, buf, buf_sz);
-	    if (sz != tests[i].size)
-		errx(1, "sz (%lu) != tests[%d].size (%lu) with in size %lu",
-		     (unsigned long)sz, i, 
-		     (unsigned long)tests[i].size,
-		     (unsigned long)buf_sz);
-	    if (buf_sz > 0 && memcmp(buf, tests[i].str, buf_sz - 1) != 0)
-		errx(1, "test %i wrong result %s vs %s", i, buf, tests[i].str);
-	    if (buf_sz > 0 && buf[buf_sz - 1] != '\0')
-		errx(1, "test %i not zero terminated", i);
-	    rk_test_mem_free("overrun");
-
-	    buf = rk_test_mem_alloc(RK_TM_UNDERRUN, "underrun", 
-				    NULL, tests[i].size);
-	    sz = unparse_time(tests[i].val, buf, buf_sz);
-	    if (sz != tests[i].size)
-		errx(1, "sz (%lu) != tests[%d].size (%lu) with insize %lu",
-		     (unsigned long)sz, i,
-		     (unsigned long)tests[i].size,
-		     (unsigned long)buf_sz);
-	    if (buf_sz > 0 && strncmp(buf, tests[i].str, buf_sz - 1) != 0)
-		errx(1, "test %i wrong result %s vs %s", i, buf, tests[i].str);
-	    if (buf_sz > 0 && buf[buf_sz - 1] != '\0')
-		errx(1, "test %i not zero terminated", i);
-	    rk_test_mem_free("underrun");
-	}
-	buf = rk_test_mem_alloc(RK_TM_OVERRUN, "overrun",
-				tests[i].str, tests[i].size + 1);
-	j = parse_time(buf, "s");
-	if (j != tests[i].val)
-	    errx(1, "parse_time failed for test %d", i);
-	rk_test_mem_free("overrun");
-
-	buf = rk_test_mem_alloc(RK_TM_UNDERRUN, "underrun",
-				tests[i].str, tests[i].size + 1);
-	j = parse_time(buf, "s");
-	if (j != tests[i].val)
-	    errx(1, "parse_time failed for test %d", i);
-	rk_test_mem_free("underrun");
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/lib/roken/parse_time.3 b/crypto/heimdal/lib/roken/parse_time.3
deleted file mode 100644
index f7a801b51f69..000000000000
--- a/crypto/heimdal/lib/roken/parse_time.3
+++ /dev/null
@@ -1,173 +0,0 @@
-.\" Copyright (c) 2004 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" $Id: parse_time.3 14325 2004-10-30 22:34:28Z lha $
-.\"
-.Dd October 31, 2004
-.Dt PARSE_TIME 3
-.Os HEIMDAL
-.Sh NAME
-.Nm parse_time ,
-.Nm print_time_table ,
-.Nm unparse_time ,
-.Nm unparse_time_approx ,
-.Nd parse and unparse time intervals
-.Sh LIBRARY
-The roken library (libroken, -lroken)
-.Sh SYNOPSIS
-.Fd #include <parse_time.h>
-.Ft int
-.Fn parse_time "const char *timespec" "const char *def_unit"
-.Ft void
-.Fn print_time_table "FILE *f"
-.Ft size_t
-.Fn unparse_time "int seconds" "char *buf" "size_t len"
-.Ft size_t
-.Fn unparse_time_approx "int seconds" "char *buf" "size_t len"
-.Sh DESCRIPTION
-The 
-.Fn parse_time
-function converts a the period of time specified in
-into a number of seconds.
-The 
-.Fa timespec
-can be any number of 
-.Aq number unit
-pairs separated by comma and whitespace. The number can be
-negative. Number without explicit units are taken as being
-.Fa def_unit .
-.Pp
-The
-.Fn unparse_time
-and
-.Fn unparse_time_approx
-does the opposite of 
-.Fn parse_time ,
-that is they take a number of seconds and express that as human
-readable string. 
-.Fa unparse_time
-produces an exact time, while 
-.Fa unparse_time_approx
-restricts the result to only include one units.
-.Pp
-.Fn print_time_table
-prints a descriptive list of available units on the passed file
-descriptor.
-.Pp
-The possible units include:
-.Bl -tag -width "month" -compact -offset indent
-.It Li second , s
-.It Li minute , m
-.It Li hour , h
-.It day
-.It week
-seven days
-.It month
-30 days
-.It year
-365 days
-.El
-.Pp
-Units names can be arbitrarily abbreviated (as long as they are
-unique).
-.Sh RETURN VALUES
-.Fn parse_time
-returns the number of seconds that represents the expression in 
-.Fa timespec
-or -1 on error.
-.Fn unparse_time
-and 
-.Fn unparse_time_approx 
-return the number of characters written to 
-.Fa buf .
-if the return value is greater than or equal to the
-.Fa len
-argument, the string was too short and some of the printed characters
-were discarded.
-.Sh EXAMPLES
-.Bd -literal
-#include <stdio.h>
-#include <parse_time.h>
-
-int
-main(int argc, char **argv)
-{
-    int i;
-    int result;
-    char buf[128];
-    print_time_table(stdout);
-    for (i = 1; i < argc; i++) {
-	result = parse_time(argv[i], "second");
-	if(result == -1) {
-	    fprintf(stderr, "%s: parse error\\n", argv[i]);
-	    continue;
-	}
-	printf("--\\n");
-	printf("parse_time = %d\\n", result);
-	unparse_time(result, buf, sizeof(buf));
-	printf("unparse_time = %s\\n", buf);
-	unparse_time_approx(result, buf, sizeof(buf));
-	printf("unparse_time_approx = %s\\n", buf);
-    }
-    return 0;
-}
-.Ed
-.Bd -literal
-$ ./a.out "1 minute 30 seconds" "90 s" "1 y -1 s"     
-1   year = 365 days
-1  month = 30 days
-1   week = 7 days
-1    day = 24 hours
-1   hour = 60 minutes
-1 minute = 60 seconds
-1 second
---
-parse_time = 90
-unparse_time = 1 minute 30 seconds
-unparse_time_approx = 1 minute
---
-parse_time = 90
-unparse_time = 1 minute 30 seconds
-unparse_time_approx = 1 minute
---
-parse_time = 31535999
-unparse_time = 12 months 4 days 23 hours 59 minutes 59 seconds
-unparse_time_approx = 12 months
-.Ed
-.Sh BUGS
-Since
-.Fn parse_time
-returns -1 on error there is no way to parse "minus one second".
-Currently "s" at the end of units is ignored. This is a hack for
-English plural forms. If these functions are ever localised, this
-scheme will have to change.
-.\".Sh SEE ALSO
-.\".Xr parse_bytes 3
-.\".Xr parse_units 3
diff --git a/crypto/heimdal/lib/roken/parse_time.c b/crypto/heimdal/lib/roken/parse_time.c
deleted file mode 100644
index 1c39bde4e8a0..000000000000
--- a/crypto/heimdal/lib/roken/parse_time.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * Copyright (c) 1997, 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: parse_time.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include <parse_units.h>
-#include "parse_time.h"
-
-static struct units time_units[] = {
-    {"year",	365 * 24 * 60 * 60},
-    {"month",	30 * 24 * 60 * 60},
-    {"week",	7 * 24 * 60 * 60},
-    {"day",	24 * 60 * 60},
-    {"hour",	60 * 60},
-    {"h",	60 * 60},
-    {"minute",	60},
-    {"m",	60},
-    {"second",	1},
-    {"s",	1},
-    {NULL, 0},
-};
-
-int ROKEN_LIB_FUNCTION
-parse_time (const char *s, const char *def_unit)
-{
-    return parse_units (s, time_units, def_unit);
-}
-
-size_t ROKEN_LIB_FUNCTION
-unparse_time (int t, char *s, size_t len)
-{
-    return unparse_units (t, time_units, s, len);
-}
-
-size_t ROKEN_LIB_FUNCTION
-unparse_time_approx (int t, char *s, size_t len)
-{
-    return unparse_units_approx (t, time_units, s, len);
-}
-
-void ROKEN_LIB_FUNCTION
-print_time_table (FILE *f)
-{
-    print_units_table (time_units, f);
-}
diff --git a/crypto/heimdal/lib/roken/parse_time.h b/crypto/heimdal/lib/roken/parse_time.h
deleted file mode 100644
index 4dc2da08bcb2..000000000000
--- a/crypto/heimdal/lib/roken/parse_time.h
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: parse_time.h 14773 2005-04-12 11:29:18Z lha $ */
-
-#ifndef __PARSE_TIME_H__
-#define __PARSE_TIME_H__
-
-#ifndef ROKEN_LIB_FUNCTION
-#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
-#else
-#define ROKEN_LIB_FUNCTION
-#endif
-#endif
-
-int
-parse_time (const char *s, const char *def_unit);
-
-size_t
-unparse_time (int t, char *s, size_t len);
-
-size_t
-unparse_time_approx (int t, char *s, size_t len);
-
-void
-print_time_table (FILE *f);
-
-#endif /* __PARSE_TIME_H__ */
diff --git a/crypto/heimdal/lib/roken/parse_units.c b/crypto/heimdal/lib/roken/parse_units.c
deleted file mode 100644
index 1960beca0710..000000000000
--- a/crypto/heimdal/lib/roken/parse_units.c
+++ /dev/null
@@ -1,330 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: parse_units.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#include <stdio.h>
-#include <ctype.h>
-#include <string.h>
-#include "roken.h"
-#include "parse_units.h"
-
-/*
- * Parse string in `s' according to `units' and return value.
- * def_unit defines the default unit.
- */
-
-static int
-parse_something (const char *s, const struct units *units,
-		 const char *def_unit,
-		 int (*func)(int res, int val, unsigned mult),
-		 int init,
-		 int accept_no_val_p)
-{
-    const char *p;
-    int res = init;
-    unsigned def_mult = 1;
-
-    if (def_unit != NULL) {
-	const struct units *u;
-
-	for (u = units; u->name; ++u) {
-	    if (strcasecmp (u->name, def_unit) == 0) {
-		def_mult = u->mult;
-		break;
-	    }
-	}
-	if (u->name == NULL)
-	    return -1;
-    }
-
-    p = s;
-    while (*p) {
-	double val;
-	char *next;
-	const struct units *u, *partial_unit;
-	size_t u_len;
-	unsigned partial;
-	int no_val_p = 0;
-
-	while(isspace((unsigned char)*p) || *p == ',')
-	    ++p;
-
-	val = strtod (p, &next); /* strtol(p, &next, 0); */
-	if (p == next) {
-	    val = 0;
-	    if(!accept_no_val_p)
-		return -1;
-	    no_val_p = 1;
-	}
-	p = next;
-	while (isspace((unsigned char)*p))
-	    ++p;
-	if (*p == '\0') {
-	    res = (*func)(res, val, def_mult);
-	    if (res < 0)
-		return res;
-	    break;
-	} else if (*p == '+') {
-	    ++p;
-	    val = 1;
-	} else if (*p == '-') {
-	    ++p;
-	    val = -1;
-	}
-	if (no_val_p && val == 0)
-	    val = 1;
-	u_len = strcspn (p, ", \t");
-	partial = 0;
-	partial_unit = NULL;
-	if (u_len > 1 && p[u_len - 1] == 's')
-	    --u_len;
-	for (u = units; u->name; ++u) {
-	    if (strncasecmp (p, u->name, u_len) == 0) {
-		if (u_len == strlen (u->name)) {
-		    p += u_len;
-		    res = (*func)(res, val, u->mult);
-		    if (res < 0)
-			return res;
-		    break;
-		} else {
-		    ++partial;
-		    partial_unit = u;
-		}
-	    }
-	}
-	if (u->name == NULL) {
-	    if (partial == 1) {
-		p += u_len;
-		res = (*func)(res, val, partial_unit->mult);
-		if (res < 0)
-		    return res;
-	    } else {
-		return -1;
-	    }
-	}
-	if (*p == 's')
-	    ++p;
-    }
-    return res;
-}
-
-/*
- * The string consists of a sequence of `n unit'
- */
-
-static int
-acc_units(int res, int val, unsigned mult)
-{
-    return res + val * mult;
-}
-
-int ROKEN_LIB_FUNCTION
-parse_units (const char *s, const struct units *units,
-	     const char *def_unit)
-{
-    return parse_something (s, units, def_unit, acc_units, 0, 0);
-}
-
-/*
- * The string consists of a sequence of `[+-]flag'.  `orig' consists
- * the original set of flags, those are then modified and returned as
- * the function value.
- */
-
-static int
-acc_flags(int res, int val, unsigned mult)
-{
-    if(val == 1)
-	return res | mult;
-    else if(val == -1)
-	return res & ~mult;
-    else if (val == 0)
-	return mult;
-    else
-	return -1;
-}
-
-int ROKEN_LIB_FUNCTION
-parse_flags (const char *s, const struct units *units,
-	     int orig)
-{
-    return parse_something (s, units, NULL, acc_flags, orig, 1);
-}
-
-/*
- * Return a string representation according to `units' of `num' in `s'
- * with maximum length `len'.  The actual length is the function value.
- */
-
-static int
-unparse_something (int num, const struct units *units, char *s, size_t len,
-		   int (*print) (char *, size_t, int, const char *, int),
-		   int (*update) (int, unsigned),
-		   const char *zero_string)
-{
-    const struct units *u;
-    int ret = 0, tmp;
-
-    if (num == 0)
-	return snprintf (s, len, "%s", zero_string);
-
-    for (u = units; num > 0 && u->name; ++u) {
-	int divisor;
-
-	divisor = num / u->mult;
-	if (divisor) {
-	    num = (*update) (num, u->mult);
-	    tmp = (*print) (s, len, divisor, u->name, num);
-	    if (tmp < 0)
-		return tmp;
-	    if (tmp > len) {
-		len = 0;
-		s = NULL;
-	    } else {
-		len -= tmp;
-		s += tmp;
-	    }
-	    ret += tmp;
-	}
-    }
-    return ret;
-}
-
-static int
-print_unit (char *s, size_t len, int divisor, const char *name, int rem)
-{
-    return snprintf (s, len, "%u %s%s%s",
-		     divisor, name,
-		     divisor == 1 ? "" : "s",
-		     rem > 0 ? " " : "");
-}
-
-static int
-update_unit (int in, unsigned mult)
-{
-    return in % mult;
-}
-
-static int
-update_unit_approx (int in, unsigned mult)
-{
-    if (in / mult > 0)
-	return 0;
-    else
-	return update_unit (in, mult);
-}
-
-int ROKEN_LIB_FUNCTION
-unparse_units (int num, const struct units *units, char *s, size_t len)
-{
-    return unparse_something (num, units, s, len,
-			      print_unit,
-			      update_unit,
-			      "0");
-}
-
-int ROKEN_LIB_FUNCTION
-unparse_units_approx (int num, const struct units *units, char *s, size_t len)
-{
-    return unparse_something (num, units, s, len,
-			      print_unit,
-			      update_unit_approx,
-			      "0");
-}
-
-void ROKEN_LIB_FUNCTION
-print_units_table (const struct units *units, FILE *f)
-{
-    const struct units *u, *u2;
-    unsigned max_sz = 0;
-
-    for (u = units; u->name; ++u) {
-	max_sz = max(max_sz, strlen(u->name));
-    }
-
-    for (u = units; u->name;) {
-	char buf[1024];
-	const struct units *next;
-
-	for (next = u + 1; next->name && next->mult == u->mult; ++next)
-	    ;
-
-	if (next->name) {
-	    for (u2 = next;
-		 u2->name && u->mult % u2->mult != 0;
-		 ++u2)
-		;
-	    if (u2->name == NULL)
-		--u2;
-	    unparse_units (u->mult, u2, buf, sizeof(buf));
-	    fprintf (f, "1 %*s = %s\n", max_sz, u->name, buf);
-	} else {
-	    fprintf (f, "1 %s\n", u->name);
-	}
-	u = next;
-    }
-}
-
-static int
-print_flag (char *s, size_t len, int divisor, const char *name, int rem)
-{
-    return snprintf (s, len, "%s%s", name, rem > 0 ? ", " : "");
-}
-
-static int
-update_flag (int in, unsigned mult)
-{
-    return in - mult;
-}
-
-int ROKEN_LIB_FUNCTION
-unparse_flags (int num, const struct units *units, char *s, size_t len)
-{
-    return unparse_something (num, units, s, len,
-			      print_flag,
-			      update_flag,
-			      "");
-}
-
-void ROKEN_LIB_FUNCTION
-print_flags_table (const struct units *units, FILE *f)
-{
-    const struct units *u;
-
-    for(u = units; u->name; ++u)
-	fprintf(f, "%s%s", u->name, (u+1)->name ? ", " : "\n");
-}
diff --git a/crypto/heimdal/lib/roken/parse_units.h b/crypto/heimdal/lib/roken/parse_units.h
deleted file mode 100644
index a42154d4869f..000000000000
--- a/crypto/heimdal/lib/roken/parse_units.h
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: parse_units.h 14773 2005-04-12 11:29:18Z lha $ */
-
-#ifndef __PARSE_UNITS_H__
-#define __PARSE_UNITS_H__
-
-#include <stdio.h>
-#include <stddef.h>
-
-#ifndef ROKEN_LIB_FUNCTION
-#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
-#else
-#define ROKEN_LIB_FUNCTION
-#endif
-#endif
-
-struct units {
-    const char *name;
-    unsigned mult;
-};
-
-int ROKEN_LIB_FUNCTION
-parse_units (const char *s, const struct units *units,
-	     const char *def_unit);
-
-void ROKEN_LIB_FUNCTION
-print_units_table (const struct units *units, FILE *f);
-
-int ROKEN_LIB_FUNCTION
-parse_flags (const char *s, const struct units *units,
-	     int orig);
-
-int ROKEN_LIB_FUNCTION
-unparse_units (int num, const struct units *units, char *s, size_t len);
-
-int ROKEN_LIB_FUNCTION
-unparse_units_approx (int num, const struct units *units, char *s,
-		      size_t len);
-
-int ROKEN_LIB_FUNCTION
-unparse_flags (int num, const struct units *units, char *s, size_t len);
-
-void ROKEN_LIB_FUNCTION
-print_flags_table (const struct units *units, FILE *f);
-
-#endif /* __PARSE_UNITS_H__ */
diff --git a/crypto/heimdal/lib/roken/print_version.c b/crypto/heimdal/lib/roken/print_version.c
deleted file mode 100644
index b5ce816eb604..000000000000
--- a/crypto/heimdal/lib/roken/print_version.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * Copyright (c) 1998 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: print_version.c,v 1.8 2001/02/20 01:44:55 assar Exp $");
-#endif
-#include "roken.h"
-
-#include "print_version.h"
-
-void
-print_version(const char *progname)
-{
-    const char *arg[] = VERSIONLIST;
-    const int num_args = sizeof(arg) / sizeof(arg[0]);
-    char *msg;
-    size_t len = 0;
-    int i;
-    
-    if(progname == NULL)
-	progname = getprogname();
-    
-    if(num_args == 0)
-	msg = "no version information";
-    else {
-	for(i = 0; i < num_args; i++) {
-	    if(i > 0)
-		len += 2;
-	    len += strlen(arg[i]);
-	}
-	msg = malloc(len + 1);
-	if(msg == NULL) {
-	    fprintf(stderr, "%s: out of memory\n", progname);
-	    return;
-	}
-	msg[0] = '\0';
-	for(i = 0; i < num_args; i++) {
-	    if(i > 0)
-		strcat(msg, ", ");
-	    strcat(msg, arg[i]);
-	}
-    }
-    fprintf(stderr, "%s (%s)\n", progname, msg);
-    fprintf(stderr, "Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan\n");
-    if(num_args != 0)
-	free(msg);
-}
diff --git a/crypto/heimdal/lib/roken/putenv.c b/crypto/heimdal/lib/roken/putenv.c
deleted file mode 100644
index 5e501dcc0f27..000000000000
--- a/crypto/heimdal/lib/roken/putenv.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: putenv.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include <stdlib.h>
-
-extern char **environ;
-
-/*
- * putenv --
- *	String points to a string of the form name=value.
- *
- *      Makes the value of the environment variable name equal to
- *      value by altering an existing variable or creating a new one.
- */
-
-int ROKEN_LIB_FUNCTION
-putenv(const char *string)
-{
-    int i;
-    const char *eq = (const char *)strchr(string, '=');
-    int len;
-    
-    if (eq == NULL)
-	return 1;
-    len = eq - string;
-
-    if(environ == NULL) {
-	environ = malloc(sizeof(char*));
-	if(environ == NULL)
-	    return 1;
-	environ[0] = NULL;
-    }
-
-    for(i = 0; environ[i] != NULL; i++)
-	if(strncmp(string, environ[i], len) == 0) {
-	    environ[i] = string;
-	    return 0;
-	}
-    environ = realloc(environ, sizeof(char*) * (i + 2));
-    if(environ == NULL)
-	return 1;
-    environ[i]   = string;
-    environ[i+1] = NULL;
-    return 0;
-}
diff --git a/crypto/heimdal/lib/roken/rcmd.c b/crypto/heimdal/lib/roken/rcmd.c
deleted file mode 100644
index e732fe3c2a86..000000000000
--- a/crypto/heimdal/lib/roken/rcmd.c
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: rcmd.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-#include <stdio.h>
-
-int ROKEN_LIB_FUNCTION
-rcmd(char **ahost,
-     unsigned short inport,
-     const char *locuser,
-     const char *remuser,
-     const char *cmd,
-     int *fd2p)
-{
-  fprintf(stderr, "Only kerberized services are implemented\n");
-  return -1;
-}
diff --git a/crypto/heimdal/lib/roken/readv.c b/crypto/heimdal/lib/roken/readv.c
deleted file mode 100644
index b49890ebd6ed..000000000000
--- a/crypto/heimdal/lib/roken/readv.c
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: readv.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-ssize_t ROKEN_LIB_FUNCTION
-readv(int d, const struct iovec *iov, int iovcnt)
-{
-    ssize_t ret, nb;
-    size_t tot = 0;
-    int i;
-    char *buf, *p;
-
-    for(i = 0; i < iovcnt; ++i)
-	tot += iov[i].iov_len;
-    buf = malloc(tot);
-    if (tot != 0 && buf == NULL) {
-	errno = ENOMEM;
-	return -1;
-    }
-    nb = ret = read (d, buf, tot);
-    p = buf;
-    while (nb > 0) {
-	ssize_t cnt = min(nb, iov->iov_len);
-
-	memcpy (iov->iov_base, p, cnt);
-	p += cnt;
-	nb -= cnt;
-    }
-    free(buf);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/realloc.c b/crypto/heimdal/lib/roken/realloc.c
deleted file mode 100644
index 33e898c34302..000000000000
--- a/crypto/heimdal/lib/roken/realloc.c
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright (c) 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#undef realloc
-#endif
-#include <stdlib.h>
-#include "roken.h"
-
-RCSID("$Id");
-
-
-void * ROKEN_LIB_FUNCTION
-rk_realloc(void *ptr, size_t size)
-{
-    if (ptr == NULL)
-	return malloc(size);
-    return realloc(ptr, size);
-}
diff --git a/crypto/heimdal/lib/roken/recvmsg.c b/crypto/heimdal/lib/roken/recvmsg.c
deleted file mode 100644
index d92186c1b9f6..000000000000
--- a/crypto/heimdal/lib/roken/recvmsg.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: recvmsg.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-ssize_t ROKEN_LIB_FUNCTION
-recvmsg(int s, struct msghdr *msg, int flags)
-{
-    ssize_t ret, nb;
-    size_t tot = 0;
-    int i;
-    char *buf, *p;
-    struct iovec *iov = msg->msg_iov;
-
-    for(i = 0; i < msg->msg_iovlen; ++i)
-	tot += iov[i].iov_len;
-    buf = malloc(tot);
-    if (tot != 0 && buf == NULL) {
-	errno = ENOMEM;
-	return -1;
-    }
-    nb = ret = recvfrom (s, buf, tot, flags, msg->msg_name, &msg->msg_namelen);
-    p = buf;
-    while (nb > 0) {
-	ssize_t cnt = min(nb, iov->iov_len);
-
-	memcpy (iov->iov_base, p, cnt);
-	p += cnt;
-	nb -= cnt;
-	++iov;
-    }
-    free(buf);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/resolve-test.c b/crypto/heimdal/lib/roken/resolve-test.c
deleted file mode 100644
index 106cfd71b3e7..000000000000
--- a/crypto/heimdal/lib/roken/resolve-test.c
+++ /dev/null
@@ -1,179 +0,0 @@
-/*
- * Copyright (c) 1995 - 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-#include "getarg.h"
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#ifdef HAVE_RESOLV_H
-#include <resolv.h>
-#endif
-#include "resolve.h"
-
-RCSID("$Id: resolve-test.c 15415 2005-06-16 16:58:45Z lha $");
-
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    {"version",	0,	arg_flag,	&version_flag,
-     "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,
-     NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "dns-record resource-record-type");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    struct dns_reply *r;
-    struct resource_record *rr;
-    int optidx = 0;
-
-    setprogname (argv[0]);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	printf("some version\n");
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    if (argc != 2)
-	usage(1);
-
-    r = dns_lookup(argv[0], argv[1]);
-    if(r == NULL){
-	printf("No reply.\n");
-	return 1;
-    }
-    if(r->q.type == rk_ns_t_srv)
-	dns_srv_order(r);
-
-    for(rr = r->head; rr;rr=rr->next){
-	printf("%-30s %-5s %-6d ", rr->domain, dns_type_to_string(rr->type), rr->ttl);
-	switch(rr->type){
-	case rk_ns_t_ns:
-	case rk_ns_t_cname:
-	case rk_ns_t_ptr:
-	    printf("%s\n", (char*)rr->u.data);
-	    break;
-	case rk_ns_t_a:
-	    printf("%s\n", inet_ntoa(*rr->u.a));
-	    break;
-	case rk_ns_t_mx:
-	case rk_ns_t_afsdb:{
-	    printf("%d %s\n", rr->u.mx->preference, rr->u.mx->domain);
-	    break;
-	}
-	case rk_ns_t_srv:{
-	    struct srv_record *srv = rr->u.srv;
-	    printf("%d %d %d %s\n", srv->priority, srv->weight, 
-		   srv->port, srv->target);
-	    break;
-	}
-	case rk_ns_t_txt: {
-	    printf("%s\n", rr->u.txt);
-	    break;
-	}
-	case rk_ns_t_sig : {
-	    struct sig_record *sig = rr->u.sig;
-	    const char *type_string = dns_type_to_string (sig->type);
-
-	    printf ("type %u (%s), algorithm %u, labels %u, orig_ttl %u, sig_expiration %u, sig_inception %u, key_tag %u, signer %s\n",
-		    sig->type, type_string ? type_string : "",
-		    sig->algorithm, sig->labels, sig->orig_ttl,
-		    sig->sig_expiration, sig->sig_inception, sig->key_tag,
-		    sig->signer);
-	    break;
-	}
-	case rk_ns_t_key : {
-	    struct key_record *key = rr->u.key;
-
-	    printf ("flags %u, protocol %u, algorithm %u\n",
-		    key->flags, key->protocol, key->algorithm);
-	    break;
-	}
-	case rk_ns_t_sshfp : {
-	    struct sshfp_record *sshfp = rr->u.sshfp;
-	    int i;
-
-	    printf ("alg %u type %u length %lu data ", sshfp->algorithm, 
-		    sshfp->type,  (unsigned long)sshfp->sshfp_len);
-	    for (i = 0; i < sshfp->sshfp_len; i++)
-		printf("%02X", sshfp->sshfp_data[i]);
-	    printf("\n");
-
-	    break;
-	}
-	case rk_ns_t_ds : {
-	    struct ds_record *ds = rr->u.ds;
-	    int i;
-
-	    printf ("key tag %u alg %u type %u length %u data ",
-		    ds->key_tag, ds->algorithm, ds->digest_type, 
-		    ds->digest_len);
-	    for (i = 0; i < ds->digest_len; i++)
-		printf("%02X", ds->digest_data[i]);
-	    printf("\n");
-
-	    break;
-	}
-	default:
-	    printf("\n");
-	    break;
-	}
-    }
-    
-    return 0;
-}
diff --git a/crypto/heimdal/lib/roken/resolve.c b/crypto/heimdal/lib/roken/resolve.c
deleted file mode 100644
index 8f8fec7657e4..000000000000
--- a/crypto/heimdal/lib/roken/resolve.c
+++ /dev/null
@@ -1,711 +0,0 @@
-/*
- * Copyright (c) 1995 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#ifdef HAVE_RESOLV_H
-#include <resolv.h>
-#endif
-#include "resolve.h"
-
-#include <assert.h>
-
-RCSID("$Id: resolve.c 19869 2007-01-12 16:03:14Z lha $");
-
-#ifdef _AIX /* AIX have broken res_nsearch() in 5.1 (5.0 also ?) */
-#undef HAVE_RES_NSEARCH
-#endif
-
-#define DECL(X) {#X, rk_ns_t_##X}
-
-static struct stot{
-    const char *name;
-    int type;
-}stot[] = {
-    DECL(a),
-    DECL(aaaa),
-    DECL(ns),
-    DECL(cname),
-    DECL(soa),
-    DECL(ptr),
-    DECL(mx),
-    DECL(txt),
-    DECL(afsdb),
-    DECL(sig),
-    DECL(key),
-    DECL(srv),
-    DECL(naptr),
-    DECL(sshfp),
-    DECL(ds),
-    {NULL, 	0}
-};
-
-int _resolve_debug = 0;
-
-int ROKEN_LIB_FUNCTION
-dns_string_to_type(const char *name)
-{
-    struct stot *p = stot;
-    for(p = stot; p->name; p++)
-	if(strcasecmp(name, p->name) == 0)
-	    return p->type;
-    return -1;
-}
-
-const char * ROKEN_LIB_FUNCTION
-dns_type_to_string(int type)
-{
-    struct stot *p = stot;
-    for(p = stot; p->name; p++)
-	if(type == p->type)
-	    return p->name;
-    return NULL;
-}
-
-#if (defined(HAVE_RES_SEARCH) || defined(HAVE_RES_NSEARCH)) && defined(HAVE_DN_EXPAND)
-
-static void
-dns_free_rr(struct resource_record *rr)
-{
-    if(rr->domain)
-	free(rr->domain);
-    if(rr->u.data)
-	free(rr->u.data);
-    free(rr);
-}
-
-void ROKEN_LIB_FUNCTION
-dns_free_data(struct dns_reply *r)
-{
-    struct resource_record *rr;
-    if(r->q.domain)
-	free(r->q.domain);
-    for(rr = r->head; rr;){
-	struct resource_record *tmp = rr;
-	rr = rr->next;
-	dns_free_rr(tmp);
-    }
-    free (r);
-}
-
-static int
-parse_record(const unsigned char *data, const unsigned char *end_data, 
-	     const unsigned char **pp, struct resource_record **ret_rr)
-{
-    struct resource_record *rr;
-    int type, class, ttl, size;
-    int status;
-    char host[MAXDNAME];
-    const unsigned char *p = *pp;
-
-    *ret_rr = NULL;
-
-    status = dn_expand(data, end_data, p, host, sizeof(host));
-    if(status < 0) 
-	return -1;
-    if (p + status + 10 > end_data)
-	return -1;
-
-    p += status;
-    type = (p[0] << 8) | p[1];
-    p += 2;
-    class = (p[0] << 8) | p[1];
-    p += 2;
-    ttl = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
-    p += 4;
-    size = (p[0] << 8) | p[1];
-    p += 2;
-
-    if (p + size > end_data)
-	return -1;
-
-    rr = calloc(1, sizeof(*rr));
-    if(rr == NULL) 
-	return -1;
-    rr->domain = strdup(host);
-    if(rr->domain == NULL) {
-	dns_free_rr(rr);
-	return -1;
-    }
-    rr->type = type;
-    rr->class = class;
-    rr->ttl = ttl;
-    rr->size = size;
-    switch(type){
-    case rk_ns_t_ns:
-    case rk_ns_t_cname:
-    case rk_ns_t_ptr:
-	status = dn_expand(data, end_data, p, host, sizeof(host));
-	if(status < 0) {
-	    dns_free_rr(rr);
-	    return -1;
-	}
-	rr->u.txt = strdup(host);
-	if(rr->u.txt == NULL) {
-	    dns_free_rr(rr);
-	    return -1;
-	}
-	break;
-    case rk_ns_t_mx:
-    case rk_ns_t_afsdb:{
-	size_t hostlen;
-
-	status = dn_expand(data, end_data, p + 2, host, sizeof(host));
-	if(status < 0){
-	    dns_free_rr(rr);
-	    return -1;
-	}
-	if (status + 2 > size) {
-	    dns_free_rr(rr);
-	    return -1;
-	}
-
-	hostlen = strlen(host);
-	rr->u.mx = (struct mx_record*)malloc(sizeof(struct mx_record) + 
-						hostlen);
-	if(rr->u.mx == NULL) {
-	    dns_free_rr(rr);
-	    return -1;
-	}
-	rr->u.mx->preference = (p[0] << 8) | p[1];
-	strlcpy(rr->u.mx->domain, host, hostlen + 1);
-	break;
-    }
-    case rk_ns_t_srv:{
-	size_t hostlen;
-	status = dn_expand(data, end_data, p + 6, host, sizeof(host));
-	if(status < 0){
-	    dns_free_rr(rr);
-	    return -1;
-	}
-	if (status + 6 > size) {
-	    dns_free_rr(rr);
-	    return -1;
-	}
-
-	hostlen = strlen(host);
-	rr->u.srv = 
-	    (struct srv_record*)malloc(sizeof(struct srv_record) + 
-				       hostlen);
-	if(rr->u.srv == NULL) {
-	    dns_free_rr(rr);
-	    return -1;
-	}
-	rr->u.srv->priority = (p[0] << 8) | p[1];
-	rr->u.srv->weight = (p[2] << 8) | p[3];
-	rr->u.srv->port = (p[4] << 8) | p[5];
-	strlcpy(rr->u.srv->target, host, hostlen + 1);
-	break;
-    }
-    case rk_ns_t_txt:{
-	if(size == 0 || size < *p + 1) {
-	    dns_free_rr(rr);
-	    return -1;
-	}
-	rr->u.txt = (char*)malloc(*p + 1);
-	if(rr->u.txt == NULL) {
-	    dns_free_rr(rr);
-	    return -1;
-	}
-	strncpy(rr->u.txt, (const char*)(p + 1), *p);
-	rr->u.txt[*p] = '\0';
-	break;
-    }
-    case rk_ns_t_key : {
-	size_t key_len;
-
-	if (size < 4) {
-	    dns_free_rr(rr);
-	    return -1;
-	}
-
-	key_len = size - 4;
-	rr->u.key = malloc (sizeof(*rr->u.key) + key_len - 1);
-	if (rr->u.key == NULL) {
-	    dns_free_rr(rr);
-	    return -1;
-	}
-
-	rr->u.key->flags     = (p[0] << 8) | p[1];
-	rr->u.key->protocol  = p[2];
-	rr->u.key->algorithm = p[3];
-	rr->u.key->key_len   = key_len;
-	memcpy (rr->u.key->key_data, p + 4, key_len);
-	break;
-    }
-    case rk_ns_t_sig : {
-	size_t sig_len, hostlen;
-
-	if(size <= 18) {
-	    dns_free_rr(rr);
-	    return -1;
-	}
-	status = dn_expand (data, end_data, p + 18, host, sizeof(host));
-	if (status < 0) {
-	    dns_free_rr(rr);
-	    return -1;
-	}
-	if (status + 18 > size) {
-	    dns_free_rr(rr);
-	    return -1;
-	}
-
-	/* the signer name is placed after the sig_data, to make it
-           easy to free this structure; the size calculation below
-           includes the zero-termination if the structure itself.
-	   don't you just love C?
-	*/
-	sig_len = size - 18 - status;
-	hostlen = strlen(host);
-	rr->u.sig = malloc(sizeof(*rr->u.sig)
-			      + hostlen + sig_len);
-	if (rr->u.sig == NULL) {
-	    dns_free_rr(rr);
-	    return -1;
-	}
-	rr->u.sig->type           = (p[0] << 8) | p[1];
-	rr->u.sig->algorithm      = p[2];
-	rr->u.sig->labels         = p[3];
-	rr->u.sig->orig_ttl       = (p[4] << 24) | (p[5] << 16)
-	    | (p[6] << 8) | p[7];
-	rr->u.sig->sig_expiration = (p[8] << 24) | (p[9] << 16)
-	    | (p[10] << 8) | p[11];
-	rr->u.sig->sig_inception  = (p[12] << 24) | (p[13] << 16)
-	    | (p[14] << 8) | p[15];
-	rr->u.sig->key_tag        = (p[16] << 8) | p[17];
-	rr->u.sig->sig_len        = sig_len;
-	memcpy (rr->u.sig->sig_data, p + 18 + status, sig_len);
-	rr->u.sig->signer         = &rr->u.sig->sig_data[sig_len];
-	strlcpy(rr->u.sig->signer, host, hostlen + 1);
-	break;
-    }
-
-    case rk_ns_t_cert : {
-	size_t cert_len;
-
-	if (size < 5) {
-	    dns_free_rr(rr);
-	    return -1;
-	}
-
-	cert_len = size - 5;
-	rr->u.cert = malloc (sizeof(*rr->u.cert) + cert_len - 1);
-	if (rr->u.cert == NULL) {
-	    dns_free_rr(rr);
-	    return -1;
-	}
-
-	rr->u.cert->type      = (p[0] << 8) | p[1];
-	rr->u.cert->tag       = (p[2] << 8) | p[3];
-	rr->u.cert->algorithm = p[4];
-	rr->u.cert->cert_len  = cert_len;
-	memcpy (rr->u.cert->cert_data, p + 5, cert_len);
-	break;
-    }
-    case rk_ns_t_sshfp : {
-	size_t sshfp_len;
-
-	if (size < 2) {
-	    dns_free_rr(rr);
-	    return -1;
-	}
-
-	sshfp_len = size - 2;
-
-	rr->u.sshfp = malloc (sizeof(*rr->u.sshfp) + sshfp_len - 1);
-	if (rr->u.sshfp == NULL) {
-	    dns_free_rr(rr);
-	    return -1;
-	}
-
-	rr->u.sshfp->algorithm = p[0];
-	rr->u.sshfp->type      = p[1];
-	rr->u.sshfp->sshfp_len  = sshfp_len;
-	memcpy (rr->u.sshfp->sshfp_data, p + 2, sshfp_len);
-	break;
-    }
-    case rk_ns_t_ds: {
-	size_t digest_len;
-
-	if (size < 4) {
-	    dns_free_rr(rr);
-	    return -1;
-	}
-
-	digest_len = size - 4;
-
-	rr->u.ds = malloc (sizeof(*rr->u.ds) + digest_len - 1);
-	if (rr->u.ds == NULL) {
-	    dns_free_rr(rr);
-	    return -1;
-	}
-
-	rr->u.ds->key_tag     = (p[0] << 8) | p[1];
-	rr->u.ds->algorithm   = p[2];
-	rr->u.ds->digest_type = p[3];
-	rr->u.ds->digest_len  = digest_len;
-	memcpy (rr->u.ds->digest_data, p + 4, digest_len);
-	break;
-    }
-    default:
-	rr->u.data = (unsigned char*)malloc(size);
-	if(size != 0 && rr->u.data == NULL) {
-	    dns_free_rr(rr);
-	    return -1;
-	}
-	if (size)
-	    memcpy(rr->u.data, p, size);
-    }
-    *pp = p + size;
-    *ret_rr = rr;
-
-    return 0;
-}
-
-#ifndef TEST_RESOLVE
-static
-#endif
-struct dns_reply*
-parse_reply(const unsigned char *data, size_t len)
-{
-    const unsigned char *p;
-    int status;
-    int i;
-    char host[MAXDNAME];
-    const unsigned char *end_data = data + len;
-    struct dns_reply *r;
-    struct resource_record **rr;
-    
-    r = calloc(1, sizeof(*r));
-    if (r == NULL)
-	return NULL;
-
-    p = data;
-
-    r->h.id = (p[0] << 8) | p[1];
-    r->h.flags = 0;
-    if (p[2] & 0x01)
-	r->h.flags |= rk_DNS_HEADER_RESPONSE_FLAG;
-    r->h.opcode = (p[2] >> 1) & 0xf;
-    if (p[2] & 0x20)
-	r->h.flags |= rk_DNS_HEADER_AUTHORITIVE_ANSWER;
-    if (p[2] & 0x40)
-	r->h.flags |= rk_DNS_HEADER_TRUNCATED_MESSAGE;
-    if (p[2] & 0x80)
-	r->h.flags |= rk_DNS_HEADER_RECURSION_DESIRED;
-    if (p[3] & 0x01)
-	r->h.flags |= rk_DNS_HEADER_RECURSION_AVAILABLE;
-    if (p[3] & 0x04)
-	r->h.flags |= rk_DNS_HEADER_AUTHORITIVE_ANSWER;
-    if (p[3] & 0x08)
-	r->h.flags |= rk_DNS_HEADER_CHECKING_DISABLED;
-    r->h.response_code = (p[3] >> 4) & 0xf;
-    r->h.qdcount = (p[4] << 8) | p[5];
-    r->h.ancount = (p[6] << 8) | p[7];
-    r->h.nscount = (p[8] << 8) | p[9];
-    r->h.arcount = (p[10] << 8) | p[11];
-
-    p += 12;
-
-    if(r->h.qdcount != 1) {
-	free(r);
-	return NULL;
-    }
-    status = dn_expand(data, end_data, p, host, sizeof(host));
-    if(status < 0){
-	dns_free_data(r);
-	return NULL;
-    }
-    r->q.domain = strdup(host);
-    if(r->q.domain == NULL) {
-	dns_free_data(r);
-	return NULL;
-    }
-    if (p + status + 4 > end_data) {
-	dns_free_data(r);
-	return NULL;
-    }
-    p += status;
-    r->q.type = (p[0] << 8 | p[1]);
-    p += 2;
-    r->q.class = (p[0] << 8 | p[1]);
-    p += 2;
-    
-    rr = &r->head;
-    for(i = 0; i < r->h.ancount; i++) {
-	if(parse_record(data, end_data, &p, rr) != 0) {
-	    dns_free_data(r);
-	    return NULL;
-	}
-	rr = &(*rr)->next;
-    }
-    for(i = 0; i < r->h.nscount; i++) {
-	if(parse_record(data, end_data, &p, rr) != 0) {
-	    dns_free_data(r);
-	    return NULL;
-	}
-	rr = &(*rr)->next;
-    }
-    for(i = 0; i < r->h.arcount; i++) {
-	if(parse_record(data, end_data, &p, rr) != 0) {
-	    dns_free_data(r);
-	    return NULL;
-	}
-	rr = &(*rr)->next;
-    }
-    *rr = NULL;
-    return r;
-}
-
-#ifdef HAVE_RES_NSEARCH
-#ifdef HAVE_RES_NDESTROY
-#define rk_res_free(x) res_ndestroy(x)
-#else
-#define rk_res_free(x) res_nclose(x)
-#endif
-#endif
-
-static struct dns_reply *
-dns_lookup_int(const char *domain, int rr_class, int rr_type)
-{
-    struct dns_reply *r;
-    unsigned char *reply = NULL;
-    int size;
-    int len;
-#ifdef HAVE_RES_NSEARCH
-    struct __res_state state;
-    memset(&state, 0, sizeof(state));
-    if(res_ninit(&state))
-	return NULL; /* is this the best we can do? */
-#elif defined(HAVE__RES)
-    u_long old_options = 0;
-#endif
-    
-    size = 0;
-    len = 1000;
-    do {
-	if (reply) {
-	    free(reply);
-	    reply = NULL;
-	}
-	if (size <= len)
-	    size = len;
-	if (_resolve_debug) {
-#ifdef HAVE_RES_NSEARCH
-	    state.options |= RES_DEBUG;
-#elif defined(HAVE__RES)
-	    old_options = _res.options;
-	    _res.options |= RES_DEBUG;
-#endif
-	    fprintf(stderr, "dns_lookup(%s, %d, %s), buffer size %d\n", domain,
-		    rr_class, dns_type_to_string(rr_type), size);
-	}
-	reply = malloc(size);
-	if (reply == NULL) {
-#ifdef HAVE_RES_NSEARCH
-	    rk_res_free(&state);
-#endif
-	    return NULL;
-	}
-#ifdef HAVE_RES_NSEARCH
-	len = res_nsearch(&state, domain, rr_class, rr_type, reply, size);
-#else
-	len = res_search(domain, rr_class, rr_type, reply, size);
-#endif
-	if (_resolve_debug) {
-#if defined(HAVE__RES) && !defined(HAVE_RES_NSEARCH)
-	    _res.options = old_options;
-#endif
-	    fprintf(stderr, "dns_lookup(%s, %d, %s) --> %d\n",
-		    domain, rr_class, dns_type_to_string(rr_type), len);
-	}
-	if (len < 0) {
-#ifdef HAVE_RES_NSEARCH
-	    rk_res_free(&state);
-#endif
-	    free(reply);
-	    return NULL;
-	}
-    } while (size < len && len < rk_DNS_MAX_PACKET_SIZE);
-#ifdef HAVE_RES_NSEARCH
-    rk_res_free(&state);
-#endif
-
-    len = min(len, size);
-    r = parse_reply(reply, len);
-    free(reply);
-    return r;
-}
-
-struct dns_reply * ROKEN_LIB_FUNCTION
-dns_lookup(const char *domain, const char *type_name)
-{
-    int type;
-    
-    type = dns_string_to_type(type_name);
-    if(type == -1) {
-	if(_resolve_debug)
-	    fprintf(stderr, "dns_lookup: unknown resource type: `%s'\n", 
-		    type_name);
-	return NULL;
-    }
-    return dns_lookup_int(domain, C_IN, type);
-}
-
-static int
-compare_srv(const void *a, const void *b)
-{
-    const struct resource_record *const* aa = a, *const* bb = b;
-
-    if((*aa)->u.srv->priority == (*bb)->u.srv->priority)
-	return ((*aa)->u.srv->weight - (*bb)->u.srv->weight);
-    return ((*aa)->u.srv->priority - (*bb)->u.srv->priority);
-}
-
-#ifndef HAVE_RANDOM
-#define random() rand()
-#endif
-
-/* try to rearrange the srv-records by the algorithm in RFC2782 */
-void ROKEN_LIB_FUNCTION
-dns_srv_order(struct dns_reply *r)
-{
-    struct resource_record **srvs, **ss, **headp;
-    struct resource_record *rr;
-    int num_srv = 0;
-
-#if defined(HAVE_INITSTATE) && defined(HAVE_SETSTATE)
-    int state[256 / sizeof(int)];
-    char *oldstate;
-#endif
-
-    for(rr = r->head; rr; rr = rr->next) 
-	if(rr->type == rk_ns_t_srv)
-	    num_srv++;
-
-    if(num_srv == 0)
-	return;
-
-    srvs = malloc(num_srv * sizeof(*srvs));
-    if(srvs == NULL)
-	return; /* XXX not much to do here */
-    
-    /* unlink all srv-records from the linked list and put them in
-       a vector */
-    for(ss = srvs, headp = &r->head; *headp; )
-	if((*headp)->type == rk_ns_t_srv) {
-	    *ss = *headp;
-	    *headp = (*headp)->next;
-	    (*ss)->next = NULL;
-	    ss++;
-	} else
-	    headp = &(*headp)->next;
-    
-    /* sort them by priority and weight */
-    qsort(srvs, num_srv, sizeof(*srvs), compare_srv);
-
-#if defined(HAVE_INITSTATE) && defined(HAVE_SETSTATE)
-    oldstate = initstate(time(NULL), (char*)state, sizeof(state));
-#endif
-
-    headp = &r->head;
-    
-    for(ss = srvs; ss < srvs + num_srv; ) {
-	int sum, rnd, count;
-	struct resource_record **ee, **tt;
-	/* find the last record with the same priority and count the
-           sum of all weights */
-	for(sum = 0, tt = ss; tt < srvs + num_srv; tt++) {
-	    assert(*tt != NULL);
-	    if((*tt)->u.srv->priority != (*ss)->u.srv->priority)
-		break;
-	    sum += (*tt)->u.srv->weight;
-	}
-	ee = tt;
-	/* ss is now the first record of this priority and ee is the
-           first of the next */
-	while(ss < ee) {
-	    rnd = random() % (sum + 1);
-	    for(count = 0, tt = ss; ; tt++) {
-		if(*tt == NULL)
-		    continue;
-		count += (*tt)->u.srv->weight;
-		if(count >= rnd)
-		    break;
-	    }
-
-	    assert(tt < ee);
-
-	    /* insert the selected record at the tail (of the head) of
-               the list */
-	    (*tt)->next = *headp;
-	    *headp = *tt;
-	    headp = &(*tt)->next;
-	    sum -= (*tt)->u.srv->weight;
-	    *tt = NULL;
-	    while(ss < ee && *ss == NULL)
-		ss++;
-	}
-    }
-    
-#if defined(HAVE_INITSTATE) && defined(HAVE_SETSTATE)
-    setstate(oldstate);
-#endif
-    free(srvs);
-    return;
-}
-
-#else /* NOT defined(HAVE_RES_SEARCH) && defined(HAVE_DN_EXPAND) */
-
-struct dns_reply * ROKEN_LIB_FUNCTION
-dns_lookup(const char *domain, const char *type_name)
-{
-    return NULL;
-}
-
-void ROKEN_LIB_FUNCTION
-dns_free_data(struct dns_reply *r)
-{
-}
-
-void ROKEN_LIB_FUNCTION
-dns_srv_order(struct dns_reply *r)
-{
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/resolve.h b/crypto/heimdal/lib/roken/resolve.h
deleted file mode 100644
index fe83115b1ec2..000000000000
--- a/crypto/heimdal/lib/roken/resolve.h
+++ /dev/null
@@ -1,298 +0,0 @@
-/*
- * Copyright (c) 1995 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: resolve.h 14773 2005-04-12 11:29:18Z lha $ */
-
-#ifndef __RESOLVE_H__
-#define __RESOLVE_H__
-
-#ifndef ROKEN_LIB_FUNCTION
-#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
-#else
-#define ROKEN_LIB_FUNCTION
-#endif
-#endif
-
-typedef enum {
-	rk_ns_t_invalid = 0,	/* Cookie. */
-	rk_ns_t_a = 1,		/* Host address. */
-	rk_ns_t_ns = 2,		/* Authoritative server. */
-	rk_ns_t_md = 3,		/* Mail destination. */
-	rk_ns_t_mf = 4,		/* Mail forwarder. */
-	rk_ns_t_cname = 5,	/* Canonical name. */
-	rk_ns_t_soa = 6,	/* Start of authority zone. */
-	rk_ns_t_mb = 7,		/* Mailbox domain name. */
-	rk_ns_t_mg = 8,		/* Mail group member. */
-	rk_ns_t_mr = 9,		/* Mail rename name. */
-	rk_ns_t_null = 10,	/* Null resource record. */
-	rk_ns_t_wks = 11,	/* Well known service. */
-	rk_ns_t_ptr = 12,	/* Domain name pointer. */
-	rk_ns_t_hinfo = 13,	/* Host information. */
-	rk_ns_t_minfo = 14,	/* Mailbox information. */
-	rk_ns_t_mx = 15,	/* Mail routing information. */
-	rk_ns_t_txt = 16,	/* Text strings. */
-	rk_ns_t_rp = 17,	/* Responsible person. */
-	rk_ns_t_afsdb = 18,	/* AFS cell database. */
-	rk_ns_t_x25 = 19,	/* X_25 calling address. */
-	rk_ns_t_isdn = 20,	/* ISDN calling address. */
-	rk_ns_t_rt = 21,	/* Router. */
-	rk_ns_t_nsap = 22,	/* NSAP address. */
-	rk_ns_t_nsap_ptr = 23,	/* Reverse NSAP lookup (deprecated). */
-	rk_ns_t_sig = 24,	/* Security signature. */
-	rk_ns_t_key = 25,	/* Security key. */
-	rk_ns_t_px = 26,	/* X.400 mail mapping. */
-	rk_ns_t_gpos = 27,	/* Geographical position (withdrawn). */
-	rk_ns_t_aaaa = 28,	/* Ip6 Address. */
-	rk_ns_t_loc = 29,	/* Location Information. */
-	rk_ns_t_nxt = 30,	/* Next domain (security). */
-	rk_ns_t_eid = 31,	/* Endpoint identifier. */
-	rk_ns_t_nimloc = 32,	/* Nimrod Locator. */
-	rk_ns_t_srv = 33,	/* Server Selection. */
-	rk_ns_t_atma = 34,	/* ATM Address */
-	rk_ns_t_naptr = 35,	/* Naming Authority PoinTeR */
-	rk_ns_t_kx = 36,	/* Key Exchange */
-	rk_ns_t_cert = 37,	/* Certification record */
-	rk_ns_t_a6 = 38,	/* IPv6 address (deprecates AAAA) */
-	rk_ns_t_dname = 39,	/* Non-terminal DNAME (for IPv6) */
-	rk_ns_t_sink = 40,	/* Kitchen sink (experimentatl) */
-	rk_ns_t_opt = 41,	/* EDNS0 option (meta-RR) */
-	rk_ns_t_apl = 42,	/* Address prefix list (RFC 3123) */
-	rk_ns_t_ds = 43,	/* Delegation Signer (RFC 3658) */
-	rk_ns_t_sshfp = 44,	/* SSH fingerprint */
-	rk_ns_t_tkey = 249,	/* Transaction key */
-	rk_ns_t_tsig = 250,	/* Transaction signature. */
-	rk_ns_t_ixfr = 251,	/* Incremental zone transfer. */
-	rk_ns_t_axfr = 252,	/* Transfer zone of authority. */
-	rk_ns_t_mailb = 253,	/* Transfer mailbox records. */
-	rk_ns_t_maila = 254,	/* Transfer mail agent records. */
-	rk_ns_t_any = 255,	/* Wildcard match. */
-	rk_ns_t_zxfr = 256,	/* BIND-specific, nonstandard. */
-	rk_ns_t_max = 65536
-} rk_ns_type;
-
-/* We use these, but they are not always present in <arpa/nameser.h> */
-
-#ifndef C_IN
-#define C_IN		1
-#endif
-
-#ifndef T_A
-#define T_A		1
-#endif
-#ifndef T_NS
-#define T_NS		2
-#endif
-#ifndef T_CNAME
-#define T_CNAME		5
-#endif
-#ifndef T_SOA
-#define T_SOA		5
-#endif
-#ifndef T_PTR
-#define T_PTR		12
-#endif
-#ifndef T_MX
-#define T_MX		15
-#endif
-#ifndef T_TXT
-#define T_TXT		16
-#endif
-#ifndef T_AFSDB
-#define T_AFSDB		18
-#endif
-#ifndef T_SIG
-#define T_SIG		24
-#endif
-#ifndef T_KEY
-#define T_KEY		25
-#endif
-#ifndef T_AAAA
-#define T_AAAA		28
-#endif
-#ifndef T_SRV
-#define T_SRV		33
-#endif
-#ifndef T_NAPTR
-#define T_NAPTR		35
-#endif
-#ifndef T_CERT
-#define T_CERT		37
-#endif
-#ifndef T_SSHFP
-#define T_SSHFP		44
-#endif
-
-#ifndef MAXDNAME
-#define MAXDNAME	1025
-#endif
-
-#define dns_query		rk_dns_query
-#define mx_record		rk_mx_record
-#define srv_record		rk_srv_record
-#define key_record		rk_key_record
-#define sig_record		rk_sig_record
-#define cert_record		rk_cert_record
-#define sshfp_record		rk_sshfp_record
-#define resource_record		rk_resource_record
-#define dns_reply		rk_dns_reply
-
-#define dns_lookup		rk_dns_lookup
-#define dns_free_data		rk_dns_free_data
-#define dns_string_to_type	rk_dns_string_to_type
-#define dns_type_to_string	rk_dns_type_to_string
-#define dns_srv_order		rk_dns_srv_order
-
-struct dns_query{
-    char *domain;
-    unsigned type;
-    unsigned class;
-};
-
-struct mx_record{
-    unsigned  preference;
-    char domain[1];
-};
-
-struct srv_record{
-    unsigned priority;
-    unsigned weight;
-    unsigned port;
-    char target[1];
-};
-
-struct key_record {
-    unsigned flags;
-    unsigned protocol;
-    unsigned algorithm;
-    size_t   key_len;
-    u_char   key_data[1];
-};
-
-struct sig_record {
-    unsigned type;
-    unsigned algorithm;
-    unsigned labels;
-    unsigned orig_ttl;
-    unsigned sig_expiration;
-    unsigned sig_inception;
-    unsigned key_tag;
-    char     *signer;
-    unsigned sig_len;
-    char     sig_data[1];	/* also includes signer */
-};
-
-struct cert_record {
-    unsigned type;
-    unsigned tag;
-    unsigned algorithm;
-    size_t   cert_len;
-    u_char   cert_data[1];
-};
-
-struct sshfp_record {
-    unsigned algorithm;
-    unsigned type;
-    size_t   sshfp_len;
-    u_char   sshfp_data[1];
-};
-
-struct ds_record {
-    unsigned key_tag;
-    unsigned algorithm;
-    unsigned digest_type;
-    unsigned digest_len;
-    u_char digest_data[1];
-};
-
-struct resource_record{
-    char *domain;
-    unsigned type;
-    unsigned class;
-    unsigned ttl;
-    unsigned size;
-    union {
-	void *data;
-	struct mx_record *mx;
-	struct mx_record *afsdb; /* mx and afsdb are identical */
-	struct srv_record *srv;
-	struct in_addr *a;
-	char *txt;
-	struct key_record *key;
-	struct cert_record *cert;
-	struct sig_record *sig;
-	struct sshfp_record *sshfp;
-	struct ds_record *ds;
-    }u;
-    struct resource_record *next;
-};
-
-#define rk_DNS_MAX_PACKET_SIZE		0xffff
-
-struct dns_header {
-    unsigned id;
-    unsigned flags;
-#define rk_DNS_HEADER_RESPONSE_FLAG		1
-#define rk_DNS_HEADER_AUTHORITIVE_ANSWER	2
-#define rk_DNS_HEADER_TRUNCATED_MESSAGE		4
-#define rk_DNS_HEADER_RECURSION_DESIRED		8
-#define rk_DNS_HEADER_RECURSION_AVAILABLE	16
-#define rk_DNS_HEADER_AUTHENTIC_DATA		32
-#define rk_DNS_HEADER_CHECKING_DISABLED		64
-    unsigned opcode;
-    unsigned response_code;
-    unsigned qdcount;
-    unsigned ancount;
-    unsigned nscount;
-    unsigned arcount;
-};
-
-struct dns_reply{
-    struct dns_header h;
-    struct dns_query q;
-    struct resource_record *head;
-};
-
-
-struct dns_reply* ROKEN_LIB_FUNCTION
-	dns_lookup(const char *, const char *);
-void ROKEN_LIB_FUNCTION
-	dns_free_data(struct dns_reply *);
-int ROKEN_LIB_FUNCTION
-	dns_string_to_type(const char *name);
-const char *ROKEN_LIB_FUNCTION
-	dns_type_to_string(int type);
-void ROKEN_LIB_FUNCTION
-	dns_srv_order(struct dns_reply*);
-
-#endif /* __RESOLVE_H__ */
diff --git a/crypto/heimdal/lib/roken/resource.h b/crypto/heimdal/lib/roken/resource.h
deleted file mode 100644
index 01cd01d76c8c..000000000000
--- a/crypto/heimdal/lib/roken/resource.h
+++ /dev/null
@@ -1,15 +0,0 @@
-//{{NO_DEPENDENCIES}}
-// Microsoft Developer Studio generated include file.
-// Used by roken.rc
-//
-
-// Next default values for new objects
-// 
-#ifdef APSTUDIO_INVOKED
-#ifndef APSTUDIO_READONLY_SYMBOLS
-#define _APS_NEXT_RESOURCE_VALUE        101
-#define _APS_NEXT_COMMAND_VALUE         40001
-#define _APS_NEXT_CONTROL_VALUE         1000
-#define _APS_NEXT_SYMED_VALUE           101
-#endif
-#endif
diff --git a/crypto/heimdal/lib/roken/roken-common.h b/crypto/heimdal/lib/roken/roken-common.h
deleted file mode 100644
index b835e880a249..000000000000
--- a/crypto/heimdal/lib/roken/roken-common.h
+++ /dev/null
@@ -1,405 +0,0 @@
-/*
- * Copyright (c) 1995 - 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: roken-common.h 20867 2007-06-03 21:00:45Z lha $ */
-
-#ifndef __ROKEN_COMMON_H__
-#define __ROKEN_COMMON_H__
-
-#ifndef ROKEN_LIB_FUNCTION
-#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
-#else
-#define ROKEN_LIB_FUNCTION
-#endif
-#endif
-
-#ifdef __cplusplus
-#define ROKEN_CPP_START	extern "C" {
-#define ROKEN_CPP_END	}
-#else
-#define ROKEN_CPP_START
-#define ROKEN_CPP_END
-#endif
-
-#ifndef INADDR_NONE
-#define INADDR_NONE 0xffffffff
-#endif
-
-#ifndef INADDR_LOOPBACK
-#define INADDR_LOOPBACK 0x7f000001
-#endif
-
-#ifndef SOMAXCONN
-#define SOMAXCONN 5
-#endif
-
-#ifndef STDIN_FILENO
-#define STDIN_FILENO 0
-#endif
-
-#ifndef STDOUT_FILENO
-#define STDOUT_FILENO 1
-#endif
-
-#ifndef STDERR_FILENO
-#define STDERR_FILENO 2
-#endif
-
-#ifndef max
-#define max(a,b) (((a)>(b))?(a):(b))
-#endif
-
-#ifndef min
-#define min(a,b) (((a)<(b))?(a):(b))
-#endif
-
-#ifndef TRUE
-#define TRUE 1
-#endif
-
-#ifndef FALSE
-#define FALSE 0
-#endif
-
-#ifndef LOG_DAEMON
-#define openlog(id,option,facility) openlog((id),(option))
-#define	LOG_DAEMON	0
-#endif
-#ifndef LOG_ODELAY
-#define LOG_ODELAY 0
-#endif
-#ifndef LOG_NDELAY
-#define LOG_NDELAY 0x08
-#endif
-#ifndef LOG_CONS
-#define LOG_CONS 0
-#endif
-#ifndef LOG_AUTH
-#define LOG_AUTH 0
-#endif
-#ifndef LOG_AUTHPRIV
-#define LOG_AUTHPRIV LOG_AUTH
-#endif
-
-#ifndef F_OK
-#define F_OK 0
-#endif
-
-#ifndef O_ACCMODE
-#define O_ACCMODE	003
-#endif
-
-#ifndef _PATH_DEV
-#define _PATH_DEV "/dev/"
-#endif
-
-#ifndef _PATH_DEVNULL
-#define _PATH_DEVNULL "/dev/null"
-#endif
-
-#ifndef _PATH_HEQUIV
-#define _PATH_HEQUIV "/etc/hosts.equiv"
-#endif
-
-#ifndef _PATH_VARRUN
-#define _PATH_VARRUN "/var/run/"
-#endif
-
-#ifndef _PATH_BSHELL
-#define _PATH_BSHELL "/bin/sh"
-#endif
-
-#ifndef MAXPATHLEN
-#define MAXPATHLEN (1024+4)
-#endif
-
-#ifndef SIG_ERR
-#define SIG_ERR ((RETSIGTYPE (*)(int))-1)
-#endif
-
-/*
- * error code for getipnodeby{name,addr}
- */
-
-#ifndef HOST_NOT_FOUND
-#define HOST_NOT_FOUND 1
-#endif
-
-#ifndef TRY_AGAIN
-#define TRY_AGAIN 2
-#endif
-
-#ifndef NO_RECOVERY
-#define NO_RECOVERY 3
-#endif
-
-#ifndef NO_DATA
-#define NO_DATA 4
-#endif
-
-#ifndef NO_ADDRESS
-#define NO_ADDRESS NO_DATA
-#endif
-
-/*
- * error code for getaddrinfo
- */
-
-#ifndef EAI_NOERROR
-#define EAI_NOERROR	0	/* no error */
-#endif
-
-#ifndef EAI_NONAME
-
-#define EAI_ADDRFAMILY	1	/* address family for nodename not supported */
-#define EAI_AGAIN	2	/* temporary failure in name resolution */
-#define EAI_BADFLAGS	3	/* invalid value for ai_flags */
-#define EAI_FAIL	4	/* non-recoverable failure in name resolution */
-#define EAI_FAMILY	5	/* ai_family not supported */
-#define EAI_MEMORY	6	/* memory allocation failure */
-#define EAI_NODATA	7	/* no address associated with nodename */
-#define EAI_NONAME	8	/* nodename nor servname provided, or not known */
-#define EAI_SERVICE	9	/* servname not supported for ai_socktype */
-#define EAI_SOCKTYPE   10	/* ai_socktype not supported */
-#define EAI_SYSTEM     11	/* system error returned in errno */
-
-#endif /* EAI_NONAME */
-
-/* flags for getaddrinfo() */
-
-#ifndef AI_PASSIVE
-#define AI_PASSIVE	0x01
-#define AI_CANONNAME	0x02
-#endif /* AI_PASSIVE */
-
-#ifndef AI_NUMERICHOST
-#define AI_NUMERICHOST	0x04
-#endif
-
-/* flags for getnameinfo() */
-
-#ifndef NI_DGRAM
-#define NI_DGRAM	0x01
-#define NI_NAMEREQD	0x02
-#define NI_NOFQDN	0x04
-#define NI_NUMERICHOST	0x08
-#define NI_NUMERICSERV	0x10
-#endif
-
-/*
- * constants for getnameinfo
- */
-
-#ifndef NI_MAXHOST
-#define NI_MAXHOST  1025
-#define NI_MAXSERV    32
-#endif
-
-/*
- * constants for inet_ntop
- */
-
-#ifndef INET_ADDRSTRLEN
-#define INET_ADDRSTRLEN    16
-#endif
-
-#ifndef INET6_ADDRSTRLEN
-#define INET6_ADDRSTRLEN   46
-#endif
-
-/*
- * for shutdown(2)
- */
-
-#ifndef SHUT_RD
-#define SHUT_RD 0
-#endif
-
-#ifndef SHUT_WR
-#define SHUT_WR 1
-#endif
-
-#ifndef SHUT_RDWR
-#define SHUT_RDWR 2
-#endif
-
-#ifndef HAVE___ATTRIBUTE__
-#define __attribute__(x)
-#endif
-
-ROKEN_CPP_START
-
-#ifndef IRIX4 /* fix for compiler bug */
-#ifdef RETSIGTYPE
-typedef RETSIGTYPE (*SigAction)(int);
-SigAction signal(int iSig, SigAction pAction); /* BSD compatible */
-#endif
-#endif
-
-int ROKEN_LIB_FUNCTION
-simple_execve(const char*, char*const[], char*const[]);
-
-int ROKEN_LIB_FUNCTION
-simple_execve_timed(const char *, char *const[], 
-		    char *const [], time_t (*)(void *), 
-		    void *, time_t);
-int ROKEN_LIB_FUNCTION
-simple_execvp(const char*, char *const[]);
-
-int ROKEN_LIB_FUNCTION
-simple_execvp_timed(const char *, char *const[], 
-		    time_t (*)(void *), void *, time_t);
-int ROKEN_LIB_FUNCTION
-simple_execlp(const char*, ...);
-
-int ROKEN_LIB_FUNCTION
-simple_execle(const char*, ...);
-
-int ROKEN_LIB_FUNCTION
-simple_execl(const char *file, ...);
-
-int ROKEN_LIB_FUNCTION
-wait_for_process(pid_t);
-
-int ROKEN_LIB_FUNCTION
-wait_for_process_timed(pid_t, time_t (*)(void *), 
-					      void *, time_t);
-int ROKEN_LIB_FUNCTION
-pipe_execv(FILE**, FILE**, FILE**, const char*, ...);
-
-void ROKEN_LIB_FUNCTION
-print_version(const char *);
-
-ssize_t ROKEN_LIB_FUNCTION
-eread (int fd, void *buf, size_t nbytes);
-
-ssize_t ROKEN_LIB_FUNCTION
-ewrite (int fd, const void *buf, size_t nbytes);
-
-struct hostent;
-
-const char * ROKEN_LIB_FUNCTION
-hostent_find_fqdn (const struct hostent *);
-
-void ROKEN_LIB_FUNCTION
-esetenv(const char *, const char *, int);
-
-void ROKEN_LIB_FUNCTION
-socket_set_address_and_port (struct sockaddr *, const void *, int);
-
-size_t ROKEN_LIB_FUNCTION
-socket_addr_size (const struct sockaddr *);
-
-void ROKEN_LIB_FUNCTION
-socket_set_any (struct sockaddr *, int);
-
-size_t ROKEN_LIB_FUNCTION
-socket_sockaddr_size (const struct sockaddr *);
-
-void * ROKEN_LIB_FUNCTION
-socket_get_address (struct sockaddr *);
-
-int ROKEN_LIB_FUNCTION
-socket_get_port (const struct sockaddr *);
-
-void ROKEN_LIB_FUNCTION
-socket_set_port (struct sockaddr *, int);
-
-void ROKEN_LIB_FUNCTION
-socket_set_portrange (int, int, int);
-
-void ROKEN_LIB_FUNCTION
-socket_set_debug (int);
-
-void ROKEN_LIB_FUNCTION
-socket_set_tos (int, int);
-
-void ROKEN_LIB_FUNCTION
-socket_set_reuseaddr (int, int);
-
-void ROKEN_LIB_FUNCTION
-socket_set_ipv6only (int, int);
-
-char ** ROKEN_LIB_FUNCTION
-vstrcollect(va_list *ap);
-
-char ** ROKEN_LIB_FUNCTION
-strcollect(char *first, ...);
-
-void ROKEN_LIB_FUNCTION
-timevalfix(struct timeval *t1);
-
-void ROKEN_LIB_FUNCTION
-timevaladd(struct timeval *t1, const struct timeval *t2);
-
-void ROKEN_LIB_FUNCTION
-timevalsub(struct timeval *t1, const struct timeval *t2);
-
-char *ROKEN_LIB_FUNCTION
-pid_file_write (const char *progname);
-
-void ROKEN_LIB_FUNCTION
-pid_file_delete (char **);
-
-int ROKEN_LIB_FUNCTION
-read_environment(const char *file, char ***env);
-
-void ROKEN_LIB_FUNCTION
-free_environment(char **);
-
-void ROKEN_LIB_FUNCTION
-warnerr(int doerrno, const char *fmt, va_list ap)
-    __attribute__ ((format (printf, 2, 0)));
-
-void * ROKEN_LIB_FUNCTION
-rk_realloc(void *, size_t);
-
-struct rk_strpool;
-
-char * ROKEN_LIB_FUNCTION
-rk_strpoolcollect(struct rk_strpool *);
-
-struct rk_strpool * ROKEN_LIB_FUNCTION
-rk_strpoolprintf(struct rk_strpool *, const char *, ...)
-    __attribute__ ((format (printf, 2, 3)));
-
-void ROKEN_LIB_FUNCTION
-rk_strpoolfree(struct rk_strpool *);
-
-void ROKEN_LIB_FUNCTION
-rk_dumpdata (const char *, const void *, size_t);
-
-ROKEN_CPP_END
-
-#endif /* __ROKEN_COMMON_H__ */
diff --git a/crypto/heimdal/lib/roken/roken.awk b/crypto/heimdal/lib/roken/roken.awk
deleted file mode 100644
index e0c19d7823af..000000000000
--- a/crypto/heimdal/lib/roken/roken.awk
+++ /dev/null
@@ -1,40 +0,0 @@
-# $Id: roken.awk 15409 2005-06-16 16:29:58Z lha $
-
-BEGIN {
-	print "#ifdef HAVE_CONFIG_H"
-	print "#include <config.h>"
-	print "#endif"
-	print "#include <stdio.h>"
-	print ""
-	print "int main(int argc, char **argv)"
-	print "{"
-	    print "puts(\"/* This is an OS dependent, generated file */\");"
-	print "puts(\"\\n\");"
-	print "puts(\"#ifndef __ROKEN_H__\");"
-	print "puts(\"#define __ROKEN_H__\");"
-	print "puts(\"\");"
-}
-
-$1 == "#ifdef" || $1 == "#ifndef" || $1 == "#if" || $1 == "#else" || $1 == "#elif" || $1 == "#endif" {
-	print $0;
-	next
-}
-
-{
-	s = ""
-	for(i = 1; i <= length; i++){
-		x = substr($0, i, 1)
-		if(x == "\"" || x == "\\")
-			s = s "\\";
-		s = s x;
-	}
-	print "puts(\"" s "\");"
-}
-
-END {
-	print "puts(\"#define ROKEN_VERSION \" VERSION );"
-	print "puts(\"\");"
-	print "puts(\"#endif /* __ROKEN_H__ */\");"
-	print "return 0;"
-	print "}"
-}
diff --git a/crypto/heimdal/lib/roken/roken.h.in b/crypto/heimdal/lib/roken/roken.h.in
deleted file mode 100644
index cf2ee9ed7bdb..000000000000
--- a/crypto/heimdal/lib/roken/roken.h.in
+++ /dev/null
@@ -1,706 +0,0 @@
-/* -*- C -*- */
-/*
- * Copyright (c) 1995-2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: roken.h.in 18612 2006-10-19 16:35:16Z lha $ */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdarg.h>
-#ifdef HAVE_STDINT_H
-#include <stdint.h>
-#endif
-#include <string.h>
-#include <signal.h>
-
-#ifdef _AIX
-struct ether_addr;
-struct sockaddr_dl;
-#endif
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-#include <sys/bitypes.h>
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-#include <netinet/in6_machtypes.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_SYS_UIO_H
-#include <sys/uio.h>
-#endif
-#ifdef HAVE_GRP_H
-#include <grp.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-#include <sys/stat.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-#ifdef HAVE_NETINET6_IN6_H
-#include <netinet6/in6.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#ifdef HAVE_RESOLV_H
-#include <resolv.h>
-#endif
-#ifdef HAVE_SYSLOG_H
-#include <syslog.h>
-#endif
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#ifdef HAVE_ERRNO_H
-#include <errno.h>
-#endif
-#include <err.h>
-#ifdef HAVE_TERMIOS_H
-#include <termios.h>
-#endif
-#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
-#include <sys/ioctl.h>
-#endif
-#ifdef TIME_WITH_SYS_TIME
-#include <sys/time.h>
-#include <time.h>
-#elif defined(HAVE_SYS_TIME_H)
-#include <sys/time.h>
-#else
-#include <time.h>
-#endif
-#ifdef HAVE_STRINGS_H
-#include <strings.h>
-#endif
-
-#ifdef HAVE_PATHS_H
-#include <paths.h>
-#endif
-
-#ifndef HAVE_SSIZE_T
-typedef int ssize_t;
-#endif
-
-#include <roken-common.h>
-
-ROKEN_CPP_START
-
-#ifdef HAVE_UINTPTR_T
-#define rk_UNCONST(x) ((void *)(uintptr_t)(const void *)(x))
-#else
-#define rk_UNCONST(x) ((void *)(unsigned long)(const void *)(x))
-#endif
-
-#if !defined(HAVE_SETSID) && defined(HAVE__SETSID)
-#define setsid _setsid
-#endif
-
-#ifndef HAVE_PUTENV
-int ROKEN_LIB_FUNCTION putenv(const char *);
-#endif
-
-#if !defined(HAVE_SETENV) || defined(NEED_SETENV_PROTO)
-int ROKEN_LIB_FUNCTION setenv(const char *, const char *, int);
-#endif
-
-#if !defined(HAVE_UNSETENV) || defined(NEED_UNSETENV_PROTO)
-void ROKEN_LIB_FUNCTION unsetenv(const char *);
-#endif
-
-#if !defined(HAVE_GETUSERSHELL) || defined(NEED_GETUSERSHELL_PROTO)
-char * ROKEN_LIB_FUNCTION getusershell(void);
-void ROKEN_LIB_FUNCTION endusershell(void);
-#endif
-
-#if !defined(HAVE_SNPRINTF) || defined(NEED_SNPRINTF_PROTO)
-int ROKEN_LIB_FUNCTION snprintf (char *, size_t, const char *, ...)
-     __attribute__ ((format (printf, 3, 4)));
-#endif
-
-#if !defined(HAVE_VSNPRINTF) || defined(NEED_VSNPRINTF_PROTO)
-int ROKEN_LIB_FUNCTION 
-     vsnprintf (char *, size_t, const char *, va_list)
-     __attribute__((format (printf, 3, 0)));
-#endif
-
-#if !defined(HAVE_ASPRINTF) || defined(NEED_ASPRINTF_PROTO)
-int ROKEN_LIB_FUNCTION
-     asprintf (char **, const char *, ...)
-     __attribute__ ((format (printf, 2, 3)));
-#endif
-
-#if !defined(HAVE_VASPRINTF) || defined(NEED_VASPRINTF_PROTO)
-int ROKEN_LIB_FUNCTION
-    vasprintf (char **, const char *, va_list)
-     __attribute__((format (printf, 2, 0)));
-#endif
-
-#if !defined(HAVE_ASNPRINTF) || defined(NEED_ASNPRINTF_PROTO)
-int ROKEN_LIB_FUNCTION
-    asnprintf (char **, size_t, const char *, ...)
-     __attribute__ ((format (printf, 3, 4)));
-#endif
-
-#if !defined(HAVE_VASNPRINTF) || defined(NEED_VASNPRINTF_PROTO)
-int ROKEN_LIB_FUNCTION
-    vasnprintf (char **, size_t, const char *, va_list)
-     __attribute__((format (printf, 3, 0)));
-#endif
-
-#ifndef HAVE_STRDUP
-char * ROKEN_LIB_FUNCTION strdup(const char *);
-#endif
-
-#if !defined(HAVE_STRNDUP) || defined(NEED_STRNDUP_PROTO)
-char * ROKEN_LIB_FUNCTION strndup(const char *, size_t);
-#endif
-
-#ifndef HAVE_STRLWR
-char * ROKEN_LIB_FUNCTION strlwr(char *);
-#endif
-
-#ifndef HAVE_STRNLEN
-size_t ROKEN_LIB_FUNCTION strnlen(const char*, size_t);
-#endif
-
-#if !defined(HAVE_STRSEP) || defined(NEED_STRSEP_PROTO)
-char * ROKEN_LIB_FUNCTION strsep(char**, const char*);
-#endif
-
-#if !defined(HAVE_STRSEP_COPY) || defined(NEED_STRSEP_COPY_PROTO)
-ssize_t ROKEN_LIB_FUNCTION strsep_copy(const char**, const char*, char*, size_t);
-#endif
-
-#ifndef HAVE_STRCASECMP
-int ROKEN_LIB_FUNCTION strcasecmp(const char *, const char *);
-#endif
-
-#ifdef NEED_FCLOSE_PROTO
-int ROKEN_LIB_FUNCTION fclose(FILE *);
-#endif
-
-#ifdef NEED_STRTOK_R_PROTO
-char * ROKEN_LIB_FUNCTION strtok_r(char *, const char *, char **);
-#endif
-
-#ifndef HAVE_STRUPR
-char * ROKEN_LIB_FUNCTION strupr(char *);
-#endif
-
-#ifndef HAVE_STRLCPY
-size_t ROKEN_LIB_FUNCTION strlcpy (char *, const char *, size_t);
-#endif
-
-#ifndef HAVE_STRLCAT
-size_t ROKEN_LIB_FUNCTION strlcat (char *, const char *, size_t);
-#endif
-
-#ifndef HAVE_GETDTABLESIZE
-int ROKEN_LIB_FUNCTION getdtablesize(void);
-#endif
-
-#if !defined(HAVE_STRERROR) && !defined(strerror)
-char * ROKEN_LIB_FUNCTION strerror(int);
-#endif
-
-#if !defined(HAVE_HSTRERROR) || defined(NEED_HSTRERROR_PROTO)
-/* This causes a fatal error under Psoriasis */
-#if !(defined(SunOS) && (SunOS >= 50))
-const char * ROKEN_LIB_FUNCTION hstrerror(int);
-#endif
-#endif
-
-#if !HAVE_DECL_H_ERRNO
-extern int h_errno;
-#endif
-
-#if !defined(HAVE_INET_ATON) || defined(NEED_INET_ATON_PROTO)
-int ROKEN_LIB_FUNCTION inet_aton(const char *, struct in_addr *);
-#endif
-
-#ifndef HAVE_INET_NTOP
-const char * ROKEN_LIB_FUNCTION
-inet_ntop(int af, const void *src, char *dst, size_t size);
-#endif
-
-#ifndef HAVE_INET_PTON
-int ROKEN_LIB_FUNCTION
-inet_pton(int, const char *, void *);
-#endif
-
-#if !defined(HAVE_GETCWD)
-char* ROKEN_LIB_FUNCTION getcwd(char *, size_t);
-#endif
-
-#ifdef HAVE_PWD_H
-#include <pwd.h>
-struct passwd * ROKEN_LIB_FUNCTION k_getpwnam (const char *);
-struct passwd * ROKEN_LIB_FUNCTION k_getpwuid (uid_t);
-#endif
-
-const char * ROKEN_LIB_FUNCTION get_default_username (void);
-
-#ifndef HAVE_SETEUID
-int ROKEN_LIB_FUNCTION seteuid(uid_t);
-#endif
-
-#ifndef HAVE_SETEGID
-int ROKEN_LIB_FUNCTION setegid(gid_t);
-#endif
-
-#ifndef HAVE_LSTAT
-int ROKEN_LIB_FUNCTION lstat(const char *, struct stat *);
-#endif
-
-#if !defined(HAVE_MKSTEMP) || defined(NEED_MKSTEMP_PROTO)
-int ROKEN_LIB_FUNCTION mkstemp(char *);
-#endif
-
-#ifndef HAVE_CGETENT
-int ROKEN_LIB_FUNCTION cgetent(char **, char **, const char *);
-int ROKEN_LIB_FUNCTION cgetstr(char *, const char *, char **);
-#endif
-
-#ifndef HAVE_INITGROUPS
-int ROKEN_LIB_FUNCTION initgroups(const char *, gid_t);
-#endif
-
-#ifndef HAVE_FCHOWN
-int ROKEN_LIB_FUNCTION fchown(int, uid_t, gid_t);
-#endif
-
-#if !defined(HAVE_DAEMON) || defined(NEED_DAEMON_PROTO)
-int ROKEN_LIB_FUNCTION daemon(int, int);
-#endif
-
-#ifndef HAVE_INNETGR
-int ROKEN_LIB_FUNCTION innetgr(const char *, const char *, 
-	    const char *, const char *);
-#endif
-
-#ifndef HAVE_CHOWN
-int ROKEN_LIB_FUNCTION chown(const char *, uid_t, gid_t);
-#endif
-
-#ifndef HAVE_RCMD
-int ROKEN_LIB_FUNCTION
-    rcmd(char **, unsigned short, const char *,
-	 const char *, const char *, int *);
-#endif
-
-#if !defined(HAVE_INNETGR) || defined(NEED_INNETGR_PROTO)
-int ROKEN_LIB_FUNCTION innetgr(const char*, const char*,
-    const char*, const char*);
-#endif
-
-#ifndef HAVE_IRUSEROK
-int ROKEN_LIB_FUNCTION iruserok(unsigned, int, 
-    const char *, const char *);
-#endif
-
-#if !defined(HAVE_GETHOSTNAME) || defined(NEED_GETHOSTNAME_PROTO)
-int ROKEN_LIB_FUNCTION gethostname(char *, int);
-#endif
-
-#ifndef HAVE_WRITEV
-ssize_t ROKEN_LIB_FUNCTION
-writev(int, const struct iovec *, int);
-#endif
-
-#ifndef HAVE_READV
-ssize_t ROKEN_LIB_FUNCTION
-readv(int, const struct iovec *, int);
-#endif
-
-#ifndef HAVE_MKSTEMP
-int ROKEN_LIB_FUNCTION
-mkstemp(char *);
-#endif
-
-#ifndef HAVE_PIDFILE
-void ROKEN_LIB_FUNCTION pidfile (const char*);
-#endif
-
-#ifndef HAVE_BSWAP32
-unsigned int ROKEN_LIB_FUNCTION bswap32(unsigned int);
-#endif
-
-#ifndef HAVE_BSWAP16
-unsigned short ROKEN_LIB_FUNCTION bswap16(unsigned short);
-#endif
-
-#ifndef HAVE_FLOCK
-#ifndef LOCK_SH
-#define LOCK_SH   1		/* Shared lock */
-#endif
-#ifndef	LOCK_EX
-#define LOCK_EX   2		/* Exclusive lock */
-#endif
-#ifndef LOCK_NB
-#define LOCK_NB   4		/* Don't block when locking */
-#endif
-#ifndef LOCK_UN
-#define LOCK_UN   8		/* Unlock */
-#endif
-
-int flock(int fd, int operation);
-#endif /* HAVE_FLOCK */
-
-time_t ROKEN_LIB_FUNCTION tm2time (struct tm, int);
-
-int ROKEN_LIB_FUNCTION unix_verify_user(char *, char *);
-
-int ROKEN_LIB_FUNCTION roken_concat (char *, size_t, ...);
-
-size_t ROKEN_LIB_FUNCTION roken_mconcat (char **, size_t, ...);
-
-int ROKEN_LIB_FUNCTION roken_vconcat (char *, size_t, va_list);
-
-size_t ROKEN_LIB_FUNCTION
-    roken_vmconcat (char **, size_t, va_list);
-
-ssize_t ROKEN_LIB_FUNCTION net_write (int, const void *, size_t);
-
-ssize_t ROKEN_LIB_FUNCTION net_read (int, void *, size_t);
-
-int ROKEN_LIB_FUNCTION issuid(void);
-
-#ifndef HAVE_STRUCT_WINSIZE
-struct winsize {
-	unsigned short ws_row, ws_col;
-	unsigned short ws_xpixel, ws_ypixel;
-};
-#endif
-
-int ROKEN_LIB_FUNCTION get_window_size(int fd, struct winsize *);
-
-#ifndef HAVE_VSYSLOG
-void ROKEN_LIB_FUNCTION vsyslog(int, const char *, va_list);
-#endif
-
-#if !HAVE_DECL_OPTARG
-extern char *optarg;
-#endif
-#if !HAVE_DECL_OPTIND
-extern int optind;
-#endif
-#if !HAVE_DECL_OPTERR
-extern int opterr;
-#endif
-
-#if !HAVE_DECL_ENVIRON
-extern char **environ;
-#endif
-
-#ifndef HAVE_GETIPNODEBYNAME
-struct hostent * ROKEN_LIB_FUNCTION
-getipnodebyname (const char *, int, int, int *);
-#endif
-
-#ifndef HAVE_GETIPNODEBYADDR
-struct hostent * ROKEN_LIB_FUNCTION
-getipnodebyaddr (const void *, size_t, int, int *);
-#endif
-
-#ifndef HAVE_FREEHOSTENT
-void ROKEN_LIB_FUNCTION
-freehostent (struct hostent *);
-#endif
-
-#ifndef HAVE_COPYHOSTENT
-struct hostent * ROKEN_LIB_FUNCTION
-copyhostent (const struct hostent *);
-#endif
-
-#ifndef HAVE_SOCKLEN_T
-typedef int socklen_t;
-#endif
-
-#ifndef HAVE_STRUCT_SOCKADDR_STORAGE
-
-#ifndef HAVE_SA_FAMILY_T
-typedef unsigned short sa_family_t;
-#endif
-
-#ifdef HAVE_IPV6
-#define _SS_MAXSIZE sizeof(struct sockaddr_in6)
-#else
-#define _SS_MAXSIZE sizeof(struct sockaddr_in)
-#endif
-
-#define _SS_ALIGNSIZE	sizeof(unsigned long)
-
-#if HAVE_STRUCT_SOCKADDR_SA_LEN
-
-typedef unsigned char roken_sa_family_t;
-
-#define _SS_PAD1SIZE   ((2 * _SS_ALIGNSIZE - sizeof (roken_sa_family_t) - sizeof(unsigned char)) % _SS_ALIGNSIZE)
-#define _SS_PAD2SIZE   (_SS_MAXSIZE - (sizeof (roken_sa_family_t) + sizeof(unsigned char) + _SS_PAD1SIZE + _SS_ALIGNSIZE))
-
-struct sockaddr_storage {
-    unsigned char	ss_len;
-    roken_sa_family_t	ss_family;
-    char		__ss_pad1[_SS_PAD1SIZE];
-    unsigned long	__ss_align[_SS_PAD2SIZE / sizeof(unsigned long) + 1];
-};
-
-#else /* !HAVE_STRUCT_SOCKADDR_SA_LEN */
-
-typedef unsigned short roken_sa_family_t;
-
-#define _SS_PAD1SIZE   ((2 * _SS_ALIGNSIZE - sizeof (roken_sa_family_t)) % _SS_ALIGNSIZE)
-#define _SS_PAD2SIZE   (_SS_MAXSIZE - (sizeof (roken_sa_family_t) + _SS_PAD1SIZE + _SS_ALIGNSIZE))
-
-struct sockaddr_storage {
-    roken_sa_family_t	ss_family;
-    char		__ss_pad1[_SS_PAD1SIZE];
-    unsigned long	__ss_align[_SS_PAD2SIZE / sizeof(unsigned long) + 1];
-};
-
-#endif /* HAVE_STRUCT_SOCKADDR_SA_LEN */
-
-#endif /* HAVE_STRUCT_SOCKADDR_STORAGE */
-
-#ifndef HAVE_STRUCT_ADDRINFO
-struct addrinfo {
-    int    ai_flags;
-    int    ai_family;
-    int    ai_socktype;
-    int    ai_protocol;
-    size_t ai_addrlen;
-    char  *ai_canonname;
-    struct sockaddr *ai_addr;
-    struct addrinfo *ai_next;
-};
-#endif
-
-#ifndef HAVE_GETADDRINFO
-int ROKEN_LIB_FUNCTION
-getaddrinfo(const char *,
-	    const char *,
-	    const struct addrinfo *,
-	    struct addrinfo **);
-#endif
-
-#ifndef HAVE_GETNAMEINFO
-int ROKEN_LIB_FUNCTION
-getnameinfo(const struct sockaddr *, socklen_t,
-		char *, size_t,
-		char *, size_t,
-		int);
-#endif
-
-#ifndef HAVE_FREEADDRINFO
-void ROKEN_LIB_FUNCTION
-freeaddrinfo(struct addrinfo *);
-#endif
-
-#ifndef HAVE_GAI_STRERROR
-const char * ROKEN_LIB_FUNCTION
-gai_strerror(int);
-#endif
-
-int ROKEN_LIB_FUNCTION
-getnameinfo_verified(const struct sockaddr *, socklen_t,
-		     char *, size_t,
-		     char *, size_t,
-		     int);
-
-int ROKEN_LIB_FUNCTION
-roken_getaddrinfo_hostspec(const char *, int, struct addrinfo **); 
-int ROKEN_LIB_FUNCTION
-roken_getaddrinfo_hostspec2(const char *, int, int, struct addrinfo **);
-
-#ifndef HAVE_STRFTIME
-size_t ROKEN_LIB_FUNCTION
-strftime (char *, size_t, const char *, const struct tm *);
-#endif
-
-#ifndef HAVE_STRPTIME
-char * ROKEN_LIB_FUNCTION
-strptime (const char *, const char *, struct tm *);
-#endif
-
-#ifndef HAVE_EMALLOC
-void * ROKEN_LIB_FUNCTION emalloc (size_t);
-#endif
-#ifndef HAVE_ECALLOC
-void * ROKEN_LIB_FUNCTION ecalloc(size_t, size_t);
-#endif
-#ifndef HAVE_EREALLOC
-void * ROKEN_LIB_FUNCTION erealloc (void *, size_t);
-#endif
-#ifndef HAVE_ESTRDUP
-char * ROKEN_LIB_FUNCTION estrdup (const char *);
-#endif
-
-/*
- * kludges and such
- */
-
-#if 1
-int ROKEN_LIB_FUNCTION
-roken_gethostby_setup(const char*, const char*);
-struct hostent* ROKEN_LIB_FUNCTION
-roken_gethostbyname(const char*);
-struct hostent* ROKEN_LIB_FUNCTION 
-roken_gethostbyaddr(const void*, size_t, int);
-#else
-#ifdef GETHOSTBYNAME_PROTO_COMPATIBLE
-#define roken_gethostbyname(x) gethostbyname(x)
-#else
-#define roken_gethostbyname(x) gethostbyname((char *)x)
-#endif
-
-#ifdef GETHOSTBYADDR_PROTO_COMPATIBLE
-#define roken_gethostbyaddr(a, l, t) gethostbyaddr(a, l, t)
-#else
-#define roken_gethostbyaddr(a, l, t) gethostbyaddr((char *)a, l, t)
-#endif
-#endif
-
-#ifdef GETSERVBYNAME_PROTO_COMPATIBLE
-#define roken_getservbyname(x,y) getservbyname(x,y)
-#else
-#define roken_getservbyname(x,y) getservbyname((char *)x, (char *)y)
-#endif
-
-#ifdef OPENLOG_PROTO_COMPATIBLE
-#define roken_openlog(a,b,c) openlog(a,b,c)
-#else
-#define roken_openlog(a,b,c) openlog((char *)a,b,c)
-#endif
-
-#ifdef GETSOCKNAME_PROTO_COMPATIBLE
-#define roken_getsockname(a,b,c) getsockname(a,b,c)
-#else
-#define roken_getsockname(a,b,c) getsockname(a, b, (void*)c)
-#endif
-
-#ifndef HAVE_SETPROGNAME
-void ROKEN_LIB_FUNCTION setprogname(const char *);
-#endif
-
-#ifndef HAVE_GETPROGNAME
-const char * ROKEN_LIB_FUNCTION getprogname(void);
-#endif
-
-#if !defined(HAVE_SETPROGNAME) && !defined(HAVE_GETPROGNAME) && !HAVE_DECL___PROGNAME
-extern const char *__progname;
-#endif
-
-void ROKEN_LIB_FUNCTION mini_inetd_addrinfo (struct addrinfo*);
-void ROKEN_LIB_FUNCTION mini_inetd (int);
-
-#ifndef HAVE_LOCALTIME_R
-struct tm * ROKEN_LIB_FUNCTION
-localtime_r(const time_t *, struct tm *);
-#endif
-
-#if !defined(HAVE_STRSVIS) || defined(NEED_STRSVIS_PROTO)
-int ROKEN_LIB_FUNCTION
-strsvis(char *, const char *, int, const char *);
-#endif
-
-#if !defined(HAVE_STRUNVIS) || defined(NEED_STRUNVIS_PROTO)
-int ROKEN_LIB_FUNCTION
-strunvis(char *, const char *);
-#endif
-
-#if !defined(HAVE_STRVIS) || defined(NEED_STRVIS_PROTO)
-int ROKEN_LIB_FUNCTION
-strvis(char *, const char *, int);
-#endif
-
-#if !defined(HAVE_STRVISX) || defined(NEED_STRVISX_PROTO)
-int ROKEN_LIB_FUNCTION
-strvisx(char *, const char *, size_t, int);
-#endif
-
-#if !defined(HAVE_SVIS) || defined(NEED_SVIS_PROTO)
-char * ROKEN_LIB_FUNCTION
-svis(char *, int, int, int, const char *);
-#endif
-
-#if !defined(HAVE_UNVIS) || defined(NEED_UNVIS_PROTO)
-int ROKEN_LIB_FUNCTION
-unvis(char *, int, int *, int);
-#endif
-
-#if !defined(HAVE_VIS) || defined(NEED_VIS_PROTO)
-char * ROKEN_LIB_FUNCTION
-vis(char *, int, int, int);
-#endif
-
-#if !defined(HAVE_CLOSEFROM)
-int ROKEN_LIB_FUNCTION
-closefrom(int);
-#endif
-
-#if !defined(HAVE_TIMEGM)
-#define timegm rk_timegm
-time_t ROKEN_LIB_FUNCTION
-rk_timegm(struct tm *tm);
-#endif
-
-#ifdef SOCKET_WRAPPER_REPLACE
-#include <socket_wrapper.h>
-#endif
-
-ROKEN_CPP_END
diff --git a/crypto/heimdal/lib/roken/roken_gethostby.c b/crypto/heimdal/lib/roken/roken_gethostby.c
deleted file mode 100644
index ff0af86ef4c1..000000000000
--- a/crypto/heimdal/lib/roken/roken_gethostby.c
+++ /dev/null
@@ -1,274 +0,0 @@
-/*
- * Copyright (c) 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: roken_gethostby.c 21157 2007-06-18 22:03:13Z lha $");
-#endif
-
-#include "roken.h"
-
-#undef roken_gethostbyname
-#undef roken_gethostbyaddr
-
-static struct sockaddr_in dns_addr;
-static char *dns_req;
-
-static int
-make_address(const char *address, struct in_addr *ip)
-{
-    if(inet_aton(address, ip) == 0){
-	/* try to resolve as hostname, it might work if the address we
-           are trying to lookup is local, for instance a web proxy */
-	struct hostent *he = gethostbyname(address);
-	if(he) {
-	    unsigned char *p = (unsigned char*)he->h_addr;
-	    ip->s_addr = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
-	} else {
-	    return -1;
-	}
-    }
-    return 0;
-}
-
-static int
-setup_int(const char *proxy_host, short proxy_port,
-	  const char *dns_host, short dns_port,
-	  const char *dns_path)
-{
-    memset(&dns_addr, 0, sizeof(dns_addr));
-    if(dns_req)
-	free(dns_req);
-    if(proxy_host) {
-	if(make_address(proxy_host, &dns_addr.sin_addr) != 0)
-	    return -1;
-	dns_addr.sin_port = htons(proxy_port);
-	asprintf(&dns_req, "http://%s:%d%s", dns_host, dns_port, dns_path);
-    } else {
-	if(make_address(dns_host, &dns_addr.sin_addr) != 0)
-	    return -1;
-	dns_addr.sin_port = htons(dns_port);
-	asprintf(&dns_req, "%s", dns_path);
-    }
-    dns_addr.sin_family = AF_INET;
-    return 0;
-}
-
-static void
-split_spec(const char *spec, char **host, int *port, char **path, int def_port)
-{
-    char *p;
-    *host = strdup(spec);
-    p = strchr(*host, ':');
-    if(p) {
-	*p++ = '\0';
-	if(sscanf(p, "%d", port) != 1)
-	    *port = def_port;
-    } else
-	*port = def_port;
-    p = strchr(p ? p : *host, '/');
-    if(p) {
-	if(path) 
-	    *path = strdup(p);
-	*p = '\0';
-    }else
-	if(path) 
-	    *path = NULL;
-}
-
-
-int ROKEN_LIB_FUNCTION
-roken_gethostby_setup(const char *proxy_spec, const char *dns_spec)
-{
-    char *proxy_host = NULL;
-    int proxy_port = 0;
-    char *dns_host, *dns_path;
-    int dns_port;
-    
-    int ret = -1;
-    
-    split_spec(dns_spec, &dns_host, &dns_port, &dns_path, 80);
-    if(dns_path == NULL)
-	goto out;
-    if(proxy_spec)
-	split_spec(proxy_spec, &proxy_host, &proxy_port, NULL, 80);
-    ret = setup_int(proxy_host, proxy_port, dns_host, dns_port, dns_path);
-out:
-    free(proxy_host);
-    free(dns_host);
-    free(dns_path);
-    return ret;
-}
-    
-
-/* Try to lookup a name or an ip-address using http as transport
-   mechanism. See the end of this file for an example program. */
-static struct hostent*
-roken_gethostby(const char *hostname)
-{
-    int s;
-    struct sockaddr_in addr;
-    char *request;
-    char buf[1024];
-    int offset = 0;
-    int n;
-    char *p, *foo;
-    
-    if(dns_addr.sin_family == 0)
-	return NULL; /* no configured host */
-    addr = dns_addr;
-    asprintf(&request, "GET %s?%s HTTP/1.0\r\n\r\n", dns_req, hostname);
-    if(request == NULL)
-	return NULL;
-    s  = socket(AF_INET, SOCK_STREAM, 0);
-    if(s < 0) {
-	free(request);
-	return NULL;
-    }
-    if(connect(s, (struct sockaddr*)&addr, sizeof(addr)) < 0) {
-	close(s);
-	free(request);
-	return NULL;
-    }
-    if(write(s, request, strlen(request)) != strlen(request)) {
-	close(s);
-	free(request);
-	return NULL;
-    }
-    free(request);
-    while(1) {
-	n = read(s, buf + offset, sizeof(buf) - offset);
-	if(n <= 0)
-	    break;
-	offset += n;
-    }
-    buf[offset] = '\0';
-    close(s);
-    p = strstr(buf, "\r\n\r\n"); /* find end of header */
-    if(p) p += 4;
-    else return NULL;
-    foo = NULL;
-    p = strtok_r(p, " \t\r\n", &foo);
-    if(p == NULL)
-	return NULL;
-    {
-	/* make a hostent to return */
-#define MAX_ADDRS 16
-	static struct hostent he;
-	static char addrs[4 * MAX_ADDRS];
-	static char *addr_list[MAX_ADDRS + 1];
-	int num_addrs = 0;
-	
-	he.h_name = p;
-	he.h_aliases = NULL;
-	he.h_addrtype = AF_INET;
-	he.h_length = 4;
-	
-	while((p = strtok_r(NULL, " \t\r\n", &foo)) && num_addrs < MAX_ADDRS) {
-	    struct in_addr ip;
-	    inet_aton(p, &ip);
-	    ip.s_addr = ntohl(ip.s_addr);
-	    addr_list[num_addrs] = &addrs[num_addrs * 4];
-	    addrs[num_addrs * 4 + 0] = (ip.s_addr >> 24) & 0xff;
-	    addrs[num_addrs * 4 + 1] = (ip.s_addr >> 16) & 0xff;
-	    addrs[num_addrs * 4 + 2] = (ip.s_addr >> 8) & 0xff;
-	    addrs[num_addrs * 4 + 3] = (ip.s_addr >> 0) & 0xff;
-	    addr_list[++num_addrs] = NULL;
-	}
-	he.h_addr_list = addr_list;
-	return &he;
-    }
-}
-
-struct hostent*
-roken_gethostbyname(const char *hostname)
-{
-    struct hostent *he;
-    he = gethostbyname(hostname);
-    if(he)
-	return he;
-    return roken_gethostby(hostname);
-}
-
-struct hostent* ROKEN_LIB_FUNCTION
-roken_gethostbyaddr(const void *addr, size_t len, int type)
-{
-    struct in_addr a;
-    const char *p;
-    struct hostent *he;
-    he = gethostbyaddr(addr, len, type);
-    if(he)
-	return he;
-    if(type != AF_INET || len != 4)
-	return NULL;
-    p = addr;
-    a.s_addr = htonl((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]);
-    return roken_gethostby(inet_ntoa(a));
-}
-
-#if 0
-
-/* this program can be used as a cgi `script' to lookup names and
-   ip-addresses */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <netdb.h>
-#include <sys/param.h>
-
-int
-main(int argc, char **argv)
-{
-    char *query = getenv("QUERY_STRING");
-    char host[MAXHOSTNAMELEN];
-    int i;
-    struct hostent *he;
-    
-    printf("Content-type: text/plain\n\n");
-    if(query == NULL)
-	exit(0);
-    he = gethostbyname(query);
-    strncpy(host, he->h_name, sizeof(host));
-    host[sizeof(host) - 1] = '\0';
-    he = gethostbyaddr(he->h_addr, he->h_length, AF_INET);
-    printf("%s\n", he->h_name);
-    for(i = 0; he->h_addr_list[i]; i++) {
-	struct in_addr ip;
-	unsigned char *p = (unsigned char*)he->h_addr_list[i];
-	ip.s_addr = htonl((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]);
-	printf("%s\n", inet_ntoa(ip));
-    }
-    exit(0);
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/rtbl.3 b/crypto/heimdal/lib/roken/rtbl.3
deleted file mode 100644
index ccdc73f77a31..000000000000
--- a/crypto/heimdal/lib/roken/rtbl.3
+++ /dev/null
@@ -1,201 +0,0 @@
-.\" Copyright (c) 2004 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\" $Id: rtbl.3 22088 2007-11-25 14:10:15Z lha $
-.\"
-.Dd June 26, 2004
-.Dt RTBL 3
-.Os HEIMDAL
-.Sh NAME
-.Nm rtbl_create ,
-.Nm rtbl_destroy ,
-.Nm rtbl_set_flags ,
-.Nm rtbl_get_flags ,
-.Nm rtbl_set_prefix ,
-.Nm rtbl_set_separator ,
-.Nm rtbl_set_column_prefix ,
-.Nm rtbl_set_column_affix_by_id ,
-.Nm rtbl_add_column ,
-.Nm rtbl_add_column_by_id ,
-.Nm rtbl_add_column_entry ,
-.Nm rtbl_add_column_entry_by_id ,
-.Nm rtbl_new_row ,
-.Nm rtbl_format
-.Nd format data in simple tables
-.Sh LIBRARY
-The roken library (libroken, -lroken)
-.Sh SYNOPSIS
-.In rtbl.h
-.Ft int
-.Fn rtbl_add_column "rtbl_t table" "const char *column_name" "unsigned int flags"
-.Ft int
-.Fn rtbl_add_column_by_id "rtbl_t table" "unsigned int column_id" "const char *column_header" "unsigned int flags"
-.Ft int
-.Fn rtbl_add_column_entry "rtbl_t table" "const char *column_name" "const char *cell_entry"
-.Ft int
-.Fn rtbl_add_column_entry_by_id "rtbl_t table" "unsigned int column_id" "const char *cell_entry"
-.Ft rtbl_t
-.Fn rtbl_create "void"
-.Ft void
-.Fn rtbl_destroy "rtbl_t table"
-.Ft int
-.Fn rtbl_new_row "rtbl_t table"
-.Ft int
-.Fn rtbl_set_column_affix_by_id "rtbl_t table" "unsigned int column_id "const char *prefix" "const char *suffix"
-.Ft int
-.Fn rtbl_set_column_prefix "rtbl_t table" "const char *column_name" "const char *prefix"
-.Ft "unsigned int"
-.Fn rtbl_get_flags "rtbl_t table"
-.Ft void
-.Fn rtbl_set_flags "rtbl_t table" "unsigned int flags"
-.Ft int
-.Fn rtbl_set_prefix "rtbl_t table" "const char *prefix"
-.Ft int
-.Fn rtbl_set_separator "rtbl_t table" "const char *separator"
-.Ft int
-.Fn rtbl_format "rtbl_t table "FILE *file"
-.Sh DESCRIPTION
-This set of functions assemble a simple table consisting of rows and
-columns, allowing it to be printed with certain options. Typical use
-would be output from tools such as
-.Xr ls 1
-or
-.Xr netstat 1 ,
-where you have a fixed number of columns, but don't know the column
-widthds before hand.
-.Pp
-A table is created with
-.Fn rtbl_create
-and destroyed with
-.Fn rtbl_destroy .
-.Pp
-Global flags on the table are set with
-.Fa rtbl_set_flags
-and retrieved with
-.Fa rtbl_get_flags .
-At present the only defined flag is
-.Dv RTBL_HEADER_STYLE_NONE
-which suppresses printing the header.
-.Pp
-Before adding data to the table, one or more columns need to be
-created. This would normally be done with
-.Fn rtbl_add_column_by_id ,
-.Fa column_id
-is any number of your choice (it's used only to identify columns),
-.Fa column_header
-is the header to print at the top of the column, and
-.Fa flags
-are flags specific to this column. Currently the only defined flag is
-.Dv RTBL_ALIGN_RIGHT ,
-aligning column entries to the right. Columns are printed in the order
-they are added.
-.Pp
-There's also a way to add columns by column name with
-.Fn rtbl_add_column ,
-but this is less flexible (you need unique header names), and is
-considered deprecated.
-.Pp
-To add data to a column you use
-.Fn rtbl_add_column_entry_by_id ,
-where the
-.Fa column_id
-is the same as when the column was added (adding data to a
-non-existent column is undefined), and
-.Fa cell_entry
-is whatever string you wish to include in that cell. It should not
-include newlines.
-For columns added with
-.Fn rtbl_add_column
-you must use
-.Fn rtbl_add_column_entry
-instead.
-.Pp
-.Fn rtbl_new_row
-fills all columns with blank entries until they all have the same
-number of rows.
-.Pp
-Each column can have a separate prefix and suffix, set with
-.Fa rtbl_set_column_affix_by_id ;
-.Fa rtbl_set_column_prefix
-allows setting the prefix only by column name. In addition to this,
-columns may be separated by a string set with
-.Fa rtbl_set_separator ( Ns
-by default columns are not seprated by anything).
-.Pp
-The finished table is printed to
-.Fa file
-with
-.Fa rtbl_format .
-.Sh EXAMPLES
-This program:
-.Bd -literal -offset xxxx
-#include <stdio.h>
-#include <rtbl.h>
-int
-main(int argc, char **argv)
-{
-    rtbl_t table;
-    table = rtbl_create();
-    rtbl_set_separator(table, "  ");
-    rtbl_add_column_by_id(table, 0, "Column A", 0);
-    rtbl_add_column_by_id(table, 1, "Column B", RTBL_ALIGN_RIGHT);
-    rtbl_add_column_by_id(table, 2, "Column C", 0);
-    rtbl_add_column_entry_by_id(table, 0, "A-1");
-    rtbl_add_column_entry_by_id(table, 0, "A-2");
-    rtbl_add_column_entry_by_id(table, 0, "A-3");
-    rtbl_add_column_entry_by_id(table, 1, "B-1");
-    rtbl_add_column_entry_by_id(table, 2, "C-1");
-    rtbl_add_column_entry_by_id(table, 2, "C-2");
-    rtbl_add_column_entry_by_id(table, 1, "B-2");
-    rtbl_add_column_entry_by_id(table, 1, "B-3");
-    rtbl_add_column_entry_by_id(table, 2, "C-3");
-    rtbl_add_column_entry_by_id(table, 0, "A-4");
-    rtbl_new_row(table);
-    rtbl_add_column_entry_by_id(table, 1, "B-4");
-    rtbl_new_row(table);
-    rtbl_add_column_entry_by_id(table, 2, "C-4");
-    rtbl_new_row(table);
-    rtbl_format(table, stdout);
-    rtbl_destroy(table);
-    return 0;
-}
-.Ed
-.Pp
-will output the following:
-.Bd -literal -offset xxxx
-Column A  Column B  Column C
-A-1            B-1  C-1
-A-2            B-2  C-2
-A-3            B-3  C-3
-A-4
-               B-4
-                    C-4
-.Ed
-.\" .Sh SEE ALSO
diff --git a/crypto/heimdal/lib/roken/rtbl.c b/crypto/heimdal/lib/roken/rtbl.c
deleted file mode 100644
index dd4328f36208..000000000000
--- a/crypto/heimdal/lib/roken/rtbl.c
+++ /dev/null
@@ -1,489 +0,0 @@
-/*
- * Copyright (c) 2000, 2002, 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID ("$Id: rtbl.c 17758 2006-06-30 13:41:40Z lha $");
-#endif
-#include "roken.h"
-#include "rtbl.h"
-
-struct column_entry {
-    char *data;
-};
-
-struct column_data {
-    char *header;
-    char *prefix;
-    int width;
-    unsigned flags;
-    size_t num_rows;
-    struct column_entry *rows;
-    unsigned int column_id;
-    char *suffix;
-};
-
-struct rtbl_data {
-    char *column_prefix;
-    size_t num_columns;
-    struct column_data **columns;
-    unsigned int flags;
-    char *column_separator;
-};
-
-rtbl_t ROKEN_LIB_FUNCTION
-rtbl_create (void)
-{
-    return calloc (1, sizeof (struct rtbl_data));
-}
-
-void ROKEN_LIB_FUNCTION
-rtbl_set_flags (rtbl_t table, unsigned int flags)
-{
-    table->flags = flags;
-}
-
-unsigned int ROKEN_LIB_FUNCTION
-rtbl_get_flags (rtbl_t table)
-{
-    return table->flags;
-}
-
-static struct column_data *
-rtbl_get_column_by_id (rtbl_t table, unsigned int id)
-{
-    int i;
-    for(i = 0; i < table->num_columns; i++)
-	if(table->columns[i]->column_id == id)
-	    return table->columns[i];
-    return NULL;
-}
-
-static struct column_data *
-rtbl_get_column (rtbl_t table, const char *column)
-{
-    int i;
-    for(i = 0; i < table->num_columns; i++)
-	if(strcmp(table->columns[i]->header, column) == 0)
-	    return table->columns[i];
-    return NULL;
-}
-
-void ROKEN_LIB_FUNCTION
-rtbl_destroy (rtbl_t table)
-{
-    int i, j;
-
-    for (i = 0; i < table->num_columns; i++) {
-	struct column_data *c = table->columns[i];
-
-	for (j = 0; j < c->num_rows; j++)
-	    free (c->rows[j].data);
-	free (c->rows);
-	free (c->header);
-	free (c->prefix);
-	free (c->suffix);
-	free (c);
-    }
-    free (table->column_prefix);
-    free (table->column_separator);
-    free (table->columns);
-    free (table);
-}
-
-int ROKEN_LIB_FUNCTION
-rtbl_add_column_by_id (rtbl_t table, unsigned int id, 
-		       const char *header, unsigned int flags)
-{
-    struct column_data *col, **tmp;
-
-    tmp = realloc (table->columns, (table->num_columns + 1) * sizeof (*tmp));
-    if (tmp == NULL)
-	return ENOMEM;
-    table->columns = tmp;
-    col = malloc (sizeof (*col));
-    if (col == NULL)
-	return ENOMEM;
-    col->header = strdup (header);
-    if (col->header == NULL) {
-	free (col);
-	return ENOMEM;
-    }
-    col->prefix = NULL;
-    col->width = 0;
-    col->flags = flags;
-    col->num_rows = 0;
-    col->rows = NULL;
-    col->column_id = id;
-    col->suffix = NULL;
-    table->columns[table->num_columns++] = col;
-    return 0;
-}
-
-int ROKEN_LIB_FUNCTION
-rtbl_add_column (rtbl_t table, const char *header, unsigned int flags)
-{
-    return rtbl_add_column_by_id(table, 0, header, flags);
-}
-
-int ROKEN_LIB_FUNCTION
-rtbl_new_row(rtbl_t table)
-{
-    size_t max_rows = 0;
-    size_t c;
-    for (c = 0; c < table->num_columns; c++)
-	if(table->columns[c]->num_rows > max_rows)
-	    max_rows = table->columns[c]->num_rows;
-    for (c = 0; c < table->num_columns; c++) {
-	struct column_entry *tmp;
-
-	if(table->columns[c]->num_rows == max_rows)
-	    continue;
-	tmp = realloc(table->columns[c]->rows, 
-		      max_rows * sizeof(table->columns[c]->rows));
-	if(tmp == NULL)
-	    return ENOMEM;
-	table->columns[c]->rows = tmp;
-	while(table->columns[c]->num_rows < max_rows) {
-	    if((tmp[table->columns[c]->num_rows++].data = strdup("")) == NULL)
-		return ENOMEM;
-	}
-    }
-    return 0;
-}
-
-static void
-column_compute_width (rtbl_t table, struct column_data *column)
-{
-    int i;
-
-    if(table->flags & RTBL_HEADER_STYLE_NONE)
-	column->width = 0;
-    else
-	column->width = strlen (column->header);
-    for (i = 0; i < column->num_rows; i++)
-	column->width = max (column->width, strlen (column->rows[i].data));
-}
-
-/* DEPRECATED */
-int ROKEN_LIB_FUNCTION
-rtbl_set_prefix (rtbl_t table, const char *prefix)
-{
-    if (table->column_prefix)
-	free (table->column_prefix);
-    table->column_prefix = strdup (prefix);
-    if (table->column_prefix == NULL)
-	return ENOMEM;
-    return 0;
-}
-
-int ROKEN_LIB_FUNCTION
-rtbl_set_separator (rtbl_t table, const char *separator)
-{
-    if (table->column_separator)
-	free (table->column_separator);
-    table->column_separator = strdup (separator);
-    if (table->column_separator == NULL)
-	return ENOMEM;
-    return 0;
-}
-
-int ROKEN_LIB_FUNCTION
-rtbl_set_column_prefix (rtbl_t table, const char *column,
-			const char *prefix)
-{
-    struct column_data *c = rtbl_get_column (table, column);
-
-    if (c == NULL)
-	return -1;
-    if (c->prefix)
-	free (c->prefix);
-    c->prefix = strdup (prefix);
-    if (c->prefix == NULL)
-	return ENOMEM;
-    return 0;
-}
-
-int ROKEN_LIB_FUNCTION
-rtbl_set_column_affix_by_id(rtbl_t table, unsigned int id,
-			    const char *prefix, const char *suffix)
-{
-    struct column_data *c = rtbl_get_column_by_id (table, id);
-
-    if (c == NULL)
-	return -1;
-    if (c->prefix)
-	free (c->prefix);
-    if(prefix == NULL)
-	c->prefix = NULL;
-    else {
-	c->prefix = strdup (prefix);
-	if (c->prefix == NULL)
-	    return ENOMEM;
-    }
-
-    if (c->suffix)
-	free (c->suffix);
-    if(suffix == NULL)
-	c->suffix = NULL;
-    else {
-	c->suffix = strdup (suffix);
-	if (c->suffix == NULL)
-	    return ENOMEM;
-    }
-    return 0;
-}
-
-
-static const char *
-get_column_prefix (rtbl_t table, struct column_data *c)
-{
-    if (c == NULL)
-	return "";
-    if (c->prefix)
-	return c->prefix;
-    if (table->column_prefix)
-	return table->column_prefix;
-    return "";
-}
-
-static const char *
-get_column_suffix (rtbl_t table, struct column_data *c)
-{
-    if (c && c->suffix)
-	return c->suffix;
-    return "";
-}
-
-static int
-add_column_entry (struct column_data *c, const char *data)
-{
-    struct column_entry row, *tmp;
-
-    row.data = strdup (data);
-    if (row.data == NULL)
-	return ENOMEM;
-    tmp = realloc (c->rows, (c->num_rows + 1) * sizeof (*tmp));
-    if (tmp == NULL) {
-	free (row.data);
-	return ENOMEM;
-    }
-    c->rows = tmp;
-    c->rows[c->num_rows++] = row;
-    return 0;
-}
-
-int ROKEN_LIB_FUNCTION
-rtbl_add_column_entry_by_id (rtbl_t table, unsigned int id, const char *data)
-{
-    struct column_data *c = rtbl_get_column_by_id (table, id);
-
-    if (c == NULL)
-	return -1;
-
-    return add_column_entry(c, data);
-}
-
-int ROKEN_LIB_FUNCTION
-rtbl_add_column_entryv_by_id (rtbl_t table, unsigned int id,
-			      const char *fmt, ...)
-{
-    va_list ap;
-    char *str;
-    int ret;
-
-    va_start(ap, fmt);
-    ret = vasprintf(&str, fmt, ap);
-    va_end(ap);
-    if (ret == -1)
-	return -1;
-    ret = rtbl_add_column_entry_by_id(table, id, str);
-    free(str);
-    return ret;
-}
-
-int ROKEN_LIB_FUNCTION
-rtbl_add_column_entry (rtbl_t table, const char *column, const char *data)
-{
-    struct column_data *c = rtbl_get_column (table, column);
-
-    if (c == NULL)
-	return -1;
-
-    return add_column_entry(c, data);
-}
-
-int ROKEN_LIB_FUNCTION
-rtbl_add_column_entryv (rtbl_t table, const char *column, const char *fmt, ...)
-{
-    va_list ap;
-    char *str;
-    int ret;
-
-    va_start(ap, fmt);
-    ret = vasprintf(&str, fmt, ap);
-    va_end(ap);
-    if (ret == -1)
-	return -1;
-    ret = rtbl_add_column_entry(table, column, str);
-    free(str);
-    return ret;
-}
-
-
-int ROKEN_LIB_FUNCTION
-rtbl_format (rtbl_t table, FILE * f)
-{
-    int i, j;
-
-    for (i = 0; i < table->num_columns; i++)
-	column_compute_width (table, table->columns[i]);
-    if((table->flags & RTBL_HEADER_STYLE_NONE) == 0) {
-	for (i = 0; i < table->num_columns; i++) {
-	    struct column_data *c = table->columns[i];
-
-	    if(table->column_separator != NULL && i > 0)
-		fprintf (f, "%s", table->column_separator);
-	    fprintf (f, "%s", get_column_prefix (table, c));
-	    if(i == table->num_columns - 1 && c->suffix == NULL)
-		/* last column, so no need to pad with spaces */
-		fprintf (f, "%-*s", 0, c->header);
-	    else
-		fprintf (f, "%-*s", (int)c->width, c->header);
-	    fprintf (f, "%s", get_column_suffix (table, c));
-	}
-	fprintf (f, "\n");
-    }
-
-    for (j = 0;; j++) {
-	int flag = 0;
-
-	/* are there any more rows left? */
-	for (i = 0; flag == 0 && i < table->num_columns; ++i) {
-	    struct column_data *c = table->columns[i];
-
-	    if (c->num_rows > j) {
-		++flag;
-		break;
-	    }
-	}
-	if (flag == 0)
-	    break;
-
-	for (i = 0; i < table->num_columns; i++) {
-	    int w;
-	    struct column_data *c = table->columns[i];
-
-	    if(table->column_separator != NULL && i > 0)
-		fprintf (f, "%s", table->column_separator);
-
-	    w = c->width;
-
-	    if ((c->flags & RTBL_ALIGN_RIGHT) == 0) {
-		if(i == table->num_columns - 1 && c->suffix == NULL)
-		    /* last column, so no need to pad with spaces */
-		    w = 0;
-		else
-		    w = -w;
-	    }
-	    fprintf (f, "%s", get_column_prefix (table, c));
-	    if (c->num_rows <= j)
-		fprintf (f, "%*s", w, "");
-	    else
-		fprintf (f, "%*s", w, c->rows[j].data);
-	    fprintf (f, "%s", get_column_suffix (table, c));
-	}
-	fprintf (f, "\n");
-    }
-    return 0;
-}
-
-#ifdef TEST
-int
-main (int argc, char **argv)
-{
-    rtbl_t table;
-
-    table = rtbl_create ();
-    rtbl_add_column_by_id (table, 0, "Issued", 0);
-    rtbl_add_column_by_id (table, 1, "Expires", 0);
-    rtbl_add_column_by_id (table, 2, "Foo", RTBL_ALIGN_RIGHT);
-    rtbl_add_column_by_id (table, 3, "Principal", 0);
-
-    rtbl_add_column_entry_by_id (table, 0, "Jul  7 21:19:29");
-    rtbl_add_column_entry_by_id (table, 1, "Jul  8 07:19:29");
-    rtbl_add_column_entry_by_id (table, 2, "73");
-    rtbl_add_column_entry_by_id (table, 2, "0");
-    rtbl_add_column_entry_by_id (table, 2, "-2000");
-    rtbl_add_column_entry_by_id (table, 3, "krbtgt/NADA.KTH.SE@NADA.KTH.SE");
-
-    rtbl_add_column_entry_by_id (table, 0, "Jul  7 21:19:29");
-    rtbl_add_column_entry_by_id (table, 1, "Jul  8 07:19:29");
-    rtbl_add_column_entry_by_id (table, 3, "afs/pdc.kth.se@NADA.KTH.SE");
-
-    rtbl_add_column_entry_by_id (table, 0, "Jul  7 21:19:29");
-    rtbl_add_column_entry_by_id (table, 1, "Jul  8 07:19:29");
-    rtbl_add_column_entry_by_id (table, 3, "afs@NADA.KTH.SE");
-
-    rtbl_set_separator (table, "  ");
-
-    rtbl_format (table, stdout);
-
-    rtbl_destroy (table);
-
-    printf("\n");
-
-    table = rtbl_create ();
-    rtbl_add_column_by_id (table, 0, "Column A", 0);
-    rtbl_set_column_affix_by_id (table, 0, "<", ">");
-    rtbl_add_column_by_id (table, 1, "Column B", 0);
-    rtbl_set_column_affix_by_id (table, 1, "[", "]");
-    rtbl_add_column_by_id (table, 2, "Column C", 0);
-    rtbl_set_column_affix_by_id (table, 2, "(", ")");
-
-    rtbl_add_column_entry_by_id (table, 0, "1");
-    rtbl_new_row(table);
-    rtbl_add_column_entry_by_id (table, 1, "2");
-    rtbl_new_row(table);
-    rtbl_add_column_entry_by_id (table, 2, "3");
-    rtbl_new_row(table);
-
-    rtbl_set_separator (table, "  ");
-    rtbl_format (table, stdout);
-
-    rtbl_destroy (table);
-
-    return 0;
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/rtbl.h b/crypto/heimdal/lib/roken/rtbl.h
deleted file mode 100644
index 9b168c7e7306..000000000000
--- a/crypto/heimdal/lib/roken/rtbl.h
+++ /dev/null
@@ -1,118 +0,0 @@
-/*
- * Copyright (c) 2000,2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-/* $Id: rtbl.h 17760 2006-06-30 13:42:39Z lha $ */
-
-#ifndef __rtbl_h__
-#define __rtbl_h__
-
-#ifndef ROKEN_LIB_FUNCTION
-#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
-#else
-#define ROKEN_LIB_FUNCTION
-#endif
-#endif
-
-#if !defined(__GNUC__) && !defined(__attribute__)
-#define __attribute__(x)
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct rtbl_data;
-typedef struct rtbl_data *rtbl_t;
-
-#define RTBL_ALIGN_LEFT		0
-#define RTBL_ALIGN_RIGHT	1
-
-/* flags */
-#define RTBL_HEADER_STYLE_NONE	1
-
-int ROKEN_LIB_FUNCTION
-rtbl_add_column (rtbl_t, const char*, unsigned int);
-
-int ROKEN_LIB_FUNCTION
-rtbl_add_column_by_id (rtbl_t, unsigned int, const char*, unsigned int);
-
-int ROKEN_LIB_FUNCTION
-rtbl_add_column_entryv_by_id (rtbl_t table, unsigned int id,
-			      const char *fmt, ...)
-	__attribute__ ((format (printf, 3, 0)));
-
-int ROKEN_LIB_FUNCTION
-rtbl_add_column_entry (rtbl_t, const char*, const char*);
-
-int ROKEN_LIB_FUNCTION
-rtbl_add_column_entryv (rtbl_t, const char*, const char*, ...)
-	__attribute__ ((format (printf, 3, 0)));
-
-int ROKEN_LIB_FUNCTION
-rtbl_add_column_entry_by_id (rtbl_t, unsigned int, const char*);
-
-rtbl_t ROKEN_LIB_FUNCTION
-rtbl_create (void);
-
-void ROKEN_LIB_FUNCTION
-rtbl_destroy (rtbl_t);
-
-int ROKEN_LIB_FUNCTION
-rtbl_format (rtbl_t, FILE*);
-
-unsigned int ROKEN_LIB_FUNCTION
-rtbl_get_flags (rtbl_t);
-
-int ROKEN_LIB_FUNCTION
-rtbl_new_row (rtbl_t);
-
-int ROKEN_LIB_FUNCTION
-rtbl_set_column_affix_by_id (rtbl_t, unsigned int, const char*, const char*);
-
-int ROKEN_LIB_FUNCTION
-rtbl_set_column_prefix (rtbl_t, const char*, const char*);
-
-void ROKEN_LIB_FUNCTION
-rtbl_set_flags (rtbl_t, unsigned int);
-
-int ROKEN_LIB_FUNCTION
-rtbl_set_prefix (rtbl_t, const char*);
-
-int ROKEN_LIB_FUNCTION
-rtbl_set_separator (rtbl_t, const char*);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __rtbl_h__ */
diff --git a/crypto/heimdal/lib/roken/sendmsg.c b/crypto/heimdal/lib/roken/sendmsg.c
deleted file mode 100644
index e7478bfe2d69..000000000000
--- a/crypto/heimdal/lib/roken/sendmsg.c
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: sendmsg.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-ssize_t ROKEN_LIB_FUNCTION
-sendmsg(int s, const struct msghdr *msg, int flags)
-{
-    ssize_t ret;
-    size_t tot = 0;
-    int i;
-    char *buf, *p;
-    struct iovec *iov = msg->msg_iov;
-
-    for(i = 0; i < msg->msg_iovlen; ++i)
-	tot += iov[i].iov_len;
-    buf = malloc(tot);
-    if (tot != 0 && buf == NULL) {
-	errno = ENOMEM;
-	return -1;
-    }
-    p = buf;
-    for (i = 0; i < msg->msg_iovlen; ++i) {
-	memcpy (p, iov[i].iov_base, iov[i].iov_len);
-	p += iov[i].iov_len;
-    }
-    ret = sendto (s, buf, tot, flags, msg->msg_name, msg->msg_namelen);
-    free (buf);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/setegid.c b/crypto/heimdal/lib/roken/setegid.c
deleted file mode 100644
index 14d99eecb86a..000000000000
--- a/crypto/heimdal/lib/roken/setegid.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: setegid.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-#include "roken.h"
-
-int ROKEN_LIB_FUNCTION
-setegid(gid_t egid)
-{
-#ifdef HAVE_SETREGID
-    return setregid(-1, egid);
-#endif
-
-#ifdef HAVE_SETRESGID
-    return setresgid(-1, egid, -1);
-#endif
-
-    return -1;
-}
diff --git a/crypto/heimdal/lib/roken/setenv.c b/crypto/heimdal/lib/roken/setenv.c
deleted file mode 100644
index 2bf09bec9d83..000000000000
--- a/crypto/heimdal/lib/roken/setenv.c
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: setenv.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-#include <stdlib.h>
-#include <string.h>
-
-/*
- * This is the easy way out, use putenv to implement setenv. We might
- * leak some memory but that is ok since we are usally about to exec
- * anyway.
- */
-
-int ROKEN_LIB_FUNCTION
-setenv(const char *var, const char *val, int rewrite)
-{
-    char *t;
-
-    if (!rewrite && getenv(var) != 0)
-	return 0;
-  
-    asprintf (&t, "%s=%s", var, val);
-    if (t == NULL)
-	return -1;
-
-    if (putenv(t) == 0)
-	return 0;
-    else
-	return -1;
-}
diff --git a/crypto/heimdal/lib/roken/seteuid.c b/crypto/heimdal/lib/roken/seteuid.c
deleted file mode 100644
index 4f786bbf4715..000000000000
--- a/crypto/heimdal/lib/roken/seteuid.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: seteuid.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-#include "roken.h"
-
-int ROKEN_LIB_FUNCTION
-seteuid(uid_t euid)
-{
-#ifdef HAVE_SETREUID
-    return setreuid(-1, euid);
-#endif
-
-#ifdef HAVE_SETRESUID
-    return setresuid(-1, euid, -1);
-#endif
-
-    return -1;
-}
diff --git a/crypto/heimdal/lib/roken/setprogname.c b/crypto/heimdal/lib/roken/setprogname.c
deleted file mode 100644
index b24c785b1bc6..000000000000
--- a/crypto/heimdal/lib/roken/setprogname.c
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Copyright (c) 1995-2004 Kungliga Tekniska H�gskolan 
- * (Royal Institute of Technology, Stockholm, Sweden).  
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: setprogname.c 15955 2005-08-23 10:19:20Z lha $");
-#endif
-
-#include "roken.h"
-
-#ifndef HAVE___PROGNAME
-extern const char *__progname;
-#endif
-
-#ifndef HAVE_SETPROGNAME
-void ROKEN_LIB_FUNCTION
-setprogname(const char *argv0)
-{
-#ifndef HAVE___PROGNAME
-    const char *p;
-    if(argv0 == NULL)
-	return;
-    p = strrchr(argv0, '/');
-    if(p == NULL)
-	p = argv0;
-    else
-	p++;
-    __progname = p;
-#endif
-}
-#endif /* HAVE_SETPROGNAME */
diff --git a/crypto/heimdal/lib/roken/signal.c b/crypto/heimdal/lib/roken/signal.c
deleted file mode 100644
index e18439040f91..000000000000
--- a/crypto/heimdal/lib/roken/signal.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Copyright (c) 1995 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: signal.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include <signal.h>
-#include "roken.h"
-
-/*
- * We would like to always use this signal but there is a link error
- * on NEXTSTEP
- */
-#if !defined(NeXT) && !defined(__APPLE__)
-/*
- * Bugs:
- *
- * Do we need any extra hacks for SIGCLD and/or SIGCHLD?
- */
-
-SigAction ROKEN_LIB_FUNCTION
-signal(int iSig, SigAction pAction)
-{
-    struct sigaction saNew, saOld;
-
-    saNew.sa_handler = pAction;
-    sigemptyset(&saNew.sa_mask);
-    saNew.sa_flags = 0;
-
-    if (iSig == SIGALRM)
-	{
-#ifdef SA_INTERRUPT
-	    saNew.sa_flags |= SA_INTERRUPT;
-#endif
-	}
-    else
-	{
-#ifdef SA_RESTART
-	    saNew.sa_flags |= SA_RESTART;
-#endif
-	}
-
-    if (sigaction(iSig, &saNew, &saOld) < 0)
-	return(SIG_ERR);
-
-    return(saOld.sa_handler);
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/simple_exec.c b/crypto/heimdal/lib/roken/simple_exec.c
deleted file mode 100644
index 447b5bfd0270..000000000000
--- a/crypto/heimdal/lib/roken/simple_exec.c
+++ /dev/null
@@ -1,331 +0,0 @@
-/*
- * Copyright (c) 1998 - 2001, 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: simple_exec.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#include <stdarg.h>
-#include <stdlib.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_WAIT_H
-#include <sys/wait.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#include <errno.h>
-
-#include "roken.h"
-
-#define EX_NOEXEC	126
-#define EX_NOTFOUND	127
-
-/* return values:
-   -1   on `unspecified' system errors
-   -2   on fork failures
-   -3   on waitpid errors
-   -4   exec timeout
-   0-   is return value from subprocess
-   126  if the program couldn't be executed
-   127  if the program couldn't be found
-   128- is 128 + signal that killed subprocess
-
-   possible values `func' can return:
-   ((time_t)-2)		exit loop w/o killing child and return
-   			`exec timeout'/-4 from simple_exec
-   ((time_t)-1)		kill child with SIGTERM and wait for child to exit
-   0			don't timeout again
-   n			seconds to next timeout
-   */
-
-static int sig_alarm;
-
-static RETSIGTYPE
-sigtimeout(int sig)
-{
-    sig_alarm = 1;
-    SIGRETURN(0);
-}
-
-int ROKEN_LIB_FUNCTION
-wait_for_process_timed(pid_t pid, time_t (*func)(void *), 
-		       void *ptr, time_t timeout)
-{
-    RETSIGTYPE (*old_func)(int sig) = NULL;
-    unsigned int oldtime = 0;
-    int ret;
-
-    sig_alarm = 0;
-
-    if (func) {
-	old_func = signal(SIGALRM, sigtimeout);
-	oldtime = alarm(timeout);
-    }
-
-    while(1) {
-	int status;
-
-	while(waitpid(pid, &status, 0) < 0) {
-	    if (errno != EINTR) {
-		ret = -3;
-		goto out;
-	    }
-	    if (func == NULL)
-		continue;
-	    if (sig_alarm == 0)
-		continue;
-	    timeout = (*func)(ptr);
-	    if (timeout == (time_t)-1) {
-		kill(pid, SIGTERM);
-		continue;
-	    } else if (timeout == (time_t)-2) {
-		ret = -4;
-		goto out;
-	    }
-	    alarm(timeout);
-	}
-	if(WIFSTOPPED(status))
-	    continue;
-	if(WIFEXITED(status)) {
-	    ret = WEXITSTATUS(status);
-	    break;
-	}
-	if(WIFSIGNALED(status)) {
-	    ret = WTERMSIG(status) + 128;
-	    break;
-	}
-    }
- out:
-    if (func) {
-	signal(SIGALRM, old_func);
-	alarm(oldtime);
-    }
-    return ret;
-}
-
-int ROKEN_LIB_FUNCTION
-wait_for_process(pid_t pid)
-{
-    return wait_for_process_timed(pid, NULL, NULL, 0);
-}
-
-int ROKEN_LIB_FUNCTION
-pipe_execv(FILE **stdin_fd, FILE **stdout_fd, FILE **stderr_fd, 
-	   const char *file, ...)
-{
-    int in_fd[2], out_fd[2], err_fd[2];
-    pid_t pid;
-    va_list ap;
-    char **argv;
-
-    if(stdin_fd != NULL)
-	pipe(in_fd);
-    if(stdout_fd != NULL)
-	pipe(out_fd);
-    if(stderr_fd != NULL)
-	pipe(err_fd);
-    pid = fork();
-    switch(pid) {
-    case 0:
-	va_start(ap, file);
-	argv = vstrcollect(&ap);
-	va_end(ap);
-	if(argv == NULL)
-	    exit(-1);
-
-	/* close pipes we're not interested in */
-	if(stdin_fd != NULL)
-	    close(in_fd[1]);
-	if(stdout_fd != NULL)
-	    close(out_fd[0]);
-	if(stderr_fd != NULL)
-	    close(err_fd[0]);
-
-	/* pipe everything caller doesn't care about to /dev/null */
-	if(stdin_fd == NULL)
-	    in_fd[0] = open(_PATH_DEVNULL, O_RDONLY);
-	if(stdout_fd == NULL)
-	    out_fd[1] = open(_PATH_DEVNULL, O_WRONLY);
-	if(stderr_fd == NULL)
-	    err_fd[1] = open(_PATH_DEVNULL, O_WRONLY);
-
-	/* move to proper descriptors */
-	if(in_fd[0] != STDIN_FILENO) {
-	    dup2(in_fd[0], STDIN_FILENO);
-	    close(in_fd[0]);
-	}
-	if(out_fd[1] != STDOUT_FILENO) {
-	    dup2(out_fd[1], STDOUT_FILENO);
-	    close(out_fd[1]);
-	}
-	if(err_fd[1] != STDERR_FILENO) {
-	    dup2(err_fd[1], STDERR_FILENO);
-	    close(err_fd[1]);
-	}
-
-	closefrom(3);
-
-	execv(file, argv);
-	exit((errno == ENOENT) ? EX_NOTFOUND : EX_NOEXEC);
-    case -1:
-	if(stdin_fd != NULL) {
-	    close(in_fd[0]);
-	    close(in_fd[1]);
-	}
-	if(stdout_fd != NULL) {
-	    close(out_fd[0]);
-	    close(out_fd[1]);
-	}
-	if(stderr_fd != NULL) {
-	    close(err_fd[0]);
-	    close(err_fd[1]);
-	}
-	return -2;
-    default:
-	if(stdin_fd != NULL) {
-	    close(in_fd[0]);
-	    *stdin_fd = fdopen(in_fd[1], "w");
-	}
-	if(stdout_fd != NULL) {
-	    close(out_fd[1]);
-	    *stdout_fd = fdopen(out_fd[0], "r");
-	}
-	if(stderr_fd != NULL) {
-	    close(err_fd[1]);
-	    *stderr_fd = fdopen(err_fd[0], "r");
-	}
-    }
-    return pid;
-}
-
-int ROKEN_LIB_FUNCTION
-simple_execvp_timed(const char *file, char *const args[], 
-		    time_t (*func)(void *), void *ptr, time_t timeout)
-{
-    pid_t pid = fork();
-    switch(pid){
-    case -1:
-	return -2;
-    case 0:
-	execvp(file, args);
-	exit((errno == ENOENT) ? EX_NOTFOUND : EX_NOEXEC);
-    default: 
-	return wait_for_process_timed(pid, func, ptr, timeout);
-    }
-}
-
-int ROKEN_LIB_FUNCTION
-simple_execvp(const char *file, char *const args[])
-{
-    return simple_execvp_timed(file, args, NULL, NULL, 0);
-}
-
-/* gee, I'd like a execvpe */
-int ROKEN_LIB_FUNCTION
-simple_execve_timed(const char *file, char *const args[], char *const envp[],
-		    time_t (*func)(void *), void *ptr, time_t timeout)
-{
-    pid_t pid = fork();
-    switch(pid){
-    case -1:
-	return -2;
-    case 0:
-	execve(file, args, envp);
-	exit((errno == ENOENT) ? EX_NOTFOUND : EX_NOEXEC);
-    default: 
-	return wait_for_process_timed(pid, func, ptr, timeout);
-    }
-}
-
-int ROKEN_LIB_FUNCTION
-simple_execve(const char *file, char *const args[], char *const envp[])
-{
-    return simple_execve_timed(file, args, envp, NULL, NULL, 0);
-}
-
-int ROKEN_LIB_FUNCTION
-simple_execlp(const char *file, ...)
-{
-    va_list ap;
-    char **argv;
-    int ret;
-
-    va_start(ap, file);
-    argv = vstrcollect(&ap);
-    va_end(ap);
-    if(argv == NULL)
-	return -1;
-    ret = simple_execvp(file, argv);
-    free(argv);
-    return ret;
-}
-
-int ROKEN_LIB_FUNCTION
-simple_execle(const char *file, ... /* ,char *const envp[] */)
-{
-    va_list ap;
-    char **argv;
-    char *const* envp;
-    int ret;
-
-    va_start(ap, file);
-    argv = vstrcollect(&ap);
-    envp = va_arg(ap, char **);
-    va_end(ap);
-    if(argv == NULL)
-	return -1;
-    ret = simple_execve(file, argv, envp);
-    free(argv);
-    return ret;
-}
-
-int ROKEN_LIB_FUNCTION
-simple_execl(const char *file, ...) 
-{
-    va_list ap;
-    char **argv;
-    int ret;
-
-    va_start(ap, file);
-    argv = vstrcollect(&ap);
-    va_end(ap);
-    if(argv == NULL)
-	return -1;
-    ret = simple_execve(file, argv, environ);
-    free(argv);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/snprintf-test.c b/crypto/heimdal/lib/roken/snprintf-test.c
deleted file mode 100644
index 047d54b63ffd..000000000000
--- a/crypto/heimdal/lib/roken/snprintf-test.c
+++ /dev/null
@@ -1,269 +0,0 @@
-/*
- * Copyright (c) 2000 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "snprintf-test.h"
-#include "roken.h"
-#include <limits.h>
-
-RCSID("$Id: snprintf-test.c 21627 2007-07-17 10:53:17Z lha $");
-
-static int
-try (const char *format, ...)
-{
-    int ret;
-    va_list ap;
-    char buf1[256], buf2[256];
-
-    va_start (ap, format);
-    ret = vsnprintf (buf1, sizeof(buf1), format, ap);
-    if (ret >= sizeof(buf1))
-	errx (1, "increase buf and try again");
-    va_end (ap);
-    va_start (ap, format);
-    vsprintf (buf2, format, ap);
-    ret = strcmp (buf1, buf2);
-    if (ret)
-	printf ("failed: format = \"%s\", \"%s\" != \"%s\"\n",
-		format, buf1, buf2);
-    va_end (ap);
-    return ret;
-}
-
-static int
-cmp_with_sprintf_int (void)
-{
-    int tot = 0;
-    int int_values[] = {INT_MIN, -17, -1, 0, 1, 17, 4711, 65535, INT_MAX};
-    int i;
-
-    for (i = 0; i < sizeof(int_values) / sizeof(int_values[0]); ++i) {
-	tot += try ("%d", int_values[i]);
-	tot += try ("%x", int_values[i]);
-	tot += try ("%X", int_values[i]);
-	tot += try ("%o", int_values[i]);
-	tot += try ("%#x", int_values[i]);
-	tot += try ("%#X", int_values[i]);
-	tot += try ("%#o", int_values[i]);
-	tot += try ("%10d", int_values[i]);
-	tot += try ("%10x", int_values[i]);
-	tot += try ("%10X", int_values[i]);
-	tot += try ("%10o", int_values[i]);
-	tot += try ("%#10x", int_values[i]);
-	tot += try ("%#10X", int_values[i]);
-	tot += try ("%#10o", int_values[i]);
-	tot += try ("%-10d", int_values[i]);
-	tot += try ("%-10x", int_values[i]);
-	tot += try ("%-10X", int_values[i]);
-	tot += try ("%-10o", int_values[i]);
-	tot += try ("%-#10x", int_values[i]);
-	tot += try ("%-#10X", int_values[i]);
-	tot += try ("%-#10o", int_values[i]);
-    }
-    return tot;
-}
-
-static int
-cmp_with_sprintf_long (void)
-{
-    int tot = 0;
-    long long_values[] = {LONG_MIN, -17, -1, 0, 1, 17, 4711, 65535, LONG_MAX};
-    int i;
-
-    for (i = 0; i < sizeof(long_values) / sizeof(long_values[0]); ++i) {
-	tot += try ("%ld", long_values[i]);
-	tot += try ("%lx", long_values[i]);
-	tot += try ("%lX", long_values[i]);
-	tot += try ("%lo", long_values[i]);
-	tot += try ("%#lx", long_values[i]);
-	tot += try ("%#lX", long_values[i]);
-	tot += try ("%#lo", long_values[i]);
-	tot += try ("%10ld", long_values[i]);
-	tot += try ("%10lx", long_values[i]);
-	tot += try ("%10lX", long_values[i]);
-	tot += try ("%10lo", long_values[i]);
-	tot += try ("%#10lx", long_values[i]);
-	tot += try ("%#10lX", long_values[i]);
-	tot += try ("%#10lo", long_values[i]);
-	tot += try ("%-10ld", long_values[i]);
-	tot += try ("%-10lx", long_values[i]);
-	tot += try ("%-10lX", long_values[i]);
-	tot += try ("%-10lo", long_values[i]);
-	tot += try ("%-#10lx", long_values[i]);
-	tot += try ("%-#10lX", long_values[i]);
-	tot += try ("%-#10lo", long_values[i]);
-    }
-    return tot;
-}
-
-#ifdef HAVE_LONG_LONG
-
-/* XXX doesn't work as expected on lp64 platforms with sizeof(long
- * long) == sizeof(long) */
-
-static int
-cmp_with_sprintf_long_long (void)
-{
-    int tot = 0;
-    long long long_long_values[] = {
-	((long long)LONG_MIN) -1, LONG_MIN, -17, -1,
-	0,
-	1, 17, 4711, 65535, LONG_MAX, ((long long)LONG_MAX) + 1};
-    int i;
-
-    for (i = 0; i < sizeof(long_long_values) / sizeof(long_long_values[0]); ++i) {
-	tot += try ("%lld", long_long_values[i]);
-	tot += try ("%llx", long_long_values[i]);
-	tot += try ("%llX", long_long_values[i]);
-	tot += try ("%llo", long_long_values[i]);
-	tot += try ("%#llx", long_long_values[i]);
-	tot += try ("%#llX", long_long_values[i]);
-	tot += try ("%#llo", long_long_values[i]);
-	tot += try ("%10lld", long_long_values[i]);
-	tot += try ("%10llx", long_long_values[i]);
-	tot += try ("%10llX", long_long_values[i]);
-	tot += try ("%10llo", long_long_values[i]);
-	tot += try ("%#10llx", long_long_values[i]);
-	tot += try ("%#10llX", long_long_values[i]);
-	tot += try ("%#10llo", long_long_values[i]);
-	tot += try ("%-10lld", long_long_values[i]);
-	tot += try ("%-10llx", long_long_values[i]);
-	tot += try ("%-10llX", long_long_values[i]);
-	tot += try ("%-10llo", long_long_values[i]);
-	tot += try ("%-#10llx", long_long_values[i]);
-	tot += try ("%-#10llX", long_long_values[i]);
-	tot += try ("%-#10llo", long_long_values[i]);
-    }
-    return tot;
-}
-
-#endif
-
-#if 0
-static int
-cmp_with_sprintf_float (void)
-{
-    int tot = 0;
-    double double_values[] = {-99999, -999, -17.4, -4.3, -3.0, -1.5, -1,
-			      0, 0.1, 0.2342374852, 0.2340007,
-			      3.1415926, 14.7845, 34.24758, 9999, 9999999};
-    int i;
-
-    for (i = 0; i < sizeof(double_values) / sizeof(double_values[0]); ++i) {
-	tot += try ("%f", double_values[i]);
-	tot += try ("%10f", double_values[i]);
-	tot += try ("%.2f", double_values[i]);
-	tot += try ("%7.0f", double_values[i]);
-	tot += try ("%5.2f", double_values[i]);
-	tot += try ("%0f", double_values[i]);
-	tot += try ("%#f", double_values[i]);
-	tot += try ("%e", double_values[i]);
-	tot += try ("%10e", double_values[i]);
-	tot += try ("%.2e", double_values[i]);
-	tot += try ("%7.0e", double_values[i]);
-	tot += try ("%5.2e", double_values[i]);
-	tot += try ("%0e", double_values[i]);
-	tot += try ("%#e", double_values[i]);
-	tot += try ("%E", double_values[i]);
-	tot += try ("%10E", double_values[i]);
-	tot += try ("%.2E", double_values[i]);
-	tot += try ("%7.0E", double_values[i]);
-	tot += try ("%5.2E", double_values[i]);
-	tot += try ("%0E", double_values[i]);
-	tot += try ("%#E", double_values[i]);
-	tot += try ("%g", double_values[i]);
-	tot += try ("%10g", double_values[i]);
-	tot += try ("%.2g", double_values[i]);
-	tot += try ("%7.0g", double_values[i]);
-	tot += try ("%5.2g", double_values[i]);
-	tot += try ("%0g", double_values[i]);
-	tot += try ("%#g", double_values[i]);
-	tot += try ("%G", double_values[i]);
-	tot += try ("%10G", double_values[i]);
-	tot += try ("%.2G", double_values[i]);
-	tot += try ("%7.0G", double_values[i]);
-	tot += try ("%5.2G", double_values[i]);
-	tot += try ("%0G", double_values[i]);
-	tot += try ("%#G", double_values[i]);
-    }
-    return tot;
-}
-#endif
-
-static int
-test_null (void)
-{
-    return snprintf (NULL, 0, "foo") != 3;
-}
-
-static int
-test_sizet (void)
-{
-    int tot = 0;
-    size_t sizet_values[] = { 0, 1, 2, 200, 4294967295u }; /* SIZE_MAX */
-    char *result[] = { "0", "1", "2", "200", "4294967295" };
-    int i;
-
-    for (i = 0; i < sizeof(sizet_values) / sizeof(sizet_values[0]); ++i) {
-#if 0
-	tot += try("%zu", sizet_values[i]);
-	tot += try("%zx", sizet_values[i]);
-	tot += try("%zX", sizet_values[i]);
-#else
-	char buf[256];
-	snprintf(buf, sizeof(buf), "%zu", sizet_values[i]);
-	if (strcmp(buf, result[i]) != 0) {
-	    printf("%s != %s", buf, result[i]);
-	    tot++;
-	}
-#endif
-    }
-    return tot;
-}
-
-
-int
-main (int argc, char **argv)
-{
-    int ret = 0;
-
-    ret += cmp_with_sprintf_int ();
-    ret += cmp_with_sprintf_long ();
-#ifdef HAVE_LONG_LONG
-    ret += cmp_with_sprintf_long_long ();
-#endif
-    ret += test_null ();
-    ret += test_sizet ();
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/snprintf-test.h b/crypto/heimdal/lib/roken/snprintf-test.h
deleted file mode 100644
index d672873679bc..000000000000
--- a/crypto/heimdal/lib/roken/snprintf-test.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright (c) 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/* $Id: snprintf-test.h 10377 2001-07-19 18:39:14Z assar $ */
-
-#ifndef __SNPRINTF_TEST_H__
-#define __SNPRINTF_TEST_H__
-
-/*
- * we cannot use the real names of the functions when testing, since
- * they might have different prototypes as the system functions, hence
- * these evil hacks
- */
-
-#define snprintf test_snprintf
-#define asprintf test_asprintf
-#define asnprintf test_asnprintf
-#define vasprintf test_vasprintf
-#define vasnprintf test_vasnprintf
-#define vsnprintf test_vsnprintf
-
-#endif /* __SNPRINTF_TEST_H__ */
diff --git a/crypto/heimdal/lib/roken/snprintf.c b/crypto/heimdal/lib/roken/snprintf.c
deleted file mode 100644
index 6b3352f96b89..000000000000
--- a/crypto/heimdal/lib/roken/snprintf.c
+++ /dev/null
@@ -1,702 +0,0 @@
-/*
- * Copyright (c) 1995-2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: snprintf.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-#if defined(TEST_SNPRINTF)
-#include "snprintf-test.h"
-#endif /* TEST_SNPRINTF */
-#include <stdio.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#include "roken.h"
-#include <assert.h>
-
-enum format_flags {
-    minus_flag     =  1,
-    plus_flag      =  2,
-    space_flag     =  4,
-    alternate_flag =  8,
-    zero_flag      = 16
-};
-
-/*
- * Common state
- */
-
-struct snprintf_state {
-    unsigned char *str;
-    unsigned char *s;
-    unsigned char *theend;
-    size_t sz;
-    size_t max_sz;
-    void (*append_char)(struct snprintf_state *, unsigned char);
-    /* XXX - methods */
-};
-
-#if !defined(HAVE_VSNPRINTF) || defined(TEST_SNPRINTF)
-static int
-sn_reserve (struct snprintf_state *state, size_t n)
-{
-    return state->s + n > state->theend;
-}
-
-static void
-sn_append_char (struct snprintf_state *state, unsigned char c)
-{
-    if (!sn_reserve (state, 1))
-	*state->s++ = c;
-}
-#endif
-
-static int
-as_reserve (struct snprintf_state *state, size_t n)
-{
-    if (state->s + n > state->theend) {
-	int off = state->s - state->str;
-	unsigned char *tmp;
-
-	if (state->max_sz && state->sz >= state->max_sz)
-	    return 1;
-
-	state->sz = max(state->sz * 2, state->sz + n);
-	if (state->max_sz)
-	    state->sz = min(state->sz, state->max_sz);
-	tmp = realloc (state->str, state->sz);
-	if (tmp == NULL)
-	    return 1;
-	state->str = tmp;
-	state->s = state->str + off;
-	state->theend = state->str + state->sz - 1;
-    }
-    return 0;
-}
-
-static void
-as_append_char (struct snprintf_state *state, unsigned char c)
-{
-    if(!as_reserve (state, 1))
-	*state->s++ = c;
-}
-
-/* longest integer types */
-
-#ifdef HAVE_LONG_LONG
-typedef unsigned long long u_longest;
-typedef long long longest;
-#else
-typedef unsigned long u_longest;
-typedef long longest;
-#endif
-
-
-
-static int
-pad(struct snprintf_state *state, int width, char c)
-{
-    int len = 0;
-    while(width-- > 0){
-	(*state->append_char)(state,  c);
-	++len;
-    }
-    return len;
-}
-
-/* return true if we should use alternatve hex form */
-static int
-use_alternative (int flags, u_longest num, unsigned base)
-{
-    return (flags & alternate_flag) && base == 16 && num != 0;
-}
-
-static int
-append_number(struct snprintf_state *state,
-	      u_longest num, unsigned base, const char *rep,
-	      int width, int prec, int flags, int minusp)
-{
-    int len = 0;
-    u_longest n = num;
-    char nstr[64]; /* enough for <192 bit octal integers */
-    int nstart, nlen;
-    char signchar;
-
-    /* given precision, ignore zero flag */
-    if(prec != -1)
-	flags &= ~zero_flag;
-    else
-	prec = 1;
-
-    /* format number as string */
-    nstart = sizeof(nstr);
-    nlen = 0;
-    nstr[--nstart] = '\0';
-    do {
-	assert(nstart > 0);
-	nstr[--nstart] = rep[n % base];
-	++nlen;
-	n /= base;
-    } while(n);
-
-    /* zero value with zero precision should produce no digits */
-    if(prec == 0 && num == 0) {
-	nlen--;
-	nstart++;
-    }
-
-    /* figure out what char to use for sign */
-    if(minusp)
-	signchar = '-';
-    else if((flags & plus_flag))
-	signchar = '+';
-    else if((flags & space_flag))
-	signchar = ' ';
-    else
-	signchar = '\0';
-    
-    if((flags & alternate_flag) && base == 8) {
-	/* if necessary, increase the precision to 
-	   make first digit a zero */
-
-	/* XXX C99 claims (regarding # and %o) that "if the value and
-           precision are both 0, a single 0 is printed", but there is
-           no such wording for %x. This would mean that %#.o would
-           output "0", but %#.x "". This does not make sense, and is
-           also not what other printf implementations are doing. */
-	
-	if(prec <= nlen && nstr[nstart] != '0' && nstr[nstart] != '\0')
-	    prec = nlen + 1;
-    }
-
-    /* possible formats:
-       pad | sign | alt | zero | digits
-       sign | alt | zero | digits | pad   minus_flag
-       sign | alt | zero | digits zero_flag */
-
-    /* if not right justifying or padding with zeros, we need to
-       compute the length of the rest of the string, and then pad with
-       spaces */
-    if(!(flags & (minus_flag | zero_flag))) {
-	if(prec > nlen)
-	    width -= prec;
-	else
-	    width -= nlen;
-	
-	if(use_alternative(flags, num, base))
-	    width -= 2;
-	
-	if(signchar != '\0')
-	    width--;
-	
-	/* pad to width */
-	len += pad(state, width, ' ');
-    }
-    if(signchar != '\0') {
-	(*state->append_char)(state, signchar);
-	++len;
-    }
-    if(use_alternative(flags, num, base)) {
-	(*state->append_char)(state, '0');
-	(*state->append_char)(state, rep[10] + 23); /* XXX */
-	len += 2;
-    }
-    if(flags & zero_flag) {
-	/* pad to width with zeros */
-	if(prec - nlen > width - len - nlen)
-	    len += pad(state, prec - nlen, '0');
-	else
-	    len += pad(state, width - len - nlen, '0');
-    } else
-	/* pad to prec with zeros */
-	len += pad(state, prec - nlen, '0');
-	
-    while(nstr[nstart] != '\0') {
-	(*state->append_char)(state, nstr[nstart++]);
-	++len;
-    }
-	
-    if(flags & minus_flag)
-	len += pad(state, width - len, ' ');
-
-    return len;
-}
-
-/*
- * return length
- */
-
-static int
-append_string (struct snprintf_state *state,
-	       const unsigned char *arg,
-	       int width,
-	       int prec,
-	       int flags)
-{
-    int len = 0;
-
-    if(arg == NULL)
-	arg = (const unsigned char*)"(null)";
-
-    if(prec != -1)
-	width -= prec;
-    else
-	width -= strlen((const char *)arg);
-    if(!(flags & minus_flag))
-	len += pad(state, width, ' ');
-
-    if (prec != -1) {
-	while (*arg && prec--) {
-	    (*state->append_char) (state, *arg++);
-	    ++len;
-	}
-    } else {
-	while (*arg) {
-	    (*state->append_char) (state, *arg++);
-	    ++len;
-	}
-    }
-    if(flags & minus_flag)
-	len += pad(state, width, ' ');
-    return len;
-}
-
-static int
-append_char(struct snprintf_state *state,
-	    unsigned char arg,
-	    int width,
-	    int flags)
-{
-    int len = 0;
-
-    while(!(flags & minus_flag) && --width > 0) {
-	(*state->append_char) (state, ' ')    ;
-	++len;
-    }
-    (*state->append_char) (state, arg);
-    ++len;
-    while((flags & minus_flag) && --width > 0) {
-	(*state->append_char) (state, ' ');
-	++len;
-    }
-    return 0;
-}
-
-/*
- * This can't be made into a function...
- */
-
-#ifdef HAVE_LONG_LONG
-
-#define PARSE_INT_FORMAT(res, arg, unsig) \
-if (long_long_flag) \
-     res = (unsig long long)va_arg(arg, unsig long long); \
-else if (long_flag) \
-     res = (unsig long)va_arg(arg, unsig long); \
-else if (size_t_flag) \
-     res = (unsig long)va_arg(arg, size_t); \
-else if (short_flag) \
-     res = (unsig short)va_arg(arg, unsig int); \
-else \
-     res = (unsig int)va_arg(arg, unsig int)
-
-#else
-
-#define PARSE_INT_FORMAT(res, arg, unsig) \
-if (long_flag) \
-     res = (unsig long)va_arg(arg, unsig long); \
-else if (size_t_flag) \
-     res = (unsig long)va_arg(arg, size_t); \
-else if (short_flag) \
-     res = (unsig short)va_arg(arg, unsig int); \
-else \
-     res = (unsig int)va_arg(arg, unsig int)
-
-#endif
-
-/*
- * zyxprintf - return length, as snprintf
- */
-
-static int
-xyzprintf (struct snprintf_state *state, const char *char_format, va_list ap)
-{
-    const unsigned char *format = (const unsigned char *)char_format;
-    unsigned char c;
-    int len = 0;
-
-    while((c = *format++)) {
-	if (c == '%') {
-	    int flags          = 0;
-	    int width          = 0;
-	    int prec           = -1;
-	    int size_t_flag    = 0;
-	    int long_long_flag = 0;
-	    int long_flag      = 0;
-	    int short_flag     = 0;
-
-	    /* flags */
-	    while((c = *format++)){
-		if(c == '-')
-		    flags |= minus_flag;
-		else if(c == '+')
-		    flags |= plus_flag;
-		else if(c == ' ')
-		    flags |= space_flag;
-		else if(c == '#')
-		    flags |= alternate_flag;
-		else if(c == '0')
-		    flags |= zero_flag;
-		else if(c == '\'')
-		    ; /* just ignore */
-		else
-		    break;
-	    }
-      
-	    if((flags & space_flag) && (flags & plus_flag))
-		flags ^= space_flag;
-
-	    if((flags & minus_flag) && (flags & zero_flag))
-		flags ^= zero_flag;
-
-	    /* width */
-	    if (isdigit(c))
-		do {
-		    width = width * 10 + c - '0';
-		    c = *format++;
-		} while(isdigit(c));
-	    else if(c == '*') {
-		width = va_arg(ap, int);
-		c = *format++;
-	    }
-
-	    /* precision */
-	    if (c == '.') {
-		prec = 0;
-		c = *format++;
-		if (isdigit(c))
-		    do {
-			prec = prec * 10 + c - '0';
-			c = *format++;
-		    } while(isdigit(c));
-		else if (c == '*') {
-		    prec = va_arg(ap, int);
-		    c = *format++;
-		}
-	    }
-
-	    /* size */
-
-	    if (c == 'h') {
-		short_flag = 1;
-		c = *format++;
-	    } else if (c == 'z') {
-		size_t_flag = 1;
-		c = *format++;
-	    } else if (c == 'l') {
-		long_flag = 1;
-		c = *format++;
-		if (c == 'l') {
-		    long_long_flag = 1;
-		    c = *format++;
-		}
-	    }
-
-	    if(c != 'd' && c != 'i')
-		flags &= ~(plus_flag | space_flag);
-
-	    switch (c) {
-	    case 'c' :
-		append_char(state, va_arg(ap, int), width, flags);
-		++len;
-		break;
-	    case 's' :
-		len += append_string(state,
-				     va_arg(ap, unsigned char*),
-				     width,
-				     prec, 
-				     flags);
-		break;
-	    case 'd' :
-	    case 'i' : {
-		longest arg;
-		u_longest num;
-		int minusp = 0;
-
-		PARSE_INT_FORMAT(arg, ap, signed);
-
-		if (arg < 0) {
-		    minusp = 1;
-		    num = -arg;
-		} else
-		    num = arg;
-
-		len += append_number (state, num, 10, "0123456789",
-				      width, prec, flags, minusp);
-		break;
-	    }
-	    case 'u' : {
-		u_longest arg;
-
-		PARSE_INT_FORMAT(arg, ap, unsigned);
-
-		len += append_number (state, arg, 10, "0123456789",
-				      width, prec, flags, 0);
-		break;
-	    }
-	    case 'o' : {
-		u_longest arg;
-
-		PARSE_INT_FORMAT(arg, ap, unsigned);
-
-		len += append_number (state, arg, 010, "01234567",
-				      width, prec, flags, 0);
-		break;
-	    }
-	    case 'x' : {
-		u_longest arg;
-
-		PARSE_INT_FORMAT(arg, ap, unsigned);
-
-		len += append_number (state, arg, 0x10, "0123456789abcdef",
-				      width, prec, flags, 0);
-		break;
-	    }
-	    case 'X' :{
-		u_longest arg;
-
-		PARSE_INT_FORMAT(arg, ap, unsigned);
-
-		len += append_number (state, arg, 0x10, "0123456789ABCDEF",
-				      width, prec, flags, 0);
-		break;
-	    }
-	    case 'p' : {
-		unsigned long arg = (unsigned long)va_arg(ap, void*);
-
-		len += append_number (state, arg, 0x10, "0123456789ABCDEF",
-				      width, prec, flags, 0);
-		break;
-	    }
-	    case 'n' : {
-		int *arg = va_arg(ap, int*);
-		*arg = state->s - state->str;
-		break;
-	    }
-	    case '\0' :
-		--format;
-		/* FALLTHROUGH */
-	    case '%' :
-		(*state->append_char)(state, c);
-		++len;
-		break;
-	    default :
-		(*state->append_char)(state, '%');
-		(*state->append_char)(state, c);
-		len += 2;
-		break;
-	    }
-	} else {
-	    (*state->append_char) (state, c);
-	    ++len;
-	}
-    }
-    return len;
-}
-
-#if !defined(HAVE_SNPRINTF) || defined(TEST_SNPRINTF)
-int ROKEN_LIB_FUNCTION
-snprintf (char *str, size_t sz, const char *format, ...)
-{
-    va_list args;
-    int ret;
-
-    va_start(args, format);
-    ret = vsnprintf (str, sz, format, args);
-    va_end(args);
-
-#ifdef PARANOIA
-    {
-	int ret2;
-	char *tmp;
-
-	tmp = malloc (sz);
-	if (tmp == NULL)
-	    abort ();
-
-	va_start(args, format);
-	ret2 = vsprintf (tmp, format, args);
-	va_end(args);
-	if (ret != ret2 || strcmp(str, tmp))
-	    abort ();
-	free (tmp);
-    }
-#endif
-
-    return ret;
-}
-#endif
-
-#if !defined(HAVE_ASPRINTF) || defined(TEST_SNPRINTF)
-int ROKEN_LIB_FUNCTION
-asprintf (char **ret, const char *format, ...)
-{
-    va_list args;
-    int val;
-
-    va_start(args, format);
-    val = vasprintf (ret, format, args);
-    va_end(args);
-
-#ifdef PARANOIA
-    {
-	int ret2;
-	char *tmp;
-	tmp = malloc (val + 1);
-	if (tmp == NULL)
-	    abort ();
-
-	va_start(args, format);
-	ret2 = vsprintf (tmp, format, args);
-	va_end(args);
-	if (val != ret2 || strcmp(*ret, tmp))
-	    abort ();
-	free (tmp);
-    }
-#endif
-
-    return val;
-}
-#endif
-
-#if !defined(HAVE_ASNPRINTF) || defined(TEST_SNPRINTF)
-int ROKEN_LIB_FUNCTION
-asnprintf (char **ret, size_t max_sz, const char *format, ...)
-{
-    va_list args;
-    int val;
-
-    va_start(args, format);
-    val = vasnprintf (ret, max_sz, format, args);
-
-#ifdef PARANOIA
-    {
-	int ret2;
-	char *tmp;
-	tmp = malloc (val + 1);
-	if (tmp == NULL)
-	    abort ();
-
-	ret2 = vsprintf (tmp, format, args);
-	if (val != ret2 || strcmp(*ret, tmp))
-	    abort ();
-	free (tmp);
-    }
-#endif
-
-    va_end(args);
-    return val;
-}
-#endif
-
-#if !defined(HAVE_VASPRINTF) || defined(TEST_SNPRINTF)
-int ROKEN_LIB_FUNCTION
-vasprintf (char **ret, const char *format, va_list args)
-{
-    return vasnprintf (ret, 0, format, args);
-}
-#endif
-
-
-#if !defined(HAVE_VASNPRINTF) || defined(TEST_SNPRINTF)
-int ROKEN_LIB_FUNCTION
-vasnprintf (char **ret, size_t max_sz, const char *format, va_list args)
-{
-    int st;
-    struct snprintf_state state;
-
-    state.max_sz = max_sz;
-    state.sz     = 1;
-    state.str    = malloc(state.sz);
-    if (state.str == NULL) {
-	*ret = NULL;
-	return -1;
-    }
-    state.s = state.str;
-    state.theend = state.s + state.sz - 1;
-    state.append_char = as_append_char;
-
-    st = xyzprintf (&state, format, args);
-    if (st > state.sz) {
-	free (state.str);
-	*ret = NULL;
-	return -1;
-    } else {
-	char *tmp;
-
-	*state.s = '\0';
-	tmp = realloc (state.str, st+1);
-	if (tmp == NULL) {
-	    free (state.str);
-	    *ret = NULL;
-	    return -1;
-	}
-	*ret = tmp;
-	return st;
-    }
-}
-#endif
-
-#if !defined(HAVE_VSNPRINTF) || defined(TEST_SNPRINTF)
-int ROKEN_LIB_FUNCTION
-vsnprintf (char *str, size_t sz, const char *format, va_list args)
-{
-    struct snprintf_state state;
-    int ret;
-    unsigned char *ustr = (unsigned char *)str;
-
-    state.max_sz = 0;
-    state.sz     = sz;
-    state.str    = ustr;
-    state.s      = ustr;
-    state.theend = ustr + sz - (sz > 0);
-    state.append_char = sn_append_char;
-
-    ret = xyzprintf (&state, format, args);
-    if (state.s != NULL && sz != 0)
-	*state.s = '\0';
-    return ret;
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/socket.c b/crypto/heimdal/lib/roken/socket.c
deleted file mode 100644
index a82dd0186c92..000000000000
--- a/crypto/heimdal/lib/roken/socket.c
+++ /dev/null
@@ -1,302 +0,0 @@
-/*
- * Copyright (c) 1999 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: socket.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#include "roken.h"
-#include <err.h>
-
-/*
- * Set `sa' to the unitialized address of address family `af'
- */
-
-void ROKEN_LIB_FUNCTION
-socket_set_any (struct sockaddr *sa, int af)
-{
-    switch (af) {
-    case AF_INET : {
-	struct sockaddr_in *sin4 = (struct sockaddr_in *)sa;
-
-	memset (sin4, 0, sizeof(*sin4));
-	sin4->sin_family = AF_INET;
-	sin4->sin_port   = 0;
-	sin4->sin_addr.s_addr = INADDR_ANY;
-	break;
-    }
-#ifdef HAVE_IPV6
-    case AF_INET6 : {
-	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
-
-	memset (sin6, 0, sizeof(*sin6));
-	sin6->sin6_family = AF_INET6;
-	sin6->sin6_port   = 0;
-	sin6->sin6_addr   = in6addr_any;
-	break;
-    }
-#endif
-    default :
-	errx (1, "unknown address family %d", sa->sa_family);
-	break;
-    }
-}
-
-/*
- * set `sa' to (`ptr', `port')
- */
-
-void ROKEN_LIB_FUNCTION
-socket_set_address_and_port (struct sockaddr *sa, const void *ptr, int port)
-{
-    switch (sa->sa_family) {
-    case AF_INET : {
-	struct sockaddr_in *sin4 = (struct sockaddr_in *)sa;
-
-	memset (sin4, 0, sizeof(*sin4));
-	sin4->sin_family = AF_INET;
-	sin4->sin_port   = port;
-	memcpy (&sin4->sin_addr, ptr, sizeof(struct in_addr));
-	break;
-    }
-#ifdef HAVE_IPV6
-    case AF_INET6 : {
-	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
-
-	memset (sin6, 0, sizeof(*sin6));
-	sin6->sin6_family = AF_INET6;
-	sin6->sin6_port   = port;
-	memcpy (&sin6->sin6_addr, ptr, sizeof(struct in6_addr));
-	break;
-    }
-#endif
-    default :
-	errx (1, "unknown address family %d", sa->sa_family);
-	break;
-    }
-}
-
-/*
- * Return the size of an address of the type in `sa'
- */
-
-size_t ROKEN_LIB_FUNCTION
-socket_addr_size (const struct sockaddr *sa)
-{
-    switch (sa->sa_family) {
-    case AF_INET :
-	return sizeof(struct in_addr);
-#ifdef HAVE_IPV6
-    case AF_INET6 :
-	return sizeof(struct in6_addr);
-#endif
-    default :
-	errx (1, "unknown address family %d", sa->sa_family);
-	break;
-    }
-}
-
-/*
- * Return the size of a `struct sockaddr' in `sa'.
- */
-
-size_t ROKEN_LIB_FUNCTION
-socket_sockaddr_size (const struct sockaddr *sa)
-{
-    switch (sa->sa_family) {
-    case AF_INET :
-	return sizeof(struct sockaddr_in);
-#ifdef HAVE_IPV6
-    case AF_INET6 :
-	return sizeof(struct sockaddr_in6);
-#endif
-    default :
-	errx (1, "unknown address family %d", sa->sa_family);
-	break;
-    }
-}
-
-/*
- * Return the binary address of `sa'.
- */
-
-void * ROKEN_LIB_FUNCTION
-socket_get_address (struct sockaddr *sa)
-{
-    switch (sa->sa_family) {
-    case AF_INET : {
-	struct sockaddr_in *sin4 = (struct sockaddr_in *)sa;
-	return &sin4->sin_addr;
-    }
-#ifdef HAVE_IPV6
-    case AF_INET6 : {
-	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
-	return &sin6->sin6_addr;
-    }
-#endif
-    default :
-	errx (1, "unknown address family %d", sa->sa_family);
-	break;
-    }
-}
-
-/*
- * Return the port number from `sa'.
- */
-
-int ROKEN_LIB_FUNCTION
-socket_get_port (const struct sockaddr *sa)
-{
-    switch (sa->sa_family) {
-    case AF_INET : {
-	const struct sockaddr_in *sin4 = (const struct sockaddr_in *)sa;
-	return sin4->sin_port;
-    }
-#ifdef HAVE_IPV6
-    case AF_INET6 : {
-	const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa;
-	return sin6->sin6_port;
-    }
-#endif
-    default :
-	errx (1, "unknown address family %d", sa->sa_family);
-	break;
-    }
-}
-
-/*
- * Set the port in `sa' to `port'.
- */
-
-void ROKEN_LIB_FUNCTION
-socket_set_port (struct sockaddr *sa, int port)
-{
-    switch (sa->sa_family) {
-    case AF_INET : {
-	struct sockaddr_in *sin4 = (struct sockaddr_in *)sa;
-	sin4->sin_port = port;
-	break;
-    }
-#ifdef HAVE_IPV6
-    case AF_INET6 : {
-	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
-	sin6->sin6_port = port;
-	break;
-    }
-#endif
-    default :
-	errx (1, "unknown address family %d", sa->sa_family);
-	break;
-    }
-}
-
-/*
- * Set the range of ports to use when binding with port = 0.
- */
-void ROKEN_LIB_FUNCTION
-socket_set_portrange (int sock, int restr, int af)
-{
-#if defined(IP_PORTRANGE)
-	if (af == AF_INET) {
-		int on = restr ? IP_PORTRANGE_HIGH : IP_PORTRANGE_DEFAULT;
-		if (setsockopt (sock, IPPROTO_IP, IP_PORTRANGE, &on,
-		    sizeof(on)) < 0)
-			warn ("setsockopt IP_PORTRANGE (ignored)");
-	}
-#endif
-#if defined(IPV6_PORTRANGE)
-	if (af == AF_INET6) {
-		int on = restr ? IPV6_PORTRANGE_HIGH : 
-		    IPV6_PORTRANGE_DEFAULT;
-		if (setsockopt (sock, IPPROTO_IPV6, IPV6_PORTRANGE, &on,
-		    sizeof(on)) < 0)
-			warn ("setsockopt IPV6_PORTRANGE (ignored)");
-	}
-#endif
-}
-	
-/*
- * Enable debug on `sock'.
- */
-
-void ROKEN_LIB_FUNCTION
-socket_set_debug (int sock)
-{
-#if defined(SO_DEBUG) && defined(HAVE_SETSOCKOPT)
-    int on = 1;
-
-    if (setsockopt (sock, SOL_SOCKET, SO_DEBUG, (void *) &on, sizeof (on)) < 0)
-	warn ("setsockopt SO_DEBUG (ignored)");
-#endif
-}
-
-/*
- * Set the type-of-service of `sock' to `tos'.
- */
-
-void ROKEN_LIB_FUNCTION
-socket_set_tos (int sock, int tos)
-{
-#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
-    if (setsockopt (sock, IPPROTO_IP, IP_TOS, (void *) &tos, sizeof (int)) < 0)
-	if (errno != EINVAL)
-	    warn ("setsockopt TOS (ignored)");
-#endif
-}
-
-/*
- * set the reuse of addresses on `sock' to `val'.
- */
-
-void ROKEN_LIB_FUNCTION
-socket_set_reuseaddr (int sock, int val)
-{
-#if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT)
-    if(setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&val,
-		  sizeof(val)) < 0)
-	err (1, "setsockopt SO_REUSEADDR");
-#endif
-}
-
-/*
- * Set the that the `sock' should bind to only IPv6 addresses.
- */
-
-void ROKEN_LIB_FUNCTION
-socket_set_ipv6only (int sock, int val)
-{
-#if defined(IPV6_V6ONLY) && defined(HAVE_SETSOCKOPT)
-    setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&val, sizeof(val));
-#endif
-}
diff --git a/crypto/heimdal/lib/roken/socket_wrapper.c b/crypto/heimdal/lib/roken/socket_wrapper.c
deleted file mode 100644
index 9e6bfdd09811..000000000000
--- a/crypto/heimdal/lib/roken/socket_wrapper.c
+++ /dev/null
@@ -1,1913 +0,0 @@
-/*
- * Copyright (C) Jelmer Vernooij 2005 <jelmer@samba.org>
- * Copyright (C) Stefan Metzmacher 2006 <metze@samba.org>
- *
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the author nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- */
-
-/*
-   Socket wrapper library. Passes all socket communication over
-   unix domain sockets if the environment variable SOCKET_WRAPPER_DIR
-   is set.
-*/
-
-#define SOCKET_WRAPPER_NOT_REPLACE
-
-#ifdef _SAMBA_BUILD_
-
-#include "includes.h"
-#include "system/network.h"
-#include "system/filesys.h"
-
-#ifdef malloc
-#undef malloc
-#endif
-#ifdef calloc
-#undef calloc
-#endif
-#ifdef strdup
-#undef strdup
-#endif
-
-#else /* _SAMBA_BUILD_ */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#undef SOCKET_WRAPPER_REPLACE
-
-#include <sys/types.h>
-#ifdef TIME_WITH_SYS_TIME
-#include <sys/time.h>
-#include <time.h>
-#elif defined(HAVE_SYS_TIME_H)
-#include <sys/time.h>
-#else
-#include <time.h>
-#endif
-#include <sys/stat.h>
-#include <sys/socket.h>
-#include <sys/ioctl.h>
-#ifdef HAVE_SYS_FILIO_H
-#include <sys/filio.h>
-#endif
-#include <errno.h>
-#include <sys/un.h>
-#include <netinet/in.h>
-#include <netinet/tcp.h>
-#include <fcntl.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <string.h>
-#include <stdio.h>
-#include "roken.h"
-
-#include "socket_wrapper.h"
-
-#define HAVE_GETTIMEOFDAY_TZ 1
-
-#define _PUBLIC_
-
-#endif
-
-#define SWRAP_DLIST_ADD(list,item) do { \
-	if (!(list)) { \
-		(item)->prev	= NULL; \
-		(item)->next	= NULL; \
-		(list)		= (item); \
-	} else { \
-		(item)->prev	= NULL; \
-		(item)->next	= (list); \
-		(list)->prev	= (item); \
-		(list)		= (item); \
-	} \
-} while (0)
-
-#define SWRAP_DLIST_REMOVE(list,item) do { \
-	if ((list) == (item)) { \
-		(list)		= (item)->next; \
-		if (list) { \
-			(list)->prev	= NULL; \
-		} \
-	} else { \
-		if ((item)->prev) { \
-			(item)->prev->next	= (item)->next; \
-		} \
-		if ((item)->next) { \
-			(item)->next->prev	= (item)->prev; \
-		} \
-	} \
-	(item)->prev	= NULL; \
-	(item)->next	= NULL; \
-} while (0)
-
-/* LD_PRELOAD doesn't work yet, so REWRITE_CALLS is all we support
- * for now */
-#define REWRITE_CALLS 
-
-#ifdef REWRITE_CALLS
-#define real_accept accept
-#define real_connect connect
-#define real_bind bind
-#define real_listen listen
-#define real_getpeername getpeername
-#define real_getsockname getsockname
-#define real_getsockopt getsockopt
-#define real_setsockopt setsockopt
-#define real_recvfrom recvfrom
-#define real_sendto sendto
-#define real_ioctl ioctl
-#define real_recv recv
-#define real_send send
-#define real_socket socket
-#define real_close close
-#define real_dup dup
-#define real_dup2 dup2
-#endif
-
-#ifdef HAVE_GETTIMEOFDAY_TZ
-#define swrapGetTimeOfDay(tval) gettimeofday(tval,NULL)
-#else
-#define swrapGetTimeOfDay(tval)	gettimeofday(tval)
-#endif
-
-/* we need to use a very terse format here as IRIX 6.4 silently
-   truncates names to 16 chars, so if we use a longer name then we
-   can't tell which port a packet came from with recvfrom() 
-   
-   with this format we have 8 chars left for the directory name
-*/
-#define SOCKET_FORMAT "%c%02X%04X"
-#define SOCKET_TYPE_CHAR_TCP		'T'
-#define SOCKET_TYPE_CHAR_UDP		'U'
-#define SOCKET_TYPE_CHAR_TCP_V6		'X'
-#define SOCKET_TYPE_CHAR_UDP_V6		'Y'
-
-#define MAX_WRAPPED_INTERFACES 16
-
-#define SW_IPV6_ADDRESS 1
-
-static struct sockaddr *sockaddr_dup(const void *data, socklen_t len)
-{
-	struct sockaddr *ret = (struct sockaddr *)malloc(len);
-	memcpy(ret, data, len);
-	return ret;
-}
-
-static void set_port(int family, int prt, struct sockaddr *addr)
-{
-	switch (family) {
-	case AF_INET:
-		((struct sockaddr_in *)addr)->sin_port = htons(prt);
-		break;
-#ifdef HAVE_IPV6
-	case AF_INET6:
-		((struct sockaddr_in6 *)addr)->sin6_port = htons(prt);
-		break;
-#endif
-	}
-}
-
-static int socket_length(int family)
-{
-	switch (family) {
-	case AF_INET:
-		return sizeof(struct sockaddr_in);
-#ifdef HAVE_IPV6
-	case AF_INET6:
-		return sizeof(struct sockaddr_in6);
-#endif
-	}
-	return -1;
-}
-
-
-
-struct socket_info
-{
-	int fd;
-
-	int family;
-	int type;
-	int protocol;
-	int bound;
-	int bcast;
-	int is_server;
-
-	char *path;
-	char *tmp_path;
-
-	struct sockaddr *myname;
-	socklen_t myname_len;
-
-	struct sockaddr *peername;
-	socklen_t peername_len;
-
-	struct {
-		unsigned long pck_snd;
-		unsigned long pck_rcv;
-	} io;
-
-	struct socket_info *prev, *next;
-};
-
-static struct socket_info *sockets;
-
-
-static const char *socket_wrapper_dir(void)
-{
-	const char *s = getenv("SOCKET_WRAPPER_DIR");
-	if (s == NULL) {
-		return NULL;
-	}
-	if (strncmp(s, "./", 2) == 0) {
-		s += 2;
-	}
-	return s;
-}
-
-static unsigned int socket_wrapper_default_iface(void)
-{
-	const char *s = getenv("SOCKET_WRAPPER_DEFAULT_IFACE");
-	if (s) {
-		unsigned int iface;
-		if (sscanf(s, "%u", &iface) == 1) {
-			if (iface >= 1 && iface <= MAX_WRAPPED_INTERFACES) {
-				return iface;
-			}
-		}
-	}
-
-	return 1;/* 127.0.0.1 */
-}
-
-static int convert_un_in(const struct sockaddr_un *un, struct sockaddr *in, socklen_t *len)
-{
-	unsigned int iface;
-	unsigned int prt;
-	const char *p;
-	char type;
-
-	p = strrchr(un->sun_path, '/');
-	if (p) p++; else p = un->sun_path;
-
-	if (sscanf(p, SOCKET_FORMAT, &type, &iface, &prt) != 3) {
-		errno = EINVAL;
-		return -1;
-	}
-
-	if (iface == 0 || iface > MAX_WRAPPED_INTERFACES) {
-		errno = EINVAL;
-		return -1;
-	}
-
-	if (prt > 0xFFFF) {
-		errno = EINVAL;
-		return -1;
-	}
-
-	switch(type) {
-	case SOCKET_TYPE_CHAR_TCP:
-	case SOCKET_TYPE_CHAR_UDP: {
-		struct sockaddr_in *in2 = (struct sockaddr_in *)in;
-		
-		if ((*len) < sizeof(*in2)) {
-		    errno = EINVAL;
-		    return -1;
-		}
-
-		memset(in2, 0, sizeof(*in2));
-		in2->sin_family = AF_INET;
-		in2->sin_addr.s_addr = htonl((127<<24) | iface);
-		in2->sin_port = htons(prt);
-
-		*len = sizeof(*in2);
-		break;
-	}
-#ifdef HAVE_IPV6
-	case SOCKET_TYPE_CHAR_TCP_V6:
-	case SOCKET_TYPE_CHAR_UDP_V6: {
-		struct sockaddr_in6 *in2 = (struct sockaddr_in6 *)in;
-		
-		if ((*len) < sizeof(*in2)) {
-			errno = EINVAL;
-			return -1;
-		}
-
-		memset(in2, 0, sizeof(*in2));
-		in2->sin6_family = AF_INET6;
-		in2->sin6_addr.s6_addr[0] = SW_IPV6_ADDRESS;
-		in2->sin6_port = htons(prt);
-
-		*len = sizeof(*in2);
-		break;
-	}
-#endif
-	default:
-		errno = EINVAL;
-		return -1;
-	}
-
-	return 0;
-}
-
-static int convert_in_un_remote(struct socket_info *si, const struct sockaddr *inaddr, struct sockaddr_un *un,
-				int *bcast)
-{
-	char type = '\0';
-	unsigned int prt;
-	unsigned int iface;
-	int is_bcast = 0;
-
-	if (bcast) *bcast = 0;
-
-	switch (si->family) {
-	case AF_INET: {
-		const struct sockaddr_in *in = 
-		    (const struct sockaddr_in *)inaddr;
-		unsigned int addr = ntohl(in->sin_addr.s_addr);
-		char u_type = '\0';
-		char b_type = '\0';
-		char a_type = '\0';
-
-		switch (si->type) {
-		case SOCK_STREAM:
-			u_type = SOCKET_TYPE_CHAR_TCP;
-			break;
-		case SOCK_DGRAM:
-			u_type = SOCKET_TYPE_CHAR_UDP;
-			a_type = SOCKET_TYPE_CHAR_UDP;
-			b_type = SOCKET_TYPE_CHAR_UDP;
-			break;
-		}
-
-		prt = ntohs(in->sin_port);
-		if (a_type && addr == 0xFFFFFFFF) {
-			/* 255.255.255.255 only udp */
-			is_bcast = 2;
-			type = a_type;
-			iface = socket_wrapper_default_iface();
-		} else if (b_type && addr == 0x7FFFFFFF) {
-			/* 127.255.255.255 only udp */
-			is_bcast = 1;
-			type = b_type;
-			iface = socket_wrapper_default_iface();
-		} else if ((addr & 0xFFFFFF00) == 0x7F000000) {
-			/* 127.0.0.X */
-			is_bcast = 0;
-			type = u_type;
-			iface = (addr & 0x000000FF);
-		} else {
-			errno = ENETUNREACH;
-			return -1;
-		}
-		if (bcast) *bcast = is_bcast;
-		break;
-	}
-#ifdef HAVE_IPV6
-	case AF_INET6: {
-		const struct sockaddr_in6 *in = 
-		    (const struct sockaddr_in6 *)inaddr;
-
-		switch (si->type) {
-		case SOCK_STREAM:
-			type = SOCKET_TYPE_CHAR_TCP_V6;
-			break;
-		case SOCK_DGRAM:
-			type = SOCKET_TYPE_CHAR_UDP_V6;
-			break;
-		}
-
-		/* XXX no multicast/broadcast */
-
-		prt = ntohs(in->sin6_port);
-		iface = SW_IPV6_ADDRESS;
-		
-		break;
-	}
-#endif
-	default:
-		errno = ENETUNREACH;
-		return -1;
-	}
-
-	if (prt == 0) {
-		errno = EINVAL;
-		return -1;
-	}
-
-	if (is_bcast) {
-		snprintf(un->sun_path, sizeof(un->sun_path), "%s/EINVAL", 
-			 socket_wrapper_dir());
-		/* the caller need to do more processing */
-		return 0;
-	}
-
-	snprintf(un->sun_path, sizeof(un->sun_path), "%s/"SOCKET_FORMAT, 
-		 socket_wrapper_dir(), type, iface, prt);
-
-	return 0;
-}
-
-static int convert_in_un_alloc(struct socket_info *si, const struct sockaddr *inaddr, struct sockaddr_un *un,
-			       int *bcast)
-{
-	char type = '\0';
-	unsigned int prt;
-	unsigned int iface;
-	struct stat st;
-	int is_bcast = 0;
-
-	if (bcast) *bcast = 0;
-
-	switch (si->family) {
-	case AF_INET: {
-		const struct sockaddr_in *in = 
-		    (const struct sockaddr_in *)inaddr;
-		unsigned int addr = ntohl(in->sin_addr.s_addr);
-		char u_type = '\0';
-		char d_type = '\0';
-		char b_type = '\0';
-		char a_type = '\0';
-
-		prt = ntohs(in->sin_port);
-
-		switch (si->type) {
-		case SOCK_STREAM:
-			u_type = SOCKET_TYPE_CHAR_TCP;
-			d_type = SOCKET_TYPE_CHAR_TCP;
-			break;
-		case SOCK_DGRAM:
-			u_type = SOCKET_TYPE_CHAR_UDP;
-			d_type = SOCKET_TYPE_CHAR_UDP;
-			a_type = SOCKET_TYPE_CHAR_UDP;
-			b_type = SOCKET_TYPE_CHAR_UDP;
-			break;
-		}
-
-		if (addr == 0) {
-			/* 0.0.0.0 */
-		 	is_bcast = 0;
-			type = d_type;
-			iface = socket_wrapper_default_iface();
-		} else if (a_type && addr == 0xFFFFFFFF) {
-			/* 255.255.255.255 only udp */
-			is_bcast = 2;
-			type = a_type;
-			iface = socket_wrapper_default_iface();
-		} else if (b_type && addr == 0x7FFFFFFF) {
-			/* 127.255.255.255 only udp */
-			is_bcast = 1;
-			type = b_type;
-			iface = socket_wrapper_default_iface();
-		} else if ((addr & 0xFFFFFF00) == 0x7F000000) {
-			/* 127.0.0.X */
-			is_bcast = 0;
-			type = u_type;
-			iface = (addr & 0x000000FF);
-		} else {
-			errno = EADDRNOTAVAIL;
-			return -1;
-		}
-		break;
-	}
-#ifdef HAVE_IPV6
-	case AF_INET6: {
-		const struct sockaddr_in6 *in = 
-		    (const struct sockaddr_in6 *)inaddr;
-
-		switch (si->type) {
-		case SOCK_STREAM:
-			type = SOCKET_TYPE_CHAR_TCP_V6;
-			break;
-		case SOCK_DGRAM:
-			type = SOCKET_TYPE_CHAR_UDP_V6;
-			break;
-		}
-
-		/* XXX no multicast/broadcast */
-
-		prt = ntohs(in->sin6_port);
-		iface = SW_IPV6_ADDRESS;
-		
-		break;
-	}
-#endif
-	default:
-		errno = ENETUNREACH;
-		return -1;
-	}
-
-
-	if (bcast) *bcast = is_bcast;
-
-	if (prt == 0) {
-		/* handle auto-allocation of ephemeral ports */
-		for (prt = 5001; prt < 10000; prt++) {
-			snprintf(un->sun_path, sizeof(un->sun_path), "%s/"SOCKET_FORMAT, 
-				 socket_wrapper_dir(), type, iface, prt);
-			if (stat(un->sun_path, &st) == 0) continue;
-
-			set_port(si->family, prt, si->myname);
-		}
-	}
-
-	snprintf(un->sun_path, sizeof(un->sun_path), "%s/"SOCKET_FORMAT, 
-		 socket_wrapper_dir(), type, iface, prt);
-	return 0;
-}
-
-static struct socket_info *find_socket_info(int fd)
-{
-	struct socket_info *i;
-	for (i = sockets; i; i = i->next) {
-		if (i->fd == fd) 
-			return i;
-	}
-
-	return NULL;
-}
-
-static int sockaddr_convert_to_un(struct socket_info *si, const struct sockaddr *in_addr, socklen_t in_len, 
-				  struct sockaddr_un *out_addr, int alloc_sock, int *bcast)
-{
-	if (!out_addr)
-		return 0;
-
-	out_addr->sun_family = AF_UNIX;
-
-	switch (in_addr->sa_family) {
-	case AF_INET:
-#ifdef HAVE_IPV6
-	case AF_INET6:
-#endif
-		switch (si->type) {
-		case SOCK_STREAM:
-		case SOCK_DGRAM:
-			break;
-		default:
-			errno = ESOCKTNOSUPPORT;
-			return -1;
-		}
-		if (alloc_sock) {
-			return convert_in_un_alloc(si, in_addr, out_addr, bcast);
-		} else {
-			return convert_in_un_remote(si, in_addr, out_addr, bcast);
-		}
-	default:
-		break;
-	}
-	
-	errno = EAFNOSUPPORT;
-	return -1;
-}
-
-static int sockaddr_convert_from_un(const struct socket_info *si, 
-				    const struct sockaddr_un *in_addr, 
-				    socklen_t un_addrlen,
-				    int family,
-				    struct sockaddr *out_addr,
-				    socklen_t *out_addrlen)
-{
-	if (out_addr == NULL || out_addrlen == NULL) 
-		return 0;
-
-	if (un_addrlen == 0) {
-		*out_addrlen = 0;
-		return 0;
-	}
-
-	switch (family) {
-	case AF_INET:
-#ifdef HAVE_IPV6
-	case AF_INET6:
-#endif
-		switch (si->type) {
-		case SOCK_STREAM:
-		case SOCK_DGRAM:
-			break;
-		default:
-			errno = ESOCKTNOSUPPORT;
-			return -1;
-		}
-		return convert_un_in(in_addr, out_addr, out_addrlen);
-	default:
-		break;
-	}
-
-	errno = EAFNOSUPPORT;
-	return -1;
-}
-
-enum swrap_packet_type {
-	SWRAP_CONNECT_SEND,
-	SWRAP_CONNECT_UNREACH,
-	SWRAP_CONNECT_RECV,
-	SWRAP_CONNECT_ACK,
-	SWRAP_ACCEPT_SEND,
-	SWRAP_ACCEPT_RECV,
-	SWRAP_ACCEPT_ACK,
-	SWRAP_RECVFROM,
-	SWRAP_SENDTO,
-	SWRAP_SENDTO_UNREACH,
-	SWRAP_PENDING_RST,
-	SWRAP_RECV,
-	SWRAP_RECV_RST,
-	SWRAP_SEND,
-	SWRAP_SEND_RST,
-	SWRAP_CLOSE_SEND,
-	SWRAP_CLOSE_RECV,
-	SWRAP_CLOSE_ACK
-};
-
-struct swrap_file_hdr {
-	unsigned long	magic;
-	unsigned short	version_major;	
-	unsigned short	version_minor;
-	long		timezone;
-	unsigned long	sigfigs;
-	unsigned long	frame_max_len;
-#define SWRAP_FRAME_LENGTH_MAX 0xFFFF
-	unsigned long	link_type;
-};
-#define SWRAP_FILE_HDR_SIZE 24
-
-struct swrap_packet {
-	struct {
-		unsigned long seconds;
-		unsigned long micro_seconds;
-		unsigned long recorded_length;
-		unsigned long full_length;
-	} frame;
-#define SWRAP_PACKET__FRAME_SIZE 16
-
-	struct {
-		struct {
-			unsigned char	ver_hdrlen;
-			unsigned char	tos;
-			unsigned short	packet_length;
-			unsigned short	identification;
-			unsigned char	flags;
-			unsigned char	fragment;
-			unsigned char	ttl;
-			unsigned char	protocol;
-			unsigned short	hdr_checksum;
-			unsigned long	src_addr;
-			unsigned long	dest_addr;
-		} hdr;
-#define SWRAP_PACKET__IP_HDR_SIZE 20
-
-		union {
-			struct {
-				unsigned short	source_port;
-				unsigned short	dest_port;
-				unsigned long	seq_num;
-				unsigned long	ack_num;
-				unsigned char	hdr_length;
-				unsigned char	control;
-				unsigned short	window;
-				unsigned short	checksum;
-				unsigned short	urg;
-			} tcp;
-#define SWRAP_PACKET__IP_P_TCP_SIZE 20
-			struct {
-				unsigned short	source_port;
-				unsigned short	dest_port;
-				unsigned short	length;
-				unsigned short	checksum;
-			} udp;
-#define SWRAP_PACKET__IP_P_UDP_SIZE 8
-			struct {
-				unsigned char	type;
-				unsigned char	code;
-				unsigned short	checksum;
-				unsigned long	unused;
-			} icmp;
-#define SWRAP_PACKET__IP_P_ICMP_SIZE 8
-		} p;
-	} ip;
-};
-#define SWRAP_PACKET_SIZE 56
-
-static const char *socket_wrapper_pcap_file(void)
-{
-	static int initialized = 0;
-	static const char *s = NULL;
-	static const struct swrap_file_hdr h;
-	static const struct swrap_packet p;
-
-	if (initialized == 1) {
-		return s;
-	}
-	initialized = 1;
-
-	/*
-	 * TODO: don't use the structs use plain buffer offsets
-	 *       and PUSH_U8(), PUSH_U16() and PUSH_U32()
-	 * 
-	 * for now make sure we disable PCAP support
-	 * if the struct has alignment!
-	 */
-	if (sizeof(h) != SWRAP_FILE_HDR_SIZE) {
-		return NULL;
-	}
-	if (sizeof(p) != SWRAP_PACKET_SIZE) {
-		return NULL;
-	}
-	if (sizeof(p.frame) != SWRAP_PACKET__FRAME_SIZE) {
-		return NULL;
-	}
-	if (sizeof(p.ip.hdr) != SWRAP_PACKET__IP_HDR_SIZE) {
-		return NULL;
-	}
-	if (sizeof(p.ip.p.tcp) != SWRAP_PACKET__IP_P_TCP_SIZE) {
-		return NULL;
-	}
-	if (sizeof(p.ip.p.udp) != SWRAP_PACKET__IP_P_UDP_SIZE) {
-		return NULL;
-	}
-	if (sizeof(p.ip.p.icmp) != SWRAP_PACKET__IP_P_ICMP_SIZE) {
-		return NULL;
-	}
-
-	s = getenv("SOCKET_WRAPPER_PCAP_FILE");
-	if (s == NULL) {
-		return NULL;
-	}
-	if (strncmp(s, "./", 2) == 0) {
-		s += 2;
-	}
-	return s;
-}
-
-static struct swrap_packet *swrap_packet_init(struct timeval *tval,
-					      const struct sockaddr_in *src_addr,
-					      const struct sockaddr_in *dest_addr,
-					      int socket_type,
-					      const unsigned char *payload,
-					      size_t payload_len,
-					      unsigned long tcp_seq,
-					      unsigned long tcp_ack,
-					      unsigned char tcp_ctl,
-					      int unreachable,
-					      size_t *_packet_len)
-{
-	struct swrap_packet *ret;
-	struct swrap_packet *packet;
-	size_t packet_len;
-	size_t alloc_len;
-	size_t nonwire_len = sizeof(packet->frame);
-	size_t wire_hdr_len = 0;
-	size_t wire_len = 0;
-	size_t icmp_hdr_len = 0;
-	size_t icmp_truncate_len = 0;
-	unsigned char protocol = 0, icmp_protocol = 0;
-	unsigned short src_port = src_addr->sin_port;
-	unsigned short dest_port = dest_addr->sin_port;
-
-	switch (socket_type) {
-	case SOCK_STREAM:
-		protocol = 0x06; /* TCP */
-		wire_hdr_len = sizeof(packet->ip.hdr) + sizeof(packet->ip.p.tcp);
-		wire_len = wire_hdr_len + payload_len;
-		break;
-
-	case SOCK_DGRAM:
-		protocol = 0x11; /* UDP */
-		wire_hdr_len = sizeof(packet->ip.hdr) + sizeof(packet->ip.p.udp);
-		wire_len = wire_hdr_len + payload_len;
-		break;
-	}
-
-	if (unreachable) {
-		icmp_protocol = protocol;
-		protocol = 0x01; /* ICMP */
-		if (wire_len > 64 ) {
-			icmp_truncate_len = wire_len - 64;
-		}
-		icmp_hdr_len = sizeof(packet->ip.hdr) + sizeof(packet->ip.p.icmp);
-		wire_hdr_len += icmp_hdr_len;
-		wire_len += icmp_hdr_len;
-	}
-
-	packet_len = nonwire_len + wire_len;
-	alloc_len = packet_len;
-	if (alloc_len < sizeof(struct swrap_packet)) {
-		alloc_len = sizeof(struct swrap_packet);
-	}
-	ret = (struct swrap_packet *)malloc(alloc_len);
-	if (!ret) return NULL;
-
-	packet = ret;
-
-	packet->frame.seconds		= tval->tv_sec;
-	packet->frame.micro_seconds	= tval->tv_usec;
-	packet->frame.recorded_length	= wire_len - icmp_truncate_len;
-	packet->frame.full_length	= wire_len - icmp_truncate_len;
-
-	packet->ip.hdr.ver_hdrlen	= 0x45; /* version 4 and 5 * 32 bit words */
-	packet->ip.hdr.tos		= 0x00;
-	packet->ip.hdr.packet_length	= htons(wire_len - icmp_truncate_len);
-	packet->ip.hdr.identification	= htons(0xFFFF);
-	packet->ip.hdr.flags		= 0x40; /* BIT 1 set - means don't fraqment */
-	packet->ip.hdr.fragment		= htons(0x0000);
-	packet->ip.hdr.ttl		= 0xFF;
-	packet->ip.hdr.protocol		= protocol;
-	packet->ip.hdr.hdr_checksum	= htons(0x0000);
-	packet->ip.hdr.src_addr		= src_addr->sin_addr.s_addr;
-	packet->ip.hdr.dest_addr	= dest_addr->sin_addr.s_addr;
-
-	if (unreachable) {
-		packet->ip.p.icmp.type		= 0x03; /* destination unreachable */
-		packet->ip.p.icmp.code		= 0x01; /* host unreachable */
-		packet->ip.p.icmp.checksum	= htons(0x0000);
-		packet->ip.p.icmp.unused	= htonl(0x00000000);
-
-		/* set the ip header in the ICMP payload */
-		packet = (struct swrap_packet *)(((unsigned char *)ret) + icmp_hdr_len);
-		packet->ip.hdr.ver_hdrlen	= 0x45; /* version 4 and 5 * 32 bit words */
-		packet->ip.hdr.tos		= 0x00;
-		packet->ip.hdr.packet_length	= htons(wire_len - icmp_hdr_len);
-		packet->ip.hdr.identification	= htons(0xFFFF);
-		packet->ip.hdr.flags		= 0x40; /* BIT 1 set - means don't fraqment */
-		packet->ip.hdr.fragment		= htons(0x0000);
-		packet->ip.hdr.ttl		= 0xFF;
-		packet->ip.hdr.protocol		= icmp_protocol;
-		packet->ip.hdr.hdr_checksum	= htons(0x0000);
-		packet->ip.hdr.src_addr		= dest_addr->sin_addr.s_addr;
-		packet->ip.hdr.dest_addr	= src_addr->sin_addr.s_addr;
-
-		src_port = dest_addr->sin_port;
-		dest_port = src_addr->sin_port;
-	}
-
-	switch (socket_type) {
-	case SOCK_STREAM:
-		packet->ip.p.tcp.source_port	= src_port;
-		packet->ip.p.tcp.dest_port	= dest_port;
-		packet->ip.p.tcp.seq_num	= htonl(tcp_seq);
-		packet->ip.p.tcp.ack_num	= htonl(tcp_ack);
-		packet->ip.p.tcp.hdr_length	= 0x50; /* 5 * 32 bit words */
-		packet->ip.p.tcp.control	= tcp_ctl;
-		packet->ip.p.tcp.window		= htons(0x7FFF);
-		packet->ip.p.tcp.checksum	= htons(0x0000);
-		packet->ip.p.tcp.urg		= htons(0x0000);
-
-		break;
-
-	case SOCK_DGRAM:
-		packet->ip.p.udp.source_port	= src_addr->sin_port;
-		packet->ip.p.udp.dest_port	= dest_addr->sin_port;
-		packet->ip.p.udp.length		= htons(8 + payload_len);
-		packet->ip.p.udp.checksum	= htons(0x0000);
-
-		break;
-	}
-
-	if (payload && payload_len > 0) {
-		unsigned char *p = (unsigned char *)ret;
-		p += nonwire_len;
-		p += wire_hdr_len;
-		memcpy(p, payload, payload_len);
-	}
-
-	*_packet_len = packet_len - icmp_truncate_len;
-	return ret;
-}
-
-static int swrap_get_pcap_fd(const char *fname)
-{
-	static int fd = -1;
-
-	if (fd != -1) return fd;
-
-	fd = open(fname, O_WRONLY|O_CREAT|O_EXCL|O_APPEND, 0644);
-	if (fd != -1) {
-		struct swrap_file_hdr file_hdr;
-		file_hdr.magic		= 0xA1B2C3D4;
-		file_hdr.version_major	= 0x0002;	
-		file_hdr.version_minor	= 0x0004;
-		file_hdr.timezone	= 0x00000000;
-		file_hdr.sigfigs	= 0x00000000;
-		file_hdr.frame_max_len	= SWRAP_FRAME_LENGTH_MAX;
-		file_hdr.link_type	= 0x0065; /* 101 RAW IP */
-
-		write(fd, &file_hdr, sizeof(file_hdr));
-		return fd;
-	}
-
-	fd = open(fname, O_WRONLY|O_APPEND, 0644);
-
-	return fd;
-}
-
-static void swrap_dump_packet(struct socket_info *si, const struct sockaddr *addr,
-			      enum swrap_packet_type type,
-			      const void *buf, size_t len)
-{
-	const struct sockaddr_in *src_addr;
-	const struct sockaddr_in *dest_addr;
-	const char *file_name;
-	unsigned long tcp_seq = 0;
-	unsigned long tcp_ack = 0;
-	unsigned char tcp_ctl = 0;
-	int unreachable = 0;
-	struct timeval tv;
-	struct swrap_packet *packet;
-	size_t packet_len = 0;
-	int fd;
-
-	file_name = socket_wrapper_pcap_file();
-	if (!file_name) {
-		return;
-	}
-
-	switch (si->family) {
-	case AF_INET:
-#ifdef HAVE_IPV6
-	case AF_INET6:
-#endif
-		break;
-	default:
-		return;
-	}
-
-	switch (type) {
-	case SWRAP_CONNECT_SEND:
-		if (si->type != SOCK_STREAM) return;
-
-		src_addr = (const struct sockaddr_in *)si->myname;
-		dest_addr = (const struct sockaddr_in *)addr;
-
-		tcp_seq = si->io.pck_snd;
-		tcp_ack = si->io.pck_rcv;
-		tcp_ctl = 0x02; /* SYN */
-
-		si->io.pck_snd += 1;
-
-		break;
-
-	case SWRAP_CONNECT_RECV:
-		if (si->type != SOCK_STREAM) return;
-
-		dest_addr = (const struct sockaddr_in *)si->myname;
-		src_addr = (const struct sockaddr_in *)addr;
-
-		tcp_seq = si->io.pck_rcv;
-		tcp_ack = si->io.pck_snd;
-		tcp_ctl = 0x12; /** SYN,ACK */
-
-		si->io.pck_rcv += 1;
-
-		break;
-
-	case SWRAP_CONNECT_UNREACH:
-		if (si->type != SOCK_STREAM) return;
-
-		dest_addr = (const struct sockaddr_in *)si->myname;
-		src_addr = (const struct sockaddr_in *)addr;
-
-		/* Unreachable: resend the data of SWRAP_CONNECT_SEND */
-		tcp_seq = si->io.pck_snd - 1;
-		tcp_ack = si->io.pck_rcv;
-		tcp_ctl = 0x02; /* SYN */
-		unreachable = 1;
-
-		break;
-
-	case SWRAP_CONNECT_ACK:
-		if (si->type != SOCK_STREAM) return;
-
-		src_addr = (const struct sockaddr_in *)si->myname;
-		dest_addr = (const struct sockaddr_in *)addr;
-
-		tcp_seq = si->io.pck_snd;
-		tcp_ack = si->io.pck_rcv;
-		tcp_ctl = 0x10; /* ACK */
-
-		break;
-
-	case SWRAP_ACCEPT_SEND:
-		if (si->type != SOCK_STREAM) return;
-
-		dest_addr = (const struct sockaddr_in *)si->myname;
-		src_addr = (const struct sockaddr_in *)addr;
-
-		tcp_seq = si->io.pck_rcv;
-		tcp_ack = si->io.pck_snd;
-		tcp_ctl = 0x02; /* SYN */
-
-		si->io.pck_rcv += 1;
-
-		break;
-
-	case SWRAP_ACCEPT_RECV:
-		if (si->type != SOCK_STREAM) return;
-
-		src_addr = (const struct sockaddr_in *)si->myname;
-		dest_addr = (const struct sockaddr_in *)addr;
-
-		tcp_seq = si->io.pck_snd;
-		tcp_ack = si->io.pck_rcv;
-		tcp_ctl = 0x12; /* SYN,ACK */
-
-		si->io.pck_snd += 1;
-
-		break;
-
-	case SWRAP_ACCEPT_ACK:
-		if (si->type != SOCK_STREAM) return;
-
-		dest_addr = (const struct sockaddr_in *)si->myname;
-		src_addr = (const struct sockaddr_in *)addr;
-
-		tcp_seq = si->io.pck_rcv;
-		tcp_ack = si->io.pck_snd;
-		tcp_ctl = 0x10; /* ACK */
-
-		break;
-
-	case SWRAP_SEND:
-		src_addr = (const struct sockaddr_in *)si->myname;
-		dest_addr = (const struct sockaddr_in *)si->peername;
-
-		tcp_seq = si->io.pck_snd;
-		tcp_ack = si->io.pck_rcv;
-		tcp_ctl = 0x18; /* PSH,ACK */
-
-		si->io.pck_snd += len;
-
-		break;
-
-	case SWRAP_SEND_RST:
-		dest_addr = (const struct sockaddr_in *)si->myname;
-		src_addr = (const struct sockaddr_in *)si->peername;
-
-		if (si->type == SOCK_DGRAM) {
-			swrap_dump_packet(si, si->peername,
-					  SWRAP_SENDTO_UNREACH,
-			      		  buf, len);
-			return;
-		}
-
-		tcp_seq = si->io.pck_rcv;
-		tcp_ack = si->io.pck_snd;
-		tcp_ctl = 0x14; /** RST,ACK */
-
-		break;
-
-	case SWRAP_PENDING_RST:
-		dest_addr = (const struct sockaddr_in *)si->myname;
-		src_addr = (const struct sockaddr_in *)si->peername;
-
-		if (si->type == SOCK_DGRAM) {
-			return;
-		}
-
-		tcp_seq = si->io.pck_rcv;
-		tcp_ack = si->io.pck_snd;
-		tcp_ctl = 0x14; /* RST,ACK */
-
-		break;
-
-	case SWRAP_RECV:
-		dest_addr = (const struct sockaddr_in *)si->myname;
-		src_addr = (const struct sockaddr_in *)si->peername;
-
-		tcp_seq = si->io.pck_rcv;
-		tcp_ack = si->io.pck_snd;
-		tcp_ctl = 0x18; /* PSH,ACK */
-
-		si->io.pck_rcv += len;
-
-		break;
-
-	case SWRAP_RECV_RST:
-		dest_addr = (const struct sockaddr_in *)si->myname;
-		src_addr = (const struct sockaddr_in *)si->peername;
-
-		if (si->type == SOCK_DGRAM) {
-			return;
-		}
-
-		tcp_seq = si->io.pck_rcv;
-		tcp_ack = si->io.pck_snd;
-		tcp_ctl = 0x14; /* RST,ACK */
-
-		break;
-
-	case SWRAP_SENDTO:
-		src_addr = (const struct sockaddr_in *)si->myname;
-		dest_addr = (const struct sockaddr_in *)addr;
-
-		si->io.pck_snd += len;
-
-		break;
-
-	case SWRAP_SENDTO_UNREACH:
-		dest_addr = (const struct sockaddr_in *)si->myname;
-		src_addr = (const struct sockaddr_in *)addr;
-
-		unreachable = 1;
-
-		break;
-
-	case SWRAP_RECVFROM:
-		dest_addr = (const struct sockaddr_in *)si->myname;
-		src_addr = (const struct sockaddr_in *)addr;
-
-		si->io.pck_rcv += len;
-
-		break;
-
-	case SWRAP_CLOSE_SEND:
-		if (si->type != SOCK_STREAM) return;
-
-		src_addr = (const struct sockaddr_in *)si->myname;
-		dest_addr = (const struct sockaddr_in *)si->peername;
-
-		tcp_seq = si->io.pck_snd;
-		tcp_ack = si->io.pck_rcv;
-		tcp_ctl = 0x11; /* FIN, ACK */
-
-		si->io.pck_snd += 1;
-
-		break;
-
-	case SWRAP_CLOSE_RECV:
-		if (si->type != SOCK_STREAM) return;
-
-		dest_addr = (const struct sockaddr_in *)si->myname;
-		src_addr = (const struct sockaddr_in *)si->peername;
-
-		tcp_seq = si->io.pck_rcv;
-		tcp_ack = si->io.pck_snd;
-		tcp_ctl = 0x11; /* FIN,ACK */
-
-		si->io.pck_rcv += 1;
-
-		break;
-
-	case SWRAP_CLOSE_ACK:
-		if (si->type != SOCK_STREAM) return;
-
-		src_addr = (const struct sockaddr_in *)si->myname;
-		dest_addr = (const struct sockaddr_in *)si->peername;
-
-		tcp_seq = si->io.pck_snd;
-		tcp_ack = si->io.pck_rcv;
-		tcp_ctl = 0x10; /* ACK */
-
-		break;
-	default:
-		return;
-	}
-
-	swrapGetTimeOfDay(&tv);
-
-	packet = swrap_packet_init(&tv, src_addr, dest_addr, si->type,
-				   (const unsigned char *)buf, len,
-				   tcp_seq, tcp_ack, tcp_ctl, unreachable,
-				   &packet_len);
-	if (!packet) {
-		return;
-	}
-
-	fd = swrap_get_pcap_fd(file_name);
-	if (fd != -1) {
-		write(fd, packet, packet_len);
-	}
-
-	free(packet);
-}
-
-_PUBLIC_ int swrap_socket(int family, int type, int protocol)
-{
-	struct socket_info *si;
-	int fd;
-
-	if (!socket_wrapper_dir()) {
-		return real_socket(family, type, protocol);
-	}
-
-	switch (family) {
-	case AF_INET:
-#ifdef HAVE_IPV6
-	case AF_INET6:
-#endif
-		break;
-	case AF_UNIX:
-		return real_socket(family, type, protocol);
-	default:
-		errno = EAFNOSUPPORT;
-		return -1;
-	}
-
-	switch (type) {
-	case SOCK_STREAM:
-		break;
-	case SOCK_DGRAM:
-		break;
-	default:
-		errno = EPROTONOSUPPORT;
-		return -1;
-	}
-
-#if 0
-	switch (protocol) {
-	case 0:
-		break;
-	default:
-		errno = EPROTONOSUPPORT;
-		return -1;
-	}
-#endif
-
-	fd = real_socket(AF_UNIX, type, 0);
-
-	if (fd == -1) return -1;
-
-	si = (struct socket_info *)calloc(1, sizeof(struct socket_info));
-
-	si->family = family;
-	si->type = type;
-	si->protocol = protocol;
-	si->fd = fd;
-
-	SWRAP_DLIST_ADD(sockets, si);
-
-	return si->fd;
-}
-
-_PUBLIC_ int swrap_accept(int s, struct sockaddr *addr, socklen_t *addrlen)
-{
-	struct socket_info *parent_si, *child_si;
-	int fd;
-	struct sockaddr_un un_addr;
-	socklen_t un_addrlen = sizeof(un_addr);
-	struct sockaddr_un un_my_addr;
-	socklen_t un_my_addrlen = sizeof(un_my_addr);
-	struct sockaddr *my_addr;
-	socklen_t my_addrlen, len;
-	int ret;
-
-	parent_si = find_socket_info(s);
-	if (!parent_si) {
-		return real_accept(s, addr, addrlen);
-	}
-
-	/* 
-	 * assume out sockaddr have the same size as the in parent
-	 * socket family
-	 */
-	my_addrlen = socket_length(parent_si->family);
-	if (my_addrlen < 0) {
-		errno = EINVAL;
-		return -1;
-	}
-
-	my_addr = malloc(my_addrlen);
-	if (my_addr == NULL) {
-		return -1;
-	}
-
-	memset(&un_addr, 0, sizeof(un_addr));
-	memset(&un_my_addr, 0, sizeof(un_my_addr));
-
-	ret = real_accept(s, (struct sockaddr *)&un_addr, &un_addrlen);
-	if (ret == -1) {
-		free(my_addr);
-		return ret;
-	}
-
-	fd = ret;
-
-	len = my_addrlen;
-	ret = sockaddr_convert_from_un(parent_si, &un_addr, un_addrlen,
-				       parent_si->family, my_addr, &len);
-	if (ret == -1) {
-		free(my_addr);
-		close(fd);
-		return ret;
-	}
-
-	child_si = (struct socket_info *)malloc(sizeof(struct socket_info));
-	memset(child_si, 0, sizeof(*child_si));
-
-	child_si->fd = fd;
-	child_si->family = parent_si->family;
-	child_si->type = parent_si->type;
-	child_si->protocol = parent_si->protocol;
-	child_si->bound = 1;
-	child_si->is_server = 1;
-
-	child_si->peername_len = len;
-	child_si->peername = sockaddr_dup(my_addr, len);
-
-	if (addr != NULL && addrlen != NULL) {
-	    *addrlen = len;
-	    if (*addrlen >= len)
-		memcpy(addr, my_addr, len);
-	    *addrlen = 0;
-	}
-
-	ret = real_getsockname(fd, (struct sockaddr *)&un_my_addr, &un_my_addrlen);
-	if (ret == -1) {
-		free(child_si);
-		close(fd);
-		return ret;
-	}
-
-	len = my_addrlen;
-	ret = sockaddr_convert_from_un(child_si, &un_my_addr, un_my_addrlen,
-				       child_si->family, my_addr, &len);
-	if (ret == -1) {
-		free(child_si);
-		free(my_addr);
-		close(fd);
-		return ret;
-	}
-
-	child_si->myname_len = len;
-	child_si->myname = sockaddr_dup(my_addr, len);
-	free(my_addr);
-
-	SWRAP_DLIST_ADD(sockets, child_si);
-
-	swrap_dump_packet(child_si, addr, SWRAP_ACCEPT_SEND, NULL, 0);
-	swrap_dump_packet(child_si, addr, SWRAP_ACCEPT_RECV, NULL, 0);
-	swrap_dump_packet(child_si, addr, SWRAP_ACCEPT_ACK, NULL, 0);
-
-	return fd;
-}
-
-static int autobind_start_init;
-static int autobind_start;
-
-/* using sendto() or connect() on an unbound socket would give the
-   recipient no way to reply, as unlike UDP and TCP, a unix domain
-   socket can't auto-assign emphemeral port numbers, so we need to
-   assign it here */
-static int swrap_auto_bind(struct socket_info *si)
-{
-	struct sockaddr_un un_addr;
-	int i;
-	char type;
-	int ret;
-	int port;
-	struct stat st;
-
-	if (autobind_start_init != 1) {
-		autobind_start_init = 1;
-		autobind_start = getpid();
-		autobind_start %= 50000;
-		autobind_start += 10000;
-	}
-
-	un_addr.sun_family = AF_UNIX;
-
-	switch (si->family) {
-	case AF_INET: {
-		struct sockaddr_in in;
-
-		switch (si->type) {
-		case SOCK_STREAM:
-			type = SOCKET_TYPE_CHAR_TCP;
-			break;
-		case SOCK_DGRAM:
-		    	type = SOCKET_TYPE_CHAR_UDP;
-			break;
-		default:
-		    errno = ESOCKTNOSUPPORT;
-		    return -1;
-		}
-
-		memset(&in, 0, sizeof(in));
-		in.sin_family = AF_INET;
-		in.sin_addr.s_addr = htonl(127<<24 | 
-					   socket_wrapper_default_iface());
-
-		si->myname_len = sizeof(in);
-		si->myname = sockaddr_dup(&in, si->myname_len);
-		break;
-	}
-#ifdef HAVE_IPV6
-	case AF_INET6: {
-		struct sockaddr_in6 in6;
-
-		switch (si->type) {
-		case SOCK_STREAM:
-			type = SOCKET_TYPE_CHAR_TCP_V6;
-			break;
-		case SOCK_DGRAM:
-		    	type = SOCKET_TYPE_CHAR_UDP_V6;
-			break;
-		default:
-		    errno = ESOCKTNOSUPPORT;
-		    return -1;
-		}
-
-		memset(&in6, 0, sizeof(in6));
-		in6.sin6_family = AF_INET6;
-		in6.sin6_addr.s6_addr[0] = SW_IPV6_ADDRESS;
-		si->myname_len = sizeof(in6);
-		si->myname = sockaddr_dup(&in6, si->myname_len);
-		break;
-	}
-#endif
-	default:
-		errno = ESOCKTNOSUPPORT;
-		return -1;
-	}
-
-	if (autobind_start > 60000) {
-		autobind_start = 10000;
-	}
-
-	for (i=0;i<1000;i++) {
-		port = autobind_start + i;
-		snprintf(un_addr.sun_path, sizeof(un_addr.sun_path), 
-			 "%s/"SOCKET_FORMAT, socket_wrapper_dir(),
-			 type, socket_wrapper_default_iface(), port);
-		if (stat(un_addr.sun_path, &st) == 0) continue;
-		
-		ret = real_bind(si->fd, (struct sockaddr *)&un_addr, sizeof(un_addr));
-		if (ret == -1) return ret;
-
-		si->tmp_path = strdup(un_addr.sun_path);
-		si->bound = 1;
-		autobind_start = port + 1;
-		break;
-	}
-	if (i == 1000) {
-		errno = ENFILE;
-		return -1;
-	}
-
-	set_port(si->family, port, si->myname);
-
-	return 0;
-}
-
-
-_PUBLIC_ int swrap_connect(int s, const struct sockaddr *serv_addr, socklen_t addrlen)
-{
-	int ret;
-	struct sockaddr_un un_addr;
-	struct socket_info *si = find_socket_info(s);
-
-	if (!si) {
-		return real_connect(s, serv_addr, addrlen);
-	}
-
-	if (si->bound == 0) {
-		ret = swrap_auto_bind(si);
-		if (ret == -1) return -1;
-	}
-
-	if (si->family != serv_addr->sa_family) {
-		errno = EINVAL;
-		return -1;
-	}
-
-	ret = sockaddr_convert_to_un(si, (const struct sockaddr *)serv_addr, addrlen, &un_addr, 0, NULL);
-	if (ret == -1) return -1;
-
-	swrap_dump_packet(si, serv_addr, SWRAP_CONNECT_SEND, NULL, 0);
-
-	ret = real_connect(s, (struct sockaddr *)&un_addr, 
-			   sizeof(struct sockaddr_un));
-
-	/* to give better errors */
-	if (ret == -1 && errno == ENOENT) {
-		errno = EHOSTUNREACH;
-	}
-
-	if (ret == 0) {
-		si->peername_len = addrlen;
-		si->peername = sockaddr_dup(serv_addr, addrlen);
-
-		swrap_dump_packet(si, serv_addr, SWRAP_CONNECT_RECV, NULL, 0);
-		swrap_dump_packet(si, serv_addr, SWRAP_CONNECT_ACK, NULL, 0);
-	} else {
-		swrap_dump_packet(si, serv_addr, SWRAP_CONNECT_UNREACH, NULL, 0);
-	}
-
-	return ret;
-}
-
-_PUBLIC_ int swrap_bind(int s, const struct sockaddr *myaddr, socklen_t addrlen)
-{
-	int ret;
-	struct sockaddr_un un_addr;
-	struct socket_info *si = find_socket_info(s);
-
-	if (!si) {
-		return real_bind(s, myaddr, addrlen);
-	}
-
-	si->myname_len = addrlen;
-	si->myname = sockaddr_dup(myaddr, addrlen);
-
-	ret = sockaddr_convert_to_un(si, (const struct sockaddr *)myaddr, addrlen, &un_addr, 1, &si->bcast);
-	if (ret == -1) return -1;
-
-	unlink(un_addr.sun_path);
-
-	ret = real_bind(s, (struct sockaddr *)&un_addr,
-			sizeof(struct sockaddr_un));
-
-	if (ret == 0) {
-		si->bound = 1;
-	}
-
-	return ret;
-}
-
-_PUBLIC_ int swrap_listen(int s, int backlog)
-{
-	int ret;
-	struct socket_info *si = find_socket_info(s);
-
-	if (!si) {
-		return real_listen(s, backlog);
-	}
-
-	ret = real_listen(s, backlog);
-
-	return ret;
-}
-
-_PUBLIC_ int swrap_getpeername(int s, struct sockaddr *name, socklen_t *addrlen)
-{
-	struct socket_info *si = find_socket_info(s);
-
-	if (!si) {
-		return real_getpeername(s, name, addrlen);
-	}
-
-	if (!si->peername)
-	{
-		errno = ENOTCONN;
-		return -1;
-	}
-
-	memcpy(name, si->peername, si->peername_len);
-	*addrlen = si->peername_len;
-
-	return 0;
-}
-
-_PUBLIC_ int swrap_getsockname(int s, struct sockaddr *name, socklen_t *addrlen)
-{
-	struct socket_info *si = find_socket_info(s);
-
-	if (!si) {
-		return real_getsockname(s, name, addrlen);
-	}
-
-	memcpy(name, si->myname, si->myname_len);
-	*addrlen = si->myname_len;
-
-	return 0;
-}
-
-_PUBLIC_ int swrap_getsockopt(int s, int level, int optname, void *optval, socklen_t *optlen)
-{
-	struct socket_info *si = find_socket_info(s);
-
-	if (!si) {
-		return real_getsockopt(s, level, optname, optval, optlen);
-	}
-
-	if (level == SOL_SOCKET) {
-		return real_getsockopt(s, level, optname, optval, optlen);
-	} 
-
-	errno = ENOPROTOOPT;
-	return -1;
-}
-
-_PUBLIC_ int swrap_setsockopt(int s, int  level,  int  optname,  const  void  *optval, socklen_t optlen)
-{
-	struct socket_info *si = find_socket_info(s);
-
-	if (!si) {
-		return real_setsockopt(s, level, optname, optval, optlen);
-	}
-
-	if (level == SOL_SOCKET) {
-		return real_setsockopt(s, level, optname, optval, optlen);
-	}
-
-	switch (si->family) {
-	case AF_INET:
-		return 0;
-	default:
-		errno = ENOPROTOOPT;
-		return -1;
-	}
-}
-
-_PUBLIC_ ssize_t swrap_recvfrom(int s, void *buf, size_t len, int flags, struct sockaddr *from, socklen_t *fromlen)
-{
-	struct sockaddr_un un_addr;
-	socklen_t un_addrlen = sizeof(un_addr);
-	int ret;
-	struct socket_info *si = find_socket_info(s);
-
-	if (!si) {
-		return real_recvfrom(s, buf, len, flags, from, fromlen);
-	}
-
-	/* irix 6.4 forgets to null terminate the sun_path string :-( */
-	memset(&un_addr, 0, sizeof(un_addr));
-	ret = real_recvfrom(s, buf, len, flags, (struct sockaddr *)&un_addr, &un_addrlen);
-	if (ret == -1) 
-		return ret;
-
-	if (sockaddr_convert_from_un(si, &un_addr, un_addrlen,
-				     si->family, from, fromlen) == -1) {
-		return -1;
-	}
-
-	swrap_dump_packet(si, from, SWRAP_RECVFROM, buf, ret);
-
-	return ret;
-}
-
-
-_PUBLIC_ ssize_t swrap_sendto(int s, const void *buf, size_t len, int flags, const struct sockaddr *to, socklen_t tolen)
-{
-	struct sockaddr_un un_addr;
-	int ret;
-	struct socket_info *si = find_socket_info(s);
-	int bcast = 0;
-
-	if (!si) {
-		return real_sendto(s, buf, len, flags, to, tolen);
-	}
-
-	switch (si->type) {
-	case SOCK_STREAM:
-		ret = real_send(s, buf, len, flags);
-		break;
-	case SOCK_DGRAM:
-		if (si->bound == 0) {
-			ret = swrap_auto_bind(si);
-			if (ret == -1) return -1;
-		}
-		
-		ret = sockaddr_convert_to_un(si, to, tolen, &un_addr, 0, &bcast);
-		if (ret == -1) return -1;
-		
-		if (bcast) {
-			struct stat st;
-			unsigned int iface;
-			unsigned int prt = ntohs(((const struct sockaddr_in *)to)->sin_port);
-			char type;
-			
-			type = SOCKET_TYPE_CHAR_UDP;
-			
-			for(iface=0; iface <= MAX_WRAPPED_INTERFACES; iface++) {
-				snprintf(un_addr.sun_path, sizeof(un_addr.sun_path), "%s/"SOCKET_FORMAT, 
-					 socket_wrapper_dir(), type, iface, prt);
-				if (stat(un_addr.sun_path, &st) != 0) continue;
-				
-				/* ignore the any errors in broadcast sends */
-				real_sendto(s, buf, len, flags, (struct sockaddr *)&un_addr, sizeof(un_addr));
-			}
-			
-			swrap_dump_packet(si, to, SWRAP_SENDTO, buf, len);
-			
-			return len;
-		}
-		
-		ret = real_sendto(s, buf, len, flags, (struct sockaddr *)&un_addr, sizeof(un_addr));
-		break;
-	default:
-		ret = -1;
-		errno = EHOSTUNREACH;
-		break;
-	}
-		
-	/* to give better errors */
-	if (ret == -1 && errno == ENOENT) {
-		errno = EHOSTUNREACH;
-	}
-
-	if (ret == -1) {
-		swrap_dump_packet(si, to, SWRAP_SENDTO, buf, len);
-		swrap_dump_packet(si, to, SWRAP_SENDTO_UNREACH, buf, len);
-	} else {
-		swrap_dump_packet(si, to, SWRAP_SENDTO, buf, ret);
-	}
-
-	return ret;
-}
-
-_PUBLIC_ int swrap_ioctl(int s, int r, void *p)
-{
-	int ret;
-	struct socket_info *si = find_socket_info(s);
-	int value;
-
-	if (!si) {
-		return real_ioctl(s, r, p);
-	}
-
-	ret = real_ioctl(s, r, p);
-
-	switch (r) {
-	case FIONREAD:
-		value = *((int *)p);
-		if (ret == -1 && errno != EAGAIN && errno != ENOBUFS) {
-			swrap_dump_packet(si, NULL, SWRAP_PENDING_RST, NULL, 0);
-		} else if (value == 0) { /* END OF FILE */
-			swrap_dump_packet(si, NULL, SWRAP_PENDING_RST, NULL, 0);
-		}
-		break;
-	}
-
-	return ret;
-}
-
-_PUBLIC_ ssize_t swrap_recv(int s, void *buf, size_t len, int flags)
-{
-	int ret;
-	struct socket_info *si = find_socket_info(s);
-
-	if (!si) {
-		return real_recv(s, buf, len, flags);
-	}
-
-	ret = real_recv(s, buf, len, flags);
-	if (ret == -1 && errno != EAGAIN && errno != ENOBUFS) {
-		swrap_dump_packet(si, NULL, SWRAP_RECV_RST, NULL, 0);
-	} else if (ret == 0) { /* END OF FILE */
-		swrap_dump_packet(si, NULL, SWRAP_RECV_RST, NULL, 0);
-	} else {
-		swrap_dump_packet(si, NULL, SWRAP_RECV, buf, ret);
-	}
-
-	return ret;
-}
-
-
-_PUBLIC_ ssize_t swrap_send(int s, const void *buf, size_t len, int flags)
-{
-	int ret;
-	struct socket_info *si = find_socket_info(s);
-
-	if (!si) {
-		return real_send(s, buf, len, flags);
-	}
-
-	ret = real_send(s, buf, len, flags);
-
-	if (ret == -1) {
-		swrap_dump_packet(si, NULL, SWRAP_SEND, buf, len);
-		swrap_dump_packet(si, NULL, SWRAP_SEND_RST, NULL, 0);
-	} else {
-		swrap_dump_packet(si, NULL, SWRAP_SEND, buf, ret);
-	}
-
-	return ret;
-}
-
-_PUBLIC_ int swrap_close(int fd)
-{
-	struct socket_info *si = find_socket_info(fd);
-	int ret;
-
-	if (!si) {
-		return real_close(fd);
-	}
-
-	SWRAP_DLIST_REMOVE(sockets, si);
-
-	if (si->myname && si->peername) {
-		swrap_dump_packet(si, NULL, SWRAP_CLOSE_SEND, NULL, 0);
-	}
-
-	ret = real_close(fd);
-
-	if (si->myname && si->peername) {
-		swrap_dump_packet(si, NULL, SWRAP_CLOSE_RECV, NULL, 0);
-		swrap_dump_packet(si, NULL, SWRAP_CLOSE_ACK, NULL, 0);
-	}
-
-	if (si->path) free(si->path);
-	if (si->myname) free(si->myname);
-	if (si->peername) free(si->peername);
-	if (si->tmp_path) {
-		unlink(si->tmp_path);
-		free(si->tmp_path);
-	}
-	free(si);
-
-	return ret;
-}
-
-static int
-dup_internal(const struct socket_info *si_oldd, int fd)
-{
-	struct socket_info *si_newd;
-
-	si_newd = (struct socket_info *)calloc(1, sizeof(struct socket_info));
-
-	si_newd->fd = fd;
-
-	si_newd->family = si_oldd->family;
-	si_newd->type = si_oldd->type;
-	si_newd->protocol = si_oldd->protocol;
-	si_newd->bound = si_oldd->bound;
-	si_newd->bcast = si_oldd->bcast;
-	if (si_oldd->path)
-		si_newd->path = strdup(si_oldd->path);
-	if (si_oldd->tmp_path)
-		si_newd->tmp_path = strdup(si_oldd->tmp_path);
-	si_newd->myname =
-	    sockaddr_dup(si_oldd->myname, si_oldd->myname_len);
-	si_newd->myname_len = si_oldd->myname_len;
-	si_newd->peername = 
-	    sockaddr_dup(si_oldd->peername, si_oldd->peername_len);
-	si_newd->peername_len = si_oldd->peername_len;
-
-	si_newd->io = si_oldd->io;
-
-	SWRAP_DLIST_ADD(sockets, si_newd);
-
-	return fd;
-}
-
-
-_PUBLIC_ int swrap_dup(int oldd)
-{
-	struct socket_info *si;
-	int fd;
-
-	si = find_socket_info(oldd);
-	if (si == NULL)
-		return real_dup(oldd);
-
-	fd = real_dup(si->fd);
-	if (fd < 0)
-		return fd;
-
-	return dup_internal(si, fd);
-}
-
-
-_PUBLIC_ int swrap_dup2(int oldd, int newd)
-{
-	struct socket_info *si_newd, *si_oldd;
-	int fd;
-
-	if (newd == oldd)
-	    return newd;
-
-	si_oldd = find_socket_info(oldd);
-	si_newd = find_socket_info(newd);
-
-	if (si_oldd == NULL && si_newd == NULL)
-		return real_dup2(oldd, newd);
-
-	fd = real_dup2(si_oldd->fd, newd);
-	if (fd < 0)
-		return fd;
-
-	/* close new socket first */
-	if (si_newd)
-	       	swrap_close(newd);
-
-	return dup_internal(si_oldd, fd);
-}
diff --git a/crypto/heimdal/lib/roken/socket_wrapper.h b/crypto/heimdal/lib/roken/socket_wrapper.h
deleted file mode 100644
index 316b024326b1..000000000000
--- a/crypto/heimdal/lib/roken/socket_wrapper.h
+++ /dev/null
@@ -1,146 +0,0 @@
-/*
- * Copyright (C) Jelmer Vernooij 2005 <jelmer@samba.org>
- * Copyright (C) Stefan Metzmacher 2006 <metze@samba.org>
- *
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the author nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- */
-
-#ifndef __SOCKET_WRAPPER_H__
-#define __SOCKET_WRAPPER_H__
-
-int swrap_socket(int family, int type, int protocol);
-int swrap_accept(int s, struct sockaddr *addr, socklen_t *addrlen);
-int swrap_connect(int s, const struct sockaddr *serv_addr, socklen_t addrlen);
-int swrap_bind(int s, const struct sockaddr *myaddr, socklen_t addrlen);
-int swrap_listen(int s, int backlog);
-int swrap_getpeername(int s, struct sockaddr *name, socklen_t *addrlen);
-int swrap_getsockname(int s, struct sockaddr *name, socklen_t *addrlen);
-int swrap_getsockopt(int s, int level, int optname, void *optval, socklen_t *optlen);
-int swrap_setsockopt(int s, int  level,  int  optname,  const  void  *optval, socklen_t optlen);
-ssize_t swrap_recvfrom(int s, void *buf, size_t len, int flags, struct sockaddr *from, socklen_t *fromlen);
-ssize_t swrap_sendto(int s, const void *buf, size_t len, int flags, const struct sockaddr *to, socklen_t tolen);
-int swrap_ioctl(int s, int req, void *ptr);
-ssize_t swrap_recv(int s, void *buf, size_t len, int flags);
-ssize_t swrap_send(int s, const void *buf, size_t len, int flags);
-int swrap_close(int);
-int swrap_dup(int);
-int swrap_dup2(int, int);
-
-#ifdef SOCKET_WRAPPER_REPLACE
-
-#ifdef accept
-#undef accept
-#endif
-#define accept(s,addr,addrlen)		swrap_accept(s,addr,addrlen)
-
-#ifdef connect
-#undef connect
-#endif
-#define connect(s,serv_addr,addrlen)	swrap_connect(s,serv_addr,addrlen)
-
-#ifdef bind
-#undef bind
-#endif
-#define bind(s,myaddr,addrlen)		swrap_bind(s,myaddr,addrlen)
-
-#ifdef listen
-#undef listen
-#endif
-#define listen(s,blog)			swrap_listen(s,blog)
-
-#ifdef getpeername
-#undef getpeername
-#endif
-#define getpeername(s,name,addrlen)	swrap_getpeername(s,name,addrlen)
-
-#ifdef getsockname
-#undef getsockname
-#endif
-#define getsockname(s,name,addrlen)	swrap_getsockname(s,name,addrlen)
-
-#ifdef getsockopt
-#undef getsockopt
-#endif
-#define getsockopt(s,level,optname,optval,optlen) swrap_getsockopt(s,level,optname,optval,optlen)
-
-#ifdef setsockopt
-#undef setsockopt
-#endif
-#define setsockopt(s,level,optname,optval,optlen) swrap_setsockopt(s,level,optname,optval,optlen)
-
-#ifdef recvfrom
-#undef recvfrom
-#endif
-#define recvfrom(s,buf,len,flags,from,fromlen) 	  swrap_recvfrom(s,buf,len,flags,from,fromlen)
-
-#ifdef sendto
-#undef sendto
-#endif
-#define sendto(s,buf,len,flags,to,tolen)          swrap_sendto(s,buf,len,flags,to,tolen)
-
-#ifdef ioctl
-#undef ioctl
-#endif
-#define ioctl(s,req,ptr)		swrap_ioctl(s,req,ptr)
-
-#ifdef recv
-#undef recv
-#endif
-#define recv(s,buf,len,flags)		swrap_recv(s,buf,len,flags)
-
-#ifdef send
-#undef send
-#endif
-#define send(s,buf,len,flags)		swrap_send(s,buf,len,flags)
-
-#ifdef socket
-#undef socket
-#endif
-#define socket(domain,type,protocol)	swrap_socket(domain,type,protocol)
-
-#ifdef close
-#undef close
-#endif
-#define close(s)			swrap_close(s)
-
-#ifdef dup
-#undef dup
-#endif
-#define dup(oldd)			swrap_dup(oldd)
-
-#ifdef dup2
-#undef dup2
-#endif
-#define dup2(oldd, newd)		swrap_dup2(oldd, newd)
-
-#endif
-
-#endif /* __SOCKET_WRAPPER_H__ */
diff --git a/crypto/heimdal/lib/roken/strcasecmp.c b/crypto/heimdal/lib/roken/strcasecmp.c
deleted file mode 100644
index 4788d4fb5126..000000000000
--- a/crypto/heimdal/lib/roken/strcasecmp.c
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- * Copyright (c) 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: strcasecmp.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include <string.h>
-#include <ctype.h>
-#include <stddef.h>
-#include "roken.h"
-
-#ifndef HAVE_STRCASECMP
-
-int ROKEN_LIB_FUNCTION
-strcasecmp(const char *s1, const char *s2)
-{
-    while(toupper((unsigned char)*s1) == toupper((unsigned char)*s2)) {
-	if(*s1 == '\0')
-	    return 0;
-	s1++;
-	s2++;
-    }
-    return toupper((unsigned char)*s1) - toupper((unsigned char)*s2);
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/strcollect.c b/crypto/heimdal/lib/roken/strcollect.c
deleted file mode 100644
index f29189159e16..000000000000
--- a/crypto/heimdal/lib/roken/strcollect.c
+++ /dev/null
@@ -1,96 +0,0 @@
-/*
- * Copyright (c) 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: strcollect.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#include <stdarg.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include "roken.h"
-
-enum { initial = 10, increment = 5 };
-
-static char **
-sub (char **argv, int i, int argc, va_list *ap)
-{
-    do {
-	if(i == argc) {
-	    /* realloc argv */
-	    char **tmp = realloc(argv, (argc + increment) * sizeof(*argv));
-	    if(tmp == NULL) {
-		free(argv);
-		errno = ENOMEM;
-		return NULL;
-	    }
-	    argv  = tmp;
-	    argc += increment;
-	}
-	argv[i++] = va_arg(*ap, char*);
-    } while(argv[i - 1] != NULL);
-    return argv;
-}
-
-/*
- * return a malloced vector of pointers to the strings in `ap'
- * terminated by NULL.
- */
-
-char ** ROKEN_LIB_FUNCTION
-vstrcollect(va_list *ap)
-{
-    return sub (NULL, 0, 0, ap);
-}
-
-/*
- *
- */
-
-char ** ROKEN_LIB_FUNCTION
-strcollect(char *first, ...)
-{
-    va_list ap;
-    char **ret = malloc (initial * sizeof(char *));
-
-    if (ret == NULL)
-	return ret;
-
-    ret[0] = first;
-    va_start(ap, first);
-    ret = sub (ret, 1, initial, &ap);
-    va_end(ap);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/strdup.c b/crypto/heimdal/lib/roken/strdup.c
deleted file mode 100644
index a832120da259..000000000000
--- a/crypto/heimdal/lib/roken/strdup.c
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: strdup.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-#include <stdlib.h>
-#include <string.h>
-
-#ifndef HAVE_STRDUP
-char * ROKEN_LIB_FUNCTION
-strdup(const char *old)
-{
-	char *t = malloc(strlen(old)+1);
-	if (t != 0)
-		strcpy(t, old);
-	return t;
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/strerror.c b/crypto/heimdal/lib/roken/strerror.c
deleted file mode 100644
index ca152f46b56c..000000000000
--- a/crypto/heimdal/lib/roken/strerror.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: strerror.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-
-extern int sys_nerr;
-extern char *sys_errlist[];
-
-char* ROKEN_LIB_FUNCTION
-strerror(int eno)
-{
-    static char emsg[1024];
-
-    if(eno < 0 || eno >= sys_nerr)
-	snprintf(emsg, sizeof(emsg), "Error %d occurred.", eno);
-    else
-	snprintf(emsg, sizeof(emsg), "%s", sys_errlist[eno]);
-
-    return emsg;
-}
diff --git a/crypto/heimdal/lib/roken/strftime.c b/crypto/heimdal/lib/roken/strftime.c
deleted file mode 100644
index b7176b60b7bd..000000000000
--- a/crypto/heimdal/lib/roken/strftime.c
+++ /dev/null
@@ -1,401 +0,0 @@
-/*
- * Copyright (c) 1999 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#ifdef TEST_STRPFTIME
-#include "strpftime-test.h"
-#endif
-#include "roken.h"
-
-RCSID("$Id: strftime.c 21896 2007-08-09 08:46:08Z lha $");
-
-static const char *abb_weekdays[] = {
-    "Sun",
-    "Mon",
-    "Tue",
-    "Wed",
-    "Thu",
-    "Fri",
-    "Sat",
-};
-
-static const char *full_weekdays[] = {
-    "Sunday",
-    "Monday",
-    "Tuesday",
-    "Wednesday",
-    "Thursday",
-    "Friday",
-    "Saturday",
-};
-
-static const char *abb_month[] = {
-    "Jan",
-    "Feb",
-    "Mar",
-    "Apr",
-    "May",
-    "Jun",
-    "Jul",
-    "Aug",
-    "Sep",
-    "Oct",
-    "Nov",
-    "Dec"
-};
-
-static const char *full_month[] = {
-    "January",
-    "February",
-    "Mars",
-    "April",
-    "May",
-    "June",
-    "July",
-    "August",
-    "September",
-    "October",
-    "November",
-    "December"
-};
-
-static const char *ampm[] = {
-    "AM",
-    "PM"
-};
-
-/*
- * Convert hour in [0, 24] to [12 1 - 11 12 1 - 11 12]
- */
-
-static int
-hour_24to12 (int hour)
-{
-    int ret = hour % 12;
-
-    if (ret == 0)
-	ret = 12;
-    return ret;
-}
-
-/*
- * Return AM or PM for `hour'
- */
-
-static const char *
-hour_to_ampm (int hour)
-{
-    return ampm[hour / 12];
-}
-
-/*
- * Return the week number of `tm' (Sunday being the first day of the week)
- * as [0, 53]
- */
-
-static int
-week_number_sun (const struct tm *tm)
-{
-    return (tm->tm_yday + 7 - (tm->tm_yday % 7 - tm->tm_wday + 7) % 7) / 7;
-}
-
-/*
- * Return the week number of `tm' (Monday being the first day of the week)
- * as [0, 53]
- */
-
-static int
-week_number_mon (const struct tm *tm)
-{
-    int wday = (tm->tm_wday + 6) % 7;
-
-    return (tm->tm_yday + 7 - (tm->tm_yday % 7 - wday + 7) % 7) / 7;
-}
-
-/*
- * Return the week number of `tm' (Monday being the first day of the
- * week) as [01, 53].  Week number one is the one that has four or more
- * days in that year.
- */
-
-static int
-week_number_mon4 (const struct tm *tm)
-{
-    int wday  = (tm->tm_wday + 6) % 7;
-    int w1day = (wday - tm->tm_yday % 7 + 7) % 7;
-    int ret;
-    
-    ret = (tm->tm_yday + w1day) / 7;
-    if (w1day >= 4)
-	--ret;
-    if (ret == -1)
-	ret = 53;
-    else
-	++ret;
-    return ret;
-}
-
-/*
- *
- */
-
-size_t ROKEN_LIB_FUNCTION
-strftime (char *buf, size_t maxsize, const char *format,
-	  const struct tm *tm)
-{
-    size_t n = 0;
-    int ret;
-
-    while (*format != '\0' && n < maxsize) {
-	if (*format == '%') {
-	    ++format;
-	    if(*format == 'E' || *format == 'O')
-		++format;
-	    switch (*format) {
-	    case 'a' :
-		ret = snprintf (buf, maxsize - n,
-				"%s", abb_weekdays[tm->tm_wday]);
-		break;
-	    case 'A' :
-		ret = snprintf (buf, maxsize - n,
-				"%s", full_weekdays[tm->tm_wday]);
-		break;
-	    case 'h' :
-	    case 'b' :
-		ret = snprintf (buf, maxsize - n,
-				"%s", abb_month[tm->tm_mon]);
-		break;
-	    case 'B' :
-		ret = snprintf (buf, maxsize - n,
-				"%s", full_month[tm->tm_mon]);
-		break;
-	    case 'c' :
-		ret = snprintf (buf, maxsize - n,
-				"%d:%02d:%02d %02d:%02d:%02d",
-				tm->tm_year,
-				tm->tm_mon + 1,
-				tm->tm_mday,
-				tm->tm_hour,
-				tm->tm_min,
-				tm->tm_sec);
-		break;
-	    case 'C' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d", (tm->tm_year + 1900) / 100);
-		break;
-	    case 'd' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d", tm->tm_mday);
-		break;
-	    case 'D' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d/%02d/%02d",
-				tm->tm_mon + 1,
-				tm->tm_mday,
-				(tm->tm_year + 1900) % 100);
-		break;
-	    case 'e' :
-		ret = snprintf (buf, maxsize - n,
-				"%2d", tm->tm_mday);
-		break;
-	    case 'F':
-		ret = snprintf (buf, maxsize - n,
-				"%04d-%02d-%02d", tm->tm_year + 1900,
-				tm->tm_mon + 1, tm->tm_mday);
-		break;
-	    case 'g':
-		/* last two digits of week-based year */
-		abort();
-	    case 'G':
-		/* week-based year */
-		abort();
-	    case 'H' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d", tm->tm_hour);
-		break;
-	    case 'I' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d",
-				hour_24to12 (tm->tm_hour));
-		break;
-	    case 'j' :
-		ret = snprintf (buf, maxsize - n,
-				"%03d", tm->tm_yday + 1);
-		break;
-	    case 'k' :
-		ret = snprintf (buf, maxsize - n,
-				"%2d", tm->tm_hour);
-		break;
-	    case 'l' :
-		ret = snprintf (buf, maxsize - n,
-				"%2d",
-				hour_24to12 (tm->tm_hour));
-		break;
-	    case 'm' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d", tm->tm_mon + 1);
-		break;
-	    case 'M' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d", tm->tm_min);
-		break;
-	    case 'n' :
-		ret = snprintf (buf, maxsize - n, "\n");
-		break;
-	    case 'p' :
-		ret = snprintf (buf, maxsize - n, "%s",
-				hour_to_ampm (tm->tm_hour));
-		break;
-	    case 'r' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d:%02d:%02d %s",
-				hour_24to12 (tm->tm_hour),
-				tm->tm_min,
-				tm->tm_sec,
-				hour_to_ampm (tm->tm_hour));
-		break;
-	    case 'R' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d:%02d",
-				tm->tm_hour,
-				tm->tm_min);
-		    
-	    case 's' :
-		ret = snprintf (buf, maxsize - n,
-				"%d", (int)mktime(rk_UNCONST(tm)));
-		break;
-	    case 'S' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d", tm->tm_sec);
-		break;
-	    case 't' :
-		ret = snprintf (buf, maxsize - n, "\t");
-		break;
-	    case 'T' :
-	    case 'X' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d:%02d:%02d",
-				tm->tm_hour,
-				tm->tm_min,
-				tm->tm_sec);
-		break;
-	    case 'u' :
-		ret = snprintf (buf, maxsize - n,
-				"%d", (tm->tm_wday == 0) ? 7 : tm->tm_wday);
-		break;
-	    case 'U' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d", week_number_sun (tm));
-		break;
-	    case 'V' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d", week_number_mon4 (tm));
-		break;
-	    case 'w' :
-		ret = snprintf (buf, maxsize - n,
-				"%d", tm->tm_wday);
-		break;
-	    case 'W' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d", week_number_mon (tm));
-		break;
-	    case 'x' :
-		ret = snprintf (buf, maxsize - n,
-				"%d:%02d:%02d",
-				tm->tm_year,
-				tm->tm_mon + 1,
-				tm->tm_mday);
-		break;
-	    case 'y' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d", (tm->tm_year + 1900) % 100);
-		break;
-	    case 'Y' :
-		ret = snprintf (buf, maxsize - n,
-				"%d", tm->tm_year + 1900);
-		break;
-	    case 'z':
-		ret = snprintf (buf, maxsize - n,
-				"%ld",
-#if defined(HAVE_STRUCT_TM_TM_GMTOFF)
-				(long)tm->tm_gmtoff
-#elif defined(HAVE_TIMEZONE)
-#ifdef HAVE_ALTZONE
-				tm->tm_isdst ?
-				(long)altzone :
-#endif
-				(long)timezone
-#else
-#error Where in timezone chaos are you?
-#endif    
-				);
-		break;
-	    case 'Z' :
-		ret = snprintf (buf, maxsize - n,
-				"%s",
-
-#if defined(HAVE_STRUCT_TM_TM_ZONE)
-				tm->tm_zone
-#elif defined(HAVE_TIMEZONE)
-				tzname[tm->tm_isdst]
-#else
-#error what?
-#endif
-		    );
-		break;
-	    case '\0' :
-		--format;
-		/* FALLTHROUGH */
-	    case '%' :
-		ret = snprintf (buf, maxsize - n,
-				"%%");
-		break;
-	    default :
-		ret = snprintf (buf, maxsize - n,
-				"%%%c", *format);
-		break;
-	    }
-	    if (ret < 0 || ret >= maxsize - n)
-		return 0;
-	    n   += ret;
-	    buf += ret;
-	    ++format;
-	} else {
-	    *buf++ = *format++;
-	    ++n;
-	}
-    }
-    *buf++ = '\0';
-    return n;
-}
diff --git a/crypto/heimdal/lib/roken/strlcat.c b/crypto/heimdal/lib/roken/strlcat.c
deleted file mode 100644
index 3f9c085210c8..000000000000
--- a/crypto/heimdal/lib/roken/strlcat.c
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Copyright (c) 1995-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-
-RCSID("$Id: strlcat.c 14773 2005-04-12 11:29:18Z lha $");
-
-#ifndef HAVE_STRLCAT
-
-size_t ROKEN_LIB_FUNCTION
-strlcat (char *dst, const char *src, size_t dst_sz)
-{
-    size_t len = strlen(dst);
-
-    if (dst_sz < len)
-	/* the total size of dst is less than the string it contains;
-           this could be considered bad input, but we might as well
-           handle it */
-	return len + strlen(src);
-
-    return len + strlcpy (dst + len, src, dst_sz - len);
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/strlcpy.c b/crypto/heimdal/lib/roken/strlcpy.c
deleted file mode 100644
index 6797317bf40b..000000000000
--- a/crypto/heimdal/lib/roken/strlcpy.c
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Copyright (c) 1995-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-
-RCSID("$Id: strlcpy.c 14773 2005-04-12 11:29:18Z lha $");
-
-#ifndef HAVE_STRLCPY
-
-size_t ROKEN_LIB_FUNCTION
-strlcpy (char *dst, const char *src, size_t dst_sz)
-{
-    size_t n;
-
-    for (n = 0; n < dst_sz; n++) {
-	if ((*dst++ = *src++) == '\0')
-	    break;
-    }
-
-    if (n < dst_sz)
-	return n;
-    if (n > 0)
-	*(dst - 1) = '\0';
-    return n + strlen (src);
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/strlwr.c b/crypto/heimdal/lib/roken/strlwr.c
deleted file mode 100644
index 9e5e9739fc1c..000000000000
--- a/crypto/heimdal/lib/roken/strlwr.c
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: strlwr.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-#include <string.h>
-#include <ctype.h>
-
-#include "roken.h"
-
-#ifndef HAVE_STRLWR
-char * ROKEN_LIB_FUNCTION
-strlwr(char *str)
-{
-  char *s;
-
-  for(s = str; *s; s++)
-    *s = tolower((unsigned char)*s);
-  return str;
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/strncasecmp.c b/crypto/heimdal/lib/roken/strncasecmp.c
deleted file mode 100644
index e534393c7d56..000000000000
--- a/crypto/heimdal/lib/roken/strncasecmp.c
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Copyright (c) 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: strncasecmp.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include <string.h>
-#include <ctype.h>
-#include <stddef.h>
-
-#ifndef HAVE_STRNCASECMP
-
-int ROKEN_LIB_FUNCTION
-strncasecmp(const char *s1, const char *s2, size_t n)
-{
-    while(n > 0 
-	  && toupper((unsigned char)*s1) == toupper((unsigned char)*s2))
-    {
-	if(*s1 == '\0')
-	    return 0;
-	s1++;
-	s2++;
-	n--;
-    }
-    if(n == 0)
-	return 0;
-    return toupper((unsigned char)*s1) - toupper((unsigned char)*s2);
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/strndup.c b/crypto/heimdal/lib/roken/strndup.c
deleted file mode 100644
index 1960fd28c2aa..000000000000
--- a/crypto/heimdal/lib/roken/strndup.c
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Copyright (c) 1995 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: strndup.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-#include <stdlib.h>
-#include <string.h>
-
-#include "roken.h"
-
-#ifndef HAVE_STRNDUP
-char * ROKEN_LIB_FUNCTION
-strndup(const char *old, size_t sz)
-{
-    size_t len = strnlen (old, sz);
-    char *t    = malloc(len + 1);
-
-    if (t != NULL) {
-	memcpy (t, old, len);
-	t[len] = '\0';
-    }
-    return t;
-}
-#endif /* HAVE_STRNDUP */
diff --git a/crypto/heimdal/lib/roken/strnlen.c b/crypto/heimdal/lib/roken/strnlen.c
deleted file mode 100644
index 3ba61a582318..000000000000
--- a/crypto/heimdal/lib/roken/strnlen.c
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 1995 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: strnlen.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-size_t ROKEN_LIB_FUNCTION
-strnlen(const char *s, size_t len)
-{
-    size_t i;
-
-    for(i = 0; i < len && s[i]; i++)
-	;
-    return i;
-}
diff --git a/crypto/heimdal/lib/roken/strpftime-test.c b/crypto/heimdal/lib/roken/strpftime-test.c
deleted file mode 100644
index a1c13f3dced2..000000000000
--- a/crypto/heimdal/lib/roken/strpftime-test.c
+++ /dev/null
@@ -1,299 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#ifdef TEST_STRPFTIME
-#include "strpftime-test.h"
-#endif
-#include "roken.h"
-
-RCSID("$Id: strpftime-test.c 21897 2007-08-09 08:46:34Z lha $");
-
-enum { MAXSIZE = 26 };
-
-static struct testcase {
-    time_t t;
-    struct {
-	const char *format;
-	const char *result;
-    } vals[MAXSIZE];
-} tests[] = {
-    {0,
-     {
-	 {"%A", "Thursday"},
-	 {"%a", "Thu"},
-	 {"%B", "January"},
-	 {"%b", "Jan"},
-	 {"%C", "19"},
-	 {"%d", "01"},
-	 {"%e", " 1"},
-	 {"%H", "00"},
-	 {"%I", "12"},
-	 {"%j", "001"},
-	 {"%k", " 0"},
-	 {"%l", "12"},
-	 {"%M", "00"},
-	 {"%m", "01"},
-	 {"%n", "\n"},
-	 {"%p", "AM"},
-	 {"%S", "00"},
-	 {"%t", "\t"},
-	 {"%w", "4"},
-	 {"%Y", "1970"},
-	 {"%y", "70"},
-	 {"%U", "00"},
-	 {"%W", "00"},
-	 {"%V", "01"},
-	 {"%%", "%"},
-	 {NULL, NULL}}
-    },
-    {90000,
-     {
-	 {"%A", "Friday"},
-	 {"%a", "Fri"},
-	 {"%B", "January"},
-	 {"%b", "Jan"},
-	 {"%C", "19"},
-	 {"%d", "02"},
-	 {"%e", " 2"},
-	 {"%H", "01"},
-	 {"%I", "01"},
-	 {"%j", "002"},
-	 {"%k", " 1"},
-	 {"%l", " 1"},
-	 {"%M", "00"},
-	 {"%m", "01"},
-	 {"%n", "\n"},
-	 {"%p", "AM"},
-	 {"%S", "00"},
-	 {"%t", "\t"},
-	 {"%w", "5"},
-	 {"%Y", "1970"},
-	 {"%y", "70"},
-	 {"%U", "00"},
-	 {"%W", "00"},
-	 {"%V", "01"},
-	 {"%%", "%"},
-	 {NULL, NULL}
-     }
-    },
-    {216306,
-     {
-	 {"%A", "Saturday"},
-	 {"%a", "Sat"},
-	 {"%B", "January"},
-	 {"%b", "Jan"},
-	 {"%C", "19"},
-	 {"%d", "03"},
-	 {"%e", " 3"},
-	 {"%H", "12"},
-	 {"%I", "12"},
-	 {"%j", "003"},
-	 {"%k", "12"},
-	 {"%l", "12"},
-	 {"%M", "05"},
-	 {"%m", "01"},
-	 {"%n", "\n"},
-	 {"%p", "PM"},
-	 {"%S", "06"},
-	 {"%t", "\t"},
-	 {"%w", "6"},
-	 {"%Y", "1970"},
-	 {"%y", "70"},
-	 {"%U", "00"},
-	 {"%W", "00"},
-	 {"%V", "01"},
-	 {"%%", "%"},
-	 {NULL, NULL}
-     }
-    },
-    {259200,
-     {
-	 {"%A", "Sunday"},
-	 {"%a", "Sun"},
-	 {"%B", "January"},
-	 {"%b", "Jan"},
-	 {"%C", "19"},
-	 {"%d", "04"},
-	 {"%e", " 4"},
-	 {"%H", "00"},
-	 {"%I", "12"},
-	 {"%j", "004"},
-	 {"%k", " 0"},
-	 {"%l", "12"},
-	 {"%M", "00"},
-	 {"%m", "01"},
-	 {"%n", "\n"},
-	 {"%p", "AM"},
-	 {"%S", "00"},
-	 {"%t", "\t"},
-	 {"%w", "0"},
-	 {"%Y", "1970"},
-	 {"%y", "70"},
-	 {"%U", "01"},
-	 {"%W", "00"},
-	 {"%V", "01"},
-	 {"%%", "%"},
-	 {NULL, NULL}
-     }
-    },
-    {915148800,
-     {
-	 {"%A", "Friday"},
-	 {"%a", "Fri"},
-	 {"%B", "January"},
-	 {"%b", "Jan"},
-	 {"%C", "19"},
-	 {"%d", "01"},
-	 {"%e", " 1"},
-	 {"%H", "00"},
-	 {"%I", "12"},
-	 {"%j", "001"},
-	 {"%k", " 0"},
-	 {"%l", "12"},
-	 {"%M", "00"},
-	 {"%m", "01"},
-	 {"%n", "\n"},
-	 {"%p", "AM"},
-	 {"%S", "00"},
-	 {"%t", "\t"},
-	 {"%w", "5"},
-	 {"%Y", "1999"},
-	 {"%y", "99"},
-	 {"%U", "00"},
-	 {"%W", "00"},
-	 {"%V", "53"},
-	 {"%%", "%"},
-	 {NULL, NULL}}
-    },
-    {942161105,
-     {
-
-	 {"%A", "Tuesday"},
-	 {"%a", "Tue"},
-	 {"%B", "November"},
-	 {"%b", "Nov"},
-	 {"%C", "19"},
-	 {"%d", "09"},
-	 {"%e", " 9"},
-	 {"%H", "15"},
-	 {"%I", "03"},
-	 {"%j", "313"},
-	 {"%k", "15"},
-	 {"%l", " 3"},
-	 {"%M", "25"},
-	 {"%m", "11"},
-	 {"%n", "\n"},
-	 {"%p", "PM"},
-	 {"%S", "05"},
-	 {"%t", "\t"},
-	 {"%w", "2"},
-	 {"%Y", "1999"},
-	 {"%y", "99"},
-	 {"%U", "45"},
-	 {"%W", "45"},
-	 {"%V", "45"},
-	 {"%%", "%"},
-	 {NULL, NULL}
-     }
-    }
-};
-
-int
-main(int argc, char **argv)
-{
-    int i, j;
-    int ret = 0;
-
-    for (i = 0; i < sizeof(tests)/sizeof(tests[0]); ++i) {
-	struct tm *tm;
-
-	tm = gmtime (&tests[i].t);
-
-	for (j = 0; tests[i].vals[j].format != NULL; ++j) {
-	    char buf[128];
-	    size_t len;
-	    struct tm tm2;
-	    char *ptr;
-
-	    len = strftime (buf, sizeof(buf), tests[i].vals[j].format, tm);
-	    if (len != strlen (buf)) {
-		printf ("length of strftime(\"%s\") = %lu (\"%s\")\n",
-			tests[i].vals[j].format, (unsigned long)len,
-			buf);
-		++ret;
-		continue;
-	    }
-	    if (strcmp (buf, tests[i].vals[j].result) != 0) {
-		printf ("result of strftime(\"%s\") = \"%s\" != \"%s\"\n",
-			tests[i].vals[j].format, buf,
-			tests[i].vals[j].result);
-		++ret;
-		continue;
-	    }
-	    memset (&tm2, 0, sizeof(tm2));
-	    ptr = strptime (tests[i].vals[j].result,
-			    tests[i].vals[j].format,
-			    &tm2);
-	    if (ptr == NULL || *ptr != '\0') {
-		printf ("bad return value from strptime("
-			"\"%s\", \"%s\")\n",
-			tests[i].vals[j].result,
-			tests[i].vals[j].format);
-		++ret;
-	    }
-	    strftime (buf, sizeof(buf), tests[i].vals[j].format, &tm2);
-	    if (strcmp (buf, tests[i].vals[j].result) != 0) {
-		printf ("reverse of \"%s\" failed: \"%s\" vs \"%s\"\n",
-			tests[i].vals[j].format,
-			buf, tests[i].vals[j].result);
-		++ret;
-	    }
-	}
-    }
-    {
-	struct tm tm;
-	memset(&tm, 0, sizeof(tm));
-	strptime ("200505", "%Y%m", &tm);
-	if (tm.tm_year != 105)
-	    ++ret;
-	if (tm.tm_mon != 4)
-	    ++ret;
-    }
-    if (ret) {
-	printf ("%d errors\n", ret);
-	return 1;
-    } else
-	return 0;
-}
diff --git a/crypto/heimdal/lib/roken/strpftime-test.h b/crypto/heimdal/lib/roken/strpftime-test.h
deleted file mode 100644
index 546e5529539a..000000000000
--- a/crypto/heimdal/lib/roken/strpftime-test.h
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (c) 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/* $Id: snprintf-test.h 10377 2001-07-19 18:39:14Z assar $ */
-
-#ifndef __STRFTIME_TEST_H__
-#define __STRFTIME_TEST_H__
-
-/*
- * we cannot use the real names of the functions when testing, since
- * they might have different prototypes as the system functions, hence
- * these evil hacks
- */
-
-#define strftime test_strftime
-#define strptime test_strptime
-
-#endif /* __STRFTIME_TEST_H__ */
diff --git a/crypto/heimdal/lib/roken/strpool.c b/crypto/heimdal/lib/roken/strpool.c
deleted file mode 100644
index 6ebe0ce6c4b8..000000000000
--- a/crypto/heimdal/lib/roken/strpool.c
+++ /dev/null
@@ -1,110 +0,0 @@
-/*
- * Copyright (c) 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: strpool.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#include <stdarg.h>
-#include <stdlib.h>
-#include "roken.h"
-
-struct rk_strpool {
-    char *str;
-    size_t len;
-};
-
-/*
- *
- */
-
-void ROKEN_LIB_FUNCTION
-rk_strpoolfree(struct rk_strpool *p)
-{
-    if (p->str) {
-	free(p->str);
-	p->str = NULL;
-    }
-    free(p);
-}
-
-/*
- *
- */
-
-struct rk_strpool * ROKEN_LIB_FUNCTION
-rk_strpoolprintf(struct rk_strpool *p, const char *fmt, ...)
-{
-    va_list ap;
-    char *str, *str2;
-    int len;
-
-    if (p == NULL) {
-	p = malloc(sizeof(*p));
-	if (p == NULL)
-	    return NULL;
-	p->str = NULL;
-	p->len = 0;
-    }
-    va_start(ap, fmt);
-    len = vasprintf(&str, fmt, ap);
-    va_end(ap);
-    if (str == NULL) {
-	rk_strpoolfree(p);
-	return NULL;
-    }
-    str2 = realloc(p->str, len + p->len + 1);
-    if (str2 == NULL) {
-	rk_strpoolfree(p);
-	return NULL;
-    }
-    p->str = str2;
-    memcpy(p->str + p->len, str, len + 1);
-    p->len += len;
-    free(str);
-    return p;
-}
-
-/*
- *
- */
-
-char * ROKEN_LIB_FUNCTION
-rk_strpoolcollect(struct rk_strpool *p)
-{
-    char *str = p->str;
-    p->str = NULL;
-    free(p);
-    return str;
-}
diff --git a/crypto/heimdal/lib/roken/strptime.c b/crypto/heimdal/lib/roken/strptime.c
deleted file mode 100644
index 9cd133357a56..000000000000
--- a/crypto/heimdal/lib/roken/strptime.c
+++ /dev/null
@@ -1,453 +0,0 @@
-/*
- * Copyright (c) 1999, 2003, 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#ifdef TEST_STRPFTIME
-#include "strpftime-test.h"
-#endif
-#include <ctype.h>
-#include "roken.h"
-
-RCSID("$Id: strptime.c 21895 2007-08-09 08:45:54Z lha $");
-
-static const char *abb_weekdays[] = {
-    "Sun",
-    "Mon",
-    "Tue",
-    "Wed",
-    "Thu",
-    "Fri",
-    "Sat",
-    NULL
-};
-
-static const char *full_weekdays[] = {
-    "Sunday",
-    "Monday",
-    "Tuesday",
-    "Wednesday",
-    "Thursday",
-    "Friday",
-    "Saturday",
-    NULL
-};
-
-static const char *abb_month[] = {
-    "Jan",
-    "Feb",
-    "Mar",
-    "Apr",
-    "May",
-    "Jun",
-    "Jul",
-    "Aug",
-    "Sep",
-    "Oct",
-    "Nov",
-    "Dec",
-    NULL
-};
-
-static const char *full_month[] = {
-    "January",
-    "February",
-    "March",
-    "April",
-    "May",
-    "June",
-    "July",
-    "August",
-    "September",
-    "October",
-    "November",
-    "December",
-    NULL,
-};
-
-static const char *ampm[] = {
-    "am",
-    "pm",
-    NULL
-};
-
-/*
- * Try to match `*buf' to one of the strings in `strs'.  Return the
- * index of the matching string (or -1 if none).  Also advance buf.
- */
-
-static int
-match_string (const char **buf, const char **strs)
-{
-    int i = 0;
-
-    for (i = 0; strs[i] != NULL; ++i) {
-	int len = strlen (strs[i]);
-
-	if (strncasecmp (*buf, strs[i], len) == 0) {
-	    *buf += len;
-	    return i;
-	}
-    }
-    return -1;
-}
-
-/*
- * Try to match `*buf' to at the most `n' characters and return the
- * resulting number in `num'. Returns 0 or an error.  Also advance
- * buf.
- */
-
-static int
-parse_number (const char **buf, int n, int *num)
-{
-    char *s, *str;
-    int i;
-
-    str = malloc(n + 1);
-    if (str == NULL)
-	return -1;
-
-    /* skip whitespace */
-    for (; **buf != '\0' && isspace((unsigned char)(**buf)); (*buf)++)
-	;
-
-    /* parse at least n characters */
-    for (i = 0; **buf != '\0' && i < n && isdigit((unsigned char)(**buf)); i++, (*buf)++)
-	str[i] = **buf;
-    str[i] = '\0';
-
-    *num = strtol (str, &s, 10);
-    free(str);
-    if (s == str)
-	return -1;
-
-    return 0;
-}
-
-/*
- * tm_year is relative this year
- */
-
-const int tm_year_base = 1900;
-
-/*
- * Return TRUE iff `year' was a leap year.
- */
-
-static int
-is_leap_year (int year)
-{
-    return (year % 4) == 0 && ((year % 100) != 0 || (year % 400) == 0);
-}
-
-/*
- * Return the weekday [0,6] (0 = Sunday) of the first day of `year'
- */
-
-static int
-first_day (int year)
-{
-    int ret = 4;
-
-    for (; year > 1970; --year)
-	ret = (ret + 365 + is_leap_year (year) ? 1 : 0) % 7;
-    return ret;
-}
-
-/*
- * Set `timeptr' given `wnum' (week number [0, 53])
- */
-
-static void
-set_week_number_sun (struct tm *timeptr, int wnum)
-{
-    int fday = first_day (timeptr->tm_year + tm_year_base);
-
-    timeptr->tm_yday = wnum * 7 + timeptr->tm_wday - fday;
-    if (timeptr->tm_yday < 0) {
-	timeptr->tm_wday = fday;
-	timeptr->tm_yday = 0;
-    }
-}
-
-/*
- * Set `timeptr' given `wnum' (week number [0, 53])
- */
-
-static void
-set_week_number_mon (struct tm *timeptr, int wnum)
-{
-    int fday = (first_day (timeptr->tm_year + tm_year_base) + 6) % 7;
-
-    timeptr->tm_yday = wnum * 7 + (timeptr->tm_wday + 6) % 7 - fday;
-    if (timeptr->tm_yday < 0) {
-	timeptr->tm_wday = (fday + 1) % 7;
-	timeptr->tm_yday = 0;
-    }
-}
-
-/*
- * Set `timeptr' given `wnum' (week number [0, 53])
- */
-
-static void
-set_week_number_mon4 (struct tm *timeptr, int wnum)
-{
-    int fday = (first_day (timeptr->tm_year + tm_year_base) + 6) % 7;
-    int offset = 0;
-
-    if (fday < 4)
-	offset += 7;
-
-    timeptr->tm_yday = offset + (wnum - 1) * 7 + timeptr->tm_wday - fday;
-    if (timeptr->tm_yday < 0) {
-	timeptr->tm_wday = fday;
-	timeptr->tm_yday = 0;
-    }
-}
-
-/*
- *
- */
-
-char * ROKEN_LIB_FUNCTION
-strptime (const char *buf, const char *format, struct tm *timeptr)
-{
-    char c;
-
-    for (; (c = *format) != '\0'; ++format) {
-	char *s;
-	int ret;
-
-	if (isspace ((unsigned char)c)) {
-	    while (isspace ((unsigned char)*buf))
-		++buf;
-	} else if (c == '%' && format[1] != '\0') {
-	    c = *++format;
-	    if (c == 'E' || c == 'O')
-		c = *++format;
-	    switch (c) {
-	    case 'A' :
-		ret = match_string (&buf, full_weekdays);
-		if (ret < 0)
-		    return NULL;
-		timeptr->tm_wday = ret;
-		break;
-	    case 'a' :
-		ret = match_string (&buf, abb_weekdays);
-		if (ret < 0)
-		    return NULL;
-		timeptr->tm_wday = ret;
-		break;
-	    case 'B' :
-		ret = match_string (&buf, full_month);
-		if (ret < 0)
-		    return NULL;
-		timeptr->tm_mon = ret;
-		break;
-	    case 'b' :
-	    case 'h' :
-		ret = match_string (&buf, abb_month);
-		if (ret < 0)
-		    return NULL;
-		timeptr->tm_mon = ret;
-		break;
-	    case 'C' :
-		if (parse_number(&buf, 2, &ret))
-		    return NULL;
-		timeptr->tm_year = (ret * 100) - tm_year_base;
-		break;
-	    case 'c' :
-		abort ();
-	    case 'D' :		/* %m/%d/%y */
-		s = strptime (buf, "%m/%d/%y", timeptr);
-		if (s == NULL)
-		    return NULL;
-		buf = s;
-		break;
-	    case 'd' :
-	    case 'e' :
-		if (parse_number(&buf, 2, &ret))
-		    return NULL;
-		timeptr->tm_mday = ret;
-		break;
-	    case 'H' :
-	    case 'k' :
-		if (parse_number(&buf, 2, &ret))
-		    return NULL;
-		timeptr->tm_hour = ret;
-		break;
-	    case 'I' :
-	    case 'l' :
-		if (parse_number(&buf, 2, &ret))
-		    return NULL;
-		if (ret == 12)
-		    timeptr->tm_hour = 0;
-		else
-		    timeptr->tm_hour = ret;
-		break;
-	    case 'j' :
-		if (parse_number(&buf, 3, &ret))
-		    return NULL;
-		if (ret == 0)
-		    return NULL;
-		timeptr->tm_yday = ret - 1;
-		break;
-	    case 'm' :
-		if (parse_number(&buf, 2, &ret))
-		    return NULL;
-		if (ret == 0)
-		    return NULL;
-		timeptr->tm_mon = ret - 1;
-		break;
-	    case 'M' :
-		if (parse_number(&buf, 2, &ret))
-		    return NULL;
-		timeptr->tm_min = ret;
-		break;
-	    case 'n' :
-		while (isspace ((unsigned char)*buf))
-		    buf++;
-		break;
-	    case 'p' :
-		ret = match_string (&buf, ampm);
-		if (ret < 0)
-		    return NULL;
-		if (timeptr->tm_hour == 0) {
-		    if (ret == 1)
-			timeptr->tm_hour = 12;
-		} else
-		    timeptr->tm_hour += 12;
-		break;
-	    case 'r' :		/* %I:%M:%S %p */
-		s = strptime (buf, "%I:%M:%S %p", timeptr);
-		if (s == NULL)
-		    return NULL;
-		buf = s;
-		break;
-	    case 'R' :		/* %H:%M */
-		s = strptime (buf, "%H:%M", timeptr);
-		if (s == NULL)
-		    return NULL;
-		buf = s;
-		break;
-	    case 'S' :
-		if (parse_number(&buf, 2, &ret))
-		    return NULL;
-		timeptr->tm_sec = ret;
-		break;
-	    case 't' :
-		while (isspace ((unsigned char)*buf))
-		    buf++;
-		break;
-	    case 'T' :		/* %H:%M:%S */
-	    case 'X' :
-		s = strptime (buf, "%H:%M:%S", timeptr);
-		if (s == NULL)
-		    return NULL;
-		buf = s;
-		break;
-	    case 'u' :
-		if (parse_number(&buf, 1, &ret))
-		    return NULL;
-		if (ret <= 0)
-		    return NULL;
-		timeptr->tm_wday = ret - 1;
-		break;
-	    case 'w' :
-		if (parse_number(&buf, 1, &ret))
-		    return NULL;
-		timeptr->tm_wday = ret;
-		break;
-	    case 'U' :
-		if (parse_number(&buf, 2, &ret))
-		    return NULL;
-		set_week_number_sun (timeptr, ret);
-		break;
-	    case 'V' :
-		if (parse_number(&buf, 2, &ret))
-		    return NULL;
-		set_week_number_mon4 (timeptr, ret);
-		break;
-	    case 'W' :
-		if (parse_number(&buf, 2, &ret))
-		    return NULL;
-		set_week_number_mon (timeptr, ret);
-		break;
-	    case 'x' :
-		s = strptime (buf, "%Y:%m:%d", timeptr);
-		if (s == NULL)
-		    return NULL;
-		buf = s;
-		break;
-	    case 'y' :
-		if (parse_number(&buf, 2, &ret))
-		    return NULL;
-		if (ret < 70)
-		    timeptr->tm_year = 100 + ret;
-		else
-		    timeptr->tm_year = ret;
-		break;
-	    case 'Y' :
-		if (parse_number(&buf, 4, &ret))
-		    return NULL;
-		timeptr->tm_year = ret - tm_year_base;
-		break;
-	    case 'Z' :
-		abort ();
-	    case '\0' :
-		--format;
-		/* FALLTHROUGH */
-	    case '%' :
-		if (*buf == '%')
-		    ++buf;
-		else
-		    return NULL;
-		break;
-	    default :
-		if (*buf == '%' || *++buf == c)
-		    ++buf;
-		else
-		    return NULL;
-		break;
-	    }
-	} else {
-	    if (*buf == c)
-		++buf;
-	    else
-		return NULL;
-	}
-    }
-    return rk_UNCONST(buf);
-}
diff --git a/crypto/heimdal/lib/roken/strsep.c b/crypto/heimdal/lib/roken/strsep.c
deleted file mode 100644
index dd191c402298..000000000000
--- a/crypto/heimdal/lib/roken/strsep.c
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: strsep.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include <string.h>
-
-#include "roken.h"
-
-#ifndef HAVE_STRSEP
-
-char * ROKEN_LIB_FUNCTION
-strsep(char **str, const char *delim)
-{
-    char *save = *str;
-    if(*str == NULL)
-	return NULL;
-    *str = *str + strcspn(*str, delim);
-    if(**str == 0)
-	*str = NULL;
-    else{
-	**str = 0;
-	(*str)++;
-    }
-    return save;
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/strsep_copy.c b/crypto/heimdal/lib/roken/strsep_copy.c
deleted file mode 100644
index 4a0a8b05333a..000000000000
--- a/crypto/heimdal/lib/roken/strsep_copy.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright (c) 2000, 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: strsep_copy.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include <string.h>
-
-#include "roken.h"
-
-#ifndef HAVE_STRSEP_COPY
-
-/* strsep, but with const stringp, so return string in buf */
-
-ssize_t ROKEN_LIB_FUNCTION
-strsep_copy(const char **stringp, const char *delim, char *buf, size_t len)
-{
-    const char *save = *stringp;
-    size_t l;
-    if(save == NULL)
-	return -1;
-    *stringp = *stringp + strcspn(*stringp, delim);
-    l = min(len, *stringp - save);
-    if(len > 0) {
-	memcpy(buf, save, l);
-	buf[l] = '\0';
-    }
-
-    l = *stringp - save;
-    if(**stringp == '\0')
-	*stringp = NULL;
-    else
-	(*stringp)++;
-    return l;
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/strtok_r.c b/crypto/heimdal/lib/roken/strtok_r.c
deleted file mode 100644
index fb72f5dc7728..000000000000
--- a/crypto/heimdal/lib/roken/strtok_r.c
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: strtok_r.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include <string.h>
-
-#include "roken.h"
-
-#ifndef HAVE_STRTOK_R
-
-char * ROKEN_LIB_FUNCTION
-strtok_r(char *s1, const char *s2, char **lasts)
-{
-  char *ret;
-
-  if (s1 == NULL)
-    s1 = *lasts;
-  while(*s1 && strchr(s2, *s1))
-    ++s1;
-  if(*s1 == '\0')
-    return NULL;
-  ret = s1;
-  while(*s1 && !strchr(s2, *s1))
-    ++s1;
-  if(*s1)
-    *s1++ = '\0';
-  *lasts = s1;
-  return ret;
-}
-
-#endif /* HAVE_STRTOK_R */
diff --git a/crypto/heimdal/lib/roken/strupr.c b/crypto/heimdal/lib/roken/strupr.c
deleted file mode 100644
index 2a5322677f5c..000000000000
--- a/crypto/heimdal/lib/roken/strupr.c
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: strupr.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-#include <string.h>
-#include <ctype.h>
-
-#include "roken.h"
-
-#ifndef HAVE_STRUPR
-char * ROKEN_LIB_FUNCTION
-strupr(char *str)
-{
-  char *s;
-
-  for(s = str; *s; s++)
-    *s = toupper((unsigned char)*s);
-  return str;
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/swab.c b/crypto/heimdal/lib/roken/swab.c
deleted file mode 100644
index 20744ca02ff9..000000000000
--- a/crypto/heimdal/lib/roken/swab.c
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-
-#ifndef HAVE_SWAB
-
-RCSID("$Id: swab.c 14773 2005-04-12 11:29:18Z lha $");
-
-void ROKEN_LIB_FUNCTION
-swab (char *from, char *to, int nbytes)
-{
-     while(nbytes >= 2) {
-	  *(to + 1) = *from;
-	  *to = *(from + 1);
-	  to += 2;
-	  from += 2;
-	  nbytes -= 2;
-     }
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/test-mem.c b/crypto/heimdal/lib/roken/test-mem.c
deleted file mode 100644
index d955c1a489fc..000000000000
--- a/crypto/heimdal/lib/roken/test-mem.c
+++ /dev/null
@@ -1,199 +0,0 @@
-/*
- * Copyright (c) 1999 - 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#ifdef HAVE_SYS_MMAN_H
-#include <sys/mman.h>
-#endif
-#include <stdio.h>
-#include <string.h>
-#include <err.h>
-#include "roken.h"
-
-#include "test-mem.h"
-
-RCSID("$Id: test-mem.c 21005 2007-06-08 01:54:35Z lha $");
-
-/* #undef HAVE_MMAP */
-
-struct {
-    void *start;
-    size_t size;
-    void *data_start;
-    size_t data_size;
-    enum rk_test_mem_type type;
-    int fd;
-} map;
-
-struct sigaction sa, osa;
-
-char *testname;
-
-static RETSIGTYPE
-segv_handler(int sig)
-{
-    int fd;
-    char msg[] = "SIGSEGV i current test: ";
-    
-    fd = open("/dev/stdout", O_WRONLY, 0600);
-    if (fd >= 0) {
-	write(fd, msg, sizeof(msg) - 1);
-	write(fd, testname, strlen(testname));
-	write(fd, "\n", 1);
-	close(fd);
-    }
-    _exit(1);
-}
-
-#define TESTREC()							\
-    if (testname)							\
-	errx(1, "test %s run recursively on %s", name, testname);	\
-    testname = strdup(name);						\
-    if (testname == NULL)						\
-	errx(1, "malloc");
-
-
-void * ROKEN_LIB_FUNCTION
-rk_test_mem_alloc(enum rk_test_mem_type type, const char *name,
-		  void *buf, size_t size)
-{
-#ifndef HAVE_MMAP
-    unsigned char *p;
-    
-    TESTREC();
-
-    p = malloc(size + 2);
-    if (p == NULL)
-	errx(1, "malloc");
-    map.type = type;
-    map.start = p;
-    map.size = size + 2;
-    p[0] = 0xff;
-    p[map.size] = 0xff;
-    map.data_start = p + 1;
-#else
-    unsigned char *p;
-    int flags, ret, fd;
-    size_t pagesize = getpagesize();
-
-    TESTREC();
-
-    map.type = type;
-
-#ifdef MAP_ANON
-    flags = MAP_ANON;
-    fd = -1;
-#else
-    flags = 0;
-    fd = open ("/dev/zero", O_RDONLY);
-    if(fd < 0)
-	err (1, "open /dev/zero");
-#endif
-    map.fd = fd;
-    flags |= MAP_PRIVATE;
-
-    map.size = size + pagesize - (size % pagesize) + pagesize * 2;
-
-    p = (unsigned char *)mmap(0, map.size, PROT_READ | PROT_WRITE,
-			      flags, fd, 0);
-    if (p == (unsigned char *)MAP_FAILED)
-	err (1, "mmap");
-
-    map.start = p;
-
-    ret = mprotect ((void *)p, pagesize, 0);
-    if (ret < 0)
-	err (1, "mprotect");
-
-    ret = mprotect (p + map.size - pagesize, pagesize, 0);
-    if (ret < 0)
-	err (1, "mprotect");
-
-    switch (type) {
-    case RK_TM_OVERRUN:
-	map.data_start = p + map.size - pagesize - size;
-	break;
-    case RK_TM_UNDERRUN:
-	map.data_start = p + pagesize;
-	break;
-    default:
-	abort();
-    }
-#endif
-    sigemptyset (&sa.sa_mask);
-    sa.sa_flags = 0;
-#ifdef SA_RESETHAND
-    sa.sa_flags |= SA_RESETHAND;
-#endif
-    sa.sa_handler = segv_handler;
-    sigaction (SIGSEGV, &sa, &osa);
-
-    map.data_size = size;
-    if (buf)
-	memcpy(map.data_start, buf, size);
-    return map.data_start;
-}
-
-void ROKEN_LIB_FUNCTION
-rk_test_mem_free(const char *map_name)
-{
-#ifndef HAVE_MMAP
-    unsigned char *p = map.start;
-    
-    if (testname == NULL)
-	errx(1, "test_mem_free call on no free");
-
-    if (p[0] != 0xff)
-	errx(1, "%s: %s underrun %x\n", testname, map_name, p[0]);
-    if (p[map.size] != 0xff)
-	errx(1, "%s: %s overrun %x\n", testname, map_name, p[map.size - 1]);
-    free(map.start);
-#else
-    int ret;
-    
-    if (testname == NULL)
-	errx(1, "test_mem_free call on no free");
-
-    ret = munmap (map.start, map.size);
-    if (ret < 0)
-	err (1, "munmap");
-    if (map.fd > 0)
-	close(map.fd);
-#endif
-    free(testname);
-    testname = NULL;
-
-    sigaction (SIGSEGV, &osa, NULL);
-}
diff --git a/crypto/heimdal/lib/roken/test-mem.h b/crypto/heimdal/lib/roken/test-mem.h
deleted file mode 100644
index 896222f8d76f..000000000000
--- a/crypto/heimdal/lib/roken/test-mem.h
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright (c) 1999 - 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-enum rk_test_mem_type { RK_TM_OVERRUN, RK_TM_UNDERRUN };
-
-void * ROKEN_LIB_FUNCTION
-	rk_test_mem_alloc(enum rk_test_mem_type, const char *, void *, size_t);
-void ROKEN_LIB_FUNCTION
-	rk_test_mem_free(const char *);
diff --git a/crypto/heimdal/lib/roken/test-readenv.c b/crypto/heimdal/lib/roken/test-readenv.c
deleted file mode 100644
index 2cbf8166716b..000000000000
--- a/crypto/heimdal/lib/roken/test-readenv.c
+++ /dev/null
@@ -1,118 +0,0 @@
-/*
- * Copyright (c) 2005 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: test-readenv.c 20868 2007-06-03 21:02:04Z lha $");
-#endif
-
-#include "roken.h"
-#include "test-mem.h"
-
-char *s1 = "VAR1=VAL1#comment\n\
-VAR2=VAL2 VAL2 #comment\n\
-#this another comment\n\
-\n\
-VAR3=FOO";
-
-char *s2 = "VAR1=ENV2\n\
-";
-
-static void
-make_file(char *tmpl, size_t l)
-{
-    int fd;
-    strlcpy(tmpl, "env.XXXXXX", l);
-    fd = mkstemp(tmpl);
-    if(fd < 0)
-	err(1, "mkstemp");
-    close(fd);
-}
-
-static void
-write_file(const char *fn, const char *s)
-{
-    FILE *f;
-    f = fopen(fn, "w");
-    if(f == NULL) {
-	unlink(fn);
-	err(1, "fopen");
-    }
-    if(fwrite(s, 1, strlen(s), f) != strlen(s))
-	err(1, "short write");
-    if(fclose(f) != 0) {
-	unlink(fn);
-	err(1, "fclose");
-    }
-}
-
-int
-main(int argc, char **argv)
-{
-    char **env = NULL;
-    int count = 0;
-    char fn[MAXPATHLEN];
-    int error = 0;
-
-    make_file(fn, sizeof(fn));
-
-    write_file(fn, s1);
-    count = read_environment(fn, &env);
-    if(count != 3) {
-	warnx("test 1: variable count %d != 3", count);
-	error++;
-    }
-
-    write_file(fn, s2);
-    count = read_environment(fn, &env);
-    if(count != 1) {
-	warnx("test 2: variable count %d != 1", count);
-	error++;
-    }
-
-    unlink(fn);
-    count = read_environment(fn, &env);
-    if(count != 0) {
-	warnx("test 3: variable count %d != 0", count);
-	error++;
-    }
-    for(count = 0; env && env[count]; count++);
-    if(count != 3) {
-	warnx("total variable count %d != 3", count);
-	error++;
-    }
-    free_environment(env);
-    
-    
-    return error;
-}
diff --git a/crypto/heimdal/lib/roken/timegm.c b/crypto/heimdal/lib/roken/timegm.c
deleted file mode 100644
index 41eb48716d12..000000000000
--- a/crypto/heimdal/lib/roken/timegm.c
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
- * Copyright (c) 1997, 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: timegm.c 18606 2006-10-19 16:19:10Z lha $");
-#endif
-
-#include "roken.h"
-
-static int
-is_leap(unsigned y)
-{
-    y += 1900;
-    return (y % 4) == 0 && ((y % 100) != 0 || (y % 400) == 0);
-}
-
-/* 
- * XXX This is a simplifed version of timegm, it needs to support out of
- * bounds values.
- */
-
-time_t
-rk_timegm (struct tm *tm)
-{
-  static const unsigned ndays[2][12] ={
-    {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31},
-    {31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}};
-  time_t res = 0;
-  unsigned i;
-
-  if (tm->tm_year < 0) 
-      return -1;
-  if (tm->tm_mon < 0 || tm->tm_mon > 11) 
-      return -1;
-  if (tm->tm_mday < 1 || tm->tm_mday > ndays[is_leap(tm->tm_year)][tm->tm_mon])
-      return -1;
-  if (tm->tm_hour < 0 || tm->tm_hour > 23) 
-      return -1;
-  if (tm->tm_min < 0 || tm->tm_min > 59) 
-      return -1;
-  if (tm->tm_sec < 0 || tm->tm_sec > 59) 
-      return -1;
-
-  for (i = 70; i < tm->tm_year; ++i)
-    res += is_leap(i) ? 366 : 365;
-
-  for (i = 0; i < tm->tm_mon; ++i)
-    res += ndays[is_leap(tm->tm_year)][i];
-  res += tm->tm_mday - 1;
-  res *= 24;
-  res += tm->tm_hour;
-  res *= 60;
-  res += tm->tm_min;
-  res *= 60;
-  res += tm->tm_sec;
-  return res;
-}
diff --git a/crypto/heimdal/lib/roken/timeval.c b/crypto/heimdal/lib/roken/timeval.c
deleted file mode 100644
index b72e2023f00b..000000000000
--- a/crypto/heimdal/lib/roken/timeval.c
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/*
- * Timeval stuff
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: timeval.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-/*
- * Make `t1' consistent.
- */
-
-void ROKEN_LIB_FUNCTION
-timevalfix(struct timeval *t1)
-{
-    if (t1->tv_usec < 0) {
-        t1->tv_sec--;
-        t1->tv_usec += 1000000;
-    }
-    if (t1->tv_usec >= 1000000) {
-        t1->tv_sec++;
-        t1->tv_usec -= 1000000;
-    }
-}
- 
-/*
- * t1 += t2
- */
-
-void ROKEN_LIB_FUNCTION
-timevaladd(struct timeval *t1, const struct timeval *t2)
-{
-    t1->tv_sec  += t2->tv_sec;
-    t1->tv_usec += t2->tv_usec;
-    timevalfix(t1);
-}
- 
-/*
- * t1 -= t2
- */
-
-void ROKEN_LIB_FUNCTION
-timevalsub(struct timeval *t1, const struct timeval *t2)
-{
-    t1->tv_sec  -= t2->tv_sec;
-    t1->tv_usec -= t2->tv_usec;
-    timevalfix(t1);
-}
diff --git a/crypto/heimdal/lib/roken/tm2time.c b/crypto/heimdal/lib/roken/tm2time.c
deleted file mode 100644
index 7bcba8379ca4..000000000000
--- a/crypto/heimdal/lib/roken/tm2time.c
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: tm2time.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#ifdef TIME_WITH_SYS_TIME
-#include <sys/time.h>
-#include <time.h>
-#elif defined(HAVE_SYS_TIME_H)
-#include <sys/time.h>
-#else
-#include <time.h>
-#endif
-#include "roken.h"
-
-time_t ROKEN_LIB_FUNCTION
-tm2time (struct tm tm, int local)
-{
-    time_t t;
-
-    tm.tm_isdst = local ? -1 : 0;
-
-    t = mktime (&tm);
-
-    if (!local)
-	t += t - mktime (gmtime (&t));
-    return t;
-}
diff --git a/crypto/heimdal/lib/roken/unsetenv.c b/crypto/heimdal/lib/roken/unsetenv.c
deleted file mode 100644
index 54cf7b77dc90..000000000000
--- a/crypto/heimdal/lib/roken/unsetenv.c
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: unsetenv.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include <stdlib.h>
-#include <string.h>
-
-#include "roken.h"
-
-extern char **environ;
-
-/*
- * unsetenv --
- */
-void ROKEN_LIB_FUNCTION
-unsetenv(const char *name)
-{
-  int len;
-  const char *np;
-  char **p;
-
-  if (name == 0 || environ == 0)
-    return;
-
-  for (np = name; *np && *np != '='; np++)
-    /* nop */;
-  len = np - name;
-  
-  for (p = environ; *p != 0; p++)
-    if (strncmp(*p, name, len) == 0 && (*p)[len] == '=')
-      break;
-
-  for (; *p != 0; p++)
-    *p = *(p + 1);
-}
-
diff --git a/crypto/heimdal/lib/roken/unvis.c b/crypto/heimdal/lib/roken/unvis.c
deleted file mode 100644
index 72d5f161b083..000000000000
--- a/crypto/heimdal/lib/roken/unvis.c
+++ /dev/null
@@ -1,286 +0,0 @@
-/*	$NetBSD: unvis.c,v 1.19 2000/01/22 22:19:13 mycroft Exp $	*/
-
-/*-
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#if 1
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: unvis.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-#include "roken.h"
-#ifndef _DIAGASSERT
-#define _DIAGASSERT(X)
-#endif
-#else
-#include <sys/cdefs.h>
-#if defined(LIBC_SCCS) && !defined(lint)
-#if 0
-static char sccsid[] = "@(#)unvis.c	8.1 (Berkeley) 6/4/93";
-#else
-__RCSID("$NetBSD: unvis.c,v 1.19 2000/01/22 22:19:13 mycroft Exp $");
-#endif
-#endif /* LIBC_SCCS and not lint */
-
-#define __LIBC12_SOURCE__
-
-#include "namespace.h"
-#endif
-#include <sys/types.h>
-
-#include <assert.h>
-#include <ctype.h>
-#include <stdio.h>
-#include <vis.h>
-
-#if 0
-#ifdef __weak_alias
-__weak_alias(strunvis,_strunvis)
-__weak_alias(unvis,_unvis)
-#endif
-
-__warn_references(unvis,
-    "warning: reference to compatibility unvis(); include <vis.h> for correct reference")
-#endif
-
-/*
- * decode driven by state machine
- */
-#define	S_GROUND	0	/* haven't seen escape char */
-#define	S_START		1	/* start decoding special sequence */
-#define	S_META		2	/* metachar started (M) */
-#define	S_META1		3	/* metachar more, regular char (-) */
-#define	S_CTRL		4	/* control char started (^) */
-#define	S_OCTAL2	5	/* octal digit 2 */
-#define	S_OCTAL3	6	/* octal digit 3 */
-
-#define	isoctal(c)	(((u_char)(c)) >= '0' && ((u_char)(c)) <= '7')
-
-int ROKEN_LIB_FUNCTION
-	rk_strunvis (char *, const char *);
-int ROKEN_LIB_FUNCTION
-	rk_unvis (char *, int, int *, int);
-
-/*
- * unvis - decode characters previously encoded by vis
- */
-
-int ROKEN_LIB_FUNCTION
-rk_unvis(char *cp, int c, int *astate, int flag)
-{
-
-	_DIAGASSERT(cp != NULL);
-	_DIAGASSERT(astate != NULL);
-
-	if (flag & UNVIS_END) {
-		if (*astate == S_OCTAL2 || *astate == S_OCTAL3) {
-			*astate = S_GROUND;
-			return (UNVIS_VALID);
-		} 
-		return (*astate == S_GROUND ? UNVIS_NOCHAR : UNVIS_SYNBAD);
-	}
-
-	switch (*astate) {
-
-	case S_GROUND:
-		*cp = 0;
-		if (c == '\\') {
-			*astate = S_START;
-			return (0);
-		} 
-		*cp = c;
-		return (UNVIS_VALID);
-
-	case S_START:
-		switch(c) {
-		case '\\':
-			*cp = c;
-			*astate = S_GROUND;
-			return (UNVIS_VALID);
-		case '0': case '1': case '2': case '3':
-		case '4': case '5': case '6': case '7':
-			*cp = (c - '0');
-			*astate = S_OCTAL2;
-			return (0);
-		case 'M':
-			*cp = (char)0200;
-			*astate = S_META;
-			return (0);
-		case '^':
-			*astate = S_CTRL;
-			return (0);
-		case 'n':
-			*cp = '\n';
-			*astate = S_GROUND;
-			return (UNVIS_VALID);
-		case 'r':
-			*cp = '\r';
-			*astate = S_GROUND;
-			return (UNVIS_VALID);
-		case 'b':
-			*cp = '\b';
-			*astate = S_GROUND;
-			return (UNVIS_VALID);
-		case 'a':
-			*cp = '\007';
-			*astate = S_GROUND;
-			return (UNVIS_VALID);
-		case 'v':
-			*cp = '\v';
-			*astate = S_GROUND;
-			return (UNVIS_VALID);
-		case 't':
-			*cp = '\t';
-			*astate = S_GROUND;
-			return (UNVIS_VALID);
-		case 'f':
-			*cp = '\f';
-			*astate = S_GROUND;
-			return (UNVIS_VALID);
-		case 's':
-			*cp = ' ';
-			*astate = S_GROUND;
-			return (UNVIS_VALID);
-		case 'E':
-			*cp = '\033';
-			*astate = S_GROUND;
-			return (UNVIS_VALID);
-		case '\n':
-			/*
-			 * hidden newline
-			 */
-			*astate = S_GROUND;
-			return (UNVIS_NOCHAR);
-		case '$':
-			/*
-			 * hidden marker
-			 */
-			*astate = S_GROUND;
-			return (UNVIS_NOCHAR);
-		}
-		*astate = S_GROUND;
-		return (UNVIS_SYNBAD);
-		 
-	case S_META:
-		if (c == '-')
-			*astate = S_META1;
-		else if (c == '^')
-			*astate = S_CTRL;
-		else {
-			*astate = S_GROUND;
-			return (UNVIS_SYNBAD);
-		}
-		return (0);
-		 
-	case S_META1:
-		*astate = S_GROUND;
-		*cp |= c;
-		return (UNVIS_VALID);
-		 
-	case S_CTRL:
-		if (c == '?')
-			*cp |= 0177;
-		else
-			*cp |= c & 037;
-		*astate = S_GROUND;
-		return (UNVIS_VALID);
-
-	case S_OCTAL2:	/* second possible octal digit */
-		if (isoctal(c)) {
-			/* 
-			 * yes - and maybe a third 
-			 */
-			*cp = (*cp << 3) + (c - '0');
-			*astate = S_OCTAL3;	
-			return (0);
-		} 
-		/* 
-		 * no - done with current sequence, push back passed char 
-		 */
-		*astate = S_GROUND;
-		return (UNVIS_VALIDPUSH);
-
-	case S_OCTAL3:	/* third possible octal digit */
-		*astate = S_GROUND;
-		if (isoctal(c)) {
-			*cp = (*cp << 3) + (c - '0');
-			return (UNVIS_VALID);
-		}
-		/*
-		 * we were done, push back passed char
-		 */
-		return (UNVIS_VALIDPUSH);
-			
-	default:	
-		/* 
-		 * decoder in unknown state - (probably uninitialized) 
-		 */
-		*astate = S_GROUND;
-		return (UNVIS_SYNBAD);
-	}
-}
-
-/*
- * strunvis - decode src into dst 
- *
- *	Number of chars decoded into dst is returned, -1 on error.
- *	Dst is null terminated.
- */
-
-int ROKEN_LIB_FUNCTION
-rk_strunvis(char *dst, const char *src)
-{
-	char c;
-	char *start = dst;
-	int state = 0;
-
-	_DIAGASSERT(src != NULL);
-	_DIAGASSERT(dst != NULL);
-
-	while ((c = *src++) != '\0') {
-	again:
-		switch (rk_unvis(dst, (unsigned char)c, &state, 0)) {
-		case UNVIS_VALID:
-			dst++;
-			break;
-		case UNVIS_VALIDPUSH:
-			dst++;
-			goto again;
-		case 0:
-		case UNVIS_NOCHAR:
-			break;
-		default:
-			return (-1);
-		}
-	}
-	if (unvis(dst, (unsigned char)c, &state, UNVIS_END) == UNVIS_VALID)
-		dst++;
-	*dst = '\0';
-	return (dst - start);
-}
diff --git a/crypto/heimdal/lib/roken/verify.c b/crypto/heimdal/lib/roken/verify.c
deleted file mode 100644
index 54ad814e9827..000000000000
--- a/crypto/heimdal/lib/roken/verify.c
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: verify.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include <stdio.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_CRYPT_H
-#include <crypt.h>
-#endif
-#include "roken.h"
-
-int ROKEN_LIB_FUNCTION
-unix_verify_user(char *user, char *password)
-{
-    struct passwd *pw;
-    
-    pw = k_getpwnam(user);
-    if(pw == NULL)
-	return -1;
-    if(strlen(pw->pw_passwd) == 0 && strlen(password) == 0)
-	return 0;
-    if(strcmp(crypt(password, pw->pw_passwd), pw->pw_passwd) == 0)
-        return 0;
-    return -1;
-}
-
diff --git a/crypto/heimdal/lib/roken/verr.c b/crypto/heimdal/lib/roken/verr.c
deleted file mode 100644
index 3db3c1c37c09..000000000000
--- a/crypto/heimdal/lib/roken/verr.c
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright (c) 1995 - 2001 Kungliga Tekniska H�gskolan 
- * (Royal Institute of Technology, Stockholm, Sweden).  
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: verr.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-#include <err.h>
-
-void ROKEN_LIB_FUNCTION
-verr(int eval, const char *fmt, va_list ap)
-{
-    warnerr(1, fmt, ap);
-    exit(eval);
-}
diff --git a/crypto/heimdal/lib/roken/verrx.c b/crypto/heimdal/lib/roken/verrx.c
deleted file mode 100644
index a3a59d02b130..000000000000
--- a/crypto/heimdal/lib/roken/verrx.c
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright (c) 1995 - 2001 Kungliga Tekniska H�gskolan 
- * (Royal Institute of Technology, Stockholm, Sweden).  
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: verrx.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-#include <err.h>
-
-void ROKEN_LIB_FUNCTION
-verrx(int eval, const char *fmt, va_list ap)
-{
-    warnerr(0, fmt, ap);
-    exit(eval);
-}
diff --git a/crypto/heimdal/lib/roken/vis.c b/crypto/heimdal/lib/roken/vis.c
deleted file mode 100644
index 1114223a2974..000000000000
--- a/crypto/heimdal/lib/roken/vis.c
+++ /dev/null
@@ -1,335 +0,0 @@
-/*	$NetBSD: vis.c,v 1.4 2003/08/07 09:15:32 agc Exp $	*/
-
-/*-
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/*-
- * Copyright (c) 1999 The NetBSD Foundation, Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-
-#if 1
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: vis.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-#include "roken.h"
-#ifndef _DIAGASSERT
-#define _DIAGASSERT(X)
-#endif
-#else
-#include <sys/cdefs.h>
-#if !defined(lint)
-__RCSID("$NetBSD: vis.c,v 1.4 2003/08/07 09:15:32 agc Exp $");
-#endif /* not lint */
-#endif
-
-#if 0
-#include "namespace.h"
-#endif
-#include <sys/types.h>
-
-#include <assert.h>
-#include <ctype.h>
-#include <limits.h>
-#include <stdio.h>
-#include <string.h>
-#include <vis.h>
-
-#if 0
-#ifdef __weak_alias
-__weak_alias(strsvis,_strsvis)
-__weak_alias(strsvisx,_strsvisx)
-__weak_alias(strvis,_strvis)
-__weak_alias(strvisx,_strvisx)
-__weak_alias(svis,_svis)
-__weak_alias(vis,_vis)
-#endif
-#endif
-
-#undef BELL
-#if defined(__STDC__)
-#define BELL '\a'
-#else
-#define BELL '\007'
-#endif
-
-char ROKEN_LIB_FUNCTION
-	*rk_vis (char *, int, int, int);
-char ROKEN_LIB_FUNCTION
-	*rk_svis (char *, int, int, int, const char *);
-int ROKEN_LIB_FUNCTION
-	rk_strvis (char *, const char *, int);
-int ROKEN_LIB_FUNCTION
-	rk_strsvis (char *, const char *, int, const char *);
-int ROKEN_LIB_FUNCTION
-	rk_strvisx (char *, const char *, size_t, int);
-int ROKEN_LIB_FUNCTION
-	rk_strsvisx (char *, const char *, size_t, int, const char *);
-
-
-#define isoctal(c)	(((u_char)(c)) >= '0' && ((u_char)(c)) <= '7')
-#define iswhite(c)	(c == ' ' || c == '\t' || c == '\n')
-#define issafe(c)	(c == '\b' || c == BELL || c == '\r')
-
-#define MAXEXTRAS       5
-
-
-#define MAKEEXTRALIST(flag, extra)					      \
-do {									      \
-	char *pextra = extra;						      \
-	if (flag & VIS_SP) *pextra++ = ' ';				      \
-	if (flag & VIS_TAB) *pextra++ = '\t';				      \
-	if (flag & VIS_NL) *pextra++ = '\n';				      \
-	if ((flag & VIS_NOSLASH) == 0) *pextra++ = '\\';		      \
-	*pextra = '\0';							      \
-} while (/*CONSTCOND*/0)
-
-/*
- * This is SVIS, the central macro of vis.
- * dst:	      Pointer to the destination buffer
- * c:	      Character to encode
- * flag:      Flag word
- * nextc:     The character following 'c'
- * extra:     Pointer to the list of extra characters to be
- *	      backslash-protected.
- */
-#define SVIS(dst, c, flag, nextc, extra)				   \
-do {									   \
-	int isextra, isc;						   \
-	isextra = strchr(extra, c) != NULL;				   \
-	if (!isextra &&							   \
-	    isascii((unsigned char)c) &&				   \
-	    (isgraph((unsigned char)c) || iswhite(c) ||			   \
-	    ((flag & VIS_SAFE) && issafe(c)))) {			   \
-		*dst++ = c;						   \
-		break;							   \
-	}								   \
-	isc = 0;							   \
-	if (flag & VIS_CSTYLE) {					   \
-		switch (c) {						   \
-		case '\n':						   \
-			isc = 1; *dst++ = '\\'; *dst++ = 'n';		   \
-			break;						   \
-		case '\r':						   \
-			isc = 1; *dst++ = '\\'; *dst++ = 'r';		   \
-			break;						   \
-		case '\b':						   \
-			isc = 1; *dst++ = '\\'; *dst++ = 'b';		   \
-			break;						   \
-		case BELL:						   \
-			isc = 1; *dst++ = '\\'; *dst++ = 'a';		   \
-			break;						   \
-		case '\v':						   \
-			isc = 1; *dst++ = '\\'; *dst++ = 'v';		   \
-			break;						   \
-		case '\t':						   \
-			isc = 1; *dst++ = '\\'; *dst++ = 't';		   \
-			break;						   \
-		case '\f':						   \
-			isc = 1; *dst++ = '\\'; *dst++ = 'f';		   \
-			break;						   \
-		case ' ':						   \
-			isc = 1; *dst++ = '\\'; *dst++ = 's';		   \
-			break;						   \
-		case '\0':						   \
-			isc = 1; *dst++ = '\\'; *dst++ = '0';		   \
-			if (isoctal(nextc)) {				   \
-				*dst++ = '0';				   \
-				*dst++ = '0';				   \
-			}						   \
-		}							   \
-	}								   \
-	if (isc) break;							   \
-	if (isextra || ((c & 0177) == ' ') || (flag & VIS_OCTAL)) {	   \
-		*dst++ = '\\';						   \
-		*dst++ = (u_char)(((unsigned)(u_char)c >> 6) & 03) + '0';  \
-		*dst++ = (u_char)(((unsigned)(u_char)c >> 3) & 07) + '0';  \
-		*dst++ =			     (c	      & 07) + '0'; \
-	} else {							   \
-		if ((flag & VIS_NOSLASH) == 0) *dst++ = '\\';		   \
-		if (c & 0200) {						   \
-			c &= 0177; *dst++ = 'M';			   \
-		}							   \
-		if (iscntrl((unsigned char)c)) {			   \
-			*dst++ = '^';					   \
-			if (c == 0177)					   \
-				*dst++ = '?';				   \
-			else						   \
-				*dst++ = c + '@';			   \
-		} else {						   \
-			*dst++ = '-'; *dst++ = c;			   \
-		}							   \
-	}								   \
-} while (/*CONSTCOND*/0)
-
-
-/*
- * svis - visually encode characters, also encoding the characters
- * 	  pointed to by `extra'
- */
-
-char * ROKEN_LIB_FUNCTION
-rk_svis(char *dst, int c, int flag, int nextc, const char *extra)
-{
-	_DIAGASSERT(dst != NULL);
-	_DIAGASSERT(extra != NULL);
-
-	SVIS(dst, c, flag, nextc, extra);
-	*dst = '\0';
-	return(dst);
-}
-
-
-/*
- * strsvis, strsvisx - visually encode characters from src into dst
- *
- *	Extra is a pointer to a \0-terminated list of characters to
- *	be encoded, too. These functions are useful e. g. to
- *	encode strings in such a way so that they are not interpreted
- *	by a shell.
- *	
- *	Dst must be 4 times the size of src to account for possible
- *	expansion.  The length of dst, not including the trailing NULL,
- *	is returned. 
- *
- *	Strsvisx encodes exactly len bytes from src into dst.
- *	This is useful for encoding a block of data.
- */
-
-int ROKEN_LIB_FUNCTION
-rk_strsvis(char *dst, const char *src, int flag, const char *extra)
-{
-	char c;
-	char *start;
-
-	_DIAGASSERT(dst != NULL);
-	_DIAGASSERT(src != NULL);
-	_DIAGASSERT(extra != NULL);
-
-	for (start = dst; (c = *src++) != '\0'; /* empty */)
-	    SVIS(dst, c, flag, *src, extra);
-	*dst = '\0';
-	return (dst - start);
-}
-
-
-int ROKEN_LIB_FUNCTION
-rk_strsvisx(char *dst, const char *src, size_t len, int flag, const char *extra)
-{
-	char c;
-	char *start;
-
-	_DIAGASSERT(dst != NULL);
-	_DIAGASSERT(src != NULL);
-	_DIAGASSERT(extra != NULL);
-
-	for (start = dst; len > 0; len--) {
-		c = *src++;
-		SVIS(dst, c, flag, len ? *src : '\0', extra);
-	}
-	*dst = '\0';
-	return (dst - start);
-}
-
-
-/*
- * vis - visually encode characters
- */
-char * ROKEN_LIB_FUNCTION
-rk_vis(char *dst, int c, int flag, int nextc)
-{
-	char extra[MAXEXTRAS];
-
-	_DIAGASSERT(dst != NULL);
-
-	MAKEEXTRALIST(flag, extra);
-	SVIS(dst, c, flag, nextc, extra);
-	*dst = '\0';
-	return (dst);
-}
-
-
-/*
- * strvis, strvisx - visually encode characters from src into dst
- *	
- *	Dst must be 4 times the size of src to account for possible
- *	expansion.  The length of dst, not including the trailing NULL,
- *	is returned. 
- *
- *	Strvisx encodes exactly len bytes from src into dst.
- *	This is useful for encoding a block of data.
- */
-
-int ROKEN_LIB_FUNCTION
-rk_strvis(char *dst, const char *src, int flag)
-{
-	char extra[MAXEXTRAS];
-
-	MAKEEXTRALIST(flag, extra);
-	return (rk_strsvis(dst, src, flag, extra));
-}
-
-
-int ROKEN_LIB_FUNCTION
-rk_strvisx(char *dst, const char *src, size_t len, int flag)
-{
-	char extra[MAXEXTRAS];
-
-	MAKEEXTRALIST(flag, extra);
-	return (rk_strsvisx(dst, src, len, flag, extra));
-}
diff --git a/crypto/heimdal/lib/roken/vis.h b/crypto/heimdal/lib/roken/vis.h
deleted file mode 100644
index 224870b00af1..000000000000
--- a/crypto/heimdal/lib/roken/vis.h
+++ /dev/null
@@ -1,115 +0,0 @@
-/*	$NetBSD: vis.h,v 1.11 1999/11/25 16:55:50 wennmach Exp $	*/
-/*	$Id: vis.hin 19341 2006-12-15 11:53:09Z lha $	*/
-
-/*-
- * Copyright (c) 1990, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)vis.h	8.1 (Berkeley) 6/2/93
- */
-
-#ifndef _VIS_H_
-#define	_VIS_H_
-
-#ifndef ROKEN_LIB_FUNCTION
-#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
-#else
-#define ROKEN_LIB_FUNCTION
-#endif
-#endif
-
-/*
- * to select alternate encoding format
- */
-#define	VIS_OCTAL	0x01	/* use octal \ddd format */
-#define	VIS_CSTYLE	0x02	/* use \[nrft0..] where appropiate */
-
-/*
- * to alter set of characters encoded (default is to encode all
- * non-graphic except space, tab, and newline).
- */
-#define	VIS_SP		0x04	/* also encode space */
-#define	VIS_TAB		0x08	/* also encode tab */
-#define	VIS_NL		0x10	/* also encode newline */
-#define	VIS_WHITE	(VIS_SP | VIS_TAB | VIS_NL)
-#define	VIS_SAFE	0x20	/* only encode "unsafe" characters */
-
-/*
- * other
- */
-#define	VIS_NOSLASH	0x40	/* inhibit printing '\' */
-
-/*
- * unvis return codes
- */
-#define	UNVIS_VALID	 1	/* character valid */
-#define	UNVIS_VALIDPUSH	 2	/* character valid, push back passed char */
-#define	UNVIS_NOCHAR	 3	/* valid sequence, no character produced */
-#define	UNVIS_SYNBAD	-1	/* unrecognized escape sequence */
-#define	UNVIS_ERROR	-2	/* decoder in unknown state (unrecoverable) */
-
-/*
- * unvis flags
- */
-#define	UNVIS_END	1	/* no more characters */
-
-char ROKEN_LIB_FUNCTION
-	*rk_vis (char *, int, int, int);
-char ROKEN_LIB_FUNCTION
-	*rk_svis (char *, int, int, int, const char *);
-int ROKEN_LIB_FUNCTION
-	rk_strvis (char *, const char *, int);
-int ROKEN_LIB_FUNCTION
-	rk_strsvis (char *, const char *, int, const char *);
-int ROKEN_LIB_FUNCTION
-	rk_strvisx (char *, const char *, size_t, int);
-int ROKEN_LIB_FUNCTION
-	rk_strsvisx (char *, const char *, size_t, int, const char *);
-int ROKEN_LIB_FUNCTION
-	rk_strunvis (char *, const char *);
-int ROKEN_LIB_FUNCTION
-	rk_unvis (char *, int, int *, int);
-
-#undef vis
-#define vis(a,b,c,d) rk_vis(a,b,c,d)
-#undef svis
-#define svis(a,b,c,d,e) rk_svis(a,b,c,d,e)
-#undef strvis
-#define strvis(a,b,c) rk_strvis(a,b,c)
-#undef strsvis
-#define strsvis(a,b,c,d) rk_strsvis(a,b,c,d)
-#undef strvisx
-#define strvisx(a,b,c,d) rk_strvisx(a,b,c,d)
-#undef strsvisx
-#define strsvisx(a,b,c,d,e) rk_strsvisx(a,b,c,d,e)
-#undef strunvis
-#define strunvis(a,b) rk_strunvis(a,b)
-#undef unvis
-#define unvis(a,b,c,d) rk_unvis(a,b,c,d)
-
-#endif /* !_VIS_H_ */
diff --git a/crypto/heimdal/lib/roken/vis.hin b/crypto/heimdal/lib/roken/vis.hin
deleted file mode 100644
index 224870b00af1..000000000000
--- a/crypto/heimdal/lib/roken/vis.hin
+++ /dev/null
@@ -1,115 +0,0 @@
-/*	$NetBSD: vis.h,v 1.11 1999/11/25 16:55:50 wennmach Exp $	*/
-/*	$Id: vis.hin 19341 2006-12-15 11:53:09Z lha $	*/
-
-/*-
- * Copyright (c) 1990, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)vis.h	8.1 (Berkeley) 6/2/93
- */
-
-#ifndef _VIS_H_
-#define	_VIS_H_
-
-#ifndef ROKEN_LIB_FUNCTION
-#ifdef _WIN32
-#define ROKEN_LIB_FUNCTION _stdcall
-#else
-#define ROKEN_LIB_FUNCTION
-#endif
-#endif
-
-/*
- * to select alternate encoding format
- */
-#define	VIS_OCTAL	0x01	/* use octal \ddd format */
-#define	VIS_CSTYLE	0x02	/* use \[nrft0..] where appropiate */
-
-/*
- * to alter set of characters encoded (default is to encode all
- * non-graphic except space, tab, and newline).
- */
-#define	VIS_SP		0x04	/* also encode space */
-#define	VIS_TAB		0x08	/* also encode tab */
-#define	VIS_NL		0x10	/* also encode newline */
-#define	VIS_WHITE	(VIS_SP | VIS_TAB | VIS_NL)
-#define	VIS_SAFE	0x20	/* only encode "unsafe" characters */
-
-/*
- * other
- */
-#define	VIS_NOSLASH	0x40	/* inhibit printing '\' */
-
-/*
- * unvis return codes
- */
-#define	UNVIS_VALID	 1	/* character valid */
-#define	UNVIS_VALIDPUSH	 2	/* character valid, push back passed char */
-#define	UNVIS_NOCHAR	 3	/* valid sequence, no character produced */
-#define	UNVIS_SYNBAD	-1	/* unrecognized escape sequence */
-#define	UNVIS_ERROR	-2	/* decoder in unknown state (unrecoverable) */
-
-/*
- * unvis flags
- */
-#define	UNVIS_END	1	/* no more characters */
-
-char ROKEN_LIB_FUNCTION
-	*rk_vis (char *, int, int, int);
-char ROKEN_LIB_FUNCTION
-	*rk_svis (char *, int, int, int, const char *);
-int ROKEN_LIB_FUNCTION
-	rk_strvis (char *, const char *, int);
-int ROKEN_LIB_FUNCTION
-	rk_strsvis (char *, const char *, int, const char *);
-int ROKEN_LIB_FUNCTION
-	rk_strvisx (char *, const char *, size_t, int);
-int ROKEN_LIB_FUNCTION
-	rk_strsvisx (char *, const char *, size_t, int, const char *);
-int ROKEN_LIB_FUNCTION
-	rk_strunvis (char *, const char *);
-int ROKEN_LIB_FUNCTION
-	rk_unvis (char *, int, int *, int);
-
-#undef vis
-#define vis(a,b,c,d) rk_vis(a,b,c,d)
-#undef svis
-#define svis(a,b,c,d,e) rk_svis(a,b,c,d,e)
-#undef strvis
-#define strvis(a,b,c) rk_strvis(a,b,c)
-#undef strsvis
-#define strsvis(a,b,c,d) rk_strsvis(a,b,c,d)
-#undef strvisx
-#define strvisx(a,b,c,d) rk_strvisx(a,b,c,d)
-#undef strsvisx
-#define strsvisx(a,b,c,d,e) rk_strsvisx(a,b,c,d,e)
-#undef strunvis
-#define strunvis(a,b) rk_strunvis(a,b)
-#undef unvis
-#define unvis(a,b,c,d) rk_unvis(a,b,c,d)
-
-#endif /* !_VIS_H_ */
diff --git a/crypto/heimdal/lib/roken/vsyslog.c b/crypto/heimdal/lib/roken/vsyslog.c
deleted file mode 100644
index 690eb7dc075a..000000000000
--- a/crypto/heimdal/lib/roken/vsyslog.c
+++ /dev/null
@@ -1,115 +0,0 @@
-/*
- * Copyright (c) 1995 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: vsyslog.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#ifndef HAVE_VSYSLOG
-
-#include <stdio.h>
-#include <syslog.h>
-#include <stdarg.h>
-
-#include "roken.h"
-
-/*
- * the theory behind this is that we might be trying to call vsyslog
- * when there's no memory left, and we should try to be as useful as
- * possible.  And the format string should say something about what's
- * failing.
- */
-
-static void
-simple_vsyslog(int pri, const char *fmt, va_list ap)
-{
-    syslog (pri, "%s", fmt);
-}
-
-/*
- * do like syslog but with a `va_list'
- */
-
-void ROKEN_LIB_FUNCTION
-vsyslog(int pri, const char *fmt, va_list ap)
-{
-    char *fmt2;
-    const char *p;
-    char *p2;
-    int saved_errno = errno;
-    int fmt_len  = strlen (fmt);
-    int fmt2_len = fmt_len;
-    char *buf;
-
-    fmt2 = malloc (fmt_len + 1);
-    if (fmt2 == NULL) {
-	simple_vsyslog (pri, fmt, ap);
-	return;
-    }
-
-    for (p = fmt, p2 = fmt2; *p != '\0'; ++p) {
-	if (p[0] == '%' && p[1] == 'm') {
-	    const char *e = strerror (saved_errno);
-	    int e_len = strlen (e);
-	    char *tmp;
-	    int pos;
-
-	    pos = p2 - fmt2;
-	    fmt2_len += e_len - 2;
-	    tmp = realloc (fmt2, fmt2_len + 1);
-	    if (tmp == NULL) {
-		free (fmt2);
-		simple_vsyslog (pri, fmt, ap);
-		return;
-	    }
-	    fmt2 = tmp;
-	    p2   = fmt2 + pos;
-	    memmove (p2, e, e_len);
-	    p2 += e_len;
-	    ++p;
-	} else
-	    *p2++ = *p;
-    }
-    *p2 = '\0';
-
-    vasprintf (&buf, fmt2, ap);
-    free (fmt2);
-    if (buf == NULL) {
-	simple_vsyslog (pri, fmt, ap);
-	return;
-    }
-    syslog (pri, "%s", buf);
-    free (buf);
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/vwarn.c b/crypto/heimdal/lib/roken/vwarn.c
deleted file mode 100644
index c25ca629ca22..000000000000
--- a/crypto/heimdal/lib/roken/vwarn.c
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright (c) 1995 - 2001 Kungliga Tekniska H�gskolan 
- * (Royal Institute of Technology, Stockholm, Sweden).  
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: vwarn.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-#include <err.h>
-
-void ROKEN_LIB_FUNCTION
-vwarn(const char *fmt, va_list ap)
-{
-    warnerr(1, fmt, ap);
-}
diff --git a/crypto/heimdal/lib/roken/vwarnx.c b/crypto/heimdal/lib/roken/vwarnx.c
deleted file mode 100644
index e35c0deb09b8..000000000000
--- a/crypto/heimdal/lib/roken/vwarnx.c
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright (c) 1995 - 2001 Kungliga Tekniska H�gskolan 
- * (Royal Institute of Technology, Stockholm, Sweden).  
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: vwarnx.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-#include <err.h>
-
-void ROKEN_LIB_FUNCTION
-vwarnx(const char *fmt, va_list ap)
-{
-    warnerr(0, fmt, ap);
-}
-
diff --git a/crypto/heimdal/lib/roken/warn.c b/crypto/heimdal/lib/roken/warn.c
deleted file mode 100644
index 0924880e4cb6..000000000000
--- a/crypto/heimdal/lib/roken/warn.c
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan 
- * (Royal Institute of Technology, Stockholm, Sweden).  
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: warn.c 7463 1999-12-02 16:58:55Z joda $");
-#endif
-
-#include "err.h"
-
-void
-warn(const char *fmt, ...)
-{
-  va_list ap;
-  va_start(ap, fmt);
-  vwarn(fmt, ap);
-  va_end(ap);
-}
diff --git a/crypto/heimdal/lib/roken/warnerr.c b/crypto/heimdal/lib/roken/warnerr.c
deleted file mode 100644
index 6dee466bc670..000000000000
--- a/crypto/heimdal/lib/roken/warnerr.c
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Copyright (c) 1995 - 2001 Kungliga Tekniska H�gskolan 
- * (Royal Institute of Technology, Stockholm, Sweden).  
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: warnerr.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-#include "err.h"
-
-void ROKEN_LIB_FUNCTION
-warnerr(int doerrno, const char *fmt, va_list ap)
-{
-    int sverrno = errno;
-    const char *progname = getprogname();
-
-    if(progname != NULL){
-	fprintf(stderr, "%s", progname);
-	if(fmt != NULL || doerrno)
-	    fprintf(stderr, ": ");
-    }
-    if (fmt != NULL){
-	vfprintf(stderr, fmt, ap);
-	if(doerrno)
-	    fprintf(stderr, ": ");
-    }
-    if(doerrno)
-	fprintf(stderr, "%s", strerror(sverrno));
-    fprintf(stderr, "\n");
-}
diff --git a/crypto/heimdal/lib/roken/warnx.c b/crypto/heimdal/lib/roken/warnx.c
deleted file mode 100644
index 7e1de7acc1b6..000000000000
--- a/crypto/heimdal/lib/roken/warnx.c
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan 
- * (Royal Institute of Technology, Stockholm, Sweden).  
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: warnx.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "err.h"
-
-void ROKEN_LIB_FUNCTION
-warnx(const char *fmt, ...)
-{
-  va_list ap;
-  va_start(ap, fmt);
-  vwarnx(fmt, ap);
-  va_end(ap);
-}
diff --git a/crypto/heimdal/lib/roken/write_pid.c b/crypto/heimdal/lib/roken/write_pid.c
deleted file mode 100644
index edadf5ceb33e..000000000000
--- a/crypto/heimdal/lib/roken/write_pid.c
+++ /dev/null
@@ -1,99 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: write_pid.c 21005 2007-06-08 01:54:35Z lha $");
-#endif
-
-#include <stdio.h>
-#include <sys/types.h>
-#include <unistd.h>
-#include "roken.h"
-
-#include "roken.h"
-
-char * ROKEN_LIB_FUNCTION
-pid_file_write (const char *progname)
-{
-    FILE *fp;
-    char *ret;
-
-    asprintf (&ret, "%s%s.pid", _PATH_VARRUN, progname);
-    if (ret == NULL)
-	return NULL;
-    fp = fopen (ret, "w");
-    if (fp == NULL) {
-	free (ret);
-	return NULL;
-    }
-    fprintf (fp, "%u", (unsigned)getpid());
-    fclose (fp);
-    return ret;
-}
-
-void ROKEN_LIB_FUNCTION
-pid_file_delete (char **filename)
-{
-    if (*filename != NULL) {
-	unlink (*filename);
-	free (*filename);
-	*filename = NULL;
-    }
-}
-
-#ifndef HAVE_PIDFILE
-static char *pidfile_path;
-
-static void
-pidfile_cleanup(void)
-{
-    if(pidfile_path != NULL)
-	pid_file_delete(&pidfile_path);
-}
-
-void
-pidfile(const char *basename)
-{
-    if(pidfile_path != NULL)
-	return;
-    if(basename == NULL)
-	basename = getprogname();
-    pidfile_path = pid_file_write(basename);
-#if defined(HAVE_ATEXIT)
-    atexit(pidfile_cleanup);
-#elif defined(HAVE_ON_EXIT)
-    on_exit(pidfile_cleanup);
-#endif
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/writev.c b/crypto/heimdal/lib/roken/writev.c
deleted file mode 100644
index 2500e6d28f0d..000000000000
--- a/crypto/heimdal/lib/roken/writev.c
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: writev.c 14773 2005-04-12 11:29:18Z lha $");
-#endif
-
-#include "roken.h"
-
-ssize_t ROKEN_LIB_FUNCTION
-writev(int d, const struct iovec *iov, int iovcnt)
-{
-    ssize_t ret;
-    size_t tot = 0;
-    int i;
-    char *buf, *p;
-
-    for(i = 0; i < iovcnt; ++i)
-	tot += iov[i].iov_len;
-    buf = malloc(tot);
-    if (tot != 0 && buf == NULL) {
-	errno = ENOMEM;
-	return -1;
-    }
-    p = buf;
-    for (i = 0; i < iovcnt; ++i) {
-	memcpy (p, iov[i].iov_base, iov[i].iov_len);
-	p += iov[i].iov_len;
-    }
-    ret = write (d, buf, tot);
-    free (buf);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/xdbm.h b/crypto/heimdal/lib/roken/xdbm.h
deleted file mode 100644
index 618e074d1e66..000000000000
--- a/crypto/heimdal/lib/roken/xdbm.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright (c) 1995 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: xdbm.h 10986 2002-05-17 16:02:22Z joda $ */
-
-/* Generic *dbm include file */
-
-#ifndef __XDBM_H__
-#define __XDBM_H__
-
-#if HAVE_DB_NDBM
-#define DB_DBM_HSEARCH 1
-#include <db.h>
-#elif HAVE_NDBM
-#if defined(HAVE_GDBM_NDBM_H)
-#include <gdbm/ndbm.h>
-#elif defined(HAVE_NDBM_H)
-#include <ndbm.h>
-#endif
-#endif /* HAVE_NDBM */
-
-#endif /* __XDBM_H__ */
diff --git a/crypto/heimdal/lib/sl/ChangeLog b/crypto/heimdal/lib/sl/ChangeLog
deleted file mode 100644
index 3937232b063c..000000000000
--- a/crypto/heimdal/lib/sl/ChangeLog
+++ /dev/null
@@ -1,325 +0,0 @@
-2007-07-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: roken_rename.h is a dist_ source k
-
-	* Makefile.am: split source files in dist and nodist.
-
-2007-07-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: New library version.
-
-2007-06-18  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* sl.c: make compile.
-
-	* sl.c: Pass in pointer to strlen().
-
-	* sl.c (sl_make_argv): use memmove since we are dealing with
-	overlapping strings.
-
-2007-06-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: don't clean yacc/lex files in CLEANFILES,
-	maintainers clean will do that for us.
-	
-2007-06-01  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* slc-gram.y (main): also fclose yyin.
-	
-2007-04-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Add dependency on slc-gram.h for slc-lex.c, breaks
-	in disttree with make -j
-	
-2006-12-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test_sl.c: Fix caseing for case-sensitive filesystems
-	
-2006-12-27  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* test_sl.c: catch test that should fail but didn't
-
-	* test_sl.c: Test more quoting variants.
-
-	* sl_locl.h: Include <ctype.h>.
-
-	* test_sl.c: test sl_make_argv
-
-	* sl.c (sl_make_argv): Add quoting support (both "" and \ style).
-	
-2006-12-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* sl.c: Use strcspn to remove \n from fgets result. Prompted by
-	change by Ray Lai of OpenBSD via Bj�rn Sandell.
-	
-2006-10-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am (ES): add roken_rename.h
-	
-2006-08-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* sl.c (sl_slc_help): remove return
-	
-2006-08-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* sl.h: Add sl_slc_help.
-
-	* sl.c: Add sl_slc_help.
-	
-2005-07-27  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* slc-gram.y (gen_wrapper): use the generated version of name for
-	function, if no function is is used, also use the generated name
-	for the structure name.
-	
-2005-06-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* slc-gram.y: fix a merge error
-	
-	* slc-gram.y: rename optind to optidx, rename variables to avoid
-	shadowing
-
-	* make_cmds.c: rename optind to optidx, move variable define to
-	avoid shadowing
-
-	* ss.c: rename index to idx
-	
-	* sl.c: use rk_UNCONST to un-constify
-
-2005-05-10  Dave Love  <fx@gnu.org>
-
-	* slc-lex.l: Include <stdlib.h>.
-
-2005-05-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* sl.c (sl_command_loop): new return code -2 for EOF
-	(sl_loop): treat all return value from sl_command_loop >= 0 as ok, and
-	continue.
-
-2005-04-29  Dave Love  <fx@gnu.org>
-
-	* Makefile.am (LDADD): Add libsl.la.
-
-2005-04-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* slc-gram.y: include <config.h> since defines _GNU_SOURCE if
-	needed, avoid asprintf warning
-
-2005-01-21  Dave Love  <d.love@dl.ac.uk>
-
-	* slc-gram.y: include <roken.h>
-
-2005-01-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* slc-gram.y: cast argument to isalnum to unsigned char
-
-2004-09-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* slc-gram.y: add support for "strings" and "negative-flag" types,
-	plus some usability tweaks and bug fixes
-	
-2004-07-05  Johan Danielsson  <joda@pdc.kth.se>
-
-	* slc-gram.y: add min_args/max_args checking
-	
-2004-06-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* slc-gram.y: pull in <stdlib.h> and <vers.h> to avoid warnings
-	
-2004-03-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* sl.h: make it possible to use libsl from c++
-	From: Mattias Amnefelt <mattiasa@kth.se>
-	
-2002-05-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: just link mk_cmds against libsl; avoids libtool
-	problem
-
-2001-07-09  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: add getprogname.c libss.la:add libcom_err.la noted
-	by Leif Johansson <leifj@it.su.se>
-
-2001-05-17  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump versions to 1:2:1 and 1:4:1
-
-2001-05-06  Assar Westerlund  <assar@sics.se>
-
-	* roken_rename.h (strdup): add
-
-2001-03-06  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: re do the roken-renaming properly
-
-2001-02-13  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: add more functions to rename
-
-2001-01-26  Johan Danielsson  <joda@pdc.kth.se>
-
-	* sl.h: proto
-
-	* sl.c (sl_command_loop): try to handle user pressing C-c
-
-2000-12-11  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libss_la_LDFLAGS): bump version to 1:2:1
-
-2000-08-19  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: add dependencies for libss/libsl shared libraries
-
-2000-07-25  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: bump ss version to 1:1:1
-
-2000-06-27  Assar Westerlund  <assar@sics.se>
-
-	* parse.y (yyerror): static-ize
-	* make_cmds.h (error_message, yylex): add prototypes
-	* lex.l: fix prototypes and kill warnings
-
-2000-05-24  Assar Westerlund  <assar@sics.se>
-
-	* ss.h (SS_ET_COMMAND_NOT_FOUND): add
-	* ss.c: check allocation and return some other error codes too
-
-2000-04-29  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in: add LIB_tgetent.  From Derrick J Brashear
-	<shadow@dementia.org>
-
-2000-04-03  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 1:0:1
-
-2000-03-07  Assar Westerlund  <assar@sics.se>
-
-	* sl.h (SL_BADCOMMAND): define
-	(sl_apropos): add prototype
-
-	* sl.c: mandoc-generation
-	(sl_apropos): stolen from arla
-
-2000-01-06  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump both versions to 0:1:0
-
-1999-12-16  Assar Westerlund  <assar@sics.se>
-
-	* parse.y (name2number): not used here.  remove.
-
-Thu Apr  1 17:03:59 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* make_cmds.c: use getarg
-
-Tue Mar 23 14:36:21 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: don't rename
-
-Sun Mar 21 14:13:29 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: don't roken-rename
-
-Sat Mar 20 03:43:30 1999  Assar Westerlund  <assar@sics.se>
-
-	* parse.y: replace return with YYACCEPT
-
-Fri Mar 19 14:53:20 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: add libss; add version-info
-
-Thu Mar 18 15:07:06 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: clean lex.c parse.c parse.h
-
-	* Makefile.am: install ss.h
-
-	* Makefile.am: include Makefile.am.common
-
-Thu Mar 11 15:01:01 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* parse.y: prototype for error_message
-
-Tue Feb  9 23:45:37 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.in: add snprintf.o to make_cmds
-
-Sun Nov 22 10:46:23 1998  Assar Westerlund  <assar@sics.se>
-
-	* sl.c (sl_command_loop): remove unused variable
-
-	* ss.c (ss_error): remove unused variable
-
-	* make_cmds.c: include err.h
-	(main): remove unused variable
-
-	* Makefile.in (WFLAGS): set
-
-Sun Sep 27 01:28:21 1998  Assar Westerlund  <assar@sics.se>
-
-	* make_cmds.c: clean-up and simplification
-
-Mon May 25 02:54:13 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (clean): try to remove shared library debris
-
-	* Makefile.in: make symlink magic work
-
-Sun Apr 19 10:00:26 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in: add symlink magic for linux
-
-Sun Apr  5 09:21:43 1998  Assar Westerlund  <assar@sics.se>
-
-	* parse.y: define alloca to malloc in case we're using bison but
- 	don't have alloca
-
-Sat Mar 28 11:39:00 1998  Assar Westerlund  <assar@sics.se>
-
-	* sl.c (sl_loop): s/2/1
-
-Sat Mar 21 00:46:51 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* sl.c (sl_loop): check that there is at least one argument before
- 	calling sl_command
-
-Sun Mar  1 05:14:37 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* sl.c (sl_loop): Fix general broken-ness.
-
-	* sl.c: Cleanup printing of help strings.
-
-Thu Feb 26 02:22:02 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: @LEXLIB@
-
-Sat Feb 21 15:18:21 1998  assar westerlund  <assar@sics.se>
-
-	* Makefile.in: set YACC and LEX
-
-Mon Feb 16 16:08:25 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* Makefile.am: Some fixes for ss/mk_cmds.
-
-Sun Feb 15 05:12:11 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* Makefile.in: Install libsl under the `libss' name too. Install
- 	mk_cmds, and ss.h.
-
-	* make_cmds.c: A mk_cmds clone that creates SL structures.
-
-	* ss.c: SS compatibility functions.
-
-	* sl.c: Move command line split to function `sl_make_argv'.
-
-Tue Feb  3 16:45:44 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* sl.c: Add sl_command_loop, that is the loop body of sl_loop.
-
-Mon Oct 20 01:13:21 1997  Assar Westerlund  <assar@sics.se>
-
-	* sl.c (sl_help): actually use the `help' field of `SL_cmd'
-
diff --git a/crypto/heimdal/lib/sl/Makefile.am b/crypto/heimdal/lib/sl/Makefile.am
deleted file mode 100644
index 9c1b2dcebfab..000000000000
--- a/crypto/heimdal/lib/sl/Makefile.am
+++ /dev/null
@@ -1,63 +0,0 @@
-# $Id: Makefile.am 21625 2007-07-17 07:48:26Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-if do_roken_rename
-ES = strtok_r.c snprintf.c strdup.c strupr.c getprogname.c
-endif
-
-AM_CPPFLAGS += $(ROKEN_RENAME)
-
-YFLAGS = -d
-
-include_HEADERS = sl.h
-
-lib_LTLIBRARIES = libsl.la libss.la
-libsl_la_LDFLAGS = -version-info 2:1:2
-libss_la_LDFLAGS = -version-info 1:6:1
-
-libsl_la_LIBADD = @LIB_readline@
-libss_la_LIBADD = @LIB_readline@ @LIB_com_err@
-
-dist_libsl_la_SOURCES = sl_locl.h sl.c roken_rename.h
-nodist_libsl_la_SOURCES = $(ES)
-dist_libss_la_SOURCES = $(dist_libsl_la_SOURCES) ss.c ss.h
-nodist_libss_la_SOURCES = $(ES)
-
-TESTS = test_sl
-check_PROGRAMS = $(TESTS)	
-
-# install these?
-
-bin_PROGRAMS = mk_cmds
-noinst_PROGRAMS = slc
-
-mk_cmds_SOURCES = make_cmds.c make_cmds.h parse.y lex.l
-mk_cmds_LDADD = libsl.la $(LDADD)
-
-slc_SOURCES = slc-gram.y slc-lex.l slc.h
-
-ssincludedir = $(includedir)/ss
-ssinclude_HEADERS = ss.h
-
-CLEANFILES = snprintf.c strtok_r.c strdup.c strupr.c getprogname.c
-
-$(mk_cmds_OBJECTS): parse.h parse.c
-
-LDADD =						\
-	libsl.la				\
-	$(LIB_roken)				\
-	$(LEXLIB)
-
-strtok_r.c:
-	$(LN_S) $(srcdir)/../roken/strtok_r.c .
-snprintf.c:
-	$(LN_S) $(srcdir)/../roken/snprintf.c .
-strdup.c:
-	$(LN_S) $(srcdir)/../roken/strdup.c .
-strupr.c:
-	$(LN_S) $(srcdir)/../roken/strupr.c .
-getprogname.c:
-	$(LN_S) $(srcdir)/../roken/getprogname.c .
-
-slc-lex.c: slc-gram.h
diff --git a/crypto/heimdal/lib/sl/Makefile.in b/crypto/heimdal/lib/sl/Makefile.in
deleted file mode 100644
index 0814375a7b9e..000000000000
--- a/crypto/heimdal/lib/sl/Makefile.in
+++ /dev/null
@@ -1,1064 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 21625 2007-07-17 07:48:26Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(include_HEADERS) $(srcdir)/Makefile.am \
-	$(srcdir)/Makefile.in $(ssinclude_HEADERS) \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common ChangeLog lex.c parse.c \
-	parse.h slc-gram.c slc-gram.h slc-lex.c
-TESTS = test_sl$(EXEEXT)
-check_PROGRAMS = $(am__EXEEXT_1)
-bin_PROGRAMS = mk_cmds$(EXEEXT)
-noinst_PROGRAMS = slc$(EXEEXT)
-subdir = lib/sl
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
-    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
-    *) f=$$p;; \
-  esac;
-am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
-am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" \
-	"$(DESTDIR)$(includedir)" "$(DESTDIR)$(ssincludedir)"
-libLTLIBRARIES_INSTALL = $(INSTALL)
-LTLIBRARIES = $(lib_LTLIBRARIES)
-libsl_la_DEPENDENCIES =
-dist_libsl_la_OBJECTS = sl.lo
-@do_roken_rename_TRUE@am__objects_1 = strtok_r.lo snprintf.lo \
-@do_roken_rename_TRUE@	strdup.lo strupr.lo getprogname.lo
-nodist_libsl_la_OBJECTS = $(am__objects_1)
-libsl_la_OBJECTS = $(dist_libsl_la_OBJECTS) $(nodist_libsl_la_OBJECTS)
-libsl_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(libsl_la_LDFLAGS) \
-	$(LDFLAGS) -o $@
-libss_la_DEPENDENCIES =
-am__objects_2 = sl.lo
-dist_libss_la_OBJECTS = $(am__objects_2) ss.lo
-nodist_libss_la_OBJECTS = $(am__objects_1)
-libss_la_OBJECTS = $(dist_libss_la_OBJECTS) $(nodist_libss_la_OBJECTS)
-libss_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(libss_la_LDFLAGS) \
-	$(LDFLAGS) -o $@
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-am__EXEEXT_1 = test_sl$(EXEEXT)
-PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS)
-am_mk_cmds_OBJECTS = make_cmds.$(OBJEXT) parse.$(OBJEXT) lex.$(OBJEXT)
-mk_cmds_OBJECTS = $(am_mk_cmds_OBJECTS)
-am__DEPENDENCIES_1 =
-am__DEPENDENCIES_2 = libsl.la $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1)
-mk_cmds_DEPENDENCIES = libsl.la $(am__DEPENDENCIES_2)
-am_slc_OBJECTS = slc-gram.$(OBJEXT) slc-lex.$(OBJEXT)
-slc_OBJECTS = $(am_slc_OBJECTS)
-slc_LDADD = $(LDADD)
-slc_DEPENDENCIES = libsl.la $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1)
-test_sl_SOURCES = test_sl.c
-test_sl_OBJECTS = test_sl.$(OBJEXT)
-test_sl_LDADD = $(LDADD)
-test_sl_DEPENDENCIES = libsl.la $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-@MAINTAINER_MODE_FALSE@am__skiplex = test -f $@ ||
-LEXCOMPILE = $(LEX) $(LFLAGS) $(AM_LFLAGS)
-LTLEXCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(LEX) $(LFLAGS) $(AM_LFLAGS)
-YLWRAP = $(top_srcdir)/ylwrap
-@MAINTAINER_MODE_FALSE@am__skipyacc = test -f $@ ||
-YACCCOMPILE = $(YACC) $(YFLAGS) $(AM_YFLAGS)
-LTYACCCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(YACC) $(YFLAGS) $(AM_YFLAGS)
-SOURCES = $(dist_libsl_la_SOURCES) $(nodist_libsl_la_SOURCES) \
-	$(dist_libss_la_SOURCES) $(nodist_libss_la_SOURCES) \
-	$(mk_cmds_SOURCES) $(slc_SOURCES) test_sl.c
-DIST_SOURCES = $(dist_libsl_la_SOURCES) $(dist_libss_la_SOURCES) \
-	$(mk_cmds_SOURCES) $(slc_SOURCES) test_sl.c
-includeHEADERS_INSTALL = $(INSTALL_HEADER)
-ssincludeHEADERS_INSTALL = $(INSTALL_HEADER)
-HEADERS = $(include_HEADERS) $(ssinclude_HEADERS)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = -d
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
-	$(ROKEN_RENAME)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-@do_roken_rename_TRUE@ES = strtok_r.c snprintf.c strdup.c strupr.c getprogname.c
-include_HEADERS = sl.h
-lib_LTLIBRARIES = libsl.la libss.la
-libsl_la_LDFLAGS = -version-info 2:1:2
-libss_la_LDFLAGS = -version-info 1:6:1
-libsl_la_LIBADD = @LIB_readline@
-libss_la_LIBADD = @LIB_readline@ @LIB_com_err@
-dist_libsl_la_SOURCES = sl_locl.h sl.c roken_rename.h
-nodist_libsl_la_SOURCES = $(ES)
-dist_libss_la_SOURCES = $(dist_libsl_la_SOURCES) ss.c ss.h
-nodist_libss_la_SOURCES = $(ES)
-mk_cmds_SOURCES = make_cmds.c make_cmds.h parse.y lex.l
-mk_cmds_LDADD = libsl.la $(LDADD)
-slc_SOURCES = slc-gram.y slc-lex.l slc.h
-ssincludedir = $(includedir)/ss
-ssinclude_HEADERS = ss.h
-CLEANFILES = snprintf.c strtok_r.c strdup.c strupr.c getprogname.c
-LDADD = \
-	libsl.la				\
-	$(LIB_roken)				\
-	$(LEXLIB)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .l .lo .o .obj .y
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps lib/sl/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps lib/sl/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f=$(am__strip_dir) \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  p=$(am__strip_dir) \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
-	  $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test "$$dir" != "$$p" || dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-libsl.la: $(libsl_la_OBJECTS) $(libsl_la_DEPENDENCIES) 
-	$(libsl_la_LINK) -rpath $(libdir) $(libsl_la_OBJECTS) $(libsl_la_LIBADD) $(LIBS)
-libss.la: $(libss_la_OBJECTS) $(libss_la_DEPENDENCIES) 
-	$(libss_la_LINK) -rpath $(libdir) $(libss_la_OBJECTS) $(libss_la_LIBADD) $(LIBS)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(bindir)/$$f"; \
-	done
-
-clean-binPROGRAMS:
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-
-clean-checkPROGRAMS:
-	@list='$(check_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-
-clean-noinstPROGRAMS:
-	@list='$(noinst_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-parse.h: parse.c
-	@if test ! -f $@; then \
-	  rm -f parse.c; \
-	  $(MAKE) $(AM_MAKEFLAGS) parse.c; \
-	else :; fi
-mk_cmds$(EXEEXT): $(mk_cmds_OBJECTS) $(mk_cmds_DEPENDENCIES) 
-	@rm -f mk_cmds$(EXEEXT)
-	$(LINK) $(mk_cmds_OBJECTS) $(mk_cmds_LDADD) $(LIBS)
-slc-gram.h: slc-gram.c
-	@if test ! -f $@; then \
-	  rm -f slc-gram.c; \
-	  $(MAKE) $(AM_MAKEFLAGS) slc-gram.c; \
-	else :; fi
-slc$(EXEEXT): $(slc_OBJECTS) $(slc_DEPENDENCIES) 
-	@rm -f slc$(EXEEXT)
-	$(LINK) $(slc_OBJECTS) $(slc_LDADD) $(LIBS)
-test_sl$(EXEEXT): $(test_sl_OBJECTS) $(test_sl_DEPENDENCIES) 
-	@rm -f test_sl$(EXEEXT)
-	$(LINK) $(test_sl_OBJECTS) $(test_sl_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-.l.c:
-	$(am__skiplex) $(SHELL) $(YLWRAP) $< $(LEX_OUTPUT_ROOT).c $@ -- $(LEXCOMPILE)
-
-.y.c:
-	$(am__skipyacc) $(SHELL) $(YLWRAP) $< y.tab.c $@ y.tab.h $*.h y.output $*.output -- $(YACCCOMPILE)
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-includeHEADERS: $(include_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
-	  $(includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
-	done
-
-uninstall-includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(includedir)/$$f"; \
-	done
-install-ssincludeHEADERS: $(ssinclude_HEADERS)
-	@$(NORMAL_INSTALL)
-	test -z "$(ssincludedir)" || $(MKDIR_P) "$(DESTDIR)$(ssincludedir)"
-	@list='$(ssinclude_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(ssincludeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(ssincludedir)/$$f'"; \
-	  $(ssincludeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(ssincludedir)/$$f"; \
-	done
-
-uninstall-ssincludeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(ssinclude_HEADERS)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(ssincludedir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(ssincludedir)/$$f"; \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-check-TESTS: $(TESTS)
-	@failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[	 ]'; \
-	srcdir=$(srcdir); export srcdir; \
-	list=' $(TESTS) '; \
-	if test -n "$$list"; then \
-	  for tst in $$list; do \
-	    if test -f ./$$tst; then dir=./; \
-	    elif test -f $$tst; then dir=; \
-	    else dir="$(srcdir)/"; fi; \
-	    if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xpass=`expr $$xpass + 1`; \
-		failed=`expr $$failed + 1`; \
-		echo "XPASS: $$tst"; \
-	      ;; \
-	      *) \
-		echo "PASS: $$tst"; \
-	      ;; \
-	      esac; \
-	    elif test $$? -ne 77; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xfail=`expr $$xfail + 1`; \
-		echo "XFAIL: $$tst"; \
-	      ;; \
-	      *) \
-		failed=`expr $$failed + 1`; \
-		echo "FAIL: $$tst"; \
-	      ;; \
-	      esac; \
-	    else \
-	      skip=`expr $$skip + 1`; \
-	      echo "SKIP: $$tst"; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    if test "$$xfail" -eq 0; then \
-	      banner="All $$all tests passed"; \
-	    else \
-	      banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
-	    fi; \
-	  else \
-	    if test "$$xpass" -eq 0; then \
-	      banner="$$failed of $$all tests failed"; \
-	    else \
-	      banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
-	    fi; \
-	  fi; \
-	  dashes="$$banner"; \
-	  skipped=""; \
-	  if test "$$skip" -ne 0; then \
-	    skipped="($$skip tests were not run)"; \
-	    test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$skipped"; \
-	  fi; \
-	  report=""; \
-	  if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
-	    report="Please report to $(PACKAGE_BUGREPORT)"; \
-	    test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$report"; \
-	  fi; \
-	  dashes=`echo "$$dashes" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  test -z "$$skipped" || echo "$$skipped"; \
-	  test -z "$$report" || echo "$$report"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	else :; fi
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
-	$(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(HEADERS) all-local
-install-binPROGRAMS: install-libLTLIBRARIES
-
-installdirs:
-	for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" "$(DESTDIR)$(includedir)" "$(DESTDIR)$(ssincludedir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-	-rm -f lex.c
-	-rm -f parse.c
-	-rm -f parse.h
-	-rm -f slc-gram.c
-	-rm -f slc-gram.h
-	-rm -f slc-lex.c
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-checkPROGRAMS clean-generic \
-	clean-libLTLIBRARIES clean-libtool clean-noinstPROGRAMS \
-	mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-includeHEADERS install-ssincludeHEADERS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am: install-binPROGRAMS install-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-binPROGRAMS uninstall-includeHEADERS \
-	uninstall-libLTLIBRARIES uninstall-ssincludeHEADERS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-TESTS check-am \
-	check-local clean clean-binPROGRAMS clean-checkPROGRAMS \
-	clean-generic clean-libLTLIBRARIES clean-libtool \
-	clean-noinstPROGRAMS ctags dist-hook distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-binPROGRAMS install-data \
-	install-data-am install-data-hook install-dvi install-dvi-am \
-	install-exec install-exec-am install-exec-hook install-html \
-	install-html-am install-includeHEADERS install-info \
-	install-info-am install-libLTLIBRARIES install-man install-pdf \
-	install-pdf-am install-ps install-ps-am \
-	install-ssincludeHEADERS install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-binPROGRAMS \
-	uninstall-hook uninstall-includeHEADERS \
-	uninstall-libLTLIBRARIES uninstall-ssincludeHEADERS
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-$(mk_cmds_OBJECTS): parse.h parse.c
-
-strtok_r.c:
-	$(LN_S) $(srcdir)/../roken/strtok_r.c .
-snprintf.c:
-	$(LN_S) $(srcdir)/../roken/snprintf.c .
-strdup.c:
-	$(LN_S) $(srcdir)/../roken/strdup.c .
-strupr.c:
-	$(LN_S) $(srcdir)/../roken/strupr.c .
-getprogname.c:
-	$(LN_S) $(srcdir)/../roken/getprogname.c .
-
-slc-lex.c: slc-gram.h
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/sl/lex.c b/crypto/heimdal/lib/sl/lex.c
deleted file mode 100644
index 57e6a7c4de90..000000000000
--- a/crypto/heimdal/lib/sl/lex.c
+++ /dev/null
@@ -1,1880 +0,0 @@
-
-#line 3 "lex.c"
-
-#define  YY_INT_ALIGNED short int
-
-/* A lexical scanner generated by flex */
-
-#define FLEX_SCANNER
-#define YY_FLEX_MAJOR_VERSION 2
-#define YY_FLEX_MINOR_VERSION 5
-#define YY_FLEX_SUBMINOR_VERSION 33
-#if YY_FLEX_SUBMINOR_VERSION > 0
-#define FLEX_BETA
-#endif
-
-/* First, we deal with  platform-specific or compiler-specific issues. */
-
-/* begin standard C headers. */
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-#include <stdlib.h>
-
-/* end standard C headers. */
-
-/* flex integer type definitions */
-
-#ifndef FLEXINT_H
-#define FLEXINT_H
-
-/* C99 systems have <inttypes.h>. Non-C99 systems may or may not. */
-
-#if __STDC_VERSION__ >= 199901L
-
-/* C99 says to define __STDC_LIMIT_MACROS before including stdint.h,
- * if you want the limit (max/min) macros for int types. 
- */
-#ifndef __STDC_LIMIT_MACROS
-#define __STDC_LIMIT_MACROS 1
-#endif
-
-#include <inttypes.h>
-typedef int8_t flex_int8_t;
-typedef uint8_t flex_uint8_t;
-typedef int16_t flex_int16_t;
-typedef uint16_t flex_uint16_t;
-typedef int32_t flex_int32_t;
-typedef uint32_t flex_uint32_t;
-#else
-typedef signed char flex_int8_t;
-typedef short int flex_int16_t;
-typedef int flex_int32_t;
-typedef unsigned char flex_uint8_t; 
-typedef unsigned short int flex_uint16_t;
-typedef unsigned int flex_uint32_t;
-#endif /* ! C99 */
-
-/* Limits of integral types. */
-#ifndef INT8_MIN
-#define INT8_MIN               (-128)
-#endif
-#ifndef INT16_MIN
-#define INT16_MIN              (-32767-1)
-#endif
-#ifndef INT32_MIN
-#define INT32_MIN              (-2147483647-1)
-#endif
-#ifndef INT8_MAX
-#define INT8_MAX               (127)
-#endif
-#ifndef INT16_MAX
-#define INT16_MAX              (32767)
-#endif
-#ifndef INT32_MAX
-#define INT32_MAX              (2147483647)
-#endif
-#ifndef UINT8_MAX
-#define UINT8_MAX              (255U)
-#endif
-#ifndef UINT16_MAX
-#define UINT16_MAX             (65535U)
-#endif
-#ifndef UINT32_MAX
-#define UINT32_MAX             (4294967295U)
-#endif
-
-#endif /* ! FLEXINT_H */
-
-#ifdef __cplusplus
-
-/* The "const" storage-class-modifier is valid. */
-#define YY_USE_CONST
-
-#else	/* ! __cplusplus */
-
-#if __STDC__
-
-#define YY_USE_CONST
-
-#endif	/* __STDC__ */
-#endif	/* ! __cplusplus */
-
-#ifdef YY_USE_CONST
-#define yyconst const
-#else
-#define yyconst
-#endif
-
-/* Returned upon end-of-file. */
-#define YY_NULL 0
-
-/* Promotes a possibly negative, possibly signed char to an unsigned
- * integer for use as an array index.  If the signed char is negative,
- * we want to instead treat it as an 8-bit unsigned char, hence the
- * double cast.
- */
-#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c)
-
-/* Enter a start condition.  This macro really ought to take a parameter,
- * but we do it the disgusting crufty way forced on us by the ()-less
- * definition of BEGIN.
- */
-#define BEGIN (yy_start) = 1 + 2 *
-
-/* Translate the current start state into a value that can be later handed
- * to BEGIN to return to the state.  The YYSTATE alias is for lex
- * compatibility.
- */
-#define YY_START (((yy_start) - 1) / 2)
-#define YYSTATE YY_START
-
-/* Action number for EOF rule of a given start state. */
-#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1)
-
-/* Special action meaning "start processing a new file". */
-#define YY_NEW_FILE yyrestart(yyin  )
-
-#define YY_END_OF_BUFFER_CHAR 0
-
-/* Size of default input buffer. */
-#ifndef YY_BUF_SIZE
-#define YY_BUF_SIZE 16384
-#endif
-
-/* The state buf must be large enough to hold one state per character in the main buffer.
- */
-#define YY_STATE_BUF_SIZE   ((YY_BUF_SIZE + 2) * sizeof(yy_state_type))
-
-#ifndef YY_TYPEDEF_YY_BUFFER_STATE
-#define YY_TYPEDEF_YY_BUFFER_STATE
-typedef struct yy_buffer_state *YY_BUFFER_STATE;
-#endif
-
-extern int yyleng;
-
-extern FILE *yyin, *yyout;
-
-#define EOB_ACT_CONTINUE_SCAN 0
-#define EOB_ACT_END_OF_FILE 1
-#define EOB_ACT_LAST_MATCH 2
-
-    #define YY_LESS_LINENO(n)
-    
-/* Return all but the first "n" matched characters back to the input stream. */
-#define yyless(n) \
-	do \
-		{ \
-		/* Undo effects of setting up yytext. */ \
-        int yyless_macro_arg = (n); \
-        YY_LESS_LINENO(yyless_macro_arg);\
-		*yy_cp = (yy_hold_char); \
-		YY_RESTORE_YY_MORE_OFFSET \
-		(yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \
-		YY_DO_BEFORE_ACTION; /* set up yytext again */ \
-		} \
-	while ( 0 )
-
-#define unput(c) yyunput( c, (yytext_ptr)  )
-
-/* The following is because we cannot portably get our hands on size_t
- * (without autoconf's help, which isn't available because we want
- * flex-generated scanners to compile on their own).
- */
-
-#ifndef YY_TYPEDEF_YY_SIZE_T
-#define YY_TYPEDEF_YY_SIZE_T
-typedef unsigned int yy_size_t;
-#endif
-
-#ifndef YY_STRUCT_YY_BUFFER_STATE
-#define YY_STRUCT_YY_BUFFER_STATE
-struct yy_buffer_state
-	{
-	FILE *yy_input_file;
-
-	char *yy_ch_buf;		/* input buffer */
-	char *yy_buf_pos;		/* current position in input buffer */
-
-	/* Size of input buffer in bytes, not including room for EOB
-	 * characters.
-	 */
-	yy_size_t yy_buf_size;
-
-	/* Number of characters read into yy_ch_buf, not including EOB
-	 * characters.
-	 */
-	int yy_n_chars;
-
-	/* Whether we "own" the buffer - i.e., we know we created it,
-	 * and can realloc() it to grow it, and should free() it to
-	 * delete it.
-	 */
-	int yy_is_our_buffer;
-
-	/* Whether this is an "interactive" input source; if so, and
-	 * if we're using stdio for input, then we want to use getc()
-	 * instead of fread(), to make sure we stop fetching input after
-	 * each newline.
-	 */
-	int yy_is_interactive;
-
-	/* Whether we're considered to be at the beginning of a line.
-	 * If so, '^' rules will be active on the next match, otherwise
-	 * not.
-	 */
-	int yy_at_bol;
-
-    int yy_bs_lineno; /**< The line count. */
-    int yy_bs_column; /**< The column count. */
-    
-	/* Whether to try to fill the input buffer when we reach the
-	 * end of it.
-	 */
-	int yy_fill_buffer;
-
-	int yy_buffer_status;
-
-#define YY_BUFFER_NEW 0
-#define YY_BUFFER_NORMAL 1
-	/* When an EOF's been seen but there's still some text to process
-	 * then we mark the buffer as YY_EOF_PENDING, to indicate that we
-	 * shouldn't try reading from the input source any more.  We might
-	 * still have a bunch of tokens to match, though, because of
-	 * possible backing-up.
-	 *
-	 * When we actually see the EOF, we change the status to "new"
-	 * (via yyrestart()), so that the user can continue scanning by
-	 * just pointing yyin at a new input file.
-	 */
-#define YY_BUFFER_EOF_PENDING 2
-
-	};
-#endif /* !YY_STRUCT_YY_BUFFER_STATE */
-
-/* Stack of input buffers. */
-static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */
-static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */
-static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */
-
-/* We provide macros for accessing buffer states in case in the
- * future we want to put the buffer states in a more general
- * "scanner state".
- *
- * Returns the top of the stack, or NULL.
- */
-#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \
-                          ? (yy_buffer_stack)[(yy_buffer_stack_top)] \
-                          : NULL)
-
-/* Same as previous macro, but useful when we know that the buffer stack is not
- * NULL or when we need an lvalue. For internal use only.
- */
-#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)]
-
-/* yy_hold_char holds the character lost when yytext is formed. */
-static char yy_hold_char;
-static int yy_n_chars;		/* number of characters read into yy_ch_buf */
-int yyleng;
-
-/* Points to current character in buffer. */
-static char *yy_c_buf_p = (char *) 0;
-static int yy_init = 0;		/* whether we need to initialize */
-static int yy_start = 0;	/* start state number */
-
-/* Flag which is used to allow yywrap()'s to do buffer switches
- * instead of setting up a fresh yyin.  A bit of a hack ...
- */
-static int yy_did_buffer_switch_on_eof;
-
-void yyrestart (FILE *input_file  );
-void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer  );
-YY_BUFFER_STATE yy_create_buffer (FILE *file,int size  );
-void yy_delete_buffer (YY_BUFFER_STATE b  );
-void yy_flush_buffer (YY_BUFFER_STATE b  );
-void yypush_buffer_state (YY_BUFFER_STATE new_buffer  );
-void yypop_buffer_state (void );
-
-static void yyensure_buffer_stack (void );
-static void yy_load_buffer_state (void );
-static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file  );
-
-#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER )
-
-YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size  );
-YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str  );
-YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len  );
-
-void *yyalloc (yy_size_t  );
-void *yyrealloc (void *,yy_size_t  );
-void yyfree (void *  );
-
-#define yy_new_buffer yy_create_buffer
-
-#define yy_set_interactive(is_interactive) \
-	{ \
-	if ( ! YY_CURRENT_BUFFER ){ \
-        yyensure_buffer_stack (); \
-		YY_CURRENT_BUFFER_LVALUE =    \
-            yy_create_buffer(yyin,YY_BUF_SIZE ); \
-	} \
-	YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \
-	}
-
-#define yy_set_bol(at_bol) \
-	{ \
-	if ( ! YY_CURRENT_BUFFER ){\
-        yyensure_buffer_stack (); \
-		YY_CURRENT_BUFFER_LVALUE =    \
-            yy_create_buffer(yyin,YY_BUF_SIZE ); \
-	} \
-	YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \
-	}
-
-#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol)
-
-/* Begin user sect3 */
-
-typedef unsigned char YY_CHAR;
-
-FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0;
-
-typedef int yy_state_type;
-
-extern int yylineno;
-
-int yylineno = 1;
-
-extern char *yytext;
-#define yytext_ptr yytext
-
-static yy_state_type yy_get_previous_state (void );
-static yy_state_type yy_try_NUL_trans (yy_state_type current_state  );
-static int yy_get_next_buffer (void );
-static void yy_fatal_error (yyconst char msg[]  );
-
-/* Done after the current pattern has been matched and before the
- * corresponding action - sets up yytext.
- */
-#define YY_DO_BEFORE_ACTION \
-	(yytext_ptr) = yy_bp; \
-	yyleng = (size_t) (yy_cp - yy_bp); \
-	(yy_hold_char) = *yy_cp; \
-	*yy_cp = '\0'; \
-	(yy_c_buf_p) = yy_cp;
-
-#define YY_NUM_RULES 12
-#define YY_END_OF_BUFFER 13
-/* This struct is not used in this scanner,
-   but its presence is necessary. */
-struct yy_trans_info
-	{
-	flex_int32_t yy_verify;
-	flex_int32_t yy_nxt;
-	};
-static yyconst flex_int16_t yy_accept[54] =
-    {   0,
-        0,    0,   13,   11,    7,    8,    9,    6,   10,   10,
-       10,   10,   10,    6,   10,   10,   10,   10,   10,   10,
-        5,   10,   10,   10,   10,   10,   10,   10,   10,   10,
-       10,   10,   10,   10,   10,   10,   10,    2,   10,    3,
-       10,   10,   10,   10,   10,   10,   10,   10,   10,   10,
-        1,    4,    0
-    } ;
-
-static yyconst flex_int32_t yy_ec[256] =
-    {   0,
-        1,    1,    1,    1,    1,    1,    1,    1,    2,    3,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    2,    1,    4,    5,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    6,    6,    6,
-        6,    6,    6,    6,    6,    6,    6,    1,    1,    1,
-        1,    1,    1,    1,    6,    6,    6,    6,    6,    6,
-        6,    6,    6,    6,    6,    6,    6,    6,    6,    6,
-        6,    6,    6,    6,    6,    6,    6,    6,    6,    6,
-        1,    1,    1,    1,    7,    1,    8,    9,   10,   11,
-
-       12,    6,    6,    6,   13,    6,   14,   15,   16,   17,
-       18,   19,   20,   21,   22,   23,   24,    6,   25,    6,
-        6,    6,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1
-    } ;
-
-static yyconst flex_int32_t yy_meta[26] =
-    {   0,
-        1,    1,    2,    1,    1,    3,    3,    3,    3,    3,
-        3,    3,    3,    3,    3,    3,    3,    3,    3,    3,
-        3,    3,    3,    3,    3
-    } ;
-
-static yyconst flex_int16_t yy_base[57] =
-    {   0,
-        0,   24,   69,   70,   70,   70,   70,    0,    0,   50,
-       50,   54,   48,    0,    0,   48,   52,   42,    0,   45,
-        0,   36,   43,   41,   49,   44,   36,   35,   30,   24,
-       29,   18,   31,   18,   28,   22,   31,    0,   21,    0,
-       12,   21,   24,   14,   21,    0,    2,    4,    3,    0,
-        0,    0,   70,   48,   51,    3
-    } ;
-
-static yyconst flex_int16_t yy_def[57] =
-    {   0,
-       54,   54,   53,   53,   53,   53,   53,   55,   56,   56,
-       56,   56,   56,   55,   56,   56,   56,   56,   56,   56,
-       56,   56,   56,   56,   56,   56,   56,   56,   56,   56,
-       56,   56,   56,   56,   56,   56,   56,   56,   56,   56,
-       56,   56,   56,   56,   56,   56,   56,   56,   56,   56,
-       56,   56,    0,   53,   53,   53
-    } ;
-
-static yyconst flex_int16_t yy_nxt[96] =
-    {   0,
-        4,    5,    6,    7,    8,   15,   53,   53,   53,   10,
-       52,   11,   23,   24,   51,   50,   49,   53,   53,   53,
-       12,   53,   48,   13,    4,    5,    6,    7,    8,   47,
-       46,   45,   44,   10,   43,   11,   42,   41,   40,   39,
-       38,   37,   36,   35,   12,   34,   33,   13,    9,    9,
-        9,   14,   32,   14,   31,   30,   29,   28,   27,   26,
-       25,   22,   21,   20,   19,   18,   17,   16,   53,    3,
-       53,   53,   53,   53,   53,   53,   53,   53,   53,   53,
-       53,   53,   53,   53,   53,   53,   53,   53,   53,   53,
-       53,   53,   53,   53,   53
-
-    } ;
-
-static yyconst flex_int16_t yy_chk[96] =
-    {   0,
-        1,    1,    1,    1,    1,   56,    0,    0,    0,    1,
-       50,    1,   19,   19,   49,   48,   47,    0,    0,    0,
-        1,    0,   46,    1,    2,    2,    2,    2,    2,   45,
-       44,   43,   42,    2,   41,    2,   39,   37,   36,   35,
-       34,   33,   32,   31,    2,   30,   29,    2,   54,   54,
-       54,   55,   28,   55,   27,   26,   25,   24,   23,   22,
-       20,   18,   17,   16,   13,   12,   11,   10,    3,   53,
-       53,   53,   53,   53,   53,   53,   53,   53,   53,   53,
-       53,   53,   53,   53,   53,   53,   53,   53,   53,   53,
-       53,   53,   53,   53,   53
-
-    } ;
-
-static yy_state_type yy_last_accepting_state;
-static char *yy_last_accepting_cpos;
-
-extern int yy_flex_debug;
-int yy_flex_debug = 0;
-
-/* The intent behind this definition is that it'll catch
- * any uses of REJECT which flex missed.
- */
-#define REJECT reject_used_but_not_detected
-#define yymore() yymore_used_but_not_detected
-#define YY_MORE_ADJ 0
-#define YY_RESTORE_YY_MORE_OFFSET
-char *yytext;
-#line 1 "lex.l"
-#line 2 "lex.l"
-/*
- * Copyright (c) 1998 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#undef ECHO
-
-#include "make_cmds.h"
-#include "parse.h"
-
-RCSID("$Id: lex.l 10703 2001-09-16 23:10:10Z assar $");
-
-static unsigned lineno = 1;
-static int getstring(void);
-
-#define YY_NO_UNPUT
-
-#undef ECHO
-
-#line 538 "lex.c"
-
-#define INITIAL 0
-
-#ifndef YY_NO_UNISTD_H
-/* Special case for "unistd.h", since it is non-ANSI. We include it way
- * down here because we want the user's section 1 to have been scanned first.
- * The user has a chance to override it with an option.
- */
-#include <unistd.h>
-#endif
-
-#ifndef YY_EXTRA_TYPE
-#define YY_EXTRA_TYPE void *
-#endif
-
-static int yy_init_globals (void );
-
-/* Macros after this point can all be overridden by user definitions in
- * section 1.
- */
-
-#ifndef YY_SKIP_YYWRAP
-#ifdef __cplusplus
-extern "C" int yywrap (void );
-#else
-extern int yywrap (void );
-#endif
-#endif
-
-    static void yyunput (int c,char *buf_ptr  );
-    
-#ifndef yytext_ptr
-static void yy_flex_strncpy (char *,yyconst char *,int );
-#endif
-
-#ifdef YY_NEED_STRLEN
-static int yy_flex_strlen (yyconst char * );
-#endif
-
-#ifndef YY_NO_INPUT
-
-#ifdef __cplusplus
-static int yyinput (void );
-#else
-static int input (void );
-#endif
-
-#endif
-
-/* Amount of stuff to slurp up with each read. */
-#ifndef YY_READ_BUF_SIZE
-#define YY_READ_BUF_SIZE 8192
-#endif
-
-/* Copy whatever the last rule matched to the standard output. */
-#ifndef ECHO
-/* This used to be an fputs(), but since the string might contain NUL's,
- * we now use fwrite().
- */
-#define ECHO (void) fwrite( yytext, yyleng, 1, yyout )
-#endif
-
-/* Gets input and stuffs it into "buf".  number of characters read, or YY_NULL,
- * is returned in "result".
- */
-#ifndef YY_INPUT
-#define YY_INPUT(buf,result,max_size) \
-	if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \
-		{ \
-		int c = '*'; \
-		size_t n; \
-		for ( n = 0; n < max_size && \
-			     (c = getc( yyin )) != EOF && c != '\n'; ++n ) \
-			buf[n] = (char) c; \
-		if ( c == '\n' ) \
-			buf[n++] = (char) c; \
-		if ( c == EOF && ferror( yyin ) ) \
-			YY_FATAL_ERROR( "input in flex scanner failed" ); \
-		result = n; \
-		} \
-	else \
-		{ \
-		errno=0; \
-		while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \
-			{ \
-			if( errno != EINTR) \
-				{ \
-				YY_FATAL_ERROR( "input in flex scanner failed" ); \
-				break; \
-				} \
-			errno=0; \
-			clearerr(yyin); \
-			} \
-		}\
-\
-
-#endif
-
-/* No semi-colon after return; correct usage is to write "yyterminate();" -
- * we don't want an extra ';' after the "return" because that will cause
- * some compilers to complain about unreachable statements.
- */
-#ifndef yyterminate
-#define yyterminate() return YY_NULL
-#endif
-
-/* Number of entries by which start-condition stack grows. */
-#ifndef YY_START_STACK_INCR
-#define YY_START_STACK_INCR 25
-#endif
-
-/* Report a fatal error. */
-#ifndef YY_FATAL_ERROR
-#define YY_FATAL_ERROR(msg) yy_fatal_error( msg )
-#endif
-
-/* end tables serialization structures and prototypes */
-
-/* Default declaration of generated scanner - a define so the user can
- * easily add parameters.
- */
-#ifndef YY_DECL
-#define YY_DECL_IS_OURS 1
-
-extern int yylex (void);
-
-#define YY_DECL int yylex (void)
-#endif /* !YY_DECL */
-
-/* Code executed at the beginning of each rule, after yytext and yyleng
- * have been set up.
- */
-#ifndef YY_USER_ACTION
-#define YY_USER_ACTION
-#endif
-
-/* Code executed at the end of each rule. */
-#ifndef YY_BREAK
-#define YY_BREAK break;
-#endif
-
-#define YY_RULE_SETUP \
-	YY_USER_ACTION
-
-/** The main scanner function which does all the work.
- */
-YY_DECL
-{
-	register yy_state_type yy_current_state;
-	register char *yy_cp, *yy_bp;
-	register int yy_act;
-    
-#line 52 "lex.l"
-
-#line 693 "lex.c"
-
-	if ( !(yy_init) )
-		{
-		(yy_init) = 1;
-
-#ifdef YY_USER_INIT
-		YY_USER_INIT;
-#endif
-
-		if ( ! (yy_start) )
-			(yy_start) = 1;	/* first start state */
-
-		if ( ! yyin )
-			yyin = stdin;
-
-		if ( ! yyout )
-			yyout = stdout;
-
-		if ( ! YY_CURRENT_BUFFER ) {
-			yyensure_buffer_stack ();
-			YY_CURRENT_BUFFER_LVALUE =
-				yy_create_buffer(yyin,YY_BUF_SIZE );
-		}
-
-		yy_load_buffer_state( );
-		}
-
-	while ( 1 )		/* loops until end-of-file is reached */
-		{
-		yy_cp = (yy_c_buf_p);
-
-		/* Support of yytext. */
-		*yy_cp = (yy_hold_char);
-
-		/* yy_bp points to the position in yy_ch_buf of the start of
-		 * the current run.
-		 */
-		yy_bp = yy_cp;
-
-		yy_current_state = (yy_start);
-yy_match:
-		do
-			{
-			register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)];
-			if ( yy_accept[yy_current_state] )
-				{
-				(yy_last_accepting_state) = yy_current_state;
-				(yy_last_accepting_cpos) = yy_cp;
-				}
-			while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
-				{
-				yy_current_state = (int) yy_def[yy_current_state];
-				if ( yy_current_state >= 54 )
-					yy_c = yy_meta[(unsigned int) yy_c];
-				}
-			yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
-			++yy_cp;
-			}
-		while ( yy_base[yy_current_state] != 70 );
-
-yy_find_action:
-		yy_act = yy_accept[yy_current_state];
-		if ( yy_act == 0 )
-			{ /* have to back up */
-			yy_cp = (yy_last_accepting_cpos);
-			yy_current_state = (yy_last_accepting_state);
-			yy_act = yy_accept[yy_current_state];
-			}
-
-		YY_DO_BEFORE_ACTION;
-
-do_action:	/* This label is used only to access EOF actions. */
-
-		switch ( yy_act )
-	{ /* beginning of action switch */
-			case 0: /* must back up */
-			/* undo the effects of YY_DO_BEFORE_ACTION */
-			*yy_cp = (yy_hold_char);
-			yy_cp = (yy_last_accepting_cpos);
-			yy_current_state = (yy_last_accepting_state);
-			goto yy_find_action;
-
-case 1:
-YY_RULE_SETUP
-#line 53 "lex.l"
-{ return TABLE; }
-	YY_BREAK
-case 2:
-YY_RULE_SETUP
-#line 54 "lex.l"
-{ return REQUEST; }
-	YY_BREAK
-case 3:
-YY_RULE_SETUP
-#line 55 "lex.l"
-{ return UNKNOWN; }
-	YY_BREAK
-case 4:
-YY_RULE_SETUP
-#line 56 "lex.l"
-{ return UNIMPLEMENTED; }
-	YY_BREAK
-case 5:
-YY_RULE_SETUP
-#line 57 "lex.l"
-{ return END; }
-	YY_BREAK
-case 6:
-YY_RULE_SETUP
-#line 58 "lex.l"
-;
-	YY_BREAK
-case 7:
-YY_RULE_SETUP
-#line 59 "lex.l"
-;
-	YY_BREAK
-case 8:
-/* rule 8 can match eol */
-YY_RULE_SETUP
-#line 60 "lex.l"
-{ lineno++; }
-	YY_BREAK
-case 9:
-YY_RULE_SETUP
-#line 61 "lex.l"
-{ return getstring(); }
-	YY_BREAK
-case 10:
-YY_RULE_SETUP
-#line 62 "lex.l"
-{ yylval.string = strdup(yytext); return STRING; }
-	YY_BREAK
-case 11:
-YY_RULE_SETUP
-#line 63 "lex.l"
-{ return *yytext; }
-	YY_BREAK
-case 12:
-YY_RULE_SETUP
-#line 64 "lex.l"
-ECHO;
-	YY_BREAK
-#line 837 "lex.c"
-case YY_STATE_EOF(INITIAL):
-	yyterminate();
-
-	case YY_END_OF_BUFFER:
-		{
-		/* Amount of text matched not including the EOB char. */
-		int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1;
-
-		/* Undo the effects of YY_DO_BEFORE_ACTION. */
-		*yy_cp = (yy_hold_char);
-		YY_RESTORE_YY_MORE_OFFSET
-
-		if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW )
-			{
-			/* We're scanning a new file or input source.  It's
-			 * possible that this happened because the user
-			 * just pointed yyin at a new source and called
-			 * yylex().  If so, then we have to assure
-			 * consistency between YY_CURRENT_BUFFER and our
-			 * globals.  Here is the right place to do so, because
-			 * this is the first action (other than possibly a
-			 * back-up) that will match for the new input source.
-			 */
-			(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
-			YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin;
-			YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL;
-			}
-
-		/* Note that here we test for yy_c_buf_p "<=" to the position
-		 * of the first EOB in the buffer, since yy_c_buf_p will
-		 * already have been incremented past the NUL character
-		 * (since all states make transitions on EOB to the
-		 * end-of-buffer state).  Contrast this with the test
-		 * in input().
-		 */
-		if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
-			{ /* This was really a NUL. */
-			yy_state_type yy_next_state;
-
-			(yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text;
-
-			yy_current_state = yy_get_previous_state(  );
-
-			/* Okay, we're now positioned to make the NUL
-			 * transition.  We couldn't have
-			 * yy_get_previous_state() go ahead and do it
-			 * for us because it doesn't know how to deal
-			 * with the possibility of jamming (and we don't
-			 * want to build jamming into it because then it
-			 * will run more slowly).
-			 */
-
-			yy_next_state = yy_try_NUL_trans( yy_current_state );
-
-			yy_bp = (yytext_ptr) + YY_MORE_ADJ;
-
-			if ( yy_next_state )
-				{
-				/* Consume the NUL. */
-				yy_cp = ++(yy_c_buf_p);
-				yy_current_state = yy_next_state;
-				goto yy_match;
-				}
-
-			else
-				{
-				yy_cp = (yy_c_buf_p);
-				goto yy_find_action;
-				}
-			}
-
-		else switch ( yy_get_next_buffer(  ) )
-			{
-			case EOB_ACT_END_OF_FILE:
-				{
-				(yy_did_buffer_switch_on_eof) = 0;
-
-				if ( yywrap( ) )
-					{
-					/* Note: because we've taken care in
-					 * yy_get_next_buffer() to have set up
-					 * yytext, we can now set up
-					 * yy_c_buf_p so that if some total
-					 * hoser (like flex itself) wants to
-					 * call the scanner after we return the
-					 * YY_NULL, it'll still work - another
-					 * YY_NULL will get returned.
-					 */
-					(yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ;
-
-					yy_act = YY_STATE_EOF(YY_START);
-					goto do_action;
-					}
-
-				else
-					{
-					if ( ! (yy_did_buffer_switch_on_eof) )
-						YY_NEW_FILE;
-					}
-				break;
-				}
-
-			case EOB_ACT_CONTINUE_SCAN:
-				(yy_c_buf_p) =
-					(yytext_ptr) + yy_amount_of_matched_text;
-
-				yy_current_state = yy_get_previous_state(  );
-
-				yy_cp = (yy_c_buf_p);
-				yy_bp = (yytext_ptr) + YY_MORE_ADJ;
-				goto yy_match;
-
-			case EOB_ACT_LAST_MATCH:
-				(yy_c_buf_p) =
-				&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)];
-
-				yy_current_state = yy_get_previous_state(  );
-
-				yy_cp = (yy_c_buf_p);
-				yy_bp = (yytext_ptr) + YY_MORE_ADJ;
-				goto yy_find_action;
-			}
-		break;
-		}
-
-	default:
-		YY_FATAL_ERROR(
-			"fatal flex scanner internal error--no action found" );
-	} /* end of action switch */
-		} /* end of scanning one token */
-} /* end of yylex */
-
-/* yy_get_next_buffer - try to read in a new buffer
- *
- * Returns a code representing an action:
- *	EOB_ACT_LAST_MATCH -
- *	EOB_ACT_CONTINUE_SCAN - continue scanning from current position
- *	EOB_ACT_END_OF_FILE - end of file
- */
-static int yy_get_next_buffer (void)
-{
-    	register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf;
-	register char *source = (yytext_ptr);
-	register int number_to_move, i;
-	int ret_val;
-
-	if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] )
-		YY_FATAL_ERROR(
-		"fatal flex scanner internal error--end of buffer missed" );
-
-	if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 )
-		{ /* Don't try to fill the buffer, so this is an EOF. */
-		if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 )
-			{
-			/* We matched a single character, the EOB, so
-			 * treat this as a final EOF.
-			 */
-			return EOB_ACT_END_OF_FILE;
-			}
-
-		else
-			{
-			/* We matched some text prior to the EOB, first
-			 * process it.
-			 */
-			return EOB_ACT_LAST_MATCH;
-			}
-		}
-
-	/* Try to read more data. */
-
-	/* First move last chars to start of buffer. */
-	number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1;
-
-	for ( i = 0; i < number_to_move; ++i )
-		*(dest++) = *(source++);
-
-	if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING )
-		/* don't do the read, it's not guaranteed to return an EOF,
-		 * just force an EOF
-		 */
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0;
-
-	else
-		{
-			int num_to_read =
-			YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
-
-		while ( num_to_read <= 0 )
-			{ /* Not enough room in the buffer - grow it. */
-
-			/* just a shorter name for the current buffer */
-			YY_BUFFER_STATE b = YY_CURRENT_BUFFER;
-
-			int yy_c_buf_p_offset =
-				(int) ((yy_c_buf_p) - b->yy_ch_buf);
-
-			if ( b->yy_is_our_buffer )
-				{
-				int new_size = b->yy_buf_size * 2;
-
-				if ( new_size <= 0 )
-					b->yy_buf_size += b->yy_buf_size / 8;
-				else
-					b->yy_buf_size *= 2;
-
-				b->yy_ch_buf = (char *)
-					/* Include room in for 2 EOB chars. */
-					yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2  );
-				}
-			else
-				/* Can't grow it, we don't own it. */
-				b->yy_ch_buf = 0;
-
-			if ( ! b->yy_ch_buf )
-				YY_FATAL_ERROR(
-				"fatal error - scanner input buffer overflow" );
-
-			(yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset];
-
-			num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size -
-						number_to_move - 1;
-
-			}
-
-		if ( num_to_read > YY_READ_BUF_SIZE )
-			num_to_read = YY_READ_BUF_SIZE;
-
-		/* Read in more data. */
-		YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]),
-			(yy_n_chars), num_to_read );
-
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
-		}
-
-	if ( (yy_n_chars) == 0 )
-		{
-		if ( number_to_move == YY_MORE_ADJ )
-			{
-			ret_val = EOB_ACT_END_OF_FILE;
-			yyrestart(yyin  );
-			}
-
-		else
-			{
-			ret_val = EOB_ACT_LAST_MATCH;
-			YY_CURRENT_BUFFER_LVALUE->yy_buffer_status =
-				YY_BUFFER_EOF_PENDING;
-			}
-		}
-
-	else
-		ret_val = EOB_ACT_CONTINUE_SCAN;
-
-	(yy_n_chars) += number_to_move;
-	YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR;
-	YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR;
-
-	(yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0];
-
-	return ret_val;
-}
-
-/* yy_get_previous_state - get the state just before the EOB char was reached */
-
-    static yy_state_type yy_get_previous_state (void)
-{
-	register yy_state_type yy_current_state;
-	register char *yy_cp;
-    
-	yy_current_state = (yy_start);
-
-	for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp )
-		{
-		register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1);
-		if ( yy_accept[yy_current_state] )
-			{
-			(yy_last_accepting_state) = yy_current_state;
-			(yy_last_accepting_cpos) = yy_cp;
-			}
-		while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
-			{
-			yy_current_state = (int) yy_def[yy_current_state];
-			if ( yy_current_state >= 54 )
-				yy_c = yy_meta[(unsigned int) yy_c];
-			}
-		yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
-		}
-
-	return yy_current_state;
-}
-
-/* yy_try_NUL_trans - try to make a transition on the NUL character
- *
- * synopsis
- *	next_state = yy_try_NUL_trans( current_state );
- */
-    static yy_state_type yy_try_NUL_trans  (yy_state_type yy_current_state )
-{
-	register int yy_is_jam;
-    	register char *yy_cp = (yy_c_buf_p);
-
-	register YY_CHAR yy_c = 1;
-	if ( yy_accept[yy_current_state] )
-		{
-		(yy_last_accepting_state) = yy_current_state;
-		(yy_last_accepting_cpos) = yy_cp;
-		}
-	while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
-		{
-		yy_current_state = (int) yy_def[yy_current_state];
-		if ( yy_current_state >= 54 )
-			yy_c = yy_meta[(unsigned int) yy_c];
-		}
-	yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
-	yy_is_jam = (yy_current_state == 53);
-
-	return yy_is_jam ? 0 : yy_current_state;
-}
-
-    static void yyunput (int c, register char * yy_bp )
-{
-	register char *yy_cp;
-    
-    yy_cp = (yy_c_buf_p);
-
-	/* undo effects of setting up yytext */
-	*yy_cp = (yy_hold_char);
-
-	if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
-		{ /* need to shift things up to make room */
-		/* +2 for EOB chars. */
-		register int number_to_move = (yy_n_chars) + 2;
-		register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[
-					YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2];
-		register char *source =
-				&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move];
-
-		while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf )
-			*--dest = *--source;
-
-		yy_cp += (int) (dest - source);
-		yy_bp += (int) (dest - source);
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars =
-			(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size;
-
-		if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
-			YY_FATAL_ERROR( "flex scanner push-back overflow" );
-		}
-
-	*--yy_cp = (char) c;
-
-	(yytext_ptr) = yy_bp;
-	(yy_hold_char) = *yy_cp;
-	(yy_c_buf_p) = yy_cp;
-}
-
-#ifndef YY_NO_INPUT
-#ifdef __cplusplus
-    static int yyinput (void)
-#else
-    static int input  (void)
-#endif
-
-{
-	int c;
-    
-	*(yy_c_buf_p) = (yy_hold_char);
-
-	if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR )
-		{
-		/* yy_c_buf_p now points to the character we want to return.
-		 * If this occurs *before* the EOB characters, then it's a
-		 * valid NUL; if not, then we've hit the end of the buffer.
-		 */
-		if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
-			/* This was really a NUL. */
-			*(yy_c_buf_p) = '\0';
-
-		else
-			{ /* need more input */
-			int offset = (yy_c_buf_p) - (yytext_ptr);
-			++(yy_c_buf_p);
-
-			switch ( yy_get_next_buffer(  ) )
-				{
-				case EOB_ACT_LAST_MATCH:
-					/* This happens because yy_g_n_b()
-					 * sees that we've accumulated a
-					 * token and flags that we need to
-					 * try matching the token before
-					 * proceeding.  But for input(),
-					 * there's no matching to consider.
-					 * So convert the EOB_ACT_LAST_MATCH
-					 * to EOB_ACT_END_OF_FILE.
-					 */
-
-					/* Reset buffer status. */
-					yyrestart(yyin );
-
-					/*FALLTHROUGH*/
-
-				case EOB_ACT_END_OF_FILE:
-					{
-					if ( yywrap( ) )
-						return 0;
-
-					if ( ! (yy_did_buffer_switch_on_eof) )
-						YY_NEW_FILE;
-#ifdef __cplusplus
-					return yyinput();
-#else
-					return input();
-#endif
-					}
-
-				case EOB_ACT_CONTINUE_SCAN:
-					(yy_c_buf_p) = (yytext_ptr) + offset;
-					break;
-				}
-			}
-		}
-
-	c = *(unsigned char *) (yy_c_buf_p);	/* cast for 8-bit char's */
-	*(yy_c_buf_p) = '\0';	/* preserve yytext */
-	(yy_hold_char) = *++(yy_c_buf_p);
-
-	return c;
-}
-#endif	/* ifndef YY_NO_INPUT */
-
-/** Immediately switch to a different input stream.
- * @param input_file A readable stream.
- * 
- * @note This function does not reset the start condition to @c INITIAL .
- */
-    void yyrestart  (FILE * input_file )
-{
-    
-	if ( ! YY_CURRENT_BUFFER ){
-        yyensure_buffer_stack ();
-		YY_CURRENT_BUFFER_LVALUE =
-            yy_create_buffer(yyin,YY_BUF_SIZE );
-	}
-
-	yy_init_buffer(YY_CURRENT_BUFFER,input_file );
-	yy_load_buffer_state( );
-}
-
-/** Switch to a different input buffer.
- * @param new_buffer The new input buffer.
- * 
- */
-    void yy_switch_to_buffer  (YY_BUFFER_STATE  new_buffer )
-{
-    
-	/* TODO. We should be able to replace this entire function body
-	 * with
-	 *		yypop_buffer_state();
-	 *		yypush_buffer_state(new_buffer);
-     */
-	yyensure_buffer_stack ();
-	if ( YY_CURRENT_BUFFER == new_buffer )
-		return;
-
-	if ( YY_CURRENT_BUFFER )
-		{
-		/* Flush out information for old buffer. */
-		*(yy_c_buf_p) = (yy_hold_char);
-		YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
-		}
-
-	YY_CURRENT_BUFFER_LVALUE = new_buffer;
-	yy_load_buffer_state( );
-
-	/* We don't actually know whether we did this switch during
-	 * EOF (yywrap()) processing, but the only time this flag
-	 * is looked at is after yywrap() is called, so it's safe
-	 * to go ahead and always set it.
-	 */
-	(yy_did_buffer_switch_on_eof) = 1;
-}
-
-static void yy_load_buffer_state  (void)
-{
-    	(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
-	(yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos;
-	yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file;
-	(yy_hold_char) = *(yy_c_buf_p);
-}
-
-/** Allocate and initialize an input buffer state.
- * @param file A readable stream.
- * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE.
- * 
- * @return the allocated buffer state.
- */
-    YY_BUFFER_STATE yy_create_buffer  (FILE * file, int  size )
-{
-	YY_BUFFER_STATE b;
-    
-	b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state )  );
-	if ( ! b )
-		YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
-
-	b->yy_buf_size = size;
-
-	/* yy_ch_buf has to be 2 characters longer than the size given because
-	 * we need to put in 2 end-of-buffer characters.
-	 */
-	b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2  );
-	if ( ! b->yy_ch_buf )
-		YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
-
-	b->yy_is_our_buffer = 1;
-
-	yy_init_buffer(b,file );
-
-	return b;
-}
-
-/** Destroy the buffer.
- * @param b a buffer created with yy_create_buffer()
- * 
- */
-    void yy_delete_buffer (YY_BUFFER_STATE  b )
-{
-    
-	if ( ! b )
-		return;
-
-	if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */
-		YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0;
-
-	if ( b->yy_is_our_buffer )
-		yyfree((void *) b->yy_ch_buf  );
-
-	yyfree((void *) b  );
-}
-
-#ifndef __cplusplus
-extern int isatty (int );
-#endif /* __cplusplus */
-    
-/* Initializes or reinitializes a buffer.
- * This function is sometimes called more than once on the same buffer,
- * such as during a yyrestart() or at EOF.
- */
-    static void yy_init_buffer  (YY_BUFFER_STATE  b, FILE * file )
-
-{
-	int oerrno = errno;
-    
-	yy_flush_buffer(b );
-
-	b->yy_input_file = file;
-	b->yy_fill_buffer = 1;
-
-    /* If b is the current buffer, then yy_init_buffer was _probably_
-     * called from yyrestart() or through yy_get_next_buffer.
-     * In that case, we don't want to reset the lineno or column.
-     */
-    if (b != YY_CURRENT_BUFFER){
-        b->yy_bs_lineno = 1;
-        b->yy_bs_column = 0;
-    }
-
-        b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0;
-    
-	errno = oerrno;
-}
-
-/** Discard all buffered characters. On the next scan, YY_INPUT will be called.
- * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER.
- * 
- */
-    void yy_flush_buffer (YY_BUFFER_STATE  b )
-{
-    	if ( ! b )
-		return;
-
-	b->yy_n_chars = 0;
-
-	/* We always need two end-of-buffer characters.  The first causes
-	 * a transition to the end-of-buffer state.  The second causes
-	 * a jam in that state.
-	 */
-	b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR;
-	b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR;
-
-	b->yy_buf_pos = &b->yy_ch_buf[0];
-
-	b->yy_at_bol = 1;
-	b->yy_buffer_status = YY_BUFFER_NEW;
-
-	if ( b == YY_CURRENT_BUFFER )
-		yy_load_buffer_state( );
-}
-
-/** Pushes the new state onto the stack. The new state becomes
- *  the current state. This function will allocate the stack
- *  if necessary.
- *  @param new_buffer The new state.
- *  
- */
-void yypush_buffer_state (YY_BUFFER_STATE new_buffer )
-{
-    	if (new_buffer == NULL)
-		return;
-
-	yyensure_buffer_stack();
-
-	/* This block is copied from yy_switch_to_buffer. */
-	if ( YY_CURRENT_BUFFER )
-		{
-		/* Flush out information for old buffer. */
-		*(yy_c_buf_p) = (yy_hold_char);
-		YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
-		}
-
-	/* Only push if top exists. Otherwise, replace top. */
-	if (YY_CURRENT_BUFFER)
-		(yy_buffer_stack_top)++;
-	YY_CURRENT_BUFFER_LVALUE = new_buffer;
-
-	/* copied from yy_switch_to_buffer. */
-	yy_load_buffer_state( );
-	(yy_did_buffer_switch_on_eof) = 1;
-}
-
-/** Removes and deletes the top of the stack, if present.
- *  The next element becomes the new top.
- *  
- */
-void yypop_buffer_state (void)
-{
-    	if (!YY_CURRENT_BUFFER)
-		return;
-
-	yy_delete_buffer(YY_CURRENT_BUFFER );
-	YY_CURRENT_BUFFER_LVALUE = NULL;
-	if ((yy_buffer_stack_top) > 0)
-		--(yy_buffer_stack_top);
-
-	if (YY_CURRENT_BUFFER) {
-		yy_load_buffer_state( );
-		(yy_did_buffer_switch_on_eof) = 1;
-	}
-}
-
-/* Allocates the stack if it does not exist.
- *  Guarantees space for at least one push.
- */
-static void yyensure_buffer_stack (void)
-{
-	int num_to_alloc;
-    
-	if (!(yy_buffer_stack)) {
-
-		/* First allocation is just for 2 elements, since we don't know if this
-		 * scanner will even need a stack. We use 2 instead of 1 to avoid an
-		 * immediate realloc on the next call.
-         */
-		num_to_alloc = 1;
-		(yy_buffer_stack) = (struct yy_buffer_state**)yyalloc
-								(num_to_alloc * sizeof(struct yy_buffer_state*)
-								);
-		
-		memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*));
-				
-		(yy_buffer_stack_max) = num_to_alloc;
-		(yy_buffer_stack_top) = 0;
-		return;
-	}
-
-	if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){
-
-		/* Increase the buffer to prepare for a possible push. */
-		int grow_size = 8 /* arbitrary grow size */;
-
-		num_to_alloc = (yy_buffer_stack_max) + grow_size;
-		(yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc
-								((yy_buffer_stack),
-								num_to_alloc * sizeof(struct yy_buffer_state*)
-								);
-
-		/* zero only the new slots.*/
-		memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*));
-		(yy_buffer_stack_max) = num_to_alloc;
-	}
-}
-
-/** Setup the input buffer state to scan directly from a user-specified character buffer.
- * @param base the character buffer
- * @param size the size in bytes of the character buffer
- * 
- * @return the newly allocated buffer state object. 
- */
-YY_BUFFER_STATE yy_scan_buffer  (char * base, yy_size_t  size )
-{
-	YY_BUFFER_STATE b;
-    
-	if ( size < 2 ||
-	     base[size-2] != YY_END_OF_BUFFER_CHAR ||
-	     base[size-1] != YY_END_OF_BUFFER_CHAR )
-		/* They forgot to leave room for the EOB's. */
-		return 0;
-
-	b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state )  );
-	if ( ! b )
-		YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" );
-
-	b->yy_buf_size = size - 2;	/* "- 2" to take care of EOB's */
-	b->yy_buf_pos = b->yy_ch_buf = base;
-	b->yy_is_our_buffer = 0;
-	b->yy_input_file = 0;
-	b->yy_n_chars = b->yy_buf_size;
-	b->yy_is_interactive = 0;
-	b->yy_at_bol = 1;
-	b->yy_fill_buffer = 0;
-	b->yy_buffer_status = YY_BUFFER_NEW;
-
-	yy_switch_to_buffer(b  );
-
-	return b;
-}
-
-/** Setup the input buffer state to scan a string. The next call to yylex() will
- * scan from a @e copy of @a str.
- * @param str a NUL-terminated string to scan
- * 
- * @return the newly allocated buffer state object.
- * @note If you want to scan bytes that may contain NUL values, then use
- *       yy_scan_bytes() instead.
- */
-YY_BUFFER_STATE yy_scan_string (yyconst char * yystr )
-{
-    
-	return yy_scan_bytes(yystr,strlen(yystr) );
-}
-
-/** Setup the input buffer state to scan the given bytes. The next call to yylex() will
- * scan from a @e copy of @a bytes.
- * @param bytes the byte buffer to scan
- * @param len the number of bytes in the buffer pointed to by @a bytes.
- * 
- * @return the newly allocated buffer state object.
- */
-YY_BUFFER_STATE yy_scan_bytes  (yyconst char * yybytes, int  _yybytes_len )
-{
-	YY_BUFFER_STATE b;
-	char *buf;
-	yy_size_t n;
-	int i;
-    
-	/* Get memory for full buffer, including space for trailing EOB's. */
-	n = _yybytes_len + 2;
-	buf = (char *) yyalloc(n  );
-	if ( ! buf )
-		YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" );
-
-	for ( i = 0; i < _yybytes_len; ++i )
-		buf[i] = yybytes[i];
-
-	buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR;
-
-	b = yy_scan_buffer(buf,n );
-	if ( ! b )
-		YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" );
-
-	/* It's okay to grow etc. this buffer, and we should throw it
-	 * away when we're done.
-	 */
-	b->yy_is_our_buffer = 1;
-
-	return b;
-}
-
-#ifndef YY_EXIT_FAILURE
-#define YY_EXIT_FAILURE 2
-#endif
-
-static void yy_fatal_error (yyconst char* msg )
-{
-    	(void) fprintf( stderr, "%s\n", msg );
-	exit( YY_EXIT_FAILURE );
-}
-
-/* Redefine yyless() so it works in section 3 code. */
-
-#undef yyless
-#define yyless(n) \
-	do \
-		{ \
-		/* Undo effects of setting up yytext. */ \
-        int yyless_macro_arg = (n); \
-        YY_LESS_LINENO(yyless_macro_arg);\
-		yytext[yyleng] = (yy_hold_char); \
-		(yy_c_buf_p) = yytext + yyless_macro_arg; \
-		(yy_hold_char) = *(yy_c_buf_p); \
-		*(yy_c_buf_p) = '\0'; \
-		yyleng = yyless_macro_arg; \
-		} \
-	while ( 0 )
-
-/* Accessor  methods (get/set functions) to struct members. */
-
-/** Get the current line number.
- * 
- */
-int yyget_lineno  (void)
-{
-        
-    return yylineno;
-}
-
-/** Get the input stream.
- * 
- */
-FILE *yyget_in  (void)
-{
-        return yyin;
-}
-
-/** Get the output stream.
- * 
- */
-FILE *yyget_out  (void)
-{
-        return yyout;
-}
-
-/** Get the length of the current token.
- * 
- */
-int yyget_leng  (void)
-{
-        return yyleng;
-}
-
-/** Get the current token.
- * 
- */
-
-char *yyget_text  (void)
-{
-        return yytext;
-}
-
-/** Set the current line number.
- * @param line_number
- * 
- */
-void yyset_lineno (int  line_number )
-{
-    
-    yylineno = line_number;
-}
-
-/** Set the input stream. This does not discard the current
- * input buffer.
- * @param in_str A readable stream.
- * 
- * @see yy_switch_to_buffer
- */
-void yyset_in (FILE *  in_str )
-{
-        yyin = in_str ;
-}
-
-void yyset_out (FILE *  out_str )
-{
-        yyout = out_str ;
-}
-
-int yyget_debug  (void)
-{
-        return yy_flex_debug;
-}
-
-void yyset_debug (int  bdebug )
-{
-        yy_flex_debug = bdebug ;
-}
-
-static int yy_init_globals (void)
-{
-        /* Initialization is the same as for the non-reentrant scanner.
-     * This function is called from yylex_destroy(), so don't allocate here.
-     */
-
-    (yy_buffer_stack) = 0;
-    (yy_buffer_stack_top) = 0;
-    (yy_buffer_stack_max) = 0;
-    (yy_c_buf_p) = (char *) 0;
-    (yy_init) = 0;
-    (yy_start) = 0;
-
-/* Defined in main.c */
-#ifdef YY_STDINIT
-    yyin = stdin;
-    yyout = stdout;
-#else
-    yyin = (FILE *) 0;
-    yyout = (FILE *) 0;
-#endif
-
-    /* For future reference: Set errno on error, since we are called by
-     * yylex_init()
-     */
-    return 0;
-}
-
-/* yylex_destroy is for both reentrant and non-reentrant scanners. */
-int yylex_destroy  (void)
-{
-    
-    /* Pop the buffer stack, destroying each element. */
-	while(YY_CURRENT_BUFFER){
-		yy_delete_buffer(YY_CURRENT_BUFFER  );
-		YY_CURRENT_BUFFER_LVALUE = NULL;
-		yypop_buffer_state();
-	}
-
-	/* Destroy the stack itself. */
-	yyfree((yy_buffer_stack) );
-	(yy_buffer_stack) = NULL;
-
-    /* Reset the globals. This is important in a non-reentrant scanner so the next time
-     * yylex() is called, initialization will occur. */
-    yy_init_globals( );
-
-    return 0;
-}
-
-/*
- * Internal utility routines.
- */
-
-#ifndef yytext_ptr
-static void yy_flex_strncpy (char* s1, yyconst char * s2, int n )
-{
-	register int i;
-	for ( i = 0; i < n; ++i )
-		s1[i] = s2[i];
-}
-#endif
-
-#ifdef YY_NEED_STRLEN
-static int yy_flex_strlen (yyconst char * s )
-{
-	register int n;
-	for ( n = 0; s[n]; ++n )
-		;
-
-	return n;
-}
-#endif
-
-void *yyalloc (yy_size_t  size )
-{
-	return (void *) malloc( size );
-}
-
-void *yyrealloc  (void * ptr, yy_size_t  size )
-{
-	/* The cast to (char *) in the following accommodates both
-	 * implementations that use char* generic pointers, and those
-	 * that use void* generic pointers.  It works with the latter
-	 * because both ANSI C and C++ allow castless assignment from
-	 * any pointer type to void*, and deal with argument conversions
-	 * as though doing an assignment.
-	 */
-	return (void *) realloc( (char *) ptr, size );
-}
-
-void yyfree (void * ptr )
-{
-	free( (char *) ptr );	/* see yyrealloc() for (char *) cast */
-}
-
-#define YYTABLES_NAME "yytables"
-
-#line 64 "lex.l"
-
-
-
-#ifndef yywrap /* XXX */
-int
-yywrap () 
-{
-     return 1;
-}
-#endif
-
-static int
-getstring(void)
-{
-    char x[128];
-    int i = 0;
-    int c;
-    int backslash = 0;
-    while((c = input()) != EOF){
-	if(backslash) {
-	    if(c == 'n')
-		c = '\n';
-	    else if(c == 't')
-		c = '\t';
-	    x[i++] = c;
-	    backslash = 0;
-	    continue;
-	}
-	if(c == '\n'){
-	    error_message("unterminated string");
-	    lineno++;
-	    break;
-	}
-	if(c == '\\'){
-	    backslash++;
-	    continue;
-	}
-	if(c == '\"')
-	    break;
-	x[i++] = c;
-    }
-    x[i] = '\0';
-    yylval.string = strdup(x);
-    return STRING;
-}
-
-void
-error_message (const char *format, ...)
-{
-     va_list args;
-
-     va_start (args, format);
-     fprintf (stderr, "%s:%d: ", filename, lineno);
-     vfprintf (stderr, format, args);
-     va_end (args);
-     numerror++;
-}
-
diff --git a/crypto/heimdal/lib/sl/lex.l b/crypto/heimdal/lib/sl/lex.l
deleted file mode 100644
index b4f8a2cdbcf4..000000000000
--- a/crypto/heimdal/lib/sl/lex.l
+++ /dev/null
@@ -1,119 +0,0 @@
-%{
-/*
- * Copyright (c) 1998 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#undef ECHO
-
-#include "make_cmds.h"
-#include "parse.h"
-
-RCSID("$Id: lex.l 10703 2001-09-16 23:10:10Z assar $");
-
-static unsigned lineno = 1;
-static int getstring(void);
-
-#define YY_NO_UNPUT
-
-#undef ECHO
-
-%}
-
-
-%%
-command_table		{ return TABLE; }
-request			{ return REQUEST; }
-unknown			{ return UNKNOWN; }
-unimplemented		{ return UNIMPLEMENTED; }
-end			{ return END; }
-#[^\n]*			;
-[ \t]			;
-\n			{ lineno++; }
-\"			{ return getstring(); }
-[a-zA-Z0-9_]+		{ yylval.string = strdup(yytext); return STRING; }
-.			{ return *yytext; }
-%%
-
-#ifndef yywrap /* XXX */
-int
-yywrap () 
-{
-     return 1;
-}
-#endif
-
-static int
-getstring(void)
-{
-    char x[128];
-    int i = 0;
-    int c;
-    int backslash = 0;
-    while((c = input()) != EOF){
-	if(backslash) {
-	    if(c == 'n')
-		c = '\n';
-	    else if(c == 't')
-		c = '\t';
-	    x[i++] = c;
-	    backslash = 0;
-	    continue;
-	}
-	if(c == '\n'){
-	    error_message("unterminated string");
-	    lineno++;
-	    break;
-	}
-	if(c == '\\'){
-	    backslash++;
-	    continue;
-	}
-	if(c == '\"')
-	    break;
-	x[i++] = c;
-    }
-    x[i] = '\0';
-    yylval.string = strdup(x);
-    return STRING;
-}
-
-void
-error_message (const char *format, ...)
-{
-     va_list args;
-
-     va_start (args, format);
-     fprintf (stderr, "%s:%d: ", filename, lineno);
-     vfprintf (stderr, format, args);
-     va_end (args);
-     numerror++;
-}
diff --git a/crypto/heimdal/lib/sl/make_cmds.c b/crypto/heimdal/lib/sl/make_cmds.c
deleted file mode 100644
index c39be2136c97..000000000000
--- a/crypto/heimdal/lib/sl/make_cmds.c
+++ /dev/null
@@ -1,239 +0,0 @@
-/*
- * Copyright (c) 1998-1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "make_cmds.h"
-#include <getarg.h>
-
-RCSID("$Id: make_cmds.c 15430 2005-06-16 19:25:45Z lha $");
-
-#include <roken.h>
-#include <err.h>
-#include "parse.h"
-
-int numerror;
-extern FILE *yyin;
-FILE *c_file;
-
-extern void yyparse(void);
-
-#ifdef YYDEBUG
-extern int yydebug = 1;
-#endif
-
-char *filename;
-char *table_name;
-
-static struct command_list *commands;
-
-void
-add_command(char *function, 
-	    char *help, 
-	    struct string_list *aliases, 
-	    unsigned flags)
-{
-    struct command_list *cl = malloc(sizeof(*cl));
-
-    if (cl == NULL)
-	err (1, "malloc");
-    cl->function = function;
-    cl->help = help;
-    cl->aliases = aliases;
-    cl->flags = flags;
-    cl->next = NULL;
-    if(commands) {
-	*commands->tail = cl;
-	commands->tail = &cl->next;
-	return;
-    }
-    cl->tail = &cl->next;
-    commands = cl;
-}
-
-static char *
-quote(const char *str)
-{
-    char buf[1024]; /* XXX */
-    const char *p;
-    char *q;
-    q = buf;
-    
-    *q++ = '\"';
-    for(p = str; *p != '\0'; p++) {
-	if(*p == '\n') {
-	    *q++ = '\\';
-	    *q++ = 'n';
-	    continue;
-	}
-	if(*p == '\t') {
-	    *q++ = '\\';
-	    *q++ = 't';
-	    continue;
-	}
-	if(*p == '\"' || *p == '\\')
-	    *q++ = '\\';
-	*q++ = *p;
-    }
-    *q++ = '\"';
-    *q++ = '\0';
-    return strdup(buf);
-}
-
-static void
-generate_commands(void)
-{
-    char *base;
-    char *cfn;
-    char *p, *q;
-
-    p = strrchr(table_name, '/');
-    if(p == NULL)
-	p = table_name;
-    else
-	p++;
-
-    base = strdup (p);
-    if (base == NULL)
-	err (1, "strdup");
-
-    p = strrchr(base, '.');
-    if(p)
-	*p = '\0';
-    
-    asprintf(&cfn, "%s.c", base);
-    if (cfn == NULL)
-	err (1, "asprintf");
-
-    c_file = fopen(cfn, "w");
-    if (c_file == NULL)
-	err (1, "cannot fopen %s", cfn);
-    
-    fprintf(c_file, "/* Generated from %s */\n", filename);
-    fprintf(c_file, "\n");
-    fprintf(c_file, "#include <stddef.h>\n");
-    fprintf(c_file, "#include <sl.h>\n");
-    fprintf(c_file, "\n");
-
-    {
-	struct command_list *cl, *xl;
-
-	for(cl = commands; cl; cl = cl->next) {
-	    for(xl = commands; xl != cl; xl = xl->next)
-		if(strcmp(cl->function, xl->function) == 0)
-		    break;
-	    if(xl != cl)
-		continue;
-	    /* XXX hack for ss_quit */
-	    if(strcmp(cl->function, "ss_quit") == 0) {
-		fprintf(c_file, "int %s (int, char**);\n", cl->function);
-		fprintf(c_file, "#define _ss_quit_wrap ss_quit\n\n"); 
-		continue;
-	    }
-	    fprintf(c_file, "void %s (int, char**);\n", cl->function);
-	    fprintf(c_file, "static int _%s_wrap (int argc, char **argv)\n", 
-		    cl->function);
-	    fprintf(c_file, "{\n");
-	    fprintf(c_file, "  %s (argc, argv);\n", cl->function);
-	    fprintf(c_file, "  return 0;\n");
-	    fprintf(c_file, "}\n\n");
-	}
-
-	fprintf(c_file, "SL_cmd %s[] = {\n", table_name);
-	for(cl = commands; cl; cl = cl->next) {
-	    struct string_list *sl;
-	    sl = cl->aliases;
-	    p = quote(sl->string);
-	    q = quote(cl->help);
-	    fprintf(c_file, "  { %s, _%s_wrap, %s },\n", p, cl->function, q);
-	    free(p);
-	    free(q);
-    
-	    for(sl = sl->next; sl; sl = sl->next) {
-		p = quote(sl->string);
-		fprintf(c_file, "  { %s },\n", p);
-		free(p);
-	    }
-	}
-	fprintf(c_file, "  { NULL },\n");
-	fprintf(c_file, "};\n");
-	fprintf(c_file, "\n");
-    }
-    fclose(c_file);
-    free(base);
-    free(cfn);
-}
-
-int version_flag;
-int help_flag;
-struct getargs args[] = {
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 0, arg_flag, &help_flag }
-};
-int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(int code)
-{
-    arg_printusage(args, num_args, NULL, "command-table");
-    exit(code);
-}
-
-int
-main(int argc, char **argv)
-{
-    int optidx = 0;
-
-    setprogname(argv[0]);
-    if(getarg(args, num_args, argc, argv, &optidx))
-	usage(1);
-    if(help_flag)
-	usage(0);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-    
-    if(argc == optidx)
-	usage(1);
-    filename = argv[optidx];
-    yyin = fopen(filename, "r");
-    if(yyin == NULL)
-	err(1, "%s", filename);
-    
-    yyparse();
-    
-    generate_commands();
-
-    if(numerror)
-	return 1;
-    return 0;
-}
diff --git a/crypto/heimdal/lib/sl/make_cmds.h b/crypto/heimdal/lib/sl/make_cmds.h
deleted file mode 100644
index 818e5e85940d..000000000000
--- a/crypto/heimdal/lib/sl/make_cmds.h
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * Copyright (c) 1998 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: make_cmds.h 8467 2000-06-27 02:36:56Z assar $ */
-
-#ifndef __MAKE_CMDS_H__
-#define __MAKE_CMDS_H__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <stdarg.h>
-
-#include <roken.h>
-
-extern char *filename;
-extern char *table_name;
-extern int numerror;
-
-struct command_list {
-    char *function;
-    char *help;
-    struct string_list *aliases;
-    unsigned flags;
-    struct command_list *next;
-    struct command_list **tail;
-};
-
-struct string_list {
-    char *string;
-    struct string_list *next;
-    struct string_list **tail;
-};
-
-void add_command(char*, char*, struct string_list*, unsigned);
-
-void error_message(const char *, ...)
-    __attribute__ ((format (printf, 1,2)));
-
-int yylex (void);
-
-#endif /* __MAKE_CMDS_H__ */
diff --git a/crypto/heimdal/lib/sl/parse.c b/crypto/heimdal/lib/sl/parse.c
deleted file mode 100644
index f79318dc3862..000000000000
--- a/crypto/heimdal/lib/sl/parse.c
+++ /dev/null
@@ -1,1724 +0,0 @@
-/* A Bison parser, made by GNU Bison 2.3.  */
-
-/* Skeleton implementation for Bison's Yacc-like parsers in C
-
-   Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
-   Free Software Foundation, Inc.
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2, or (at your option)
-   any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 51 Franklin Street, Fifth Floor,
-   Boston, MA 02110-1301, USA.  */
-
-/* As a special exception, you may create a larger work that contains
-   part or all of the Bison parser skeleton and distribute that work
-   under terms of your choice, so long as that work isn't itself a
-   parser generator using the skeleton or a modified version thereof
-   as a parser skeleton.  Alternatively, if you modify or redistribute
-   the parser skeleton itself, you may (at your option) remove this
-   special exception, which will cause the skeleton and the resulting
-   Bison output files to be licensed under the GNU General Public
-   License without this special exception.
-
-   This special exception was added by the Free Software Foundation in
-   version 2.2 of Bison.  */
-
-/* C LALR(1) parser skeleton written by Richard Stallman, by
-   simplifying the original so-called "semantic" parser.  */
-
-/* All symbols defined below should begin with yy or YY, to avoid
-   infringing on user name space.  This should be done even for local
-   variables, as they might otherwise be expanded by user macros.
-   There are some unavoidable exceptions within include files to
-   define necessary library symbols; they are noted "INFRINGES ON
-   USER NAME SPACE" below.  */
-
-/* Identify Bison output.  */
-#define YYBISON 1
-
-/* Bison version.  */
-#define YYBISON_VERSION "2.3"
-
-/* Skeleton name.  */
-#define YYSKELETON_NAME "yacc.c"
-
-/* Pure parsers.  */
-#define YYPURE 0
-
-/* Using locations.  */
-#define YYLSP_NEEDED 0
-
-
-
-/* Tokens.  */
-#ifndef YYTOKENTYPE
-# define YYTOKENTYPE
-   /* Put the tokens into the symbol table, so that GDB and other debuggers
-      know about them.  */
-   enum yytokentype {
-     TABLE = 258,
-     REQUEST = 259,
-     UNKNOWN = 260,
-     UNIMPLEMENTED = 261,
-     END = 262,
-     STRING = 263
-   };
-#endif
-/* Tokens.  */
-#define TABLE 258
-#define REQUEST 259
-#define UNKNOWN 260
-#define UNIMPLEMENTED 261
-#define END 262
-#define STRING 263
-
-
-
-
-/* Copy the first part of user declarations.  */
-#line 1 "parse.y"
-
-/*
- * Copyright (c) 1998 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "make_cmds.h"
-RCSID("$Id: parse.y 21745 2007-07-31 16:11:25Z lha $");
-
-static void yyerror (char *s);
-
-struct string_list* append_string(struct string_list*, char*);
-void free_string_list(struct string_list *list);
-unsigned string_to_flag(const char *);
-
-/* This is for bison */
-
-#if !defined(alloca) && !defined(HAVE_ALLOCA)
-#define alloca(x) malloc(x)
-#endif
-
-
-
-/* Enabling traces.  */
-#ifndef YYDEBUG
-# define YYDEBUG 0
-#endif
-
-/* Enabling verbose error messages.  */
-#ifdef YYERROR_VERBOSE
-# undef YYERROR_VERBOSE
-# define YYERROR_VERBOSE 1
-#else
-# define YYERROR_VERBOSE 0
-#endif
-
-/* Enabling the token table.  */
-#ifndef YYTOKEN_TABLE
-# define YYTOKEN_TABLE 0
-#endif
-
-#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
-typedef union YYSTYPE
-#line 52 "parse.y"
-{
-  char *string;
-  unsigned number;
-  struct string_list *list;
-}
-/* Line 193 of yacc.c.  */
-#line 169 "parse.c"
-	YYSTYPE;
-# define yystype YYSTYPE /* obsolescent; will be withdrawn */
-# define YYSTYPE_IS_DECLARED 1
-# define YYSTYPE_IS_TRIVIAL 1
-#endif
-
-
-
-/* Copy the second part of user declarations.  */
-
-
-/* Line 216 of yacc.c.  */
-#line 182 "parse.c"
-
-#ifdef short
-# undef short
-#endif
-
-#ifdef YYTYPE_UINT8
-typedef YYTYPE_UINT8 yytype_uint8;
-#else
-typedef unsigned char yytype_uint8;
-#endif
-
-#ifdef YYTYPE_INT8
-typedef YYTYPE_INT8 yytype_int8;
-#elif (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-typedef signed char yytype_int8;
-#else
-typedef short int yytype_int8;
-#endif
-
-#ifdef YYTYPE_UINT16
-typedef YYTYPE_UINT16 yytype_uint16;
-#else
-typedef unsigned short int yytype_uint16;
-#endif
-
-#ifdef YYTYPE_INT16
-typedef YYTYPE_INT16 yytype_int16;
-#else
-typedef short int yytype_int16;
-#endif
-
-#ifndef YYSIZE_T
-# ifdef __SIZE_TYPE__
-#  define YYSIZE_T __SIZE_TYPE__
-# elif defined size_t
-#  define YYSIZE_T size_t
-# elif ! defined YYSIZE_T && (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-#  include <stddef.h> /* INFRINGES ON USER NAME SPACE */
-#  define YYSIZE_T size_t
-# else
-#  define YYSIZE_T unsigned int
-# endif
-#endif
-
-#define YYSIZE_MAXIMUM ((YYSIZE_T) -1)
-
-#ifndef YY_
-# if defined YYENABLE_NLS && YYENABLE_NLS
-#  if ENABLE_NLS
-#   include <libintl.h> /* INFRINGES ON USER NAME SPACE */
-#   define YY_(msgid) dgettext ("bison-runtime", msgid)
-#  endif
-# endif
-# ifndef YY_
-#  define YY_(msgid) msgid
-# endif
-#endif
-
-/* Suppress unused-variable warnings by "using" E.  */
-#if ! defined lint || defined __GNUC__
-# define YYUSE(e) ((void) (e))
-#else
-# define YYUSE(e) /* empty */
-#endif
-
-/* Identity function, used to suppress warnings about constant conditions.  */
-#ifndef lint
-# define YYID(n) (n)
-#else
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static int
-YYID (int i)
-#else
-static int
-YYID (i)
-    int i;
-#endif
-{
-  return i;
-}
-#endif
-
-#if ! defined yyoverflow || YYERROR_VERBOSE
-
-/* The parser invokes alloca or malloc; define the necessary symbols.  */
-
-# ifdef YYSTACK_USE_ALLOCA
-#  if YYSTACK_USE_ALLOCA
-#   ifdef __GNUC__
-#    define YYSTACK_ALLOC __builtin_alloca
-#   elif defined __BUILTIN_VA_ARG_INCR
-#    include <alloca.h> /* INFRINGES ON USER NAME SPACE */
-#   elif defined _AIX
-#    define YYSTACK_ALLOC __alloca
-#   elif defined _MSC_VER
-#    include <malloc.h> /* INFRINGES ON USER NAME SPACE */
-#    define alloca _alloca
-#   else
-#    define YYSTACK_ALLOC alloca
-#    if ! defined _ALLOCA_H && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-#     include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
-#     ifndef _STDLIB_H
-#      define _STDLIB_H 1
-#     endif
-#    endif
-#   endif
-#  endif
-# endif
-
-# ifdef YYSTACK_ALLOC
-   /* Pacify GCC's `empty if-body' warning.  */
-#  define YYSTACK_FREE(Ptr) do { /* empty */; } while (YYID (0))
-#  ifndef YYSTACK_ALLOC_MAXIMUM
-    /* The OS might guarantee only one guard page at the bottom of the stack,
-       and a page size can be as small as 4096 bytes.  So we cannot safely
-       invoke alloca (N) if N exceeds 4096.  Use a slightly smaller number
-       to allow for a few compiler-allocated temporary stack slots.  */
-#   define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2006 */
-#  endif
-# else
-#  define YYSTACK_ALLOC YYMALLOC
-#  define YYSTACK_FREE YYFREE
-#  ifndef YYSTACK_ALLOC_MAXIMUM
-#   define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM
-#  endif
-#  if (defined __cplusplus && ! defined _STDLIB_H \
-       && ! ((defined YYMALLOC || defined malloc) \
-	     && (defined YYFREE || defined free)))
-#   include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
-#   ifndef _STDLIB_H
-#    define _STDLIB_H 1
-#   endif
-#  endif
-#  ifndef YYMALLOC
-#   define YYMALLOC malloc
-#   if ! defined malloc && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */
-#   endif
-#  endif
-#  ifndef YYFREE
-#   define YYFREE free
-#   if ! defined free && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-void free (void *); /* INFRINGES ON USER NAME SPACE */
-#   endif
-#  endif
-# endif
-#endif /* ! defined yyoverflow || YYERROR_VERBOSE */
-
-
-#if (! defined yyoverflow \
-     && (! defined __cplusplus \
-	 || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL)))
-
-/* A type that is properly aligned for any stack member.  */
-union yyalloc
-{
-  yytype_int16 yyss;
-  YYSTYPE yyvs;
-  };
-
-/* The size of the maximum gap between one aligned stack and the next.  */
-# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1)
-
-/* The size of an array large to enough to hold all stacks, each with
-   N elements.  */
-# define YYSTACK_BYTES(N) \
-     ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \
-      + YYSTACK_GAP_MAXIMUM)
-
-/* Copy COUNT objects from FROM to TO.  The source and destination do
-   not overlap.  */
-# ifndef YYCOPY
-#  if defined __GNUC__ && 1 < __GNUC__
-#   define YYCOPY(To, From, Count) \
-      __builtin_memcpy (To, From, (Count) * sizeof (*(From)))
-#  else
-#   define YYCOPY(To, From, Count)		\
-      do					\
-	{					\
-	  YYSIZE_T yyi;				\
-	  for (yyi = 0; yyi < (Count); yyi++)	\
-	    (To)[yyi] = (From)[yyi];		\
-	}					\
-      while (YYID (0))
-#  endif
-# endif
-
-/* Relocate STACK from its old location to the new one.  The
-   local variables YYSIZE and YYSTACKSIZE give the old and new number of
-   elements in the stack, and YYPTR gives the new location of the
-   stack.  Advance YYPTR to a properly aligned location for the next
-   stack.  */
-# define YYSTACK_RELOCATE(Stack)					\
-    do									\
-      {									\
-	YYSIZE_T yynewbytes;						\
-	YYCOPY (&yyptr->Stack, Stack, yysize);				\
-	Stack = &yyptr->Stack;						\
-	yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \
-	yyptr += yynewbytes / sizeof (*yyptr);				\
-      }									\
-    while (YYID (0))
-
-#endif
-
-/* YYFINAL -- State number of the termination state.  */
-#define YYFINAL  15
-/* YYLAST -- Last index in YYTABLE.  */
-#define YYLAST   37
-
-/* YYNTOKENS -- Number of terminals.  */
-#define YYNTOKENS  13
-/* YYNNTS -- Number of nonterminals.  */
-#define YYNNTS  7
-/* YYNRULES -- Number of rules.  */
-#define YYNRULES  16
-/* YYNRULES -- Number of states.  */
-#define YYNSTATES  40
-
-/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX.  */
-#define YYUNDEFTOK  2
-#define YYMAXUTOK   263
-
-#define YYTRANSLATE(YYX)						\
-  ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK)
-
-/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX.  */
-static const yytype_uint8 yytranslate[] =
-{
-       0,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-      11,    12,     2,     2,    10,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     9,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     1,     2,     3,     4,
-       5,     6,     7,     8
-};
-
-#if YYDEBUG
-/* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in
-   YYRHS.  */
-static const yytype_uint8 yyprhs[] =
-{
-       0,     0,     3,     4,     6,     8,    11,    15,    27,    35,
-      43,    47,    50,    52,    56,    58,    62
-};
-
-/* YYRHS -- A `-1'-separated list of the rules' RHS.  */
-static const yytype_int8 yyrhs[] =
-{
-      14,     0,    -1,    -1,    15,    -1,    16,    -1,    15,    16,
-      -1,     3,     8,     9,    -1,     4,     8,    10,     8,    10,
-      17,    10,    11,    18,    12,     9,    -1,     4,     8,    10,
-       8,    10,    17,     9,    -1,     6,     8,    10,     8,    10,
-      17,     9,    -1,     5,    17,     9,    -1,     7,     9,    -1,
-       8,    -1,    17,    10,     8,    -1,    19,    -1,    18,    10,
-      19,    -1,     8,    -1
-};
-
-/* YYRLINE[YYN] -- source line where rule number YYN was defined.  */
-static const yytype_uint8 yyrline[] =
-{
-       0,    65,    65,    66,    69,    70,    73,    77,    81,    85,
-      91,    95,   101,   105,   111,   115,   120
-};
-#endif
-
-#if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE
-/* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM.
-   First, the terminals, then, starting at YYNTOKENS, nonterminals.  */
-static const char *const yytname[] =
-{
-  "$end", "error", "$undefined", "TABLE", "REQUEST", "UNKNOWN",
-  "UNIMPLEMENTED", "END", "STRING", "';'", "','", "'('", "')'", "$accept",
-  "file", "statements", "statement", "aliases", "flags", "flag", 0
-};
-#endif
-
-# ifdef YYPRINT
-/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to
-   token YYLEX-NUM.  */
-static const yytype_uint16 yytoknum[] =
-{
-       0,   256,   257,   258,   259,   260,   261,   262,   263,    59,
-      44,    40,    41
-};
-# endif
-
-/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives.  */
-static const yytype_uint8 yyr1[] =
-{
-       0,    13,    14,    14,    15,    15,    16,    16,    16,    16,
-      16,    16,    17,    17,    18,    18,    19
-};
-
-/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN.  */
-static const yytype_uint8 yyr2[] =
-{
-       0,     2,     0,     1,     1,     2,     3,    11,     7,     7,
-       3,     2,     1,     3,     1,     3,     1
-};
-
-/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state
-   STATE-NUM when YYTABLE doesn't specify something else to do.  Zero
-   means the default is an error.  */
-static const yytype_uint8 yydefact[] =
-{
-       2,     0,     0,     0,     0,     0,     0,     3,     4,     0,
-       0,    12,     0,     0,    11,     1,     5,     6,     0,    10,
-       0,     0,     0,    13,     0,     0,     0,     0,     0,     8,
-       0,     9,     0,    16,     0,    14,     0,     0,    15,     7
-};
-
-/* YYDEFGOTO[NTERM-NUM].  */
-static const yytype_int8 yydefgoto[] =
-{
-      -1,     6,     7,     8,    12,    34,    35
-};
-
-/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing
-   STATE-NUM.  */
-#define YYPACT_NINF -10
-static const yytype_int8 yypact[] =
-{
-      -3,     0,    10,    11,    12,    13,    21,    -3,   -10,    14,
-      15,   -10,     1,    16,   -10,   -10,   -10,   -10,    19,   -10,
-      20,    22,    23,   -10,    24,    11,    11,     3,     5,   -10,
-      -2,   -10,    27,   -10,    -5,   -10,    27,    28,   -10,   -10
-};
-
-/* YYPGOTO[NTERM-NUM].  */
-static const yytype_int8 yypgoto[] =
-{
-     -10,   -10,   -10,    17,    -9,   -10,    -7
-};
-
-/* YYTABLE[YYPACT[STATE-NUM]].  What to do in state STATE-NUM.  If
-   positive, shift that token.  If negative, reduce the rule which
-   number is the opposite.  If zero, do what YYDEFACT says.
-   If YYTABLE_NINF, syntax error.  */
-#define YYTABLE_NINF -1
-static const yytype_uint8 yytable[] =
-{
-       1,     2,     3,     4,     5,    36,    23,    37,     9,    32,
-      19,    20,    29,    30,    31,    20,    27,    28,    10,    11,
-      13,    15,    14,    17,    16,    18,    21,    22,    23,    38,
-      24,     0,     0,    25,    26,    33,     0,    39
-};
-
-static const yytype_int8 yycheck[] =
-{
-       3,     4,     5,     6,     7,    10,     8,    12,     8,    11,
-       9,    10,     9,    10,     9,    10,    25,    26,     8,     8,
-       8,     0,     9,     9,     7,    10,    10,     8,     8,    36,
-       8,    -1,    -1,    10,    10,     8,    -1,     9
-};
-
-/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
-   symbol of state STATE-NUM.  */
-static const yytype_uint8 yystos[] =
-{
-       0,     3,     4,     5,     6,     7,    14,    15,    16,     8,
-       8,     8,    17,     8,     9,     0,    16,     9,    10,     9,
-      10,    10,     8,     8,     8,    10,    10,    17,    17,     9,
-      10,     9,    11,     8,    18,    19,    10,    12,    19,     9
-};
-
-#define yyerrok		(yyerrstatus = 0)
-#define yyclearin	(yychar = YYEMPTY)
-#define YYEMPTY		(-2)
-#define YYEOF		0
-
-#define YYACCEPT	goto yyacceptlab
-#define YYABORT		goto yyabortlab
-#define YYERROR		goto yyerrorlab
-
-
-/* Like YYERROR except do call yyerror.  This remains here temporarily
-   to ease the transition to the new meaning of YYERROR, for GCC.
-   Once GCC version 2 has supplanted version 1, this can go.  */
-
-#define YYFAIL		goto yyerrlab
-
-#define YYRECOVERING()  (!!yyerrstatus)
-
-#define YYBACKUP(Token, Value)					\
-do								\
-  if (yychar == YYEMPTY && yylen == 1)				\
-    {								\
-      yychar = (Token);						\
-      yylval = (Value);						\
-      yytoken = YYTRANSLATE (yychar);				\
-      YYPOPSTACK (1);						\
-      goto yybackup;						\
-    }								\
-  else								\
-    {								\
-      yyerror (YY_("syntax error: cannot back up")); \
-      YYERROR;							\
-    }								\
-while (YYID (0))
-
-
-#define YYTERROR	1
-#define YYERRCODE	256
-
-
-/* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N].
-   If N is 0, then set CURRENT to the empty location which ends
-   the previous symbol: RHS[0] (always defined).  */
-
-#define YYRHSLOC(Rhs, K) ((Rhs)[K])
-#ifndef YYLLOC_DEFAULT
-# define YYLLOC_DEFAULT(Current, Rhs, N)				\
-    do									\
-      if (YYID (N))                                                    \
-	{								\
-	  (Current).first_line   = YYRHSLOC (Rhs, 1).first_line;	\
-	  (Current).first_column = YYRHSLOC (Rhs, 1).first_column;	\
-	  (Current).last_line    = YYRHSLOC (Rhs, N).last_line;		\
-	  (Current).last_column  = YYRHSLOC (Rhs, N).last_column;	\
-	}								\
-      else								\
-	{								\
-	  (Current).first_line   = (Current).last_line   =		\
-	    YYRHSLOC (Rhs, 0).last_line;				\
-	  (Current).first_column = (Current).last_column =		\
-	    YYRHSLOC (Rhs, 0).last_column;				\
-	}								\
-    while (YYID (0))
-#endif
-
-
-/* YY_LOCATION_PRINT -- Print the location on the stream.
-   This macro was not mandated originally: define only if we know
-   we won't break user code: when these are the locations we know.  */
-
-#ifndef YY_LOCATION_PRINT
-# if defined YYLTYPE_IS_TRIVIAL && YYLTYPE_IS_TRIVIAL
-#  define YY_LOCATION_PRINT(File, Loc)			\
-     fprintf (File, "%d.%d-%d.%d",			\
-	      (Loc).first_line, (Loc).first_column,	\
-	      (Loc).last_line,  (Loc).last_column)
-# else
-#  define YY_LOCATION_PRINT(File, Loc) ((void) 0)
-# endif
-#endif
-
-
-/* YYLEX -- calling `yylex' with the right arguments.  */
-
-#ifdef YYLEX_PARAM
-# define YYLEX yylex (YYLEX_PARAM)
-#else
-# define YYLEX yylex ()
-#endif
-
-/* Enable debugging if requested.  */
-#if YYDEBUG
-
-# ifndef YYFPRINTF
-#  include <stdio.h> /* INFRINGES ON USER NAME SPACE */
-#  define YYFPRINTF fprintf
-# endif
-
-# define YYDPRINTF(Args)			\
-do {						\
-  if (yydebug)					\
-    YYFPRINTF Args;				\
-} while (YYID (0))
-
-# define YY_SYMBOL_PRINT(Title, Type, Value, Location)			  \
-do {									  \
-  if (yydebug)								  \
-    {									  \
-      YYFPRINTF (stderr, "%s ", Title);					  \
-      yy_symbol_print (stderr,						  \
-		  Type, Value); \
-      YYFPRINTF (stderr, "\n");						  \
-    }									  \
-} while (YYID (0))
-
-
-/*--------------------------------.
-| Print this symbol on YYOUTPUT.  |
-`--------------------------------*/
-
-/*ARGSUSED*/
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yy_symbol_value_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
-#else
-static void
-yy_symbol_value_print (yyoutput, yytype, yyvaluep)
-    FILE *yyoutput;
-    int yytype;
-    YYSTYPE const * const yyvaluep;
-#endif
-{
-  if (!yyvaluep)
-    return;
-# ifdef YYPRINT
-  if (yytype < YYNTOKENS)
-    YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep);
-# else
-  YYUSE (yyoutput);
-# endif
-  switch (yytype)
-    {
-      default:
-	break;
-    }
-}
-
-
-/*--------------------------------.
-| Print this symbol on YYOUTPUT.  |
-`--------------------------------*/
-
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yy_symbol_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
-#else
-static void
-yy_symbol_print (yyoutput, yytype, yyvaluep)
-    FILE *yyoutput;
-    int yytype;
-    YYSTYPE const * const yyvaluep;
-#endif
-{
-  if (yytype < YYNTOKENS)
-    YYFPRINTF (yyoutput, "token %s (", yytname[yytype]);
-  else
-    YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]);
-
-  yy_symbol_value_print (yyoutput, yytype, yyvaluep);
-  YYFPRINTF (yyoutput, ")");
-}
-
-/*------------------------------------------------------------------.
-| yy_stack_print -- Print the state stack from its BOTTOM up to its |
-| TOP (included).                                                   |
-`------------------------------------------------------------------*/
-
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yy_stack_print (yytype_int16 *bottom, yytype_int16 *top)
-#else
-static void
-yy_stack_print (bottom, top)
-    yytype_int16 *bottom;
-    yytype_int16 *top;
-#endif
-{
-  YYFPRINTF (stderr, "Stack now");
-  for (; bottom <= top; ++bottom)
-    YYFPRINTF (stderr, " %d", *bottom);
-  YYFPRINTF (stderr, "\n");
-}
-
-# define YY_STACK_PRINT(Bottom, Top)				\
-do {								\
-  if (yydebug)							\
-    yy_stack_print ((Bottom), (Top));				\
-} while (YYID (0))
-
-
-/*------------------------------------------------.
-| Report that the YYRULE is going to be reduced.  |
-`------------------------------------------------*/
-
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yy_reduce_print (YYSTYPE *yyvsp, int yyrule)
-#else
-static void
-yy_reduce_print (yyvsp, yyrule)
-    YYSTYPE *yyvsp;
-    int yyrule;
-#endif
-{
-  int yynrhs = yyr2[yyrule];
-  int yyi;
-  unsigned long int yylno = yyrline[yyrule];
-  YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n",
-	     yyrule - 1, yylno);
-  /* The symbols being reduced.  */
-  for (yyi = 0; yyi < yynrhs; yyi++)
-    {
-      fprintf (stderr, "   $%d = ", yyi + 1);
-      yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi],
-		       &(yyvsp[(yyi + 1) - (yynrhs)])
-		       		       );
-      fprintf (stderr, "\n");
-    }
-}
-
-# define YY_REDUCE_PRINT(Rule)		\
-do {					\
-  if (yydebug)				\
-    yy_reduce_print (yyvsp, Rule); \
-} while (YYID (0))
-
-/* Nonzero means print parse trace.  It is left uninitialized so that
-   multiple parsers can coexist.  */
-int yydebug;
-#else /* !YYDEBUG */
-# define YYDPRINTF(Args)
-# define YY_SYMBOL_PRINT(Title, Type, Value, Location)
-# define YY_STACK_PRINT(Bottom, Top)
-# define YY_REDUCE_PRINT(Rule)
-#endif /* !YYDEBUG */
-
-
-/* YYINITDEPTH -- initial size of the parser's stacks.  */
-#ifndef	YYINITDEPTH
-# define YYINITDEPTH 200
-#endif
-
-/* YYMAXDEPTH -- maximum size the stacks can grow to (effective only
-   if the built-in stack extension method is used).
-
-   Do not make this value too large; the results are undefined if
-   YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH)
-   evaluated with infinite-precision integer arithmetic.  */
-
-#ifndef YYMAXDEPTH
-# define YYMAXDEPTH 10000
-#endif
-
-
-
-#if YYERROR_VERBOSE
-
-# ifndef yystrlen
-#  if defined __GLIBC__ && defined _STRING_H
-#   define yystrlen strlen
-#  else
-/* Return the length of YYSTR.  */
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static YYSIZE_T
-yystrlen (const char *yystr)
-#else
-static YYSIZE_T
-yystrlen (yystr)
-    const char *yystr;
-#endif
-{
-  YYSIZE_T yylen;
-  for (yylen = 0; yystr[yylen]; yylen++)
-    continue;
-  return yylen;
-}
-#  endif
-# endif
-
-# ifndef yystpcpy
-#  if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE
-#   define yystpcpy stpcpy
-#  else
-/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in
-   YYDEST.  */
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static char *
-yystpcpy (char *yydest, const char *yysrc)
-#else
-static char *
-yystpcpy (yydest, yysrc)
-    char *yydest;
-    const char *yysrc;
-#endif
-{
-  char *yyd = yydest;
-  const char *yys = yysrc;
-
-  while ((*yyd++ = *yys++) != '\0')
-    continue;
-
-  return yyd - 1;
-}
-#  endif
-# endif
-
-# ifndef yytnamerr
-/* Copy to YYRES the contents of YYSTR after stripping away unnecessary
-   quotes and backslashes, so that it's suitable for yyerror.  The
-   heuristic is that double-quoting is unnecessary unless the string
-   contains an apostrophe, a comma, or backslash (other than
-   backslash-backslash).  YYSTR is taken from yytname.  If YYRES is
-   null, do not copy; instead, return the length of what the result
-   would have been.  */
-static YYSIZE_T
-yytnamerr (char *yyres, const char *yystr)
-{
-  if (*yystr == '"')
-    {
-      YYSIZE_T yyn = 0;
-      char const *yyp = yystr;
-
-      for (;;)
-	switch (*++yyp)
-	  {
-	  case '\'':
-	  case ',':
-	    goto do_not_strip_quotes;
-
-	  case '\\':
-	    if (*++yyp != '\\')
-	      goto do_not_strip_quotes;
-	    /* Fall through.  */
-	  default:
-	    if (yyres)
-	      yyres[yyn] = *yyp;
-	    yyn++;
-	    break;
-
-	  case '"':
-	    if (yyres)
-	      yyres[yyn] = '\0';
-	    return yyn;
-	  }
-    do_not_strip_quotes: ;
-    }
-
-  if (! yyres)
-    return yystrlen (yystr);
-
-  return yystpcpy (yyres, yystr) - yyres;
-}
-# endif
-
-/* Copy into YYRESULT an error message about the unexpected token
-   YYCHAR while in state YYSTATE.  Return the number of bytes copied,
-   including the terminating null byte.  If YYRESULT is null, do not
-   copy anything; just return the number of bytes that would be
-   copied.  As a special case, return 0 if an ordinary "syntax error"
-   message will do.  Return YYSIZE_MAXIMUM if overflow occurs during
-   size calculation.  */
-static YYSIZE_T
-yysyntax_error (char *yyresult, int yystate, int yychar)
-{
-  int yyn = yypact[yystate];
-
-  if (! (YYPACT_NINF < yyn && yyn <= YYLAST))
-    return 0;
-  else
-    {
-      int yytype = YYTRANSLATE (yychar);
-      YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]);
-      YYSIZE_T yysize = yysize0;
-      YYSIZE_T yysize1;
-      int yysize_overflow = 0;
-      enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 };
-      char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
-      int yyx;
-
-# if 0
-      /* This is so xgettext sees the translatable formats that are
-	 constructed on the fly.  */
-      YY_("syntax error, unexpected %s");
-      YY_("syntax error, unexpected %s, expecting %s");
-      YY_("syntax error, unexpected %s, expecting %s or %s");
-      YY_("syntax error, unexpected %s, expecting %s or %s or %s");
-      YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s");
-# endif
-      char *yyfmt;
-      char const *yyf;
-      static char const yyunexpected[] = "syntax error, unexpected %s";
-      static char const yyexpecting[] = ", expecting %s";
-      static char const yyor[] = " or %s";
-      char yyformat[sizeof yyunexpected
-		    + sizeof yyexpecting - 1
-		    + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2)
-		       * (sizeof yyor - 1))];
-      char const *yyprefix = yyexpecting;
-
-      /* Start YYX at -YYN if negative to avoid negative indexes in
-	 YYCHECK.  */
-      int yyxbegin = yyn < 0 ? -yyn : 0;
-
-      /* Stay within bounds of both yycheck and yytname.  */
-      int yychecklim = YYLAST - yyn + 1;
-      int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS;
-      int yycount = 1;
-
-      yyarg[0] = yytname[yytype];
-      yyfmt = yystpcpy (yyformat, yyunexpected);
-
-      for (yyx = yyxbegin; yyx < yyxend; ++yyx)
-	if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR)
-	  {
-	    if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM)
-	      {
-		yycount = 1;
-		yysize = yysize0;
-		yyformat[sizeof yyunexpected - 1] = '\0';
-		break;
-	      }
-	    yyarg[yycount++] = yytname[yyx];
-	    yysize1 = yysize + yytnamerr (0, yytname[yyx]);
-	    yysize_overflow |= (yysize1 < yysize);
-	    yysize = yysize1;
-	    yyfmt = yystpcpy (yyfmt, yyprefix);
-	    yyprefix = yyor;
-	  }
-
-      yyf = YY_(yyformat);
-      yysize1 = yysize + yystrlen (yyf);
-      yysize_overflow |= (yysize1 < yysize);
-      yysize = yysize1;
-
-      if (yysize_overflow)
-	return YYSIZE_MAXIMUM;
-
-      if (yyresult)
-	{
-	  /* Avoid sprintf, as that infringes on the user's name space.
-	     Don't have undefined behavior even if the translation
-	     produced a string with the wrong number of "%s"s.  */
-	  char *yyp = yyresult;
-	  int yyi = 0;
-	  while ((*yyp = *yyf) != '\0')
-	    {
-	      if (*yyp == '%' && yyf[1] == 's' && yyi < yycount)
-		{
-		  yyp += yytnamerr (yyp, yyarg[yyi++]);
-		  yyf += 2;
-		}
-	      else
-		{
-		  yyp++;
-		  yyf++;
-		}
-	    }
-	}
-      return yysize;
-    }
-}
-#endif /* YYERROR_VERBOSE */
-
-
-/*-----------------------------------------------.
-| Release the memory associated to this symbol.  |
-`-----------------------------------------------*/
-
-/*ARGSUSED*/
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep)
-#else
-static void
-yydestruct (yymsg, yytype, yyvaluep)
-    const char *yymsg;
-    int yytype;
-    YYSTYPE *yyvaluep;
-#endif
-{
-  YYUSE (yyvaluep);
-
-  if (!yymsg)
-    yymsg = "Deleting";
-  YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp);
-
-  switch (yytype)
-    {
-
-      default:
-	break;
-    }
-}
-
-
-/* Prevent warnings from -Wmissing-prototypes.  */
-
-#ifdef YYPARSE_PARAM
-#if defined __STDC__ || defined __cplusplus
-int yyparse (void *YYPARSE_PARAM);
-#else
-int yyparse ();
-#endif
-#else /* ! YYPARSE_PARAM */
-#if defined __STDC__ || defined __cplusplus
-int yyparse (void);
-#else
-int yyparse ();
-#endif
-#endif /* ! YYPARSE_PARAM */
-
-
-
-/* The look-ahead symbol.  */
-int yychar;
-
-/* The semantic value of the look-ahead symbol.  */
-YYSTYPE yylval;
-
-/* Number of syntax errors so far.  */
-int yynerrs;
-
-
-
-/*----------.
-| yyparse.  |
-`----------*/
-
-#ifdef YYPARSE_PARAM
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-int
-yyparse (void *YYPARSE_PARAM)
-#else
-int
-yyparse (YYPARSE_PARAM)
-    void *YYPARSE_PARAM;
-#endif
-#else /* ! YYPARSE_PARAM */
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-int
-yyparse (void)
-#else
-int
-yyparse ()
-
-#endif
-#endif
-{
-  
-  int yystate;
-  int yyn;
-  int yyresult;
-  /* Number of tokens to shift before error messages enabled.  */
-  int yyerrstatus;
-  /* Look-ahead token as an internal (translated) token number.  */
-  int yytoken = 0;
-#if YYERROR_VERBOSE
-  /* Buffer for error messages, and its allocated size.  */
-  char yymsgbuf[128];
-  char *yymsg = yymsgbuf;
-  YYSIZE_T yymsg_alloc = sizeof yymsgbuf;
-#endif
-
-  /* Three stacks and their tools:
-     `yyss': related to states,
-     `yyvs': related to semantic values,
-     `yyls': related to locations.
-
-     Refer to the stacks thru separate pointers, to allow yyoverflow
-     to reallocate them elsewhere.  */
-
-  /* The state stack.  */
-  yytype_int16 yyssa[YYINITDEPTH];
-  yytype_int16 *yyss = yyssa;
-  yytype_int16 *yyssp;
-
-  /* The semantic value stack.  */
-  YYSTYPE yyvsa[YYINITDEPTH];
-  YYSTYPE *yyvs = yyvsa;
-  YYSTYPE *yyvsp;
-
-
-
-#define YYPOPSTACK(N)   (yyvsp -= (N), yyssp -= (N))
-
-  YYSIZE_T yystacksize = YYINITDEPTH;
-
-  /* The variables used to return semantic value and location from the
-     action routines.  */
-  YYSTYPE yyval;
-
-
-  /* The number of symbols on the RHS of the reduced rule.
-     Keep to zero when no symbol should be popped.  */
-  int yylen = 0;
-
-  YYDPRINTF ((stderr, "Starting parse\n"));
-
-  yystate = 0;
-  yyerrstatus = 0;
-  yynerrs = 0;
-  yychar = YYEMPTY;		/* Cause a token to be read.  */
-
-  /* Initialize stack pointers.
-     Waste one element of value and location stack
-     so that they stay on the same level as the state stack.
-     The wasted elements are never initialized.  */
-
-  yyssp = yyss;
-  yyvsp = yyvs;
-
-  goto yysetstate;
-
-/*------------------------------------------------------------.
-| yynewstate -- Push a new state, which is found in yystate.  |
-`------------------------------------------------------------*/
- yynewstate:
-  /* In all cases, when you get here, the value and location stacks
-     have just been pushed.  So pushing a state here evens the stacks.  */
-  yyssp++;
-
- yysetstate:
-  *yyssp = yystate;
-
-  if (yyss + yystacksize - 1 <= yyssp)
-    {
-      /* Get the current used size of the three stacks, in elements.  */
-      YYSIZE_T yysize = yyssp - yyss + 1;
-
-#ifdef yyoverflow
-      {
-	/* Give user a chance to reallocate the stack.  Use copies of
-	   these so that the &'s don't force the real ones into
-	   memory.  */
-	YYSTYPE *yyvs1 = yyvs;
-	yytype_int16 *yyss1 = yyss;
-
-
-	/* Each stack pointer address is followed by the size of the
-	   data in use in that stack, in bytes.  This used to be a
-	   conditional around just the two extra args, but that might
-	   be undefined if yyoverflow is a macro.  */
-	yyoverflow (YY_("memory exhausted"),
-		    &yyss1, yysize * sizeof (*yyssp),
-		    &yyvs1, yysize * sizeof (*yyvsp),
-
-		    &yystacksize);
-
-	yyss = yyss1;
-	yyvs = yyvs1;
-      }
-#else /* no yyoverflow */
-# ifndef YYSTACK_RELOCATE
-      goto yyexhaustedlab;
-# else
-      /* Extend the stack our own way.  */
-      if (YYMAXDEPTH <= yystacksize)
-	goto yyexhaustedlab;
-      yystacksize *= 2;
-      if (YYMAXDEPTH < yystacksize)
-	yystacksize = YYMAXDEPTH;
-
-      {
-	yytype_int16 *yyss1 = yyss;
-	union yyalloc *yyptr =
-	  (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize));
-	if (! yyptr)
-	  goto yyexhaustedlab;
-	YYSTACK_RELOCATE (yyss);
-	YYSTACK_RELOCATE (yyvs);
-
-#  undef YYSTACK_RELOCATE
-	if (yyss1 != yyssa)
-	  YYSTACK_FREE (yyss1);
-      }
-# endif
-#endif /* no yyoverflow */
-
-      yyssp = yyss + yysize - 1;
-      yyvsp = yyvs + yysize - 1;
-
-
-      YYDPRINTF ((stderr, "Stack size increased to %lu\n",
-		  (unsigned long int) yystacksize));
-
-      if (yyss + yystacksize - 1 <= yyssp)
-	YYABORT;
-    }
-
-  YYDPRINTF ((stderr, "Entering state %d\n", yystate));
-
-  goto yybackup;
-
-/*-----------.
-| yybackup.  |
-`-----------*/
-yybackup:
-
-  /* Do appropriate processing given the current state.  Read a
-     look-ahead token if we need one and don't already have one.  */
-
-  /* First try to decide what to do without reference to look-ahead token.  */
-  yyn = yypact[yystate];
-  if (yyn == YYPACT_NINF)
-    goto yydefault;
-
-  /* Not known => get a look-ahead token if don't already have one.  */
-
-  /* YYCHAR is either YYEMPTY or YYEOF or a valid look-ahead symbol.  */
-  if (yychar == YYEMPTY)
-    {
-      YYDPRINTF ((stderr, "Reading a token: "));
-      yychar = YYLEX;
-    }
-
-  if (yychar <= YYEOF)
-    {
-      yychar = yytoken = YYEOF;
-      YYDPRINTF ((stderr, "Now at end of input.\n"));
-    }
-  else
-    {
-      yytoken = YYTRANSLATE (yychar);
-      YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc);
-    }
-
-  /* If the proper action on seeing token YYTOKEN is to reduce or to
-     detect an error, take that action.  */
-  yyn += yytoken;
-  if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken)
-    goto yydefault;
-  yyn = yytable[yyn];
-  if (yyn <= 0)
-    {
-      if (yyn == 0 || yyn == YYTABLE_NINF)
-	goto yyerrlab;
-      yyn = -yyn;
-      goto yyreduce;
-    }
-
-  if (yyn == YYFINAL)
-    YYACCEPT;
-
-  /* Count tokens shifted since error; after three, turn off error
-     status.  */
-  if (yyerrstatus)
-    yyerrstatus--;
-
-  /* Shift the look-ahead token.  */
-  YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc);
-
-  /* Discard the shifted token unless it is eof.  */
-  if (yychar != YYEOF)
-    yychar = YYEMPTY;
-
-  yystate = yyn;
-  *++yyvsp = yylval;
-
-  goto yynewstate;
-
-
-/*-----------------------------------------------------------.
-| yydefault -- do the default action for the current state.  |
-`-----------------------------------------------------------*/
-yydefault:
-  yyn = yydefact[yystate];
-  if (yyn == 0)
-    goto yyerrlab;
-  goto yyreduce;
-
-
-/*-----------------------------.
-| yyreduce -- Do a reduction.  |
-`-----------------------------*/
-yyreduce:
-  /* yyn is the number of a rule to reduce with.  */
-  yylen = yyr2[yyn];
-
-  /* If YYLEN is nonzero, implement the default value of the action:
-     `$$ = $1'.
-
-     Otherwise, the following line sets YYVAL to garbage.
-     This behavior is undocumented and Bison
-     users should not rely upon it.  Assigning to YYVAL
-     unconditionally makes the parser a bit smaller, and it avoids a
-     GCC warning that YYVAL may be used uninitialized.  */
-  yyval = yyvsp[1-yylen];
-
-
-  YY_REDUCE_PRINT (yyn);
-  switch (yyn)
-    {
-        case 6:
-#line 74 "parse.y"
-    {
-		    table_name = (yyvsp[(2) - (3)].string);
-		}
-    break;
-
-  case 7:
-#line 78 "parse.y"
-    {
-		    add_command((yyvsp[(2) - (11)].string), (yyvsp[(4) - (11)].string), (yyvsp[(6) - (11)].list), (yyvsp[(9) - (11)].number));
-		}
-    break;
-
-  case 8:
-#line 82 "parse.y"
-    {
-		    add_command((yyvsp[(2) - (7)].string), (yyvsp[(4) - (7)].string), (yyvsp[(6) - (7)].list), 0);
-		}
-    break;
-
-  case 9:
-#line 86 "parse.y"
-    {
-		    free((yyvsp[(2) - (7)].string));
-		    free((yyvsp[(4) - (7)].string));
-		    free_string_list((yyvsp[(6) - (7)].list));
-		}
-    break;
-
-  case 10:
-#line 92 "parse.y"
-    {
-		    free_string_list((yyvsp[(2) - (3)].list));
-		}
-    break;
-
-  case 11:
-#line 96 "parse.y"
-    {
-		    YYACCEPT;
-		}
-    break;
-
-  case 12:
-#line 102 "parse.y"
-    {
-		    (yyval.list) = append_string(NULL, (yyvsp[(1) - (1)].string));
-		}
-    break;
-
-  case 13:
-#line 106 "parse.y"
-    {
-		    (yyval.list) = append_string((yyvsp[(1) - (3)].list), (yyvsp[(3) - (3)].string));
-		}
-    break;
-
-  case 14:
-#line 112 "parse.y"
-    {
-		    (yyval.number) = (yyvsp[(1) - (1)].number);
-		}
-    break;
-
-  case 15:
-#line 116 "parse.y"
-    {
-		    (yyval.number) = (yyvsp[(1) - (3)].number) | (yyvsp[(3) - (3)].number);
-		}
-    break;
-
-  case 16:
-#line 121 "parse.y"
-    {
-		    (yyval.number) = string_to_flag((yyvsp[(1) - (1)].string));
-		    free((yyvsp[(1) - (1)].string));
-		}
-    break;
-
-
-/* Line 1267 of yacc.c.  */
-#line 1469 "parse.c"
-      default: break;
-    }
-  YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc);
-
-  YYPOPSTACK (yylen);
-  yylen = 0;
-  YY_STACK_PRINT (yyss, yyssp);
-
-  *++yyvsp = yyval;
-
-
-  /* Now `shift' the result of the reduction.  Determine what state
-     that goes to, based on the state we popped back to and the rule
-     number reduced by.  */
-
-  yyn = yyr1[yyn];
-
-  yystate = yypgoto[yyn - YYNTOKENS] + *yyssp;
-  if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp)
-    yystate = yytable[yystate];
-  else
-    yystate = yydefgoto[yyn - YYNTOKENS];
-
-  goto yynewstate;
-
-
-/*------------------------------------.
-| yyerrlab -- here on detecting error |
-`------------------------------------*/
-yyerrlab:
-  /* If not already recovering from an error, report this error.  */
-  if (!yyerrstatus)
-    {
-      ++yynerrs;
-#if ! YYERROR_VERBOSE
-      yyerror (YY_("syntax error"));
-#else
-      {
-	YYSIZE_T yysize = yysyntax_error (0, yystate, yychar);
-	if (yymsg_alloc < yysize && yymsg_alloc < YYSTACK_ALLOC_MAXIMUM)
-	  {
-	    YYSIZE_T yyalloc = 2 * yysize;
-	    if (! (yysize <= yyalloc && yyalloc <= YYSTACK_ALLOC_MAXIMUM))
-	      yyalloc = YYSTACK_ALLOC_MAXIMUM;
-	    if (yymsg != yymsgbuf)
-	      YYSTACK_FREE (yymsg);
-	    yymsg = (char *) YYSTACK_ALLOC (yyalloc);
-	    if (yymsg)
-	      yymsg_alloc = yyalloc;
-	    else
-	      {
-		yymsg = yymsgbuf;
-		yymsg_alloc = sizeof yymsgbuf;
-	      }
-	  }
-
-	if (0 < yysize && yysize <= yymsg_alloc)
-	  {
-	    (void) yysyntax_error (yymsg, yystate, yychar);
-	    yyerror (yymsg);
-	  }
-	else
-	  {
-	    yyerror (YY_("syntax error"));
-	    if (yysize != 0)
-	      goto yyexhaustedlab;
-	  }
-      }
-#endif
-    }
-
-
-
-  if (yyerrstatus == 3)
-    {
-      /* If just tried and failed to reuse look-ahead token after an
-	 error, discard it.  */
-
-      if (yychar <= YYEOF)
-	{
-	  /* Return failure if at end of input.  */
-	  if (yychar == YYEOF)
-	    YYABORT;
-	}
-      else
-	{
-	  yydestruct ("Error: discarding",
-		      yytoken, &yylval);
-	  yychar = YYEMPTY;
-	}
-    }
-
-  /* Else will try to reuse look-ahead token after shifting the error
-     token.  */
-  goto yyerrlab1;
-
-
-/*---------------------------------------------------.
-| yyerrorlab -- error raised explicitly by YYERROR.  |
-`---------------------------------------------------*/
-yyerrorlab:
-
-  /* Pacify compilers like GCC when the user code never invokes
-     YYERROR and the label yyerrorlab therefore never appears in user
-     code.  */
-  if (/*CONSTCOND*/ 0)
-     goto yyerrorlab;
-
-  /* Do not reclaim the symbols of the rule which action triggered
-     this YYERROR.  */
-  YYPOPSTACK (yylen);
-  yylen = 0;
-  YY_STACK_PRINT (yyss, yyssp);
-  yystate = *yyssp;
-  goto yyerrlab1;
-
-
-/*-------------------------------------------------------------.
-| yyerrlab1 -- common code for both syntax error and YYERROR.  |
-`-------------------------------------------------------------*/
-yyerrlab1:
-  yyerrstatus = 3;	/* Each real token shifted decrements this.  */
-
-  for (;;)
-    {
-      yyn = yypact[yystate];
-      if (yyn != YYPACT_NINF)
-	{
-	  yyn += YYTERROR;
-	  if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR)
-	    {
-	      yyn = yytable[yyn];
-	      if (0 < yyn)
-		break;
-	    }
-	}
-
-      /* Pop the current state because it cannot handle the error token.  */
-      if (yyssp == yyss)
-	YYABORT;
-
-
-      yydestruct ("Error: popping",
-		  yystos[yystate], yyvsp);
-      YYPOPSTACK (1);
-      yystate = *yyssp;
-      YY_STACK_PRINT (yyss, yyssp);
-    }
-
-  if (yyn == YYFINAL)
-    YYACCEPT;
-
-  *++yyvsp = yylval;
-
-
-  /* Shift the error token.  */
-  YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp);
-
-  yystate = yyn;
-  goto yynewstate;
-
-
-/*-------------------------------------.
-| yyacceptlab -- YYACCEPT comes here.  |
-`-------------------------------------*/
-yyacceptlab:
-  yyresult = 0;
-  goto yyreturn;
-
-/*-----------------------------------.
-| yyabortlab -- YYABORT comes here.  |
-`-----------------------------------*/
-yyabortlab:
-  yyresult = 1;
-  goto yyreturn;
-
-#ifndef yyoverflow
-/*-------------------------------------------------.
-| yyexhaustedlab -- memory exhaustion comes here.  |
-`-------------------------------------------------*/
-yyexhaustedlab:
-  yyerror (YY_("memory exhausted"));
-  yyresult = 2;
-  /* Fall through.  */
-#endif
-
-yyreturn:
-  if (yychar != YYEOF && yychar != YYEMPTY)
-     yydestruct ("Cleanup: discarding lookahead",
-		 yytoken, &yylval);
-  /* Do not reclaim the symbols of the rule which action triggered
-     this YYABORT or YYACCEPT.  */
-  YYPOPSTACK (yylen);
-  YY_STACK_PRINT (yyss, yyssp);
-  while (yyssp != yyss)
-    {
-      yydestruct ("Cleanup: popping",
-		  yystos[*yyssp], yyvsp);
-      YYPOPSTACK (1);
-    }
-#ifndef yyoverflow
-  if (yyss != yyssa)
-    YYSTACK_FREE (yyss);
-#endif
-#if YYERROR_VERBOSE
-  if (yymsg != yymsgbuf)
-    YYSTACK_FREE (yymsg);
-#endif
-  /* Make sure YYID is used.  */
-  return YYID (yyresult);
-}
-
-
-#line 129 "parse.y"
-
-
-static void
-yyerror (char *s)
-{
-    error_message ("%s\n", s);
-}
-
-struct string_list*
-append_string(struct string_list *list, char *str)
-{
-    struct string_list *sl = malloc(sizeof(*sl));
-    if (sl == NULL)
-	return sl;
-    sl->string = str;
-    sl->next = NULL;
-    if(list) {
-	*list->tail = sl;
-	list->tail = &sl->next;
-	return list;
-    }
-    sl->tail = &sl->next;
-    return sl;
-}
-
-void
-free_string_list(struct string_list *list)
-{
-    while(list) {
-	struct string_list *sl = list->next;
-	free(list->string);
-	free(list);
-	list = sl;
-    }
-}
-
-unsigned
-string_to_flag(const char *string)
-{
-    return 0;
-}
-
diff --git a/crypto/heimdal/lib/sl/parse.h b/crypto/heimdal/lib/sl/parse.h
deleted file mode 100644
index f7fef6dbefd2..000000000000
--- a/crypto/heimdal/lib/sl/parse.h
+++ /dev/null
@@ -1,78 +0,0 @@
-/* A Bison parser, made by GNU Bison 2.3.  */
-
-/* Skeleton interface for Bison's Yacc-like parsers in C
-
-   Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
-   Free Software Foundation, Inc.
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2, or (at your option)
-   any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 51 Franklin Street, Fifth Floor,
-   Boston, MA 02110-1301, USA.  */
-
-/* As a special exception, you may create a larger work that contains
-   part or all of the Bison parser skeleton and distribute that work
-   under terms of your choice, so long as that work isn't itself a
-   parser generator using the skeleton or a modified version thereof
-   as a parser skeleton.  Alternatively, if you modify or redistribute
-   the parser skeleton itself, you may (at your option) remove this
-   special exception, which will cause the skeleton and the resulting
-   Bison output files to be licensed under the GNU General Public
-   License without this special exception.
-
-   This special exception was added by the Free Software Foundation in
-   version 2.2 of Bison.  */
-
-/* Tokens.  */
-#ifndef YYTOKENTYPE
-# define YYTOKENTYPE
-   /* Put the tokens into the symbol table, so that GDB and other debuggers
-      know about them.  */
-   enum yytokentype {
-     TABLE = 258,
-     REQUEST = 259,
-     UNKNOWN = 260,
-     UNIMPLEMENTED = 261,
-     END = 262,
-     STRING = 263
-   };
-#endif
-/* Tokens.  */
-#define TABLE 258
-#define REQUEST 259
-#define UNKNOWN 260
-#define UNIMPLEMENTED 261
-#define END 262
-#define STRING 263
-
-
-
-
-#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
-typedef union YYSTYPE
-#line 52 "parse.y"
-{
-  char *string;
-  unsigned number;
-  struct string_list *list;
-}
-/* Line 1529 of yacc.c.  */
-#line 71 "parse.h"
-	YYSTYPE;
-# define yystype YYSTYPE /* obsolescent; will be withdrawn */
-# define YYSTYPE_IS_DECLARED 1
-# define YYSTYPE_IS_TRIVIAL 1
-#endif
-
-extern YYSTYPE yylval;
-
diff --git a/crypto/heimdal/lib/sl/parse.y b/crypto/heimdal/lib/sl/parse.y
deleted file mode 100644
index b08c19306db1..000000000000
--- a/crypto/heimdal/lib/sl/parse.y
+++ /dev/null
@@ -1,169 +0,0 @@
-%{
-/*
- * Copyright (c) 1998 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "make_cmds.h"
-RCSID("$Id: parse.y 21745 2007-07-31 16:11:25Z lha $");
-
-static void yyerror (char *s);
-
-struct string_list* append_string(struct string_list*, char*);
-void free_string_list(struct string_list *list);
-unsigned string_to_flag(const char *);
-
-/* This is for bison */
-
-#if !defined(alloca) && !defined(HAVE_ALLOCA)
-#define alloca(x) malloc(x)
-#endif
-
-%}
-
-%union {
-  char *string;
-  unsigned number;
-  struct string_list *list;
-}
-
-%token TABLE REQUEST UNKNOWN UNIMPLEMENTED END
-%token <string> STRING
-%type <number> flag flags
-%type <list> aliases
-
-%%
-
-file		: /* */ 
-		| statements
-		;
-
-statements	: statement
-		| statements statement
-		;
-
-statement	: TABLE STRING ';'
-		{
-		    table_name = $2;
-		}
-		| REQUEST STRING ',' STRING ',' aliases ',' '(' flags ')' ';'
-		{
-		    add_command($2, $4, $6, $9);
-		}
-		| REQUEST STRING ',' STRING ',' aliases ';'
-		{
-		    add_command($2, $4, $6, 0);
-		}
-		| UNIMPLEMENTED STRING ',' STRING ',' aliases ';'
-		{
-		    free($2);
-		    free($4);
-		    free_string_list($6);
-		}
-		| UNKNOWN aliases ';'
-		{
-		    free_string_list($2);
-		}
-		| END ';'
-		{
-		    YYACCEPT;
-		}
-		;
-
-aliases		: STRING
-		{
-		    $$ = append_string(NULL, $1);
-		}
-		| aliases ',' STRING
-		{
-		    $$ = append_string($1, $3);
-		}
-		;
-
-flags		: flag
-		{
-		    $$ = $1;
-		}
-		| flags ',' flag
-		{
-		    $$ = $1 | $3;
-		}
-		;
-flag		: STRING
-		{
-		    $$ = string_to_flag($1);
-		    free($1);
-		}
-		;
-
-
-
-%%
-
-static void
-yyerror (char *s)
-{
-    error_message ("%s\n", s);
-}
-
-struct string_list*
-append_string(struct string_list *list, char *str)
-{
-    struct string_list *sl = malloc(sizeof(*sl));
-    if (sl == NULL)
-	return sl;
-    sl->string = str;
-    sl->next = NULL;
-    if(list) {
-	*list->tail = sl;
-	list->tail = &sl->next;
-	return list;
-    }
-    sl->tail = &sl->next;
-    return sl;
-}
-
-void
-free_string_list(struct string_list *list)
-{
-    while(list) {
-	struct string_list *sl = list->next;
-	free(list->string);
-	free(list);
-	list = sl;
-    }
-}
-
-unsigned
-string_to_flag(const char *string)
-{
-    return 0;
-}
diff --git a/crypto/heimdal/lib/sl/roken_rename.h b/crypto/heimdal/lib/sl/roken_rename.h
deleted file mode 100644
index 88ec0f82f0e0..000000000000
--- a/crypto/heimdal/lib/sl/roken_rename.h
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * Copyright (c) 1998 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: roken_rename.h 9842 2001-05-06 21:47:54Z assar $ */
-
-#ifndef __roken_rename_h__
-#define __roken_rename_h__
-
-#ifndef HAVE_STRTOK_R
-#define strtok_r _sl_strtok_r
-#endif
-#ifndef HAVE_SNPRINTF
-#define snprintf _sl_snprintf
-#endif
-#ifndef HAVE_ASPRINTF
-#define asprintf _sl_asprintf
-#endif
-#ifndef HAVE_ASNPRINTF
-#define asnprintf _sl_asnprintf
-#endif
-#ifndef HAVE_VASPRINTF
-#define vasprintf _sl_vasprintf
-#endif
-#ifndef HAVE_VASNPRINTF
-#define vasnprintf _sl_vasnprintf
-#endif
-#ifndef HAVE_VSNPRINTF
-#define vsnprintf _sl_vsnprintf
-#endif
-#ifndef HAVE_STRUPR
-#define strupr _sl_strupr
-#endif
-#ifndef HAVE_STRDUP
-#define strdup _sl_strdup
-#endif
-
-#endif /* __roken_rename_h__ */
diff --git a/crypto/heimdal/lib/sl/sl.c b/crypto/heimdal/lib/sl/sl.c
deleted file mode 100644
index 8f604e89b84b..000000000000
--- a/crypto/heimdal/lib/sl/sl.c
+++ /dev/null
@@ -1,396 +0,0 @@
-/*
- * Copyright (c) 1995 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: sl.c 21160 2007-06-18 22:58:21Z lha $");
-#endif
-
-#include "sl_locl.h"
-#include <setjmp.h>
-
-static void
-mandoc_template(SL_cmd *cmds,
-		const char *extra_string)
-{
-    SL_cmd *c, *prev;
-    char timestr[64], cmd[64];
-    const char *p;
-    time_t t;
-
-    printf(".\\\" Things to fix:\n");
-    printf(".\\\"   * correct section, and operating system\n");
-    printf(".\\\"   * remove Op from mandatory flags\n");
-    printf(".\\\"   * use better macros for arguments (like .Pa for files)\n");
-    printf(".\\\"\n");
-    t = time(NULL);
-    strftime(timestr, sizeof(timestr), "%b %d, %Y", localtime(&t));
-    printf(".Dd %s\n", timestr);
-    p = strrchr(getprogname(), '/');
-    if(p) p++; else p = getprogname();
-    strncpy(cmd, p, sizeof(cmd));
-    cmd[sizeof(cmd)-1] = '\0';
-    strupr(cmd);
-       
-    printf(".Dt %s SECTION\n", cmd);
-    printf(".Os OPERATING_SYSTEM\n");
-    printf(".Sh NAME\n");
-    printf(".Nm %s\n", p);
-    printf(".Nd\n");
-    printf("in search of a description\n");
-    printf(".Sh SYNOPSIS\n");
-    printf(".Nm\n");
-    for(c = cmds; c->name; ++c) {
-/*	if (c->func == NULL)
-	    continue; */
-	printf(".Op Fl %s", c->name);
-	printf("\n");
-	
-    }
-    if (extra_string && *extra_string)
-	printf (".Ar %s\n", extra_string);
-    printf(".Sh DESCRIPTION\n");
-    printf("Supported options:\n");
-    printf(".Bl -tag -width Ds\n");
-    prev = NULL;
-    for(c = cmds; c->name; ++c) {
-	if (c->func) {
-	    if (prev)
-		printf ("\n%s\n", prev->usage);
-
-	    printf (".It Fl %s", c->name);
-	    prev = c;
-	} else
-	    printf (", %s\n", c->name);
-    }
-    if (prev)
-	printf ("\n%s\n", prev->usage);
-
-    printf(".El\n");
-    printf(".\\\".Sh ENVIRONMENT\n");
-    printf(".\\\".Sh FILES\n");
-    printf(".\\\".Sh EXAMPLES\n");
-    printf(".\\\".Sh DIAGNOSTICS\n");
-    printf(".\\\".Sh SEE ALSO\n");
-    printf(".\\\".Sh STANDARDS\n");
-    printf(".\\\".Sh HISTORY\n");
-    printf(".\\\".Sh AUTHORS\n");
-    printf(".\\\".Sh BUGS\n");
-}
-
-SL_cmd *
-sl_match (SL_cmd *cmds, char *cmd, int exactp)
-{
-    SL_cmd *c, *current = NULL, *partial_cmd = NULL;
-    int partial_match = 0;
-
-    for (c = cmds; c->name; ++c) {
-	if (c->func)
-	    current = c;
-	if (strcmp (cmd, c->name) == 0)
-	    return current;
-	else if (strncmp (cmd, c->name, strlen(cmd)) == 0 &&
-		 partial_cmd != current) {
-	    ++partial_match;
-	    partial_cmd = current;
-	}
-    }
-    if (partial_match == 1 && !exactp)
-	return partial_cmd;
-    else
-	return NULL;
-}
-
-void
-sl_help (SL_cmd *cmds, int argc, char **argv)
-{
-    SL_cmd *c, *prev_c;
-
-    if (getenv("SLMANDOC")) {
-	mandoc_template(cmds, NULL);
-	return;
-    }
-
-    if (argc == 1) {
-	prev_c = NULL;
-	for (c = cmds; c->name; ++c) {
-	    if (c->func) {
-		if(prev_c)
-		    printf ("\n\t%s%s", prev_c->usage ? prev_c->usage : "",
-			    prev_c->usage ? "\n" : "");
-		prev_c = c;
-		printf ("%s", c->name);
-	    } else
-		printf (", %s", c->name);
-	}
-	if(prev_c)
-	    printf ("\n\t%s%s", prev_c->usage ? prev_c->usage : "",
-		    prev_c->usage ? "\n" : "");
-    } else { 
-	c = sl_match (cmds, argv[1], 0);
-	if (c == NULL)
-	    printf ("No such command: %s. "
-		    "Try \"help\" for a list of all commands\n",
-		    argv[1]);
-	else {
-	    printf ("%s\t%s\n", c->name, c->usage);
-	    if(c->help && *c->help)
-		printf ("%s\n", c->help);
-	    if((++c)->name && c->func == NULL) {
-		printf ("Synonyms:");
-		while (c->name && c->func == NULL)
-		    printf ("\t%s", (c++)->name);
-		printf ("\n");
-	    }
-	}
-    }
-}
-
-#ifdef HAVE_READLINE
-
-char *readline(char *prompt);
-void add_history(char *p);
-
-#else
-
-static char *
-readline(char *prompt)
-{
-    char buf[BUFSIZ];
-    printf ("%s", prompt);
-    fflush (stdout);
-    if(fgets(buf, sizeof(buf), stdin) == NULL)
-	return NULL;
-    buf[strcspn(buf, "\r\n")] = '\0';
-    return strdup(buf);
-}
-
-static void
-add_history(char *p)
-{
-}
-
-#endif
-
-int
-sl_command(SL_cmd *cmds, int argc, char **argv)
-{
-    SL_cmd *c;
-    c = sl_match (cmds, argv[0], 0);
-    if (c == NULL)
-	return -1;
-    return (*c->func)(argc, argv);
-}
-
-struct sl_data {
-    int max_count;
-    char **ptr;
-};
-
-int
-sl_make_argv(char *line, int *ret_argc, char ***ret_argv)
-{
-    char *p, *begining;
-    int argc, nargv;
-    char **argv;
-    int quote = 0;
-    
-    nargv = 10;
-    argv = malloc(nargv * sizeof(*argv));
-    if(argv == NULL)
-	return ENOMEM;
-    argc = 0;
-
-    p = line;
-
-    while(isspace((unsigned char)*p))
-	p++;
-    begining = p;
-
-    while (1) {
-	if (*p == '\0') {
-	    ;
-	} else if (*p == '"') {
-	    quote = !quote;
-	    memmove(&p[0], &p[1], strlen(&p[1]) + 1);
-	    continue;
-	} else if (*p == '\\') {
-	    if (p[1] == '\0')
-		goto failed;
-	    memmove(&p[0], &p[1], strlen(&p[1]) + 1);
-	    p += 2;
-	    continue;
-	} else if (quote || !isspace((unsigned char)*p)) {
-	    p++;
-	    continue;
-	} else
-	    *p++ = '\0';
-	if (quote)
-	    goto failed;
-	if(argc == nargv - 1) {
-	    char **tmp;
-	    nargv *= 2;
-	    tmp = realloc (argv, nargv * sizeof(*argv));
-	    if (tmp == NULL) {
-		free(argv);
-		return ENOMEM;
-	    }
-	    argv = tmp;
-	}
-	argv[argc++] = begining;
-	while(isspace((unsigned char)*p))
-	    p++;
-	if (*p == '\0')
-	    break;
-	begining = p;
-    }
-    argv[argc] = NULL;
-    *ret_argc = argc;
-    *ret_argv = argv;
-    return 0;
-failed:
-    free(argv);
-    return ERANGE;
-}
-
-static jmp_buf sl_jmp;
-
-static void sl_sigint(int sig)
-{
-    longjmp(sl_jmp, 1);
-}
-
-static char *sl_readline(const char *prompt)
-{
-    char *s;
-    void (*old)(int);
-    old = signal(SIGINT, sl_sigint);
-    if(setjmp(sl_jmp))
-	printf("\n");
-    s = readline(rk_UNCONST(prompt));
-    signal(SIGINT, old);
-    return s;
-}
-
-/* return values: 
- * 0 on success,
- * -1 on fatal error,
- * -2 if EOF, or
- * return value of command */
-int
-sl_command_loop(SL_cmd *cmds, const char *prompt, void **data)
-{
-    int ret = 0;
-    char *buf;
-    int argc;
-    char **argv;
-	
-    ret = 0;
-    buf = sl_readline(prompt);
-    if(buf == NULL)
-	return -2;
-
-    if(*buf)
-	add_history(buf);
-    ret = sl_make_argv(buf, &argc, &argv);
-    if(ret) {
-	fprintf(stderr, "sl_loop: out of memory\n");
-	free(buf);
-	return -1;
-    }
-    if (argc >= 1) {
-	ret = sl_command(cmds, argc, argv);
-	if(ret == -1) {
-	    printf ("Unrecognized command: %s\n", argv[0]);
-	    ret = 0;
-	}
-    }
-    free(buf);
-    free(argv);
-    return ret;
-}
-
-int 
-sl_loop(SL_cmd *cmds, const char *prompt)
-{
-    void *data = NULL;
-    int ret;
-    while((ret = sl_command_loop(cmds, prompt, &data)) >= 0)
-	;
-    return ret;
-}
-
-void
-sl_apropos (SL_cmd *cmd, const char *topic)
-{
-    for (; cmd->name != NULL; ++cmd)
-        if (cmd->usage != NULL && strstr(cmd->usage, topic) != NULL)
-	    printf ("%-20s%s\n", cmd->name, cmd->usage);
-}
-
-/*
- * Help to be used with slc.
- */
-
-void
-sl_slc_help (SL_cmd *cmds, int argc, char **argv)
-{
-    if(argc == 0) {
-	sl_help(cmds, 1, argv - 1 /* XXX */);
-    } else {
-	SL_cmd *c = sl_match (cmds, argv[0], 0);
- 	if(c == NULL) {
-	    fprintf (stderr, "No such command: %s. "
-		     "Try \"help\" for a list of commands\n",
-		     argv[0]);
-	} else {
-	    if(c->func) {
-		char *fake[] = { NULL, "--help", NULL };
-		fake[0] = argv[0];
-		(*c->func)(2, fake);
-		fprintf(stderr, "\n");
-	    }
-	    if(c->help && *c->help)
-		fprintf (stderr, "%s\n", c->help);
-	    if((++c)->name && c->func == NULL) {
-		int f = 0;
-		fprintf (stderr, "Synonyms:");
-		while (c->name && c->func == NULL) {
-		    fprintf (stderr, "%s%s", f ? ", " : " ", (c++)->name);
-		    f = 1;
-		}
-		fprintf (stderr, "\n");
-	    }
-	}
-    }
-}
diff --git a/crypto/heimdal/lib/sl/sl.h b/crypto/heimdal/lib/sl/sl.h
deleted file mode 100644
index 8798ee8628e4..000000000000
--- a/crypto/heimdal/lib/sl/sl.h
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright (c) 1995 - 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: sl.h 17948 2006-08-28 14:16:43Z lha $ */
-
-#ifndef _SL_H
-#define _SL_H
-
-#define SL_BADCOMMAND -1
-
-typedef int (*cmd_func)(int, char **);
-
-struct sl_cmd {
-  char *name;
-  cmd_func func;
-  char *usage;
-  char *help;
-};
-
-typedef struct sl_cmd SL_cmd;
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-void sl_help (SL_cmd *, int argc, char **argv);
-int  sl_loop (SL_cmd *, const char *prompt);
-int  sl_command_loop (SL_cmd *cmds, const char *prompt, void **data);
-int  sl_command (SL_cmd *cmds, int argc, char **argv);
-int sl_make_argv(char*, int*, char***);
-void sl_apropos (SL_cmd *cmd, const char *topic);
-SL_cmd *sl_match (SL_cmd *cmds, char *cmd, int exactp);
-void sl_slc_help (SL_cmd *cmds, int argc, char **argv);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _SL_H */
diff --git a/crypto/heimdal/lib/sl/sl_locl.h b/crypto/heimdal/lib/sl/sl_locl.h
deleted file mode 100644
index a7bc843dc966..000000000000
--- a/crypto/heimdal/lib/sl/sl_locl.h
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: sl_locl.h 19517 2006-12-27 20:27:00Z lha $ */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <stdarg.h>
-#include <ctype.h>
-
-#include <roken.h>
-
-#include <sl.h>
diff --git a/crypto/heimdal/lib/sl/slc-gram.c b/crypto/heimdal/lib/sl/slc-gram.c
deleted file mode 100644
index 1ab243bd2795..000000000000
--- a/crypto/heimdal/lib/sl/slc-gram.c
+++ /dev/null
@@ -1,2275 +0,0 @@
-/* A Bison parser, made by GNU Bison 2.3.  */
-
-/* Skeleton implementation for Bison's Yacc-like parsers in C
-
-   Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
-   Free Software Foundation, Inc.
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2, or (at your option)
-   any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 51 Franklin Street, Fifth Floor,
-   Boston, MA 02110-1301, USA.  */
-
-/* As a special exception, you may create a larger work that contains
-   part or all of the Bison parser skeleton and distribute that work
-   under terms of your choice, so long as that work isn't itself a
-   parser generator using the skeleton or a modified version thereof
-   as a parser skeleton.  Alternatively, if you modify or redistribute
-   the parser skeleton itself, you may (at your option) remove this
-   special exception, which will cause the skeleton and the resulting
-   Bison output files to be licensed under the GNU General Public
-   License without this special exception.
-
-   This special exception was added by the Free Software Foundation in
-   version 2.2 of Bison.  */
-
-/* C LALR(1) parser skeleton written by Richard Stallman, by
-   simplifying the original so-called "semantic" parser.  */
-
-/* All symbols defined below should begin with yy or YY, to avoid
-   infringing on user name space.  This should be done even for local
-   variables, as they might otherwise be expanded by user macros.
-   There are some unavoidable exceptions within include files to
-   define necessary library symbols; they are noted "INFRINGES ON
-   USER NAME SPACE" below.  */
-
-/* Identify Bison output.  */
-#define YYBISON 1
-
-/* Bison version.  */
-#define YYBISON_VERSION "2.3"
-
-/* Skeleton name.  */
-#define YYSKELETON_NAME "yacc.c"
-
-/* Pure parsers.  */
-#define YYPURE 0
-
-/* Using locations.  */
-#define YYLSP_NEEDED 0
-
-
-
-/* Tokens.  */
-#ifndef YYTOKENTYPE
-# define YYTOKENTYPE
-   /* Put the tokens into the symbol table, so that GDB and other debuggers
-      know about them.  */
-   enum yytokentype {
-     LITERAL = 258,
-     STRING = 259
-   };
-#endif
-/* Tokens.  */
-#define LITERAL 258
-#define STRING 259
-
-
-
-
-/* Copy the first part of user declarations.  */
-#line 1 "slc-gram.y"
-
-/*
- * Copyright (c) 2004-2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: slc-gram.y 20767 2007-06-01 11:24:52Z lha $");
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <err.h>
-#include <ctype.h>
-#include <limits.h>
-#include <getarg.h>
-#include <vers.h>
-#include <roken.h>
-
-#include "slc.h"
-extern FILE *yyin;
-extern struct assignment *assignment;
-
-
-/* Enabling traces.  */
-#ifndef YYDEBUG
-# define YYDEBUG 0
-#endif
-
-/* Enabling verbose error messages.  */
-#ifdef YYERROR_VERBOSE
-# undef YYERROR_VERBOSE
-# define YYERROR_VERBOSE 1
-#else
-# define YYERROR_VERBOSE 0
-#endif
-
-/* Enabling the token table.  */
-#ifndef YYTOKEN_TABLE
-# define YYTOKEN_TABLE 0
-#endif
-
-#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
-typedef union YYSTYPE
-#line 54 "slc-gram.y"
-{
-	char *string;
-	struct assignment *assignment;
-}
-/* Line 193 of yacc.c.  */
-#line 162 "slc-gram.c"
-	YYSTYPE;
-# define yystype YYSTYPE /* obsolescent; will be withdrawn */
-# define YYSTYPE_IS_DECLARED 1
-# define YYSTYPE_IS_TRIVIAL 1
-#endif
-
-
-
-/* Copy the second part of user declarations.  */
-
-
-/* Line 216 of yacc.c.  */
-#line 175 "slc-gram.c"
-
-#ifdef short
-# undef short
-#endif
-
-#ifdef YYTYPE_UINT8
-typedef YYTYPE_UINT8 yytype_uint8;
-#else
-typedef unsigned char yytype_uint8;
-#endif
-
-#ifdef YYTYPE_INT8
-typedef YYTYPE_INT8 yytype_int8;
-#elif (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-typedef signed char yytype_int8;
-#else
-typedef short int yytype_int8;
-#endif
-
-#ifdef YYTYPE_UINT16
-typedef YYTYPE_UINT16 yytype_uint16;
-#else
-typedef unsigned short int yytype_uint16;
-#endif
-
-#ifdef YYTYPE_INT16
-typedef YYTYPE_INT16 yytype_int16;
-#else
-typedef short int yytype_int16;
-#endif
-
-#ifndef YYSIZE_T
-# ifdef __SIZE_TYPE__
-#  define YYSIZE_T __SIZE_TYPE__
-# elif defined size_t
-#  define YYSIZE_T size_t
-# elif ! defined YYSIZE_T && (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-#  include <stddef.h> /* INFRINGES ON USER NAME SPACE */
-#  define YYSIZE_T size_t
-# else
-#  define YYSIZE_T unsigned int
-# endif
-#endif
-
-#define YYSIZE_MAXIMUM ((YYSIZE_T) -1)
-
-#ifndef YY_
-# if defined YYENABLE_NLS && YYENABLE_NLS
-#  if ENABLE_NLS
-#   include <libintl.h> /* INFRINGES ON USER NAME SPACE */
-#   define YY_(msgid) dgettext ("bison-runtime", msgid)
-#  endif
-# endif
-# ifndef YY_
-#  define YY_(msgid) msgid
-# endif
-#endif
-
-/* Suppress unused-variable warnings by "using" E.  */
-#if ! defined lint || defined __GNUC__
-# define YYUSE(e) ((void) (e))
-#else
-# define YYUSE(e) /* empty */
-#endif
-
-/* Identity function, used to suppress warnings about constant conditions.  */
-#ifndef lint
-# define YYID(n) (n)
-#else
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static int
-YYID (int i)
-#else
-static int
-YYID (i)
-    int i;
-#endif
-{
-  return i;
-}
-#endif
-
-#if ! defined yyoverflow || YYERROR_VERBOSE
-
-/* The parser invokes alloca or malloc; define the necessary symbols.  */
-
-# ifdef YYSTACK_USE_ALLOCA
-#  if YYSTACK_USE_ALLOCA
-#   ifdef __GNUC__
-#    define YYSTACK_ALLOC __builtin_alloca
-#   elif defined __BUILTIN_VA_ARG_INCR
-#    include <alloca.h> /* INFRINGES ON USER NAME SPACE */
-#   elif defined _AIX
-#    define YYSTACK_ALLOC __alloca
-#   elif defined _MSC_VER
-#    include <malloc.h> /* INFRINGES ON USER NAME SPACE */
-#    define alloca _alloca
-#   else
-#    define YYSTACK_ALLOC alloca
-#    if ! defined _ALLOCA_H && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-#     include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
-#     ifndef _STDLIB_H
-#      define _STDLIB_H 1
-#     endif
-#    endif
-#   endif
-#  endif
-# endif
-
-# ifdef YYSTACK_ALLOC
-   /* Pacify GCC's `empty if-body' warning.  */
-#  define YYSTACK_FREE(Ptr) do { /* empty */; } while (YYID (0))
-#  ifndef YYSTACK_ALLOC_MAXIMUM
-    /* The OS might guarantee only one guard page at the bottom of the stack,
-       and a page size can be as small as 4096 bytes.  So we cannot safely
-       invoke alloca (N) if N exceeds 4096.  Use a slightly smaller number
-       to allow for a few compiler-allocated temporary stack slots.  */
-#   define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2006 */
-#  endif
-# else
-#  define YYSTACK_ALLOC YYMALLOC
-#  define YYSTACK_FREE YYFREE
-#  ifndef YYSTACK_ALLOC_MAXIMUM
-#   define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM
-#  endif
-#  if (defined __cplusplus && ! defined _STDLIB_H \
-       && ! ((defined YYMALLOC || defined malloc) \
-	     && (defined YYFREE || defined free)))
-#   include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
-#   ifndef _STDLIB_H
-#    define _STDLIB_H 1
-#   endif
-#  endif
-#  ifndef YYMALLOC
-#   define YYMALLOC malloc
-#   if ! defined malloc && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */
-#   endif
-#  endif
-#  ifndef YYFREE
-#   define YYFREE free
-#   if ! defined free && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-void free (void *); /* INFRINGES ON USER NAME SPACE */
-#   endif
-#  endif
-# endif
-#endif /* ! defined yyoverflow || YYERROR_VERBOSE */
-
-
-#if (! defined yyoverflow \
-     && (! defined __cplusplus \
-	 || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL)))
-
-/* A type that is properly aligned for any stack member.  */
-union yyalloc
-{
-  yytype_int16 yyss;
-  YYSTYPE yyvs;
-  };
-
-/* The size of the maximum gap between one aligned stack and the next.  */
-# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1)
-
-/* The size of an array large to enough to hold all stacks, each with
-   N elements.  */
-# define YYSTACK_BYTES(N) \
-     ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \
-      + YYSTACK_GAP_MAXIMUM)
-
-/* Copy COUNT objects from FROM to TO.  The source and destination do
-   not overlap.  */
-# ifndef YYCOPY
-#  if defined __GNUC__ && 1 < __GNUC__
-#   define YYCOPY(To, From, Count) \
-      __builtin_memcpy (To, From, (Count) * sizeof (*(From)))
-#  else
-#   define YYCOPY(To, From, Count)		\
-      do					\
-	{					\
-	  YYSIZE_T yyi;				\
-	  for (yyi = 0; yyi < (Count); yyi++)	\
-	    (To)[yyi] = (From)[yyi];		\
-	}					\
-      while (YYID (0))
-#  endif
-# endif
-
-/* Relocate STACK from its old location to the new one.  The
-   local variables YYSIZE and YYSTACKSIZE give the old and new number of
-   elements in the stack, and YYPTR gives the new location of the
-   stack.  Advance YYPTR to a properly aligned location for the next
-   stack.  */
-# define YYSTACK_RELOCATE(Stack)					\
-    do									\
-      {									\
-	YYSIZE_T yynewbytes;						\
-	YYCOPY (&yyptr->Stack, Stack, yysize);				\
-	Stack = &yyptr->Stack;						\
-	yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \
-	yyptr += yynewbytes / sizeof (*yyptr);				\
-      }									\
-    while (YYID (0))
-
-#endif
-
-/* YYFINAL -- State number of the termination state.  */
-#define YYFINAL  6
-/* YYLAST -- Last index in YYTABLE.  */
-#define YYLAST   7
-
-/* YYNTOKENS -- Number of terminals.  */
-#define YYNTOKENS  8
-/* YYNNTS -- Number of nonterminals.  */
-#define YYNNTS  4
-/* YYNRULES -- Number of rules.  */
-#define YYNRULES  6
-/* YYNRULES -- Number of states.  */
-#define YYNSTATES  12
-
-/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX.  */
-#define YYUNDEFTOK  2
-#define YYMAXUTOK   259
-
-#define YYTRANSLATE(YYX)						\
-  ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK)
-
-/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX.  */
-static const yytype_uint8 yytranslate[] =
-{
-       0,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     5,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     6,     2,     7,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     1,     2,     3,     4
-};
-
-#if YYDEBUG
-/* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in
-   YYRHS.  */
-static const yytype_uint8 yyprhs[] =
-{
-       0,     0,     3,     5,     8,    10,    14
-};
-
-/* YYRHS -- A `-1'-separated list of the rules' RHS.  */
-static const yytype_int8 yyrhs[] =
-{
-       9,     0,    -1,    10,    -1,    11,    10,    -1,    11,    -1,
-       3,     5,     4,    -1,     3,     5,     6,    10,     7,    -1
-};
-
-/* YYRLINE[YYN] -- source line where rule number YYN was defined.  */
-static const yytype_uint8 yyrline[] =
-{
-       0,    67,    67,    73,    78,    81,    90
-};
-#endif
-
-#if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE
-/* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM.
-   First, the terminals, then, starting at YYNTOKENS, nonterminals.  */
-static const char *const yytname[] =
-{
-  "$end", "error", "$undefined", "LITERAL", "STRING", "'='", "'{'", "'}'",
-  "$accept", "start", "assignments", "assignment", 0
-};
-#endif
-
-# ifdef YYPRINT
-/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to
-   token YYLEX-NUM.  */
-static const yytype_uint16 yytoknum[] =
-{
-       0,   256,   257,   258,   259,    61,   123,   125
-};
-# endif
-
-/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives.  */
-static const yytype_uint8 yyr1[] =
-{
-       0,     8,     9,    10,    10,    11,    11
-};
-
-/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN.  */
-static const yytype_uint8 yyr2[] =
-{
-       0,     2,     1,     2,     1,     3,     5
-};
-
-/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state
-   STATE-NUM when YYTABLE doesn't specify something else to do.  Zero
-   means the default is an error.  */
-static const yytype_uint8 yydefact[] =
-{
-       0,     0,     0,     2,     4,     0,     1,     3,     5,     0,
-       0,     6
-};
-
-/* YYDEFGOTO[NTERM-NUM].  */
-static const yytype_int8 yydefgoto[] =
-{
-      -1,     2,     3,     4
-};
-
-/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing
-   STATE-NUM.  */
-#define YYPACT_NINF -5
-static const yytype_int8 yypact[] =
-{
-      -1,     1,     4,    -5,    -1,    -3,    -5,    -5,    -5,    -1,
-       0,    -5
-};
-
-/* YYPGOTO[NTERM-NUM].  */
-static const yytype_int8 yypgoto[] =
-{
-      -5,    -5,    -4,    -5
-};
-
-/* YYTABLE[YYPACT[STATE-NUM]].  What to do in state STATE-NUM.  If
-   positive, shift that token.  If negative, reduce the rule which
-   number is the opposite.  If zero, do what YYDEFACT says.
-   If YYTABLE_NINF, syntax error.  */
-#define YYTABLE_NINF -1
-static const yytype_uint8 yytable[] =
-{
-       7,     8,     1,     9,     6,    10,     5,    11
-};
-
-static const yytype_uint8 yycheck[] =
-{
-       4,     4,     3,     6,     0,     9,     5,     7
-};
-
-/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
-   symbol of state STATE-NUM.  */
-static const yytype_uint8 yystos[] =
-{
-       0,     3,     9,    10,    11,     5,     0,    10,     4,     6,
-      10,     7
-};
-
-#define yyerrok		(yyerrstatus = 0)
-#define yyclearin	(yychar = YYEMPTY)
-#define YYEMPTY		(-2)
-#define YYEOF		0
-
-#define YYACCEPT	goto yyacceptlab
-#define YYABORT		goto yyabortlab
-#define YYERROR		goto yyerrorlab
-
-
-/* Like YYERROR except do call yyerror.  This remains here temporarily
-   to ease the transition to the new meaning of YYERROR, for GCC.
-   Once GCC version 2 has supplanted version 1, this can go.  */
-
-#define YYFAIL		goto yyerrlab
-
-#define YYRECOVERING()  (!!yyerrstatus)
-
-#define YYBACKUP(Token, Value)					\
-do								\
-  if (yychar == YYEMPTY && yylen == 1)				\
-    {								\
-      yychar = (Token);						\
-      yylval = (Value);						\
-      yytoken = YYTRANSLATE (yychar);				\
-      YYPOPSTACK (1);						\
-      goto yybackup;						\
-    }								\
-  else								\
-    {								\
-      yyerror (YY_("syntax error: cannot back up")); \
-      YYERROR;							\
-    }								\
-while (YYID (0))
-
-
-#define YYTERROR	1
-#define YYERRCODE	256
-
-
-/* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N].
-   If N is 0, then set CURRENT to the empty location which ends
-   the previous symbol: RHS[0] (always defined).  */
-
-#define YYRHSLOC(Rhs, K) ((Rhs)[K])
-#ifndef YYLLOC_DEFAULT
-# define YYLLOC_DEFAULT(Current, Rhs, N)				\
-    do									\
-      if (YYID (N))                                                    \
-	{								\
-	  (Current).first_line   = YYRHSLOC (Rhs, 1).first_line;	\
-	  (Current).first_column = YYRHSLOC (Rhs, 1).first_column;	\
-	  (Current).last_line    = YYRHSLOC (Rhs, N).last_line;		\
-	  (Current).last_column  = YYRHSLOC (Rhs, N).last_column;	\
-	}								\
-      else								\
-	{								\
-	  (Current).first_line   = (Current).last_line   =		\
-	    YYRHSLOC (Rhs, 0).last_line;				\
-	  (Current).first_column = (Current).last_column =		\
-	    YYRHSLOC (Rhs, 0).last_column;				\
-	}								\
-    while (YYID (0))
-#endif
-
-
-/* YY_LOCATION_PRINT -- Print the location on the stream.
-   This macro was not mandated originally: define only if we know
-   we won't break user code: when these are the locations we know.  */
-
-#ifndef YY_LOCATION_PRINT
-# if defined YYLTYPE_IS_TRIVIAL && YYLTYPE_IS_TRIVIAL
-#  define YY_LOCATION_PRINT(File, Loc)			\
-     fprintf (File, "%d.%d-%d.%d",			\
-	      (Loc).first_line, (Loc).first_column,	\
-	      (Loc).last_line,  (Loc).last_column)
-# else
-#  define YY_LOCATION_PRINT(File, Loc) ((void) 0)
-# endif
-#endif
-
-
-/* YYLEX -- calling `yylex' with the right arguments.  */
-
-#ifdef YYLEX_PARAM
-# define YYLEX yylex (YYLEX_PARAM)
-#else
-# define YYLEX yylex ()
-#endif
-
-/* Enable debugging if requested.  */
-#if YYDEBUG
-
-# ifndef YYFPRINTF
-#  include <stdio.h> /* INFRINGES ON USER NAME SPACE */
-#  define YYFPRINTF fprintf
-# endif
-
-# define YYDPRINTF(Args)			\
-do {						\
-  if (yydebug)					\
-    YYFPRINTF Args;				\
-} while (YYID (0))
-
-# define YY_SYMBOL_PRINT(Title, Type, Value, Location)			  \
-do {									  \
-  if (yydebug)								  \
-    {									  \
-      YYFPRINTF (stderr, "%s ", Title);					  \
-      yy_symbol_print (stderr,						  \
-		  Type, Value); \
-      YYFPRINTF (stderr, "\n");						  \
-    }									  \
-} while (YYID (0))
-
-
-/*--------------------------------.
-| Print this symbol on YYOUTPUT.  |
-`--------------------------------*/
-
-/*ARGSUSED*/
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yy_symbol_value_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
-#else
-static void
-yy_symbol_value_print (yyoutput, yytype, yyvaluep)
-    FILE *yyoutput;
-    int yytype;
-    YYSTYPE const * const yyvaluep;
-#endif
-{
-  if (!yyvaluep)
-    return;
-# ifdef YYPRINT
-  if (yytype < YYNTOKENS)
-    YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep);
-# else
-  YYUSE (yyoutput);
-# endif
-  switch (yytype)
-    {
-      default:
-	break;
-    }
-}
-
-
-/*--------------------------------.
-| Print this symbol on YYOUTPUT.  |
-`--------------------------------*/
-
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yy_symbol_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
-#else
-static void
-yy_symbol_print (yyoutput, yytype, yyvaluep)
-    FILE *yyoutput;
-    int yytype;
-    YYSTYPE const * const yyvaluep;
-#endif
-{
-  if (yytype < YYNTOKENS)
-    YYFPRINTF (yyoutput, "token %s (", yytname[yytype]);
-  else
-    YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]);
-
-  yy_symbol_value_print (yyoutput, yytype, yyvaluep);
-  YYFPRINTF (yyoutput, ")");
-}
-
-/*------------------------------------------------------------------.
-| yy_stack_print -- Print the state stack from its BOTTOM up to its |
-| TOP (included).                                                   |
-`------------------------------------------------------------------*/
-
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yy_stack_print (yytype_int16 *bottom, yytype_int16 *top)
-#else
-static void
-yy_stack_print (bottom, top)
-    yytype_int16 *bottom;
-    yytype_int16 *top;
-#endif
-{
-  YYFPRINTF (stderr, "Stack now");
-  for (; bottom <= top; ++bottom)
-    YYFPRINTF (stderr, " %d", *bottom);
-  YYFPRINTF (stderr, "\n");
-}
-
-# define YY_STACK_PRINT(Bottom, Top)				\
-do {								\
-  if (yydebug)							\
-    yy_stack_print ((Bottom), (Top));				\
-} while (YYID (0))
-
-
-/*------------------------------------------------.
-| Report that the YYRULE is going to be reduced.  |
-`------------------------------------------------*/
-
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yy_reduce_print (YYSTYPE *yyvsp, int yyrule)
-#else
-static void
-yy_reduce_print (yyvsp, yyrule)
-    YYSTYPE *yyvsp;
-    int yyrule;
-#endif
-{
-  int yynrhs = yyr2[yyrule];
-  int yyi;
-  unsigned long int yylno = yyrline[yyrule];
-  YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n",
-	     yyrule - 1, yylno);
-  /* The symbols being reduced.  */
-  for (yyi = 0; yyi < yynrhs; yyi++)
-    {
-      fprintf (stderr, "   $%d = ", yyi + 1);
-      yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi],
-		       &(yyvsp[(yyi + 1) - (yynrhs)])
-		       		       );
-      fprintf (stderr, "\n");
-    }
-}
-
-# define YY_REDUCE_PRINT(Rule)		\
-do {					\
-  if (yydebug)				\
-    yy_reduce_print (yyvsp, Rule); \
-} while (YYID (0))
-
-/* Nonzero means print parse trace.  It is left uninitialized so that
-   multiple parsers can coexist.  */
-int yydebug;
-#else /* !YYDEBUG */
-# define YYDPRINTF(Args)
-# define YY_SYMBOL_PRINT(Title, Type, Value, Location)
-# define YY_STACK_PRINT(Bottom, Top)
-# define YY_REDUCE_PRINT(Rule)
-#endif /* !YYDEBUG */
-
-
-/* YYINITDEPTH -- initial size of the parser's stacks.  */
-#ifndef	YYINITDEPTH
-# define YYINITDEPTH 200
-#endif
-
-/* YYMAXDEPTH -- maximum size the stacks can grow to (effective only
-   if the built-in stack extension method is used).
-
-   Do not make this value too large; the results are undefined if
-   YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH)
-   evaluated with infinite-precision integer arithmetic.  */
-
-#ifndef YYMAXDEPTH
-# define YYMAXDEPTH 10000
-#endif
-
-
-
-#if YYERROR_VERBOSE
-
-# ifndef yystrlen
-#  if defined __GLIBC__ && defined _STRING_H
-#   define yystrlen strlen
-#  else
-/* Return the length of YYSTR.  */
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static YYSIZE_T
-yystrlen (const char *yystr)
-#else
-static YYSIZE_T
-yystrlen (yystr)
-    const char *yystr;
-#endif
-{
-  YYSIZE_T yylen;
-  for (yylen = 0; yystr[yylen]; yylen++)
-    continue;
-  return yylen;
-}
-#  endif
-# endif
-
-# ifndef yystpcpy
-#  if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE
-#   define yystpcpy stpcpy
-#  else
-/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in
-   YYDEST.  */
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static char *
-yystpcpy (char *yydest, const char *yysrc)
-#else
-static char *
-yystpcpy (yydest, yysrc)
-    char *yydest;
-    const char *yysrc;
-#endif
-{
-  char *yyd = yydest;
-  const char *yys = yysrc;
-
-  while ((*yyd++ = *yys++) != '\0')
-    continue;
-
-  return yyd - 1;
-}
-#  endif
-# endif
-
-# ifndef yytnamerr
-/* Copy to YYRES the contents of YYSTR after stripping away unnecessary
-   quotes and backslashes, so that it's suitable for yyerror.  The
-   heuristic is that double-quoting is unnecessary unless the string
-   contains an apostrophe, a comma, or backslash (other than
-   backslash-backslash).  YYSTR is taken from yytname.  If YYRES is
-   null, do not copy; instead, return the length of what the result
-   would have been.  */
-static YYSIZE_T
-yytnamerr (char *yyres, const char *yystr)
-{
-  if (*yystr == '"')
-    {
-      YYSIZE_T yyn = 0;
-      char const *yyp = yystr;
-
-      for (;;)
-	switch (*++yyp)
-	  {
-	  case '\'':
-	  case ',':
-	    goto do_not_strip_quotes;
-
-	  case '\\':
-	    if (*++yyp != '\\')
-	      goto do_not_strip_quotes;
-	    /* Fall through.  */
-	  default:
-	    if (yyres)
-	      yyres[yyn] = *yyp;
-	    yyn++;
-	    break;
-
-	  case '"':
-	    if (yyres)
-	      yyres[yyn] = '\0';
-	    return yyn;
-	  }
-    do_not_strip_quotes: ;
-    }
-
-  if (! yyres)
-    return yystrlen (yystr);
-
-  return yystpcpy (yyres, yystr) - yyres;
-}
-# endif
-
-/* Copy into YYRESULT an error message about the unexpected token
-   YYCHAR while in state YYSTATE.  Return the number of bytes copied,
-   including the terminating null byte.  If YYRESULT is null, do not
-   copy anything; just return the number of bytes that would be
-   copied.  As a special case, return 0 if an ordinary "syntax error"
-   message will do.  Return YYSIZE_MAXIMUM if overflow occurs during
-   size calculation.  */
-static YYSIZE_T
-yysyntax_error (char *yyresult, int yystate, int yychar)
-{
-  int yyn = yypact[yystate];
-
-  if (! (YYPACT_NINF < yyn && yyn <= YYLAST))
-    return 0;
-  else
-    {
-      int yytype = YYTRANSLATE (yychar);
-      YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]);
-      YYSIZE_T yysize = yysize0;
-      YYSIZE_T yysize1;
-      int yysize_overflow = 0;
-      enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 };
-      char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
-      int yyx;
-
-# if 0
-      /* This is so xgettext sees the translatable formats that are
-	 constructed on the fly.  */
-      YY_("syntax error, unexpected %s");
-      YY_("syntax error, unexpected %s, expecting %s");
-      YY_("syntax error, unexpected %s, expecting %s or %s");
-      YY_("syntax error, unexpected %s, expecting %s or %s or %s");
-      YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s");
-# endif
-      char *yyfmt;
-      char const *yyf;
-      static char const yyunexpected[] = "syntax error, unexpected %s";
-      static char const yyexpecting[] = ", expecting %s";
-      static char const yyor[] = " or %s";
-      char yyformat[sizeof yyunexpected
-		    + sizeof yyexpecting - 1
-		    + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2)
-		       * (sizeof yyor - 1))];
-      char const *yyprefix = yyexpecting;
-
-      /* Start YYX at -YYN if negative to avoid negative indexes in
-	 YYCHECK.  */
-      int yyxbegin = yyn < 0 ? -yyn : 0;
-
-      /* Stay within bounds of both yycheck and yytname.  */
-      int yychecklim = YYLAST - yyn + 1;
-      int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS;
-      int yycount = 1;
-
-      yyarg[0] = yytname[yytype];
-      yyfmt = yystpcpy (yyformat, yyunexpected);
-
-      for (yyx = yyxbegin; yyx < yyxend; ++yyx)
-	if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR)
-	  {
-	    if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM)
-	      {
-		yycount = 1;
-		yysize = yysize0;
-		yyformat[sizeof yyunexpected - 1] = '\0';
-		break;
-	      }
-	    yyarg[yycount++] = yytname[yyx];
-	    yysize1 = yysize + yytnamerr (0, yytname[yyx]);
-	    yysize_overflow |= (yysize1 < yysize);
-	    yysize = yysize1;
-	    yyfmt = yystpcpy (yyfmt, yyprefix);
-	    yyprefix = yyor;
-	  }
-
-      yyf = YY_(yyformat);
-      yysize1 = yysize + yystrlen (yyf);
-      yysize_overflow |= (yysize1 < yysize);
-      yysize = yysize1;
-
-      if (yysize_overflow)
-	return YYSIZE_MAXIMUM;
-
-      if (yyresult)
-	{
-	  /* Avoid sprintf, as that infringes on the user's name space.
-	     Don't have undefined behavior even if the translation
-	     produced a string with the wrong number of "%s"s.  */
-	  char *yyp = yyresult;
-	  int yyi = 0;
-	  while ((*yyp = *yyf) != '\0')
-	    {
-	      if (*yyp == '%' && yyf[1] == 's' && yyi < yycount)
-		{
-		  yyp += yytnamerr (yyp, yyarg[yyi++]);
-		  yyf += 2;
-		}
-	      else
-		{
-		  yyp++;
-		  yyf++;
-		}
-	    }
-	}
-      return yysize;
-    }
-}
-#endif /* YYERROR_VERBOSE */
-
-
-/*-----------------------------------------------.
-| Release the memory associated to this symbol.  |
-`-----------------------------------------------*/
-
-/*ARGSUSED*/
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-static void
-yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep)
-#else
-static void
-yydestruct (yymsg, yytype, yyvaluep)
-    const char *yymsg;
-    int yytype;
-    YYSTYPE *yyvaluep;
-#endif
-{
-  YYUSE (yyvaluep);
-
-  if (!yymsg)
-    yymsg = "Deleting";
-  YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp);
-
-  switch (yytype)
-    {
-
-      default:
-	break;
-    }
-}
-
-
-/* Prevent warnings from -Wmissing-prototypes.  */
-
-#ifdef YYPARSE_PARAM
-#if defined __STDC__ || defined __cplusplus
-int yyparse (void *YYPARSE_PARAM);
-#else
-int yyparse ();
-#endif
-#else /* ! YYPARSE_PARAM */
-#if defined __STDC__ || defined __cplusplus
-int yyparse (void);
-#else
-int yyparse ();
-#endif
-#endif /* ! YYPARSE_PARAM */
-
-
-
-/* The look-ahead symbol.  */
-int yychar;
-
-/* The semantic value of the look-ahead symbol.  */
-YYSTYPE yylval;
-
-/* Number of syntax errors so far.  */
-int yynerrs;
-
-
-
-/*----------.
-| yyparse.  |
-`----------*/
-
-#ifdef YYPARSE_PARAM
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-int
-yyparse (void *YYPARSE_PARAM)
-#else
-int
-yyparse (YYPARSE_PARAM)
-    void *YYPARSE_PARAM;
-#endif
-#else /* ! YYPARSE_PARAM */
-#if (defined __STDC__ || defined __C99__FUNC__ \
-     || defined __cplusplus || defined _MSC_VER)
-int
-yyparse (void)
-#else
-int
-yyparse ()
-
-#endif
-#endif
-{
-  
-  int yystate;
-  int yyn;
-  int yyresult;
-  /* Number of tokens to shift before error messages enabled.  */
-  int yyerrstatus;
-  /* Look-ahead token as an internal (translated) token number.  */
-  int yytoken = 0;
-#if YYERROR_VERBOSE
-  /* Buffer for error messages, and its allocated size.  */
-  char yymsgbuf[128];
-  char *yymsg = yymsgbuf;
-  YYSIZE_T yymsg_alloc = sizeof yymsgbuf;
-#endif
-
-  /* Three stacks and their tools:
-     `yyss': related to states,
-     `yyvs': related to semantic values,
-     `yyls': related to locations.
-
-     Refer to the stacks thru separate pointers, to allow yyoverflow
-     to reallocate them elsewhere.  */
-
-  /* The state stack.  */
-  yytype_int16 yyssa[YYINITDEPTH];
-  yytype_int16 *yyss = yyssa;
-  yytype_int16 *yyssp;
-
-  /* The semantic value stack.  */
-  YYSTYPE yyvsa[YYINITDEPTH];
-  YYSTYPE *yyvs = yyvsa;
-  YYSTYPE *yyvsp;
-
-
-
-#define YYPOPSTACK(N)   (yyvsp -= (N), yyssp -= (N))
-
-  YYSIZE_T yystacksize = YYINITDEPTH;
-
-  /* The variables used to return semantic value and location from the
-     action routines.  */
-  YYSTYPE yyval;
-
-
-  /* The number of symbols on the RHS of the reduced rule.
-     Keep to zero when no symbol should be popped.  */
-  int yylen = 0;
-
-  YYDPRINTF ((stderr, "Starting parse\n"));
-
-  yystate = 0;
-  yyerrstatus = 0;
-  yynerrs = 0;
-  yychar = YYEMPTY;		/* Cause a token to be read.  */
-
-  /* Initialize stack pointers.
-     Waste one element of value and location stack
-     so that they stay on the same level as the state stack.
-     The wasted elements are never initialized.  */
-
-  yyssp = yyss;
-  yyvsp = yyvs;
-
-  goto yysetstate;
-
-/*------------------------------------------------------------.
-| yynewstate -- Push a new state, which is found in yystate.  |
-`------------------------------------------------------------*/
- yynewstate:
-  /* In all cases, when you get here, the value and location stacks
-     have just been pushed.  So pushing a state here evens the stacks.  */
-  yyssp++;
-
- yysetstate:
-  *yyssp = yystate;
-
-  if (yyss + yystacksize - 1 <= yyssp)
-    {
-      /* Get the current used size of the three stacks, in elements.  */
-      YYSIZE_T yysize = yyssp - yyss + 1;
-
-#ifdef yyoverflow
-      {
-	/* Give user a chance to reallocate the stack.  Use copies of
-	   these so that the &'s don't force the real ones into
-	   memory.  */
-	YYSTYPE *yyvs1 = yyvs;
-	yytype_int16 *yyss1 = yyss;
-
-
-	/* Each stack pointer address is followed by the size of the
-	   data in use in that stack, in bytes.  This used to be a
-	   conditional around just the two extra args, but that might
-	   be undefined if yyoverflow is a macro.  */
-	yyoverflow (YY_("memory exhausted"),
-		    &yyss1, yysize * sizeof (*yyssp),
-		    &yyvs1, yysize * sizeof (*yyvsp),
-
-		    &yystacksize);
-
-	yyss = yyss1;
-	yyvs = yyvs1;
-      }
-#else /* no yyoverflow */
-# ifndef YYSTACK_RELOCATE
-      goto yyexhaustedlab;
-# else
-      /* Extend the stack our own way.  */
-      if (YYMAXDEPTH <= yystacksize)
-	goto yyexhaustedlab;
-      yystacksize *= 2;
-      if (YYMAXDEPTH < yystacksize)
-	yystacksize = YYMAXDEPTH;
-
-      {
-	yytype_int16 *yyss1 = yyss;
-	union yyalloc *yyptr =
-	  (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize));
-	if (! yyptr)
-	  goto yyexhaustedlab;
-	YYSTACK_RELOCATE (yyss);
-	YYSTACK_RELOCATE (yyvs);
-
-#  undef YYSTACK_RELOCATE
-	if (yyss1 != yyssa)
-	  YYSTACK_FREE (yyss1);
-      }
-# endif
-#endif /* no yyoverflow */
-
-      yyssp = yyss + yysize - 1;
-      yyvsp = yyvs + yysize - 1;
-
-
-      YYDPRINTF ((stderr, "Stack size increased to %lu\n",
-		  (unsigned long int) yystacksize));
-
-      if (yyss + yystacksize - 1 <= yyssp)
-	YYABORT;
-    }
-
-  YYDPRINTF ((stderr, "Entering state %d\n", yystate));
-
-  goto yybackup;
-
-/*-----------.
-| yybackup.  |
-`-----------*/
-yybackup:
-
-  /* Do appropriate processing given the current state.  Read a
-     look-ahead token if we need one and don't already have one.  */
-
-  /* First try to decide what to do without reference to look-ahead token.  */
-  yyn = yypact[yystate];
-  if (yyn == YYPACT_NINF)
-    goto yydefault;
-
-  /* Not known => get a look-ahead token if don't already have one.  */
-
-  /* YYCHAR is either YYEMPTY or YYEOF or a valid look-ahead symbol.  */
-  if (yychar == YYEMPTY)
-    {
-      YYDPRINTF ((stderr, "Reading a token: "));
-      yychar = YYLEX;
-    }
-
-  if (yychar <= YYEOF)
-    {
-      yychar = yytoken = YYEOF;
-      YYDPRINTF ((stderr, "Now at end of input.\n"));
-    }
-  else
-    {
-      yytoken = YYTRANSLATE (yychar);
-      YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc);
-    }
-
-  /* If the proper action on seeing token YYTOKEN is to reduce or to
-     detect an error, take that action.  */
-  yyn += yytoken;
-  if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken)
-    goto yydefault;
-  yyn = yytable[yyn];
-  if (yyn <= 0)
-    {
-      if (yyn == 0 || yyn == YYTABLE_NINF)
-	goto yyerrlab;
-      yyn = -yyn;
-      goto yyreduce;
-    }
-
-  if (yyn == YYFINAL)
-    YYACCEPT;
-
-  /* Count tokens shifted since error; after three, turn off error
-     status.  */
-  if (yyerrstatus)
-    yyerrstatus--;
-
-  /* Shift the look-ahead token.  */
-  YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc);
-
-  /* Discard the shifted token unless it is eof.  */
-  if (yychar != YYEOF)
-    yychar = YYEMPTY;
-
-  yystate = yyn;
-  *++yyvsp = yylval;
-
-  goto yynewstate;
-
-
-/*-----------------------------------------------------------.
-| yydefault -- do the default action for the current state.  |
-`-----------------------------------------------------------*/
-yydefault:
-  yyn = yydefact[yystate];
-  if (yyn == 0)
-    goto yyerrlab;
-  goto yyreduce;
-
-
-/*-----------------------------.
-| yyreduce -- Do a reduction.  |
-`-----------------------------*/
-yyreduce:
-  /* yyn is the number of a rule to reduce with.  */
-  yylen = yyr2[yyn];
-
-  /* If YYLEN is nonzero, implement the default value of the action:
-     `$$ = $1'.
-
-     Otherwise, the following line sets YYVAL to garbage.
-     This behavior is undocumented and Bison
-     users should not rely upon it.  Assigning to YYVAL
-     unconditionally makes the parser a bit smaller, and it avoids a
-     GCC warning that YYVAL may be used uninitialized.  */
-  yyval = yyvsp[1-yylen];
-
-
-  YY_REDUCE_PRINT (yyn);
-  switch (yyn)
-    {
-        case 2:
-#line 68 "slc-gram.y"
-    {
-			assignment = (yyvsp[(1) - (1)].assignment);
-		}
-    break;
-
-  case 3:
-#line 74 "slc-gram.y"
-    {
-			(yyvsp[(1) - (2)].assignment)->next = (yyvsp[(2) - (2)].assignment);
-			(yyval.assignment) = (yyvsp[(1) - (2)].assignment);
-		}
-    break;
-
-  case 5:
-#line 82 "slc-gram.y"
-    {
-			(yyval.assignment) = malloc(sizeof(*(yyval.assignment)));
-			(yyval.assignment)->name = (yyvsp[(1) - (3)].string);
-			(yyval.assignment)->type = a_value;
-			(yyval.assignment)->lineno = lineno;
-			(yyval.assignment)->u.value = (yyvsp[(3) - (3)].string);
-			(yyval.assignment)->next = NULL;
-		}
-    break;
-
-  case 6:
-#line 91 "slc-gram.y"
-    {
-			(yyval.assignment) = malloc(sizeof(*(yyval.assignment)));
-			(yyval.assignment)->name = (yyvsp[(1) - (5)].string);
-			(yyval.assignment)->type = a_assignment;
-			(yyval.assignment)->lineno = lineno;
-			(yyval.assignment)->u.assignment = (yyvsp[(4) - (5)].assignment);
-			(yyval.assignment)->next = NULL;
-		}
-    break;
-
-
-/* Line 1267 of yacc.c.  */
-#line 1397 "slc-gram.c"
-      default: break;
-    }
-  YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc);
-
-  YYPOPSTACK (yylen);
-  yylen = 0;
-  YY_STACK_PRINT (yyss, yyssp);
-
-  *++yyvsp = yyval;
-
-
-  /* Now `shift' the result of the reduction.  Determine what state
-     that goes to, based on the state we popped back to and the rule
-     number reduced by.  */
-
-  yyn = yyr1[yyn];
-
-  yystate = yypgoto[yyn - YYNTOKENS] + *yyssp;
-  if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp)
-    yystate = yytable[yystate];
-  else
-    yystate = yydefgoto[yyn - YYNTOKENS];
-
-  goto yynewstate;
-
-
-/*------------------------------------.
-| yyerrlab -- here on detecting error |
-`------------------------------------*/
-yyerrlab:
-  /* If not already recovering from an error, report this error.  */
-  if (!yyerrstatus)
-    {
-      ++yynerrs;
-#if ! YYERROR_VERBOSE
-      yyerror (YY_("syntax error"));
-#else
-      {
-	YYSIZE_T yysize = yysyntax_error (0, yystate, yychar);
-	if (yymsg_alloc < yysize && yymsg_alloc < YYSTACK_ALLOC_MAXIMUM)
-	  {
-	    YYSIZE_T yyalloc = 2 * yysize;
-	    if (! (yysize <= yyalloc && yyalloc <= YYSTACK_ALLOC_MAXIMUM))
-	      yyalloc = YYSTACK_ALLOC_MAXIMUM;
-	    if (yymsg != yymsgbuf)
-	      YYSTACK_FREE (yymsg);
-	    yymsg = (char *) YYSTACK_ALLOC (yyalloc);
-	    if (yymsg)
-	      yymsg_alloc = yyalloc;
-	    else
-	      {
-		yymsg = yymsgbuf;
-		yymsg_alloc = sizeof yymsgbuf;
-	      }
-	  }
-
-	if (0 < yysize && yysize <= yymsg_alloc)
-	  {
-	    (void) yysyntax_error (yymsg, yystate, yychar);
-	    yyerror (yymsg);
-	  }
-	else
-	  {
-	    yyerror (YY_("syntax error"));
-	    if (yysize != 0)
-	      goto yyexhaustedlab;
-	  }
-      }
-#endif
-    }
-
-
-
-  if (yyerrstatus == 3)
-    {
-      /* If just tried and failed to reuse look-ahead token after an
-	 error, discard it.  */
-
-      if (yychar <= YYEOF)
-	{
-	  /* Return failure if at end of input.  */
-	  if (yychar == YYEOF)
-	    YYABORT;
-	}
-      else
-	{
-	  yydestruct ("Error: discarding",
-		      yytoken, &yylval);
-	  yychar = YYEMPTY;
-	}
-    }
-
-  /* Else will try to reuse look-ahead token after shifting the error
-     token.  */
-  goto yyerrlab1;
-
-
-/*---------------------------------------------------.
-| yyerrorlab -- error raised explicitly by YYERROR.  |
-`---------------------------------------------------*/
-yyerrorlab:
-
-  /* Pacify compilers like GCC when the user code never invokes
-     YYERROR and the label yyerrorlab therefore never appears in user
-     code.  */
-  if (/*CONSTCOND*/ 0)
-     goto yyerrorlab;
-
-  /* Do not reclaim the symbols of the rule which action triggered
-     this YYERROR.  */
-  YYPOPSTACK (yylen);
-  yylen = 0;
-  YY_STACK_PRINT (yyss, yyssp);
-  yystate = *yyssp;
-  goto yyerrlab1;
-
-
-/*-------------------------------------------------------------.
-| yyerrlab1 -- common code for both syntax error and YYERROR.  |
-`-------------------------------------------------------------*/
-yyerrlab1:
-  yyerrstatus = 3;	/* Each real token shifted decrements this.  */
-
-  for (;;)
-    {
-      yyn = yypact[yystate];
-      if (yyn != YYPACT_NINF)
-	{
-	  yyn += YYTERROR;
-	  if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR)
-	    {
-	      yyn = yytable[yyn];
-	      if (0 < yyn)
-		break;
-	    }
-	}
-
-      /* Pop the current state because it cannot handle the error token.  */
-      if (yyssp == yyss)
-	YYABORT;
-
-
-      yydestruct ("Error: popping",
-		  yystos[yystate], yyvsp);
-      YYPOPSTACK (1);
-      yystate = *yyssp;
-      YY_STACK_PRINT (yyss, yyssp);
-    }
-
-  if (yyn == YYFINAL)
-    YYACCEPT;
-
-  *++yyvsp = yylval;
-
-
-  /* Shift the error token.  */
-  YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp);
-
-  yystate = yyn;
-  goto yynewstate;
-
-
-/*-------------------------------------.
-| yyacceptlab -- YYACCEPT comes here.  |
-`-------------------------------------*/
-yyacceptlab:
-  yyresult = 0;
-  goto yyreturn;
-
-/*-----------------------------------.
-| yyabortlab -- YYABORT comes here.  |
-`-----------------------------------*/
-yyabortlab:
-  yyresult = 1;
-  goto yyreturn;
-
-#ifndef yyoverflow
-/*-------------------------------------------------.
-| yyexhaustedlab -- memory exhaustion comes here.  |
-`-------------------------------------------------*/
-yyexhaustedlab:
-  yyerror (YY_("memory exhausted"));
-  yyresult = 2;
-  /* Fall through.  */
-#endif
-
-yyreturn:
-  if (yychar != YYEOF && yychar != YYEMPTY)
-     yydestruct ("Cleanup: discarding lookahead",
-		 yytoken, &yylval);
-  /* Do not reclaim the symbols of the rule which action triggered
-     this YYABORT or YYACCEPT.  */
-  YYPOPSTACK (yylen);
-  YY_STACK_PRINT (yyss, yyssp);
-  while (yyssp != yyss)
-    {
-      yydestruct ("Cleanup: popping",
-		  yystos[*yyssp], yyvsp);
-      YYPOPSTACK (1);
-    }
-#ifndef yyoverflow
-  if (yyss != yyssa)
-    YYSTACK_FREE (yyss);
-#endif
-#if YYERROR_VERBOSE
-  if (yymsg != yymsgbuf)
-    YYSTACK_FREE (yymsg);
-#endif
-  /* Make sure YYID is used.  */
-  return YYID (yyresult);
-}
-
-
-#line 101 "slc-gram.y"
-
-char *filename;
-FILE *cfile, *hfile;
-int error_flag;
-struct assignment *assignment;
-
-
-static void
-ex(struct assignment *a, const char *fmt, ...)
-{
-    va_list ap;
-    fprintf(stderr, "%s:%d: ", a->name, a->lineno);
-    va_start(ap, fmt);
-    vfprintf(stderr, fmt, ap);
-    va_end(ap);
-    fprintf(stderr, "\n");
-}
-
-
-
-static int
-check_option(struct assignment *as)
-{
-    struct assignment *a;
-    int seen_long = 0;
-    int seen_short = 0;
-    int seen_type = 0;
-    int seen_argument = 0;
-    int seen_help = 0;
-    int seen_default = 0;
-    int ret = 0;
-
-    for(a = as; a != NULL; a = a->next) {
-	if(strcmp(a->name, "long") == 0)
-	    seen_long++;
-	else if(strcmp(a->name, "short") == 0)
-	    seen_short++;
-	else if(strcmp(a->name, "type") == 0)
-	    seen_type++;
-	else if(strcmp(a->name, "argument") == 0)
-	    seen_argument++;
-	else if(strcmp(a->name, "help") == 0)
-	    seen_help++;
-	else if(strcmp(a->name, "default") == 0)
-	    seen_default++;
-	else {
-	    ex(a, "unknown name");
-	    ret++;
-	}
-    }
-    if(seen_long == 0 && seen_short == 0) {
-	ex(as, "neither long nor short option");
-	ret++;
-    }
-    if(seen_long > 1) {
-	ex(as, "multiple long options");
-	ret++;
-    }
-    if(seen_short > 1) {
-	ex(as, "multiple short options");
-	ret++;
-    }
-    if(seen_type > 1) {
-	ex(as, "multiple types");
-	ret++;
-    }
-    if(seen_argument > 1) {
-	ex(as, "multiple arguments");
-	ret++;
-    }
-    if(seen_help > 1) {
-	ex(as, "multiple help strings");
-	ret++;
-    }
-    if(seen_default > 1) {
-	ex(as, "multiple default values");
-	ret++;
-    }
-    return ret;
-}
-
-static int
-check_command(struct assignment *as)
-{
-	struct assignment *a;
-	int seen_name = 0;
-	int seen_function = 0;
-	int seen_help = 0;
-	int seen_argument = 0;
-	int seen_minargs = 0;
-	int seen_maxargs = 0;
-	int ret = 0;
-	for(a = as; a != NULL; a = a->next) {
-		if(strcmp(a->name, "name") == 0)
-			seen_name++;
-		else if(strcmp(a->name, "function") == 0) {
-			seen_function++;
-		} else if(strcmp(a->name, "option") == 0)
-			ret += check_option(a->u.assignment);
-		else if(strcmp(a->name, "help") == 0) {
-			seen_help++;
-		} else if(strcmp(a->name, "argument") == 0) {
-			seen_argument++;
-		} else if(strcmp(a->name, "min_args") == 0) {
-			seen_minargs++;
-		} else if(strcmp(a->name, "max_args") == 0) {
-			seen_maxargs++;
-		} else {
-			ex(a, "unknown name");
-			ret++;
-		}
-	}
-	if(seen_name == 0) {
-		ex(as, "no command name");
-		ret++;
-	}
-	if(seen_function > 1) {
-		ex(as, "multiple function names");
-		ret++;
-	}
-	if(seen_help > 1) {
-		ex(as, "multiple help strings");
-		ret++;
-	}
-	if(seen_argument > 1) {
-		ex(as, "multiple argument strings");
-		ret++;
-	}
-	if(seen_minargs > 1) {
-		ex(as, "multiple min_args strings");
-		ret++;
-	}
-	if(seen_maxargs > 1) {
-		ex(as, "multiple max_args strings");
-		ret++;
-	}
-	
-	return ret;
-}
-
-static int
-check(struct assignment *as)
-{
-    struct assignment *a;
-    int ret = 0;
-    for(a = as; a != NULL; a = a->next) {
-	if(strcmp(a->name, "command")) {
-	    fprintf(stderr, "unknown type %s line %d\n", a->name, a->lineno);
-	    ret++;
-	    continue;
-	}
-	if(a->type != a_assignment) {
-	    fprintf(stderr, "bad command definition %s line %d\n", a->name, a->lineno);
-	    ret++;
-	    continue;
-	}
-	ret += check_command(a->u.assignment);
-    }
-    return ret;
-}
-
-static struct assignment *
-find_next(struct assignment *as, const char *name)
-{
-    for(as = as->next; as != NULL; as = as->next) {
-	if(strcmp(as->name, name) == 0)
-	    return as;
-    }
-    return NULL;
-}
-
-static struct assignment *
-find(struct assignment *as, const char *name)
-{
-    for(; as != NULL; as = as->next) {
-	if(strcmp(as->name, name) == 0)
-	    return as;
-    }
-    return NULL;
-}
-
-static void
-space(FILE *f, int level)
-{
-    fprintf(f, "%*.*s", level * 4, level * 4, " ");
-}
-
-static void
-cprint(int level, const char *fmt, ...)
-{
-    va_list ap;
-    va_start(ap, fmt);
-    space(cfile, level);
-    vfprintf(cfile, fmt, ap);
-    va_end(ap);
-}
-
-static void
-hprint(int level, const char *fmt, ...)
-{
-    va_list ap;
-    va_start(ap, fmt);
-    space(hfile, level);
-    vfprintf(hfile, fmt, ap);
-    va_end(ap);
-}
-
-static void gen_name(char *str);
-
-static void
-gen_command(struct assignment *as)
-{
-    struct assignment *a, *b;
-    char *f;
-    a = find(as, "name");
-    f = strdup(a->u.value);
-    gen_name(f);
-    cprint(1, "    { ");
-    fprintf(cfile, "\"%s\", ", a->u.value);
-    fprintf(cfile, "%s_wrap, ", f);
-    b = find(as, "argument");
-    if(b)
-	fprintf(cfile, "\"%s %s\", ", a->u.value, b->u.value);
-    else
-	fprintf(cfile, "\"%s\", ", a->u.value);
-    b = find(as, "help");
-    if(b)
-	fprintf(cfile, "\"%s\"", b->u.value);
-    else
-	fprintf(cfile, "NULL");
-    fprintf(cfile, " },\n");
-    for(a = a->next; a != NULL; a = a->next)
-	if(strcmp(a->name, "name") == 0)
-	    cprint(1, "    { \"%s\" },\n", a->u.value);
-    cprint(0, "\n");
-}
-
-static void
-gen_name(char *str)
-{
-    char *p;
-    for(p = str; *p != '\0'; p++)
-	if(!isalnum((unsigned char)*p))
-	    *p = '_';
-}
-
-static char *
-make_name(struct assignment *as)
-{
-    struct assignment *lopt;
-    struct assignment *type;
-    char *s;
-
-    lopt = find(as, "long");
-    if(lopt == NULL)
-	lopt = find(as, "name");
-    if(lopt == NULL)
-	return NULL;
-    
-    type = find(as, "type");
-    if(strcmp(type->u.value, "-flag") == 0)
-	asprintf(&s, "%s_flag", lopt->u.value);
-    else
-	asprintf(&s, "%s_%s", lopt->u.value, type->u.value);
-    gen_name(s);
-    return s;
-}
-
-
-static void defval_int(const char *name, struct assignment *defval)
-{
-    if(defval != NULL)
-	cprint(1, "opt.%s = %s;\n", name, defval->u.value);
-    else
-	cprint(1, "opt.%s = 0;\n", name);
-}
-static void defval_string(const char *name, struct assignment *defval) 
-{
-    if(defval != NULL)
-	cprint(1, "opt.%s = \"%s\";\n", name, defval->u.value);
-    else
-	cprint(1, "opt.%s = NULL;\n", name);
-}
-static void defval_strings(const char *name, struct assignment *defval)
-{
-    cprint(1, "opt.%s.num_strings = 0;\n", name);
-    cprint(1, "opt.%s.strings = NULL;\n", name);
-}
-
-static void free_strings(const char *name)
-{
-    cprint(1, "free_getarg_strings (&opt.%s);\n", name);
-}
-
-struct type_handler {
-    const char *typename;
-    const char *c_type;
-    const char *getarg_type;
-    void (*defval)(const char*, struct assignment*);
-    void (*free)(const char*);
-} type_handlers[] = {
-	{ "integer",
-	  "int",
-	  "arg_integer",
-	  defval_int,
-	  NULL
-	},
-	{ "string",
-	  "char*",
-	  "arg_string",
-	  defval_string,
-	  NULL
-	},
-	{ "strings",
-	  "struct getarg_strings",
-	  "arg_strings",
-	  defval_strings,
-	  free_strings
-	},
-	{ "flag",
-	  "int",
-	  "arg_flag",
-	  defval_int,
-	  NULL
-	},
-	{ "-flag",
-	  "int",
-	  "arg_negative_flag",
-	  defval_int,
-	  NULL
-	},
-	{ NULL }
-};
-
-static struct type_handler *find_handler(struct assignment *type)
-{
-    struct type_handler *th;
-    for(th = type_handlers; th->typename != NULL; th++)
-	if(strcmp(type->u.value, th->typename) == 0)
-	    return th;
-    ex(type, "unknown type \"%s\"", type->u.value);
-    exit(1);
-}
-
-static void
-gen_options(struct assignment *opt1, const char *name)
-{
-    struct assignment *tmp;
-
-    hprint(0, "struct %s_options {\n", name);
-
-    for(tmp = opt1; 
-	tmp != NULL; 
-	tmp = find_next(tmp, "option")) {
-	struct assignment *type;
-	struct type_handler *th;
-	char *s;
-	
-	s = make_name(tmp->u.assignment);
-	type = find(tmp->u.assignment, "type");
-	th = find_handler(type);
-	hprint(1, "%s %s;\n", th->c_type, s);
-	free(s);
-    }
-    hprint(0, "};\n");
-}
-
-static void
-gen_wrapper(struct assignment *as)
-{
-    struct assignment *name;
-    struct assignment *arg;
-    struct assignment *opt1;
-    struct assignment *function;
-    struct assignment *tmp;
-    char *n, *f;
-    int nargs = 0;
-
-    name = find(as, "name");
-    n = strdup(name->u.value);
-    gen_name(n);
-    arg = find(as, "argument");
-    opt1 = find(as, "option");
-    function = find(as, "function");
-    if(function)
-	f = function->u.value;
-    else
-	f = n;
-    
-       
-    if(opt1 != NULL) {
-	gen_options(opt1, n);
-	hprint(0, "int %s(struct %s_options*, int, char **);\n", f, n);
-    } else {
-	hprint(0, "int %s(void*, int, char **);\n", f);
-    }
-
-    fprintf(cfile, "static int\n");
-    fprintf(cfile, "%s_wrap(int argc, char **argv)\n", n);
-    fprintf(cfile, "{\n");
-    if(opt1 != NULL)
-	cprint(1, "struct %s_options opt;\n", n);
-    cprint(1, "int ret;\n");
-    cprint(1, "int optidx = 0;\n");
-    cprint(1, "struct getargs args[] = {\n");
-    for(tmp = find(as, "option"); 
-	tmp != NULL; 
-	tmp = find_next(tmp, "option")) {
-	struct assignment *type = find(tmp->u.assignment, "type");
-	struct assignment *lopt = find(tmp->u.assignment, "long");
-	struct assignment *sopt = find(tmp->u.assignment, "short");
-	struct assignment *aarg = find(tmp->u.assignment, "argument");
-	struct assignment *help = find(tmp->u.assignment, "help");
-
-	struct type_handler *th;
-	
-	cprint(2, "{ ");
-	if(lopt)
-	    fprintf(cfile, "\"%s\", ", lopt->u.value);
-	else
-	    fprintf(cfile, "NULL, ");
-	if(sopt)
-	    fprintf(cfile, "'%c', ", *sopt->u.value);
-	else
-	    fprintf(cfile, "0, ");
-	th = find_handler(type);
-	fprintf(cfile, "%s, ", th->getarg_type);
-	fprintf(cfile, "NULL, ");
-	if(help)
-	    fprintf(cfile, "\"%s\", ", help->u.value);
-	else
-	    fprintf(cfile, "NULL, ");
-	if(aarg)
-	    fprintf(cfile, "\"%s\"", aarg->u.value);
-	else
-	    fprintf(cfile, "NULL");
-	fprintf(cfile, " },\n");
-    }
-    cprint(2, "{ \"help\", 'h', arg_flag, NULL, NULL, NULL }\n");
-    cprint(1, "};\n");
-    cprint(1, "int help_flag = 0;\n");
-
-    for(tmp = find(as, "option"); 
-	tmp != NULL; 
-	tmp = find_next(tmp, "option")) {
-	char *s;
-	struct assignment *type = find(tmp->u.assignment, "type");
-
-	struct assignment *defval = find(tmp->u.assignment, "default");
-
-	struct type_handler *th;
-	
-	s = make_name(tmp->u.assignment);
-	th = find_handler(type);
-	(*th->defval)(s, defval);
-	free(s);
-    }
-
-    for(tmp = find(as, "option"); 
-	tmp != NULL; 
-	tmp = find_next(tmp, "option")) {
-	char *s;
-	s = make_name(tmp->u.assignment);
-	cprint(1, "args[%d].value = &opt.%s;\n", nargs++, s);
-	free(s);
-    }
-    cprint(1, "args[%d].value = &help_flag;\n", nargs++);
-    cprint(1, "if(getarg(args, %d, argc, argv, &optidx))\n", nargs);
-    cprint(2, "goto usage;\n");
-
-    {
-	int min_args = -1;
-	int max_args = -1;
-	char *end;
-	if(arg == NULL) {
-	    max_args = 0;
-	} else {
-	    if((tmp = find(as, "min_args")) != NULL) {
-		min_args = strtol(tmp->u.value, &end, 0);
-		if(*end != '\0') {
-		    ex(tmp, "min_args is not numeric");
-		    exit(1);
-		}
-		if(min_args < 0) {
-		    ex(tmp, "min_args must be non-negative");
-		    exit(1);
-		}
-	    }
-	    if((tmp = find(as, "max_args")) != NULL) {
-		max_args = strtol(tmp->u.value, &end, 0);
-		if(*end != '\0') {
-		    ex(tmp, "max_args is not numeric");
-		    exit(1);
-		}
-		if(max_args < 0) {
-		    ex(tmp, "max_args must be non-negative");
-		    exit(1);
-		}
-	    }
-	}
-	if(min_args != -1 || max_args != -1) {
-	    if(min_args == max_args) {
-		cprint(1, "if(argc - optidx != %d) {\n", 
-		       min_args);
-		cprint(2, "fprintf(stderr, \"Need exactly %u parameters (%%u given).\\n\\n\", argc - optidx);\n", min_args);
-		cprint(2, "goto usage;\n");
-		cprint(1, "}\n");
-	    } else {
-		if(max_args != -1) {
-		    cprint(1, "if(argc - optidx > %d) {\n", max_args);
-		    cprint(2, "fprintf(stderr, \"Arguments given (%%u) are more than expected (%u).\\n\\n\", argc - optidx);\n", max_args);
-		    cprint(2, "goto usage;\n");
-		    cprint(1, "}\n");
-		}
-		if(min_args != -1) {
-		    cprint(1, "if(argc - optidx < %d) {\n", min_args);
-		    cprint(2, "fprintf(stderr, \"Arguments given (%%u) are less than expected (%u).\\n\\n\", argc - optidx);\n", min_args);
-		    cprint(2, "goto usage;\n");
-		    cprint(1, "}\n");
-		}
-	    }
-	}
-    }
-    
-    cprint(1, "if(help_flag)\n");
-    cprint(2, "goto usage;\n");
-
-    cprint(1, "ret = %s(%s, argc - optidx, argv + optidx);\n", 
-	   f, opt1 ? "&opt": "NULL");
-    
-    /* free allocated data */
-    for(tmp = find(as, "option"); 
-	tmp != NULL; 
-	tmp = find_next(tmp, "option")) {
-	char *s;
-	struct assignment *type = find(tmp->u.assignment, "type");
-	struct type_handler *th;
-	th = find_handler(type);
-	if(th->free == NULL)
-	    continue;
-	s = make_name(tmp->u.assignment);
-	(*th->free)(s);
-	free(s);
-    }
-    cprint(1, "return ret;\n");
-
-    cprint(0, "usage:\n");
-    cprint(1, "arg_printusage (args, %d, \"%s\", \"%s\");\n", nargs, 
-	   name->u.value, arg ? arg->u.value : "");
-    /* free allocated data */
-    for(tmp = find(as, "option"); 
-	tmp != NULL; 
-	tmp = find_next(tmp, "option")) {
-	char *s;
-	struct assignment *type = find(tmp->u.assignment, "type");
-	struct type_handler *th;
-	th = find_handler(type);
-	if(th->free == NULL)
-	    continue;
-	s = make_name(tmp->u.assignment);
-	(*th->free)(s);
-	free(s);
-    }
-    cprint(1, "return 0;\n");
-    cprint(0, "}\n");
-    cprint(0, "\n");
-}
-
-char cname[PATH_MAX];
-char hname[PATH_MAX];
-
-static void
-gen(struct assignment *as)
-{
-    struct assignment *a;
-    cprint(0, "#include <stdio.h>\n");
-    cprint(0, "#include <getarg.h>\n");
-    cprint(0, "#include <sl.h>\n");
-    cprint(0, "#include \"%s\"\n\n", hname);
-
-    hprint(0, "#include <stdio.h>\n");
-    hprint(0, "#include <sl.h>\n");
-    hprint(0, "\n");
-
-
-    for(a = as; a != NULL; a = a->next)
-	gen_wrapper(a->u.assignment);
-
-    cprint(0, "SL_cmd commands[] = {\n");
-    for(a = as; a != NULL; a = a->next)
-	gen_command(a->u.assignment);
-    cprint(1, "{ NULL }\n");
-    cprint(0, "};\n");
-
-    hprint(0, "extern SL_cmd commands[];\n");
-}
-
-int version_flag;
-int help_flag;
-struct getargs args[] = {
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 0, arg_flag, &help_flag }
-};
-int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(int code)
-{
-    arg_printusage(args, num_args, NULL, "command-table");
-    exit(code);
-}
-
-int
-main(int argc, char **argv)
-{
-    char *p;
-
-    int optidx = 0;
-
-    setprogname(argv[0]);
-    if(getarg(args, num_args, argc, argv, &optidx))
-	usage(1);
-    if(help_flag)
-	usage(0);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-    
-    if(argc == optidx)
-	usage(1);
-
-    filename = argv[optidx];
-    yyin = fopen(filename, "r");
-    if(yyin == NULL)
-	err(1, "%s", filename);
-    p = strrchr(filename, '/');
-    if(p)
-	strlcpy(cname, p + 1, sizeof(cname));
-    else
-	strlcpy(cname, filename, sizeof(cname));
-    p = strrchr(cname, '.');
-    if(p)
-	*p = '\0';
-    strlcpy(hname, cname, sizeof(hname));
-    strlcat(cname, ".c", sizeof(cname));
-    strlcat(hname, ".h", sizeof(hname));
-    yyparse();
-    if(error_flag)
-	exit(1);
-    if(check(assignment) == 0) {
-	cfile = fopen(cname, "w");
-	if(cfile == NULL)
-	  err(1, "%s", cname);
-	hfile = fopen(hname, "w");
-	if(hfile == NULL)
-	  err(1, "%s", hname);
-	gen(assignment);
-	fclose(cfile);
-	fclose(hfile);
-    }
-    fclose(yyin);
-    return 0;
-}
-
diff --git a/crypto/heimdal/lib/sl/slc-gram.h b/crypto/heimdal/lib/sl/slc-gram.h
deleted file mode 100644
index 1d50c2a66984..000000000000
--- a/crypto/heimdal/lib/sl/slc-gram.h
+++ /dev/null
@@ -1,69 +0,0 @@
-/* A Bison parser, made by GNU Bison 2.3.  */
-
-/* Skeleton interface for Bison's Yacc-like parsers in C
-
-   Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
-   Free Software Foundation, Inc.
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2, or (at your option)
-   any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 51 Franklin Street, Fifth Floor,
-   Boston, MA 02110-1301, USA.  */
-
-/* As a special exception, you may create a larger work that contains
-   part or all of the Bison parser skeleton and distribute that work
-   under terms of your choice, so long as that work isn't itself a
-   parser generator using the skeleton or a modified version thereof
-   as a parser skeleton.  Alternatively, if you modify or redistribute
-   the parser skeleton itself, you may (at your option) remove this
-   special exception, which will cause the skeleton and the resulting
-   Bison output files to be licensed under the GNU General Public
-   License without this special exception.
-
-   This special exception was added by the Free Software Foundation in
-   version 2.2 of Bison.  */
-
-/* Tokens.  */
-#ifndef YYTOKENTYPE
-# define YYTOKENTYPE
-   /* Put the tokens into the symbol table, so that GDB and other debuggers
-      know about them.  */
-   enum yytokentype {
-     LITERAL = 258,
-     STRING = 259
-   };
-#endif
-/* Tokens.  */
-#define LITERAL 258
-#define STRING 259
-
-
-
-
-#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
-typedef union YYSTYPE
-#line 54 "slc-gram.y"
-{
-	char *string;
-	struct assignment *assignment;
-}
-/* Line 1529 of yacc.c.  */
-#line 62 "slc-gram.h"
-	YYSTYPE;
-# define yystype YYSTYPE /* obsolescent; will be withdrawn */
-# define YYSTYPE_IS_DECLARED 1
-# define YYSTYPE_IS_TRIVIAL 1
-#endif
-
-extern YYSTYPE yylval;
-
diff --git a/crypto/heimdal/lib/sl/slc-gram.y b/crypto/heimdal/lib/sl/slc-gram.y
deleted file mode 100644
index 7d9fadcb55bd..000000000000
--- a/crypto/heimdal/lib/sl/slc-gram.y
+++ /dev/null
@@ -1,764 +0,0 @@
-%{
-/*
- * Copyright (c) 2004-2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: slc-gram.y 20767 2007-06-01 11:24:52Z lha $");
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <err.h>
-#include <ctype.h>
-#include <limits.h>
-#include <getarg.h>
-#include <vers.h>
-#include <roken.h>
-
-#include "slc.h"
-extern FILE *yyin;
-extern struct assignment *assignment;
-%}
-
-%union {
-	char *string;
-	struct assignment *assignment;
-}
-
-%token <string> LITERAL
-%token <string> STRING
-%type <assignment> assignment assignments
-
-%start start
-
-%%
-
-start		: assignments
-		{
-			assignment = $1;
-		}
-		;
-
-assignments	: assignment assignments
-		{
-			$1->next = $2;
-			$$ = $1;
-		}
-		| assignment
-		;
-
-assignment	: LITERAL '=' STRING
-		{
-			$$ = malloc(sizeof(*$$));
-			$$->name = $1;
-			$$->type = a_value;
-			$$->lineno = lineno;
-			$$->u.value = $3;
-			$$->next = NULL;
-		}
-		| LITERAL '=' '{' assignments '}'
-		{
-			$$ = malloc(sizeof(*$$));
-			$$->name = $1;
-			$$->type = a_assignment;
-			$$->lineno = lineno;
-			$$->u.assignment = $4;
-			$$->next = NULL;
-		}
-		;
-
-%%
-char *filename;
-FILE *cfile, *hfile;
-int error_flag;
-struct assignment *assignment;
-
-
-static void
-ex(struct assignment *a, const char *fmt, ...)
-{
-    va_list ap;
-    fprintf(stderr, "%s:%d: ", a->name, a->lineno);
-    va_start(ap, fmt);
-    vfprintf(stderr, fmt, ap);
-    va_end(ap);
-    fprintf(stderr, "\n");
-}
-
-
-
-static int
-check_option(struct assignment *as)
-{
-    struct assignment *a;
-    int seen_long = 0;
-    int seen_short = 0;
-    int seen_type = 0;
-    int seen_argument = 0;
-    int seen_help = 0;
-    int seen_default = 0;
-    int ret = 0;
-
-    for(a = as; a != NULL; a = a->next) {
-	if(strcmp(a->name, "long") == 0)
-	    seen_long++;
-	else if(strcmp(a->name, "short") == 0)
-	    seen_short++;
-	else if(strcmp(a->name, "type") == 0)
-	    seen_type++;
-	else if(strcmp(a->name, "argument") == 0)
-	    seen_argument++;
-	else if(strcmp(a->name, "help") == 0)
-	    seen_help++;
-	else if(strcmp(a->name, "default") == 0)
-	    seen_default++;
-	else {
-	    ex(a, "unknown name");
-	    ret++;
-	}
-    }
-    if(seen_long == 0 && seen_short == 0) {
-	ex(as, "neither long nor short option");
-	ret++;
-    }
-    if(seen_long > 1) {
-	ex(as, "multiple long options");
-	ret++;
-    }
-    if(seen_short > 1) {
-	ex(as, "multiple short options");
-	ret++;
-    }
-    if(seen_type > 1) {
-	ex(as, "multiple types");
-	ret++;
-    }
-    if(seen_argument > 1) {
-	ex(as, "multiple arguments");
-	ret++;
-    }
-    if(seen_help > 1) {
-	ex(as, "multiple help strings");
-	ret++;
-    }
-    if(seen_default > 1) {
-	ex(as, "multiple default values");
-	ret++;
-    }
-    return ret;
-}
-
-static int
-check_command(struct assignment *as)
-{
-	struct assignment *a;
-	int seen_name = 0;
-	int seen_function = 0;
-	int seen_help = 0;
-	int seen_argument = 0;
-	int seen_minargs = 0;
-	int seen_maxargs = 0;
-	int ret = 0;
-	for(a = as; a != NULL; a = a->next) {
-		if(strcmp(a->name, "name") == 0)
-			seen_name++;
-		else if(strcmp(a->name, "function") == 0) {
-			seen_function++;
-		} else if(strcmp(a->name, "option") == 0)
-			ret += check_option(a->u.assignment);
-		else if(strcmp(a->name, "help") == 0) {
-			seen_help++;
-		} else if(strcmp(a->name, "argument") == 0) {
-			seen_argument++;
-		} else if(strcmp(a->name, "min_args") == 0) {
-			seen_minargs++;
-		} else if(strcmp(a->name, "max_args") == 0) {
-			seen_maxargs++;
-		} else {
-			ex(a, "unknown name");
-			ret++;
-		}
-	}
-	if(seen_name == 0) {
-		ex(as, "no command name");
-		ret++;
-	}
-	if(seen_function > 1) {
-		ex(as, "multiple function names");
-		ret++;
-	}
-	if(seen_help > 1) {
-		ex(as, "multiple help strings");
-		ret++;
-	}
-	if(seen_argument > 1) {
-		ex(as, "multiple argument strings");
-		ret++;
-	}
-	if(seen_minargs > 1) {
-		ex(as, "multiple min_args strings");
-		ret++;
-	}
-	if(seen_maxargs > 1) {
-		ex(as, "multiple max_args strings");
-		ret++;
-	}
-	
-	return ret;
-}
-
-static int
-check(struct assignment *as)
-{
-    struct assignment *a;
-    int ret = 0;
-    for(a = as; a != NULL; a = a->next) {
-	if(strcmp(a->name, "command")) {
-	    fprintf(stderr, "unknown type %s line %d\n", a->name, a->lineno);
-	    ret++;
-	    continue;
-	}
-	if(a->type != a_assignment) {
-	    fprintf(stderr, "bad command definition %s line %d\n", a->name, a->lineno);
-	    ret++;
-	    continue;
-	}
-	ret += check_command(a->u.assignment);
-    }
-    return ret;
-}
-
-static struct assignment *
-find_next(struct assignment *as, const char *name)
-{
-    for(as = as->next; as != NULL; as = as->next) {
-	if(strcmp(as->name, name) == 0)
-	    return as;
-    }
-    return NULL;
-}
-
-static struct assignment *
-find(struct assignment *as, const char *name)
-{
-    for(; as != NULL; as = as->next) {
-	if(strcmp(as->name, name) == 0)
-	    return as;
-    }
-    return NULL;
-}
-
-static void
-space(FILE *f, int level)
-{
-    fprintf(f, "%*.*s", level * 4, level * 4, " ");
-}
-
-static void
-cprint(int level, const char *fmt, ...)
-{
-    va_list ap;
-    va_start(ap, fmt);
-    space(cfile, level);
-    vfprintf(cfile, fmt, ap);
-    va_end(ap);
-}
-
-static void
-hprint(int level, const char *fmt, ...)
-{
-    va_list ap;
-    va_start(ap, fmt);
-    space(hfile, level);
-    vfprintf(hfile, fmt, ap);
-    va_end(ap);
-}
-
-static void gen_name(char *str);
-
-static void
-gen_command(struct assignment *as)
-{
-    struct assignment *a, *b;
-    char *f;
-    a = find(as, "name");
-    f = strdup(a->u.value);
-    gen_name(f);
-    cprint(1, "    { ");
-    fprintf(cfile, "\"%s\", ", a->u.value);
-    fprintf(cfile, "%s_wrap, ", f);
-    b = find(as, "argument");
-    if(b)
-	fprintf(cfile, "\"%s %s\", ", a->u.value, b->u.value);
-    else
-	fprintf(cfile, "\"%s\", ", a->u.value);
-    b = find(as, "help");
-    if(b)
-	fprintf(cfile, "\"%s\"", b->u.value);
-    else
-	fprintf(cfile, "NULL");
-    fprintf(cfile, " },\n");
-    for(a = a->next; a != NULL; a = a->next)
-	if(strcmp(a->name, "name") == 0)
-	    cprint(1, "    { \"%s\" },\n", a->u.value);
-    cprint(0, "\n");
-}
-
-static void
-gen_name(char *str)
-{
-    char *p;
-    for(p = str; *p != '\0'; p++)
-	if(!isalnum((unsigned char)*p))
-	    *p = '_';
-}
-
-static char *
-make_name(struct assignment *as)
-{
-    struct assignment *lopt;
-    struct assignment *type;
-    char *s;
-
-    lopt = find(as, "long");
-    if(lopt == NULL)
-	lopt = find(as, "name");
-    if(lopt == NULL)
-	return NULL;
-    
-    type = find(as, "type");
-    if(strcmp(type->u.value, "-flag") == 0)
-	asprintf(&s, "%s_flag", lopt->u.value);
-    else
-	asprintf(&s, "%s_%s", lopt->u.value, type->u.value);
-    gen_name(s);
-    return s;
-}
-
-
-static void defval_int(const char *name, struct assignment *defval)
-{
-    if(defval != NULL)
-	cprint(1, "opt.%s = %s;\n", name, defval->u.value);
-    else
-	cprint(1, "opt.%s = 0;\n", name);
-}
-static void defval_string(const char *name, struct assignment *defval) 
-{
-    if(defval != NULL)
-	cprint(1, "opt.%s = \"%s\";\n", name, defval->u.value);
-    else
-	cprint(1, "opt.%s = NULL;\n", name);
-}
-static void defval_strings(const char *name, struct assignment *defval)
-{
-    cprint(1, "opt.%s.num_strings = 0;\n", name);
-    cprint(1, "opt.%s.strings = NULL;\n", name);
-}
-
-static void free_strings(const char *name)
-{
-    cprint(1, "free_getarg_strings (&opt.%s);\n", name);
-}
-
-struct type_handler {
-    const char *typename;
-    const char *c_type;
-    const char *getarg_type;
-    void (*defval)(const char*, struct assignment*);
-    void (*free)(const char*);
-} type_handlers[] = {
-	{ "integer",
-	  "int",
-	  "arg_integer",
-	  defval_int,
-	  NULL
-	},
-	{ "string",
-	  "char*",
-	  "arg_string",
-	  defval_string,
-	  NULL
-	},
-	{ "strings",
-	  "struct getarg_strings",
-	  "arg_strings",
-	  defval_strings,
-	  free_strings
-	},
-	{ "flag",
-	  "int",
-	  "arg_flag",
-	  defval_int,
-	  NULL
-	},
-	{ "-flag",
-	  "int",
-	  "arg_negative_flag",
-	  defval_int,
-	  NULL
-	},
-	{ NULL }
-};
-
-static struct type_handler *find_handler(struct assignment *type)
-{
-    struct type_handler *th;
-    for(th = type_handlers; th->typename != NULL; th++)
-	if(strcmp(type->u.value, th->typename) == 0)
-	    return th;
-    ex(type, "unknown type \"%s\"", type->u.value);
-    exit(1);
-}
-
-static void
-gen_options(struct assignment *opt1, const char *name)
-{
-    struct assignment *tmp;
-
-    hprint(0, "struct %s_options {\n", name);
-
-    for(tmp = opt1; 
-	tmp != NULL; 
-	tmp = find_next(tmp, "option")) {
-	struct assignment *type;
-	struct type_handler *th;
-	char *s;
-	
-	s = make_name(tmp->u.assignment);
-	type = find(tmp->u.assignment, "type");
-	th = find_handler(type);
-	hprint(1, "%s %s;\n", th->c_type, s);
-	free(s);
-    }
-    hprint(0, "};\n");
-}
-
-static void
-gen_wrapper(struct assignment *as)
-{
-    struct assignment *name;
-    struct assignment *arg;
-    struct assignment *opt1;
-    struct assignment *function;
-    struct assignment *tmp;
-    char *n, *f;
-    int nargs = 0;
-
-    name = find(as, "name");
-    n = strdup(name->u.value);
-    gen_name(n);
-    arg = find(as, "argument");
-    opt1 = find(as, "option");
-    function = find(as, "function");
-    if(function)
-	f = function->u.value;
-    else
-	f = n;
-    
-       
-    if(opt1 != NULL) {
-	gen_options(opt1, n);
-	hprint(0, "int %s(struct %s_options*, int, char **);\n", f, n);
-    } else {
-	hprint(0, "int %s(void*, int, char **);\n", f);
-    }
-
-    fprintf(cfile, "static int\n");
-    fprintf(cfile, "%s_wrap(int argc, char **argv)\n", n);
-    fprintf(cfile, "{\n");
-    if(opt1 != NULL)
-	cprint(1, "struct %s_options opt;\n", n);
-    cprint(1, "int ret;\n");
-    cprint(1, "int optidx = 0;\n");
-    cprint(1, "struct getargs args[] = {\n");
-    for(tmp = find(as, "option"); 
-	tmp != NULL; 
-	tmp = find_next(tmp, "option")) {
-	struct assignment *type = find(tmp->u.assignment, "type");
-	struct assignment *lopt = find(tmp->u.assignment, "long");
-	struct assignment *sopt = find(tmp->u.assignment, "short");
-	struct assignment *aarg = find(tmp->u.assignment, "argument");
-	struct assignment *help = find(tmp->u.assignment, "help");
-
-	struct type_handler *th;
-	
-	cprint(2, "{ ");
-	if(lopt)
-	    fprintf(cfile, "\"%s\", ", lopt->u.value);
-	else
-	    fprintf(cfile, "NULL, ");
-	if(sopt)
-	    fprintf(cfile, "'%c', ", *sopt->u.value);
-	else
-	    fprintf(cfile, "0, ");
-	th = find_handler(type);
-	fprintf(cfile, "%s, ", th->getarg_type);
-	fprintf(cfile, "NULL, ");
-	if(help)
-	    fprintf(cfile, "\"%s\", ", help->u.value);
-	else
-	    fprintf(cfile, "NULL, ");
-	if(aarg)
-	    fprintf(cfile, "\"%s\"", aarg->u.value);
-	else
-	    fprintf(cfile, "NULL");
-	fprintf(cfile, " },\n");
-    }
-    cprint(2, "{ \"help\", 'h', arg_flag, NULL, NULL, NULL }\n");
-    cprint(1, "};\n");
-    cprint(1, "int help_flag = 0;\n");
-
-    for(tmp = find(as, "option"); 
-	tmp != NULL; 
-	tmp = find_next(tmp, "option")) {
-	char *s;
-	struct assignment *type = find(tmp->u.assignment, "type");
-
-	struct assignment *defval = find(tmp->u.assignment, "default");
-
-	struct type_handler *th;
-	
-	s = make_name(tmp->u.assignment);
-	th = find_handler(type);
-	(*th->defval)(s, defval);
-	free(s);
-    }
-
-    for(tmp = find(as, "option"); 
-	tmp != NULL; 
-	tmp = find_next(tmp, "option")) {
-	char *s;
-	s = make_name(tmp->u.assignment);
-	cprint(1, "args[%d].value = &opt.%s;\n", nargs++, s);
-	free(s);
-    }
-    cprint(1, "args[%d].value = &help_flag;\n", nargs++);
-    cprint(1, "if(getarg(args, %d, argc, argv, &optidx))\n", nargs);
-    cprint(2, "goto usage;\n");
-
-    {
-	int min_args = -1;
-	int max_args = -1;
-	char *end;
-	if(arg == NULL) {
-	    max_args = 0;
-	} else {
-	    if((tmp = find(as, "min_args")) != NULL) {
-		min_args = strtol(tmp->u.value, &end, 0);
-		if(*end != '\0') {
-		    ex(tmp, "min_args is not numeric");
-		    exit(1);
-		}
-		if(min_args < 0) {
-		    ex(tmp, "min_args must be non-negative");
-		    exit(1);
-		}
-	    }
-	    if((tmp = find(as, "max_args")) != NULL) {
-		max_args = strtol(tmp->u.value, &end, 0);
-		if(*end != '\0') {
-		    ex(tmp, "max_args is not numeric");
-		    exit(1);
-		}
-		if(max_args < 0) {
-		    ex(tmp, "max_args must be non-negative");
-		    exit(1);
-		}
-	    }
-	}
-	if(min_args != -1 || max_args != -1) {
-	    if(min_args == max_args) {
-		cprint(1, "if(argc - optidx != %d) {\n", 
-		       min_args);
-		cprint(2, "fprintf(stderr, \"Need exactly %u parameters (%%u given).\\n\\n\", argc - optidx);\n", min_args);
-		cprint(2, "goto usage;\n");
-		cprint(1, "}\n");
-	    } else {
-		if(max_args != -1) {
-		    cprint(1, "if(argc - optidx > %d) {\n", max_args);
-		    cprint(2, "fprintf(stderr, \"Arguments given (%%u) are more than expected (%u).\\n\\n\", argc - optidx);\n", max_args);
-		    cprint(2, "goto usage;\n");
-		    cprint(1, "}\n");
-		}
-		if(min_args != -1) {
-		    cprint(1, "if(argc - optidx < %d) {\n", min_args);
-		    cprint(2, "fprintf(stderr, \"Arguments given (%%u) are less than expected (%u).\\n\\n\", argc - optidx);\n", min_args);
-		    cprint(2, "goto usage;\n");
-		    cprint(1, "}\n");
-		}
-	    }
-	}
-    }
-    
-    cprint(1, "if(help_flag)\n");
-    cprint(2, "goto usage;\n");
-
-    cprint(1, "ret = %s(%s, argc - optidx, argv + optidx);\n", 
-	   f, opt1 ? "&opt": "NULL");
-    
-    /* free allocated data */
-    for(tmp = find(as, "option"); 
-	tmp != NULL; 
-	tmp = find_next(tmp, "option")) {
-	char *s;
-	struct assignment *type = find(tmp->u.assignment, "type");
-	struct type_handler *th;
-	th = find_handler(type);
-	if(th->free == NULL)
-	    continue;
-	s = make_name(tmp->u.assignment);
-	(*th->free)(s);
-	free(s);
-    }
-    cprint(1, "return ret;\n");
-
-    cprint(0, "usage:\n");
-    cprint(1, "arg_printusage (args, %d, \"%s\", \"%s\");\n", nargs, 
-	   name->u.value, arg ? arg->u.value : "");
-    /* free allocated data */
-    for(tmp = find(as, "option"); 
-	tmp != NULL; 
-	tmp = find_next(tmp, "option")) {
-	char *s;
-	struct assignment *type = find(tmp->u.assignment, "type");
-	struct type_handler *th;
-	th = find_handler(type);
-	if(th->free == NULL)
-	    continue;
-	s = make_name(tmp->u.assignment);
-	(*th->free)(s);
-	free(s);
-    }
-    cprint(1, "return 0;\n");
-    cprint(0, "}\n");
-    cprint(0, "\n");
-}
-
-char cname[PATH_MAX];
-char hname[PATH_MAX];
-
-static void
-gen(struct assignment *as)
-{
-    struct assignment *a;
-    cprint(0, "#include <stdio.h>\n");
-    cprint(0, "#include <getarg.h>\n");
-    cprint(0, "#include <sl.h>\n");
-    cprint(0, "#include \"%s\"\n\n", hname);
-
-    hprint(0, "#include <stdio.h>\n");
-    hprint(0, "#include <sl.h>\n");
-    hprint(0, "\n");
-
-
-    for(a = as; a != NULL; a = a->next)
-	gen_wrapper(a->u.assignment);
-
-    cprint(0, "SL_cmd commands[] = {\n");
-    for(a = as; a != NULL; a = a->next)
-	gen_command(a->u.assignment);
-    cprint(1, "{ NULL }\n");
-    cprint(0, "};\n");
-
-    hprint(0, "extern SL_cmd commands[];\n");
-}
-
-int version_flag;
-int help_flag;
-struct getargs args[] = {
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 0, arg_flag, &help_flag }
-};
-int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(int code)
-{
-    arg_printusage(args, num_args, NULL, "command-table");
-    exit(code);
-}
-
-int
-main(int argc, char **argv)
-{
-    char *p;
-
-    int optidx = 0;
-
-    setprogname(argv[0]);
-    if(getarg(args, num_args, argc, argv, &optidx))
-	usage(1);
-    if(help_flag)
-	usage(0);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-    
-    if(argc == optidx)
-	usage(1);
-
-    filename = argv[optidx];
-    yyin = fopen(filename, "r");
-    if(yyin == NULL)
-	err(1, "%s", filename);
-    p = strrchr(filename, '/');
-    if(p)
-	strlcpy(cname, p + 1, sizeof(cname));
-    else
-	strlcpy(cname, filename, sizeof(cname));
-    p = strrchr(cname, '.');
-    if(p)
-	*p = '\0';
-    strlcpy(hname, cname, sizeof(hname));
-    strlcat(cname, ".c", sizeof(cname));
-    strlcat(hname, ".h", sizeof(hname));
-    yyparse();
-    if(error_flag)
-	exit(1);
-    if(check(assignment) == 0) {
-	cfile = fopen(cname, "w");
-	if(cfile == NULL)
-	  err(1, "%s", cname);
-	hfile = fopen(hname, "w");
-	if(hfile == NULL)
-	  err(1, "%s", hname);
-	gen(assignment);
-	fclose(cfile);
-	fclose(hfile);
-    }
-    fclose(yyin);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/sl/slc-lex.c b/crypto/heimdal/lib/sl/slc-lex.c
deleted file mode 100644
index d89b39c1f03b..000000000000
--- a/crypto/heimdal/lib/sl/slc-lex.c
+++ /dev/null
@@ -1,1877 +0,0 @@
-
-#line 3 "slc-lex.c"
-
-#define  YY_INT_ALIGNED short int
-
-/* A lexical scanner generated by flex */
-
-#define FLEX_SCANNER
-#define YY_FLEX_MAJOR_VERSION 2
-#define YY_FLEX_MINOR_VERSION 5
-#define YY_FLEX_SUBMINOR_VERSION 33
-#if YY_FLEX_SUBMINOR_VERSION > 0
-#define FLEX_BETA
-#endif
-
-/* First, we deal with  platform-specific or compiler-specific issues. */
-
-/* begin standard C headers. */
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-#include <stdlib.h>
-
-/* end standard C headers. */
-
-/* flex integer type definitions */
-
-#ifndef FLEXINT_H
-#define FLEXINT_H
-
-/* C99 systems have <inttypes.h>. Non-C99 systems may or may not. */
-
-#if __STDC_VERSION__ >= 199901L
-
-/* C99 says to define __STDC_LIMIT_MACROS before including stdint.h,
- * if you want the limit (max/min) macros for int types. 
- */
-#ifndef __STDC_LIMIT_MACROS
-#define __STDC_LIMIT_MACROS 1
-#endif
-
-#include <inttypes.h>
-typedef int8_t flex_int8_t;
-typedef uint8_t flex_uint8_t;
-typedef int16_t flex_int16_t;
-typedef uint16_t flex_uint16_t;
-typedef int32_t flex_int32_t;
-typedef uint32_t flex_uint32_t;
-#else
-typedef signed char flex_int8_t;
-typedef short int flex_int16_t;
-typedef int flex_int32_t;
-typedef unsigned char flex_uint8_t; 
-typedef unsigned short int flex_uint16_t;
-typedef unsigned int flex_uint32_t;
-#endif /* ! C99 */
-
-/* Limits of integral types. */
-#ifndef INT8_MIN
-#define INT8_MIN               (-128)
-#endif
-#ifndef INT16_MIN
-#define INT16_MIN              (-32767-1)
-#endif
-#ifndef INT32_MIN
-#define INT32_MIN              (-2147483647-1)
-#endif
-#ifndef INT8_MAX
-#define INT8_MAX               (127)
-#endif
-#ifndef INT16_MAX
-#define INT16_MAX              (32767)
-#endif
-#ifndef INT32_MAX
-#define INT32_MAX              (2147483647)
-#endif
-#ifndef UINT8_MAX
-#define UINT8_MAX              (255U)
-#endif
-#ifndef UINT16_MAX
-#define UINT16_MAX             (65535U)
-#endif
-#ifndef UINT32_MAX
-#define UINT32_MAX             (4294967295U)
-#endif
-
-#endif /* ! FLEXINT_H */
-
-#ifdef __cplusplus
-
-/* The "const" storage-class-modifier is valid. */
-#define YY_USE_CONST
-
-#else	/* ! __cplusplus */
-
-#if __STDC__
-
-#define YY_USE_CONST
-
-#endif	/* __STDC__ */
-#endif	/* ! __cplusplus */
-
-#ifdef YY_USE_CONST
-#define yyconst const
-#else
-#define yyconst
-#endif
-
-/* Returned upon end-of-file. */
-#define YY_NULL 0
-
-/* Promotes a possibly negative, possibly signed char to an unsigned
- * integer for use as an array index.  If the signed char is negative,
- * we want to instead treat it as an 8-bit unsigned char, hence the
- * double cast.
- */
-#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c)
-
-/* Enter a start condition.  This macro really ought to take a parameter,
- * but we do it the disgusting crufty way forced on us by the ()-less
- * definition of BEGIN.
- */
-#define BEGIN (yy_start) = 1 + 2 *
-
-/* Translate the current start state into a value that can be later handed
- * to BEGIN to return to the state.  The YYSTATE alias is for lex
- * compatibility.
- */
-#define YY_START (((yy_start) - 1) / 2)
-#define YYSTATE YY_START
-
-/* Action number for EOF rule of a given start state. */
-#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1)
-
-/* Special action meaning "start processing a new file". */
-#define YY_NEW_FILE yyrestart(yyin  )
-
-#define YY_END_OF_BUFFER_CHAR 0
-
-/* Size of default input buffer. */
-#ifndef YY_BUF_SIZE
-#define YY_BUF_SIZE 16384
-#endif
-
-/* The state buf must be large enough to hold one state per character in the main buffer.
- */
-#define YY_STATE_BUF_SIZE   ((YY_BUF_SIZE + 2) * sizeof(yy_state_type))
-
-#ifndef YY_TYPEDEF_YY_BUFFER_STATE
-#define YY_TYPEDEF_YY_BUFFER_STATE
-typedef struct yy_buffer_state *YY_BUFFER_STATE;
-#endif
-
-extern int yyleng;
-
-extern FILE *yyin, *yyout;
-
-#define EOB_ACT_CONTINUE_SCAN 0
-#define EOB_ACT_END_OF_FILE 1
-#define EOB_ACT_LAST_MATCH 2
-
-    #define YY_LESS_LINENO(n)
-    
-/* Return all but the first "n" matched characters back to the input stream. */
-#define yyless(n) \
-	do \
-		{ \
-		/* Undo effects of setting up yytext. */ \
-        int yyless_macro_arg = (n); \
-        YY_LESS_LINENO(yyless_macro_arg);\
-		*yy_cp = (yy_hold_char); \
-		YY_RESTORE_YY_MORE_OFFSET \
-		(yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \
-		YY_DO_BEFORE_ACTION; /* set up yytext again */ \
-		} \
-	while ( 0 )
-
-#define unput(c) yyunput( c, (yytext_ptr)  )
-
-/* The following is because we cannot portably get our hands on size_t
- * (without autoconf's help, which isn't available because we want
- * flex-generated scanners to compile on their own).
- */
-
-#ifndef YY_TYPEDEF_YY_SIZE_T
-#define YY_TYPEDEF_YY_SIZE_T
-typedef unsigned int yy_size_t;
-#endif
-
-#ifndef YY_STRUCT_YY_BUFFER_STATE
-#define YY_STRUCT_YY_BUFFER_STATE
-struct yy_buffer_state
-	{
-	FILE *yy_input_file;
-
-	char *yy_ch_buf;		/* input buffer */
-	char *yy_buf_pos;		/* current position in input buffer */
-
-	/* Size of input buffer in bytes, not including room for EOB
-	 * characters.
-	 */
-	yy_size_t yy_buf_size;
-
-	/* Number of characters read into yy_ch_buf, not including EOB
-	 * characters.
-	 */
-	int yy_n_chars;
-
-	/* Whether we "own" the buffer - i.e., we know we created it,
-	 * and can realloc() it to grow it, and should free() it to
-	 * delete it.
-	 */
-	int yy_is_our_buffer;
-
-	/* Whether this is an "interactive" input source; if so, and
-	 * if we're using stdio for input, then we want to use getc()
-	 * instead of fread(), to make sure we stop fetching input after
-	 * each newline.
-	 */
-	int yy_is_interactive;
-
-	/* Whether we're considered to be at the beginning of a line.
-	 * If so, '^' rules will be active on the next match, otherwise
-	 * not.
-	 */
-	int yy_at_bol;
-
-    int yy_bs_lineno; /**< The line count. */
-    int yy_bs_column; /**< The column count. */
-    
-	/* Whether to try to fill the input buffer when we reach the
-	 * end of it.
-	 */
-	int yy_fill_buffer;
-
-	int yy_buffer_status;
-
-#define YY_BUFFER_NEW 0
-#define YY_BUFFER_NORMAL 1
-	/* When an EOF's been seen but there's still some text to process
-	 * then we mark the buffer as YY_EOF_PENDING, to indicate that we
-	 * shouldn't try reading from the input source any more.  We might
-	 * still have a bunch of tokens to match, though, because of
-	 * possible backing-up.
-	 *
-	 * When we actually see the EOF, we change the status to "new"
-	 * (via yyrestart()), so that the user can continue scanning by
-	 * just pointing yyin at a new input file.
-	 */
-#define YY_BUFFER_EOF_PENDING 2
-
-	};
-#endif /* !YY_STRUCT_YY_BUFFER_STATE */
-
-/* Stack of input buffers. */
-static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */
-static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */
-static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */
-
-/* We provide macros for accessing buffer states in case in the
- * future we want to put the buffer states in a more general
- * "scanner state".
- *
- * Returns the top of the stack, or NULL.
- */
-#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \
-                          ? (yy_buffer_stack)[(yy_buffer_stack_top)] \
-                          : NULL)
-
-/* Same as previous macro, but useful when we know that the buffer stack is not
- * NULL or when we need an lvalue. For internal use only.
- */
-#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)]
-
-/* yy_hold_char holds the character lost when yytext is formed. */
-static char yy_hold_char;
-static int yy_n_chars;		/* number of characters read into yy_ch_buf */
-int yyleng;
-
-/* Points to current character in buffer. */
-static char *yy_c_buf_p = (char *) 0;
-static int yy_init = 0;		/* whether we need to initialize */
-static int yy_start = 0;	/* start state number */
-
-/* Flag which is used to allow yywrap()'s to do buffer switches
- * instead of setting up a fresh yyin.  A bit of a hack ...
- */
-static int yy_did_buffer_switch_on_eof;
-
-void yyrestart (FILE *input_file  );
-void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer  );
-YY_BUFFER_STATE yy_create_buffer (FILE *file,int size  );
-void yy_delete_buffer (YY_BUFFER_STATE b  );
-void yy_flush_buffer (YY_BUFFER_STATE b  );
-void yypush_buffer_state (YY_BUFFER_STATE new_buffer  );
-void yypop_buffer_state (void );
-
-static void yyensure_buffer_stack (void );
-static void yy_load_buffer_state (void );
-static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file  );
-
-#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER )
-
-YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size  );
-YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str  );
-YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len  );
-
-void *yyalloc (yy_size_t  );
-void *yyrealloc (void *,yy_size_t  );
-void yyfree (void *  );
-
-#define yy_new_buffer yy_create_buffer
-
-#define yy_set_interactive(is_interactive) \
-	{ \
-	if ( ! YY_CURRENT_BUFFER ){ \
-        yyensure_buffer_stack (); \
-		YY_CURRENT_BUFFER_LVALUE =    \
-            yy_create_buffer(yyin,YY_BUF_SIZE ); \
-	} \
-	YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \
-	}
-
-#define yy_set_bol(at_bol) \
-	{ \
-	if ( ! YY_CURRENT_BUFFER ){\
-        yyensure_buffer_stack (); \
-		YY_CURRENT_BUFFER_LVALUE =    \
-            yy_create_buffer(yyin,YY_BUF_SIZE ); \
-	} \
-	YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \
-	}
-
-#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol)
-
-/* Begin user sect3 */
-
-typedef unsigned char YY_CHAR;
-
-FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0;
-
-typedef int yy_state_type;
-
-extern int yylineno;
-
-int yylineno = 1;
-
-extern char *yytext;
-#define yytext_ptr yytext
-
-static yy_state_type yy_get_previous_state (void );
-static yy_state_type yy_try_NUL_trans (yy_state_type current_state  );
-static int yy_get_next_buffer (void );
-static void yy_fatal_error (yyconst char msg[]  );
-
-/* Done after the current pattern has been matched and before the
- * corresponding action - sets up yytext.
- */
-#define YY_DO_BEFORE_ACTION \
-	(yytext_ptr) = yy_bp; \
-	yyleng = (size_t) (yy_cp - yy_bp); \
-	(yy_hold_char) = *yy_cp; \
-	*yy_cp = '\0'; \
-	(yy_c_buf_p) = yy_cp;
-
-#define YY_NUM_RULES 7
-#define YY_END_OF_BUFFER 8
-/* This struct is not used in this scanner,
-   but its presence is necessary. */
-struct yy_trans_info
-	{
-	flex_int32_t yy_verify;
-	flex_int32_t yy_nxt;
-	};
-static yyconst flex_int16_t yy_accept[14] =
-    {   0,
-        0,    0,    8,    7,    6,    3,    2,    7,    5,    1,
-        4,    1,    0
-    } ;
-
-static yyconst flex_int32_t yy_ec[256] =
-    {   0,
-        1,    1,    1,    1,    1,    1,    1,    1,    2,    3,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    2,    1,    4,    1,    1,    1,    1,    1,    1,
-        1,    5,    1,    1,    6,    1,    7,    6,    6,    6,
-        6,    6,    6,    6,    6,    6,    6,    1,    1,    1,
-        8,    1,    1,    1,    9,    9,    9,    9,    9,    9,
-        9,    9,    9,    9,    9,    9,    9,    9,    9,    9,
-        9,    9,    9,    9,    9,    9,    9,    9,    9,    9,
-        1,    1,    1,    1,    6,    1,    9,    9,    9,    9,
-
-        9,    9,    9,    9,    9,    9,    9,    9,    9,    9,
-        9,    9,    9,    9,    9,    9,    9,    9,    9,    9,
-        9,    9,    8,    1,    8,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1
-    } ;
-
-static yyconst flex_int32_t yy_meta[10] =
-    {   0,
-        1,    1,    1,    1,    1,    2,    1,    1,    2
-    } ;
-
-static yyconst flex_int16_t yy_base[15] =
-    {   0,
-        0,    0,   12,   13,   13,   13,   13,    6,   13,    0,
-       13,    0,   13,    8
-    } ;
-
-static yyconst flex_int16_t yy_def[15] =
-    {   0,
-       13,    1,   13,   13,   13,   13,   13,   13,   13,   14,
-       13,   14,    0,   13
-    } ;
-
-static yyconst flex_int16_t yy_nxt[23] =
-    {   0,
-        4,    5,    6,    7,    4,    4,    8,    9,   10,   12,
-       11,   13,    3,   13,   13,   13,   13,   13,   13,   13,
-       13,   13
-    } ;
-
-static yyconst flex_int16_t yy_chk[23] =
-    {   0,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,   14,
-        8,    3,   13,   13,   13,   13,   13,   13,   13,   13,
-       13,   13
-    } ;
-
-static yy_state_type yy_last_accepting_state;
-static char *yy_last_accepting_cpos;
-
-extern int yy_flex_debug;
-int yy_flex_debug = 0;
-
-/* The intent behind this definition is that it'll catch
- * any uses of REJECT which flex missed.
- */
-#define REJECT reject_used_but_not_detected
-#define yymore() yymore_used_but_not_detected
-#define YY_MORE_ADJ 0
-#define YY_RESTORE_YY_MORE_OFFSET
-char *yytext;
-#line 1 "slc-lex.l"
-#line 2 "slc-lex.l"
-/*
- * Copyright (c) 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: slc-lex.l 15118 2005-05-10 22:19:01Z lha $ */
-
-#undef ECHO
-
-#include <stdio.h>
-#include <string.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include "slc.h"
-#include "slc-gram.h"
-unsigned lineno = 1;
-
-static void handle_comment(void);
-static char * handle_string(void);
-
-#define YY_NO_UNPUT
-
-#undef ECHO
-
-#line 513 "slc-lex.c"
-
-#define INITIAL 0
-
-#ifndef YY_NO_UNISTD_H
-/* Special case for "unistd.h", since it is non-ANSI. We include it way
- * down here because we want the user's section 1 to have been scanned first.
- * The user has a chance to override it with an option.
- */
-#include <unistd.h>
-#endif
-
-#ifndef YY_EXTRA_TYPE
-#define YY_EXTRA_TYPE void *
-#endif
-
-static int yy_init_globals (void );
-
-/* Macros after this point can all be overridden by user definitions in
- * section 1.
- */
-
-#ifndef YY_SKIP_YYWRAP
-#ifdef __cplusplus
-extern "C" int yywrap (void );
-#else
-extern int yywrap (void );
-#endif
-#endif
-
-    static void yyunput (int c,char *buf_ptr  );
-    
-#ifndef yytext_ptr
-static void yy_flex_strncpy (char *,yyconst char *,int );
-#endif
-
-#ifdef YY_NEED_STRLEN
-static int yy_flex_strlen (yyconst char * );
-#endif
-
-#ifndef YY_NO_INPUT
-
-#ifdef __cplusplus
-static int yyinput (void );
-#else
-static int input (void );
-#endif
-
-#endif
-
-/* Amount of stuff to slurp up with each read. */
-#ifndef YY_READ_BUF_SIZE
-#define YY_READ_BUF_SIZE 8192
-#endif
-
-/* Copy whatever the last rule matched to the standard output. */
-#ifndef ECHO
-/* This used to be an fputs(), but since the string might contain NUL's,
- * we now use fwrite().
- */
-#define ECHO (void) fwrite( yytext, yyleng, 1, yyout )
-#endif
-
-/* Gets input and stuffs it into "buf".  number of characters read, or YY_NULL,
- * is returned in "result".
- */
-#ifndef YY_INPUT
-#define YY_INPUT(buf,result,max_size) \
-	if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \
-		{ \
-		int c = '*'; \
-		size_t n; \
-		for ( n = 0; n < max_size && \
-			     (c = getc( yyin )) != EOF && c != '\n'; ++n ) \
-			buf[n] = (char) c; \
-		if ( c == '\n' ) \
-			buf[n++] = (char) c; \
-		if ( c == EOF && ferror( yyin ) ) \
-			YY_FATAL_ERROR( "input in flex scanner failed" ); \
-		result = n; \
-		} \
-	else \
-		{ \
-		errno=0; \
-		while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \
-			{ \
-			if( errno != EINTR) \
-				{ \
-				YY_FATAL_ERROR( "input in flex scanner failed" ); \
-				break; \
-				} \
-			errno=0; \
-			clearerr(yyin); \
-			} \
-		}\
-\
-
-#endif
-
-/* No semi-colon after return; correct usage is to write "yyterminate();" -
- * we don't want an extra ';' after the "return" because that will cause
- * some compilers to complain about unreachable statements.
- */
-#ifndef yyterminate
-#define yyterminate() return YY_NULL
-#endif
-
-/* Number of entries by which start-condition stack grows. */
-#ifndef YY_START_STACK_INCR
-#define YY_START_STACK_INCR 25
-#endif
-
-/* Report a fatal error. */
-#ifndef YY_FATAL_ERROR
-#define YY_FATAL_ERROR(msg) yy_fatal_error( msg )
-#endif
-
-/* end tables serialization structures and prototypes */
-
-/* Default declaration of generated scanner - a define so the user can
- * easily add parameters.
- */
-#ifndef YY_DECL
-#define YY_DECL_IS_OURS 1
-
-extern int yylex (void);
-
-#define YY_DECL int yylex (void)
-#endif /* !YY_DECL */
-
-/* Code executed at the beginning of each rule, after yytext and yyleng
- * have been set up.
- */
-#ifndef YY_USER_ACTION
-#define YY_USER_ACTION
-#endif
-
-/* Code executed at the end of each rule. */
-#ifndef YY_BREAK
-#define YY_BREAK break;
-#endif
-
-#define YY_RULE_SETUP \
-	YY_USER_ACTION
-
-/** The main scanner function which does all the work.
- */
-YY_DECL
-{
-	register yy_state_type yy_current_state;
-	register char *yy_cp, *yy_bp;
-	register int yy_act;
-    
-#line 55 "slc-lex.l"
-
-#line 668 "slc-lex.c"
-
-	if ( !(yy_init) )
-		{
-		(yy_init) = 1;
-
-#ifdef YY_USER_INIT
-		YY_USER_INIT;
-#endif
-
-		if ( ! (yy_start) )
-			(yy_start) = 1;	/* first start state */
-
-		if ( ! yyin )
-			yyin = stdin;
-
-		if ( ! yyout )
-			yyout = stdout;
-
-		if ( ! YY_CURRENT_BUFFER ) {
-			yyensure_buffer_stack ();
-			YY_CURRENT_BUFFER_LVALUE =
-				yy_create_buffer(yyin,YY_BUF_SIZE );
-		}
-
-		yy_load_buffer_state( );
-		}
-
-	while ( 1 )		/* loops until end-of-file is reached */
-		{
-		yy_cp = (yy_c_buf_p);
-
-		/* Support of yytext. */
-		*yy_cp = (yy_hold_char);
-
-		/* yy_bp points to the position in yy_ch_buf of the start of
-		 * the current run.
-		 */
-		yy_bp = yy_cp;
-
-		yy_current_state = (yy_start);
-yy_match:
-		do
-			{
-			register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)];
-			if ( yy_accept[yy_current_state] )
-				{
-				(yy_last_accepting_state) = yy_current_state;
-				(yy_last_accepting_cpos) = yy_cp;
-				}
-			while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
-				{
-				yy_current_state = (int) yy_def[yy_current_state];
-				if ( yy_current_state >= 14 )
-					yy_c = yy_meta[(unsigned int) yy_c];
-				}
-			yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
-			++yy_cp;
-			}
-		while ( yy_base[yy_current_state] != 13 );
-
-yy_find_action:
-		yy_act = yy_accept[yy_current_state];
-		if ( yy_act == 0 )
-			{ /* have to back up */
-			yy_cp = (yy_last_accepting_cpos);
-			yy_current_state = (yy_last_accepting_state);
-			yy_act = yy_accept[yy_current_state];
-			}
-
-		YY_DO_BEFORE_ACTION;
-
-do_action:	/* This label is used only to access EOF actions. */
-
-		switch ( yy_act )
-	{ /* beginning of action switch */
-			case 0: /* must back up */
-			/* undo the effects of YY_DO_BEFORE_ACTION */
-			*yy_cp = (yy_hold_char);
-			yy_cp = (yy_last_accepting_cpos);
-			yy_current_state = (yy_last_accepting_state);
-			goto yy_find_action;
-
-case 1:
-YY_RULE_SETUP
-#line 56 "slc-lex.l"
-{
-			  yylval.string = strdup ((const char *)yytext);
-			  return LITERAL;
-			}
-	YY_BREAK
-case 2:
-YY_RULE_SETUP
-#line 60 "slc-lex.l"
-{ yylval.string = handle_string(); return STRING; }
-	YY_BREAK
-case 3:
-/* rule 3 can match eol */
-YY_RULE_SETUP
-#line 61 "slc-lex.l"
-{ ++lineno; }
-	YY_BREAK
-case 4:
-YY_RULE_SETUP
-#line 62 "slc-lex.l"
-{ handle_comment(); }
-	YY_BREAK
-case 5:
-YY_RULE_SETUP
-#line 63 "slc-lex.l"
-{ return *yytext; }
-	YY_BREAK
-case 6:
-YY_RULE_SETUP
-#line 64 "slc-lex.l"
-;
-	YY_BREAK
-case 7:
-YY_RULE_SETUP
-#line 65 "slc-lex.l"
-ECHO;
-	YY_BREAK
-#line 790 "slc-lex.c"
-case YY_STATE_EOF(INITIAL):
-	yyterminate();
-
-	case YY_END_OF_BUFFER:
-		{
-		/* Amount of text matched not including the EOB char. */
-		int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1;
-
-		/* Undo the effects of YY_DO_BEFORE_ACTION. */
-		*yy_cp = (yy_hold_char);
-		YY_RESTORE_YY_MORE_OFFSET
-
-		if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW )
-			{
-			/* We're scanning a new file or input source.  It's
-			 * possible that this happened because the user
-			 * just pointed yyin at a new source and called
-			 * yylex().  If so, then we have to assure
-			 * consistency between YY_CURRENT_BUFFER and our
-			 * globals.  Here is the right place to do so, because
-			 * this is the first action (other than possibly a
-			 * back-up) that will match for the new input source.
-			 */
-			(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
-			YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin;
-			YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL;
-			}
-
-		/* Note that here we test for yy_c_buf_p "<=" to the position
-		 * of the first EOB in the buffer, since yy_c_buf_p will
-		 * already have been incremented past the NUL character
-		 * (since all states make transitions on EOB to the
-		 * end-of-buffer state).  Contrast this with the test
-		 * in input().
-		 */
-		if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
-			{ /* This was really a NUL. */
-			yy_state_type yy_next_state;
-
-			(yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text;
-
-			yy_current_state = yy_get_previous_state(  );
-
-			/* Okay, we're now positioned to make the NUL
-			 * transition.  We couldn't have
-			 * yy_get_previous_state() go ahead and do it
-			 * for us because it doesn't know how to deal
-			 * with the possibility of jamming (and we don't
-			 * want to build jamming into it because then it
-			 * will run more slowly).
-			 */
-
-			yy_next_state = yy_try_NUL_trans( yy_current_state );
-
-			yy_bp = (yytext_ptr) + YY_MORE_ADJ;
-
-			if ( yy_next_state )
-				{
-				/* Consume the NUL. */
-				yy_cp = ++(yy_c_buf_p);
-				yy_current_state = yy_next_state;
-				goto yy_match;
-				}
-
-			else
-				{
-				yy_cp = (yy_c_buf_p);
-				goto yy_find_action;
-				}
-			}
-
-		else switch ( yy_get_next_buffer(  ) )
-			{
-			case EOB_ACT_END_OF_FILE:
-				{
-				(yy_did_buffer_switch_on_eof) = 0;
-
-				if ( yywrap( ) )
-					{
-					/* Note: because we've taken care in
-					 * yy_get_next_buffer() to have set up
-					 * yytext, we can now set up
-					 * yy_c_buf_p so that if some total
-					 * hoser (like flex itself) wants to
-					 * call the scanner after we return the
-					 * YY_NULL, it'll still work - another
-					 * YY_NULL will get returned.
-					 */
-					(yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ;
-
-					yy_act = YY_STATE_EOF(YY_START);
-					goto do_action;
-					}
-
-				else
-					{
-					if ( ! (yy_did_buffer_switch_on_eof) )
-						YY_NEW_FILE;
-					}
-				break;
-				}
-
-			case EOB_ACT_CONTINUE_SCAN:
-				(yy_c_buf_p) =
-					(yytext_ptr) + yy_amount_of_matched_text;
-
-				yy_current_state = yy_get_previous_state(  );
-
-				yy_cp = (yy_c_buf_p);
-				yy_bp = (yytext_ptr) + YY_MORE_ADJ;
-				goto yy_match;
-
-			case EOB_ACT_LAST_MATCH:
-				(yy_c_buf_p) =
-				&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)];
-
-				yy_current_state = yy_get_previous_state(  );
-
-				yy_cp = (yy_c_buf_p);
-				yy_bp = (yytext_ptr) + YY_MORE_ADJ;
-				goto yy_find_action;
-			}
-		break;
-		}
-
-	default:
-		YY_FATAL_ERROR(
-			"fatal flex scanner internal error--no action found" );
-	} /* end of action switch */
-		} /* end of scanning one token */
-} /* end of yylex */
-
-/* yy_get_next_buffer - try to read in a new buffer
- *
- * Returns a code representing an action:
- *	EOB_ACT_LAST_MATCH -
- *	EOB_ACT_CONTINUE_SCAN - continue scanning from current position
- *	EOB_ACT_END_OF_FILE - end of file
- */
-static int yy_get_next_buffer (void)
-{
-    	register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf;
-	register char *source = (yytext_ptr);
-	register int number_to_move, i;
-	int ret_val;
-
-	if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] )
-		YY_FATAL_ERROR(
-		"fatal flex scanner internal error--end of buffer missed" );
-
-	if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 )
-		{ /* Don't try to fill the buffer, so this is an EOF. */
-		if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 )
-			{
-			/* We matched a single character, the EOB, so
-			 * treat this as a final EOF.
-			 */
-			return EOB_ACT_END_OF_FILE;
-			}
-
-		else
-			{
-			/* We matched some text prior to the EOB, first
-			 * process it.
-			 */
-			return EOB_ACT_LAST_MATCH;
-			}
-		}
-
-	/* Try to read more data. */
-
-	/* First move last chars to start of buffer. */
-	number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1;
-
-	for ( i = 0; i < number_to_move; ++i )
-		*(dest++) = *(source++);
-
-	if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING )
-		/* don't do the read, it's not guaranteed to return an EOF,
-		 * just force an EOF
-		 */
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0;
-
-	else
-		{
-			int num_to_read =
-			YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
-
-		while ( num_to_read <= 0 )
-			{ /* Not enough room in the buffer - grow it. */
-
-			/* just a shorter name for the current buffer */
-			YY_BUFFER_STATE b = YY_CURRENT_BUFFER;
-
-			int yy_c_buf_p_offset =
-				(int) ((yy_c_buf_p) - b->yy_ch_buf);
-
-			if ( b->yy_is_our_buffer )
-				{
-				int new_size = b->yy_buf_size * 2;
-
-				if ( new_size <= 0 )
-					b->yy_buf_size += b->yy_buf_size / 8;
-				else
-					b->yy_buf_size *= 2;
-
-				b->yy_ch_buf = (char *)
-					/* Include room in for 2 EOB chars. */
-					yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2  );
-				}
-			else
-				/* Can't grow it, we don't own it. */
-				b->yy_ch_buf = 0;
-
-			if ( ! b->yy_ch_buf )
-				YY_FATAL_ERROR(
-				"fatal error - scanner input buffer overflow" );
-
-			(yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset];
-
-			num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size -
-						number_to_move - 1;
-
-			}
-
-		if ( num_to_read > YY_READ_BUF_SIZE )
-			num_to_read = YY_READ_BUF_SIZE;
-
-		/* Read in more data. */
-		YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]),
-			(yy_n_chars), num_to_read );
-
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
-		}
-
-	if ( (yy_n_chars) == 0 )
-		{
-		if ( number_to_move == YY_MORE_ADJ )
-			{
-			ret_val = EOB_ACT_END_OF_FILE;
-			yyrestart(yyin  );
-			}
-
-		else
-			{
-			ret_val = EOB_ACT_LAST_MATCH;
-			YY_CURRENT_BUFFER_LVALUE->yy_buffer_status =
-				YY_BUFFER_EOF_PENDING;
-			}
-		}
-
-	else
-		ret_val = EOB_ACT_CONTINUE_SCAN;
-
-	(yy_n_chars) += number_to_move;
-	YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR;
-	YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR;
-
-	(yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0];
-
-	return ret_val;
-}
-
-/* yy_get_previous_state - get the state just before the EOB char was reached */
-
-    static yy_state_type yy_get_previous_state (void)
-{
-	register yy_state_type yy_current_state;
-	register char *yy_cp;
-    
-	yy_current_state = (yy_start);
-
-	for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp )
-		{
-		register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1);
-		if ( yy_accept[yy_current_state] )
-			{
-			(yy_last_accepting_state) = yy_current_state;
-			(yy_last_accepting_cpos) = yy_cp;
-			}
-		while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
-			{
-			yy_current_state = (int) yy_def[yy_current_state];
-			if ( yy_current_state >= 14 )
-				yy_c = yy_meta[(unsigned int) yy_c];
-			}
-		yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
-		}
-
-	return yy_current_state;
-}
-
-/* yy_try_NUL_trans - try to make a transition on the NUL character
- *
- * synopsis
- *	next_state = yy_try_NUL_trans( current_state );
- */
-    static yy_state_type yy_try_NUL_trans  (yy_state_type yy_current_state )
-{
-	register int yy_is_jam;
-    	register char *yy_cp = (yy_c_buf_p);
-
-	register YY_CHAR yy_c = 1;
-	if ( yy_accept[yy_current_state] )
-		{
-		(yy_last_accepting_state) = yy_current_state;
-		(yy_last_accepting_cpos) = yy_cp;
-		}
-	while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
-		{
-		yy_current_state = (int) yy_def[yy_current_state];
-		if ( yy_current_state >= 14 )
-			yy_c = yy_meta[(unsigned int) yy_c];
-		}
-	yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
-	yy_is_jam = (yy_current_state == 13);
-
-	return yy_is_jam ? 0 : yy_current_state;
-}
-
-    static void yyunput (int c, register char * yy_bp )
-{
-	register char *yy_cp;
-    
-    yy_cp = (yy_c_buf_p);
-
-	/* undo effects of setting up yytext */
-	*yy_cp = (yy_hold_char);
-
-	if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
-		{ /* need to shift things up to make room */
-		/* +2 for EOB chars. */
-		register int number_to_move = (yy_n_chars) + 2;
-		register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[
-					YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2];
-		register char *source =
-				&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move];
-
-		while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf )
-			*--dest = *--source;
-
-		yy_cp += (int) (dest - source);
-		yy_bp += (int) (dest - source);
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars =
-			(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size;
-
-		if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
-			YY_FATAL_ERROR( "flex scanner push-back overflow" );
-		}
-
-	*--yy_cp = (char) c;
-
-	(yytext_ptr) = yy_bp;
-	(yy_hold_char) = *yy_cp;
-	(yy_c_buf_p) = yy_cp;
-}
-
-#ifndef YY_NO_INPUT
-#ifdef __cplusplus
-    static int yyinput (void)
-#else
-    static int input  (void)
-#endif
-
-{
-	int c;
-    
-	*(yy_c_buf_p) = (yy_hold_char);
-
-	if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR )
-		{
-		/* yy_c_buf_p now points to the character we want to return.
-		 * If this occurs *before* the EOB characters, then it's a
-		 * valid NUL; if not, then we've hit the end of the buffer.
-		 */
-		if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
-			/* This was really a NUL. */
-			*(yy_c_buf_p) = '\0';
-
-		else
-			{ /* need more input */
-			int offset = (yy_c_buf_p) - (yytext_ptr);
-			++(yy_c_buf_p);
-
-			switch ( yy_get_next_buffer(  ) )
-				{
-				case EOB_ACT_LAST_MATCH:
-					/* This happens because yy_g_n_b()
-					 * sees that we've accumulated a
-					 * token and flags that we need to
-					 * try matching the token before
-					 * proceeding.  But for input(),
-					 * there's no matching to consider.
-					 * So convert the EOB_ACT_LAST_MATCH
-					 * to EOB_ACT_END_OF_FILE.
-					 */
-
-					/* Reset buffer status. */
-					yyrestart(yyin );
-
-					/*FALLTHROUGH*/
-
-				case EOB_ACT_END_OF_FILE:
-					{
-					if ( yywrap( ) )
-						return 0;
-
-					if ( ! (yy_did_buffer_switch_on_eof) )
-						YY_NEW_FILE;
-#ifdef __cplusplus
-					return yyinput();
-#else
-					return input();
-#endif
-					}
-
-				case EOB_ACT_CONTINUE_SCAN:
-					(yy_c_buf_p) = (yytext_ptr) + offset;
-					break;
-				}
-			}
-		}
-
-	c = *(unsigned char *) (yy_c_buf_p);	/* cast for 8-bit char's */
-	*(yy_c_buf_p) = '\0';	/* preserve yytext */
-	(yy_hold_char) = *++(yy_c_buf_p);
-
-	return c;
-}
-#endif	/* ifndef YY_NO_INPUT */
-
-/** Immediately switch to a different input stream.
- * @param input_file A readable stream.
- * 
- * @note This function does not reset the start condition to @c INITIAL .
- */
-    void yyrestart  (FILE * input_file )
-{
-    
-	if ( ! YY_CURRENT_BUFFER ){
-        yyensure_buffer_stack ();
-		YY_CURRENT_BUFFER_LVALUE =
-            yy_create_buffer(yyin,YY_BUF_SIZE );
-	}
-
-	yy_init_buffer(YY_CURRENT_BUFFER,input_file );
-	yy_load_buffer_state( );
-}
-
-/** Switch to a different input buffer.
- * @param new_buffer The new input buffer.
- * 
- */
-    void yy_switch_to_buffer  (YY_BUFFER_STATE  new_buffer )
-{
-    
-	/* TODO. We should be able to replace this entire function body
-	 * with
-	 *		yypop_buffer_state();
-	 *		yypush_buffer_state(new_buffer);
-     */
-	yyensure_buffer_stack ();
-	if ( YY_CURRENT_BUFFER == new_buffer )
-		return;
-
-	if ( YY_CURRENT_BUFFER )
-		{
-		/* Flush out information for old buffer. */
-		*(yy_c_buf_p) = (yy_hold_char);
-		YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
-		}
-
-	YY_CURRENT_BUFFER_LVALUE = new_buffer;
-	yy_load_buffer_state( );
-
-	/* We don't actually know whether we did this switch during
-	 * EOF (yywrap()) processing, but the only time this flag
-	 * is looked at is after yywrap() is called, so it's safe
-	 * to go ahead and always set it.
-	 */
-	(yy_did_buffer_switch_on_eof) = 1;
-}
-
-static void yy_load_buffer_state  (void)
-{
-    	(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
-	(yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos;
-	yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file;
-	(yy_hold_char) = *(yy_c_buf_p);
-}
-
-/** Allocate and initialize an input buffer state.
- * @param file A readable stream.
- * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE.
- * 
- * @return the allocated buffer state.
- */
-    YY_BUFFER_STATE yy_create_buffer  (FILE * file, int  size )
-{
-	YY_BUFFER_STATE b;
-    
-	b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state )  );
-	if ( ! b )
-		YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
-
-	b->yy_buf_size = size;
-
-	/* yy_ch_buf has to be 2 characters longer than the size given because
-	 * we need to put in 2 end-of-buffer characters.
-	 */
-	b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2  );
-	if ( ! b->yy_ch_buf )
-		YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
-
-	b->yy_is_our_buffer = 1;
-
-	yy_init_buffer(b,file );
-
-	return b;
-}
-
-/** Destroy the buffer.
- * @param b a buffer created with yy_create_buffer()
- * 
- */
-    void yy_delete_buffer (YY_BUFFER_STATE  b )
-{
-    
-	if ( ! b )
-		return;
-
-	if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */
-		YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0;
-
-	if ( b->yy_is_our_buffer )
-		yyfree((void *) b->yy_ch_buf  );
-
-	yyfree((void *) b  );
-}
-
-#ifndef __cplusplus
-extern int isatty (int );
-#endif /* __cplusplus */
-    
-/* Initializes or reinitializes a buffer.
- * This function is sometimes called more than once on the same buffer,
- * such as during a yyrestart() or at EOF.
- */
-    static void yy_init_buffer  (YY_BUFFER_STATE  b, FILE * file )
-
-{
-	int oerrno = errno;
-    
-	yy_flush_buffer(b );
-
-	b->yy_input_file = file;
-	b->yy_fill_buffer = 1;
-
-    /* If b is the current buffer, then yy_init_buffer was _probably_
-     * called from yyrestart() or through yy_get_next_buffer.
-     * In that case, we don't want to reset the lineno or column.
-     */
-    if (b != YY_CURRENT_BUFFER){
-        b->yy_bs_lineno = 1;
-        b->yy_bs_column = 0;
-    }
-
-        b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0;
-    
-	errno = oerrno;
-}
-
-/** Discard all buffered characters. On the next scan, YY_INPUT will be called.
- * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER.
- * 
- */
-    void yy_flush_buffer (YY_BUFFER_STATE  b )
-{
-    	if ( ! b )
-		return;
-
-	b->yy_n_chars = 0;
-
-	/* We always need two end-of-buffer characters.  The first causes
-	 * a transition to the end-of-buffer state.  The second causes
-	 * a jam in that state.
-	 */
-	b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR;
-	b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR;
-
-	b->yy_buf_pos = &b->yy_ch_buf[0];
-
-	b->yy_at_bol = 1;
-	b->yy_buffer_status = YY_BUFFER_NEW;
-
-	if ( b == YY_CURRENT_BUFFER )
-		yy_load_buffer_state( );
-}
-
-/** Pushes the new state onto the stack. The new state becomes
- *  the current state. This function will allocate the stack
- *  if necessary.
- *  @param new_buffer The new state.
- *  
- */
-void yypush_buffer_state (YY_BUFFER_STATE new_buffer )
-{
-    	if (new_buffer == NULL)
-		return;
-
-	yyensure_buffer_stack();
-
-	/* This block is copied from yy_switch_to_buffer. */
-	if ( YY_CURRENT_BUFFER )
-		{
-		/* Flush out information for old buffer. */
-		*(yy_c_buf_p) = (yy_hold_char);
-		YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
-		}
-
-	/* Only push if top exists. Otherwise, replace top. */
-	if (YY_CURRENT_BUFFER)
-		(yy_buffer_stack_top)++;
-	YY_CURRENT_BUFFER_LVALUE = new_buffer;
-
-	/* copied from yy_switch_to_buffer. */
-	yy_load_buffer_state( );
-	(yy_did_buffer_switch_on_eof) = 1;
-}
-
-/** Removes and deletes the top of the stack, if present.
- *  The next element becomes the new top.
- *  
- */
-void yypop_buffer_state (void)
-{
-    	if (!YY_CURRENT_BUFFER)
-		return;
-
-	yy_delete_buffer(YY_CURRENT_BUFFER );
-	YY_CURRENT_BUFFER_LVALUE = NULL;
-	if ((yy_buffer_stack_top) > 0)
-		--(yy_buffer_stack_top);
-
-	if (YY_CURRENT_BUFFER) {
-		yy_load_buffer_state( );
-		(yy_did_buffer_switch_on_eof) = 1;
-	}
-}
-
-/* Allocates the stack if it does not exist.
- *  Guarantees space for at least one push.
- */
-static void yyensure_buffer_stack (void)
-{
-	int num_to_alloc;
-    
-	if (!(yy_buffer_stack)) {
-
-		/* First allocation is just for 2 elements, since we don't know if this
-		 * scanner will even need a stack. We use 2 instead of 1 to avoid an
-		 * immediate realloc on the next call.
-         */
-		num_to_alloc = 1;
-		(yy_buffer_stack) = (struct yy_buffer_state**)yyalloc
-								(num_to_alloc * sizeof(struct yy_buffer_state*)
-								);
-		
-		memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*));
-				
-		(yy_buffer_stack_max) = num_to_alloc;
-		(yy_buffer_stack_top) = 0;
-		return;
-	}
-
-	if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){
-
-		/* Increase the buffer to prepare for a possible push. */
-		int grow_size = 8 /* arbitrary grow size */;
-
-		num_to_alloc = (yy_buffer_stack_max) + grow_size;
-		(yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc
-								((yy_buffer_stack),
-								num_to_alloc * sizeof(struct yy_buffer_state*)
-								);
-
-		/* zero only the new slots.*/
-		memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*));
-		(yy_buffer_stack_max) = num_to_alloc;
-	}
-}
-
-/** Setup the input buffer state to scan directly from a user-specified character buffer.
- * @param base the character buffer
- * @param size the size in bytes of the character buffer
- * 
- * @return the newly allocated buffer state object. 
- */
-YY_BUFFER_STATE yy_scan_buffer  (char * base, yy_size_t  size )
-{
-	YY_BUFFER_STATE b;
-    
-	if ( size < 2 ||
-	     base[size-2] != YY_END_OF_BUFFER_CHAR ||
-	     base[size-1] != YY_END_OF_BUFFER_CHAR )
-		/* They forgot to leave room for the EOB's. */
-		return 0;
-
-	b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state )  );
-	if ( ! b )
-		YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" );
-
-	b->yy_buf_size = size - 2;	/* "- 2" to take care of EOB's */
-	b->yy_buf_pos = b->yy_ch_buf = base;
-	b->yy_is_our_buffer = 0;
-	b->yy_input_file = 0;
-	b->yy_n_chars = b->yy_buf_size;
-	b->yy_is_interactive = 0;
-	b->yy_at_bol = 1;
-	b->yy_fill_buffer = 0;
-	b->yy_buffer_status = YY_BUFFER_NEW;
-
-	yy_switch_to_buffer(b  );
-
-	return b;
-}
-
-/** Setup the input buffer state to scan a string. The next call to yylex() will
- * scan from a @e copy of @a str.
- * @param str a NUL-terminated string to scan
- * 
- * @return the newly allocated buffer state object.
- * @note If you want to scan bytes that may contain NUL values, then use
- *       yy_scan_bytes() instead.
- */
-YY_BUFFER_STATE yy_scan_string (yyconst char * yystr )
-{
-    
-	return yy_scan_bytes(yystr,strlen(yystr) );
-}
-
-/** Setup the input buffer state to scan the given bytes. The next call to yylex() will
- * scan from a @e copy of @a bytes.
- * @param bytes the byte buffer to scan
- * @param len the number of bytes in the buffer pointed to by @a bytes.
- * 
- * @return the newly allocated buffer state object.
- */
-YY_BUFFER_STATE yy_scan_bytes  (yyconst char * yybytes, int  _yybytes_len )
-{
-	YY_BUFFER_STATE b;
-	char *buf;
-	yy_size_t n;
-	int i;
-    
-	/* Get memory for full buffer, including space for trailing EOB's. */
-	n = _yybytes_len + 2;
-	buf = (char *) yyalloc(n  );
-	if ( ! buf )
-		YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" );
-
-	for ( i = 0; i < _yybytes_len; ++i )
-		buf[i] = yybytes[i];
-
-	buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR;
-
-	b = yy_scan_buffer(buf,n );
-	if ( ! b )
-		YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" );
-
-	/* It's okay to grow etc. this buffer, and we should throw it
-	 * away when we're done.
-	 */
-	b->yy_is_our_buffer = 1;
-
-	return b;
-}
-
-#ifndef YY_EXIT_FAILURE
-#define YY_EXIT_FAILURE 2
-#endif
-
-static void yy_fatal_error (yyconst char* msg )
-{
-    	(void) fprintf( stderr, "%s\n", msg );
-	exit( YY_EXIT_FAILURE );
-}
-
-/* Redefine yyless() so it works in section 3 code. */
-
-#undef yyless
-#define yyless(n) \
-	do \
-		{ \
-		/* Undo effects of setting up yytext. */ \
-        int yyless_macro_arg = (n); \
-        YY_LESS_LINENO(yyless_macro_arg);\
-		yytext[yyleng] = (yy_hold_char); \
-		(yy_c_buf_p) = yytext + yyless_macro_arg; \
-		(yy_hold_char) = *(yy_c_buf_p); \
-		*(yy_c_buf_p) = '\0'; \
-		yyleng = yyless_macro_arg; \
-		} \
-	while ( 0 )
-
-/* Accessor  methods (get/set functions) to struct members. */
-
-/** Get the current line number.
- * 
- */
-int yyget_lineno  (void)
-{
-        
-    return yylineno;
-}
-
-/** Get the input stream.
- * 
- */
-FILE *yyget_in  (void)
-{
-        return yyin;
-}
-
-/** Get the output stream.
- * 
- */
-FILE *yyget_out  (void)
-{
-        return yyout;
-}
-
-/** Get the length of the current token.
- * 
- */
-int yyget_leng  (void)
-{
-        return yyleng;
-}
-
-/** Get the current token.
- * 
- */
-
-char *yyget_text  (void)
-{
-        return yytext;
-}
-
-/** Set the current line number.
- * @param line_number
- * 
- */
-void yyset_lineno (int  line_number )
-{
-    
-    yylineno = line_number;
-}
-
-/** Set the input stream. This does not discard the current
- * input buffer.
- * @param in_str A readable stream.
- * 
- * @see yy_switch_to_buffer
- */
-void yyset_in (FILE *  in_str )
-{
-        yyin = in_str ;
-}
-
-void yyset_out (FILE *  out_str )
-{
-        yyout = out_str ;
-}
-
-int yyget_debug  (void)
-{
-        return yy_flex_debug;
-}
-
-void yyset_debug (int  bdebug )
-{
-        yy_flex_debug = bdebug ;
-}
-
-static int yy_init_globals (void)
-{
-        /* Initialization is the same as for the non-reentrant scanner.
-     * This function is called from yylex_destroy(), so don't allocate here.
-     */
-
-    (yy_buffer_stack) = 0;
-    (yy_buffer_stack_top) = 0;
-    (yy_buffer_stack_max) = 0;
-    (yy_c_buf_p) = (char *) 0;
-    (yy_init) = 0;
-    (yy_start) = 0;
-
-/* Defined in main.c */
-#ifdef YY_STDINIT
-    yyin = stdin;
-    yyout = stdout;
-#else
-    yyin = (FILE *) 0;
-    yyout = (FILE *) 0;
-#endif
-
-    /* For future reference: Set errno on error, since we are called by
-     * yylex_init()
-     */
-    return 0;
-}
-
-/* yylex_destroy is for both reentrant and non-reentrant scanners. */
-int yylex_destroy  (void)
-{
-    
-    /* Pop the buffer stack, destroying each element. */
-	while(YY_CURRENT_BUFFER){
-		yy_delete_buffer(YY_CURRENT_BUFFER  );
-		YY_CURRENT_BUFFER_LVALUE = NULL;
-		yypop_buffer_state();
-	}
-
-	/* Destroy the stack itself. */
-	yyfree((yy_buffer_stack) );
-	(yy_buffer_stack) = NULL;
-
-    /* Reset the globals. This is important in a non-reentrant scanner so the next time
-     * yylex() is called, initialization will occur. */
-    yy_init_globals( );
-
-    return 0;
-}
-
-/*
- * Internal utility routines.
- */
-
-#ifndef yytext_ptr
-static void yy_flex_strncpy (char* s1, yyconst char * s2, int n )
-{
-	register int i;
-	for ( i = 0; i < n; ++i )
-		s1[i] = s2[i];
-}
-#endif
-
-#ifdef YY_NEED_STRLEN
-static int yy_flex_strlen (yyconst char * s )
-{
-	register int n;
-	for ( n = 0; s[n]; ++n )
-		;
-
-	return n;
-}
-#endif
-
-void *yyalloc (yy_size_t  size )
-{
-	return (void *) malloc( size );
-}
-
-void *yyrealloc  (void * ptr, yy_size_t  size )
-{
-	/* The cast to (char *) in the following accommodates both
-	 * implementations that use char* generic pointers, and those
-	 * that use void* generic pointers.  It works with the latter
-	 * because both ANSI C and C++ allow castless assignment from
-	 * any pointer type to void*, and deal with argument conversions
-	 * as though doing an assignment.
-	 */
-	return (void *) realloc( (char *) ptr, size );
-}
-
-void yyfree (void * ptr )
-{
-	free( (char *) ptr );	/* see yyrealloc() for (char *) cast */
-}
-
-#define YYTABLES_NAME "yytables"
-
-#line 65 "slc-lex.l"
-
-
-
-void
-error_message (const char *format, ...)
-{
-     va_list args;
-
-     va_start (args, format);
-     fprintf (stderr, "%s:%d: ", filename, lineno);
-     vfprintf (stderr, format, args);
-     va_end (args);
-     error_flag++;
-}
-
-void
-yyerror (char *s)
-{
-    error_message("%s\n", s);
-}
-
-static void
-handle_comment(void)
-{
-    int c;
-    int start_lineno = lineno;
-    int level = 1;
-    int seen_star = 0;
-    int seen_slash = 0;
-    while((c = input()) != EOF) {
-	if(c == '/') {
-	    if(seen_star) {
-		if(--level == 0)
-		    return;
-		seen_star = 0;
-		continue;
-	    }
-	    seen_slash = 1;
-	    continue;
-	}
-	if(seen_star && c == '/') {
-	    if(--level == 0)
-		return;
-	    seen_star = 0;
-	    continue;
-	}
-	if(c == '*') {
-	    if(seen_slash) {
-		level++;
-		seen_star = seen_slash = 0;
-		continue;
-	    } 
-	    seen_star = 1;
-	    continue;
-	}
-	seen_star = seen_slash = 0;
-	if(c == '\n') {
-	    lineno++;
-	    continue;
-	}
-    }
-    if(c == EOF)
-	error_message("unterminated comment, possibly started on line %d\n", start_lineno);
-}
-
-static char *
-handle_string(void)
-{
-    char x[1024];
-    int i = 0;
-    int c;
-    int quote = 0;
-    while((c = input()) != EOF){
-	if(quote) {
-	    x[i++] = '\\';
-	    x[i++] = c;
-	    quote = 0;
-	    continue;
-	}
-	if(c == '\n'){
-	    error_message("unterminated string");
-	    lineno++;
-	    break;
-	}
-	if(c == '\\'){
-	    quote++;
-	    continue;
-	}
-	if(c == '\"')
-	    break;
-	x[i++] = c;
-    }
-    x[i] = '\0';
-    return strdup(x);
-}
-
-int
-yywrap () 
-{
-     return 1;
-}
-
diff --git a/crypto/heimdal/lib/sl/slc-lex.l b/crypto/heimdal/lib/sl/slc-lex.l
deleted file mode 100644
index b810b12737b0..000000000000
--- a/crypto/heimdal/lib/sl/slc-lex.l
+++ /dev/null
@@ -1,164 +0,0 @@
-%{
-/*
- * Copyright (c) 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: slc-lex.l 15118 2005-05-10 22:19:01Z lha $ */
-
-#undef ECHO
-
-#include <stdio.h>
-#include <string.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include "slc.h"
-#include "slc-gram.h"
-unsigned lineno = 1;
-
-static void handle_comment(void);
-static char * handle_string(void);
-
-#define YY_NO_UNPUT
-
-#undef ECHO
-
-%}
-%%
-[A-Za-z][-A-Za-z0-9_]*	{
-			  yylval.string = strdup ((const char *)yytext);
-			  return LITERAL;
-			}
-"\""			{ yylval.string = handle_string(); return STRING; }
-\n			{ ++lineno; }
-\/\*			{ handle_comment(); }
-[={}]			{ return *yytext; }
-[ \t]			;
-%%
-
-void
-error_message (const char *format, ...)
-{
-     va_list args;
-
-     va_start (args, format);
-     fprintf (stderr, "%s:%d: ", filename, lineno);
-     vfprintf (stderr, format, args);
-     va_end (args);
-     error_flag++;
-}
-
-void
-yyerror (char *s)
-{
-    error_message("%s\n", s);
-}
-
-static void
-handle_comment(void)
-{
-    int c;
-    int start_lineno = lineno;
-    int level = 1;
-    int seen_star = 0;
-    int seen_slash = 0;
-    while((c = input()) != EOF) {
-	if(c == '/') {
-	    if(seen_star) {
-		if(--level == 0)
-		    return;
-		seen_star = 0;
-		continue;
-	    }
-	    seen_slash = 1;
-	    continue;
-	}
-	if(seen_star && c == '/') {
-	    if(--level == 0)
-		return;
-	    seen_star = 0;
-	    continue;
-	}
-	if(c == '*') {
-	    if(seen_slash) {
-		level++;
-		seen_star = seen_slash = 0;
-		continue;
-	    } 
-	    seen_star = 1;
-	    continue;
-	}
-	seen_star = seen_slash = 0;
-	if(c == '\n') {
-	    lineno++;
-	    continue;
-	}
-    }
-    if(c == EOF)
-	error_message("unterminated comment, possibly started on line %d\n", start_lineno);
-}
-
-static char *
-handle_string(void)
-{
-    char x[1024];
-    int i = 0;
-    int c;
-    int quote = 0;
-    while((c = input()) != EOF){
-	if(quote) {
-	    x[i++] = '\\';
-	    x[i++] = c;
-	    quote = 0;
-	    continue;
-	}
-	if(c == '\n'){
-	    error_message("unterminated string");
-	    lineno++;
-	    break;
-	}
-	if(c == '\\'){
-	    quote++;
-	    continue;
-	}
-	if(c == '\"')
-	    break;
-	x[i++] = c;
-    }
-    x[i] = '\0';
-    return strdup(x);
-}
-
-int
-yywrap () 
-{
-     return 1;
-}
diff --git a/crypto/heimdal/lib/sl/slc.h b/crypto/heimdal/lib/sl/slc.h
deleted file mode 100644
index 2b05813e4b08..000000000000
--- a/crypto/heimdal/lib/sl/slc.h
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (c) 2004 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: slc.h 13969 2004-06-21 19:10:59Z joda $ */
-#include <stdio.h>
-#include <string.h>
-#include <stdarg.h>
-
-struct assignment {
-    char *name;
-    enum { a_value, a_assignment } type;
-    union {
-	char *value;
-	struct assignment *assignment;
-    } u;
-    unsigned int lineno;
-    struct assignment *next;
-};
-
-extern char *filename;
-extern int error_flag;
-void error_message (const char *format, ...);
-int yylex(void);
-void yyerror (char *s);
-extern unsigned lineno;
diff --git a/crypto/heimdal/lib/sl/ss.c b/crypto/heimdal/lib/sl/ss.c
deleted file mode 100644
index f2f3cbc0a2a3..000000000000
--- a/crypto/heimdal/lib/sl/ss.c
+++ /dev/null
@@ -1,162 +0,0 @@
-/*
- * Copyright (c) 1998 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "sl_locl.h"
-#include <com_err.h>
-#include "ss.h"
-
-RCSID("$Id: ss.c 15429 2005-06-16 19:24:11Z lha $");
-
-struct ss_subst {
-    char *name;
-    char *version;
-    char *info;
-    ss_request_table *table;
-};
-
-static struct ss_subst subsystems[2];
-static int num_subsystems;
-
-int
-ss_create_invocation(const char *subsystem, 
-		     const char *version, 
-		     const char *info, 
-		     ss_request_table *table, 
-		     int *code)
-{
-    struct ss_subst *ss;
-
-    if(num_subsystems >= sizeof(subsystems) / sizeof(subsystems[0])) {
-	*code = 17;
-	return 0;
-    }
-    ss = &subsystems[num_subsystems];
-    ss->name = ss->version = ss->info = NULL;
-    if (subsystem != NULL) {
-	ss->name = strdup (subsystem);
-	if (ss->name == NULL) {
-	    *code = ENOMEM;
-	    return 0;
-	}
-    }
-    if (version != NULL) {
-	ss->version = strdup (version);
-	if (ss->version == NULL) {
-	    *code = ENOMEM;
-	    return 0;
-	}
-    }
-    if (info != NULL) {
-	ss->info = strdup (info);
-	if (ss->info == NULL) {
-	    *code = ENOMEM;
-	    return 0;
-	}
-    }
-    ss->table = table;
-    *code = 0;
-    return num_subsystems++;
-}
-
-void
-ss_error (int idx, long code, const char *fmt, ...)
-{
-    va_list ap;
-    va_start(ap, fmt);
-    com_err_va (subsystems[idx].name, code, fmt, ap);
-    va_end(ap);
-}
-
-void
-ss_perror (int idx, long code, const char *msg)
-{
-    ss_error(idx, code, "%s", msg);
-}
-
-int
-ss_execute_command(int idx, char **argv)
-{
-    int argc = 0;
-    int ret;
-
-    while(argv[argc++]);
-    ret = sl_command(subsystems[idx].table, argc, argv);
-    if (ret == SL_BADCOMMAND)
-	return SS_ET_COMMAND_NOT_FOUND;
-    return 0;
-}
-
-int
-ss_execute_line (int idx, const char *line)
-{
-    char *buf = strdup(line);
-    int argc;
-    char **argv;
-    int ret;
-    
-    if (buf == NULL)
-	return ENOMEM;
-    sl_make_argv(buf, &argc, &argv);
-    ret = sl_command(subsystems[idx].table, argc, argv);
-    free(buf);
-    if (ret == SL_BADCOMMAND)
-	return SS_ET_COMMAND_NOT_FOUND;
-    return 0;
-}
-
-int
-ss_listen (int idx)
-{
-    char *prompt = malloc(strlen(subsystems[idx].name) + 3);
-    if (prompt == NULL)
-	return ENOMEM;
-
-    strcpy(prompt, subsystems[idx].name);
-    strcat(prompt, ": ");
-    sl_loop(subsystems[idx].table, prompt);
-    free(prompt);
-    return 0;
-}
-
-int
-ss_list_requests(int argc, char **argv /* , int idx, void *info */)
-{
-    sl_help(subsystems[0 /* idx */].table, argc, argv);
-    return 0;
-}
-
-int
-ss_quit(int argc, char **argv)
-{
-    return 1;
-}
diff --git a/crypto/heimdal/lib/sl/ss.h b/crypto/heimdal/lib/sl/ss.h
deleted file mode 100644
index 15e1f88cb645..000000000000
--- a/crypto/heimdal/lib/sl/ss.h
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 1998 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-/* $Id: ss.h 8294 2000-05-25 00:15:21Z assar $ */
-
-/* SS compatibility for SL */
-
-#ifndef __ss_h__
-#define __ss_h__
-
-#include <sl.h>
-
-typedef SL_cmd ss_request_table;
-
-int ss_create_invocation (const char *, const char *, const char*, 
-			  ss_request_table*, int*);
-
-void ss_error (int, long, const char*, ...);
-int ss_execute_command (int, char**);
-int ss_execute_line (int, const char*);
-int ss_list_requests (int argc, char**);
-int ss_listen (int);
-void ss_perror (int, long, const char*);
-int ss_quit (int argc, char**);
-
-#define SS_ET_COMMAND_NOT_FOUND (-1)
-
-#endif /* __ss_h__ */
diff --git a/crypto/heimdal/lib/sl/test_sl.c b/crypto/heimdal/lib/sl/test_sl.c
deleted file mode 100644
index 06105591f4f3..000000000000
--- a/crypto/heimdal/lib/sl/test_sl.c
+++ /dev/null
@@ -1,97 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "sl_locl.h"
-
-RCSID("$Id: test_sl.c 19555 2006-12-28 23:40:17Z lha $");
-
-struct {
-    int ok;
-    const char *line;
-    int argc;
-    const char *argv[4];
-} lines[] = {
-    { 1, "", 1, { "" } },
-    { 1, "foo", 1, { "foo" } },
-    { 1, "foo bar", 2, { "foo", "bar" }},
-    { 1, "foo bar baz", 3, { "foo", "bar", "baz" }},
-    { 1, "foobar baz", 2, { "foobar", "baz" }},
-    { 1, " foo", 1, { "foo" } },
-    { 1, "foo   ", 1, { "foo" } },
-    { 1, " foo  ", 1, { "foo" } },
-    { 1, " foo  bar", 2, { "foo", "bar" } },
-    { 1, "foo\\ bar", 1, { "foo bar" } },
-    { 1, "\"foo bar\"", 1, { "foo bar" } },
-    { 1, "\"foo\\ bar\"", 1, { "foo bar" } },
-    { 1, "\"foo\\\" bar\"", 1, { "foo\" bar" } },
-    { 1, "\"\"f\"\"oo\"\"", 1, { "foo" } },
-    { 1, "\"foobar\"baz", 1, { "foobarbaz" }},
-    { 1, "foo\tbar baz", 3, { "foo", "bar", "baz" }},
-    { 1, "\"foo bar\" baz", 2, { "foo bar", "baz" }},
-    { 1, "\"foo bar baz\"", 1, { "foo bar baz" }},
-    { 1, "\\\"foo bar baz", 3, { "\"foo", "bar", "baz" }},
-    { 1, "\\ foo bar baz", 3, { " foo", "bar", "baz" }},
-    { 0, "\\", 0, { "" }},
-    { 0, "\"", 0, { "" }}
-};
-
-int
-main(int argc, char **argv)
-{
-    int ret, i;
-
-    for (i = 0; i < sizeof(lines)/sizeof(lines[0]); i++) {
-	int j, rargc = 0;
-	char **rargv = NULL;
-	char *buf = strdup(lines[i].line);
-
-	ret = sl_make_argv(buf, &rargc, &rargv);
-	if (ret) {
-	    if (!lines[i].ok)
-		goto next;
-	    errx(1, "sl_make_argv test %d failed", i);
-	} else if (!lines[i].ok)
-	    errx(1, "sl_make_argv passed test %d when it shouldn't", i);
-	if (rargc != lines[i].argc)
-	    errx(1, "result argc (%d) != should be argc (%d) for test %d", 
-		 rargc, lines[i].argc, i);
-	for (j = 0; j < rargc; j++)
-	    if (strcmp(rargv[j], lines[i].argv[j]) != 0)
-		errx(1, "result argv (%s) != should be argv (%s) for test %d",
-		     rargv[j], lines[i].argv[j], i);
-    next:
-	free(buf);
-	free(rargv);
-    }
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/vers/ChangeLog b/crypto/heimdal/lib/vers/ChangeLog
deleted file mode 100644
index 620823253a2d..000000000000
--- a/crypto/heimdal/lib/vers/ChangeLog
+++ /dev/null
@@ -1,74 +0,0 @@
-2007-10-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: don't run local checks.
-	
-2006-12-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* print_version.c: Update (c).
-	
-2006-10-21  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* make-print-version.c: include <string.h>
-
-2006-10-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* make-print-version.c: Avoid creating a file called --version.
-	
-2006-10-19  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: fix spelling of build_HEADERZ
-
-2006-10-07  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: Add build_HEADERZ to EXTRA_DIST
-	
-2005-01-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* print_version.c: Happy New Year
-
-2004-01-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* print_version.c: add year 2004
-	
-2003-01-02  Johan Danielsson  <joda@pdc.kth.se>
-
-	* print_version.c: considerable clean up
-
-	* make-print-version.c: make VERSIONLIST a string instead of an
-	array of strings
-
-2002-08-28  Assar Westerlund  <assar@kth.se>
-
-	* Makefile.am (make_print_version_LDADD): do not hardcode -ldes,
-	use $(LIB_des)
-
-2002-08-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* print_version.c: add bug-report message
-
-2002-05-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* print_version.c: update year
-
-2001-08-24  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (make_print_version_LDADD): use = instead of += (be
-	nice to current automake)
-
-2001-04-21  Johan Danielsson  <joda@pdc.kth.se>
-
-	* print_version.c: 2001
-
-2001-01-31  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: remove -static turning this into a convenience
-	library
-
-2000-11-15  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: make the library static and don't install it
-
-2000-07-08  Assar Westerlund  <assar@sics.se>
-
-	* make-print-version.c (heimdal_version, krb4_version): const-ize,
-	based on thorpej@netbsd.org's change to NetBSD
diff --git a/crypto/heimdal/lib/vers/Makefile.am b/crypto/heimdal/lib/vers/Makefile.am
deleted file mode 100644
index a3b6da6cdfe3..000000000000
--- a/crypto/heimdal/lib/vers/Makefile.am
+++ /dev/null
@@ -1,32 +0,0 @@
-# $Id: Makefile.am 21959 2007-10-16 13:25:59Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-CLEANFILES		= print_version.h
-
-noinst_LTLIBRARIES	= libvers.la
-
-build_HEADERZ		= vers.h
-
-CHECK_LOCAL		= no-check-local
-
-noinst_PROGRAMS		= make-print-version
-
-if KRB4
-if KRB5
-## need to link with des here; otherwise, if krb4 is shared the link
-## will fail with unresolved references
-make_print_version_LDADD = $(LIB_krb4) $(LIB_hcrypto)
-endif
-endif
-
-libvers_la_SOURCES	= print_version.c
-
-print_version.lo: print_version.h
-
-print_version.h: make-print-version$(EXEEXT)
-	./make-print-version$(EXEEXT) print_version.h
-
-make-print-version.o: $(top_builddir)/include/version.h
-
-EXTRA_DIST = $(build_HEADERZ)
diff --git a/crypto/heimdal/lib/vers/Makefile.in b/crypto/heimdal/lib/vers/Makefile.in
deleted file mode 100644
index 4dbc9e05d3f9..000000000000
--- a/crypto/heimdal/lib/vers/Makefile.in
+++ /dev/null
@@ -1,781 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 21959 2007-10-16 13:25:59Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common ChangeLog
-noinst_PROGRAMS = make-print-version$(EXEEXT)
-subdir = lib/vers
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-LTLIBRARIES = $(noinst_LTLIBRARIES)
-libvers_la_LIBADD =
-am_libvers_la_OBJECTS = print_version.lo
-libvers_la_OBJECTS = $(am_libvers_la_OBJECTS)
-PROGRAMS = $(noinst_PROGRAMS)
-make_print_version_SOURCES = make-print-version.c
-make_print_version_OBJECTS = make-print-version.$(OBJEXT)
-am__DEPENDENCIES_1 =
-@KRB4_TRUE@@KRB5_TRUE@make_print_version_DEPENDENCIES =  \
-@KRB4_TRUE@@KRB5_TRUE@	$(am__DEPENDENCIES_1) \
-@KRB4_TRUE@@KRB5_TRUE@	$(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-SOURCES = $(libvers_la_SOURCES) make-print-version.c
-DIST_SOURCES = $(libvers_la_SOURCES) make-print-version.c
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-CLEANFILES = print_version.h
-noinst_LTLIBRARIES = libvers.la
-build_HEADERZ = vers.h
-CHECK_LOCAL = no-check-local
-@KRB4_TRUE@@KRB5_TRUE@make_print_version_LDADD = $(LIB_krb4) $(LIB_hcrypto)
-libvers_la_SOURCES = print_version.c
-EXTRA_DIST = $(build_HEADERZ)
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps lib/vers/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps lib/vers/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-clean-noinstLTLIBRARIES:
-	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
-	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test "$$dir" != "$$p" || dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-libvers.la: $(libvers_la_OBJECTS) $(libvers_la_DEPENDENCIES) 
-	$(LINK)  $(libvers_la_OBJECTS) $(libvers_la_LIBADD) $(LIBS)
-
-clean-noinstPROGRAMS:
-	@list='$(noinst_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-make-print-version$(EXEEXT): $(make_print_version_OBJECTS) $(make_print_version_DEPENDENCIES) 
-	@rm -f make-print-version$(EXEEXT)
-	$(LINK) $(make_print_version_OBJECTS) $(make_print_version_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) all-local
-installdirs:
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
-	clean-noinstPROGRAMS mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
-	clean clean-generic clean-libtool clean-noinstLTLIBRARIES \
-	clean-noinstPROGRAMS ctags dist-hook distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am \
-	install-data-hook install-dvi install-dvi-am install-exec \
-	install-exec-am install-exec-hook install-html install-html-am \
-	install-info install-info-am install-man install-pdf \
-	install-pdf-am install-ps install-ps-am install-strip \
-	installcheck installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-hook
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-print_version.lo: print_version.h
-
-print_version.h: make-print-version$(EXEEXT)
-	./make-print-version$(EXEEXT) print_version.h
-
-make-print-version.o: $(top_builddir)/include/version.h
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/vers/make-print-version.c b/crypto/heimdal/lib/vers/make-print-version.c
deleted file mode 100644
index 6601b040f070..000000000000
--- a/crypto/heimdal/lib/vers/make-print-version.c
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * Copyright (c) 1998 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: make-print-version.c 18765 2006-10-21 17:37:32Z lha $");
-#endif
-
-#include <stdio.h>
-#include <string.h>
-
-#ifdef KRB5
-extern const char *heimdal_version;
-#endif
-#ifdef KRB4
-extern const char *krb4_version;
-#endif
-#include <version.h>
-
-int
-main(int argc, char **argv)
-{
-    FILE *f;
-    if(argc != 2)
-	return 1;
-    if (strcmp(argv[1], "--version") == 0) {
-	printf("some version");
-	return 0;
-    }
-    f = fopen(argv[1], "w");
-    if(f == NULL)
-	return 1;
-    fprintf(f, "#define VERSIONLIST \"");
-#ifdef KRB5
-    fprintf(f, "%s", heimdal_version);
-#endif
-#ifdef KRB4
-#ifdef KRB5
-    fprintf(f, ", ");
-#endif
-    fprintf(f, "%s", krb4_version);
-#endif
-    fprintf(f, "\"\n");
-    fclose(f);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/vers/print_version.c b/crypto/heimdal/lib/vers/print_version.c
deleted file mode 100644
index 325f3fa046ff..000000000000
--- a/crypto/heimdal/lib/vers/print_version.c
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (c) 1998 - 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: print_version.c 22428 2008-01-13 09:58:05Z lha $");
-#endif
-#include "roken.h"
-
-#include "print_version.h"
-
-void
-print_version(const char *progname)
-{
-    const char *package_list = VERSIONLIST;
-    
-    if(progname == NULL)
-	progname = getprogname();
-    
-    if(*package_list == '\0')
-	package_list = "no version information";
-    fprintf(stderr, "%s (%s)\n", progname, package_list);
-    fprintf(stderr, "Copyright 1995-2008 Kungliga Tekniska H�gskolan\n");
-    fprintf(stderr, "Send bug-reports to %s\n", PACKAGE_BUGREPORT);
-}
diff --git a/crypto/heimdal/lib/vers/vers.h b/crypto/heimdal/lib/vers/vers.h
deleted file mode 100644
index c079103124e2..000000000000
--- a/crypto/heimdal/lib/vers/vers.h
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright (c) 1995 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: vers.h 8513 2000-07-01 19:47:36Z assar $ */
-
-#ifndef __VERS_H__
-#define __VERS_H__
-
-void print_version(const char *);
-
-#endif /*  __VERS_H__ */
diff --git a/crypto/heimdal/ltconfig b/crypto/heimdal/ltconfig
deleted file mode 100755
index 91907462a058..000000000000
--- a/crypto/heimdal/ltconfig
+++ /dev/null
@@ -1,2797 +0,0 @@
-#! /bin/sh
-
-# ltconfig - Create a system-specific libtool.
-# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001
-# Free Software Foundation, Inc.
-# Originally by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
-#
-# This file is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-#
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-# A lot of this script is taken from autoconf-2.10.
-
-# Check that we are running under the correct shell.
-SHELL=${CONFIG_SHELL-/bin/sh}
-echo=echo
-if test "X$1" = X--no-reexec; then
-  # Discard the --no-reexec flag, and continue.
-  shift
-elif test "X$1" = X--fallback-echo; then
-  # Avoid inline document here, it may be left over
-  :
-elif test "X`($echo '\t') 2>/dev/null`" = 'X\t'; then
-  # Yippee, $echo works!
-  :
-else
-  # Restart under the correct shell.
-  exec "$SHELL" "$0" --no-reexec ${1+"$@"}
-fi
-
-if test "X$1" = X--fallback-echo; then
-  # used as fallback echo
-  shift
-  cat <<EOF
-$*
-EOF
-  exit 0
-fi
-
-# Find the correct PATH separator.  Usually this is `:', but
-# DJGPP uses `;' like DOS.
-if test "X${PATH_SEPARATOR+set}" != Xset; then
-  UNAME=${UNAME-`uname 2>/dev/null`}
-  case X$UNAME in
-    *-DOS) PATH_SEPARATOR=';' ;;
-    *)     PATH_SEPARATOR=':' ;;
-  esac
-fi
-
-# The HP-UX ksh and POSIX shell print the target directory to stdout
-# if CDPATH is set.
-if test "X${CDPATH+set}" = Xset; then CDPATH=:; export CDPATH; fi
-
-if test "X${echo_test_string+set}" != Xset; then
-  # find a string as large as possible, as long as the shell can cope with it
-  for cmd in 'sed 50q "$0"' 'sed 20q "$0"' 'sed 10q "$0"' 'sed 2q "$0"' 'echo test'; do
-    # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ...
-    if (echo_test_string="`eval $cmd`") 2>/dev/null &&
-       echo_test_string="`eval $cmd`" &&
-       (test "X$echo_test_string" = "X$echo_test_string") 2>/dev/null; then
-      break
-    fi
-  done
-fi
-
-if test "X`($echo '\t') 2>/dev/null`" = 'X\t' &&
-   echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` &&
-   test "X$echo_testing_string" = "X$echo_test_string"; then
-  :
-else
-  # The Solaris, AIX, and Digital Unix default echo programs unquote
-  # backslashes.  This makes it impossible to quote backslashes using
-  #   echo "$something" | sed 's/\\/\\\\/g'
-  #
-  # So, first we look for a working echo in the user's PATH.
-
-  IFS="${IFS= 	}"; save_ifs="$IFS"; IFS="${IFS}${PATH_SEPARATOR}"
-  for dir in $PATH /usr/ucb; do
-    if (test -f $dir/echo || test -f $dir/echo$ac_exeext) &&
-       test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' &&
-       echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` &&
-       test "X$echo_testing_string" = "X$echo_test_string"; then
-      echo="$dir/echo"
-      break
-    fi
-  done
-  IFS="$save_ifs"
-
-  if test "X$echo" = Xecho; then
-    # We didn't find a better echo, so look for alternatives.
-    if test "X`(print -r '\t') 2>/dev/null`" = 'X\t' &&
-       echo_testing_string=`(print -r "$echo_test_string") 2>/dev/null` &&
-       test "X$echo_testing_string" = "X$echo_test_string"; then
-      # This shell has a builtin print -r that does the trick.
-      echo='print -r'
-    elif (test -f /bin/ksh || test -f /bin/ksh$ac_exeext) &&
-	 test "X$CONFIG_SHELL" != X/bin/ksh; then
-      # If we have ksh, try running ltconfig again with it.
-      ORIGINAL_CONFIG_SHELL="${CONFIG_SHELL-/bin/sh}"
-      export ORIGINAL_CONFIG_SHELL
-      CONFIG_SHELL=/bin/ksh
-      export CONFIG_SHELL
-      exec "$CONFIG_SHELL" "$0" --no-reexec ${1+"$@"}
-    else
-      # Try using printf.
-      echo='printf %s\n'
-      if test "X`($echo '\t') 2>/dev/null`" = 'X\t' &&
-	 echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` &&
-	 test "X$echo_testing_string" = "X$echo_test_string"; then
-	# Cool, printf works
-	:
-      elif echo_testing_string=`("$ORIGINAL_CONFIG_SHELL" "$0" --fallback-echo '\t') 2>/dev/null` &&
-	   test "X$echo_testing_string" = 'X\t' &&
-	   echo_testing_string=`("$ORIGINAL_CONFIG_SHELL" "$0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
-	   test "X$echo_testing_string" = "X$echo_test_string"; then
-	CONFIG_SHELL="$ORIGINAL_CONFIG_SHELL"
-	export CONFIG_SHELL
-	SHELL="$CONFIG_SHELL"
-	export SHELL
-	echo="$CONFIG_SHELL $0 --fallback-echo"
-      elif echo_testing_string=`("$CONFIG_SHELL" "$0" --fallback-echo '\t') 2>/dev/null` &&
-	   test "X$echo_testing_string" = 'X\t' &&
-	   echo_testing_string=`("$CONFIG_SHELL" "$0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
-	   test "X$echo_testing_string" = "X$echo_test_string"; then
-	echo="$CONFIG_SHELL $0 --fallback-echo"
-      else
-	# maybe with a smaller string...
-	prev=:
-
-	for cmd in 'echo test' 'sed 2q "$0"' 'sed 10q "$0"' 'sed 20q "$0"' 'sed 50q "$0"'; do
-	  if (test "X$echo_test_string" = "X`eval $cmd`") 2>/dev/null; then
-	    break
-	  fi
-	  prev="$cmd"
-	done
-
-	if test "$prev" != 'sed 50q "$0"'; then
-	  echo_test_string=`eval $prev`
-	  
-	  export echo_test_string
-	  exec "${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}}" "$0" ${1+"$@"}
-	else
-	  # Oops.  We lost completely, so just stick with echo.
-	  echo=echo
-	fi
-      fi
-    fi
-  fi
-fi
-
-# Sed substitution that helps us do robust quoting.  It backslashifies
-# metacharacters that are still active within double-quoted strings.
-Xsed='sed -e s/^X//'
-sed_quote_subst='s/\([\\"\\`$\\\\]\)/\\\1/g'
-
-# Same as above, but do not quote variable references.
-double_quote_subst='s/\([\\"\\`\\\\]\)/\\\1/g'
-
-# Sed substitution to delay expansion of an escaped shell variable in a
-# double_quote_subst'ed string.
-delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
-
-# The name of this program.
-progname=`$echo "X$0" | $Xsed -e 's%^.*/%%'`
-
-# Constants:
-PROGRAM=ltconfig
-PACKAGE=libtool
-VERSION=1.4a
-TIMESTAMP=" (1.641.2.255 2001/05/22 10:39:30)"
-ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5'
-ac_link='${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5'
-rm="rm -f"
-
-help="Try \`$progname --help' for more information."
-
-# Global variables:
-default_ofile=libtool
-can_build_shared=yes
-enable_shared=yes
-# All known linkers require a `.a' archive for static linking (except M$VC,
-# which needs '.lib').
-enable_static=yes
-enable_fast_install=yes
-enable_dlopen=unknown
-enable_win32_dll=no
-pic_mode=default
-ltmain=
-silent=
-srcdir=
-ac_config_guess=
-ac_config_sub=
-host=
-build=NONE
-nonopt=NONE
-ofile="$default_ofile"
-verify_host=yes
-tagname=
-with_gcc=no
-with_gnu_ld=no
-need_locks=yes
-ac_ext=c
-libext=a
-cache_file=
-max_cmd_len=
-
-## Dependencies to place before and after the object being linked:
-predep_objects=
-postdep_objects=
-predeps=
-postdeps=
-compiler_lib_search_path=
-
-## Link characteristics:
-allow_undefined_flag=
-no_undefined_flag=
-need_lib_prefix=unknown
-need_version=unknown
-# when you set need_version to no, make sure it does not cause -set_version
-# flags to be left without arguments
-archive_cmds=
-archive_expsym_cmds=
-old_archive_from_new_cmds=
-old_archive_from_expsyms_cmds=
-striplib=
-old_striplib=
-export_dynamic_flag_spec=
-whole_archive_flag_spec=
-thread_safe_flag_spec=
-hardcode_into_libs=no
-hardcode_libdir_flag_spec=
-hardcode_libdir_separator=
-hardcode_direct=no
-hardcode_minus_L=no
-hardcode_shlibpath_var=unsupported
-runpath_var=
-link_all_deplibs=unknown
-always_export_symbols=no
-export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | sed '\''s/.* //'\'' | sort | uniq > $export_symbols'
-# include_expsyms should be a list of space-separated symbols to be *always*
-# included in the symbol list
-include_expsyms=
-# exclude_expsyms can be an egrep regular expression of symbols to exclude
-# it will be wrapped by ` (' and `)$', so one must not match beginning or
-# end of line.  Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc',
-# as well as any symbol that contains `d'.
-exclude_expsyms="_GLOBAL_OFFSET_TABLE_"
-# Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
-# platforms (ab)use it in PIC code, but their linkers get confused if
-# the symbol is explicitly referenced.  Since portable code cannot
-# rely on this symbol name, it's probably fine to never include it in
-# preloaded symbol tables.
-extract_expsyms_cmds=
-
-## Tools:
-old_AR="$AR"
-old_AR_FLAGS="$AR_FLAGS"
-old_CC="$CC"
-old_CFLAGS="$CFLAGS"
-old_CPPFLAGS="$CPPFLAGS"
-old_LDFLAGS="$LDFLAGS"
-old_LIBS="$LIBS"
-old_MAGIC_CMD="$MAGIC_CMD"
-old_LD="$LD"
-old_LN_S="$LN_S"
-old_LTCC="$LTCC"
-old_NM="$NM"
-old_RANLIB="$RANLIB"
-old_STRIP="$STRIP"
-old_AS="$AS"
-old_DLLTOOL="$DLLTOOL"
-old_OBJDUMP="$OBJDUMP"
-old_OBJEXT="$OBJEXT"
-old_EXEEXT="$EXEEXT"
-old_reload_flag="$reload_flag"
-old_deplibs_check_method="$deplibs_check_method"
-old_file_magic_cmd="$file_magic_cmd"
-
-# Parse the command line options.
-args=
-prev=
-for option
-do
-  case $option in
-  -*=*) optarg=`echo "$option" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
-  *) optarg= ;;
-  esac
-
-  # If the previous option needs an argument, assign it.
-  if test -n "$prev"; then
-    eval "$prev=\$option"
-    prev=
-    continue
-  fi
-
-  case $option in
-  --help) cat <<EOM
-Usage: $progname [OPTION]... LTMAIN [HOST]
-
-Generate a system-specific libtool script.
-
-    --build                configure for building on BUILD [BUILD=HOST]
-    --debug                enable verbose shell tracing
-    --disable-shared       do not build shared libraries
-    --disable-static       do not build static libraries
-    --disable-fast-install do not optimize for fast installation
-    --enable-dlopen        enable dlopen support
-    --enable-win32-dll     enable building dlls on win32 hosts
-    --help                 display this help and exit
-    --no-verify            do not verify that HOST is a valid host type
--o, --output=FILE          specify the output file [default=$default_ofile]
-    --quiet                same as \`--silent'
-    --silent               do not print informational messages
-    --srcdir=DIR           find \`config.guess' in DIR
-    --version              output version information and exit
-    --add-tag=TAG          append an alternate configuration
-    --with-gcc             assume that the GNU C compiler will be used
-    --with-gnu-ld          assume that the C compiler uses the GNU linker
-    --prefer-pic           try to use only PIC objects
-    --prefer-non-pic       try to use only non-PIC objects
-    --disable-lock         disable file locking
-    --cache-file=FILE      configure cache file
-
-LTMAIN is the \`ltmain.sh' shell script fragment or \`ltmain.c' program
-that provides basic libtool functionality.
-
-HOST is the canonical host system name [default=guessed].
-EOM
-  exit 0
-  ;;
-
-  --build) prev=build ;;
-  --build=*) build="$optarg" ;;
-
-  --debug)
-    echo "$progname: enabling shell trace mode"
-    set -x
-    ;;
-
-  --disable-shared) enable_shared=no ;;
-
-  --disable-static) enable_static=no ;;
-
-  --disable-fast-install) enable_fast_install=no ;;
-
-  --enable-dlopen) enable_dlopen=yes ;;
-
-  --enable-win32-dll) enable_win32_dll=yes ;;
-
-  --quiet | --silent) silent=yes ;;
-
-  --srcdir) prev=srcdir ;;
-  --srcdir=*) srcdir="$optarg" ;;
-
-  --no-verify) verify_host=no ;;
-
-  --output | -o) prev=ofile ;;
-  --output=*) ofile="$optarg" ;;
-
-  --version) echo "$PROGRAM (GNU $PACKAGE) $VERSION$TIMESTAMP"; exit 0 ;;
-
-  --add-tag) prev=tagname ;;
-  --add-tag=*) tagname="$optarg" ;;
-
-  --with-gcc) with_gcc=yes ;;
-  --with-gnu-ld) with_gnu_ld=yes ;;
-
-  --prefer-pic) pic_mode=yes ;;
-  --prefer-non-pic) pic_mode=no ;;
-
-  --disable-lock) need_locks=no ;;
-
-  --cache-file=*) cache_file="$optarg" ;;
-
-  -*)
-    echo "$progname: unrecognized option \`$option'" 1>&2
-    echo "$help" 1>&2
-    exit 1
-    ;;
-
-  *)
-    if test -z "$ltmain"; then
-      ltmain="$option"
-    elif test -z "$host"; then
-# This generates an unnecessary warning for sparc-sun-solaris4.1.3_U1
-#      if test -n "`echo $option| sed 's/[-a-z0-9.]//g'`"; then
-#        echo "$progname: warning \`$option' is not a valid host type" 1>&2
-#      fi
-      host="$option"
-    else
-      echo "$progname: too many arguments" 1>&2
-      echo "$help" 1>&2
-      exit 1
-    fi ;;
-  esac
-done
-
-if test -z "$ltmain"; then
-  echo "$progname: you must specify a LTMAIN file" 1>&2
-  echo "$help" 1>&2
-  exit 1
-fi
-
-if test ! -f "$ltmain"; then
-  echo "$progname: \`$ltmain' does not exist" 1>&2
-  echo "$help" 1>&2
-  exit 1
-fi
-
-if test -n "$tagname"; then
-  # Check whether tagname contains only valid characters
-  case `$echo "X$tagname" | $Xsed -e 's/[-_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890,/]//g'` in
-  "") ;;
-  *)
-    echo "$progname: invalid tag name: $tagname" 1>&2
-    exit 1
-    ;;
-  esac
-
-  if grep "^### BEGIN LIBTOOL TAG CONFIG: $tagname$" < "$ofile" > /dev/null; then
-    echo "$progname: tag name $tagname already exists" 1>&2
-    exit 1
-  fi
-
-  if test ! -f "$ofile"; then
-    echo "$progname: warning: output file \`$ofile' does not exist" 1>&2
-  fi
-
-  if test -z "$LTCC"; then
-    eval "`$SHELL $ofile --config | grep '^LTCC='`"
-    if test -z "$LTCC"; then
-      echo "$progname: warning: output file \`$ofile' does not look like a libtool script" 1>&2
-    else
-      echo "$progname: warning: using \`LTCC=$LTCC', extracted from \`$ofile'" 1>&2
-    fi
-  fi
-fi
-
-# Quote any args containing shell metacharacters.
-ltconfig_args=
-for arg
-do
-  case $arg in
-  *" "*|*"	"*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?]*)
-  ltconfig_args="$ltconfig_args '$arg'" ;;
-  *) ltconfig_args="$ltconfig_args $arg" ;;
-  esac
-done
-
-# A relevant subset of AC_INIT.
-
-# File descriptor usage:
-# 0 standard input
-# 1 file creation
-# 2 errors and warnings
-# 3 some systems may open it to /dev/tty
-# 4 used on the Kubota Titan
-# 5 compiler messages saved in config.log
-# 6 checking for... messages and results
-if test "$silent" = yes; then
-  exec 6>/dev/null
-else
-  exec 6>&1
-fi
-exec 5>>./config.log
-
-# NLS nuisances.
-# Only set LANG and LC_ALL to C if already set.
-# These must not be set unconditionally because not all systems understand
-# e.g. LANG=C (notably SCO).
-if test "X${LC_ALL+set}" = Xset; then LC_ALL=C; export LC_ALL; fi
-if test "X${LANG+set}"   = Xset; then LANG=C;   export LANG;   fi
-
-if test -n "$cache_file" && test -r "$cache_file" && test -f "$cache_file"; then
-  echo "loading cache $cache_file within ltconfig"
-  . $cache_file
-fi
-
-if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then
-  # Stardent Vistra SVR4 grep lacks -e, says ghazi@caip.rutgers.edu.
-  if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then
-    ac_n= ac_c='
-' ac_t='	'
-  else
-    ac_n=-n ac_c= ac_t=
-  fi
-else
-  ac_n= ac_c='\c' ac_t=
-fi
-
-if test -z "$srcdir"; then
-  # Assume the source directory is the same one as the path to LTMAIN.
-  srcdir=`$echo "X$ltmain" | $Xsed -e 's%/[^/]*$%%'`
-  test "$srcdir" = "$ltmain" && srcdir=.
-fi
-
-trap "$rm conftest*; exit 1" 1 2 15
-if test "$verify_host" = yes; then
-  # Check for config.guess and config.sub.
-  ac_aux_dir=
-  for ac_dir in $srcdir $srcdir/.. $srcdir/../..; do
-    if test -f $ac_dir/config.guess; then
-      ac_aux_dir=$ac_dir
-      break
-    fi
-  done
-  if test -z "$ac_aux_dir"; then
-    echo "$progname: cannot find config.guess in $srcdir $srcdir/.. $srcdir/../.." 1>&2
-    echo "$help" 1>&2
-    exit 1
-  fi
-  ac_config_guess=$ac_aux_dir/config.guess
-  ac_config_sub=$ac_aux_dir/config.sub
-
-  # Make sure we can run config.sub.
-  if $SHELL $ac_config_sub sun4 >/dev/null 2>&1; then :
-  else
-    echo "$progname: cannot run $ac_config_sub" 1>&2
-    echo "$help" 1>&2
-    exit 1
-  fi
-
-  echo $ac_n "checking host system type""... $ac_c" 1>&6
-
-  host_alias=$host
-  case $host_alias in
-  "")
-    # Force config.guess to use the C compiler.
-    # CC_FOR_BUILD overrides the CC variable in config.guess but I had
-    # problems with it so do it this way for now.
-    CC="$LTCC"
-
-    if host_alias=`$SHELL $ac_config_guess`; then :
-    else
-      echo "$progname: cannot guess host type; you must specify one" 1>&2
-      echo "$help" 1>&2
-      exit 1
-    fi
-
-    # Restore the C compiler.
-    CC="$old_CC"
-    ;;
-  esac
-  host=`$SHELL $ac_config_sub $host_alias`
-  echo "$ac_t$host" 1>&6
-
-  # Make sure the host verified.
-  test -z "$host" && exit 1
-
-  # Check for the build system type
-  echo $ac_n "checking build system type... $ac_c" 1>&6
-
-  build_alias=$build
-  case $build_alias in
-  NONE)
-    case $nonopt in
-    NONE) build_alias=$host_alias ;;
-    *) build_alias=$nonopt ;;
-    esac ;;
-  esac
-
-  build=`$SHELL $ac_config_sub $build_alias`
-  build_cpu=`echo $build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
-  build_vendor=`echo $build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
-  build_os=`echo $build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
-  echo "$ac_t""$build" 1>&6
-
-elif test -z "$host"; then
-  echo "$progname: you must specify a host type if you use \`--no-verify'" 1>&2
-  echo "$help" 1>&2
-  exit 1
-else
-  host_alias=$host
-  build_alias=$host_alias
-  build=$host
-fi
-
-if test x"$host" != x"$build"; then
-  ac_tool_prefix=${host_alias}-
-else
-  ac_tool_prefix=
-fi
-
-host_cpu=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
-host_vendor=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
-host_os=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
-
-# Transform linux* to *-*-linux-gnu*, to support old configure scripts.
-case $host_os in
-linux-gnu*) ;;
-linux*) host=`echo $host | sed 's/^\(.*-.*-linux\)\(.*\)$/\1-gnu\2/'`
-esac
-
-case $host_os in
-aix3*)
-  # AIX sometimes has problems with the GCC collect2 program.  For some
-  # reason, if we set the COLLECT_NAMES environment variable, the problems
-  # vanish in a puff of smoke.
-  if test "X${COLLECT_NAMES+set}" != Xset; then
-    COLLECT_NAMES=
-    export COLLECT_NAMES
-  fi
-  ;;
-esac
-
-# Determine commands to create old-style static archives.
-old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs$old_deplibs'
-old_postinstall_cmds='chmod 644 $oldlib'
-old_postuninstall_cmds=
-
-if test -n "$RANLIB"; then
-  old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib"
-  old_postinstall_cmds="\$RANLIB \$oldlib~$old_postinstall_cmds"
-fi
-
-# Source the script associated with the $tagname tag configuration.
-if test -n "$tagname"; then
-  . $ltmain
-else
-  # FIXME:  We should use a variable here
-  # Configure for a C compiler
-  . $srcdir/ltcf-c.sh
-fi
-
-# Set sane defaults for various variables
-test -z "$AR" && AR=ar
-test -z "$AR_FLAGS" && AR_FLAGS=cru
-test -z "$AS" && AS=as
-test -z "$CC" && CC=cc
-test -z "$DLLTOOL" && DLLTOOL=dlltool
-test -z "$MAGIC_CMD" && MAGIC_CMD=file
-test -z "$LD" && LD=ld
-test -z "$LN_S" && LN_S="ln -s"
-test -z "$NM" && NM=nm
-test -z "$OBJDUMP" && OBJDUMP=objdump
-test -z "$RANLIB" && RANLIB=:
-test -z "$STRIP" && STRIP=:
-test -z "$objext" && objext=o
-
-echo $ac_n "checking for objdir... $ac_c" 1>&6
-rm -f .libs 2>/dev/null
-mkdir .libs 2>/dev/null
-if test -d .libs; then
-  objdir=.libs
-else
-  # MS-DOS does not allow filenames that begin with a dot.
-  objdir=_libs
-fi
-rmdir .libs 2>/dev/null
-echo "$ac_t$objdir" 1>&6
-
-# If no C compiler was specified, use CC.
-LTCC=${LTCC-"$CC"}
-
-# Allow CC to be a program name with arguments.
-set dummy $CC
-compiler="$2"
-
-# We assume here that the value for ac_cv_prog_cc_pic will not be cached
-# in isolation, and that seeing it set (from the cache) indicates that
-# the associated values are set (in the cache) correctly too.
-echo $ac_n "checking for $compiler option to produce PIC... $ac_c" 1>&6
-echo "$progname:678:checking for $compiler option to produce PIC" 1>&5
-
-if test -z "$ac_cv_prog_cc_pic"; then
-  echo "$ac_t"none 1>&6
-else
-  echo "$ac_t""$ac_cv_prog_cc_pic" 1>&6
-
-  # Check to make sure the pic_flag actually works.
-  echo $ac_n "checking if $compiler PIC flag $ac_cv_prog_cc_pic works... $ac_c" 1>&6
-  echo "$progname:687:checking that $compiler PIC flag $ac_cv_prog_cc_pic works." 1>&5
-  if test "X${ac_cv_prog_cc_pic_works+set}" = Xset && \
-     test "X${ac_cv_prog_cc_pic_works}" != X; then
-    echo $ac_n "(cached) $ac_c" 1>&6
-  else
-    ac_cv_prog_cc_pic_works=yes
-    $rm conftest*
-    echo $lt_simple_compile_test_code > conftest.$ac_ext
-    save_CFLAGS="$CFLAGS"
-    CFLAGS="$CFLAGS $ac_cv_prog_cc_pic -DPIC"
-    if { (eval echo $progname:697: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>conftest.err; } && test -s conftest.$objext; then
-      # Append any warnings to the config.log.
-      cat conftest.err 1>&5
-
-      case $host_os in
-      hpux9* | hpux10* | hpux11*)
-	# On HP-UX, both CC and GCC only warn that PIC is supported... then
-	# they create non-PIC objects.  So, if there were any warnings, we
-	# assume that PIC is not supported.
-	if test -s conftest.err; then
-	  ac_cv_prog_cc_pic_works=no
-	  ac_cv_prog_cc_can_build_shared=no
-	  ac_cv_prog_cc_pic=
-	else
-	  ac_cv_prog_cc_pic_works=yes
-	  ac_cv_prog_cc_pic=" $ac_cv_prog_cc_pic"
-	fi
-	;;
-      *)
-	ac_cv_prog_cc_pic_works=yes
-	ac_cv_prog_cc_pic=" $ac_cv_prog_cc_pic"
-	;;
-      esac
-    else
-      # Append any errors to the config.log.
-      cat conftest.err 1>&5
-      ac_cv_prog_cc_pic_works=no
-      ac_cv_prog_cc_can_build_shared=no
-      ac_cv_prog_cc_pic=
-    fi
-    CFLAGS="$save_CFLAGS"
-    $rm conftest*
-  fi
-  # Belt *and* braces to stop my trousers falling down:
-  if test "X$ac_cv_prog_cc_pic_works" = Xno; then
-    ac_cv_prog_cc_pic=
-    ac_cv_prog_cc_can_build_shared=no
-  fi
-  echo "$ac_t""$ac_cv_prog_cc_pic_works" 1>&6
-fi
-
-# Check for any special shared library compilation flags.
-if test -n "$ac_cv_prog_cc_shlib"; then
-  echo "$progname: warning: \`$CC' requires \`$ac_cv_prog_cc_shlib' to build shared libraries" 1>&2
-  if echo "$old_CC $old_CFLAGS " | egrep -e "[ 	]$ac_cv_prog_cc_shlib[ 	]" >/dev/null; then :
-  else
-    echo "$progname: add \`$ac_cv_prog_cc_shlib' to the CC or CFLAGS env variable and reconfigure" 1>&2
-    ac_cv_prog_cc_can_build_shared=no
-  fi
-fi
-
-echo $ac_n "checking if $compiler static flag $ac_cv_prog_cc_static works... $ac_c" 1>&6
-echo "$progname:749: checking if $compiler static flag $ac_cv_prog_cc_static works" >&5
-if test "X${ac_cv_prog_cc_static_works+set}" = Xset && \
-   test "X${ac_cv_prog_cc_static_works}" != X; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  $rm conftest*
-  echo $lt_simple_link_test_code > conftest.$ac_ext
-  save_LDFLAGS="$LDFLAGS"
-  LDFLAGS="$LDFLAGS $ac_cv_prog_cc_static"
-  if { (eval echo $progname:758: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-    ac_cv_prog_cc_static_works=yes
-  else
-    ac_cv_prog_cc_static_works=no
-    ac_cv_prog_cc_static=
-  fi
-  LDFLAGS="$save_LDFLAGS"
-  $rm conftest*
-fi
-# Belt *and* braces to stop my trousers falling down:
-if test "X$ac_cv_prog_cc_static_works" = Xno; then
-  ac_cv_prog_cc_static=
-fi
-echo "$ac_t""$ac_cv_prog_cc_static_works" 1>&6
-pic_flag="$ac_cv_prog_cc_pic"
-special_shlib_compile_flags="$ac_cv_prog_cc_shlib"
-wl="$ac_cv_prog_cc_wl"
-link_static_flag="$ac_cv_prog_cc_static"
-no_builtin_flag="$ac_cv_prog_cc_no_builtin"
-can_build_shared="$ac_cv_prog_cc_can_build_shared"
-
-# find the maximum length of command line arguments
-echo "$progname:780: finding the maximum length of command line arguments" 1>&5
-echo $ac_n "finding the maximum length of command line arguments... $ac_c" 1>&6
-if test "${lt_cv_sys_max_cmd_len+set}" = set; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  i=0
-  testring="ABCD"
-  # If test is not a shell built-in, we'll probably end up computing a
-  # maximum length that is only half of the actual maximum length, but
-  # we can't tell.
-  while test "X"`$CONFIG_SHELL $0 --fallback-echo "X$testring" 2>/dev/null` \
-             = "XX$testring" &&
-          new_result=`expr "X$testring" : ".*" 2>&1` &&
-          lt_cv_sys_max_cmd_len=$new_result &&
-          test $i != 18 # 1 MB should be enough
-  do
-    i=`expr $i + 1`
-    testring=$testring$testring
-  done
-  testring=
-  # add a significant safety factor because C++ compilers can tack on massive amounts
-  # of additional arguments before passing them to the linker.  1/4 should be good.
-  len=`expr $lt_cv_sys_max_cmd_len \/ 4`
-  lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len - $len`
-fi
-echo "$progname:@lineno@: result: $lt_cv_sys_max_cmd_len" 1>&5
-echo "${ac_t}$lt_cv_sys_max_cmd_len" 1>&6
-
-if test -n $lt_cv_sys_max_cmd_len ; then
-  max_cmd_len=$lt_cv_sys_max_cmd_len
-else
-  max_cmd_len=none
-fi
-
-# Check to see if options -o and -c are simultaneously supported by compiler
-echo $ac_n "checking if $compiler supports -c -o file.$objext... $ac_c" 1>&6
-if test "${lt_cv_compiler_c_o+set}" = set; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  $rm -r conftest 2>/dev/null
-  mkdir conftest
-  cd conftest
-  $rm conftest*
-  echo $lt_simple_compile_test_code > conftest.$ac_ext
-  mkdir out
-  # According to Tom Tromey, Ian Lance Taylor reported there are C compilers
-  # that will create temporary files in the current directory regardless of
-  # the output directory.  Thus, making CWD read-only will cause this test
-  # to fail, enabling locking or at least warning the user not to do parallel
-  # builds.
-  chmod -w .
-  save_CFLAGS="$CFLAGS"
-  CFLAGS="$CFLAGS -o out/conftest2.$objext"
-  echo "$progname:833: checking if $compiler supports -c -o file.$objext" >&5
-  if { (eval echo $progname:834: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>out/conftest.err; } && test -s out/conftest2.$objext; then
-
-    # The compiler can only warn and ignore the option if not recognized
-    # So say no if there are warnings
-      if test -s out/conftest.err; then
-        lt_cv_compiler_c_o=no
-      else
-        lt_cv_compiler_c_o=yes
-      fi
-  else
-    # Append any errors to the config.log.
-    cat out/conftest.err 1>&5
-    lt_cv_compiler_c_o=no
-  fi
-  CFLAGS="$save_CFLAGS"
-  chmod u+w .
-  $rm conftest* out/*
-  rmdir out
-  cd ..
-  rmdir conftest
-  $rm -r conftest 2>/dev/null
-fi
-compiler_c_o=$lt_cv_compiler_c_o
-echo "${ac_t}$compiler_c_o" 1>&6
-
-# Check to see if we can do hard links to lock some files if needed
-hard_links="nottested"
-if test "$compiler_c_o" = no && test "$need_locks" != no; then
-  # do not overwrite the value of need_locks provided by the user
-  echo $ac_n "checking if we can lock with hard links... $ac_c" 1>&6
-  hard_links=yes
-  $rm conftest*
-  ln conftest.a conftest.b 2>/dev/null && hard_links=no
-  touch conftest.a
-  ln conftest.a conftest.b 2>&5 || hard_links=no
-  ln conftest.a conftest.b 2>/dev/null && hard_links=no
-  echo "$ac_t$hard_links" 1>&6
-  $rm conftest*
-  if test "$hard_links" = no; then
-    echo "*** WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2
-    need_locks=warn
-  fi
-else
-  need_locks=no
-fi
-
-if test "$with_gcc" = yes; then
-  # Check to see if options -fno-rtti -fno-exceptions are supported by compiler
-  echo $ac_n "checking if $compiler supports -fno-rtti -fno-exceptions ... $ac_c" 1>&6
-  $rm conftest*
-  echo $lt_simple_compile_test_code > conftest.$ac_ext
-  save_CFLAGS="$CFLAGS"
-  CFLAGS="$CFLAGS -fno-rtti -fno-exceptions -c conftest.$ac_ext"
-  echo "$progname:887: checking if $compiler supports -fno-rtti -fno-exceptions" >&5
-  if { (eval echo $progname:888: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>conftest.err; } && test -s conftest.$objext; then
-
-    # The compiler can only warn and ignore the option if not recognized
-    # So say no if there are warnings
-      if test -s conftest.err; then
-	echo "$ac_t"no 1>&6
-	compiler_rtti_exceptions=no
-      else
-	echo "$ac_t"yes 1>&6
-	compiler_rtti_exceptions=yes
-      fi
-  else
-    # Append any errors to the config.log.
-    cat conftest.err 1>&5
-    compiler_rtti_exceptions=no
-    echo "$ac_t"no 1>&6
-  fi
-  CFLAGS="$save_CFLAGS"
-  $rm conftest*
-
-  if test "$compiler_rtti_exceptions" = "yes"; then
-    no_builtin_flag=' -fno-builtin -fno-rtti -fno-exceptions'
-  else
-    no_builtin_flag=' -fno-builtin'
-  fi
-  
-fi
-
-# See if the linker supports building shared libraries.
-echo $ac_n "checking whether the linker ($LD) supports shared libraries... $ac_c" 1>&6
-
-echo "$ac_t$ld_shlibs" 1>&6
-test "$ld_shlibs" = no && can_build_shared=no
-
-# Check hardcoding attributes.
-echo $ac_n "checking how to hardcode library paths into programs... $ac_c" 1>&6
-hardcode_action=
-if test -n "$hardcode_libdir_flag_spec" || \
-   test -n "$runpath_var"; then
-
-  # We can hardcode non-existant directories.
-  if test "$hardcode_direct" != no &&
-     # If the only mechanism to avoid hardcoding is shlibpath_var, we
-     # have to relink, otherwise we might link with an installed library
-     # when we should be linking with a yet-to-be-installed one
-     ## test "$hardcode_shlibpath_var" != no &&
-     test "$hardcode_minus_L" != no; then
-    # Linking always hardcodes the temporary library directory.
-    hardcode_action=relink
-  else
-    # We can link without hardcoding, and we can hardcode nonexisting dirs.
-    hardcode_action=immediate
-  fi
-else
-  # We cannot hardcode anything, or else we can only hardcode existing
-  # directories.
-  hardcode_action=unsupported
-fi
-echo "$ac_t$hardcode_action" 1>&6
-
-echo $ac_n "checking whether stripping libraries is possible... $ac_c" 1>&6
-if test -n "$STRIP" && $STRIP -V 2>&1 | grep "GNU strip" >/dev/null; then
-  test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
-  test -z "$striplib" && striplib="$STRIP --strip-unneeded"
-  echo "${ac_t}yes" 1>&6
-else
-  echo "${ac_t}no" 1>&6
-fi
-
-case $reload_flag in
-"" | " "*) ;;
-*) reload_flag=" $reload_flag" ;;
-esac
-reload_cmds='$LD$reload_flag -o $output$reload_objs'
-test -z "$deplibs_check_method" && deplibs_check_method=unknown
-
-# PORTME Fill in your ld.so characteristics
-library_names_spec=
-libname_spec='lib$name'
-soname_spec=
-postinstall_cmds=
-postuninstall_cmds=
-finish_cmds=
-finish_eval=
-shlibpath_var=
-shlibpath_overrides_runpath=unknown
-version_type=none
-dynamic_linker="$host_os ld.so"
-sys_lib_dlsearch_path_spec="/lib /usr/lib"
-sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
-
-echo $ac_n "checking dynamic linker characteristics... $ac_c" 1>&6
-case $host_os in
-aix3*)
-  version_type=linux
-  library_names_spec='${libname}${release}.so$versuffix $libname.a'
-  shlibpath_var=LIBPATH
-
-  # AIX 3 has no versioning support, so we append a major version to the name.
-  soname_spec='${libname}${release}.so$major'
-  ;;
-
-aix4* | aix5*)
-  if test "$host_cpu" = ia64; then
-    # AIX 5 supports IA64
-    library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-    shlibpath_var=LD_LIBRARY_PATH
-  else
-    # AIX (on Power*) has no versioning support, so currently we can not hardcode correct
-    # soname into executable. Probably we can add versioning support to
-    # collect2, so additional links can be useful in future.
-    # We preserve .a as extension for shared libraries though AIX4.2
-    # and later linker supports .so
-    if test "$aix_use_runtimelinking" = yes; then
-      # If using run time linking (on AIX 4.2 or later) use lib<name>.so instead of
-      # lib<name>.a to let people know that these are not typical AIX shared libraries.
-      library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-    else
-      # We preserve .a as extension for shared libraries though AIX4.2
-      # and later when we are not doing run time linking.
-      library_names_spec='${libname}${release}.a $libname.a'
-      soname_spec='${libname}${release}.so$major.o'
-    fi
-    # If we're using GNU nm, then we don't want the "-C" option.
-    # -C means demangle to AIX nm, but means don't demangle with GNU nm
-    if $NM -V 2>&1 | egrep '(GNU)' > /dev/null; then
-      export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols'
-    else
-      export_symbols_cmds='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols'
-    fi
-    shlibpath_var=LIBPATH
-    deplibs_check_method=pass_all
-    case $host_os in
-    aix4 | aix4.[01] | aix4.[01].*)
-      if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
-	   echo ' yes '
-	   echo '#endif'; } | ${CC} -E - | grep yes > /dev/null; then
-	:
-      else
-	# With GCC up to 2.95.x, collect2 would create an import file
-	# for dependence libraries.  The import file would start with
-	# the line `#! .'.  This would cause the generated library to
-	# depend on `.', always an invalid library.  This was fixed in
-	# development snapshots of GCC prior to 3.0.
-        can_build_shared=no
-      fi
-      ;;
-    esac
-  fi
-  ;;
-
-amigaos*)
-  library_names_spec='$libname.ixlibrary $libname.a'
-  # Create ${libname}_ixlibrary.a entries in /sys/libs.
-  finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "(cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a)"; (cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a) || exit 1; done'
-  ;;
-
-beos*)
-  library_names_spec='${libname}.so'
-  dynamic_linker="$host_os ld.so"
-  shlibpath_var=LIBRARY_PATH
-  lt_cv_dlopen="load_add_on"
-  lt_cv_dlopen_libs=
-  lt_cv_dlopen_self=yes
-  ;;
-
-bsdi4*)
-  version_type=linux
-  need_version=no
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-  soname_spec='${libname}${release}.so$major'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
-  sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
-  export_dynamic_flag_spec=-rdynamic
-  # the default ld.so.conf also contains /usr/contrib/lib and
-  # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
-  # libtool to hard-code these into programs
-  ;;
-
-cygwin* | mingw* | pw32*)
-  version_type=windows
-  need_version=no
-  need_lib_prefix=no
-  case $with_gcc,$host_os in
-  yes,cygwin*)
-    library_names_spec='$libname.dll.a'
-    soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | [sed -e 's/[.]/-/g']`${versuffix}.dll'
-    postinstall_cmds='dlpath=`bash 2>&1 -c '\''. $dir/${file}i; echo \$dlname'\''`~
-      dldir=$destdir/`dirname \$dlpath`~
-      test -d \$dldir || mkdir -p \$dldir~
-      $install_prog .libs/$dlname \$dldir/$dlname'
-    postuninstall_cmds='dldll=`bash 2>&1 -c '\''. $file; echo \$dlname'\''`~
-      dlpath=$dir/\$dldll; $rm \$dlpath'
-    ;;
-  yes,mingw*)
-    library_names_spec='${libname}`echo ${release} | sed -e 's/[.]/-/g'`${versuffix}.dll'
-    sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | sed -e "s/^libraries://" -e "s/;/ /g"`
-    ;;
-  yes,pw32*)
-    library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | sed -e 's/[.]/-/g'`${versuffix}.dll'
-;;
-  *)
-    library_names_spec='${libname}`echo ${release} | sed -e 's/[.]/-/g'`${versuffix}.dll $libname.lib'
-    ;;
-  esac
-  dynamic_linker='Win32 ld.exe'
-  # FIXME: first we should search . and the directory the executable is in
-  shlibpath_var=PATH
-  lt_cv_dlopen="LoadLibrary"
-  lt_cv_dlopen_libs=
-  ;;
-
-darwin* | rhapsody*)
-  dynamic_linker="$host_os dyld"
-  version_type=darwin
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}${versuffix}.`test .$module = .yes && echo so || echo dylib` ${libname}${release}${major}.`test .$module = .yes && echo so || echo dylib` ${libname}.`test .$module = .yes && echo so || echo dylib`'
-  soname_spec='${libname}${release}${major}.`test .$module = .yes && echo so || echo dylib`'
-  shlibpath_overrides_runpath=yes
-  shlibpath_var=DYLD_LIBRARY_PATH
-  ;;
-
-freebsd1*)
-  dynamic_linker=no
-  ;;
-
-freebsd*)
-  objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout`
-  version_type=sunos
-  case $objformat in
-    elf*)
-      library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-      soname_spec='${libname}${release}.so$major'
-      need_version=no
-      need_lc=no
-      need_lib_prefix=no
-      ;;
-    *)
-      library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-      need_version=yes
-      ;;
-  esac
-  shlibpath_var=LD_LIBRARY_PATH
-  case $host_os in
-  freebsd2*)
-    shlibpath_overrides_runpath=yes
-    ;;
-  *)
-    shlibpath_overrides_runpath=no
-    hardcode_into_libs=yes
-    ;;
-  esac
-  ;;
-
-gnu*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so${major} ${libname}.so'
-  soname_spec='${libname}${release}.so$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  hardcode_into_libs=yes
-  ;;
-
-hpux9* | hpux10* | hpux11*)
-  # Give a soname corresponding to the major version so that dld.sl refuses to
-  # link against other versions.
-  dynamic_linker="$host_os dld.sl"
-  version_type=sunos
-  need_lib_prefix=no
-  need_version=no
-  shlibpath_var=SHLIB_PATH
-  shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
-  library_names_spec='${libname}${release}.sl$versuffix ${libname}${release}.sl$major $libname.sl'
-  soname_spec='${libname}${release}.sl$major'
-  # HP-UX runs *really* slowly unless shared libraries are mode 555.
-  postinstall_cmds='chmod 555 $lib'
-  ;;
-
-irix5* | irix6*)
-  version_type=sunos
-  need_lib_prefix=no
-  need_version=no
-  soname_spec='${libname}${release}.so$major'
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major ${libname}${release}.so $libname.so'
-  case $host_os in
-  irix5*)
-    libsuff= shlibsuff=
-    ;;
-  *)
-    case $LD in # libtool.m4 will add one of these switches to LD
-    *-32|*"-32 ") libsuff= shlibsuff= libmagic=32-bit;;
-    *-n32|*"-n32 ") libsuff=32 shlibsuff=N32 libmagic=N32;;
-    *-64|*"-64 ") libsuff=64 shlibsuff=64 libmagic=64-bit;;
-    *) libsuff= shlibsuff= libmagic=never-match;;
-    esac
-    ;;
-  esac
-  shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
-  shlibpath_overrides_runpath=no
-  sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
-  sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
-  ;;
-
-# No shared lib support for Linux oldld, aout, or coff.
-linux-gnuoldld* | linux-gnuaout* | linux-gnucoff*)
-  dynamic_linker=no
-  ;;
-
-# This must be Linux ELF.
-linux-gnu*)
-  version_type=sunos
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-  soname_spec='${libname}${release}.so$major'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  # This implies no fast_install, which is unacceptable.
-  # Some rework will be needed to allow for fast_install
-  # before this can be enabled.
-  hardcode_into_libs=yes
-
-  # We used to test for /lib/ld.so.1 and disable shared libraries on
-  # powerpc, because MkLinux only supported shared libraries with the
-  # GNU dynamic linker.  Since this was broken with cross compilers,
-  # most powerpc-linux boxes support dynamic linking these days and
-  # people can always --disable-shared, the test was removed, and we
-  # assume the GNU/Linux dynamic linker is in use.
-  dynamic_linker='GNU/Linux ld.so'
-  ;;
-
-netbsd*)
-  need_lib_prefix=no
-  need_version=no
-  version_type=sunos
-  if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
-    library_names_spec='${libname}${release}.so$versuffix ${libname}.so$versuffix'
-    finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
-    dynamic_linker='NetBSD (a.out) ld.so'
-  else
-    library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major ${libname}${release}.so ${libname}.so'
-    soname_spec='${libname}${release}.so$major'
-    dynamic_linker='NetBSD ld.elf_so'
-  fi
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  hardcode_into_libs=yes
-  sys_lib_dlsearch_path_spec="/usr/lib"
-  sys_lib_search_path_spec="/usr/lib"
-  ;;
-
-newsos6)
-  version_type=linux
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  ;;
-
-openbsd*)
-  version_type=sunos
-  if test "$with_gnu_ld" = yes; then
-    need_lib_prefix=no
-    need_version=no
-  fi
-  library_names_spec='${libname}${release}.so$versuffix ${libname}.so$versuffix'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-os2*)
-  libname_spec='$name'
-  need_lib_prefix=no
-  library_names_spec='$libname.dll $libname.a'
-  dynamic_linker='OS/2 ld.exe'
-  shlibpath_var=LIBPATH
-  ;;
-
-osf3* | osf4* | osf5*)
-  version_type=osf
-  need_version=no
-  soname_spec='${libname}${release}.so'
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so $libname.so'
-  shlibpath_var=LD_LIBRARY_PATH
-  sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
-  sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
-  ;;
-
-sco3.2v5*)
-  version_type=osf
-  soname_spec='${libname}${release}.so$major'
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-solaris*)
-  version_type=sunos
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-  soname_spec='${libname}${release}.so$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  hardcode_into_libs=yes
-  # ldd complains unless libraries are executable
-  postinstall_cmds='chmod +x $lib'
-  ;;
-
-sunos4*)
-  version_type=sunos
-  library_names_spec='${libname}${release}.so$versuffix ${libname}.so$versuffix'
-  finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  if test "$with_gnu_ld" = yes; then
-    need_lib_prefix=no
-  fi
-  need_version=yes
-  ;;
-
-sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
-  version_type=linux
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-  soname_spec='${libname}${release}.so$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  case $host_vendor in
-    motorola)
-      need_lib_prefix=no
-      need_version=no
-      shlibpath_overrides_runpath=no
-      sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
-      ;;
-  esac
-  ;;
-
-uts4*)
-  version_type=linux
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-  soname_spec='${libname}${release}.so$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-dgux*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-  soname_spec='${libname}${release}.so$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-sysv4*MP*)
-  if test -d /usr/nec ;then
-    version_type=linux
-    library_names_spec='$libname.so.$versuffix $libname.so.$major $libname.so'
-    soname_spec='$libname.so.$major'
-    shlibpath_var=LD_LIBRARY_PATH
-  fi
-  ;;
-
-*)
-  dynamic_linker=no
-  ;;
-esac
-echo "$ac_t$dynamic_linker" 1>&6
-test "$dynamic_linker" = no && can_build_shared=no
-
-# Check for command to grab the raw symbol name followed by C symbol from nm.
-echo $ac_n "checking command to parse $NM output... $ac_c" 1>&6
-
-# These are sane defaults that work on at least a few old systems.
-# [They come from Ultrix.  What could be older than Ultrix?!! ;)]
-
-# Character class describing NM global symbol codes.
-symcode='[BCDEGRST]'
-
-# Regexp to match symbols that can be accessed directly from C.
-sympat='\([_A-Za-z][_A-Za-z0-9]*\)'
-
-# Transform the above into a raw symbol and a C symbol.
-symxfrm='\1 \2\3 \3'
-
-# Transform an extracted symbol line into a proper C declaration
-global_symbol_to_cdecl="sed -n -e 's/^. .* \(.*\)$/extern char \1;/p'"
-
-# Define system-specific variables.
-case $host_os in
-aix*)
-  symcode='[BCDT]'
-  ;;
-cygwin* | mingw* | pw32*)
-  symcode='[ABCDGISTW]'
-  ;;
-hpux*) # Its linker distinguishes data from code symbols
-  global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern char \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
-  ;;
-irix*)
-  symcode='[BCDEGRST]'
-  ;;
-solaris* | sysv5*)
-  symcode='[BDT]'
-  ;;
-sysv4)
-  symcode='[DFNSTU]'
-  ;;
-esac
-
-# Handle CRLF in mingw tool chain
-opt_cr=
-case $host_os in
-mingw*)
-  opt_cr=`echo 'x\{0,1\}' | tr x '\015'` # option cr in regexp
-  ;;
-esac
-
-# If we're using GNU nm, then use its standard symbol codes.
-if $NM -V 2>&1 | egrep '(GNU|with BFD)' > /dev/null; then
-  symcode='[ABCDGISTW]'
-fi
-
-# Try without a prefix undercore, then with it.
-for ac_symprfx in "" "_"; do
-
-  # Write the raw and C identifiers.
-  global_symbol_pipe="sed -n -e 's/^.*[ 	]\($symcode$symcode*\)[ 	][ 	]*\($ac_symprfx\)$sympat$opt_cr$/$symxfrm/p'"
-
-  # Check to see that the pipe works correctly.
-  pipe_works=no
-  $rm conftest*
-  cat > conftest.$ac_ext <<EOF
-#ifdef __cplusplus
-extern "C" {
-#endif
-char nm_test_var;
-void nm_test_func(){}
-#ifdef __cplusplus
-}
-#endif
-int main(){nm_test_var='a';nm_test_func();return(0);}
-EOF
-
-  echo "$progname:1433: checking if global_symbol_pipe works" >&5
-  if { (eval echo $progname:1434: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; } && test -s conftest.$objext; then
-    # Now try to grab the symbols.
-    nlist=conftest.nm
-    if { echo "$progname:1437: eval \"$NM conftest.$objext | $global_symbol_pipe > $nlist\"" >&5; eval "$NM conftest.$objext | $global_symbol_pipe > $nlist 2>&5"; } && test -s "$nlist"; then
-
-      # Try sorting and uniquifying the output.
-      if sort "$nlist" | uniq > "$nlist"T; then
-	mv -f "$nlist"T "$nlist"
-      else
-	rm -f "$nlist"T
-      fi
-
-      # Make sure that we snagged all the symbols we need.
-      if egrep ' nm_test_var$' "$nlist" >/dev/null; then
-	if egrep ' nm_test_func$' "$nlist" >/dev/null; then
-	  cat <<EOF > conftest.$ac_ext
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-EOF
-	  # Now generate the symbol file.
-	  eval "$global_symbol_to_cdecl"' < "$nlist" >> conftest.$ac_ext'
-
-	  cat <<EOF >> conftest.$ac_ext
-#if defined (__STDC__) && __STDC__
-# define lt_ptr_t void *
-#else
-# define lt_ptr_t char *
-# define const
-#endif
-
-/* The mapping between symbol names and symbols. */
-const struct {
-  const char *name;
-  lt_ptr_t address;
-}
-lt_preloaded_symbols[] =
-{
-EOF
- 	  sed "s/^$symcode$symcode* \(.*\) \(.*\)$/  {\"\2\", (lt_ptr_t) \&\2},/" < "$nlist" >> conftest.$ac_ext
-	  cat <<\EOF >> conftest.$ac_ext
-  {0, (lt_ptr_t) 0}
-};
-
-#ifdef __cplusplus
-}
-#endif
-EOF
-	  # Now try linking the two files.
-	  mv conftest.$objext conftstm.$objext
-	  save_LIBS="$LIBS"
-	  save_CFLAGS="$CFLAGS"
-	  LIBS="conftstm.$objext"
-	  CFLAGS="$CFLAGS$no_builtin_flag"
-	  if { (eval echo $progname:1489: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-	    pipe_works=yes
-	  else
-	    echo "$progname: failed program was:" >&5
-	    cat conftest.$ac_ext >&5
-	  fi
-	  LIBS="$save_LIBS"
-	else
-	  echo "cannot find nm_test_func in $nlist" >&5
-	fi
-      else
-	echo "cannot find nm_test_var in $nlist" >&5
-      fi
-    else
-      echo "cannot run $global_symbol_pipe" >&5
-    fi
-  else
-    echo "$progname: failed program was:" >&5
-    cat conftest.$ac_ext >&5
-  fi
-  $rm conftest* conftst*
-
-  # Do not use the global_symbol_pipe unless it works.
-  if test "$pipe_works" = yes; then
-    break
-  else
-    global_symbol_pipe=
-  fi
-done
-if test "$pipe_works" = yes; then
-  echo "${ac_t}ok" 1>&6
-else
-  echo "${ac_t}failed" 1>&6
-fi
-
-if test -z "$global_symbol_pipe"; then
-  global_symbol_to_cdecl=
-fi
-
-# Report the final consequences.
-echo "checking if libtool supports shared libraries... $can_build_shared" 1>&6
-
-# Only try to build win32 dlls if AC_LIBTOOL_WIN32_DLL was used in
-# configure.in, otherwise build static only libraries.
-case $host_os in
-cygwin* | mingw* | pw32* | os2*)
-  if test x$can_build_shared = xyes; then
-    test x$enable_win32_dll = xno && can_build_shared=no
-    echo "checking if package supports dlls... $can_build_shared" 1>&6
-  fi
-;;
-esac
-
-echo $ac_n "checking whether to build shared libraries... $ac_c" 1>&6
-test "$can_build_shared" = "no" && enable_shared=no
-
-# On AIX, shared libraries and static libraries use the same namespace, and
-# are all built from PIC.
-case $host_os in
-aix3*)
-  test "$enable_shared" = yes && enable_static=no
-  if test -n "$RANLIB"; then
-    archive_cmds="$archive_cmds~\$RANLIB \$lib"
-    postinstall_cmds='$RANLIB $lib'
-  fi
-  ;;
-
-aix4*)
-  test "$enable_shared" = yes && enable_static=no
-  ;;
-esac
-
-echo "$ac_t$enable_shared" 1>&6
-
-# Make sure either enable_shared or enable_static is yes.
-test "$enable_shared" = yes || enable_static=yes
-
-echo "checking whether to build static libraries... $enable_static" 1>&6
-
-if test "$hardcode_action" = relink; then
-  # Fast installation is not supported
-  enable_fast_install=no
-elif test "$shlibpath_overrides_runpath" = yes ||
-     test "$enable_shared" = no; then
-  # Fast installation is not necessary
-  enable_fast_install=needless
-fi
-
-variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
-if test "$with_gcc" = yes; then
-  variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
-fi
-
-# Check whether we must set pic_mode to default
-test -z "$pic_flag" && pic_mode=default
-
-if test "x$enable_dlopen" != xyes; then
-  enable_dlopen=unknown
-  enable_dlopen_self=unknown
-  enable_dlopen_self_static=unknown
-else
-if test "X${lt_cv_dlopen+set}" != Xset; then
-  lt_cv_dlopen=no lt_cv_dlopen_libs=
-echo $ac_n "checking for dlopen in -ldl""... $ac_c" 1>&6
-echo "$progname:1593: checking for dlopen in -ldl" >&5
-if test "X${ac_cv_lib_dl_dlopen+set}" = Xset; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  ac_save_LIBS="$LIBS"
-LIBS="-ldl  $LIBS"
-cat > conftest.$ac_ext <<EOF
-#line 1600 "ltconfig"
-/* Override any gcc2 internal prototype to avoid an error.  */
-/* We use char because int might match the return type of a gcc2
-    builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char dlopen();
-
-int main() {
-dlopen()
-; return 0; }
-EOF
-if { (eval echo $progname:1613: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
-  rm -rf conftest*
-  ac_cv_lib_dl_dlopen=yes
-else
-  echo "$progname: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  rm -rf conftest*
-  ac_cv_lib_dl_dlopen=no
-fi
-rm -f conftest*
-LIBS="$ac_save_LIBS"
-
-fi
-if test "X$ac_cv_lib_dl_dlopen" = Xyes; then
-  echo "$ac_t""yes" 1>&6
-  lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"
-else
-  echo "$ac_t""no" 1>&6
-echo $ac_n "checking for dlopen""... $ac_c" 1>&6
-echo "$progname:1632: checking for dlopen" >&5
-if test "X${ac_cv_func_dlopen+set}" = Xset; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  cat > conftest.$ac_ext <<EOF
-#line 1637 "ltconfig"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char dlopen(); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-/* We use char because int might match the return type of a gcc2
-    builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char dlopen();
-
-int main() {
-
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_dlopen) || defined (__stub___dlopen)
-choke me
-#else
-dlopen();
-#endif
-
-; return 0; }
-EOF
-if { (eval echo $progname:1662: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
-  rm -rf conftest*
-  ac_cv_func_dlopen=yes
-else
-  echo "$progname: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  rm -rf conftest*
-  ac_cv_func_dlopen=no
-fi
-rm -f conftest*
-fi
-if test "X$ac_cv_func_dlopen" = Xyes; then
-  echo "$ac_t""yes" 1>&6
-  lt_cv_dlopen="dlopen"
-else
-  echo "$ac_t""no" 1>&6
-echo $ac_n "checking for dlopen in -lsvld""... $ac_c" 1>&6
-echo "$progname:1679: checking for dlopen in -lsvld" >&5
-if test "X${ac_cv_lib_svld_dlopen+set}" = Xset; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  ac_save_LIBS="$LIBS"
-LIBS="-lsvld  $LIBS"
-cat > conftest.$ac_ext <<EOF
-#line 1686 "ltconfig"
-/* Override any gcc2 internal prototype to avoid an error.  */
-/* We use char because int might match the return type of a gcc2
-    builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char dlopen();
-
-int main() {
-dlopen()
-; return 0; }
-EOF
-if { (eval echo $progname:1699: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
-  rm -rf conftest*
-  ac_cv_lib_svld_dlopen=yes
-else
-  echo "$progname: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  rm -rf conftest*
-  ac_cv_lib_svld_dlopen=no
-fi
-rm -f conftest*
-LIBS="$ac_save_LIBS"
-
-fi
-if test "X$ac_cv_lib_svld_dlopen" = Xyes; then
-  echo "$ac_t""yes" 1>&6
-  lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"
-else
-  echo "$ac_t""no" 1>&6
-echo $ac_n "checking for dld_link in -ldld""... $ac_c" 1>&6
-echo "$progname:1718: checking for dld_link in -ldld" >&5
-if test "X${ac_cv_lib_dld_dld_link+set}" = Xset; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  ac_save_LIBS="$LIBS"
-LIBS="-ldld  $LIBS"
-cat > conftest.$ac_ext <<EOF
-#line 1725 "ltconfig"
-/* Override any gcc2 internal prototype to avoid an error.  */
-/* We use char because int might match the return type of a gcc2
-    builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char dld_link();
-
-int main() {
-dld_link()
-; return 0; }
-EOF
-if { (eval echo $progname:1738: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
-  rm -rf conftest*
-  ac_cv_lib_dld_dld_link=yes
-else
-  echo "$progname: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  rm -rf conftest*
-  ac_cv_lib_dld_dld_link=no
-fi
-rm -f conftest*
-LIBS="$ac_save_LIBS"
-
-fi
-if test "X$ac_cv_lib_dld_dld_link" = Xyes; then
-  echo "$ac_t""yes" 1>&6
-  lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld"
-else
-  echo "$ac_t""no" 1>&6
-echo $ac_n "checking for shl_load""... $ac_c" 1>&6
-echo "$progname:1757: checking for shl_load" >&5
-if test "X${ac_cv_func_shl_load+set}" = Xset; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  cat > conftest.$ac_ext <<EOF
-#line 1762 "ltconfig"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char shl_load(); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-/* We use char because int might match the return type of a gcc2
-    builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char shl_load();
-
-int main() {
-
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_shl_load) || defined (__stub___shl_load)
-choke me
-#else
-shl_load();
-#endif
-
-; return 0; }
-EOF
-if { (eval echo $progname:1787: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
-  rm -rf conftest*
-  ac_cv_func_shl_load=yes
-else
-  echo "$progname: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  rm -rf conftest*
-  ac_cv_func_shl_load=no
-fi
-rm -f conftest*
-fi
-
-if test "X$ac_cv_func_shl_load" = Xyes; then
-  echo "$ac_t""yes" 1>&6
-  lt_cv_dlopen="shl_load"
-else
-  echo "$ac_t""no" 1>&6
-echo $ac_n "checking for shl_load in -ldld""... $ac_c" 1>&6
-echo "$progname:1805: checking for shl_load in -ldld" >&5
-if test "X${ac_cv_lib_dld_shl_load+set}" = Xset; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  ac_save_LIBS="$LIBS"
-LIBS="-ldld  $LIBS"
-cat > conftest.$ac_ext <<EOF
-#line 1812 "ltconfig"
-#include "confdefs.h"
-/* Override any gcc2 internal prototype to avoid an error.  */
-/* We use char because int might match the return type of a gcc2
-    builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char shl_load();
-
-int main() {
-shl_load()
-; return 0; }
-EOF
-if { (eval echo $progname:1826: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
-  rm -rf conftest*
-  ac_cv_lib_dld_shl_load=yes
-else
-  echo "$progname: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  rm -rf conftest*
-  ac_cv_lib_dld_shl_load=no
-fi
-rm -f conftest*
-LIBS="$ac_save_LIBS"
-
-fi
-if test "X$ac_cv_lib_dld_shl_load" = Xyes; then
-  echo "$ac_t""yes" 1>&6
-  lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld"
-else
-  echo "$ac_t""no" 1>&6
-fi
-
-
-fi
-
-
-fi
-
-
-fi
-
-
-fi
-
-fi
-
-fi
-
-  if test "x$lt_cv_dlopen" != xno; then
-    enable_dlopen=yes
-  else
-    enable_dlopen=no
-  fi
-
-  case $lt_cv_dlopen in
-  dlopen)
-for ac_hdr in dlfcn.h; do
-ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
-echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "$progname:1873: checking for $ac_hdr" >&5
-if eval "test \"`echo 'X$''{'ac_cv_header_$ac_safe'+set}'`\" = Xset"; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  cat > conftest.$ac_ext <<EOF
-#line 1878 "ltconfig"
-#include <$ac_hdr>
-int fnord = 0;
-int main () { return(0); }
-EOF
-ac_try="$ac_compile >/dev/null 2>conftest.out"
-{ (eval echo $progname:1884: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
-if test -z "$ac_err"; then
-  rm -rf conftest*
-  eval "ac_cv_header_$ac_safe=yes"
-else
-  echo "$ac_err" >&5
-  echo "$progname: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  rm -rf conftest*
-  eval "ac_cv_header_$ac_safe=no"
-fi
-rm -f conftest*
-fi
-if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
-  echo "$ac_t""yes" 1>&6
-else
-  echo "$ac_t""no" 1>&6
-fi
-done
-
-    if test "x$ac_cv_header_dlfcn_h" = xyes; then
-      CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
-    fi
-    eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
-    LIBS="$lt_cv_dlopen_libs $LIBS"
-
-  echo $ac_n "checking whether a program can dlopen itself""... $ac_c" 1>&6
-echo "$progname:1912: checking whether a program can dlopen itself" >&5
-if test "X${lt_cv_dlopen_self+set}" = Xset; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  if test "$cross_compiling" = yes; then
-    lt_cv_dlopen_self=cross
-  else
-    cat > conftest.$ac_ext <<EOF
-#line 1920 "ltconfig"
-
-#if HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-#include <stdio.h>
-
-#ifdef RTLD_GLOBAL
-# define LTDL_GLOBAL	RTLD_GLOBAL
-#else
-# ifdef DL_GLOBAL
-#  define LTDL_GLOBAL	DL_GLOBAL
-# else
-#  define LTDL_GLOBAL	0
-# endif
-#endif
-
-/* We may have to define LTDL_LAZY_OR_NOW in the command line if we
-   find out it does not work in some platform. */
-#ifndef LTDL_LAZY_OR_NOW
-# ifdef RTLD_LAZY
-#  define LTDL_LAZY_OR_NOW	RTLD_LAZY
-# else
-#  ifdef DL_LAZY
-#   define LTDL_LAZY_OR_NOW	DL_LAZY
-#  else
-#   ifdef RTLD_NOW
-#    define LTDL_LAZY_OR_NOW	RTLD_NOW
-#   else
-#    ifdef DL_NOW
-#     define LTDL_LAZY_OR_NOW	DL_NOW
-#    else
-#     define LTDL_LAZY_OR_NOW	0
-#    endif
-#   endif
-#  endif
-# endif
-#endif
-
-void fnord() { int i=42; }
-int main() {
-    void *self, *ptr1, *ptr2; self=dlopen(0,LTDL_GLOBAL|LTDL_LAZY_OR_NOW);
-    if(self) { ptr1=dlsym(self,"fnord"); ptr2=dlsym(self,"_fnord");
-               if(ptr1 || ptr2) { dlclose(self); exit(0); } } exit(1); }
-
-EOF
-if { (eval echo $progname:1967: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null
-then
-  lt_cv_dlopen_self=yes
-else
-  echo "$progname: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  rm -fr conftest*
-  lt_cv_dlopen_self=no
-fi
-rm -fr conftest*
-fi
-
-fi
-
-echo "$ac_t""$lt_cv_dlopen_self" 1>&6
-
-  if test "$lt_cv_dlopen_self" = yes; then
-    LDFLAGS="$LDFLAGS $link_static_flag"
-  echo $ac_n "checking whether a statically linked program can dlopen itself""... $ac_c" 1>&6
-echo "$progname:1986: checking whether a statically linked program can dlopen itself" >&5
-if test "X${lt_cv_dlopen_self_static+set}" = Xset; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  if test "$cross_compiling" = yes; then
-    lt_cv_dlopen_self_static=cross
-  else
-    cat > conftest.$ac_ext <<EOF
-#line 1994 "ltconfig"
-
-#if HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-#include <stdio.h>
-
-#ifdef RTLD_GLOBAL
-# define LTDL_GLOBAL	RTLD_GLOBAL
-#else
-# ifdef DL_GLOBAL
-#  define LTDL_GLOBAL	DL_GLOBAL
-# else
-#  define LTDL_GLOBAL	0
-# endif
-#endif
-
-/* We may have to define LTDL_LAZY_OR_NOW in the command line if we
-   find out it does not work in some platform. */
-#ifndef LTDL_LAZY_OR_NOW
-# ifdef RTLD_LAZY
-#  define LTDL_LAZY_OR_NOW	RTLD_LAZY
-# else
-#  ifdef DL_LAZY
-#   define LTDL_LAZY_OR_NOW	DL_LAZY
-#  else
-#   ifdef RTLD_NOW
-#    define LTDL_LAZY_OR_NOW	RTLD_NOW
-#   else
-#    ifdef DL_NOW
-#     define LTDL_LAZY_OR_NOW	DL_NOW
-#    else
-#     define LTDL_LAZY_OR_NOW	0
-#    endif
-#   endif
-#  endif
-# endif
-#endif
-
-void fnord() { int i=42; }
-int main() {
-    void *self, *ptr1, *ptr2; self=dlopen(0,LTDL_GLOBAL|LTDL_LAZY_OR_NOW);
-    if(self) { ptr1=dlsym(self,"fnord"); ptr2=dlsym(self,"_fnord");
-    if(ptr1 || ptr2) { dlclose(self); exit(0); } } exit(1); }
-
-EOF
-if { (eval echo $progname:2041: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null
-then
-  lt_cv_dlopen_self_static=yes
-else
-  echo "$progname: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  rm -fr conftest*
-  lt_cv_dlopen_self_static=no
-fi
-rm -fr conftest*
-fi
-
-fi
-
-echo "$ac_t""$lt_cv_dlopen_self_static" 1>&6
-fi
-    ;;
-  esac
-
-  case $lt_cv_dlopen_self in
-  yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
-  *) enable_dlopen_self=unknown ;;
-  esac
-
-  case $lt_cv_dlopen_self_static in
-  yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
-  *) enable_dlopen_self_static=unknown ;;
-  esac
-fi
-
-# Copy echo and quote the copy, instead of the original, because it is
-# used later.
-ltecho="$echo"
-if test "X$ltecho" = "X$CONFIG_SHELL $0 --fallback-echo"; then
-   ltecho="$CONFIG_SHELL \$0 --fallback-echo"
-fi
-LTSHELL="$SHELL"
-
-LTCONFIG_VERSION="$VERSION"
-
-# Only quote variables if we're using ltmain.sh.
-case $ltmain in
-*.sh)
-  # Now quote all the things that may contain metacharacters.
-  for var in ltecho old_AR old_AR_FLAGS old_CC old_LTCC old_CFLAGS old_CPPFLAGS \
-    old_MAGIC_CMD old_LD old_LDFLAGS old_LIBS \
-    old_LN_S old_NM old_RANLIB old_STRIP \
-    old_AS old_DLLTOOL old_OBJDUMP \
-    old_OBJEXT old_EXEEXT old_reload_flag \
-    old_deplibs_check_method old_file_magic_cmd \
-    AR AR_FLAGS CC LTCC LD LN_S NM LTSHELL LTCONFIG_VERSION \
-    reload_flag reload_cmds wl \
-    pic_flag link_static_flag no_builtin_flag export_dynamic_flag_spec \
-    thread_safe_flag_spec whole_archive_flag_spec libname_spec \
-    library_names_spec soname_spec \
-    RANLIB old_archive_cmds old_archive_from_new_cmds old_postinstall_cmds \
-    old_postuninstall_cmds archive_cmds archive_expsym_cmds postinstall_cmds \
-    postuninstall_cmds extract_expsyms_cmds old_archive_from_expsyms_cmds \
-    predep_objects postdep_objects predeps postdeps compiler_lib_search_path \
-    old_striplib striplib file_magic_cmd export_symbols_cmds \
-    deplibs_check_method allow_undefined_flag no_undefined_flag \
-    finish_cmds finish_eval global_symbol_pipe global_symbol_to_cdecl \
-    hardcode_libdir_flag_spec hardcode_libdir_separator  \
-    sys_lib_search_path_spec sys_lib_dlsearch_path_spec \
-    compiler_c_o need_locks exclude_expsyms include_expsyms; do
-
-    case $var in
-    reload_cmds | old_archive_cmds | old_archive_from_new_cmds | \
-    old_postinstall_cmds | old_postuninstall_cmds | \
-    export_symbols_cmds | archive_cmds | archive_expsym_cmds | \
-    extract_expsyms_cmds | old_archive_from_expsyms_cmds | \
-    postinstall_cmds | postuninstall_cmds | \
-    finish_cmds | sys_lib_search_path_spec | sys_lib_dlsearch_path_spec)
-      # Double-quote double-evaled strings.
-      eval "$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\"" ### testsuite: skip nested quoting test
-      ;;
-    *)
-      eval "$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\"" ### testsuite: skip nested quoting test
-      ;;
-    esac
-  done
-
-  case $ltecho in
-  *'\$0 --fallback-echo"')
-    ltecho=`$echo "X$ltecho" | $Xsed -e 's/\\\\\\\$0 --fallback-echo"$/$0 --fallback-echo"/'`
-    ;;
-  esac
-
-  if test -z "$tagname"; then
-    trap "$rm \"$ofile\"; exit 1" 1 2 15
-    echo "creating $ofile"
-    $rm "$ofile"
-    cat <<EOF > "$ofile"
-#! $SHELL
-
-# `$echo "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services.
-# Generated automatically by $PROGRAM (GNU $PACKAGE $VERSION$TIMESTAMP)
-# NOTE: Changes made to this file will be lost: look at ltconfig or ltmain.sh.
-#
-# Copyright (C) 1996-2000 Free Software Foundation, Inc.
-# Originally by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-#
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-# Sed that helps us avoid accidentally triggering echo(1) options like -n.
-Xsed="sed -e s/^X//"
-
-# The HP-UX ksh and POSIX shell print the target directory to stdout
-# if CDPATH is set.
-if test "X\${CDPATH+set}" = Xset; then CDPATH=:; export CDPATH; fi
-
-# The names of the tagged configurations supported by this script.
-available_tags=
-
-### BEGIN LIBTOOL CONFIG
-EOF
-  else
-    echo "appending configuration tag \"$tagname\" to $ofile"
-    echo "### BEGIN LIBTOOL TAG CONFIG: $tagname" >> "$ofile"
-  fi
-  cfgfile="$ofile"
-  ;;
-
-*)
-  # Double-quote the variables that need it (for aesthetics).
-  for var in old_AR old_AR_FLAGS old_CC old_LTCC old_CFLAGS old_CPPFLAGS \
-    old_MAGIC_CMD old_LD old_LDFLAGS old_LIBS \
-    old_LN_S old_NM old_RANLIB old_STRIP \
-    old_AS old_DLLTOOL old_OBJDUMP \
-    old_OBJEXT old_EXEEXT old_reload_flag \
-    old_deplibs_check_method old_file_magic_cmd; do
-    eval "$var=\\\"\$var\\\""
-  done
-
-  # Just create a config file.
-  cfgfile="$ofile.cfg"
-  if test -z "$tagname"; then
-    trap "$rm \"$cfgfile\"; exit 1" 1 2 15
-    echo "creating $cfgfile"
-    $rm "$cfgfile"
-    cat <<EOF > "$cfgfile"
-# `$echo "$cfgfile" | sed 's%^.*/%%'` - Libtool configuration file.
-# Generated automatically by $PROGRAM (GNU $PACKAGE $VERSION$TIMESTAMP)
-
-### BEGIN LIBTOOL CONFIG
-EOF
-  else
-    echo "appending to $cfgfile"
-    echo "### BEGIN LIBTOOL TAG CONFIG: $tagname" >> "$ofile"
-  fi
-  ;;
-esac
-
-cat <<EOF >> "$cfgfile"
-# Libtool was configured as follows, on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
-#
-# AR=$old_AR AR_FLAGS=$old_AR_FLAGS LTCC=$old_LTCC CC=$old_CC \\
-# CFLAGS=$old_CFLAGS CPPFLAGS=$old_CPPFLAGS \\
-# MAGIC_CMD=$old_MAGIC_CMD LD=$old_LD LDFLAGS=$old_LDFLAGS LIBS=$old_LIBS \\
-# LN_S=$old_LN_S NM=$old_NM RANLIB=$old_RANLIB STRIP=$old_STRIP \\
-# AS=$old_AS DLLTOOL=$old_DLLTOOL OBJDUMP=$old_OBJDUMP \\
-# objext=$old_OBJEXT exeext=$old_EXEEXT reload_flag=$old_reload_flag \\
-# deplibs_check_method=$old_deplibs_check_method \\
-# file_magic_cmd=$old_file_magic_cmd \\
-#   $0$ltconfig_args
-#
-# Compiler and other test output produced by $progname, useful for
-# debugging $progname, is in ./config.log if it exists.
-
-# The version of $progname that generated this script.
-LTCONFIG_VERSION=$LTCONFIG_VERSION
-
-# Shell to use when invoking shell scripts.
-SHELL=$LTSHELL
-
-# Whether or not to build shared libraries.
-build_libtool_libs=$enable_shared
-
-# Whether or not to add -lc for building shared libraries.
-build_libtool_need_lc=$need_lc
-
-# Whether or not to build static libraries.
-build_old_libs=$enable_static
-
-# Whether or not to optimize for fast installation.
-fast_install=$enable_fast_install
-
-# The host system.
-host_alias=$host_alias
-host=$host
-
-# An echo program that does not interpret backslashes.
-echo=$ltecho
-
-# The archiver.
-AR=$AR
-AR_FLAGS=$AR_FLAGS
-
-# A C compiler.
-LTCC=$LTCC
-
-# A language-specific compiler.
-CC=$CC
-
-# Is the compiler the GNU C compiler?
-with_gcc=$with_gcc
-
-# The linker used to build libraries.
-LD=$LD
-
-# Whether we need hard or soft links.
-LN_S=$LN_S
-
-# A BSD-compatible nm program.
-NM=$NM
-
-# A symbol stripping program
-STRIP=$STRIP
-
-# Used to examine libraries when file_magic_cmd begins "file"
-MAGIC_CMD=$MAGIC_CMD
-
-# Used on cygwin: DLL creation program.
-DLLTOOL="$DLLTOOL"
-
-# Used on cygwin: object dumper.
-OBJDUMP="$OBJDUMP"
-
-# Used on cygwin: assembler.
-AS="$AS"
-
-# The name of the directory that contains temporary libtool files.
-objdir=$objdir
-
-# How to create reloadable object files.
-reload_flag=$reload_flag
-reload_cmds=$reload_cmds
-
-# How to pass a linker flag through the compiler.
-wl=$wl
-
-# Object file suffix (normally "o").
-objext="$objext"
-
-# Old archive suffix (normally "a").
-libext="$libext"
-
-# Executable file suffix (normally "").
-exeext="$exeext"
-
-# Additional compiler flags for building library objects.
-pic_flag=$pic_flag
-pic_mode=$pic_mode
-
-# What is the maximum length of a command?
-max_cmd_len=$max_cmd_len
-
-# Does compiler simultaneously support -c and -o options?
-compiler_c_o=$compiler_c_o
-
-# Must we lock files when doing compilation ?
-need_locks=$need_locks
-
-# Do we need the lib prefix for modules?
-need_lib_prefix=$need_lib_prefix
-
-# Do we need a version for libraries?
-need_version=$need_version
-
-# Whether dlopen is supported.
-dlopen_support=$enable_dlopen
-
-# Whether dlopen of programs is supported.
-dlopen_self=$enable_dlopen_self
-
-# Whether dlopen of statically linked programs is supported.
-dlopen_self_static=$enable_dlopen_self_static
-
-# Compiler flag to prevent dynamic linking.
-link_static_flag=$link_static_flag
-
-# Compiler flag to turn off builtin functions.
-no_builtin_flag=$no_builtin_flag
-
-# Compiler flag to allow reflexive dlopens.
-export_dynamic_flag_spec=$export_dynamic_flag_spec
-
-# Compiler flag to generate shared objects directly from archives.
-whole_archive_flag_spec=$whole_archive_flag_spec
-
-# Compiler flag to generate thread-safe objects.
-thread_safe_flag_spec=$thread_safe_flag_spec
-
-# Library versioning type.
-version_type=$version_type
-
-# Format of library name prefix.
-libname_spec=$libname_spec
-
-# List of archive names.  First name is the real one, the rest are links.
-# The last name is the one that the linker finds with -lNAME.
-library_names_spec=$library_names_spec
-
-# The coded name of the library, if different from the real name.
-soname_spec=$soname_spec
-
-# Commands used to build and install an old-style archive.
-RANLIB=$RANLIB
-old_archive_cmds=$old_archive_cmds
-old_postinstall_cmds=$old_postinstall_cmds
-old_postuninstall_cmds=$old_postuninstall_cmds
-
-# Create an old-style archive from a shared archive.
-old_archive_from_new_cmds=$old_archive_from_new_cmds
-
-# Create a temporary old-style archive to link instead of a shared archive.
-old_archive_from_expsyms_cmds=$old_archive_from_expsyms_cmds
-
-# Commands used to build and install a shared archive.
-archive_cmds=$archive_cmds
-archive_expsym_cmds=$archive_expsym_cmds
-postinstall_cmds=$postinstall_cmds
-postuninstall_cmds=$postuninstall_cmds
-
-# Commands to strip libraries.
-old_striplib=$old_striplib
-striplib=$striplib
-
-# Dependencies to place before the objects being linked to create a
-# shared library.
-predep_objects=$predep_objects
-
-# Dependencies to place after the objects being linked to create a
-# shared library.
-postdep_objects=$postdep_objects
-
-# Dependencies to place before the objects being linked to create a
-# shared library.
-predeps=$predeps
-
-# Dependencies to place after the objects being linked to create a
-# shared library.
-postdeps=$postdeps
-
-# The library search path used internally by the compiler when linking
-# a shared library.
-compiler_lib_search_path=$compiler_lib_search_path
-
-# Method to check whether dependent libraries are shared objects.
-deplibs_check_method=$deplibs_check_method
-
-# Command to use when deplibs_check_method == file_magic.
-file_magic_cmd=$file_magic_cmd
-
-# Flag that allows shared libraries with undefined symbols to be built.
-allow_undefined_flag=$allow_undefined_flag
-
-# Flag that forces no undefined symbols.
-no_undefined_flag=$no_undefined_flag
-
-# Commands used to finish a libtool library installation in a directory.
-finish_cmds=$finish_cmds
-
-# Same as above, but a single script fragment to be evaled but not shown.
-finish_eval=$finish_eval
-
-# Take the output of nm and produce a listing of raw symbols and C names.
-global_symbol_pipe=$global_symbol_pipe
-
-# Transform the output of nm in a proper C declaration
-global_symbol_to_cdecl=$global_symbol_to_cdecl
-
-# This is the shared library runtime path variable.
-runpath_var=$runpath_var
-
-# This is the shared library path variable.
-shlibpath_var=$shlibpath_var
-
-# Is shlibpath searched before the hard-coded library search path?
-shlibpath_overrides_runpath=$shlibpath_overrides_runpath
-
-# How to hardcode a shared library path into an executable.
-hardcode_action=$hardcode_action
-
-# Whether we should hardcode library paths into libraries.
-hardcode_into_libs=$hardcode_into_libs
-
-# Flag to hardcode \$libdir into a binary during linking.
-# This must work even if \$libdir does not exist.
-hardcode_libdir_flag_spec=$hardcode_libdir_flag_spec
-
-# Whether we need a single -rpath flag with a separated argument.
-hardcode_libdir_separator=$hardcode_libdir_separator
-
-# Set to yes if using DIR/libNAME.so during linking hardcodes DIR into the
-# resulting binary.
-hardcode_direct=$hardcode_direct
-
-# Set to yes if using the -LDIR flag during linking hardcodes DIR into the
-# resulting binary.
-hardcode_minus_L=$hardcode_minus_L
-
-# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into
-# the resulting binary.
-hardcode_shlibpath_var=$hardcode_shlibpath_var
-
-# Variables whose values should be saved in libtool wrapper scripts and
-# restored at relink time.
-variables_saved_for_relink="$variables_saved_for_relink"
-
-# Whether libtool must link a program against all its dependency libraries.
-link_all_deplibs=$link_all_deplibs
-
-# Compile-time system search path for libraries
-sys_lib_search_path_spec=$sys_lib_search_path_spec
-
-# Run-time system search path for libraries
-sys_lib_dlsearch_path_spec=$sys_lib_dlsearch_path_spec
-
-# Fix the shell variable \$srcfile for the compiler.
-fix_srcfile_path="$fix_srcfile_path"
-
-# Set to yes if exported symbols are required.
-always_export_symbols=$always_export_symbols
-
-# The commands to list exported symbols.
-export_symbols_cmds=$export_symbols_cmds
-
-# The commands to extract the exported symbol list from a shared archive.
-extract_expsyms_cmds=$extract_expsyms_cmds
-
-# Symbols that should not be listed in the preloaded symbols.
-exclude_expsyms=$exclude_expsyms
-
-# Symbols that must always be exported.
-include_expsyms=$include_expsyms
-
-EOF
-
-if test -z "$tagname"; then
-  echo '### END LIBTOOL CONFIG' >> "$ofile"
-else
-  echo "### END LIBTOOL TAG CONFIG: $tagname" >> "$ofile"
-fi
-
-case $ltmain in
-*.sh)
-  echo >> "$ofile"
-  if test -z "$tagname"; then
-    case $host_os in
-    aix3*)
-      cat <<\EOF >> "$ofile"
-
-# AIX sometimes has problems with the GCC collect2 program.  For some
-# reason, if we set the COLLECT_NAMES environment variable, the problems
-# vanish in a puff of smoke.
-if test "X${COLLECT_NAMES+set}" != Xset; then
-  COLLECT_NAMES=
-  export COLLECT_NAMES
-fi
-EOF
-      ;;
-    esac
-    case $host in
-    *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2*)
-      cat <<'EOF' >> "$ofile"
-      # This is a source program that is used to create dlls on Windows
-      # Don't remove nor modify the starting and closing comments
-# /* ltdll.c starts here */
-# #define WIN32_LEAN_AND_MEAN
-# #include <windows.h>
-# #undef WIN32_LEAN_AND_MEAN
-# #include <stdio.h>
-#
-# #ifndef __CYGWIN__
-# #  ifdef __CYGWIN32__
-# #    define __CYGWIN__ __CYGWIN32__
-# #  endif
-# #endif
-#
-# #ifdef __cplusplus
-# extern "C" {
-# #endif
-# BOOL APIENTRY DllMain (HINSTANCE hInst, DWORD reason, LPVOID reserved);
-# #ifdef __cplusplus
-# }
-# #endif
-#
-# #ifdef __CYGWIN__
-# #include <cygwin/cygwin_dll.h>
-# DECLARE_CYGWIN_DLL( DllMain );
-# #endif
-# HINSTANCE __hDllInstance_base;
-#
-# BOOL APIENTRY
-# DllMain (HINSTANCE hInst, DWORD reason, LPVOID reserved)
-# {
-#   __hDllInstance_base = hInst;
-#   return TRUE;
-# }
-# /* ltdll.c ends here */
-      # This is a source program that is used to create import libraries
-      # on Windows for dlls which lack them. Don't remove nor modify the
-      # starting and closing comments
-# /* impgen.c starts here */
-# /*   Copyright (C) 1999-2000 Free Software Foundation, Inc.
-#
-#  This file is part of GNU libtool.
-#
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-#  */
-#
-#  #include <stdio.h>		/* for printf() */
-#  #include <unistd.h>		/* for open(), lseek(), read() */
-#  #include <fcntl.h>		/* for O_RDONLY, O_BINARY */
-#  #include <string.h>		/* for strdup() */
-#
-#  /* O_BINARY isn't required (or even defined sometimes) under Unix */
-#  #ifndef O_BINARY
-#  #define O_BINARY 0
-#  #endif
-#
-#  static unsigned int
-#  pe_get16 (fd, offset)
-#       int fd;
-#       int offset;
-#  {
-#    unsigned char b[2];
-#    lseek (fd, offset, SEEK_SET);
-#    read (fd, b, 2);
-#    return b[0] + (b[1]<<8);
-#  }
-#
-#  static unsigned int
-#  pe_get32 (fd, offset)
-#      int fd;
-#      int offset;
-#  {
-#    unsigned char b[4];
-#    lseek (fd, offset, SEEK_SET);
-#    read (fd, b, 4);
-#    return b[0] + (b[1]<<8) + (b[2]<<16) + (b[3]<<24);
-#  }
-#
-#  static unsigned int
-#  pe_as32 (ptr)
-#       void *ptr;
-#  {
-#    unsigned char *b = ptr;
-#    return b[0] + (b[1]<<8) + (b[2]<<16) + (b[3]<<24);
-#  }
-#
-#  int
-#  main (argc, argv)
-#      int argc;
-#      char *argv[];
-#  {
-#      int dll;
-#      unsigned long pe_header_offset, opthdr_ofs, num_entries, i;
-#      unsigned long export_rva, export_size, nsections, secptr, expptr;
-#      unsigned long name_rvas, nexp;
-#      unsigned char *expdata, *erva;
-#      char *filename, *dll_name;
-#
-#      filename = argv[1];
-#
-#      dll = open(filename, O_RDONLY|O_BINARY);
-#      if (dll < 1)
-#  	return 1;
-#
-#      dll_name = filename;
-#
-#      for (i=0; filename[i]; i++)
-#  	if (filename[i] == '/' || filename[i] == '\\'  || filename[i] == ':')
-#  	    dll_name = filename + i +1;
-#
-#      pe_header_offset = pe_get32 (dll, 0x3c);
-#      opthdr_ofs = pe_header_offset + 4 + 20;
-#      num_entries = pe_get32 (dll, opthdr_ofs + 92);
-#
-#      if (num_entries < 1) /* no exports */
-#  	return 1;
-#
-#      export_rva = pe_get32 (dll, opthdr_ofs + 96);
-#      export_size = pe_get32 (dll, opthdr_ofs + 100);
-#      nsections = pe_get16 (dll, pe_header_offset + 4 +2);
-#      secptr = (pe_header_offset + 4 + 20 +
-#  	      pe_get16 (dll, pe_header_offset + 4 + 16));
-#
-#      expptr = 0;
-#      for (i = 0; i < nsections; i++)
-#      {
-#  	char sname[8];
-#  	unsigned long secptr1 = secptr + 40 * i;
-#  	unsigned long vaddr = pe_get32 (dll, secptr1 + 12);
-#  	unsigned long vsize = pe_get32 (dll, secptr1 + 16);
-#  	unsigned long fptr = pe_get32 (dll, secptr1 + 20);
-#  	lseek(dll, secptr1, SEEK_SET);
-#  	read(dll, sname, 8);
-#  	if (vaddr <= export_rva && vaddr+vsize > export_rva)
-#  	{
-#  	    expptr = fptr + (export_rva - vaddr);
-#  	    if (export_rva + export_size > vaddr + vsize)
-#  		export_size = vsize - (export_rva - vaddr);
-#  	    break;
-#  	}
-#      }
-#
-#      expdata = (unsigned char*)malloc(export_size);
-#      lseek (dll, expptr, SEEK_SET);
-#      read (dll, expdata, export_size);
-#      erva = expdata - export_rva;
-#
-#      nexp = pe_as32 (expdata+24);
-#      name_rvas = pe_as32 (expdata+32);
-#
-#      printf ("EXPORTS\n");
-#      for (i = 0; i<nexp; i++)
-#      {
-#  	unsigned long name_rva = pe_as32 (erva+name_rvas+i*4);
-#  	printf ("\t%s @ %ld ;\n", erva+name_rva, 1+ i);
-#      }
-#
-#      return 0;
-#  }
-# /* impgen.c ends here */
-
-EOF
-    ;;
-  esac
-
-
-    # Append the ltmain.sh script.
-    sed '$q' "$ltmain" >> "$ofile" || (rm -f "$ofile"; exit 1)
-    # We use sed instead of cat because bash on DJGPP gets confused if
-    # if finds mixed CR/LF and LF-only lines.  Since sed operates in
-    # text mode, it properly converts lines to CR/LF.  This bash problem
-    # is reportedly fixed, but why not run on old versions too?
-
-    chmod +x "$ofile"
-  fi
-  ;;
-
-*)
-  # Compile the libtool program.
-  echo "FIXME: would compile $ltmain"
-  ;;
-esac
-
-# Update the list of available tags.
-if test -n "$tagname"; then
-
-  # Extract list of available tagged configurations in $ofile.
-  # Note that this assumes the entire list is on one line.
-  available_tags=`grep "^available_tags=" $ofile | sed -e 's/available_tags=\(.*$\)/\1/' -e 's/\"//g'`
-
-  # Append the new tag name to the list of available tags.
-  available_tags="$available_tags $tagname"
-
-  # Now substitute the updated of available tags.
-  if eval "sed -e 's/^available_tags=.*\$/available_tags=\"$available_tags\"/' ${ofile} > ${ofile}.new"; then
-    mv ${ofile}.new ${ofile}
-    chmod +x "$ofile"
-  else
-    rm -f ${ofile}.new
-    echo "$progname: unable to update list of available tagged configurations."
-    exit 1
-  fi
-fi
-
-# Don't cache tagged configuration!
-test -n "$cache_file" && test -z "$tagname" || exit 0
-
-# AC_CACHE_SAVE
-trap '' 1 2 15
-cat > confcache <<\EOF
-# This file is a shell script that caches the results of configure
-# tests run on this system so they can be shared between configure
-# scripts and configure runs.  It is not useful on other systems.
-# If it contains results you don't want to keep, you may remove or edit it.
-#
-# By default, configure uses ./config.cache as the cache file,
-# creating it if it does not exist already.  You can give configure
-# the --cache-file=FILE option to use a different cache file; that is
-# what configure does when it calls configure scripts in
-# subdirectories, so they share the cache.
-# Giving --cache-file=/dev/null disables caching, for debugging configure.
-# config.status only pays attention to the cache file if you give it the
-# --recheck option to rerun configure.
-#
-EOF
-# The following way of writing the cache mishandles newlines in values,
-# but we know of no workaround that is simple, portable, and efficient.
-# So, don't put newlines in cache variables' values.
-# Ultrix sh set writes to stderr and can't be redirected directly,
-# and sets the high bit in the cache file unless we assign to the vars.
-(set) 2>&1 |
-  case `(ac_space=' '; set | grep ac_space) 2>&1` in
-  *ac_space=\ *)
-    # `set' does not quote correctly, so add quotes (double-quote substitution
-    # turns \\\\ into \\, and sed turns \\ into \).
-    sed -n \
-      -e "s/'/'\\\\''/g" \
-      -e "s/^\\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\\)=\\(.*\\)/\\1=\${\\1='\\2'}/p"
-    ;;
-  *)
-    # `set' quotes correctly as required by POSIX, so do not add quotes.
-    sed -n -e 's/^\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\)=\(.*\)/\1=${\1=\2}/p'
-    ;;
-  esac >> confcache
-if cmp -s $cache_file confcache; then
-  :
-else
-  if test -w $cache_file; then
-    echo "updating cache $cache_file"
-    cat confcache > $cache_file
-  else
-    echo "not updating unwritable cache $cache_file"
-  fi
-fi
-rm -f confcache
-
-exit 0
-
-# Local Variables:
-# mode:shell-script
-# sh-indentation:2
-# End:
diff --git a/crypto/heimdal/ltmain.sh b/crypto/heimdal/ltmain.sh
deleted file mode 100644
index 06823e057a57..000000000000
--- a/crypto/heimdal/ltmain.sh
+++ /dev/null
@@ -1,6863 +0,0 @@
-# ltmain.sh - Provide generalized library-building support services.
-# NOTE: Changing this file will not affect anything until you rerun configure.
-#
-# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005
-# Free Software Foundation, Inc.
-# Originally by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-#
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-basename="s,^.*/,,g"
-
-# Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh
-# is ksh but when the shell is invoked as "sh" and the current value of
-# the _XPG environment variable is not equal to 1 (one), the special
-# positional parameter $0, within a function call, is the name of the
-# function.
-progpath="$0"
-
-# The name of this program:
-progname=`echo "$progpath" | $SED $basename`
-modename="$progname"
-
-# Global variables:
-EXIT_SUCCESS=0
-EXIT_FAILURE=1
-
-PROGRAM=ltmain.sh
-PACKAGE=libtool
-VERSION=1.5.22
-TIMESTAMP=" (1.1220.2.365 2005/12/18 22:14:06)"
-
-# See if we are running on zsh, and set the options which allow our
-# commands through without removal of \ escapes.
-if test -n "${ZSH_VERSION+set}" ; then
-  setopt NO_GLOB_SUBST
-fi
-
-# Check that we have a working $echo.
-if test "X$1" = X--no-reexec; then
-  # Discard the --no-reexec flag, and continue.
-  shift
-elif test "X$1" = X--fallback-echo; then
-  # Avoid inline document here, it may be left over
-  :
-elif test "X`($echo '\t') 2>/dev/null`" = 'X\t'; then
-  # Yippee, $echo works!
-  :
-else
-  # Restart under the correct shell, and then maybe $echo will work.
-  exec $SHELL "$progpath" --no-reexec ${1+"$@"}
-fi
-
-if test "X$1" = X--fallback-echo; then
-  # used as fallback echo
-  shift
-  cat <<EOF
-$*
-EOF
-  exit $EXIT_SUCCESS
-fi
-
-default_mode=
-help="Try \`$progname --help' for more information."
-magic="%%%MAGIC variable%%%"
-mkdir="mkdir"
-mv="mv -f"
-rm="rm -f"
-
-# Sed substitution that helps us do robust quoting.  It backslashifies
-# metacharacters that are still active within double-quoted strings.
-Xsed="${SED}"' -e 1s/^X//'
-sed_quote_subst='s/\([\\`\\"$\\\\]\)/\\\1/g'
-# test EBCDIC or ASCII
-case `echo X|tr X '\101'` in
- A) # ASCII based system
-    # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr
-  SP2NL='tr \040 \012'
-  NL2SP='tr \015\012 \040\040'
-  ;;
- *) # EBCDIC based system
-  SP2NL='tr \100 \n'
-  NL2SP='tr \r\n \100\100'
-  ;;
-esac
-
-# NLS nuisances.
-# Only set LANG and LC_ALL to C if already set.
-# These must not be set unconditionally because not all systems understand
-# e.g. LANG=C (notably SCO).
-# We save the old values to restore during execute mode.
-if test "${LC_ALL+set}" = set; then
-  save_LC_ALL="$LC_ALL"; LC_ALL=C; export LC_ALL
-fi
-if test "${LANG+set}" = set; then
-  save_LANG="$LANG"; LANG=C; export LANG
-fi
-
-# Make sure IFS has a sensible default
-lt_nl='
-'
-IFS=" 	$lt_nl"
-
-if test "$build_libtool_libs" != yes && test "$build_old_libs" != yes; then
-  $echo "$modename: not configured to build any kind of library" 1>&2
-  $echo "Fatal configuration error.  See the $PACKAGE docs for more information." 1>&2
-  exit $EXIT_FAILURE
-fi
-
-# Global variables.
-mode=$default_mode
-nonopt=
-prev=
-prevopt=
-run=
-show="$echo"
-show_help=
-execute_dlfiles=
-duplicate_deps=no
-preserve_args=
-lo2o="s/\\.lo\$/.${objext}/"
-o2lo="s/\\.${objext}\$/.lo/"
-
-#####################################
-# Shell function definitions:
-# This seems to be the best place for them
-
-# func_mktempdir [string]
-# Make a temporary directory that won't clash with other running
-# libtool processes, and avoids race conditions if possible.  If
-# given, STRING is the basename for that directory.
-func_mktempdir ()
-{
-    my_template="${TMPDIR-/tmp}/${1-$progname}"
-
-    if test "$run" = ":"; then
-      # Return a directory name, but don't create it in dry-run mode
-      my_tmpdir="${my_template}-$$"
-    else
-
-      # If mktemp works, use that first and foremost
-      my_tmpdir=`mktemp -d "${my_template}-XXXXXXXX" 2>/dev/null`
-
-      if test ! -d "$my_tmpdir"; then
-	# Failing that, at least try and use $RANDOM to avoid a race
-	my_tmpdir="${my_template}-${RANDOM-0}$$"
-
-	save_mktempdir_umask=`umask`
-	umask 0077
-	$mkdir "$my_tmpdir"
-	umask $save_mktempdir_umask
-      fi
-
-      # If we're not in dry-run mode, bomb out on failure
-      test -d "$my_tmpdir" || {
-        $echo "cannot create temporary directory \`$my_tmpdir'" 1>&2
-	exit $EXIT_FAILURE
-      }
-    fi
-
-    $echo "X$my_tmpdir" | $Xsed
-}
-
-
-# func_win32_libid arg
-# return the library type of file 'arg'
-#
-# Need a lot of goo to handle *both* DLLs and import libs
-# Has to be a shell function in order to 'eat' the argument
-# that is supplied when $file_magic_command is called.
-func_win32_libid ()
-{
-  win32_libid_type="unknown"
-  win32_fileres=`file -L $1 2>/dev/null`
-  case $win32_fileres in
-  *ar\ archive\ import\ library*) # definitely import
-    win32_libid_type="x86 archive import"
-    ;;
-  *ar\ archive*) # could be an import, or static
-    if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null | \
-      $EGREP -e 'file format pe-i386(.*architecture: i386)?' >/dev/null ; then
-      win32_nmres=`eval $NM -f posix -A $1 | \
-	$SED -n -e '1,100{/ I /{s,.*,import,;p;q;};}'`
-      case $win32_nmres in
-      import*)  win32_libid_type="x86 archive import";;
-      *)        win32_libid_type="x86 archive static";;
-      esac
-    fi
-    ;;
-  *DLL*)
-    win32_libid_type="x86 DLL"
-    ;;
-  *executable*) # but shell scripts are "executable" too...
-    case $win32_fileres in
-    *MS\ Windows\ PE\ Intel*)
-      win32_libid_type="x86 DLL"
-      ;;
-    esac
-    ;;
-  esac
-  $echo $win32_libid_type
-}
-
-
-# func_infer_tag arg
-# Infer tagged configuration to use if any are available and
-# if one wasn't chosen via the "--tag" command line option.
-# Only attempt this if the compiler in the base compile
-# command doesn't match the default compiler.
-# arg is usually of the form 'gcc ...'
-func_infer_tag ()
-{
-    if test -n "$available_tags" && test -z "$tagname"; then
-      CC_quoted=
-      for arg in $CC; do
-	case $arg in
-	  *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
-	  arg="\"$arg\""
-	  ;;
-	esac
-	CC_quoted="$CC_quoted $arg"
-      done
-      case $@ in
-      # Blanks in the command may have been stripped by the calling shell,
-      # but not from the CC environment variable when configure was run.
-      " $CC "* | "$CC "* | " `$echo $CC` "* | "`$echo $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$echo $CC_quoted` "* | "`$echo $CC_quoted` "*) ;;
-      # Blanks at the start of $base_compile will cause this to fail
-      # if we don't check for them as well.
-      *)
-	for z in $available_tags; do
-	  if grep "^# ### BEGIN LIBTOOL TAG CONFIG: $z$" < "$progpath" > /dev/null; then
-	    # Evaluate the configuration.
-	    eval "`${SED} -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$z'$/,/^# ### END LIBTOOL TAG CONFIG: '$z'$/p' < $progpath`"
-	    CC_quoted=
-	    for arg in $CC; do
-	    # Double-quote args containing other shell metacharacters.
-	    case $arg in
-	      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
-	      arg="\"$arg\""
-	      ;;
-	    esac
-	    CC_quoted="$CC_quoted $arg"
-	  done
-	    case "$@ " in
-	      " $CC "* | "$CC "* | " `$echo $CC` "* | "`$echo $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$echo $CC_quoted` "* | "`$echo $CC_quoted` "*)
-	      # The compiler in the base compile command matches
-	      # the one in the tagged configuration.
-	      # Assume this is the tagged configuration we want.
-	      tagname=$z
-	      break
-	      ;;
-	    esac
-	  fi
-	done
-	# If $tagname still isn't set, then no tagged configuration
-	# was found and let the user know that the "--tag" command
-	# line option must be used.
-	if test -z "$tagname"; then
-	  $echo "$modename: unable to infer tagged configuration"
-	  $echo "$modename: specify a tag with \`--tag'" 1>&2
-	  exit $EXIT_FAILURE
-#        else
-#          $echo "$modename: using $tagname tagged configuration"
-	fi
-	;;
-      esac
-    fi
-}
-
-
-# func_extract_an_archive dir oldlib
-func_extract_an_archive ()
-{
-    f_ex_an_ar_dir="$1"; shift
-    f_ex_an_ar_oldlib="$1"
-
-    $show "(cd $f_ex_an_ar_dir && $AR x $f_ex_an_ar_oldlib)"
-    $run eval "(cd \$f_ex_an_ar_dir && $AR x \$f_ex_an_ar_oldlib)" || exit $?
-    if ($AR t "$f_ex_an_ar_oldlib" | sort | sort -uc >/dev/null 2>&1); then
-     :
-    else
-      $echo "$modename: ERROR: object name conflicts: $f_ex_an_ar_dir/$f_ex_an_ar_oldlib" 1>&2
-      exit $EXIT_FAILURE
-    fi
-}
-
-# func_extract_archives gentop oldlib ...
-func_extract_archives ()
-{
-    my_gentop="$1"; shift
-    my_oldlibs=${1+"$@"}
-    my_oldobjs=""
-    my_xlib=""
-    my_xabs=""
-    my_xdir=""
-    my_status=""
-
-    $show "${rm}r $my_gentop"
-    $run ${rm}r "$my_gentop"
-    $show "$mkdir $my_gentop"
-    $run $mkdir "$my_gentop"
-    my_status=$?
-    if test "$my_status" -ne 0 && test ! -d "$my_gentop"; then
-      exit $my_status
-    fi
-
-    for my_xlib in $my_oldlibs; do
-      # Extract the objects.
-      case $my_xlib in
-	[\\/]* | [A-Za-z]:[\\/]*) my_xabs="$my_xlib" ;;
-	*) my_xabs=`pwd`"/$my_xlib" ;;
-      esac
-      my_xlib=`$echo "X$my_xlib" | $Xsed -e 's%^.*/%%'`
-      my_xdir="$my_gentop/$my_xlib"
-
-      $show "${rm}r $my_xdir"
-      $run ${rm}r "$my_xdir"
-      $show "$mkdir $my_xdir"
-      $run $mkdir "$my_xdir"
-      exit_status=$?
-      if test "$exit_status" -ne 0 && test ! -d "$my_xdir"; then
-	exit $exit_status
-      fi
-      case $host in
-      *-darwin*)
-	$show "Extracting $my_xabs"
-	# Do not bother doing anything if just a dry run
-	if test -z "$run"; then
-	  darwin_orig_dir=`pwd`
-	  cd $my_xdir || exit $?
-	  darwin_archive=$my_xabs
-	  darwin_curdir=`pwd`
-	  darwin_base_archive=`$echo "X$darwin_archive" | $Xsed -e 's%^.*/%%'`
-	  darwin_arches=`lipo -info "$darwin_archive" 2>/dev/null | $EGREP Architectures 2>/dev/null`
-	  if test -n "$darwin_arches"; then 
-	    darwin_arches=`echo "$darwin_arches" | $SED -e 's/.*are://'`
-	    darwin_arch=
-	    $show "$darwin_base_archive has multiple architectures $darwin_arches"
-	    for darwin_arch in  $darwin_arches ; do
-	      mkdir -p "unfat-$$/${darwin_base_archive}-${darwin_arch}"
-	      lipo -thin $darwin_arch -output "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}" "${darwin_archive}"
-	      cd "unfat-$$/${darwin_base_archive}-${darwin_arch}"
-	      func_extract_an_archive "`pwd`" "${darwin_base_archive}"
-	      cd "$darwin_curdir"
-	      $rm "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}"
-	    done # $darwin_arches
-      ## Okay now we have a bunch of thin objects, gotta fatten them up :)
-	    darwin_filelist=`find unfat-$$ -type f -name \*.o -print -o -name \*.lo -print| xargs basename | sort -u | $NL2SP`
-	    darwin_file=
-	    darwin_files=
-	    for darwin_file in $darwin_filelist; do
-	      darwin_files=`find unfat-$$ -name $darwin_file -print | $NL2SP`
-	      lipo -create -output "$darwin_file" $darwin_files
-	    done # $darwin_filelist
-	    ${rm}r unfat-$$
-	    cd "$darwin_orig_dir"
-	  else
-	    cd "$darwin_orig_dir"
- 	    func_extract_an_archive "$my_xdir" "$my_xabs"
-	  fi # $darwin_arches
-	fi # $run
-	;;
-      *)
-        func_extract_an_archive "$my_xdir" "$my_xabs"
-        ;;
-      esac
-      my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | $NL2SP`
-    done
-    func_extract_archives_result="$my_oldobjs"
-}
-# End of Shell function definitions
-#####################################
-
-# Darwin sucks
-eval std_shrext=\"$shrext_cmds\"
-
-disable_libs=no
-
-# Parse our command line options once, thoroughly.
-while test "$#" -gt 0
-do
-  arg="$1"
-  shift
-
-  case $arg in
-  -*=*) optarg=`$echo "X$arg" | $Xsed -e 's/[-_a-zA-Z0-9]*=//'` ;;
-  *) optarg= ;;
-  esac
-
-  # If the previous option needs an argument, assign it.
-  if test -n "$prev"; then
-    case $prev in
-    execute_dlfiles)
-      execute_dlfiles="$execute_dlfiles $arg"
-      ;;
-    tag)
-      tagname="$arg"
-      preserve_args="${preserve_args}=$arg"
-
-      # Check whether tagname contains only valid characters
-      case $tagname in
-      *[!-_A-Za-z0-9,/]*)
-	$echo "$progname: invalid tag name: $tagname" 1>&2
-	exit $EXIT_FAILURE
-	;;
-      esac
-
-      case $tagname in
-      CC)
-	# Don't test for the "default" C tag, as we know, it's there, but
-	# not specially marked.
-	;;
-      *)
-	if grep "^# ### BEGIN LIBTOOL TAG CONFIG: $tagname$" < "$progpath" > /dev/null; then
-	  taglist="$taglist $tagname"
-	  # Evaluate the configuration.
-	  eval "`${SED} -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$tagname'$/,/^# ### END LIBTOOL TAG CONFIG: '$tagname'$/p' < $progpath`"
-	else
-	  $echo "$progname: ignoring unknown tag $tagname" 1>&2
-	fi
-	;;
-      esac
-      ;;
-    *)
-      eval "$prev=\$arg"
-      ;;
-    esac
-
-    prev=
-    prevopt=
-    continue
-  fi
-
-  # Have we seen a non-optional argument yet?
-  case $arg in
-  --help)
-    show_help=yes
-    ;;
-
-  --version)
-    $echo "$PROGRAM (GNU $PACKAGE) $VERSION$TIMESTAMP"
-    $echo
-    $echo "Copyright (C) 2005  Free Software Foundation, Inc."
-    $echo "This is free software; see the source for copying conditions.  There is NO"
-    $echo "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
-    exit $?
-    ;;
-
-  --config)
-    ${SED} -e '1,/^# ### BEGIN LIBTOOL CONFIG/d' -e '/^# ### END LIBTOOL CONFIG/,$d' $progpath
-    # Now print the configurations for the tags.
-    for tagname in $taglist; do
-      ${SED} -n -e "/^# ### BEGIN LIBTOOL TAG CONFIG: $tagname$/,/^# ### END LIBTOOL TAG CONFIG: $tagname$/p" < "$progpath"
-    done
-    exit $?
-    ;;
-
-  --debug)
-    $echo "$progname: enabling shell trace mode"
-    set -x
-    preserve_args="$preserve_args $arg"
-    ;;
-
-  --dry-run | -n)
-    run=:
-    ;;
-
-  --features)
-    $echo "host: $host"
-    if test "$build_libtool_libs" = yes; then
-      $echo "enable shared libraries"
-    else
-      $echo "disable shared libraries"
-    fi
-    if test "$build_old_libs" = yes; then
-      $echo "enable static libraries"
-    else
-      $echo "disable static libraries"
-    fi
-    exit $?
-    ;;
-
-  --finish) mode="finish" ;;
-
-  --mode) prevopt="--mode" prev=mode ;;
-  --mode=*) mode="$optarg" ;;
-
-  --preserve-dup-deps) duplicate_deps="yes" ;;
-
-  --quiet | --silent)
-    show=:
-    preserve_args="$preserve_args $arg"
-    ;;
-
-  --tag)
-    prevopt="--tag"
-    prev=tag
-    preserve_args="$preserve_args --tag"
-    ;;
-  --tag=*)
-    set tag "$optarg" ${1+"$@"}
-    shift
-    prev=tag
-    preserve_args="$preserve_args --tag"
-    ;;
-
-  -dlopen)
-    prevopt="-dlopen"
-    prev=execute_dlfiles
-    ;;
-
-  -*)
-    $echo "$modename: unrecognized option \`$arg'" 1>&2
-    $echo "$help" 1>&2
-    exit $EXIT_FAILURE
-    ;;
-
-  *)
-    nonopt="$arg"
-    break
-    ;;
-  esac
-done
-
-if test -n "$prevopt"; then
-  $echo "$modename: option \`$prevopt' requires an argument" 1>&2
-  $echo "$help" 1>&2
-  exit $EXIT_FAILURE
-fi
-
-case $disable_libs in
-no) 
-  ;;
-shared)
-  build_libtool_libs=no
-  build_old_libs=yes
-  ;;
-static)
-  build_old_libs=`case $build_libtool_libs in yes) echo no;; *) echo yes;; esac`
-  ;;
-esac
-
-# If this variable is set in any of the actions, the command in it
-# will be execed at the end.  This prevents here-documents from being
-# left over by shells.
-exec_cmd=
-
-if test -z "$show_help"; then
-
-  # Infer the operation mode.
-  if test -z "$mode"; then
-    $echo "*** Warning: inferring the mode of operation is deprecated." 1>&2
-    $echo "*** Future versions of Libtool will require --mode=MODE be specified." 1>&2
-    case $nonopt in
-    *cc | cc* | *++ | gcc* | *-gcc* | g++* | xlc*)
-      mode=link
-      for arg
-      do
-	case $arg in
-	-c)
-	   mode=compile
-	   break
-	   ;;
-	esac
-      done
-      ;;
-    *db | *dbx | *strace | *truss)
-      mode=execute
-      ;;
-    *install*|cp|mv)
-      mode=install
-      ;;
-    *rm)
-      mode=uninstall
-      ;;
-    *)
-      # If we have no mode, but dlfiles were specified, then do execute mode.
-      test -n "$execute_dlfiles" && mode=execute
-
-      # Just use the default operation mode.
-      if test -z "$mode"; then
-	if test -n "$nonopt"; then
-	  $echo "$modename: warning: cannot infer operation mode from \`$nonopt'" 1>&2
-	else
-	  $echo "$modename: warning: cannot infer operation mode without MODE-ARGS" 1>&2
-	fi
-      fi
-      ;;
-    esac
-  fi
-
-  # Only execute mode is allowed to have -dlopen flags.
-  if test -n "$execute_dlfiles" && test "$mode" != execute; then
-    $echo "$modename: unrecognized option \`-dlopen'" 1>&2
-    $echo "$help" 1>&2
-    exit $EXIT_FAILURE
-  fi
-
-  # Change the help message to a mode-specific one.
-  generic_help="$help"
-  help="Try \`$modename --help --mode=$mode' for more information."
-
-  # These modes are in order of execution frequency so that they run quickly.
-  case $mode in
-  # libtool compile mode
-  compile)
-    modename="$modename: compile"
-    # Get the compilation command and the source file.
-    base_compile=
-    srcfile="$nonopt"  #  always keep a non-empty value in "srcfile"
-    suppress_opt=yes
-    suppress_output=
-    arg_mode=normal
-    libobj=
-    later=
-
-    for arg
-    do
-      case $arg_mode in
-      arg  )
-	# do not "continue".  Instead, add this to base_compile
-	lastarg="$arg"
-	arg_mode=normal
-	;;
-
-      target )
-	libobj="$arg"
-	arg_mode=normal
-	continue
-	;;
-
-      normal )
-	# Accept any command-line options.
-	case $arg in
-	-o)
-	  if test -n "$libobj" ; then
-	    $echo "$modename: you cannot specify \`-o' more than once" 1>&2
-	    exit $EXIT_FAILURE
-	  fi
-	  arg_mode=target
-	  continue
-	  ;;
-
-	-static | -prefer-pic | -prefer-non-pic)
-	  later="$later $arg"
-	  continue
-	  ;;
-
-	-no-suppress)
-	  suppress_opt=no
-	  continue
-	  ;;
-
-	-Xcompiler)
-	  arg_mode=arg  #  the next one goes into the "base_compile" arg list
-	  continue      #  The current "srcfile" will either be retained or
-	  ;;            #  replaced later.  I would guess that would be a bug.
-
-	-Wc,*)
-	  args=`$echo "X$arg" | $Xsed -e "s/^-Wc,//"`
-	  lastarg=
-	  save_ifs="$IFS"; IFS=','
- 	  for arg in $args; do
-	    IFS="$save_ifs"
-
-	    # Double-quote args containing other shell metacharacters.
-	    # Many Bourne shells cannot handle close brackets correctly
-	    # in scan sets, so we specify it separately.
-	    case $arg in
-	      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
-	      arg="\"$arg\""
-	      ;;
-	    esac
-	    lastarg="$lastarg $arg"
-	  done
-	  IFS="$save_ifs"
-	  lastarg=`$echo "X$lastarg" | $Xsed -e "s/^ //"`
-
-	  # Add the arguments to base_compile.
-	  base_compile="$base_compile $lastarg"
-	  continue
-	  ;;
-
-	* )
-	  # Accept the current argument as the source file.
-	  # The previous "srcfile" becomes the current argument.
-	  #
-	  lastarg="$srcfile"
-	  srcfile="$arg"
-	  ;;
-	esac  #  case $arg
-	;;
-      esac    #  case $arg_mode
-
-      # Aesthetically quote the previous argument.
-      lastarg=`$echo "X$lastarg" | $Xsed -e "$sed_quote_subst"`
-
-      case $lastarg in
-      # Double-quote args containing other shell metacharacters.
-      # Many Bourne shells cannot handle close brackets correctly
-      # in scan sets, and some SunOS ksh mistreat backslash-escaping
-      # in scan sets (worked around with variable expansion),
-      # and furthermore cannot handle '|' '&' '(' ')' in scan sets 
-      # at all, so we specify them separately.
-      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
-	lastarg="\"$lastarg\""
-	;;
-      esac
-
-      base_compile="$base_compile $lastarg"
-    done # for arg
-
-    case $arg_mode in
-    arg)
-      $echo "$modename: you must specify an argument for -Xcompile"
-      exit $EXIT_FAILURE
-      ;;
-    target)
-      $echo "$modename: you must specify a target with \`-o'" 1>&2
-      exit $EXIT_FAILURE
-      ;;
-    *)
-      # Get the name of the library object.
-      [ -z "$libobj" ] && libobj=`$echo "X$srcfile" | $Xsed -e 's%^.*/%%'`
-      ;;
-    esac
-
-    # Recognize several different file suffixes.
-    # If the user specifies -o file.o, it is replaced with file.lo
-    xform='[cCFSifmso]'
-    case $libobj in
-    *.ada) xform=ada ;;
-    *.adb) xform=adb ;;
-    *.ads) xform=ads ;;
-    *.asm) xform=asm ;;
-    *.c++) xform=c++ ;;
-    *.cc) xform=cc ;;
-    *.ii) xform=ii ;;
-    *.class) xform=class ;;
-    *.cpp) xform=cpp ;;
-    *.cxx) xform=cxx ;;
-    *.f90) xform=f90 ;;
-    *.for) xform=for ;;
-    *.java) xform=java ;;
-    esac
-
-    libobj=`$echo "X$libobj" | $Xsed -e "s/\.$xform$/.lo/"`
-
-    case $libobj in
-    *.lo) obj=`$echo "X$libobj" | $Xsed -e "$lo2o"` ;;
-    *)
-      $echo "$modename: cannot determine name of library object from \`$libobj'" 1>&2
-      exit $EXIT_FAILURE
-      ;;
-    esac
-
-    func_infer_tag $base_compile
-
-    for arg in $later; do
-      case $arg in
-      -static)
-	build_old_libs=yes
-	continue
-	;;
-
-      -prefer-pic)
-	pic_mode=yes
-	continue
-	;;
-
-      -prefer-non-pic)
-	pic_mode=no
-	continue
-	;;
-      esac
-    done
-
-    qlibobj=`$echo "X$libobj" | $Xsed -e "$sed_quote_subst"`
-    case $qlibobj in
-      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
-	qlibobj="\"$qlibobj\"" ;;
-    esac
-    test "X$libobj" != "X$qlibobj" \
-	&& $echo "X$libobj" | grep '[]~#^*{};<>?"'"'"' 	&()|`$[]' \
-	&& $echo "$modename: libobj name \`$libobj' may not contain shell special characters."
-    objname=`$echo "X$obj" | $Xsed -e 's%^.*/%%'`
-    xdir=`$echo "X$obj" | $Xsed -e 's%/[^/]*$%%'`
-    if test "X$xdir" = "X$obj"; then
-      xdir=
-    else
-      xdir=$xdir/
-    fi
-    lobj=${xdir}$objdir/$objname
-
-    if test -z "$base_compile"; then
-      $echo "$modename: you must specify a compilation command" 1>&2
-      $echo "$help" 1>&2
-      exit $EXIT_FAILURE
-    fi
-
-    # Delete any leftover library objects.
-    if test "$build_old_libs" = yes; then
-      removelist="$obj $lobj $libobj ${libobj}T"
-    else
-      removelist="$lobj $libobj ${libobj}T"
-    fi
-
-    $run $rm $removelist
-    trap "$run $rm $removelist; exit $EXIT_FAILURE" 1 2 15
-
-    # On Cygwin there's no "real" PIC flag so we must build both object types
-    case $host_os in
-    cygwin* | mingw* | pw32* | os2*)
-      pic_mode=default
-      ;;
-    esac
-    if test "$pic_mode" = no && test "$deplibs_check_method" != pass_all; then
-      # non-PIC code in shared libraries is not supported
-      pic_mode=default
-    fi
-
-    # Calculate the filename of the output object if compiler does
-    # not support -o with -c
-    if test "$compiler_c_o" = no; then
-      output_obj=`$echo "X$srcfile" | $Xsed -e 's%^.*/%%' -e 's%\.[^.]*$%%'`.${objext}
-      lockfile="$output_obj.lock"
-      removelist="$removelist $output_obj $lockfile"
-      trap "$run $rm $removelist; exit $EXIT_FAILURE" 1 2 15
-    else
-      output_obj=
-      need_locks=no
-      lockfile=
-    fi
-
-    # Lock this critical section if it is needed
-    # We use this script file to make the link, it avoids creating a new file
-    if test "$need_locks" = yes; then
-      until $run ln "$progpath" "$lockfile" 2>/dev/null; do
-	$show "Waiting for $lockfile to be removed"
-	sleep 2
-      done
-    elif test "$need_locks" = warn; then
-      if test -f "$lockfile"; then
-	$echo "\
-*** ERROR, $lockfile exists and contains:
-`cat $lockfile 2>/dev/null`
-
-This indicates that another process is trying to use the same
-temporary object file, and libtool could not work around it because
-your compiler does not support \`-c' and \`-o' together.  If you
-repeat this compilation, it may succeed, by chance, but you had better
-avoid parallel builds (make -j) in this platform, or get a better
-compiler."
-
-	$run $rm $removelist
-	exit $EXIT_FAILURE
-      fi
-      $echo "$srcfile" > "$lockfile"
-    fi
-
-    if test -n "$fix_srcfile_path"; then
-      eval srcfile=\"$fix_srcfile_path\"
-    fi
-    qsrcfile=`$echo "X$srcfile" | $Xsed -e "$sed_quote_subst"`
-    case $qsrcfile in
-      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
-      qsrcfile="\"$qsrcfile\"" ;;
-    esac
-
-    $run $rm "$libobj" "${libobj}T"
-
-    # Create a libtool object file (analogous to a ".la" file),
-    # but don't create it if we're doing a dry run.
-    test -z "$run" && cat > ${libobj}T <<EOF
-# $libobj - a libtool object file
-# Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP
-#
-# Please DO NOT delete this file!
-# It is necessary for linking the library.
-
-# Name of the PIC object.
-EOF
-
-    # Only build a PIC object if we are building libtool libraries.
-    if test "$build_libtool_libs" = yes; then
-      # Without this assignment, base_compile gets emptied.
-      fbsd_hideous_sh_bug=$base_compile
-
-      if test "$pic_mode" != no; then
-	command="$base_compile $qsrcfile $pic_flag"
-      else
-	# Don't build PIC code
-	command="$base_compile $qsrcfile"
-      fi
-
-      if test ! -d "${xdir}$objdir"; then
-	$show "$mkdir ${xdir}$objdir"
-	$run $mkdir ${xdir}$objdir
-	exit_status=$?
-	if test "$exit_status" -ne 0 && test ! -d "${xdir}$objdir"; then
-	  exit $exit_status
-	fi
-      fi
-
-      if test -z "$output_obj"; then
-	# Place PIC objects in $objdir
-	command="$command -o $lobj"
-      fi
-
-      $run $rm "$lobj" "$output_obj"
-
-      $show "$command"
-      if $run eval "$command"; then :
-      else
-	test -n "$output_obj" && $run $rm $removelist
-	exit $EXIT_FAILURE
-      fi
-
-      if test "$need_locks" = warn &&
-	 test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then
-	$echo "\
-*** ERROR, $lockfile contains:
-`cat $lockfile 2>/dev/null`
-
-but it should contain:
-$srcfile
-
-This indicates that another process is trying to use the same
-temporary object file, and libtool could not work around it because
-your compiler does not support \`-c' and \`-o' together.  If you
-repeat this compilation, it may succeed, by chance, but you had better
-avoid parallel builds (make -j) in this platform, or get a better
-compiler."
-
-	$run $rm $removelist
-	exit $EXIT_FAILURE
-      fi
-
-      # Just move the object if needed, then go on to compile the next one
-      if test -n "$output_obj" && test "X$output_obj" != "X$lobj"; then
-	$show "$mv $output_obj $lobj"
-	if $run $mv $output_obj $lobj; then :
-	else
-	  error=$?
-	  $run $rm $removelist
-	  exit $error
-	fi
-      fi
-
-      # Append the name of the PIC object to the libtool object file.
-      test -z "$run" && cat >> ${libobj}T <<EOF
-pic_object='$objdir/$objname'
-
-EOF
-
-      # Allow error messages only from the first compilation.
-      if test "$suppress_opt" = yes; then
-        suppress_output=' >/dev/null 2>&1'
-      fi
-    else
-      # No PIC object so indicate it doesn't exist in the libtool
-      # object file.
-      test -z "$run" && cat >> ${libobj}T <<EOF
-pic_object=none
-
-EOF
-    fi
-
-    # Only build a position-dependent object if we build old libraries.
-    if test "$build_old_libs" = yes; then
-      if test "$pic_mode" != yes; then
-	# Don't build PIC code
-	command="$base_compile $qsrcfile"
-      else
-	command="$base_compile $qsrcfile $pic_flag"
-      fi
-      if test "$compiler_c_o" = yes; then
-	command="$command -o $obj"
-      fi
-
-      # Suppress compiler output if we already did a PIC compilation.
-      command="$command$suppress_output"
-      $run $rm "$obj" "$output_obj"
-      $show "$command"
-      if $run eval "$command"; then :
-      else
-	$run $rm $removelist
-	exit $EXIT_FAILURE
-      fi
-
-      if test "$need_locks" = warn &&
-	 test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then
-	$echo "\
-*** ERROR, $lockfile contains:
-`cat $lockfile 2>/dev/null`
-
-but it should contain:
-$srcfile
-
-This indicates that another process is trying to use the same
-temporary object file, and libtool could not work around it because
-your compiler does not support \`-c' and \`-o' together.  If you
-repeat this compilation, it may succeed, by chance, but you had better
-avoid parallel builds (make -j) in this platform, or get a better
-compiler."
-
-	$run $rm $removelist
-	exit $EXIT_FAILURE
-      fi
-
-      # Just move the object if needed
-      if test -n "$output_obj" && test "X$output_obj" != "X$obj"; then
-	$show "$mv $output_obj $obj"
-	if $run $mv $output_obj $obj; then :
-	else
-	  error=$?
-	  $run $rm $removelist
-	  exit $error
-	fi
-      fi
-
-      # Append the name of the non-PIC object the libtool object file.
-      # Only append if the libtool object file exists.
-      test -z "$run" && cat >> ${libobj}T <<EOF
-# Name of the non-PIC object.
-non_pic_object='$objname'
-
-EOF
-    else
-      # Append the name of the non-PIC object the libtool object file.
-      # Only append if the libtool object file exists.
-      test -z "$run" && cat >> ${libobj}T <<EOF
-# Name of the non-PIC object.
-non_pic_object=none
-
-EOF
-    fi
-
-    $run $mv "${libobj}T" "${libobj}"
-
-    # Unlock the critical section if it was locked
-    if test "$need_locks" != no; then
-      $run $rm "$lockfile"
-    fi
-
-    exit $EXIT_SUCCESS
-    ;;
-
-  # libtool link mode
-  link | relink)
-    modename="$modename: link"
-    case $host in
-    *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2*)
-      # It is impossible to link a dll without this setting, and
-      # we shouldn't force the makefile maintainer to figure out
-      # which system we are compiling for in order to pass an extra
-      # flag for every libtool invocation.
-      # allow_undefined=no
-
-      # FIXME: Unfortunately, there are problems with the above when trying
-      # to make a dll which has undefined symbols, in which case not
-      # even a static library is built.  For now, we need to specify
-      # -no-undefined on the libtool link line when we can be certain
-      # that all symbols are satisfied, otherwise we get a static library.
-      allow_undefined=yes
-      ;;
-    *)
-      allow_undefined=yes
-      ;;
-    esac
-    libtool_args="$nonopt"
-    base_compile="$nonopt $@"
-    compile_command="$nonopt"
-    finalize_command="$nonopt"
-
-    compile_rpath=
-    finalize_rpath=
-    compile_shlibpath=
-    finalize_shlibpath=
-    convenience=
-    old_convenience=
-    deplibs=
-    old_deplibs=
-    compiler_flags=
-    linker_flags=
-    dllsearchpath=
-    lib_search_path=`pwd`
-    inst_prefix_dir=
-
-    avoid_version=no
-    dlfiles=
-    dlprefiles=
-    dlself=no
-    export_dynamic=no
-    export_symbols=
-    export_symbols_regex=
-    generated=
-    libobjs=
-    ltlibs=
-    module=no
-    no_install=no
-    objs=
-    non_pic_objects=
-    notinst_path= # paths that contain not-installed libtool libraries
-    precious_files_regex=
-    prefer_static_libs=no
-    preload=no
-    prev=
-    prevarg=
-    release=
-    rpath=
-    xrpath=
-    perm_rpath=
-    temp_rpath=
-    thread_safe=no
-    vinfo=
-    vinfo_number=no
-
-    func_infer_tag $base_compile
-
-    # We need to know -static, to get the right output filenames.
-    for arg
-    do
-      case $arg in
-      -all-static | -static)
-	if test "X$arg" = "X-all-static"; then
-	  if test "$build_libtool_libs" = yes && test -z "$link_static_flag"; then
-	    $echo "$modename: warning: complete static linking is impossible in this configuration" 1>&2
-	  fi
-	  if test -n "$link_static_flag"; then
-	    dlopen_self=$dlopen_self_static
-	  fi
-	  prefer_static_libs=yes
-	else
-	  if test -z "$pic_flag" && test -n "$link_static_flag"; then
-	    dlopen_self=$dlopen_self_static
-	  fi
-	  prefer_static_libs=built
-	fi
-	build_libtool_libs=no
-	build_old_libs=yes
-	break
-	;;
-      esac
-    done
-
-    # See if our shared archives depend on static archives.
-    test -n "$old_archive_from_new_cmds" && build_old_libs=yes
-
-    # Go through the arguments, transforming them on the way.
-    while test "$#" -gt 0; do
-      arg="$1"
-      shift
-      case $arg in
-      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
-	qarg=\"`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`\" ### testsuite: skip nested quoting test
-	;;
-      *) qarg=$arg ;;
-      esac
-      libtool_args="$libtool_args $qarg"
-
-      # If the previous option needs an argument, assign it.
-      if test -n "$prev"; then
-	case $prev in
-	output)
-	  compile_command="$compile_command @OUTPUT@"
-	  finalize_command="$finalize_command @OUTPUT@"
-	  ;;
-	esac
-
-	case $prev in
-	dlfiles|dlprefiles)
-	  if test "$preload" = no; then
-	    # Add the symbol object into the linking commands.
-	    compile_command="$compile_command @SYMFILE@"
-	    finalize_command="$finalize_command @SYMFILE@"
-	    preload=yes
-	  fi
-	  case $arg in
-	  *.la | *.lo) ;;  # We handle these cases below.
-	  force)
-	    if test "$dlself" = no; then
-	      dlself=needless
-	      export_dynamic=yes
-	    fi
-	    prev=
-	    continue
-	    ;;
-	  self)
-	    if test "$prev" = dlprefiles; then
-	      dlself=yes
-	    elif test "$prev" = dlfiles && test "$dlopen_self" != yes; then
-	      dlself=yes
-	    else
-	      dlself=needless
-	      export_dynamic=yes
-	    fi
-	    prev=
-	    continue
-	    ;;
-	  *)
-	    if test "$prev" = dlfiles; then
-	      dlfiles="$dlfiles $arg"
-	    else
-	      dlprefiles="$dlprefiles $arg"
-	    fi
-	    prev=
-	    continue
-	    ;;
-	  esac
-	  ;;
-	expsyms)
-	  export_symbols="$arg"
-	  if test ! -f "$arg"; then
-	    $echo "$modename: symbol file \`$arg' does not exist"
-	    exit $EXIT_FAILURE
-	  fi
-	  prev=
-	  continue
-	  ;;
-	expsyms_regex)
-	  export_symbols_regex="$arg"
-	  prev=
-	  continue
-	  ;;
-	inst_prefix)
-	  inst_prefix_dir="$arg"
-	  prev=
-	  continue
-	  ;;
-	precious_regex)
-	  precious_files_regex="$arg"
-	  prev=
-	  continue
-	  ;;
-	release)
-	  release="-$arg"
-	  prev=
-	  continue
-	  ;;
-	objectlist)
-	  if test -f "$arg"; then
-	    save_arg=$arg
-	    moreargs=
-	    for fil in `cat $save_arg`
-	    do
-#	      moreargs="$moreargs $fil"
-	      arg=$fil
-	      # A libtool-controlled object.
-
-	      # Check to see that this really is a libtool object.
-	      if (${SED} -e '2q' $arg | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
-		pic_object=
-		non_pic_object=
-
-		# Read the .lo file
-		# If there is no directory component, then add one.
-		case $arg in
-		*/* | *\\*) . $arg ;;
-		*) . ./$arg ;;
-		esac
-
-		if test -z "$pic_object" || \
-		   test -z "$non_pic_object" ||
-		   test "$pic_object" = none && \
-		   test "$non_pic_object" = none; then
-		  $echo "$modename: cannot find name of object for \`$arg'" 1>&2
-		  exit $EXIT_FAILURE
-		fi
-
-		# Extract subdirectory from the argument.
-		xdir=`$echo "X$arg" | $Xsed -e 's%/[^/]*$%%'`
-		if test "X$xdir" = "X$arg"; then
-		  xdir=
-		else
-		  xdir="$xdir/"
-		fi
-
-		if test "$pic_object" != none; then
-		  # Prepend the subdirectory the object is found in.
-		  pic_object="$xdir$pic_object"
-
-		  if test "$prev" = dlfiles; then
-		    if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then
-		      dlfiles="$dlfiles $pic_object"
-		      prev=
-		      continue
-		    else
-		      # If libtool objects are unsupported, then we need to preload.
-		      prev=dlprefiles
-		    fi
-		  fi
-
-		  # CHECK ME:  I think I busted this.  -Ossama
-		  if test "$prev" = dlprefiles; then
-		    # Preload the old-style object.
-		    dlprefiles="$dlprefiles $pic_object"
-		    prev=
-		  fi
-
-		  # A PIC object.
-		  libobjs="$libobjs $pic_object"
-		  arg="$pic_object"
-		fi
-
-		# Non-PIC object.
-		if test "$non_pic_object" != none; then
-		  # Prepend the subdirectory the object is found in.
-		  non_pic_object="$xdir$non_pic_object"
-
-		  # A standard non-PIC object
-		  non_pic_objects="$non_pic_objects $non_pic_object"
-		  if test -z "$pic_object" || test "$pic_object" = none ; then
-		    arg="$non_pic_object"
-		  fi
-		else
-		  # If the PIC object exists, use it instead.
-		  # $xdir was prepended to $pic_object above.
-		  non_pic_object="$pic_object"
-		  non_pic_objects="$non_pic_objects $non_pic_object"
-		fi
-	      else
-		# Only an error if not doing a dry-run.
-		if test -z "$run"; then
-		  $echo "$modename: \`$arg' is not a valid libtool object" 1>&2
-		  exit $EXIT_FAILURE
-		else
-		  # Dry-run case.
-
-		  # Extract subdirectory from the argument.
-		  xdir=`$echo "X$arg" | $Xsed -e 's%/[^/]*$%%'`
-		  if test "X$xdir" = "X$arg"; then
-		    xdir=
-		  else
-		    xdir="$xdir/"
-		  fi
-
-		  pic_object=`$echo "X${xdir}${objdir}/${arg}" | $Xsed -e "$lo2o"`
-		  non_pic_object=`$echo "X${xdir}${arg}" | $Xsed -e "$lo2o"`
-		  libobjs="$libobjs $pic_object"
-		  non_pic_objects="$non_pic_objects $non_pic_object"
-		fi
-	      fi
-	    done
-	  else
-	    $echo "$modename: link input file \`$save_arg' does not exist"
-	    exit $EXIT_FAILURE
-	  fi
-	  arg=$save_arg
-	  prev=
-	  continue
-	  ;;
-	rpath | xrpath)
-	  # We need an absolute path.
-	  case $arg in
-	  [\\/]* | [A-Za-z]:[\\/]*) ;;
-	  *)
-	    $echo "$modename: only absolute run-paths are allowed" 1>&2
-	    exit $EXIT_FAILURE
-	    ;;
-	  esac
-	  if test "$prev" = rpath; then
-	    case "$rpath " in
-	    *" $arg "*) ;;
-	    *) rpath="$rpath $arg" ;;
-	    esac
-	  else
-	    case "$xrpath " in
-	    *" $arg "*) ;;
-	    *) xrpath="$xrpath $arg" ;;
-	    esac
-	  fi
-	  prev=
-	  continue
-	  ;;
-	xcompiler)
-	  compiler_flags="$compiler_flags $qarg"
-	  prev=
-	  compile_command="$compile_command $qarg"
-	  finalize_command="$finalize_command $qarg"
-	  continue
-	  ;;
-	xlinker)
-	  linker_flags="$linker_flags $qarg"
-	  compiler_flags="$compiler_flags $wl$qarg"
-	  prev=
-	  compile_command="$compile_command $wl$qarg"
-	  finalize_command="$finalize_command $wl$qarg"
-	  continue
-	  ;;
-	xcclinker)
-	  linker_flags="$linker_flags $qarg"
-	  compiler_flags="$compiler_flags $qarg"
-	  prev=
-	  compile_command="$compile_command $qarg"
-	  finalize_command="$finalize_command $qarg"
-	  continue
-	  ;;
-	shrext)
-  	  shrext_cmds="$arg"
-	  prev=
-	  continue
-	  ;;
-	darwin_framework|darwin_framework_skip)
-	  test "$prev" = "darwin_framework" && compiler_flags="$compiler_flags $arg"
-	  compile_command="$compile_command $arg"
-	  finalize_command="$finalize_command $arg"
-	  prev=
-	  continue
-	  ;;
-	*)
-	  eval "$prev=\"\$arg\""
-	  prev=
-	  continue
-	  ;;
-	esac
-      fi # test -n "$prev"
-
-      prevarg="$arg"
-
-      case $arg in
-      -all-static)
-	if test -n "$link_static_flag"; then
-	  compile_command="$compile_command $link_static_flag"
-	  finalize_command="$finalize_command $link_static_flag"
-	fi
-	continue
-	;;
-
-      -allow-undefined)
-	# FIXME: remove this flag sometime in the future.
-	$echo "$modename: \`-allow-undefined' is deprecated because it is the default" 1>&2
-	continue
-	;;
-
-      -avoid-version)
-	avoid_version=yes
-	continue
-	;;
-
-      -dlopen)
-	prev=dlfiles
-	continue
-	;;
-
-      -dlpreopen)
-	prev=dlprefiles
-	continue
-	;;
-
-      -export-dynamic)
-	export_dynamic=yes
-	continue
-	;;
-
-      -export-symbols | -export-symbols-regex)
-	if test -n "$export_symbols" || test -n "$export_symbols_regex"; then
-	  $echo "$modename: more than one -exported-symbols argument is not allowed"
-	  exit $EXIT_FAILURE
-	fi
-	if test "X$arg" = "X-export-symbols"; then
-	  prev=expsyms
-	else
-	  prev=expsyms_regex
-	fi
-	continue
-	;;
-
-      -framework|-arch|-isysroot)
-	case " $CC " in
-	  *" ${arg} ${1} "* | *" ${arg}	${1} "*) 
-		prev=darwin_framework_skip ;;
-	  *) compiler_flags="$compiler_flags $arg"
-	     prev=darwin_framework ;;
-	esac
-	compile_command="$compile_command $arg"
-	finalize_command="$finalize_command $arg"
-	continue
-	;;
-
-      -inst-prefix-dir)
-	prev=inst_prefix
-	continue
-	;;
-
-      # The native IRIX linker understands -LANG:*, -LIST:* and -LNO:*
-      # so, if we see these flags be careful not to treat them like -L
-      -L[A-Z][A-Z]*:*)
-	case $with_gcc/$host in
-	no/*-*-irix* | /*-*-irix*)
-	  compile_command="$compile_command $arg"
-	  finalize_command="$finalize_command $arg"
-	  ;;
-	esac
-	continue
-	;;
-
-      -L*)
-	dir=`$echo "X$arg" | $Xsed -e 's/^-L//'`
-	# We need an absolute path.
-	case $dir in
-	[\\/]* | [A-Za-z]:[\\/]*) ;;
-	*)
-	  absdir=`cd "$dir" && pwd`
-	  if test -z "$absdir"; then
-	    $echo "$modename: cannot determine absolute directory name of \`$dir'" 1>&2
-	    absdir="$dir"
-	    notinst_path="$notinst_path $dir"
-	  fi
-	  dir="$absdir"
-	  ;;
-	esac
-	case "$deplibs " in
-	*" -L$dir "*) ;;
-	*)
-	  deplibs="$deplibs -L$dir"
-	  lib_search_path="$lib_search_path $dir"
-	  ;;
-	esac
-	case $host in
-	*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2*)
-	  testbindir=`$echo "X$dir" | $Xsed -e 's*/lib$*/bin*'`
-	  case :$dllsearchpath: in
-	  *":$dir:"*) ;;
-	  *) dllsearchpath="$dllsearchpath:$dir";;
-	  esac
-	  case :$dllsearchpath: in
-	  *":$testbindir:"*) ;;
-	  *) dllsearchpath="$dllsearchpath:$testbindir";;
-	  esac
-	  ;;
-	esac
-	continue
-	;;
-
-      -l*)
-	if test "X$arg" = "X-lc" || test "X$arg" = "X-lm"; then
-	  case $host in
-	  *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos*)
-	    # These systems don't actually have a C or math library (as such)
-	    continue
-	    ;;
-	  *-*-os2*)
-	    # These systems don't actually have a C library (as such)
-	    test "X$arg" = "X-lc" && continue
-	    ;;
-	  *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
-	    # Do not include libc due to us having libc/libc_r.
-	    test "X$arg" = "X-lc" && continue
-	    ;;
-	  *-*-rhapsody* | *-*-darwin1.[012])
-	    # Rhapsody C and math libraries are in the System framework
-	    deplibs="$deplibs -framework System"
-	    continue
-	    ;;
-	  *-*-sco3.2v5* | *-*-sco5v6*)
-	    # Causes problems with __ctype
-	    test "X$arg" = "X-lc" && continue
-	    ;;
-	  *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*)
-	    # Compiler inserts libc in the correct place for threads to work
-	    test "X$arg" = "X-lc" && continue
-	    ;;
-	  esac
-	elif test "X$arg" = "X-lc_r"; then
-	 case $host in
-	 *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
-	   # Do not include libc_r directly, use -pthread flag.
-	   continue
-	   ;;
-	 esac
-	fi
-	deplibs="$deplibs $arg"
-	continue
-	;;
-
-      # Tru64 UNIX uses -model [arg] to determine the layout of C++
-      # classes, name mangling, and exception handling.
-      -model)
-	compile_command="$compile_command $arg"
-	compiler_flags="$compiler_flags $arg"
-	finalize_command="$finalize_command $arg"
-	prev=xcompiler
-	continue
-	;;
-
-     -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe)
-	compiler_flags="$compiler_flags $arg"
-	compile_command="$compile_command $arg"
-	finalize_command="$finalize_command $arg"
-	continue
-	;;
-
-      -module)
-	module=yes
-	continue
-	;;
-
-      # -64, -mips[0-9] enable 64-bit mode on the SGI compiler
-      # -r[0-9][0-9]* specifies the processor on the SGI compiler
-      # -xarch=*, -xtarget=* enable 64-bit mode on the Sun compiler
-      # +DA*, +DD* enable 64-bit mode on the HP compiler
-      # -q* pass through compiler args for the IBM compiler
-      # -m* pass through architecture-specific compiler args for GCC
-      # -m*, -t[45]*, -txscale* pass through architecture-specific
-      # compiler args for GCC
-      # -pg pass through profiling flag for GCC
-      # @file GCC response files
-      -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*|-pg| \
-      -t[45]*|-txscale*|@*)
-
-	# Unknown arguments in both finalize_command and compile_command need
-	# to be aesthetically quoted because they are evaled later.
-	arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
-	case $arg in
-	*[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
-	  arg="\"$arg\""
-	  ;;
-	esac
-        compile_command="$compile_command $arg"
-        finalize_command="$finalize_command $arg"
-        compiler_flags="$compiler_flags $arg"
-        continue
-        ;;
-
-      -shrext)
-	prev=shrext
-	continue
-	;;
-
-      -no-fast-install)
-	fast_install=no
-	continue
-	;;
-
-      -no-install)
-	case $host in
-	*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2*)
-	  # The PATH hackery in wrapper scripts is required on Windows
-	  # in order for the loader to find any dlls it needs.
-	  $echo "$modename: warning: \`-no-install' is ignored for $host" 1>&2
-	  $echo "$modename: warning: assuming \`-no-fast-install' instead" 1>&2
-	  fast_install=no
-	  ;;
-	*) no_install=yes ;;
-	esac
-	continue
-	;;
-
-      -no-undefined)
-	allow_undefined=no
-	continue
-	;;
-
-      -objectlist)
-	prev=objectlist
-	continue
-	;;
-
-      -o) prev=output ;;
-
-      -precious-files-regex)
-	prev=precious_regex
-	continue
-	;;
-
-      -release)
-	prev=release
-	continue
-	;;
-
-      -rpath)
-	prev=rpath
-	continue
-	;;
-
-      -R)
-	prev=xrpath
-	continue
-	;;
-
-      -R*)
-	dir=`$echo "X$arg" | $Xsed -e 's/^-R//'`
-	# We need an absolute path.
-	case $dir in
-	[\\/]* | [A-Za-z]:[\\/]*) ;;
-	*)
-	  $echo "$modename: only absolute run-paths are allowed" 1>&2
-	  exit $EXIT_FAILURE
-	  ;;
-	esac
-	case "$xrpath " in
-	*" $dir "*) ;;
-	*) xrpath="$xrpath $dir" ;;
-	esac
-	continue
-	;;
-
-      -static)
-	# The effects of -static are defined in a previous loop.
-	# We used to do the same as -all-static on platforms that
-	# didn't have a PIC flag, but the assumption that the effects
-	# would be equivalent was wrong.  It would break on at least
-	# Digital Unix and AIX.
-	continue
-	;;
-
-      -thread-safe)
-	thread_safe=yes
-	continue
-	;;
-
-      -version-info)
-	prev=vinfo
-	continue
-	;;
-      -version-number)
-	prev=vinfo
-	vinfo_number=yes
-	continue
-	;;
-
-      -Wc,*)
-	args=`$echo "X$arg" | $Xsed -e "$sed_quote_subst" -e 's/^-Wc,//'`
-	arg=
-	save_ifs="$IFS"; IFS=','
-	for flag in $args; do
-	  IFS="$save_ifs"
-	  case $flag in
-	    *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
-	    flag="\"$flag\""
-	    ;;
-	  esac
-	  arg="$arg $wl$flag"
-	  compiler_flags="$compiler_flags $flag"
-	done
-	IFS="$save_ifs"
-	arg=`$echo "X$arg" | $Xsed -e "s/^ //"`
-	;;
-
-      -Wl,*)
-	args=`$echo "X$arg" | $Xsed -e "$sed_quote_subst" -e 's/^-Wl,//'`
-	arg=
-	save_ifs="$IFS"; IFS=','
-	for flag in $args; do
-	  IFS="$save_ifs"
-	  case $flag in
-	    *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
-	    flag="\"$flag\""
-	    ;;
-	  esac
-	  arg="$arg $wl$flag"
-	  compiler_flags="$compiler_flags $wl$flag"
-	  linker_flags="$linker_flags $flag"
-	done
-	IFS="$save_ifs"
-	arg=`$echo "X$arg" | $Xsed -e "s/^ //"`
-	;;
-
-      -Xcompiler)
-	prev=xcompiler
-	continue
-	;;
-
-      -Xlinker)
-	prev=xlinker
-	continue
-	;;
-
-      -XCClinker)
-	prev=xcclinker
-	continue
-	;;
-
-      # Some other compiler flag.
-      -* | +*)
-	# Unknown arguments in both finalize_command and compile_command need
-	# to be aesthetically quoted because they are evaled later.
-	arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
-	case $arg in
-	*[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
-	  arg="\"$arg\""
-	  ;;
-	esac
-	;;
-
-      *.$objext)
-	# A standard object.
-	objs="$objs $arg"
-	;;
-
-      *.lo)
-	# A libtool-controlled object.
-
-	# Check to see that this really is a libtool object.
-	if (${SED} -e '2q' $arg | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
-	  pic_object=
-	  non_pic_object=
-
-	  # Read the .lo file
-	  # If there is no directory component, then add one.
-	  case $arg in
-	  */* | *\\*) . $arg ;;
-	  *) . ./$arg ;;
-	  esac
-
-	  if test -z "$pic_object" || \
-	     test -z "$non_pic_object" ||
-	     test "$pic_object" = none && \
-	     test "$non_pic_object" = none; then
-	    $echo "$modename: cannot find name of object for \`$arg'" 1>&2
-	    exit $EXIT_FAILURE
-	  fi
-
-	  # Extract subdirectory from the argument.
-	  xdir=`$echo "X$arg" | $Xsed -e 's%/[^/]*$%%'`
-	  if test "X$xdir" = "X$arg"; then
-	    xdir=
- 	  else
-	    xdir="$xdir/"
-	  fi
-
-	  if test "$pic_object" != none; then
-	    # Prepend the subdirectory the object is found in.
-	    pic_object="$xdir$pic_object"
-
-	    if test "$prev" = dlfiles; then
-	      if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then
-		dlfiles="$dlfiles $pic_object"
-		prev=
-		continue
-	      else
-		# If libtool objects are unsupported, then we need to preload.
-		prev=dlprefiles
-	      fi
-	    fi
-
-	    # CHECK ME:  I think I busted this.  -Ossama
-	    if test "$prev" = dlprefiles; then
-	      # Preload the old-style object.
-	      dlprefiles="$dlprefiles $pic_object"
-	      prev=
-	    fi
-
-	    # A PIC object.
-	    libobjs="$libobjs $pic_object"
-	    arg="$pic_object"
-	  fi
-
-	  # Non-PIC object.
-	  if test "$non_pic_object" != none; then
-	    # Prepend the subdirectory the object is found in.
-	    non_pic_object="$xdir$non_pic_object"
-
-	    # A standard non-PIC object
-	    non_pic_objects="$non_pic_objects $non_pic_object"
-	    if test -z "$pic_object" || test "$pic_object" = none ; then
-	      arg="$non_pic_object"
-	    fi
-	  else
-	    # If the PIC object exists, use it instead.
-	    # $xdir was prepended to $pic_object above.
-	    non_pic_object="$pic_object"
-	    non_pic_objects="$non_pic_objects $non_pic_object"
-	  fi
-	else
-	  # Only an error if not doing a dry-run.
-	  if test -z "$run"; then
-	    $echo "$modename: \`$arg' is not a valid libtool object" 1>&2
-	    exit $EXIT_FAILURE
-	  else
-	    # Dry-run case.
-
-	    # Extract subdirectory from the argument.
-	    xdir=`$echo "X$arg" | $Xsed -e 's%/[^/]*$%%'`
-	    if test "X$xdir" = "X$arg"; then
-	      xdir=
-	    else
-	      xdir="$xdir/"
-	    fi
-
-	    pic_object=`$echo "X${xdir}${objdir}/${arg}" | $Xsed -e "$lo2o"`
-	    non_pic_object=`$echo "X${xdir}${arg}" | $Xsed -e "$lo2o"`
-	    libobjs="$libobjs $pic_object"
-	    non_pic_objects="$non_pic_objects $non_pic_object"
-	  fi
-	fi
-	;;
-
-      *.$libext)
-	# An archive.
-	deplibs="$deplibs $arg"
-	old_deplibs="$old_deplibs $arg"
-	continue
-	;;
-
-      *.la)
-	# A libtool-controlled library.
-
-	if test "$prev" = dlfiles; then
-	  # This library was specified with -dlopen.
-	  dlfiles="$dlfiles $arg"
-	  prev=
-	elif test "$prev" = dlprefiles; then
-	  # The library was specified with -dlpreopen.
-	  dlprefiles="$dlprefiles $arg"
-	  prev=
-	else
-	  deplibs="$deplibs $arg"
-	fi
-	continue
-	;;
-
-      # Some other compiler argument.
-      *)
-	# Unknown arguments in both finalize_command and compile_command need
-	# to be aesthetically quoted because they are evaled later.
-	arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
-	case $arg in
-	*[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
-	  arg="\"$arg\""
-	  ;;
-	esac
-	;;
-      esac # arg
-
-      # Now actually substitute the argument into the commands.
-      if test -n "$arg"; then
-	compile_command="$compile_command $arg"
-	finalize_command="$finalize_command $arg"
-      fi
-    done # argument parsing loop
-
-    if test -n "$prev"; then
-      $echo "$modename: the \`$prevarg' option requires an argument" 1>&2
-      $echo "$help" 1>&2
-      exit $EXIT_FAILURE
-    fi
-
-    if test "$export_dynamic" = yes && test -n "$export_dynamic_flag_spec"; then
-      eval arg=\"$export_dynamic_flag_spec\"
-      compile_command="$compile_command $arg"
-      finalize_command="$finalize_command $arg"
-    fi
-
-    oldlibs=
-    # calculate the name of the file, without its directory
-    outputname=`$echo "X$output" | $Xsed -e 's%^.*/%%'`
-    libobjs_save="$libobjs"
-
-    if test -n "$shlibpath_var"; then
-      # get the directories listed in $shlibpath_var
-      eval shlib_search_path=\`\$echo \"X\${$shlibpath_var}\" \| \$Xsed -e \'s/:/ /g\'\`
-    else
-      shlib_search_path=
-    fi
-    eval sys_lib_search_path=\"$sys_lib_search_path_spec\"
-    eval sys_lib_dlsearch_path=\"$sys_lib_dlsearch_path_spec\"
-
-    output_objdir=`$echo "X$output" | $Xsed -e 's%/[^/]*$%%'`
-    if test "X$output_objdir" = "X$output"; then
-      output_objdir="$objdir"
-    else
-      output_objdir="$output_objdir/$objdir"
-    fi
-    # Create the object directory.
-    if test ! -d "$output_objdir"; then
-      $show "$mkdir $output_objdir"
-      $run $mkdir $output_objdir
-      exit_status=$?
-      if test "$exit_status" -ne 0 && test ! -d "$output_objdir"; then
-	exit $exit_status
-      fi
-    fi
-
-    # Determine the type of output
-    case $output in
-    "")
-      $echo "$modename: you must specify an output file" 1>&2
-      $echo "$help" 1>&2
-      exit $EXIT_FAILURE
-      ;;
-    *.$libext) linkmode=oldlib ;;
-    *.lo | *.$objext) linkmode=obj ;;
-    *.la) linkmode=lib ;;
-    *) linkmode=prog ;; # Anything else should be a program.
-    esac
-
-    case $host in
-    *cygwin* | *mingw* | *pw32*)
-      # don't eliminate duplications in $postdeps and $predeps
-      duplicate_compiler_generated_deps=yes
-      ;;
-    *)
-      duplicate_compiler_generated_deps=$duplicate_deps
-      ;;
-    esac
-    specialdeplibs=
-
-    libs=
-    # Find all interdependent deplibs by searching for libraries
-    # that are linked more than once (e.g. -la -lb -la)
-    for deplib in $deplibs; do
-      if test "X$duplicate_deps" = "Xyes" ; then
-	case "$libs " in
-	*" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
-	esac
-      fi
-      libs="$libs $deplib"
-    done
-
-    if test "$linkmode" = lib; then
-      libs="$predeps $libs $compiler_lib_search_path $postdeps"
-
-      # Compute libraries that are listed more than once in $predeps
-      # $postdeps and mark them as special (i.e., whose duplicates are
-      # not to be eliminated).
-      pre_post_deps=
-      if test "X$duplicate_compiler_generated_deps" = "Xyes" ; then
-	for pre_post_dep in $predeps $postdeps; do
-	  case "$pre_post_deps " in
-	  *" $pre_post_dep "*) specialdeplibs="$specialdeplibs $pre_post_deps" ;;
-	  esac
-	  pre_post_deps="$pre_post_deps $pre_post_dep"
-	done
-      fi
-      pre_post_deps=
-    fi
-
-    deplibs=
-    newdependency_libs=
-    newlib_search_path=
-    need_relink=no # whether we're linking any uninstalled libtool libraries
-    notinst_deplibs= # not-installed libtool libraries
-    case $linkmode in
-    lib)
-	passes="conv link"
-	for file in $dlfiles $dlprefiles; do
-	  case $file in
-	  *.la) ;;
-	  *)
-	    $echo "$modename: libraries can \`-dlopen' only libtool libraries: $file" 1>&2
-	    exit $EXIT_FAILURE
-	    ;;
-	  esac
-	done
-	;;
-    prog)
-	compile_deplibs=
-	finalize_deplibs=
-	alldeplibs=no
-	newdlfiles=
-	newdlprefiles=
-	passes="conv scan dlopen dlpreopen link"
-	;;
-    *)  passes="conv"
-	;;
-    esac
-    for pass in $passes; do
-      if test "$linkmode,$pass" = "lib,link" ||
-	 test "$linkmode,$pass" = "prog,scan"; then
-	libs="$deplibs"
-	deplibs=
-      fi
-      if test "$linkmode" = prog; then
-	case $pass in
-	dlopen) libs="$dlfiles" ;;
-	dlpreopen) libs="$dlprefiles" ;;
-	link) libs="$deplibs %DEPLIBS% $dependency_libs" ;;
-	esac
-      fi
-      if test "$pass" = dlopen; then
-	# Collect dlpreopened libraries
-	save_deplibs="$deplibs"
-	deplibs=
-      fi
-      for deplib in $libs; do
-	lib=
-	found=no
-	case $deplib in
-	-mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe)
-	  if test "$linkmode,$pass" = "prog,link"; then
-	    compile_deplibs="$deplib $compile_deplibs"
-	    finalize_deplibs="$deplib $finalize_deplibs"
-	  else
-	    compiler_flags="$compiler_flags $deplib"
-	  fi
-	  continue
-	  ;;
-	-l*)
-	  if test "$linkmode" != lib && test "$linkmode" != prog; then
-	    $echo "$modename: warning: \`-l' is ignored for archives/objects" 1>&2
-	    continue
-	  fi
-	  name=`$echo "X$deplib" | $Xsed -e 's/^-l//'`
-	  for searchdir in $newlib_search_path $lib_search_path $sys_lib_search_path $shlib_search_path; do
-	    for search_ext in .la $std_shrext .so .a; do
-	      # Search the libtool library
-	      lib="$searchdir/lib${name}${search_ext}"
-	      if test -f "$lib"; then
-		if test "$search_ext" = ".la"; then
-		  found=yes
-		else
-		  found=no
-		fi
-		break 2
-	      fi
-	    done
-	  done
-	  if test "$found" != yes; then
-	    # deplib doesn't seem to be a libtool library
-	    if test "$linkmode,$pass" = "prog,link"; then
-	      compile_deplibs="$deplib $compile_deplibs"
-	      finalize_deplibs="$deplib $finalize_deplibs"
-	    else
-	      deplibs="$deplib $deplibs"
-	      test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs"
-	    fi
-	    continue
-	  else # deplib is a libtool library
-	    # If $allow_libtool_libs_with_static_runtimes && $deplib is a stdlib,
-	    # We need to do some special things here, and not later.
-	    if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
-	      case " $predeps $postdeps " in
-	      *" $deplib "*)
-		if (${SED} -e '2q' $lib |
-                    grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
-		  library_names=
-		  old_library=
-		  case $lib in
-		  */* | *\\*) . $lib ;;
-		  *) . ./$lib ;;
-		  esac
-		  for l in $old_library $library_names; do
-		    ll="$l"
-		  done
-		  if test "X$ll" = "X$old_library" ; then # only static version available
-		    found=no
-		    ladir=`$echo "X$lib" | $Xsed -e 's%/[^/]*$%%'`
-		    test "X$ladir" = "X$lib" && ladir="."
-		    lib=$ladir/$old_library
-		    if test "$linkmode,$pass" = "prog,link"; then
-		      compile_deplibs="$deplib $compile_deplibs"
-		      finalize_deplibs="$deplib $finalize_deplibs"
-		    else
-		      deplibs="$deplib $deplibs"
-		      test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs"
-		    fi
-		    continue
-		  fi
-		fi
-	        ;;
-	      *) ;;
-	      esac
-	    fi
-	  fi
-	  ;; # -l
-	-L*)
-	  case $linkmode in
-	  lib)
-	    deplibs="$deplib $deplibs"
-	    test "$pass" = conv && continue
-	    newdependency_libs="$deplib $newdependency_libs"
-	    newlib_search_path="$newlib_search_path "`$echo "X$deplib" | $Xsed -e 's/^-L//'`
-	    ;;
-	  prog)
-	    if test "$pass" = conv; then
-	      deplibs="$deplib $deplibs"
-	      continue
-	    fi
-	    if test "$pass" = scan; then
-	      deplibs="$deplib $deplibs"
-	    else
-	      compile_deplibs="$deplib $compile_deplibs"
-	      finalize_deplibs="$deplib $finalize_deplibs"
-	    fi
-	    newlib_search_path="$newlib_search_path "`$echo "X$deplib" | $Xsed -e 's/^-L//'`
-	    ;;
-	  *)
-	    $echo "$modename: warning: \`-L' is ignored for archives/objects" 1>&2
-	    ;;
-	  esac # linkmode
-	  continue
-	  ;; # -L
-	-R*)
-	  if test "$pass" = link; then
-	    dir=`$echo "X$deplib" | $Xsed -e 's/^-R//'`
-	    # Make sure the xrpath contains only unique directories.
-	    case "$xrpath " in
-	    *" $dir "*) ;;
-	    *) xrpath="$xrpath $dir" ;;
-	    esac
-	  fi
-	  deplibs="$deplib $deplibs"
-	  continue
-	  ;;
-	*.la) lib="$deplib" ;;
-	*.$libext)
-	  if test "$pass" = conv; then
-	    deplibs="$deplib $deplibs"
-	    continue
-	  fi
-	  case $linkmode in
-	  lib)
-	    valid_a_lib=no
-	    case $deplibs_check_method in
-	      match_pattern*)
-		set dummy $deplibs_check_method
-	        match_pattern_regex=`expr "$deplibs_check_method" : "$2 \(.*\)"`
-		if eval $echo \"$deplib\" 2>/dev/null \
-		    | $SED 10q \
-		    | $EGREP "$match_pattern_regex" > /dev/null; then
-		  valid_a_lib=yes
-		fi
-		;;
-	      pass_all)
-		valid_a_lib=yes
-		;;
-            esac
-	    if test "$valid_a_lib" != yes; then
-	      $echo
-	      $echo "*** Warning: Trying to link with static lib archive $deplib."
-	      $echo "*** I have the capability to make that library automatically link in when"
-	      $echo "*** you link to this library.  But I can only do this if you have a"
-	      $echo "*** shared version of the library, which you do not appear to have"
-	      $echo "*** because the file extensions .$libext of this argument makes me believe"
-	      $echo "*** that it is just a static archive that I should not used here."
-	    else
-	      $echo
-	      $echo "*** Warning: Linking the shared library $output against the"
-	      $echo "*** static library $deplib is not portable!"
-	      deplibs="$deplib $deplibs"
-	    fi
-	    continue
-	    ;;
-	  prog)
-	    if test "$pass" != link; then
-	      deplibs="$deplib $deplibs"
-	    else
-	      compile_deplibs="$deplib $compile_deplibs"
-	      finalize_deplibs="$deplib $finalize_deplibs"
-	    fi
-	    continue
-	    ;;
-	  esac # linkmode
-	  ;; # *.$libext
-	*.lo | *.$objext)
-	  if test "$pass" = conv; then
-	    deplibs="$deplib $deplibs"
-	  elif test "$linkmode" = prog; then
-	    if test "$pass" = dlpreopen || test "$dlopen_support" != yes || test "$build_libtool_libs" = no; then
-	      # If there is no dlopen support or we're linking statically,
-	      # we need to preload.
-	      newdlprefiles="$newdlprefiles $deplib"
-	      compile_deplibs="$deplib $compile_deplibs"
-	      finalize_deplibs="$deplib $finalize_deplibs"
-	    else
-	      newdlfiles="$newdlfiles $deplib"
-	    fi
-	  fi
-	  continue
-	  ;;
-	%DEPLIBS%)
-	  alldeplibs=yes
-	  continue
-	  ;;
-	esac # case $deplib
-	if test "$found" = yes || test -f "$lib"; then :
-	else
-	  $echo "$modename: cannot find the library \`$lib' or unhandled argument \`$deplib'" 1>&2
-	  exit $EXIT_FAILURE
-	fi
-
-	# Check to see that this really is a libtool archive.
-	if (${SED} -e '2q' $lib | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then :
-	else
-	  $echo "$modename: \`$lib' is not a valid libtool archive" 1>&2
-	  exit $EXIT_FAILURE
-	fi
-
-	ladir=`$echo "X$lib" | $Xsed -e 's%/[^/]*$%%'`
-	test "X$ladir" = "X$lib" && ladir="."
-
-	dlname=
-	dlopen=
-	dlpreopen=
-	libdir=
-	library_names=
-	old_library=
-	# If the library was installed with an old release of libtool,
-	# it will not redefine variables installed, or shouldnotlink
-	installed=yes
-	shouldnotlink=no
-	avoidtemprpath=
-
-
-	# Read the .la file
-	case $lib in
-	*/* | *\\*) . $lib ;;
-	*) . ./$lib ;;
-	esac
-
-	if test "$linkmode,$pass" = "lib,link" ||
-	   test "$linkmode,$pass" = "prog,scan" ||
-	   { test "$linkmode" != prog && test "$linkmode" != lib; }; then
-	  test -n "$dlopen" && dlfiles="$dlfiles $dlopen"
-	  test -n "$dlpreopen" && dlprefiles="$dlprefiles $dlpreopen"
-	fi
-
-	if test "$pass" = conv; then
-	  # Only check for convenience libraries
-	  deplibs="$lib $deplibs"
-	  if test -z "$libdir"; then
-	    if test -z "$old_library"; then
-	      $echo "$modename: cannot find name of link library for \`$lib'" 1>&2
-	      exit $EXIT_FAILURE
-	    fi
-	    # It is a libtool convenience library, so add in its objects.
-	    convenience="$convenience $ladir/$objdir/$old_library"
-	    old_convenience="$old_convenience $ladir/$objdir/$old_library"
-	    tmp_libs=
-	    for deplib in $dependency_libs; do
-	      deplibs="$deplib $deplibs"
-              if test "X$duplicate_deps" = "Xyes" ; then
-	        case "$tmp_libs " in
-	        *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
-	        esac
-              fi
-	      tmp_libs="$tmp_libs $deplib"
-	    done
-	  elif test "$linkmode" != prog && test "$linkmode" != lib; then
-	    $echo "$modename: \`$lib' is not a convenience library" 1>&2
-	    exit $EXIT_FAILURE
-	  fi
-	  continue
-	fi # $pass = conv
-
-
-	# Get the name of the library we link against.
-	linklib=
-	for l in $old_library $library_names; do
-	  linklib="$l"
-	done
-	if test -z "$linklib"; then
-	  $echo "$modename: cannot find name of link library for \`$lib'" 1>&2
-	  exit $EXIT_FAILURE
-	fi
-
-	# This library was specified with -dlopen.
-	if test "$pass" = dlopen; then
-	  if test -z "$libdir"; then
-	    $echo "$modename: cannot -dlopen a convenience library: \`$lib'" 1>&2
-	    exit $EXIT_FAILURE
-	  fi
-	  if test -z "$dlname" ||
-	     test "$dlopen_support" != yes ||
-	     test "$build_libtool_libs" = no; then
-	    # If there is no dlname, no dlopen support or we're linking
-	    # statically, we need to preload.  We also need to preload any
-	    # dependent libraries so libltdl's deplib preloader doesn't
-	    # bomb out in the load deplibs phase.
-	    dlprefiles="$dlprefiles $lib $dependency_libs"
-	  else
-	    newdlfiles="$newdlfiles $lib"
-	  fi
-	  continue
-	fi # $pass = dlopen
-
-	# We need an absolute path.
-	case $ladir in
-	[\\/]* | [A-Za-z]:[\\/]*) abs_ladir="$ladir" ;;
-	*)
-	  abs_ladir=`cd "$ladir" && pwd`
-	  if test -z "$abs_ladir"; then
-	    $echo "$modename: warning: cannot determine absolute directory name of \`$ladir'" 1>&2
-	    $echo "$modename: passing it literally to the linker, although it might fail" 1>&2
-	    abs_ladir="$ladir"
-	  fi
-	  ;;
-	esac
-	laname=`$echo "X$lib" | $Xsed -e 's%^.*/%%'`
-
-	# Find the relevant object directory and library name.
-	if test "X$installed" = Xyes; then
-	  if test ! -f "$libdir/$linklib" && test -f "$abs_ladir/$linklib"; then
-	    $echo "$modename: warning: library \`$lib' was moved." 1>&2
-	    dir="$ladir"
-	    absdir="$abs_ladir"
-	    libdir="$abs_ladir"
-	  else
-	    dir="$libdir"
-	    absdir="$libdir"
-	  fi
-	  test "X$hardcode_automatic" = Xyes && avoidtemprpath=yes
-	else
-	  if test ! -f "$ladir/$objdir/$linklib" && test -f "$abs_ladir/$linklib"; then
-	    dir="$ladir"
-	    absdir="$abs_ladir"
-	    # Remove this search path later
-	    notinst_path="$notinst_path $abs_ladir"
-	  else
-	    dir="$ladir/$objdir"
-	    absdir="$abs_ladir/$objdir"
-	    # Remove this search path later
-	    notinst_path="$notinst_path $abs_ladir"
-	  fi
-	fi # $installed = yes
-	name=`$echo "X$laname" | $Xsed -e 's/\.la$//' -e 's/^lib//'`
-
-	# This library was specified with -dlpreopen.
-	if test "$pass" = dlpreopen; then
-	  if test -z "$libdir"; then
-	    $echo "$modename: cannot -dlpreopen a convenience library: \`$lib'" 1>&2
-	    exit $EXIT_FAILURE
-	  fi
-	  # Prefer using a static library (so that no silly _DYNAMIC symbols
-	  # are required to link).
-	  if test -n "$old_library"; then
-	    newdlprefiles="$newdlprefiles $dir/$old_library"
-	  # Otherwise, use the dlname, so that lt_dlopen finds it.
-	  elif test -n "$dlname"; then
-	    newdlprefiles="$newdlprefiles $dir/$dlname"
-	  else
-	    newdlprefiles="$newdlprefiles $dir/$linklib"
-	  fi
-	fi # $pass = dlpreopen
-
-	if test -z "$libdir"; then
-	  # Link the convenience library
-	  if test "$linkmode" = lib; then
-	    deplibs="$dir/$old_library $deplibs"
-	  elif test "$linkmode,$pass" = "prog,link"; then
-	    compile_deplibs="$dir/$old_library $compile_deplibs"
-	    finalize_deplibs="$dir/$old_library $finalize_deplibs"
-	  else
-	    deplibs="$lib $deplibs" # used for prog,scan pass
-	  fi
-	  continue
-	fi
-
-
-	if test "$linkmode" = prog && test "$pass" != link; then
-	  newlib_search_path="$newlib_search_path $ladir"
-	  deplibs="$lib $deplibs"
-
-	  linkalldeplibs=no
-	  if test "$link_all_deplibs" != no || test -z "$library_names" ||
-	     test "$build_libtool_libs" = no; then
-	    linkalldeplibs=yes
-	  fi
-
-	  tmp_libs=
-	  for deplib in $dependency_libs; do
-	    case $deplib in
-	    -L*) newlib_search_path="$newlib_search_path "`$echo "X$deplib" | $Xsed -e 's/^-L//'`;; ### testsuite: skip nested quoting test
-	    esac
-	    # Need to link against all dependency_libs?
-	    if test "$linkalldeplibs" = yes; then
-	      deplibs="$deplib $deplibs"
-	    else
-	      # Need to hardcode shared library paths
-	      # or/and link against static libraries
-	      newdependency_libs="$deplib $newdependency_libs"
-	    fi
-	    if test "X$duplicate_deps" = "Xyes" ; then
-	      case "$tmp_libs " in
-	      *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
-	      esac
-	    fi
-	    tmp_libs="$tmp_libs $deplib"
-	  done # for deplib
-	  continue
-	fi # $linkmode = prog...
-
-	if test "$linkmode,$pass" = "prog,link"; then
-	  if test -n "$library_names" &&
-	     { test "$prefer_static_libs" = no || test -z "$old_library"; }; then
-	    # We need to hardcode the library path
-	    if test -n "$shlibpath_var" && test -z "$avoidtemprpath" ; then
-	      # Make sure the rpath contains only unique directories.
-	      case "$temp_rpath " in
-	      *" $dir "*) ;;
-	      *" $absdir "*) ;;
-	      *) temp_rpath="$temp_rpath $absdir" ;;
-	      esac
-	    fi
-
-	    # Hardcode the library path.
-	    # Skip directories that are in the system default run-time
-	    # search path.
-	    case " $sys_lib_dlsearch_path " in
-	    *" $absdir "*) ;;
-	    *)
-	      case "$compile_rpath " in
-	      *" $absdir "*) ;;
-	      *) compile_rpath="$compile_rpath $absdir"
-	      esac
-	      ;;
-	    esac
-	    case " $sys_lib_dlsearch_path " in
-	    *" $libdir "*) ;;
-	    *)
-	      case "$finalize_rpath " in
-	      *" $libdir "*) ;;
-	      *) finalize_rpath="$finalize_rpath $libdir"
-	      esac
-	      ;;
-	    esac
-	  fi # $linkmode,$pass = prog,link...
-
-	  if test "$alldeplibs" = yes &&
-	     { test "$deplibs_check_method" = pass_all ||
-	       { test "$build_libtool_libs" = yes &&
-		 test -n "$library_names"; }; }; then
-	    # We only need to search for static libraries
-	    continue
-	  fi
-	fi
-
-	link_static=no # Whether the deplib will be linked statically
-	use_static_libs=$prefer_static_libs
-	if test "$use_static_libs" = built && test "$installed" = yes ; then
-	  use_static_libs=no
-	fi
-	if test -n "$library_names" &&
-	   { test "$use_static_libs" = no || test -z "$old_library"; }; then
-	  if test "$installed" = no; then
-	    notinst_deplibs="$notinst_deplibs $lib"
-	    need_relink=yes
-	  fi
-	  # This is a shared library
-
-	  # Warn about portability, can't link against -module's on
-	  # some systems (darwin)
-	  if test "$shouldnotlink" = yes && test "$pass" = link ; then
-	    $echo
-	    if test "$linkmode" = prog; then
-	      $echo "*** Warning: Linking the executable $output against the loadable module"
-	    else
-	      $echo "*** Warning: Linking the shared library $output against the loadable module"
-	    fi
-	    $echo "*** $linklib is not portable!"
-	  fi
-	  if test "$linkmode" = lib &&
-	     test "$hardcode_into_libs" = yes; then
-	    # Hardcode the library path.
-	    # Skip directories that are in the system default run-time
-	    # search path.
-	    case " $sys_lib_dlsearch_path " in
-	    *" $absdir "*) ;;
-	    *)
-	      case "$compile_rpath " in
-	      *" $absdir "*) ;;
-	      *) compile_rpath="$compile_rpath $absdir"
-	      esac
-	      ;;
-	    esac
-	    case " $sys_lib_dlsearch_path " in
-	    *" $libdir "*) ;;
-	    *)
-	      case "$finalize_rpath " in
-	      *" $libdir "*) ;;
-	      *) finalize_rpath="$finalize_rpath $libdir"
-	      esac
-	      ;;
-	    esac
-	  fi
-
-	  if test -n "$old_archive_from_expsyms_cmds"; then
-	    # figure out the soname
-	    set dummy $library_names
-	    realname="$2"
-	    shift; shift
-	    libname=`eval \\$echo \"$libname_spec\"`
-	    # use dlname if we got it. it's perfectly good, no?
-	    if test -n "$dlname"; then
-	      soname="$dlname"
-	    elif test -n "$soname_spec"; then
-	      # bleh windows
-	      case $host in
-	      *cygwin* | mingw*)
-		major=`expr $current - $age`
-		versuffix="-$major"
-		;;
-	      esac
-	      eval soname=\"$soname_spec\"
-	    else
-	      soname="$realname"
-	    fi
-
-	    # Make a new name for the extract_expsyms_cmds to use
-	    soroot="$soname"
-	    soname=`$echo $soroot | ${SED} -e 's/^.*\///'`
-	    newlib="libimp-`$echo $soname | ${SED} 's/^lib//;s/\.dll$//'`.a"
-
-	    # If the library has no export list, then create one now
-	    if test -f "$output_objdir/$soname-def"; then :
-	    else
-	      $show "extracting exported symbol list from \`$soname'"
-	      save_ifs="$IFS"; IFS='~'
-	      cmds=$extract_expsyms_cmds
-	      for cmd in $cmds; do
-		IFS="$save_ifs"
-		eval cmd=\"$cmd\"
-		$show "$cmd"
-		$run eval "$cmd" || exit $?
-	      done
-	      IFS="$save_ifs"
-	    fi
-
-	    # Create $newlib
-	    if test -f "$output_objdir/$newlib"; then :; else
-	      $show "generating import library for \`$soname'"
-	      save_ifs="$IFS"; IFS='~'
-	      cmds=$old_archive_from_expsyms_cmds
-	      for cmd in $cmds; do
-		IFS="$save_ifs"
-		eval cmd=\"$cmd\"
-		$show "$cmd"
-		$run eval "$cmd" || exit $?
-	      done
-	      IFS="$save_ifs"
-	    fi
-	    # make sure the library variables are pointing to the new library
-	    dir=$output_objdir
-	    linklib=$newlib
-	  fi # test -n "$old_archive_from_expsyms_cmds"
-
-	  if test "$linkmode" = prog || test "$mode" != relink; then
-	    add_shlibpath=
-	    add_dir=
-	    add=
-	    lib_linked=yes
-	    case $hardcode_action in
-	    immediate | unsupported)
-	      if test "$hardcode_direct" = no; then
-		add="$dir/$linklib"
-		case $host in
-		  *-*-sco3.2v5.0.[024]*) add_dir="-L$dir" ;;
-		  *-*-sysv4*uw2*) add_dir="-L$dir" ;;
-		  *-*-sysv5OpenUNIX* | *-*-sysv5UnixWare7.[01].[10]* | \
-		    *-*-unixware7*) add_dir="-L$dir" ;;
-		  *-*-darwin* )
-		    # if the lib is a module then we can not link against
-		    # it, someone is ignoring the new warnings I added
-		    if /usr/bin/file -L $add 2> /dev/null |
-                      $EGREP ": [^:]* bundle" >/dev/null ; then
-		      $echo "** Warning, lib $linklib is a module, not a shared library"
-		      if test -z "$old_library" ; then
-		        $echo
-		        $echo "** And there doesn't seem to be a static archive available"
-		        $echo "** The link will probably fail, sorry"
-		      else
-		        add="$dir/$old_library"
-		      fi
-		    fi
-		esac
-	      elif test "$hardcode_minus_L" = no; then
-		case $host in
-		*-*-sunos*) add_shlibpath="$dir" ;;
-		esac
-		add_dir="-L$dir"
-		add="-l$name"
-	      elif test "$hardcode_shlibpath_var" = no; then
-		add_shlibpath="$dir"
-		add="-l$name"
-	      else
-		lib_linked=no
-	      fi
-	      ;;
-	    relink)
-	      if test "$hardcode_direct" = yes; then
-		add="$dir/$linklib"
-	      elif test "$hardcode_minus_L" = yes; then
-		add_dir="-L$dir"
-		# Try looking first in the location we're being installed to.
-		if test -n "$inst_prefix_dir"; then
-		  case $libdir in
-		    [\\/]*)
-		      add_dir="$add_dir -L$inst_prefix_dir$libdir"
-		      ;;
-		  esac
-		fi
-		add="-l$name"
-	      elif test "$hardcode_shlibpath_var" = yes; then
-		add_shlibpath="$dir"
-		add="-l$name"
-	      else
-		lib_linked=no
-	      fi
-	      ;;
-	    *) lib_linked=no ;;
-	    esac
-
-	    if test "$lib_linked" != yes; then
-	      $echo "$modename: configuration error: unsupported hardcode properties"
-	      exit $EXIT_FAILURE
-	    fi
-
-	    if test -n "$add_shlibpath"; then
-	      case :$compile_shlibpath: in
-	      *":$add_shlibpath:"*) ;;
-	      *) compile_shlibpath="$compile_shlibpath$add_shlibpath:" ;;
-	      esac
-	    fi
-	    if test "$linkmode" = prog; then
-	      test -n "$add_dir" && compile_deplibs="$add_dir $compile_deplibs"
-	      test -n "$add" && compile_deplibs="$add $compile_deplibs"
-	    else
-	      test -n "$add_dir" && deplibs="$add_dir $deplibs"
-	      test -n "$add" && deplibs="$add $deplibs"
-	      if test "$hardcode_direct" != yes && \
-		 test "$hardcode_minus_L" != yes && \
-		 test "$hardcode_shlibpath_var" = yes; then
-		case :$finalize_shlibpath: in
-		*":$libdir:"*) ;;
-		*) finalize_shlibpath="$finalize_shlibpath$libdir:" ;;
-		esac
-	      fi
-	    fi
-	  fi
-
-	  if test "$linkmode" = prog || test "$mode" = relink; then
-	    add_shlibpath=
-	    add_dir=
-	    add=
-	    # Finalize command for both is simple: just hardcode it.
-	    if test "$hardcode_direct" = yes; then
-	      add="$libdir/$linklib"
-	    elif test "$hardcode_minus_L" = yes; then
-	      add_dir="-L$libdir"
-	      add="-l$name"
-	    elif test "$hardcode_shlibpath_var" = yes; then
-	      case :$finalize_shlibpath: in
-	      *":$libdir:"*) ;;
-	      *) finalize_shlibpath="$finalize_shlibpath$libdir:" ;;
-	      esac
-	      add="-l$name"
-	    elif test "$hardcode_automatic" = yes; then
-	      if test -n "$inst_prefix_dir" &&
-		 test -f "$inst_prefix_dir$libdir/$linklib" ; then
-	        add="$inst_prefix_dir$libdir/$linklib"
-	      else
-	        add="$libdir/$linklib"
-	      fi
-	    else
-	      # We cannot seem to hardcode it, guess we'll fake it.
-	      add_dir="-L$libdir"
-	      # Try looking first in the location we're being installed to.
-	      if test -n "$inst_prefix_dir"; then
-		case $libdir in
-		  [\\/]*)
-		    add_dir="$add_dir -L$inst_prefix_dir$libdir"
-		    ;;
-		esac
-	      fi
-	      add="-l$name"
-	    fi
-
-	    if test "$linkmode" = prog; then
-	      test -n "$add_dir" && finalize_deplibs="$add_dir $finalize_deplibs"
-	      test -n "$add" && finalize_deplibs="$add $finalize_deplibs"
-	    else
-	      test -n "$add_dir" && deplibs="$add_dir $deplibs"
-	      test -n "$add" && deplibs="$add $deplibs"
-	    fi
-	  fi
-	elif test "$linkmode" = prog; then
-	  # Here we assume that one of hardcode_direct or hardcode_minus_L
-	  # is not unsupported.  This is valid on all known static and
-	  # shared platforms.
-	  if test "$hardcode_direct" != unsupported; then
-	    test -n "$old_library" && linklib="$old_library"
-	    compile_deplibs="$dir/$linklib $compile_deplibs"
-	    finalize_deplibs="$dir/$linklib $finalize_deplibs"
-	  else
-	    compile_deplibs="-l$name -L$dir $compile_deplibs"
-	    finalize_deplibs="-l$name -L$dir $finalize_deplibs"
-	  fi
-	elif test "$build_libtool_libs" = yes; then
-	  # Not a shared library
-	  if test "$deplibs_check_method" != pass_all; then
-	    # We're trying link a shared library against a static one
-	    # but the system doesn't support it.
-
-	    # Just print a warning and add the library to dependency_libs so
-	    # that the program can be linked against the static library.
-	    $echo
-	    $echo "*** Warning: This system can not link to static lib archive $lib."
-	    $echo "*** I have the capability to make that library automatically link in when"
-	    $echo "*** you link to this library.  But I can only do this if you have a"
-	    $echo "*** shared version of the library, which you do not appear to have."
-	    if test "$module" = yes; then
-	      $echo "*** But as you try to build a module library, libtool will still create "
-	      $echo "*** a static module, that should work as long as the dlopening application"
-	      $echo "*** is linked with the -dlopen flag to resolve symbols at runtime."
-	      if test -z "$global_symbol_pipe"; then
-		$echo
-		$echo "*** However, this would only work if libtool was able to extract symbol"
-		$echo "*** lists from a program, using \`nm' or equivalent, but libtool could"
-		$echo "*** not find such a program.  So, this module is probably useless."
-		$echo "*** \`nm' from GNU binutils and a full rebuild may help."
-	      fi
-	      if test "$build_old_libs" = no; then
-		build_libtool_libs=module
-		build_old_libs=yes
-	      else
-		build_libtool_libs=no
-	      fi
-	    fi
-	  else
-	    deplibs="$dir/$old_library $deplibs"
-	    link_static=yes
-	  fi
-	fi # link shared/static library?
-
-	if test "$linkmode" = lib; then
-	  if test -n "$dependency_libs" &&
-	     { test "$hardcode_into_libs" != yes ||
-	       test "$build_old_libs" = yes ||
-	       test "$link_static" = yes; }; then
-	    # Extract -R from dependency_libs
-	    temp_deplibs=
-	    for libdir in $dependency_libs; do
-	      case $libdir in
-	      -R*) temp_xrpath=`$echo "X$libdir" | $Xsed -e 's/^-R//'`
-		   case " $xrpath " in
-		   *" $temp_xrpath "*) ;;
-		   *) xrpath="$xrpath $temp_xrpath";;
-		   esac;;
-	      *) temp_deplibs="$temp_deplibs $libdir";;
-	      esac
-	    done
-	    dependency_libs="$temp_deplibs"
-	  fi
-
-	  newlib_search_path="$newlib_search_path $absdir"
-	  # Link against this library
-	  test "$link_static" = no && newdependency_libs="$abs_ladir/$laname $newdependency_libs"
-	  # ... and its dependency_libs
-	  tmp_libs=
-	  for deplib in $dependency_libs; do
-	    newdependency_libs="$deplib $newdependency_libs"
-	    if test "X$duplicate_deps" = "Xyes" ; then
-	      case "$tmp_libs " in
-	      *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
-	      esac
-	    fi
-	    tmp_libs="$tmp_libs $deplib"
-	  done
-
-	  if test "$link_all_deplibs" != no; then
-	    # Add the search paths of all dependency libraries
-	    for deplib in $dependency_libs; do
-	      case $deplib in
-	      -L*) path="$deplib" ;;
-	      *.la)
-		dir=`$echo "X$deplib" | $Xsed -e 's%/[^/]*$%%'`
-		test "X$dir" = "X$deplib" && dir="."
-		# We need an absolute path.
-		case $dir in
-		[\\/]* | [A-Za-z]:[\\/]*) absdir="$dir" ;;
-		*)
-		  absdir=`cd "$dir" && pwd`
-		  if test -z "$absdir"; then
-		    $echo "$modename: warning: cannot determine absolute directory name of \`$dir'" 1>&2
-		    absdir="$dir"
-		  fi
-		  ;;
-		esac
-		if grep "^installed=no" $deplib > /dev/null; then
-		  path="$absdir/$objdir"
-		else
-		  eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib`
-		  if test -z "$libdir"; then
-		    $echo "$modename: \`$deplib' is not a valid libtool archive" 1>&2
-		    exit $EXIT_FAILURE
-		  fi
-		  if test "$absdir" != "$libdir"; then
-		    $echo "$modename: warning: \`$deplib' seems to be moved" 1>&2
-		  fi
-		  path="$absdir"
-		fi
-		depdepl=
-		case $host in
-		*-*-darwin*)
-		  # we do not want to link against static libs,
-		  # but need to link against shared
-		  eval deplibrary_names=`${SED} -n -e 's/^library_names=\(.*\)$/\1/p' $deplib`
-		  if test -n "$deplibrary_names" ; then
-		    for tmp in $deplibrary_names ; do
-		      depdepl=$tmp
-		    done
-		    if test -f "$path/$depdepl" ; then
-		      depdepl="$path/$depdepl"
-		    fi
-		    # do not add paths which are already there
-		    case " $newlib_search_path " in
-		    *" $path "*) ;;
-		    *) newlib_search_path="$newlib_search_path $path";;
-		    esac
-		  fi
-		  path=""
-		  ;;
-		*)
-		  path="-L$path"
-		  ;;
-		esac
-		;;
-	      -l*)
-		case $host in
-		*-*-darwin*)
-		  # Again, we only want to link against shared libraries
-		  eval tmp_libs=`$echo "X$deplib" | $Xsed -e "s,^\-l,,"`
-		  for tmp in $newlib_search_path ; do
-		    if test -f "$tmp/lib$tmp_libs.dylib" ; then
-		      eval depdepl="$tmp/lib$tmp_libs.dylib"
-		      break
-		    fi
-		  done
-		  path=""
-		  ;;
-		*) continue ;;
-		esac
-		;;
-	      *) continue ;;
-	      esac
-	      case " $deplibs " in
-	      *" $path "*) ;;
-	      *) deplibs="$path $deplibs" ;;
-	      esac
-	      case " $deplibs " in
-	      *" $depdepl "*) ;;
-	      *) deplibs="$depdepl $deplibs" ;;
-	      esac
-	    done
-	  fi # link_all_deplibs != no
-	fi # linkmode = lib
-      done # for deplib in $libs
-      dependency_libs="$newdependency_libs"
-      if test "$pass" = dlpreopen; then
-	# Link the dlpreopened libraries before other libraries
-	for deplib in $save_deplibs; do
-	  deplibs="$deplib $deplibs"
-	done
-      fi
-      if test "$pass" != dlopen; then
-	if test "$pass" != conv; then
-	  # Make sure lib_search_path contains only unique directories.
-	  lib_search_path=
-	  for dir in $newlib_search_path; do
-	    case "$lib_search_path " in
-	    *" $dir "*) ;;
-	    *) lib_search_path="$lib_search_path $dir" ;;
-	    esac
-	  done
-	  newlib_search_path=
-	fi
-
-	if test "$linkmode,$pass" != "prog,link"; then
-	  vars="deplibs"
-	else
-	  vars="compile_deplibs finalize_deplibs"
-	fi
-	for var in $vars dependency_libs; do
-	  # Add libraries to $var in reverse order
-	  eval tmp_libs=\"\$$var\"
-	  new_libs=
-	  for deplib in $tmp_libs; do
-	    # FIXME: Pedantically, this is the right thing to do, so
-	    #        that some nasty dependency loop isn't accidentally
-	    #        broken:
-	    #new_libs="$deplib $new_libs"
-	    # Pragmatically, this seems to cause very few problems in
-	    # practice:
-	    case $deplib in
-	    -L*) new_libs="$deplib $new_libs" ;;
-	    -R*) ;;
-	    *)
-	      # And here is the reason: when a library appears more
-	      # than once as an explicit dependence of a library, or
-	      # is implicitly linked in more than once by the
-	      # compiler, it is considered special, and multiple
-	      # occurrences thereof are not removed.  Compare this
-	      # with having the same library being listed as a
-	      # dependency of multiple other libraries: in this case,
-	      # we know (pedantically, we assume) the library does not
-	      # need to be listed more than once, so we keep only the
-	      # last copy.  This is not always right, but it is rare
-	      # enough that we require users that really mean to play
-	      # such unportable linking tricks to link the library
-	      # using -Wl,-lname, so that libtool does not consider it
-	      # for duplicate removal.
-	      case " $specialdeplibs " in
-	      *" $deplib "*) new_libs="$deplib $new_libs" ;;
-	      *)
-		case " $new_libs " in
-		*" $deplib "*) ;;
-		*) new_libs="$deplib $new_libs" ;;
-		esac
-		;;
-	      esac
-	      ;;
-	    esac
-	  done
-	  tmp_libs=
-	  for deplib in $new_libs; do
-	    case $deplib in
-	    -L*)
-	      case " $tmp_libs " in
-	      *" $deplib "*) ;;
-	      *) tmp_libs="$tmp_libs $deplib" ;;
-	      esac
-	      ;;
-	    *) tmp_libs="$tmp_libs $deplib" ;;
-	    esac
-	  done
-	  eval $var=\"$tmp_libs\"
-	done # for var
-      fi
-      # Last step: remove runtime libs from dependency_libs
-      # (they stay in deplibs)
-      tmp_libs=
-      for i in $dependency_libs ; do
-	case " $predeps $postdeps $compiler_lib_search_path " in
-	*" $i "*)
-	  i=""
-	  ;;
-	esac
-	if test -n "$i" ; then
-	  tmp_libs="$tmp_libs $i"
-	fi
-      done
-      dependency_libs=$tmp_libs
-    done # for pass
-    if test "$linkmode" = prog; then
-      dlfiles="$newdlfiles"
-      dlprefiles="$newdlprefiles"
-    fi
-
-    case $linkmode in
-    oldlib)
-      if test -n "$deplibs"; then
-	$echo "$modename: warning: \`-l' and \`-L' are ignored for archives" 1>&2
-      fi
-
-      if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then
-	$echo "$modename: warning: \`-dlopen' is ignored for archives" 1>&2
-      fi
-
-      if test -n "$rpath"; then
-	$echo "$modename: warning: \`-rpath' is ignored for archives" 1>&2
-      fi
-
-      if test -n "$xrpath"; then
-	$echo "$modename: warning: \`-R' is ignored for archives" 1>&2
-      fi
-
-      if test -n "$vinfo"; then
-	$echo "$modename: warning: \`-version-info/-version-number' is ignored for archives" 1>&2
-      fi
-
-      if test -n "$release"; then
-	$echo "$modename: warning: \`-release' is ignored for archives" 1>&2
-      fi
-
-      if test -n "$export_symbols" || test -n "$export_symbols_regex"; then
-	$echo "$modename: warning: \`-export-symbols' is ignored for archives" 1>&2
-      fi
-
-      # Now set the variables for building old libraries.
-      build_libtool_libs=no
-      oldlibs="$output"
-      objs="$objs$old_deplibs"
-      ;;
-
-    lib)
-      # Make sure we only generate libraries of the form `libNAME.la'.
-      case $outputname in
-      lib*)
-	name=`$echo "X$outputname" | $Xsed -e 's/\.la$//' -e 's/^lib//'`
-	eval shared_ext=\"$shrext_cmds\"
-	eval libname=\"$libname_spec\"
-	;;
-      *)
-	if test "$module" = no; then
-	  $echo "$modename: libtool library \`$output' must begin with \`lib'" 1>&2
-	  $echo "$help" 1>&2
-	  exit $EXIT_FAILURE
-	fi
-	if test "$need_lib_prefix" != no; then
-	  # Add the "lib" prefix for modules if required
-	  name=`$echo "X$outputname" | $Xsed -e 's/\.la$//'`
-	  eval shared_ext=\"$shrext_cmds\"
-	  eval libname=\"$libname_spec\"
-	else
-	  libname=`$echo "X$outputname" | $Xsed -e 's/\.la$//'`
-	fi
-	;;
-      esac
-
-      if test -n "$objs"; then
-	if test "$deplibs_check_method" != pass_all; then
-	  $echo "$modename: cannot build libtool library \`$output' from non-libtool objects on this host:$objs" 2>&1
-	  exit $EXIT_FAILURE
-	else
-	  $echo
-	  $echo "*** Warning: Linking the shared library $output against the non-libtool"
-	  $echo "*** objects $objs is not portable!"
-	  libobjs="$libobjs $objs"
-	fi
-      fi
-
-      if test "$dlself" != no; then
-	$echo "$modename: warning: \`-dlopen self' is ignored for libtool libraries" 1>&2
-      fi
-
-      set dummy $rpath
-      if test "$#" -gt 2; then
-	$echo "$modename: warning: ignoring multiple \`-rpath's for a libtool library" 1>&2
-      fi
-      install_libdir="$2"
-
-      oldlibs=
-      if test -z "$rpath"; then
-	if test "$build_libtool_libs" = yes; then
-	  # Building a libtool convenience library.
-	  # Some compilers have problems with a `.al' extension so
-	  # convenience libraries should have the same extension an
-	  # archive normally would.
-	  oldlibs="$output_objdir/$libname.$libext $oldlibs"
-	  build_libtool_libs=convenience
-	  build_old_libs=yes
-	fi
-
-	if test -n "$vinfo"; then
-	  $echo "$modename: warning: \`-version-info/-version-number' is ignored for convenience libraries" 1>&2
-	fi
-
-	if test -n "$release"; then
-	  $echo "$modename: warning: \`-release' is ignored for convenience libraries" 1>&2
-	fi
-      else
-
-	# Parse the version information argument.
-	save_ifs="$IFS"; IFS=':'
-	set dummy $vinfo 0 0 0
-	IFS="$save_ifs"
-
-	if test -n "$8"; then
-	  $echo "$modename: too many parameters to \`-version-info'" 1>&2
-	  $echo "$help" 1>&2
-	  exit $EXIT_FAILURE
-	fi
-
-	# convert absolute version numbers to libtool ages
-	# this retains compatibility with .la files and attempts
-	# to make the code below a bit more comprehensible
-
-	case $vinfo_number in
-	yes)
-	  number_major="$2"
-	  number_minor="$3"
-	  number_revision="$4"
-	  #
-	  # There are really only two kinds -- those that
-	  # use the current revision as the major version
-	  # and those that subtract age and use age as
-	  # a minor version.  But, then there is irix
-	  # which has an extra 1 added just for fun
-	  #
-	  case $version_type in
-	  darwin|linux|osf|windows)
-	    current=`expr $number_major + $number_minor`
-	    age="$number_minor"
-	    revision="$number_revision"
-	    ;;
-	  freebsd-aout|freebsd-elf|sunos)
-	    current="$number_major"
-	    revision="$number_minor"
-	    age="0"
-	    ;;
-	  irix|nonstopux)
-	    current=`expr $number_major + $number_minor - 1`
-	    age="$number_minor"
-	    revision="$number_minor"
-	    ;;
-	  esac
-	  ;;
-	no)
-	  current="$2"
-	  revision="$3"
-	  age="$4"
-	  ;;
-	esac
-
-	# Check that each of the things are valid numbers.
-	case $current in
-	0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
-	*)
-	  $echo "$modename: CURRENT \`$current' must be a nonnegative integer" 1>&2
-	  $echo "$modename: \`$vinfo' is not valid version information" 1>&2
-	  exit $EXIT_FAILURE
-	  ;;
-	esac
-
-	case $revision in
-	0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
-	*)
-	  $echo "$modename: REVISION \`$revision' must be a nonnegative integer" 1>&2
-	  $echo "$modename: \`$vinfo' is not valid version information" 1>&2
-	  exit $EXIT_FAILURE
-	  ;;
-	esac
-
-	case $age in
-	0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
-	*)
-	  $echo "$modename: AGE \`$age' must be a nonnegative integer" 1>&2
-	  $echo "$modename: \`$vinfo' is not valid version information" 1>&2
-	  exit $EXIT_FAILURE
-	  ;;
-	esac
-
-	if test "$age" -gt "$current"; then
-	  $echo "$modename: AGE \`$age' is greater than the current interface number \`$current'" 1>&2
-	  $echo "$modename: \`$vinfo' is not valid version information" 1>&2
-	  exit $EXIT_FAILURE
-	fi
-
-	# Calculate the version variables.
-	major=
-	versuffix=
-	verstring=
-	case $version_type in
-	none) ;;
-
-	darwin)
-	  # Like Linux, but with the current version available in
-	  # verstring for coding it into the library header
-	  major=.`expr $current - $age`
-	  versuffix="$major.$age.$revision"
-	  # Darwin ld doesn't like 0 for these options...
-	  minor_current=`expr $current + 1`
-	  verstring="${wl}-compatibility_version ${wl}$minor_current ${wl}-current_version ${wl}$minor_current.$revision"
-	  ;;
-
-	freebsd-aout)
-	  major=".$current"
-	  versuffix=".$current.$revision";
-	  ;;
-
-	freebsd-elf)
-	  major=".$current"
-	  versuffix=".$current";
-	  ;;
-
-	irix | nonstopux)
-	  major=`expr $current - $age + 1`
-
-	  case $version_type in
-	    nonstopux) verstring_prefix=nonstopux ;;
-	    *)         verstring_prefix=sgi ;;
-	  esac
-	  verstring="$verstring_prefix$major.$revision"
-
-	  # Add in all the interfaces that we are compatible with.
-	  loop=$revision
-	  while test "$loop" -ne 0; do
-	    iface=`expr $revision - $loop`
-	    loop=`expr $loop - 1`
-	    verstring="$verstring_prefix$major.$iface:$verstring"
-	  done
-
-	  # Before this point, $major must not contain `.'.
-	  major=.$major
-	  versuffix="$major.$revision"
-	  ;;
-
-	linux)
-	  major=.`expr $current - $age`
-	  versuffix="$major.$age.$revision"
-	  ;;
-
-	osf)
-	  major=.`expr $current - $age`
-	  versuffix=".$current.$age.$revision"
-	  verstring="$current.$age.$revision"
-
-	  # Add in all the interfaces that we are compatible with.
-	  loop=$age
-	  while test "$loop" -ne 0; do
-	    iface=`expr $current - $loop`
-	    loop=`expr $loop - 1`
-	    verstring="$verstring:${iface}.0"
-	  done
-
-	  # Make executables depend on our current version.
-	  verstring="$verstring:${current}.0"
-	  ;;
-
-	sunos)
-	  major=".$current"
-	  versuffix=".$current.$revision"
-	  ;;
-
-	windows)
-	  # Use '-' rather than '.', since we only want one
-	  # extension on DOS 8.3 filesystems.
-	  major=`expr $current - $age`
-	  versuffix="-$major"
-	  ;;
-
-	*)
-	  $echo "$modename: unknown library version type \`$version_type'" 1>&2
-	  $echo "Fatal configuration error.  See the $PACKAGE docs for more information." 1>&2
-	  exit $EXIT_FAILURE
-	  ;;
-	esac
-
-	# Clear the version info if we defaulted, and they specified a release.
-	if test -z "$vinfo" && test -n "$release"; then
-	  major=
-	  case $version_type in
-	  darwin)
-	    # we can't check for "0.0" in archive_cmds due to quoting
-	    # problems, so we reset it completely
-	    verstring=
-	    ;;
-	  *)
-	    verstring="0.0"
-	    ;;
-	  esac
-	  if test "$need_version" = no; then
-	    versuffix=
-	  else
-	    versuffix=".0.0"
-	  fi
-	fi
-
-	# Remove version info from name if versioning should be avoided
-	if test "$avoid_version" = yes && test "$need_version" = no; then
-	  major=
-	  versuffix=
-	  verstring=""
-	fi
-
-	# Check to see if the archive will have undefined symbols.
-	if test "$allow_undefined" = yes; then
-	  if test "$allow_undefined_flag" = unsupported; then
-	    $echo "$modename: warning: undefined symbols not allowed in $host shared libraries" 1>&2
-	    build_libtool_libs=no
-	    build_old_libs=yes
-	  fi
-	else
-	  # Don't allow undefined symbols.
-	  allow_undefined_flag="$no_undefined_flag"
-	fi
-      fi
-
-      if test "$mode" != relink; then
-	# Remove our outputs, but don't remove object files since they
-	# may have been created when compiling PIC objects.
-	removelist=
-	tempremovelist=`$echo "$output_objdir/*"`
-	for p in $tempremovelist; do
-	  case $p in
-	    *.$objext)
-	       ;;
-	    $output_objdir/$outputname | $output_objdir/$libname.* | $output_objdir/${libname}${release}.*)
-	       if test "X$precious_files_regex" != "X"; then
-	         if echo $p | $EGREP -e "$precious_files_regex" >/dev/null 2>&1
-	         then
-		   continue
-		 fi
-	       fi
-	       removelist="$removelist $p"
-	       ;;
-	    *) ;;
-	  esac
-	done
-	if test -n "$removelist"; then
-	  $show "${rm}r $removelist"
-	  $run ${rm}r $removelist
-	fi
-      fi
-
-      # Now set the variables for building old libraries.
-      if test "$build_old_libs" = yes && test "$build_libtool_libs" != convenience ; then
-	oldlibs="$oldlibs $output_objdir/$libname.$libext"
-
-	# Transform .lo files to .o files.
-	oldobjs="$objs "`$echo "X$libobjs" | $SP2NL | $Xsed -e '/\.'${libext}'$/d' -e "$lo2o" | $NL2SP`
-      fi
-
-      # Eliminate all temporary directories.
-      for path in $notinst_path; do
-	lib_search_path=`$echo "$lib_search_path " | ${SED} -e "s% $path % %g"`
-	deplibs=`$echo "$deplibs " | ${SED} -e "s% -L$path % %g"`
-	dependency_libs=`$echo "$dependency_libs " | ${SED} -e "s% -L$path % %g"`
-      done
-
-      if test -n "$xrpath"; then
-	# If the user specified any rpath flags, then add them.
-	temp_xrpath=
-	for libdir in $xrpath; do
-	  temp_xrpath="$temp_xrpath -R$libdir"
-	  case "$finalize_rpath " in
-	  *" $libdir "*) ;;
-	  *) finalize_rpath="$finalize_rpath $libdir" ;;
-	  esac
-	done
-	if test "$hardcode_into_libs" != yes || test "$build_old_libs" = yes; then
-	  dependency_libs="$temp_xrpath $dependency_libs"
-	fi
-      fi
-
-      # Make sure dlfiles contains only unique files that won't be dlpreopened
-      old_dlfiles="$dlfiles"
-      dlfiles=
-      for lib in $old_dlfiles; do
-	case " $dlprefiles $dlfiles " in
-	*" $lib "*) ;;
-	*) dlfiles="$dlfiles $lib" ;;
-	esac
-      done
-
-      # Make sure dlprefiles contains only unique files
-      old_dlprefiles="$dlprefiles"
-      dlprefiles=
-      for lib in $old_dlprefiles; do
-	case "$dlprefiles " in
-	*" $lib "*) ;;
-	*) dlprefiles="$dlprefiles $lib" ;;
-	esac
-      done
-
-      if test "$build_libtool_libs" = yes; then
-	if test -n "$rpath"; then
-	  case $host in
-	  *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos*)
-	    # these systems don't actually have a c library (as such)!
-	    ;;
-	  *-*-rhapsody* | *-*-darwin1.[012])
-	    # Rhapsody C library is in the System framework
-	    deplibs="$deplibs -framework System"
-	    ;;
-	  *-*-netbsd*)
-	    # Don't link with libc until the a.out ld.so is fixed.
-	    ;;
-	  *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
-	    # Do not include libc due to us having libc/libc_r.
-	    ;;
-	  *-*-sco3.2v5* | *-*-sco5v6*)
-	    # Causes problems with __ctype
-	    ;;
-	  *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*)
-	    # Compiler inserts libc in the correct place for threads to work
-	    ;;
- 	  *)
-	    # Add libc to deplibs on all other systems if necessary.
-	    if test "$build_libtool_need_lc" = "yes"; then
-	      deplibs="$deplibs -lc"
-	    fi
-	    ;;
-	  esac
-	fi
-
-	# Transform deplibs into only deplibs that can be linked in shared.
-	name_save=$name
-	libname_save=$libname
-	release_save=$release
-	versuffix_save=$versuffix
-	major_save=$major
-	# I'm not sure if I'm treating the release correctly.  I think
-	# release should show up in the -l (ie -lgmp5) so we don't want to
-	# add it in twice.  Is that correct?
-	release=""
-	versuffix=""
-	major=""
-	newdeplibs=
-	droppeddeps=no
-	case $deplibs_check_method in
-	pass_all)
-	  # Don't check for shared/static.  Everything works.
-	  # This might be a little naive.  We might want to check
-	  # whether the library exists or not.  But this is on
-	  # osf3 & osf4 and I'm not really sure... Just
-	  # implementing what was already the behavior.
-	  newdeplibs=$deplibs
-	  ;;
-	test_compile)
-	  # This code stresses the "libraries are programs" paradigm to its
-	  # limits. Maybe even breaks it.  We compile a program, linking it
-	  # against the deplibs as a proxy for the library.  Then we can check
-	  # whether they linked in statically or dynamically with ldd.
-	  $rm conftest.c
-	  cat > conftest.c <<EOF
-	  int main() { return 0; }
-EOF
-	  $rm conftest
-	  $LTCC $LTCFLAGS -o conftest conftest.c $deplibs
-	  if test "$?" -eq 0 ; then
-	    ldd_output=`ldd conftest`
-	    for i in $deplibs; do
-	      name=`expr $i : '-l\(.*\)'`
-	      # If $name is empty we are operating on a -L argument.
-              if test "$name" != "" && test "$name" -ne "0"; then
-		if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
-		  case " $predeps $postdeps " in
-		  *" $i "*)
-		    newdeplibs="$newdeplibs $i"
-		    i=""
-		    ;;
-		  esac
-	        fi
-		if test -n "$i" ; then
-		  libname=`eval \\$echo \"$libname_spec\"`
-		  deplib_matches=`eval \\$echo \"$library_names_spec\"`
-		  set dummy $deplib_matches
-		  deplib_match=$2
-		  if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0 ; then
-		    newdeplibs="$newdeplibs $i"
-		  else
-		    droppeddeps=yes
-		    $echo
-		    $echo "*** Warning: dynamic linker does not accept needed library $i."
-		    $echo "*** I have the capability to make that library automatically link in when"
-		    $echo "*** you link to this library.  But I can only do this if you have a"
-		    $echo "*** shared version of the library, which I believe you do not have"
-		    $echo "*** because a test_compile did reveal that the linker did not use it for"
-		    $echo "*** its dynamic dependency list that programs get resolved with at runtime."
-		  fi
-		fi
-	      else
-		newdeplibs="$newdeplibs $i"
-	      fi
-	    done
-	  else
-	    # Error occurred in the first compile.  Let's try to salvage
-	    # the situation: Compile a separate program for each library.
-	    for i in $deplibs; do
-	      name=`expr $i : '-l\(.*\)'`
-	      # If $name is empty we are operating on a -L argument.
-              if test "$name" != "" && test "$name" != "0"; then
-		$rm conftest
-		$LTCC $LTCFLAGS -o conftest conftest.c $i
-		# Did it work?
-		if test "$?" -eq 0 ; then
-		  ldd_output=`ldd conftest`
-		  if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
-		    case " $predeps $postdeps " in
-		    *" $i "*)
-		      newdeplibs="$newdeplibs $i"
-		      i=""
-		      ;;
-		    esac
-		  fi
-		  if test -n "$i" ; then
-		    libname=`eval \\$echo \"$libname_spec\"`
-		    deplib_matches=`eval \\$echo \"$library_names_spec\"`
-		    set dummy $deplib_matches
-		    deplib_match=$2
-		    if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0 ; then
-		      newdeplibs="$newdeplibs $i"
-		    else
-		      droppeddeps=yes
-		      $echo
-		      $echo "*** Warning: dynamic linker does not accept needed library $i."
-		      $echo "*** I have the capability to make that library automatically link in when"
-		      $echo "*** you link to this library.  But I can only do this if you have a"
-		      $echo "*** shared version of the library, which you do not appear to have"
-		      $echo "*** because a test_compile did reveal that the linker did not use this one"
-		      $echo "*** as a dynamic dependency that programs can get resolved with at runtime."
-		    fi
-		  fi
-		else
-		  droppeddeps=yes
-		  $echo
-		  $echo "*** Warning!  Library $i is needed by this library but I was not able to"
-		  $echo "***  make it link in!  You will probably need to install it or some"
-		  $echo "*** library that it depends on before this library will be fully"
-		  $echo "*** functional.  Installing it before continuing would be even better."
-		fi
-	      else
-		newdeplibs="$newdeplibs $i"
-	      fi
-	    done
-	  fi
-	  ;;
-	file_magic*)
-	  set dummy $deplibs_check_method
-	  file_magic_regex=`expr "$deplibs_check_method" : "$2 \(.*\)"`
-	  for a_deplib in $deplibs; do
-	    name=`expr $a_deplib : '-l\(.*\)'`
-	    # If $name is empty we are operating on a -L argument.
-            if test "$name" != "" && test  "$name" != "0"; then
-	      if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
-		case " $predeps $postdeps " in
-		*" $a_deplib "*)
-		  newdeplibs="$newdeplibs $a_deplib"
-		  a_deplib=""
-		  ;;
-		esac
-	      fi
-	      if test -n "$a_deplib" ; then
-		libname=`eval \\$echo \"$libname_spec\"`
-		for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do
-		  potential_libs=`ls $i/$libname[.-]* 2>/dev/null`
-		  for potent_lib in $potential_libs; do
-		      # Follow soft links.
-		      if ls -lLd "$potent_lib" 2>/dev/null \
-			 | grep " -> " >/dev/null; then
-			continue
-		      fi
-		      # The statement above tries to avoid entering an
-		      # endless loop below, in case of cyclic links.
-		      # We might still enter an endless loop, since a link
-		      # loop can be closed while we follow links,
-		      # but so what?
-		      potlib="$potent_lib"
-		      while test -h "$potlib" 2>/dev/null; do
-			potliblink=`ls -ld $potlib | ${SED} 's/.* -> //'`
-			case $potliblink in
-			[\\/]* | [A-Za-z]:[\\/]*) potlib="$potliblink";;
-			*) potlib=`$echo "X$potlib" | $Xsed -e 's,[^/]*$,,'`"$potliblink";;
-			esac
-		      done
-		      if eval $file_magic_cmd \"\$potlib\" 2>/dev/null \
-			 | ${SED} 10q \
-			 | $EGREP "$file_magic_regex" > /dev/null; then
-			newdeplibs="$newdeplibs $a_deplib"
-			a_deplib=""
-			break 2
-		      fi
-		  done
-		done
-	      fi
-	      if test -n "$a_deplib" ; then
-		droppeddeps=yes
-		$echo
-		$echo "*** Warning: linker path does not have real file for library $a_deplib."
-		$echo "*** I have the capability to make that library automatically link in when"
-		$echo "*** you link to this library.  But I can only do this if you have a"
-		$echo "*** shared version of the library, which you do not appear to have"
-		$echo "*** because I did check the linker path looking for a file starting"
-		if test -z "$potlib" ; then
-		  $echo "*** with $libname but no candidates were found. (...for file magic test)"
-		else
-		  $echo "*** with $libname and none of the candidates passed a file format test"
-		  $echo "*** using a file magic. Last file checked: $potlib"
-		fi
-	      fi
-	    else
-	      # Add a -L argument.
-	      newdeplibs="$newdeplibs $a_deplib"
-	    fi
-	  done # Gone through all deplibs.
-	  ;;
-	match_pattern*)
-	  set dummy $deplibs_check_method
-	  match_pattern_regex=`expr "$deplibs_check_method" : "$2 \(.*\)"`
-	  for a_deplib in $deplibs; do
-	    name=`expr $a_deplib : '-l\(.*\)'`
-	    # If $name is empty we are operating on a -L argument.
-	    if test -n "$name" && test "$name" != "0"; then
-	      if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
-		case " $predeps $postdeps " in
-		*" $a_deplib "*)
-		  newdeplibs="$newdeplibs $a_deplib"
-		  a_deplib=""
-		  ;;
-		esac
-	      fi
-	      if test -n "$a_deplib" ; then
-		libname=`eval \\$echo \"$libname_spec\"`
-		for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do
-		  potential_libs=`ls $i/$libname[.-]* 2>/dev/null`
-		  for potent_lib in $potential_libs; do
-		    potlib="$potent_lib" # see symlink-check above in file_magic test
-		    if eval $echo \"$potent_lib\" 2>/dev/null \
-		        | ${SED} 10q \
-		        | $EGREP "$match_pattern_regex" > /dev/null; then
-		      newdeplibs="$newdeplibs $a_deplib"
-		      a_deplib=""
-		      break 2
-		    fi
-		  done
-		done
-	      fi
-	      if test -n "$a_deplib" ; then
-		droppeddeps=yes
-		$echo
-		$echo "*** Warning: linker path does not have real file for library $a_deplib."
-		$echo "*** I have the capability to make that library automatically link in when"
-		$echo "*** you link to this library.  But I can only do this if you have a"
-		$echo "*** shared version of the library, which you do not appear to have"
-		$echo "*** because I did check the linker path looking for a file starting"
-		if test -z "$potlib" ; then
-		  $echo "*** with $libname but no candidates were found. (...for regex pattern test)"
-		else
-		  $echo "*** with $libname and none of the candidates passed a file format test"
-		  $echo "*** using a regex pattern. Last file checked: $potlib"
-		fi
-	      fi
-	    else
-	      # Add a -L argument.
-	      newdeplibs="$newdeplibs $a_deplib"
-	    fi
-	  done # Gone through all deplibs.
-	  ;;
-	none | unknown | *)
-	  newdeplibs=""
-	  tmp_deplibs=`$echo "X $deplibs" | $Xsed -e 's/ -lc$//' \
-	    -e 's/ -[LR][^ ]*//g'`
-	  if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
-	    for i in $predeps $postdeps ; do
-	      # can't use Xsed below, because $i might contain '/'
-	      tmp_deplibs=`$echo "X $tmp_deplibs" | ${SED} -e "1s,^X,," -e "s,$i,,"`
-	    done
-	  fi
-	  if $echo "X $tmp_deplibs" | $Xsed -e 's/[ 	]//g' \
-	    | grep . >/dev/null; then
-	    $echo
-	    if test "X$deplibs_check_method" = "Xnone"; then
-	      $echo "*** Warning: inter-library dependencies are not supported in this platform."
-	    else
-	      $echo "*** Warning: inter-library dependencies are not known to be supported."
-	    fi
-	    $echo "*** All declared inter-library dependencies are being dropped."
-	    droppeddeps=yes
-	  fi
-	  ;;
-	esac
-	versuffix=$versuffix_save
-	major=$major_save
-	release=$release_save
-	libname=$libname_save
-	name=$name_save
-
-	case $host in
-	*-*-rhapsody* | *-*-darwin1.[012])
-	  # On Rhapsody replace the C library is the System framework
-	  newdeplibs=`$echo "X $newdeplibs" | $Xsed -e 's/ -lc / -framework System /'`
-	  ;;
-	esac
-
-	if test "$droppeddeps" = yes; then
-	  if test "$module" = yes; then
-	    $echo
-	    $echo "*** Warning: libtool could not satisfy all declared inter-library"
-	    $echo "*** dependencies of module $libname.  Therefore, libtool will create"
-	    $echo "*** a static module, that should work as long as the dlopening"
-	    $echo "*** application is linked with the -dlopen flag."
-	    if test -z "$global_symbol_pipe"; then
-	      $echo
-	      $echo "*** However, this would only work if libtool was able to extract symbol"
-	      $echo "*** lists from a program, using \`nm' or equivalent, but libtool could"
-	      $echo "*** not find such a program.  So, this module is probably useless."
-	      $echo "*** \`nm' from GNU binutils and a full rebuild may help."
-	    fi
-	    if test "$build_old_libs" = no; then
-	      oldlibs="$output_objdir/$libname.$libext"
-	      build_libtool_libs=module
-	      build_old_libs=yes
-	    else
-	      build_libtool_libs=no
-	    fi
-	  else
-	    $echo "*** The inter-library dependencies that have been dropped here will be"
-	    $echo "*** automatically added whenever a program is linked with this library"
-	    $echo "*** or is declared to -dlopen it."
-
-	    if test "$allow_undefined" = no; then
-	      $echo
-	      $echo "*** Since this library must not contain undefined symbols,"
-	      $echo "*** because either the platform does not support them or"
-	      $echo "*** it was explicitly requested with -no-undefined,"
-	      $echo "*** libtool will only create a static version of it."
-	      if test "$build_old_libs" = no; then
-		oldlibs="$output_objdir/$libname.$libext"
-		build_libtool_libs=module
-		build_old_libs=yes
-	      else
-		build_libtool_libs=no
-	      fi
-	    fi
-	  fi
-	fi
-	# Done checking deplibs!
-	deplibs=$newdeplibs
-      fi
-
-
-      # move library search paths that coincide with paths to not yet
-      # installed libraries to the beginning of the library search list
-      new_libs=
-      for path in $notinst_path; do
-	case " $new_libs " in
-	*" -L$path/$objdir "*) ;;
-	*)
-	  case " $deplibs " in
-	  *" -L$path/$objdir "*)
-	    new_libs="$new_libs -L$path/$objdir" ;;
-	  esac
-	  ;;
-	esac
-      done
-      for deplib in $deplibs; do
-	case $deplib in
-	-L*)
-	  case " $new_libs " in
-	  *" $deplib "*) ;;
-	  *) new_libs="$new_libs $deplib" ;;
-	  esac
-	  ;;
-	*) new_libs="$new_libs $deplib" ;;
-	esac
-      done
-      deplibs="$new_libs"
-
-
-      # All the library-specific variables (install_libdir is set above).
-      library_names=
-      old_library=
-      dlname=
-
-      # Test again, we may have decided not to build it any more
-      if test "$build_libtool_libs" = yes; then
-	if test "$hardcode_into_libs" = yes; then
-	  # Hardcode the library paths
-	  hardcode_libdirs=
-	  dep_rpath=
-	  rpath="$finalize_rpath"
-	  test "$mode" != relink && rpath="$compile_rpath$rpath"
-	  for libdir in $rpath; do
-	    if test -n "$hardcode_libdir_flag_spec"; then
-	      if test -n "$hardcode_libdir_separator"; then
-		if test -z "$hardcode_libdirs"; then
-		  hardcode_libdirs="$libdir"
-		else
-		  # Just accumulate the unique libdirs.
-		  case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
-		  *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
-		    ;;
-		  *)
-		    hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir"
-		    ;;
-		  esac
-		fi
-	      else
-		eval flag=\"$hardcode_libdir_flag_spec\"
-		dep_rpath="$dep_rpath $flag"
-	      fi
-	    elif test -n "$runpath_var"; then
-	      case "$perm_rpath " in
-	      *" $libdir "*) ;;
-	      *) perm_rpath="$perm_rpath $libdir" ;;
-	      esac
-	    fi
-	  done
-	  # Substitute the hardcoded libdirs into the rpath.
-	  if test -n "$hardcode_libdir_separator" &&
-	     test -n "$hardcode_libdirs"; then
-	    libdir="$hardcode_libdirs"
-	    if test -n "$hardcode_libdir_flag_spec_ld"; then
-	      eval dep_rpath=\"$hardcode_libdir_flag_spec_ld\"
-	    else
-	      eval dep_rpath=\"$hardcode_libdir_flag_spec\"
-	    fi
-	  fi
-	  if test -n "$runpath_var" && test -n "$perm_rpath"; then
-	    # We should set the runpath_var.
-	    rpath=
-	    for dir in $perm_rpath; do
-	      rpath="$rpath$dir:"
-	    done
-	    eval "$runpath_var='$rpath\$$runpath_var'; export $runpath_var"
-	  fi
-	  test -n "$dep_rpath" && deplibs="$dep_rpath $deplibs"
-	fi
-
-	shlibpath="$finalize_shlibpath"
-	test "$mode" != relink && shlibpath="$compile_shlibpath$shlibpath"
-	if test -n "$shlibpath"; then
-	  eval "$shlibpath_var='$shlibpath\$$shlibpath_var'; export $shlibpath_var"
-	fi
-
-	# Get the real and link names of the library.
-	eval shared_ext=\"$shrext_cmds\"
-	eval library_names=\"$library_names_spec\"
-	set dummy $library_names
-	realname="$2"
-	shift; shift
-
-	if test -n "$soname_spec"; then
-	  eval soname=\"$soname_spec\"
-	else
-	  soname="$realname"
-	fi
-	if test -z "$dlname"; then
-	  dlname=$soname
-	fi
-
-	lib="$output_objdir/$realname"
-	linknames=
-	for link
-	do
-	  linknames="$linknames $link"
-	done
-
-	# Use standard objects if they are pic
-	test -z "$pic_flag" && libobjs=`$echo "X$libobjs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
-
-	# Prepare the list of exported symbols
-	if test -z "$export_symbols"; then
-	  if test "$always_export_symbols" = yes || test -n "$export_symbols_regex"; then
-	    $show "generating symbol list for \`$libname.la'"
-	    export_symbols="$output_objdir/$libname.exp"
-	    $run $rm $export_symbols
-	    cmds=$export_symbols_cmds
-	    save_ifs="$IFS"; IFS='~'
-	    for cmd in $cmds; do
-	      IFS="$save_ifs"
-	      eval cmd=\"$cmd\"
-	      if len=`expr "X$cmd" : ".*"` &&
-	       test "$len" -le "$max_cmd_len" || test "$max_cmd_len" -le -1; then
-	        $show "$cmd"
-	        $run eval "$cmd" || exit $?
-	        skipped_export=false
-	      else
-	        # The command line is too long to execute in one step.
-	        $show "using reloadable object file for export list..."
-	        skipped_export=:
-		# Break out early, otherwise skipped_export may be
-		# set to false by a later but shorter cmd.
-		break
-	      fi
-	    done
-	    IFS="$save_ifs"
-	    if test -n "$export_symbols_regex"; then
-	      $show "$EGREP -e \"$export_symbols_regex\" \"$export_symbols\" > \"${export_symbols}T\""
-	      $run eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"'
-	      $show "$mv \"${export_symbols}T\" \"$export_symbols\""
-	      $run eval '$mv "${export_symbols}T" "$export_symbols"'
-	    fi
-	  fi
-	fi
-
-	if test -n "$export_symbols" && test -n "$include_expsyms"; then
-	  $run eval '$echo "X$include_expsyms" | $SP2NL >> "$export_symbols"'
-	fi
-
-	tmp_deplibs=
-	for test_deplib in $deplibs; do
-		case " $convenience " in
-		*" $test_deplib "*) ;;
-		*)
-			tmp_deplibs="$tmp_deplibs $test_deplib"
-			;;
-		esac
-	done
-	deplibs="$tmp_deplibs"
-
-	if test -n "$convenience"; then
-	  if test -n "$whole_archive_flag_spec"; then
-	    save_libobjs=$libobjs
-	    eval libobjs=\"\$libobjs $whole_archive_flag_spec\"
-	  else
-	    gentop="$output_objdir/${outputname}x"
-	    generated="$generated $gentop"
-
-	    func_extract_archives $gentop $convenience
-	    libobjs="$libobjs $func_extract_archives_result"
-	  fi
-	fi
-	
-	if test "$thread_safe" = yes && test -n "$thread_safe_flag_spec"; then
-	  eval flag=\"$thread_safe_flag_spec\"
-	  linker_flags="$linker_flags $flag"
-	fi
-
-	# Make a backup of the uninstalled library when relinking
-	if test "$mode" = relink; then
-	  $run eval '(cd $output_objdir && $rm ${realname}U && $mv $realname ${realname}U)' || exit $?
-	fi
-
-	# Do each of the archive commands.
-	if test "$module" = yes && test -n "$module_cmds" ; then
-	  if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then
-	    eval test_cmds=\"$module_expsym_cmds\"
-	    cmds=$module_expsym_cmds
-	  else
-	    eval test_cmds=\"$module_cmds\"
-	    cmds=$module_cmds
-	  fi
-	else
-	if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then
-	  eval test_cmds=\"$archive_expsym_cmds\"
-	  cmds=$archive_expsym_cmds
-	else
-	  eval test_cmds=\"$archive_cmds\"
-	  cmds=$archive_cmds
-	  fi
-	fi
-
-	if test "X$skipped_export" != "X:" &&
-	   len=`expr "X$test_cmds" : ".*" 2>/dev/null` &&
-	   test "$len" -le "$max_cmd_len" || test "$max_cmd_len" -le -1; then
-	  :
-	else
-	  # The command line is too long to link in one step, link piecewise.
-	  $echo "creating reloadable object files..."
-
-	  # Save the value of $output and $libobjs because we want to
-	  # use them later.  If we have whole_archive_flag_spec, we
-	  # want to use save_libobjs as it was before
-	  # whole_archive_flag_spec was expanded, because we can't
-	  # assume the linker understands whole_archive_flag_spec.
-	  # This may have to be revisited, in case too many
-	  # convenience libraries get linked in and end up exceeding
-	  # the spec.
-	  if test -z "$convenience" || test -z "$whole_archive_flag_spec"; then
-	    save_libobjs=$libobjs
-	  fi
-	  save_output=$output
-	  output_la=`$echo "X$output" | $Xsed -e "$basename"`
-
-	  # Clear the reloadable object creation command queue and
-	  # initialize k to one.
-	  test_cmds=
-	  concat_cmds=
-	  objlist=
-	  delfiles=
-	  last_robj=
-	  k=1
-	  output=$output_objdir/$output_la-${k}.$objext
-	  # Loop over the list of objects to be linked.
-	  for obj in $save_libobjs
-	  do
-	    eval test_cmds=\"$reload_cmds $objlist $last_robj\"
-	    if test "X$objlist" = X ||
-	       { len=`expr "X$test_cmds" : ".*" 2>/dev/null` &&
-		 test "$len" -le "$max_cmd_len"; }; then
-	      objlist="$objlist $obj"
-	    else
-	      # The command $test_cmds is almost too long, add a
-	      # command to the queue.
-	      if test "$k" -eq 1 ; then
-		# The first file doesn't have a previous command to add.
-		eval concat_cmds=\"$reload_cmds $objlist $last_robj\"
-	      else
-		# All subsequent reloadable object files will link in
-		# the last one created.
-		eval concat_cmds=\"\$concat_cmds~$reload_cmds $objlist $last_robj\"
-	      fi
-	      last_robj=$output_objdir/$output_la-${k}.$objext
-	      k=`expr $k + 1`
-	      output=$output_objdir/$output_la-${k}.$objext
-	      objlist=$obj
-	      len=1
-	    fi
-	  done
-	  # Handle the remaining objects by creating one last
-	  # reloadable object file.  All subsequent reloadable object
-	  # files will link in the last one created.
-	  test -z "$concat_cmds" || concat_cmds=$concat_cmds~
-	  eval concat_cmds=\"\${concat_cmds}$reload_cmds $objlist $last_robj\"
-
-	  if ${skipped_export-false}; then
-	    $show "generating symbol list for \`$libname.la'"
-	    export_symbols="$output_objdir/$libname.exp"
-	    $run $rm $export_symbols
-	    libobjs=$output
-	    # Append the command to create the export file.
-	    eval concat_cmds=\"\$concat_cmds~$export_symbols_cmds\"
-          fi
-
-	  # Set up a command to remove the reloadable object files
-	  # after they are used.
-	  i=0
-	  while test "$i" -lt "$k"
-	  do
-	    i=`expr $i + 1`
-	    delfiles="$delfiles $output_objdir/$output_la-${i}.$objext"
-	  done
-
-	  $echo "creating a temporary reloadable object file: $output"
-
-	  # Loop through the commands generated above and execute them.
-	  save_ifs="$IFS"; IFS='~'
-	  for cmd in $concat_cmds; do
-	    IFS="$save_ifs"
-	    $show "$cmd"
-	    $run eval "$cmd" || exit $?
-	  done
-	  IFS="$save_ifs"
-
-	  libobjs=$output
-	  # Restore the value of output.
-	  output=$save_output
-
-	  if test -n "$convenience" && test -n "$whole_archive_flag_spec"; then
-	    eval libobjs=\"\$libobjs $whole_archive_flag_spec\"
-	  fi
-	  # Expand the library linking commands again to reset the
-	  # value of $libobjs for piecewise linking.
-
-	  # Do each of the archive commands.
-	  if test "$module" = yes && test -n "$module_cmds" ; then
-	    if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then
-	      cmds=$module_expsym_cmds
-	    else
-	      cmds=$module_cmds
-	    fi
-	  else
-	  if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then
-	    cmds=$archive_expsym_cmds
-	  else
-	    cmds=$archive_cmds
-	    fi
-	  fi
-
-	  # Append the command to remove the reloadable object files
-	  # to the just-reset $cmds.
-	  eval cmds=\"\$cmds~\$rm $delfiles\"
-	fi
-	save_ifs="$IFS"; IFS='~'
-	for cmd in $cmds; do
-	  IFS="$save_ifs"
-	  eval cmd=\"$cmd\"
-	  $show "$cmd"
-	  $run eval "$cmd" || {
-	    lt_exit=$?
-
-	    # Restore the uninstalled library and exit
-	    if test "$mode" = relink; then
-	      $run eval '(cd $output_objdir && $rm ${realname}T && $mv ${realname}U $realname)'
-	    fi
-
-	    exit $lt_exit
-	  }
-	done
-	IFS="$save_ifs"
-
-	# Restore the uninstalled library and exit
-	if test "$mode" = relink; then
-	  $run eval '(cd $output_objdir && $rm ${realname}T && $mv $realname ${realname}T && $mv "$realname"U $realname)' || exit $?
-
-	  if test -n "$convenience"; then
-	    if test -z "$whole_archive_flag_spec"; then
-	      $show "${rm}r $gentop"
-	      $run ${rm}r "$gentop"
-	    fi
-	  fi
-
-	  exit $EXIT_SUCCESS
-	fi
-
-	# Create links to the real library.
-	for linkname in $linknames; do
-	  if test "$realname" != "$linkname"; then
-	    $show "(cd $output_objdir && $rm $linkname && $LN_S $realname $linkname)"
-	    $run eval '(cd $output_objdir && $rm $linkname && $LN_S $realname $linkname)' || exit $?
-	  fi
-	done
-
-	# If -module or -export-dynamic was specified, set the dlname.
-	if test "$module" = yes || test "$export_dynamic" = yes; then
-	  # On all known operating systems, these are identical.
-	  dlname="$soname"
-	fi
-      fi
-      ;;
-
-    obj)
-      if test -n "$deplibs"; then
-	$echo "$modename: warning: \`-l' and \`-L' are ignored for objects" 1>&2
-      fi
-
-      if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then
-	$echo "$modename: warning: \`-dlopen' is ignored for objects" 1>&2
-      fi
-
-      if test -n "$rpath"; then
-	$echo "$modename: warning: \`-rpath' is ignored for objects" 1>&2
-      fi
-
-      if test -n "$xrpath"; then
-	$echo "$modename: warning: \`-R' is ignored for objects" 1>&2
-      fi
-
-      if test -n "$vinfo"; then
-	$echo "$modename: warning: \`-version-info' is ignored for objects" 1>&2
-      fi
-
-      if test -n "$release"; then
-	$echo "$modename: warning: \`-release' is ignored for objects" 1>&2
-      fi
-
-      case $output in
-      *.lo)
-	if test -n "$objs$old_deplibs"; then
-	  $echo "$modename: cannot build library object \`$output' from non-libtool objects" 1>&2
-	  exit $EXIT_FAILURE
-	fi
-	libobj="$output"
-	obj=`$echo "X$output" | $Xsed -e "$lo2o"`
-	;;
-      *)
-	libobj=
-	obj="$output"
-	;;
-      esac
-
-      # Delete the old objects.
-      $run $rm $obj $libobj
-
-      # Objects from convenience libraries.  This assumes
-      # single-version convenience libraries.  Whenever we create
-      # different ones for PIC/non-PIC, this we'll have to duplicate
-      # the extraction.
-      reload_conv_objs=
-      gentop=
-      # reload_cmds runs $LD directly, so let us get rid of
-      # -Wl from whole_archive_flag_spec
-      wl=
-
-      if test -n "$convenience"; then
-	if test -n "$whole_archive_flag_spec"; then
-	  eval reload_conv_objs=\"\$reload_objs $whole_archive_flag_spec\"
-	else
-	  gentop="$output_objdir/${obj}x"
-	  generated="$generated $gentop"
-
-	  func_extract_archives $gentop $convenience
-	  reload_conv_objs="$reload_objs $func_extract_archives_result"
-	fi
-      fi
-
-      # Create the old-style object.
-      reload_objs="$objs$old_deplibs "`$echo "X$libobjs" | $SP2NL | $Xsed -e '/\.'${libext}$'/d' -e '/\.lib$/d' -e "$lo2o" | $NL2SP`" $reload_conv_objs" ### testsuite: skip nested quoting test
-
-      output="$obj"
-      cmds=$reload_cmds
-      save_ifs="$IFS"; IFS='~'
-      for cmd in $cmds; do
-	IFS="$save_ifs"
-	eval cmd=\"$cmd\"
-	$show "$cmd"
-	$run eval "$cmd" || exit $?
-      done
-      IFS="$save_ifs"
-
-      # Exit if we aren't doing a library object file.
-      if test -z "$libobj"; then
-	if test -n "$gentop"; then
-	  $show "${rm}r $gentop"
-	  $run ${rm}r $gentop
-	fi
-
-	exit $EXIT_SUCCESS
-      fi
-
-      if test "$build_libtool_libs" != yes; then
-	if test -n "$gentop"; then
-	  $show "${rm}r $gentop"
-	  $run ${rm}r $gentop
-	fi
-
-	# Create an invalid libtool object if no PIC, so that we don't
-	# accidentally link it into a program.
-	# $show "echo timestamp > $libobj"
-	# $run eval "echo timestamp > $libobj" || exit $?
-	exit $EXIT_SUCCESS
-      fi
-
-      if test -n "$pic_flag" || test "$pic_mode" != default; then
-	# Only do commands if we really have different PIC objects.
-	reload_objs="$libobjs $reload_conv_objs"
-	output="$libobj"
-	cmds=$reload_cmds
-	save_ifs="$IFS"; IFS='~'
-	for cmd in $cmds; do
-	  IFS="$save_ifs"
-	  eval cmd=\"$cmd\"
-	  $show "$cmd"
-	  $run eval "$cmd" || exit $?
-	done
-	IFS="$save_ifs"
-      fi
-
-      if test -n "$gentop"; then
-	$show "${rm}r $gentop"
-	$run ${rm}r $gentop
-      fi
-
-      exit $EXIT_SUCCESS
-      ;;
-
-    prog)
-      case $host in
-	*cygwin*) output=`$echo $output | ${SED} -e 's,.exe$,,;s,$,.exe,'` ;;
-      esac
-      if test -n "$vinfo"; then
-	$echo "$modename: warning: \`-version-info' is ignored for programs" 1>&2
-      fi
-
-      if test -n "$release"; then
-	$echo "$modename: warning: \`-release' is ignored for programs" 1>&2
-      fi
-
-      if test "$preload" = yes; then
-	if test "$dlopen_support" = unknown && test "$dlopen_self" = unknown &&
-	   test "$dlopen_self_static" = unknown; then
-	  $echo "$modename: warning: \`AC_LIBTOOL_DLOPEN' not used. Assuming no dlopen support."
-	fi
-      fi
-
-      case $host in
-      *-*-rhapsody* | *-*-darwin1.[012])
-	# On Rhapsody replace the C library is the System framework
-	compile_deplibs=`$echo "X $compile_deplibs" | $Xsed -e 's/ -lc / -framework System /'`
-	finalize_deplibs=`$echo "X $finalize_deplibs" | $Xsed -e 's/ -lc / -framework System /'`
-	;;
-      esac
-
-      case $host in
-      *darwin*)
-        # Don't allow lazy linking, it breaks C++ global constructors
-        if test "$tagname" = CXX ; then
-        compile_command="$compile_command ${wl}-bind_at_load"
-        finalize_command="$finalize_command ${wl}-bind_at_load"
-        fi
-        ;;
-      esac
-
-
-      # move library search paths that coincide with paths to not yet
-      # installed libraries to the beginning of the library search list
-      new_libs=
-      for path in $notinst_path; do
-	case " $new_libs " in
-	*" -L$path/$objdir "*) ;;
-	*)
-	  case " $compile_deplibs " in
-	  *" -L$path/$objdir "*)
-	    new_libs="$new_libs -L$path/$objdir" ;;
-	  esac
-	  ;;
-	esac
-      done
-      for deplib in $compile_deplibs; do
-	case $deplib in
-	-L*)
-	  case " $new_libs " in
-	  *" $deplib "*) ;;
-	  *) new_libs="$new_libs $deplib" ;;
-	  esac
-	  ;;
-	*) new_libs="$new_libs $deplib" ;;
-	esac
-      done
-      compile_deplibs="$new_libs"
-
-
-      compile_command="$compile_command $compile_deplibs"
-      finalize_command="$finalize_command $finalize_deplibs"
-
-      if test -n "$rpath$xrpath"; then
-	# If the user specified any rpath flags, then add them.
-	for libdir in $rpath $xrpath; do
-	  # This is the magic to use -rpath.
-	  case "$finalize_rpath " in
-	  *" $libdir "*) ;;
-	  *) finalize_rpath="$finalize_rpath $libdir" ;;
-	  esac
-	done
-      fi
-
-      # Now hardcode the library paths
-      rpath=
-      hardcode_libdirs=
-      for libdir in $compile_rpath $finalize_rpath; do
-	if test -n "$hardcode_libdir_flag_spec"; then
-	  if test -n "$hardcode_libdir_separator"; then
-	    if test -z "$hardcode_libdirs"; then
-	      hardcode_libdirs="$libdir"
-	    else
-	      # Just accumulate the unique libdirs.
-	      case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
-	      *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
-		;;
-	      *)
-		hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir"
-		;;
-	      esac
-	    fi
-	  else
-	    eval flag=\"$hardcode_libdir_flag_spec\"
-	    rpath="$rpath $flag"
-	  fi
-	elif test -n "$runpath_var"; then
-	  case "$perm_rpath " in
-	  *" $libdir "*) ;;
-	  *) perm_rpath="$perm_rpath $libdir" ;;
-	  esac
-	fi
-	case $host in
-	*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2*)
-	  testbindir=`$echo "X$libdir" | $Xsed -e 's*/lib$*/bin*'`
-	  case :$dllsearchpath: in
-	  *":$libdir:"*) ;;
-	  *) dllsearchpath="$dllsearchpath:$libdir";;
-	  esac
-	  case :$dllsearchpath: in
-	  *":$testbindir:"*) ;;
-	  *) dllsearchpath="$dllsearchpath:$testbindir";;
-	  esac
-	  ;;
-	esac
-      done
-      # Substitute the hardcoded libdirs into the rpath.
-      if test -n "$hardcode_libdir_separator" &&
-	 test -n "$hardcode_libdirs"; then
-	libdir="$hardcode_libdirs"
-	eval rpath=\" $hardcode_libdir_flag_spec\"
-      fi
-      compile_rpath="$rpath"
-
-      rpath=
-      hardcode_libdirs=
-      for libdir in $finalize_rpath; do
-	if test -n "$hardcode_libdir_flag_spec"; then
-	  if test -n "$hardcode_libdir_separator"; then
-	    if test -z "$hardcode_libdirs"; then
-	      hardcode_libdirs="$libdir"
-	    else
-	      # Just accumulate the unique libdirs.
-	      case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
-	      *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
-		;;
-	      *)
-		hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir"
-		;;
-	      esac
-	    fi
-	  else
-	    eval flag=\"$hardcode_libdir_flag_spec\"
-	    rpath="$rpath $flag"
-	  fi
-	elif test -n "$runpath_var"; then
-	  case "$finalize_perm_rpath " in
-	  *" $libdir "*) ;;
-	  *) finalize_perm_rpath="$finalize_perm_rpath $libdir" ;;
-	  esac
-	fi
-      done
-      # Substitute the hardcoded libdirs into the rpath.
-      if test -n "$hardcode_libdir_separator" &&
-	 test -n "$hardcode_libdirs"; then
-	libdir="$hardcode_libdirs"
-	eval rpath=\" $hardcode_libdir_flag_spec\"
-      fi
-      finalize_rpath="$rpath"
-
-      if test -n "$libobjs" && test "$build_old_libs" = yes; then
-	# Transform all the library objects into standard objects.
-	compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
-	finalize_command=`$echo "X$finalize_command" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
-      fi
-
-      dlsyms=
-      if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then
-	if test -n "$NM" && test -n "$global_symbol_pipe"; then
-	  dlsyms="${outputname}S.c"
-	else
-	  $echo "$modename: not configured to extract global symbols from dlpreopened files" 1>&2
-	fi
-      fi
-
-      if test -n "$dlsyms"; then
-	case $dlsyms in
-	"") ;;
-	*.c)
-	  # Discover the nlist of each of the dlfiles.
-	  nlist="$output_objdir/${outputname}.nm"
-
-	  $show "$rm $nlist ${nlist}S ${nlist}T"
-	  $run $rm "$nlist" "${nlist}S" "${nlist}T"
-
-	  # Parse the name list into a source file.
-	  $show "creating $output_objdir/$dlsyms"
-
-	  test -z "$run" && $echo > "$output_objdir/$dlsyms" "\
-/* $dlsyms - symbol resolution table for \`$outputname' dlsym emulation. */
-/* Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP */
-
-#ifdef __cplusplus
-extern \"C\" {
-#endif
-
-/* Prevent the only kind of declaration conflicts we can make. */
-#define lt_preloaded_symbols some_other_symbol
-
-/* External symbol declarations for the compiler. */\
-"
-
-	  if test "$dlself" = yes; then
-	    $show "generating symbol list for \`$output'"
-
-	    test -z "$run" && $echo ': @PROGRAM@ ' > "$nlist"
-
-	    # Add our own program objects to the symbol list.
-	    progfiles=`$echo "X$objs$old_deplibs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
-	    for arg in $progfiles; do
-	      $show "extracting global C symbols from \`$arg'"
-	      $run eval "$NM $arg | $global_symbol_pipe >> '$nlist'"
-	    done
-
-	    if test -n "$exclude_expsyms"; then
-	      $run eval '$EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T'
-	      $run eval '$mv "$nlist"T "$nlist"'
-	    fi
-
-	    if test -n "$export_symbols_regex"; then
-	      $run eval '$EGREP -e "$export_symbols_regex" "$nlist" > "$nlist"T'
-	      $run eval '$mv "$nlist"T "$nlist"'
-	    fi
-
-	    # Prepare the list of exported symbols
-	    if test -z "$export_symbols"; then
-	      export_symbols="$output_objdir/$outputname.exp"
-	      $run $rm $export_symbols
-	      $run eval "${SED} -n -e '/^: @PROGRAM@ $/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"'
-              case $host in
-              *cygwin* | *mingw* )
-	        $run eval "echo EXPORTS "'> "$output_objdir/$outputname.def"'
-		$run eval 'cat "$export_symbols" >> "$output_objdir/$outputname.def"'
-                ;;
-              esac
-	    else
-	      $run eval "${SED} -e 's/\([].[*^$]\)/\\\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$outputname.exp"'
-	      $run eval 'grep -f "$output_objdir/$outputname.exp" < "$nlist" > "$nlist"T'
-	      $run eval 'mv "$nlist"T "$nlist"'
-              case $host in
-              *cygwin* | *mingw* )
-	        $run eval "echo EXPORTS "'> "$output_objdir/$outputname.def"'
-		$run eval 'cat "$nlist" >> "$output_objdir/$outputname.def"'
-                ;;
-              esac
-	    fi
-	  fi
-
-	  for arg in $dlprefiles; do
-	    $show "extracting global C symbols from \`$arg'"
-	    name=`$echo "$arg" | ${SED} -e 's%^.*/%%'`
-	    $run eval '$echo ": $name " >> "$nlist"'
-	    $run eval "$NM $arg | $global_symbol_pipe >> '$nlist'"
-	  done
-
-	  if test -z "$run"; then
-	    # Make sure we have at least an empty file.
-	    test -f "$nlist" || : > "$nlist"
-
-	    if test -n "$exclude_expsyms"; then
-	      $EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T
-	      $mv "$nlist"T "$nlist"
-	    fi
-
-	    # Try sorting and uniquifying the output.
-	    if grep -v "^: " < "$nlist" |
-		if sort -k 3 </dev/null >/dev/null 2>&1; then
-		  sort -k 3
-		else
-		  sort +2
-		fi |
-		uniq > "$nlist"S; then
-	      :
-	    else
-	      grep -v "^: " < "$nlist" > "$nlist"S
-	    fi
-
-	    if test -f "$nlist"S; then
-	      eval "$global_symbol_to_cdecl"' < "$nlist"S >> "$output_objdir/$dlsyms"'
-	    else
-	      $echo '/* NONE */' >> "$output_objdir/$dlsyms"
-	    fi
-
-	    $echo >> "$output_objdir/$dlsyms" "\
-
-#undef lt_preloaded_symbols
-
-#if defined (__STDC__) && __STDC__
-# define lt_ptr void *
-#else
-# define lt_ptr char *
-# define const
-#endif
-
-/* The mapping between symbol names and symbols. */
-"
-
-	    case $host in
-	    *cygwin* | *mingw* )
-	  $echo >> "$output_objdir/$dlsyms" "\
-/* DATA imports from DLLs on WIN32 can't be const, because
-   runtime relocations are performed -- see ld's documentation
-   on pseudo-relocs */
-struct {
-"
-	      ;;
-	    * )
-	  $echo >> "$output_objdir/$dlsyms" "\
-const struct {
-"
-	      ;;
-	    esac
-
-
-	  $echo >> "$output_objdir/$dlsyms" "\
-  const char *name;
-  lt_ptr address;
-}
-lt_preloaded_symbols[] =
-{\
-"
-
-	    eval "$global_symbol_to_c_name_address" < "$nlist" >> "$output_objdir/$dlsyms"
-
-	    $echo >> "$output_objdir/$dlsyms" "\
-  {0, (lt_ptr) 0}
-};
-
-/* This works around a problem in FreeBSD linker */
-#ifdef FREEBSD_WORKAROUND
-static const void *lt_preloaded_setup() {
-  return lt_preloaded_symbols;
-}
-#endif
-
-#ifdef __cplusplus
-}
-#endif\
-"
-	  fi
-
-	  pic_flag_for_symtable=
-	  case $host in
-	  # compiling the symbol table file with pic_flag works around
-	  # a FreeBSD bug that causes programs to crash when -lm is
-	  # linked before any other PIC object.  But we must not use
-	  # pic_flag when linking with -static.  The problem exists in
-	  # FreeBSD 2.2.6 and is fixed in FreeBSD 3.1.
-	  *-*-freebsd2*|*-*-freebsd3.0*|*-*-freebsdelf3.0*)
-	    case "$compile_command " in
-	    *" -static "*) ;;
-	    *) pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND";;
-	    esac;;
-	  *-*-hpux*)
-	    case "$compile_command " in
-	    *" -static "*) ;;
-	    *) pic_flag_for_symtable=" $pic_flag";;
-	    esac
-	  esac
-
-	  # Now compile the dynamic symbol file.
-	  $show "(cd $output_objdir && $LTCC  $LTCFLAGS -c$no_builtin_flag$pic_flag_for_symtable \"$dlsyms\")"
-	  $run eval '(cd $output_objdir && $LTCC  $LTCFLAGS -c$no_builtin_flag$pic_flag_for_symtable "$dlsyms")' || exit $?
-
-	  # Clean up the generated files.
-	  $show "$rm $output_objdir/$dlsyms $nlist ${nlist}S ${nlist}T"
-	  $run $rm "$output_objdir/$dlsyms" "$nlist" "${nlist}S" "${nlist}T"
-
-	  # Transform the symbol file into the correct name.
-          case $host in
-          *cygwin* | *mingw* )
-            if test -f "$output_objdir/${outputname}.def" ; then
-              compile_command=`$echo "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}.def $output_objdir/${outputname}S.${objext}%"`
-              finalize_command=`$echo "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}.def $output_objdir/${outputname}S.${objext}%"`
-            else
-              compile_command=`$echo "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"`
-              finalize_command=`$echo "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"`
-             fi
-            ;;
-          * )
-            compile_command=`$echo "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"`
-            finalize_command=`$echo "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"`
-            ;;
-          esac
-	  ;;
-	*)
-	  $echo "$modename: unknown suffix for \`$dlsyms'" 1>&2
-	  exit $EXIT_FAILURE
-	  ;;
-	esac
-      else
-	# We keep going just in case the user didn't refer to
-	# lt_preloaded_symbols.  The linker will fail if global_symbol_pipe
-	# really was required.
-
-	# Nullify the symbol file.
-	compile_command=`$echo "X$compile_command" | $Xsed -e "s% @SYMFILE@%%"`
-	finalize_command=`$echo "X$finalize_command" | $Xsed -e "s% @SYMFILE@%%"`
-      fi
-
-      if test "$need_relink" = no || test "$build_libtool_libs" != yes; then
-	# Replace the output file specification.
-	compile_command=`$echo "X$compile_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'`
-	link_command="$compile_command$compile_rpath"
-
-	# We have no uninstalled library dependencies, so finalize right now.
-	$show "$link_command"
-	$run eval "$link_command"
-	exit_status=$?
-
-	# Delete the generated files.
-	if test -n "$dlsyms"; then
-	  $show "$rm $output_objdir/${outputname}S.${objext}"
-	  $run $rm "$output_objdir/${outputname}S.${objext}"
-	fi
-
-	exit $exit_status
-      fi
-
-      if test -n "$shlibpath_var"; then
-	# We should set the shlibpath_var
-	rpath=
-	for dir in $temp_rpath; do
-	  case $dir in
-	  [\\/]* | [A-Za-z]:[\\/]*)
-	    # Absolute path.
-	    rpath="$rpath$dir:"
-	    ;;
-	  *)
-	    # Relative path: add a thisdir entry.
-	    rpath="$rpath\$thisdir/$dir:"
-	    ;;
-	  esac
-	done
-	temp_rpath="$rpath"
-      fi
-
-      if test -n "$compile_shlibpath$finalize_shlibpath"; then
-	compile_command="$shlibpath_var=\"$compile_shlibpath$finalize_shlibpath\$$shlibpath_var\" $compile_command"
-      fi
-      if test -n "$finalize_shlibpath"; then
-	finalize_command="$shlibpath_var=\"$finalize_shlibpath\$$shlibpath_var\" $finalize_command"
-      fi
-
-      compile_var=
-      finalize_var=
-      if test -n "$runpath_var"; then
-	if test -n "$perm_rpath"; then
-	  # We should set the runpath_var.
-	  rpath=
-	  for dir in $perm_rpath; do
-	    rpath="$rpath$dir:"
-	  done
-	  compile_var="$runpath_var=\"$rpath\$$runpath_var\" "
-	fi
-	if test -n "$finalize_perm_rpath"; then
-	  # We should set the runpath_var.
-	  rpath=
-	  for dir in $finalize_perm_rpath; do
-	    rpath="$rpath$dir:"
-	  done
-	  finalize_var="$runpath_var=\"$rpath\$$runpath_var\" "
-	fi
-      fi
-
-      if test "$no_install" = yes; then
-	# We don't need to create a wrapper script.
-	link_command="$compile_var$compile_command$compile_rpath"
-	# Replace the output file specification.
-	link_command=`$echo "X$link_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'`
-	# Delete the old output file.
-	$run $rm $output
-	# Link the executable and exit
-	$show "$link_command"
-	$run eval "$link_command" || exit $?
-	exit $EXIT_SUCCESS
-      fi
-
-      if test "$hardcode_action" = relink; then
-	# Fast installation is not supported
-	link_command="$compile_var$compile_command$compile_rpath"
-	relink_command="$finalize_var$finalize_command$finalize_rpath"
-
-	$echo "$modename: warning: this platform does not like uninstalled shared libraries" 1>&2
-	$echo "$modename: \`$output' will be relinked during installation" 1>&2
-      else
-	if test "$fast_install" != no; then
-	  link_command="$finalize_var$compile_command$finalize_rpath"
-	  if test "$fast_install" = yes; then
-	    relink_command=`$echo "X$compile_var$compile_command$compile_rpath" | $Xsed -e 's%@OUTPUT@%\$progdir/\$file%g'`
-	  else
-	    # fast_install is set to needless
-	    relink_command=
-	  fi
-	else
-	  link_command="$compile_var$compile_command$compile_rpath"
-	  relink_command="$finalize_var$finalize_command$finalize_rpath"
-	fi
-      fi
-
-      # Replace the output file specification.
-      link_command=`$echo "X$link_command" | $Xsed -e 's%@OUTPUT@%'"$output_objdir/$outputname"'%g'`
-
-      # Delete the old output files.
-      $run $rm $output $output_objdir/$outputname $output_objdir/lt-$outputname
-
-      $show "$link_command"
-      $run eval "$link_command" || exit $?
-
-      # Now create the wrapper script.
-      $show "creating $output"
-
-      # Quote the relink command for shipping.
-      if test -n "$relink_command"; then
-	# Preserve any variables that may affect compiler behavior
-	for var in $variables_saved_for_relink; do
-	  if eval test -z \"\${$var+set}\"; then
-	    relink_command="{ test -z \"\${$var+set}\" || unset $var || { $var=; export $var; }; }; $relink_command"
-	  elif eval var_value=\$$var; test -z "$var_value"; then
-	    relink_command="$var=; export $var; $relink_command"
-	  else
-	    var_value=`$echo "X$var_value" | $Xsed -e "$sed_quote_subst"`
-	    relink_command="$var=\"$var_value\"; export $var; $relink_command"
-	  fi
-	done
-	relink_command="(cd `pwd`; $relink_command)"
-	relink_command=`$echo "X$relink_command" | $Xsed -e "$sed_quote_subst"`
-      fi
-
-      # Quote $echo for shipping.
-      if test "X$echo" = "X$SHELL $progpath --fallback-echo"; then
-	case $progpath in
-	[\\/]* | [A-Za-z]:[\\/]*) qecho="$SHELL $progpath --fallback-echo";;
-	*) qecho="$SHELL `pwd`/$progpath --fallback-echo";;
-	esac
-	qecho=`$echo "X$qecho" | $Xsed -e "$sed_quote_subst"`
-      else
-	qecho=`$echo "X$echo" | $Xsed -e "$sed_quote_subst"`
-      fi
-
-      # Only actually do things if our run command is non-null.
-      if test -z "$run"; then
-	# win32 will think the script is a binary if it has
-	# a .exe suffix, so we strip it off here.
-	case $output in
-	  *.exe) output=`$echo $output|${SED} 's,.exe$,,'` ;;
-	esac
-	# test for cygwin because mv fails w/o .exe extensions
-	case $host in
-	  *cygwin*)
-	    exeext=.exe
-	    outputname=`$echo $outputname|${SED} 's,.exe$,,'` ;;
-	  *) exeext= ;;
-	esac
-	case $host in
-	  *cygwin* | *mingw* )
-            output_name=`basename $output`
-            output_path=`dirname $output`
-            cwrappersource="$output_path/$objdir/lt-$output_name.c"
-            cwrapper="$output_path/$output_name.exe"
-            $rm $cwrappersource $cwrapper
-            trap "$rm $cwrappersource $cwrapper; exit $EXIT_FAILURE" 1 2 15
-
-	    cat > $cwrappersource <<EOF
-
-/* $cwrappersource - temporary wrapper executable for $objdir/$outputname
-   Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP
-
-   The $output program cannot be directly executed until all the libtool
-   libraries that it depends on are installed.
-
-   This wrapper executable should never be moved out of the build directory.
-   If it is, it will not operate correctly.
-
-   Currently, it simply execs the wrapper *script* "/bin/sh $output",
-   but could eventually absorb all of the scripts functionality and
-   exec $objdir/$outputname directly.
-*/
-EOF
-	    cat >> $cwrappersource<<"EOF"
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <malloc.h>
-#include <stdarg.h>
-#include <assert.h>
-#include <string.h>
-#include <ctype.h>
-#include <sys/stat.h>
-
-#if defined(PATH_MAX)
-# define LT_PATHMAX PATH_MAX
-#elif defined(MAXPATHLEN)
-# define LT_PATHMAX MAXPATHLEN
-#else
-# define LT_PATHMAX 1024
-#endif
-
-#ifndef DIR_SEPARATOR
-# define DIR_SEPARATOR '/'
-# define PATH_SEPARATOR ':'
-#endif
-
-#if defined (_WIN32) || defined (__MSDOS__) || defined (__DJGPP__) || \
-  defined (__OS2__)
-# define HAVE_DOS_BASED_FILE_SYSTEM
-# ifndef DIR_SEPARATOR_2
-#  define DIR_SEPARATOR_2 '\\'
-# endif
-# ifndef PATH_SEPARATOR_2
-#  define PATH_SEPARATOR_2 ';'
-# endif
-#endif
-
-#ifndef DIR_SEPARATOR_2
-# define IS_DIR_SEPARATOR(ch) ((ch) == DIR_SEPARATOR)
-#else /* DIR_SEPARATOR_2 */
-# define IS_DIR_SEPARATOR(ch) \
-        (((ch) == DIR_SEPARATOR) || ((ch) == DIR_SEPARATOR_2))
-#endif /* DIR_SEPARATOR_2 */
-
-#ifndef PATH_SEPARATOR_2
-# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR)
-#else /* PATH_SEPARATOR_2 */
-# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR_2)
-#endif /* PATH_SEPARATOR_2 */
-
-#define XMALLOC(type, num)      ((type *) xmalloc ((num) * sizeof(type)))
-#define XFREE(stale) do { \
-  if (stale) { free ((void *) stale); stale = 0; } \
-} while (0)
-
-/* -DDEBUG is fairly common in CFLAGS.  */
-#undef DEBUG
-#if defined DEBUGWRAPPER
-# define DEBUG(format, ...) fprintf(stderr, format, __VA_ARGS__)
-#else
-# define DEBUG(format, ...)
-#endif
-
-const char *program_name = NULL;
-
-void * xmalloc (size_t num);
-char * xstrdup (const char *string);
-const char * base_name (const char *name);
-char * find_executable(const char *wrapper);
-int    check_executable(const char *path);
-char * strendzap(char *str, const char *pat);
-void lt_fatal (const char *message, ...);
-
-int
-main (int argc, char *argv[])
-{
-  char **newargz;
-  int i;
-
-  program_name = (char *) xstrdup (base_name (argv[0]));
-  DEBUG("(main) argv[0]      : %s\n",argv[0]);
-  DEBUG("(main) program_name : %s\n",program_name);
-  newargz = XMALLOC(char *, argc+2);
-EOF
-
-            cat >> $cwrappersource <<EOF
-  newargz[0] = (char *) xstrdup("$SHELL");
-EOF
-
-            cat >> $cwrappersource <<"EOF"
-  newargz[1] = find_executable(argv[0]);
-  if (newargz[1] == NULL)
-    lt_fatal("Couldn't find %s", argv[0]);
-  DEBUG("(main) found exe at : %s\n",newargz[1]);
-  /* we know the script has the same name, without the .exe */
-  /* so make sure newargz[1] doesn't end in .exe */
-  strendzap(newargz[1],".exe");
-  for (i = 1; i < argc; i++)
-    newargz[i+1] = xstrdup(argv[i]);
-  newargz[argc+1] = NULL;
-
-  for (i=0; i<argc+1; i++)
-  {
-    DEBUG("(main) newargz[%d]   : %s\n",i,newargz[i]);
-    ;
-  }
-
-EOF
-
-            case $host_os in
-              mingw*)
-                cat >> $cwrappersource <<EOF
-  execv("$SHELL",(char const **)newargz);
-EOF
-              ;;
-              *)
-                cat >> $cwrappersource <<EOF
-  execv("$SHELL",newargz);
-EOF
-              ;;
-            esac
-
-            cat >> $cwrappersource <<"EOF"
-  return 127;
-}
-
-void *
-xmalloc (size_t num)
-{
-  void * p = (void *) malloc (num);
-  if (!p)
-    lt_fatal ("Memory exhausted");
-
-  return p;
-}
-
-char *
-xstrdup (const char *string)
-{
-  return string ? strcpy ((char *) xmalloc (strlen (string) + 1), string) : NULL
-;
-}
-
-const char *
-base_name (const char *name)
-{
-  const char *base;
-
-#if defined (HAVE_DOS_BASED_FILE_SYSTEM)
-  /* Skip over the disk name in MSDOS pathnames. */
-  if (isalpha ((unsigned char)name[0]) && name[1] == ':')
-    name += 2;
-#endif
-
-  for (base = name; *name; name++)
-    if (IS_DIR_SEPARATOR (*name))
-      base = name + 1;
-  return base;
-}
-
-int
-check_executable(const char * path)
-{
-  struct stat st;
-
-  DEBUG("(check_executable)  : %s\n", path ? (*path ? path : "EMPTY!") : "NULL!");
-  if ((!path) || (!*path))
-    return 0;
-
-  if ((stat (path, &st) >= 0) &&
-      (
-        /* MinGW & native WIN32 do not support S_IXOTH or S_IXGRP */
-#if defined (S_IXOTH)
-       ((st.st_mode & S_IXOTH) == S_IXOTH) ||
-#endif
-#if defined (S_IXGRP)
-       ((st.st_mode & S_IXGRP) == S_IXGRP) ||
-#endif
-       ((st.st_mode & S_IXUSR) == S_IXUSR))
-      )
-    return 1;
-  else
-    return 0;
-}
-
-/* Searches for the full path of the wrapper.  Returns
-   newly allocated full path name if found, NULL otherwise */
-char *
-find_executable (const char* wrapper)
-{
-  int has_slash = 0;
-  const char* p;
-  const char* p_next;
-  /* static buffer for getcwd */
-  char tmp[LT_PATHMAX + 1];
-  int tmp_len;
-  char* concat_name;
-
-  DEBUG("(find_executable)  : %s\n", wrapper ? (*wrapper ? wrapper : "EMPTY!") : "NULL!");
-
-  if ((wrapper == NULL) || (*wrapper == '\0'))
-    return NULL;
-
-  /* Absolute path? */
-#if defined (HAVE_DOS_BASED_FILE_SYSTEM)
-  if (isalpha ((unsigned char)wrapper[0]) && wrapper[1] == ':')
-  {
-    concat_name = xstrdup (wrapper);
-    if (check_executable(concat_name))
-      return concat_name;
-    XFREE(concat_name);
-  }
-  else
-  {
-#endif
-    if (IS_DIR_SEPARATOR (wrapper[0]))
-    {
-      concat_name = xstrdup (wrapper);
-      if (check_executable(concat_name))
-        return concat_name;
-      XFREE(concat_name);
-    }
-#if defined (HAVE_DOS_BASED_FILE_SYSTEM)
-  }
-#endif
-
-  for (p = wrapper; *p; p++)
-    if (*p == '/')
-    {
-      has_slash = 1;
-      break;
-    }
-  if (!has_slash)
-  {
-    /* no slashes; search PATH */
-    const char* path = getenv ("PATH");
-    if (path != NULL)
-    {
-      for (p = path; *p; p = p_next)
-      {
-        const char* q;
-        size_t p_len;
-        for (q = p; *q; q++)
-          if (IS_PATH_SEPARATOR(*q))
-            break;
-        p_len = q - p;
-        p_next = (*q == '\0' ? q : q + 1);
-        if (p_len == 0)
-        {
-          /* empty path: current directory */
-          if (getcwd (tmp, LT_PATHMAX) == NULL)
-            lt_fatal ("getcwd failed");
-          tmp_len = strlen(tmp);
-          concat_name = XMALLOC(char, tmp_len + 1 + strlen(wrapper) + 1);
-          memcpy (concat_name, tmp, tmp_len);
-          concat_name[tmp_len] = '/';
-          strcpy (concat_name + tmp_len + 1, wrapper);
-        }
-        else
-        {
-          concat_name = XMALLOC(char, p_len + 1 + strlen(wrapper) + 1);
-          memcpy (concat_name, p, p_len);
-          concat_name[p_len] = '/';
-          strcpy (concat_name + p_len + 1, wrapper);
-        }
-        if (check_executable(concat_name))
-          return concat_name;
-        XFREE(concat_name);
-      }
-    }
-    /* not found in PATH; assume curdir */
-  }
-  /* Relative path | not found in path: prepend cwd */
-  if (getcwd (tmp, LT_PATHMAX) == NULL)
-    lt_fatal ("getcwd failed");
-  tmp_len = strlen(tmp);
-  concat_name = XMALLOC(char, tmp_len + 1 + strlen(wrapper) + 1);
-  memcpy (concat_name, tmp, tmp_len);
-  concat_name[tmp_len] = '/';
-  strcpy (concat_name + tmp_len + 1, wrapper);
-
-  if (check_executable(concat_name))
-    return concat_name;
-  XFREE(concat_name);
-  return NULL;
-}
-
-char *
-strendzap(char *str, const char *pat)
-{
-  size_t len, patlen;
-
-  assert(str != NULL);
-  assert(pat != NULL);
-
-  len = strlen(str);
-  patlen = strlen(pat);
-
-  if (patlen <= len)
-  {
-    str += len - patlen;
-    if (strcmp(str, pat) == 0)
-      *str = '\0';
-  }
-  return str;
-}
-
-static void
-lt_error_core (int exit_status, const char * mode,
-          const char * message, va_list ap)
-{
-  fprintf (stderr, "%s: %s: ", program_name, mode);
-  vfprintf (stderr, message, ap);
-  fprintf (stderr, ".\n");
-
-  if (exit_status >= 0)
-    exit (exit_status);
-}
-
-void
-lt_fatal (const char *message, ...)
-{
-  va_list ap;
-  va_start (ap, message);
-  lt_error_core (EXIT_FAILURE, "FATAL", message, ap);
-  va_end (ap);
-}
-EOF
-          # we should really use a build-platform specific compiler
-          # here, but OTOH, the wrappers (shell script and this C one)
-          # are only useful if you want to execute the "real" binary.
-          # Since the "real" binary is built for $host, then this
-          # wrapper might as well be built for $host, too.
-          $run $LTCC $LTCFLAGS -s -o $cwrapper $cwrappersource
-          ;;
-        esac
-        $rm $output
-        trap "$rm $output; exit $EXIT_FAILURE" 1 2 15
-
-	$echo > $output "\
-#! $SHELL
-
-# $output - temporary wrapper script for $objdir/$outputname
-# Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP
-#
-# The $output program cannot be directly executed until all the libtool
-# libraries that it depends on are installed.
-#
-# This wrapper script should never be moved out of the build directory.
-# If it is, it will not operate correctly.
-
-# Sed substitution that helps us do robust quoting.  It backslashifies
-# metacharacters that are still active within double-quoted strings.
-Xsed='${SED} -e 1s/^X//'
-sed_quote_subst='$sed_quote_subst'
-
-# The HP-UX ksh and POSIX shell print the target directory to stdout
-# if CDPATH is set.
-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
-
-relink_command=\"$relink_command\"
-
-# This environment variable determines our operation mode.
-if test \"\$libtool_install_magic\" = \"$magic\"; then
-  # install mode needs the following variable:
-  notinst_deplibs='$notinst_deplibs'
-else
-  # When we are sourced in execute mode, \$file and \$echo are already set.
-  if test \"\$libtool_execute_magic\" != \"$magic\"; then
-    echo=\"$qecho\"
-    file=\"\$0\"
-    # Make sure echo works.
-    if test \"X\$1\" = X--no-reexec; then
-      # Discard the --no-reexec flag, and continue.
-      shift
-    elif test \"X\`(\$echo '\t') 2>/dev/null\`\" = 'X\t'; then
-      # Yippee, \$echo works!
-      :
-    else
-      # Restart under the correct shell, and then maybe \$echo will work.
-      exec $SHELL \"\$0\" --no-reexec \${1+\"\$@\"}
-    fi
-  fi\
-"
-	$echo >> $output "\
-
-  # Find the directory that this script lives in.
-  thisdir=\`\$echo \"X\$file\" | \$Xsed -e 's%/[^/]*$%%'\`
-  test \"x\$thisdir\" = \"x\$file\" && thisdir=.
-
-  # Follow symbolic links until we get to the real thisdir.
-  file=\`ls -ld \"\$file\" | ${SED} -n 's/.*-> //p'\`
-  while test -n \"\$file\"; do
-    destdir=\`\$echo \"X\$file\" | \$Xsed -e 's%/[^/]*\$%%'\`
-
-    # If there was a directory component, then change thisdir.
-    if test \"x\$destdir\" != \"x\$file\"; then
-      case \"\$destdir\" in
-      [\\\\/]* | [A-Za-z]:[\\\\/]*) thisdir=\"\$destdir\" ;;
-      *) thisdir=\"\$thisdir/\$destdir\" ;;
-      esac
-    fi
-
-    file=\`\$echo \"X\$file\" | \$Xsed -e 's%^.*/%%'\`
-    file=\`ls -ld \"\$thisdir/\$file\" | ${SED} -n 's/.*-> //p'\`
-  done
-
-  # Try to get the absolute directory name.
-  absdir=\`cd \"\$thisdir\" && pwd\`
-  test -n \"\$absdir\" && thisdir=\"\$absdir\"
-"
-
-	if test "$fast_install" = yes; then
-	  $echo >> $output "\
-  program=lt-'$outputname'$exeext
-  progdir=\"\$thisdir/$objdir\"
-
-  if test ! -f \"\$progdir/\$program\" || \\
-     { file=\`ls -1dt \"\$progdir/\$program\" \"\$progdir/../\$program\" 2>/dev/null | ${SED} 1q\`; \\
-       test \"X\$file\" != \"X\$progdir/\$program\"; }; then
-
-    file=\"\$\$-\$program\"
-
-    if test ! -d \"\$progdir\"; then
-      $mkdir \"\$progdir\"
-    else
-      $rm \"\$progdir/\$file\"
-    fi"
-
-	  $echo >> $output "\
-
-    # relink executable if necessary
-    if test -n \"\$relink_command\"; then
-      if relink_command_output=\`eval \$relink_command 2>&1\`; then :
-      else
-	$echo \"\$relink_command_output\" >&2
-	$rm \"\$progdir/\$file\"
-	exit $EXIT_FAILURE
-      fi
-    fi
-
-    $mv \"\$progdir/\$file\" \"\$progdir/\$program\" 2>/dev/null ||
-    { $rm \"\$progdir/\$program\";
-      $mv \"\$progdir/\$file\" \"\$progdir/\$program\"; }
-    $rm \"\$progdir/\$file\"
-  fi"
-	else
-	  $echo >> $output "\
-  program='$outputname'
-  progdir=\"\$thisdir/$objdir\"
-"
-	fi
-
-	$echo >> $output "\
-
-  if test -f \"\$progdir/\$program\"; then"
-
-	# Export our shlibpath_var if we have one.
-	if test "$shlibpath_overrides_runpath" = yes && test -n "$shlibpath_var" && test -n "$temp_rpath"; then
-	  $echo >> $output "\
-    # Add our own library path to $shlibpath_var
-    $shlibpath_var=\"$temp_rpath\$$shlibpath_var\"
-
-    # Some systems cannot cope with colon-terminated $shlibpath_var
-    # The second colon is a workaround for a bug in BeOS R4 sed
-    $shlibpath_var=\`\$echo \"X\$$shlibpath_var\" | \$Xsed -e 's/::*\$//'\`
-
-    export $shlibpath_var
-"
-	fi
-
-	# fixup the dll searchpath if we need to.
-	if test -n "$dllsearchpath"; then
-	  $echo >> $output "\
-    # Add the dll search path components to the executable PATH
-    PATH=$dllsearchpath:\$PATH
-"
-	fi
-
-	$echo >> $output "\
-    if test \"\$libtool_execute_magic\" != \"$magic\"; then
-      # Run the actual program with our arguments.
-"
-	case $host in
-	# Backslashes separate directories on plain windows
-	*-*-mingw | *-*-os2*)
-	  $echo >> $output "\
-      exec \"\$progdir\\\\\$program\" \${1+\"\$@\"}
-"
-	  ;;
-
-	*)
-	  $echo >> $output "\
-      exec \"\$progdir/\$program\" \${1+\"\$@\"}
-"
-	  ;;
-	esac
-	$echo >> $output "\
-      \$echo \"\$0: cannot exec \$program \${1+\"\$@\"}\"
-      exit $EXIT_FAILURE
-    fi
-  else
-    # The program doesn't exist.
-    \$echo \"\$0: error: \\\`\$progdir/\$program' does not exist\" 1>&2
-    \$echo \"This script is just a wrapper for \$program.\" 1>&2
-    $echo \"See the $PACKAGE documentation for more information.\" 1>&2
-    exit $EXIT_FAILURE
-  fi
-fi\
-"
-	chmod +x $output
-      fi
-      exit $EXIT_SUCCESS
-      ;;
-    esac
-
-    # See if we need to build an old-fashioned archive.
-    for oldlib in $oldlibs; do
-
-      if test "$build_libtool_libs" = convenience; then
-	oldobjs="$libobjs_save"
-	addlibs="$convenience"
-	build_libtool_libs=no
-      else
-	if test "$build_libtool_libs" = module; then
-	  oldobjs="$libobjs_save"
-	  build_libtool_libs=no
-	else
-	  oldobjs="$old_deplibs $non_pic_objects"
-	fi
-	addlibs="$old_convenience"
-      fi
-
-      if test -n "$addlibs"; then
-	gentop="$output_objdir/${outputname}x"
-	generated="$generated $gentop"
-
-	func_extract_archives $gentop $addlibs
-	oldobjs="$oldobjs $func_extract_archives_result"
-      fi
-
-      # Do each command in the archive commands.
-      if test -n "$old_archive_from_new_cmds" && test "$build_libtool_libs" = yes; then
-       cmds=$old_archive_from_new_cmds
-      else
-	# POSIX demands no paths to be encoded in archives.  We have
-	# to avoid creating archives with duplicate basenames if we
-	# might have to extract them afterwards, e.g., when creating a
-	# static archive out of a convenience library, or when linking
-	# the entirety of a libtool archive into another (currently
-	# not supported by libtool).
-	if (for obj in $oldobjs
-	    do
-	      $echo "X$obj" | $Xsed -e 's%^.*/%%'
-	    done | sort | sort -uc >/dev/null 2>&1); then
-	  :
-	else
-	  $echo "copying selected object files to avoid basename conflicts..."
-
-	  if test -z "$gentop"; then
-	    gentop="$output_objdir/${outputname}x"
-	    generated="$generated $gentop"
-
-	    $show "${rm}r $gentop"
-	    $run ${rm}r "$gentop"
-	    $show "$mkdir $gentop"
-	    $run $mkdir "$gentop"
-	    exit_status=$?
-	    if test "$exit_status" -ne 0 && test ! -d "$gentop"; then
-	      exit $exit_status
-	    fi
-	  fi
-
-	  save_oldobjs=$oldobjs
-	  oldobjs=
-	  counter=1
-	  for obj in $save_oldobjs
-	  do
-	    objbase=`$echo "X$obj" | $Xsed -e 's%^.*/%%'`
-	    case " $oldobjs " in
-	    " ") oldobjs=$obj ;;
-	    *[\ /]"$objbase "*)
-	      while :; do
-		# Make sure we don't pick an alternate name that also
-		# overlaps.
-		newobj=lt$counter-$objbase
-		counter=`expr $counter + 1`
-		case " $oldobjs " in
-		*[\ /]"$newobj "*) ;;
-		*) if test ! -f "$gentop/$newobj"; then break; fi ;;
-		esac
-	      done
-	      $show "ln $obj $gentop/$newobj || cp $obj $gentop/$newobj"
-	      $run ln "$obj" "$gentop/$newobj" ||
-	      $run cp "$obj" "$gentop/$newobj"
-	      oldobjs="$oldobjs $gentop/$newobj"
-	      ;;
-	    *) oldobjs="$oldobjs $obj" ;;
-	    esac
-	  done
-	fi
-
-	eval cmds=\"$old_archive_cmds\"
-
-	if len=`expr "X$cmds" : ".*"` &&
-	     test "$len" -le "$max_cmd_len" || test "$max_cmd_len" -le -1; then
-	  cmds=$old_archive_cmds
-	else
-	  # the command line is too long to link in one step, link in parts
-	  $echo "using piecewise archive linking..."
-	  save_RANLIB=$RANLIB
-	  RANLIB=:
-	  objlist=
-	  concat_cmds=
-	  save_oldobjs=$oldobjs
-
-	  # Is there a better way of finding the last object in the list?
-	  for obj in $save_oldobjs
-	  do
-	    last_oldobj=$obj
-	  done
-	  for obj in $save_oldobjs
-	  do
-	    oldobjs="$objlist $obj"
-	    objlist="$objlist $obj"
-	    eval test_cmds=\"$old_archive_cmds\"
-	    if len=`expr "X$test_cmds" : ".*" 2>/dev/null` &&
-	       test "$len" -le "$max_cmd_len"; then
-	      :
-	    else
-	      # the above command should be used before it gets too long
-	      oldobjs=$objlist
-	      if test "$obj" = "$last_oldobj" ; then
-	        RANLIB=$save_RANLIB
-	      fi
-	      test -z "$concat_cmds" || concat_cmds=$concat_cmds~
-	      eval concat_cmds=\"\${concat_cmds}$old_archive_cmds\"
-	      objlist=
-	    fi
-	  done
-	  RANLIB=$save_RANLIB
-	  oldobjs=$objlist
-	  if test "X$oldobjs" = "X" ; then
-	    eval cmds=\"\$concat_cmds\"
-	  else
-	    eval cmds=\"\$concat_cmds~\$old_archive_cmds\"
-	  fi
-	fi
-      fi
-      save_ifs="$IFS"; IFS='~'
-      for cmd in $cmds; do
-        eval cmd=\"$cmd\"
-	IFS="$save_ifs"
-	$show "$cmd"
-	$run eval "$cmd" || exit $?
-      done
-      IFS="$save_ifs"
-    done
-
-    if test -n "$generated"; then
-      $show "${rm}r$generated"
-      $run ${rm}r$generated
-    fi
-
-    # Now create the libtool archive.
-    case $output in
-    *.la)
-      old_library=
-      test "$build_old_libs" = yes && old_library="$libname.$libext"
-      $show "creating $output"
-
-      # Preserve any variables that may affect compiler behavior
-      for var in $variables_saved_for_relink; do
-	if eval test -z \"\${$var+set}\"; then
-	  relink_command="{ test -z \"\${$var+set}\" || unset $var || { $var=; export $var; }; }; $relink_command"
-	elif eval var_value=\$$var; test -z "$var_value"; then
-	  relink_command="$var=; export $var; $relink_command"
-	else
-	  var_value=`$echo "X$var_value" | $Xsed -e "$sed_quote_subst"`
-	  relink_command="$var=\"$var_value\"; export $var; $relink_command"
-	fi
-      done
-      # Quote the link command for shipping.
-      relink_command="(cd `pwd`; $SHELL $progpath $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)"
-      relink_command=`$echo "X$relink_command" | $Xsed -e "$sed_quote_subst"`
-      if test "$hardcode_automatic" = yes ; then
-	relink_command=
-      fi
-
-
-      # Only create the output if not a dry run.
-      if test -z "$run"; then
-	for installed in no yes; do
-	  if test "$installed" = yes; then
-	    if test -z "$install_libdir"; then
-	      break
-	    fi
-	    output="$output_objdir/$outputname"i
-	    # Replace all uninstalled libtool libraries with the installed ones
-	    newdependency_libs=
-	    for deplib in $dependency_libs; do
-	      case $deplib in
-	      *.la)
-		name=`$echo "X$deplib" | $Xsed -e 's%^.*/%%'`
-		eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib`
-		if test -z "$libdir"; then
-		  $echo "$modename: \`$deplib' is not a valid libtool archive" 1>&2
-		  exit $EXIT_FAILURE
-		fi
-		newdependency_libs="$newdependency_libs $libdir/$name"
-		;;
-	      *) newdependency_libs="$newdependency_libs $deplib" ;;
-	      esac
-	    done
-	    dependency_libs="$newdependency_libs"
-	    newdlfiles=
-	    for lib in $dlfiles; do
-	      name=`$echo "X$lib" | $Xsed -e 's%^.*/%%'`
-	      eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib`
-	      if test -z "$libdir"; then
-		$echo "$modename: \`$lib' is not a valid libtool archive" 1>&2
-		exit $EXIT_FAILURE
-	      fi
-	      newdlfiles="$newdlfiles $libdir/$name"
-	    done
-	    dlfiles="$newdlfiles"
-	    newdlprefiles=
-	    for lib in $dlprefiles; do
-	      name=`$echo "X$lib" | $Xsed -e 's%^.*/%%'`
-	      eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib`
-	      if test -z "$libdir"; then
-		$echo "$modename: \`$lib' is not a valid libtool archive" 1>&2
-		exit $EXIT_FAILURE
-	      fi
-	      newdlprefiles="$newdlprefiles $libdir/$name"
-	    done
-	    dlprefiles="$newdlprefiles"
-	  else
-	    newdlfiles=
-	    for lib in $dlfiles; do
-	      case $lib in
-		[\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;;
-		*) abs=`pwd`"/$lib" ;;
-	      esac
-	      newdlfiles="$newdlfiles $abs"
-	    done
-	    dlfiles="$newdlfiles"
-	    newdlprefiles=
-	    for lib in $dlprefiles; do
-	      case $lib in
-		[\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;;
-		*) abs=`pwd`"/$lib" ;;
-	      esac
-	      newdlprefiles="$newdlprefiles $abs"
-	    done
-	    dlprefiles="$newdlprefiles"
-	  fi
-	  $rm $output
-	  # place dlname in correct position for cygwin
-	  tdlname=$dlname
-	  case $host,$output,$installed,$module,$dlname in
-	    *cygwin*,*lai,yes,no,*.dll | *mingw*,*lai,yes,no,*.dll) tdlname=../bin/$dlname ;;
-	  esac
-	  $echo > $output "\
-# $outputname - a libtool library file
-# Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP
-#
-# Please DO NOT delete this file!
-# It is necessary for linking the library.
-
-# The name that we can dlopen(3).
-dlname='$tdlname'
-
-# Names of this library.
-library_names='$library_names'
-
-# The name of the static archive.
-old_library='$old_library'
-
-# Libraries that this one depends upon.
-dependency_libs='$dependency_libs'
-
-# Version information for $libname.
-current=$current
-age=$age
-revision=$revision
-
-# Is this an already installed library?
-installed=$installed
-
-# Should we warn about portability when linking against -modules?
-shouldnotlink=$module
-
-# Files to dlopen/dlpreopen
-dlopen='$dlfiles'
-dlpreopen='$dlprefiles'
-
-# Directory that this library needs to be installed in:
-libdir='$install_libdir'"
-	  if test "$installed" = no && test "$need_relink" = yes; then
-	    $echo >> $output "\
-relink_command=\"$relink_command\""
-	  fi
-	done
-      fi
-
-      # Do a symbolic link so that the libtool archive can be found in
-      # LD_LIBRARY_PATH before the program is installed.
-      $show "(cd $output_objdir && $rm $outputname && $LN_S ../$outputname $outputname)"
-      $run eval '(cd $output_objdir && $rm $outputname && $LN_S ../$outputname $outputname)' || exit $?
-      ;;
-    esac
-    exit $EXIT_SUCCESS
-    ;;
-
-  # libtool install mode
-  install)
-    modename="$modename: install"
-
-    # There may be an optional sh(1) argument at the beginning of
-    # install_prog (especially on Windows NT).
-    if test "$nonopt" = "$SHELL" || test "$nonopt" = /bin/sh ||
-       # Allow the use of GNU shtool's install command.
-       $echo "X$nonopt" | grep shtool > /dev/null; then
-      # Aesthetically quote it.
-      arg=`$echo "X$nonopt" | $Xsed -e "$sed_quote_subst"`
-      case $arg in
-      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
-	arg="\"$arg\""
-	;;
-      esac
-      install_prog="$arg "
-      arg="$1"
-      shift
-    else
-      install_prog=
-      arg=$nonopt
-    fi
-
-    # The real first argument should be the name of the installation program.
-    # Aesthetically quote it.
-    arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
-    case $arg in
-    *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
-      arg="\"$arg\""
-      ;;
-    esac
-    install_prog="$install_prog$arg"
-
-    # We need to accept at least all the BSD install flags.
-    dest=
-    files=
-    opts=
-    prev=
-    install_type=
-    isdir=no
-    stripme=
-    for arg
-    do
-      if test -n "$dest"; then
-	files="$files $dest"
-	dest=$arg
-	continue
-      fi
-
-      case $arg in
-      -d) isdir=yes ;;
-      -f) 
-      	case " $install_prog " in
-	*[\\\ /]cp\ *) ;;
-	*) prev=$arg ;;
-	esac
-	;;
-      -g | -m | -o) prev=$arg ;;
-      -s)
-	stripme=" -s"
-	continue
-	;;
-      -*)
-	;;
-      *)
-	# If the previous option needed an argument, then skip it.
-	if test -n "$prev"; then
-	  prev=
-	else
-	  dest=$arg
-	  continue
-	fi
-	;;
-      esac
-
-      # Aesthetically quote the argument.
-      arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
-      case $arg in
-      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
-	arg="\"$arg\""
-	;;
-      esac
-      install_prog="$install_prog $arg"
-    done
-
-    if test -z "$install_prog"; then
-      $echo "$modename: you must specify an install program" 1>&2
-      $echo "$help" 1>&2
-      exit $EXIT_FAILURE
-    fi
-
-    if test -n "$prev"; then
-      $echo "$modename: the \`$prev' option requires an argument" 1>&2
-      $echo "$help" 1>&2
-      exit $EXIT_FAILURE
-    fi
-
-    if test -z "$files"; then
-      if test -z "$dest"; then
-	$echo "$modename: no file or destination specified" 1>&2
-      else
-	$echo "$modename: you must specify a destination" 1>&2
-      fi
-      $echo "$help" 1>&2
-      exit $EXIT_FAILURE
-    fi
-
-    # Strip any trailing slash from the destination.
-    dest=`$echo "X$dest" | $Xsed -e 's%/$%%'`
-
-    # Check to see that the destination is a directory.
-    test -d "$dest" && isdir=yes
-    if test "$isdir" = yes; then
-      destdir="$dest"
-      destname=
-    else
-      destdir=`$echo "X$dest" | $Xsed -e 's%/[^/]*$%%'`
-      test "X$destdir" = "X$dest" && destdir=.
-      destname=`$echo "X$dest" | $Xsed -e 's%^.*/%%'`
-
-      # Not a directory, so check to see that there is only one file specified.
-      set dummy $files
-      if test "$#" -gt 2; then
-	$echo "$modename: \`$dest' is not a directory" 1>&2
-	$echo "$help" 1>&2
-	exit $EXIT_FAILURE
-      fi
-    fi
-    case $destdir in
-    [\\/]* | [A-Za-z]:[\\/]*) ;;
-    *)
-      for file in $files; do
-	case $file in
-	*.lo) ;;
-	*)
-	  $echo "$modename: \`$destdir' must be an absolute directory name" 1>&2
-	  $echo "$help" 1>&2
-	  exit $EXIT_FAILURE
-	  ;;
-	esac
-      done
-      ;;
-    esac
-
-    # This variable tells wrapper scripts just to set variables rather
-    # than running their programs.
-    libtool_install_magic="$magic"
-
-    staticlibs=
-    future_libdirs=
-    current_libdirs=
-    for file in $files; do
-
-      # Do each installation.
-      case $file in
-      *.$libext)
-	# Do the static libraries later.
-	staticlibs="$staticlibs $file"
-	;;
-
-      *.la)
-	# Check to see that this really is a libtool archive.
-	if (${SED} -e '2q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then :
-	else
-	  $echo "$modename: \`$file' is not a valid libtool archive" 1>&2
-	  $echo "$help" 1>&2
-	  exit $EXIT_FAILURE
-	fi
-
-	library_names=
-	old_library=
-	relink_command=
-	# If there is no directory component, then add one.
-	case $file in
-	*/* | *\\*) . $file ;;
-	*) . ./$file ;;
-	esac
-
-	# Add the libdir to current_libdirs if it is the destination.
-	if test "X$destdir" = "X$libdir"; then
-	  case "$current_libdirs " in
-	  *" $libdir "*) ;;
-	  *) current_libdirs="$current_libdirs $libdir" ;;
-	  esac
-	else
-	  # Note the libdir as a future libdir.
-	  case "$future_libdirs " in
-	  *" $libdir "*) ;;
-	  *) future_libdirs="$future_libdirs $libdir" ;;
-	  esac
-	fi
-
-	dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'`/
-	test "X$dir" = "X$file/" && dir=
-	dir="$dir$objdir"
-
-	if test -n "$relink_command"; then
-	  # Determine the prefix the user has applied to our future dir.
-	  inst_prefix_dir=`$echo "$destdir" | $SED "s%$libdir\$%%"`
-
-	  # Don't allow the user to place us outside of our expected
-	  # location b/c this prevents finding dependent libraries that
-	  # are installed to the same prefix.
-	  # At present, this check doesn't affect windows .dll's that
-	  # are installed into $libdir/../bin (currently, that works fine)
-	  # but it's something to keep an eye on.
-	  if test "$inst_prefix_dir" = "$destdir"; then
-	    $echo "$modename: error: cannot install \`$file' to a directory not ending in $libdir" 1>&2
-	    exit $EXIT_FAILURE
-	  fi
-
-	  if test -n "$inst_prefix_dir"; then
-	    # Stick the inst_prefix_dir data into the link command.
-	    relink_command=`$echo "$relink_command" | $SED "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%"`
-	  else
-	    relink_command=`$echo "$relink_command" | $SED "s%@inst_prefix_dir@%%"`
-	  fi
-
-	  $echo "$modename: warning: relinking \`$file'" 1>&2
-	  $show "$relink_command"
-	  if $run eval "$relink_command"; then :
-	  else
-	    $echo "$modename: error: relink \`$file' with the above command before installing it" 1>&2
-	    exit $EXIT_FAILURE
-	  fi
-	fi
-
-	# See the names of the shared library.
-	set dummy $library_names
-	if test -n "$2"; then
-	  realname="$2"
-	  shift
-	  shift
-
-	  srcname="$realname"
-	  test -n "$relink_command" && srcname="$realname"T
-
-	  # Install the shared library and build the symlinks.
-	  $show "$install_prog $dir/$srcname $destdir/$realname"
-	  $run eval "$install_prog $dir/$srcname $destdir/$realname" || exit $?
-	  if test -n "$stripme" && test -n "$striplib"; then
-	    $show "$striplib $destdir/$realname"
-	    $run eval "$striplib $destdir/$realname" || exit $?
-	  fi
-
-	  if test "$#" -gt 0; then
-	    # Delete the old symlinks, and create new ones.
-	    # Try `ln -sf' first, because the `ln' binary might depend on
-	    # the symlink we replace!  Solaris /bin/ln does not understand -f,
-	    # so we also need to try rm && ln -s.
-	    for linkname
-	    do
-	      if test "$linkname" != "$realname"; then
-                $show "(cd $destdir && { $LN_S -f $realname $linkname || { $rm $linkname && $LN_S $realname $linkname; }; })"
-                $run eval "(cd $destdir && { $LN_S -f $realname $linkname || { $rm $linkname && $LN_S $realname $linkname; }; })"
-	      fi
-	    done
-	  fi
-
-	  # Do each command in the postinstall commands.
-	  lib="$destdir/$realname"
-	  cmds=$postinstall_cmds
-	  save_ifs="$IFS"; IFS='~'
-	  for cmd in $cmds; do
-	    IFS="$save_ifs"
-	    eval cmd=\"$cmd\"
-	    $show "$cmd"
-	    $run eval "$cmd" || {
-	      lt_exit=$?
-
-	      # Restore the uninstalled library and exit
-	      if test "$mode" = relink; then
-		$run eval '(cd $output_objdir && $rm ${realname}T && $mv ${realname}U $realname)'
-	      fi
-
-	      exit $lt_exit
-	    }
-	  done
-	  IFS="$save_ifs"
-	fi
-
-	# Install the pseudo-library for information purposes.
-	name=`$echo "X$file" | $Xsed -e 's%^.*/%%'`
-	instname="$dir/$name"i
-	$show "$install_prog $instname $destdir/$name"
-	$run eval "$install_prog $instname $destdir/$name" || exit $?
-
-	# Maybe install the static library, too.
-	test -n "$old_library" && staticlibs="$staticlibs $dir/$old_library"
-	;;
-
-      *.lo)
-	# Install (i.e. copy) a libtool object.
-
-	# Figure out destination file name, if it wasn't already specified.
-	if test -n "$destname"; then
-	  destfile="$destdir/$destname"
-	else
-	  destfile=`$echo "X$file" | $Xsed -e 's%^.*/%%'`
-	  destfile="$destdir/$destfile"
-	fi
-
-	# Deduce the name of the destination old-style object file.
-	case $destfile in
-	*.lo)
-	  staticdest=`$echo "X$destfile" | $Xsed -e "$lo2o"`
-	  ;;
-	*.$objext)
-	  staticdest="$destfile"
-	  destfile=
-	  ;;
-	*)
-	  $echo "$modename: cannot copy a libtool object to \`$destfile'" 1>&2
-	  $echo "$help" 1>&2
-	  exit $EXIT_FAILURE
-	  ;;
-	esac
-
-	# Install the libtool object if requested.
-	if test -n "$destfile"; then
-	  $show "$install_prog $file $destfile"
-	  $run eval "$install_prog $file $destfile" || exit $?
-	fi
-
-	# Install the old object if enabled.
-	if test "$build_old_libs" = yes; then
-	  # Deduce the name of the old-style object file.
-	  staticobj=`$echo "X$file" | $Xsed -e "$lo2o"`
-
-	  $show "$install_prog $staticobj $staticdest"
-	  $run eval "$install_prog \$staticobj \$staticdest" || exit $?
-	fi
-	exit $EXIT_SUCCESS
-	;;
-
-      *)
-	# Figure out destination file name, if it wasn't already specified.
-	if test -n "$destname"; then
-	  destfile="$destdir/$destname"
-	else
-	  destfile=`$echo "X$file" | $Xsed -e 's%^.*/%%'`
-	  destfile="$destdir/$destfile"
-	fi
-
-	# If the file is missing, and there is a .exe on the end, strip it
-	# because it is most likely a libtool script we actually want to
-	# install
-	stripped_ext=""
-	case $file in
-	  *.exe)
-	    if test ! -f "$file"; then
-	      file=`$echo $file|${SED} 's,.exe$,,'`
-	      stripped_ext=".exe"
-	    fi
-	    ;;
-	esac
-
-	# Do a test to see if this is really a libtool program.
-	case $host in
-	*cygwin*|*mingw*)
-	    wrapper=`$echo $file | ${SED} -e 's,.exe$,,'`
-	    ;;
-	*)
-	    wrapper=$file
-	    ;;
-	esac
-	if (${SED} -e '4q' $wrapper | grep "^# Generated by .*$PACKAGE")>/dev/null 2>&1; then
-	  notinst_deplibs=
-	  relink_command=
-
-	  # Note that it is not necessary on cygwin/mingw to append a dot to
-	  # foo even if both foo and FILE.exe exist: automatic-append-.exe
-	  # behavior happens only for exec(3), not for open(2)!  Also, sourcing
-	  # `FILE.' does not work on cygwin managed mounts.
-	  #
-	  # If there is no directory component, then add one.
-	  case $wrapper in
-	  */* | *\\*) . ${wrapper} ;;
-	  *) . ./${wrapper} ;;
-	  esac
-
-	  # Check the variables that should have been set.
-	  if test -z "$notinst_deplibs"; then
-	    $echo "$modename: invalid libtool wrapper script \`$wrapper'" 1>&2
-	    exit $EXIT_FAILURE
-	  fi
-
-	  finalize=yes
-	  for lib in $notinst_deplibs; do
-	    # Check to see that each library is installed.
-	    libdir=
-	    if test -f "$lib"; then
-	      # If there is no directory component, then add one.
-	      case $lib in
-	      */* | *\\*) . $lib ;;
-	      *) . ./$lib ;;
-	      esac
-	    fi
-	    libfile="$libdir/"`$echo "X$lib" | $Xsed -e 's%^.*/%%g'` ### testsuite: skip nested quoting test
-	    if test -n "$libdir" && test ! -f "$libfile"; then
-	      $echo "$modename: warning: \`$lib' has not been installed in \`$libdir'" 1>&2
-	      finalize=no
-	    fi
-	  done
-
-	  relink_command=
-	  # Note that it is not necessary on cygwin/mingw to append a dot to
-	  # foo even if both foo and FILE.exe exist: automatic-append-.exe
-	  # behavior happens only for exec(3), not for open(2)!  Also, sourcing
-	  # `FILE.' does not work on cygwin managed mounts.
-	  #
-	  # If there is no directory component, then add one.
-	  case $wrapper in
-	  */* | *\\*) . ${wrapper} ;;
-	  *) . ./${wrapper} ;;
-	  esac
-
-	  outputname=
-	  if test "$fast_install" = no && test -n "$relink_command"; then
-	    if test "$finalize" = yes && test -z "$run"; then
-	      tmpdir=`func_mktempdir`
-	      file=`$echo "X$file$stripped_ext" | $Xsed -e 's%^.*/%%'`
-	      outputname="$tmpdir/$file"
-	      # Replace the output file specification.
-	      relink_command=`$echo "X$relink_command" | $Xsed -e 's%@OUTPUT@%'"$outputname"'%g'`
-
-	      $show "$relink_command"
-	      if $run eval "$relink_command"; then :
-	      else
-		$echo "$modename: error: relink \`$file' with the above command before installing it" 1>&2
-		${rm}r "$tmpdir"
-		continue
-	      fi
-	      file="$outputname"
-	    else
-	      $echo "$modename: warning: cannot relink \`$file'" 1>&2
-	    fi
-	  else
-	    # Install the binary that we compiled earlier.
-	    file=`$echo "X$file$stripped_ext" | $Xsed -e "s%\([^/]*\)$%$objdir/\1%"`
-	  fi
-	fi
-
-	# remove .exe since cygwin /usr/bin/install will append another
-	# one anyway 
-	case $install_prog,$host in
-	*/usr/bin/install*,*cygwin*)
-	  case $file:$destfile in
-	  *.exe:*.exe)
-	    # this is ok
-	    ;;
-	  *.exe:*)
-	    destfile=$destfile.exe
-	    ;;
-	  *:*.exe)
-	    destfile=`$echo $destfile | ${SED} -e 's,.exe$,,'`
-	    ;;
-	  esac
-	  ;;
-	esac
-	$show "$install_prog$stripme $file $destfile"
-	$run eval "$install_prog\$stripme \$file \$destfile" || exit $?
-	test -n "$outputname" && ${rm}r "$tmpdir"
-	;;
-      esac
-    done
-
-    for file in $staticlibs; do
-      name=`$echo "X$file" | $Xsed -e 's%^.*/%%'`
-
-      # Set up the ranlib parameters.
-      oldlib="$destdir/$name"
-
-      $show "$install_prog $file $oldlib"
-      $run eval "$install_prog \$file \$oldlib" || exit $?
-
-      if test -n "$stripme" && test -n "$old_striplib"; then
-	$show "$old_striplib $oldlib"
-	$run eval "$old_striplib $oldlib" || exit $?
-      fi
-
-      # Do each command in the postinstall commands.
-      cmds=$old_postinstall_cmds
-      save_ifs="$IFS"; IFS='~'
-      for cmd in $cmds; do
-	IFS="$save_ifs"
-	eval cmd=\"$cmd\"
-	$show "$cmd"
-	$run eval "$cmd" || exit $?
-      done
-      IFS="$save_ifs"
-    done
-
-    if test -n "$future_libdirs"; then
-      $echo "$modename: warning: remember to run \`$progname --finish$future_libdirs'" 1>&2
-    fi
-
-    if test -n "$current_libdirs"; then
-      # Maybe just do a dry run.
-      test -n "$run" && current_libdirs=" -n$current_libdirs"
-      exec_cmd='$SHELL $progpath $preserve_args --finish$current_libdirs'
-    else
-      exit $EXIT_SUCCESS
-    fi
-    ;;
-
-  # libtool finish mode
-  finish)
-    modename="$modename: finish"
-    libdirs="$nonopt"
-    admincmds=
-
-    if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then
-      for dir
-      do
-	libdirs="$libdirs $dir"
-      done
-
-      for libdir in $libdirs; do
-	if test -n "$finish_cmds"; then
-	  # Do each command in the finish commands.
-	  cmds=$finish_cmds
-	  save_ifs="$IFS"; IFS='~'
-	  for cmd in $cmds; do
-	    IFS="$save_ifs"
-	    eval cmd=\"$cmd\"
-	    $show "$cmd"
-	    $run eval "$cmd" || admincmds="$admincmds
-       $cmd"
-	  done
-	  IFS="$save_ifs"
-	fi
-	if test -n "$finish_eval"; then
-	  # Do the single finish_eval.
-	  eval cmds=\"$finish_eval\"
-	  $run eval "$cmds" || admincmds="$admincmds
-       $cmds"
-	fi
-      done
-    fi
-
-    # Exit here if they wanted silent mode.
-    test "$show" = : && exit $EXIT_SUCCESS
-
-    $echo "X----------------------------------------------------------------------" | $Xsed
-    $echo "Libraries have been installed in:"
-    for libdir in $libdirs; do
-      $echo "   $libdir"
-    done
-    $echo
-    $echo "If you ever happen to want to link against installed libraries"
-    $echo "in a given directory, LIBDIR, you must either use libtool, and"
-    $echo "specify the full pathname of the library, or use the \`-LLIBDIR'"
-    $echo "flag during linking and do at least one of the following:"
-    if test -n "$shlibpath_var"; then
-      $echo "   - add LIBDIR to the \`$shlibpath_var' environment variable"
-      $echo "     during execution"
-    fi
-    if test -n "$runpath_var"; then
-      $echo "   - add LIBDIR to the \`$runpath_var' environment variable"
-      $echo "     during linking"
-    fi
-    if test -n "$hardcode_libdir_flag_spec"; then
-      libdir=LIBDIR
-      eval flag=\"$hardcode_libdir_flag_spec\"
-
-      $echo "   - use the \`$flag' linker flag"
-    fi
-    if test -n "$admincmds"; then
-      $echo "   - have your system administrator run these commands:$admincmds"
-    fi
-    if test -f /etc/ld.so.conf; then
-      $echo "   - have your system administrator add LIBDIR to \`/etc/ld.so.conf'"
-    fi
-    $echo
-    $echo "See any operating system documentation about shared libraries for"
-    $echo "more information, such as the ld(1) and ld.so(8) manual pages."
-    $echo "X----------------------------------------------------------------------" | $Xsed
-    exit $EXIT_SUCCESS
-    ;;
-
-  # libtool execute mode
-  execute)
-    modename="$modename: execute"
-
-    # The first argument is the command name.
-    cmd="$nonopt"
-    if test -z "$cmd"; then
-      $echo "$modename: you must specify a COMMAND" 1>&2
-      $echo "$help"
-      exit $EXIT_FAILURE
-    fi
-
-    # Handle -dlopen flags immediately.
-    for file in $execute_dlfiles; do
-      if test ! -f "$file"; then
-	$echo "$modename: \`$file' is not a file" 1>&2
-	$echo "$help" 1>&2
-	exit $EXIT_FAILURE
-      fi
-
-      dir=
-      case $file in
-      *.la)
-	# Check to see that this really is a libtool archive.
-	if (${SED} -e '2q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then :
-	else
-	  $echo "$modename: \`$lib' is not a valid libtool archive" 1>&2
-	  $echo "$help" 1>&2
-	  exit $EXIT_FAILURE
-	fi
-
-	# Read the libtool library.
-	dlname=
-	library_names=
-
-	# If there is no directory component, then add one.
-	case $file in
-	*/* | *\\*) . $file ;;
-	*) . ./$file ;;
-	esac
-
-	# Skip this library if it cannot be dlopened.
-	if test -z "$dlname"; then
-	  # Warn if it was a shared library.
-	  test -n "$library_names" && $echo "$modename: warning: \`$file' was not linked with \`-export-dynamic'"
-	  continue
-	fi
-
-	dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'`
-	test "X$dir" = "X$file" && dir=.
-
-	if test -f "$dir/$objdir/$dlname"; then
-	  dir="$dir/$objdir"
-	else
-	  $echo "$modename: cannot find \`$dlname' in \`$dir' or \`$dir/$objdir'" 1>&2
-	  exit $EXIT_FAILURE
-	fi
-	;;
-
-      *.lo)
-	# Just add the directory containing the .lo file.
-	dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'`
-	test "X$dir" = "X$file" && dir=.
-	;;
-
-      *)
-	$echo "$modename: warning \`-dlopen' is ignored for non-libtool libraries and objects" 1>&2
-	continue
-	;;
-      esac
-
-      # Get the absolute pathname.
-      absdir=`cd "$dir" && pwd`
-      test -n "$absdir" && dir="$absdir"
-
-      # Now add the directory to shlibpath_var.
-      if eval "test -z \"\$$shlibpath_var\""; then
-	eval "$shlibpath_var=\"\$dir\""
-      else
-	eval "$shlibpath_var=\"\$dir:\$$shlibpath_var\""
-      fi
-    done
-
-    # This variable tells wrapper scripts just to set shlibpath_var
-    # rather than running their programs.
-    libtool_execute_magic="$magic"
-
-    # Check if any of the arguments is a wrapper script.
-    args=
-    for file
-    do
-      case $file in
-      -*) ;;
-      *)
-	# Do a test to see if this is really a libtool program.
-	if (${SED} -e '4q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
-	  # If there is no directory component, then add one.
-	  case $file in
-	  */* | *\\*) . $file ;;
-	  *) . ./$file ;;
-	  esac
-
-	  # Transform arg to wrapped name.
-	  file="$progdir/$program"
-	fi
-	;;
-      esac
-      # Quote arguments (to preserve shell metacharacters).
-      file=`$echo "X$file" | $Xsed -e "$sed_quote_subst"`
-      args="$args \"$file\""
-    done
-
-    if test -z "$run"; then
-      if test -n "$shlibpath_var"; then
-	# Export the shlibpath_var.
-	eval "export $shlibpath_var"
-      fi
-
-      # Restore saved environment variables
-      if test "${save_LC_ALL+set}" = set; then
-	LC_ALL="$save_LC_ALL"; export LC_ALL
-      fi
-      if test "${save_LANG+set}" = set; then
-	LANG="$save_LANG"; export LANG
-      fi
-
-      # Now prepare to actually exec the command.
-      exec_cmd="\$cmd$args"
-    else
-      # Display what would be done.
-      if test -n "$shlibpath_var"; then
-	eval "\$echo \"\$shlibpath_var=\$$shlibpath_var\""
-	$echo "export $shlibpath_var"
-      fi
-      $echo "$cmd$args"
-      exit $EXIT_SUCCESS
-    fi
-    ;;
-
-  # libtool clean and uninstall mode
-  clean | uninstall)
-    modename="$modename: $mode"
-    rm="$nonopt"
-    files=
-    rmforce=
-    exit_status=0
-
-    # This variable tells wrapper scripts just to set variables rather
-    # than running their programs.
-    libtool_install_magic="$magic"
-
-    for arg
-    do
-      case $arg in
-      -f) rm="$rm $arg"; rmforce=yes ;;
-      -*) rm="$rm $arg" ;;
-      *) files="$files $arg" ;;
-      esac
-    done
-
-    if test -z "$rm"; then
-      $echo "$modename: you must specify an RM program" 1>&2
-      $echo "$help" 1>&2
-      exit $EXIT_FAILURE
-    fi
-
-    rmdirs=
-
-    origobjdir="$objdir"
-    for file in $files; do
-      dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'`
-      if test "X$dir" = "X$file"; then
-	dir=.
-	objdir="$origobjdir"
-      else
-	objdir="$dir/$origobjdir"
-      fi
-      name=`$echo "X$file" | $Xsed -e 's%^.*/%%'`
-      test "$mode" = uninstall && objdir="$dir"
-
-      # Remember objdir for removal later, being careful to avoid duplicates
-      if test "$mode" = clean; then
-	case " $rmdirs " in
-	  *" $objdir "*) ;;
-	  *) rmdirs="$rmdirs $objdir" ;;
-	esac
-      fi
-
-      # Don't error if the file doesn't exist and rm -f was used.
-      if (test -L "$file") >/dev/null 2>&1 \
-	|| (test -h "$file") >/dev/null 2>&1 \
-	|| test -f "$file"; then
-	:
-      elif test -d "$file"; then
-	exit_status=1
-	continue
-      elif test "$rmforce" = yes; then
-	continue
-      fi
-
-      rmfiles="$file"
-
-      case $name in
-      *.la)
-	# Possibly a libtool archive, so verify it.
-	if (${SED} -e '2q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
-	  . $dir/$name
-
-	  # Delete the libtool libraries and symlinks.
-	  for n in $library_names; do
-	    rmfiles="$rmfiles $objdir/$n"
-	  done
-	  test -n "$old_library" && rmfiles="$rmfiles $objdir/$old_library"
-
-	  case "$mode" in
-	  clean)
-	    case "  $library_names " in
-	    # "  " in the beginning catches empty $dlname
-	    *" $dlname "*) ;;
-	    *) rmfiles="$rmfiles $objdir/$dlname" ;;
-	    esac
-	     test -n "$libdir" && rmfiles="$rmfiles $objdir/$name $objdir/${name}i"
-	    ;;
-	  uninstall)
-	    if test -n "$library_names"; then
-	      # Do each command in the postuninstall commands.
-	      cmds=$postuninstall_cmds
-	      save_ifs="$IFS"; IFS='~'
-	      for cmd in $cmds; do
-		IFS="$save_ifs"
-		eval cmd=\"$cmd\"
-		$show "$cmd"
-		$run eval "$cmd"
-		if test "$?" -ne 0 && test "$rmforce" != yes; then
-		  exit_status=1
-		fi
-	      done
-	      IFS="$save_ifs"
-	    fi
-
-	    if test -n "$old_library"; then
-	      # Do each command in the old_postuninstall commands.
-	      cmds=$old_postuninstall_cmds
-	      save_ifs="$IFS"; IFS='~'
-	      for cmd in $cmds; do
-		IFS="$save_ifs"
-		eval cmd=\"$cmd\"
-		$show "$cmd"
-		$run eval "$cmd"
-		if test "$?" -ne 0 && test "$rmforce" != yes; then
-		  exit_status=1
-		fi
-	      done
-	      IFS="$save_ifs"
-	    fi
-	    # FIXME: should reinstall the best remaining shared library.
-	    ;;
-	  esac
-	fi
-	;;
-
-      *.lo)
-	# Possibly a libtool object, so verify it.
-	if (${SED} -e '2q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
-
-	  # Read the .lo file
-	  . $dir/$name
-
-	  # Add PIC object to the list of files to remove.
-	  if test -n "$pic_object" \
-	     && test "$pic_object" != none; then
-	    rmfiles="$rmfiles $dir/$pic_object"
-	  fi
-
-	  # Add non-PIC object to the list of files to remove.
-	  if test -n "$non_pic_object" \
-	     && test "$non_pic_object" != none; then
-	    rmfiles="$rmfiles $dir/$non_pic_object"
-	  fi
-	fi
-	;;
-
-      *)
-	if test "$mode" = clean ; then
-	  noexename=$name
-	  case $file in
-	  *.exe)
-	    file=`$echo $file|${SED} 's,.exe$,,'`
-	    noexename=`$echo $name|${SED} 's,.exe$,,'`
-	    # $file with .exe has already been added to rmfiles,
-	    # add $file without .exe
-	    rmfiles="$rmfiles $file"
-	    ;;
-	  esac
-	  # Do a test to see if this is a libtool program.
-	  if (${SED} -e '4q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
-	    relink_command=
-	    . $dir/$noexename
-
-	    # note $name still contains .exe if it was in $file originally
-	    # as does the version of $file that was added into $rmfiles
-	    rmfiles="$rmfiles $objdir/$name $objdir/${name}S.${objext}"
-	    if test "$fast_install" = yes && test -n "$relink_command"; then
-	      rmfiles="$rmfiles $objdir/lt-$name"
-	    fi
-	    if test "X$noexename" != "X$name" ; then
-	      rmfiles="$rmfiles $objdir/lt-${noexename}.c"
-	    fi
-	  fi
-	fi
-	;;
-      esac
-      $show "$rm $rmfiles"
-      $run $rm $rmfiles || exit_status=1
-    done
-    objdir="$origobjdir"
-
-    # Try to remove the ${objdir}s in the directories where we deleted files
-    for dir in $rmdirs; do
-      if test -d "$dir"; then
-	$show "rmdir $dir"
-	$run rmdir $dir >/dev/null 2>&1
-      fi
-    done
-
-    exit $exit_status
-    ;;
-
-  "")
-    $echo "$modename: you must specify a MODE" 1>&2
-    $echo "$generic_help" 1>&2
-    exit $EXIT_FAILURE
-    ;;
-  esac
-
-  if test -z "$exec_cmd"; then
-    $echo "$modename: invalid operation mode \`$mode'" 1>&2
-    $echo "$generic_help" 1>&2
-    exit $EXIT_FAILURE
-  fi
-fi # test -z "$show_help"
-
-if test -n "$exec_cmd"; then
-  eval exec $exec_cmd
-  exit $EXIT_FAILURE
-fi
-
-# We need to display help for each of the modes.
-case $mode in
-"") $echo \
-"Usage: $modename [OPTION]... [MODE-ARG]...
-
-Provide generalized library-building support services.
-
-    --config          show all configuration variables
-    --debug           enable verbose shell tracing
--n, --dry-run         display commands without modifying any files
-    --features        display basic configuration information and exit
-    --finish          same as \`--mode=finish'
-    --help            display this help message and exit
-    --mode=MODE       use operation mode MODE [default=inferred from MODE-ARGS]
-    --quiet           same as \`--silent'
-    --silent          don't print informational messages
-    --tag=TAG         use configuration variables from tag TAG
-    --version         print version information
-
-MODE must be one of the following:
-
-      clean           remove files from the build directory
-      compile         compile a source file into a libtool object
-      execute         automatically set library path, then run a program
-      finish          complete the installation of libtool libraries
-      install         install libraries or executables
-      link            create a library or an executable
-      uninstall       remove libraries from an installed directory
-
-MODE-ARGS vary depending on the MODE.  Try \`$modename --help --mode=MODE' for
-a more detailed description of MODE.
-
-Report bugs to <bug-libtool@gnu.org>."
-  exit $EXIT_SUCCESS
-  ;;
-
-clean)
-  $echo \
-"Usage: $modename [OPTION]... --mode=clean RM [RM-OPTION]... FILE...
-
-Remove files from the build directory.
-
-RM is the name of the program to use to delete files associated with each FILE
-(typically \`/bin/rm').  RM-OPTIONS are options (such as \`-f') to be passed
-to RM.
-
-If FILE is a libtool library, object or program, all the files associated
-with it are deleted. Otherwise, only FILE itself is deleted using RM."
-  ;;
-
-compile)
-  $echo \
-"Usage: $modename [OPTION]... --mode=compile COMPILE-COMMAND... SOURCEFILE
-
-Compile a source file into a libtool library object.
-
-This mode accepts the following additional options:
-
-  -o OUTPUT-FILE    set the output file name to OUTPUT-FILE
-  -prefer-pic       try to building PIC objects only
-  -prefer-non-pic   try to building non-PIC objects only
-  -static           always build a \`.o' file suitable for static linking
-
-COMPILE-COMMAND is a command to be used in creating a \`standard' object file
-from the given SOURCEFILE.
-
-The output file name is determined by removing the directory component from
-SOURCEFILE, then substituting the C source code suffix \`.c' with the
-library object suffix, \`.lo'."
-  ;;
-
-execute)
-  $echo \
-"Usage: $modename [OPTION]... --mode=execute COMMAND [ARGS]...
-
-Automatically set library path, then run a program.
-
-This mode accepts the following additional options:
-
-  -dlopen FILE      add the directory containing FILE to the library path
-
-This mode sets the library path environment variable according to \`-dlopen'
-flags.
-
-If any of the ARGS are libtool executable wrappers, then they are translated
-into their corresponding uninstalled binary, and any of their required library
-directories are added to the library path.
-
-Then, COMMAND is executed, with ARGS as arguments."
-  ;;
-
-finish)
-  $echo \
-"Usage: $modename [OPTION]... --mode=finish [LIBDIR]...
-
-Complete the installation of libtool libraries.
-
-Each LIBDIR is a directory that contains libtool libraries.
-
-The commands that this mode executes may require superuser privileges.  Use
-the \`--dry-run' option if you just want to see what would be executed."
-  ;;
-
-install)
-  $echo \
-"Usage: $modename [OPTION]... --mode=install INSTALL-COMMAND...
-
-Install executables or libraries.
-
-INSTALL-COMMAND is the installation command.  The first component should be
-either the \`install' or \`cp' program.
-
-The rest of the components are interpreted as arguments to that command (only
-BSD-compatible install options are recognized)."
-  ;;
-
-link)
-  $echo \
-"Usage: $modename [OPTION]... --mode=link LINK-COMMAND...
-
-Link object files or libraries together to form another library, or to
-create an executable program.
-
-LINK-COMMAND is a command using the C compiler that you would use to create
-a program from several object files.
-
-The following components of LINK-COMMAND are treated specially:
-
-  -all-static       do not do any dynamic linking at all
-  -avoid-version    do not add a version suffix if possible
-  -dlopen FILE      \`-dlpreopen' FILE if it cannot be dlopened at runtime
-  -dlpreopen FILE   link in FILE and add its symbols to lt_preloaded_symbols
-  -export-dynamic   allow symbols from OUTPUT-FILE to be resolved with dlsym(3)
-  -export-symbols SYMFILE
-		    try to export only the symbols listed in SYMFILE
-  -export-symbols-regex REGEX
-		    try to export only the symbols matching REGEX
-  -LLIBDIR          search LIBDIR for required installed libraries
-  -lNAME            OUTPUT-FILE requires the installed library libNAME
-  -module           build a library that can dlopened
-  -no-fast-install  disable the fast-install mode
-  -no-install       link a not-installable executable
-  -no-undefined     declare that a library does not refer to external symbols
-  -o OUTPUT-FILE    create OUTPUT-FILE from the specified objects
-  -objectlist FILE  Use a list of object files found in FILE to specify objects
-  -precious-files-regex REGEX
-                    don't remove output files matching REGEX
-  -release RELEASE  specify package release information
-  -rpath LIBDIR     the created library will eventually be installed in LIBDIR
-  -R[ ]LIBDIR       add LIBDIR to the runtime path of programs and libraries
-  -static           do not do any dynamic linking of libtool libraries
-  -version-info CURRENT[:REVISION[:AGE]]
-		    specify library version info [each variable defaults to 0]
-
-All other options (arguments beginning with \`-') are ignored.
-
-Every other argument is treated as a filename.  Files ending in \`.la' are
-treated as uninstalled libtool libraries, other files are standard or library
-object files.
-
-If the OUTPUT-FILE ends in \`.la', then a libtool library is created,
-only library objects (\`.lo' files) may be specified, and \`-rpath' is
-required, except when creating a convenience library.
-
-If OUTPUT-FILE ends in \`.a' or \`.lib', then a standard library is created
-using \`ar' and \`ranlib', or on Windows using \`lib'.
-
-If OUTPUT-FILE ends in \`.lo' or \`.${objext}', then a reloadable object file
-is created, otherwise an executable program is created."
-  ;;
-
-uninstall)
-  $echo \
-"Usage: $modename [OPTION]... --mode=uninstall RM [RM-OPTION]... FILE...
-
-Remove libraries from an installation directory.
-
-RM is the name of the program to use to delete files associated with each FILE
-(typically \`/bin/rm').  RM-OPTIONS are options (such as \`-f') to be passed
-to RM.
-
-If FILE is a libtool library, all the files associated with it are deleted.
-Otherwise, only FILE itself is deleted using RM."
-  ;;
-
-*)
-  $echo "$modename: invalid operation mode \`$mode'" 1>&2
-  $echo "$help" 1>&2
-  exit $EXIT_FAILURE
-  ;;
-esac
-
-$echo
-$echo "Try \`$modename --help' for more information about other modes."
-
-exit $?
-
-# The TAGs below are defined such that we never get into a situation
-# in which we disable both kinds of libraries.  Given conflicting
-# choices, we go for a static library, that is the most portable,
-# since we can't tell whether shared libraries were disabled because
-# the user asked for that or because the platform doesn't support
-# them.  This is particularly important on AIX, because we don't
-# support having both static and shared libraries enabled at the same
-# time on that platform, so we default to a shared-only configuration.
-# If a disable-shared tag is given, we'll fallback to a static-only
-# configuration.  But we'll never go from static-only to shared-only.
-
-# ### BEGIN LIBTOOL TAG CONFIG: disable-shared
-disable_libs=shared
-# ### END LIBTOOL TAG CONFIG: disable-shared
-
-# ### BEGIN LIBTOOL TAG CONFIG: disable-static
-disable_libs=static
-# ### END LIBTOOL TAG CONFIG: disable-static
-
-# Local Variables:
-# mode:shell-script
-# sh-indentation:2
-# End:
diff --git a/crypto/heimdal/missing b/crypto/heimdal/missing
deleted file mode 100644
index 1c8ff7049d8f..000000000000
--- a/crypto/heimdal/missing
+++ /dev/null
@@ -1,367 +0,0 @@
-#! /bin/sh
-# Common stub for a few missing GNU programs while installing.
-
-scriptversion=2006-05-10.23
-
-# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005, 2006
-#   Free Software Foundation, Inc.
-# Originally by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
-
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
-# 02110-1301, USA.
-
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-if test $# -eq 0; then
-  echo 1>&2 "Try \`$0 --help' for more information"
-  exit 1
-fi
-
-run=:
-sed_output='s/.* --output[ =]\([^ ]*\).*/\1/p'
-sed_minuso='s/.* -o \([^ ]*\).*/\1/p'
-
-# In the cases where this matters, `missing' is being run in the
-# srcdir already.
-if test -f configure.ac; then
-  configure_ac=configure.ac
-else
-  configure_ac=configure.in
-fi
-
-msg="missing on your system"
-
-case $1 in
---run)
-  # Try to run requested program, and just exit if it succeeds.
-  run=
-  shift
-  "$@" && exit 0
-  # Exit code 63 means version mismatch.  This often happens
-  # when the user try to use an ancient version of a tool on
-  # a file that requires a minimum version.  In this case we
-  # we should proceed has if the program had been absent, or
-  # if --run hadn't been passed.
-  if test $? = 63; then
-    run=:
-    msg="probably too old"
-  fi
-  ;;
-
-  -h|--h|--he|--hel|--help)
-    echo "\
-$0 [OPTION]... PROGRAM [ARGUMENT]...
-
-Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an
-error status if there is no known handling for PROGRAM.
-
-Options:
-  -h, --help      display this help and exit
-  -v, --version   output version information and exit
-  --run           try to run the given command, and emulate it if it fails
-
-Supported PROGRAM values:
-  aclocal      touch file \`aclocal.m4'
-  autoconf     touch file \`configure'
-  autoheader   touch file \`config.h.in'
-  autom4te     touch the output file, or create a stub one
-  automake     touch all \`Makefile.in' files
-  bison        create \`y.tab.[ch]', if possible, from existing .[ch]
-  flex         create \`lex.yy.c', if possible, from existing .c
-  help2man     touch the output file
-  lex          create \`lex.yy.c', if possible, from existing .c
-  makeinfo     touch the output file
-  tar          try tar, gnutar, gtar, then tar without non-portable flags
-  yacc         create \`y.tab.[ch]', if possible, from existing .[ch]
-
-Send bug reports to <bug-automake@gnu.org>."
-    exit $?
-    ;;
-
-  -v|--v|--ve|--ver|--vers|--versi|--versio|--version)
-    echo "missing $scriptversion (GNU Automake)"
-    exit $?
-    ;;
-
-  -*)
-    echo 1>&2 "$0: Unknown \`$1' option"
-    echo 1>&2 "Try \`$0 --help' for more information"
-    exit 1
-    ;;
-
-esac
-
-# Now exit if we have it, but it failed.  Also exit now if we
-# don't have it and --version was passed (most likely to detect
-# the program).
-case $1 in
-  lex|yacc)
-    # Not GNU programs, they don't have --version.
-    ;;
-
-  tar)
-    if test -n "$run"; then
-       echo 1>&2 "ERROR: \`tar' requires --run"
-       exit 1
-    elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
-       exit 1
-    fi
-    ;;
-
-  *)
-    if test -z "$run" && ($1 --version) > /dev/null 2>&1; then
-       # We have it, but it failed.
-       exit 1
-    elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
-       # Could not run --version or --help.  This is probably someone
-       # running `$TOOL --version' or `$TOOL --help' to check whether
-       # $TOOL exists and not knowing $TOOL uses missing.
-       exit 1
-    fi
-    ;;
-esac
-
-# If it does not exist, or fails to run (possibly an outdated version),
-# try to emulate it.
-case $1 in
-  aclocal*)
-    echo 1>&2 "\
-WARNING: \`$1' is $msg.  You should only need it if
-         you modified \`acinclude.m4' or \`${configure_ac}'.  You might want
-         to install the \`Automake' and \`Perl' packages.  Grab them from
-         any GNU archive site."
-    touch aclocal.m4
-    ;;
-
-  autoconf)
-    echo 1>&2 "\
-WARNING: \`$1' is $msg.  You should only need it if
-         you modified \`${configure_ac}'.  You might want to install the
-         \`Autoconf' and \`GNU m4' packages.  Grab them from any GNU
-         archive site."
-    touch configure
-    ;;
-
-  autoheader)
-    echo 1>&2 "\
-WARNING: \`$1' is $msg.  You should only need it if
-         you modified \`acconfig.h' or \`${configure_ac}'.  You might want
-         to install the \`Autoconf' and \`GNU m4' packages.  Grab them
-         from any GNU archive site."
-    files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}`
-    test -z "$files" && files="config.h"
-    touch_files=
-    for f in $files; do
-      case $f in
-      *:*) touch_files="$touch_files "`echo "$f" |
-				       sed -e 's/^[^:]*://' -e 's/:.*//'`;;
-      *) touch_files="$touch_files $f.in";;
-      esac
-    done
-    touch $touch_files
-    ;;
-
-  automake*)
-    echo 1>&2 "\
-WARNING: \`$1' is $msg.  You should only need it if
-         you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'.
-         You might want to install the \`Automake' and \`Perl' packages.
-         Grab them from any GNU archive site."
-    find . -type f -name Makefile.am -print |
-	   sed 's/\.am$/.in/' |
-	   while read f; do touch "$f"; done
-    ;;
-
-  autom4te)
-    echo 1>&2 "\
-WARNING: \`$1' is needed, but is $msg.
-         You might have modified some files without having the
-         proper tools for further handling them.
-         You can get \`$1' as part of \`Autoconf' from any GNU
-         archive site."
-
-    file=`echo "$*" | sed -n "$sed_output"`
-    test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
-    if test -f "$file"; then
-	touch $file
-    else
-	test -z "$file" || exec >$file
-	echo "#! /bin/sh"
-	echo "# Created by GNU Automake missing as a replacement of"
-	echo "#  $ $@"
-	echo "exit 0"
-	chmod +x $file
-	exit 1
-    fi
-    ;;
-
-  bison|yacc)
-    echo 1>&2 "\
-WARNING: \`$1' $msg.  You should only need it if
-         you modified a \`.y' file.  You may need the \`Bison' package
-         in order for those modifications to take effect.  You can get
-         \`Bison' from any GNU archive site."
-    rm -f y.tab.c y.tab.h
-    if test $# -ne 1; then
-        eval LASTARG="\${$#}"
-	case $LASTARG in
-	*.y)
-	    SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'`
-	    if test -f "$SRCFILE"; then
-	         cp "$SRCFILE" y.tab.c
-	    fi
-	    SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'`
-	    if test -f "$SRCFILE"; then
-	         cp "$SRCFILE" y.tab.h
-	    fi
-	  ;;
-	esac
-    fi
-    if test ! -f y.tab.h; then
-	echo >y.tab.h
-    fi
-    if test ! -f y.tab.c; then
-	echo 'main() { return 0; }' >y.tab.c
-    fi
-    ;;
-
-  lex|flex)
-    echo 1>&2 "\
-WARNING: \`$1' is $msg.  You should only need it if
-         you modified a \`.l' file.  You may need the \`Flex' package
-         in order for those modifications to take effect.  You can get
-         \`Flex' from any GNU archive site."
-    rm -f lex.yy.c
-    if test $# -ne 1; then
-        eval LASTARG="\${$#}"
-	case $LASTARG in
-	*.l)
-	    SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'`
-	    if test -f "$SRCFILE"; then
-	         cp "$SRCFILE" lex.yy.c
-	    fi
-	  ;;
-	esac
-    fi
-    if test ! -f lex.yy.c; then
-	echo 'main() { return 0; }' >lex.yy.c
-    fi
-    ;;
-
-  help2man)
-    echo 1>&2 "\
-WARNING: \`$1' is $msg.  You should only need it if
-	 you modified a dependency of a manual page.  You may need the
-	 \`Help2man' package in order for those modifications to take
-	 effect.  You can get \`Help2man' from any GNU archive site."
-
-    file=`echo "$*" | sed -n "$sed_output"`
-    test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
-    if test -f "$file"; then
-	touch $file
-    else
-	test -z "$file" || exec >$file
-	echo ".ab help2man is required to generate this page"
-	exit 1
-    fi
-    ;;
-
-  makeinfo)
-    echo 1>&2 "\
-WARNING: \`$1' is $msg.  You should only need it if
-         you modified a \`.texi' or \`.texinfo' file, or any other file
-         indirectly affecting the aspect of the manual.  The spurious
-         call might also be the consequence of using a buggy \`make' (AIX,
-         DU, IRIX).  You might want to install the \`Texinfo' package or
-         the \`GNU make' package.  Grab either from any GNU archive site."
-    # The file to touch is that specified with -o ...
-    file=`echo "$*" | sed -n "$sed_output"`
-    test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
-    if test -z "$file"; then
-      # ... or it is the one specified with @setfilename ...
-      infile=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'`
-      file=`sed -n '
-	/^@setfilename/{
-	  s/.* \([^ ]*\) *$/\1/
-	  p
-	  q
-	}' $infile`
-      # ... or it is derived from the source name (dir/f.texi becomes f.info)
-      test -z "$file" && file=`echo "$infile" | sed 's,.*/,,;s,.[^.]*$,,'`.info
-    fi
-    # If the file does not exist, the user really needs makeinfo;
-    # let's fail without touching anything.
-    test -f $file || exit 1
-    touch $file
-    ;;
-
-  tar)
-    shift
-
-    # We have already tried tar in the generic part.
-    # Look for gnutar/gtar before invocation to avoid ugly error
-    # messages.
-    if (gnutar --version > /dev/null 2>&1); then
-       gnutar "$@" && exit 0
-    fi
-    if (gtar --version > /dev/null 2>&1); then
-       gtar "$@" && exit 0
-    fi
-    firstarg="$1"
-    if shift; then
-	case $firstarg in
-	*o*)
-	    firstarg=`echo "$firstarg" | sed s/o//`
-	    tar "$firstarg" "$@" && exit 0
-	    ;;
-	esac
-	case $firstarg in
-	*h*)
-	    firstarg=`echo "$firstarg" | sed s/h//`
-	    tar "$firstarg" "$@" && exit 0
-	    ;;
-	esac
-    fi
-
-    echo 1>&2 "\
-WARNING: I can't seem to be able to run \`tar' with the given arguments.
-         You may want to install GNU tar or Free paxutils, or check the
-         command line arguments."
-    exit 1
-    ;;
-
-  *)
-    echo 1>&2 "\
-WARNING: \`$1' is needed, and is $msg.
-         You might have modified some files without having the
-         proper tools for further handling them.  Check the \`README' file,
-         it often tells you about the needed prerequisites for installing
-         this package.  You may also peek at any GNU archive site, in case
-         some other package would contain this missing \`$1' program."
-    exit 1
-    ;;
-esac
-
-exit 0
-
-# Local variables:
-# eval: (add-hook 'write-file-hooks 'time-stamp)
-# time-stamp-start: "scriptversion="
-# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-end: "$"
-# End:
diff --git a/crypto/heimdal/mkinstalldirs b/crypto/heimdal/mkinstalldirs
deleted file mode 100755
index 6fbe5e117629..000000000000
--- a/crypto/heimdal/mkinstalldirs
+++ /dev/null
@@ -1,150 +0,0 @@
-#! /bin/sh
-# mkinstalldirs --- make directory hierarchy
-
-scriptversion=2004-02-15.20
-
-# Original author: Noah Friedman <friedman@prep.ai.mit.edu>
-# Created: 1993-05-16
-# Public domain.
-#
-# This file is maintained in Automake, please report
-# bugs to <bug-automake@gnu.org> or send patches to
-# <automake-patches@gnu.org>.
-
-errstatus=0
-dirmode=""
-
-usage="\
-Usage: mkinstalldirs [-h] [--help] [--version] [-m MODE] DIR ...
-
-Create each directory DIR (with mode MODE, if specified), including all
-leading file name components.
-
-Report bugs to <bug-automake@gnu.org>."
-
-# process command line arguments
-while test $# -gt 0 ; do
-  case $1 in
-    -h | --help | --h*)         # -h for help
-      echo "$usage"
-      exit 0
-      ;;
-    -m)                         # -m PERM arg
-      shift
-      test $# -eq 0 && { echo "$usage" 1>&2; exit 1; }
-      dirmode=$1
-      shift
-      ;;
-    --version)
-      echo "$0 $scriptversion"
-      exit 0
-      ;;
-    --)                         # stop option processing
-      shift
-      break
-      ;;
-    -*)                         # unknown option
-      echo "$usage" 1>&2
-      exit 1
-      ;;
-    *)                          # first non-opt arg
-      break
-      ;;
-  esac
-done
-
-for file
-do
-  if test -d "$file"; then
-    shift
-  else
-    break
-  fi
-done
-
-case $# in
-  0) exit 0 ;;
-esac
-
-# Solaris 8's mkdir -p isn't thread-safe.  If you mkdir -p a/b and
-# mkdir -p a/c at the same time, both will detect that a is missing,
-# one will create a, then the other will try to create a and die with
-# a "File exists" error.  This is a problem when calling mkinstalldirs
-# from a parallel make.  We use --version in the probe to restrict
-# ourselves to GNU mkdir, which is thread-safe.
-case $dirmode in
-  '')
-    if mkdir -p --version . >/dev/null 2>&1 && test ! -d ./--version; then
-      echo "mkdir -p -- $*"
-      exec mkdir -p -- "$@"
-    else
-      # On NextStep and OpenStep, the `mkdir' command does not
-      # recognize any option.  It will interpret all options as
-      # directories to create, and then abort because `.' already
-      # exists.
-      test -d ./-p && rmdir ./-p
-      test -d ./--version && rmdir ./--version
-    fi
-    ;;
-  *)
-    if mkdir -m "$dirmode" -p --version . >/dev/null 2>&1 &&
-       test ! -d ./--version; then
-      echo "mkdir -m $dirmode -p -- $*"
-      exec mkdir -m "$dirmode" -p -- "$@"
-    else
-      # Clean up after NextStep and OpenStep mkdir.
-      for d in ./-m ./-p ./--version "./$dirmode";
-      do
-        test -d $d && rmdir $d
-      done
-    fi
-    ;;
-esac
-
-for file
-do
-  set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'`
-  shift
-
-  pathcomp=
-  for d
-  do
-    pathcomp="$pathcomp$d"
-    case $pathcomp in
-      -*) pathcomp=./$pathcomp ;;
-    esac
-
-    if test ! -d "$pathcomp"; then
-      echo "mkdir $pathcomp"
-
-      mkdir "$pathcomp" || lasterr=$?
-
-      if test ! -d "$pathcomp"; then
-	errstatus=$lasterr
-      else
-	if test ! -z "$dirmode"; then
-	  echo "chmod $dirmode $pathcomp"
-	  lasterr=""
-	  chmod "$dirmode" "$pathcomp" || lasterr=$?
-
-	  if test ! -z "$lasterr"; then
-	    errstatus=$lasterr
-	  fi
-	fi
-      fi
-    fi
-
-    pathcomp="$pathcomp/"
-  done
-done
-
-exit $errstatus
-
-# Local Variables:
-# mode: shell-script
-# sh-indentation: 2
-# eval: (add-hook 'write-file-hooks 'time-stamp)
-# time-stamp-start: "scriptversion="
-# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-end: "$"
-# End:
diff --git a/crypto/heimdal/packages/ChangeLog b/crypto/heimdal/packages/ChangeLog
deleted file mode 100644
index 50f257568480..000000000000
--- a/crypto/heimdal/packages/ChangeLog
+++ /dev/null
@@ -1,26 +0,0 @@
-2007-12-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* mac/Makefile.am: Rename Info.plist.in Info.plist.
-
-	* mac/mac.sh: Adapt to macos 10.5 packagemaker
-
-	* mac/Info.plist{,.in}: Rename, content static now
-	
-	* mac/Info.plist.in: set version number via makepackage
-
-2007-12-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* mac/mac.sh: Packagemaker switch location.
-	
-2007-10-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: SUBDIRS += debian
-	
-	* debian: EXTRA_DIST
-	
-2006-11-15  Love H�rnquist �strand <lha@it.su.se>
-
-	* mac/mac.sh: clean after ourself.
-
-	* mac/mac.sh: how to build a mac package
-	
diff --git a/crypto/heimdal/packages/Makefile.am b/crypto/heimdal/packages/Makefile.am
deleted file mode 100644
index dbad7b17894a..000000000000
--- a/crypto/heimdal/packages/Makefile.am
+++ /dev/null
@@ -1,6 +0,0 @@
-# $Id: Makefile.am 22003 2007-10-23 08:41:16Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-SUBDIRS=  mac debian
-
diff --git a/crypto/heimdal/packages/Makefile.in b/crypto/heimdal/packages/Makefile.in
deleted file mode 100644
index a65d1fa2b921..000000000000
--- a/crypto/heimdal/packages/Makefile.in
+++ /dev/null
@@ -1,815 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 22003 2007-10-23 08:41:16Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common ChangeLog
-subdir = packages
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-SOURCES =
-DIST_SOURCES =
-RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
-	html-recursive info-recursive install-data-recursive \
-	install-dvi-recursive install-exec-recursive \
-	install-html-recursive install-info-recursive \
-	install-pdf-recursive install-ps-recursive install-recursive \
-	installcheck-recursive installdirs-recursive pdf-recursive \
-	ps-recursive uninstall-recursive
-RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive	\
-  distclean-recursive maintainer-clean-recursive
-ETAGS = etags
-CTAGS = ctags
-DIST_SUBDIRS = $(SUBDIRS)
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-SUBDIRS = mac debian
-all: all-recursive
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps packages/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps packages/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-# This directory's subdirectories are mostly independent; you can cd
-# into them and run `make' without going through this Makefile.
-# To change the values of `make' variables: instead of editing Makefiles,
-# (1) if the variable is set in `config.status', edit `config.status'
-#     (which will cause the Makefiles to be regenerated when you run `make');
-# (2) otherwise, pass the desired values on the `make' command line.
-$(RECURSIVE_TARGETS):
-	@failcom='exit 1'; \
-	for f in x $$MAKEFLAGS; do \
-	  case $$f in \
-	    *=* | --[!k]*);; \
-	    *k*) failcom='fail=yes';; \
-	  esac; \
-	done; \
-	dot_seen=no; \
-	target=`echo $@ | sed s/-recursive//`; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    dot_seen=yes; \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	  || eval $$failcom; \
-	done; \
-	if test "$$dot_seen" = "no"; then \
-	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
-	fi; test -z "$$fail"
-
-$(RECURSIVE_CLEAN_TARGETS):
-	@failcom='exit 1'; \
-	for f in x $$MAKEFLAGS; do \
-	  case $$f in \
-	    *=* | --[!k]*);; \
-	    *k*) failcom='fail=yes';; \
-	  esac; \
-	done; \
-	dot_seen=no; \
-	case "$@" in \
-	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
-	  *) list='$(SUBDIRS)' ;; \
-	esac; \
-	rev=''; for subdir in $$list; do \
-	  if test "$$subdir" = "."; then :; else \
-	    rev="$$subdir $$rev"; \
-	  fi; \
-	done; \
-	rev="$$rev ."; \
-	target=`echo $@ | sed s/-recursive//`; \
-	for subdir in $$rev; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	  || eval $$failcom; \
-	done && test -z "$$fail"
-tags-recursive:
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
-	done
-ctags-recursive:
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
-	  include_option=--etags-include; \
-	  empty_fix=.; \
-	else \
-	  include_option=--include; \
-	  empty_fix=; \
-	fi; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test ! -f $$subdir/TAGS || \
-	      tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \
-	  fi; \
-	done; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS: ctags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test -d "$(distdir)/$$subdir" \
-	    || $(MKDIR_P) "$(distdir)/$$subdir" \
-	    || exit 1; \
-	    distdir=`$(am__cd) $(distdir) && pwd`; \
-	    top_distdir=`$(am__cd) $(top_distdir) && pwd`; \
-	    (cd $$subdir && \
-	      $(MAKE) $(AM_MAKEFLAGS) \
-	        top_distdir="$$top_distdir" \
-	        distdir="$$distdir/$$subdir" \
-		am__remove_distdir=: \
-		am__skip_length_check=: \
-	        distdir) \
-	      || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-recursive
-all-am: Makefile all-local
-installdirs: installdirs-recursive
-installdirs-am:
-install: install-recursive
-install-exec: install-exec-recursive
-install-data: install-data-recursive
-uninstall: uninstall-recursive
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-recursive
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-recursive
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-recursive
-	-rm -f Makefile
-distclean-am: clean-am distclean-generic distclean-tags
-
-dvi: dvi-recursive
-
-dvi-am:
-
-html: html-recursive
-
-info: info-recursive
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-recursive
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-recursive
-
-install-info: install-info-recursive
-
-install-man:
-
-install-pdf: install-pdf-recursive
-
-install-ps: install-ps-recursive
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-recursive
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-recursive
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-pdf: pdf-recursive
-
-pdf-am:
-
-ps: ps-recursive
-
-ps-am:
-
-uninstall-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \
-	install-data-am install-exec-am install-strip uninstall-am
-
-.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
-	all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool ctags ctags-recursive dist-hook \
-	distclean distclean-generic distclean-libtool distclean-tags \
-	distdir dvi dvi-am html html-am info info-am install \
-	install-am install-data install-data-am install-data-hook \
-	install-dvi install-dvi-am install-exec install-exec-am \
-	install-exec-hook install-html install-html-am install-info \
-	install-info-am install-man install-pdf install-pdf-am \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs installdirs-am maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-generic \
-	mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \
-	uninstall uninstall-am uninstall-hook
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/packages/debian/Makefile.am b/crypto/heimdal/packages/debian/Makefile.am
deleted file mode 100644
index a73dc807ca22..000000000000
--- a/crypto/heimdal/packages/debian/Makefile.am
+++ /dev/null
@@ -1,91 +0,0 @@
-# $Id$
-
-include $(top_srcdir)/Makefile.am.common
-
-EXTRA_DIST = \
-	README \
-	README.Debian \
-	changelog \
-	compat \
-	control \
-	copyright \
-	extras/default \
-	extras/kadmind.acl \
-	extras/kdc.conf \
-	heimdal-clients-x.install \
-	heimdal-clients.install \
-	heimdal-clients.postinst \
-	heimdal-clients.prerm \
-	heimdal-dev.install \
-	heimdal-docs.install \
-	heimdal-kcm.init \
-	heimdal-kcm.install \
-	heimdal-kdc.dirs \
-	heimdal-kdc.examples \
-	heimdal-kdc.init \
-	heimdal-kdc.install \
-	heimdal-kdc.logrotate \
-	heimdal-kdc.postinst \
-	heimdal-kdc.postrm \
-	heimdal-kdc.templates \
-	heimdal-servers-x.dirs \
-	heimdal-servers-x.install \
-	heimdal-servers-x.postinst \
-	heimdal-servers-x.postrm \
-	heimdal-servers-x.prerm \
-	heimdal-servers.dirs \
-	heimdal-servers.install \
-	heimdal-servers.postinst \
-	heimdal-servers.postrm \
-	heimdal-servers.prerm \
-	libasn1-8-heimdal.install \
-	libasn1-8-heimdal.postinst.debhelper \
-	libasn1-8-heimdal.postrm.debhelper \
-	libasn1-8-heimdal.substvars \
-	libgssapi2-heimdal.install \
-	libgssapi2-heimdal.postinst.debhelper \
-	libgssapi2-heimdal.postrm.debhelper \
-	libgssapi2-heimdal.substvars \
-	libhdb9-heimdal.install \
-	libhdb9-heimdal.postinst.debhelper \
-	libhdb9-heimdal.postrm.debhelper \
-	libhdb9-heimdal.substvars \
-	libkadm5clnt7-heimdal.install \
-	libkadm5clnt7-heimdal.postinst.debhelper \
-	libkadm5clnt7-heimdal.postrm.debhelper \
-	libkadm5clnt7-heimdal.substvars \
-	libkadm5srv7-heimdal.install \
-	libkadm5srv8-heimdal.install \
-	libkafs0-heimdal.install \
-	libkrb5-22-heimdal.install \
-	libkrb5-22-heimdal.postinst.debhelper \
-	libkrb5-22-heimdal.postrm.debhelper \
-	libkrb5-22-heimdal.substvars \
-	libotp0-heimdal.install \
-	libroken18-heimdal.install \
-	libroken18-heimdal.postinst.debhelper \
-	libroken18-heimdal.postrm.debhelper \
-	libroken18-heimdal.substvars \
-	libsl0-heimdal.install \
-	patches/021_debian \
-	patches/022_ftp-roken-glob \
-	patches/022_openafs \
-	patches/025_pthreads \
-	patches/026_posix_max \
-	po/POTFILES.in \
-	po/cs.po \
-	po/da.po \
-	po/de.po \
-	po/es.po \
-	po/fr.po \
-	po/gl.po \
-	po/ja.po \
-	po/nl.po \
-	po/pt.po \
-	po/pt_BR.po \
-	po/ru.po \
-	po/sv.po \
-	po/templates.pot \
-	po/vi.po \
-	rules \
-	scripts/convert_source
diff --git a/crypto/heimdal/packages/debian/Makefile.in b/crypto/heimdal/packages/debian/Makefile.in
deleted file mode 100644
index 8be56b0c88b4..000000000000
--- a/crypto/heimdal/packages/debian/Makefile.in
+++ /dev/null
@@ -1,745 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id$
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common
-subdir = packages/debian
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-SOURCES =
-DIST_SOURCES =
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-EXTRA_DIST = \
-	README \
-	README.Debian \
-	changelog \
-	compat \
-	control \
-	copyright \
-	extras/default \
-	extras/kadmind.acl \
-	extras/kdc.conf \
-	heimdal-clients-x.install \
-	heimdal-clients.install \
-	heimdal-clients.postinst \
-	heimdal-clients.prerm \
-	heimdal-dev.install \
-	heimdal-docs.install \
-	heimdal-kcm.init \
-	heimdal-kcm.install \
-	heimdal-kdc.dirs \
-	heimdal-kdc.examples \
-	heimdal-kdc.init \
-	heimdal-kdc.install \
-	heimdal-kdc.logrotate \
-	heimdal-kdc.postinst \
-	heimdal-kdc.postrm \
-	heimdal-kdc.templates \
-	heimdal-servers-x.dirs \
-	heimdal-servers-x.install \
-	heimdal-servers-x.postinst \
-	heimdal-servers-x.postrm \
-	heimdal-servers-x.prerm \
-	heimdal-servers.dirs \
-	heimdal-servers.install \
-	heimdal-servers.postinst \
-	heimdal-servers.postrm \
-	heimdal-servers.prerm \
-	libasn1-8-heimdal.install \
-	libasn1-8-heimdal.postinst.debhelper \
-	libasn1-8-heimdal.postrm.debhelper \
-	libasn1-8-heimdal.substvars \
-	libgssapi2-heimdal.install \
-	libgssapi2-heimdal.postinst.debhelper \
-	libgssapi2-heimdal.postrm.debhelper \
-	libgssapi2-heimdal.substvars \
-	libhdb9-heimdal.install \
-	libhdb9-heimdal.postinst.debhelper \
-	libhdb9-heimdal.postrm.debhelper \
-	libhdb9-heimdal.substvars \
-	libkadm5clnt7-heimdal.install \
-	libkadm5clnt7-heimdal.postinst.debhelper \
-	libkadm5clnt7-heimdal.postrm.debhelper \
-	libkadm5clnt7-heimdal.substvars \
-	libkadm5srv7-heimdal.install \
-	libkadm5srv8-heimdal.install \
-	libkafs0-heimdal.install \
-	libkrb5-22-heimdal.install \
-	libkrb5-22-heimdal.postinst.debhelper \
-	libkrb5-22-heimdal.postrm.debhelper \
-	libkrb5-22-heimdal.substvars \
-	libotp0-heimdal.install \
-	libroken18-heimdal.install \
-	libroken18-heimdal.postinst.debhelper \
-	libroken18-heimdal.postrm.debhelper \
-	libroken18-heimdal.substvars \
-	libsl0-heimdal.install \
-	patches/021_debian \
-	patches/022_ftp-roken-glob \
-	patches/022_openafs \
-	patches/025_pthreads \
-	patches/026_posix_max \
-	po/POTFILES.in \
-	po/cs.po \
-	po/da.po \
-	po/de.po \
-	po/es.po \
-	po/fr.po \
-	po/gl.po \
-	po/ja.po \
-	po/nl.po \
-	po/pt.po \
-	po/pt_BR.po \
-	po/ru.po \
-	po/sv.po \
-	po/templates.pot \
-	po/vi.po \
-	rules \
-	scripts/convert_source
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps packages/debian/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps packages/debian/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-tags: TAGS
-TAGS:
-
-ctags: CTAGS
-CTAGS:
-
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile all-local
-installdirs:
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-generic
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool dist-hook distclean \
-	distclean-generic distclean-libtool distdir dvi dvi-am html \
-	html-am info info-am install install-am install-data \
-	install-data-am install-data-hook install-dvi install-dvi-am \
-	install-exec install-exec-am install-exec-hook install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-ps install-ps-am \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	uninstall uninstall-am uninstall-hook
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/packages/debian/README b/crypto/heimdal/packages/debian/README
deleted file mode 100644
index 1a59f00cd24a..000000000000
--- a/crypto/heimdal/packages/debian/README
+++ /dev/null
@@ -1,15 +0,0 @@
-
-d=ubuntu/gutsy
-
-mkdir foo
-cd foo
-svn co .... heimdal-src
-cd heimdal-src
-ln -s packages/debian
-test -f configure || autoreconf -f -i
-fakeroot debian/rules binary
-cd ..
-cp *.deb /afs/pdc.kth.se/public/ftp/pub/heimdal/binaries/$dist
-cd /afs/pdc.kth.se/public/ftp/pub/heimdal/binaries/$dist
-dpkg-scanpackages . /dev/null 2> /dev/null | gzip -9 > Packages.gz
-
diff --git a/crypto/heimdal/packages/debian/README.Debian b/crypto/heimdal/packages/debian/README.Debian
deleted file mode 100644
index 41a73cc9a7c8..000000000000
--- a/crypto/heimdal/packages/debian/README.Debian
+++ /dev/null
@@ -1,120 +0,0 @@
-Note on ksu
------------
-This program is not installed setuid root be default. If you want to
-install it setuid root, then you can override the package permissions
-with:
-
-dpkg-statoverride --update --add root root 4755 /usr/bin/ksu
-
-Note on ipropd and/or hpropd
-----------------------------
-The following entries may be required in you /etc/services
-file (see bug #139845):
-
-krb_prop      754/tcp                         # Kerberos slave propagation
-iprop         2121/tcp                        # incremental propagation
-
-Note on kerberos.8 man page
----------------------------
-This man page is not currently included due to conflict with kerberos4kth-kdc
-package. For more information on Kerberos, see:
-http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html
-
-Installing heimdal for Debian
------------------------------
-(Note: if you do not have a krb4 KDC, you may need to include
-"krb4_get_tickets = no" in the [libdefaults] section of
-kdc.conf; otherwise kinit will complain with an error).
-
-Things you will have to do manually (see info documentation for
-details):
-
-On KDC:
-1. Add adminstrator keys using kadmin.
-
-For example:
-# kadmin -l
-kadmin> add bam/admin
-Max ticket life [unlimited]:
-Max renewable life [unlimited]:
-Principal expiration time [never]:
-Password expiration time [never]:
-Attributes []:
-bam/admin@CHOCBIT.ORG.AU's Password:
-Verifying password - bam/admin@CHOCBIT.ORG.AU's Password:
-
-2. Add kadmin/admin key to KDC:
-
-For example:
-# kadmin -l
-kadmin> add -r kadmin/admin@CHOCBIT.ORG.AU
-Max ticket life [unlimited]:
-Max renewable life [unlimited]:
-Principal expiration time [never]:
-Password expiration time [never]:
-Attributes []:
-
-(note: this key doesn't need to be extracted).
-
-3. Enable remote admistration by creating /etc/heimdal-kdc/kadmind.acl
-
-For example:
-echo 'bam/admin@CHOCBIT.ORG.AU all' > /etc/heimdal-kdc/kadmind.acl
-
-4. Test.
-
-For example:
-# kadmin -p bam/admin
-bam/admin@CHOCBIT.ORG.AU's Password:
-kadmin> list *
-[should list all keys]
-
-5. Add user keys
-
-For example:
-# kadmin -p bam/admin
-bam/admin@CHOCBIT.ORG.AU's Password:
-kadmin> add bam
-
-
-On other computers:
-1. If you installed heimdal-clients-x or heimdal-servers-x,
-then you will need to add the following entry to /etc/services
-kx              2111/tcp                        # X over kerberos
-(check to make sure this doesn't already exist).
-2. edit /etc/krb5.conf
-3. setup secret keys each computer, using kadmin and/or ktutil.
-
-For example, on remote computer dewey.chocbit.org.au:
-bam/admin@CHOCBIT.ORG.AU's Password:
-kadmin> add -r host/dewey.chocbit.org.au
-[...]
-kadmin> ext host/dewey.chocbit.org.au
-kadmin> add -r ftp/dewey.chocbit.org.au
-[...]
-kadmin> ext ftp/dewey.chocbit.org.au
-
-The ext command extracts keys to /etc/krb5.keytab, where
-they can be inspected with the "ktutil list" command at the
-shell prompt.
-
-Tell me if any files conflict with any other package - do not
-try to force the package to install, otherwise things may break...
-In general, this package conflicts with kerberos4kth and
-probably MIT Kerberos (not packaged as of potato). Local
-installations under /usr/local should be OK.
-
-Changes from upstream source:
-1. popper checks for $HOME/Maildir, $HOME/Mailbox and /var/spool/mail/<user>
-in that order.
-2. /var/lib/heimdal-kdc used instead of /var/heimdal
-3. /usr/bin/login moved to /usr/lib/heimdal-servers
-4. /usr/lib/heimdal-servers used instead of /usr/libexec
-5. telnet and ftp have been renamed to ktelnet and kftp, and
-use the update-alternatives mechanism. In the future, this
-should allow heimdal-clients to exist at the same time
-as telnet-ssl.
-6. kdc config files kdc.conf and kadmind.acl stored in
-/etc/heimdal-kdc instead of /usr/lib/heimdal-servers.
-
- -- Brian May <bam@debian.org>, Wed,  8 Dec 1999 11:54:13 +1100
diff --git a/crypto/heimdal/packages/debian/changelog b/crypto/heimdal/packages/debian/changelog
deleted file mode 100644
index b6ae93ccbef2..000000000000
--- a/crypto/heimdal/packages/debian/changelog
+++ /dev/null
@@ -1,1168 +0,0 @@
-heimdal (1.0.2RC5.dfsg.1) gutsy; urgency=low
-
-  * New version
-
- -- Love H�rnquist �strand <lha@h5l.se>  Mon, 4 Dec 2007 17:54:28 -0200
-
-heimdal (1.0.2RC2.dfsg.1) gutsy; urgency=low
-
-  * New version
-
-  * Add new libs
-
- -- Love H�rnquist �strand <lha@h5l.se>  Fri, 19 Oct 2007 17:54:28 -0200
-
-heimdal (0.7.2.dfsg.1-10ubuntu2) gutsy; urgency=low
-
-  * debian/control:
-    - Actually added openbsd-inetd | inet-superserver to heimdal-servers'
-      dependencies (LP: #123782). 
-    - DebainMaintainerField foo
-
- -- Rick Clark <rick.clark@ubuntu.com>  Tue, 03 Jul 2007 19:58:47 -0400
-
-heimdal (0.7.2.dfsg.1-10ubuntu1) feisty; urgency=low
-
-  * Merge from debian unstable, remaining changes:
-    - Add update-inetd to heimdal-servers and heimdal-kdc's dependencies
-    - Add openbsd-inetd | inet-superserver to heimdal-servers dependencies
-
- -- Lionel Porcheron <lionel@alveonet.org>  Fri, 09 Feb 2007 14:17:33 +0100
-
-heimdal (0.7.2.dfsg.1-10) unstable; urgency=low
-
-  * Add Portuguese debconf translation (closes: #408186).
-  * Properly quote values in heimdal-kdc's postinst (closes: #408908).
-  * Fixes broken conflicts in libsl0-heimdal (closes: #406651).
-
- -- Brian May <bam@snoopy.debian.net>  Thu,  8 Feb 2007 15:27:28 +1100
-
-heimdal (0.7.2.dfsg.1-9ubuntu1) feisty; urgency=low
-
-  * Merge from Debian unstable, remaining changes:
-    - Add update-inetd to heimdal-servers and heimdal-kdc's dependencies
-    - Add openbsd-inetd | inet-superserver to heimdal-servers dependencies
-
- -- Lionel Porcheron <lionel@alveonet.org>  Sun, 14 Jan 2007 21:48:33 +0100
-
-heimdal (0.7.2.dfsg.1-9) unstable; urgency=low
-
-  * Include Spanish po-debconf translation (closes: #403481).
-
- -- Brian May <bam@snoopy.debian.net>  Thu, 11 Jan 2007 09:09:26 +1100
-
-heimdal (0.7.2.dfsg.1-8ubuntu1) feisty; urgency=low
-
-  * debian/control: Add update-inetd to heimdal-servers's dependencies
-    (Closes Ubuntu: #76104).
-  * debian/control: Add openbsd-inetd | inet-superserver dependencies
-    as heimdal-servers needs an inet server to work
-
- -- Lionel Porcheron <lionel@alveonet.org>  Sun, 17 Dec 2006 11:28:51 +0100
-
-heimdal (0.7.2.dfsg.1-8) unstable; urgency=high
-
-  * Swap -n with -z in test, otherwise servers won't get added on initial
-    installation. This was due to broken fix for #401258.
-
- -- Brian May <bam@snoopy.debian.net>  Wed, 13 Dec 2006 14:45:52 +1100
-
-heimdal (0.7.2.dfsg.1-7) unstable; urgency=high
-
-  * Don't change services on upgrades, only on fresh installation, purge, and
-    upgrade from old versions.  Closes: #401258.
-
- -- Brian May <bam@snoopy.debian.net>  Tue, 12 Dec 2006 14:45:22 +1100
-
-heimdal (0.7.2.dfsg.1-6) unstable; urgency=low
-
-  * Update maintainer E-Mail address.
-
- -- Brian May <bam@snoopy.debian.net>  Mon, 20 Nov 2006 12:02:02 +1100
-
-heimdal (0.7.2.dfsg.1-5) unstable; urgency=low
-
-  * Rebuild against latest openldap (closes: #385809).
-  * Add SLAVE_PARAMS to KDC /etc/default/heimdal-kdc file (closes: #392933).
-  * Fix klist man page (closes: #389848).
-
- -- Brian May <bam@debian.org>  Mon, 16 Oct 2006 15:15:32 +1000
-
-heimdal (0.7.2.dfsg.1-4) unstable; urgency=low
-
-  * Include KCM (closes: #379245).
-  * Move heimdal-docs to Section: doc.
-
- -- Brian May <bam@debian.org>  Tue, 22 Aug 2006 12:19:57 +1000
-
-heimdal (0.7.2.dfsg.1-3) unstable; urgency=low
-
-  * Remove bashism in debian/rules. Closes: #376082.
-  * Build depends on texinfo, required for makeinfo. Closes: #376224.
-
- -- Brian May <bam@debian.org>  Sun,  2 Jul 2006 10:49:35 +1000
-
-heimdal (0.7.2.dfsg.1-2) unstable; urgency=low
-
-  * Search for all references to HDB_DB_DIR "/kdc.conf" and replace with
-    "/etc/heimdal-kdc/kdc.conf". Closes: #365883, #365890.
-
- -- Brian May <bam@debian.org>  Sun, 14 May 2006 10:42:24 +1000
-
-heimdal (0.7.2.dfsg.1-1) unstable; urgency=low
-
-  * Remove non-free documentation. Closes: #364860.
-  * Add Galician debconf templates. Closes: #362091.
-  * Update standards version to 3.7.2.
-
- -- Brian May <bam@debian.org>  Sat, 13 May 2006 16:02:41 +1000
-
-heimdal (0.7.2-4) unstable; urgency=low
-
-  * Fix file deletion in postrm. Closes: #361411.
-
- -- Brian May <bam@debian.org>  Mon, 10 Apr 2006 12:45:34 +1000
-
-heimdal (0.7.2-3) unstable; urgency=low
-
-  * Move heimdal-kdc config files, kdc.conf, kadmind.acl and .configured, from
-    /var/lib/heimdal-kdc to /etc/heimdal-kdc. Closes: #351960.
-
- -- Brian May <bam@debian.org>  Fri,  7 Apr 2006 10:13:55 +1000
-
-heimdal (0.7.2-2) unstable; urgency=low
-
-  * Install krcp.1 manpage.
-  * Move xnlock.1 man page to correct man page section 1.
-  * heimdal-dev: add depends on comerr-dev. Closes: #357115.
-
- -- Brian May <bam@debian.org>  Thu, 16 Mar 2006 19:15:32 +1100
-
-heimdal (0.7.2-1) unstable; urgency=low
-
-  * New upstream version. Includes security fixes. Changes from upstream:
-
-        * Fix security problem in rshd that enable an attacker to overwrite
-          and change ownership of any file that root could write
-          (CVE-2006-0582).
-
-        * Fix a DOS in telnetd. The attacker could force the server to crash
-          in a NULL de-reference before the user logged in, resulting in inetd
-          turning telnetd off because it forked too fast (CVE-2006-0677).
-
-        * Make gss_acquire_cred(GSS_C_ACCEPT) check that the requested name
-          exists in the keytab before returning success. This allows servers
-          to check if its even possible to use GSSAPI.
-
-        * Fix receiving end of token delegation for GSS-API. It still wrongly
-          uses subkey for sending for compatibility reasons, this will change
-          in 0.8.
-
-        * telnetd, login and rshd are now more verbose in logging failed and
-          successful logins.
-
-        * Bug fixes.
-
-  * Ditch dbs build system in preference for quilt and cdbs.
-
-  * Don't install /usr/include/ss. It's not included by any other header
-    in heimdal-dev and is provided by ss-dev. Closes: #349213.
-
-  * Also remove /usr/bin/mk_cmds which is also provided by ss-dev.
-
-  * Supply /etc/ldap/schema/hdb.schema. Closes: #355287.
-
-  * Move iprop man pages from heimdal-clients package into
-    heimdal-kdc package. Closes: #347555.
-
-  * Change default program for krsh from rlogin to ktelnet if no parameters
-    given.  Closes: #355080.
-
- -- Brian May <bam@debian.org>  Thu,  9 Mar 2006 18:24:51 +1100
-
-heimdal (0.7.1-3) unstable; urgency=high
-
-  * Brian May <bam@debian.org>:
-    * Delete patches for old Heimdal versions.
-    * Update Swedish debconf translation (closes: #347605).
-  * Michael Banck <mbanck@debian.org>:
-    * Changes for GNU HURD: 026_posix_max (closes: #113317),
-                            026_no_afs (closes: #324342).
-  * Steve Langasek <vorlon@debian.org>:
-    * 025_pthreads
-    * High-urgency upload for RC bugfix.
-    * Use -pthread -lpthread when linking shared libs, not just -pthread,
-      needed for proper linking of libgssapi on mips/mipsel.  Closes: #346346.
-    * Build-depend on libx11-dev, libxau-dev, libxt-dev, x-dev instead of the
-      obsolete xlibs-dev.  Closes: #346680.
-
- -- Brian May <bam@debian.org>  Fri, 13 Jan 2006 19:04:05 +1100
-
-heimdal (0.7.1-2) unstable; urgency=low
-
-  * Apply 022_ftp-roken-glob again.
-  * Upload for unstable.
-
- -- Brian May <bam@debian.org>  Thu, 22 Dec 2005 11:24:21 +1100
-
-heimdal (0.7.1-1) experimental; urgency=low
-
-  * New upstream version.
-  * Remove krb4 support (closes: #315059, #334632).
-  * Conflict with krb4.
-
- -- Brian May <bam@debian.org>  Mon, 24 Oct 2005 08:08:39 +1000
-
-heimdal (0.6.3-13) unstable; urgency=low
-
-  * Add alternative depends of debconf-2.0 in heimdal-kdc. Closes
-    <URL:http://lists.debian.org/debian-devel/2005/08/msg00136.html>.
-  * Update sv translations (closes: #330318).
-
- -- Brian May <bam@debian.org>  Sun,  2 Oct 2005 12:36:49 +1000
-
-heimdal (0.6.3-12) unstable; urgency=low
-
-  * Rebuild to fix broken *.la files (closes: #316980).
-  * Modify rxtelnet and rxterm to use ktelnet and krsh (closes: #274063).
-  * Add Vietnamese debconf translation (closes: #314197).
-  * Add Czech debconf translation (closes: #314749).
-  * Move string2key into heimdal-clients (closes: #314365).
-  * Fix LDAP searches (closes: #318409).
-
- -- Brian May <bam@debian.org>  Thu, 25 Aug 2005 11:39:59 +1000
-
-heimdal (0.6.3-11) unstable; urgency=low
-
-  * Apply patch to fix "Remotely exploitable buffer overflow in
-    getterminaltype function", reported in Secunia advisory SA15718 at
-    http://secunia.com/advisories/15718/. Closes: #315065.
-
- -- Brian May <bam@debian.org>  Sun,  3 Jul 2005 13:54:19 +1000
-
-heimdal (0.6.3-10) unstable; urgency=low
-
-  * LDAP support (closes: #95246).
-  * Fix buffer overflow security bug in telnet client, CAN-2005-0469,
-    closes: #305574.
-
- -- Brian May <bam@debian.org>  Mon, 25 Apr 2005 14:48:03 +1000
-
-heimdal (0.6.3-9) unstable; urgency=low
-
-  * Add Japanese debconf translation (closes: #302485)
-  * Updated replaces for heimdal-clients (closes: #303751).
-  * Support update-alternatives with rcp man page (closes: #303753).
-
- -- Brian May <bam@debian.org>  Sun, 10 Apr 2005 12:47:40 +1000
-
-heimdal (0.6.3-8) unstable; urgency=low
-
-  * Apply patch to build on amd64 (closes: #300811).
-  * Move verify_krb5_conf man page to heimdal-clients (closes: #299905).
-  * Include danish debconf translations (closes: #296987).
-  * Add missing (versioned) comerr-dev to build depends (closes: #293270).
-
- -- Brian May <bam@debian.org>  Thu, 24 Mar 2005 10:34:46 +1100
-
-heimdal (0.6.3-7) unstable; urgency=low
-
-  * Remove setconfig from built package, the new kdc.conf config broke this
-    script, and the config it changed wasn't used by Heimdal anyway.
-    Closes: #289295.
-  * Add patch from upstream to stop KDC crashing with SIGPIPE error.
-    Closes: #284498.
-
- -- Brian May <bam@debian.org>  Fri, 14 Jan 2005 15:59:20 +1100
-
-heimdal (0.6.3-6) unstable; urgency=low
-
-  * Make conflict between heimdal-kdc and krb5-admin-server explicit, see
-    #274763 for details.
-  * Supply better example kdc.conf (closes: #210575). I deliberately omitted
-    the database setting as upstream say it isn't currently usable and will
-    change soon. Improvements welcome.
-  * Fix hardcoded paths to work with openafs (closes: #286249).
-
- -- Brian May <bam@debian.org>  Mon, 20 Dec 2004 10:39:43 +1100
-
-heimdal (0.6.3-5) unstable; urgency=low
-
-  * Add new German debconf translations (closes: #284375).
-  * Set Project-Id-Version, PO-Revision-Date, Last-Translator fields to
-    Swedish and Russian translations from information in BTS.
-  * Remove kerberos.8.gz man page. This hack is to remove the conflict with
-    kerberos4kth which also contains the same file. It doesn't appear worth
-    keeping. See bug #274763 for details on conflict.
-  * Add note concerning above item in README.Debian.
-  * Make conflict between heimdal-kdc and krb5-kdc explicit, see #274763
-    for details.
-
- -- Brian May <bam@debian.org>  Sun, 12 Dec 2004 15:41:05 +1100
-
-heimdal (0.6.3-4) unstable; urgency=low
-
-  * Adding the attached Brazilian Portuguese templates (closes: #278730).
-  * Fix typo in prerm script (closes: #280354).
-
- -- Brian May <bam@debian.org>  Tue,  9 Nov 2004 14:09:01 +1100
-
-heimdal (0.6.3-3) unstable; urgency=low
-
-  * Move kerberos.8.gz from heimdal-servers into heimdal-docs package.
-  * Move kadmind.8.gz from heimdal-servers into heimdal-kdc package.
-  * Conflict with pop3-server instead of qpopper (closes: #274774).
-
- -- Brian May <bam@debian.org>  Mon, 18 Oct 2004 17:12:05 +1000
-
-heimdal (0.6.3-2) unstable; urgency=low
-
-  * Stop all daemons as long as PID file exists, regardless if deamon is
-    enabled or not (closes: #266575).
-  * Add Dutch po-debconf translations (closes: #263597).
-  * Add some cleanups recommended in #95246 to debian/rules.
-    * Remove debian/*.ex files.
-    * Remove debian/control.* files.
-    * Remove debian/ex.doc-base.package.
-    * Remove obsolete libtool hack.
-    * Remove calls to obsolete dh_suidregister program.
-
- -- Brian May <bam@debian.org>  Sat, 25 Sep 2004 14:59:21 +1000
-
-heimdal (0.6.3-1) unstable; urgency=low
-
-  * New upstream version.
-
- -- Brian May <bam@debian.org>  Tue, 14 Sep 2004 08:28:11 +1000
-
-heimdal (0.6.2-0.6.3rc3-1) unstable; urgency=low
-
-  * New upstream version.
-  * Fixes security bugs in FTP server.
-
- -- Brian May <bam@debian.org>  Mon, 13 Sep 2004 16:00:23 +1000
-
-heimdal (0.6.2-6) unstable; urgency=low
-
-  * Update replaces header for heimdal-clients, to allow for push.8.gz
-    moving from heimdal-servers to heimdal-clients (closes: #264979).
-
- -- Brian May <bam@debian.org>  Thu, 12 Aug 2004 09:02:48 +1000
-
-heimdal (0.6.2-5) unstable; urgency=low
-
-  * Cave in to pressure and remove libdb4.2-dev from depends in
-    heimdal-dev. See bug #253894 for reasons, both for and against.
-
- -- Brian May <bam@debian.org>  Mon,  2 Aug 2004 17:46:29 +1000
-
-heimdal (0.6.2-4) unstable; urgency=low
-
-  * Add patch 000_afslog to make afslog work (closes: #261065).
-
- -- Brian May <bam@debian.org>  Sat, 31 Jul 2004 14:56:32 +1000
-
-heimdal (0.6.2-3) unstable; urgency=low
-
-  * Use default realm configured by krb5-config for KDC (closes:
-    #251725).
-  * Move push.8 man page from heimdal-servers to heimdal-clients
-    (push binary is already in heimdal-clients).
-
- -- Brian May <bam@debian.org>  Mon, 31 May 2004 08:30:54 +1000
-
-heimdal (0.6.2-2) unstable; urgency=low
-
-  * Make build depends on libssl-dev versioned (closes: #249595).
-  * libdb4.2 support (closes: #223055).
-
- -- Brian May <bam@debian.org>  Sun, 23 May 2004 10:10:04 +1000
-
-heimdal (0.6.2-1) unstable; urgency=low
-
-  * New upstream version.
-    * Fixes possible buffer overflow bug in the krb4 code in kadmin
-      (CAN-2004-0472).
-    * Disables krb4 support by default in kadmin.
-    * Next upstream version will remove krb4 support in kadmin.
-
- -- Brian May <bam@debian.org>  Tue, 11 May 2004 09:57:12 +1000
-
-heimdal (0.6.1-1) unstable; urgency=low
-
-  * New upstream version:
-    * Fix cross realm trust vulnerability (closes: #241524).
-
-  * The following patches removed as they appear to be in upstream:
-    * patches/001_sasl_external.
-    * patches/010_gcc33.
-    * patches/016_nessus_dos.
-    * patches/023_db4
-
-  * Simplify patches/032_libtool_version_script, remove hunks that only
-    change line numbers (these created rejects).
-
- -- Brian May <bam@debian.org>  Sun,  4 Apr 2004 10:14:22 +1000
-
-heimdal (0.6-8) unstable; urgency=low
-
-  * Change /etc/defaults/heimdal-kdc to /etc/default/heimdal-kdc in
-    heimdal-kdc init.d script (closes: #236289).
-  * Add french debconf templates (closes: #236891).
-
- -- Brian May <bam@debian.org>  Thu, 11 Mar 2004 13:07:59 +1100
-
-heimdal (0.6-7) unstable; urgency=low
-
-  * Use new gettext based debconf (closes: #235170).
-
- -- Brian May <bam@debian.org>  Sat, 28 Feb 2004 13:15:41 +1100
-
-heimdal (0.6-6) unstable; urgency=low
-
-  * Move /etc/defaults/heimdal-kdc to /etc/default/heimdal-kdc (closes:
-    #233824)
-
- -- Brian May <bam@debian.org>  Wed, 25 Feb 2004 11:09:29 +1100
-
-heimdal (0.6-5) unstable; urgency=low
-
-  * Add sample kadmind.acl on initial installation (closes: #215649)
-  * Split KDC init.d script into /etc/default/heimdal-kdc (closes: #213534).
-  * Add openldap patch from upstream 001_sasl_external (LDAP is not
-    enabled in build though).
-
- -- Brian May <bam@debian.org>  Wed, 31 Dec 2003 12:41:38 +1100
-
-heimdal (0.6-4) unstable; urgency=low
-
-  * The "Lets fix all these bugs release" (and see what breaks!).
-  * Set standards version to 3.6.1.
-  * Upgrade to DH_COMPAT version 4.
-  * Fix minor errors reported by linda, including:
-    * Remove call to dh_suidregister.
-    * Add versioned dependancy on debhelper (closes: #216290).
-    * Add versioned depends on debconf,
-  * When START_KDC is set, the init.d script should stop kdc; when
-    START_KPASSWDD is set, the init.d script should stop kpasswdd; not the
-    other way around. Closes #214447.
-  * Fix info pages by installing all files, closes #214248.
-  * Add libtool patch to version symbols, thanks Steve Langasek
-    <vorlon@netexpress.net>. Closes: #205592.
-  * Attempt to link against libdb4.1 instead of libdb3 failed, as automake
-    wouldn't stop complaining about lib/roken/Makefile.am (not touched by
-    this patch). Added debian/patch/db4 all the same.
-
- -- Brian May <bam@snoopy.apana.org.au>  Sat, 13 Dec 2003 11:17:42 +1100
-
-heimdal (0.6-3) unstable; urgency=low
-
-  * Remove heimdal-libs package, I am not sure why I kept it, it isn't really
-    required for upgrades. This solves the (non-)issue with the description
-    (closes: #209552).
-
-  * Fix nessus DOS attack (closes: #197161).
-
-  * Since 0.6-2.2 no longer links with libreadline (closes: #198511).
-
- -- Brian May <bam@snoopy.apana.org.au>  Sun, 28 Sep 2003 11:06:57 +1000
-
-heimdal (0.6-2.3) unstable; urgency=low
-
-  * NMU with Blessings from Brian May <bam@debian.org>
-
- -- Mikael Andersson <mikan@debian.org>  Tue, 16 Sep 2003 07:14:03 +0200
-
-heimdal (0.6-2.2) unstable; urgency=low
-
-  * Compile against libedit instead of libreadline4.
-    Added patch 015_editline
-    Recreated 030_autotools (Need $TMP to be set, and add libtoolize)
-    Changed builddependency from libreadline4-dev to libedit-dev
-    Change configure --with-readline in rules
-
- -- Mikael Andersson <mikan@debian.org>  Mon, 15 Sep 2003 12:31:46 +0200
-
-heimdal (0.6-2.1) unstable; urgency=low
-
-  * Use com_err from comerr-dev.
-  
-  * Removed comerr-dev, ss-dev from Conflicts of heimdal-dev
-
- -- Mikael Andersson <mikan@debian.org>  Mon, 15 Sep 2003 11:36:49 +0200
-
-heimdal (0.6-2) unstable; urgency=low
-
-  * Remove login man page, it conflicts with the login package.
-
- -- Brian May <bam@debian.org>  Sat,  6 Sep 2003 12:40:01 +1000
-
-heimdal (0.6-1) unstable; urgency=low
-
-  * New upstream version.
-  * Built for woody.
-
- -- Brian May <bam@debian.org>  Thu, 28 Aug 2003 15:50:17 +1000
-
-heimdal (0.5.2-5) unstable; urgency=low
-
-  * Update conflicts for heimdal-clients not to conflict with ftp, as it
-    uses update-alternatives since version 0.16-1 (closes: #202701).
-
- -- Brian May <bam@debian.org>  Wed,  6 Aug 2003 12:15:05 +1000
-
-heimdal (0.5.2-4) unstable; urgency=low
-
-  * Move conflicts libdb3-dev to depends libdb3-dev, really-closes
-    #196157.
-
- -- Brian May <bam@debian.org>  Sun, 29 Jun 2003 09:32:20 +1000
-
-heimdal (0.5.2-3) unstable; urgency=low
-
-  * Fix FTBFS error with GCC-3.3 by adding debian/patches/010_gcc33
-    (closes: #196406).
-  * heimdal-dev depends on libdb3-dev, closes: #196157.
-
- -- Brian May <bam@debian.org>  Sat, 28 Jun 2003 15:47:53 +1000
-
-heimdal (0.5.2-2) unstable; urgency=low
-
-  * Make heimdal-kdc daemons configurable. Also fix type in
-    etc/init.d/heimdal-kdc (closes: #186353).
-  * Upstream said kftp -n option was fixed in 0.5.2-1 (closes: #181697).
-
- -- Brian May <bam@debian.org>  Thu, 27 Mar 2003 12:26:09 +1100
-
-heimdal (0.5.2-1) unstable; urgency=high
-
-  * New upstream version; Fixes krb4 security bug (closes: #185164).
-  * Remove versioned symbols patch, this more important.
-  * Remove debian/patches/016_openssl, hopefully it is no longer required.
-  * Remove debian/patches/018_sasize, hopefully it is no longer required.
-
- -- Brian May <bam@debian.org>  Tue, 18 Mar 2003 10:57:31 +1100
-
-heimdal (0.5.1-7) unstable; urgency=low
-
-  * Use versioned symbols for all libraries.
-
- -- Brian May <bam@debian.org>  Mon, 17 Mar 2003 12:50:38 +1100
-
-heimdal (0.5.1-6) unstable; urgency=low
-
-  * Fix credential delegation bug (018_gssapi_forward).
-  * Rename 023_sasize patch to 018_sasize, 02* is for Debian specific
-  changes, not bugs fixes of upstream code, that is for 01*.
-
- -- Brian May <bam@debian.org>  Fri,  7 Mar 2003 18:47:29 +1100
-
-heimdal (0.5.1-5) unstable; urgency=low
-
-  * Fix error with sa_size not getting initialized properly. See
-  debian/patches/023_sasize.
-
- -- Brian May <bam@debian.org>  Tue,  4 Mar 2003 19:06:01 +1100
-
-heimdal (0.5.1-4) unstable; urgency=low
-
-  * Rebuild for sid.
-  * 016_openssl patch to work with openssl 0.9.7.
-  * Now builds on sid (closes: #178775).
-  * New build will have correct dependancy on libroken (closes: #177250).
-
- -- Brian May <bam@debian.org>  Thu, 30 Jan 2003 11:35:44 +1100
-
-heimdal (0.5.1-3) unstable; urgency=low
-
-  * 015_getifaddrs patch fixes segmentation fault.
-  * Remove *.rej file from 014_cache patch.
-
- -- Brian May <bam@debian.org>  Thu, 16 Jan 2003 13:30:07 +1100
-
-heimdal (0.5.1-2) unstable; urgency=low
-
-  * Move dependancy on krb5-config to heimdal-servers and heimdal-
-    clients (closes: #171868).
-  * Add build depends on libhesiod-dev, it is only small, and
-    all versions of Heimdal need to be built the same.
-  * These changes were in 0.4e-23, but missed in 0.5.1-1.
-
- -- Brian May <bam@debian.org>  Thu,  9 Jan 2003 16:29:39 +1100
-
-heimdal (0.5.1-1) unstable; urgency=low
-
-  * New upstream version.
-  * Build-depends on kerberos4kth-dev 1.2.1, it includes a new version
-    of libroken.
-  * New major version of libasn1-6-heimdal (was libasn1-5-heimdal).
-
- -- Brian May <bam@debian.org>  Thu,  9 Jan 2003 14:34:54 +1100
-
-heimdal (0.5-1) unstable; urgency=low
-
-  * New upstream version.
-
- -- Brian May <bam@snoopy.apana.org.au>  Sun, 29 Sep 2002 10:06:28 +1000
-
-heimdal (0.4e-20) unstable; urgency=low
-
-  * Add missing depends of kerberos4kth-dev to heimdal-dev (closes:
-    160669).
-  * Add description of changes required to /etc/services to get hprop
-    and/or iprop to work (closes: 139845).
-  * Add sample inetd entry for hprop and sample code in init.d script
-    for iprop (closes: #139851).
-
- -- Brian May <bam@snoopy.apana.org.au>  Fri, 13 Sep 2002 13:34:04 +1000
-
-heimdal (0.4e-19) unstable; urgency=low
-
-  * Apply patch to fix time sync problem (closes: #155816).
-
- -- Brian May <bam@snoopy.apana.org.au>  Tue, 20 Aug 2002 13:04:51 +1000
-
-heimdal (0.4e-18) unstable; urgency=low
-
-  * Apply patches from Mikael Andersson to fix FTP bug, closes: 150967.
-
- -- Brian May <bam@snoopy.apana.org.au>  Thu, 15 Aug 2002 10:05:46 +1000
-
-heimdal (0.4e-17) unstable; urgency=low
-
-  * Use Maintainer Mode for automake.
-  * Include krb5.conf.5heimdal man page (closes: #150293).
-
- -- Brian May <bam@snoopy.apana.org.au>  Tue,  6 Aug 2002 10:30:07 +1000
-
-heimdal (0.4e-16) unstable; urgency=low
-
-  * Fix heap overflow bug in ftp client that allows remote code
-    execution by malicious ftp server.
-  * Don't delete libkafs.so
-
- -- Brian May <bam@snoopy.apana.org.au>  Thu, 30 May 2002 09:33:21 +1000
-
-heimdal (0.4e-15) unstable; urgency=low
-
-  * Attempt to use libraries from kerberos4kth.
-
- -- Brian May <bam@snoopy.apana.org.au>  Mon, 22 Apr 2002 18:03:13 +1000
-
-heimdal (0.4e-14) unstable; urgency=low
-
-  * Attempt to recompile with krb4 support. Closes: #143273.
-    For some reason this was marked as grave, even though the
-    rest of Heimdal functioned OK.
-  * Reopens bug: cyclic dependancies exist between Heimdal and
-    Kerberos4kth. This really needs to get fixed.
-  * Attempt to fix this in debian/patches-0.4e-trial (still needs
-    further work), but this failed as autoconf in Debian doesn't like
-    autoconf files used in Heimdal.
-
- -- Brian May <bam@snoopy.apana.org.au>  Sat, 20 Apr 2002 15:12:57 +1000
-
-heimdal (0.4e-13) unstable; urgency=low
-
-  * Move push to heimdal-clients (closes: #142331).
-  * The 'but I am sure I removed the build depends for kerberos4kth'
-    release. Closes: #142491
-  * Also get rid of libkafs0, as including an empty libkafs0 could be
-    confusing. closes: #142411
-
- -- Brian May <bam@snoopy.apana.org.au>  Fri, 12 Apr 2002 18:44:34 +1000
-
-heimdal (0.4e-12) unstable; urgency=low
-
-  * Remove krb4 support, and remove build depends loop.
-
- -- Brian May <bam@snoopy.apana.org.au>  Wed, 10 Apr 2002 08:29:52 +1000
-
-heimdal (0.4e-11) unstable; urgency=low
-
-  * Move to main.
-  * Attempt to get priorities correct.
-
- -- Brian May <bam@snoopy.apana.org.au>  Wed,  3 Apr 2002 09:12:15 +1000
-
-heimdal (0.4e-10) unstable; urgency=low
-
-  * Change build depends from libssl096-dev to libssl-dev, closes:
-    #140690.
-  * Some dependancies are still in non-us, so this can't go in
-    main yet. Examples: krb5-config and kerberos4kth.
-
- -- Brian May <bam@snoopy.apana.org.au>  Mon,  1 Apr 2002 10:39:31 +1000
-
-heimdal (0.4e-9) unstable; urgency=low
-
-  * Use /bin/login instead of /usr/sbin/login (which doesn't exist),
-    closes #139250. /bin/login is better then the login provided with
-    Heimdal, as it provides support for PAM.
-
- -- Brian May <bam@snoopy.apana.org.au>  Thu, 21 Mar 2002 16:19:28 +1100
-
-heimdal (0.4e-8) unstable; urgency=low
-
-  * heimdal-servers: add conflicts qpopper (closes: #137208).
-  * Add russian debconf template (closes: #137657). I hope the character
-    encoding comes up Ok...
-  * Added note in README.Debian on making ksu setuid root (closes: #84468).
-
- -- Brian May <bam@snoopy.apana.org.au>  Thu, 14 Mar 2002 11:35:15 +1100
-
-heimdal (0.4e-7) unstable; urgency=low
-
-  * Move krb5-config man page to heimdal-dev (closes: #135957).
-  * Fix extended descriptions (closes #135525, #135515).
-  * Move ktutil man page to heimdal-clients (closes: #136449).
-
- -- Brian May <bam@snoopy.apana.org.au>  Mon,  4 Mar 2002 14:19:53 +1100
-
-heimdal (0.4e-6) unstable; urgency=low
-
-  * Versioned conflicts against openafs (closes: #127817,#128105).
-
- -- Brian May <bam@snoopy.apana.org.au>  Tue,  8 Jan 2002 11:19:12 +1100
-
-heimdal (0.4e-5) unstable; urgency=low
-
-  * Change conflicts keerberos4kth-clients, as it has changed from
-    kerberos4kth-user (closes: #124020). heimdal-clients is supposed to
-    have Kerberos4kth support, hence there should be no need to have
-    both installed as the same time.
-  * Build problem on hppa was previously fixed (closes: #101064). 
-  * Fix BSD license (closes: #123822).
-
- -- Brian May <bam@snoopy.apana.org.au>  Fri, 21 Dec 2001 11:46:23 +1100
-
-heimdal (0.4e-4) unstable; urgency=low
-
-  * Move login back to /usr/sbin/login.
-  * Use update-alternatives for pagsh.
-  * Apply patch to stop kstash from segfaulting (closes: #120502).
-
- -- Brian May <bam@snoopy.apana.org.au>  Tue,  4 Dec 2001 20:30:38 +1100
-
-heimdal (0.4e-3) unstable; urgency=low
-
-  * Move files to correct packages (closes: #121131)
-
- -- Brian May <bam@snoopy.apana.org.au>  Mon, 26 Nov 2001 09:22:36 +1100
-
-heimdal (0.4e-2) unstable; urgency=low
-
-  * Kerberos 4 support (closes: #65387).
-  * Build libsl packages (closes: #120496).
-
- -- Brian May <bam@snoopy.apana.org.au>  Wed, 14 Nov 2001 17:49:40 +1100
-
-heimdal (0.4e-1) unstable; urgency=low
-
-  * New upstream version.
-
- -- Brian May <bam@snoopy.apana.org.au>  Mon, 10 Sep 2001 09:40:06 +1000
-
-heimdal (0.4c-2) unstable; urgency=low
-
-  * Include devfs fix, telnetd now supports /dev/pts filesystem.
-
- -- Brian May <bam@snoopy.apana.org.au>  Mon,  6 Aug 2001 14:20:50 +1000
-
-heimdal (0.4c-1) unstable; urgency=low
-
-  * New upstream version.
-
- -- Brian May <bam@snoopy.apana.org.au>  Sun, 29 Jul 2001 14:33:17 +1000
-
-heimdal (0.3f-1) unstable; urgency=low
-
-  * New upstream version.
-  * Move krb5.conf.5.gz man page from libkrb5 package to heimdal-doc,
-    in order to allow different versions of libkrb5 to be installed
-    at same time. What was I thinking?
-  * Previous compilation was based on old libraries. Lets try again...
-
- -- Brian May <bam@snoopy.apana.org.au>  Thu, 28 Jun 2001 09:05:09 +1000
-
-heimdal (0.3e-6) unstable; urgency=low
-
-  * heimdal-dev no longer conflicts with kerberos4kth-dev.
-  * build conflicts with heimdal-dev, due to libtool hack.
-  * remove build dependancy on kerberos4kth-dev, as it is not
-    yet used.
-  * remove kafs.h and kafs.3.gz is these conflict with files from
-    kerberos4kth.
-
- -- Brian May <bam@snoopy.apana.org.au>  Tue, 12 Jun 2001 09:41:34 +1000
-
-heimdal (0.3e-5) unstable; urgency=low
-
-  * Fix library dependancy problem on libdb.
-  * Use libtool 1.4. Other packages should link -lkrb5 or -lgssapi,
-    and none of the other libraries (unless really required).
-  * Split libraries apart.
-  * Remove libsl, as it doesn't seem to be used anymore.
-  * Remove conflicts with kerberos4kth libraries (closes: #58090).
-  * Attempt build with kerberos4kth libraries (not-closed: #65387);
-    attempt failed (compile error); waiting till I get more time to fix
-    this or for somebody to fix it for me ;-).
-  * Uses updated config.sub and config.guess files from libtool 1.4
-    (as far as I can tell). Closes: #98153.
-  * add 31_autotools patch to work around install libtool bug.
-
- -- Brian May <bam@snoopy.apana.org.au>  Tue, 22 May 2001 11:14:25 +1000
-
-heimdal (0.3e-4) unstable; urgency=low
-
-  * Fix more silly postinst bugs. Disable anonymous ftp logins
-    by default.
-
- -- Brian May <bam@debian.org>  Thu, 22 Feb 2001 09:38:40 +1100
-
-heimdal (0.3e-3) unstable; urgency=low
-
-  * Use update-alternatives for rcp (closes: #86702)
-  * Remove update-alternatives for rsh when package is removed.
-  * Add upstream patch to select versions for replay_log.
-
- -- Brian May <bam@debian.org>  Wed, 21 Feb 2001 09:04:58 +1100
-
-heimdal (0.3e-2) unstable; urgency=low
-
-  * Disable anonymous ftp logins by default. This can be changed by
-    using the -a option to ftpd in /etc/inetd.conf.
-  * Add upstream patch to fix weak key detection.
-
- -- Brian May <bam@debian.org>  Sat, 17 Feb 2001 13:52:35 +1100
-
-heimdal (0.3e-1) unstable; urgency=low
-
-  * New upstream version 0.3e. Warning: This fixes a potential security
-    problem (buffer overrun) in ftpd.
-
- -- Brian May <bam@debian.org>  Tue,  6 Feb 2001 12:59:14 +1100
-
-heimdal (0.3d-8) unstable; urgency=low
-
-  * Change section to non-US.
-  * Add german translation to heimdal-lib.templates file (closes: #83754).
-  * Add german translation to heimdal-kdc.templates file (closes: #83864).
-  * Add Depends: libssl096 to heimdal-dev, so packages that use
-    heimdal-dev no longer need to include this in build-depends:
-    (unless they really do guse libssl).
-  * disable openldap support by default (I may enable it latter)
-    (closes: #83993).
-  * add patch for openldap.
-  * don't build binary-all for binary-dep target (closes: #84171).
-
- -- Brian May <bam@debian.org>  Wed, 31 Jan 2001 09:26:39 +1100
-
-heimdal (0.3d-7) unstable; urgency=low
-
-  * Replace missing prerm script for heimdal-kdc, as kadmind wasn't being
-    disabled (in /etc/inetd.conf) on --remove (closes: #83526).
-  * Fix type in postrm script for heimdal-servers, as inetd entry for ftp
-    wasn't getting removed on -purge.
-  * Fix type in postrm script for heimdal-servers-x, as inetd entry for kx
-    wasn't getting removed on -purge.
-  * Add swedish translation to heimdal-lib.templates file.
-    Also add same translation to question in heimdal-kdc.templates, as the
-    question is exactly the same (closes: #83535).
-
- -- Brian May <bam@debian.org>  Fri, 26 Jan 2001 10:27:13 +1100
-
-heimdal (0.3d-6) unstable; urgency=low
-
-  * Use rsh-server and telnet-sever virtual packages (see bug #77404).
-
- -- Brian May <bam@debian.org>  Thu, 18 Jan 2001 18:20:54 +1100
-
-heimdal (0.3d-5) unstable; urgency=low
-
-  * Fix ftp bug with ports > 32767 (closes: #81663).
-  * Move krb5-config to heimdal-dev.
-
- -- Brian May <bam@debian.org>  Fri, 12 Jan 2001 09:02:03 +1100
-
-heimdal (0.3d-4) unstable; urgency=low
-
-  * Better, non-hacked fix for krb5-config. Patch from
-    GOMBAS Gabor <gombasg@inf.elte.hu>.
-
- -- Brian May <bam@debian.org>  Tue,  9 Jan 2001 10:13:28 +1100
-
-heimdal (0.3d-3) unstable; urgency=low
-
-  * Compile using libssl026 instead of libdes. Patch from
-    GOMBAS Gabor <gombasg@inf.elte.hu>.
-
- -- Brian May <bam@debian.org>  Sat,  6 Jan 2001 10:30:03 +1100
-
-heimdal (0.3d-2) unstable; urgency=low
-
-  * Add libdb2-dev to build-depends (closes: #80442).
-
- -- Brian May <bam@debian.org>  Tue, 26 Dec 2000 10:59:44 +1100
-
-heimdal (0.3d-1) unstable; urgency=low
-
-  * New upstream version.
-
- -- Brian May <bam@debian.org>  Tue, 12 Dec 2000 16:20:34 +1100
-
-heimdal (0.3c-6) unstable; urgency=low
-
-  * Rename xnlock.man to xnlock.1, closes: #78117
-  * Move xnlock.1 to heimdal-clients-x.
-
- -- Brian May <bam@debian.org>  Tue, 28 Nov 2000 09:55:12 +1100
-
-heimdal (0.3c-5) unstable; urgency=low
-
-  * New structure for source. Now there is a different patch for each
-  change from upstream (closes: 77000).
-  * Move TODO and NEWS documentation to heimdal-docs, where it should always
-  have been
-  * Apply patch from
-  http://ns1.logidee.com/~joko/heimdal/src/heimdal_cache.patch,
-  which should allow PAM module to work.
-
- -- Brian May <bam@debian.org>  Sat, 18 Nov 2000 13:04:39 +1100
-
-heimdal (0.3c-4) unstable; urgency=low
-
-  * applied patch to fix ftpd problem (closes: #64746).
-
- -- Brian May <bam@debian.org>  Wed,  8 Nov 2000 17:26:16 +1100
-
-heimdal (0.3c-3) unstable; urgency=low
-
-  * Try to strip binaries again, by making libeditline libtool
-  controlled.
-
- -- Brian May <bam@debian.org>  Mon,  9 Oct 2000 09:20:27 +1100
-
-heimdal (0.3c-2) unstable; urgency=low
-
-  * applied patch to disable line editing in ftp (closes: #69301).
-
- -- Brian May <bam@debian.org>  Thu,  5 Oct 2000 09:15:44 +1100
-
-heimdal (0.3c-1) unstable; urgency=low
-
-  * New upstream version.
-  * applied patch to fix missing newline problem in ftp (closes: #64289).
-  * dh_strip commented out, as it crashed the build process.
-    A bug (#73637) has been opened on this issue.
-
- -- Brian May <bam@debian.org>  Mon,  2 Oct 2000 10:07:53 +1100
-
-heimdal (0.3b-2) unstable; urgency=low
-
-  * Add debhelper, xlib6g-dev to build dependancies (closes: #70718).
-  
-  * Change documentation to indicate that kadmind uses kadmind.acl,
-    not kadm5.acl, as previously specified. Add warning in default
-    kdc.conf file that it needs checking, as it may not be
-    correct. Everything should work OK though with default values.
-    closes: #69139.
-
- -- Brian May <bam@debian.org>  Sat,  2 Sep 2000 15:46:53 +1100
-
-heimdal (0.3b-1) unstable; urgency=low
-
-  * New upstream version.
-  
-  * Shouldn't conflict with telnet anymore, as both use
-    update-alternatives (not tested yet).
-  
-  * Provides telnet-client instead of telnet, as telnet-client is now
-    the accepted virtual package (see closed bug #58759).
-
- -- Brian May <bam@debian.org>  Wed, 30 Aug 2000 10:58:07 +1100
-
-heimdal (0.3a-2) unstable; urgency=low
-
-  * Remove /usr/include/glob.h from heimdal-dev (closes: #68649). This
-  file conflicts with libc6-dev.
-
-  * For some reason heimdal doesn't detect /usr/include/glob.h, why?
-
- -- Brian May <bam@debian.org>  Sun,  6 Aug 2000 18:07:52 +1000
-
-heimdal (0.3a-1) unstable; urgency=low
-
-  * New upstream version.
-  
-  * -rpath hack no longer required.
-  
-  * fix bug in postinst script (closes: #67509).
-
-  * No longer conflicts with rsh-client (<< 0.16.1-1), as rsh-client
-  now uses update-alternatives (closes: #58102).
-
-  * Uses new libtool version 1.3c (closes: 59037).
-
- -- Brian May <bam@debian.org>  Mon, 31 Jul 2000 13:21:21 +1000
-
-heimdal (0.2t-1) unstable; urgency=low
-
-  * New upstream version.
-
- -- Brian May <bam@debian.org>  Fri, 19 May 2000 15:24:31 +1000
-
-heimdal (0.2r-2) unstable; urgency=low
-
-  * Add Build-Depends and Build-Conflicts line. It is possible
-  that the Build-Conflicts might be excessive (some libraries  
-  can be turned of with command line options to Configure),
-  however, I think this is safest for now.
-
- -- Brian May <bam@debian.org>  Sun, 16 Apr 2000 10:29:33 +1000
-
-heimdal (0.2r-1) unstable; urgency=low
-
-  * New upstream version.
-  * Fix yet another silly typo in postinst script.
-  * Added hack to use defaults inside kadmin init without crashing.
-
- -- Brian May <bam@debian.org>  Wed,  5 Apr 2000 14:36:55 +1000
-
-heimdal (0.2q-3) unstable; urgency=low
-
-  * fix silly typo in postinst script (closes: #61482).
-
- -- Brian May <bam@debian.org>  Sat,  1 Apr 2000 12:33:34 +1000
-
-heimdal (0.2q-2) unstable; urgency=low
-
-  * Password to kstash now handled by debconf.
-
- -- Brian May <bam@debian.org>  Sun, 12 Mar 2000 12:16:25 +1100
-
-heimdal (0.2q-1) unstable; urgency=low
-
-  * New upstream version.
-  * Looking through the upstream Changelog, I cannot see any changes
-  that might break functionality that wasn't already broken.
-  * Fix problem with debconf script (closes: #58011).
-  * Change ftp dependancy to ftp-server (closes: #58118).
-  * Replaced power-pc fix with patch from upstream.
-  * Fixed shlibs dependancy information - all executables will now
-  depend on *this* upstream version of heimdal-lib. This is currently
-  a hacked solution to allow clean (future) upgrades.
-  * Moved README.Debian to heimdal-docs.
-  * Include doc/standardisation in heimdal-docs, contains information
-  not found elsewhere.
-  * Use update-alternatives for rsh.
-  * Hack debian/rules not to run configure.
-  * ftp/ftpd no longer seems to work, fixes welcome.
-  * This should really go to frozen, but because of above problem
-  will go into unstable only.
-  
- -- Brian May <bam@debian.org>  Fri, 25 Feb 2000 15:46:16 +1100
-
-heimdal (0.2l-7) frozen unstable; urgency=low
-
-  * Copied copyright file from doc/heimdal.texi
-  * heimdal-servers no longer conflicts with rsh-server (closes: #57545).
-  * heimdal-lib conflicts with kerberos4kth (closes: #57587, #57602, #57654).
-  * this conflicts business is never ending...
-  * fixed minor bugs in README.Debian, eg there is no need to
-  extract the kadmin/admin key to /etc/krb5.keytab.
-  * fixed compilation problem on power-pc (closes: #57919).
-
- -- Brian May <bam@debian.org>  Sun, 13 Feb 2000 19:46:37 +1100
-
-heimdal (0.2l-6) frozen unstable; urgency=low
-
-  * Move /usr/bin/compile_et into heimdal-dev.
-  * heimdal-clients conflicts with otp.
-  * heimdal-dev conflicts with ss-dev and comerr-dev (closes: #56281).
-  * minor changes to sample kdc.conf file. eg stash file created
-  by postinst script wasn't used by kdc...
-
- -- Brian May <bam@debian.org>  Sat, 29 Jan 2000 09:58:00 +1100
-
-heimdal (0.2l-5) frozen unstable; urgency=low
-
-  * Heimdal-servers: reenable telnet properly after upgrade
-    (closes: #55733).
-  * Change section to non-US/main (closes: #55546).
-  * These changes wont break anything that wasn't already broken ;-).
-  
- -- Brian May <bam@debian.org>  Thu, 20 Jan 2000 16:13:21 +1100
-
-heimdal (0.2l-4) frozen unstable; urgency=low
-
-  * heimdal-kdc nows starts password server, so users can change
-    passwords.
-  * heimdal-kdc now inserts entry for kadmind into /etc/inetd.conf.
-    kadmind is essential for normal kerberos administration.
-  * Fix /etc/init.d/heimdal-kdc restart so it works.
-  * No code has been changed/added/removed apart from postinst,
-    prerm, postrm and init scripts for the above changes.
-  * Got rid of stupid looking syntax for log file in sample kdc.conf.
-  * Minor changes (including addition of examples) into README.Debian.
-  * Known problem: debconf doesn't replace default value for
-    some reason on initial installation. I can't see whats wrong...
-    This is annoying, but not a critical problem.
-
- -- Brian May <bam@snoopy.apana.org.au>  Mon, 17 Jan 2000 19:07:06 +1100
-
-heimdal (0.2l-3) unstable; urgency=low
-
-  * Conflicts with kerberos4kth packages. closes: #54783.
-  * Move kstash and man page to heimdal-kdc.
-  * Move kxd man page to heimdal-servers-x.
-  * Move kadmind page to heimdal-kdc.
-  * Move kpasswdd and man page to heimdal-kdc.
-  * Fix permissions of /var/lib/heimdal-kdc.
-
- -- Brian May <bam@snoopy.apana.org.au>  Fri, 14 Jan 2000 19:18:51 +1100
-
-heimdal (0.2l-2) unstable; urgency=low
-
-  * Move man pages into proper packages.
-  * heimdal-servers now conflicts and provides ftpd.
-    (closes: #54818).
-  * Problems believed to already be fixed. closes: #54792.
-  * heimdal-lib postrm: add -f parameter to rm so that it will not
-    fail if the file doesn't exist. closes: #54847.
-  * Rename telnet and ftp to ktelnet and kftp respectively.
-  * Use update-alternatives for ftp and telnet.
-    (note rxtelnet still uses telnet, not ktelnet).
-
- -- Brian May <bam@snoopy.apana.org.au>  Thu, 13 Jan 2000 10:47:14 +1100
-
-heimdal (0.2l-1) unstable; urgency=low
-
-  * New upstream source.
-  * heimdal-clients now provides ftp, telnet, and rsh-client
-    (closes: #54497).
-  * heimdal-servers now provides telnetd and rsh-server.
-
- -- Brian May <bam@snoopy.apana.org.au>  Sun,  9 Jan 2000 10:00:02 +1100
-
-heimdal (0.2j-1) unstable; urgency=low
-
-  * New upstream source.
-  * Improved debconf support, using setconfig helper program.
-  * setconfig may not parse all valid configuration files correctly.
-    Patches welcome!
-  * Moved /usr/bin/login to /usr/lib/heimdal-servers/login, as I
-    suspect this will help porting to the Hurd, if/when anyone tries.
-  * kdc now supports (and requires) logrotate.
-  * kdc tested and now works with minimal configuration.
-  * heimdal-kdc does not support dpkg-reconfigure (not sure how to
-    reconfigure without deleting existing setup first).
-
- -- Brian May <bam@snoopy.apana.org.au>  Wed,  5 Jan 2000 02:31:00 +0000
-
-heimdal (0.2i-1) unstable; urgency=low
-
-  * Initial Release.
-
- -- Brian May <bam@snoopy.apana.org.au>  Wed,  8 Dec 1999 11:54:13 +1100
-
diff --git a/crypto/heimdal/packages/debian/compat b/crypto/heimdal/packages/debian/compat
deleted file mode 100644
index b8626c4cff28..000000000000
--- a/crypto/heimdal/packages/debian/compat
+++ /dev/null
@@ -1 +0,0 @@
-4
diff --git a/crypto/heimdal/packages/debian/control b/crypto/heimdal/packages/debian/control
deleted file mode 100644
index b276bd8959f5..000000000000
--- a/crypto/heimdal/packages/debian/control
+++ /dev/null
@@ -1,276 +0,0 @@
-Source: heimdal
-Section: net
-Priority: optional
-Maintainer: Love Hornquist Astrand <lha@h5l.org>
-Standards-Version: 3.7.2
-Build-Depends: libncurses5-dev, bison, flex, debhelper (>= 4.1.16), libx11-dev, libxau-dev, libxt-dev, libedit-dev, libdb4.4-dev, libssl-dev (>= 0.9.8), cdbs, quilt, comerr-dev (>= 1.35-1), libldap2-dev, texinfo
-Build-Conflicts: heimdal-dev
-
-Package: heimdal-docs
-Section: doc
-Priority: extra
-Architecture: all
-Depends: 
-Replaces: heimdal-lib (<< 0.3c-5), libkrb5-15-heimdal, heimdal-servers (<< 0.6.3-3)
-Conflicts: heimdal-lib (<< 0.3c-5)
-Suggests: heimdal-clients, heimdal-clients-x, heimdal-servers, heimdal-servers-x
-Description: Documentation for Heimdal Kerberos
- Heimdal is a free implementation of Kerberos 5, that aims to be
- compatible with MIT Kerberos.
- .
- This package includes documentation (in info format) on how to
- use Heimdal, and relevant standards for Kerberos.
-
-Package: heimdal-kdc
-Priority: extra
-Architecture: any
-Conflicts: kerberos4kth-kdc, heimdal-clients (<< 0.4e-3), heimdal-servers (<< 0.6.3-3), krb5-kdc, krb5-admin-server
-Depends: ${shlibs:Depends}, heimdal-clients, logrotate, debconf (>= 0.5.00) | debconf-2.0, krb5-config, netbase, openbsd-inetd | inet-superserver, update-inetd
-Replaces: heimdal-clients (<< 0.7.2-1), heimdal-servers (<< 0.4e-3)
-Suggests: heimdal-docs
-Description: KDC for Heimdal Kerberos
- Heimdal is a free implementation of Kerberos 5, that aims to be
- compatible with MIT Kerberos.
- .
- This package includes the KDC (key distribution centre) server,
- which is designed to run on a secure computer and keeps track
- of users passwords. This is done using the Kerberos protocol in
- such a way that the server computers do not need to know user's
- passwords.
-
-Package: heimdal-dev
-Section: devel
-Priority: extra
-Architecture: any
-Conflicts: heimdal-clients (<< 0.4e-7), kerberos4kth-dev
-Depends: libasn1-8-heimdal (= ${Source-Version}), libkrb5-22-heimdal (= ${Source-Version}), libhdb9-heimdal (= ${Source-Version}), libkadm5srv8-heimdal (= ${Source-Version}), libkadm5clnt7-heimdal (= ${Source-Version}), libgssapi2-heimdal (= ${Source-Version}), libkafs0-heimdal (= ${Source-Version}), libheimntlm-0-heimdal (= ${Source-Version}), libhx509-1-heimdal (= ${Source-Version}), comerr-dev
-Replaces: heimdal-clients (<< 0.4e-7)
-Suggests: heimdal-docs
-Description: Development files for Heimdal Kerberos
- Heimdal is a free implementation of Kerberos 5, that aims to be
- compatible with MIT Kerberos.
- .
- This is the development package, required for developing
- programs for Heimdal.
-
-Package: heimdal-clients-x
-Priority: extra
-Architecture: any
-Depends: ${shlibs:Depends}, netbase, heimdal-clients
-Replaces: heimdal-clients (<< 0.2l-2)
-Conflicts: heimdal-clients (<< 0.2l-2), kerberos4kth-x11
-Suggests: heimdal-docs
-Description: X11 files for Heimdal Kerberos
- Heimdal is a free implementation of Kerberos 5, that aims to be
- compatible with MIT Kerberos.
- .
- This package includes kerberos client programs for forwarding the X
- connection securely to a remote computer.
-
-Package: heimdal-clients
-Priority: extra
-Architecture: any
-Depends: ${shlibs:Depends}, krb5-config
-Conflicts: telnet (<< 0.17-1), ftp (<< 0.16-1), rsh-client (<< 0.16.1-1), netstd, telnet-ssl (<< 0.14.9-2), ssltelnet, kerberos4kth-user, kerberos4kth-clients, otp, heimdal-servers (<< 0.4e-7), openafs-client (<< 1.2.2-3)
-Provides: telnet-client, ftp, rsh-client
-Suggests: heimdal-docs, heimdal-kcm
-Replaces: heimdal-servers (<< 0.6.3-12)
-Description: Clients for Heimdal Kerberos
- Heimdal is a free implementation of Kerberos 5, that aims to be
- compatible with MIT Kerberos.
- .
- This package includes client programs like telnet and ftp that have been
- compiled with Kerberos support.
-
-Package: heimdal-kcm
-Priority: extra
-Architecture: any
-Depends: ${shlibs:Depends}
-Description: KCM for Heimdal Kerberos
- Heimdal is a free implementation of Kerberos 5, that aims to be
- compatible with MIT Kerberos.
- .
- This package includes the KCM daemon.
- The kcm daemon can hold the credentials for all users in the system.
- Access control is done with Unix-like permissions.  The daemon checks the
- access on all operations based on the uid and gid of the user.  The
- tickets are renewed as long as is permitted by the KDC's policy.
-
-Package: heimdal-servers-x
-Priority: extra
-Architecture: any
-Conflicts: kerberos4kth-x11, heimdal-servers (<< 0.2l-3)
-Depends: ${shlibs:Depends}, netbase, heimdal-servers
-Suggests: heimdal-docs
-Replaces: heimdal-servers (<< 0.2l-3)
-Description: X11 files for Heimdal Kerberos
- Heimdal is a free implementation of Kerberos 5, that aims to be
- compatible with MIT Kerberos.
- .
- This package includes kerberos server programs for forwarding the X
- connection securely from a remote computer.
-
-Package: heimdal-servers
-Priority: extra
-Architecture: any
-Depends: ${shlibs:Depends}, netbase, krb5-config, update-inetd, openbsd-inetd | inet-superserver
-Conflicts: telnetd,  wu-ftpd-academ (<< 2.5.0), netstd, heimdal-clients (<< 0.2l-2), telnetd-ssl, kerberos4kth-services, ftp-server, rsh-server, telnet-server, pop3-server
-Provides: ftp-server, rsh-server, telnet-server
-Suggests: heimdal-docs
-Replaces: heimdal-clients (<< 0.2l-2)
-Description: Servers for Heimdal Kerberos
- Heimdal is a free implementation of Kerberos 5, that aims to be
- compatible with MIT Kerberos.
- .
- This package includes servers like telnetd and ftpd that have been
- compiled with Heimdal support.
-
-Package: libasn1-8-heimdal
-Section: libs
-Architecture: any
-Depends: ${shlibs:Depends}
-Replaces: heimdal-lib (<< 0.3e-5)
-Conflicts: heimdal-libs (<< 0.3e-5)
-Description: Libraries for Heimdal Kerberos
- Heimdal is a free implementation of Kerberos 5, that aims to be
- compatible with MIT Kerberos.
- .
- This package contains the asn1 parser required for Heimdal.
-
-Package: libkrb5-22-heimdal
-Section: libs
-Architecture: any
-Depends: ${shlibs:Depends}
-Replaces: heimdal-lib (<< 0.3e-5)
-Conflicts: heimdal-libs (<< 0.3e-5)
-Description: Libraries for Heimdal Kerberos
- Heimdal is a free implementation of Kerberos 5, that aims to be
- compatible with MIT Kerberos.
- .
- This package contains the kerberos 5 library.
-
-Package: libheimntlm-0-heimdal
-Section: libs
-Architecture: any
-Depends: ${shlibs:Depends}
-Description: Libraries for Heimdal Kerberos
- Heimdal is a free implementation of Kerberos 5, that aims to be
- compatible with MIT Kerberos.
- .
- This package contains the NTLM library.
-
-Package: libhx509-1-heimdal
-Section: libs
-Architecture: any
-Depends: ${shlibs:Depends}
-Description: Libraries for Heimdal Kerberos
- Heimdal is a free implementation of Kerberos 5, that aims to be
- compatible with MIT Kerberos.
- .
- This package contains the hx509 library, and X.509 library.
-
-Package: libhcrypto-4-heimdal
-Section: libs
-Architecture: any
-Depends: ${shlibs:Depends}
-Description: Libraries for Heimdal Kerberos
- Heimdal is a free implementation of Kerberos 5, that aims to be
- compatible with MIT Kerberos.
- .
- This package contains the hcrypto library.
-
-Package: libhdb9-heimdal
-Section: libs
-Architecture: any
-Depends: ${shlibs:Depends}
-Replaces: heimdal-lib (<< 0.3e-5)
-Conflicts: heimdal-libs (<< 0.3e-5)
-Description: Libraries for Heimdal Kerberos
- Heimdal is a free implementation of Kerberos 5, that aims to be
- compatible with MIT Kerberos.
- .
- This package contains the library for storing the KDC database.
-
-Package: libkadm5srv8-heimdal
-Section: libs
-Architecture: any
-Depends: ${shlibs:Depends}
-Replaces: heimdal-lib (<< 0.3e-5)
-Conflicts: heimdal-libs (<< 0.3e-5)
-Description: Libraries for Heimdal Kerberos
- Heimdal is a free implementation of Kerberos 5, that aims to be
- compatible with MIT Kerberos.
- .
- This package contains the server library for kadmin.
-
-Package: libkadm5clnt7-heimdal
-Section: libs
-Architecture: any
-Depends: ${shlibs:Depends}
-Replaces: heimdal-lib (<< 0.3e-5)
-Conflicts: heimdal-libs (<< 0.3e-5)
-Description: Libraries for Heimdal Kerberos
- Heimdal is a free implementation of Kerberos 5, that aims to be
- compatible with MIT Kerberos.
- .
- This package contains the client library for kadmin.
-
-Package: libgssapi2-heimdal
-Section: libs
-Architecture: any
-Depends: ${shlibs:Depends}
-Replaces: heimdal-lib (<< 0.3e-5)
-Conflicts: heimdal-libs (<< 0.3e-5)
-Description: Libraries for Heimdal Kerberos
- Heimdal is a free implementation of Kerberos 5, that aims to be
- compatible with MIT Kerberos.
- .
- This package contains the library for GSSAPI support.
-
-Package: libkafs0-heimdal
-Section: libs
-Priority: extra
-Architecture: any
-Depends: ${shlibs:Depends}
-Description: Libraries for Heimdal Kerberos
- Heimdal is a free implementation of Kerberos 5, that aims to be
- compatible with MIT Kerberos.
- .
- This package contains the library for KAFS support.
-
-Package: libroken18-heimdal
-Section: libs
-Priority: extra
-Architecture: any
-Conflicts: libroken16-kerberos4kth
-Depends: ${shlibs:Depends}
-Description: Libraries for Heimdal Kerberos
- Heimdal is a free implementation of Kerberos 5, that aims to be
- compatible with MIT Kerberos.
- .
- This package contains the library for roken support.
-
-Package: libotp0-heimdal
-Section: libs
-Priority: extra
-Architecture: any
-Conflicts: libotp0-kerberos4kth
-Depends: ${shlibs:Depends}
-Description: Libraries for Heimdal Kerberos
- Heimdal is a free implementation of Kerberos 5, that aims to be
- compatible with MIT Kerberos.
- .
- This package contains the library for OTP support.
-
-Package: libsl0-heimdal
-Section: libs
-Priority: extra
-Architecture: any
-Conflicts: libsl0-kerberos4kth
-Depends: ${shlibs:Depends}
-Description: Libraries for Heimdal Kerberos
- Heimdal is a free implementation of Kerberos 5, that aims to be
- compatible with MIT Kerberos.
- .
- This package contains the library for SL support.
-
diff --git a/crypto/heimdal/packages/debian/copyright b/crypto/heimdal/packages/debian/copyright
deleted file mode 100644
index b6b297dea6c6..000000000000
--- a/crypto/heimdal/packages/debian/copyright
+++ /dev/null
@@ -1,195 +0,0 @@
-This package was debianized by Brian May <bam@snoopy.apana.org.au> on
-Wed,  8 Dec 1999 11:54:13 +1100.
-
-It was downloaded from http://www.pdc.kth.se/heimdal/
-
-Upstream Authors: heimdal-bugs@h5l.se
-(see above URL for mailing list info).
-
-Copyrights:
-
-As found in doc/heimdal.texi.
-
-
-Copyright (c) 1997-2007 Kungliga Tekniska H�gskolan 
-(Royal Institute of Technology, Stockholm, Sweden).
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-
-1. Redistributions of source code must retain the above copyright
-   notice, this list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-
-3. Neither the name of the Institute nor the names of its contributors
-   may be used to endorse or promote products derived from this software
-   without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
-
-
-Copyright (C) 1990 by the Massachusetts Institute of Technology
-
-Export of this software from the United States of America may
-require a specific license from the United States Government.
-It is the responsibility of any person or organization contemplating
-export to obtain such a license before exporting.
-
-WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission.  M.I.T. makes no representations about the suitability of
-this software for any purpose.  It is provided "as is" without express
-or implied warranty.
-
-
-
-Copyright (c) 1988, 1990, 1993
-     The Regents of the University of California.  All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-
-1. Redistributions of source code must retain the above copyright
-   notice, this list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-
-3. Neither the name of the University nor the names of its contributors
-   may be used to endorse or promote products derived from this software
-   without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
-
-
-Copyright 1992 Simmule Turner and Rich Salz.  All rights reserved. 
-
-This software is not subject to any license of the American Telephone 
-and Telegraph Company or of the Regents of the University of California. 
-
-Permission is granted to anyone to use this software for any purpose on
-any computer system, and to alter it and redistribute it freely, subject
-to the following restrictions:
-
-1. The authors are not responsible for the consequences of use of this
-   software, no matter how awful, even if they arise from flaws in it.
-
-2. The origin of this software must not be misrepresented, either by
-   explicit claim or by omission.  Since few users ever read sources,
-   credits must appear in the documentation.
-
-3. Altered versions must be plainly marked as such, and must not be
-   misrepresented as being the original software.  Since few users
-   ever read sources, credits must appear in the documentation.
-
-4. This notice may not be removed or altered.
-
-
-
-IMath is Copyright 2002-2005 Michael J. Fromberger
-You may use it subject to the following Licensing Terms:
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-
-
-Copyright (c) 2005 Doug Rabson
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the above copyright
-   notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-
-THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
-
-
-Copyright (c) 2005 Marko Kreen
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the above copyright
-       notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
-       notice, this list of conditions and the following disclaimer in the
-       documentation and/or other materials provided with the distribution.
-
-THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.	IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
diff --git a/crypto/heimdal/packages/debian/extras/default b/crypto/heimdal/packages/debian/extras/default
deleted file mode 100644
index d2d6b1e7370f..000000000000
--- a/crypto/heimdal/packages/debian/extras/default
+++ /dev/null
@@ -1,17 +0,0 @@
-# Do we start the KDC?
-KDC_ENABLED=yes
-KDC_PARAMS=""
-
-# the kpasswdd?
-KPASSWDD_ENABLED=yes
-KPASSWDD_PARAMS=""
-
-# kprop master?
-MASTER_ENABLED=no
-
-# How about the kprop slave?
-SLAVE_ENABLED=no
-
-# Add at least your master server name here when using iprop-replication
-# otherwise it would fail silently.
-SLAVE_PARAMS=""
diff --git a/crypto/heimdal/packages/debian/extras/kadmind.acl b/crypto/heimdal/packages/debian/extras/kadmind.acl
deleted file mode 100644
index e5da87fb59d7..000000000000
--- a/crypto/heimdal/packages/debian/extras/kadmind.acl
+++ /dev/null
@@ -1 +0,0 @@
-#principal       [priv1,priv2,...]       [glob-pattern]
diff --git a/crypto/heimdal/packages/debian/extras/kdc.conf b/crypto/heimdal/packages/debian/extras/kdc.conf
deleted file mode 100644
index 859133f2cb39..000000000000
--- a/crypto/heimdal/packages/debian/extras/kdc.conf
+++ /dev/null
@@ -1,91 +0,0 @@
-[kdc]
-# See allowed values in krb5_openlog(3) man page.
-logging = FILE:/var/log/heimdal-kdc.log
-
-# detach = boolean
-
-# Gives an upper limit on the size of the requests that the kdc is
-# willing to handle.
-# max-request =  integer
-
-# Turn off the requirement for pre-autentication in the initial AS-
-# REQ for all principals.  The use of pre-authentication makes it
-# more difficult to do offline password attacks.  You might want to
-# turn it off if you have clients that don't support pre-authenti-
-# cation.  Since the version 4 protocol doesn't support any pre-
-# authentication, serving version 4 clients is just about the same
-# as not requiring pre-athentication.  The default is to require
-# pre-authentication.  Adding the require-preauth per principal is
-# a more flexible way of handling this.
-# require-preauth = boolean
-
-# Specifies the set of ports the KDC should listen on.  It is given
-# as a white-space separated list of services or port numbers.
-# ports = 88,750
-
-# The list of addresses to listen for requests on.  By default, the
-# kdc will listen on all the locally configured addresses.  If only
-# a subset is desired, or the automatic detection fails, this
-# option might be used.
-# addresses = list of ip addresses
-
-# respond to Kerberos 4 requests
-# enable-kerberos4 = false
-
-# respond to Kerberos 4 requests from foreign realms.  This is a
-# known security hole and should not be enabled unless you under-
-# stand the consequences and are willing to live with them.
-# enable-kerberos4-cross-realm = false
-
-# respond to 524 requests
-# enable-524 = value of enable-kerberos4
-
-# Makes the kdc listen on port 80 and handle requests encapsulated
-# in HTTP.
-# enable-http = boolean
-
-# What realm this server should act as when dealing with version 4
-# requests.  The database can contain any number of realms, but
-# since the version 4 protocol doesn't contain a realm for the
-# server, it must be explicitly specified.  The default is whatever
-# is returned by krb_get_lrealm().  This option is only availabe if
-# the KDC has been compiled with version 4 support.
-# v4-realm = string
-
-# Enable kaserver emulation (in case it's compiled in).
-# enable-kaserver = false
-
-# Check the addresses in the ticket when processing TGS requests.
-# check-ticket-addresses = true
-
-# Permit tickets with no addresses.  This option is only
-# relevent when check-ticket-addresses is TRUE.
-# allow-null-ticket-addresses = true
-
-# Permit anonymous tickets with no addresses.
-# allow-anonymous = boolean
-
-# Always verify the transited policy, ignoring the
-# disable-transited-check flag if set in the KDC client request.
-# transited-policy = {always-check,allow-per-principal,always-honour-request}
-
-# Encode AS-Rep as TGS-Rep to be bug-compatible with old DCE
-# code. The Heimdal clients allow both.
-# encode_as_rep_as_tgs_rep = boolean
-
-# How long before password/principal expiration the KDC should
-# start sending out warning messages.
-# kdc_warn_pwexpire = time
-
-# Specifies the set of ports the KDC should listen on.  It is given
-# as a white-space separated list of services or port numbers.
-# kdc_ports = 88,750
-
-# [password_quality]
-# check_library = LIBRARY
-# check_function = FUNCTION
-# min_length = value
-
-# [kadmin]
-# default_keys = list of strings
-# use_v4_salt = boolean
diff --git a/crypto/heimdal/packages/debian/heimdal-clients-x.install b/crypto/heimdal/packages/debian/heimdal-clients-x.install
deleted file mode 100644
index 4a441281d950..000000000000
--- a/crypto/heimdal/packages/debian/heimdal-clients-x.install
+++ /dev/null
@@ -1,10 +0,0 @@
-usr/bin/kx
-usr/bin/rxterm
-usr/bin/rxtelnet
-usr/bin/tenletxr
-usr/bin/xnlock
-usr/share/man/man1/kx.1
-usr/share/man/man1/rxterm.1
-usr/share/man/man1/rxtelnet.1
-usr/share/man/man1/tenletxr.1
-usr/share/man/man1/xnlock.1
diff --git a/crypto/heimdal/packages/debian/heimdal-clients.install b/crypto/heimdal/packages/debian/heimdal-clients.install
deleted file mode 100644
index 391197ca0296..000000000000
--- a/crypto/heimdal/packages/debian/heimdal-clients.install
+++ /dev/null
@@ -1,43 +0,0 @@
-usr/bin/afslog
-usr/bin/rsh
-usr/bin/kauth
-usr/bin/kdestroy
-usr/bin/kf
-usr/bin/kgetcred
-usr/bin/kinit
-usr/bin/klist
-usr/bin/kpasswd
-usr/bin/otp
-usr/bin/otpprint
-usr/bin/su
-usr/bin/pfrom
-usr/bin/rcp
-usr/bin/string2key
-usr/bin/ftp
-usr/bin/verify_krb5_conf
-usr/bin/telnet
-usr/bin/pagsh
-usr/sbin/kadmin
-usr/sbin/ktutil
-usr/sbin/push
-usr/share/man/man1/kauth.1
-usr/share/man/man1/kdestroy.1
-usr/share/man/man1/kf.1
-usr/share/man/man1/kinit.1
-usr/share/man/man1/klist.1
-usr/share/man/man1/kpasswd.1
-usr/share/man/man1/otp.1
-usr/share/man/man1/otpprint.1
-usr/share/man/man1/su.1
-usr/share/man/man1/pfrom.1
-usr/share/man/man1/ftp.1
-usr/share/man/man1/telnet.1
-usr/share/man/man1/afslog.1
-usr/share/man/man1/rsh.1
-usr/share/man/man1/kgetcred.1
-usr/share/man/man1/pagsh.1
-usr/share/man/man8/kadmin.8
-usr/share/man/man8/ktutil.8
-usr/share/man/man8/push.8
-usr/share/man/man8/verify_krb5_conf.8
-usr/share/man/man8/string2key.8
diff --git a/crypto/heimdal/packages/debian/heimdal-clients.postinst b/crypto/heimdal/packages/debian/heimdal-clients.postinst
deleted file mode 100644
index db283d7f48fd..000000000000
--- a/crypto/heimdal/packages/debian/heimdal-clients.postinst
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/sh -e
-
-for i in ftp telnet rsh rcp pagsh
-do
-    update-alternatives --install /usr/bin/$i $i /usr/bin/k$i 23 \
-    --slave /usr/share/man/man1/$i.1.gz $i.1.gz /usr/share/man/man1/k$i.1.gz
-done
-
-#DEBHELPER#
-
diff --git a/crypto/heimdal/packages/debian/heimdal-clients.prerm b/crypto/heimdal/packages/debian/heimdal-clients.prerm
deleted file mode 100644
index 46957302a3ab..000000000000
--- a/crypto/heimdal/packages/debian/heimdal-clients.prerm
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/sh -e
-
-if [ "$1" != "upgrade" ]
-then
-    for i in ftp telnet rsh rcp pagsh
-    do
-	update-alternatives --remove $i /usr/bin/k$i
-    done
-fi
-
-#DEBHELPER#
-
-
diff --git a/crypto/heimdal/packages/debian/heimdal-dev.install b/crypto/heimdal/packages/debian/heimdal-dev.install
deleted file mode 100644
index 816fb9fac03b..000000000000
--- a/crypto/heimdal/packages/debian/heimdal-dev.install
+++ /dev/null
@@ -1,8 +0,0 @@
-usr/bin/krb5-config
-usr/bin/mk_cmds
-usr/lib/*.a
-usr/lib/*.la
-usr/lib/*.so
-usr/include
-usr/share/man/man1/krb5-config.1
-usr/share/man/man3
diff --git a/crypto/heimdal/packages/debian/heimdal-docs.install b/crypto/heimdal/packages/debian/heimdal-docs.install
deleted file mode 100644
index 3a18bf34f6aa..000000000000
--- a/crypto/heimdal/packages/debian/heimdal-docs.install
+++ /dev/null
@@ -1,2 +0,0 @@
-usr/share/man/man5/krb5.conf.5
-usr/share/info
diff --git a/crypto/heimdal/packages/debian/heimdal-kcm.init b/crypto/heimdal/packages/debian/heimdal-kcm.init
deleted file mode 100644
index b0b7baf0bf4c..000000000000
--- a/crypto/heimdal/packages/debian/heimdal-kcm.init
+++ /dev/null
@@ -1,69 +0,0 @@
-#! /bin/sh
-#
-# skeleton	example file to build /etc/init.d/ scripts.
-#		This file should be used to construct scripts for /etc/init.d.
-#
-#		Written by Miquel van Smoorenburg <miquels@cistron.nl>.
-#		Modified for Debian GNU/Linux
-#		by Ian Murdock <imurdock@gnu.ai.mit.edu>.
-#
-# Version:	@(#)skeleton  1.8  03-Mar-1998  miquels@cistron.nl
-#
-# This file was automatically customized by dh-make on Wed,  8 Dec 1999 11:54:13 +1100
-
-PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
-KCM_DAEMON="/usr/sbin/kcm"
-KCM_NAME="kcm"
-KCM_DESC="Heimdal KCM"
-KCM_PARAMS="--detach"
-
-test -f $KCM_DAEMON || exit 0
-
-set -e
-
-case "$1" in
-  start)
-	echo -n "Starting $KCM_DESC: "
-	start-stop-daemon --start --quiet \
-		--pidfile /var/run/$KCM_NAME.pid \
-		--exec $KCM_DAEMON -- $KCM_PARAMS
-	echo "$KCM_NAME."
-	;;
-  stop)
-	echo -n "Stopping $KCM_DESC: "
-	start-stop-daemon --stop --oknodo --quiet \
-		--pidfile /var/run/$KCM_NAME.pid \
-		--exec $KCM_DAEMON -- $KCM_PARAMS
-	echo "$KCM_NAME."
-	;;
-  #reload)
-	#
-	#	If the daemon can reload its config files on the fly
-	#	for example by sending it SIGHUP, do it here.
-	#
-	#	If the daemon responds to changes in its config file
-	#	directly anyway, make this a do-nothing entry.
-	#
-	# echo "Reloading $DESC configuration files."
-	# start-stop-daemon --stop --signal 1 --quiet --pidfile \
-	#	/var/run/$NAME.pid --exec $DAEMON
-  #;;
-  restart|force-reload)
-	#
-	#	If the "reload" option is implemented, move the "force-reload"
-	#	option to the "reload" entry above. If not, "force-reload" is
-	#	just the same as "restart".
-	#
-	/etc/init.d/heimdal-kcm stop
-	sleep 1
-	/etc/init.d/heimdal-kcm start
-	;;
-  *)
-	N=/etc/init.d/$NAME
-	# echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
-	echo "Usage: $N {start|stop|restart|force-reload}" >&2
-	exit 1
-	;;
-esac
-
-exit 0
diff --git a/crypto/heimdal/packages/debian/heimdal-kcm.install b/crypto/heimdal/packages/debian/heimdal-kcm.install
deleted file mode 100644
index 5a04cc258605..000000000000
--- a/crypto/heimdal/packages/debian/heimdal-kcm.install
+++ /dev/null
@@ -1,2 +0,0 @@
-usr/sbin/kcm
-usr/share/man/man8/kcm.8
diff --git a/crypto/heimdal/packages/debian/heimdal-kdc.dirs b/crypto/heimdal/packages/debian/heimdal-kdc.dirs
deleted file mode 100644
index 7646c4242d38..000000000000
--- a/crypto/heimdal/packages/debian/heimdal-kdc.dirs
+++ /dev/null
@@ -1,5 +0,0 @@
-etc/default
-etc/heimdal-kdc
-etc/ldap/schema
-usr/lib/heimdal-servers
-var/lib/heimdal-kdc
diff --git a/crypto/heimdal/packages/debian/heimdal-kdc.examples b/crypto/heimdal/packages/debian/heimdal-kdc.examples
deleted file mode 100644
index 2e6a436d5501..000000000000
--- a/crypto/heimdal/packages/debian/heimdal-kdc.examples
+++ /dev/null
@@ -1,2 +0,0 @@
-debian/extras/kdc.conf
-debian/extras/kadmind.acl
diff --git a/crypto/heimdal/packages/debian/heimdal-kdc.init b/crypto/heimdal/packages/debian/heimdal-kdc.init
deleted file mode 100644
index 68be9de488c4..000000000000
--- a/crypto/heimdal/packages/debian/heimdal-kdc.init
+++ /dev/null
@@ -1,124 +0,0 @@
-#! /bin/sh
-#
-# skeleton	example file to build /etc/init.d/ scripts.
-#		This file should be used to construct scripts for /etc/init.d.
-#
-#		Written by Miquel van Smoorenburg <miquels@cistron.nl>.
-#		Modified for Debian GNU/Linux
-#		by Ian Murdock <imurdock@gnu.ai.mit.edu>.
-#
-# Version:	@(#)skeleton  1.8  03-Mar-1998  miquels@cistron.nl
-#
-# This file was automatically customized by dh-make on Wed,  8 Dec 1999 11:54:13 +1100
-
-PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
-KDC_DAEMON=/usr/lib/heimdal-servers/kdc
-KDC_NAME=heimdal-kdc
-KDC_DESC="Heimdal KDC"
-KPASSWDD_DAEMON=/usr/lib/heimdal-servers/kpasswdd
-KPASSWDD_NAME=kpasswdd
-KPASSWDD_DESC="Heimdal password server"
-
-. /etc/default/heimdal-kdc
-
-test -f $KDC_DAEMON || exit 0
-test -f $KPASSWDD_DAEMON || exit 0
-
-set -e
-
-case "$1" in
-  start)
-	if [ "$KDC_ENABLED" = "yes" ];
-	then
-		echo -n "Starting $KDC_DESC: "
-		start-stop-daemon --start --quiet --background \
-			--make-pidfile --pidfile /var/run/$KDC_NAME.pid \
-			--exec $KDC_DAEMON -- $KDC_PARAMS
-		echo "$KDC_NAME."
-	fi
-	if [ "$KPASSWDD_ENABLED" = "yes" ];
-	then
-		echo -n "Starting $KPASSWDD_DESC: "
-		start-stop-daemon --start --quiet --background \
-			--make-pidfile --pidfile /var/run/$KPASSWDD_NAME.pid \
-			--exec $KPASSWDD_DAEMON -- $KPASSWDD_PARAMS
-		echo "$KPASSWDD_NAME."
-	fi
-	if [ "$MASTER_ENABLED" = "yes" ];
-	then
-		echo -n "Starting incremental propagation master: "
-		start-stop-daemon --start --quiet --background \
-			--make-pidfile --pidfile /var/run/ipropd-master.pid \
-			--exec /usr/sbin/ipropd-master -- $MASTER_PARAMS
-		echo "ipropd-master."
-	fi
-	if [ "$SLAVE_ENABLED" = "yes" ];
-	then
-		echo -n "Starting incremental propagation slave: "
-		start-stop-daemon --start --quiet --background \
-			--make-pidfile --pidfile /var/run/ipropd-slave.pid \
-			--exec /usr/sbin/ipropd-slave -- $SLAVE_PARAMS
-		echo "ipropd-slave."
-	fi
-	;;
-  stop)
-	if [ -f /var/run/$KPASSWDD_NAME.pid ]
-	then
-		echo -n "Stopping $KPASSWDD_DESC: "
-		start-stop-daemon --stop --oknodo --quiet --pidfile /var/run/$KPASSWDD_NAME.pid \
-			--exec $KPASSWDD_DAEMON -- $KPASSWDD_PARAMS
-		echo "$KPASSWDD_NAME."
-	fi
-	if [ -f /var/run/$KDC_NAME.pid  ]
-	then
-		echo -n "Stopping $KDC_DESC: "
-		start-stop-daemon --stop --oknodo --quiet --pidfile /var/run/$KDC_NAME.pid \
-			--exec $KDC_DAEMON -- $KDC_PARAMS
-		echo "$KDC_NAME."
-	fi
-	if [ -f /var/run/ipropd-master.pid ]
-	then
-		echo -n "Stopping incremental propagation master: "
-		start-stop-daemon --stop --oknodo --quiet --pidfile /var/run/ipropd-master.pid \
-			--exec /usr/sbin/ipropd-master -- $MASTER_PARAMS
-		echo "ipropd-master."
-	fi
-	if [ -f /var/run/ipropd-slave.pid ]
-	then
-		echo -n "Stopping incremental propagation slave: "
-		start-stop-daemon --stop --oknodo --quiet --pidfile /var/run/ipropd-slave.pid \
-			--exec /usr/sbin/ipropd-slave -- $SLAVE_PARAMS
-		echo "/usr/sbin/ipropd-slave."
-	fi
-	;;
-  #reload)
-	#
-	#	If the daemon can reload its config files on the fly
-	#	for example by sending it SIGHUP, do it here.
-	#
-	#	If the daemon responds to changes in its config file
-	#	directly anyway, make this a do-nothing entry.
-	#
-	# echo "Reloading $DESC configuration files."
-	# start-stop-daemon --stop --signal 1 --quiet --pidfile \
-	#	/var/run/$NAME.pid --exec $DAEMON
-  #;;
-  restart|force-reload)
-	#
-	#	If the "reload" option is implemented, move the "force-reload"
-	#	option to the "reload" entry above. If not, "force-reload" is
-	#	just the same as "restart".
-	#
-	/etc/init.d/heimdal-kdc stop
-	sleep 1
-	/etc/init.d/heimdal-kdc start
-	;;
-  *)
-	N=/etc/init.d/$NAME
-	# echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
-	echo "Usage: $N {start|stop|restart|force-reload}" >&2
-	exit 1
-	;;
-esac
-
-exit 0
diff --git a/crypto/heimdal/packages/debian/heimdal-kdc.install b/crypto/heimdal/packages/debian/heimdal-kdc.install
deleted file mode 100644
index 2731b51f53c5..000000000000
--- a/crypto/heimdal/packages/debian/heimdal-kdc.install
+++ /dev/null
@@ -1,20 +0,0 @@
-usr/sbin/iprop-log
-usr/sbin/hprop
-usr/sbin/hpropd
-usr/sbin/ipropd-master
-usr/sbin/ipropd-slave
-usr/sbin/kdc
-usr/sbin/kadmind
-usr/sbin/kpasswdd
-usr/share/man/man8/iprop.8
-usr/share/man/man8/iprop-log.8
-usr/share/man/man8/ipropd-master.8
-usr/share/man/man8/ipropd-slave.8
-usr/share/man/man8/kdc.8
-usr/share/man/man8/kadmind.8
-usr/share/man/man8/kstash.8
-usr/share/man/man8/kpasswdd.8
-usr/share/man/man8/hprop.8
-usr/share/man/man8/hpropd.8
-usr/lib/libkdc.so.2.*
-usr/lib/libkdc.so.2
diff --git a/crypto/heimdal/packages/debian/heimdal-kdc.logrotate b/crypto/heimdal/packages/debian/heimdal-kdc.logrotate
deleted file mode 100644
index c5fad41b9b0b..000000000000
--- a/crypto/heimdal/packages/debian/heimdal-kdc.logrotate
+++ /dev/null
@@ -1,5 +0,0 @@
-/var/log/heimdal-kdc.log {
-	rotate 5
-	weekly
-	compress
-}
diff --git a/crypto/heimdal/packages/debian/heimdal-kdc.postinst b/crypto/heimdal/packages/debian/heimdal-kdc.postinst
deleted file mode 100644
index 72e7af5b6fb9..000000000000
--- a/crypto/heimdal/packages/debian/heimdal-kdc.postinst
+++ /dev/null
@@ -1,98 +0,0 @@
-#!/bin/sh -e
-
-. /usr/share/debconf/confmodule
-
-if [ ! -f /var/log/heimdal-kdc.log ]
-then
-	touch /var/log/heimdal-kdc.log
-	chmod 600 /var/log/heimdal-kdc.log
-fi
-
-add_servers() {
-kadmin_entry="kerberos-adm	stream	tcp	nowait	root	/usr/sbin/tcpd /usr/lib/heimdal-servers/kadmind"
-hprop_entry="#krb_prop	stream	tcp	nowait	root	/usr/sbin/tcpd /usr/sbin/hpropd"
-
-	update-inetd --group KRB5 --add "$kadmin_entry"
-	update-inetd --group KRB5 --add "$hprop_entry"
-}
-
-enable_servers() {
-	update-inetd --pattern '[ \t]/usr/lib/heimdal-servers/kadmind' --enable kerberos-adm
-}
-
-# if not configured, try moving existing configuration
-if [ ! -f /etc/heimdal-kdc/.configured ] &&
-   [   -f /var/lib/heimdal-kdc/.configured ]
-then
-        for i in kdc.conf kadmind.acl
-        do
-                if [ -f /var/lib/heimdal-kdc/$i ]
-                then
-                        mv /var/lib/heimdal-kdc/$i /etc/heimdal-kdc/$i
-                fi
-        done
-        mv /var/lib/heimdal-kdc/.configured /etc/heimdal-kdc/.configured
-fi
-
-# if already configured - dont reconfigure
-if [ ! -f /etc/heimdal-kdc/.configured ]
-then
-	# get default realm
-	# should use krb5-config setting???
-	if db_get krb5-config/default_realm && [ "x$RET" != "x" ]
-	then
-		default_realm="$RET"
-	else
-		default_realm="`hostname -d | tr a-z A-Z`"
-	fi
-	db_fget heimdal/realm seen
-	if [ "$RET" != "true" ]; then
-		db_set heimdal/realm "$default_realm"
-	fi
-	db_subst heimdal/realm default_realm "$default_realm"
-	db_input medium heimdal/realm || true
-	db_go
-	db_get heimdal/realm; REALM="$RET"
-	
-	# get password
-	db_input medium heimdal-kdc/password || true
-	db_go
-	db_get heimdal-kdc/password; PASSWORD="$RET"
-	db_set heimdal-kdc/password ""
-	
-	DST=/etc/heimdal-kdc/kdc.conf
-	cp -a /usr/share/doc/heimdal-kdc/examples/kdc.conf "$DST"
-#	/usr/lib/heimdal-kdc/setconfig --file "$DST" --section realms::REALM.ORG "=$REALM"
-	
-	DST=/etc/heimdal-kdc/kadmind.acl
-	cp -a /usr/share/doc/heimdal-kdc/examples/kadmind.acl "$DST"
-	
-	kstash --master-key-fd=0 <<EOF
-$PASSWORD
-EOF
-	
-	echo -e "\n\n" | kadmin -l init "$REALM" > /dev/null
-	
-	touch /etc/heimdal-kdc/.configured
-fi
-
-case "$1" in
-abort-upgrade | abort-deconfigure | abort-remove)
-	;;
-configure)
-	if [ -z "$2" ]
-	then
-		add_servers
-	elif dpkg --compare-versions "$2" le "0.7.2.dfsg.1-6"
-	then
-		enable_servers
-	fi
-	;;
-*)
-	printf "$0: incorrect arguments: $*\n" >&2
-	exit 1
-	;;
-esac
-
-	
-#DEBHELPER#
diff --git a/crypto/heimdal/packages/debian/heimdal-kdc.postrm b/crypto/heimdal/packages/debian/heimdal-kdc.postrm
deleted file mode 100644
index 640fde5f219e..000000000000
--- a/crypto/heimdal/packages/debian/heimdal-kdc.postrm
+++ /dev/null
@@ -1,32 +0,0 @@
-#!/bin/sh -e
-
-remove_servers() {
-	update-inetd --remove 'kerberos-adm[ \t].*[ \t]/usr/lib/heimdal-servers/kadmind'
-	update-inetd --remove 'krb_prop[ \t].*[ \t]/usr/sbin/hpropd'
-}
-
-case "$1" in
-abort-install | remove | abort-upgrade | upgrade | failed-upgrade | disappear)
-	;;
-purge)
-	# If netbase is not installed, then we don't need to do the remove.
-	if command -v update-inetd >/dev/null 2>&1; then
-		remove_servers
-	fi
-	;;
-*)
-	echo "$0: incorrect arguments: $*" >&2
-	exit 1
-	;;
-esac
-
-if [ "$1" = "purge" ]
-then
-	rm -f /var/log/heimdal-kdc.log*
-	rm -rf /var/lib/heimdal-kdc
-	rm -f /etc/heimdal-kdc/.configured
-	rm -f /etc/heimdal-kdc/kdc.conf
-	rm -f /etc/heimdal-kdc/kadmind.acl
-fi
-
-#DEBHELPER#
diff --git a/crypto/heimdal/packages/debian/heimdal-kdc.templates b/crypto/heimdal/packages/debian/heimdal-kdc.templates
deleted file mode 100644
index 5882f3c7d317..000000000000
--- a/crypto/heimdal/packages/debian/heimdal-kdc.templates
+++ /dev/null
@@ -1,12 +0,0 @@
-Template: heimdal/realm
-Type: string
-_Description: Local realm name:
- Heimdal requires the name of your local realm. This is typically your
- domain name in uppercase. eg if your hostname is host.org.com, then your
- realm will become ORG.COM. The default for your host is ${default_realm}.
-
-Template: heimdal-kdc/password
-Type: password
-_Description: Password for KDC:
- Heimdal can encrypt the KDC data with a password. A hashed representation
- will be stored in /var/lib/heimdal-kdc/m-key.
diff --git a/crypto/heimdal/packages/debian/heimdal-servers-x.dirs b/crypto/heimdal/packages/debian/heimdal-servers-x.dirs
deleted file mode 100644
index 6209a9dfea78..000000000000
--- a/crypto/heimdal/packages/debian/heimdal-servers-x.dirs
+++ /dev/null
@@ -1 +0,0 @@
-usr/lib/heimdal-servers
diff --git a/crypto/heimdal/packages/debian/heimdal-servers-x.install b/crypto/heimdal/packages/debian/heimdal-servers-x.install
deleted file mode 100644
index 250b28b3c2af..000000000000
--- a/crypto/heimdal/packages/debian/heimdal-servers-x.install
+++ /dev/null
@@ -1,2 +0,0 @@
-usr/sbin/kxd
-usr/share/man/man8/kxd.8
diff --git a/crypto/heimdal/packages/debian/heimdal-servers-x.postinst b/crypto/heimdal/packages/debian/heimdal-servers-x.postinst
deleted file mode 100644
index bb0ea22fd1a0..000000000000
--- a/crypto/heimdal/packages/debian/heimdal-servers-x.postinst
+++ /dev/null
@@ -1,34 +0,0 @@
-#!/bin/sh -e
-
-add_servers() {
-    kx_entry="kx	stream	tcp	nowait	root	/usr/sbin/tcpd /usr/lib/heimdal-servers/kxd"
-	update-inetd --group KRB5 --add "$kx_entry"
-}
-
-enable_servers() {
-	update-inetd --pattern '[ \t]/usr/lib/heimdal-servers/kx' --enable kx
-}
-
-remove_servers() {
-	update-inetd --remove 'kx[ \t].*[ \t]/usr/lib/heimdal-servers/kxd'
-}
-
-case "$1" in
-abort-upgrade | abort-deconfigure | abort-remove)
-	enable_servers
-	;;
-configure)
-	if [ -n "$2" ] && dpkg --compare-versions "$2" ge 0.2h-1; then
-		enable_servers
-	else
-		remove_servers
-		add_servers
-	fi
-	;;
-*)
-	printf "$0: incorrect arguments: $*\n" >&2
-	exit 1
-	;;
-esac
-
-#DEBHELPER#
diff --git a/crypto/heimdal/packages/debian/heimdal-servers-x.postrm b/crypto/heimdal/packages/debian/heimdal-servers-x.postrm
deleted file mode 100644
index 4bfc21456478..000000000000
--- a/crypto/heimdal/packages/debian/heimdal-servers-x.postrm
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/bin/sh -e
-# $Id: heimdal-servers-x.postrm,v 1.2 1999/12/26 00:00:46 bam Exp $
-
-remove_servers() {
-	update-inetd --remove 'kx[ \t].*[ \t]/usr/lib/heimdal-servers/kxd'
-}
-
-case "$1" in
-abort-install | remove | abort-upgrade | upgrade | failed-upgrade | disappear)
-	;;
-purge)
-	# If netbase is not installed, then we don't need to do the remove.
-	if command -v update-inetd >/dev/null 2>&1; then
-		remove_servers
-	fi
-	;;
-*)
-	echo "$0: incorrect arguments: $*" >&2
-	exit 1
-	;;
-esac
-
-#DEBHELPER#
diff --git a/crypto/heimdal/packages/debian/heimdal-servers-x.prerm b/crypto/heimdal/packages/debian/heimdal-servers-x.prerm
deleted file mode 100644
index 646eb898cc19..000000000000
--- a/crypto/heimdal/packages/debian/heimdal-servers-x.prerm
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/sh -e
-
-disable_servers() {
-	update-inetd --pattern '[ \t]/usr/lib/heimdal-servers/kx' --disable kx
-}
-
-if command -v update-inetd >/dev/null 2>&1; then
-	disable_servers
-fi
-
-#DEBHELPER#
diff --git a/crypto/heimdal/packages/debian/heimdal-servers.dirs b/crypto/heimdal/packages/debian/heimdal-servers.dirs
deleted file mode 100644
index 6209a9dfea78..000000000000
--- a/crypto/heimdal/packages/debian/heimdal-servers.dirs
+++ /dev/null
@@ -1 +0,0 @@
-usr/lib/heimdal-servers
diff --git a/crypto/heimdal/packages/debian/heimdal-servers.install b/crypto/heimdal/packages/debian/heimdal-servers.install
deleted file mode 100644
index f4c7b8e3ce9b..000000000000
--- a/crypto/heimdal/packages/debian/heimdal-servers.install
+++ /dev/null
@@ -1,12 +0,0 @@
-usr/sbin/kfd
-usr/sbin/ftpd
-usr/sbin/rshd
-usr/sbin/telnetd
-usr/sbin/popper
-usr/bin/login
-usr/share/man/man5/ftpusers.5
-usr/share/man/man8/ftpd.8
-usr/share/man/man8/popper.8
-usr/share/man/man8/telnetd.8
-usr/share/man/man8/kfd.8
-usr/share/man/man8/rshd.8
diff --git a/crypto/heimdal/packages/debian/heimdal-servers.postinst b/crypto/heimdal/packages/debian/heimdal-servers.postinst
deleted file mode 100644
index a1d936081ead..000000000000
--- a/crypto/heimdal/packages/debian/heimdal-servers.postinst
+++ /dev/null
@@ -1,47 +0,0 @@
-#!/bin/sh -e
-
-add_servers() {
-kshell_entry="kshell	stream	tcp	nowait	root	/usr/sbin/tcpd /usr/lib/heimdal-servers/rshd -k"
-   ftp_entry="ftp	stream	tcp	nowait	root	/usr/sbin/tcpd /usr/lib/heimdal-servers/ftpd -a plain"
-telnet_entry="telnet	stream	tcp	nowait	root	/usr/sbin/tcpd /usr/lib/heimdal-servers/telnetd -a none"
- pop3_entry="pop-3	stream	tcp	nowait	root	/usr/sbin/tcpd /usr/lib/heimdal-servers/popper"
-
-	update-inetd --group KRB5 --add "$kshell_entry"
-	update-inetd --group KRB5 --add "$ftp_entry"
-	update-inetd --group KRB5 --add "$telnet_entry"
-	update-inetd --group KRB5 --add "$pop3_entry"
-}
-
-enable_servers() {
-	update-inetd --pattern '[ \t]/usr/lib/heimdal-servers/rshd' --enable kshell
-	update-inetd --pattern '[ \t]/usr/lib/heimdal-servers/ftpd' --enable ftp
-	update-inetd --pattern '[ \t]/usr/lib/heimdal-servers/telnetd' --enable telnet
-	update-inetd --pattern '[ \t]/usr/lib/heimdal-servers/popper' --enable pop-3
-}
-
-remove_servers() {
-	update-inetd --remove 'kshell[ \t].*[ \t]/usr/lib/heimdal-servers/rshd'
-	update-inetd --remove 'ftp[ \t].*[ \t]/usr/lib/heimdal-servers/ftpd'
-	update-inetd --remove 'telnet[ \t].*[ \t]/usr/lib/heimdal-servers/telnetd'
-	update-inetd --remove 'pop-3[ \t].*[ \t]/usr/lib/heimdal-servers/popper'
-}
-
-case "$1" in
-abort-upgrade | abort-deconfigure | abort-remove)
-	enable_servers
-	;;
-configure)
-	if [ -n "$2" ] && dpkg --compare-versions "$2" ge 0.3e-4; then
-		enable_servers
-	else
-		remove_servers
-		add_servers
-	fi
-	;;
-*)
-	printf "$0: incorrect arguments: $*\n" >&2
-	exit 1
-	;;
-esac
-
-#DEBHELPER#
diff --git a/crypto/heimdal/packages/debian/heimdal-servers.postrm b/crypto/heimdal/packages/debian/heimdal-servers.postrm
deleted file mode 100644
index c8aa0f428e0e..000000000000
--- a/crypto/heimdal/packages/debian/heimdal-servers.postrm
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/bin/sh -e
-# $Id: heimdal-servers.postrm,v 1.4 1999/12/26 01:51:03 bam Exp $
-
-remove_servers() {
-	update-inetd --remove 'kshell[ \t].*[ \t]/usr/lib/heimdal-servers/rshd'
-	update-inetd --remove 'ftp[ \t].*[ \t]/usr/lib/heimdal-servers/ftpd'
-	update-inetd --remove 'telnet[ \t].*[ \t]/usr/lib/heimdal-servers/telnetd'
-	update-inetd --remove 'pop-3[ \t].*[ \t]/usr/lib/heimdal-servers/popper'
-}
-
-case "$1" in
-abort-install | remove | abort-upgrade | upgrade | failed-upgrade | disappear)
-	;;
-purge)
-	# If netbase is not installed, then we don't need to do the remove.
-	if command -v update-inetd >/dev/null 2>&1; then
-		remove_servers
-	fi
-	;;
-*)
-	echo "$0: incorrect arguments: $*" >&2
-	exit 1
-	;;
-esac
-
-#DEBHELPER#
diff --git a/crypto/heimdal/packages/debian/heimdal-servers.prerm b/crypto/heimdal/packages/debian/heimdal-servers.prerm
deleted file mode 100644
index d9789942a9b8..000000000000
--- a/crypto/heimdal/packages/debian/heimdal-servers.prerm
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/bin/sh -e
-
-disable_servers() {
-	update-inetd --pattern '[ \t]/usr/lib/heimdal-servers/rshd' --disable kshell
-	update-inetd --pattern '[ \t]/usr/lib/heimdal-servers/ftpd' --disable ftp
-	update-inetd --pattern '[ \t]/usr/lib/heimdal-servers/telnetd' --disable telnet
-	update-inetd --pattern '[ \t]/usr/lib/heimdal-servers/popper' --disable pop-3
-}
-
-if command -v update-inetd >/dev/null 2>&1; then
-	disable_servers
-fi
-
-#DEBHELPER#
diff --git a/crypto/heimdal/packages/debian/libasn1-8-heimdal.install b/crypto/heimdal/packages/debian/libasn1-8-heimdal.install
deleted file mode 100644
index a4c26aa3474a..000000000000
--- a/crypto/heimdal/packages/debian/libasn1-8-heimdal.install
+++ /dev/null
@@ -1,2 +0,0 @@
-usr/lib/libasn1.so.8.*
-usr/lib/libasn1.so.8
diff --git a/crypto/heimdal/packages/debian/libasn1-8-heimdal.postinst.debhelper b/crypto/heimdal/packages/debian/libasn1-8-heimdal.postinst.debhelper
deleted file mode 100644
index 3d89d3ef6295..000000000000
--- a/crypto/heimdal/packages/debian/libasn1-8-heimdal.postinst.debhelper
+++ /dev/null
@@ -1,5 +0,0 @@
-# Automatically added by dh_makeshlibs
-if [ "$1" = "configure" ]; then
-	ldconfig
-fi
-# End automatically added section
diff --git a/crypto/heimdal/packages/debian/libasn1-8-heimdal.postrm.debhelper b/crypto/heimdal/packages/debian/libasn1-8-heimdal.postrm.debhelper
deleted file mode 100644
index 7f44047270f1..000000000000
--- a/crypto/heimdal/packages/debian/libasn1-8-heimdal.postrm.debhelper
+++ /dev/null
@@ -1,5 +0,0 @@
-# Automatically added by dh_makeshlibs
-if [ "$1" = "remove" ]; then
-	ldconfig
-fi
-# End automatically added section
diff --git a/crypto/heimdal/packages/debian/libasn1-8-heimdal.substvars b/crypto/heimdal/packages/debian/libasn1-8-heimdal.substvars
deleted file mode 100644
index 6ea524c8db9d..000000000000
--- a/crypto/heimdal/packages/debian/libasn1-8-heimdal.substvars
+++ /dev/null
@@ -1 +0,0 @@
-shlibs:Depends=libc6 (>= 2.6-1), libcomerr2 (>= 1.33-3), libroken16-heimdal
diff --git a/crypto/heimdal/packages/debian/libgssapi2-heimdal.install b/crypto/heimdal/packages/debian/libgssapi2-heimdal.install
deleted file mode 100644
index 07155297ab10..000000000000
--- a/crypto/heimdal/packages/debian/libgssapi2-heimdal.install
+++ /dev/null
@@ -1,2 +0,0 @@
-usr/lib/libgssapi.so.2.*
-usr/lib/libgssapi.so.2
diff --git a/crypto/heimdal/packages/debian/libgssapi2-heimdal.postinst.debhelper b/crypto/heimdal/packages/debian/libgssapi2-heimdal.postinst.debhelper
deleted file mode 100644
index 3d89d3ef6295..000000000000
--- a/crypto/heimdal/packages/debian/libgssapi2-heimdal.postinst.debhelper
+++ /dev/null
@@ -1,5 +0,0 @@
-# Automatically added by dh_makeshlibs
-if [ "$1" = "configure" ]; then
-	ldconfig
-fi
-# End automatically added section
diff --git a/crypto/heimdal/packages/debian/libgssapi2-heimdal.postrm.debhelper b/crypto/heimdal/packages/debian/libgssapi2-heimdal.postrm.debhelper
deleted file mode 100644
index 7f44047270f1..000000000000
--- a/crypto/heimdal/packages/debian/libgssapi2-heimdal.postrm.debhelper
+++ /dev/null
@@ -1,5 +0,0 @@
-# Automatically added by dh_makeshlibs
-if [ "$1" = "remove" ]; then
-	ldconfig
-fi
-# End automatically added section
diff --git a/crypto/heimdal/packages/debian/libgssapi2-heimdal.substvars b/crypto/heimdal/packages/debian/libgssapi2-heimdal.substvars
deleted file mode 100644
index 3b7204b27094..000000000000
--- a/crypto/heimdal/packages/debian/libgssapi2-heimdal.substvars
+++ /dev/null
@@ -1 +0,0 @@
-shlibs:Depends=libasn1-6-heimdal, libc6 (>= 2.6-1), libcomerr2 (>= 1.33-3), libkrb5-17-heimdal, libroken16-heimdal
diff --git a/crypto/heimdal/packages/debian/libhdb9-heimdal.install b/crypto/heimdal/packages/debian/libhdb9-heimdal.install
deleted file mode 100644
index ff251bd500c7..000000000000
--- a/crypto/heimdal/packages/debian/libhdb9-heimdal.install
+++ /dev/null
@@ -1,3 +0,0 @@
-usr/lib/libhdb.so.9.*
-usr/lib/libhdb.so.9
-
diff --git a/crypto/heimdal/packages/debian/libhdb9-heimdal.postinst.debhelper b/crypto/heimdal/packages/debian/libhdb9-heimdal.postinst.debhelper
deleted file mode 100644
index 3d89d3ef6295..000000000000
--- a/crypto/heimdal/packages/debian/libhdb9-heimdal.postinst.debhelper
+++ /dev/null
@@ -1,5 +0,0 @@
-# Automatically added by dh_makeshlibs
-if [ "$1" = "configure" ]; then
-	ldconfig
-fi
-# End automatically added section
diff --git a/crypto/heimdal/packages/debian/libhdb9-heimdal.postrm.debhelper b/crypto/heimdal/packages/debian/libhdb9-heimdal.postrm.debhelper
deleted file mode 100644
index 7f44047270f1..000000000000
--- a/crypto/heimdal/packages/debian/libhdb9-heimdal.postrm.debhelper
+++ /dev/null
@@ -1,5 +0,0 @@
-# Automatically added by dh_makeshlibs
-if [ "$1" = "remove" ]; then
-	ldconfig
-fi
-# End automatically added section
diff --git a/crypto/heimdal/packages/debian/libhdb9-heimdal.substvars b/crypto/heimdal/packages/debian/libhdb9-heimdal.substvars
deleted file mode 100644
index e9392d148515..000000000000
--- a/crypto/heimdal/packages/debian/libhdb9-heimdal.substvars
+++ /dev/null
@@ -1 +0,0 @@
-shlibs:Depends=libasn1-6-heimdal, libc6 (>= 2.6-1), libcomerr2 (>= 1.33-3), libdb4.4, libkrb5-17-heimdal, libroken16-heimdal
diff --git a/crypto/heimdal/packages/debian/libkadm5clnt7-heimdal.install b/crypto/heimdal/packages/debian/libkadm5clnt7-heimdal.install
deleted file mode 100644
index 6643c811bcb6..000000000000
--- a/crypto/heimdal/packages/debian/libkadm5clnt7-heimdal.install
+++ /dev/null
@@ -1,3 +0,0 @@
-usr/lib/libkadm5clnt.so.7.*
-usr/lib/libkadm5clnt.so.7
-
diff --git a/crypto/heimdal/packages/debian/libkadm5clnt7-heimdal.postinst.debhelper b/crypto/heimdal/packages/debian/libkadm5clnt7-heimdal.postinst.debhelper
deleted file mode 100644
index 3d89d3ef6295..000000000000
--- a/crypto/heimdal/packages/debian/libkadm5clnt7-heimdal.postinst.debhelper
+++ /dev/null
@@ -1,5 +0,0 @@
-# Automatically added by dh_makeshlibs
-if [ "$1" = "configure" ]; then
-	ldconfig
-fi
-# End automatically added section
diff --git a/crypto/heimdal/packages/debian/libkadm5clnt7-heimdal.postrm.debhelper b/crypto/heimdal/packages/debian/libkadm5clnt7-heimdal.postrm.debhelper
deleted file mode 100644
index 7f44047270f1..000000000000
--- a/crypto/heimdal/packages/debian/libkadm5clnt7-heimdal.postrm.debhelper
+++ /dev/null
@@ -1,5 +0,0 @@
-# Automatically added by dh_makeshlibs
-if [ "$1" = "remove" ]; then
-	ldconfig
-fi
-# End automatically added section
diff --git a/crypto/heimdal/packages/debian/libkadm5clnt7-heimdal.substvars b/crypto/heimdal/packages/debian/libkadm5clnt7-heimdal.substvars
deleted file mode 100644
index b807683f46c9..000000000000
--- a/crypto/heimdal/packages/debian/libkadm5clnt7-heimdal.substvars
+++ /dev/null
@@ -1 +0,0 @@
-shlibs:Depends=libc6 (>= 2.6-1), libcomerr2 (>= 1.33-3), libkrb5-17-heimdal, libroken16-heimdal
diff --git a/crypto/heimdal/packages/debian/libkadm5srv7-heimdal.install b/crypto/heimdal/packages/debian/libkadm5srv7-heimdal.install
deleted file mode 100644
index 9611b0922512..000000000000
--- a/crypto/heimdal/packages/debian/libkadm5srv7-heimdal.install
+++ /dev/null
@@ -1,2 +0,0 @@
-usr/lib/libkadm5srv.so.*
-
diff --git a/crypto/heimdal/packages/debian/libkadm5srv8-heimdal.install b/crypto/heimdal/packages/debian/libkadm5srv8-heimdal.install
deleted file mode 100644
index 5e7ad5294610..000000000000
--- a/crypto/heimdal/packages/debian/libkadm5srv8-heimdal.install
+++ /dev/null
@@ -1,3 +0,0 @@
-usr/lib/libkadm5srv.so.8.*
-usr/lib/libkadm5srv.so.8
-
diff --git a/crypto/heimdal/packages/debian/libkafs0-heimdal.install b/crypto/heimdal/packages/debian/libkafs0-heimdal.install
deleted file mode 100644
index 0a2c47960349..000000000000
--- a/crypto/heimdal/packages/debian/libkafs0-heimdal.install
+++ /dev/null
@@ -1,2 +0,0 @@
-usr/lib/libkafs.so.0.*
-usr/lib/libkafs.so.0
diff --git a/crypto/heimdal/packages/debian/libkrb5-22-heimdal.install b/crypto/heimdal/packages/debian/libkrb5-22-heimdal.install
deleted file mode 100644
index 72ae23c289cc..000000000000
--- a/crypto/heimdal/packages/debian/libkrb5-22-heimdal.install
+++ /dev/null
@@ -1,3 +0,0 @@
-usr/lib/libkrb5.so.22.*
-usr/lib/libkrb5.so.22
-
diff --git a/crypto/heimdal/packages/debian/libkrb5-22-heimdal.postinst.debhelper b/crypto/heimdal/packages/debian/libkrb5-22-heimdal.postinst.debhelper
deleted file mode 100644
index 3d89d3ef6295..000000000000
--- a/crypto/heimdal/packages/debian/libkrb5-22-heimdal.postinst.debhelper
+++ /dev/null
@@ -1,5 +0,0 @@
-# Automatically added by dh_makeshlibs
-if [ "$1" = "configure" ]; then
-	ldconfig
-fi
-# End automatically added section
diff --git a/crypto/heimdal/packages/debian/libkrb5-22-heimdal.postrm.debhelper b/crypto/heimdal/packages/debian/libkrb5-22-heimdal.postrm.debhelper
deleted file mode 100644
index 7f44047270f1..000000000000
--- a/crypto/heimdal/packages/debian/libkrb5-22-heimdal.postrm.debhelper
+++ /dev/null
@@ -1,5 +0,0 @@
-# Automatically added by dh_makeshlibs
-if [ "$1" = "remove" ]; then
-	ldconfig
-fi
-# End automatically added section
diff --git a/crypto/heimdal/packages/debian/libkrb5-22-heimdal.substvars b/crypto/heimdal/packages/debian/libkrb5-22-heimdal.substvars
deleted file mode 100644
index 00d22818cc61..000000000000
--- a/crypto/heimdal/packages/debian/libkrb5-22-heimdal.substvars
+++ /dev/null
@@ -1 +0,0 @@
-shlibs:Depends=libasn1-6-heimdal, libc6 (>= 2.6-1), libcomerr2 (>= 1.33-3), libroken16-heimdal
diff --git a/crypto/heimdal/packages/debian/libotp0-heimdal.install b/crypto/heimdal/packages/debian/libotp0-heimdal.install
deleted file mode 100644
index 4953c19d9357..000000000000
--- a/crypto/heimdal/packages/debian/libotp0-heimdal.install
+++ /dev/null
@@ -1 +0,0 @@
-usr/lib/libotp.so.*
diff --git a/crypto/heimdal/packages/debian/libroken18-heimdal.install b/crypto/heimdal/packages/debian/libroken18-heimdal.install
deleted file mode 100644
index c544e71f338c..000000000000
--- a/crypto/heimdal/packages/debian/libroken18-heimdal.install
+++ /dev/null
@@ -1,2 +0,0 @@
-usr/lib/libroken.so.18.*
-usr/lib/libroken.so.18
diff --git a/crypto/heimdal/packages/debian/libroken18-heimdal.postinst.debhelper b/crypto/heimdal/packages/debian/libroken18-heimdal.postinst.debhelper
deleted file mode 100644
index 3d89d3ef6295..000000000000
--- a/crypto/heimdal/packages/debian/libroken18-heimdal.postinst.debhelper
+++ /dev/null
@@ -1,5 +0,0 @@
-# Automatically added by dh_makeshlibs
-if [ "$1" = "configure" ]; then
-	ldconfig
-fi
-# End automatically added section
diff --git a/crypto/heimdal/packages/debian/libroken18-heimdal.postrm.debhelper b/crypto/heimdal/packages/debian/libroken18-heimdal.postrm.debhelper
deleted file mode 100644
index 7f44047270f1..000000000000
--- a/crypto/heimdal/packages/debian/libroken18-heimdal.postrm.debhelper
+++ /dev/null
@@ -1,5 +0,0 @@
-# Automatically added by dh_makeshlibs
-if [ "$1" = "remove" ]; then
-	ldconfig
-fi
-# End automatically added section
diff --git a/crypto/heimdal/packages/debian/libroken18-heimdal.substvars b/crypto/heimdal/packages/debian/libroken18-heimdal.substvars
deleted file mode 100644
index 17c2baad4249..000000000000
--- a/crypto/heimdal/packages/debian/libroken18-heimdal.substvars
+++ /dev/null
@@ -1 +0,0 @@
-shlibs:Depends=libc6 (>= 2.6-1)
diff --git a/crypto/heimdal/packages/debian/libsl0-heimdal.install b/crypto/heimdal/packages/debian/libsl0-heimdal.install
deleted file mode 100644
index ae611425a02a..000000000000
--- a/crypto/heimdal/packages/debian/libsl0-heimdal.install
+++ /dev/null
@@ -1,2 +0,0 @@
-usr/lib/libsl.so.0.*
-usr/lib/libsl.so.0
diff --git a/crypto/heimdal/packages/debian/patches/021_debian b/crypto/heimdal/packages/debian/patches/021_debian
deleted file mode 100644
index 52d199009bb8..000000000000
--- a/crypto/heimdal/packages/debian/patches/021_debian
+++ /dev/null
@@ -1,204 +0,0 @@
-Index: heimdal-0.7.2.dfsg.1/lib/hdb/hdb.h
-===================================================================
---- heimdal-0.7.2.dfsg.1.orig/lib/hdb/hdb.h	2006-05-13 16:42:53.000000000 +1000
-+++ heimdal-0.7.2.dfsg.1/lib/hdb/hdb.h	2006-05-13 16:42:58.000000000 +1000
-@@ -86,7 +86,7 @@
-     krb5_error_code (*create)(krb5_context, HDB **, const char *filename);
- };
- 
--#define HDB_DB_DIR "/var/heimdal"
-+#define HDB_DB_DIR "/var/lib/heimdal-kdc"
- #define HDB_DEFAULT_DB HDB_DB_DIR "/heimdal"
- #define HDB_DB_FORMAT_ENTRY "hdb/db-format"
- 
-Index: heimdal-0.7.2.dfsg.1/appl/telnet/telnetd/telnetd.h
-===================================================================
---- heimdal-0.7.2.dfsg.1.orig/appl/telnet/telnetd/telnetd.h	2006-05-13 16:42:53.000000000 +1000
-+++ heimdal-0.7.2.dfsg.1/appl/telnet/telnetd/telnetd.h	2006-05-13 16:42:58.000000000 +1000
-@@ -192,7 +192,7 @@
- #endif
- 
- #undef _PATH_LOGIN
--#define _PATH_LOGIN	BINDIR "/login"
-+#define _PATH_LOGIN	"/bin/login"
- 
- /* fallbacks */
- 
-Index: heimdal-0.7.2.dfsg.1/kdc/kdc.8
-===================================================================
---- heimdal-0.7.2.dfsg.1.orig/kdc/kdc.8	2006-05-13 16:42:53.000000000 +1000
-+++ heimdal-0.7.2.dfsg.1/kdc/kdc.8	2006-05-13 16:42:58.000000000 +1000
-@@ -77,7 +77,7 @@
- .Fl -config-file= Ns Ar file
- .Xc
- Specifies the location of the config file, the default is
--.Pa /var/heimdal/kdc.conf .
-+.Pa /etc/heimdal-kdc/kdc.conf .
- This is the only value that can't be specified in the config file.
- .It Xo
- .Fl p ,
-Index: heimdal-0.7.2.dfsg.1/doc/setup.texi
-===================================================================
---- heimdal-0.7.2.dfsg.1.orig/doc/setup.texi	2006-05-13 16:42:53.000000000 +1000
-+++ heimdal-0.7.2.dfsg.1/doc/setup.texi	2006-05-13 16:42:58.000000000 +1000
-@@ -335,7 +335,7 @@
- as @samp{749/tcp}.
- 
- Access to the administration server is controlled by an ACL file, (default
--@file{/var/heimdal/kadmind.acl}.) The lines in the access file, have the
-+@file{/etc/heimdal-kdc/kadmind.acl}.) The lines in the access file, have the
- following syntax:
- @smallexample
- principal       [priv1,priv2,...]       [glob-pattern]
-Index: heimdal-0.7.2.dfsg.1/kdc/kdc_locl.h
-===================================================================
---- heimdal-0.7.2.dfsg.1.orig/kdc/kdc_locl.h	2006-05-13 16:42:53.000000000 +1000
-+++ heimdal-0.7.2.dfsg.1/kdc/kdc_locl.h	2006-05-13 16:42:58.000000000 +1000
-@@ -74,7 +74,7 @@
- extern int enable_pkinit_princ_in_cert;
- #endif
- 
--#define _PATH_KDC_CONF		HDB_DB_DIR "/kdc.conf"
-+#define _PATH_KDC_CONF		"/etc/heimdal-kdc/kdc.conf"
- #define DEFAULT_LOG_DEST	"0-1/FILE:" HDB_DB_DIR "/kdc.log"
- 
- extern struct timeval now;
-Index: heimdal-0.7.2.dfsg.1/lib/kadm5/context_s.c
-===================================================================
---- heimdal-0.7.2.dfsg.1.orig/lib/kadm5/context_s.c	2006-05-13 16:42:53.000000000 +1000
-+++ heimdal-0.7.2.dfsg.1/lib/kadm5/context_s.c	2006-05-13 16:42:58.000000000 +1000
-@@ -158,7 +158,7 @@
- 	set_config(ctx, default_binding);
-     else {
- 	ctx->config.dbname        = strdup(HDB_DEFAULT_DB);
--	ctx->config.acl_file      = strdup(HDB_DB_DIR "/kadmind.acl");
-+	ctx->config.acl_file      = strdup("/etc/heimdal-kdc/kadmind.acl");
- 	ctx->config.stash_file    = strdup(HDB_DB_DIR "/m-key");
- 	ctx->log_context.log_file = strdup(HDB_DB_DIR "/log");
- 	memset(&ctx->log_context.socket_name, 0, 
-Index: heimdal-0.7.2.dfsg.1/kadmin/kadmind.8
-===================================================================
---- heimdal-0.7.2.dfsg.1.orig/kadmin/kadmind.8	2006-05-13 16:42:53.000000000 +1000
-+++ heimdal-0.7.2.dfsg.1/kadmin/kadmind.8	2006-05-13 16:42:58.000000000 +1000
-@@ -85,7 +85,7 @@
- Principals are always allowed to change their own password and list
- their own principal.  Apart from that, doing any operation requires
- permission explicitly added in the ACL file
--.Pa /var/heimdal/kadmind.acl .
-+.Pa /etc/heimdal-kdc/kadmind.acl .
- The format of this file is:
- .Bd -ragged
- .Va principal
-@@ -155,7 +155,7 @@
- .El
- .\".Sh ENVIRONMENT
- .Sh FILES
--.Pa /var/heimdal/kadmind.acl
-+.Pa /etc/heimdal-kdc/kadmind.acl
- .Sh EXAMPLES
- This will cause
- .Nm
-Index: heimdal-0.7.2.dfsg.1/lib/kadm5/truncate_log.c
-===================================================================
---- heimdal-0.7.2.dfsg.1.orig/lib/kadm5/truncate_log.c	2003-11-19 10:19:26.000000000 +1100
-+++ heimdal-0.7.2.dfsg.1/lib/kadm5/truncate_log.c	2006-05-14 10:33:39.054471619 +1000
-@@ -69,7 +69,7 @@
-     }
- 
-     if (config_file == NULL)
--	config_file = HDB_DB_DIR "/kdc.conf";
-+	config_file = "/etc/heimdal-kdc/kdc.conf";
- 
-     ret = krb5_prepend_config_files_default(config_file, &files);
-     if (ret)
-Index: heimdal-0.7.2.dfsg.1/lib/kadm5/dump_log.c
-===================================================================
---- heimdal-0.7.2.dfsg.1.orig/lib/kadm5/dump_log.c	2005-04-26 04:17:51.000000000 +1000
-+++ heimdal-0.7.2.dfsg.1/lib/kadm5/dump_log.c	2006-05-14 10:33:13.743359875 +1000
-@@ -246,7 +246,7 @@
-     }
- 
-     if (config_file == NULL)
--	config_file = HDB_DB_DIR "/kdc.conf";
-+	config_file = "/etc/heimdal-kdc/kdc.conf";
- 
-     ret = krb5_prepend_config_files_default(config_file, &files);
-     if (ret)
-Index: heimdal-0.7.2.dfsg.1/kadmin/kadmind.c
-===================================================================
---- heimdal-0.7.2.dfsg.1.orig/kadmin/kadmind.c	2005-04-15 21:16:32.000000000 +1000
-+++ heimdal-0.7.2.dfsg.1/kadmin/kadmind.c	2006-05-14 10:27:22.837834789 +1000
-@@ -117,7 +117,7 @@
-     argv += optind;
- 
-     if (config_file == NULL)
--	config_file = HDB_DB_DIR "/kdc.conf";
-+	config_file = "/etc/heimdal-kdc/kdc.conf";
- 
-     ret = krb5_prepend_config_files_default(config_file, &files);
-     if (ret)
-Index: heimdal-0.7.2.dfsg.1/kadmin/kadmin.c
-===================================================================
---- heimdal-0.7.2.dfsg.1.orig/kadmin/kadmin.c	2005-05-10 01:35:22.000000000 +1000
-+++ heimdal-0.7.2.dfsg.1/kadmin/kadmin.c	2006-05-14 10:27:03.969138000 +1000
-@@ -194,7 +194,7 @@
-     argv += optind;
- 
-     if (config_file == NULL)
--	config_file = HDB_DB_DIR "/kdc.conf";
-+	config_file = "/etc/heimdal-kdc/kdc.conf";
- 
-     ret = krb5_prepend_config_files_default(config_file, &files);
-     if (ret)
-Index: heimdal-0.7.2.dfsg.1/lib/kadm5/replay_log.c
-===================================================================
---- heimdal-0.7.2.dfsg.1.orig/lib/kadm5/replay_log.c	2003-11-19 10:19:22.000000000 +1100
-+++ heimdal-0.7.2.dfsg.1/lib/kadm5/replay_log.c	2006-05-14 10:33:28.976621605 +1000
-@@ -99,7 +99,7 @@
-     }
- 
-     if (config_file == NULL)
--	config_file = HDB_DB_DIR "/kdc.conf";
-+	config_file = "/etc/heimdal-kdc/kdc.conf";
- 
-     ret = krb5_prepend_config_files_default(config_file, &files);
-     if (ret)
-Index: heimdal-0.7.2.dfsg.1/lib/kadm5/ipropd_slave.c
-===================================================================
---- heimdal-0.7.2.dfsg.1.orig/lib/kadm5/ipropd_slave.c	2005-05-24 03:39:35.000000000 +1000
-+++ heimdal-0.7.2.dfsg.1/lib/kadm5/ipropd_slave.c	2006-05-14 10:31:34.812853916 +1000
-@@ -418,7 +418,7 @@
-     }
- 
-     if (config_file == NULL)
--	config_file = HDB_DB_DIR "/kdc.conf";
-+	config_file = "/etc/heimdal-kdc/kdc.conf";
- 
-     ret = krb5_prepend_config_files_default(config_file, &files);
-     if (ret)
-Index: heimdal-0.7.2.dfsg.1/lib/kadm5/ipropd_master.c
-===================================================================
---- heimdal-0.7.2.dfsg.1.orig/lib/kadm5/ipropd_master.c	2005-05-24 03:38:46.000000000 +1000
-+++ heimdal-0.7.2.dfsg.1/lib/kadm5/ipropd_master.c	2006-05-14 10:31:17.286905672 +1000
-@@ -654,7 +654,7 @@
-     }
- 
-     if (config_file == NULL)
--	config_file = HDB_DB_DIR "/kdc.conf";
-+	config_file = "/etc/heimdal-kdc/kdc.conf";
- 
-     ret = krb5_prepend_config_files_default(config_file, &files);
-     if (ret)
-Index: heimdal-0.7.2.dfsg.1/kpasswd/kpasswdd.c
-===================================================================
---- heimdal-0.7.2.dfsg.1.orig/kpasswd/kpasswdd.c	2005-04-22 21:03:11.000000000 +1000
-+++ heimdal-0.7.2.dfsg.1/kpasswd/kpasswdd.c	2006-05-14 10:27:49.778564590 +1000
-@@ -749,7 +749,7 @@
-     }
- 
-     if (config_file == NULL)
--	config_file = HDB_DB_DIR "/kdc.conf";
-+	config_file = "/etc/heimdal-kdc/kdc.conf";
- 
-     ret = krb5_prepend_config_files_default(config_file, &files);
-     if (ret)
diff --git a/crypto/heimdal/packages/debian/patches/022_ftp-roken-glob b/crypto/heimdal/packages/debian/patches/022_ftp-roken-glob
deleted file mode 100644
index bd974dae0ea8..000000000000
--- a/crypto/heimdal/packages/debian/patches/022_ftp-roken-glob
+++ /dev/null
@@ -1,270 +0,0 @@
-Index: heimdal-0.7.2/appl/ftp/ftp/cmds.c
-===================================================================
---- heimdal-0.7.2.orig/appl/ftp/ftp/cmds.c	2005-04-18 17:45:12.000000000 +1000
-+++ heimdal-0.7.2/appl/ftp/ftp/cmds.c	2006-03-09 12:50:02.997025112 +1100
-@@ -536,9 +536,17 @@
- 
- 	memset(&gl, 0, sizeof(gl));
- 	flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
-+#ifdef HAVE_GLOB
- 	if (glob(argv[i], flags, NULL, &gl) || gl.gl_pathc == 0) {
-+#else
-+	if (roken_glob(argv[i], flags, NULL, &gl) || gl.gl_pathc == 0) {
-+#endif 
- 	    warnx("%s: not found", argv[i]);
-+#ifdef HAVE_GLOB
- 	    globfree(&gl);
-+#else
-+	    roken_globfree(&gl);
-+#endif
- 	    continue;
- 	}
- 	for (cpp = gl.gl_pathv; cpp && *cpp != NULL; cpp++) {
-@@ -559,7 +567,11 @@
- 		}
- 	    }
- 	}
-+#ifdef HAVE_GLOB
- 	globfree(&gl);
-+#else
-+	roken_globfree(&gl);
-+#endif
-     }
-     signal(SIGINT, oldintr);
-     mflag = 0;
-@@ -1568,14 +1580,27 @@
- 
- 	flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
- 	memset(&gl, 0, sizeof(gl));
-+#ifdef HAVE_GLOB
- 	if (glob(*cpp, flags, NULL, &gl) ||
-+#else 
-+	if (roken_glob(*cpp, flags, NULL, &gl) ||
-+#endif
- 	    gl.gl_pathc == 0) {
- 		warnx("%s: not found", *cpp);
-+#ifdef HAVE_GLOB
- 		globfree(&gl);
-+#else
-+		roken_globfree(&gl);
-+#endif
- 		return (0);
- 	}
- 	*cpp = strdup(gl.gl_pathv[0]);	/* XXX - wasted memory */
-+#ifdef HAVE_GLOB
- 	globfree(&gl);
-+#else
-+	roken_globfree(&gl);
-+#endif
-+
- 	return (1);
- }
- 
-Index: heimdal-0.7.2/appl/ftp/ftp/ftp_locl.h
-===================================================================
---- heimdal-0.7.2.orig/appl/ftp/ftp/ftp_locl.h	2002-09-11 06:03:46.000000000 +1000
-+++ heimdal-0.7.2/appl/ftp/ftp/ftp_locl.h	2006-03-09 12:50:02.998024960 +1100
-@@ -101,7 +101,11 @@
- 
- #include <errno.h>
- #include <ctype.h>
-+#ifdef HAVE_GLOB
- #include <glob.h>
-+#else
-+#include <roken-glob.h>
-+#endif 
- #ifdef HAVE_NETDB_H
- #include <netdb.h>
- #endif
-Index: heimdal-0.7.2/appl/ftp/ftpd/ftpcmd.y
-===================================================================
---- heimdal-0.7.2.orig/appl/ftp/ftpd/ftpcmd.y	2004-08-20 23:31:19.000000000 +1000
-+++ heimdal-0.7.2/appl/ftp/ftpd/ftpcmd.y	2006-03-09 12:50:03.000024656 +1100
-@@ -826,14 +826,22 @@
- 				 GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
- 
- 				memset(&gl, 0, sizeof(gl));
-+#ifdef HAVE_GLOB
- 				if (glob($1, flags, NULL, &gl) ||
-+#else
-+				if (roken_glob($1, flags, NULL, &gl) ||
-+#endif
- 				    gl.gl_pathc == 0) {
- 					reply(550, "not found");
- 					$$ = NULL;
- 				} else {
- 					$$ = strdup(gl.gl_pathv[0]);
- 				}
-+#ifdef HAVE_GLOB
- 				globfree(&gl);
-+#else
-+				roken_globfree(&gl);
-+#endif
- 				free($1);
- 			} else
- 				$$ = $1;
-Index: heimdal-0.7.2/appl/ftp/ftpd/ftpd.c
-===================================================================
---- heimdal-0.7.2.orig/appl/ftp/ftpd/ftpd.c	2005-06-02 20:41:28.000000000 +1000
-+++ heimdal-0.7.2/appl/ftp/ftpd/ftpd.c	2006-03-09 12:50:03.003024200 +1100
-@@ -2234,7 +2234,11 @@
- 
- 	memset(&gl, 0, sizeof(gl));
- 	freeglob = 1;
-+#ifdef HAVE_GLOB
- 	if (glob(whichf, flags, 0, &gl)) {
-+#else
-+	if (roken_glob(whichf, flags, 0, &gl)) {
-+#endif
- 	    reply(550, "not found");
- 	    goto out;
- 	} else if (gl.gl_pathc == 0) {
-@@ -2341,7 +2345,11 @@
-     pdata = -1;
-     if (freeglob) {
- 	freeglob = 0;
-+#ifdef HAVE_GLOB
- 	globfree(&gl);
-+#else
-+	roken_globfree(&gl);
-+#endif
-     }
- }
- 
-Index: heimdal-0.7.2/appl/ftp/ftpd/ftpd_locl.h
-===================================================================
---- heimdal-0.7.2.orig/appl/ftp/ftpd/ftpd_locl.h	2005-04-25 05:58:14.000000000 +1000
-+++ heimdal-0.7.2/appl/ftp/ftpd/ftpd_locl.h	2006-03-09 12:50:03.004024048 +1100
-@@ -106,7 +106,11 @@
- #ifdef HAVE_FCNTL_H
- #include <fcntl.h>
- #endif
-+#ifdef HAVE_GLOB
- #include <glob.h>
-+#else
-+#include <roken-glob.h>
-+#endif 
- #include <limits.h>
- #ifdef HAVE_PWD_H
- #include <pwd.h>
-Index: heimdal-0.7.2/appl/ftp/ftpd/popen.c
-===================================================================
---- heimdal-0.7.2.orig/appl/ftp/ftpd/popen.c	2002-04-02 21:57:39.000000000 +1000
-+++ heimdal-0.7.2/appl/ftp/ftpd/popen.c	2006-03-09 12:50:03.013022680 +1100
-@@ -55,7 +55,11 @@
- #include <sys/wait.h>
- 
- #include <errno.h>
-+#ifdef HAVE_GLOB
- #include <glob.h>
-+#else
-+#include <roken-glob.h>
-+#endif
- #include <signal.h>
- #include <stdio.h>
- #include <stdlib.h>
-@@ -149,7 +153,11 @@
- 
- 		memset(&gl, 0, sizeof(gl));
- 		if (no_glob || 
-+#ifdef HAVE_GLOB
- 		    glob(argv[argc], flags, NULL, &gl) || 
-+#else
-+		    roken_glob(argv[argc], flags, NULL, &gl) ||
-+#endif
- 		    gl.gl_pathc == 0)
- 			gargv[gargc++] = strdup(argv[argc]);
- 		else
-@@ -157,7 +165,11 @@
- 			     *pop && gargc < MAXGLOBS - 1;
- 			     pop++)
- 				gargv[gargc++] = strdup(*pop);
-+#ifdef HAVE_GLOB
- 		globfree(&gl);
-+#else
-+		roken_globfree(&gl);
-+#endif
- 	}
- 	gargv[gargc] = NULL;
- 
-Index: heimdal-0.7.2/lib/roken/glob.c
-===================================================================
---- heimdal-0.7.2.orig/lib/roken/glob.c	2005-04-12 21:28:50.000000000 +1000
-+++ heimdal-0.7.2/lib/roken/glob.c	2006-03-09 12:50:03.015022376 +1100
-@@ -87,7 +87,7 @@
- #include <limits.h>
- #endif
- 
--#include "glob.h"
-+#include "roken-glob.h"
- #include "roken.h"
- 
- #ifndef ARG_MAX
-@@ -167,7 +167,7 @@
- #endif
- 
- int ROKEN_LIB_FUNCTION
--glob(const char *pattern, 
-+roken_glob(const char *pattern, 
-      int flags, 
-      int (*errfunc)(const char *, int), 
-      glob_t *pglob)
-@@ -742,7 +742,7 @@
- 
- /* Free allocated data belonging to a glob_t structure. */
- void ROKEN_LIB_FUNCTION
--globfree(glob_t *pglob)
-+roken_globfree(glob_t *pglob)
- {
- 	int i;
- 	char **pp;
-Index: heimdal-0.7.2/lib/roken/glob.hin
-===================================================================
---- heimdal-0.7.2.orig/lib/roken/glob.hin	2005-04-13 23:17:56.000000000 +1000
-+++ heimdal-0.7.2/lib/roken/glob.hin	2006-03-09 12:50:03.016022224 +1100
-@@ -32,8 +32,8 @@
-  *	@(#)glob.h	8.1 (Berkeley) 6/2/93
-  */
- 
--#ifndef _GLOB_H_
--#define	_GLOB_H_
-+#ifndef _ROKEN_GLOB_H_
-+#define	_ROKEN_GLOB_H_
- 
- #ifndef ROKEN_LIB_FUNCTION
- #ifdef _WIN32
-@@ -88,9 +88,9 @@
- #define	GLOB_ABEND	(-2)	/* Unignored error. */
- 
- int ROKEN_LIB_FUNCTION
--glob (const char *, int, int (*)(const char *, int), glob_t *);
-+roken_glob (const char *, int, int (*)(const char *, int), glob_t *);
- 
- void ROKEN_LIB_FUNCTION
--globfree (glob_t *);
-+roken_globfree (glob_t *);
- 
--#endif /* !_GLOB_H_ */
-+#endif /* !_ROKEN_GLOB_H_ */
-Index: heimdal-0.7.2/lib/roken/Makefile.am
-===================================================================
---- heimdal-0.7.2.orig/lib/roken/Makefile.am	2005-05-24 21:39:01.000000000 +1000
-+++ heimdal-0.7.2/lib/roken/Makefile.am	2006-03-09 12:50:03.016022224 +1100
-@@ -129,7 +129,7 @@
- if have_glob_h
- glob_h =
- else
--glob_h = glob.h
-+glob_h = roken-glob.h
- endif
- 
- if have_ifaddrs_h
-@@ -170,6 +170,8 @@
- SUFFIXES += .hin
- .hin.h:
- 	cp $< $@
-+roken-glob.h:
-+	cp glob.hin roken-glob.h
- 
- roken.h: make-roken$(EXEEXT)
- 	@./make-roken$(EXEEXT) > tmp.h ;\
diff --git a/crypto/heimdal/packages/debian/patches/022_openafs b/crypto/heimdal/packages/debian/patches/022_openafs
deleted file mode 100644
index 64899fdc035e..000000000000
--- a/crypto/heimdal/packages/debian/patches/022_openafs
+++ /dev/null
@@ -1,15 +0,0 @@
-Index: heimdal-0.7.2/lib/krb5/keytab_keyfile.c
-===================================================================
---- heimdal-0.7.2.orig/lib/krb5/keytab_keyfile.c	2005-01-09 09:57:18.000000000 +1100
-+++ heimdal-0.7.2/lib/krb5/keytab_keyfile.c	2006-03-09 12:50:07.121398112 +1100
-@@ -48,8 +48,8 @@
-  *
-  */
- 
--#define AFS_SERVERTHISCELL "/usr/afs/etc/ThisCell"
--#define AFS_SERVERMAGICKRBCONF "/usr/afs/etc/krb.conf"
-+#define AFS_SERVERTHISCELL "/etc/openafs/ThisCell"
-+#define AFS_SERVERMAGICKRBCONF "/etc/openafs/etc/krb.conf"
- 
- struct akf_data {
-     int num_entries;
diff --git a/crypto/heimdal/packages/debian/patches/025_pthreads b/crypto/heimdal/packages/debian/patches/025_pthreads
deleted file mode 100644
index 980a8ad94b31..000000000000
--- a/crypto/heimdal/packages/debian/patches/025_pthreads
+++ /dev/null
@@ -1,13 +0,0 @@
-Index: heimdal-0.7.2/cf/pthreads.m4
-===================================================================
---- heimdal-0.7.2.orig/cf/pthreads.m4	2006-03-09 12:55:11.651102560 +1100
-+++ heimdal-0.7.2/cf/pthreads.m4	2006-03-09 12:59:12.806441376 +1100
-@@ -32,7 +32,7 @@
- 	2.*)
- 		native_pthread_support=yes
- 		PTHREADS_CFLAGS=-pthread
--		PTHREADS_LIBS=-pthread
-+		PTHREADS_LIBS="-pthread -lpthread"
- 		;;
- 	esac
- 	;;
diff --git a/crypto/heimdal/packages/debian/patches/026_posix_max b/crypto/heimdal/packages/debian/patches/026_posix_max
deleted file mode 100644
index bf26032023a4..000000000000
--- a/crypto/heimdal/packages/debian/patches/026_posix_max
+++ /dev/null
@@ -1,293 +0,0 @@
-Index: heimdal-0.7.2/appl/kf/kf_locl.h
-===================================================================
---- heimdal-0.7.2.orig/appl/kf/kf_locl.h	2002-09-05 06:29:04.000000000 +1000
-+++ heimdal-0.7.2/appl/kf/kf_locl.h	2006-03-09 12:59:30.120809192 +1100
-@@ -79,3 +79,7 @@
- #define KF_PORT_NAME		"kf"
- #define KF_PORT_NUM		2110
- #define KF_VERSION_1		"KFWDV0.1"
-+
-+#ifndef MAXPATHLEN
-+#define MAXPATHLEN 4096
-+#endif
-Index: heimdal-0.7.2/appl/kf/kfd.c
-===================================================================
---- heimdal-0.7.2.orig/appl/kf/kfd.c	2005-05-27 23:43:24.000000000 +1000
-+++ heimdal-0.7.2/appl/kf/kfd.c	2006-03-09 12:59:30.121809040 +1100
-@@ -128,7 +128,7 @@
-     krb5_ticket *ticket;
-     char *name;
-     char ret_string[10];
--    char hostname[MAXHOSTNAMELEN];
-+    char hostname[MaxHostNameLen];
-     krb5_data data;
-     krb5_data remotename;
-     krb5_data tk_file;
-Index: heimdal-0.7.2/appl/kx/kx.h
-===================================================================
---- heimdal-0.7.2.orig/appl/kx/kx.h	2003-04-17 02:45:43.000000000 +1000
-+++ heimdal-0.7.2/appl/kx/kx.h	2006-03-09 12:59:30.122808888 +1100
-@@ -107,6 +107,10 @@
- #include <sys/stropts.h>
- #endif
- 
-+#ifndef MAXPATHLEN
-+#define MAXPATHLEN 4096
-+#endif
-+
- /* defined by aix's sys/stream.h and again by arpa/nameser.h */
- 
- #undef NOERROR
-Index: heimdal-0.7.2/appl/login/login_access.c
-===================================================================
---- heimdal-0.7.2.orig/appl/login/login_access.c	2001-06-05 00:09:45.000000000 +1000
-+++ heimdal-0.7.2/appl/login/login_access.c	2006-03-09 12:59:30.123808736 +1100
-@@ -163,11 +163,11 @@
- 
- static char *myhostname(void)
- {
--    static char name[MAXHOSTNAMELEN + 1] = "";
-+    static char name[MaxHostNameLen + 1] = "";
- 
-     if (name[0] == 0) {
- 	gethostname(name, sizeof(name));
--	name[MAXHOSTNAMELEN] = 0;
-+	name[MaxHostNameLen] = 0;
-     }
-     return (name);
- }
-Index: heimdal-0.7.2/appl/login/login_locl.h
-===================================================================
---- heimdal-0.7.2.orig/appl/login/login_locl.h	2005-04-23 01:38:54.000000000 +1000
-+++ heimdal-0.7.2/appl/login/login_locl.h	2006-03-09 12:59:30.124808584 +1100
-@@ -150,6 +150,10 @@
- #endif
- 
- 
-+#ifndef MAXPATHLEN
-+#define MAXPATHLEN 4096
-+#endif
-+
- struct spwd;
- 
- extern char **env;
-Index: heimdal-0.7.2/appl/popper/popper.h
-===================================================================
---- heimdal-0.7.2.orig/appl/popper/popper.h	2004-07-14 19:10:30.000000000 +1000
-+++ heimdal-0.7.2/appl/popper/popper.h	2006-03-09 12:59:30.125808432 +1100
-@@ -154,6 +154,10 @@
- #define POP_MAILDIR	"/usr/spool/mail"
- #endif
- 
-+#ifndef MAXPATHLEN
-+#define MAXPATHLEN 4096
-+#endif
-+
- #define POP_DROP        POP_MAILDIR "/.%s.pop"
- 	/* POP_TMPSIZE needs to be big enough to hold the string
- 	 * defined by POP_TMPDROP.  POP_DROP and POP_TMPDROP
-Index: heimdal-0.7.2/appl/rcp/rcp_locl.h
-===================================================================
---- heimdal-0.7.2.orig/appl/rcp/rcp_locl.h	2005-05-30 04:24:43.000000000 +1000
-+++ heimdal-0.7.2/appl/rcp/rcp_locl.h	2006-03-09 12:59:30.125808432 +1100
-@@ -65,3 +65,7 @@
- #endif
- #undef _PATH_RSH
- #define	_PATH_RSH	BINDIR "/rsh"
-+
-+#ifndef MAXPATHLEN
-+#define MAXPATHLEN 4096
-+#endif
-Index: heimdal-0.7.2/appl/rsh/rsh_locl.h
-===================================================================
---- heimdal-0.7.2.orig/appl/rsh/rsh_locl.h	2005-12-29 05:00:05.000000000 +1100
-+++ heimdal-0.7.2/appl/rsh/rsh_locl.h	2006-03-09 12:59:30.126808280 +1100
-@@ -172,3 +172,7 @@
- #define do_write(F, B, L, I) write((F), (B), (L))
- #define do_read(F, B, L, I) read((F), (B), (L))
- #endif
-+
-+#ifndef MAXPATHLEN
-+#define MAXPATHLEN 4096
-+#endif
-Index: heimdal-0.7.2/appl/test/tcp_server.c
-===================================================================
---- heimdal-0.7.2.orig/appl/test/tcp_server.c	1999-12-16 21:31:08.000000000 +1100
-+++ heimdal-0.7.2/appl/test/tcp_server.c	2006-03-09 12:59:30.127808128 +1100
-@@ -44,7 +44,7 @@
-     krb5_principal server;
-     krb5_ticket *ticket;
-     char *name;
--    char hostname[MAXHOSTNAMELEN];
-+    char hostname[MaxHostNameLen];
-     krb5_data packet;
-     krb5_data data;
-     u_int32_t len, net_len;
-Index: heimdal-0.7.2/lib/gssapi/gssapi_locl.h
-===================================================================
---- heimdal-0.7.2.orig/lib/gssapi/gssapi_locl.h	2005-05-31 06:53:46.000000000 +1000
-+++ heimdal-0.7.2/lib/gssapi/gssapi_locl.h	2006-03-09 12:59:30.128807976 +1100
-@@ -84,6 +84,10 @@
-  *
-  */
- 
-+#ifndef MAXPATHLEN
-+#define MAXPATHLEN 4096
-+#endif
-+
- extern krb5_context gssapi_krb5_context;
- 
- extern krb5_keytab gssapi_krb5_keytab;
-Index: heimdal-0.7.2/lib/gssapi/import_name.c
-===================================================================
---- heimdal-0.7.2.orig/lib/gssapi/import_name.c	2003-03-17 04:33:31.000000000 +1100
-+++ heimdal-0.7.2/lib/gssapi/import_name.c	2006-03-09 12:59:30.129807824 +1100
-@@ -90,7 +90,7 @@
-     char *tmp;
-     char *p;
-     char *host;
--    char local_hostname[MAXHOSTNAMELEN];
-+    char local_hostname[MaxHostNameLen];
- 
-     *output_name = NULL;
- 
-Index: heimdal-0.7.2/lib/kdfs/k5dfspag.c
-===================================================================
---- heimdal-0.7.2.orig/lib/kdfs/k5dfspag.c	2002-08-13 01:11:58.000000000 +1000
-+++ heimdal-0.7.2/lib/kdfs/k5dfspag.c	2006-03-09 12:59:30.130807672 +1100
-@@ -78,6 +78,9 @@
- #define WAIT_USES_INT
- typedef krb5_sigtype sigtype;
- 
-+#ifndef MAXPATHLEN
-+#define MAXPATHLEN 4096
-+#endif
- 
- /* 
-  * Need some syscall numbers based on different systems. 
-Index: heimdal-0.7.2/lib/krb5/get_addrs.c
-===================================================================
---- heimdal-0.7.2.orig/lib/krb5/get_addrs.c	2004-05-26 07:26:05.000000000 +1000
-+++ heimdal-0.7.2/lib/krb5/get_addrs.c	2006-03-09 12:59:30.139806304 +1100
-@@ -49,7 +49,7 @@
- gethostname_fallback (krb5_context context, krb5_addresses *res)
- {
-     krb5_error_code ret;
--    char hostname[MAXHOSTNAMELEN];
-+    char hostname[MaxHostNameLen];
-     struct hostent *hostent;
- 
-     if (gethostname (hostname, sizeof(hostname))) {
-Index: heimdal-0.7.2/lib/krb5/get_host_realm.c
-===================================================================
---- heimdal-0.7.2.orig/lib/krb5/get_host_realm.c	2005-04-20 04:52:51.000000000 +1000
-+++ heimdal-0.7.2/lib/krb5/get_host_realm.c	2006-03-09 12:59:30.140806152 +1100
-@@ -95,7 +95,7 @@
- 	       krb5_realm **realms)
- {
-     static char *default_labels[] = { "_kerberos", NULL };
--    char dom[MAXHOSTNAMELEN];
-+    char dom[MaxHostNameLen];
-     struct dns_reply *r;
-     char **labels;
-     int i, ret;
-@@ -208,7 +208,7 @@
- 		    const char *host,
- 		    krb5_realm **realms)
- {
--    char hostname[MAXHOSTNAMELEN];
-+    char hostname[MaxHostNameLen];
- 
-     if (host == NULL) {
- 	if (gethostname (hostname, sizeof(hostname)))
-Index: heimdal-0.7.2/lib/krb5/krbhst-test.c
-===================================================================
---- heimdal-0.7.2.orig/lib/krb5/krbhst-test.c	2002-08-23 13:43:18.000000000 +1000
-+++ heimdal-0.7.2/lib/krb5/krbhst-test.c	2006-03-09 12:59:30.140806152 +1100
-@@ -87,7 +87,7 @@
-     krb5_init_context (&context);
-     for(i = 0; i < argc; i++) {
- 	krb5_krbhst_handle handle;
--	char host[MAXHOSTNAMELEN];
-+	char host[MaxHostNameLen];
- 
- 	for (j = 0; j < sizeof(types)/sizeof(*types); ++j) {
- 	    printf ("%s for %s:\n", type_str[j], argv[i]);
-Index: heimdal-0.7.2/lib/krb5/krbhst.c
-===================================================================
---- heimdal-0.7.2.orig/lib/krb5/krbhst.c	2005-05-20 19:09:42.000000000 +1000
-+++ heimdal-0.7.2/lib/krb5/krbhst.c	2006-03-09 12:59:30.142805848 +1100
-@@ -763,7 +763,7 @@
-     krb5_error_code ret;
-     int nhost = 0;
-     krb5_krbhst_handle handle;
--    char host[MAXHOSTNAMELEN];
-+    char host[MaxHostNameLen];
-     krb5_krbhst_info *hostinfo;
- 
-     ret = krb5_krbhst_init(context, realm, type, &handle);
-Index: heimdal-0.7.2/lib/krb5/principal.c
-===================================================================
---- heimdal-0.7.2.orig/lib/krb5/principal.c	2004-12-29 12:54:54.000000000 +1100
-+++ heimdal-0.7.2/lib/krb5/principal.c	2006-03-09 12:59:30.150804632 +1100
-@@ -706,8 +706,8 @@
-     const char *p;
-     krb5_error_code ret;
-     krb5_principal pr;
--    char host[MAXHOSTNAMELEN];
--    char local_hostname[MAXHOSTNAMELEN];
-+    char host[MaxHostNameLen];
-+    char local_hostname[MaxHostNameLen];
- 
-     /* do the following: if the name is found in the
-        `v4_name_convert:host' part, is is assumed to be a `host' type
-@@ -1059,7 +1059,7 @@
- 			 krb5_principal *ret_princ)
- {
-     krb5_error_code ret;
--    char localhost[MAXHOSTNAMELEN];
-+    char localhost[MaxHostNameLen];
-     char **realms, *host = NULL;
- 	
-     if(type != KRB5_NT_SRV_HST && type != KRB5_NT_UNKNOWN) {
-Index: heimdal-0.7.2/lib/krb5/verify_init.c
-===================================================================
---- heimdal-0.7.2.orig/lib/krb5/verify_init.c	2004-05-26 07:45:47.000000000 +1000
-+++ heimdal-0.7.2/lib/krb5/verify_init.c	2006-03-09 12:59:30.151804480 +1100
-@@ -90,7 +90,7 @@
-     memset (&entry, 0, sizeof(entry));
- 
-     if (ap_req_server == NULL) {
--	char local_hostname[MAXHOSTNAMELEN];
-+	char local_hostname[MaxHostNameLen];
- 
- 	if (gethostname (local_hostname, sizeof(local_hostname)) < 0) {
- 	    ret = errno;
-Index: heimdal-0.7.2/lib/roken/getaddrinfo_hostspec.c
-===================================================================
---- heimdal-0.7.2.orig/lib/roken/getaddrinfo_hostspec.c	2005-04-12 21:28:43.000000000 +1000
-+++ heimdal-0.7.2/lib/roken/getaddrinfo_hostspec.c	2006-03-09 12:59:30.152804328 +1100
-@@ -48,7 +48,7 @@
- {
-     const char *p;
-     char portstr[NI_MAXSERV];
--    char host[MAXHOSTNAMELEN];
-+    char host[MaxHostNameLen];
-     struct addrinfo hints;
-     int hostspec_len;
- 
-Index: heimdal-0.7.2/lib/sl/slc-gram.y
-===================================================================
---- heimdal-0.7.2.orig/lib/sl/slc-gram.y	2005-04-19 20:28:28.000000000 +1000
-+++ heimdal-0.7.2/lib/sl/slc-gram.y	2006-03-09 12:59:30.153804176 +1100
-@@ -46,6 +46,10 @@
- #include <vers.h>
- #include <roken.h>
- 
-+#ifndef PATH_MAX
-+#define PATH_MAX 4096
-+#endif
-+
- #include "slc.h"
- extern FILE *yyin;
- extern struct assignment *a;
diff --git a/crypto/heimdal/packages/debian/po/POTFILES.in b/crypto/heimdal/packages/debian/po/POTFILES.in
deleted file mode 100644
index 1fea3242b919..000000000000
--- a/crypto/heimdal/packages/debian/po/POTFILES.in
+++ /dev/null
@@ -1 +0,0 @@
-[type: gettext/rfc822deb] heimdal-kdc.templates
diff --git a/crypto/heimdal/packages/debian/po/templates.pot b/crypto/heimdal/packages/debian/po/templates.pot
deleted file mode 100644
index 41d0f311af1e..000000000000
--- a/crypto/heimdal/packages/debian/po/templates.pot
+++ /dev/null
@@ -1,54 +0,0 @@
-#
-#    Translators, if you are not familiar with the PO format, gettext
-#    documentation is worth reading, especially sections dedicated to
-#    this format, e.g. by running:
-#         info -n '(gettext)PO Files'
-#         info -n '(gettext)Header Entry'
-#
-#    Some information specific to po-debconf are available at
-#            /usr/share/doc/po-debconf/README-trans
-#         or http://www.debian.org/intl/l10n/po-debconf/README-trans
-#
-#    Developers do not need to manually edit POT or PO files.
-#
-#, fuzzy
-msgid ""
-msgstr ""
-"Project-Id-Version: PACKAGE VERSION\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2004-02-27 10:15-0800\n"
-"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: LANGUAGE <LL@li.org>\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=CHARSET\n"
-"Content-Transfer-Encoding: 8bit\n"
-
-#. Type: string
-#. Description
-#: ../heimdal-kdc.templates:3
-msgid "Local realm name:"
-msgstr ""
-
-#. Type: string
-#. Description
-#: ../heimdal-kdc.templates:3
-msgid ""
-"Heimdal requires the name of your local realm. This is typically your domain "
-"name in uppercase. eg if your hostname is host.org.com, then your realm will "
-"become ORG.COM. The default for your host is ${default_realm}."
-msgstr ""
-
-#. Type: password
-#. Description
-#: ../heimdal-kdc.templates:10
-msgid "Password for KDC:"
-msgstr ""
-
-#. Type: password
-#. Description
-#: ../heimdal-kdc.templates:10
-msgid ""
-"Heimdal can encrypt the KDC data with a password. A hashed representation "
-"will be stored in /var/lib/heimdal-kdc/m-key."
-msgstr ""
diff --git a/crypto/heimdal/packages/debian/rules b/crypto/heimdal/packages/debian/rules
deleted file mode 100755
index 8894667b9394..000000000000
--- a/crypto/heimdal/packages/debian/rules
+++ /dev/null
@@ -1,62 +0,0 @@
-#!/usr/bin/make -f
-
-include /usr/share/cdbs/1/rules/debhelper.mk
-include /usr/share/cdbs/1/class/autotools.mk
-include /usr/share/cdbs/1/rules/patchsys-quilt.mk
-
-DEB_INSTALL_DOCS_ALL =
-DEB_INSTALL_DOCS_heimdal-docs = $(filter-out $(DEB_INSTALL_CHANGELOGS_ALL),$(shell for f in README NEWS TODO BUGS AUTHORS THANKS; do if test -s $(DEB_SRCDIR)/$$f; then echo $(DEB_SRCDIR)/$$f; fi; done)) \
-	NEWS TODO
-
-
-DEB_DH_INSTALL_SOURCEDIR = debian/tmp
-
-DEB_CONFIGURE_LIBEXECDIR ="\$${prefix}/sbin"
-
-DEB_CONFIGURE_EXTRA_FLAGS := \
-	--enable-shared \
-	--enable-otp \
-	--with-kaserver \
-	--with-openssl \
-	--with-openldap \
-	--with-readline-include=/usr/include/editline \
-	--enable-kcm
-
-# /var/lib/heimdal-kdc is 700
-DEB_FIXPERMS_EXCLUDE = heimdal-kdc
-
-binary-post-install/heimdal-servers::
-	mv debian/heimdal-servers/usr/sbin/kfd debian/heimdal-servers/usr/lib/heimdal-servers
-	mv debian/heimdal-servers/usr/sbin/ftpd debian/heimdal-servers/usr/lib/heimdal-servers
-	mv debian/heimdal-servers/usr/sbin/rshd debian/heimdal-servers/usr/lib/heimdal-servers
-	mv debian/heimdal-servers/usr/sbin/telnetd debian/heimdal-servers/usr/lib/heimdal-servers
-	mv debian/heimdal-servers/usr/sbin/popper debian/heimdal-servers/usr/lib/heimdal-servers
-	mv debian/heimdal-servers/usr/bin/login debian/heimdal-servers/usr/lib/heimdal-servers
-
-binary-post-install/heimdal-servers-x::
-	mv debian/heimdal-servers-x/usr/sbin/kxd debian/heimdal-servers-x/usr/lib/heimdal-servers
-
-binary-post-install/heimdal-kdc::
-	mv debian/heimdal-kdc/usr/sbin/kdc debian/heimdal-kdc/usr/lib/heimdal-servers
-	mv debian/heimdal-kdc/usr/sbin/kadmind debian/heimdal-kdc/usr/lib/heimdal-servers
-	mv debian/heimdal-kdc/usr/sbin/kpasswdd debian/heimdal-kdc/usr/lib/heimdal-servers
-	install -m644 debian/extras/default debian/heimdal-kdc/etc/default/heimdal-kdc
-	install -m644 lib/hdb/hdb.schema debian/heimdal-kdc/etc/ldap/schema/hdb.schema
-	dh_fixperms -pheimdal-kdc
-	chmod 700 debian/heimdal-kdc/var/lib/heimdal-kdc
-
-binary-post-install/heimdal-clients::
-	mv debian/heimdal-clients/usr/bin/telnet debian/heimdal-clients/usr/bin/ktelnet
-	mv debian/heimdal-clients/usr/bin/ftp debian/heimdal-clients/usr/bin/kftp
-	mv debian/heimdal-clients/usr/share/man/man1/telnet.1 debian/heimdal-clients/usr/share/man/man1/ktelnet.1
-	mv debian/heimdal-clients/usr/share/man/man1/ftp.1 debian/heimdal-clients/usr/share/man/man1/kftp.1
-	mv debian/heimdal-clients/usr/bin/rsh debian/heimdal-clients/usr/bin/krsh
-	mv debian/heimdal-clients/usr/bin/rcp debian/heimdal-clients/usr/bin/krcp
-	mv debian/heimdal-clients/usr/bin/pagsh debian/heimdal-clients/usr/bin/kpagsh
-	mv debian/heimdal-clients/usr/bin/su debian/heimdal-clients/usr/bin/ksu
-	mv debian/heimdal-clients/usr/share/man/man1/rsh.1 debian/heimdal-clients/usr/share/man/man1/krsh.1
-	mv debian/heimdal-clients/usr/share/man/man1/pagsh.1 debian/heimdal-clients/usr/share/man/man1/kpagsh.1
-	mv debian/heimdal-clients/usr/share/man/man1/su.1 debian/heimdal-clients/usr/share/man/man1/ksu.1
-
-binary-post-install/heimdal-docs::
-	mv debian/heimdal-docs/usr/share/man/man5/krb5.conf.5 debian/heimdal-docs/usr/share/man/man5/krb5.conf.5heimdal
diff --git a/crypto/heimdal/packages/debian/scripts/convert_source b/crypto/heimdal/packages/debian/scripts/convert_source
deleted file mode 100644
index 3d9d4f7727e9..000000000000
--- a/crypto/heimdal/packages/debian/scripts/convert_source
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/bin/sh -ex
-
-SRC="$1"
-VERSION="$2"
-DST="heimdal_$VERSION.dfsg.1.orig.tar.gz"
-SRC_DIR="heimdal-$VERSION"
-
-MYTMP=""
-trap 'if [ -n "$MYTMP" ]; then rm -rf $MYTMP; fi' EXIT
-MYTMP=`mktemp -td heimdal.XXXXXX` || exit 1
-
-tar -xzf $SRC -C $MYTMP
-ls -l $MYTMP/$SRC_DIR
-
-rm -r $MYTMP/$SRC_DIR/doc/standardisation
-
-tar -czf $DST -C $MYTMP $SRC_DIR
diff --git a/crypto/heimdal/packages/mac/Info.plist b/crypto/heimdal/packages/mac/Info.plist
deleted file mode 100644
index c1d17055747d..000000000000
--- a/crypto/heimdal/packages/mac/Info.plist
+++ /dev/null
@@ -1,36 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
-<dict>
-	<key>CFBundleGetInfoString</key>
-	<string>Heimdal @VERSION@</string>
-	<key>CFBundleName</key>
-	<string>Heimdal</string>
-	<key>CFBundleIdentifier</key>
-	<string>org.h5l.heimdal.pkg</string>
-	<key>CFBundleShortVersionString</key>
-	<string>1.0</string>
-	<key>IFPkgFlagAllowBackRev</key>
-	<true/>
-	<key>IFPkgFlagAuthorizationAction</key>
-	<string>RootAuthorization</string>
-	<key>IFPkgFlagDefaultLocation</key>
-	<string>/</string>
-	<key>IFPkgFlagFollowLinks</key>
-	<true/>
-	<key>IFPkgFlagIsRequired</key>
-	<true/>
-	<key>IFPkgFlagOverwritePermissions</key>
-	<true/>
-	<key>IFPkgFlagRelocatable</key>
-	<false/>
-	<key>IFPkgFlagRestartAction</key>
-	<string>NoRestart</string>
-	<key>IFPkgFlagRootVolumeOnly</key>
-	<true/>
-	<key>IFPkgFlagUpdateInstalledLanguages</key>
-	<false/>
-	<key>IFPkgFormatVersion</key>
-	<real>0.10000000149011612</real>
-</dict>
-</plist>
diff --git a/crypto/heimdal/packages/mac/Makefile.am b/crypto/heimdal/packages/mac/Makefile.am
deleted file mode 100644
index da258c1c39e6..000000000000
--- a/crypto/heimdal/packages/mac/Makefile.am
+++ /dev/null
@@ -1,9 +0,0 @@
-# $Id: Makefile.am 22180 2007-12-05 02:49:01Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-EXTRA_DIST = \
-	Info.plist \
-	mac.sh \
-	Resources/Description.plist \
-	Resources/English.lproj/Welcome.rtf
diff --git a/crypto/heimdal/packages/mac/Makefile.in b/crypto/heimdal/packages/mac/Makefile.in
deleted file mode 100644
index 4b217f093d4e..000000000000
--- a/crypto/heimdal/packages/mac/Makefile.in
+++ /dev/null
@@ -1,663 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 22180 2007-12-05 02:49:01Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common
-subdir = packages/mac
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-SOURCES =
-DIST_SOURCES =
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-EXTRA_DIST = \
-	Info.plist \
-	mac.sh \
-	Resources/Description.plist \
-	Resources/English.lproj/Welcome.rtf
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps packages/mac/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps packages/mac/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-tags: TAGS
-TAGS:
-
-ctags: CTAGS
-CTAGS:
-
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile all-local
-installdirs:
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-generic
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool dist-hook distclean \
-	distclean-generic distclean-libtool distdir dvi dvi-am html \
-	html-am info info-am install install-am install-data \
-	install-data-am install-data-hook install-dvi install-dvi-am \
-	install-exec install-exec-am install-exec-hook install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-ps install-ps-am \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	uninstall uninstall-am uninstall-hook
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/packages/mac/Resources/Description.plist b/crypto/heimdal/packages/mac/Resources/Description.plist
deleted file mode 100644
index 15cd63a4f6ba..000000000000
--- a/crypto/heimdal/packages/mac/Resources/Description.plist
+++ /dev/null
@@ -1,10 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
-<dict>
-	<key>IFPkgDescriptionDescription</key>
-	<string></string>
-	<key>IFPkgDescriptionTitle</key>
-	<string>Heimdal</string>
-</dict>
-</plist>
diff --git a/crypto/heimdal/packages/mac/Resources/English.lproj/Welcome.rtf b/crypto/heimdal/packages/mac/Resources/English.lproj/Welcome.rtf
deleted file mode 100644
index 884487209e6b..000000000000
--- a/crypto/heimdal/packages/mac/Resources/English.lproj/Welcome.rtf
+++ /dev/null
@@ -1,8 +0,0 @@
-{\rtf1\mac\ansicpg10000\cocoartf100
-{\fonttbl\f0\fswiss\fcharset77 Helvetica;}
-{\colortbl;\red255\green255\blue255;}
-\margl1440\margr1440\vieww9000\viewh9000\viewkind0
-\pard\tx1440\tx2880\tx4320\tx5760\tx7200\ql\qnatural
-
-\f0\fs28 \cf0 Welcome to the Heimdal Installation Program.\
-}
-\ No newline at end of file
diff --git a/crypto/heimdal/packages/mac/mac.sh b/crypto/heimdal/packages/mac/mac.sh
deleted file mode 100644
index 8dcde86fa175..000000000000
--- a/crypto/heimdal/packages/mac/mac.sh
+++ /dev/null
@@ -1,52 +0,0 @@
-#!/bin/sh
-# $Id: mac.sh 22177 2007-12-05 01:43:30Z lha $
-
-dbase=`dirname $0`
-base=`cd $dbase && pwd`
-config=${base}/../../configure
-
-destdir=`pwd`/destdir
-builddir=`pwd`/builddir
-imgdir=`pwd`/imgdir
-
-rm -rf ${destdir} ${builddir} ${imgdir} || exit 1
-mkdir ${destdir} || exit 1
-mkdir ${builddir} || exit 1
-mkdir ${imgdir} || exit 1
-
-cd ${builddir} || exit 1
-
-version=`sh ${config} --help 2>/dev/null | head -1 | sed 's/.*Heimdal \([^ ]*\).*/\1/'`
-
-echo "Building Mac universal binary package for Heimdal ${version}"
-echo "Configure"
-env \
-  CFLAGS="-arch i386 -arch ppc" \
-  LDFLAGS="-arch i386 -arch ppc" \
-  ${config} > log || exit 1
-echo "Build"
-make all > /dev/null || exit 1
-echo "Run regression suite"
-make check > /dev/null || exit 1
-echo "Install"
-make install DESTDIR=${destdir} > /dev/null || exit 1 
-
-echo "Build package"
-/Developer/usr/bin/packagemaker \
-    --version "${version}" \
-    --root ${destdir} \
-    --info ${base}/Info.plist \
-    --out ${imgdir}/Heimdal.pkg \
-    --resources ${base}/Resources \
-    --domain system || exit 1
-
-cd ..
-echo "Build disk image"
-rm "heimdal-${version}.dmg"
-/usr/bin/hdiutil create -volname "Heimdal-${version}" -srcfolder ${imgdir} "heimdal-${version}.dmg" || exit 1
-
-echo "Clean"
-rm -rf ${destdir} ${builddir} ${imgdir} || exit 1
-
-echo "Done!"
-exit 0
diff --git a/crypto/heimdal/tests/ChangeLog b/crypto/heimdal/tests/ChangeLog
deleted file mode 100644
index 6fa41aca666f..000000000000
--- a/crypto/heimdal/tests/ChangeLog
+++ /dev/null
@@ -1,742 +0,0 @@
-2008-01-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc: Test the PKCS11 provider built-in to libhx509.
-
-2007-12-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ldap/init.ldif: Add space to make valid ldiff file, from Buchan
-	Milne
-	
-	* ldap/slapd-init.in: Another place where schemas are installed,
-	from Buchan Milne.
-
-2007-12-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/check-kadmin.in: Check that admin-less principal works.
-
-2007-12-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss/check-ntlm.in: test kdigest digest-probe command.
-
-2007-12-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss/check-basic.in: Test GSS_C_NO_NAME too.
-
-2007-10-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/check-kdc.in: Try multiple enctypes.
-
-2007-08-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* java/Makefile.am: EXTRA_DIST += jaas.conf
-	
-2007-08-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* java/Makefile.am: Add java source code.
-
-2007-08-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/check-iprop.in: Don't run this test in AFS since AFS is
-	missing unix sockets.
-
-	* kdc/wait-kdc.sh: Catch bind ../../tests/kdc/signal: Operation
-	not permitted
-
-2007-08-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/check-iprop.in: use wait-kdc.sh for all diffrent places we
-	start ipropd-{master,slave}.
-
-	* all-tests: empty messages.log
-
-	* kdc/check-iprop.in: Use wait-kdc.sh to wait for
-	ipropd-{master,slave}.
-
-	* kdc/wait-kdc.sh: look futher back in the logfile.
-	
-	* kdc/wait-kdc.sh: Make wait-kdc.sh able to wait on other things.
-
-	* kdc/check-iprop.in: Checking master going backward, create
-	iprop-stats.
-
-2007-08-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* java/have-java.sh: GNU GCC Java doesn't support Kerberos
-
-2007-08-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/check-iprop.in: wait longer for iprop, dump messages.log on
-	failure.
-
-	* kdc/Makefile.am: Clean after iprop tests.
-
-	* kdc/check-iprop.in: more iprop tests.
-
-2007-07-31  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/Makefile.am: Add check-iprop and related files.
-
-	* kdc/krb5.conf.in: Add stuff for iprop.
-
-	* kdc/check-iprop.in: Test for iprop.
-
-	* kdc/iprop-acl: ACL file for iprop.
-
-2007-07-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/donotexists.txt: missing file.
-
-2007-07-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/Makefile.am: EXTRA_DIST += donotexists.txt
-
-2007-07-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/check-kdc.in: Test renewing.
-	
-2007-07-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/Makefile.am: Test for simple salt types.
-
-	* kdc/krb5.conf.keys.in: Configuration file for testing keys.
-
-	* kdc/check-keys.in: Test some simple salt types.
-
-2007-07-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* java/Makefile.am: EXTRA_DIST += have_java.sh
-
-	* java/check-kinit.in: Make failing to compile a java program a
-	no-fatal error.
-
-	* java/check-kinit.in: Disable test if we use socket wrapper.
-
-2007-07-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/check-kadmin.in: Give more hints of what went wrong.
-
-2007-07-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/Makefile.am: add check-kadmin.in
-	
-2007-07-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ldap/slapd.conf: add samba.schema.
-
-	* ldap/slapd-init.in: Add samba schema.
-
-	* ldap/init.ldif: Samba entry to do testing with.
-
-2007-07-11  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* java/check-kinit.in: Only print when there is an error.
-
-	* java/krb5.conf.in: Move the AES enctypes first.
-
-2007-07-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/check-kadmin.in: Send kill outout to /dev/null.
-
-	* kdc/krb5.conf.in: Add bits needed for kadmind server test.
-
-	* kdc/Makefile.am: Add check-kadmin.
-
-	* kdc/check-kadmin.in: Simple test for server based kadmin.
-
-	* kdc/heimdal.acl: ACL file for check-admin test.
-
-2007-07-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: Add java.
-
-	* java: simple java kinit test
-
-2007-06-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ldap/check-ldap.in: Add one more principal and list the
-	database.
-
-	* kdc/check-pkinit.in: Fix hxtool issue-certificate --req.
-
-	* kdc/check-referral.in: Spelling.
-	
-2007-06-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss/check-context.in: disable dns canon on test, break on some
-	buildfarm hosts.
-	
-2007-06-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* can/test_can.in: readline seems strange, try diffrent way to
-	setup the database.
-
-2007-06-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* can/test_can.in: spoon feed kadmin diffrently
-
-2007-06-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/check-kdc.in: Also test rename user to anther realm.
-
-	* kdc/check-kdc.in: Test renaming a user.
-
-	* can/test_can.in: Tell use what the messages.log told us.
-
-	* kdc/check-referral.in: Add some more as-req canon tests, add
-	disable tgs-req tests.
-	
-2007-06-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* can/check-can.in: Check is there is a working db backend here.
-	
-2007-06-08  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* can/Makefile.am: Clean up more cruft.
-	
-2007-06-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* can/Makefile.am: More files we want in the dist.
-
-	* can/test_can.in: Simplify error reporting.
-
-	* can/test_can.in: Catch error from kadmin.
-
-	* can/mit-pkinit-20070607.*: mit pkinit-9 request
-
-	* can/check-can.in: Add mit-pkinit test.
-
-	* can/Makefile.am: Create specific configurtion files for some
-	tests.
-
-	* can/test_can.in: Pick up the right generated
-	krb5.conf (spelling).
-
-	* can: Add Apple Tiger 10.4/MIT Kerberos 1.4
-
-	* can/test_can.in: Don't need to start a kdc for this test.
-
-	* can: pre-canned requests from older versions and other implementations
-
-	* Makefile.am: SUBDIRS += can
-	
-2007-06-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/check-uu.in: Use stdout from uu_server.
-	
-2007-05-31  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kdc/check-pkinit.in: Try pkinit in w2k mode, also add tests for
-	MS SAN.
-
-	* kdc/Makefile.am: generate a krb5-pkinit-win.conf
-
-	* kdc/krb5-pkinit.conf.in: W2K tests.
-	
-2007-05-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/Makefile.am: remove more files
-	
-2007-05-10  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kdc/check-pkinit.in: try principal subject in DB
-	
-2007-05-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss/check-basic.in: test using test_kcred
-
-	* gss/check-ntlm.in: One more test.
-
-	* ldap/check-ldap.in: check in /usr/lib/openldap too for slapd and
-	slapadd
-	
-2007-05-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* db/add-modify-delete.in: Remove comment.
-
-	* db/add-modify-delete.in: try replay
-
-	* db/Makefile.am: clean more files.
-
-	* db/add-modify-delete.in: try iprop-log commands.
-	
-2007-04-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* db/krb5.conf.in: Add longer example.
-	
-2007-04-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* db: basic tests for dbinfo
-
-2007-04-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss/Makefile.am: Add check-ntlm.
-
-	* gss/check-ntlm.in: test ntlm client credentials code.
-	
-2007-04-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* db/loaddump-db.in: make kstash quiet
-	
-2007-04-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss/check-basic.in: more gss_acquire_cred tests
-	
-2007-04-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss/Makefile.am: add check-basic
-
-	* gss/check-basic.in: basic tests that might require a KDC.
-	
-2007-04-16  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kdc/Makefile.am: CLEANFILES += sdigest-init
-	
-2007-04-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* ldap/slapd-init.in: Add Id tag
-	
-2007-02-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/check-kdc.in: test new kadmin add_enctype functionallity
-	
-2007-02-17  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am: add ldap
-
-	* kdc/check-referral.in: add check-referral
-	
-	* kdc/Makefile.am: add check-referral
-	
-2007-02-15  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* tests/ldap: simple ldap test, inspried by samba ldb ldap test
-
-2007-02-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/check-digest.in: Test ms-chap-v2 (client response, server
-	response, session key)
-	
-2007-02-02  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kdc/krb5.conf.in: allow ms-chap-v2
-	
-2007-02-01  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kdc/check-digest.in: Negative check too.
-	
-2007-01-18  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kdc/check-uu.in: save log, wait longer
-	
-2007-01-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/check-pkinit.in: tell me about certifiate that we have
-	generated
-	
-2007-01-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* no random, no RSA/DH tests
-
-	* plugin/Makefile.am: remove files created by tests
-
-	* gss/Makefile.am: remove files created by tests
-
-	* gss/Makefile.am: add ntlm-user-file.txt
-
-2007-01-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/ap-req.c: --verify-pac no means verify existance of PAC in
-	ticket, the signature checking is done by the kerberos library.
-
-	* kdc/check-digest.in: display messages.log and help that that
-	tells us what went wrong.
-
-	* plugin/windc.c: Update to validate function signature change.
-
-	* Makefile.am: Only traverse into plugin if there is shared
-	library support.
-	
-2007-01-09  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/check-pkinit.in: Prefix key with FILE:
-	
-2007-01-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* plugin/Makefile.am: EXTRA_DIST += krb5.conf.in
-
-	* plugin/check-pac.in: test explicit requested pac and explicit
-	negative requested pac.
-
-	* kdc/ap-req.c: Make it possible to turn off PAC check, its
-	default on.
-
-	* plugin/windc.c: Add client_access.
-
-	* plugin/check-pac.in: Verify PAC on server end too.
-
-	* kdc/ap-req.c: Add verification of PAC.
-
-	* kdc/Makefile.am: Add test for pkinit with locally generated
-	certs.
-
-	* kdc/check-pkinit.in: Generate a ca, kdc cert and client cert and
-	try to use them
-
-	* kdc/pki-mapping: add other foo@TEST
-
-	* kdc/krb5-pkinit.conf.in: pkinit specific krb5.conf
-	
-2007-01-03  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* plugin/check-pac.in: test tgs-req
-
-	* plugin/windc.c: log that the function is called.
-
-	* kdc/check-digest.in: Test security layer in ntlm.
-
-	* plugin: test WinDC PAC functionallity
-	
-	* Makefile.am: Include plugin in tests
-	
-2006-12-28  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kdc/ntlm-user-file.txt: Correct DOMAIN name
-	
-2006-12-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/krb5.conf.in: Add digests acls (all)
-	
-2006-12-19  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* gss/check-spnego.in: test wrapunwrap
-
-	* gss/check-spnego.in: Test get and verify MIC.
-	
-	* gss/check-context.in: don't need to set GSSAPI_SPNEGO_NAME any
-	longer
-	
-2006-12-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss/check-context.in: Define GSSAPI_SPNEGO_NAME and re-add
-	spnego
-	
-	* gss/check-context.in: add trap, remove allow-digest, pretty
-	print.
-
-	* gss/check-gssmask.in: catch EXIT traps
-
-	* gss/check-spnego.in: test more combination of spnego contexts
-
-	* gss/Makefile.am: add check-spnego
-
-	* gss/check-spnego.in: check spnego combinations.
-	
-2006-12-16  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kdc/check-digest.in: test more combinations of names
-	
-2006-12-15  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kdc/ntlm-user-file.txt: ntlm username and password file
-
-	* kdc/check-digest.in: Check that ntlm works.
-	
-2006-12-12  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kdc/check-digest.in: prefix digest commands with digest-
-	
-2006-11-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/check-kdc.in: Don't (afs) unlog using kdestroy
-	
-2006-11-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/Makefile.am: Add LIB_roken and (implictly by that libvers
-	for print_version) to LDADD
-	
-2006-11-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/check-kdc.in: check that the getarg -- option works for
-	delete and add.
-
-	* kdc/check-kdc.in: Test proxy cert.
-	
-2006-11-19  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kdc/krb5.conf.in: revert the enable-pkinit change, and make it
-	consistant with all other other enable- options
-
-2006-11-15  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* gss/check-context.in: Add dce-style context building test.
-
-	* gss/check-context.in: test more combination of context building
-	
-2006-11-13  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Use TEST{,2}.H5L.SE for testing
-
-2006-11-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/Makefile.am: Use EGREP.
-
-	* kdc/check-kdc.in: Use EGREP.
-	
-2006-10-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/check-kdc.in: run eval on the testfailed variable so we run
-	all commands
-	
-2006-10-22  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* db/Makefile.am: make have-db being built in the "make all"
-	target.
-
-	* kdc/check-kdc.in: tell more what the kdc though about the
-	failure.
-	
-2006-10-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* db/add-modify-delete.in: Use EGREP.
-
-	* db/Makefile.am: add EGREP to do_subst
-	
-2006-10-20  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss/Makefile.am: Clean temporary files
-
-	* db/Makefile.am: clean have-db
-
-	* kdc/Makefile.am: Add pki-mapping to dist file.
-
-	* kdc/Makefile.am: more files
-	
-	* db/Makefile.am: more files
-
-2006-10-19  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* gss/check-context.in: give path to have-db
-	
-	* gss/check-gssmask.in: give path to have-db
-	
-	* kdc/check-kdc.in: give path to have-db
-	
-	* kdc/check-digest.in: give path to have-db
-	
-	* gss/check-gssmask.in: If there is no useful db support compile
-	in, disable test
-
-	* gss/check-context.in: Add commeted out digest check.
-
-	* kdc/check-digest.in: If there is no useful db support compile
-	in, disable test
-
-	* kdc/check-kdc.in: If there is no useful db support compile in,
-	disable test
-
-	* db/loaddump-db.in: If there is no useful db support compile in,
-	disable test
-
-	* db/have-db.in: Check if the kdc have any useful builtin
-	database.
-
-	* kdc/check-kdc.in: Fix awk statement, put RE on the right side.
-	
-2006-10-17  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* gss/check-gssmask.in: remove dup exit
-
-	* gss/check-context.in: More name tests.
-
-	* gss/check-context.in: test with and without dns-canon
-	
-2006-10-14  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kdc/check-kdc.in: Be more explit about what test failed.
-	
-2006-10-13  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* gss/check-context.in: et KRB5CCNAME in global enviorment
-	
-2006-10-12  Love H�rnquist �strand <lha@it.su.se>
-	
-	* gss/Makefile.am: Check if the gss context tester test_context
-	works ok.
-
-	* gss/check-context.in: Check if the gss context tester
-	test_context works ok.
-	
-2006-10-10  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* gss/check-gssmask.in: use wait-kdc.sh script
-
-	* kdc/check-kdc.in: use wait-kdc.sh script
-
-	* kdc/check-digest.in: use wait-kdc.sh script
-
-	* Heimdal uses TESTS_ENVIRONMENT before every binary being tested
-	directly from the Makefile.  This now uses the same for the
-	scripts, so we can run them under valgrind. From Andrew Bartlet
-
-2006-10-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss/Makefile.am: splits script tests and binary tests
-
-	* db/Makefile.am: Add tests script depenencies
-
-	* kdc/Makefile.am: Split script tests and binary tests
-	
-2006-10-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/check-kdc.in: Test pkinit encKey case.
-	
-2006-09-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss/check-gssmask.in: Catch failures from gssmaestro.
-	
-2006-09-20  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* gss/check-gssmask.in: Add a third client
-	
-2006-09-19 Love H�rnquist �strand  <lha@it.su.se>
-	
-	* gss/check-gssmask.in: test for gssmask + gssmaestro.
-
-	* gss/krb5.conf.in: Add krb5.conf for krb5.conf
-	
-2006-09-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss/check-gss.in: Add (c)
-
-	* kdc/check-kdc.in: Test constrained delegation impersonation.
-	
-2006-09-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/check-kdc.in: Change the password on krbtgt a couple of
-	times to have a non boring kvno.
-	
-2006-08-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/check-digest.in: Use the server as the server and set
-	diffrent password for the user and service.
-
-	* kdc/check-digest.in: Set allow digest flag on the server.
-
-	* kdc/Makefile.am: Build and run check-digest test.
-
-	* kdc/check-digest.in: Remove channel bindings from CHAP tests,
-	there is no such thing for CHAP.
-
-	* kdc/check-kdc.in: Test aes only krbtgt and des3 only service.
-	
-2006-08-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/check-kdc.in: Remove empty lines for picky awks
-	
-2006-07-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/check-kdc.in: Check for cross realm case where remove user
-	doesn't exists in the database, this is ok assuming the cross
-	realm isn't local. In the general case this isn't true.
-
-2006-06-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/check-kdc.in: run kadmin check
-	
-2006-06-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/check-kdc.in: test that delegated cred works too
-
-	* kdc/check-kdc.in: Test delegation
-	
-2006-06-06 Love H�rnquist �strand <lha@it.su.se>
-	
-	* kdc/check-kdc.in: Add impersonation tests.
-	
-2006-06-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/check-kdc.in: Less verbose, spelling.
-
-	* kdc/check-kdc.in: test cross realm and deleted user
-	
-2006-05-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/check-kdc.in: Check password protected pk-init keyfile.
-	
-2006-04-30  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kdc/check-kdc.in: Don't try pkinit if there is no rsa
-	
-2006-04-29  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kdc/pki-mapping: change pki-mapping
-	
-	* kdc/Makefile.am: clean the server.keytab
-
-	* kdc/check-kdc.in: Add test for pk-init
-
-	* kdc/krb5.conf.in: Add pkinit glue
-
-2006-04-28  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kdc/pki-mapping: Add pk-init mapping file
-	
-2006-04-27  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* kdc/check-kdc.in: Sprinkle more ap-req now that the credential
-	is removed from the cache using kdestroy --credential=
-
-	* kdc/ap-req.c: check that AP_OPTS_MUTUAL_REQUIRED matches, check
-	seqnumber
-
-	* kdc/Makefile.am: Build as-req.
-
-	* kdc/check-kdc.in: Sprinkel some as-req
-
-	* kdc/ap-req.c: simple test program checking that as ap-req/as-rep
-	exchange works
-	
-2006-04-25  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* {,kdc/,db/}.cvsignore: ignore Makefile.in
-
-	* kdc/check-kdc.in: Try to detect another KDC running.
-
-	* kdc/check-kdc.in: more tests regarding doing AS-REQ and TGS-REQ
-
-	* kdc/krb5.conf.in: krb5.conf template
-
-	* kdc/check-kdc.in: check that the keytab have the right kvno
-
-	* db/add-modify-delete.in: create a server too
-
-	* kdc/check-kdc.in: check kdc too
-
-	* db/Makefile.am: Add add-modify-delete
-
-	* db/add-modify-delete.in: basic kadmin tests
-
-	* Makefile.am: SUBDIRS += kdc
-
-	* kdc/check-kdc.in: Test framework for getting and checking
-	tickets, start kdc on localhost:8888.
-
-	* kdc/Makefile.am: Test framework for getting and checking
-	tickets.
-
-	* db/krb5.conf.in: log all message to local file
-
-	* db/Makefile.am: clean messages file
-	
-2006-01-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* db/krb5.conf.in: Set [libdefaults] default_realm = EXAMPLE.ORG.
-
-2005-11-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* db/loaddump-db.in: Specifify explicitly that the database is in
-	the current directory.
-
-2005-08-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* test loading and dumping of the database
diff --git a/crypto/heimdal/tests/Makefile.am b/crypto/heimdal/tests/Makefile.am
deleted file mode 100644
index 10035f0603c2..000000000000
--- a/crypto/heimdal/tests/Makefile.am
+++ /dev/null
@@ -1,11 +0,0 @@
-# $Id: Makefile.am 21418 2007-07-05 13:55:37Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-SUBDIRS = db kdc gss ldap can java
-
-if ENABLE_SHARED
-if HAVE_DLOPEN
-SUBDIRS += plugin
-endif
-endif
diff --git a/crypto/heimdal/tests/Makefile.in b/crypto/heimdal/tests/Makefile.in
deleted file mode 100644
index 68e5ed50e213..000000000000
--- a/crypto/heimdal/tests/Makefile.in
+++ /dev/null
@@ -1,816 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 21418 2007-07-05 13:55:37Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common ChangeLog
-@ENABLE_SHARED_TRUE@@HAVE_DLOPEN_TRUE@am__append_1 = plugin
-subdir = tests
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-SOURCES =
-DIST_SOURCES =
-RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
-	html-recursive info-recursive install-data-recursive \
-	install-dvi-recursive install-exec-recursive \
-	install-html-recursive install-info-recursive \
-	install-pdf-recursive install-ps-recursive install-recursive \
-	installcheck-recursive installdirs-recursive pdf-recursive \
-	ps-recursive uninstall-recursive
-RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive	\
-  distclean-recursive maintainer-clean-recursive
-ETAGS = etags
-CTAGS = ctags
-DIST_SUBDIRS = db kdc gss ldap can java plugin
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-SUBDIRS = db kdc gss ldap can java $(am__append_1)
-all: all-recursive
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps tests/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps tests/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-# This directory's subdirectories are mostly independent; you can cd
-# into them and run `make' without going through this Makefile.
-# To change the values of `make' variables: instead of editing Makefiles,
-# (1) if the variable is set in `config.status', edit `config.status'
-#     (which will cause the Makefiles to be regenerated when you run `make');
-# (2) otherwise, pass the desired values on the `make' command line.
-$(RECURSIVE_TARGETS):
-	@failcom='exit 1'; \
-	for f in x $$MAKEFLAGS; do \
-	  case $$f in \
-	    *=* | --[!k]*);; \
-	    *k*) failcom='fail=yes';; \
-	  esac; \
-	done; \
-	dot_seen=no; \
-	target=`echo $@ | sed s/-recursive//`; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    dot_seen=yes; \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	  || eval $$failcom; \
-	done; \
-	if test "$$dot_seen" = "no"; then \
-	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
-	fi; test -z "$$fail"
-
-$(RECURSIVE_CLEAN_TARGETS):
-	@failcom='exit 1'; \
-	for f in x $$MAKEFLAGS; do \
-	  case $$f in \
-	    *=* | --[!k]*);; \
-	    *k*) failcom='fail=yes';; \
-	  esac; \
-	done; \
-	dot_seen=no; \
-	case "$@" in \
-	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
-	  *) list='$(SUBDIRS)' ;; \
-	esac; \
-	rev=''; for subdir in $$list; do \
-	  if test "$$subdir" = "."; then :; else \
-	    rev="$$subdir $$rev"; \
-	  fi; \
-	done; \
-	rev="$$rev ."; \
-	target=`echo $@ | sed s/-recursive//`; \
-	for subdir in $$rev; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	  || eval $$failcom; \
-	done && test -z "$$fail"
-tags-recursive:
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
-	done
-ctags-recursive:
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
-	done
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
-	  include_option=--etags-include; \
-	  empty_fix=.; \
-	else \
-	  include_option=--include; \
-	  empty_fix=; \
-	fi; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test ! -f $$subdir/TAGS || \
-	      tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \
-	  fi; \
-	done; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS: ctags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test -d "$(distdir)/$$subdir" \
-	    || $(MKDIR_P) "$(distdir)/$$subdir" \
-	    || exit 1; \
-	    distdir=`$(am__cd) $(distdir) && pwd`; \
-	    top_distdir=`$(am__cd) $(top_distdir) && pwd`; \
-	    (cd $$subdir && \
-	      $(MAKE) $(AM_MAKEFLAGS) \
-	        top_distdir="$$top_distdir" \
-	        distdir="$$distdir/$$subdir" \
-		am__remove_distdir=: \
-		am__skip_length_check=: \
-	        distdir) \
-	      || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-recursive
-all-am: Makefile all-local
-installdirs: installdirs-recursive
-installdirs-am:
-install: install-recursive
-install-exec: install-exec-recursive
-install-data: install-data-recursive
-uninstall: uninstall-recursive
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-recursive
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-recursive
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-recursive
-	-rm -f Makefile
-distclean-am: clean-am distclean-generic distclean-tags
-
-dvi: dvi-recursive
-
-dvi-am:
-
-html: html-recursive
-
-info: info-recursive
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-recursive
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-recursive
-
-install-info: install-info-recursive
-
-install-man:
-
-install-pdf: install-pdf-recursive
-
-install-ps: install-ps-recursive
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-recursive
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-recursive
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-pdf: pdf-recursive
-
-pdf-am:
-
-ps: ps-recursive
-
-ps-am:
-
-uninstall-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \
-	install-data-am install-exec-am install-strip uninstall-am
-
-.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
-	all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool ctags ctags-recursive dist-hook \
-	distclean distclean-generic distclean-libtool distclean-tags \
-	distdir dvi dvi-am html html-am info info-am install \
-	install-am install-data install-data-am install-data-hook \
-	install-dvi install-dvi-am install-exec install-exec-am \
-	install-exec-hook install-html install-html-am install-info \
-	install-info-am install-man install-pdf install-pdf-am \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs installdirs-am maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-generic \
-	mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \
-	uninstall uninstall-am uninstall-hook
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/tests/can/Makefile.am b/crypto/heimdal/tests/can/Makefile.am
deleted file mode 100644
index 124074f07411..000000000000
--- a/crypto/heimdal/tests/can/Makefile.am
+++ /dev/null
@@ -1,56 +0,0 @@
-# $Id: Makefile.am 21017 2007-06-08 05:36:30Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-noinst_DATA = krb5.conf mit-pkinit-20070607.cf
-
-check_SCRIPTS = $(SCRIPT_TESTS) test_can
-
-SCRIPT_TESTS = check-can
-TESTS = $(SCRIPT_TESTS)
-
-port = 49188
-
-do_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \
-	-e 's,[@]port[@],$(port),g' \
-	-e 's,[@]objdir[@],$(top_builddir)/tests/can,g' \
-	-e 's,[@]EGREP[@],$(EGREP),g' 
-
-test_can: test_can.in Makefile
-	$(do_subst) < $(srcdir)/test_can.in > test_can.tmp
-	chmod +x test_can.tmp
-	mv test_can.tmp test_can
-
-check-can: check-can.in Makefile
-	$(do_subst) < $(srcdir)/check-can.in > check-can.tmp
-	chmod +x check-can.tmp
-	mv check-can.tmp check-can
-
-krb5.conf: krb5.conf.in Makefile
-	$(do_subst) < $(srcdir)/krb5.conf.in > krb5.conf.tmp
-	mv krb5.conf.tmp krb5.conf
-
-SUFFIXES += .xf .cf
-
-.xf.cf:
-	$(do_subst) < $< > $@.tmp
-	mv $@.tmp $@
-
-CLEANFILES= $(TESTS) *.tmp *.cf \
-	current-db* \
-	krb5.conf \
-	messages.log \
-	test_can
-
-EXTRA_DIST = \
-	apple-10.4.kadm \
-	apple-10.4.req \
-	check-can.in \
-	heim-0.8.kadm \
-	heim-0.8.req \
-	krb5.conf.in \
-	mit-pkinit-20070607.ca.crt \
-	mit-pkinit-20070607.kadm \
-	mit-pkinit-20070607.req \
-	mit-pkinit-20070607.xf \
-	test_can.in
diff --git a/crypto/heimdal/tests/can/Makefile.in b/crypto/heimdal/tests/can/Makefile.in
deleted file mode 100644
index 39cd641ab05d..000000000000
--- a/crypto/heimdal/tests/can/Makefile.in
+++ /dev/null
@@ -1,781 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 21017 2007-06-08 05:36:30Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common
-subdir = tests/can
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-SOURCES =
-DIST_SOURCES =
-DATA = $(noinst_DATA)
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .xf .cf
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-noinst_DATA = krb5.conf mit-pkinit-20070607.cf
-check_SCRIPTS = $(SCRIPT_TESTS) test_can
-SCRIPT_TESTS = check-can
-TESTS = $(SCRIPT_TESTS)
-port = 49188
-do_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \
-	-e 's,[@]port[@],$(port),g' \
-	-e 's,[@]objdir[@],$(top_builddir)/tests/can,g' \
-	-e 's,[@]EGREP[@],$(EGREP),g' 
-
-CLEANFILES = $(TESTS) *.tmp *.cf \
-	current-db* \
-	krb5.conf \
-	messages.log \
-	test_can
-
-EXTRA_DIST = \
-	apple-10.4.kadm \
-	apple-10.4.req \
-	check-can.in \
-	heim-0.8.kadm \
-	heim-0.8.req \
-	krb5.conf.in \
-	mit-pkinit-20070607.ca.crt \
-	mit-pkinit-20070607.kadm \
-	mit-pkinit-20070607.req \
-	mit-pkinit-20070607.xf \
-	test_can.in
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .xf .cf .c
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps tests/can/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps tests/can/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-tags: TAGS
-TAGS:
-
-ctags: CTAGS
-CTAGS:
-
-
-check-TESTS: $(TESTS)
-	@failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[	 ]'; \
-	srcdir=$(srcdir); export srcdir; \
-	list=' $(TESTS) '; \
-	if test -n "$$list"; then \
-	  for tst in $$list; do \
-	    if test -f ./$$tst; then dir=./; \
-	    elif test -f $$tst; then dir=; \
-	    else dir="$(srcdir)/"; fi; \
-	    if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xpass=`expr $$xpass + 1`; \
-		failed=`expr $$failed + 1`; \
-		echo "XPASS: $$tst"; \
-	      ;; \
-	      *) \
-		echo "PASS: $$tst"; \
-	      ;; \
-	      esac; \
-	    elif test $$? -ne 77; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xfail=`expr $$xfail + 1`; \
-		echo "XFAIL: $$tst"; \
-	      ;; \
-	      *) \
-		failed=`expr $$failed + 1`; \
-		echo "FAIL: $$tst"; \
-	      ;; \
-	      esac; \
-	    else \
-	      skip=`expr $$skip + 1`; \
-	      echo "SKIP: $$tst"; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    if test "$$xfail" -eq 0; then \
-	      banner="All $$all tests passed"; \
-	    else \
-	      banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
-	    fi; \
-	  else \
-	    if test "$$xpass" -eq 0; then \
-	      banner="$$failed of $$all tests failed"; \
-	    else \
-	      banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
-	    fi; \
-	  fi; \
-	  dashes="$$banner"; \
-	  skipped=""; \
-	  if test "$$skip" -ne 0; then \
-	    skipped="($$skip tests were not run)"; \
-	    test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$skipped"; \
-	  fi; \
-	  report=""; \
-	  if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
-	    report="Please report to $(PACKAGE_BUGREPORT)"; \
-	    test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$report"; \
-	  fi; \
-	  dashes=`echo "$$dashes" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  test -z "$$skipped" || echo "$$skipped"; \
-	  test -z "$$report" || echo "$$report"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	else :; fi
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) $(check_SCRIPTS)
-	$(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
-check: check-am
-all-am: Makefile $(DATA) all-local
-installdirs:
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-generic
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: all all-am all-local check check-TESTS check-am check-local \
-	clean clean-generic clean-libtool dist-hook distclean \
-	distclean-generic distclean-libtool distdir dvi dvi-am html \
-	html-am info info-am install install-am install-data \
-	install-data-am install-data-hook install-dvi install-dvi-am \
-	install-exec install-exec-am install-exec-hook install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-ps install-ps-am \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	uninstall uninstall-am uninstall-hook
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-test_can: test_can.in Makefile
-	$(do_subst) < $(srcdir)/test_can.in > test_can.tmp
-	chmod +x test_can.tmp
-	mv test_can.tmp test_can
-
-check-can: check-can.in Makefile
-	$(do_subst) < $(srcdir)/check-can.in > check-can.tmp
-	chmod +x check-can.tmp
-	mv check-can.tmp check-can
-
-krb5.conf: krb5.conf.in Makefile
-	$(do_subst) < $(srcdir)/krb5.conf.in > krb5.conf.tmp
-	mv krb5.conf.tmp krb5.conf
-
-.xf.cf:
-	$(do_subst) < $< > $@.tmp
-	mv $@.tmp $@
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/tests/can/apple-10.4.kadm b/crypto/heimdal/tests/can/apple-10.4.kadm
deleted file mode 100644
index a10904b04146..000000000000
--- a/crypto/heimdal/tests/can/apple-10.4.kadm
+++ /dev/null
@@ -1,4 +0,0 @@
-init --realm-max-ticket-life=1day --realm-max-renewable-life=1month TEST.H5L.SE
-cpw -p kaka krbtgt/TEST.H5L.SE@TEST.H5L.SE
-add -p foo --use-defaults foo@TEST.H5L.SE
-add -p foo --use-defaults bar@TEST.H5L.SE
diff --git a/crypto/heimdal/tests/can/apple-10.4.req b/crypto/heimdal/tests/can/apple-10.4.req
deleted file mode 100644
index 7acc80b369d1..000000000000
--- a/crypto/heimdal/tests/can/apple-10.4.req
+++ /dev/null
diff --git a/crypto/heimdal/tests/can/check-can.in b/crypto/heimdal/tests/can/check-can.in
deleted file mode 100644
index e5f3d71c7193..000000000000
--- a/crypto/heimdal/tests/can/check-can.in
+++ /dev/null
@@ -1,47 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2007 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: check-can.in 21033 2007-06-09 14:49:35Z lha $
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-
-# If there is no useful db support compile in, disable test
-../db/have-db || exit 77
-
-./test_can TEST.H5L.SE heim-0.8 || exit 1
-./test_can TEST.H5L.SE apple-10.4 || exit 1
-./test_can HEIMDAL.CITI.UMICH.EDU mit-pkinit-20070607 || exit 1
-
-exit 0
diff --git a/crypto/heimdal/tests/can/heim-0.8.kadm b/crypto/heimdal/tests/can/heim-0.8.kadm
deleted file mode 100644
index a10904b04146..000000000000
--- a/crypto/heimdal/tests/can/heim-0.8.kadm
+++ /dev/null
@@ -1,4 +0,0 @@
-init --realm-max-ticket-life=1day --realm-max-renewable-life=1month TEST.H5L.SE
-cpw -p kaka krbtgt/TEST.H5L.SE@TEST.H5L.SE
-add -p foo --use-defaults foo@TEST.H5L.SE
-add -p foo --use-defaults bar@TEST.H5L.SE
diff --git a/crypto/heimdal/tests/can/heim-0.8.req b/crypto/heimdal/tests/can/heim-0.8.req
deleted file mode 100644
index 43b3a68350bc..000000000000
--- a/crypto/heimdal/tests/can/heim-0.8.req
+++ /dev/null
diff --git a/crypto/heimdal/tests/can/krb5.conf.in b/crypto/heimdal/tests/can/krb5.conf.in
deleted file mode 100644
index e8aa7e7e138a..000000000000
--- a/crypto/heimdal/tests/can/krb5.conf.in
+++ /dev/null
@@ -1,24 +0,0 @@
-# $Id: krb5.conf.in 20965 2007-06-07 06:03:29Z lha $
-
-[libdefaults]
-	default_realm = TEST.H5L.SE
-	no-addresses = TRUE
-
-[appdefaults]
-	pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt
-
-[realms]
-	TEST.H5L.SE = {
-		kdc = localhost:@port@
-	}
-
-[kdc]
-	database = {
-		dbname = @objdir@/current-db
-		realm = TEST.H5L.SE
-		mkey_file = @objdir@/mkey.file
-	}
-
-[logging]
-	kdc = 0-/FILE:@objdir@/messages.log
-	default = 0-/FILE:@objdir@/messages.log
diff --git a/crypto/heimdal/tests/can/mit-pkinit-20070607.ca.crt b/crypto/heimdal/tests/can/mit-pkinit-20070607.ca.crt
deleted file mode 100644
index 5874788d7fa6..000000000000
--- a/crypto/heimdal/tests/can/mit-pkinit-20070607.ca.crt
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID4zCCAsugAwIBAgICNOswDQYJKoZIhvcNAQEFBQAwczELMAkGA1UEBhMCVVMx
-ETAPBgNVBAgTCE1pY2hpZ2FuMRIwEAYDVQQHEwlBbm4gQXJib3IxHzAdBgNVBAoT
-FlVuaXZlcnNpdHkgb2YgTWljaGlnYW4xHDAaBgNVBAMTE0NJVEkgUHJvZHVjdGlv
-biBLQ0EwHhcNMDYxMDEzMTYxNTIyWhcNMTYxMDEyMTYxNTIyWjBzMQswCQYDVQQG
-EwJVUzERMA8GA1UECBMITWljaGlnYW4xEjAQBgNVBAcTCUFubiBBcmJvcjEfMB0G
-A1UEChMWVW5pdmVyc2l0eSBvZiBNaWNoaWdhbjEcMBoGA1UEAxMTQ0lUSSBQcm9k
-dWN0aW9uIEtDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM85fWVD
-rneI9CM9NvpSw1PO571/8RhBiY1p0hMFi9ppD4Xaztswz0nrCEpuAhtXUxF+H6CS
-aAXFLiY/SQhj3JGpVw3yPE2CeGtmcMjDDxOW5Raw0XwbK/BdgYFg/AU5FH7RtOV7
-pnhBlk5oJt0VJyJs+NNw4+V2IqODRvX88AR6dDAd8TpbZJEdgoGU+LHaC6cha6WU
-p6nmjVx0TLUvIa16NFZGs44bNIIt7cI6zil/dM76881APTbYcB8hGqQJiphqX6ff
-HI3uiHclK2rOZufRqhn0NJNWDCrK55PXQX67UmKBLqAsoFSJDPD+cBIUXtVeFLGs
-uJYK8F9FaN3r9XsCAwEAAaOBgDB+MA8GA1UdEwQIMAYBAf8CAQAwEQYJYIZIAYb4
-QgEBBAQDAgAHMAsGA1UdDwQEAwIBhjAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBH
-ZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFGXMLAou01gvxxcJc+Tvat/T
-QHwwMA0GCSqGSIb3DQEBBQUAA4IBAQC99gg/E230FPGmDaP4YecmtSSGOnD+jJ+A
-sPcJKaeS3dOGDTngKCzzQZ4nl7LYRSj5DWZTTrlrKfbc6GiUE0n/K/+GBvL/kjOV
-qZsyGNfepscVe6mPz43NoNztf/1j+0QQcioHHHtAq/YFPBp1VdYsOsB+IE+g8RVi
-EDjsvmR/++s9zX5fGuVvN7RNwLFrxfqcPFZCUG8pkIHbBPRhRV/aOKHGMcThNrtC
-9cZ8xaDwhP0fdSUVESGFj+MMQCAp8YZvypJuHTYX7Ng4OMdCOPPg4Kk1ycOGAcYe
-o/m7ICx1md6Va9zEfwqmrXVxGaT0I23lI9H9sv+ugvZ3v5iedhO/
------END CERTIFICATE-----
diff --git a/crypto/heimdal/tests/can/mit-pkinit-20070607.kadm b/crypto/heimdal/tests/can/mit-pkinit-20070607.kadm
deleted file mode 100644
index 6a23c67a928c..000000000000
--- a/crypto/heimdal/tests/can/mit-pkinit-20070607.kadm
+++ /dev/null
@@ -1,3 +0,0 @@
-init --realm-max-ticket-life=1day --realm-max-renewable-life=1month HEIMDAL.CITI.UMICH.EDU
-cpw -p kaka krbtgt/HEIMDAL.CITI.UMICH.EDU@HEIMDAL.CITI.UMICH.EDU
-add -p foo --use-defaults aglo@HEIMDAL.CITI.UMICH.EDU
diff --git a/crypto/heimdal/tests/can/mit-pkinit-20070607.req b/crypto/heimdal/tests/can/mit-pkinit-20070607.req
deleted file mode 100644
index 652bbcfff629..000000000000
--- a/crypto/heimdal/tests/can/mit-pkinit-20070607.req
+++ /dev/null
diff --git a/crypto/heimdal/tests/can/mit-pkinit-20070607.xf b/crypto/heimdal/tests/can/mit-pkinit-20070607.xf
deleted file mode 100644
index bcb74083d5f0..000000000000
--- a/crypto/heimdal/tests/can/mit-pkinit-20070607.xf
+++ /dev/null
@@ -1,28 +0,0 @@
-# $Id: mit-pkinit-20070607.xf 20992 2007-06-07 21:46:13Z lha $
-
-[libdefaults]
-	default_realm = HEIMDAL.CITI.UMICH.EDU
-	no-addresses = TRUE
-
-[appdefaults]
-	pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt
-
-[realms]
-	TEST.H5L.SE = {
-		kdc = localhost:@port@
-	}
-
-[kdc]
-	enable-pkinit = yes
-	pkinit_identity = FILE:@srcdir@/../../lib/hx509/data/kdc.crt,@srcdir@/../../lib/hx509/data/kdc.key
-	pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt,@srcdir@/mit-pkinit-20070607.ca.crt
-
-	database = {
-		dbname = @objdir@/current-db
-		realm = HEIMDAL.CITI.UMICH.EDU
-		mkey_file = @objdir@/mkey.file
-	}
-
-[logging]
-	kdc = 0-/FILE:@objdir@/messages.log
-	default = 0-/FILE:@objdir@/messages.log
diff --git a/crypto/heimdal/tests/can/test_can.in b/crypto/heimdal/tests/can/test_can.in
deleted file mode 100644
index a59215734089..000000000000
--- a/crypto/heimdal/tests/can/test_can.in
+++ /dev/null
@@ -1,79 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2007 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: test_can.in 21164 2007-06-19 00:04:43Z lha $
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-EGREP="@EGREP@"
-
-R=$1
-tst=$2
-
-if [ ! -f ${srcdir}/${tst}.req ] ; then
-    echo "${tst}.req missing"
-fi
-if [ ! -f ${srcdir}/${tst}.kadm ] ; then
-    echo "${tst}.kadm missing"
-fi
-
-port=@port@
-
-kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
-replay="${TESTS_ENVIRONMENT} ../../kdc/kdc-replay"
-
-if [ -f ${objdir}/${tst}.cf ]; then
-    KRB5_CONFIG="${objdir}/${tst}.cf"
-else
-    KRB5_CONFIG="${objdir}/krb5.conf"
-fi
-export KRB5_CONFIG
-
-rm -f ${keytabfile}
-rm -f current-db*
-rm -f out-*
-rm -f mkey.file*
-
-echo "Load database for ${tst}"
-while read x ; do
-    ${kadmin} $x || exit 1
-done < ${srcdir}/${tst}.kadm || exit 1
-
-echo "Doing database check"
-${kadmin} check ${R} || exit 1
-
-> messages.log
-${replay} ${srcdir}/${tst}.req || { cat messages.log ; exit 1; }
-
-exit 0
diff --git a/crypto/heimdal/tests/db/Makefile.am b/crypto/heimdal/tests/db/Makefile.am
deleted file mode 100644
index 8e519d348348..000000000000
--- a/crypto/heimdal/tests/db/Makefile.am
+++ /dev/null
@@ -1,66 +0,0 @@
-# $Id: Makefile.am 20599 2007-05-08 02:48:22Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-noinst_DATA = krb5.conf
-
-noinst_SCRIPTS = have-db
-
-check_SCRIPTS = loaddump-db add-modify-delete check-dbinfo
-
-TESTS = $(check_SCRIPTS) 
-
-do_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \
-	-e 's,[@]objdir[@],$(top_builddir)/tests/db,g' \
-	-e 's,[@]EGREP[@],$(EGREP),g' 
-
-loaddump-db: loaddump-db.in Makefile
-	$(do_subst) < $(srcdir)/loaddump-db.in > loaddump-db.tmp
-	chmod +x loaddump-db.tmp
-	mv loaddump-db.tmp loaddump-db
-
-add-modify-delete: add-modify-delete.in Makefile
-	$(do_subst) < $(srcdir)/add-modify-delete.in > add-modify-delete.tmp
-	chmod +x add-modify-delete.tmp
-	mv add-modify-delete.tmp add-modify-delete
-
-check-dbinfo: check-dbinfo.in Makefile
-	$(do_subst) < $(srcdir)/check-dbinfo.in > check-dbinfo.tmp
-	chmod +x check-dbinfo.tmp
-	mv check-dbinfo.tmp check-dbinfo
-
-have-db: have-db.in Makefile
-	$(do_subst) < $(srcdir)/have-db.in > have-db.tmp
-	chmod +x have-db.tmp
-	mv have-db.tmp have-db
-
-krb5.conf: krb5.conf.in Makefile
-	$(do_subst) < $(srcdir)/krb5.conf.in > krb5.conf.tmp
-	mv krb5.conf.tmp krb5.conf
-
-
-CLEANFILES= \
-	$(TESTS) \
-	have-db \
-	db-dump* \
-	dbinfo.out \
-	current-db* \
-	out-text-dump* \
-	out-current-* \
-	mkey.file* \
-	krb5.conf krb5.conf.tmp \
-	tempfile \
-	log.current-db* \
-	messages.log
-
-EXTRA_DIST = \
-	check-dbinfo.in \
-	loaddump-db.in \
-	add-modify-delete.in \
-	have-db.in \
-	krb5.conf.in \
-	text-dump-0.7 \
-	text-dump-known-ext \
-	text-dump-no-ext \
-	text-dump-unknown-ext
-
diff --git a/crypto/heimdal/tests/db/Makefile.in b/crypto/heimdal/tests/db/Makefile.in
deleted file mode 100644
index 8616bab7b1cd..000000000000
--- a/crypto/heimdal/tests/db/Makefile.in
+++ /dev/null
@@ -1,793 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 20599 2007-05-08 02:48:22Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common
-subdir = tests/db
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-SCRIPTS = $(noinst_SCRIPTS)
-depcomp =
-am__depfiles_maybe =
-SOURCES =
-DIST_SOURCES =
-DATA = $(noinst_DATA)
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-noinst_DATA = krb5.conf
-noinst_SCRIPTS = have-db
-check_SCRIPTS = loaddump-db add-modify-delete check-dbinfo
-TESTS = $(check_SCRIPTS) 
-do_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \
-	-e 's,[@]objdir[@],$(top_builddir)/tests/db,g' \
-	-e 's,[@]EGREP[@],$(EGREP),g' 
-
-CLEANFILES = \
-	$(TESTS) \
-	have-db \
-	db-dump* \
-	dbinfo.out \
-	current-db* \
-	out-text-dump* \
-	out-current-* \
-	mkey.file* \
-	krb5.conf krb5.conf.tmp \
-	tempfile \
-	log.current-db* \
-	messages.log
-
-EXTRA_DIST = \
-	check-dbinfo.in \
-	loaddump-db.in \
-	add-modify-delete.in \
-	have-db.in \
-	krb5.conf.in \
-	text-dump-0.7 \
-	text-dump-known-ext \
-	text-dump-no-ext \
-	text-dump-unknown-ext
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps tests/db/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps tests/db/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-tags: TAGS
-TAGS:
-
-ctags: CTAGS
-CTAGS:
-
-
-check-TESTS: $(TESTS)
-	@failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[	 ]'; \
-	srcdir=$(srcdir); export srcdir; \
-	list=' $(TESTS) '; \
-	if test -n "$$list"; then \
-	  for tst in $$list; do \
-	    if test -f ./$$tst; then dir=./; \
-	    elif test -f $$tst; then dir=; \
-	    else dir="$(srcdir)/"; fi; \
-	    if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xpass=`expr $$xpass + 1`; \
-		failed=`expr $$failed + 1`; \
-		echo "XPASS: $$tst"; \
-	      ;; \
-	      *) \
-		echo "PASS: $$tst"; \
-	      ;; \
-	      esac; \
-	    elif test $$? -ne 77; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xfail=`expr $$xfail + 1`; \
-		echo "XFAIL: $$tst"; \
-	      ;; \
-	      *) \
-		failed=`expr $$failed + 1`; \
-		echo "FAIL: $$tst"; \
-	      ;; \
-	      esac; \
-	    else \
-	      skip=`expr $$skip + 1`; \
-	      echo "SKIP: $$tst"; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    if test "$$xfail" -eq 0; then \
-	      banner="All $$all tests passed"; \
-	    else \
-	      banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
-	    fi; \
-	  else \
-	    if test "$$xpass" -eq 0; then \
-	      banner="$$failed of $$all tests failed"; \
-	    else \
-	      banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
-	    fi; \
-	  fi; \
-	  dashes="$$banner"; \
-	  skipped=""; \
-	  if test "$$skip" -ne 0; then \
-	    skipped="($$skip tests were not run)"; \
-	    test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$skipped"; \
-	  fi; \
-	  report=""; \
-	  if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
-	    report="Please report to $(PACKAGE_BUGREPORT)"; \
-	    test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$report"; \
-	  fi; \
-	  dashes=`echo "$$dashes" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  test -z "$$skipped" || echo "$$skipped"; \
-	  test -z "$$report" || echo "$$report"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	else :; fi
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) $(check_SCRIPTS)
-	$(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
-check: check-am
-all-am: Makefile $(SCRIPTS) $(DATA) all-local
-installdirs:
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-generic
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: all all-am all-local check check-TESTS check-am check-local \
-	clean clean-generic clean-libtool dist-hook distclean \
-	distclean-generic distclean-libtool distdir dvi dvi-am html \
-	html-am info info-am install install-am install-data \
-	install-data-am install-data-hook install-dvi install-dvi-am \
-	install-exec install-exec-am install-exec-hook install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-ps install-ps-am \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	uninstall uninstall-am uninstall-hook
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-loaddump-db: loaddump-db.in Makefile
-	$(do_subst) < $(srcdir)/loaddump-db.in > loaddump-db.tmp
-	chmod +x loaddump-db.tmp
-	mv loaddump-db.tmp loaddump-db
-
-add-modify-delete: add-modify-delete.in Makefile
-	$(do_subst) < $(srcdir)/add-modify-delete.in > add-modify-delete.tmp
-	chmod +x add-modify-delete.tmp
-	mv add-modify-delete.tmp add-modify-delete
-
-check-dbinfo: check-dbinfo.in Makefile
-	$(do_subst) < $(srcdir)/check-dbinfo.in > check-dbinfo.tmp
-	chmod +x check-dbinfo.tmp
-	mv check-dbinfo.tmp check-dbinfo
-
-have-db: have-db.in Makefile
-	$(do_subst) < $(srcdir)/have-db.in > have-db.tmp
-	chmod +x have-db.tmp
-	mv have-db.tmp have-db
-
-krb5.conf: krb5.conf.in Makefile
-	$(do_subst) < $(srcdir)/krb5.conf.in > krb5.conf.tmp
-	mv krb5.conf.tmp krb5.conf
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/tests/db/add-modify-delete.in b/crypto/heimdal/tests/db/add-modify-delete.in
deleted file mode 100644
index b05a698149e0..000000000000
--- a/crypto/heimdal/tests/db/add-modify-delete.in
+++ /dev/null
@@ -1,137 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2006 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: add-modify-delete.in 20606 2007-05-08 06:28:09Z lha $
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-EGREP="@EGREP@"
-
-# If there is no useful db support compile in, disable test
-./have-db || exit 77
-
-R=EXAMPLE.ORG
-
-kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
-iproplog="${TESTS_ENVIRONMENT} ../../lib/kadm5/iprop-log"
-
-KRB5_CONFIG="${objdir}/krb5.conf"
-export KRB5_CONFIG
-
-rm -f current-db*
-rm -f log.current-db*
-rm -f out-*
-rm -f mkey.file*
-
-echo init database
-${kadmin} \
-    init \
-    --realm-max-ticket-life=1day \
-    --realm-max-renewable-life=1month \
-    EXAMPLE.ORG || exit 1
-
-echo test add
-${kadmin} add -r --use-defaults foo || exit 1
-${kadmin} list '*' > /dev/null || exit 1
-${kadmin} list '*' | ${EGREP} '^foo$' > /dev/null || exit 1
-
-echo "test add (double)"
-${kadmin} add -r --use-defaults foo 2>/dev/null && exit 1
-
-echo test rename
-${kadmin} rename foo bar
-${kadmin} list '*' | ${EGREP} '^foo$' > /dev/null && exit 1
-${kadmin} list '*' | ${EGREP} '^bar$' > /dev/null || exit 1
-
-echo test delete
-${kadmin} delete bar || exit 1
-${kadmin} list '*' | ${EGREP} '^bar$' > /dev/null && exit 1
-
-echo "test delete (double)"
-${kadmin} delete bar 2> /dev/null && exit 1
-
-echo "creating sample user"
-${kadmin} add -r --use-defaults foo  || exit 1
-${kadmin} get foo > tempfile  || exit 1
-echo checking principal
-${EGREP} " *Principal: foo@EXAMPLE.ORG$" tempfile > /dev/null || exit 1
-echo checking kvno
-${EGREP} " *Kvno: 1$" tempfile > /dev/null || exit 1
-echo checking failed login count
-${EGREP} " *Failed login count: 0$" tempfile > /dev/null || exit 1
-echo checking modifier
-${EGREP} " *Modifier: kadmin/admin@EXAMPLE.ORG$" tempfile > /dev/null || exit 1
-echo checking attributes
-${EGREP} " *Attributes: $" tempfile > /dev/null || exit 1
-echo checking renew time
-${EGREP} " *Max renewable life: 1 week$" tempfile > /dev/null || exit 1
-
-echo modifing renewable-life
-${kadmin} modify --max-renewable-life=2months foo
-echo checking renew time
-${kadmin} get foo > tempfile  || exit 1
-${EGREP} " *Max renewable life: 2 months$" tempfile > /dev/null || exit 1
-
-echo "creating sample server"
-${kadmin} add -r --use-defaults host/datan.example.org  || exit 1
-${kadmin} get host/datan.example.org > tempfile  || exit 1
-echo checking principal
-${EGREP} " *Principal: host/datan.example.org@EXAMPLE.ORG$" tempfile > /dev/null || exit 1
-echo checking kvno
-${EGREP} " *Kvno: 1$" tempfile > /dev/null || exit 1
-
-echo "iprop-log dump"
-${iproplog} dump > /dev/null || exit 1
-echo "iprop-log last-version"
-${iproplog} last-version > /dev/null || exit 1
-
-echo "check iprop replay"
-
-${kadmin} dump out-current-db  || exit 1
-sort out-current-db > out-current-db-sort 
-
-rm -f current-db*
-
-echo "replaying"
-${iproplog} replay > /dev/null || exit 1
-
-${kadmin} dump out-current-db2  || exit 1
-sort out-current-db2 > out-current-db2-sort 
-
-# XXX database should really be the same afterward... :(
-# cmp out-current-db-sort out-current-db2-sort || exit 1
-
-
-
-exit 0
diff --git a/crypto/heimdal/tests/db/check-dbinfo.in b/crypto/heimdal/tests/db/check-dbinfo.in
deleted file mode 100644
index 718806045d24..000000000000
--- a/crypto/heimdal/tests/db/check-dbinfo.in
+++ /dev/null
@@ -1,45 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2007 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: check-dbinfo.in 20537 2007-04-23 08:00:04Z lha $
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-
-KRB5_CONFIG="${objdir}/krb5.conf"
-export KRB5_CONFIG
-
-../../lib/hdb/test_dbinfo > dbinfo.out || exit 1
-
-exit 0
diff --git a/crypto/heimdal/tests/db/have-db.in b/crypto/heimdal/tests/db/have-db.in
deleted file mode 100644
index a6c373d92af6..000000000000
--- a/crypto/heimdal/tests/db/have-db.in
+++ /dev/null
@@ -1,60 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2006 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: have-db.in 18579 2006-10-19 06:51:48Z lha $
-#
-
-srcdir="@srcdir@"
-base=`dirname "$0"`
-
-kdc="${base}/../../kdc/kdc"
-
-list=`${kdc} --builtin-hdb | sed 's/^builtin hdb backends: //'`
-oldIFS="$IFS"
-IPS=,
-set - ${list}
-IFS="$oldIFS"
-
-while [ $# != 0 ] ; do
-    case $1 in
-    db:*) exit 0 ;;
-    ndbm:*) exit 0 ;;
-    gdbm:*) exit 0 ;;
-    db4:*) exit 0 ;;
-    db3:*) exit 0 ;;
-    ldb:*) exit 0 ;;
-    esac
-    shift
-done
-
-exit 1
-\ No newline at end of file
diff --git a/crypto/heimdal/tests/db/krb5.conf.in b/crypto/heimdal/tests/db/krb5.conf.in
deleted file mode 100644
index 446db316cf3e..000000000000
--- a/crypto/heimdal/tests/db/krb5.conf.in
+++ /dev/null
@@ -1,28 +0,0 @@
-[libdefaults]
-	default_realm = EXAMPLE.ORG
-
-[realms]
-	EXAMPLE.ORG = {
-		kdc = localhost
-	}
-
-[kdc]
-	database = {
-		label = {
-			realm = LABEL.TEST.H5L.SE
-			dbname = @objdir@/label-db
-			mkey_file = @objdir@/mkey.file
-		}
-		label2 = {
-			dbname = @objdir@/lable2-db
-			realm = LABEL2.TEST.H5L.SE
-			mkey_file = @objdir@/mkey2.file
-		}
-		dbname = @objdir@/current-db
-		realm = EXAMPLE.ORG
-		mkey_file = @objdir@/mkey.file
-		log_file = @objdir@/log.current-db.log
-	}
-
-[logging]
-	default = 0-/FILE:@objdir@/messages.log
diff --git a/crypto/heimdal/tests/db/loaddump-db.in b/crypto/heimdal/tests/db/loaddump-db.in
deleted file mode 100644
index 1116e956b9ea..000000000000
--- a/crypto/heimdal/tests/db/loaddump-db.in
+++ /dev/null
@@ -1,132 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2005 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: loaddump-db.in 20500 2007-04-21 21:48:17Z lha $
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-
-# If there is no useful db support compile in, disable test
-./have-db || exit 77
-
-R=EXAMPLE.ORG
-
-kadmin="../../kadmin/kadmin -l -r $R"
-kstash="../../kdc/kstash"
-hprop="../../kdc/hprop"
-hpropd="../../kdc/hpropd"
-
-propdb="${hprop} --database=./current-db -n"
-propddb="${hpropd} --database=./current-db -n"
-
-
-KRB5_CONFIG="${objdir}/krb5.conf"
-export KRB5_CONFIG
-
-rm -f current-db*
-rm -f out-*
-rm -f mkey.file*
-
-${kadmin} \
-    init \
-    --realm-max-ticket-life=1day \
-    --realm-max-renewable-life=1month \
-    EXAMPLE.ORG || exit 1
-
-# check that we can dump and load ourself
-${kadmin} dump out-current-db  || exit 1
-sort out-current-db > out-current-db-sort 
-${kadmin} load out-current-db  || exit 1
-${kadmin} dump out-current-db2  || exit 1
-sort out-current-db2 > out-current-db2-sort 
-cmp out-current-db-sort out-current-db2-sort || exit 1
-
-rm -f current-db*
-
-# check with no extentions
-${kadmin} load ${srcdir}/text-dump-0.7  || exit 1
-${propdb} > db-dump.tmp|| exit 1
-rm -f current-db*
-${propddb} < db-dump.tmp || exit 1
-${kadmin} dump | sort | sed 's/[0-9]* -$//' > out-text-dump-0.7  || exit 1
-sort < ${srcdir}/text-dump-0.7 | \
-    sed 's/[0-9]*$//' > out-text-dump-0.7-orig  || exit 1
-cmp out-text-dump-0.7-orig out-text-dump-0.7 || exit 1
-
-# check with no extentions
-${kadmin} load ${srcdir}/text-dump-no-ext  || exit 1
-${propdb} > db-dump.tmp || exit 1
-${propddb} < db-dump.tmp || exit 1
-${kadmin} dump | sort | \
-    awk '{$11=""; print;}' > out-text-dump-no-ext  || exit 1
-sort < ${srcdir}/text-dump-no-ext | \
-    awk '{$11=""; print;}' > out-text-dump-no-ext-orig || exit 1
-cmp out-text-dump-no-ext-orig out-text-dump-no-ext || exit 1
-
-# check with known extentions
-${kadmin} load ${srcdir}/text-dump-known-ext  || exit 1
-${propdb} > db-dump.tmp || exit 1
-${propddb} < db-dump.tmp || exit 1
-${kadmin} dump | sort | \
-    awk '{$11=""; print;}' > out-text-dump-known-ext  || exit 1
-sort < ${srcdir}/text-dump-known-ext | \
-    awk '{$11=""; print;}' > out-text-dump-known-ext-orig || exit 1
-cmp out-text-dump-known-ext-orig out-text-dump-known-ext || exit 1
-
-# check with unknown extentions
-${kadmin} load ${srcdir}/text-dump-unknown-ext  || exit 1
-${propdb} > db-dump.tmp || exit 1
-${propddb} < db-dump.tmp || exit 1
-${kadmin} dump | sort | \
-    awk '{$11=""; print;}' > out-text-dump-unknown-ext  || exit 1
-sort < ${srcdir}/text-dump-unknown-ext | \
-    awk '{$11=""; print;}' > out-text-dump-unknown-ext-orig || exit 1
-cmp out-text-dump-unknown-ext-orig out-text-dump-unknown-ext || exit 1
-
-${kstash} -e aes256-cts-hmac-sha1-96 --random-key -k ./mkey.file >/dev/null 2>/dev/null || exit 1
-
-# remove masterkey
-${kadmin} load ${srcdir}/text-dump-0.7  || exit 1
-${propdb} > db-dump.tmp|| exit 1
-${propddb} < db-dump.tmp || exit 1
-${propdb} -m mkey.file -D > db-dump.tmp || exit 1
-mv mkey.file mkey.file.no || exit 1
-${propddb} < db-dump.tmp || exit 1
-${kadmin} dump | sort | \
-    awk '{$11=""; print;}' > out-text-dump-0.7  || exit 1
-sort < ${srcdir}/text-dump-unknown-ext | \
-    awk '{$11=""; print;}' > out-text-dump-0.7-orig || exit 1
-cmp out-text-dump-0.7 out-text-dump-0.7-orig || exit 1
-
-exit 0
diff --git a/crypto/heimdal/tests/db/text-dump-0.7 b/crypto/heimdal/tests/db/text-dump-0.7
deleted file mode 100644
index 4aff11dde71c..000000000000
--- a/crypto/heimdal/tests/db/text-dump-0.7
+++ /dev/null
@@ -1,7 +0,0 @@
-changepw/kerberos@EXAMPLE.ORG 1::3:2376E6A4C1D5456D:-::2:2376E6A4C1D5456D:-::1:2376E6A4C1D5456D:-::18:39C3D293A6B0CEE734C7874764A8B5449F348AC00A6EA94F7451D07BE31EF239:-::16:108373F74F105875DCCE866B160886C7BC6780E526D0DAEA:-::23:D279B73431AA349F63594EA800397195:- 20050728203748:kadmin/admin@EXAMPLE.ORG 20050728203748:kadmin/admin@EXAMPLE.ORG - - - 3600 3600 639 20050728203748:743456:2
-default@EXAMPLE.ORG 0::3:3B2A671585E93D6B:3/"EXAMPLE.ORGdefault"::2:3B2A671585E93D6B:3/"EXAMPLE.ORGdefault"::1:3B2A671585E93D6B:3/"EXAMPLE.ORGdefault"::18:AF401411D3F29C204611A9BA1EF54AEDEC43A01B0123C57B994B2EE104E7F127:3/"EXAMPLE.ORGdefault"::16:02401CAD7A92760E464025760BCD3BE5DF616DD5A798C719:3/"EXAMPLE.ORGdefault"::23:31D6CFE0D16AE931B73C59D7E0C089C0:3/"EXAMPLE.ORGdefault" 20050728203748:kadmin/admin@EXAMPLE.ORG - - - - 86400 604800 254 20050728203748:863727:0
-kadmin/admin@EXAMPLE.ORG 1::3:2FCD23DCC2C726CE:-::2:2FCD23DCC2C726CE:-::1:2FCD23DCC2C726CE:-::18:1675F5E5BAD61428DE51F7C8EDCD53F23426D90F4F0BB4F9C73514D317E0482A:-::16:C79D6B0879B6ABADCE4A9B436B5B4A4F792679CDBC7F5D10:-::23:265C712FED225A85567BAF8CD9A4C4ED:- 20050728203748:kadmin/admin@EXAMPLE.ORG 20050728203748:kadmin/admin@EXAMPLE.ORG - - - 3600 3600 382 20050728203748:682995:2
-kadmin/changepw@EXAMPLE.ORG 1::3:57A132CB9D7F4F37:-::2:57A132CB9D7F4F37:-::1:57A132CB9D7F4F37:-::18:B8252C9E3EC99969053631C238BBF88A0AAA082A8F1C4ED8D1729170C79519B8:-::16:10CE89987A1FD0986E6D836DB3F473E04C648C34F17CBCE3:-::23:A6D2BCA6F54B1C1AA5E875F116EEDE82:- 20050728203748:kadmin/admin@EXAMPLE.ORG 20050728203748:kadmin/admin@EXAMPLE.ORG - - - 300 300 867 20050728203748:623022:2
-kadmin/hprop@EXAMPLE.ORG 1::3:76DC5751EFE52931:-::2:76DC5751EFE52931:-::1:76DC5751EFE52931:-::18:9B4D02F7D74790AB929E607BE5940CFF66801C237840EE968FDEFD7ED1387350:-::16:4CD575703D197F2991D5233704BAE379DF4FFBE616256762:-::23:E3D49F7E3462823492F33FAD8F0A754F:- 20050728203748:kadmin/admin@EXAMPLE.ORG 20050728203748:kadmin/admin@EXAMPLE.ORG - - - 3600 3600 383 20050728203748:803541:2
-krbtgt/EXAMPLE.ORG@EXAMPLE.ORG 1::3:C219830E0E73DCEC:-::2:C219830E0E73DCEC:-::1:C219830E0E73DCEC:-::18:56CD702EE58B6EF4CAF758DA0BA1B92B21EFC1D2E9FCC0785009BC391F8571B8:-::16:29E9A2F45B2561D5B592C1070708B94A894AE046D091CE7C:-::23:30A2FB86CDC17B4EC625DC66C47AAF37:- 20050728203748:kadmin/admin@EXAMPLE.ORG 20050728203748:kadmin/admin@EXAMPLE.ORG - - - 86400 2592000 126 20050728203748:560639:2
-lha@EXAMPLE.ORG 1::3:80AB08A261D6A82F:3/"EXAMPLE.ORGlha"::2:80AB08A261D6A82F:3/"EXAMPLE.ORGlha"::1:80AB08A261D6A82F:3/"EXAMPLE.ORGlha"::18:96653BEA5A46E5DF97D535C6C49F007E02F0E56B21F498C14F8C014871FE9889:3/"EXAMPLE.ORGlha"::16:7545202640A81304AE987F231FCB1F625D02CE7FF8A4ABEA:3/"EXAMPLE.ORGlha"::23:AC8E657F83DF82BEEA5D43BDAF7800CC:3/"EXAMPLE.ORGlha" 20050728203752:kadmin/admin@EXAMPLE.ORG 20050728203758:kadmin/admin@EXAMPLE.ORG - - - 86400 604800 126 20050728203752:988968:1
diff --git a/crypto/heimdal/tests/db/text-dump-known-ext b/crypto/heimdal/tests/db/text-dump-known-ext
deleted file mode 100644
index 8c3649c643bb..000000000000
--- a/crypto/heimdal/tests/db/text-dump-known-ext
+++ /dev/null
@@ -1,7 +0,0 @@
-changepw/kerberos@EXAMPLE.ORG 1::3:2376E6A4C1D5456D:-::2:2376E6A4C1D5456D:-::1:2376E6A4C1D5456D:-::18:39C3D293A6B0CEE734C7874764A8B5449F348AC00A6EA94F7451D07BE31EF239:-::16:108373F74F105875DCCE866B160886C7BC6780E526D0DAEA:-::23:D279B73431AA349F63594EA800397195:- 20050728203748:kadmin/admin@EXAMPLE.ORG 20050728203748:kadmin/admin@EXAMPLE.ORG - - - 3600 3600 639 20050728203748:743456:2 -
-default@EXAMPLE.ORG 0::3:3B2A671585E93D6B:3/"EXAMPLE.ORGdefault"::2:3B2A671585E93D6B:3/"EXAMPLE.ORGdefault"::1:3B2A671585E93D6B:3/"EXAMPLE.ORGdefault"::18:AF401411D3F29C204611A9BA1EF54AEDEC43A01B0123C57B994B2EE104E7F127:3/"EXAMPLE.ORGdefault"::16:02401CAD7A92760E464025760BCD3BE5DF616DD5A798C719:3/"EXAMPLE.ORGdefault"::23:31D6CFE0D16AE931B73C59D7E0C089C0:3/"EXAMPLE.ORGdefault" 20050728203748:kadmin/admin@EXAMPLE.ORG - - - - 86400 604800 254 20050728203748:863727:0 -
-kadmin/admin@EXAMPLE.ORG 1::3:2FCD23DCC2C726CE:-::2:2FCD23DCC2C726CE:-::1:2FCD23DCC2C726CE:-::18:1675F5E5BAD61428DE51F7C8EDCD53F23426D90F4F0BB4F9C73514D317E0482A:-::16:C79D6B0879B6ABADCE4A9B436B5B4A4F792679CDBC7F5D10:-::23:265C712FED225A85567BAF8CD9A4C4ED:- 20050728203748:kadmin/admin@EXAMPLE.ORG 20050728203748:kadmin/admin@EXAMPLE.ORG - - - 3600 3600 382 20050728203748:682995:2 -
-kadmin/changepw@EXAMPLE.ORG 1::3:57A132CB9D7F4F37:-::2:57A132CB9D7F4F37:-::1:57A132CB9D7F4F37:-::18:B8252C9E3EC99969053631C238BBF88A0AAA082A8F1C4ED8D1729170C79519B8:-::16:10CE89987A1FD0986E6D836DB3F473E04C648C34F17CBCE3:-::23:A6D2BCA6F54B1C1AA5E875F116EEDE82:- 20050728203748:kadmin/admin@EXAMPLE.ORG 20050728203748:kadmin/admin@EXAMPLE.ORG - - - 300 300 867 20050728203748:623022:2 -
-kadmin/hprop@EXAMPLE.ORG 1::3:76DC5751EFE52931:-::2:76DC5751EFE52931:-::1:76DC5751EFE52931:-::18:9B4D02F7D74790AB929E607BE5940CFF66801C237840EE968FDEFD7ED1387350:-::16:4CD575703D197F2991D5233704BAE379DF4FFBE616256762:-::23:E3D49F7E3462823492F33FAD8F0A754F:- 20050728203748:kadmin/admin@EXAMPLE.ORG 20050728203748:kadmin/admin@EXAMPLE.ORG - - - 3600 3600 383 20050728203748:803541:2 -
-krbtgt/EXAMPLE.ORG@EXAMPLE.ORG 1::3:C219830E0E73DCEC:-::2:C219830E0E73DCEC:-::1:C219830E0E73DCEC:-::18:56CD702EE58B6EF4CAF758DA0BA1B92B21EFC1D2E9FCC0785009BC391F8571B8:-::16:29E9A2F45B2561D5B592C1070708B94A894AE046D091CE7C:-::23:30A2FB86CDC17B4EC625DC66C47AAF37:- 20050728203748:kadmin/admin@EXAMPLE.ORG 20050728203748:kadmin/admin@EXAMPLE.ORG - - - 86400 2592000 126 20050728203748:560639:2 -
-lha@EXAMPLE.ORG 1::3:80AB08A261D6A82F:3/"EXAMPLE.ORGlha"::2:80AB08A261D6A82F:3/"EXAMPLE.ORGlha"::1:80AB08A261D6A82F:3/"EXAMPLE.ORGlha"::18:96653BEA5A46E5DF97D535C6C49F007E02F0E56B21F498C14F8C014871FE9889:3/"EXAMPLE.ORGlha"::16:7545202640A81304AE987F231FCB1F625D02CE7FF8A4ABEA:3/"EXAMPLE.ORGlha"::23:AC8E657F83DF82BEEA5D43BDAF7800CC:3/"EXAMPLE.ORGlha" 20050728203752:kadmin/admin@EXAMPLE.ORG 20050728203758:kadmin/admin@EXAMPLE.ORG - - - 86400 604800 126 20050728203752:988968:1 -
diff --git a/crypto/heimdal/tests/db/text-dump-no-ext b/crypto/heimdal/tests/db/text-dump-no-ext
deleted file mode 100644
index 8c3649c643bb..000000000000
--- a/crypto/heimdal/tests/db/text-dump-no-ext
+++ /dev/null
@@ -1,7 +0,0 @@
-changepw/kerberos@EXAMPLE.ORG 1::3:2376E6A4C1D5456D:-::2:2376E6A4C1D5456D:-::1:2376E6A4C1D5456D:-::18:39C3D293A6B0CEE734C7874764A8B5449F348AC00A6EA94F7451D07BE31EF239:-::16:108373F74F105875DCCE866B160886C7BC6780E526D0DAEA:-::23:D279B73431AA349F63594EA800397195:- 20050728203748:kadmin/admin@EXAMPLE.ORG 20050728203748:kadmin/admin@EXAMPLE.ORG - - - 3600 3600 639 20050728203748:743456:2 -
-default@EXAMPLE.ORG 0::3:3B2A671585E93D6B:3/"EXAMPLE.ORGdefault"::2:3B2A671585E93D6B:3/"EXAMPLE.ORGdefault"::1:3B2A671585E93D6B:3/"EXAMPLE.ORGdefault"::18:AF401411D3F29C204611A9BA1EF54AEDEC43A01B0123C57B994B2EE104E7F127:3/"EXAMPLE.ORGdefault"::16:02401CAD7A92760E464025760BCD3BE5DF616DD5A798C719:3/"EXAMPLE.ORGdefault"::23:31D6CFE0D16AE931B73C59D7E0C089C0:3/"EXAMPLE.ORGdefault" 20050728203748:kadmin/admin@EXAMPLE.ORG - - - - 86400 604800 254 20050728203748:863727:0 -
-kadmin/admin@EXAMPLE.ORG 1::3:2FCD23DCC2C726CE:-::2:2FCD23DCC2C726CE:-::1:2FCD23DCC2C726CE:-::18:1675F5E5BAD61428DE51F7C8EDCD53F23426D90F4F0BB4F9C73514D317E0482A:-::16:C79D6B0879B6ABADCE4A9B436B5B4A4F792679CDBC7F5D10:-::23:265C712FED225A85567BAF8CD9A4C4ED:- 20050728203748:kadmin/admin@EXAMPLE.ORG 20050728203748:kadmin/admin@EXAMPLE.ORG - - - 3600 3600 382 20050728203748:682995:2 -
-kadmin/changepw@EXAMPLE.ORG 1::3:57A132CB9D7F4F37:-::2:57A132CB9D7F4F37:-::1:57A132CB9D7F4F37:-::18:B8252C9E3EC99969053631C238BBF88A0AAA082A8F1C4ED8D1729170C79519B8:-::16:10CE89987A1FD0986E6D836DB3F473E04C648C34F17CBCE3:-::23:A6D2BCA6F54B1C1AA5E875F116EEDE82:- 20050728203748:kadmin/admin@EXAMPLE.ORG 20050728203748:kadmin/admin@EXAMPLE.ORG - - - 300 300 867 20050728203748:623022:2 -
-kadmin/hprop@EXAMPLE.ORG 1::3:76DC5751EFE52931:-::2:76DC5751EFE52931:-::1:76DC5751EFE52931:-::18:9B4D02F7D74790AB929E607BE5940CFF66801C237840EE968FDEFD7ED1387350:-::16:4CD575703D197F2991D5233704BAE379DF4FFBE616256762:-::23:E3D49F7E3462823492F33FAD8F0A754F:- 20050728203748:kadmin/admin@EXAMPLE.ORG 20050728203748:kadmin/admin@EXAMPLE.ORG - - - 3600 3600 383 20050728203748:803541:2 -
-krbtgt/EXAMPLE.ORG@EXAMPLE.ORG 1::3:C219830E0E73DCEC:-::2:C219830E0E73DCEC:-::1:C219830E0E73DCEC:-::18:56CD702EE58B6EF4CAF758DA0BA1B92B21EFC1D2E9FCC0785009BC391F8571B8:-::16:29E9A2F45B2561D5B592C1070708B94A894AE046D091CE7C:-::23:30A2FB86CDC17B4EC625DC66C47AAF37:- 20050728203748:kadmin/admin@EXAMPLE.ORG 20050728203748:kadmin/admin@EXAMPLE.ORG - - - 86400 2592000 126 20050728203748:560639:2 -
-lha@EXAMPLE.ORG 1::3:80AB08A261D6A82F:3/"EXAMPLE.ORGlha"::2:80AB08A261D6A82F:3/"EXAMPLE.ORGlha"::1:80AB08A261D6A82F:3/"EXAMPLE.ORGlha"::18:96653BEA5A46E5DF97D535C6C49F007E02F0E56B21F498C14F8C014871FE9889:3/"EXAMPLE.ORGlha"::16:7545202640A81304AE987F231FCB1F625D02CE7FF8A4ABEA:3/"EXAMPLE.ORGlha"::23:AC8E657F83DF82BEEA5D43BDAF7800CC:3/"EXAMPLE.ORGlha" 20050728203752:kadmin/admin@EXAMPLE.ORG 20050728203758:kadmin/admin@EXAMPLE.ORG - - - 86400 604800 126 20050728203752:988968:1 -
diff --git a/crypto/heimdal/tests/db/text-dump-unknown-ext b/crypto/heimdal/tests/db/text-dump-unknown-ext
deleted file mode 100644
index 8c3649c643bb..000000000000
--- a/crypto/heimdal/tests/db/text-dump-unknown-ext
+++ /dev/null
@@ -1,7 +0,0 @@
-changepw/kerberos@EXAMPLE.ORG 1::3:2376E6A4C1D5456D:-::2:2376E6A4C1D5456D:-::1:2376E6A4C1D5456D:-::18:39C3D293A6B0CEE734C7874764A8B5449F348AC00A6EA94F7451D07BE31EF239:-::16:108373F74F105875DCCE866B160886C7BC6780E526D0DAEA:-::23:D279B73431AA349F63594EA800397195:- 20050728203748:kadmin/admin@EXAMPLE.ORG 20050728203748:kadmin/admin@EXAMPLE.ORG - - - 3600 3600 639 20050728203748:743456:2 -
-default@EXAMPLE.ORG 0::3:3B2A671585E93D6B:3/"EXAMPLE.ORGdefault"::2:3B2A671585E93D6B:3/"EXAMPLE.ORGdefault"::1:3B2A671585E93D6B:3/"EXAMPLE.ORGdefault"::18:AF401411D3F29C204611A9BA1EF54AEDEC43A01B0123C57B994B2EE104E7F127:3/"EXAMPLE.ORGdefault"::16:02401CAD7A92760E464025760BCD3BE5DF616DD5A798C719:3/"EXAMPLE.ORGdefault"::23:31D6CFE0D16AE931B73C59D7E0C089C0:3/"EXAMPLE.ORGdefault" 20050728203748:kadmin/admin@EXAMPLE.ORG - - - - 86400 604800 254 20050728203748:863727:0 -
-kadmin/admin@EXAMPLE.ORG 1::3:2FCD23DCC2C726CE:-::2:2FCD23DCC2C726CE:-::1:2FCD23DCC2C726CE:-::18:1675F5E5BAD61428DE51F7C8EDCD53F23426D90F4F0BB4F9C73514D317E0482A:-::16:C79D6B0879B6ABADCE4A9B436B5B4A4F792679CDBC7F5D10:-::23:265C712FED225A85567BAF8CD9A4C4ED:- 20050728203748:kadmin/admin@EXAMPLE.ORG 20050728203748:kadmin/admin@EXAMPLE.ORG - - - 3600 3600 382 20050728203748:682995:2 -
-kadmin/changepw@EXAMPLE.ORG 1::3:57A132CB9D7F4F37:-::2:57A132CB9D7F4F37:-::1:57A132CB9D7F4F37:-::18:B8252C9E3EC99969053631C238BBF88A0AAA082A8F1C4ED8D1729170C79519B8:-::16:10CE89987A1FD0986E6D836DB3F473E04C648C34F17CBCE3:-::23:A6D2BCA6F54B1C1AA5E875F116EEDE82:- 20050728203748:kadmin/admin@EXAMPLE.ORG 20050728203748:kadmin/admin@EXAMPLE.ORG - - - 300 300 867 20050728203748:623022:2 -
-kadmin/hprop@EXAMPLE.ORG 1::3:76DC5751EFE52931:-::2:76DC5751EFE52931:-::1:76DC5751EFE52931:-::18:9B4D02F7D74790AB929E607BE5940CFF66801C237840EE968FDEFD7ED1387350:-::16:4CD575703D197F2991D5233704BAE379DF4FFBE616256762:-::23:E3D49F7E3462823492F33FAD8F0A754F:- 20050728203748:kadmin/admin@EXAMPLE.ORG 20050728203748:kadmin/admin@EXAMPLE.ORG - - - 3600 3600 383 20050728203748:803541:2 -
-krbtgt/EXAMPLE.ORG@EXAMPLE.ORG 1::3:C219830E0E73DCEC:-::2:C219830E0E73DCEC:-::1:C219830E0E73DCEC:-::18:56CD702EE58B6EF4CAF758DA0BA1B92B21EFC1D2E9FCC0785009BC391F8571B8:-::16:29E9A2F45B2561D5B592C1070708B94A894AE046D091CE7C:-::23:30A2FB86CDC17B4EC625DC66C47AAF37:- 20050728203748:kadmin/admin@EXAMPLE.ORG 20050728203748:kadmin/admin@EXAMPLE.ORG - - - 86400 2592000 126 20050728203748:560639:2 -
-lha@EXAMPLE.ORG 1::3:80AB08A261D6A82F:3/"EXAMPLE.ORGlha"::2:80AB08A261D6A82F:3/"EXAMPLE.ORGlha"::1:80AB08A261D6A82F:3/"EXAMPLE.ORGlha"::18:96653BEA5A46E5DF97D535C6C49F007E02F0E56B21F498C14F8C014871FE9889:3/"EXAMPLE.ORGlha"::16:7545202640A81304AE987F231FCB1F625D02CE7FF8A4ABEA:3/"EXAMPLE.ORGlha"::23:AC8E657F83DF82BEEA5D43BDAF7800CC:3/"EXAMPLE.ORGlha" 20050728203752:kadmin/admin@EXAMPLE.ORG 20050728203758:kadmin/admin@EXAMPLE.ORG - - - 86400 604800 126 20050728203752:988968:1 -
diff --git a/crypto/heimdal/tests/gss/Makefile.am b/crypto/heimdal/tests/gss/Makefile.am
deleted file mode 100644
index 5a752d0b5a74..000000000000
--- a/crypto/heimdal/tests/gss/Makefile.am
+++ /dev/null
@@ -1,78 +0,0 @@
-# $Id: Makefile.am 20513 2007-04-22 10:23:27Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-noinst_DATA = krb5.conf
-
-SCRIPT_TESTS = check-gss check-gssmask check-context check-spnego check-ntlm
-
-TESTS = $(SCRIPT_TESTS)
-
-check_SCRIPTS = $(SCRIPT_TESTS)
-
-port = 49188
-
-do_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \
-	-e 's,[@]port[@],$(port),g' \
-	-e 's,[@]objdir[@],$(top_builddir)/tests/gss,g'
-
-check-gss: check-gss.in Makefile
-	$(do_subst) < $(srcdir)/check-gss.in > check-gss.tmp
-	chmod +x check-gss.tmp
-	mv check-gss.tmp check-gss
-
-check-gssmask: check-gssmask.in Makefile
-	$(do_subst) < $(srcdir)/check-gssmask.in > check-gssmask.tmp
-	chmod +x check-gssmask.tmp
-	mv check-gssmask.tmp check-gssmask
-
-check-context: check-context.in Makefile
-	$(do_subst) < $(srcdir)/check-context.in > check-context.tmp
-	chmod +x check-context.tmp
-	mv check-context.tmp check-context
-
-check-spnego: check-spnego.in Makefile
-	$(do_subst) < $(srcdir)/check-spnego.in > check-spnego.tmp
-	chmod +x check-spnego.tmp
-	mv check-spnego.tmp check-spnego
-
-check-basic: check-basic.in Makefile
-	$(do_subst) < $(srcdir)/check-basic.in > check-basic.tmp
-	chmod +x check-basic.tmp
-	mv check-basic.tmp check-basic
-
-check-ntlm: check-ntlm.in Makefile
-	$(do_subst) < $(srcdir)/check-ntlm.in > check-ntlm.tmp
-	chmod +x check-ntlm.tmp
-	mv check-ntlm.tmp check-ntlm
-
-krb5.conf: krb5.conf.in Makefile
-	$(do_subst) < $(srcdir)/krb5.conf.in > krb5.conf.tmp
-	mv krb5.conf.tmp krb5.conf
-
-CLEANFILES= \
-	$(TESTS) \
-	foopassword \
-	barpassword \
-	krb5ccfile \
-	krb5ccfile-ds \
-	server.keytab \
-	krb5.conf \
-	current-db* \
-	*.log \
-	check-basic.tmp \
-	check-gss.tmp \
-	check-gssmask.tmp \
-	check-spnego.tmp \
-	check-ntlm.tmp \
-	check-context.tmp
-
-EXTRA_DIST = \
-	check-basic.in \
-	check-gss.in \
-	check-gssmask.in \
-	check-spnego.in \
-	check-ntlm.in \
-	check-context.in \
-	ntlm-user-file.txt \
-	krb5.conf.in
diff --git a/crypto/heimdal/tests/gss/Makefile.in b/crypto/heimdal/tests/gss/Makefile.in
deleted file mode 100644
index bffae6cd1770..000000000000
--- a/crypto/heimdal/tests/gss/Makefile.in
+++ /dev/null
@@ -1,804 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 20513 2007-04-22 10:23:27Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common
-subdir = tests/gss
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-SOURCES =
-DIST_SOURCES =
-DATA = $(noinst_DATA)
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-noinst_DATA = krb5.conf
-SCRIPT_TESTS = check-gss check-gssmask check-context check-spnego check-ntlm
-TESTS = $(SCRIPT_TESTS)
-check_SCRIPTS = $(SCRIPT_TESTS)
-port = 49188
-do_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \
-	-e 's,[@]port[@],$(port),g' \
-	-e 's,[@]objdir[@],$(top_builddir)/tests/gss,g'
-
-CLEANFILES = \
-	$(TESTS) \
-	foopassword \
-	barpassword \
-	krb5ccfile \
-	krb5ccfile-ds \
-	server.keytab \
-	krb5.conf \
-	current-db* \
-	*.log \
-	check-basic.tmp \
-	check-gss.tmp \
-	check-gssmask.tmp \
-	check-spnego.tmp \
-	check-ntlm.tmp \
-	check-context.tmp
-
-EXTRA_DIST = \
-	check-basic.in \
-	check-gss.in \
-	check-gssmask.in \
-	check-spnego.in \
-	check-ntlm.in \
-	check-context.in \
-	ntlm-user-file.txt \
-	krb5.conf.in
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps tests/gss/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps tests/gss/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-tags: TAGS
-TAGS:
-
-ctags: CTAGS
-CTAGS:
-
-
-check-TESTS: $(TESTS)
-	@failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[	 ]'; \
-	srcdir=$(srcdir); export srcdir; \
-	list=' $(TESTS) '; \
-	if test -n "$$list"; then \
-	  for tst in $$list; do \
-	    if test -f ./$$tst; then dir=./; \
-	    elif test -f $$tst; then dir=; \
-	    else dir="$(srcdir)/"; fi; \
-	    if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xpass=`expr $$xpass + 1`; \
-		failed=`expr $$failed + 1`; \
-		echo "XPASS: $$tst"; \
-	      ;; \
-	      *) \
-		echo "PASS: $$tst"; \
-	      ;; \
-	      esac; \
-	    elif test $$? -ne 77; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xfail=`expr $$xfail + 1`; \
-		echo "XFAIL: $$tst"; \
-	      ;; \
-	      *) \
-		failed=`expr $$failed + 1`; \
-		echo "FAIL: $$tst"; \
-	      ;; \
-	      esac; \
-	    else \
-	      skip=`expr $$skip + 1`; \
-	      echo "SKIP: $$tst"; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    if test "$$xfail" -eq 0; then \
-	      banner="All $$all tests passed"; \
-	    else \
-	      banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
-	    fi; \
-	  else \
-	    if test "$$xpass" -eq 0; then \
-	      banner="$$failed of $$all tests failed"; \
-	    else \
-	      banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
-	    fi; \
-	  fi; \
-	  dashes="$$banner"; \
-	  skipped=""; \
-	  if test "$$skip" -ne 0; then \
-	    skipped="($$skip tests were not run)"; \
-	    test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$skipped"; \
-	  fi; \
-	  report=""; \
-	  if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
-	    report="Please report to $(PACKAGE_BUGREPORT)"; \
-	    test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$report"; \
-	  fi; \
-	  dashes=`echo "$$dashes" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  test -z "$$skipped" || echo "$$skipped"; \
-	  test -z "$$report" || echo "$$report"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	else :; fi
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) $(check_SCRIPTS)
-	$(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
-check: check-am
-all-am: Makefile $(DATA) all-local
-installdirs:
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-generic
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: all all-am all-local check check-TESTS check-am check-local \
-	clean clean-generic clean-libtool dist-hook distclean \
-	distclean-generic distclean-libtool distdir dvi dvi-am html \
-	html-am info info-am install install-am install-data \
-	install-data-am install-data-hook install-dvi install-dvi-am \
-	install-exec install-exec-am install-exec-hook install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-ps install-ps-am \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	uninstall uninstall-am uninstall-hook
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-check-gss: check-gss.in Makefile
-	$(do_subst) < $(srcdir)/check-gss.in > check-gss.tmp
-	chmod +x check-gss.tmp
-	mv check-gss.tmp check-gss
-
-check-gssmask: check-gssmask.in Makefile
-	$(do_subst) < $(srcdir)/check-gssmask.in > check-gssmask.tmp
-	chmod +x check-gssmask.tmp
-	mv check-gssmask.tmp check-gssmask
-
-check-context: check-context.in Makefile
-	$(do_subst) < $(srcdir)/check-context.in > check-context.tmp
-	chmod +x check-context.tmp
-	mv check-context.tmp check-context
-
-check-spnego: check-spnego.in Makefile
-	$(do_subst) < $(srcdir)/check-spnego.in > check-spnego.tmp
-	chmod +x check-spnego.tmp
-	mv check-spnego.tmp check-spnego
-
-check-basic: check-basic.in Makefile
-	$(do_subst) < $(srcdir)/check-basic.in > check-basic.tmp
-	chmod +x check-basic.tmp
-	mv check-basic.tmp check-basic
-
-check-ntlm: check-ntlm.in Makefile
-	$(do_subst) < $(srcdir)/check-ntlm.in > check-ntlm.tmp
-	chmod +x check-ntlm.tmp
-	mv check-ntlm.tmp check-ntlm
-
-krb5.conf: krb5.conf.in Makefile
-	$(do_subst) < $(srcdir)/krb5.conf.in > krb5.conf.tmp
-	mv krb5.conf.tmp krb5.conf
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/tests/gss/check-basic.in b/crypto/heimdal/tests/gss/check-basic.in
deleted file mode 100644
index b6b95f60cde1..000000000000
--- a/crypto/heimdal/tests/gss/check-basic.in
+++ /dev/null
@@ -1,156 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2007 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id$
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-
-# If there is no useful db support compile in, disable test
-../db/have-db || exit 77
-
-R=TEST.H5L.SE
-
-port=@port@
-
-keytabfile=${objdir}/server.keytab
-keytab="FILE:${keytabfile}"
-nokeytab="FILE:no-such-keytab"
-cache="FILE:krb5ccfile"
-nocache="FILE:no-such-cache"
-
-kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache --no-afslog"
-kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
-kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port"
-
-acquire_cred="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_acquire_cred"
-test_kcred="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_kcred"
-
-KRB5_CONFIG="${objdir}/krb5.conf"
-export KRB5_CONFIG
-
-KRB5_KTNAME="${keytab}"
-export KRB5_KTNAME
-KRB5CCNAME="${cache}"
-export KRB5CCNAME
-
-rm -f ${keytabfile}
-rm -f current-db*
-rm -f out-*
-rm -f mkey.file*
-
-> messages.log
-
-echo Creating database
-${kadmin} \
-    init \
-    --realm-max-ticket-life=1day \
-    --realm-max-renewable-life=1month \
-    ${R} || exit 1
-
-echo upw > ${objdir}/foopassword
-
-${kadmin} add -p upw --use-defaults user@${R} || exit 1
-${kadmin} add -p upw --use-defaults another@${R} || exit 1
-${kadmin} add -p p1 --use-defaults host/host.test.h5l.se@${R} || exit 1
-${kadmin} ext -k ${keytab} host/host.test.h5l.se@${R} || exit 1
-
-echo "Doing database check"
-${kadmin} check ${R} || exit 1
-
-echo Starting kdc
-${kdc} &
-kdcpid=$!
-
-sh ${srcdir}/../kdc/wait-kdc.sh
-if [ "$?" != 0 ] ; then
-    kill ${kdcpid}
-    exit 1
-fi
-
-trap "kill ${kdcpid}; echo signal killing kdc; exit 1;" EXIT
-
-exitcode=0
-
-echo "initial ticket"
-${kinit} --password-file=${objdir}/foopassword user@${R} || exitcode=1
-
-echo "keytab"
-${acquire_cred} \
-    --acquire-type=accept \
-    --acquire-name=host@host.test.h5l.se || exit 1
-echo "keytab w/o name"
-${acquire_cred} \
-    --acquire-type=accept || exit 1
-echo "keytab w/ wrong name"
-${acquire_cred} \
-    --acquire-type=accept \
-    --acquire-name=host@host2.test.h5l.se 2>/dev/null && exit 1
-echo "init using keytab"
-${acquire_cred} \
-    --acquire-type=initiate \
-    --acquire-name=host@host.test.h5l.se || exit 1
-echo "init using existing cc"
-${acquire_cred} \
-    --name-type=user-name \
-    --acquire-type=initiate \
-    --acquire-name=user || exit 1
-
-KRB5CCNAME=${nocache}
-
-echo "fail init using existing cc"
-${acquire_cred} \
-    --name-type=user-name \
-    --acquire-type=initiate \
-    --acquire-name=user 2>/dev/null && exit 1
-
-echo "use gss_krb5_ccache_name"
-${acquire_cred} \
-    --name-type=user-name \
-    --ccache=${cache} \
-    --acquire-type=initiate \
-    --acquire-name=user >/dev/null || exit 1
-
-KRB5CCNAME=${cache}
-KRB5_KTNAME=${nokeytab}
-
-echo "kcred"
-${test_kcred} || exit 1
-
-trap "" EXIT
-
-echo "killing kdc (${kdcpid})"
-kill ${kdcpid} 2> /dev/null
-
-exit $exitcode
diff --git a/crypto/heimdal/tests/gss/check-context.in b/crypto/heimdal/tests/gss/check-context.in
deleted file mode 100644
index 1a25a248a959..000000000000
--- a/crypto/heimdal/tests/gss/check-context.in
+++ /dev/null
@@ -1,188 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2006 - 2008 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: check-context.in 22425 2008-01-13 09:46:01Z lha $
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-
-# If there is no useful db support compile in, disable test
-../db/have-db || exit 77
-
-R=TEST.H5L.SE
-
-port=@port@
-
-keytabfile=${objdir}/server.keytab
-keytab="FILE:${keytabfile}"
-cache="FILE:krb5ccfile"
-
-kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache --no-afslog"
-kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
-kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port"
-
-context="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_context"
-
-KRB5_CONFIG="${objdir}/krb5.conf"
-export KRB5_CONFIG
-
-KRB5CCNAME=${cache}
-export KRB5CCNAME
-
-rm -f ${keytabfile}
-rm -f current-db*
-rm -f out-*
-rm -f mkey.file*
-
-> messages.log
-
-echo Creating database
-${kadmin} \
-    init \
-    --realm-max-ticket-life=1day \
-    --realm-max-renewable-life=1month \
-    ${R} || exit 1
-
-# add both lucid and lucid.test.h5l.se to simulate aliases
-${kadmin} add -p p1 --use-defaults host/lucid.test.h5l.se@${R} || exit 1
-${kadmin} ext -k ${keytab} host/lucid.test.h5l.se@${R} || exit 1
-${kadmin} add -p p1 --use-defaults host/lucid@${R} || exit 1
-${kadmin} ext -k ${keytab} host/lucid@${R} || exit 1
-${kadmin} add -p kaka --use-defaults digest/${R}@${R} || exit 1
-
-${kadmin} add -p u1 --use-defaults user1@${R} || exit 1
-
-echo "Doing database check"
-${kadmin} check ${R} || exit 1
-
-echo u1 > ${objdir}/foopassword
-
-echo Starting kdc
-${kdc} &
-kdcpid=$!
-
-sh ${srcdir}/../kdc/wait-kdc.sh
-if [ "$?" != 0 ] ; then
-    kill ${kdcpid}
-    exit 1
-fi
-
-trap "kill ${kdcpid}; echo signal killing kdc; exit 1;" EXIT
-
-exitcode=0
-
-echo "Getting client initial tickets"
-${kinit} --password-file=${objdir}/foopassword user1@${R} || exitcode=1
-
-echo "======test naming combinations"
-echo "plain"
-${context} --name-type=hostbased-service host@lucid.test.h5l.se || \
-	{ exitcode=1 ; echo test failed; }
-echo "plain (krb5)"
-${context} --name-type=krb5-principal-name host/lucid.test.h5l.se@${R} || \
-	{ exitcode=1 ; echo test failed; }
-echo "plain (krb5 realmless)"
-${context} --name-type=krb5-principal-name host/lucid.test.h5l.se || \
-	{ exitcode=1 ; echo test failed; }
-echo "dns canon on (long name) OFF, need dns_wrapper"
-#${context} --dns-canon host@lucid.test.h5l.se || \
-#	{ exitcode=1 ; echo test failed; }
-echo "dns canon off (long name)"
-${context} --no-dns-canon host@lucid.test.h5l.se || \
-	{ exitcode=1 ; echo test failed; }
-echo "dns canon off (short name)"
-${context} --no-dns-canon host@lucid || \
-	{ exitcode=1 ; echo test failed; }
-echo "dns canon off (short name, krb5)"
-${context}  --no-dns-canon --name-type=krb5-principal-name host/lucid@${R} || \
-	{ exitcode=1 ; echo test failed; }
-echo "dns canon off (short name, krb5)"
-${context}  --no-dns-canon --name-type=krb5-principal-name host/lucid || \
-	{ exitcode=1 ; echo test failed; }
-
-echo "======test context building"
-for mech in krb5 spnego ; do
-	echo "${mech} no-mutual"
-	${context} --mech-type=${mech} \
-	    --name-type=hostbased-service host@lucid.test.h5l.se || \
-		{ exitcode=1 ; echo test failed; }
-
-	echo "${mech} mutual"
-	${context} --mech-type=${mech} \
-	    --mutual \
-	    --name-type=hostbased-service host@lucid.test.h5l.se || \
-		{ exitcode=1 ; echo test failed; }
-
-	echo "${mech} delegate"
-	${context} --mech-type=${mech} \
-	    --delegate \
-	    --name-type=hostbased-service host@lucid.test.h5l.se || \
-		{ exitcode=1 ; echo test failed; }
-
-	echo "${mech} mutual delegate"
-	${context} --mech-type=${mech} \
-	    --mutual --delegate \
-	    --name-type=hostbased-service host@lucid.test.h5l.se || \
-		{ exitcode=1 ; echo test failed; }
-done
-
-#add spnego !
-echo "======dce-style"
-for mech in krb5 ; do
-
-	echo "${mech}: dce-style"
-	${context} \
-	    --mech-type=${mech} \
-	    --mutual \
-	    --dce-style \
-	    --name-type=hostbased-service host@lucid.test.h5l.se || \
-	    { exitcode=1 ; echo test failed; }
-
-done
-
-#echo "sasl-digest-md5"
-#${context}  --mech-type=sasl-digest-md5 \
-#    --name-type=hostbased-service \
-#    host@lucid.test.h5l.se || \
-#	{ exitcode=1 ; echo test failed; }
-
-
-trap "" EXIT
-
-echo "killing kdc (${kdcpid})"
-kill ${kdcpid} 2> /dev/null
-
-exit $exitcode
-
-
diff --git a/crypto/heimdal/tests/gss/check-gss.in b/crypto/heimdal/tests/gss/check-gss.in
deleted file mode 100644
index e023c2b26542..000000000000
--- a/crypto/heimdal/tests/gss/check-gss.in
+++ /dev/null
@@ -1,45 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2006 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: check-gss.in 18389 2006-10-10 09:30:20Z lha $
-#
-
-objdir="@objdir@"
-gssdir="${objdir}/../../lib/gssapi"
-
-${TESTS_ENVIRONMENT} ${gssdir}/gss help > /dev/null || exit 1
-${TESTS_ENVIRONMENT} ${gssdir}/gss supported-mechanisms > /dev/null || exit 1
-
-exit 0
-
-
diff --git a/crypto/heimdal/tests/gss/check-gssmask.in b/crypto/heimdal/tests/gss/check-gssmask.in
deleted file mode 100644
index 8b72af4f46a9..000000000000
--- a/crypto/heimdal/tests/gss/check-gssmask.in
+++ /dev/null
@@ -1,133 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2006 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: check-gssmask.in 21845 2007-08-08 06:54:48Z lha $
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-
-# If there is no useful db support compile in, disable test
-../db/have-db || exit 77
-
-R=TEST.H5L.SE
-
-port=@port@
-
-kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
-kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port"
-keytabfile=${objdir}/server.keytab
-keytab="FILE:${keytabfile}"
-
-gssmask="${TESTS_ENVIRONMENT} ../../appl/gssmask/gssmask"
-gssmaskn1="${gssmask} -p 8889 --spn=host/n1.test.h5l.se@${R} --logfile=n1.log"
-gssmaskn2="${gssmask} -p 8890 --spn=host/n2.test.h5l.se@${R} --logfile=n2.log"
-gssmaskn3="${gssmask} -p 8891 --spn=host/n3.test.h5l.se@${R} --logfile=n3.log"
-gssmaestro="../../appl/gssmask/gssmaestro"
-
-KRB5_CONFIG="${objdir}/krb5.conf"
-export KRB5_CONFIG
-
-rm -f ${keytabfile}
-rm -f current-db*
-rm -f out-*
-rm -f mkey.file*
-
-> messages.log
-
-echo Creating database
-${kadmin} \
-    init \
-    --realm-max-ticket-life=1day \
-    --realm-max-renewable-life=1month \
-    ${R} || exit 1
-
-${kadmin} add -p p1 --use-defaults host/n1.test.h5l.se@${R} || exit 1
-${kadmin} add -p p2 --use-defaults host/n2.test.h5l.se@${R} || exit 1
-${kadmin} add -p p3 --use-defaults host/n3.test.h5l.se@${R} || exit 1
-${kadmin} ext -k ${keytab} host/n1.test.h5l.se@${R} || exit 1
-${kadmin} ext -k ${keytab} host/n2.test.h5l.se@${R} || exit 1
-${kadmin} ext -k ${keytab} host/n3.test.h5l.se@${R} || exit 1
-
-${kadmin} add -p u1 --use-defaults user1@${R} || exit 1
-
-echo "Doing database check"
-${kadmin} check ${R} || exit 1
-
-echo Starting kdc
-${kdc} &
-kdcpid=$!
-
-sh ${srcdir}/../kdc/wait-kdc.sh
-if [ "$?" != 0 ] ; then
-    kill ${kdcpid}
-    exit 1
-fi
-
-trap "kill ${kdcpid}; echo signal killing kdc; exit 1;" EXIT
-
-exitcode=0
-
-echo "Starting client 1"
-${gssmaskn1} --moniker=n1 &
-n1pid=$!
-#echo $n1pid
-#xterm -display :0 -e g ${gssmaskn1} &
-#read x
-
-echo "Starting client 2"
-${gssmaskn2} --moniker=n2 &
-n2pid=$!
-
-echo "Starting client 3"
-${gssmaskn3} --moniker=n3 &
-n3pid=$!
-
-trap "kill ${kdcpid} ${n1pid} ${n2pid} ${n3pid} 2> /dev/null; echo signal killing kdc and maskar; exit 1;" EXIT
-
-sleep 10
-
-${gssmaestro} \
-    --slaves=localhost:8889 \
-    --slaves=localhost:8890 \
-    --slaves=localhost:8891 \
-    --principals=user1@${R}:u1 || exitcode=1
-
-trap "" EXIT
-
-echo "killing kdc and clients (${kdcpid}, ${n1pid}, ${n2pid}, ${n3pid})"
-kill ${kdcpid} ${n1pid} ${n2pid} ${n3pid} 2> /dev/null
-
-exit $exitcode
-
-
diff --git a/crypto/heimdal/tests/gss/check-ntlm.in b/crypto/heimdal/tests/gss/check-ntlm.in
deleted file mode 100644
index a724d2dcbea2..000000000000
--- a/crypto/heimdal/tests/gss/check-ntlm.in
+++ /dev/null
@@ -1,170 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2006 - 2007 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: check-ntlm.in 22160 2007-12-04 20:05:17Z lha $
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-
-# If there is no useful db support compile in, disable test
-../db/have-db || exit 77
-
-R=TEST.H5L.SE
-
-port=@port@
-
-keytabfile=${objdir}/server.keytab
-keytab="FILE:${keytabfile}"
-cache="FILE:krb5ccfile"
-cacheds="FILE:krb5ccfile-ds"
-
-kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache --no-afslog"
-kinitds="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cacheds --no-afslog"
-kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
-kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port"
-kdigest="${TESTS_ENVIRONMENT} ../../kuser/kdigest"
-
-context="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_context"
-
-KRB5_CONFIG="${objdir}/krb5.conf"
-export KRB5_CONFIG
-
-KRB5_KTNAME="${keytab}"
-export KRB5_KTNAME
-KRB5CCNAME="${cache}"
-export KRB5CCNAME
-NTLM_ACCEPTOR_CCACHE="${cacheds}"
-export NTLM_ACCEPTOR_CCACHE
-NTLM_USER_FILE="${srcdir}/ntlm-user-file.txt"
-export NTLM_USER_FILE
-
-GSSAPI_SPNEGO_NAME=host@host.test.h5l.se
-export GSSAPI_SPNEGO_NAME
-
-rm -f ${keytabfile}
-rm -f current-db*
-rm -f out-*
-rm -f mkey.file*
-
-> messages.log
-
-echo Creating database
-${kadmin} \
-    init \
-    --realm-max-ticket-life=1day \
-    --realm-max-renewable-life=1month \
-    ${R} || exit 1
-
-${kadmin} add -p p1 --use-defaults host/host.test.h5l.se@${R} || exit 1
-${kadmin} ext -k ${keytab} host/host.test.h5l.se@${R} || exit 1
-
-${kadmin} add -p kaka --use-defaults digest/${R}@${R} || exit 1
-
-${kadmin} add -p ds --use-defaults digestserver@${R} || exit 1
-${kadmin} modify --attributes=+allow-digest digestserver@${R} || exit 1
-
-${kadmin} add -p u1 --use-defaults user1@${R} || exit 1
-
-echo "Doing database check"
-${kadmin} check ${R} || exit 1
-
-echo u1 > ${objdir}/foopassword
-echo ds > ${objdir}/barpassword
-
-echo Starting kdc
-${kdc} &
-kdcpid=$!
-
-sh ${srcdir}/../kdc/wait-kdc.sh
-if [ "$?" != 0 ] ; then
-    kill ${kdcpid}
-    exit 1
-fi
-
-trap "kill ${kdcpid}; echo signal killing kdc; exit 1;" EXIT
-
-exitcode=0
-
-echo "Getting client initial tickets"
-${kinit} --password-file=${objdir}/foopassword user1@${R} || exitcode=1
-echo "Getting digestserver initial tickets"
-${kinitds} --password-file=${objdir}/barpassword digestserver@${R} || exitcode=1
-
-echo "======probe"
-KRB5CCNAME="$cacheds"
-
- ${kdigest} digest-probe --realm=${R} > /dev/null || \
-     { exitcode=1; echo "test failed"; }
-
-echo "======context building ntlm"
-
-NTLM_USER_FILE="${srcdir}/ntlm-user-file.txt-no"
-KRB5CCNAME="$cache"
-
-echo "no NTLM initiator creds"
-${context} --mech-type=ntlm \
-	--mutual \
-        --name-type=hostbased-service \
-        --ret-mech-type=ntlm \
-        host@host.test.h5l.se 2> /dev/null && \
-        { exitcode=1 ; echo "test failed"; }
-
-echo "Getting client initial tickets (with ntlm creds)"
-${kinit} --password-file=${objdir}/foopassword --ntlm-domain=TEST user1@${R} || exitcode=1
-
-echo "NTLM initiator krb5 creds"
-${context} --mech-type=ntlm \
-	--mutual \
-        --name-type=hostbased-service \
-        --ret-mech-type=ntlm \
-        host@host.test.h5l.se || \
-        { exitcode=1 ; echo "test failed"; }
-
-echo "NTLM initiator krb5 creds (getverifymic, wrapunwrap)"
-${context} --mech-type=ntlm \
-	--mutual \
-        --name-type=hostbased-service \
-        --ret-mech-type=ntlm \
-        --getverifymic --wrapunwrap \
-        host@host.test.h5l.se || \
-        { exitcode=1 ; echo "test failed"; }
-
-trap "" EXIT
-
-echo "killing kdc (${kdcpid})"
-kill ${kdcpid} 2> /dev/null
-
-exit $exitcode
-
-
diff --git a/crypto/heimdal/tests/gss/check-spnego.in b/crypto/heimdal/tests/gss/check-spnego.in
deleted file mode 100644
index c95ac6f78a4d..000000000000
--- a/crypto/heimdal/tests/gss/check-spnego.in
+++ /dev/null
@@ -1,209 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2006 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: check-spnego.in 21847 2007-08-08 06:55:32Z lha $
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-
-# If there is no useful db support compile in, disable test
-../db/have-db || exit 77
-
-R=TEST.H5L.SE
-
-port=@port@
-
-keytabfile=${objdir}/server.keytab
-keytab="FILE:${keytabfile}"
-cache="FILE:krb5ccfile"
-cacheds="FILE:krb5ccfile-ds"
-
-kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache --no-afslog"
-kinitds="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cacheds --no-afslog"
-kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
-kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port"
-
-context="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_context"
-
-KRB5_CONFIG="${objdir}/krb5.conf"
-export KRB5_CONFIG
-
-KRB5_KTNAME="${keytab}"
-export KRB5_KTNAME
-KRB5CCNAME="${cache}"
-export KRB5CCNAME
-NTLM_ACCEPTOR_CCACHE="${cacheds}"
-export NTLM_ACCEPTOR_CCACHE
-NTLM_USER_FILE="${srcdir}/ntlm-user-file.txt"
-export NTLM_USER_FILE
-
-GSSAPI_SPNEGO_NAME=host@host.test.h5l.se
-export GSSAPI_SPNEGO_NAME
-
-rm -f ${keytabfile}
-rm -f current-db*
-rm -f out-*
-rm -f mkey.file*
-
-> messages.log
-
-echo Creating database
-${kadmin} \
-    init \
-    --realm-max-ticket-life=1day \
-    --realm-max-renewable-life=1month \
-    ${R} || exit 1
-
-${kadmin} add -p p1 --use-defaults host/host.test.h5l.se@${R} || exit 1
-${kadmin} ext -k ${keytab} host/host.test.h5l.se@${R} || exit 1
-
-${kadmin} add -p kaka --use-defaults digest/${R}@${R} || exit 1
-
-${kadmin} add -p ds --use-defaults digestserver@${R} || exit 1
-${kadmin} modify --attributes=+allow-digest digestserver@${R} || exit 1
-
-${kadmin} add -p u1 --use-defaults user1@${R} || exit 1
-
-echo "Doing database check"
-${kadmin} check ${R} || exit 1
-
-echo u1 > ${objdir}/foopassword
-echo ds > ${objdir}/barpassword
-
-echo Starting kdc
-${kdc} &
-kdcpid=$!
-
-sh ${srcdir}/../kdc/wait-kdc.sh
-if [ "$?" != 0 ] ; then
-    kill ${kdcpid}
-    exit 1
-fi
-
-trap "kill ${kdcpid}; echo signal killing kdc; exit 1;" EXIT
-
-exitcode=0
-
-echo "Getting client initial tickets"
-${kinit} --password-file=${objdir}/foopassword user1@${R} || exitcode=1
-echo "Getting digestserver initial tickets"
-${kinitds} --password-file=${objdir}/barpassword digestserver@${R} || exitcode=1
-
-echo "======context building for each mech"
-
-for mech in ntlm krb5 ; do 
-    echo "${mech}"
-    ${context} --mech-type=${mech} --ret-mech-type=${mech} \
-        --name-type=hostbased-service host@host.test.h5l.se || \
-	{ exitcode=1 ; echo test failed; }
-done
-
-echo "spnego"
-${context} \
-    --mech-type=spnego \
-    --ret-mech-type=krb5 \
-    --name-type=hostbased-service \
-    host@host.test.h5l.se || \
-    { exitcode=1 ; echo test failed; }
-
-echo "test failure cases"
-${context} --mech-type=ntlm --ret-mech-type=krb5 \
-    --name-type=hostbased-service host@host.test.h5l.se 2> /dev/null && \
-    { exitcode=1 ; echo test failed; }
-
-${context} --mech-type=krb5 --ret-mech-type=ntlm \
-    --name-type=hostbased-service host@host.test.h5l.se 2> /dev/null && \
-    { exitcode=1 ; echo test failed; }
-
-echo "======spnego variants context building"
-
-for arg in \
-     "" \
-     "--mutual" \
-     "--delegate" \
-     "--mutual --delegate" \
-     "--getverifymic --wrapunwrap" \
-     "--mutual --getverifymic --wrapunwrap" \
-    ; do
-
-    echo "no NTLM acceptor cred ${arg}"
-    NTLM_ACCEPTOR_CCACHE="${cacheds}-no"
-    ${context} --mech-type=spnego \
-        $arg \
-        --name-type=hostbased-service \
-        --ret-mech-type=krb5  \
-        host@host.test.h5l.se || \
-        { exitcode=1 ; echo test failed; }
-    NTLM_ACCEPTOR_CCACHE="${cacheds}"
-
-    echo "no NTLM initiator cred ${arg}"
-    NTLM_USER_FILE="${srcdir}/ntlm-user-file.txt-no"
-    ${context} --mech-type=spnego \
-        $arg \
-        --name-type=hostbased-service \
-        --ret-mech-type=krb5 \
-        host@host.test.h5l.se || \
-        { exitcode=1 ; echo test failed; }
-    NTLM_USER_FILE="${srcdir}/ntlm-user-file.txt"
-
-    echo "no krb5 acceptor cred ${arg}"
-    KRB5_KTNAME="${keytab}-no"
-    ${context} --mech-type=spnego \
-        $arg \
-        --name-type=hostbased-service \
-        --ret-mech-type=ntlm \
-        host@host.test.h5l.se || \
-        { exitcode=1 ; echo test failed; }
-    KRB5_KTNAME="${keytab}"
-
-    echo "no krb5 initiator cred ${arg}"
-    KRB5CCNAME="${cache}-no"
-    ${context} --mech-type=spnego \
-        $arg \
-        --name-type=hostbased-service \
-        --ret-mech-type=ntlm \
-        host@host.test.h5l.se || \
-        { exitcode=1 ; echo test failed; }
-    KRB5CCNAME="${cache}"
-
-done
-
-trap "" EXIT
-
-echo "killing kdc (${kdcpid})"
-kill ${kdcpid} 2> /dev/null
-
-exit $exitcode
-
-
diff --git a/crypto/heimdal/tests/gss/krb5.conf.in b/crypto/heimdal/tests/gss/krb5.conf.in
deleted file mode 100644
index 797fcdd8f42f..000000000000
--- a/crypto/heimdal/tests/gss/krb5.conf.in
+++ /dev/null
@@ -1,33 +0,0 @@
-# $Id: krb5.conf.in 20202 2007-02-08 00:59:47Z lha $
-
-[libdefaults]
-	default_realm = TEST.H5L.SE
-	no-addresses = TRUE
-	default_keytab_name = @objdir@/server.keytab
-	dns_canonicalize_hostname = false
-	dns_lookup_realm = false
-
-[realms]
-	TEST.H5L.SE = {
-		kdc = localhost:@port@
-	}
-
-[domain_realms]
-	.test.h5l.se = TEST.H5L.SE
-
-[kdc]
-	enable-digest = true
-	digests_allowed = ntlm-v2,ntlm-v1-session,ntlm-v1
-
-	database = {
-		dbname = @objdir@/current-db
-		realm = TEST.H5L.SE
-		mkey_file = @objdir@/mkey.file
-	}
-
-[logging]
-	kdc = 0-/FILE:@objdir@/messages.log
-	default = 0-/FILE:@objdir@/messages.log
-
-[kadmin]
-	save-password = true
diff --git a/crypto/heimdal/tests/gss/ntlm-user-file.txt b/crypto/heimdal/tests/gss/ntlm-user-file.txt
deleted file mode 100644
index 853ba9b558c1..000000000000
--- a/crypto/heimdal/tests/gss/ntlm-user-file.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-# $Id: ntlm-user-file.txt 19406 2006-12-18 13:12:44Z lha $
-TEST:user1:u1
diff --git a/crypto/heimdal/tests/java/KerberosInit.java b/crypto/heimdal/tests/java/KerberosInit.java
deleted file mode 100644
index 34714d9c218b..000000000000
--- a/crypto/heimdal/tests/java/KerberosInit.java
+++ /dev/null
@@ -1,95 +0,0 @@
-/*
- *
- * Copyright (c) 2007 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- *
- * $Id$
- */
-
-import javax.security.auth.login.*;
-import javax.security.auth.callback.*;
-
-public class KerberosInit {
-
-    private class TestCallBackHandler implements CallbackHandler {
-	
-	public void handle(Callback[] callbacks)
-	    throws UnsupportedCallbackException {
-	    for (int i = 0; i < callbacks.length; i++) {
-		if (callbacks[i] instanceof TextOutputCallback) {
-		    TextOutputCallback toc = (TextOutputCallback)callbacks[i];
-		    System.out.println(toc.getMessage());
-		} else if (callbacks[i] instanceof NameCallback) {
-		    NameCallback nc = (NameCallback)callbacks[i];
-		    nc.setName("lha");
-		} else if (callbacks[i] instanceof PasswordCallback) {
-		    PasswordCallback pc = (PasswordCallback)callbacks[i];
-		    pc.setPassword("foo".toCharArray());
-		} else {
-		    throw new
-			UnsupportedCallbackException(callbacks[i],
-						     "Unrecognized Callback");
-		}
-	    }
-	}
-    }
-    private TestCallBackHandler getHandler() {
-	return new TestCallBackHandler();
-    }
-
-    public static void main(String[] args) {
-
-        LoginContext lc = null;
-        try {
-            lc = new LoginContext("kinit", new KerberosInit().getHandler());
-        } catch (LoginException e) {
-            System.err.println("Cannot create LoginContext. " + e.getMessage());
-	    e.printStackTrace();
-            System.exit(1);
-        } catch (SecurityException e) {
-            System.err.println("Cannot create LoginContext. " + e.getMessage());
-	    e.printStackTrace();
-            System.exit(1);
-        } 
-
-        try {
-            lc.login();
-        } catch (LoginException e) {
-            System.err.println("Authentication failed:" + e.getMessage());
-	    e.printStackTrace();
-            System.exit(1);
-        }
-
-	System.out.println("lc.login ok");
-	System.exit(0);
-    }
-}
-
diff --git a/crypto/heimdal/tests/java/Makefile.am b/crypto/heimdal/tests/java/Makefile.am
deleted file mode 100644
index 7785ca1aa273..000000000000
--- a/crypto/heimdal/tests/java/Makefile.am
+++ /dev/null
@@ -1,44 +0,0 @@
-# $Id: Makefile.am 20739 2007-05-31 16:53:21Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-noinst_DATA = krb5.conf
-
-check_SCRIPTS = $(SCRIPT_TESTS) 
-
-SCRIPT_TESTS = check-kinit
-
-TESTS = $(SCRIPT_TESTS)
-
-port = 49188
-
-do_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \
-	-e 's,[@]port[@],$(port),g' \
-	-e 's,[@]objdir[@],$(top_builddir)/tests/java,g'
-
-LDADD = ../../lib/krb5/libkrb5.la $(LIB_roken)
-
-check-kinit: check-kinit.in Makefile
-	$(do_subst) < $(srcdir)/check-kinit.in > check-kinit.tmp
-	chmod +x check-kinit.tmp
-	mv check-kinit.tmp check-kinit
-
-krb5.conf: krb5.conf.in Makefile
-	$(do_subst) < $(srcdir)/krb5.conf.in > krb5.conf.tmp
-	mv krb5.conf.tmp krb5.conf
-
-CLEANFILES= \
-	$(TESTS) \
-	*.tmp \
-	*.class \
-	current-db* \
-	krb5.conf \
-	messages.log
-
-
-EXTRA_DIST = \
-	KerberosInit.java \
-	jaas.conf \
-	check-kinit.in \
-	have-java.sh \
-	krb5.conf.in
diff --git a/crypto/heimdal/tests/java/Makefile.in b/crypto/heimdal/tests/java/Makefile.in
deleted file mode 100644
index 9161e3977ba3..000000000000
--- a/crypto/heimdal/tests/java/Makefile.in
+++ /dev/null
@@ -1,768 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 20739 2007-05-31 16:53:21Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common
-subdir = tests/java
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-SOURCES =
-DIST_SOURCES =
-DATA = $(noinst_DATA)
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-noinst_DATA = krb5.conf
-check_SCRIPTS = $(SCRIPT_TESTS) 
-SCRIPT_TESTS = check-kinit
-TESTS = $(SCRIPT_TESTS)
-port = 49188
-do_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \
-	-e 's,[@]port[@],$(port),g' \
-	-e 's,[@]objdir[@],$(top_builddir)/tests/java,g'
-
-LDADD = ../../lib/krb5/libkrb5.la $(LIB_roken)
-CLEANFILES = \
-	$(TESTS) \
-	*.tmp \
-	*.class \
-	current-db* \
-	krb5.conf \
-	messages.log
-
-EXTRA_DIST = \
-	KerberosInit.java \
-	jaas.conf \
-	check-kinit.in \
-	have-java.sh \
-	krb5.conf.in
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps tests/java/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps tests/java/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-tags: TAGS
-TAGS:
-
-ctags: CTAGS
-CTAGS:
-
-
-check-TESTS: $(TESTS)
-	@failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[	 ]'; \
-	srcdir=$(srcdir); export srcdir; \
-	list=' $(TESTS) '; \
-	if test -n "$$list"; then \
-	  for tst in $$list; do \
-	    if test -f ./$$tst; then dir=./; \
-	    elif test -f $$tst; then dir=; \
-	    else dir="$(srcdir)/"; fi; \
-	    if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xpass=`expr $$xpass + 1`; \
-		failed=`expr $$failed + 1`; \
-		echo "XPASS: $$tst"; \
-	      ;; \
-	      *) \
-		echo "PASS: $$tst"; \
-	      ;; \
-	      esac; \
-	    elif test $$? -ne 77; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xfail=`expr $$xfail + 1`; \
-		echo "XFAIL: $$tst"; \
-	      ;; \
-	      *) \
-		failed=`expr $$failed + 1`; \
-		echo "FAIL: $$tst"; \
-	      ;; \
-	      esac; \
-	    else \
-	      skip=`expr $$skip + 1`; \
-	      echo "SKIP: $$tst"; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    if test "$$xfail" -eq 0; then \
-	      banner="All $$all tests passed"; \
-	    else \
-	      banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
-	    fi; \
-	  else \
-	    if test "$$xpass" -eq 0; then \
-	      banner="$$failed of $$all tests failed"; \
-	    else \
-	      banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
-	    fi; \
-	  fi; \
-	  dashes="$$banner"; \
-	  skipped=""; \
-	  if test "$$skip" -ne 0; then \
-	    skipped="($$skip tests were not run)"; \
-	    test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$skipped"; \
-	  fi; \
-	  report=""; \
-	  if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
-	    report="Please report to $(PACKAGE_BUGREPORT)"; \
-	    test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$report"; \
-	  fi; \
-	  dashes=`echo "$$dashes" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  test -z "$$skipped" || echo "$$skipped"; \
-	  test -z "$$report" || echo "$$report"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	else :; fi
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) $(check_SCRIPTS)
-	$(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
-check: check-am
-all-am: Makefile $(DATA) all-local
-installdirs:
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-generic
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: all all-am all-local check check-TESTS check-am check-local \
-	clean clean-generic clean-libtool dist-hook distclean \
-	distclean-generic distclean-libtool distdir dvi dvi-am html \
-	html-am info info-am install install-am install-data \
-	install-data-am install-data-hook install-dvi install-dvi-am \
-	install-exec install-exec-am install-exec-hook install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-ps install-ps-am \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	uninstall uninstall-am uninstall-hook
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-check-kinit: check-kinit.in Makefile
-	$(do_subst) < $(srcdir)/check-kinit.in > check-kinit.tmp
-	chmod +x check-kinit.tmp
-	mv check-kinit.tmp check-kinit
-
-krb5.conf: krb5.conf.in Makefile
-	$(do_subst) < $(srcdir)/krb5.conf.in > krb5.conf.tmp
-	mv krb5.conf.tmp krb5.conf
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/tests/java/check-kinit.in b/crypto/heimdal/tests/java/check-kinit.in
deleted file mode 100644
index 1ef59f74bfa1..000000000000
--- a/crypto/heimdal/tests/java/check-kinit.in
+++ /dev/null
@@ -1,101 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2006 - 2007 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id$
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-port="@port@"
-
-# Disable test if: no data, no java, or socket wrapper
-../db/have-db || exit 77
-sh ${srcdir}/have-java.sh || exit 77
-[ X"$SOCKET_WRAPPER_DIR" != X ] && exit 77
-
-R=TEST.H5L.SE
-
-kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
-kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=127.0.0.1 -P $port"
-
-KRB5_CONFIG="${objdir}/krb5.conf"
-export KRB5_CONFIG
-
-rm -f ${keytabfile} messages.log
-rm -f current-db*
-rm -f out-*
-rm -f mkey.file*
-
-echo "Compile"
-javac -d "${objdir}" "${srcdir}/KerberosInit.java" || \
-    { echo "Failed to compile java program: $?" ; exit 77; }
-
-> messages.log
-
-echo Creating database
-${kadmin} \
-    init \
-    --realm-max-ticket-life=1day \
-    --realm-max-renewable-life=1month \
-    ${R} || exit 1
-
-${kadmin} add -p foo --use-defaults lha@${R} || exit 1
-${kadmin} modify --attributes=+requires-pre-auth lha@${R} || exit 1
-
-echo Starting kdc
-${kdc} &
-kdcpid=$!
-
-sh ${srcdir}/../kdc/wait-kdc.sh
-if [ "$?" != 0 ] ; then
-    kill ${kdcpid}
-    exit 1
-fi
-
-trap "kill ${kdcpid}; echo signal killing kdc; exit 1;" EXIT
-
-echo "Run init"
-java \
-  -Dsun.security.krb5.debug=true \
-  -Djava.security.krb5.conf="${objdir}"/krb5.conf \
-  -Djava.security.auth.login.config="${srcdir}/jaas.conf" \
-  KerberosInit > output.tmp 2>&1 || { cat output.tmp ; exit 1; }
-
-echo "Done"
-
-echo "killing kdc (${kdcpid})"
-kill $kdcpid || exit 1
-
-trap "" EXIT
-
-exit 0
diff --git a/crypto/heimdal/tests/java/have-java.sh b/crypto/heimdal/tests/java/have-java.sh
deleted file mode 100644
index da84b039dac6..000000000000
--- a/crypto/heimdal/tests/java/have-java.sh
+++ /dev/null
@@ -1,58 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2007 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id$
-#
-
-echo "Checking for java and javac"
-
-oldifs=$IFS
-IFS=:
-set -- $PATH
-IFS=$oldifs
-for i in $*; do
-  test -n "$i" || i="."
-  test -x $i/java && j=f
-  test -x $i/javac && k=c
-done
-
-test "$j$k" = fc || exit 1
-
-# GNU GCC Java doesn't support Kerberos
-if java -version 2>&1 | grep 'gij' > /dev/null ; then
-    exit 1
-fi
-
-echo "ok"
-
-exit 0
diff --git a/crypto/heimdal/tests/java/jaas.conf b/crypto/heimdal/tests/java/jaas.conf
deleted file mode 100644
index a61fb4903b03..000000000000
--- a/crypto/heimdal/tests/java/jaas.conf
+++ /dev/null
@@ -1,5 +0,0 @@
-/* $Id$ */
-
-kinit {
-   com.sun.security.auth.module.Krb5LoginModule required;
-};
diff --git a/crypto/heimdal/tests/java/krb5.conf.in b/crypto/heimdal/tests/java/krb5.conf.in
deleted file mode 100644
index d301fa47e886..000000000000
--- a/crypto/heimdal/tests/java/krb5.conf.in
+++ /dev/null
@@ -1,30 +0,0 @@
-# $Id$
-
-[libdefaults]
-	default_realm = TEST.H5L.SE
-
-
-[realms]
-	TEST.H5L.SE = {
-		kdc = localhost:@port@
-	}
-
-[kdc]
-	database = {
-		dbname = @objdir@/current-db
-		realm = TEST.H5L.SE
-		mkey_file = @objdir@/mkey.file
-	}
-
-[logging]
-	kdc = 0-/FILE:@objdir@/messages.log
-	default = 0-/FILE:@objdir@/messages.log
-
-# Have both default and non default salting for single DES encryptes,
-# this to check if the kdc return default salting.
-[kadmin]
-	default_keys = aes256-cts-hmac-sha1-96:pw-salt
-	default_keys = aes128-cts-hmac-sha1-96:pw-salt
-	default_keys = des3-cbc-sha1:pw-salt
-        default_keys = des:pw-salt
-	default_keys = des:pw-salt:
diff --git a/crypto/heimdal/tests/kdc/Makefile.am b/crypto/heimdal/tests/kdc/Makefile.am
deleted file mode 100644
index b22386ae8610..000000000000
--- a/crypto/heimdal/tests/kdc/Makefile.am
+++ /dev/null
@@ -1,159 +0,0 @@
-# $Id: Makefile.am 22447 2008-01-15 06:05:17Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-noinst_DATA = \
-	krb5.conf \
-	krb5-pkinit.conf \
-	krb5-pkinit-win.conf \
-	krb5-slave.conf
-
-check_PROGRAMS = ap-req
-check_SCRIPTS = $(SCRIPT_TESTS) 
-
-SCRIPT_TESTS = \
-	check-digest \
-	check-kadmin \
-	check-kdc \
-	check-keys \
-	check-pkinit \
-	check-iprop \
-	check-referral \
-	check-uu
-
-TESTS = $(SCRIPT_TESTS)
-
-port = 49188
-admport = 49189
-
-if HAVE_DLOPEN
-do_dlopen = -e 's,[@]DLOPEN[@],true,g'
-else
-do_dlopen = -e 's,[@]DLOPEN[@],false,g'
-endif
-
-do_subst = sed $(do_dlopen) \
-	-e 's,[@]srcdir[@],$(srcdir),g' \
-	-e 's,[@]port[@],$(port),g' \
-	-e 's,[@]admport[@],$(admport),g' \
-	-e 's,[@]objdir[@],$(top_builddir)/tests/kdc,g' \
-	-e 's,[@]EGREP[@],$(EGREP),g' 
-
-LDADD = ../../lib/krb5/libkrb5.la $(LIB_roken)
-
-check-kdc: check-kdc.in Makefile
-	$(do_subst) < $(srcdir)/check-kdc.in > check-kdc.tmp
-	chmod +x check-kdc.tmp
-	mv check-kdc.tmp check-kdc
-
-check-keys: check-keys.in Makefile
-	$(do_subst) < $(srcdir)/check-keys.in > check-keys.tmp
-	chmod +x check-keys.tmp
-	mv check-keys.tmp check-keys
-
-check-kadmin: check-kadmin.in Makefile
-	$(do_subst) < $(srcdir)/check-kadmin.in > check-kadmin.tmp
-	chmod +x check-kadmin.tmp
-	mv check-kadmin.tmp check-kadmin
-
-check-uu: check-uu.in Makefile
-	$(do_subst) < $(srcdir)/check-uu.in > check-uu.tmp
-	chmod +x check-uu.tmp
-	mv check-uu.tmp check-uu
-
-check-pkinit: check-pkinit.in Makefile krb5-pkinit.conf
-	$(do_subst) < $(srcdir)/check-pkinit.in > check-pkinit.tmp
-	chmod +x check-pkinit.tmp
-	mv check-pkinit.tmp check-pkinit
-
-check-iprop: check-iprop.in Makefile krb5.conf krb5-slave.conf
-	$(do_subst) < $(srcdir)/check-iprop.in > check-iprop.tmp
-	chmod +x check-iprop.tmp
-	mv check-iprop.tmp check-iprop
-
-check-digest: check-digest.in Makefile
-	$(do_subst) < $(srcdir)/check-digest.in > check-digest.tmp
-	chmod +x check-digest.tmp
-	mv check-digest.tmp check-digest
-
-check-referral: check-referral.in Makefile
-	$(do_subst) < $(srcdir)/check-referral.in > check-referral.tmp
-	chmod +x check-referral.tmp
-	mv check-referral.tmp check-referral
-
-krb5.conf: krb5.conf.in Makefile
-	$(do_subst) \
-	   -e 's,[@]kdc[@],,g' < $(srcdir)/krb5.conf.in > krb5.conf.tmp
-	mv krb5.conf.tmp krb5.conf
-
-krb5-slave.conf: krb5.conf.in Makefile
-	$(do_subst) \
-	   -e 's,[@]kdc[@],.slave,g' < $(srcdir)/krb5.conf.in > krb5-slave.conf.tmp
-	mv krb5-slave.conf.tmp krb5-slave.conf
-
-krb5-pkinit.conf: krb5-pkinit.conf.in Makefile
-	$(do_subst) -e 's,[@]w2k[@],no,g' < $(srcdir)/krb5-pkinit.conf.in > krb5-pkinit.conf.tmp
-	mv krb5-pkinit.conf.tmp krb5-pkinit.conf
-
-krb5-pkinit-win.conf: krb5-pkinit.conf.in Makefile
-	$(do_subst) -e 's,[@]w2k[@],yes,g' < $(srcdir)/krb5-pkinit.conf.in > krb5-pkinit-win.conf.tmp
-	mv krb5-pkinit-win.conf.tmp krb5-pkinit-win.conf
-
-CLEANFILES= \
-	$(TESTS) \
-	iprop-stats \
-	barpassword \
-	cache.krb5 \
-	cdigest-reply \
-	*.tmp \
-	client-cache \
-	current-db* \
-	current*.log \
-	iprop.keytab \
-	digest-reply \
-	foopassword \
-	krb5.conf \
-	krb5-slave.conf \
-	krb5-pkinit.conf \
-	krb5-pkinit-win.conf \
-	krb5.conf.keys \
-	signal \
-	messages.log \
-	o2cache.krb5 \
-	o2digest-reply \
-	ocache.krb5 \
-	s2digest-reply \
-	sdigest-init \
-	sdigest-reply \
-	server.keytab \
-	req-pkinit.der \
-	req-pkinit2.der \
-	req-kdc.der \
-	pkinit.crt \
-	pkinit2.crt \
-	pkinit3.crt \
-	kdc.crt \
-	ca.crt \
-	uuserver.log \
-	tempfile \
-	test-rc-file.rc
-
-EXTRA_DIST = \
-	check-kadmin.in \
-	check-kdc.in \
-	check-keys.in \
-	check-referral.in \
-	check-uu.in \
-	check-pkinit.in \
-	check-iprop.in \
-	check-digest.in \
-	heimdal.acl \
-	krb5.conf.in \
-	krb5.conf.keys.in \
-	krb5-pkinit.conf.in \
-	iprop-acl \
-	wait-kdc.sh \
-	pki-mapping \
-	ntlm-user-file.txt \
-	uuserver.txt \
-	donotexists.txt
diff --git a/crypto/heimdal/tests/kdc/Makefile.in b/crypto/heimdal/tests/kdc/Makefile.in
deleted file mode 100644
index cf6f6d8489cc..000000000000
--- a/crypto/heimdal/tests/kdc/Makefile.in
+++ /dev/null
@@ -1,971 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 22447 2008-01-15 06:05:17Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common
-check_PROGRAMS = ap-req$(EXEEXT)
-subdir = tests/kdc
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-ap_req_SOURCES = ap-req.c
-ap_req_OBJECTS = ap-req.$(OBJEXT)
-ap_req_LDADD = $(LDADD)
-am__DEPENDENCIES_1 =
-ap_req_DEPENDENCIES = ../../lib/krb5/libkrb5.la $(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-SOURCES = ap-req.c
-DIST_SOURCES = ap-req.c
-DATA = $(noinst_DATA)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-noinst_DATA = \
-	krb5.conf \
-	krb5-pkinit.conf \
-	krb5-pkinit-win.conf \
-	krb5-slave.conf
-
-check_SCRIPTS = $(SCRIPT_TESTS) 
-SCRIPT_TESTS = \
-	check-digest \
-	check-kadmin \
-	check-kdc \
-	check-keys \
-	check-pkinit \
-	check-iprop \
-	check-referral \
-	check-uu
-
-TESTS = $(SCRIPT_TESTS)
-port = 49188
-admport = 49189
-@HAVE_DLOPEN_FALSE@do_dlopen = -e 's,[@]DLOPEN[@],false,g'
-@HAVE_DLOPEN_TRUE@do_dlopen = -e 's,[@]DLOPEN[@],true,g'
-do_subst = sed $(do_dlopen) \
-	-e 's,[@]srcdir[@],$(srcdir),g' \
-	-e 's,[@]port[@],$(port),g' \
-	-e 's,[@]admport[@],$(admport),g' \
-	-e 's,[@]objdir[@],$(top_builddir)/tests/kdc,g' \
-	-e 's,[@]EGREP[@],$(EGREP),g' 
-
-LDADD = ../../lib/krb5/libkrb5.la $(LIB_roken)
-CLEANFILES = \
-	$(TESTS) \
-	iprop-stats \
-	barpassword \
-	cache.krb5 \
-	cdigest-reply \
-	*.tmp \
-	client-cache \
-	current-db* \
-	current*.log \
-	iprop.keytab \
-	digest-reply \
-	foopassword \
-	krb5.conf \
-	krb5-slave.conf \
-	krb5-pkinit.conf \
-	krb5-pkinit-win.conf \
-	krb5.conf.keys \
-	signal \
-	messages.log \
-	o2cache.krb5 \
-	o2digest-reply \
-	ocache.krb5 \
-	s2digest-reply \
-	sdigest-init \
-	sdigest-reply \
-	server.keytab \
-	req-pkinit.der \
-	req-pkinit2.der \
-	req-kdc.der \
-	pkinit.crt \
-	pkinit2.crt \
-	pkinit3.crt \
-	kdc.crt \
-	ca.crt \
-	uuserver.log \
-	tempfile \
-	test-rc-file.rc
-
-EXTRA_DIST = \
-	check-kadmin.in \
-	check-kdc.in \
-	check-keys.in \
-	check-referral.in \
-	check-uu.in \
-	check-pkinit.in \
-	check-iprop.in \
-	check-digest.in \
-	heimdal.acl \
-	krb5.conf.in \
-	krb5.conf.keys.in \
-	krb5-pkinit.conf.in \
-	iprop-acl \
-	wait-kdc.sh \
-	pki-mapping \
-	ntlm-user-file.txt \
-	uuserver.txt \
-	donotexists.txt
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps tests/kdc/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps tests/kdc/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-clean-checkPROGRAMS:
-	@list='$(check_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-ap-req$(EXEEXT): $(ap_req_OBJECTS) $(ap_req_DEPENDENCIES) 
-	@rm -f ap-req$(EXEEXT)
-	$(LINK) $(ap_req_OBJECTS) $(ap_req_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-check-TESTS: $(TESTS)
-	@failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[	 ]'; \
-	srcdir=$(srcdir); export srcdir; \
-	list=' $(TESTS) '; \
-	if test -n "$$list"; then \
-	  for tst in $$list; do \
-	    if test -f ./$$tst; then dir=./; \
-	    elif test -f $$tst; then dir=; \
-	    else dir="$(srcdir)/"; fi; \
-	    if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xpass=`expr $$xpass + 1`; \
-		failed=`expr $$failed + 1`; \
-		echo "XPASS: $$tst"; \
-	      ;; \
-	      *) \
-		echo "PASS: $$tst"; \
-	      ;; \
-	      esac; \
-	    elif test $$? -ne 77; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xfail=`expr $$xfail + 1`; \
-		echo "XFAIL: $$tst"; \
-	      ;; \
-	      *) \
-		failed=`expr $$failed + 1`; \
-		echo "FAIL: $$tst"; \
-	      ;; \
-	      esac; \
-	    else \
-	      skip=`expr $$skip + 1`; \
-	      echo "SKIP: $$tst"; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    if test "$$xfail" -eq 0; then \
-	      banner="All $$all tests passed"; \
-	    else \
-	      banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
-	    fi; \
-	  else \
-	    if test "$$xpass" -eq 0; then \
-	      banner="$$failed of $$all tests failed"; \
-	    else \
-	      banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
-	    fi; \
-	  fi; \
-	  dashes="$$banner"; \
-	  skipped=""; \
-	  if test "$$skip" -ne 0; then \
-	    skipped="($$skip tests were not run)"; \
-	    test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$skipped"; \
-	  fi; \
-	  report=""; \
-	  if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
-	    report="Please report to $(PACKAGE_BUGREPORT)"; \
-	    test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$report"; \
-	  fi; \
-	  dashes=`echo "$$dashes" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  test -z "$$skipped" || echo "$$skipped"; \
-	  test -z "$$report" || echo "$$report"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	else :; fi
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) $(check_SCRIPTS)
-	$(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
-check: check-am
-all-am: Makefile $(DATA) all-local
-installdirs:
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-checkPROGRAMS clean-generic clean-libtool \
-	mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-TESTS check-am \
-	check-local clean clean-checkPROGRAMS clean-generic \
-	clean-libtool ctags dist-hook distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-data-hook install-dvi \
-	install-dvi-am install-exec install-exec-am install-exec-hook \
-	install-html install-html-am install-info install-info-am \
-	install-man install-pdf install-pdf-am install-ps \
-	install-ps-am install-strip installcheck installcheck-am \
-	installdirs maintainer-clean maintainer-clean-generic \
-	mostlyclean mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \
-	uninstall-am uninstall-hook
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-check-kdc: check-kdc.in Makefile
-	$(do_subst) < $(srcdir)/check-kdc.in > check-kdc.tmp
-	chmod +x check-kdc.tmp
-	mv check-kdc.tmp check-kdc
-
-check-keys: check-keys.in Makefile
-	$(do_subst) < $(srcdir)/check-keys.in > check-keys.tmp
-	chmod +x check-keys.tmp
-	mv check-keys.tmp check-keys
-
-check-kadmin: check-kadmin.in Makefile
-	$(do_subst) < $(srcdir)/check-kadmin.in > check-kadmin.tmp
-	chmod +x check-kadmin.tmp
-	mv check-kadmin.tmp check-kadmin
-
-check-uu: check-uu.in Makefile
-	$(do_subst) < $(srcdir)/check-uu.in > check-uu.tmp
-	chmod +x check-uu.tmp
-	mv check-uu.tmp check-uu
-
-check-pkinit: check-pkinit.in Makefile krb5-pkinit.conf
-	$(do_subst) < $(srcdir)/check-pkinit.in > check-pkinit.tmp
-	chmod +x check-pkinit.tmp
-	mv check-pkinit.tmp check-pkinit
-
-check-iprop: check-iprop.in Makefile krb5.conf krb5-slave.conf
-	$(do_subst) < $(srcdir)/check-iprop.in > check-iprop.tmp
-	chmod +x check-iprop.tmp
-	mv check-iprop.tmp check-iprop
-
-check-digest: check-digest.in Makefile
-	$(do_subst) < $(srcdir)/check-digest.in > check-digest.tmp
-	chmod +x check-digest.tmp
-	mv check-digest.tmp check-digest
-
-check-referral: check-referral.in Makefile
-	$(do_subst) < $(srcdir)/check-referral.in > check-referral.tmp
-	chmod +x check-referral.tmp
-	mv check-referral.tmp check-referral
-
-krb5.conf: krb5.conf.in Makefile
-	$(do_subst) \
-	   -e 's,[@]kdc[@],,g' < $(srcdir)/krb5.conf.in > krb5.conf.tmp
-	mv krb5.conf.tmp krb5.conf
-
-krb5-slave.conf: krb5.conf.in Makefile
-	$(do_subst) \
-	   -e 's,[@]kdc[@],.slave,g' < $(srcdir)/krb5.conf.in > krb5-slave.conf.tmp
-	mv krb5-slave.conf.tmp krb5-slave.conf
-
-krb5-pkinit.conf: krb5-pkinit.conf.in Makefile
-	$(do_subst) -e 's,[@]w2k[@],no,g' < $(srcdir)/krb5-pkinit.conf.in > krb5-pkinit.conf.tmp
-	mv krb5-pkinit.conf.tmp krb5-pkinit.conf
-
-krb5-pkinit-win.conf: krb5-pkinit.conf.in Makefile
-	$(do_subst) -e 's,[@]w2k[@],yes,g' < $(srcdir)/krb5-pkinit.conf.in > krb5-pkinit-win.conf.tmp
-	mv krb5-pkinit-win.conf.tmp krb5-pkinit-win.conf
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/tests/kdc/ap-req.c b/crypto/heimdal/tests/kdc/ap-req.c
deleted file mode 100644
index 24cc6111c7dc..000000000000
--- a/crypto/heimdal/tests/kdc/ap-req.c
+++ /dev/null
@@ -1,221 +0,0 @@
-/*
- * Copyright (c) 2006 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: ap-req.c 19807 2007-01-10 19:35:45Z lha $");
-#endif
-
-#include <sys/types.h>
-#include <stdio.h>
-#include <krb5.h>
-#include <err.h>
-#include <getarg.h>
-#include <roken.h>
-
-static int verify_pac = 0;
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    {"verify-pac",0,	arg_flag,	&verify_pac,
-     "verify the PAC", NULL },
-    {"version",	0,	arg_flag,	&version_flag,
-     "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,
-     NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args, sizeof(args)/sizeof(*args), NULL, "...");
-    exit (ret);
-}
-
-
-static void
-test_ap(krb5_context context,
-	krb5_principal sprincipal,
-	krb5_keytab keytab,
-	krb5_ccache ccache,
-	const krb5_flags client_flags) 
-{
-    krb5_error_code ret;
-    krb5_auth_context client_ac = NULL, server_ac = NULL;
-    krb5_data data;
-    krb5_flags server_flags;
-    krb5_ticket *ticket = NULL;
-    int32_t server_seq, client_seq;
-
-    ret = krb5_mk_req_exact(context,
-			    &client_ac,
-			    client_flags,
-			    sprincipal,
-			    NULL,
-			    ccache,
-			    &data);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_mk_req_exact");
-
-    ret = krb5_rd_req(context,
-		      &server_ac,
-		      &data,
-		      sprincipal,
-		      keytab,
-		      &server_flags,
-		      &ticket);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_rd_req");
-
-
-    if (server_flags & AP_OPTS_MUTUAL_REQUIRED) {
-	krb5_ap_rep_enc_part *repl;
-
-	krb5_data_free(&data);
-
-	if ((client_flags & AP_OPTS_MUTUAL_REQUIRED) == 0)
-	    krb5_errx(context, 1, "client flag missing mutual req");
-
-	ret = krb5_mk_rep (context, server_ac, &data);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_mk_rep");
-
-	ret = krb5_rd_rep (context,
-			   client_ac,
-			   &data,
-			   &repl);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_rd_rep");
-
-	krb5_free_ap_rep_enc_part (context, repl);
-    } else {
-	if (client_flags & AP_OPTS_MUTUAL_REQUIRED)
-	    krb5_errx(context, 1, "server flag missing mutual req");
-    }
-
-    krb5_auth_getremoteseqnumber(context, server_ac, &server_seq);
-    krb5_auth_getremoteseqnumber(context, client_ac, &client_seq);
-    if (server_seq != client_seq)
-	krb5_errx(context, 1, "seq num differ");
-
-    krb5_auth_con_getlocalseqnumber(context, server_ac, &server_seq);
-    krb5_auth_con_getlocalseqnumber(context, client_ac, &client_seq);
-    if (server_seq != client_seq)
-	krb5_errx(context, 1, "seq num differ");
-
-    krb5_data_free(&data);
-    krb5_auth_con_free(context, client_ac);
-    krb5_auth_con_free(context, server_ac);
-
-    if (verify_pac) {
-	krb5_pac pac;
-
-	ret = krb5_ticket_get_authorization_data_type(context,
-						      ticket,
-						      KRB5_AUTHDATA_WIN2K_PAC,
-						      &data);
-	if (ret)
-	    krb5_err(context, 1, ret, "get pac");
-
-	ret = krb5_pac_parse(context, data.data, data.length, &pac);
-	if (ret)
-	    krb5_err(context, 1, ret, "pac parse");
-
-	krb5_pac_free(context, pac);
-    }
-
-    krb5_free_ticket(context, ticket);
-}
-
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    int optidx = 0;
-    const char *principal, *keytab, *ccache;
-    krb5_ccache id;
-    krb5_keytab kt;
-    krb5_principal sprincipal;
-
-    setprogname(argv[0]);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optidx;
-    argv += optidx;
-
-    if (argc < 3)
-	usage(1);
-		    
-    principal = argv[0];
-    keytab = argv[1];
-    ccache = argv[2];
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    ret = krb5_cc_resolve(context, ccache, &id);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_resolve");
-
-    ret = krb5_parse_name(context, principal, &sprincipal);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    ret = krb5_kt_resolve(context, keytab, &kt);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_kt_resolve");
-
-    test_ap(context, sprincipal, kt, id, 0);
-    test_ap(context, sprincipal, kt, id, AP_OPTS_MUTUAL_REQUIRED);
-
-    krb5_cc_close(context, id);
-    krb5_kt_close(context, kt);
-    krb5_free_principal(context, sprincipal);
-
-    krb5_free_context(context);
-
-    return ret;
-}
diff --git a/crypto/heimdal/tests/kdc/check-digest.in b/crypto/heimdal/tests/kdc/check-digest.in
deleted file mode 100644
index cb6c19f8dcb7..000000000000
--- a/crypto/heimdal/tests/kdc/check-digest.in
+++ /dev/null
@@ -1,295 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2006 - 2007 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: check-digest.in 21849 2007-08-08 06:56:41Z lha $
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-
-# If there is no useful db support compile in, disable test
-../db/have-db || exit 77
-
-R=TEST.H5L.SE
-
-port=@port@
-
-kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
-kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port"
-
-server=host/datan.test.h5l.se
-cache="FILE:${objdir}/cache.krb5"
-ocache="FILE:${objdir}/ocache.krb5"
-keytabfile=${objdir}/server.keytab
-keytab="FILE:${keytabfile}"
-
-kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache --no-afslog"
-klist="${TESTS_ENVIRONMENT} ../../kuser/klist -c $cache"
-kdigest="${TESTS_ENVIRONMENT} ../../kuser/kdigest --ccache=$cache"
-test_ntlm="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_ntlm"
-context="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_context"
-
-username=foo
-userpassword=digestpassword
-
-password=foobarbaz
-
-KRB5_CONFIG="${objdir}/krb5.conf"
-export KRB5_CONFIG
-
-rm -f ${keytabfile}
-rm -f current-db*
-rm -f out-*
-rm -f mkey.file*
-
-> messages.log
-
-echo Creating database
-${kadmin} \
-    init \
-    --realm-max-ticket-life=1day \
-    --realm-max-renewable-life=1month \
-    ${R} || exit 1
-
-${kadmin} add -p $userpassword --use-defaults ${username}@${R} || exit 1
-${kadmin} add -p $password --use-defaults ${server}@${R} || exit 1
-${kadmin} add -p kaka --use-defaults digest/${R}@${R} || exit 1
-${kadmin} modify --attributes=+allow-digest ${server}@${R} || exit 1
-${kadmin} ext -k ${keytab} ${server}@${R} || exit 1
-
-echo "Doing database check"
-${kadmin} check ${R} || exit 1
-
-echo $password > ${objdir}/foopassword
-
-echo Starting kdc
-${kdc} &
-kdcpid=$!
-
-sh ${srcdir}/wait-kdc.sh
-if [ "$?" != 0 ] ; then
-    kill ${kdcpid}
-    exit 1
-fi
-
-trap "kill ${kdcpid}; echo signal killing kdc; cat messages.log; exit 1;" EXIT
-
-exitcode=0
-
-echo "Getting digest server tickets"
-${kinit} --password-file=${objdir}/foopassword ${server}@$R || exitcode=1
-${kdigest} digest-server-init \
-    --kerberos-realm=${R} \
-    --type=CHAP > /dev/null || exitcode=1
-
-echo "Trying NTLM"
-
-NTLM_ACCEPTOR_CCACHE="$cache"
-export NTLM_ACCEPTOR_CCACHE
-
-echo "Trying server-init"
-echo ${kdigest} ntlm-server-init \
-    --kerberos-realm=${R} \
-    > sdigest-init || exitcode=1
-
-echo "test_ntlm"
-${test_ntlm} || { echo "test_ntlm failed"; exit 1; }
-
-NTLM_USER_FILE="${srcdir}/ntlm-user-file.txt"
-export NTLM_USER_FILE
-
-echo "test_context --mech-type=ntlm"
-${context} --mech-type=ntlm \
-	    --name-type=hostbased-service datan@TEST || \
-		{ echo "test_context 1 failed"; exit 1; }
-
-${context} --mech-type=ntlm \
-	    --name-type=hostbased-service datan@host.TEST || \
-		{ echo "test_context 2 failed"; exit 1; }
-
-${context} --mech-type=ntlm \
-	    --name-type=hostbased-service datan@host.test.domain2 || \
-		{ echo "test_context 3 failed"; exit 1; }
-
-${context} --mech-type=ntlm \
-	    --name-type=hostbased-service datan@host.foo 2>/dev/null && \
-		{ echo "test_context 4 failed"; exit 1; }
-
-echo "Trying SL in NTLM"
-
-
-for type in \
-    "" \
-    "--getverifymic" \
-    "--wrapunwrap" \
-    "--getverifymic --wrapunwrap" \
-    ; do
-
-	echo "Trying NTLM type: ${type}"
-	${context} --mech-type=ntlm ${type} \
-	    --name-type=hostbased-service datan@TEST || \
-	    { echo "test_context 1 failed"; exit 1; }
-
-done
-
-
-echo "Trying CHAP"
-
-${kdigest} digest-server-init \
-    --kerberos-realm=${R} \
-    --type=CHAP \
-    > sdigest-reply || exitcode=1
-
-snonce=`grep server-nonce= sdigest-reply | cut -f2- -d=`
-identifier=`grep identifier= sdigest-reply | cut -f2- -d=`
-opaque=`grep opaque= sdigest-reply | cut -f2- -d=`
-
-${kdigest} digest-client-request \
-    --type=CHAP \
-    --username="$username"  \
-    --password="$userpassword"  \
-    --opaque="$opaque"  \
-    --server-identifier="$identifier"  \
-    --server-nonce="$snonce" \
-    > cdigest-reply || exitcode=1
-
-cresponseData=`grep responseData= cdigest-reply | cut -f2- -d=`
-
-#echo user: $username
-#echo server-nonce: $snonce
-#echo opaqeue: $opaque
-#echo identifier: $identifier
-
-${kdigest} digest-server-request \
-    --kerberos-realm=${R} \
-    --type=CHAP \
-    --username="$username"  \
-    --opaque="$opaque"  \
-    --client-response="$cresponseData"  \
-    --server-identifier="$identifier"  \
-    --server-nonce="$snonce"  \
-    > s2digest-reply || exitcode=1
-
-status=`grep status= s2digest-reply | cut -f2- -d=`
-
-if test "X$status" = "Xok" ; then
-    echo "CHAP response ok"
-else
-    echo "CHAP response failed"
-    exitcode=1
-fi
-
-cresponseData=`echo $cresponseData | sed 's/..../DEADBEEF/'`
-
-${kdigest} digest-server-request \
-    --kerberos-realm=${R} \
-    --type=CHAP \
-    --username="$username"  \
-    --opaque="$opaque"  \
-    --client-response="$cresponseData" \
-    --server-identifier="$identifier"  \
-    --server-nonce="$snonce"  \
-    > s2digest-reply || exitcode=1
-
-status=`grep status= s2digest-reply | cut -f2- -d=`
-
-if test "X$status" = "Xfailed" ; then
-    echo "CHAP response fail as it should"
-else
-    echo "CHAP response succeeded errorously"
-    exitcode=1
-fi
-
-echo "Trying MS-CHAP-V2"
-
-${kdigest} digest-server-init \
-    --kerberos-realm=${R} \
-    --type=MS-CHAP-V2 \
-    > sdigest-reply || exitcode=1
-
-snonce=`grep server-nonce= sdigest-reply | cut -f2- -d=`
-opaque=`grep opaque= sdigest-reply | cut -f2- -d=`
-cnonce="21402324255E262A28295F2B3A337C7E"
-
-echo "MS-CHAP-V2 client request"
-${kdigest} digest-client-request \
-    --type=MS-CHAP-V2 \
-    --username="$username"  \
-    --password="$userpassword"  \
-    --opaque="$opaque"  \
-    --client-nonce="$cnonce"  \
-    --server-nonce="$snonce" \
-    > cdigest-reply || exitcode=1
-
-cresponseData=`grep responseData= cdigest-reply | cut -f2- -d=`
-cRsp=`grep AuthenticatorResponse= cdigest-reply | cut -f2- -d=`
-ckey=`grep session-key= cdigest-reply | cut -f2- -d=`
-
-${kdigest} digest-server-request \
-    --kerberos-realm=${R} \
-    --type=MS-CHAP-V2 \
-    --username="$username"  \
-    --opaque="$opaque"  \
-    --client-response="$cresponseData"  \
-    --client-nonce="$cnonce"  \
-    --server-nonce="$snonce"  \
-    > s2digest-reply || exitcode=1
-
-status=`grep status= s2digest-reply | cut -f2- -d=`
-sRsp=`grep rsp= s2digest-reply | cut -f2- -d=`
-skey=`grep session-key= s2digest-reply | cut -f2- -d=`
-
-if test "X$sRsp" != "X$cRsp" ; then
-    echo "rsp wrong $sRsp != $cRsp"
-    exitcode=1
-fi
-
-if test "X$skey" != "X$ckey" ; then
-    echo "rsp wrong"
-    exitcode=1
-fi
-
-if test "X$status" = "Xok" ; then
-    echo "MS-CHAP-V2 response ok"
-else
-    echo "MS-CHAP-V2 response failed"
-    exitcode=1
-fi
-
-trap "" EXIT
-
-echo "killing kdc (${kdcpid})"
-kill $kdcpid || exit 1
-
-exit $exitcode
-
diff --git a/crypto/heimdal/tests/kdc/check-iprop.in b/crypto/heimdal/tests/kdc/check-iprop.in
deleted file mode 100644
index 448824653613..000000000000
--- a/crypto/heimdal/tests/kdc/check-iprop.in
+++ /dev/null
@@ -1,248 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2006 - 2007 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id$
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-EGREP="@EGREP@"
-
-# If there is no useful db support compile in, disable test
-../db/have-db || exit 77
-
-# Dont run this test in AFS, since it lacks support for AF_UNIX
-expr "X`/bin/pwd || pwd`" : "X/afs/.*" > /dev/null 2>/dev/null && exit 77
-
-R=TEST.H5L.SE
-
-port=@port@
-
-cache="FILE:${objdir}/cache.krb5"
-keytabfile=${objdir}/iprop.keytab
-keytab="FILE:${keytabfile}"
-
-kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port"
-kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -r $R"
-ipropdslave="${TESTS_ENVIRONMENT} ../../lib/kadm5/ipropd-slave"
-ipropdmaster="${TESTS_ENVIRONMENT} ../../lib/kadm5/ipropd-master"
-iproplog="${TESTS_ENVIRONMENT} ../../lib/kadm5/iprop-log"
-
-kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache --no-afslog"
-
-KRB5_CONFIG="${objdir}/krb5.conf"
-export KRB5_CONFIG
-
-rm -f ${keytabfile}
-rm -f current-db*
-rm -f current*.log
-rm -f out-*
-rm -f mkey.file*
-rm -f messages.log
-
-> messages.log
-
-echo Creating database
-${kadmin} -l \
-    init \
-    --realm-max-ticket-life=1day \
-    --realm-max-renewable-life=1month \
-    ${R} || exit 1
-
-${kadmin} -l add -p foo --use-defaults user@${R} || exit 1
-
-${kadmin} -l add --random-key --use-defaults iprop/localhost@${R} || exit 1
-${kadmin} -l ext -k ${keytab} iprop/localhost@${R} || exit 1
-${kadmin} -l add --random-key --use-defaults iprop/slave@${R} || exit 1
-${kadmin} -l ext -k ${keytab} iprop/slave@${R} || exit 1
-
-echo foo > ${objdir}/foopassword
-
-# -- foo
-ipds=
-ipdm=
-kdcpid=
-
-> iprop-stats
-trap "echo 'killing ipropd s + m + kdc'; kill \${ipdm} \${ipds} \${kdcpid} >/dev/null 2>/dev/null; tail messages.log ; tail iprop-stats; exit 1;" EXIT
-
-echo Starting kdc
-${kdc} &
-kdcpid=$!
-
-sh ${srcdir}/wait-kdc.sh || exit 1
-
-echo "starting master"
-${ipropdmaster} --hostname=localhost -k ${keytab} \
-    --database=${objdir}/current-db &
-ipdm=$!
-sh ${srcdir}/wait-kdc.sh ipropd-master || exit 1
-
-echo "starting slave"
-KRB5_CONFIG="${objdir}/krb5-slave.conf" \
-${ipropdslave} --hostname=slave -k ${keytab} localhost &
-ipds=$!
-sh ${srcdir}/wait-kdc.sh ipropd-slave || exit 1
-
-echo "checking slave is up"
-${EGREP} 'iprop/slave@TEST.H5L.SE.*Up' iprop-stats >/dev/null || exit 1
-
-# ----------------- checking: pushing lives changes
-
-echo "Add host"
-${kadmin} -l add --random-key --use-defaults host/foo@${R} || exit 1
-sleep 2
-KRB5_CONFIG="${objdir}/krb5-slave.conf" \
-${kadmin} -l get host/foo@${R} > /dev/null || exit 1
-
-echo "Rename host"
-${kadmin} -l rename host/foo@${R} host/bar@${R} || exit 1
-sleep 2
-KRB5_CONFIG="${objdir}/krb5-slave.conf" \
-${kadmin} -l get host/foo@${R} > /dev/null 2>/dev/null && exit 1
-KRB5_CONFIG="${objdir}/krb5-slave.conf" \
-${kadmin} -l get host/bar@${R} > /dev/null || exit 1
-
-echo "Delete host"
-${kadmin} -l delete host/bar@${R} || exit 1
-sleep 2
-KRB5_CONFIG="${objdir}/krb5-slave.conf" \
-${kadmin} -l get host/bar@${R} > /dev/null 2>/dev/null && exit 1
-
-echo "kill slave"
-> iprop-stats
-kill ${ipds}
-sleep 2
-
-${EGREP} 'iprop/slave@TEST.H5L.SE.*Down' iprop-stats >/dev/null || exit 1
-
-# ----------------- checking: slave is missing changes while down
-
-echo "doing changes while slave is down"
-${kadmin} -l cpw --random-password user@${R} > /dev/null || exit 1
-${kadmin} -l cpw --random-password user@${R} > /dev/null || exit 1
-
-echo "Makeing a copy of the master log file"
-cp ${objdir}/current.log ${objdir}/current.log.tmp
-
-# ----------------- checking: checking that master and slaves resyncs
-
-echo "starting slave again"
-> iprop-stats
-> messages.log
-KRB5_CONFIG="${objdir}/krb5-slave.conf" \
-${ipropdslave} --hostname=slave -k ${keytab} localhost &
-ipds=$!
-sh ${srcdir}/wait-kdc.sh ipropd-slave || exit 1
-
-echo "checking slave is up again"
-${EGREP} 'iprop/slave@TEST.H5L.SE.*Up' iprop-stats >/dev/null || exit 1
-echo "checking for replay problems"
-${EGREP} 'Entry already exists in database' messages.log && exit 1
-
-echo "kill slave and remove log and database"
-kill ${ipds}
-sleep 2
-
-rm current.slave.log current-db.slave* || exit 1
-> iprop-stats
-> messages.log
-KRB5_CONFIG="${objdir}/krb5-slave.conf" \
-${ipropdslave} --hostname=slave -k ${keytab} localhost &
-ipds=$!
-sh ${srcdir}/wait-kdc.sh ipropd-slave || exit 1
-
-echo "checking slave is up again"
-${EGREP} 'iprop/slave@TEST.H5L.SE.*Up' iprop-stats >/dev/null || exit 1
-echo "checking for replay problems"
-${EGREP} 'Entry already exists in database' messages.log && exit 1
-
-# ----------------- checking: checking live truncation of master log
-
-${kadmin} -l cpw --random-password user@${R} > /dev/null || exit 1
-sleep 2
-
-echo "live truncate on master log"
-${iproplog} truncate || exit 1
-sleep 2
-
-echo "Killing master and slave"
-kill ${ipdm} ${ipds} >/dev/null 2>/dev/null
-
-sleep 2
-${EGREP} "^master down at " iprop-stats > /dev/null || exit 1
-
-echo "compare versions on master and slave logs"
-KRB5_CONFIG=${objdir}/krb5-slave.conf \
-${iproplog} last-version > slave-last.tmp
-${iproplog} last-version > master-last.tmp
-cmp master-last.tmp slave-last.tmp || exit 1
-
-# ----------------- checking: master going backward
-> iprop-stats
-> messages.log
-
-echo "Going back to old version of the master log file"
-cp ${objdir}/current.log.tmp ${objdir}/current.log
-
-echo "starting master"
-${ipropdmaster} --hostname=localhost -k ${keytab} \
-    --database=${objdir}/current-db &
-ipdm=$!
-sh ${srcdir}/wait-kdc.sh ipropd-master || exit 1
-
-echo "starting slave"
-KRB5_CONFIG="${objdir}/krb5-slave.conf" \
-${ipropdslave} --hostname=slave -k ${keytab} localhost &
-ipds=$!
-sh ${srcdir}/wait-kdc.sh ipropd-slave || exit 1
-
-echo "checking slave is up again"
-${EGREP} 'iprop/slave@TEST.H5L.SE.*Up' iprop-stats >/dev/null || exit 1
-echo "checking for replay problems"
-${EGREP} 'Entry already exists in database' messages.log && exit 1
-
-echo "pushing one change"
-${kadmin} -l cpw --random-password user@${R} > /dev/null || exit 1
-sleep 2
-
-trap "" EXIT
-kill ${ipdm} ${ipds} ${kdcpid}
-
-echo "compare versions on master and slave logs"
-KRB5_CONFIG=${objdir}/krb5-slave.conf \
-${iproplog} last-version > slave-last.tmp
-${iproplog} last-version > master-last.tmp
-cmp master-last.tmp slave-last.tmp || exit 1
-
-exit $ec
diff --git a/crypto/heimdal/tests/kdc/check-kadmin.in b/crypto/heimdal/tests/kdc/check-kadmin.in
deleted file mode 100644
index 7888e81ed963..000000000000
--- a/crypto/heimdal/tests/kdc/check-kadmin.in
+++ /dev/null
@@ -1,151 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2006 - 2007 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id$
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-EGREP="@EGREP@"
-
-# If there is no useful db support compile in, disable test
-../db/have-db || exit 77
-
-R=TEST.H5L.SE
-R2=TEST2.H5L.SE
-
-port=@port@
-admport=@admport@
-
-cache="FILE:${objdir}/cache.krb5"
-
-kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -r $R"
-kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port"
-kadmind="${TESTS_ENVIRONMENT} ../../kadmin/kadmind -p $admport"
-
-server=host/datan.test.h5l.se
-
-kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache --no-afslog"
-kgetcred="${TESTS_ENVIRONMENT} ../../kuser/kgetcred -c $cache"
-kdestroy="${TESTS_ENVIRONMENT} ../../kuser/kdestroy -c $cache --no-unlog"
-
-KRB5_CONFIG="${objdir}/krb5.conf"
-export KRB5_CONFIG
-
-rm -f ${keytabfile}
-rm -f current-db*
-rm -f out-*
-rm -f mkey.file*
-rm -f messages.log
-
-> messages.log
-
-echo Creating database
-${kadmin} -l \
-    init \
-    --realm-max-ticket-life=1day \
-    --realm-max-renewable-life=1month \
-    ${R} || exit 1
-
-${kadmin} -l add -p foo --use-defaults foo/admin@${R} || exit 1
-${kadmin} -l add -p foo --use-defaults bar@${R} || exit 1
-
-echo foo > ${objdir}/foopassword
-
-echo Starting kdc
-${kdc} &
-kdcpid=$!
-
-sh ${srcdir}/wait-kdc.sh
-if [ "$?" != 0 ] ; then
-    kill ${kdcpid}
-    kill ${kadmpid}
-    exit 1
-fi
-
-trap "kill ${kdcpid} ${kadmpid}" EXIT
-
-#----------------------------------
-${kadmind} -d &
-kadmpid=$!
-sleep 1
-
-echo "kinit (no admin)"
-${kinit} --password-file=${objdir}/foopassword \
-    -S kadmin/admin@${R} bar@${R} || exit 1
-echo "kadmin"
-env KRB5CCNAME=${cache} \
-${kadmin} -p bar@${R} add -p foo --use-defaults kaka2@${R} || 
-	{ echo "kadmin failed $?"; cat messages.log ; exit 1; }
-
-${kadmin} -l get kaka2@${R} > /dev/null ||
-	{ echo "kadmin failed $?"; cat messages.log ; exit 1; }
-
-#----------------------------------
-${kadmind} -d &
-kadmpid=$!
-sleep 1
-
-echo "kinit (admin)"
-${kinit} --password-file=${objdir}/foopassword \
-    -S kadmin/admin@${R} foo/admin@${R} || exit 1
-
-echo "kadmin"
-env KRB5CCNAME=${cache} \
-${kadmin} -p foo/admin@${R} add -p foo --use-defaults kaka@${R} || 
-	{ echo "kadmin failed $?"; cat messages.log ; exit 1; }
-
-#----------------------------------
-${kadmind} -d &
-kadmpid=$!
-sleep 1
-
-echo "kadmin get doesnotexists"
-env KRB5CCNAME=${cache} \
-${kadmin} -p foo/admin@${R} get -s doesnotexists@${R} \
-        > /dev/null 2>kadmin.tmp && \
-	{ echo "kadmin passed"; cat messages.log ; exit 1; }
-
-# evil hack to support libtool
-sed 's/lt-kadmin:/kadmin:/' < kadmin.tmp > kadmin2.tmp
-mv kadmin2.tmp kadmin.tmp
-
-cmp kadmin.tmp ${srcdir}/donotexists.txt || \
-    { echo "wrong response"; exit 1;}
-
-echo "killing kdc (${kdcpid} ${kadmpid})"
-kill ${kdcpid} ${kadmpid} > /dev/null 2>/dev/null
-
-trap "" EXIT
-
-exit $ec
diff --git a/crypto/heimdal/tests/kdc/check-kdc.in b/crypto/heimdal/tests/kdc/check-kdc.in
deleted file mode 100644
index 3a43172471d1..000000000000
--- a/crypto/heimdal/tests/kdc/check-kdc.in
+++ /dev/null
@@ -1,413 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2006 - 2007 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: check-kdc.in 22019 2007-10-24 20:47:59Z lha $
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-EGREP="@EGREP@"
-
-testfailed="echo test failed; cat messages.log; exit 1"
-
-# If there is no useful db support compile in, disable test
-../db/have-db || exit 77
-
-R=TEST.H5L.SE
-R2=TEST2.H5L.SE
-
-port=@port@
-
-kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
-kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port"
-
-server=host/datan.test.h5l.se
-server2=host/computer.example.com
-cache="FILE:${objdir}/cache.krb5"
-ocache="FILE:${objdir}/ocache.krb5"
-o2cache="FILE:${objdir}/o2cache.krb5"
-icache="FILE:${objdir}/icache.krb5"
-keytabfile=${objdir}/server.keytab
-keytab="FILE:${keytabfile}"
-ps="proxy-service@${R}"
-aesenctype="aes256-cts-hmac-sha1-96"
-
-kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache --no-afslog"
-klist="${TESTS_ENVIRONMENT} ../../kuser/klist -c $cache"
-kgetcred="${TESTS_ENVIRONMENT} ../../kuser/kgetcred -c $cache"
-kgetcred_imp="${TESTS_ENVIRONMENT} ../../kuser/kgetcred -c $cache --out-cache=${ocache}"
-kdestroy="${TESTS_ENVIRONMENT} ../../kuser/kdestroy -c $cache --no-unlog"
-ktutil="${TESTS_ENVIRONMENT} ../../admin/ktutil"
-hxtool="${TESTS_ENVIRONMENT} ../../lib/hx509/hxtool"
-kimpersonate="${TESTS_ENVIRONMENT} ../../kuser/kimpersonate -k ${keytab} --ccache=${ocache}"
-test_renew="${TESTS_ENVIRONMENT} ../../lib/krb5/test_renew"
-
-KRB5_CONFIG="${objdir}/krb5.conf"
-export KRB5_CONFIG
-
-rm -f ${keytabfile}
-rm -f current-db*
-rm -f out-*
-rm -f mkey.file*
-
-> messages.log
-
-echo Creating database
-${kadmin} \
-    init \
-    --realm-max-ticket-life=1day \
-    --realm-max-renewable-life=1month \
-    ${R} || exit 1
-
-${kadmin} \
-    init \
-    --realm-max-ticket-life=1day \
-    --realm-max-renewable-life=1month \
-    ${R2} || exit 1
-
-${kadmin} cpw -r krbtgt/${R}@${R} || exit 1
-${kadmin} cpw -r krbtgt/${R}@${R} || exit 1
-${kadmin} cpw -r krbtgt/${R}@${R} || exit 1
-${kadmin} cpw -r krbtgt/${R}@${R} || exit 1
-
-${kadmin} add -p foo --use-defaults foo@${R} || exit 1
-${kadmin} add -p bar --use-defaults bar@${R} || exit 1
-${kadmin} add -p foo --use-defaults remove@${R} || exit 1
-${kadmin} add -p kaka --use-defaults ${server}@${R} || exit 1
-${kadmin} add -p kaka --use-defaults ${server}-des3@${R} || exit 1
-${kadmin} add -p foo --use-defaults ${ps} || exit 1
-${kadmin} modify --attributes=+trusted-for-delegation ${ps} || exit 1
-${kadmin} modify --constrained-delegation=${server} ${ps} || exit 1
-${kadmin} ext -k ${keytab} ${server}@${R} || exit 1
-${kadmin} ext -k ${keytab} ${ps} || exit 1
-
-${kadmin} add -p kaka --use-defaults ${server2}@${R2} || exit 1
-${kadmin} ext -k ${keytab} ${server2}@${R2} || exit 1
-${kadmin} add -p foo --use-defaults remove2@${R2} || exit 1
-
-${kadmin} add -p cross1 --use-defaults krbtgt/${R2}@${R} || exit 1
-${kadmin} add -p cross2 --use-defaults krbtgt/${R}@${R2} || exit 1
-
-${kadmin} add -p foo --use-defaults -- -p || exit 1
-${kadmin} delete -- -p || exit 1
-
-echo "Doing database check"
-${kadmin} check ${R} || exit 1
-${kadmin} check ${R2} || exit 1
-
-echo "Extracting enctypes"
-${ktutil} -k ${keytab} list > tempfile || exit 1
-${EGREP} -v '^FILE:' tempfile | ${EGREP} -v '^Vno' | ${EGREP} -v '^$' | \
-    awk '$1 !~ /1/  { exit 1 }' || exit 1
-
-${kadmin} get foo@${R} > tempfile || exit 1
-enctypes=`grep Keytypes: tempfile | sed 's/(pw-salt)//g' | sed 's/,//g' | sed 's/Keytypes://'`
-
-enctype_sans_aes=`echo $enctypes | sed 's/aes[^ ]*//g'`
-enctype_sans_des3=`echo $enctypes | sed 's/des3-cbc-sha1//g'`
-
-echo foo > ${objdir}/foopassword
-
-echo Starting kdc
-${kdc} &
-kdcpid=$!
-
-sh ${srcdir}/wait-kdc.sh
-if [ "$?" != 0 ] ; then
-    kill ${kdcpid}
-    exit 1
-fi
-
-trap "kill ${kdcpid}; echo signal killing kdc; exit 1;" EXIT
-
-ec=0
-
-echo "Getting client initial tickets"; > messages.log
-${kinit} --password-file=${objdir}/foopassword foo@$R || \
-	{ ec=1 ; eval "${testfailed}"; }
-echo "Getting tickets"; > messages.log
-${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
-echo "Listing tickets"; > messages.log
-${klist} > /dev/null || { ec=1 ; eval "${testfailed}"; }
-./ap-req ${server}@${R} ${keytab} ${cache} || \
-	{ ec=1 ; eval "${testfailed}"; }
-${kdestroy}
-
-echo "Specific enctype"; > messages.log
-${kinit} --password-file=${objdir}/foopassword \
-    -e ${aesenctype} -e ${aesenctype} \
-    foo@$R || \
-	{ ec=1 ; eval "${testfailed}"; }
-
-for a in $enctypes; do
-	echo "Getting client initial tickets ($a)"; > messages.log
-	${kinit} --enctype=$a --password-file=${objdir}/foopassword foo@$R || { ec=1 ; eval "${testfailed}"; }
-	echo "Getting tickets"; > messages.log
-	${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
-	./ap-req ${server}@${R} ${keytab} ${cache} || { ec=1 ; eval "${testfailed}"; }
-	${kdestroy}
-done
-
-
-echo "Getting client initial tickets"; > messages.log
-${kinit} --password-file=${objdir}/foopassword foo@$R || \
-	{ ec=1 ; eval "${testfailed}"; }
-for a in $enctypes; do
-	echo "Getting tickets ($a)"; > messages.log
-	${kgetcred} -e $a ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
-	./ap-req ${server}@${R} ${keytab} ${cache} || \
-		{ ec=1 ; eval "${testfailed}"; }
-	${kdestroy} --credential=${server}@${R}
-done
-${kdestroy}
-
-echo "Getting client initial tickets for cross realm case"; > messages.log
-${kinit} --password-file=${objdir}/foopassword foo@$R || { ec=1 ; eval "${testfailed}"; }
-for a in $enctypes; do
-	echo "Getting cross realm tickets ($a)"; > messages.log
-	${kgetcred} -e $a ${server2}@${R2} || { ec=1 ; eval "${testfailed}"; }
-	./ap-req ${server2}@${R2} ${keytab} ${cache} || \
-		{ ec=1 ; eval "${testfailed}"; }
-	${kdestroy} --credential=${server2}@${R2}
-done
-${kdestroy}
-
-echo "try all permutations"; > messages.log
-for a in $enctypes; do
-	echo "Getting client initial tickets ($a)"; > messages.log
-	${kinit} --enctype=$a --password-file=${objdir}/foopassword foo@$R || \
-		{ ec=1 ; eval "${testfailed}"; }
-	for b in $enctypes; do
-		echo "Getting tickets ($a ->  $b)"; > messages.log
-		${kgetcred} -e $b ${server}@${R} || \
-			{ ec=1 ; eval "${testfailed}"; }
-		./ap-req ${server}@${R} ${keytab} ${cache} || \
-			{ ec=1 ; eval "${testfailed}"; }
-		${kdestroy} --credential=${server}@${R}
-	done
-	${kdestroy}
-done
-
-echo "Getting server initial tickets"; > messages.log
-${kinit} --keytab=${keytab} ${server}@$R || { ec=1 ; eval "${testfailed}"; }
-echo "Listing tickets"; > messages.log
-${klist} | grep "Principal: ${server}" > /dev/null || \
-	{ ec=1 ; eval "${testfailed}"; }
-${kdestroy}
-
-echo "initial tickets for deleted user test case"; > messages.log
-${kinit} --password-file=${objdir}/foopassword remove@$R || \
-	{ ec=1 ; eval "${testfailed}"; }
-${kadmin} delete remove@${R} || { ec=1 ; eval "${testfailed}"; }
-echo "try getting ticket with deleted user"; > messages.log
-${kgetcred} ${server}@${R} 2> /dev/null && { ec=1 ; eval "${testfailed}"; }
-${kdestroy}
-
-echo "cross realm case (removed user)"; > messages.log
-${kinit} --password-file=${objdir}/foopassword remove2@$R2 || \
-	{ ec=1 ; eval "${testfailed}"; }
-${kgetcred} krbtgt/${R}@${R2} 2> /dev/null || \
-	{ ec=1 ; eval "${testfailed}"; }
-${kadmin} delete remove2@${R2} || exit 1
-${kgetcred} ${server}@${R} 2> /dev/null || \
-	{ ec=1 ; eval "${testfailed}"; }
-${kdestroy}
-
-echo "rename user"; > messages.log
-${kadmin} add -p foo --use-defaults rename@${R} || exit 1
-${kinit} --password-file=${objdir}/foopassword rename@${R} || \
-	{ ec=1 ; eval "${testfailed}"; }
-${kadmin} rename rename@${R} rename2@${R} || exit 1
-${kinit} --password-file=${objdir}/foopassword rename2@${R} || \
-	{ ec=1 ; eval "${testfailed}"; }
-${kdestroy}
-${kadmin} delete rename2@${R} || exit 1
-
-echo "rename user to another realm"; > messages.log
-${kadmin} add -p foo --use-defaults rename@${R} || exit 1
-${kinit} --password-file=${objdir}/foopassword rename@${R} || \
-	{ ec=1 ; eval "${testfailed}"; }
-${kadmin} rename rename@${R} rename@${R2} || exit 1
-${kinit} --password-file=${objdir}/foopassword rename@${R2} || \
-	{ ec=1 ; eval "${testfailed}"; }
-${kdestroy}
-${kadmin} delete rename@${R2} || exit 1
-
-echo deleting all but aes enctypes on krbtgt
-${kadmin} del_enctype krbtgt/${R}@${R} ${enctype_sans_aes} || exit 1
-
-echo deleting all but des enctypes on server-des3
-${kadmin} del_enctype ${server}-des3@${R} ${enctype_sans_des3} || exit 1
-${kadmin} ext -k ${keytab} ${server}-des3@${R} || exit 1
-
-echo "try all permutations (only aes)"; > messages.log
-for a in $enctypes; do
-	echo "Getting client initial tickets ($a)"; > messages.log
-	${kinit} --enctype=$a --password-file=${objdir}/foopassword foo@${R} ||\
-		{ ec=1 ; eval "${testfailed}"; }
-	for b in $enctypes; do
-		echo "Getting tickets ($a ->  $b)"; > messages.log
-		${kgetcred} -e $b ${server}@${R} || \
-			{ ec=1 ; eval "${testfailed}"; }
-		./ap-req ${server}@${R} ${keytab} ${cache} || \
-			{ ec=1 ; eval "${testfailed}"; }
-
-		echo "Getting tickets ($a ->  $b) (server des3 only)"; > messages.log
-		${kgetcred} ${server}-des3@${R} || \
-			{ ec=1 ; eval "${testfailed}"; }
-		./ap-req ${server}-des3@${R} ${keytab} ${cache} || \
-			{ ec=1 ; eval "${testfailed}"; }
-
-		${kdestroy} --credential=${server}@${R}
-		${kdestroy} --credential=${server}-des3@${R}
-	done
-	${kdestroy}
-done
-
-echo deleting all enctypes on krbtgt
-${kadmin} del_enctype krbtgt/${R}@${R} aes256-cts-hmac-sha1-96 || \
-	{ ec=1 ; eval "${testfailed}"; }
-echo "try initial ticket w/o and keys on krbtgt"
-${kinit} --password-file=${objdir}/foopassword foo@${R} 2>/dev/null && \
-	{ ec=1 ; eval "${testfailed}"; }
-echo "adding random aes key"
-${kadmin} add_enctype -r krbtgt/${R}@${R} aes256-cts-hmac-sha1-96 || \
-	{ ec=1 ; eval "${testfailed}"; }
-echo "try initial ticket with random aes key on krbtgt"
-${kinit} --password-file=${objdir}/foopassword foo@${R} || \
-	{ ec=1 ; eval "${testfailed}"; }
-
-rsa=yes
-pkinit=no
-if ${hxtool} info | grep 'rsa: hx509 null RSA' > /dev/null ; then
-    rsa=no
-fi
-if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
-    rsa=no
-fi
-if ${kinit} --help 2>&1 | grep "CA certificates" > /dev/null; then
-    pkinit=yes
-fi
-
-# If we support pkinit and have RSA, lets try that
-if test "$pkinit" = yes -a "$rsa" = yes ; then
-
-    for type in "" "--pk-use-enckey"; do
-	echo "Trying pk-init (principal in certificate) $type"; > messages.log
-	base="${srcdir}/../../lib/hx509/data"
-	${kinit} $type -C FILE:${base}/pkinit.crt,${base}/pkinit.key bar@${R} || \
-		{ ec=1 ; eval "${testfailed}"; }
-	${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
-	${kdestroy}
-
-	echo "Trying pk-init (principal in pki-mapping) $type"; > messages.log
-	${kinit} $type -C FILE:${base}/pkinit.crt,${base}/pkinit.key foo@${R} || \
-		{ ec=1 ; eval "${testfailed}"; }
-	${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
-	${kdestroy}
-
-	echo "Trying pk-init (password protected key) $type"; > messages.log
-	${kinit} $type -C FILE:${base}/pkinit.crt,${base}/pkinit-pw.key --password-file=${objdir}/foopassword foo@${R} || \
-		{ ec=1 ; eval "${testfailed}"; }
-	${kgetcred} ${server}@${R} || \
-	{ ec=1 ; eval "${testfailed}"; }
-	${kdestroy}
-
-	echo "Trying pk-init (proxy cert) $type"; > messages.log
-	base="${srcdir}/../../lib/hx509/data"
-	${kinit} $type -C FILE:${base}/pkinit-proxy-chain.crt,${base}/pkinit-proxy.key foo@${R} || \
-		{ ec=1 ; eval "${testfailed}"; }
-	${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
-	${kdestroy}
-
-    done
-else
-	echo "no pkinit (pkinit: $pkinit, rsa: $rsa)"; > messages.log
-fi
-
-echo "tickets for impersonate test case"; > messages.log
-${kinit} --forwardable --password-file=${objdir}/foopassword ${ps} || \
-	{ ec=1 ; eval "${testfailed}"; }
-${kgetcred_imp} --impersonate=bar@${R} ${ps} || \
-	{ ec=1 ; eval "${testfailed}"; }
-./ap-req ${ps} ${keytab} ${ocache} || \
-	{ ec=1 ; eval "${testfailed}"; }
-${kgetcred_imp} --impersonate=bar@${R} foo@${R} 2>/dev/null && \
-	{ ec=1 ; eval "${testfailed}"; }
-echo test constrained delegation
-${kgetcred_imp} --forward --impersonate=bar@${R} ${ps} || \
-	{ ec=1 ; eval "${testfailed}"; }
-${kgetcred} --out-cache=${o2cache} --delegation-credential-cache=${ocache} ${server}@${R} || \
-	{ ec=1 ; eval "${testfailed}"; }
-./ap-req ${server}@${R} ${keytab} ${o2cache} || \
-	{ ec=1 ; eval "${testfailed}"; }
-${kgetcred} --out-cache=${o2cache} --delegation-credential-cache=${ocache} bar@${R} 2>/dev/null && \
-	{ ec=1 ; eval "${testfailed}"; }
-
-echo "test constrained delegation impersonation (non forward)"; > messages.log
-rm -f ocache.krb5
-${kimpersonate} -s ${ps} -c bar@${R} -t ${aesenctype} || \
-	{ ec=1 ; eval "${testfailed}"; }
-${kgetcred} --out-cache=${o2cache} --delegation-credential-cache=${ocache} ${server}@${R} > /dev/null 2>/dev/null && \
-	{ ec=1 ; eval "${testfailed}"; }
-
-echo "test constrained delegation impersonation (missing KRB5SignedPath)"; > messages.log
-rm -f ocache.krb5
-${kimpersonate} -s ${ps} -c bar@${R} -t ${aesenctype} -f forwardable || \
-	{ ec=1 ; eval "${testfailed}"; }
-${kgetcred} --out-cache=${o2cache} --delegation-credential-cache=${ocache} ${server}@${R} > /dev/null 2>/dev/null && \
-	{ ec=1 ; eval "${testfailed}"; }
-
-${kdestroy}
-
-echo "check renewing" > messages.log
-${kinit} --renewable --password-file=${objdir}/foopassword foo@$R || \
-	{ ec=1 ; eval "${testfailed}"; }
-echo "kinit -R"
-${kinit} -R || \
-	{ ec=1 ; eval "${testfailed}"; }
-echo "check renewing MIT interface" > messages.log
-${kinit} --renewable --password-file=${objdir}/foopassword foo@$R || \
-	{ ec=1 ; eval "${testfailed}"; }
-echo "test_renew"
-env KRB5CCNAME=${cache} ${test_renew} || \
-	{ ec=1 ; eval "${testfailed}"; }
-${kdestroy}
-
-
-echo "killing kdc (${kdcpid})"
-kill $kdcpid || exit 1
-
-trap "" EXIT
-
-exit $ec
diff --git a/crypto/heimdal/tests/kdc/check-keys.in b/crypto/heimdal/tests/kdc/check-keys.in
deleted file mode 100644
index 596c9ca5c888..000000000000
--- a/crypto/heimdal/tests/kdc/check-keys.in
+++ /dev/null
@@ -1,101 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2007 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id$
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-EGREP="@EGREP@"
-
-# If there is no useful db support compile in, disable test
-../db/have-db || exit 77
-
-R=TEST.H5L.SE
-principal=host/datan.test.h5l.se@${R}
-
-kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -r $R -l"
-
-CIN=${srcdir}/krb5.conf.keys.in
-COUT=${objdir}/krb5.conf.keys
-
-sedvars="-e s,[@]srcdir[@],${srcdir},g -e s,[@]objdir[@],${objdir},g"
-
-KRB5_CONFIG="${COUT}"
-export KRB5_CONFIG
-
-rm -f ${COUT}
-rm -f current-db*
-rm -f out-*
-rm -f mkey.file*
-rm -f messages.log
-
-sed -e 's/@keys@/v5/' \
-	${sedvars} < ${CIN} > ${COUT}
-
-echo Creating database
-${kadmin} \
-    init \
-    --realm-max-ticket-life=1day \
-    --realm-max-renewable-life=1month \
-    ${R} || exit 1
-
-${kadmin} add -p foo --use-defaults ${principal} || exit 1
-
-${kadmin} cpw -p foo ${principal} || exit 1
-
-sed -e 's/@keys@/v4/' \
-	${sedvars} < ${CIN} > ${COUT}
-${kadmin} cpw -p foo ${principal} || exit 1
-
-sed -e 's/@keys@/v4 v5/' \
-	${sedvars} < ${CIN} > ${COUT}
-${kadmin} cpw -p foo ${principal} || exit 1
-
-sed -e 's/@keys@/v5 v4/' \
-	${sedvars} < ${CIN} > ${COUT}
-${kadmin} cpw -p foo ${principal} || exit 1
-
-sed -e 's/@keys@/des:pw-salt:/' \
-	${sedvars} < ${CIN} > ${COUT}
-${kadmin} cpw -p foo ${principal} || exit 1
-
-sed -e 's/@keys@/des-cbc-crc:afs3-salt:test.h5l.se/' \
-	${sedvars} < ${CIN} > ${COUT}
-${kadmin} cpw -p foo ${principal} || exit 1
-
-sed -e 's/@keys@/des:afs3-salt:test.h5l.se/' \
-	${sedvars} < ${CIN} > ${COUT}
-${kadmin} cpw -p foo ${principal} || exit 1
-
-exit 0
diff --git a/crypto/heimdal/tests/kdc/check-pkinit.in b/crypto/heimdal/tests/kdc/check-pkinit.in
deleted file mode 100644
index 3ae5a74caeaf..000000000000
--- a/crypto/heimdal/tests/kdc/check-pkinit.in
+++ /dev/null
@@ -1,273 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2006 - 2008 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: check-pkinit.in 22474 2008-01-17 11:16:25Z lha $
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-EGREP="@EGREP@"
-
-testfailed="echo test failed; cat messages.log; exit 1"
-
-# If there is no useful db support compile in, disable test
-../db/have-db || exit 77
-
-R=TEST.H5L.SE
-
-port=@port@
-
-kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
-kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port"
-
-server=host/datan.test.h5l.se
-cache="FILE:${objdir}/cache.krb5"
-keyfile="${srcdir}/../../lib/hx509/data/key.der"
-keyfile2="${srcdir}/../../lib/hx509/data/key2.der"
-
-kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache --no-afslog"
-kgetcred="${TESTS_ENVIRONMENT} ../../kuser/kgetcred -c $cache"
-kdestroy="${TESTS_ENVIRONMENT} ../../kuser/kdestroy -c $cache --no-unlog"
-hxtool="${TESTS_ENVIRONMENT} ../../lib/hx509/hxtool"
-
-KRB5_CONFIG="${objdir}/krb5-pkinit.conf"
-export KRB5_CONFIG
-
-rsa=yes
-pkinit=no
-if ${hxtool} info | grep 'rsa: hx509 null RSA' > /dev/null ; then
-    rsa=no
-fi
-if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
-    rsa=no
-fi
-
-if ${kinit} --help 2>&1 | grep "CA certificates" > /dev/null; then
-    pkinit=yes
-fi
-
-# If we doesn't support pkinit and have RSA, give up
-if test "$pkinit" != yes -o "$rsa" != yes ; then
-    exit 77
-fi
-
-
-rm -f current-db*
-rm -f out-*
-rm -f mkey.file*
-
-> messages.log
-
-echo Creating database
-${kadmin} \
-    init \
-    --realm-max-ticket-life=1day \
-    --realm-max-renewable-life=1month \
-    ${R} || exit 1
-
-${kadmin} add -p foo --use-defaults foo@${R} || exit 1
-${kadmin} add -p bar --use-defaults bar@${R} || exit 1
-${kadmin} add -p baz --use-defaults baz@${R} || exit 1
-${kadmin} modify --pkinit-acl="CN=baz,DC=test,DC=h5l,DC=se" baz@${R} || exit 1
-
-${kadmin} add -p kaka --use-defaults ${server}@${R} || exit 1
-
-echo "Doing database check"
-${kadmin} check ${R} || exit 1
-
-echo "Setting up certificates"
-${hxtool} request-create \
-	 --subject="CN=kdc,DC=test,DC=h5l,DC=se" \
-	 --key=FILE:${keyfile2} \
-	 req-kdc.der || exit 1
-${hxtool} request-create \
-	 --subject="CN=bar,DC=test,DC=h5l,DC=se" \
-	 --key=FILE:${keyfile2} \
-	 req-pkinit.der || exit 1
-${hxtool} request-create \
-	 --subject="CN=baz,DC=test,DC=h5l,DC=se" \
-	 --key=FILE:${keyfile2} \
-	 req-pkinit2.der || exit 1
-
-echo "issue self-signed ca cert"
-${hxtool} issue-certificate \
-	  --self-signed \
-	  --issue-ca \
-	  --ca-private-key=FILE:${keyfile} \
-          --subject="CN=CA,DC=test,DC=h5l,DC=se" \
-	  --certificate="FILE:ca.crt" || exit 1
-
-echo "issue kdc certificate"
-${hxtool} issue-certificate \
-	  --ca-certificate=FILE:$objdir/ca.crt,${keyfile} \
-	  --type="pkinit-kdc" \
-          --pk-init-principal="krbtgt/TEST.H5L.SE@TEST.H5L.SE" \
-	  --req="PKCS10:req-kdc.der" \
-	  --certificate="FILE:kdc.crt" || exit 1
-
-echo "issue user certificate (pkinit san)"
-${hxtool} issue-certificate \
-	  --ca-certificate=FILE:$objdir/ca.crt,${keyfile} \
-	  --type="pkinit-client" \
-          --pk-init-principal="bar@TEST.H5L.SE" \
-	  --req="PKCS10:req-pkinit.der" \
-	  --certificate="FILE:pkinit.crt" || exit 1
-
-echo "issue user 2 certificate (no san)"
-${hxtool} issue-certificate \
-	  --ca-certificate=FILE:$objdir/ca.crt,${keyfile} \
-	  --type="pkinit-client" \
-	  --req="PKCS10:req-pkinit2.der" \
-	  --certificate="FILE:pkinit2.crt" || exit 1
-
-echo "issue user 3 certificate (ms san)"
-${hxtool} issue-certificate \
-	  --ca-certificate=FILE:$objdir/ca.crt,${keyfile} \
-	  --type="pkinit-client" \
-          --ms-upn="bar@test.h5l.se" \
-	  --req="PKCS10:req-pkinit2.der" \
-	  --certificate="FILE:pkinit3.crt" || exit 1
-
-
-echo foo > ${objdir}/foopassword
-
-echo Starting kdc
-${kdc} &
-kdcpid=$!
-
-sh ${srcdir}/wait-kdc.sh
-if [ "$?" != 0 ] ; then
-    kill ${kdcpid}
-    exit 1
-fi
-
-trap "kill ${kdcpid}; echo signal killing kdc; cat ca.crt kdc.crt pkinit.crt ;exit 1;" EXIT
-
-ec=0
-
-echo "Trying pk-init (principal in cert)"; > messages.log
-base="${objdir}"
-${kinit} -C FILE:${base}/pkinit.crt,${keyfile2} bar@${R} || \
-	{ ec=1 ; eval "${testfailed}"; }
-${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
-${kdestroy}
-
-echo "Trying pk-init (principal in pki-mapping file) "; > messages.log
-${kinit} -C FILE:${base}/pkinit.crt,${keyfile2} foo@${R} || \
-	{ ec=1 ; eval "${testfailed}"; }
-${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
-${kdestroy}
-
-echo "Trying pk-init (principal subject in DB)"; > messages.log
-${kinit} -C FILE:${base}/pkinit2.crt,${keyfile2} baz@${R} || \
-	{ ec=1 ; eval "${testfailed}"; }
-${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
-${kdestroy}
-
-echo "Trying pk-init (ms upn)"; > messages.log
-${kinit} -C FILE:${base}/pkinit3.crt,${keyfile2} bar@${R} || \
-	{ ec=1 ; eval "${testfailed}"; }
-${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
-${kdestroy}
-
-KRB5_CONFIG="${objdir}/krb5-pkinit-win.conf"
-export KRB5_CONFIG
-
-echo "Duplicated tests, now in windows 2000 mode"
-
-echo "Trying pk-init (principal in cert)"; > messages.log
-base="${objdir}"
-${kinit} -C FILE:${base}/pkinit.crt,${keyfile2} bar@${R} || \
-	{ ec=1 ; eval "${testfailed}"; }
-${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
-${kdestroy}
-
-echo "Trying pk-init (principal in pki-mapping file) "; > messages.log
-${kinit} -C FILE:${base}/pkinit.crt,${keyfile2} foo@${R} || \
-	{ ec=1 ; eval "${testfailed}"; }
-${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
-${kdestroy}
-
-echo "Trying pk-init (principal subject in DB)"; > messages.log
-${kinit} -C FILE:${base}/pkinit2.crt,${keyfile2} baz@${R} || \
-	{ ec=1 ; eval "${testfailed}"; }
-${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
-${kdestroy}
-
-echo "Trying pk-init (ms upn)"; > messages.log
-${kinit} -C FILE:${base}/pkinit3.crt,${keyfile2} bar@${R} || \
-	{ ec=1 ; eval "${testfailed}"; }
-${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
-${kdestroy}
-
-
-KRB5_CONFIG="${objdir}/krb5-pkinit.conf"
-export KRB5_CONFIG
-
-echo "Trying PKCS11 support"
-
-cat > test-rc-file.rc <<EOF
-certificate	cert	User certificate	FILE:${base}/pkinit.crt,${keyfile2}
-app-fatal	true
-EOF
-
-SOFTPKCS11RC="test-rc-file.rc"
-export SOFTPKCS11RC
-
-dir=${base}/../../lib/hx509
-file=
-
-for a in libhx509.so .libs/libhx509.so libhx509.dylib .libs/libhx509.dylib ; do
-    if [ -f $dir/$a ] ; then
-	file=$dir/$a
-	break
-    fi
-done
-
-if [ X"$file" != X -a @DLOPEN@ ] ; then
-
-    echo "Trying pk-init (principal in pki-mapping file) "; > messages.log
-    ${kinit} -C PKCS11:${file} foo@${R} || \
-	{ ec=1 ; eval "${testfailed}"; }
-    ${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
-    ${kdestroy}
-
-fi
-
-
-echo "killing kdc (${kdcpid})"
-kill $kdcpid || exit 1
-
-trap "" EXIT
-
-exit $ec
diff --git a/crypto/heimdal/tests/kdc/check-referral.in b/crypto/heimdal/tests/kdc/check-referral.in
deleted file mode 100644
index fa8be43e8ef6..000000000000
--- a/crypto/heimdal/tests/kdc/check-referral.in
+++ /dev/null
@@ -1,200 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2006 - 2007 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: check-referral.in 21854 2007-08-08 06:58:49Z lha $
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-EGREP="@EGREP@"
-
-testfailed="echo test failed; cat messages.log; exit 1"
-
-# If there is no useful db support compile in, disable test
-../db/have-db || exit 77
-
-R=TEST.H5L.SE
-R2=SUB.TEST.H5L.SE
-
-service=ldap/host.sub.test.h5l.se
-
-port=@port@
-
-kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
-kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port"
-
-cache="FILE:${objdir}/cache.krb5"
-
-kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache --no-afslog"
-klist="${TESTS_ENVIRONMENT} ../../kuser/klist -c $cache"
-kgetcred="${TESTS_ENVIRONMENT} ../../kuser/kgetcred -c $cache"
-kdestroy="${TESTS_ENVIRONMENT} ../../kuser/kdestroy -c $cache --no-unlog"
-
-
-KRB5_CONFIG="${objdir}/krb5.conf"
-export KRB5_CONFIG
-
-rm -f ${keytabfile}
-rm -f current-db*
-rm -f out-*
-rm -f mkey.file*
-
-> messages.log
-
-echo Creating database
-${kadmin} \
-    init \
-    --realm-max-ticket-life=1day \
-    --realm-max-renewable-life=1month \
-    ${R} || exit 1
-
-${kadmin} \
-    init \
-    --realm-max-ticket-life=1day \
-    --realm-max-renewable-life=1month \
-    ${R2} || exit 1
-
-${kadmin} add -p foo --use-defaults foo@${R} || exit 1
-${kadmin} modify --alias=alias1 --alias=alias2 foo@${R} || exit 1
-
-${kadmin} add -p foo --use-defaults  ${service}@${R2} || exit 1
-
-${kadmin} add -p cross1 --use-defaults krbtgt/${R2}@${R} || exit 1
-${kadmin} add -p cross2 --use-defaults krbtgt/${R}@${R2} || exit 1
-
-echo "Doing database check"
-${kadmin} check ${R} || exit 1
-${kadmin} check ${R2} || exit 1
-
-echo foo > ${objdir}/foopassword
-
-echo Starting kdc
-${kdc} &
-kdcpid=$!
-
-sh ${srcdir}/wait-kdc.sh
-if [ "$?" != 0 ] ; then
-    kill ${kdcpid}
-    exit 1
-fi
-
-trap "kill ${kdcpid}; echo signal killing kdc; exit 1;" EXIT
-
-ec=0
-
-echo "Test AS-REQ"
-
-echo "Getting client (no canon)"; > messages.log
-${kinit} --password-file=${objdir}/foopassword foo@${R} || \
-	{ ec=1 ; eval "${testfailed}"; }
-echo "checking that we got back right principal"
-${klist} | grep "Principal: foo@${R}" > /dev/null || \
-	{ ec=1 ; eval "${testfailed}"; }
-${kdestroy}
-
-echo "Getting client client tickets (default realm, enterprisename)"; > messages.log
-${kinit} --canonicalize \
-	--password-file=${objdir}/foopassword foo@${R} || \
-	{ ec=1 ; eval "${testfailed}"; }
-echo "checking that we got back right principal"
-${klist} | grep "Principal: foo@${R}" > /dev/null || \
-	{ ec=1 ; eval "${testfailed}"; }
-${kdestroy}
-
-echo "Getting client alias1 tickets"; > messages.log
-${kinit} --canonicalize \
-	--password-file=${objdir}/foopassword foo@${R} || \
-	{ ec=1 ; eval "${testfailed}"; }
-echo "checking that we got back right principal"
-${klist} | grep "Principal: foo@${R}" > /dev/null || \
-	{ ec=1 ; eval "${testfailed}"; }
-${kdestroy}
-
-
-echo "Getting client alias2 tickets"; > messages.log
-${kinit} --canonicalize \
-	--password-file=${objdir}/foopassword alias2@${R}@${R} || \
-	{ ec=1 ; eval "${testfailed}"; }
-echo "checking that we got back right principal"
-${klist} | grep "Principal: foo@${R}" > /dev/null || \
-	{ ec=1 ; eval "${testfailed}"; }
-${kdestroy}
-
-echo "Getting client alias1 tickets (non canon case)"; > messages.log
-${kinit} --password-file=${objdir}/foopassword \
-	alias1@${R}@${R} > /dev/null 2>/dev/null && \
-	{ ec=1 ; eval "${testfailed}"; }
-
-echo "Getting client alias2 tickets (removed)"; > messages.log
-${kadmin} modify --alias=alias1 foo@${R} || { ec=1 ; eval "${testfailed}"; }
-${kinit} --canonicalize \
-	--password-file=${objdir}/foopassword \
-	alias2@${R}@${R} > /dev/null 2>/dev/null && \
-	{ ec=1 ; eval "${testfailed}"; }
-
-echo "Remove alias"
-${kadmin} modify --alias= foo@${R} || { ec=1 ; eval "${testfailed}"; }
-
-echo "Test TGS-REQ"
-
-#echo "Getting client for ${service}@${R} (kdc referral)"
-#> messages.log
-#${kinit} --password-file=${objdir}/foopassword foo@${R} || \
-#	{ ec=1 ; eval "${testfailed}"; }
-#${kgetcred} --server ${service}@${R} ||
-#	{ ec=1 ; eval "${testfailed}"; }
-#${klist}
-#echo "checking that we got back right principal"
-#${klist} | grep "${service}@${R2}" > /dev/null || \
-#	{ ec=1 ; eval "${testfailed}"; }
-#${kdestroy}
-#
-#echo "Getting client for ${service}@${R2} (client side guessing)"
-#> messages.log
-#${kinit} --password-file=${objdir}/foopassword foo@${R} || \
-#	{ ec=1 ; eval "${testfailed}"; }
-#${kgetcred} --server ${service}@${R2} ||
-#	{ ec=1 ; eval "${testfailed}"; }
-#${klist}
-#echo "checking that we got back right principal"
-#${klist} | grep "${service}@${R2}" > /dev/null || \
-#	{ ec=1 ; eval "${testfailed}"; }
-#${kdestroy}
-
-
-echo "killing kdc (${kdcpid})"
-kill $kdcpid || exit 1
-
-trap "" EXIT
-
-exit $ec
diff --git a/crypto/heimdal/tests/kdc/check-uu.in b/crypto/heimdal/tests/kdc/check-uu.in
deleted file mode 100644
index c9aeb7b9de5c..000000000000
--- a/crypto/heimdal/tests/kdc/check-uu.in
+++ /dev/null
@@ -1,138 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2006 - 2007 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: check-uu.in 21855 2007-08-08 06:59:09Z lha $
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-EGREP="@EGREP@"
-
-testfailed="echo test failed; cat messages.log; exit 1"
-
-# If there is no useful db support compile in, disable test
-../db/have-db || exit 77
-
-R=TEST.H5L.SE
-
-uuspid=
-
-port=@port@
-
-kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
-kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port"
-
-cache1="FILE:${objdir}/cache1.krb5"
-cache2="FILE:${objdir}/cache2.krb5"
-
-kinit1="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache1 --no-afslog"
-kinit2="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache2 --no-afslog"
-kdestroy1="${TESTS_ENVIRONMENT} ../../kuser/kdestroy -c $cache1 --no-unlog"
-kdestroy2="${TESTS_ENVIRONMENT} ../../kuser/kdestroy -c $cache2 --no-unlog"
-uu_server="${TESTS_ENVIRONMENT} ../../appl/test/uu_server"
-uu_client="${TESTS_ENVIRONMENT} ../../appl/test/uu_client"
-
-
-KRB5_CONFIG="${objdir}/krb5.conf"
-export KRB5_CONFIG
-
-rm -f current-db*
-rm -f out-*
-rm -f mkey.file*
-
-> messages.log
-
-echo Creating database
-${kadmin} \
-    init \
-    --realm-max-ticket-life=1day \
-    --realm-max-renewable-life=1month \
-    ${R} || exit 1
-
-${kadmin} add -p foo --use-defaults user1@${R} || exit 1
-${kadmin} add -p foo --use-defaults user2@${R} || exit 1
-
-echo "Doing database check"
-${kadmin} check ${R} || exit 1
-
-echo foo > ${objdir}/foopassword
-
-echo Starting kdc
-${kdc} &
-kdcpid=$!
-
-sh ${srcdir}/wait-kdc.sh
-if [ "$?" != 0 ] ; then
-    kill ${kdcpid}
-    exit 1
-fi
-
-trap "kill ${kdcpid} ${uuspid}; echo signal killing kdc; exit 1;" EXIT
-
-ec=0
-
-echo "Getting client initial tickets user1"; > messages.log
-${kinit1} --password-file=${objdir}/foopassword user1@$R || \
-	{ ec=1 ; eval "${testfailed}"; }
-
-echo "Getting client initial tickets user2"; > messages.log
-${kinit2} --password-file=${objdir}/foopassword user2@$R || \
-	{ ec=1 ; eval "${testfailed}"; }
-
-
-echo "starting uu server (using user1)"
-KRB5CCNAME=$cache1 ${uu_server} > uuserver.log &
-uuspid=$!
-sleep 5
-
-echo "trying to contact server with client (using user2)"
-KRB5CCNAME=$cache2 ${uu_client} localhost > messages.log 2>&1 || \
-    { ec=1; eval "${testfailed}"; }
-
-sleep 5
-
-echo "checking if server got the right message"
-cmp uuserver.log ${srcdir}/uuserver.txt || \
-    { ec=1; eval "${testfailed}"; }
-
-uuspid=""
-
-${kdestroy1}
-${kdestroy2}
-
-echo "killing kdc uu_server (${kdcpid} ${uuspid})"
-kill $kdcpid $uuspid || exit 1
-
-trap "" EXIT
-
-exit $ec
diff --git a/crypto/heimdal/tests/kdc/donotexists.txt b/crypto/heimdal/tests/kdc/donotexists.txt
deleted file mode 100644
index 529439725653..000000000000
--- a/crypto/heimdal/tests/kdc/donotexists.txt
+++ /dev/null
@@ -1 +0,0 @@
-kadmin: get doesnotexists@TEST.H5L.SE: Principal does not exist
diff --git a/crypto/heimdal/tests/kdc/heimdal.acl b/crypto/heimdal/tests/kdc/heimdal.acl
deleted file mode 100644
index c4bd35abf9a7..000000000000
--- a/crypto/heimdal/tests/kdc/heimdal.acl
+++ /dev/null
@@ -1,3 +0,0 @@
-# $Id$
-foo/admin@TEST.H5L.SE all
-bar@TEST.H5L.SE all
diff --git a/crypto/heimdal/tests/kdc/iprop-acl b/crypto/heimdal/tests/kdc/iprop-acl
deleted file mode 100644
index d43f882d1d59..000000000000
--- a/crypto/heimdal/tests/kdc/iprop-acl
+++ /dev/null
@@ -1 +0,0 @@
-iprop/slave@TEST.H5L.SE
diff --git a/crypto/heimdal/tests/kdc/krb5-pkinit.conf.in b/crypto/heimdal/tests/kdc/krb5-pkinit.conf.in
deleted file mode 100644
index c7144268c7c9..000000000000
--- a/crypto/heimdal/tests/kdc/krb5-pkinit.conf.in
+++ /dev/null
@@ -1,33 +0,0 @@
-# $Id: krb5-pkinit.conf.in 20738 2007-05-31 16:52:40Z lha $
-
-[libdefaults]
-	default_realm = TEST.H5L.SE
-	no-addresses = TRUE
-
-[appdefaults]
-	pkinit_anchors = FILE:@objdir@/ca.crt
-
-[realms]
-	TEST.H5L.SE = {
-		kdc = localhost:@port@
-		pkinit_win2k = @w2k@
-	}
-
-[kdc]
-	enable-pkinit = true
-	pkinit_identity = FILE:@objdir@/kdc.crt,@srcdir@/../../lib/hx509/data/key2.der
-	pkinit_anchors = FILE:@objdir@/ca.crt
-	pkinit_mappings_file = @srcdir@/pki-mapping
-
-	database = {
-		dbname = @objdir@/current-db
-		realm = TEST.H5L.SE
-		mkey_file = @objdir@/mkey.file
-	}
-
-[logging]
-	kdc = 0-/FILE:@objdir@/messages.log
-	default = 0-/FILE:@objdir@/messages.log
-
-[kadmin]
-	save-password = true
diff --git a/crypto/heimdal/tests/kdc/krb5.conf.in b/crypto/heimdal/tests/kdc/krb5.conf.in
deleted file mode 100644
index eeb5650f0d19..000000000000
--- a/crypto/heimdal/tests/kdc/krb5.conf.in
+++ /dev/null
@@ -1,56 +0,0 @@
-# $Id: krb5.conf.in 21754 2007-07-31 21:13:56Z lha $
-
-[libdefaults]
-	default_realm = TEST.H5L.SE
-	no-addresses = TRUE
-
-[appdefaults]
-	pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt
-
-[realms]
-	TEST.H5L.SE = {
-		kdc = localhost:@port@
-		admin_server = localhost:@admport@
-	}
-	SUB.TEST.H5L.SE = {
-		kdc = localhost:@port@
-	}
-	TEST2.H5L.SE = {
-		kdc = localhost:@port@
-	}
-
-[domain_realms]
-	.sub.test.h5l.se = SUB.TEST.H5L.SE
-	localhost = TEST.H5L.SE
-	
-
-[kdc]
-	enable-digest = true
-	digests_allowed = chap-md5,digest-md5,ntlm-v1,ntlm-v1-session,ntlm-v2,ms-chap-v2
-
-	enable-pkinit = true
-	pkinit_identity = FILE:@srcdir@/../../lib/hx509/data/kdc.crt,@srcdir@/../../lib/hx509/data/kdc.key
-	pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt
-	pkinit_pool = FILE:@srcdir@/../../lib/hx509/data/sub-ca.crt
-#	pkinit_revoke = CRL:@srcdir@/../../lib/hx509/data/crl1.crl
-	pkinit_mappings_file = @srcdir@/pki-mapping
-	pkinit_allow_proxy_certificate = true
-
-	database = {
-		dbname = @objdir@/current-db@kdc@
-		realm = TEST.H5L.SE
-		mkey_file = @objdir@/mkey.file
-		acl_file = @srcdir@/heimdal.acl
-		log_file = @objdir@/current@kdc@.log
-	}
-
-	signal_socket = @objdir@/signal
-	iprop-stats = @objdir@/iprop-stats
-	iprop-acl = @srcdir@/iprop-acl
-
-[logging]
-	kdc = 0-/FILE:@objdir@/messages.log
-	default = 0-/FILE:@objdir@/messages.log
-
-[kadmin]
-	save-password = true
diff --git a/crypto/heimdal/tests/kdc/krb5.conf.keys.in b/crypto/heimdal/tests/kdc/krb5.conf.keys.in
deleted file mode 100644
index f02ecc74b55b..000000000000
--- a/crypto/heimdal/tests/kdc/krb5.conf.keys.in
+++ /dev/null
@@ -1,13 +0,0 @@
-# $Id$
-
-[kdc]
-	database = {
-		dbname = @objdir@/current-db
-		realm = TEST.H5L.SE
-		mkey_file = @objdir@/mkey.file
-		acl_file = @srcdir@/heimdal.acl
-	}
-
-
-[kadmin]
-	default_keys = @keys@
diff --git a/crypto/heimdal/tests/kdc/ntlm-user-file.txt b/crypto/heimdal/tests/kdc/ntlm-user-file.txt
deleted file mode 100644
index abf33e6e7d02..000000000000
--- a/crypto/heimdal/tests/kdc/ntlm-user-file.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-# $Id: ntlm-user-file.txt 19523 2006-12-28 10:20:00Z lha $
-TEST:foo:digestpassword
diff --git a/crypto/heimdal/tests/kdc/pki-mapping b/crypto/heimdal/tests/kdc/pki-mapping
deleted file mode 100644
index af8099cd452f..000000000000
--- a/crypto/heimdal/tests/kdc/pki-mapping
+++ /dev/null
@@ -1,3 +0,0 @@
-# $Id: pki-mapping 19661 2007-01-04 01:58:01Z lha $
-foo@TEST.H5L.SE:CN=pkinit,C=SE
-foo@TEST.H5L.SE:CN=bar,DC=test,DC=h5l,DC=se
diff --git a/crypto/heimdal/tests/kdc/uuserver.txt b/crypto/heimdal/tests/kdc/uuserver.txt
deleted file mode 100644
index 2c191bf3b750..000000000000
--- a/crypto/heimdal/tests/kdc/uuserver.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-User is `user2@TEST.H5L.SE'
-Server is `user1@TEST.H5L.SE'
-safe packet: hej
-priv packet: hemligt
diff --git a/crypto/heimdal/tests/kdc/wait-kdc.sh b/crypto/heimdal/tests/kdc/wait-kdc.sh
deleted file mode 100644
index 814b4b5e52b6..000000000000
--- a/crypto/heimdal/tests/kdc/wait-kdc.sh
+++ /dev/null
@@ -1,66 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2006 - 2007 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: wait-kdc.sh 21881 2007-08-09 07:14:08Z lha $
-#
-
-name=${1:-KDC}
-log=${2:-messages.log}
-
-t=0
-waitsec=20
-
-echo "Waiting for ${name} to start, looking logfile ${log}"
-
-while true ; do
-    t=`expr ${t} + 2`
-    sleep 2
-    echo "Have waited $t seconds"
-    if tail -30 ${log} | grep "${name} started" > /dev/null; then
-	break
-    fi
-    if tail -30 ${log} | grep "No sockets" ; then
-       echo "The ${name} failed to bind to any sockets, another ${name} running ?"
-       exit 1
-    fi
-    if tail -30 ${log} | grep "bind" | grep "Operation not permitted" ; then
-       echo "The ${name} failed to bind to any sockets, another ${name} running ?"
-       exit 1
-    fi
-    if [ "$t" -gt $waitsec ]; then
-       echo "Waited for $waitsec for the ${name} to start, and it didnt happen"
-       exit 2
-    fi
-done
-
-exit 0
-\ No newline at end of file
diff --git a/crypto/heimdal/tests/ldap/Makefile.am b/crypto/heimdal/tests/ldap/Makefile.am
deleted file mode 100644
index e6ea42a85c67..000000000000
--- a/crypto/heimdal/tests/ldap/Makefile.am
+++ /dev/null
@@ -1,52 +0,0 @@
-# $Id: Makefile.am 22412 2008-01-12 05:57:22Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-noinst_DATA = krb5.conf
-
-check_SCRIPTS = $(TESTS) slapd-init
-
-TESTS = check-ldap
-
-port = 49188
-
-do_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \
-	-e 's,[@]port[@],$(port),g' \
-	-e 's,[@]objdir[@],$(top_builddir)/tests/ldap,g' \
-	-e 's,[@]EGREP[@],$(EGREP),g' 
-
-check-ldap: check-ldap.in Makefile
-	$(do_subst) < $(srcdir)/check-ldap.in > check-ldap.tmp
-	chmod +x check-ldap.tmp
-	mv check-ldap.tmp check-ldap
-
-slapd-init: slapd-init.in Makefile
-	$(do_subst) < $(srcdir)/slapd-init.in > slapd-init.tmp
-	chmod +x slapd-init.tmp
-	mv slapd-init.tmp slapd-init
-
-krb5.conf: krb5.conf.in Makefile
-	$(do_subst) < $(srcdir)/krb5.conf.in > krb5.conf.tmp
-	mv krb5.conf.tmp krb5.conf
-
-CLEANFILES= \
-	$(TESTS) \
-	check-ldap.tmp \
-	slapd-init.tmp \
-	current-db* \
-	krb5.conf krb5.conf.tmp \
-	modules.conf \
-	cache.krb5 \
-	slapd-init \
-	foopassword \
-	messages.log \
-	slapd.pid
-
-EXTRA_DIST = \
-	samba.schema \
-	slapd.conf \
-	slapd-stop \
-	check-ldap.in \
-	init.ldif \
-	krb5.conf.in \
-	slapd-init.in
diff --git a/crypto/heimdal/tests/ldap/Makefile.in b/crypto/heimdal/tests/ldap/Makefile.in
deleted file mode 100644
index 5cd2ce4838ea..000000000000
--- a/crypto/heimdal/tests/ldap/Makefile.in
+++ /dev/null
@@ -1,779 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 22412 2008-01-12 05:57:22Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common
-subdir = tests/ldap
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-SOURCES =
-DIST_SOURCES =
-DATA = $(noinst_DATA)
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-noinst_DATA = krb5.conf
-check_SCRIPTS = $(TESTS) slapd-init
-TESTS = check-ldap
-port = 49188
-do_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \
-	-e 's,[@]port[@],$(port),g' \
-	-e 's,[@]objdir[@],$(top_builddir)/tests/ldap,g' \
-	-e 's,[@]EGREP[@],$(EGREP),g' 
-
-CLEANFILES = \
-	$(TESTS) \
-	check-ldap.tmp \
-	slapd-init.tmp \
-	current-db* \
-	krb5.conf krb5.conf.tmp \
-	modules.conf \
-	cache.krb5 \
-	slapd-init \
-	foopassword \
-	messages.log \
-	slapd.pid
-
-EXTRA_DIST = \
-	samba.schema \
-	slapd.conf \
-	slapd-stop \
-	check-ldap.in \
-	init.ldif \
-	krb5.conf.in \
-	slapd-init.in
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps tests/ldap/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps tests/ldap/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-tags: TAGS
-TAGS:
-
-ctags: CTAGS
-CTAGS:
-
-
-check-TESTS: $(TESTS)
-	@failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[	 ]'; \
-	srcdir=$(srcdir); export srcdir; \
-	list=' $(TESTS) '; \
-	if test -n "$$list"; then \
-	  for tst in $$list; do \
-	    if test -f ./$$tst; then dir=./; \
-	    elif test -f $$tst; then dir=; \
-	    else dir="$(srcdir)/"; fi; \
-	    if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xpass=`expr $$xpass + 1`; \
-		failed=`expr $$failed + 1`; \
-		echo "XPASS: $$tst"; \
-	      ;; \
-	      *) \
-		echo "PASS: $$tst"; \
-	      ;; \
-	      esac; \
-	    elif test $$? -ne 77; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xfail=`expr $$xfail + 1`; \
-		echo "XFAIL: $$tst"; \
-	      ;; \
-	      *) \
-		failed=`expr $$failed + 1`; \
-		echo "FAIL: $$tst"; \
-	      ;; \
-	      esac; \
-	    else \
-	      skip=`expr $$skip + 1`; \
-	      echo "SKIP: $$tst"; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    if test "$$xfail" -eq 0; then \
-	      banner="All $$all tests passed"; \
-	    else \
-	      banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
-	    fi; \
-	  else \
-	    if test "$$xpass" -eq 0; then \
-	      banner="$$failed of $$all tests failed"; \
-	    else \
-	      banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
-	    fi; \
-	  fi; \
-	  dashes="$$banner"; \
-	  skipped=""; \
-	  if test "$$skip" -ne 0; then \
-	    skipped="($$skip tests were not run)"; \
-	    test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$skipped"; \
-	  fi; \
-	  report=""; \
-	  if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
-	    report="Please report to $(PACKAGE_BUGREPORT)"; \
-	    test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$report"; \
-	  fi; \
-	  dashes=`echo "$$dashes" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  test -z "$$skipped" || echo "$$skipped"; \
-	  test -z "$$report" || echo "$$report"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	else :; fi
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) $(check_SCRIPTS)
-	$(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
-check: check-am
-all-am: Makefile $(DATA) all-local
-installdirs:
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-generic
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: all all-am all-local check check-TESTS check-am check-local \
-	clean clean-generic clean-libtool dist-hook distclean \
-	distclean-generic distclean-libtool distdir dvi dvi-am html \
-	html-am info info-am install install-am install-data \
-	install-data-am install-data-hook install-dvi install-dvi-am \
-	install-exec install-exec-am install-exec-hook install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-ps install-ps-am \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	uninstall uninstall-am uninstall-hook
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-check-ldap: check-ldap.in Makefile
-	$(do_subst) < $(srcdir)/check-ldap.in > check-ldap.tmp
-	chmod +x check-ldap.tmp
-	mv check-ldap.tmp check-ldap
-
-slapd-init: slapd-init.in Makefile
-	$(do_subst) < $(srcdir)/slapd-init.in > slapd-init.tmp
-	chmod +x slapd-init.tmp
-	mv slapd-init.tmp slapd-init
-
-krb5.conf: krb5.conf.in Makefile
-	$(do_subst) < $(srcdir)/krb5.conf.in > krb5.conf.tmp
-	mv krb5.conf.tmp krb5.conf
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/tests/ldap/check-ldap.in b/crypto/heimdal/tests/ldap/check-ldap.in
deleted file mode 100644
index c4c731d07950..000000000000
--- a/crypto/heimdal/tests/ldap/check-ldap.in
+++ /dev/null
@@ -1,143 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2006 - 2007 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: check-ldap.in 21856 2007-08-08 06:59:23Z lha $
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-EGREP="@EGREP@"
-
-R=TEST.H5L.SE
-
-port=@port@
-
-cache="FILE:${objdir}/cache.krb5"
-
-kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache --no-afslog"
-kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
-kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port"
-
-testfailed="echo test failed; exit 1"
-
-# If there is no ldap support compile in, disable test
-if ${kdc} --builtin-hdb | grep ldap > /dev/null ; then
-   :
-else
-    echo "no ldap support"
-    exit 77
-fi
-
-#search for all ldap tools
-
-PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/libexec:/usr/lib/openldap:$PATH
-export PATH
-
-oldifs=$IFS
-IFS=:
-set -- $PATH
-IFS=$oldifs
-for j in slapd slapadd; do
-  for i in $*; do
-    test -n "$i" || i="."
-    if test -x $i/$j; then
-       continue 2
-    fi
-  done
-  echo "$j missing, not running test"
-  exit 77
-done
-
-sh ${objdir}/slapd-init || exit 1
-
-trap "sh ${srcdir}/slapd-stop ; exit 1;" EXIT
-
-KRB5_CONFIG="${objdir}/krb5.conf"
-export KRB5_CONFIG
-
-rm -f current-db*
-
-> messages.log
-
-echo Creating database
-${kadmin} \
-    init \
-    --realm-max-ticket-life=1day \
-    --realm-max-renewable-life=1month \
-    ${R} || exit 1
-
-${kadmin} add -p foo --use-defaults foo@${R} || exit 1
-${kadmin} add -p foo --use-defaults bar@${R} || exit 1
-
-${kadmin} cpw --random-password bar@${R} > /dev/null || exit 1
-${kadmin} cpw --random-password bar@${R} > /dev/null || exit 1
-${kadmin} cpw --random-password bar@${R} > /dev/null || exit 1
-
-${kadmin} cpw --random-password suser@${R} > /dev/null|| exit 1
-${kadmin} cpw --password=foo suser@${R} || exit 1
-
-${kadmin} list '*' > /dev/null || exit 1
-
-echo foo > ${objdir}/foopassword
-
-echo Starting kdc
-${kdc} &
-kdcpid=$!
-
-sh ${srcdir}/../kdc/wait-kdc.sh
-if [ "$?" != 0 ] ; then
-    kill ${kdcpid}
-    sh ${srcdir}/slapd-stop
-    exit 1
-fi
-
-trap "kill ${kdcpid}; echo signal killing kdc; sh ${srcdir}/slapd-stop ; exit 1;" EXIT
-
-ec=0
-
-echo "Getting client initial tickets";
-${kinit} --password-file=${objdir}/foopassword foo@$R || \
-	{ ec=1 ; eval "${testfailed}"; }
-
-
-echo "killing kdc (${kdcpid})"
-kill $kdcpid || exit 1
-
-trap "" EXIT
-
-# kill of old slapd
-sh ${srcdir}/slapd-stop
-
-rm -rf db schema
-
-exit $ec
diff --git a/crypto/heimdal/tests/ldap/init.ldif b/crypto/heimdal/tests/ldap/init.ldif
deleted file mode 100644
index 9cf39b126aec..000000000000
--- a/crypto/heimdal/tests/ldap/init.ldif
+++ /dev/null
@@ -1,44 +0,0 @@
-dn: o=TEST,dc=H5L,dc=SE
-objectclass: organization
-o: Test
-
-dn: ou=kerberosPrincipals,o=TEST,dc=H5L,dc=SE
-objectclass: organizationalUnit
-ou: kerberosPrincipals
-
-dn: uid=suser,ou=kerberosPrincipals,o=TEST,dc=H5L,dc=SE
-cn: root
-sn: root
-objectClass: inetOrgPerson
-objectClass: posixAccount
-objectClass: organizationalPerson
-objectClass: person
-objectClass: top
-gidNumber: 0
-uid: suser
-uidNumber: 0
-homeDirectory: /root
-loginShell: /bin/bash
-gecos: Netbios root user
-structuralObjectClass: inetOrgPerson
-creatorsName: cn=root,dc=test,dc=h5l,dc=se
-userPassword:: AAAAAA
-objectClass: krb5KDCEntry
-krb5KeyVersionNumber: 2
-krb5PrincipalName: suser@TEST.H5L.SE
-objectClass: sambaSamAccount
-sambaHomePath: \\admin1\suser
-sambaPwdCanChange: 1159699688
-sambaPwdLastSet: 1159699688
-sambaPrimaryGroupSID: S-1-5-21-3017333096-1338036268-1966094567-512
-sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000
- 00000000
-sambaLMPassword: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-sambaNTPassword: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-sambaLogonTime: 0
-sambaLogoffTime: 2147483647
-sambaKickoffTime: 2147483647
-sambaPwdMustChange: 2147483647
-sambaHomeDrive: H:
-sambaAcctFlags: [U          ]
-sambaSID: S-1-5-21-3017333096-1338036268-1966094567-1000
diff --git a/crypto/heimdal/tests/ldap/krb5.conf.in b/crypto/heimdal/tests/ldap/krb5.conf.in
deleted file mode 100644
index 8ea9da5bbc8e..000000000000
--- a/crypto/heimdal/tests/ldap/krb5.conf.in
+++ /dev/null
@@ -1,21 +0,0 @@
-# $Id: krb5.conf.in 20220 2007-02-15 00:11:18Z lha $
-
-[libdefaults]
-	default_realm = TEST.H5L.SE
-	no-addresses = TRUE
-
-[realms]
-	TEST.H5L.SE = {
-		kdc = localhost:@port@
-	}
-
-[kdc]
-	database = {
-		dbname = ldapi://ldap-socket:OU=KerberosPrincipals,o=test,DC=h5l,DC=se
-		realm = TEST.H5L.SE
-		mkey_file = @objdir@/mkey.file
-	}
-
-[logging]
-	kdc = 0-/FILE:@objdir@/messages.log
-	default = 0-/FILE:@objdir@/messages.log
diff --git a/crypto/heimdal/tests/ldap/samba.schema b/crypto/heimdal/tests/ldap/samba.schema
deleted file mode 100644
index 549a70886236..000000000000
--- a/crypto/heimdal/tests/ldap/samba.schema
+++ /dev/null
@@ -1,554 +0,0 @@
-##
-## schema file for OpenLDAP 2.x
-## Schema for storing Samba user accounts and group maps in LDAP
-## OIDs are owned by the Samba Team
-##
-## Prerequisite schemas - uid         (cosine.schema)
-##                      - displayName (inetorgperson.schema)
-##                      - gidNumber   (nis.schema)
-##
-## 1.3.6.1.4.1.7165.2.1.x - attributetypes
-## 1.3.6.1.4.1.7165.2.2.x - objectclasses
-##
-## Printer support
-## 1.3.6.1.4.1.7165.2.3.1.x - attributetypes
-## 1.3.6.1.4.1.7165.2.3.2.x - objectclasses
-##
-## Samba4
-## 1.3.6.1.4.1.7165.4.1.x - attributetypes
-## 1.3.6.1.4.1.7165.4.2.x - objectclasses
-## 1.3.6.1.4.1.7165.4.3.x - LDB/LDAP Controls
-## 1.3.6.1.4.1.7165.4.4.x - LDB/LDAP Extended Operations
-## 1.3.6.1.4.1.7165.4.255.x - mapped OIDs due to conflicts between AD and standards-track
-##
-## ----- READ THIS WHEN ADDING A NEW ATTRIBUTE OR OBJECT CLASS ------
-##
-## Run the 'get_next_oid' bash script in this directory to find the 
-## next available OID for attribute type and object classes.
-##
-##   $ ./get_next_oid
-##   attributetype ( 1.3.6.1.4.1.7165.2.1.XX NAME ....
-##   objectclass ( 1.3.6.1.4.1.7165.2.2.XX NAME ....
-##
-## Also ensure that new entries adhere to the declaration style
-## used throughout this file
-##
-##    <attributetype|objectclass> ( 1.3.6.1.4.1.7165.2.XX.XX NAME ....
-##                               ^ ^                        ^
-##
-## The spaces are required for the get_next_oid script (and for 
-## readability).
-##
-## ------------------------------------------------------------------
-
-# objectIdentifier SambaRoot 1.3.6.1.4.1.7165
-# objectIdentifier Samba3 SambaRoot:2
-# objectIdentifier Samba3Attrib Samba3:1
-# objectIdentifier Samba3ObjectClass Samba3:2
-# objectIdentifier Samba4 SambaRoot:4
-
-########################################################################
-##                            HISTORICAL                              ##
-########################################################################
-
-##
-## Password hashes
-##
-#attributetype ( 1.3.6.1.4.1.7165.2.1.1 NAME 'lmPassword'
-#	DESC 'LanManager Passwd'
-#	EQUALITY caseIgnoreIA5Match
-#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
-
-#attributetype ( 1.3.6.1.4.1.7165.2.1.2 NAME 'ntPassword'
-#	DESC 'NT Passwd'
-#	EQUALITY caseIgnoreIA5Match
-#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
-
-##
-## Account flags in string format ([UWDX     ])
-##
-#attributetype ( 1.3.6.1.4.1.7165.2.1.4 NAME 'acctFlags'
-#	DESC 'Account Flags'
-#	EQUALITY caseIgnoreIA5Match
-#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE )
-
-##
-## Password timestamps & policies
-##
-#attributetype ( 1.3.6.1.4.1.7165.2.1.3 NAME 'pwdLastSet'
-#	DESC 'NT pwdLastSet'
-#	EQUALITY integerMatch
-#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-#attributetype ( 1.3.6.1.4.1.7165.2.1.5 NAME 'logonTime'
-#	DESC 'NT logonTime'
-#	EQUALITY integerMatch
-#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-#attributetype ( 1.3.6.1.4.1.7165.2.1.6 NAME 'logoffTime'
-#	DESC 'NT logoffTime'
-#	EQUALITY integerMatch
-#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-#attributetype ( 1.3.6.1.4.1.7165.2.1.7 NAME 'kickoffTime'
-#	DESC 'NT kickoffTime'
-#	EQUALITY integerMatch
-#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-#attributetype ( 1.3.6.1.4.1.7165.2.1.8 NAME 'pwdCanChange'
-#	DESC 'NT pwdCanChange'
-#	EQUALITY integerMatch
-#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-#attributetype ( 1.3.6.1.4.1.7165.2.1.9 NAME 'pwdMustChange'
-#	DESC 'NT pwdMustChange'
-#	EQUALITY integerMatch
-#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-##
-## string settings
-##
-#attributetype ( 1.3.6.1.4.1.7165.2.1.10 NAME 'homeDrive'
-#	DESC 'NT homeDrive'
-#	EQUALITY caseIgnoreIA5Match
-#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
-
-#attributetype ( 1.3.6.1.4.1.7165.2.1.11 NAME 'scriptPath'
-#	DESC 'NT scriptPath'
-#	EQUALITY caseIgnoreIA5Match
-#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
-
-#attributetype ( 1.3.6.1.4.1.7165.2.1.12 NAME 'profilePath'
-#	DESC 'NT profilePath'
-#	EQUALITY caseIgnoreIA5Match
-#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
-
-#attributetype ( 1.3.6.1.4.1.7165.2.1.13 NAME 'userWorkstations'
-#	DESC 'userWorkstations'
-#	EQUALITY caseIgnoreIA5Match
-#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
-
-#attributetype ( 1.3.6.1.4.1.7165.2.1.17 NAME 'smbHome'
-#	DESC 'smbHome'
-#	EQUALITY caseIgnoreIA5Match
-#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
-
-#attributetype ( 1.3.6.1.4.1.7165.2.1.18 NAME 'domain'
-#	DESC 'Windows NT domain to which the user belongs'
-#	EQUALITY caseIgnoreIA5Match
-#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
-
-##
-## user and group RID
-##
-#attributetype ( 1.3.6.1.4.1.7165.2.1.14 NAME 'rid'
-#	DESC 'NT rid'
-#	EQUALITY integerMatch
-#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-#attributetype ( 1.3.6.1.4.1.7165.2.1.15 NAME 'primaryGroupID'
-#	DESC 'NT Group RID'
-#	EQUALITY integerMatch
-#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-##
-## The smbPasswordEntry objectclass has been depreciated in favor of the
-## sambaAccount objectclass
-##
-#objectclass ( 1.3.6.1.4.1.7165.2.2.1 NAME 'smbPasswordEntry' SUP top AUXILIARY
-#        DESC 'Samba smbpasswd entry'
-#        MUST ( uid $ uidNumber )
-#        MAY  ( lmPassword $ ntPassword $ pwdLastSet $ acctFlags ))
-
-#objectclass ( 1.3.6.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL
-#	DESC 'Samba Account'
-#	MUST ( uid $ rid )
-#	MAY  ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
-#               logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
-#               displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
-#               description $ userWorkstations $ primaryGroupID $ domain ))
-
-#objectclass ( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILIARY
-#	DESC 'Samba Auxiliary Account'
-#	MUST ( uid $ rid )
-#	MAY  ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
-#              logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
-#              displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
-#              description $ userWorkstations $ primaryGroupID $ domain ))
-
-########################################################################
-##                        END OF HISTORICAL                           ##
-########################################################################
-
-#######################################################################
-##                Attributes used by Samba 3.0 schema                ##
-#######################################################################
-
-##
-## Password hashes
-##
-attributetype ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword'
-	DESC 'LanManager Password'
-	EQUALITY caseIgnoreIA5Match
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword'
-	DESC 'MD4 hash of the unicode password'
-	EQUALITY caseIgnoreIA5Match
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
-
-##
-## Account flags in string format ([UWDX     ])
-##
-attributetype ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags'
-	DESC 'Account Flags'
-	EQUALITY caseIgnoreIA5Match
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE )
-
-##
-## Password timestamps & policies
-##
-attributetype ( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet'
-	DESC 'Timestamp of the last password update'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange'
-	DESC 'Timestamp of when the user is allowed to update the password'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange'
-	DESC 'Timestamp of when the password will expire'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime'
-	DESC 'Timestamp of last logon'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime'
-	DESC 'Timestamp of last logoff'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime'
-	DESC 'Timestamp of when the user will be logged off automatically'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount'
-	DESC 'Bad password attempt count'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime'
-	DESC 'Time of the last bad password attempt'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours'
-	DESC 'Logon Hours'
-	EQUALITY caseIgnoreIA5Match
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{42} SINGLE-VALUE )
-
-##
-## string settings
-##
-attributetype ( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive'
-	DESC 'Driver letter of home directory mapping'
-	EQUALITY caseIgnoreIA5Match
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript'
-	DESC 'Logon script path'
-	EQUALITY caseIgnoreMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath'
-	DESC 'Roaming profile path'
-	EQUALITY caseIgnoreMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations'
-	DESC 'List of user workstations the user is allowed to logon to'
-	EQUALITY caseIgnoreMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath'
-	DESC 'Home directory UNC path'
-	EQUALITY caseIgnoreMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName'
-	DESC 'Windows NT domain to which the user belongs'
-	EQUALITY caseIgnoreMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial'
-	DESC 'Base64 encoded user parameter string'
-	EQUALITY caseExactMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory'
-	DESC 'Concatenated MD5 hashes of the salted NT passwords used on this account'
-	EQUALITY caseIgnoreIA5Match
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} )
-
-##
-## SID, of any type
-##
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID'
-	DESC 'Security ID'
-	EQUALITY caseIgnoreIA5Match
-	SUBSTR caseExactIA5SubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
-
-##
-## Primary group SID, compatible with ntSid
-##
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID'
-	DESC 'Primary Group Security ID'
-	EQUALITY caseIgnoreIA5Match
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList'
-	DESC 'Security ID List'
-	EQUALITY caseIgnoreIA5Match
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} )
-
-##
-## group mapping attributes
-##
-attributetype ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType'
-	DESC 'NT Group Type'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-##
-## Store info on the domain
-##
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid'
-	DESC 'Next NT rid to give our for users'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid'
-	DESC 'Next NT rid to give out for groups'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid'
-	DESC 'Next NT rid to give out for anything'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase'
-	DESC 'Base at which the samba RID generation algorithm should operate'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName'
-	DESC 'Share Name'
-	EQUALITY caseIgnoreMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName'
-	DESC 'Option Name'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption'
-	DESC 'A boolean option'
-	EQUALITY booleanMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption'
-	DESC 'An integer option'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption'
-	DESC 'A string option'
-	EQUALITY caseExactIA5Match
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption'
-	DESC 'A string list option'
-	EQUALITY caseIgnoreMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
-
-##attributetype ( 1.3.6.1.4.1.7165.2.1.50 NAME 'sambaPrivName' 
-##	SUP name )
-
-##attributetype ( 1.3.6.1.4.1.7165.2.1.52 NAME 'sambaPrivilegeList'
-##	DESC 'Privileges List'
-##	EQUALITY caseIgnoreIA5Match
-##	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags'
-	DESC 'Trust Password Flags'
-	EQUALITY caseIgnoreIA5Match
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-# "min password length"
-attributetype ( 1.3.6.1.4.1.7165.2.1.58 NAME 'sambaMinPwdLength'
-	DESC 'Minimal password length (default: 5)'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-# "password history"
-attributetype ( 1.3.6.1.4.1.7165.2.1.59 NAME 'sambaPwdHistoryLength'
-	DESC 'Length of Password History Entries (default: 0 => off)'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-# "user must logon to change password"
-attributetype ( 1.3.6.1.4.1.7165.2.1.60 NAME 'sambaLogonToChgPwd'
-	DESC 'Force Users to logon for password change (default: 0 => off, 2 => on)'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-# "maximum password age"
-attributetype ( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge'
-	DESC 'Maximum password age, in seconds (default: -1 => never expire passwords)'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-# "minimum password age"
-attributetype ( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge'
-	DESC 'Minimum password age, in seconds (default: 0 => allow immediate password change)'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-# "lockout duration"
-attributetype ( 1.3.6.1.4.1.7165.2.1.63 NAME 'sambaLockoutDuration'
-	DESC 'Lockout duration in minutes (default: 30, -1 => forever)'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-# "reset count minutes"
-attributetype ( 1.3.6.1.4.1.7165.2.1.64 NAME 'sambaLockoutObservationWindow'
-	DESC 'Reset time after lockout in minutes (default: 30)'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-# "bad lockout attempt"
-attributetype ( 1.3.6.1.4.1.7165.2.1.65 NAME 'sambaLockoutThreshold'
-	DESC 'Lockout users after bad logon attempts (default: 0 => off)'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-# "disconnect time"
-attributetype ( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff'
-	DESC 'Disconnect Users outside logon hours (default: -1 => off, 0 => on)'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-# "refuse machine password change"
-attributetype ( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdChange'
-	DESC 'Allow Machine Password changes (default: 0 => off)'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-
-
-
-#######################################################################
-##              objectClasses used by Samba 3.0 schema               ##
-#######################################################################
-
-## The X.500 data model (and therefore LDAPv3) says that each entry can
-## only have one structural objectclass.  OpenLDAP 2.0 does not enforce
-## this currently but will in v2.1
-
-##
-## added new objectclass (and OID) for 3.0 to help us deal with backwards
-## compatibility with 2.2 installations (e.g. ldapsam_compat)  --jerry
-##
-objectclass ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' SUP top AUXILIARY
-	DESC 'Samba 3.0 Auxilary SAM Account'
-	MUST ( uid $ sambaSID )
-	MAY  ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $
-	       sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $
-	       sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $
-               displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $
-	       sambaProfilePath $ description $ sambaUserWorkstations $
-	       sambaPrimaryGroupSID $ sambaDomainName $ sambaMungedDial $
-	       sambaBadPasswordCount $ sambaBadPasswordTime $
-	       sambaPasswordHistory $ sambaLogonHours))
-
-##
-## Group mapping info
-##
-objectclass ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP top AUXILIARY
-	DESC 'Samba Group Mapping'
-	MUST ( gidNumber $ sambaSID $ sambaGroupType )
-	MAY  ( displayName $ description $ sambaSIDList ))
-
-##
-## Trust password for trust relationships (any kind)
-##
-objectclass ( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' SUP top STRUCTURAL
-	DESC 'Samba Trust Password'
-	MUST ( sambaDomainName $ sambaNTPassword $ sambaTrustFlags )
-	MAY ( sambaSID $ sambaPwdLastSet ))
-
-##
-## Whole-of-domain info
-##
-objectclass ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL
-	DESC 'Samba Domain Information'
-	MUST ( sambaDomainName $ 
-	       sambaSID ) 
-	MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $
-	      sambaAlgorithmicRidBase $ 
-	      sambaMinPwdLength $ sambaPwdHistoryLength $ sambaLogonToChgPwd $
-	      sambaMaxPwdAge $ sambaMinPwdAge $
-	      sambaLockoutDuration $ sambaLockoutObservationWindow $ sambaLockoutThreshold $
-	      sambaForceLogoff $ sambaRefuseMachinePwdChange ))
-
-##
-## used for idmap_ldap module
-##
-objectclass ( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool' SUP top AUXILIARY
-        DESC 'Pool for allocating UNIX uids/gids'
-        MUST ( uidNumber $ gidNumber ) )
-
-
-objectclass ( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' SUP top AUXILIARY
-        DESC 'Mapping from a SID to an ID'
-        MUST ( sambaSID )
-	MAY ( uidNumber $ gidNumber ) )
-
-objectclass ( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' SUP top STRUCTURAL
-	DESC 'Structural Class for a SID'
-	MUST ( sambaSID ) )
-
-objectclass ( 1.3.6.1.4.1.7165.2.2.10 NAME 'sambaConfig' SUP top AUXILIARY
-	DESC 'Samba Configuration Section'
-	MAY ( description ) )
-
-objectclass ( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' SUP top STRUCTURAL
-	DESC 'Samba Share Section'
-	MUST ( sambaShareName )
-	MAY ( description ) )
-
-objectclass ( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' SUP top STRUCTURAL
-	DESC 'Samba Configuration Option'
-	MUST ( sambaOptionName )
-	MAY ( sambaBoolOption $ sambaIntegerOption $ sambaStringOption $ 
-	      sambaStringListoption $ description ) )
-
-
-## retired during privilege rewrite
-##objectclass ( 1.3.6.1.4.1.7165.2.2.13 NAME 'sambaPrivilege' SUP top AUXILIARY
-##	DESC 'Samba Privilege'
-##	MUST ( sambaSID )
-##	MAY ( sambaPrivilegeList ) )
diff --git a/crypto/heimdal/tests/ldap/slapd-init.in b/crypto/heimdal/tests/ldap/slapd-init.in
deleted file mode 100644
index e4118085f2cf..000000000000
--- a/crypto/heimdal/tests/ldap/slapd-init.in
+++ /dev/null
@@ -1,39 +0,0 @@
-#!/bin/sh 
-# $Id: slapd-init.in 22295 2007-12-14 05:59:04Z lha $
-
-srcdir=@srcdir@
-
-rm -rf db schema
-mkdir db
-
-# kill of old slapd if running
-sh ${srcdir}/slapd-stop > /dev/null
-
-SCHEMA_NEEDED="hdb core nis cosine inetorgperson openldap samba"
-
-SCHEMA_PATHS="${srcdir}/../../lib/hdb ${srcdir} /etc/ldap/schema /etc/openldap/schema /private/etc/openldap/schema /usr/share/openldap/schema"
-
-test -d schema || mkdir schema
-
-# setup needed schema files
-for f in $SCHEMA_NEEDED; do
-    if [ ! -r schema/$f.schema ]; then
-	for d in $SCHEMA_PATHS ; do
-	    if [ -r $d/$f.schema ] ; then
-		cp $d/$f.schema schema/$f.schema
-		continue 2
-	    fi
-	done
-	echo "SKIPPING TESTS: you need the following schema file: $f.schema"
-	exit 1
-    fi
-done
-
-touch modules.conf || exit 1
-
-slapadd -d 0 -f ${srcdir}/slapd.conf < ${srcdir}/init.ldif || exit 0
-
-echo "starting slapd"
-slapd -d0 -f ${srcdir}/slapd.conf -h ldapi://.%2Fldap-socket &
-
-sleep 4
diff --git a/crypto/heimdal/tests/ldap/slapd-stop b/crypto/heimdal/tests/ldap/slapd-stop
deleted file mode 100644
index 7c37c7310878..000000000000
--- a/crypto/heimdal/tests/ldap/slapd-stop
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/bin/sh 
-# $Id: slapd-stop 20220 2007-02-15 00:11:18Z lha $
-
-echo stoping slapd
-
-# kill of old slapd
-if [ -f slapd.pid ]; then
-    kill `cat slapd.pid`
-    sleep 5
-fi
-if [ -f slapd.pid ]; then
-    kill -9 `cat slapd.pid`
-    rm -f slapd.pid
-    sleep 5
-fi
-
-exit 0
-
diff --git a/crypto/heimdal/tests/ldap/slapd.conf b/crypto/heimdal/tests/ldap/slapd.conf
deleted file mode 100644
index 077727e21b29..000000000000
--- a/crypto/heimdal/tests/ldap/slapd.conf
+++ /dev/null
@@ -1,28 +0,0 @@
-loglevel 0
-
-include schema/core.schema
-include schema/cosine.schema
-include schema/inetorgperson.schema
-include schema/openldap.schema
-include schema/nis.schema
-include schema/hdb.schema
-include schema/samba.schema
-
-
-pidfile		slapd.pid
-argsfile	slapd.args
-
-access to * by * write
-
-allow update_anon bind_anon_dn
-
-include modules.conf
-
-defaultsearchbase "ou=TEST,dc=H5L,dc=SE"
-
-backend		bdb
-database        bdb
-suffix		"o=TEST,dc=H5L,dc=SE"
-directory	db
-index           objectClass eq
-index           uid eq
diff --git a/crypto/heimdal/tests/plugin/Makefile.am b/crypto/heimdal/tests/plugin/Makefile.am
deleted file mode 100644
index 46ccdc5c0293..000000000000
--- a/crypto/heimdal/tests/plugin/Makefile.am
+++ /dev/null
@@ -1,43 +0,0 @@
-# $Id: Makefile.am 20202 2007-02-08 00:59:47Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-noinst_DATA = krb5.conf
-
-SCRIPT_TESTS = check-pac
-TESTS = $(SCRIPT_TESTS)
-
-port = 49188
-
-do_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \
-	-e 's,[@]port[@],$(port),g' \
-	-e 's,[@]objdir[@],$(top_builddir)/tests/plugin,g' \
-	-e 's,[@]EGREP[@],$(EGREP),g' 
-
-LDADD = ../../lib/krb5/libkrb5.la $(LIB_roken)
-
-check-pac: check-pac.in Makefile
-	$(do_subst) < $(srcdir)/check-pac.in > check-pac.tmp
-	chmod +x check-pac.tmp
-	mv check-pac.tmp check-pac
-
-krb5.conf: krb5.conf.in Makefile
-	$(do_subst) < $(srcdir)/krb5.conf.in > krb5.conf.tmp
-	mv krb5.conf.tmp krb5.conf
-
-lib_LTLIBRARIES = windc.la
-
-windc_la_SOURCES = windc.c
-windc_la_LDFLAGS = -module
-
-CLEANFILES= \
-	$(TESTS) \
-	server.keytab \
-	current-db* \
-	foopassword \
-	krb5.conf krb5.conf.tmp \
-	messages.log
-
-EXTRA_DIST = \
-	check-pac.in \
-	krb5.conf.in
diff --git a/crypto/heimdal/tests/plugin/Makefile.in b/crypto/heimdal/tests/plugin/Makefile.in
deleted file mode 100644
index 3e06d8015257..000000000000
--- a/crypto/heimdal/tests/plugin/Makefile.in
+++ /dev/null
@@ -1,890 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 20202 2007-02-08 00:59:47Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common
-subdir = tests/plugin
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
-    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
-    *) f=$$p;; \
-  esac;
-am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
-am__installdirs = "$(DESTDIR)$(libdir)"
-libLTLIBRARIES_INSTALL = $(INSTALL)
-LTLIBRARIES = $(lib_LTLIBRARIES)
-windc_la_LIBADD =
-am_windc_la_OBJECTS = windc.lo
-windc_la_OBJECTS = $(am_windc_la_OBJECTS)
-windc_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(windc_la_LDFLAGS) \
-	$(LDFLAGS) -o $@
-DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
-	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
-	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-SOURCES = $(windc_la_SOURCES)
-DIST_SOURCES = $(windc_la_SOURCES)
-DATA = $(noinst_DATA)
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-noinst_DATA = krb5.conf
-SCRIPT_TESTS = check-pac
-TESTS = $(SCRIPT_TESTS)
-port = 49188
-do_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \
-	-e 's,[@]port[@],$(port),g' \
-	-e 's,[@]objdir[@],$(top_builddir)/tests/plugin,g' \
-	-e 's,[@]EGREP[@],$(EGREP),g' 
-
-LDADD = ../../lib/krb5/libkrb5.la $(LIB_roken)
-lib_LTLIBRARIES = windc.la
-windc_la_SOURCES = windc.c
-windc_la_LDFLAGS = -module
-CLEANFILES = \
-	$(TESTS) \
-	server.keytab \
-	current-db* \
-	foopassword \
-	krb5.conf krb5.conf.tmp \
-	messages.log
-
-EXTRA_DIST = \
-	check-pac.in \
-	krb5.conf.in
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps tests/plugin/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps tests/plugin/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f=$(am__strip_dir) \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  p=$(am__strip_dir) \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
-	  $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test "$$dir" != "$$p" || dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-windc.la: $(windc_la_OBJECTS) $(windc_la_DEPENDENCIES) 
-	$(windc_la_LINK) -rpath $(libdir) $(windc_la_OBJECTS) $(windc_la_LIBADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c $<
-
-.c.obj:
-	$(COMPILE) -c `$(CYGPATH_W) '$<'`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
-	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-check-TESTS: $(TESTS)
-	@failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[	 ]'; \
-	srcdir=$(srcdir); export srcdir; \
-	list=' $(TESTS) '; \
-	if test -n "$$list"; then \
-	  for tst in $$list; do \
-	    if test -f ./$$tst; then dir=./; \
-	    elif test -f $$tst; then dir=; \
-	    else dir="$(srcdir)/"; fi; \
-	    if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xpass=`expr $$xpass + 1`; \
-		failed=`expr $$failed + 1`; \
-		echo "XPASS: $$tst"; \
-	      ;; \
-	      *) \
-		echo "PASS: $$tst"; \
-	      ;; \
-	      esac; \
-	    elif test $$? -ne 77; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *$$ws$$tst$$ws*) \
-		xfail=`expr $$xfail + 1`; \
-		echo "XFAIL: $$tst"; \
-	      ;; \
-	      *) \
-		failed=`expr $$failed + 1`; \
-		echo "FAIL: $$tst"; \
-	      ;; \
-	      esac; \
-	    else \
-	      skip=`expr $$skip + 1`; \
-	      echo "SKIP: $$tst"; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    if test "$$xfail" -eq 0; then \
-	      banner="All $$all tests passed"; \
-	    else \
-	      banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
-	    fi; \
-	  else \
-	    if test "$$xpass" -eq 0; then \
-	      banner="$$failed of $$all tests failed"; \
-	    else \
-	      banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
-	    fi; \
-	  fi; \
-	  dashes="$$banner"; \
-	  skipped=""; \
-	  if test "$$skip" -ne 0; then \
-	    skipped="($$skip tests were not run)"; \
-	    test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$skipped"; \
-	  fi; \
-	  report=""; \
-	  if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
-	    report="Please report to $(PACKAGE_BUGREPORT)"; \
-	    test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$report"; \
-	  fi; \
-	  dashes=`echo "$$dashes" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  test -z "$$skipped" || echo "$$skipped"; \
-	  test -z "$$report" || echo "$$report"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	else :; fi
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(DATA) all-local
-installdirs:
-	for dir in "$(DESTDIR)$(libdir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
-	mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am: install-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: CTAGS GTAGS all all-am all-local check check-TESTS check-am \
-	check-local clean clean-generic clean-libLTLIBRARIES \
-	clean-libtool ctags dist-hook distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-data-hook install-dvi \
-	install-dvi-am install-exec install-exec-am install-exec-hook \
-	install-html install-html-am install-info install-info-am \
-	install-libLTLIBRARIES install-man install-pdf install-pdf-am \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-hook \
-	uninstall-libLTLIBRARIES
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-check-pac: check-pac.in Makefile
-	$(do_subst) < $(srcdir)/check-pac.in > check-pac.tmp
-	chmod +x check-pac.tmp
-	mv check-pac.tmp check-pac
-
-krb5.conf: krb5.conf.in Makefile
-	$(do_subst) < $(srcdir)/krb5.conf.in > krb5.conf.tmp
-	mv krb5.conf.tmp krb5.conf
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/tests/plugin/check-pac.in b/crypto/heimdal/tests/plugin/check-pac.in
deleted file mode 100644
index 290274d2f51f..000000000000
--- a/crypto/heimdal/tests/plugin/check-pac.in
+++ /dev/null
@@ -1,147 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2006 - 2007 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: check-pac.in 21857 2007-08-08 06:59:36Z lha $
-#
-
-srcdir="@srcdir@"
-objdir="@objdir@"
-EGREP="@EGREP@"
-
-testfailed="echo test failed; cat messages.log; exit 1"
-
-# If there is no useful db support compile in, disable test
-../db/have-db || exit 77
-
-R=TEST.H5L.SE
-
-port=@port@
-
-kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r ${R}"
-kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port"
-
-server=host/datan.test.h5l.se
-cache="FILE:${objdir}/cache.krb5"
-keytabfile=${objdir}/server.keytab
-keytab="FILE:${keytabfile}"
-
-kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache --no-afslog"
-klist="${TESTS_ENVIRONMENT} ../../kuser/klist -c $cache"
-kgetcred="${TESTS_ENVIRONMENT} ../../kuser/kgetcred -c $cache"
-kdestroy="${TESTS_ENVIRONMENT} ../../kuser/kdestroy -c $cache --no-unlog"
-
-KRB5_CONFIG="${objdir}/krb5.conf"
-export KRB5_CONFIG
-
-rm -f ${keytabfile}
-rm -f current-db*
-rm -f out-*
-rm -f mkey.file*
-
-> messages.log
-
-echo Creating database
-${kadmin} \
-    init \
-    --realm-max-ticket-life=1day \
-    --realm-max-renewable-life=1month \
-    ${R} || exit 1
-
-${kadmin} add -p foo --use-defaults foo@${R} || exit 1
-${kadmin} add -p bar --use-defaults ${server}@${R} || exit 1
-${kadmin} ext -k ${keytab} ${server}@${R} || exit 1
-
-echo "Doing database check"
-${kadmin} check ${R} || exit 1
-${kadmin} check ${R2} || exit 1
-
-echo foo > ${objdir}/foopassword
-
-echo "Empty log"
-> messages.log
-
-echo Starting kdc
-${kdc} &
-kdcpid=$!
-
-sh ${srcdir}/../kdc/wait-kdc.sh
-if [ "$?" != 0 ] ; then
-    kill ${kdcpid}
-    exit 1
-fi
-
-trap "kill ${kdcpid}; echo signal killing kdc; exit 1;" EXIT
-
-ec=0
-
-echo "Check that WINDC module was loaded "
-grep "windc init" messages.log >/dev/null || \
-	{ ec=1 ; eval "${testfailed}"; }
-
-echo "Getting client initial tickets"; > messages.log
-${kinit} --password-file=${objdir}/foopassword foo@${R} || \
-	{ ec=1 ; eval "${testfailed}"; }
-echo "Getting tickets" ; > messages.log
-${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
-echo "Verify PAC on server"; > messages.log
-../kdc/ap-req --verify-pac ${server}@${R} ${keytab} ${cache} || \
-	{ ec=1 ; eval "${testfailed}"; }
-${kdestroy}
-
-echo "Getting client initial tickets (pag)"; > messages.log
-${kinit} --request-pac --password-file=${objdir}/foopassword foo@${R} || \
-	{ ec=1 ; eval "${testfailed}"; }
-echo "Getting tickets" ; > messages.log
-${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
-echo "Verify PAC on server (pag)"; > messages.log
-../kdc/ap-req --verify-pac ${server}@${R} ${keytab} ${cache} || \
-	{ ec=1 ; eval "${testfailed}"; }
-${kdestroy}
-
-echo "Getting client initial tickets (no pag)"; > messages.log
-${kinit} --no-request-pac --password-file=${objdir}/foopassword foo@${R} || \
-	{ ec=1 ; eval "${testfailed}"; }
-echo "Getting tickets" ; > messages.log
-${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
-echo "Verify PAC on server (no pag)"; > messages.log
-../kdc/ap-req --verify-pac ${server}@${R} ${keytab} ${cache} 2> /dev/null && \
-	{ ec=1 ; eval "${testfailed}"; }
-${kdestroy}
-
-
-echo "killing kdc (${kdcpid})"
-kill $kdcpid || exit 1
-
-trap "" EXIT
-
-exit $ec
diff --git a/crypto/heimdal/tests/plugin/krb5.conf.in b/crypto/heimdal/tests/plugin/krb5.conf.in
deleted file mode 100644
index fad9e740f4be..000000000000
--- a/crypto/heimdal/tests/plugin/krb5.conf.in
+++ /dev/null
@@ -1,29 +0,0 @@
-# $Id: krb5.conf.in 20202 2007-02-08 00:59:47Z lha $
-
-[libdefaults]
-	default_realm = TEST.H5L.SE
-	no-addresses = TRUE
-
-	plugin_dir = @objdir@ @objdir@/.libs
-
-[appdefaults]
-	pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt
-
-[realms]
-	TEST.H5L.SE = {
-		kdc = localhost:@port@
-	}
-
-[kdc]
-	database = {
-		dbname = @objdir@/current-db
-		realm = TEST.H5L.SE
-		mkey_file = @objdir@/mkey.file
-	}
-
-[logging]
-	kdc = 0-/FILE:@objdir@/messages.log
-	default = 0-/FILE:@objdir@/messages.log
-
-[kadmin]
-#	default_keys = arcfour-hmac-md5:pw-salt
diff --git a/crypto/heimdal/tests/plugin/windc.c b/crypto/heimdal/tests/plugin/windc.c
deleted file mode 100644
index 7c78847f797d..000000000000
--- a/crypto/heimdal/tests/plugin/windc.c
+++ /dev/null
@@ -1,77 +0,0 @@
-#include <krb5.h>
-#include <hdb.h>
-#include <windc_plugin.h>
-
-static krb5_error_code
-windc_init(krb5_context context, void **ctx)
-{
-    krb5_warnx(context, "windc init");
-    *ctx = NULL;
-    return 0;
-}
-
-static void
-windc_fini(void *ctx)
-{
-}
-
-static krb5_error_code 
-pac_generate(void *ctx, krb5_context context,
-	     struct hdb_entry_ex *client, krb5_pac *pac)
-{
-    krb5_error_code ret;
-    krb5_data data;
-
-    krb5_warnx(context, "pac generate");
-
-    data.data = "\x00\x01";
-    data.length = 2;
-
-    ret = krb5_pac_init(context, pac);
-    if (ret)
-	return ret;
-
-    ret = krb5_pac_add_buffer(context, *pac, 1, &data);
-    if (ret)
-	return ret;
-
-    return 0;
-}
-
-static krb5_error_code 
-pac_verify(void *ctx, krb5_context context,
-	   const krb5_principal client_principal,
-	   struct hdb_entry_ex *client, 
-	   struct hdb_entry_ex *server,
-	   krb5_pac *pac)
-{
-    krb5_error_code ret;
-    krb5_data data;
-
-    krb5_warnx(context, "pac_verify");
-
-    ret = krb5_pac_get_buffer(context, *pac, 1, &data);
-    if (ret)
-	return ret;
-
-    krb5_data_free(&data);
-
-    return 0;
-}
-
-static krb5_error_code 
-client_access(void *ctx, krb5_context context, 
-	      struct hdb_entry_ex *client, KDC_REQ *req)
-{
-    krb5_warnx(context, "client_access");
-    return 0;
-}
-
-krb5plugin_windc_ftable windc = {
-    KRB5_WINDC_PLUGING_MINOR,
-    windc_init,
-    windc_fini,
-    pac_generate,
-    pac_verify,
-    client_access
-};
diff --git a/crypto/heimdal/tools/Makefile.am b/crypto/heimdal/tools/Makefile.am
deleted file mode 100644
index db60f48b4394..000000000000
--- a/crypto/heimdal/tools/Makefile.am
+++ /dev/null
@@ -1,53 +0,0 @@
-# $Id: Makefile.am 22413 2008-01-12 05:58:14Z lha $
-
-include $(top_srcdir)/Makefile.am.common
-
-bin_SCRIPTS = krb5-config
-
-pkgconfigdir = $(libdir)/pkgconfig
-
-pkgconfig_DATA = heimdal-gssapi.pc
-
-man_MANS = krb5-config.1
-
-if PKINIT
-LIB_pkinit = -lhx509
-endif
-
-subst = sed	-e "s!@PACKAGE\@!$(PACKAGE)!g" \
-		-e "s!@VERSION\@!$(VERSION)!g" \
-		-e "s!@prefix\@!$(prefix)!g" \
-		-e "s!@exec_prefix\@!$(exec_prefix)!g" \
-		-e "s!@libdir\@!$(libdir)!g" \
-		-e "s!@includedir\@!$(includedir)!g" \
-		-e "s!@LIB_crypt\@!$(LIB_crypt)!g" \
-		-e "s!@LIB_dbopen\@!$(LIB_dbopen)!g" \
-		-e "s!@INCLUDE_hcrypto\@!$(INCLUDE_hcrypto)!g" \
-		-e "s!@LIB_hcrypto_appl\@!$(LIB_hcrypto_appl)!g" \
-		-e "s!@LIB_dlopen\@!$(LIB_dlopen)!g" \
-		-e "s!@LIB_door_create\@!$(LIB_door_create)!g" \
-		-e "s!@LIB_pkinit\@!$(LIB_pkinit)!g" \
-		-e "s!@LIBS\@!$(LIBS)!g"
-
-krb5-config: krb5-config.in
-	$(subst) $(srcdir)/krb5-config.in > $@.new
-	mv $@.new $@
-	chmod +x $@
-
-heimdal-gssapi.pc: heimdal-gssapi.pc.in
-	$(subst) $(srcdir)/heimdal-gssapi.pc.in > $@.new
-	mv $@.new $@
-
-EXTRA_DIST = \
-	$(man_MANS) \
-	heimdal-build.sh \
-	krb5-config.in \
-	heimdal-gssapi.pc.in \
-	kdc-log-analyze.pl
-
-CLEANFILES = \
-	krb5-config \
-	krb5-config.new \
-	heimdal-gssapi.pc \
-	heimdal-gssapi.pc.new
-
diff --git a/crypto/heimdal/tools/Makefile.in b/crypto/heimdal/tools/Makefile.in
deleted file mode 100644
index 7fee3430484a..000000000000
--- a/crypto/heimdal/tools/Makefile.in
+++ /dev/null
@@ -1,805 +0,0 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am 22413 2008-01-12 05:58:14Z lha $
-
-# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $
-
-# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $
-
-
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/cf/Makefile.am.common
-subdir = tools
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
-	$(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
-	$(top_srcdir)/cf/broken-getaddrinfo.m4 \
-	$(top_srcdir)/cf/broken-glob.m4 \
-	$(top_srcdir)/cf/broken-realloc.m4 \
-	$(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
-	$(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
-	$(top_srcdir)/cf/capabilities.m4 \
-	$(top_srcdir)/cf/check-compile-et.m4 \
-	$(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
-	$(top_srcdir)/cf/check-man.m4 \
-	$(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
-	$(top_srcdir)/cf/check-type-extra.m4 \
-	$(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
-	$(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
-	$(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
-	$(top_srcdir)/cf/dlopen.m4 \
-	$(top_srcdir)/cf/find-func-no-libs.m4 \
-	$(top_srcdir)/cf/find-func-no-libs2.m4 \
-	$(top_srcdir)/cf/find-func.m4 \
-	$(top_srcdir)/cf/find-if-not-broken.m4 \
-	$(top_srcdir)/cf/framework-security.m4 \
-	$(top_srcdir)/cf/have-struct-field.m4 \
-	$(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
-	$(top_srcdir)/cf/krb-bigendian.m4 \
-	$(top_srcdir)/cf/krb-func-getlogin.m4 \
-	$(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
-	$(top_srcdir)/cf/krb-readline.m4 \
-	$(top_srcdir)/cf/krb-struct-spwd.m4 \
-	$(top_srcdir)/cf/krb-struct-winsize.m4 \
-	$(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
-	$(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
-	$(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
-	$(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
-	$(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
-	$(top_srcdir)/cf/roken-frag.m4 \
-	$(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
-	$(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
-	$(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
-	$(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)" \
-	"$(DESTDIR)$(pkgconfigdir)"
-binSCRIPT_INSTALL = $(INSTALL_SCRIPT)
-SCRIPTS = $(bin_SCRIPTS)
-depcomp =
-am__depfiles_maybe =
-SOURCES =
-DIST_SOURCES =
-man1dir = $(mandir)/man1
-MANS = $(man_MANS)
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
-    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
-    *) f=$$p;; \
-  esac;
-am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
-pkgconfigDATA_INSTALL = $(INSTALL_DATA)
-DATA = $(pkgconfig_DATA)
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-CFLAGS = @CFLAGS@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CXX = @CXX@
-CXXCPP = @CXXCPP@
-CXXFLAGS = @CXXFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DBLIB = @DBLIB@
-DEFS = @DEFS@
-DIR_com_err = @DIR_com_err@
-DIR_hcrypto = @DIR_hcrypto@
-DIR_hdbdir = @DIR_hdbdir@
-DIR_roken = @DIR_roken@
-ECHO = @ECHO@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-F77 = @F77@
-FFLAGS = @FFLAGS@
-GREP = @GREP@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_hcrypto = @INCLUDE_hcrypto@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-INCLUDE_krb4 = @INCLUDE_krb4@
-INCLUDE_openldap = @INCLUDE_openldap@
-INCLUDE_readline = @INCLUDE_readline@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBADD_roken = @LIBADD_roken@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_XauFileName = @LIB_XauFileName@
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_XauWriteAuth = @LIB_XauWriteAuth@
-LIB_bswap16 = @LIB_bswap16@
-LIB_bswap32 = @LIB_bswap32@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_crypt = @LIB_crypt@
-LIB_db_create = @LIB_db_create@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_door_create = @LIB_door_create@
-LIB_el_init = @LIB_el_init@
-LIB_freeaddrinfo = @LIB_freeaddrinfo@
-LIB_gai_strerror = @LIB_gai_strerror@
-LIB_getaddrinfo = @LIB_getaddrinfo@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_gethostbyname2 = @LIB_gethostbyname2@
-LIB_getnameinfo = @LIB_getnameinfo@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_hcrypto = @LIB_hcrypto@
-LIB_hcrypto_a = @LIB_hcrypto_a@
-LIB_hcrypto_appl = @LIB_hcrypto_appl@
-LIB_hcrypto_so = @LIB_hcrypto_so@
-LIB_hesiod = @LIB_hesiod@
-LIB_hstrerror = @LIB_hstrerror@
-LIB_kdb = @LIB_kdb@
-LIB_krb4 = @LIB_krb4@
-LIB_loadquery = @LIB_loadquery@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_openldap = @LIB_openldap@
-LIB_openpty = @LIB_openpty@
-LIB_otp = @LIB_otp@
-LIB_pidfile = @LIB_pidfile@
-LIB_readline = @LIB_readline@
-LIB_res_ndestroy = @LIB_res_ndestroy@
-LIB_res_nsearch = @LIB_res_nsearch@
-LIB_res_search = @LIB_res_search@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
-PTHREADS_LIBS = @PTHREADS_LIBS@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VERSIONING = @VERSIONING@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-XMKMF = @XMKMF@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_CXX = @ac_ct_CXX@
-ac_ct_F77 = @ac_ct_F77@
-am__leading_dot = @am__leading_dot@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-AM_CFLAGS = $(WFLAGS)
-CP = cp
-buildinclude = $(top_builddir)/include
-LIB_getattr = @LIB_getattr@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_setpcred = @LIB_setpcred@
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-NROFF_MAN = groff -mandoc -Tascii
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-bin_SCRIPTS = krb5-config
-pkgconfigdir = $(libdir)/pkgconfig
-pkgconfig_DATA = heimdal-gssapi.pc
-man_MANS = krb5-config.1
-@PKINIT_TRUE@LIB_pkinit = -lhx509
-subst = sed	-e "s!@PACKAGE\@!$(PACKAGE)!g" \
-		-e "s!@VERSION\@!$(VERSION)!g" \
-		-e "s!@prefix\@!$(prefix)!g" \
-		-e "s!@exec_prefix\@!$(exec_prefix)!g" \
-		-e "s!@libdir\@!$(libdir)!g" \
-		-e "s!@includedir\@!$(includedir)!g" \
-		-e "s!@LIB_crypt\@!$(LIB_crypt)!g" \
-		-e "s!@LIB_dbopen\@!$(LIB_dbopen)!g" \
-		-e "s!@INCLUDE_hcrypto\@!$(INCLUDE_hcrypto)!g" \
-		-e "s!@LIB_hcrypto_appl\@!$(LIB_hcrypto_appl)!g" \
-		-e "s!@LIB_dlopen\@!$(LIB_dlopen)!g" \
-		-e "s!@LIB_door_create\@!$(LIB_door_create)!g" \
-		-e "s!@LIB_pkinit\@!$(LIB_pkinit)!g" \
-		-e "s!@LIBS\@!$(LIBS)!g"
-
-EXTRA_DIST = \
-	$(man_MANS) \
-	heimdal-build.sh \
-	krb5-config.in \
-	heimdal-gssapi.pc.in \
-	kdc-log-analyze.pl
-
-CLEANFILES = \
-	krb5-config \
-	krb5-config.new \
-	heimdal-gssapi.pc \
-	heimdal-gssapi.pc.new
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  --ignore-deps tools/Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  --ignore-deps tools/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-install-binSCRIPTS: $(bin_SCRIPTS)
-	@$(NORMAL_INSTALL)
-	test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
-	@list='$(bin_SCRIPTS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  if test -f $$d$$p; then \
-	    f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
-	    echo " $(binSCRIPT_INSTALL) '$$d$$p' '$(DESTDIR)$(bindir)/$$f'"; \
-	    $(binSCRIPT_INSTALL) "$$d$$p" "$(DESTDIR)$(bindir)/$$f"; \
-	  else :; fi; \
-	done
-
-uninstall-binSCRIPTS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_SCRIPTS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
-	  echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(bindir)/$$f"; \
-	done
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-man1: $(man1_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)"
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    1*) ;; \
-	    *) ext='1' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \
-	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \
-	done
-uninstall-man1:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    1*) ;; \
-	    *) ext='1' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \
-	  rm -f "$(DESTDIR)$(man1dir)/$$inst"; \
-	done
-install-pkgconfigDATA: $(pkgconfig_DATA)
-	@$(NORMAL_INSTALL)
-	test -z "$(pkgconfigdir)" || $(MKDIR_P) "$(DESTDIR)$(pkgconfigdir)"
-	@list='$(pkgconfig_DATA)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f=$(am__strip_dir) \
-	  echo " $(pkgconfigDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(pkgconfigdir)/$$f'"; \
-	  $(pkgconfigDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(pkgconfigdir)/$$f"; \
-	done
-
-uninstall-pkgconfigDATA:
-	@$(NORMAL_UNINSTALL)
-	@list='$(pkgconfig_DATA)'; for p in $$list; do \
-	  f=$(am__strip_dir) \
-	  echo " rm -f '$(DESTDIR)$(pkgconfigdir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(pkgconfigdir)/$$f"; \
-	done
-tags: TAGS
-TAGS:
-
-ctags: CTAGS
-CTAGS:
-
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(SCRIPTS) $(MANS) $(DATA) all-local
-installdirs:
-	for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(pkgconfigdir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-generic
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-info: info-am
-
-info-am:
-
-install-data-am: install-man install-pkgconfigDATA
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-dvi: install-dvi-am
-
-install-exec-am: install-binSCRIPTS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-html: install-html-am
-
-install-info: install-info-am
-
-install-man: install-man1
-
-install-pdf: install-pdf-am
-
-install-ps: install-ps-am
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-binSCRIPTS uninstall-man \
-	uninstall-pkgconfigDATA
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) uninstall-hook
-
-uninstall-man: uninstall-man1
-
-.MAKE: install-am install-data-am install-exec-am install-strip \
-	uninstall-am
-
-.PHONY: all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool dist-hook distclean \
-	distclean-generic distclean-libtool distdir dvi dvi-am html \
-	html-am info info-am install install-am install-binSCRIPTS \
-	install-data install-data-am install-data-hook install-dvi \
-	install-dvi-am install-exec install-exec-am install-exec-hook \
-	install-html install-html-am install-info install-info-am \
-	install-man install-man1 install-pdf install-pdf-am \
-	install-pkgconfigDATA install-ps install-ps-am install-strip \
-	installcheck installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-generic \
-	mostlyclean-libtool pdf pdf-am ps ps-am uninstall uninstall-am \
-	uninstall-binSCRIPTS uninstall-hook uninstall-man \
-	uninstall-man1 uninstall-pkgconfigDATA
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
-	@foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done ; \
-	foo='$(nobase_include_HEADERS)'; \
-	for f in $$foo; do \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		$(mkdir_p) $(buildinclude)/`dirname $$f` ; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)' = "no-check-local"; then \
-	  foo=''; elif test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0 || exit 1; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-uninstall-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-uninstall-hook: uninstall-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#
-# Useful target for debugging
-#
-
-check-valgrind:
-	tobjdir=`cd $(top_builddir) && pwd` ; \
-	tsrcdir=`cd $(top_srcdir) && pwd` ; \
-	env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
-
-#
-# Target to please samba build farm, builds distfiles in-tree.
-# Will break when automake changes...
-#
-
-distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" != .; then \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
-	  fi ; \
-	done
-
-krb5-config: krb5-config.in
-	$(subst) $(srcdir)/krb5-config.in > $@.new
-	mv $@.new $@
-	chmod +x $@
-
-heimdal-gssapi.pc: heimdal-gssapi.pc.in
-	$(subst) $(srcdir)/heimdal-gssapi.pc.in > $@.new
-	mv $@.new $@
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/tools/build.sh b/crypto/heimdal/tools/build.sh
deleted file mode 100755
index fad860836dbb..000000000000
--- a/crypto/heimdal/tools/build.sh
+++ /dev/null
@@ -1,212 +0,0 @@
-#!/bin/sh
-#
-# Build many combinations of kth-krb/heimdal/openssl
-#
-# $Id: build.sh,v 1.8 2003/04/17 12:55:02 lha Exp $
-
-opt_n= #:
-make_f= #-j
-
-heimdal_versions="0.5.2 0.6pre4"
-krb4_versions="1.2.2"
-openssl_versions="0.9.6i 0.9.7a 0.9.7b"
-
-make_check_version=".*heimdal-0.6.*"
-
-# 0.5 dont eat 0.9.7
-dont_build="openssl-0.9.7.*heimdal-0.5.*"
-# 1.2 dont eat 0.9.7
-dont_build="openssl-0.9.7.*krb4-1.2.* ${dont_build}"
-#yacc problems
-dont_build="openssl-0.9.6.*heimdal-0.5.*osf4.* ${dont_build}"
-#local openssl 09.7 and broken kuser/Makefile.am
-dont_build="openssl-0.9.6.*heimdal-0.5.*freebsd4.8.* ${dont_build}" 
-failed=
-
-# Allow override
-for a in $HOME . /etc ; do 
-    [ -f $a/.heimdal-build ] && . $a/.heimdal-build
-done
-
-targetdir=${targetdir:-/scratch/heimdal-test}
-logfile="${targetdir}/buildlog"
-
-distdirs="${distdirs} /afs/su.se/home/l/h/lha/Public/openssl"
-distdirs="${distdirs} /afs/pdc.kth.se/public/ftp/pub/heimdal/src"
-distdirs="${distdirs} /afs/pdc.kth.se/public/ftp/pub/heimdal/src/snapshots"
-distdirs="${distdirs} /afs/pdc.kth.se/public/ftp/pub/krb/src"
-
-
-logprint () {
-    d=`date '+%Y-%m-%d %H:%M:%S'`
-    echo "${d}: $*"
-    echo "${d}: --- $*" >> ${logfile}
-}
-
-logerror () {
-    echo "$*"
-    exit 1
-}
-
-find_unzip_prog () {
-    unzip_prog=
-    oldIFS="$IFS"
-    IFS=:
-    set -- $PATH
-    IFS="$oldIFS"
-    for a in $* ; do
-	if [ -x $a/gzip ] ; then
-	    unzip_prog="$a/gzip -dc"
-	    break
-	elif [ -x $a/gunzip ] ; then
-	    unzip_prog="$a/gunzip -c"
-	    break
-	fi
-    done
-    [ "$unzip_prog" = "" ] && logerror failed to find unzip program
-}
-
-find_canon_name () {
-    canon_name=
-    for a in ${distdirs} ; do
-	if [ -f $a/config.guess ] ; then
-	    canon_name=`$a/config.guess`
-	fi
-	if [ "${canon_name}" != "" ] ; then
-	    break
-	fi
-    done
-    [ "${canon_name}" = "" ] && logerror "cant find config.guess"
-}
-
-do_check_p () {
-    eval check_var=\$"$1"
-    for a in ${check_var} ; do
-	expr "$2${canon_name}" : "${a}" > /dev/null 2>&1 && return 1
-    done
-    return 0
-}
-
-unpack_tar () {
-    for a in ${distdirs} ; do
-	if [ -f $a/$1 ] ; then
-	    ${opt_n} ${unzip_prog} ${a}/$1 | ${opt_n} tar xf -
-	    return 0
-	fi
-    done
-    logerror "did not find $1"
-}
-
-build () {
-    real_ver=$1
-    prog=$2
-    ver=$3
-    confprog=$4
-    checks=$5
-    pv=${prog}-${ver}
-    mkdir tmp || logerror "failed to build tmpdir"
-    cd tmp || logerror "failed to change dir to tmpdir"
-    do_check_p dont_build ${real_ver} || \
-	{ cd .. ; rmdir tmp ; logprint "not building $1" && return 0 ; }
-    cd .. || logerror "failed to change back from tmpdir"
-    rmdir tmp || logerror "failed to remove tmpdir"
-    logprint "preparing for ${pv}"
-    ${opt_n} rm -rf ${targetdir}/${prog}-${ver}
-    ${opt_n} rm -rf ${prog}-${ver}
-    unpack_tar ${pv}.tar.gz
-    ${opt_n} cd ${pv} || logerror directory ${pv} not there
-    logprint "configure ${prog} ${ver} (${confprog})"
-    ${opt_n} ./${confprog} \
-	--prefix=${targetdir}/${pv} >> ${logfile} 2>&1 || \
-	    { logprint failed to configure ${pv} ; return 1 ; }
-    logprint "make ${prog} ${ver}"
-    ${opt_n} make ${make_f} >> ${logfile} 2>&1 || \
-	{ logprint failed to make ${pv} ; return 1 ; }
-    ${opt_n} make install >> ${logfile} 2>&1 || \
-	{ logprint failed to install ${pv} ; return 1 ; }
-    do_check_p make_check_version ${real_ver} || \
-    	{ ${opt_n} make check >> ${logfile} 2>&1 || return 1 ; }
-    ${opt_n} cd ..
-    [ "${checks}" != "" ] && ${opt_n} ${checks} >> ${logfile} 2>&1
-    return 0
-}
-
-find_canon_name
-
-logprint using host `hostname`
-logprint `uname -a`
-logprint canonical name ${canon_name}
-
-logprint clearing logfile
-> ${logfile}
-
-find_unzip_prog
-
-logprint using target dir ${targetdir}
-mkdir -p ${targetdir}/src
-cd ${targetdir}/src || exit 1
-rm -rf heimdal* openssl* krb4*
-
-logprint === building openssl versions
-for vo in ${openssl_versions} ; do
-    build openssl-${vo} openssl $vo config
-done
-
-wssl="--with-openssl=${targetdir}/openssl"
-wssli="--with-openssl-include=${targetdir}/openssl"	#this is a hack for broken heimdal 0.5.x autoconf test
-wossl="--without-openssl"
-wk4c="--with-krb4-config=${targetdir}/krb4"
-bk4c="/bin/krb4-config"
-wok4="--without-krb4"
-
-logprint === building heimdal w/o krb4 versions
-for vo in ${openssl_versions} ; do
-    for vh in ${heimdal_versions} ; do
-	v="openssl-${vo}-heimdal-${vh}"
-	build "${v}" \
-	    heimdal ${vh} \
-	    "configure ${wok4} ${wssl}-${vo} ${wssli}-${vo}/include" \
-	    "${targetdir}/heimdal-${vh}/bin/krb5-config --libs | grep lcrypto" \ || \
-	    { failed="${failed} ${v}" ; logprint ${v} failed ; }
-    done
-done
-
-logprint === building krb4
-for vo in ${openssl_versions} ; do
-    for vk in ${krb4_versions} ; do
-	v="openssl-${vo}-krb4-${vk}"
-	build "${v}" \
-	    krb4 ${vk} \
-	    "configure ${wssl}-${vo}" \
-	    "${targetdir}/krb4-${vk}/bin/krb4-config --libs | grep lcrypto"|| \
-	    { failed="${failed} ${v}" ; logprint ${v} failed ; }
-    done
-done
-
-logprint === building heimdal with krb4 versions
-for vo in ${openssl_versions} ; do
-    for vk in ${krb4_versions} ; do
-	for vh in ${heimdal_versions} ; do
-	    v="openssl-${vo}-krb4-${vk}-heimdal-${vh}"
-	    build "${v}" \
-		heimdal ${vh} \
-		"configure ${wk4c}-${vk}${bk4c} ${wssl}-${vo} ${wssli}-${vo}/include" \
-		"${targetdir}/heimdal-${vh}/bin/krb5-config --libs | grep lcrypto && ${targetdir}/heimdal-${vh}/bin/krb5-config --libs | grep krb4" \
-		 || \
-	    { failed="${failed} ${v}" ; logprint ${v} failed ; }
-	done
-    done
-done
-
-logprint === building heimdal without krb4 and openssl versions
-for vh in ${heimdal_versions} ; do
-    v="des-heimdal-${vh}"
-    build "${v}" \
-	heimdal ${vh} \
-	"configure ${wok4} ${wossl}" || \
-	{ failed="${failed} ${v}" ; logprint ${v} failed ; }
-done
-
-logprint all done
-[ "${failed}" != "" ] && logprint "failed: ${failed}"
-exit 0
diff --git a/crypto/heimdal/tools/heimdal-build.sh b/crypto/heimdal/tools/heimdal-build.sh
deleted file mode 100644
index 4e8a7eaa9e44..000000000000
--- a/crypto/heimdal/tools/heimdal-build.sh
+++ /dev/null
@@ -1,295 +0,0 @@
-#!/bin/sh
-# Fetches, builds and store the result of a heimdal build
-# Version: $Id: heimdal-build.sh 21653 2007-07-18 20:15:59Z lha $
-
-fetchmethod=wget	   #options are: wget, curl, ftp, afs
-resultdir=
-email=heimdal-build-log@it.su.se
-baseurl=ftp://ftp.pdc.kth.se/pub/heimdal/src
-afsdir=/afs/pdc.kth.se/public/ftp/pub/heimdal/src
-keeptree=no
-passhrase=
-builddir=
-noemail=
-cputimelimit=3600
-confflags=
-
-# Add some bonus paths, to find sendmail and other tools
-# on interesting platforms.
-PATH="${PATH}:/usr/sbin:/usr/bin:/usr/libexec:/usr/lib"
-PATH="${PATH}:/usr/local/bin:/usr/local/sbin"
-
-# no more user configurabled part below (hopefully)
-
-usage="[--current] [--svn SourceRepository] [--cvs-flags] [--result-directory dir] [--fetch-method wget|ftp|curl|cvs|fetch|afs] --keep-tree] [--autotools] [--passhrase string] [--no-email] [--build-dir dir] [--cputime] [--distcheck] [--test-environment env] [--configure-flags flags]"
-
-date=`date +%Y%m%d`
-if [ "$?" != 0 ]; then
-    echo "have no sane date, punting"
-    exit 1
-fi
-
-hostname=`hostname`
-if [ "$?" != 0 ]; then
-    echo "have no sane hostname, punting"
-    exit 1
-fi
-
-version=`grep "^# Version: " "$0" | cut -f2- -d:`
-if [ "X${version}" = X ]; then
-    echo "Can not figure out what version I am"
-    exit 1
-fi
-
-dir=
-hversion=
-cvsroot=
-cvsflags=
-cvsbranch=
-branch=
-autotools=no
-distcheck=no
-
-while true
-do
-	case $1 in
-	--autotools)
-		autotools=yes
-		shift
-		;;
-	--build-dir)
-		builddir="$2"
-		shift 2
-		;;
-	--current)
-		dir="snapshots/"
-		hversion="heimdal-${date}"
-		shift
-		;;
-	--release)
-		hversion="heimdal-$2"
-		shift 2
-		;;
-	--cputime)
-		cputimelimit="$2"
-		shift 2
-		;;
-	--ccache-dir)
-		ccachedir="$2"
-		shift 2
-		;;
-	--svn)
-		hversion="heimdal-svn-${date}"
-		svnroot=$2
-		fetchmethod=svn
-		shift 2
-		;;
-	--distcheck)
-		distcheck=yes
-		shift
-		;;
-	--result-directory)
-		resultdir="$2"
-		if [ ! -d "$resultdir" ]; then
-		    echo "$resultdir doesn't exists"
-		    exit 1
-		fi
-		resultdir="`pwd`/${resultdir}"
-		shift 2
-		;;
-	--fetch-method)
-		fetchmethod="$2"
-		shift 2
-		;;
-	--keep-tree)
-		keeptree=yes
-		shift
-		;;
-	--passphrase)
-		passhrase="$2"
-		shift 2
-		;;
-	--prepend-path)
-		prependpath="$2"
-		shift 2
-		;;
-	--test-environment)
-		testenvironment="$2"
-		shift 2
-		;;
-	--no-email)
-		noemail="yes"
-		shift
-		;;
-	--configure-flags)
-		confflags="${confflags} $2"
-		shift 2
-		;;
-	--version)
-		echo "Version: $version"
-		exit 0
-		;;
-	-*)
-		echo "unknown option: $1"
-		break
-		;;
-	*)
-		break
-		;;
-	esac
-done
-if test $# -gt 0; then
-	echo $usage
-	exit 1
-fi
-
-if [ "X${hversion}" = X ]; then
-	echo "no version given"
-	exit 0
-fi
-
-hfile="${hversion}.tar.gz"
-url="${baseurl}/${dir}${hfile}"
-afsfile="${afsdir}/${dir}${hfile}"
-unpack=yes
-
-# extra paths for the user
-if [ "X${prependpath}" != X ]; then
-	PATH="${prependpath}:${PATH}"
-fi
-
-# Limit cpu seconds this all can take
-ulimit -t "$cputimelimit" > /dev/null 2>&1
-
-if [ "X${builddir}" != X ]; then
-	echo "Changing build dir to ${builddir}"
-	cd "${builddir}"
-fi
-
-echo "Removing old source" 
-rm -rf ${hversion}
-
-echo "Fetching ${hversion} using $fetchmethod"
-case "$fetchmethod" in
-wget|ftp|fetch)
-	${fetchmethod} $url > /dev/null
-	res=$?
-	;;
-curl)
-	${fetchmethod} -o ${hfile} ${url} > /dev/null
-	res=$?
-	;;
-afs)
-	cp ${afsfile} ${hfile}
-	res=$?
-	;;
-svn)
-	svn co $svnroot ${hversion}
-	res=$?
-	unpack=no
-	autotools=yes
-	;;
-*)
-	echo "unknown fetch method"
-	;;
-esac
-
-if [ "X$res" != X0 ]; then
-	echo "Failed to download the tar-ball"
-	exit 1
-fi
-
-if [ X"$unpack" = Xyes ]; then
-	echo Unpacking source
-	(gzip -dc ${hfile} | tar xf -) || exit 1
-fi
-
-if [ X"$autotools" = Xyes ]; then
-	echo "Autotooling"
-	(cd ${hversion} && sh ./autogen.sh) || exit 1
-fi
-
-if [ X"$ccachedir" != X ]; then
-	CCACHE_DIR="${ccachedir}"
-	export CCACHE_DIR
-fi
-
-cd ${hversion} || exit 1
-
-makecheckenv=
-if [ X"${testenvironment}" != X ] ; then
-    makecheckenv="${makecheckenv} TESTS_ENVIRONMENT=\"${testenvironment}\""
-fi
-
-mkdir socket_wrapper_dir
-SOCKET_WRAPPER_DIR=`pwd`/socket_wrapper_dir
-export SOCKET_WRAPPER_DIR
-
-echo "Configuring and building ($hversion)"
-echo "./configure --enable-socket-wrapper ${confflags}" > ab.txt
-./configure --enable-socket-wrapper ${confflags} >> ab.txt 2>&1
-if [ $? != 0 ] ; then
-    echo Configure failed
-    status=${status:-configure}
-fi
-echo make all >> ab.txt
-make all >> ab.txt 2>&1
-if [ $? != 0 ] ; then
-    echo Make all failed
-    status=${status:-make all}
-fi
-echo make check >> ab.txt
-eval env $makecheckenv make check >> ab.txt 2>&1
-if [ $? != 0 ] ; then
-    echo Make check failed
-    status=${status:-make check}
-fi
-
-if [ "$distcheck" = yes ] ; then
-    echo make distcheck >> ab.txt
-    if [ $? != 0 ] ; then
-        echo Make check failed
-        status=${status:-make distcheck}
-    fi
-fi
-
-status=${status:-ok}
-
-echo "done: ${status}"
-
-if [ "X${resultdir}" != X ] ; then
-	cp ab.txt "${resultdir}/ab-${hversion}-${hostname}-${date}.txt"
-fi
-
-if [ "X${noemail}" = X ] ; then
-	cat > email-header <<EOF
-From: ${USER:-unknown-user}@${hostname}
-To: <heimdal-build-log@it.su.se>
-Subject: heimdal-build-log SPAM COOKIE
-X-heimdal-build: kaka-till-love
-
-Script-version: ${version}
-Heimdal-version: ${hversion}
-Machine: `uname -a`
-Status: $status
-EOF
-
-	if [ "X$passhrase" != X ] ; then
-		cat >> email-header <<EOF
-autobuild-passphrase: ${passhrase}
-EOF
-	fi
-		cat >> email-header <<EOF
-------L-O-G------------------------------------
-EOF
-
-	cat email-header ab.txt | sendmail "${email}"
-fi
-
-cd ..
-if [ X"$keeptree" != Xyes ] ; then
-    rm -rf ${hversion}
-fi
-rm -f ${hfile}
-
-exit 0
diff --git a/crypto/heimdal/tools/heimdal-gssapi.pc.in b/crypto/heimdal/tools/heimdal-gssapi.pc.in
deleted file mode 100644
index 4589deedc026..000000000000
--- a/crypto/heimdal/tools/heimdal-gssapi.pc.in
+++ /dev/null
@@ -1,14 +0,0 @@
-# $Id$
-prefix=@PREFIX@
-exec_prefix=${prefix}
-libdir=${exec_prefix}/lib
-includedir=${prefix}/include
-
-Name: @PACKAGE@
-Description: Heimdal is an implementation of Kerberos 5, freely available under a three clause BSD style license.
-Version: @VERSION@
-URL: http://www.pdc.kth.se/heimdal/
-#Requires: foo = 1.3.1
-#Conflicts: bar <= 4.5
-Libs: -L${libdir} -lgssapi -lheimntlm -lkrb5 @LIB_pkinit@ -lcom_err @LIB_hcrypto_appl@ -lasn1 -lroken @LIB_crypt@ @LIB_dlopen@ @LIB_door_create@ @LIBS@
-Cflags: -I${includedir}
diff --git a/crypto/heimdal/tools/kdc-log-analyze.pl b/crypto/heimdal/tools/kdc-log-analyze.pl
deleted file mode 100755
index 08d3e38d8966..000000000000
--- a/crypto/heimdal/tools/kdc-log-analyze.pl
+++ /dev/null
@@ -1,549 +0,0 @@
-#! /usr/pkg/bin/perl
-# -*- mode: perl; perl-indent-level: 8 -*-
-# 
-# Copyright (c) 2003 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-# 
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-# 
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-# 
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-# 
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-# 
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-#
-# $Id: kdc-log-analyze.pl 17173 2006-04-23 13:19:21Z lha $
-#
-# kdc-log-analyze - Analyze a KDC log file and give a report on the contents
-#
-# Note: The parts you want likely want to customize are the variable $notlocal,
-# the array @local_network_re and the array @local_realms.
-#
-# Idea and implemetion for MIT Kerberos was done first by 
-# Ken Hornstein <kenh@cmf.nrl.navy.mil>, this program wouldn't exists
-# without his help.
-#
-
-use strict;
-use Sys::Hostname;
-
-my $notlocal = 'not SU';
-my @local_realms = ( "SU.SE" );
-my @local_networks_re = 
-    ( 
-      "130\.237",
-      "193\.11\.3[0-9]\.",
-      "130.242.128",
-      "2001:6b0:5:"
-      );
-
-my $as_req = 0;
-my %as_req_addr;
-my %as_req_addr_nonlocal;
-my %as_req_client;
-my %as_req_server;
-my %addr_uses_des;
-my %princ_uses_des;
-my $five24_req = 0;
-my %five24_req_addr;
-my %five24_req_addr_nonlocal;
-my %five24_req_server;
-my %five24_req_client;
-my $as_req_successful = 0;
-my $as_req_error = 0;
-my $no_such_princ = 0;
-my %no_such_princ_princ;
-my %no_such_princ_addr;
-my %no_such_princ_addr_nonlocal;
-my $as_req_etype_odd = 0;
-my %bw_addr;
-my $pa_alt_princ_request = 0;
-my $pa_alt_princ_verify = 0;
-my $tgs_req = 0;
-my %tgs_req_addr;
-my %tgs_req_addr_nonlocal;
-my %tgs_req_client;
-my %tgs_req_server;
-my $tgs_xrealm_out = 0;
-my %tgs_xrealm_out_realm;
-my %tgs_xrealm_out_princ;
-my $tgs_xrealm_in = 0;
-my %tgs_xrealm_in_realm;
-my %tgs_xrealm_in_princ;
-my %enctype_session;
-my %enctype_ticket;
-my $restarts = 0;
-my $forward_non_forward = 0;
-my $v4_req = 0;
-my %v4_req_addr;
-my %v4_req_addr_nonlocal;
-my $v4_cross = 0;
-my %v4_cross_realm;
-my $v5_cross = 0;
-my %v5_cross_realm;
-my $referrals = 0;
-my %referral_princ;
-my %referral_realm;
-my %strange_tcp_data;
-my $http_malformed = 0;
-my %http_malformed_addr;
-my $http_non_kdc = 0;
-my %http_non_kdc_addr;
-my $tcp_conn_timeout = 0;
-my %tcp_conn_timeout_addr;
-my $failed_processing = 0;
-my %failed_processing_addr;
-my $connection_closed = 0;
-my %connection_closed_addr;
-my $pa_failed = 0;
-my %pa_failed_princ;
-my %pa_failed_addr;
-my %ip;
-
-$ip{'4'} = $ip{'6'} = 0;
-
-while (<>) {
-	process_line($_);
-}
-
-print "Kerberos KDC Log Report for ", 
-    hostname, " on ", scalar localtime, "\n\n";
-
-print "General Statistics\n\n";
-
-print "\tNumber of IPv4 requests: $ip{'4'}\n";
-print "\tNumber of IPv6 requests: $ip{'6'}\n\n";
-
-print "\tNumber of restarts: $restarts\n";
-print "\tNumber of V4 requests: $v4_req\n";
-if ($v4_req > 0) {
-	print "\tTop ten IP addresses performing V4 requests:\n";
-	topten(\%v4_req_addr);
-}
-if (int(keys %v4_req_addr_nonlocal) > 0) {
-	print "\tTop ten $notlocal IP addresses performing V4 requests:\n";
-	topten(\%v4_req_addr_nonlocal);
-
-}
-print "\n";
-
-print "\tNumber of V4 cross realms (krb4 and 524) requests: $v4_cross\n";
-if ($v4_cross > 0) {
-	print "\tTop ten realms performing V4 cross requests:\n";
-	topten(\%v4_cross_realm);
-}
-print "\n";
-
-print "\tNumber of V45 cross realms requests: $v5_cross\n";
-if ($v5_cross > 0) {
-	print "\tTop ten realms performing V4 cross requests:\n";
-	topten(\%v5_cross_realm);
-}
-print "\n";
-
-print "\tNumber of failed lookups: $no_such_princ\n";
-if ($no_such_princ > 0) {
-	print "\tTop ten IP addresses failing to find principal:\n";
-	topten(\%no_such_princ_addr);
-	print "\tTop ten $notlocal IP addresses failing find principal:\n";
-	topten(\%no_such_princ_addr_nonlocal);
-	print "\tTop ten failed to find principals\n";
-	topten(\%no_such_princ_princ);
-}
-print "\n";
-
-print "\tBandwidth pigs:\n";
-topten(\%bw_addr);
-print "\n";
-
-print "\tStrange TCP data clients: ", int(keys %strange_tcp_data),"\n";
-topten(\%strange_tcp_data);
-print "\n";
-
-print "\tTimeout waiting on TCP requests: ", $tcp_conn_timeout,"\n";
-if ($tcp_conn_timeout > 0) {
-	print "\tTop ten TCP timeout request clients\n";
-	topten(\%tcp_conn_timeout_addr);
-}
-print "\n";
-
-print "\tFailed processing requests: ", $failed_processing,"\n";
-if ($failed_processing > 0) {
-	print "\tTop ten failed processing request clients\n";
-	topten(\%failed_processing_addr);
-}
-print "\n";
-
-print "\tConnection closed requests: ", $connection_closed,"\n";
-if ($connection_closed > 0) {
-	print "\tTop ten connection closed request clients\n";
-	topten(\%connection_closed_addr);
-}
-print "\n";
-
-print "\tMalformed HTTP requests: ", $http_malformed,"\n";
-if ($http_malformed > 0) {
-	print "\tTop ten malformed HTTP request clients\n";
-	topten(\%http_malformed_addr);
-}
-print "\n";
-
-print "\tHTTP non kdc requests: ", $http_non_kdc,"\n";
-if ($http_non_kdc > 0) {
-	print "\tTop ten HTTP non KDC request clients\n";
-	topten(\%http_non_kdc_addr);
-}
-print "\n";
-
-print "Report on AS_REQ requests\n\n";
-print "Overall AS_REQ statistics\n\n";
-
-print "\tTotal number: $as_req\n";
-
-print "\nAS_REQ client/server statistics\n\n";
-
-print "\tDistinct IP Addresses performing requests: ", 
-    int(keys %as_req_addr),"\n";
-print "\tOverall top ten IP addresses\n";
-topten(\%as_req_addr);
-
-print "\tDistinct non-local ($notlocal) IP Addresses performing requests: ",
-					int(keys %as_req_addr_nonlocal), "\n";
-print "\tTop ten non-local ($notlocal) IP address:\n";
-topten(\%as_req_addr_nonlocal);
-
-print "\n\tPreauth failed for for: ", $pa_failed, " requests\n";
-if ($pa_failed) {
-	print "\tPreauth failed top ten IP addresses:\n";
-	topten(\%pa_failed_addr);
-	print "\tPreauth failed top ten principals:\n";
-	topten(\%pa_failed_princ);
-}
-
-print "\n\tDistinct clients performing requests: ", 
-    int(keys %as_req_client), "\n";
-print "\tTop ten clients:\n";
-topten(\%as_req_client);
-
-print "\tDistinct services requested: ", int(keys %as_req_server), "\n";
-print "\tTop ten requested services:\n";
-topten(\%as_req_server);
-
-print "\n\n\nReport on TGS_REQ requests:\n\n";
-print "Overall TGS_REQ statistics\n\n";
-print "\tTotal number: $tgs_req\n";
-
-print "\nTGS_REQ client/server statistics\n\n";
-print "\tDistinct IP addresses performing requests: ",
-				int(keys %tgs_req_addr), "\n";
-print "\tOverall top ten IP addresses\n";
-topten(\%tgs_req_addr);
-
-print "\tDistinct non-local ($notlocal) IP Addresses performing requests: ",
-				int(keys %tgs_req_addr_nonlocal), "\n";
-print "\tTop ten non-local ($notlocal) IP address:\n";
-topten(\%tgs_req_addr_nonlocal);
-
-print "\tDistinct clients performing requests: ",
-				int(keys %tgs_req_client), "\n";
-print "\tTop ten clients:\n";
-topten(\%tgs_req_client);
-
-print "\tDistinct services requested: ", int(keys %tgs_req_server), "\n";
-print "\tTop ten requested services:\n";
-topten(\%tgs_req_server);
-
-print "\n\n\nReport on 524_REQ requests:\n\n";
-
-print "\t524_REQ client/server statistics\n\n";
-
-print "\tDistinct IP Addresses performing requests: ", 
-    int(keys %five24_req_addr),"\n";
-print "\tOverall top ten IP addresses\n";
-topten(\%five24_req_addr);
-
-print "\tDistinct non-local ($notlocal) IP Addresses performing requests: ",
-					int(keys %five24_req_addr_nonlocal), "\n";
-print "\tTop ten non-local ($notlocal) IP address:\n";
-topten(\%five24_req_addr_nonlocal);
-
-print "\tDistinct clients performing requests: ", int(keys %five24_req_client), "\n";
-print "\tTop ten clients:\n";
-topten(\%five24_req_client);
-
-print "\tDistinct services requested: ", int(keys %five24_req_server), "\n";
-print "\tTop ten requested services:\n";
-topten(\%five24_req_server);
-print "\n";
-
-print "Cross realm statistics\n\n";
-
-print "\tNumber of cross-realm tgs out: $tgs_xrealm_out\n";
-if ($tgs_xrealm_out > 0) {
-	print "\tTop ten realms used for out cross-realm:\n";
-	topten(\%tgs_xrealm_out_realm);
-	print "\tTop ten principals use out cross-realm:\n";
-	topten(\%tgs_xrealm_out_princ);
-}
-print "\tNumber of cross-realm tgs in: $tgs_xrealm_in\n";
-if ($tgs_xrealm_in > 0) {
-	print "\tTop ten realms used for in cross-realm:\n";
-	topten(\%tgs_xrealm_in_realm);
-	print "\tTop ten principals use in cross-realm:\n";
-	topten(\%tgs_xrealm_in_princ);
-}
-
-print "\n\nReport on referral:\n\n";
-
-print "\tNumber of referrals: $referrals\n";
-if ($referrals > 0) {
-	print "\tTop ten referral-ed principals:\n";
-	topten(\%referral_princ);
-	print "\tTop ten to realm referrals:\n";
-	topten(\%referral_realm);
-}
-
-print "\n\nEnctype Statistics:\n\n";
-print "\tTop ten session enctypes:\n";
-topten(\%enctype_session);
-print "\tTop ten ticket enctypes:\n";
-topten(\%enctype_ticket);
-
-print "\tDistinct IP addresses using DES: ", int(keys %addr_uses_des), "\n";
-print "\tTop IP addresses using DES:\n";
-topten(\%addr_uses_des);
-print "\tDistinct principals using DES: ", int(keys %princ_uses_des), "\n";
-print "\tTop ten principals using DES:\n";
-topten(\%princ_uses_des);
-
-print "\n";
-
-printf("Requests to forward non-forwardable ticket: $forward_non_forward\n");
-
-
-exit 0;
-
-my $last_addr = "";
-my $last_principal = "";
-
-sub process_line {
-	local($_) = @_;
-	#
-	# Eat these lines that are output as a result of startup (but
-	# log the number of restarts)
-	#
-	if (/AS-REQ \(krb4\) (.*) from IPv([46]):([0-9\.:a-fA-F]+) for krbtgt.*$/){
-		$v4_req++;
-		$v4_req_addr{$3}++;
-		$v4_req_addr_nonlocal{$3}++ if (!islocaladdr($3));
-		$last_addr = $3;
-		$last_principal = $1;
-		$ip{$2}++;
-	} elsif (/AS-REQ (.*) from IPv([46]):([0-9\.:a-fA-F]+) for (.*)$/) {
-		$as_req++;
-		$as_req_client{$1}++;
-		$as_req_server{$4}++;
-		$as_req_addr{$3}++;
-		$as_req_addr_nonlocal{$3}++ if (!islocaladdr($3));
-		$last_addr = $3;
-		$last_principal = $1;
-		$ip{$2}++;
-	} elsif (/TGS-REQ \(krb4\)/) {
-		#Nothing
-	} elsif (/TGS-REQ (.+) from IPv([46]):([0-9\.:a-fA-F]+) for (.*?)( \[.*\]){0,1}$/) {
-		$tgs_req++;
-		$tgs_req_client{$1}++;
-		$tgs_req_server{$4}++;
-		$tgs_req_addr{$3}++;
-		$tgs_req_addr_nonlocal{$3}++ if (!islocaladdr($3));
-		$last_addr = $3;
-		$last_principal = $1;
-		$ip{$2}++;
-
-		my $source = $1;
-		my $dest = $4;
-		
-		if (!islocalrealm($source)) {
-			$tgs_xrealm_in++;
-			$tgs_xrealm_in_princ{$source}++;
-			if ($source =~ /[^@]+@([^@]+)/ ) {
-				$tgs_xrealm_in_realm{$1}++;
-			}
-		}
-		if ($dest =~ /krbtgt\/([^@]+)@[^@]+/) {
-			if (!islocalrealm($1)) {
-				$tgs_xrealm_out++;
-				$tgs_xrealm_out_realm{$1}++;
-				$tgs_xrealm_out_princ{$source}++;
-			}
-		}
-	} elsif (/524-REQ (.*) from IPv([46]):([0-9\.:a-fA-F]+) for (.*)$/) {
-		$five24_req++;
-		$five24_req_client{$1}++;
-		$five24_req_server{$4}++;
-		$five24_req_addr{$3}++;
-		$five24_req_addr_nonlocal{$3}++ if (!islocaladdr($3));
-		$last_addr = $3;
-		$last_principal = $1;
-		$ip{$2}++;
-	} elsif (/TCP data of strange type from IPv[46]:([0-9\.:a-fA-F]+)/) {
-		$strange_tcp_data{$1}++;
-	} elsif (/Lookup (.*) failed: No such entry in the database/) {
-		$no_such_princ++;
-		$no_such_princ_addr{$last_addr}++;
-		$no_such_princ_addr_nonlocal{$last_addr}++ if (!islocaladdr($last_addr));
-		$no_such_princ_princ{$1}++;
-	} elsif (/Lookup .* succeeded$/) {
-		# Nothing
-	} elsif (/Malformed HTTP request from IPv[46]:([0-9\.:a-fA-F]+)$/) {
-		$http_malformed++;
-		$http_malformed_addr{$1}++;
-	} elsif (/TCP-connection from IPv[46]:([0-9\.:a-fA-F]+) expired after [0-9]+ bytes/) {
-		$tcp_conn_timeout++;
-		$tcp_conn_timeout_addr{$1}++;
-	} elsif (/Failed processing [0-9]+ byte request from IPv[46]:([0-9\.:a-fA-F]+)/) {
-		$failed_processing++;
-		$failed_processing_addr{$1}++;
-	} elsif (/connection closed before end of data after [0-9]+ bytes from IPv[46]:([0-9\.:a-fA-F]+)/) {
-		$connection_closed++;
-		$connection_closed_addr{$1}++;
-	} elsif (/HTTP request from IPv[46]:([0-9\.:a-fA-F]+) is non KDC request/) {
-		$http_non_kdc++;
-		$http_non_kdc_addr{$1}++;
-	} elsif (/returning a referral to realm (.*) for server (.*) that was not found/) {
-		$referrals++;
-		$referral_princ{$2}++;
-		$referral_realm{$1}++;
-	} elsif (/krb4 Cross-realm (.*) -> (.*) disabled/) {
-		$v4_cross++;
-		$v4_cross_realm{$1."->".$2}++;
-	} elsif (/524 cross-realm (.*) -> (.*) disabled/) {
-		$v4_cross++;
-		$v4_cross_realm{$1."->".$2}++;
-	} elsif (/cross-realm (.*) -> (.*): no transit through realm (.*)/) {
-	} elsif (/cross-realm (.*) -> (.*) via \[([^\]]+)\]/) {
-		$v5_cross++;
-		$v5_cross_realm{$1."->".$2}++;
-	} elsif (/cross-realm (.*) -> (.*)/) {
-		$v5_cross++;
-		$v5_cross_realm{$1."->".$2}++;
-	} elsif (/sending ([0-9]+) bytes to IPv[46]:([0-9\.:a-fA-F]+)/) {
-		$bw_addr{$2} += $1;
-	} elsif (/Using ([-a-z0-9]+)\/([-a-z0-9]+)/) {
-		$enctype_ticket{$1}++;
-		$enctype_session{$2}++;
-
-		my $ticket = $1;
-		my $session = $2;
-
-		if ($ticket =~ /des-cbc-(crc|md4|md5)/) {
-			$addr_uses_des{$last_addr}++;
-			$princ_uses_des{$last_principal}++;
-		}
-
-	} elsif (/Failed to decrypt PA-DATA -- (.+)$/) {
-		$pa_failed++;
-		$pa_failed_princ{$last_principal}++;
-		$pa_failed_addr{$last_addr}++;
-
-	} elsif (/Request to forward non-forwardable ticket/) {
-		$forward_non_forward++;
-	} elsif (/HTTP request:/) {
-	} elsif (/krb_rd_req: Incorrect network address/) {
-	} elsif (/krb_rd_req: Ticket expired \(krb_rd_req\)/) {
-	} elsif (/Ticket expired \(.*\)/) {
-	} elsif (/krb_rd_req: Can't decode authenticator \(krb_rd_req\)/) {
-	} elsif (/Request from wrong address/) {
-		# XXX
-	} elsif (/UNKNOWN --/) {
-		# XXX
-	} elsif (/Too large time skew -- (.*)$/) {
-		# XXX
-	} elsif (/No PA-ENC-TIMESTAMP --/) {
-		# XXX
-	} elsif (/Looking for pa-data --/) {
-		# XXX
-	} elsif (/Pre-authentication succeded -- (.+)$/) {
-		# XXX
-	} elsif (/Bad request for ([,a-zA-Z0-9]+) ticket/) {
-		# XXX
-	} elsif (/Failed to verify AP-REQ: Ticket expired/) {
-		# XXX 
-	} elsif (/Client not found in database:/) {
-		# XXX
-	} elsif (/Server not found in database \(krb4\)/) {
-	} elsif (/Server not found in database:/) {
-		# XXX
-	} elsif (/newsyslog.*logfile turned over/) {
-		# Nothing
-	} elsif (/Requested flags:/) {
-		# Nothing
-	} elsif (/shutting down/) {
-		# Nothing
-	} elsif (/listening on IP/) {
-		# Nothing
-	} elsif (/commencing operation/) {
-		$restarts++;
-	}
-	#
-	# Log it if we didn't parse the line
-	#
-	else {
-		print "Unknown log file line: $_";
-	}
-}
-
-sub topten {
-	my ($list) = @_;
-	my @keys;
-
-	my $key;
-
-	@keys = (sort {$$list{$b} <=> $$list{$a}} (keys %{$list}));
-	splice @keys, 10;
-
-	foreach $key (@keys) {
-		print "\t\t$key - $$list{$key}\n";
-	}
-}
-
-sub islocaladdr (\$) {
-	my ($addr) = @_;
-	my $net;
-
-	foreach $net (@local_networks_re) {
-		return 1 if ($addr =~ /$net/);
-	}
-	return 0;
-}
-
-sub islocalrealm (\$) {
-	my ($princ) = @_;
-	my $realm;
-
-	foreach $realm (@local_realms) {
-		return 1 if ($princ eq $realm);
-		return 1 if ($princ =~ /[^@]+\@${realm}/);
-	}
-	return 0;
-}
diff --git a/crypto/heimdal/tools/krb5-config.1 b/crypto/heimdal/tools/krb5-config.1
deleted file mode 100644
index 4ed1cd8c44de..000000000000
--- a/crypto/heimdal/tools/krb5-config.1
+++ /dev/null
@@ -1,90 +0,0 @@
-.\" Copyright (c) 2000 - 2001 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: krb5-config.1 11648 2003-02-16 21:10:32Z lha $
-.\"
-.Dd November 30, 2000
-.Dt KRB5-CONFIG 1
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5-config
-.Nd "give information on how to link code against Heimdal libraries"
-.Sh SYNOPSIS
-.Nm
-.Op Fl -prefix Ns Op = Ns Ar dir
-.Op Fl -exec-prefix Ns Op = Ns Ar dir
-.Op Fl -libs
-.Op Fl -cflags
-.Op Ar libraries
-.Sh DESCRIPTION
-.Nm
-tells the application programmer what special flags to use to compile
-and link programs against the libraries installed by Heimdal.
-.Pp
-Options supported:
-.Bl -tag -width Ds
-.It Fl -prefix Ns Op = Ns Ar dir
-Print the prefix if no
-.Ar dir
-is specified, otherwise set prefix to
-.Ar dir .
-.It Fl -exec-prefix Ns Op = Ns Ar dir
-Print the exec-prefix if no
-.Ar dir
-is specified, otherwise set exec-prefix to
-.Ar dir .
-.It Fl -libs
-Output the set of libraries that should be linked against.
-.It Fl -cflags
-Output the set of flags to give to the C compiler when using the
-Heimdal libraries.
-.El
-.Pp
-By default
-.Nm
-will output the set of flags and libraries to be used by a normal
-program using the krb5 API.  The user can also supply a library to be
-used, the supported ones are:
-.Bl -tag -width Ds
-.It krb5
-(the default)
-.It gssapi
-use the krb5 gssapi mechanism
-.It kadm-client
-use the client-side kadmin libraries
-.It kadm-server
-use the server-side kadmin libraries
-.El
-.Sh SEE ALSO
-.Xr cc 1
-.Sh HISTORY
-.Nm
-appeared in Heimdal 0.3d.
diff --git a/crypto/heimdal/tools/krb5-config.in b/crypto/heimdal/tools/krb5-config.in
deleted file mode 100755
index 35da594ce7fa..000000000000
--- a/crypto/heimdal/tools/krb5-config.in
+++ /dev/null
@@ -1,118 +0,0 @@
-#!/bin/sh
-# $Id: krb5-config.in 20528 2007-04-22 13:22:16Z lha $
-
-do_libs=no
-do_cflags=no
-do_usage=no
-print_prefix=no
-print_exec_prefix=no
-library=krb5
-
-if test $# -eq 0; then
-  do_usage=yes
-  usage_exit=1
-fi
-
-for i in $*; do
-  case $i in
-  --help)
-    do_usage=yes
-    usage_exit=0
-    ;;
-  --version)
-    echo "@PACKAGE@ @VERSION@"
-    echo '$Id: krb5-config.in 20528 2007-04-22 13:22:16Z lha $'
-    exit 0
-    ;;
-  --prefix=*)
-    prefix=`echo $i | sed 's/^--prefix=//'`
-    ;;
-  --prefix)
-    print_prefix=yes
-    ;;
-  --exec-prefix=*)
-    exec_prefix=`echo $i | sed 's/^--exec-prefix=//'`
-    ;;
-  --exec-prefix)
-    print_exec_prefix=yes
-    ;;
-  --libs)
-    do_libs=yes
-    ;;
-  --cflags)
-    do_cflags=yes
-    ;;
-  krb5)
-    library=krb5
-    ;;
-  gssapi)
-    library=gssapi
-    ;;
-  kadm-client)
-    library=kadm-client
-    ;;
-  kadm-server)
-    library=kadm-server
-    ;;
-  kafs)
-    library=kafs
-    ;;
-  *)
-    echo "unknown option: $i"
-    exit 1
-    ;;
-  esac
-done
-
-if test "$do_usage" = "yes"; then
-    echo "usage: $0 [options] [libraries]"
-    echo "options: [--prefix[=dir]] [--exec-prefix[=dir]] [--libs] [--cflags]"
-    echo "libraries: krb5 gssapi kadm-client kadm-server kafs"
-    exit $usage_exit
-fi
-
-if test "$prefix" = ""; then
-  prefix=@prefix@
-fi
-if test "$exec_prefix" = ""; then
-  exec_prefix=@exec_prefix@
-fi
-
-libdir=@libdir@
-includedir=@includedir@
-
-if test "$print_prefix" = "yes"; then
-    echo $prefix
-fi
-
-if test "$print_exec_prefix" = "yes"; then
-    echo $exec_prefix
-fi
-
-if test "$do_libs" = "yes"; then
-    lib_flags="-L${libdir}"
-    case $library in
-    gssapi)
-	lib_flags="$lib_flags -lgssapi -lheimntlm"
-	;;
-    kadm-client)
-	lib_flags="$lib_flags -lkadm5clnt"
-	;;
-    kadm-server)
-	lib_flags="$lib_flags -lkadm5srv @LIB_dbopen@"
-	;;
-    kafs)
-	lib_flags="$lib_flags -lkafs"
-	;;
-    esac
-    lib_flags="$lib_flags -lkrb5 @LIB_pkinit@ -lcom_err"
-    lib_flags="$lib_flags @LIB_hcrypto_appl@ -lasn1 -lroken"
-    lib_flags="$lib_flags @LIB_crypt@ @LIB_dlopen@"
-    lib_flags="$lib_flags @LIB_door_create@ @LIBS@"
-    echo $lib_flags
-fi
-if test "$do_cflags" = "yes"; then
-    echo "-I${includedir} @INCLUDE_hcrypto@"
-fi
-
-exit 0